From 1e920a7f016f41479a1a09887a1ac6512a2e0575 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Wed, 7 Jun 2023 17:46:49 -0400
Subject: [PATCH 001/359] [OSS] Post Consul 1.16 updates (#17606)

* chore: update dev build to 1.17

* chore(ci): add nightly 1.16 test

Drop the oldest and add the newest running release branch to nightly
builds.
---
 .../{nightly-test-1.12.x.yaml => nightly-test-1.16.x.yaml}  | 6 +++---
 version/VERSION                                             | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename .github/workflows/{nightly-test-1.12.x.yaml => nightly-test-1.16.x.yaml} (98%)

diff --git a/.github/workflows/nightly-test-1.12.x.yaml b/.github/workflows/nightly-test-1.16.x.yaml
similarity index 98%
rename from .github/workflows/nightly-test-1.12.x.yaml
rename to .github/workflows/nightly-test-1.16.x.yaml
index 0f016075e261..c30ed6811c2b 100644
--- a/.github/workflows/nightly-test-1.12.x.yaml
+++ b/.github/workflows/nightly-test-1.16.x.yaml
@@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Nightly Test 1.12.x
+name: Nightly Test 1.16.x
 on:
   schedule:
     - cron: '0 4 * * *'
@@ -9,8 +9,8 @@ on:
 
 env:
   EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
-  BRANCH: "release/1.12.x"
-  BRANCH_NAME: "release-1.12.x" # Used for naming artifacts
+  BRANCH: "release/1.16.x"
+  BRANCH_NAME: "release-1.16.x" # Used for naming artifacts
 
 jobs:
   frontend-test-workspace-node:
diff --git a/version/VERSION b/version/VERSION
index 1f0d2f335194..ee8855caa4a7 100644
--- a/version/VERSION
+++ b/version/VERSION
@@ -1 +1 @@
-1.16.0-dev
+1.17.0-dev

From 8118aae5c14e26c3c0bc2c2fd2687da2e091e0f3 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Wed, 7 Jun 2023 18:35:48 -0400
Subject: [PATCH 002/359] Add writeAuditRPCEvent to agent_oss (#17607)

* Add writeAuditRPCEvent to agent_oss

* fix the other diffs

* backport change log
---
 .changelog/_5740.txt   |  3 +++
 .changelog/_5750.txt   |  3 +++
 agent/agent.go         | 11 +++++++++++
 agent/agent_oss.go     |  4 ++++
 agent/config/config.go |  5 +++--
 5 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100644 .changelog/_5740.txt
 create mode 100644 .changelog/_5750.txt

diff --git a/.changelog/_5740.txt b/.changelog/_5740.txt
new file mode 100644
index 000000000000..4f1d6f6448f3
--- /dev/null
+++ b/.changelog/_5740.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt.
+```
\ No newline at end of file
diff --git a/.changelog/_5750.txt b/.changelog/_5750.txt
new file mode 100644
index 000000000000..027753c72156
--- /dev/null
+++ b/.changelog/_5750.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+cli: (Enterprise only) Add a new `consul operator audit hash` command to retrieve and compare the hash of the data used by the audit log hash function and salt.
+```
\ No newline at end of file
diff --git a/agent/agent.go b/agent/agent.go
index 678d110d534c..0b06688c483b 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -1621,7 +1621,18 @@ func (a *Agent) RPC(ctx context.Context, method string, args interface{}, reply
 			method = e + "." + p[1]
 		}
 	}
+
+	// audit log only on consul clients
+	_, ok := a.delegate.(*consul.Client)
+	if ok {
+		a.writeAuditRPCEvent(method, "OperationStart")
+	}
+
 	a.endpointsLock.RUnlock()
+
+	defer func() {
+		a.writeAuditRPCEvent(method, "OperationComplete")
+	}()
 	return a.delegate.RPC(ctx, method, args, reply)
 }
 
diff --git a/agent/agent_oss.go b/agent/agent_oss.go
index 93e633cc656f..e8cfea681b3c 100644
--- a/agent/agent_oss.go
+++ b/agent/agent_oss.go
@@ -69,3 +69,7 @@ func (a *Agent) AgentEnterpriseMeta() *acl.EnterpriseMeta {
 func (a *Agent) registerEntCache() {}
 
 func (*Agent) fillEnterpriseProxyDataSources(*proxycfg.DataSources) {}
+
+func (a *Agent) writeAuditRPCEvent(_ string, _ string) interface{} {
+	return nil
+}
diff --git a/agent/config/config.go b/agent/config/config.go
index e26d6edc4d95..d8d7149afebf 100644
--- a/agent/config/config.go
+++ b/agent/config/config.go
@@ -807,8 +807,9 @@ type ConfigEntries struct {
 
 // Audit allows us to enable and define destinations for auditing
 type Audit struct {
-	Enabled *bool                `mapstructure:"enabled"`
-	Sinks   map[string]AuditSink `mapstructure:"sink"`
+	Enabled    *bool                `mapstructure:"enabled"`
+	Sinks      map[string]AuditSink `mapstructure:"sink"`
+	RPCEnabled *bool                `mapstructure:"rpc_enabled"`
 }
 
 // AuditSink can be provided multiple times to define pipelines for auditing

From 779647b9486e239de1f868854ac6f367f3e5af4e Mon Sep 17 00:00:00 2001
From: Eric Haberkorn <erichaberkorn@gmail.com>
Date: Thu, 8 Jun 2023 10:26:11 -0400
Subject: [PATCH 003/359] Add Envoy and Consul version constraints to Envoy
 extensions (#17612)

---
 .../envoyextensions/registered_extensions.go  |  21 +-
 .../registered_extensions_test.go             |  24 ++
 agent/structs/envoy_extension.go              |  16 +-
 agent/structs/structs_filtering_test.go       |  10 +
 agent/xds/delta.go                            | 158 +++++++----
 agent/xds/delta_envoy_extender_oss_test.go    |  59 +++-
 agent/xds/delta_test.go                       | 108 +++++++
 ...-consul-constraint-violation.latest.golden | 127 +++++++++
 ...h-envoy-constraint-violation.latest.golden | 127 +++++++++
 ...-consul-constraint-violation.latest.golden |  75 +++++
 ...h-envoy-constraint-violation.latest.golden |  75 +++++
 ...-consul-constraint-violation.latest.golden | 265 ++++++++++++++++++
 ...h-envoy-constraint-violation.latest.golden | 265 ++++++++++++++++++
 ...-consul-constraint-violation.latest.golden |   5 +
 ...h-envoy-constraint-violation.latest.golden |   5 +
 api/config_entry.go                           |   8 +-
 envoyextensions/xdscommon/envoy_versioning.go |   4 +-
 .../xdscommon/envoy_versioning_test.go        |   2 +-
 proto/private/pbcommon/common.gen.go          |   4 +
 proto/private/pbcommon/common.pb.go           |  82 ++++--
 proto/private/pbcommon/common.proto           |   2 +
 proto/private/pbcommon/convert_pbstruct.go    |  16 +-
 22 files changed, 1344 insertions(+), 114 deletions(-)
 create mode 100644 agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
 create mode 100644 agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
 create mode 100644 agent/xds/testdata/builtin_extension/endpoints/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
 create mode 100644 agent/xds/testdata/builtin_extension/endpoints/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
 create mode 100644 agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
 create mode 100644 agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
 create mode 100644 agent/xds/testdata/builtin_extension/routes/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
 create mode 100644 agent/xds/testdata/builtin_extension/routes/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden

diff --git a/agent/envoyextensions/registered_extensions.go b/agent/envoyextensions/registered_extensions.go
index 4d4d26611605..177ab9cb0342 100644
--- a/agent/envoyextensions/registered_extensions.go
+++ b/agent/envoyextensions/registered_extensions.go
@@ -6,6 +6,9 @@ package envoyextensions
 import (
 	"fmt"
 
+	"github.com/hashicorp/go-multierror"
+	"github.com/hashicorp/go-version"
+
 	awslambda "github.com/hashicorp/consul/agent/envoyextensions/builtin/aws-lambda"
 	extauthz "github.com/hashicorp/consul/agent/envoyextensions/builtin/ext-authz"
 	"github.com/hashicorp/consul/agent/envoyextensions/builtin/http/localratelimit"
@@ -14,7 +17,6 @@ import (
 	"github.com/hashicorp/consul/agent/envoyextensions/builtin/wasm"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
-	"github.com/hashicorp/go-multierror"
 )
 
 type extensionConstructor func(api.EnvoyExtension) (extensioncommon.EnvoyExtender, error)
@@ -50,6 +52,23 @@ func ValidateExtensions(extensions []api.EnvoyExtension) error {
 			output = multierror.Append(output, fmt.Errorf("invalid EnvoyExtensions[%d]: Name is required", i))
 			continue
 		}
+
+		if v := ext.EnvoyVersion; v != "" {
+			_, err := version.NewConstraint(v)
+			if err != nil {
+				output = multierror.Append(output, fmt.Errorf("invalid EnvoyExtensions[%d].EnvoyVersion: %w", i, err))
+				continue
+			}
+		}
+
+		if v := ext.ConsulVersion; v != "" {
+			_, err := version.NewConstraint(v)
+			if err != nil {
+				output = multierror.Append(output, fmt.Errorf("invalid EnvoyExtensions[%d].ConsulVersion: %w", i, err))
+				continue
+			}
+		}
+
 		_, err := ConstructExtension(ext)
 		if err != nil {
 			output = multierror.Append(output, fmt.Errorf("invalid EnvoyExtensions[%d][%s]: %w", i, ext.Name, err))
diff --git a/agent/envoyextensions/registered_extensions_test.go b/agent/envoyextensions/registered_extensions_test.go
index ebd1bfbbc95b..7f3cb6bbac7d 100644
--- a/agent/envoyextensions/registered_extensions_test.go
+++ b/agent/envoyextensions/registered_extensions_test.go
@@ -48,6 +48,30 @@ func TestValidateExtensions(t *testing.T) {
 				"missing Script value",
 			},
 		},
+		"invalid consul version constraint": {
+			input: []api.EnvoyExtension{{
+				Name: "builtin/aws/lambda",
+				Arguments: map[string]interface{}{
+					"ARN": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
+				},
+				ConsulVersion: "bad",
+			}},
+			expectErrs: []string{
+				"invalid EnvoyExtensions[0].ConsulVersion: Malformed constraint: bad",
+			},
+		},
+		"invalid envoy version constraint": {
+			input: []api.EnvoyExtension{{
+				Name: "builtin/aws/lambda",
+				Arguments: map[string]interface{}{
+					"ARN": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
+				},
+				EnvoyVersion: "bad",
+			}},
+			expectErrs: []string{
+				"invalid EnvoyExtensions[0].EnvoyVersion: Malformed constraint: bad",
+			},
+		},
 	}
 
 	for name, tc := range tests {
diff --git a/agent/structs/envoy_extension.go b/agent/structs/envoy_extension.go
index 5b69afb0d9de..c788aedf37e8 100644
--- a/agent/structs/envoy_extension.go
+++ b/agent/structs/envoy_extension.go
@@ -9,9 +9,11 @@ import (
 
 // EnvoyExtension has configuration for an extension that patches Envoy resources.
 type EnvoyExtension struct {
-	Name      string
-	Required  bool
-	Arguments map[string]interface{} `bexpr:"-"`
+	Name          string
+	Required      bool
+	Arguments     map[string]interface{} `bexpr:"-"`
+	ConsulVersion string
+	EnvoyVersion  string
 }
 
 type EnvoyExtensions []EnvoyExtension
@@ -20,9 +22,11 @@ func (es EnvoyExtensions) ToAPI() []api.EnvoyExtension {
 	extensions := make([]api.EnvoyExtension, len(es))
 	for i, e := range es {
 		extensions[i] = api.EnvoyExtension{
-			Name:      e.Name,
-			Required:  e.Required,
-			Arguments: e.Arguments,
+			Name:          e.Name,
+			Required:      e.Required,
+			Arguments:     e.Arguments,
+			EnvoyVersion:  e.EnvoyVersion,
+			ConsulVersion: e.ConsulVersion,
 		}
 	}
 	return extensions
diff --git a/agent/structs/structs_filtering_test.go b/agent/structs/structs_filtering_test.go
index 1bc6599650a7..9739923e0e5a 100644
--- a/agent/structs/structs_filtering_test.go
+++ b/agent/structs/structs_filtering_test.go
@@ -197,6 +197,16 @@ var expectedFieldConfigEnvoyExtensions bexpr.FieldConfigurations = bexpr.FieldCo
 		CoerceFn:            bexpr.CoerceBool,
 		SupportedOperations: []bexpr.MatchOperator{bexpr.MatchEqual, bexpr.MatchNotEqual},
 	},
+	"ConsulVersion": &bexpr.FieldConfiguration{
+		StructFieldName:     "ConsulVersion",
+		CoerceFn:            bexpr.CoerceString,
+		SupportedOperations: []bexpr.MatchOperator{bexpr.MatchEqual, bexpr.MatchNotEqual, bexpr.MatchIn, bexpr.MatchNotIn, bexpr.MatchMatches, bexpr.MatchNotMatches},
+	},
+	"EnvoyVersion": &bexpr.FieldConfiguration{
+		StructFieldName:     "EnvoyVersion",
+		CoerceFn:            bexpr.CoerceString,
+		SupportedOperations: []bexpr.MatchOperator{bexpr.MatchEqual, bexpr.MatchNotEqual, bexpr.MatchIn, bexpr.MatchNotIn, bexpr.MatchMatches, bexpr.MatchNotMatches},
+	},
 }
 var expectedFieldConfigUpstreams bexpr.FieldConfigurations = bexpr.FieldConfigurations{
 	"DestinationType": &bexpr.FieldConfiguration{
diff --git a/agent/xds/delta.go b/agent/xds/delta.go
index 66072e0b81e4..5e4cf702090a 100644
--- a/agent/xds/delta.go
+++ b/agent/xds/delta.go
@@ -17,6 +17,8 @@ import (
 	envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
+	"github.com/hashicorp/go-hclog"
+	goversion "github.com/hashicorp/go-version"
 
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -29,6 +31,7 @@ import (
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/extensionruntime"
+	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/logging"
 	"github.com/hashicorp/consul/version"
@@ -255,7 +258,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 				s.ResourceMapMutateFn(newResourceMap)
 			}
 
-			if err = s.applyEnvoyExtensions(newResourceMap, cfgSnap); err != nil {
+			if err = s.applyEnvoyExtensions(newResourceMap, cfgSnap, node); err != nil {
 				// err is already the result of calling status.Errorf
 				return err
 			}
@@ -400,70 +403,123 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 	}
 }
 
-func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, cfgSnap *proxycfg.ConfigSnapshot) error {
+func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, cfgSnap *proxycfg.ConfigSnapshot, node *envoy_config_core_v3.Node) error {
+	var err error
+	envoyVersion := xdscommon.DetermineEnvoyVersionFromNode(node)
+	consulVersion, err := goversion.NewVersion(version.Version)
+
+	if err != nil {
+		return status.Errorf(codes.InvalidArgument, "failed to parse Consul version")
+	}
+
 	serviceConfigs := extensionruntime.GetRuntimeConfigurations(cfgSnap)
 	for _, cfgs := range serviceConfigs {
 		for _, cfg := range cfgs {
-			logFn := s.Logger.Warn
-			if cfg.EnvoyExtension.Required {
-				logFn = s.Logger.Error
-			}
-			errorParams := []interface{}{
-				"extension", cfg.EnvoyExtension.Name,
-				"service", cfg.ServiceName.Name,
-				"namespace", cfg.ServiceName.Namespace,
-				"partition", cfg.ServiceName.Partition,
-			}
-
-			getMetricLabels := func(err error) []metrics.Label {
-				return []metrics.Label{
-					{Name: "extension", Value: cfg.EnvoyExtension.Name},
-					{Name: "version", Value: "builtin/" + version.Version},
-					{Name: "service", Value: cfgSnap.Service},
-					{Name: "partition", Value: cfgSnap.ProxyID.PartitionOrDefault()},
-					{Name: "namespace", Value: cfgSnap.ProxyID.NamespaceOrDefault()},
-					{Name: "error", Value: strconv.FormatBool(err != nil)},
-				}
-			}
+			err = applyEnvoyExtension(s.Logger, cfgSnap, resources, cfg, envoyVersion, consulVersion)
 
-			now := time.Now()
-			extender, err := envoyextensions.ConstructExtension(cfg.EnvoyExtension)
-			metrics.MeasureSinceWithLabels([]string{"envoy_extension", "validate_arguments"}, now, getMetricLabels(err))
 			if err != nil {
-				logFn("failed to construct extension", errorParams...)
+				return err
+			}
+		}
+	}
 
-				if cfg.EnvoyExtension.Required {
-					return status.Errorf(codes.Unavailable, "failed to construct extension %q for service %q", cfg.EnvoyExtension.Name, cfg.ServiceName.Name)
-				}
+	return nil
+}
 
-				continue
-			}
+func applyEnvoyExtension(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot, resources *xdscommon.IndexedResources, runtimeConfig extensioncommon.RuntimeConfig, envoyVersion, consulVersion *goversion.Version) error {
+	logFn := logger.Warn
+	if runtimeConfig.EnvoyExtension.Required {
+		logFn = logger.Error
+	}
 
-			now = time.Now()
-			err = extender.Validate(&cfg)
-			metrics.MeasureSinceWithLabels([]string{"envoy_extension", "validate"}, now, getMetricLabels(err))
-			if err != nil {
-				errorParams = append(errorParams, "error", err)
-				logFn("failed to validate extension arguments", errorParams...)
-				if cfg.EnvoyExtension.Required {
-					return status.Errorf(codes.Unavailable, "failed to validate arguments for extension %q for service %q", cfg.EnvoyExtension.Name, cfg.ServiceName.Name)
-				}
+	svc := runtimeConfig.ServiceName
 
-				continue
-			}
+	errorParams := []interface{}{
+		"extension", runtimeConfig.EnvoyExtension.Name,
+		"service", svc.Name,
+		"namespace", svc.Namespace,
+		"partition", svc.Partition,
+	}
 
-			now = time.Now()
-			resources, err = extender.Extend(resources, &cfg)
-			metrics.MeasureSinceWithLabels([]string{"envoy_extension", "extend"}, now, getMetricLabels(err))
-			if err == nil {
-				continue
+	getMetricLabels := func(err error) []metrics.Label {
+		return []metrics.Label{
+			{Name: "extension", Value: runtimeConfig.EnvoyExtension.Name},
+			{Name: "version", Value: "builtin/" + version.Version},
+			{Name: "service", Value: cfgSnap.Service},
+			{Name: "partition", Value: cfgSnap.ProxyID.PartitionOrDefault()},
+			{Name: "namespace", Value: cfgSnap.ProxyID.NamespaceOrDefault()},
+			{Name: "error", Value: strconv.FormatBool(err != nil)},
+		}
+	}
+
+	ext := runtimeConfig.EnvoyExtension
+
+	if v := ext.EnvoyVersion; v != "" {
+		c, err := goversion.NewConstraint(v)
+		if err != nil {
+			logFn("failed to parse Envoy extension version constraint", errorParams...)
+
+			if ext.Required {
+				return status.Errorf(codes.InvalidArgument, "failed to parse Envoy version constraint for extension %q for service %q", ext.Name, svc.Name)
 			}
+			return nil
+		}
+
+		if !c.Check(envoyVersion) {
+			logger.Info("skipping envoy extension due to Envoy version constraint violation", errorParams...)
+			return nil
+		}
+	}
+
+	if v := ext.ConsulVersion; v != "" {
+		c, err := goversion.NewConstraint(v)
+		if err != nil {
+			logFn("failed to parse Consul extension version constraint", errorParams...)
 
-			logFn("failed to apply envoy extension", errorParams...)
-			if cfg.EnvoyExtension.Required {
-				return status.Errorf(codes.Unavailable, "failed to patch xDS resources in the %q extension: %v", cfg.EnvoyExtension.Name, err)
+			if ext.Required {
+				return status.Errorf(codes.InvalidArgument, "failed to parse Consul version constraint for extension %q for service %q", ext.Name, svc.Name)
 			}
+			return nil
+		}
+
+		if !c.Check(consulVersion) {
+			logger.Info("skipping envoy extension due to Consul version constraint violation", errorParams...)
+			return nil
+		}
+	}
+
+	now := time.Now()
+	extender, err := envoyextensions.ConstructExtension(ext)
+	metrics.MeasureSinceWithLabels([]string{"envoy_extension", "validate_arguments"}, now, getMetricLabels(err))
+	if err != nil {
+		logFn("failed to construct extension", errorParams...)
+
+		if ext.Required {
+			return status.Errorf(codes.InvalidArgument, "failed to construct extension %q for service %q", ext.Name, svc.Name)
+		}
+
+		return nil
+	}
+
+	now = time.Now()
+	err = extender.Validate(&runtimeConfig)
+	metrics.MeasureSinceWithLabels([]string{"envoy_extension", "validate"}, now, getMetricLabels(err))
+	if err != nil {
+		errorParams = append(errorParams, "error", err)
+		logFn("failed to validate extension arguments", errorParams...)
+		if ext.Required {
+			return status.Errorf(codes.InvalidArgument, "failed to validate arguments for extension %q for service %q", ext.Name, svc.Name)
 		}
+
+		return nil
+	}
+
+	now = time.Now()
+	_, err = extender.Extend(resources, &runtimeConfig)
+	metrics.MeasureSinceWithLabels([]string{"envoy_extension", "extend"}, now, getMetricLabels(err))
+	logFn("failed to apply envoy extension", errorParams...)
+	if err != nil && ext.Required {
+		return status.Errorf(codes.InvalidArgument, "failed to patch xDS resources in the %q extension: %v", ext.Name, err)
 	}
 
 	return nil
diff --git a/agent/xds/delta_envoy_extender_oss_test.go b/agent/xds/delta_envoy_extender_oss_test.go
index dc1521edbe34..3d92b6d25de0 100644
--- a/agent/xds/delta_envoy_extender_oss_test.go
+++ b/agent/xds/delta_envoy_extender_oss_test.go
@@ -16,11 +16,12 @@ import (
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
 	"github.com/hashicorp/consul/agent/xds/testcommon"
+	"github.com/hashicorp/go-hclog"
+	goversion "github.com/hashicorp/go-version"
 	testinf "github.com/mitchellh/go-testing-interface"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/proto"
 
-	"github.com/hashicorp/consul/agent/envoyextensions"
 	propertyoverride "github.com/hashicorp/consul/agent/envoyextensions/builtin/property-override"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
@@ -29,9 +30,12 @@ import (
 	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/consul/version"
 )
 
 func TestEnvoyExtenderWithSnapshot(t *testing.T) {
+	consulVersion, _ := goversion.NewVersion(version.Version)
+
 	// If opposite is true, the returned service defaults config entry will have
 	// payload-passthrough=true and invocation-mode=asynchronous.
 	// Otherwise payload-passthrough=false and invocation-mode=synchronous.
@@ -65,7 +69,7 @@ func TestEnvoyExtenderWithSnapshot(t *testing.T) {
 	}
 
 	// Apply Lua extension to the local service and ensure http is used so the extension can be applied.
-	makeLuaNsFunc := func(inbound bool) func(ns *structs.NodeService) {
+	makeLuaNsFunc := func(inbound bool, envoyVersion, consulVersion string) func(ns *structs.NodeService) {
 		listener := "inbound"
 		if !inbound {
 			listener = "outbound"
@@ -75,7 +79,9 @@ func TestEnvoyExtenderWithSnapshot(t *testing.T) {
 			ns.Proxy.Config["protocol"] = "http"
 			ns.Proxy.EnvoyExtensions = []structs.EnvoyExtension{
 				{
-					Name: api.BuiltinLuaExtension,
+					Name:          api.BuiltinLuaExtension,
+					EnvoyVersion:  envoyVersion,
+					ConsulVersion: consulVersion,
 					Arguments: map[string]interface{}{
 						"ProxyType": "connect-proxy",
 						"Listener":  listener,
@@ -464,11 +470,41 @@ end`,
 			name:   "lambda-terminating-gateway-with-service-resolvers",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayWithLambdaServiceAndServiceResolvers,
 		},
+		{
+			name: "lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				// upstreams need to be http in order for lua to be applied to listeners.
+				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, makeLuaNsFunc(false, "< 1.0.0", ">= 1.0.0"), nil, &structs.ServiceConfigEntry{
+					Kind:     structs.ServiceDefaults,
+					Name:     "db",
+					Protocol: "http",
+				}, &structs.ServiceConfigEntry{
+					Kind:     structs.ServiceDefaults,
+					Name:     "geo-cache",
+					Protocol: "http",
+				})
+			},
+		},
+		{
+			name: "lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				// upstreams need to be http in order for lua to be applied to listeners.
+				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, makeLuaNsFunc(false, ">= 1.0.0", "< 1.0.0"), nil, &structs.ServiceConfigEntry{
+					Kind:     structs.ServiceDefaults,
+					Name:     "db",
+					Protocol: "http",
+				}, &structs.ServiceConfigEntry{
+					Kind:     structs.ServiceDefaults,
+					Name:     "geo-cache",
+					Protocol: "http",
+				})
+			},
+		},
 		{
 			name: "lua-outbound-applies-to-local-upstreams",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				// upstreams need to be http in order for lua to be applied to listeners.
-				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, makeLuaNsFunc(false), nil, &structs.ServiceConfigEntry{
+				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, makeLuaNsFunc(false, ">= 1.0.0", ">= 1.0.0"), nil, &structs.ServiceConfigEntry{
 					Kind:     structs.ServiceDefaults,
 					Name:     "db",
 					Protocol: "http",
@@ -487,7 +523,7 @@ end`,
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				// db is made an HTTP upstream so that the extension _could_ apply, but does not because
 				// the direction for the extension is inbound.
-				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, makeLuaNsFunc(true), nil, &structs.ServiceConfigEntry{
+				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, makeLuaNsFunc(true, "", ""), nil, &structs.ServiceConfigEntry{
 					Kind:     structs.ServiceDefaults,
 					Name:     "db",
 					Protocol: "http",
@@ -497,7 +533,7 @@ end`,
 		{
 			name: "lua-inbound-applies-to-inbound",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, makeLuaNsFunc(true), nil)
+				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, makeLuaNsFunc(true, "", ""), nil)
 			},
 		},
 		{
@@ -505,14 +541,14 @@ end`,
 			// no upstream HTTP services. We also should not see public listener, which is HTTP, patched.
 			name: "lua-outbound-doesnt-apply-to-inbound",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, makeLuaNsFunc(false), nil)
+				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, makeLuaNsFunc(false, "", ""), nil)
 			},
 		},
 		{
 			name: "lua-outbound-applies-to-local-upstreams-tproxy",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				// upstreams need to be http in order for lua to be applied to listeners.
-				return proxycfg.TestConfigSnapshotTransparentProxyDestinationHTTP(t, makeLuaNsFunc(false))
+				return proxycfg.TestConfigSnapshotTransparentProxyDestinationHTTP(t, makeLuaNsFunc(false, "", ""))
 			},
 		},
 		{
@@ -707,6 +743,7 @@ end`,
 
 	latestEnvoyVersion := xdscommon.EnvoyVersions[0]
 	for _, envoyVersion := range xdscommon.EnvoyVersions {
+		parsedEnvoyVersion, _ := goversion.NewVersion(envoyVersion)
 		sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion)
 		require.NoError(t, err)
 		t.Run("envoy-"+envoyVersion, func(t *testing.T) {
@@ -730,11 +767,7 @@ end`,
 					cfgs := extensionruntime.GetRuntimeConfigurations(snap)
 					for _, extensions := range cfgs {
 						for _, ext := range extensions {
-							extender, err := envoyextensions.ConstructExtension(ext.EnvoyExtension)
-							require.NoError(t, err)
-							err = extender.Validate(&ext)
-							require.NoError(t, err)
-							indexedResources, err = extender.Extend(indexedResources, &ext)
+							err := applyEnvoyExtension(hclog.NewNullLogger(), snap, indexedResources, ext, parsedEnvoyVersion, consulVersion)
 							require.NoError(t, err)
 						}
 					}
diff --git a/agent/xds/delta_test.go b/agent/xds/delta_test.go
index a9febfedfa0c..f9c77835ad11 100644
--- a/agent/xds/delta_test.go
+++ b/agent/xds/delta_test.go
@@ -14,6 +14,8 @@ import (
 
 	"github.com/armon/go-metrics"
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
+	"github.com/hashicorp/go-hclog"
+	goversion "github.com/hashicorp/go-version"
 	"github.com/stretchr/testify/require"
 	rpcstatus "google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc/codes"
@@ -25,6 +27,7 @@ import (
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
@@ -1609,3 +1612,108 @@ func requireExtensionMetrics(
 		require.True(t, foundLabel)
 	}
 }
+
+func Test_applyEnvoyExtension_Validations(t *testing.T) {
+	type testCase struct {
+		name          string
+		runtimeConfig extensioncommon.RuntimeConfig
+		err           bool
+		errString     string
+	}
+
+	envoyVersion, _ := goversion.NewVersion("1.25.0")
+	consulVersion, _ := goversion.NewVersion("1.16.0")
+
+	svc := api.CompoundServiceName{
+		Name:      "s1",
+		Partition: "ap1",
+		Namespace: "ns1",
+	}
+
+	makeRuntimeConfig := func(required bool, consulVersion string, envoyVersion string, args map[string]interface{}) extensioncommon.RuntimeConfig {
+		if args == nil {
+			args = map[string]interface{}{
+				"ARN": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
+			}
+
+		}
+		return extensioncommon.RuntimeConfig{
+			EnvoyExtension: api.EnvoyExtension{
+				Name:          api.BuiltinAWSLambdaExtension,
+				Required:      required,
+				ConsulVersion: consulVersion,
+				EnvoyVersion:  envoyVersion,
+				Arguments:     args,
+			},
+			ServiceName: svc,
+		}
+	}
+
+	cases := []testCase{
+		{
+			name:          "invalid consul version constraint - required",
+			runtimeConfig: makeRuntimeConfig(true, "bad", ">= 1.0", nil),
+			err:           true,
+			errString:     "failed to parse Consul version constraint for extension",
+		},
+		{
+			name:          "invalid consul version constraint - not required",
+			runtimeConfig: makeRuntimeConfig(false, "bad", ">= 1.0", nil),
+			err:           false,
+		},
+		{
+			name:          "invalid envoy version constraint - required",
+			runtimeConfig: makeRuntimeConfig(true, ">= 1.0", "bad", nil),
+			err:           true,
+			errString:     "failed to parse Envoy version constraint for extension",
+		},
+		{
+			name:          "invalid envoy version constraint - not required",
+			runtimeConfig: makeRuntimeConfig(false, ">= 1.0", "bad", nil),
+			err:           false,
+		},
+		{
+			name:          "no envoy version constraint match",
+			runtimeConfig: makeRuntimeConfig(false, "", ">= 2.0.0", nil),
+			err:           false,
+		},
+		{
+			name:          "no consul version constraint match",
+			runtimeConfig: makeRuntimeConfig(false, ">= 2.0.0", "", nil),
+			err:           false,
+		},
+		{
+			name:          "invalid extension arguments - required",
+			runtimeConfig: makeRuntimeConfig(true, ">= 1.15.0", ">= 1.25.0", map[string]interface{}{"bad": "args"}),
+			err:           true,
+			errString:     "failed to construct extension",
+		},
+		{
+			name:          "invalid extension arguments - not required",
+			runtimeConfig: makeRuntimeConfig(false, ">= 1.15.0", ">= 1.25.0", map[string]interface{}{"bad": "args"}),
+			err:           false,
+		},
+		{
+			name:          "valid everything",
+			runtimeConfig: makeRuntimeConfig(false, ">= 1.15.0", ">= 1.25.0", nil),
+			err:           false,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			snap := proxycfg.ConfigSnapshot{
+				ProxyID: proxycfg.ProxyID{
+					ServiceID: structs.NewServiceID("s1", nil),
+				},
+			}
+			err := applyEnvoyExtension(hclog.NewNullLogger(), &snap, nil, tc.runtimeConfig, envoyVersion, consulVersion)
+			if tc.err {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), tc.errString)
+			} else {
+				require.NoError(t, err)
+			}
+		})
+	}
+}
diff --git a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
new file mode 100644
index 000000000000..c010ac87b0f4
--- /dev/null
+++ b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
@@ -0,0 +1,127 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "circuitBreakers":  {},
+      "outlierDetection":  {},
+      "commonLbConfig":  {
+        "healthyPanicThreshold":  {}
+      },
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
+                }
+              ]
+            }
+          },
+          "sni":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "circuitBreakers":  {},
+      "outlierDetection":  {},
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
+                },
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
+                }
+              ]
+            }
+          },
+          "sni":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "local_app",
+      "type":  "STATIC",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "local_app",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "127.0.0.1",
+                      "portValue":  8080
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
new file mode 100644
index 000000000000..c010ac87b0f4
--- /dev/null
+++ b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
@@ -0,0 +1,127 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "circuitBreakers":  {},
+      "outlierDetection":  {},
+      "commonLbConfig":  {
+        "healthyPanicThreshold":  {}
+      },
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
+                }
+              ]
+            }
+          },
+          "sni":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "circuitBreakers":  {},
+      "outlierDetection":  {},
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
+                },
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
+                }
+              ]
+            }
+          },
+          "sni":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "local_app",
+      "type":  "STATIC",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "local_app",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "127.0.0.1",
+                      "portValue":  8080
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/endpoints/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/endpoints/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
new file mode 100644
index 000000000000..5cb4171b9730
--- /dev/null
+++ b/agent/xds/testdata/builtin_extension/endpoints/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
@@ -0,0 +1,75 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "10.10.1.1",
+                    "portValue":  8080
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "10.10.1.2",
+                    "portValue":  8080
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "10.10.1.1",
+                    "portValue":  8080
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "10.20.1.2",
+                    "portValue":  8080
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/endpoints/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/endpoints/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
new file mode 100644
index 000000000000..5cb4171b9730
--- /dev/null
+++ b/agent/xds/testdata/builtin_extension/endpoints/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
@@ -0,0 +1,75 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "10.10.1.1",
+                    "portValue":  8080
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "10.10.1.2",
+                    "portValue":  8080
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "10.10.1.1",
+                    "portValue":  8080
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "10.20.1.2",
+                    "portValue":  8080
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
new file mode 100644
index 000000000000..8024198d7c4d
--- /dev/null
+++ b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
@@ -0,0 +1,265 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "routeConfig": {
+                  "name": "db",
+                  "virtualHosts": [
+                    {
+                      "name": "db.default.default.dc1",
+                      "domains": [
+                        "*"
+                      ],
+                      "routes": [
+                        {
+                          "match": {
+                            "prefix": "/"
+                          },
+                          "route": {
+                            "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                          }
+                        }
+                      ]
+                    }
+                  ]
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                }
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
+                    {
+                      "name": "public_listener",
+                      "domains": [
+                        "*"
+                      ],
+                      "routes": [
+                        {
+                          "match": {
+                            "prefix": "/"
+                          },
+                          "route": {
+                            "cluster": "local_app"
+                          }
+                        }
+                      ]
+                    }
+                  ]
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
+                    }
+                  },
+                  {
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\1"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\2"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\3"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\4"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\5"
+                            }
+                          }
+                        }
+                      ]
+                    }
+                  },
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                }
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                },
+                "alpnProtocols": [
+                  "http/1.1"
+                ]
+              },
+              "requireClientCertificate": true
+            }
+          }
+        }
+      ],
+      "trafficDirection": "INBOUND"
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
new file mode 100644
index 000000000000..8024198d7c4d
--- /dev/null
+++ b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
@@ -0,0 +1,265 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "routeConfig": {
+                  "name": "db",
+                  "virtualHosts": [
+                    {
+                      "name": "db.default.default.dc1",
+                      "domains": [
+                        "*"
+                      ],
+                      "routes": [
+                        {
+                          "match": {
+                            "prefix": "/"
+                          },
+                          "route": {
+                            "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                          }
+                        }
+                      ]
+                    }
+                  ]
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                }
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
+                    {
+                      "name": "public_listener",
+                      "domains": [
+                        "*"
+                      ],
+                      "routes": [
+                        {
+                          "match": {
+                            "prefix": "/"
+                          },
+                          "route": {
+                            "cluster": "local_app"
+                          }
+                        }
+                      ]
+                    }
+                  ]
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
+                    }
+                  },
+                  {
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\1"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\2"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\3"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\4"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\5"
+                            }
+                          }
+                        }
+                      ]
+                    }
+                  },
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                }
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                },
+                "alpnProtocols": [
+                  "http/1.1"
+                ]
+              },
+              "requireClientCertificate": true
+            }
+          }
+        }
+      ],
+      "trafficDirection": "INBOUND"
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/routes/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/routes/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
new file mode 100644
index 000000000000..306f5220e7b9
--- /dev/null
+++ b/agent/xds/testdata/builtin_extension/routes/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo":  "00000001",
+  "typeUrl":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/routes/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/routes/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
new file mode 100644
index 000000000000..306f5220e7b9
--- /dev/null
+++ b/agent/xds/testdata/builtin_extension/routes/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo":  "00000001",
+  "typeUrl":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/api/config_entry.go b/api/config_entry.go
index b4cc966d1f70..125619b55d08 100644
--- a/api/config_entry.go
+++ b/api/config_entry.go
@@ -144,9 +144,11 @@ type ExposeConfig struct {
 
 // EnvoyExtension has configuration for an extension that patches Envoy resources.
 type EnvoyExtension struct {
-	Name      string
-	Required  bool
-	Arguments map[string]interface{} `bexpr:"-"`
+	Name          string
+	Required      bool
+	Arguments     map[string]interface{} `bexpr:"-"`
+	ConsulVersion string
+	EnvoyVersion  string
 }
 
 type ExposePath struct {
diff --git a/envoyextensions/xdscommon/envoy_versioning.go b/envoyextensions/xdscommon/envoy_versioning.go
index 06764f2b65e2..393a96bf9e80 100644
--- a/envoyextensions/xdscommon/envoy_versioning.go
+++ b/envoyextensions/xdscommon/envoy_versioning.go
@@ -30,7 +30,7 @@ type SupportedProxyFeatures struct {
 }
 
 func DetermineSupportedProxyFeatures(node *envoy_core_v3.Node) (SupportedProxyFeatures, error) {
-	version := determineEnvoyVersionFromNode(node)
+	version := DetermineEnvoyVersionFromNode(node)
 	return determineSupportedProxyFeaturesFromVersion(version)
 }
 
@@ -69,7 +69,7 @@ func determineSupportedProxyFeaturesFromVersion(version *version.Version) (Suppo
 	return sf, nil
 }
 
-func determineEnvoyVersionFromNode(node *envoy_core_v3.Node) *version.Version {
+func DetermineEnvoyVersionFromNode(node *envoy_core_v3.Node) *version.Version {
 	if node == nil {
 		return nil
 	}
diff --git a/envoyextensions/xdscommon/envoy_versioning_test.go b/envoyextensions/xdscommon/envoy_versioning_test.go
index ff9318239348..3e7507dec551 100644
--- a/envoyextensions/xdscommon/envoy_versioning_test.go
+++ b/envoyextensions/xdscommon/envoy_versioning_test.go
@@ -59,7 +59,7 @@ func TestDetermineEnvoyVersionFromNode(t *testing.T) {
 	for name, tc := range cases {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
-			got := determineEnvoyVersionFromNode(tc.node)
+			got := DetermineEnvoyVersionFromNode(tc.node)
 			if tc.expect != nil {
 				require.Equal(t, tc.expect, got)
 			} else {
diff --git a/proto/private/pbcommon/common.gen.go b/proto/private/pbcommon/common.gen.go
index d7659b834ee3..c29598a2abf7 100644
--- a/proto/private/pbcommon/common.gen.go
+++ b/proto/private/pbcommon/common.gen.go
@@ -11,6 +11,8 @@ func EnvoyExtensionToStructs(s *EnvoyExtension, t *structs.EnvoyExtension) {
 	t.Name = s.Name
 	t.Required = s.Required
 	t.Arguments = ProtobufTypesStructToMapStringInterface(s.Arguments)
+	t.ConsulVersion = s.ConsulVersion
+	t.EnvoyVersion = s.EnvoyVersion
 }
 func EnvoyExtensionFromStructs(t *structs.EnvoyExtension, s *EnvoyExtension) {
 	if s == nil {
@@ -19,6 +21,8 @@ func EnvoyExtensionFromStructs(t *structs.EnvoyExtension, s *EnvoyExtension) {
 	s.Name = t.Name
 	s.Required = t.Required
 	s.Arguments = MapStringInterfaceToProtobufTypesStruct(t.Arguments)
+	s.ConsulVersion = t.ConsulVersion
+	s.EnvoyVersion = t.EnvoyVersion
 }
 func LocalityToStructs(s *Locality, t *structs.Locality) {
 	if s == nil {
diff --git a/proto/private/pbcommon/common.pb.go b/proto/private/pbcommon/common.pb.go
index 8a8ae5fe9401..dd6240ad85e9 100644
--- a/proto/private/pbcommon/common.pb.go
+++ b/proto/private/pbcommon/common.pb.go
@@ -607,7 +607,9 @@ type EnvoyExtension struct {
 	Name     string `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
 	Required bool   `protobuf:"varint,2,opt,name=Required,proto3" json:"Required,omitempty"`
 	// mog: func-to=ProtobufTypesStructToMapStringInterface func-from=MapStringInterfaceToProtobufTypesStruct
-	Arguments *structpb.Struct `protobuf:"bytes,3,opt,name=Arguments,proto3" json:"Arguments,omitempty"`
+	Arguments     *structpb.Struct `protobuf:"bytes,3,opt,name=Arguments,proto3" json:"Arguments,omitempty"`
+	ConsulVersion string           `protobuf:"bytes,4,opt,name=ConsulVersion,proto3" json:"ConsulVersion,omitempty"`
+	EnvoyVersion  string           `protobuf:"bytes,5,opt,name=EnvoyVersion,proto3" json:"EnvoyVersion,omitempty"`
 }
 
 func (x *EnvoyExtension) Reset() {
@@ -663,6 +665,20 @@ func (x *EnvoyExtension) GetArguments() *structpb.Struct {
 	return nil
 }
 
+func (x *EnvoyExtension) GetConsulVersion() string {
+	if x != nil {
+		return x.ConsulVersion
+	}
+	return ""
+}
+
+func (x *EnvoyExtension) GetEnvoyVersion() string {
+	if x != nil {
+		return x.EnvoyVersion
+	}
+	return ""
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.Locality
@@ -802,36 +818,40 @@ var file_private_pbcommon_common_proto_rawDesc = []byte{
 	0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01,
 	0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a,
 	0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x77, 0x0a, 0x0e, 0x45,
-	0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a,
-	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d,
-	0x65, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x08, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0x35, 0x0a,
-	0x09, 0x41, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x09, 0x41, 0x72, 0x67, 0x75, 0x6d,
-	0x65, 0x6e, 0x74, 0x73, 0x22, 0x36, 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79,
-	0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x06, 0x52, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x5a, 0x6f, 0x6e, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x5a, 0x6f, 0x6e, 0x65, 0x42, 0x8b, 0x02, 0x0a,
-	0x24, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f,
-	0x74, 0x6f, 0x50, 0x01, 0x5a, 0x32, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
-	0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f,
-	0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x43, 0xaa,
-	0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6d, 0x6d,
-	0x6f, 0x6e, 0xca, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43,
-	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0xe2, 0x02, 0x2c, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
-	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x23, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x33,
+	0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xc1, 0x01, 0x0a, 0x0e,
+	0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12,
+	0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61,
+	0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0x35,
+	0x0a, 0x09, 0x41, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x09, 0x41, 0x72, 0x67, 0x75,
+	0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x56,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x45,
+	0x6e, 0x76, 0x6f, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0c, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22,
+	0x36, 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x52,
+	0x65, 0x67, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x67,
+	0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x5a, 0x6f, 0x6e, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x5a, 0x6f, 0x6e, 0x65, 0x42, 0x8b, 0x02, 0x0a, 0x24, 0x63, 0x6f, 0x6d, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+	0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x32, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d,
+	0x6d, 0x6f, 0x6e, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x43, 0xaa, 0x02, 0x20, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0xca, 0x02, 0x20,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+	0xe2, 0x02, 0x2c, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6d,
+	0x6d, 0x6f, 0x6e, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea,
+	0x02, 0x23, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/proto/private/pbcommon/common.proto b/proto/private/pbcommon/common.proto
index 237e9b4e29e2..a86aa2dde53d 100644
--- a/proto/private/pbcommon/common.proto
+++ b/proto/private/pbcommon/common.proto
@@ -185,6 +185,8 @@ message EnvoyExtension {
   bool Required = 2;
   // mog: func-to=ProtobufTypesStructToMapStringInterface func-from=MapStringInterfaceToProtobufTypesStruct
   google.protobuf.Struct Arguments = 3;
+  string ConsulVersion = 4;
+  string EnvoyVersion = 5;
 }
 
 // mog annotation:
diff --git a/proto/private/pbcommon/convert_pbstruct.go b/proto/private/pbcommon/convert_pbstruct.go
index 4370d7f2e783..e48dce9ae6e0 100644
--- a/proto/private/pbcommon/convert_pbstruct.go
+++ b/proto/private/pbcommon/convert_pbstruct.go
@@ -47,9 +47,11 @@ func EnvoyExtensionsToStructs(args []*EnvoyExtension) []structs.EnvoyExtension {
 		var e structs.EnvoyExtension
 		if args[i] != nil {
 			e = structs.EnvoyExtension{
-				Name:      args[i].Name,
-				Required:  args[i].Required,
-				Arguments: ProtobufTypesStructToMapStringInterface(args[i].Arguments),
+				Name:          args[i].Name,
+				Required:      args[i].Required,
+				ConsulVersion: args[i].ConsulVersion,
+				EnvoyVersion:  args[i].EnvoyVersion,
+				Arguments:     ProtobufTypesStructToMapStringInterface(args[i].Arguments),
 			}
 		}
 
@@ -65,9 +67,11 @@ func EnvoyExtensionsFromStructs(args []structs.EnvoyExtension) []*EnvoyExtension
 	o := make([]*EnvoyExtension, len(args))
 	for i, e := range args {
 		o[i] = &EnvoyExtension{
-			Name:      e.Name,
-			Required:  e.Required,
-			Arguments: MapStringInterfaceToProtobufTypesStruct(e.Arguments),
+			Name:          e.Name,
+			Required:      e.Required,
+			ConsulVersion: e.ConsulVersion,
+			EnvoyVersion:  e.EnvoyVersion,
+			Arguments:     MapStringInterfaceToProtobufTypesStruct(e.Arguments),
 		}
 	}
 

From 9a4f503b2b379610ec6f7bf84db45c4d5a716fd9 Mon Sep 17 00:00:00 2001
From: Andrew Stucki <andrew.stucki@hashicorp.com>
Date: Thu, 8 Jun 2023 12:18:17 -0400
Subject: [PATCH 004/359] [API Gateway] Fix trust domain for external peered
 services in synthesis code (#17609)

* [API Gateway] Fix trust domain for external peered services in synthesis code

* Add changelog
---
 .changelog/17609.txt       |  4 ++++
 agent/proxycfg/snapshot.go | 15 ++++++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)
 create mode 100644 .changelog/17609.txt

diff --git a/.changelog/17609.txt b/.changelog/17609.txt
new file mode 100644
index 000000000000..cbace1f8c7d2
--- /dev/null
+++ b/.changelog/17609.txt
@@ -0,0 +1,4 @@
+```release-note:bug
+gateways: Fixed a bug in API gateways where binding a route that only targets a service imported from a peer results
+in the programmed gateway having no routes.
+```
diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go
index 5e92013b272f..1880dcd669f6 100644
--- a/agent/proxycfg/snapshot.go
+++ b/agent/proxycfg/snapshot.go
@@ -741,14 +741,23 @@ type configSnapshotAPIGateway struct {
 
 func (c *configSnapshotAPIGateway) synthesizeChains(datacenter string, listener structs.APIGatewayListener, boundListener structs.BoundAPIGatewayListener) ([]structs.IngressService, structs.Upstreams, []*structs.CompiledDiscoveryChain, error) {
 	chains := []*structs.CompiledDiscoveryChain{}
-	trustDomain := ""
+
+	// We leverage the test trust domain knowing
+	// that the domain will get overridden if
+	// there is a target to something other than an
+	// external/peered service. If the below
+	// code doesn't get a trust domain due to all the
+	// targets being external, the chain will
+	// have the domain munged anyway during synthesis.
+	trustDomain := connect.TestTrustDomain
 
 DOMAIN_LOOP:
 	for _, chain := range c.DiscoveryChain {
 		for _, target := range chain.Targets {
 			if !target.External {
-				trustDomain = connect.TrustDomainForTarget(*target)
-				if trustDomain != "" {
+				domain := connect.TrustDomainForTarget(*target)
+				if domain != "" {
+					trustDomain = domain
 					break DOMAIN_LOOP
 				}
 			}

From 17f46893796017dc9152ff014112644c6dddd4d0 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Thu, 8 Jun 2023 12:34:31 -0400
Subject: [PATCH 005/359] backport ent changes to oss (#17614)

* backport ent changes to oss

* Update .changelog/_5669.txt

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
---
 .changelog/_5669.txt   |  3 +++
 api/api_test.go        | 16 ++++++++++++++++
 sdk/testutil/server.go |  6 ++++++
 3 files changed, 25 insertions(+)
 create mode 100644 .changelog/_5669.txt

diff --git a/.changelog/_5669.txt b/.changelog/_5669.txt
new file mode 100644
index 000000000000..6528460e69bd
--- /dev/null
+++ b/.changelog/_5669.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+audit-logging: **(Enterprise only)** enable error response and request body logging
+```
\ No newline at end of file
diff --git a/api/api_test.go b/api/api_test.go
index 49670b41eb86..4d5dd1fda830 100644
--- a/api/api_test.go
+++ b/api/api_test.go
@@ -53,6 +53,22 @@ func makeACLClient(t *testing.T) (*Client, *testutil.TestServer) {
 	})
 }
 
+// Makes a client with Audit enabled, it requires ACLs
+func makeAuditClient(t *testing.T) (*Client, *testutil.TestServer) {
+	return makeClientWithConfig(t, func(clientConfig *Config) {
+		clientConfig.Token = "root"
+	}, func(serverConfig *testutil.TestServerConfig) {
+		serverConfig.PrimaryDatacenter = "dc1"
+		serverConfig.ACL.Tokens.InitialManagement = "root"
+		serverConfig.ACL.Tokens.Agent = "root"
+		serverConfig.ACL.Enabled = true
+		serverConfig.ACL.DefaultPolicy = "deny"
+		serverConfig.Audit = &testutil.TestAuditConfig{
+			Enabled: true,
+		}
+	})
+}
+
 func makeNonBootstrappedACLClient(t *testing.T, defaultPolicy string) (*Client, *testutil.TestServer) {
 	return makeClientWithConfig(t,
 		func(clientConfig *Config) {
diff --git a/sdk/testutil/server.go b/sdk/testutil/server.go
index 1c7167d98da5..d00850d5e17a 100644
--- a/sdk/testutil/server.go
+++ b/sdk/testutil/server.go
@@ -75,6 +75,11 @@ type TestNetworkSegment struct {
 	Advertise string `json:"advertise"`
 }
 
+// TestAudigConfig contains the configuration for Audit
+type TestAuditConfig struct {
+	Enabled bool `json:"enabled,omitempty"`
+}
+
 // Locality is used as the TestServerConfig's Locality.
 type Locality struct {
 	Region string `json:"region"`
@@ -124,6 +129,7 @@ type TestServerConfig struct {
 	Stderr              io.Writer              `json:"-"`
 	Args                []string               `json:"-"`
 	ReturnPorts         func()                 `json:"-"`
+	Audit               *TestAuditConfig       `json:"audit,omitempty"`
 }
 
 type TestACLs struct {

From 85982889a1801ecf4596f9afd013d09da84a2708 Mon Sep 17 00:00:00 2001
From: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Date: Thu, 8 Jun 2023 13:30:05 -0700
Subject: [PATCH 006/359] Update intentions.mdx (#17619)

Make behaviour of L7 intentions clearer
---
 website/content/api-docs/connect/intentions.mdx | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/website/content/api-docs/connect/intentions.mdx b/website/content/api-docs/connect/intentions.mdx
index cdfeb463cda0..20a6b5054b93 100644
--- a/website/content/api-docs/connect/intentions.mdx
+++ b/website/content/api-docs/connect/intentions.mdx
@@ -536,9 +536,7 @@ This endpoint evaluates the intentions for a specific source and destination
 and returns whether the connection would be authorized or not given the current
 Consul configuration and set of intentions.
 
--> **Note:** This endpoint will always evaluate intentions with `Permissions`
-defined as _deny_ intentions during. This endpoint is only suited for
-networking layer 4 (e.g. TCP) integration.
+-> **Note:** This endpoint will always evaluate matching intentions with L7 `Permissions` defined as _deny_ intentions because there is no request to check against.
 
 For performance and reliability reasons it is desirable to implement intention
 enforcement by listing [intentions that match the

From 7ae457c5867a446a1e694c10eb03a9ca723dfb6c Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Thu, 8 Jun 2023 19:50:51 -0400
Subject: [PATCH 007/359] enterprise changelog update for audit (#17625)

---
 .changelog/_5805.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/_5805.txt

diff --git a/.changelog/_5805.txt b/.changelog/_5805.txt
new file mode 100644
index 000000000000..786effc31025
--- /dev/null
+++ b/.changelog/_5805.txt
@@ -0,0 +1,3 @@
+```release-note:security
+audit-logging: **(Enterprise only)** limit `v1/operator/audit-hash` endpoint to ACL token with `operator:read` privileges.
+```
\ No newline at end of file

From 30e0c234abce0f0a0dba46bb950dc533fb273c7f Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Thu, 8 Jun 2023 22:37:49 -0400
Subject: [PATCH 008/359] Update list of Envoy versions (#17546)

---
 .changelog/17546.txt                               | 3 +++
 .github/workflows/test-integrations.yml            | 4 ++--
 envoyextensions/xdscommon/envoy_versioning_test.go | 7 ++++---
 envoyextensions/xdscommon/proxysupport.go          | 8 ++++----
 website/content/docs/connect/proxies/envoy.mdx     | 2 +-
 5 files changed, 14 insertions(+), 10 deletions(-)
 create mode 100644 .changelog/17546.txt

diff --git a/.changelog/17546.txt b/.changelog/17546.txt
new file mode 100644
index 000000000000..6f4025553986
--- /dev/null
+++ b/.changelog/17546.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+connect: update supported envoy versions to 1.23.10, 1.24.8, 1.25.7, 1.26.2
+```
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 260044aee8bb..38b6a44cbe01 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -239,7 +239,7 @@ jobs:
           # this is further going to multiplied in envoy-integration tests by the 
           # other dimensions in the matrix.  Currently TOTAL_RUNNERS would be
           # multiplied by 8 based on these values:
-          # envoy-version: ["1.23.8", "1.24.6", "1.25.4", "1.26.0"]
+          # envoy-version: ["1.23.10", "1.24.8", "1.25.7", "1.26.2"]
           # xds-target: ["server", "client"]
           TOTAL_RUNNERS: 4 
           JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]'
@@ -273,7 +273,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        envoy-version: ["1.23.8", "1.24.6", "1.25.4", "1.26.0"]
+        envoy-version: ["1.23.10", "1.24.8", "1.25.7", "1.26.2"]
         xds-target: ["server", "client"]
         test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
     env:
diff --git a/envoyextensions/xdscommon/envoy_versioning_test.go b/envoyextensions/xdscommon/envoy_versioning_test.go
index 3e7507dec551..cc2134c7323d 100644
--- a/envoyextensions/xdscommon/envoy_versioning_test.go
+++ b/envoyextensions/xdscommon/envoy_versioning_test.go
@@ -151,9 +151,10 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) {
 	}
 	*/
 	for _, v := range []string{
-		"1.23.0", "1.23.1", "1.23.2", "1.23.3", "1.23.4", "1.23.5", "1.23.6", "1.23.7", "1.23.8",
-		"1.24.0", "1.24.1", "1.24.2", "1.24.3", "1.24.4", "1.24.5", "1.24.6",
-		"1.25.0", "1.25.1", "1.25.2", "1.25.3", "1.25.4", "1.26.0",
+		"1.23.0", "1.23.1", "1.23.2", "1.23.3", "1.23.4", "1.23.5", "1.23.6", "1.23.7", "1.23.8", "1.23.9", "1.23.10",
+		"1.24.0", "1.24.1", "1.24.2", "1.24.3", "1.24.4", "1.24.5", "1.24.6", "1.24.7", "1.24.8",
+		"1.25.0", "1.25.1", "1.25.2", "1.25.3", "1.25.4", "1.25.5", "1.25.6", "1.25.7",
+		"1.26.0", "1.26.1", "1.26.2",
 	} {
 		cases[v] = testcase{expect: SupportedProxyFeatures{}}
 	}
diff --git a/envoyextensions/xdscommon/proxysupport.go b/envoyextensions/xdscommon/proxysupport.go
index ff4b79d7354c..250133a13844 100644
--- a/envoyextensions/xdscommon/proxysupport.go
+++ b/envoyextensions/xdscommon/proxysupport.go
@@ -12,10 +12,10 @@ import "strings"
 //
 // see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions
 var EnvoyVersions = []string{
-	"1.26.0",
-	"1.25.4",
-	"1.24.6",
-	"1.23.8",
+	"1.26.2",
+	"1.25.7",
+	"1.24.8",
+	"1.23.10",
 }
 
 // UnsupportedEnvoyVersions lists any unsupported Envoy versions (mainly minor versions) that fall
diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx
index 65a01ca61524..e6759113c2c7 100644
--- a/website/content/docs/connect/proxies/envoy.mdx
+++ b/website/content/docs/connect/proxies/envoy.mdx
@@ -39,7 +39,7 @@ Consul supports **four major Envoy releases** at the beginning of each major Con
 
 | Consul Version      | Compatible Envoy Versions                                                          |
 | ------------------- | -----------------------------------------------------------------------------------|
-| 1.15.x              | 1.25.4, 1.24.6, 1.23.8, 1.22.11                                                     |
+| 1.15.x              | 1.25.6, 1.24.7, 1.23.9, 1.22.11                                                    |
 | 1.14.x              | 1.24.0, 1.23.1, 1.22.5, 1.21.5                                                     |
 | 1.13.x              | 1.23.1, 1.22.5, 1.21.5, 1.20.7                                                     |
 

From 3cb70566a907423795b8e218111f2efc8acb52c2 Mon Sep 17 00:00:00 2001
From: Andrew Stucki <andrew.stucki@hashicorp.com>
Date: Fri, 9 Jun 2023 08:22:32 -0400
Subject: [PATCH 009/359] [API Gateway] Fix rate limiting for API gateways
 (#17631)

* [API Gateway] Fix rate limiting for API gateways

* Add changelog

* Fix failing unit tests

* Fix operator usage tests for api package
---
 .changelog/17631.txt                          |  3 +
 agent/consul/state/state_store_test.go        | 19 +++++-
 agent/consul/state/usage.go                   |  1 +
 agent/consul/state/usage_test.go              | 15 +++-
 .../usagemetrics/usagemetrics_oss_test.go     | 68 ++++++++++++++++---
 agent/operator_endpoint_oss_test.go           |  1 +
 agent/structs/testing_catalog.go              |  8 +++
 api/operator_usage_test.go                    |  1 +
 8 files changed, 104 insertions(+), 12 deletions(-)
 create mode 100644 .changelog/17631.txt

diff --git a/.changelog/17631.txt b/.changelog/17631.txt
new file mode 100644
index 000000000000..b24b7461ec6e
--- /dev/null
+++ b/.changelog/17631.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+gateways: Fixed a bug where API gateways were not being taken into account in determining xDS rate limits.
+```
diff --git a/agent/consul/state/state_store_test.go b/agent/consul/state/state_store_test.go
index dfe8c988b329..fef750253272 100644
--- a/agent/consul/state/state_store_test.go
+++ b/agent/consul/state/state_store_test.go
@@ -203,11 +203,27 @@ func testRegisterConnectService(t *testing.T, s *Store, idx uint64, nodeID, serv
 	})
 }
 
+func testRegisterAPIService(t *testing.T, s *Store, idx uint64, nodeID, serviceID string) {
+	testRegisterGatewayService(t, s, structs.ServiceKindAPIGateway, idx, nodeID, serviceID)
+}
+
+func testRegisterTerminatingService(t *testing.T, s *Store, idx uint64, nodeID, serviceID string) {
+	testRegisterGatewayService(t, s, structs.ServiceKindTerminatingGateway, idx, nodeID, serviceID)
+}
+
 func testRegisterIngressService(t *testing.T, s *Store, idx uint64, nodeID, serviceID string) {
+	testRegisterGatewayService(t, s, structs.ServiceKindIngressGateway, idx, nodeID, serviceID)
+}
+
+func testRegisterMeshService(t *testing.T, s *Store, idx uint64, nodeID, serviceID string) {
+	testRegisterGatewayService(t, s, structs.ServiceKindMeshGateway, idx, nodeID, serviceID)
+}
+
+func testRegisterGatewayService(t *testing.T, s *Store, kind structs.ServiceKind, idx uint64, nodeID, serviceID string) {
 	svc := &structs.NodeService{
 		ID:      serviceID,
 		Service: serviceID,
-		Kind:    structs.ServiceKindIngressGateway,
+		Kind:    kind,
 		Address: "1.1.1.1",
 		Port:    1111,
 	}
@@ -227,6 +243,7 @@ func testRegisterIngressService(t *testing.T, s *Store, idx uint64, nodeID, serv
 		t.Fatalf("bad service: %#v", result)
 	}
 }
+
 func testRegisterCheck(t *testing.T, s *Store, idx uint64,
 	nodeID string, serviceID string, checkID types.CheckID, state string) {
 	testRegisterCheckWithPartition(t, s, idx,
diff --git a/agent/consul/state/usage.go b/agent/consul/state/usage.go
index 8e455241c299..b3794105508a 100644
--- a/agent/consul/state/usage.go
+++ b/agent/consul/state/usage.go
@@ -25,6 +25,7 @@ var allConnectKind = []string{
 	string(structs.ServiceKindIngressGateway),
 	string(structs.ServiceKindMeshGateway),
 	string(structs.ServiceKindTerminatingGateway),
+	string(structs.ServiceKindAPIGateway),
 	connectNativeInstancesTable,
 }
 
diff --git a/agent/consul/state/usage_test.go b/agent/consul/state/usage_test.go
index 6ccaddb9f7e8..68844ebc1140 100644
--- a/agent/consul/state/usage_test.go
+++ b/agent/consul/state/usage_test.go
@@ -179,16 +179,25 @@ func TestStateStore_Usage_ServiceUsage(t *testing.T) {
 	testRegisterConnectNativeService(t, s, 13, "node1", "service-native")
 	testRegisterConnectNativeService(t, s, 14, "node2", "service-native")
 	testRegisterConnectNativeService(t, s, 15, "node2", "service-native-1")
+	testRegisterIngressService(t, s, 16, "node1", "ingress")
+	testRegisterMeshService(t, s, 17, "node1", "mesh")
+	testRegisterTerminatingService(t, s, 18, "node1", "terminating")
+	testRegisterAPIService(t, s, 19, "node1", "api")
+	testRegisterAPIService(t, s, 20, "node2", "api")
 
 	ws := memdb.NewWatchSet()
 	idx, usage, err := s.ServiceUsage(ws)
 	require.NoError(t, err)
-	require.Equal(t, idx, uint64(15))
-	require.Equal(t, 5, usage.Services)
-	require.Equal(t, 8, usage.ServiceInstances)
+	require.Equal(t, idx, uint64(20))
+	require.Equal(t, 9, usage.Services)
+	require.Equal(t, 13, usage.ServiceInstances)
 	require.Equal(t, 2, usage.ConnectServiceInstances[string(structs.ServiceKindConnectProxy)])
 	require.Equal(t, 3, usage.ConnectServiceInstances[connectNativeInstancesTable])
 	require.Equal(t, 6, usage.BillableServiceInstances)
+	require.Equal(t, 2, usage.ConnectServiceInstances[string(structs.ServiceKindAPIGateway)])
+	require.Equal(t, 1, usage.ConnectServiceInstances[string(structs.ServiceKindIngressGateway)])
+	require.Equal(t, 1, usage.ConnectServiceInstances[string(structs.ServiceKindTerminatingGateway)])
+	require.Equal(t, 1, usage.ConnectServiceInstances[string(structs.ServiceKindMeshGateway)])
 
 	testRegisterSidecarProxy(t, s, 16, "node2", "service2")
 
diff --git a/agent/consul/usagemetrics/usagemetrics_oss_test.go b/agent/consul/usagemetrics/usagemetrics_oss_test.go
index 1781dca4c50e..8a4b511577c8 100644
--- a/agent/consul/usagemetrics/usagemetrics_oss_test.go
+++ b/agent/consul/usagemetrics/usagemetrics_oss_test.go
@@ -149,6 +149,22 @@ var baseCases = map[string]testCase{
 					{Name: "kind", Value: "ingress-gateway"},
 				},
 			},
+			"consul.usage.test.consul.state.connect_instances;datacenter=dc1;kind=api-gateway": { // Legacy
+				Name:  "consul.usage.test.consul.state.connect_instances",
+				Value: 0,
+				Labels: []metrics.Label{
+					{Name: "datacenter", Value: "dc1"},
+					{Name: "kind", Value: "api-gateway"},
+				},
+			},
+			"consul.usage.test.state.connect_instances;datacenter=dc1;kind=api-gateway": {
+				Name:  "consul.usage.test.state.connect_instances",
+				Value: 0,
+				Labels: []metrics.Label{
+					{Name: "datacenter", Value: "dc1"},
+					{Name: "kind", Value: "api-gateway"},
+				},
+			},
 			"consul.usage.test.consul.state.connect_instances;datacenter=dc1;kind=mesh-gateway": { // Legacy
 				Name:  "consul.usage.test.consul.state.connect_instances",
 				Value: 0,
@@ -624,6 +640,22 @@ var baseCases = map[string]testCase{
 					{Name: "kind", Value: "ingress-gateway"},
 				},
 			},
+			"consul.usage.test.consul.state.connect_instances;datacenter=dc1;kind=api-gateway": { // Legacy
+				Name:  "consul.usage.test.consul.state.connect_instances",
+				Value: 0,
+				Labels: []metrics.Label{
+					{Name: "datacenter", Value: "dc1"},
+					{Name: "kind", Value: "api-gateway"},
+				},
+			},
+			"consul.usage.test.state.connect_instances;datacenter=dc1;kind=api-gateway": {
+				Name:  "consul.usage.test.state.connect_instances",
+				Value: 0,
+				Labels: []metrics.Label{
+					{Name: "datacenter", Value: "dc1"},
+					{Name: "kind", Value: "api-gateway"},
+				},
+			},
 			"consul.usage.test.consul.state.connect_instances;datacenter=dc1;kind=mesh-gateway": { // Legacy
 				Name:  "consul.usage.test.consul.state.connect_instances",
 				Value: 0,
@@ -1127,6 +1159,9 @@ func TestUsageReporter_emitServiceUsage_OSS(t *testing.T) {
 		require.NoError(t, s.EnsureNode(3, &structs.Node{Node: "baz", Address: "127.0.0.2"}))
 		require.NoError(t, s.EnsureNode(4, &structs.Node{Node: "qux", Address: "127.0.0.3"}))
 
+		apigw := structs.TestNodeServiceAPIGateway(t)
+		apigw.ID = "api-gateway"
+
 		mgw := structs.TestNodeServiceMeshGateway(t)
 		mgw.ID = "mesh-gateway"
 
@@ -1141,16 +1176,17 @@ func TestUsageReporter_emitServiceUsage_OSS(t *testing.T) {
 		require.NoError(t, s.EnsureRegistration(10, structs.TestRegisterIngressGateway(t)))
 		require.NoError(t, s.EnsureService(11, "foo", mgw))
 		require.NoError(t, s.EnsureService(12, "foo", tgw))
-		require.NoError(t, s.EnsureService(13, "bar", &structs.NodeService{ID: "db-native", Service: "db", Tags: nil, Address: "", Port: 5000, Connect: structs.ServiceConnect{Native: true}}))
-		require.NoError(t, s.EnsureConfigEntry(14, &structs.IngressGatewayConfigEntry{
+		require.NoError(t, s.EnsureService(13, "foo", apigw))
+		require.NoError(t, s.EnsureService(14, "bar", &structs.NodeService{ID: "db-native", Service: "db", Tags: nil, Address: "", Port: 5000, Connect: structs.ServiceConnect{Native: true}}))
+		require.NoError(t, s.EnsureConfigEntry(15, &structs.IngressGatewayConfigEntry{
 			Kind: structs.IngressGateway,
 			Name: "foo",
 		}))
-		require.NoError(t, s.EnsureConfigEntry(15, &structs.IngressGatewayConfigEntry{
+		require.NoError(t, s.EnsureConfigEntry(16, &structs.IngressGatewayConfigEntry{
 			Kind: structs.IngressGateway,
 			Name: "bar",
 		}))
-		require.NoError(t, s.EnsureConfigEntry(16, &structs.IngressGatewayConfigEntry{
+		require.NoError(t, s.EnsureConfigEntry(17, &structs.IngressGatewayConfigEntry{
 			Kind: structs.IngressGateway,
 			Name: "baz",
 		}))
@@ -1191,22 +1227,22 @@ func TestUsageReporter_emitServiceUsage_OSS(t *testing.T) {
 	}
 	nodesAndSvcsCase.expectedGauges["consul.usage.test.consul.state.services;datacenter=dc1"] = metrics.GaugeValue{ // Legacy
 		Name:   "consul.usage.test.consul.state.services",
-		Value:  7,
+		Value:  8,
 		Labels: []metrics.Label{{Name: "datacenter", Value: "dc1"}},
 	}
 	nodesAndSvcsCase.expectedGauges["consul.usage.test.state.services;datacenter=dc1"] = metrics.GaugeValue{
 		Name:   "consul.usage.test.state.services",
-		Value:  7,
+		Value:  8,
 		Labels: []metrics.Label{{Name: "datacenter", Value: "dc1"}},
 	}
 	nodesAndSvcsCase.expectedGauges["consul.usage.test.consul.state.service_instances;datacenter=dc1"] = metrics.GaugeValue{ // Legacy
 		Name:   "consul.usage.test.consul.state.service_instances",
-		Value:  9,
+		Value:  10,
 		Labels: []metrics.Label{{Name: "datacenter", Value: "dc1"}},
 	}
 	nodesAndSvcsCase.expectedGauges["consul.usage.test.state.service_instances;datacenter=dc1"] = metrics.GaugeValue{
 		Name:   "consul.usage.test.state.service_instances",
-		Value:  9,
+		Value:  10,
 		Labels: []metrics.Label{{Name: "datacenter", Value: "dc1"}},
 	}
 	nodesAndSvcsCase.expectedGauges["consul.usage.test.consul.state.connect_instances;datacenter=dc1;kind=connect-proxy"] = metrics.GaugeValue{ // Legacy
@@ -1257,6 +1293,22 @@ func TestUsageReporter_emitServiceUsage_OSS(t *testing.T) {
 			{Name: "kind", Value: "ingress-gateway"},
 		},
 	}
+	nodesAndSvcsCase.expectedGauges["consul.usage.test.consul.state.connect_instances;datacenter=dc1;kind=api-gateway"] = metrics.GaugeValue{ // Legacy
+		Name:  "consul.usage.test.consul.state.connect_instances",
+		Value: 1,
+		Labels: []metrics.Label{
+			{Name: "datacenter", Value: "dc1"},
+			{Name: "kind", Value: "api-gateway"},
+		},
+	}
+	nodesAndSvcsCase.expectedGauges["consul.usage.test.state.connect_instances;datacenter=dc1;kind=api-gateway"] = metrics.GaugeValue{
+		Name:  "consul.usage.test.state.connect_instances",
+		Value: 1,
+		Labels: []metrics.Label{
+			{Name: "datacenter", Value: "dc1"},
+			{Name: "kind", Value: "api-gateway"},
+		},
+	}
 	nodesAndSvcsCase.expectedGauges["consul.usage.test.consul.state.connect_instances;datacenter=dc1;kind=mesh-gateway"] = metrics.GaugeValue{ // Legacy
 		Name:  "consul.usage.test.consul.state.connect_instances",
 		Value: 1,
diff --git a/agent/operator_endpoint_oss_test.go b/agent/operator_endpoint_oss_test.go
index ea144cffa692..90f0e7d0cd14 100644
--- a/agent/operator_endpoint_oss_test.go
+++ b/agent/operator_endpoint_oss_test.go
@@ -56,6 +56,7 @@ func TestOperator_Usage(t *testing.T) {
 			Services:         5,
 			ServiceInstances: 6,
 			ConnectServiceInstances: map[string]int{
+				"api-gateway":         0,
 				"connect-native":      1,
 				"connect-proxy":       1,
 				"ingress-gateway":     0,
diff --git a/agent/structs/testing_catalog.go b/agent/structs/testing_catalog.go
index 0e560b3906ff..9e72aebc7745 100644
--- a/agent/structs/testing_catalog.go
+++ b/agent/structs/testing_catalog.go
@@ -174,6 +174,14 @@ func TestNodeServiceMeshGateway(t testing.T) *NodeService {
 		ServiceAddress{Address: "198.18.4.5", Port: 443})
 }
 
+func TestNodeServiceAPIGateway(t testing.T) *NodeService {
+	return &NodeService{
+		Kind:    ServiceKindAPIGateway,
+		Service: "api-gateway",
+		Address: "1.1.1.1",
+	}
+}
+
 func TestNodeServiceTerminatingGateway(t testing.T, address string) *NodeService {
 	return &NodeService{
 		Kind:    ServiceKindTerminatingGateway,
diff --git a/api/operator_usage_test.go b/api/operator_usage_test.go
index a276682e07de..77b15fcdb586 100644
--- a/api/operator_usage_test.go
+++ b/api/operator_usage_test.go
@@ -56,6 +56,7 @@ func TestAPI_OperatorUsage(t *testing.T) {
 	require.Equal(t, 4, usage.Usage["dc1"].Services)
 	require.Equal(t, 5, usage.Usage["dc1"].ServiceInstances)
 	require.Equal(t, map[string]int{
+		"api-gateway":         0,
 		"connect-native":      1,
 		"connect-proxy":       1,
 		"ingress-gateway":     0,

From ec347ef01d8a43b9d8407750a8c92bd1d5d404e7 Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Fri, 9 Jun 2023 11:30:56 -0500
Subject: [PATCH 010/359] sort some imports that are wonky between oss and ent
 (#17637)

---
 agent/agent_endpoint.go        | 10 ++++------
 agent/agent_endpoint_test.go   |  6 ++----
 agent/proxycfg/mesh_gateway.go |  1 -
 3 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go
index 13e993fc703e..d63936e29466 100644
--- a/agent/agent_endpoint.go
+++ b/agent/agent_endpoint.go
@@ -11,16 +11,12 @@ import (
 	"strings"
 	"time"
 
+	"github.com/hashicorp/go-bexpr"
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-memdb"
-	"github.com/mitchellh/hashstructure"
-
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/version"
-
-	"github.com/hashicorp/go-bexpr"
 	"github.com/hashicorp/serf/coordinate"
 	"github.com/hashicorp/serf/serf"
+	"github.com/mitchellh/hashstructure"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 
@@ -31,11 +27,13 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	token_store "github.com/hashicorp/consul/agent/token"
 	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/ipaddr"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/logging"
 	"github.com/hashicorp/consul/logging/monitor"
 	"github.com/hashicorp/consul/types"
+	"github.com/hashicorp/consul/version"
 )
 
 type Self struct {
diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go
index 2955871c723e..fc0345cee478 100644
--- a/agent/agent_endpoint_test.go
+++ b/agent/agent_endpoint_test.go
@@ -21,10 +21,6 @@ import (
 	"time"
 
 	"github.com/armon/go-metrics"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/version"
-
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-uuid"
 	"github.com/hashicorp/serf/serf"
@@ -44,12 +40,14 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/token"
 	tokenStore "github.com/hashicorp/consul/agent/token"
+	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/hashicorp/consul/testrpc"
 	"github.com/hashicorp/consul/types"
+	"github.com/hashicorp/consul/version"
 )
 
 func createACLTokenWithAgentReadPolicy(t *testing.T, srv *HTTPHandlers) string {
diff --git a/agent/proxycfg/mesh_gateway.go b/agent/proxycfg/mesh_gateway.go
index 2267a2960a20..cf090b7b0460 100644
--- a/agent/proxycfg/mesh_gateway.go
+++ b/agent/proxycfg/mesh_gateway.go
@@ -15,7 +15,6 @@ import (
 	"github.com/hashicorp/go-hclog"
 
 	"github.com/hashicorp/consul/acl"
-
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/proxycfg/internal/watch"
 	"github.com/hashicorp/consul/agent/structs"

From 5e846747f4602dd08f3f1a877b95af48c2c3cce7 Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Sat, 10 Jun 2023 08:35:22 -0700
Subject: [PATCH 011/359] PmTLS and tproxy improvements with failover and L7
 traffic mgmt for k8s (#17624)

* porting over changes from enterprise repo to oss

* applied feedback on service mesh for k8s overview

* fixed typo

* removed ent-only build script file

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
---
 .../content/docs/connect/failover/index.mdx   |  45 +++
 .../content/docs/connect/l7-traffic/index.mdx | 132 +++-----
 website/content/docs/k8s/connect/index.mdx    |  71 ++---
 .../k8s/connect/onboarding-tproxy-mode.mdx    | 295 ++++++++++++++++++
 .../enable-transparent-proxy.mdx}             |  76 ++---
 .../k8s/connect/transparent-proxy/index.mdx   |  47 +++
 .../docs/k8s/l7-traffic/failover-tproxy.mdx   | 124 ++++++++
 .../l7-traffic/route-to-virtual-services.mdx  | 122 ++++++++
 website/data/docs-nav-data.json               |  79 ++++-
 9 files changed, 795 insertions(+), 196 deletions(-)
 create mode 100644 website/content/docs/connect/failover/index.mdx
 create mode 100644 website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
 rename website/content/docs/{connect/transparent-proxy.mdx => k8s/connect/transparent-proxy/enable-transparent-proxy.mdx} (81%)
 create mode 100644 website/content/docs/k8s/connect/transparent-proxy/index.mdx
 create mode 100644 website/content/docs/k8s/l7-traffic/failover-tproxy.mdx
 create mode 100644 website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx

diff --git a/website/content/docs/connect/failover/index.mdx b/website/content/docs/connect/failover/index.mdx
new file mode 100644
index 000000000000..2d9690644098
--- /dev/null
+++ b/website/content/docs/connect/failover/index.mdx
@@ -0,0 +1,45 @@
+---
+layout: docs
+page_title: Failover configuration overview
+description: Learn about failover strategies and service mesh features you can implement to route traffic if services become unhealthy or unreachable, including sameness groups, prepared queries, and service resolvers.
+---
+
+# Failover overview
+
+Services in your mesh may become unhealthy or unreachable for many reasons, but you can mitigate some of the effects associated with infrastructure issues by configuring Consul to automatically route traffic to and from failover service instances. This topic provides an overview of the failover strategies you can implement with Consul.
+
+## Service failover strategies in Consul
+
+There are several methods for implementing failover strategies between datacenters in Consul. You can adopt one of the following strategies based on your deployment configuration and network requirements:
+
+- Configure the `Failover` stanza in a service resolver configuration entry to explicitly define which services should failover and the targeting logic they should follow.
+- Make a prepared query for each service that you can use to automate geo-failover.
+- Create a sameness group to identify partitions with identical namespaces and service names to establish default failover targets.
+
+The following table compares these strategies in deployments with multiple datacenters to help you determine the best approach for your service:
+
+| Failover Strategy | Supports WAN Federation | Supports Cluster Peering | Multi-Datacenter Failover Strength | Multi-Datacenter Usage Scenario |
+| :---------------: | :---------------------: | :----------------------: | :--------------------------------- | :------------------------------ |
+| `Failover` stanza | &#9989;                 | &#9989;                  | Enables more granular logic for failover targeting | Configuring failover for a single service or service subset, especially for testing or debugging purposes |
+| Prepared query    | &#9989;                 |   &#9989;              | Central policies that can automatically target the nearest datacenter | WAN-federated deployments where a primary datacenter is configured. Prepared queries are not replicated over peer connections. |
+| Sameness groups   | &#10060;                | &#9989;                  | Group size changes without edits to existing member configurations | Cluster peering deployments with consistently named services and namespaces |
+
+### Failover configurations for a service mesh with a single datacenter
+
+You can implement a service resolver configuration entry and specify a pool of failover service instances that other services can exchange messages with when the primary service becomes unhealthy or unreachable. We recommend adopting this strategy as a minimum baseline when implementing Consul service mesh and layering additional failover strategies to build resilience into your application network. 
+
+Refer to the [`Failover` configuration ](/consul/docs/connect/config-entries/service-resolver#failover) for examples of how to configure failover services in the service resolver configuration entry on both VMs and Kubernetes deployments.
+
+### Failover configuration for WAN-federated datacenters
+
+If your network has multiple Consul datacenters that are WAN-federated, you can configure your applications to look for failover services with prepared queries. [Prepared queries](/consul/api-docs/) are configurations that enable you to define complex service discovery lookups. This strategy hinges on the secondary datacenter containing service instances that have the same name and residing in the same namespace as their counterparts in the primary datacenter. 
+
+Refer to the [Automate geo-failover with prepared queries tutorial](/consul/tutorials/developer-discovery/automate-geo-failover) for additional information. 
+
+### Failover configuration for peered clusters and partitions
+
+In networks with multiple datacenters or partitions that share a peer connection, each datacenter or partition functions as an independent unit. As a result, Consul does not correlate services that have the same name, even if they are in the same namespace.
+
+You can configure sameness groups for this type of network. Sameness groups allow you to define a group of admin partitions where identical services are deployed in identical namespaces. After you configure the sameness group, you can reference the `SamenessGroup` parameter in service resolver, exported service, and service intention configuration entries, enabling you to add or remove cluster peers from the group without making changes to every cluster peer every time. 
+
+Refer to [Sameness groups usage page](/consul/docs/connect/cluster-peering/usage/sameness-groups) for more information.
diff --git a/website/content/docs/connect/l7-traffic/index.mdx b/website/content/docs/connect/l7-traffic/index.mdx
index 9f5fe8da2b5a..3fb7b392b839 100644
--- a/website/content/docs/connect/l7-traffic/index.mdx
+++ b/website/content/docs/connect/l7-traffic/index.mdx
@@ -1,126 +1,80 @@
 ---
 layout: docs
-page_title: Service Mesh Traffic Management - Overview
+page_title: Service mesh traffic management overview
 description: >-
   Consul can route, split, and resolve Layer 7 traffic in a service mesh to support workflows like canary testing and blue/green deployments. Learn about the three configuration entry kinds that define L7 traffic management behavior in Consul.
 ---
 
--> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer.
+# Service mesh traffic management overview
 
-# Service Mesh Traffic Management Overview
+This topic provides overview information about the application layer traffic management capabilities available in Consul service mesh. These capabilities are also referred to as *Layer 7* or *L7 traffic management*.
 
-Layer 7 traffic management allows operators to divide L7 traffic between
-different
-[subsets](/consul/docs/connect/config-entries/service-resolver#service-subsets) of
-service instances when using service mesh.
+## Introduction
 
-There are many ways you may wish to carve up a single datacenter's pool of
-services beyond simply returning all healthy instances for load balancing.
-Canary testing, A/B tests, blue/green deploys, and soft multi-tenancy
-(prod/qa/staging sharing compute resources) all require some mechanism of
-carving out portions of the Consul catalog smaller than the level of a single
-service and configuring when that subset should receive traffic.
+Consul service mesh allows you to divide application layer traffic between different subsets of service instances. You can leverage L7 traffic management capabilities to perform complex processes, such as configuring backup services for failover scenarios, canary and A-B testing, blue-green deployments, and soft multi-tenancy in which production, QA, and staging environments share compute resources. L7 traffic management with Consul service mesh allows you to designate groups of service instances in the Consul catalog smaller than all instances of single service and configure when that subset should receive traffic.
 
--> **Note:** This feature is not compatible with the
-[built-in proxy](/consul/docs/connect/proxies/built-in),
-[native proxies](/consul/docs/connect/native),
-and some [Envoy proxy escape hatches](/consul/docs/connect/proxies/envoy#escape-hatch-overrides).
+You cannot manage L7 traffic with the [built-in proxy](/consul/docs/connect/proxies/built-in),
+[native proxies](/consul/docs/connect/native), or some [Envoy proxy escape hatches](/consul/docs/connect/proxies/envoy#escape-hatch-overrides).
 
-## Stages
+## Discovery chain
 
-Service mesh proxy upstreams are discovered using a series of stages: routing,
-splitting, and resolution. These stages represent different ways of managing L7
-traffic.
+Consul uses a series of stages to discover service mesh proxy upstreams. Each stage represents different ways of managing L7 traffic. They are referred to as the _discovery chain_: 
 
-![screenshot of L7 traffic visualization in the UI](/img/l7-routing/full.png)
-
-Each stage of this discovery process can be dynamically reconfigured via various
-[configuration entries](/consul/docs/agent/config-entries). When a configuration
-entry is missing, that stage will fall back on reasonable default behavior.
-
-### Routing
-
-A [`service-router`](/consul/docs/connect/config-entries/service-router) config
-entry kind is the first configurable stage.
+- routing 
+- splitting 
+- resolution 
 
-![screenshot of service router in the UI](/img/l7-routing/Router.png)
-
-A router config entry allows for a user to intercept traffic using L7 criteria
-such as path prefixes or http headers, and change behavior such as by sending
-traffic to a different service or service subset.
-
-These config entries may only reference `service-splitter` or
-`service-resolver` entries.
-
-[Examples](/consul/docs/connect/config-entries/service-router#sample-config-entries)
-can be found in the `service-router` documentation.
-
-### Splitting
+For information about integrating service mesh proxy upstream discovery using the discovery chain, refer to [Discovery Chain for Service Mesh Traffic Management](/consul/docs/connect/l7-traffic/discovery-chain).
 
-A [`service-splitter`](/consul/docs/connect/config-entries/service-splitter) config
-entry kind is the next stage after routing.
+The Consul UI shows discovery chain stages in the **Routing** tab of the **Services** page:
 
-![screenshot of service splitter in the UI](/img/l7-routing/Splitter.png)
+![screenshot of L7 traffic visualization in the UI](/img/l7-routing/full.png)
 
-A splitter config entry allows for a user to choose to split incoming requests
-across different subsets of a single service (like during staged canary
-rollouts), or perhaps across different services (like during a v2 rewrite or
-other type of codebase migration).
+You can define how Consul manages each stage of the discovery chain in a Consul _configuration entry_. [Configuration entries](/consul/docs/connect/config-entries) modify the default behavior of the Consul service mesh.   
 
-These config entries may only reference `service-splitter` or
-`service-resolver` entries.
+When managing L7 traffic with cluster peering, there are additional configuration requirements to resolve peers in the discovery chain. Refer to [Cluster peering L7 traffic management](/consul/docs/connect/cluster-peering/usage/peering-traffic-management) for more information.
 
-If one splitter references another splitter the overall effects are flattened
-into one effective splitter config entry which reflects the multiplicative
-union. For instance:
+### Routing
 
-    splitter[A]:           A_v1=50%, A_v2=50%
-    splitter[B]:           A=50%,    B=50%
-    ---------------------
-    splitter[effective_B]: A_v1=25%, A_v2=25%, B=50%
+The first stage of the discovery chain is the service router. Routers intercept traffic according to a set of L7 attributes, such as path prefixes and HTTP headers, and route the traffic to a different service or service subset.
 
-[Examples](/consul/docs/connect/config-entries/service-splitter#sample-config-entries)
-can be found in the `service-splitter` documentation.
+Apply a [service router configuration entry](/consul/docs/connect/config-entries/service-router) to implement a router. Service router configuration entries can only reference service splitter or service resolver configuration entries.
 
-### Resolution
+![screenshot of service router in the UI](/img/l7-routing/Router.png)
 
-A [`service-resolver`](/consul/docs/connect/config-entries/service-resolver) config
-entry kind is the last stage.
+### Splitting
 
-![screenshot of service resolver in the UI](/img/l7-routing/Resolver.png)
+The second stage of the discovery chain is the service splitter. Service splitters split incoming requests and route them to different services or service subsets. Splitters enable staged canary rollouts, versioned releases, and similar use cases.  
 
-A resolver config entry allows for a user to define which instances of a
-service should satisfy discovery requests for the provided name.
+Apply a [service splitter configuration entry](/consul/docs/connect/config-entries/service-splitter) to implement a splitter. Service splitters configuration entries can only reference other service splitters or service resolver configuration entries.
 
-Examples of things you can do with resolver config entries:
+![screenshot of service splitter in the UI](/img/l7-routing/Splitter.png)
 
-- Control where to send traffic if all instances of `api` in the current
-  datacenter are unhealthy.
+If multiple service splitters are chained, Consul flattens the splits so that they behave as a single service spitter. In the following equation, `splitter[A]` references `splitter[B]`:
 
-- Configure service subsets based on `Service.Meta.version` values.
+```text
+splitter[A]:           A_v1=50%, A_v2=50%
+splitter[B]:           A=50%,    B=50%
+---------------------
+splitter[effective_B]: A_v1=25%, A_v2=25%, B=50%
+```
 
-- Send all traffic for `web` that does not specify a service subset to the
-  `version1` subset.
 
-- Send all traffic for `api` to `new-api`.
+### Resolution
 
-- Send all traffic for `api` in all datacenters to instances of `api` in `dc2`.
+The third stage of the discovery chain is the service resolver. Service resolvers specify which instances of a service satisfy discovery requests for the provided service name. Service resolvers enable several use cases, including: 
 
-- Create a "virtual service" `api-dc2` that sends traffic to instances of `api`
-  in `dc2`. This can be referenced in upstreams or in other config entries.
+- Designate failovers when service instances become unhealthy or unreachable. 
+- Configure service subsets based on DNS values.
+- Route traffic to the latest version of a service.
+- Route traffic to specific Consul datacenters.
+- Create virtual services that route traffic to instances of the actual service in specific Consul datacenters.
 
-If no resolver config is defined for a service it is assumed 100% of traffic
-flows to the healthy instances of a service with the same name in the current
-datacenter/namespace and discovery terminates.
+Apply a [service resolver configuration entry](/consul/docs/connect/config-entries/service-resolver) to implement a resolver. Service resolver configuration entries can only reference other service resolvers.
 
-This should feel similar in spirit to various uses of Prepared Queries, but is
-not intended to be a drop-in replacement currently.
 
-These config entries may only reference other `service-resolver` entries.
+![screenshot of service resolver in the UI](/img/l7-routing/Resolver.png)
 
-[Examples](/consul/docs/connect/config-entries/service-resolver#sample-config-entries)
-can be found in the `service-resolver` documentation.
+If no resolver is configured for a service, Consul sends all traffic to healthy instances of the service that have the same name in the current datacenter or specified namespace and ends the discovery chain. 
 
--> **Note:** `service-resolver` config entries kinds can function at L4 (unlike
-`service-router` and `service-splitter` kinds). These can be created for
-services of any protocol such as `tcp`.
\ No newline at end of file
+Service resolver configuration entries can also process network layer, also called level 4 (L4), traffic. As a result, you can implement service resolvers for services that communicate over `tcp` and other non-HTTP protocols. 
\ No newline at end of file
diff --git a/website/content/docs/k8s/connect/index.mdx b/website/content/docs/k8s/connect/index.mdx
index 7f1dd71c8e8c..afa625a0ba8d 100644
--- a/website/content/docs/k8s/connect/index.mdx
+++ b/website/content/docs/k8s/connect/index.mdx
@@ -7,30 +7,21 @@ description: >-
 
 # How does Consul Service Mesh Work on Kubernetes?
 
-[Consul service mesh](/consul/docs/connect) is a feature built into to Consul that enables
-automatic service-to-service authorization and connection encryption across
-your Consul services. Consul Service Mesh can be used with Kubernetes to secure pod
-communication with other pods and external Kubernetes services.
-
-The noun _connect_ is used throughout this documentation to refer to the connect
-subsystem that provides Consul's service mesh capabilities.
-Where you encounter the _noun_ connect, it is usually functionality specific to
-service mesh.
+Consul service mesh automates service-to-service authorization and encryption across your Consul services. You can use service mesh in Kubernetes-orchestrated networks to secure communication between pods as well as communication between pods and external Kubernetes services.
+
+## Workflow
 
-Consul can automatically inject the sidecar running Envoy into pods in
-your cluster, making configuration for Kubernetes automatic.
-This functionality is provided by the
-[consul-k8s project](https://github.com/hashicorp/consul-k8s) and can be
-automatically installed and configured using the
-[Consul Helm chart](/consul/docs/k8s/installation/install#helm-chart-installation).
+Consul service mesh is enabled by default when you install Consul on Kubernetes using the Consul Helm chart. Consul also automatically injects sidecars into the pods in your clusters that run Envoy. These sidecar proxies,  called Consul dataplanes, are enabled when `connectInject.default` is set to `false` in the Helm chart. Refer to the following documentation for additional information about these concepts:
 
-## Usage
+- [Installation and Configuration](#installation-and-configuration) in this topic 
+- [Consul Helm chart reference](/consul/docs/k8s/helm)
+- [Simplified Service Mesh with Consul Dataplane](/consul/docs/connect/dataplane)
 
--> **Important:** As of consul-k8s `v0.26.0` and Consul Helm `v0.32.0`, a Kubernetes
-service is required to run services on the Consul service mesh.
+If `connectInject.default` is set to `false` or you want to explicitly enable service mesh sidecar proxy injection for a specific deployment, add the `consul.hashicorp.com/connect-inject` annotation to the pod specification template and set it to `true` when connecting services to the mesh. 
 
-Installing Consul on Kubernetes with [`connect-inject` enabled](/consul/docs/k8s/connect#installation-and-configuration) adds a sidecar to all pods. By default, it enables service mesh functionality with Consul Dataplane by injecting an Envoy proxy. You can also configure Consul to inject a client agent sidecar to connect to your service mesh. Refer to [Simplified Service Mesh with Consul Dataplane](/consul/docs/connect/dataplane) for more information.
+### Example 
 
+The following example shows a Kubernetes configuration that specifically enables service mesh connections for the `static-server` service. Consul starts and registers a sidecar proxy that listens on port 20000 by default and proxies valid inbound connections to port 8080. 
 
 ```yaml
 apiVersion: v1
@@ -81,37 +72,17 @@ spec:
       serviceAccountName: static-server
 ```
 
-The only change for service mesh is the addition of the
-`consul.hashicorp.com/connect-inject` annotation. This enables injection
-for the Pod in this Deployment. The injector can also be
-[configured](/consul/docs/k8s/connect#installation-and-configuration)
-to automatically inject unless explicitly disabled, but the default
-installation requires opt-in using the annotation shown above.
-
-~> **A common mistake** is to set the annotation on the Deployment or
-other resource. Ensure that the injector annotations are specified on
-the _pod specification template_ as shown above.
-
-This will start a sidecar proxy that listens on port `20000` registered
-with Consul and proxies valid inbound connections to port 8080 in the pod.
-To establish a connection to the pod using service mesh, a client must use another mesh
-proxy. The client mesh proxy will use Consul service discovery to find
-all available upstream proxies and their public ports.
-
-In the example above, the server is listening on `:8080`.
-By default, the Consul service mesh runs in [transparent proxy](/consul/docs/connect/transparent-proxy) mode.
-This means that even though the server binds to all interfaces,
-the inbound and outbound connections will automatically go through to the sidecar proxy.
-It also allows you to use Kubernetes DNS like you normally would without the
-Consul Service Mesh.
-
--> **Note:** As of consul `v1.10.0`, consul-k8s `v0.26.0` and Consul Helm `v0.32.0`,
-all Consul Service Mesh services will run with transparent proxy enabled by default. Running with transparent
-proxy will enforce all inbound and outbound traffic to go through the Envoy proxy.
-
-The service name registered in Consul will be set to the name of the Kubernetes service
-associated with the Pod. This can be customized with the `consul.hashicorp.com/connect-service`
-annotation. If using ACLs, this name must be the same as the Pod's `ServiceAccount` name.
+To establish a connection to the Pod using service mesh, a client must use another mesh proxy. The client mesh proxy will use Consul service discovery to find all available upstream proxies and their public ports.
+
+### Service names
+
+When the service is onboarded, the name registered in Consul is set to the name of the Kubernetes Service associated with the Pod. You can specify a custom name for the service in the [`consul.hashicorp.com/connect-service` annotation](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service), but if ACLs are enabled, then the name of the service registered in Consul must match the Pod's `ServiceAccount` name.
+
+### Transparent proxy mode
+
+By default, the Consul service mesh runs in transparent proxy mode. This mode forces inbound and outbound traffic through the sidecar proxy even though the service binds to all interfaces. Transparent proxy infers the location of upstream services using Consul service intentions, and also allows you to use Kubernetes DNS as you normally would for your workloads. 
+
+When transparent proxy mode is enabled, all service-to-service traffic is required to use mTLS. While onboarding new services to service mesh, your network may have mixed mTLS and non-mTLS traffic, which can result in broken service-to-service communication. You can temporarily enable permissive mTLS mode during the onboarding process so that existing mesh services can accept traffic from services that are not yet fully onboarded. Permissive mTLS enables sidecar proxies to access both mTLS and non-mTLS traffic. Refer to [Onboard mesh services in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for additional information.
 
 ### Connecting to Mesh-Enabled Services
 
diff --git a/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx b/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
new file mode 100644
index 000000000000..03636b044308
--- /dev/null
+++ b/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
@@ -0,0 +1,295 @@
+---
+layout: docs
+page_title: Onboard services in transparent proxy mode
+description: Learn how to enable permissive mutual transport layer security (permissive mTLS) so that you can safely add services to your service mesh when transparent proxy is enabled in Kubernetes deployments. 
+---
+
+# Onboard services while in transparent proxy mode
+
+This topic describes how to run Consul in permissive mTLS mode so that you can safely onboard existing applications to Consul service mesh when transparent proxy mode is enabled.
+
+## Background
+
+When [transparent proxy mode](/consul/docs/k8s/transparent-proxy/) is enabled, all service-to-service traffic is secured by mTLS. Until the services that you want to add to the network are fully onboarded, your network may have a mix of mTLS and non-mTLS traffic, which can result in broken service-to-service communication. This situation occurs because sidecar proxies for existing mesh services reject traffic from services that are not yet onboarded.
+
+You can enable the `permissive` mTLS mode to ensure existing non-mTLS service-to-service traffic is allowed during the onboarding phase. The `permissive` mTLS mode enables sidecar proxies to accept both mTLS and non-mTLS traffic to an application. Using this mode enables you to onboard without downtime and without being required to reconfigure or redeploy your application.
+
+We recommend enabling permissive mTLS as a temporary operating mode. After onboarding is complete, you should reconfigure all services to `strict` mTLS mode to ensure all service-to-service communication is automatically secured by Consul service mesh. 
+
+!> **Security warning**: We recommend that you disable permissive mTLS mode after onboarding services to prevent non-mTLS connections to the service. Intentions are not enforced and encryption is not enabled for non-mTLS connections.
+
+## Workflow
+
+The workflow to configure mTLS settings depends on the applications you are onboarding and the order you intend to onboard them, but the following steps describe the general workflow:
+
+1. **Configure global settings**: Configure the mesh to allow services to send non-mTLS messages to services outside the mesh. Additionally, configure the mesh to let services in the mesh use permissive mTLS mode.
+1. **Enable permissive mTLS mode**: If you are onboarding an upstream service prior to its related downstream services, then enable permissive mTLS mode in the service defaults configuration entry. This allows the upstream service to send encrypted messages from the mesh when you register the service with Consul.
+1. **Configure intentions**: Intentions are controls that authorize traffic between services in the mesh. Transparent proxy uses intentions to infer traffic routes between Envoy proxies. Consul does not enforce intentions for non-mTLS connections made while proxies are in permissive mTLS mode, but intentions are necessary for completing the onboarding process. 
+1. **Register the service**: Create the service definition and configure and deploy its sidecar proxy. 
+1. **Re-secure the mesh**: If you enabled permissive mTLS mode, switch back to strict mTLS mode and revert the global settings to disable non-mTLS traffic in the service mesh.
+
+## Requirements
+
+Permissive mTLS is only supported for services running in transparent proxy mode. Transparent proxy mode is only available on Kubernetes deployments.
+
+## Configure global settings
+
+Configure Consul to allow services that are already in the mesh to send non-mTLS messages to services outside the mesh. You can also Consul to allow services to run in permissive mTLS mode. Set both configurations in the mesh gateway configuration entry, which is the global configuration that defines service mesh proxy behavior.
+
+### Allow outgoing non-mTLS traffic
+
+You can configure a global setting that allows services in the mesh to send non-mTLS messages to services outside the mesh.
+
+Add the `MeshDestinationsOnly` property to the mesh configuration entry and set the property to `false`. If the services belong to multiple admin partitions, you must apply the setting in each partition:
+
+<CodeTabs heading="Allow non-mTLS traffic">
+
+```hcl
+Kind = "mesh"
+
+TransparentProxy {
+  MeshDestinationsOnly = false
+}
+```
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: Mesh
+metadata:
+  name: mesh
+spec:
+  allowEnablingPermissiveMutualTLS: true
+```
+
+```json
+{
+    "Kind": "mesh",
+    "TransparentProxy": [
+        {
+            "MeshDestinationsOnly": false
+        }
+    ]
+}
+```
+
+</CodeTabs>
+
+Alternatively, you can selectively allow outgoing traffic on a per-service basis by configuring [outbound port exclusions](/consul/docs/k8s/connect/transparent-proxy/enable-transparent-proxy#exclude-outbound-ports). This setting excludes outgoing traffic from traffic redirection imposed by transparent proxy. When changing this setting, you must redeploy your application.
+
+### Allow permissive mTLS modes for incoming traffic
+
+Set the `AllowEnablingPermissiveMutualTLS` parameter in the mesh configuration entry to `true` so that services in the mesh _are able_ to use permissive mTLS mode for incoming traffic. The parameter does not direct services to use permissive mTLS. It is a global parameter that allows services to run in permissive mTLS mode.
+
+<CodeTabs heading="Allow permissive mTLS mode">
+
+```hcl
+Kind = "mesh"
+
+AllowEnablingPermissiveMutualTLS = true
+TransparentProxy {
+  MeshDestinationsOnly = false
+}
+```
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: Mesh
+metadata:
+  name: mesh
+spec:
+  allowEnablingPermissiveMutualTLS: true
+  transparentProxy:
+    meshDestinationsOnly: false
+```
+
+
+```json
+{
+    "Kind": "mesh",
+    "AllowEnablingPermissiveMutualTLS": true,
+    "TransparentProxy": [
+        {
+            "MeshDestinationsOnly": false
+        }
+    ]
+}
+```
+
+</CodeTabs>
+
+You can change this setting back to `false` at any time, even if there are services currently running in permissive mode. Doing so allows you to decide at which point during the onboarding process to stop allowing services to use permissive mTLS. When the `MeshDestinationOnly` is set to `false`, you must configure all new services added to the mesh with  `MutualTLSMode=strict` for the Consul to securely route traffic throughout the mesh. 
+
+## Enable permissive mTLS mode 
+
+Depending on the services you are onboarding, you may not need to enable permissive mTLS mode. If the service does not accept incoming traffic or accepts traffic from downstream services that are already part of the service mesh, then permissive mTLS mode is not required to continue. 
+
+To enable permissive mTLS mode for the service, set [`MutualTLSMode=permissive`](/consul/docs/connect/config-entries/service-defaults#mutualtlsmode) in the service defaults configuration entry for the service. The following example shows how to configure this setting for a service named `example-service`.
+
+<CodeTabs heading="Enable permissive mTLS for applicable services">
+
+```hcl
+Kind      = "service-defaults"
+Name      = "example-service"
+
+MutualTLSMode = "permissive"
+```
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceDefaults
+metadata:
+  name: example-service
+spec:
+  mutualTLSMode: "permissive"
+```
+
+```json
+{
+    "Kind": "service-defaults",
+    "Name": "example-service",
+    "MutualTLSMode": "permissive"
+}
+```
+
+</CodeTabs>
+
+Refer to the [service defaults configuration reference](/consul/docs/connect/config-entries/service-defaults) for information about all settings.
+
+You can change this setting back to `strict` at any time to ensure mTLS is required for incoming traffic to this service.
+
+## Configure intentions
+
+Service intentions are mechanisms in Consul that control traffic between services in the mesh. 
+
+We recommend creating intentions that restrict services to accepting only necessary traffic. You must identify the downstream services that send messages to the service you want to add to the mesh and then create an intention to allow traffic to the service from its downstreams.
+
+When transparent proxy enabled and the `MutualTLSMode` parameter is set to `permissive`, incoming traffic from a downstream service to another upstream service is not secured by mTLS unless that upstream relationship is known to Consul. You must either define an intention so that Consul can infer the upstream relationship from the intention, or you must include an explicit upstream as part of the service definition for the downstream.
+
+Refer to [Service intentions](/consul/docs/connect/intentions) for additional information about how intentions work and how to create them.
+
+## Add the service to the mesh
+
+Register your service into the catalog and update your application to deploy a sidecar proxy. You should also monitor your service to verify its configuration. Refer to the [Consul on Kubernetes service mesh overview](/consul/docs/k8s/connect) for additional information.
+
+## Re-secure mesh traffic
+
+If the newly added service was placed in permissive mTLS mode for onboarding, then you should switch to strict mode when it is safe to do so. You should also revert the global settings that allow services to send and receive non-mTLS traffic.  
+
+### Disable permissive mTLS mode
+
+Configure the service to operate in strict mTLS mode after the service is no longer receiving incoming non-mTLS traffic. After the downstream services that send messages to this service are all onboarded to the mesh, this service should no longer receive non-mTLS traffic.
+
+Check the following Envoy listener statistics for the sidecar proxy to determine if the sidecar is receiving non-mTLS traffic: 
+
+- The `tcp.permissive_public_listener.*` statistics indicate non-mTLS traffic. If these metrics are static over a sufficient period of time, that indicates the sidecar is not receiving non-mTLS traffic.
+- The `tcp.public_listener.*` statistics indicate mTLS traffic. If incoming traffic is expected to this service and these statistics are changing, then the sidecar is receiving mTLS traffic.
+
+Refer to the [service mesh observability overview](/consul/docs/connect/observability) and [metrics configuration for Consul on Kubernetes documentation](/consul/docs/k8s/connect/observability/metrics) for additional information.
+
+If your service is still receiving non-mTLS traffic, complete the following steps to determine the source of the non-mTLS traffic:
+
+1. Verify the list of downstream services. Optionally, you can enable [Envoy access logging](/consul/docs/connect/observability/access-logs) to determine source IP addresses for incoming traffic, and cross-reference those IP addresses with services in your network.
+1. Verify that each downstream is onboarded to the service mesh. If a downstream is not onboarded, consider onboarding it next.
+1. Verify that each downstream has an intention that allows it to send traffic to the upstream service.
+
+After you determine it is safe to move the service to strict mode, set `MutualTLSMode=strict` in the service defaults configuration entry. 
+
+<CodeTabs heading="Enable strict mTLS mode for applicable services">
+
+```hcl
+Kind      = "service-defaults"
+Name      = "example-service"
+
+MutualTLSMode = "strict"
+```
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceDefaults
+metadata:
+  name: example-service
+spec:
+  mutualTLSMode: "strict"
+```
+
+```json
+{
+    "Kind": "service-defaults",
+    "MutualTLSMode": "strict",
+    "Name": "example-service"
+}
+```
+
+</CodeTabs>
+
+### Disable non-mTLS traffic
+
+After all services are onboarded, revert the global settings that allow non-mTLS traffic and verify that permissive mTLS mode is not being used in the mesh. 
+
+Set `AllowEnablingPermissiveMutualTLS=false` and `MeshDestinationsOnly=true` in the mesh config entry.
+
+<CodeTabs heading="Disable non-mTLS traffic">
+
+```hcl
+Kind = “mesh”
+
+AllowEnablingPermissiveMutualTLS = false
+TransparentProxy {
+  MeshDestinationsOnly = true
+}
+```
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: Mesh
+metadata:
+  name: mesh
+spec:
+  allowEnablingPermissiveMutualTLS: false
+  transparentProxy:
+    meshDestinationsOnly: true
+```
+
+
+```json
+{
+    "Kind": "mesh",
+    "AllowEnablingPermissiveMutualTLS": false,
+    "TransparentProxy": [
+        {
+            "MeshDestinationsOnly": true
+        }
+    ]
+}
+```
+
+</CodeTabs>
+
+For each namespace, admin partition, and datacenter in your Consul deployment, run the `consul config list` and `consul config read` commands to verify that no services are using `permissive` mTLS mode. 
+
+The following command returns any service defaults configuration entries that contain `'MutualTLSMode = "permissive"'`:
+
+```shell-session
+$ consul config list -kind service-defaults -filter 'MutualTLSMode == "permissive"'
+```
+
+ In each admin partition and datacenter, verify that `MutualTLSMode = "permissive"` is not set in the proxy defaults configuration entry . If `MutualTLSMode` is either empty or if the configuration entry is not found, then the mode is `strict` by default.
+ 
+ The following command fetches the proxy defaults configuration entry:
+
+```shell-session
+$ consul config read -kind proxy-defaults -name global
+{
+    "Kind": "proxy-defaults",
+    "Name": "global",
+    "Partition": "default",
+    "Namespace": "default",
+    "TransparentProxy": {},
+    "MutualTLSMode": "",
+    "MeshGateway": {},
+    "Expose": {},
+    "AccessLogs": {},
+    "CreateIndex": 26,
+    "ModifyIndex": 30
+}
+```
\ No newline at end of file
diff --git a/website/content/docs/connect/transparent-proxy.mdx b/website/content/docs/k8s/connect/transparent-proxy/enable-transparent-proxy.mdx
similarity index 81%
rename from website/content/docs/connect/transparent-proxy.mdx
rename to website/content/docs/k8s/connect/transparent-proxy/enable-transparent-proxy.mdx
index 59a00e65077e..7db6a6db0396 100644
--- a/website/content/docs/connect/transparent-proxy.mdx
+++ b/website/content/docs/k8s/connect/transparent-proxy/enable-transparent-proxy.mdx
@@ -1,37 +1,13 @@
 ---
 layout: docs
-page_title:  Service Mesh - Enable Transparent Proxy Mode
+page_title:  Enable transparent proxy mode
 description: >-
-  Learn how transparent proxy enables Consul on Kubernetes to direct inbound and outbound traffic through the service mesh. Use transparent proxying to increase application security without configuring individual upstream services.
+  Learn how to enable transparent proxy mode, which enables Consul on Kubernetes to direct inbound and outbound traffic through the service mesh and increase application security without configuring individual upstream services.
 ---
 
-# Enable Transparent Proxy Mode
+# Enable transparent proxy mode
 
-This topic describes how to use Consul’s transparent proxy feature, which allows applications to communicate through the service mesh without modifying their configurations. Transparent proxy also hardens application security by preventing direct inbound connections that bypass the mesh.
-
-## Introduction
-
-When transparent proxy is enabled, Consul is able to perform the following actions automatically:
-
-- Infer the location of upstream services using service intentions.
-- Redirect outbound connections that point to KubeDNS through the proxy.
-- Force traffic through the proxy to prevent unauthorized direct access to the application.
-
-The following diagram shows how transparent proxy routes traffic:
-
-![Diagram demonstrating that with transparent proxy, connections are automatically routed through the mesh](/img/consul-connect/with-transparent-proxy.png)
-
-When transparent proxy is disabled, you must manually specify the following configurations so that your applications can communicate with other services in the mesh:
-
-* Explicitly configure upstream services by specifying a local port to access them.
-* Change application to access `localhost:<chosen port>`.
-* Configure applications to only listen on the loopback interface to prevent unauthorized traffic from bypassing the mesh.
-
-The following diagram shows how traffic flows through the mesh without transparent proxy enabled:
-
-![Diagram demonstrating that without transparent proxy, applications must "opt in" to connecting to their dependencies through the mesh](/img/consul-connect/without-transparent-proxy.png)
-
-Transparent proxy is available for Kubernetes environments. As part of the integration with Kubernetes, Consul registers Kubernetes Services, injects sidecar proxies, and enables traffic redirection.
+This topic describes how to use transparent proxy mode in your service mesh. Transparent proxy allows applications to communicate through the service mesh without modifying their configurations. Transparent proxy also hardens application security by preventing direct inbound connections that bypass the mesh. Refer to [Transparent proxy overview](/consul/docs/k8s/connect/transparent-proxy) for additional information.
 
 ## Requirements
 
@@ -40,24 +16,20 @@ Your network must meet the following environment and software requirements to us
 * Transparent proxy is available for Kubernetes environments.
 * Consul 1.10.0+
 * Consul Helm chart 0.32.0+. If you want to use the Consul CNI plugin to redirect traffic, Helm chart 0.48.0+ is required. Refer to [Enable the Consul CNI plugin](#enable-the-consul-cni-plugin) for additional information.
-* [Service intentions](/consul/docs/connect/intentions) must be configured to allow communication between intended services.
+* You must create [service intentions](/consul/docs/connect/intentions) that explicitly allow communication between intended services so that Consul can infer upstream connections and use sidecar proxies to route messages appropriately.  
 * The `ip_tables` kernel module must be running on all worker nodes within a Kubernetes cluster. If you are using the `modprobe` Linux utility, for example, issue the following command:
 
   `$ modprobe ip_tables`
 
 ~> **Upgrading to a supported version**: Always follow the [proper upgrade path](/consul/docs/upgrading/upgrade-specific/#transparent-proxy-on-kubernetes) when upgrading to a supported version of Consul, Consul on Kubernetes (`consul-k8s`), and the Consul Helm chart.
 
-## Configuration
-
-This section describes how to configure the transparent proxy.
-
-### Enable transparent proxy
+## Enable transparent proxy
 
-You can enable the transparent proxy for an entire cluster, individual Kubernetes namespaces, and individual services.
+Transparent proxy mode is enabled for the entire cluster by default when you install Consul on Kubernetes using the Consul Helm chart. Refer to the [Consul Helm chart reference](/consul/docs/k8s/helm) for information about all default configurations. 
 
-When you install Consul using the Helm chart, transparent proxy is enabled for the entire cluster by default.
+You can explicitly enable transparent proxy for the entire cluster, individual namespaces, and individual services.
 
-#### Entire cluster
+### Entire cluster
 
 Use the `connectInject.transparentProxy.defaultEnabled` Helm value to enable or disable transparent proxy for the entire cluster:
 
@@ -67,14 +39,14 @@ connectInject:
     defaultEnabled: true
 ```
 
-#### Kubernetes namespace
+### Kubernetes namespace
 
 Apply the `consul.hashicorp.com/transparent-proxy=true` label to enable transparent proxy for a Kubernetes namespace. The label overrides the `connectInject.transparentProxy.defaultEnabled` Helm value and defines the default behavior of Pods in the namespace. The following example enables transparent proxy for Pods in the `my-app` namespace:
 
 ```bash
 kubectl label namespaces my-app "consul.hashicorp.com/transparent-proxy=true"
 ```
-#### Individual service
+### Individual service
 
 Apply the `consul.hashicorp.com/transparent-proxy=true` annotation to enable transparent proxy on the Pod for each service. The annotation overrides the Helm value and the namespace label. The following example enables transparent proxy for the `static-server` service:
 
@@ -126,7 +98,7 @@ spec:
       serviceAccountName: static-server
 ```
 
-### Enable the Consul CNI plugin
+## Enable the Consul CNI plugin
 
 By default, Consul generates a `connect-inject init` container as part of the Kubernetes Pod startup process. The container configures traffic redirection in the service mesh through the sidecar proxy. To configure redirection, the container requires elevated CAP_NET_ADMIN privileges, which may not be compatible with security policies in your organization.
 
@@ -134,7 +106,7 @@ Instead, you can enable the Consul container network interface (CNI) plugin to p
 
 The Consul Helm chart installs the CNI plugin, but it is disabled by default. Refer to the [instructions for enabling the CNI plugin](/consul/docs/k8s/installation/install#enable-the-consul-cni-plugin) in the Consul on Kubernetes installation documentation for additional information.
 
-### Traffic redirection
+## Traffic redirection
 
 There are two mechanisms for redirecting traffic through the sidecar proxies. By default, Consul injects an init container that redirects all inbound and outbound traffic. The default mechanism requires elevated permissions (CAP_NET_ADMIN) in order to redirect traffic to the service mesh.
 
@@ -142,7 +114,7 @@ Alternatively, you can enable the Consul CNI plugin to handle traffic redirectio
 
 Both mechanisms redirect all inbound and outbound traffic, but you can configure exceptions for specific Pods or groups of Pods. The following annotations enable you to exclude certain traffic from being redirected to sidecar proxies.
 
-#### Exclude inbound ports
+### Exclude inbound ports
 
 The [`consul.hashicorp.com/transparent-proxy-exclude-inbound-ports`](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-transparent-proxy-exclude-inbound-ports) annotation defines a comma-separated list of inbound ports to exclude from traffic redirection when running in transparent proxy mode. The port numbers are string data values. In the following example, services in the pod at port `8200` and `8201` are not redirected through the transparent proxy:
 
@@ -157,7 +129,7 @@ The [`consul.hashicorp.com/transparent-proxy-exclude-inbound-ports`](/consul/doc
 ```
 </CodeBlockConfig>
 
-#### Exclude outbound ports
+### Exclude outbound ports
 
 The [`consul.hashicorp.com/transparent-proxy-exclude-outbound-ports`](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-transparent-proxy-exclude-outbound-ports) annotation defines a comma-separated list of outbound ports to exclude from traffic redirection when running in transparent proxy mode. The port numbers are string data values. In the following example, services in the pod at port `8200` and `8201` are not redirected through the transparent proxy:
 
@@ -173,7 +145,7 @@ The [`consul.hashicorp.com/transparent-proxy-exclude-outbound-ports`](/consul/do
 
 </CodeBlockConfig>
 
-#### Exclude outbound CIDR blocks
+### Exclude outbound CIDR blocks
 
 The [`consul.hashicorp.com/transparent-proxy-exclude-outbound-cidrs`](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-transparent-proxy-exclude-outbound-cidrs) annotation
 defines a comma-separated list of outbound CIDR blocks to exclude from traffic redirection when running in transparent proxy mode. The CIDR blocks are string data values.
@@ -190,7 +162,7 @@ In the following example, services in the `3.3.3.3/24` IP range are not redirect
 ```
 </CodeBlockConfig>
 
-#### Exclude user IDs
+### Exclude user IDs
 
 The [`consul.hashicorp.com/transparent-proxy-exclude-uids`](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-transparent-proxy-exclude-uids) annotation
 defines a comma-separated list of additional user IDs to exclude from traffic redirection when running in transparent proxy mode. The user IDs are string data values.
@@ -208,20 +180,20 @@ In the following example, services with the IDs `4444 ` and `44444 ` are not red
 
 </CodeBlockConfig>
 
-### Kubernetes HTTP health probes configuration
+## Kubernetes HTTP health probes configuration
 
 By default, `connect-inject` is disabled. As a result, Consul on Kubernetes uses a mechanism for traffic redirection that interferes with [Kubernetes HTTP health
 probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). This is because probes expect the kubelet to reach the application container on the probe's endpoint. Instead, traffic is redirected through the sidecar proxy. As a result, health probes return errors because the kubelet does not encrypt that traffic using a mesh proxy.
 
 There are two methods for solving this issue. The first method is to set the `connectInject.transparentProxy.defaultOverwriteProbes` annotation to overwrite the Kubernetes HTTP health probes so that they point to the proxy. The second method is to [enable the Consul container network interface (CNI) plugin](#enable-the-consul-cni-plugin) to perform traffic redirection. Refer to the [Consul on Kubernetes installation instructions](/consul/docs/k8s/installation/install) for additional information.
 
-#### Overwrite Kubernetes HTTP health probes
+### Overwrite Kubernetes HTTP health probes
 
 You can either include the `connectInject.transparentProxy.defaultOverwriteProbes` Helm value to your command or add the `consul.hashicorp.com/transparent-proxy-overwrite-probes` Kubernetes annotation to your pod configuration to overwrite health probes.
 
 Refer to [Kubernetes Health Checks in Consul on Kubernetes](/consul/docs/k8s/connect/health) for additional information.
 
-### Dial services across Kubernetes cluster
+## Dial services across Kubernetes cluster
 
 If your [Consul servers are federated between Kubernetes clusters](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes),
 then you must configure services in one Kubernetes cluster to explicitly dial a service in the datacenter of another Kubernetes cluster using the
@@ -243,7 +215,7 @@ The following example configures the service to dial an upstream service called
 
 You do not need to configure services to explicitly dial upstream services if your Consul clusters are connected with a [peering connection](/consul/docs/connect/cluster-peering).
 
-## Usage
+## Configure service selectors
 
 When transparent proxy is enabled, traffic sent to [KubeDNS](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/)
 or Pod IP addresses is redirected through the proxy. You must use a selector to bind Kubernetes Services to Pods as you define Kubernetes Services in the mesh.
@@ -275,13 +247,13 @@ spec:
 
 Additional services can query the [KubeDNS](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/) at `sample-app.default.svc.cluster.local` to reach `sample-app`. If ACLs are enabled and configured with default `deny` policies, the configuration also requires a [`ServiceIntention`](/consul/docs/connect/config-entries/service-intentions) to allow it to talk to `sample-app`.
 
-### Headless Services
+### Headless services
 For services that are not addressed using a virtual cluster IP, you must configure the upstream service using the [DialedDirectly](/consul/docs/connect/config-entries/service-defaults#dialeddirectly) option. Then, use DNS to discover individual instance addresses and dial them through the transparent proxy. When this mode is enabled on the upstream, services present service mesh certificates for mTLS and intentions are enforced at the destination.
 
 Note that when dialing individual instances, Consul ignores the HTTP routing rules configured with configuration entries. The transparent proxy acts as a TCP proxy to the original destination IP address.
 
-## Known Limitations
+## Known limitations
 
 - Deployment configurations with federation across or a single datacenter spanning multiple clusters must explicitly dial a service in another datacenter or cluster using annotations.
 
-- When dialing headless services, the request is proxied using a plain TCP proxy. Consul does not take into consideration the upstream's protocol.
+- When dialing headless services, the request is proxied using a plain TCP proxy. Consul does not take into consideration the upstream's protocol.
\ No newline at end of file
diff --git a/website/content/docs/k8s/connect/transparent-proxy/index.mdx b/website/content/docs/k8s/connect/transparent-proxy/index.mdx
new file mode 100644
index 000000000000..78db657133f6
--- /dev/null
+++ b/website/content/docs/k8s/connect/transparent-proxy/index.mdx
@@ -0,0 +1,47 @@
+---
+layout: docs
+page_title:  Transparent proxy overview
+description: >-
+  Transparent proxy enables Consul on Kubernetes to direct inbound and outbound traffic through the service mesh. Learn how transparently proxying increases application security without configuring individual upstream services.
+---
+
+# Transparent proxy overview
+ 
+This topic provides overview information about transparent proxy mode, which allows applications to communicate through the service mesh without modifying their configurations. Transparent proxy also hardens application security by preventing direct inbound connections that bypass the mesh. 
+
+## Introduction
+
+When service mesh proxies are in transparent mode, Consul service mesh uses IPtables to direct all inbound and outbound traffic to the sidecar. Consul also uses information configured in service intentions to infer routes, which eliminates the need to explicitly configure upstreams.
+
+### Transparent proxy enabled
+
+The following diagram shows how Consul routes traffic when proxies are in transparent mode:
+
+![Diagram demonstrating that with transparent proxy, connections are automatically routed through the mesh](/img/consul-connect/with-transparent-proxy.png)
+
+### Transparent proxy disabled
+
+When transparent proxy mode is disabled, you must manually configure explicit upstreams, configure your applications to query for services at `localhost:<port>`, and configure applications to only listen on the loopback interface to prevent services from bypassing the mesh. 
+
+The following diagram shows how Consul routes traffic when transparent proxy mode is disabled:
+
+![Diagram demonstrating that without transparent proxy, applications must "opt in" to connecting to their dependencies through the mesh](/img/consul-connect/without-transparent-proxy.png)
+
+Transparent proxy is available for Kubernetes environments. As part of the integration with Kubernetes, Consul registers Kubernetes Services, injects sidecar proxies, and enables traffic redirection.
+
+## Supported networking architectures
+
+Transparent proxy mode enables several networking architectures and workflows. You can query Consul DNS to discover upstreams for single services, virtual services, and failover service instances that are in peered clusters. 
+
+Consul supports the following intra-datacenter connection types for discovering upstreams when transparent proxy mode is enabled:
+
+- KubeDNS lookups across WAN-federated datacenters
+- Consul DNS lookups across WAN-federated datacenters
+- KubeDNS lookups in peered clusters and admin partitions
+- Consul DNS lookups in peered clusters and admin partitions
+
+## Mutual TLS for transparent proxy mode
+
+Transparent proxy mode is enabled by default when you install Consul on Kubernetes using the Consul Helm chart. As a result, all services in the mesh must communicate through sidecar proxies, which enforce service intentions and mTLS encryption for the service mesh. While onboarding new services to service mesh, your network may have mixed mTLS and non-mTLS traffic, which can result in broken service-to-service communication. 
+
+You can temporarily enable permissive mTLS mode during the onboarding process so that existing mesh services can accept traffic from services that are not yet fully onboarded. Permissive mTLS enables sidecar proxies to access both mTLS and non-mTLS traffic. Refer to [Onboard mesh services in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for additional information.
diff --git a/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx b/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx
new file mode 100644
index 000000000000..6c76b6bd87ec
--- /dev/null
+++ b/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx
@@ -0,0 +1,124 @@
+--- 
+layout: docs
+page_title: Configure failover service instances
+description: Learn how to define failover services in Consul on Kubernetes when proxies are in transparent proxy mode. Consul can send traffic to backup service instances if a destination service becomes unhealthy or unresponsive. 
+--- 
+
+# Configure failover service instances
+
+This topic describes how to configure failover service instances in Consul on Kubernetes when proxies are in transparent proxy mode. If a service becomes unhealthy or unresponsive, Consul can use the service resolver configuration entry to send inbound requests to backup services. Service resolvers are part of the service mesh proxy upstream discovery chain. Refer to [Service mesh traffic management](/consul/docs/connect/l7-traffic) for additional information.
+
+## Overview
+
+Complete the following steps to configure failover service instances in Consul on Kubernetes when proxies are in transparent proxy mode:
+
+- Create a service resolver configuration entry
+- Create intentions that allow the downstream service to access the primary and failover service instances.
+- Configure your application to call the discovery chain using the Consul DNS or KubeDNS.
+
+## Requirements
+ 
+- `consul-k8s` v1.2.0-beta1 or newer.
+- Consul service mesh must be enabled. Refer to [How does Consul Service Mesh Work on Kubernetes](/consul/docs/k8s/connect).
+- Proxies must be configured to run in transparent proxy mode. 
+- To query virtual DNS names, you must use Consul DNS.
+- To query the discovery chain using KubeDNS, the service resolver must be in the same partition as the running service. 
+
+### ACL requirements
+
+The default ACLs that the Consul Helm chart configures are suitable for most cases, but if you have more complex security policies for Consul API access, refer to the [ACL documentation](/consul/docs/security/acl) for additional guidance. 
+
+## Create a service resolver configuration entry
+
+Specify the target failover in the [`spec.failover.targets`](/consul/docs/connect/config-entries/service-resolver#failover-targets-service) field in the service resolver configuration entry. In the following example, the `api-beta` service is configured to failover to the `api` service in any service subset:
+
+<CodeBlockConfig heading="api-beta-failover.yaml">
+
+```yaml
+apiversion: consul.hashicorp.com/v1alpha1
+kind: ServiceResolver
+metadata: 
+  name: api-beta
+spec:
+  failover:
+    '*':
+      targets:
+        - service: api
+```
+
+</CodeBlockConfig>
+
+Refer to the [service resolver configuration entry reference](/consul/docs/connect/config-entries/service-resolver) documentation for information about all service resolver configurations.
+
+You can apply the configuration using the `kubectl apply` command:
+
+```shell-session
+$ kubectl apply -f api-beta-failover.yaml
+```
+
+## Create service intentions 
+
+If intentions are not already defined, create and apply intentions that allow the appropriate downstream to access the target service and the failover service. In the following examples, the `frontend` service is allowed to send messages to the `api` service, which is allowed to send messages to the `api-beta` failover service.
+
+
+<CodeBlockConfig heading="frontend-api-api-beta-allow.yaml">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceIntentions
+metadata:
+  name: api
+spec:
+  destination:
+    name: api
+      sources:
+        - name: frontend
+     action: allow
+---
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceIntentions
+metadata:
+  name: api-beta
+spec:
+  destination:
+    name: api-beta
+      sources:
+   - name: frontend
+     action: allow
+```
+
+</CodeBlockConfig>
+
+Refer to the [service intentions configuration entry reference](/consul/docs/connect/config-entries/service-intentions) for additional information about configuring service intentions. 
+
+You can apply the configuration using the `kubectl apply` command:
+
+```shell-session
+$ kubectl apply -f frontend-api-api-beta-allow.yaml
+```
+
+## Configure your application to call the DNS
+
+Configure your application to contact the discovery chain in either the Consul DNS or the KubeDNS. 
+
+### Consul DNS
+
+You can query the Consul DNS using the `<service>.virtual.consul` lookup format. For Consul Enterprise, your query string may need to include the namespace, partition, or both. Refer to the [DNS documentation](/consul/docs/services/discovery/dns-static-lookups#service-virtual-ip-lookups) for details on building virtual service lookups.
+
+In the following example, the application queries the Consul catalog for `api-beta` over HTTP. By default, the lookup would query the `default` partition and `default` namespace if Consul Enterprise manages the network infrastructure:
+
+```text
+http://api-beta.virtual.consul/
+```
+
+### KubeDNS
+
+You can query the KubeDNS if the failover service is in the same Kubernetes cluster as the primary service. In the following example, the application queries KubeDNS for `api-beta` over HTTP:
+
+```text
+http://api-beta.<namespace>.svc.cluster.local
+```
+
+Note that you cannot use KubeDNS if a corresponding Kubernetes service and pod do not exist. 
+
+
diff --git a/website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx b/website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx
new file mode 100644
index 000000000000..c8951d356cf6
--- /dev/null
+++ b/website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx
@@ -0,0 +1,122 @@
+--- 
+layout: docs
+page_title: Route traffic to a virtual service
+description: Define virtual services in service resolver config entries so that Consul on Kubernetes can route traffic to virtual services when transparent proxy mode is enabled for Envoy proxies.  
+---
+
+# Route traffic to a virtual service
+
+This topic describes how to define virtual services so that Consul on Kubernetes can route traffic to virtual services when transparent proxy mode is enabled for Envoy proxies. 
+
+## Overview
+
+You can define virtual services in service resolver configuration entries so that downstream applications can send requests to a virtual service using a Consul DNS name in peered clusters. Your applications can send requests to virtual services in the same cluster using KubeDNS. Service resolvers are part of the service mesh proxy upstream discovery chain. Refer to [Service mesh traffic management](/consul/docs/connect/l7-traffic) for additional information.
+
+Complete the following steps to configure failover service instances in Consul on Kubernetes when proxies are in transparent proxy mode:
+
+1. Create a service resolver configuration entry.
+1. Create intentions that allow the downstream service to access the real service and the virtual service.
+1. Configure your application to call the discovery chain using the Consul DNS or KubeDNS.
+
+## Requirements
+ 
+- `consul-k8s` v1.2.0-beta1 or newer.
+- Consul service mesh must be enabled. Refer to [How does Consul service mesh work on Kubernetes](/consul/docs/k8s/connect).
+- Proxies must be configured to run in transparent proxy mode. 
+- To query virtual DNS names, you must use Consul DNS.
+- To query the discovery chain using KubeDNS, the service resolver must be in the same partition as the running service. 
+
+### ACL requirements
+
+The default ACLs that the Consul Helm chart configures are suitable for most cases, but if you have more complex security policies for Consul API access, refer to the [ACL documentation](/consul/docs/security/acl) for additional guidance. 
+
+## Create a service resolver configuration entry
+
+Specify the target failover in the [`spec.redirect.service`](/consul/docs/connect/config-entries/service-resolver#spec-redirect-service) field in the service resolver configuration entry. In the following example, the `virtual-api` service is configured to redirect to the `real-api`:
+
+<CodeBlockConfig heading="virtual-api-redirect.yaml">
+
+```yaml
+apiversion: consul.hashicorp.com/v1alpha1
+kind: ServiceResolver
+metadata:
+ name: virtual-api
+spec:
+ redirect:
+   service: real-api
+```
+
+</CodeBlockConfig>
+
+Refer to the [service resolver configuration entry reference](/consul/docs/connect/config-entries/service-resolver) documentation for information about all service resolver configurations.
+
+You can apply the configuration using the `kubectl apply` command:
+
+```shell-session
+$ kubectl apply -f virtual-api-redirect.yaml
+```
+
+## Create service intentions 
+
+If intentions are not already defined, create and apply intentions that allow the appropriate downstream to access the real service and the target redirect service. In the following examples, the `frontend` service is allowed to send messages to the `virtual-api` and `real-api` services:
+
+
+<CodeBlockConfig heading="frontend-api-api-beta-allow.yaml">
+
+```yaml
+apiversion: consul.hashicorp.com/v1alpha1
+kind: ServiceIntentions
+metadata:
+ name: virtual-api
+spec:
+ destination:
+   name: virtual-api
+ sources:
+   - name: frontend
+     action: allow
+---
+apiversion: consul.hashicorp.com/v1alpha1
+kind: ServiceIntentions
+metadata:
+ name: real-api
+spec:
+ destination:
+   name: real-api
+ sources:
+   - name: frontend
+     action: allow
+```
+
+</CodeBlockConfig>
+
+Refer to the [service intentions configuration entry reference](/consul/docs/connect/config-entries/service-intentions) for additional information about configuring service intentions. 
+
+You can apply the configuration using the `kubectl apply` command:
+
+```shell-session
+$ kubectl apply -f frontend-api-api-beta-allow.yaml
+```
+
+## Configure your application to call the DNS
+
+Configure your application to contact the discovery chain in either the Consul DNS or the KubeDNS. 
+
+### Consul DNS
+
+You can query the Consul DNS using the `<service>.virtual.consul` lookup format. For Consul Enterprise, your query string may need to include the namespace, partition, or both. Refer to the [DNS documentation](/consul/docs/services/discovery/dns-static-lookups#service-virtual-ip-lookups) for details on building virtual service lookups.
+
+In the following example, the application queries the Consul catalog for `virtual-api` over HTTP. By default, the lookup would query the `default` partition and `default` namespace if Consul Enterprise manages the network infrastructure:
+
+```text
+http://virtual-api.virtual.consul/
+```
+
+### KubeDNS
+
+You can query the KubeDNS if the real and virtual services are in the same Kubernetes cluster by specifying the name of the service. In the following example, the application queries KubeDNS for `virtual-api` over HTTP:
+
+```text
+http://virtual-api.<namespace>.svc.cluster.local
+```
+
+Note that you cannot use KubeDNS if a corresponding Kubernetes service and pod do not exist. 
\ No newline at end of file
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index e8f3ce7d597e..20335f715b0e 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -559,10 +559,6 @@
           }
         ]
       },
-      {
-        "title": "Transparent Proxy",
-        "path": "connect/transparent-proxy"
-      },
       {
         "title": "Observability",
         "routes": [
@@ -729,6 +725,45 @@
           }
         ]
       },
+      {
+        "title": "Failover",
+        "routes": [
+          {
+            "title": "Overview",
+            "path": "connect/failover"
+          },
+          {
+            "title": "Usage",
+            "routes": [
+              {
+                "title": "Configure failover services for Kubernetes",
+                "href": "/docs/k8s/l7-traffic/failover-tproxy"
+              },
+              {
+                "title": "Automate geo-failover with prepared queries",
+                "href": "/tutorials/developer-discovery/automate-geo-failover"
+              }
+            ]
+          },
+          {
+            "title": "Configuration",
+            "routes": [
+              {
+                "title": "Sameness groups",
+                "href": "/consul/docs/connect/config-entries/service-resolver"
+              },
+              {
+                "title": "Service resolver",
+                "href": "/consul/docs/connect/config-entries/service-resolver"
+              },
+              {
+                "title": "Service intentions",
+                "href": "/consul/docs/connect/config-entries/service-intentions"
+              }
+            ]
+          }
+        ]
+      },
       {
         "title": "Nomad",
         "path": "connect/nomad"
@@ -1222,7 +1257,24 @@
           },
           {
             "title": "Transparent Proxy",
-            "href": "/docs/connect/transparent-proxy"
+            "routes": [
+              {
+                "title": "Overview",
+                "path": "k8s/connect/transparent-proxy"
+              },
+              {
+                "title": "Enable transparent proxy",
+                "path": "k8s/connect/transparent-proxy/enable-transparent-proxy"
+              },
+              {
+                "title": "Route traffic to virtual services",
+                "href": "/docs/k8s/l7-traffic/route-to-virtual-services"
+              }
+            ]
+          },
+          {
+            "title": "Onboarding services in transparent proxy mode",
+            "path": "k8s/connect/onboarding-tproxy-mode"
           },
           {
             "title": "Ingress Gateways",
@@ -1255,6 +1307,23 @@
           }
         ]
       },
+      {
+        "title": "L7 traffic management",
+        "routes": [
+          {
+            "title": "Overview",
+            "href": "/docs/connect/l7-traffic"
+          },
+          {
+            "title": "Configure failover services",
+            "path": "k8s/l7-traffic/failover-tproxy"
+          },
+          {
+            "title": "Route traffic to virtual services",
+            "path": "k8s/l7-traffic/route-to-virtual-services"
+          }
+        ]
+      },
       {
         "title": "Service Sync",
         "path": "k8s/service-sync"

From b1d3ec0cdbd39ecdb84f9bbeb64693ad2197f0fd Mon Sep 17 00:00:00 2001
From: Bryce Kalow <bkalow@hashicorp.com>
Date: Mon, 12 Jun 2023 09:20:29 -0500
Subject: [PATCH 012/359] Delete check-legacy-links-format.yml (#17647)

---
 .../workflows/check-legacy-links-format.yml   | 20 -------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 .github/workflows/check-legacy-links-format.yml

diff --git a/.github/workflows/check-legacy-links-format.yml b/.github/workflows/check-legacy-links-format.yml
deleted file mode 100644
index 85dbb0e70f2e..000000000000
--- a/.github/workflows/check-legacy-links-format.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-name: Legacy Link Format Checker
-
-on:
-  push:
-    paths:
-      - "website/content/**/*.mdx"
-      - "website/data/*-nav-data.json"
-
-jobs:
-  check-links:
-    uses: hashicorp/dev-portal/.github/workflows/docs-content-check-legacy-links-format.yml@475289345d312552b745224b46895f51cc5fc490
-    with:
-      repo-owner: "hashicorp"
-      repo-name: "consul"
-      commit-sha: ${{ github.sha }}
-      mdx-directory: "website/content"
-      nav-data-directory: "website/data"

From 809c188b341e1076c495d7125f8ced09678a4c4f Mon Sep 17 00:00:00 2001
From: Paul Glass <pglass@hashicorp.com>
Date: Mon, 12 Jun 2023 10:11:36 -0500
Subject: [PATCH 013/359] docs: Reference doc updates for permissive mTLS
 settings (#17371)

* Reference doc updates for permissive mTLS settings
* Document config entry filtering
* Fix minor doc errors (double slashes in link url paths)

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 website/content/api-docs/config.mdx           |  1 +
 website/content/commands/config/list.mdx      | 10 +++++
 .../docs/connect/config-entries/mesh.mdx      |  6 +++
 .../connect/config-entries/proxy-defaults.mdx | 17 +++++++++
 .../config-entries/service-defaults.mdx       | 37 ++++++++++++++++++-
 .../docs/release-notes/consul/v1_13_x.mdx     |  4 +-
 .../services/discovery/dns-configuration.mdx  | 24 ++++++------
 7 files changed, 83 insertions(+), 16 deletions(-)

diff --git a/website/content/api-docs/config.mdx b/website/content/api-docs/config.mdx
index 96e6a7b4de77..a79e024fa46f 100644
--- a/website/content/api-docs/config.mdx
+++ b/website/content/api-docs/config.mdx
@@ -215,6 +215,7 @@ The corresponding CLI command is [`consul config list`](/consul/commands/config/
 ### Path Parameters
 
 - `kind` `(string: <required>)` - Specifies the kind of the entry to list.
+- `filter` `(string: "")` - Specifies an expression to use for filtering the results.
 
 ### Query Parameters
 
diff --git a/website/content/commands/config/list.mdx b/website/content/commands/config/list.mdx
index 1a70af178725..e453b1194319 100644
--- a/website/content/commands/config/list.mdx
+++ b/website/content/commands/config/list.mdx
@@ -44,6 +44,7 @@ Usage: `consul config list [options]`
 #### Command Options
 
 - `-kind` - Specifies the kind of the config entry to list.
+- `-filter` - Specifies an expression to use for filtering the results.
 
 #### Enterprise Options
 
@@ -57,7 +58,16 @@ Usage: `consul config list [options]`
 
 ## Examples
 
+To list all service-defaults config entries:
+
     $ consul config list -kind service-defaults
     billing
     db
     web
+
+The following lists service-defaults with a filter expression:
+
+    $ consul config list -kind service-defaults -filter 'MutualTLSMode == "permissive"'
+    db
+    web
+
diff --git a/website/content/docs/connect/config-entries/mesh.mdx b/website/content/docs/connect/config-entries/mesh.mdx
index f65ed6162287..a323a6d90f17 100644
--- a/website/content/docs/connect/config-entries/mesh.mdx
+++ b/website/content/docs/connect/config-entries/mesh.mdx
@@ -338,6 +338,12 @@ Note that the Kubernetes example does not include a `partition` field. Configura
         },
       ],
     },
+    {
+      name: 'AllowEnablingPermissiveMutualTLS',
+      type: 'bool: false',
+      description:
+        'Controls whether `MutualTLSMode=permissive` can be set in the `proxy-defaults` and `service-defaults` configuration entries. '
+    },
     {
       name: 'TLS',
       type: 'TLSConfig: <optional>',
diff --git a/website/content/docs/connect/config-entries/proxy-defaults.mdx b/website/content/docs/connect/config-entries/proxy-defaults.mdx
index 917bc0504494..1d94a79389b6 100644
--- a/website/content/docs/connect/config-entries/proxy-defaults.mdx
+++ b/website/content/docs/connect/config-entries/proxy-defaults.mdx
@@ -53,6 +53,7 @@ TransparentProxy {
   OutboundListenerPort = <port the proxy should listen on for outbound traffic>
   DialedDirectly       = <true if proxy instances should be dialed directly>
 }
+MutualTLSMode = "<mutual TLS mode for all proxies>"
 MeshGateway {
   Mode = "<name of mesh gateway configuration for all proxies>"
 }
@@ -92,6 +93,7 @@ spec:
   transparentProxy:
     outboundListenerPort: <port the proxy should listen on for outbound traffic>
     dialedDirectly: <true if proxy instances should be dialed directly>
+  mutualTLSMode: <mutual TLS mode for all proxies>
   meshGateway:
     mode: <name of mesh gateway configuration for all proxies>
   expose:
@@ -120,6 +122,7 @@ spec:
   "Config": {
     "<arbitrary string key>": <arbitrary value>
   },
+  "MutualTLSMode": "<mutual TLS mode for all proxies>",
   "Mode": "<name of proxy mode>",
   "TransparentProxy": {
     "OutboundListenerPort": <port the proxy should listen on for outbound traffic>,
@@ -175,6 +178,7 @@ TransparentProxy {
   OutboundListenerPort = <port the proxy should listen on for outbound traffic>
   DialedDirectly       = <true if proxy instances should be dialed directly>
 }
+MutualTLSMode = "<mutual TLS mode for all proxies>"
 MeshGateway {
   Mode = "<name of mesh gateway configuration for all proxies>"
 }
@@ -215,6 +219,7 @@ spec:
   transparentProxy:
     outboundListenerPort: <port the proxy should listen on for outbound traffic>
     dialedDirectly: <true if proxy instances should be dialed directly>
+  mutualTLSMode: <mutual TLS mode for all proxies>
   meshGateway:
     mode: <name of mesh gateway configuration for all proxies>
   expose:
@@ -249,6 +254,7 @@ spec:
     "OutboundListenerPort": <port the proxy should listen on for outbound traffic>,
     "DialedDirectly": <true if proxy instances should be dialed directly>
   },
+  "MutualTLSMode": "<mutual TLS mode for all proxies>",
   "MeshGateway": {
     "Mode": = "<name of mesh gateway configuration for all proxies>"
   },
@@ -405,6 +411,17 @@ spec:
         },
       ],
     },
+    {
+      name: 'MutualTLSMode',
+      type: 'string: ""',
+      description: `Controls the default mutual TLS mode for all proxies. This setting is only
+                    supported for services with transparent proxy enabled. One of \`""\`, \`strict\`, or \`permissive\`.
+                    When unset or \`""\`, the mode defaults to \`strict\`. When set to \`strict\`, the sidecar proxy
+                    requires mutual TLS for incoming traffic. When set to \`permissive\`, the sidecar proxy accepts
+                    mutual TLS traffic on the sidecar proxy service port and accepts any traffic on the destination
+                    service port. We recommend only using \`permissive\` mode if necessary while onboarding services to
+                    the service mesh. `,
+    },
     {
       name: 'MeshGateway',
       type: 'MeshGatewayConfig: <optional>',
diff --git a/website/content/docs/connect/config-entries/service-defaults.mdx b/website/content/docs/connect/config-entries/service-defaults.mdx
index 000b63246c4e..507176506f4f 100644
--- a/website/content/docs/connect/config-entries/service-defaults.mdx
+++ b/website/content/docs/connect/config-entries/service-defaults.mdx
@@ -10,7 +10,7 @@ This topic describes how to configure service defaults configuration entries. Th
 
 ## Configuration model
 
-The following outline shows how to format the service splitter configuration entry. Click on a property name to view details about the configuration.
+The following outline shows how to format the service defaults configuration entry. Click on a property name to view details about the configuration.
 
 <Tabs>
 <Tab heading="HCL and JSON" group="hcl">
@@ -58,6 +58,7 @@ The following outline shows how to format the service splitter configuration ent
 - [`TransparentProxy`](#transparentproxy): map | no default
   - [`OutboundListenerPort`](#transparentproxy): integer | `15001`
   - [`DialedDirectly`](#transparentproxy  ): boolean | `false`
+- [`MutualTLSMode`](#mutualtlsmode): string | `""`
 - [`EnvoyExtensions`](#envoyextensions): list | no default
   - [`Name`](#envoyextensions): string | `""`
   - [`Required`](#envoyextensions): string | `""`
@@ -126,6 +127,7 @@ The following outline shows how to format the service splitter configuration ent
   - [`transparentProxy`](#transparentproxy): map | no default
     - [`outboundListenerPort`](#transparentproxy): integer | `15001`
     - [`dialedDirectly`](#transparentproxy): boolean | `false`
+  - [`mutualTLSMode`](#mutualtlsmode): string | `""`
   - [`envoyExtensions`](#envoyextensions): list | no default
     - [`name`](#envoyextensions): string | `""`
     - [`required`](#envoyextensions): string | `""`
@@ -152,7 +154,7 @@ The following outline shows how to format the service splitter configuration ent
 
 ## Complete configuration
 
-When every field is defined, a service splitter configuration entry has the following form: 
+When every field is defined, a service-defaults configuration entry has the following form:
 
 <Tabs>
 <Tab heading="HCL" group="hcl">
@@ -213,6 +215,7 @@ TransparentProxy = {
   OutboundListenerPort = 15002
   DialedDirectly       = true
 }
+MutualTLSMode = "strict"
 Destination = {
   Addresses = [
     "First IP address",
@@ -288,6 +291,7 @@ spec:
   transparentProxy:
     outboundListenerPort: 15001
     dialedDirectly: false
+  mutualTLSMode: strict
   destination:
     addresses:
     - <First hostname or IP address>
@@ -370,6 +374,7 @@ spec:
       "outboundListenerPort": 15001,
       "dialedDirectly": false
     },
+    "mutualTLSMode": "strict",
     "destination": {
       "addresses": [
         "<First hostname or IP address>",
@@ -697,6 +702,19 @@ You can configure the following parameters in the `TransparentProxy` block:
 | `OutboundListenerPort` | Specifies the port that the proxy listens on for outbound traffic. This must be the same port number where outbound application traffic is redirected. | integer | `15001` |
 | `DialedDirectly` | Enables transparent proxies to dial the proxy instance's IP address directly when set to `true`. Transparent proxies commonly dial upstreams at the `"virtual"` tagged address, which load balances across instances. Dialing individual instances can be helpful for stateful services, such as a database cluster with a leader. | boolean | `false` |
 
+### `MutualTLSMode`
+
+Controls whether mutual TLS is required for incoming connections to this service. This setting is
+only supported for services with transparent proxy enabled. We recommend only using `permissive`
+mode if necessary while onboarding services to the service mesh.
+
+You can specify the following string values for the `MutualTLSMode` field:
+
+- `""`: When this field is empty, the value is inherited from the `proxy-defaults` config entry.
+- `strict`: The sidecar proxy requires mutual TLS for incoming traffic.
+- `permissive`: The sidecar proxy accepts mutual TLS traffic on the sidecar proxy service port,
+  and accepts any traffic on the destination service's port.
+
 ### `EnvoyExtensions`
 
 List of extensions to modify Envoy proxy configuration. Refer to [Envoy Extensions](/consul/docs/connect/proxies/envoy-extensions) for additional information.  
@@ -1089,6 +1107,21 @@ You can configure the following parameters in the `TransparentProxy` block:
 | `outboundListenerPort` | Specifies the port that the proxy listens on for outbound traffic. This must be the same port number where outbound application traffic is redirected. | integer | `15001` |
 | `dialedDirectly` | Enables transparent proxies to dial the proxy instance's IP address directly when set to `true`. Transparent proxies commonly dial upstreams at the `"virtual"` tagged address, which load balances across instances. Dialing individual instances can be helpful for stateful services, such as a database cluster with a leader. | boolean | `false` |
 
+### `spec.mutualTLSMode`
+
+Controls whether mutual TLS is required for incoming connections to this service. This setting is
+only supported for services with transparent proxy enabled. We recommend only using `permissive`
+mode if necessary while onboarding services to the service mesh.
+
+#### Values
+
+You can specify the following string values for the `MutualTLSMode` field:
+
+- `""`: When this field is empty, the value is inherited from the `proxy-defaults` config entry.
+- `strict`: The sidecar proxy requires mutual TLS for incoming traffic.
+- `permissive`: The sidecar proxy accepts mutual TLS traffic on the sidecar proxy service port,
+  and accepts any traffic on the destination service's port.
+
 ### `spec.envoyExtensions`
 
 List of extensions to modify Envoy proxy configuration. Refer to [Envoy Extensions](/consul/docs/connect/proxies/envoy-extensions) for additional information.
diff --git a/website/content/docs/release-notes/consul/v1_13_x.mdx b/website/content/docs/release-notes/consul/v1_13_x.mdx
index dd3f7cfe3090..f0c4f586a906 100644
--- a/website/content/docs/release-notes/consul/v1_13_x.mdx
+++ b/website/content/docs/release-notes/consul/v1_13_x.mdx
@@ -15,7 +15,7 @@ description: >-
 
 - **Enables TLS on the Envoy Prometheus endpoint**: The Envoy prometheus endpoint can be enabled when `envoy_prometheus_bind_addr` is set and then secured over TLS using new CLI flags for the `consul connect envoy` command. These commands are: `-prometheus-ca-file`, `-prometheus-ca-path`, `-prometheus-cert-file` and `-prometheus-key-file`. The CA, cert, and key can be provided to Envoy by a Kubernetes mounted volume so that Envoy can watch the files and dynamically reload the certs when the volume is updated.
 
-- **UDP Health Checks**: Adds the ability to register service discovery health checks that periodically send UDP datagrams to the specified IP/hostname and port. Refer to [UDP checks](/consul/docs//services/usage/checks#udp-checks).
+- **UDP Health Checks**: Adds the ability to register service discovery health checks that periodically send UDP datagrams to the specified IP/hostname and port. Refer to [UDP checks](/consul/docs/services/usage/checks#udp-checks).
 
 ## What's Changed
 
@@ -46,4 +46,4 @@ The changelogs for this major release version and any maintenance versions are l
 - [1.13.3](https://github.com/hashicorp/consul/releases/tag/v1.13.3)
 - [1.13.4](https://github.com/hashicorp/consul/releases/tag/v1.13.4)
 - [1.13.5](https://github.com/hashicorp/consul/releases/tag/v1.13.5)
-- [1.13.6](https://github.com/hashicorp/consul/releases/tag/v1.13.6)
\ No newline at end of file
+- [1.13.6](https://github.com/hashicorp/consul/releases/tag/v1.13.6)
diff --git a/website/content/docs/services/discovery/dns-configuration.mdx b/website/content/docs/services/discovery/dns-configuration.mdx
index 794be43a206a..0a10edecdd9d 100644
--- a/website/content/docs/services/discovery/dns-configuration.mdx
+++ b/website/content/docs/services/discovery/dns-configuration.mdx
@@ -1,7 +1,7 @@
 ---
 layout: docs
-page_title: Configure Consul DNS behavior 
-description: -> 
+page_title: Configure Consul DNS behavior
+description: ->
     Learn how to modify the default DNS behavior so that services and nodes can easily discover other services and nodes in your network.
 ---
 
@@ -12,29 +12,29 @@ This topic describes the default behavior of the Consul DNS functionality and ho
 ## Introduction
 The Consul DNS is the primary interface for querying records when Consul service mesh is disabled and your network runs in a non-Kubernetes environment. The DNS enables you to look up services and nodes registered with Consul using terminal commands instead of making HTTP API requests to Consul. Refer to the [Discover Consul Nodes and Services Overview](/consul/docs/services/discovery/dns-overview) for additional information.
 
-## Configure DNS behaviors 
+## Configure DNS behaviors
 By default, the Consul DNS listens for queries at `127.0.0.1:8600` and uses the `consul` domain. Specify the following parameters in the agent configuration to determine DNS behavior when querying services:
 
 - [`client_addr`](/consul/docs/agent/config/config-files#client_addr)
 - [`ports.dns`](/consul/docs/agent/config/config-files#dns_port)
 - [`recursors`](/consul/docs/agent/config/config-files#recursors)
-- [`domain`](/consul/docs/agent/config/config-files#domain) 
+- [`domain`](/consul/docs/agent/config/config-files#domain)
 - [`alt_domain`](/consul/docs/agent/config/config-files#alt_domain)
-- [`dns_config`](/consul/docs/agent/config/config-files#dns_config) 
+- [`dns_config`](/consul/docs/agent/config/config-files#dns_config)
 
 ### Configure WAN address translation
 By default, Consul DNS queries return a node's local address, even when being queried from a remote datacenter. You can configure the DNS to reach a node from outside its datacenter by specifying the address in the following configuration fields in the Consul agent:
 
-- [advertise-wan](/consul/docs/agent/config/cli-flags#_advertise-wan) 
-- [translate_wan_addrs](/consul//docs/agent/config/config-files#translate_wan_addrs) 
+- [advertise-wan](/consul/docs/agent/config/cli-flags#_advertise-wan)
+- [translate_wan_addrs](/consul/docs/agent/config/config-files#translate_wan_addrs)
 
 ### Use a custom DNS resolver library
 You can specify a list of addresses in the agent's [`recursors`](/consul/docs/agent/config/config-files#recursors) field to provide upstream DNS servers that recursively resolve queries that are outside the service domain for Consul.
- 
-Nodes that query records outside the `consul.` domain resolve to an upstream DNS. You can specify IP addresses or use `go-sockaddr` templates. Consul resolves IP addresses in the specified order and ignores duplicates. 
+
+Nodes that query records outside the `consul.` domain resolve to an upstream DNS. You can specify IP addresses or use `go-sockaddr` templates. Consul resolves IP addresses in the specified order and ignores duplicates.
 
 ### Enable non-Consul queries
-You enable non-Consul queries to be resolved by setting Consul as the DNS server for a node and providing a [`recursors`](/consul/docs/agent/config/config-files#recursors) configuration. 
+You enable non-Consul queries to be resolved by setting Consul as the DNS server for a node and providing a [`recursors`](/consul/docs/agent/config/config-files#recursors) configuration.
 
 ### Forward queries to an agent
 You can forward all queries sent to the `consul.` domain from the existing DNS server to a Consul agent. Refer to [Forward DNS for Consul Service Discovery](/consul/tutorials/networking/dns-forwarding) for instructions.
@@ -42,7 +42,7 @@ You can forward all queries sent to the `consul.` domain from the existing DNS s
 ### Query an alternate domain
 By default, Consul responds to DNS queries in the `consul` domain, but you can set a specific domain for responding to DNS queries by configuring the [`domain`](/consul/docs/agent/config/config-files#domain) parameter.
 
-You can also specify an additional domain in the [`alt_domain`](/consul/docs/agent/config/config-files#alt_domain) agent configuration option, which configures Consul to respond to queries in a secondary domain. Configuring an alternate domain may be useful during a DNS migration or to distinguish between internal and external queries, for example. 
+You can also specify an additional domain in the [`alt_domain`](/consul/docs/agent/config/config-files#alt_domain) agent configuration option, which configures Consul to respond to queries in a secondary domain. Configuring an alternate domain may be useful during a DNS migration or to distinguish between internal and external queries, for example.
 
 Consul's DNS response uses the same domain as the query.
 
@@ -62,7 +62,7 @@ machine.node.dc1.test-domain. 0 IN  A 127.0.0.1
 machine.node.dc1.test-domain. 0 IN  TXT "consul-network-segment="
 ```
 #### PTR queries
-Responses to pointer record (PTR) queries, such as `<ip>.in-addr.arpa.`, always use the [primary domain](/consul/docs/agent/config/config-files#domain) and not the alternative domain. 
+Responses to pointer record (PTR) queries, such as `<ip>.in-addr.arpa.`, always use the [primary domain](/consul/docs/agent/config/config-files#domain) and not the alternative domain.
 
 ### Caching
 By default, DNS results served by Consul are not cached. Refer to the [DNS Caching tutorial](/consul/tutorials/networking/dns-caching) for instructions on how to enable caching.

From baaf6d84c749f7abb7b99d895c39b677647e87cd Mon Sep 17 00:00:00 2001
From: Matt Keeler <mkeeler@users.noreply.github.com>
Date: Mon, 12 Jun 2023 11:32:43 -0400
Subject: [PATCH 014/359] Add generic experiments configuration and use it to
 enable catalog v2 resources (#17604)

* Add generic experiments configuration and use it to enable catalog v2 resources

* Run formatting with -s as CI will validate that this has been done
---
 GNUmakefile                                     |  2 +-
 agent/config/builder.go                         |  1 +
 agent/config/config.go                          |  1 +
 agent/config/default.go                         |  3 +++
 agent/config/runtime.go                         |  3 +++
 agent/config/runtime_test.go                    |  2 ++
 .../testdata/TestRuntimeConfig_Sanitize.golden  |  1 +
 agent/config/testdata/full-config.hcl           |  3 +++
 agent/config/testdata/full-config.json          | 17 ++++++++++-------
 agent/consul/options.go                         |  2 ++
 agent/consul/server.go                          | 16 +++++++++++-----
 agent/setup.go                                  |  1 +
 12 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/GNUmakefile b/GNUmakefile
index e874fa0eb706..3443b71db7b7 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -337,7 +337,7 @@ fmt: $(foreach mod,$(GO_MODULES),fmt/$(mod))
 .PHONY: fmt/%
 fmt/%:
 	@echo "--> Running go fmt ($*)"
-	@cd $* && go fmt ./...
+	@cd $* && gofmt -s -l -w .
 
 .PHONY: lint
 lint: $(foreach mod,$(GO_MODULES),lint/$(mod)) lint-container-test-deps
diff --git a/agent/config/builder.go b/agent/config/builder.go
index 063771b0f7d0..665688b8c864 100644
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@@ -828,6 +828,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 		Version:                    stringVal(c.Version),
 		VersionPrerelease:          stringVal(c.VersionPrerelease),
 		VersionMetadata:            stringVal(c.VersionMetadata),
+		Experiments:                c.Experiments,
 		// What is a sensible default for BuildDate?
 		BuildDate: timeValWithDefault(c.BuildDate, time.Date(1970, 1, 00, 00, 00, 01, 0, time.UTC)),
 
diff --git a/agent/config/config.go b/agent/config/config.go
index d8d7149afebf..8917a60858d6 100644
--- a/agent/config/config.go
+++ b/agent/config/config.go
@@ -183,6 +183,7 @@ type Config struct {
 	EncryptKey                       *string             `mapstructure:"encrypt" json:"encrypt,omitempty"`
 	EncryptVerifyIncoming            *bool               `mapstructure:"encrypt_verify_incoming" json:"encrypt_verify_incoming,omitempty"`
 	EncryptVerifyOutgoing            *bool               `mapstructure:"encrypt_verify_outgoing" json:"encrypt_verify_outgoing,omitempty"`
+	Experiments                      []string            `mapstructure:"experiments" json:"experiments,omitempty"`
 	GossipLAN                        GossipLANConfig     `mapstructure:"gossip_lan" json:"-"`
 	GossipWAN                        GossipWANConfig     `mapstructure:"gossip_wan" json:"-"`
 	HTTPConfig                       HTTPConfig          `mapstructure:"http_config" json:"-"`
diff --git a/agent/config/default.go b/agent/config/default.go
index 3af8d0867d4c..536ac7ac3340 100644
--- a/agent/config/default.go
+++ b/agent/config/default.go
@@ -209,6 +209,9 @@ func DevSource() Source {
 		ports = {
 			grpc = 8502
 		}
+		experiments = [
+			"resource-apis"
+		]
 	`,
 	}
 }
diff --git a/agent/config/runtime.go b/agent/config/runtime.go
index dca9abe0e7f9..1a8dc13794d3 100644
--- a/agent/config/runtime.go
+++ b/agent/config/runtime.go
@@ -1498,6 +1498,9 @@ type RuntimeConfig struct {
 
 	Reporting ReportingConfig
 
+	// List of experiments to enable
+	Experiments []string
+
 	EnterpriseRuntimeConfig
 }
 
diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go
index 3b1a77b2cb95..c1cd85ac502f 100644
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@@ -325,6 +325,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.DisableAnonymousSignature = true
 			rt.DisableKeyringFile = true
 			rt.EnableDebug = true
+			rt.Experiments = []string{"resource-apis"}
 			rt.UIConfig.Enabled = true
 			rt.LeaveOnTerm = false
 			rt.Logging.LogLevel = "DEBUG"
@@ -6355,6 +6356,7 @@ func TestLoad_FullConfig(t *testing.T) {
 		EnableRemoteScriptChecks:         true,
 		EnableLocalScriptChecks:          true,
 		EncryptKey:                       "A4wELWqH",
+		Experiments:                      []string{"foo"},
 		StaticRuntimeConfig: StaticRuntimeConfig{
 			EncryptVerifyIncoming: true,
 			EncryptVerifyOutgoing: true,
diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden
index 334f5f8c8ff5..b6ee9a98129f 100644
--- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden
+++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden
@@ -199,6 +199,7 @@
     "EnableRemoteScriptChecks": false,
     "EncryptKey": "hidden",
     "EnterpriseRuntimeConfig": {},
+    "Experiments": [],
     "ExposeMaxPort": 0,
     "ExposeMinPort": 0,
     "GRPCAddrs": [],
diff --git a/agent/config/testdata/full-config.hcl b/agent/config/testdata/full-config.hcl
index 660e1036086d..6029d2ea2e6b 100644
--- a/agent/config/testdata/full-config.hcl
+++ b/agent/config/testdata/full-config.hcl
@@ -285,6 +285,9 @@ enable_syslog = true
 encrypt = "A4wELWqH"
 encrypt_verify_incoming = true
 encrypt_verify_outgoing = true
+experiments = [
+    "foo"
+]
 http_config {
     block_endpoints = [ "RBvAFcGD", "fWOWFznh" ]
     allow_write_http_from = [ "127.0.0.1/8", "22.33.44.55/32", "0.0.0.0/0" ]
diff --git a/agent/config/testdata/full-config.json b/agent/config/testdata/full-config.json
index 52dab37bfa53..cd407d3e5dae 100644
--- a/agent/config/testdata/full-config.json
+++ b/agent/config/testdata/full-config.json
@@ -327,6 +327,9 @@
   "encrypt": "A4wELWqH",
   "encrypt_verify_incoming": true,
   "encrypt_verify_outgoing": true,
+  "experiments": [
+    "foo"
+  ],
   "http_config": {
     "block_endpoints": [
       "RBvAFcGD",
@@ -407,17 +410,17 @@
   "raft_snapshot_interval": "30s",
   "raft_trailing_logs": 83749,
   "raft_logstore": {
-    "backend" : "wal",
-    "disable_log_cache":  true,
+    "backend": "wal",
+    "disable_log_cache": true,
     "verification": {
-        "enabled": true,
-        "interval":"12345s"
+      "enabled": true,
+      "interval": "12345s"
     },
     "boltdb": {
-        "no_freelist_sync": true
+      "no_freelist_sync": true
     },
     "wal": {
-       "segment_size_mb": 15
+      "segment_size_mb": 15
     }
   },
   "read_replica": true,
@@ -927,4 +930,4 @@
   "xds": {
     "update_max_per_second": 9526.2
   }
-}
+}
\ No newline at end of file
diff --git a/agent/consul/options.go b/agent/consul/options.go
index ac6bfc41065b..26cb2471a89b 100644
--- a/agent/consul/options.go
+++ b/agent/consul/options.go
@@ -39,6 +39,8 @@ type Deps struct {
 	// HCP contains the dependencies required when integrating with the HashiCorp Cloud Platform
 	HCP hcp.Deps
 
+	Experiments []string
+
 	EnterpriseDeps
 }
 
diff --git a/agent/consul/server.go b/agent/consul/server.go
index 418db2da1ffe..6bb424c67535 100644
--- a/agent/consul/server.go
+++ b/agent/consul/server.go
@@ -79,6 +79,7 @@ import (
 	raftstorage "github.com/hashicorp/consul/internal/storage/raft"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/lib/routine"
+	"github.com/hashicorp/consul/lib/stringslice"
 	"github.com/hashicorp/consul/logging"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/pbsubscribe"
@@ -131,6 +132,8 @@ const (
 	reconcileChSize = 256
 
 	LeaderTransferMinVersion = "1.6.0"
+
+	catalogResourceExperimentName = "resource-apis"
 )
 
 const (
@@ -807,7 +810,7 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 		s.internalResourceServiceClient,
 		logger.Named(logging.ControllerRuntime),
 	)
-	s.registerResources()
+	s.registerResources(flat)
 	go s.controllerManager.Run(&lib.StopChannelContext{StopCh: shutdownCh})
 
 	go s.trackLeaderChanges()
@@ -858,11 +861,14 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 	return s, nil
 }
 
-func (s *Server) registerResources() {
-	catalog.RegisterTypes(s.typeRegistry)
-	catalog.RegisterControllers(s.controllerManager, catalog.DefaultControllerDependencies())
+func (s *Server) registerResources(deps Deps) {
+	if stringslice.Contains(deps.Experiments, catalogResourceExperimentName) {
+		catalog.RegisterTypes(s.typeRegistry)
+		catalog.RegisterControllers(s.controllerManager, catalog.DefaultControllerDependencies())
+
+		mesh.RegisterTypes(s.typeRegistry)
+	}
 
-	mesh.RegisterTypes(s.typeRegistry)
 	reaper.RegisterControllers(s.controllerManager)
 
 	if s.config.DevMode {
diff --git a/agent/setup.go b/agent/setup.go
index fba5c2b5dd6c..6a9efb5f7442 100644
--- a/agent/setup.go
+++ b/agent/setup.go
@@ -73,6 +73,7 @@ func NewBaseDeps(configLoader ConfigLoader, logOut io.Writer, providedLogger hcl
 		return d, err
 	}
 	d.WatchedFiles = result.WatchedFiles
+	d.Experiments = result.RuntimeConfig.Experiments
 	cfg := result.RuntimeConfig
 	logConf := cfg.Logging
 	logConf.Name = logging.Agent

From 1074252361949b02fe6d43c744dfcecb8a23613e Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Mon, 12 Jun 2023 12:06:04 -0400
Subject: [PATCH 015/359] api-gateway: stop adding all header filters to
 virtual host when generating xDS (#17644)

* Add header filter to api-gateway xDS golden test

* Stop adding all header filters to virtual host when generating xDS for api-gateway

* Regenerate xDS golden file for api-gateway w/ header filter
---
 agent/xds/resources_test.go                   | 13 +++++
 agent/xds/routes.go                           | 12 -----
 ...route-and-inline-certificate.latest.golden | 51 +++++++++++++------
 3 files changed, 48 insertions(+), 28 deletions(-)

diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go
index 4687c4a7d637..29743c060bfd 100644
--- a/agent/xds/resources_test.go
+++ b/agent/xds/resources_test.go
@@ -415,6 +415,19 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
 						Kind: structs.HTTPRoute,
 						Name: "route",
 						Rules: []structs.HTTPRouteRule{{
+							Filters: structs.HTTPFilters{
+								Headers: []structs.HTTPHeaderFilter{
+									{
+										Add: map[string]string{
+											"X-Header-Add": "added",
+										},
+										Set: map[string]string{
+											"X-Header-Set": "set",
+										},
+										Remove: []string{"X-Header-Remove"},
+									},
+								},
+							},
 							Services: []structs.HTTPService{{
 								Name: "service",
 							}},
diff --git a/agent/xds/routes.go b/agent/xds/routes.go
index dbd74f511ed0..a86747a9c080 100644
--- a/agent/xds/routes.go
+++ b/agent/xds/routes.go
@@ -477,8 +477,6 @@ func (s *ResourceGenerator) routesForAPIGateway(cfgSnap *proxycfg.ConfigSnapshot
 				return nil, err
 			}
 
-			addHeaderFiltersToVirtualHost(&reformatedRoute, virtualHost)
-
 			defaultRoute.VirtualHosts = append(defaultRoute.VirtualHosts, virtualHost)
 		}
 
@@ -1097,16 +1095,6 @@ func injectHeaderManipToRoute(dest *structs.ServiceRouteDestination, r *envoy_ro
 	return nil
 }
 
-func addHeaderFiltersToVirtualHost(dest *structs.HTTPRouteConfigEntry, vh *envoy_route_v3.VirtualHost) {
-	for _, rule := range dest.Rules {
-		for _, header := range rule.Filters.Headers {
-			vh.RequestHeadersToAdd = append(vh.RequestHeadersToAdd, makeHeadersValueOptions(header.Add, true)...)
-			vh.RequestHeadersToAdd = append(vh.RequestHeadersToAdd, makeHeadersValueOptions(header.Set, false)...)
-			vh.RequestHeadersToRemove = append(vh.RequestHeadersToRemove, header.Remove...)
-		}
-	}
-}
-
 func injectHeaderManipToVirtualHost(dest *structs.IngressService, vh *envoy_route_v3.VirtualHost) error {
 	if !dest.RequestHeaders.IsZero() {
 		vh.RequestHeadersToAdd = append(
diff --git a/agent/xds/testdata/routes/api-gateway-with-http-route-and-inline-certificate.latest.golden b/agent/xds/testdata/routes/api-gateway-with-http-route-and-inline-certificate.latest.golden
index 6abc6f2946b4..a1669268ec4e 100644
--- a/agent/xds/testdata/routes/api-gateway-with-http-route-and-inline-certificate.latest.golden
+++ b/agent/xds/testdata/routes/api-gateway-with-http-route-and-inline-certificate.latest.golden
@@ -1,31 +1,50 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name":  "8080",
-      "virtualHosts":  [
+      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name": "8080",
+      "virtualHosts": [
         {
-          "name":  "api-gateway-listener-9b9265b",
-          "domains":  [
+          "name": "api-gateway-listener-9b9265b",
+          "domains": [
             "*",
             "*:8080"
           ],
-          "routes":  [
+          "routes": [
             {
-              "match":  {
-                "prefix":  "/"
+              "match": {
+                "prefix": "/"
               },
-              "route":  {
-                "cluster":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
+              "route": {
+                "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              },
+              "requestHeadersToAdd": [
+                {
+                  "header": {
+                    "key": "X-Header-Add",
+                    "value": "added"
+                  },
+                  "append": true
+                },
+                {
+                  "header": {
+                    "key": "X-Header-Set",
+                    "value": "set"
+                  },
+                  "append": false
+                }
+              ],
+              "requestHeadersToRemove": [
+                "X-Header-Remove"
+              ]
             }
           ]
         }
       ],
-      "validateClusters":  true
+      "validateClusters": true
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce": "00000001"
 }
\ No newline at end of file

From f8d3721885e2a1bbf0a078b5940b340197853081 Mon Sep 17 00:00:00 2001
From: Poonam Jadhav <poonam.jadhav@hashicorp.com>
Date: Mon, 12 Jun 2023 12:07:43 -0400
Subject: [PATCH 016/359] fix: add agent info reporting log (#17654)

---
 command/agent/agent.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/command/agent/agent.go b/command/agent/agent.go
index c2d0dcea0962..c241fa2b7bc8 100644
--- a/command/agent/agent.go
+++ b/command/agent/agent.go
@@ -231,6 +231,9 @@ func (c *cmd) run(args []string) int {
 	ui.Info(fmt.Sprintf(" Gossip Encryption: %t", config.EncryptKey != ""))
 	ui.Info(fmt.Sprintf("  Auto-Encrypt-TLS: %t", config.AutoEncryptTLS || config.AutoEncryptAllowTLS))
 	ui.Info(fmt.Sprintf("       ACL Enabled: %t", config.ACLsEnabled))
+	if config.ServerMode {
+		ui.Info(fmt.Sprintf(" Reporting Enabled: %t", config.Reporting.License.Enabled))
+	}
 	ui.Info(fmt.Sprintf("ACL Default Policy: %s", config.ACLResolverSettings.ACLDefaultPolicy))
 	ui.Info(fmt.Sprintf("         HTTPS TLS: Verify Incoming: %t, Verify Outgoing: %t, Min Version: %s",
 		config.TLS.HTTPS.VerifyIncoming, config.TLS.HTTPS.VerifyOutgoing, config.TLS.HTTPS.TLSMinVersion))

From 862e78f063b40db49d1160690b092a6e9afa5888 Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Mon, 12 Jun 2023 10:30:04 -0700
Subject: [PATCH 017/359] Add new Consul 1.16 docs (#17651)

* Merge pull request #5773 from hashicorp/docs/rate-limiting-from-ip-addresses-1.16

updated docs for rate limiting for IP addresses - 1.16

* Merge pull request #5609 from hashicorp/docs/enterprise-utilization-reporting

Add docs for enterprise utilization reporting

* Merge pull request #5734 from hashicorp/docs/envoy-ext-1.16

Docs/envoy ext 1.16

* Merge pull request #5773 from hashicorp/docs/rate-limiting-from-ip-addresses-1.16

updated docs for rate limiting for IP addresses - 1.16

* Merge pull request #5609 from hashicorp/docs/enterprise-utilization-reporting

Add docs for enterprise utilization reporting

* Merge pull request #5734 from hashicorp/docs/envoy-ext-1.16

Docs/envoy ext 1.16

* fix build errors

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 .../docs/agent/config/config-files.mdx        |   4 +
 website/content/docs/agent/config/index.mdx   |   1 +
 website/content/docs/agent/limits/index.mdx   |  49 +-
 .../limits/set-global-traffic-rate-limits.mdx | 114 ---
 .../limits/{ => usage}/init-rate-limits.mdx   |   9 +-
 .../usage/limit-request-rates-from-ips.mdx    |  66 ++
 .../limits/usage/monitor-rate-limits.mdx      |  77 ++
 .../usage/set-global-traffic-rate-limits.mdx  |  62 ++
 .../control-plane-request-limit.mdx           | 224 ++++++
 .../configuration/ext-authz.mdx               | 726 ++++++++++++++++++
 .../configuration/property-override.mdx       | 273 +++++++
 .../envoy-extensions/configuration/wasm.mdx   | 484 ++++++++++++
 .../proxies/envoy-extensions/index.mdx        |  23 +-
 .../envoy-extensions/usage/ext-authz.mdx      | 147 ++++
 .../usage/property-override.mdx               | 203 +++++
 .../proxies/envoy-extensions/usage/wasm.mdx   | 191 +++++
 .../license/utilization-reporting.mdx         | 168 ++++
 .../partials/envoy_ext_rule_matcher.mdx       |   9 +
 website/data/docs-nav-data.json               |  93 ++-
 19 files changed, 2765 insertions(+), 158 deletions(-)
 delete mode 100644 website/content/docs/agent/limits/set-global-traffic-rate-limits.mdx
 rename website/content/docs/agent/limits/{ => usage}/init-rate-limits.mdx (68%)
 create mode 100644 website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
 create mode 100644 website/content/docs/agent/limits/usage/monitor-rate-limits.mdx
 create mode 100644 website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
 create mode 100644 website/content/docs/connect/config-entries/control-plane-request-limit.mdx
 create mode 100644 website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
 create mode 100644 website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
 create mode 100644 website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
 create mode 100644 website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
 create mode 100644 website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
 create mode 100644 website/content/docs/connect/proxies/envoy-extensions/usage/wasm.mdx
 create mode 100644 website/content/docs/enterprise/license/utilization-reporting.mdx
 create mode 100644 website/content/partials/envoy_ext_rule_matcher.mdx

diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx
index 6e50cbb44abe..4183a5a7d213 100644
--- a/website/content/docs/agent/config/config-files.mdx
+++ b/website/content/docs/agent/config/config-files.mdx
@@ -711,6 +711,10 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
     servers in all federated datacenters must have this enabled before any client can use
     [`use_streaming_backend`](#use_streaming_backend).
 
+- `reporting`<EnterpriseAlert inline /> - This option allows options for HashiCorp reporting.
+    - `license` - The license object allows users to control automatic reporting of license utilization metrics to HashiCorp.
+      - `enabled`: (Defaults to `true`) Enables automatic license utilization reporting.
+
 - `segment` <EnterpriseAlert inline /> - Equivalent to the [`-segment` command-line flag](/consul/docs/agent/config/cli-flags#_segment).
 
   ~> **Warning:** The `segment` option cannot be used with the [`partition`](#partition-1) option.
diff --git a/website/content/docs/agent/config/index.mdx b/website/content/docs/agent/config/index.mdx
index 0ea4a030fb7f..c620ef72e05a 100644
--- a/website/content/docs/agent/config/index.mdx
+++ b/website/content/docs/agent/config/index.mdx
@@ -73,6 +73,7 @@ The following agent configuration options are reloadable at runtime:
     them without a restart provides a recovery path that doesn't involve
     downtime. They generally shouldn't be changed otherwise.
 - [RPC rate limits](/consul/docs/agent/config/config-files#limits)
+- [Reporting](/consul/docs/agent/config/config-files#reporting)
 - [HTTP Maximum Connections per Client](/consul/docs/agent/config/config-files#http_max_conns_per_client)
 - Services
 - TLS Configuration
diff --git a/website/content/docs/agent/limits/index.mdx b/website/content/docs/agent/limits/index.mdx
index ffa259cfd672..0d12f1127a9e 100644
--- a/website/content/docs/agent/limits/index.mdx
+++ b/website/content/docs/agent/limits/index.mdx
@@ -2,32 +2,51 @@
 layout: docs
 page_title: Limit Traffic Rates Overview
 description: Rate limiting is a set of Consul server agent configurations that you can use to mitigate the risks to Consul servers when clients send excessive requests to Consul resources. 
-
 ---
 
 # Traffic rate limiting overview
 
-This topic provides an overview of the rates limits you can configure for Consul servers.
+
+This topic provides overview information about the traffic rates limits you can configure for Consul datacenters. 
 
 ## Introduction
-You can configure global RPC rate limits to mitigate the risks to Consul servers when clients send excessive read or write requests to Consul resources. A _read request_ is defined as any request that does not modify Consul internal state. A _write request_ is defined as any request that modifies Consul internal state. Rate limits for read and write requests are configured separately.
 
-## Rate limit modes
+Configuring rate limits on RPC and gRPC traffic mitigates the risks to Consul servers when client agents or services send excessive read or write requests to Consul resources. A _read_ request is defined as any request that does not modify Consul internal state. A _write_ request is defined as any request that modifies Consul internal state. Configure read and write request limits independently.
+
+## Workflow 
+
+You can set global limits on the rate of read and write requests that affect individual servers in the datacenter. You can set limits for all source IP addresses, which enables you to specify a budget for read and write requests to prevent any single source IP from overwhelming the Consul server and negatively affecting the network. The following steps describe the general process for setting global read and write rate limits:
+
+1. Set arbitrary limits to begin understanding the upper boundary of RPC and gRPC loads in your network. Refer to [Initialize rate limit settings](/consul/docs/agent/limits/usage/init-rate-limits) for additional information.    
 
-You can set one of the following modes to determine how Consul servers react when exceeding request limits.
- 
-- **Enforcing mode**: The rate limiter denies requests to a server once they exceed the configured rate. In this mode, Consul generates metrics and logs to help you understand your network's load and configure limits accordingly. 
-- **Permissive mode**: The rate limiter allows requests to a server once they exceed the configured rate. In this mode, Consul generates metrics and logs to help you understand your Consul load and configure limits accordingly. Use this mode to help you debug specific issues as you configure limits.
-- **Disabled mode**: Disables the rate limiter. This mode allows all requests Consul does not generate logs or metrics. This is the default mode. 
+1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limit-data)  
 
-Refer to [`rate_limits`](/consul/docs/agent/config/config-files#request_limits) for additional configuration information.
+1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/agent/limits/usage/set-global-rate-limits) for additional information. For information about setting limits based on source IP, refer to [Limit traffic rates for a source IP](/consul/docs/agent/limits/usage/set-source-ip-rate-limits).
 
-## Request denials
+### Order of operations
 
-When an HTTP request is denied for rate limiting reason, Consul returns one of the following errors:
+You can define request rate limits in the agent configuration and in the control plane request limit configuration entry. The configuration entry also supports rate limit configurations for Consul resources. Consul perfroms the following order of operations when determing request rate limits:
 
-- **429 Resource Exhausted**: Indicates that a server is not able to perform the request but that another server could potentially fulfill it. This error is most common on stale reads because any server may fulfill stale read requests. To resolve this type of error,  we recommend immediately retrying the request to another server. If the request came from a Consul client agent, the agent automatically retries the request up to the limit set in the [`rpc_hold_timeout`](/consul/docs/agent/config/config-files#rpc_hold_timeout) configuration .
+1. Parse request.
+1. Does the request reach a global server limit?
+   - No: Proceed to the next stage.
+   - Yes: Return an error that the requested resource has been exhausted.
+1. Does the request reach a limit associated with its source IP address?
+   - No: Proceed to the next stage.
+   - Yes: Return an error that the requested resource has been exhausted.
+1. Resolve the Consul Enterprise metadata.
+1. Does the request reach a limit associated with the source partition?
+   - No: Proceed to the next stage.
+   - Yes: Return an error that the requested resource has been exhausted.
+1. Does the request reach a limit associated with the source namespace?
+   - No: Proceed to the next stage.
+   - Yes: Return an error that the requested resource has been exhausted.
+1. Resolve the ACL identity associated with the request.
+1. Does the request reach a limit associated with its identity?
+   - No: Proceed to the next stage.
+   - Yes: Return an error that the requested resource has been exhausted.
+1. Handle the request.
 
-- **503 Service Unavailable**: Indicates that server is unable to perform the request and that no other server can fulfill the request, either. This usually occurs on consistent reads or for writes. In this case we recommend retrying according to an exponential backoff schedule. If the request came from a Consul client agent, the agent automatically retries the request according to the [`rpc_hold_timeout`](/consul/docs/agent/config/config-files#rpc_hold_timeout) configuration. 
+## Kubernetes
 
-Refer to [Rate limit reached on the server](/consul/docs/troubleshoot/common-errors#rate-limit-reached-on-the-server) for additional information.
\ No newline at end of file
+To define global rate limits, configure the `request_limits` settings in the Consul Helm chart. Refer to the [Helm chart reference](/consul/docs/k8s/helm) for additional information. Refer to the [control plane request limit configuration entry reference](/consul/docs/connect/config-entries/control-plane-request-limit) for information about applying a CRD for limiting traffic rates from source IPs. 
\ No newline at end of file
diff --git a/website/content/docs/agent/limits/set-global-traffic-rate-limits.mdx b/website/content/docs/agent/limits/set-global-traffic-rate-limits.mdx
deleted file mode 100644
index 5d4fc43df02f..000000000000
--- a/website/content/docs/agent/limits/set-global-traffic-rate-limits.mdx
+++ /dev/null
@@ -1,114 +0,0 @@
----
-layout: docs
-page_title: Set a Global Limit on Traffic Rates
-description: Use global rate limits to prevent excessive rates of requests to Consul servers.
----
-
-# Set a global limit on traffic rates
-
-This topic describes how to configure rate limits for RPC and gRPC traffic to the Consul server. 
-
-## Introduction 
-
-Rate limits apply to each Consul server separately and limit the number of read requests or write requests to the server on the RPC and internal gRPC endpoints.
-
-Because all requests coming to a Consul server eventually perform an RPC or an internal gRPC request, global rate limits apply to Consul's user interfaces, such as the HTTP API interface, the CLI, and the external gRPC endpoint for services in the service mesh.
-
-Refer to [Initialize Rate Limit Settings](/consul/docs/agent/limits/init-rate-limits) for additional information about right-sizing your gRPC request configurations. 
-
-## Set a global rate limit for a Consul server   
-
-Configure the following settings in your Consul server configuration to limit the RPC and gRPC traffic rates.
-
-- Set the rate limiter [`mode`](/consul/docs/agent/config/config-files#mode-1)
-- Set the [`read_rate`](/consul/docs/agent/config/config-files#read_rate) 
-- Set the [`write_rate`](/consul/docs/agent/config/config-files#write_rate)
-
-In the following example, the Consul server is configured to prevent more than `500` read and `200` write RPC calls:
-
-<CodeTabs heading="Consul server agent">
-
-```hcl
-limits = {
-    rate_limit = {
-        mode = "enforcing"
-        read_rate = 500
-        write_rate = 200
-    }
-}
-```
-
-```json
-{
-    "limits" : {
-        "rate_limit" : {
-            "mode" : "enforcing",
-            "read_rate" : 500,
-            "write_rate" : 200
-        }
-    }
-}
-
-```
-
-</CodeTabs>
-
-## Access rate limit logs 
-
-Consul prints a log line for each rate limit request. The log includes information to identify the source of the request and the server's configured limit. Consul prints to `DEBUG` log level, and can be configured to drop log lines to avoid affecting the server health. Dropping a log line increments the `rpc.rate_limit.log_dropped` metric.
-
-The following example log shows that RPC request from `127.0.0.1:53562` to `KVS.Apply` exceeded the rate limit:
-
-<CodeBlockConfig hideClipboard>
-
-```shell-session
-2023-02-17T10:01:15.565-0500 [DEBUG] agent.server.rpc-rate-limit: RPC 
-exceeded allowed rate limit: rpc=KVS.Apply source_addr=127.0.0.1:53562 
-limit_type=global/write limit_enforced=false
-```
-</CodeBlockConfig>
-
-## Review rate limit metrics
-
-Consul captures the following metrics associated with rate limits:
-
-- Type of limit
-- Operation
-- Rate limit mode
-
-Call the `agent/metrics` API endpoint to view the metrics associated with rate limits. Refer to [View Metrics](/consul/api-docs/agent#view-metrics) for API usage information. 
-
-In the following example, Consul dropped a call to the `consul` service because it exceeded the limit by one call:
-
-```shell-session
-$ curl http://127.0.0.1:8500/v1/agent/metrics
-{
-  . . .  
-  "Counters": [
-    {
-      "Name": "consul.rpc.rate_limit.exceeded",
-      "Count": 1,
-      "Sum": 1,
-      "Min": 1,
-      "Max": 1,
-      "Mean": 1,
-      "Stddev": 0,
-      "Labels": {
-        "service": "consul"
-      }
-    },
-    {
-      "Name": "consul.rpc.rate_limit.log_dropped",
-      "Count": 1,
-      "Sum": 1,
-      "Min": 1,
-      "Max": 1,
-      "Mean": 1,
-      "Stddev": 0,
-      "Labels": {}
-    }
-  ],
-  . . .
-```
-
-Refer to [Telemetry](/consul/docs/agent/telemetry) for additional information.
diff --git a/website/content/docs/agent/limits/init-rate-limits.mdx b/website/content/docs/agent/limits/usage/init-rate-limits.mdx
similarity index 68%
rename from website/content/docs/agent/limits/init-rate-limits.mdx
rename to website/content/docs/agent/limits/usage/init-rate-limits.mdx
index 7dbabbe6c72a..e90aaf77af22 100644
--- a/website/content/docs/agent/limits/init-rate-limits.mdx
+++ b/website/content/docs/agent/limits/usage/init-rate-limits.mdx
@@ -1,6 +1,6 @@
 ---
 layout: docs
-page_title: Initialize Rate Limit Settings
+page_title: Initialize rate limit settings
 description: Learn how to determine regular and peak loads in your network so that you can set the initial global rate limit configurations.
 ---
 
@@ -14,7 +14,7 @@ Because each network has different needs and application, you need to find out w
     - Number of servers and the projected load
     - Existing metrics expressing requests per second
 
-1. Set the `mode` to `permissive`. In the following example, the configuration allows up to 1000 reads and 500 writes per second for each Consul agent:
+1. Set the [`limits.request_limits.mode`](/consul/docs/agent/config/config-files#mode-1) parameter in the agent configuration to `permissive`. In the following example, the configuration allows up to 1000 reads and 500 writes per second for each Consul agent:
 
     ```hcl
     request_limits { 
@@ -22,9 +22,8 @@ Because each network has different needs and application, you need to find out w
 	    read_rate = 1000.0
 	    write_rate = 500.0
     }
-    ```
-
-1. Observe the logs and metrics for your application's typical cycle, such as a 24 hour period. Refer to [`log_file`](/consul/docs/agent/config/config-files#log_file) for information about where to retrieve logs. Call the [`/agent/metrics`](/consul/api-docs/agent#view-metrics) HTTP API endpoint and check the data for the following metrics:  
+    ``` 
+1. Observe the logs and metrics for your application's typical cycle, such as a 24 hour period. Refer to [Monitor traffic rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limit) for additional information. Call the [`/agent/metrics`](/consul/api-docs/agent#view-metrics) HTTP API endpoint and check the data for the following metrics:  
 
     - `rpc.rate_limit.exceeded` with value `global/read` for label `limit_type`
     - `rpc.rate_limit.exceeded` with value `global/write` for label `limit_type`
diff --git a/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx b/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
new file mode 100644
index 000000000000..c074d3007af7
--- /dev/null
+++ b/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
@@ -0,0 +1,66 @@
+---
+layout: docs
+page_title: Limit traffic rates for a source IP address
+description: Learn how to set read and request rate limits on RPC and gRPC traffic from all source IP addresses to a Consul resource.
+---
+
+# Limit traffic rates from source IP addresses 
+
+This topic describes how to configure RPC and gRPC traffic rate limits for source IP addresses. This enables you to specify a budget for read and write requests to prevent any single source IP from overwhelming the Consul server and negatively affecting the network. For information about setting global traffic rate limits, refer to [Set a global limit on traffic rates](/consul/docs/agent/limits/usage/set-glogal-traffic-rate-limits). For an overview of Consul's server rate limiting capabilities, refer to [Limit traffic rates overview](/consul/docs/agent/limits/overview). 
+
+## Overview
+
+You can set limits on the rate of read and write requests from source IP addresses to specific resources, which mitigates the risks to Consul servers when consul clients send excessive requests to a specific resource type. Before configuring traffic rate limits, you should complete the initialization process to understand normal traffic loads in your network. Refer to [Initialize rate limit settings](/consul/docs/agent/limits/init-rate-limits) for additional information.
+
+Complete the following steps to configure traffic rate limits from a source IP address:
+
+1. Define rate limits in a control plan request limit configuration entry. You can set limits for different types of resources calls.
+
+1. Apply the configuration entry to enact the limits.
+
+You should also monitor read and write rate activity and make any necessary adjustments. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits) for additional information.
+
+## Define rate limits
+
+Create a control plane request limit configuration entry in the `default` partition. The configuration entry applies to all client requests targeting any partition. Refer to the [control plane request limit configuration entry](/consul/docs/connect/config-entries/control-plan-request-limit) reference documentation for details about the available configuration parameters. 
+
+Specify the following parameters:
+
+- `kind`: This must be set to `control-plane-request-limit`.
+- `name`: Specify the name of the service that you want to limit read and write operations to.
+-  `read_rate`: Specify overall number of read operations per second allowed from the service.
+-  `write_rate`: Specify overall number of write operations per second allowed from the service.
+
+You can also configure limits on calls to the key-value store, ACL system, and Consul catalog. 
+
+## Apply the configuration entry 
+
+If your network is deployed to virtual machines, use the `consul config write` command and specify the control plane request limit configuration entry to apply the configuration. For Kubernetes-orchestrated networks, use the `kubectl apply` command. 
+
+<Tabs>
+<Tab heading="HCL" group="hcl">
+
+```shell-session
+$ consul config write control-plane-request-limit.hcl
+```
+
+</Tab>
+<Tab heading="JSON" group="json">
+
+```shell-session
+$ consul config write control-plane-request-limit.json
+```
+
+</Tab>
+<Tab heading="Kubernetes" group="kubernetes">
+
+```shell-session
+$ kubectl apply control-plane-request-limit.yaml
+```
+
+</Tab>
+</Tabs>
+
+## Disable request rate limits
+
+Set the [limits.request_limits.mode](/consul/docs/agent/config/config-files#mode-1) in the agent configuration to `disabled` to allow services to exceed the specified read and write requests limits. The `disabled` mode applies to all request rate limits, even limits specifed in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limits).  Note that any other mode specified in the agent configuration only applies to global traffic rate limits.  
\ No newline at end of file
diff --git a/website/content/docs/agent/limits/usage/monitor-rate-limits.mdx b/website/content/docs/agent/limits/usage/monitor-rate-limits.mdx
new file mode 100644
index 000000000000..23906041b34d
--- /dev/null
+++ b/website/content/docs/agent/limits/usage/monitor-rate-limits.mdx
@@ -0,0 +1,77 @@
+---
+layout: docs
+page_title: Monitor traffic rate limit data 
+description: Learn about the metrics and logs you can use to monitor server rate limiting activity, include rate limits for read operations and writer operations
+---
+
+# Monitor traffic rate limit data
+
+This topic describes Consul functionality that enables you to monitor read and write request operations taking place in your network. Use the functionality to help you understand normal workloads and set safe limits on the number of requests Consul client agents and services can make to Consul servers. 
+
+## Access rate limit logs 
+
+Consul prints a log line for each rate limit request. The log provides the necessary information for identifying the source of the request and the configured limit. The log provides the information necessary for identifying the source of the request and the configured limit. Consul prints the log `DEBUG` log level and can drop the log to avoid affecting the server health. Dropping a log line increments the `rpc.rate_limit.log_dropped` metric.
+
+The following example log shows that RPC request from `127.0.0.1:53562` to `KVS.Apply` exceeded the limit:
+
+```text
+2023-02-17T10:01:15.565-0500 [DEBUG] agent.server.rpc-rate-limit: RPC 
+exceeded allowed rate limit: rpc=KVS.Apply source_addr=127.0.0.1:53562 
+limit_type=global/write limit_enforced=false
+```
+
+Refer to [`log_file`](/consul/docs/agent/config/config-files#log_file) for information about where to retrieve log files.
+
+## Review rate limit metrics
+
+Consul captures the following metrics associated with rate limits:
+
+- Type of limit
+- Operation
+- Rate limit mode
+
+Call the `/agent/metrics` API endpoint to view the metrics associated with rate limits. Refer to [View Metrics](/consul/api-docs/agent#view-metrics) for API usage information. In the following example, Consul dropped a call to the consul service because it exceeded the limit by one call:
+
+```shell-session
+$ curl http://127.0.0.1:8500/v1/agent/metrics
+{
+  . . .  
+  "Counters": [
+    {
+      "Name": "consul.rpc.rate_limit.exceeded",
+      "Count": 1,
+      "Sum": 1,
+      "Min": 1,
+      "Max": 1,
+      "Mean": 1,
+      "Stddev": 0,
+      "Labels": {
+        "service": "consul"
+      }
+    },
+    {
+      "Name": "consul.rpc.rate_limit.log_dropped",
+      "Count": 1,
+      "Sum": 1,
+      "Min": 1,
+      "Max": 1,
+      "Mean": 1,
+      "Stddev": 0,
+      "Labels": {}
+    }
+  ],
+  . . .
+}
+```
+
+Refer to [Telemetry](/consul/docs/telemetry) for additional information.
+
+## Request denials
+
+When an HTTP request is denied for rate limiting reason, Consul returns one of the following errors:
+
+- **429 Resource Exhausted**: Indicates that a server is not able to perform the request but that another server could potentially fulfill it. This error is most common on stale reads because any server may fulfill stale read requests. To resolve this type of error,  we recommend immediately retrying the request to another server. If the request came from a Consul client agent, the agent automatically retries the request up to the limit set in the [`rpc_hold_timeout`](/consul/docs/agent/config/config-files#rpc_hold_timeout) configuration .
+
+- **503 Service Unavailable**: Indicates that server is unable to perform the request and that no other server can fulfill the request, either. This usually occurs on consistent reads or for writes. In this case we recommend retrying according to an exponential backoff schedule. If the request came from a Consul client agent, the agent automatically retries the request according to the [`rpc_hold_timeout`](/consul/docs/agent/config/config-files#rpc_hold_timeout) configuration. 
+
+Refer to [Rate limit reached on the server](/consul/docs/troubleshoot/common-errors#rate-limit-reached-on-the-server) for additional information.
\ No newline at end of file
diff --git a/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx b/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
new file mode 100644
index 000000000000..61a4066ec9e0
--- /dev/null
+++ b/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
@@ -0,0 +1,62 @@
+---
+layout: docs
+page_title: Set a global limit on traffic rates
+description: Use global rate limits to prevent excessive rates of requests to Consul servers.
+---
+
+# Set a global limit on traffic rates
+
+This topic describes how to configure rate limits for RPC and gRPC traffic to the Consul server. 
+
+## Introduction 
+
+Rate limits apply to each Consul server separately and limit the number of read requests or write requests to the server on the RPC and internal gRPC endpoints.
+
+Because all requests coming to a Consul server eventually perform an RPC or an internal gRPC request, global rate limits apply to Consul's user interfaces, such as the HTTP API interface, the CLI, and the external gRPC endpoint for services in the service mesh.
+
+Refer to [Initialize Rate Limit Settings](/consul/docs/agent/limits/init-rate-limits) for additional information about right-sizing your gRPC request configurations. 
+
+## Set a global rate limit for a Consul server   
+
+Configure the following settings in your Consul server configuration to limit the RPC and gRPC traffic rates.
+
+- Set the rate limiter [`mode`](/consul/docs/agent/config/config-files#mode-1)
+- Set the [`read_rate`](/consul/docs/agent/config/config-files#read_rate) 
+- Set the [`write_rate`](/consul/docs/agent/config/config-files#write_rate)
+
+In the following example, the Consul server is configured to prevent more than `500` read and `200` write RPC calls:
+
+<CodeTabs heading="Consul server agent">
+
+```hcl
+limits = {
+    rate_limit = {
+        mode = "enforcing"
+        read_rate = 500
+        write_rate = 200
+    }
+}
+```
+
+```json
+{
+    "limits" : {
+        "rate_limit" : {
+            "mode" : "enforcing",
+            "read_rate" : 500,
+            "write_rate" : 200
+        }
+    }
+}
+
+```
+
+</CodeTabs>
+
+## Monitor request rate traffic 
+
+You should continue to mmonitor request traffic to ensure that request rates remain within the threshold you defined. Refer to [Monitor traffic rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits) for instructions about checking metrics and log entries, as well as troubleshooting informaiton.
+
+## Disable request rate limits
+
+Set the [limits.request_limits.mode](/consul/docs/agent/config/config-files#mode-1) to `disabled` to allow services to exceed the specified read and write requests limits, even limits specifed in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limits). Note that any other mode specified in the agent configuration only applies to global traffic rate limits. 
diff --git a/website/content/docs/connect/config-entries/control-plane-request-limit.mdx b/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
new file mode 100644
index 000000000000..c6b44436ac56
--- /dev/null
+++ b/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
@@ -0,0 +1,224 @@
+---
+layout: docs
+page_title: Control Plane Request Limit Configuration Entry Configuration Reference
+description:  Learn how to configure the control-plane-request-limit configuration entry, which defines how Consul agents limit read and reqeust traffic rate limits.
+---
+
+# Control Plane Request Limit Configuration Entry Configuration Reference
+
+This topic describes the configuration options for the `control-plane-request-limit` configuration entry. You can only write the `control-plane-request-limit` configuration entry to the `default` partition, but the configuration entry applies to all client requests that target any partition. 
+
+## Configuration model
+
+The following list outlines field hierarchy, language-specific data types, and requirements in a control plane request limit configuration entry. Click on a property name to view additional details, including default values.
+
+- [`kind`](#kind): string | required | must be set to `control-plane-request-limit`
+- [`mode`](#mode): string | required | default is `permissive`
+- [`name`](#name): string | required
+- [`read_rate`](#read-rate): number | `100`
+- [`write_rate`](#write-rate): number | `100`
+- [`kv`](#kv): map | no default
+   - [`read_rate`](#kv-read-rate): number | `100`
+   - [`write_rate`](#kv-write-rate): number | `100`
+- [`acl`](#acl): map | no default
+   - [`read_rate`](#acl-read-rate): number | `100`
+   - [`write_rate`](#acl-write-rate): number | `100`
+- [`catalog`](#catalog): map 
+   - [`read_rate`](#catalog-read-rate): number | default is `100`
+   - [`write_rate`](#catalog-write-rate): number | default is `100`
+
+## Complete configuration
+
+When every field is defined, a control plane request limit configuration entry has the following form:
+
+<CodeTabs>
+
+```hcl
+kind = "control-plane-request-limit"
+mode = "permissive"
+name = "<destination service>"
+read_rate =  100
+write_rate = 100
+kv = {
+  read_rate =  100
+  write_rate = 100
+  }
+acl = {
+  read_rate =  100
+  write_rate = 100
+mode = "permissive"
+  }
+catalog = {
+  read_rate =  100
+  write_rate = 100
+  }
+```
+
+```json
+{
+  "kind": "control-plane-request-limit",
+  "mode": "permissive",
+  "name": "<destination service>",
+  "read_rate":  100,
+  "write_rate": 100,
+  "kv": {
+    "read_rate": 100,
+    "write_rate": 100
+    },
+  "acl": {
+    "read_rate": 100,
+    "write_rate": 100
+    },
+  "catalog: {
+    "read_rate": 100,
+    "write_rate": 100
+  }
+}
+```
+
+```yaml
+kind: control-plane-request-limit
+mode: permissive
+name: <destination service>
+read_rate: 100
+write_rate: 100
+kv:
+  read_rate: 100
+  write_rate: 100  
+acl:
+  read_rate: 100
+  write_rate: 100
+catalog:
+  read_rate: 100
+  write_rate: 100
+```
+
+</CodeTabs>
+
+## Specification
+
+This section provides details about the fields you can configure in the control plane request limit configuration entry.
+
+### `kind`
+
+Specifies the type of configuration entry to implement. Must be set to`control-plane-request-limit`
+
+#### Values
+
+- Default: none
+- This field is required.
+- Data type: String value that must be set to`control-plane-request-limit`.
+
+### `mode`
+
+Specifies an action to take if the rate of requests exceeds the limit.
+
+#### Values
+
+- Default: None
+- This field is required.
+- One of the following string values:
+  - `permissive`: The server continues to allow requests and records an error in the logs. This is the default value for `mode`.  
+  - `enforcing`: The server stops accepting requests and records an error in the logs. 
+  - `disabled`: Limits are not enforced or tracked. 
+  
+### `name`
+
+Specifies the name of the configuration entry. 
+
+#### Values
+
+- Default: none
+- This field is required.
+- Data type: string
+
+### `read_rate`
+
+Specifies the maximum number of read requests per second that the agent allows.
+
+#### Values
+
+- Default: No limit.
+- Data type: number
+
+### `write_rate`
+
+Specifies the maximum number of write requests per second that the agent allows.
+
+#### Values
+
+- Default: No limit.
+- Data type: number
+
+### `kv`
+
+Specifies the maximum number of read and write requests to the Consul key-value store. 
+
+#### Values
+
+- Default: none
+- Data type is a map containing the following parameters:
+  - `read_rate`
+  - `write_rate`
+
+### `kv.read_rate`
+
+Specifies the maximum number of read requests per second allowed to the Consul key-value store.
+
+#### Values
+
+- Default: No limit.
+- Data type: number
+
+### `kv.write_rate`
+
+Specifies the maximum number of write requests per second allowed to the Consul key-value store.
+
+#### Values
+
+- Default: No limit.
+- Data type: number
+
+### `acl`
+
+Specifies the maximum number of read and write ACL requests to the Consul server.
+
+### `acl.read_rate`
+S
+pecifies the maximum number of ACL read requests per second allowed to the Consul server.
+
+#### Values
+
+- Default: No limit.
+- Data type: number
+
+### `acl.write_rate`
+
+Specifies the maximum number of ACL write requests per second allowed to the Consul server.
+
+#### Values
+
+- Default: No limit.
+- Data type: number
+
+### catalog
+
+Specifies the maximum number of read and write requests to the Consul catalog.
+
+### `catalog.read_rate`
+
+Specifies the maximum number of read requests per second allowed to the Consul catalog.
+
+#### Values
+
+- Default: No limit.
+- Data type: number
+
+### `catalog.write_rate`
+
+Specifies the maximum number of write requests per second allowed to the Consul catalog.
+
+#### Values
+
+- Default: No limit.
+- Data type: number
\ No newline at end of file
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
new file mode 100644
index 000000000000..6b5d8cc272aa
--- /dev/null
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
@@ -0,0 +1,726 @@
+---
+layout: docs
+page_title: External authorization extension configuration reference
+description: Learn how to configure the ext-authz Envoy extension, which is a builtin Consul extension that configures Envoy proxies to request authorization from an external service.
+---
+
+# External authorization extension configuration reference
+
+This topic describes how to configure the external authorization Envoy extension, which configures Envoy proxies to request authorization from an external service. Refer to [Delegate authorization to an external service](/consul/docs/connect/proxies/envoy-extensions/usage/ext-authz) for usage information.
+
+## Configuration model
+
+The following list outlines the field hierarchy, data types, and requirements for the external authorization configuration. Place the configuration inside the `EnvoyExtension.Arguments` field in the proxy defaults or service defaults configuration entry. Refer to the following documentation for additional information:
+
+- [`EnvoyExtensions` in proxy defaults](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions)
+- [`EnvoyExtensions` in service defaults](/consul/docs/connect/config-entries/service-defaults#envoyextensions)
+ - [Envoy External Authorization documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ext_authz/v3/ext_authz.proto)
+
+Click on a property name to view additional details, including default values.
+
+- [`Name`](#name): string | required | must be set to `builtin/ext-authz` 
+- [`Arguments`](#arguments): map | required
+   - [`ProxyType`](#arguments-proxytype): string | required | `connect-proxy`
+   - [`InsertOptions`](#arguments-insertoptions): map
+      - [`Location`](#arguments-insertoptions-location): string
+      - [FilterName](#arguments-insertoptions-filtername): string
+   - [`Config`](#arguments-config): map | required
+      - [`BootstrapMetadataLabelsKey`](#arguments-config-bootstrapmetadatalabelskey): string
+      - [`ClearRouteCache`](#arguments-config-grpcservice): boolean | `false` | HTTP only
+      - [`GrpcService`](#arguments-config-grpcservice): map
+        - [`Target`](#arguments-config-grpcservice-target): map | required
+           - [`Service`](#arguments-config-grpcservice-target-service): map
+              - [`Name`](#arguments-config-grpcservice-target-service): string
+              - [`Namespace`](#arguments-config-grpcservice-target-service): string | <EnterpriseAlert inline/>
+              - [`Partition`](#arguments-config-grpcservice-target-service): string | <EnterpriseAlert inline/>
+           - [`URI`](#arguments-config-grpcservice-target-uri): string   
+           - [`Timeout`](#arguments-config-grpcservice-target-uri): string | `1s`
+        - [`Authority`](#arguments-config-grpcservice-authority): string    
+        - [`InitialMetadata`](#arguments-config-grpcservice-initialmetadata): list
+           - [`Key`](#arguments-config-grpcservice-initialmetadata): string  
+           - [`Value`](#arguments-config-grpcservice-initialmetadata): string  
+      - [`HttpService`](#arguments-config-httpservice): map
+        - [`Target`](#arguments-config-httpservice-target): map | required
+           - [`Service`](#arguments-config-httpservice): string
+              - [`Name`](#arguments-config-httpservice-target-service): string
+              - [`Namespace`](#arguments-config-httpservice-target-service): string | <EnterpriseAlert inline/>
+              - [`Partition`](#arguments-config-httpservice-target-service): string | <EnterpriseAlert inline/>     
+           - [`URI`](#arguments-config-httpservice): string   
+           - [`Timeout`](#arguments-config-httpservice): string | `1s`   
+        - [`PathPrefix`](#arguments-config-httpservice-pathprefix): string    
+        - [`AuthorizationRequest`](#arguments-config-httpservice-authorizationrequest): map    
+           - [`AllowedHeaders`](#arguments-config-httpservice-authorizationrequest-allowedheaders): list
+              - [`Contains`](#arguments-config-httpservice-authorizationrequest-allowedheaders): string   
+              - [`Exact`](#arguments-config-httpservice-authorizationrequest-allowedheaders): string   
+              - [`IgnoreCase`](#arguments-config-httpservice-authorizationrequest-allowedheaders): boolean  
+              - [`Prefix`](#arguments-config-httpservice-authorizationrequest-allowedheaders): string   
+              - [`SafeRegex`](#arguments-config-httpservice-authorizationrequest-allowedheaders): string   
+           - [`HeadersToAdd`](#arguments-config-httpservice-authorizationrequest-headerstoadd): list
+              - [`Key`](#arguments-config-httpservice-authorizationrequest-headerstoadd): string  
+              - [`Value`](#arguments-config-httpservice-authorizationrequest-headerstoadd): string  
+        - [`AuthorizationResponse`](#arguments-config-httpservice-authorizationresponse): map
+           - [`AllowedUpstreamHeaders`](#arguments-config-httpservice-authorizationresponse-allowedupstreamheaders): list
+              - [`Contains`](#arguments-config-httpservice-authorizationresponse-allowedupstreamheaders): string   
+              - [`Exact`](#arguments-config-httpservice-authorizationresponse-allowedheaders): string   
+              - [`IgnoreCase`](#arguments-config-httpservice-authorizationresponse-allowedheaders): boolean  
+              - [`Prefix`](#arguments-config-httpservice-authorizationresponse-allowedheaders): string   
+              - [`SafeRegex`](#arguments-config-httpservice-authorizationresponse-allowedheaders): string   
+              - [`Suffix`](#arguments-config-httpservice-authorizationresponse-allowedheaders): string   
+           - [`AllowedUpstreamHeadersToAppend`](#arguments-config-httpservice-authorizationresponse-allowedupstreamheaderstoappend): list
+              - [`Contains`](#arguments-config-httpservice-authorizationresponse-allowedupstreamheaderstoappend): string   
+              - [`Exact`](#arguments-config-httpservice-authorizationresponse-allowedupstreamheaderstoappend): string   
+              - [`IgnoreCase`](#arguments-config-httpservice-authorizationresponse-allowedupstreamheaderstoappend): boolean  
+              - [`Prefix`](#arguments-config-httpservice-authorizationresponse-allowedupstreamheaderstoappend): string   
+              - [`SafeRegex`](#arguments-config-httpservice-authorizationresponse-allowedupstreamheaderstoappend): string   
+              - [`Suffix`](#arguments-config-httpservice-authorizationresponse-allowedupstreamheaderstoappend): string   
+           - [`AllowedClientHeaders`](#arguments-config-httpservice-authorizationresponse-allowedclientheaders): list
+              - [`Contains`](#arguments-config-httpservice-authorizationresponse-allowedclientheaders): string   
+              - [`Exact`](#arguments-config-httpservice-authorizationresponse-allowedclientheaders): string   
+              - [`IgnoreCase`](#arguments-config-httpservice-authorizationresponse-allowedclientheaders): boolean  
+              - [`Prefix`](#arguments-config-httpservice-authorizationresponse-allowedclientheaders): string   
+              - [`SafeRegex`](#arguments-config-httpservice-authorizationresponse-allowedclientheaders): string   
+              - [`Suffix`](#arguments-config-httpservice-authorizationresponse-allowedclientheaders): string   
+           - [`AllowedClientHeadersOnSuccess`](#arguments-config-httpservice-authorizationresponse-allowedclientheadersonsuccess): list
+              - [`Contains`](#arguments-config-httpservice-authorizationresponse-allowedclientheadersonsuccess): string   
+              - [`Exact`](#arguments-config-httpservice-authorizationresponse-allowedclientheadersonsuccess): string   
+              - [`IgnoreCase`](#arguments-config-httpservice-authorizationresponse-allowedclientheadersonsuccess): boolean  
+              - [`Prefix`](#arguments-config-httpservice-authorizationresponse-allowedclientheadersonsuccess): string   
+              - [`SafeRegex`](#arguments-config-httpservice-authorizationresponse-allowedclientheadersonsuccess): string   
+              - [`Suffix`](#arguments-config-httpservice-authorizationresponse-allowedclientheadersonsuccess): string   
+           - [`DynamicMetadataFromHeaders`](#arguments-config-httpservice-authorizationresponse-dynamicmetadatafromheaders): list
+              - [`Contains`](#arguments-config-httpservice-authorizationresponse-dynamicmetadatafromheaders): string   
+              - [`Exact`](#arguments-config-httpservice-authorizationresponse-dynamicmetadatafromheaders): string   
+              - [`IgnoreCase`](#arguments-config-httpservice-authorizationresponse-dynamicmetadatafromheaders): boolean  
+              - [`Prefix`](#arguments-config-httpservice-authorizationresponse-dynamicmetadatafromheaders): string   
+              - [`SafeRegex`](#arguments-config-httpservice-authorizationresponse-dynamicmetadatafromheaders): string   
+              - [`Suffix`](#arguments-config-httpservice-authorizationresponse-dynamicmetadatafromheaders): string   
+      - [`IncludePeerCertificate`](#arguments-config-includepeercertificate): boolean | `false`
+      - [`MetadataContextNamespaces`](#arguments-config-metadatacontextnamespaces): list of strings | HTTP only
+      - [`StatusOnError`](#arguments-config-statusonerror): number | `403` | HTTP only
+      - [`StatPrefix`](#arguments-config-statprefix): string | `response`
+      - [`WithRequestBody`](#arguments-config-withrequestbody): map | HTTP only
+         - [`MaxRequestBytes`](#arguments-config-withrequestbody-maxrequestbytes): number 
+         - [`AllowPartialMessage`](#arguments-config-withrequestbody-allowpartialmessage): boolean | `false`
+         - [`PackAsBytes`](#arguments-config-withrequestbody-packasbytes): boolean | `false`
+
+## Complete configuration
+
+When each field is defined, an `ext-authz` configuration has the following form:
+
+```hcl
+Name = "builtin/ext-authz" 
+Arguments = {
+   ProxyType = "connect-proxy"
+   InsertOptions = {
+      Location = "<location in the filter chain>" 
+      FilterName = "<filter relative to the location>"
+   }
+   Config = {
+      BootstrapMetadataLabelsKey = "<key from bootstrap metadata>"
+      ClearRouteCache = false // HTTP only
+      GrpcService = {
+         Target = {
+            Service = {
+               Name = "<upstream service to send gRPC authorization requests to>"
+               Namespace = "<namespace containing the upstream service>"
+               Partition = "<partition containing the upstream service>"
+            URI = "<URI of the upstream service>"   
+            Timeout = "1s"
+         Authority = "<authority header to send in the gRPC request>"     
+         InitialMetadata = [
+            "<Key>" : "<value>"  
+      HttpService = {
+         Target = {
+            Service = {
+               Name = "<upstream service to send gRPC authorization requests to>"
+               Namespace = "<namespace containing the upstream service>"
+               Partition = "<partition containing the upstream service>"
+            URI = "<URI of the upstream service>"   
+            Timeout = "1s"
+            }
+         }
+         PathPrefix = "/<authorization-request-header-prefix>/"    
+         AuthorizationRequest = {
+            AllowedHeaders = [
+               Contains = "<client request headers must contain this value>",   
+               Exact = "<client request headers can only be this value>",   
+               IgnoreCase = false,  
+               Prefix = "<client request headers must begin with this value>",   
+               SafeRegex = "<client request headers can match this regex pattern>"
+            ]   
+            HeadersToAdd = [ 
+               "<header key>" = "<header value>"
+            ]
+         }  
+         AuthorizationResponse = {
+            AllowedUpstreamHeaders = [
+               Contains = "<authorization response headers must contain this value>",   
+               Exact = "<authorization response headers can only be this value>",   
+               IgnoreCase = false,  
+               Prefix = "<authorization response headers must begin with this value>",   
+               SafeRegex = "<authorization response headers can match this regex pattern>"
+               Suffix = "<authorization response headers must end with this value>"
+            ]   
+            AllowedUpstreamHeadersToAppend = [
+               Contains = "<authorization response headers must contain this value>",   
+               Exact = "<authorization response headers can only be this value>",   
+               IgnoreCase = false,  
+               Prefix = "<authorization response headers must begin with this value>",   
+               SafeRegex = "<authorization response headers can match this regex pattern>"
+               Suffix = "<authorization response headers must end with this value>"   
+             ]   
+            AllowedClientHeaders = [
+               Contains = "<client response headers must contain this value>",   
+               Exact = "<client response headers can only be this value>",   
+               IgnoreCase = false,  
+               Prefix = "<client response headers must begin with this value>",   
+               SafeRegex = "<client response headers can match this regex pattern>"
+               Suffix = "<client response headers must end with the value>"
+            ]   
+            AllowedClientHeadersOnSuccess = [
+               Contains = "<client response headers must contain this value>",   
+               Exact = "<client response headers can only be this value>",   
+               IgnoreCase = false,  
+               Prefix = "<client response headers must begin with this value>",   
+               SafeRegex = "<client response headers can match this regex pattern>"
+               Suffix = "<client response headers must end with the value>"
+            DynamicMetadataFromHeaders = [
+               Contains = "<authorization response headers must contain this value>",   
+               Exact = "<authorization response headers can only be this value>",   
+               IgnoreCase = false,  
+               Prefix = "<authorization response headers must begin with this value>",   
+               SafeRegex = "<authorization response headers can match this regex pattern>"
+               Suffix = "<authorization response headers must end with the value>"
+            ]
+      IncludePeerCertificate = false
+      MetadataContextNamespaces = [ 
+         "<metadata namespace>"
+      ]
+      StatusOnError = 403 // HTTP only
+      StatPrefix = "response"
+      WithRequestBody = {   //HTTP only
+         MaxRequestBytes = <uint32 value specifying the max size of the message body>  
+         AllowPartialMessage = false
+         PackAsBytes = false
+```
+
+## Specification
+
+This section provides details about the fields you can configure for the external authorization extension.
+### `Name`
+
+Specifies the name of the extension. Must be set to `builtin/ext-authz`.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String value set to `builtin/ext-authz`.
+
+### `Arguments`
+
+Contains the global configuration for the extension.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+### `Arguments.ProxyType`
+
+Specifies the type of Envoy proxy that this extension applies to. The extension only applies to proxies that match this type and is ignored for all other proxy types. The only supported value is `connect-proxy`.
+
+#### Values
+
+- Default: `connect-proxy`
+- This field is required.
+- Data type: String
+
+### `Arguments.InsertOptions`
+
+Specifies options for defining the insertion point for the external authorization filter in the Envoy filter chain. By default, the external authorization filter is inserted as the first filter in the filter chain per the default setting for the [`Location`](#arguments-insertoptions-location) field. 
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+### `Arguments.InsertOptions.Location`
+
+Specifies the insertion point for the external authorization filter in the Envoy filter chain. You can specify one of the following string values:
+
+- `First`: Inserts the filter as the first filter in the filter chain, regardless of the filter specified in the `FilterName` field.
+- `BeforeLast`: Inserts the filter before the last filter in the chain, regardless of the filter specified in the `FilterName` field. This allows the filter to be inserted after all other filters and immediately before the terminal filter. 
+- `AfterFirstMatch`: Inserts the filter after the first filter in the chain that has a name matching the value of the `FilterName` field.
+- `AfterLastMatch`: Inserts the filter after the last filter in the chain that has a name matching the value of the `FilterName` field.
+- `BeforeFirstMatch`: Inserts the filter before the first filter in the chain that has a name matching the value of the `FilterName` field.
+- `BeforeLastMatch`: Inserts the filter before the last filter in the chain that has a name matching the value of the `FilterName` field. 
+
+#### Values
+
+- Default: `BeforeFirstMatch`
+- Data type: String
+
+### `Arguments.InsertOptions.FilterName`
+
+Specifies the name of an existing filter in the chain to match when inserting the external authorization filter. Specifying a filter name enables  you to configure an insertion point relative to the position of another filter in the chain.  
+
+#### Values
+
+- Default: `envoy.filters.network.tcp_proxy` for TCP services. `envoy.filters.http.router` for HTTP services.
+- Data type: String
+
+### `Arguments.Config`
+
+Contains the configuration settings for the extension.  
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+### `Arguments.Config.BootstrapMetadataLabelsKey`
+
+Specifies a key from the Envoy bootstrap metadata. Envoy adds labels associated with the key to the authorization request context. 
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `Arguments.Config.ClearRouteCache`
+
+Directs Envoy to clear the route cache so that the external authorization service correctly affects routing decisions. If set to `true`, the filter clears all cached routes. 
+
+Envoy also clears cached routes if the status returned from the authorization service is `200` for HTTP responses or `0` for gRPC responses. Envoy also clears cached routes if at least one authorization response header is added to the client request or is used for altering another client request header.
+
+#### Values
+
+- Default: `false`
+- Data type: Boolean
+
+
+### `Arguments.Config.GrpcService`
+
+Specifies the external authorization configuration for gRPC requests. Configure the `GrpcService` or the [`HttpService`](#arguments-config-httpservice) settings, but not both.
+
+#### Values
+
+- Default: None
+- Either the `GrpcService` or the `HttpService` configuration is required.
+- Data type: Map
+
+### `Arguments.Config.GrpcService.Target`
+
+Configuration for specifying the service to send gRPC authorization requests to. The `Target` field may contain the following fields:
+
+- [`Service`](#arguments-config-grpcservice-target-service) or [`Uri`](#arguments-config-grpcservice-target-uri)
+- [`Timeout`](#arguments-config-grpcservice-target-timeout)
+
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+### `Arguments{}.Config{}.GrpcService{}.Target{}.Service{}`
+
+Specifies the upstream external authorization service. Configure this field when authorization requests are sent to an upstream service within the service mesh. The service must be configured as an upstream of the service that the filter is applied to.
+
+Configure either the `Service` field or the [`Uri`](#arguments-config-grpcservice-target-uri) field, but not both. 
+ 
+#### Values
+
+- Default: None
+- This field or [`Uri`](#arguments-config-grpcservice-target-uri) is required.
+- Data type: Map
+
+The following table describes how to configure parameters for the `Service` field:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `Name` | Specifies the name of the upstream service. | String | None |
+| `Namespace` | <EnterpriseAlert inline/> Specifies the Consul namespace that the upstream service belongs to. | String | `default` |
+| `Partition` | <EnterpriseAlert inline/> Specifies the Consul admin partition that the upstream service belongs to. | String | `default` |
+
+### `Arguments.Config.GrpcService.Target.Uri`
+
+Specifies the URI of the external authorization service. Configure this field when you must provide an explicit URI to the external authorization service, such as cases in which the authorization service is running on the same host or pod. If set, the value of this field must be either `localhost:<port>` or `127.0.0.1:<port>`
+
+Configure either the `Uri` field or the [`Service`](#arguments-config-grpcservice-target-service) field, but not both. 
+ 
+#### Values
+
+- Default: None
+- This field or [`Service`](#arguments-config-grpcservice-target-service) is required.
+- Data type: String
+
+### `Arguments.Config.GrpcService.Target.Timeout`
+
+Specifies the maximum duration that a response can take to arrive upon request.
+ 
+#### Values
+
+- Default: `1s`
+- Data type: String
+
+### `Arguments.Config.GrpcService.Authority`
+
+Specifies the authority header to send in the gRPC request. If this field is not set, the authority field is set to the cluster name. This field does not override the SNI that Envoy sends to the external authorization service.
+ 
+#### Values
+
+- Default: Cluster name
+- Data type: String
+
+### `Arguments.Config.GrpcService.InitialMetadata[]`
+
+Specifies additional metadata to include in streams initiated to the `GrpcService`. You can specify metadata for injecting additional ad-hoc authorization headers, for example, `x-foo-bar: baz-key`. For more information, including details on header value syntax, refer to the [Envoy documentation on custom request headers](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#config-http-conn-man-headers-custom-request-headers).
+ 
+#### Values
+
+- Default: None
+- Data type: List of one or more key-value pairs:
+
+   - KEY: String
+   - VALUE: String
+
+### `Arguments{}.Config{}.HttpService{}`
+
+Contains the configuration for raw HTTP communication between the filter and the external authorization service. Configure the `HttpService` or the [`GrpcService`](#arguments-config-grpcservice) settings, but not both.
+
+#### Values
+
+- Default: None
+- Either the `HttpService` or the `GrpcService` configuration is required.
+- Data type: Map
+
+### `Arguments{}.Config{}.HttpService{}.Target{}`
+
+Configuration for specifying the service to send HTTP authorization requests to. The `Target` field may contain the following fields:
+
+- [`Service`](#arguments-config-httpservice-target-service) or [`Uri`](#arguments-config-httpservice-target-uri)
+- [`Timeout`](#arguments-config-httpservice-target-timeout)
+
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+### `Arguments{}.Config{}.HttpService{}.Target{}.Service{}`
+
+Specifies the upstream external authorization service. Configure this field when HTTP authorization requests are sent to an upstream service within the service mesh. The service must be configured as an upstream of the service that the filter is applied to.
+
+Configure either the `Service` field or the [`Uri`](#arguments-config-httpservice-target-uri) field, but not both. 
+ 
+#### Values
+
+- Default: None
+- This field or [`Uri`](#arguments-config-httpservice-target-uri) is required.
+- Data type: Map
+
+The following table describes how to configure parameters for the `Service` field:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `Name` | Specifies the name of the upstream service. | String | None |
+| `Namespace` | <EnterpriseAlert inline/> Specifies the Consul namespace that the upstream service belongs to. | String | `default` |
+| `Partition` | <EnterpriseAlert inline/> Specifies the Consul admin partition that the upstream service belongs to. | String | `default` |
+
+### `Arguments{}.Config{}.HttpService{}.Target{}.Uri`
+
+Specifies the URI of the external authorization service. Configure this field when you must provide an explicit URI to the external authorization service, such as cases in which the authorization service is running on the same host or pod. 
+
+Configure either the `Uri` field or the [`Service`](#arguments-config-httpservice-target-service) field, but not both. 
+ 
+#### Values
+
+- Default: None
+- This field or [`Service`](#arguments-config-httpservice-target-service) is required.
+- Data type: String
+
+### `Arguments{}.Config{}.HttpService{}.Target{}.Timeout`
+
+Specifies the maximum duration that a response can take to arrive upon request.
+ 
+#### Values
+
+- Default: `1s`
+- Data type: String
+
+### `Arguments{}.Config{}.HttpService{}.PathPrefix`
+
+Specifies a prefix for the value of the authorization request header `Path`. You must include the preceding forward slash (`/`).
+ 
+#### Values
+
+- Default: None
+- Data type: String
+
+### `Arguments{}.Config{}.HttpService{}.AuthorizationRequest{}`
+
+HTTP-only configuration that controls the HTTP authorization request metadata. The `AuthorizationRequest` field may contain the following parameters:
+
+- [`AllowHeaders`](#arguments-config-httpservice-authorizationrequest-allowheaders)
+- [`HeadersToAdd`](#arguments-config-httpservice-authorizationrequest-headerstoadd)
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+### `Arguments{}.Config{}.HttpService{}.AuthorizationRequest{}.AllowHeaders[]`
+
+Specifies a set of rules for matching client request headers. The request to the external authorization service includes any client request headers that satisfy any of the rules. Refer to the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ext_authz/v3/ext_authz.proto#extensions-filters-http-ext-authz-v3-extauthz) for a detailed explanation.
+
+#### Values
+
+- Default: None
+- Data type: List of key-value pairs
+
+The following table describes the matching rules you can configure in the `AllowHeaders` field:
+
+@include 'envoy_ext_rule_matcher.mdx'
+
+### `Arguments{}.Config{}.HttpService{}.AuthorizationRequest{}.HeadersToAdd[]`
+
+Specifies a list of headers to include in the request to the authorization service. Note that Envoy overwrites client request headers with the same key.
+
+#### Values
+
+- Default: None
+- Data type: List of one or more key-value pairs:
+
+   - KEY: String
+   - VALUE: String
+
+### `Arguments{}.Config{}.HttpService{}.AuthorizationResponse{}`
+
+HTTP-only configuration that controls HTTP authorization response metadata. The `AuthorizationResponse` field may contain the following parameters:
+
+- [`AllowedUpstreamHeaders`](#arguments-config-httpservice-authorizationresponse-allowedupstreamheaders)
+- [`AllowedUpstreamHeadersToAppend`](#arguments-config-httpservice-authorizationresponse-allowedupstreamheaderstoappend)
+- [`AllowedClientHeaders`](#arguments-config-httpservice-authorizationresponse-allowedclientheaders)
+- [`AllowedClientHeadersOnSuccess`](#arguments-config-httpservice-authorizationresponse-allowedclientheadersonsuccess)
+- [`DynamicMetadataFromHeaders`](#arguments-config-httpservice-authorizationresponse-dynamicmetadatafromheaders)
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+### `Arguments{}.Config{}.HttpService{}.AuthorizationResponse{}.AllowedUpstreamHeaders[]`
+
+Specifies a set of rules for matching authorization response headers. Envoy adds any headers from the external authorization service to the client response that satisfy the rules. Envoy overwrites existing headers.
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+The following table describes the matching rules you can configure in the `AllowedUpstreamHeaders` field:
+
+@include 'envoy_ext_rule_matcher.mdx'
+
+### `Arguments{}.Config{}.HttpService{}.AuthorizationResponse{}.AllowedUpstreamHeadersToAppend[]`
+
+Specifies a set of rules for matching authorization response headers. Envoy appends any headers from the external authorization service to the client response that satisfy the rules. Envoy appends existing headers.
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+The following table describes the matching rules you can configure in the `AllowedUpstreamHeadersToAppend` field:
+
+@include 'envoy_ext_rule_matcher.mdx'
+
+### `Arguments{}.Config{}.HttpService{}.AuthorizationResponse{}.AllowedClientHeaders[]`
+
+Specifies a set of rules for matching client response headers. Envoy adds any headers from the external authorization service to the client response that satisfy the rules. When the list is not set, Envoy includes all authorization response headers except `Authority (Host)`. When a header is included in this list, Envoy automatically adds the following headers: 
+
+- `Path`
+- `Status`
+- `Content-Length`
+- `WWWAuthenticate`
+- `Location`
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+The following table describes the matching rules you can configure in the `AllowedClientHeaders` field:
+
+@include 'envoy_ext_rule_matcher.mdx'
+
+### `Arguments{}.Config{}.HttpService{}.AuthorizationResponse{}.AllowedClientHeadersOnSuccess[]`
+
+Specifies a set of rules for matching client response headers. Envoy adds headers from the external authorization service to the client response when the headers satisfy the rules and the authorization is successful. If the headers match the rules but the authorization fails or is denied, the headers are not added. If this field is not set, Envoy does not add any additional headers to the client's response on success. 
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+The following table describes the matching rules you can configure in the `AllowedClientHeadersOnSuccess` field:
+
+@include 'envoy_ext_rule_matcher.mdx'
+
+### `Arguments{}.Config{}.HttpService{}.AuthorizationResponse{}.DynamicMetadataFromHeaders[]`
+
+Specifies a set of rules for matching authorization response headers. Envoy emits headers from the external authorization service as dynamic metadata that the next filter in the chain can consume. 
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+The following table describes the matching rules you can configure in the `DynamicMetadataFromHeaders` field:
+
+@include 'envoy_ext_rule_matcher.mdx'
+
+### `Arguments{}.Config{}.IncludePeerCertificate`
+
+If set to `true`, Envoy includes the peer X.509 certificate in the authorization request if the certificate is available.  
+
+#### Values
+
+- Default: `false`
+- Data type: Boolean
+
+### `Arguments{}.Config{}.MetadataContextNamespace[]`
+
+HTTP only field that specifies a list of metadata namespaces. The values of the namespaces  are included in the authorization request context.  The `consul` namespace is always included in addition to the namespaces you configure.
+
+#### Values
+
+- Default: `["consul"]`
+- Data type: List of string values
+
+### `Arguments{}.Config{}.StatusOnError`
+
+HTTP only field that specifies a return code status to respond with on error. Refer to the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/v3/http_status.proto#enum-type-v3-statuscode) for additional information.
+
+#### Values
+
+- Default: `403`
+- Data type: Integer
+
+### `Arguments{}.Config{}.StatPrefix`
+
+Specifies a prefix to add when writing statistics.
+
+#### Values
+
+- Default: `response`
+- Data type: String
+
+### `Arguments{}.Config{}.WithRequestBody{}`
+
+HTTP only field that configures Envoy to buffer the client request body and send it with the authorization request. If unset, the request body is not sent with the authorization request.
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+The following table describes the parameters that you can include in the `WithRequestBody` field:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `MaxRequestBytes` | Specifies the maximum size of the message body that the filter holds in memory. Envoy returns HTTP `403` and does not initiate the authorization process when the buffer reaches the number set in this field unless `AllowPartialMessage` is set to `true`. | uint32 | None |
+| `AllowPartialMessage` | If set to `true`, Envoy buffers the request body until the value of `MaxRequestBytes` is reached. The authorization request is dispatched with a partial body and no `413` HTTP error returns by the filter. | Boolean | `false` |
+| `PackAsBytes` | If set to `true`, Envoy sends the request body to the external authorization as raw bytes. Otherwise, Envoy sends the request body as a UTF-8 encoded string. | Boolean | `false` |
+
+## Examples
+
+The following examples demonstrate common configuration patterns for specific use cases.
+
+### Authorize gRPC requests to a URI
+
+In the following example, a service defaults configuration entry contains an `ext-authz` configuration. The configuration allows the `api` service to make gRPC authorization requests to a service at `localhost:9191`:
+
+```hcl
+Kind = "service-defaults"
+Name = "api"
+EnvoyExtensions = [
+  {
+    Name = "builtin/ext-authz"
+    Arguments = {
+      ProxyType = "connect-proxy"
+      Config = {
+        GrpcService = {
+          Target = {
+            URI = "127.0.0.1:9191"
+          }
+        }
+      }
+    }
+  }
+]
+```
+  
+### Upstream authorization
+
+In the following example, a service defaults configuration entry contains an `ext-authz` configuration. The configuration allows the `api` service to make gRPC authorization requests to a service named `authz`:
+
+```hcl
+Kind = "service-defaults"
+Name = "api"
+EnvoyExtensions = [
+  {
+    Name = "builtin/ext-authz"
+    Arguments = {
+      ProxyType = "connect-proxy"
+      Config = {
+        GrpcService = {
+          Target = {
+            Service = {
+              Name = "authz"
+            }
+          }
+        }
+      }
+    }
+  }
+]
+```
+
+### Authorization requests after service intentions for Consul Enterprise
+
+In the following example for Consul Enterprise, the `api` service is configured to make an HTTP authorization requests to a service named `authz` in the `foo` namespace and `bar` partition. Envoy also inserts the external authorization filter after the `envoy.filters.http.rbac` filter:
+
+```hcl
+Kind = "service-defaults"
+Name = "api"
+Protocol = "http"
+EnvoyExtensions = [
+  {
+    Name = "builtin/ext-authz"
+    Arguments = {
+      ProxyType = "connect-proxy"
+      InsertOptions = {
+        Location   = "AfterLastMatch"
+        FilterName = "envoy.filters.http.rbac"
+      }
+      Config = {
+        HttpService = {
+          Target = {
+            Service = {
+              Name      = "authz"
+              Namespace = "foo"
+              Partition = "bar"
+            }
+          }
+        }
+      }
+    }
+  }
+]
+```
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
new file mode 100644
index 000000000000..9b13cb940b23
--- /dev/null
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
@@ -0,0 +1,273 @@
+---
+layout: docs
+page_title: Property override configuration reference
+description: Learn how to configure the property-override plugin, which is a builtin Consul plugin that allows you to set and remove Envoy proxy properties.
+---
+
+# Property override configuration reference
+
+This topic describes how to configure the `property-override` extension so that you can set and remove individual properties on the Envoy resources Consul generates. Refer to [Configure Envoy proxy properties](/consul/docs/connect/proxies/envoy-extensions/usage/property-override) for usage information.
+
+## Configuration model
+
+The following list outlines the field hierarchy, data types, and requirements for the `property-override` configuration. Place the configuration inside the `EnvoyExtension.Arguments` field in the proxy defaults or service defaults configuration entry. Refer the following documentation for additional information:
+
+- [`EnvoyExtensions` in proxy defaults](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions)
+- [`EnvoyExtensions` in service defaults](/consul/docs/connect/config-entries/service-defaults#envoyextensions)
+
+Click on a property name to view additional details, including default values.
+  
+- [`ProxyType`](#proxytype): string | required 
+- [`Debug`](#debug): bool | `false` 
+- [`Patches`](#patches): list | required
+   - [`ResourceFilter`](#patches-resourcefilter): map         
+      - [`ResourceType`](#patches-resourcefilter-resourcetype): string | required
+      - [`TrafficDirection`](#patches-resourcefilter-trafficdirection): string | required
+      - [`Services`](#patches-resourcefilter-services): list
+         - [`Name`](#patches-resourcefilter-services-name): string
+         - [`Namespace`](#patches-resourcefilter-services-namespace): string | `default` | <EnterpriseAlert inline/>
+         - [`Partition`](#patches-resourcefilter-services-partition): string | `default` | <EnterpriseAlert inline/>
+   - [`Op`](#patches-op): string | required
+   - [`Path`](#patches-path): string | required
+   - [`Value`](#patches-value): map, number, boolean, or string
+
+## Complete configuration
+
+When each field is defined, a `property-override` configuration has the following form:
+
+
+```hcl
+ProxyType = "connect-proxy"
+Debug = false
+Patches = [
+  {
+    ResourceFilter = {
+      ResourceType = "<type of resource>"
+      TrafficDirection = "<inbound or outbound>"
+      Services = [
+        {
+          Name = "<name of service to filter for>", 
+          Namespace = "<Consul namespace containing the service>"
+          Partition = "<Consul partition containing the service>"
+        }
+      ]
+    Op = "<add or remove>",
+    Path = "<path/to/field>",
+    Value = "<values or map of field-values>"
+  }
+]
+```       
+
+## Specification
+
+This section provides details about the fields you can configure for the `property-override` extension.
+
+### `ProxyType`
+
+Specifies the type of Envoy proxy that the extension applies to. The only supported value is `connect-proxy`.
+
+#### Values
+
+- Default: `connect-proxy`
+- This field is required.
+- Data type: String 
+
+### `Debug`
+
+Enables full debug mode. When `Debug` is set to `true`, all possible fields for the given `ResourceType` and first unmatched segment of `Path` are returned on error. When set to `false`, the error message only includes the first ten possible fields. 
+
+#### Values
+
+- Default: `false`
+- Data type: Boolean
+
+### `Patches[]`
+
+Specifies a list of one or more JSON Patches that map to the Envoy proxy configurations you want to modify. Refer to [IETF RFC 6902](https://datatracker.ietf.org/doc/html/rfc6902/) for information about the JSON Patch specification. 
+
+#### Values
+
+- Default: None
+- The `Patches` parameter is a list of configurations in JSON Patch format. Each patch can contain the following fields:
+   - [`ResourceFilter`](#patches-resourcefilter)
+   - [`Op`](#patches-op)
+   - [`Path`](#patches-path)
+   - [`Value`](#patches-value)
+
+
+### `Patches[].ResourceFilter{}`
+
+Specifies the filter for targeting specific Envoy resources. The `ResourceFilter` configuration is not part of the JSON Patch specification. 
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+The following table describes how to configure a `ResourceFilter`:
+
+| Parameter | Description | Type |
+| ---       | ---         | ---  |
+| `ProxyType` | Specifies the proxy type that the extension applies to. The only supported value is `connect-proxy`. | String |
+| `ResourceType` | Specifies the Envoy resource type that the extension applies to. You can specify one of the following values for each `ResourceFilter`: <ul><li>`cluster`</li><li>`cluster-load-assignment`</li><li>`route`</li><li>`listener`</li></ul> | String |
+| `TrafficDirection` | Specifies the type of traffic that the extension applies to relative to the current proxy. You can specify one of the following values for each `ResourceFilter`: <ul><li>`inbound`: Targets resources for the proxy's inbound traffic.</li> <li>`outbound`: Targets resources for the proxy's upstream services.</li></ul> | String |
+| `Services` | Specifies a list of services to target. Each member of the list has the following fields:<ul><li>`Name`: Specifies the service associated with the traffic.</li><li>`Namespace`: Specifies the Consul Enterprise namespace the service is in.</li><li>`Partition`: Specifies the Consul Enterprise admin partition the service is in.</li> </ul>If `TrafficDirection` is set to `outbound`, upstream services in this field correspond to local Envoy resources that Consul patches at runtime. <p>Do not configure the `Services` field if `TrafficDirection` is set to `inbound`.</p> If this field is not set, Envoy targets all applicable resources. When patching outbound listeners, the patch includes the outbound transparent proxy listener only if `Services` is unset and if the local service is in transparent proxy mode. | List of maps |
+
+### `Patches[].Op`
+
+Specifies the JSON Patch operation to perform when the `ResourceFilter` matches a local Envoy proxy configuration. You can specify one of the following values for each patch:
+
+- `add`: Replaces a property or message specified by [`Path`](#patches-path) with the given value. The JSON patch format does not merge objects. To emulate merges, you must configure discrete `add` operations for each changed field. Consul returns an error if the target field does not exist in the corresponding schema.
+- `remove`: Unsets the value of the field specified by [`Path`](#patches-path). If the field is not set, no changes are made. Consul returns an error if the target field does not exist in the corresponding schema.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type is one of the following string values:
+   - `add`
+   - `remove`
+
+### `Patches[].Path`
+
+Specifies where the extension performs the associated operation on the specified resource type. Refer to [`ResourceType`](#patches-resourcefilter) for information about specifying a resource type to target. Refer to [`Op`](#patches-op) for information about setting an operation to perform on the resources. 
+
+The `Path` field does not support addressing array elements or protobuf map field entries. Refer to [Constructing paths](/consul/docs/connect/proxies/envoy-extensions/usage/property-override#constructing-paths) for information about how to construct paths. 
+
+When setting fields, the extension sets any unset intermediate fields to their default values. A a single operation on a nested field can set multiple intermediate fields. Because Consul sets the intermediate fields to their default values, you may need to configure subsequent patches to satisfy Envoy or Consul validation. 
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String
+
+### `Patches[].Value{}`
+
+Defines a value to set at the specified [path](#patches-path) if the [operation](#patches-op) is set to `add`.  You can specify either a scalar or enum value or define a map that contains string keys and values corresponding to scalar or enum child fields. Refer to the [example configurations](#examples) for additional guidance and to the [Envoy API documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/api) for additional information about Envoy proxy interfaces.
+
+If Envoy specifies a wrapper as the target field type, the extension automatically coerces simple values to the wrapped type when patching. For example, the value `32768` is allowed when targeting a cluster's `per_connection_buffer_limit_bytes`, which is a `UInt32Value` field. Refer to the [protobuf documentation](https://github.com/protocolbuffers/protobuf/blob/main/src/google/protobuf/wrappers.proto) for additional information about wrappers.
+#### Values
+
+- Default: None
+- This field is required if [`Op`](#patches-op) is set to `add`, otherwise you must omit the field.
+- This field takes one of the following data types:
+   - scalar
+   - enum
+   - map 
+
+## Examples
+
+The following examples demonstrate patterns that you may be able to model your configurations on.
+
+### Enable `enforcing_consecutive_5xx` outlier detection 
+
+In the following example, the `add` operation patches an outlier detection property into outbound cluster traffic. The `Path` specifies the `enforcing_consecutive_5xx` interface and sets a value of `1234`:
+
+```hcl
+Kind = "service-defaults"
+Name = "my-svc"
+Protocol = "http"
+EnvoyExtensions = [
+  {
+    Name = "builtin/property-override",
+    Arguments = {
+      ProxyType = "connect-proxy",
+      Patches = [
+        {
+          "ResourceFilter" = {
+            "ResourceType" = "cluster",
+            "TrafficDirection" = "outbound",
+            "Service" = {
+              "Name" = "other-svc"
+            },
+          },
+          "Op" = "add",
+          "Path" =  "/outlier_detection/enforcing_consecutive_5xx",
+          "Value" = 1234,
+        }
+      ]
+    }
+  }
+]
+```
+
+### Update multiple values in the default map
+
+In the following example, two `ResourceFilter` blocks target outbound traffic to the `db` service and add `/outlier_detection/enforcing_consecutive_5xx` and `/outlier_detection/failure_percentage_request_volume` properties:
+
+```hcl
+Kind = "service-defaults"
+Name = "my-svc"
+Protocol = "http"
+EnvoyExtensions = [
+  {
+    Name = "builtin/property-override",
+    Arguments = {
+      ProxyType = "connect-proxy",
+      Patches = [
+        {
+          ResourceFilter = {
+            ResourceType = "cluster",
+            TrafficDirection = "outbound",
+            Services = [{
+              Name = "other-svc"
+            }],
+          },
+          Op = "add",
+          Path =  "/outlier_detection/enforcing_consecutive_5xx",
+          Value = 1234,
+        },
+        {
+          ResourceFilter = {
+            ResourceType = "cluster",
+            TrafficDirection = "outbound",
+            Services = [{
+              Name = "other-svc"
+            }],
+          },
+          Op = "add",
+          Path =  "/outlier_detection/failure_percentage_request_volume",
+          Value = 2345,
+        }
+      ]
+    }
+  }
+]
+```
+
+### Set multiple values that replace the map
+
+In the following example, a `ResourceFilter` targets outbound traffic to the `db` service and replaces the map of properties located at `/outlier_detection` with `enforcing_consecutive_5xx` and `failure_percentage_request_volume` and properties:
+
+```hcl
+Kind = "service-defaults"
+Name = "my-svc"
+Protocol = "http"
+EnvoyExtensions = [
+  {
+    Name = "builtin/property-override",
+    Arguments = {
+      ProxyType = "connect-proxy",
+      Patches = [
+        {
+          ResourceFilter = {
+            ResourceType = "cluster",
+            TrafficDirection = "outbound",
+            Services = [{
+              Name = "other-svc"
+            }],
+          },
+          Op = "add",
+          Path =  "/outlier_detection",
+          Value = {
+            "enforcing_consecutive_5xx" = 1234,
+            "failure_percentage_request_volume" = 2345,
+          },
+        }
+      ]
+    }
+  }
+]
+```
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
new file mode 100644
index 000000000000..ed1e2061a5d5
--- /dev/null
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
@@ -0,0 +1,484 @@
+---
+layout: docs
+page_title: WebAssembly extension configuration reference 
+description: Learn how to configure the wasm Envoy extension, which is a builtin Consul extension that allows you to run WebAssembly plugins in Envoy proxies.
+---
+
+# WebAssembly extension configuration reference 
+
+This topic describes how to configure the `wasm` extension, which directs Consul to run WebAssembly (Wasm) plugins in Envoy proxies. Refer to [Run WebAssembly plug-ins in Envoy proxy](/consul/docs/connect/proxies/envoy-extensions/usage/wasm) for usage information.
+
+## Configuration model
+
+The following list outlines the field hierarchy, data types, and requirements for the `wasm` configuration. Place the configuration inside the `EnvoyExtension.Arguments` field in the proxy defaults or service defaults configuration entry. Refer the following documentation for additional information:
+
+- [`EnvoyExtensions` in proxy defaults](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions)
+- [`EnvoyExtensions` in service defaults](/consul/docs/connect/config-entries/service-defaults#envoyextensions)
+
+Click on a property name to view additional details, including default values.
+  
+- [`Protocol`](#protocol): string 
+- [`ListenerType`](#listenertype): string | required
+- [`ProxyType`](#proxytype): string | `connect-proxy`
+- [`PluginConfig`](#pluginconfig): map | required
+   - [`Name`](#pluginconfig-name): string
+   - [`RootID`](#pluginconfig-rootid): string | required
+   - [`VmConfig`](#pluginconfig-vmconfig): map
+      - [`VmID`](#pluginconfig-vmconfig-vmid): string 
+      - [`Runtime`](#pluginconfig-vmconfig): string | `v8`
+      - [`Code`](#pluginconfig-vmconfig-code): map
+         - [`Local`](#pluginconfig-vmconfig-code-local): map
+            - [`Filename`](#pluginconfig-vmconfig-code-local): string
+         - [`Remote`](#pluginconfig-vmconfig-code-remote): map
+            - [`HttpURI`](#pluginconfig-vmconfig-code-remote-httpuri): map
+               - [`Service`](#pluginconfig-vmconfig-code-remote-httpuri-service): map
+                  - [`Name`](#pluginconfig-vmconfig-code-remote-httpuri-service): string
+                  - [`Namespace`](#pluginconfig-vmconfig-code-remote-httpuri-service): string
+                  - [`Partition`](#pluginconfig-vmconfig-code-remote-httpuri-service): string
+               - [`URI`](#pluginconfig-vmconfig-code-remote-httpuri-uri): string
+               - [`Timeout`](#pluginconfig-vmconfig-code-remote-httpuri-timeout): string
+            - [`SHA256`](#pluginconfig-vmconfig-code-remote-sha256): string
+            - [`RetryPolicy`](#pluginconfig-vmconfig-code-remote-retrypolicy): map
+               - [`RetryBackOff`](#pluginconfig-vmconfig-code-remote-retrypolicy-retrybackoff): map
+                  - [`BaseInterval`](#pluginconfig-vmconfig-code-remote-retrypolicy-retrybackoff): string
+                  - [`MaxInterval`](#pluginconfig-vmconfig-code-remote-retrypolicy-retrybackoff): string
+               - [`NumRetries`](#pluginconfig-vmconfig-code-remote-retrypolicy-numretries): number | `-1`
+      - [`Configuration`](#pluginconfig-vmconfig-configuration): string
+      - [`EnvironmentVariables`](#pluginconfig-vmconfig-environmentvariables): map
+         - [`HostEnvKeys`](#pluginconfig-vmconfig-environmentvariables-hostenvkeys): list of strings
+         - [`KeyValues`](#pluginconfig-vmconfig-environmentvariables-keyvalues): map
+   - [`Configuration`](#pluginconfig-configuration): string
+   - [`CapabilityRestrictionConfiguration`](#pluginconfig-vmconfig-capabilityrestrictionconfiguration): map
+      - [`AllowedCapabilities`](#pluginconfig-vmconfig-capabilityrestrictionconfiguration): map of strings
+
+## Complete configuration
+
+When all parameters are set for the extension, the configuration has the following form:
+
+```hcl
+Protocol = "<tcp or http>" 
+ListenerType = "<inbound or outbound>"
+ProxyType = "connect-proxy"
+PluginConfig = {
+   Name = "<name for the filter>"
+   RootID = "<ID for the set of filters on a VM>"
+   VmConfig = {
+      VmID = "<ID of the VM>"
+      Runtime = "v8"
+      Code = {
+         Local = {      # Set either `Local` or `Remote', not both
+            Filename = "</path/to/plugin>"
+         }
+         Remote = {     # Set either `Local` or `Remote', not both
+            HttpURI =  {
+               Service = {
+                  Name = "<name of the upstream service>"
+                  Namespace = "<Consul namespace containing the usptream service>"
+                  Partition = "<Consul partition containing the upstream service>"
+               }
+               URI = "<URI of the plugin data>"
+               Timeout = "1s"
+            SHA256 = "<SHA256 for verifying the remote data>"
+            RetryPolicy = {
+                  RetryBackOff = {
+                     BaseInterval = "1s"
+                     MaxInterval = "10s" 
+                  }
+                  NumRetries = -1
+               }
+            }
+      Configuration = "<configuration passed to plugin on VM startup>"
+      EnvironmentVariables = {
+         HostEnvKeys = [ 
+            <"keys"> 
+         ]
+         KeyValues = {
+            [ 
+               <"key = value"> 
+            ]
+         }
+      }
+   Configuration = "<configuration passed to plugin on plugin startup>"
+   CapabilityRestrictionConfiguration = {
+      AllowedCapabilities = {
+         "fd_read"        = {}
+         "fd_seek"        = {}
+         "environ_get"    = {}
+         "clock_get_time" = {}
+      }
+   }
+}
+```
+
+## Specification
+
+This section provides details about the fields you can configure for the `wasm` extension.
+
+### `Protocol`
+
+Specifies the type of Wasm filter to apply. You can set either `tcp` or `http`. Set the `Protocol` to the protocol that the Wasm plugin implements when loaded by the filter. For Consul to apply the filter, the protocol must match the service’s protocol.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type is one of the following string values:
+  - `tcp`
+  - `http`
+
+### `ListenerType`
+
+Specifies the type of listener the extension applies to. The listener type is either `inbound` or `outbound`. If the listener type is set to `inbound`, Consul applies the extension so the Wasm plugin is run when other services in the mesh send messages to the service attached to the proxy. If the listener type is set to `outbound`, Consul applies the extension so the Wasm plugin is run when the attached proxy sends messages to other services in the mesh. 
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type is one of the following string values:
+  - `inbound`
+  - `outbound`
+
+### `ProxyType`
+
+Specifies the type of Envoy proxy that the extension applies to. The only supported value is `connect-proxy`.
+
+#### Values
+
+- Default: `connect-proxy`
+- This field is required.
+- Data type: String 
+
+### `PluginConfig{}`
+
+Map containing the following configuration parameters for your Wasm plugin:
+
+- [`Name`](#pluginconfig-name)
+- [`RootID`](#pluginconfig-rootid)
+- [`VmConfig`](#pluginconfig-vmconfig)
+- [`Configuration`](#pluginconfig-configuration)
+- [`CapabilitiesRestrictionConfiguration`](#pluginconfig-capabilitiesrestrictionconfiguration)
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+### `PluginConfig{}.Name`
+
+Specifies a unique name for a filter in a VM. Envoy uses the name to identify specific filters if multiple filters are processed on a VM with the same `VmID` and `RootID`. The name also appears in logs for debugging purposes.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `PluginConfig{}.RootID`
+
+Specifies a unique ID for a set of filters in a VM that share a `RootContext` and `Contexts`, such as a Wasm `HttpFilter` and a Wasm `AccessLog`, if applicable. All filters with the same `RootID` and `VmID` share `Context`s.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `PluginConfig{}.VmConfig{}`
+
+Map containing the following configuration parameters for the VM that runs your Wasm plugin:
+
+- [`VmID`](#pluginconfig-vmconfig-vmid)
+- [`Runtime`](#pluginconfig-vmconfig-runtime)
+- [`Code`](#pluginconfig-vmconfig-code)
+- [`Configuration`](#pluginconfig-vmconfig-configuration)
+- [`EnvironmentVariables`](#pluginconfig-vmconfig-environmentvariables)
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+### `PluginConfig{}.VmConfig{}.VmID`
+
+Specifies an ID that Envoy uses with a hash of the Wasm code to determine which VM runs the plugin. All plugins with the same `VmID` and `Code` use the same VM. If unspecified, all plugins with the same code run in the same VM.  Sharing a VM between plugins may have security implications, but can reduce memory utilization and can make data sharing easier.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `PluginConfig{}.VmConfig{}.Runtime`
+
+Specifies the type of Wasm runtime. 
+#### Values
+
+- Default: `v8`
+- Data type is one of the following string values:
+  - `v8`
+  - `wastime`
+  - `wamr`
+  - `wavm`
+
+### `PluginConfig{}.VmConfig{}.Code{}`
+
+Map containing one of the following configuration parameters:
+
+- [`Local`](#pluginconfig-vmconfig-code-local)
+- [`Remote`](#pluginconfig-vmconfig-code-local)
+
+You can configure either `Local` or `Remote`, but not both. The `Code` block instructs Consul how to find the Wasm plugin code for Envoy to execute. 
+
+#### Values
+
+- Default: None
+- This field is  required.
+- Data type is a map containing one of the following configurations:
+  - [`Local`](#pluginconfig-vmconfig-code-local)
+  - [`Remote`](#pluginconfig-vmconfig-code-local)
+
+### `PluginConfig{}.VmConfig{}.Code{}.Local{}`
+
+Instructs Envoy to load the plugin code from a local volume. Do not configure the `Local` parameter if the plugin code is on a remote server. 
+
+The `Local` field is a map that contains a `Filename` parameter. The `Filename` parameter takes a string value that specifies the path to the plugin on the local file system. 
+
+Local plug-ins are not supported in Kubernetes-orchestrated environments.
+
+#### Values
+
+- Default: None
+- Data type is a map containing the `Filename` parameter. The `Filename` parameter takes a string value that specifies the path to the plugin on the local file system.
+
+### `PluginConfig{}.VmConfig{}.Code{}.Remote{}`
+
+Instructs Envoy to load the plugin code from a remote server. Do not configure the `Remote` parameter if the plugin code is on the local VM. 
+
+The `Remote` field is a map containing the following parameters:
+
+- [`HttpURI`](#pluginconfig-vmconfig-code-remote-httpuri)
+- [`SHA256`](#pluginconfig-vmconfig-code-remote-sha256)
+- [`RetryPolicy`](#pluginconfig-vmconfig-code-remote-retrypolicy)
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.HttpURI{}`
+
+Specifies the configuration for fetching the remote data. The `HttpURI` field is a map containing the following parameters:
+
+- [`Service`](#pluginconfig-vmconfig-code-remote-httpuri-service)
+- [`URI`](#pluginconfig-vmconfig-code-remote-httpuri-uri)
+- [`Timeout`](#pluginconfig-vmconfig-code-remote-httpuri-uri)
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.HttpURI{}.Service`
+
+Specifies the upstream service to fetch the remote plugin from. 
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+The following table describes the fields you can specify in the `Service` map:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `Name` | Specifies the name of the upstream service. | String | None |
+| `Namespace` | <EnterpriseAlert inline/> Specifies the Consul namespace that the upstream service belongs to. | String | `default` |
+| `Partition` | <EnterpriseAlert inline/> Specifies the Consul admin partition that the upstream service belongs to. | String | `default` |
+
+### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.HttpURI{}.URI`
+
+Specifies the URI Envoy uses to fetch the plugin file from the upstream. This field is required for Envoy to retrieve plugin code from a remote location. You must specify the fully-qualified domain name (FDQN) of the remote URI, which includes the protocol, host, and path.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String value that specifies a FDQN
+
+### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.HttpURI{}.Timeout`
+
+Specifies the maximum duration that a response can take to complete the request for the plugin data. 
+
+#### Values
+
+- Default: `1s`
+- Data type: String
+
+### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.SHA256`
+
+Specifies the required SHA256 string for verifying the remote data.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String
+
+### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.RetryPolicy{}`
+
+Defines a policy for retrying requests to the upstream service when fetching the plugin data. The `RetryPolicy` field is a map containing the following parameters:
+
+- [`RetryBackoff`](#pluginconfig-vmconfig-code-remote-retrypolicy)
+- [`NumRetries`](#pluginconfig-vmconfig-code-remote-numretries)
+
+#### Values
+
+- Default: None
+- Data type: Map
+### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.RetryPolicy{}.RetryBackOff{}`
+
+Specifies parameters that control retry backoff strategy. 
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+The following table describes the fields you can specify in the `RetryBackOff` map:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `BaseInterval` | Specifies the base interval for determining the next backoff computation. Set a value greater than `0` and less than or equal to the `MaxInterval` value.  | String | `1s` |
+| `MaxInterval` | Specifies the maximum interval between retries. Set the value greater than or equal to the `BaseInterval` value. | String | `10s` |
+
+### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.RetryPolicy{}.NumRetries`
+
+Specifies the number of times Envoy retries to fetch plugin data if the initial attempt is unsuccessful.
+
+#### Values
+
+- Default: `1`
+- Data type: Integer
+
+### `PluginConfig{}.VmConfig{}.Configuration`
+
+Specifies the configuration Envoy encodes as bytes and passes to the plugin during VM startup. Refer to [`proxy_on_vm_start` in the Proxy Wasm ABI documentation](https://github.com/proxy-wasm/spec/tree/master/abi-versions/vNEXT#proxy_on_vm_start) for additional information.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String
+
+### `PluginConfig{}.VmConfig{}.EnvironmentVariables{}`
+
+Specifies environment variables for Enovy to inject into this VM so that they are available through WASI’s `environ_get` and `environ_get_sizes` system calls. 
+
+In most cases, WASI calls the functions implicitly in your language’s standard library. As a result, you do not need to call them directly. You can also access environment variables as you would on native platforms. 
+
+Envoy rejects the configuration if there’s conflict of key space.
+
+The `EnvironmentVariables` field is a map containing parameters for setting the keys and values.
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+The following table describes the parameters contained in the `EnvironmentVariables` map:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `HostEnvKeys` | Specifies a list of Envoy environment variable keys to expose to the VM. If a key exists in Envoy’s environment variables, then the key-value pair is injected. Envoy ignores `HostEnvKeys` that do not exist in its environment variables. | List | None |
+| `KeyValues` | Specifies a map of explicit key-value pairs to inject into the VM. | <nobr>Map of </nobr>string keys and values | None |
+
+### `PluginConfig{}.Configuration`
+
+Specifies the configuration Consul encodes as bytes and passes to the plugin during plugin startup. Refer to [`proxy_on_configure` in the Envoy documentation](https://github.com/proxy-wasm/spec/tree/master/abi-versions/vNEXT#proxy_on_configure) for additional information.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `PluginConfig{}.CapabilityRestrictionConfiguration{}`
+
+Specifies a configuration for restricting the proxy-Wasm capabilities that are available to the module. 
+
+The `CapabilityRestrictionConfiguration` field is a map that contains a `AllowedCapabilities` parameter. The `AllowedCapabilities` parameter takes a map of string values that correspond to Envoy capability names. Refer to the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/wasm/v3/wasm.proto#extensions-wasm-v3-capabilityrestrictionconfig) for additional information.
+
+!> **Security warning**: Consul ignores the value that each capability maps to. You can leave the `AllowedCapabilities` empty to allow all capabilities, but doing so gives the configured plugin full unrestricted access to the runtime API provided by the Wasm VM. You must set this to a non-empty map if you want to restrict access to specific capabilities provided by the Wasm runtime API.  
+
+#### Values
+
+- Default: `""`
+- Data type is a map containing the `AllowedCapabilities` parameter. The `AllowedCapabilities` parameter takes a map of string values that correspond to Envoy capability names. Refer to the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/wasm/v3/wasm.proto#extensions-wasm-v3-capabilityrestrictionconfig) for additional information. 
+
+## Examples
+
+The following examples demonstrate patterns that you may be able to model your configurations on.
+
+### Run a Wasm plugin from a local file
+
+In the following example, Consul figures the Envoy proxy for the `db` service with an inbound TCP Wasm filter that uses the plugin code from the local `/consul/extensions/sqli.wasm` file.
+
+```hcl
+
+Kind = "service-defaults"
+Name = "db"
+Protocol = "tcp"
+EnvoyExtensions = [
+  {
+    Name      = "builtin/wasm"
+    Required  = true
+    Arguments = {
+      Protocol = "tcp"
+      ListenerType = “inbound”
+      PluginConfig = {
+        VmConfig = {
+          Code = {
+            Local = {
+              Filename = "file:///consul/extensions/sqli.wasm"
+            }
+          }
+        }
+        Configuration = <<EOF
+{
+  "key": "value"
+}
+EOF
+      }
+    }
+  }
+]
+```
+
+### Run a Wasm plugin from a remote file
+
+In the following example, Consul configures the Envoy proxy for all HTTP services with an HTTP Wasm filter. The filter uses the plugin code from a remote `https://extension-server/waf.wasm` file. The Envoy proxy for each service fetches the remote file and verify the SHA256 checksum. The proxy times if Consul cannot fetch the remote plugin after three seconds. 
+
+```hcl
+Kind   = "proxy-defaults"
+Name   = "global"
+EnvoyExtensions = [
+  {
+    Name      = "builtin/wasm"
+    Arguments = {
+      Protocol = "http"
+      ListenerType = “inbound”
+      PluginConfig = {
+        VmConfig = {
+          Code = {
+            Remote = {
+              HttpURI = {
+                URI     = "https://extension-server/waf.wasm"
+                Timeout = "3s"
+              }
+              SHA256 = "ef57657e..."
+            }
+          }
+        }
+        Configuration = "..."
+      }
+    }
+  }
+]
+```
diff --git a/website/content/docs/connect/proxies/envoy-extensions/index.mdx b/website/content/docs/connect/proxies/envoy-extensions/index.mdx
index 86648f9a9717..eb8056ee659b 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/index.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/index.mdx
@@ -18,15 +18,30 @@ Instead of modifying Consul code, you can configure your services to use Envoy e
 
 ## Supported extensions
 
-Envoy extensions enable additional service mesh functionality in Consul by changing how the sidecar proxies behave. Extensions invoke custom code when traffic passes through an Envoy proxy. Consul supports the following extensions:
+Envoy extensions enable additional service mesh functionality in Consul by changing how the sidecar proxies behave. Extensions dynamically modify the configuration of Envoy proxies based on Consul configuration entries, enabling a wider set of use cases for the service mesh  traffic that passes through an Envoy proxy. Consul supports the following extensions:
 
+- External authorization
 - Lua
 - Lambda
+- Property override
+- WebAssembly (Wasm) 
 
-### Lua
+### External authorization
 
-The `lua` Envoy extension enables HTTP Lua filters in your Consul Envoy proxies. It allows you to run Lua scripts during Envoy requests and responses from Consul-generated Envoy resources. Refer to the [`lua`](/consul/docs/connect/proxies/envoy-extensions/usage/lua) documentation for more information.
+The `ext-authz` extension lets you configure external authorization filters for Envoy proxy so that you can route requests to external authorization systems. Refer to the [external authorization documentation](/consul/docs/connect/proxies/envoy-extensions/usage/ext-authz) for more information.
 
 ### Lambda
 
-The `lambda` Envoy extension enables services to make requests to AWS Lambda functions through the mesh as if they are a normal part of the Consul catalog. Refer to the [`lambda`](/consul/docs/connect/proxies/envoy-extensions/usage/lambda) documentation for more information.
+The `lambda` Envoy extension enables services to make requests to AWS Lambda functions through the mesh as if they are a normal part of the Consul catalog. Refer to the [Lambda extension documentation](/consul/docs/connect/proxies/envoy-extensions/usage/lambda) for more information.
+
+### Lua
+
+The `lua` Envoy extension enables HTTP Lua filters in your Consul Envoy proxies. It allows you to run Lua scripts during Envoy requests and responses from Consul-generated Envoy resources. Refer to the [Lua extension documentation](/consul/docs/connect/proxies/envoy-extensions/usage/lua) for more information.
+
+### Property override
+
+The `property-override` extension lets you set and unset individual properties pm the Envoy resources that Consul generates. Use the extension instead of [escape-hatch overrides](/consul/docs/connect/proxies/envoy#escape-hatch-overrides) to enable advanced Envoy configuration. Refer to the [property override documentation](/consul/docs/connect/proxies/envoy-extensions/usage/property-override) for more information.
+
+### WebAssembly
+
+The `wasm` extension enables you to configure TCP and HTTP filters that invoke custom WebAssembly (Wasm) plugins. Refer to the [WebAssembly extenstion documentation](/consul/docs/connect/proxies/envoy-extensions/usage/wasm) for more information.
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
new file mode 100644
index 000000000000..f3cc5432846b
--- /dev/null
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
@@ -0,0 +1,147 @@
+---
+layout: docs
+page_title: Delegate authorization to an external service
+description: Learn how to use the `ext-authz` Envoy extension to delegate data plane authorization requests to external systems. 
+---
+
+# Delegate authorization to an external service
+
+This topic describes how to use the external authorization Envoy extension to delegate data plane authorization requests to external systems. 
+
+## Workflow
+
+Complete the following steps to use the external authorization extension:
+
+1. Configure an `EnvoyExtensions` block in a service defaults or proxy defaults configuration entry. 
+1. Apply the configuration entry.
+
+## Add the `EnvoyExtensions`
+
+Add Envoy extension configurations to a proxy defaults or service defaults configuration entry. Place the extension configuration in an `EnvoyExtensions` block in the configuration entry.
+
+- When you configure Envoy extensions on proxy defaults, they apply to every service.
+- When you configure Envoy extensions on service defaults, they apply to a specific service.
+
+Consul applies Envoy extensions configured in proxy defaults before it applies extensions in service defaults. As a result, the Envoy extension configuration in service defaults may  override configurations in proxy defaults.
+
+The following example shows a service defaults configuration entry for the `api` service that directs the Envoy proxy to make gRPC authorization requests to the `authz` service:
+
+<Tabs>
+<Tab heading="HCL" group="hcl">
+<CodeBlockConfig filename="api-auth-service-defaults.hcl">
+
+```hcl
+Kind = "service-defaults"
+Name = "api"
+EnvoyExtensions = [
+  {
+    Name = "builtin/ext-authz"
+    Arguments = {
+      ProxyType = "connect-proxy"
+      Config = {
+        GrpcService = {
+          Target = {
+            Service = {
+              Name = "authz"
+            }
+          }
+        }
+      }
+    }
+  }
+]
+```
+</CodeBlockConfig>
+</Tab>
+<Tab heading="HCL" group="hcl">
+<CodeBlockConfig filename="api-auth-service-defaults.json">
+
+```json
+"Kind": "service-defaults",
+"Name": "api",
+"EnvoyExtensions": [{
+  "Name": "builtin/ext-authz",
+  "Arguments": {
+    "ProxyType": "connect-proxy",
+    "Config": {
+      "GrpcService": {
+        "Target": {
+          "Service": {
+            "Name": "authz"
+            }
+          }
+        }
+      }
+    }
+  }
+]
+```
+
+</CodeBlockConfig>
+</Tab>
+<Tab heading="Kubernetes" group="yaml">
+<CodeBlockConfig filename="api-auth-service-defaults">
+
+```yaml
+kind: ServiceDefaults
+name: api
+envoyExtensions:
+  - name: builtin/ext-authz
+    arguments:
+      proxyType: connect-proxy
+      config:
+        grpcService:
+          target:
+            service:
+              name: authz
+```
+</CodeBlockConfig>
+</Tab>
+</Tabs>
+
+Refer to the [external authorization extension configuration reference](/consul/docs/connect/proxies/envoy-extensions/configuration/ext-authz) for details on how to configure the extension. 
+
+Refer to the [proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) and [service defaults configuration entry reference](/consul/docs/connect/config-entries/service-defaults) for details on how to define the configuration entries. 
+
+!> **Warning:** Adding Envoy extensions default proxy configurations may have unintended consequences. We recommend configuring `EnvoyExtensions` in service defaults configuration entries in most cases.
+
+### Unsupported Envoy configuration fields
+
+The following Envoy configurations are not supported:
+
+| Configuration | Workaround |
+| --- | --- |
+| `deny_at_disable` | Disable filter by removing it from the service’s configuration in the configuration entry. |
+| `failure_mode_allow` | Set the `EnvoyExtension.Required` field to `true` in the [service defaults configuration entry](/consul/docs/connect/config-entries/service-defaults#envoyextensions) or [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions). |
+| `filter_enabled` | Set the `EnvoyExtension.Required` field to `true` in the [service defaults configuration entry](/consul/docs/connect/config-entries/service-defaults#envoyextensions) or [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions). |
+| `filter_enabled_metadata` | Set the `EnvoyExtension.Required` field to `true` in the [service defaults configuration entry](/consul/docs/connect/config-entries/service-defaults#envoyextensions) or [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions). |
+| `transport_api_version` | Consul only supports v3 of the transport API. As a result, there is no workaround for implement the behavior of this field. |
+
+## Apply the configuration entry
+
+If your network is deployed to virtual machines, use the `consul config write` command and specify the proxy defaults or service defaults configuration entry to apply the configuration. For Kubernetes-orchestrated networks, use the `kubectl apply` command. The following example applies the extension in a proxy defaults configuration entry.
+
+<Tabs>
+<Tab heading="HCL" group="hcl">
+
+```shell-session
+$ consul config write api-auth-service-defaults.hcl
+```
+
+</Tab>
+<Tab heading="JSON" group="json">
+
+```shell-session
+$ consul config write api-auth-service-defaults.json
+
+```
+
+</Tab>
+<Tab heading="Kubernetes" group="kubernetes">
+
+```shell-session
+$ kubectl apply api-auth-service-defaults.yaml
+```
+
+</Tab>
+</Tabs>
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
new file mode 100644
index 000000000000..0166f84ec193
--- /dev/null
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
@@ -0,0 +1,203 @@
+---
+layout: docs
+page_title: Configure Envoy proxy properties
+description: Learn how to use the property-override extension for Envoy proxies to set and remove individual properties for the Envoy resources Consul generates.
+---
+
+# Configure Envoy proxy properties
+
+This topic describes how to use the `property-override` extension to set and remove individual properties for the Envoy resources Consul generates. The extension uses the [protoreflect](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect), which enables Consul to dynamically manipulate messages.
+
+## Workflow
+
+- Complete the following steps to use the `property-override` extension:
+- Configure an `EnvoyExtensions` block in a service defaults or proxy defaults configuration entry. 
+- Apply the configuration entry.
+
+!> **Security warning**: The property override extension is an advanced feature capable of introducing unintended consequences or reducing cluster security if used incorrectly. Consul does not enforce TLS retention, intentions, or other security-critical components of the Envoy configuration. Additionally, Consul does not verify that the configuration does not contain errors that affect service traffic.
+
+## Add the `EnvoyExtensions`
+
+Add Envoy extension configurations to a proxy defaults or service defaults configuration entry. Place the extension configuration in an `EnvoyExtensions` block in the configuration entry.
+
+- When you configure Envoy extensions on proxy defaults, they apply to every service.
+- When you configure Envoy extensions on service defaults, they apply to a specific service.
+
+Consul applies Envoy extensions configured in proxy defaults before it applies extensions in service defaults. As a result, the Envoy extension configuration in service defaults may  override configurations in proxy defaults.
+
+In the following service defaults configuration entry example, Consul adds a new `/upstream_connection_options/tcp_keepalive/keepalive_probes-5` field to each of the proxy's cluster configuration for the outbound `db`service upstream. The configuration applies to all `connect-proxy` proxies with services configured to communicate over HTTP:
+
+<Tabs>
+<Tab heading="HCL" group="hcl">
+<CodeBlockConfig filename="property-override-extension-service-defaults.hcl">
+
+```hcl
+Kind = "service-defaults"
+Name = "global"
+Protocol  = "http"
+EnvoyExtensions = [ 
+  {
+    Name = "builtin/property-override"
+    Arguments = {
+      ProxyType = "connect-proxy",
+      Patches = [
+        {
+          ResourceFilter  = {
+	     ResourceType  = "cluster", 
+            TrafficDirection  = "outbound"
+            Services = [{
+               Name =  "other-svc"
+            }],
+          Op = "add"
+          Path = "/upstream_connection_options/tcp_keepalive/keepalive_probes",
+          Value = 5,
+        }
+      ]  
+   }
+]
+```
+</CodeBlockConfig>
+</Tab>
+
+<Tab heading="JSON" group="json">
+<CodeBlockConfig filename="property-override-extension-service-defaults.json">
+
+```json
+"kind": "service-defaults",
+"name": "global",
+"protocol": "http",
+"envoy_extensions": [{
+  "name": "builtin/property-override",
+  "arguments": {
+    "proxyType": "connect-proxy",
+    "patches": [{
+      "resourceFilter": {
+        "resourceType": "cluster", 
+        "trafficDirection": "outbound",
+        "services": [{ "name":  "other-svc" }],
+        "op": "add",
+        "path": "/upstream_connection_options/tcp_keepalive/keepalive_probes",
+        "value": 5
+       }
+    }]
+  }
+}]
+```
+</CodeBlockConfig>
+</Tab>
+<Tab heading="Kubernetes" group="kubernetes">
+<CodeBlockConfig filename="property-override-extension-proxy-defaults.yaml">
+
+```yaml
+apiversion: consul.hashicorp.com/v1alpha1
+kind: ServiceDefaults
+metadata:
+  name: global
+spec:
+  protocol: http
+  envoyExtensions:
+    name = "builtin/property-override"
+    arguments: 
+      proxyType: "connect-proxy",
+      patches: 
+      - resourceFilter: 
+          resourceType: "cluster" 
+          trafficDirection: "outbound"
+          services: 
+            - name:  "other-svc"
+        op: "add"
+        path: "/upstream_connection_options/tcp_keepalive/keepalive_probes",
+        value: 5
+```
+
+</CodeBlockConfig>
+</Tab>
+</Tabs>
+
+
+Refer to the [property override configuration reference](/consul/docs/connect/proxies/envoy-extensions/configuration/property-override) for details on how to configure the extension. 
+
+Refer to the [proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) and [service defaults configuration entry reference](/consul/docs/connect/config-entries/service-defaults) for details on how to define the configuration entries. 
+
+!> **Warning:** Adding Envoy extensions default proxy configurations may have unintended consequences. We recommend configuring `EnvoyExtensions` in service defaults configuration entries in most cases.
+
+### Constructing paths
+
+To target the properties for an Envoy resource type, you must specify the path where the properties exist in the [`Path` field](/consul/docs/connect/proxies/envoy-extensions/configuration/property-override#patches-path) of the property override extension configuration. Set the `Path` field to an empty or partially invalid string when saving the configuration entry and Consul returns an error with a list of supported fields for the first unrecognized segment of the path. By default, Consul only returns the first ten fields, but you can set the [`Debug` field](/consul/docs/connect/proxies/envoy-extensions/configuration/property-override#debug) to `true`  to direct Consul to output all possible fields. 
+
+In the following example, Consul outputs the top-level fields available for the Envoy cluster resource:
+
+```hcl
+Kind = "service-defaults"
+Name = "api"
+EnvoyExtensions = [
+  {
+    Name = "builtin/property-override"
+    Arguments = {
+      ProxyType = "connect-proxy"
+      Patches = [
+        {
+          ResourceFilter = {
+            ResourceType = "cluster"
+            TrafficDirection = "outbound"
+          }
+          Op = "add"
+          Path =  ""
+          Value =  5
+         }
+      ]
+    }
+  }
+]
+```
+
+After applying the configuration entry, Consul prints a message that includes the possible fields for the resource:
+
+```shell-session
+$ consul config write api.hcl
+non-empty, non-root Path is required. available cluster fields:
+/outlier_detection
+/outlier_detection/enforcing_consecutive_5xx
+/outlier_detection/failure_percentage_request_volume
+/round_robin_lb_config
+/round_robin_lb_config/slow_start_config
+```
+
+You can use the output to help you construct the appropriate value for the `Path` field. For example:
+
+```shell-session
+$ consul config write api.hcl | grep round_robin
+/round_robin_lb_config
+```
+
+
+
+
+## Apply the configuration entry
+
+If your network is deployed to virtual machines, use the `consul config write` command and specify the proxy defaults or service defaults configuration entry to apply the configuration. For Kubernetes-orchestrated networks, use the `kubectl apply` command. The following example applies the extension in a proxy defaults configuration entry.
+
+<Tabs>
+<Tab heading="HCL" group="hcl">
+
+```shell-session
+$ consul config write property-override-extension-service-defaults.hcl
+```
+
+</Tab>
+<Tab heading="JSON" group="json">
+
+```shell-session
+$ consul config write property-override-extension-service-defaults.json
+
+```
+
+</Tab>
+<Tab heading="Kubernetes" group="kubernetes">
+
+```shell-session
+$ kubectl apply property-override-extension-service-defaults.yaml
+```
+
+</Tab>
+</Tabs>
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/wasm.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/wasm.mdx
new file mode 100644
index 000000000000..de899efe48c6
--- /dev/null
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/wasm.mdx
@@ -0,0 +1,191 @@
+---
+layout: docs
+page_title: Run WebAssembly plug-ins in Envoy proxy
+description: Learn how to use the Consul wasm extension for Envoy, which directs Consul to run your WebAssembly (Wasm) plugins for Envoy proxies in your service mesh.
+---
+
+
+# Run WebAssembly plug-ins in Envoy proxy     
+
+This topic describes how to use the `wasm` extension, which directs Consul to run your WebAssembly (Wasm) plug-ins for Envoy proxies. 
+
+## Workflow
+
+You can create Wasm plugins for Envoy and integrate them using the `wasm` extension. Wasm is a binary instruction format for stack-based virtual machines that has the potential to run anywhere after it has been compiled. Wasm plug-ins run as filters in a service mesh application's sidecar proxy.
+
+The following steps describe the process of integrating Wasm plugins:
+
+- Create your Wasm plugin. You must ensure that your plugin functions as expected. Refer to the [WebAssembly website](https://webassembly.org/) for information and links to documentation.
+- Configure an `EnvoyExtensions` block in a service defaults or proxy defaults configuration entry. 
+- Apply the configuration entry.
+
+## Add the `EnvoyExtensions`
+
+Add Envoy extension configuration to a proxy defaults or service defaults configuration entry. Place the extension configuration in an `EnvoyExtensions` block in the configuration entry.
+
+- When you configure Envoy extensions on proxy defaults, they apply to every service.
+- When you configure Envoy extensions on service defaults, they apply to a specific service.
+
+Consul applies Envoy extensions configured in proxy defaults before it applies extensions in service defaults. As a result, the Envoy extension configuration in service defaults may override configurations in proxy defaults.
+
+In the following example, the extension uses an upstream service named `file-server` to serve a Wasm-based web application firewall (WAF). 
+
+<Tabs>
+<Tab heading="HCL" group="hcl">
+<CodeBlockConfig filename="wasm-extension-serve-waf.hcl">
+
+```hcl
+Kind = "service-defaults"
+Name = "api"
+Protocol = "http"
+EnvoyExtensions = [
+  {
+    Name = "builtin/wasm"
+    Arguments = {
+      Protocol = "http"
+      ListenerType = "inbound"
+      PluginConfig = {
+        VmConfig = {
+          Code = {
+            Remote = {
+              HttpURI = {
+                Service = {
+                  Name = "file-server"
+                }
+                URI = "https://file-server/waf.wasm"
+              }
+              SHA256  = "c9ef17f48dcf0738b912111646de6d30575718ce16c0cbde3e38b21bb1771807"
+            }
+          }
+        }
+      Configuration =  <<EOF
+{
+  "rules": [
+    "Include @demo-conf",
+    "Include @crs-setup-demo-conf",
+    "SecDebugLogLevel 9",
+    "SecRuleEngine On",
+    "Include @owasp_crs/*.conf"
+  ]
+}
+EOF
+      }
+    }
+  }
+]
+```
+</CodeBlockConfig>
+</Tab>
+<Tab heading="JSON" group="json">
+<CodeBlockConfig filename="wasm-extension-serve-waf.json">
+
+```json
+{
+	"kind": "service-defaults",
+	"name": "api",
+	"protocol": "http",
+	"envoyExtensions": [{
+		"name": "builtin/wasm",
+		"arguments": {
+			"protocol": "http",
+			"listenerType": "inbound",
+			"pluginConfig": {
+				"VmConfig": {
+					"Code": {
+						"Remote": {
+							"HttpURI": {
+								"Service": {
+									"Name": "file-server"
+								},
+								"URI": "https://file-server/waf.wasm"
+							}
+						}
+					}
+				},
+				"Configuration": {
+					"rules": [
+						"Include @demo-conf",
+						"Include @crs-setup-demo-conf",
+						"SecDebugLogLevel 9",
+						"SecRuleEngine On",
+						"Include @owasp_crs/*.conf"
+					]
+				}
+
+			}
+		}
+	}]
+}
+```
+
+
+</CodeBlockConfig>
+</Tab>
+<Tab heading="YAML" group="yaml">
+<CodeBlockConfig filename="wasm-extension-serve-waf.yaml">
+
+```yaml
+kind: service-defaults
+name: api
+protocol: http
+envoyExtensions:
+  - name: builtin/wasm
+    required: true
+    arguments:
+      protocol: http
+      listenerType: inbound
+      pluginConfig:
+        VmConfig:
+          Code:
+            Remote:
+              HttpURI:
+                Service:
+                  Name: file-server
+                  URI: https://file-server/waf.wasm
+         Configuration:
+           rules:
+           - Include @demo-conf
+           - Include @crs-setup-demo-conf
+           - SecDebugLogLevel 9
+           - SecRuleEngine On
+           - Include @owasp_crs/*.conf
+```
+
+</CodeBlockConfig>
+</Tab>
+</Tabs>
+
+
+Refer to the [Wasm extension configuration reference](/consul/docs/connect/proxies/envoy-extensions/configuration/wasm) for details on how to configure the extension. 
+
+Refer to the [proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) and [service defaults configuration entry reference](/consul/docs/connect/config-entries/service-defaults) for details on how to define the configuration entries. 
+
+!> **Warning:** Adding Envoy extensions default proxy configurations may have unintended consequences. We recommend configuring `EnvoyExtensions` in service defaults configuration entries in most cases.
+
+## Apply the configuration entry
+
+If your network is deployed to virtual machines, use the `consul config write` command and specify the proxy defaults or service defaults configuration entry to apply the configuration. For Kubernetes-orchestrated networks, use the `kubectl apply` command. The following example applies the extension in a proxy defaults configuration entry.
+
+<Tabs>
+<Tab heading="HCL" group="hcl">
+
+```shell-session
+$ consul config write wasm-extension-serve-waf.hcl
+```
+
+</Tab>
+<Tab heading="JSON" group="json">
+
+```shell-session
+$ consul config write wasm-extension-serve-waf.json
+```
+
+</Tab>
+<Tab heading="Kubernetes" group="kubernetes">
+
+```shell-session
+$ kubectl apply wasm-extension-serve-waf.yaml
+```
+
+</Tab>
+</Tabs>
diff --git a/website/content/docs/enterprise/license/utilization-reporting.mdx b/website/content/docs/enterprise/license/utilization-reporting.mdx
new file mode 100644
index 000000000000..50db53860979
--- /dev/null
+++ b/website/content/docs/enterprise/license/utilization-reporting.mdx
@@ -0,0 +1,168 @@
+---
+page_title: Automated license utilization reporting
+description: >-
+  Learn what data HashiCorp collects to meter Enterprise license utilization. Enable or disable reporting. Review sample payloads and logs.
+---
+
+# Automated license utilization reporting
+
+Automated license utilization reporting sends license utilization data to HashiCorp without requiring you to manually collect and report them. It also enables you to review your license usage with the monitoring solution you already use, such as Splunk and Datadog, as you optimize and manage your deployments. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption.  
+
+Automated reporting shares the minimum data required to validate license utilization as defined in our contracts. This data mostly consists of computed metrics, and it will never contain Personal Identifiable Information (PII) or other sensitive information. Automated reporting shares the data with HashiCorp using a secure unidirectional HTTPS API and makes an auditable record in the product logs each time it submits a report.
+
+## Enable automated reporting
+
+Before you enable automated reporting, make sure that outbound network traffic is configured correctly and upgrade your enterprise product to a version that supports it. If your installation is air-gapped or network settings are not in place, automated reporting will not work. 
+
+To enable automated reporting, complete the following steps:
+
+1. [Allow outbound HTTPS traffic on port 443](#allow-outbound-https-traffic)
+1. Upgrade to Consul Enterprise v1.16.0 or newer (#upgrade-to-consul-enterprise)
+1. Check product logs(#check-product-logs)
+
+### Allow outbound HTTPS traffic on port 443
+
+Make sure that your network allows HTTPS egress on port 443 from `https://reporting.hashicorp.services` by allow-listing the following IP addresses:
+
+- `100.20.70.12`
+- `35.166.5.222`
+- `23.95.85.111`
+- `44.215.244.1`
+
+### Upgrade to Consul Enterprise v1.16.0 or newer
+
+Upgrade to a release that supports license utilization reporting. These [releases](https://releases.hashicorp.com/consul/) include:
+
+- Consul Enterprise 1.16.0 and newer.
+- Consul Enterprise 1.15.4 and newer.
+- Consul Enterprise 1.14.8 and newer.
+- Consul Enterprise 1.13.9 and newer.
+
+### Check product logs
+
+Automatic license utilization reporting starts sending data within 24 hours. Check the product logs for records that the data sent successfully.
+
+<CodeBlockConfig hideClipboard>
+
+```
+[DEBUG] beginning snapshot export
+[DEBUG] creating payload
+[DEBUG] marshalling payload to json
+[DEBUG] generating authentication headers
+[DEBUG] creating request
+[DEBUG] sending request
+[DEBUG] performing request: method=POST url=https://census.license.hashicorp.services
+[DEBUG] recording audit record
+[INFO]  reporting: Report sent: auditRecord={"payload":{"payload_version":"1","license_id":"d2cdd857-4202-5a45-70a6-e4b531050c34","product":"consul","product_version":"1.16.0-dev+ent","export_timestamp":"2023-05-26T20:09:13.753921087Z","snapshots":[{"snapshot_version":1,"snapshot_id":"0001J724F90F4XWQDSAA76ZQWA","process_id":"01H1CTJPC1S8H7Q45MKTJ689ZW","timestamp":"2023-05-26T20:09:13.753513962Z","schema_version":"1.0.0","service":"consul","metrics":{"consul.billable.nodes":{"key":"consul.billable.nodes","kind":"counter","mode":"write","value":2},"consul.billable.service_instances":{"key":"consul.billable.service_instances","kind":"counter","mode":"write","value":2}}}],"metadata":{}}}
+[DEBUG] completed recording audit record
+[DEBUG] export finished successfully"
+```
+
+</CodeBlockConfig>
+
+If your installation is air-gapped or your network does not allow the correct egress, the logs show an error. 
+
+<CodeBlockConfig hideClipboard>
+
+```
+[DEBUG] reporting: beginning snapshot export
+[DEBUG] reporting: creating payload
+[DEBUG] reporting: marshalling payload to json
+[DEBUG] reporting: generating authentication headers
+[DEBUG] reporting: creating request
+[DEBUG] reporting: sending request
+[DEBUG] reporting: performing request: method=POST url=https://census.license.hashicorp.services
+[DEBUG] reporting: error status code received: statusCode=403
+```
+
+</CodeBlockConfig>
+
+In this case, reconfigure your network to allow egress and check back in 24 hours. 
+
+## Opt out
+
+If your installation is air-gapped or you want to manually collect and report on the same license utilization metrics, you can opt out of automated reporting. 
+
+Manually reporting these metrics can be time consuming. Opting out of automated reporting does not mean that you also opt out from sending license utilization metrics. Customers who opt out of automated reporting are still required to manually collect and send license utilization metrics to HashiCorp. 
+
+If you are considering opting out because you are worried about the data, we strongly recommend that you review the [example payloads](#example-payloads) before opting out. If you have concerns with any of the automatically reported data, raise these concerns with your account manager. 
+
+There are two methods for opting out of automated reporting: 
+
+- HCL configuration (recommended)
+- Environment variable (requires restart)
+
+We recommend opting out in your product's configuration file because it does not require a system restart. Add the following block to your `configuration.hcl` or `configuration.json` file.
+
+```hcl
+reporting {
+	license {
+		enabled = false
+  }
+}
+```
+
+When you opt out using an environment variable, once you restart your system it will provide a startup message confirming that you have disabled automated reporting. Set the following environment variable to disable automated reporting:
+
+<CodeBlockConfig>
+
+```shell-session
+$ export OPTOUT_LICENSE_REPORTING=true
+```
+
+</CodeBlockConfig>
+
+After you set the environment variable, restart your system to complete the process for opting out.
+
+```shell-session
+$ consul reload
+```
+
+
+Check your product logs 24 hours after opting out to make sure that the system is not trying to send reports. Keep in mind that if your configuration file and environment variable differ, the environment variable setting takes precedence.
+
+## Example payloads
+
+HashiCorp collects the following utilization data as JSON payloads: 
+`exporter_version` - The version of the licensing exporter
+
+<CodeBlockConfig hideClipboard>
+
+```json
+{
+  "payload": {
+    "payload_version": "1",
+    "license_id": "d2cdd857-4202-5a45-70a6-e4b531050c34",
+    "product": "consul",
+    "product_version": "1.16.0-dev+ent",
+    "export_timestamp": "2023-05-26T20:09:13.753921087Z",
+    "snapshots": [
+      {
+        "snapshot_version": 1,
+        "snapshot_id": "0001J724F90F4XWQDSAA76ZQWA",
+        "process_id": "01H1CTJPC1S8H7Q45MKTJ689ZW",
+        "timestamp": "2023-05-26T20:09:13.753513962Z",
+        "schema_version": "1.0.0",
+        "service": "consul",
+        "metrics": {
+          "consul.billable.nodes": {
+            "key": "consul.billable.nodes",
+            "kind": "counter",
+            "mode": "write",
+            "value": 2
+          },
+          "consul.billable.service_instances": {
+            "key": "consul.billable.service_instances",
+            "kind": "counter",
+            "mode": "write",
+            "value": 2
+          }
+        }
+      }
+    ],
+    "metadata": {}
+  }
+}
+```
+
+</CodeBlockConfig>
\ No newline at end of file
diff --git a/website/content/partials/envoy_ext_rule_matcher.mdx b/website/content/partials/envoy_ext_rule_matcher.mdx
new file mode 100644
index 000000000000..1d97c34e4b8d
--- /dev/null
+++ b/website/content/partials/envoy_ext_rule_matcher.mdx
@@ -0,0 +1,9 @@
+<!-- Potentially adapt to all conf refs that use this matching scheme-->
+| Rule | Description | Data type | Default |
+| ---  | ---         | ---       | ---     |
+| `Contains` | Specifies a string that the input string must contain. | String | N/A |
+| `Exact` | Specifies a string that the input string must match exactly. | String | N/A |
+| `IgnoreCase` | Directs Envoy to ignore capitalization. If set to `true`, the other matching rules in the configuration are not case sensitive. This rule does not affect `SafeRegex`. | Boolean | `false` |
+| `Prefix` | Specifies a string that the input string must begin with. | String | N/A |
+| `SafeRegex` | Specifies a regular expression for matching the input string programmatically. Envoy supports [Google's RE2 regex engine](https://github.com/google/re2/wiki/Syntax). | String | N/A |
+| `Suffix` | Specifies a string that the input string must end with. | String | N/A |
\ No newline at end of file
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 20335f715b0e..edd16a4eb86f 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -394,14 +394,14 @@
         "path": "connect/configuration"
       },
       {
-        "title": "Configuration Entries",
+        "title": "Configuration entries",
         "routes": [
           {
             "title": "Overview",
             "path": "connect/config-entries"
           },
           {
-            "title": "API Gateway",
+            "title": "API gateway",
             "href": "/consul/docs/connect/gateways/api-gateway/configuration/api-gateway",
             "badge": {
               "text": "BETA",
@@ -410,7 +410,7 @@
             }
           },
           {
-            "title": "HTTP Route",
+            "title": "HTTP route",
             "href": "/consul/docs/connect/gateways/api-gateway/configuration/http-route",
             "badge": {
               "text": "BETA",
@@ -419,7 +419,7 @@
             }
           },
           {
-            "title": "TCP Route",
+            "title": "TCP route",
             "href": "/consul/docs/connect/gateways/api-gateway/configuration/tcp-route",
             "badge": {
               "text": "BETA",
@@ -428,7 +428,7 @@
             }
           },
           {
-            "title": "Inline Certificate",
+            "title": "Inline certificate",
             "href": "/consul/docs/connect/gateways/api-gateway/configuration/inline-certificate",
             "badge": {
               "text": "BETA",
@@ -437,7 +437,7 @@
             }
           },
           {
-            "title": "Ingress Gateway",
+            "title": "Ingress gateway",
             "path": "connect/config-entries/ingress-gateway"
           },
           {
@@ -445,36 +445,40 @@
             "path": "connect/config-entries/mesh"
           },
           {
-            "title": "Exported Services",
+            "title": "Exported services",
             "path": "connect/config-entries/exported-services"
           },
           {
-            "title": "Proxy Defaults",
+            "title": "Proxy defaults",
             "path": "connect/config-entries/proxy-defaults"
           },
           {
-            "title": "Service Defaults",
+            "title": "Service defaults",
             "path": "connect/config-entries/service-defaults"
           },
           {
-            "title": "Service Intentions",
+            "title": "Service intentions",
             "path": "connect/config-entries/service-intentions"
           },
           {
-            "title": "Service Resolver",
+            "title": "Service resolver",
             "path": "connect/config-entries/service-resolver"
           },
           {
-            "title": "Service Router",
+            "title": "Service router",
             "path": "connect/config-entries/service-router"
           },
           {
-            "title": "Service Splitter",
+            "title": "Service splitter",
             "path": "connect/config-entries/service-splitter"
           },
           {
-            "title": "Terminating Gateway",
+            "title": "Terminating gateway",
             "path": "connect/config-entries/terminating-gateway"
+          },
+          {
+            "title": "Control plane request limit",
+            "path": "connect/config-entries/control-plane-request-limit"
           }
         ]
       },
@@ -499,6 +503,10 @@
               {
                 "title": "Usage",
                 "routes": [
+                  {
+                    "title": "Delegate authorization to external services",
+                    "path": "connect/proxies/envoy-extensions/usage/ext-authz"
+                  },                  
                   {
                     "title": "Run Lua scripts in Envoy proxies",
                     "path": "connect/proxies/envoy-extensions/usage/lua"
@@ -506,8 +514,32 @@
                   {
                     "title": "Invoke Lambda functions in Envoy proxies",
                     "path": "connect/proxies/envoy-extensions/usage/lambda"
+                  },
+                  {
+                    "title": "Configure Envoy proxy properties",
+                    "path": "connect/proxies/envoy-extensions/usage/property-override"
+                  },
+                  {
+                    "title": "Run WebAssembly plug-ins in Envoy proxies",
+                    "path": "connect/proxies/envoy-extensions/usage/wasm"
+                  }                ]
+              },
+              {
+                "title": "Configuration",
+                "routes": [
+                  {
+                    "title": "External authorization",
+                    "path": "connect/proxies/envoy-extensions/configuration/ext-authz"
+                  },                  
+                  {
+                    "title": "Property override",
+                    "path": "connect/proxies/envoy-extensions/configuration/property-override"
+                  },                  
+                  {
+                    "title": "WebAssembly",
+                    "path": "connect/proxies/envoy-extensions/configuration/wasm"
                   }
-                ]
+                ]              
               }
             ]
           },
@@ -960,19 +992,36 @@
         ]
       },
       {
-        "title": "Limit Traffic Rates",
+        "title": "Limit traffic rates",
         "routes": [
           {
             "title": "Overview",
             "path": "agent/limits"
           },
           {
-            "title": "Initialize Rate Limit Settings",
-            "path": "agent/limits/init-rate-limits"
+            "title": "Usage",
+            "routes": [
+              {
+                "title": "Initialize rate limit settings",
+                "path": "agent/limits/usage/init-rate-limits"
+              },
+              {
+                "title": "Monitor traffic rate limits",
+                "path": "agent/limits/usage/monitor-rate-limits"
+              },
+              {
+                "title": "Set global traffic rate limits",
+                "path": "agent/limits/usage/set-global-traffic-rate-limits"
+              },
+              {
+                "title": "Limit traffic rates from source IP addresses",
+                "path": "agent/limits/usage/limit-request-rates-from-ips"
+              }    
+            ]
           },
           {
-            "title": "Set Global Traffic Rate Limits",
-            "path": "agent/limits/set-global-traffic-rate-limits"
+            "title": "Configuration",
+            "href": "/docs/connect/config-entries/control-plane-request-limit"
           }
         ]
       },
@@ -1607,6 +1656,10 @@
             "title": "Overview",
             "path": "enterprise/license/overview"
           },
+          {
+            "title": "Automated entitlement utilization reporting",
+            "path": "enterprise/license/utilization-reporting"
+          },
           {
             "title": "FAQ",
             "path": "enterprise/license/faq"

From c04c122ef3a02bd23dd63851923cf1e257003466 Mon Sep 17 00:00:00 2001
From: Chris Thain <32781396+cthain@users.noreply.github.com>
Date: Mon, 12 Jun 2023 10:47:31 -0700
Subject: [PATCH 018/359] Default `ProxyType` for builtin extensions (#17657)

---
 .../builtin/http/localratelimit/ratelimit.go  |  5 +++-
 .../http/localratelimit/ratelimit_test.go     | 24 +++++++++++++++++++
 agent/envoyextensions/builtin/lua/lua.go      |  5 +++-
 agent/envoyextensions/builtin/lua/lua_test.go |  9 +++++++
 .../property-override/property_override.go    |  3 +++
 .../property_override_test.go                 |  2 +-
 6 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/agent/envoyextensions/builtin/http/localratelimit/ratelimit.go b/agent/envoyextensions/builtin/http/localratelimit/ratelimit.go
index 77619826044c..07e981ae2d4e 100644
--- a/agent/envoyextensions/builtin/http/localratelimit/ratelimit.go
+++ b/agent/envoyextensions/builtin/http/localratelimit/ratelimit.go
@@ -60,6 +60,9 @@ func (r *ratelimit) fromArguments(args map[string]interface{}) error {
 	if err := mapstructure.Decode(args, r); err != nil {
 		return fmt.Errorf("error decoding extension arguments: %v", err)
 	}
+	if r.ProxyType == "" {
+		r.ProxyType = string(api.ServiceKindConnectProxy)
+	}
 	return r.validate()
 }
 
@@ -188,7 +191,7 @@ func (r ratelimit) PatchFilter(p extensioncommon.FilterPayload) (*envoy_listener
 }
 
 func validateProxyType(t string) error {
-	if t != "connect-proxy" {
+	if t != string(api.ServiceKindConnectProxy) {
 		return fmt.Errorf("unexpected ProxyType %q", t)
 	}
 
diff --git a/agent/envoyextensions/builtin/http/localratelimit/ratelimit_test.go b/agent/envoyextensions/builtin/http/localratelimit/ratelimit_test.go
index 4d8344ad1d03..2b208bf3e7e8 100644
--- a/agent/envoyextensions/builtin/http/localratelimit/ratelimit_test.go
+++ b/agent/envoyextensions/builtin/http/localratelimit/ratelimit_test.go
@@ -111,6 +111,30 @@ func TestConstructor(t *testing.T) {
 			expectedErrMsg: "cannot parse 'FilterEnforced', -1 overflows uint",
 			ok:             false,
 		},
+		"invalid proxy type": {
+			arguments: makeArguments(map[string]interface{}{
+				"ProxyType":     "invalid",
+				"FillInterval":  30,
+				"MaxTokens":     20,
+				"TokensPerFill": 5,
+			}),
+			expectedErrMsg: `unexpected ProxyType "invalid"`,
+			ok:             false,
+		},
+		"default proxy type": {
+			arguments: makeArguments(map[string]interface{}{
+				"FillInterval":  30,
+				"MaxTokens":     20,
+				"TokensPerFill": 5,
+			}),
+			expected: ratelimit{
+				ProxyType:     "connect-proxy",
+				MaxTokens:     intPointer(20),
+				FillInterval:  intPointer(30),
+				TokensPerFill: intPointer(5),
+			},
+			ok: true,
+		},
 		"valid everything": {
 			arguments: makeArguments(map[string]interface{}{
 				"ProxyType":     "connect-proxy",
diff --git a/agent/envoyextensions/builtin/lua/lua.go b/agent/envoyextensions/builtin/lua/lua.go
index 8293228a7981..aefea37e6c49 100644
--- a/agent/envoyextensions/builtin/lua/lua.go
+++ b/agent/envoyextensions/builtin/lua/lua.go
@@ -45,6 +45,9 @@ func (l *lua) fromArguments(args map[string]interface{}) error {
 	if err := mapstructure.Decode(args, l); err != nil {
 		return fmt.Errorf("error decoding extension arguments: %v", err)
 	}
+	if l.ProxyType == "" {
+		l.ProxyType = string(api.ServiceKindConnectProxy)
+	}
 	return l.validate()
 }
 
@@ -53,7 +56,7 @@ func (l *lua) validate() error {
 	if l.Script == "" {
 		resultErr = multierror.Append(resultErr, fmt.Errorf("missing Script value"))
 	}
-	if l.ProxyType != "connect-proxy" {
+	if l.ProxyType != string(api.ServiceKindConnectProxy) {
 		resultErr = multierror.Append(resultErr, fmt.Errorf("unexpected ProxyType %q", l.ProxyType))
 	}
 	if l.Listener != "inbound" && l.Listener != "outbound" {
diff --git a/agent/envoyextensions/builtin/lua/lua_test.go b/agent/envoyextensions/builtin/lua/lua_test.go
index d80a3b333ab0..3ea2ba716c1d 100644
--- a/agent/envoyextensions/builtin/lua/lua_test.go
+++ b/agent/envoyextensions/builtin/lua/lua_test.go
@@ -54,6 +54,15 @@ func TestConstructor(t *testing.T) {
 			arguments: makeArguments(map[string]interface{}{"Listener": "invalid"}),
 			ok:        false,
 		},
+		"default proxy type": {
+			arguments: makeArguments(map[string]interface{}{"ProxyType": ""}),
+			expected: lua{
+				ProxyType: "connect-proxy",
+				Listener:  "inbound",
+				Script:    "lua-script",
+			},
+			ok: true,
+		},
 		"valid everything": {
 			arguments: makeArguments(map[string]interface{}{}),
 			expected: lua{
diff --git a/agent/envoyextensions/builtin/property-override/property_override.go b/agent/envoyextensions/builtin/property-override/property_override.go
index 8164a8092a7f..51d78368523f 100644
--- a/agent/envoyextensions/builtin/property-override/property_override.go
+++ b/agent/envoyextensions/builtin/property-override/property_override.go
@@ -261,6 +261,9 @@ func (p *propertyOverride) validate() error {
 		}
 	}
 
+	if p.ProxyType == "" {
+		p.ProxyType = api.ServiceKindConnectProxy
+	}
 	if err := validProxyTypes.CheckRequired(string(p.ProxyType), "ProxyType"); err != nil {
 		resultErr = multierror.Append(resultErr, err)
 	}
diff --git a/agent/envoyextensions/builtin/property-override/property_override_test.go b/agent/envoyextensions/builtin/property-override/property_override_test.go
index ca549353faca..21889d840f4a 100644
--- a/agent/envoyextensions/builtin/property-override/property_override_test.go
+++ b/agent/envoyextensions/builtin/property-override/property_override_test.go
@@ -236,7 +236,7 @@ func TestConstructor(t *testing.T) {
 		// enforces expected behavior until we do. Multi-member slices should be unaffected
 		// by WeakDecode as it is a more-permissive version of the default behavior.
 		"single value Patches decoded as map construction succeeds": {
-			arguments: makeArguments(map[string]any{"Patches": makePatch(map[string]any{})}),
+			arguments: makeArguments(map[string]any{"Patches": makePatch(map[string]any{}), "ProxyType": nil}),
 			expected:  validTestCase(OpAdd, extensioncommon.TrafficDirectionOutbound, ResourceTypeRoute).expected,
 			ok:        true,
 		},

From 446a64032351a9865863cb8014ef0cdc0ea76df1 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Mon, 12 Jun 2023 14:28:51 -0400
Subject: [PATCH 019/359] Post 1.16.0-rc1 updates (#17663)

- Update changelog to include new entries from release
- Update submodule versions to latest published
---
 CHANGELOG.md | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 go.mod       | 10 ++++----
 2 files changed, 72 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ee1dccacc139..ef4edc700404 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,70 @@
+## 1.16.0-rc1 (June 12, 2023)
+
+BREAKING CHANGES:
+
+* api: The `/v1/health/connect/` and `/v1/health/ingress/` endpoints now immediately return 403 "Permission Denied" errors whenever a token with insufficient `service:read` permissions is provided. Prior to this change, the endpoints returned a success code with an empty result list when a token with insufficient permissions was provided. [[GH-17424](https://github.com/hashicorp/consul/issues/17424)]
+* peering: Removed deprecated backward-compatibility behavior.
+Upstream overrides in service-defaults will now only apply to peer upstreams when the `peer` field is provided.
+Visit the 1.16.x [upgrade instructions](https://developer.hashicorp.com/consul/docs/upgrading/upgrade-specific) for more information. [[GH-16957](https://github.com/hashicorp/consul/issues/16957)]
+
+SECURITY:
+
+* audit-logging: **(Enterprise only)** limit `v1/operator/audit-hash` endpoint to ACL token with `operator:read` privileges.
+
+FEATURES:
+
+* api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt.
+* cli: (Enterprise only) Add a new `consul operator audit hash` command to retrieve and compare the hash of the data used by the audit log hash function and salt.
+* cli: Adds new command - `consul services export` - for exporting a service to a peer or partition [[GH-15654](https://github.com/hashicorp/consul/issues/15654)]
+* connect: **(Consul Enterprise only)** Implement order-by-locality failover.
+* mesh: Add new permissive mTLS mode that allows sidecar proxies to forward incoming traffic unmodified to the application. This adds `AllowEnablingPermissiveMutualTLS` setting to the mesh config entry and the `MutualTLSMode` setting to proxy-defaults and service-defaults. [[GH-17035](https://github.com/hashicorp/consul/issues/17035)]
+* mesh: Support configuring JWT authentication in Envoy. [[GH-17452](https://github.com/hashicorp/consul/issues/17452)]
+* server: **(Enterprise Only)** added server side RPC requests IP based read/write rate-limiter. [[GH-4633](https://github.com/hashicorp/consul/issues/4633)]
+* server: **(Enterprise Only)** allow automatic license utilization reporting. [[GH-5102](https://github.com/hashicorp/consul/issues/5102)]
+* server: added server side RPC requests global read/write rate-limiter. [[GH-16292](https://github.com/hashicorp/consul/issues/16292)]
+* xds: Add `property-override` built-in Envoy extension that directly patches Envoy resources. [[GH-17487](https://github.com/hashicorp/consul/issues/17487)]
+* xds: Add a built-in Envoy extension that inserts External Authorization (ext_authz) network and HTTP filters. [[GH-17495](https://github.com/hashicorp/consul/issues/17495)]
+* xds: Add a built-in Envoy extension that inserts Wasm HTTP filters. [[GH-16877](https://github.com/hashicorp/consul/issues/16877)]
+* xds: Add a built-in Envoy extension that inserts Wasm network filters. [[GH-17505](https://github.com/hashicorp/consul/issues/17505)]
+
+IMPROVEMENTS:
+
+* * api: Support filtering for config entries. [[GH-17183](https://github.com/hashicorp/consul/issues/17183)]
+* * cli: Add `-filter` option to `consul config list` for filtering config entries. [[GH-17183](https://github.com/hashicorp/consul/issues/17183)]
+* api: Enable setting query options on agent force-leave endpoint. [[GH-15987](https://github.com/hashicorp/consul/issues/15987)]
+* audit-logging: (Enterprise only) enable error response and request body logging [[GH-5669](https://github.com/hashicorp/consul/issues/5669)]
+* audit-logging: **(Enterprise only)** enable error response and request body logging
+* ca: automatically set up Vault's auto-tidy setting for tidy_expired_issuers when using Vault as a CA provider. [[GH-17138](https://github.com/hashicorp/consul/issues/17138)]
+* ca: support Vault agent auto-auth config for Vault CA provider using AliCloud authentication. [[GH-16224](https://github.com/hashicorp/consul/issues/16224)]
+* ca: support Vault agent auto-auth config for Vault CA provider using AppRole authentication. [[GH-16259](https://github.com/hashicorp/consul/issues/16259)]
+* ca: support Vault agent auto-auth config for Vault CA provider using Azure MSI authentication. [[GH-16298](https://github.com/hashicorp/consul/issues/16298)]
+* ca: support Vault agent auto-auth config for Vault CA provider using JWT authentication. [[GH-16266](https://github.com/hashicorp/consul/issues/16266)]
+* ca: support Vault agent auto-auth config for Vault CA provider using Kubernetes authentication. [[GH-16262](https://github.com/hashicorp/consul/issues/16262)]
+* command: Adds ACL enabled to status output on agent startup. [[GH-17086](https://github.com/hashicorp/consul/issues/17086)]
+* command: Allow creating ACL Token TTL with greater than 24 hours with the -expires-ttl flag. [[GH-17066](https://github.com/hashicorp/consul/issues/17066)]
+* connect: **(Enterprise Only)** Add support for specifying "Partition" and "Namespace" in Prepared Queries failover rules.
+* connect: update supported envoy versions to 1.23.10, 1.24.8, 1.25.7, 1.26.2 [[GH-17546](https://github.com/hashicorp/consul/issues/17546)]
+* connect: update supported envoy versions to 1.23.8, 1.24.6, 1.25.4, 1.26.0 [[GH-5200](https://github.com/hashicorp/consul/issues/5200)]
+* fix metric names in /docs/agent/telemetry [[GH-17577](https://github.com/hashicorp/consul/issues/17577)]
+* gateway: Change status condition reason for invalid certificate on a listener from "Accepted" to "ResolvedRefs". [[GH-17115](https://github.com/hashicorp/consul/issues/17115)]
+* http: accept query parameters `datacenter`, `ap` (enterprise-only), and `namespace` (enterprise-only). Both short-hand and long-hand forms of these query params are now supported via the HTTP API (dc/datacenter, ap/partition, ns/namespace). [[GH-17525](https://github.com/hashicorp/consul/issues/17525)]
+* systemd: set service type to notify. [[GH-16845](https://github.com/hashicorp/consul/issues/16845)]
+* ui: Update alerts to Hds::Alert component [[GH-16412](https://github.com/hashicorp/consul/issues/16412)]
+* ui: Update to use Hds::Toast component to show notifications [[GH-16519](https://github.com/hashicorp/consul/issues/16519)]
+* ui: update from <button> and <a> to design-system-components button <Hds::Button> [[GH-16251](https://github.com/hashicorp/consul/issues/16251)]
+* ui: update typography to styles from hds [[GH-16577](https://github.com/hashicorp/consul/issues/16577)]
+
+BUG FIXES:
+
+* Fix a race condition where an event is published before the data associated is commited to memdb. [[GH-16871](https://github.com/hashicorp/consul/issues/16871)]
+* gateways: **(Enterprise only)** Fixed a bug in API gateways where gateway configuration objects in non-default partitions did not reconcile properly. [[GH-17581](https://github.com/hashicorp/consul/issues/17581)]
+* gateways: Fixed a bug in API gateways where binding a route that only targets a service imported from a peer results
+in the programmed gateway having no routes. [[GH-17609](https://github.com/hashicorp/consul/issues/17609)]
+* gateways: Fixed a bug where API gateways were not being taken into account in determining xDS rate limits. [[GH-17631](https://github.com/hashicorp/consul/issues/17631)]
+* peering: Fixes a bug where the importing partition was not added to peered failover targets, which causes issues when the importing partition is a non-default partition. [[GH-16673](https://github.com/hashicorp/consul/issues/16673)]
+* ui: fixes ui tests run on CI [[GH-16428](https://github.com/hashicorp/consul/issues/16428)]
+* xds: Fixed a bug where modifying ACLs on a token being actively used for an xDS connection caused all xDS updates to fail. [[GH-17566](https://github.com/hashicorp/consul/issues/17566)]
+
 ## 1.15.3 (June 1, 2023)
 
 BREAKING CHANGES:
diff --git a/go.mod b/go.mod
index cd4ed5a89014..81231ff9117f 100644
--- a/go.mod
+++ b/go.mod
@@ -38,11 +38,11 @@ require (
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
 	github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706
 	github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69
-	github.com/hashicorp/consul/api v1.20.0
-	github.com/hashicorp/consul/envoyextensions v0.1.2
-	github.com/hashicorp/consul/proto-public v0.2.1
-	github.com/hashicorp/consul/sdk v0.13.1
-	github.com/hashicorp/consul/troubleshoot v0.1.2
+	github.com/hashicorp/consul/api v1.22.0-rc1
+	github.com/hashicorp/consul/envoyextensions v0.3.0-rc1
+	github.com/hashicorp/consul/proto-public v0.4.0-rc1
+	github.com/hashicorp/consul/sdk v0.14.0-rc1
+	github.com/hashicorp/consul/troubleshoot v0.3.0-rc1
 	github.com/hashicorp/go-bexpr v0.1.2
 	github.com/hashicorp/go-checkpoint v0.5.0
 	github.com/hashicorp/go-cleanhttp v0.5.2

From 290ba0e288d6e6588c4f96430091840013093204 Mon Sep 17 00:00:00 2001
From: Hariram Sankaran <56744845+ramramhariram@users.noreply.github.com>
Date: Mon, 12 Jun 2023 12:18:09 -0700
Subject: [PATCH 020/359] Update service-defaults.mdx (#17656)

---
 .../content/docs/connect/config-entries/service-defaults.mdx    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/connect/config-entries/service-defaults.mdx b/website/content/docs/connect/config-entries/service-defaults.mdx
index 507176506f4f..3b057377b918 100644
--- a/website/content/docs/connect/config-entries/service-defaults.mdx
+++ b/website/content/docs/connect/config-entries/service-defaults.mdx
@@ -1485,7 +1485,7 @@ represents a location outside the Consul cluster. Services can dial destinations
   {
     "Kind": "service-defaults",
     "Name": "test-destination",
-    "Protocol": "http",
+    "Protocol": "tcp",
     "Destination": {
       "Addresses": ["test.com","test.org"],
       "Port": 443

From ef77f9abd49e3eee5f08fa62a904797bc3acfc07 Mon Sep 17 00:00:00 2001
From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Date: Mon, 12 Jun 2023 13:06:57 -0700
Subject: [PATCH 021/359] docs: Sameness Groups (#17628)

* port from enterprise branch

* Apply suggestions from code review

Co-authored-by: shanafarkas <105076572+shanafarkas@users.noreply.github.com>

* Update website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx

* next steps

* Update website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: shanafarkas <105076572+shanafarkas@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 .../docs/connect/cluster-peering/index.mdx    |   3 +
 .../usage/create-sameness-groups.mdx          | 301 ++++++++++++++
 .../usage/establish-cluster-peering.mdx       |   2 +-
 .../config-entries/exported-services.mdx      |   3 +
 .../docs/connect/config-entries/index.mdx     |   2 +
 .../connect/config-entries/sameness-group.mdx | 375 ++++++++++++++++++
 .../config-entries/service-intentions.mdx     |  32 +-
 website/content/docs/enterprise/index.mdx     |   5 +
 .../usage/create-sameness-groups.mdx          | 290 ++++++++++++++
 .../usage/establish-peering.mdx               |   2 +
 website/content/docs/k8s/crds/index.mdx       |   1 +
 website/data/docs-nav-data.json               |  14 +-
 12 files changed, 1025 insertions(+), 5 deletions(-)
 create mode 100644 website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx
 create mode 100644 website/content/docs/connect/config-entries/sameness-group.mdx
 create mode 100644 website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx

diff --git a/website/content/docs/connect/cluster-peering/index.mdx b/website/content/docs/connect/cluster-peering/index.mdx
index 9c42bf5dc274..4dc23cb00c2d 100644
--- a/website/content/docs/connect/cluster-peering/index.mdx
+++ b/website/content/docs/connect/cluster-peering/index.mdx
@@ -41,6 +41,7 @@ Regardless of whether you connect your clusters through WAN federation or cluste
 | Shares support queries and service endpoints       |    &#9989;     |    &#9989;      |
 | Connects clusters owned by different operators     |    &#10060;    |    &#9989;      |
 | Functions without declaring primary datacenter     |    &#10060;    |    &#9989;      |
+| Can use sameness groups for identical services     |    &#10060;    |    &#9989;      |
 | Replicates exported services for service discovery |    &#10060;    |    &#9989;      |
 | Gossip protocol: Requires LAN gossip only          |    &#10060;    |    &#9989;      |
 | Forwards service requests for service discovery    |    &#9989;     |    &#10060;     |
@@ -60,6 +61,7 @@ The following resources are available to help you use Consul's cluster peering f
 - [Establish cluster peering connections](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering)
 - [Manage cluster peering connections](/consul/docs/connect/cluster-peering/usage/manage-connections)
 - [Manage L7 traffic with cluster peering](/consul/docs/connect/cluster-peering/usage/peering-traffic-management)
+- [Create sameness groups](/consul/docs/connect/cluster-peering/usage/create-sameness-groups)
 
 ### Kubernetes documentation
 
@@ -67,6 +69,7 @@ The following resources are available to help you use Consul's cluster peering f
 - [Establish cluster peering connections on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering)
 - [Manage cluster peering connections on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/manage-peering)
 - [Manage L7 traffic with cluster peering on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/l7-traffic)
+- [Create sameness groups on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/create-sameness-groups)
 
 ### HCP Consul documentation
 
diff --git a/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx b/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx
new file mode 100644
index 000000000000..96047cc9c46e
--- /dev/null
+++ b/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx
@@ -0,0 +1,301 @@
+---
+page_title: Create sameness groups
+description: |-
+  Learn how to create sameness groups between partitions and cluster peers so that Consul can identify instances of the same service across partitions and datacenters.
+---
+
+# Create sameness groups
+
+This topic describes how to designate groups of services as functionally identical in your network. Sameness groups are the preferred failover strategy for deployments with cluster peering connections. For more information about sameness groups and failover, refer to [Failover overview](/consul/docs/connect/failover).
+
+<Warning>
+
+Sameness groups are a beta feature in this version of Consul. Functionality is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may experience performance issues, scaling issues, and limited support.
+
+</Warning>
+
+## Workflow
+
+Sameness groups are a user-defined set of partitions that Consul uses to identify services in different administrative partitions with the same name and namespace as being the same service. One of the use cases for sameness groups is to create a blanket failover policy for deployments with cluster peering connections.
+
+To create and use sameness groups in your network, complete the following steps:
+
+- **Create sameness group configuration entries for each member of the group**. For each partition that you want to include in the sameness group, you must write and apply a sameness group configuration entry that defines the group’s members from that partition’s perspective. Refer to the [sameness group configuration entry reference](/consul/docs/connect/config-entries/sameness-group) for details on configuration hierarchy, default values, and specifications.
+- **Export services to members of the sameness group**. You must write and apply an exported services configuration entry that makes the partition’s services available to other members of the group. Refer to [exported services configuration entry reference](/consul/docs/connect/config-entries/exported-services) for additional specification information.
+- **Create service intentions for each member of the sameness group**. For each partition that you want to include in the sameness group, you must write and apply service intentions configuration entries to authorize traffic to your services from all members of the group. Refer to the [service intentions configuration entry reference](/consul/docs/connect/config-entries/service-intentions) for additional specification information.
+
+## Requirements
+
+- All datacenters where you want to create sameness groups must run Consul v1.16 or later. Refer to [upgrade instructions](/consul/docs/upgrading/instructions) for more information about how to upgrade your deployment.
+- A [Consul Enterprise license](/consul/docs/enterprise/license/overview) is required.
+
+### Before you begin
+
+Before creating a sameness group, take the following actions to prepare your network:
+
+#### Check namespace and service naming conventions
+
+Sameness groups are defined at the partition level. As a result, Consul assumes that namespaces and services in a sameness group that have the same name are identical. This behavior occurs even when two different partitions in the group contain functionally different services that share a name and namespace. This situation would lead to errors, as requests will be sent to the incorrect service.
+
+To prevent errors, check the names of the services deployed to your network and the namespaces they are deployed in. Pay particular attention to the default namespace to confirm that services have unique names. If different services share a name, you should either change one of the service’s name or deploy one of the services to a different namespace. After adding the partition to the sameness group, differentiating the names of services or namespaces enables Consul to correctly assume which services are identical.
+
+#### Deploy mesh gateways for each partition
+
+Mesh gateways are required for cluster peering connections and recommended to secure cross-partition traffic in a single datacenter. Therefore, we recommend securing your network, and especially your production environment, by deploying mesh gateways to each datacenter. Refer to [mesh gateways specifications](/consul/docs/connect/cluster-peering/tech-specs#mesh-gateway-specifications) for more information about configuring mesh gateways.
+
+#### Establish cluster peering relationships between remote partitions
+
+You must establish connections with cluster peers before you can create a sameness group that includes them. A cluster peering connection exists between two admin partitions in different datacenters, and each connection between two partitions must be established separately with each peer. Refer to [establish cluster peering connections](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering) for step-by-step instructions.
+
+To establish cluster peering connections and define a define group as part of the same workflow, follow instructions up to [Export services between clusters](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering#export-services-between-clusters). You can use the same exported services and service intention configuration entries to establish the cluster peering connection and create the sameness group.
+
+## Create a sameness group
+
+To create a sameness group, you must write and apply sets of three configuration entries for each partition that is a member of the group:
+
+- Sameness group configuration entries: Define the sameness group from each partition’s perspective.
+- Exported services configuration entries: Make services available to other partitions in the group.
+- Service intentions configuration entries: Authorize traffic between services across partitions.
+
+### Define the sameness group from each partition’s perspective
+
+To define a sameness group for a partition, create a [sameness group configuration entry](/consul/docs/connect/config-entries/sameness-group) that describes the partitions and cluster peers that are part of the group. Typically, this order follows this pattern:
+
+1. The local partition
+1. Other partitions in the same datacenter
+1. Partitions with established cluster peering relationships
+
+If you want all services to failover to other instances in the sameness group by default, set `DefaultForFailover=true` and list the group members in the order you want to use in a failover scenario.
+
+After you create the configuration entry, apply it to the Consul server with the following CLI command:
+
+```shell-session
+$ consul config write sameness-group-a.hcl
+```
+
+Then, repeat the process to create and apply a configuration entry for every partition that is a member of the sameness group.
+
+Be aware that the sameness group configuration entries are different for each partition. The following example demonstrates how to format three different configuration entries for three partitions that are part of the sameness group `sameness-group-a` when Partition 1 and Partition 2 are in DC1, and the third partition is Partition 1 in DC2:
+
+<CodeTabs tabs={[ "dc1-partition-1", "dc1-partition-2", "dc2-partition-1" ]}>
+
+<CodeBlockConfig filename="sameness-group-a.hcl" hideClipboard lineNumbers highlight="3,6-8">
+
+```hcl
+Kind                     = "sameness-group"  
+Name                   = "sameness-group-a"
+Partition                = "partition-1" 
+DefaultForFailover = true
+Members                = [
+      {Partition = "partition-1"},
+      {Partition = "partition-2"},
+      {Peer      = "dc2-partition-1"}
+      ]
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig filename="sameness-group-a.hcl" hideClipboard lineNumbers highlight="3,6-8">
+
+```hcl
+Kind                     = "sameness-group"  
+Name                   = "sameness-group-a"
+Partition                = "partition-2" 
+DefaultForFailover = true
+Members                = [
+      {Partition = "partition-2"},
+      {Partition = "partition-1"},
+      {Peer      = "dc2-partition-1"}
+      ]
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig filename="sameness-group-a.hcl" hideClipboard lineNumbers highlight="3,6-8">
+
+```hcl
+Kind                     = "sameness-group"  
+Name                   = "sameness-group-a"
+Partition                = "partition-1" 
+DefaultForFailover = true
+Members                = [
+      {Partition = "partition-1"},
+      {Peer = "dc1-partition-1"},
+      {Peer = "dc1-partition-2"}
+      ]
+```
+
+</CodeBlockConfig>
+
+</CodeTabs>
+
+### Export services to other partitions in the sameness group
+
+To make services available to other members of the sameness group, you must write and apply an [exported services configuration entry](/consul/docs/connect/config-entries/exported-services) to each partition in the group. This configuration entry exports the local partition's services to the rest of the group members. In each configuration entry, set the sameness group as the `Consumer` for the exported services. You can export multiple services in a single exported services configuration entry.
+
+Because you are configuring the consumer to reference the sameness group instead of listing out each partition and cluster peer, you do not need to edit this configuration again when you add a partition or peer to the group.
+
+The following example demonstrates how to format three different `exported-service` configuration entries to make a service named `api` deployed to the `store` namespace of each partition available to all other group members:
+
+<CodeTabs tabs={[ "dc1-partition-1", "dc1-partition-2", "dc2-partition-1" ]}>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="3,8-9">
+
+```hcl
+Kind                     = "exported-services"  
+Name                   = "group-a-export"
+Partition                = "partition-1" 
+Services = [
+  {
+    Name = "api"
+    Namespace = "store"
+    Consumers = [
+        {SamenessGroup="sameness-group-a"}
+      ]
+    }
+ ]
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="3,8-9">
+
+```hcl
+Kind                     = "exported-services"  
+Name                   = "group-a-export"
+Partition                = "partition-2" 
+Services = [
+  {
+    Name = "api"
+    Namespace = "store"
+    Consumers = [
+        {SamenessGroup="sameness-group-a"}
+      ]
+    }
+ ]
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="3,8-9">
+
+```hcl
+Kind                     = "exported-services"  
+Name                   = "group-a-export"
+Partition                = "partition-1" 
+Services = [
+  {
+    Name = "api"
+    Namespace = "store"
+    Consumers = [
+        {SamenessGroup="sameness-group-a"}
+      ]
+    }
+ ]
+```
+
+</CodeBlockConfig>
+
+</CodeTabs>
+
+For more information about exporting services, including examples of configuration entries that export multiple services at the same time, refer to the [exported services configuration entry reference](/consul/docs/connect/config-entries/exported-services).
+
+After you create each exported services configuration entry, apply it to the Consul server with the following CLI command:
+
+```shell-session
+$ consul config write group-a-export.hcl
+```
+
+#### Export services for cluster peers and sameness groups at the same time
+
+It is possible to combine the exported services configuration entry for creating sameness groups with the entry required to [export services when establishing cluster peering connections](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering#export-services-between-clusters).
+
+In this workflow, configure the `Services[].Consumers` block with the `SamenessGroup` field instead of the `Peer` field. You should write the `sameness-group` configuration entry to Consul before referencing it in the `exported-services` configuration entry.
+
+### Create service intentions to authorize traffic between group members
+
+While exporting the service to each member of the sameness group makes the services visible to remote partitions, you must also create service intentions so that local services are authorized to send and receive traffic from a member of the sameness group.
+
+For each partition that is member of the group, write and apply a [service intentions configuration entry](/consul/docs/connect/config-entries/service-intentions) that defines intentions for the services that are part of the group. In the `Sources` block of the configuration entry, include the service name, its namespace, the sameness group, and grant `allow` permissions.
+
+Because you are using the sameness group in the `Sources` block rather than listing out each partition and cluster peer, you do not have to make further edits to the service intentions configuration entries when members are added to or removed from the group.
+
+The following example demonstrates how to format three different `service-intentions` configuration entries to make a service named `api` available to all instances of `payments` deployed in all members of the sameness group including the local partition. In this example, `api` is deployed to the `store` namespace in all three partitions.
+
+<CodeTabs tabs={[ "dc1-partition-1", "dc1-partition-2", "dc2-partition-1" ]}>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="3-4,6-9">
+
+
+```hcl
+Kind = "service-intentions"
+Name = "api"
+Namespace= "store"
+Partition="partition-1"
+Sources = [
+  Name = "api"
+  Action = "allow"
+  Namespace = "store"
+  SamenessGroup = "sameness-group-a"
+]
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="3-4,6-9">
+
+```hcl
+Kind = "service-intentions"
+Name = "api"
+Namespace= "store"
+Partition= "partition-2"
+Sources = [
+  Name = "api"
+  Action = "allow"
+  Namespace = "store"
+  SamenessGroup = "sameness-group-a"
+]
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="3-4,6-9">
+
+```hcl
+Kind = "service-intentions"
+Name = "api"
+Namespace= "store"
+Partition= "partition-1"
+Sources = [
+  Name = "api"
+  Action = "allow"
+  Namespace = "store"
+  SamenessGroup = "sameness-group-a"
+]
+```
+
+</CodeBlockConfig>
+
+</CodeTabs>
+
+Refer to [create and manage intentions](/consul/docs/connect/intentions/create-manage-intentions) for more information about how to create and apply service intentions in Consul.
+
+After you create each service intentions configuration entry, apply it to the Consul server with the following CLI command:
+
+```shell-session
+$ consul config write api.hcl
+```
+
+#### Create service intentions for cluster peers and sameness groups at the same time
+
+It is possible to combine the service intentions configuration entry for creating sameness groups with the entry required to [authorize services for peers](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering#authorize-services-for-peers).
+
+In this workflow, configure the `Sources` block with the `SamenessGroup` field instead of the `Peer` field. You should write the `sameness-group` configuration entry to Consul before referencing it in the `service-intentions` configuration entry.
+
+## Next steps
+
+After creating a sameness group, you can use them with static Consul DNS lookups and dynamic DNS lookups (prepared queries) for service discovery use cases. You can also set up failover between services in a sameness group. Refer to the following topics for more details:
+
+- [Static Consul DNS lookups](/consul/docs/services/discovery/dns-static-lookups)
+- [Dynamic Consul DNS lookups](/consul/docs/services/discovery/dns-dynamic-lookups)
+- [Failover overview](/consul/docs/connect/failover)
\ No newline at end of file
diff --git a/website/content/docs/connect/cluster-peering/usage/establish-cluster-peering.mdx b/website/content/docs/connect/cluster-peering/usage/establish-cluster-peering.mdx
index b8549c5c3fbe..96e7815d75d9 100644
--- a/website/content/docs/connect/cluster-peering/usage/establish-cluster-peering.mdx
+++ b/website/content/docs/connect/cluster-peering/usage/establish-cluster-peering.mdx
@@ -14,7 +14,7 @@ This page details the process for establishing a cluster peering connection betw
 1. Export services between clusters.
 1. Create intentions to authorize services for peers.
 
-Cluster peering between services cannot be established until all four steps are complete.
+Cluster peering between services cannot be established until all four steps are complete. If you want to establish cluster peering connections and create sameness groups at the same time, refer to the guidance in [create sameness groups](/consul/docs/connect/cluster-peering/usage/create-sameness-groups).
 
 For Kubernetes guidance, refer to [Establish cluster peering connections on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering). For HCP Consul guidance, refer to [Establish cluster peering connections on HCP Consul](/hcp/docs/consul/usage/cluster-peering/create-connections).
 
diff --git a/website/content/docs/connect/config-entries/exported-services.mdx b/website/content/docs/connect/config-entries/exported-services.mdx
index d3a793c891a5..089eeb572314 100644
--- a/website/content/docs/connect/config-entries/exported-services.mdx
+++ b/website/content/docs/connect/config-entries/exported-services.mdx
@@ -217,6 +217,9 @@ an exported service. Each item in the `Consumers` list must contain exactly one
 A asterisk wildcard (`*`) cannot be specified as the `Peer`. Added in Consul 1.13.0.
 - `Partition`: <EnterpriseAlert inline /> Specifies an admin partition in the datacenter to export the service to.
 A asterisk wildcard (`*`) cannot be specified as the `Partition`.
+- `SamenessGroup`: <EnterpriseAlert inline /> Specifies as sameness group to export the service to.
+A asterisk wildcard (`*`) cannot be specified as the `SamennessGroup`.
+
 
 ## Examples
 
diff --git a/website/content/docs/connect/config-entries/index.mdx b/website/content/docs/connect/config-entries/index.mdx
index de5acd1bce96..a27bca1c5d3f 100644
--- a/website/content/docs/connect/config-entries/index.mdx
+++ b/website/content/docs/connect/config-entries/index.mdx
@@ -23,6 +23,8 @@ The following configuration entries are supported:
 - [Proxy Defaults](/consul/docs/connect/config-entries/proxy-defaults) - controls
   proxy configuration
 
+- [Sameness Group](/consul/docs/connect/config-entries/sameness-group) - defines partitions and cluster peers with identical services
+
 - [Service Defaults](/consul/docs/connect/config-entries/service-defaults) - configures
   defaults for all the instances of a given service
 
diff --git a/website/content/docs/connect/config-entries/sameness-group.mdx b/website/content/docs/connect/config-entries/sameness-group.mdx
new file mode 100644
index 000000000000..8d19b989ff3b
--- /dev/null
+++ b/website/content/docs/connect/config-entries/sameness-group.mdx
@@ -0,0 +1,375 @@
+---
+page_title: Sameness group configuration entry reference
+description: |-
+  Sameness groups enable Consul to associate service instances with the same name deployed to the same namespace as identical services. Learn how to configure a `sameness-group` configuration entry to enable failover between partitions and cluster peers in non-federated networks.
+---
+
+# Sameness groups configuration entry reference
+
+This page provides reference information for sameness group configuration entries. Sameness groups associate services with identical names across partitions and cluster peers.
+
+To learn more about creating a sameness group, refer to [Create sameness groups](/consul/docs/connect/cluster-peering/usage/create-sameness-groups) or [Create sameness groups on Kubernetes](/consul/docs/k8s/connect/cluster-peering/usage/create-sameness-groups).
+
+<Warning>
+
+Sameness groups are a beta feature in this version of Consul. Functionality is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may experience performance issues, scaling issues, and limited support.
+
+</Warning>
+
+## Configuration model
+
+The following list outlines field hierarchy, language-specific data types, and requirements in the sameness group configuration entry. Click on a property name to view additional details, including default values.
+
+<Tabs>
+
+<Tab heading="HCL and JSON" group="hcl">
+
+- [`Kind`](#kind): string | required | must be set to `sameness-group`
+- [`Name`](#name): string | required
+- [`Partition`](#partition): string | `default`
+- [`DefaultForFailover`](#defaultforfailover): boolean | `false`
+- [`Members`](#members): list of maps | required
+  - [`Partition`](#members-partition): string
+  - [`Peer`](#members-peer): string
+
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
+- [`apiVersion`](#apiversion): string | required | must be set to `consul.hashicorp.com/v1alpha1`
+- [`kind`](#kind): string | required | must be set to `SamenessGroup`
+- [`metadata`](#metadata): map | required
+  - [`name`](#metadata-name): string | required
+- [`spec`](#spec): map | required
+  - [`DefaultForFailover`](#spec-defaultforfailover): boolean | `false`
+  - [`Members`](#spec-members): list of maps | required
+    - [`Partition`](#spec-members-partition): string
+    - [`Peer`](#spec-members-peer): string
+
+</Tab>
+</Tabs>
+
+## Complete configuration
+
+When every field is defined, a sameness group configuration entry has the following form:
+
+<Tabs>
+
+<Tab heading="HCL" group="hcl">
+
+```hcl
+Kind               = "sameness-group"             # required
+Name               = "<group-name>"               # required
+Partition          = "<partition-configuration-applies-to>"
+DefaultForFailover = false
+Members = [                                       # required
+  { Partition = "<partition-with-services-in-group>" },
+  { Peer = "<cluster-peer-with-services-in-group>" }
+]
+```
+
+</Tab>
+
+<Tab heading="JSON" group="json">
+
+```json
+{
+    "Kind": "sameness-group",                           // required
+    "Name": "<group-name>",                             // required
+    "Partition": "<partition-configuration-applies-to>",
+    "DefaultForFailover": false,
+    "Members": [                                        // required
+        {
+            "Partition": "<partition-with-services-in-group>"
+        },
+        {
+            "Peer": "<cluster-peer-with-services-in-group>"
+        }
+    ]
+}
+```
+
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1         # required
+kind: SamenessGroup                               # required
+metadata:
+  name: <groupName>
+spec:
+  defaultForFailover: false
+  members:                                        # required
+    partition: <partitionWithServicesInGroup>
+    peer: <clusterPeerWithServicesInGroup>
+```
+
+</Tab>
+</Tabs>
+
+## Specifications
+
+This section provides details about the fields you can configure in the sameness group configuration entry.
+
+<Tabs>
+
+<Tab heading="HCL" group="hcl">
+
+### `Kind`
+
+Specifies the type of configuration entry to implement. Must be set to `sameness-group`.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String value that must be set to `sameness-group`.
+
+### `Name`
+
+Specifies a name for the configuration entry that is used to identify the sameness group. To ensure consistency, use descriptive names and make sure that the same name is used when creating configuration entries to add each member to the sameness group.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String
+
+### `Partition`
+
+Specifies the local admin partition that the sameness group applies to. Refer to [admin partitions](/consul/docs/enterprise/admin-partitions) for more information.
+
+#### Values
+
+- Default: `default`
+- Data type: String
+
+### `DefaultForFailover`
+
+Determines whether the sameness group should be used to establish connections to services with the same name during failover scenarios. When this field is set to `true`, DNS queries and upstream requests automatically failover to services in the sameness group according to the order of the members in the `Members` list.
+
+When this field is set to `false`, you can still use a sameness group for failover by configuring the `Failover` block of a [service resolver configuration entry](/consul/docs/connect/config-entries/service-resolver).
+
+#### Values
+
+- Default: `false`
+- Data type: Boolean
+
+### `Members`
+
+Specifies the partitions and cluster peers that are members of the sameness group from the perspective of the local partition.
+
+The local partition should be the first member listed. The order of the members determines their precedence during failover scenarios. If a member is listed but Consul cannot connect to it, failover proceeds with the next healthy member in the list. For an example demonstrating how to configure this parameter, refer to [Failover between sameness groups](#failover-between-sameness-groups).
+
+Each partition can belong to a single sameness group. You cannot associate a partition or cluster peer with multiple sameness groups.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: List that can contain maps of the following parameters:
+  - [`Partition`](#members-partition)
+  - [`Peer`](#members-peer)
+
+### `Members[].Partition`
+
+Specifies a partition in the local datacenter that is a member of the sameness group. When the value of this field is set to `*`, all local partitions become members of the sameness group.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `Members[].Peer`
+
+Specifies the name of a cluster peer that is a member of the sameness group.
+
+Cluster peering connections must be established before adding a peer to the list of members. Refer to [establish cluster peering connections](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering) for more information.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
+### `apiVersion`
+
+Specifies the version of the Consul API for integrating with Kubernetes. The value must be `consul.hashicorp.com/v1alpha1`. 
+
+#### Values
+
+- Default: None
+- This field is required.
+- String value that must be set to `consul.hashicorp.com/v1alpha1`.
+
+### `kind`
+
+Specifies the type of configuration entry to implement. Must be set to `SamenessGroup`.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String value that must be set to `SamenessGroup`.
+
+## `metadata`
+
+Map that contains an arbitrary name for the configuration entry and the namespace it applies to.
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+### `metadata.name`
+
+Specifies a name for the configuration entry that is used to identify the sameness group. To ensure consistency, use descriptive names and make sure that the same name is used when creating configuration entries to add each member to the sameness group.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String
+
+### `spec`
+
+Map that contains the details about the `SamenessGroup` configuration entry. The `apiVersion`, `kind`, and `metadata` fields are siblings of the spec field. All other configurations are children.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+### `spec.defaultForFailover`
+
+Determines whether the sameness group should be used to establish connections to services with the same name during failover scenarios. When this field is set to `true`, DNS queries and upstream requests automatically failover to services in the sameness group according to the order of the members in the `spec.members` list.
+
+When this field is set to `false`, you can still use a sameness group for failover by configuring the `Failover` block of a [service resolver configuration entry](/consul/docs/connect/config-entries/service-resolver).
+
+#### Values
+
+- Default: `false`
+- Data type: Boolean
+
+### `spec.members`
+
+Specifies the partitions and cluster peers that are members of the sameness group from the perspective of the local partition.
+
+The local partition should be the first member listed. The order of the members determines their precedence during failover scenarios. If a member is listed but Consul cannot connect to it, failover proceeds with the next healthy member in the list. For an example demonstrating how to configure this parameter, refer to [Failover between sameness groups](#failover-between-sameness-groups).
+
+Each partition can belong to a single sameness group. You cannot associate a partition or cluster peer with multiple sameness groups.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: List that can contain maps of the following parameters:
+  
+  - [`partition`](#spec-members-partition)
+  - [`peer`](#spec-members-peer)
+
+### `spec.members[].partition`
+
+Specifies a partition in the local datacenter that is a member of the sameness group. When the value of this field is set to `*`, all local partitions become members of the sameness group.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `spec.members[].peer`
+
+Specifies the name of a cluster peer that is a member of the sameness group.
+
+Cluster peering connections must be established before adding a peer to the list of members. Refer to [establish cluster peering connections](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering) for more information.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+</Tab>
+</Tabs>
+
+## Examples
+
+The following examples demonstrate common sameness group configuration patterns for specific use cases.
+
+### Failover between members of a sameness group
+
+In the following example, the configuration entry defines a sameness group named `products-api` that applies to the `store-east` partition in the local datacenter. The sameness group is configured so that when its services’ instances in `store-east` fails, Consul will attempt to establish a failover connection in the following order:
+
+- Services with the same name in the `store-east` partition
+- Services with the same name in the `inventory-east` partition in the same datacenter
+- Services with the same name in the `store-west` partition of datacenter `dc2`, which has an established cluster peering connection.
+- Services with the same name in the `inventory-west` partition of `dc2`, which has an established cluster peering connection.
+
+<Tabs>
+
+<Tab heading="HCL" group="hcl">
+
+```hcl
+Kind                     = "sameness-group"  
+Name                     = "products-api"
+Partition                = "store-east"
+DefaultForFailover = true
+Members = [
+    { Partition = "store-east" },
+    { Partition = "inventory-east" },
+    { Peer      = "dc2-store-west" },
+    { Peer      = "dc2-inventory-west" }
+]
+```
+
+</Tab>
+
+<Tab heading="JSON" group="json">
+
+```json
+{
+    "Kind": "sameness-group", 
+    "Name": "products-api", 
+    "Partition": "store-east",
+    "DefaultForFailover": true,
+    "Members": [
+        {
+            "Partition": "store-east"
+        },
+        {
+            "Partition": "inventory-east"
+        },
+        {
+            "Peer": "dc2-store-west"
+        },
+        {
+            "Peer": "dc2-inventory-west"
+        }
+    ]
+}
+```
+
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: SamenessGroup 
+metadata:
+  name: products-api
+spec:
+  defaultForFailover: true
+  members:                                   
+    partition: store-east
+    partition: inventory-east
+    peer: dc2-store-west
+    peer: dc2-inventory-west
+```
+
+</Tab>
+</Tabs>
\ No newline at end of file
diff --git a/website/content/docs/connect/config-entries/service-intentions.mdx b/website/content/docs/connect/config-entries/service-intentions.mdx
index 321b7f160580..1fe1ed6bd487 100644
--- a/website/content/docs/connect/config-entries/service-intentions.mdx
+++ b/website/content/docs/connect/config-entries/service-intentions.mdx
@@ -25,8 +25,9 @@ The following outline shows how to format the service intentions configuration e
 - [`Sources`](#sources): list | no default
   - [`Name`](#sources-name): string | no default
   - [`Peer`](#sources-peer): string | no default
-  - [`Namespace`](#sources-namespace): string | no default  | <EnterpriseAlert inline />
-  - [`Partition`](#sources-partition): string | no default  | <EnterpriseAlert inline />
+  - [`Namespace`](#sources-namespace): string | no default | <EnterpriseAlert inline />
+  - [`Partition`](#sources-partition): string | no default | <EnterpriseAlert inline />
+  - [`SamenessGroup`](#sources-samenessgroup): string | no default | <EnterpriseAlert inline />
   - [`Action`](#sources-action): string | no default  | required for L4 intentions
   - [`Permissions`](#sources-permissions): list | no default
     - [`Action`](#sources-permissions-action): string | no default  | required
@@ -68,6 +69,7 @@ The following outline shows how to format the service intentions configuration e
     - [`peer`](#spec-sources-peer): string | no default
     - [`namespace`](#spec-sources-namespace): string | no default  | <EnterpriseAlert inline />
     - [`partition`](#spec-sources-partition): string | no default  | <EnterpriseAlert inline />
+    - [`samenessGroup`](#spec-sources-samenessgroup): string | no default | <EnterpriseAlert inline />
     - [`action`](#spec-sources-action): string | no default  | required for L4 intentions
     - [`permissions`](#spec-sources-permissions): list | no default
       - [`action`](#spec-sources-permissions-action): string | no default  | required
@@ -113,6 +115,7 @@ Sources = [
     Peer =  "<name of cluster containing source service>"  # string
     Namespace = "<namespace containing source service>"    # string
     Partition = "<sources-partition>"                      # string
+    SamenessGroup = "<group-name>"                         # string
     Action = "allow" or "deny"                             # string for L4 intentions
     Permissions = [                                        
       {                                                  
@@ -181,6 +184,7 @@ spec:
     peer: <name of cluster containing source service>
     namespace: <namespace containing source service>
     partition: <sources-partition>
+    samenessGroup: <group-name>
     action: allow or deny
     permissions:
     - action: allow or deny
@@ -226,6 +230,7 @@ spec:
          "Peer":"<name of cluster containing source service>",
          "Namespace":"<namespace containing source service>",
          "Partition":"<sources-partition>",
+         "SamenessGroup":"<group-name>",
          "Action":"allow or deny",
          "Permissions":[
             {
@@ -353,6 +358,7 @@ List of configurations that define intention sources and the authorization grant
   - `Peer`
   - `Namespace` <EnterpriseAlert inline/>
   - `Partition` <EnterpriseAlert inline/>
+  - `SamenessGroup` <EnterpriseAlert inline/>
   - `Action`
   - `Permissions`
   - `Precedence`
@@ -404,6 +410,16 @@ The `Peer` and `Partition` fields are mutually exclusive.
 - Default: If [`Peer`](#sources-peer) is unspecified, defaults to the destination [`Partition`](#partition).
 - Data type: string
 
+### `Sources[].SamenessGroup` <EnterpriseAlert inline /> 
+
+Specifies the name of a sameness group that the intention allows or denies traffic from. Refer to [create samenes groups](/consul/docs/connect/cluster-peering/usage/create-sameness-groups) for additional information.
+
+#### Values
+
+- Default: None
+- Data type: string
+
+
 ### `Sources[].Action`
 
 Specifies the action to take when the source sends traffic to the destination service. The value  is either `allow` or `deny`. Do not configure this field to apply L7 intentions to the same source. Configure the [`Permissions`](#sources-permissions) field instead. 
@@ -644,7 +660,8 @@ List of configurations that define intention sources and the authorization grant
   - `peer`
   - `namespace` <EnterpriseAlert inline/>
   - `partition` <EnterpriseAlert inline/>
-  - `Action`
+  - `samenessGroup` <EnterpriseAlert inline/>
+  - `action`
   - `permissions`
   - `type`
   - `description`
@@ -685,6 +702,15 @@ Specifies the name of an admin partition that the intention allows or denies tra
 - Default: If [`peer`](#sources-peer) is unspecified, defaults to the partition specified in  [`spec.destination.partition`](#spec-destination-partition).
 - Data type: String
 
+### `spec.sources[].samenessGroup` <EnterpriseAlert inline /> 
+
+Specifies the name of a sameness group that the intention allows or denies traffic from. Refer to [create samenes groups](/consul/docs/k8s/connect/cluster-peering/usage/create-sameness-groups) for additional information.
+
+#### Values
+
+- Default: None
+- Data type: string
+  
 ### `spec.sources[].action`
 
 Specifies the action to take when the source sends traffic to the destination service. The value  is either `allow` or `deny`. Do not configure this field for L7 intentions. Configure the [`spec.sources.permissions`](#spec-sources-permissions) field instead. 
diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx
index b6805604b1e8..60207b136bb3 100644
--- a/website/content/docs/enterprise/index.mdx
+++ b/website/content/docs/enterprise/index.mdx
@@ -19,6 +19,7 @@ The following features are [available in several forms of Consul Enterprise](#co
 ### Multi-Tenancy
 - [Admin Partitions](/consul/docs/enterprise/admin-partitions): Define administrative boundaries between tenants within a single Consul datacenter
 - [Namespaces](/consul/docs/enterprise/namespaces): Define resource boundaries within a single admin partition for further organizational flexibility
+- [Sameness Groups](/consul/docs/connect/config-entries/samenes-group): Define partitions and cluster peers as members of a group with identical services
 
 ### Resiliency
 - [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state
@@ -83,6 +84,7 @@ Available Enterprise features per Consul form and license include:
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)    | No                                      | Yes                 | With Global Visibility, Routing, and Scale module |
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | No                                      | Yes                 | Yes                                               |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)          | Not applicable                          | Yes                 | With Global Visibility, Routing, and Scale module |
+| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | No | Yes | N/A |
 | [Sentinel for KV](/consul/docs/enterprise/sentinel)             | All tiers                               | Yes                 | With Governance and Policy module                 |
 
 [HashiCorp Cloud Platform (HCP) Consul]: https://cloud.hashicorp.com/products/consul
@@ -108,6 +110,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#9989;  |  &#10060;  |  &#10060;  |
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Sentinel ](/consul/docs/enterprise/sentinel)                           |  &#9989;  |  &#9989;   |   &#9989;  |
 
 </Tab>
@@ -126,6 +129,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#10060; |  &#10060;  |  &#10060;  |
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#9989;  |  &#9989;   |  &#9989;  |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  &#10060; |  &#10060;  |  &#10060;  |
+| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Sentinel ](/consul/docs/enterprise/sentinel)                           |  &#9989;  |  &#9989;   |  &#9989;  |
 
 </Tab>
@@ -144,6 +148,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#10060; |  &#10060;  |  &#10060;  |
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#10060; |  &#10060;  |  &#10060;  |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  n/a      |  n/a       |  n/a       |
+| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Sentinel ](/consul/docs/enterprise/sentinel)                           |  &#9989;  |  &#9989;   |   &#9989;  |
 
 </Tab>
diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx
new file mode 100644
index 000000000000..24e9e5874be1
--- /dev/null
+++ b/website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx
@@ -0,0 +1,290 @@
+---
+page_title: Create sameness groups
+description: |-
+  Learn how to create sameness groups between partitions and cluster peers on Kubernetes so that Consul can identify instances of the same service across partitions and datacenters.
+---
+
+# Create sameness groups on Kubernetes
+
+This topic describes how to designate groups of services as functionally identical in your network on Consul deployments running Kubernetes. Sameness groups are the preferred failover strategy for deployments with cluster peering connections. For more information about sameness groups and failover, refer to [Failover overview](/consul/docs/connect/failover).
+
+<Warning>
+
+Sameness groups are a beta feature in this version of Consul. Functionality is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may experience performance issues, scaling issues, and limited support.
+
+</Warning>
+
+## Overview
+
+Sameness groups are a user-defined set of partitions that Consul uses to identify services in different administrative partitions with the same name as being the same service. One of the use cases for sameness groups is to create a blanket failover policy for deployments with cluster peering connections.
+
+To create and use sameness groups in your network, complete the following steps:
+
+- **Create sameness group configuration entries for each member of the group**. For each partition that you want to include in the sameness group, you must write and apply a sameness group configuration entry that defines the group’s members from that partition’s perspective. Refer to the [sameness group configuration entry reference](/consul/docs/connect/config-entries/sameness-group) for details on configuration hierarchy, default values, and specifications.
+- **Export services to members of the sameness group**. You must write and apply an exported services configuration entry that makes the partition’s services available to other members of the group. Refer to [exported services configuration entry reference](/consul/docs/connect/config-entries/exported-services) for additional specification information.
+- **Create service intentions for each member of the sameness group**. For each partition that you want to include in the sameness group, you must write and apply service intentions configuration entries to authorize traffic to your services from all members of the group. Refer to the [service intentions configuration entry reference](/consul/docs/connect/config-entries/service-intentions) for additional specification information.
+
+## Requirements
+
+- All datacenters where you want to create sameness groups must run Consul v1.16 or later. Refer to [upgrade instructions](/consul/docs/k8s/upgrade) for more information about how to upgrade your deployment.
+- A [Consul Enterprise license](/consul/docs/enterprise/license/overview) is required.
+
+### Before you begin
+
+Before creating a sameness group, take the following actions to prepare your network:
+
+#### Check namespace and service naming conventions
+
+Sameness groups are defined at the partition level. As a result, Consul assumes that namespaces and services in a sameness group that have the same name are identical. This behavior occurs even when two different partitions in the group contain functionally different services that share a name and namespace. This situation would lead to errors, as requests will be sent to the incorrect service.
+
+To prevent errors, check the names of the services deployed to your network and the namespaces they are deployed in. Pay particular attention to the default namespace to confirm that services have unique names. If different services share a name, you should either change one of the service’s name or deploy one of the services to a different namespace. After adding the partition to the sameness group, differentiating the names of services or namespaces enables Consul to correctly assume which services are identical.
+
+#### Deploy mesh gateways for each partition
+
+Mesh gateways are required for cluster peering connections and recommended to secure cross-partition traffic in a single datacenter. Therefore, we recommend securing your network, and especially your production environment, by deploying mesh gateways to each datacenter. Refer to [mesh gateways specifications](/consul/docs/k8s/connect/cluster-peering/tech-specs#mesh-gateway-specifications) for more information about configuring mesh gateways.
+
+#### Establish cluster peering relationships between remote partitions
+
+You must establish connections with cluster peers before you can create a sameness group that includes them. A cluster peering connection exists between two admin partitions in different datacenters, and each connection between two partitions must be established separately with each peer. Refer to [establish cluster peering connections](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering) for step-by-step instructions.
+
+To establish cluster peering connections and define a define group as part of the same workflow, follow instructions up to [Export services between clusters](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering#export-services-between-clusters). You can use the same exported services and service intention configuration entries to establish the cluster peering connection and create the sameness group.
+
+## Create a sameness group
+
+To create a sameness group, you must write and apply sets of three configuration entries for each partition that is a member of the group:
+
+- Sameness group configuration entries: Define the sameness group from each partition’s perspective.
+- Exported services configuration entries: Make services available to other partitions in the group.
+- Service intentions configuration entries: Authorize traffic between services across partitions.
+
+### Define the sameness group from each partition’s perspective
+
+To define a sameness group for a partition, create a [sameness group configuration entry](/consul/docs/connect/config-entries/sameness-group) that describes the partitions and cluster peers that are part of the group. Typically, this order follows this pattern:
+
+1. The local partition
+1. Other partitions in the same datacenter
+1. Partitions with established cluster peering relationships
+
+If you want all services to failover to other instances in the sameness group by default, set `spec.defaultForFailover=true` and list the group members in the order you want to use in a failover scenario.
+
+After you create the configuration entry, apply it to the Consul server with the following `kubectl` CLI command:
+
+```shell-session
+$ kubectl apply --filename sameness-group-a.yaml
+```
+
+Then, repeat the process to create and apply a configuration entry for every partition that is a member of the sameness group.
+
+Be aware that the sameness group configuration entries are different for each partition. The following example demonstrates how to format three different configuration entries for three partitions that are part of the sameness group `sameness-group-a` when Partition 1 and Partition 2 are in DC1, and the third partition is Partition 1 in DC2:
+
+<CodeTabs tabs={[ "dc1-partition-1", "dc1-partition-2", "dc2-partition-1" ]}>
+
+<CodeBlockConfig filename="sameness-group-a.yaml" hideClipboard lineNumbers highlight="4,8-10">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: SamenessGroup 
+metadata:
+  name: sameness-group-a
+spec:
+  defaultForFailover: true
+  members:                                   
+    partition: partition-1
+    partition: partition-2
+    peer: dc2-partition-1
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig filename="sameness-group-a.yaml" hideClipboard lineNumbers highlight="4,8-10">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: SamenessGroup 
+metadata:
+  name: sameness-group-a
+spec:
+  defaultForFailover: true
+  members:                                   
+    partition: partition-2
+    partition: partition-1
+    peer: dc2-partition-1  
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig filename="sameness-group-a.yaml" hideClipboard lineNumbers highlight="4,8-10">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: SamenessGroup 
+metadata:
+  name: sameness-group-a
+spec:
+  defaultForFailover: true
+  members:                                   
+    partition: partition-1
+    peer: dc1-partition-1
+    peer: dc2-partition-2
+```
+
+</CodeBlockConfig>
+
+</CodeTabs>
+
+### Export services to other partitions in the sameness group
+
+To make services available to other members of the sameness group, you must write and apply an [exported services configuration entry](/consul/docs/connect/config-entries/exported-services) to each partition in the group. This configuration entry exports the local partition's services to the rest of the group members. In each configuration entry, set the sameness group as the `Consumer` for the exported services. You can export multiple services in a single exported services configuration entry.
+
+Because you are configuring the consumer to reference the sameness group instead of listing out each partition and cluster peer, you do not need to edit this configuration again when you add a partition or peer to the group.
+
+The following example demonstrates how to format three different `exported-service` configuration entries to make a service named `api` deployed to the `store` namespace of each partition available to all other group members:
+
+<CodeTabs tabs={[ "dc1-partition-1", "dc1-partition-2", "dc2-partition-1" ]}>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="7-10">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+Kind: ExportedServices
+metadata:
+  name: group-a-export
+spec:
+  services:
+    - name: api
+      namespace: store
+      consumers:
+        - samenessGroup: sameness-group-a
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="7-10">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+Kind: ExportedServices
+metadata:
+  name: group-a-export
+spec:
+  services:
+    - name: api
+      namespace: store
+      consumers:
+        - samenessGroup: sameness-group-a
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="7-10">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+Kind: ExportedServices
+metadata:
+  name: group-a-export
+spec:
+  services:
+    - name: api
+      namespace: store
+      consumers:
+        - samenessGroup: sameness-group-a
+```
+
+</CodeBlockConfig>
+
+</CodeTabs>
+
+For more information about exporting services, including examples of configuration entries that export multiple services at the same time, refer to the [exported services configuration entry reference](/consul/docs/connect/config-entries/exported-services).
+
+After you create each exported services configuration entry, apply it to the Consul server with the following CLI command:
+
+```shell-session
+$ kubectl apply --filename group-a-export.yaml
+```
+
+#### Export services for cluster peers and sameness groups at the same time
+
+It is possible to combine the exported services configuration entry for creating sameness groups with the entry required to [export services when establishing cluster peering connections](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering#export-services-between-clusters).
+
+In this workflow, configure the `services[].consumers` block with the `samenessGroup` field instead of the `peer` field. You should write the `sameness-group` configuration entry to Consul before referencing it in the `exported-services` configuration entry.
+
+### Create service intentions to authorize traffic between group members
+
+While exporting the service to each member of the sameness group makes the services visible to remote partitions, you must also create service intentions so that local services are authorized to send and receive traffic from a member of the sameness group.
+
+For each partition that is member of the group, write and apply a [service intentions configuration entry](/consul/docs/connect/config-entries/service-intentions) that defines intentions for the services that are part of the group. In the `sources` block of the configuration entry, include the service name, its namespace, the sameness group and grant `allow` permissions.
+
+Because you are using the sameness group in the `sources` block rather than listing out each partition and cluster peer, you do not have to make further edits to the service intentions configuration entries when members are added to or removed from the group.
+
+The following example demonstrates how to format three different `service-intentions` configuration entries to make a service named `api` available to all instances of `payments` deployed in all members of the sameness group including the local partition. In this example, `api` is deployed to the `store` namespace in all three partitions.
+
+<CodeTabs tabs={[ "dc1-partition-1", "dc1-partition-2", "dc2-partition-1" ]}>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="4,7-10">
+
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceIntentions
+metadata:
+  name: api
+spec:
+  sources:
+  - name: api
+    action: allow
+    namespace: store
+    samenessGroup: sameness-group-a
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="4,7-10">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceIntentions
+metadata:
+  name: api
+spec:
+  sources:
+  - name: api
+    action: allow
+    namespace: store
+    samenessGroup: sameness-group-a
+```
+
+</CodeBlockConfig>
+
+<CodeBlockConfig hideClipboard lineNumbers highlight="4,7-10">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceIntentions
+metadata:
+  name: api
+spec:
+  sources:
+  - name: api
+    action: allow
+    namespace: store
+    samenessGroup: sameness-group-a
+```
+
+</CodeBlockConfig>
+
+</CodeTabs>
+
+Refer to [create and manage intentions](/consul/docs/connect/intentions/create-manage-intentions) for more information about how to create and apply service intentions in Consul.
+
+After you create each service intentions configuration entry, apply it to the Consul server with the following CLI command:
+
+```shell-session
+$ kubectl apply --filename api.yaml
+```
+
+#### Create service intentions for cluster peers and sameness groups at the same time
+
+It is possible to combine the service intentions configuration entry for creating sameness groups with the entry required to [authorize services for peers](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering#authorize-services-for-peers).
+
+In this workflow, configure the `sources` block with the `samenessGroup` field instead of the `peer` field. You should write the `sameness-group` configuration entry to Consul before referencing it in the `service-intentions` configuration entry.
\ No newline at end of file
diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx
index 19e504b95d68..167d4fdceced 100644
--- a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx
+++ b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx
@@ -18,6 +18,8 @@ The overall process for establishing a cluster peering connection consists of th
 
 Cluster peering between services cannot be established until all four steps are complete.
 
+Cluster peering between services cannot be established until all four steps are complete. If you want to establish cluster peering connections and create sameness groups at the same time, refer to the guidance in [create sameness groups](/consul/docs/k8s/connect/cluster-peering/usage/create-sameness-groups).
+
 For general guidance for establishing cluster peering connections, refer to [Establish cluster peering connections](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering).
 
 ## Prerequisites
diff --git a/website/content/docs/k8s/crds/index.mdx b/website/content/docs/k8s/crds/index.mdx
index 6a68960a04df..c34146c3c35b 100644
--- a/website/content/docs/k8s/crds/index.mdx
+++ b/website/content/docs/k8s/crds/index.mdx
@@ -19,6 +19,7 @@ You can specify the following values in the `kind` field. Click on a configurati
 - [`PeeringAcceptor`](/consul/docs/k8s/connect/cluster-peering/tech-specs#peeringacceptor)
 - [`PeeringDialer`](/consul/docs/k8s/connect/cluster-peering/tech-specs#peeringdialer)
 - [`ProxyDefaults`](/consul/docs/connect/config-entries/proxy-defaults)
+- [`SamenessGroup`](/consul/docs/connect/config-entries/sameness-group)
 - [`ServiceDefaults`](/consul/docs/connect/config-entries/service-defaults)
 - [`ServiceSplitter`](/consul/docs/connect/config-entries/service-splitter)
 - [`ServiceRouter`](/consul/docs/connect/config-entries/service-router)
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index edd16a4eb86f..ee250b9035ad 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -453,7 +453,11 @@
             "path": "connect/config-entries/proxy-defaults"
           },
           {
-            "title": "Service defaults",
+            "title": "Sameness Group",
+            "path": "connect/config-entries/sameness-group"
+          },
+          {
+            "title": "Service Defaults",
             "path": "connect/config-entries/service-defaults"
           },
           {
@@ -752,6 +756,10 @@
               {
                 "title": "Manage L7 Traffic With Cluster Peering",
                 "path": "connect/cluster-peering/usage/peering-traffic-management"
+              },
+              {
+                "title": "Create Sameness Groups",
+                "path": "connect/cluster-peering/usage/create-sameness-groups"
               }
             ]
           }
@@ -1299,6 +1307,10 @@
                   {
                     "title": "Manage L7 Traffic With Cluster Peering",
                     "path": "k8s/connect/cluster-peering/usage/l7-traffic"
+                  },
+                  {
+                    "title": "Create Sameness Groups",
+                    "path": "k8s/connect/cluster-peering/usage/create-sameness-groups"
                   }
                 ]
               }

From c384f244608d87a37460148adc41f9c287385387 Mon Sep 17 00:00:00 2001
From: Thomas Eckert <teckert@hashicorp.com>
Date: Mon, 12 Jun 2023 16:36:33 -0400
Subject: [PATCH 022/359] Remove "BETA" marker from config entries (#17670)

---
 website/data/docs-nav-data.json | 46 ++++++++-------------------------
 1 file changed, 11 insertions(+), 35 deletions(-)

diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index ee250b9035ad..3a45890eb3b4 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -402,39 +402,19 @@
           },
           {
             "title": "API gateway",
-            "href": "/consul/docs/connect/gateways/api-gateway/configuration/api-gateway",
-            "badge": {
-              "text": "BETA",
-              "type": "outlined",
-              "color": "neutral"
-            }
+            "href": "/consul/docs/connect/gateways/api-gateway/configuration/api-gateway"
           },
           {
             "title": "HTTP route",
-            "href": "/consul/docs/connect/gateways/api-gateway/configuration/http-route",
-            "badge": {
-              "text": "BETA",
-              "type": "outlined",
-              "color": "neutral"
-            }
+            "href": "/consul/docs/connect/gateways/api-gateway/configuration/http-route"
           },
           {
             "title": "TCP route",
-            "href": "/consul/docs/connect/gateways/api-gateway/configuration/tcp-route",
-            "badge": {
-              "text": "BETA",
-              "type": "outlined",
-              "color": "neutral"
-            }
+            "href": "/consul/docs/connect/gateways/api-gateway/configuration/tcp-route"
           },
           {
             "title": "Inline certificate",
-            "href": "/consul/docs/connect/gateways/api-gateway/configuration/inline-certificate",
-            "badge": {
-              "text": "BETA",
-              "type": "outlined",
-              "color": "neutral"
-            }
+            "href": "/consul/docs/connect/gateways/api-gateway/configuration/inline-certificate"
           },
           {
             "title": "Ingress gateway",
@@ -510,7 +490,7 @@
                   {
                     "title": "Delegate authorization to external services",
                     "path": "connect/proxies/envoy-extensions/usage/ext-authz"
-                  },                  
+                  },
                   {
                     "title": "Run Lua scripts in Envoy proxies",
                     "path": "connect/proxies/envoy-extensions/usage/lua"
@@ -526,7 +506,8 @@
                   {
                     "title": "Run WebAssembly plug-ins in Envoy proxies",
                     "path": "connect/proxies/envoy-extensions/usage/wasm"
-                  }                ]
+                  }
+                ]
               },
               {
                 "title": "Configuration",
@@ -534,16 +515,16 @@
                   {
                     "title": "External authorization",
                     "path": "connect/proxies/envoy-extensions/configuration/ext-authz"
-                  },                  
+                  },
                   {
                     "title": "Property override",
                     "path": "connect/proxies/envoy-extensions/configuration/property-override"
-                  },                  
+                  },
                   {
                     "title": "WebAssembly",
                     "path": "connect/proxies/envoy-extensions/configuration/wasm"
                   }
-                ]              
+                ]
               }
             ]
           },
@@ -642,11 +623,6 @@
           },
           {
             "title": "API Gateways",
-            "badge": {
-              "text": "BETA",
-              "type": "outlined",
-              "color": "neutral"
-            },
             "routes": [
               {
                 "title": "Overview",
@@ -1024,7 +1000,7 @@
               {
                 "title": "Limit traffic rates from source IP addresses",
                 "path": "agent/limits/usage/limit-request-rates-from-ips"
-              }    
+              }
             ]
           },
           {

From 27206d9202fe23e88c0814adea4b43180d23d495 Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Mon, 12 Jun 2023 13:41:16 -0700
Subject: [PATCH 023/359] CAPIgw for K8s installation updates for 1.16 (#17627)

* trimmed CRD step and reqs from installation

* updated tech specs

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>

* added upgrade instruction

* removed tcp port req

* described downtime and DT-less upgrades

* applied additional review feedback

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>
---
 .../api-gateway/configuration/gateway.mdx     |  2 +-
 website/content/docs/api-gateway/install.mdx  | 79 ++++++---------
 .../content/docs/api-gateway/tech-specs.mdx   | 45 ++++-----
 website/content/docs/api-gateway/upgrades.mdx | 99 ++++++++++++++++++-
 4 files changed, 147 insertions(+), 78 deletions(-)

diff --git a/website/content/docs/api-gateway/configuration/gateway.mdx b/website/content/docs/api-gateway/configuration/gateway.mdx
index 9d9b87b3b736..fdbe468ba826 100644
--- a/website/content/docs/api-gateway/configuration/gateway.mdx
+++ b/website/content/docs/api-gateway/configuration/gateway.mdx
@@ -58,7 +58,7 @@ The following outline shows how to format the configurations in the `Gateway` ob
 This topic provides details about the configuration parameters.
 
 ### gatewayClassName
-Specifies the name of the [`GatewayClass`](/consul/docs/api-gateway/configuration/gatewayclass) resource used for the `Gateway` instance. Unless you are using a custom [GatewayClass](/consul/docs/api-gateway/configuration/gatewayclass), this value should be set to `consul-api-gateway`.
+Specifies the name of the [`GatewayClass`](/consul/docs/api-gateway/configuration/gatewayclass) resource used for the `Gateway` instance. Unless you are using a custom [GatewayClass](/consul/docs/api-gateway/configuration/gatewayclass), this value should be set to `consul`.
 * Type: string
 * Required: required
 
diff --git a/website/content/docs/api-gateway/install.mdx b/website/content/docs/api-gateway/install.mdx
index 1d715c0c4786..6285c9525a22 100644
--- a/website/content/docs/api-gateway/install.mdx
+++ b/website/content/docs/api-gateway/install.mdx
@@ -5,29 +5,11 @@ description: >-
   Learn how to install custom resource definitions (CRDs) and configure the Helm chart so that you can run Consul API Gateway on your Kubernetes deployment.
 ---
 
-# Install API Gateway for Kubernetes
+# Install API gateway for Kubernetes
 
-This topic describes how to install and configure Consul API Gateway.
+The Consul API gateway ships with Consul and is automatically installed when you install Consul on Kubernetes. Before you begin the installation process, verify that the environment you are deploying Consul and the API gateway in meets the requirements listed in the [Technical Specifications](/consul/docs/api-gateway/tech-specs). Refer to the [Release Notes](/consul/docs/release-notes) for any additional information about the version you are deploying.
 
-## Requirements
-
-Ensure that the environment you are deploying Consul API Gateway in meets the requirements listed in the [Technical Specifications][tech-specs]. This includes validating that the requirements for minimum versions of software are met. Refer to the [Release Notes][rel-notes] for the version of API Gateway you are deploying.
-
-## Installation
-
-1. Set the version of Consul API Gateway you are installing as an environment variable. The following steps use this environment variable in commands and configurations.
-
-  ```shell-session
-  $ export VERSION=0.5.1
-  ```
-
-1. Issue the following command to install the CRDs:
-
-  ```shell-session
-  $ kubectl apply --kustomize="github.com/hashicorp/consul-api-gateway/config/crd?ref=v$VERSION"
-  ```
-
-1. Create a `values.yaml` file for your Consul API Gateway deployment by copying the following content and running it in the environment where you set the `VERSION` environment variable. The Consul Helm chart uses this `values.yaml` file to deploy the API Gateway. Available versions of the [Consul](https://hub.docker.com/r/hashicorp/consul/tags) and [Consul API Gateway](https://hub.docker.com/r/hashicorp/consul-api-gateway/tags) Docker images can be found on DockerHub, with additional context on version compatibility published in [GitHub releases](https://github.com/hashicorp/consul-api-gateway/releases). For more options to configure your Consul API Gateway deployment through the Helm chart, refer to [Helm Chart Configuration - apiGateway](/consul/docs/k8s/helm#apigateway).
+1. Create a `values.yaml` file for configuring your Consul API gateway deployment and include the following settings:
 
     <CodeBlockConfig filename="values.yaml">
 
@@ -37,47 +19,46 @@ Ensure that the environment you are deploying Consul API Gateway in meets the re
             name: consul
           connectInject:
             enabled: true
-          apiGateway:
-            enabled: true
-            image: hashicorp/consul-api-gateway:$VERSION
         EOF
       ```
     </CodeBlockConfig>
 
-1. Install Consul API Gateway using the standard Consul Helm chart or Consul K8s CLI specify the custom values file. Available versions of the [Consul Helm chart](https://github.com/hashicorp/consul-k8s/releases) can be found in GitHub releases.
+  The Consul Helm chart deploys the API gateway using the configuration specified in the `values.yaml` file. Refer to [Helm Chart Configuration - `connectInject.apiGateway`](/consul/docs/k8s/helm#apigateway) for information about the Helm chart configuration options.
+
+1. Install Consul API Gateway using the standard Consul Helm chart or Consul K8s CLI specify the custom values file. Refer to the [Consul Helm chart](https://github.com/hashicorp/consul-k8s/releases) in GitHub releases for the available versions.
 
-  <Tabs>
-    <Tab heading="Consul K8s CLI (Mac Only)">
+<Tabs>
+<Tab heading="Consul K8s CLI (Mac Only)">
 
-    ~> **Note:** Refer to the official [Consul K8S CLI documentation](/consul/docs/k8s/k8s-cli) to find additional settings.
+Refer to the official [Consul K8S CLI documentation](/consul/docs/k8s/k8s-cli) to find additional settings.
 
-    ```shell-session
-    $ brew tap hashicorp/tap
-    ```
+```shell-session
+$ brew tap hashicorp/tap
+```
 
-    ```shell-session
-    $ brew install hashicorp/tap/consul-k8s
-    ```
+```shell-session
+$ brew install hashicorp/tap/consul-k8s
+```
 
-    ```shell-session
-    $ consul-k8s install -config-file=values.yaml -set global.image=hashicorp/consul:1.14.3
-    ```
+```shell-session
+$ consul-k8s install -config-file=values.yaml -set global.image=hashicorp/consul:1.16.0
+```
 
-    </Tab>
-    <Tab heading="Helm">
+</Tab>
+<Tab heading="Helm">
 
-    Add the HashiCorp Helm repository.
+Add the HashiCorp Helm repository.
 
-    ```shell-session
-    $ helm repo add hashicorp https://helm.releases.hashicorp.com
-    ```
-    Install Consul with API Gateway on your Kubernetes cluster by specifying the `values.yaml` file.
+```shell-session
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+```
+Install Consul with API Gateway on your Kubernetes cluster by specifying the `values.yaml` file.
 
-    ```shell-session
-    $ helm install consul hashicorp/consul --version 1.0.2 --values values.yaml --create-namespace --namespace consul
-    ```
-    </Tab>
-  </Tabs>
+```shell-session
+$ helm install consul hashicorp/consul --version 1.2.0 --values values.yaml --create-namespace --namespace consul
+```
+</Tab>
+</Tabs>
 
 <!--
 ****** KEEP ALL PAGE CONTENT ABOVE THIS LINE *******
diff --git a/website/content/docs/api-gateway/tech-specs.mdx b/website/content/docs/api-gateway/tech-specs.mdx
index 7fb142340dec..22fa8d30b5dd 100644
--- a/website/content/docs/api-gateway/tech-specs.mdx
+++ b/website/content/docs/api-gateway/tech-specs.mdx
@@ -1,40 +1,34 @@
 ---
 layout: docs
-page_title: API Gateway for Kubernetes Technical Specifications
+page_title: API gateway for Kubernetes technical specifications
 description: >-
-  Consul API Gateway is a service mesh add-on for Kubernetes deployments. Learn about its requirements for system resources, ports, and component versions, its Enterprise limitations, and compatible k8s cloud environments.
+  Learn about the requirements for installing and using the Consul API gateway for Kubernetes, including required ports, component version minimums, Consul Enterprise limitations, and compatible k8s cloud environments.
 ---
 
-# API Gateway for Kubernetes Technical Specifications
+# API gateway for Kubernetes technical specifications
 
-This topic describes the technical specifications associated with using Consul API Gateway.
+This topic describes the technical specifications associated with using Consul API gateway.
 
 ## Requirements
 
-Verify that your environment meets the following requirements prior to using Consul API Gateway.
+Verify that your environment meets the following requirements prior to using Consul API gateway.
 
-### Datacenter Requirements
+### Datacenter requirements
 
-Your datacenter must meet the following requirements prior to configuring the Consul API Gateway:
+Your datacenter must meet the following requirements prior to configuring the Consul API gateway:
 
-- Kubernetes 1.21+
-- `kubectl` 1.21+
-- Consul 1.11.2+
-- HashiCorp Consul Helm chart 0.47.1+
-- Consul Service Mesh must be deployed on the Kubernetes cluster that API Gateway is deployed on.
-- Envoy:  Envoy proxy support is determined by the Consul version deployed. Refer to [Envoy Integration](/consul/docs/connect/proxies/envoy) for details.
+- HashiCorp Consul Helm chart v1.2.0 and later
 
-### TCP Port Requirements
+### TCP port requirements
 
-The following table describes the TCP port requirements for each component of the API Gateway.
+The following table describes the TCP port requirements for each component of the API gateway.
 
 | Port | Description | Component |
 | ---- | ----------- | --------- |
-| 9090 | Secret discovery service (SDS) | Gateway controller pod <br/> Gateway instance pod |
 | 20000 | Kubernetes readiness probe | Gateway instance pod |
 | Configurable | Port for scraping Prometheus metrics. Disabled by default. | Gateway controller pod |
 
-## Consul Server Deployments
+## Consul server deployments
 
 - Consul Editions supported: OSS and Enterprise
 - Supported Consul Server deployment types:
@@ -43,36 +37,35 @@ The following table describes the TCP port requirements for each component of th
 
 ### Limited Support of some Consul Features
 
-The following table lists API Gateway limitations related to specific Consul features
+The following table lists API gateway limitations related to specific Consul features
 
 | Consul Feature | Limitation |
 | -------------- | ---------- |
-| [Admin partitions](/consul/docs/enterprise/admin-partitions) | You can deploy Consul API Gateway into the `default` admin partition only. You can route to services in other `default` admin partitions through peered connections. Refer to [Route Traffic to Peered Services](/consul/docs/api-gateway/usage/route-to-peered-services) for additional information. |
 | Routing between datacenters | If you are connecting multiple Consul datacenters to create a federated network, you can route to services in other datacenters through peered connections. Refer to [Route Traffic to Peered Services](/consul/docs/api-gateway/usage/route-to-peered-services) for additional information. |
 
 ## Deployment Environments
 
-Consul API Gateway can be deployed in the following Kubernetes-based environments:
+Consul API gateway can be deployed in the following Kubernetes-based environments:
 
 - Generic Kubernetes
 - AWS Elastic Kubernetes Service (EKS)
 - Google Kubernetes Engine (GKE)
 - Azure Kubernetes Service (AKS)
 
-## Kubernetes Gateway API Specification - Supported Versions
+## Supported versions of Kubernetes Gateway API specification 
 
-See the Release Notes for the version of Consul API Gateway being used.
+Refer to the [release notes](/consul/docs/release-notes) for your version of Consul.
 
-## Resource Allocations
+## Resource allocations
 
-The following resources are allocated for each component of the API Gateway.
+The following resources are allocated for each component of the API gateway.
 
-### Gateway Controller Pod
+### Gateway controller pod
 
 - **CPU**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
 - **Memory**: None. Either the the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
 
-### Gateway Instance Pod
+### Gateway instance pod
 
 - **CPU**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
 - **Memory**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
diff --git a/website/content/docs/api-gateway/upgrades.mdx b/website/content/docs/api-gateway/upgrades.mdx
index 373eeffcb14e..d45324289db5 100644
--- a/website/content/docs/api-gateway/upgrades.mdx
+++ b/website/content/docs/api-gateway/upgrades.mdx
@@ -5,9 +5,102 @@ description: >-
   Upgrade Consul API Gateway to use newly supported features. Learn about the requirements, procedures, and post-configuration changes involved in standard and specific version upgrades.
 ---
 
-# Upgrade API Gateway for Kubernetes
+# Upgrade Consul API gateway for Kubernetes
+
+Since Consul v1.15, the Consul API gateway is a native feature within the Consul binary and is installed during the normal Consul installation process. Since Consul v1.16, the CRDs necessary for using the Consul API gateway for Kubernetes are also included. You can install Consul v1.16 using the Consul Helm chart v1.2 and later. Refer to [Install API gateway for Kubernetes](/consul/docs/api-gateway/install) for additional information.
+
+## Introduction
+
+Because Consul API gateway releases as part of Consul, it no longer has an independent version number. Instead, the API gateway inherits the same version number as the Consul binary. Refer to the [release notes](/consul/docs/release-notes) for additional information. 
+
+To begin using the native API gateway, complete one of the following upgrade paths:
+
+### Upgrade from Consul on Kubernetes v1.1.x
+
+1. Complete the instructions for [upgrading to the native Consul API gateway](#upgrade-to-native-consul-api-gateway).
+
+### Upgrade from v0.4.x - v0.5.x
+ 
+1. Complete the [standard upgrade instructions](#standard-upgrade)
+1. Complete the instructions for [upgrading to the native Consul API gateway](#upgrade-to-native-consul-api-gateway).
+
+### Upgrade from v0.3.x
+
+1. Complete the instructions for [upgrading to v0.4.0](#upgrade-to-v0-4-0)
+1. Complete the [standard upgrade instructions](#standard-upgrade)
+1. Complete the instructions for [upgrading to the native Consul API gateway](#upgrade-to-native-consul-api-gateway).
+
+### Upgrade from v0.2.x
+
+1. Complete the instructions for [upgrading to v0.3.0](#upgrade-to-v0-2-0)
+1. Complete the instructions for [upgrading to v0.4.0](#upgrade-to-v0-4-0)
+1. Complete the [standard upgrade instructions](#standard-upgrade)
+1. Complete the instructions for [upgrading to the native Consul API gateway](#upgrade-to-native-consul-api-gateway).
+
+### Upgrade from v0.1.x
+
+1. Complete the instructions for [upgrading to v0.2.0](#upgrade-to-v0-2-0)
+1. Complete the instructions for [upgrading to v0.3.0](#upgrade-to-v0-3-0)
+1. Complete the instructions for [upgrading to v0.4.0](#upgrade-to-v0-4-0)
+1. Complete the [standard upgrade instructions](#standard-upgrade)
+1. Complete the instructions for [upgrading to the native Consul API gateway](#upgrade-to-native-consul-api-gateway).
+
+## Upgrade to native Consul API gateway
+
+You must begin the upgrade procedure with Consul API gateway v1.1 installed. If you are currently using a version of Consul API gateway older than v1.1, complete the necessary stages of the upgrade path to v1.1 before you begin upgrading to the native API gateway. Refer to the [Introduction](#introduction) for an overview of the upgrade paths.
+
+### Consul-managed CRDs
+
+If you are able to tolerate downtime for your applications, you should delete previously installed CRDs and allow Consul to install and manage them for future updates. The amount of downtime depends on how quickly you are able to install the new version of Consul. If you are unable to tolerate any downtime, refer to [Self-managed CRDs](#self-managed-crds) for instructions on how to upgrade without downtime.
+
+1. Run the `kubectl delete` command and reference the kustomize directory to delete the existing CRDs. The following example deletes the CRDs that were installed with API gateway v0.5.1: 
+
+  ```shell-session
+  $ kubectl delete --kustomize="github.com/hashicorp/consul-api-gateway/config/crd?ref=v0.5.1"
+  ``` 
+
+1. Issue the following command to apply the configuration and complete the installation:
+
+  ```shell-session
+  $ kubectl apply -f apigw-installation.yaml
+  ```
+
+1. Change any existing `Gateways` to reference the new `GatewayClass` `consul`. Refer to [gatewayClass](/consul/docs/api-gateway/configuration/gateway#gatewayclassname) for additional information.
+
+1. After updating all of your `gateway` configurations to use the new controller, you can complete the upgrade again and completely remove the `apiGateway` block to remove the old controller. 
+
+### Self-managed CRDs
+
+If you are unable to tolerate any downtime, you can complete the following steps to upgrade to the native Consul API gateway. If you choose this upgrade option, you must continue to manually install the CRDs necessary for operating the API gateway. 
+
+1. Create a values file that installs the version of Consul API gateway that ships with Consul and disables externally-managed CRDs:
+
+  <CodeBlock heading="apigw-installation.yaml">
+
+  ```yaml
+  global:
+    image: hashicorp/consul:1.16
+    imageK8S: hashicorp/consul-k8s-control-plane
+  connectInject:
+    apiGateway:
+      manageExternalCRDs: false
+  apiGateway:
+    enabled: true
+    image: hashicorp/consul-api-gateway:0.5.4
+    managedGatewayClass:
+      enabled: true
+  ```
+
+  </CodeBlock>
+
+1. Issue the following command to apply the configuration and complete the installation:
+
+  ```shell-session
+  $ kubectl apply -f apigw-installation.yaml
+  ```
+
+1. Change any existing `Gateways` to reference the new `GatewayClass` `consul`. Refer to [gatewayClass](/consul/docs/api-gateway/configuration/gateway#gatewayclassname) for additional information.
 
-This topic describes how to upgrade Consul API Gateway.
 
 ## Upgrade to v0.4.0
 
@@ -34,7 +127,9 @@ Ensure that the following requirements are met prior to upgrading:
 <a name="v0.4.0-post-upgrade-configuration-changes"/>
 
 ### Post-upgrade configuration changes
+
 Complete the following steps after performing standard upgrade procedure.
+
 #### Requirements
 
 - Consul API Gateway should be running version v0.4.0.

From b678742c68a96a1981a7754a3c553fd389a94552 Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Mon, 12 Jun 2023 15:09:35 -0700
Subject: [PATCH 024/359] additional feedback on API gateway upgrades (#17677)

* additional feedback

* Update website/content/docs/api-gateway/upgrades.mdx

Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>

---------

Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>
---
 website/content/docs/api-gateway/upgrades.mdx | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/website/content/docs/api-gateway/upgrades.mdx b/website/content/docs/api-gateway/upgrades.mdx
index d45324289db5..31bc1ec82374 100644
--- a/website/content/docs/api-gateway/upgrades.mdx
+++ b/website/content/docs/api-gateway/upgrades.mdx
@@ -101,6 +101,8 @@ If you are unable to tolerate any downtime, you can complete the following steps
 
 1. Change any existing `Gateways` to reference the new `GatewayClass` `consul`. Refer to [gatewayClass](/consul/docs/api-gateway/configuration/gateway#gatewayclassname) for additional information.
 
+1. After updating all of your `gateway` configurations to use the new controller, you can remove the `apiGateway` block from the Helm chart and rerun it. This completely removes the old gateway controller. 
+
 
 ## Upgrade to v0.4.0
 

From 66704e5cb90e321b4e37c53b465906bb16ec2143 Mon Sep 17 00:00:00 2001
From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Date: Mon, 12 Jun 2023 15:13:44 -0700
Subject: [PATCH 025/359] docs: JWT Authorization for intentions (#17643)

* Initial page/nav creation

* configuration entry reference page

* Usage + fixes

* service intentions page

* usage

* description

* config entry updates

* formatting fixes

* Update website/content/docs/connect/config-entries/service-intentions.mdx

Co-authored-by: Paul Glass <pglass@hashicorp.com>

* service intentions review fixes

* Overview page review fixes

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: Paul Glass <pglass@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 .../connect/config-entries/jwt-provider.mdx   | 1026 +++++++++++++++++
 .../config-entries/service-intentions.mdx     |  311 ++++-
 .../connect/intentions/jwt-authorization.mdx  |  101 ++
 website/data/docs-nav-data.json               |    8 +
 4 files changed, 1418 insertions(+), 28 deletions(-)
 create mode 100644 website/content/docs/connect/config-entries/jwt-provider.mdx
 create mode 100644 website/content/docs/connect/intentions/jwt-authorization.mdx

diff --git a/website/content/docs/connect/config-entries/jwt-provider.mdx b/website/content/docs/connect/config-entries/jwt-provider.mdx
new file mode 100644
index 000000000000..3ad00483c6c2
--- /dev/null
+++ b/website/content/docs/connect/config-entries/jwt-provider.mdx
@@ -0,0 +1,1026 @@
+---
+page_title: JWT provider configuration entry reference
+description: |-
+ JWT provider configuration entries add JSON Web Token token validation to intentions in the service mesh. Learn how to write `jwt-provider` config entries in HCL or YAML with a specification reference, configuration model, a complete example, and example code by use case.
+---
+
+# JWT provider configuration entry reference
+
+This page provides reference information for the JWT provider configuration entry, which configures Consul to use a JSON Web Token (JWT) and JSON Web Key Set (JWKS) in order to add JWT validation to proxies in the service mesh. Refer to [Use JWT authorization with service intentions](/consul/docs/connect/intentions/jwt-authorization) for more information.
+
+## Configuration model
+
+The following list outlines field hierarchy, language-specific data types, and requirements in a JWT provider configuration entry. Click on a property name to view additional details, including default values.
+
+<Tabs>
+
+<Tab heading="HCL and JSON" group="hcl">
+
+- [`Kind`](#kind): string | required | must be set to `jwt-provider`
+- [`Name`](#name): string | required
+- [`Issuer`](#issuer): string
+- [`JSONWebKeySet`](#jsonwebkeyset): map
+  - [`Local`](#jsonwebkeyset-local): map
+    - [`JWKS`](#jsonwebkeyset-local-jwks): string
+    - [`Filename`](#jsonwebkeyset-local-filename): string
+  - [`Remote`](#jsonwebkeyset-remote): map
+    - [`URI`](#jsonwebkeyset-remote-uri): string
+    - [`RequestTimeoutMs`](#jsonwebkeyset-remote-requesttimeoutms): integer
+    - [`CacheDuration`](#jsonwebkeyset-remote-cacheduration): string | `5m`
+    - [`FetchAsynchronously`](#jsonwebkeyset-remote-fetchasynchronously): boolean | `false`
+    - [`RetryPolicy`](#jsonwebkeyset-remote-retrypolicy): map
+      - [`NumRetries`](#jsonwebkeyset-remote-retrypolicy-numretries): integer | `0`
+      - [`RetryPolicyBackoff`](#jsonwebkeyset-remote-retrypolicy-retry-policy-backoff): map
+        - [`BaseInterval`](#jsonwebkeyset-remote-retrypolicy-retry-policy-backoff): string
+        - [`MaxInterval`](#jsonwebkeyset-remote-retrypolicy-retry-policy-backoff): string
+- [`Audiences`](#audiences): list of strings
+- [`Locations`](#locations): list of maps
+  - [`Header`](#locations-header): map
+    - [`Name`](#locations-header-name): string
+    - [`ValuePrefix`](#locations-header-valueprefix): string
+    - [`Forward`](#locations-header-forward): boolean | `false`
+  - [`QueryParam`](#locations-queryparam): map
+    - [`Name`](#locations-queryparam): string
+  - [`Cookie`](#locations-cookie): map
+    - [`Name`](#locations-cookie): string
+- [`Forwarding`](#forwarding): map
+  - [`HeaderName`](#forwarding-headername): string
+  - [`PadForwardPayloadHeader`](#forwarding-padforwardpayloadheader): boolean | `false`
+- [`ClockSkewSeconds`](#clockskewseconds): integer | `30`
+- [`CacheConfig`](#cacheconfig): map
+  - [`Size`](#cacheconfig-size): integer | `0`
+
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
+- [`apiVersion`](#apiversion): string | required | must be set to `consul.hashicorp.com/v1alpha1`
+- [`kind`](#kind): string | required | must be set to `jwtProvider`
+- [`metadata`](#metadata): map | required
+  - [`name`](#metadata-name): string | required
+  - [`namespace`](#metadata-namespace): string
+- [`spec`](#spec): map | required
+  - [`issuer`](#spec-issuer): string
+  - [`jsonWebKeySet`](#spec-jsonwebkeyset): map
+    - [`local`](#spec-jsonwebkeyset-local): map
+      - [`jwks`](#spec-jsonwebkeyset-local-jwks): string
+      - [`filename`](#spec-jsonwebkeyset-local-filename): string
+    - [`remote`](#spec-jsonwebkeyset-remote): map
+      - [`uri`](#spec-jsonwebkeyset-remote-uri): string
+      - [`requestTimeoutMs`](#spec-jsonwebkeyset-remote-requesttimeoutms): integer
+      - [`cacheDuration`](#spec-jsonwebkeyset-remote-cacheduration): string | `5m` 
+      - [`fetchAsynchronously`](#spec-jsonwebkeyset-remote-fetchasynchronously): boolean | `false`
+      - [`retryPolicy`](#spec-jsonwebkeyset-remote-retrypolicy): map
+        - [`numRetries`](#spec-jsonwebkeyset-remote-retrypolicy-numretries): integer | `0`
+        - [`retryPolicyBackoff`](#spec-jsonwebkeyset-remote-retrypolicy-retry-policy-backoff): map
+          - [`baseInterval`](#spec-jsonwebkeyset-remote-retrypolicy-retry-policy-backoff): string
+          - [`maxInterval`](#spec-jsonwebkeyset-remote-retrypolicy-retry-policy-backoff): string
+  - [`audiences`](#spec-audiences): list of strings
+  - [`locations`](#spec-locations): list of maps
+    - [`header`](#spec-locations-header): map
+      - [`name`](#spec-locations-header-name): string
+      - [`valuePrefix`](#spec-locations-header-valueprefix): string
+      - [`forward`](#spec-locations-header-forward): boolean | `false`
+    - [`queryParam`](#spec-locations-queryparam): map
+      - [`name`](#spec-locations-queryparam): string
+    - [`cookie`](#spec-locations-cookie): map
+      - [`name`](#spec-locations-cookie): string
+  - [`forwarding`](#spec-forwarding): map
+    - [`headerName`](#spec-forwarding-headername): string
+    - [`padForwardPayloadHeader`](#spec-forwarding-padforwardpayloadheader): boolean | `false`
+  - [`clockSkewSeconds`](#spec-clockskewseconds): integer | `30`
+  - [`cacheConfig`](#spec-cacheconfig): map
+    - [`size`](#spec-cacheconfig-size): integer | `0`
+
+</Tab>
+</Tabs>
+
+## Complete configuration
+
+When every field is defined, a JWT provider configuration entry has the following form:
+
+<Tabs>
+
+<Tab heading="HCL" group="hcl">
+
+```hcl
+Kind = "jwt-provider"                                # required
+Name = "<name-of-provider-configuration-entry>"      # required
+Issuer = "<jwt-issuer>"                              # required
+JSONWebKeySet = {                                    # required
+    Local = {                                        # cannot specify with JWKS{}.Remote
+        JWKS = "<JWKS-formatted-as-string>"          # cannot specify with JWKS{}.Local{}.Filename
+        Filename = "<path/to/JWKS/file>"             # cannot specify with JWKS{}.Local{}.String
+    }
+}
+JSONWebKeySet = {
+        Remote = {                                   # cannot specify with JWKS{}.Local
+          URI = "<uniform-resource-identifier>"
+          RequestTimeoutMs = 1500
+          CacheDuration = "5m"
+          FetchAsynchronously = false
+          RetryPolicy = {
+            NumRetries = 0
+            RetryPolicyBackoff = {
+              BaseInterval = "1s"
+              MaxInterval = "10s"
+            }
+          }
+        }
+      }
+Audiences = ["<aud-claims>"]
+Locations = [
+    {
+        Header = {
+            Name = "<name-of-header-with-token>"
+            ValuePrefix = "<prefix-in-header-before-token>"
+            Forward = false
+        }
+    },
+    {
+        QueryParam = {
+            Name = "<name-of-query-parameter-with-token>"
+        }
+    },
+    {
+        Cookie = {
+            Name = "<name-of-cookie-with-token>"
+        }
+    }
+]
+Forwarding = {
+    HeaderName = "<name-appended-to-forwarding-header>"
+    PadForwardPayloadHeader = false
+}
+ClockSkewSeconds = 30
+CacheConfig = {
+    Size = 0
+}
+```
+
+</Tab>
+
+<Tab heading="JSON" group="json">
+
+```json
+{
+"Kind": "jwt-provider",                               // required
+"Name": "<name-of-provider-configuration-entry>",     // required
+"Issuer": "<jwt-issuer>",                             // required
+"JSONWebKeySet": {                                    // required
+    "Local": {                                        // cannot specify with JWKS.Remote
+        "JWKS": "<JWKS-formatted-as-string>",         // cannot specify with JWKS.Local.Filename
+        "Filename": "<path/to/JWKS/file>"             // cannot specify with JWKS.Local.String
+    }
+},
+"JSONWebKeySet": {
+        "Remote": {                                   // cannot specify with JWKS.Local
+          "URI": "<uniform-resource-identifier>",
+          "RequestTimeoutMs": "1500",
+          "CacheDuration": "5m",
+          "FetchAsynchronously": "false",
+          "RetryPolicy": {
+            "NumRetries": "0",
+            "RetryPolicyBackOff": {
+              "BaseInterval": "1s",
+              "MaxInterval": "10s"
+            }
+          }
+        }
+},
+"Audiences": ["<aud-claims>"],
+"Locations": [
+    {
+        "Header": {
+            "Name": "<name-of-header-with-token>",
+            "ValuePrefix": "<prefix-in-header-before-token>",
+            "Forward": "false"
+        }
+    },
+    {
+        "QueryParam": {
+            "Name":"<name-of-query-parameter-with-token>",
+        }
+    },
+    {
+        "Cookie": {
+            "Name": "<name-of-cookie-with-token>"
+        }
+    }
+],
+"Forwarding": {
+    "HeaderName": "<name-appended-to-forwarding-header>",
+    "PadForwardPayloadHeader": "false"
+},
+"ClockSkewSeconds": "30",
+"CacheConfig": {
+    "Size": "0"
+}
+}
+```
+
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1         # required
+kind: jwtProvider                                 # required            
+metadata:                                         # required    
+  name: <name-of-provider-configuration-entry>    # required
+  namespace: <namespace>
+spec:                                             # required
+  issuer: <jwt-issuer>
+  jsonWebKeySet:
+    local:                                        # cannot specify with spec.jsonWebKeySet.remote
+     jwks: <jwks-formatted-as-string>             # cannot specify with spec.jsonWebKeySet.local.filename
+     filename: <path/to/jwks/file>                # cannot specify with spec.jsonWebKeySet.local.string
+  jsonWebKeySet:
+    remote:                                       # cannot specify with spec.jsonWebKeySet.local
+      uri: <uniform-resource-identifier>
+      requestTimeoutMs: 1500
+      cacheDuration: 5m
+      fetchAsynchronously: false
+      retryPolicy:
+        numRetries: 0
+        retryPolicyBackoff:
+          baseInterval: 1s
+          maxInterval: 10s
+  audiences: [<aud-claims>]
+  locations: 
+    header: 
+      name: <name-of-header-with-token>
+      valuePrefix: "<prefix-in-header-before-token>"
+      forward: false
+    queryParam:
+      name: "<name-of-query-parameter-with-token>"
+    cookie:
+      name: "<name-of-cookie-with-token>"
+  forwarding: 
+    headerName: "<name-appended-to-forwarding-header>"
+    padForwardPayloadHeader: false
+  clockSkewSeconds: 30
+  cacheConfig:
+    size: 0
+```
+
+</Tab>
+</Tabs>
+
+## Specification
+
+This section provides details about the fields you can configure in the JWT provider configuration entry.
+
+<Tabs>
+
+<Tab heading="HCL" group="hcl">
+
+### `Kind`
+
+Specifies the type of configuration entry to implement.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String value that must be set to `jwt-provider`.
+
+### `Name`
+
+Specifies a name for the configuration entry. We recommend naming the configuration file after the JWT provider used in the configuration. Refer to the [Okta JWT Provider example](#okta-jwt-provider) for an example configuration.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String
+
+### `Issuer`
+
+Specifies the provider that issued the JWT. This value must match the token’s `iss` (issuer) claim.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `JSONWebKeySet`
+
+Defines a JSON Web Key Set. This field can be configured for a local file, or it can specify instructions to fetch a key set from a remote server. You cannot specify [`JSONWebKeySet{}.Local`](#jsonwebkeyset-local) and [`JSONWebKeySet{}.Remote`](#jsonwebkeyset-remote) in the same map.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain one of the following parameters:
+
+  - [`Local`](#jsonwebkeyset-local)
+  - [`Remote`](#jsonwebkeyset-remote)
+
+### `JSONWebKeySet{}.Local`
+
+Specifies a local source for the JSON Web Key Set. You can specify the source as a string in the configuration entry or you can include a local filename that contains the set. You cannot specify both `JWKS` and `Filename` in the same map.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain one of the following parameters:
+
+  - [`JWKS`](#jsonwebkeyset-local-jwks)
+  - [`Filename`](#jsonwebkeyset-local-filename)
+
+### `JSONWebKeySet{}.Local{}.JWKS`
+
+Specifies the JSON Web Key Set that validates the JWT’s signature, formatted as a base64 encoded string. You cannot specify the `JWKS` parameter if [`JWKS{}.Local{}.Filename`](#jsonwebkeyset-local-filename) is also specified in the same map.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `JSONWebKeySet{}.Local{}.Filename`
+
+Specifies the path to the JSON Web Key Set’s location on the local disk. When this field is specified, the file must be present on the disk for all proxies with service intentions referencing this provider. You cannot specify the `Filename` parameter if [`JWKS{}.Local{}.String`](#jsonwebkeyset-local-string) is also specified in the same map.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `JSONWebKeySet{}.Remote`
+
+Specifies a remote source for the JSON Web Key Set and configures behavior when fetching the key set.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+  - [`URI`](#jsonwebkeyset-remote-uri)
+  - [`RequestTimeoutMs`](#jsonwebkeyset-remote-requesttimeoutms) 
+  - [`CacheDuration`](#jsonwebkeyset-remote-cacheduration) 
+  - [`FetchAsynchronously`](#jsonwebkeyset-remote-fetchasynchronously)
+  - [`RetryPolicy`](#jsonwebkeyset-remote-retrypolicy)
+
+### `JSONWebKeySet{}.Remote{}.URI`
+
+Specifies the URI of the server to query for the JSON Key Web Set.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `JSONWebKeySet{}.Remote{}.RequestTimeoutMs`
+
+Specifies the length of time before a request to the remote URI times out, measured in milliseconds (ms).
+
+#### Values
+
+- Default: None
+- Data type: Integer
+
+### `JSONWebKeySet{}.Remote{}.CacheDuration`
+
+Specifies the amount of time cached keys are available before they expire.
+
+The default cache duration is 5 minutes.
+
+#### Values
+
+- Default: `5m`
+- Data type: String
+
+### `JSONWebKeySet{}.Remote{}.FetchAsynchronously`
+
+Determines if the JSON Web Key Set is fetched before a client request arrives. When enabled, the JWKS is fetched before incoming requests. When not enabled, the JWKS is fetched after each request arrives and the proxy listener waits for the JWKS to be fetched before activating.
+
+This parameter is set to `false` by default.
+
+#### Values
+
+- Default: `false`
+- Data type: Boolean
+
+### `JSONWebKeySet{}.Remote{}.RetryPolicy`
+
+Defines a retry policy when fetching the JSON Web Key Set from the remote location.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+  - [`NumRetries`](#jsonwebkeyset-remote-retrypolicy-numretries)
+  - [`RetryPolicyBackoff`](#jsonwebkeyset-remote-retrypolicy-retrypolicybackoff)
+
+### `JSONWebKeySet{}.Remote{}.RetryPolicy{}.NumRetries`
+
+Specifies the number of times to attempt to fetch the JSON Web Key Set when the previous attempt fails.
+
+#### Values
+
+- Default: `0`
+- Data type: Integer
+
+### `JSONWebKeySet{}.Remote{}.RetryPolicy{}.RetryPolicyBackoff`
+
+Specifies a jittered exponential backoff strategy. When this field is empty, Envoy's default policy is used. This policy has a 1 second base interval and a 10 second max interval. 
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+| Parameter | Description                                        | Data type | Default value |
+| :-------- | :------------------------------------------------- | :-------- | :------------ |
+| `BaseInterval`| Specifies the base interval to use for the next back off computation. | String | `1s` |
+| `MaxInterval` | Specifies the maximum interval between retries. By default, this value is 10 times `BaseInterval`. | String | `10s` |
+
+### `Audiences`
+
+Specifies a set of audiences that the JWT is allowed to access, formatted as a list of `aud` (audience) claims. When this field is specified, all JWTs verified with the provider must address at least one of the audiences in order to be considered valid.
+
+#### Values
+
+- Default: None
+- Data type: List of strings
+
+### `Locations`
+
+Specifies the locations in requests where the JWT can be found. Envoy checks all of these locations to extract a JWT. 
+
+This field can specify token locations in a header, a query parameter, or a cookie. When no locations are specified, Envoy defaults to the following locations:
+
+1. Authorization header with Bearer schema: `"Authorization: Bearer <token>"`
+1. `access_token` query parameter.
+
+#### Values
+
+- Default: None
+- Data type: List that can contain maps of the following parameters:
+
+  - [`Header`](#locations-header)
+  - [`QueryParam`](#locations-queryparam)
+  - [`Cookie`](#locations-cookie)
+
+### `Locations[].Header`
+
+Defines how to extract a JWT from an HTTP request header.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+  - [`Name`](#locations-header-name)
+  - [`ValuePrefix`](#locations-header-valueprefix)
+  - [`Forward`](#locations-header-forward)
+
+### `Locations[].Header{}.Name`
+
+Specifies the name of the HTTP request header containing the token.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `Locations[].Header{}.ValuePrefix`
+
+Specifies a prefix that must precede the token in the header value.
+
+For example, `Bearer` is a standard value prefix for a header named "Authorization" that is formatted as `Authorization: Bearer <token>`. The prefix is not part of the token.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `Locations[].Header{}.Forward`
+
+Specifies whether the header with the JWT is forwarded after the token is verified. When set to `false`, the header is not forwarded.
+
+The default value is `false`.
+
+#### Values
+
+- Default: `false`
+- Data type: Boolean
+
+### `Locations[].QueryParam`
+
+Defines how to extract a JWT from an HTTP request query parameter.
+
+#### Values
+
+- Default: None
+- Data type: Map that contains the following parameter:
+
+| Parameter | Description                                                     | Data type | Default value |
+| :-------- | :-------------------------------------------------------------- | :-------- | :------------ |
+| `Name`    | Specifies the name of the query parameter containing the token. | String    | None          |
+
+### `Locations[].Cookie`
+
+Defines how to extract a JWT from an HTTP request cookie.
+
+#### Values
+
+- Default: None
+- Data type: Map that contains the following parameter:
+
+| Parameter | Description                                        | Data type | Default value |
+| :-------- | :------------------------------------------------- | :-------- | :------------ |
+| `Name`| Specifies the name of the cookie containing the token. | String    | None          |
+
+### `Forwarding`
+
+Defines rules for forwarding JWTs to the backend after they are verified.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+  - [`HeaderName`](#forwarding-headername)
+  - [`PadForwardPayloadHeader`](#forwarding-padforwardpayloadheader)
+
+### `Forwarding{}.HeaderName`
+
+Specifies a header name to use when forwarding a verified JWT to the backend. This field does not assume where the JWT was extracted from, and it can be applied to tokens extracted from headers, query parameters, or cookies.
+
+The header value is base64 URL encoded. It is not padded by default.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `Forwarding{}.PadForwardPayloadHeader`
+
+Determines whether to add padding to the base64 encoded token specified in [`Forwarding{}.HeaderName`](#forwarding-header-name). 
+
+By default, this field is set to `false`.
+
+#### Values
+
+- Default: `false`
+- Data type: Boolean
+
+### `ClockSkewSeconds`
+
+Specifies the maximum allowable time difference from clock skew when validating the JSON web token’s `exp` (expiration) and `nbf`  (not before) claims, measured in seconds. 
+
+By default, this parameter is configured to 30 seconds.
+
+#### Values
+
+- Default: `30`
+- Data type: Integer
+
+### `CacheConfig`
+
+Defines behavior for caching the validation result of previously encountered JWTs. Caching results can speed up verification when the same tokens are expected to be handled multiple times. By default, the cache can hold 100 JWTs.
+
+#### Values
+
+- Default: None
+- Data type: Map that contains the following parameter:
+
+| Parameter | Description                                        | Data type | Default value |
+| :-------- | :------------------------------------------------- | :-------- | :------------ |
+| `Size`    | Specifies the number of JSON web tokens to cache.  | Integer   | `100`         |
+
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
+### `apiVersion`
+
+Specifies the version of the Consul API for integrating with Kubernetes. The value must be `consul.hashicorp.com/v1alpha1`.
+
+#### Values
+
+- Default: None
+- This field is required.
+- String value that must be set to `consul.hashicorp.com/v1alpha1`.
+
+### `kind`
+
+Specifies the type of configuration entry to implement. Must be set to `jwtProvider`.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String value that must be set to `jwtProvider`.
+
+### `metadata`
+
+Map that contains an arbitrary name for the configuration entry and the namespace it applies to.
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+### `metadata.name`
+
+Specifies a name for the configuration entry. The name is metadata that you can use to reference the configuration entry when performing Consul operations, such as applying a configuration entry to a specific cluster. We recommend naming the configuration file after the JWT provider used in the configuration. Refer to the [Okta JWT Provider example](#okta-jwt-provider) for an example configuration.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String
+
+### `metadata.namespace` <EnterpriseAlert inline />
+
+Specifies the namespace that the configuration applies to. Refer to [namespaces](/consul/docs/enterprise/namespaces) for more information.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `spec`
+
+Map that contains the details about the `jwtProvider` configuration entry. The `apiVersion`, `kind`, and `metadata` fields are siblings of the spec field. All other configurations are children.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+### `spec.issuer`
+
+Specifies the provider that issued the JWT. This value must match the token’s `iss` (issuer) claim.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `spec.jsonWebKeySet`
+
+Defines a JSON Web Key Set. This field can be configured for a local file, or it can specify instructions to fetch a key set from a remote server. You cannot specify [`spec.jsonWebKeySet.local`](#spec-jsonwebkeyset-local) and [`spec.jsonWebKeySet.remote`](#spec-jsonwebkeyset-remote) in the same map.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain one of the following parameters:
+
+  - [`local`](#spec-jsonwebkeyset-local)
+  - [`remote`](#spec-jsonwebkeyset-remote)
+
+### `spec.jsonWebKeySet.local`
+
+Specifies a local source for the JSON Web Key Set. You can specify the source as a string in the configuration entry or you can include a local filename that contains the set. You cannot specify both `string` and `filename` in the same map.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain one of the following parameters:
+
+  - [`jwks`](#spec-jsonwebkeyset-local-jwks)
+  - [`filename`](#spec-jsonwebkeyset-local-filename)
+
+### `spec.jsonWebKeySet.local.jwks`
+
+Specifies the JSON Web Key Set that validates the JWT’s signature, formatted as a base64 encoded string. You cannot specify the `jwks` parameter if [`spec.jsonWebKeySet.local.filename`](#spec-jsonwebkeyset-local-filename) is also specified in the same map.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `spec.jsonWebKeySet.local.filename`
+
+Specifies the path to the JSON Web Key Set’s location on the local disk. When this field is specified, the file must be present on the disk for all proxies with service intentions referencing this provider. You cannot specify the `filename` parameter if [`spec.jsonWebKeySet.local.jwks`](#spec-jsonwebkeyset-local-jwks) is also specified in the same map.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `spec.jsonWebKeySet.remote`
+
+Specifies a remote source for the JSON Web Key Set and configures behavior when fetching the key set.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+  - [`uri`](#spec-jsonwebkeyset-remote-uri)
+  - [`requestTimeoutMs`](#spec-jsonwebkeyset-remote-requesttimeoutms)
+  - [`cacheDuration`](#spec-jsonwebkeyset-remote-cacheduration)
+  - [`fetchAsynchronously`](#spec-jsonwebkeyset-remote-fetchasynchronously)
+  - [`retryPolicy`](#spec-jsonwebkeyset-remote-retrypolicy)
+
+### `spec.jsonWebKeySet.remote.uri`
+
+Specifies the URI of the server to query for the JSON Key Web Set.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `spec.jsonWebKeySet.remote.requestTimeoutMs`
+
+Specifies the length of time before a request to the remote URI times out, measured in milliseconds (ms).
+
+#### Values
+
+- Default: None
+- Data type: Integer
+
+### `spec.jsonWebKeySet.remote.cacheDuration`
+
+Specifies the amount of time cached keys are available before they expire.
+
+The default cache duration is 5 minutes.
+
+#### Values
+
+- Default: `5m`
+- Data type: String
+
+### `spec.jsonWebKeySet.remote.fetchAsynchronously`
+
+Determines if the JSON Web Key Set is fetched before a client request arrives. When enabled, the JWKS is fetched before incoming requests. When not enabled, the JWKS is fetched after each request arrives and the proxy listener waits for the JWKS to be fetched before activating.
+
+This parameter is set to `false` by default.
+
+#### Values
+
+- Default: `false`
+- Data type: Boolean
+
+### `spec.jsonWebKeySet.remote.retryPolicy`
+
+Defines a retry policy when fetching the JSON Web Key Set from the remote location.
+
+#### Values
+
+- Default: None
+- Data type: Map that contains the following parameter:
+
+  - [`numRetries`](#spec-jsonwebkeyset-remote-retrypolicy-numretries)
+  - [`retryPolicyBackoff`](#spec-jsonwebkeyset-remote-retrypolicy-retrypolicybackoff)
+
+### `spec.jsonWebKeySet.remote.retryPolicy.numRetries`
+
+Specifies the number of times to attempt to fetch the JSON Web Key Set when the previous attempt fails.
+
+#### Values
+
+- Default: `0`
+- Data type: Integer
+
+### `spec.jsonWebKeySet.remote.retryPolicy.retryPolicyBackoff`
+
+Specifies a jittered exponential backoff strategy. When this field is empty, Envoy's default policy is used. This policy has a 1 second base interval and a 10 second max interval. 
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+| Parameter | Description                                        | Data type | Default value |
+| :-------- | :------------------------------------------------- | :-------- | :------------ |
+| `baseInterval`| Specifies the base interval to use for the next back off computation. | String | `1s` |
+| `maxInterval` | Specifies the maximum interval between retries. By default, this value is 10 times `BaseInterval`. | String | `10s` |
+
+### `spec.audiences`
+
+Specifies a set of audiences that the JWT is allowed to access, formatted as a list of `aud` (audience) claims. When this field is specified, all JWTs verified with the provider must address at least one of the audiences in order to be considered valid.
+
+#### Values
+
+- Default: None
+- Data type: List of strings
+
+### `spec.locations`
+
+Specifies the locations in requests where the JWT can be found. Envoy checks all of these locations to extract a JWT.
+
+This field can specify token locations in a header, a query parameter, or a cookie. When no locations are specified, Envoy defaults to the following locations:
+
+1. Authorization header with Bearer schema: `"Authorization: Bearer <token>"`
+1. `access_token` query parameter.
+
+#### Values
+
+- Default: None
+- Data type: List that can contain maps of the following parameters:
+
+  - [`header`](#spec-locations-header)
+  - [`queryParam`](#spec-locations-queryparam)
+  - [`cookie`](#spec-locations-cookie)
+
+### `spec.locations[].header`
+
+Defines how to extract a JWT from an HTTP request header.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+  - [`name`](#spec-locations-header-name)
+  - [`valuePrefix`](#spec-locations-header-valueprefix)
+  - [`forward`](#spec-locations-header-forward)
+
+### `spec.locations[].header.name`
+
+Specifies the name of the HTTP request header containing the token.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `spec.locations[].header.valuePrefix`
+
+Specifies a prefix that must precede the token in the header value.
+
+For example, `Bearer` is a standard value prefix for a header named "Authorization" that is formatted as `Authorization: Bearer <token>`. The prefix is not part of the token.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `spec.locations[].header.forward`
+
+Specifies whether the header with the JWT is forwarded after the token is verified. When set to  `false`, the header is not forwarded.
+
+The default value is `false`.
+
+#### Values
+
+- Default: `false`
+- Data type: Boolean
+
+### `spec.locations[].queryParam`
+
+Defines how to extract a JWT from an HTTP request query parameter.
+
+#### Values
+
+- Default: None
+- Data type: Map that contains the following parameter:
+
+| Parameter | Description                                                     | Data type | Default value |
+| :-------- | :-------------------------------------------------------------- | :-------- | :------------ |
+| `name`    | Specifies the name of the query parameter containing the token. | String    | None          |
+
+### `spec.locations[].cookie`
+
+Defines how to extract a JWT from an HTTP request cookie.
+
+#### Values
+
+- Default: None
+- Data type: Map that contains the following parameter:
+
+| Parameter | Description                                        | Data type | Default value |
+| :-------- | :------------------------------------------------- | :-------- | :------------ |
+| `name`| Specifies the name of the cookie containing the token. | String    | None          |
+
+### `spec.forwarding`
+
+Defines rules for forwarding JWTs to the backend after they are verified.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+  - [`headerName`](#spec-forwarding-headername)
+  - [`padForwardPayloadHeader`](#spec-forwarding-padforwardpayloadheader)
+
+### `spec.forwarding.headerName`
+
+Specifies a header name to use when forwarding a verified JWT to the backend. This field does not assume where the JWT was extracted from, and it can be applied to tokens extracted from headers, query parameters, or cookies.
+
+The header value is base64 URL encoded. It is not padded by default.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `spec.forwarding.padForwardPayloadHeader`
+
+Determines whether to add padding to the base64 encoded token specified in [spec.forwarding.headerName`](#spec-forwarding-header-name). 
+
+By default, this field is set to `false`.
+
+#### Values
+
+- Default: `false`
+- Data type: Boolean
+
+### `spec.clockSkewSeconds`
+
+Specifies the maximum allowable time difference from clock skew when validating the JSON web token’s `exp` (expiration) and `nbf`  (not before) claims, measured in seconds. 
+
+By default, this parameter is configured to 30 seconds.
+
+#### Values
+
+- Default: `30`
+- Data type: Integer
+
+### `spec.cacheConfig`
+
+Defines behavior for caching the validation result of previously encountered JWTs. Caching results can speed up verification when the same tokens are expected to be handled multiple times. By default, the cache can hold 100 JWTs.
+
+#### Values
+
+- Default: None
+- Data type: Map that contains the following parameter:
+
+| Parameter | Description                                        | Data type | Default value |
+| :-------- | :------------------------------------------------- | :-------- | :------------ |
+| `size`    | Specifies the number of JSON web tokens to cache.  | Integer   | `100`         |
+
+</Tab>
+</Tabs>
+
+## Examples
+
+The following examples demonstrate common JWT provider configuration patterns for specific use cases.
+
+### Okta JWT provider
+
+The following example configures Consul to fetch a JSON Web Token issued by Okta. Consul fetches the token from the URI and keeps it in its cache for 30 minutes before the token expires. After validation, the token is forwarded to the backend with `user-token` appended to the HTTP header.
+
+<Tabs>
+
+<Tab heading="HCL" group="hcl">
+
+```hcl
+Kind = "jwt-provider"
+Name = "okta"
+
+Issuer = "okta"
+
+JSONWebKeySet = {
+    Remote = {
+        URI = "https://<org>.okta.com/oauth2/default/v1/keys"
+        CacheDuration = "30m"
+    }
+}
+
+Forwarding = {
+    HeaderName = "user-token"
+}
+```
+
+</Tab>
+
+<Tab heading="JSON" group="json">
+
+```json
+{
+  "Kind": "jwt-provider",
+  "Name": "okta",
+  "Issuer": "okta",
+  "JSONWebKeySet": {
+    "Remote": {
+        "URI": "https://<org>.okta.com/oauth2/default/v1/keys",
+        "CacheDuration": "30m"
+    }
+  },
+  "Forwarding": {
+    "HeaderName": "user-token"
+  }
+}
+```
+
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: jwtProvider
+metadata:
+  name: okta
+spec:
+  issuer: okta
+  jsonwebkeyset:
+    remote:
+      uri: https://<org>.okta.com/oauth2/default/v1/keys
+      cacheDuration: 30m
+  forwarding:
+    headerName: user-token
+```
+
+</Tab>
+</Tabs>
\ No newline at end of file
diff --git a/website/content/docs/connect/config-entries/service-intentions.mdx b/website/content/docs/connect/config-entries/service-intentions.mdx
index 1fe1ed6bd487..180e3aaabd96 100644
--- a/website/content/docs/connect/config-entries/service-intentions.mdx
+++ b/website/content/docs/connect/config-entries/service-intentions.mdx
@@ -21,7 +21,13 @@ The following outline shows how to format the service intentions configuration e
 - [`Name`](#name): string | required  
 - [`Namespace`](#namespace): string |  `default` | <EnterpriseAlert inline/>
 - [`Partition`](#partition): string |  `default` | <EnterpriseAlert inline />
-- [`Meta`](#meta): map | no default 
+- [`Meta`](#meta): map 
+- [`JWT`](#jwt): map 
+  - [`Providers`](#jwt-providers): list of maps
+    - [`Name`](#jwt-providers-name): string
+    - [`VerifyClaims`](#jwt-provider-verifyclaims): list of maps
+      - [`Path`](#jwt-provider-verifyclaims-path): list of strings
+      - [`Value`](#jwt-provider-verifyclaims-value): string
 - [`Sources`](#sources): list | no default
   - [`Name`](#sources-name): string | no default
   - [`Peer`](#sources-peer): string | no default
@@ -32,28 +38,28 @@ The following outline shows how to format the service intentions configuration e
   - [`Permissions`](#sources-permissions): list | no default
     - [`Action`](#sources-permissions-action): string | no default  | required
     - [`HTTP`](#sources-permissions-http): map | required
-      - [`PathExact`](#sources-permissions-http): string | no default 
-      - [`PathPrefix`](#sources-permissions-http): string | no default 
-      - [`PathRegex`](#sources-permissions-http): string | no default 
-      - [`Methods`](#sources-permissions-http): list | no default 
-      - [`Header`](#sources-permissions-http-header): list of maps |no default 
+      - [`PathExact`](#sources-permissions-http): string
+      - [`PathPrefix`](#sources-permissions-http): string
+      - [`PathRegex`](#sources-permissions-http): string
+      - [`Methods`](#sources-permissions-http): list
+      - [`Header`](#sources-permissions-http-header): list of maps
         - [`Name`](#sources-permissions-http-header): string | required
-        - [`Present`](#sources-permissions-http-header): boolean | `false` 
-        - [`Exact`](#sources-permissions-http-header): string | no default
-        - [`Prefix`](#sources-permissions-http-header): string | no default
-        - [`Suffix`](#sources-permissions-http-header): string | no default
-        - [`Regex`](#sources-permissions-http-header): string | no default
-        - [`Invert`](#sources-permissions-http-header): boolean | `false` 
-  - [`Precedence`](#sources-precedence): number | no default | _read-only_   
-  - [`Type`](#sources-type): string | `consul` 
-  - [`Description`](#sources-description): string 
-  - [`LegacyID`](#sources-legacyid): string | no default | _read-only_ 
-  - [`LegacyMeta`](#sources-legacymeta): map | no default | _read-only_ 
-  - [`LegacyCreateTime`](#sources-legacycreatetime): string | no default | _read-only_
-  - [`LegacyUpdateTime`](#sources-legacyupdatetime): string | no default | _read-only_
+        - [`Present`](#sources-permissions-http-header): boolean | `false`
+        - [`Exact`](#sources-permissions-http-header): string
+        - [`Prefix`](#sources-permissions-http-header): string
+        - [`Suffix`](#sources-permissions-http-header): string
+        - [`Regex`](#sources-permissions-http-header): string
+        - [`Invert`](#sources-permissions-http-header): boolean | `false`
+  - [`Precedence`](#sources-precedence): number
+  - [`Type`](#sources-type): string | `consul`
+  - [`Description`](#sources-description): string
+  - [`LegacyID`](#sources-legacyid): string
+  - [`LegacyMeta`](#sources-legacymeta): map
+  - [`LegacyCreateTime`](#sources-legacycreatetime): string
+  - [`LegacyUpdateTime`](#sources-legacyupdatetime): string
 
 </Tab>
-<Tab heading="YAML" group="yaml">
+<Tab heading= "YAML" group="yaml">
 
 - [`apiVersion`](#apiversion): string | must be set to `consul.hashicorp.com/v1alpha1`
 - [`kind`](#kind): string | must be set to `ServiceIntentions` 
@@ -64,6 +70,12 @@ The following outline shows how to format the service intentions configuration e
   - [`destination`](#spec-destination): map | no default
     - [`name`](#spec-destination-name): string | required
     - [`namespace`](#metadata-namespace): string | `default` | <EnterpriseAlert inline/>
+  - [`jwt`](#spec-jwt): map 
+  - [`providers`](#spec-jwt-providers): list of maps
+    - [`name`](#spec-jwt-providers-name): string
+    - [`verifyClaims`](#spec-jwt-provider-verifyclaims): list of maps
+      - [`path`](#spec-jwt-provider-verifyclaims-path): list of strings
+      - [`value`](#spec-jwt-provider-verifyclaims-value): string
   - [`sources`](#spec-sources): list | no default
     - [`name`](#spec-sources-name): string | no default
     - [`peer`](#spec-sources-peer): string | no default
@@ -109,6 +121,19 @@ Meta = {
   "<key-1>" = "<value-1>"    
   "<key-2>" = "<value-2>"    
   } 
+JWT = {
+    Providers = [
+      {
+        Name = "<JWT-provider-name>"
+        VerifyClaims = [
+            {
+                Path = ["<claim>"]
+                Value = "<api.apps.organization.com>"
+            }
+        ]
+      }
+    ]
+}
 Sources = [
   {
     Name =  "<name of service sending traffic>"            # string
@@ -179,6 +204,12 @@ spec:
     destination: 
       name: <name of destination service>
       namespace: <destination namespace>
+  jwt:
+    providers:
+      name: <JWT-provider-name>
+      verifyClaims:
+                path: [<aud>]
+                value: <api.apps.organization.com>
   sources:
     name: <name of service sending traffic>
     peer: <name of cluster containing source service>
@@ -224,6 +255,19 @@ spec:
       "key-1":"<value-1>",
       "key-2":"<value-2>"
    },
+   "JWT": {
+    "Providers": [
+      {
+        "Name": "<JWT-provider-name>",
+        "VerifyClaims": [
+            {
+                "Path": ["<aud>"],
+                "Value": "<api.apps.organization.com>"
+            }
+        ]
+      }
+    ]
+   },
    "Sources":[
       {
          "Name":"<name of service sending traffic>",
@@ -346,6 +390,63 @@ Specifies key-value pairs to add to the KV store when the configuration entry is
   - keys: String
   - values: String, integer, or float
 
+### `JWT`
+
+Specifies a JSON Web Token provider configured in a [JWT provider configuration entry](/consul/docs/connect/config-entries/jwt-provider), as well as additional configurations for verifying a service's JWT before authorizing communication between services
+
+#### Values
+
+- Default: None
+- Data type: Map that contains [`JWT{}.Providers`](#jwt-providers)
+
+### `JWT{}.Providers`
+
+Specifies the names of one or more previously configured [JWT provider configuration entries](/consul/docs/connect/config-entries/jwt-provider), which include the information necessary to validate a JSON web token.
+
+#### Values
+
+- Default: None
+- Data type: List of maps
+
+### `JWT{}.Providers[].Name`
+
+Specifies the name of a JWT provider defined in the `Name` field of the [`jwt-provider` configuration entry](/consul/docs/connect/config-entries/jwt-provider). You must write the JWT Provider to Consul before referencing it in a service intention.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `JWT{}.Providers[].VerifyClaims`
+
+Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry. This map takes the form of a JSON web token claim and a value to match for verification.
+
+#### Values
+
+- Default: None
+- Data type: List of maps that can contain the following parameters:
+
+  - [`Path`](#jwt-providers-verifyclaims-path)
+  - [`Value`](#jwt-providers-verifyclaims-value)
+
+### `JWT{}.Providers[].VerifyClaims[].Path`
+
+Specifies the path to the claim in the JSON web token. For more information about JWT claims, refer to the [IETF standards documentation](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1).
+
+#### Values
+
+- Default: None
+- Data type: List of strings
+
+### `JWT{}.Providers[].VerifyClaims.Value`
+
+Specifies the value to match on when verifying the the claim designated in [`JWT{}.Providers[].VerifyClaims[].Path`](#jwt-providers-verifyclaims-path).
+
+#### Values
+
+- Default: None
+- Data type: String
+
 ### `Sources[]`
 
 List of configurations that define intention sources and the authorization granted to the sources. You can specify source configurations in any order, but Consul stores and evaluates them in order of reverse precedence at runtime. Refer to [`Precedence`](#sources-precedence) for additional information.
@@ -514,7 +615,6 @@ Each member of the `Header` list is a map that contains a `Name` field and at le
 | `Regex` | Specifies a regular expression pattern as the value for the header key set in the `Name` field. If the request header value matches the regex, Consul applies the permission. Do not specify `Regex` if `Present`, `Exact`, `Prefix`, or `Suffix` are configured in the same `Header` configuration. The regex syntax is proxy-specific. If using Envoy, refer to the [re2 documentation](https://github.com/google/re2/wiki/Syntax) for details. | string | optional |
 | `Invert` | Inverts the matching logic configured in the `Header`. Default is `false`. | boolean | optional |
 
-
 ### `Sources[].Precedence`
 
 The `Precedence` field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services. Refer to [Precedence and matching order](/consul/docs/connect/intentions/create-manage-intentions#precedence-and-matching-order) for additional information. 
@@ -608,23 +708,24 @@ Specifies the [namespace](/consul/docs/enterprise/namespaces) that the configura
 - Data type: String
 
 ### `spec`
+
 Map that contains the details about the `ServiceIntentions` configuration entry. The `apiVersion`, `kind`, and `metadata` fields are siblings of the spec field. All other configurations are children.
 
 #### Values
 
 - Default: None
 - This field is required.
-- Data type: Map 
+- Data type: Map
 
 ### `spec.destination`
 
-Map that identifies the destination name and destination namespace that source services are allowed or denied access to. 
+Map that identifies the destination name and destination namespace that source services are allowed or denied access to.
 
 #### Values
 
 - Default: None
 - This field is required.
-- Data type: Map 
+- Data type: Map
 
 ### `spec.destination.name`
 
@@ -637,17 +738,63 @@ You can also specify a wildcard character (`*`) to match all services that are m
 - This field is required.
 - Data type: String 
 
-### `spec.metadata.namespace` <EnterpriseAlert inline /> 
+### `spec.jwt`
+
+Specifies a JSON Web Token provider configured in a [JWT provider configuration entry](/consul/docs/connect/config-entries/jwt-provider), as well as additional configurations for verifying a service's JWT before authorizing communication between services
+
+#### Values
+
+- Default: None
+- Data type: Map that contains [`spec.jwt.providers`](#spec-jwt-providers)
+
+### `spec.jwt.providers`
+
+Specifies the names of one or more previously configured [JWT provider configuration entries](/consul/docs/connect/config-entries/jwt-provider), which include the information necessary to validate a JSON web token.
 
-Specifies the [namespace](/consul/docs/enterprise/namespaces) that the configuration entry applies to. You can also specify a wildcard character (`*`) to match all namespaces. Intentions that are applied with a wildcard, however, are not supported when defining L7 [`permissions`](#spec-sources-permissions). 
+#### Values
+
+- Default: None
+- Data type: List of maps
+
+### `spec.jwt.providers[].name`
 
-Refer to [Consul Enterprise](/consul/docs/k8s/crds#consul-enterprise) for information about how Consul namespaces map to Kubernetes Namespaces. Open source Consul distributions (Consul OSS) ignore the `metadata.namespace` configuration.
+Specifies the name of a JWT provider defined in the `metadata.name` field of the [JWT provider configuration entry](/consul/docs/connect/config-entries/jwt-provider). You must write the JWT Provider to Consul before referencing it in a service intention.
 
 #### Values
 
-- Default: If not set, destination service namespace is inherited from the `connectInject.consulNamespaces` configuration. Refer to [ServiceIntentions Special Case (Enterprise)](/consul/docs/k8s/crds#serviceintentions-special-case-enterprise) for details. 
+- Default: None
 - Data type: String
 
+### `spec.jwt.providers[].verifyClaims`
+
+Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry. This map takes the form of a JSON web token claim and a value to match for verification.
+
+#### Values
+
+- Default: None
+- Data type: List of maps that can contain the following parameters:
+
+  - [`path`](#spec-jwt-providers-verifyclaims-path)
+  - [`value`](#spec-jwt-providers-verifyclaims-value)
+
+### `spec.jwt.providers[].verifyClaims[].path`
+
+Specifies the path to the claim in the JSON web token. For more information about JWT claims, refer to the [IETF standards documentation](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1).
+
+#### Values
+
+- Default: None
+- Data type: List of strings
+
+### `spec.jwt.providers[].verifyClaims[].value`
+
+Specifies the value to match on when verifying the the claim designated in [`JWT{}.Providers[].VerifyClaims[].Path`](#jwt-providers-verifyclaims-path).
+
+#### Values
+
+- Default: None
+- Data type: String
+  
 ### `spec.sources[]`
 
 List of configurations that define intention sources and the authorization granted to the sources. You can specify source configurations in any order, but Consul stores and evaluates them in order of reverse precedence at runtime. 
@@ -1313,3 +1460,111 @@ When using cluster peering connections, intentions secure your deployments with
   ```
 
   </CodeTabs>
+
+### JWT validation with intentions
+
+The following example configures a service intention that evaluates requests when a service named `backend` receives a request from the `frontend` service. When the request is sent to the `/admin` HTTP path, a JSON Web Token provided by Okta is evaluated. In addition to the validation requirements in a separate JWT provider configuration entry, an additional check occurs to confirm that the token has either a `perms` or `role` claim with the `admin` value. If it does, the request is authorized.
+
+Because the intention allows requests that come from the `/` HTTP path, only requests on the `/admin` path are subject to token validation.
+
+<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
+
+```hcl
+Kind = "service-intentions"
+Name = "backend"
+Sources = [
+  {
+    Name = "frontend"
+    Permissions = [
+      {
+        HTTP = {
+          PathExact = "/admin"
+        }
+        JWT = {
+          Providers = [
+            {
+              Name = "okta"
+              VerifyClaims = [
+                {
+                  Path = ["perms", "role"]
+                  Value = "admin"
+                }
+              ]
+            }
+          ]
+        }
+      },
+      {
+        Action = "allow"
+        HTTP = {
+          PathPrefix = "/"
+        }
+      }
+    ]
+  }
+]
+```
+
+```yaml
+  apiVersion: consul.hashicorp.com/v1alpha1
+  kind: ServiceIntentions
+  metadata:
+    name: backend
+  spec:
+    sources:
+      name: frontend
+      permissions:
+        http:
+          pathExact: /admin
+        jwt:
+          providers:
+            name: okta
+            verifyClaims:
+              path: 
+                - perms
+                - role
+              value: admin
+      action: allow
+      http:
+        pathPrefix: /
+```
+
+```json
+{
+"Kind": "service-intentions",
+"Name": "backend",
+"Sources": [
+  {
+    "Name": "frontend",
+    "Permissions": [
+      {
+        "HTTP": {
+          "PathExact": "/admin"
+        },
+        "JWT": {
+          "Providers": [
+            {
+              "Name": "okta",
+              "VerifyClaims": [
+                {
+                  "Path": ["perms", "role"],
+                  "Value": "admin"
+                }
+              ]
+            }
+          ]
+        }
+      },
+      {
+        "Action": "allow",
+        "HTTP": {
+          "PathPrefix": "/"
+        }
+      }
+    ]
+  }
+]
+}
+```
+
+</CodeTabs>
\ No newline at end of file
diff --git a/website/content/docs/connect/intentions/jwt-authorization.mdx b/website/content/docs/connect/intentions/jwt-authorization.mdx
new file mode 100644
index 000000000000..a58bd3af3e19
--- /dev/null
+++ b/website/content/docs/connect/intentions/jwt-authorization.mdx
@@ -0,0 +1,101 @@
+---
+page_title: JWT authorization overview
+description: |-
+  Consul can use service mesh proxies to check and validate JSON Web Tokens (JWT) to enable additional identify-based access security for both human and machine users. Learn how to configure a JWT provider configuration entry and a service intentions configuration entry to authorize requests.
+---
+
+# Use JWT authorization with service intentions
+
+JSON Web Tokens (JWT) are a method for identity-based access to services for both humans and machines. The [JWT provider configuration entry](/consul/docs/connect/config-entries/jwt-provider) enables you to define JWTs as part of a JSON Web Key Set (JWKS), which contains the information necessary for Consul to validate access and configure behavior for requests that include JWTs.
+
+By specifying a JSON Web Key Set (JWKS) in the configuration entry and referencing the key set in a service intention, Consul can enforce service intentions based on the presence of a JWT. This security configuration is not related to the [JSON Web Token Auth Method](/consul/docs/security/acl/auth-methods/jwt), which associates JWTs with the Consul ACLs instead of service intentions.
+
+## Workflow
+
+The process to configure your network to enforce service intentions based on JSON web tokens consists of the following steps:
+
+1. **Create a JWT provider configuration entry**. This configuration entry defines rules and behaviors for verifying tokens. These configurations apply to admin partitions in Consul Enterprise, which is functionally equivalent to a datacenter in Consul OSS. Then, write the `jwt-provider` configuration entry to Consul. The ACL policy requirement to read and modify this configuration entry is `mesh:write`.
+
+1. **Create or update a service intentions configuration entry to reference the JWT provider**. This configuration invokes the name of the `jwt-provider` configuration entry you created, which causes the Envoy proxy to verify the token and the permissions it authorizes before the incoming request is accepted. Then, write the `service-intentions` configuration entry that references the JWT to Consul. The ACL policy requirement to read and modify this configuration entry is `mesh:write`.
+
+### Wildcards and intention defaults
+
+Because intentions without tokens are authorized when they arrive at the destination proxy, a [common pattern for the service-intentions configuration entry](/consul/docs/connect/config-entries/service-intentions#l4-intentions-for-all-destinations) sets the entry’s `Name` field as a wildcard, `*`. This pattern enables you to apply incoming requests from specific services to every service in the datacenter.
+
+When configuring your deployment to enforce service intentions with JSON Web Tokens, it is possible for multiple tokens with different permissions to apply to a single service’s incoming request based on attributes such as HTTP path or the request method. Because the `service-intentions` configuration entry applies the intention that most closely matches the request, using the `Name` wildcard with specific JWT authorization configurations can lead to unintended results.
+
+When you set the `JWT{}.Providers` field in a service intentions configuration entry to the wildcard `*`, you can configure default behavior for all services that present a token that matches an existing JWT provider configuration entry. In this configuration, services that have a valid token but do not have a more specific matching intention default to the behavior defined in the wildcard intention.
+
+## Usage
+
+To configure Envoy proxies in the service mesh to validate JWTs before forwarding requests to servers, complete the following steps:
+
+### Create a JWT provider configuration entry
+
+The `jwt-provider` configuration requires the following fields:
+
+- `Kind`: This field must be set to `"jwt-provider"`
+- `Name`: We recommend naming the configuration file after the JWT provider used in the configuration.
+- `Issuer`: This field must match the token's `iss` claim
+
+You must also specify a JSON Web Key Set in the `JSONWebKeySet` field. You can specify the JWKS as one of the following:
+
+- A local string
+- A path to a local file
+- A remote location specified with a URI
+
+A JWKS can be made available locally or remotely, but not both. In addition, a local JWKS must be specified as either a string or a path to the file containing the token.
+
+You can also specify where the JWT is located, a retry policy, and text to append to the header when forwarding the request after token validation.
+
+The following example configures Consul to fetch a JSON Web Token issued by Okta. Consul fetches the token from the URI and keeps it in its cache for 30 minutes before the token expires. After validation, the token is forwarded to the backend with `user-token` appended to the HTTP header.
+
+```hcl
+Kind = "jwt-provider"
+Name = "okta"
+
+Issuer = "okta"
+
+JSONWebKeySet = {
+    Remote = {
+        URI = "https://<org>.okta.com/oauth2/default/v1/keys"
+        CacheDuration = "30m"
+    }
+}
+
+Forwarding = {
+    HeaderName = "user-token"
+}
+```
+
+Refer to [JWT provider configuration entry](/consul/docs/connect/config-entries/jwt-provider) for more information about the fields you can configure.
+
+To write the configuration entry to Consul, use the [`consul config write` command](/consul/commands/config/write):
+
+```shell-session
+$ consul config write okta-provider.hcl
+```
+
+### Update service intentions
+
+After you create the JWT provider entry, you can update your service intentions so that proxies validate the token before authorizing a request. The following example includes the minimum required configuration to enable JWT authorization with service intentions:
+
+```hcl
+Kind = "service-intentions"
+Name = "web"
+JWT = {
+  Providers = [
+    {
+      Name = "okta"
+    }
+  ]
+}
+```
+
+You can include additional configuration information to require the token to match specific claims. You can also configure the `JWT` field to apply only to requests that come from certain HTTP paths. Refer to [JWT validations with intentions](/consul/docs/conntect/config-entries/service-intentions#jwt-validations-with-intentions) for an example configuration.
+
+After you update the service intention, write the configuration to Consul so that it takes effect:
+
+```shell-session
+$ consul config write web-intention.hcl
+```
\ No newline at end of file
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 3a45890eb3b4..76c876cd4976 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -420,6 +420,10 @@
             "title": "Ingress gateway",
             "path": "connect/config-entries/ingress-gateway"
           },
+          {
+            "title": "JWT Provider",
+            "path": "connect/config-entries/jwt-provider"
+          },
           {
             "title": "Mesh",
             "path": "connect/config-entries/mesh"
@@ -566,6 +570,10 @@
             "title": "Create and manage service intentions",
             "path": "connect/intentions/create-manage-intentions"
           },
+          {
+            "title": "JWT authorization for intentions",
+            "path": "connect/intentions/jwt-authorization"
+          },
           {
             "title": "Service intentions legacy mode",
             "path": "connect/intentions/legacy"

From 37a13dcf822b03cbf761df615181bc198f5885c4 Mon Sep 17 00:00:00 2001
From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Date: Mon, 12 Jun 2023 15:46:25 -0700
Subject: [PATCH 026/359] docs: minor fixes to JWT auth docs (#17680)

* Fixes

* service intentions fixes
---
 .../connect/config-entries/jwt-provider.mdx   | 162 +++++++++---------
 .../config-entries/service-intentions.mdx     | 102 +++++------
 2 files changed, 132 insertions(+), 132 deletions(-)

diff --git a/website/content/docs/connect/config-entries/jwt-provider.mdx b/website/content/docs/connect/config-entries/jwt-provider.mdx
index 3ad00483c6c2..5fc75da4d300 100644
--- a/website/content/docs/connect/config-entries/jwt-provider.mdx
+++ b/website/content/docs/connect/config-entries/jwt-provider.mdx
@@ -108,53 +108,53 @@ Kind = "jwt-provider"                                # required
 Name = "<name-of-provider-configuration-entry>"      # required
 Issuer = "<jwt-issuer>"                              # required
 JSONWebKeySet = {                                    # required
-    Local = {                                        # cannot specify with JWKS{}.Remote
-        JWKS = "<JWKS-formatted-as-string>"          # cannot specify with JWKS{}.Local{}.Filename
-        Filename = "<path/to/JWKS/file>"             # cannot specify with JWKS{}.Local{}.String
-    }
+  Local = {                                          # cannot specify with JWKS{}.Remote
+    JWKS = "<JWKS-as-base64-string>"                 # cannot specify with JWKS{}.Local{}.Filename
+    Filename = "<path/to/JWKS/file>"                 # cannot specify with JWKS{}.Local{}.String
+  }
 }
 JSONWebKeySet = {
-        Remote = {                                   # cannot specify with JWKS{}.Local
-          URI = "<uniform-resource-identifier>"
-          RequestTimeoutMs = 1500
-          CacheDuration = "5m"
-          FetchAsynchronously = false
-          RetryPolicy = {
-            NumRetries = 0
-            RetryPolicyBackoff = {
-              BaseInterval = "1s"
-              MaxInterval = "10s"
-            }
-          }
-        }
+  Remote = {                                         # cannot specify with JWKS{}.Local
+    URI = "<uniform-resource-identifier>"
+    RequestTimeoutMs = 1500
+    CacheDuration = "5m"
+    FetchAsynchronously = false
+    RetryPolicy = {
+      NumRetries = 0
+      RetryPolicyBackoff = {
+        BaseInterval = "1s"
+        MaxInterval = "10s"
       }
+    }
+  }
+}
 Audiences = ["<aud-claims>"]
 Locations = [
-    {
-        Header = {
-            Name = "<name-of-header-with-token>"
-            ValuePrefix = "<prefix-in-header-before-token>"
-            Forward = false
-        }
-    },
-    {
-        QueryParam = {
-            Name = "<name-of-query-parameter-with-token>"
-        }
-    },
-    {
-        Cookie = {
-            Name = "<name-of-cookie-with-token>"
-        }
+  {
+    Header = {
+      Name = "<name-of-header-with-token>"
+      ValuePrefix = "<prefix-in-header-before-token>"
+      Forward = false
+    }
+  },
+  {
+    QueryParam = {
+      Name = "<name-of-query-parameter-with-token>"
+    }
+  },
+  {
+    Cookie = {
+      Name = "<name-of-cookie-with-token>"
     }
+  }
 ]
 Forwarding = {
-    HeaderName = "<name-appended-to-forwarding-header>"
-    PadForwardPayloadHeader = false
+  HeaderName = "<name-appended-to-forwarding-header>"
+  PadForwardPayloadHeader = false
 }
 ClockSkewSeconds = 30
 CacheConfig = {
-    Size = 0
+  Size = 0
 }
 ```
 
@@ -164,58 +164,58 @@ CacheConfig = {
 
 ```json
 {
-"Kind": "jwt-provider",                               // required
-"Name": "<name-of-provider-configuration-entry>",     // required
-"Issuer": "<jwt-issuer>",                             // required
-"JSONWebKeySet": {                                    // required
-    "Local": {                                        // cannot specify with JWKS.Remote
-        "JWKS": "<JWKS-formatted-as-string>",         // cannot specify with JWKS.Local.Filename
-        "Filename": "<path/to/JWKS/file>"             // cannot specify with JWKS.Local.String
+  "Kind": "jwt-provider",                               // required
+  "Name": "<name-of-provider-configuration-entry>",     // required
+  "Issuer": "<jwt-issuer>",                             // required
+  "JSONWebKeySet": {                                    // required
+    "Local": {                                          // cannot specify with JWKS.Remote
+      "JWKS": "<JWKS-as-base64-string>",                // cannot specify with JWKS.Local.Filename
+      "Filename": "<path/to/JWKS/file>"                 // cannot specify with JWKS.Local.String
     }
-},
-"JSONWebKeySet": {
-        "Remote": {                                   // cannot specify with JWKS.Local
-          "URI": "<uniform-resource-identifier>",
-          "RequestTimeoutMs": "1500",
-          "CacheDuration": "5m",
-          "FetchAsynchronously": "false",
-          "RetryPolicy": {
-            "NumRetries": "0",
-            "RetryPolicyBackOff": {
-              "BaseInterval": "1s",
-              "MaxInterval": "10s"
-            }
-          }
+  },
+  "JSONWebKeySet": {
+    "Remote": {                                         // cannot specify with JWKS.Local
+      "URI": "<uniform-resource-identifier>",
+      "RequestTimeoutMs": "1500",
+      "CacheDuration": "5m",
+      "FetchAsynchronously": "false",
+      "RetryPolicy": {
+        "NumRetries": "0",
+        "RetryPolicyBackOff": {
+          "BaseInterval": "1s",
+          "MaxInterval": "10s"
         }
-},
-"Audiences": ["<aud-claims>"],
-"Locations": [
+      }
+    }
+  },
+  "Audiences": ["<aud-claims>"],
+  "Locations": [
     {
-        "Header": {
-            "Name": "<name-of-header-with-token>",
-            "ValuePrefix": "<prefix-in-header-before-token>",
-            "Forward": "false"
-        }
+      "Header": {
+        "Name": "<name-of-header-with-token>",
+        "ValuePrefix": "<prefix-in-header-before-token>",
+        "Forward": "false"
+      }
     },
     {
-        "QueryParam": {
-            "Name":"<name-of-query-parameter-with-token>",
-        }
+      "QueryParam": {
+        "Name":"<name-of-query-parameter-with-token>",
+      }
     },
     {
-        "Cookie": {
-            "Name": "<name-of-cookie-with-token>"
-        }
+      "Cookie": {
+        "Name": "<name-of-cookie-with-token>"
+      }
     }
-],
-"Forwarding": {
-    "HeaderName": "<name-appended-to-forwarding-header>",
-    "PadForwardPayloadHeader": "false"
-},
-"ClockSkewSeconds": "30",
-"CacheConfig": {
+  ],
+  "Forwarding": {
+      "HeaderName": "<name-appended-to-forwarding-header>",
+      "PadForwardPayloadHeader": "false"
+  },
+  "ClockSkewSeconds": "30",
+  "CacheConfig": {
     "Size": "0"
-}
+  }
 }
 ```
 
@@ -233,7 +233,7 @@ spec:                                             # required
   issuer: <jwt-issuer>
   jsonWebKeySet:
     local:                                        # cannot specify with spec.jsonWebKeySet.remote
-     jwks: <jwks-formatted-as-string>             # cannot specify with spec.jsonWebKeySet.local.filename
+     jwks: <jwks-as-base64-string>                # cannot specify with spec.jsonWebKeySet.local.filename
      filename: <path/to/jwks/file>                # cannot specify with spec.jsonWebKeySet.local.string
   jsonWebKeySet:
     remote:                                       # cannot specify with spec.jsonWebKeySet.local
@@ -1014,7 +1014,7 @@ metadata:
   name: okta
 spec:
   issuer: okta
-  jsonwebkeyset:
+  jsonWebKeySet:
     remote:
       uri: https://<org>.okta.com/oauth2/default/v1/keys
       cacheDuration: 30m
diff --git a/website/content/docs/connect/config-entries/service-intentions.mdx b/website/content/docs/connect/config-entries/service-intentions.mdx
index 180e3aaabd96..f8afda6e41da 100644
--- a/website/content/docs/connect/config-entries/service-intentions.mdx
+++ b/website/content/docs/connect/config-entries/service-intentions.mdx
@@ -1506,64 +1506,64 @@ Sources = [
 ```
 
 ```yaml
-  apiVersion: consul.hashicorp.com/v1alpha1
-  kind: ServiceIntentions
-  metadata:
-    name: backend
-  spec:
-    sources:
-      name: frontend
-      permissions:
-        http:
-          pathExact: /admin
-        jwt:
-          providers:
-            name: okta
-            verifyClaims:
-              path: 
-                - perms
-                - role
-              value: admin
-      action: allow
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceIntentions
+metadata:
+  name: backend
+spec:
+  sources:
+    name: frontend
+    permissions:
       http:
-        pathPrefix: /
+        pathExact: /admin
+      jwt:
+        providers:
+          name: okta
+          verifyClaims:
+            path: 
+              - perms
+              - role
+            value: admin
+    action: allow
+    http:
+      pathPrefix: /
 ```
 
 ```json
 {
-"Kind": "service-intentions",
-"Name": "backend",
-"Sources": [
-  {
-    "Name": "frontend",
-    "Permissions": [
-      {
-        "HTTP": {
-          "PathExact": "/admin"
+  "Kind": "service-intentions",
+  "Name": "backend",
+  "Sources": [
+    {
+      "Name": "frontend",
+      "Permissions": [
+        {
+          "HTTP": {
+            "PathExact": "/admin"
+          },
+          "JWT": {
+            "Providers": [
+              {
+                "Name": "okta",
+                "VerifyClaims": [
+                  {
+                    "Path": ["perms", "role"],
+                    "Value": "admin"
+                  }
+                ]
+              }
+            ]
+          }
         },
-        "JWT": {
-          "Providers": [
-            {
-              "Name": "okta",
-              "VerifyClaims": [
-                {
-                  "Path": ["perms", "role"],
-                  "Value": "admin"
-                }
-              ]
-            }
-          ]
-        }
-      },
-      {
-        "Action": "allow",
-        "HTTP": {
-          "PathPrefix": "/"
+        {
+          "Action": "allow",
+          "HTTP": {
+            "PathPrefix": "/"
+          }
         }
-      }
-    ]
-  }
-]
+      ]
+    }
+  ]
 }
 ```
 

From 28d81ec79f1a9f46ca477925ec192ecf14969691 Mon Sep 17 00:00:00 2001
From: Joshua Timmons <josh.timmons@hashicorp.com>
Date: Mon, 12 Jun 2023 18:50:59 -0400
Subject: [PATCH 027/359] Fix two WAL metrics in docs/agent/telemetry.mdx
 (#17593)

---
 .changelog/17593.txt                     | 3 +++
 website/content/docs/agent/telemetry.mdx | 6 ++----
 2 files changed, 5 insertions(+), 4 deletions(-)
 create mode 100644 .changelog/17593.txt

diff --git a/.changelog/17593.txt b/.changelog/17593.txt
new file mode 100644
index 000000000000..1f84e75f5742
--- /dev/null
+++ b/.changelog/17593.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+docs: fix list of telemetry metrics
+```
diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx
index 59e78e27e073..326f5b42dbf5 100644
--- a/website/content/docs/agent/telemetry.mdx
+++ b/website/content/docs/agent/telemetry.mdx
@@ -480,10 +480,8 @@ These metrics are used to monitor the health of the Consul servers.
 | `consul.raft.leader.dispatchNumLogs`                | Measures the number of logs committed to disk in a batch.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | logs                              | gauge   |
 | `consul.raft.logstore.verifier.checkpoints_written`     | Counts the number of checkpoint entries written to the LogStore. | checkpoints | counter |
 | `consul.raft.logstore.verifier.dropped_reports`         | Counts how many times the verifier routine was still busy when the next checksum came in and so verification for a range was skipped. If you see this happen, consider increasing the interval between checkpoints with [`raft_logstore.verification.interval`](/consul/docs/agent/config/config-files#raft_logstore_verification) | reports dropped | counter |
-| `consul.raft.logstore.verifier.ranges_verified`         | Counts the number of log ranges for which a verification report has been completed. Refer to [Monitor Raft metrics and logs for WAL
-](/consul/docs/agent/wal-logstore/monitoring) for more information. | log ranges verifications | counter |
-| `consul.raft.logstore.verifier.read_checksum_failures`  | Counts the number of times a range of logs between two check points contained at least one disk corruption. Refer to [Monitor Raft metrics and logs for WAL
-](/consul/docs/agent/wal-logstore/monitoring) for more information. | disk corruptions | counter |
+| `consul.raft.logstore.verifier.ranges_verified`         | Counts the number of log ranges for which a verification report has been completed. Refer to [Monitor Raft metrics and logs for WAL](/consul/docs/agent/wal-logstore/monitoring) for more information. | log ranges verifications | counter |
+| `consul.raft.logstore.verifier.read_checksum_failures`  | Counts the number of times a range of logs between two check points contained at least one disk corruption. Refer to [Monitor Raft metrics and logs for WAL](/consul/docs/agent/wal-logstore/monitoring) for more information. | disk corruptions | counter |
 | `consul.raft.logstore.verifier.write_checksum_failures` | Counts the number of times a follower has a different checksum to the leader at the point where it writes to the log. This could be caused by either a disk-corruption on the leader (unlikely) or some other corruption of the log entries in-flight. | in-flight corruptions | counter |
 | `consul.raft.leader.lastContact`                    | Measures the time since the leader was last able to contact the follower nodes when checking its leader lease. It can be used as a measure for how stable the Raft timing is and how close the leader is to timing out its lease.The lease timeout is 500 ms times the [`raft_multiplier` configuration](/consul/docs/agent/config/config-files#raft_multiplier), so this telemetry value should not be getting close to that configured value, otherwise the Raft timing is marginal and might need to be tuned, or more powerful servers might be needed. See the [Server Performance](/consul/docs/install/performance) guide for more details.                                                                                                               | ms                                | timer   |
 | `consul.raft.leader.oldestLogAge`                   | The number of milliseconds since the _oldest_ log in the leader's log store was written. This can be important for replication health where write rate is high and the snapshot is large as followers may be unable to recover from a restart if restoring takes longer than the minimum value for the current leader. Compare this with `consul.raft.fsm.lastRestoreDuration` and `consul.raft.rpc.installSnapshot` to monitor. In normal usage this gauge value will grow linearly over time until a snapshot completes on the leader and the log is truncated. Note: this metric won't be emitted until the leader writes a snapshot. After an upgrade to Consul 1.10.0 it won't be emitted until the oldest log was written after the upgrade. | ms                                | gauge   |

From 0ddafcf924799c0b00071337c117ee130781e3c7 Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Mon, 12 Jun 2023 17:30:17 -0700
Subject: [PATCH 028/359] updated failover for k8s w-tproxy page title (#17683)

---
 website/content/docs/k8s/l7-traffic/failover-tproxy.mdx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx b/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx
index 6c76b6bd87ec..81bdc5e8672d 100644
--- a/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx
+++ b/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx
@@ -1,10 +1,10 @@
 --- 
 layout: docs
-page_title: Configure failover service instances
+page_title: Configure failover services on Kubernetes
 description: Learn how to define failover services in Consul on Kubernetes when proxies are in transparent proxy mode. Consul can send traffic to backup service instances if a destination service becomes unhealthy or unresponsive. 
 --- 
 
-# Configure failover service instances
+# Configure failover services on Kubernetes
 
 This topic describes how to configure failover service instances in Consul on Kubernetes when proxies are in transparent proxy mode. If a service becomes unhealthy or unresponsive, Consul can use the service resolver configuration entry to send inbound requests to backup services. Service resolvers are part of the service mesh proxy upstream discovery chain. Refer to [Service mesh traffic management](/consul/docs/connect/l7-traffic) for additional information.
 

From 3a8fc610f2c62bb93a6dfc33840b51e49e204d8b Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Mon, 12 Jun 2023 18:53:40 -0700
Subject: [PATCH 029/359] Add release notes 1.16 rc (#17665)

* Merge pull request #5773 from hashicorp/docs/rate-limiting-from-ip-addresses-1.16

updated docs for rate limiting for IP addresses - 1.16

* Merge pull request #5609 from hashicorp/docs/enterprise-utilization-reporting

Add docs for enterprise utilization reporting

* Merge pull request #5734 from hashicorp/docs/envoy-ext-1.16

Docs/envoy ext 1.16

* Add release notes for 1.16-rc

* Add consul-e license utlization reporting

* Update with rc absolute links

* Update with rc absolute links

* fix typo

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update to use callout component

* address typo

* docs: FIPS 140-2 Compliance (#17668)

* Page + nav + formatting

* link fix

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* link fix

* Apply suggestions from code review

Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>

* fix apigw install values file

* fix typos in release notes

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>
---
 website/content/docs/agent/limits/index.mdx   |   2 +-
 website/content/docs/api-gateway/install.mdx  |  15 +-
 website/content/docs/enterprise/fips.mdx      | 128 ++++++++++++++++++
 .../docs/release-notes/consul/v1_16_x.mdx     |  58 ++++++++
 website/data/docs-nav-data.json               |   8 ++
 5 files changed, 202 insertions(+), 9 deletions(-)
 create mode 100644 website/content/docs/enterprise/fips.mdx
 create mode 100644 website/content/docs/release-notes/consul/v1_16_x.mdx

diff --git a/website/content/docs/agent/limits/index.mdx b/website/content/docs/agent/limits/index.mdx
index 0d12f1127a9e..ada5018bfff6 100644
--- a/website/content/docs/agent/limits/index.mdx
+++ b/website/content/docs/agent/limits/index.mdx
@@ -49,4 +49,4 @@ You can define request rate limits in the agent configuration and in the control
 
 ## Kubernetes
 
-To define global rate limits, configure the `request_limits` settings in the Consul Helm chart. Refer to the [Helm chart reference](/consul/docs/k8s/helm) for additional information. Refer to the [control plane request limit configuration entry reference](/consul/docs/connect/config-entries/control-plane-request-limit) for information about applying a CRD for limiting traffic rates from source IPs. 
\ No newline at end of file
+To define global rate limits, configure the `request_limits` settings in the Consul Helm chart. Refer to the [Helm chart reference](/consul/docs/k8s/helm) for additional information. Refer to the [control plane request limit configuration entry reference](/consul/docs/connect/config-entries/control-plane-request-limit) for information about applying a CRD for limiting traffic rates from source IPs. 
diff --git a/website/content/docs/api-gateway/install.mdx b/website/content/docs/api-gateway/install.mdx
index 6285c9525a22..dff25ee3350d 100644
--- a/website/content/docs/api-gateway/install.mdx
+++ b/website/content/docs/api-gateway/install.mdx
@@ -13,14 +13,13 @@ The Consul API gateway ships with Consul and is automatically installed when you
 
     <CodeBlockConfig filename="values.yaml">
 
-      ```shell
-        cat <<EOF > values.yaml
-          global:
-            name: consul
-          connectInject:
-            enabled: true
-        EOF
-      ```
+    ```yaml
+    global:
+      name: consul
+    connectInject:
+      enabled: true
+    ```
+
     </CodeBlockConfig>
 
   The Consul Helm chart deploys the API gateway using the configuration specified in the `values.yaml` file. Refer to [Helm Chart Configuration - `connectInject.apiGateway`](/consul/docs/k8s/helm#apigateway) for information about the Helm chart configuration options.
diff --git a/website/content/docs/enterprise/fips.mdx b/website/content/docs/enterprise/fips.mdx
new file mode 100644
index 000000000000..bde0a154b15a
--- /dev/null
+++ b/website/content/docs/enterprise/fips.mdx
@@ -0,0 +1,128 @@
+---
+layout: docs
+page_title: FIPS 140-2
+description: >-
+  A version of Consul compliant with FIPS 140-2 is available to Enterprise users. Learn about where to find FIPS-compliant versions of Consul, as well as usage restrictions and technical details.
+---
+
+# FIPS 140-2
+
+<EnterpriseAlert>
+
+This feature requires requires Consul Enterprise.
+
+</EnterpriseAlert>
+
+Builds of Consul Enterprise marked with a `fips1402` feature name include built-in support for FIPS 140-2 compliance.
+
+To use this feature, you must have an [active or trial license for Consul Enterprise](/consul/docs/enterprise/license/overview). To start a trial, contact HashiCorp sales.
+
+## Using FIPS 140-2 Consul Enterprise
+
+FIPS 140-2 builds of Consul Enterprise behave in the same way as non-FIPS builds. There are no restrictions on Consul algorithms and ensuring that Consul remains in a FIPS-compliant mode of operation is your responsibility. To maintain FIPS-compliant operation, you must [ensure that TLS is enabled](/consul/tutorials/security/tls-encryption-secure) so that communication is encrypted. Consul products surface some helpful warnings where settings are insecure.
+
+Encryption is disabled in Consul Enterprise by default. As a result, Consul may transmit sensitive control plane information. You must ensure that gossip encryption and mTLS is enabled for all agents when running Consul with FIPS-compliant settings. In addition, be aware that TLSv1.3 does not work with FIPS 140-2, as HKDF is not a certified primitive.
+HashiCorp is not a NIST-certified testing laboratory and can only provide general guidance about using Consul Enterprise in a FIPS-compliant manner. We recommend consulting an approved auditor for further information.
+
+The FIPS 140-2 variant of Consul uses separate binaries that are available available from the following sources:
+
+- From the [HashiCorp Releases page](https://releases.hashicorp.com/consul), releases ending with the `+ent.fips1402` suffix.
+- From the [Docker Hub `hashicorp/consul-enterprise-fips`](https://hub.docker.com/r/hashicorp/consul-enterprise-fips) container repository.
+- From the [AWS ECR `hashicorp/consul-enterprise-fips`](https://gallery.ecr.aws/hashicorp/consul-enterprise-fips) container repository.
+- From the [Red Hat Access `hashicorp/consul-enterprise-fips`](https://catalog.redhat.com/software/containers/hashicorp/consul-enterprise-fips/628d50e37ff70c66a88517ea) container repository.
+
+The above naming conventions, which append `.fips1402` to binary names and tags, and `-fips` to registry names, also apply to `consul-k8s`, `consul-k8s-control-plane`, `consul-dataplane`, and `consul-ecs`, which are packaged separately from Consul Enterprise.
+
+### Usage restrictions
+
+When using Consul Enterprise with FIPS 140-2, be aware of the following operation restrictions:
+
+#### Migration restrictions
+
+We do not support in-place migrations from non-FIPS builds of Consul to FIPS builds of Consul, regardless of version. A fresh cluster installation is required to support FIPS 140-2. You cannot upgrade directly to a FIPS-compliant build.
+
+#### TLS restrictions
+Consul Enterprise's FIPS modifications include restrictions to supported TLS cipher suites and key information. Only the following cipher suites are allowed:
+
+- `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
+- `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
+- `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
+- `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`
+- `TLS_RSA_WITH_AES_128_GCM_SHA256`
+- `TLS_RSA_WITH_AES_256_GCM_SHA384`
+
+In addition, only the following key types are allowed in TLS chains of trust:
+
+- RSA 2048, 3072, and 4096-bit
+- ECDSA P-256, P-384, and P-521
+
+Finally, only TLSv1.2 is supported in FIPS mode. These settings are in line with recent NIST guidance and FIPS requirements.
+
+#### Heterogeneous cluster deployments
+
+We do not support mixed deployment scenarios within the same Consul cluster. An example of an unsupported deployment scenario is one that mixes FIPS and non-FIPS Consul binaries. Nodes across the entire cluster must use a single binary or deployment type.
+
+Running a heterogeneous cluster is not permitted by FIPS, as components of the system are not compliant with FIPS. Attempts to join non-FIPS and FIPS nodes or servers may fail.
+
+### Envoy
+
+To enable users to deploy a FIPS compliant service mesh with Consul, HashiCorp provides FIPS compliant versions of Envoy available for download. Contact Hashicorp sales for more information.
+
+## Deployment prerequisites
+
+Depending on your Consul runtime, there are additional requirements for using FIPS 140-2.
+
+### VMs
+
+If using Consul on VMs, you must use a FIPS compliant version of Envoy. Contact HashiCorp sales to learn how to obtain a FIPS compliant version of Envoy.
+
+### Consul-k8s and Helm
+
+When deploying the FIPS builds of Consul on Kubernetes using `consul-k8s` or Helm, you must ensure that the Helm chart is updated to use FIPS builds of Consul Enterprise, Consul Dataplane, and Envoy images.
+
+## Technical details
+
+Consul's FIPS 140-2 Linux products use the BoringCrypto integration in the official Go 1.20+ toolchain, which include a FIPS-validated crypto module.
+
+Consul's FIPS 140-2 products on Windows use the CNGCrypto integration in Microsoft's Go toolchain, which include a FIPS-validated crypto module.
+
+To ensure your build of Consul Enterprise includes FIPS support, confirm that a line with `FIPS: Enabled` appears when you run a `version` command. For example, the following message appears for Linux users
+
+```shell-session
+FIPS: FIPS 140-2 Enabled, crypto module boringcrypto
+```
+
+The following message appears for Windows users:
+
+```shell-session
+FIPS: FIPS 140-2 Enabled, crypto module cngcrypto
+```
+
+FIPS 140-2 Linux binaries depend on cgo, which require that a GNU C Library (glibc) Linux distribution be used to run Consul. Refer to [instructions for Windows FIPS mode](https://github.com/microsoft/go/blob/microsoft/main/eng/doc/fips/README.md#windows-fips-mode-cng) for more information on running CNGCrypto-enabled Go binaries in FIPS mode.
+
+The NIST Cryptographic Module Validation Program certifications and accompanying security policies for BoringCrypto and CNG are available through the following external links:
+
+- [BoringCrypto](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4407)
+- [CNG](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4515)
+
+### Validating FIPS crypto modules
+
+To validate that a FIPS 140-2 Linux binary correctly includes BoringCrypto, run `go tool nm` on the binary to get a symbol dump.  On FIPS-enabled builds, many results appear, as in the following example:
+
+```shell-session
+$ go tool nm consul | grep -i goboringcrypto
+ 4014d0 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_cbc_encrypt
+ 4014f0 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_ctr128_encrypt
+ 401520 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_decrypt
+ 401540 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_encrypt
+ 401560 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_set_decrypt_key
+```
+
+Similarly, on a FIPS Windows binary, run `go tool nm` on the binary to get a symbol dump, and then search for `go-crypto-winnative`. 
+
+On both Linux and Windows non-FIPS builds, the search output yields no results.
+
+### Compliance Validation
+
+A Lab, authorized by the U.S. Government to certify FIPS 140-2 compliance, is in the process of verifying that Consul Enterprise and its related packages are compliant with the requirements of FIPS 140-2 Level 1.
+
diff --git a/website/content/docs/release-notes/consul/v1_16_x.mdx b/website/content/docs/release-notes/consul/v1_16_x.mdx
new file mode 100644
index 000000000000..c4b22828f28b
--- /dev/null
+++ b/website/content/docs/release-notes/consul/v1_16_x.mdx
@@ -0,0 +1,58 @@
+---
+layout: docs
+page_title: 1.16.x
+description: >-
+  Consul release notes for version 1.16.x
+---
+
+# Consul 1.16.0
+
+We are pleased to announce the following Consul updates. 
+
+## Release Highlights
+
+- **Sameness groups:** Sameness groups are a user-defined set of partitions that Consul uses to identify services in different administrative partitions with the same name as being the same services. You can use sameness groups to create a blanket failover policy for deployments with cluster peering connections. Refer to the [Sameness groups overview](/consul/docs/v1.16.x/connect/cluster-peering/usage/create-sameness-groups) for more information.
+
+   <Note> Sameness groups is currently a “Beta” feature in Consul v1.16.0 and is an Enterprise feature. </Note>
+
+- **Permissive mTLS:** You can enable the `permissive` mTLS mode to enable sidecar proxies to accept both mTLS and non-mTLS traffic. Using this mode enables you to onboard services without downtime and without reconfiguring or redeploying your application. Refer to the [Onboard services while in transparent proxy mode](/consul/docs/v1.16.x/k8s/connect/onboarding-tproxy-mode) for more information on how to use permissive mTLS to onboard services to Consul.
+
+- **Transparent proxy enhancements for failover and virtual services:** We have made several internal improvements, such as ensuring that virtual IPs are always available, to reduce the friction associated with operating Consul in transparent proxy mode. Onboarding services, configuring failover redirects, and other operations require less administrative effort and ensure a smoother experience. Refer to the following documentation for additional information: 
+
+    - [Onboard services while in transparent proxy mode](/consul/docs/v1.16.x/k8s/connect/onboarding-tproxy-mode)
+    - [Route traffic to virtual services](/consul/docs/v1.16.x/k8s/l7-traffic/route-to-virtual-services)
+    - [Configure failover services](/consul/docs/v1.16.x/k8s/l7-traffic/failover-tproxy).
+
+- **Granular server-side rate limits:** You can now set limits per source IP address. The following steps describe the general process for setting global read and write rate limits:
+
+    1. Set arbitrary limits to begin understanding the upper boundary of RPC and gRPC loads in your network. Refer to [Initialize rate limit settings](/consul/docs/v1.16.x/agent/limits/usage/init-rate-limits) for additional information.
+    1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/v1.16.x/agent/limits/usage/monitor-rate-limits)
+    1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/v1.16.x/agent/limits/usage/set-global-traffic-rate-limits) for additional information. For information about setting limits based on source IP, refer to [Limit traffic rates for a source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips).
+
+- **Consul Envoy Extensions:** Consul Envoy extension system enables you to modify Consul-generated Envoy resources. Refer to [Envoy extension overview](/consul/docs/v1.16.x/connect/proxies/envoy-extensions) for more information on how to use these extensions for Consul service mesh.
+
+    - **Property Override:** The property override Envoy extension lets you set, remove, or modify individual properties for the Envoy resources Consul generates. Refer to the [Configure Envoy proxy properties](/consul/docs/v1.16.x/connect/proxies/envoy-extensions/usage/property-override) for more information on how to use this extension. 
+
+    - **Wasm:** The Wasm Envoy extension lets you configure Wasm programs to be used as filters in the service's sidecar proxy. Refer to the [Run WebAssembly plug-ins in Envoy proxy](/consul/docs/v1.16.x/connect/proxies/envoy-extensions/usage/wasm) for more information on how to use this extension. 
+
+    - **External Authorization:** The external authorization Envoy extension lets you delegate data plane authorization requests to external systems. Refer to the [Delegate authorization to an external service](/consul/docs/v1.16.x/connect/proxies/envoy-extensions/usage/ext-authz) for more information on how to use this extension. 
+
+- **Simplified API Gateway installation for Consul on Kubernetes:** API Gateway is now built into Consul. This enables a simplified installation and configuration process for Consul on Kubernetes. Refer to the [API Gateway installation](/consul/docs/v1.16.x/api-gateway/install) for more information on the simplified native installation method. 
+
+- **FIPS compliance:** Consul Enterprise now offers FIPS 140-2 compliant builds that meet the security needs of federal agencies protecting sensitive, unclassified information with approved cryptographic measures. These builds use certified cryptographic modules and restrict configuration settings to comply with FIPS 140-2 Level 1 requirements, enabling compliant Consul deployments. Refer to the [Consul Enterprise FIPS](/consul/docs/v1.16.x/enterprise/fips) for more information on FIPS compliance.
+
+- **JWT Authorization with service intentions:** Consul can now authorize connections based on claims present in JSON Web Token (JWT). You can configure Consul to use one or more JWT providers, which lets you control access to services and specific HTTP paths based on the validity of JWT claims embedded in the service traffic. This ensures a uniform and low latency mechanism to validate and authorize communication based on JWT claims across all services in a diverse service-oriented architecture. Refer to the [Use JWT authorization with service intentions](/consul/docs/v1.16.x/connect/intentions/jwt-authorization) for more information.
+
+- **Automated license utilization reporting:** Consul Enteprise now provides automated license utilization reporting, which sends minimal product-license metering data to HashiCorp. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption. Refer to the [Automated license utilization reporting documentation](/consul/docs/v1.16.x/enterprise/license/utilization-reporting) for more information. 
+
+## Upgrading
+
+For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs.
+
+## Changelogs
+
+The changelogs for this major release version and any maintenance versions are listed below.
+
+<Note> These links take you to the changelogs on the GitHub website. </Note>
+
+- [1.16.0-rc1](https://github.com/hashicorp/consul/releases/tag/v1.16.0-rc1)
\ No newline at end of file
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 76c876cd4976..0ba3a63149e0 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -145,6 +145,10 @@
       {
         "title": "Consul",
         "routes": [
+          {
+            "title": "v1.16.x",
+            "path": "release-notes/consul/v1_16_x"
+          },
           {
             "title": "v1.15.x",
             "path": "release-notes/consul/v1_15_x"
@@ -1608,6 +1612,10 @@
         "title": "Enhanced Read Scalability",
         "path": "enterprise/read-scale"
       },
+      {
+        "title": "FIPS",
+        "path": "enterprise/fips"
+      },
       {
         "title": "Single sign-on - OIDC",
         "href": "/docs/security/acl/auth-methods/oidc"

From 421e9d8306484a772ae5d898ae5001b19e316e5a Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Mon, 12 Jun 2023 19:49:10 -0700
Subject: [PATCH 030/359] fix release notes links (#17687)

---
 .../docs/release-notes/consul/v1_16_x.mdx     | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/website/content/docs/release-notes/consul/v1_16_x.mdx b/website/content/docs/release-notes/consul/v1_16_x.mdx
index c4b22828f28b..96e0909f4122 100644
--- a/website/content/docs/release-notes/consul/v1_16_x.mdx
+++ b/website/content/docs/release-notes/consul/v1_16_x.mdx
@@ -11,39 +11,39 @@ We are pleased to announce the following Consul updates.
 
 ## Release Highlights
 
-- **Sameness groups:** Sameness groups are a user-defined set of partitions that Consul uses to identify services in different administrative partitions with the same name as being the same services. You can use sameness groups to create a blanket failover policy for deployments with cluster peering connections. Refer to the [Sameness groups overview](/consul/docs/v1.16.x/connect/cluster-peering/usage/create-sameness-groups) for more information.
+- **Sameness groups:** Sameness groups are a user-defined set of partitions that Consul uses to identify services in different administrative partitions with the same name as being the same services. You can use sameness groups to create a blanket failover policy for deployments with cluster peering connections. Refer to the [Sameness groups overview](/consul/docs/connect/cluster-peering/usage/create-sameness-groups) for more information.
 
-   <Note> Sameness groups is currently a “Beta” feature in Consul v1.16.0 and is an Enterprise feature. </Note>
+   <Note> Sameness groups is currently a "Beta" feature in Consul v1.16.0 and is an Enterprise feature. </Note>
 
-- **Permissive mTLS:** You can enable the `permissive` mTLS mode to enable sidecar proxies to accept both mTLS and non-mTLS traffic. Using this mode enables you to onboard services without downtime and without reconfiguring or redeploying your application. Refer to the [Onboard services while in transparent proxy mode](/consul/docs/v1.16.x/k8s/connect/onboarding-tproxy-mode) for more information on how to use permissive mTLS to onboard services to Consul.
+- **Permissive mTLS:** You can enable the `permissive` mTLS mode to enable sidecar proxies to accept both mTLS and non-mTLS traffic. Using this mode enables you to onboard services without downtime and without reconfiguring or redeploying your application. Refer to the [Onboard services while in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for more information on how to use permissive mTLS to onboard services to Consul.
 
 - **Transparent proxy enhancements for failover and virtual services:** We have made several internal improvements, such as ensuring that virtual IPs are always available, to reduce the friction associated with operating Consul in transparent proxy mode. Onboarding services, configuring failover redirects, and other operations require less administrative effort and ensure a smoother experience. Refer to the following documentation for additional information: 
 
-    - [Onboard services while in transparent proxy mode](/consul/docs/v1.16.x/k8s/connect/onboarding-tproxy-mode)
-    - [Route traffic to virtual services](/consul/docs/v1.16.x/k8s/l7-traffic/route-to-virtual-services)
-    - [Configure failover services](/consul/docs/v1.16.x/k8s/l7-traffic/failover-tproxy).
+    - [Onboard services while in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode)
+    - [Route traffic to virtual services](/consul/docs/k8s/l7-traffic/route-to-virtual-services)
+    - [Configure failover services](/consul/docs/k8s/l7-traffic/failover-tproxy).
 
 - **Granular server-side rate limits:** You can now set limits per source IP address. The following steps describe the general process for setting global read and write rate limits:
 
-    1. Set arbitrary limits to begin understanding the upper boundary of RPC and gRPC loads in your network. Refer to [Initialize rate limit settings](/consul/docs/v1.16.x/agent/limits/usage/init-rate-limits) for additional information.
-    1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/v1.16.x/agent/limits/usage/monitor-rate-limits)
-    1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/v1.16.x/agent/limits/usage/set-global-traffic-rate-limits) for additional information. For information about setting limits based on source IP, refer to [Limit traffic rates for a source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips).
+    1. Set arbitrary limits to begin understanding the upper boundary of RPC and gRPC loads in your network. Refer to [Initialize rate limit settings](/consul/docs/agent/limits/usage/init-rate-limits) for additional information.
+    1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits)
+    1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/agent/limits/usage/set-global-traffic-rate-limits) for additional information. For information about setting limits based on source IP, refer to [Limit traffic rates for a source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips).
 
-- **Consul Envoy Extensions:** Consul Envoy extension system enables you to modify Consul-generated Envoy resources. Refer to [Envoy extension overview](/consul/docs/v1.16.x/connect/proxies/envoy-extensions) for more information on how to use these extensions for Consul service mesh.
+- **Consul Envoy Extensions:** Consul Envoy extension system enables you to modify Consul-generated Envoy resources. Refer to [Envoy extension overview](/consul/docs/connect/proxies/envoy-extensions) for more information on how to use these extensions for Consul service mesh.
 
-    - **Property Override:** The property override Envoy extension lets you set, remove, or modify individual properties for the Envoy resources Consul generates. Refer to the [Configure Envoy proxy properties](/consul/docs/v1.16.x/connect/proxies/envoy-extensions/usage/property-override) for more information on how to use this extension. 
+    - **Property Override:** The property override Envoy extension lets you set, remove, or modify individual properties for the Envoy resources Consul generates. Refer to the [Configure Envoy proxy properties](/consul/docs/connect/proxies/envoy-extensions/usage/property-override) for more information on how to use this extension. 
 
-    - **Wasm:** The Wasm Envoy extension lets you configure Wasm programs to be used as filters in the service's sidecar proxy. Refer to the [Run WebAssembly plug-ins in Envoy proxy](/consul/docs/v1.16.x/connect/proxies/envoy-extensions/usage/wasm) for more information on how to use this extension. 
+    - **Wasm:** The Wasm Envoy extension lets you configure Wasm programs to be used as filters in the service's sidecar proxy. Refer to the [Run WebAssembly plug-ins in Envoy proxy](/consul/docs/connect/proxies/envoy-extensions/usage/wasm) for more information on how to use this extension. 
 
-    - **External Authorization:** The external authorization Envoy extension lets you delegate data plane authorization requests to external systems. Refer to the [Delegate authorization to an external service](/consul/docs/v1.16.x/connect/proxies/envoy-extensions/usage/ext-authz) for more information on how to use this extension. 
+    - **External Authorization:** The external authorization Envoy extension lets you delegate data plane authorization requests to external systems. Refer to the [Delegate authorization to an external service](/consul/docs/connect/proxies/envoy-extensions/usage/ext-authz) for more information on how to use this extension. 
 
-- **Simplified API Gateway installation for Consul on Kubernetes:** API Gateway is now built into Consul. This enables a simplified installation and configuration process for Consul on Kubernetes. Refer to the [API Gateway installation](/consul/docs/v1.16.x/api-gateway/install) for more information on the simplified native installation method. 
+- **Simplified API Gateway installation for Consul on Kubernetes:** API Gateway is now built into Consul. This enables a simplified installation and configuration process for Consul on Kubernetes. Refer to the [API Gateway installation](/consul/docs/api-gateway/install) for more information on the simplified native installation method. 
 
-- **FIPS compliance:** Consul Enterprise now offers FIPS 140-2 compliant builds that meet the security needs of federal agencies protecting sensitive, unclassified information with approved cryptographic measures. These builds use certified cryptographic modules and restrict configuration settings to comply with FIPS 140-2 Level 1 requirements, enabling compliant Consul deployments. Refer to the [Consul Enterprise FIPS](/consul/docs/v1.16.x/enterprise/fips) for more information on FIPS compliance.
+- **FIPS compliance:** Consul Enterprise now offers FIPS 140-2 compliant builds that meet the security needs of federal agencies protecting sensitive, unclassified information with approved cryptographic measures. These builds use certified cryptographic modules and restrict configuration settings to comply with FIPS 140-2 Level 1 requirements, enabling compliant Consul deployments. Refer to the [Consul Enterprise FIPS](/consul/docs/enterprise/fips) for more information on FIPS compliance.
 
-- **JWT Authorization with service intentions:** Consul can now authorize connections based on claims present in JSON Web Token (JWT). You can configure Consul to use one or more JWT providers, which lets you control access to services and specific HTTP paths based on the validity of JWT claims embedded in the service traffic. This ensures a uniform and low latency mechanism to validate and authorize communication based on JWT claims across all services in a diverse service-oriented architecture. Refer to the [Use JWT authorization with service intentions](/consul/docs/v1.16.x/connect/intentions/jwt-authorization) for more information.
+- **JWT Authorization with service intentions:** Consul can now authorize connections based on claims present in JSON Web Token (JWT). You can configure Consul to use one or more JWT providers, which lets you control access to services and specific HTTP paths based on the validity of JWT claims embedded in the service traffic. This ensures a uniform and low latency mechanism to validate and authorize communication based on JWT claims across all services in a diverse service-oriented architecture. Refer to the [Use JWT authorization with service intentions](/consul/docs/connect/intentions/jwt-authorization) for more information.
 
-- **Automated license utilization reporting:** Consul Enteprise now provides automated license utilization reporting, which sends minimal product-license metering data to HashiCorp. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption. Refer to the [Automated license utilization reporting documentation](/consul/docs/v1.16.x/enterprise/license/utilization-reporting) for more information. 
+- **Automated license utilization reporting:** Consul Enteprise now provides automated license utilization reporting, which sends minimal product-license metering data to HashiCorp. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption. Refer to the [Automated license utilization reporting documentation](/consul/docs/enterprise/license/utilization-reporting) for more information. 
 
 ## Upgrading
 

From 11764a45580278f3176fba114aa8bb61ed0b5c7a Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Mon, 12 Jun 2023 20:12:03 -0700
Subject: [PATCH 031/359] adding redirects for tproxy and envoy extensions
 (#17688)

* adding redirects

* Apply suggestions from code review
---
 website/redirects.js | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/website/redirects.js b/website/redirects.js
index fa80d3baba52..0468a19c60ca 100644
--- a/website/redirects.js
+++ b/website/redirects.js
@@ -37,4 +37,20 @@ module.exports = [
     destination: `/consul/docs/connect/intentions`,
     permanent: true,
   },
+  {
+    source: '/consul/docs/v1.16.x/connect/transparent-proxy',
+    destination: '/consul/docs/v1.16.x/k8s/connect/transparent-proxy',
+    permanent: true,
+  },
+  {
+    source: '/consul/docs/1.16.x/agent/limits/init-rate-limits',
+    destination: '/consul/docs/1.16.x/agent/limits/usage/init-rate-limits',
+    permanent: true,
+  },
+  {
+    source: '/consul/docs/1.16.x/agent/limits/set-global-traffic-rate-limits',
+    destination:
+      '/consul/docs/1.16.x/agent/limits/usage/set-global-traffic-rate-limits',
+    permanent: true,
+  },
 ]

From 4b843ae1b7f2e31074c21c32cf47647904cf38fb Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Mon, 12 Jun 2023 20:35:47 -0700
Subject: [PATCH 032/359] Fix FIPS copy (#17691)

* fix release notes links

* fix typos on fips docs
---
 website/content/docs/enterprise/fips.mdx | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/website/content/docs/enterprise/fips.mdx b/website/content/docs/enterprise/fips.mdx
index bde0a154b15a..6ad145886be2 100644
--- a/website/content/docs/enterprise/fips.mdx
+++ b/website/content/docs/enterprise/fips.mdx
@@ -8,9 +8,7 @@ description: >-
 # FIPS 140-2
 
 <EnterpriseAlert>
-
-This feature requires requires Consul Enterprise.
-
+  This feature requires Consul Enterprise.
 </EnterpriseAlert>
 
 Builds of Consul Enterprise marked with a `fips1402` feature name include built-in support for FIPS 140-2 compliance.
@@ -22,9 +20,10 @@ To use this feature, you must have an [active or trial license for Consul Enterp
 FIPS 140-2 builds of Consul Enterprise behave in the same way as non-FIPS builds. There are no restrictions on Consul algorithms and ensuring that Consul remains in a FIPS-compliant mode of operation is your responsibility. To maintain FIPS-compliant operation, you must [ensure that TLS is enabled](/consul/tutorials/security/tls-encryption-secure) so that communication is encrypted. Consul products surface some helpful warnings where settings are insecure.
 
 Encryption is disabled in Consul Enterprise by default. As a result, Consul may transmit sensitive control plane information. You must ensure that gossip encryption and mTLS is enabled for all agents when running Consul with FIPS-compliant settings. In addition, be aware that TLSv1.3 does not work with FIPS 140-2, as HKDF is not a certified primitive.
+
 HashiCorp is not a NIST-certified testing laboratory and can only provide general guidance about using Consul Enterprise in a FIPS-compliant manner. We recommend consulting an approved auditor for further information.
 
-The FIPS 140-2 variant of Consul uses separate binaries that are available available from the following sources:
+The FIPS 140-2 variant of Consul uses separate binaries that are available from the following sources:
 
 - From the [HashiCorp Releases page](https://releases.hashicorp.com/consul), releases ending with the `+ent.fips1402` suffix.
 - From the [Docker Hub `hashicorp/consul-enterprise-fips`](https://hub.docker.com/r/hashicorp/consul-enterprise-fips) container repository.
@@ -86,15 +85,15 @@ Consul's FIPS 140-2 Linux products use the BoringCrypto integration in the offic
 
 Consul's FIPS 140-2 products on Windows use the CNGCrypto integration in Microsoft's Go toolchain, which include a FIPS-validated crypto module.
 
-To ensure your build of Consul Enterprise includes FIPS support, confirm that a line with `FIPS: Enabled` appears when you run a `version` command. For example, the following message appears for Linux users
+To ensure your build of Consul Enterprise includes FIPS support, confirm that a line with `FIPS: Enabled` appears when you run a `version` command. For example, the following message appears for Linux users:
 
-```shell-session
+```shell-session hideClipboard
 FIPS: FIPS 140-2 Enabled, crypto module boringcrypto
 ```
 
 The following message appears for Windows users:
 
-```shell-session
+```shell-session hideClipboard
 FIPS: FIPS 140-2 Enabled, crypto module cngcrypto
 ```
 
@@ -111,11 +110,11 @@ To validate that a FIPS 140-2 Linux binary correctly includes BoringCrypto, run
 
 ```shell-session
 $ go tool nm consul | grep -i goboringcrypto
- 4014d0 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_cbc_encrypt
- 4014f0 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_ctr128_encrypt
- 401520 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_decrypt
- 401540 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_encrypt
- 401560 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_set_decrypt_key
+4014d0 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_cbc_encrypt
+4014f0 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_ctr128_encrypt
+401520 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_decrypt
+401540 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_encrypt
+401560 T _cgo_6880f0fbb71e_Cfunc__goboringcrypto_AES_set_decrypt_key
 ```
 
 Similarly, on a FIPS Windows binary, run `go tool nm` on the binary to get a symbol dump, and then search for `go-crypto-winnative`. 

From d54d5fb85c1ee5f19b06d0dd30ebb9a76bc8e3e3 Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Tue, 13 Jun 2023 11:07:46 +0530
Subject: [PATCH 033/359] [NET-4107][Supportability] Log Level set to TRACE and
 duration set to 5m for consul-debug (#17596)

* changed duration to 5 mins and log level to trace

* documentation update

* change log
---
 .changelog/17596.txt               | 3 +++
 command/debug/debug.go             | 4 ++--
 website/content/commands/debug.mdx | 6 +++---
 3 files changed, 8 insertions(+), 5 deletions(-)
 create mode 100644 .changelog/17596.txt

diff --git a/.changelog/17596.txt b/.changelog/17596.txt
new file mode 100644
index 000000000000..1058df1ea3ab
--- /dev/null
+++ b/.changelog/17596.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ debug: change default setting of consul debug command. now default duration is 5ms and default log level is 'TRACE'
+ ```
\ No newline at end of file
diff --git a/command/debug/debug.go b/command/debug/debug.go
index 38a02c26027b..0c3fcca57a83 100644
--- a/command/debug/debug.go
+++ b/command/debug/debug.go
@@ -35,7 +35,7 @@ const (
 
 	// debugDuration is the total duration that debug runs before being
 	// shut down
-	debugDuration = 2 * time.Minute
+	debugDuration = 5 * time.Minute
 
 	// debugDurationGrace is a period of time added to the specified
 	// duration to allow intervals to capture within that time
@@ -503,7 +503,7 @@ func (c *cmd) captureHeap(outputDir string) error {
 }
 
 func (c *cmd) captureLogs(ctx context.Context) error {
-	logCh, err := c.client.Agent().Monitor("DEBUG", ctx.Done(), nil)
+	logCh, err := c.client.Agent().Monitor("TRACE", ctx.Done(), nil)
 	if err != nil {
 		return err
 	}
diff --git a/website/content/commands/debug.mdx b/website/content/commands/debug.mdx
index 3fea57f43e38..bebbe955a294 100644
--- a/website/content/commands/debug.mdx
+++ b/website/content/commands/debug.mdx
@@ -45,12 +45,12 @@ or otherwise.
 `Usage: consul debug [options]`
 
 By default, the debug command will capture an archive at the current path for
-all targets for 2 minutes.
+all targets for 5 minutes.
 
 #### Command Options
 
 - `-duration` - Optional, the total time to capture data for from the target agent. Must
-  be greater than the interval and longer than 10 seconds. Defaults to 2 minutes.
+  be greater than the interval and longer than 10 seconds. Defaults to 5 minutes.
 
 - `-interval` - Optional, the interval at which to capture dynamic data, such as heap
   and metrics. Must be longer than 5 seconds. Defaults to 30 seconds.
@@ -79,7 +79,7 @@ information when `debug` is running. By default, it captures all information.
 | `host`    | Information about resources on the host running the target agent such as CPU, memory, and disk.                                                                                                                                                                                                                                                                                                                           |
 | `members` | A list of all the WAN and LAN members in the cluster.                                                                                                                                                                                                                                                                                                                                                                     |
 | `metrics` | Metrics from the in-memory metrics endpoint in the target, captured at the interval.                                                                                                                                                                                                                                                                                                                                      |
-| `logs`    | `DEBUG` level logs for the target agent, captured for the duration.                                                                                                                                                                                                                                                                                                                                                       |
+| `logs`    | `TRACE` level logs for the target agent, captured for the duration.                                                                                                                                                                                                                                                                                                                                                       |
 | `pprof`   | Golang heap, CPU, goroutine, and trace profiling. CPU and traces are captured for `duration` in a single file while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/consul/docs/agent/config/config-files#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. |
 
 ## Examples

From a8f135083560b655da048548ba448b9b75b0b7a8 Mon Sep 17 00:00:00 2001
From: Chris Thain <32781396+cthain@users.noreply.github.com>
Date: Tue, 13 Jun 2023 06:57:11 -0700
Subject: [PATCH 034/359] ENT merge of ext-authz extension updates (#17684)

---
 .../builtin/ext-authz/ext_authz.go            | 21 +++++++++++--
 .../builtin/ext-authz/structs.go              | 23 +++-----------
 ...uthz-http-local-grpc-service.latest.golden | 31 ++++++++++---------
 ...uthz-http-local-http-service.latest.golden |  3 ++
 ...z-http-upstream-grpc-service.latest.golden |  3 +-
 ...z-http-upstream-http-service.latest.golden |  3 +-
 ...authz-tcp-local-grpc-service.latest.golden | 16 +++++-----
 7 files changed, 54 insertions(+), 46 deletions(-)

diff --git a/agent/envoyextensions/builtin/ext-authz/ext_authz.go b/agent/envoyextensions/builtin/ext-authz/ext_authz.go
index 67d93cd2ba65..7400aef13a04 100644
--- a/agent/envoyextensions/builtin/ext-authz/ext_authz.go
+++ b/agent/envoyextensions/builtin/ext-authz/ext_authz.go
@@ -68,6 +68,8 @@ func (a *extAuthz) PatchFilters(cfg *ext_cmn.RuntimeConfig, filters []*envoy_lis
 		return filters, nil
 	}
 
+	a.configureInsertOptions(cfg.Protocol)
+
 	switch cfg.Protocol {
 	case "grpc", "http2", "http":
 		extAuthzFilter, err := a.Config.toEnvoyHttpFilter(cfg)
@@ -107,13 +109,26 @@ func (a *extAuthz) fromArguments(args map[string]any) error {
 	return a.validate()
 }
 
+func (a *extAuthz) configureInsertOptions(protocol string) {
+	// If the insert options have been expressly configured, then use them.
+	if a.InsertOptions.Location != "" {
+		return
+	}
+
+	// Configure the default, insert the filter immediately before the terminal filter.
+	a.InsertOptions.Location = ext_cmn.InsertBeforeFirstMatch
+	switch protocol {
+	case "grpc", "http2", "http":
+		a.InsertOptions.FilterName = "envoy.filters.http.router"
+	default:
+		a.InsertOptions.FilterName = "envoy.filters.network.tcp_proxy"
+	}
+}
+
 func (a *extAuthz) normalize() {
 	if a.ProxyType == "" {
 		a.ProxyType = api.ServiceKindConnectProxy
 	}
-	if a.InsertOptions.Location == "" {
-		a.InsertOptions.Location = ext_cmn.InsertFirst
-	}
 	a.Config.normalize()
 }
 
diff --git a/agent/envoyextensions/builtin/ext-authz/structs.go b/agent/envoyextensions/builtin/ext-authz/structs.go
index 979bc8a86c7b..b64011a991e2 100644
--- a/agent/envoyextensions/builtin/ext-authz/structs.go
+++ b/agent/envoyextensions/builtin/ext-authz/structs.go
@@ -31,6 +31,7 @@ import (
 const (
 	LocalExtAuthzClusterName = "local_ext_authz"
 
+	defaultMetadataNS    = "consul"
 	defaultStatPrefix    = "response"
 	defaultStatusOnError = 403
 )
@@ -44,7 +45,6 @@ type extAuthzConfig struct {
 	MetadataContextNamespaces  []string
 	StatusOnError              *int
 	StatPrefix                 string
-	TransportApiVersion        TransportApiVersion
 	WithRequestBody            *BufferSettings
 
 	failureModeAllow bool
@@ -238,8 +238,8 @@ func (c extAuthzConfig) toEnvoyHttpFilter(cfg *cmn.RuntimeConfig) (*envoy_http_v
 	extAuthzFilter := &envoy_http_ext_authz_v3.ExtAuthz{
 		StatPrefix:                 c.StatPrefix,
 		WithRequestBody:            c.WithRequestBody.toEnvoy(),
-		TransportApiVersion:        c.TransportApiVersion.toEnvoy(),
-		MetadataContextNamespaces:  c.MetadataContextNamespaces,
+		TransportApiVersion:        envoy_core_v3.ApiVersion_V3,
+		MetadataContextNamespaces:  append(c.MetadataContextNamespaces, defaultMetadataNS),
 		FailureModeAllow:           c.failureModeAllow,
 		BootstrapMetadataLabelsKey: c.BootstrapMetadataLabelsKey,
 	}
@@ -281,7 +281,7 @@ func (c extAuthzConfig) toEnvoyNetworkFilter(cfg *cmn.RuntimeConfig) (*envoy_lis
 	extAuthzFilter := &envoy_ext_authz_v3.ExtAuthz{
 		GrpcService:         grpcSvc,
 		StatPrefix:          c.StatPrefix,
-		TransportApiVersion: c.TransportApiVersion.toEnvoy(),
+		TransportApiVersion: envoy_core_v3.ApiVersion_V3,
 		FailureModeAllow:    c.failureModeAllow,
 	}
 
@@ -672,18 +672,3 @@ func (t *Target) validate() error {
 	}
 	return resultErr
 }
-
-type TransportApiVersion string
-
-func (t TransportApiVersion) toEnvoy() envoy_core_v3.ApiVersion {
-	switch strings.ToLower(string(t)) {
-	case "v2":
-		//nolint:staticcheck
-		return envoy_core_v3.ApiVersion_V2
-	case "auto":
-		//nolint:staticcheck
-		return envoy_core_v3.ApiVersion_AUTO
-	default:
-		return envoy_core_v3.ApiVersion_V3
-	}
-}
diff --git a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-grpc-service.latest.golden b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-grpc-service.latest.golden
index 7f0ad9cf1cd8..0448214fe781 100644
--- a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-grpc-service.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-grpc-service.latest.golden
@@ -90,20 +90,6 @@
                   ]
                 },
                 "httpFilters": [
-                  {
-                    "name": "envoy.filters.http.ext_authz",
-                    "typedConfig": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz",
-                      "grpcService": {
-                        "envoyGrpc": {
-                          "clusterName": "local_ext_authz"
-                        }
-                      },
-                      "transportApiVersion": "V3",
-                      "failureModeAllow": true,
-                      "statPrefix": "response"
-                    }
-                  },
                   {
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
@@ -189,6 +175,23 @@
                       ]
                     }
                   },
+                  {
+                    "name": "envoy.filters.http.ext_authz",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz",
+                      "grpcService": {
+                        "envoyGrpc": {
+                          "clusterName": "local_ext_authz"
+                        }
+                      },
+                      "transportApiVersion": "V3",
+                      "failureModeAllow": true,
+                      "metadataContextNamespaces": [
+                        "consul"
+                      ],
+                      "statPrefix": "response"
+                    }
+                  },
                   {
                     "name": "envoy.filters.http.router",
                     "typedConfig": {
diff --git a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-http-service.latest.golden b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-http-service.latest.golden
index dc2c1e45ceda..9e3390355805 100644
--- a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-http-service.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-http-service.latest.golden
@@ -187,6 +187,9 @@
                       },
                       "transportApiVersion": "V3",
                       "failureModeAllow": true,
+                      "metadataContextNamespaces": [
+                        "consul"
+                      ],
                       "statPrefix": "response"
                     }
                   },
diff --git a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-grpc-service.latest.golden b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-grpc-service.latest.golden
index af4675750e18..203929ea6688 100644
--- a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-grpc-service.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-grpc-service.latest.golden
@@ -208,7 +208,8 @@
                       },
                       "metadataContextNamespaces": [
                         "test-ns-1",
-                        "test-ns-2"
+                        "test-ns-2",
+                        "consul"
                       ],
                       "includePeerCertificate": true,
                       "statPrefix": "ext_authz_stats",
diff --git a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-http-service.latest.golden b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-http-service.latest.golden
index ded85e73e3c1..e2bf641ee52a 100644
--- a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-http-service.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-http-service.latest.golden
@@ -206,7 +206,8 @@
                       },
                       "metadataContextNamespaces": [
                         "test-ns-1",
-                        "test-ns-2"
+                        "test-ns-2",
+                        "consul"
                       ],
                       "includePeerCertificate": true,
                       "statPrefix": "ext_authz_stats",
diff --git a/agent/xds/testdata/builtin_extension/listeners/ext-authz-tcp-local-grpc-service.latest.golden b/agent/xds/testdata/builtin_extension/listeners/ext-authz-tcp-local-grpc-service.latest.golden
index 4f75499ff8d8..61e2ff733931 100644
--- a/agent/xds/testdata/builtin_extension/listeners/ext-authz-tcp-local-grpc-service.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/ext-authz-tcp-local-grpc-service.latest.golden
@@ -63,6 +63,14 @@
       "filterChains": [
         {
           "filters": [
+            {
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
+              }
+            },
             {
               "name": "envoy.filters.network.ext_authz",
               "typedConfig": {
@@ -77,14 +85,6 @@
                 "transportApiVersion": "V3"
               }
             },
-            {
-              "name": "envoy.filters.network.rbac",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {},
-                "statPrefix": "connect_authz"
-              }
-            },
             {
               "name": "envoy.filters.network.tcp_proxy",
               "typedConfig": {

From ddce431bd7edf9f0d969616ce878e20523063d66 Mon Sep 17 00:00:00 2001
From: Chris Thain <32781396+cthain@users.noreply.github.com>
Date: Tue, 13 Jun 2023 07:04:01 -0700
Subject: [PATCH 035/359] docs: Update default values for Envoy extension proxy
 types (#17676)

---
 .../configuration/property-override.mdx       |  3 +-
 .../proxies/envoy-extensions/usage/lua.mdx    | 35 +++++++++----------
 .../usage/property-override.mdx               | 26 +++++++-------
 3 files changed, 31 insertions(+), 33 deletions(-)

diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
index 9b13cb940b23..f88cd476a0bd 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
@@ -17,7 +17,7 @@ The following list outlines the field hierarchy, data types, and requirements fo
 
 Click on a property name to view additional details, including default values.
   
-- [`ProxyType`](#proxytype): string | required 
+- [`ProxyType`](#proxytype): string | `connect-proxy`
 - [`Debug`](#debug): bool | `false` 
 - [`Patches`](#patches): list | required
    - [`ResourceFilter`](#patches-resourcefilter): map         
@@ -69,7 +69,6 @@ Specifies the type of Envoy proxy that the extension applies to. The only suppor
 #### Values
 
 - Default: `connect-proxy`
-- This field is required.
 - Data type: String 
 
 ### `Debug`
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx
index 496b7d5fa58f..da9e4c9b0f10 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx
@@ -15,11 +15,9 @@ Envoy filters support setting and getting dynamic metadata, allowing a filter to
 
 To use the Lua Envoy extension, configure the following arguments in the `EnvoyExtensions` block:
 
-| Arguments      | Description                                                                                      |
-| -------------- | ------------------------------------------------------------------------------------------------ |
-| `ProxyType`    | Determines the proxy type the extension applies to. The only supported value is `connect-proxy`. |
-| `ListenerType` | Specifies if the extension is applied to the `inbound` or `outbound` listener.                   |
-| `Script`       | The Lua script that is configured to run by the HTTP Lua filter.                                 |
+- `ProxyType`: string | `connect-proxy` - Determines the proxy type the extension applies to. The only supported value is `connect-proxy`.
+- `ListenerType`: string | required - Specifies if the extension is applied to the `inbound` or `outbound` listener.
+- `Script`: string | required - The Lua script that is configured to run by the HTTP Lua filter.
 
 ## Workflow
 
@@ -44,16 +42,15 @@ The following example configures the Lua Envoy extension on every service by usi
 <CodeBlockConfig filename="lua-envoy-extension-proxy-defaults.hcl">
 
 ```hcl
-Kind = "proxy-defaults"
-Name = "global"
-Protocol  = "http"
+Kind     = "proxy-defaults"
+Name     = "global"
+Protocol = "http"
 EnvoyExtensions {
   Name = "builtin/lua"
-  
   Arguments = {
     ProxyType = "connect-proxy"
-    Listener = "inbound"
-    Script = <<-EOS
+    Listener  = "inbound"
+    Script    = <<-EOS
 function envoy_on_request(request_handle)
   meta = request_handle:streamInfo():dynamicMetadata()
   m = meta:get("consul")
@@ -159,7 +156,7 @@ $ kubectl apply lua-envoy-extension-proxy-defaults.yaml
 
 In the following example, the `service-defaults` configure the Lua Envoy extension to insert the HTTP Lua filter for service `myservice` and add the Consul service name to the`x-consul-service` header for all inbound requests. The `ListenerType` makes it so that the extension applies only on the inbound listener of the service's connect proxy.
 
-<CodeBlockConfig filename="lua-envoy-extension.json">
+<CodeBlockConfig filename="lua-envoy-extension.hcl">
 
 ```hcl
 Kind = "service-defaults"
@@ -170,8 +167,8 @@ EnvoyExtensions = [
     
     Arguments = {
       ProxyType = "connect-proxy"
-      Listener = "inbound"
-      Script = <<EOF
+      Listener  = "inbound"
+      Script    = <<EOF
   function envoy_on_request(request_handle)
     local service = request_handle:streamInfo():dynamicMetadata():get("consul")["service"]
     request_handle:headers():add("x-consul-service", service)
@@ -188,7 +185,7 @@ Alternatively, you can apply the same extension configuration to [`proxy-default
 
 You can also specify multiple Lua filters through the Envoy extensions. They will not override each other.
 
-<CodeBlockConfig filename="lua-envoy-extension.json">
+<CodeBlockConfig filename="lua-envoy-extension.hcl">
 
 ```hcl
 Kind = "service-defaults"
@@ -198,8 +195,8 @@ EnvoyExtensions = [
     Name = "builtin/lua",
     Arguments = {
       ProxyType = "connect-proxy"
-      Listener = "inbound"
-      Script = <<-EOF
+      Listener  = "inbound"
+      Script    = <<-EOF
 function envoy_on_request(request_handle)
   meta = request_handle:streamInfo():dynamicMetadata()
   m = meta:get("consul")
@@ -212,8 +209,8 @@ end
     Name = "builtin/lua",
     Arguments = {
       ProxyType = "connect-proxy"
-      Listener = "inbound"
-      Script = <<-EOF
+      Listener  = "inbound"
+      Script    = <<-EOF
 function envoy_on_request(request_handle)
   meta = request_handle:streamInfo():dynamicMetadata()
   m = meta:get("consul")
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
index 0166f84ec193..805540265787 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
@@ -32,28 +32,30 @@ In the following service defaults configuration entry example, Consul adds a new
 <CodeBlockConfig filename="property-override-extension-service-defaults.hcl">
 
 ```hcl
-Kind = "service-defaults"
-Name = "global"
-Protocol  = "http"
+Kind     = "service-defaults"
+Name     = "global"
+Protocol = "http"
 EnvoyExtensions = [ 
   {
     Name = "builtin/property-override"
     Arguments = {
-      ProxyType = "connect-proxy",
+      ProxyType = "connect-proxy"
       Patches = [
         {
           ResourceFilter  = {
-	     ResourceType  = "cluster", 
-            TrafficDirection  = "outbound"
+            ResourceType     = "cluster"
+            TrafficDirection = "outbound"
             Services = [{
                Name =  "other-svc"
-            }],
-          Op = "add"
-          Path = "/upstream_connection_options/tcp_keepalive/keepalive_probes",
-          Value = 5,
+            }]
+          }
+          Op    = "add"
+          Path  = "/upstream_connection_options/tcp_keepalive/keepalive_probes"
+          Value = 5
         }
-      ]  
-   }
+      ]
+    }
+  }
 ]
 ```
 </CodeBlockConfig>

From bba5cd845577103e491d2f8f3c9ede0c0049d6a0 Mon Sep 17 00:00:00 2001
From: Dan Stough <dan.stough@hashicorp.com>
Date: Tue, 13 Jun 2023 10:20:56 -0400
Subject: [PATCH 036/359] fix: stop peering delete routine on leader loss
 (#17483)

---
 .changelog/17483.txt   | 3 +++
 .changelog/_5614.txt   | 4 ++++
 agent/consul/leader.go | 2 ++
 3 files changed, 9 insertions(+)
 create mode 100644 .changelog/17483.txt
 create mode 100644 .changelog/_5614.txt

diff --git a/.changelog/17483.txt b/.changelog/17483.txt
new file mode 100644
index 000000000000..26c81dbe4cdf
--- /dev/null
+++ b/.changelog/17483.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+peering: Fix a bug that caused server agents to continue cleaning up peering resources even after loss of leadership.
+```
diff --git a/.changelog/_5614.txt b/.changelog/_5614.txt
new file mode 100644
index 000000000000..9951b9111875
--- /dev/null
+++ b/.changelog/_5614.txt
@@ -0,0 +1,4 @@
+```release-note:bug
+namespaces: **(Enterprise only)** fixes a bug where namespaces are stuck in a deferred deletion state indefinitely under some conditions.
+Also fixes the Consul query metadata present in the HTTP headers of the namespace read and list endpoints.
+```
diff --git a/agent/consul/leader.go b/agent/consul/leader.go
index f2905e6d8f44..c91655c5c863 100644
--- a/agent/consul/leader.go
+++ b/agent/consul/leader.go
@@ -364,6 +364,8 @@ func (s *Server) revokeLeadership() {
 
 	s.revokeEnterpriseLeadership()
 
+	s.stopDeferredDeletion()
+
 	s.stopFederationStateAntiEntropy()
 
 	s.stopFederationStateReplication()

From 0a1efe73f3181538a16860f85602bcdcd43002e3 Mon Sep 17 00:00:00 2001
From: Eric Haberkorn <erichaberkorn@gmail.com>
Date: Tue, 13 Jun 2023 11:03:30 -0400
Subject: [PATCH 037/359] Refactor disco chain prioritize by locality structs
 (#17696)

This includes prioritize by localities on disco chain targets rather than
resolvers, allowing different targets within the same partition to have
different policies.
---
 agent/consul/discoverychain/compile.go      | 22 ++++++++++-------
 agent/consul/discoverychain/compile_test.go |  1 +
 agent/structs/discovery_chain.go            | 26 +++++++++++----------
 agent/structs/structs.deepcopy.go           |  8 +++----
 4 files changed, 33 insertions(+), 24 deletions(-)

diff --git a/agent/consul/discoverychain/compile.go b/agent/consul/discoverychain/compile.go
index 634ab4a6ff76..20227db3ef19 100644
--- a/agent/consul/discoverychain/compile.go
+++ b/agent/consul/discoverychain/compile.go
@@ -1009,19 +1009,25 @@ RESOLVE_AGAIN:
 		Type: structs.DiscoveryGraphNodeTypeResolver,
 		Name: target.ID,
 		Resolver: &structs.DiscoveryResolver{
-			Default:              resolver.IsDefault(),
-			Target:               target.ID,
-			ConnectTimeout:       connectTimeout,
-			RequestTimeout:       resolver.RequestTimeout,
-			PrioritizeByLocality: resolver.PrioritizeByLocality.ToDiscovery(),
+			Default:        resolver.IsDefault(),
+			Target:         target.ID,
+			ConnectTimeout: connectTimeout,
+			RequestTimeout: resolver.RequestTimeout,
 		},
 		LoadBalancer: resolver.LoadBalancer,
 	}
 
-	// Merge default values from the proxy defaults
 	proxyDefault := c.entries.GetProxyDefaults(targetID.PartitionOrDefault())
-	if proxyDefault != nil && node.Resolver.PrioritizeByLocality == nil {
-		node.Resolver.PrioritizeByLocality = proxyDefault.PrioritizeByLocality.ToDiscovery()
+
+	// Only set PrioritizeByLocality for targets in the same partition.
+	if target.Partition == c.evaluateInPartition && target.Peer == "" {
+		if resolver.PrioritizeByLocality != nil {
+			target.PrioritizeByLocality = resolver.PrioritizeByLocality.ToDiscovery()
+		}
+
+		if target.PrioritizeByLocality == nil && proxyDefault != nil {
+			target.PrioritizeByLocality = proxyDefault.PrioritizeByLocality.ToDiscovery()
+		}
 	}
 
 	target.Subset = resolver.Subsets[target.ServiceSubset]
diff --git a/agent/consul/discoverychain/compile_test.go b/agent/consul/discoverychain/compile_test.go
index 692c0c4fdaca..ca39aa236fc9 100644
--- a/agent/consul/discoverychain/compile_test.go
+++ b/agent/consul/discoverychain/compile_test.go
@@ -3301,6 +3301,7 @@ func newTarget(opts structs.DiscoveryTargetOpts, modFn func(t *structs.Discovery
 	t.SNI = connect.TargetSNI(t, "trustdomain.consul")
 	t.Name = t.SNI
 	t.ConnectTimeout = 5 * time.Second // default
+	t.PrioritizeByLocality = opts.PrioritizeByLocality
 	if modFn != nil {
 		modFn(t)
 	}
diff --git a/agent/structs/discovery_chain.go b/agent/structs/discovery_chain.go
index edbc7384a383..029fc3b0a8be 100644
--- a/agent/structs/discovery_chain.go
+++ b/agent/structs/discovery_chain.go
@@ -121,12 +121,11 @@ func (s *DiscoveryGraphNode) MapKey() string {
 
 // compiled form of ServiceResolverConfigEntry
 type DiscoveryResolver struct {
-	Default              bool                           `json:",omitempty"`
-	ConnectTimeout       time.Duration                  `json:",omitempty"`
-	RequestTimeout       time.Duration                  `json:",omitempty"`
-	Target               string                         `json:",omitempty"`
-	Failover             *DiscoveryFailover             `json:",omitempty"`
-	PrioritizeByLocality *DiscoveryPrioritizeByLocality `json:",omitempty"`
+	Default        bool               `json:",omitempty"`
+	ConnectTimeout time.Duration      `json:",omitempty"`
+	RequestTimeout time.Duration      `json:",omitempty"`
+	Target         string             `json:",omitempty"`
+	Failover       *DiscoveryFailover `json:",omitempty"`
 }
 
 func (r *DiscoveryResolver) MarshalJSON() ([]byte, error) {
@@ -238,6 +237,8 @@ type DiscoveryTarget struct {
 	// balancer objects.  This has a structure similar to SNI, but will not be
 	// affected by SNI customizations.
 	Name string `json:",omitempty"`
+
+	PrioritizeByLocality *DiscoveryPrioritizeByLocality `json:",omitempty"`
 }
 
 func (t *DiscoveryTarget) MarshalJSON() ([]byte, error) {
@@ -277,12 +278,13 @@ func (t *DiscoveryTarget) UnmarshalJSON(data []byte) error {
 }
 
 type DiscoveryTargetOpts struct {
-	Service       string
-	ServiceSubset string
-	Namespace     string
-	Partition     string
-	Datacenter    string
-	Peer          string
+	Service              string
+	ServiceSubset        string
+	Namespace            string
+	Partition            string
+	Datacenter           string
+	Peer                 string
+	PrioritizeByLocality *DiscoveryPrioritizeByLocality
 }
 
 func MergeDiscoveryTargetOpts(opts ...DiscoveryTargetOpts) DiscoveryTargetOpts {
diff --git a/agent/structs/structs.deepcopy.go b/agent/structs/structs.deepcopy.go
index 59a5c7224952..cdd007c26cdb 100644
--- a/agent/structs/structs.deepcopy.go
+++ b/agent/structs/structs.deepcopy.go
@@ -129,6 +129,10 @@ func (o *CompiledDiscoveryChain) DeepCopy() *CompiledDiscoveryChain {
 					cp_Targets_v2.Locality = new(Locality)
 					*cp_Targets_v2.Locality = *v2.Locality
 				}
+				if v2.PrioritizeByLocality != nil {
+					cp_Targets_v2.PrioritizeByLocality = new(DiscoveryPrioritizeByLocality)
+					*cp_Targets_v2.PrioritizeByLocality = *v2.PrioritizeByLocality
+				}
 			}
 			cp.Targets[k2] = cp_Targets_v2
 		}
@@ -240,10 +244,6 @@ func (o *DiscoveryResolver) DeepCopy() *DiscoveryResolver {
 	if o.Failover != nil {
 		cp.Failover = o.Failover.DeepCopy()
 	}
-	if o.PrioritizeByLocality != nil {
-		cp.PrioritizeByLocality = new(DiscoveryPrioritizeByLocality)
-		*cp.PrioritizeByLocality = *o.PrioritizeByLocality
-	}
 	return &cp
 }
 

From 72f991d8d35a3da226c59bdb15ec7c784367908b Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Tue, 13 Jun 2023 10:54:45 -0500
Subject: [PATCH 038/359] agent: remove agent cache dependency from service
 mesh leaf certificate management (#17075)

* agent: remove agent cache dependency from service mesh leaf certificate management

This extracts the leaf cert management from within the agent cache.

This code was produced by the following process:

1. All tests in agent/cache, agent/cache-types, agent/auto-config,
   agent/consul/servercert were run at each stage.

    - The tests in agent matching .*Leaf were run at each stage.

    - The tests in agent/leafcert were run at each stage after they
      existed.

2. The former leaf cert Fetch implementation was extracted into a new
   package behind a "fake RPC" endpoint to make it look almost like all
   other cache type internals.

3. The old cache type was shimmed to use the fake RPC endpoint and
   generally cleaned up.

4. I selectively duplicated all of Get/Notify/NotifyCallback/Prepopulate
   from the agent/cache.Cache implementation over into the new package.
   This was renamed as leafcert.Manager.

    - Code that was irrelevant to the leaf cert type was deleted
      (inlining blocking=true, refresh=false)

5. Everything that used the leaf cert cache type (including proxycfg
   stuff) was shifted to use the leafcert.Manager instead.

6. agent/cache-types tests were moved and gently replumbed to execute
   as-is against a leafcert.Manager.

7. Inspired by some of the locking changes from derek's branch I split
   the fat lock into N+1 locks.

8. The waiter chan struct{} was eventually replaced with a
   singleflight.Group around cache updates, which was likely the biggest
   net structural change.

9. The awkward two layers or logic produced as a byproduct of marrying
   the agent cache management code with the leaf cert type code was
   slowly coalesced and flattened to remove confusion.

10. The .*Leaf tests from the agent package were copied and made to work
    directly against a leafcert.Manager to increase direct coverage.

I have done a best effort attempt to port the previous leaf-cert cache
type's tests over in spirit, as well as to take the e2e-ish tests in the
agent package with Leaf in the test name and copy those into the
agent/leafcert package to get more direct coverage, rather than coverage
tangled up in the agent logic.

There is no net-new test coverage, just coverage that was pushed around
from elsewhere.
---
 .changelog/17075.txt                      |    3 +
 agent/agent.go                            |   26 +-
 agent/agent_endpoint.go                   |   11 +-
 agent/agent_endpoint_test.go              |   19 +-
 agent/agent_test.go                       |   41 +-
 agent/auto-config/auto_config_test.go     |   22 +-
 agent/auto-config/auto_encrypt_test.go    |   14 +-
 agent/auto-config/config.go               |   20 +-
 agent/auto-config/mock_test.go            |  105 +-
 agent/auto-config/tls.go                  |   21 +-
 agent/cache-types/connect_ca_leaf.go      |  774 --------------
 agent/cache-types/connect_ca_leaf_oss.go  |   11 -
 agent/cache-types/connect_ca_leaf_test.go | 1178 ---------------------
 agent/cache-types/norace_test.go          |    9 -
 agent/cache-types/race_test.go            |    9 -
 agent/consul/servercert/manager.go        |   33 +-
 agent/consul/servercert/manager_test.go   |   48 +-
 agent/leafcert/cached_roots.go            |   47 +
 agent/leafcert/cert.go                    |  133 +++
 agent/leafcert/generate.go                |  362 +++++++
 agent/leafcert/leafcert.go                |  556 ++++++++++
 agent/leafcert/leafcert_test.go           | 1133 ++++++++++++++++++++
 agent/leafcert/roots.go                   |  152 +++
 agent/leafcert/signer_netrpc.go           |   35 +
 agent/leafcert/signer_test.go             |  243 +++++
 agent/leafcert/structs.go                 |  103 ++
 agent/leafcert/structs_test.go            |   79 ++
 agent/leafcert/util.go                    |   63 ++
 agent/leafcert/util_test.go               |  133 +++
 agent/leafcert/watch.go                   |  160 +++
 agent/proxycfg-glue/glue.go               |   14 +-
 agent/proxycfg-glue/leafcerts.go          |   25 +
 agent/proxycfg/api_gateway.go             |    4 +-
 agent/proxycfg/connect_proxy.go           |    6 +-
 agent/proxycfg/data_sources.go            |    3 +-
 agent/proxycfg/ingress_gateway.go         |    4 +-
 agent/proxycfg/manager_test.go            |    6 +-
 agent/proxycfg/mesh_gateway.go            |    3 +-
 agent/proxycfg/state_test.go              |    8 +-
 agent/proxycfg/terminating_gateway.go     |    4 +-
 agent/proxycfg/testing.go                 |    7 +-
 agent/setup.go                            |   56 +-
 42 files changed, 3561 insertions(+), 2122 deletions(-)
 create mode 100644 .changelog/17075.txt
 delete mode 100644 agent/cache-types/connect_ca_leaf.go
 delete mode 100644 agent/cache-types/connect_ca_leaf_oss.go
 delete mode 100644 agent/cache-types/connect_ca_leaf_test.go
 delete mode 100644 agent/cache-types/norace_test.go
 delete mode 100644 agent/cache-types/race_test.go
 create mode 100644 agent/leafcert/cached_roots.go
 create mode 100644 agent/leafcert/cert.go
 create mode 100644 agent/leafcert/generate.go
 create mode 100644 agent/leafcert/leafcert.go
 create mode 100644 agent/leafcert/leafcert_test.go
 create mode 100644 agent/leafcert/roots.go
 create mode 100644 agent/leafcert/signer_netrpc.go
 create mode 100644 agent/leafcert/signer_test.go
 create mode 100644 agent/leafcert/structs.go
 create mode 100644 agent/leafcert/structs_test.go
 create mode 100644 agent/leafcert/util.go
 create mode 100644 agent/leafcert/util_test.go
 create mode 100644 agent/leafcert/watch.go
 create mode 100644 agent/proxycfg-glue/leafcerts.go

diff --git a/.changelog/17075.txt b/.changelog/17075.txt
new file mode 100644
index 000000000000..1c882fabbddd
--- /dev/null
+++ b/.changelog/17075.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+agent: remove agent cache dependency from service mesh leaf certificate management
+```
diff --git a/agent/agent.go b/agent/agent.go
index 0b06688c483b..fcf6ce209f11 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -49,6 +49,7 @@ import (
 	grpcDNS "github.com/hashicorp/consul/agent/grpc-external/services/dns"
 	middleware "github.com/hashicorp/consul/agent/grpc-middleware"
 	"github.com/hashicorp/consul/agent/hcp/scada"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/local"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	proxycfgglue "github.com/hashicorp/consul/agent/proxycfg-glue"
@@ -123,6 +124,7 @@ var configSourceToName = map[configSource]string{
 	ConfigSourceLocal:  "local",
 	ConfigSourceRemote: "remote",
 }
+
 var configSourceFromName = map[string]configSource{
 	"local":  ConfigSourceLocal,
 	"remote": ConfigSourceRemote,
@@ -247,6 +249,9 @@ type Agent struct {
 	// cache is the in-memory cache for data the Agent requests.
 	cache *cache.Cache
 
+	// leafCertManager issues and caches leaf certs as needed.
+	leafCertManager *leafcert.Manager
+
 	// checkReapAfter maps the check ID to a timeout after which we should
 	// reap its associated service
 	checkReapAfter map[structs.CheckID]time.Duration
@@ -428,6 +433,12 @@ type Agent struct {
 //   - create the AutoConfig object for future use in fully
 //     resolving the configuration
 func New(bd BaseDeps) (*Agent, error) {
+	if bd.LeafCertManager == nil {
+		return nil, errors.New("LeafCertManager is required")
+	}
+	if bd.NetRPC == nil {
+		return nil, errors.New("NetRPC is required")
+	}
 	a := Agent{
 		checkReapAfter:  make(map[structs.CheckID]time.Duration),
 		checkMonitors:   make(map[structs.CheckID]*checks.CheckMonitor),
@@ -454,6 +465,7 @@ func New(bd BaseDeps) (*Agent, error) {
 		tlsConfigurator: bd.TLSConfigurator,
 		config:          bd.RuntimeConfig,
 		cache:           bd.Cache,
+		leafCertManager: bd.LeafCertManager,
 		routineManager:  routine.NewManager(bd.Logger),
 		scadaProvider:   bd.HCP.Provider,
 	}
@@ -497,6 +509,9 @@ func New(bd BaseDeps) (*Agent, error) {
 		},
 	}
 
+	// TODO(rb): remove this once NetRPC is properly available in BaseDeps without an Agent
+	bd.NetRPC.SetNetRPC(&a)
+
 	// We used to do this in the Start method. However it doesn't need to go
 	// there any longer. Originally it did because we passed the agent
 	// delegate to some of the cache registrations. Now we just
@@ -674,7 +689,7 @@ func (a *Agent) Start(ctx context.Context) error {
 					Datacenter:  a.config.Datacenter,
 					ACLsEnabled: a.config.ACLsEnabled,
 				},
-				Cache:           a.cache,
+				LeafCertManager: a.leafCertManager,
 				GetStore:        func() servercert.Store { return server.FSM().State() },
 				TLSConfigurator: a.tlsConfigurator,
 			}
@@ -4354,13 +4369,6 @@ func (a *Agent) registerCache() {
 
 	a.cache.RegisterType(cachetype.ConnectCARootName, &cachetype.ConnectCARoot{RPC: a})
 
-	a.cache.RegisterType(cachetype.ConnectCALeafName, &cachetype.ConnectCALeaf{
-		RPC:                              a,
-		Cache:                            a.cache,
-		Datacenter:                       a.config.Datacenter,
-		TestOverrideCAChangeInitialDelay: a.config.ConnectTestCALeafRootChangeSpread,
-	})
-
 	a.cache.RegisterType(cachetype.IntentionMatchName, &cachetype.IntentionMatch{RPC: a})
 
 	a.cache.RegisterType(cachetype.IntentionUpstreamsName, &cachetype.IntentionUpstreams{RPC: a})
@@ -4521,7 +4529,7 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources {
 		IntentionUpstreams:              proxycfgglue.CacheIntentionUpstreams(a.cache),
 		IntentionUpstreamsDestination:   proxycfgglue.CacheIntentionUpstreamsDestination(a.cache),
 		InternalServiceDump:             proxycfgglue.CacheInternalServiceDump(a.cache),
-		LeafCertificate:                 proxycfgglue.CacheLeafCertificate(a.cache),
+		LeafCertificate:                 proxycfgglue.LocalLeafCerts(a.leafCertManager),
 		PeeredUpstreams:                 proxycfgglue.CachePeeredUpstreams(a.cache),
 		PeeringList:                     proxycfgglue.CachePeeringList(a.cache),
 		PreparedQuery:                   proxycfgglue.CachePrepraredQuery(a.cache),
diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go
index d63936e29466..8057487b2b45 100644
--- a/agent/agent_endpoint.go
+++ b/agent/agent_endpoint.go
@@ -24,6 +24,7 @@ import (
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/consul"
 	"github.com/hashicorp/consul/agent/debug"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/structs"
 	token_store "github.com/hashicorp/consul/agent/token"
 	"github.com/hashicorp/consul/api"
@@ -1569,7 +1570,7 @@ func (s *HTTPHandlers) AgentConnectCALeafCert(resp http.ResponseWriter, req *htt
 
 	// TODO(peering): expose way to get kind=mesh-gateway type cert with appropriate ACLs
 
-	args := cachetype.ConnectCALeafRequest{
+	args := leafcert.ConnectCALeafRequest{
 		Service: serviceName, // Need name not ID
 	}
 	var qOpts structs.QueryOptions
@@ -1598,17 +1599,13 @@ func (s *HTTPHandlers) AgentConnectCALeafCert(resp http.ResponseWriter, req *htt
 		return nil, nil
 	}
 
-	raw, m, err := s.agent.cache.Get(req.Context(), cachetype.ConnectCALeafName, &args)
+	reply, m, err := s.agent.leafCertManager.Get(req.Context(), &args)
 	if err != nil {
 		return nil, err
 	}
+
 	defer setCacheMeta(resp, &m)
 
-	reply, ok := raw.(*structs.IssuedCert)
-	if !ok {
-		// This should never happen, but we want to protect against panics
-		return nil, fmt.Errorf("internal error: response type not correct")
-	}
 	setIndex(resp, reply.ModifyIndex)
 
 	return reply, nil
diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go
index fc0345cee478..5194e2ae3489 100644
--- a/agent/agent_endpoint_test.go
+++ b/agent/agent_endpoint_test.go
@@ -6912,14 +6912,27 @@ func TestAgentConnectCALeafCert_good(t *testing.T) {
 		require.Equal(t, issued, issued2)
 	}
 
+	replyCh := make(chan *httptest.ResponseRecorder, 1)
+
+	go func(index string) {
+		resp := httptest.NewRecorder()
+		req, _ := http.NewRequest("GET", "/v1/agent/connect/ca/leaf/test?index="+index, nil)
+		a.srv.h.ServeHTTP(resp, req)
+
+		replyCh <- resp
+	}(index)
+
 	// Set a new CA
 	ca2 := connect.TestCAConfigSet(t, a, nil)
 
 	// Issue a blocking query to ensure that the cert gets updated appropriately
 	t.Run("test blocking queries update leaf cert", func(t *testing.T) {
-		resp := httptest.NewRecorder()
-		req, _ := http.NewRequest("GET", "/v1/agent/connect/ca/leaf/test?index="+index, nil)
-		a.srv.h.ServeHTTP(resp, req)
+		var resp *httptest.ResponseRecorder
+		select {
+		case resp = <-replyCh:
+		case <-time.After(500 * time.Millisecond):
+			t.Fatal("blocking query did not wake up during rotation")
+		}
 		dec := json.NewDecoder(resp.Body)
 		issued2 := &structs.IssuedCert{}
 		require.NoError(t, dec.Decode(issued2))
diff --git a/agent/agent_test.go b/agent/agent_test.go
index b2f0ea32e317..b234573f3e57 100644
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@@ -52,6 +52,7 @@ import (
 	"github.com/hashicorp/consul/agent/consul"
 	"github.com/hashicorp/consul/agent/hcp"
 	"github.com/hashicorp/consul/agent/hcp/scada"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/token"
 	"github.com/hashicorp/consul/api"
@@ -328,9 +329,16 @@ func TestAgent_HTTPMaxHeaderBytes(t *testing.T) {
 					},
 					HTTPMaxHeaderBytes: tt.maxHeaderBytes,
 				},
-				Cache: cache.New(cache.Options{}),
+				Cache:  cache.New(cache.Options{}),
+				NetRPC: &LazyNetRPC{},
 			}
 
+			bd.LeafCertManager = leafcert.NewManager(leafcert.Deps{
+				CertSigner:  leafcert.NewNetRPCCertSigner(bd.NetRPC),
+				RootsReader: leafcert.NewCachedRootsReader(bd.Cache, "dc1"),
+				Config:      leafcert.Config{},
+			})
+
 			cfg := config.RuntimeConfig{BuildDate: time.Date(2000, 1, 1, 0, 0, 1, 0, time.UTC)}
 			bd, err = initEnterpriseBaseDeps(bd, &cfg)
 			require.NoError(t, err)
@@ -5443,9 +5451,16 @@ func TestAgent_ListenHTTP_MultipleAddresses(t *testing.T) {
 				&net.TCPAddr{IP: net.ParseIP("127.0.0.1"), Port: ports[1]},
 			},
 		},
-		Cache: cache.New(cache.Options{}),
+		Cache:  cache.New(cache.Options{}),
+		NetRPC: &LazyNetRPC{},
 	}
 
+	bd.LeafCertManager = leafcert.NewManager(leafcert.Deps{
+		CertSigner:  leafcert.NewNetRPCCertSigner(bd.NetRPC),
+		RootsReader: leafcert.NewCachedRootsReader(bd.Cache, "dc1"),
+		Config:      leafcert.Config{},
+	})
+
 	cfg := config.RuntimeConfig{BuildDate: time.Date(2000, 1, 1, 0, 0, 1, 0, time.UTC)}
 	bd, err = initEnterpriseBaseDeps(bd, &cfg)
 	require.NoError(t, err)
@@ -6029,9 +6044,16 @@ func TestAgent_startListeners(t *testing.T) {
 		RuntimeConfig: &config.RuntimeConfig{
 			HTTPAddrs: []net.Addr{},
 		},
-		Cache: cache.New(cache.Options{}),
+		Cache:  cache.New(cache.Options{}),
+		NetRPC: &LazyNetRPC{},
 	}
 
+	bd.LeafCertManager = leafcert.NewManager(leafcert.Deps{
+		CertSigner:  leafcert.NewNetRPCCertSigner(bd.NetRPC),
+		RootsReader: leafcert.NewCachedRootsReader(bd.Cache, "dc1"),
+		Config:      leafcert.Config{},
+	})
+
 	bd, err := initEnterpriseBaseDeps(bd, &config.RuntimeConfig{})
 	require.NoError(t, err)
 
@@ -6161,8 +6183,15 @@ func TestAgent_startListeners_scada(t *testing.T) {
 		},
 		RuntimeConfig: &config.RuntimeConfig{},
 		Cache:         cache.New(cache.Options{}),
+		NetRPC:        &LazyNetRPC{},
 	}
 
+	bd.LeafCertManager = leafcert.NewManager(leafcert.Deps{
+		CertSigner:  leafcert.NewNetRPCCertSigner(bd.NetRPC),
+		RootsReader: leafcert.NewCachedRootsReader(bd.Cache, "dc1"),
+		Config:      leafcert.Config{},
+	})
+
 	cfg := config.RuntimeConfig{BuildDate: time.Date(2000, 1, 1, 0, 0, 1, 0, time.UTC)}
 	bd, err := initEnterpriseBaseDeps(bd, &cfg)
 	require.NoError(t, err)
@@ -6214,7 +6243,13 @@ func TestAgent_checkServerLastSeen(t *testing.T) {
 		},
 		RuntimeConfig: &config.RuntimeConfig{},
 		Cache:         cache.New(cache.Options{}),
+		NetRPC:        &LazyNetRPC{},
 	}
+	bd.LeafCertManager = leafcert.NewManager(leafcert.Deps{
+		CertSigner:  leafcert.NewNetRPCCertSigner(bd.NetRPC),
+		RootsReader: leafcert.NewCachedRootsReader(bd.Cache, "dc1"),
+		Config:      leafcert.Config{},
+	})
 	agent, err := New(bd)
 	require.NoError(t, err)
 
diff --git a/agent/auto-config/auto_config_test.go b/agent/auto-config/auto_config_test.go
index dcb06741f5f8..a5ab97e0f45d 100644
--- a/agent/auto-config/auto_config_test.go
+++ b/agent/auto-config/auto_config_test.go
@@ -21,6 +21,7 @@ import (
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/config"
 	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/metadata"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/token"
@@ -566,9 +567,8 @@ func TestGoRoutineManagement(t *testing.T) {
 	})
 
 	leafReq := ac.leafCertRequest()
-	mcfg.cache.On("Notify",
+	mcfg.leafCerts.On("Notify",
 		mock.Anything,
-		cachetype.ConnectCALeafName,
 		&leafReq,
 		leafWatchID,
 		mock.Anything,
@@ -717,10 +717,9 @@ func startedAutoConfig(t *testing.T, autoEncrypt bool) testAutoConfig {
 		mock.Anything,
 	).Return(nil).Once()
 
-	mcfg.cache.On("Notify",
+	mcfg.leafCerts.On("Notify",
 		mock.Anything,
-		cachetype.ConnectCALeafName,
-		&cachetype.ConnectCALeafRequest{
+		&leafcert.ConnectCALeafRequest{
 			Datacenter: "dc1",
 			Agent:      "autoconf",
 			Token:      originalToken,
@@ -875,10 +874,9 @@ func TestTokenUpdate(t *testing.T) {
 	})
 
 	leafCtx, leafCancel := context.WithCancel(context.Background())
-	testAC.mcfg.cache.On("Notify",
+	testAC.mcfg.leafCerts.On("Notify",
 		mock.Anything,
-		cachetype.ConnectCALeafName,
-		&cachetype.ConnectCALeafRequest{
+		&leafcert.ConnectCALeafRequest{
 			Datacenter: "dc1",
 			Agent:      "autoconf",
 			Token:      newToken,
@@ -975,14 +973,14 @@ func TestCertUpdate(t *testing.T) {
 		NotAfter: secondCert.ValidBefore,
 	}).Once()
 
-	req := cachetype.ConnectCALeafRequest{
+	req := leafcert.ConnectCALeafRequest{
 		Datacenter: "dc1",
 		Agent:      "autoconf",
 		Token:      testAC.originalToken,
 		DNSSAN:     defaultDNSSANs,
 		IPSAN:      defaultIPSANs,
 	}
-	require.True(t, testAC.mcfg.cache.sendNotification(context.Background(), req.CacheInfo().Key, cache.UpdateEvent{
+	require.True(t, testAC.mcfg.leafCerts.sendNotification(context.Background(), req.Key(), cache.UpdateEvent{
 		CorrelationID: leafWatchID,
 		Result:        secondCert,
 		Meta: cache.ResultMeta{
@@ -1102,14 +1100,14 @@ func TestFallback(t *testing.T) {
 
 	// now that all the mocks are set up we can trigger the whole thing by sending the second expired cert
 	// as a cache update event.
-	req := cachetype.ConnectCALeafRequest{
+	req := leafcert.ConnectCALeafRequest{
 		Datacenter: "dc1",
 		Agent:      "autoconf",
 		Token:      testAC.originalToken,
 		DNSSAN:     defaultDNSSANs,
 		IPSAN:      defaultIPSANs,
 	}
-	require.True(t, testAC.mcfg.cache.sendNotification(context.Background(), req.CacheInfo().Key, cache.UpdateEvent{
+	require.True(t, testAC.mcfg.leafCerts.sendNotification(context.Background(), req.Key(), cache.UpdateEvent{
 		CorrelationID: leafWatchID,
 		Result:        secondCert,
 		Meta: cache.ResultMeta{
diff --git a/agent/auto-config/auto_encrypt_test.go b/agent/auto-config/auto_encrypt_test.go
index e4a01d0b2177..2c94b6a5540a 100644
--- a/agent/auto-config/auto_encrypt_test.go
+++ b/agent/auto-config/auto_encrypt_test.go
@@ -20,6 +20,7 @@ import (
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/config"
 	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/metadata"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/lib/retry"
@@ -347,10 +348,9 @@ func TestAutoEncrypt_TokenUpdate(t *testing.T) {
 	})
 
 	leafCtx, leafCancel := context.WithCancel(context.Background())
-	testAC.mcfg.cache.On("Notify",
+	testAC.mcfg.leafCerts.On("Notify",
 		mock.Anything,
-		cachetype.ConnectCALeafName,
-		&cachetype.ConnectCALeafRequest{
+		&leafcert.ConnectCALeafRequest{
 			Datacenter: "dc1",
 			Agent:      "autoconf",
 			Token:      newToken,
@@ -430,14 +430,14 @@ func TestAutoEncrypt_CertUpdate(t *testing.T) {
 		NotAfter: secondCert.ValidBefore,
 	}).Once()
 
-	req := cachetype.ConnectCALeafRequest{
+	req := leafcert.ConnectCALeafRequest{
 		Datacenter: "dc1",
 		Agent:      "autoconf",
 		Token:      testAC.originalToken,
 		DNSSAN:     defaultDNSSANs,
 		IPSAN:      defaultIPSANs,
 	}
-	require.True(t, testAC.mcfg.cache.sendNotification(context.Background(), req.CacheInfo().Key, cache.UpdateEvent{
+	require.True(t, testAC.mcfg.leafCerts.sendNotification(context.Background(), req.Key(), cache.UpdateEvent{
 		CorrelationID: leafWatchID,
 		Result:        secondCert,
 		Meta: cache.ResultMeta{
@@ -538,14 +538,14 @@ func TestAutoEncrypt_Fallback(t *testing.T) {
 
 	// now that all the mocks are set up we can trigger the whole thing by sending the second expired cert
 	// as a cache update event.
-	req := cachetype.ConnectCALeafRequest{
+	req := leafcert.ConnectCALeafRequest{
 		Datacenter: "dc1",
 		Agent:      "autoconf",
 		Token:      testAC.originalToken,
 		DNSSAN:     defaultDNSSANs,
 		IPSAN:      defaultIPSANs,
 	}
-	require.True(t, testAC.mcfg.cache.sendNotification(context.Background(), req.CacheInfo().Key, cache.UpdateEvent{
+	require.True(t, testAC.mcfg.leafCerts.sendNotification(context.Background(), req.Key(), cache.UpdateEvent{
 		CorrelationID: leafWatchID,
 		Result:        secondCert,
 		Meta: cache.ResultMeta{
diff --git a/agent/auto-config/config.go b/agent/auto-config/config.go
index 5845ec70df0a..d0f1670ab73a 100644
--- a/agent/auto-config/config.go
+++ b/agent/auto-config/config.go
@@ -13,7 +13,9 @@ import (
 
 	"github.com/hashicorp/consul/agent/cache"
 	"github.com/hashicorp/consul/agent/config"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/metadata"
+	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/token"
 	"github.com/hashicorp/consul/lib/retry"
 )
@@ -33,6 +35,19 @@ type Cache interface {
 	Prepopulate(t string, result cache.FetchResult, dc string, peerName string, token string, key string) error
 }
 
+// LeafCertManager is an interface to represent the methods of the
+// agent/leafcert.Manager struct that we care about
+type LeafCertManager interface {
+	Prepopulate(
+		ctx context.Context,
+		key string,
+		index uint64,
+		value *structs.IssuedCert,
+		authorityKeyID string,
+	) error
+	Notify(ctx context.Context, req *leafcert.ConnectCALeafRequest, correlationID string, ch chan<- cache.UpdateEvent) error
+}
+
 // ServerProvider is an interface that can be used to find one server in the local DC known to
 // the agent via Gossip
 type ServerProvider interface {
@@ -92,9 +107,12 @@ type Config struct {
 	TLSConfigurator TLSConfigurator
 
 	// Cache is an object implementing our Cache interface. The Cache
-	// used at runtime must be able to handle Roots and Leaf Cert watches
+	// used at runtime must be able to handle Roots watches
 	Cache Cache
 
+	// LeafCertManager is an object implementing our LeafCertManager interface.
+	LeafCertManager LeafCertManager
+
 	// FallbackLeeway is the amount of time after certificate expiration before
 	// invoking the fallback routine. If not set this will default to 10s.
 	FallbackLeeway time.Duration
diff --git a/agent/auto-config/mock_test.go b/agent/auto-config/mock_test.go
index 6cefb92245d2..263befae112c 100644
--- a/agent/auto-config/mock_test.go
+++ b/agent/auto-config/mock_test.go
@@ -15,6 +15,7 @@ import (
 	"github.com/hashicorp/consul/agent/cache"
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/metadata"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/token"
@@ -112,6 +113,85 @@ type mockWatcher struct {
 	done <-chan struct{}
 }
 
+type mockLeafCerts struct {
+	mock.Mock
+
+	lock     sync.Mutex
+	watchers map[string][]mockWatcher
+}
+
+var _ LeafCertManager = (*mockLeafCerts)(nil)
+
+func newMockLeafCerts(t *testing.T) *mockLeafCerts {
+	m := mockLeafCerts{
+		watchers: make(map[string][]mockWatcher),
+	}
+	m.Test(t)
+	return &m
+}
+
+func (m *mockLeafCerts) Notify(ctx context.Context, req *leafcert.ConnectCALeafRequest, correlationID string, ch chan<- cache.UpdateEvent) error {
+	ret := m.Called(ctx, req, correlationID, ch)
+
+	err := ret.Error(0)
+	if err == nil {
+		m.lock.Lock()
+		key := req.Key()
+		m.watchers[key] = append(m.watchers[key], mockWatcher{ch: ch, done: ctx.Done()})
+		m.lock.Unlock()
+	}
+	return err
+}
+
+func (m *mockLeafCerts) Prepopulate(
+	ctx context.Context,
+	key string,
+	index uint64,
+	value *structs.IssuedCert,
+	authorityKeyID string,
+) error {
+	// we cannot know what the private key is prior to it being injected into the cache.
+	// therefore redact it here and all mock expectations should take that into account
+	restore := value.PrivateKeyPEM
+	value.PrivateKeyPEM = "redacted"
+
+	ret := m.Called(ctx, key, index, value, authorityKeyID)
+
+	if restore != "" {
+		value.PrivateKeyPEM = restore
+	}
+	return ret.Error(0)
+}
+
+func (m *mockLeafCerts) sendNotification(ctx context.Context, key string, u cache.UpdateEvent) bool {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+
+	watchers, ok := m.watchers[key]
+	if !ok || len(m.watchers) < 1 {
+		return false
+	}
+
+	var newWatchers []mockWatcher
+
+	for _, watcher := range watchers {
+		select {
+		case watcher.ch <- u:
+			newWatchers = append(newWatchers, watcher)
+		case <-watcher.done:
+			// do nothing, this watcher will be removed from the list
+		case <-ctx.Done():
+			// return doesn't matter here really, the test is being cancelled
+			return true
+		}
+	}
+
+	// this removes any already cancelled watches from being sent to
+	m.watchers[key] = newWatchers
+
+	return true
+}
+
 type mockCache struct {
 	mock.Mock
 
@@ -223,6 +303,7 @@ type mockedConfig struct {
 	directRPC        *mockDirectRPC
 	serverProvider   *mockServerProvider
 	cache            *mockCache
+	leafCerts        *mockLeafCerts
 	tokens           *mockTokenStore
 	tlsCfg           *mockTLSConfigurator
 	enterpriseConfig *mockedEnterpriseConfig
@@ -233,6 +314,7 @@ func newMockedConfig(t *testing.T) *mockedConfig {
 	directRPC := newMockDirectRPC(t)
 	serverProvider := newMockServerProvider(t)
 	mcache := newMockCache(t)
+	mleafs := newMockLeafCerts(t)
 	tokens := newMockTokenStore(t)
 	tlsCfg := newMockTLSConfigurator(t)
 
@@ -246,6 +328,7 @@ func newMockedConfig(t *testing.T) *mockedConfig {
 		if !t.Failed() {
 			directRPC.AssertExpectations(t)
 			serverProvider.AssertExpectations(t)
+			mleafs.AssertExpectations(t)
 			mcache.AssertExpectations(t)
 			tokens.AssertExpectations(t)
 			tlsCfg.AssertExpectations(t)
@@ -258,6 +341,7 @@ func newMockedConfig(t *testing.T) *mockedConfig {
 			DirectRPC:        directRPC,
 			ServerProvider:   serverProvider,
 			Cache:            mcache,
+			LeafCertManager:  mleafs,
 			Tokens:           tokens,
 			TLSConfigurator:  tlsCfg,
 			Logger:           testutil.Logger(t),
@@ -267,6 +351,7 @@ func newMockedConfig(t *testing.T) *mockedConfig {
 		directRPC:      directRPC,
 		serverProvider: serverProvider,
 		cache:          mcache,
+		leafCerts:      mleafs,
 		tokens:         tokens,
 		tlsCfg:         tlsCfg,
 
@@ -311,7 +396,7 @@ func (m *mockedConfig) expectInitialTLS(t *testing.T, agentName, datacenter, tok
 		rootsReq.CacheInfo().Key,
 	).Return(nil).Once()
 
-	leafReq := cachetype.ConnectCALeafRequest{
+	leafReq := leafcert.ConnectCALeafRequest{
 		Token:      token,
 		Agent:      agentName,
 		Datacenter: datacenter,
@@ -323,24 +408,18 @@ func (m *mockedConfig) expectInitialTLS(t *testing.T, agentName, datacenter, tok
 	// on up with the request.
 	copy := *cert
 	copy.PrivateKeyPEM = "redacted"
-	leafRes := cache.FetchResult{
-		Value: &copy,
-		Index: copy.RaftIndex.ModifyIndex,
-		State: cachetype.ConnectCALeafSuccess(ca.SigningKeyID),
-	}
 
 	// we should prepopulate the cache with the agents cert
-	m.cache.On("Prepopulate",
-		cachetype.ConnectCALeafName,
-		leafRes,
-		datacenter,
-		"",
-		token,
+	m.leafCerts.On("Prepopulate",
+		mock.Anything,
 		leafReq.Key(),
+		copy.RaftIndex.ModifyIndex,
+		&copy,
+		ca.SigningKeyID,
 	).Return(nil).Once()
 
 	// when prepopulating the cert in the cache we grab the token so
-	// we should expec that here
+	// we should expect that here
 	m.tokens.On("AgentToken").Return(token).Once()
 }
 
diff --git a/agent/auto-config/tls.go b/agent/auto-config/tls.go
index 67bdc0276534..e39022bc959b 100644
--- a/agent/auto-config/tls.go
+++ b/agent/auto-config/tls.go
@@ -11,6 +11,7 @@ import (
 	"github.com/hashicorp/consul/agent/cache"
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/proto/private/pbautoconf"
 	"github.com/hashicorp/consul/proto/private/pbconnect"
@@ -106,12 +107,14 @@ func (ac *AutoConfig) populateCertificateCache(certs *structs.SignedResponse) er
 	leafReq := ac.leafCertRequest()
 
 	// prepolutate leaf cache
-	certRes := cache.FetchResult{
-		Value: &certs.IssuedCert,
-		Index: certs.IssuedCert.RaftIndex.ModifyIndex,
-		State: cachetype.ConnectCALeafSuccess(connect.EncodeSigningKeyID(cert.AuthorityKeyId)),
-	}
-	if err := ac.acConfig.Cache.Prepopulate(cachetype.ConnectCALeafName, certRes, leafReq.Datacenter, structs.DefaultPeerKeyword, leafReq.Token, leafReq.Key()); err != nil {
+	err = ac.acConfig.LeafCertManager.Prepopulate(
+		context.Background(),
+		leafReq.Key(),
+		certs.IssuedCert.RaftIndex.ModifyIndex,
+		&certs.IssuedCert,
+		connect.EncodeSigningKeyID(cert.AuthorityKeyId),
+	)
+	if err != nil {
 		return err
 	}
 
@@ -129,7 +132,7 @@ func (ac *AutoConfig) setupCertificateCacheWatches(ctx context.Context) (context
 	}
 
 	leafReq := ac.leafCertRequest()
-	err = ac.acConfig.Cache.Notify(notificationCtx, cachetype.ConnectCALeafName, &leafReq, leafWatchID, ac.cacheUpdates)
+	err = ac.acConfig.LeafCertManager.Notify(notificationCtx, &leafReq, leafWatchID, ac.cacheUpdates)
 	if err != nil {
 		cancel()
 		return nil, err
@@ -194,8 +197,8 @@ func (ac *AutoConfig) caRootsRequest() structs.DCSpecificRequest {
 	return structs.DCSpecificRequest{Datacenter: ac.config.Datacenter}
 }
 
-func (ac *AutoConfig) leafCertRequest() cachetype.ConnectCALeafRequest {
-	return cachetype.ConnectCALeafRequest{
+func (ac *AutoConfig) leafCertRequest() leafcert.ConnectCALeafRequest {
+	return leafcert.ConnectCALeafRequest{
 		Datacenter:     ac.config.Datacenter,
 		Agent:          ac.config.NodeName,
 		DNSSAN:         ac.getDNSSANs(),
diff --git a/agent/cache-types/connect_ca_leaf.go b/agent/cache-types/connect_ca_leaf.go
deleted file mode 100644
index fb5811042b60..000000000000
--- a/agent/cache-types/connect_ca_leaf.go
+++ /dev/null
@@ -1,774 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package cachetype
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	"github.com/mitchellh/hashstructure"
-
-	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/lib"
-
-	"github.com/hashicorp/consul/agent/cache"
-	"github.com/hashicorp/consul/agent/connect"
-	"github.com/hashicorp/consul/agent/consul"
-	"github.com/hashicorp/consul/agent/structs"
-)
-
-// Recommended name for registration.
-const ConnectCALeafName = "connect-ca-leaf"
-
-// caChangeJitterWindow is the time over which we spread each round of retries
-// when attempting to get a new certificate following a root rotation. It's
-// selected to be a trade-off between not making rotation unnecessarily slow on
-// a tiny cluster while not hammering the servers on a huge cluster
-// unnecessarily hard. Servers rate limit to protect themselves from the
-// expensive crypto work, but in practice have 10k+ RPCs all in the same second
-// will cause a major disruption even on large servers due to downloading the
-// payloads, parsing msgpack etc. Instead we pick a window that for now is fixed
-// but later might be either user configurable (not nice since it would become
-// another hard-to-tune value) or set dynamically by the server based on it's
-// knowledge of how many certs need to be rotated. Currently the server doesn't
-// know that so we pick something that is reasonable. We err on the side of
-// being slower that we need in trivial cases but gentler for large deployments.
-// 30s means that even with a cluster of 10k service instances, the server only
-// has to cope with ~333 RPCs a second which shouldn't be too bad if it's rate
-// limiting the actual expensive crypto work.
-//
-// The actual backoff strategy when we are rate limited is to have each cert
-// only retry once with each window of this size, at a point in the window
-// selected at random. This performs much better than exponential backoff in
-// terms of getting things rotated quickly with more predictable load and so
-// fewer rate limited requests. See the full simulation this is based on at
-// https://github.com/banks/sim-rate-limit-backoff/blob/master/README.md for
-// more detail.
-const caChangeJitterWindow = 30 * time.Second
-
-// ConnectCALeaf supports fetching and generating Connect leaf
-// certificates.
-type ConnectCALeaf struct {
-	RegisterOptionsBlockingNoRefresh
-	caIndex uint64 // Current index for CA roots
-
-	// rootWatchMu protects access to the rootWatchSubscribers map and
-	// rootWatchCancel
-	rootWatchMu sync.Mutex
-	// rootWatchSubscribers is a set of chans, one for each currently in-flight
-	// Fetch. These chans have root updates delivered from the root watcher.
-	rootWatchSubscribers map[chan struct{}]struct{}
-	// rootWatchCancel is a func to call to stop the background root watch if any.
-	// You must hold inflightMu to read (e.g. call) or write the value.
-	rootWatchCancel func()
-
-	// testRootWatchStart/StopCount are testing helpers that allow tests to
-	// observe the reference counting behavior that governs the shared root watch.
-	// It's not exactly pretty to expose internals like this, but seems cleaner
-	// than constructing elaborate and brittle test cases that we can infer
-	// correct behavior from, and simpler than trying to probe runtime goroutine
-	// traces to infer correct behavior that way. They must be accessed
-	// atomically.
-	testRootWatchStartCount uint32
-	testRootWatchStopCount  uint32
-
-	RPC        RPC          // RPC client for remote requests
-	Cache      *cache.Cache // Cache that has CA root certs via ConnectCARoot
-	Datacenter string       // This agent's datacenter
-
-	// TestOverrideCAChangeInitialDelay allows overriding the random jitter after a
-	// root change with a fixed delay. So far ths is only done in tests. If it's
-	// zero the caChangeInitialSpreadDefault maximum jitter will be used but if
-	// set, it overrides and provides a fixed delay. To essentially disable the
-	// delay in tests they can set it to 1 nanosecond. We may separately allow
-	// configuring the jitter limit by users later but this is different and for
-	// tests only since we need to set a deterministic time delay in order to test
-	// the behavior here fully and determinstically.
-	TestOverrideCAChangeInitialDelay time.Duration
-}
-
-// fetchState is some additional metadata we store with each cert in the cache
-// to track things like expiry and coordinate paces root rotations. It's
-// important this doesn't contain any pointer types since we rely on the struct
-// being copied to avoid modifying the actual state in the cache entry during
-// Fetch. Pointers themselves are OK, but if we point to another struct that we
-// call a method or modify in some way that would directly mutate the cache and
-// cause problems. We'd need to deep-clone in that case in Fetch below.
-// time.Time technically contains a pointer to the Location but we ignore that
-// since all times we get from our wall clock should point to the same Location
-// anyway.
-type fetchState struct {
-	// authorityKeyId is the ID of the CA key (whether root or intermediate) that signed
-	// the current cert.  This is just to save parsing the whole cert everytime
-	// we have to check if the root changed.
-	authorityKeyID string
-
-	// forceExpireAfter is used to coordinate renewing certs after a CA rotation
-	// in a staggered way so that we don't overwhelm the servers.
-	forceExpireAfter time.Time
-
-	// activeRootRotationStart is set when the root has changed and we need to get
-	// a new cert but haven't got one yet. forceExpireAfter will be set to the
-	// next scheduled time we should try our CSR, but this is needed to calculate
-	// the retry windows if we are rate limited when we try. See comment on
-	// caChangeJitterWindow above for more.
-	activeRootRotationStart time.Time
-
-	// consecutiveRateLimitErrs stores how many rate limit errors we've hit. We
-	// use this to choose a new window for the next retry. See comment on
-	// caChangeJitterWindow above for more.
-	consecutiveRateLimitErrs int
-}
-
-func ConnectCALeafSuccess(authorityKeyID string) interface{} {
-	return fetchState{
-		authorityKeyID:           authorityKeyID,
-		forceExpireAfter:         time.Time{},
-		consecutiveRateLimitErrs: 0,
-		activeRootRotationStart:  time.Time{},
-	}
-}
-
-// fetchStart is called on each fetch that is about to block and wait for
-// changes to the leaf. It subscribes a chan to receive updates from the shared
-// root watcher and triggers root watcher if it's not already running.
-func (c *ConnectCALeaf) fetchStart(rootUpdateCh chan struct{}) {
-	c.rootWatchMu.Lock()
-	defer c.rootWatchMu.Unlock()
-	// Lazy allocation
-	if c.rootWatchSubscribers == nil {
-		c.rootWatchSubscribers = make(map[chan struct{}]struct{})
-	}
-	// Make sure a root watcher is running. We don't only do this on first request
-	// to be more tolerant of errors that could cause the root watcher to fail and
-	// exit.
-	if c.rootWatchCancel == nil {
-		ctx, cancel := context.WithCancel(context.Background())
-		c.rootWatchCancel = cancel
-		go c.rootWatcher(ctx)
-	}
-	c.rootWatchSubscribers[rootUpdateCh] = struct{}{}
-}
-
-// fetchDone is called when a blocking call exits to unsubscribe from root
-// updates and possibly stop the shared root watcher if it's no longer needed.
-// Note that typically root CA is still being watched by clients directly and
-// probably by the ProxyConfigManager so it will stay hot in cache for a while,
-// we are just not monitoring it for updates any more.
-func (c *ConnectCALeaf) fetchDone(rootUpdateCh chan struct{}) {
-	c.rootWatchMu.Lock()
-	defer c.rootWatchMu.Unlock()
-	delete(c.rootWatchSubscribers, rootUpdateCh)
-	if len(c.rootWatchSubscribers) == 0 && c.rootWatchCancel != nil {
-		// This was the last request. Stop the root watcher.
-		c.rootWatchCancel()
-		c.rootWatchCancel = nil
-	}
-}
-
-// rootWatcher is the shared rootWatcher that runs in a background goroutine
-// while needed by one or more inflight Fetch calls.
-func (c *ConnectCALeaf) rootWatcher(ctx context.Context) {
-	atomic.AddUint32(&c.testRootWatchStartCount, 1)
-	defer atomic.AddUint32(&c.testRootWatchStopCount, 1)
-
-	ch := make(chan cache.UpdateEvent, 1)
-	err := c.Cache.Notify(ctx, ConnectCARootName, &structs.DCSpecificRequest{
-		Datacenter: c.Datacenter,
-	}, "roots", ch)
-
-	notifyChange := func() {
-		c.rootWatchMu.Lock()
-		defer c.rootWatchMu.Unlock()
-
-		for ch := range c.rootWatchSubscribers {
-			select {
-			case ch <- struct{}{}:
-			default:
-				// Don't block - chans are 1-buffered so act as an edge trigger and
-				// reload CA state directly from cache so they never "miss" updates.
-			}
-		}
-	}
-
-	if err != nil {
-		// Trigger all inflight watchers. We don't pass the error, but they will
-		// reload from cache and observe the same error and return it to the caller,
-		// or if it's transient, will continue and the next Fetch will get us back
-		// into the right state. Seems better than busy loop-retrying here given
-		// that almost any error we would see here would also be returned from the
-		// cache get this will trigger.
-		notifyChange()
-		return
-	}
-
-	var oldRoots *structs.IndexedCARoots
-	// Wait for updates to roots or all requests to stop
-	for {
-		select {
-		case <-ctx.Done():
-			return
-		case e := <-ch:
-			// Root response changed in some way. Note this might be the initial
-			// fetch.
-			if e.Err != nil {
-				// See above rationale about the error propagation
-				notifyChange()
-				continue
-			}
-
-			roots, ok := e.Result.(*structs.IndexedCARoots)
-			if !ok {
-				// See above rationale about the error propagation
-				notifyChange()
-				continue
-			}
-
-			// Check that the active root is actually different from the last CA
-			// config there are many reasons the config might have changed without
-			// actually updating the CA root that is signing certs in the cluster.
-			// The Fetch calls will also validate this since the first call here we
-			// don't know if it changed or not, but there is no point waking up all
-			// Fetch calls to check this if we know none of them will need to act on
-			// this update.
-			if oldRoots != nil && oldRoots.ActiveRootID == roots.ActiveRootID {
-				continue
-			}
-
-			// Distribute the update to all inflight requests - they will decide
-			// whether or not they need to act on it.
-			notifyChange()
-			oldRoots = roots
-		}
-	}
-}
-
-// calculateSoftExpiry encapsulates our logic for when to renew a cert based on
-// it's age. It returns a pair of times min, max which makes it easier to test
-// the logic without non-deterministic jitter to account for. The caller should
-// choose a time randomly in between these.
-//
-// We want to balance a few factors here:
-//   - renew too early and it increases the aggregate CSR rate in the cluster
-//   - renew too late and it risks disruption to the service if a transient
-//     error prevents the renewal
-//   - we want a broad amount of jitter so if there is an outage, we don't end
-//     up with all services in sync and causing a thundering herd every
-//     renewal period. Broader is better for smoothing requests but pushes
-//     both earlier and later tradeoffs above.
-//
-// Somewhat arbitrarily the current strategy looks like this:
-//
-//	         0                              60%             90%
-//	  Issued [------------------------------|===============|!!!!!] Expires
-//	72h TTL: 0                             ~43h            ~65h
-//	 1h TTL: 0                              36m             54m
-//
-// Where |===| is the soft renewal period where we jitter for the first attempt
-// and |!!!| is the danger zone where we just try immediately.
-//
-// In the happy path (no outages) the average renewal occurs half way through
-// the soft renewal region or at 75% of the cert lifetime which is ~54 hours for
-// a 72 hour cert, or 45 mins for a 1 hour cert.
-//
-// If we are already in the softRenewal period, we randomly pick a time between
-// now and the start of the danger zone.
-//
-// We pass in now to make testing easier.
-func calculateSoftExpiry(now time.Time, cert *structs.IssuedCert) (min time.Time, max time.Time) {
-
-	certLifetime := cert.ValidBefore.Sub(cert.ValidAfter)
-	if certLifetime < 10*time.Minute {
-		// Shouldn't happen as we limit to 1 hour shortest elsewhere but just be
-		// defensive against strange times or bugs.
-		return now, now
-	}
-
-	// Find the 60% mark in diagram above
-	softRenewTime := cert.ValidAfter.Add(time.Duration(float64(certLifetime) * 0.6))
-	hardRenewTime := cert.ValidAfter.Add(time.Duration(float64(certLifetime) * 0.9))
-
-	if now.After(hardRenewTime) {
-		// In the hard renew period, or already expired. Renew now!
-		return now, now
-	}
-
-	if now.After(softRenewTime) {
-		// Already in the soft renew period, make now the lower bound for jitter
-		softRenewTime = now
-	}
-	return softRenewTime, hardRenewTime
-}
-
-func (c *ConnectCALeaf) Fetch(opts cache.FetchOptions, req cache.Request) (cache.FetchResult, error) {
-	var result cache.FetchResult
-
-	// Get the correct type
-	reqReal, ok := req.(*ConnectCALeafRequest)
-	if !ok {
-		return result, fmt.Errorf(
-			"Internal cache failure: request wrong type: %T", req)
-	}
-
-	// Lightweight copy this object so that manipulating QueryOptions doesn't race.
-	dup := *reqReal
-	reqReal = &dup
-
-	// Do we already have a cert in the cache?
-	var existing *structs.IssuedCert
-	// Really important this is not a pointer type since otherwise we would set it
-	// to point to the actual fetchState in the cache entry below and then would
-	// be directly modifying that in the cache entry even when we might later
-	// return an error and not update index etc. By being a value, we force a copy
-	var state fetchState
-	if opts.LastResult != nil {
-		existing, ok = opts.LastResult.Value.(*structs.IssuedCert)
-		if !ok {
-			return result, fmt.Errorf(
-				"Internal cache failure: last value wrong type: %T", opts.LastResult.Value)
-		}
-		if opts.LastResult.State != nil {
-			state, ok = opts.LastResult.State.(fetchState)
-			if !ok {
-				return result, fmt.Errorf(
-					"Internal cache failure: last state wrong type: %T", opts.LastResult.State)
-			}
-		}
-	}
-
-	// Handle brand new request first as it's simplest.
-	if existing == nil {
-		return c.generateNewLeaf(reqReal, result)
-	}
-
-	// Setup result to mirror the current value for if we timeout or hit a rate
-	// limit. This allows us to update the state (e.g. for backoff or retry
-	// coordination on root change) even if we don't get a new cert.
-	result.Value = existing
-	result.Index = existing.ModifyIndex
-	result.State = state
-
-	// Since state is not a pointer, we can't just set it once in result and then
-	// continue to update it later since we will be updating only our copy.
-	// Instead we have a helper function that is used to make sure the state is
-	// updated in the result when we return.
-	lastResultWithNewState := func() cache.FetchResult {
-		return cache.FetchResult{
-			Value: existing,
-			Index: existing.ModifyIndex,
-			State: state,
-		}
-	}
-
-	// Beyond this point we need to only return lastResultWithNewState() not just
-	// result since otherwise we might "loose" state updates we expect not to.
-
-	// We have a certificate in cache already. Check it's still valid.
-	now := time.Now()
-	minExpire, maxExpire := calculateSoftExpiry(now, existing)
-	expiresAt := minExpire.Add(lib.RandomStagger(maxExpire.Sub(minExpire)))
-
-	// Check if we have been force-expired by a root update that jittered beyond
-	// the timeout of the query it was running.
-	if !state.forceExpireAfter.IsZero() && state.forceExpireAfter.Before(expiresAt) {
-		expiresAt = state.forceExpireAfter
-	}
-
-	if expiresAt.Equal(now) || expiresAt.Before(now) {
-		// Already expired, just make a new one right away
-		return c.generateNewLeaf(reqReal, lastResultWithNewState())
-	}
-
-	// If we called Fetch() with MustRevalidate then this call came from a non-blocking query.
-	// Any prior CA rotations should've already expired the cert.
-	// All we need to do is check whether the current CA is the one that signed the leaf. If not, generate a new leaf.
-	// This is not a perfect solution (as a CA rotation update can be missed) but it should take care of instances like
-	// see https://github.com/hashicorp/consul/issues/10871, https://github.com/hashicorp/consul/issues/9862
-	// This seems to me like a hack, so maybe we can revisit the caching/ fetching logic in this case
-	if req.CacheInfo().MustRevalidate {
-		roots, err := c.rootsFromCache()
-		if err != nil {
-			return lastResultWithNewState(), err
-		}
-		if activeRootHasKey(roots, state.authorityKeyID) {
-			return lastResultWithNewState(), nil
-		}
-
-		// if we reach here then the current leaf was not signed by the same CAs, just regen
-		return c.generateNewLeaf(reqReal, lastResultWithNewState())
-	}
-
-	// We are about to block and wait for a change or timeout.
-
-	// Make a chan we can be notified of changes to CA roots on. It must be
-	// buffered so we don't miss broadcasts from rootsWatch. It is an edge trigger
-	// so a single buffer element is sufficient regardless of whether we consume
-	// the updates fast enough since as soon as we see an element in it, we will
-	// reload latest CA from cache.
-	rootUpdateCh := make(chan struct{}, 1)
-
-	// The roots may have changed in between blocking calls. We need to verify
-	// that the existing cert was signed by the current root. If it was we still
-	// want to do the whole jitter thing. We could code that again here but it's
-	// identical to the select case below so we just trigger our own update chan
-	// and let the logic below handle checking if the CA actually changed in the
-	// common case where it didn't it is a no-op anyway.
-	rootUpdateCh <- struct{}{}
-
-	// Subscribe our chan to get root update notification.
-	c.fetchStart(rootUpdateCh)
-	defer c.fetchDone(rootUpdateCh)
-
-	// Setup the timeout chan outside the loop so we don't keep bumping the timeout
-	// later if we loop around.
-	timeoutCh := time.After(opts.Timeout)
-
-	// Setup initial expiry chan. We may change this if root update occurs in the
-	// loop below.
-	expiresCh := time.After(expiresAt.Sub(now))
-
-	// Current cert is valid so just wait until it expires or we time out.
-	for {
-		select {
-		case <-timeoutCh:
-			// We timed out the request with same cert.
-			return lastResultWithNewState(), nil
-
-		case <-expiresCh:
-			// Cert expired or was force-expired by a root change.
-			return c.generateNewLeaf(reqReal, lastResultWithNewState())
-
-		case <-rootUpdateCh:
-			// A root cache change occurred, reload roots from cache.
-			roots, err := c.rootsFromCache()
-			if err != nil {
-				return lastResultWithNewState(), err
-			}
-
-			// Handle _possibly_ changed roots. We still need to verify the new active
-			// root is not the same as the one our current cert was signed by since we
-			// can be notified spuriously if we are the first request since the
-			// rootsWatcher didn't know about the CA we were signed by. We also rely
-			// on this on every request to do the initial check that the current roots
-			// are the same ones the current cert was signed by.
-			if activeRootHasKey(roots, state.authorityKeyID) {
-				// Current active CA is the same one that signed our current cert so
-				// keep waiting for a change.
-				continue
-			}
-			state.activeRootRotationStart = time.Now()
-
-			// CA root changed. We add some jitter here to avoid a thundering herd.
-			// See docs on caChangeJitterWindow const.
-			delay := lib.RandomStagger(caChangeJitterWindow)
-			if c.TestOverrideCAChangeInitialDelay > 0 {
-				delay = c.TestOverrideCAChangeInitialDelay
-			}
-			// Force the cert to be expired after the jitter - the delay above might
-			// be longer than we have left on our timeout. We set forceExpireAfter in
-			// the cache state so the next request will notice we still need to renew
-			// and do it at the right time. This is cleared once a new cert is
-			// returned by generateNewLeaf.
-			state.forceExpireAfter = state.activeRootRotationStart.Add(delay)
-			// If the delay time is within the current timeout, we want to renew the
-			// as soon as it's up. We change the expire time and chan so that when we
-			// loop back around, we'll wait at most delay until generating a new cert.
-			if state.forceExpireAfter.Before(expiresAt) {
-				expiresAt = state.forceExpireAfter
-				expiresCh = time.After(delay)
-			}
-			continue
-		}
-	}
-}
-
-func activeRootHasKey(roots *structs.IndexedCARoots, currentSigningKeyID string) bool {
-	for _, ca := range roots.Roots {
-		if ca.Active {
-			return ca.SigningKeyID == currentSigningKeyID
-		}
-	}
-	// Shouldn't be possible since at least one root should be active.
-	return false
-}
-
-func (c *ConnectCALeaf) rootsFromCache() (*structs.IndexedCARoots, error) {
-	// Background is fine here because this isn't a blocking query as no index is set.
-	// Therefore this will just either be a cache hit or return once the non-blocking query returns.
-	rawRoots, _, err := c.Cache.Get(context.Background(), ConnectCARootName, &structs.DCSpecificRequest{
-		Datacenter: c.Datacenter,
-	})
-	if err != nil {
-		return nil, err
-	}
-	roots, ok := rawRoots.(*structs.IndexedCARoots)
-	if !ok {
-		return nil, errors.New("invalid RootCA response type")
-	}
-	return roots, nil
-}
-
-// generateNewLeaf does the actual work of creating a new private key,
-// generating a CSR and getting it signed by the servers. result argument
-// represents the last result currently in cache if any along with its state.
-func (c *ConnectCALeaf) generateNewLeaf(req *ConnectCALeafRequest,
-	result cache.FetchResult) (cache.FetchResult, error) {
-
-	var state fetchState
-	if result.State != nil {
-		var ok bool
-		state, ok = result.State.(fetchState)
-		if !ok {
-			return result, fmt.Errorf(
-				"Internal cache failure: result state wrong type: %T", result.State)
-		}
-	}
-
-	// Need to lookup RootCAs response to discover trust domain. This should be a
-	// cache hit.
-	roots, err := c.rootsFromCache()
-	if err != nil {
-		return result, err
-	}
-	if roots.TrustDomain == "" {
-		return result, errors.New("cluster has no CA bootstrapped yet")
-	}
-
-	// Build the cert uri
-	var id connect.CertURI
-	var dnsNames []string
-	var ipAddresses []net.IP
-
-	switch {
-	case req.Service != "":
-		id = &connect.SpiffeIDService{
-			Host:       roots.TrustDomain,
-			Datacenter: req.Datacenter,
-			Partition:  req.TargetPartition(),
-			Namespace:  req.TargetNamespace(),
-			Service:    req.Service,
-		}
-		dnsNames = append(dnsNames, req.DNSSAN...)
-
-	case req.Agent != "":
-		id = &connect.SpiffeIDAgent{
-			Host:       roots.TrustDomain,
-			Datacenter: req.Datacenter,
-			Partition:  req.TargetPartition(),
-			Agent:      req.Agent,
-		}
-		dnsNames = append([]string{"localhost"}, req.DNSSAN...)
-		ipAddresses = append([]net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")}, req.IPSAN...)
-
-	case req.Kind == structs.ServiceKindMeshGateway:
-		id = &connect.SpiffeIDMeshGateway{
-			Host:       roots.TrustDomain,
-			Datacenter: req.Datacenter,
-			Partition:  req.TargetPartition(),
-		}
-		dnsNames = append(dnsNames, req.DNSSAN...)
-
-	case req.Kind != "":
-		return result, fmt.Errorf("unsupported kind: %s", req.Kind)
-
-	case req.Server:
-		if req.Datacenter == "" {
-			return result, errors.New("datacenter name must be specified")
-		}
-		id = &connect.SpiffeIDServer{
-			Host:       roots.TrustDomain,
-			Datacenter: req.Datacenter,
-		}
-		dnsNames = append(dnsNames, connect.PeeringServerSAN(req.Datacenter, roots.TrustDomain))
-
-	default:
-		return result, errors.New("URI must be either service, agent, server, or kind")
-	}
-
-	// Create a new private key
-
-	// TODO: for now we always generate EC keys on clients regardless of the key
-	// type being used by the active CA. This is fine and allowed in TLS1.2 and
-	// signing EC CSRs with an RSA key is supported by all current CA providers so
-	// it's OK. IFF we ever need to support a CA provider that refuses to sign a
-	// CSR with a different signature algorithm, or if we have compatibility
-	// issues with external PKI systems that require EC certs be signed with ECDSA
-	// from the CA (this was required in TLS1.1 but not in 1.2) then we can
-	// instead intelligently pick the key type we generate here based on the key
-	// type of the active signing CA. We already have that loaded since we need
-	// the trust domain.
-	pk, pkPEM, err := connect.GeneratePrivateKey()
-	if err != nil {
-		return result, err
-	}
-
-	// Create a CSR.
-	csr, err := connect.CreateCSR(id, pk, dnsNames, ipAddresses)
-	if err != nil {
-		return result, err
-	}
-
-	// Request signing
-	var reply structs.IssuedCert
-	args := structs.CASignRequest{
-		WriteRequest: structs.WriteRequest{Token: req.Token},
-		Datacenter:   req.Datacenter,
-		CSR:          csr,
-	}
-	if err := c.RPC.RPC(context.Background(), "ConnectCA.Sign", &args, &reply); err != nil {
-		if err.Error() == consul.ErrRateLimited.Error() {
-			if result.Value == nil {
-				// This was a first fetch - we have no good value in cache. In this case
-				// we just return the error to the caller rather than rely on surprising
-				// semi-blocking until the rate limit is appeased or we timeout
-				// behavior. It's likely the caller isn't expecting this to block since
-				// it's an initial fetch. This also massively simplifies this edge case.
-				return result, err
-			}
-
-			if state.activeRootRotationStart.IsZero() {
-				// We hit a rate limit error by chance - for example a cert expired
-				// before the root rotation was observed (not triggered by rotation) but
-				// while server is working through high load from a recent rotation.
-				// Just pretend there is a rotation and the retry logic here will start
-				// jittering and retrying in the same way from now.
-				state.activeRootRotationStart = time.Now()
-			}
-
-			// Increment the errors in the state
-			state.consecutiveRateLimitErrs++
-
-			delay := lib.RandomStagger(caChangeJitterWindow)
-			if c.TestOverrideCAChangeInitialDelay > 0 {
-				delay = c.TestOverrideCAChangeInitialDelay
-			}
-
-			// Find the start of the next window we can retry in. See comment on
-			// caChangeJitterWindow for details of why we use this strategy.
-			windowStart := state.activeRootRotationStart.Add(
-				time.Duration(state.consecutiveRateLimitErrs) * delay)
-
-			// Pick a random time in that window
-			state.forceExpireAfter = windowStart.Add(delay)
-
-			// Return a result with the existing cert but the new state - the cache
-			// will see this as no change. Note that we always have an existing result
-			// here due to the nil value check above.
-			result.State = state
-			return result, nil
-		}
-		return result, err
-	}
-	reply.PrivateKeyPEM = pkPEM
-
-	// Reset rotation state
-	state.forceExpireAfter = time.Time{}
-	state.consecutiveRateLimitErrs = 0
-	state.activeRootRotationStart = time.Time{}
-
-	cert, err := connect.ParseCert(reply.CertPEM)
-	if err != nil {
-		return result, err
-	}
-	// Set the CA key ID so we can easily tell when a active root has changed.
-	state.authorityKeyID = connect.EncodeSigningKeyID(cert.AuthorityKeyId)
-
-	result.Value = &reply
-	// Store value not pointer so we don't accidentally mutate the cache entry
-	// state in Fetch.
-	result.State = state
-	result.Index = reply.ModifyIndex
-	return result, nil
-}
-
-// ConnectCALeafRequest is the cache.Request implementation for the
-// ConnectCALeaf cache type. This is implemented here and not in structs
-// since this is only used for cache-related requests and not forwarded
-// directly to any Consul servers.
-type ConnectCALeafRequest struct {
-	Token         string
-	Datacenter    string
-	DNSSAN        []string
-	IPSAN         []net.IP
-	MinQueryIndex uint64
-	MaxQueryTime  time.Duration
-	acl.EnterpriseMeta
-	MustRevalidate bool
-
-	// The following flags indicate the entity we are requesting a cert for.
-	// Only one of these must be specified.
-	Service string              // Given a Service name, not ID, the request is for a SpiffeIDService.
-	Agent   string              // Given an Agent name, not ID, the request is for a SpiffeIDAgent.
-	Kind    structs.ServiceKind // Given "mesh-gateway", the request is for a SpiffeIDMeshGateway. No other kinds supported.
-	Server  bool                // If true, the request is for a SpiffeIDServer.
-}
-
-func (r *ConnectCALeafRequest) Key() string {
-	r.EnterpriseMeta.Normalize()
-
-	switch {
-	case r.Agent != "":
-		v, err := hashstructure.Hash([]interface{}{
-			r.Agent,
-			r.PartitionOrDefault(),
-		}, nil)
-		if err == nil {
-			return fmt.Sprintf("agent:%d", v)
-		}
-	case r.Kind == structs.ServiceKindMeshGateway:
-		v, err := hashstructure.Hash([]interface{}{
-			r.PartitionOrDefault(),
-			r.DNSSAN,
-			r.IPSAN,
-		}, nil)
-		if err == nil {
-			return fmt.Sprintf("kind:%d", v)
-		}
-	case r.Kind != "":
-		// this is not valid
-	case r.Server:
-		v, err := hashstructure.Hash([]interface{}{
-			"server",
-			r.Datacenter,
-		}, nil)
-		if err == nil {
-			return fmt.Sprintf("server:%d", v)
-		}
-	default:
-		v, err := hashstructure.Hash([]interface{}{
-			r.Service,
-			r.EnterpriseMeta,
-			r.DNSSAN,
-			r.IPSAN,
-		}, nil)
-		if err == nil {
-			return fmt.Sprintf("service:%d", v)
-		}
-	}
-
-	// If there is an error, we don't set the key. A blank key forces
-	// no cache for this request so the request is forwarded directly
-	// to the server.
-	return ""
-}
-
-func (req *ConnectCALeafRequest) TargetPartition() string {
-	return req.PartitionOrDefault()
-}
-
-func (r *ConnectCALeafRequest) CacheInfo() cache.RequestInfo {
-	return cache.RequestInfo{
-		Token:          r.Token,
-		Key:            r.Key(),
-		Datacenter:     r.Datacenter,
-		MinIndex:       r.MinQueryIndex,
-		Timeout:        r.MaxQueryTime,
-		MustRevalidate: r.MustRevalidate,
-	}
-}
diff --git a/agent/cache-types/connect_ca_leaf_oss.go b/agent/cache-types/connect_ca_leaf_oss.go
deleted file mode 100644
index 949d4a1bc6a2..000000000000
--- a/agent/cache-types/connect_ca_leaf_oss.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-//go:build !consulent
-// +build !consulent
-
-package cachetype
-
-func (req *ConnectCALeafRequest) TargetNamespace() string {
-	return "default"
-}
diff --git a/agent/cache-types/connect_ca_leaf_test.go b/agent/cache-types/connect_ca_leaf_test.go
deleted file mode 100644
index ea1219fcfccc..000000000000
--- a/agent/cache-types/connect_ca_leaf_test.go
+++ /dev/null
@@ -1,1178 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package cachetype
-
-import (
-	"context"
-	"crypto/x509"
-	"encoding/pem"
-	"fmt"
-	"net"
-	"strings"
-	"sync/atomic"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/mock"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/agent/cache"
-	"github.com/hashicorp/consul/agent/connect"
-	"github.com/hashicorp/consul/agent/consul"
-	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
-)
-
-func TestCalculateSoftExpire(t *testing.T) {
-	tests := []struct {
-		name     string
-		now      string
-		issued   string
-		lifetime time.Duration
-		wantMin  string
-		wantMax  string
-	}{
-		{
-			name:     "72h just issued",
-			now:      "2018-01-01 00:00:01",
-			issued:   "2018-01-01 00:00:00",
-			lifetime: 72 * time.Hour,
-			// Should jitter between 60% and 90% of the lifetime which is 43.2/64.8
-			// hours after issued
-			wantMin: "2018-01-02 19:12:00",
-			wantMax: "2018-01-03 16:48:00",
-		},
-		{
-			name: "72h in renew range",
-			// This time should be inside the renewal range.
-			now:      "2018-01-02 20:00:20",
-			issued:   "2018-01-01 00:00:00",
-			lifetime: 72 * time.Hour,
-			// Min should be the "now" time
-			wantMin: "2018-01-02 20:00:20",
-			wantMax: "2018-01-03 16:48:00",
-		},
-		{
-			name: "72h in hard renew",
-			// This time should be inside the renewal range.
-			now:      "2018-01-03 18:00:00",
-			issued:   "2018-01-01 00:00:00",
-			lifetime: 72 * time.Hour,
-			// Min and max should both be the "now" time
-			wantMin: "2018-01-03 18:00:00",
-			wantMax: "2018-01-03 18:00:00",
-		},
-		{
-			name: "72h expired",
-			// This time is after expiry
-			now:      "2018-01-05 00:00:00",
-			issued:   "2018-01-01 00:00:00",
-			lifetime: 72 * time.Hour,
-			// Min and max should both be the "now" time
-			wantMin: "2018-01-05 00:00:00",
-			wantMax: "2018-01-05 00:00:00",
-		},
-		{
-			name:     "1h just issued",
-			now:      "2018-01-01 00:00:01",
-			issued:   "2018-01-01 00:00:00",
-			lifetime: 1 * time.Hour,
-			// Should jitter between 60% and 90% of the lifetime which is 36/54 mins
-			// hours after issued
-			wantMin: "2018-01-01 00:36:00",
-			wantMax: "2018-01-01 00:54:00",
-		},
-		{
-			name: "1h in renew range",
-			// This time should be inside the renewal range.
-			now:      "2018-01-01 00:40:00",
-			issued:   "2018-01-01 00:00:00",
-			lifetime: 1 * time.Hour,
-			// Min should be the "now" time
-			wantMin: "2018-01-01 00:40:00",
-			wantMax: "2018-01-01 00:54:00",
-		},
-		{
-			name: "1h in hard renew",
-			// This time should be inside the renewal range.
-			now:      "2018-01-01 00:55:00",
-			issued:   "2018-01-01 00:00:00",
-			lifetime: 1 * time.Hour,
-			// Min and max should both be the "now" time
-			wantMin: "2018-01-01 00:55:00",
-			wantMax: "2018-01-01 00:55:00",
-		},
-		{
-			name: "1h expired",
-			// This time is after expiry
-			now:      "2018-01-01 01:01:01",
-			issued:   "2018-01-01 00:00:00",
-			lifetime: 1 * time.Hour,
-			// Min and max should both be the "now" time
-			wantMin: "2018-01-01 01:01:01",
-			wantMax: "2018-01-01 01:01:01",
-		},
-		{
-			name: "too short lifetime",
-			// This time is after expiry
-			now:      "2018-01-01 01:01:01",
-			issued:   "2018-01-01 00:00:00",
-			lifetime: 1 * time.Minute,
-			// Min and max should both be the "now" time
-			wantMin: "2018-01-01 01:01:01",
-			wantMax: "2018-01-01 01:01:01",
-		},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			now, err := time.Parse("2006-01-02 15:04:05", tc.now)
-			require.NoError(t, err)
-			issued, err := time.Parse("2006-01-02 15:04:05", tc.issued)
-			require.NoError(t, err)
-			wantMin, err := time.Parse("2006-01-02 15:04:05", tc.wantMin)
-			require.NoError(t, err)
-			wantMax, err := time.Parse("2006-01-02 15:04:05", tc.wantMax)
-			require.NoError(t, err)
-
-			min, max := calculateSoftExpiry(now, &structs.IssuedCert{
-				ValidAfter:  issued,
-				ValidBefore: issued.Add(tc.lifetime),
-			})
-
-			require.Equal(t, wantMin, min)
-			require.Equal(t, wantMax, max)
-		})
-	}
-}
-
-// Test that after an initial signing, new CA roots (new ID) will
-// trigger a blocking query to execute.
-func TestConnectCALeaf_changingRoots(t *testing.T) {
-	if testing.Short() {
-		t.Skip("too slow for testing.Short")
-	}
-
-	if testingRace {
-		t.Skip("fails with -race because caRoot.Active is modified concurrently")
-	}
-	t.Parallel()
-
-	rpc := TestRPC(t)
-	defer rpc.AssertExpectations(t)
-
-	typ, rootsCh := testCALeafType(t, rpc)
-	defer close(rootsCh)
-
-	caRoot := connect.TestCA(t, nil)
-	caRoot.Active = true
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: 1},
-	}
-
-	// We need this later but needs to be defined so we sign second CSR with it
-	// otherwise we break the cert root checking.
-	caRoot2 := connect.TestCA(t, nil)
-
-	// Instrument ConnectCA.Sign to return signed cert
-	var resp *structs.IssuedCert
-	var idx uint64
-
-	rpc.On("RPC", mock.Anything, "ConnectCA.Sign", mock.Anything, mock.Anything).Return(nil).
-		Run(func(args mock.Arguments) {
-			ca := caRoot
-			cIdx := atomic.AddUint64(&idx, 1)
-			if cIdx > 1 {
-				// Second time round use the new CA
-				ca = caRoot2
-			}
-			reply := args.Get(3).(*structs.IssuedCert)
-			leaf, _ := connect.TestLeaf(t, "web", ca)
-			reply.CertPEM = leaf
-			reply.ValidAfter = time.Now().Add(-1 * time.Hour)
-			reply.ValidBefore = time.Now().Add(11 * time.Hour)
-			reply.CreateIndex = cIdx
-			reply.ModifyIndex = reply.CreateIndex
-			resp = reply
-		})
-
-	// We'll reuse the fetch options and request
-	opts := cache.FetchOptions{MinIndex: 0, Timeout: 10 * time.Second}
-	req := &ConnectCALeafRequest{Datacenter: "dc1", Service: "web"}
-
-	// First fetch should return immediately
-	fetchCh := TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(100 * time.Millisecond):
-		t.Fatal("shouldn't block waiting for fetch")
-	case result := <-fetchCh:
-		v := mustFetchResult(t, result)
-		require.Equal(t, resp, v.Value)
-		require.Equal(t, uint64(1), v.Index)
-		// Set the LastResult for subsequent fetches
-		opts.LastResult = &v
-	}
-
-	// Second fetch should block with set index
-	opts.MinIndex = 1
-	fetchCh = TestFetchCh(t, typ, opts, req)
-	select {
-	case result := <-fetchCh:
-		t.Fatalf("should not return: %#v", result)
-	case <-time.After(100 * time.Millisecond):
-	}
-
-	// Let's send in new roots, which should trigger the sign req. We need to take
-	// care to set the new root as active
-	caRoot2.Active = true
-	caRoot.Active = false
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot2.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot2,
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: atomic.AddUint64(&idx, 1)},
-	}
-	select {
-	case <-time.After(100 * time.Millisecond):
-		t.Fatal("shouldn't block waiting for fetch")
-	case result := <-fetchCh:
-		v := mustFetchResult(t, result)
-		require.Equal(t, resp, v.Value)
-		// 3 since the second CA "update" used up 2
-		require.Equal(t, uint64(3), v.Index)
-		// Set the LastResult for subsequent fetches
-		opts.LastResult = &v
-		opts.MinIndex = 3
-	}
-
-	// Third fetch should block
-	fetchCh = TestFetchCh(t, typ, opts, req)
-	select {
-	case result := <-fetchCh:
-		t.Fatalf("should not return: %#v", result)
-	case <-time.After(100 * time.Millisecond):
-	}
-}
-
-// Tests that if the root change jitter is longer than the time left on the
-// timeout, we return normally but then still renew the cert on a subsequent
-// call.
-func TestConnectCALeaf_changingRootsJitterBetweenCalls(t *testing.T) {
-	t.Parallel()
-
-	rpc := TestRPC(t)
-	defer rpc.AssertExpectations(t)
-
-	typ, rootsCh := testCALeafType(t, rpc)
-	defer close(rootsCh)
-
-	// Override the root-change delay so we will timeout first. We can't set it to
-	// a crazy high value otherwise we'll have to wait that long in the test to
-	// see if it actually happens on subsequent calls. We instead reduce the
-	// timeout in FetchOptions to be much shorter than this.
-	typ.TestOverrideCAChangeInitialDelay = 100 * time.Millisecond
-
-	caRoot := connect.TestCA(t, nil)
-	caRoot.Active = true
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: 1},
-	}
-
-	// Instrument ConnectCA.Sign to return signed cert
-	var resp *structs.IssuedCert
-	var idx uint64
-	rpc.On("RPC", mock.Anything, "ConnectCA.Sign", mock.Anything, mock.Anything).Return(nil).
-		Run(func(args mock.Arguments) {
-			reply := args.Get(3).(*structs.IssuedCert)
-			leaf, _ := connect.TestLeaf(t, "web", caRoot)
-			reply.CertPEM = leaf
-			reply.ValidAfter = time.Now().Add(-1 * time.Hour)
-			reply.ValidBefore = time.Now().Add(11 * time.Hour)
-			reply.CreateIndex = atomic.AddUint64(&idx, 1)
-			reply.ModifyIndex = reply.CreateIndex
-			resp = reply
-		})
-
-	// We'll reuse the fetch options and request. Timeout must be much shorter
-	// than the initial root delay. 20ms means that if we deliver the root change
-	// during the first blocking call, we should need to block fully for 5 more
-	// calls before the cert is renewed. We pick a timeout that is not an exact
-	// multiple of the 100ms delay above to reduce the chance that timing works
-	// out in a way that makes it hard to tell a timeout from an early return due
-	// to a cert renewal.
-	opts := cache.FetchOptions{MinIndex: 0, Timeout: 35 * time.Millisecond}
-	req := &ConnectCALeafRequest{Datacenter: "dc1", Service: "web"}
-
-	// First fetch should return immediately
-	fetchCh := TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(100 * time.Millisecond):
-		t.Fatal("shouldn't block waiting for fetch")
-	case result := <-fetchCh:
-		v := mustFetchResult(t, result)
-		require.Equal(t, resp, v.Value)
-		require.Equal(t, uint64(1), v.Index)
-		// Set the LastResult for subsequent fetches
-		opts.LastResult = &v
-	}
-
-	// Let's send in new roots, which should eventually trigger the sign req. We
-	// need to take care to set the new root as active. Note that this is
-	// implicitly testing that root updates that happen in between leaf blocking
-	// queries are still noticed too. At this point no leaf blocking query is
-	// running so the root watch should be stopped. By pushing this update, the
-	// next blocking query will _immediately_ see the new root which means it
-	// needs to correctly notice that it is not the same one that generated the
-	// current cert and start the rotation. This is good, just not obvious that
-	// the behavior is actually well tested here when it is.
-	caRoot2 := connect.TestCA(t, nil)
-	caRoot2.Active = true
-	caRoot.Active = false
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot2.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot2,
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: atomic.AddUint64(&idx, 1)},
-	}
-	earliestRootDelivery := time.Now()
-
-	// Some number of fetches (2,3,4 likely) should timeout after 20ms and after
-	// 100ms has elapsed total we should see the new cert. Since this is all very
-	// timing dependent, we don't hard code exact numbers here and instead loop
-	// for plenty of time and do as many calls as it takes and just assert on the
-	// time taken and that the call either blocks and returns the cached cert, or
-	// returns the new one.
-	opts.MinIndex = 1
-	var shouldExpireAfter time.Time
-	i := 1
-	rootsDelivered := false
-	for rootsDelivered {
-		start := time.Now()
-		fetchCh = TestFetchCh(t, typ, opts, req)
-		select {
-		case result := <-fetchCh:
-			v := mustFetchResult(t, result)
-			timeTaken := time.Since(start)
-
-			// There are two options, either it blocked waiting for the delay after
-			// the rotation or it returned the new CA cert before the timeout was
-			// done. TO be more robust against timing, we take the value as the
-			// decider for which case it is, and assert timing matches our expected
-			// bounds rather than vice versa.
-
-			if v.Index > uint64(1) {
-				// Got a new cert
-				require.Equal(t, resp, v.Value)
-				require.Equal(t, uint64(3), v.Index)
-				// Should not have been delivered before the delay
-				require.True(t, time.Since(earliestRootDelivery) > typ.TestOverrideCAChangeInitialDelay)
-				// All good. We are done!
-				rootsDelivered = true
-			} else {
-				// Should be the cached cert
-				require.Equal(t, resp, v.Value)
-				require.Equal(t, uint64(1), v.Index)
-				// Sanity check we blocked for the whole timeout
-				require.Truef(t, timeTaken > opts.Timeout,
-					"should block for at least %s, returned after %s",
-					opts.Timeout, timeTaken)
-				// Sanity check that the forceExpireAfter state was set correctly
-				shouldExpireAfter = v.State.(*fetchState).forceExpireAfter
-				require.True(t, shouldExpireAfter.After(time.Now()))
-				require.True(t, shouldExpireAfter.Before(time.Now().Add(typ.TestOverrideCAChangeInitialDelay)))
-			}
-			// Set the LastResult for subsequent fetches
-			opts.LastResult = &v
-		case <-time.After(50 * time.Millisecond):
-			t.Fatalf("request %d blocked too long", i)
-		}
-		i++
-
-		// Sanity check that we've not gone way beyond the deadline without a
-		// new cert. We give some leeway to make it less brittle.
-		require.Falsef(t, time.Now().After(shouldExpireAfter.Add(100*time.Millisecond)),
-			"waited extra 100ms and delayed CA rotate renew didn't happen")
-	}
-}
-
-// Tests that if the root changes in between blocking calls we still pick it up.
-func TestConnectCALeaf_changingRootsBetweenBlockingCalls(t *testing.T) {
-	t.Parallel()
-
-	rpc := TestRPC(t)
-	defer rpc.AssertExpectations(t)
-
-	typ, rootsCh := testCALeafType(t, rpc)
-	defer close(rootsCh)
-
-	caRoot := connect.TestCA(t, nil)
-	caRoot.Active = true
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: 1},
-	}
-
-	// Instrument ConnectCA.Sign to return signed cert
-	var resp *structs.IssuedCert
-	var idx uint64
-	rpc.On("RPC", mock.Anything, "ConnectCA.Sign", mock.Anything, mock.Anything).Return(nil).
-		Run(func(args mock.Arguments) {
-			reply := args.Get(3).(*structs.IssuedCert)
-			leaf, _ := connect.TestLeaf(t, "web", caRoot)
-			reply.CertPEM = leaf
-			reply.ValidAfter = time.Now().Add(-1 * time.Hour)
-			reply.ValidBefore = time.Now().Add(11 * time.Hour)
-			reply.CreateIndex = atomic.AddUint64(&idx, 1)
-			reply.ModifyIndex = reply.CreateIndex
-			resp = reply
-		})
-
-	// We'll reuse the fetch options and request. Short timeout important since we
-	// wait the full timeout before chaning roots.
-	opts := cache.FetchOptions{MinIndex: 0, Timeout: 35 * time.Millisecond}
-	req := &ConnectCALeafRequest{Datacenter: "dc1", Service: "web"}
-
-	// First fetch should return immediately
-	fetchCh := TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(100 * time.Millisecond):
-		t.Fatal("shouldn't block waiting for fetch")
-	case result := <-fetchCh:
-		v := mustFetchResult(t, result)
-		require.Equal(t, resp, v.Value)
-		require.Equal(t, uint64(1), v.Index)
-		// Set the LastResult for subsequent fetches
-		opts.LastResult = &v
-	}
-
-	// Next fetch should block for the full timeout
-	start := time.Now()
-	fetchCh = TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(100 * time.Millisecond):
-		t.Fatal("shouldn't block for too long waiting for fetch")
-	case result := <-fetchCh:
-		v := mustFetchResult(t, result)
-		require.Equal(t, resp, v.Value)
-		// Still the initial cached result
-		require.Equal(t, uint64(1), v.Index)
-		// Sanity check that it waited
-		require.True(t, time.Since(start) > opts.Timeout)
-		// Set the LastResult for subsequent fetches
-		opts.LastResult = &v
-	}
-
-	// No active requests, simulate root change now
-	caRoot2 := connect.TestCA(t, nil)
-	caRoot2.Active = true
-	caRoot.Active = false
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot2.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot2,
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: atomic.AddUint64(&idx, 1)},
-	}
-	earliestRootDelivery := time.Now()
-
-	// We should get the new cert immediately on next fetch (since test override
-	// root change jitter to be 1 nanosecond so no delay expected).
-	fetchCh = TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(100 * time.Millisecond):
-		t.Fatal("shouldn't block too long waiting for fetch")
-	case result := <-fetchCh:
-		v := mustFetchResult(t, result)
-		require.Equal(t, resp, v.Value)
-		// Index should be 3 since root change consumed 2
-		require.Equal(t, uint64(3), v.Index)
-		// Sanity check that we didn't wait too long
-		require.True(t, time.Since(earliestRootDelivery) < opts.Timeout)
-		// Set the LastResult for subsequent fetches
-		opts.LastResult = &v
-	}
-
-}
-
-func TestConnectCALeaf_CSRRateLimiting(t *testing.T) {
-	if testing.Short() {
-		t.Skip("too slow for testing.Short")
-	}
-
-	t.Parallel()
-
-	rpc := TestRPC(t)
-	defer rpc.AssertExpectations(t)
-
-	typ, rootsCh := testCALeafType(t, rpc)
-	defer close(rootsCh)
-
-	// Each jitter window will be only 100 ms long to make testing quick but
-	// highly likely not to fail based on scheduling issues.
-	typ.TestOverrideCAChangeInitialDelay = 100 * time.Millisecond
-
-	// Setup root that will be returned by the mocked Root cache fetch
-	caRoot := connect.TestCA(t, nil)
-	caRoot.Active = true
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: 1},
-	}
-
-	// Instrument ConnectCA.Sign
-	var resp *structs.IssuedCert
-	var idx, rateLimitedRPCs uint64
-
-	genCert := func(args mock.Arguments) {
-		reply := args.Get(3).(*structs.IssuedCert)
-		leaf, _ := connect.TestLeaf(t, "web", caRoot)
-		reply.CertPEM = leaf
-		reply.ValidAfter = time.Now().Add(-1 * time.Hour)
-		reply.ValidBefore = time.Now().Add(11 * time.Hour)
-		reply.CreateIndex = atomic.AddUint64(&idx, 1)
-		reply.ModifyIndex = reply.CreateIndex
-		resp = reply
-	}
-
-	incRateLimit := func(args mock.Arguments) {
-		atomic.AddUint64(&rateLimitedRPCs, 1)
-	}
-
-	// First call return rate limit error. This is important as it checks
-	// behavior when cache is empty and we have to return a nil Value but need to
-	// save state to do the right thing for retry.
-	rpc.On("RPC", mock.Anything, "ConnectCA.Sign", mock.Anything, mock.Anything).
-		Return(consul.ErrRateLimited).Once().Run(incRateLimit)
-	// Then succeed on second call
-	rpc.On("RPC", mock.Anything, "ConnectCA.Sign", mock.Anything, mock.Anything).
-		Return(nil).Run(genCert).Once()
-	// Then be rate limited again on several further calls
-	rpc.On("RPC", mock.Anything, "ConnectCA.Sign", mock.Anything, mock.Anything).
-		Return(consul.ErrRateLimited).Twice().Run(incRateLimit)
-	// Then fine after that
-	rpc.On("RPC", mock.Anything, "ConnectCA.Sign", mock.Anything, mock.Anything).
-		Return(nil).Run(genCert)
-
-	opts := cache.FetchOptions{MinIndex: 0, Timeout: 10 * time.Minute}
-	req := &ConnectCALeafRequest{Datacenter: "dc1", Service: "web"}
-
-	// First fetch should return rate limit error directly - client is expected to
-	// backoff itself.
-	fetchCh := TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(200 * time.Millisecond):
-		t.Fatal("shouldn't block longer than one jitter window for success")
-	case result := <-fetchCh:
-		switch v := result.(type) {
-		case error:
-			require.Error(t, v)
-			require.Equal(t, consul.ErrRateLimited.Error(), v.Error())
-		case cache.FetchResult:
-			t.Fatalf("Expected error")
-		}
-	}
-
-	// Second call should return correct cert immediately.
-	fetchCh = TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(100 * time.Millisecond):
-		t.Fatal("shouldn't block waiting for fetch")
-	case result := <-fetchCh:
-		v := mustFetchResult(t, result)
-		require.Equal(t, resp, v.Value)
-		require.Equal(t, uint64(1), v.Index)
-		// Set the LastResult for subsequent fetches
-		opts.LastResult = &v
-		// Set MinIndex
-		opts.MinIndex = 1
-	}
-
-	// Send in new roots, which should trigger the next sign req. We need to take
-	// care to set the new root as active
-	caRoot2 := connect.TestCA(t, nil)
-	caRoot2.Active = true
-	caRoot.Active = false
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot2.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot2,
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: atomic.AddUint64(&idx, 1)},
-	}
-	earliestRootDelivery := time.Now()
-
-	// Sanity check state
-	require.Equal(t, uint64(1), atomic.LoadUint64(&rateLimitedRPCs))
-
-	// After root rotation jitter has been waited out, a new CSR will
-	// be attempted but will fail and return the previous cached result with no
-	// error since we will try again soon.
-	fetchCh = TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(200 * time.Millisecond):
-		t.Fatal("shouldn't block too long waiting for fetch")
-	case result := <-fetchCh:
-		// We should block for _at least_ one jitter period since we set that to
-		// 100ms and in test override mode we always pick the max jitter not a
-		// random amount.
-		require.True(t, time.Since(earliestRootDelivery) > 100*time.Millisecond)
-		require.Equal(t, uint64(2), atomic.LoadUint64(&rateLimitedRPCs))
-
-		v := mustFetchResult(t, result)
-		require.Equal(t, resp, v.Value)
-		// 1 since this should still be the original cached result as we failed to
-		// get a new cert.
-		require.Equal(t, uint64(1), v.Index)
-		// Set the LastResult for subsequent fetches
-		opts.LastResult = &v
-	}
-
-	// Root rotation state is now only captured in the opts.LastResult.State so a
-	// subsequent call should also wait for 100ms and then attempt to generate a
-	// new cert since we failed last time.
-	fetchCh = TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(200 * time.Millisecond):
-		t.Fatal("shouldn't block too long waiting for fetch")
-	case result := <-fetchCh:
-		// We should block for _at least_ two jitter periods now.
-		require.True(t, time.Since(earliestRootDelivery) > 200*time.Millisecond)
-		require.Equal(t, uint64(3), atomic.LoadUint64(&rateLimitedRPCs))
-
-		v := mustFetchResult(t, result)
-		require.Equal(t, resp, v.Value)
-		// 1 since this should still be the original cached result as we failed to
-		// get a new cert.
-		require.Equal(t, uint64(1), v.Index)
-		// Set the LastResult for subsequent fetches
-		opts.LastResult = &v
-	}
-
-	// Now we've had two rate limit failures and seen root rotation state work
-	// across both the blocking request that observed the rotation and the
-	// subsequent one. The next request should wait out the rest of the backoff
-	// and then actually fetch a new cert at last!
-	fetchCh = TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(200 * time.Millisecond):
-		t.Fatal("shouldn't block too long waiting for fetch")
-	case result := <-fetchCh:
-		// We should block for _at least_ three jitter periods now.
-		require.True(t, time.Since(earliestRootDelivery) > 300*time.Millisecond)
-		require.Equal(t, uint64(3), atomic.LoadUint64(&rateLimitedRPCs))
-
-		v := mustFetchResult(t, result)
-		require.Equal(t, resp, v.Value)
-		// 3 since the rootCA change used 2
-		require.Equal(t, uint64(3), v.Index)
-		// Set the LastResult for subsequent fetches
-		opts.LastResult = &v
-	}
-}
-
-// This test runs multiple concurrent callers watching different leaf certs and
-// tries to ensure that the background root watch activity behaves correctly.
-func TestConnectCALeaf_watchRootsDedupingMultipleCallers(t *testing.T) {
-	if testing.Short() {
-		t.Skip("too slow for testing.Short")
-	}
-
-	if testingRace {
-		t.Skip("fails with -race because caRoot.Active is modified concurrently")
-	}
-	t.Parallel()
-
-	rpc := TestRPC(t)
-	defer rpc.AssertExpectations(t)
-
-	typ, rootsCh := testCALeafType(t, rpc)
-	defer close(rootsCh)
-
-	caRoot := connect.TestCA(t, nil)
-	caRoot.Active = true
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: 1},
-	}
-
-	// Instrument ConnectCA.Sign to return signed cert
-	var idx uint64
-	rpc.On("RPC", mock.Anything, "ConnectCA.Sign", mock.Anything, mock.Anything).Return(nil).
-		Run(func(args mock.Arguments) {
-			reply := args.Get(3).(*structs.IssuedCert)
-			// Note we will sign certs for same service name each time because
-			// otherwise we have to re-invent whole CSR endpoint here to be able to
-			// control things - parse PEM sign with right key etc. It doesn't matter -
-			// we use the CreateIndex to differentiate the "right" results.
-			leaf, _ := connect.TestLeaf(t, "web", caRoot)
-			reply.CertPEM = leaf
-			reply.ValidAfter = time.Now().Add(-1 * time.Hour)
-			reply.ValidBefore = time.Now().Add(11 * time.Hour)
-			reply.CreateIndex = atomic.AddUint64(&idx, 1)
-			reply.ModifyIndex = reply.CreateIndex
-		})
-
-	// n is the number of clients we'll run
-	n := 3
-
-	// setup/testDoneCh are used for coordinating clients such that each has
-	// initial cert delivered and is blocking before the root changes. It's not a
-	// wait group since we want to be able to timeout the main test goroutine if
-	// one of the clients gets stuck. Instead it's a buffered chan.
-	setupDoneCh := make(chan error, n)
-	testDoneCh := make(chan error, n)
-	// rootsUpdate is used to coordinate clients so they know when they should
-	// expect to see leaf renewed after root change.
-	rootsUpdatedCh := make(chan struct{})
-
-	// Create a function that models a single client. It should go through the
-	// steps of getting an initial cert and then watching for changes until root
-	// updates.
-	client := func(i int) {
-		// We'll reuse the fetch options and request
-		opts := cache.FetchOptions{MinIndex: 0, Timeout: 10 * time.Second}
-		req := &ConnectCALeafRequest{Datacenter: "dc1", Service: fmt.Sprintf("web-%d", i)}
-
-		// First fetch should return immediately
-		fetchCh := TestFetchCh(t, typ, opts, req)
-		select {
-		case <-time.After(100 * time.Millisecond):
-			setupDoneCh <- fmt.Errorf("shouldn't block waiting for fetch")
-			return
-		case result := <-fetchCh:
-			v := mustFetchResult(t, result)
-			opts.LastResult = &v
-		}
-
-		// Second fetch should block with set index
-		opts.MinIndex = 1
-		fetchCh = TestFetchCh(t, typ, opts, req)
-		select {
-		case result := <-fetchCh:
-			setupDoneCh <- fmt.Errorf("should not return: %#v", result)
-			return
-		case <-time.After(100 * time.Millisecond):
-		}
-
-		// We're done with setup and the blocking call is still blocking in
-		// background.
-		setupDoneCh <- nil
-
-		// Wait until all others are also done and roots change incase there are
-		// stragglers delaying the root update.
-		select {
-		case <-rootsUpdatedCh:
-		case <-time.After(200 * time.Millisecond):
-			testDoneCh <- fmt.Errorf("waited too long for root update")
-			return
-		}
-
-		// Now we should see root update within a short period
-		select {
-		case <-time.After(100 * time.Millisecond):
-			testDoneCh <- fmt.Errorf("shouldn't block waiting for fetch")
-			return
-		case result := <-fetchCh:
-			v := mustFetchResult(t, result)
-			if opts.MinIndex == v.Value.(*structs.IssuedCert).CreateIndex {
-				testDoneCh <- fmt.Errorf("index must be different")
-				return
-			}
-		}
-
-		testDoneCh <- nil
-	}
-
-	// Sanity check the roots watcher is not running yet
-	assertRootsWatchCounts(t, typ, 0, 0)
-
-	for i := 0; i < n; i++ {
-		go client(i)
-	}
-
-	timeoutCh := time.After(200 * time.Millisecond)
-
-	for i := 0; i < n; i++ {
-		select {
-		case <-timeoutCh:
-			t.Fatal("timed out waiting for clients")
-		case err := <-setupDoneCh:
-			if err != nil {
-				t.Fatalf(err.Error())
-			}
-		}
-	}
-
-	// Should be 3 clients running now, so the roots watcher should have started
-	// once and not stopped.
-	assertRootsWatchCounts(t, typ, 1, 0)
-
-	// Now we deliver the root update
-	caRoot2 := connect.TestCA(t, nil)
-	caRoot2.Active = true
-	caRoot.Active = false
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot2.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot2,
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: atomic.AddUint64(&idx, 1)},
-	}
-	// And notify clients
-	close(rootsUpdatedCh)
-
-	timeoutCh = time.After(200 * time.Millisecond)
-	for i := 0; i < n; i++ {
-		select {
-		case <-timeoutCh:
-			t.Fatalf("timed out waiting for %d of %d clients to renew after root change", n-i, n)
-		case err := <-testDoneCh:
-			if err != nil {
-				t.Fatalf(err.Error())
-			}
-		}
-	}
-
-	// All active requests have returned the new cert so the rootsWatcher should
-	// have stopped. This is timing dependent though so retry a few times
-	retry.RunWith(retry.ThreeTimes(), t, func(r *retry.R) {
-		assertRootsWatchCounts(r, typ, 1, 1)
-	})
-}
-
-func assertRootsWatchCounts(t require.TestingT, typ *ConnectCALeaf, wantStarts, wantStops int) {
-	if tt, ok := t.(*testing.T); ok {
-		tt.Helper()
-	}
-	starts := atomic.LoadUint32(&typ.testRootWatchStartCount)
-	stops := atomic.LoadUint32(&typ.testRootWatchStopCount)
-	require.Equal(t, wantStarts, int(starts))
-	require.Equal(t, wantStops, int(stops))
-}
-
-func mustFetchResult(t *testing.T, result interface{}) cache.FetchResult {
-	t.Helper()
-	switch v := result.(type) {
-	case error:
-		require.NoError(t, v)
-	case cache.FetchResult:
-		return v
-	default:
-		t.Fatalf("unexpected type from fetch %T", v)
-	}
-	return cache.FetchResult{}
-}
-
-// Test that after an initial signing, an expiringLeaf will trigger a
-// blocking query to resign.
-func TestConnectCALeaf_expiringLeaf(t *testing.T) {
-	if testing.Short() {
-		t.Skip("too slow for testing.Short")
-	}
-
-	t.Parallel()
-
-	rpc := TestRPC(t)
-	defer rpc.AssertExpectations(t)
-
-	typ, rootsCh := testCALeafType(t, rpc)
-	defer close(rootsCh)
-
-	caRoot := connect.TestCA(t, nil)
-	caRoot.Active = true
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: 1},
-	}
-
-	// Instrument ConnectCA.Sign to
-	var resp *structs.IssuedCert
-	var idx uint64
-	rpc.On("RPC", mock.Anything, "ConnectCA.Sign", mock.Anything, mock.Anything).Return(nil).
-		Run(func(args mock.Arguments) {
-			reply := args.Get(3).(*structs.IssuedCert)
-			reply.CreateIndex = atomic.AddUint64(&idx, 1)
-			reply.ModifyIndex = reply.CreateIndex
-
-			leaf, _ := connect.TestLeaf(t, "web", caRoot)
-			reply.CertPEM = leaf
-
-			if reply.CreateIndex == 1 {
-				// First call returns expired cert to prime cache with an expired one.
-				reply.ValidAfter = time.Now().Add(-13 * time.Hour)
-				reply.ValidBefore = time.Now().Add(-1 * time.Hour)
-			} else {
-				reply.ValidAfter = time.Now().Add(-1 * time.Hour)
-				reply.ValidBefore = time.Now().Add(11 * time.Hour)
-			}
-
-			resp = reply
-		})
-
-	// We'll reuse the fetch options and request
-	opts := cache.FetchOptions{MinIndex: 0, Timeout: 10 * time.Second}
-	req := &ConnectCALeafRequest{Datacenter: "dc1", Service: "web"}
-
-	// First fetch should return immediately
-	fetchCh := TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(100 * time.Millisecond):
-		t.Fatal("shouldn't block waiting for fetch")
-	case result := <-fetchCh:
-		switch v := result.(type) {
-		case error:
-			require.NoError(t, v)
-		case cache.FetchResult:
-			require.Equal(t, resp, v.Value)
-			require.Equal(t, uint64(1), v.Index)
-			// Set the LastResult for subsequent fetches
-			opts.LastResult = &v
-		}
-	}
-
-	// Second fetch should return immediately despite there being
-	// no updated CA roots, because we issued an expired cert.
-	fetchCh = TestFetchCh(t, typ, opts, req)
-	select {
-	case <-time.After(100 * time.Millisecond):
-		t.Fatal("shouldn't block waiting for fetch")
-	case result := <-fetchCh:
-		switch v := result.(type) {
-		case error:
-			require.NoError(t, v)
-		case cache.FetchResult:
-			require.Equal(t, resp, v.Value)
-			require.Equal(t, uint64(2), v.Index)
-			// Set the LastResult for subsequent fetches
-			opts.LastResult = &v
-		}
-	}
-
-	// Third fetch should block since the cert is not expiring and
-	// we also didn't update CA certs.
-	opts.MinIndex = 2
-	fetchCh = TestFetchCh(t, typ, opts, req)
-	select {
-	case result := <-fetchCh:
-		t.Fatalf("should not return: %#v", result)
-	case <-time.After(100 * time.Millisecond):
-	}
-}
-
-func TestConnectCALeaf_DNSSANForService(t *testing.T) {
-	t.Parallel()
-
-	rpc := TestRPC(t)
-	defer rpc.AssertExpectations(t)
-
-	typ, rootsCh := testCALeafType(t, rpc)
-	defer close(rootsCh)
-
-	caRoot := connect.TestCA(t, nil)
-	caRoot.Active = true
-	rootsCh <- structs.IndexedCARoots{
-		ActiveRootID: caRoot.ID,
-		TrustDomain:  "fake-trust-domain.consul",
-		Roots: []*structs.CARoot{
-			caRoot,
-		},
-		QueryMeta: structs.QueryMeta{Index: 1},
-	}
-
-	// Instrument ConnectCA.Sign to
-	var caReq *structs.CASignRequest
-	rpc.On("RPC", mock.Anything, "ConnectCA.Sign", mock.Anything, mock.Anything).Return(nil).
-		Run(func(args mock.Arguments) {
-			reply := args.Get(3).(*structs.IssuedCert)
-			leaf, _ := connect.TestLeaf(t, "web", caRoot)
-			reply.CertPEM = leaf
-
-			caReq = args.Get(2).(*structs.CASignRequest)
-		})
-
-	opts := cache.FetchOptions{MinIndex: 0, Timeout: 10 * time.Second}
-	req := &ConnectCALeafRequest{
-		Datacenter: "dc1",
-		Service:    "web",
-		DNSSAN:     []string{"test.example.com"},
-	}
-	_, err := typ.Fetch(opts, req)
-	require.NoError(t, err)
-
-	pemBlock, _ := pem.Decode([]byte(caReq.CSR))
-	csr, err := x509.ParseCertificateRequest(pemBlock.Bytes)
-	require.NoError(t, err)
-	require.Equal(t, csr.DNSNames, []string{"test.example.com"})
-}
-
-// testConnectCaRoot wraps ConnectCARoot to disable refresh so that the gated
-// channel controls the request directly. Otherwise, we get background refreshes and
-// it screws up the ordering of the channel reads of the testGatedRootsRPC
-// implementation.
-type testConnectCaRoot struct {
-	ConnectCARoot
-}
-
-func (r testConnectCaRoot) RegisterOptions() cache.RegisterOptions {
-	return cache.RegisterOptions{
-		Refresh:          false,
-		SupportsBlocking: true,
-	}
-}
-
-// testCALeafType returns a *ConnectCALeaf that is pre-configured to
-// use the given RPC implementation for "ConnectCA.Sign" operations.
-func testCALeafType(t *testing.T, rpc RPC) (*ConnectCALeaf, chan structs.IndexedCARoots) {
-	// This creates an RPC implementation that will block until the
-	// value is sent on the channel. This lets us control when the
-	// next values show up.
-	rootsCh := make(chan structs.IndexedCARoots, 10)
-	rootsRPC := &testGatedRootsRPC{ValueCh: rootsCh}
-
-	// Create a cache
-	c := cache.New(cache.Options{})
-	c.RegisterType(ConnectCARootName, &testConnectCaRoot{
-		ConnectCARoot: ConnectCARoot{RPC: rootsRPC},
-	})
-	// Create the leaf type
-	return &ConnectCALeaf{
-		RPC:        rpc,
-		Cache:      c,
-		Datacenter: "dc1",
-		// Override the root-change spread so we don't have to wait up to 20 seconds
-		// to see root changes work. Can be changed back for specific tests that
-		// need to test this, Note it's not 0 since that used default but is
-		// effectively the same.
-		TestOverrideCAChangeInitialDelay: 1 * time.Microsecond,
-	}, rootsCh
-}
-
-// testGatedRootsRPC will send each subsequent value on the channel as the
-// RPC response, blocking if it is waiting for a value on the channel. This
-// can be used to control when background fetches are returned and what they
-// return.
-//
-// This should be used with Refresh = false for the registration options so
-// automatic refreshes don't mess up the channel read ordering.
-type testGatedRootsRPC struct {
-	ValueCh chan structs.IndexedCARoots
-}
-
-func (r *testGatedRootsRPC) RPC(ctx context.Context, method string, args interface{}, reply interface{}) error {
-	if method != "ConnectCA.Roots" {
-		return fmt.Errorf("invalid RPC method: %s", method)
-	}
-
-	replyReal := reply.(*structs.IndexedCARoots)
-	*replyReal = <-r.ValueCh
-	return nil
-}
-
-func TestConnectCALeaf_Key(t *testing.T) {
-	key := func(r ConnectCALeafRequest) string {
-		return r.Key()
-	}
-	t.Run("service", func(t *testing.T) {
-		t.Run("name", func(t *testing.T) {
-			r1 := key(ConnectCALeafRequest{Service: "web"})
-			r2 := key(ConnectCALeafRequest{Service: "api"})
-			require.True(t, strings.HasPrefix(r1, "service:"), "Key %s does not start with service:", r1)
-			require.True(t, strings.HasPrefix(r2, "service:"), "Key %s does not start with service:", r2)
-			require.NotEqual(t, r1, r2, "Cache keys for different services should not be equal")
-		})
-		t.Run("dns-san", func(t *testing.T) {
-			r3 := key(ConnectCALeafRequest{Service: "foo", DNSSAN: []string{"a.com"}})
-			r4 := key(ConnectCALeafRequest{Service: "foo", DNSSAN: []string{"b.com"}})
-			require.NotEqual(t, r3, r4, "Cache keys for different DNSSAN should not be equal")
-		})
-		t.Run("ip-san", func(t *testing.T) {
-			r5 := key(ConnectCALeafRequest{Service: "foo", IPSAN: []net.IP{net.ParseIP("192.168.4.139")}})
-			r6 := key(ConnectCALeafRequest{Service: "foo", IPSAN: []net.IP{net.ParseIP("192.168.4.140")}})
-			require.NotEqual(t, r5, r6, "Cache keys for different IPSAN should not be equal")
-		})
-	})
-	t.Run("agent", func(t *testing.T) {
-		t.Run("name", func(t *testing.T) {
-			r1 := key(ConnectCALeafRequest{Agent: "abc"})
-			require.True(t, strings.HasPrefix(r1, "agent:"), "Key %s does not start with agent:", r1)
-		})
-		t.Run("dns-san ignored", func(t *testing.T) {
-			r3 := key(ConnectCALeafRequest{Agent: "foo", DNSSAN: []string{"a.com"}})
-			r4 := key(ConnectCALeafRequest{Agent: "foo", DNSSAN: []string{"b.com"}})
-			require.Equal(t, r3, r4, "DNSSAN is ignored for agent type")
-		})
-		t.Run("ip-san ignored", func(t *testing.T) {
-			r5 := key(ConnectCALeafRequest{Agent: "foo", IPSAN: []net.IP{net.ParseIP("192.168.4.139")}})
-			r6 := key(ConnectCALeafRequest{Agent: "foo", IPSAN: []net.IP{net.ParseIP("192.168.4.140")}})
-			require.Equal(t, r5, r6, "IPSAN is ignored for agent type")
-		})
-	})
-	t.Run("kind", func(t *testing.T) {
-		t.Run("invalid", func(t *testing.T) {
-			r1 := key(ConnectCALeafRequest{Kind: "terminating-gateway"})
-			require.Empty(t, r1)
-		})
-		t.Run("mesh-gateway", func(t *testing.T) {
-			t.Run("normal", func(t *testing.T) {
-				r1 := key(ConnectCALeafRequest{Kind: "mesh-gateway"})
-				require.True(t, strings.HasPrefix(r1, "kind:"), "Key %s does not start with kind:", r1)
-			})
-			t.Run("dns-san", func(t *testing.T) {
-				r3 := key(ConnectCALeafRequest{Kind: "mesh-gateway", DNSSAN: []string{"a.com"}})
-				r4 := key(ConnectCALeafRequest{Kind: "mesh-gateway", DNSSAN: []string{"b.com"}})
-				require.NotEqual(t, r3, r4, "Cache keys for different DNSSAN should not be equal")
-			})
-			t.Run("ip-san", func(t *testing.T) {
-				r5 := key(ConnectCALeafRequest{Kind: "mesh-gateway", IPSAN: []net.IP{net.ParseIP("192.168.4.139")}})
-				r6 := key(ConnectCALeafRequest{Kind: "mesh-gateway", IPSAN: []net.IP{net.ParseIP("192.168.4.140")}})
-				require.NotEqual(t, r5, r6, "Cache keys for different IPSAN should not be equal")
-			})
-		})
-	})
-	t.Run("server", func(t *testing.T) {
-		r1 := key(ConnectCALeafRequest{
-			Server:     true,
-			Datacenter: "us-east",
-		})
-		require.True(t, strings.HasPrefix(r1, "server:"), "Key %s does not start with server:", r1)
-	})
-}
diff --git a/agent/cache-types/norace_test.go b/agent/cache-types/norace_test.go
deleted file mode 100644
index 3f316d5d3ffa..000000000000
--- a/agent/cache-types/norace_test.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-//go:build !race
-// +build !race
-
-package cachetype
-
-const testingRace = false
diff --git a/agent/cache-types/race_test.go b/agent/cache-types/race_test.go
deleted file mode 100644
index 88dcf82a4c4b..000000000000
--- a/agent/cache-types/race_test.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-//go:build race
-// +build race
-
-package cachetype
-
-const testingRace = true
diff --git a/agent/consul/servercert/manager.go b/agent/consul/servercert/manager.go
index d343db4a08a3..75c2a4f27608 100644
--- a/agent/consul/servercert/manager.go
+++ b/agent/consul/servercert/manager.go
@@ -8,22 +8,23 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/go-memdb"
+
 	"github.com/hashicorp/consul/agent/cache"
-	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/lib/retry"
-	"github.com/hashicorp/go-hclog"
-	"github.com/hashicorp/go-memdb"
 )
 
 // Correlation ID for leaf cert watches.
 const leafWatchID = "leaf"
 
-// Cache is an interface to represent the necessary methods of the agent/cache.Cache.
+// LeafCertManager is an interface to represent the necessary methods of the agent/leafcert.Manager.
 // It is used to request and renew the server leaf certificate.
-type Cache interface {
-	Notify(ctx context.Context, t string, r cache.Request, correlationID string, ch chan<- cache.UpdateEvent) error
+type LeafCertManager interface {
+	Notify(ctx context.Context, req *leafcert.ConnectCALeafRequest, correlationID string, ch chan<- cache.UpdateEvent) error
 }
 
 // TLSConfigurator is an interface to represent the necessary methods of the tlsutil.Configurator.
@@ -52,7 +53,7 @@ type Config struct {
 type Deps struct {
 	Config          Config
 	Logger          hclog.Logger
-	Cache           Cache
+	LeafCertManager LeafCertManager
 	GetStore        func() Store
 	TLSConfigurator TLSConfigurator
 	waiter          retry.Waiter
@@ -67,9 +68,8 @@ type CertManager struct {
 	// config contains agent configuration necessary for the cert manager to operate.
 	config Config
 
-	// cache provides an API to issue internal RPC requests and receive notifications
-	// when there are changes.
-	cache Cache
+	// leafCerts grants access to request and renew the server leaf cert.
+	leafCerts LeafCertManager
 
 	// cacheUpdateCh receives notifications of cache update events for resources watched.
 	cacheUpdateCh chan cache.UpdateEvent
@@ -85,10 +85,13 @@ type CertManager struct {
 }
 
 func NewCertManager(deps Deps) *CertManager {
+	if deps.LeafCertManager == nil {
+		panic("LeafCertManager is required")
+	}
 	return &CertManager{
 		config:          deps.Config,
 		logger:          deps.Logger,
-		cache:           deps.Cache,
+		leafCerts:       deps.LeafCertManager,
 		cacheUpdateCh:   make(chan cache.UpdateEvent, 1),
 		getStore:        deps.GetStore,
 		tlsConfigurator: deps.TLSConfigurator,
@@ -156,12 +159,12 @@ func (m *CertManager) watchServerToken(ctx context.Context) {
 		cancel()
 		notifyCtx, cancel = context.WithCancel(ctx)
 
-		req := cachetype.ConnectCALeafRequest{
+		req := leafcert.ConnectCALeafRequest{
 			Datacenter: m.config.Datacenter,
 			Token:      token.Value,
 			Server:     true,
 		}
-		if err := m.cache.Notify(notifyCtx, cachetype.ConnectCALeafName, &req, leafWatchID, m.cacheUpdateCh); err != nil {
+		if err := m.leafCerts.Notify(notifyCtx, &req, leafWatchID, m.cacheUpdateCh); err != nil {
 			return fmt.Errorf("failed to setup leaf cert notifications: %w", err)
 		}
 
@@ -174,11 +177,11 @@ func (m *CertManager) watchServerToken(ctx context.Context) {
 }
 
 func (m *CertManager) watchLeafCert(ctx context.Context) error {
-	req := cachetype.ConnectCALeafRequest{
+	req := leafcert.ConnectCALeafRequest{
 		Datacenter: m.config.Datacenter,
 		Server:     true,
 	}
-	if err := m.cache.Notify(ctx, cachetype.ConnectCALeafName, &req, leafWatchID, m.cacheUpdateCh); err != nil {
+	if err := m.leafCerts.Notify(ctx, &req, leafWatchID, m.cacheUpdateCh); err != nil {
 		return fmt.Errorf("failed to setup leaf cert notifications: %w", err)
 	}
 
diff --git a/agent/consul/servercert/manager_test.go b/agent/consul/servercert/manager_test.go
index 048e0742294f..dfadfe4b953f 100644
--- a/agent/consul/servercert/manager_test.go
+++ b/agent/consul/servercert/manager_test.go
@@ -8,13 +8,15 @@ import (
 	"testing"
 	"time"
 
+	"github.com/hashicorp/go-memdb"
+	"github.com/stretchr/testify/require"
+
 	"github.com/hashicorp/consul/agent/cache"
 	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/lib/retry"
 	"github.com/hashicorp/consul/sdk/testutil"
-	"github.com/hashicorp/go-memdb"
-	"github.com/stretchr/testify/require"
 )
 
 type fakeStore struct {
@@ -109,7 +111,7 @@ type watchInfo struct {
 	token string
 }
 
-type fakeCache struct {
+type fakeLeafCertManager struct {
 	updateCh chan<- cache.UpdateEvent
 
 	// watched is a map of watched correlation IDs to the ACL token of the request.
@@ -120,7 +122,7 @@ type fakeCache struct {
 	syncCh chan struct{}
 }
 
-func (c *fakeCache) triggerLeafUpdate() {
+func (c *fakeLeafCertManager) triggerLeafUpdate() {
 	c.updateCh <- cache.UpdateEvent{
 		CorrelationID: leafWatchID,
 		Result: &structs.IssuedCert{
@@ -131,14 +133,14 @@ func (c *fakeCache) triggerLeafUpdate() {
 	}
 }
 
-func (c *fakeCache) Notify(ctx context.Context, t string, r cache.Request, correlationID string, ch chan<- cache.UpdateEvent) error {
-	c.watched[correlationID] = watchInfo{ctx: ctx, token: r.CacheInfo().Token}
+func (c *fakeLeafCertManager) Notify(ctx context.Context, r *leafcert.ConnectCALeafRequest, correlationID string, ch chan<- cache.UpdateEvent) error {
+	c.watched[correlationID] = watchInfo{ctx: ctx, token: r.Token}
 	c.updateCh = ch
 	c.syncCh <- struct{}{}
 	return nil
 }
 
-func (c *fakeCache) timeoutIfNotUpdated(t *testing.T) error {
+func (c *fakeLeafCertManager) timeoutIfNotUpdated(t *testing.T) error {
 	t.Helper()
 
 	select {
@@ -159,7 +161,7 @@ func testWaiter() retry.Waiter {
 
 func TestCertManager_ACLsDisabled(t *testing.T) {
 	tlsConfigurator := fakeTLSConfigurator{syncCh: make(chan struct{}, 1)}
-	cache := fakeCache{watched: make(map[string]watchInfo), syncCh: make(chan struct{}, 1)}
+	leafCerts := fakeLeafCertManager{watched: make(map[string]watchInfo), syncCh: make(chan struct{}, 1)}
 	store := fakeStore{
 		conf:       make(chan *structs.CAConfiguration, 1),
 		tokenEntry: make(chan *structs.SystemMetadataEntry, 1),
@@ -172,7 +174,7 @@ func TestCertManager_ACLsDisabled(t *testing.T) {
 			ACLsEnabled: false,
 		},
 		TLSConfigurator: &tlsConfigurator,
-		Cache:           &cache,
+		LeafCertManager: &leafCerts,
 		GetStore:        func() Store { return &store },
 	})
 
@@ -185,11 +187,11 @@ func TestCertManager_ACLsDisabled(t *testing.T) {
 		require.Empty(t, tlsConfigurator.cert)
 		require.Empty(t, tlsConfigurator.peeringServerName)
 
-		require.Contains(t, cache.watched, leafWatchID)
+		require.Contains(t, leafCerts.watched, leafWatchID)
 	})
 
 	testutil.RunStep(t, "leaf cert update", func(t *testing.T) {
-		cache.triggerLeafUpdate()
+		leafCerts.triggerLeafUpdate()
 
 		// Wait for the update to arrive.
 		require.NoError(t, tlsConfigurator.timeoutIfNotUpdated(t))
@@ -214,7 +216,7 @@ func TestCertManager_ACLsDisabled(t *testing.T) {
 
 func TestCertManager_ACLsEnabled(t *testing.T) {
 	tlsConfigurator := fakeTLSConfigurator{syncCh: make(chan struct{}, 1)}
-	cache := fakeCache{watched: make(map[string]watchInfo), syncCh: make(chan struct{}, 1)}
+	leafCerts := fakeLeafCertManager{watched: make(map[string]watchInfo), syncCh: make(chan struct{}, 1)}
 	store := fakeStore{
 		conf:       make(chan *structs.CAConfiguration, 1),
 		tokenEntry: make(chan *structs.SystemMetadataEntry, 1),
@@ -227,7 +229,7 @@ func TestCertManager_ACLsEnabled(t *testing.T) {
 			ACLsEnabled: true,
 		},
 		TLSConfigurator: &tlsConfigurator,
-		Cache:           &cache,
+		LeafCertManager: &leafCerts,
 		GetStore:        func() Store { return &store },
 	})
 
@@ -240,7 +242,7 @@ func TestCertManager_ACLsEnabled(t *testing.T) {
 		require.Empty(t, tlsConfigurator.cert)
 		require.Empty(t, tlsConfigurator.peeringServerName)
 
-		require.Empty(t, cache.watched)
+		require.Empty(t, leafCerts.watched)
 	})
 
 	var leafCtx context.Context
@@ -249,16 +251,16 @@ func TestCertManager_ACLsEnabled(t *testing.T) {
 	testutil.RunStep(t, "server token update", func(t *testing.T) {
 		store.setServerToken("first-secret", tokenCanceler)
 
-		require.NoError(t, cache.timeoutIfNotUpdated(t))
+		require.NoError(t, leafCerts.timeoutIfNotUpdated(t))
 
-		require.Contains(t, cache.watched, leafWatchID)
-		require.Equal(t, "first-secret", cache.watched[leafWatchID].token)
+		require.Contains(t, leafCerts.watched, leafWatchID)
+		require.Equal(t, "first-secret", leafCerts.watched[leafWatchID].token)
 
-		leafCtx = cache.watched[leafWatchID].ctx
+		leafCtx = leafCerts.watched[leafWatchID].ctx
 	})
 
 	testutil.RunStep(t, "leaf cert update", func(t *testing.T) {
-		cache.triggerLeafUpdate()
+		leafCerts.triggerLeafUpdate()
 
 		// Wait for the update to arrive.
 		require.NoError(t, tlsConfigurator.timeoutIfNotUpdated(t))
@@ -276,15 +278,15 @@ func TestCertManager_ACLsEnabled(t *testing.T) {
 		// Fire the existing WatchSet to simulate a state store update.
 		tokenCanceler <- struct{}{}
 
-		// The leaf watch in the cache should have been reset.
-		require.NoError(t, cache.timeoutIfNotUpdated(t))
+		// The leaf watch in the leafCerts should have been reset.
+		require.NoError(t, leafCerts.timeoutIfNotUpdated(t))
 
 		// The original leaf watch context should have been canceled.
 		require.Error(t, leafCtx.Err())
 
 		// A new leaf watch is expected with the new token.
-		require.Contains(t, cache.watched, leafWatchID)
-		require.Equal(t, "second-secret", cache.watched[leafWatchID].token)
+		require.Contains(t, leafCerts.watched, leafWatchID)
+		require.Equal(t, "second-secret", leafCerts.watched[leafWatchID].token)
 	})
 
 	testutil.RunStep(t, "ca config update", func(t *testing.T) {
diff --git a/agent/leafcert/cached_roots.go b/agent/leafcert/cached_roots.go
new file mode 100644
index 000000000000..b973b6dc660c
--- /dev/null
+++ b/agent/leafcert/cached_roots.go
@@ -0,0 +1,47 @@
+package leafcert
+
+import (
+	"context"
+	"errors"
+
+	"github.com/hashicorp/consul/agent/cache"
+	cachetype "github.com/hashicorp/consul/agent/cache-types"
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+// NewCachedRootsReader returns a RootsReader that sources data from the agent cache.
+func NewCachedRootsReader(cache *cache.Cache, dc string) RootsReader {
+	return &agentCacheRootsReader{
+		cache:      cache,
+		datacenter: dc,
+	}
+}
+
+type agentCacheRootsReader struct {
+	cache      *cache.Cache
+	datacenter string
+}
+
+var _ RootsReader = (*agentCacheRootsReader)(nil)
+
+func (r *agentCacheRootsReader) Get() (*structs.IndexedCARoots, error) {
+	// Background is fine here because this isn't a blocking query as no index is set.
+	// Therefore this will just either be a cache hit or return once the non-blocking query returns.
+	rawRoots, _, err := r.cache.Get(context.Background(), cachetype.ConnectCARootName, &structs.DCSpecificRequest{
+		Datacenter: r.datacenter,
+	})
+	if err != nil {
+		return nil, err
+	}
+	roots, ok := rawRoots.(*structs.IndexedCARoots)
+	if !ok {
+		return nil, errors.New("invalid RootCA response type")
+	}
+	return roots, nil
+}
+
+func (r *agentCacheRootsReader) Notify(ctx context.Context, correlationID string, ch chan<- cache.UpdateEvent) error {
+	return r.cache.Notify(ctx, cachetype.ConnectCARootName, &structs.DCSpecificRequest{
+		Datacenter: r.datacenter,
+	}, correlationID, ch)
+}
diff --git a/agent/leafcert/cert.go b/agent/leafcert/cert.go
new file mode 100644
index 000000000000..023068573775
--- /dev/null
+++ b/agent/leafcert/cert.go
@@ -0,0 +1,133 @@
+package leafcert
+
+import (
+	"sync"
+	"time"
+
+	"golang.org/x/time/rate"
+
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/lib/ttlcache"
+)
+
+// certData tracks all of the metadata about a leaf cert.
+type certData struct {
+	// lock locks access to all fields
+	lock sync.Mutex
+
+	// index is the last raft index associated with an update of the 'value' field
+	index uint64
+
+	// value is the last updated cert contents or nil if not populated initially
+	value *structs.IssuedCert
+
+	// state is metadata related to cert generation
+	state fetchState
+
+	// fetchedAt was the time when 'value' was last updated
+	fetchedAt time.Time
+
+	// refreshing indicates if there is an active request attempting to refresh
+	// the current leaf cert contents.
+	refreshing bool
+
+	// lastFetchErr is the last error encountered when attempting to populate
+	// the 'value' field.
+	lastFetchErr error
+
+	// expiry contains information about the expiration of this
+	// cert. This is a pointer as its shared as a value in the
+	// ExpiryHeap as well.
+	expiry *ttlcache.Entry
+
+	// refreshRateLimiter limits the rate at which the cert can be regenerated
+	refreshRateLimiter *rate.Limiter
+}
+
+func (c *certData) MarkRefreshing(v bool) {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+	c.refreshing = v
+}
+
+func (c *certData) GetValueAndState() (*structs.IssuedCert, fetchState) {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+	return c.value, c.state
+}
+
+func (c *certData) GetError() error {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+	return c.lastFetchErr
+}
+
+// NOTE: this function only has one goroutine in it per key at all times
+func (c *certData) Update(
+	newCert *structs.IssuedCert,
+	newState fetchState,
+	err error,
+) {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+
+	// Importantly, always reset the Error. Having both Error and a Value that
+	// are non-nil is allowed in the cache entry but it indicates that the Error
+	// is _newer_ than the last good value. So if the err is nil then we need to
+	// reset to replace any _older_ errors and avoid them bubbling up. If the
+	// error is non-nil then we need to set it anyway and used to do it in the
+	// code below. See https://github.com/hashicorp/consul/issues/4480.
+	c.lastFetchErr = err
+
+	c.state = newState
+	if newCert != nil {
+		c.index = newCert.ModifyIndex
+		c.value = newCert
+		c.fetchedAt = time.Now()
+	}
+
+	if c.index < 1 {
+		// Less than one is invalid unless there was an error and in this case
+		// there wasn't since a value was returned. If a badly behaved RPC
+		// returns 0 when it has no data, we might get into a busy loop here. We
+		// set this to minimum of 1 which is safe because no valid user data can
+		// ever be written at raft index 1 due to the bootstrap process for
+		// raft. This insure that any subsequent background refresh request will
+		// always block, but allows the initial request to return immediately
+		// even if there is no data.
+		c.index = 1
+	}
+}
+
+// fetchState is some additional metadata we store with each cert in the cache
+// to track things like expiry and coordinate paces root rotations. It's
+// important this doesn't contain any pointer types since we rely on the struct
+// being copied to avoid modifying the actual state in the cache entry during
+// Fetch. Pointers themselves are OK, but if we point to another struct that we
+// call a method or modify in some way that would directly mutate the cache and
+// cause problems. We'd need to deep-clone in that case in Fetch below.
+// time.Time technically contains a pointer to the Location but we ignore that
+// since all times we get from our wall clock should point to the same Location
+// anyway.
+type fetchState struct {
+	// authorityKeyId is the ID of the CA key (whether root or intermediate) that signed
+	// the current cert.  This is just to save parsing the whole cert everytime
+	// we have to check if the root changed.
+	authorityKeyID string
+
+	// forceExpireAfter is used to coordinate renewing certs after a CA rotation
+	// in a staggered way so that we don't overwhelm the servers.
+	forceExpireAfter time.Time
+
+	// activeRootRotationStart is set when the root has changed and we need to get
+	// a new cert but haven't got one yet. forceExpireAfter will be set to the
+	// next scheduled time we should try our CSR, but this is needed to calculate
+	// the retry windows if we are rate limited when we try. See comment on
+	// const caChangeJitterWindow above for more.
+	activeRootRotationStart time.Time
+
+	// consecutiveRateLimitErrs stores how many rate limit errors we've hit. We
+	// use this to choose a new window for the next retry. See comment on
+	// const caChangeJitterWindow above for more.
+	consecutiveRateLimitErrs int
+}
diff --git a/agent/leafcert/generate.go b/agent/leafcert/generate.go
new file mode 100644
index 000000000000..0e397cdc2d52
--- /dev/null
+++ b/agent/leafcert/generate.go
@@ -0,0 +1,362 @@
+package leafcert
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"time"
+
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/consul"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/lib"
+)
+
+// caChangeJitterWindow is the time over which we spread each round of retries
+// when attempting to get a new certificate following a root rotation. It's
+// selected to be a trade-off between not making rotation unnecessarily slow on
+// a tiny cluster while not hammering the servers on a huge cluster
+// unnecessarily hard. Servers rate limit to protect themselves from the
+// expensive crypto work, but in practice have 10k+ RPCs all in the same second
+// will cause a major disruption even on large servers due to downloading the
+// payloads, parsing msgpack etc. Instead we pick a window that for now is fixed
+// but later might be either user configurable (not nice since it would become
+// another hard-to-tune value) or set dynamically by the server based on it's
+// knowledge of how many certs need to be rotated. Currently the server doesn't
+// know that so we pick something that is reasonable. We err on the side of
+// being slower that we need in trivial cases but gentler for large deployments.
+// 30s means that even with a cluster of 10k service instances, the server only
+// has to cope with ~333 RPCs a second which shouldn't be too bad if it's rate
+// limiting the actual expensive crypto work.
+//
+// The actual backoff strategy when we are rate limited is to have each cert
+// only retry once with each window of this size, at a point in the window
+// selected at random. This performs much better than exponential backoff in
+// terms of getting things rotated quickly with more predictable load and so
+// fewer rate limited requests. See the full simulation this is based on at
+// https://github.com/banks/sim-rate-limit-backoff/blob/master/README.md for
+// more detail.
+const caChangeJitterWindow = 30 * time.Second
+
+// NOTE: this function only has one goroutine in it per key at all times
+func (m *Manager) attemptLeafRefresh(
+	req *ConnectCALeafRequest,
+	existing *structs.IssuedCert,
+	state fetchState,
+) (*structs.IssuedCert, fetchState, error) {
+	if req.MaxQueryTime <= 0 {
+		req.MaxQueryTime = DefaultQueryTimeout
+	}
+
+	// Handle brand new request first as it's simplest.
+	if existing == nil {
+		return m.generateNewLeaf(req, state, true)
+	}
+
+	// We have a certificate in cache already. Check it's still valid.
+	now := time.Now()
+	minExpire, maxExpire := calculateSoftExpiry(now, existing)
+	expiresAt := minExpire.Add(lib.RandomStagger(maxExpire.Sub(minExpire)))
+
+	// Check if we have been force-expired by a root update that jittered beyond
+	// the timeout of the query it was running.
+	if !state.forceExpireAfter.IsZero() && state.forceExpireAfter.Before(expiresAt) {
+		expiresAt = state.forceExpireAfter
+	}
+
+	if expiresAt.Equal(now) || expiresAt.Before(now) {
+		// Already expired, just make a new one right away
+		return m.generateNewLeaf(req, state, false)
+	}
+
+	// If we called Get() with MustRevalidate then this call came from a non-blocking query.
+	// Any prior CA rotations should've already expired the cert.
+	// All we need to do is check whether the current CA is the one that signed the leaf. If not, generate a new leaf.
+	// This is not a perfect solution (as a CA rotation update can be missed) but it should take care of instances like
+	// see https://github.com/hashicorp/consul/issues/10871, https://github.com/hashicorp/consul/issues/9862
+	// This seems to me like a hack, so maybe we can revisit the caching/ fetching logic in this case
+	if req.MustRevalidate {
+		roots, err := m.rootsReader.Get()
+		if err != nil {
+			return nil, state, err
+		} else if roots == nil {
+			return nil, state, errors.New("no CA roots")
+		}
+		if activeRootHasKey(roots, state.authorityKeyID) {
+			return nil, state, nil
+		}
+
+		// if we reach here then the current leaf was not signed by the same CAs, just regen
+		return m.generateNewLeaf(req, state, false)
+	}
+
+	// We are about to block and wait for a change or timeout.
+
+	// Make a chan we can be notified of changes to CA roots on. It must be
+	// buffered so we don't miss broadcasts from rootsWatch. It is an edge trigger
+	// so a single buffer element is sufficient regardless of whether we consume
+	// the updates fast enough since as soon as we see an element in it, we will
+	// reload latest CA from cache.
+	rootUpdateCh := make(chan struct{}, 1)
+
+	// The roots may have changed in between blocking calls. We need to verify
+	// that the existing cert was signed by the current root. If it was we still
+	// want to do the whole jitter thing. We could code that again here but it's
+	// identical to the select case below so we just trigger our own update chan
+	// and let the logic below handle checking if the CA actually changed in the
+	// common case where it didn't it is a no-op anyway.
+	rootUpdateCh <- struct{}{}
+
+	// Subscribe our chan to get root update notification.
+	m.rootWatcher.Subscribe(rootUpdateCh)
+	defer m.rootWatcher.Unsubscribe(rootUpdateCh)
+
+	// Setup the timeout chan outside the loop so we don't keep bumping the timeout
+	// later if we loop around.
+	timeoutTimer := time.NewTimer(req.MaxQueryTime)
+	defer timeoutTimer.Stop()
+
+	// Setup initial expiry chan. We may change this if root update occurs in the
+	// loop below.
+	expiresTimer := time.NewTimer(expiresAt.Sub(now))
+	defer func() {
+		// Resolve the timer reference at defer time, so we use the latest one each time.
+		expiresTimer.Stop()
+	}()
+
+	// Current cert is valid so just wait until it expires or we time out.
+	for {
+		select {
+		case <-timeoutTimer.C:
+			// We timed out the request with same cert.
+			return nil, state, nil
+
+		case <-expiresTimer.C:
+			// Cert expired or was force-expired by a root change.
+			return m.generateNewLeaf(req, state, false)
+
+		case <-rootUpdateCh:
+			// A root cache change occurred, reload roots from cache.
+			roots, err := m.rootsReader.Get()
+			if err != nil {
+				return nil, state, err
+			} else if roots == nil {
+				return nil, state, errors.New("no CA roots")
+			}
+
+			// Handle _possibly_ changed roots. We still need to verify the new active
+			// root is not the same as the one our current cert was signed by since we
+			// can be notified spuriously if we are the first request since the
+			// rootsWatcher didn't know about the CA we were signed by. We also rely
+			// on this on every request to do the initial check that the current roots
+			// are the same ones the current cert was signed by.
+			if activeRootHasKey(roots, state.authorityKeyID) {
+				// Current active CA is the same one that signed our current cert so
+				// keep waiting for a change.
+				continue
+			}
+			state.activeRootRotationStart = time.Now()
+
+			// CA root changed. We add some jitter here to avoid a thundering herd.
+			// See docs on caChangeJitterWindow const.
+			delay := m.getJitteredCAChangeDelay()
+
+			// Force the cert to be expired after the jitter - the delay above might
+			// be longer than we have left on our timeout. We set forceExpireAfter in
+			// the cache state so the next request will notice we still need to renew
+			// and do it at the right time. This is cleared once a new cert is
+			// returned by generateNewLeaf.
+			state.forceExpireAfter = state.activeRootRotationStart.Add(delay)
+			// If the delay time is within the current timeout, we want to renew the
+			// as soon as it's up. We change the expire time and chan so that when we
+			// loop back around, we'll wait at most delay until generating a new cert.
+			if state.forceExpireAfter.Before(expiresAt) {
+				expiresAt = state.forceExpireAfter
+				// Stop the former one and create a new one.
+				expiresTimer.Stop()
+				expiresTimer = time.NewTimer(delay)
+			}
+			continue
+		}
+	}
+}
+
+func (m *Manager) getJitteredCAChangeDelay() time.Duration {
+	if m.config.TestOverrideCAChangeInitialDelay > 0 {
+		return m.config.TestOverrideCAChangeInitialDelay
+	}
+	// CA root changed. We add some jitter here to avoid a thundering herd.
+	// See docs on caChangeJitterWindow const.
+	return lib.RandomStagger(caChangeJitterWindow)
+}
+
+func activeRootHasKey(roots *structs.IndexedCARoots, currentSigningKeyID string) bool {
+	for _, ca := range roots.Roots {
+		if ca.Active {
+			return ca.SigningKeyID == currentSigningKeyID
+		}
+	}
+	// Shouldn't be possible since at least one root should be active.
+	return false
+}
+
+// generateNewLeaf does the actual work of creating a new private key,
+// generating a CSR and getting it signed by the servers.
+//
+// NOTE: do not hold the lock while doing the RPC/blocking stuff
+func (m *Manager) generateNewLeaf(
+	req *ConnectCALeafRequest,
+	newState fetchState,
+	firstTime bool,
+) (*structs.IssuedCert, fetchState, error) {
+	// Need to lookup RootCAs response to discover trust domain. This should be a
+	// cache hit.
+	roots, err := m.rootsReader.Get()
+	if err != nil {
+		return nil, newState, err
+	} else if roots == nil {
+		return nil, newState, errors.New("no CA roots")
+	}
+	if roots.TrustDomain == "" {
+		return nil, newState, errors.New("cluster has no CA bootstrapped yet")
+	}
+
+	// Build the cert uri
+	var id connect.CertURI
+	var dnsNames []string
+	var ipAddresses []net.IP
+
+	switch {
+	case req.Service != "":
+		id = &connect.SpiffeIDService{
+			Host:       roots.TrustDomain,
+			Datacenter: req.Datacenter,
+			Partition:  req.TargetPartition(),
+			Namespace:  req.TargetNamespace(),
+			Service:    req.Service,
+		}
+		dnsNames = append(dnsNames, req.DNSSAN...)
+
+	case req.Agent != "":
+		id = &connect.SpiffeIDAgent{
+			Host:       roots.TrustDomain,
+			Datacenter: req.Datacenter,
+			Partition:  req.TargetPartition(),
+			Agent:      req.Agent,
+		}
+		dnsNames = append([]string{"localhost"}, req.DNSSAN...)
+		ipAddresses = append([]net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")}, req.IPSAN...)
+
+	case req.Kind == structs.ServiceKindMeshGateway:
+		id = &connect.SpiffeIDMeshGateway{
+			Host:       roots.TrustDomain,
+			Datacenter: req.Datacenter,
+			Partition:  req.TargetPartition(),
+		}
+		dnsNames = append(dnsNames, req.DNSSAN...)
+
+	case req.Kind != "":
+		return nil, newState, fmt.Errorf("unsupported kind: %s", req.Kind)
+
+	case req.Server:
+		if req.Datacenter == "" {
+			return nil, newState, errors.New("datacenter name must be specified")
+		}
+		id = &connect.SpiffeIDServer{
+			Host:       roots.TrustDomain,
+			Datacenter: req.Datacenter,
+		}
+		dnsNames = append(dnsNames, connect.PeeringServerSAN(req.Datacenter, roots.TrustDomain))
+
+	default:
+		return nil, newState, errors.New("URI must be either service, agent, server, or kind")
+	}
+
+	// Create a new private key
+
+	// TODO: for now we always generate EC keys on clients regardless of the key
+	// type being used by the active CA. This is fine and allowed in TLS1.2 and
+	// signing EC CSRs with an RSA key is supported by all current CA providers so
+	// it's OK. IFF we ever need to support a CA provider that refuses to sign a
+	// CSR with a different signature algorithm, or if we have compatibility
+	// issues with external PKI systems that require EC certs be signed with ECDSA
+	// from the CA (this was required in TLS1.1 but not in 1.2) then we can
+	// instead intelligently pick the key type we generate here based on the key
+	// type of the active signing CA. We already have that loaded since we need
+	// the trust domain.
+	pk, pkPEM, err := connect.GeneratePrivateKey()
+	if err != nil {
+		return nil, newState, err
+	}
+
+	// Create a CSR.
+	csr, err := connect.CreateCSR(id, pk, dnsNames, ipAddresses)
+	if err != nil {
+		return nil, newState, err
+	}
+
+	// Request signing
+	args := structs.CASignRequest{
+		WriteRequest: structs.WriteRequest{Token: req.Token},
+		Datacenter:   req.Datacenter,
+		CSR:          csr,
+	}
+
+	reply, err := m.certSigner.SignCert(context.Background(), &args)
+	if err != nil {
+		if err.Error() == consul.ErrRateLimited.Error() {
+			if firstTime {
+				// This was a first fetch - we have no good value in cache. In this case
+				// we just return the error to the caller rather than rely on surprising
+				// semi-blocking until the rate limit is appeased or we timeout
+				// behavior. It's likely the caller isn't expecting this to block since
+				// it's an initial fetch. This also massively simplifies this edge case.
+				return nil, newState, err
+			}
+
+			if newState.activeRootRotationStart.IsZero() {
+				// We hit a rate limit error by chance - for example a cert expired
+				// before the root rotation was observed (not triggered by rotation) but
+				// while server is working through high load from a recent rotation.
+				// Just pretend there is a rotation and the retry logic here will start
+				// jittering and retrying in the same way from now.
+				newState.activeRootRotationStart = time.Now()
+			}
+
+			// Increment the errors in the state
+			newState.consecutiveRateLimitErrs++
+
+			delay := m.getJitteredCAChangeDelay()
+
+			// Find the start of the next window we can retry in. See comment on
+			// caChangeJitterWindow for details of why we use this strategy.
+			windowStart := newState.activeRootRotationStart.Add(
+				time.Duration(newState.consecutiveRateLimitErrs) * delay)
+
+			// Pick a random time in that window
+			newState.forceExpireAfter = windowStart.Add(delay)
+
+			// Return a result with the existing cert but the new state - the cache
+			// will see this as no change. Note that we always have an existing result
+			// here due to the nil value check above.
+			return nil, newState, nil
+		}
+		return nil, newState, err
+	}
+	reply.PrivateKeyPEM = pkPEM
+
+	// Reset rotation state
+	newState.forceExpireAfter = time.Time{}
+	newState.consecutiveRateLimitErrs = 0
+	newState.activeRootRotationStart = time.Time{}
+
+	cert, err := connect.ParseCert(reply.CertPEM)
+	if err != nil {
+		return nil, newState, err
+	}
+	// Set the CA key ID so we can easily tell when a active root has changed.
+	newState.authorityKeyID = connect.EncodeSigningKeyID(cert.AuthorityKeyId)
+
+	return reply, newState, nil
+}
diff --git a/agent/leafcert/leafcert.go b/agent/leafcert/leafcert.go
new file mode 100644
index 000000000000..9cd0c08db13d
--- /dev/null
+++ b/agent/leafcert/leafcert.go
@@ -0,0 +1,556 @@
+package leafcert
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/armon/go-metrics"
+	"github.com/hashicorp/go-hclog"
+	"golang.org/x/sync/singleflight"
+	"golang.org/x/time/rate"
+
+	"github.com/hashicorp/consul/agent/cache"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/lib/ttlcache"
+)
+
+const (
+	DefaultLastGetTTL = 72 * time.Hour // reasonable default is days
+
+	// DefaultLeafCertRefreshRate is the default rate at which certs can be refreshed.
+	// This defaults to not being limited
+	DefaultLeafCertRefreshRate = rate.Inf
+
+	// DefaultLeafCertRefreshMaxBurst is the number of cache entry fetches that can
+	// occur in a burst.
+	DefaultLeafCertRefreshMaxBurst = 2
+
+	DefaultLeafCertRefreshBackoffMin = 3               // 3 attempts before backing off
+	DefaultLeafCertRefreshMaxWait    = 1 * time.Minute // maximum backoff wait time
+
+	DefaultQueryTimeout = 10 * time.Minute
+)
+
+type Config struct {
+	// LastGetTTL is the time that the certs returned by this type remain in
+	// the cache after the last get operation. If a cert isn't accessed within
+	// this duration, the certs is purged and background refreshing will cease.
+	LastGetTTL time.Duration
+
+	// LeafCertRefreshMaxBurst max burst size of RateLimit for a single cache entry
+	LeafCertRefreshMaxBurst int
+
+	// LeafCertRefreshRate represents the max calls/sec for a single cache entry
+	LeafCertRefreshRate rate.Limit
+
+	// LeafCertRefreshBackoffMin is the number of attempts to wait before
+	// backing off.
+	//
+	// Mostly configurable just for testing.
+	LeafCertRefreshBackoffMin uint
+
+	// LeafCertRefreshMaxWait is the maximum backoff wait time.
+	//
+	// Mostly configurable just for testing.
+	LeafCertRefreshMaxWait time.Duration
+
+	// TestOverrideCAChangeInitialDelay allows overriding the random jitter
+	// after a root change with a fixed delay. So far ths is only done in
+	// tests. If it's zero the caChangeInitialSpreadDefault maximum jitter will
+	// be used but if set, it overrides and provides a fixed delay. To
+	// essentially disable the delay in tests they can set it to 1 nanosecond.
+	// We may separately allow configuring the jitter limit by users later but
+	// this is different and for tests only since we need to set a
+	// deterministic time delay in order to test the behavior here fully and
+	// determinstically.
+	TestOverrideCAChangeInitialDelay time.Duration
+}
+
+func (c Config) withDefaults() Config {
+	if c.LastGetTTL <= 0 {
+		c.LastGetTTL = DefaultLastGetTTL
+	}
+	if c.LeafCertRefreshRate == 0.0 {
+		c.LeafCertRefreshRate = DefaultLeafCertRefreshRate
+	}
+	if c.LeafCertRefreshMaxBurst == 0 {
+		c.LeafCertRefreshMaxBurst = DefaultLeafCertRefreshMaxBurst
+	}
+	if c.LeafCertRefreshBackoffMin == 0 {
+		c.LeafCertRefreshBackoffMin = DefaultLeafCertRefreshBackoffMin
+	}
+	if c.LeafCertRefreshMaxWait == 0 {
+		c.LeafCertRefreshMaxWait = DefaultLeafCertRefreshMaxWait
+	}
+	return c
+}
+
+type Deps struct {
+	Config Config
+	Logger hclog.Logger
+
+	// RootsReader is an interface to access connect CA roots.
+	RootsReader RootsReader
+
+	// CertSigner is an interface to remotely sign certificates.
+	CertSigner CertSigner
+}
+
+type RootsReader interface {
+	Get() (*structs.IndexedCARoots, error)
+	Notify(ctx context.Context, correlationID string, ch chan<- cache.UpdateEvent) error
+}
+
+type CertSigner interface {
+	SignCert(ctx context.Context, args *structs.CASignRequest) (*structs.IssuedCert, error)
+}
+
+func NewManager(deps Deps) *Manager {
+	deps.Config = deps.Config.withDefaults()
+
+	if deps.Logger == nil {
+		deps.Logger = hclog.NewNullLogger()
+	}
+	if deps.RootsReader == nil {
+		panic("RootsReader is required")
+	}
+	if deps.CertSigner == nil {
+		panic("CertSigner is required")
+	}
+
+	m := &Manager{
+		config:      deps.Config,
+		logger:      deps.Logger,
+		certSigner:  deps.CertSigner,
+		rootsReader: deps.RootsReader,
+		//
+		certs:           make(map[string]*certData),
+		certsExpiryHeap: ttlcache.NewExpiryHeap(),
+	}
+
+	m.ctx, m.ctxCancel = context.WithCancel(context.Background())
+
+	m.rootWatcher = &rootWatcher{
+		ctx:         m.ctx,
+		rootsReader: m.rootsReader,
+	}
+
+	// Start the expiry watcher
+	go m.runExpiryLoop()
+
+	return m
+}
+
+type Manager struct {
+	logger hclog.Logger
+
+	// config contains agent configuration necessary for the cert manager to operate.
+	config Config
+
+	// rootsReader is an interface to access connect CA roots.
+	rootsReader RootsReader
+
+	// certSigner is an interface to remotely sign certificates.
+	certSigner CertSigner
+
+	// rootWatcher helps let multiple requests for leaf certs to coordinate
+	// sharing a single long-lived watch for the root certs. This allows the
+	// leaf cert requests to notice when the roots rotate and trigger their
+	// reissuance.
+	rootWatcher *rootWatcher
+
+	// This is the "top-level" internal context. This is used to cancel
+	// background operations.
+	ctx       context.Context
+	ctxCancel context.CancelFunc
+
+	// lock guards access to certs and certsExpiryHeap
+	lock            sync.RWMutex
+	certs           map[string]*certData
+	certsExpiryHeap *ttlcache.ExpiryHeap
+
+	// certGroup is a singleflight group keyed identically to the certs map.
+	// When the leaf cert itself needs replacement requests will coalesce
+	// together through this chokepoint.
+	certGroup singleflight.Group
+}
+
+func (m *Manager) getCertData(key string) *certData {
+	m.lock.RLock()
+	cd, ok := m.certs[key]
+	m.lock.RUnlock()
+
+	if ok {
+		return cd
+	}
+
+	m.lock.Lock()
+	defer m.lock.Unlock()
+
+	cd, ok = m.certs[key]
+	if !ok {
+		cd = &certData{
+			expiry: m.certsExpiryHeap.Add(key, m.config.LastGetTTL),
+			refreshRateLimiter: rate.NewLimiter(
+				m.config.LeafCertRefreshRate,
+				m.config.LeafCertRefreshMaxBurst,
+			),
+		}
+
+		m.certs[key] = cd
+
+		metrics.SetGauge([]string{"leaf-certs", "entries_count"}, float32(len(m.certs)))
+	}
+	return cd
+}
+
+// Stop stops any background work and frees all resources for the manager.
+// Current fetch requests are allowed to continue to completion and callers may
+// still access the current leaf cert values so coordination isn't needed with
+// callers, however no background activity will continue. It's intended to
+// close the manager at agent shutdown so no further requests should be made,
+// however concurrent or in-flight ones won't break.
+func (m *Manager) Stop() {
+	if m.ctxCancel != nil {
+		m.ctxCancel()
+		m.ctxCancel = nil
+	}
+}
+
+// Get returns the leaf cert for the request. If data satisfying the
+// minimum index is present, it is returned immediately. Otherwise,
+// this will block until the cert is refreshed or the request timeout is
+// reached.
+//
+// Multiple Get calls for the same logical request will block on a single
+// network request.
+//
+// The timeout specified by the request will be the timeout on the cache
+// Get, and does not correspond to the timeout of any background data
+// fetching. If the timeout is reached before data satisfying the minimum
+// index is retrieved, the last known value (maybe nil) is returned. No
+// error is returned on timeout. This matches the behavior of Consul blocking
+// queries.
+func (m *Manager) Get(ctx context.Context, req *ConnectCALeafRequest) (*structs.IssuedCert, cache.ResultMeta, error) {
+	// Lightweight copy this object so that manipulating req doesn't race.
+	dup := *req
+	req = &dup
+
+	// We don't want non-blocking queries to return expired leaf certs
+	// or leaf certs not valid under the current CA. So always revalidate
+	// the leaf cert on non-blocking queries (ie when MinQueryIndex == 0)
+	//
+	// NOTE: This conditional was formerly only in the API endpoint.
+	if req.MinQueryIndex == 0 {
+		req.MustRevalidate = true
+	}
+
+	return m.internalGet(ctx, req)
+}
+
+func (m *Manager) internalGet(ctx context.Context, req *ConnectCALeafRequest) (*structs.IssuedCert, cache.ResultMeta, error) {
+	key := req.Key()
+	if key == "" {
+		return nil, cache.ResultMeta{}, fmt.Errorf("a key is required")
+	}
+
+	if req.MaxQueryTime <= 0 {
+		req.MaxQueryTime = DefaultQueryTimeout
+	}
+	timeoutTimer := time.NewTimer(req.MaxQueryTime)
+	defer timeoutTimer.Stop()
+
+	// First time through
+	first := true
+
+	for {
+		// Get the current value
+		cd := m.getCertData(key)
+
+		cd.lock.Lock()
+		var (
+			existing      = cd.value
+			existingIndex = cd.index
+			refreshing    = cd.refreshing
+			fetchedAt     = cd.fetchedAt
+			lastFetchErr  = cd.lastFetchErr
+			expiry        = cd.expiry
+		)
+		cd.lock.Unlock()
+
+		shouldReplaceCert := certNeedsUpdate(req, existingIndex, existing, refreshing)
+
+		if expiry != nil {
+			// The entry already exists in the TTL heap, touch it to keep it alive since
+			// this Get is still interested in the value. Note that we used to only do
+			// this in the `entryValid` block below but that means that a cache entry
+			// will expire after it's TTL regardless of how many callers are waiting for
+			// updates in this method in a couple of cases:
+			//
+			//  1. If the agent is disconnected from servers for the TTL then the client
+			//     will be in backoff getting errors on each call to Get and since an
+			//     errored cache entry has Valid = false it won't be touching the TTL.
+			//
+			//  2. If the value is just not changing then the client's current index
+			//     will be equal to the entry index and entryValid will be false. This
+			//     is a common case!
+			//
+			// But regardless of the state of the entry, assuming it's already in the
+			// TTL heap, we should touch it every time around here since this caller at
+			// least still cares about the value!
+			m.lock.Lock()
+			m.certsExpiryHeap.Update(expiry.Index(), m.config.LastGetTTL)
+			m.lock.Unlock()
+		}
+
+		if !shouldReplaceCert {
+			meta := cache.ResultMeta{
+				Index: existingIndex,
+			}
+
+			if first {
+				meta.Hit = true
+			}
+
+			// For non-background refresh types, the age is just how long since we
+			// fetched it last.
+			if !fetchedAt.IsZero() {
+				meta.Age = time.Since(fetchedAt)
+			}
+
+			// We purposely do not return an error here since the cache only works with
+			// fetching values that either have a value or have an error, but not both.
+			// The Error may be non-nil in the entry in the case that an error has
+			// occurred _since_ the last good value, but we still want to return the
+			// good value to clients that are not requesting a specific version. The
+			// effect of this is that blocking clients will all see an error immediately
+			// without waiting a whole timeout to see it, but clients that just look up
+			// cache with an older index than the last valid result will still see the
+			// result and not the error here. I.e. the error is not "cached" without a
+			// new fetch attempt occurring, but the last good value can still be fetched
+			// from cache.
+			return existing, meta, nil
+		}
+
+		// If this isn't our first time through and our last value has an error, then
+		// we return the error. This has the behavior that we don't sit in a retry
+		// loop getting the same error for the entire duration of the timeout.
+		// Instead, we make one effort to fetch a new value, and if there was an
+		// error, we return. Note that the invariant is that if both entry.Value AND
+		// entry.Error are non-nil, the error _must_ be more recent than the Value. In
+		// other words valid fetches should reset the error. See
+		// https://github.com/hashicorp/consul/issues/4480.
+		if !first && lastFetchErr != nil {
+			return existing, cache.ResultMeta{Index: existingIndex}, lastFetchErr
+		}
+
+		notifyCh := m.triggerCertRefreshInGroup(req, cd)
+
+		// No longer our first time through
+		first = false
+
+		select {
+		case <-ctx.Done():
+			return nil, cache.ResultMeta{}, ctx.Err()
+		case <-notifyCh:
+			// Our fetch returned, retry the get from the cache.
+			req.MustRevalidate = false
+
+		case <-timeoutTimer.C:
+			// Timeout on the cache read, just return whatever we have.
+			return existing, cache.ResultMeta{Index: existingIndex}, nil
+		}
+	}
+}
+
+func certNeedsUpdate(req *ConnectCALeafRequest, index uint64, value *structs.IssuedCert, refreshing bool) bool {
+	if value == nil {
+		return true
+	}
+
+	if req.MinQueryIndex > 0 && req.MinQueryIndex >= index {
+		// MinIndex was given and matches or is higher than current value so we
+		// ignore the cache and fallthrough to blocking on a new value.
+		return true
+	}
+
+	// Check if re-validate is requested. If so the first time round the
+	// loop is not a hit but subsequent ones should be treated normally.
+	if req.MustRevalidate {
+		// It is important to note that this block ONLY applies when we are not
+		// in indefinite refresh mode (where the underlying goroutine will
+		// continue to re-query for data).
+		//
+		// In this mode goroutines have a 1:1 relationship to RPCs that get
+		// executed, and importantly they DO NOT SLEEP after executing.
+		//
+		// This means that a running goroutine for this cache entry extremely
+		// strongly implies that the RPC has not yet completed, which is why
+		// this check works for the revalidation-avoidance optimization here.
+		if refreshing {
+			// There is an active goroutine performing a blocking query for
+			// this data, which has not returned.
+			//
+			// We can logically deduce that the contents of the cache are
+			// actually current, and we can simply return this while leaving
+			// the blocking query alone.
+			return false
+		} else {
+			return true
+		}
+	}
+
+	return false
+}
+
+func (m *Manager) triggerCertRefreshInGroup(req *ConnectCALeafRequest, cd *certData) <-chan singleflight.Result {
+	// Lightweight copy this object so that manipulating req doesn't race.
+	dup := *req
+	req = &dup
+
+	if req.MaxQueryTime == 0 {
+		req.MaxQueryTime = DefaultQueryTimeout
+	}
+
+	// At this point, we know we either don't have a cert at all or the
+	// cert we have is too old. We need to mint a new one.
+	//
+	// We use a singleflight group to coordinate only one request driving
+	// the async update to the key at once.
+	//
+	// NOTE: this anonymous function only has one goroutine in it per key at all times
+	return m.certGroup.DoChan(req.Key(), func() (any, error) {
+		cd.lock.Lock()
+		var (
+			shouldReplaceCert = certNeedsUpdate(req, cd.index, cd.value, cd.refreshing)
+			rateLimiter       = cd.refreshRateLimiter
+			lastIndex         = cd.index
+		)
+		cd.lock.Unlock()
+
+		if !shouldReplaceCert {
+			// This handles the case where a fetch succeeded after checking for
+			// its existence in Get. This ensures that we don't miss updates
+			// since we don't hold the lock between the read and then the
+			// refresh trigger.
+			return nil, nil
+		}
+
+		if err := rateLimiter.Wait(m.ctx); err != nil {
+			// NOTE: this can only happen when the entire cache is being
+			// shutdown and isn't something that can happen normally.
+			return nil, nil
+		}
+
+		cd.MarkRefreshing(true)
+		defer cd.MarkRefreshing(false)
+
+		req.MinQueryIndex = lastIndex
+
+		// Start building the new entry by blocking on the fetch.
+		m.refreshLeafAndUpdate(req, cd)
+
+		return nil, nil
+	})
+}
+
+// testGet is a way for the test code to do a get but from the middle of the
+// logic stack, skipping some of the caching logic.
+func (m *Manager) testGet(req *ConnectCALeafRequest) (uint64, *structs.IssuedCert, error) {
+	cd := m.getCertData(req.Key())
+
+	m.refreshLeafAndUpdate(req, cd)
+
+	cd.lock.Lock()
+	var (
+		index = cd.index
+		cert  = cd.value
+		err   = cd.lastFetchErr
+	)
+	cd.lock.Unlock()
+
+	if err != nil {
+		return 0, nil, err
+	}
+
+	return index, cert, nil
+}
+
+// refreshLeafAndUpdate will try to refresh the leaf and persist the updated
+// data back to the in-memory store.
+//
+// NOTE: this function only has one goroutine in it per key at all times
+func (m *Manager) refreshLeafAndUpdate(req *ConnectCALeafRequest, cd *certData) {
+	existing, state := cd.GetValueAndState()
+	newCert, updatedState, err := m.attemptLeafRefresh(req, existing, state)
+	cd.Update(newCert, updatedState, err)
+}
+
+// Prepopulate puts a cert in manually. This is useful when the correct initial
+// value is known and the cache shouldn't refetch the same thing on startup. It
+// is used to set AgentLeafCert when AutoEncrypt.TLS is turned on. The manager
+// itself cannot fetch that the first time because it requires a special
+// RPCType. Subsequent runs are fine though.
+func (m *Manager) Prepopulate(
+	ctx context.Context,
+	key string,
+	index uint64,
+	value *structs.IssuedCert,
+	authorityKeyID string,
+) error {
+	if value == nil {
+		return errors.New("value is required")
+	}
+	cd := m.getCertData(key)
+
+	cd.lock.Lock()
+	defer cd.lock.Unlock()
+
+	cd.index = index
+	cd.value = value
+	cd.state = fetchState{
+		authorityKeyID:           authorityKeyID,
+		forceExpireAfter:         time.Time{},
+		consecutiveRateLimitErrs: 0,
+		activeRootRotationStart:  time.Time{},
+	}
+
+	return nil
+}
+
+// runExpiryLoop is a blocking function that watches the expiration
+// heap and invalidates cert entries that have expired.
+func (m *Manager) runExpiryLoop() {
+	for {
+		m.lock.RLock()
+		timer := m.certsExpiryHeap.Next()
+		m.lock.RUnlock()
+
+		select {
+		case <-m.ctx.Done():
+			timer.Stop()
+			return
+		case <-m.certsExpiryHeap.NotifyCh:
+			timer.Stop()
+			continue
+
+		case <-timer.Wait():
+			m.lock.Lock()
+
+			entry := timer.Entry
+
+			// Entry expired! Remove it.
+			delete(m.certs, entry.Key())
+			m.certsExpiryHeap.Remove(entry.Index())
+
+			// Set some metrics
+			metrics.IncrCounter([]string{"leaf-certs", "evict_expired"}, 1)
+			metrics.SetGauge([]string{"leaf-certs", "entries_count"}, float32(len(m.certs)))
+
+			m.lock.Unlock()
+		}
+	}
+}
diff --git a/agent/leafcert/leafcert_test.go b/agent/leafcert/leafcert_test.go
new file mode 100644
index 000000000000..0db683a816e1
--- /dev/null
+++ b/agent/leafcert/leafcert_test.go
@@ -0,0 +1,1133 @@
+package leafcert
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/agent/cache"
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/consul"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+)
+
+// Test that after an initial signing, new CA roots (new ID) will
+// trigger a blocking query to execute.
+func TestManager_changingRoots(t *testing.T) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	t.Parallel()
+
+	m, signer := testManager(t, nil)
+
+	caRoot := signer.UpdateCA(t, nil)
+
+	// We'll reuse the fetch options and request
+	req := &ConnectCALeafRequest{
+		Datacenter: "dc1", Service: "web",
+		MinQueryIndex: 0, MaxQueryTime: 10 * time.Second,
+	}
+
+	// First fetch should return immediately
+	getCh := testAsyncGet(t, m, req)
+	var idx uint64
+	select {
+	case <-time.After(100 * time.Millisecond):
+		t.Fatal("shouldn't block waiting for fetch")
+	case result := <-getCh:
+		require.NoError(t, result.Err)
+		require.NotNil(t, result.Value)
+		requireLeafValidUnderCA(t, result.Value, caRoot)
+		require.True(t, result.Index > 0)
+
+		idx = result.Index
+	}
+
+	// Second fetch should block with set index
+	req.MinQueryIndex = idx
+	getCh = testAsyncGet(t, m, req)
+	select {
+	case result := <-getCh:
+		t.Fatalf("should not return: %#v", result)
+	case <-time.After(100 * time.Millisecond):
+	}
+
+	// Let's send in new roots, which should trigger the sign req. We need to take
+	// care to set the new root as active
+	caRoot2 := signer.UpdateCA(t, nil)
+	select {
+	case <-time.After(100 * time.Millisecond):
+		t.Fatal("shouldn't block waiting for fetch")
+	case result := <-getCh:
+		require.NoError(t, result.Err)
+		require.NotNil(t, result.Value)
+		require.True(t, result.Index > idx)
+		requireLeafValidUnderCA(t, result.Value, caRoot2)
+	}
+
+	// Third fetch should block
+	getCh = testAsyncGet(t, m, req)
+	select {
+	case result := <-getCh:
+		t.Fatalf("should not return: %#v", result)
+	case <-time.After(100 * time.Millisecond):
+	}
+}
+
+// Tests that if the root change jitter is longer than the time left on the
+// timeout, we return normally but then still renew the cert on a subsequent
+// call.
+func TestManager_changingRootsJitterBetweenCalls(t *testing.T) {
+	t.Parallel()
+
+	const TestOverrideCAChangeInitialDelay = 100 * time.Millisecond
+
+	m, signer := testManager(t, func(cfg *Config) {
+		// Override the root-change delay so we will timeout first. We can't set it to
+		// a crazy high value otherwise we'll have to wait that long in the test to
+		// see if it actually happens on subsequent calls. We instead reduce the
+		// timeout in FetchOptions to be much shorter than this.
+		cfg.TestOverrideCAChangeInitialDelay = TestOverrideCAChangeInitialDelay
+	})
+
+	caRoot := signer.UpdateCA(t, nil)
+
+	// We'll reuse the fetch options and request. Timeout must be much shorter
+	// than the initial root delay. 20ms means that if we deliver the root change
+	// during the first blocking call, we should need to block fully for 5 more
+	// calls before the cert is renewed. We pick a timeout that is not an exact
+	// multiple of the 100ms delay above to reduce the chance that timing works
+	// out in a way that makes it hard to tell a timeout from an early return due
+	// to a cert renewal.
+	req := &ConnectCALeafRequest{
+		Datacenter: "dc1", Service: "web",
+		MinQueryIndex: 0, MaxQueryTime: 35 * time.Millisecond,
+	}
+
+	// First fetch should return immediately
+	getCh := testAsyncGet(t, m, req)
+	var (
+		idx    uint64
+		issued *structs.IssuedCert
+	)
+	select {
+	case <-time.After(100 * time.Millisecond):
+		t.Fatal("shouldn't block waiting for fetch")
+	case result := <-getCh:
+		require.NoError(t, result.Err)
+		require.NotNil(t, result.Value)
+		require.True(t, result.Index > 0)
+		requireLeafValidUnderCA(t, result.Value, caRoot)
+		idx = result.Index
+		issued = result.Value
+	}
+
+	// Let's send in new roots, which should eventually trigger the sign req. We
+	// need to take care to set the new root as active. Note that this is
+	// implicitly testing that root updates that happen in between leaf blocking
+	// queries are still noticed too. At this point no leaf blocking query is
+	// running so the root watch should be stopped. By pushing this update, the
+	// next blocking query will _immediately_ see the new root which means it
+	// needs to correctly notice that it is not the same one that generated the
+	// current cert and start the rotation. This is good, just not obvious that
+	// the behavior is actually well tested here when it is.
+	caRoot2 := signer.UpdateCA(t, nil)
+	earliestRootDelivery := time.Now()
+
+	// Some number of fetches (2,3,4 likely) should timeout after 20ms and after
+	// 100ms has elapsed total we should see the new cert. Since this is all very
+	// timing dependent, we don't hard code exact numbers here and instead loop
+	// for plenty of time and do as many calls as it takes and just assert on the
+	// time taken and that the call either blocks and returns the cached cert, or
+	// returns the new one.
+	req.MinQueryIndex = idx
+	var shouldExpireAfter time.Time
+	i := 1
+	rootsDelivered := false
+	for rootsDelivered {
+		start := time.Now()
+		getCh = testAsyncGet(t, m, req)
+		select {
+		case result := <-getCh:
+			require.NoError(t, result.Err)
+			timeTaken := time.Since(start)
+
+			// There are two options, either it blocked waiting for the delay after
+			// the rotation or it returned the new CA cert before the timeout was
+			// done. TO be more robust against timing, we take the value as the
+			// decider for which case it is, and assert timing matches our expected
+			// bounds rather than vice versa.
+
+			if result.Index > idx {
+				// Got a new cert
+				require.NotEqual(t, issued, result.Value)
+				require.NotNil(t, result.Value)
+				requireLeafValidUnderCA(t, result.Value, caRoot2)
+				// Should not have been delivered before the delay
+				require.True(t, time.Since(earliestRootDelivery) > TestOverrideCAChangeInitialDelay)
+				// All good. We are done!
+				rootsDelivered = true
+			} else {
+				// Should be the cached cert
+				require.Equal(t, issued, result.Value)
+				require.Equal(t, idx, result.Index)
+				requireLeafValidUnderCA(t, result.Value, caRoot)
+				// Sanity check we blocked for the whole timeout
+				require.Truef(t, timeTaken > req.MaxQueryTime,
+					"should block for at least %s, returned after %s",
+					req.MaxQueryTime, timeTaken)
+				// Sanity check that the forceExpireAfter state was set correctly
+				shouldExpireAfter := testObserveLeafCert(m, req, func(cd *certData) time.Time {
+					return cd.state.forceExpireAfter
+				})
+				require.True(t, shouldExpireAfter.After(time.Now()))
+				require.True(t, shouldExpireAfter.Before(time.Now().Add(TestOverrideCAChangeInitialDelay)))
+			}
+		case <-time.After(50 * time.Millisecond):
+			t.Fatalf("request %d blocked too long", i)
+		}
+		i++
+
+		// Sanity check that we've not gone way beyond the deadline without a
+		// new cert. We give some leeway to make it less brittle.
+		require.Falsef(t, time.Now().After(shouldExpireAfter.Add(100*time.Millisecond)),
+			"waited extra 100ms and delayed CA rotate renew didn't happen")
+	}
+}
+
+func testObserveLeafCert[T any](m *Manager, req *ConnectCALeafRequest, cb func(*certData) T) T {
+	key := req.Key()
+
+	cd := m.getCertData(key)
+
+	cd.lock.Lock()
+	defer cd.lock.Unlock()
+
+	return cb(cd)
+}
+
+// Tests that if the root changes in between blocking calls we still pick it up.
+func TestManager_changingRootsBetweenBlockingCalls(t *testing.T) {
+	t.Parallel()
+
+	m, signer := testManager(t, nil)
+
+	caRoot := signer.UpdateCA(t, nil)
+
+	// We'll reuse the fetch options and request. Short timeout important since we
+	// wait the full timeout before chaning roots.
+	req := &ConnectCALeafRequest{
+		Datacenter: "dc1", Service: "web",
+		MinQueryIndex: 0, MaxQueryTime: 35 * time.Millisecond,
+	}
+
+	// First fetch should return immediately
+	getCh := testAsyncGet(t, m, req)
+	var (
+		idx    uint64
+		issued *structs.IssuedCert
+	)
+	select {
+	case <-time.After(100 * time.Millisecond):
+		t.Fatal("shouldn't block waiting for fetch")
+	case result := <-getCh:
+		require.NoError(t, result.Err)
+		require.NotNil(t, result.Value)
+		requireLeafValidUnderCA(t, result.Value, caRoot)
+		require.True(t, result.Index > 0)
+		idx = result.Index
+		issued = result.Value
+	}
+
+	// Next fetch should block for the full timeout
+	start := time.Now()
+	getCh = testAsyncGet(t, m, req)
+	select {
+	case <-time.After(100 * time.Millisecond):
+		t.Fatal("shouldn't block for too long waiting for fetch")
+	case result := <-getCh:
+		require.NoError(t, result.Err)
+		require.Equal(t, issued, result.Value)
+		// Still the initial cached result
+		require.Equal(t, idx, result.Index)
+		// Sanity check that it waited
+		require.True(t, time.Since(start) > req.MaxQueryTime)
+	}
+
+	// No active requests, simulate root change now
+	caRoot2 := signer.UpdateCA(t, nil)
+	earliestRootDelivery := time.Now()
+
+	// We should get the new cert immediately on next fetch (since test override
+	// root change jitter to be 1 nanosecond so no delay expected).
+	getCh = testAsyncGet(t, m, req)
+	select {
+	case <-time.After(100 * time.Millisecond):
+		t.Fatal("shouldn't block too long waiting for fetch")
+	case result := <-getCh:
+		require.NoError(t, result.Err)
+		require.NotEqual(t, issued, result.Value)
+		requireLeafValidUnderCA(t, result.Value, caRoot2)
+		require.True(t, result.Index > idx)
+		// Sanity check that we didn't wait too long
+		require.True(t, time.Since(earliestRootDelivery) < req.MaxQueryTime)
+	}
+}
+
+func TestManager_CSRRateLimiting(t *testing.T) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	t.Parallel()
+
+	m, signer := testManager(t, func(cfg *Config) {
+		// Each jitter window will be only 100 ms long to make testing quick but
+		// highly likely not to fail based on scheduling issues.
+		cfg.TestOverrideCAChangeInitialDelay = 100 * time.Millisecond
+	})
+
+	signer.UpdateCA(t, nil)
+
+	signer.SetSignCallErrors(
+		// First call return rate limit error. This is important as it checks
+		// behavior when cache is empty and we have to return a nil Value but need to
+		// save state to do the right thing for retry.
+		consul.ErrRateLimited, // inc
+		// Then succeed on second call
+		nil,
+		// Then be rate limited again on several further calls
+		consul.ErrRateLimited, // inc
+		consul.ErrRateLimited, // inc
+	// Then fine after that
+	)
+
+	req := &ConnectCALeafRequest{
+		Datacenter:     "dc1",
+		Service:        "web",
+		EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+	}
+
+	// First fetch should return rate limit error directly - client is expected to
+	// backoff itself.
+	getCh := testAsyncGet(t, m, req)
+	select {
+	case <-time.After(200 * time.Millisecond):
+		t.Fatal("shouldn't block longer than one jitter window for success")
+	case result := <-getCh:
+		require.Error(t, result.Err)
+		require.Equal(t, consul.ErrRateLimited.Error(), result.Err.Error())
+	}
+
+	// Second call should return correct cert immediately.
+	getCh = testAsyncGet(t, m, req)
+	var (
+		idx    uint64
+		issued *structs.IssuedCert
+	)
+	select {
+	case <-time.After(100 * time.Millisecond):
+		t.Fatal("shouldn't block waiting for fetch")
+	case result := <-getCh:
+		require.NoError(t, result.Err)
+		require.NotNil(t, result.Value)
+		require.True(t, result.Index > 0)
+		idx = result.Index
+		issued = result.Value
+	}
+
+	// Send in new roots, which should trigger the next sign req. We need to take
+	// care to set the new root as active
+	signer.UpdateCA(t, nil)
+	earliestRootDelivery := time.Now()
+
+	// Sanity check state
+	require.Equal(t, uint64(1), signer.GetSignCallErrorCount())
+
+	// After root rotation jitter has been waited out, a new CSR will
+	// be attempted but will fail and return the previous cached result with no
+	// error since we will try again soon.
+	getCh = testAsyncGet(t, m, req)
+	select {
+	case <-time.After(200 * time.Millisecond):
+		t.Fatal("shouldn't block too long waiting for fetch")
+	case result := <-getCh:
+		// We should block for _at least_ one jitter period since we set that to
+		// 100ms and in test override mode we always pick the max jitter not a
+		// random amount.
+		require.True(t, time.Since(earliestRootDelivery) > 100*time.Millisecond)
+		require.Equal(t, uint64(2), signer.GetSignCallErrorCount())
+
+		require.NoError(t, result.Err)
+		require.Equal(t, issued, result.Value)
+		// 1 since this should still be the original cached result as we failed to
+		// get a new cert.
+		require.Equal(t, idx, result.Index)
+	}
+
+	// Root rotation state is now only captured in the opts.LastResult.State so a
+	// subsequent call should also wait for 100ms and then attempt to generate a
+	// new cert since we failed last time.
+	getCh = testAsyncGet(t, m, req)
+	select {
+	case <-time.After(200 * time.Millisecond):
+		t.Fatal("shouldn't block too long waiting for fetch")
+	case result := <-getCh:
+		// We should block for _at least_ two jitter periods now.
+		require.True(t, time.Since(earliestRootDelivery) > 200*time.Millisecond)
+		require.Equal(t, uint64(3), signer.GetSignCallErrorCount())
+
+		require.NoError(t, result.Err)
+		require.Equal(t, issued, result.Value)
+		// 1 since this should still be the original cached result as we failed to
+		// get a new cert.
+		require.Equal(t, idx, result.Index)
+	}
+
+	// Now we've had two rate limit failures and seen root rotation state work
+	// across both the blocking request that observed the rotation and the
+	// subsequent one. The next request should wait out the rest of the backoff
+	// and then actually fetch a new cert at last!
+	getCh = testAsyncGet(t, m, req)
+	select {
+	case <-time.After(200 * time.Millisecond):
+		t.Fatal("shouldn't block too long waiting for fetch")
+	case result := <-getCh:
+		// We should block for _at least_ three jitter periods now.
+		require.True(t, time.Since(earliestRootDelivery) > 300*time.Millisecond)
+		require.Equal(t, uint64(3), signer.GetSignCallErrorCount())
+
+		require.NoError(t, result.Err)
+		require.NotEqual(t, issued, result.Value)
+		// 3 since the rootCA change used 2
+		require.True(t, result.Index > idx)
+	}
+}
+
+// This test runs multiple concurrent callers watching different leaf certs and
+// tries to ensure that the background root watch activity behaves correctly.
+func TestManager_watchRootsDedupingMultipleCallers(t *testing.T) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	t.Parallel()
+
+	m, signer := testManager(t, nil)
+
+	caRoot := signer.UpdateCA(t, nil)
+
+	// n is the number of clients we'll run
+	n := 3
+
+	// setup/testDoneCh are used for coordinating clients such that each has
+	// initial cert delivered and is blocking before the root changes. It's not a
+	// wait group since we want to be able to timeout the main test goroutine if
+	// one of the clients gets stuck. Instead it's a buffered chan.
+	setupDoneCh := make(chan error, n)
+	testDoneCh := make(chan error, n)
+	// rootsUpdate is used to coordinate clients so they know when they should
+	// expect to see leaf renewed after root change.
+	rootsUpdatedCh := make(chan struct{})
+
+	// Create a function that models a single client. It should go through the
+	// steps of getting an initial cert and then watching for changes until root
+	// updates.
+	client := func(i int) {
+		// We'll reuse the fetch options and request
+		req := &ConnectCALeafRequest{
+			Datacenter: "dc1", Service: fmt.Sprintf("web-%d", i),
+			MinQueryIndex: 0, MaxQueryTime: 10 * time.Second,
+		}
+
+		// First fetch should return immediately
+		getCh := testAsyncGet(t, m, req)
+		var idx uint64
+		select {
+		case <-time.After(100 * time.Millisecond):
+			setupDoneCh <- fmt.Errorf("shouldn't block waiting for fetch")
+			return
+		case result := <-getCh:
+			require.NoError(t, result.Err)
+			idx = result.Index
+		}
+
+		// Second fetch should block with set index
+		req.MinQueryIndex = idx
+		getCh = testAsyncGet(t, m, req)
+		select {
+		case result := <-getCh:
+			setupDoneCh <- fmt.Errorf("should not return: %#v", result)
+			return
+		case <-time.After(100 * time.Millisecond):
+		}
+
+		// We're done with setup and the blocking call is still blocking in
+		// background.
+		setupDoneCh <- nil
+
+		// Wait until all others are also done and roots change incase there are
+		// stragglers delaying the root update.
+		select {
+		case <-rootsUpdatedCh:
+		case <-time.After(200 * time.Millisecond):
+			testDoneCh <- fmt.Errorf("waited too long for root update")
+			return
+		}
+
+		// Now we should see root update within a short period
+		select {
+		case <-time.After(100 * time.Millisecond):
+			testDoneCh <- fmt.Errorf("shouldn't block waiting for fetch")
+			return
+		case result := <-getCh:
+			require.NoError(t, result.Err)
+			if req.MinQueryIndex == result.Value.CreateIndex {
+				testDoneCh <- fmt.Errorf("index must be different")
+				return
+			}
+		}
+
+		testDoneCh <- nil
+	}
+
+	// Sanity check the roots watcher is not running yet
+	assertRootsWatchCounts(t, m, 0, 0)
+
+	for i := 0; i < n; i++ {
+		go client(i)
+	}
+
+	timeoutCh := time.After(200 * time.Millisecond)
+
+	for i := 0; i < n; i++ {
+		select {
+		case <-timeoutCh:
+			t.Fatal("timed out waiting for clients")
+		case err := <-setupDoneCh:
+			if err != nil {
+				t.Fatalf(err.Error())
+			}
+		}
+	}
+
+	// Should be 3 clients running now, so the roots watcher should have started
+	// once and not stopped.
+	assertRootsWatchCounts(t, m, 1, 0)
+
+	caRootCopy := caRoot.Clone()
+	caRootCopy.Active = false
+
+	// Now we deliver the root update
+	_ = signer.UpdateCA(t, nil)
+	// And notify clients
+	close(rootsUpdatedCh)
+
+	timeoutCh = time.After(200 * time.Millisecond)
+	for i := 0; i < n; i++ {
+		select {
+		case <-timeoutCh:
+			t.Fatalf("timed out waiting for %d of %d clients to renew after root change", n-i, n)
+		case err := <-testDoneCh:
+			if err != nil {
+				t.Fatalf(err.Error())
+			}
+		}
+	}
+
+	// All active requests have returned the new cert so the rootsWatcher should
+	// have stopped. This is timing dependent though so retry a few times
+	retry.RunWith(retry.ThreeTimes(), t, func(r *retry.R) {
+		assertRootsWatchCounts(r, m, 1, 1)
+	})
+}
+
+func assertRootsWatchCounts(t require.TestingT, m *Manager, wantStarts, wantStops int) {
+	if tt, ok := t.(*testing.T); ok {
+		tt.Helper()
+	}
+	starts := atomic.LoadUint32(&m.rootWatcher.testStartCount)
+	stops := atomic.LoadUint32(&m.rootWatcher.testStopCount)
+	require.Equal(t, wantStarts, int(starts))
+	require.Equal(t, wantStops, int(stops))
+}
+
+// Test that after an initial signing, an expiringLeaf will trigger a
+// blocking query to resign.
+func TestManager_expiringLeaf(t *testing.T) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	t.Parallel()
+
+	m, signer := testManager(t, nil)
+
+	caRoot := signer.UpdateCA(t, nil)
+
+	signer.SetSignCallErrors(
+		// First call returns expired cert to prime cache with an expired one.
+		ReplyWithExpiredCert,
+	)
+
+	// We'll reuse the fetch options and request
+	req := &ConnectCALeafRequest{
+		Datacenter: "dc1", Service: "web",
+		MinQueryIndex: 0, MaxQueryTime: 10 * time.Second,
+	}
+
+	// First fetch should return immediately
+	getCh := testAsyncGet(t, m, req)
+	var (
+		idx    uint64
+		issued *structs.IssuedCert
+	)
+	select {
+	case <-time.After(100 * time.Millisecond):
+		t.Fatal("shouldn't block waiting for fetch")
+	case result := <-getCh:
+		require.NoError(t, result.Err)
+		require.NotNil(t, result.Value)
+		require.True(t, result.Index > 0)
+		idx = result.Index
+		issued = result.Value
+	}
+
+	// Second fetch should return immediately despite there being
+	// no updated CA roots, because we issued an expired cert.
+	getCh = testAsyncGet(t, m, req)
+	select {
+	case <-time.After(100 * time.Millisecond):
+		t.Fatal("shouldn't block waiting for fetch")
+	case result := <-getCh:
+		require.NoError(t, result.Err)
+		require.NotEqual(t, issued, result.Value)
+		require.True(t, result.Index > idx)
+		requireLeafValidUnderCA(t, result.Value, caRoot)
+		idx = result.Index
+	}
+
+	// Third fetch should block since the cert is not expiring and
+	// we also didn't update CA certs.
+	req.MinQueryIndex = idx
+	getCh = testAsyncGet(t, m, req)
+	select {
+	case result := <-getCh:
+		t.Fatalf("should not return: %#v", result)
+	case <-time.After(100 * time.Millisecond):
+	}
+}
+
+func TestManager_DNSSANForService(t *testing.T) {
+	t.Parallel()
+
+	m, signer := testManager(t, nil)
+
+	_ = signer.UpdateCA(t, nil)
+
+	req := &ConnectCALeafRequest{
+		Datacenter: "dc1",
+		Service:    "web",
+		DNSSAN:     []string{"test.example.com"},
+	}
+
+	_, _, err := m.Get(context.Background(), req)
+	require.NoError(t, err)
+
+	caReq := signer.GetCapture(0)
+	require.NotNil(t, caReq)
+
+	pemBlock, _ := pem.Decode([]byte(caReq.CSR))
+	csr, err := x509.ParseCertificateRequest(pemBlock.Bytes)
+	require.NoError(t, err)
+	require.Equal(t, csr.DNSNames, []string{"test.example.com"})
+}
+
+func TestManager_workflow_good(t *testing.T) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+	t.Cleanup(cancel)
+
+	const TestOverrideCAChangeInitialDelay = 1 * time.Nanosecond
+
+	m, signer := testManager(t, func(cfg *Config) {
+		cfg.TestOverrideCAChangeInitialDelay = TestOverrideCAChangeInitialDelay
+	})
+
+	ca1 := signer.UpdateCA(t, nil)
+
+	req := &ConnectCALeafRequest{
+		Datacenter:     "dc1",
+		Service:        "test",
+		EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+	}
+
+	// List
+	issued, meta, err := m.Get(ctx, req)
+	require.NoError(t, err)
+	require.False(t, meta.Hit)
+	require.NotNil(t, issued)
+
+	// Verify that the cert is signed by the CA
+	requireLeafValidUnderCA(t, issued, ca1)
+
+	// Verify blocking index
+	require.True(t, issued.ModifyIndex > 0)
+	require.Equal(t, issued.ModifyIndex, meta.Index)
+
+	index := meta.Index
+
+	// Fetch it again
+	testutil.RunStep(t, "test you get a cache hit on another read", func(t *testing.T) {
+		req := &ConnectCALeafRequest{
+			Datacenter:     "dc1",
+			Service:        "test",
+			EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+		}
+		issued2, _, err := m.Get(ctx, req)
+		require.NoError(t, err)
+		require.NotNil(t, issued2)
+		require.Equal(t, issued, issued2)
+	})
+
+	type reply struct {
+		cert *structs.IssuedCert
+		meta cache.ResultMeta
+		err  error
+	}
+
+	replyCh := make(chan *reply, 1)
+	go func() {
+		req := &ConnectCALeafRequest{
+			Datacenter:     "dc1",
+			Service:        "test",
+			EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+			MinQueryIndex:  index,
+		}
+
+		issued2, meta2, err := m.Get(ctx, req)
+
+		replyCh <- &reply{issued2, meta2, err}
+	}()
+
+	// Set a new CA
+	ca2 := signer.UpdateCA(t, nil)
+
+	// Issue a blocking query to ensure that the cert gets updated appropriately
+	testutil.RunStep(t, "test blocking queries update leaf cert", func(t *testing.T) {
+		var got *reply
+		select {
+		case got = <-replyCh:
+		case <-time.After(500 * time.Millisecond):
+			t.Fatal("blocking query did not wake up during rotation")
+		}
+
+		issued2, meta2, err := got.cert, got.meta, got.err
+		require.NoError(t, err)
+		require.NotNil(t, issued2)
+
+		require.NotEqual(t, issued.CertPEM, issued2.CertPEM)
+		require.NotEqual(t, issued.PrivateKeyPEM, issued2.PrivateKeyPEM)
+
+		// Verify that the cert is signed by the new CA
+		requireLeafValidUnderCA(t, issued2, ca2)
+
+		// Should not be a cache hit! The data was updated in response to the blocking
+		// query being made.
+		require.False(t, meta2.Hit)
+	})
+
+	testutil.RunStep(t, "test non-blocking queries update leaf cert", func(t *testing.T) {
+		req := &ConnectCALeafRequest{
+			Datacenter:     "dc1",
+			Service:        "test",
+			EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+		}
+
+		issued, _, err := m.Get(ctx, req)
+		require.NoError(t, err)
+		require.NotNil(t, issued)
+
+		// Verify that the cert is signed by the CA
+		requireLeafValidUnderCA(t, issued, ca2)
+
+		// Issue a non blocking query to ensure that the cert gets updated appropriately
+		{
+			// Set a new CA
+			ca3 := signer.UpdateCA(t, nil)
+
+			retry.Run(t, func(r *retry.R) {
+				req := &ConnectCALeafRequest{
+					Datacenter:     "dc1",
+					Service:        "test",
+					EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+				}
+
+				issued2, meta2, err := m.Get(ctx, req)
+				require.NoError(r, err)
+				require.NotNil(r, issued2)
+
+				requireLeafValidUnderCA(r, issued2, ca3)
+
+				// Should not be a cache hit!
+				require.False(r, meta2.Hit)
+
+				require.NotEqual(r, issued.CertPEM, issued2.CertPEM)
+				require.NotEqual(r, issued.PrivateKeyPEM, issued2.PrivateKeyPEM)
+
+				// Verify that the cert is signed by the new CA
+				requireLeafValidUnderCA(r, issued2, ca3)
+			})
+		}
+	})
+}
+
+// Test we can request a leaf cert for a service and witness correct caching,
+// blocking, and update semantics.
+//
+// This test originally was a client agent test in
+// agent.TestAgentConnectCALeafCert_goodNotLocal and was cloned here to
+// increase complex coverage, but the specific naming of the parent test is
+// irrelevant here since there's no notion of the catalog at all at this layer.
+func TestManager_workflow_goodNotLocal(t *testing.T) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+	t.Cleanup(cancel)
+
+	const TestOverrideCAChangeInitialDelay = 1 * time.Nanosecond
+
+	m, signer := testManager(t, func(cfg *Config) {
+		cfg.TestOverrideCAChangeInitialDelay = TestOverrideCAChangeInitialDelay
+	})
+
+	ca1 := signer.UpdateCA(t, nil)
+
+	req := &ConnectCALeafRequest{
+		Datacenter:     "dc1",
+		Service:        "test",
+		EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+	}
+
+	// List
+	issued, meta, err := m.Get(ctx, req)
+	require.NoError(t, err)
+	require.False(t, meta.Hit)
+	require.NotNil(t, issued)
+
+	// Verify that the cert is signed by the CA
+	requireLeafValidUnderCA(t, issued, ca1)
+
+	// Verify blocking index
+	require.True(t, issued.ModifyIndex > 0)
+	require.Equal(t, issued.ModifyIndex, meta.Index)
+
+	// Fetch it again
+	testutil.RunStep(t, "test you get a cache hit on another read", func(t *testing.T) {
+		req := &ConnectCALeafRequest{
+			Datacenter:     "dc1",
+			Service:        "test",
+			EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+		}
+		issued2, _, err := m.Get(ctx, req)
+		require.NoError(t, err)
+		require.NotNil(t, issued2)
+		require.Equal(t, issued, issued2)
+	})
+
+	// Test Blocking - see https://github.com/hashicorp/consul/issues/4462
+	testutil.RunStep(t, "test blocking issue 4462", func(t *testing.T) {
+		// Fetch it again
+		req := &ConnectCALeafRequest{
+			Datacenter:     "dc1",
+			Service:        "test",
+			EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+			MinQueryIndex:  issued.ModifyIndex,
+			MaxQueryTime:   125 * time.Millisecond,
+		}
+		var (
+			respCh = make(chan *structs.IssuedCert)
+			errCh  = make(chan error, 1)
+		)
+		go func() {
+			issued2, _, err := m.Get(ctx, req)
+			if err != nil {
+				errCh <- err
+			} else {
+				respCh <- issued2
+			}
+		}()
+
+		select {
+		case <-time.After(500 * time.Millisecond):
+			require.FailNow(t, "Shouldn't block for this long - not respecting wait parameter in the query")
+
+		case err := <-errCh:
+			require.NoError(t, err)
+		case <-respCh:
+		}
+	})
+
+	testutil.RunStep(t, "test that caching is updated in the background", func(t *testing.T) {
+		// Set a new CA
+		ca := signer.UpdateCA(t, nil)
+
+		retry.Run(t, func(r *retry.R) {
+			// Try and sign again (note no index/wait arg since cache should update in
+			// background even if we aren't actively blocking)
+			req := &ConnectCALeafRequest{
+				Datacenter:     "dc1",
+				Service:        "test",
+				EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+			}
+
+			issued2, _, err := m.Get(ctx, req)
+			require.NoError(r, err)
+
+			if issued.CertPEM == issued2.CertPEM {
+				r.Fatalf("leaf has not updated")
+			}
+
+			// Got a new leaf. Sanity check it's a whole new key as well as different
+			// cert.
+			if issued.PrivateKeyPEM == issued2.PrivateKeyPEM {
+				r.Fatalf("new leaf has same private key as before")
+			}
+
+			// Verify that the cert is signed by the new CA
+			requireLeafValidUnderCA(r, issued2, ca)
+
+			require.NotEqual(r, issued, issued2)
+		})
+	})
+}
+
+func TestManager_workflow_nonBlockingQuery_after_blockingQuery_shouldNotBlock(t *testing.T) {
+	// see: https://github.com/hashicorp/consul/issues/12048
+
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	t.Parallel()
+
+	ctx, cancel := context.WithCancel(context.Background())
+	t.Cleanup(cancel)
+
+	m, signer := testManager(t, nil)
+
+	_ = signer.UpdateCA(t, nil)
+
+	var (
+		serialNumber string
+		index        uint64
+		issued       *structs.IssuedCert
+	)
+	testutil.RunStep(t, "do initial non-blocking query", func(t *testing.T) {
+		req := &ConnectCALeafRequest{
+			Datacenter:     "dc1",
+			Service:        "test",
+			EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+		}
+		issued1, meta, err := m.Get(ctx, req)
+		require.NoError(t, err)
+
+		serialNumber = issued1.SerialNumber
+
+		require.False(t, meta.Hit, "for the leaf cert cache type these are always MISS")
+		index = meta.Index
+		issued = issued1
+	})
+
+	go func() {
+		// launch goroutine for blocking query
+		req := &ConnectCALeafRequest{
+			Datacenter:     "dc1",
+			Service:        "test",
+			EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+			MinQueryIndex:  index,
+		}
+		_, _, _ = m.Get(ctx, req)
+	}()
+
+	// We just need to ensure that the above blocking query is in-flight before
+	// the next step, so do a little sleep.
+	time.Sleep(50 * time.Millisecond)
+
+	// The initial non-blocking query populated the leaf cert cache entry
+	// implicitly. The agent cache doesn't prune entries very often at all, so
+	// in between both of these steps the data should still be there, causing
+	// this to be a HIT that completes in less than 10m (the default inner leaf
+	// cert blocking query timeout).
+	testutil.RunStep(t, "do a non-blocking query that should not block", func(t *testing.T) {
+		req := &ConnectCALeafRequest{
+			Datacenter:     "dc1",
+			Service:        "test",
+			EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+		}
+		issued2, meta2, err := m.Get(ctx, req)
+		require.NoError(t, err)
+
+		require.True(t, meta2.Hit)
+
+		// If this is actually returning a cached result, the serial number
+		// should be unchanged.
+		require.Equal(t, serialNumber, issued2.SerialNumber)
+
+		require.Equal(t, issued, issued2)
+	})
+}
+
+func requireLeafValidUnderCA(t require.TestingT, issued *structs.IssuedCert, ca *structs.CARoot) {
+	require.NotNil(t, issued)
+	require.NotNil(t, ca)
+
+	leaf, intermediates, err := connect.ParseLeafCerts(issued.CertPEM)
+	require.NoError(t, err)
+
+	roots := x509.NewCertPool()
+	require.True(t, roots.AppendCertsFromPEM([]byte(ca.RootCert)))
+
+	_, err = leaf.Verify(x509.VerifyOptions{
+		Roots:         roots,
+		Intermediates: intermediates,
+	})
+	require.NoError(t, err)
+
+	// Verify the private key matches. tls.LoadX509Keypair does this for us!
+	_, err = tls.X509KeyPair([]byte(issued.CertPEM), []byte(issued.PrivateKeyPEM))
+	require.NoError(t, err)
+}
+
+// testManager returns a *Manager that is pre-configured to use a mock RPC
+// implementation that can sign certs, and an in-memory CA roots reader that
+// interacts well with it.
+func testManager(t *testing.T, mut func(*Config)) (*Manager, *testSigner) {
+	signer := newTestSigner(t, nil, nil)
+
+	deps := Deps{
+		Logger:      testutil.Logger(t),
+		RootsReader: signer.RootsReader,
+		CertSigner:  signer,
+		Config: Config{
+			// Override the root-change spread so we don't have to wait up to 20 seconds
+			// to see root changes work. Can be changed back for specific tests that
+			// need to test this, Note it's not 0 since that used default but is
+			// effectively the same.
+			TestOverrideCAChangeInitialDelay: 1 * time.Microsecond,
+		},
+	}
+	if mut != nil {
+		mut(&deps.Config)
+	}
+
+	m := NewManager(deps)
+	t.Cleanup(m.Stop)
+
+	return m, signer
+}
+
+type testRootsReader struct {
+	mu      sync.Mutex
+	index   uint64
+	roots   *structs.IndexedCARoots
+	watcher chan struct{}
+}
+
+func newTestRootsReader(t *testing.T) *testRootsReader {
+	r := &testRootsReader{
+		watcher: make(chan struct{}),
+	}
+	t.Cleanup(func() {
+		r.mu.Lock()
+		watcher := r.watcher
+		r.mu.Unlock()
+		close(watcher)
+	})
+	return r
+}
+
+var _ RootsReader = (*testRootsReader)(nil)
+
+func (r *testRootsReader) Set(roots *structs.IndexedCARoots) {
+	r.mu.Lock()
+	oldWatcher := r.watcher
+	r.watcher = make(chan struct{})
+	r.roots = roots
+	if roots == nil {
+		r.index = 1
+	} else {
+		r.index = roots.Index
+	}
+	r.mu.Unlock()
+
+	close(oldWatcher)
+}
+
+func (r *testRootsReader) Get() (*structs.IndexedCARoots, error) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	return r.roots, nil
+}
+
+func (r *testRootsReader) Notify(ctx context.Context, correlationID string, ch chan<- cache.UpdateEvent) error {
+	r.mu.Lock()
+	watcher := r.watcher
+	r.mu.Unlock()
+
+	go func() {
+		<-watcher
+
+		r.mu.Lock()
+		defer r.mu.Unlock()
+
+		ch <- cache.UpdateEvent{
+			CorrelationID: correlationID,
+			Result:        r.roots,
+			Meta:          cache.ResultMeta{Index: r.index},
+			Err:           nil,
+		}
+	}()
+	return nil
+}
+
+type testGetResult struct {
+	Index uint64
+	Value *structs.IssuedCert
+	Err   error
+}
+
+// testAsyncGet returns a channel that returns the result of the testGet call.
+//
+// This is useful for testing timing and concurrency with testGet calls.
+func testAsyncGet(t *testing.T, m *Manager, req *ConnectCALeafRequest) <-chan testGetResult {
+	ch := make(chan testGetResult)
+	go func() {
+		index, cert, err := m.testGet(req)
+		if err != nil {
+			ch <- testGetResult{Err: err}
+			return
+		}
+
+		ch <- testGetResult{Index: index, Value: cert}
+	}()
+	return ch
+}
diff --git a/agent/leafcert/roots.go b/agent/leafcert/roots.go
new file mode 100644
index 000000000000..7f95e0578dcc
--- /dev/null
+++ b/agent/leafcert/roots.go
@@ -0,0 +1,152 @@
+package leafcert
+
+import (
+	"context"
+	"sync"
+	"sync/atomic"
+
+	"github.com/hashicorp/consul/agent/cache"
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+// rootWatcher helps let multiple requests for leaf certs to coordinate sharing
+// a single long-lived watch for the root certs. This allows the leaf cert
+// requests to notice when the roots rotate and trigger their reissuance.
+type rootWatcher struct {
+	// This is the "top-level" internal context. This is used to cancel
+	// background operations.
+	ctx context.Context
+
+	// rootsReader is an interface to access connect CA roots.
+	rootsReader RootsReader
+
+	// lock protects access to the subscribers map and cancel
+	lock sync.Mutex
+	// subscribers is a set of chans, one for each currently in-flight
+	// Fetch. These chans have root updates delivered from the root watcher.
+	subscribers map[chan struct{}]struct{}
+	// cancel is a func to call to stop the background root watch if any.
+	// You must hold lock to read (e.g. call) or write the value.
+	cancel func()
+
+	// testStart/StopCount are testing helpers that allow tests to
+	// observe the reference counting behavior that governs the shared root watch.
+	// It's not exactly pretty to expose internals like this, but seems cleaner
+	// than constructing elaborate and brittle test cases that we can infer
+	// correct behavior from, and simpler than trying to probe runtime goroutine
+	// traces to infer correct behavior that way. They must be accessed
+	// atomically.
+	testStartCount uint32
+	testStopCount  uint32
+}
+
+// Subscribe is called on each fetch that is about to block and wait for
+// changes to the leaf. It subscribes a chan to receive updates from the shared
+// root watcher and triggers root watcher if it's not already running.
+func (r *rootWatcher) Subscribe(rootUpdateCh chan struct{}) {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+	// Lazy allocation
+	if r.subscribers == nil {
+		r.subscribers = make(map[chan struct{}]struct{})
+	}
+	// Make sure a root watcher is running. We don't only do this on first request
+	// to be more tolerant of errors that could cause the root watcher to fail and
+	// exit.
+	if r.cancel == nil {
+		ctx, cancel := context.WithCancel(r.ctx)
+		r.cancel = cancel
+		go r.rootWatcher(ctx)
+	}
+	r.subscribers[rootUpdateCh] = struct{}{}
+}
+
+// Unsubscribe is called when a blocking call exits to unsubscribe from root
+// updates and possibly stop the shared root watcher if it's no longer needed.
+// Note that typically root CA is still being watched by clients directly and
+// probably by the ProxyConfigManager so it will stay hot in cache for a while,
+// we are just not monitoring it for updates any more.
+func (r *rootWatcher) Unsubscribe(rootUpdateCh chan struct{}) {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+	delete(r.subscribers, rootUpdateCh)
+	if len(r.subscribers) == 0 && r.cancel != nil {
+		// This was the last request. Stop the root watcher.
+		r.cancel()
+		r.cancel = nil
+	}
+}
+
+func (r *rootWatcher) notifySubscribers() {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+
+	for ch := range r.subscribers {
+		select {
+		case ch <- struct{}{}:
+		default:
+			// Don't block - chans are 1-buffered so this default case
+			// means the subscriber already holds an update signal.
+		}
+	}
+}
+
+// rootWatcher is the shared rootWatcher that runs in a background goroutine
+// while needed by one or more inflight Fetch calls.
+func (r *rootWatcher) rootWatcher(ctx context.Context) {
+	atomic.AddUint32(&r.testStartCount, 1)
+	defer atomic.AddUint32(&r.testStopCount, 1)
+
+	ch := make(chan cache.UpdateEvent, 1)
+
+	if err := r.rootsReader.Notify(ctx, "roots", ch); err != nil {
+		// Trigger all inflight watchers. We don't pass the error, but they will
+		// reload from cache and observe the same error and return it to the caller,
+		// or if it's transient, will continue and the next Fetch will get us back
+		// into the right state. Seems better than busy loop-retrying here given
+		// that almost any error we would see here would also be returned from the
+		// cache get this will trigger.
+		r.notifySubscribers()
+		return
+	}
+
+	var oldRoots *structs.IndexedCARoots
+	// Wait for updates to roots or all requests to stop
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case e := <-ch:
+			// Root response changed in some way. Note this might be the initial
+			// fetch.
+			if e.Err != nil {
+				// See above rationale about the error propagation
+				r.notifySubscribers()
+				continue
+			}
+
+			roots, ok := e.Result.(*structs.IndexedCARoots)
+			if !ok {
+				// See above rationale about the error propagation
+				r.notifySubscribers()
+				continue
+			}
+
+			// Check that the active root is actually different from the last CA
+			// config there are many reasons the config might have changed without
+			// actually updating the CA root that is signing certs in the cluster.
+			// The Fetch calls will also validate this since the first call here we
+			// don't know if it changed or not, but there is no point waking up all
+			// Fetch calls to check this if we know none of them will need to act on
+			// this update.
+			if oldRoots != nil && oldRoots.ActiveRootID == roots.ActiveRootID {
+				continue
+			}
+
+			// Distribute the update to all inflight requests - they will decide
+			// whether or not they need to act on it.
+			r.notifySubscribers()
+			oldRoots = roots
+		}
+	}
+}
diff --git a/agent/leafcert/signer_netrpc.go b/agent/leafcert/signer_netrpc.go
new file mode 100644
index 000000000000..2d6b490a9ea8
--- /dev/null
+++ b/agent/leafcert/signer_netrpc.go
@@ -0,0 +1,35 @@
+package leafcert
+
+import (
+	"context"
+
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+// NetRPC is an interface that an NetRPC client must implement. This is a helper
+// interface that is implemented by the agent delegate so that Type
+// implementations can request NetRPC access.
+type NetRPC interface {
+	RPC(ctx context.Context, method string, args any, reply any) error
+}
+
+// NewNetRPCCertSigner returns a CertSigner that uses net-rpc to sign certs.
+func NewNetRPCCertSigner(netRPC NetRPC) CertSigner {
+	return &netRPCCertSigner{netRPC: netRPC}
+}
+
+type netRPCCertSigner struct {
+	// NetRPC is an RPC client for remote cert signing requests.
+	netRPC NetRPC
+}
+
+var _ CertSigner = (*netRPCCertSigner)(nil)
+
+func (s *netRPCCertSigner) SignCert(ctx context.Context, args *structs.CASignRequest) (*structs.IssuedCert, error) {
+	var reply structs.IssuedCert
+	err := s.netRPC.RPC(ctx, "ConnectCA.Sign", args, &reply)
+	if err != nil {
+		return nil, err
+	}
+	return &reply, nil
+}
diff --git a/agent/leafcert/signer_test.go b/agent/leafcert/signer_test.go
new file mode 100644
index 000000000000..21e3388f5a1c
--- /dev/null
+++ b/agent/leafcert/signer_test.go
@@ -0,0 +1,243 @@
+package leafcert
+
+import (
+	"bytes"
+	"context"
+	"crypto/rand"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"math/big"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+// testSigner implements NetRPC and handles leaf signing operations
+type testSigner struct {
+	caLock    sync.Mutex
+	ca        *structs.CARoot
+	prevRoots []*structs.CARoot // remember prior ones
+
+	IDGenerator *atomic.Uint64
+	RootsReader *testRootsReader
+
+	signCallLock       sync.Mutex
+	signCallErrors     []error
+	signCallErrorCount uint64
+	signCallCapture    []*structs.CASignRequest
+}
+
+var _ CertSigner = (*testSigner)(nil)
+
+var ReplyWithExpiredCert = errors.New("reply with expired cert")
+
+func newTestSigner(t *testing.T, idGenerator *atomic.Uint64, rootsReader *testRootsReader) *testSigner {
+	if idGenerator == nil {
+		idGenerator = &atomic.Uint64{}
+	}
+	if rootsReader == nil {
+		rootsReader = newTestRootsReader(t)
+	}
+	s := &testSigner{
+		IDGenerator: idGenerator,
+		RootsReader: rootsReader,
+	}
+	return s
+}
+
+func (s *testSigner) SetSignCallErrors(errs ...error) {
+	s.signCallLock.Lock()
+	defer s.signCallLock.Unlock()
+	s.signCallErrors = append(s.signCallErrors, errs...)
+}
+
+func (s *testSigner) GetSignCallErrorCount() uint64 {
+	s.signCallLock.Lock()
+	defer s.signCallLock.Unlock()
+	return s.signCallErrorCount
+}
+
+func (s *testSigner) UpdateCA(t *testing.T, ca *structs.CARoot) *structs.CARoot {
+	if ca == nil {
+		ca = connect.TestCA(t, nil)
+	}
+	roots := &structs.IndexedCARoots{
+		ActiveRootID: ca.ID,
+		TrustDomain:  connect.TestTrustDomain,
+		Roots:        []*structs.CARoot{ca},
+		QueryMeta:    structs.QueryMeta{Index: s.nextIndex()},
+	}
+
+	// Update the signer first.
+	s.caLock.Lock()
+	{
+		s.ca = ca
+		roots.Roots = append(roots.Roots, s.prevRoots...)
+		// Remember for the next rotation.
+		dup := ca.Clone()
+		dup.Active = false
+		s.prevRoots = append(s.prevRoots, dup)
+	}
+	s.caLock.Unlock()
+
+	// Then trigger an event when updating the roots.
+	s.RootsReader.Set(roots)
+
+	return ca
+}
+
+func (s *testSigner) nextIndex() uint64 {
+	return s.IDGenerator.Add(1)
+}
+
+func (s *testSigner) getCA() *structs.CARoot {
+	s.caLock.Lock()
+	defer s.caLock.Unlock()
+	return s.ca
+}
+
+func (s *testSigner) GetCapture(idx int) *structs.CASignRequest {
+	s.signCallLock.Lock()
+	defer s.signCallLock.Unlock()
+	if len(s.signCallCapture) > idx {
+		return s.signCallCapture[idx]
+	}
+
+	return nil
+}
+
+func (s *testSigner) SignCert(ctx context.Context, req *structs.CASignRequest) (*structs.IssuedCert, error) {
+	useExpiredCert := false
+	s.signCallLock.Lock()
+	s.signCallCapture = append(s.signCallCapture, req)
+	if len(s.signCallErrors) > 0 {
+		err := s.signCallErrors[0]
+		s.signCallErrors = s.signCallErrors[1:]
+		if err == ReplyWithExpiredCert {
+			useExpiredCert = true
+		} else if err != nil {
+			s.signCallErrorCount++
+			s.signCallLock.Unlock()
+			return nil, err
+		}
+	}
+	s.signCallLock.Unlock()
+
+	// parts of this were inlined from CAManager and the connect ca provider
+	ca := s.getCA()
+	if ca == nil {
+		return nil, fmt.Errorf("must call UpdateCA at least once")
+	}
+
+	csr, err := connect.ParseCSR(req.CSR)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing CSR: %w", err)
+	}
+
+	connect.HackSANExtensionForCSR(csr)
+
+	spiffeID, err := connect.ParseCertURI(csr.URIs[0])
+	if err != nil {
+		return nil, fmt.Errorf("error parsing CSR URI: %w", err)
+	}
+
+	serviceID, isService := spiffeID.(*connect.SpiffeIDService)
+	if !isService {
+		return nil, fmt.Errorf("unexpected spiffeID type %T", spiffeID)
+	}
+
+	signer, err := connect.ParseSigner(ca.SigningKey)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing CA signing key: %w", err)
+	}
+
+	keyId, err := connect.KeyId(signer.Public())
+	if err != nil {
+		return nil, fmt.Errorf("error forming CA key id from public key: %w", err)
+	}
+
+	subjectKeyID, err := connect.KeyId(csr.PublicKey)
+	if err != nil {
+		return nil, fmt.Errorf("error forming subject key id from public key: %w", err)
+	}
+
+	caCert, err := connect.ParseCert(ca.RootCert)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing CA root cert pem: %w", err)
+	}
+
+	const expiration = 10 * time.Minute
+
+	now := time.Now()
+	template := x509.Certificate{
+		SerialNumber: big.NewInt(int64(s.nextIndex())),
+		URIs:         csr.URIs,
+		Signature:    csr.Signature,
+		// We use the correct signature algorithm for the CA key we are signing with
+		// regardless of the algorithm used to sign the CSR signature above since
+		// the leaf might use a different key type.
+		SignatureAlgorithm:    connect.SigAlgoForKey(signer),
+		PublicKeyAlgorithm:    csr.PublicKeyAlgorithm,
+		PublicKey:             csr.PublicKey,
+		BasicConstraintsValid: true,
+		KeyUsage: x509.KeyUsageDataEncipherment |
+			x509.KeyUsageKeyAgreement |
+			x509.KeyUsageDigitalSignature |
+			x509.KeyUsageKeyEncipherment,
+		ExtKeyUsage: []x509.ExtKeyUsage{
+			x509.ExtKeyUsageClientAuth,
+			x509.ExtKeyUsageServerAuth,
+		},
+		NotAfter:       now.Add(expiration),
+		NotBefore:      now,
+		AuthorityKeyId: keyId,
+		SubjectKeyId:   subjectKeyID,
+		DNSNames:       csr.DNSNames,
+		IPAddresses:    csr.IPAddresses,
+	}
+
+	if useExpiredCert {
+		template.NotBefore = time.Now().Add(-13 * time.Hour)
+		template.NotAfter = time.Now().Add(-1 * time.Hour)
+	}
+
+	// Create the certificate, PEM encode it and return that value.
+	var buf bytes.Buffer
+	bs, err := x509.CreateCertificate(
+		rand.Reader, &template, caCert, csr.PublicKey, signer)
+	if err != nil {
+		return nil, fmt.Errorf("error creating cert pem from CSR: %w", err)
+	}
+
+	err = pem.Encode(&buf, &pem.Block{Type: "CERTIFICATE", Bytes: bs})
+	if err != nil {
+		return nil, fmt.Errorf("error encoding cert pem into text: %w", err)
+	}
+
+	leafPEM := buf.String()
+
+	leafCert, err := connect.ParseCert(leafPEM)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing cert from generated leaf pem: %w", err)
+	}
+
+	index := s.nextIndex()
+	return &structs.IssuedCert{
+		SerialNumber: connect.EncodeSerialNumber(leafCert.SerialNumber),
+		CertPEM:      leafPEM,
+		Service:      serviceID.Service,
+		ServiceURI:   leafCert.URIs[0].String(),
+		ValidAfter:   leafCert.NotBefore,
+		ValidBefore:  leafCert.NotAfter,
+		RaftIndex: structs.RaftIndex{
+			CreateIndex: index,
+			ModifyIndex: index,
+		},
+	}, nil
+}
diff --git a/agent/leafcert/structs.go b/agent/leafcert/structs.go
new file mode 100644
index 000000000000..531d35c897e6
--- /dev/null
+++ b/agent/leafcert/structs.go
@@ -0,0 +1,103 @@
+package leafcert
+
+import (
+	"fmt"
+	"net"
+	"time"
+
+	"github.com/mitchellh/hashstructure"
+
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/agent/cache"
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+// ConnectCALeafRequest is the cache.Request implementation for the
+// ConnectCALeaf cache type. This is implemented here and not in structs
+// since this is only used for cache-related requests and not forwarded
+// directly to any Consul servers.
+type ConnectCALeafRequest struct {
+	Token         string
+	Datacenter    string
+	DNSSAN        []string
+	IPSAN         []net.IP
+	MinQueryIndex uint64
+	MaxQueryTime  time.Duration
+	acl.EnterpriseMeta
+	MustRevalidate bool
+
+	// The following flags indicate the entity we are requesting a cert for.
+	// Only one of these must be specified.
+	Service string              // Given a Service name, not ID, the request is for a SpiffeIDService.
+	Agent   string              // Given an Agent name, not ID, the request is for a SpiffeIDAgent.
+	Kind    structs.ServiceKind // Given "mesh-gateway", the request is for a SpiffeIDMeshGateway. No other kinds supported.
+	Server  bool                // If true, the request is for a SpiffeIDServer.
+}
+
+func (r *ConnectCALeafRequest) Key() string {
+	r.EnterpriseMeta.Normalize()
+
+	switch {
+	case r.Agent != "":
+		v, err := hashstructure.Hash([]any{
+			r.Agent,
+			r.PartitionOrDefault(),
+		}, nil)
+		if err == nil {
+			return fmt.Sprintf("agent:%d", v)
+		}
+	case r.Kind == structs.ServiceKindMeshGateway:
+		v, err := hashstructure.Hash([]any{
+			r.PartitionOrDefault(),
+			r.DNSSAN,
+			r.IPSAN,
+		}, nil)
+		if err == nil {
+			return fmt.Sprintf("kind:%d", v)
+		}
+	case r.Kind != "":
+		// this is not valid
+	case r.Server:
+		v, err := hashstructure.Hash([]any{
+			"server",
+			r.Datacenter,
+		}, nil)
+		if err == nil {
+			return fmt.Sprintf("server:%d", v)
+		}
+	default:
+		v, err := hashstructure.Hash([]any{
+			r.Service,
+			r.EnterpriseMeta,
+			r.DNSSAN,
+			r.IPSAN,
+		}, nil)
+		if err == nil {
+			return fmt.Sprintf("service:%d", v)
+		}
+	}
+
+	// If there is an error, we don't set the key. A blank key forces
+	// no cache for this request so the request is forwarded directly
+	// to the server.
+	return ""
+}
+
+func (req *ConnectCALeafRequest) TargetNamespace() string {
+	return req.NamespaceOrDefault()
+}
+
+func (req *ConnectCALeafRequest) TargetPartition() string {
+	return req.PartitionOrDefault()
+}
+
+func (r *ConnectCALeafRequest) CacheInfo() cache.RequestInfo {
+	return cache.RequestInfo{
+		Token:          r.Token,
+		Key:            r.Key(),
+		Datacenter:     r.Datacenter,
+		MinIndex:       r.MinQueryIndex,
+		Timeout:        r.MaxQueryTime,
+		MustRevalidate: r.MustRevalidate,
+	}
+}
diff --git a/agent/leafcert/structs_test.go b/agent/leafcert/structs_test.go
new file mode 100644
index 000000000000..bb131f10ed7c
--- /dev/null
+++ b/agent/leafcert/structs_test.go
@@ -0,0 +1,79 @@
+package leafcert
+
+import (
+	"net"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestConnectCALeafRequest_Key(t *testing.T) {
+	key := func(r ConnectCALeafRequest) string {
+		return r.Key()
+	}
+	t.Run("service", func(t *testing.T) {
+		t.Run("name", func(t *testing.T) {
+			r1 := key(ConnectCALeafRequest{Service: "web"})
+			r2 := key(ConnectCALeafRequest{Service: "api"})
+			require.True(t, strings.HasPrefix(r1, "service:"), "Key %s does not start with service:", r1)
+			require.True(t, strings.HasPrefix(r2, "service:"), "Key %s does not start with service:", r2)
+			require.NotEqual(t, r1, r2, "Cache keys for different services should not be equal")
+		})
+		t.Run("dns-san", func(t *testing.T) {
+			r3 := key(ConnectCALeafRequest{Service: "foo", DNSSAN: []string{"a.com"}})
+			r4 := key(ConnectCALeafRequest{Service: "foo", DNSSAN: []string{"b.com"}})
+			require.NotEqual(t, r3, r4, "Cache keys for different DNSSAN should not be equal")
+		})
+		t.Run("ip-san", func(t *testing.T) {
+			r5 := key(ConnectCALeafRequest{Service: "foo", IPSAN: []net.IP{net.ParseIP("192.168.4.139")}})
+			r6 := key(ConnectCALeafRequest{Service: "foo", IPSAN: []net.IP{net.ParseIP("192.168.4.140")}})
+			require.NotEqual(t, r5, r6, "Cache keys for different IPSAN should not be equal")
+		})
+	})
+	t.Run("agent", func(t *testing.T) {
+		t.Run("name", func(t *testing.T) {
+			r1 := key(ConnectCALeafRequest{Agent: "abc"})
+			require.True(t, strings.HasPrefix(r1, "agent:"), "Key %s does not start with agent:", r1)
+		})
+		t.Run("dns-san ignored", func(t *testing.T) {
+			r3 := key(ConnectCALeafRequest{Agent: "foo", DNSSAN: []string{"a.com"}})
+			r4 := key(ConnectCALeafRequest{Agent: "foo", DNSSAN: []string{"b.com"}})
+			require.Equal(t, r3, r4, "DNSSAN is ignored for agent type")
+		})
+		t.Run("ip-san ignored", func(t *testing.T) {
+			r5 := key(ConnectCALeafRequest{Agent: "foo", IPSAN: []net.IP{net.ParseIP("192.168.4.139")}})
+			r6 := key(ConnectCALeafRequest{Agent: "foo", IPSAN: []net.IP{net.ParseIP("192.168.4.140")}})
+			require.Equal(t, r5, r6, "IPSAN is ignored for agent type")
+		})
+	})
+	t.Run("kind", func(t *testing.T) {
+		t.Run("invalid", func(t *testing.T) {
+			r1 := key(ConnectCALeafRequest{Kind: "terminating-gateway"})
+			require.Empty(t, r1)
+		})
+		t.Run("mesh-gateway", func(t *testing.T) {
+			t.Run("normal", func(t *testing.T) {
+				r1 := key(ConnectCALeafRequest{Kind: "mesh-gateway"})
+				require.True(t, strings.HasPrefix(r1, "kind:"), "Key %s does not start with kind:", r1)
+			})
+			t.Run("dns-san", func(t *testing.T) {
+				r3 := key(ConnectCALeafRequest{Kind: "mesh-gateway", DNSSAN: []string{"a.com"}})
+				r4 := key(ConnectCALeafRequest{Kind: "mesh-gateway", DNSSAN: []string{"b.com"}})
+				require.NotEqual(t, r3, r4, "Cache keys for different DNSSAN should not be equal")
+			})
+			t.Run("ip-san", func(t *testing.T) {
+				r5 := key(ConnectCALeafRequest{Kind: "mesh-gateway", IPSAN: []net.IP{net.ParseIP("192.168.4.139")}})
+				r6 := key(ConnectCALeafRequest{Kind: "mesh-gateway", IPSAN: []net.IP{net.ParseIP("192.168.4.140")}})
+				require.NotEqual(t, r5, r6, "Cache keys for different IPSAN should not be equal")
+			})
+		})
+	})
+	t.Run("server", func(t *testing.T) {
+		r1 := key(ConnectCALeafRequest{
+			Server:     true,
+			Datacenter: "us-east",
+		})
+		require.True(t, strings.HasPrefix(r1, "server:"), "Key %s does not start with server:", r1)
+	})
+}
diff --git a/agent/leafcert/util.go b/agent/leafcert/util.go
new file mode 100644
index 000000000000..a7453df37b4f
--- /dev/null
+++ b/agent/leafcert/util.go
@@ -0,0 +1,63 @@
+package leafcert
+
+import (
+	"time"
+
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+// calculateSoftExpiry encapsulates our logic for when to renew a cert based on
+// it's age. It returns a pair of times min, max which makes it easier to test
+// the logic without non-deterministic jitter to account for. The caller should
+// choose a time randomly in between these.
+//
+// We want to balance a few factors here:
+//   - renew too early and it increases the aggregate CSR rate in the cluster
+//   - renew too late and it risks disruption to the service if a transient
+//     error prevents the renewal
+//   - we want a broad amount of jitter so if there is an outage, we don't end
+//     up with all services in sync and causing a thundering herd every
+//     renewal period. Broader is better for smoothing requests but pushes
+//     both earlier and later tradeoffs above.
+//
+// Somewhat arbitrarily the current strategy looks like this:
+//
+//	         0                              60%             90%
+//	  Issued [------------------------------|===============|!!!!!] Expires
+//	72h TTL: 0                             ~43h            ~65h
+//	 1h TTL: 0                              36m             54m
+//
+// Where |===| is the soft renewal period where we jitter for the first attempt
+// and |!!!| is the danger zone where we just try immediately.
+//
+// In the happy path (no outages) the average renewal occurs half way through
+// the soft renewal region or at 75% of the cert lifetime which is ~54 hours for
+// a 72 hour cert, or 45 mins for a 1 hour cert.
+//
+// If we are already in the softRenewal period, we randomly pick a time between
+// now and the start of the danger zone.
+//
+// We pass in now to make testing easier.
+func calculateSoftExpiry(now time.Time, cert *structs.IssuedCert) (min time.Time, max time.Time) {
+	certLifetime := cert.ValidBefore.Sub(cert.ValidAfter)
+	if certLifetime < 10*time.Minute {
+		// Shouldn't happen as we limit to 1 hour shortest elsewhere but just be
+		// defensive against strange times or bugs.
+		return now, now
+	}
+
+	// Find the 60% mark in diagram above
+	softRenewTime := cert.ValidAfter.Add(time.Duration(float64(certLifetime) * 0.6))
+	hardRenewTime := cert.ValidAfter.Add(time.Duration(float64(certLifetime) * 0.9))
+
+	if now.After(hardRenewTime) {
+		// In the hard renew period, or already expired. Renew now!
+		return now, now
+	}
+
+	if now.After(softRenewTime) {
+		// Already in the soft renew period, make now the lower bound for jitter
+		softRenewTime = now
+	}
+	return softRenewTime, hardRenewTime
+}
diff --git a/agent/leafcert/util_test.go b/agent/leafcert/util_test.go
new file mode 100644
index 000000000000..be89ad5936c1
--- /dev/null
+++ b/agent/leafcert/util_test.go
@@ -0,0 +1,133 @@
+package leafcert
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+func TestCalculateSoftExpire(t *testing.T) {
+	tests := []struct {
+		name     string
+		now      string
+		issued   string
+		lifetime time.Duration
+		wantMin  string
+		wantMax  string
+	}{
+		{
+			name:     "72h just issued",
+			now:      "2018-01-01 00:00:01",
+			issued:   "2018-01-01 00:00:00",
+			lifetime: 72 * time.Hour,
+			// Should jitter between 60% and 90% of the lifetime which is 43.2/64.8
+			// hours after issued
+			wantMin: "2018-01-02 19:12:00",
+			wantMax: "2018-01-03 16:48:00",
+		},
+		{
+			name: "72h in renew range",
+			// This time should be inside the renewal range.
+			now:      "2018-01-02 20:00:20",
+			issued:   "2018-01-01 00:00:00",
+			lifetime: 72 * time.Hour,
+			// Min should be the "now" time
+			wantMin: "2018-01-02 20:00:20",
+			wantMax: "2018-01-03 16:48:00",
+		},
+		{
+			name: "72h in hard renew",
+			// This time should be inside the renewal range.
+			now:      "2018-01-03 18:00:00",
+			issued:   "2018-01-01 00:00:00",
+			lifetime: 72 * time.Hour,
+			// Min and max should both be the "now" time
+			wantMin: "2018-01-03 18:00:00",
+			wantMax: "2018-01-03 18:00:00",
+		},
+		{
+			name: "72h expired",
+			// This time is after expiry
+			now:      "2018-01-05 00:00:00",
+			issued:   "2018-01-01 00:00:00",
+			lifetime: 72 * time.Hour,
+			// Min and max should both be the "now" time
+			wantMin: "2018-01-05 00:00:00",
+			wantMax: "2018-01-05 00:00:00",
+		},
+		{
+			name:     "1h just issued",
+			now:      "2018-01-01 00:00:01",
+			issued:   "2018-01-01 00:00:00",
+			lifetime: 1 * time.Hour,
+			// Should jitter between 60% and 90% of the lifetime which is 36/54 mins
+			// hours after issued
+			wantMin: "2018-01-01 00:36:00",
+			wantMax: "2018-01-01 00:54:00",
+		},
+		{
+			name: "1h in renew range",
+			// This time should be inside the renewal range.
+			now:      "2018-01-01 00:40:00",
+			issued:   "2018-01-01 00:00:00",
+			lifetime: 1 * time.Hour,
+			// Min should be the "now" time
+			wantMin: "2018-01-01 00:40:00",
+			wantMax: "2018-01-01 00:54:00",
+		},
+		{
+			name: "1h in hard renew",
+			// This time should be inside the renewal range.
+			now:      "2018-01-01 00:55:00",
+			issued:   "2018-01-01 00:00:00",
+			lifetime: 1 * time.Hour,
+			// Min and max should both be the "now" time
+			wantMin: "2018-01-01 00:55:00",
+			wantMax: "2018-01-01 00:55:00",
+		},
+		{
+			name: "1h expired",
+			// This time is after expiry
+			now:      "2018-01-01 01:01:01",
+			issued:   "2018-01-01 00:00:00",
+			lifetime: 1 * time.Hour,
+			// Min and max should both be the "now" time
+			wantMin: "2018-01-01 01:01:01",
+			wantMax: "2018-01-01 01:01:01",
+		},
+		{
+			name: "too short lifetime",
+			// This time is after expiry
+			now:      "2018-01-01 01:01:01",
+			issued:   "2018-01-01 00:00:00",
+			lifetime: 1 * time.Minute,
+			// Min and max should both be the "now" time
+			wantMin: "2018-01-01 01:01:01",
+			wantMax: "2018-01-01 01:01:01",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			now, err := time.Parse("2006-01-02 15:04:05", tc.now)
+			require.NoError(t, err)
+			issued, err := time.Parse("2006-01-02 15:04:05", tc.issued)
+			require.NoError(t, err)
+			wantMin, err := time.Parse("2006-01-02 15:04:05", tc.wantMin)
+			require.NoError(t, err)
+			wantMax, err := time.Parse("2006-01-02 15:04:05", tc.wantMax)
+			require.NoError(t, err)
+
+			min, max := calculateSoftExpiry(now, &structs.IssuedCert{
+				ValidAfter:  issued,
+				ValidBefore: issued.Add(tc.lifetime),
+			})
+
+			require.Equal(t, wantMin, min)
+			require.Equal(t, wantMax, max)
+		})
+	}
+}
diff --git a/agent/leafcert/watch.go b/agent/leafcert/watch.go
new file mode 100644
index 000000000000..62a7260c4287
--- /dev/null
+++ b/agent/leafcert/watch.go
@@ -0,0 +1,160 @@
+package leafcert
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/consul/agent/cache"
+	"github.com/hashicorp/consul/lib"
+)
+
+// Notify registers a desire to be updated about changes to a cache result.
+//
+// It is a helper that abstracts code from performing their own "blocking" query
+// logic against a cache key to watch for changes and to maintain the key in
+// cache actively. It will continue to perform blocking Get requests until the
+// context is canceled.
+//
+// The passed context must be canceled or timeout in order to free resources
+// and stop maintaining the value in cache. Typically request-scoped resources
+// do this but if a long-lived context like context.Background is used, then the
+// caller must arrange for it to be canceled when the watch is no longer
+// needed.
+//
+// The passed chan may be buffered or unbuffered, if the caller doesn't consume
+// fast enough it will block the notification loop. When the chan is later
+// drained, watching resumes correctly. If the pause is longer than the
+// cachetype's TTL, the result might be removed from the local cache. Even in
+// this case though when the chan is drained again, the new Get will re-fetch
+// the entry from servers and resume notification behavior transparently.
+//
+// The chan is passed in to allow multiple cached results to be watched by a
+// single consumer without juggling extra goroutines per watch. The
+// correlationID is opaque and will be returned in all UpdateEvents generated by
+// result of watching the specified request so the caller can set this to any
+// value that allows them to disambiguate between events in the returned chan
+// when sharing a chan between multiple cache entries. If the chan is closed,
+// the notify loop will terminate.
+func (m *Manager) Notify(
+	ctx context.Context,
+	req *ConnectCALeafRequest,
+	correlationID string,
+	ch chan<- cache.UpdateEvent,
+) error {
+	return m.NotifyCallback(ctx, req, correlationID, func(ctx context.Context, event cache.UpdateEvent) {
+		select {
+		case ch <- event:
+		case <-ctx.Done():
+		}
+	})
+}
+
+// NotifyCallback allows you to receive notifications about changes to a cache
+// result in the same way as Notify, but accepts a callback function instead of
+// a channel.
+func (m *Manager) NotifyCallback(
+	ctx context.Context,
+	req *ConnectCALeafRequest,
+	correlationID string,
+	cb cache.Callback,
+) error {
+	if req.Key() == "" {
+		return fmt.Errorf("a key is required")
+	}
+	// Lightweight copy this object so that manipulating req doesn't race.
+	dup := *req
+	req = &dup
+
+	if req.MaxQueryTime <= 0 {
+		req.MaxQueryTime = DefaultQueryTimeout
+	}
+
+	go m.notifyBlockingQuery(ctx, req, correlationID, cb)
+	return nil
+}
+
+func (m *Manager) notifyBlockingQuery(
+	ctx context.Context,
+	req *ConnectCALeafRequest,
+	correlationID string,
+	cb cache.Callback,
+) {
+	// Always start at 0 index to deliver the initial (possibly currently cached
+	// value).
+	index := uint64(0)
+	failures := uint(0)
+
+	for {
+		// Check context hasn't been canceled
+		if ctx.Err() != nil {
+			return
+		}
+
+		// Blocking request
+		req.MinQueryIndex = index
+		newValue, meta, err := m.internalGet(ctx, req)
+
+		// Check context hasn't been canceled
+		if ctx.Err() != nil {
+			return
+		}
+
+		// Check the index of the value returned in the cache entry to be sure it
+		// changed
+		if index == 0 || index < meta.Index {
+			cb(ctx, cache.UpdateEvent{
+				CorrelationID: correlationID,
+				Result:        newValue,
+				Meta:          meta,
+				Err:           err,
+			})
+
+			// Update index for next request
+			index = meta.Index
+		}
+
+		var wait time.Duration
+		// Handle errors with backoff. Badly behaved blocking calls that returned
+		// a zero index are considered as failures since we need to not get stuck
+		// in a busy loop.
+		if err == nil && meta.Index > 0 {
+			failures = 0
+		} else {
+			failures++
+			wait = backOffWait(m.config, failures)
+
+			m.logger.
+				With("error", err).
+				With("index", index).
+				Warn("handling error in Manager.Notify")
+		}
+
+		if wait > 0 {
+			select {
+			case <-time.After(wait):
+			case <-ctx.Done():
+				return
+			}
+		}
+		// Sanity check we always request blocking on second pass
+		if err == nil && index < 1 {
+			index = 1
+		}
+	}
+}
+
+func backOffWait(cfg Config, failures uint) time.Duration {
+	if failures > cfg.LeafCertRefreshBackoffMin {
+		shift := failures - cfg.LeafCertRefreshBackoffMin
+		waitTime := cfg.LeafCertRefreshMaxWait
+		if shift < 31 {
+			waitTime = (1 << shift) * time.Second
+		}
+		if waitTime > cfg.LeafCertRefreshMaxWait {
+			waitTime = cfg.LeafCertRefreshMaxWait
+		}
+		return waitTime + lib.RandomStagger(waitTime)
+	}
+	return 0
+}
diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go
index 320d2fc25804..d0363ec3b8e7 100644
--- a/agent/proxycfg-glue/glue.go
+++ b/agent/proxycfg-glue/glue.go
@@ -10,8 +10,6 @@ import (
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-memdb"
 
-	"github.com/hashicorp/consul/proto/private/pbpeering"
-
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/cache"
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
@@ -23,6 +21,7 @@ import (
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/submatview"
+	"github.com/hashicorp/consul/proto/private/pbpeering"
 )
 
 // ServerDataSourceDeps contains the dependencies needed for sourcing data from
@@ -81,17 +80,6 @@ func CacheServiceGateways(c *cache.Cache) proxycfg.GatewayServices {
 	return &cacheProxyDataSource[*structs.ServiceSpecificRequest]{c, cachetype.ServiceGatewaysName}
 }
 
-// CacheLeafCertificate satisifies the proxycfg.LeafCertificate interface by
-// sourcing data from the agent cache.
-//
-// Note: there isn't a server-local equivalent of this data source because
-// "agentless" proxies obtain certificates via SDS served by consul-dataplane.
-// If SDS is not supported on consul-dataplane, data is sourced from the server agent cache
-// even for "agentless" proxies.
-func CacheLeafCertificate(c *cache.Cache) proxycfg.LeafCertificate {
-	return &cacheProxyDataSource[*cachetype.ConnectCALeafRequest]{c, cachetype.ConnectCALeafName}
-}
-
 // CachePrepraredQuery satisfies the proxycfg.PreparedQuery interface by
 // sourcing data from the agent cache.
 //
diff --git a/agent/proxycfg-glue/leafcerts.go b/agent/proxycfg-glue/leafcerts.go
new file mode 100644
index 000000000000..24631ffc3113
--- /dev/null
+++ b/agent/proxycfg-glue/leafcerts.go
@@ -0,0 +1,25 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package proxycfgglue
+
+import (
+	"context"
+
+	"github.com/hashicorp/consul/agent/leafcert"
+	"github.com/hashicorp/consul/agent/proxycfg"
+)
+
+// LocalLeafCerts satisfies the proxycfg.LeafCertificate interface by sourcing data from
+// the given leafcert.Manager.
+func LocalLeafCerts(m *leafcert.Manager) proxycfg.LeafCertificate {
+	return &localLeafCerts{m}
+}
+
+type localLeafCerts struct {
+	leafCertManager *leafcert.Manager
+}
+
+func (c *localLeafCerts) Notify(ctx context.Context, req *leafcert.ConnectCALeafRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error {
+	return c.leafCertManager.NotifyCallback(ctx, req, correlationID, dispatchCacheUpdate(ch))
+}
diff --git a/agent/proxycfg/api_gateway.go b/agent/proxycfg/api_gateway.go
index 21631bd5fa47..7a4a48d0d251 100644
--- a/agent/proxycfg/api_gateway.go
+++ b/agent/proxycfg/api_gateway.go
@@ -7,7 +7,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/hashicorp/consul/acl"
-	cachetype "github.com/hashicorp/consul/agent/cache-types"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/proxycfg/internal/watch"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
@@ -489,7 +489,7 @@ func (h *handlerAPIGateway) watchIngressLeafCert(ctx context.Context, snap *Conf
 		snap.APIGateway.LeafCertWatchCancel()
 	}
 	ctx, cancel := context.WithCancel(ctx)
-	err := h.dataSources.LeafCertificate.Notify(ctx, &cachetype.ConnectCALeafRequest{
+	err := h.dataSources.LeafCertificate.Notify(ctx, &leafcert.ConnectCALeafRequest{
 		Datacenter:     h.source.Datacenter,
 		Token:          h.token,
 		Service:        h.service,
diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go
index 442223cda0ef..7dcbe18e7195 100644
--- a/agent/proxycfg/connect_proxy.go
+++ b/agent/proxycfg/connect_proxy.go
@@ -11,13 +11,15 @@ import (
 	"path"
 	"strings"
 
+	"github.com/mitchellh/mapstructure"
+
 	"github.com/hashicorp/consul/acl"
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/proxycfg/internal/watch"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
-	"github.com/mitchellh/mapstructure"
 )
 
 type handlerConnectProxy struct {
@@ -69,7 +71,7 @@ func (s *handlerConnectProxy) initialize(ctx context.Context) (ConfigSnapshot, e
 	}
 
 	// Watch the leaf cert
-	err = s.dataSources.LeafCertificate.Notify(ctx, &cachetype.ConnectCALeafRequest{
+	err = s.dataSources.LeafCertificate.Notify(ctx, &leafcert.ConnectCALeafRequest{
 		Datacenter:     s.source.Datacenter,
 		Token:          s.token,
 		Service:        s.proxyCfg.DestinationServiceName,
diff --git a/agent/proxycfg/data_sources.go b/agent/proxycfg/data_sources.go
index 0018ce7c08ca..ee779dfb6c88 100644
--- a/agent/proxycfg/data_sources.go
+++ b/agent/proxycfg/data_sources.go
@@ -8,6 +8,7 @@ import (
 	"errors"
 
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/structs"
 )
 
@@ -212,7 +213,7 @@ type InternalServiceDump interface {
 // LeafCertificate is the interface used to consume updates about a service's
 // leaf certificate.
 type LeafCertificate interface {
-	Notify(ctx context.Context, req *cachetype.ConnectCALeafRequest, correlationID string, ch chan<- UpdateEvent) error
+	Notify(ctx context.Context, req *leafcert.ConnectCALeafRequest, correlationID string, ch chan<- UpdateEvent) error
 }
 
 // PeeredUpstreams is the interface used to consume updates about upstreams
diff --git a/agent/proxycfg/ingress_gateway.go b/agent/proxycfg/ingress_gateway.go
index e76d567a5053..22eb40505677 100644
--- a/agent/proxycfg/ingress_gateway.go
+++ b/agent/proxycfg/ingress_gateway.go
@@ -7,7 +7,7 @@ import (
 	"context"
 	"fmt"
 
-	cachetype "github.com/hashicorp/consul/agent/cache-types"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/proxycfg/internal/watch"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
@@ -222,7 +222,7 @@ func (s *handlerIngressGateway) watchIngressLeafCert(ctx context.Context, snap *
 		snap.IngressGateway.LeafCertWatchCancel()
 	}
 	ctx, cancel := context.WithCancel(ctx)
-	err := s.dataSources.LeafCertificate.Notify(ctx, &cachetype.ConnectCALeafRequest{
+	err := s.dataSources.LeafCertificate.Notify(ctx, &leafcert.ConnectCALeafRequest{
 		Datacenter:     s.source.Datacenter,
 		Token:          s.token,
 		Service:        s.service,
diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go
index 0cbd769df2cb..13dd0f95420c 100644
--- a/agent/proxycfg/manager_test.go
+++ b/agent/proxycfg/manager_test.go
@@ -10,10 +10,10 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/hashicorp/consul/acl"
-	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/configentry"
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/consul/discoverychain"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/proxycfg/internal/watch"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
@@ -130,7 +130,7 @@ func TestManager_BasicLifecycle(t *testing.T) {
 		Datacenter:   "dc1",
 		QueryOptions: structs.QueryOptions{Token: "my-token"},
 	}
-	leafReq := &cachetype.ConnectCALeafRequest{
+	leafReq := &leafcert.ConnectCALeafRequest{
 		Datacenter: "dc1",
 		Token:      "my-token",
 		Service:    "web",
@@ -358,7 +358,7 @@ func testManager_BasicLifecycle(
 	t *testing.T,
 	dataSources *TestDataSources,
 	rootsReq *structs.DCSpecificRequest,
-	leafReq *cachetype.ConnectCALeafRequest,
+	leafReq *leafcert.ConnectCALeafRequest,
 	roots *structs.IndexedCARoots,
 	webProxy *structs.NodeService,
 	expectSnap *ConfigSnapshot,
diff --git a/agent/proxycfg/mesh_gateway.go b/agent/proxycfg/mesh_gateway.go
index cf090b7b0460..80aa75b78317 100644
--- a/agent/proxycfg/mesh_gateway.go
+++ b/agent/proxycfg/mesh_gateway.go
@@ -16,6 +16,7 @@ import (
 
 	"github.com/hashicorp/consul/acl"
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/proxycfg/internal/watch"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/lib/maps"
@@ -392,7 +393,7 @@ func (s *handlerMeshGateway) handleUpdate(ctx context.Context, u UpdateEvent, sn
 		if hasExports && snap.MeshGateway.LeafCertWatchCancel == nil {
 			// no watch and we need one
 			ctx, cancel := context.WithCancel(ctx)
-			err := s.dataSources.LeafCertificate.Notify(ctx, &cachetype.ConnectCALeafRequest{
+			err := s.dataSources.LeafCertificate.Notify(ctx, &leafcert.ConnectCALeafRequest{
 				Datacenter:     s.source.Datacenter,
 				Token:          s.token,
 				Kind:           structs.ServiceKindMeshGateway,
diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go
index dbe2db11438f..86957df4bd47 100644
--- a/agent/proxycfg/state_test.go
+++ b/agent/proxycfg/state_test.go
@@ -10,15 +10,15 @@ import (
 	"testing"
 	"time"
 
-	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/go-hclog"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/time/rate"
 
 	"github.com/hashicorp/consul/acl"
-
+	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/configentry"
 	"github.com/hashicorp/consul/agent/consul/discoverychain"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/structs"
 	apimod "github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
@@ -139,7 +139,7 @@ func recordWatches(sc *stateConfig) *watchRecorder {
 		IntentionUpstreams:              typedWatchRecorder[*structs.ServiceSpecificRequest]{wr},
 		IntentionUpstreamsDestination:   typedWatchRecorder[*structs.ServiceSpecificRequest]{wr},
 		InternalServiceDump:             typedWatchRecorder[*structs.ServiceDumpRequest]{wr},
-		LeafCertificate:                 typedWatchRecorder[*cachetype.ConnectCALeafRequest]{wr},
+		LeafCertificate:                 typedWatchRecorder[*leafcert.ConnectCALeafRequest]{wr},
 		PeeringList:                     typedWatchRecorder[*cachetype.PeeringListRequest]{wr},
 		PeeredUpstreams:                 typedWatchRecorder[*structs.PartitionSpecificRequest]{wr},
 		PreparedQuery:                   typedWatchRecorder[*structs.PreparedQueryExecuteRequest]{wr},
@@ -224,7 +224,7 @@ func genVerifyTrustBundleReadWatch(peer string) verifyWatchRequest {
 
 func genVerifyLeafWatchWithDNSSANs(expectedService string, expectedDatacenter string, expectedDNSSANs []string) verifyWatchRequest {
 	return func(t testing.TB, request any) {
-		reqReal, ok := request.(*cachetype.ConnectCALeafRequest)
+		reqReal, ok := request.(*leafcert.ConnectCALeafRequest)
 		reqReal.Token = aclToken
 		require.True(t, ok)
 		require.Equal(t, aclToken, reqReal.Token)
diff --git a/agent/proxycfg/terminating_gateway.go b/agent/proxycfg/terminating_gateway.go
index 7641cfc2c20b..7d29ee70501b 100644
--- a/agent/proxycfg/terminating_gateway.go
+++ b/agent/proxycfg/terminating_gateway.go
@@ -8,7 +8,7 @@ import (
 	"fmt"
 	"strings"
 
-	cachetype "github.com/hashicorp/consul/agent/cache-types"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/structs"
 )
 
@@ -172,7 +172,7 @@ func (s *handlerTerminatingGateway) handleUpdate(ctx context.Context, u UpdateEv
 			// This cert is used to terminate mTLS connections on the service's behalf
 			if _, ok := snap.TerminatingGateway.WatchedLeaves[svc.Service]; !ok {
 				ctx, cancel := context.WithCancel(ctx)
-				err := s.dataSources.LeafCertificate.Notify(ctx, &cachetype.ConnectCALeafRequest{
+				err := s.dataSources.LeafCertificate.Notify(ctx, &leafcert.ConnectCALeafRequest{
 					Datacenter:     s.source.Datacenter,
 					Token:          s.token,
 					Service:        svc.Service.Name,
diff --git a/agent/proxycfg/testing.go b/agent/proxycfg/testing.go
index c8b933527adb..ac68994cb8f1 100644
--- a/agent/proxycfg/testing.go
+++ b/agent/proxycfg/testing.go
@@ -21,6 +21,7 @@ import (
 	"github.com/hashicorp/consul/agent/cache"
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
@@ -749,7 +750,7 @@ func testConfigSnapshotFixture(
 			IntentionUpstreams:              &noopDataSource[*structs.ServiceSpecificRequest]{},
 			IntentionUpstreamsDestination:   &noopDataSource[*structs.ServiceSpecificRequest]{},
 			InternalServiceDump:             &noopDataSource[*structs.ServiceDumpRequest]{},
-			LeafCertificate:                 &noopDataSource[*cachetype.ConnectCALeafRequest]{},
+			LeafCertificate:                 &noopDataSource[*leafcert.ConnectCALeafRequest]{},
 			PeeringList:                     &noopDataSource[*cachetype.PeeringListRequest]{},
 			PeeredUpstreams:                 &noopDataSource[*structs.PartitionSpecificRequest]{},
 			PreparedQuery:                   &noopDataSource[*structs.PreparedQueryExecuteRequest]{},
@@ -954,7 +955,7 @@ func NewTestDataSources() *TestDataSources {
 		IntentionUpstreams:              NewTestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList](),
 		IntentionUpstreamsDestination:   NewTestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList](),
 		InternalServiceDump:             NewTestDataSource[*structs.ServiceDumpRequest, *structs.IndexedCheckServiceNodes](),
-		LeafCertificate:                 NewTestDataSource[*cachetype.ConnectCALeafRequest, *structs.IssuedCert](),
+		LeafCertificate:                 NewTestDataSource[*leafcert.ConnectCALeafRequest, *structs.IssuedCert](),
 		PeeringList:                     NewTestDataSource[*cachetype.PeeringListRequest, *pbpeering.PeeringListResponse](),
 		PreparedQuery:                   NewTestDataSource[*structs.PreparedQueryExecuteRequest, *structs.PreparedQueryExecuteResponse](),
 		ResolvedServiceConfig:           NewTestDataSource[*structs.ServiceConfigRequest, *structs.ServiceConfigResponse](),
@@ -981,7 +982,7 @@ type TestDataSources struct {
 	IntentionUpstreams              *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList]
 	IntentionUpstreamsDestination   *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList]
 	InternalServiceDump             *TestDataSource[*structs.ServiceDumpRequest, *structs.IndexedCheckServiceNodes]
-	LeafCertificate                 *TestDataSource[*cachetype.ConnectCALeafRequest, *structs.IssuedCert]
+	LeafCertificate                 *TestDataSource[*leafcert.ConnectCALeafRequest, *structs.IssuedCert]
 	PeeringList                     *TestDataSource[*cachetype.PeeringListRequest, *pbpeering.PeeringListResponse]
 	PeeredUpstreams                 *TestDataSource[*structs.PartitionSpecificRequest, *structs.IndexedPeeredServiceList]
 	PreparedQuery                   *TestDataSource[*structs.PreparedQueryExecuteRequest, *structs.PreparedQueryExecuteResponse]
diff --git a/agent/setup.go b/agent/setup.go
index 6a9efb5f7442..bf1b4d004077 100644
--- a/agent/setup.go
+++ b/agent/setup.go
@@ -5,6 +5,7 @@ package agent
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"net"
@@ -33,6 +34,7 @@ import (
 	"github.com/hashicorp/consul/agent/grpc-internal/resolver"
 	grpcWare "github.com/hashicorp/consul/agent/grpc-middleware"
 	"github.com/hashicorp/consul/agent/hcp"
+	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/local"
 	"github.com/hashicorp/consul/agent/pool"
 	"github.com/hashicorp/consul/agent/router"
@@ -53,17 +55,45 @@ import (
 type BaseDeps struct {
 	consul.Deps // TODO: un-embed
 
-	RuntimeConfig *config.RuntimeConfig
-	MetricsConfig *lib.MetricsConfig
-	AutoConfig    *autoconf.AutoConfig // TODO: use an interface
-	Cache         *cache.Cache
-	ViewStore     *submatview.Store
-	WatchedFiles  []string
+	RuntimeConfig   *config.RuntimeConfig
+	MetricsConfig   *lib.MetricsConfig
+	AutoConfig      *autoconf.AutoConfig // TODO: use an interface
+	Cache           *cache.Cache
+	LeafCertManager *leafcert.Manager
+	ViewStore       *submatview.Store
+	WatchedFiles    []string
+	NetRPC          *LazyNetRPC
 
 	deregisterBalancer, deregisterResolver func()
 	stopHostCollector                      context.CancelFunc
 }
 
+type NetRPC interface {
+	RPC(ctx context.Context, method string, args any, reply any) error
+}
+
+type LazyNetRPC struct {
+	mu  sync.RWMutex
+	rpc NetRPC
+}
+
+func (r *LazyNetRPC) SetNetRPC(rpc NetRPC) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.rpc = rpc
+}
+
+func (r *LazyNetRPC) RPC(ctx context.Context, method string, args any, reply any) error {
+	r.mu.RLock()
+	r2 := r.rpc
+	r.mu.RUnlock()
+
+	if r2 == nil {
+		return errors.New("rpc: initialization ordering error; net-rpc not ready yet")
+	}
+	return r2.RPC(ctx, method, args, reply)
+}
+
 type ConfigLoader func(source config.Source) (config.LoadResult, error)
 
 func NewBaseDeps(configLoader ConfigLoader, logOut io.Writer, providedLogger hclog.InterceptLogger) (BaseDeps, error) {
@@ -141,6 +171,18 @@ func NewBaseDeps(configLoader ConfigLoader, logOut io.Writer, providedLogger hcl
 	d.ViewStore = submatview.NewStore(d.Logger.Named("viewstore"))
 	d.ConnPool = newConnPool(cfg, d.Logger, d.TLSConfigurator)
 
+	d.NetRPC = &LazyNetRPC{}
+
+	// TODO: create leafCertManager in BaseDeps once NetRPC is available without Agent
+	d.LeafCertManager = leafcert.NewManager(leafcert.Deps{
+		Logger:      d.Logger.Named("leaf-certs"),
+		CertSigner:  leafcert.NewNetRPCCertSigner(d.NetRPC),
+		RootsReader: leafcert.NewCachedRootsReader(d.Cache, cfg.Datacenter),
+		Config: leafcert.Config{
+			TestOverrideCAChangeInitialDelay: cfg.ConnectTestCALeafRootChangeSpread,
+		},
+	})
+
 	agentType := "client"
 	if cfg.ServerMode {
 		agentType = "server"
@@ -198,6 +240,7 @@ func NewBaseDeps(configLoader ConfigLoader, logOut io.Writer, providedLogger hcl
 		ServerProvider:   d.Router,
 		TLSConfigurator:  d.TLSConfigurator,
 		Cache:            d.Cache,
+		LeafCertManager:  d.LeafCertManager,
 		Tokens:           d.Tokens,
 		EnterpriseConfig: initEnterpriseAutoConfig(d.EnterpriseDeps, cfg),
 	}
@@ -221,6 +264,7 @@ func NewBaseDeps(configLoader ConfigLoader, logOut io.Writer, providedLogger hcl
 // handled by something else (e.g. the agent stop channel).
 func (bd BaseDeps) Close() {
 	bd.AutoConfig.Stop()
+	bd.LeafCertManager.Stop()
 	bd.MetricsConfig.Cancel()
 
 	for _, fn := range []func(){bd.deregisterBalancer, bd.deregisterResolver, bd.stopHostCollector} {

From 0c15748c5a33087caa8ff178997a31a975a34d9d Mon Sep 17 00:00:00 2001
From: Curt Bushko <cbushko@gmail.com>
Date: Tue, 13 Jun 2023 13:00:55 -0400
Subject: [PATCH 039/359] [core]: Pin github action workflows (#17695)

---
 .github/workflows/bot-auto-approve.yaml       |  2 +-
 .github/workflows/broken-link-check.yml       |  6 +--
 .github/workflows/build-artifacts.yml         | 12 ++---
 .github/workflows/build-distros.yml           | 14 +++---
 .github/workflows/build.yml                   | 46 +++++++++----------
 .github/workflows/changelog-checker.yml       |  2 +-
 .github/workflows/embedded-asset-checker.yml  |  2 +-
 .github/workflows/frontend.yml                | 16 +++----
 .github/workflows/go-tests.yml                | 22 ++++-----
 .github/workflows/issue-comment-created.yml   |  4 +-
 .github/workflows/jira-issues.yaml            | 14 +++---
 .github/workflows/jira-pr.yaml                | 14 +++---
 .github/workflows/nightly-test-1.13.x.yaml    | 36 +++++++--------
 .github/workflows/nightly-test-1.14.x.yaml    | 36 +++++++--------
 .github/workflows/nightly-test-1.15.x.yaml    | 36 +++++++--------
 .github/workflows/nightly-test-1.16.x.yaml    | 36 +++++++--------
 .github/workflows/nightly-test-main.yaml      | 36 +++++++--------
 .github/workflows/pr-labeler.yml              |  2 +-
 .github/workflows/pr-metrics-test-checker.yml |  2 +-
 .github/workflows/reusable-check-go-mod.yml   |  4 +-
 .github/workflows/reusable-dev-build.yml      |  6 +--
 .github/workflows/reusable-lint.yml           |  6 +--
 .github/workflows/reusable-unit-split.yml     | 14 +++---
 .github/workflows/reusable-unit.yml           | 10 ++--
 .github/workflows/stale.yml                   |  2 +-
 .github/workflows/test-integrations.yml       | 26 +++++------
 .github/workflows/verify-envoy-version.yml    |  2 +-
 27 files changed, 204 insertions(+), 204 deletions(-)

diff --git a/.github/workflows/bot-auto-approve.yaml b/.github/workflows/bot-auto-approve.yaml
index 2b652388999c..66bbba45287e 100644
--- a/.github/workflows/bot-auto-approve.yaml
+++ b/.github/workflows/bot-auto-approve.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.actor == 'hc-github-team-consul-core'
     steps:
-      - uses: hmarr/auto-approve-action@v3
+      - uses: hmarr/auto-approve-action@v3 # TSCCR: no entry for repository "hmarr/auto-approve-action"
         with:
           review-message: "Auto approved Consul Bot automated PR"
           github-token: ${{ secrets.MERGE_APPROVE_TOKEN }}
diff --git a/.github/workflows/broken-link-check.yml b/.github/workflows/broken-link-check.yml
index b7c89ff3e75d..a1ca4731d72e 100644
--- a/.github/workflows/broken-link-check.yml
+++ b/.github/workflows/broken-link-check.yml
@@ -12,11 +12,11 @@ jobs:
   linkChecker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Run lychee link checker
         id: lychee
-        uses: lycheeverse/lychee-action@v1.6.1
+        uses: lycheeverse/lychee-action@v1.6.1 # TSCCR: no entry for repository "lycheeverse/lychee-action"
         with:
           args: ./website/content/docs/ --base https://developer.hashicorp.com/ --exclude-all-private --exclude '\.(svg|gif|jpg|png)' --exclude 'manage\.auth0\.com' --accept 403 --max-concurrency=24 --no-progress --verbose
           # Fail GitHub action when broken links are found?
@@ -26,7 +26,7 @@ jobs:
 
       - name: Create GitHub Issue From lychee output file
         if: env.lychee_exit_code != 0
-        uses: peter-evans/create-issue-from-file@v4
+        uses: peter-evans/create-issue-from-file@v4 # TSCCR: no entry for repository "peter-evans/create-issue-from-file"
         with:
           title: Link Checker Report
           content-filepath: ./lychee/out.md
diff --git a/.github/workflows/build-artifacts.yml b/.github/workflows/build-artifacts.yml
index 2e87d767f5e4..9d7a2583f945 100644
--- a/.github/workflows/build-artifacts.yml
+++ b/.github/workflows/build-artifacts.yml
@@ -25,7 +25,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -56,14 +56,14 @@ jobs:
             kv/data/github/${{ github.repository }}/dockerhub username | DOCKERHUB_USERNAME;
             kv/data/github/${{ github.repository }}/dockerhub token | DOCKERHUB_TOKEN;
 
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
     # NOTE: ENT specific step as we need to set elevated GitHub permissions.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
 
-    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
     
@@ -78,17 +78,17 @@ jobs:
         echo "GITHUB_BUILD_URL=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # pin@v2.4.1
+      uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
 
     # NOTE: conditional specific logic as we store secrets in Vault in ENT and use GHA secrets in OSS.
     - name: Login to Docker Hub
-      uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # pin@v2.1.0
+      uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
       with:
         username: ${{ endsWith(github.repository, '-enterprise') && steps.secrets.outputs.DOCKERHUB_USERNAME || secrets.DOCKERHUB_USERNAME }}
         password: ${{ endsWith(github.repository, '-enterprise') && steps.secrets.outputs.DOCKERHUB_TOKEN || secrets.DOCKERHUB_TOKEN }}
 
     - name: Docker build and push
-      uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # pin@v4.0.0
+      uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
       with:
         context: ./bin
         file: ./build-support/docker/Consul-Dev.dockerfile
diff --git a/.github/workflows/build-distros.yml b/.github/workflows/build-distros.yml
index 6f5722a82ab9..166706493f24 100644
--- a/.github/workflows/build-distros.yml
+++ b/.github/workflows/build-distros.yml
@@ -26,7 +26,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -49,14 +49,14 @@ jobs:
       XC_OS: "freebsd linux windows"
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
       
-    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
     - name: Build
@@ -73,14 +73,14 @@ jobs:
       XC_OS: "darwin freebsd linux solaris windows"
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
       
-    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
     - name: Build
@@ -98,7 +98,7 @@ jobs:
       CGO_ENABLED: 1
       GOOS: linux
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
@@ -106,7 +106,7 @@ jobs:
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
       
 
-    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
     - run: |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 66b5a14a739c..cfeab4a04c12 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -25,7 +25,7 @@ jobs:
       pre-version: ${{ steps.set-product-version.outputs.prerelease-product-version }}
       shared-ldflags: ${{ steps.shared-ldflags.outputs.shared-ldflags }}
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - name: set product version
         id: set-product-version
         uses: hashicorp/actions-set-product-version@v1
@@ -63,7 +63,7 @@ jobs:
       filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
     steps:
       - name: 'Checkout directory'
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - name: Generate metadata file
         id: generate-metadata-file
         uses: hashicorp/actions-generate-metadata@v1
@@ -71,7 +71,7 @@ jobs:
           version: ${{ needs.set-product-version.outputs.product-version }}
           product: ${{ env.PKG_NAME }}
 
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: metadata.json
           path: ${{ steps.generate-metadata-file.outputs.filepath }}
@@ -95,10 +95,10 @@ jobs:
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Setup with node and yarn
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # pin@v3.6.0
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: '14'
           cache: 'yarn'
@@ -160,13 +160,13 @@ jobs:
           echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV
           echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV
 
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         if: ${{ matrix.goos == 'linux' }}
         with:
           name: ${{ env.RPM_PACKAGE }}
           path: out/${{ env.RPM_PACKAGE }}
 
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         if: ${{ matrix.goos == 'linux' }}
         with:
           name: ${{ env.DEB_PACKAGE }}
@@ -184,10 +184,10 @@ jobs:
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
           
       - name: Setup with node and yarn
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # pin@v3.6.0
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: '14'
           cache: 'yarn'
@@ -235,7 +235,7 @@ jobs:
       version: ${{needs.set-product-version.outputs.product-version}}
 
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
       # This naming convention will be used ONLY for per-commit dev images
@@ -269,7 +269,7 @@ jobs:
       version: ${{needs.set-product-version.outputs.product-version}}
 
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - uses: hashicorp/actions-docker-build@v1
         with:
           version: ${{env.version}}
@@ -289,7 +289,7 @@ jobs:
       version: ${{needs.set-product-version.outputs.product-version}}
 
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
       # This naming convention will be used ONLY for per-commit dev images
@@ -326,15 +326,15 @@ jobs:
 
     name: Verify ${{ matrix.arch }} linux binary
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Download ${{ matrix.arch  }} zip
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: ${{ env.zip_name }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # pin@v2.1.0
+        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
         if: ${{ matrix.arch == 'arm' || matrix.arch == 'arm64' }}
         with:
           # this should be a comma-separated string as opposed to an array
@@ -356,10 +356,10 @@ jobs:
 
     name: Verify amd64 darwin binary
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Download amd64 darwin zip
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: ${{ env.zip_name }}
 
@@ -383,7 +383,7 @@ jobs:
 
     name: Verify ${{ matrix.arch }} debian package
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Set package version
         run: |
@@ -394,12 +394,12 @@ jobs:
           echo "pkg_name=consul_${{ env.pkg_version }}-1_${{ matrix.arch }}.deb" >> $GITHUB_ENV
 
       - name: Download workflow artifacts
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: ${{ env.pkg_name }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # pin@v2.1.0
+        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
         with:
           platforms: all
 
@@ -420,7 +420,7 @@ jobs:
 
     name: Verify ${{ matrix.arch }} rpm
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Set package version
         run: |
@@ -431,12 +431,12 @@ jobs:
           echo "pkg_name=consul-${{ env.pkg_version }}-1.${{ matrix.arch }}.rpm" >> $GITHUB_ENV
 
       - name: Download workflow artifacts
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: ${{ env.pkg_name }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # pin@v2.1.0
+        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
         with:
           platforms: all
 
diff --git a/.github/workflows/changelog-checker.yml b/.github/workflows/changelog-checker.yml
index d00717e2f049..e6147e787aa3 100644
--- a/.github/workflows/changelog-checker.yml
+++ b/.github/workflows/changelog-checker.yml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0 # by default the checkout action doesn't checkout all branches
diff --git a/.github/workflows/embedded-asset-checker.yml b/.github/workflows/embedded-asset-checker.yml
index 4bb07771bd68..ed2dc4eb950d 100644
--- a/.github/workflows/embedded-asset-checker.yml
+++ b/.github/workflows/embedded-asset-checker.yml
@@ -20,7 +20,7 @@ jobs:
     if: "! ( contains(github.event.pull_request.labels.*.name, 'pr/update-ui-assets') || github.event.pull_request.user.login == 'hc-github-team-consul-core' )"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0 # by default the checkout action doesn't checkout all branches
diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml
index 5eab231c65a5..460709b37df6 100644
--- a/.github/workflows/frontend.yml
+++ b/.github/workflows/frontend.yml
@@ -23,7 +23,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -35,9 +35,9 @@ jobs:
       run:
         working-directory: ui
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
-    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # pin@v3.6.0
+    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
       with:
         node-version: '16'
 
@@ -55,9 +55,9 @@ jobs:
     needs: setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
-    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # pin@v3.6.0
+    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
       with:
         node-version: '16'
 
@@ -84,9 +84,9 @@ jobs:
       CONSUL_NSPACES_ENABLED: ${{ endsWith(github.repository, '-enterprise') && 1 || 0 }} # NOTE: this should be 1 in ENT.
       JOBS: 2 # limit parallelism for broccoli-babel-transpiler
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
-    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # pin@v3.6.0
+    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
       with:
         node-version: '16'
 
@@ -94,7 +94,7 @@ jobs:
       run: npm install -g yarn
 
     - name: Install Chrome
-      uses: browser-actions/setup-chrome@29abc1a83d1d71557708563b4bc962d0f983a376 # pin@v1.2.1
+      uses: browser-actions/setup-chrome@c485fa3bab6be59dce18dbc18ef6ab7cbc8ff5f1 # v1.2.0
 
     - name: Install dependencies
       working-directory: ui
diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 787f92560ec1..0d3b6b0992fd 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -32,7 +32,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -52,12 +52,12 @@ jobs:
     - setup   
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
     - run: make proto-tools
@@ -80,12 +80,12 @@ jobs:
     - setup   
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
     - run: make --always-make deep-copy
@@ -103,12 +103,12 @@ jobs:
     - setup   
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
     - run: go install github.com/reillywatson/enumcover/cmd/enumcover@master && enumcover ./...   
@@ -121,11 +121,11 @@ jobs:
     - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
     - run: make lint-container-test-deps
@@ -138,12 +138,12 @@ jobs:
     - setup   
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
     - run: go install github.com/hashicorp/lint-consul-retry@master && lint-consul-retry
diff --git a/.github/workflows/issue-comment-created.yml b/.github/workflows/issue-comment-created.yml
index 01e7e13f8bc4..228ac41aa76d 100644
--- a/.github/workflows/issue-comment-created.yml
+++ b/.github/workflows/issue-comment-created.yml
@@ -11,8 +11,8 @@ jobs:
   triage:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2 
-      - uses: actions-ecosystem/action-remove-labels@v1
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
         with:
           labels: |
             waiting-reply
diff --git a/.github/workflows/jira-issues.yaml b/.github/workflows/jira-issues.yaml
index d595e5f5af8c..c136dfd69a78 100644
--- a/.github/workflows/jira-issues.yaml
+++ b/.github/workflows/jira-issues.yaml
@@ -16,7 +16,7 @@ jobs:
     name: Jira Community Issue sync
     steps:    
       - name: Login
-        uses: atlassian/gajira-login@v3.0.0
+        uses: atlassian/gajira-login@ca13f8850ea309cf44a6e4e0c49d9aa48ac3ca4c # v3
         env:
           JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
           JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
@@ -40,7 +40,7 @@ jobs:
 
       - name: Create ticket if an issue is filed, or if PR not by a team member is opened
         if: github.event.action == 'opened'
-        uses: tomhjp/gh-action-jira-create@v0.2.1
+        uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1
         with:
           project: NET
           issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}"
@@ -60,7 +60,7 @@ jobs:
       # Education Jira
       - name: Create ticket in Education board an issue is filed, or if PR not by a team member is opened
         if: github.event.action == 'opened' && contains(github.event.issue.labels.*.name, 'type/docs')
-        uses: tomhjp/gh-action-jira-create@v0.2.1
+        uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1
         with:
           project: CE
           issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}"
@@ -77,28 +77,28 @@ jobs:
       - name: Search
         if: github.event.action != 'opened'
         id: search
-        uses: tomhjp/gh-action-jira-search@v0.2.2
+        uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2
         with:
           # cf[10089] is Issue Link (use JIRA API to retrieve)
           jql: 'issuetype = "${{ steps.set-ticket-type.outputs.TYPE }}" and cf[10089] = "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"'
 
       - name: Sync comment
         if: github.event.action == 'created' && steps.search.outputs.issue
-        uses: tomhjp/gh-action-jira-comment@v0.2.0
+        uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0
         with:
           issue: ${{ steps.search.outputs.issue }}
           comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}"
 
       - name: Close ticket
         if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@v3.0.1
+        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "Closed"
 
       - name: Reopen ticket
         if: github.event.action == 'reopened' && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@v3.0.1
+        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "To Do"
diff --git a/.github/workflows/jira-pr.yaml b/.github/workflows/jira-pr.yaml
index 9bce26588ebd..f63f7af53162 100644
--- a/.github/workflows/jira-pr.yaml
+++ b/.github/workflows/jira-pr.yaml
@@ -14,7 +14,7 @@ jobs:
     name: Jira sync
     steps:    
       - name: Login
-        uses: atlassian/gajira-login@v3.0.0
+        uses: atlassian/gajira-login@ca13f8850ea309cf44a6e4e0c49d9aa48ac3ca4c # v3
         env:
           JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
           JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
@@ -59,7 +59,7 @@ jobs:
 
       - name: Create ticket if an issue is filed, or if PR not by a team member is opened
         if: ( github.event.action == 'opened' && steps.is-team-member.outputs.MESSAGE == 'false' )
-        uses: tomhjp/gh-action-jira-create@v0.2.1
+        uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1
         with:
           project: NET
           issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}"
@@ -79,7 +79,7 @@ jobs:
       # Education Jira
       - name: Create ticket in Education board an issue is filed, or if PR not by a team member is opened
         if: github.event.action == 'opened' && steps.is-team-member.outputs.MESSAGE == 'false' && contains(github.event.issue.labels.*.name, 'type/docs')
-        uses: tomhjp/gh-action-jira-create@v0.2.1
+        uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1
         with:
           project: CE
           issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}"
@@ -91,28 +91,28 @@ jobs:
       - name: Search
         if: github.event.action != 'opened'
         id: search
-        uses: tomhjp/gh-action-jira-search@v0.2.2
+        uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2
         with:
           # cf[10089] is Issue Link (use JIRA API to retrieve)
           jql: 'issuetype = "${{ steps.set-ticket-type.outputs.TYPE }}" and cf[10089] = "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"'
 
       - name: Sync comment
         if: github.event.action == 'created' && steps.search.outputs.issue
-        uses: tomhjp/gh-action-jira-comment@v0.2.0
+        uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0
         with:
           issue: ${{ steps.search.outputs.issue }}
           comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}"
 
       - name: Close ticket
         if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@v3.0.1
+        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "Closed"
 
       - name: Reopen ticket
         if: github.event.action == 'reopened' && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@v3.0.1
+        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "To Do"
diff --git a/.github/workflows/nightly-test-1.13.x.yaml b/.github/workflows/nightly-test-1.13.x.yaml
index 51a1226b29be..767072b6d247 100644
--- a/.github/workflows/nightly-test-1.13.x.yaml
+++ b/.github/workflows/nightly-test-1.13.x.yaml
@@ -16,12 +16,12 @@ jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -48,12 +48,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -70,7 +70,7 @@ jobs:
         run: make build-ci
 
       - name: Upload OSS Frontend
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: frontend-oss-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -87,12 +87,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -104,7 +104,7 @@ jobs:
         run: make deps
 
       - name: Download OSS Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-oss-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -120,12 +120,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -142,7 +142,7 @@ jobs:
         run: make build-ci
 
       - name: Upload ENT Frontend
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -159,12 +159,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -176,7 +176,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -190,12 +190,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -207,7 +207,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -223,7 +223,7 @@ jobs:
     steps:
       - name: Slack Notification
         id: slack
-        uses: slackapi/slack-github-action@v1.19
+        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
         with:
           payload: |
             {
diff --git a/.github/workflows/nightly-test-1.14.x.yaml b/.github/workflows/nightly-test-1.14.x.yaml
index 86f48c37a144..fb34eb0d1bf3 100644
--- a/.github/workflows/nightly-test-1.14.x.yaml
+++ b/.github/workflows/nightly-test-1.14.x.yaml
@@ -16,12 +16,12 @@ jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -48,12 +48,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -70,7 +70,7 @@ jobs:
         run: make build-ci
 
       - name: Upload OSS Frontend
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: frontend-oss-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -87,12 +87,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -104,7 +104,7 @@ jobs:
         run: make deps
 
       - name: Download OSS Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-oss-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -120,12 +120,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -142,7 +142,7 @@ jobs:
         run: make build-ci
 
       - name: Upload ENT Frontend
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -159,12 +159,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -176,7 +176,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -190,12 +190,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -207,7 +207,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -223,7 +223,7 @@ jobs:
     steps:
       - name: Slack Notification
         id: slack
-        uses: slackapi/slack-github-action@v1.19
+        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
         with:
           payload: |
             {
diff --git a/.github/workflows/nightly-test-1.15.x.yaml b/.github/workflows/nightly-test-1.15.x.yaml
index 7fdc9247be72..99b8a2b18861 100644
--- a/.github/workflows/nightly-test-1.15.x.yaml
+++ b/.github/workflows/nightly-test-1.15.x.yaml
@@ -16,12 +16,12 @@ jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -48,12 +48,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -70,7 +70,7 @@ jobs:
         run: make build-ci
 
       - name: Upload OSS Frontend
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: frontend-oss-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -87,12 +87,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -104,7 +104,7 @@ jobs:
         run: make deps
 
       - name: Download OSS Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-oss-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -120,12 +120,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -142,7 +142,7 @@ jobs:
         run: make build-ci
 
       - name: Upload ENT Frontend
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -159,12 +159,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -176,7 +176,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -190,12 +190,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -207,7 +207,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -223,7 +223,7 @@ jobs:
     steps:
       - name: Slack Notification
         id: slack
-        uses: slackapi/slack-github-action@v1.19
+        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
         with:
           payload: |
             {
diff --git a/.github/workflows/nightly-test-1.16.x.yaml b/.github/workflows/nightly-test-1.16.x.yaml
index c30ed6811c2b..db63ef83fecf 100644
--- a/.github/workflows/nightly-test-1.16.x.yaml
+++ b/.github/workflows/nightly-test-1.16.x.yaml
@@ -16,12 +16,12 @@ jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -48,12 +48,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -70,7 +70,7 @@ jobs:
         run: make build-ci
 
       - name: Upload OSS Frontend
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: frontend-oss-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -87,12 +87,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -104,7 +104,7 @@ jobs:
         run: make deps
 
       - name: Download OSS Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-oss-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -120,12 +120,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -142,7 +142,7 @@ jobs:
         run: make build-ci
 
       - name: Upload ENT Frontend
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -159,12 +159,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -176,7 +176,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -190,12 +190,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -207,7 +207,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -223,7 +223,7 @@ jobs:
     steps:
       - name: Slack Notification
         id: slack
-        uses: slackapi/slack-github-action@v1.19
+        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
         with:
           payload: |
             {
diff --git a/.github/workflows/nightly-test-main.yaml b/.github/workflows/nightly-test-main.yaml
index 3fc316a1a354..f7958b53ce5e 100644
--- a/.github/workflows/nightly-test-main.yaml
+++ b/.github/workflows/nightly-test-main.yaml
@@ -16,12 +16,12 @@ jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -48,12 +48,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -70,7 +70,7 @@ jobs:
         run: make build-ci
 
       - name: Upload OSS Frontend
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: frontend-oss-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -87,12 +87,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -104,7 +104,7 @@ jobs:
         run: make deps
 
       - name: Download OSS Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-oss-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -120,12 +120,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -142,7 +142,7 @@ jobs:
         run: make build-ci
 
       - name: Upload ENT Frontend
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -159,12 +159,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -176,7 +176,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -190,12 +190,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -207,7 +207,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -223,7 +223,7 @@ jobs:
     steps:
       - name: Slack Notification
         id: slack
-        uses: slackapi/slack-github-action@v1.19
+        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
         with:
           payload: |
             {
diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index a29cadcb685b..b14b27183fb7 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -10,7 +10,7 @@ jobs:
   triage:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@main
+    - uses: actions/labeler@0776a679364a9a16110aac8d0f40f5e11009e327 # v4.0.4
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
         configuration-path: .github/pr-labeler.yml
diff --git a/.github/workflows/pr-metrics-test-checker.yml b/.github/workflows/pr-metrics-test-checker.yml
index a73f4fbb3ff5..0d79aa39714b 100644
--- a/.github/workflows/pr-metrics-test-checker.yml
+++ b/.github/workflows/pr-metrics-test-checker.yml
@@ -14,7 +14,7 @@ jobs:
     if: "! ( contains(github.event.pull_request.labels.*.name, 'pr/no-metrics-test') || github.event.pull_request.user.login == 'hc-github-team-consul-core' )" 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         name: "checkout repo"
         with:
           ref: ${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/reusable-check-go-mod.yml b/.github/workflows/reusable-check-go-mod.yml
index 2078b0c3217d..868594168662 100644
--- a/.github/workflows/reusable-check-go-mod.yml
+++ b/.github/workflows/reusable-check-go-mod.yml
@@ -18,12 +18,12 @@ jobs:
     runs-on: ${{ fromJSON(inputs.runs-on) }}
 
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
       run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
-    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
     - run: go mod tidy
diff --git a/.github/workflows/reusable-dev-build.yml b/.github/workflows/reusable-dev-build.yml
index d134508584c0..3ca661398506 100644
--- a/.github/workflows/reusable-dev-build.yml
+++ b/.github/workflows/reusable-dev-build.yml
@@ -25,12 +25,12 @@ jobs:
   build:
     runs-on: ${{ fromJSON(inputs.runs-on) }}
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
         run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
       - name: Build
@@ -38,7 +38,7 @@ jobs:
           GOARCH: ${{ inputs.goarch }}
         run: make dev
       # save dev build to pass to downstream jobs
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: ${{inputs.uploaded-binary-name}}
           path: ./bin/consul
diff --git a/.github/workflows/reusable-lint.yml b/.github/workflows/reusable-lint.yml
index f7032f986663..fd1e8b9a1538 100644
--- a/.github/workflows/reusable-lint.yml
+++ b/.github/workflows/reusable-lint.yml
@@ -36,17 +36,17 @@ jobs:
       fail-fast: true
     name: lint ${{ matrix.directory }}
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
         run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
       - run: go env
       - name: lint-${{ matrix.directory }}
-        uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # pin@v3.4.0
+        uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0
         with:
           working-directory: ${{ matrix.directory }}
           version: v1.51.1
diff --git a/.github/workflows/reusable-unit-split.yml b/.github/workflows/reusable-unit-split.yml
index 3b9eb489590a..962467d833a4 100644
--- a/.github/workflows/reusable-unit-split.yml
+++ b/.github/workflows/reusable-unit-split.yml
@@ -59,8 +59,8 @@ jobs:
     outputs:
       package-matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
       - id: set-matrix
@@ -82,12 +82,12 @@ jobs:
           ulimit -Sa
           echo "Hard limits"
           ulimit -Ha   
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
         run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
           cache: true
@@ -96,7 +96,7 @@ jobs:
         working-directory: ${{inputs.directory}}
         run: go mod download
       - name: Download consul
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: ${{inputs.uploaded-binary-name}}
           path: ${{inputs.directory}} 
@@ -163,11 +163,11 @@ jobs:
           DD_ENV: ci
         run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" ${{env.TEST_RESULTS}}/gotestsum-report.xml
 
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: test-results
           path: ${{env.TEST_RESULTS}}
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: jsonfile
           path: /tmp/jsonfile
diff --git a/.github/workflows/reusable-unit.yml b/.github/workflows/reusable-unit.yml
index e7caaae8d6a1..6001cc8bcd11 100644
--- a/.github/workflows/reusable-unit.yml
+++ b/.github/workflows/reusable-unit.yml
@@ -52,12 +52,12 @@ jobs:
   go-test:
     runs-on: ${{ fromJSON(inputs.runs-on) }}
     steps:      
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
         run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
           cache: true
@@ -66,7 +66,7 @@ jobs:
         working-directory: ${{inputs.directory}}
         run: go mod download
       - name: Download consul
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: ${{inputs.uploaded-binary-name}}
           path: ${{inputs.directory}}
@@ -131,11 +131,11 @@ jobs:
           DD_ENV: ci
         run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" ${{env.TEST_RESULTS}}/gotestsum-report.xml
 
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: test-results
           path: ${{env.TEST_RESULTS}}
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: jsonfile
           path: /tmp/jsonfile
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index f3da6d422b6b..ff07a961a4e4 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -12,7 +12,7 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-      - uses: actions/stale@v4
+      - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
         with:
           days-before-stale: -1
           days-before-close: -1
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 38b6a44cbe01..836ed56ee180 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -35,7 +35,7 @@ jobs:
       compute-xl: ${{ steps.runners.outputs.compute-xl }}
       enterprise: ${{ steps.runners.outputs.enterprise }}
     steps:
-      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - id: runners
         run: .github/scripts/get_runner_classes.sh
 
@@ -62,13 +62,13 @@ jobs:
         nomad-version: ['v1.3.3', 'v1.2.10', 'v1.1.16']
     steps:
       - name: Checkout Nomad
-        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           repository: hashicorp/nomad
           ref: ${{ matrix.nomad-version }}
 
       - name: Install Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
 
@@ -142,14 +142,14 @@ jobs:
     env:
       VAULT_BINARY_VERSION: ${{ matrix.vault-version }}
     steps:
-      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(github.repository, '-enterprise') }}
         run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
 
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
 
@@ -232,7 +232,7 @@ jobs:
     outputs:
       envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }}
     steps:
-      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - name: Generate Envoy Job Matrix
         id: set-matrix
         env:
@@ -281,8 +281,8 @@ jobs:
       XDS_TARGET: ${{ matrix.xds-target }}
       AWS_LAMBDA_REGION: us-west-2
     steps:
-      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
 
@@ -295,7 +295,7 @@ jobs:
         run: chmod +x ./bin/consul
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # v2.4.1
+        uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
 
       - name: Docker build
         run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
@@ -364,8 +364,8 @@ jobs:
     env:
       ENVOY_VERSION: "1.25.4"
     steps:
-      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
       - run: go env
@@ -475,8 +475,8 @@ jobs:
       CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
       ENVOY_VERSION: "1.24.6"
     steps:
-      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
       - run: go env
diff --git a/.github/workflows/verify-envoy-version.yml b/.github/workflows/verify-envoy-version.yml
index d097e335d37b..069a281763f2 100644
--- a/.github/workflows/verify-envoy-version.yml
+++ b/.github/workflows/verify-envoy-version.yml
@@ -18,7 +18,7 @@ jobs:
   verify-envoy-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0 # by default the checkout action doesn't checkout all branches

From d4976232661375d89cad7a55d3a2c59b763c57a1 Mon Sep 17 00:00:00 2001
From: Dan Stough <dan.stough@hashicorp.com>
Date: Tue, 13 Jun 2023 15:11:33 -0400
Subject: [PATCH 040/359] docs: missing changelog for _5517 (#17706)

---
 .changelog/_5517.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/_5517.txt

diff --git a/.changelog/_5517.txt b/.changelog/_5517.txt
new file mode 100644
index 000000000000..5152a6ff78f7
--- /dev/null
+++ b/.changelog/_5517.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+namespaces: **(Enterprise only)** fixes a bug where agent health checks stop syncing for all services on a node if the namespace of any service has been removed from the server.
+```

From ab909b4daea8aa04e9ff5b1e3199438766c6deea Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Tue, 13 Jun 2023 14:28:54 -0700
Subject: [PATCH 041/359] add enterprise notes for IP-based rate limits
 (#17711)

* add enterprise notes for IP-based rate limits

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>

* added bolded 'Enterprise' in list items.

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
---
 website/content/docs/agent/limits/index.mdx            |  2 +-
 .../limits/usage/limit-request-rates-from-ips.mdx      |  8 +++++++-
 .../config-entries/control-plane-request-limit.mdx     |  6 ++++++
 website/content/docs/enterprise/index.mdx              |  5 +++++
 website/content/docs/release-notes/consul/v1_16_x.mdx  | 10 +++++-----
 5 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/website/content/docs/agent/limits/index.mdx b/website/content/docs/agent/limits/index.mdx
index ada5018bfff6..55fabc3de4bc 100644
--- a/website/content/docs/agent/limits/index.mdx
+++ b/website/content/docs/agent/limits/index.mdx
@@ -21,7 +21,7 @@ You can set global limits on the rate of read and write requests that affect ind
 
 1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limit-data)  
 
-1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/agent/limits/usage/set-global-rate-limits) for additional information. For information about setting limits based on source IP, refer to [Limit traffic rates for a source IP](/consul/docs/agent/limits/usage/set-source-ip-rate-limits).
+1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/agent/limits/usage/set-global-rate-limits) for additional information. For information about setting limits per source IP address, refer to [Limit traffic rates for a source IP](/consul/docs/agent/limits/usage/set-source-ip-rate-limits). Note that setting limits per source IP requires Consul Enterprise.
 
 ### Order of operations
 
diff --git a/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx b/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
index c074d3007af7..ae7c5e769ce5 100644
--- a/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
+++ b/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
@@ -8,6 +8,12 @@ description: Learn how to set read and request rate limits on RPC and gRPC traff
 
 This topic describes how to configure RPC and gRPC traffic rate limits for source IP addresses. This enables you to specify a budget for read and write requests to prevent any single source IP from overwhelming the Consul server and negatively affecting the network. For information about setting global traffic rate limits, refer to [Set a global limit on traffic rates](/consul/docs/agent/limits/usage/set-glogal-traffic-rate-limits). For an overview of Consul's server rate limiting capabilities, refer to [Limit traffic rates overview](/consul/docs/agent/limits/overview). 
 
+<EnterpriseAlert>
+
+This feature requires Consul Enterprise. Refer to the [feature compatibility matrix](/consul/docs/enterprise#consul-enterprise-feature-availability) for additional information.
+
+</EnterpriseAlert>
+
 ## Overview
 
 You can set limits on the rate of read and write requests from source IP addresses to specific resources, which mitigates the risks to Consul servers when consul clients send excessive requests to a specific resource type. Before configuring traffic rate limits, you should complete the initialization process to understand normal traffic loads in your network. Refer to [Initialize rate limit settings](/consul/docs/agent/limits/init-rate-limits) for additional information.
@@ -22,7 +28,7 @@ You should also monitor read and write rate activity and make any necessary adju
 
 ## Define rate limits
 
-Create a control plane request limit configuration entry in the `default` partition. The configuration entry applies to all client requests targeting any partition. Refer to the [control plane request limit configuration entry](/consul/docs/connect/config-entries/control-plan-request-limit) reference documentation for details about the available configuration parameters. 
+Create a control plane request limit configuration entry in the `default` partition. The configuration entry applies to all client requests targeting any partition. Refer to the [control plane request limit configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit) reference documentation for details about the available configuration parameters. 
 
 Specify the following parameters:
 
diff --git a/website/content/docs/connect/config-entries/control-plane-request-limit.mdx b/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
index c6b44436ac56..c9d05e2da3b0 100644
--- a/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
+++ b/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
@@ -8,6 +8,12 @@ description:  Learn how to configure the control-plane-request-limit configurati
 
 This topic describes the configuration options for the `control-plane-request-limit` configuration entry. You can only write the `control-plane-request-limit` configuration entry to the `default` partition, but the configuration entry applies to all client requests that target any partition. 
 
+<EnterpriseAlert>
+
+This feature requires Consul Enterprise. Refer to the [feature compatibility matrix](/consul/docs/enterprise#consul-enterprise-feature-availability) for additional information.
+
+</EnterpriseAlert>
+
 ## Configuration model
 
 The following list outlines field hierarchy, language-specific data types, and requirements in a control plane request limit configuration entry. Click on a property name to view additional details, including default values.
diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx
index 60207b136bb3..273be253a0d2 100644
--- a/website/content/docs/enterprise/index.mdx
+++ b/website/content/docs/enterprise/index.mdx
@@ -86,6 +86,8 @@ Available Enterprise features per Consul form and license include:
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)          | Not applicable                          | Yes                 | With Global Visibility, Routing, and Scale module |
 | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | No | Yes | N/A |
 | [Sentinel for KV](/consul/docs/enterprise/sentinel)             | All tiers                               | Yes                 | With Governance and Policy module                 |
+| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | All tiers | Yes | With Governance and Policy module |
+
 
 [HashiCorp Cloud Platform (HCP) Consul]: https://cloud.hashicorp.com/products/consul
 [Consul Enterprise]: https://www.hashicorp.com/products/consul/
@@ -112,6 +114,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Sentinel ](/consul/docs/enterprise/sentinel)                           |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
 
 </Tab>
 
@@ -131,6 +134,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  &#10060; |  &#10060;  |  &#10060;  |
 | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Sentinel ](/consul/docs/enterprise/sentinel)                           |  &#9989;  |  &#9989;   |  &#9989;  |
+| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
 
 </Tab>
 
@@ -150,6 +154,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  n/a      |  n/a       |  n/a       |
 | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Sentinel ](/consul/docs/enterprise/sentinel)                           |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
 
 </Tab>
 </Tabs>
\ No newline at end of file
diff --git a/website/content/docs/release-notes/consul/v1_16_x.mdx b/website/content/docs/release-notes/consul/v1_16_x.mdx
index 96e0909f4122..0472de83f208 100644
--- a/website/content/docs/release-notes/consul/v1_16_x.mdx
+++ b/website/content/docs/release-notes/consul/v1_16_x.mdx
@@ -11,9 +11,9 @@ We are pleased to announce the following Consul updates.
 
 ## Release Highlights
 
-- **Sameness groups:** Sameness groups are a user-defined set of partitions that Consul uses to identify services in different administrative partitions with the same name as being the same services. You can use sameness groups to create a blanket failover policy for deployments with cluster peering connections. Refer to the [Sameness groups overview](/consul/docs/connect/cluster-peering/usage/create-sameness-groups) for more information.
+- **Sameness groups (Enterprise):** Sameness groups are a user-defined set of partitions that Consul uses to identify services in different administrative partitions with the same name as being the same services. You can use sameness groups to create a blanket failover policy for deployments with cluster peering connections. Refer to the [Sameness groups overview](/consul/docs/connect/cluster-peering/usage/create-sameness-groups) for more information.
 
-   <Note> Sameness groups is currently a "Beta" feature in Consul v1.16.0 and is an Enterprise feature. </Note>
+   <Note> Sameness groups is currently a _beta_ feature in Consul Enterprise v1.16.0. </Note>
 
 - **Permissive mTLS:** You can enable the `permissive` mTLS mode to enable sidecar proxies to accept both mTLS and non-mTLS traffic. Using this mode enables you to onboard services without downtime and without reconfiguring or redeploying your application. Refer to the [Onboard services while in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for more information on how to use permissive mTLS to onboard services to Consul.
 
@@ -23,7 +23,7 @@ We are pleased to announce the following Consul updates.
     - [Route traffic to virtual services](/consul/docs/k8s/l7-traffic/route-to-virtual-services)
     - [Configure failover services](/consul/docs/k8s/l7-traffic/failover-tproxy).
 
-- **Granular server-side rate limits:** You can now set limits per source IP address. The following steps describe the general process for setting global read and write rate limits:
+- **Granular server-side rate limits (Enterprise):** You can now set limits per source IP address. The following steps describe the general process for setting global read and write rate limits:
 
     1. Set arbitrary limits to begin understanding the upper boundary of RPC and gRPC loads in your network. Refer to [Initialize rate limit settings](/consul/docs/agent/limits/usage/init-rate-limits) for additional information.
     1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits)
@@ -39,11 +39,11 @@ We are pleased to announce the following Consul updates.
 
 - **Simplified API Gateway installation for Consul on Kubernetes:** API Gateway is now built into Consul. This enables a simplified installation and configuration process for Consul on Kubernetes. Refer to the [API Gateway installation](/consul/docs/api-gateway/install) for more information on the simplified native installation method. 
 
-- **FIPS compliance:** Consul Enterprise now offers FIPS 140-2 compliant builds that meet the security needs of federal agencies protecting sensitive, unclassified information with approved cryptographic measures. These builds use certified cryptographic modules and restrict configuration settings to comply with FIPS 140-2 Level 1 requirements, enabling compliant Consul deployments. Refer to the [Consul Enterprise FIPS](/consul/docs/enterprise/fips) for more information on FIPS compliance.
+- **FIPS compliance (Enterprise):** HashiCorp now offers FIPS 140-2 compliant builds of Consul Enterprise that meet the security needs of federal agencies protecting sensitive, unclassified information with approved cryptographic measures. These builds use certified cryptographic modules and restrict configuration settings to comply with FIPS 140-2 Level 1 requirements, enabling compliant Consul deployments. Refer to the [Consul Enterprise FIPS](/consul/docs/enterprise/fips) for more information on FIPS compliance.
 
 - **JWT Authorization with service intentions:** Consul can now authorize connections based on claims present in JSON Web Token (JWT). You can configure Consul to use one or more JWT providers, which lets you control access to services and specific HTTP paths based on the validity of JWT claims embedded in the service traffic. This ensures a uniform and low latency mechanism to validate and authorize communication based on JWT claims across all services in a diverse service-oriented architecture. Refer to the [Use JWT authorization with service intentions](/consul/docs/connect/intentions/jwt-authorization) for more information.
 
-- **Automated license utilization reporting:** Consul Enteprise now provides automated license utilization reporting, which sends minimal product-license metering data to HashiCorp. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption. Refer to the [Automated license utilization reporting documentation](/consul/docs/enterprise/license/utilization-reporting) for more information. 
+- **Automated license utilization reporting (Enterprise):** Consul Enteprise now provides automated license utilization reporting, which sends minimal product-license metering data to HashiCorp. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption. Refer to the [Automated license utilization reporting documentation](/consul/docs/enterprise/license/utilization-reporting) for more information. 
 
 ## Upgrading
 

From 28647ef0868db27f9d88f9942e7aea3cadc02b00 Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Tue, 13 Jun 2023 14:51:26 -0700
Subject: [PATCH 042/359] Update compatibility.mdx (#17713)

---
 website/content/docs/k8s/compatibility.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/k8s/compatibility.mdx b/website/content/docs/k8s/compatibility.mdx
index 343387156df0..ad9f2cdf1261 100644
--- a/website/content/docs/k8s/compatibility.mdx
+++ b/website/content/docs/k8s/compatibility.mdx
@@ -15,9 +15,9 @@ Consul Kubernetes versions all of its components (`consul-k8s` CLI, `consul-k8s-
 
 | Consul Version | Compatible consul-k8s Versions   | Compatible Kubernetes Versions | 
 | -------------- | -------------------------------- | -------------------------------|
+| 1.16.x         | 1.2.x                            | 1.24.x - 1.27.x                |
 | 1.15.x         | 1.1.x                            | 1.23.x - 1.26.x                |
 | 1.14.x         | 1.0.x                            | 1.22.x - 1.25.x                |
-| 1.13.x         | 0.49.x                           | 1.21.x - 1.24.x                |
 
 ## Supported Envoy versions
 

From 9acbe76ee9b722e4e6a221bd6328d4f9407cac2d Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Tue, 13 Jun 2023 15:50:28 -0700
Subject: [PATCH 043/359] Remove extraneous version info for Config entries
 (#17716)

* Update terminating-gateway.mdx
* Update exported-services.mdx
* Update mesh.mdx
---
 .../content/docs/connect/config-entries/exported-services.mdx  | 2 --
 website/content/docs/connect/config-entries/mesh.mdx           | 2 --
 .../docs/connect/config-entries/terminating-gateway.mdx        | 3 ---
 3 files changed, 7 deletions(-)

diff --git a/website/content/docs/connect/config-entries/exported-services.mdx b/website/content/docs/connect/config-entries/exported-services.mdx
index 089eeb572314..c7811d8d9b48 100644
--- a/website/content/docs/connect/config-entries/exported-services.mdx
+++ b/website/content/docs/connect/config-entries/exported-services.mdx
@@ -9,8 +9,6 @@ description: >-
 
 This topic describes the `exported-services` configuration entry type. The `exported-services` configuration entry enables Consul to export service instances to other clusters from a single file and connect services across clusters. For additional information, refer to [Cluster Peering](/consul/docs/connect/cluster-peering) and [Admin Partitions](/consul/docs/enterprise/admin-partitions).
 
--> **v1.11.0+:** This config entry is supported in Consul versions 1.11.0+.
-
 ## Introduction
 
 To configure Consul to export services contained in a Consul Enterprise admin partition or Consul OSS datacenter to one or more additional clusters, create a new configuration entry and declare `exported-services` in the `kind` field. This configuration entry enables you to route traffic between services in different clusters.
diff --git a/website/content/docs/connect/config-entries/mesh.mdx b/website/content/docs/connect/config-entries/mesh.mdx
index a323a6d90f17..98760c068c04 100644
--- a/website/content/docs/connect/config-entries/mesh.mdx
+++ b/website/content/docs/connect/config-entries/mesh.mdx
@@ -7,8 +7,6 @@ description: >-
 
 # Mesh Configuration Entry
 
--> **v1.10.0+:** This configuration entry is supported in Consul versions 1.10.0+.
-
 The `mesh` configuration entry allows you to define a global default configuration that applies to all service mesh proxies.
 Settings in this config entry apply across all namespaces and federated datacenters.
 
diff --git a/website/content/docs/connect/config-entries/terminating-gateway.mdx b/website/content/docs/connect/config-entries/terminating-gateway.mdx
index e0c1ff6032cf..9c0804f9c39d 100644
--- a/website/content/docs/connect/config-entries/terminating-gateway.mdx
+++ b/website/content/docs/connect/config-entries/terminating-gateway.mdx
@@ -7,9 +7,6 @@ description: >-
 
 # Terminating Gateway Configuration Entry
 
--> **v1.8.4+:** On Kubernetes, the `TerminatingGateway` custom resource is supported in Consul versions 1.8.4+.<br />
-**v1.8.0+:** On other platforms, this config entry is supported in Consul versions 1.8.0+.
-
 The `terminating-gateway` config entry kind (`TerminatingGateway` on Kubernetes) allows you to configure terminating gateways
 to proxy traffic from services in the Consul service mesh to services registered with Consul that do not have a
 [service mesh sidecar proxy](/consul/docs/connect/proxies). The configuration is associated with the name of a gateway service

From 8d9f2eb41033b965143f398c143e77ad50a229a4 Mon Sep 17 00:00:00 2001
From: Tobias Birkefeld <t@craxs.de>
Date: Wed, 14 Jun 2023 02:41:34 +0200
Subject: [PATCH 044/359] fix: typo in link to section (#17527)

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 website/content/docs/k8s/upgrade/index.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx
index 3533f10755f4..b506e17c11f4 100644
--- a/website/content/docs/k8s/upgrade/index.mdx
+++ b/website/content/docs/k8s/upgrade/index.mdx
@@ -230,7 +230,7 @@ If you upgrade Consul from a version that uses client agents to a version the us
 
 1. Add `consul.hashicorp.com/consul-k8s-version: 1.0.0` to the annotations for each pod you upgrade.
 
-1. Follow our [recommended procedures to upgrade servers](#upgrading-consul-servers) on Kubernetes deployments to upgrade Helm values for the new version of Consul.
+1. Follow our [recommended procedures to upgrade servers](#upgrade-consul-servers) on Kubernetes deployments to upgrade Helm values for the new version of Consul.
 
 1. Run `kubectl rollout restart` to restart your service mesh applications. Restarting service mesh application causes Kubernetes to re-inject them with the webhook for dataplanes.
 

From 212e0902fb3b616b845b1a24ba92b9453e49e75d Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Tue, 13 Jun 2023 18:02:05 -0700
Subject: [PATCH 045/359] Bump Alpine to 3.18 (#17719)

* Update Dockerfile

* Create 17719.txt
---
 .changelog/17719.txt | 3 +++
 Dockerfile           | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 .changelog/17719.txt

diff --git a/.changelog/17719.txt b/.changelog/17719.txt
new file mode 100644
index 000000000000..f45370b3f7dc
--- /dev/null
+++ b/.changelog/17719.txt
@@ -0,0 +1,3 @@
+```release-note:security
+Bump Dockerfile base image to `alpine:3.18`. 
+ ```
diff --git a/Dockerfile b/Dockerfile
index 065156752ea1..7599ec7b35b8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,7 +16,7 @@
 # Official docker image that includes binaries from releases.hashicorp.com. This
 # downloads the release from releases.hashicorp.com and therefore requires that
 # the release is published before building the Docker image.
-FROM docker.mirror.hashicorp.services/alpine:3.17 as official
+FROM docker.mirror.hashicorp.services/alpine:3.18 as official
 
 # This is the release of Consul to pull in.
 ARG VERSION
@@ -112,7 +112,7 @@ CMD ["agent", "-dev", "-client", "0.0.0.0"]
 
 # Production docker image that uses CI built binaries.
 # Remember, this image cannot be built locally.
-FROM docker.mirror.hashicorp.services/alpine:3.17 as default
+FROM docker.mirror.hashicorp.services/alpine:3.18 as default
 
 ARG PRODUCT_VERSION
 ARG BIN_NAME

From 6a90c2343b767b21f3514c93395bdf964f654332 Mon Sep 17 00:00:00 2001
From: Paul Glass <pglass@hashicorp.com>
Date: Wed, 14 Jun 2023 09:17:30 -0500
Subject: [PATCH 046/359] NET-1825: New ACL token creation docs (#16465)

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
---
 .../create/create-a-mesh-gateway-token.mdx    | 508 ++++++++++++++++
 .../tokens/create/create-a-service-token.mdx  | 416 +++++++++++++
 .../create-a-terminating-gateway-token.mdx    | 352 +++++++++++
 .../acl/tokens/create/create-a-ui-token.mdx   | 557 ++++++++++++++++++
 .../tokens/create/create-an-agent-token.mdx   | 407 +++++++++++++
 .../create-an-ingress-gateway-token.mdx       | 326 ++++++++++
 .../acl/{acl-tokens.mdx => tokens/index.mdx}  |   0
 .../partials/create-token-auth-methods.mdx    |   3 +
 .../partials/create-token-requirements.mdx    |  22 +
 website/data/docs-nav-data.json               |  36 +-
 10 files changed, 2626 insertions(+), 1 deletion(-)
 create mode 100644 website/content/docs/security/acl/tokens/create/create-a-mesh-gateway-token.mdx
 create mode 100644 website/content/docs/security/acl/tokens/create/create-a-service-token.mdx
 create mode 100644 website/content/docs/security/acl/tokens/create/create-a-terminating-gateway-token.mdx
 create mode 100644 website/content/docs/security/acl/tokens/create/create-a-ui-token.mdx
 create mode 100644 website/content/docs/security/acl/tokens/create/create-an-agent-token.mdx
 create mode 100644 website/content/docs/security/acl/tokens/create/create-an-ingress-gateway-token.mdx
 rename website/content/docs/security/acl/{acl-tokens.mdx => tokens/index.mdx} (100%)
 create mode 100644 website/content/partials/create-token-auth-methods.mdx
 create mode 100644 website/content/partials/create-token-requirements.mdx

diff --git a/website/content/docs/security/acl/tokens/create/create-a-mesh-gateway-token.mdx b/website/content/docs/security/acl/tokens/create/create-a-mesh-gateway-token.mdx
new file mode 100644
index 000000000000..9736beb50d9e
--- /dev/null
+++ b/website/content/docs/security/acl/tokens/create/create-a-mesh-gateway-token.mdx
@@ -0,0 +1,508 @@
+---
+layout: docs
+page_title: Create a token for mesh gateway registration
+description: >-
+  Learn how to create ACL tokens that your mesh gateway can present to Consul servers so that they
+  can register with the Consul catalog.
+---
+
+# Create a mesh gateway token
+
+This topic describes how to create a token for a mesh gateway.
+
+## Introduction
+
+Mesh gateways enable service-to-service traffic between Consul datacenters or between Consul admin
+partitions. They also enable datacenters to be federated across wide area networks. Refer to [Mesh
+Gateways](/consul/docs/connect/gateways#mesh-gateways) for additional information.
+
+Gateways must present a token linked to policies that grant the appropriate set of permissions in
+order to be discoverable and to route to other services in a mesh.
+
+## Requiremements
+
+Core ACL functionality is available in all versions of Consul.
+
+The mesh gateway must present a token linked to a policy that grants the following permissions:
+
+* `mesh:write` to obtain leaf certificates for terminating TLS connections
+* `peering:read` for Consul cluster peering through mesh gateways. If you are not using cluster
+  peering or if the mesh gateway is not in the `default` partition, then you can omit the
+  `peering:read` permission.
+* `service:write` to allow the mesh gateway to register into the catalog
+* `service:read` for all services and `node:read` for all nodes in order to discover and route to services
+* `agent:read` to enable the `consul connect envoy` CLI command to automatically discover gRPC
+  settings from the Consul agent. If this command is not used to start the gateway or if the Consul
+  agent uses the default gRPC settings, then you can omit the `agent:read` permission.
+
+@include 'create-token-requirements.mdx'
+
+## Consul OSS
+
+To create a token for the mesh gateway, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions to register as a service named `mesh-gateway` and to operate as a mesh gateway.
+
+<CodeTabs>
+
+```hcl
+mesh = "write"
+peering = "read"
+service "mesh-gateway" {
+   policy = "write"
+}
+service_prefix "" {
+   policy = "read"
+}
+node_prefix "" {
+   policy = "read"
+}
+agent_prefix "" {
+   policy = "read"
+}
+```
+
+```json
+{
+  "mesh": "write",
+  "peering": "read",
+  "service": {
+    "mesh-gateway": [{
+      "policy": "write"
+    }]
+  },
+  "service_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "node_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "agent_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+The following commands create the ACL policy and token.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `mgw-register.hcl`:
+
+```shell-session
+$ consul acl policy create \
+    -name "mgw-register" -rules @mgw-register.hcl \
+    -description "Mesh gateway policy"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `mgw-register.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  –-header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "mgw-register",
+  "Description": "Mesh gateway policy",
+  "Rules": "mesh = \"write\"\npeering = \"read\"\nservice \"mesh-gateway\" {\n   policy = \"write\"\n}\nservice_prefix \"\" {\n   policy = \"read\"\n}\nnode_prefix \"\" {\n   policy = \"read\"\n}\nagent_prefix \"\" {\n   policy = \"read\"\n}\n"
+}'
+```
+
+Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates the ACL token linked to the policy `mgw-register`.
+
+```shell-session
+$ consul acl token create \
+    -description "Mesh gateway token" \
+    -policy-name "mgw-register"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  –-header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "mgw-register"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Consul Enterprise in default partition
+
+To create a token for the mesh gateway, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+You can specify an admin partition and namespace when using Consul Enterprise. Mesh gateways must register into the `default` namespace.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions to register as a service named `mesh-gateway` and to operate as a mesh gateway in the default partition.
+
+<CodeTabs>
+
+```hcl
+mesh = "write"
+partition_prefix "" {
+  peering = "read"
+}
+partition "default" {
+  namespace "default" {
+    service "mesh-gateway" {
+       policy = "write"
+    }
+    agent_prefix "" {
+       policy = "read"
+    }
+  }
+  namespace_prefix "" {
+    node_prefix "" {
+    	policy = "read"
+    }
+    service_prefix "" {
+       policy = "read"
+    }
+  }
+}
+```
+
+```json
+{
+  "mesh": "write",
+  "partition": {
+    "default": [{
+      "namespace": {
+        "default": [{
+          "service": {
+            "mesh-gateway": [{
+              "policy": "write"
+            }]
+          },
+          "agent_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          }
+        }]
+      },
+      "namespace_prefix": {
+        "": [{
+          "node_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          },
+          "service_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          }
+        }]
+      }
+    }]
+  },
+  "partition_prefix": {
+    "": [{
+      "peering": "read"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+The following commands create the ACL policy and token.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `mgw-register.hcl`:
+
+You can specify an admin partition when creating policies in Consul Enterprise. The policy is only valid in the specified admin partition. You must create the policy in the partition where the mesh gateway registers. The following example creates the policy in the `default` partition.
+
+```shell-session
+$ consul acl policy create -partition "default" \
+  -name mgw-register -rules @mgw-register.hcl \
+  -description "Mesh gateway policy"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `mgw-register.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  –-header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "mgw-register",
+  "Description": "Mesh gateway policy",
+  "Partition": "default",
+  "Rules": "mesh = \"write\"\npeering = \"read\"\npartition_prefix \"\" {\n  peering = \"read\"\n}\nnamespace \"default\" {\n  service \"mesh-gateway\" {\n     policy = \"write\"\n  }\n  agent_prefix \"\" {\n     policy = \"read\"\n  }\n}\nnamespace_prefix \"\" {\n  node_prefix \"\" {\n  \tpolicy = \"read\"\n  }\n  service_prefix \"\" {\n     policy = \"read\"\n  }\n}\n"
+}'
+```
+
+Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+You can specify an admin partition when creating tokens in Consul Enterprise. The token is only valid in the specified admin partition. The token must be created in the partition where the mesh gateway registers. The following example creates the token in the partition `ptn1`.
+
+```shell-session
+$ consul acl token create -partition "default" \
+    -description "Mesh gateway token" \
+    -policy-name "mgw-register"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+You can specify an admin partition when creating tokens in Consul Enterprise. The token is only valid in the specified admin partition. The token must be created in the partition where the mesh gateway registers. The following example creates the token in the partition `ptn1`.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  –-header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "mgw-register"
+    }
+  ],
+  "Partition": "default"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Consul Enterprise in non-default partition
+
+To create a token for the mesh gateway, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+You can specify an admin partition and namespace when using Consul Enterprise. Mesh gateways must register into the `default` namespace. To register a mesh gateway in a non-default partition, create the ACL policy and token in the partition where the mesh gateway registers.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions to register as a service named `mesh-gateway` and to operate as a mesh gateway in a non-default partition.
+
+<CodeTabs>
+
+```hcl
+mesh = "write"
+namespace "default" {
+  service "mesh-gateway" {
+     policy = "write"
+  }
+  agent_prefix "" {
+     policy = "read"
+  }
+}
+namespace_prefix "" {
+  node_prefix "" {
+  	policy = "read"
+  }
+  service_prefix "" {
+     policy = "read"
+  }
+}
+```
+
+```json
+{
+  "mesh": "write",
+  "namespace": {
+    "default": [{
+      "service": {
+        "mesh-gateway": [{
+          "policy": "write"
+        }]
+      },
+      "agent_prefix": {
+        "": [{
+          "policy": "read"
+        }]
+      }
+    }]
+  },
+  "namespace_prefix": {
+    "": [{
+      "node_prefix": {
+        "": [{
+          "policy": "read"
+        }]
+      },
+      "service_prefix": {
+        "": [{
+          "policy": "read"
+        }]
+      }
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+The following commands create the ACL policy and token.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `mgw-register.hcl`:
+
+You can specify an admin partition when creating policies in Consul Enterprise. The policy is only valid in the specified admin partition. You must create the policy in the partition where the mesh gateway registers. The following example creates the policy in the partition `ptn1`.
+
+```shell-session
+$ consul acl policy create -partition "ptn1" \
+  -name mgw-register -rules @mgw-register.hcl \
+  -description "Mesh gateway policy"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `mgw-register.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  –-header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "mgw-register",
+  "Description": "Mesh gateway policy",
+  "Partition": "ptn1",
+  "Rules": "mesh = \"write\"\npeering = \"read\"\nnamespace \"default\" {\n  service \"mesh-gateway\" {\n     policy = \"write\"\n  }\n  agent_prefix \"\" {\n     policy = \"read\"\n  }\n}\nnamespace_prefix \"\" {\n  node_prefix \"\" {\n  \tpolicy = \"read\"\n  }\n  service_prefix \"\" {\n     policy = \"read\"\n  }\n}\n"
+}'
+```
+
+Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+You can specify an admin partition when creating tokens in Consul Enterprise. The token is only valid in the specified admin partition. The token must be created in the partition where the mesh gateway registers. The following example creates the token in the partition `ptn1`.
+
+```shell-session
+$ consul acl token create -partition "ptn1" \
+    -description "Mesh gateway token" \
+    -policy-name "mgw-register"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+You can specify an admin partition when creating tokens in Consul Enterprise. The token is only valid in the specified admin partition. The token must be created in the partition where the mesh gateway registers. The following example creates the token in the partition `ptn1`.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  –-header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "mgw-register"
+    }
+  ],
+  "Partition": "ptn1"
+}'
+```
+
+</Tab>
+
+</Tabs>
diff --git a/website/content/docs/security/acl/tokens/create/create-a-service-token.mdx b/website/content/docs/security/acl/tokens/create/create-a-service-token.mdx
new file mode 100644
index 000000000000..125390b39830
--- /dev/null
+++ b/website/content/docs/security/acl/tokens/create/create-a-service-token.mdx
@@ -0,0 +1,416 @@
+---
+layout: docs
+page_title: Create tokens for service registration
+description: >-
+  Learn how to create ACL tokens that your services can present to Consul servers so that they can register with the Consul catalog.
+---
+
+# Create a service token
+
+This topic describes how to create a token that you can use to register a service and discover services in the Consul catalog. If you are using Consul service mesh, a sidecar proxy can use the token to discover and route traffic to other services.
+
+## Introduction
+
+Services must present a token linked to policies that grant the appropriate set of permissions in order to be discoverable or to interact with other services in a mesh.
+
+### Service identities versus custom policies
+
+You can create tokens linked to custom policies or to service identities. [Service identities](/consul/docs/security/acl#service-identities) are constructs in Consul that enable you to quickly grant permissions for a group of services, rather than creating similar policies for each service.
+
+We recommend using a service identity to grant permissions for service discovery and service mesh use cases rather than creating a custom policy. This is because service identities automatically grant the service and its sidecar proxy `service:write`, `service:read`, and `node:read`.
+
+Your organization may have requirements or processes for deploying services in a way that is inconsistent with service and node identities. In these cases, you can create custom policies and link them to tokens.
+
+## Requirements
+
+Core ACL functionality is available in all versions of Consul.
+
+The service token must be linked to policies that grant the following permissions:
+
+* `service:write`: Enables the service to update the catalog. If service mesh is enabled, the service's sidecar proxy can also update the catalog. Note that this permission implicitly grants `intention:read` permission to sidecar proxies so that they can read and enforce intentions. Refer to [Intention Management Permissions](/consul/docs/connect/intentions#intention-management-permissions) for details.
+* `service:read`: Enables the service to learn about other services in the network. If service mesh is enabled, the service's sidecar proxy can also learn about other services in the network.
+* `node:read`: Enables the sidecar proxy to discover and route traffic to other services in the catalog if service mesh is enabled.
+
+@include 'create-token-requirements.mdx'
+
+## Service identity in Consul OSS
+
+Refer to [Service identities](/consul/docs/security/acl#service-identities) for information about creating service identities that you can link to tokens.
+
+You can manually create tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy or service identity to link to create a token. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following example creates an ACL token linked to a service identity for a service named `svc1`.
+
+```shell-session
+$ consul acl token create \
+  -description "Service token for svc1" \
+  -service-identity "svc1"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify a service identity in the request body to create a token linked to the service identity. An ACL token linked to a policy with permissions to use the API endpoint is required. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates a token linked to a service identity named `svc1`:
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "ServiceIdentities": [
+    {
+      "ServiceName": "svc1"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Service identity in Consul Enterprise <EnterpriseAlert inline />
+
+Refer to [Service identities](/consul/docs/security/acl#service-identities) for information about creating service identities that you can link to tokens.
+
+You can manually create tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy or service identity to link to create a token. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+You can specify an admin partition, namespace, or both when creating tokens in Consul Enterprise. The token can only include permissions in the specified scope, if any. The following example creates an ACL token that the service can use to register in the `ns1` namespace of partition `ptn1`:
+
+```shell-session
+$ consul acl token create -partition "ptn1" -namespace "ns1" \
+  -description "Service token for svc1" \
+  -service-identity "svc1"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify a service identity in the request body to create a token linked to the service identity. An ACL token linked to a policy with permissions to use the API endpoint is required. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+You can specify an admin partition and namespace when creating tokens in Consul Enterprise. The token is only valid in the specified scopes. The following example creates an ACL token that the service can use to register in the `ns1` namespace of partition `ptn1`:
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "ServiceIdentities": [
+    {
+      "ServiceName": "svc1"
+    }
+  ],
+  "Namespace": "ns1",
+  "Partition": "ptn1"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Custom policy in Consul OSS
+
+When you are unable to link tokens to a service identity, you can define policies, register them with Consul, and link the policies to tokens that enable services to register into the Consul catalog.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the `svc1` service `write` permissions so that it can register into the catalog. For service mesh, the policy grants the `svc1-sidecar-proxy` service `write` permissions so that the sidecar proxy can register into the catalog. It grants service and node `read` permissions to discover and route to other services.
+
+<CodeTabs>
+
+```hcl
+service "svc1" {
+  policy = "write"
+}
+service "svc1-sidecar-proxy" {
+  policy = "write"
+}
+service_prefix "" {
+  policy = "read"
+}
+node_prefix "" {
+  policy = "read"
+}
+```
+
+```json
+{
+  "node_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "service": {
+    "svc1": [{
+      "policy": "write"
+    }],
+    "svc1-sidecar-proxy": [{
+      "policy": "write"
+    }]
+  },
+  "service_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+
+### Register the policy with Consul
+
+After defining the policies, you can register them with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `svc1-register.hcl`:
+
+
+```shell-session
+$ consul acl policy create \
+    -name "svc1-register" -rules @svc1-register.hcl \
+    -description "Allow svc1 to register into the catalog"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl token create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `svc1-register.hcl`. You must embed policy rules in the `Rules` field of the request body
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "svc1-register",
+  "Description": "Allow svc1 to register into the catalog",
+  "Rules": "service \"svc1\" {\n  policy = \"write\"\n}\nservice \"svc1-sidecar-proxy\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"read\"\n}\n"
+}'
+```
+
+Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policies into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following commands create the ACL token linked to the policy `svc1-register`.
+
+```shell-session
+$ consul acl token create \
+  -description "Service token for svc1" \
+  -policy-name "svc1-register"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates an ACL token that the `svc1` service can use to register in the `ns1` namespaces of partition `ptn1`:
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "svc1-register"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Custom policy in Consul Enterprise <EnterpriseAlert inline/>
+
+When you are unable to link tokens to a service identity, you can define policies, register them with Consul, and link the policies to tokens that enable services to register into the Consul catalog.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+You can specify an admin partition and namespace when creating policies in Consul Enterprise. The policy is only valid in the specified scopes.
+
+The following example policy is defined in a file. The policy allows the `svc1` service to register in the `ns1` namespace of partition `ptn1`. For service mesh, the policy grants the `svc1-sidecar-proxy` service `write` permissions so that the sidecar proxy can register into the catalog. It grants service and node `read` permissions to discover and route to other services.
+
+<CodeTabs>
+
+```hcl
+partition "ptn1" {
+  namespace "ns1" {
+    service "svc1" {
+      policy = "write"
+    }
+    service "svc1-sidecar-proxy" {
+      policy = "write"
+    }
+    service_prefix "" {
+      policy = "read"
+    }
+    node_prefix "" {
+      policy = "read"
+    }
+  }
+}
+```
+
+```json
+{
+  "partition": {
+    "ptn1": [{
+      "namespace": {
+        "ns1": [{
+          "node_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          },
+          "service": {
+            "svc1": [{
+              "policy": "write"
+            }],
+            "svc1-sidecar-proxy": [{
+              "policy": "write"
+            }]
+          },
+          "service_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          }
+        }]
+      }
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+
+### Register the policy with Consul
+
+After defining the policies, you can register them with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `svc1-register.hcl`:
+
+
+```shell-session
+$ consul acl policy create -partition "ptn1" -namespace "ns1" \
+  -name "svc1-register" -rules @svc1-register.hcl \
+  -description "Custom policy for service svc1"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl token create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `svc1-register.hcl`. You must embed policy rules in the `Rules` field of the request body
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "svc1-register",
+  "Description": "Allow svc1 to register into the catalog",
+  "Namespace": "ns1",
+  "Partition": "ptn1",
+  "Rules": "partition \"ptn1\" {\n  namespace \"ns1\" {\n    service \"svc1\" {\n      policy = \"write\"\n    }\n    service \"svc1-sidecar-proxy\" {\n      policy = \"write\"\n    }\n    service_prefix \"\" {\n      policy = \"read\"\n    }\n    node_prefix \"\" {\n      policy = \"read\"\n    }\n  }\n}\n"
+}'
+```
+
+Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policies into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+You can specify an admin partition and namespace when creating tokens in Consul Enterprise. The token is only valid in the specified scopes. The following example creates an ACL token that the service can use to register in the `ns1` namespace of partition `ptn1`:
+
+The following commands create the ACL token linked to the policy `svc1-register`.
+
+```shell-session
+$ consul acl token create -partition "ptn1" -namespace "ns1" \
+  -description "Service token for svc1" \
+  -policy-name "svc1-register"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+You can specify an admin partition and namespace when creating tokens in Consul Enterprise. The token is only valid in the specified scopes. The following example creates an ACL token that the service can use to register in the `ns1` namespace of partition `ptn1`:
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "svc1-register"
+    }
+  ],
+  "Namespace": "ns1",
+  "Partition": "ptn1"
+}'
+```
+
+</Tab>
+
+</Tabs>
diff --git a/website/content/docs/security/acl/tokens/create/create-a-terminating-gateway-token.mdx b/website/content/docs/security/acl/tokens/create/create-a-terminating-gateway-token.mdx
new file mode 100644
index 000000000000..5ba304a9f84b
--- /dev/null
+++ b/website/content/docs/security/acl/tokens/create/create-a-terminating-gateway-token.mdx
@@ -0,0 +1,352 @@
+---
+layout: docs
+page_title: Create a token for terminating gateway registration
+description: >-
+  Learn how to create ACL tokens that your terminating gateway can present to Consul servers so that they can register with the Consul catalog.
+---
+
+# Create a terminating gateway token
+
+This topic describes how to create an ACL token that enables a terminating gateway to register with Consul.
+
+## Introduction
+
+Terminating gateways enable connectivity within your organizational network from services in the Consul service mesh to services and destinations outside the mesh.
+
+To learn how to configure terminating gateways, refer to the [Terminating Gateways](/consul/docs/connect/gateways/terminating-gateway#terminating-gateway-configuration) documentation and the [Understand Terminating Gateways](/consul/tutorials/developer-mesh/service-mesh-terminating-gateways) tutorial.
+
+## Requirements
+
+Core ACL functionality is available in all versions of Consul.
+
+The terminating gateway token must be linked to policies that grant the appropriate set of permissions in order to be discoverable and to forward traffic out of the mesh. The following permissions are required:
+
+* `service:write` to allow the terminating gateway to register into the catalog
+* `service:write` for each service that it forwards traffic for
+* `node:read` for the nodes of each service that it forwards traffic for
+* `service:read` for all services and `node:read` for all nodes in order to discover and route to services
+* `agent:read` to enable the `consul connect envoy` CLI command to automatically discover gRPC settings from the Consul agent. If this command is not used to start the gateway or if the Consul agent uses the default gRPC settings, then you can omit the `agent:read` permission.
+
+@include 'create-token-requirements.mdx'
+
+## Consul OSS
+
+To create a token for the terminating gateway, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions to register as a service named `terminating-gateway` and to operate as a terminating gateway. For this example, the terminating gateway forwards traffic for two services named `external-service-1` and `external-service-2`. The policy examples include `service:write` permissions for these services. If you have additional services, your policy must include `service:write` permissions for the additional services to be included in the policy rules.
+
+<CodeTabs>
+
+```hcl
+service "terminating-gateway" {
+   policy = "write"
+}
+service "external-service-1" {
+  policy = "write"
+}
+service "external-service-2" {
+  policy = "write"
+}
+node_prefix "" {
+  policy = "read"
+}
+agent_prefix "" {
+  policy = "read"
+}
+```
+
+```json
+{
+  "service": {
+    "terminating-gateway": [{
+      "policy": "write"
+    }],
+    "external-service-1": [{
+      "policy": "write"
+    }],
+    "external-service-2": [{
+      "policy": "write"
+    }]
+  },
+  "node_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "agent_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+The following commands create the ACL policy and token.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `tgw-register.hcl`:
+
+```shell-session
+$ consul acl policy create \
+    -name "tgw-register" -rules @tgw-register.hcl \
+    -description "Terminating gateway policy"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `tgw-register.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "tgw-register",
+  "Description": "Terminating gateway policy",
+  "Rules": "service \"terminating-gateway\" {\n   policy = \"write\"\n}\nservice \"external-service-1\" {\n  policy = \"write\"\n}\nservice \"external-service-2\" {\n  policy = \"write\"\n}\nnode_prefix \"\" {\n  policy = \"read\"\n}\nagent_prefix \"\" {\n  policy = \"read\"\n}\n"
+}'
+```
+
+Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates the ACL token linked to the policy `tgw-register`.
+
+```shell-session
+$ consul acl token create \
+    -description "Terminating gateway token" \
+    -policy-name "tgw-register"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "tgw-register"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Consul Enterprise
+
+To create a token for the terminating gateway, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+You can specify an admin partition and namespace when creating policies in Consul Enterprise. The policy is only valid in the specified scopes.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions for a terminating gateway to register as a service named `terminating-gateway` in namespace `ns1` in partition `ptn1`.
+
+For this example, the terminating gateway forwards traffic for the following two services:
+
+* `external-service-1` in the `default` namespace
+* `external-service-2` in the `ns1` namespace
+
+The policy examples include `service:write` permissions for these services. If you have additional services, your policy must include `service:write` permissions for the additional services to be included in the policy rules.
+
+The policy contains permissions for resources in multiple namespaces. You must create ACL policies that grant permissions for multiple namespaces in the `default` namespace.
+
+<CodeTabs>
+
+```hcl
+partition "ptn1" {
+  namespace "ns1" {
+    service "terminating-gateway" {
+       policy = "write"
+    }
+    node_prefix "" {
+      policy = "read"
+    }
+    service "external-service-2" {
+      policy = "write"
+    }
+  }
+  namespace "default" {
+    service "external-service-1" {
+      policy = "write"
+    }
+    node_prefix "" {
+      policy = "read"
+    }
+    agent_prefix "" {
+      policy = "read"
+    }
+  }
+}
+```
+
+```json
+{
+  "partition": {
+    "ptn1": [{
+      "namespace": {
+        "default": [{
+          "agent_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          },
+          "node_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          },
+          "service": {
+            "external-service-1": [{
+              "policy": "write"
+            }]
+          }
+        }],
+        "ns1": [{
+          "node_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          },
+          "service": {
+            "external-service-2": [{
+              "policy": "write"
+            }],
+            "terminating-gateway": [{
+              "policy": "write"
+            }]
+          }
+        }]
+      }
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+You can specify an admin partition and namespace when creating policies in Consul Enterprise. The policy is only valid in the specified admin partition and namespace. You must create the policy in the same partition where the terminating gateway is registered. If the terminating gateway requires permissions for multiple namespaces, then the policy must be created in the `default` namespace. The following example creates the policy in the partition `ptn1` and `default` namespace because the example policy contains permissions for multiple namespaces.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `tgw-register.hcl`:
+
+```shell-session
+$ consul acl policy create -partition "ptn1" -namespace "default" \
+    -name "tgw-register" -rules @tgw-register.hcl \
+    -description "Terminating gateway policy"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `tgw-register.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "tgw-register",
+  "Description": "Terminating gateway policy",
+  "Partition": "ptn1",
+  "Namespace": "default",
+  "Rules": "partition \"ptn1\" {\n  namespace \"ns1\" {\n    service \"terminating-gateway\" {\n       policy = \"write\"\n    }\n    node_prefix \"\" {\n      policy = \"read\"\n    }\n    service \"external-service-2\" {\n      policy = \"write\"\n    }\n  }\n  namespace \"default\" {\n    service \"external-service-1\" {\n      policy = \"write\"\n    }\n    node_prefix \"\" {\n      policy = \"read\"\n    }\n    agent_prefix \"\" {\n      policy = \"read\"\n    }\n  }\n}\n"
+}'
+```
+
+Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+You can specify an admin partition when creating tokens in Consul Enterprise. The token is only valid in the specified admin partition. You must create the token in the partition where the terminating gateway is registered. If the terminating gateway requires permissions for multiple namespaces, then the token must be created in the `default` namespace. The following example creates the token in the `default` namespace in the `ptn1` partition because the example policy contains permissions for multiple namespaces.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+```shell-session
+$ consul acl token create -partition "ptn1" -namespace "default" \
+    -description "Terminating gateway token" \
+    -policy-name "tgw-register"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "tgw-register"
+    }
+  ],
+  "Partition": "ptn1",
+  "Namespace": "default"
+}'
+```
+
+</Tab>
+
+</Tabs>
diff --git a/website/content/docs/security/acl/tokens/create/create-a-ui-token.mdx b/website/content/docs/security/acl/tokens/create/create-a-ui-token.mdx
new file mode 100644
index 000000000000..9c1e9019b5e7
--- /dev/null
+++ b/website/content/docs/security/acl/tokens/create/create-a-ui-token.mdx
@@ -0,0 +1,557 @@
+---
+layout: docs
+page_title: Create tokens for agent registration
+description: >-
+  Learn how to create ACL tokens that your Consul agents can present to Consul servers so that they can join the Consul cluster.
+---
+
+# Create a UI token
+
+This topic describes how to create a token that you can use to view resources in the Consul UI.
+
+## Introduction
+
+To navigate the Consul UI when ACLs are enabled, log into the UI with a token linked to policies that grant an appropriate set of permissions. The UI is unable to display resources that the token does not have permission to access.
+
+## Requirements
+
+Core ACL functionality is available in all versions of Consul.
+
+@include 'create-token-requirements.mdx'
+
+## View catalog in Consul OSS
+
+This section describes how to create a token that grants read-only access to the catalog. This token allows users to view the catalog without the ability to make changes. To create the ACL token, define a policy, create the policy, and then link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy allows users that login with the token to view all services and nodes in the catalog.
+
+<CodeTabs>
+
+```hcl
+service_prefix "" {
+  policy = "read"
+}
+node_prefix "" {
+  policy = "read"
+}
+```
+
+```json
+{
+  "node_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "service_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policies, you can register them with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `ui-view-catalog.hcl`.
+
+```shell-session
+$ consul acl policy create \
+    -name "ui-view-catalog" -rules @ui-view-catalog.hcl \
+    -description "Allow viewing the catalog"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `view-catalog.hcl`. You must embed the policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "ui-view-catalog",
+  "Description": "Allow viewing the catalog",
+  "Rules": "service_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"read\"\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policies into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates the ACL token linked to the policy `ui-view-catalog`.
+
+```shell-session
+$ consul acl token create \
+    -description "UI token to view the catalog" \
+    -policy-name "ui-view-catalog"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates an ACL token that you can use to login to the UI and view the catalog.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "ui-view-catalog"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## View catalog in Consul Enterprise
+
+This section describes how to create a token that grants read-only access to the catalog. This token allows users to view the catalog without the ability to make changes. To create the ACL token, define a policy, create the policy, and then link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The following policy allows users that log in with the token to view services and nodes in the catalog in any partition and in any namespace. The `operator:read` permission is needed to list partitions. Without this permission, you can still view resources within a partition but cannot easily navigate to other partitions in the Consul UI.
+
+<CodeTabs>
+
+```hcl
+operator = "read"
+partition_prefix "" {
+  namespace_prefix "" {
+    service_prefix "" {
+      policy = "read"
+    }
+    node_prefix "" {
+      policy = "read"
+    }
+  }
+}
+```
+
+```json
+{
+  "partition_prefix": {
+    "": [{
+      "namespace_prefix": {
+        "": [{
+          "node_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          },
+          "service_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          }
+        }]
+      }
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policies, you can register them with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `ui-view-catalog.hcl`.
+
+You can specify an admin partition and namespace when registering policies in Consul Enterprise. Policies are only valid in the scopes specified during registration, but you can grant tokens registered in the `default` partition permission to access resources in a different partition than where the token was registered. Refer to the [admin partition documentation](/consul/docs/enterprise/admin-partitions#default-admin-partition) for additional information.
+
+The following example registers the policy in the `default` partition and the `default` namespace because the policy grants cross-partition and cross-namespace access.
+
+```shell-session
+$ consul acl policy create -partition "default" -namespace "default" \
+    -name "ui-view-catalog" -rules @ui-view-catalog.hcl \
+    -description "Allow viewing the catalog"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `view-catalog.hcl`. You must embed the policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "ui-view-catalog",
+  "Description": "Allow viewing the catalog",
+  "Partition": "default",
+  "Namespace": "default",
+  "Rules": "partition_prefix \"\" {\n  namespace_prefix \"\" {\n    service_prefix \"\" {\n      policy = \"read\"\n    }\n    node_prefix \"\" {\n      policy = \"read\"\n    }\n  }\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policies into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+```shell-session
+$ consul acl token create -partition "default" -namespace "default" \
+    -description "UI token to view the catalog" \
+    -policy-name "ui-view-catalog"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+You can specify an admin partition and namespace when registering policies in Consul Enterprise. Policies are only valid in the scopes specified during registration, but you can grant tokens registered in the `default` partition permission to access resources in a different partition than where the token was registered. Refer to the [admin partition documentation](/consul/docs/enterprise/admin-partitions#default-admin-partition) for additional information.
+
+The following example registers the policy in the `default` partition and the `default` namespace because the policy grants cross-partition and cross-namespace access.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "ui-view-catalog"
+    }
+  ],
+  "Partition": "default",
+  "Namespace": "default"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## View all resources in Consul OSS
+
+This section describes how to create a token with read-only access to all resources in the Consul UI. This token allows users to view any resources without the ability to make changes. To create the ACL token, define a policy, create the policy, and then link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy allows users that log in with the token to view all services and nodes in the catalog, all objects in the key/value store, all intentions, and all ACL resources. The `acl:read` permission does not allow viewing the token secret ids.
+
+<CodeTabs>
+
+```hcl
+acl = "read"
+key_prefix "" {
+  policy = "read"
+}
+node_prefix "" {
+  policy = "read"
+}
+operator = "read"
+service_prefix "" {
+  policy = "read"
+  intentions = "read"
+}
+```
+
+```json
+{
+  "acl": "read",
+  "key_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "node_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "operator": "read",
+  "service_prefix": {
+    "": [{
+      "intentions": "read",
+      "policy": "read"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policies, you can register them with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `ui-view-all.hcl`.
+
+```shell-session
+$ consul acl policy create \
+    -name "ui-view-all" -rules @ui-view-all.hcl \
+    -description "Allow viewing all resources"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `ui-view-all.hcl`. You must embed the policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "ui-view-all",
+  "Description": "Allow viewing all resources",
+  "Rules": "acl = \"read\"\nkey_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"read\"\n}\noperator = \"read\"\nservice_prefix \"\" {\n  policy = \"read\"\n  intentions = \"read\"\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policies into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates the ACL token linked to the policy `ui-view-all`.
+
+```shell-session
+$ consul acl token create \
+    -description "UI token to view all resources" \
+    -policy-name "ui-view-all"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates an ACL token that you can use to login to the UI and view the catalog.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "ui-view-all"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## View all resources in Consul Enterprise
+
+This section describes how to create a token with read-only access to all resources in the Consul UI. This token allows users to view any resources without the ability to make changes. To create the ACL token, define a policy, create the policy, and then link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy allows users that log in with the token to view all services and nodes in the catalog, all objects in the key-value store, all intentions, and all ACL resources in any namespace and any partition. The `acl:read` permission does not allow viewing the token secret ids.
+
+<CodeTabs>
+
+```hcl
+operator = "read"
+partition_prefix "" {
+  namespace_prefix "" {
+    acl = "read"
+    key_prefix "" {
+      policy = "read"
+    }
+    node_prefix "" {
+      policy = "read"
+    }
+    service_prefix "" {
+      policy = "read"
+      intentions = "read"
+    }
+  }
+}
+```
+
+```json
+{
+  "operator": "read",
+  "partition_prefix": {
+    "": [{
+      "namespace_prefix": {
+        "": [{
+          "acl": "read",
+          "key_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          },
+          "node_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          },
+          "service_prefix": {
+            "": [{
+              "intentions": "read",
+              "policy": "read"
+            }]
+          }
+        }]
+      }
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policies, you can register them with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `ui-view-all.hcl`.
+
+You can specify an admin partition and namespace when creating policies in Consul Enterprise. The policy is only valid in the specified scopes. Because the policy grants cross-partition and cross-namespace access, the policy must be created in the `default` partition and the `default` namespace.
+
+```shell-session
+$ consul acl policy create -partition "default" -namespace "default" \
+    -name "ui-view-all" -rules @ui-view-all.hcl \
+    -description "Allow viewing all resources"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `ui-view-all.hcl`. You must embed the policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "ui-view-all",
+  "Description": "Allow viewing all resources",
+  "Partition": "default",
+  "Namespace": "default",
+  "Rules": "operator = \"read\"\npartition_prefix \"\" {\n  namespace_prefix \"\" {\n    acl = \"read\"\n    key_prefix \"\" {\n      policy = \"read\"\n    }\n    node_prefix \"\" {\n      policy = \"read\"\n    }\n    service_prefix \"\" {\n      policy = \"read\"\n      intentions = \"read\"\n    }\n  }\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policies into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+```shell-session
+$ consul acl token create -partition "default" -namespace "default" \
+    -description "UI token to view all resources" \
+    -policy-name "ui-view-all"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+You can specify an admin partition and namespace when creating tokens in Consul Enterprise. The token is only valid in the specified scopes. Because the policy was created in the `default` partition and `default` namespace, the token must also be created in the `default` partition and `default` namespace.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "ui-view-all"
+    }
+  ],
+  "Partition": "default",
+  "Namespace": "default"
+}'
+```
+
+</Tab>
+
+</Tabs>
diff --git a/website/content/docs/security/acl/tokens/create/create-an-agent-token.mdx b/website/content/docs/security/acl/tokens/create/create-an-agent-token.mdx
new file mode 100644
index 000000000000..598db91125f2
--- /dev/null
+++ b/website/content/docs/security/acl/tokens/create/create-an-agent-token.mdx
@@ -0,0 +1,407 @@
+---
+layout: docs
+page_title: Create tokens for agent registration
+description: >-
+  Learn how to create ACL tokens that your Consul agents can present to Consul servers so that they can join the Consul cluster.
+---
+
+# Create an agent token
+
+This topic describes how to create a token that you can use to register an agent into the catalog.
+
+## Introduction
+
+Consul agents must present a token linked to policies that grant the appropriate set of permissions in order to register into the catalog and to discover services and nodes in the catalog.
+
+Specify the [`agent`](/consul/docs/agent/config/config-files#acl_tokens_agent) token to the Consul agent so that it can present the token when it registers into the catalog.
+
+### Node identities versus custom policies
+
+You can create tokens linked to custom policies or to node identities. [Node identities](/consul/docs/security/acl#node-identities) are constructs in Consul that enable you to quickly grant permissions for a group of agents, rather than create similar policies for each agent.
+
+We recommend using a node identity to grant permissions to the agent rather than creating a custom policy. This is because node identities automatically grant the node `node:write` and `service:read` permission.
+
+Your organization may have requirements or processes for deploying services in a way that is inconsistent with service and node identities. In these cases, you can create custom policies and link them to tokens.
+
+## Requirements
+
+Core ACL functionality is available in all versions of Consul.
+
+The agent token must be linked to policies that grant the following permissions:
+
+* `node:write`: Enables the agent to update the catalog.
+* `service:read`: Enables the agent to discover other services in the catalog
+
+@include 'create-token-requirements.mdx'
+
+## Node identity in Consul OSS
+
+Refer to [Node identities](/consul/docs/security/acl#node-identities) for information about node identities that you can link to tokens.
+
+You can manually create tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy or node identity to link to create a token. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates an ACL token linked to a node identity for a node named `node1` in the datacenter `dc1`.
+
+```shell-session
+$ consul acl token create \
+  -description "Agent token for node1" \
+  -node-identity "node1:dc1"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify a node identity in the request body to create a token linked to the node identity. An ACL token linked to a policy with permissions to use the API endpoint is required. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates a token linked to a node identity named `node1`:
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "NodeIdentities": [
+    {
+      "NodeName": "node1",
+      "Datacenter": "dc1"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Node identity in Consul Enterprise
+
+Refer to [Node identities](/consul/docs/security/acl#node-identities) for information about node identities that you can link to tokens.
+
+You can manually create tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy or node identity to link to create a token. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+You can specify an admin partition when creating tokens in Consul Enterprise. The token is only valid in the specified admin partition. The following example creates an ACL token that the agent can use to register in partition `ptn1` in datacenter `dc1`:
+
+```shell-session
+$ consul acl token create -partition "ptn1" \
+  -description "Agent token for node1" \
+  -node-identity "node1:dc1"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify a node identity in the request body to create a token linked to the node identity. An ACL token linked to a policy with permissions to use the API endpoint is required. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+You can specify an admin partition when creating a token in Consul Enterprise. The token is only valid in the specified admin partition. The following example creates an ACL token that the agent can use to register in the partition `ptn1` in datacenter `dc1`:
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "NodeIdentities": [
+    {
+      "NodeName": "node1",
+      "Datacenter": "dc1"
+    }
+  ],
+  "Partition": "ptn1"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Custom policy in Consul OSS
+
+When you are unable to link tokens to a node identity, you can define policies, register them with Consul, and link the policies to tokens that enable nodes to register into the Consul catalog.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants `write` permission for node `node1` so that the Consul agent can register into the catalog. It grants `read` permissions to discover services in the catalog.
+
+<CodeTabs>
+
+```hcl
+node "node1" {
+  policy = "write"
+}
+service_prefix "" {
+  policy = "read"
+}
+```
+
+```json
+{
+  "node": {
+    "node1": [{
+      "policy": "write"
+    }]
+  },
+  "service_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policies, you can register them with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `node1-register.hcl`:
+
+```shell-session
+$ consul acl policy create \
+    -name "node1-register" -rules @node1-register.hcl \
+    -description "Custom policy for node1" \
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `node1-register.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "node1-register",
+  "Description": "Allow node1 to register into the catalog",
+  "Rules": "node \"node1\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"read\"\n}\n"
+}'
+```
+
+Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policies into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates the ACL token linked to the policy `node1-register`.
+
+```shell-session
+$ consul acl token create \
+    -description "Agent token for node1" \
+    -policy-name "node1-register"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates an ACL token that the agent can use to register as node `node1` in the catalog:
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "node1-register"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+
+
+## Custom policy in Consul Enterprise
+
+When you are unable to link tokens to a node identity, you can define policies, register them with Consul, and link the policies to tokens that enable nodes to register into the Consul catalog.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the `write` permission for node `node1` in partition `ptn1` so that the Consul agent can register into the catalog. It grants `read` permissions to discover services in any namespace in the `ptn1` partition.
+
+<CodeTabs>
+
+```hcl
+partition "ptn1" {
+  node "node1" {
+    policy = "write"
+  }
+  namespace_prefix "" {
+    service_prefix "" {
+      policy = "read"
+    }
+  }
+}
+```
+
+```json
+{
+  "partition": {
+    "ptn1": [{
+      "namespace_prefix": {
+        "": [{
+          "service_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          }
+        }]
+      },
+      "node": {
+        "node1": [{
+          "policy": "write"
+        }]
+      }
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policies, you can register them with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `node1-register.hcl`:
+
+```shell-session
+$ consul acl policy create -partition "ptn1" \
+  -name "node1-register" -rules @node1-register.hcl \
+  -description "Custom policy for node1"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `node1-register.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "node1-register",
+  "Description": "Allow node1 to register into the catalog",
+  "Partition": "ptn1",
+  "Rules": "partition \"ptn1\" {\n  node \"node1\" {\n    policy = \"write\"\n  }\n  namespace_prefix \"\" {\n    service_prefix \"\" {\n      policy = \"read\"\n    }\n  }\n}\n"
+}'
+```
+
+Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policies into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+```shell-session
+$ consul acl token create -partition "ptn1" \
+    -description "Agent token for node1" \
+    -policy-name "node1-register"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+You can specify an admin partition when creating tokens in Consul Enterprise. The token is only valid in the specified admin partition. The following example creates an ACL token that the agent can use to register as the node `node1` in the partition `ptn1`:
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "node1-register"
+    }
+  ],
+  "Partition": "ptn1"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Apply the token
+
+Configure the Consul agent to present the token by either specifying the token in the agent configuration file or by using the `consul set-agent-token` command.
+
+### Apply the token in a file
+
+Specify the token in the [`acl.token.agent`](/consul/docs/agent/config/config-files#acl_tokens_agent) field of the agent configuration file so that the agent can present it and register into the catalog on startup.
+
+```hcl
+acl = {
+  enabled = true
+  tokens = {
+    agent = "<token>"
+    ...
+  }
+  ...
+}
+```
+
+### Apply the token with a command
+
+Set the `agent` token using the [`consul set-agent-token`](/consul/commands/acl/set-agent-token) command. The following command configures a running Consul agent token with the specified token.
+
+```shell-session
+consul acl set-agent-token agent <acl-token-secret-id>
+```
diff --git a/website/content/docs/security/acl/tokens/create/create-an-ingress-gateway-token.mdx b/website/content/docs/security/acl/tokens/create/create-an-ingress-gateway-token.mdx
new file mode 100644
index 000000000000..65e01369966a
--- /dev/null
+++ b/website/content/docs/security/acl/tokens/create/create-an-ingress-gateway-token.mdx
@@ -0,0 +1,326 @@
+---
+layout: docs
+page_title: Create a token for ingress gateway registration
+description: >-
+  Learn how to create ACL tokens that your ingress gateway can present to Consul servers so that they can register with the Consul catalog.
+---
+
+# Create an ingress gateway token
+
+This topic describes how to create a token to enable an ingress gateway to register.
+
+## Introduction
+
+Gateways must present a token linked to policies that grant the appropriate set of permissions in order to register into the catalog and to route to other services in a mesh.
+
+## Requirements
+
+Core ACL functionality is available in all versions of Consul.
+
+The ingress gateway token must be linked to policies that grant the following permissions:
+
+* `service:write` to allow the ingress gateway to register into the catalog
+* `service:read` for all services and `node:read` for all nodes in order to discover and route to services
+* `agent:read` to enable the `consul connect envoy` CLI command to automatically discover gRPC settings from the Consul agent. If this command is not used to start the gateway or if the Consul agent uses the default gRPC settings, then you can omit the `agent:read` permission.
+
+@include 'create-token-requirements.mdx'
+
+## Consul OSS
+
+To create a token for the ingress gateway, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the ingress gateway the appropriate permissions to register as a service named `ingress-gateway` and to operate as an ingress gateway.
+
+<CodeTabs>
+
+```hcl
+service "ingress-gateway" {
+  policy = "write"
+}
+node_prefix "" {
+  policy = "read"
+}
+service_prefix "" {
+  policy = "read"
+}
+agent_prefix "" {
+  policy = "read"
+}
+```
+
+```json
+{
+  "agent_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "node_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "service": {
+    "ingress-gateway": [{
+      "policy": "write"
+    }]
+  },
+  "service_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+The following commands create the ACL policy and token.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `igw-register.hcl`:
+
+```shell-session
+$ consul acl policy create \
+    -name "igw-register" -rules @igw-register.hcl \
+    -description "Ingress gateway policy"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `igw-register.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "igw-register",
+  "Description": "Ingress gateway policy",
+  "Rules": "service \"ingress-gateway\" {\n  policy = \"write\"\n}\nnode_prefix \"\" {\n  policy = \"read\"\n}\nservice_prefix \"\" {\n  policy = \"read\"\n}\nagent_prefix \"\" {\n  policy = \"read\"\n}\n"
+}'
+```
+
+Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates the ACL token linked to the policy `igw-register`.
+
+```shell-session
+$ consul acl token create \
+    -description "Ingress gateway token" \
+    -policy-name "igw-register"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "igw-register"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Consul Enterprise
+
+To create a token for the ingress gateway, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+You can specify an admin partition and namespace when creating policies in Consul Enterprise. The policy is only valid in the specified scopes.
+
+The following example policy is defined in a file. The policy allows an ingress gateway to register as a service named `ingress-gateway` in the `ptn1` partition and `ns1` namespace. The policy contains permissions for resources in multiple namespaces. You must create ACL policies that grant permissions for multiple namespaces in the `default` namespace.
+
+<CodeTabs>
+
+```hcl
+partition "ptn1" {
+  namespace "ns1" {
+    service "ingress-gateway" {
+      policy = "write"
+    }
+    node_prefix "" {
+      policy = "read"
+    }
+    service_prefix "" {
+      policy = "read"
+    }
+  }
+  namespace "default" {
+    agent_prefix "" {
+      policy = "read"
+    }
+  }
+}
+```
+
+```json
+{
+  "partition": {
+    "ptn1": [{
+      "namespace": {
+        "default": [{
+          "agent_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          }
+        }],
+        "ns1": [{
+          "node_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          },
+          "service": {
+            "ingress-gateway": [{
+              "policy": "write"
+            }]
+          },
+          "service_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          }
+        }]
+      }
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+The following commands create the ACL policy and token.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. The following example registers a policy defined in `igw-register.hcl`:
+
+You can specify an admin partition and namespace when creating policies in Consul Enterprise. The policy is only valid in the specified admin partition and namespace. The following example creates the policy in the `default` namespace in the `ptn1` partition. The example policy contains permissions for resources in multiple namespaces. You must create ACL policies that grant permissions for multiple namespaces in the `default` namespace.
+
+```shell-session
+$ consul acl policy create -partition "ptn1" -namespace "default" \
+  -name "igw-register" -rules @igw-register.hcl \
+  -description "Ingress gateway policy"
+```
+
+Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. The following example registers the policy defined in `igw-register.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+You can specify an admin partition and namespace when creating tokens in Consul Enterprise. The token is only valid in the specified admin partition and namespace. The following example creates the token in the partition `ptn1` and namespace `ns1`. The example policy contains permissions for resources in multiple namespaces. You must create ACL policies that grant permissions for multiple namespaces in the `default` namespace.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "igw-register",
+  "Description": "Ingress gateway policy",
+  "Partition": "ptn1",
+  "Namespace": "default",
+  "Rules": "partition \"ptn1\" {\n  namespace \"ns1\" {\n    service \"ingress-gateway\" {\n      policy = \"write\"\n    }\n    node_prefix \"\" {\n      policy = \"read\"\n    }\n    service_prefix \"\" {\n      policy = \"read\"\n    }\n  }\n  namespace \"default\" {\n    agent_prefix \"\" {\n      policy = \"read\"\n    }\n  }\n}\n"
+}'
+```
+
+Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+You can specify an admin partition and namespace when creating tokens in Consul Enterprise. The token is only valid in the specified admin partition and namespace. The following example creates the token in the partition `ptn1` and namespace `default`. The example policy contains permissions for resources in multiple namespaces. You must create ACL tokens linked to policies that grant permissions for multiple namespaces in the `default` namespace.
+
+```shell-session
+$ consul acl token create -partition "ptn1" -namespace "default" \
+    -description "Ingress gateway token" \
+    -policy-name "igw-register"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+You can specify an admin partition when creating tokens in Consul Enterprise. The token is only valid in the specified admin partition. You must create the token in the partition where the ingress gateway is registered. The following example creates the token in the partition `ptn1` and namespace `default`.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "igw-register"
+    }
+  ],
+  "Partition": "ptn1",
+  "Namespace": "default"
+}'
+```
+
+</Tab>
+
+</Tabs>
diff --git a/website/content/docs/security/acl/acl-tokens.mdx b/website/content/docs/security/acl/tokens/index.mdx
similarity index 100%
rename from website/content/docs/security/acl/acl-tokens.mdx
rename to website/content/docs/security/acl/tokens/index.mdx
diff --git a/website/content/partials/create-token-auth-methods.mdx b/website/content/partials/create-token-auth-methods.mdx
new file mode 100644
index 000000000000..912870728503
--- /dev/null
+++ b/website/content/partials/create-token-auth-methods.mdx
@@ -0,0 +1,3 @@
+### Auth methods
+
+Auth methods are components that perform authentication against a trusted external party to authorize the creation of ACL tokens for use within the local datacenter. Refer to the [auth methods documentation](/consul/docs/security/acl/auth-methods) for details about how to leverage auth methods in your network.
diff --git a/website/content/partials/create-token-requirements.mdx b/website/content/partials/create-token-requirements.mdx
new file mode 100644
index 000000000000..bf4742719e8d
--- /dev/null
+++ b/website/content/partials/create-token-requirements.mdx
@@ -0,0 +1,22 @@
+### Authentication
+
+You must provide an ACL token linked to a policy with `acl:write` permissions to create and modify ACL tokens and policies using the CLI or API.
+
+You can provide the token manually using the `-token` option on the command line, but we recommend setting the `CONSUL_HTTP_TOKEN` environment variable to simplify your workflow:
+
+```shell-session
+$ export CONSUL_HTTP_TOKEN=<acl-token-secret-id>
+```
+
+The Consul CLI automatically reads the `CONSUL_HTTP_TOKEN` environment variable so that you do not have to pass the token to every Consul CLI command.
+
+To authenticate calls to the Consul HTTP API, you must provide the token in the `X-Consul-Token` header for each call:
+
+```shell-session
+$ curl --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" ...
+```
+
+To learn about alternative ways to authenticate, refer to the following documentation:
+
+* [CLI Authentication](/consul/commands#authentication)
+* [API Authentication](/consul/api-docs/api-structure#authentication)
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 0ba3a63149e0..ed0d2ac2decd 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -895,7 +895,41 @@
           },
           {
             "title": "Tokens",
-            "path": "security/acl/acl-tokens"
+            "routes": [
+              {
+                "title": "Overview",
+                "path": "security/acl/tokens"
+              },
+              {
+                "title": "Create ACL Tokens",
+                "routes": [
+                  {
+                    "title": "Create a service token",
+                    "path": "security/acl/tokens/create/create-a-service-token"
+                  },
+                  {
+                    "title": "Create an agent token",
+                    "path": "security/acl/tokens/create/create-an-agent-token"
+                  },
+                  {
+                    "title": "Create a UI token",
+                    "path": "security/acl/tokens/create/create-a-ui-token"
+                  },
+                  {
+                    "title": "Create a mesh gateway token",
+                    "path": "security/acl/tokens/create/create-a-mesh-gateway-token"
+                  },
+                  {
+                    "title": "Create an ingress gateway token",
+                    "path": "security/acl/tokens/create/create-an-ingress-gateway-token"
+                  },
+                  {
+                    "title": "Create a terminating gateway token",
+                    "path": "security/acl/tokens/create/create-a-terminating-gateway-token"
+                  }
+                ]
+              }
+            ]
           },
           {
             "title": "Policies",

From fa406548854a6c4cbbe3b475d2b1334a830bb0a8 Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Wed, 14 Jun 2023 20:42:50 +0530
Subject: [PATCH 047/359] [NET-3865] [Supportability] Additional Information in
 the output of 'consul operator raft list-peers' (#17582)

* init

* fix tests

* added -detailed in docs

* added change log

* fix doc

* checking for entry in map

* fix tests

* removed detailed flag

* removed detailed flag

* revert unwanted changes

* removed unwanted changes

* updated change log

* pr review comment changes

* pr comment changes single API instead of two

* fix change log

* fix tests

* fix tests

* fix test operator raft endpoint test

* Update .changelog/17582.txt

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* nits

* updated docs

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
---
 .changelog/17582.txt                          |  3 ++
 agent/consul/operator_raft_endpoint.go        |  7 ++++
 agent/consul/operator_raft_endpoint_test.go   | 13 +++++++
 agent/structs/operator.go                     |  3 ++
 api/operator_raft.go                          |  3 ++
 .../raft/listpeers/operator_raft_list.go      | 34 +++++++++++++++++--
 .../raft/listpeers/operator_raft_list_test.go |  2 +-
 website/content/commands/operator/raft.mdx    | 10 +++---
 8 files changed, 66 insertions(+), 9 deletions(-)
 create mode 100644 .changelog/17582.txt

diff --git a/.changelog/17582.txt b/.changelog/17582.txt
new file mode 100644
index 000000000000..122b9df98116
--- /dev/null
+++ b/.changelog/17582.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+cli: `consul operator raft list-peers` command shows the number of commits each follower is trailing the leader by to aid in troubleshooting.
+```
diff --git a/agent/consul/operator_raft_endpoint.go b/agent/consul/operator_raft_endpoint.go
index f619b611f7da..7b0bcbc5cc03 100644
--- a/agent/consul/operator_raft_endpoint.go
+++ b/agent/consul/operator_raft_endpoint.go
@@ -48,6 +48,12 @@ func (op *Operator) RaftGetConfiguration(args *structs.DCSpecificRequest, reply
 		serverMap[raft.ServerAddress(addr)] = member
 	}
 
+	serverIDLastIndexMap := make(map[raft.ServerID]uint64)
+
+	for _, serverState := range op.srv.autopilot.GetState().Servers {
+		serverIDLastIndexMap[serverState.Server.ID] = serverState.Stats.LastIndex
+	}
+
 	// Fill out the reply.
 	leader := op.srv.raft.Leader()
 	reply.Index = future.Index()
@@ -66,6 +72,7 @@ func (op *Operator) RaftGetConfiguration(args *structs.DCSpecificRequest, reply
 			Leader:          server.Address == leader,
 			Voter:           server.Suffrage == raft.Voter,
 			ProtocolVersion: raftProtocolVersion,
+			LastIndex:       serverIDLastIndexMap[server.ID],
 		}
 		reply.Servers = append(reply.Servers, entry)
 	}
diff --git a/agent/consul/operator_raft_endpoint_test.go b/agent/consul/operator_raft_endpoint_test.go
index 7ce5b6e946c8..7242c40e6c45 100644
--- a/agent/consul/operator_raft_endpoint_test.go
+++ b/agent/consul/operator_raft_endpoint_test.go
@@ -50,6 +50,13 @@ func TestOperator_RaftGetConfiguration(t *testing.T) {
 	if len(future.Configuration().Servers) != 1 {
 		t.Fatalf("bad: %v", future.Configuration().Servers)
 	}
+
+	serverIDLastIndexMap := make(map[raft.ServerID]uint64)
+
+	for _, serverState := range s1.autopilot.GetState().Servers {
+		serverIDLastIndexMap[serverState.Server.ID] = serverState.Stats.LastIndex
+	}
+
 	me := future.Configuration().Servers[0]
 	expected := structs.RaftConfigurationResponse{
 		Servers: []*structs.RaftServer{
@@ -60,6 +67,7 @@ func TestOperator_RaftGetConfiguration(t *testing.T) {
 				Leader:          true,
 				Voter:           true,
 				ProtocolVersion: "3",
+				LastIndex:       serverIDLastIndexMap[me.ID],
 			},
 		},
 		Index: future.Index(),
@@ -113,6 +121,10 @@ func TestOperator_RaftGetConfiguration_ACLDeny(t *testing.T) {
 	if len(future.Configuration().Servers) != 1 {
 		t.Fatalf("bad: %v", future.Configuration().Servers)
 	}
+	serverIDLastIndexMap := make(map[raft.ServerID]uint64)
+	for _, serverState := range s1.autopilot.GetState().Servers {
+		serverIDLastIndexMap[serverState.Server.ID] = serverState.Stats.LastIndex
+	}
 	me := future.Configuration().Servers[0]
 	expected := structs.RaftConfigurationResponse{
 		Servers: []*structs.RaftServer{
@@ -123,6 +135,7 @@ func TestOperator_RaftGetConfiguration_ACLDeny(t *testing.T) {
 				Leader:          true,
 				Voter:           true,
 				ProtocolVersion: "3",
+				LastIndex:       serverIDLastIndexMap[me.ID],
 			},
 		},
 		Index: future.Index(),
diff --git a/agent/structs/operator.go b/agent/structs/operator.go
index f5c2b8ac86df..05862861e3f8 100644
--- a/agent/structs/operator.go
+++ b/agent/structs/operator.go
@@ -34,6 +34,9 @@ type RaftServer struct {
 	// it's a non-voting server, which will be added in a future release of
 	// Consul.
 	Voter bool
+
+	// LastIndex is the last log index this server has a record of in its Raft log.
+	LastIndex uint64
 }
 
 // RaftConfigurationResponse is returned when querying for the current Raft
diff --git a/api/operator_raft.go b/api/operator_raft.go
index 393d6fb3c5f7..d72c00c97b93 100644
--- a/api/operator_raft.go
+++ b/api/operator_raft.go
@@ -28,6 +28,9 @@ type RaftServer struct {
 	// it's a non-voting server, which will be added in a future release of
 	// Consul.
 	Voter bool
+
+	// LastIndex is the last log index this server has a record of in its Raft log.
+	LastIndex uint64
 }
 
 // RaftConfiguration is returned when querying for the current Raft configuration.
diff --git a/command/operator/raft/listpeers/operator_raft_list.go b/command/operator/raft/listpeers/operator_raft_list.go
index 47bd161fed48..29643a87cf33 100644
--- a/command/operator/raft/listpeers/operator_raft_list.go
+++ b/command/operator/raft/listpeers/operator_raft_list.go
@@ -70,8 +70,24 @@ func raftListPeers(client *api.Client, stale bool) (string, error) {
 		return "", fmt.Errorf("Failed to retrieve raft configuration: %v", err)
 	}
 
+	leaderLastCommitIndex := uint64(0)
+	serverIdLastIndexMap := make(map[string]uint64)
+
+	for _, raftServer := range reply.Servers {
+		serverIdLastIndexMap[raftServer.ID] = raftServer.LastIndex
+	}
+
+	for _, s := range reply.Servers {
+		if s.Leader {
+			lastIndex, ok := serverIdLastIndexMap[s.ID]
+			if ok {
+				leaderLastCommitIndex = lastIndex
+			}
+		}
+	}
+
 	// Format it as a nice table.
-	result := []string{"Node\x1fID\x1fAddress\x1fState\x1fVoter\x1fRaftProtocol"}
+	result := []string{"Node\x1fID\x1fAddress\x1fState\x1fVoter\x1fRaftProtocol\x1fCommit Index\x1fTrails Leader By"}
 	for _, s := range reply.Servers {
 		raftProtocol := s.ProtocolVersion
 
@@ -82,8 +98,20 @@ func raftListPeers(client *api.Client, stale bool) (string, error) {
 		if s.Leader {
 			state = "leader"
 		}
-		result = append(result, fmt.Sprintf("%s\x1f%s\x1f%s\x1f%s\x1f%v\x1f%s",
-			s.Node, s.ID, s.Address, state, s.Voter, raftProtocol))
+
+		trailsLeaderByText := "-"
+		serverLastIndex, ok := serverIdLastIndexMap[s.ID]
+		if ok {
+			trailsLeaderBy := leaderLastCommitIndex - serverLastIndex
+			trailsLeaderByText = fmt.Sprintf("%d commits", trailsLeaderBy)
+			if s.Leader {
+				trailsLeaderByText = "-"
+			} else if trailsLeaderBy == 1 {
+				trailsLeaderByText = fmt.Sprintf("%d commit", trailsLeaderBy)
+			}
+		}
+		result = append(result, fmt.Sprintf("%s\x1f%s\x1f%s\x1f%s\x1f%v\x1f%s\x1f%v\x1f%s",
+			s.Node, s.ID, s.Address, state, s.Voter, raftProtocol, serverLastIndex, trailsLeaderByText))
 	}
 
 	return columnize.Format(result, &columnize.Config{Delim: string([]byte{0x1f})}), nil
diff --git a/command/operator/raft/listpeers/operator_raft_list_test.go b/command/operator/raft/listpeers/operator_raft_list_test.go
index 15bd1bfbe34f..0694e0dd1046 100644
--- a/command/operator/raft/listpeers/operator_raft_list_test.go
+++ b/command/operator/raft/listpeers/operator_raft_list_test.go
@@ -28,7 +28,7 @@ func TestOperatorRaftListPeersCommand(t *testing.T) {
 	a := agent.NewTestAgent(t, ``)
 	defer a.Shutdown()
 
-	expected := fmt.Sprintf("%s  %s  127.0.0.1:%d  leader  true   3",
+	expected := fmt.Sprintf("%s  %s  127.0.0.1:%d  leader  true   3             1             -",
 		a.Config.NodeName, a.Config.NodeID, a.Config.ServerPort)
 
 	// Test the list-peers subcommand directly
diff --git a/website/content/commands/operator/raft.mdx b/website/content/commands/operator/raft.mdx
index 857a9ee1ac12..25dea30ba62f 100644
--- a/website/content/commands/operator/raft.mdx
+++ b/website/content/commands/operator/raft.mdx
@@ -46,10 +46,10 @@ Usage: `consul operator raft list-peers -stale=[true|false]`
 The output looks like this:
 
 ```text
-Node     ID              Address         State     Voter  RaftProtocol
-alice    127.0.0.1:8300  127.0.0.1:8300  follower  true   2
-bob      127.0.0.2:8300  127.0.0.2:8300  leader    true   3
-carol    127.0.0.3:8300  127.0.0.3:8300  follower  true   2
+Node     ID              Address         State     Voter  RaftProtocol  Commit Index Trails Leader By
+alice    127.0.0.1:8300  127.0.0.1:8300  follower  true   2             1167         0 commits
+bob      127.0.0.2:8300  127.0.0.2:8300  leader    true   3             1167         -
+carol    127.0.0.3:8300  127.0.0.3:8300  follower  true   2             1159         8 commits
 ```
 
 `Node` is the node name of the server, as known to Consul, or "(unknown)" if
@@ -70,7 +70,7 @@ configuration.
 
 - `-stale` - Enables non-leader servers to provide cluster state information.
   If the cluster is in an outage state without a leader,
-  we recommend setting this option to `true.
+  we recommend setting this option to `true`.
   Default is `false`.
 
 ## remove-peer

From 9289e680d6dfc91996135ef35855c5d69861675d Mon Sep 17 00:00:00 2001
From: Chris Thain <32781396+cthain@users.noreply.github.com>
Date: Wed, 14 Jun 2023 10:04:40 -0700
Subject: [PATCH 048/359] OSS merge: Update error handling login when applying
 extensions (#17740)

---
 agent/xds/delta.go | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/agent/xds/delta.go b/agent/xds/delta.go
index 5e4cf702090a..f84b633a852b 100644
--- a/agent/xds/delta.go
+++ b/agent/xds/delta.go
@@ -492,6 +492,7 @@ func applyEnvoyExtension(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot,
 	extender, err := envoyextensions.ConstructExtension(ext)
 	metrics.MeasureSinceWithLabels([]string{"envoy_extension", "validate_arguments"}, now, getMetricLabels(err))
 	if err != nil {
+		errorParams = append(errorParams, "error", err)
 		logFn("failed to construct extension", errorParams...)
 
 		if ext.Required {
@@ -507,6 +508,7 @@ func applyEnvoyExtension(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot,
 	if err != nil {
 		errorParams = append(errorParams, "error", err)
 		logFn("failed to validate extension arguments", errorParams...)
+
 		if ext.Required {
 			return status.Errorf(codes.InvalidArgument, "failed to validate arguments for extension %q for service %q", ext.Name, svc.Name)
 		}
@@ -517,9 +519,13 @@ func applyEnvoyExtension(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot,
 	now = time.Now()
 	_, err = extender.Extend(resources, &runtimeConfig)
 	metrics.MeasureSinceWithLabels([]string{"envoy_extension", "extend"}, now, getMetricLabels(err))
-	logFn("failed to apply envoy extension", errorParams...)
-	if err != nil && ext.Required {
-		return status.Errorf(codes.InvalidArgument, "failed to patch xDS resources in the %q extension: %v", ext.Name, err)
+	if err != nil {
+		errorParams = append(errorParams, "error", err)
+		logFn("failed to apply envoy extension", errorParams...)
+
+		if ext.Required {
+			return status.Errorf(codes.InvalidArgument, "failed to patch xDS resources in the %q extension: %v", ext.Name, err)
+		}
 	}
 
 	return nil

From abb05deeed7301ac802b66acee5b0b5f58dc8809 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jun 2023 17:39:48 +0000
Subject: [PATCH 049/359] Bump atlassian/gajira-transition from 3.0.0 to 3.0.1
 (#17741)

Bumps [atlassian/gajira-transition](https://github.com/atlassian/gajira-transition) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/atlassian/gajira-transition/releases)
- [Commits](https://github.com/atlassian/gajira-transition/compare/4749176faf14633954d72af7a44d7f2af01cc92b...38fc9cd61b03d6a53dd35fcccda172fe04b36de3)

---
updated-dependencies:
- dependency-name: atlassian/gajira-transition
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/jira-issues.yaml | 4 ++--
 .github/workflows/jira-pr.yaml     | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/jira-issues.yaml b/.github/workflows/jira-issues.yaml
index c136dfd69a78..6e9b2b9e959b 100644
--- a/.github/workflows/jira-issues.yaml
+++ b/.github/workflows/jira-issues.yaml
@@ -91,14 +91,14 @@ jobs:
 
       - name: Close ticket
         if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
+        uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "Closed"
 
       - name: Reopen ticket
         if: github.event.action == 'reopened' && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
+        uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "To Do"
diff --git a/.github/workflows/jira-pr.yaml b/.github/workflows/jira-pr.yaml
index f63f7af53162..e18559a022b3 100644
--- a/.github/workflows/jira-pr.yaml
+++ b/.github/workflows/jira-pr.yaml
@@ -105,14 +105,14 @@ jobs:
 
       - name: Close ticket
         if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
+        uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "Closed"
 
       - name: Reopen ticket
         if: github.event.action == 'reopened' && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
+        uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "To Do"

From 7ab287c1d5f83c1ea2f891aae04674c93b829161 Mon Sep 17 00:00:00 2001
From: chappie <6537530+chapmanc@users.noreply.github.com>
Date: Wed, 14 Jun 2023 11:17:13 -0700
Subject: [PATCH 050/359] Add truncation to body (#17723)

---
 agent/hcp/client/metrics_client.go      | 16 +++++-
 agent/hcp/client/metrics_client_test.go | 67 +++++++++++++++++++++++--
 2 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/agent/hcp/client/metrics_client.go b/agent/hcp/client/metrics_client.go
index 7e19c9857a97..b58b28f21dc4 100644
--- a/agent/hcp/client/metrics_client.go
+++ b/agent/hcp/client/metrics_client.go
@@ -32,6 +32,10 @@ const (
 	// defaultRetryMax is set to 0 to turn off retry functionality, until dynamic configuration is possible.
 	// This is to circumvent any spikes in load that may cause or exacerbate server-side issues for now.
 	defaultRetryMax = 0
+
+	// defaultErrRespBodyLength refers to the max character length of the body on a failure to export metrics.
+	// anything beyond we will truncate.
+	defaultErrRespBodyLength = 100
 )
 
 // MetricsClient exports Consul metrics in OTLP format to the HCP Telemetry Gateway.
@@ -150,8 +154,18 @@ func (o *otlpClient) ExportMetrics(ctx context.Context, protoMetrics *metricpb.R
 	}
 
 	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("failed to export metrics: code %d: %s", resp.StatusCode, string(body))
+		truncatedBody := truncate(respData.String(), defaultErrRespBodyLength)
+		return fmt.Errorf("failed to export metrics: code %d: %s", resp.StatusCode, truncatedBody)
 	}
 
 	return nil
 }
+
+func truncate(text string, width uint) string {
+	if len(text) <= int(width) {
+		return text
+	}
+	r := []rune(text)
+	trunc := r[:width]
+	return string(trunc) + "..."
+}
diff --git a/agent/hcp/client/metrics_client_test.go b/agent/hcp/client/metrics_client_test.go
index e80996fcf5eb..153ba536da79 100644
--- a/agent/hcp/client/metrics_client_test.go
+++ b/agent/hcp/client/metrics_client_test.go
@@ -3,6 +3,7 @@ package client
 import (
 	"context"
 	"fmt"
+	"math/rand"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -64,10 +65,21 @@ func TestNewMetricsClient(t *testing.T) {
 	}
 }
 
+var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZäöüÄÖÜ世界")
+
+func randStringRunes(n int) string {
+	b := make([]rune, n)
+	for i := range b {
+		b[i] = letterRunes[rand.Intn(len(letterRunes))]
+	}
+	return string(b)
+}
+
 func TestExportMetrics(t *testing.T) {
 	for name, test := range map[string]struct {
-		wantErr string
-		status  int
+		wantErr        string
+		status         int
+		largeBodyError bool
 	}{
 		"success": {
 			status: http.StatusOK,
@@ -76,8 +88,14 @@ func TestExportMetrics(t *testing.T) {
 			status:  http.StatusBadRequest,
 			wantErr: "failed to export metrics: code 400",
 		},
+		"failsWithNonRetryableErrorWithLongError": {
+			status:         http.StatusBadRequest,
+			wantErr:        "failed to export metrics: code 400",
+			largeBodyError: true,
+		},
 	} {
 		t.Run(name, func(t *testing.T) {
+			randomBody := randStringRunes(1000)
 			srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 				require.Equal(t, r.Header.Get("content-type"), "application/x-protobuf")
 				require.Equal(t, r.Header.Get("x-hcp-resource-id"), testResourceID)
@@ -91,7 +109,12 @@ func TestExportMetrics(t *testing.T) {
 
 				w.Header().Set("Content-Type", "application/x-protobuf")
 				w.WriteHeader(test.status)
-				w.Write(bytes)
+				if test.largeBodyError {
+					w.Write([]byte(randomBody))
+				} else {
+					w.Write(bytes)
+				}
+
 			}))
 			defer srv.Close()
 
@@ -105,6 +128,10 @@ func TestExportMetrics(t *testing.T) {
 			if test.wantErr != "" {
 				require.Error(t, err)
 				require.Contains(t, err.Error(), test.wantErr)
+				if test.largeBodyError {
+					truncatedBody := truncate(randomBody, defaultErrRespBodyLength)
+					require.Contains(t, err.Error(), truncatedBody)
+				}
 				return
 			}
 
@@ -112,3 +139,37 @@ func TestExportMetrics(t *testing.T) {
 		})
 	}
 }
+
+func TestTruncate(t *testing.T) {
+	for name, tc := range map[string]struct {
+		body         string
+		expectedSize int
+	}{
+		"ZeroSize": {
+			body:         "",
+			expectedSize: 0,
+		},
+		"LessThanSize": {
+			body:         "foobar",
+			expectedSize: 6,
+		},
+		"defaultSize": {
+			body:         "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis vel tincidunt nunc, sed tristique risu",
+			expectedSize: 100,
+		},
+		"greaterThanSize": {
+			body:         "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis vel tincidunt nunc, sed tristique risus",
+			expectedSize: 103,
+		},
+		"greaterThanSizeWithUnicode": {
+			body:         randStringRunes(1000),
+			expectedSize: 103,
+		},
+	} {
+		t.Run(name, func(t *testing.T) {
+			truncatedBody := truncate(tc.body, defaultErrRespBodyLength)
+			truncatedRunes := []rune(truncatedBody)
+			require.Equal(t, len(truncatedRunes), tc.expectedSize)
+		})
+	}
+}

From a6333471d4bc8ec930868a5c7a3d39bf2fe51c6f Mon Sep 17 00:00:00 2001
From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Date: Wed, 14 Jun 2023 13:46:22 -0700
Subject: [PATCH 051/359] docs: Failover overview minor fix (#17743)

* Incorrect symbol

* Clarification

* slight edit for clarity
---
 website/content/docs/connect/failover/index.mdx | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/website/content/docs/connect/failover/index.mdx b/website/content/docs/connect/failover/index.mdx
index 2d9690644098..a4c51b799731 100644
--- a/website/content/docs/connect/failover/index.mdx
+++ b/website/content/docs/connect/failover/index.mdx
@@ -21,9 +21,11 @@ The following table compares these strategies in deployments with multiple datac
 | Failover Strategy | Supports WAN Federation | Supports Cluster Peering | Multi-Datacenter Failover Strength | Multi-Datacenter Usage Scenario |
 | :---------------: | :---------------------: | :----------------------: | :--------------------------------- | :------------------------------ |
 | `Failover` stanza | &#9989;                 | &#9989;                  | Enables more granular logic for failover targeting | Configuring failover for a single service or service subset, especially for testing or debugging purposes |
-| Prepared query    | &#9989;                 |   &#9989;              | Central policies that can automatically target the nearest datacenter | WAN-federated deployments where a primary datacenter is configured. Prepared queries are not replicated over peer connections. |
+| Prepared query    | &#9989;                 |   &#10060;               | Central policies that can automatically target the nearest datacenter | WAN-federated deployments where a primary datacenter is configured. |
 | Sameness groups   | &#10060;                | &#9989;                  | Group size changes without edits to existing member configurations | Cluster peering deployments with consistently named services and namespaces |
 
+Although cluster peering connections support the [`Failover` field of the prepared query request schema](/consul/api-docs/query#failover) when using Consul's service discovery features to [perform dynamic DNS queries](/consul/docs/services/discovery/dns-dynamic-lookups), they do not support prepared queries for service mesh failover scenarios.
+
 ### Failover configurations for a service mesh with a single datacenter
 
 You can implement a service resolver configuration entry and specify a pool of failover service instances that other services can exchange messages with when the primary service becomes unhealthy or unreachable. We recommend adopting this strategy as a minimum baseline when implementing Consul service mesh and layering additional failover strategies to build resilience into your application network. 
@@ -32,9 +34,9 @@ Refer to the [`Failover` configuration ](/consul/docs/connect/config-entries/ser
 
 ### Failover configuration for WAN-federated datacenters
 
-If your network has multiple Consul datacenters that are WAN-federated, you can configure your applications to look for failover services with prepared queries. [Prepared queries](/consul/api-docs/) are configurations that enable you to define complex service discovery lookups. This strategy hinges on the secondary datacenter containing service instances that have the same name and residing in the same namespace as their counterparts in the primary datacenter. 
+If your network has multiple Consul datacenters that are WAN-federated, you can configure your applications to look for failover services with prepared queries. [Prepared queries](/consul/api-docs/) are configurations that enable you to define complex service discovery lookups. This strategy hinges on the secondary datacenter containing service instances that have the same name and residing in the same namespace as their counterparts in the primary datacenter.
 
-Refer to the [Automate geo-failover with prepared queries tutorial](/consul/tutorials/developer-discovery/automate-geo-failover) for additional information. 
+Refer to the [Automate geo-failover with prepared queries tutorial](/consul/tutorials/developer-discovery/automate-geo-failover) for additional information.
 
 ### Failover configuration for peered clusters and partitions
 

From 37bd0e1b4094b89cbd9e03e23d462db50a67eaca Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Wed, 14 Jun 2023 23:33:48 -0700
Subject: [PATCH 052/359] docs - update Envoy and Dataplane compat matrix
 (#17752)

* Update envoy.mdx

added more detail around default versus other compatible versions
---
 website/content/docs/connect/proxies/envoy.mdx | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx
index e6759113c2c7..bbdda8b82fcd 100644
--- a/website/content/docs/connect/proxies/envoy.mdx
+++ b/website/content/docs/connect/proxies/envoy.mdx
@@ -39,18 +39,19 @@ Consul supports **four major Envoy releases** at the beginning of each major Con
 
 | Consul Version      | Compatible Envoy Versions                                                          |
 | ------------------- | -----------------------------------------------------------------------------------|
+| 1.16.x              | 1.26.2, 1.25.7, 1.24.8, 1.23.10                                                    |
 | 1.15.x              | 1.25.6, 1.24.7, 1.23.9, 1.22.11                                                    |
 | 1.14.x              | 1.24.0, 1.23.1, 1.22.5, 1.21.5                                                     |
-| 1.13.x              | 1.23.1, 1.22.5, 1.21.5, 1.20.7                                                     |
 
 ### Envoy and Consul Dataplane
 
 The Consul dataplane component was introduced in Consul v1.14 as a way to manage Envoy proxies without the use of Consul clients. Each new minor version of Consul is released with a new minor version of Consul dataplane, which packages both Envoy and the `consul-dataplane` binary in a single container image. For backwards compatability reasons, each new minor version of Consul will also support the previous minor version of Consul dataplane to allow for seamless upgrades. In addition, each minor version of Consul will support the next minor version of Consul dataplane to allow for extended dataplane support via newer versions of Envoy.
 
-| Consul Version      | Consul Dataplane Version (Bundled Envoy Version)  |
-| ------------------- | ------------------------------------------------- |
-| 1.15.x              | 1.1.x (Envoy 1.25.x), 1.0.x (Envoy 1.24.x)        |
-| 1.14.x              | 1.1.x (Envoy 1.25.x), 1.0.x (Envoy 1.24.x)        |
+| Consul Version      | Default `consul-dataplane` Version                          | Other compatible `consul-dataplane` Versions | 
+| ------------------- | ------------------------------------------------------------|----------------------------------------------|
+| 1.16.x              | 1.2.x (Envoy 1.26.x)                                        | 1.1.x (Envoy 1.25.x)                         |
+| 1.15.x              | 1.1.x (Envoy 1.25.x)                                        | 1.2.x (Envoy 1.26.x), 1.0.x (Envoy 1.24.x)   |
+| 1.14.x              | 1.0.x (Envoy 1.24.x)                                        | 1.1.x (Envoy 1.25.x)                         |
 
 ## Getting Started
 

From 0994ccf162d0d1a858102c460b54b263d799f695 Mon Sep 17 00:00:00 2001
From: Eric Haberkorn <erichaberkorn@gmail.com>
Date: Thu, 15 Jun 2023 10:01:04 -0400
Subject: [PATCH 053/359] validate localities on agent configs and registration
 endpoints (#17712)

---
 agent/config/builder.go       |  4 ++++
 agent/config/runtime_test.go  |  7 ++++++
 agent/structs/structs.go      | 16 +++++++++++++
 agent/structs/structs_test.go | 44 +++++++++++++++++++++++++++++++++++
 4 files changed, 71 insertions(+)

diff --git a/agent/config/builder.go b/agent/config/builder.go
index 665688b8c864..1b79bb0f98e9 100644
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@@ -1290,6 +1290,10 @@ func (b *builder) validate(rt RuntimeConfig) error {
 			"1 and 63 bytes.", rt.NodeName)
 	}
 
+	if err := rt.StructLocality().Validate(); err != nil {
+		return fmt.Errorf("locality is invalid: %s", err)
+	}
+
 	if ipaddr.IsAny(rt.AdvertiseAddrLAN.IP) {
 		return fmt.Errorf("Advertise address cannot be 0.0.0.0, :: or [::]")
 	}
diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go
index c1cd85ac502f..cbc1e904d254 100644
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@@ -1036,6 +1036,13 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			},
 		},
 	})
+	run(t, testCase{
+		desc:        "locality invalid",
+		args:        []string{`-data-dir=` + dataDir},
+		json:        []string{`{"locality": {"zone": "us-west-1a"}}`},
+		hcl:         []string{`locality { zone = "us-west-1a" }`},
+		expectedErr: "locality is invalid: zone cannot be set without region",
+	})
 	run(t, testCase{
 		desc: "client addr and ports == 0",
 		args: []string{`-data-dir=` + dataDir},
diff --git a/agent/structs/structs.go b/agent/structs/structs.go
index b356a31aeaf9..1499c35eb80d 100644
--- a/agent/structs/structs.go
+++ b/agent/structs/structs.go
@@ -1480,6 +1480,10 @@ func (s *NodeService) IsGateway() bool {
 func (s *NodeService) Validate() error {
 	var result error
 
+	if err := s.Locality.Validate(); err != nil {
+		result = multierror.Append(result, err)
+	}
+
 	if s.Kind == ServiceKindConnectProxy {
 		if s.Port == 0 && s.SocketPath == "" {
 			result = multierror.Append(result, fmt.Errorf("Port or SocketPath must be set for a %s", s.Kind))
@@ -3111,3 +3115,15 @@ func (l *Locality) GetRegion() string {
 	}
 	return l.Region
 }
+
+func (l *Locality) Validate() error {
+	if l == nil {
+		return nil
+	}
+
+	if l.Region == "" && l.Zone != "" {
+		return fmt.Errorf("zone cannot be set without region")
+	}
+
+	return nil
+}
diff --git a/agent/structs/structs_test.go b/agent/structs/structs_test.go
index 6d887da9ac77..668f5fb08fae 100644
--- a/agent/structs/structs_test.go
+++ b/agent/structs/structs_test.go
@@ -592,6 +592,43 @@ func TestStructs_ServiceNode_Conversions(t *testing.T) {
 	}
 }
 
+func TestStructs_Locality_Validate(t *testing.T) {
+	type testCase struct {
+		locality *Locality
+		err      string
+	}
+	cases := map[string]testCase{
+		"nil": {
+			nil,
+			"",
+		},
+		"region only": {
+			&Locality{Region: "us-west-1"},
+			"",
+		},
+		"region and zone": {
+			&Locality{Region: "us-west-1", Zone: "us-west-1a"},
+			"",
+		},
+		"zone only": {
+			&Locality{Zone: "us-west-1a"},
+			"zone cannot be set without region",
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			err := tc.locality.Validate()
+			if tc.err == "" {
+				require.NoError(t, err)
+			} else {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), tc.err)
+			}
+		})
+	}
+}
+
 func TestStructs_NodeService_ValidateMeshGateway(t *testing.T) {
 	type testCase struct {
 		Modify func(*NodeService)
@@ -1152,6 +1189,13 @@ func TestStructs_NodeService_ValidateConnectProxy(t *testing.T) {
 			},
 			"",
 		},
+		{
+			"connect-proxy: invalid locality",
+			func(x *NodeService) {
+				x.Locality = &Locality{Zone: "bad"}
+			},
+			"zone cannot be set without region",
+		},
 	}
 
 	for _, tc := range cases {

From fdde92c8c262a77fed53666b6e257e1bc68fe0f3 Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Thu, 15 Jun 2023 20:11:04 +0530
Subject: [PATCH 054/359] Updated docs added explanation. (#17751)

* init

* fix tests

* added -detailed in docs

* added change log

* fix doc

* checking for entry in map

* fix tests

* removed detailed flag

* removed detailed flag

* revert unwanted changes

* removed unwanted changes

* updated change log

* pr review comment changes

* pr comment changes single API instead of two

* fix change log

* fix tests

* fix tests

* fix test operator raft endpoint test

* Update .changelog/17582.txt

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* nits

* updated docs

* explanation added

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
---
 website/content/commands/operator/raft.mdx | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/website/content/commands/operator/raft.mdx b/website/content/commands/operator/raft.mdx
index 25dea30ba62f..3c2d8a1221af 100644
--- a/website/content/commands/operator/raft.mdx
+++ b/website/content/commands/operator/raft.mdx
@@ -66,6 +66,10 @@ Raft configuration.
 `Voter` is "true" or "false", indicating if the server has a vote in the Raft
 configuration.
 
+`Commit Index` is the last log index the server has a record of in its Raft log.
+
+`Trails Leader By` is the difference in commit index the server has from the leader.
+
 #### Command Options
 
 - `-stale` - Enables non-leader servers to provide cluster state information.

From 0e9a0121a5bfd31331aa123b5c00102f242e2966 Mon Sep 17 00:00:00 2001
From: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Date: Thu, 15 Jun 2023 08:59:29 -0700
Subject: [PATCH 055/359] Update index.mdx (#17749)

---
 website/content/docs/k8s/upgrade/index.mdx | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx
index b506e17c11f4..529815df9769 100644
--- a/website/content/docs/k8s/upgrade/index.mdx
+++ b/website/content/docs/k8s/upgrade/index.mdx
@@ -228,15 +228,13 @@ If you upgrade Consul from a version that uses client agents to a version the us
         type: OnDelete
   ```
 
-1. Add `consul.hashicorp.com/consul-k8s-version: 1.0.0` to the annotations for each pod you upgrade.
-
 1. Follow our [recommended procedures to upgrade servers](#upgrade-consul-servers) on Kubernetes deployments to upgrade Helm values for the new version of Consul.
 
 1. Run `kubectl rollout restart` to restart your service mesh applications. Restarting service mesh application causes Kubernetes to re-inject them with the webhook for dataplanes.
 
 1. Restart all gateways in your service mesh.
 
-1. Disable client agents in your Helm chart by deleting the `client` stanza or setting `client.enabled` to `false`.
+1. Disable client agents in your Helm chart by deleting the `client` stanza or setting `client.enabled` to `false` and running a `consul-k8s` or Helm upgrade.
 
 ## Configuring TLS on an existing cluster
 

From 7dec75f8a6c1b679fed44a548b0b67e46b27c220 Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Thu, 15 Jun 2023 09:43:02 -0700
Subject: [PATCH 056/359] added redirects and updated links (#17764)

---
 website/content/docs/connect/gateways/index.mdx            | 2 +-
 .../content/docs/connect/gateways/mesh-gateway/index.mdx   | 2 +-
 .../gateways/mesh-gateway/peering-via-mesh-gateways.mdx    | 6 +++---
 website/content/docs/enterprise/admin-partitions.mdx       | 2 --
 website/content/docs/lambda/invoke-from-lambda.mdx         | 2 +-
 website/redirects.js                                       | 7 +++++++
 6 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/website/content/docs/connect/gateways/index.mdx b/website/content/docs/connect/gateways/index.mdx
index 344b63dd0ad2..b333615c4ed0 100644
--- a/website/content/docs/connect/gateways/index.mdx
+++ b/website/content/docs/connect/gateways/index.mdx
@@ -31,7 +31,7 @@ Mesh gateways enable the following scenarios:
 - **Service-to-service communication across WAN-federated datacenters**. Refer to [Enabling Service-to-service Traffic Across Datacenters](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters) for additional information.
 - **Service-to-service communication across admin partitions**. Since Consul 1.11.0, you can create administrative boundaries for single Consul deployments called "admin partitions". You can use mesh gateways to facilitate cross-partition communication. Refer to [Enabling Service-to-service Traffic Across Admin Partitions](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions) for additional information.
 - **Bridge multiple datacenters using Cluster Peering**. Since Consul 1.14.0, mesh gateways can be used to route peering control-plane traffic between peered Consul Servers. See [Mesh Gateways for Peering Control Plane Traffic](/consul/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways) for more information.
-- **Service-to-service communication across peered datacenters**. Refer to [Mesh Gateways between Peered Clusters](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers) for more information.
+- **Service-to-service communication across peered datacenters**. Refer to [Establish cluster peering connections](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering) for more information.
 
 -> **Mesh gateway tutorial**: Follow the [mesh gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways) to learn concepts associated with mesh gateways.
 
diff --git a/website/content/docs/connect/gateways/mesh-gateway/index.mdx b/website/content/docs/connect/gateways/mesh-gateway/index.mdx
index 89d64b8d1ebe..bcac5555278b 100644
--- a/website/content/docs/connect/gateways/mesh-gateway/index.mdx
+++ b/website/content/docs/connect/gateways/mesh-gateway/index.mdx
@@ -18,7 +18,7 @@ Mesh gateways can be used with any of the following Consul configrations for man
   * [Mesh gateways can be used to route service-to-service traffic between datacenters](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters)
   * [Mesh gateways can be used to route all WAN traffic, including from Consul servers](/consul/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways)
 2. Cluster Peering
-  * [Mesh gateways can be used to route service-to-service traffic between datacenters](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers)
+  * [Mesh gateways can be used to route service-to-service traffic between datacenters](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering)
   * [Mesh gateways can be used to route control-plane traffic from Consul servers](/consul/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways)
 3. Admin Partitions
   * [Mesh gateways can be used to route service-to-service traffic between admin partitions in the same Consul datacenter](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions)
diff --git a/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx b/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx
index b46a18bef2e4..97045649b2ff 100644
--- a/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx
+++ b/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx
@@ -7,7 +7,7 @@ description: >-
 
 # Enabling Peering Control Plane Traffic
 
-In addition to [service-to-service traffic routing](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers),
+In addition to [service-to-service traffic routing](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering),
 we recommend routing control plane traffic between cluster peers through mesh gateways
 to simplfy networking requirements.
 
@@ -59,7 +59,7 @@ For Consul Enterprise clusters, mesh gateways must be registered in the "default
 <Tabs>
 <Tab heading="Consul OSS">
 
-In addition to the [ACL Configuration](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers#acl-configuration) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings. 
+In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings. 
 This access allows the mesh gateway to list all peerings in a Consul cluster and generate unique routing per peered datacenter.
 
 <CodeTabs heading="Example ACL rules for Mesh Gateway Peering Control Plane Traffic in Consul OSS">
@@ -80,7 +80,7 @@ peering = "read"
 
 <Tab heading="Consul Enterprise">
 
-In addition to the [ACL Configuration](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers#acl-configuration) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings in all partitions. 
+In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings in all partitions. 
 This access allows the mesh gateway to list all peerings in a Consul cluster and generate unique routing per peered partition.
 
 <CodeTabs heading="Example ACL rules for Mesh Gateway Peering Control Plane Traffic in Consul Enterprise">
diff --git a/website/content/docs/enterprise/admin-partitions.mdx b/website/content/docs/enterprise/admin-partitions.mdx
index 9be5a70d2e7e..023e38ee31e7 100644
--- a/website/content/docs/enterprise/admin-partitions.mdx
+++ b/website/content/docs/enterprise/admin-partitions.mdx
@@ -67,8 +67,6 @@ You can configure services to be discoverable by downstream services in any part
 
 You can use [cluster peering](/consul/docs/connect/cluster-peering/) between two admin partitions to connect clusters owned by different operators. Without Consul Enterprise, cluster peering is limited to the `default` partitions in each datacenter. Enterprise users can [establish cluster peering connections](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering) between any two admin partitions as long as the partitions are in separate datacenters. It is not possible to establish cluster peering connections between two partitions in a single datacenter.
 
-To use mesh gateways with admin partitions and cluster peering, refer to [Mesh Gateways between Peered Clusters](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers).
-
 ## Requirements
 
 Your Consul configuration must meet the following requirements to use admin partitions.
diff --git a/website/content/docs/lambda/invoke-from-lambda.mdx b/website/content/docs/lambda/invoke-from-lambda.mdx
index 4c29e4b8d9cd..fd0da60776d5 100644
--- a/website/content/docs/lambda/invoke-from-lambda.mdx
+++ b/website/content/docs/lambda/invoke-from-lambda.mdx
@@ -88,7 +88,7 @@ The mesh gateway must be running and registered to the Lambda function’s Consu
 
 - [Mesh Gateways between WAN-Federated Datacenters](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters)
 - [Mesh Gateways between Admin Partitions](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions)
-- [Mesh Gateways between Peered Clusters](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers)
+- [Establish cluster peering connections](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering)
 - [Connect Services Across Datacenters with Mesh Gateways](/consul/tutorials/developer-mesh/service-mesh-gateways) 
 
 ## Deploy the Lambda extension layer
diff --git a/website/redirects.js b/website/redirects.js
index 0468a19c60ca..b9be8b5f2c61 100644
--- a/website/redirects.js
+++ b/website/redirects.js
@@ -53,4 +53,11 @@ module.exports = [
       '/consul/docs/1.16.x/agent/limits/usage/set-global-traffic-rate-limits',
     permanent: true,
   },
+  {
+    source:
+      '/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-peers',
+    destination:
+      '/consul/docs/connect/cluster-peering/usage/establish-cluster-peering',
+    permanent: true,
+  },
 ]

From 8c74a1d33ee121e45491d9dfdc7599b8ca54e2a3 Mon Sep 17 00:00:00 2001
From: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Date: Thu, 15 Jun 2023 11:48:39 -0500
Subject: [PATCH 057/359] Add transparent proxy enhancements changelog (#17757)

---
 .changelog/17757.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/17757.txt

diff --git a/.changelog/17757.txt b/.changelog/17757.txt
new file mode 100644
index 000000000000..e207438cf843
--- /dev/null
+++ b/.changelog/17757.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+connect: Improve transparent proxy support for virtual services and failovers.
+```

From ad0a277e09167bbb938588f2ad41e41d60d1dda7 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Thu, 15 Jun 2023 11:06:23 -0600
Subject: [PATCH 058/359] docs - remove use of consul leave during upgrade
 instructions (#17758)

---
 .../docs/upgrading/instructions/general-process.mdx       | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/website/content/docs/upgrading/instructions/general-process.mdx b/website/content/docs/upgrading/instructions/general-process.mdx
index 84da7327dc03..0c560f71357a 100644
--- a/website/content/docs/upgrading/instructions/general-process.mdx
+++ b/website/content/docs/upgrading/instructions/general-process.mdx
@@ -107,13 +107,7 @@ Take note of which agent is the leader.
 binary with the new one.
 
 **3.** The following steps must be done in order on the server agents, leaving the leader
-agent for last. First force the server agent to leave the cluster with the following command:
-
-```
-consul leave
-```
-
-Then, use a service management system (e.g., systemd, upstart, etc.) to restart the Consul service. If
+agent for last. First, use a service management system (e.g., systemd, upstart, etc.) to restart the Consul service. If
 you are not using a service management system, you must restart the agent manually.
 
 To validate that the agent has rejoined the cluster and is in sync with the leader, issue the

From 04edace1de87f502de64c06c777c92594296fd6b Mon Sep 17 00:00:00 2001
From: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Date: Thu, 15 Jun 2023 12:46:58 -0500
Subject: [PATCH 059/359] Fix issue with streaming service health watches.
 (#17775)

Fix issue with streaming service health watches.

This commit fixes an issue where the health streams were unaware of service
export changes. Whenever an exported-services config entry is modified, it is
effectively an ACL change.

The bug would be triggered by the following situation:

- no services are exported
- an upstream watch to service X is spawned
- the streaming backend filters out data for service X (due to lack of exports)
- service X is finally exported

In the situation above, the streaming backend does not trigger a refresh of its
data.  This means that any events that were supposed to have been received prior
to the export are NOT backfilled, and the watches never see service X spawning.

We currently have decided to not trigger a stream refresh in this situation due
to the potential for a thundering herd effect (touching exports would cause a
re-fetch of all watches for that partition, potentially).  Therefore, a local
blocking-query approach was added by this commit for agentless.

It's also worth noting that the streaming subscription is currently bypassed
most of the time with agentful, because proxycfg has a `req.Source.Node != ""`
which prevents the `streamingEnabled` check from passing.  This means that while
agents should technically have this same issue, they don't experience it with
mesh health watches.

Note that this is a temporary fix that solves the issue for proxycfg, but not
service-discovery use cases.
---
 .changelog/17775.txt                        |   3 +
 agent/agent.go                              |   6 +-
 agent/consul/watch/server_local.go          |  14 +-
 agent/proxycfg-glue/health_blocking.go      | 164 ++++++++++++++++++
 agent/proxycfg-glue/health_blocking_test.go | 183 ++++++++++++++++++++
 5 files changed, 366 insertions(+), 4 deletions(-)
 create mode 100644 .changelog/17775.txt
 create mode 100644 agent/proxycfg-glue/health_blocking.go
 create mode 100644 agent/proxycfg-glue/health_blocking_test.go

diff --git a/.changelog/17775.txt b/.changelog/17775.txt
new file mode 100644
index 000000000000..8060cfa128ce
--- /dev/null
+++ b/.changelog/17775.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect: Fix issue where changes to service exports were not reflected in proxies.
+```
diff --git a/agent/agent.go b/agent/agent.go
index fcf6ce209f11..90bfffc1afe9 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -4555,7 +4555,11 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources {
 		sources.ExportedPeeredServices = proxycfgglue.ServerExportedPeeredServices(deps)
 		sources.FederationStateListMeshGateways = proxycfgglue.ServerFederationStateListMeshGateways(deps)
 		sources.GatewayServices = proxycfgglue.ServerGatewayServices(deps)
-		sources.Health = proxycfgglue.ServerHealth(deps, proxycfgglue.ClientHealth(a.rpcClientHealth))
+		// We do not use this health check currently due to a bug with the way that service exports
+		// interact with ACLs and the streaming backend. See comments in `proxycfgglue.ServerHealthBlocking`
+		// for more details.
+		// sources.Health = proxycfgglue.ServerHealth(deps, proxycfgglue.ClientHealth(a.rpcClientHealth))
+		sources.Health = proxycfgglue.ServerHealthBlocking(deps, proxycfgglue.ClientHealth(a.rpcClientHealth), server.FSM().State())
 		sources.HTTPChecks = proxycfgglue.ServerHTTPChecks(deps, a.config.NodeName, proxycfgglue.CacheHTTPChecks(a.cache), a.State)
 		sources.Intentions = proxycfgglue.ServerIntentions(deps)
 		sources.IntentionUpstreams = proxycfgglue.ServerIntentionUpstreams(deps)
diff --git a/agent/consul/watch/server_local.go b/agent/consul/watch/server_local.go
index f407d2c1648f..5937ba1c6a10 100644
--- a/agent/consul/watch/server_local.go
+++ b/agent/consul/watch/server_local.go
@@ -16,8 +16,9 @@ import (
 )
 
 var (
-	ErrorNotFound   = errors.New("no data found for query")
-	ErrorNotChanged = errors.New("data did not change for query")
+	ErrorNotFound     = errors.New("no data found for query")
+	ErrorNotChanged   = errors.New("data did not change for query")
+	ErrorACLResetData = errors.New("an acl update forced a state reset")
 
 	errNilContext  = errors.New("cannot call ServerLocalNotify with a nil context")
 	errNilGetStore = errors.New("cannot call ServerLocalNotify without a callback to get a StateStore")
@@ -320,8 +321,15 @@ func serverLocalNotifyRoutine[ResultType any, StoreType StateStore](
 			return
 		}
 
+		// An ACL reset error can be raised so that the index greater-than check is
+		// bypassed. We should not propagate it to the caller.
+		forceReset := errors.Is(err, ErrorACLResetData)
+		if forceReset {
+			err = nil
+		}
+
 		// Check the index to see if we should call notify
-		if minIndex == 0 || minIndex < index {
+		if minIndex == 0 || minIndex < index || forceReset {
 			notify(ctx, correlationID, result, err)
 			minIndex = index
 		}
diff --git a/agent/proxycfg-glue/health_blocking.go b/agent/proxycfg-glue/health_blocking.go
new file mode 100644
index 000000000000..0a47a920d157
--- /dev/null
+++ b/agent/proxycfg-glue/health_blocking.go
@@ -0,0 +1,164 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package proxycfgglue
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/go-bexpr"
+	"github.com/hashicorp/go-memdb"
+
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/agent/consul/state"
+	"github.com/hashicorp/consul/agent/consul/watch"
+	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/structs/aclfilter"
+)
+
+// ServerHealthBlocking exists due to a bug with the streaming backend and its interaction with ACLs.
+// Whenever an exported-services config entry is modified, this is effectively an ACL change.
+// Assume the following situation:
+//   - no services are exported
+//   - an upstream watch to service X is spawned
+//   - the streaming backend filters out data for service X (because it's not exported yet)
+//   - service X is finally exported
+//
+// In this situation, the streaming backend does not trigger a refresh of its data.
+// This means that any events that were supposed to have been received prior to the export are NOT backfilled,
+// and the watches never see service X spawning.
+//
+// We currently have decided to not trigger a stream refresh in this situation due to the potential for a
+// thundering herd effect (touching exports would cause a re-fetch of all watches for that partition, potentially).
+// Therefore, this local blocking-query approach exists for agentless.
+//
+// It's also worth noting that the streaming subscription is currently bypassed most of the time with agentful,
+// because proxycfg has a `req.Source.Node != ""` which prevents the `streamingEnabled` check from passing.
+// This means that while agents should technically have this same issue, they don't experience it with mesh health
+// watches.
+func ServerHealthBlocking(deps ServerDataSourceDeps, remoteSource proxycfg.Health, state *state.Store) *serverHealthBlocking {
+	return &serverHealthBlocking{deps, remoteSource, state, 5 * time.Minute}
+}
+
+type serverHealthBlocking struct {
+	deps         ServerDataSourceDeps
+	remoteSource proxycfg.Health
+	state        *state.Store
+	watchTimeout time.Duration
+}
+
+// Notify is mostly a copy of the function in `agent/consul/health_endpoint.go` with a few minor tweaks.
+// Most notably, some query features unnecessary for mesh have been stripped out.
+func (h *serverHealthBlocking) Notify(ctx context.Context, args *structs.ServiceSpecificRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error {
+	if args.Datacenter != h.deps.Datacenter {
+		return h.remoteSource.Notify(ctx, args, correlationID, ch)
+	}
+
+	// Verify the arguments
+	if args.ServiceName == "" {
+		return fmt.Errorf("Must provide service name")
+	}
+	if args.EnterpriseMeta.PartitionOrDefault() == acl.WildcardName {
+		return fmt.Errorf("Wildcards are not allowed in the partition field")
+	}
+
+	// Determine the function we'll call
+	var f func(memdb.WatchSet, *state.Store, *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error)
+	switch {
+	case args.Connect:
+		f = serviceNodesConnect
+	case args.Ingress:
+		f = serviceNodesIngress
+	default:
+		f = serviceNodesDefault
+	}
+
+	filter, err := bexpr.CreateFilter(args.Filter, nil, structs.CheckServiceNode{})
+	if err != nil {
+		return err
+	}
+
+	var hadResults bool = false
+	return watch.ServerLocalNotify(ctx, correlationID, h.deps.GetStore,
+		func(ws memdb.WatchSet, store Store) (uint64, *structs.IndexedCheckServiceNodes, error) {
+			// This is necessary so that service export changes are eventually picked up, since
+			// they won't trigger the watch themselves.
+			timeoutCh := make(chan struct{})
+			time.AfterFunc(h.watchTimeout, func() {
+				close(timeoutCh)
+			})
+			ws.Add(timeoutCh)
+
+			authzContext := acl.AuthorizerContext{
+				Peer: args.PeerName,
+			}
+			authz, err := h.deps.ACLResolver.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, &authzContext)
+			if err != nil {
+				return 0, nil, err
+			}
+			// If we're doing a connect or ingress query, we need read access to the service
+			// we're trying to find proxies for, so check that.
+			if args.Connect || args.Ingress {
+				if authz.ServiceRead(args.ServiceName, &authzContext) != acl.Allow {
+					// If access was somehow revoked (via token deletion or unexporting), then we clear the
+					// last-known results before triggering an error. This way, the proxies will actually update
+					// their data, rather than holding onto the last-known list of healthy nodes indefinitely.
+					if hadResults {
+						hadResults = false
+						return 0, &structs.IndexedCheckServiceNodes{}, watch.ErrorACLResetData
+					}
+					return 0, nil, acl.ErrPermissionDenied
+				}
+			}
+
+			var thisReply structs.IndexedCheckServiceNodes
+			thisReply.Index, thisReply.Nodes, err = f(ws, h.state, args)
+			if err != nil {
+				return 0, nil, err
+			}
+
+			raw, err := filter.Execute(thisReply.Nodes)
+			if err != nil {
+				return 0, nil, err
+			}
+			thisReply.Nodes = raw.(structs.CheckServiceNodes)
+
+			// Note: we filter the results with ACLs *after* applying the user-supplied
+			// bexpr filter, to ensure QueryMeta.ResultsFilteredByACLs does not include
+			// results that would be filtered out even if the user did have permission.
+			if err := h.filterACL(&authzContext, args.Token, &thisReply); err != nil {
+				return 0, nil, err
+			}
+
+			hadResults = true
+			return thisReply.Index, &thisReply, nil
+		},
+		dispatchBlockingQueryUpdate[*structs.IndexedCheckServiceNodes](ch),
+	)
+}
+
+func (h *serverHealthBlocking) filterACL(authz *acl.AuthorizerContext, token string, subj *structs.IndexedCheckServiceNodes) error {
+	// Get the ACL from the token
+	var entMeta acl.EnterpriseMeta
+	authorizer, err := h.deps.ACLResolver.ResolveTokenAndDefaultMeta(token, &entMeta, authz)
+	if err != nil {
+		return err
+	}
+	aclfilter.New(authorizer, h.deps.Logger).Filter(subj)
+	return nil
+}
+
+func serviceNodesConnect(ws memdb.WatchSet, s *state.Store, args *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error) {
+	return s.CheckConnectServiceNodes(ws, args.ServiceName, &args.EnterpriseMeta, args.PeerName)
+}
+
+func serviceNodesIngress(ws memdb.WatchSet, s *state.Store, args *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error) {
+	return s.CheckIngressServiceNodes(ws, args.ServiceName, &args.EnterpriseMeta)
+}
+
+func serviceNodesDefault(ws memdb.WatchSet, s *state.Store, args *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error) {
+	return s.CheckServiceNodes(ws, args.ServiceName, &args.EnterpriseMeta, args.PeerName)
+}
diff --git a/agent/proxycfg-glue/health_blocking_test.go b/agent/proxycfg-glue/health_blocking_test.go
new file mode 100644
index 000000000000..3dcdaf17d614
--- /dev/null
+++ b/agent/proxycfg-glue/health_blocking_test.go
@@ -0,0 +1,183 @@
+package proxycfgglue
+
+import (
+	"context"
+	"errors"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/agent/consul/state"
+	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/stretchr/testify/require"
+)
+
+func TestServerHealthBlocking(t *testing.T) {
+	t.Run("remote queries are delegated to the remote source", func(t *testing.T) {
+		var (
+			ctx           = context.Background()
+			req           = &structs.ServiceSpecificRequest{Datacenter: "dc2"}
+			correlationID = "correlation-id"
+			ch            = make(chan<- proxycfg.UpdateEvent)
+			result        = errors.New("KABOOM")
+		)
+
+		remoteSource := newMockHealth(t)
+		remoteSource.On("Notify", ctx, req, correlationID, ch).Return(result)
+
+		store := state.NewStateStore(nil)
+		dataSource := ServerHealthBlocking(ServerDataSourceDeps{Datacenter: "dc1"}, remoteSource, store)
+		err := dataSource.Notify(ctx, req, correlationID, ch)
+		require.Equal(t, result, err)
+	})
+
+	t.Run("services notify correctly", func(t *testing.T) {
+		const (
+			datacenter  = "dc1"
+			serviceName = "web"
+		)
+
+		ctx, cancel := context.WithCancel(context.Background())
+		t.Cleanup(cancel)
+
+		store := state.NewStateStore(nil)
+		aclResolver := newStaticResolver(acl.ManageAll())
+		dataSource := ServerHealthBlocking(ServerDataSourceDeps{
+			GetStore:    func() Store { return store },
+			Datacenter:  datacenter,
+			ACLResolver: aclResolver,
+			Logger:      testutil.Logger(t),
+		}, nil, store)
+		dataSource.watchTimeout = 1 * time.Second
+
+		// Watch for all events
+		eventCh := make(chan proxycfg.UpdateEvent)
+		require.NoError(t, dataSource.Notify(ctx, &structs.ServiceSpecificRequest{
+			Datacenter:  datacenter,
+			ServiceName: serviceName,
+		}, "", eventCh))
+
+		// Watch for a subset of events
+		filteredCh := make(chan proxycfg.UpdateEvent)
+		require.NoError(t, dataSource.Notify(ctx, &structs.ServiceSpecificRequest{
+			Datacenter:  datacenter,
+			ServiceName: serviceName,
+			QueryOptions: structs.QueryOptions{
+				Filter: "Service.ID == \"web1\"",
+			},
+		}, "", filteredCh))
+
+		testutil.RunStep(t, "initial state", func(t *testing.T) {
+			result := getEventResult[*structs.IndexedCheckServiceNodes](t, eventCh)
+			require.Empty(t, result.Nodes)
+			result = getEventResult[*structs.IndexedCheckServiceNodes](t, filteredCh)
+			require.Empty(t, result.Nodes)
+		})
+
+		testutil.RunStep(t, "register services", func(t *testing.T) {
+			require.NoError(t, store.EnsureRegistration(10, &structs.RegisterRequest{
+				Datacenter: "dc1",
+				Node:       "foo",
+				Address:    "127.0.0.1",
+				Service: &structs.NodeService{
+					ID:      serviceName + "1",
+					Service: serviceName,
+					Port:    80,
+				},
+			}))
+			result := getEventResult[*structs.IndexedCheckServiceNodes](t, eventCh)
+			require.Len(t, result.Nodes, 1)
+			result = getEventResult[*structs.IndexedCheckServiceNodes](t, filteredCh)
+			require.Len(t, result.Nodes, 1)
+
+			require.NoError(t, store.EnsureRegistration(11, &structs.RegisterRequest{
+				Datacenter: "dc1",
+				Node:       "foo",
+				Address:    "127.0.0.1",
+				Service: &structs.NodeService{
+					ID:      serviceName + "2",
+					Service: serviceName,
+					Port:    81,
+				},
+			}))
+			result = getEventResult[*structs.IndexedCheckServiceNodes](t, eventCh)
+			require.Len(t, result.Nodes, 2)
+			result = getEventResult[*structs.IndexedCheckServiceNodes](t, filteredCh)
+			require.Len(t, result.Nodes, 1)
+			require.Equal(t, "web1", result.Nodes[0].Service.ID)
+		})
+
+		testutil.RunStep(t, "deregister service", func(t *testing.T) {
+			require.NoError(t, store.DeleteService(12, "foo", serviceName+"1", nil, ""))
+			result := getEventResult[*structs.IndexedCheckServiceNodes](t, eventCh)
+			require.Len(t, result.Nodes, 1)
+			result = getEventResult[*structs.IndexedCheckServiceNodes](t, filteredCh)
+			require.Len(t, result.Nodes, 0)
+		})
+
+		testutil.RunStep(t, "acl enforcement", func(t *testing.T) {
+			require.NoError(t, store.EnsureRegistration(11, &structs.RegisterRequest{
+				Datacenter: "dc1",
+				Node:       "foo",
+				Address:    "127.0.0.1",
+				Service: &structs.NodeService{
+					Service: serviceName + "-sidecar-proxy",
+					Kind:    structs.ServiceKindConnectProxy,
+					Proxy: structs.ConnectProxyConfig{
+						DestinationServiceName: serviceName,
+					},
+				},
+			}))
+
+			authzDeny := policyAuthorizer(t, ``)
+			authzAllow := policyAuthorizer(t, `
+				node_prefix "" { policy = "read" }
+				service_prefix "web" { policy = "read" }
+			`)
+
+			// Start a stream where insufficient permissions are denied
+			aclDenyCh := make(chan proxycfg.UpdateEvent)
+			aclResolver.SwapAuthorizer(authzDeny)
+			require.NoError(t, dataSource.Notify(ctx, &structs.ServiceSpecificRequest{
+				Connect:     true,
+				Datacenter:  datacenter,
+				ServiceName: serviceName,
+			}, "", aclDenyCh))
+			require.ErrorContains(t, getEventError(t, aclDenyCh), "Permission denied")
+
+			// Adding ACL permissions will send valid data
+			aclResolver.SwapAuthorizer(authzAllow)
+			time.Sleep(dataSource.watchTimeout)
+			result := getEventResult[*structs.IndexedCheckServiceNodes](t, aclDenyCh)
+			require.Len(t, result.Nodes, 1)
+			require.Equal(t, "web-sidecar-proxy", result.Nodes[0].Service.Service)
+
+			// Start a stream where sufficient permissions are allowed
+			aclAllowCh := make(chan proxycfg.UpdateEvent)
+			aclResolver.SwapAuthorizer(authzAllow)
+			require.NoError(t, dataSource.Notify(ctx, &structs.ServiceSpecificRequest{
+				Connect:     true,
+				Datacenter:  datacenter,
+				ServiceName: serviceName,
+			}, "", aclAllowCh))
+			result = getEventResult[*structs.IndexedCheckServiceNodes](t, aclAllowCh)
+			require.Len(t, result.Nodes, 1)
+			require.Equal(t, "web-sidecar-proxy", result.Nodes[0].Service.Service)
+
+			// Removing ACL permissions will send empty data
+			aclResolver.SwapAuthorizer(authzDeny)
+			time.Sleep(dataSource.watchTimeout)
+			result = getEventResult[*structs.IndexedCheckServiceNodes](t, aclAllowCh)
+			require.Len(t, result.Nodes, 0)
+
+			// Adding ACL permissions will send valid data
+			aclResolver.SwapAuthorizer(authzAllow)
+			time.Sleep(dataSource.watchTimeout)
+			result = getEventResult[*structs.IndexedCheckServiceNodes](t, aclAllowCh)
+			require.Len(t, result.Nodes, 1)
+			require.Equal(t, "web-sidecar-proxy", result.Nodes[0].Service.Service)
+		})
+	})
+}

From f9aa7aebb3c778148068717ae8cf1a914fb7e8d4 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Thu, 15 Jun 2023 13:51:47 -0400
Subject: [PATCH 060/359] Property Override validation improvements (#17759)

* Reject inbound Prop Override patch with Services

Services filtering is only supported for outbound TrafficDirection patches.

* Improve Prop Override unexpected type validation

- Guard against additional invalid parent and target types
- Add specific error handling for Any fields (unsupported)
---
 .changelog/17759.txt                          |  3 +
 .../property-override/property_override.go    |  4 +
 .../property_override_test.go                 | 14 +++
 .../property-override/structpatcher.go        | 25 +++++-
 .../property-override/structpatcher_test.go   | 89 +++++++++++++++++++
 5 files changed, 134 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/17759.txt

diff --git a/.changelog/17759.txt b/.changelog/17759.txt
new file mode 100644
index 000000000000..0836608ae1f2
--- /dev/null
+++ b/.changelog/17759.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+extensions: Improve validation and error feedback for `property-override` builtin Envoy extension
+```
diff --git a/agent/envoyextensions/builtin/property-override/property_override.go b/agent/envoyextensions/builtin/property-override/property_override.go
index 51d78368523f..d42e3d2d50cb 100644
--- a/agent/envoyextensions/builtin/property-override/property_override.go
+++ b/agent/envoyextensions/builtin/property-override/property_override.go
@@ -191,6 +191,10 @@ func (f *ResourceFilter) validate() error {
 		return err
 	}
 
+	if len(f.Services) > 0 && f.TrafficDirection != extensioncommon.TrafficDirectionOutbound {
+		return fmt.Errorf("patch contains non-empty ResourceFilter.Services but ResourceFilter.TrafficDirection is not %q",
+			extensioncommon.TrafficDirectionOutbound)
+	}
 	for i := range f.Services {
 		sn := f.Services[i]
 		sn.normalize()
diff --git a/agent/envoyextensions/builtin/property-override/property_override_test.go b/agent/envoyextensions/builtin/property-override/property_override_test.go
index 21889d840f4a..4a80db8671bb 100644
--- a/agent/envoyextensions/builtin/property-override/property_override_test.go
+++ b/agent/envoyextensions/builtin/property-override/property_override_test.go
@@ -229,6 +229,20 @@ func TestConstructor(t *testing.T) {
 			ok:     false,
 			errMsg: "service name is required",
 		},
+		"non-empty services with invalid traffic direction": {
+			arguments: makeArguments(map[string]any{"Patches": []map[string]any{
+				makePatch(map[string]any{
+					"ResourceFilter": makeResourceFilter(map[string]any{
+						"TrafficDirection": extensioncommon.TrafficDirectionInbound,
+						"Services": []map[string]any{
+							{"Name:": "foo"},
+						},
+					}),
+				}),
+			}}),
+			ok:     false,
+			errMsg: "patch contains non-empty ResourceFilter.Services but ResourceFilter.TrafficDirection is not \"outbound\"",
+		},
 		// See decode.HookWeakDecodeFromSlice for more details. In practice, we can end up
 		// with a "Patches" field decoded to the single "Patch" value contained in the
 		// serialized slice (raised from the containing slice). Using WeakDecode solves
diff --git a/agent/envoyextensions/builtin/property-override/structpatcher.go b/agent/envoyextensions/builtin/property-override/structpatcher.go
index 3a54ca25e40a..91de4cf7f86d 100644
--- a/agent/envoyextensions/builtin/property-override/structpatcher.go
+++ b/agent/envoyextensions/builtin/property-override/structpatcher.go
@@ -75,7 +75,7 @@ func findTargetMessageAndField(m protoreflect.Message, parsedPath []string, patc
 		}
 
 		// Check whether we have a non-terminal (parent) field in the path for which we
-		// don't support child lookup.
+		// don't support child operations.
 		switch {
 		case fieldDesc.IsList():
 			return nil, nil, fmt.Errorf("path contains member of repeated field '%s'; repeated field member access is not supported",
@@ -83,6 +83,21 @@ func findTargetMessageAndField(m protoreflect.Message, parsedPath []string, patc
 		case fieldDesc.IsMap():
 			return nil, nil, fmt.Errorf("path contains member of map field '%s'; map field member access is not supported",
 				fieldName)
+		case fieldDesc.Message() != nil && fieldDesc.Message().FullName() == "google.protobuf.Any":
+			// Return a more helpful error for Any fields early.
+			//
+			// Doing this here prevents confusing two-step errors, e.g. "no match for field @type"
+			// on Any, when in fact we don't support variant proto message fields like Any in general.
+			// Because Any is a Message, we'd fail on invalid child fields or unsupported bytes target
+			// fields first.
+			//
+			// In the future, we could support Any by using the type field to initialize a struct for
+			// the nested message value.
+			return nil, nil, fmt.Errorf("variant-type message fields (google.protobuf.Any) are not supported")
+		case !(fieldDesc.Kind() == protoreflect.MessageKind):
+			// Non-Any fields that could be used to serialize protos as bytes will get a clear error message
+			// in this scenario. This also catches accidental use of non-complex fields as parent fields.
+			return nil, nil, fmt.Errorf("path contains member of non-message field '%s' (type '%s'); this type does not support child fields", fieldName, fieldDesc.Kind())
 		}
 
 		fieldM := m.Get(fieldDesc).Message()
@@ -137,6 +152,10 @@ func applyAdd(parentM protoreflect.Message, fieldDesc protoreflect.FieldDescript
 	// similar to a list (repeated field). This map handling is specific to _our_ patch semantics for
 	// updating multiple message fields at once.
 	if isMapValue && !fieldDesc.IsMap() {
+		if fieldDesc.Kind() != protoreflect.MessageKind {
+			return fmt.Errorf("non-message field type '%s' cannot be set via a map", fieldDesc.Kind())
+		}
+
 		// Get a fresh copy of the target field's message, then set the children indicated by the patch.
 		fieldM := parentM.Get(fieldDesc).Message().New()
 		for k, v := range mapValue {
@@ -151,6 +170,7 @@ func applyAdd(parentM protoreflect.Message, fieldDesc protoreflect.FieldDescript
 			fieldM.Set(targetFieldDesc, val)
 		}
 		parentM.Set(fieldDesc, protoreflect.ValueOf(fieldM))
+
 	} else {
 		// Just set the field directly, as our patch value is not a map.
 		val, err := toProtoValue(parentM, fieldDesc, patch.Value)
@@ -280,6 +300,9 @@ func toProtoValue(parentM protoreflect.Message, fieldDesc protoreflect.FieldDesc
 		case float64:
 			return toProtoNumericValue(fieldDesc, val)
 		}
+	case protoreflect.BytesKind,
+		protoreflect.GroupKind:
+		return unsupportedTargetTypeErr(fieldDesc)
 	}
 
 	// Fall back to protoreflect.ValueOf, which may panic if an unexpected type is passed.
diff --git a/agent/envoyextensions/builtin/property-override/structpatcher_test.go b/agent/envoyextensions/builtin/property-override/structpatcher_test.go
index 579f0f71c98a..ac7379f9f186 100644
--- a/agent/envoyextensions/builtin/property-override/structpatcher_test.go
+++ b/agent/envoyextensions/builtin/property-override/structpatcher_test.go
@@ -2,6 +2,7 @@ package propertyoverride
 
 import (
 	"fmt"
+	"google.golang.org/protobuf/types/known/anypb"
 	"testing"
 
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
@@ -592,6 +593,31 @@ func TestPatchStruct(t *testing.T) {
 			},
 			ok: true,
 		},
+		"remove single field: Any": {
+			args: args{
+				k: &envoy_cluster_v3.Cluster{
+					ClusterDiscoveryType: &envoy_cluster_v3.Cluster_ClusterType{
+						ClusterType: &envoy_cluster_v3.Cluster_CustomClusterType{
+							TypedConfig: &anypb.Any{
+								TypeUrl: "foo",
+							},
+						},
+					},
+				},
+				patches: []Patch{
+					makeRemovePatch(
+						"/cluster_type/typed_config",
+					),
+				},
+			},
+			// Invalid actual config, but used as an example of removing Any field directly
+			expected: &envoy_cluster_v3.Cluster{
+				ClusterDiscoveryType: &envoy_cluster_v3.Cluster_ClusterType{
+					ClusterType: &envoy_cluster_v3.Cluster_CustomClusterType{},
+				},
+			},
+			ok: true,
+		},
 		"remove single field deeply nested": {
 			args: args{
 				k: &envoy_cluster_v3.Cluster{
@@ -858,6 +884,69 @@ func TestPatchStruct(t *testing.T) {
 			ok:     false,
 			errMsg: "unsupported target field type 'map'",
 		},
+		"add unsupported target: non-message field via map": {
+			args: args{
+				k: &envoy_cluster_v3.Cluster{},
+				patches: []Patch{
+					makeAddPatch(
+						"/name",
+						map[string]any{
+							"cluster_refresh_rate":       "5s",
+							"cluster_refresh_timeout":    "3s",
+							"redirect_refresh_interval":  "5s",
+							"redirect_refresh_threshold": 5,
+						},
+					),
+				},
+			},
+			ok:     false,
+			errMsg: "non-message field type 'string' cannot be set via a map",
+		},
+		"add unsupported target: non-message parent field via single value": {
+			args: args{
+				k: &envoy_cluster_v3.Cluster{},
+				patches: []Patch{
+					makeAddPatch(
+						"/name/foo",
+						"bar",
+					),
+				},
+			},
+			ok:     false,
+			errMsg: "path contains member of non-message field 'name' (type 'string'); this type does not support child fields",
+		},
+		"add unsupported target: non-message parent field via map": {
+			args: args{
+				k: &envoy_cluster_v3.Cluster{},
+				patches: []Patch{
+					makeAddPatch(
+						"/name/foo",
+						map[string]any{
+							"cluster_refresh_rate":       "5s",
+							"cluster_refresh_timeout":    "3s",
+							"redirect_refresh_interval":  "5s",
+							"redirect_refresh_threshold": 5,
+						},
+					),
+				},
+			},
+			ok:     false,
+			errMsg: "path contains member of non-message field 'name' (type 'string'); this type does not support child fields",
+		},
+		"add unsupported target: Any field": {
+			args: args{
+				k: &envoy_cluster_v3.Cluster{},
+				patches: []Patch{
+					makeAddPatch(
+						// Purposefully use a wrong-but-reasonable field name to ensure special error is returned
+						"/cluster_type/typed_config/@type",
+						"foo",
+					),
+				},
+			},
+			ok:     false,
+			errMsg: "variant-type message fields (google.protobuf.Any) are not supported",
+		},
 		"add unsupported target: repeated message": {
 			args: args{
 				k: &envoy_cluster_v3.Cluster{},

From 414a61da28fd5afa725c0161b2dfa2917dd021c2 Mon Sep 17 00:00:00 2001
From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Date: Thu, 15 Jun 2023 11:24:40 -0700
Subject: [PATCH 061/359] Fixes (#17765)

---
 .../connect/config-entries/jwt-provider.mdx   | 160 +++++++++---------
 .../config-entries/service-intentions.mdx     | 102 +++++------
 .../connect/intentions/jwt-authorization.mdx  |   2 +-
 3 files changed, 132 insertions(+), 132 deletions(-)

diff --git a/website/content/docs/connect/config-entries/jwt-provider.mdx b/website/content/docs/connect/config-entries/jwt-provider.mdx
index 5fc75da4d300..b31427af4fff 100644
--- a/website/content/docs/connect/config-entries/jwt-provider.mdx
+++ b/website/content/docs/connect/config-entries/jwt-provider.mdx
@@ -108,53 +108,53 @@ Kind = "jwt-provider"                                # required
 Name = "<name-of-provider-configuration-entry>"      # required
 Issuer = "<jwt-issuer>"                              # required
 JSONWebKeySet = {                                    # required
-  Local = {                                          # cannot specify with JWKS{}.Remote
-    JWKS = "<JWKS-as-base64-string>"                 # cannot specify with JWKS{}.Local{}.Filename
-    Filename = "<path/to/JWKS/file>"                 # cannot specify with JWKS{}.Local{}.String
-  }
+    Local = {                                        # cannot specify with JWKS{}.Remote
+        JWKS = "<JWKS-as-base64-string>"             # cannot specify with JWKS{}.Local{}.Filename
+        Filename = "<path/to/JWKS/file>"             # cannot specify with JWKS{}.Local{}.String
+    }
 }
 JSONWebKeySet = {
-  Remote = {                                         # cannot specify with JWKS{}.Local
-    URI = "<uniform-resource-identifier>"
-    RequestTimeoutMs = 1500
-    CacheDuration = "5m"
-    FetchAsynchronously = false
-    RetryPolicy = {
-      NumRetries = 0
-      RetryPolicyBackoff = {
-        BaseInterval = "1s"
-        MaxInterval = "10s"
+        Remote = {                                   # cannot specify with JWKS{}.Local
+          URI = "<uniform-resource-identifier>"
+          RequestTimeoutMs = 1500
+          CacheDuration = "5m"
+          FetchAsynchronously = false
+          RetryPolicy = {
+            NumRetries = 0
+            RetryPolicyBackoff = {
+              BaseInterval = "1s"
+              MaxInterval = "10s"
+            }
+          }
+        }
       }
-    }
-  }
-}
 Audiences = ["<aud-claims>"]
 Locations = [
-  {
-    Header = {
-      Name = "<name-of-header-with-token>"
-      ValuePrefix = "<prefix-in-header-before-token>"
-      Forward = false
-    }
-  },
-  {
-    QueryParam = {
-      Name = "<name-of-query-parameter-with-token>"
-    }
-  },
-  {
-    Cookie = {
-      Name = "<name-of-cookie-with-token>"
+    {
+        Header = {
+            Name = "<name-of-header-with-token>"
+            ValuePrefix = "<prefix-in-header-before-token>"
+            Forward = false
+        }
+    },
+    {
+        QueryParam = {
+            Name = "<name-of-query-parameter-with-token>"
+        }
+    },
+    {
+        Cookie = {
+            Name = "<name-of-cookie-with-token>"
+        }
     }
-  }
 ]
 Forwarding = {
-  HeaderName = "<name-appended-to-forwarding-header>"
-  PadForwardPayloadHeader = false
+    HeaderName = "<name-appended-to-forwarding-header>"
+    PadForwardPayloadHeader = false
 }
 ClockSkewSeconds = 30
 CacheConfig = {
-  Size = 0
+    Size = 0
 }
 ```
 
@@ -164,58 +164,58 @@ CacheConfig = {
 
 ```json
 {
-  "Kind": "jwt-provider",                               // required
-  "Name": "<name-of-provider-configuration-entry>",     // required
-  "Issuer": "<jwt-issuer>",                             // required
-  "JSONWebKeySet": {                                    // required
-    "Local": {                                          // cannot specify with JWKS.Remote
-      "JWKS": "<JWKS-as-base64-string>",                // cannot specify with JWKS.Local.Filename
-      "Filename": "<path/to/JWKS/file>"                 // cannot specify with JWKS.Local.String
+"Kind": "jwt-provider",                               // required
+"Name": "<name-of-provider-configuration-entry>",     // required
+"Issuer": "<jwt-issuer>",                             // required
+"JSONWebKeySet": {                                    // required
+    "Local": {                                        // cannot specify with JWKS.Remote
+        "JWKS": "<JWKS-as-base64-string>",            // cannot specify with JWKS.Local.Filename
+        "Filename": "<path/to/JWKS/file>"             // cannot specify with JWKS.Local.String
     }
-  },
-  "JSONWebKeySet": {
-    "Remote": {                                         // cannot specify with JWKS.Local
-      "URI": "<uniform-resource-identifier>",
-      "RequestTimeoutMs": "1500",
-      "CacheDuration": "5m",
-      "FetchAsynchronously": "false",
-      "RetryPolicy": {
-        "NumRetries": "0",
-        "RetryPolicyBackOff": {
-          "BaseInterval": "1s",
-          "MaxInterval": "10s"
+},
+"JSONWebKeySet": {
+        "Remote": {                                   // cannot specify with JWKS.Local
+          "URI": "<uniform-resource-identifier>",
+          "RequestTimeoutMs": "1500",
+          "CacheDuration": "5m",
+          "FetchAsynchronously": "false",
+          "RetryPolicy": {
+            "NumRetries": "0",
+            "RetryPolicyBackOff": {
+              "BaseInterval": "1s",
+              "MaxInterval": "10s"
+            }
+          }
         }
-      }
-    }
-  },
-  "Audiences": ["<aud-claims>"],
-  "Locations": [
+},
+"Audiences": ["<aud-claims>"],
+"Locations": [
     {
-      "Header": {
-        "Name": "<name-of-header-with-token>",
-        "ValuePrefix": "<prefix-in-header-before-token>",
-        "Forward": "false"
-      }
+        "Header": {
+            "Name": "<name-of-header-with-token>",
+            "ValuePrefix": "<prefix-in-header-before-token>",
+            "Forward": "false"
+        }
     },
     {
-      "QueryParam": {
-        "Name":"<name-of-query-parameter-with-token>",
-      }
+        "QueryParam": {
+            "Name":"<name-of-query-parameter-with-token>",
+        }
     },
     {
-      "Cookie": {
-        "Name": "<name-of-cookie-with-token>"
-      }
+        "Cookie": {
+            "Name": "<name-of-cookie-with-token>"
+        }
     }
-  ],
-  "Forwarding": {
-      "HeaderName": "<name-appended-to-forwarding-header>",
-      "PadForwardPayloadHeader": "false"
-  },
-  "ClockSkewSeconds": "30",
-  "CacheConfig": {
+],
+"Forwarding": {
+    "HeaderName": "<name-appended-to-forwarding-header>",
+    "PadForwardPayloadHeader": "false"
+},
+"ClockSkewSeconds": "30",
+"CacheConfig": {
     "Size": "0"
-  }
+}
 }
 ```
 
@@ -1014,7 +1014,7 @@ metadata:
   name: okta
 spec:
   issuer: okta
-  jsonWebKeySet:
+  jsonwebkeyset:
     remote:
       uri: https://<org>.okta.com/oauth2/default/v1/keys
       cacheDuration: 30m
diff --git a/website/content/docs/connect/config-entries/service-intentions.mdx b/website/content/docs/connect/config-entries/service-intentions.mdx
index f8afda6e41da..180e3aaabd96 100644
--- a/website/content/docs/connect/config-entries/service-intentions.mdx
+++ b/website/content/docs/connect/config-entries/service-intentions.mdx
@@ -1506,64 +1506,64 @@ Sources = [
 ```
 
 ```yaml
-apiVersion: consul.hashicorp.com/v1alpha1
-kind: ServiceIntentions
-metadata:
-  name: backend
-spec:
-  sources:
-    name: frontend
-    permissions:
+  apiVersion: consul.hashicorp.com/v1alpha1
+  kind: ServiceIntentions
+  metadata:
+    name: backend
+  spec:
+    sources:
+      name: frontend
+      permissions:
+        http:
+          pathExact: /admin
+        jwt:
+          providers:
+            name: okta
+            verifyClaims:
+              path: 
+                - perms
+                - role
+              value: admin
+      action: allow
       http:
-        pathExact: /admin
-      jwt:
-        providers:
-          name: okta
-          verifyClaims:
-            path: 
-              - perms
-              - role
-            value: admin
-    action: allow
-    http:
-      pathPrefix: /
+        pathPrefix: /
 ```
 
 ```json
 {
-  "Kind": "service-intentions",
-  "Name": "backend",
-  "Sources": [
-    {
-      "Name": "frontend",
-      "Permissions": [
-        {
-          "HTTP": {
-            "PathExact": "/admin"
-          },
-          "JWT": {
-            "Providers": [
-              {
-                "Name": "okta",
-                "VerifyClaims": [
-                  {
-                    "Path": ["perms", "role"],
-                    "Value": "admin"
-                  }
-                ]
-              }
-            ]
-          }
+"Kind": "service-intentions",
+"Name": "backend",
+"Sources": [
+  {
+    "Name": "frontend",
+    "Permissions": [
+      {
+        "HTTP": {
+          "PathExact": "/admin"
         },
-        {
-          "Action": "allow",
-          "HTTP": {
-            "PathPrefix": "/"
-          }
+        "JWT": {
+          "Providers": [
+            {
+              "Name": "okta",
+              "VerifyClaims": [
+                {
+                  "Path": ["perms", "role"],
+                  "Value": "admin"
+                }
+              ]
+            }
+          ]
         }
-      ]
-    }
-  ]
+      },
+      {
+        "Action": "allow",
+        "HTTP": {
+          "PathPrefix": "/"
+        }
+      }
+    ]
+  }
+]
 }
 ```
 
diff --git a/website/content/docs/connect/intentions/jwt-authorization.mdx b/website/content/docs/connect/intentions/jwt-authorization.mdx
index a58bd3af3e19..9a8458054ea2 100644
--- a/website/content/docs/connect/intentions/jwt-authorization.mdx
+++ b/website/content/docs/connect/intentions/jwt-authorization.mdx
@@ -98,4 +98,4 @@ After you update the service intention, write the configuration to Consul so tha
 
 ```shell-session
 $ consul config write web-intention.hcl
-```
\ No newline at end of file
+```

From 730c599adc51489b7b138c5bb708ca70c60e289b Mon Sep 17 00:00:00 2001
From: Mark Campbell-Vincent <mnmvincent@gmail.com>
Date: Thu, 15 Jun 2023 17:25:07 -0400
Subject: [PATCH 062/359] Update license get explanation (#17782)

This PR is to clarify what happens if the license get command is run on a follower if the leader hasn't been updated with a newer license.
---
 website/content/commands/license.mdx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/website/content/commands/license.mdx b/website/content/commands/license.mdx
index 50cee37544ad..762e66df43d8 100644
--- a/website/content/commands/license.mdx
+++ b/website/content/commands/license.mdx
@@ -167,7 +167,8 @@ Licensed Features:
 
 Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/license](/consul/api-docs/operator/license#getting-the-consul-license)
 
-This command gets the Consul Enterprise license.
+This command gets the Consul Enterprise license. If the leader hasn't been updated with the newer license, the followers
+will display the outdated license in their GET output.
 
 The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication). Configuration of
 [blocking queries](/consul/api-docs/features/blocking) and [agent caching](/consul/api-docs/features/caching)

From 265c003033858e8e2ac2cb5d767f5fa841e72c45 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Fri, 16 Jun 2023 09:37:47 -0400
Subject: [PATCH 063/359] Add Patch index to Prop Override validation errors
 (#17777)

When a patch is found invalid, include its index for easier debugging
when multiple patches are provided.
---
 .../property-override/property_override.go    |  4 +-
 .../property_override_test.go                 | 53 ++++++++++++++++++-
 2 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/agent/envoyextensions/builtin/property-override/property_override.go b/agent/envoyextensions/builtin/property-override/property_override.go
index d42e3d2d50cb..41e98074b7a2 100644
--- a/agent/envoyextensions/builtin/property-override/property_override.go
+++ b/agent/envoyextensions/builtin/property-override/property_override.go
@@ -259,9 +259,9 @@ func (p *propertyOverride) validate() error {
 	}
 
 	var resultErr error
-	for _, patch := range p.Patches {
+	for i, patch := range p.Patches {
 		if err := patch.validate(p.Debug); err != nil {
-			resultErr = multierror.Append(resultErr, err)
+			resultErr = multierror.Append(resultErr, fmt.Errorf("invalid Patches[%d]: %w", i, err))
 		}
 	}
 
diff --git a/agent/envoyextensions/builtin/property-override/property_override_test.go b/agent/envoyextensions/builtin/property-override/property_override_test.go
index 4a80db8671bb..0e4317f9ddb7 100644
--- a/agent/envoyextensions/builtin/property-override/property_override_test.go
+++ b/agent/envoyextensions/builtin/property-override/property_override_test.go
@@ -63,6 +63,7 @@ func TestConstructor(t *testing.T) {
 		expected      propertyOverride
 		ok            bool
 		errMsg        string
+		errFunc       func(*testing.T, error)
 	}
 
 	validTestCase := func(o Op, d extensioncommon.TrafficDirection, t ResourceType) testCase {
@@ -216,6 +217,50 @@ func TestConstructor(t *testing.T) {
 			ok:     false,
 			errMsg: fmt.Sprintf("field Value is not supported for %s operation", OpRemove),
 		},
+		"multiple patches includes indexed errors": {
+			arguments: makeArguments(map[string]any{"Patches": []map[string]any{
+				makePatch(map[string]any{
+					"Op":    OpRemove,
+					"Value": 0,
+				}),
+				makePatch(map[string]any{
+					"Op":    OpAdd,
+					"Value": nil,
+				}),
+				makePatch(map[string]any{
+					"Op":   OpAdd,
+					"Path": "/foo",
+				}),
+			}}),
+			ok: false,
+			errFunc: func(t *testing.T, err error) {
+				require.ErrorContains(t, err, "invalid Patches[0]: field Value is not supported for remove operation")
+				require.ErrorContains(t, err, "invalid Patches[1]: non-nil Value is required")
+				require.ErrorContains(t, err, "invalid Patches[2]: no match for field 'foo'")
+			},
+		},
+		"multiple patches single error contains correct index": {
+			arguments: makeArguments(map[string]any{"Patches": []map[string]any{
+				makePatch(map[string]any{
+					"Op":    OpAdd,
+					"Value": "foo",
+				}),
+				makePatch(map[string]any{
+					"Op":    OpRemove,
+					"Value": 1,
+				}),
+				makePatch(map[string]any{
+					"Op":    OpAdd,
+					"Value": "bar",
+				}),
+			}}),
+			ok: false,
+			errFunc: func(t *testing.T, err error) {
+				require.ErrorContains(t, err, "invalid Patches[1]: field Value is not supported for remove operation")
+				require.NotContains(t, err.Error(), "invalid Patches[0]")
+				require.NotContains(t, err.Error(), "invalid Patches[2]")
+			},
+		},
 		"empty service name": {
 			arguments: makeArguments(map[string]any{"Patches": []map[string]any{
 				makePatch(map[string]any{
@@ -347,7 +392,13 @@ func TestConstructor(t *testing.T) {
 				require.NoError(t, err)
 				require.Equal(t, &extensioncommon.BasicEnvoyExtender{Extension: &tc.expected}, e)
 			} else {
-				require.ErrorContains(t, err, tc.errMsg)
+				require.Error(t, err)
+				if tc.errMsg != "" {
+					require.ErrorContains(t, err, tc.errMsg)
+				}
+				if tc.errFunc != nil {
+					tc.errFunc(t, err)
+				}
 			}
 		})
 	}

From 5f95f5f6d831abb840cc4a72a435469c5f3e43a4 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Fri, 16 Jun 2023 10:31:53 -0400
Subject: [PATCH 064/359] Stop referenced jwt providers from being deleted
 (#17755)

* Stop referenced jwt providers from being deleted
---
 .changelog/17755.txt                    |   3 +
 agent/consul/state/config_entry.go      |  66 +++++++++
 agent/consul/state/config_entry_test.go | 175 ++++++++++++++++++++++++
 3 files changed, 244 insertions(+)
 create mode 100644 .changelog/17755.txt

diff --git a/.changelog/17755.txt b/.changelog/17755.txt
new file mode 100644
index 000000000000..7edf7b26e159
--- /dev/null
+++ b/.changelog/17755.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+mesh: Stop jwt providers referenced by intentions from being deleted.
+```
\ No newline at end of file
diff --git a/agent/consul/state/config_entry.go b/agent/consul/state/config_entry.go
index 340a53f1192c..9abaafc390d3 100644
--- a/agent/consul/state/config_entry.go
+++ b/agent/consul/state/config_entry.go
@@ -634,6 +634,12 @@ func validateProposedConfigEntryInGraph(
 	case structs.TCPRoute:
 	case structs.RateLimitIPConfig:
 	case structs.JWTProvider:
+		if newEntry == nil && existingEntry != nil {
+			err := validateJWTProviderIsReferenced(tx, kindName, existingEntry)
+			if err != nil {
+				return err
+			}
+		}
 	default:
 		return fmt.Errorf("unhandled kind %q during validation of %q", kindName.Kind, kindName.Name)
 	}
@@ -704,6 +710,66 @@ func getReferencedProviderNames(j *structs.IntentionJWTRequirement, s []*structs
 	return providerNames
 }
 
+// validateJWTProviderIsReferenced iterates over intentions to determine if the provider being
+// deleted is referenced by any intention.
+//
+// This could be an expensive operation based on the number of intentions. We purposely set this to only
+// run on delete and don't expect this to be called often.
+func validateJWTProviderIsReferenced(tx ReadTxn, kn configentry.KindName, ce structs.ConfigEntry) error {
+	meta := acl.NewEnterpriseMetaWithPartition(
+		kn.EnterpriseMeta.PartitionOrDefault(),
+		acl.DefaultNamespaceName,
+	)
+	entry, ok := ce.(*structs.JWTProviderConfigEntry)
+	if !ok {
+		return fmt.Errorf("invalid jwt provider config entry: %T", entry)
+	}
+
+	_, ixnEntries, err := configEntriesByKindTxn(tx, nil, structs.ServiceIntentions, &meta)
+	if err != nil {
+		return err
+	}
+
+	err = findJWTProviderNameReferences(ixnEntries, entry.Name)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func findJWTProviderNameReferences(entries []structs.ConfigEntry, pName string) error {
+	errMsg := "cannot delete jwt provider config entry referenced by an intention. Provider name: %s, intention name: %s"
+	for _, entry := range entries {
+		ixn, ok := entry.(*structs.ServiceIntentionsConfigEntry)
+		if !ok {
+			return fmt.Errorf("type %T is not a service intentions config entry", entry)
+		}
+
+		if ixn.JWT != nil {
+			for _, prov := range ixn.JWT.Providers {
+				if prov.Name == pName {
+					return fmt.Errorf(errMsg, pName, ixn.Name)
+				}
+			}
+		}
+
+		for _, s := range ixn.Sources {
+			for _, perm := range s.Permissions {
+				if perm.JWT == nil {
+					continue
+				}
+				for _, prov := range perm.JWT.Providers {
+					if prov.Name == pName {
+						return fmt.Errorf(errMsg, pName, ixn.Name)
+					}
+				}
+			}
+		}
+	}
+	return nil
+}
+
 // This fetches all the jwt-providers config entries and iterates over them
 // to validate that any provider referenced exists.
 // This is okay because we assume there are very few jwt-providers per partition
diff --git a/agent/consul/state/config_entry_test.go b/agent/consul/state/config_entry_test.go
index 572719dc4b1f..d72f12c87689 100644
--- a/agent/consul/state/config_entry_test.go
+++ b/agent/consul/state/config_entry_test.go
@@ -3714,3 +3714,178 @@ func TestStateStore_DiscoveryChain_AttachVirtualIPs(t *testing.T) {
 	require.Equal(t, []string{"2.2.2.2", "3.3.3.3"}, chain.ManualVirtualIPs)
 
 }
+
+func TestFindJWTProviderNameReferences(t *testing.T) {
+	oktaProvider := structs.IntentionJWTProvider{Name: "okta"}
+	auth0Provider := structs.IntentionJWTProvider{Name: "auth0"}
+	cases := map[string]struct {
+		entries       []structs.ConfigEntry
+		providerName  string
+		expectedError string
+	}{
+		"no jwt at any level": {
+			entries:      []structs.ConfigEntry{},
+			providerName: "okta",
+		},
+		"provider not referenced": {
+			entries: []structs.ConfigEntry{
+				&structs.ServiceIntentionsConfigEntry{
+					Kind: "service-intentions",
+					Name: "api-intention",
+					JWT: &structs.IntentionJWTRequirement{
+						Providers: []*structs.IntentionJWTProvider{&oktaProvider, &auth0Provider},
+					},
+				},
+			},
+			providerName: "fake-provider",
+		},
+		"only top level jwt with no permissions": {
+			entries: []structs.ConfigEntry{
+				&structs.ServiceIntentionsConfigEntry{
+					Kind: "service-intentions",
+					Name: "api-intention",
+					JWT: &structs.IntentionJWTRequirement{
+						Providers: []*structs.IntentionJWTProvider{&oktaProvider, &auth0Provider},
+					},
+				},
+			},
+			providerName:  "okta",
+			expectedError: "cannot delete jwt provider config entry referenced by an intention. Provider name: okta, intention name: api-intention",
+		},
+		"top level jwt with permissions": {
+			entries: []structs.ConfigEntry{
+				&structs.ServiceIntentionsConfigEntry{
+					Kind: "service-intentions",
+					Name: "api-intention",
+					JWT: &structs.IntentionJWTRequirement{
+						Providers: []*structs.IntentionJWTProvider{&oktaProvider},
+					},
+					Sources: []*structs.SourceIntention{
+						{
+							Name:   "api",
+							Action: "allow",
+							Permissions: []*structs.IntentionPermission{
+								{
+									Action: "allow",
+									JWT: &structs.IntentionJWTRequirement{
+										Providers: []*structs.IntentionJWTProvider{&oktaProvider},
+									},
+								},
+							},
+						},
+						{
+							Name:   "serv",
+							Action: "allow",
+							Permissions: []*structs.IntentionPermission{
+								{
+									Action: "allow",
+									JWT: &structs.IntentionJWTRequirement{
+										Providers: []*structs.IntentionJWTProvider{&auth0Provider},
+									},
+								},
+							},
+						},
+						{
+							Name:   "web",
+							Action: "allow",
+							Permissions: []*structs.IntentionPermission{
+								{Action: "allow"},
+							},
+						},
+					},
+				},
+			},
+			providerName:  "auth0",
+			expectedError: "cannot delete jwt provider config entry referenced by an intention. Provider name: auth0, intention name: api-intention",
+		},
+		"no top level jwt and existing permissions": {
+			entries: []structs.ConfigEntry{
+				&structs.ServiceIntentionsConfigEntry{
+					Kind: "service-intentions",
+					Name: "api-intention",
+					Sources: []*structs.SourceIntention{
+						{
+							Name:   "api",
+							Action: "allow",
+							Permissions: []*structs.IntentionPermission{
+								{
+									Action: "allow",
+									JWT: &structs.IntentionJWTRequirement{
+										Providers: []*structs.IntentionJWTProvider{&oktaProvider},
+									},
+								},
+							},
+						},
+						{
+							Name:   "serv",
+							Action: "allow",
+							Permissions: []*structs.IntentionPermission{
+								{
+									Action: "allow",
+									JWT: &structs.IntentionJWTRequirement{
+										Providers: []*structs.IntentionJWTProvider{&auth0Provider},
+									},
+								},
+							},
+						},
+						{
+							Name:   "web",
+							Action: "allow",
+							Permissions: []*structs.IntentionPermission{
+								{Action: "allow"},
+							},
+						},
+					},
+				},
+			},
+			providerName:  "okta",
+			expectedError: "cannot delete jwt provider config entry referenced by an intention. Provider name: okta, intention name: api-intention",
+		},
+	}
+
+	for name, tt := range cases {
+		tt := tt
+		t.Run(name, func(t *testing.T) {
+			err := findJWTProviderNameReferences(tt.entries, tt.providerName)
+
+			if tt.expectedError != "" {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), tt.expectedError)
+			} else {
+				require.NoError(t, err)
+			}
+		})
+	}
+}
+
+func TestStore_ValidateJWTProviderIsReferenced(t *testing.T) {
+	s := testStateStore(t)
+
+	// First create a config entry
+	provider := &structs.JWTProviderConfigEntry{
+		Kind: structs.JWTProvider,
+		Name: "okta",
+	}
+	require.NoError(t, s.EnsureConfigEntry(0, provider))
+
+	// create a service intention referencing the config entry
+	ixn := &structs.ServiceIntentionsConfigEntry{
+		Name: "api",
+		JWT: &structs.IntentionJWTRequirement{
+			Providers: []*structs.IntentionJWTProvider{
+				{Name: provider.Name},
+			},
+		},
+	}
+	require.NoError(t, s.EnsureConfigEntry(1, ixn))
+
+	// attempt deleting a referenced provider
+	err := s.DeleteConfigEntry(0, structs.JWTProvider, provider.Name, nil)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), `cannot delete jwt provider config entry referenced by an intention. Provider name: okta, intention name: api`)
+
+	// delete the intention
+	require.NoError(t, s.DeleteConfigEntry(1, structs.ServiceIntentions, ixn.Name, nil))
+	// successfully delete the provider after deleting the intention
+	require.NoError(t, s.DeleteConfigEntry(0, structs.JWTProvider, provider.Name, nil))
+}

From 653a886689f757d62ec383da2a17971bcb3e24db Mon Sep 17 00:00:00 2001
From: Matt Keeler <mkeeler@users.noreply.github.com>
Date: Fri, 16 Jun 2023 12:58:53 -0400
Subject: [PATCH 065/359] Implement a Catalog Controllers Lifecycle Integration
 Test (#17435)

* Implement a Catalog Controllers Lifecycle Integration Test

* Prevent triggering the race detector.

This allows defining some variables for protobuf constants and using those in comparisons. Without that, something internal in the fmt package ended up looking at the protobuf message size cache and triggering the race detector.
---
 internal/catalog/catalogtest/run_test.go      |   5 +
 .../catalogtest/test_integration_v1alpha1.go  |   1 +
 .../catalogtest/test_lifecycle_v1alpha1.go    | 706 ++++++++++++++++++
 internal/catalog/exports.go                   |  18 +
 internal/resource/resourcetest/builder.go     |  17 +-
 internal/resource/resourcetest/client.go      |  20 +-
 proto/private/prototest/testing.go            |   2 +-
 7 files changed, 766 insertions(+), 3 deletions(-)
 create mode 100644 internal/catalog/catalogtest/test_lifecycle_v1alpha1.go

diff --git a/internal/catalog/catalogtest/run_test.go b/internal/catalog/catalogtest/run_test.go
index 7c17052d8246..defaad2a16d6 100644
--- a/internal/catalog/catalogtest/run_test.go
+++ b/internal/catalog/catalogtest/run_test.go
@@ -37,3 +37,8 @@ func TestControllers_Integration(t *testing.T) {
 	client := runInMemResourceServiceAndControllers(t, catalog.DefaultControllerDependencies())
 	RunCatalogV1Alpha1IntegrationTest(t, client)
 }
+
+func TestControllers_Lifecycle(t *testing.T) {
+	client := runInMemResourceServiceAndControllers(t, catalog.DefaultControllerDependencies())
+	RunCatalogV1Alpha1LifecycleIntegrationTest(t, client)
+}
diff --git a/internal/catalog/catalogtest/test_integration_v1alpha1.go b/internal/catalog/catalogtest/test_integration_v1alpha1.go
index 8a7f4cd9a248..19be6d7a4846 100644
--- a/internal/catalog/catalogtest/test_integration_v1alpha1.go
+++ b/internal/catalog/catalogtest/test_integration_v1alpha1.go
@@ -698,6 +698,7 @@ func expectedGRPCApiServiceEndpoints(t *testing.T, c *rtest.Client) *pbcatalog.S
 }
 
 func verifyServiceEndpoints(t *testing.T, c *rtest.Client, id *pbresource.ID, expected *pbcatalog.ServiceEndpoints) {
+	t.Helper()
 	c.WaitForResourceState(t, id, func(t rtest.T, res *pbresource.Resource) {
 		var actual pbcatalog.ServiceEndpoints
 		err := res.Data.UnmarshalTo(&actual)
diff --git a/internal/catalog/catalogtest/test_lifecycle_v1alpha1.go b/internal/catalog/catalogtest/test_lifecycle_v1alpha1.go
new file mode 100644
index 000000000000..d7529a6ec48c
--- /dev/null
+++ b/internal/catalog/catalogtest/test_lifecycle_v1alpha1.go
@@ -0,0 +1,706 @@
+package catalogtest
+
+import (
+	"testing"
+
+	"github.com/hashicorp/consul/internal/catalog"
+	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/sdk/testutil"
+)
+
+// RunCatalogV1Alpha1LifecycleIntegrationTest intends to excercise functionality of
+// managing catalog resources over their normal lifecycle where they will be modified
+// several times, change state etc.
+func RunCatalogV1Alpha1LifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) {
+	t.Helper()
+
+	testutil.RunStep(t, "node-lifecycle", func(t *testing.T) {
+		RunCatalogV1Alpha1NodeLifecycleIntegrationTest(t, client)
+	})
+
+	testutil.RunStep(t, "workload-lifecycle", func(t *testing.T) {
+		RunCatalogV1Alpha1WorkloadLifecycleIntegrationTest(t, client)
+	})
+
+	testutil.RunStep(t, "endpoints-lifecycle", func(t *testing.T) {
+		RunCatalogV1Alpha1EndpointsLifecycleIntegrationTest(t, client)
+	})
+}
+
+// RunCatalogV1Alpha1NodeLifecycleIntegrationTest verifies correct functionality of
+// the node-health controller. This test will exercise the following behaviors:
+//
+// * Creating a Node without associated HealthStatuses will mark the node as passing
+// * Associating a HealthStatus with a Node will cause recomputation of the Health
+// * Changing HealthStatus to a worse health will cause recomputation of the Health
+// * Changing HealthStatus to a better health will cause recomputation of the Health
+// * Deletion of associated HealthStatuses will recompute the Health (back to passing)
+// * Deletion of the node will cause deletion of associated health statuses
+func RunCatalogV1Alpha1NodeLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) {
+	c := rtest.NewClient(client)
+
+	nodeName := "test-lifecycle"
+	nodeHealthName := "test-lifecycle-node-status"
+
+	// initial node creation
+	node := rtest.Resource(catalog.NodeV1Alpha1Type, nodeName).
+		WithData(t, &pbcatalog.Node{
+			Addresses: []*pbcatalog.NodeAddress{
+				{Host: "172.16.2.3"},
+				{Host: "198.18.2.3", External: true},
+			},
+		}).
+		Write(t, c)
+
+	// wait for the node health controller to mark the node as healthy
+	c.WaitForStatusCondition(t, node.Id,
+		catalog.NodeHealthStatusKey,
+		catalog.NodeHealthConditions[pbcatalog.Health_HEALTH_PASSING])
+
+	// Its easy enough to simply repeatedly set the health status and it proves
+	// that going both from better to worse health and worse to better all
+	// happen as expected. We leave the health in a warning state to allow for
+	// the subsequent health status deletion to cause the health to go back
+	// to passing.
+	healthChanges := []pbcatalog.Health{
+		pbcatalog.Health_HEALTH_PASSING,
+		pbcatalog.Health_HEALTH_WARNING,
+		pbcatalog.Health_HEALTH_CRITICAL,
+		pbcatalog.Health_HEALTH_MAINTENANCE,
+		pbcatalog.Health_HEALTH_CRITICAL,
+		pbcatalog.Health_HEALTH_WARNING,
+		pbcatalog.Health_HEALTH_PASSING,
+		pbcatalog.Health_HEALTH_WARNING,
+	}
+
+	// This will be set within the loop and used afterwards to delete the health status
+	var nodeHealth *pbresource.Resource
+
+	// Iterate through the various desired health statuses, updating
+	// a HealthStatus resource owned by the node and waiting for
+	// reconciliation at each point
+	for _, health := range healthChanges {
+		// update the health check
+		nodeHealth = setHealthStatus(t, c, node.Id, nodeHealthName, health)
+
+		// wait for reconciliation to kick in and put the node into the right
+		// health status.
+		c.WaitForStatusCondition(t, node.Id,
+			catalog.NodeHealthStatusKey,
+			catalog.NodeHealthConditions[health])
+	}
+
+	// now delete the health status and ensure things go back to passing
+	c.MustDelete(t, nodeHealth.Id)
+
+	// wait for the node health controller to mark the node as healthy
+	c.WaitForStatusCondition(t, node.Id,
+		catalog.NodeHealthStatusKey,
+		catalog.NodeHealthConditions[pbcatalog.Health_HEALTH_PASSING])
+
+	// Add the health status back once more, the actual status doesn't matter.
+	// It just must be owned by the node so that we can show cascading
+	// deletions of owned health statuses working.
+	healthStatus := setHealthStatus(t, c, node.Id, nodeHealthName, pbcatalog.Health_HEALTH_CRITICAL)
+
+	// Delete the node and wait for the health status to be deleted.
+	c.MustDelete(t, node.Id)
+	c.WaitForDeletion(t, healthStatus.Id)
+}
+
+// RunCatalogV1Alpha1WorkloadLifecycleIntegrationTest verifies correct functionality of
+// the workload-health controller. This test will exercise the following behaviors:
+//
+//   - Associating a workload with a node causes recomputation of the health and takes
+//     into account the nodes health
+//   - Modifying the workloads associated node causes health recomputation and takes into
+//     account the new nodes health
+//   - Removal of the node association causes recomputation of health and for no node health
+//     to be taken into account.
+//   - Creating a workload without associated health statuses or node association will
+//     be marked passing
+//   - Creating a workload without associated health statuses but with a node will
+//     inherit its health from the node.
+//   - Changing HealthStatus to a worse health will cause recompuation of the Health
+//   - Changing HealthStatus to a better health will cause recompuation of the Health
+//   - Overall health is computed as the worst health amongst the nodes health and all
+//     of the workloads associated HealthStatuses
+//   - Deletion of the workload will cause deletion of all associated health statuses.
+func RunCatalogV1Alpha1WorkloadLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) {
+	c := rtest.NewClient(client)
+	testutil.RunStep(t, "nodeless-workload", func(t *testing.T) {
+		runV1Alpha1NodelessWorkloadLifecycleIntegrationTest(t, c)
+	})
+
+	testutil.RunStep(t, "node-associated-workload", func(t *testing.T) {
+		runV1Alpha1NodeAssociatedWorkloadLifecycleIntegrationTest(t, c)
+	})
+}
+
+// runV1Alpha1NodelessWorkloadLifecycleIntegrationTest verifies correct functionality of
+// the workload-health controller for workloads without node associations. In particular
+// the following behaviors are being tested
+//
+//   - Creating a workload without associated health statuses or node association will
+//     be marked passing
+//   - Changing HealthStatus to a worse health will cause recompuation of the Health
+//   - Changing HealthStatus to a better health will cause recompuation of the Health
+//   - Deletion of associated HealthStatus for a nodeless workload will be set back to passing
+//   - Deletion of the workload will cause deletion of all associated health statuses.
+func runV1Alpha1NodelessWorkloadLifecycleIntegrationTest(t *testing.T, c *rtest.Client) {
+	workloadName := "test-lifecycle-workload"
+	workloadHealthName := "test-lifecycle-workload-status"
+
+	// create a workload without a node association or health statuses yet
+	workload := rtest.Resource(catalog.WorkloadV1Alpha1Type, workloadName).
+		WithData(t, &pbcatalog.Workload{
+			Addresses: []*pbcatalog.WorkloadAddress{
+				{Host: "198.18.9.8"},
+			},
+			Ports: map[string]*pbcatalog.WorkloadPort{
+				"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
+			},
+			Identity: "test-lifecycle",
+		}).
+		Write(t, c)
+
+	// wait for the workload health controller to mark the workload as healthy
+	c.WaitForStatusCondition(t, workload.Id,
+		catalog.WorkloadHealthStatusKey,
+		catalog.WorkloadHealthConditions[pbcatalog.Health_HEALTH_PASSING])
+
+	// We may not need to iterate through all of these states but its easy
+	// enough and quick enough to do so. The general rationale is that we
+	// should move through changing the workloads associated health status
+	// in this progression. We can prove that moving from better to worse
+	// health or worse to better both function correctly.
+	healthChanges := []pbcatalog.Health{
+		pbcatalog.Health_HEALTH_PASSING,
+		pbcatalog.Health_HEALTH_WARNING,
+		pbcatalog.Health_HEALTH_CRITICAL,
+		pbcatalog.Health_HEALTH_MAINTENANCE,
+		pbcatalog.Health_HEALTH_CRITICAL,
+		pbcatalog.Health_HEALTH_WARNING,
+		pbcatalog.Health_HEALTH_PASSING,
+		pbcatalog.Health_HEALTH_WARNING,
+	}
+
+	var workloadHealth *pbresource.Resource
+	// Iterate through the various desired health statuses, updating
+	// a HealthStatus resource owned by the workload and waiting for
+	// reconciliation at each point
+	for _, health := range healthChanges {
+		// update the health status
+		workloadHealth = setHealthStatus(t, c, workload.Id, workloadHealthName, health)
+
+		// wait for reconciliation to kick in and put the workload into
+		// the right health status.
+		c.WaitForStatusCondition(t, workload.Id,
+			catalog.WorkloadHealthStatusKey,
+			catalog.WorkloadHealthConditions[health])
+	}
+
+	// Now delete the health status, things should go back to passing status
+	c.MustDelete(t, workloadHealth.Id)
+
+	// ensure the workloads health went back to passing
+	c.WaitForStatusCondition(t, workload.Id,
+		catalog.WorkloadHealthStatusKey,
+		catalog.WorkloadHealthConditions[pbcatalog.Health_HEALTH_PASSING])
+
+	// Reset the workload health. The actual health is irrelevant, we just want it
+	// to exist to provde that Health Statuses get deleted along with the workload
+	// when its deleted.
+	workloadHealth = setHealthStatus(t, c, workload.Id, workloadHealthName, pbcatalog.Health_HEALTH_WARNING)
+
+	// Delete the workload and wait for the HealthStatus to also be deleted
+	c.MustDelete(t, workload.Id)
+	c.WaitForDeletion(t, workloadHealth.Id)
+}
+
+// runV1Alpha1NodeAssociatedWorkloadLifecycleIntegrationTest verifies correct functionality of
+// the workload-health controller. This test will exercise the following behaviors:
+//
+//   - Associating a workload with a node causes recomputation of the health and takes
+//     into account the nodes health
+//   - Modifying the workloads associated node causes health recomputation and takes into
+//     account the new nodes health
+//   - Removal of the node association causes recomputation of health and for no node health
+//     to be taken into account.
+//   - Creating a workload without associated health statuses but with a node will
+//     inherit its health from the node.
+//   - Overall health is computed as the worst health amongst the nodes health and all
+//     of the workloads associated HealthStatuses
+func runV1Alpha1NodeAssociatedWorkloadLifecycleIntegrationTest(t *testing.T, c *rtest.Client) {
+	workloadName := "test-lifecycle"
+	workloadHealthName := "test-lifecycle"
+	nodeName1 := "test-lifecycle-1"
+	nodeName2 := "test-lifecycle-2"
+	nodeHealthName1 := "test-lifecycle-node-1"
+	nodeHealthName2 := "test-lifecycle-node-2"
+
+	// Insert a some nodes to link the workloads to at various points throughout the test
+	node1 := rtest.Resource(catalog.NodeV1Alpha1Type, nodeName1).
+		WithData(t, &pbcatalog.Node{
+			Addresses: []*pbcatalog.NodeAddress{{Host: "172.17.9.10"}},
+		}).
+		Write(t, c)
+	node2 := rtest.Resource(catalog.NodeV1Alpha1Type, nodeName2).
+		WithData(t, &pbcatalog.Node{
+			Addresses: []*pbcatalog.NodeAddress{{Host: "172.17.9.11"}},
+		}).
+		Write(t, c)
+
+	// Set some non-passing health statuses for those nodes. Using non-passing will make
+	// it easy to see that changing a passing workloads node association appropriately
+	// impacts the overall workload health.
+	setHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_CRITICAL)
+	setHealthStatus(t, c, node2.Id, nodeHealthName2, pbcatalog.Health_HEALTH_WARNING)
+
+	// Add the workload but don't immediately associate with any node.
+	workload := rtest.Resource(catalog.WorkloadV1Alpha1Type, workloadName).
+		WithData(t, &pbcatalog.Workload{
+			Addresses: []*pbcatalog.WorkloadAddress{
+				{Host: "198.18.9.8"},
+			},
+			Ports: map[string]*pbcatalog.WorkloadPort{
+				"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
+			},
+			Identity: "test-lifecycle",
+		}).
+		Write(t, c)
+
+	// wait for the workload health controller to mark the workload as healthy
+	c.WaitForStatusCondition(t, workload.Id,
+		catalog.WorkloadHealthStatusKey,
+		catalog.WorkloadHealthConditions[pbcatalog.Health_HEALTH_PASSING])
+
+	// now modify the workload to associate it with node 1 (currently with CRITICAL health)
+	workload = rtest.ResourceID(workload.Id).
+		WithData(t, &pbcatalog.Workload{
+			Addresses: []*pbcatalog.WorkloadAddress{{Host: "198.18.9.8"}},
+			Ports:     map[string]*pbcatalog.WorkloadPort{"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
+			Identity:  "test-lifecycle",
+			// this is the only difference from the previous write
+			NodeName: node1.Id.Name,
+		}).
+		Write(t, c)
+
+	// wait for the workload health controller to mark the workload as critical (due to node 1 having critical health)
+	c.WaitForStatusCondition(t, workload.Id,
+		catalog.WorkloadHealthStatusKey,
+		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_PASSING][pbcatalog.Health_HEALTH_CRITICAL])
+
+	// Now reassociate the workload with node 2. This should cause recalculation of its health into the warning state
+	workload = rtest.ResourceID(workload.Id).
+		WithData(t, &pbcatalog.Workload{
+			Addresses: []*pbcatalog.WorkloadAddress{{Host: "198.18.9.8"}},
+			Ports:     map[string]*pbcatalog.WorkloadPort{"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
+			Identity:  "test-lifecycle",
+			// this is the only difference from the previous write
+			NodeName: node2.Id.Name,
+		}).
+		Write(t, c)
+
+	// Wait for the workload health controller to mark the workload as warning (due to node 2 having warning health)
+	c.WaitForStatusCondition(t, workload.Id,
+		catalog.WorkloadHealthStatusKey,
+		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_PASSING][pbcatalog.Health_HEALTH_WARNING])
+
+	// Delete the node, this should cause the health to be recalculated as critical because the node association
+	// is broken.
+	c.MustDelete(t, node2.Id)
+
+	// Wait for the workload health controller to mark the workload as critical due to the missing node
+	c.WaitForStatusCondition(t, workload.Id,
+		catalog.WorkloadHealthStatusKey,
+		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_PASSING][pbcatalog.Health_HEALTH_CRITICAL])
+
+	// Now fixup the node association to point at node 1
+	workload = rtest.ResourceID(workload.Id).
+		WithData(t, &pbcatalog.Workload{
+			Addresses: []*pbcatalog.WorkloadAddress{{Host: "198.18.9.8"}},
+			Ports:     map[string]*pbcatalog.WorkloadPort{"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
+			Identity:  "test-lifecycle",
+			// this is the only difference from the previous write
+			NodeName: node1.Id.Name,
+		}).
+		Write(t, c)
+
+	// Also set node 1 health down to WARNING
+	setHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_WARNING)
+
+	// Wait for the workload health controller to mark the workload as warning (due to node 1 having warning health now)
+	c.WaitForStatusCondition(t, workload.Id,
+		catalog.WorkloadHealthStatusKey,
+		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_PASSING][pbcatalog.Health_HEALTH_WARNING])
+
+	// Now add a critical workload health check to ensure that both node and workload health are accounted for.
+	setHealthStatus(t, c, workload.Id, workloadHealthName, pbcatalog.Health_HEALTH_CRITICAL)
+
+	// Wait for the workload health to be recomputed and put into the critical status.
+	c.WaitForStatusCondition(t, workload.Id,
+		catalog.WorkloadHealthStatusKey,
+		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_CRITICAL][pbcatalog.Health_HEALTH_WARNING])
+
+	// Reset the workloads health to passing. We expect the overall health to go back to warning
+	setHealthStatus(t, c, workload.Id, workloadHealthName, pbcatalog.Health_HEALTH_PASSING)
+	c.WaitForStatusCondition(t, workload.Id,
+		catalog.WorkloadHealthStatusKey,
+		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_PASSING][pbcatalog.Health_HEALTH_WARNING])
+
+	// Remove the node association and wait for the health to go back to passing
+	workload = rtest.ResourceID(workload.Id).
+		WithData(t, &pbcatalog.Workload{
+			Addresses: []*pbcatalog.WorkloadAddress{{Host: "198.18.9.8"}},
+			Ports:     map[string]*pbcatalog.WorkloadPort{"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
+			Identity:  "test-lifecycle",
+		}).
+		Write(t, c)
+	c.WaitForStatusCondition(t, workload.Id,
+		catalog.WorkloadHealthStatusKey,
+		catalog.WorkloadHealthConditions[pbcatalog.Health_HEALTH_PASSING])
+}
+
+// RunCatalogV1Alpha1EndpointsLifecycleIntegrationTest verifies the correct functionality of
+// the endpoints controller. This test will exercise the following behaviors:
+//
+// * Services without a selector get marked with status indicating their endpoints are unmanaged
+// * Services with a selector get marked with status indicating their endpoints are managed
+// * Deleting a service will delete the associated endpoints (regardless of them being managed or not)
+// * Moving from managed to unmanaged endpoints will delete the managed endpoints
+// * Moving from unmanaged to managed endpoints will overwrite any previous endpoints.
+// * A service with a selector that matches no workloads will still have the endpoints object written.
+// * Adding ports to a service will recalculate the endpoints
+// * Removing ports from a service will recalculate the endpoints
+// * Changing the workload will recalculate the endpoints (ports, addresses, or health)
+func RunCatalogV1Alpha1EndpointsLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) {
+	c := rtest.NewClient(client)
+	serviceName := "test-lifecycle"
+
+	// Create the service without a selector. We should not see endpoints generated but we should see the
+	// status updated to note endpoints are not being managed.
+	service := rtest.Resource(catalog.ServiceV1Alpha1Type, serviceName).
+		WithData(t, &pbcatalog.Service{
+			Ports: []*pbcatalog.ServicePort{{TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
+		}).
+		Write(t, c)
+
+	// Wait to ensure the status is updated accordingly
+	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionUnmanaged)
+
+	// Verify that no endpoints were created.
+	endpointsID := rtest.Resource(catalog.ServiceEndpointsV1Alpha1Type, serviceName).ID()
+	c.RequireResourceNotFound(t, endpointsID)
+
+	// Add some empty endpoints (type validations enforce that they are owned by the service)
+	rtest.ResourceID(endpointsID).
+		WithData(t, &pbcatalog.ServiceEndpoints{}).
+		WithOwner(service.Id).
+		Write(t, c)
+
+	// Now delete the service and ensure that they are cleaned up.
+	c.MustDelete(t, service.Id)
+	c.WaitForDeletion(t, endpointsID)
+
+	// Add some workloads to eventually select by the service
+
+	// api-1 has all ports (http, grpc and mesh). It also has a mixture of Addresses
+	// that select individual ports and one that selects all ports implicitly
+	api1 := rtest.Resource(catalog.WorkloadV1Alpha1Type, "api-1").
+		WithData(t, &pbcatalog.Workload{
+			Addresses: []*pbcatalog.WorkloadAddress{
+				{Host: "127.0.0.1"},
+				{Host: "::1", Ports: []string{"grpc"}},
+				{Host: "127.0.0.2", Ports: []string{"http"}},
+				{Host: "172.17.1.1", Ports: []string{"mesh"}},
+			},
+			Ports: map[string]*pbcatalog.WorkloadPort{
+				"mesh": {Port: 10000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH},
+				"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
+				"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
+			},
+			Identity: "api",
+		}).
+		Write(t, c)
+
+	// api-2 has only grpc and mesh ports. It also has a mixture of Addresses that
+	// select individual ports and one that selects all ports implicitly
+	api2 := rtest.Resource(catalog.WorkloadV1Alpha1Type, "api-2").
+		WithData(t, &pbcatalog.Workload{
+			Addresses: []*pbcatalog.WorkloadAddress{
+				{Host: "127.0.0.1"},
+				{Host: "::1", Ports: []string{"grpc"}},
+				{Host: "172.17.1.2", Ports: []string{"mesh"}},
+			},
+			Ports: map[string]*pbcatalog.WorkloadPort{
+				"mesh": {Port: 10000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH},
+				"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
+			},
+			Identity: "api",
+		}).
+		Write(t, c)
+
+	// api-3 has the mesh and HTTP ports. It also has a mixture of Addresses that
+	// select individual ports and one that selects all ports.
+	api3 := rtest.Resource(catalog.WorkloadV1Alpha1Type, "api-3").
+		WithData(t, &pbcatalog.Workload{
+			Addresses: []*pbcatalog.WorkloadAddress{
+				{Host: "127.0.0.1"},
+				{Host: "172.17.1.3", Ports: []string{"mesh"}},
+			},
+			Ports: map[string]*pbcatalog.WorkloadPort{
+				"mesh": {Port: 10000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH},
+				"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
+			},
+			Identity: "api",
+		}).
+		Write(t, c)
+
+	// Now create a service with unmanaged endpoints again
+	service = rtest.Resource(catalog.ServiceV1Alpha1Type, serviceName).
+		WithData(t, &pbcatalog.Service{
+			Ports: []*pbcatalog.ServicePort{{TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
+		}).
+		Write(t, c)
+
+	// Inject the endpoints resource. We want to prove that transition from unmanaged to
+	// managed endpoints results in overwriting of the old endpoints
+	rtest.ResourceID(endpointsID).
+		WithData(t, &pbcatalog.ServiceEndpoints{
+			Endpoints: []*pbcatalog.Endpoint{
+				{
+					Addresses: []*pbcatalog.WorkloadAddress{
+						{Host: "198.18.1.1", External: true},
+					},
+					Ports: map[string]*pbcatalog.WorkloadPort{
+						"http": {Port: 443, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
+					},
+					HealthStatus: pbcatalog.Health_HEALTH_PASSING,
+				},
+			},
+		}).
+		WithOwner(service.Id).
+		Write(t, c)
+
+	// Wait to ensure the status is updated accordingly
+	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionUnmanaged)
+
+	// Now move the service to having managed endpoints
+	service = rtest.ResourceID(service.Id).
+		WithData(t, &pbcatalog.Service{
+			Workloads: &pbcatalog.WorkloadSelector{Names: []string{"bar"}},
+			Ports:     []*pbcatalog.ServicePort{{TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
+		}).
+		Write(t, c)
+
+	// Verify that this status is updated to show this service as having managed endpoints
+	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionManaged)
+
+	// Verify that the service endpoints are created. In this case they will be empty
+	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{})
+
+	// Rewrite the service to select the API workloads - just select the singular port for now
+	service = rtest.ResourceID(service.Id).
+		WithData(t, &pbcatalog.Service{
+			Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
+			Ports:     []*pbcatalog.ServicePort{{TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
+		}).
+		Write(t, c)
+
+	// Wait for the status to be updated. The condition itself will remain unchanged but we are waiting for
+	// the generations to match to know that the endpoints would have been regenerated
+	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionManaged)
+
+	// ensure that api-1 and api-3 are selected but api-2 is excluded due to not having the desired port
+	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{
+		Endpoints: []*pbcatalog.Endpoint{
+			{
+				TargetRef: api1.Id,
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{Host: "127.0.0.1", Ports: []string{"http"}},
+					{Host: "127.0.0.2", Ports: []string{"http"}},
+				},
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
+				},
+				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
+			},
+			{
+				TargetRef: api3.Id,
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{Host: "127.0.0.1", Ports: []string{"http"}},
+				},
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
+				},
+				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
+			},
+		},
+	})
+
+	// Rewrite the service to select the API workloads - changing from selecting the HTTP port to the gRPC port
+	service = rtest.ResourceID(service.Id).
+		WithData(t, &pbcatalog.Service{
+			Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
+			Ports:     []*pbcatalog.ServicePort{{TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}},
+		}).
+		Write(t, c)
+
+	// Wait for the status to be updated. The condition itself will remain unchanged but we are waiting for
+	// the generations to match to know that the endpoints would have been regenerated
+	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionManaged)
+
+	// Check that the endpoints were generated as expected
+	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{
+		Endpoints: []*pbcatalog.Endpoint{
+			{
+				TargetRef: api1.Id,
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{Host: "127.0.0.1", Ports: []string{"grpc"}},
+					{Host: "::1", Ports: []string{"grpc"}},
+				},
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
+				},
+				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
+			},
+			{
+				TargetRef: api2.Id,
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{Host: "127.0.0.1", Ports: []string{"grpc"}},
+					{Host: "::1", Ports: []string{"grpc"}},
+				},
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
+				},
+				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
+			},
+		},
+	})
+
+	// Update the service to change the ports used. This should result in the workload being removed
+	// from the endpoints
+	rtest.ResourceID(api2.Id).
+		WithData(t, &pbcatalog.Workload{
+			Addresses: []*pbcatalog.WorkloadAddress{
+				{Host: "127.0.0.1"},
+				{Host: "::1", Ports: []string{"http"}},
+				{Host: "172.17.1.2", Ports: []string{"mesh"}},
+			},
+			Ports: map[string]*pbcatalog.WorkloadPort{
+				"mesh": {Port: 10000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH},
+				"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
+			},
+			Identity: "api",
+		}).
+		Write(t, c)
+
+	// Verify that api-2 was removed from the service endpoints as it no longer has a grpc port
+	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{
+		Endpoints: []*pbcatalog.Endpoint{
+			{
+				TargetRef: api1.Id,
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{Host: "127.0.0.1", Ports: []string{"grpc"}},
+					{Host: "::1", Ports: []string{"grpc"}},
+				},
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
+				},
+				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
+			},
+		},
+	})
+
+	// Remove the ::1 address from workload api1 which should result in recomputing endpoints
+	rtest.ResourceID(api1.Id).
+		WithData(t, &pbcatalog.Workload{
+			Addresses: []*pbcatalog.WorkloadAddress{
+				{Host: "127.0.0.1"},
+				{Host: "172.17.1.1", Ports: []string{"mesh"}},
+			},
+			Ports: map[string]*pbcatalog.WorkloadPort{
+				"mesh": {Port: 10000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH},
+				"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
+			},
+			Identity: "api",
+		}).
+		Write(t, c)
+
+	// Verify that api-1 had its addresses modified appropriately
+	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{
+		Endpoints: []*pbcatalog.Endpoint{
+			{
+				TargetRef: api1.Id,
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{Host: "127.0.0.1", Ports: []string{"grpc"}},
+				},
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
+				},
+				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
+			},
+		},
+	})
+
+	// Add a failing health status to the api1 workload to force recomputation of endpoints
+	setHealthStatus(t, c, api1.Id, "api-failed", pbcatalog.Health_HEALTH_CRITICAL)
+
+	// Verify that api-1 within the endpoints has the expected health
+	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{
+		Endpoints: []*pbcatalog.Endpoint{
+			{
+				TargetRef: api1.Id,
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{Host: "127.0.0.1", Ports: []string{"grpc"}},
+				},
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
+				},
+				HealthStatus: pbcatalog.Health_HEALTH_CRITICAL,
+			},
+		},
+	})
+
+	// Move the service to being unmanaged. We should see the ServiceEndpoints being removed.
+	service = rtest.ResourceID(service.Id).
+		WithData(t, &pbcatalog.Service{
+			Ports: []*pbcatalog.ServicePort{{TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}},
+		}).
+		Write(t, c)
+
+	// Wait for the endpoints controller to inform us that the endpoints are not being managed
+	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionUnmanaged)
+	// Ensure that the managed endpoints were deleted
+	c.WaitForDeletion(t, endpointsID)
+
+	// Put the service back into managed mode.
+	service = rtest.ResourceID(service.Id).
+		WithData(t, &pbcatalog.Service{
+			Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
+			Ports:     []*pbcatalog.ServicePort{{TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}},
+		}).
+		Write(t, c)
+
+	// Wait for the service endpoints to be regenerated
+	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionManaged)
+	c.RequireResourceExists(t, endpointsID)
+
+	// Now delete the service and ensure that the endpoints eventually are deleted as well
+	c.MustDelete(t, service.Id)
+	c.WaitForDeletion(t, endpointsID)
+
+}
+
+func setHealthStatus(t *testing.T, client *rtest.Client, owner *pbresource.ID, name string, health pbcatalog.Health) *pbresource.Resource {
+	return rtest.Resource(catalog.HealthStatusV1Alpha1Type, name).
+		WithData(t, &pbcatalog.HealthStatus{
+			Type:   "synthetic",
+			Status: health,
+		}).
+		WithOwner(owner).
+		Write(t, client)
+}
diff --git a/internal/catalog/exports.go b/internal/catalog/exports.go
index 61247091be1c..e0373bf7079b 100644
--- a/internal/catalog/exports.go
+++ b/internal/catalog/exports.go
@@ -5,6 +5,9 @@ package catalog
 
 import (
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers"
+	"github.com/hashicorp/consul/internal/catalog/internal/controllers/endpoints"
+	"github.com/hashicorp/consul/internal/catalog/internal/controllers/nodehealth"
+	"github.com/hashicorp/consul/internal/catalog/internal/controllers/workloadhealth"
 	"github.com/hashicorp/consul/internal/catalog/internal/mappers/nodemapper"
 	"github.com/hashicorp/consul/internal/catalog/internal/mappers/selectiontracker"
 	"github.com/hashicorp/consul/internal/catalog/internal/types"
@@ -40,6 +43,21 @@ var (
 	HealthStatusV1Alpha1Type     = types.HealthStatusV1Alpha1Type
 	HealthChecksV1Alpha1Type     = types.HealthChecksV1Alpha1Type
 	DNSPolicyV1Alpha1Type        = types.DNSPolicyV1Alpha1Type
+
+	// Controller Statuses
+	NodeHealthStatusKey              = nodehealth.StatusKey
+	NodeHealthStatusConditionHealthy = nodehealth.StatusConditionHealthy
+	NodeHealthConditions             = nodehealth.Conditions
+
+	WorkloadHealthStatusKey              = workloadhealth.StatusKey
+	WorkloadHealthStatusConditionHealthy = workloadhealth.StatusConditionHealthy
+	WorkloadHealthConditions             = workloadhealth.WorkloadConditions
+	WorkloadAndNodeHealthConditions      = workloadhealth.NodeAndWorkloadConditions
+
+	EndpointsStatusKey                       = endpoints.StatusKey
+	EndpointsStatusConditionEndpointsManaged = endpoints.StatusConditionEndpointsManaged
+	EndpointsStatusConditionManaged          = endpoints.ConditionManaged
+	EndpointsStatusConditionUnmanaged        = endpoints.ConditionUnmanaged
 )
 
 // RegisterTypes adds all resource types within the "catalog" API group
diff --git a/internal/resource/resourcetest/builder.go b/internal/resource/resourcetest/builder.go
index 7355f38824ec..8e66028e893b 100644
--- a/internal/resource/resourcetest/builder.go
+++ b/internal/resource/resourcetest/builder.go
@@ -3,9 +3,12 @@ package resourcetest
 import (
 	"context"
 
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/oklog/ulid/v2"
 	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/types/known/anypb"
@@ -37,6 +40,14 @@ func Resource(rtype *pbresource.Type, name string) *resourceBuilder {
 	}
 }
 
+func ResourceID(id *pbresource.ID) *resourceBuilder {
+	return &resourceBuilder{
+		resource: &pbresource.Resource{
+			Id: id,
+		},
+	}
+}
+
 func (b *resourceBuilder) WithData(t T, data protoreflect.ProtoMessage) *resourceBuilder {
 	t.Helper()
 
@@ -123,7 +134,11 @@ func (b *resourceBuilder) Write(t T, client pbresource.ResourceServiceClient) *p
 			_, err := client.Delete(context.Background(), &pbresource.DeleteRequest{
 				Id: rsp.Resource.Id,
 			})
-			require.NoError(t, err)
+
+			// ignore not found errors
+			if err != nil && status.Code(err) != codes.NotFound {
+				t.Fatalf("Failed to delete resource %s of type %s: %v", rsp.Resource.Id.Name, resource.ToGVK(rsp.Resource.Id.Type), err)
+			}
 		})
 	}
 
diff --git a/internal/resource/resourcetest/client.go b/internal/resource/resourcetest/client.go
index dab5b03c3adb..d29ccda4199d 100644
--- a/internal/resource/resourcetest/client.go
+++ b/internal/resource/resourcetest/client.go
@@ -35,6 +35,7 @@ func (client *Client) SetRetryerConfig(timeout time.Duration, wait time.Duration
 }
 
 func (client *Client) retry(t T, fn func(r *retry.R)) {
+	t.Helper()
 	retryer := &retry.Timer{Timeout: client.timeout, Wait: client.wait}
 	retry.RunWith(retryer, t, fn)
 }
@@ -181,7 +182,7 @@ func (client *Client) WaitForStatusCondition(t T, id *pbresource.ID, statusKey s
 
 	var res *pbresource.Resource
 	client.retry(t, func(r *retry.R) {
-		res = client.RequireStatusConditionForCurrentGen(t, id, statusKey, condition)
+		res = client.RequireStatusConditionForCurrentGen(r, id, statusKey, condition)
 	})
 
 	return res
@@ -209,6 +210,14 @@ func (client *Client) WaitForResourceState(t T, id *pbresource.ID, verify func(T
 	return res
 }
 
+func (client *Client) WaitForDeletion(t T, id *pbresource.ID) {
+	t.Helper()
+
+	client.retry(t, func(r *retry.R) {
+		client.RequireResourceNotFound(r, id)
+	})
+}
+
 // ResolveResourceID will read the specified resource and returns its full ID.
 // This is mainly useful to get the ID with the Uid filled out.
 func (client *Client) ResolveResourceID(t T, id *pbresource.ID) *pbresource.ID {
@@ -216,3 +225,12 @@ func (client *Client) ResolveResourceID(t T, id *pbresource.ID) *pbresource.ID {
 
 	return client.RequireResourceExists(t, id).Id
 }
+
+func (client *Client) MustDelete(t T, id *pbresource.ID) {
+	_, err := client.Delete(context.Background(), &pbresource.DeleteRequest{Id: id})
+	if status.Code(err) == codes.NotFound {
+		return
+	}
+
+	require.NoError(t, err)
+}
diff --git a/proto/private/prototest/testing.go b/proto/private/prototest/testing.go
index 28341012afa6..b423478155d1 100644
--- a/proto/private/prototest/testing.go
+++ b/proto/private/prototest/testing.go
@@ -100,5 +100,5 @@ func AssertContainsElement[V any](t TestingT, list []V, element V, opts ...cmp.O
 		}
 	}
 
-	t.Fatalf("assertion failed: list does not contain element\n--- list\n%#v\n--- element: %#v", list, element)
+	t.Fatalf("assertion failed: list does not contain element\n--- list\n%+v\n--- element: %+v", list, element)
 }

From 5352ccf8edf4167ba71397f3ef9d286ee82edea7 Mon Sep 17 00:00:00 2001
From: chappie <6537530+chapmanc@users.noreply.github.com>
Date: Fri, 16 Jun 2023 11:44:13 -0700
Subject: [PATCH 066/359] HCP Add node id/name to config (#17750)

---
 agent/config/builder.go                       | 23 ++++----
 agent/config/runtime_test.go                  |  7 +++
 .../TestRuntimeConfig_Sanitize.golden         |  4 +-
 agent/hcp/client/client.go                    | 11 ++--
 agent/hcp/client/client_test.go               | 52 +++++++++++++++++++
 agent/hcp/client/metrics_client.go            |  2 +-
 agent/hcp/client/metrics_client_test.go       |  4 +-
 agent/hcp/client/mock_metrics_client.go       |  5 ++
 agent/hcp/config/config.go                    |  4 ++
 agent/hcp/deps.go                             | 35 +++++++------
 agent/hcp/deps_test.go                        | 38 ++++++--------
 agent/setup.go                                |  5 +-
 12 files changed, 136 insertions(+), 54 deletions(-)
 create mode 100644 agent/hcp/client/mock_metrics_client.go

diff --git a/agent/config/builder.go b/agent/config/builder.go
index 1b79bb0f98e9..8e0bb37ef999 100644
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@@ -984,7 +984,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 		AutoEncryptIPSAN:                       autoEncryptIPSAN,
 		AutoEncryptAllowTLS:                    autoEncryptAllowTLS,
 		AutoConfig:                             autoConfig,
-		Cloud:                                  b.cloudConfigVal(c.Cloud),
+		Cloud:                                  b.cloudConfigVal(c),
 		ConnectEnabled:                         connectEnabled,
 		ConnectCAProvider:                      connectCAProvider,
 		ConnectCAConfig:                        connectCAConfig,
@@ -2545,21 +2545,26 @@ func validateAutoConfigAuthorizer(rt RuntimeConfig) error {
 	return nil
 }
 
-func (b *builder) cloudConfigVal(v *CloudConfigRaw) hcpconfig.CloudConfig {
+func (b *builder) cloudConfigVal(v Config) hcpconfig.CloudConfig {
 	val := hcpconfig.CloudConfig{
 		ResourceID: os.Getenv("HCP_RESOURCE_ID"),
 	}
-	if v == nil {
+	// Node id might get overriden in setup.go:142
+	nodeID := stringVal(v.NodeID)
+	val.NodeID = types.NodeID(nodeID)
+	val.NodeName = b.nodeName(v.NodeName)
+
+	if v.Cloud == nil {
 		return val
 	}
 
-	val.ClientID = stringVal(v.ClientID)
-	val.ClientSecret = stringVal(v.ClientSecret)
-	val.AuthURL = stringVal(v.AuthURL)
-	val.Hostname = stringVal(v.Hostname)
-	val.ScadaAddress = stringVal(v.ScadaAddress)
+	val.ClientID = stringVal(v.Cloud.ClientID)
+	val.ClientSecret = stringVal(v.Cloud.ClientSecret)
+	val.AuthURL = stringVal(v.Cloud.AuthURL)
+	val.Hostname = stringVal(v.Cloud.Hostname)
+	val.ScadaAddress = stringVal(v.Cloud.ScadaAddress)
 
-	if resourceID := stringVal(v.ResourceID); resourceID != "" {
+	if resourceID := stringVal(v.Cloud.ResourceID); resourceID != "" {
 		val.ResourceID = resourceID
 	}
 	return val
diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go
index cbc1e904d254..beaf214dba71 100644
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@@ -619,6 +619,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.NodeName = "a"
 			rt.TLS.NodeName = "a"
 			rt.DataDir = dataDir
+			rt.Cloud.NodeName = "a"
 		},
 	})
 	run(t, testCase{
@@ -630,6 +631,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 		expected: func(rt *RuntimeConfig) {
 			rt.NodeID = "a"
 			rt.DataDir = dataDir
+			rt.Cloud.NodeID = "a"
 		},
 	})
 	run(t, testCase{
@@ -2326,6 +2328,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.Cloud = hcpconfig.CloudConfig{
 				// ID is only populated from env if not populated from other sources.
 				ResourceID: "env-id",
+				NodeName:   "thehostname",
+				NodeID:     "",
 			}
 
 			// server things
@@ -2366,6 +2370,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.Cloud = hcpconfig.CloudConfig{
 				// ID is only populated from env if not populated from other sources.
 				ResourceID: "file-id",
+				NodeName:   "thehostname",
 			}
 
 			// server things
@@ -6324,6 +6329,8 @@ func TestLoad_FullConfig(t *testing.T) {
 			Hostname:     "DH4bh7aC",
 			AuthURL:      "332nCdR2",
 			ScadaAddress: "aoeusth232",
+			NodeID:       types.NodeID("AsUIlw99"),
+			NodeName:     "otlLxGaI",
 		},
 		DNSAddrs:                         []net.Addr{tcpAddr("93.95.95.81:7001"), udpAddr("93.95.95.81:7001")},
 		DNSARecordLimit:                  29907,
diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden
index b6ee9a98129f..6bb08ff95fed 100644
--- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden
+++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden
@@ -134,7 +134,9 @@
         "ManagementToken": "hidden",
         "ResourceID": "cluster1",
         "ScadaAddress": "",
-        "TLSConfig": null
+        "TLSConfig": null,
+        "NodeID": "",
+        "NodeName": ""
     },
     "ConfigEntryBootstrap": [],
     "ConnectCAConfig": {},
diff --git a/agent/hcp/client/client.go b/agent/hcp/client/client.go
index 212647c51e87..1c49fd792471 100644
--- a/agent/hcp/client/client.go
+++ b/agent/hcp/client/client.go
@@ -313,9 +313,14 @@ func (t *TelemetryConfig) Enabled() (string, bool) {
 }
 
 // DefaultLabels returns a set of <key, value> string pairs that must be added as attributes to all exported telemetry data.
-func (t *TelemetryConfig) DefaultLabels(nodeID string) map[string]string {
-	labels := map[string]string{
-		"node_id": nodeID, // used to delineate Consul nodes in graphs
+func (t *TelemetryConfig) DefaultLabels(cfg config.CloudConfig) map[string]string {
+	labels := make(map[string]string)
+	nodeID := string(cfg.NodeID)
+	if nodeID != "" {
+		labels["node_id"] = nodeID
+	}
+	if cfg.NodeName != "" {
+		labels["node_name"] = cfg.NodeName
 	}
 
 	for k, v := range t.Labels {
diff --git a/agent/hcp/client/client_test.go b/agent/hcp/client/client_test.go
index 8c8a6addd70c..0292fa3fab22 100644
--- a/agent/hcp/client/client_test.go
+++ b/agent/hcp/client/client_test.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"testing"
 
+	"github.com/hashicorp/consul/agent/hcp/config"
+	"github.com/hashicorp/consul/types"
 	"github.com/hashicorp/hcp-sdk-go/clients/cloud-consul-telemetry-gateway/preview/2023-04-14/client/consul_telemetry_service"
 	"github.com/hashicorp/hcp-sdk-go/clients/cloud-consul-telemetry-gateway/preview/2023-04-14/models"
 	"github.com/stretchr/testify/mock"
@@ -147,3 +149,53 @@ func TestConvertTelemetryConfig(t *testing.T) {
 		})
 	}
 }
+
+func Test_DefaultLabels(t *testing.T) {
+	for name, tc := range map[string]struct {
+		cfg            config.CloudConfig
+		expectedLabels map[string]string
+	}{
+		"Success": {
+			cfg: config.CloudConfig{
+				NodeID:   types.NodeID("nodeyid"),
+				NodeName: "nodey",
+			},
+			expectedLabels: map[string]string{
+				"node_id":   "nodeyid",
+				"node_name": "nodey",
+			},
+		},
+
+		"NoNodeID": {
+			cfg: config.CloudConfig{
+				NodeID:   types.NodeID(""),
+				NodeName: "nodey",
+			},
+			expectedLabels: map[string]string{
+				"node_name": "nodey",
+			},
+		},
+		"NoNodeName": {
+			cfg: config.CloudConfig{
+				NodeID:   types.NodeID("nodeyid"),
+				NodeName: "",
+			},
+			expectedLabels: map[string]string{
+				"node_id": "nodeyid",
+			},
+		},
+		"Empty": {
+			cfg: config.CloudConfig{
+				NodeID:   "",
+				NodeName: "",
+			},
+			expectedLabels: map[string]string{},
+		},
+	} {
+		t.Run(name, func(t *testing.T) {
+			tCfg := &TelemetryConfig{}
+			labels := tCfg.DefaultLabels(tc.cfg)
+			require.Equal(t, labels, tc.expectedLabels)
+		})
+	}
+}
diff --git a/agent/hcp/client/metrics_client.go b/agent/hcp/client/metrics_client.go
index b58b28f21dc4..0bcb90b81ce2 100644
--- a/agent/hcp/client/metrics_client.go
+++ b/agent/hcp/client/metrics_client.go
@@ -58,7 +58,7 @@ type otlpClient struct {
 
 // NewMetricsClient returns a configured MetricsClient.
 // The current implementation uses otlpClient to provide retry functionality.
-func NewMetricsClient(cfg CloudConfig, ctx context.Context) (MetricsClient, error) {
+func NewMetricsClient(ctx context.Context, cfg CloudConfig) (MetricsClient, error) {
 	if cfg == nil {
 		return nil, fmt.Errorf("failed to init telemetry client: provide valid cloudCfg (Cloud Configuration for TLS)")
 	}
diff --git a/agent/hcp/client/metrics_client_test.go b/agent/hcp/client/metrics_client_test.go
index 153ba536da79..4119e326e9dc 100644
--- a/agent/hcp/client/metrics_client_test.go
+++ b/agent/hcp/client/metrics_client_test.go
@@ -52,7 +52,7 @@ func TestNewMetricsClient(t *testing.T) {
 		},
 	} {
 		t.Run(name, func(t *testing.T) {
-			client, err := NewMetricsClient(test.cfg, test.ctx)
+			client, err := NewMetricsClient(test.ctx, test.cfg)
 			if test.wantErr != "" {
 				require.Error(t, err)
 				require.Contains(t, err.Error(), test.wantErr)
@@ -118,7 +118,7 @@ func TestExportMetrics(t *testing.T) {
 			}))
 			defer srv.Close()
 
-			client, err := NewMetricsClient(MockCloudCfg{}, context.Background())
+			client, err := NewMetricsClient(context.Background(), MockCloudCfg{})
 			require.NoError(t, err)
 
 			ctx := context.Background()
diff --git a/agent/hcp/client/mock_metrics_client.go b/agent/hcp/client/mock_metrics_client.go
new file mode 100644
index 000000000000..a30b1f1c62c0
--- /dev/null
+++ b/agent/hcp/client/mock_metrics_client.go
@@ -0,0 +1,5 @@
+package client
+
+type MockMetricsClient struct {
+	MetricsClient
+}
diff --git a/agent/hcp/config/config.go b/agent/hcp/config/config.go
index 8d1358fa4adf..319c39e40e94 100644
--- a/agent/hcp/config/config.go
+++ b/agent/hcp/config/config.go
@@ -6,6 +6,7 @@ package config
 import (
 	"crypto/tls"
 
+	"github.com/hashicorp/consul/types"
 	hcpcfg "github.com/hashicorp/hcp-sdk-go/config"
 	"github.com/hashicorp/hcp-sdk-go/resource"
 )
@@ -25,6 +26,9 @@ type CloudConfig struct {
 
 	// TlsConfig for testing.
 	TLSConfig *tls.Config
+
+	NodeID   types.NodeID
+	NodeName string
 }
 
 func (c *CloudConfig) WithTLSConfig(cfg *tls.Config) {
diff --git a/agent/hcp/deps.go b/agent/hcp/deps.go
index f4ad161daba4..e3e83dec9657 100644
--- a/agent/hcp/deps.go
+++ b/agent/hcp/deps.go
@@ -14,7 +14,6 @@ import (
 	"github.com/hashicorp/consul/agent/hcp/config"
 	"github.com/hashicorp/consul/agent/hcp/scada"
 	"github.com/hashicorp/consul/agent/hcp/telemetry"
-	"github.com/hashicorp/consul/types"
 	"github.com/hashicorp/go-hclog"
 )
 
@@ -25,10 +24,13 @@ type Deps struct {
 	Sink     metrics.MetricSink
 }
 
-func NewDeps(cfg config.CloudConfig, logger hclog.Logger, nodeID types.NodeID) (Deps, error) {
+func NewDeps(cfg config.CloudConfig, logger hclog.Logger) (Deps, error) {
+	ctx := context.Background()
+	ctx = hclog.WithContext(ctx, logger)
+
 	client, err := hcpclient.NewClient(cfg)
 	if err != nil {
-		return Deps{}, fmt.Errorf("failed to init client: %w:", err)
+		return Deps{}, fmt.Errorf("failed to init client: %w", err)
 	}
 
 	provider, err := scada.New(cfg, logger.Named("scada"))
@@ -36,7 +38,13 @@ func NewDeps(cfg config.CloudConfig, logger hclog.Logger, nodeID types.NodeID) (
 		return Deps{}, fmt.Errorf("failed to init scada: %w", err)
 	}
 
-	sink := sink(client, &cfg, logger.Named("sink"), nodeID)
+	metricsClient, err := hcpclient.NewMetricsClient(ctx, &cfg)
+	if err != nil {
+		logger.Error("failed to init metrics client", "error", err)
+		return Deps{}, fmt.Errorf("failed to init metrics client: %w", err)
+	}
+
+	sink := sink(ctx, client, metricsClient, cfg)
 
 	return Deps{
 		Client:   client,
@@ -48,10 +56,13 @@ func NewDeps(cfg config.CloudConfig, logger hclog.Logger, nodeID types.NodeID) (
 // sink provides initializes an OTELSink which forwards Consul metrics to HCP.
 // The sink is only initialized if the server is registered with the management plane (CCM).
 // This step should not block server initialization, so errors are logged, but not returned.
-func sink(hcpClient hcpclient.Client, cfg hcpclient.CloudConfig, logger hclog.Logger, nodeID types.NodeID) metrics.MetricSink {
-	ctx := context.Background()
-	ctx = hclog.WithContext(ctx, logger)
-
+func sink(
+	ctx context.Context,
+	hcpClient hcpclient.Client,
+	metricsClient hcpclient.MetricsClient,
+	cfg config.CloudConfig,
+) metrics.MetricSink {
+	logger := hclog.FromContext(ctx).Named("sink")
 	reqCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
 	defer cancel()
 
@@ -72,16 +83,10 @@ func sink(hcpClient hcpclient.Client, cfg hcpclient.CloudConfig, logger hclog.Lo
 		return nil
 	}
 
-	metricsClient, err := hcpclient.NewMetricsClient(cfg, ctx)
-	if err != nil {
-		logger.Error("failed to init metrics client", "error", err)
-		return nil
-	}
-
 	sinkOpts := &telemetry.OTELSinkOpts{
 		Ctx:     ctx,
 		Reader:  telemetry.NewOTELReader(metricsClient, u, telemetry.DefaultExportInterval),
-		Labels:  telemetryCfg.DefaultLabels(string(nodeID)),
+		Labels:  telemetryCfg.DefaultLabels(cfg),
 		Filters: telemetryCfg.MetricsConfig.Filters,
 	}
 
diff --git a/agent/hcp/deps_test.go b/agent/hcp/deps_test.go
index 54ec7b6de478..9a90c26d50ad 100644
--- a/agent/hcp/deps_test.go
+++ b/agent/hcp/deps_test.go
@@ -1,10 +1,11 @@
 package hcp
 
 import (
+	"context"
 	"fmt"
 	"testing"
 
-	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/consul/agent/hcp/config"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 
@@ -16,7 +17,7 @@ func TestSink(t *testing.T) {
 	t.Parallel()
 	for name, test := range map[string]struct {
 		expect       func(*client.MockClient)
-		mockCloudCfg client.CloudConfig
+		cloudCfg     config.CloudConfig
 		expectedSink bool
 	}{
 		"success": {
@@ -28,7 +29,10 @@ func TestSink(t *testing.T) {
 					},
 				}, nil)
 			},
-			mockCloudCfg: client.MockCloudCfg{},
+			cloudCfg: config.CloudConfig{
+				NodeID:   types.NodeID("nodeyid"),
+				NodeName: "nodey",
+			},
 			expectedSink: true,
 		},
 		"noSinkWhenServerNotRegisteredWithCCM": {
@@ -40,26 +44,13 @@ func TestSink(t *testing.T) {
 					},
 				}, nil)
 			},
-			mockCloudCfg: client.MockCloudCfg{},
+			cloudCfg: config.CloudConfig{},
 		},
 		"noSinkWhenCCMVerificationFails": {
 			expect: func(mockClient *client.MockClient) {
 				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, fmt.Errorf("fetch failed"))
 			},
-			mockCloudCfg: client.MockCloudCfg{},
-		},
-		"noSinkWhenMetricsClientInitFails": {
-			mockCloudCfg: client.MockCloudCfg{
-				ConfigErr: fmt.Errorf("test bad hcp config"),
-			},
-			expect: func(mockClient *client.MockClient) {
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(&client.TelemetryConfig{
-					Endpoint: "https://test.com",
-					MetricsConfig: &client.MetricsConfig{
-						Endpoint: "",
-					},
-				}, nil)
-			},
+			cloudCfg: config.CloudConfig{},
 		},
 		"failsWithFetchTelemetryFailure": {
 			expect: func(mockClient *client.MockClient) {
@@ -93,14 +84,17 @@ func TestSink(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			c := client.NewMockClient(t)
-			l := hclog.NewNullLogger()
+			mc := client.MockMetricsClient{}
+
 			test.expect(c)
-			sinkOpts := sink(c, test.mockCloudCfg, l, types.NodeID("server1234"))
+			ctx := context.Background()
+
+			s := sink(ctx, c, mc, test.cloudCfg)
 			if !test.expectedSink {
-				require.Nil(t, sinkOpts)
+				require.Nil(t, s)
 				return
 			}
-			require.NotNil(t, sinkOpts)
+			require.NotNil(t, s)
 		})
 	}
 }
diff --git a/agent/setup.go b/agent/setup.go
index bf1b4d004077..4d5d0feed7a1 100644
--- a/agent/setup.go
+++ b/agent/setup.go
@@ -138,7 +138,10 @@ func NewBaseDeps(configLoader ConfigLoader, logOut io.Writer, providedLogger hcl
 
 	var extraSinks []metrics.MetricSink
 	if cfg.IsCloudEnabled() {
-		d.HCP, err = hcp.NewDeps(cfg.Cloud, d.Logger.Named("hcp"), cfg.NodeID)
+		// This values is set late within newNodeIDFromConfig above
+		cfg.Cloud.NodeID = cfg.NodeID
+
+		d.HCP, err = hcp.NewDeps(cfg.Cloud, d.Logger.Named("hcp"))
 		if err != nil {
 			return d, err
 		}

From 37636eab718e3873d24e11212eab059ba7ae2486 Mon Sep 17 00:00:00 2001
From: Matt Keeler <mkeeler@users.noreply.github.com>
Date: Fri, 16 Jun 2023 16:29:50 -0400
Subject: [PATCH 067/359] Catalog V2 Container Based Integration Test (#17674)

* Implement the Catalog V2 controller integration container tests

This now allows the container tests to import things from the root module. However for now we want to be very restrictive about which packages we allow importing.

* Add an upgrade test for the new catalog

Currently this should be dormant and not executed. However its put in place to detect breaking changes in the future and show an example of how to do an upgrade test with integration tests structured like catalog v2.

* Make testutil.Retry capable of performing cleanup operations

These cleanup operations are executed after each retry attempt.

* Move TestContext to taking an interface instead of a concrete testing.T

This allows this to be used on a retry.R or generally anything that meets the interface.

* Move to using TestContext instead of background contexts

Also this forces all test methods to implement the Cleanup method now instead of that being an optional interface.


Co-authored-by: Daniel Upton <daniel@floppy.co>
---
 GNUmakefile                                   |  21 ++-
 .../scripts/check-allowed-imports.sh          | 124 ++++++++++++++++++
 internal/resource/resourcetest/builder.go     |  51 ++++---
 internal/resource/resourcetest/client.go      |  40 ++++--
 internal/resource/resourcetest/testing.go     |   4 -
 sdk/testutil/context.go                       |   8 +-
 sdk/testutil/retry/counter.go                 |  23 ++++
 sdk/testutil/retry/retry.go                   |  92 ++++++-------
 sdk/testutil/retry/retry_test.go              |  63 +++++++++
 sdk/testutil/retry/timer.go                   |  37 ++++++
 test/integration/consul-container/go.mod      |  30 +++--
 test/integration/consul-container/go.sum      |  42 +++++-
 .../consul-container/libs/cluster/agent.go    |   2 +
 .../libs/cluster/container.go                 |  51 ++++++-
 .../consul-container/libs/cluster/network.go  |   1 +
 .../consul-container/libs/utils/docker.go     |  15 +++
 .../test/catalog/catalog_test.go              |  35 +++++
 .../test/upgrade/catalog/catalog_test.go      |  87 ++++++++++++
 18 files changed, 613 insertions(+), 113 deletions(-)
 create mode 100755 build-support/scripts/check-allowed-imports.sh
 create mode 100644 sdk/testutil/retry/counter.go
 create mode 100644 sdk/testutil/retry/timer.go
 create mode 100644 test/integration/consul-container/test/catalog/catalog_test.go
 create mode 100644 test/integration/consul-container/test/upgrade/catalog/catalog_test.go

diff --git a/GNUmakefile b/GNUmakefile
index 3443b71db7b7..fe554b3c5432 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -3,6 +3,7 @@
 
 SHELL = bash
 
+
 GO_MODULES := $(shell find . -name go.mod -exec dirname {} \; | grep -v "proto-gen-rpc-glue/e2e" | sort)
 
 ###
@@ -72,6 +73,7 @@ CI_DEV_DOCKER_NAMESPACE?=hashicorpdev
 CI_DEV_DOCKER_IMAGE_NAME?=consul
 CI_DEV_DOCKER_WORKDIR?=bin/
 ################
+CONSUL_VERSION?=$(shell cat version/VERSION)
 
 TEST_MODCACHE?=1
 TEST_BUILDCACHE?=1
@@ -188,6 +190,8 @@ dev-docker: linux dev-build
 	@docker buildx use default && docker buildx build -t 'consul:local' -t '$(CONSUL_DEV_IMAGE)' \
        --platform linux/$(GOARCH) \
 	   --build-arg CONSUL_IMAGE_VERSION=$(CONSUL_IMAGE_VERSION) \
+		--label org.opencontainers.image.version=$(CONSUL_VERSION) \
+		--label version=$(CONSUL_VERSION) \
        --load \
        -f $(CURDIR)/build-support/docker/Consul-Dev-Multiarch.dockerfile $(CURDIR)/pkg/bin/
 
@@ -208,6 +212,8 @@ remote-docker: check-remote-dev-image-env
 	@docker buildx use consul-builder && docker buildx build -t '$(REMOTE_DEV_IMAGE)' \
        --platform linux/amd64,linux/arm64 \
 	   --build-arg CONSUL_IMAGE_VERSION=$(CONSUL_IMAGE_VERSION) \
+		--label org.opencontainers.image.version=$(CONSUL_VERSION) \
+		--label version=$(CONSUL_VERSION) \
        --push \
        -f $(CURDIR)/build-support/docker/Consul-Dev-Multiarch.dockerfile $(CURDIR)/pkg/bin/
 
@@ -351,16 +357,17 @@ lint/%:
 	@echo "--> Running enumcover ($*)"
 	@cd $* && GOWORK=off enumcover ./...
 
+# check that the test-container module only imports allowlisted packages
+# from the root consul module. Generally we don't want to allow these imports.
+# In a few specific instances though it is okay to import test definitions and
+# helpers from some of the packages in the root module.
 .PHONY: lint-container-test-deps
 lint-container-test-deps:
 	@echo "--> Checking container tests for bad dependencies"
-	@cd test/integration/consul-container && ( \
-		found="$$(go list -m all | grep -c '^github.com/hashicorp/consul ')" ; \
-		if [[ "$$found" != "0" ]]; then \
-			echo "test/integration/consul-container: This project should not depend on the root consul module" >&2 ; \
-			exit 1 ; \
-		fi \
-	)
+	@cd test/integration/consul-container && \
+		$(CURDIR)/build-support/scripts/check-allowed-imports.sh \
+			github.com/hashicorp/consul \
+			internal/catalog/catalogtest
 
 # Build the static web ui inside a Docker container. For local testing only; do not commit these assets.
 ui: ui-docker
diff --git a/build-support/scripts/check-allowed-imports.sh b/build-support/scripts/check-allowed-imports.sh
new file mode 100755
index 000000000000..fb0280e6ff08
--- /dev/null
+++ b/build-support/scripts/check-allowed-imports.sh
@@ -0,0 +1,124 @@
+#!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+
+readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
+readonly SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")"
+readonly SOURCE_DIR="$(dirname "$(dirname "${SCRIPT_DIR}")")"
+readonly FN_DIR="$(dirname "${SCRIPT_DIR}")/functions"
+
+source "${SCRIPT_DIR}/functions.sh"
+
+
+set -uo pipefail
+
+usage() {
+cat <<-EOF
+Usage: ${SCRIPT_NAME} <module root> [<allowed relative package path>...]
+
+Description:
+    Verifies that only the specified packages may be imported from the given module 
+
+Options:
+    -h | --help              Print this help text.
+EOF
+}
+
+function err_usage {
+    err "$1"
+    err ""
+    err "$(usage)"
+}
+
+function main {
+   local module_root=""
+   declare -a allowed_packages=()
+   while test $# -gt 0
+   do
+      case "$1" in
+         -h | --help )
+         usage
+         return 0
+         ;;
+      * )
+         if test -z "$module_root"
+         then
+            module_root="$1"
+         else
+            allowed_packages+="$1"
+         fi
+         shift     
+      esac
+   done
+   
+   # If we could guarantee this ran with bash 4.2+ then the final argument could
+   # be just ${allowed_packages[@]}. However that with older versions of bash
+   # in combination with set -u causes bash to emit errors about using unbound
+   # variables when no allowed packages have been specified (i.e. the module should
+   # generally be disallowed with no exceptions). This syntax is very strange
+   # but seems to be the prescribed workaround I found.
+   check_imports "$module_root" ${allowed_packages[@]+"${allowed_packages[@]}"}
+   return $?
+}
+
+function check_imports {
+   local module_root="$1"
+   shift
+   local allowed_packages="$@"
+   
+   module_imports=$( go list -test -f '{{join .TestImports "\n"}}' ./... | grep "$module_root" | sort | uniq)
+   module_test_imports=$( go list -test -f '{{join .TestImports "\n"}}' ./... | grep "$module_root" | sort | uniq)
+
+   any_error=0
+   
+   for imp in $module_imports
+   do
+      is_import_allowed "$imp" "$module_root" $allowed_packages
+      allowed=$?
+      
+      if test $any_error -ne 1
+      then
+         any_error=$allowed
+      fi
+   done
+  
+   if test $any_error -eq 1
+   then
+      echo "Only the following direct imports are allowed from module $module_root:"
+      for pkg in $allowed_packages
+      do
+         echo "   * $pkg"
+      done
+   fi
+
+   return $any_error   
+}
+
+function is_import_allowed {
+   local pkg_import=$1
+   shift
+   local module_root=$1
+   shift
+   local allowed_packages="$@"
+   
+   # check if the import path is a part of the module we are restricting imports for
+   if test "$( go list -f '{{.Module.Path}}' $pkg_import)" != "$module_root"
+   then
+      return 0
+   fi
+   
+   for pkg in $allowed_packages
+   do
+      if test "${module_root}/$pkg" == "$pkg_import"
+      then
+         return 0
+      fi
+   done
+   
+   err "Import of package $pkg_import is not allowed"
+   return 1
+}
+
+main "$@"
+exit $?
\ No newline at end of file
diff --git a/internal/resource/resourcetest/builder.go b/internal/resource/resourcetest/builder.go
index 8e66028e893b..749ff4fea27e 100644
--- a/internal/resource/resourcetest/builder.go
+++ b/internal/resource/resourcetest/builder.go
@@ -1,10 +1,12 @@
 package resourcetest
 
 import (
-	"context"
+	"strings"
 
-	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/oklog/ulid/v2"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
@@ -119,26 +121,37 @@ func (b *resourceBuilder) ID() *pbresource.ID {
 func (b *resourceBuilder) Write(t T, client pbresource.ResourceServiceClient) *pbresource.Resource {
 	t.Helper()
 
+	ctx := testutil.TestContext(t)
+
 	res := b.resource
 
-	rsp, err := client.Write(context.Background(), &pbresource.WriteRequest{
-		Resource: res,
-	})
+	var rsp *pbresource.WriteResponse
+	var err error
 
-	require.NoError(t, err)
+	// Retry any writes where the error is a UID mismatch and the UID was not specified. This is indicative
+	// of using a follower to rewrite an object who is not perfectly in-sync with the leader.
+	retry.Run(t, func(r *retry.R) {
+		rsp, err = client.Write(ctx, &pbresource.WriteRequest{
+			Resource: res,
+		})
+
+		if err == nil || res.Id.Uid != "" || status.Code(err) != codes.FailedPrecondition {
+			return
+		}
+
+		if strings.Contains(err.Error(), storage.ErrWrongUid.Error()) {
+			r.Fatalf("resource write failed due to uid mismatch - most likely a transient issue when talking to a non-leader")
+		} else {
+			// other errors are unexpected and should cause an immediate failure
+			r.Stop(err)
+		}
+	})
 
 	if !b.dontCleanup {
-		cleaner, ok := t.(CleanupT)
-		require.True(t, ok, "T does not implement a Cleanup method and cannot be used with automatic resource cleanup")
-		cleaner.Cleanup(func() {
-			_, err := client.Delete(context.Background(), &pbresource.DeleteRequest{
-				Id: rsp.Resource.Id,
-			})
-
-			// ignore not found errors
-			if err != nil && status.Code(err) != codes.NotFound {
-				t.Fatalf("Failed to delete resource %s of type %s: %v", rsp.Resource.Id.Name, resource.ToGVK(rsp.Resource.Id.Type), err)
-			}
+		id := proto.Clone(rsp.Resource.Id).(*pbresource.ID)
+		id.Uid = ""
+		t.Cleanup(func() {
+			NewClient(client).MustDelete(t, id)
 		})
 	}
 
@@ -151,7 +164,7 @@ func (b *resourceBuilder) Write(t T, client pbresource.ResourceServiceClient) *p
 			ObservedGeneration: rsp.Resource.Generation,
 			Conditions:         original.Conditions,
 		}
-		_, err := client.WriteStatus(context.Background(), &pbresource.WriteStatusRequest{
+		_, err := client.WriteStatus(ctx, &pbresource.WriteStatusRequest{
 			Id:     rsp.Resource.Id,
 			Key:    key,
 			Status: status,
@@ -159,7 +172,7 @@ func (b *resourceBuilder) Write(t T, client pbresource.ResourceServiceClient) *p
 		require.NoError(t, err)
 	}
 
-	readResp, err := client.Read(context.Background(), &pbresource.ReadRequest{
+	readResp, err := client.Read(ctx, &pbresource.ReadRequest{
 		Id: rsp.Resource.Id,
 	})
 
diff --git a/internal/resource/resourcetest/client.go b/internal/resource/resourcetest/client.go
index d29ccda4199d..5047406d0585 100644
--- a/internal/resource/resourcetest/client.go
+++ b/internal/resource/resourcetest/client.go
@@ -1,12 +1,13 @@
 package resourcetest
 
 import (
-	"context"
+	"fmt"
 	"math/rand"
 	"time"
 
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/exp/slices"
@@ -41,6 +42,8 @@ func (client *Client) retry(t T, fn func(r *retry.R)) {
 }
 
 func (client *Client) PublishResources(t T, resources []*pbresource.Resource) {
+	ctx := testutil.TestContext(t)
+
 	// Randomize the order of insertion. Generally insertion order shouldn't matter as the
 	// controllers should eventually converge on the desired state. The exception to this
 	// is that you cannot insert resources with owner refs before the resource they are
@@ -75,12 +78,17 @@ func (client *Client) PublishResources(t T, resources []*pbresource.Resource) {
 			}
 
 			t.Logf("Writing resource %s with type %s", res.Id.Name, resource.ToGVK(res.Id.Type))
-			_, err := client.Write(context.Background(), &pbresource.WriteRequest{
+			rsp, err := client.Write(ctx, &pbresource.WriteRequest{
 				Resource: res,
 			})
 			require.NoError(t, err)
 
-			// track the number o
+			id := rsp.Resource.Id
+			t.Cleanup(func() {
+				client.MustDelete(t, id)
+			})
+
+			// track the number of resources published
 			published += 1
 			written = append(written, res.Id)
 		}
@@ -102,7 +110,7 @@ func (client *Client) PublishResources(t T, resources []*pbresource.Resource) {
 func (client *Client) RequireResourceNotFound(t T, id *pbresource.ID) {
 	t.Helper()
 
-	rsp, err := client.Read(context.Background(), &pbresource.ReadRequest{Id: id})
+	rsp, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{Id: id})
 	require.Error(t, err)
 	require.Equal(t, codes.NotFound, status.Code(err))
 	require.Nil(t, rsp)
@@ -111,7 +119,7 @@ func (client *Client) RequireResourceNotFound(t T, id *pbresource.ID) {
 func (client *Client) RequireResourceExists(t T, id *pbresource.ID) *pbresource.Resource {
 	t.Helper()
 
-	rsp, err := client.Read(context.Background(), &pbresource.ReadRequest{Id: id})
+	rsp, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{Id: id})
 	require.NoError(t, err, "error reading %s with type %s", id.Name, resource.ToGVK(id.Type))
 	require.NotNil(t, rsp)
 	return rsp.Resource
@@ -227,10 +235,22 @@ func (client *Client) ResolveResourceID(t T, id *pbresource.ID) *pbresource.ID {
 }
 
 func (client *Client) MustDelete(t T, id *pbresource.ID) {
-	_, err := client.Delete(context.Background(), &pbresource.DeleteRequest{Id: id})
-	if status.Code(err) == codes.NotFound {
-		return
-	}
+	t.Helper()
+	ctx := testutil.TestContext(t)
 
-	require.NoError(t, err)
+	client.retry(t, func(r *retry.R) {
+		_, err := client.Delete(ctx, &pbresource.DeleteRequest{Id: id})
+		if status.Code(err) == codes.NotFound {
+			return
+		}
+
+		// codes.Aborted indicates a CAS failure and that the delete request should
+		// be retried. Anything else should be considered an unrecoverable error.
+		if err != nil && status.Code(err) != codes.Aborted {
+			r.Stop(fmt.Errorf("failed to delete the resource: %w", err))
+			return
+		}
+
+		require.NoError(r, err)
+	})
 }
diff --git a/internal/resource/resourcetest/testing.go b/internal/resource/resourcetest/testing.go
index d02b70da9d03..1c774082b369 100644
--- a/internal/resource/resourcetest/testing.go
+++ b/internal/resource/resourcetest/testing.go
@@ -9,9 +9,5 @@ type T interface {
 	Errorf(format string, args ...interface{})
 	Fatalf(format string, args ...interface{})
 	FailNow()
-}
-
-type CleanupT interface {
-	T
 	Cleanup(func())
 }
diff --git a/sdk/testutil/context.go b/sdk/testutil/context.go
index 257f205aa298..47ff794c96c6 100644
--- a/sdk/testutil/context.go
+++ b/sdk/testutil/context.go
@@ -5,10 +5,14 @@ package testutil
 
 import (
 	"context"
-	"testing"
 )
 
-func TestContext(t *testing.T) context.Context {
+type CleanerT interface {
+	Helper()
+	Cleanup(func())
+}
+
+func TestContext(t CleanerT) context.Context {
 	t.Helper()
 	ctx, cancel := context.WithCancel(context.Background())
 	t.Cleanup(cancel)
diff --git a/sdk/testutil/retry/counter.go b/sdk/testutil/retry/counter.go
new file mode 100644
index 000000000000..96a37ab9d2fc
--- /dev/null
+++ b/sdk/testutil/retry/counter.go
@@ -0,0 +1,23 @@
+package retry
+
+import "time"
+
+// Counter repeats an operation a given number of
+// times and waits between subsequent operations.
+type Counter struct {
+	Count int
+	Wait  time.Duration
+
+	count int
+}
+
+func (r *Counter) Continue() bool {
+	if r.count == r.Count {
+		return false
+	}
+	if r.count > 0 {
+		time.Sleep(r.Wait)
+	}
+	r.count++
+	return true
+}
diff --git a/sdk/testutil/retry/retry.go b/sdk/testutil/retry/retry.go
index 30045f0c629d..af468460d592 100644
--- a/sdk/testutil/retry/retry.go
+++ b/sdk/testutil/retry/retry.go
@@ -53,6 +53,8 @@ type R struct {
 	// and triggers t.FailNow()
 	done   bool
 	output []string
+
+	cleanups []func()
 }
 
 func (r *R) Logf(format string, args ...interface{}) {
@@ -65,6 +67,41 @@ func (r *R) Log(args ...interface{}) {
 
 func (r *R) Helper() {}
 
+// Cleanup register a function to be run to cleanup resources that
+// were allocated during the retry attempt. These functions are executed
+// after a retry attempt. If they panic, it will not stop further retry
+// attempts but will be cause for the overall test failure.
+func (r *R) Cleanup(fn func()) {
+	r.cleanups = append(r.cleanups, fn)
+}
+
+func (r *R) runCleanup() {
+
+	// Make sure that if a cleanup function panics,
+	// we still run the remaining cleanup functions.
+	defer func() {
+		err := recover()
+		if err != nil {
+			r.Stop(fmt.Errorf("error when performing test cleanup: %v", err))
+		}
+		if len(r.cleanups) > 0 {
+			r.runCleanup()
+		}
+	}()
+
+	for len(r.cleanups) > 0 {
+		var cleanup func()
+		if len(r.cleanups) > 0 {
+			last := len(r.cleanups) - 1
+			cleanup = r.cleanups[last]
+			r.cleanups = r.cleanups[:last]
+		}
+		if cleanup != nil {
+			cleanup()
+		}
+	}
+}
+
 // runFailed is a sentinel value to indicate that the func itself
 // didn't panic, rather that `FailNow` was called.
 type runFailed struct{}
@@ -190,6 +227,7 @@ func run(r Retryer, t Failer, f func(r *R)) {
 		// run f(rr), but if recover yields a runFailed value, we know
 		// FailNow was called.
 		func() {
+			defer rr.runCleanup()
 			defer func() {
 				if p := recover(); p != nil && p != (runFailed{}) {
 					panic(p)
@@ -216,16 +254,6 @@ func DefaultFailer() *Timer {
 	return &Timer{Timeout: 7 * time.Second, Wait: 25 * time.Millisecond}
 }
 
-// TwoSeconds repeats an operation for two seconds and waits 25ms in between.
-func TwoSeconds() *Timer {
-	return &Timer{Timeout: 2 * time.Second, Wait: 25 * time.Millisecond}
-}
-
-// ThreeTimes repeats an operation three times and waits 25ms in between.
-func ThreeTimes() *Counter {
-	return &Counter{Count: 3, Wait: 25 * time.Millisecond}
-}
-
 // Retryer provides an interface for repeating operations
 // until they succeed or an exit condition is met.
 type Retryer interface {
@@ -233,47 +261,3 @@ type Retryer interface {
 	// returns false to indicate retrying should stop.
 	Continue() bool
 }
-
-// Counter repeats an operation a given number of
-// times and waits between subsequent operations.
-type Counter struct {
-	Count int
-	Wait  time.Duration
-
-	count int
-}
-
-func (r *Counter) Continue() bool {
-	if r.count == r.Count {
-		return false
-	}
-	if r.count > 0 {
-		time.Sleep(r.Wait)
-	}
-	r.count++
-	return true
-}
-
-// Timer repeats an operation for a given amount
-// of time and waits between subsequent operations.
-type Timer struct {
-	Timeout time.Duration
-	Wait    time.Duration
-
-	// stop is the timeout deadline.
-	// TODO: Next()?
-	// Set on the first invocation of Next().
-	stop time.Time
-}
-
-func (r *Timer) Continue() bool {
-	if r.stop.IsZero() {
-		r.stop = time.Now().Add(r.Timeout)
-		return true
-	}
-	if time.Now().After(r.stop) {
-		return false
-	}
-	time.Sleep(r.Wait)
-	return true
-}
diff --git a/sdk/testutil/retry/retry_test.go b/sdk/testutil/retry/retry_test.go
index 1f7eda7b3133..77bc2d4d9f96 100644
--- a/sdk/testutil/retry/retry_test.go
+++ b/sdk/testutil/retry/retry_test.go
@@ -128,6 +128,69 @@ func TestRunWith(t *testing.T) {
 	})
 }
 
+func TestCleanup(t *testing.T) {
+	t.Run("basic", func(t *testing.T) {
+		ft := &fakeT{}
+		cleanupsExecuted := 0
+		RunWith(&Counter{Count: 2, Wait: time.Millisecond}, ft, func(r *R) {
+			r.Cleanup(func() {
+				cleanupsExecuted += 1
+			})
+		})
+
+		require.Equal(t, 0, ft.fails)
+		require.Equal(t, 1, cleanupsExecuted)
+	})
+	t.Run("cleanup-panic-recovery", func(t *testing.T) {
+		ft := &fakeT{}
+		cleanupsExecuted := 0
+		RunWith(&Counter{Count: 2, Wait: time.Millisecond}, ft, func(r *R) {
+			r.Cleanup(func() {
+				cleanupsExecuted += 1
+			})
+
+			r.Cleanup(func() {
+				cleanupsExecuted += 1
+				panic(fmt.Errorf("fake test error"))
+			})
+
+			r.Cleanup(func() {
+				cleanupsExecuted += 1
+			})
+
+			// test is successful but should fail due to the cleanup panicing
+		})
+
+		require.Equal(t, 3, cleanupsExecuted)
+		require.Equal(t, 1, ft.fails)
+		require.Contains(t, ft.out[0], "fake test error")
+	})
+
+	t.Run("cleanup-per-retry", func(t *testing.T) {
+		ft := &fakeT{}
+		iter := 0
+		cleanupsExecuted := 0
+		RunWith(&Counter{Count: 3, Wait: time.Millisecond}, ft, func(r *R) {
+			if cleanupsExecuted != iter {
+				r.Stop(fmt.Errorf("cleanups not executed between retries"))
+				return
+			}
+			iter += 1
+
+			r.Cleanup(func() {
+				cleanupsExecuted += 1
+			})
+
+			r.FailNow()
+		})
+
+		require.Equal(t, 3, cleanupsExecuted)
+		// ensure that r.Stop hadn't been called. If it was then we would
+		// have log output
+		require.Len(t, ft.out, 0)
+	})
+}
+
 type fakeT struct {
 	fails int
 	out   []string
diff --git a/sdk/testutil/retry/timer.go b/sdk/testutil/retry/timer.go
new file mode 100644
index 000000000000..a26593ddd72e
--- /dev/null
+++ b/sdk/testutil/retry/timer.go
@@ -0,0 +1,37 @@
+package retry
+
+import "time"
+
+// TwoSeconds repeats an operation for two seconds and waits 25ms in between.
+func TwoSeconds() *Timer {
+	return &Timer{Timeout: 2 * time.Second, Wait: 25 * time.Millisecond}
+}
+
+// ThreeTimes repeats an operation three times and waits 25ms in between.
+func ThreeTimes() *Counter {
+	return &Counter{Count: 3, Wait: 25 * time.Millisecond}
+}
+
+// Timer repeats an operation for a given amount
+// of time and waits between subsequent operations.
+type Timer struct {
+	Timeout time.Duration
+	Wait    time.Duration
+
+	// stop is the timeout deadline.
+	// TODO: Next()?
+	// Set on the first invocation of Next().
+	stop time.Time
+}
+
+func (r *Timer) Continue() bool {
+	if r.stop.IsZero() {
+		r.stop = time.Now().Add(r.Timeout)
+		return true
+	}
+	if time.Now().After(r.stop) {
+		return false
+	}
+	time.Sleep(r.Wait)
+	return true
+}
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index 27d1357bd1df..b1d092af136b 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -7,9 +7,11 @@ require (
 	github.com/avast/retry-go v3.0.0+incompatible
 	github.com/docker/docker v23.0.6+incompatible
 	github.com/docker/go-connections v0.4.0
-	github.com/hashicorp/consul/api v1.20.0
-	github.com/hashicorp/consul/envoyextensions v0.1.2
-	github.com/hashicorp/consul/sdk v0.13.1
+	github.com/hashicorp/consul v0.0.0-00010101000000-000000000000
+	github.com/hashicorp/consul/api v1.22.0-rc1
+	github.com/hashicorp/consul/envoyextensions v0.3.0-rc1
+	github.com/hashicorp/consul/proto-public v0.4.0-rc1
+	github.com/hashicorp/consul/sdk v0.14.0-rc1
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-uuid v1.0.3
@@ -34,6 +36,7 @@ require (
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
+	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 // indirect
 	github.com/containerd/containerd v1.7.1 // indirect
@@ -47,6 +50,7 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.0.1 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-hclog v1.5.0 // indirect
@@ -55,6 +59,7 @@ require (
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/memberlist v0.5.0 // indirect
 	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/itchyny/timefmt-go v0.1.4 // indirect
@@ -70,28 +75,29 @@ require (
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/oklog/ulid/v2 v2.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
 	github.com/opencontainers/runc v1.1.7 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/sync v0.2.0 // indirect
 	golang.org/x/sys v0.8.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.9.1 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gotest.tools/v3 v3.4.0 // indirect
 )
 
-replace github.com/hashicorp/consul/api => ../../../api
-
-replace github.com/hashicorp/consul/sdk => ../../../sdk
-
-replace github.com/hashicorp/consul => ../../..
-
-replace github.com/hashicorp/consul/envoyextensions => ../../../envoyextensions
+replace (
+	github.com/hashicorp/consul => ../../..
+	github.com/hashicorp/consul/api => ../../../api
+	github.com/hashicorp/consul/envoyextensions => ../../../envoyextensions
+	github.com/hashicorp/consul/proto-public => ../../../proto-public
+	github.com/hashicorp/consul/sdk => ../../../sdk
+)
diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum
index 44574893cd96..c4bfd7944078 100644
--- a/test/integration/consul-container/go.sum
+++ b/test/integration/consul-container/go.sum
@@ -13,6 +13,7 @@ fortio.org/version v1.0.2/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
@@ -26,18 +27,25 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV
 github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
 github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0=
 github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
+github.com/aws/aws-sdk-go v1.42.34 h1:fqGAiKmCSRY1rEa4G9VqgkKKbNmLKYq5dKmLtQkvYi8=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible h1:C29Ae4G5GtYyYMm1aztcyj/J5ckgJm2zwdDajFbx1NY=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
+github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 h1:58f1tJ1ra+zFINPlwLWvQsR9CzAKt2e+EWV2yX9oXQ4=
@@ -95,12 +103,16 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
+github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 h1:wzWurXrxfSyG1PHskIZlfuXlTSCj1Tsyatp9DtaasuY=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-bexpr v0.1.2 h1:ijMXI4qERbzxbCnkxmfUtwMyjrrk3y+Vt0MxojNCbBs=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
@@ -109,6 +121,7 @@ github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVH
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-memdb v1.3.4 h1:XSL3NR682X/cVk2IeV0d70N4DZ9ljI885xAEU8IoK3c=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI=
 github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
@@ -117,11 +130,13 @@ github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
+github.com/hashicorp/go-retryablehttp v0.6.7 h1:8/CAEZt/+F7kR7GevNHulKkUjLht3CPmn7egmhieNKo=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
+github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
@@ -132,12 +147,18 @@ github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
 github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM=
 github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0=
+github.com/hashicorp/raft v1.5.0 h1:uNs9EfJ4FwiArZRxxfd/dQ5d33nV31/CdCHArH89hT8=
+github.com/hashicorp/raft-autopilot v0.1.6 h1:C1q3RNF2FfXNZfHWbvVAu0QixaQK8K5pX4O5lh+9z4I=
 github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
 github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
+github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 h1:xixZ2bWeofWV68J+x6AzmKuVM/JWCQwkWm6GW/MUR6I=
 github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
 github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/itchyny/gojq v0.12.9 h1:biKpbKwMxVYhCU1d6mR7qMr3f0Hn9F5k5YykCVb3gmM=
@@ -176,6 +197,7 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/
 github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
 github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
 github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
@@ -185,7 +207,9 @@ github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa1
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-testing-interface v1.14.0 h1:/x0XQ6h+3U3nAyk1yx+bHPURrKa9sVVvYbuqZ7pIAtI=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 h1:hOY53G+kBFhbYFpRVxHl5eS7laP6B1+Cq+Z9Dry1iMU=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@@ -204,6 +228,8 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
+github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
@@ -216,6 +242,7 @@ github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -228,15 +255,19 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
+github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
+github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
+github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -248,18 +279,23 @@ github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
 github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 h1:xzABM9let0HLLqFypcxvLmlvEciCHL7+Lv+4vwZqecI=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569/go.mod h1:2Ly+NIftZN4de9zRmENdYbvPQeaVIYKWpLFStLFEBgI=
 github.com/testcontainers/testcontainers-go v0.20.1 h1:mK15UPJ8c5P+NsQKmkqzs/jMdJt6JMs5vlw2y4j92c0=
 github.com/testcontainers/testcontainers-go v0.20.1/go.mod h1:zb+NOlCQBkZ7RQp4QI+YMIHyO2CQ/qsXzNF5eLJ24SY=
+github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -268,6 +304,7 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
@@ -302,6 +339,7 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -318,7 +356,6 @@ golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -338,7 +375,6 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -348,7 +384,6 @@ golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
 golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -382,6 +417,5 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
-gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/test/integration/consul-container/libs/cluster/agent.go b/test/integration/consul-container/libs/cluster/agent.go
index b360ee444fe2..c6e4a2a002ea 100644
--- a/test/integration/consul-container/libs/cluster/agent.go
+++ b/test/integration/consul-container/libs/cluster/agent.go
@@ -8,6 +8,7 @@ import (
 	"io"
 
 	"github.com/testcontainers/testcontainers-go"
+	"google.golang.org/grpc"
 
 	"github.com/hashicorp/consul/api"
 
@@ -36,6 +37,7 @@ type Agent interface {
 	Upgrade(ctx context.Context, config Config) error
 	Exec(ctx context.Context, cmd []string) (string, error)
 	DataDir() string
+	GetGRPCConn() *grpc.ClientConn
 }
 
 // Config is a set of configurations required to create a Agent
diff --git a/test/integration/consul-container/libs/cluster/container.go b/test/integration/consul-container/libs/cluster/container.go
index 7ed88b0d824f..a371404bafe0 100644
--- a/test/integration/consul-container/libs/cluster/container.go
+++ b/test/integration/consul-container/libs/cluster/container.go
@@ -8,6 +8,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -15,11 +16,14 @@ import (
 
 	goretry "github.com/avast/retry-go"
 	dockercontainer "github.com/docker/docker/api/types/container"
+	"github.com/docker/go-connections/nat"
 	"github.com/hashicorp/go-multierror"
 	"github.com/otiai10/copy"
 	"github.com/pkg/errors"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
 
 	"github.com/hashicorp/consul/api"
 
@@ -58,6 +62,8 @@ type consulContainerNode struct {
 	clientCACertFile string
 	ip               string
 
+	grpcConn *grpc.ClientConn
+
 	nextAdminPortOffset   int
 	nextConnectPortOffset int
 
@@ -172,7 +178,8 @@ func NewConsulContainer(ctx context.Context, config Config, cluster *Cluster, po
 		clientAddr       string
 		clientCACertFile string
 
-		info AgentInfo
+		info     AgentInfo
+		grpcConn *grpc.ClientConn
 	)
 	debugURI := ""
 	if utils.Debug {
@@ -236,6 +243,28 @@ func NewConsulContainer(ctx context.Context, config Config, cluster *Cluster, po
 		info.CACertFile = clientCACertFile
 	}
 
+	// TODO: Support gRPC+TLS port.
+	if pc.Ports.GRPC > 0 {
+		port, err := nat.NewPort("tcp", strconv.Itoa(pc.Ports.GRPC))
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse gRPC TLS port: %w", err)
+		}
+		endpoint, err := podContainer.PortEndpoint(ctx, port, "tcp")
+		if err != nil {
+			return nil, fmt.Errorf("failed to get gRPC TLS endpoint: %w", err)
+		}
+		url, err := url.Parse(endpoint)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse gRPC endpoint URL: %w", err)
+		}
+		conn, err := grpc.Dial(url.Host, grpc.WithTransportCredentials(insecure.NewCredentials()))
+		if err != nil {
+			return nil, fmt.Errorf("failed to dial gRPC connection: %w", err)
+		}
+		deferClean.Add(func() { _ = conn.Close() })
+		grpcConn = conn
+	}
+
 	ip, err := podContainer.ContainerIP(ctx)
 	if err != nil {
 		return nil, err
@@ -282,6 +311,7 @@ func NewConsulContainer(ctx context.Context, config Config, cluster *Cluster, po
 		name:       name,
 		ip:         ip,
 		info:       info,
+		grpcConn:   grpcConn,
 	}
 
 	if httpPort > 0 || httpsPort > 0 {
@@ -376,6 +406,10 @@ func (c *consulContainerNode) GetClient() *api.Client {
 	return c.client
 }
 
+func (c *consulContainerNode) GetGRPCConn() *grpc.ClientConn {
+	return c.grpcConn
+}
+
 // NewClient returns an API client by making a new one based on the provided token
 // - updateDefault: if true update the default client
 func (c *consulContainerNode) NewClient(token string, updateDefault bool) (*api.Client, error) {
@@ -508,6 +542,10 @@ func (c *consulContainerNode) terminate(retainPod bool, skipFuncs bool) error {
 				continue
 			}
 		}
+
+		// if the pod is retained and therefore the IP then the grpc conn
+		// should handle reconnecting so there is no reason to close it.
+		c.closeGRPC()
 	}
 
 	var merr error
@@ -529,6 +567,16 @@ func (c *consulContainerNode) terminate(retainPod bool, skipFuncs bool) error {
 	return merr
 }
 
+func (c *consulContainerNode) closeGRPC() error {
+	if c.grpcConn != nil {
+		if err := c.grpcConn.Close(); err != nil {
+			return err
+		}
+		c.grpcConn = nil
+	}
+	return nil
+}
+
 func (c *consulContainerNode) DataDir() string {
 	return c.dataDir
 }
@@ -565,6 +613,7 @@ func newContainerRequest(config Config, opts containerOpts, ports ...int) (podRe
 		ExposedPorts: []string{
 			"8500/tcp", // Consul HTTP API
 			"8501/tcp", // Consul HTTPs API
+			"8502/tcp", // Consul gRPC API
 
 			"8443/tcp", // Envoy Gateway Listener
 
diff --git a/test/integration/consul-container/libs/cluster/network.go b/test/integration/consul-container/libs/cluster/network.go
index e0ee10f4e35f..6e170b3dabc1 100644
--- a/test/integration/consul-container/libs/cluster/network.go
+++ b/test/integration/consul-container/libs/cluster/network.go
@@ -20,6 +20,7 @@ func createNetwork(t TestingT, name string) (testcontainers.Network, error) {
 			Name:           name,
 			Attachable:     true,
 			CheckDuplicate: true,
+			SkipReaper:     isRYUKDisabled(),
 		},
 	}
 	first := true
diff --git a/test/integration/consul-container/libs/utils/docker.go b/test/integration/consul-container/libs/utils/docker.go
index 109205855cd5..6be46d91aee1 100644
--- a/test/integration/consul-container/libs/utils/docker.go
+++ b/test/integration/consul-container/libs/utils/docker.go
@@ -9,6 +9,9 @@ import (
 	"io"
 	"os"
 	"os/exec"
+	"strings"
+
+	"github.com/hashicorp/go-version"
 )
 
 // DockerExec simply shell out to the docker CLI binary on your host.
@@ -16,6 +19,18 @@ func DockerExec(args []string, stdout io.Writer) error {
 	return cmdExec("docker", "docker", args, stdout, "")
 }
 
+// DockerImageVersion retrieves the value of the org.opencontainers.image.version label from the specified image.
+func DockerImageVersion(imageName string) (*version.Version, error) {
+	var b strings.Builder
+	err := cmdExec("docker", "docker", []string{"image", "inspect", "--format", `{{index .Config.Labels "org.opencontainers.image.version"}}`, imageName}, &b, "")
+	if err != nil {
+		return nil, err
+	}
+	output := b.String()
+
+	return version.NewVersion(strings.TrimSpace(output))
+}
+
 func cmdExec(name, binary string, args []string, stdout io.Writer, dir string) error {
 	if binary == "" {
 		panic("binary named " + name + " was not detected")
diff --git a/test/integration/consul-container/test/catalog/catalog_test.go b/test/integration/consul-container/test/catalog/catalog_test.go
new file mode 100644
index 000000000000..8520e5a647e8
--- /dev/null
+++ b/test/integration/consul-container/test/catalog/catalog_test.go
@@ -0,0 +1,35 @@
+package catalog
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
+	libtopology "github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
+
+	"github.com/hashicorp/consul/internal/catalog/catalogtest"
+	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+func TestCatalog(t *testing.T) {
+	t.Parallel()
+
+	cluster, _, _ := libtopology.NewCluster(t, &libtopology.ClusterConfig{
+		NumServers: 3,
+		BuildOpts:  &libcluster.BuildOptions{Datacenter: "dc1"},
+		Cmd:        `-hcl=experiments=["resource-apis"]`,
+	})
+
+	followers, err := cluster.Followers()
+	require.NoError(t, err)
+	client := pbresource.NewResourceServiceClient(followers[0].GetGRPCConn())
+
+	t.Run("one-shot", func(t *testing.T) {
+		catalogtest.RunCatalogV1Alpha1IntegrationTest(t, client)
+	})
+
+	t.Run("lifecycle", func(t *testing.T) {
+		catalogtest.RunCatalogV1Alpha1LifecycleIntegrationTest(t, client)
+	})
+}
diff --git a/test/integration/consul-container/test/upgrade/catalog/catalog_test.go b/test/integration/consul-container/test/upgrade/catalog/catalog_test.go
new file mode 100644
index 000000000000..ef2de3edeb24
--- /dev/null
+++ b/test/integration/consul-container/test/upgrade/catalog/catalog_test.go
@@ -0,0 +1,87 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package catalog
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/internal/catalog/catalogtest"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
+	"github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
+	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
+	"github.com/hashicorp/go-version"
+)
+
+var minCatalogResourceVersion = version.Must(version.NewVersion("v1.16.0"))
+
+const (
+	versionUndetermined = `
+Cannot determine the actual version the starting image represents.
+Scrutinze test failures to ensure that the starting version should
+actually be able to be used for creating the initial data set.
+	`
+)
+
+func maybeSkipUpgradeTest(t *testing.T, minVersion *version.Version) {
+	t.Helper()
+
+	image := utils.DockerImage(utils.GetLatestImageName(), utils.LatestVersion)
+	latestVersion, err := utils.DockerImageVersion(image)
+
+	if latestVersion != nil && latestVersion.LessThan(minVersion) {
+		t.Skipf("Upgrade test isn't applicable with version %q as the starting version", latestVersion.String())
+	}
+
+	if err != nil || latestVersion == nil {
+		t.Log(versionUndetermined)
+	}
+}
+
+// Test upgrade a cluster of latest version to the target version and ensure that the catalog still
+// functions properly. Note
+func TestCatalogUpgrade(t *testing.T) {
+	maybeSkipUpgradeTest(t, minCatalogResourceVersion)
+	t.Parallel()
+
+	const numServers = 1
+	buildOpts := &libcluster.BuildOptions{
+		ConsulImageName:      utils.GetLatestImageName(),
+		ConsulVersion:        utils.LatestVersion,
+		Datacenter:           "dc1",
+		InjectAutoEncryption: true,
+	}
+
+	cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{
+		NumServers:                1,
+		BuildOpts:                 buildOpts,
+		ApplyDefaultProxySettings: true,
+		Cmd:                       `-hcl=experiments=["resource-apis"]`,
+	})
+
+	client := cluster.APIClient(0)
+
+	libcluster.WaitForLeader(t, cluster, client)
+	libcluster.WaitForMembers(t, client, numServers)
+
+	leader, err := cluster.Leader()
+	require.NoError(t, err)
+	rscClient := pbresource.NewResourceServiceClient(leader.GetGRPCConn())
+
+	// Initialize some data
+	catalogtest.PublishCatalogV1Alpha1IntegrationTestData(t, rscClient)
+
+	// upgrade the cluster to the Target version
+	t.Logf("initiating standard upgrade to version=%q", utils.TargetVersion)
+	err = cluster.StandardUpgrade(t, context.Background(), utils.GetTargetImageName(), utils.TargetVersion)
+
+	require.NoError(t, err)
+	libcluster.WaitForLeader(t, cluster, client)
+	libcluster.WaitForMembers(t, client, numServers)
+
+	catalogtest.VerifyCatalogV1Alpha1IntegrationTestResults(t, rscClient)
+}

From 00c85757f7f356dc92ec97f5a3ca6a859337afba Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Sat, 17 Jun 2023 07:42:35 +0530
Subject: [PATCH 068/359] Fix Docs for Trails Leader By (#17763)

* init

* fix tests

* added -detailed in docs

* added change log

* fix doc

* checking for entry in map

* fix tests

* removed detailed flag

* removed detailed flag

* revert unwanted changes

* removed unwanted changes

* updated change log

* pr review comment changes

* pr comment changes single API instead of two

* fix change log

* fix tests

* fix tests

* fix test operator raft endpoint test

* Update .changelog/17582.txt

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* nits

* updated docs

* explanation added

* fix doc

* fix docs

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
---
 website/content/commands/operator/raft.mdx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/content/commands/operator/raft.mdx b/website/content/commands/operator/raft.mdx
index 3c2d8a1221af..1b2464cb8b29 100644
--- a/website/content/commands/operator/raft.mdx
+++ b/website/content/commands/operator/raft.mdx
@@ -68,7 +68,7 @@ configuration.
 
 `Commit Index` is the last log index the server has a record of in its Raft log.
 
-`Trails Leader By` is the difference in commit index the server has from the leader.
+`Trails Leader By` is the number of commits a follower trails the leader by.
 
 #### Command Options
 
@@ -113,7 +113,7 @@ The return code will indicate success or failure.
 
 Corresponding HTTP API Endpoint: [\[POST\] /v1/operator/raft/transfer-leader](/consul/api-docs/operator/raft#transfer-raft-leadership)
 
-This command transfers Raft leadership to another server agent. If an `id` is provided, Consul transfers leadership to the server with that id. 
+This command transfers Raft leadership to another server agent. If an `id` is provided, Consul transfers leadership to the server with that id.
 
 Use this command to change leadership without restarting the leader node, which maintains quorum and workload capacity.
 

From 18b1555a6d61578f877130f68aca8098050db7c2 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Tue, 20 Jun 2023 10:00:01 -0400
Subject: [PATCH 069/359] Improve Prop Override docs examples (#17799)

- Provide more realistics examples for setting properties not already
  supported natively by Consul
- Remove superfluous commas from HCL, correct target service name, and
  fix service defaults vs. proxy defaults in examples
- Align existing integration test to updated docs
---
 .../envoy/case-property-override/setup.sh     | 20 ++++-
 .../envoy/case-property-override/verify.bats  |  5 +-
 .../configuration/property-override.mdx       | 79 ++++++++++---------
 .../usage/property-override.mdx               | 55 +++++++------
 4 files changed, 95 insertions(+), 64 deletions(-)

diff --git a/test/integration/connect/envoy/case-property-override/setup.sh b/test/integration/connect/envoy/case-property-override/setup.sh
index 1bf2021c0c9a..744055f94966 100644
--- a/test/integration/connect/envoy/case-property-override/setup.sh
+++ b/test/integration/connect/envoy/case-property-override/setup.sh
@@ -53,12 +53,30 @@ EnvoyExtensions = [
           Path = "/upstream_connection_options/tcp_keepalive/keepalive_probes"
           Value = 1234
         },
+        {
+          ResourceFilter = {
+            ResourceType = "cluster"
+            TrafficDirection = "outbound"
+          }
+          Op = "add"
+          Path = "/outlier_detection/max_ejection_time/seconds"
+          Value = 120
+        },
+        {
+          ResourceFilter = {
+            ResourceType = "cluster"
+            TrafficDirection = "outbound"
+          }
+          Op = "add"
+          Path = "/outlier_detection/max_ejection_time_jitter/seconds"
+          Value = 1
+        },
         {
           ResourceFilter = {
             ResourceType = "cluster"
             TrafficDirection = "outbound"
             Services = [{
-              Name = "s2"
+              Name = "s3"
             }]
           }
           Op = "remove"
diff --git a/test/integration/connect/envoy/case-property-override/verify.bats b/test/integration/connect/envoy/case-property-override/verify.bats
index 4453409eede5..446ef061da41 100644
--- a/test/integration/connect/envoy/case-property-override/verify.bats
+++ b/test/integration/connect/envoy/case-property-override/verify.bats
@@ -19,13 +19,14 @@ load helpers
   [ "$status" == 0 ]
 
   [ "$(echo "$output" | jq -r '.upstream_connection_options.tcp_keepalive.keepalive_probes')" == "1234" ]
-  [ "$(echo "$output" | jq -r '.outlier_detection')" == "null" ]
+  [ "$(echo "$output" | jq -r '.outlier_detection.max_ejection_time')" == "120s" ]
+  [ "$(echo "$output" | jq -r '.outlier_detection.max_ejection_time_jitter')" == "1s" ]
 
   run get_envoy_cluster_config localhost:19000 s3
   [ "$status" == 0 ]
 
   [ "$(echo "$output" | jq -r '.upstream_connection_options.tcp_keepalive.keepalive_probes')" == "1234" ]
-  [ "$(echo "$output" | jq -r '.outlier_detection')" == "{}" ]
+  [ "$(echo "$output" | jq -r '.outlier_detection')" == "null" ]
 }
 
 @test "s2 proxy is configured with the expected envoy patches" {
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
index f88cd476a0bd..28e54f27eec1 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
@@ -46,13 +46,14 @@ Patches = [
       TrafficDirection = "<inbound or outbound>"
       Services = [
         {
-          Name = "<name of service to filter for>", 
+          Name = "<name of service to filter for>"
           Namespace = "<Consul namespace containing the service>"
           Partition = "<Consul partition containing the service>"
         }
       ]
-    Op = "<add or remove>",
-    Path = "<path/to/field>",
+    }
+    Op = "<add or remove>"
+    Path = "</path/to/field>"
     Value = "<values or map of field-values>"
   }
 ]
@@ -160,9 +161,9 @@ If Envoy specifies a wrapper as the target field type, the extension automatical
 
 The following examples demonstrate patterns that you may be able to model your configurations on.
 
-### Enable `enforcing_consecutive_5xx` outlier detection 
+### Enable `respect_dns_ttl` in a cluster
 
-In the following example, the `add` operation patches an outlier detection property into outbound cluster traffic. The `Path` specifies the `enforcing_consecutive_5xx` interface and sets a value of `1234`:
+In the following example, the `add` operation patches the outbound cluster corresponding to the `other-svc` upstream service to enable `respect_dns_ttl`. The `Path` specifies the [Cluster `/respect_dns_ttl`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-respect-dns-ttl) top-level field and `Value` specifies a value of `true`:
 
 ```hcl
 Kind = "service-defaults"
@@ -183,8 +184,8 @@ EnvoyExtensions = [
             },
           },
           "Op" = "add",
-          "Path" =  "/outlier_detection/enforcing_consecutive_5xx",
-          "Value" = 1234,
+          "Path" =  "/respect_dns_ttl",
+          "Value" = true,
         }
       ]
     }
@@ -192,9 +193,9 @@ EnvoyExtensions = [
 ]
 ```
 
-### Update multiple values in the default map
+### Update multiple values in a message field
 
-In the following example, two `ResourceFilter` blocks target outbound traffic to the `db` service and add `/outlier_detection/enforcing_consecutive_5xx` and `/outlier_detection/failure_percentage_request_volume` properties:
+In the following example, both `ResourceFilter` blocks target the cluster corresponding to the `other-svc` upstream service and modify [Cluster `/outlier_detection`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/outlier_detection.proto) properties:
 
 ```hcl
 Kind = "service-defaults"
@@ -208,27 +209,27 @@ EnvoyExtensions = [
       Patches = [
         {
           ResourceFilter = {
-            ResourceType = "cluster",
-            TrafficDirection = "outbound",
+            ResourceType = "cluster"
+            TrafficDirection = "outbound"
             Services = [{
               Name = "other-svc"
-            }],
-          },
-          Op = "add",
-          Path =  "/outlier_detection/enforcing_consecutive_5xx",
-          Value = 1234,
+            }]
+          }
+          Op = "add"
+          Path = "/outlier_detection/max_ejection_time/seconds"
+          Value = 120
         },
         {
           ResourceFilter = {
-            ResourceType = "cluster",
-            TrafficDirection = "outbound",
+            ResourceType = "cluster"
+            TrafficDirection = "outbound"
             Services = [{
               Name = "other-svc"
-            }],
-          },
-          Op = "add",
-          Path =  "/outlier_detection/failure_percentage_request_volume",
-          Value = 2345,
+            }]
+          }
+          Op = "add"
+          Path = "/outlier_detection/max_ejection_time_jitter/seconds"
+          Value = 1
         }
       ]
     }
@@ -236,9 +237,13 @@ EnvoyExtensions = [
 ]
 ```
 
-### Set multiple values that replace the map
+The use of `/seconds` in these examples corresponds to the same field in the [google.protobuf.Duration](https://github.com/protocolbuffers/protobuf/blob/main/src/google/protobuf/duration.proto) proto definition, since the extension does not support JSON serialized string forms of common protobuf types (e.g. `120s`).
+
+-> **Note:** Using separate patches per field preserves any existing configuration of other fields in `outlier_detection` that may be directly set by Consul, such as [`enforcing_consecutive_5xx`](https://developer.hashicorp.com/consul/docs/connect/proxies/envoy#enforcing_consecutive_5xx).
+
+### Replace a message field
 
-In the following example, a `ResourceFilter` targets outbound traffic to the `db` service and replaces the map of properties located at `/outlier_detection` with `enforcing_consecutive_5xx` and `failure_percentage_request_volume` and properties:
+In the following example, a `ResourceFilter` targets the cluster corresponding to the `other-svc` upstream service and _replaces_ the entire map of properties located at `/outlier_detection`, including explicitly set `enforcing_success_rate` and `success_rate_minimum_hosts` properties:
 
 ```hcl
 Kind = "service-defaults"
@@ -246,27 +251,29 @@ Name = "my-svc"
 Protocol = "http"
 EnvoyExtensions = [
   {
-    Name = "builtin/property-override",
+    Name = "builtin/property-override"
     Arguments = {
-      ProxyType = "connect-proxy",
+      ProxyType = "connect-proxy"
       Patches = [
         {
           ResourceFilter = {
-            ResourceType = "cluster",
-            TrafficDirection = "outbound",
+            ResourceType = "cluster"
+            TrafficDirection = "outbound"
             Services = [{
               Name = "other-svc"
-            }],
-          },
-          Op = "add",
-          Path =  "/outlier_detection",
+            }]
+          }
+          Op = "add"
+          Path =  "/outlier_detection"
           Value = {
-            "enforcing_consecutive_5xx" = 1234,
-            "failure_percentage_request_volume" = 2345,
-          },
+            "enforcing_success_rate" = 80
+            "success_rate_minimum_hosts" = 2
+          }
         }
       ]
     }
   }
 ]
 ```
+
+Unlike the previous example, other `/outlier_detection` values set by Consul will _not_ be retained unless they match Envoy's defaults, because the entire value of `/outlier_detection` will be replaced.
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
index 805540265787..fbe0c357a309 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
@@ -23,9 +23,9 @@ Add Envoy extension configurations to a proxy defaults or service defaults confi
 - When you configure Envoy extensions on proxy defaults, they apply to every service.
 - When you configure Envoy extensions on service defaults, they apply to a specific service.
 
-Consul applies Envoy extensions configured in proxy defaults before it applies extensions in service defaults. As a result, the Envoy extension configuration in service defaults may  override configurations in proxy defaults.
+Consul applies Envoy extensions configured in proxy defaults before it applies extensions in service defaults. As a result, the Envoy extension configuration in service defaults may override configurations in proxy defaults.
 
-In the following service defaults configuration entry example, Consul adds a new `/upstream_connection_options/tcp_keepalive/keepalive_probes-5` field to each of the proxy's cluster configuration for the outbound `db`service upstream. The configuration applies to all `connect-proxy` proxies with services configured to communicate over HTTP:
+In the following proxy defaults configuration entry example, Consul sets the `/respect_dns_ttl` field on the `api` service proxy's cluster configuration for the `other-svc` upstream service:
 
 <Tabs>
 <Tab heading="HCL" group="hcl">
@@ -33,7 +33,7 @@ In the following service defaults configuration entry example, Consul adds a new
 
 ```hcl
 Kind     = "service-defaults"
-Name     = "global"
+Name     = "api"
 Protocol = "http"
 EnvoyExtensions = [ 
   {
@@ -50,8 +50,8 @@ EnvoyExtensions = [
             }]
           }
           Op    = "add"
-          Path  = "/upstream_connection_options/tcp_keepalive/keepalive_probes"
-          Value = 5
+          Path  = "/respect_dns_ttl"
+          Value = true
         }
       ]
     }
@@ -66,9 +66,9 @@ EnvoyExtensions = [
 
 ```json
 "kind": "service-defaults",
-"name": "global",
+"name": "api",
 "protocol": "http",
-"envoy_extensions": [{
+"envoyExtensions": [{
   "name": "builtin/property-override",
   "arguments": {
     "proxyType": "connect-proxy",
@@ -76,11 +76,11 @@ EnvoyExtensions = [
       "resourceFilter": {
         "resourceType": "cluster", 
         "trafficDirection": "outbound",
-        "services": [{ "name":  "other-svc" }],
-        "op": "add",
-        "path": "/upstream_connection_options/tcp_keepalive/keepalive_probes",
-        "value": 5
-       }
+        "services": [{ "name":  "other-svc" }]
+      },
+      "op": "add",
+      "path": "/respect_dns_ttl",
+      "value": true
     }]
   }
 }]
@@ -88,13 +88,13 @@ EnvoyExtensions = [
 </CodeBlockConfig>
 </Tab>
 <Tab heading="Kubernetes" group="kubernetes">
-<CodeBlockConfig filename="property-override-extension-proxy-defaults.yaml">
+<CodeBlockConfig filename="property-override-extension-service-defaults.yaml">
 
 ```yaml
 apiversion: consul.hashicorp.com/v1alpha1
 kind: ServiceDefaults
 metadata:
-  name: global
+  name: api
 spec:
   protocol: http
   envoyExtensions:
@@ -108,8 +108,8 @@ spec:
           services: 
             - name:  "other-svc"
         op: "add"
-        path: "/upstream_connection_options/tcp_keepalive/keepalive_probes",
-        value: 5
+        path: "/respect_dns_ttl",
+        value: true
 ```
 
 </CodeBlockConfig>
@@ -136,6 +136,7 @@ EnvoyExtensions = [
   {
     Name = "builtin/property-override"
     Arguments = {
+      Debug = true
       ProxyType = "connect-proxy"
       Patches = [
         {
@@ -146,7 +147,7 @@ EnvoyExtensions = [
           Op = "add"
           Path =  ""
           Value =  5
-         }
+        }
       ]
     }
   }
@@ -157,19 +158,23 @@ After applying the configuration entry, Consul prints a message that includes th
 
 ```shell-session
 $ consul config write api.hcl
-non-empty, non-root Path is required. available cluster fields:
-/outlier_detection
-/outlier_detection/enforcing_consecutive_5xx
-/outlier_detection/failure_percentage_request_volume
-/round_robin_lb_config
-/round_robin_lb_config/slow_start_config
+non-empty, non-root Path is required;
+available envoy.config.cluster.v3.Cluster fields:
+transport_socket_matches
+name
+alt_stat_name
+type
+cluster_type
+eds_cluster_config
+connect_timeout
+...
 ```
 
 You can use the output to help you construct the appropriate value for the `Path` field. For example:
 
 ```shell-session
-$ consul config write api.hcl | grep round_robin
-/round_robin_lb_config
+$ consul config write api.hcl 2>&1 | grep round_robin
+round_robin_lb_config
 ```
 
 

From d2363eb711d88e8067be251bc08d5a7bd58b20ba Mon Sep 17 00:00:00 2001
From: Paul Glass <pglass@hashicorp.com>
Date: Tue, 20 Jun 2023 09:49:50 -0500
Subject: [PATCH 070/359] Test permissive mTLS filter chain not configured with
 tproxy disabled (#17747)

---
 agent/xds/listeners_test.go                   |   9 ++
 ...t-tproxy-and-permissive-mtls.latest.golden | 115 ++++++++++++++++++
 2 files changed, 124 insertions(+)
 create mode 100644 agent/xds/testdata/listeners/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden

diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go
index 21e3149bf109..10b358bdad15 100644
--- a/agent/xds/listeners_test.go
+++ b/agent/xds/listeners_test.go
@@ -1109,6 +1109,15 @@ func TestListenersFromSnapshot(t *testing.T) {
 					nil)
 			},
 		},
+		{
+			name: "connect-proxy-without-tproxy-and-permissive-mtls",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) {
+					ns.Proxy.MutualTLSMode = structs.MutualTLSModePermissive
+				},
+					nil)
+			},
+		},
 	}
 
 	tests = append(tests, makeListenerDiscoChainTests(false)...)
diff --git a/agent/xds/testdata/listeners/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/listeners/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden
new file mode 100644
index 000000000000..b15ccf4a148a
--- /dev/null
+++ b/agent/xds/testdata/listeners/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden
@@ -0,0 +1,115 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
+              }
+            },
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "public_listener",
+                "cluster": "local_app"
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                }
+              },
+              "requireClientCertificate": true
+            }
+          }
+        }
+      ],
+      "trafficDirection": "INBOUND"
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}

From 6d393287717a7decdea28fa8a1c883b0cb01f91c Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Tue, 20 Jun 2023 09:14:15 -0600
Subject: [PATCH 071/359] Add documentation for remote debugging of integration
 tests. (#17800)

* Add documentation for remote debugging of integration tests.

* add link from main docs page.

* changes related to PR feedback
---
 docs/README.md                                |   1 +
 .../consul-container/test/debugging.md        |  78 ++++++++++++++++++
 .../test/util/test_debug_breakpoint_hit.png   | Bin 0 -> 654866 bytes
 .../test/util/test_debug_configuration.png    | Bin 0 -> 294046 bytes
 .../test/util/test_debug_info.png             | Bin 0 -> 622325 bytes
 .../util/test_debug_remote_configuration.png  | Bin 0 -> 285715 bytes
 .../test/util/test_debug_remote_connected.png | Bin 0 -> 111968 bytes
 .../test/util/test_debug_resume_program.png   | Bin 0 -> 51972 bytes
 8 files changed, 79 insertions(+)
 create mode 100644 test/integration/consul-container/test/debugging.md
 create mode 100644 test/integration/consul-container/test/util/test_debug_breakpoint_hit.png
 create mode 100644 test/integration/consul-container/test/util/test_debug_configuration.png
 create mode 100644 test/integration/consul-container/test/util/test_debug_info.png
 create mode 100644 test/integration/consul-container/test/util/test_debug_remote_configuration.png
 create mode 100644 test/integration/consul-container/test/util/test_debug_remote_connected.png
 create mode 100644 test/integration/consul-container/test/util/test_debug_resume_program.png

diff --git a/docs/README.md b/docs/README.md
index d3483710b33b..8bebb848c9b1 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -40,6 +40,7 @@ Also see the [FAQ](./faq.md).
 
 1. [Integration Tests](../test/integration/connect/envoy/README.md)
 1. [Upgrade Tests](../test/integration/consul-container/test/upgrade/README.md)
+1. [Remote Debugging Integration Tests](../test/integration/consul-container/test/debugging.md)
 
 ## Important Directories
 
diff --git a/test/integration/consul-container/test/debugging.md b/test/integration/consul-container/test/debugging.md
new file mode 100644
index 000000000000..90f6974daa1d
--- /dev/null
+++ b/test/integration/consul-container/test/debugging.md
@@ -0,0 +1,78 @@
+# Remote Debugging Integration Tests
+
+- [Introduction](#introduction)
+	- [How it works](#how-it-works)
+- [Getting Started](#getting-started)
+	- [Prerequisites](#prerequisites)
+	- [Running Upgrade integration tests](#debugging-integration-tests)
+      -  [Building images](#building-images)
+	  -  [Remote debugging using GoLand](#remote-debugging-using-goland)
+
+
+## Introduction
+
+Remote debugging integration tests allows you to attach your debugger to the consul container and debug go code running on that container. 
+
+### How it works
+The `dev-docker-dbg` Make target will build consul docker container that has the following:
+- [delve (dlv) debugger](https://github.com/go-delve/delve) installed.
+- a port exposed on the container that allows a debugger from your development environment to connect and attach to the consul process and debug it remotely.
+- logs out the host and port information so that you have the information needed to connect to the port.
+
+The integration tests have been modified to expose the `--debug` flag that will switch the test from using a `consul:local` image that can be built using `make dev-docker` to using the `consul-dbg:local` image that was build from `make dev-docker-dbg`.
+
+The test is run in debug mode with a breakpoint set to just after the cluster is created and you can retrieve the port information.  From there, you can set up a remote debugging session that connects to this port.
+
+## Getting Started
+### Prerequisites
+To run/debug integration tests locally, the following tools are required on your machine:
+- Install [Go](https://go.dev/) (the version should match that of our CI config's Go image).
+- Install [`Makefile`](https://www.gnu.org/software/make/manual/make.html).
+- Install [`Docker`](https://docs.docker.com/get-docker/) required to run tests locally.
+
+### Debugging integration tests
+#### Building images
+- Build a consul image with dlv installed and a port exposed that the debugger can attach to.
+  ```
+  make dev-docker-dbg
+  ```
+- Build a consul-envoy container image from the consul root directory that is required for testing but not for debugging. 
+  ```
+  docker build consul-envoy:target-version --build-arg CONSUL_IMAGE=consul:local --build-arg ENVOY_VERSION=1.24.6 -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+  ```
+
+#### Remote debugging using GoLand
+(For additional information, see [GoLand's documentation on remote debugging](https://www.jetbrains.com/help/go/attach-to-running-go-processes-with-debugger.html#attach-to-a-process-on-a-remote-machine).)
+##### Set up the Debug Configuration for your test
+- Create the configuration for debugging the test. (You may have to debug the test once so GoLand creates the configuration for you.)
+- Go to `Run > Edit Configurations` and select the appropriate configuration.
+- Add `--debug` to `Program arguments` and click OK.
+
+  <img src="./util/test_debug_configuration.png" alt="isolated" width="550"/>
+##### Obtain the debug port of your container
+(This is required every time a test is debugged.)
+
+- Put a breakpoint in the test that you are running right after the cluster has been created. This should be on the line after the call to `topology.NewCluster()`.
+- Debug the test and wait for the debug session to stop on the breakpoint in the test.
+- In the Debug window, search for `debug info` on the Console tab and note the host and port.
+
+  <img src="./util/test_debug_info.png" alt="isolated" width="550"/>
+- Go to `Run > Edit Configurations` and add a `Go Remote` configuration with the host and port that your test has exposed.  Click OK.
+  
+  <img src="./util/test_debug_remote_configuration.png" alt="isolated" width="550"/>
+- Debug the configuration that you just created.  Verify that it shows as connected in the `Debugger` of this configuration in the `Debug` window.
+  
+  <img src="./util/test_debug_remote_connected.png" alt="isolated" width="550"/>
+##### Debug the consul backend
+- Set an appropriate breakpoint in the backend code of the endpoint that your test will call and that you wish to debug.
+- Go to the test debugging tab for the integration test in the `Debug` window and `Resume Program`.
+  
+  <img src="./util/test_debug_resume_program.png" alt="isolated" width="350"/>
+- The remote debugging session should stop on the breakpoint, and you can freely debug the code path.
+
+  <img src="./util/test_debug_breakpoint_hit.png" alt="isolated" width="550"/>
+
+#### Remote debugging using VSCode
+(For additional information, see [VSCode's documentation on remote debugging](https://github.com/golang/vscode-go/blob/master/docs/debugging.md#remote-debugging).)
+
+[comment]: <> (TODO: Openly looking for someone to add VSCode specific instructions.)
\ No newline at end of file
diff --git a/test/integration/consul-container/test/util/test_debug_breakpoint_hit.png b/test/integration/consul-container/test/util/test_debug_breakpoint_hit.png
new file mode 100644
index 0000000000000000000000000000000000000000..2eae03da3b9054fcdb47666519eb01dff236f07b
GIT binary patch
literal 654866
zcmbTd1ymi)mNpCof=hs)!9$P$2X`m9yF-8++}&M*ySrO(hl4u=cXxMp_)p&V-kDkR
z-}%<u>9xA6TB^Ehm+WUhdv~y$j3_b!9s&de1hTl;Hw6d?cxMO*I9|B-;44M_6#@_t
z2n8lWLUQ6lLd0^mR)!|#KnMu2;P^yXx!46P@3Xf;HVr{a1wkucdnhq@p6k_b<ey3W
z(G7^1TdEs<%>;y@F@;rOFty@I&4e)#L-o7ch(o=r>9EX;KtwpcEmo^;SEIj^uSOom
zc=j^5?ncvyAVQ!-X=H*vLJXh*#k)LsaH?!Bkd}!%pcp&eA@XloGxh!&ALsWT2zzM(
zwZmqKyDhmh&b52JRpbn88QDU53x1H<1lls8@docBmaE0UK$rqH=Y|K-Wo@~-nBl7h
z{Lf^ozo&?P;V=oA_)h(WaT!Ao55k!-i0lIdzag=w2&=01Hc1PaIn^e-FkI*d$B_ZG
zE}?szu0AoOO)}YCqc0wbqUQ~1;?-%NBKZ5JTBYDuC6lOR_O@R#`!Cwb$+S5YyV2xr
zLwW$8sw4)IS7bHOi4EixtOt+~T@)`A(@1YZQ}iqgjGmFM*mWSQ>kc}7n9^vj^@cBh
zRFN4aWgZYPbjOfyRBM1gc^1j;bB#m3i9DkhLMH8SW+pl=Q};sG{yOfcR480h_(j|U
z`K0y2>jSB7<U%uV^(qr%`;qEELfME!@OA9XXz~i5ZcoZcGVa$U{K&H%9()Y)P;4WY
z0n^|qA>hTcy>2oe6PI8;D`HbrjhPV8C~4>dHC+!4&K>gIJtP1vLQT`#KC^dhB*nbP
zE|^`G6f^G!gW3S%7SlXwd9PMrU49)hMC_TvBPS?dwpHk-r^RgIoS)VfJv6$ZM>Hyg
zvG8FGwV_AffOgJjsByjic!}yl4@E2ZcR%?F$G!2!p<Fv~lHQqpM@{qLI)DF44E@cQ
zy%Nq^0AT<EJ?dS8A4?V*rXTHhSV~ys?|ke?5x!elxM}aPJAl>%%g|1pWaEhMJ0$55
zR{d<?e67)7as*AISbsny3(TTn*am>I`6)kz_@R?Pe)i29w>2hELW<|#8Rso}{|Lhg
zqwQTTxHA5(2o*1Il|NGtQ!3D;@{2j#m|rqIB8oTJMnENm4#HkH%=wo_r1HSX4(W54
zdro)k(*WHr14?hw?0rgtIF69u%WnZ$oAQH{@TTM?aLOSiA~U%f@&rXoMLN@PhZuOF
z1v$9JcC}24s00DKIf*%{Iczz@6G0Qw`;ONZ_C&6jFUUfj#@~O_%iyqn!6NI}{*J(q
zpX8S$@|*m(_HT$?9<0!OgYZfeH9qrCtRGvDT0XSkFM0Dsp7h-s^jov1;f*5g`671O
zSgSV*F4HZ4Sms!!U4}R%%kZD;)7<hnzi|HGN!y008_E~j9zfI+iGd0C9-2ZB&PQ~B
z%>2tI;#zb|wD)jZ--L5MOa$PFOOcn8Bz!muPW%}eY$g6VhHfw#Qv^LmC3Z-xUrbfZ
zBTx1Rc{SBSY#M(;3|lm6^jIuW)S3b%rcekMc}9%z!nfjVtvv30_qg04^?|A#XWP<k
z>g|+m%fZ$diUItAnr-aCz2U^6%&2w}z8rozdZlxvb;@5#MRM%<<GJ(&V#>7&Nb<ks
zmW$L%ot16G;0u2gZI|^ZQp+t?*vl7ZhU6T|^Au|xavnk+k{?1KOETqDnH1ORFUo6R
zTPUfEFQ{;6aHuv3K7`o<2!z@4Y7P#rN3OT7-LA)|Q>bY^whg_Hca7JiCQ{lfYA(H0
z4pqWeIxF#1F(`5=%`di4HdArSiBMrvMpYb>U(59r_xOQg5pnhDG%bgte~)|Gn?;JH
zizUJ2cy50hXKH%#dIr<%bP`m=ks~~3J0~%-Sni-=rj}ZAQbIeuTJ9n91S6E(sh`I*
zgmV%mPk>CoM^HS<n@*Q*qfNF#xl-4R+$?+j(^abVN9&2Jg=_BP;-kRh@XgUR5gr;+
z(tE1+T*#bAyf}EceK_T8=B%F>6<GA~ckpL$c~}c@T5tg@<*aQ6zASnvdCAADO(qDb
zi^&B^DoLyKej~>t{)R0h&3pR0oTDE{$}*M=WLS-ojZ){5@6^X>p=f6{m^DEug?s?d
z)mayUt2XsT^#V=8O7|c6KX$C@W=m!c!|RG!=9;@6BanOh`VHfyLr2UsnKau@2$!B5
zm0E~fZX7Kfbx#P6$!~9NyHOrdf>Gj8c%<-{;+mpedOvLKZ!`{F)NWBwxE0bAZpnCY
zq;eH<%yFWQu%(P;dVTk74=qRR2WCoEeC=kLaHue=NR7bnFIzlGZpq*pd&znt9`=tP
z;_PzW(K{fyFuuNDKiF>Sx&mPj4bPPhln!eSat*aCKNUxoM|KpB8colQIwhaE@P+Am
zuc@>X)_+MIF4v2E<hrjow?ZX`{RSNe%Z<p490y(hzEj{;V9A#d79Tp)H&uuqj_Zf!
zK&)Kucz$+!pkB9NH+5G=kY)e?_3USs2u(y$xHHkghbE3o`8b<6<`P;BUQUwcFONcD
zs#4-oR>z?Ek5zM9(_8*Fv=@!{`}ckq28bZ+V>SAy?}>6r)>hdQUCRNg*u?+|U3<f-
zXZ_JljNqi6q@KkdKpL71ixEw5x>7Rp(9QPgcH4H-RsB`q1Kl(F>-TC&Tk*@N4&h2^
z`n1gig%n28Ys>^h-NMIwm3&VzL~*V-)@Z`m)hM4avES_E3h4R4i;2dxgW8j{tQgoK
zZi$?<D^>PN=)@dJ@IboX=7TvTe)5IWYL9-kfF+g|(kBBM`_W*nUM+b`qYRVPKv1W9
z=5uCZcA`yU9qpWYo1x1Z!fc4g*X(%luS+TiWz=dcm5WX{8!SC6CT5<RW=-`!PFfro
zjx-RN5mm6S-`1amw6nFc^D2#6uO3T?CioD%ju*ez=*<OM34?OXdJ}r{dv#fD*>s);
z4-2a^zp#>99WI);yNqESV@)KuX|B{0(#g{d0uI)&YRgQx4BRGeow%^h8Z}HcHR@s;
z6`N}sXexgJ6JN_|TiW6Z<JQW~i;Rn=i<adc^w_NK%6LxQ4ojI!LrQtiKAyI=k2&co
z*6BGMcpkqVzl@=NBig@Dey|%6xbf?SZ6`!0IOO@{+1T2bT~MHs>u5)yMNx*&8)Ln_
zD_@aId$W7<gtw2}+uy-(P=($8`PKH!x#OZ9<2S|)1+t6^s{(##N>%}=U}86JcQv6g
z;Z*Upa8V;&6W^=u{$|`Hed?o8+?YA9B)6uu<EGYYQ`Obx6&W@(_Tv&(15Y!K+l7pq
zn%i8yx1=iFlUCb&=OMdO@6OOcsf?<uwt<dWo26H4@l<)u1zXD+UdwSyiY5E9anpfw
zO`V(P-GZiN1Ksj%v&RF<)96i0r&G(B@Jh>C?D&*hrjyscz@y(BY7J2YpT-N$RpWke
zSL|dVo@}WX+e2&iT-%*grmF5<%}=Aq$EFv++rabIFn_1r(AA{CNoNYlQT9|fZ#SDR
zjWff!!n3V=-nncq-&bAScFu>yC*Abis@!)K<P{XF=I*7px8qz(P8J5)2C{2LAfh+9
zYx$F{4cXta1epfBs1bYaogP$Ark8a$njH=O7`PZ1`Vsz2EC^X>0kN@=&USFg7@H7T
ztI*z!-(52@(2XC7zK3*pZ5|}MNgP8KiAwFeK)8S4sm6oI9kjvP7>uTzB<NseWlT@@
zDBQgkpAdY-u&snRY<W@p4)IDg#q{j-^jZj0{mZN74Qd7*YFm*l3k**oLV#-GhSJgy
z)ZjcE1T-Wb1PnL_3Ep`j@&6+)0!az+?yu`m5D-Bo5YYd4Mh2Yz*`mPvpE7@^?_vTW
zV8LhT;N3Y3>Yq=;J7>N7XC96hd=ElEQAk`IoGKdF0)dux##Z)^{`?`}3-H!r>UIzi
zSmb|pNO6VF=ivJ1O_bE^)ug334XiBa^nO_B1L>SCtpC&l!R^cm&RPKN^@yD<%q{IW
zoq0(AdV&+2|8p5YO8nO&_GUb!YSMDVLRPjwVpckOI(kxG1Y%-hZrdM*oC@DW{!tu!
z#zSgsZ*R>B05~~0(K#{ES=kx^7&tgM0Q8IiMn+oj6SQ_NmiBtiw3c>ce^>I)dcFbe
z3~WuT?M<vKiT~8Ar*Gw8&qGT3=SBaq{r#OlXOsVYlcn81ngwnk;LjZZ106l!Kk5b-
z<^FS(Q_jR0Xs-Uv!~!fc@H==J85rof|0?kRyY-*1{4Yh-{!3A2M&|!o^uOHt??sjE
zfVM(b7T}lK^ZsXt{iE=Iz4?!V+<-rA|1YxmThM=91xuP2fgA82y~c|$7!sHd?#NFj
z-(;1*DR`Lu*`SHQ2g<)wa2`hACaxdA4*|gsA^uH3$r<uE9rin>@?7BB^{Tj^zdzQ2
zupB=$X51HIIMUn4+${I3pFck$>Sq^c=>ygZ=PSw7<mA8QBf?Fhi+Mwfp&opG<8X3h
zZP9b8X<6|9oL2h7@O0Vsw5EoO$!V3N-(n(1I6iKDclSL{Q%j5Ao6T#nVxjf@xn5p=
zzFvO>fhi9!FJV<x6&yUgFuxqJyNCP6!2vwL%Bpd~>y(htnypq<JRDE6fLmwJQCg8)
z>XEIqBVP%*L`m7tVuy1%Y{I-w=7BnP2yf_0@R6+&<JI>0LRF~ED-hscAGJpG@WPVu
z_FD$W-F@IeG+hdLPf_^WXuItT$(*k3i+DS{?Ms=q(D_SXGa&j2b&D!?FezPT=T+#G
z?>;H&3AH;iupXQ=z5U74q%XkxwG-LCk>Bas%bnZki7~!?y;@^@1B~%amnFPf2YC{0
zze;9!4PNoRl8y&YTDNTnynfsm#H*7$ZNHX;uZw#EG`+<<0lF*v7f|1O@gVVi30%X7
zCmZwH-%~Dc-+m0O;FzKMmTr~a`pR6(f0gqwuOY{42S`arC1NQ<r!b{p^Zm`!{&@bw
zyZ0#H8Z1{P>ddg6V`nAO`wnDbUJP2XQaAgW%MeWcUR|tLug3Uv2Lr33LK7d`5vVJz
z)_9LsTCkVuEreR~K7X#06m<T^1pFr4OJ$8~`4dn={dJn8LVC3%V@4M8h2a4>E}HXZ
zj8p$m?PsPc+vmQRzm7X(eI-))B|dB?+$E5RVynJQKf}wFr!0*@_YwQmzT=?3=#$sw
zOY9oaOGB-x$#W~SVe;E3Ud_&3rkqmxnao~6G~@2@gXk!q?Q8T^h1OdMkx0{P%n_jJ
zwWK*^axQER(N(1Gh{nLN?s@9SggpG=Pd^d;<B;u%v-2oa&bR%TduS@C%cKL?$DJu>
z3R{@Dl&vU?XWkvY3DWW!_{ZT<FYXAn={4#ovZNH=W5l^N%SfqZl-^Kvn6EWMWikoy
zAN9(s&JkIj9>R*6R4gB;21T%78CB)d=(vto`$OwKiAUDC-O*`r{-AWdJC%NW>=+)F
zoB<*y6c)k`4a-s?V{t7joK$s$N+z`_yFK6Am@ibrEHzk(!YV{K98M=oG|E%tQ&Q0i
zSXvUk3=7N4e;67bl9So2RNUE-5bw(Y@IEM2u7_59`wS0BLJaNijfMs#$PWkiZ=9qM
zLy~upR>igb0BF(dZhFxyUtZnhQwEd3!6Ro=2J=!!UZE0j{!GV|zStD-W7w=7M#IJ)
zgQ7$CkM5_N$@qd}@WT=SI)^%_WM;quIGwGA^SIp-Gch4zYjcY!v#UF!_eUC$QgGpe
zbhNZcH_N^_cML}TUp^FE#+nuq%fp7fucL#X{5B*c<ePUUA9pLyMgQa4M7=cE^}!PM
z3oMdS7kxy}00|z?fL~(BP^0sO{*GZNkCnwLNIl?3SV)M7Cc>avl&*K~!NI`jsDOZg
zPYJP3lhzZYgxS9-yMH!=*#qi0Ih4l@1_p+dh8bysVFC^XMX+zee#idE*YkzmeqZkL
za%W@|gj9@fNpr40G20i8ADxyK=HK%Tyix0^%E-{UTn^<mM(k`>Ng92T{6BW4zjrLO
z+WwCCY7;3bDVjt!zJY;(oQ_IhSQt{8m#0-2E>}YRu=2JrmVXniMs3mMn%7%zy~R@0
ze91?_?k=i613X(>+o;UU3Xmg*NvIOWzdM-zDG)eFL}<0`k2pB|q!n^K{r$PVf=q^n
z86D(_S|Og;x2jNph@t)4j(4a^<(dsBkeFKxZ9vk=NtCUgi!DlOIxL$+n93OP|I>K>
zGfZG0!Fb{R>4~gbovEj{H(Ifr#@Wrypvynlc%hn{TMT-aRln!w(Dby@^${PMNwLYm
zmoaS@7nkohiJ$*X$x8=#>m~tm7TJWv+|k^jKpUq!t3`n-@+v+tvH1hiBmGq?6moIe
zT3??GJV4e0#%P>TcS-aB*?ZT<nUdDWaxM1~^aac=bJb4q=Zx6MTyo%zh3_@RpQc;G
zL!xx!h>bRNb$7>6R9I-T=Jq%7*etzC`vwJZEf2J+?))4UiE*niCqL!1*@PY%9@d_0
zVkZ6f#I`PlVQuFmB)G=@%^^%~qkOcMr+mM?x*EOzb+D)N#-!+1k$sUkDjQo^XaxV;
z`FFIGFVQ%i73wbc%w!maKg0hL7{38o2WiE?fSA90W8eHP!@cK?>F*>LBG=nvm<AG|
zKoybR9#XEa_(74M1k{r$HSm{UX>Ji9{~cKap=eGyjhylQYvHQ3vZD8P2}k?e*G?NW
zw|B%h%Li!<#(Bppq9d29A6gJY&M&j=<3b098Hoo!LJ4LGV4PoG3SRAw#8Xt{#KOQK
zMs^Uy7IvJ>zNIQ9r^W_dhuMd0Bq6FiNT5UgTT8$=Cfw)SP*M9rLuoxqmHw!zD`<t;
ze2o>WW&=SfCZsSp))7<NqxK)W8@bmQ(w16`#NZ~U@ItboZv@7`RwV5kGlzzC3{|xE
zF^!D|Eh%GEl+jR9@-J?5qo-6I5WzAE{u?6dP#5X|{KnSqYp`O}!!7f$J{|x*QMAa%
zX`7e*9E!ZT=z3?dnJT3wV&=DF9WHw!+dF|C{M|4-dK(dvWZW9w+0~V_To@7hJq#%u
z1^!;f5{9L!j)TKal|g@Wax&Fw3*M;_MZ&+QX#AkjANxoOB=h|0@Qg05Px@`FJyN8%
z`h|lG<Z9$nfhj|yEEKlqCL$_|xDjDOaBw~~KOx*MLVm)DDk)(K`ubHmoe?&Mx7+Fi
zhdTWzsi`?b<p$&e{vAD+RgAIk3WTl1uBaiYx+`zzTLsz`p~l>m@3!f%4l~E6i-ru-
zCxV>C|LS{Y5hzbjPcbPm?}|)7n{F$DC7DP>xs<fDkg%|@!KcW1ntyM4b&&d8S)RUk
z0yu>}rDzxmtHZE@>PB`ev1(=gEBY5YbMKX443A~128A5|nh$u?f7Y&Ab6iv}FRwg8
zDW9cv$spx|!a_DBw_dt`V>J8`k<5pEp5h?I8$7doKHU}lsq6f7jiu$aX~)&3D}F`%
zm@v`51kNud#SC6!<W&@q8eZSgmH!?Z<qZu42!W^0{~k;D)cAPAfqwG=KR72}MbZBG
zQhuQ?XjoW*yH!=zPVbf<wZ_{S`S{vNmcG{iZw8T(H$Q(KANpf22{!}gs=z8Gx4i$a
zcj{sfJjnSEK%)-Q1BHJA9Rp~*l#WtmCCxCdJBd%jT!E;s?%2RWEjQkes5-m-LC)ul
zdnB6R#xT=Cf%W~*$Vk7$M2cnC^tFcSqM{<3aQ<Kao3<Xt@tfaK))GyiSQ1`0JJ%_x
zC<V6jJ;OE?UqZRCFjrIkJv5NR_=PZ>!?~<TIr|({;$ENnm&ADM$MSo=tpg(zp>=k-
ze@KGm-Y48KHilZJSvLu-!{eHvtFEE3*eF6g`@dNhM=`ALAh@|ljxwoXsbz{mQ3;*w
zcaL<|TWZ8A=%Jujt$KBC7xfLYg+CqWQ^4;n+(!G<M{<}3*XY)~)srFh>3NHOD0Dw<
zLQFv$9t7eBjdNBL#ON=PePMs^(<T6S4KFAo&x#O&XwA;`u_f}=ulAQvQPD5@$>zi7
zqbSTN9Sg7XJ-7M9iwc{}uPTQ^>pO&>LMlHbc2`)SbNl*g>(y6<D?YeTE;hg}d~N3!
z)`?(PTZj*&Jl~8mORKJ_Nhe5{E+vPQm6b)pV}|p1()rogh*eToTidPH{>t`Cz2^PS
zPWT>Mc>-l#GYpiw`?BK^*yfNGbXN1Hj*d?cZgsocyqVJxR!=tL0cg;7CheS@ggaU+
zbxlpZvs`h#E{XG-8W2(W3y;WP?5}QVArY}6m1#D}TYO@#Bw8!i2q@EJ<yt9F!u)>>
z@^VtSgWdORR(#IRPcikwh#9<|hSG_Nm>WtixH9orx&8k2aFV|sd@K$#gR1UYe$+Vr
z054&X;IW?q2RV7~*iwQ)x@e-0>7fJ+0M5T%34B^eLs2?xLUuYZ^+_yjp>VA`^h1n&
z-!(S;tYsQ3=&1L_bMb}DvEZf5k<HNuJG3QbjR&9b^)(^zs2Zdg5Wrq-tWzeegDk!7
zuou@t@7`nGd$1J0rhgzQsnsWiR~^Z(rp9jgJ1N-TA3F3S3L*DT7{m-RNS%b<mzafX
zcr8}_&tG&r!h3x@pD%*$FNXm%r=_7%SgGXXb!0x+0mjFZC(A=2A=JIr+V({a3mo%A
zJVH?83<IcT&mJF6j`AJzr!;w~dVB9FD&SIWW%WgMvUT!x616cv6E*1o&WUR2T8f;m
z{geD5i67fa>--{Ajs<agTd(@&vK&l=W6v57q{M@$p76Zq!8d_UMHJL4K9|32F^On}
z<t5+|?y$1yn;LbR#Erni7D6>5(|aN@vg+sNFo3teKhyn(P3DjP$K>#7CYBSoTZ+Gi
zNa3-iqR^6<-|@>Dz}of^PEBoCtk8r(2O#;U?omODy5vw6#-$YddnK_g^B5~Ee*Or=
zHh75%|H4sC{r41>4&YbQhjWc$6E!O)-uis&?gYU>)ifKz{L@_(0h9tGvQe@+N6O8A
zwZAz4p~x6}F&Mamv*KZ%d%OOT;X(xZc7JDJJe^Ln5=h3F*uG`&Q9d69t&`5>)Hfx|
zXTX~Abe0)Fz~z{<Gbpn1;d}J&G!9ux8&#EEc=yWZcgKq_k%yHAK{83~7pDF}qTa$f
zcDvlmc|0yI&dyn?V>;}2%NfSfggJsjf|x;R%UYl28&Ff(th)N7@of&{b~hSMdE*0T
zY|&iE)7rm7KEFVnZ-$0m%;|bjy-S{{J-Ev%Dnes28s(?6DT&-ZJ&m|M8S|m=(D{6R
zC;(N_9IxU;AwM_1FQ>Ig1MPFn8YZG{a*wFdOl88hVm`Sf^Z+b8-@4HH#hKt&_W8CX
zayqvTHSq4TKg#YM+V=3RTn?X9Z&{407=&p3g{goZjEWUUuoc@!z2VoGM|xC93y%-B
zo@l;q?>na=Ei)ea($;E85x*`_vb~dLYy>qzJ)|N;J*h&<oPI6Ae#*ljv98DXKBmod
z+N7GkuKMd9+RW=km;`s+i@3Z|AEYovr^c?!?UH^18xp4bPj&F$jo=$G?`yT6;)fxM
z!2AKu6oj=bG<0L(1)z^rCEF<OEFMKoWNs}z(FTJJX2}Er#Z^o(vYjk>{7(G6$tq{d
zV!YtrYH+*}&f2)IKJhbkZlvXK)_ItE?FxdYUYp@Nj`}0$+qWnw-}OfqN7LCR0{n7x
z=eiKnQ25p_T}w5l&&e<pm1Gw9x1W~$d~>)l<F?6qGP|(f`;$>MzvJw85b<`3nvl5N
zRhGzZ%@NX9(lJ1qz`0wGJ%^k1Cl*bl`DS8TZR1|9b`fC}FyC@2FP%O#EWEfJWIAIm
zgzkKE1SZmr_`b7dxLjp)H9OeS0^jGOumvLF`W{uZ!_%C)o@c|#$;o}6)%^aQcy~0t
z@SDzA+Y?ILn`hm^YeDry&74c4;U>$^kcfJYJOf-@XRn8+`C1#l5nE}KJ!!TT-%dY3
z=WJQ(VC<56O}2FV6X7*?1GeX*3-YS_mP3t)LtQo^XnAFMW46f*)ipXOU&<l2uUBNf
z1nYy?c`gP)>y41tJ`sE@5(0I#&y9ozZ&{S3c)ni%`ThAhyt`|y<;tpbRzp-d9-6<(
zc9o=}z5Lw|)YLrqF*W}D1!H<?_*N9dIK78ODEI5s2W*|1RR^zbSbyTpO*CiG34CRm
zLxs)qlG}wZWRi8+!R-=LlF<)#bk(!7k*1YHr0N(@MnsTpXh-u^OuWz59Br?Ul1va}
zq7i+{s?t4tZ^sb2S${*n|A95R5%Au7X@wF}!V$?3LJ1EMPHJZZaWBg$xgsoJ>Xbgl
zLT2crT-^y;{{$>X7z+U<qV0|;WuvFu#(Uw6cO6q;D<+>6p6k`zN?UpR$UXjk3;)Xp
zV-{k<viDz#P-49}es0$lTjySh4fE1Q%>xJtc?m@fsE58rJ@)J6{gTX;Yeybl3jGSL
z6D=^&SoikX+2yf_Au$1at0ld(iq?UNdO)+FZu?}z4>9I_mToHI#;H!PBw!5(MhAWj
zRFoR&S5tsDr`@zU#ETcx@s*eu0?>NRNJ`3#YMq>%oWuxZl*#x-)X!G_9ENA630`X=
zSS=Ry4<@lM`iYKcQF5);5clnx5T6D@XAB~F^sA%{Mt)R{L%TYTkic=|7vygyW_oqq
zo_LXcm7Lo34+_eaOf1K7p6LA<8LGO|rvAXfn`5+b^N~Q#L8ITx7s?L}yCPinjGF4;
zlkGaAjKye%2T{Z)j+`@v;rS%B-)@iUF{h0iS7WN*?@m_?pQa`!!Hk4ag6b0TX{k`q
zZ3%9JjCQkXdr+yxQ{N+7pXg@2Kc#c*upyRBbS@Qn#N;>e6z>o#8keR0_>i(}B%Qcu
zqpCSn!}av(Ev>Gdg9J%mdJ{EDkT_R<@$WeD5+XkX8tMJs+sYSEYXA4jJkTe#dTMN|
z*Y!ozfpKoqpg>aFAJ9$11-$XBGT6>0j;3DfG^+7&!9PIwo#lCE!C@6lHu?@S%8=lZ
zCfKn9t>bayaR2bI#iw}o%~7Ua{Yfud&v~Oae@J;NPrM=d#9&OfI|y0mXx2jM)#u&Q
z#Yu@W-QBgrLB7zwe_F6~Dr@qM?i{|nyuAH|T_I;@>(%HIyY)K1wiDF}*iHk(>VIYY
zB%!UZ6A(gn{**Betsj9}FV<%<g}Ia*icV8ER=_hR*ofpON{K3%j)2z5fYf2Pe*Vme
zaw_`$8#ze)S(zu_iZ9TMcTJH;vmT$=r_&F1>Rq9`K~i!vV^!N@arjGkXWwGj*lKgQ
z3yLbQkQ?95Vtmc#^GVHXluN-Sf#9D9f~&f<K?$a+@bF%D72=SYM86634?m7|RM$fR
ztk4}+JTJ82ZV(k`jj#>%9*Ew0gQ4(p(~B+axx&skCMeOSN`pHjDfHUROP~ORKxb#1
zKxF*#_aM`mhHIp;=Y<>&_yt=Q$d{(m>0-sGSOaxYy`zWn(v#w|+dpUq-6=kHe#h(0
z1J%s)aiYXHwD-Fo9buSRMT?H`Fa7AbOVrg0tJtHw_M&}C?$`NPI5@c4`B&KCx1jhn
zcLSTX@$7CJ0*0zM1VmZ=(cH*&<41YPmh@5Zg5js2GLzh4re)4v&|rZAxaAZ!JS6?>
z;8_?h@lhpe*=d5XZcOc`ikh@=iyE4Wgi}`N9TB;#PO=Q@tb*|EGK+x}PWrdHR*CU^
zmAY4H7#(xs(3Wd%>0*%_7A0>|3H=Qt4!XPTkG%BIRa>bOD{Q#=k9%m*wffe+eM<3r
zEY*?$(c2zrqHpq8s`A0YItN6VXtFx*35~Awr;Frq7&aMi-g)e$D~=js(h;?IlC1yi
zI2yXZpntq%z_NI_3>~|;pdeCT-ZS3yxLXN=eD}U&%;R*K;$kn;i*wO`YNtOOKPc6z
z4ThYYyz!zBU&hYn(7szi{(n-Vf*rh2tDbN_%_HnKbFA5ceC$0EPbdUv(tuqX&N%I#
zX{4^P$qGf8*cy0U0K-pQf!AH#`wlL$Jzr`&Uu%&tcZh_He>G5-z7^-OM|rij!B9jd
zBlcdu)F((L&;$haA7n_G&#1TDV!NMr!q$hRMSJM!>0u7-QQhPiIJ}dY=&q5v42+UN
zbx8o|MjRhAU7_8bww$SC8{Ri{)r|4_>3Y4?H5bz@lvj9~8kieY$`h^KU#L#*u_oyd
z({=IOEteU!n46fO%w0R{RO!P66g-XsUz$p?`>t`DO@AAe5NJXHRtna4eZ=r4@j5R$
zT@y5R2}b)@XP%<n8ZC24k{wKex%E&Lkb6j7{Ez*`{@hNjRkt6ljYZ6Yg*YO>rsus2
ztlC%o-`GBh9|9I66tSF>k(F2v)4gA{?#wZrZPfY>rcU37wq&@S;)d|oP0_uAF<{s4
z<eInvvx}=xJdZ{Zta6_Fbs;ec(+Y0;om~~}%)LGAb=Bs*`DTk!X;$qP$6jwAY%=yD
z31X~IpF*%`H7LidBKdfOuDNMWZKMyUt8xoqN)S<XR)nDFTeJ}ohWB&fbK`D*`in|%
z_39MGQ4bOePC|=IObD}KDGPqZD_V5y&+gLauDheJ-)-(=(Tkkrb#~UrLC<L&z|uwl
zqNSP?;8IStmEgo^WZ?OIxmS3XbrKh5%YC7TRe$Uxt##mC-)8J-f$2_3V~{UET-Z5z
zUr91ureJg7xq`CWd%6&Z78caIJLL!;V8(s<%8<6K`n&FPdOmb{>n*32$IXlc4!ddG
zuI&Yl@W!Pc7hX;@kJCuwo{qz%R@ElPua_Ha;FS04yTP3;X9ruYO6xXBZWkUlFJ8{t
zv#iCp^KR6ORkyQd_vcwW_xp{Yi54d!2lP~4kCZz7a8@rI7u}<U8VUqN#46*7946j~
zK*KRySkm|ZgQoY^MeEvHBxdNrXn(F1`2Y_O-|7AOGV^%hi~eb3YPZfn$Q=zgD<EB?
z#gW$b>T>*f*;wnsYs-eR0cjx!m6*FtVqIArV089s2#Bz(TXPFO5WU<<)Rixy&PZ(F
zE7N*F4q$N|d_|z6R-XbPx(T>mjWn1Z)AH~T3@5buBIC18tIf{9?DD)YH`|})q`Vy0
ze01IlXVY2<Fs=Br4qw!p|2n8Cmu?@OPG>%F3?t;h>+S8u;nP9H-j?E;Jyc8SX5q=;
zVC?QE@-i=b#2s$9!OdXEO)>7jg#%q@i#i2=Yv~L=N0}TYr_Rh!F0dNwXk&rxB=Hzi
zDhclx9$O-sqD$7h2Hh+aL{@E`v!)8+3T>9t*{ql+OgM%7wL)Y1ByylG*b?~EuzVwH
zSGxeu!Vez_ka^qR&ixFaP9^DZ1yOh`6#!w&Y)3k2oWdD_cqWHV0({F14>CW1867V*
zMpPuNUjsMy_JRs`dBP1pL_5cqKX|=ZlzmN6wy1;!$T)0v9(kfWg_EP|{9@22iD}!W
zy>;y!ruIR{&Z2dq?uDT`aHypnE$Z15t-fFm25ChTCZPphU>i$tl2euvw=92U-oSO@
ze_wezYz%udmcv~3ORv2xHsP52D0U6;d|Fg_sBLk6;W<UjUmHhInjWp}-3*^qDa~nG
ztX{ib@t*0^b!&=j#j&oP&9+}NyhHIF#c-fBKeUd+-2*%IysZ+N3jXlZ%~248K_4j_
zTcW-=pm>fA+C?Fh;+=~8{2;kx$!67@Avba{SY5q!j%N$SYd)1$WH|Rpn;GAx*%0gh
zD+LZ7k`QC-*3hC2-|!Jy@8=%Z;(~5w%QXGgAolD(H{ejnn4&I|y=(n|e_VR$bh;e;
zZg3C|38^P4n9Q1Sk*GJ|xKr{(WVBQ3`0at%7Inu2SLQjLaYx2g%@VFkuV^j$*z^N-
z(B!1T^X1i8VO{gdS^EXp!<(L<JBQ0M(vpOr?|8BrP%Bg{66<~-AS)$>v{-LZ+8QOj
zdTKNZ!iGipM4wO`8Nb@<X0Y6Nafsu5GXva~r)iaGF8j0Gf@ty09)FolRWLamX{-bP
zT4XJYpa7bg*-UBq5e`rhaG=JIr~s$W*P%kgZ8p|-ztAsK;*^OW8kF*0qXR>1J=@gV
zi&>#6PA_;EO8V7+)~=@?K(E8Y*FR=&aeDkzPxy2{IL~Bc*M3j#h$0cPez{?zvKjM3
z<+0X)CT)8K+t!2ulVKe#XKg|mG^(1GMbSIAyzOkKDV)f~CdJPCoeL`6j2ie@?MWA(
zZGt01`(v;(`!l^}bf+oJSUF<HP-1pR+*Di^U4aY3YIms?74`1iJ^c+z+W7^9oF~r3
zmO^W7*x!fZTCA`4KP-dM28vzzYDSy35g~{Z_Q^ngPX+Gw2ScKOZJt{K<Mn8h1Pze=
z?m}<}H&HA0$SnA7N0FxIfJ?EGY|KV=EYNT|M>2;kVVN+P-^+>o_ofsuRAb_}NG`$5
zmyWfI9)UVry*SNqB8mCyph5$}HkOM1VfEI0h62}3lh;?>S`gFwjMt3mHWB_CEBfk?
zc)d)>JejZnlOItzM!%$!Kla9psoO#e4{r8`@*UPN%;a~JS}ZwkACD5a-8~<nEjo(t
zWmV_+a&w<J6zK@j9E%MIuiO-pkr3c-CRr>@XMh61>e9}1^02sYck^z|t3eqge`;nN
z%Y!^Z_#za)2Al3r^DjyGX+Fq`aWQD&dbtg3O=!1Ric3;x+^(N-v9RSl{RnbViGG_P
z8s<>5@Vp{^=Vmje%}*IUYip=MgWcFcHZ(($L7FafLm@+QDn$Vf_BTII+r3!nK<9!x
z3?5znU$s|2QztXbXZqAXAHdvICsfIy$?y59#+_ZwxVh@b+gjZftc7}+tb(yc*OBH0
z#Y8B8nO$Q+zn#!W=NV)RlNoeKQ5YRpe9vrNW9d~;4wuNGx~Y1aVpuER=dJs4sha2J
z)uQl@qmru%VTG_=4&cmfMHR_IWHW2S?8)21Ay%pd&B^rQ?rVx;vw}OY44`^zvp4$q
zQCSl|cAE_eD&yL>6U^iglaL4mgLu_mAstU%MRDh<geauaoa@k?2)Lc2hIoFFGO{2I
zn;G@~aBbT3ZF@Oidut1wDOKf|nFk|L>lFvK^}Cy+^Giv|bki*<)yu0Zipb`Q;v%D|
zLTO>g2q1-wfR8}q?IZqpgRE}u+y=rV%k#q?5w*UGXWI_8_PpjLB7jEO;frjBQZDgt
z9m3<zP-T9)yLAVHVKFJ0Fp?Qe@d$PhiOaG6#RrN6bLAM~U>JpCU5Q}|+!zvB_!zac
zydK5oN{JZ-hlDSMTPs3!SAq^#>))jaq*tqyh|GT~d@H`ClEe^IKi0*zH&I4%{c0(K
zk6H%0S0-G2oVbJ)uRE3)2@E9Jy@c~qRti|0`^^~bhRdluTbjOHTd$uboccRcVq77>
zChw)cZJ_63hQo1TVj7{&_(PCRt80$K5$pNIg@CCkwd3isPnl*}zf5>!r0T|;MxAMZ
zw>QKkI9z)bWvgM1CLjEG@g)$rvmNn-%xty#>DRdVTseUU60>@>QDlg+uH1K?S@yN<
zhCI)Q(9F!t$d{+Pt<s7%#v_@tAk=q~7%*UfnMAMWTXOYsw}!t4T`K7_=Z89$9h^<<
zE>PY&H-*~FQw&Jwrz3I;z}s7<*qv9*?@ZK_)#;`(U*kBbV<Udc5B0Gcbeox_O&u|>
zko8Hd+Y%m|i=4~L`+S{^q2%uVNkIWcf2DcNI63Fo5NO-(iS4_Vb$xdy%Glca(2csb
zHP3K#dS}&qU}%fWOX#va^p;{)&Wg`xh4jh!L$lLSVAeWuTwGj9J*)YBs6LMwwp^hy
z{SWplZO4L$x>t@&3S2IS!*5pF^+G`?1k?EWj{)Noxd(r!U71o#Qz3qDzUu1g{k!cw
zyneGWE8pDP`Keu#cSXX1&%D!68A|`s?I9-#rIRiH`P{Tz1ODz#u!f(=*{w0Rvi4KZ
zpj)D-Itk<LnV^aeZ?io+EKq>qC-Q|~djo}ptg^QdyCHT$@#8~(WEM^Tqq`ifwDL^)
z2WJ+47i>j=Fcu$dRO`W*d@(7hp0(}ZV;@+<%)s9Z987MzZr2a|W>-VzVN{ZCdlRLo
zT^f9@ZM;MWzn@)h+N2s>+Q4A~r+<9+;P96yK~x~$!?uAdUDn7_Cbvrrq4BG#^2C*t
zIy+~-;bOzrS(no~H>Y|&frU&dyP8bTNBCo~Ps-CW;x~^*>K}x(mW?K}=J`Y`5{@Tq
z*MD(-d)v9u9YkdX4A)st<H$JSNJwtTAFF)a`##jWu+`+6YP3~f0|iJ|789h8p|c3j
zQlqVo$;gb23FTQM;1}o<=P8v*toz_BO=L^t>+TotA?c~*eH@$63*o>C0gG>i00n>z
zGOuZb1DS7fe02&82r%diOP1IM!b60%V9_{7TtliSII<0aj55<B=jV5~l}!sc6S<gv
zg7N+OL1CuiYBAW*(J@LfMsqM+wgcQZy)M?Zuh-4Vcro~8hS$K+r*x?&BqoxDgEDMF
z$j*Q?XxyGO?;=NC;_Oih&HOBzZdkS4Cy1L@*F;9;GHe!{k7&MaF%e)`%hwRcU_>|m
ze4B$2!+amjb}ijzt@1>b$`tNqydoVxb$En8Z5tDi$#g}3l<8OJOaGQ&h%-GSyU>YT
z^*%(ph#sfsD1~Ja1xu<J9W*XsDoIy_DyV)InE6WA(`q#<V?+4n#Q=Bk;d^bQ+fE+4
z!drZ8*ARDnC+op3E~b(4tsVJdPD3SgHg;4?9Yk@(O!yM8zAC%GW~*<br1T55UPy8H
zugYgI4R!H+6)Igb^9VNRsG~7M)uk}{V^-=d@L#gVR7uXH?hc?zHaGRj&mY_0QlS9=
zz!d4>@LLxmAnnWH{#rZVy<v#g=MoBDAMWdMzrJx-S3Vj%d=}FmH=Cxu-V_Mzt*?DY
z_s=zB)2`AtN+c9-*9UfxeOe4MGxeg|`JpY1U3*`7dx^Z5Y0qTNTJPHQZC-BXihwtK
zH@G<yi+kmJR~L_+uxF)7gU1?*vOs3|%SlN<F~;>T^*g@+zXB>UvUj1_fIcuqmTHJU
zw<qtuL8skZ1jfRu(kc!oi^vUYo-MtI1(%nMEb5i!3kMVmmh;JH)l3dyewEdXz#+^q
z9Gm3c)~DN(?(2i8-?!Q}y&ok`bYJeisk)4%bItwYwqn0b{a(QnQR|W-P&W{@7NpS;
zTk<z;{ofcPQ}GU^bzpI^_YkSSs_k@`L|l{0W|AgcYjxQOqbgtx4MqnUxZ10PW+1s<
zXMZ4Rs$-7by3KyomMqdUI-1PExRyHxtC6beIK!P%=XvdJv^y4__3PKNO+Nt+t9hgA
zx}nB481rreH)OS3cH-AP`y=OeD;+eY)aSXt)3dE~)}_t<{`^DX!Wdxv5^*n4+c7!$
zrQn70ieUUm^RM~I_qZ?Qs_sP0(?Z;j@+G*t$n$Ds?vEuTWm~6g6k#M90X*%UG%_~*
zSsGz9#X2^7vxopn!sjatJNXd6icQfK+SBJ+l4q3E(zfV#-EOwGEMzq{JE`uI$i=~w
z%wvn<tS+za<DxqzFRAIl;_pFv&iIB2_8<>;cfZ@aJuVJg2AN>oKh)$sQgjHW3;4Z{
z?oL1yZ=4dujY@D#N=tqYWHFm%#vRk<R9}G{1e1C>MMYv`j>ZR~+5Ng6H^?QrVx-qg
zpGuaZ5JZJVHx69JeA+{0qsZ_)+ssnFtTDh~M_pmGCAeP%^oos*GqY-09ZnyBLk>QB
zbi2}MKjxUQ)SAwu`0GWMR)(Se&Irgo5FNRlGt3?3cJ`S53Qzmu4l&|_onEWntb7s}
zB`on-Od*9TR$eJS$K$h(o=1#MAdC!^aDJodR{Iy0PrBL{{7C3IJj!q8SZ1{)kNLOG
zLJI}z7RS24()9Nh@%7~vm8y&gK1ntRs@%#gsKqO}v>O;FWk-uhc#ONkhE-<fKmY?!
z0Gnb}K;-LaT))x`FEB$72`NUwM1<;=*HNr2lh(_!X$LEe93bz0G2k1YD;nv$HXR%q
zsz_Lv)D7lk0>BpO@1NVVnpV9@3<k;sSZS4_88I>F3blRIvN~Glf8x;mP<gW~ORhs6
zkzq3ZA9e$KwTrLw0d%zTRmSQEgTYn<h9k|g6$O_2nXaZ8my5mqJZ{39Ugo)UCF<?3
zP9Zm?!Ti^rQdYd-;S&=2`Z=x`VONKe>%AVyA@%0Lpkvy83)Wes*pASToxhL_d(T2X
zW_~}ZXfMh}+2=!3)nd?D833rUzcG*Lj-FRKg7zQWL6=T`?PTsTAz@+PjE##9Ls~~J
zdPHjsN5s;S3T7XW*{!Us>b$^{GKuHOGt|)I{1tXP{i|9l`Q7c3RVg?goFPvs!-~87
z!Ohlx_4e}O2IkBFpPlFJ`D$n>eUbjzX1C>7ieQSjtSpkygTsaSsIYN=$l_Icy=N6N
zk*1h4c}>dl&Lt+GzaX+9&iM*I<Pq%R3&%hB@m5sD<p_T?VCBnm%f47JfrDK(|J2&h
zkQVwo#_(U#!^|#FEbt&4{v$XqXy+yaFO?52x7DxSRo>jr@vOwCe`b6DZVH0_FL=;A
zn22;*E8BflDc2GQsG0%}IJt~=_uV6TiHuEj7UHjrXCEi72-5kC+Uh66aPKxZLjfwn
z)6YxMWY<}swB0ogZz93n?d_t6(G+N%+uv0S)!hpoPHP^h?@<ZOXFMaWJ13Z=PUfC$
zce%3WcJlK%v_{!@G9FwIMA<i*^gY|UGAi%Y;rZUy4Gu!Vj$g0~Yjj4*cGubQT5UJt
zdaJlR(#S%|=uTG^4rK3}(MBkCOcZ&4rP(ophLR+#bChV#Z(~`k^GhaS6an-Mda*gH
zgpHFH&Zl7TngMAn?42Bh&X21(yFIQO-|B%qadRa+X7R%7K$!v(c#xXh<@MB95gdd0
zPPul=K<*^X2bW~8AJxjR(BR+=l$)Wi6yLA+8LkPI#m9i9X*TB$W0C+`#W{|<u@n<b
zr-M56?VI0ISITgGEvIQ=&%PyV7wVXnZFYrppMBpDhN-R#zbdA?oIgHv$(-lMR^wBF
zsApPuQ=%k!>Qza}@!q>^O=fJFZ34)37~$fbqd<|e`-ggb6<_5s<fQ1bVau1)zoH!N
z_IJ+t!N@O%eTkTyt##nZe6lxciW7g+aG{nCxX+Pa5Z#%kq^u~)Lw`Ay+}cf(A;50%
zZ9%Ov5V<Bo+)>gsM||lw#D6P69>KEU=YCI1Rh$T=s+^mX2lcj`{tMgWQqmEd+v^p|
z;R+n~6`ZK+85|d<p=I7C;IbVp8l99>)I)o>$|V#aw2dEZl<6Tevw>y`jsWIXbMFl9
z{!+b{Kbp=}da^T|7%RDVH_iDrVMXbjZsnLjr|k<~3gX$~k2YZmo#kjBuF^Q{zBrz(
z=HF`Djj&*LoodvznJ;`bB*86|ZO2d4vJK`ezCuN8x5&FQIOq$&-(Z+&fCT`#Uy8-k
z<flAa)BD<fiLdu=wb*i}Gt&_n*c9nbN?-gPDUh2y8-dM}xip+T--U=x*RwmKK{?oR
znj&EZLS}NTv)y4EO2sxhM}G9Pr)e-<(SV=s3u{_dlhJKj_eC7&efB$S2yNGFzBfVW
zbtGia_ouG+d~qfB9~v1^Uh;UnmUoyBRdd)#Vp;<l9q!*QwWM+0@ZoUU7a=gY-ppXg
zmiEzgB!AU~t6aLwmrSH~O4Evh(RqF`oI5%mG+PA~?uUEdlpu?GVO&R8ENq#lx-ONg
z&0fD$n6!U2k7E6ob2!Zc8jNFIF5TNw@rO(zd<)~s@&myjUF?eP_plOLjq8o+FP+w*
zpV4<<ND&Vr*8Y)Jn!#q3VdFUu#@M2JV2s^ycr{d>AzCvVnKAbLQ!*c$Z*66l-AyFl
ztG_D=3z&xt#iCULsM*P9P_*BzCYuf}6+ls~BplK-rj>E9uAU7|w|T(2X5GhC^Z9WL
z(P-4daXB8#Y0p<@BC<abjGr{H1`R(+M;fiJ3Xd^nxZSGX=yO_KX`QA!t>)`&)6&rN
zc)c>s;FM1!Z!Jt1BwJM8;x=D8TQ1cT1V=4bIYk;oP%M(C3ys}Vga5wOVXd2>07qNc
z<GgNo?lYf$g6=hr`0%RTgdM~N+;2Jhaqz1nl*fsO{*b|ycX)5mcBgY#{T)}`e&BF(
zxG!ojh+SDJt?TT`s~gbbW#6Pq4>kh4B#_0|9abOqw&Yz!EK&%`L_gyXkOY4wkxPXB
z{4JM5+w+5WfEG<N=;d}POlM@V!Ads5lTbiHf|1bkUf@b1u#6*;$A`6SY5Z!X3A0Ih
z3IL88jy0NUn6_J^QnZBCC2L}wNrtV+d~yh^ph({p%gPImoj2G1(c=_Eqr@m)yV2Kz
z3{>mMQ&NuWe~{SkbuezdS0bm=DAZm~sa+pGJR6Jd2u&Z8^GjjrD@Q)T`DO&_eW{5G
zRh@25D1<fvnGWOzR9EEHqGSL5)!H#UGAwjc2(rcX*WvaY`Cc7lQD_k!saKp_u;SgK
zh>H?zf)-TVS7ZyMf(I2)C=S+;9ay!U8?k%6+TDYR>EG{185Y$Cx_o26;Q%thb*D{6
zfwsK^4jG=Vgkb8?NF|7E)$@s9r)dwa6`t8-@(uUyhz&EXO1~H3W5GmYtO{MLJzRnG
zlwd<LLQ{ckrVMGhWV~9SP)mMZ9!}{)j8QH)bd-7{oGxbKsmlIp@FNDsSXxKuQ^S|Z
z%7ih86pd=p^<D!*usJO*HdB@R1@Cz;li=QQhC0#tbTV0kOXu31?(X&JE!Rs!O?-71
z|2|R271#awqNkt0X*mLeLgt(<9;^@}!9FbYGQQ_?q4{cHs9t3KIE?<Mz6&teU|8z+
z?fu-`IkP6myz;P#2%z4;3C*@__lU7c{A=doaMjx77Yq_=XAL4P2qp4z<g$&CR=^-)
zm9U*l@xXIFre-x54HFtIO)ojlOfH^z*SV|Sd_DP>{sVSR_<6GP>O^U9NCr!u3-+$6
zHkv^=Rgjm<Nu6pq>F3roCOgB3(YyUCpP9XQZJtQOG9sSL{^Nn?rqO}P7~KIw*{9==
zVS8&OV~X`=b0}lnSHIBZSibqp{V^kiFfI|ZB6(P0Qz@kqO(Y~F6mG%4nJPXth1IM<
zwt8s(;klUH&YQ1BsSK~Wm;1mJsrdX2(afhHQ}>6R#G8T{$)kwhkX)`bcA}3LN{Rhf
zV4_3buA!bZ0SDGXZDNmO;c5}ga44;<P&OP%tvkTLgY;Q^=1$|EtbfE}y_S>{b9_D5
zcQZsvNA}8u04~N5VG}?7sP8uH6aBp2hiI8=)N=h?ukpB%IiuDtYlkCmkvNqKM%JPf
zPyjnZqbDr0cg>DR5vSJ`%B8c{%Y0Csog@g7jxt!)HMZ8oE`0S9S7YrBZ)KxX(mo46
zY<p}3);#lqo#&2$(4u{;_WSf&PAkaw9xt3A^K+3Sv6nz46=<D6*{$x3lPI(-sz`Og
z-VLaDH1QLoV$8j0h+swspN{}_{@%mS<OP$gjd}Imm1lB#RA0=OyYtg!GUb2vCCFpu
zR1Hx|(+Ja2w<xWZ2-Uo<46w3J(nDEf>X~Z=I1zEGL{!lsObnRP^$IU^ch5A;vv%vy
zO3qo~S}1lDgCJ9V_yS;uDRa@nVU=HMHpZS|5XWEBZrQEBw_k|l7T6p)#KguPNT;{Z
zV6|^WaM9atQ#yc_t-EgqMrY}^ukjJeug8T@^^a!D3~xA=H@VJ0rO-eyVL`R(dL&(!
zxdOP7W-bJiR<XlvR$|um8Wx(5xp#^$eZqj$BxgggKRL(~qx;DHs{6neA%1W$I+a8@
z`@?IM>Uuuv$i$^9k6XguN^qU+7s@C0@3YIpfc6~j(TgQ@rnA;L^UPOAY@^XkJ|e!i
z=h%hU-q1|ZrFx6Otz{z2hI{xLj|A5HmWft3RH-!f=v8jB>^4Pk3|V?r(QB(c7`lq3
zAC<SDfCDiZZZ$oC-GRu?cPma|3-!>-T0eQ<s)yXTw4X;Zc$U=0?187th2v$KY`vL$
zurd*^U-nNHs{0pMZ|b$1xR<<$v<4Lx|7GC)_fUv2BG>l;WS?0(RTx_CcJhh7sp}-L
zHds2*_9Lvy>Pi10hj03x{NYtK%9f*cwdcjaM3ZtZGM96?@#%8YP-uKvHOojc2j?HF
zRV7o^(eQL6VdW2kZ7L_b+N*z@+#`9|*~ew7<+wfE`OC7%GNg{0v?w0+Jz7jLC|z~5
zXuzh`K*GvCS!qek_#o9VzYHqO6iFP_mcel50Bb$2i3Rn)9B*KsK>8(P!5ouz+wI~J
zwbmB+&zga$0IaT2`}Tw8vcFW`Qr%xF?{sPpDy&IA4KI*qj74gXhfnu{N;vLe1ydkb
z+bO?eSmCFLt#-a3GZxD@TKIFPw!>?kSja&ZZ?{#whtCKs8~d}1&eWbrZLnz}w?o<D
zD~n75=6AKdVYF>*-^ojT?xz#2o8^g(z%nH?u){713=?9|!gn*JJ*;jx&)hkKv_ip-
zH%Eu`co(Rt0yAI37Ha18|Btk{4y)>I*F_Zp2^B;_q+43LL+O^7G?VV`20;Po?vn0q
zn1moXVbUPo-Q92oe&1SquYG=NZ_hs0HUIH)GRGM2c<Ozg`@Y{#&4UM_O}Vl{X6iJA
zZZ@?Y?QGaxd|b|i%PY$jtDPH18`|FNi^CHZN#9IZKe**8N@-%g&Ri9j)G_!hK&^`t
zSjZ_S71L4p9@L|BDAG;|`hH*jB?uZJMiU`cn9gi(`ydc-ikPC#P+x<~u)i$k*zjhJ
zP%5yhkZ$x^g;I$IM^*j7Ah<GEnk1_bVsa$zN@Vx|X+~$6@5yG{P=rb_A#Kaj*su$R
zrpNUezP%Xq9A;0<!R_ee{947fm6(y)H*W9pWma>4B3j(D#0u-MF9Gp*qoi(L)W9Gc
z#hu-GKiWwR1ln+RjJ7O@DxhMpQb8-qUHEL18cD`jrG%C4dEO8tqkZ?1;yiAw(ojl2
zH6;Z<J2y8<s@3}tXb<Dg;n_cJCX(VvhqRI)L4Lm)O~##HHyD(OP_DFna1<`b!hYwE
z1J*1=^Z=Se^&X3W>zQ9QK5cB<IcR;z9SU4uCU^RI2l#tY<~RZvzwdN_W5G8(JRF0m
zGNHol9hV)s+Zi|7@bGY7C`Z5tR!?(3k?35wvciKkw`(x>wN`B_4A_{-EEh@@CY#T$
zM-%}GqT03z$X@Gh(ImHsy7Kao6=_>2MIBdqX&pWDE-Np)w8CyFH)G8zyAvOst(i9&
zaJB)3>3`&P=>$F*B)E2M$a2)AV{UGjN0gK5+=ZQd;!27&)YaaW$Bb7=7+Cu~_niP?
z56gwE`mv|`q7?#VJlduvCXNv1wPez1ds1yWs%-dhcfp=y&w}%dliRrKCD1a`x8xs6
zY~b*;h>QE<dtq588*$f5yj~gHq@-}Icjw7LJ-P)c`x(U~D3DVV5_|~*ph%`mMC053
zUT~*b&c5K2v~D94zA?Cou+K5?(vfM2Z&nS!%s5>Re;gkhs`m`9OhxJ^-VBH5Z4XLl
zdh#a2^rzigbgj7*MMDkeu;3We9>V|K9fB?tnQfBqPv6nI9!zW2E#WqFOuHOz$Nt9a
zXbMwsBI@M|;h0c%EiQT&vRBg-0Q>Yq4n1s*Kt$b%W_FJE^`gv1Kms|)wl_(nharEC
z#Yhn~$rmWax^Z-~x_(lTye545(IzjS1q+jDP05Q8<zdcmHa0!+)zrEhP#IKY+-h#l
zrt!rNB=@?L35Z20)xrP9TVL%}w3&Bp28nH9zPl<Dxc{vCo#lPMy%m_Dudh%1a{R@B
zxb{$~R+QToF?%f+U)5OJ0{`tHS>gU0IbLvG*M$6z$1LAXzlZSf$&~ZFD;`h{r3&$B
z+4Z8k#ksx-lZVf{F`Apn51)C&K=B=LooRXa@>*5KYmKsAg;Cf4Sn%U?*hB|==rUcp
zEd4sml}!y3zSg>42|rV9JQW!=(+Rf$aDk=2?Ej~J)K?)^JG-5+oTgm#LK$;PM{5(@
zKx*WQ7@>j655XXL$zlTq@sjN*^66eUavJD-i<0hF;=rA)t_szyoR}<^jiICMmt57J
zz-VcfEl6wE^bRkS>?mfwl_6;aPg&@5tvqhu*m)D}PpkkbgCbg!!KgC(qX{%uH@3XE
z0sn6#*T*(y(dwX;NhFiz%{#@>F>4B@m3uDG9@7V7saW)o3o}DzV7wGKo>WH-v)tb5
zKofvN6$60pVnJH1L#0dGj$W5b&*{LB9zB9rdz{8FeX|8A#^!Iav^B|&<{X&0p{j3O
z5D*a+-a>lGgSLylG37ei*;Q^C?a2WA1X07uF*%{vE)^9rSGirMEQKxm-`mVrdxq<`
z3j@j5XLQdfTikBKEHrq)#cMm3JhX?6yOog+KCFqK!s6tSMkP3%b`$2wImt<yWUR*v
zW0}HLE-85#8RcYNAU=PdzW!6{0n80dd9q<2P~xW=qOlo9`vp6?!cuw4gFcyT7f^nT
zwW<TpPgMT+@r5@*%aCpvXa|7{DBV*`6|I{X;*56=gtW?I*#B`#t3<UZW8bm&MkD_!
zE~Y>F@Vj(A_*cf>@yhdI8dAZ5m0ek`kP(!C!WpgKU>_BsWM?L<UyoJf<Io?wyV%`+
zqoHcXs!7JL+1|-hVRh+0v;bfsJT?X`-P0aFU?Y*PtifMd4AghJ)muz8Ce{aKpb4dn
z+V>fHI?!{V(n0MAK;t<1VhD{(TK_G5Q?}O#yMK;1NOq}vY8bC&WF&A=G+EQ_zil60
zyKd9KH@f0_b&U2tX4ISB>0~p@e)Hp%YtN78&2{r`!89woN4q^0{RC<^FB}<a!;pi&
zRz#|e@*2t9ShCK&cN$k-#EL=>$(GW<>tNdc3X|yVOgnh>gLox74U`9+MuK=WdobON
zBpx20%CmblZVBDmyEKWoHy6A>ZMO@yI~t5^9e0gJl_j!E$8bq(*)8R0(^XG@xL3oB
zP+^p%Po@~*s$;9ou@r&z(lsXtLAw|ZkN19Kz1A=NW-OjRZi|zH-*&{IEovxHG0uD)
z=1+MzvKM7|hpuBg$;YyvWBf&{=c^fis!;q2&}?D%60lSoK4`xOKnU2M#v?acYo~dm
zZ``7ug#qZX+>QD*7hs>Zd37q=)UR7Hx);6wIkFF1pcN^ZoqNA`s5ET5U?{|WU*v*t
zLvL?d`@P5Y*5sat7PB$zO`jTal_Xi2amsR!dtzQ5RTvSpEen&7Hyu82e3ZU!-anY}
z9lTe@SKKBVfRfH8#DL@C`0Bhn6BdYce){2iMvp-b*9ZcL7e0zCQa!oZev1TuOEx<F
z*xax8gG~7^L$$P3e@LZby}L1r(<+u(qU`-%)M6+_bTY}%;MY^*Sn~emiH0{q4~=zn
zhRqD2%#j|ryAw^u!LHU|d5YW?JNy~6xb3DC_3OH05h#!T($e5I9ldE-Qx89QxM7%~
zHpTDt^b?mlWl^eu7vsO*w-(pq7f6lBCup8X$R5;HFfO>P$eiV@)Srd(7gC#<zl#QM
zl(pWsuY?O2RdBYtw(HT!RvFC&r1I1d@&9q~F^8{xRzZ(g9{cyz<N;2>p@tRYF{<kT
zKu=zG_SB1WVI*1hw(CVJSI5>F2e^A9-4w;C8GOc}uJn`pwu6HsWkQi|zKUYX-WLt|
zB>)zC1`K9a#shVJwqN~jG^~QYR=b%kS=&M6q&-Yx+wnR*SXfxr&?vSznA1?~ItjFy
z6lf|B<^8rdb;1ZBpncsBQUik-8aG*e;{RP^6L{{PGngms4)4vk=<~E>2J&eXWM{)$
zn4cK{(_C;KrTeK}Sarc<LDAaO<;`amx*V;4gb3%t!$J6lC>aoYw-OJ(n;|$e?qyV)
z;)+ek#YT09=szFgX2-bc4W8_+Y?ODIqCGS-Ibq24eX9Xi1~l`c^QiYe4g!r>|3QHV
zd|(Ka=;d|Zf1#R;Hm25SMmV4@FmWu?EkAnOV5$b56oR*!hv0_uW{TkFgV!?x2tTFs
zdk(-W)LK+Hhn2Vqz$~hai#IplTKq153T$Y*_1@gJ(+RNT?*k!kHYL%$nk@h-ngEc6
ze0f?ot*Ez_&}D?AC(d1JH&l%@iaq_gaa0Hfuj@+!>w&;}mel?@*U`>LQ%92(cIXyo
zdC|$$`TItQIqbkLwT`ChRk6jG=wheLt9@2Xoa(JIbw(Q6_MO#EXw>C)=6U=N?-7wg
zO;IcEmW3LW60#YEIaE+ujR19Guj<*w<l9+Wq-l}#tRRYX&My!5_qjDR>?e3tk8P*U
z+YNpf4i*8Y9*S3790hJ(uqQ$12b~ov+U32z09dX_R9L35jcrm>O78#~ks6(oVu_z)
z90enHPkZ1Vwep-ybU9<IxA-MaaeTetz0i@A?p6J+G_r&FRin#?($*zWiv2#akE3_l
z;pOBOg$K5rGXQ`=AdcQ$X3HX1E?KhM&+xg#e*i(^OUV+S<)K^?EFVq)^T|>W;x6@>
zA5L5$cQln;AroCw^NNlS4plrVq<;8jrl#%pZyPX3;>|~p<@>4Efw8I{*~kqsFC@0&
zIisQW3O6s?iw3tuPq+ABo>SEmh4=g)NM5WkA}JBPy_s}WNRs!5O(Dq$uXQccyjiKH
zFU`ii?L9zn*(QS$d4UGcOW0buF?8>QUaaJC_pzUejke(?4NH$dR1&bhQ#Z*qyRu*j
zXS$i>#lQODG(Wgo)v^?$UT^a{Dk>`Gd4`5n!&IiOhtL2Gw7Q!0tTqPReHt3QjRj!P
z(4IYi#k=R<H~rGj)Kkp*vvu>CatMLDpV>0t;L7`e%tR{&$DBiS-%7G_iz}PV8%j+-
zJgfSThHUUY@dcK~&_*xcI%kNs*AW;0{VJJzFpm;!+SZg_+j>^bXR^|;EK?*Hd)0Pd
zj84;JpG&T_fxUTY@@8cX_;nxqLB5MWPHAAR6Xq39P@r!X%(ufPbH3@6mz}*>+O%Jt
z*ZU5tdMz_VJ8lpTF1;R6P9BH$)&8$kq<=Gs#F3Paiv}>^-gCnJWI|?O;^uK=<dYc4
zn=(rKwmzYizWW~qb_hMd0#xBFCKe#qv&9L9q@=P`i7bqGgx6dNrsfo_4;P>5(=RyS
zhXLF8i(UK8p$alS9cXt9b@VtS)6~5M6Sfnp5|^P?Wn^@6Rcm4E6gE(;?LLV^rz+0q
zp02<Cw8(8PM@swCr%%3#cbcOA>428W|8_ty-%*E@5gsO{FiFsTTeKX1Mo|5=ORWRY
zMw;LkN)3LTz}l+d*dMh(Uk+MZ_*t`BW-*oW&>SBBIBY|{TOO*k#-HUY`o)Pw{zCSi
z9;?7RJ0mkC&2_@Qu%rz-Gm2NI&5M=crQ3I$l4)`4e5Zk_JUrW>yivdZ)_vb4I7?sm
z_cp<T&fxGICrCc5{(Icp30HE`ubE1&PD47|OXm80>6hmRWpuS5MI(J|7rz%oUx$Jb
z@d8w%oRHMCO97UaAJVQT30#v?fY|5qu8>c7gkJl|DSfr{Z!rOw_J&$r`%(pwt3epX
zI`8@KEO7}5rzD^ITNSjaO$Q<4dQ$BG*&mw<bjQmvNpV5iUiZi|bq}G%bbB21yu6xz
zx`dB37pgK)is~$u^a3A)z(GNSGJ<TO&9nQC)~b_rzM?ea*2-POtN?a%$|{bs%gZ=3
zXS3~$cL*8)=~Zwt$9ZXUn5_Qc{-!u+qxj62zEu|C4|qFS7>s;>tBjtWy#+7J5rg?z
zb!Mz2Q|sFEhn;X|Qv>G$(L1x_<HcS8x_y9DyPh^?K4CVM6^cgKLh~X}9%P#as&ji7
z<DSW}$aKUO$G!C^7=B-&l0%sJTAWMSpNhY~EAEb>rc$a5e`o?{pe)qaxjKGZ<z&QA
z4}C`LfjW6BJZL1}`g2Phr;t<*?i%ND>x-0G=W~~X<;Vqx(E$K--1OZI*ykMq{aF_D
zVQdvmTZBLnD-a%$=jrQt&kKSo?t`K8?ilMN^*SpV?aMsSX7@HJ)??Z|qo4aRFU3F-
zy-B%$xYUu?oYTRPX5DfX*SIvPg>tbq`W%ffyE#-zOSnVe1L``XU~oO>cnK0jdTVmw
z(TB(NZEat>8q9=SQ?F`k0j=VjS|?3)=;RI;+2L}aKaRF$W|+#W;J)r+Q$3aWj11k&
zy}E@>nNHW-rU+nq)uO>m5|NrJb5vZ$vR}66JT-sNS|P-v0_=H$GK2yO5@z+g!?;S~
zwpKeT4WWnQD(hg#Z>=j}Je^Hx44|-3q4A6=mYhIq*xBM=t>L(w|HjQZkzEk|8e|t8
zH?>i|Dk<d=Kl(M$8b$;Vj1?4zjd$lfAI!$ycOG7Cq;~@_%e?jlE|x#TR=~ZD*XJz=
z;3uvt;;g6Ra<1%0@5U$p&DanzEYof!wBO)2RW_LR&RrTI5mHJkcuuEL`#VX06mMg&
z2|$Bk&TrxHLF-o|{D2w7CGhK^u8?-$d_qi=&2WK<qANid3m+lS-?#KQ?(I&ol#T~;
z!;j|5D9+@b+xu7j*>E>lj;>r`22ycOOPp;!i>90l8_p85x8?R<V1Ze3vpnD3tmyYt
zzj>kM$!o8j+pDyiv%z6#ixWQl+DFA9Uc4GF1?hm;i{C>0w4T}19r3(`>-)&<w8+Pi
zWCtTP4Ii8f+&9y39A`~fV8Z#nZ&Am39(8vbC^_|sY1Arw@iHb8C_>yX#iYgUvkD*&
zb7$6zLxGt3gk|uT@VdvH&OZlv+7i;WQv%YRAHKIL*8T8JFXM@PSJg&)yxx0gy&xZY
zt)xp5)^b>!_=Wa|vo~v#o^Pb&#CB|t_DPBD%t#OtgifA|=h$e-{&IhAurppeswy;m
zApM3%QqcQ;<~IWPx}HmOh3!q*M<s{qG(%h0kWWmlt+$@L8Rp4TXuSFG+H}WmZu6Rs
z1Ns#T&jxq@E6zP5zlZID6A+Vd392R^ASFH8u2ebPu{PHd%>;bhVy*r+((D{1Hkf={
zVVbOOG+wk9Gqs;nDT`^i@R+~T@Fi6{bK&W&PuAt?cgwYsikCbpl$vk9yLWw4fEYwc
z;!1x$KO%~)#-i9`{@wYBk%BMFvNn9&Gsj@DebD}J*jioFKxj>!u^k{v8hOCa^3KZa
zj$Rwvvkl`qXSr@Fm{-r}Wb|!7B<<cfpGHd?+(ki?jX`=9Z(0M}Ib_$?49QC`QM5gd
z5H9@<hJO59Om1CV)S-YS0MrT;>TW}Aw=F|ZUU6|qpLbX+tqKjJ&R4{jq=Tv)g>|04
z@8($sc|#p{CU6tgn=(FN|G<*s$Pec|eh(9P@Nks&6kWnpDY;hmD{A_VSwZHHCe|&R
zs`RD|a?A{nGtCY00C09UlQx&=hk%%nkPs!k=t~zF5ooONV$RU`O}f8>Z`~h%*9H8&
z@p`*xJk*gy%SJB2CTBjzmdklxadV;sPd1G=@Zs*jd;9kQFtTOnvL?ofZ~Rcv*arO<
zu*!eBf!S=#B<Wj&R_y)Rq&6tUh!Ci5Z?ldsFTQadAH2|h>j9vSPVo+L>-+t1z~W0>
z-PDX<HC@iOLF8fX^5gcW93MfM0=2ugwKC0?YX1!}Jv8Qv+>`c|nGx1XT?`0z2WN#f
z&n&Inc&1-c(KJwI1H)Th8pV(O(>3OxO>EEV`FVa!e@2v4le9X;JlOVHPk+DkVG8Tu
zSFV47Fo3wAGMJ_IxT%H(#>WA>>I)5ZZBcOcscR?T^STG~e5=$M7=eL-CX=P9$4PBz
zG|~u<r8ir5*PZ=X1XX$pDj+OkF<bu{=;xTRnqQwbF}WP-jBhBePAvlqpmcM2sakDP
zku<YV<BnrA?_Soofdh%BQ!8A*mXeZsoc*x{^bAs}&UT)Z%%V{#-nh<89SF+U*U#2&
z9re%9sk(2ZI*;KS0Sp3$)>}IOxrWQj%R5#TA`yKb9$c{6fAknN9=Ga1)G*ItelVvw
zHrrliAZ*}+EBjCKRgwxts_Oib$F5d0QA2>%%?ptALSzoWfSuLe$*)Zq+A(u$(WKCu
zu`_wrGJoxt$hDiFrKrgfvhRh!yUFpMo(IeNuCc#3q{Y^BV`+1=F@5@0|KWgq|C-P+
zukUnDmL9LBZ6}U;6<*{`N=#Jw>SZ!xBGaMSFvh?G%V<J;t1e$9zw1K1rKt!!I4+;{
z4)Xmw68A&Pmyr<+3~4#gAeA}Gw*TpE9sA0M66nS;n9p7QTTYtETrK^lttrYpe4y*5
zv%nujUW<&!VX1VD0z)H312^{2?%BL^J$9><4}x4yN2J=2Q`D$TGB-4UBCn56P!D&e
zwaXo6lnE=x$7;+~Uc7Z-a%Icv@$tvR$1mjlx<}^phw4QH3v@U;myS>EF)tZGa@-zC
zW&7wDWfc<s>w!YJBbv{-AX_3j21;$Wz1Bs_px^+CLZt!uvd41J2u<0&J2ZdJatO;<
z@xLzBnzfVoK=~5QzwY@N3=v)1u0MyOR$|I%gvzq1YJ=fEye~dZdAVlX)#W6BH~Lel
zMkqeEe-E@>Vztw<(g#sauknNIQBmIpT2x&<eta=qS=*5{z*Bb|e_G&_F5;~k!{&O7
zS*{-SCb&s8Wetca*@wMU>5D)%X0`%C3$b)V^!BBCX~%L4k@xLW03pdfvGk`x@S~gi
zar~0R9pU6?m;rH0v?X!Wa{ao=X;@}KdJjND9n`P93c)XE-s+smH3cS5i*?^P1KXf6
z(sv~s*>4~<D<kSHvc0%IlK@>gERD~--686eb$C2L`u=5EHz%qqUvoetr*tUb8Rbib
zqWS`)wb<#Hdd0w_7;sa`Q6c4t{jGA6iSH=cmBnZ_%eoLbm1jS};+9|I+AA-z?+)0~
zD(LDpWU{m(YYxWo!D@T={yW{McT7)FsMp?%ym-2#eo194rjTHd@7F!@UOa&P*`5Ut
z+jy1AV&`6YL@r5xQ#t)O0#k}H{Sh?smiZuw&0OiV@kT#>>Oln?(Pp13tNEQOlw-}n
z^nTW%HRlXqXn(#;p86gd%4f;ZYSKqq?DOn-5^}c1l%9E5C{O)<<IV@$<?+I@?aU$-
zZO@mxHR*5MFWi9E(fGAtd}#ItX7o6>K)TLHB{#Rm>2;jpvZj5v6&6&lg5>DDygc<|
zP4j?rg8p3<p3QKU|11U)(`Cx*m}LRNXdi>u+x~*@nM#oR=^e?-9A@Ba-BnrL%om0`
zEDmc&#o<NQQ6k`!iLx>~xX;bfic_@|hsXcP7uLg%9)0G%JzYoX$Lmb6A{O_Ov_W#Q
z^J^eVSXb<ZcCgKZ4O?yNXzgO~K)O2q#@8&uJo`MJTKs8Y((*yNxUEPVLQ$tC%{_O^
zJ*fB~mqkSiSz@T#B50ITNK8&py!F0IPi?`=?>4=a#Y#in)C8{V@bJS6Ja)~*zAyk0
z51Ti>isNTgS$j#qt(mGnS@w{cwn1OfG!;PPC5-I7TPlcfu{#w?mF6-VNfTOYq4?TW
zWEk~rxWGBNh*c4WNut+#BDx16Wv`P^(>Pl#f!YvUN?JcZDyEHLF&oyqd<m;Pm7UqI
z@m8en$Bl&|oa)y%W*bg90QFM5?*bD!*MTIqk%Kiq=2aTqPqEdSo#?F6v)P=P9LA~W
z$zM-Dihn;I1M4xLmTB9VMA7VR3k42VgYdJ<L!gt`^|SWzR`D$ca$tbZ)kZZvqZ4KH
zrBQZS083cDflog&r7IRSj*wAgU9Q16XM-U%wFUo!&J)p5JPL`usIeJ&H~v<NNBGkv
zz@0p!TdDMZxUcu<e_O>(x4X=p?pgcE6^;d)y%?DJ%BPZFB3hoBK$nZ;1hg`~Y3`a`
z0lv%5K3r$5?Y3k1f;;Ls3M<P^uS@{H^}hLH9t8e%>H&Uq+$$8Mq1oCrPFr8z=X**k
zYK=;YRmmuj-HO3#Pc`Q>L49<WEo-xi#m!?Vo62-9nbDF0G>*Q)a)w>ugMdz>RA9Xe
z>6bSF>Z=jKDZple&qmtll}HZ>GCf6F|Dt{*mE`HKXl##^s`5x+-=NyEm5X;a*Ol`h
zkPdyn&Y0a-&8{cd+fC5<27qb$t}5y7`mE#awO1V(QyxE42Z9Tn2{dlNWe)(+-+1wy
zB)3^kKaQjuv?Tr!HT_MHjB*k0%g}G(dOUEWy#qNu1u4rFQN4;u`x~(x9)<gsoBfV2
zPoL=y2zi{<zUu?%oqBFJd(MT)d9|+Kh95r!T^;3QWph6}5#^g;<oczive+B6<mCeC
zeBd#ir(KzvpKRn7)0I?B<}$IS56)9vA}FLeOXUTa?aHL{ZB?l-C^E&d;hoi54pdZJ
znl81A^nJy4-*h|fr8+gMUyIXVa@tj08}ROp!s%UkP_G%BoK$h$);my{akl8*y*c0j
zV(YoTBbOhK#e60LU*3okGq1`uKmlC3JX(?LH!y28H56-ocHX~~L^ue*`FxYm_DA!=
zkAHW1p0Gp!&3XWT4OW5UR&;ln1K?Ya!?ye_7Kibpe$Ujs-l#TcD86y^?kHT~-SW~>
z7V>?9A_7;M_}$6}KoD<9$#l-m!{OB4HV1(JoI6|yr`O_SS|@vP#<-#r-JdOtN(Z3^
zcMsfA$+zGkL)fF*c1}k7Y(y{Onm-iYysbH)LK(Q6NlT}T1CAFdK!Na*Wxe*CNj-cq
zp2n0)O41p*kuD-48z;jHpu0K;9j|cl-Q$;k4W{KuCu*7>D6l_G$>GVnGv;<nb>;`F
zoik6|ofpkv3NM0K3Uf)1QBYodN|A72C3IC7;i5r#Q#P39nSOlOx#JcT8rTU8`#}Iy
z!n*~o$@yTyxxi3e{oV12)&X%40=O8-u1E?Ed@bG>0Iy@B^qwK~g~$&o<VKT#b&o#c
z)65t1M!E`517EfXqy>+6+m*9jWX}tyGPqYC{X9&&e>>7a^z)uPTJJzhlnbk*>WgGS
z)0f*!$>MoCj3Ra{y_5SW?iwj;-XA55pJ1q;Yz75gE?rH|-=n^Ciu6nhwBiJ*hCyVg
zBAZBvs4lQ}WO|~Is`KhJfl^Y6gDBSFS*kBUFCXji+d0G&+~v340EA!WTqb{i`HJvc
z##v8~7LdgJ+I(%X(4sZxGHsR%NVl>s$qO4k)PkhX$H{yE&_LsoKi+%IWst)Ql@Z~t
z9`3B6EHN~NT!DgVZ-8tqUSHj5q)lhE%F%jR!svx+@o;~~4o%*7IB(kByjZ9nOq$TB
z{w@SSO2({(B_)G8mv1%fU|bvdbw{ip*9H1C5<A=drH#Gb)ECmbr&x~0rB=%Qv-W^V
z54;InnlPAziGFEmZ7(8&Zof}zCir+cnw3%OOs`NVbWCW;pZP#xCgTyT+;>F?Y@W?{
z_8W`Kf)UjWIBb_euN)06!$J`ZcbO~>=9}|s;(<;8yeIF2agyq4C*#=uR8=?Yj74e|
z*{@L{(R1FeK|}{eZ6m*8i{B>%HV&^Qt7&V4!&%VK<SeGEhZ$x7nvj+&UDch;o(ub(
z^tL%)hBp3mL_CA6SgjGUy*2hUc;rzUh(_+g-eMAY_kjdggzM~NSLtAKKBoxaAhyz-
z2E8=*QNnQDqVC~%`;{9U1n{h{<RN{sz0zIoJM%-q3G|HHHq_U3cqaW)1Ki(0JS_!)
zd}SlHODEqYIj^r!%)q~ufrjrJ)oo9XL{14t7e{$vzeV;NwIff~#JViaX&)V;eRis9
zfPl6?`2usI#Qd7@X^AJlW9%Tw<#gSFiSx;%w)K8nhFj-jIooJytT&^yIzGmmFy}Bz
zze;_EVKLW;i;CUP(ZO@K?>=-g3%=aiU~`H7wSN}7O(Cp*_R|3v5jA8y-F&+lpnUK3
z{rpTp_g#2w%(9>^wbOdENszD>&oN4oN=f`4L*V?Th+d&Aee*DP7wWKX(l#$y6aI7N
zzKRnaYW98lE+_T0z}1C5oTqypOUdF7dY+58T^wUp@2PGi!(uWwKO@WTQ-9K}L~4Tl
z+92~pd73IH#Qn3XFGb|bF2haV(Td|6t(Fvk8Go$Fku=+51XypWv+K>skAH5@JQ8D~
z;WyXDza=2y_tAfK7DT@lB3m-T5NT5{5@|?0q=S9@<br<B=knIjKmJEaY`h1F4JFbn
z(Ei#KY0viy#$Imod1gdej&44j*(n(kD}9rDZ(KNaUu7w@ZZlXbH_NsXYJwMJrQ%#W
ztqRb@cCYrI*eTeR#F--TYy(;Wo))%C^tM{*cuQ+r`n5&7O1N=%$E200{d_VNf)*np
z&LpJeiE6H1rrwW4RHik#Di3##ZT0_<7&9#6VvFP9ELvaK$bU#iX|0v$sttOz+g)K8
z96D303`qSH*>Auw2{v$9?2QMKM8ZVPoTT-XCD_f#hbr``W&vm?rl<HxoU$SUz^oSD
zJiVhkPGYxAI&NvQS@Io4WgWpMoCF|kiw8JgfTmhVE1;YdnhofWC9vNS9#5!$Ph>HE
zkJfy~_KSt|u(0f>gur9!^kI?s0pMdAo%TeJngW(?PX?d25_Iho12y|OcZVGydGJ15
zv$yy8AwW@_R1+8}|L<RpKD@{K80DK^*o7luLfxNb(W3bv9!m8!+u#P8&8H5orc5-@
zzAwiZ4$>B{tQi@zjZy@SydqIVmQ@cF)RD#rd?LxjMp8Bm#-F-3sRN216UA5ZBAtuz
z;4+9Eoa??x**PE}aiI$N%}*jYr{-a#5yv&l0&T50hv^D6X^y`hm^LLjI<<|#iqm}<
zd~R!C-xxHMy}>bN=!pzLOk+WMwn>z?TuHhsyWqEfv{AShGV9<0Opgt)@l|G8z+P|1
z^<PYPJ1ERN5YGAaEQ)`7ZlYKAtovfcduKu62LDcR5{~g=@iS|yJ3H^~9Rb^b-W9-@
z81K}|!4-=<TBl_LSmHe9;&6<$TQF*8-OKMweGqFEuizX;`eB(^!)KI3=xGn^I=nKl
zYN%+)uU|#<?v6K?D`-amw0CSLL1YnBR-eNHj00hmaJy{5qX1OItIOYWkdNhqNrcmz
zpVn>w%vs~|bX0CIfp4VZzkLsFi6o0YlD|a!NLtGigw_3C`Kg~$*s6Xy5zjU>ST@)y
zU}1T(1w#5wY_p+t8sU*}9+489%Izq5cXD2eB9;`D5^`g_Q1*#x+C<U`5dPHh`w|e(
zvkbHL>9KEL65a57^I$~k*dZT-6RS~h^zi32fliz*?agMX`1#<>{4Wl8-@hQZi&Qwv
z!&hXySNP?xqk>NRn@2B$I^R1<b(0`_a!Badd*K_`IfJ{UeY|Fr_0a76e)ZiRY<{<&
z<A7p*zZk>iC*O+NKvQpNbCW?=6m{jpB7Z~nI7p#Yp>eH1siv^ObP|y(-*=lPhvtUP
z({iCn2AqB!h0pErS+;Oaa$6~%Y82;z&b+Sd2%cpgj!_APw5)Ot#-?0zTvU_X|Lrqe
zSrEq@y~xhknV~nJazAxDK^s-cruBY<2VIYB7#^H&mdL!7*-OAv8<5Y1MuG7Z1%k0<
z_N$cv0R=N+=Vtc(%Xe%Mc7~%RZI&}F<Mo?fcQq<&=-9subWKLGD{OC)$Esa}tLf<C
zMIxUdM?66`c<KWHFtirC-FM>XnXdwfDm6t?5b}CRAJ0_yrw=K4MDCkDBp>Xic8c!y
zj~}PAJ*wxiUSWqD<N45*K@_+hHs6Dal+TJffPt^!M6nt(peXI*$B2kQ>;sV^E`kSJ
zeM2p1>N=5wh`&>kt$Y9W?Q`EUWN!%V%*8L+&1fvRvbK}&XBXM+BC82IR*{)C+n1I6
z^@h<Fgg1rR`8~8r5#Qm;OtuH>13!L&EBjUd%C!a?(`9X(cJPGqDF*TX{^O%5`a`cX
zNFh(Q5nbnOd%V)??po8ypO*mm!!r0v#YMv%O>G2lH^`a<)ThMcyJOj_v9@sL4TX$X
zA;dN7;o3E}p)QvOO)gN1n2jCla%E#Tv4^_LD2(yxSNj0>70A?r=OcW$xT?&!55<Gu
z%w)3GG)|*<T<X91tg68U5+C+SUUI1|#wrzOD{b3XVU~hB0(OUL>1p=ev=rEjPxgY1
zz5<srVPZgz5G2L;g1`vhXd?ZqsDt}o@APjjWRUa(0ep`n#=*CJKJ*}d?#+{XF`!Uv
ztJoTpO~6m*`=Hf+e`antDmB=M&(#<VSC&OrF9Js%!Gb*Gs{(^q6|?=-^E}>);5T^L
zmUEY0l@HqAD(s!A$Ak)wyERUP(th=b)?|y{|5}wligV94Dd|Bld9Jirvvj5VanSi;
zNvXkksqaU(>mMt$g99wxt{tRDAn{LD`H!Z``-XErvrD1c;`QK`y+XU^%mp<4&BIHz
zwdXs8w4h+j7r0bSuaqHb2;drhszdeGhX~#V3mK=>S5OMTihL5#e*||W=onCv3&Q>7
zCs6W-QS!Dz!xdAYdUL{rd57;nrP=y)gzI^slB{geXG(*VS-ZnLdY;vl&>1`E)*&x&
z<HzrTM?2p1+c1s(J0pn@1d}}3(Hda1AeWGkXt<66l<f?DilHJXLq7S@_@VX*)-1;|
zI<G{Gu||@ZHSe@O3;49O$n@wN;x2HQE)=&EdI*2NjLcF$lxOsF6h=`J2PiW}t#93f
zi*G5IoxkCzloAs_<0UswdM(y+t>!4+uv_$6uuIE5F4vSS;GGt&@Wp@mOpk^FK_)L~
zDD*d;j2#)5>}txl==I)coU7cNF^od20=@nQXEv}K_bxU^J}~q3FPN)5HswKdys~u!
zW{p|bpLfKS`UD;<aXDG-ipoE3cRg-!_xF$Ki}9tW=<)4UNL*>Il)kpY<+!T?DGzAk
zRn$Y_`pQVlz_EQ&H+DI8p-rNjGr86?6hzjuGy&B6mGMdGz!P(&2#!+9kjp&CFUEE-
zk{A71hQBf#bX=cI!(j1FQLOCK3W^+?qfb#~IxRgIl;XvJv)Jhjew=DBs<Tk97df|F
zNH0hNQEPsdrB_sV7yq8Y5EVOu^eUP;R$G~B-kVdVmPj(vJNlxhjK>M;{rr`oBbF-R
zqpSXkeWJzMg~iB1^}mmh|NOrP@FqW@JUqGN|NP(o+pz0X4}_>P@>}z1h@V@g;r}5*
z|2G#9$AohjPI#~4d-i|x_dZYHsu!`IeAE7WbNC+-g;*X5h<TZs$P-`xIVJv&ul`eL
zf_wbyC+J>}G3Ed3$48h%(C7cpr7tyEC-T*(=ojC%M*Y1b{!iaDAoE!tNKPDyet+24
zRn(UGf3tvXeu5`PG>4KS4@vCSkyP|9d-F9=9cs107*xW2(m!kRo#W{ZewZ^?fBIi9
zF|qNRo}z2Q^k7jG2yk;#G6^++Y4;Ss1OF&c2|N2g7X$x#8$QJpf<8F(E{1yq-6Q{c
zl`nvR>_YZ8Y4l&;5&rZAju8by+93Bf;LrUNcL8@1#Pr!n>~AwiLyRC8nCV-N2#=g<
zV`#CCi0Cs|&hXL$c?g~gumN9fV&(9^T^o#Ve}2q#<hLg9B$7ZpBDRbi2duA0|8aHn
zaZ>W6{`STQkyj0URH8No)DJV;p!zeq%#UW=g9-dFvtM}N-`WH5AbL*`9Al%&Yz=gF
z)%6UqhlM_cN)o6j%7I&w{4LcH^tZ)};HTHXi%*kAh6G_!ljcBUq5;5_WQ)fYIW;x4
z6oZ+%dJ;gl=xg!3G1v&R1p3lmgKO%#AHmH}dB5s^dc6DZuOF>V-l^aJZ&y^DI3DBC
z+T`HM+WmsX0S(q{ou9tQwmkUU4&v-qmvXQ0zk@do{SbgB6aS9dBMBJBswvz#S4tkq
z;p*Qm(iiyl$E&1K%Dj`pxM#DRC#9#O2>o2@fk3TMt4S_j#S1&%n=zP~pqGy||8uSH
zDA;6=Rf8Zt((er${7R#^ze+fNl4ZkpLGbv6FvVe^W<wz+qdaK_<4xMC!Bn}f=P$?V
zc3+6wGvOCOuODxoSQdWQo>O*;1vt|AFJqXG<|pE^ZFf?q;e?*JCb)y2CUmZ9f8GMz
z)Dh2PMlxUn-U4jfPVG;A`YUe}gpo$5obi<}`k@030<^BPuPfN>#;~-SjA{TmegTWr
zl5*m*`6s$hnc)5;y~Hn`ueuxF8vT7Pj_5#M1$oK|V?)fwis=CcXTN;>C7?r6={6oz
z?pXV0S-v6sLV8?hbYtKR<8SCC@cn%;{EF)F33L&_e!=-?rQ2LkxA<n9$x;w4_(n+M
zsPfP6t190<CR(3eQl0dUDG>jkdi3wsy$2WmxUhw)IJiqPwn#D%gTk&0^djF7;2T)X
zmh<bBJ*d#q^%QY@5qRlE_IQb6D&P`o+RReG1$$n>U7_N{-gZh|VR^a?T5);klr8Xk
zk^H%G4;an^Y|Q8#CkvNI(srJV>n5E%iHu37{OLHJ<{*H?aD!c9s&2-bsP+H-CJl&u
zgeNYP7}bT{luO>rNX5rg`l0lA-@NL%C1_d;KEpHY&WMrzh)R1{2x=-_9ZVNc^fORd
z24)4&J}l@bY->M+K#ynNc%KsfSr&ZRHvRznOVjde;3beCkz>6l7NMDp%gljFk)(d0
zmamP{-sPL&==EuCGJJrQR9bhSNJ#Z+KA&W?|M$auPk53(`8rEa7(<*B&Y~6BSwb}f
zUzoVy^G9lMRbov3XHZZa9c>OR(T>VZD&AyYi`I<6;KT#D>l&N{k4w)1=RZ9py^rwt
zg#&MHil%m6<Eorw-xCA5K3&`jn+7`BbE`w*;<h5$x$CG^1sDHm^2IO!ma5ibA<>fr
zctz&?6B63Nua7nrf%@pl44hbLfCYcS5SNmQh3k}*=<~UYib*2%qaBaYGo+Oqh$G0c
z`Lb3jsPlX*YO-)j(SQ+N8&5^jti@MBaL%uzT}5^;95Ico^-plfL|;7NmM?|h`3N`s
zM&~9p4OcPZ3q?dy5)Fdml0@IUfdtT>2pYGbp`cNY&ou_qiAcrP3~LHp>`jw+%iVvD
z;wXvbqkX`p{w%)W83ZM%IgDl0=AUGpmH1z?2v=ZRAiYK(z?Rc3<TdJlpUC3w^hsHu
z=!}m(%$kI%&Wz%0XFUEGiw01d0ZwbzFxaZhIleh)g+dzavvmWPk8MU9qZq%n0BsSk
z6CAhNRV?L2P#yT|H;7K8vf0!~CrK6%%9R&@<?8&`as@mt7a_M{8V&NQ8Jy`Aig+GB
zTE0lBR;A7~Ikievi;|_CozezmKV86JW}Cv!quWYBkV+;O!lrpFWv1l%f%%W`3Yq}s
z9kAY!MIO-u|J&=$)pog6pe!+HL50EV*m9}}yTQnVSGkatUw*rG3j<UW4@)7(!ybrz
zg>xS1>xTjr3qM`DkyL`mP5iGZg;*XLa^Iz)kkQVR>!wj_5w~-rnH&Kcpz)NeF&kf9
zPqvCxuQ7kVW-|_oPu34-FQ9rUg@yKRknr-nm7dvaoco5YP!0(aby#M4f?dc2eVYli
zSW7_~vI2Jw1)2?&vRzm`35oj>va)eRfU>~)K>CIo?*tF^VGx`A`k(5f0w`}(EL@p6
zFnX-u%73V5+}kP?dr)u{kK%{Q?h_9b#YJI=p!E5t-mD%xI7#W`z413oR;H$omBNXg
zyFu&K-f`}27sy4PXrr>$q@Pi_6+#71dFrb116ik(tZl=wv?-f6gID;=9tWD1MVeVZ
z@{c<uzKrIWLItT;5>HLX&)`fo@*pwP%Ab`j=E$m)EmVqr-CNU@Q_ki(sTF`)>Ma)B
z#f|7@XuLfxDjH|ery8!cr^<D(>0LT+C7Fc&YsT@}B^LCVl;4&~VvTh_*rW18!HTk+
zsqI_sjW)bbKQRD69F!Oi^4)AavMu-PwA5(=tq?ammRPVKTJkwjOw-049)G4(NUluM
zCccLHIs%x@Y%IduT^nzB6%QQMntWPvdp>i(01Db;01CPd*WHS4$#6oxY^8#c<54+*
zcZznAc}CKY_jD)<6n)mS2|@4}iGpSd{M1@aiPd|yiJDFdj?@YtTFV+~>-J*hHcBo6
zAwyHmi{A<rsw|kaQ#=D+L2n*3$XdOwe0J3<1ZC!~<;pKf?SK=mzO(`2S5)rjyO98!
zi9*m)6#?UW7!aw3k3Lz{UTr2aiFhED-*pAh+7IBt4|&nBTGR4bzazdIEN1LPA@J1x
z=^HaV8duOmn~K0|K091d%37*9^4xgvX9x4?P3Q4=QHKH47dL89^t^Ks5gCZerCNh=
zfEF}xZrFX2XRJ<dLz-ZgXz1!CHhs2IZ&aoJhHRpMcMBc3`u$`&hg`(JP5T(`DbR0f
z?E}%MM1BnCW9SURiZ>n2>#MJ@?gcd8zs|#r2V+Mrb#uIMn{_3oV3R4mzmwZ2{a&ZP
zo>_6h)|{hUqRtFZlnnY}sH39ndTKDJ(mkRacy92?;J>!-#cO-phT;^Z1_E=#+hf{n
z&ztkoJSX6!)~O2p01M#oMSyzu{0d-^Xs&eHZ~XWe-YY?sY7iu-RSG!{a>4F~JXS1i
z=shxUk4SvUR<AqFPFR3~LI@TV3mOjvh@}R3ue>;g@~dGkzvt^sqan8=Qa(+0Ep?nr
z@LYAqa#hx~*WLHqMP;{PJgwhoZX)i}tQT53ZW-<l!UYT#T0CLdEtbZFH)!|~d14{x
zx3wY|3=OLoKikmT<pdt+Mq|TY!aVj`bkZYjkmK0rZ)Th~iSr!y>D*%%zAtsGXld4N
zXje;G77QP=HZ+>kUR{k|7_Rpx+5v-cNr1vHGuLu${*`V%#-bKanTC3UwZx#-7?wm`
z)_k3m;<jBdvNS8TmMT$YFut2^_~1=jd6%O46vKwhW-BMYFVQ&Fu$VW*<J$D<Lfg8?
zYW8@YAEO5aF7OoMbieL>--*L)y+2zlhz`QFIFVn{TjhKso_+2vS)^>|G+8Rz_Hd~m
z-g(t8V&Pg)P{8bRxL6<G4QEH>v)uSL=O{70uS3N-8d={z@nQ{tI7<RYzxMaGoI@oO
ztBeAs_zR5GwnlSvr|z$J%GP|I6MjH7aG&#N<-IyrIUYoNV{i}zoDMPIsY0=lHoT^y
zNrDdAn`u(9YTW9w;EQ~Y_=?r>C)`ap;>)OX?|W*Eo#=c&mHf~0PDM!jZ9kvA233?d
z>d_YjFV|U2Vangm5^l8zGeiLbc$aDnw})TRR)IV+xR*zGetSH9sjW&J@~6rLa;hyk
zx;0Md#d))wdWubE|A=c5lRmg#XN&7_tPh)xI7@^5<?P<IXZKIc21nRJX?OcxNFqYn
zbHo=BK&{^sk(Z{hroI_=6v(|bn<Xa4@-!@P)^s%2zbJ2G<<Uk@U_5KZRgK^HaK5kP
z$|N%k^0F{n%&LmI9CZ$hW(V+Q@b8XpaHozf5JE{wVLOdGrO`B?!h}on$<k;*pind=
z?y<(U!}c)&hBoTw=K>AYN@^SzT9MTupE5lVP^4m47*E2}-Bee?FBUc~l`ACVs8y>|
zcBiU8I~6Ccabipv9br(c0@zX{ysIxLKloi9JjqTgBgtffFF)K}{dhI)hf+81lw55w
zH6lD!Z=3aE?Bk{m$w=kJ!Gg8$>>DcSo(PZ*;YxRSJoPmm5d$#+;z%$Stx=}e{gm;s
zpX~NDdP3RU!8tB6PMw2VMOj|Z9*pmR_i4wBRWloHQ2zvT(4-m70IX3MR;Ddo+QdC~
z;c|EVa&=rqo9*m+VVi*2atpg^t^$l;s+JWp)w0xuXRsATVRRE(w-7xTw;S8q^6>e*
z_;g~J4fjY+8d>K|Hh3jGzM0$g$miAK`WY|{a_&9qd$trEE`Tk4O<^Zqy%TS8Cb4Rc
zQ`Sf^ax#6DEMT>(+UlhMfeB1|R8<X7DY#2yHwwGIv{$?pHfzmGxAoWbx>_?TKe^`j
zTn^(Zf(G9pSA3zP`rK%WXX-xgX?GKtldaa#n0pJ%w&cq>QFM>nWsU>Y2}J7;znR&&
zb?EoAFZc723f|if+u^c^m5_%Lk?`DydEK@dB#7Og4qYrM%9`dJpu4XYkO<k$sV&%U
zXxT0K;Urz$F&L*NmTX+yqGo0Lse?W}!lexQH-{4o<*Xo16l2R{iCT?`H@4F;=^-B&
zF|#wd!Q&Y#rV7O_wu!u3coOr?JW8k11X8EAaw(c~jgE$2!kE^f@p3p$xqSdagS@qo
ztlc*c2;zp@xAsEI5cd0cyi(jjpFgphcmv~mUR#m!fI9PKAc<MEZusnEUD>W|STWk=
z=}~C5*>JmV2JAOPtBX#9fIUqEUiDD2y)}101D}a^kEq0|8S$RS*8}f#li1#1NPjE+
zW9F3;QCX=pY%~x?&K5`@A+Bsft6Ut>D{zYr5@Vu5fzX8$c_q*RET@#acNc^Eb4^f?
zik2n!s$!mOtbA5`Fy=Cd8i{;+OoB*9t=6JoHYeKn1>m9$(SodSWw|(zxTo#giCKmh
z-Y3kvjEYqy@UKF$a|oln`B5243*4tW6tbmXPPN<`s|g%5zi{=RSxQN`1^nJ{FNtkS
zVk}Qcf<UlPwIUN2Nn+&SExfB~zsbU)%}_Oi-~PzY?1PrOi8b+ShVME4MF{k&?d3}i
z#_6%Z9`ARVSNhLBhR;8~C~>a8RRlEsXtxf8uC3V-o3#})U_hwzxZ*r%g8>p;qO3OV
zVfW{nHa`(sJU$^qZWFE*@aK@a*G&407y8Vf@vbG;M7rgr(c{$Q)1l4TCj(kqk^mJ`
zui@-_{oY1rvf=);1FaKPL4DEJAPBmsdGe*nvT%WXRqhMIt4t48?<~5zHI1q3i~izP
z6T0EpC(7Gtp6r@lyHW1@Ei-Jg;AyooFyGJY=ZIG%E;9t(Kkrp-Wd1lrAi_#YoERxz
zS*mBCFqVs<ak5<Yd6c+guc;+N+?h=FdGfe#Q85E!++?UL1)@)(rMq}AVRMdkp880Y
zJ)T;<O~&c?$D2s9QJfjsgeuuXn6Hg!R?tY12&gKQb8x%KaiuGCZIsA6awE4iszDn<
z@o@KUR<Bkfq5I*q>A`DjzB#}(U~~8`MN^C{5*`dxWzkS2n<n7cYTTTaot?=%RIKJt
zgQ1fQ+AZX!WxgeLYqUK8rq;ke2y(tZvlEnWQjs~*(qZcBwOw1HVR$`8L;;%H`bA5A
zT~7sTn&H|IF9SEffOEmQ6e_u6!Ka9r?0N`G<Es02`;~YH`Iq9N<4=U<)!P$yT+|#O
zpoLzpPRB9Q){U3FX1>?0spUBw?5s3exQ{sUB?w6j?lM6D=YIycDmgb?a}IEgF6GyT
zzr$hYfVvHSMGtKx0$ASxgN0(PywpjYIeKFti9MRK?-!!#aN|LXyJ17)NnhdTZ1LBM
zm~<fq#y{F<dA6!7FnZMC60uw;it5c{gCKB1d*^rAznShy*NQP+5Kv+*?qs>I3>pAL
z3H)*ag;{|~zIuzWjjS1>l=%tLg=<%$ai3v)jt1k`n(}r()FR|zHPM*0IQFQ@<f0EZ
zD2_ZfAt){Ai$=K0Jr*|WKAtwuKdkmrb=>>&-CwRKl(;!2hr*{du`IOdw+M6Tkd?hW
zRN~FZ8soom@VV(^*^Z3_2x5cA6b=g+9n4M>W@=5R+EdlH)~2o#2zD|%>I&65UiK6!
zrJAP2F0$atxq4g8`|j{cSF79N=JhW#R2hXm5_jJk@#R%0hfB3H$EnPIG!TD$G`ZHR
zK$^oom{gkh9!2DKRO%#o6IAv;O|Geo4GQR;y-Q_`GSXtes@H}<L`16c>m{NobAPNp
zqh{Vr_Nz3QKd5y2Db2N4$TNQQ&F(+601St?WU^f{PA_7;@2|wnCQIoL`ln20IT;d8
zeTuJK^>%3!gYEi5Nl7-=B*=Z@tH2e%VI`BLf<C?@wL)UlDy0x|Dk^A5fmyHl0>6NP
zD(jT2pAH4_{&X$KOP-PS5P~tdNO>rk4aC=`z2|!On=qdJA%tSwW}08o@|hc{fR$m~
zxs`i8Zq9)~l`P1M07m0GEoZg(tqKU7CG@8Y2+%}KjulgC6=vhHAxS3`+UJ!qYSSvR
zTch$~9$i>eEn?Ze3>T&YRmL<r?ven<tf`=qd-nnQf*A7Hfpmx4b2snKX43Z4deZv8
zJVg_4a@yNfx!SFgTLbtc@m6z<y%pVr=I3SF59xq-0?tT<z8Ke4c66xg;^0`$c)IuX
zf+pMeb>~rc-4OD4l7gh?uY=hJAwcuFSh7Q+<u(-$#;oJH*nGjPUiLBV!%2uw2nL0u
zSsITaEM*D+&$Mz@^_7P<rvKoVl*du6_$hn<(AD7M+EbollbDU=lK_WZ9t9#TQrdNe
zY*9`Fy1@v~sQ<+506{=H%4V>BbLNJ^@Ijts5g`~9fv6SmKAT+NGcd;f<Yxsr5;Yxf
ztP%8Z+@Y^a;O3@cW1%(JF0+cpV>Kb(nJA5AyY@DxM}4MzG3Q>EK2DEHHB$Nd;3-?j
zE1X7~lEa~|Xo(9?S6BKw)`J)PITl<xyao=DhkwsK#r^^}IG1R>Sn&c^v^+~Tm3ySv
z)t(?mD$;r^Ry{{Dw*LT7c^@|z-yUa{o3peS2PGl_aXx1KUERkH|1Q5(8Z5$r>phOC
zEV{3Lg`gryGOYnEA@2*FC5xK%z=cu>dz<3XFPOqjHVjd5l!jt$HOVmBAkz1E0d{vB
zUHXl&(*0|H!eQlYvq8?R>!@R8o|F65(2q<ddMzcVJ%RVFC9@<CR^lA4P0QW_&|I#i
zIZwnUO4uEcK(M7}$BIExe&K#&v2EOHl`a(xvM?9e9<w2I6U9>|>n?hEJ4*K^jNmvK
zg>te)V<TjJ<`tw{GM2_r^YUjXpl4sW^>BNCbAUUYIqA^i>)7Gy)j1xuz`iGxQM#mT
z$uo+uGLkP(Hj1s&j2O&Xj=nTQ76;E!fT#LhoaK!y-<cBGIb8{42u&+vZ_nA%`loLd
zYzf8|L4Tb@mG4eaJqfUvk%j#RlGs>8?&MU6p07Brs~O`$zdvlzxHL&lt(O!k3tUvz
z&coag_03nf1yZ-#Q`1?r$}Jfu2h9mc8{)v*Z+2%7Z$-Ua7CsDW)ueHGPP5h^rrbjU
zc!r6TVs^1JEf=g@S5H0vwJ8x=WV2tFHeG0GUVMk6P;u?%xerTVA}h|}<;^-2nCC&;
ztTF?R+^$?46!=<eso5dEukowu0#wc(&Izl1Bhw_NUbmRj%(;U;z(S7yoYB#ihpK7N
z{KjxbhAKgPkK?nA-+6$SgVr8Lo8_ovO%EDvTLzt$sQm(BobdtmjHsnHQLrLlEQZ)1
zJ#?(r8y4@oaZ%^HkX%BaHH32}uj?bRR_68^rq-U<9=dozPZT2Fv&l9IYxQYcgw>X6
z$u_bUyk85#idxe+?+dV>kgTwzU9F0|fcCq3L-TdzdSFHy5@m60*|Jy5m5zf?ulCbJ
zuVIyQ*$+E6$d%W5XkTM6=k{4(oQjKxIG%bTIDnkNM{hLmmu8_e>t28wwv?2NN|6)&
zC{erK(#5>zWC%h^rsb2Br&b5+-Fh!-LFNT{D|-~DTE@XGs1F~m+$WDelzxE>Ex4KX
zzbz<5t(kV-)VbC*H5=Ys@OwydwlL;77;C7)&pWsS4hmwvvxErgNaN|=HJ%+0izUA4
z>TJ5t%?uN8DXrn%B4=TE_3G`6mv;ByS7gZlL)KRZRlSDYDqRxN(x4z+(kUsebf<K8
zgLH#{bP3YkvDv_;g^eJ&>F(~1`{SJNd~@gC8Hay#bOwCaexCKLfJ@{0>zK|tvP%sZ
z^^!mM^4#xLA#xaXAxNVV^RN@dZ4qS`y^9pLsQ<&%jGl>HO>dia`&$KFe<WkU&A?4x
zpz6w^e#@Ru;xvLir}02QX2xkF8k$9{;-}7&u|r)&EvY&`SyK0d>5FnB<C#IB(xms3
z;oBKAhS&@U<Ci|6mApn!yK_qnDx~Y`M-FG~oX1WIGKofAM@#PFQRcC&&m7(IbxtB?
z)ARcOe6w)J24>&AH1lk=3fXr%-XnUop3u$WfX)Qi%_M`&q;ZI^<<mkE6D}YikR0&#
zxdYpLEkmrbVAPeR+qhlyjbmpQJWVsFmdzeV(2sfZ5%s$MXrAqxkju8p>9k2)2B9md
zW`k8ynraW^`>Se?4LmzN-wQ4?jv4Ls+LPl5)TgV-kRd!@OGhMgV(jdX-!?IFPlNA<
z2n|S0k)WBD)vuc3wz9n|n<o)j!1{kv6s!yON2QSm2CNonHHpgLAJRN;sx+$F-<J4a
zzl$P7WbAVFe?WTmC+cdfKu$N#nGRrw-Qm&*JS;~^o^C%iG6^&23l%zIl}tCAhswT-
zgg|$a9YmiV%~nVGO45j_aFNg`C<LeF^8q&^PpxW2@PcR0pMz${wXfRWstLa5(UWut
z`Bru;R%e|rxVLwHGAAcd+Ybo9O$8lQRT9Bze4Isho;zqlM+#?~#;{HXIG?yyL{<Uf
z;G|HZ@U}vCd*-|1RtpS|F6C{4ER1%!Uh@r?pCiO<kjI4dpI0qFw7`BzhwD~xiI=9i
zGtzzE!!H(r*0RrJ8;fo|3b~w$c5`luyr3+dh6&~|Cfka)1qHHB?W-J&20}9N=lCZ9
zCnoQX1HV14%CWFhGn*4Tq@XoT;|dS)(g&eNMNPb;3f3F`hF|Keh7m6FS{}?BbVlyI
z_lIZ0t6@4Uz{LF9F_xWTmKb%_j!nDm#XSqElV6>S^0q=nluq~$=*_My{vmjw%NT#)
z6$$^u!RKjT2Ycs@Bn??p{8%I;d8A(kq}Lb`m%3RtCq8ZKV{*QdA4LNPU;$Xd#g%J`
z9GZ0XIP9M1+rQ${c}4ah7XoYj8RFdbn#|yKB?^)SAF079)_A{&%X_%-R^PbGTh9{l
z4=|3|+vY6X%Pj9jPctg{WoN=XAryMn_UqN3BYLa{0-8cjr;id|`T}>aDR%FykoEo|
zd}-laPP@C%Fc^R_jA3F}6tz{gNYOP}Ba?F^j&2kBp4@Et_2;$N$Fr$s^gC7^kXr_Y
zSj@=@&e_+yqPi(gA2mGG9*`HLe>#B8aA*5JdbUUs)<7bwIYn(E9)BC-YaxbO9O;;Q
z4lfzBQurRi47?R8$Cu2StK5;8s7ddpbQsF7p)GSZ-WAA$&U+?5F;PZ^t>yFB{HH^^
zUZ6Qo(;quUX&)W)^KsdhtdAp_&Yh(sRGl^ay~2OG63k#BfMW#{E_uQhq<FucHRO0m
zKdeTLY#`d|*u6Ze5c1B>SP=rA3lj(=b~oEB-J0oIXmASTXvtSjEh#j)ljVC~=ORC>
z8o29GoIOT^`=ZG!@(Kkw+qbq;F97$y4_uA+?IPorrT-u1Wi5y9S34%?cKzK4(8ybX
zy>E_5K=KAF{MH7;>8(o0`c{^|AJVX*8PQWaV4c^^k@;od^JPiA-JQU^kyV3nS3}=3
z3CblqiU@OFM<u(P$wmL3*_j-1m8eK2kSY$KnI3><#VKd*wc%e|4RgiD6eaad2a}V&
z>REhHSm2^|+0IXHRV@d@qmL9R#fvj24n;0A9FGO!8qMRHkl4=FJNABC@`$#dT`n+)
zt<UY7tR_M?;ct$kA=YrdMCE-nufh=dUl_xAhOrCS(u89SwG$8tXqE~e8ETvsh?rl@
z;xp&_UNXVt>&=IL&Ewjid9H|Q09xTQs!zPEYTDl!wD0(n(0N<CiDz&yp7d7oJhbcW
zk5`HT8c&b#L$c=HLkGBwWKwZ{qa%UIb<qH^{=oln>Ej=QFtloq(;nQQ7$`dlYl4dh
z4w<k|bB!p0{d27i76)UC$kREl-pi|~3bWrMfP-+bWy`=&Jzbd3<MZ!k!B4<tROn?D
zTvd12rR-ziPS6Fi+Y_A}ok)UyvoOhC&P6^RL-wI8+XjS%{&VvWzU22nztS)%b-aM;
zdhmekR=$}Tf_@td_^-TMxAI>aED;+fTFh~C8-VLyx5p<I;&l2N8ii*&6O`l8rP<z@
z|GQ2a0X8hyJ{F<Dh>%uX_N7CGO4IP0!|ni;c>Z_H!p^QqRJu&Vp+)3>SEB$=snZ3_
z<8MOhSmN`DR4@Gep}XJ6;nYb@ASjHFR6U(;%njGUAZiGy_44v<!S3rbdDobTZ+obF
zitpjecG*jUC!?#^@peRi47^8vLgiTrSJ|7)i&SOR`b;~t^!Dih?eLA)20+gKddx|C
z!B{|ezH54`m`d4s5%2<sz~4a+8*U+0tUN5j=Dg`Ul6uDFUPCWeLn0-xn^jrDH&1c%
z9<k4(H`@a=c?k>%*H=c1B0xbWVEVq5?K?$#7J>9#<HOGPmrOtN4t`Z`KB_>!BD=b>
z?^;2FrZ@2MS^333=vMExHeha&{~CE6UQ>-muoYJ=#Z2paKPo+3PBYu*yxbW^o&fZL
z5H(ejsEM{Xj?+5pl{cRf>g_M%6?yV$cq<(1A{c}RP)aP+(P@ns<@%H+2T(1R=9aBd
zt@=1DLohD-MV(Su^yGzdCd?@bcqpgA@QC`O)vg4a8~2$zLAKJ)58w%^S!-ei-@q(f
zTA$~8mGksLOBAY)AZ#JKRe#RC8nnLt@b3t?MjT_#?3YLt%A6+_UwSJaWJqvu0GwO6
z#8{!^BcLz}Pl>@4R{!(tzvf2q)FB0t+Iw|J!@#M6V~QV#e)f*QGO)pu^lbJpo?A7%
zu&t-{K}sd%^Va$^;N7YK)Q9yPl2y2$y<-DMo%WrGx63|iGVlJ;t+t-Sb#bGb`LWZ|
z>?xeT|AF860wuPz2v*|oHH9mL8cz_*!6sUpvWpsnghM6nvo8kg$Qzv^!yFs&&fgO4
zBAF0$zJ-~R*bnbDK4oWvq}1&ea6g=N&?)^;6Y;}7_h^Q<pka+AU%Mg+Z43;l<u&u~
z4#gr#|G0er6ZDEtu40HfzXQ2E3Gd*j3q-Iep7lTlJoU{CdmM20>=p8luq%`Nx+AP=
z1fQpe2cO9%>fG)ymHP6aO(Eo?v2E+l!2|_ls4~%(X!CJbRK7`3?5&;NXn5lZ=E;c2
z&Vk+Jpc*LEB$)Ndg1ff#u~88V!{;+#r?6@VIl8qU3GnHdJ&xon)LM?4Ik#nv<m2$$
zodFp|)6^SNb9UpsXep`I!ROmp0bG^wz7!!TQSDdr2ThcH$vd>igR$0I7vvXSkHX)+
z*x)g!YR<ZDzb&|En~42lT<cIYtTmL%Ejia0@ZJfkt6BtM9PJZ2DYwj1cUtH}XtZCV
zUF(bGq&otzFL<SIva$4I;3+@(%BA0y)WRhy8xrJ1ghy=tKj~B_Dx~!I`JhZ4P0T5~
zSuA-dfpLQ85kv8m&9_lj37Q`-p=pEFub|lg0{7dhF@J@OrccgMx=s4<O$)@Al8oTN
z?;nE&@|fw0P{GHmZWogpcNRX6H|D45mDkRZRr?>C`FeUdky_{!GmCLU{AB^3*~La{
zN6mbo2ewmZ+e$LCPE1B5@SRzt<w<-TPEsD`$b@4pANscUDRojB0-63nui_H&*UiM~
z>4%E;O?i%C2uwxk75j<d2BI-%1|}<{qm=%BeSN_yxwU1f^h4^guh;rG1NGid*3$m;
zfj8iFYQwyPqMR{}k)iAd5e-HoT4Mx%?IvNh;ntri5yTO{p^>fMm+O>-rv{b`Xx@i>
z0mj=rDnn!?YMC|C?N5uxMR?2_(x-$BMhTUf{Hm8WdbGWa6Ditchdg(fhcj=(5_n`z
zWd96ZNnm@dq&;l^{AlKYJEE=GECvuyW>UYu_G&obKl4ZmiyC^aNf0hLBt+!WD9O}w
z_fQLH-=NxkHiUYeMw-?l(-Xq+g^=t%IO_GiqEO)$2@z#u=UXyb@#@|BDo`9#E(<06
zziT-}kmkk?*#n!9v|5=UXbeT2)VzJ00%el&UKH|TlFWUP%5|@_fS&9}yUc>k?2A3>
zRMpTVxO?sn40MA*q?fpVstrHu=!H;8@MD`&Z!L?&%kvVj{#eqqn{%d=RMzv(-Fd;m
zcpOMVckbxm-^oFuYry&i>W0$Xu}q6scsD9cu3i(L^@8+#+Qe*`6wXao#o87Rc4O97
z=)e_t+<A9IQl_*S_2{^0f=w%`Y8vvn7z%U?n9_=}EytcZj8J+gAoGY-&xV}^{oQ@l
zz|bf)M+QgBW#ou;h&(#QX8FQe2SvY`G7G=h`1M-$3&Jv9as^(6UOtWDPsl4t8u};B
z11O9-M529$`^QGz2<irH+18Xgng^*sje>!i_xb)#9SfU06uq9sIH$q^Xro$-yBnJY
zXW<U%&v*eL&ZgAUDDDs7DF8q%%idH9bL%hD(Kb?I27h~<sAutO%9bI!)#8^03?*Ph
zPrlyUb}8WE_p2q`9nXXNKgc>L<0m%NmGOIJcf}<3pn>oYlrMsa#z6rfQN)(&?~&i!
z$K01Z`{iBM1ja5nkAC0WOU&vY>NIi3aey1W^J6{)TeE7-_;pXdo8a@b?XYPjE}>Pv
zYp{iHkhtr)d(pFx0x$$g8FuY6(G)9p77h0%$YE`ZO^t$EN35rfcQr94OQjp_Ko<m&
zfdcPA{dn{R7C4bvxB2gRj00ueg($fPdCLVmSkU^rK{bRMFIwK^jt0l0v)8Bd{^sje
zdyo@v54s${EO`)yn!XR-87~?br;)lY=V-8oEt=<gFM?Z~Qndfnt^ikRRZ6Zg7=@QC
z;b*NTUk9wG?~xt5+jMZZ;_4m<P=3~q`^ck*6=Jfu5U%$K^9JzbL>9A*ixkxs7_MT~
zT~sz}eiS9iZvKyazF-2ls?MOC@97{mG~1)bIlH6|GWFBjoo4B)L!syw_0m_)-$S;(
zPhQxU9x0Cq-(?>8QmieW#ewCBhOtCeVMq0uj)971%Wzjemd(TgW9WwLg^y9T49H`%
zFk`Hr*s6?cY}7>mv@K3-J`7O?MUyn>s$(tA-l!eOEavqTUvjjqHq8TzqU(nzCc%dH
zgwoT_nn?2=m{c{HJzclUJCIG~$Fc;d4sW$EOH<hy#q;9410|dNex~?&3ieHA`ohIN
znQrI})&5I{JHZFQmOSKQq)1H^O`||`;P#OQR8Q>)mSebjk8m(R&HaSzg<l|v(<u5M
zPNW>y4ezc($yl)2TkPS>vveJA@K?da(%W(mKu<ac3fSyVddXC6cD0Oejz^9CL~;C0
zEGm0>aG)t3$+1(MS`#<;bP#&$bW?B>IWUr3`dh*Q4J?I0K^2qnf&H%Lw9KI6E_!=#
z|F4L9394h!WWrw6k%@YE4ADtFyLg-j5gt*Ax`_h|ceIz$5Bsh;E%MlIYOO5(ogi$$
z%Rk9+SUbS+u!CnC^4e4K4eL0*G1A-b{iq)J9tZj&8p@YtuCe?@#DN0pf4;lc^~*FQ
z!#<^@9}KlCJo&Kn4#MJJC#7c`X)zot6N)-eeT6SqoR|nu#W*%O#x)wtml1Aq7?x4M
z=vg5qXM#-jQ&^=7vMt}l1*jm%fAw+h@x?(RTk*r_RCv3=G<VP}vwiJcfY!%fW{8o<
z<GvVQx$3?dfJ&Cy6lN`efMIBCTEZz<a5!(s1qHcz>*w69An5D2@IqZNkHL3`t$kb>
zLb1-@s^Jqq6TLVBnvA60+r~B7FX?+3WGu$}>h_8_q(#4IA|RWL!SmarEUioSwc$re
zrlS3ZP4(HraBaPD<P$9^jnGz7T~RS&)p<nFr*Yo38MU9y{@GumoE7C>g(KsjAi!5|
za^Kt?#c1vU<Sq|x@TZ{mY3i&O7#Nr2ZfImU{ho1rbGZsjVil7Mj`<6`k_!6cT2y$4
z%<{XMj=9WO)K&ee--DHkk~mm(zneFA>gw3N&2gajOxErVw0OO$624;tfqPlcC@4UA
zDShl!sn~c_Vm(FS&kN#MOh#UT0QYi^L`Ib&`FNm>ZjL;`>tc5RUb@`Nw@^LEW{DWb
zX0chLJnDUwO<Q(ORUVE_aI2sG9`->)z1k}c3KG_1+!15J#1kFVD630Po3)jz4R%3y
zweQ5&^MB;;8gI4=NB&)k9hUAP-(LE4bT4B@<up-vh8icF*C~md>0ySCjBeemhx5+4
zi}D}|^ZpI5KZ&lN3IfkJ+1ZkBc-USI^M}r1!t`rvA41FIik(kp{bt-amH%f-j6i&?
z`F;gs8>`!kwH%SpU+zC>8?3vlAsg~ypP&4=9a6t7U}Pk3wij?3`2RzhWV#6eU+=eU
z8h%IBXz)bM*%ucfpG(7bjbj-rc|l%44<T}yYq?^fh>L%R-)YCwO&ktzP57igfvC_Z
z@-;*n+aXu*Jl-%D8kw|zBes5#fCf2!{1yVj!uaIgY8E0Meg%{SLglOwM~JJx?fL0#
zM;!z9*a13BM^h$5eJwqIFx36fC*5<2;_s8+MdL}vS^b~sEA(GK&f>3pp~Uf-LxwLO
z8g=YX<f2%y%0%}u8jxbm#~{c^M4MQ`*WW#rx`fYlGS_yvgCZz=ZTeLIHnpstLig<q
z(mw40!{6ZZ@b_ov=1x?iB_1&2NswM4Ontfy7`=q9u~%;H<2u~44kC4K|9dg<%m$oh
z)YXuXWwoD4Gv~Q>Vrbxr+ZTZ<s`zM{X0eE9;N>?+tU5%?fu`80!)~F7{>*Gav(sC6
z1_k+~3D&O4@Wy43<Jd}778Tls-iZ!=s;LnpSrSJQZkysmZ0YNAtB?0w@)|Fxc%cqx
zm3?vk{acN@<_+~1y@WX#*OypBVj?FJpd_MwZy@1f;$cPJaSAcfS+Q<092wm}-6k|b
zC>&%1tk~$L!MOGz0(N@?N`NkQ2={k1#QH4HK3{RmWkq>*<)PMNEND0T1a&~;XR$hy
z8iD`SH&vmP!S8TYPOkiev6GzdxHf)H2pt&FD;I{^7(CXM=Uinwo@wU0aLqLM=}XY<
zW~O4KyihmHR%U-$jzlGqNKnSf{`U<L5c<h)Iais*E+qWZ-+!jXxrh~wX;^hUV0My0
zwkyAhlNTB*vFw@_X)w&YhOvgU?B+`HZFvYDt_p}5Qwc5AMC-u8{?!SJd{va`6sgr4
zcLd}PCILbmnYVDP8N$=%Y%Igq!!OA-m7LKka7I9u&KcNNKRa?Ck{IE1RgAw8toSX2
zEj`oz#B$<h<`4?&3#QK&*x1Y(J_>;P^i)Ax?%{GLS(U?E8EWS9F5~I(&v^=X-L(qs
zB7OTSDwC+uYt{tAabD&X#6p29@L7J5wy&50Cd;SgUF1&BxK6KyU7D$S8!r?TgU^IU
z*gt&p2{eIEy*c@UI@b`%(l4>?KbWy{u*F63R=ygJ^Ih?cBh1BqW#iGDg*;RTy1{T5
z4XaDJWfochLn#ki`cZ3zbN$vXm=@a(Nt?YMaeln1s>TfohULI%*PX<VGp|J#xH7f!
zGRtMA#y3o8y>+n}s~iHI;?!>B)~nyzDw9VbS*gr{@k@9!+p2X>_V=OR?^ku@Aia7+
zwC7Rnv_f$Bx0j1~qE>R*8J7Jk<?=vXQE@TFV#M0qz&NzMsJ&q7a=y#3LHp&3U^XG^
z?%4-b2q$6UYBP+@=oJ+`Z6^+ZG?$*MHfO(~iyEW<O;nATqr&1~2NaEe_tM!jlR1T=
z42uI;<Ex3`il?B5=b9c+2Lp5UvasL1$Np(U7C^@7=o{+P-^KGR%9Qt#_%yw=o2J^8
zGS~+)B-!Bnz5P8akWVqE`j5x@Z1fg{XF}(TC7Q6%ol6^bXz4Qj#a&Q?da|E(%4*Fv
zn>Mr2UiXgMX}+_aIeptAMTn=S0Xw~Z)w+Ct=HuB0^o#_$t42R9`kX1WKMcogW&7(d
z!7F}vpkfq!b2bL;gTnhsAGPllOR|~sYnBJ<Bm<YMPZVV4q7IQsw~NkkL+Y&P!{2WG
z&QIt<yYE27s~ahCu`hd+my;$h{5K|HL&jE`53M^=SKgbRdObFGS;@|noZvFw^HB*p
zj=C6O=0OOjC76Z76Ck+O-?d3OgoFY8$7EVx2~x3-z7Q6tpa~*->p8UB*F?7gOy>WE
zLdZ^$>)v@Fi{O9O%+7IZ5jNEhLGm@LVd0nkPt=yE(c=H3QkF*jD`~Qd4&KiDas=DQ
z_8_yRC2m@_`q~q|B1|Zzc!ICLUDdK#Od_2D3cRKCSJ7}?3Bg_w$a?F2(i;uG2)rtl
zIxl>AQh7xz-rCnttx$ZABsFxVwZ66k==fW-GxPc88mqiJ^9~S1_D}H_X+&M4+VC<&
zRvkAs9F6J+Zn9@i&sdI<6Rv8quJ2PDCwXF5L20_|fj*Cpth!v2M6>yLN3ByIr*hpv
z)<;Brwb)k8!ASv?OB=1XW&XY&t=zYda6N3bIJB%9I+V}|n3=7gJjC59FAQGoNp<qE
z@3_q$c1K>aPIRS=%cgKL>!SZbr*hIPS*;cgfGb~!{w$~Ez*_4w<COJ*&&n5RBfB!W
zd$yzj7vr>Z@P{i;n8|Q0Fo-V{8Ye%ipr)#HipmryqzL>xrw4xQ-JY{o2Cd`~268sL
zh*wjip(GutxZ|P3qkzE<>}djz(=W3j1C%5i@zNAr1XJ_0?#ru|-?WLvfKjmg9bI_g
zN^&o=W*KgP7<^MRpC<(^Nm&XjeM**d`VjM&d_p2+<2ku(;Xx9C_fvv<$CuHK#;;1$
ztn$m9RtSeVJd?ggZ#z@W`Y;Ygz&q(ZmJ!ye+WB>rSO-F(5^fxC*@99gY-!Xz1ekq1
z6_Blofcq5p2yXMH8@i^%H*<tr_bKM`Bhp{Xf#5dGP0%Fz-SQ@WrLGOc`DGq&b3<kU
zI#T%^7wMH(WwLFxn?2O72yVtYPTo-HY2I0?IMM{W%$S3yvhcZw4j}VE8wW`hu(PwW
z&#9~{l?G<J*nb-8Co%q+U7S-vB)xY-^_D88neB7Uh}K`|k6ZRyg~?}|bolsO4XA~y
zvL0|WAFgl1-;Ig(se_xGdeK~wxu%cUB-ZIHC<<zYub`!-!kWmvfea)7%dj7H+3sq6
z_PgKRK=MXja`uyW^JPNP0gtYpSXLtJa?d2Qe~x9E*7$inyFj0Ms_7_FluOfp299O>
z)`d7P!F+<~3Pu|r_fYfmE7BtckzzF^lrP45Sms*Ov6ou7sf#yRw!dX)Zf(O`->5P(
zUR||F6#lSa6iASj$cdnloT*<JvxH%I?#7_jx^%}D_bHLhr2aXZTyV&kvdwo&V(25Q
znX^w-S-v=-%SnI4mPm{fzWrqAws{8+Pw@ljzPv>R3um&O{Js;9)E<;K$bX&M4Cu3N
zA3sCDBBFx9h9Tn9hts)2!W_YXh|FTq8LmR2_aD?~O0GTL_garXKZ%3jHW3v4J;I<p
z2B}rJ^DU_Jp8>_>Rrx=J6KNH0hofQgsn_wIVOfPyE98FfeZTzT6mHBS7(WJQkT1*P
zj!5$aXsG{le>58w`L5D@gm}>g*1J>eL-VZ#k!NwgTk!G-Q!J7})%)HdzNBO>pF<ty
zQlq4fP!uJF0)A~fkBdQlfGjo68rR>Pet?T`iNEi<ex38K6Brc!^~SUytQH(u&NoM3
zkY0b^pRUnstH~#62~P&@@V{cd6jF(2|82qa$C4i1#3#xj0N0KN0&#s1IZE37n!sIv
z+xoz|#2uS)JxE@cqe;JBpN|N`vu{sxq&@?<gd{7_DzVYcsVN-P7{$&MVbhX2^d`t@
zYbfnNBSlH%L1Ho7K^cFhe=aaZC`6Q<@G{5y5pmPu{Z$ON&@<q0C{fnIRiV9Vl`SZ2
zi&cHACNeHrDfOelOx+<MMe$P2*0JSB#lk>-$nP@I6=mh-ulO>H&7vY@GM&a7=bEME
z8nC!I4b%Em)7SiuymYkY+w0@=e9k`7O2Ri^Ef)%7ZVp}KjA?ksrKoFbclPPZsV`d|
zz3#Zy=_HzuNVT})!bg)Is?j*CN+`SO-5fRn=aYjkGVFV*X2{P2=LZTgyyhrIKzQdE
zas|*b86YX@<I}Ep*b;(B9ySXd8drW4rT8zJ93F4B<gUntI5ZO+qcRe&$W&^p=jY3!
z6m5#{vTpYBe@6&S;9QSJToey0Am?9=+$awVw1Y^eB2rUC(%<SNU`Zq)QqS#idY*o*
zxzcHtw@LpD!@If)!V>yg>m|cH@o*GAH{oza^g8&p2O^0NM)L5~r0UxtitvI%;nmC8
z!l+R6+Bg?B9(gsNFo21FPgqvg2efj@8o3s2VQdq2tF6K{poAOl?MLI<%z0ME>*B7%
z<IIomD$j#{1*ky^K~C*QI8+QhejVF&3&iuMjTh0$6$)EJBGZj$_kq2Ra}<ZSriGZJ
zx^g;A4i_~ia3V%Aa0K7Q+1r0=uyUT@zdx?s+Ai=#o}!`iSL)ensAD~8zr^zUyVa=E
ze9}i!ptd*F=erjqJztc!(4|eK`+*-myQJD8Qq8uS6c4bX{(~a#M;0}54`s~Tz&2sl
ztc{rQ>tw)HGg-VD6kHkvyR;r*t!mP%R_M7TDYxZ4LgWcZX{#Le=xofovaLSd_gi-a
zG(0E->CK1&@%Lqs9PH}&dtM01#I_{p@<;c>-0S%`4{jH=y{6ZC8Zv%*qylEM%Jgox
zF@9pp7EV3(L)jDtNpk{IDdO~D8;@H{$*uzPgu20lgaot{8l6rHpo{yw8^7*zU$np;
zfCn+~eTdn?G730S5zjuCv+kJpKJpzqn|FRd&^PcutH2SR<INQwJp|>9|B<MHW1WDa
zg~5%Rg+Lg~_UxfS8ymSwEjq#NTiNYS+3jaxuRXHn>cSMU$r=#$znV*atv0;<2}+91
zm-px;D%9u4&h|CS_qm)gH=8@)Z#m$MC-Yx*JmBz-3pFO+zb7lgbHg3kY-Bj>%KNr3
z&}!QEBj@5xVH9~39zDYWziV>BJJ~@uU)BfHTh#^#AdpM}6btcvLNB>=MgGcl%s*m=
z?QTg5RGQr(c$jHf&kbjEML`(JFI=V~=KkH0fUl!C;VBU7pDaHB7%2fl6F&;g6<pQ*
zDoZQAN;zB4i(*lCge`Hr{e7oh?>T#o=VAH_Vtu^a?_1e&xj$o~D=>qOd%Z*3jusu1
zr1xAcZ{IKtP;l=7u1enUgKO4xB?A&P_2KDm=?REomj2VILmc4w2&jmx$i1{e1+xTx
ziUs4No9k7l@9)Gb3H%C~A7%(3WLUxToRR%9Zz^+~h_Lz(kibboKXuoISxSzF=oLF!
z4GL>rU-%}tT^l+C5K`}omZ+?U=si+7ITDWX(b2;9ege*-@%<DOHo62|36nHdH)ufx
z+`+QeYr(g{o_@_w;cpQX?W9!P0Bvc^^vfygEHQR-a`oj9kl;_;Du<Z*m5wKupQj&d
z4#`&12{D!{i8?V85S*MhNj!$$MxQDHD3Sd+%0kU0>B7F_fwrpsG}1c8t4t^4(&{7g
zXN%=Ge8@-TDkagnj&8_lytb8id<7}mu%J(4-qRh{8T&b0A6X7v60}d!8K695t^#i?
zE0uOHIvK7-HF9&u<~}&=1>Mas^XkQ{>gyK~9AI}Xn1tiX1*A0avim>!n6%;FAfs!#
zg2k8@DW{#IL(#`VNQNXySzjK$N$0U=xtLJa2X0h8Q8>$e1dL-wzC(L0QcemsS$D-7
zohoWJjn4gwJ9Ag$CZp)dZO8MWy&sD<B=a4ibBsDwTjqP@1Ln<pgi-twPRzD?|L!UE
zEVsujXJe`C0bzgKy_w;2S}$)sESD+~H~wZtTt7QJx@UKaKn}l|H8rdhVZUKZ4ngg(
z0`wh?ZnU4EvRmn=e(u>L{9UVy53UVwrjcuJq`j6v4W8>pM`ac{C5`u=gu5G3%56GU
zc3<!MfEx{<y#FsG!0xy;J>5hGdxh!*e_u~V{gOtXZS$S#0g(@%x!FnImOB=r&YO{-
zy?woKwaFD1k6d~1Zp4>EGSan8B{HcDPY>y3&6UjprFVy?`mMf8A%>@O9uv@YPAPR=
zC7%7pia>yJb62hGYk-#y#F#z03K${OE6hZw%`-jCkOE-dNB)MlLquf<?gk*!eaKk0
zk5hQf`T-uf7P@A&_QQ!Z1tRUqo!>IV?<_kiYv$eS)3Wb=1G~5W$14bD?O1zV4|hux
znq+5WCPHKau4wefZ+=>uTanwXw8|`Hn7@|L#<rf}@PD|_@LUexih;OPU%Oo`T%|6!
z7bjhaJZ0K9E>tGYwL|V#sg6&*;><Sh;YS#!uiy{??NaV9Z73t_z`y{9$*xkZeNKm@
zfMDI6tE!wn|5mN-ocfJq1#(e7DO$3r{ADXD__ZZqy&$fn*e)<2k8|XjqYE#128HN>
zm~Q$1B+YTJ!^0p@?IYPK#23DIi&?pGMD$kY?{Yjh`3~fgRRLdLg$Lm7kAbUNY^!2V
zREwWSv0G(qayjDd(b;psUM|eAKaH9KGTL@vRXO%cJWD>zCb9C72#jk$10W}3@AvJd
zB{Nfppn!)z85Bi_ZwWI9wS1%<rV!0e?3+86YKMRXFe)JY@q^>&XrCO1x&{p|qP`-d
z$)+LcBd?@Bo_p_0wz{_g*a*NaMr^8Kc7djsk^3a6)?~v)i-&GO(&#;54DH9y@ft3x
zEbAMYsV=xQTGrIzcZrb>OTJfnHtE<b6){_v5tEMH6Cs*Z4St-`$bob|*SR_$EPtuD
z4^K|EqL{cSn*b1JCXilxhebsB>dgl>IMe2WI%6DjazM#IN45^$-7Qn#`_&-d%n*EM
zP;|jcIy3-Rb$9NL-_-<Y+`=2)8Y@npAXhS3PgZ8_A?n{utm>`6-Q;TqsVi44@L|F&
z@(}u*HRjuDG9W9DeYo1L2<Rk3K@i8r#S~mM=B(z{<iZ-ImXL68wipiv6>8|aCb=BW
z^L2B*;t3D0HK9MQb=9l!Y0*~lr9Per^lRG5TL~QMdbNqf%r*$`z!zvv+ZBw8`!zwE
zw%RrJQkSNMw$aN1YB7$&T4vfP$I><-SQprG?E;<qkE8hS?Z@#q>&fZB{v8M^$_!B4
z|5n1&nHa{rO1yBWApZY{0-R~3>T;tUENYyh0wL16Rg9u-Xkq6TP|3wWm*t}TIUt3T
zr7>vXnFu{O@Wr=nmHua=Fy6z4ntx)$e17$rz^nK6^K3f^w54ubGPLdXWNk(T@4Loa
zw!c!(UWjwbs;thsu$U@Ob0m)Qby$j7y4HksYv~ss7}_$azG=+;?9xR6t+L0HMB7MI
zrpsog%iI!CBo=P)j^42sq$(-f9BdCNNxvHnF+Z%~JZuOokVGd0nkpB+Q+0(GNuv>@
zAZQ=I5%P-uFpl_o8|$Kd)5>{1jR+TQZOK#mP8?ss|2GIT*gQ;Xc1y4F2n)75?UGN`
zDj^nd0o}drI6q|sNPXP1cK?B1LPYg`9}0m(+Y;Y(-zBHMmr#tk06WGStd$|ok%TZ8
z@C&1%)X_eMYp7SuK9P7e2ZiVQm%8a5`bBZ_M){%wt|s5`J&Y4<56?DfPUpvAXSBvw
zQELZk&1yg(LucL{@ouu?k+A!ox8$Ur<sD{G+DW^uPSfCdiHNL~m3DPGXWNp(a)>;x
z={&A0Dh%s<?0@zLfE2-x^9rPg|1UJ)8xI`tuk?0#r3htsXq{M<9?@CevX%gb-%6oz
z(8Zf+{@{DkXAh3gvj>NY#(dSVeuGH|#QW7!T@yQwgtFSOSxj)RoTYsM_<K6}Wiz;o
zZU?UcN_f2irq8)lre4ADtXQ8Y{?hHEq~<OSm}I$vw5D<7mqQ4pFy2xcCJh3M3c^&U
zO|#M;U-vOo#q}m>4RG{Cl9Z+bg(hLD8oAJ|Wa2&`drShnFgL*_L?}mqr!AvEo7`J*
zw+s;(L4I1-+t$7=y^oLzlLXt7YAEwYj?~HgIgX<9*`Zy%HvG_u#6L(nr(K#g-%se;
zJCR%KZVhVatcGLFAEZ2u)SnNr$;3^xgJYGKHEz)0<9fn$rvieqQ;FY3zhz!UKwnTr
z8QlxVh6_Z{jB`MD*!vcdBo=~3>_{k~kFv5G!<+gx>;heL`eQ1GX=Jnp%#xe;3?Lua
z284ZjP)zt<uco2lGo-$)ZVp^RBLU!BEX!)Doc`(lp^3R~ayItpr=17;DCQ{Xygp?#
znSeUbjb+w&kV8P1`O^<{#AW~=g2b(8cgF-<$17Q?^p;oL8)02c@Fh|A7%tnJF)yQ^
zKM%ORQdQmA@1`7Yw9486?Ty_5S`x+d4>FmSK)X2Ic%kA2BgGZ_VbW@E6bX8HcZ1#x
zwjDOki7_CYQ^aU5o$B*bDKi;<fzzW0{MX6>!AWNXsi`4s@ktFL?(7?~Fj+77BtD73
zk;c*L0{w7f)kfkbX)j#eLxDs);uX4J_o<CEm~+f}IxjTzb7kaZh7tSARgqwv?l7oW
zmJ2$Dou{|y-o-uK9^S5Z^WIhi=BU1$PQSy2qjxL~b9t$rcm4t>;)tdF+IVNIp^Tmu
zpf13|qmA}DNAu@tpPu<oxT(`@<@jv;1f5MG@5>*~BLX8nWL1ZS2b{J&<4PHilOGz&
z+3fat0h%P4)nHLRbJcUZetBc#nZtPB<7psyCVx?80q`cXa_Wss4z8UgJ)j4E;<|&v
zC8mf8zo3R!Teb(Zz$fbx6646BbPJKWm#QB0*T^b{LmLL+5b|U#eXRX#{eaR0v4a0#
zGNH{W(T11j6eZal_WK@IRV&xVdO;CxxGGCl5rzTAr&HY-C6T-N`_L7hgHdUU6DV?J
z*z<NwV}pt3q31TU;Zz5rmVB-vsqxyA_wj#vxw+UUT!gX>2w)QBSXw3|d_OMe``_1e
z;Ip3l=X{155XEJc5aciV2|T!SsZi(oT|F<Q^4@}L=i`}^(Ov>&d;Tyz_d9~@=Zk3I
zlBYSu8KWF0GxKDDqq~v#uKiG3MDB1}#A`?nZiPNurfIK1tKK4)Wx8F9uwO5ryD#rt
z;3%4B?oz4E>tX|uEQjal*UK(Z9kU?>eH`6Z*(64}y23x_dUwb=l4m>r9%0lde-mo1
z^VjY1ftmr<O2rW-thbKOfH&zrj>&++Sa|f5Nass4fN6c7JLbukyuFsqOE-rV+<Z=c
zL5ocUK8JD&RBi%!9)~>XYyJTmu}l9654Ui_8`|mAr&^f?0949DWIYI{?zu&(CLF#=
z1A1`5*qG$^!H_WUtFlREMEO@5fX$GuxQiX-1-ZA)_ZR}zWmiDGUZzviUjWdLKx5!s
z4ab`-kM#(`r?>dhl)TKYEt94|n0g-v6777JD~1c5Ctw@=y;GE9blOAF%pN59>iYew
zE$Xq9a1sDT_yR?l5cF@*@Dil9qJQMyORhr>U)8!e-R?@i2>-Mk5-uFCfvhFsooQom
z!FVZ!|1Xq$ohpzcY`IR5lW%t@I39$uX4sm~mN3vdM&`&P^yfVA|Bak%<Q4?l)0JBl
z$({}7^K(sA3kSEBbRXC>=Z@O%hJIGm*`PF)n^qZvR+~zNw-_}_-zvDg&i^`)Ks)j$
zg9n<(@C{|tc#Qs7ED);J<9NGMbho=^wm|(lK;wfhgJl+lDhtu^y`COjyHk&=F|e^v
zN)Vq;sDxr6nTp(8o20RughuA6M2p^zL0OW3r<`$yh4<$A=Xz~SUO)GDGjl!K8`b5M
zlAi>^{{H5{`3G{BnXhh1Qa=ZKTge~$-T)D&ZSRr5Mt=}1nJN8x*frs18*MX0qa&=X
z#(ge#ia7MD=!5tFOyV=p?oxUQ`tYhrm7-gfH#Skt3x#^r;CbX$DwXJ@jG4-2w2#4d
zr!WpxsHj6WYRMTwA#`v(mlO(_7L9EVAG_2mbjnNvNEFB|5*^e6{b+AJMng$H<V>Yg
zRQA&CM%wnB?-cq+2)~{GtND>WJJCbmO9=L<GNSGfkaB(ox$bSwHRvzcccJCzIQ+Zf
zY^hfn-gW7TRJn#<YR}$=lqywkH7f{wk{r|g5LoTBA*+?gvZ`{S5BPJEaWIWfP!R$F
zy-VgV*rhFWSRv<GI(R7!A*xhn&qdwK-wtw7CyZKXbteq(H>$YB!8e<BXhkbg`uveA
zTl%QuDtjnP049h`vU_$^3uQT5U{nl9Nx7S<`11=>f3B^<|7}k0Ec%$a>D?=h6pwm?
z#)W8i8R~}T2}sKtphEuLdpeliXKD*L{O$#6rTTjr%3i#j`Us?YSYn!d>C@E948Y#=
zN|lehKRGQoB5`^hJ>nLD#9Xkz^}zYi9_Y94uCz#LIWQ-rffuE#G;#O3!^pnvrtto_
z`|Ft<7Apo%G5V@W9Mi-r;AbN0p;X<kQObB3!hk78QEZn53S1I3_y4V(+$AtPH_LL2
z8C;_d-tz&PhYRJImfQBnpwS_$>ray@27}=^-8DP7jC>*Do8Q)y*cd;zdFj1(-_64f
z27L80e)lWV%=WD{`v;%MN6pk>6i2@HB_5={IN+o1*MzA?BvA)m2F?{|{*h@QfH$G)
z0{jN1=TX1pmypyuZ*~2HJn4FC=v7pg-Sh2(oJp@PJ(ljaB^oU5(^ys)i`BbZU3M6F
z<~@RHhC<nIpUwOwDn*p&xW>%KXzmAwmNx60Bk47S&0h}v{Y7-}pHU3Z5&DIMT`T8`
zNzSxc7m@M;FQoie7#bl%`I&UV<nC4BFM+jceEH?1_W*cpIKZ*8KAa9kmm%K$srQ8w
ztgAe7cKK4>W}}awpH@=DobnvT`0uY88f<Id5l8@5>AQu(=OEe}Kyq%ZJnEr&5(r^L
zeX{5*Q<Y~?E|#wqTMjuL5qR?PZ2?OmYDr7#2V8W0yRKg8zDI!TWb&Y5W->73;8e|K
zv&2vtOWm)dN&uB>H^?5gHC3hg)a+C<Jhk85-bk3bJvBR;G<+#glArZ`4srTDg8(G9
z^ghU|t*e#W*v_;b6nikFb7bKrb|UEi9?=f#G$dtuGW<T022_e*n;V(Z!67+QsL6?8
z&x)xAzg+p8t5Wof1$W8+$@j+SbUhr}x6D=!-}cmrEVaGL)UWjfWY;l$GNvZStwk~L
zy9vPzzjcqL#_`~TI?uT|1@I!^f>4GZPKcI25??O_LWSjzsYT~Q40}iY%kbGX(NOT-
zq<(5SR?4l#FUZqADV_ST09OoCxwl`j(c-&s{(^;;hK6nW@kekcFG9W0J(jf__fP+m
zEVQ3C-<nYv!)gZMUY?91?Q``}uB;z*zy`4WQ;Js(+1K&q0tin96i2WU!-mg-AW%PP
zQj|xd5VS;IZjTi>a_oM{>)2P%dS}6k<lDSgMB%+Zt>URA<(1hm%XwypIccPCYcHLi
zc~pa!pa9h6eq^jmp}O{)TkEyW0pfl;Wau2a&ic;Ay^S9AP4qh8s0d22j<^l|2SS9D
z<QrEW(8Sgu->zPV!!67gQ&+++$ut%1uCxCcW4a#g0@<_CuZ0>OQ0^<cE8YYfa6?wl
zUHKhNaz;~KLL3Oi?1Qre+|wg$iXc#^FG=~IUl`AR3L4bh*(ik^wdVuO>Lef=IY?4`
zlFz>+DYc!}26lRfq31s=*h+E3V$i6&J5dp&F#hCt8MVCYoUi>DRJ|0cIn})xp#-Ri
z8>#3zuWbk`UCJi_cj9hVy4}gRH9gcngUR3jK4E>N2OXUtbKY(40Oui8&%qCbFQ>Bv
zoT#^3FW1aoRxX%}i~@!*jQS|il`pVLbEuw`XMbZ9AP+vjy8L-0aH?6c)&MXDG@8pH
z%e15%$fW*(s9-|{Tsw@1MJm8Y3#j)pB$vx8MVP)^0DS!t7n;w~6OgGAjbAA`oJ@>u
z)XBkAOSPOeRNL<^n22=Vu{7dD5B_EtK<?*^GruT(@(2Vyt86wum_S|7PUbIXt}n;;
z8pNOW(yhHRZ2n5`&2BJd6x^J9#d!(&cXZvnqY03Y^``Fr=kYqNli2D0d8|Z^{r3$A
zY64k1B}Kk*sO5BH9RHIaCaOsF4e@=`V)|i{*$|Q5PqybIDWPPzDovfETFBoV|IM_m
ze2ItztKZwGH&;vk`&1)2KtyN=0eCqZwamsQyials2#2{*KVR;>owfF!v(Xh%(vYKH
z0A-oXlNxV;USTWW=N@`e_K4Aq69Z0u?4#$suyS`dU%$<(z0-BSU+zHUR{0T_NSZ;2
z=<0;v^M~6#R#3VVxYBPXu>2lwuvL~0x-vL~B%d$*)OB{r_<V11dKmy55lj>4khZ1T
zQV$~u82LLUCM)e$CRCKTf`WLt0p>732f<vs>BF$^@JBd->cBN@O;HOR21D1|afW13
zPjz0LavO|5LovLOZH3*{uZLjIj{;7^f`-iK>UEi&+L+yM58&aEQhl=eD<F*DGdK;*
zeVT0P2<2ak6y|Z1`(%{_&Dw(>K{8J1+E3rgWH4eEi_3E1ySqWgjmg^n0UL3IlN$k?
z6P0>%%^qFCJnpu1Sw6KjOsn-a5vZFvez!7>4B|ib%71Yl%{S|nOVL>VZ4bj^$+o*;
zo^=-V+5S0{#w)9w=q{Bp!6mHzDW^g`?G3k0{zK|7Uz+))C7{cwGBrDaicFoxM2(xt
zaOM$j7I93pC&HVN&2UoSmK8f_;b-CtJEMBg`;cN(#+r`1Ljl}gYyJ!o_3iFmyj`o1
z5Z=&70)2?^M6F=}6Pw41vNRp7L+oU!8V{3^5H^ds67NY5WM8kNsGwkQf_?`bj%_(^
z53Wovnf<lV7`zXli#fx%0H~Jk2Ja@>#ifpp8n_ViUh!Qxvcrsdv0`vrwIp$THbps$
zhtZ+i16+lOlr}OQE-UQyPS7OXwDY_cZI2*84{{`Duo-!XF4-G?Av!26(B2Lzi!*$7
zXU%E3+082c*lIZAq3G!BZ?d4;=F~DG%r3K@Dvx(Re;BnKn9z?(yl^K{SI#<$^Uw(K
zroSgQNdRQ~@b$iP*ayBOrGIEfKFzkl8l&!m8VE`2sLE#Ti$OhgfMa2nG3zny{Q*yc
z-%#SN8$PwwdCZdU7Fh>w#6KL2GY4U^*2*y9!90>6aEsEUbU53YVvTGhU&%&ooVUo~
zvJp?#^%0Td7L-xkb&bMfR_jywNN)uQ-Z|Z6W@BAm{wR`<eamk^xTjx1od#K|Cgv=J
ze#F<$DoBQ$khmFDp>yEDLzM|jymx_66Vsld?K=n@GeMrq?!1g)0P0;iB5TG=rr^#B
zR~p|fR3HCuurR{OF+3)z8HbBWSgIq&J-Peg#OUGWUFP}2*RyPRo=^w#Z4AKmG%Axf
zm!Iwx2(cGfq_XRH;Qmuq$Ep4IK-D))lmZf3Uisv?OMTmg&YG}m^>NCp7Q%^WGRYu1
zoc3Q9KnAz%#Fj!1MrKx5X@<+kVP7lBwg6CZ(@Ve+eWpZQ8C9KCesD6JrF5o8b65G}
zQ5d8pe7`Jiq6O(|$Z7Mw;&$!y9<ua$zyYp1!v{0n>#we&fx5_2V();xb7W*;!%KlD
zk2dMH%#J!;yZ*3m4IVKkUG2Lez082wlqTo%nw1AEsO%DQ)oR$0w&M4T?{Uj*qxrvF
z*0KMMdfNnqs~MATHXBeQXaU5Uv+sCz7?Y{&=@FzitX=?tB?HA@(qJt;00T2H3#1IC
z;y)nMe6Y1vVi+3{vqB?;|A36SpHdWx8S@^PH>1S+>be3ofsjD-q1B+&{JvdE`E6FM
z+Maugax}wPu$Hqk?~m~ESkO!H?9|jAge@^wxq4r350&*#VNZ@^>}(x|ojIMQt4$Q9
zD}w5kx-wVMeqXOc5S);o6FAAtyX!u^g-g9=1t!_gMpEEiG%C#v2DPs_XsXq+u$@5;
zeN$TFb{UzQ0?n9E<qka_d{455OFS7p6&1|E)uTS>Wdl_0JW(X!Elz()9t<h@Xw1bJ
zPV75i!2h5t`Ud5SEfw=i!1%0qbG?=?sd`K~<G$^zNcW(3IJgUuRhLp3g7Au#W*JDk
zdO`iFY0)XFX3%7fMyULuvvk%!eTm`V%1D`76_A?do<{exv)X)#bJ#+bqe(M51p8H6
ztrK)jb~48RAOAk{yNPLAyb|HqFP4dYu5eOB?JoYv9L!Zb)=Z}qk635wq}7_9lhsyg
zOAVMW3eemr^wuF9Wu<=5%RMYTwj*KjXtNL6ASqoiZ#>A8Z@PS~nNn`m(YgEj=n~qP
z;n$1X@_@9M81HlCw8Ver3g}t{XzP#O%wBb$nT+O1_JMLZW9Hn<_EwVVE+x-^1prNo
z-R&+h0qxU(6m!9bCroa1Oqwu7N?B|$7oNj>-*Be+nl%TTFTrJH6{2j!NtUrtWwPX7
zrdHg$8_3W3a>@y~?qfJVxr-EKSgT`G8aMFYu4qmi!wk^hYA*fd3VQFps#pH;0f~RO
zRg939=R1&~70rtr9!ZJe47??Ofc6`@Bha-P9+z~;)twYT)X(B~W1AE{Y+m~#_Byk_
zT#J+D4XZ_Il+l}ss;a2)F;#5trIE3eL`iT{77Wvbj9V0<)?mfu+s9JhO8pqUPOk9d
zEbcm=XjB>^*FhS=UKz?xbniCj*Z`!sfY89$BAgv*pN_a3?nfB;3ZK(OfxLMaIL|N3
zuJ%iJ`Ms#|%!XH951YeT6;og-FNH%nLe2mUdp%PGoM8;Tl9%Wx^z>mqAw9<Ml`jQ$
zcK6+E=icOwXu3`k%KYAgtNKJlr3j>>Z5*~9eK~V@C!eqZO(9O9i!U@6{3ni27Kr1k
zT2GBdc%32onE#<=J6ip8GT|$|UO}O%?Y#0S{(HQ}v5e%Q6k{C%*{e0H!Ll61<O6S$
zxgrdmmr}<PFBnJdzl^Hqza(%m9F6M~2mlX*0b)-MimUTx4_nh^6@zHmUxJyV%Xh8T
zRL=BwqIhOl3z_J*k-Zm`j*scEIhNzvhrUBvle-IZz#?@T7cbCW^Qw1~pWu^hl6NJq
zw0=gN0>gwIgR6E96(Sk|X2#7f-+2DSt;qWAWsE6g+x_c!<^JAySAn2<8kXm&j26fx
z!eD_4<O#^<qN^Qt#tO!^Ks`FHOS$6GJMK>peixV*8>Ng@zbTK=@I_kVT2R5Yt%_QD
zeu^E^b?JmqbVbS^5JnFM@_z$dpCb#!D1ij#azC3_Ef0+XLwAXUW-DXmTCIH^(>kqY
zuFb_paXgk|n*WAPTH4j@O$k^H&L1={giSiYF59Qf^QI5uF6fx(z+9KiT5bHbiGa83
z9^b?G7`OD3U?=M;5DsEGUH!W}|K{B~;qy-=JOL2@et`pGbbeDIFr?5k@aX;Rowy9C
zG9P$^dsk2m5~0^D4o7Q4yUps&^&O~npQGig_6}QLYSOdoD31EUqA%Zm=UO>*>ux%K
zm*SVS0{pE3!E_FT^hGGNQP_rDFDnJNhSN;S+dH!ab=@Iq<Xu;Zw8Vsxo9Iu?ub0ne
z@zLG;B3{hd+jQ1G+@1}g10^_APuAIK_6@Q0@4An`gI^u*te1Xgi<#zY&O|CVYdQ{4
zRI_b}p1RGnIacg1wac8ovrpJMY}byZSCQ@WyZPnAwMQYMv6fb%^1*VXV;QbalhE=n
z#qDv>m1)AIw_#h8EwFg?0^V^TS4bh*K}H0alSjXfG_zBFhau{NrA-`g+0iM0_-vo|
z%^&~EPjv_eu<9@2AzVN3i4bT7E3GigQA!!y^=<>Wvz5WvT@Rr5%;vK@v&iH1ukz2h
z!|_OH;I70se5b@FZ)W@EYfM_tk3>YLD$tK=e;2L*;Q%jCJ%HfP6b&bNX}Ac5pAswg
zV{HqlwZ;o(HwOj>t?xFXn!D7X1S#l>_RLGesmxGr$SW7+9!uhQAUeSwdwa4h#YJF?
zbZMZgV9UtYoJsY%cq3*5nhXWJ*3?e@8_@SycE_Gs$gE!6IUIBL`z$Z!szjiGwWN!<
z?$wQfd)3k)-XB(;Z2!>v2A2k(vpIv?L7W!rYhaOqW~F4&*!u`;ZB|YHutirsY&#O(
znK{#?2z<6TinvTyi6C5=xi5H1OH{t_C3d8tMK}d&SFk<f`qtHrX`dhZBGUiv_yIuR
zF@({K<qdoQ?VvmGT``ED5)UmlIODIihOub1`?UD{WNZh#wD`hQCeOQtC<e;sWqkPX
zp+JP!$q*wMA*KXY|MkRoyh-)-svjfq8dx(}4c5D=gL@&*ndCho5MuLeda~K36syUy
zyNwQ$e#|sJ=R*10Ljgsz+j!KAkdeL5E*?ymKyIwbz>fpi*#6(#AYGS}-o8BG&bnag
zzBQ=Sm^-aIm0#bTkdRJ$b0*#NnU9N04Xsq}HmD@e@|QO(Lg7!`rjuTdFlhM}qvUXm
zBAwj?1il*<=<9-w;>`~-z-j0@7U+6Ts%@rCJY?Ewso8WTb$fqUVUdX~|C~~(SKxhh
z_?&gVQ?#lMbnX0uzQEVtRsk9SWt{)?EueC_=C?;@;7w(}aT_iH7&{Pv0+lAe#tN~)
z{eiBmwNq0$F*B18L@i(V;Bq{y=e__@^5+C<&+Q+crT_c=W`Fw`EP-00T@X0{q!-4R
zt;k~3nX3c8?f4dQNg~}m#IJ;HNHU0<!k3p=o=?uT3oEl<tyDcCw1$mwic2gL(L+&=
z$^ZNx#@+%bt}crj4FrNE!68V{;L^c^2TyPbZowUbyF-vhg1fuBYj6$j?$Wr^*t>i)
z^Ur+m&0lY-x+tov``+8<>~qfEd#$}T^CW%Xzol}|;Jgn;uX*lI$j8$K$oX3(;uxP<
zBiTPuCUpgH{K^3}?y1tGL%N7&8?U6W7`j-0NlSnDIcwla-~IDRNuQr|)6O~Z|2*mc
z?>|IH`T?zZ8Vxo!kdnHuoj>=Ks&PPC)LFeDu>g|i!UNuo^2c^kEYwgG-wobPeis=P
zWw7z{lC<dmdhaKrW1iJ4>SeyiY~?Rjzx@1UF$7<jAP2G*D18e?q{WeiD-I0A63AAU
zg}HoCe_=9CZ-*`iBO>ea22Bv-iy*A`1?=$<p>0FcBE?Lk#w`P}P1D2<cU4^-cbhvA
z+6$Qf@kNd_ncLdi+Z%BE<-<Tjte!q3bVMl!EXv{Nh>RM}+WJ#%C?PUZQe=qA(I5#6
zXL1`Zzt}zS<@4p$sYu!aELzflVok3X|J%#U1nxj_MFD8ZsTXRFCdJ6en2TPzwg@!$
zjdojei>VRU@otg!qJ<%adA{B^7MNRJjp3<ur~mQC03V~H`d$VlY5{sjSq=p&``N3W
ziZ}EXJ7OzZwtz=eY3R#mkiKv2FeIYFl6-#&w|QOu#tvTde;zHgd{Nk|!s9WC)$WEn
z1h~kwG*7m--nYT6E^JAaRi(R%=~y_k5V%nk3=D5zNItV+{95UpQh^VC^}o&sS~<+~
z9oAq$2#+AXjH!~s9wydmB4=k;<(OinjdL5@y|XRWmIV@j_$w}$i&y@BBrjk|WTk+g
z@`DXKTvy-)+~@!8W$x$IvhTW{#FnLgkfsF-;+u{&?;k`P)U;XtYZ_kk!=(LnZT07C
zTTF$!{O{K;_I<wgg~M1rSBRzM5f%o%C@|NBziVo><>dwU;y`k8av8rZes#dQro4Fd
zQs~w51b=*<Zu4zjIl}+Vn1BKH3Pmqhb`SrJ)BLS>X=y3N&F!JTv(uOG{rmpkzXjMD
z=dY}m8bvs)ma~0)U;*=%^7sFV(xktUUEZ!m<+bT0^L*cY2G}##`r3W5mgk@QzrCgf
z+O;lu7k%PhKH;W~?#J4{j&W9}`D;#wBrtQHC*N!B*}T>`BVPWu8EH>N5*B7phpt6z
z9vtY8yc=}{9tDL`R!vQ`fTrJ$>DC9n4nyj%b@u#>FJK^K&xW0)!KyYhs<f>3mnF+`
zzVGsRwzEsjXFJozH2trZT#gM3)K}*G8vUrg_ZA8RSpEjwI7mB_B~NC~2{gw0j~hJy
z&BuE-K5zIk$V~U^su?6%mONZjnCIIs!I7Md55Hpiuj4b11VsG)goK3EVq{p)zm`6v
z9ngX^z9w#>FIF^u`|tTwp@MOpx^DNuh0~gL?#Y}2F2^qP0w_Mh6Ssr=FXLny0<>vj
z`-zVYjA*<!@V}u~AlbhSe3c!>6~~Da?e4Eh;QjLo5#_*oa?A*LV2Ka1{5<0rN&f85
zlkxv~sgS@NbJ<f<Q}@BD|D^nDv5LSZBqT(;Zisdx`u*n@cBM$zC{(lk+X0ubh3XB)
z^N0galLkD^wox#~e_0jnu}Dr%PLbhdpoWHq$gHd^21jgnU@prAVV`X=GgEh<!66hG
z`K+WI!I=5qPp5(dgV?;@<u%&^4{}w!QJvlkoCa<+OAezVU)?KLcFTtV2M-pnVrDUI
zwLvLFC!{z2IEwY}>HFL4dz(^`%sibCHqOgs!T$3z`Ao29P%S-dwJ##WfVKq1&kkT2
z_zwxO0yf$nhP2u<ABNEOs_Csx6fFCv$<=Hj#s50rz?(JFpG%+CIPFSM;qm{qWDLnk
z%8m``M#YiW|JuHm|7fz#L*U9Ior4X5L7V*uv#7FgvZ^LKLt-xf`qd|u(QILbe^2J$
zx2?hyFO8>8+g($!P~?ApCcOu-58@iCXiSRz+h^tyqDy^X53AD0Bg_JP;2{2mW$~fY
ziCH-Wjh*JZuh1K5u5a-Fm-Q?Qf!l-<rwYwLWz%8)`4hjh17l-Z3tN&+f(SULm5~K%
z%R>%_^9oM^#2JBoeP^FTTkd^$<{J%A0NYj~e-!|HF;?^i$8;<^S?wGVViMK{^4nU@
zwlTW@%Z$Jr!fnESOcgTQ@s<7ON6JN?ZyIXBku!|uB(Q2Qa9?oRjD*CnH_Xus(L5gE
zfBFIh=abyL&sI0d0}S8{kF9GldIx29zOOIuACC(>xX)ggC#R<w$;pK6FJO|$R`<3<
zh>nP&W9++gq5gmV(~`ZsIFb6`zw-pJQz=IOYiw#HK5MO*)nT(~ySh~w+JPTz17(cu
zi?)l(9`LtNxquD2h9CB4&G+%_{>kjG^cHiK2@VId87#IM8ic%;lM|bpn_b0DB^iKN
z<(?!s5D>Y?P#Z1R>Fk@BP*4%L1B5B*C<PG_<Ac2JiP#masb9fWV|bN+^@b;`mPUp9
z%PzdRkDI|RiwjYU8k!~p(O=mY73_wIkWTJune?=CySjwutBg1vZhMcf0%6?$c9eRH
zBlTVK^8}P)VUqoGA+{F+R??)%Hvc-*A0DJ~!raMP*g)2Lf9ARQXIVD&)2Rh5BV%dx
zI-q(v3Uq4$4vGk+;+rr)n@GjPMK~7I>FzLS5)jTr|8caaiqGv}?)>5EbNdk74?PRR
zbZTij7+|7R+65pNpGkmC{td?N?4ITRQWJ-WF!f?%UT*Gawj<^IcbPE?SITyHt+Lju
zMvUJTSz>!lTZ6l2IT8aO5B@$SEttPh+MV879J9bYApGSflv6w#g@pTf9!O(#tNrP>
zkFut_)0}<c+DI6QBL|1t+2KrdT%0-`eJrCU<NkY&qc<)4Ruj2z0LEi{P&46$xaZ-#
zA{PK+mS{92S5{SB4(Ne{00q)dyjQb&nPv#6MA?qz?+n46=1lG#p*7vF{iQhI0FyfL
z@s*OX_2tGTBorJ@qS_sDyx2t_==(B*7mkRQj|9ti^mdYZRO(wyw5Fiyt%0J_LXk2t
z{wHHJPA;zC>h5leiv=rg6AIV8mq|V^{&+6LBW395T-=|NQ*$+DR0;u2msrmquJeJ`
z^msqt|80?!8^PMZyc@|lbjC?P{>Or>6$R|lqC{Kq5`ht4=XX&dXJ&|}_2j$Y;IQ0_
z!MNS?Zm_Ayra^u?m;-3wbak=ni~1`mDWDRhc(}Q}{9UPoa<-&zaA`>su{k+8+2roZ
zB04r!37fgg*J}*!V7(_1ENL~DL#3a!<KMs{IGas^{B}E4by{;-2=zKIfCvzuqrw5H
zeYv}OC}Gi3@7fSbO$Q3p6--QM0CgmU`ACx2aIeWm0Yb|1E<XJk{j#gSL&|U&t0$FV
z17vS)1X20Wz`&pyh_j%3y~MM}bCcrdbLt;}QNceAd(SPm;_;C0@$h4;qV4H1X{icS
zT_T;y@z1U39~<iT4=@cc%yCCDLiPR3|Fub3z-?YG&Cgqyx{{vwv`ZXwZf<Q!k!w3e
z2nu$ZN^Kg10Pnr6^yA~>6P(2&AP@s$y$pX8ezp(X<G@mTC(w>>S^V(Qw||6RcCKmj
zJm{Oed_$6oNa_n4+iNTw;b1Uw!pEyuIojem<B=E!s)gK(^XX}xXwFlolvY;6Hg-0d
zZiY-upldG8rbMackV1ANBO}w%awduG&z#CtyW*6^$3F~#4cPGQC+bhDWj>!3VZ%iv
zS1-eXmZx=8(wU;6_!Y-}^7x$Vs_Cy_qLAJJMLZX0nSip;ueP?d{J6IKa$U}12NMFg
z<fr+37039xIu5Bs9)BMnET29_I_2@{lBAL*1!LZSpPImOiud-?cv1UvXVh?)G5BAn
zU=s;&965}s#z+gU!h6RJ*yX#_)rx3MF`TT!xw*OTr34+1PMOWIIt=X=X5?q@&K&b?
z?^CBT(841MAUNJSovf11SDR#s7X~+Zcz8_am?@j~X_)y<p<pV30Qbpox~g`fLa&!r
zALy5hbb0&~h`3T~LASNNJ-+1Vm^(YGa&~cn6^kq=BqVZQpg?5;a4E3|R$(+o*=;sa
zI{Xb>T)5oNhiAxAOm6`iIqu>7WfG$DL)Nt6HvR_?D7>EgmoLH-=4Dat)S~iWk(ejj
zImC4cvNv5qAR;27@Xk!nM3u(CP`}bYj6tozG}i3E$u!n?V*p9zEVL#o3)7z?&~OFi
z(KO|g?HM&Tj&U7Hhltu(s9yhIQJ5N$^N({wyc8LpVLx>a{a-hmw`5raa+<{5nbm3^
zxT*EduNM=dxF9im5HVqN+_)uOoK9(Ce#!1`5$1tXep2B0=KnN%X(F3(t^tRJRg4DP
z_r(%E7pQw(M}q}@g-@&b+K%Qu<K^v}Z?)o)+0fsQYYeS6S%<179o9`YT0g4q_r*__
z0(wbfyG%eLp=mu+H<8tZ%)rnvUWwYq_dne=ubAfzGWMQuegHk|_MhuOb^}-kEj@Il
zTgXXlU_DB{*|r-$C5Jt3@yB$)Z~Z=WUnCWwEQQ$oDXPJC2Z<FJ`!N(b;O`#LYaq*b
zyF-4#VY3fC@#7kUh1_JVg}RHks%VrC{gm*tgSO&v7s_|@z18%i{oZ)YGb6KOx>!{R
zfQ53o><79(KxWFa5Qv<9)l;N>qin>#?f6o2fA$>^nYaLuTW}`;Dn<c9C^T1!g8*^i
zcn<(|(AUmn0I_DjkCN(15)u;e=@u;Rr`<cu4fA<S4~lf3M|^=JFe=s4!%wMnQFFxm
zC4w;^x%^E<WsEG6W~0F9{FkIZaDFNwRR(IJqJo0WX9G1fmxNu#<7Ef7t~?B2%YKzZ
zu?W?)H`j2gnOPVoq}X?wA(J_yP;|-ry${05M$&|&9$|x_;HK<f2V9r|h6V<KZui_A
zpXfCLMQ<0Sc<d$fC_s*=GNyzJ8dwPtsiJ!(G?h+GPk!ZJnc&-hAIbRB!o2plN7@I{
zeP0l~m1F9ErN2T1mTw}v`z!x|05AkHbZs;`R~5uID!5PpyVGV7vURdHBERE$gr1_>
zX8Hc%Vgj{xjOhaQZ+?Er2f$0EzvQfrSQ2Famse!=d;nUZk(~IzgR-{WEP|Tp6<06!
zsM6#oEv%K1Y+HIn6rFExC({L9ZW|7(e_Srt;eA+ndPu`R21@@Y0HtcdqoX6TdtmC;
z-<ZkBfRGJw*np@|<c8SuUZBcoM1ETl`@6L_#>fa{_|G3*6GG$R#N&eAmTP(Q2^F1g
zqqEJg7XXun=6o<kwaSnMtcT3h2c)cbkK3Mb<O;XUkegW-l1HHZC7})VjR0%vGRETZ
z;aXGjGn<$a1s~h_{(^Rm;Kiri@f?8BvA<6%kBfy<&YsHx7T3ah_l}xA_B2o^;O$sf
zkd-p^*z9SsEE?<u+4lmD=~IS<;M*Yvotzwvbf0@3(@9pXivngKGlx@>Fa>ASm}(ot
zn9QBklP;~P9UN>z*5O1b)5$?a*<&6%s&-(c-Jd=Q{;I3}c=~+>sq$#h1eb>8Au>e%
zF2oXx&QE_4ezRaBU=mK>6zTBf1#sf0`}$t>uQb{dH14D_lGza0?rrzc?=M-4nVAmJ
z8#dP0mz&vAKDd78$J9KY)M`H*Jvl)%?etralN&ooR0&6p&uIhq<L)gsR9yg2rLxJ_
zeAOx^!?CKQAE2E>%>d1^FDiXQe_F*oA5XcPEZ<M6Jxz3`k!llbH`;6=GpN^Q3*sNS
zG|Hs4lDY9i5I_<$hWYIqr=&8nUw#Bu)*Bm!R!c8&t>5iXW7eBl(i9X_Z{H~<{${s6
z*xLWRq#OTfcEz9U0jo`5yew`!=t2;>B}o($YvwWqz5C1p2rz93Dx(Y<5C4W>5pRo^
zKwM?3WKjnUbiOKs_ww`_>}t{_8Pa$@vbE9o&U8i`<sVB+`7Y+`q$lOyUBr-arN{|C
z<zQE=L^J0=cRGh5vc~U?1_nSm#9`a=gD#fEgs7$%2ck1)2~z_Hy3n;*`vHb=x%R{L
z#43-KiBT|_o8}znm*_+V@g!-Dyv8GG*3zPm@x}EPW#bvuLmbx5j{PxLmSx<w^BYd?
z$6=01g2D~N9Z$}8t~^gA?)QUYWo~8eciemaxMD$GQB*SH$#cPRP6G<xQUA7p4#3Z6
z-{j8d6&wC8!#|J3_yDiw)}%aE2n{?VKIsXwOYQW}zCjFlt;2=7y#A;>#IQW+6b!-Q
zkk|eMuUqT6-Jz~n7#JP&S6EecQM<ciS>oHop3Ppmy1KJIR(OZArzi|6<)86pvcypF
z`P@F;LZL`;p+Kh&og-9il%_&h`qZ_PHK8HhY24`O=<Ff>Uk&-rfQU*r6X>oJmH%7M
z>3c>J^=e}#ARd;ZRX2anY2(MNRpTb*J>vtPhF15ZyAIe~NAGXXW0cB|bgY8I-``cD
zC0nn}%~t49GcZW0mR39{;-v3{6@E6mK3Zb6-M$-0e$Qo>9;byrTn`N{2Sg@D3l+Ce
zhI2#mDlrb;3Af8z6(`l1iY=PX_@4)LFk}|?iO01MCLjr{C$5k}J^4;QY%SMod5f5z
zD@lG_7vGDMr{1Vszn8`Kc+Y=driA`Q|J&=^8~Ac&+jwxV0``C+13Bj&y){H<b^z(~
zZ1#7Uw_CP?_Tk{PS8ws@eSnZi0BEg(eN^&o;^YDFN5|Gh(o9}~pZolbgR^>MH7PB}
zYpvx@^U~-?T|CY&nje>2?x;oj<_B)vXBfAoZ;O!Ss&<Abjw~7I=#qL`PEGxtjvP)o
z4W}Zl)Y+|ar;3!7zL39sjqN0v%B+Yuum4!cCzHk}Rb}`mpEg0@bdjQ}RUQ3~H+E!E
zJjoUO#vvz;3tl!o4m_O+TB6QKXw#Q9)Dnr9&Q2AWr0?=AWnr3$7=)js5kIx@G8N#l
zd@PmZN>MGwr@xXK9zj7W+7Pz7ex31IW(Rre+)LBQYIMg_bBgvXahfU~AE8l!9n<L{
zC0Wc}&z&~fx}-eXu;Nj>UP+BK41p(7Hh{=%jY>GQ5NRO3&>YeanFLA883Jb%5Mzx?
zWc3CfEOy`CJMV+=^J9w|!_V82f3l@MZIy6Xj?DLJtC!t6t~cKj2SdKPKn)U4rkyPM
z(O&&6karOJ%=kim-`2PZ577<_juo-1mpV0zNN*&i9Nizm75Oy{-n_OY964~D*aIg?
zDUs=&*rE^a%4%kXrRD<hq3N!U6u6mQZk5e^Hj34FltjQ0P^kvgtOqB7wuRSAlK^h2
z!w{@q6UhkEfYKd7E*4z9Scu?=o8NHizdV*D1`as)e0spe1WVz5{RXe1k$ibJs28&}
zz+Aso{`7E6r&ANmKkErp2^&P;0DWJn-w@r`&#u&;8c|-UWrrv;XalDi5U-2{q6fpT
zlZ(A&sf)slcHaDRZVq#s5kQ0y0CarHDQi=r7fu@2R;}erd${AzJb;i=1}5G7=|Y}U
ztFx3+nDwcSio(pv*3f5U)|Sm>a^Q)9|K9r@Hr7S&Jq}U724OBU9cys6lRKOi(U6F4
z)&e6&1ANJPW+pOEc1+0u-QJM=3_LoqJSf>mXdk_<*?xW36Z`DMEB)6;<Pu!c;&npq
zYHfzlmn`QK9~iwgmKGCg(g^I1E|6-R2+;&)v*Y1c(;v)bHCJ~sA(fR$cF@VMI-xA|
z^wDJG1k@~ys%H!jwdcxPOe;Y_Cc>b$GyJOgJ&KM7^?ER_f?r@GaIS7{WTEB#h?wam
zc2AF0-cCEY63)RMBH*y0;k<=i(zVp+jJF^1df{o1DuTkF<@q?5$Ft2{LvynJupK+N
z*`q1i#9Wl>w&BAvd^p*UIh47FoA{gZJxJ@G;_lIQs_3<4$;Ej$%B6UbRc7PS+Y6JY
zA2!yyhIzBGon0zaEXW06N#xzHnoz($c<!-KTpe9S;Ul84j89qJ2KyK?I^&T0g52xs
zkbt<T*vaXvhAgq1DaF$CT?aFpXL%i_)Zu$U4<cmincvlJTv4jRM5SSNMt)TA&U8Id
z;AWiTmVu<q+OOWYsPr^V-NNQMb|FYppTcX4AC@hp$sQ8u{8<gmx*vPt0JTFt9dYZK
zxdSpKPg3V9=z^F_L{U^$W$OT(7VpvFR~a6rZ`n(ygP;SBTX}=l0f!%taT846Rt=DL
zJe?t-3sqOAGgFXTVmC<-kJjj<Br(0-knxz;Ykv<Wae>@Zc@AGdEm+_)mB44;7uV@0
zM~MDkbOvy#X3rTz5w!64EFON9o$`z`$lKX2{n1}b>7Tv}dGz)wc#b(IZHgKA=>b$Q
z?yD`J&z%Wm#*iw|5c<0XQE(YCaB2!+xjpXHyEJiZW`cpVRq~IbY=)6I?MGsNe}5#1
zMwVFHhsb>7at|F86=L^`jN0Ok%6D~Ny6f;*mi2Jzu4pHQ)1F|g&B$|daxUi0%9yX^
zcA~8dw~COPmtD+Yt$)u;)voeb%r{kgwl($%<Ba+>RIjT8A=K99W}v$Qln#0HJlvez
zv8ea%en#8VWSG--n_m3O7c}eSqG}IAAT}z2^L9Zmk0me@g4d!7e~*FF&PpoG0k9UR
zp}zoF_~WPOj(ssxY^(lzolA1+kDo$RU(#nP6q`>mkWl;W`_sWuHx`2na_f5Cfdo+2
z+qd&ZZQHO<gxff`LkSZDUB0hSb*5`vz<P|$iChMi%wfl`@tC8J4(Am7fc{3IN~Jf_
zcq0r2Ap{($f^#*=+DScaoMD>hEHS5UJAj)1sQdK_sH48-4?J;^_Dq_q#|Qg^S-CE&
zrAmL*R1MOrt+aV8r+)Unk$(lzD;znjHhzuu8o5l@MiwZ|_23SH5-g=I2db^{JkMB^
z1vj8?+||QnUqA!i=E6<dM7*rTQgBS+X9zW>!|;l|KQhogv}V7ab97S+(DchfD<7Uq
zkbcT31P1^IfF{pdlM*y^4@Z(D559;ZLNZ4qgv3d@czkG65Q4=>nRLcI#wCJfA#B-8
z8t03#V^wj-=;kLDsJ~ph#o%|VibpfGQ~U`|FD`c3KypvM2%(ktviA;~p@A3nIQRO#
zw3tpyj!!QSG+ZP<Xg1iuTP!q+7#3Y%0^Sc1Fg;tG*se9!k7l*MNA=8zJvARvSWS>c
zSc(R_MY<0RVt4E*gg*T({-1?^PL(hK`6FG~(XUNZqZR)Ap$Ej|pWIp>=?^(I9(jg|
z)>wn{C6?xY2A3W$dM03ilrG-tDQghE&(|5D7Jr}%4Yrv~^Pk5?u&b2^&I~ORGJ+7l
z=ahd|p1l;f$w`P|%m>$M2C%J84RZKXP14aXl9Ku;oksCfrM}fhBSh$>w?+W}77Lev
zN`u1&Ow`EE*ikr0KLmIMG4)dntp&*C)5W)`4Q5bLKeI<5jOT6vx*w9MOo^)q3&Xhs
z-V%TW2~x?VW^*jdW=GsA4k}|i0aZh3x_Wy4#*iSYpM9Gy?up~tEwuG1UuxxI;%e_Z
z1Nb{}V2H8hG)Q{=ZERQ!c?`7N@TJ?;EQ>?2ou)2N$#IpH8)H)_G^$K6ot#~q6(pk!
zVYSBRChRt#Y;3>Yz73nq#;Y3L+85=Vsie7e%VbVf&oskd5m(8kqoqevYG34SpwUJc
z&|@Sk+tJ7=np2M6JG4gtB8NU8a$xyv@2#EWPeny#l*r=PTK+RKE>1>Iv@Kt0)UR$O
z1Bkw=Y_DHo+O|-Z9u^`sI=03Ad`m#-Q*XAK(sm>pYB+OERlsdKJXH73#Lm>Z=A7e~
zrAB1B?;Mtk>6w{=HBPR$PL~IBVAT^F1-(oN$!!Pxy3&{7h8pmXJVb3=odmPN0u9<x
zw9mX_Jpo5;hq^!3jwGQQZr*B_g|G}3u=#J_ESi|_e2*}~!~AaX4gLG+XNB{&F*Yw%
z<nv7WZC&dFXf-lU$Gl(D1c4^@<;Vkr@1vAlnkQh{%AQ|x205@|K?YRE;Pc!J3oO`5
zna81Q-mm))Y0lb+BDW24TGn_i_3SaKFj1V?X`S!*-8EPXk(-r@Riqc{EEGXsdeQ$p
z*?hbL2wy$NPiJEaE3QW4`lhoVU%`Ux=|92#2P#~y0AxUC)l!8P_C97TI0&~VsJf@|
zQhLL>V~w1beuNphkqMKfsd{ZyI^5mu4-{?*Nr#0EDRhX4w>rsT4R<coS@kN(6fS=|
zS4;s^KcppxSbqg2H1lc-lQ!H^RJ*uh#F!+Wa<n3!>6?iHkym>8sBG<@O>yPQ(vKkY
zyE&IKc;x<f;j>~%^56CNX`7Y4h_!NCM)%Q?ktNro{cQ6}iHQ+ux;`)<`f)~^^NvU>
z4M^BXlKv)*PD_(9O0bU35(`&MM2M&ndxjIr;A<3EG*|^!4JL<*-dN*W<>w$b1Hb^H
zBN%{wv7HQ!j4<oAE6nHQYd#(EF@5+T%urnU(sHlJ^C>_CLlc(X;<gRCZ-)H#Ee>v3
zUaE`y2j}esqrC_*BJ?|nSo#dW8!j-IQfxIp7r7GJ?ZzEk!Y?$KwkA2>4=hD1o?k(Z
zh=J>K0azF&lhl{+PE+RBED|)J=JdcFC8AgcI>!=|A*aIFQ1?zmmBG*&CRosO8WV`M
zU-bVONT1yNFiv@5qtAh7ja1_AS{oUu+xX+?HTEW*hcOoym)t`i_1Pr~+EzAYTHZmi
z4TN7{2&zn7^_bJRq_1@4lwc##7A=SuH?f(a=>a5`-#Ppk<$F+sC*ps&AurKxs}<}x
zwUW}01!3dR_J%nJHMG#y*<AGJf#W6gWw=HxZ*pZk>jam74h0Wz4<#b6Jl=1hLidZF
z6eK2^9JTRToyrj<^h$MRN>zoP9<IyO5(nNMXs#;a5l94@5p9cOx>7H<t5@=a+0(vx
z{vv@_>mFj;ouE^ot^e^F@al<qzG>STKne(<+i5l^$~>c!_h8~85PgVs-7gl$Xl?Be
zO`kzj(CoI%$2VeSV}-u^s2<tvMd_QAyj8R!h6*0Fg*&1fO>`dTrjVznH^nkqrP5uR
zpQM)~GXRbVmze8lzO=x)tTu{P4|4O5M}7eyIf7A)%b@n<>EKTNt*=(vwB_$X{9f&u
z_Rp(1;MX1hiJu-sJjb%JKrH)7bhpYKeRqM$@747;?Fp3z-URmJuN)|W_4O+FXE!8;
z%4Mn4RukI{)eeU)6(cheMy>psWiEhZya1hY$uwOFO_170(utH|?2%S|PEX?D>`tT7
z0ih^9*X0FY=*6K_D_<~fpn(qHom4~b*s9HDh?(=R_!YY}E17^cgKlp7m6vO{`ErsW
z^nz|@mr#3%=lA7OS{IM?jy3_`SF$@z+)NwPe@t)xB!A78;aAVDB}$Kdfl%`dT9}o<
z)O=%t(?WB?<GD1ISnMV+Er10fo%U0uWp58-QuFX=s4PXU-AA>d^SMJ=4MuUb-Do^C
zevn2Lx(XY>hNe_jGP^`I*smus!o-T=SU)S6$&M^oW^Iq8$#6S9ilgATbu8~%Qb!Lw
zi}v_~BTLT=k|riV6ICO8MI~G*I?QEE4^yi7v52ZNYHIkQ?=lwNBh@W;mpGjs0+l<u
z{71Bm+XT$1YKcB1yh#6C0gqX-YTN5d)$)wV6SODm`OoRY{P^51_mcCHauRKodz<SM
zjOhlaca8-vXS)KmH=a?%!POPR>PTj88k6=k6sjta_0uDwR4gJqspciO2}3+d;n{v-
zz*~Cx=IuOHb74E=ZmP)Sd^;2y<1OK*c-?r2K&yM@DtV3B&U&{tGm3m^hY!%0Uc?&(
z*Hqj(o*jkB+gpIud7x?Yu;i1r^ZU6uWf~TiC}!sIJ?g4Ymm~alPUX{YU_m7+rmVkO
zoW3}+pP<Dy-}9yf@`7b8?UzytMB)QJO;i4ege`&i8?f3)6*8wS77Q*DdOWK5eOmN@
za=F*YEDdB8+_vFkNfR-Kb@<FA3<Xn;q{M60Yx?P0TJj|bNn9173}v^|C8@q}HPIAd
zvaXU<PP8kt^iC>%l2zjyhSp?ue^o@$1#pFqTdNhIK?$MfEpNsxl6M>>I^ln&vS(TT
z<)t_mk2(TPsJ7OGZR0N)tx)}IXy-N-eK1_2R8I%!Mn4`hV(y;y&*%}k9-!~fZxOLY
zgcY_AuB@bK>8_^@)V_K{);&K6sEV0P?X$&DuyOtg<&7ekqzhium;$hY?wo2<bqwqZ
zTw1BQM!P-9&Yygw(9Rj7sCY-;WHU}I%n4bQ+I2H&ZO;dWhs(MnqmkT6D_Jdub;bm3
z?Fd}rl{jr8skKW8=J9bin5JXl)iEfI*zL~p78wdOm+5M~KkxeWd$Prq!`f+0u+oW<
z7<<YK_T@{F*}1A6<3|KyrV)JXw3Gqn6V>zQEd91w=@O8G@@XGT$5TmKXIz$*z;!C<
zFkfn9JB8l>eg(2^9FHX+d?H@=*>-0r=aV6Rr1}dy9;aWX)3n$2NafWAA>rY92`olP
zW_+FxHF2sCH7VPjKbSrd&v}+=lVhd6+@gEV;^ASHB$Rl9dYEutB~onznB0rHN*lHf
zeS(IBVPMUgiqeIPh2o1mK$ob(sH9v1RK;&)@bWD33Qs3v5p<w`1qXU?S`^(Po5b(v
zH3AHnB3{+~$r<*E`_R3_2~e%j9p|VyjvU5@HA!FBCp$ziPk{QV&(2DP-VpQ#Z2*ba
zXm^pNvmi{@iFA`HoC7yU9BZD?7E1sQ6D1<7PJ@9WHdpU_^Aq=0HZajoX7|Po2jYC*
zs&zKM`-ca8`I-?F+(=_cEJIh>Rw4nMR-&-!)u(}xgdV%MnJ)HI#F8dv{uC(9)iug2
zLuznZi(C+(`zdQu+2uRHZ^m(T9LtwjRg}(O*Rt?@QZ|nu)5oa7#~aq#rD3EsR05~X
z{P&o!hUYmZ6rehcZC_2jEU*&uH(-!LOuEh<8#pXT{Ov*<PH>Ii&2B+EPRwT$P1XTH
zL60hIFDmS)C)w}U5t<vk<}kTBXy_2pR&<sOYO8W4sWCn%s|oBhs@yxy!q)ydnW!SR
znml)`@cHwL6dwCv90sW1?KrdJ+|7IuNWsnyD}~EGaeFAGEXxlcxm0+uTRpw39b#R(
z>~Y+(<nJ8?YQ0YzZ^<kx1BK%82G<+YQBcI>N-}Wtb+lMWrLo79WO0rwQSPgkknJ}`
zHJrO`C*=8mKRF+1%XS|sp<o{*1z^Cbxy*NlNTqUFJ?2NkEa4^so4vw*_OtWFcZc>1
zg0(+g$**6rv_=eTO^;+}XP-yMJN^8V%ByZM?DG%SkFv#IA%Nm4Haa?KvBTk#y7d?!
z8!a~Geof;i%>Qsf?hfb<`rIa2wSK)`oDew}N#Tx5Xup>_FnctaDSe;v$y(5PZ0ocU
zP9@QK>(mDxCBD1#-L?d0z~lWn>U8Rz$YitgIiRuRFrYsmqq!AMz#%<3jOlT`#H?1K
z>(3m%XfmE1RCy0LS>soS3&PPf4>1Oi^Md&vt2j3aw+zt*N(OgqTwE5%n1`vzcPy!<
z@T=`4u+uhr7RBunn4$)-poHnM{-BnMwLi<RsM7=U->r9)$zRp}2JnDD^?hK$VTMnE
z19fp)EXOK@?z;0rqS7wO@MS-L4=hJ?*xr=GGj~h_4EZNO@{)14MdGQSDjA@+IGvYC
z;rfbTU$1>}b(LEyxr+^8&KVh`2X8XIpIv-I<Z)h(jFeC0Hj1qmSnai`a`c|5-eZZ6
zZ#A{X-m%{uB~`1q=MMU_DWh!IX!hr22G)8>{?l0~#(Z3|*bK^GTaj;bO1`6lKa!mU
zj+3UY#fmjlG)Gc88+WYX0HcOAR`++2*^K4ICIGwD9?n+ywyM_(m!vel1yUqY-t7`i
z@Vz#I*w=vnQrr4OSNjE>`N=nYPRLx_;mI*Y%iSQPR3GsloQwYejd8t7wm7RbUn6sw
z#KFP3YnV*$!r53mWalkEh=u;HQ<#_gx+moVnIN~L$WvjEUh%!orQ`WvK6^s`Pz!Nf
z@72-C&<|{fwCpLUrhbGTuaZJ9Cj6mF7T>t6WQ_2gtXMH|I7j0kGDSe>|3oRN?*LYM
zvPrc`m~zvr9UYZTJWcKB>kYX!VzQFonF`*UEFkA)xu>C}rcMX?Ldbzxdc6q<tkS57
z2R=osI$IlJIC56lvoRWP=$2ZwX^OW!o#v^v46m>6PAT^y`%)9T-y^Z~WvYN6i?^08
z&;lL16cbS`cd50n5^NiEWg$6!+o!tH44S5`I|GIGyHzVW;Es;jQcdic%gcVNKde%E
zdU#?~T-NvT0^L1qU?a0+1H1jrufAt{;`C+5jq9Oru1_yB_*(Ad0YqW;yyit#aDxjQ
z*x`6tO1;(+N9jC-R#=RZ@x*5JX&qB-X*{AQ*LMrGaX;}zE!=UpoE|kTSK>1naRe8n
zyFastf1FBz+-x}Hl!k$U;RmU{UP%+UyDlnnY)ESJeu<6KI9;MHrtN;o|NAhE`zXCY
zVFf$3T3$iH|4xLlU4Dtk<3=a<wTDuC#OBtY<lEN3X^M9F;iAT}`B#>61A~L$f-fv8
zbDfG&G}rbqE14n^+lDrc#^-<xu-_#}>N;}V2M1){A4ws(*DM}wChi&YW<pP_CUkFa
zuY<u*UOrOoPu}eMiWkgF;aLHI=kea~w}fR+Sl&>$Oea#`u}-J$wE0^gfsq&XUN={p
zF41gCY?Z=wTeDY8<$k@F2KNsOd_5F(tsIJu^^TB|-q(62be`Q3oxWPj?+3)`A{}}i
zReMp3|4JuHSO2%b-D?iT)e7U&xXm67*0Z`4!;!>{77TL1hRc?w<JKgXtNrdpt{Gek
zpv5aA^k)N((vo3CUB8d7@815D*#*=LR3sYo(8Rq$?jdvH%aFuTWp+M*Y@+YQ1|)#n
z1+OwHWi)XnX$KWlH2^g0Lg^YUVw1#{>61Db{JT&COB@&M+--2NxIc+Jb;~qyi9)Ox
z;%UH$A36-u{P1YY6wWsrqnPnn2s=b^!sSxnWq2Ul_UE+mIK(bb`3MPTIDbe)Z=*-b
zxMKlRq!C~SjNLoic6lgz0!tIKvgf?5`LgFw_3p+DQj?ZOJe>5D@uRJM1wZ-f=-YqG
z_m@7Y4nF7m-`PzbA%-}83g)VLjqxx|d9se)l<;mB{N^iJXoe?|%PtIM{;Y)CL!{MD
z<YquhL{KR09a*vCa3XJ>56Qsj)wh^dGeFdyu)vAtTT(lChd(M=sO|livO?;t^<zWW
zvNb?EB2D|VUQZ&RyW6daB-0huRK`tV$t@Fitv$Ug$`aHB6d9L0T<$C4KTQj>hd~?e
z%;zfMYg)6gHTwrL(>&%?GE&Og9+9oBXZeR*W^@g^i`dy2kMM79(Bv-nu?G{z;^(oQ
zTligxZf|aWky=E!uc`&s^|tBYgaDv-Y=<RoN9g%$f~)LtL1oJGWV?$#bS_W6AVy8`
zEc&a54h9Eo9GqZ60N(D%RDNN*gNLIOo|%=E&p8naR}pu8+r!|-pxNkm(-_uJ>$Gig
zh;s*k^-GQ0x~5fIuRR^$8k!o$BCXm=v8{0t%z|Lcs8ZjF1M;8s@2;z>S#{9OMpAi)
zG_=W0$1>sVcV{Db;uH8R?Tz*)X)XZln|22g7qbS4+6j#e4VkfTDY=H|CE(!UE1DS!
z)axua*D}f%D;y5hwh>e-(u*X#a_Cj`0zgnkjru@$yaqZwAUu->5cr5Q75lu(vlUmX
zS3u>b_=ge0?N=NY^Is4WB3n!*C?|8J)YnU2-}Y$A08K7Y%qwmSKW%%49F|qS;C1}A
z(C67_VZi7DFe^yZ2~jZ_%WrfWe0_aSVtB0Ag}I#1{3`VodK6R<9bS`tXW*CyoGuNG
zC2DppYw0vzcb~I!S~WqF4h_o2h6V*_4%R?@a&8oMT2`nYX1uGYW6E@$+rvwmOaURe
zSGWLqT+xzA6i0)fIr#pi4^8;P>L<rsx6(l;*V|`a#Q18udrwkh`_pnr!U4WQ_&5-P
z`PKE9m38@zDwQ0iSAgg&E5ljV26*1A4RkqD%1KI+J4~pFgF;;*f+VI^Y#>j4Sr_du
zQG;=c^`|-NEG7;cr4?6CJ+(aqT(1t;^S7*Il0SI7v^LWt7vnLL)zZTRxFugsH49`O
zF{#2P!nA84QQyi~QM+d{emhbxntIf7M?Lar%aUpbygFj7ty=$C%8a7Lvte5VlGmz$
zx^h(fE@jP8&Zl-fj3}z!{spZOLGB6}=5Mh=WJCUub*>EFJq-QH|B+d7wPtngBeE{e
zX#HiCvS<AVXaRJm^^+C;yr@oLE3<c8Q4yVc?T-p4bnmB9qNiLBRODw=qSo*HDU4f<
z?pXEap(}zsV30uNjq5bu<NU8h=N(PfGk;tWthVd>i>UA#3ZZv@PvO4#S8!zbeN?WA
zY?NfuH#aPhO04$iH-{!{S<;Yt|0F1E%zqF&tpX2uNY;BM<T@9r4B3tMbYcVtPc21Y
z@1@&fzGvN+3Z;IQeGDh-V+M#LrGk>Qh#u@K#r%kP^(OogVRoiB1k6_GMkd?z4_eWa
z)S{4#!g>kHQQ9-+ta|XwIiOr8yTaEp$93;nZ8zs=XLNUkH9`H;E&kPqy$*OThlBcY
zgDi7p#k9qkt>%WR?!hJgr{;)h7RV2_majU|rY%1ai@u#Fn6<HB3cMj={)Uw&qyFu#
z+~$@U+9|0^<?PO(+{R^pAPj20iKISifArkVOY>x%pCWTSylH<xl~1ZY6m|yVx{Efw
z(J&jE0@WMqZ(rRQ9wDWpeCm)QKcP5}8+1>UPQG#Q@0OSlXB-*E4X8&8qN7do)N1nw
zczsVk`!mWaO4OjQ?p8n*>_tBn$|P*ViRpTm<7_6-qOg7&rcUsq!GL}ael;^ptf7{3
zF|EtGZdKhZ?8WIuuR-;^k--)MGyHyZzXEll=7qfl0LcttZ|Tkt75n8|_FO5~ymr63
zG$Gf%-_GPbGL^Swao}Ma{9WMzSG?7uM(mAyZ0$B!+tFpFv~3_R@m0xp^=PeMSbbPz
zwt<BzVOQMxjl6{29m!v)3J03l4yKI!QE0G<W<q-Lo`t|%&ZK^0WX2<o9~ew$Es&6v
zMUEMj!z`yNGWc<Rzqb41Gx~xIpf7a=DEH)|tzR6M?Bjk!LHm8e6HadVYl45ib&ssa
z_7gTc_?H#{L#u_3?$H~9>4I(<r@Qy34!sNx?ttGdasYLcWYC&|or&lS*y}{yDe4}C
zI<Ep<MAM1ci<Nt9>AoLJCo#eq^ZcN!Vt3gNY3#Q$(5<yyaYr4^3g@Ntad^6=dN}s{
z*%EWnQ-3-c(jw4Nhq^tY$1yC{)mj4N`1_(n7qO`uuMhcEtGB*s`IojXQ+UmbIt85+
z!f6$uYUNytO~Gq`>`t;6ne2r<EXbG@z2lf}18Pn)JgoV;h|^oD_AoGA3X<GC>z&`b
zd|VcrY&-bO{*V}7HZ7(AuZ8JSj!V#i1!8T!9yH)`XwXRSOFbXGyY`oTsm&p01bF?a
zUi=}*NJ!`)rJ*ElF{!SyY2%oe$xmA!P4Dh^K(%fcr+J&}>-6}FnA3U1{~(<lb5gn-
z_GvM%FXV<2m<;0|GC~Gz|6imN^CW<sUj-!UYI*T@Q(7?IaTGJLS?v}bv@&|*%KW%k
zWJ_$i2w^U%;Qoo&>|%E;D)jR;&UBOEpG1b@%XjK!e78`CLYcMS!8`suEx=d8CHnia
zhMT0c7uI460mfwC%19a>-q-I$q&|M6A>ngX@d|nN{Ge@%QO60&qe$l|VJ$-($5XCU
z1Fa%1hi35A<0XfPUx0#>Q@8z{#e!#sVo__HRN<NJ&BQ^&<5CJ-o+G6ch2>2)C5NI8
z7Owp1uspr9Nv%|zB9r?BUZ<kgN@#x(!$`9;aj?<girYChKzRYzes~pdxoZvLeYjv5
z`t+Hr<+P{h)y_;T3=U8qFwPF5X9pTd{vT3&iVAmOP71Hf1<7Oj)5Ts?M@t%C%#Wh?
zFA?5mzkSbzd>v5eTo3OJNH2*L{R+(6U}XJ?O3X;FeG8?f|J-*!Q>v+lo7r+PmzOp`
zatieJG0H9WkT@vQXz+<;D592^A8daMy@ZHmiPC(_Ga5<F0g^OD3Bt}Ainkj1mmgSU
zW&x%N^7@yfw-G3L4oCNjs;T>7qz@LO=`g3YyG_`*anzcEXY9a}d{a3nR1mA69vEC(
zXR$P~=#RA8100rdwQ7KASo0Z9N&J~R(~u5UAB#*Pz>NDTCJOEZk{ca`u_1JQBbXg;
zJqZ8Mo8B@Fs<~}s7SS8FMuFLRcw1=53P~H7A)5Ck;Ee#(KzQQ_*^Th3Di%z`8Z4zR
zmKtrMUybaa>bHHE7zsBFY>K`sSCz`*o$CxkHl~~EYd#V=UR_wPA6C!2`4_y@J_+w(
zS$hqzsRKK#G};7`>dbXLHf3bLe@A1p9QRY*JYf7|#8{rnZG>aH<s@E03JN8nD=pyp
z^<;SyuByT5ctjs`?2{|yuPCFf-Tm?xAXpOtG%G2JO;f+Y=QS)wvps_>0<zJw1YgDa
z7Z#F$mZ#!x2x$E_X=rdwDudN^YXmKcyLx)Y>N$GB$NZM)Ax$ZgQc`jfE{RJg=Nu~4
z7D55MBF{o{a`%oyYn=gIZ^|WIeS!wr;D0dx!RIHq;hHGEg9PR7u;79rVVk3mVEE`%
zb<s=r<h?N*zR3)M+s;H_Cotf!8Vm2W-F-pltL@X+<s=v0V;`g)iY#F@ZZ_00H3e&b
zzFr6m(mSim-x0@bq@(vU*oqrJ^DG-L2+=*ew#lp~QN|w~2v439ieq+Qz`NGN*KEwt
zYAXQLo~2rL_Z(n+bS&lYO7zL<x`uSm>}<0ihux{yYHz?)`QocNw6cv|9>-EiSBy!X
z{+Z^Q&n|jY!QuH6qXURdx9f|6uTnXJ@-v`Cq}&@;6W&G{1)%>Z5KWE6Gyw36T2A<U
z-}H{)@5lLHxz2)TM!)%}BOq@&qNU+xYh0{mM2G2g>Sr69lC5VnrS0>L?sND{Avmq$
zk@!D;?|)x_s+KQR+0>7bQLnOFQ#z(xWE0xKREy2r{zxs8+Kta2_f^)$lNe6wrBkrM
zwOw&*`c_Z$?Nws^#>{BI`m3&pEQQ<oMAHbM8JZPWH{X0TEJ0CO(4d|F4Dw!|V{bv<
z=OTl|hbAW`|F;!!IaaYt*?xZ89ri?Jdgt3E)rKWdl-WwlsgdOt*YS3kVB8Fj`;#oC
z>(Iiz;g&LqcR6&6i<b}uEk%n0TCFrLS_$&9<Cq+#57I7?8-nzVeayW*+M?SXOs#;L
zbQhsWCGNq-tP9L@d7AhVZlG##-M!!@DwnOyi^1at``VAB85Ax3IPcALlUR({ZINvH
z(w{fKIgw2G+q*j^Tz}^d^R&XdwnAjcd`(i{Ag-5!f`aOUShP}8;ea~9soPpTz#{z?
zmryq}GLnZ$C5?vbwAZ9KwF1aeP0Us_`Wq)+Vqs&CWrg!);tatXxUD6HBV9x804E_(
zrbd|St>k-|_uXVFz5um&8nN`UbGu}|0I8YQY&3}c3Hg*nrn6*=HAsTQ2p87?hp{|T
zm+43}0;RTEbu$ugU+iODaNPq-8lSaaaJ-0sCIPOOFh`gI)OR|T@z#xOOQUFx1Esnq
zi@g)5_8LV%IIJ24mb2D=ySHzF%u4G#UHy9~07i^g=By}v>0F{~J==#!emGJkm1ZL$
zC-*gM=18$LuGr<cPuQWw7Qw~Eo)80QLUAHlxMHD(uqOU{->0Bke7JL-b>=}l-|k)`
zBj*Bpd<K_&^Hj&yZyduV+spl!vr$SuvBfR1CHxq0zjNN~Oe>o4>4ST}^CX`<=~<!V
zs(nj&Nbu~-0FtsZ2*L=cPEqovTA;HLH#`bhZ|CRC&>oku@>&?dFFoNk7W2ivr*^r>
z&G8N)h8HLq)cpQ2jKhtNR9o_S)ZK1{;;Y?dzmG?fDHc=CZ9I&&TiY5A*EOm%oI}pF
zBW2yDw{J&Q44d*KaL3RXV}Yuj8q=zIdRGgS4bWYOfBU_KyvIssU5R>ad7Zp+pRpTI
zukr6nA+IHjUl7k&DB-*%!mIanD6oqZ8%^Zv)XdfQ@L!fsflZ`8?%WvQ^7wT->j~`9
zo$NbXq2lv6kyI@!QWkfn@u%sV$0%-ZK!n3T&V)P;iDd07#Q>m2P|7rua;RHL|Lh@C
zt;c-1PPLQeATOzPxRRTN<Ly~Y$9_!3mg)AnUPnp2SmHjG^A>YPA_r!J$wCOW<7p*j
z>qG1=@yZjB<x;EOwPnh^kGBG~eu|v0HIZ^I9?|P<Ekv9=t-E|*GAj`{!bEq@Xt%k`
zbOmtNh2p}@4N*$P-zh3K&*5i^2{g`U(rJW~T}qRc9lIFilVt#%E0{aqYXiLQF}W*@
z78>>Qo9&As+Y!0Z!%Hn&<YuQPk`rB6Z1ZUWueO-Qr!_HZGUiG(d^aY}gxgWgUcb+G
zg*k3mh5Rr;LIz$Ej%Br0o#w$zU|^o|nP@#el?imJXJdTa(6)5*<}CJryJeQplArDN
zPr7yHh%f45-A<IdPNG^|$8jv`s{`nA(JrSx^h!H<n3&G~KmDVWQyM#Tab=tU$Y%Xg
z-@p*94%YCPz)va|@5S5s5kJ@CLlL1=CqZG4HWxNmuu;~PpQ0b%&1mOjtGnw}t#W?(
zEJc(yAl%}i7s~*&_N4Tsbz=_=#XdscSYMw!JM&wl#jSI>d@dR(HYvdA@<(=uF8BJ)
zZ0V9eE=9%119gFnM!DT1MU*oQBW;~TM=RQa&G+}P(MRL@KP`q1FT|BnOBuMh5*wTe
zzo4T>VEbtSu_I=QdXuQKQqgNi1FP(%m7ye}@0PEZQr^e7uj14>P%fvhV4NFYS<q=~
z9}WVYrl(41#J#6$I^<ofTwk?}GI`;{NAqveP&d#Nn?Bfx@}?E{P2N`~molYJW_^8c
zy1FCIs9|sK%AKSs%uh6|Bgl3bTV9Ca#HORvzI<3xj+R^U)Qm5Ki-5np9LM#MG;YEI
zk`QMVJ=zLBfcF{nXKi&2G!A9Qjj2m2xL+;p31F6}l9rZU&zK3qq%xVvP1~yvBd|$+
z61UUMV;^~PTuCWy?p<iGrDD)L3w7BjT<gQ>Nefp!=5vp)=_A5ITLn>THbj1%SWX$x
z;u<J<WlD|lH|lipzo^sGBA6xcFrA2Y=4&$KcXZ7t`P;?7YM$`;i#}w24~76)gq!oM
z>t)wCA77tcpfn(B1cy<{B6seZKx8t<(gJ&={~Jo#^LLK^Vi##C4;x<aUHh<Zo(gnS
zVtab<80@odKkP=1ZJ8Jri*M#6q!K5Q9j)I!GXUxd27vnXQ`qEO5!**y!n(=r?QL;l
zw;QH&FY9EZqH;Eic|XxM)?nxU({unLGFiSy^+zie>@Y<hReqOa)o5y(t5%U{u@=F$
zCN8hFGKH_#@q0XH-;C(%*Bz6U);9mRNHEZU@M7RY(I(C%IT@LsSnSo|adv*bF&+iq
zFwIG!9E#TB_!q}**fPBUY2C4a>+SV!{rM_Kj)#F_m=pNo#KpgkEw99bm;10V>J+O-
zN7CaIF?{ZuE5ypB8e>#6<0@#+<@*9s%w`H2nsa2l>cv3GzkIwMli40N%EpYUSna5?
z!lk0Qx4}<<KK%~&M}ER>KZ6Fl$@sT#v5Bz&0UHF-WWsemOL}4HeMad@4nek^i;s-#
z5YC1^iIyst@lBO!YuAfP@+9?j<;?pFxNsmNU6Qpkgd@0eM}!ApVq>jfS>mHe6nPX$
zBUjhMmqwV$i)c0{lUzNSdL;Y^Qkffc&fT6lNCsodWtVjXtGHOwY~d&_Aq+Ez@H*(B
zHJC{-hDkJOF($KDH<u1E>;sM5Gq9-6>IfRljzDes%RnQ5luu7@-ZO|mxg@h6e+LjF
zOXO>?^4kw=io=)mOvyhqn7Z6I{BjtYRgRbV?w_QvEaWk)TE42+Xh%~5<qpCBTd{LH
zG9pmBs_yyL0$#|Qavl%H=qlOhDjp7bvRo+#^pkGLbn2P&W0GJ!l6!&fbh+;g0t!4o
zH@81M4$Tco$W4J3AqyVEcG3s_1Kzw@eG3Xrmmb3xiM{{g`z*1B1sFQJy>WoD`cs_P
zL)b@qq>|X8;_b`>`v$)Oq@3MRDk39Lo4o;ulL{zBFf_HeyD(A62fT-i^B$>cj|Wuj
zabe~S=CWp<p8z95p6fgp=w>4p9TTHSs%Z~z*P4g&SBj&}rQ2q{#>^;3u>cv^mb67Z
zKLVM(nu1!9T7fjazUm&g0Z0>*bIn!+Y?;Ae?D)g=$_OhmGTkkYh4oh^Yg9T_$$($B
zykZPZGMdE5-<3}5e~eFcE8;l<WvtNKoivl(Q5~`&pvj%q_fVCSGd;BBcO0oV{TUV#
zhOtrG!zohAszzp}QT)3@yfCJP5BUhstGqY`@M>zWJklRxrJhS&ZoGUAMii?5@F5vv
z8siCeOy2*TG>|fBm|Dr`OqExQkdTtf_<Af^oy$0@sD7-2TAoVu7_xf~RQMS`Hgh^m
zdFpW|{TlVrazC_>NNKZn1yZ6=Xwg$eoECE^1IF#&r*`{!Y5`!iAwwj9KKb)X7%6Lg
zo`aNEtCaRXm@G3K4Qh?RslDhj6M{Dpe^>pPtG(Efq1X_j$q*0e;7&p)s2LmeZ3{OX
zUt@vpQ9q}6`7l|m<NTf;9A(WE0o6|0?(Xh!{yWrBfIML=r6-=wM+UMDY;q#FyEqbg
z`HDw84wN?mWF5^cuI_Jb`(}CrluERO7HTb&B`~{+>jCy5oi3lgk#-I$KXkTOX?T)$
z!usU#z*$mbTj(cZR(3fp6;;48(bLbcNHa>6TK^ftFT^1hDb1|}N!l!FSWecYIF2K8
zl_C<2SyBY1SQ9FUFWDx{xTPf|vbw5_cH3Se?2fJp0R^Ulg<GbBdd4bMhSuN6ahgB*
z0Xokp*2)gk*g)MP#e05h$?7^)4W2hdtnv3RVS~WUxzZ^gxXg@=LcW4LM-yCO-%a3b
z{-r|U`T>xfIjlI|wH-zWYRG@%6PjB7$)H3Vjq@siWl%VWEJ&M4_A;#7AI^s!H9{EI
zk3y(q0OEms@9Er*s4Rd`37-Q+z0^Z#>Za-p1)9T&-4nY^AQX;PZjU)>ql78Ze-+yP
zOVi;0q3kPwvV6C11?iCP?w0QO=<bvj1nKT>=`Jbh7Laa`lJ0Jl?(VuT>N)3k?)>ka
zduNz|0rdNLpJ(sAcC5Ac{s;w>I&`4Gs8WG3e*EeErg~-bFnd`mQQ$4E+r2%!^p4!e
z9=eL}wlc?Ruq}DSMG2ay06RdllR)2z+0MZ(PpCDgZ+KeM0^_d1bOR?mOvY@wj+~aZ
zvA7n0`n&hz9Z*cVz|tdJNo9&H*Kg0p9o9j1pQv%6f>%II<FLsFw%M2Vr0r+1#3na(
z>$a2u1<Z+?)AhbsP3d*R+DGUowSD335tqqH1sZyq;S}D?R&p0D9Q}H00?H%z#Lg5A
zgb}k2s!TYU_X7~@HIr-{Nwuq?^7tC2rWa)#QT#+rZq*U;8GOYyN#-)WVtSsX19zXf
zae=1!7Ik>CQVQ~5SC`7WT{t8EF&@1YbG4PeK@7ql4NevQ{+_iBB?DzK@1lKi(E$In
zoc0OPD-7V9oBryC1qRVeXZVf=-b1k_Zyys0$|QTqEY?}8g;$inz6}^zLd$Ae2)BP3
z{`x)x1GLVx_p$CiXhHzFLIgC|yO|bI3qaR^NiECR+}i^O^63iCCmu1)81?hh3c{8a
zNBZAVyY@#ih8nd8&9JR=40tQr)PIQ@{F!~P75*zyu_lr4EdAbg^lqyD1Aj*AEYRD5
zpKGCtRJT@`)=Vl782}8CX*l9~CEwTg70>rTL3k{$@>1;Tz}0!a7%jG|S<R$2!25jv
z$vS^=Jx<3n7>A-0a`qIl3y2?3cS|qUKMO-65n%dP^o76x1A4E3aftz)_etZ>Ll{4c
zCpZ16G(R;8)P}YU(HzAc;&Y$5nXi_YA)5j8{II8$>*$cCdw?Alqj`OHc9sK7woD>W
z?!>31rQx++?F|CESP(W@Ele_*Wvqee;JERdn)fgC$Z|?)zu7#Om4ZBYsgE=qB|_+O
zKF3~4Nz;v{={!!jJ>6`ETZo{1fLCP-IROw_aM{gkT=yOKR1XWzYd*4(C_ZJeUPCZt
zOZCCMkZYX91ig_K)e6Vwaj9Mb`XAg}Q#Vs0LBxs_enMq?%7GQ|o7J4hm`5|C-A(4%
z1zQ>n@b|=u+7Q5hD+@HEgachp4ehPiUtj)L+5)J45Q8;71#gdWa5e12iJ`(=*yU^H
zqV@I6E1BFQptvR`tmM@T@C$3$hdCt`GUNbM$JI8kol1#&c)Q66oa(?}W-H^*WJ8OS
zDNrkT!-48=c*0pl*VNSicFoUaoRX->j@m1T_%Fs@578zV(!+&^75RpKz6p<EIVjBJ
znD|8GouFBAr~>G!69CgkCowU|xX)YrIX(|u0L|J5#sKSi1H2qE(^K4JBtct{=wvQ;
zs!)NEkfE-M<#1-aTz@p1^G7R1{Le}77iEdYR8mO2#zs!lp0mvwkI_uk9}qD=ESDfH
z3!_{n*F`?X)VmNU1@^$SP|Bss%B6PiEmu^2(90>Etzp!;xxEXGmtO6Z&lHfFEL51}
zY@BgCgU)EA@|_t#hWX8LQuG7DRynfYD`Y0J7pV!Rj*f_UII;gx#0E$Y-|_u<yqF+W
z)2v8j>{DBGCvzNCGaKO9p87iz4dgL$kgI7GeB7vUDP*$vd1<;{FkEB33{|_M$!emg
zs7QRc>f?*a?BYG$=wyW^97*OyTh@u}hsC%fYyalanYeX=#hBbh&ebOR2%S(*A8H&B
zKcQwgM71)se7f_<WLa9`B_XtCt1?3$7KoD+lcnww(;Mf<9jnBkDxxk7VOwY4zjk)c
zx$hJ)9S)LF{ju<MbnEz7K>-0r7O3IGS66pZe3X)crTD@xF_>I|{HV^b9ZE%5c(mM9
z0%f*5+TSQ&(JCNsfe&u+o6=b7Omh;qsoR<)2Yq#1_(Gj}t!7es@unjvo|&0B0SM3w
zHC8g-ZF}nXL%^~e;wwNzE798|=wSR%0j7n`cMbV>1^~>)G*oiHV4>nk0oVYN%a+L=
zoaDbNSpUeq)lmOPbR>2Kiv!ybp|T0toJ9G!d3Ng5jb)RqS?ostbfzGG7**8rfeBbo
zwQG}ee@=nMGA&z8k=2wX&p-aLtn?`;2rgU{;KC;YZJA*kQ=YdYsjF?=jm$FQIFMp&
zKfl`rNe;#iN2b+Fnminaxjx(k{y_hED7C1}VtRXv9+3Kd*_Ok4N^*lc{<EacM$mBG
z@B8RZ0jUQ}go-{Ac?Xh`l1+!brS2=F)6@i{jGD9>Tr!%_`$ia%kQ8c9!u$Jcyt{aC
zd9N@~tmT0-9y9ez)}o{1_6`3by+#c8@@W3Qb#z`7ZGP+MI19dC`u1b0CEKR<;$o-K
zg3V<&#hj+O3GQ&QSOB2qsmYwu;JDSextP}`Sea*+{Q6p@&Dr1I5&JaUB%YbU#VD%x
zsat=5F-vm@{GB{AgjPXRc-dz1tc$~?3|vbdG96D7Nv-vADlWUVEKpt}SBM@M-2@bQ
zcwCO~DZX%v09<><43LjJn_RVy%HrZz&2;LV1xNtQUKbdMWab<k(5G_Qfdl#sCAG^y
zvG?Q9XQ`(rFrdj-Ut_heUVF306Z0EEmXx+qW4$~I%g7f5S?iq*N)mfPkgfoN9G0np
z`hA1`Tdn8?{bjlT)uPcGp(c3w9WF4nQ%o!q2B{WF#vXQZ8!Qu&v%4gMb`&BqdWT&!
zBs;9F#J4Z}M7ou+laj!9dU|@@3_so6+)6Prl9OdLhpII6^uA~{@D-Klq{y$10zuY}
z)fHgf7D|2`py%C(E7Pfsi^}ApT$rbS`vnRKSM~|aFJVYFQ7(h0_{Y#jKau0smsfXh
zUQN7s4_`oNX0_{T1njXw4;+}}y73pe9AQm(^Iy!$|8U0MYyLq#+A|GV?7+9{Bm`BK
zD0(ze^awkbNwM58l9J+@t67V+wn}JMt|YT1wqE2mULXTW5P<ZCvp)2q^H8b`MggOn
zfHXgKSZq><?AvNh)~22(wPr}h6-AIf$o<2TE6Lf!jP2W_R8AKT-BxEcZO7WcKW}_`
z;vM?$(8MA65}Mx6j#0pq0-?!}>3fGiB}FRu|KXi00y0Z4;!Ya8=BfaUd%q2_V!0BM
zdONL#W+O$e)6ISvRnV#X!CMMe?&dl#b+M=9mofJZ1eg>sy1iLhoT<E~*15GE4YJMx
z$kMwt18QozOA8vKUs`uMpou80VZv>;P+g}#Lo&`wnH2OLtmHyF9gKyNl9Gy@^n~}<
zm>gT*IrYAwH7*(c@2nYMqgqe`__eGN$+USB4ZyF=;%o139WWRm{=ozJ*C5)96ao{`
zALqXHAuR6Yh6&<<y`6BcQiAYu|J9P}DpO!Zv?DXh7Mh0xJvt_~)u!Z7N~_1pA9a}a
z!u}5T2N+{#VKQO6eX(7R2RqC>@vbkURt5h4VdqJO*C!`gF=LA6OGU6foY94WftVY6
zzi7izGq=$Ht*EAj=xk5?8-mZl3OJ&@Tx!{uKSAy-45Y6h#S2>d4i+p;37hls_Wq|2
z%c$QnUZ!byT8=Qke+AGPdx@gRl76#O#qqm8g9!_g%8rPkp`mMkou8jmM?Y#TxA3+0
z#RH$M0rkG%H%}6H-gAP$y+>05o_x=2Uby(QyyigLgOJG)?0cF=5#E=V{yy<CfhA)@
zwO|5>)d4V)i0j=opZNYi`33)ciwI=D<<S<HtR)fu-lQa1;0g>+ivuA>m|kCBzbRME
z!h9-^nLWZ>(oe{5<LD^6wyCodyeZBtXoMmow|mlLXEgwtdRr?>vQ)Et1{?t<@caIq
zli%PH+IL@OLFJc2{AK}!n!5d;6_q0*b9sV@Z`e6D6;b|C+WoIGFC;Qh<^|NCzykaz
z|3)C+lovOj5=Q0~_-<uoWh0y9jQ0Jn@}(u6jN!3Dos5)PQNb61n<O(o;+GdJ;s#!@
zoO|X<2Mwr3jzdFx2*CfA7kv5Q|Mu|>^jCMu=3xB8pC2w#yx8&H&-BJ~8hW+}%(o8-
zS4Ybqk_>qrcO-!&wFNTCjN@tRdYm#TK>8H>R{&8{x~A%HYlE)Kck2ZN3YMV&4yShJ
zm8vDy%Yh)Ua?SNPN>Kfu4#XPm_n#g~11J>!PQU6zeji8f(Xz)Fpd>N@Adj7TU0$>G
zQIL|mdy`U6a9|+7n*<5!Han65_vh|z|9QNk{fMcAepnV*Z|I-AmHwUi<w;LbzbL0s
zTQ`>>0DgQdAYl0m_|AV*2>%`K=O}<dl!)yyXYPj`w%^C(8;KeNL?P!2{q}p)@4i9+
zPmexKj>qRq6d|v0C?F<smoJl$m>~uU32Cn8?&_-O>+>ooFi0u)GqyQlrl8XJIH}x=
zY}E53?Tet07NN?UwHy?1MwKn3vzG_u+y5di#v+WK1^t5fV!jJS_xqFo#})r87ya`c
zju-O#I(N-50u9f<Tp&4cV&WakY*&Y~(G4DAE-pxAJy=*+;kFtY8fB+JL6Dup>sxYZ
zfga*zp%Dlhm@PL@SdmWqxS`1Ne@sG_#23#(Wrw7q?d7Cmz@fcN5PnCEe_qaieLV;M
z=Lyv@rS81`dy%PuJL=(dYHMeg-O#{gzSIB<5D}ClZK)w4pyCRO!oypu%5}0YA_f6{
z2vL)f^a7w;r6?sORm+Bm+48=lREtvG33H)b*JJPbgbW=8r?@)xA7XnZxT3)Myn_Nx
zQTqqioIBl%eKT>*-N{Nk|I?=b`L*gFsXO(2f3Lr{{+sm+u@kS=)=uf&5iO0<yR(vh
zju+F>kQ?EQ-<Os&m9lB$);qTM2G-sHTNv_Jc4Gm!n6(86BQ|ZNEPjZ5ndB$HKd`&X
z9sQq==Y9JhiND2Te8JH_7u_-%aK?*zqqN5;FN8R?TZGDQb5ik?D)E$+HO7M<7l2iA
zBQtgmZVLRDY~0-3%yfDdrjK_{Jd>n3cd!sF4nc>Dt2DGc9vrdq89Zu_i8)ZEFQ-+C
zLtAQ14OsZk*U;+)%<W1$^UW1~=_#>7J_ieCib4fjoJB0;|D~4q5A#?218K`d{r@Gz
z_RakztGpy&{`UH}6yaJz@$v>RtpKujxy}kjTctc2t*I&#3&&)0+)=c*wavqzYs-~O
z<4{k+x0{yCl1VOSvtHs->H-$*C;$RVa_lpoa>^nBQN}W>?yuFYz@z(th#!&GUUp<E
zGOS&Lo^lOPIpi~W4F2<0(O|iFc~x9R$pNOS(peDsK&xF>H)<JObL;hLlQ=w3q8}vn
zJw_VDMH0~tIAu-1o(S;0g?V>>YjSwVxhk1Mj{HsMk3VB@i5O$~d+baJzyaW;jxJ1!
zytv5~2iKcwvcBcv$Ry8u_RY=By^PUx*knLSFAVQRNiWRm|Ei=HAgYE|WaXy;{DYk!
zEIst|wfkd@Nuc^!YR#rRh5h1Zu+5vxVE{jK5)kmS5bPQ8^n~nn-{4}}z<{*b;a;Lz
z*pQk9Gkd$aX6n6;@A@$jwZDoA<3w2+XHOd-89H6OPIkr0I$2!wP4U2^^1{1*QeRpI
z<MAg7fL3LPa(9T3dOxm0EG*CarT+K<3j=ta8t-A+CN~f3`PVoe$L$Oe%+D*A<to8m
zNHY`?5>&Ns^DB>~JyJ&r34xvnHa)h^a9iim`uUXW+V>WSlSc!+FYLOwKSo=+OYiTg
zn5aWqU+qcNTQBELC4_HT@ky83fzNn9X?olv64-)3KF&Tm!H)&BxiwP>aP$0p{4~VG
zl7S}Gt3<c7?I2H0J)5N27zW<(#Mp`(#1H1)dKE3t)0VHF1^S0ug=Xj7V_WKHWCK3z
zQxIeMp5iaK_aZa=YXV>H1q<U?@Atmkzx-?b|5@$NrTiaie=A;_oDP61@$HkbF-)ZT
z3LH$PfS2jT4s%W{uvz5;cpF9{Cw3*f^!K;cUmN=_X3B6k!v>~a1YFj@-t3(VXXbu$
zzbuv*T_H7_xOKSLK5pNQmrMCE^)TRHbI?sylf|o5kHL&L<5f{pGnK7k5@t5_F7UZ>
zpR*|jD7^QwTgY22)MDM2CNbv6#i3TNHm^RSqoWTIrfyF*9czR!Jyhz0x87IXB7a2=
zw1opbev7g%*R94QzFP57fojq`$F%Gi$_$mTnOIqFPg719cY6&Uuv7kqAmuZ=pasrq
z#Y0qBSXj-EdBgXvqObQBT7!2MR+fDx=DR2B=H$Y6(b_=tAE_hELul4bU{`&_otki2
z)vm7<>IwOay<G!c4Gem!D5mGo&~?!uWVxSZtunbsRu?SWiyt{DeMVOvsma-ZQw$fi
zP^Z!Rq0Ue!q{`-WG$99Z__XfA<MUPt$IGUo4ILM=fN#bmcs1bM!>%nQH8Yvy*ypyb
zF0viLmSmTYV6HtHZXTX7sU_vZQ|d(fLiuV;-5})qW&p;(VCO;p^*VHv0IpD9g3L`F
zfz*5RpzkS6*R11~1lj>aT(Ma!T0R>G#}2_MOPanb3vG!&amAUCAR;1iKd9`bPSRwU
zYj#0m(77olnU7TmqGXGsuh2JQ0Esf-1cRzQiOW__oGCLEj5<RGmb+=sAY$-5O6SJM
zWB;jVxR?VsEZ`81=KUnJq1Kz$I=&+kB`<#<*Q+xy*eX9;{xO_I^}GR?3U&?nR3emk
zL`7BUtnqWDZUX!(7b;-RYkmPg<8O{UnppgrfAQU4CR=H(Dwcm$RXNvCcXsT;-kWL+
zm#nfHq#TfJr@vAoa)0(%BjWMC2!XL#uH$D9w;5@Z2{UC!<L;9aSo`!{2DS2dv}gz0
z+(!f29tfKWK<;3%{iYe*@c5C__*?VkP7mf{S8+{Eg1WcHdHCVm^74!CB9Hx(lQJfp
zfHK;5ne7cG5r{U>(5p(!a3<pi^ZWY>%*x%bxZsQ#rpVbrzBJpJNxu-_SbA@@(+)X{
zsy|9w?t?RihH7`Nw472IOv`-ITqxw;s-W>IIlMzOYX&Cz013rU7w~3(AsQf34Is}}
z<`A2i2<u88WY_633!4u%sy-Il8*0nojBkRP+1*Wk@j6~=aYPcZE)dHD+&T%MtOKty
zsx#K1D?rHS8uB8nnw<_5!xW#NqC-vqF$`s8Wz=Oa7n88?@La_!Omt3Yue~WLt#<EL
zSF#deu=>})!Z<--mwe9m@2~8goN@tW+kv5>Jbj<#j<ZbV!2(Sx7YT0LHNmit@UuEg
zKd_vU2>B#|jYJ<gD;mw+*pU!+OAEg5_Y(OaTSbLO<^u*^<U5__di8ZJAvQK!Gx2P0
zbTk^^28b&i$bDl1dhs+4iHRw(QosazHb7LMnd~PxN<DpBC%C)6F9JI>0J{p*>*N3q
zh~YCZIg<s<dxd*F6!U{8d43pPz6<=Tv*<gL&Nr~~Yfu9|9$F_4W0@<drKKh<eVg)N
zlyx8WR`wvj>C`iJJhG@fI@A1{eP;6~UYD&rtyV(9FH_WYjVy9%yrEy0A$b;b)$}Z)
zgMsYOf9?I8th2G9p9B;FB|uO&XmspaI8I>}cw7x-V)s!iLwp09ujh3aYE)vw4w`yq
zj^pH{Qot{KynjM9%bPo(MT@Y0unVYig=tBk{^pSOs{IMT7qn$9^LW@moTyyaU4-XD
ziA5}u;S8!Rp*!&2>H8TVOJ3ov5FhU_oONvXLGzt-+aBh-chVq+VuG8eZ+YWPEet=R
z^Z|k)&dTK8sM7K(=-Zmw<A-;X?ARVpDGTxr8SS;x-YWMtvfe5{QJtTxy<L4dwcb>!
zgi)=y$#G-%44AUNt;#9Bb#ps=O4fE-uG*y{B<C=pGP#<_2eB)d_J0|^4f!TxW>)jz
zK53DL{<ur$e0J{3wDaSq8f^ix%8i#R3jMDu`U*m_5z5ep9styDaS^|q*V3Go!1`f9
zv$!1bbpRV?NS;SmoW4saSsjZYBBM@7`l5rwLV)|lyaM+pZRJFv&r*22x18(w1V@`>
z;x>Av+I^O=;!!c-Q6U9Gkxd>We0&Dle&dp|oH2YfazNSK-}unC)cELqJ(4lsxa!$U
z;%PoxjtDFUqeaa(H!D~LNU<%CSK1%#%qM^WtPfdU_iy}bjFMm!LT)aHIrT-%%}X>@
z5y{2*pO?<ZxR}T3b-u*R=hLVZe7`w$LFburQoiB8UV=xtNo>t0i<<+88Lxmvag`C^
zxn3CpUOa483+OpHIbR1T?PnECpB#Y2G3s`}05lfg<rE0=c9`XCYdGzj)4n>e(%mN|
z_U9MZU$B6#srTSU!Fhi?RY#@|W?PeQG1vhLjO!lKei()qNs04UVtHke3jJod%@|Rs
za$<jtcbB#>WteX#GKL3*P=C?f;BA{4gM5lG2}8~GjMs3J5}SNDV-A`fMUUb{s~jZX
z4EOhA-kJ_0mJyPuem5;IBv`UgK2t_(kvGXew@TRT&-D=`o+)ej%+p|#Oj8lTNFzbX
zK|?mo#l^Y4-#s1BtW|@Wa&@!<2}~H;mAuNmJyhG;--q|QM?&wfvz|w|zdnK@4HvlS
z%N3>>D-?$0az3E`+En(PT)&%WbSMyG5Hl?-nXy5$V-Nz?0~<_S5E@*pwF7OH7%VQ8
z1C4=dvk^h(S-Q!Avm+;Oeelr)f*knyQ@^w8#Q5?)5?TwNSxsv*gXbd;$otGCpAaol
ztCnI}J++`gbF#4W_I$f0ZXUsbqrG*tJ<n*V+67b;*k0d1oDxd8e@X_X;3&rL6W-))
z@*@ydZzQY73<pfy7v((!HrTPC;L2)iZf&^*1)VE%hs>-cEp1$KA!<w8^O48Hgd~Xz
zN@W;_JYx>6+HflS_>h*d-|0{a>sqqDH}lUjN^RX1SCnaQ&meQmVi~oQQ<MSqJaBPq
zpnZD+Fke#6;<i_xpO9imvA9V?jSMp`x>7?_Fl<FMK1Ji-#)dNGm$Nc5B1xiz!;t0O
zh`Du@1PS%PVTkE1Y&>2q+I*GN6Tg?<U@pc?a@s>r=%}bOpDK#dw@F01M9sG9i`fp+
ze<GnMPu6qC3FX)n8{4Ey9+x#u`c4lBby$8>=>|kL4d%YN7;)?@)Y3WbP2mjJsQRDS
z2H84*x3`eC^fPEyiK^%htG@Dpg9KBcaAh}LQjIB*EZY{{Qc_KAhN-kegrI~(Y59dm
zk-aCS$>qX<6jhLh#`^g1nwUqt(V8Y|A|`jASb#+8#$nW`>okI_lkr(qR7IrfNQH{U
zw@+td3W8C4Psd5|XDK+Xm(qPGzPd62T3SM^34VGr_(r(?0K3NzHq}|aeN`~=^TpDL
zJ{=@PciFFMz-96))8+_G9(#<r5Yxxi5UCwpO2=oTW7bBWE<Ju+JJyF(R(aF;<I)A4
z-k5iHMS*dutBY)GNQ+z*u`F!wOEL*3Cv?b~GltwS=7y;pTy(dmS{E^PqS$Wu4y)vf
zfEVs;?GQp*2{$4hg+D0n{qEoaf3x#md3#nJH>w0}xzqYy08w4Op_pfquxEu%n?D}H
zHVGmII_#i-`pQ#qpen|t^89^Fp2VfNxVR7^esGoXU>2#R06us6Tc(<?Am(BkRpBL@
z9G;B=#C=OcoicYs^4;FBgW_W7SkJFTDawMExIb@Vg(Hl|f2B{YTpcgw;+Wt_Zk_JU
z+7P$77ZS~0cuHU2SbEmUNpZibKWQN@#A^2+a3mj5d*tNt!8a>a$JNjUv3c8ZJ-<G=
z2Gf0gk@g8aNa0IgjZ{LI%^VDP3B>1AF^e}=f#Y*TQVN_wGDu|<&{xgJn&fRHs4a0A
z{<Ard=R;eKmH}nCU!GJnBh$zO7zGM5x+44di?BcLmJkadB2(E1BM}MnMW<2NP2Y_3
zl@p+a5A=XF1SVjn#oS*XVzk3A*6kDT>9ji|;tOMFD%hIq)Y&XXz*Q%URTm*mmrNr+
zW$@O)Udr-hUo!DD)ybu|dOgC3h>d*aaq78=4RzMymGX<9lHU8-B>fg+R;ekoB%^dI
zdgaz;<0=0rm@_Jqs>~;EgE0K~6Zq?ZZe01fiE0^+HXAAKhSh^yQud?rRFGKh6PNHw
z&NfeK;YJj`)GS-Awd2$7u);Nz7QB>!2Xwj1^r>d#m-a5j@ywy(?X9iO75?VHU#;#-
zI)}59Pr!6l$afPpd!t4{zIH9Ph?P~8-2%3i_??V_ExG+5Sd)~m)S2x%c8|DL?WN_Q
z)@vm0H}26r8Eaw<W7rfNN-L9PPZp5){Pyn{bvVv<Zy(pfZt3vywx526-9-w32CsO-
zGnZanO<j*w>3bRh9_O#)=|zdTcIkCMk50&2Qww`ymy~o|T9G~7Y2FC}_FEOBeeYAm
zgzO(ggVh7nr6kU#ZNVr~L?33`1zwwdj8Ux<xHBaW3<}CN9Ay`pSg4kmCs&Ctqh_U1
ze7tU7O*?ZwT7twV{esH485(#A4DhC?wm>0Z!$b?*6&1zH(!_Pn0xX3d?$|mY_DC5F
z#DH_ytRN71G6{EU&PXvDdIM|7-_=`Zgix_8jAh#h+S^xgQ8|37XuAtLnIzJ<ObmH9
zr9rA4YXR^N<C^r48Ebaa??g7}cBk@KSc-3e4ZD5R#Au15AW(OL%g|?#!9<=^f$N#$
z?u1x^!V@s8)7c%0);BmJ0@P8z1+(=|MSKb!4kVo!?=tJ8&q*~h4qsElY(Fbq{T52S
zZo2^1kaaq3(E2G<v0TTkk0&LRaXHaKQ0`%&-U1Jm(dP343BS@fvmyl(_8?z4B_YOn
z=>>~=s_7J|Yw@Dz!yF1Z)n^;H{wkTy*ig9vYSuSVqs|Mqy8wryFDBCHbB`pZ?GK#c
zV^dwPW1?4WuFsU<W2tI%b}B_Yjt5H^oEL9irO<T|V0`8<&Y`wm>k6=Yq=DwGvtcD8
zErQkSjUwzA-f%75GduUXo#=@PhCpPH=&rnyEGgI)VQ`^lK;-zUT_z=HFZQVA#Dk^|
zYRgu9BAG~MsQ1`@L)__?#5&=_A|brR+J87#hk={TLs!hN#Z%iThvT9#*qklD%w^YP
z*-uJ$79uP0alhO1yYH=oNlNT=(Q*H9>R{f-URD$Nu1+_Xp`_1ZCGwq0*;PHuF7Ur9
zY3DZb8CNvkYMY;1c#_?u(2nogi9JV-5M{_=%>&mN*{#61bVd;c6gFmmaXPRt?E?#`
z?Bp3NuL~KgN}wK-iC!zIIjA<$Tj+nYCX$2|J}a!Nsz+XLJ#5}5;h&RFHj$HGtlRon
zSmklCM+bwkZ5uTz?gTBPfjGPIrhzhkvC54MUvMIEq0#UGmx59VJe8wLr@bh%#(FAR
z14j6Z=n3h$wAYc3pkTIM^Mcb(gwfm0u5>lJq+Ga7l-L5ZbIe~WdB&9ei?c|ilpI1;
z<uf<=>#eK>@&tYz3)7`*w(hAXgP`)yAn~pC*!$#zfchwXr3xQZ5UERzxmUC+W`e=q
zy4wSn!F*iL4f9Vor*9|ChEM35cORnH#0rLXQ$Ck7+-1cM#iON2A4ZIT$Zn@0QdFoE
zeAyHVt%+*Wj?&Bx+jv%r^lk3x)W5<kpFUB6-s(1)f~E81dj?W2I%*8g+(c+;q!Y@6
z$iI*o;S+?P-40^RR*YXY|GHzfe^!hRB5ZemlFwjUDG5m(ugw~6y$-c4yH7TTB7OaX
z)0EnuU#KG-S2)i>OTXW0wMh*5ZBJ<U)6V0I2a(Yo^LVxudlb*iEPix9iNE*xaz~hY
z*Aw*{wET7<=^_Af$r#*xES?u7^Tv@X&y#<ZtJ3gIO7Dy02`=A_5;m72b2OVlCj>U9
z^;ev)KwVxORhcgPEkNegr$qBNufjm-)bl)r%wEeMdDtth5C){r#gI`dw?;KMl0&=2
zAim{M%Drc9`>NgKSj>Z0A|RS`H{)W6rcoA>UmmY_gQg@M*E|L3c|Kf^jD|+W0h%(?
z8P`yT_qg3mJ}I?#z(@!t^2P?Z{wU)SfQ)D-pjRB!4hYSkY{V<TJ&zFZzMpIEnv%nK
z%F83i7Vv~9p-dE_s77!FB*ca$m^ua#-bC}BP7%#aljRV@t6@HgtD)PQS0ym`C#Tvv
z*{;f;ZkAE3)f(=@Iz%>_R4EqAFcYAwlYs*p7GUDd@2@TEhe$_CKdA+qvy=8<&3U-c
ze*7i5Sz$;KBx`p&0a;p6-Ibd|Ld~Tbc)Z%WJcTt37v@F`fD^Ef`1qMSdEg?9!~Ir*
zwWVyTt@eN1Lq_wJV1AjRY8@Y>4CZj~=Q*CSvm=hqbR$(co!9>U2Ay-DK;^aX!BC-w
zvt^o)yTM16sDp@5VdTo(G>I8}-uRMY<hc4H8sFvc?M+Sy+e|xj=<G#}L7<(b{N_-6
zd+>8q<|6zOG;ug~6;N!Zq~88)IjZ+1(cm2;sapm|=uVsb-YZ~d1ZiX0-L&!Usmi^_
z^`Xsz4i!c9!B>@>%#MzZwP+*IZjGv6#Fc)lko+~iGH8IyS(Z8r5(+Xj`MBx{V=(D6
zjhmD(Q4f){jF_j!U|s=P?A;xbr(}@~>UfxJL=nMo3RL}e69QFrr(?8T;F?&N9KZXO
z-&uWcsBFpDJCwJ1sU%YH+$JL-w<3=!yty~UgA?nV3qHB$5(;V4ZV`H*i-U<=7yU^m
z@mYQO5gZ|LBt&?O^G|z|P2SooUP!c8L7!7a9E3{FP=EGM0GkoM*OjF)1UO~Z3o2{T
zmk@HV7s%pMl{2LDN<J4O<l?D{_ePg9(~5Xyj9+f6bU;gGC>5OM*14m0gfE=0kp=X4
z&es^UD&pjPTY0>LhvYs(`{^`#l(7LR^-x9L<bHoAWOQ=WdKYq;bSE{tl45yyI=Mg$
zK&XfjAF^x4y$a6g7q<~e#Gi>Wp7|xYPgjUVz$-y;V^;B@Pq7>xz0T;TXX!R)?s;L+
zY^FbqUY_)9tAq`6FAN?-b*uPx=J-P#vB)8r3z*uhJn48idPOH0Sqxu3pU-yg9War~
zTJ}SsKmQr<3Z<}o7mI!{ju*WC_%yxFJ5ypejM>7+I-b2R1GIK;pV2qZlj+L!a}PP)
zA8}fJ`s~I$63&w)LwXX|#2{wGBhes5%hgYE_7#A^9E~A;vTG!bDVvL1O-66~=TVha
zk^NReZX&YpFihYPugDbR0DN&B_X+GJs~H?iH}S_31p56DjUm3|_TxyP2bkuumKgp*
zO6@YeRxN5D&8?S}6@1rA=cKN87rQ6GHUuroaXu>WIY3MEbq$Rh6zAmAX>_kBk5h(O
zL%*~r9m8z338U-XZsBiHoVAxij<?2z6ObjH%$sCtsmTPgkS4{d6uJSs82u#eMJ4ZV
z)?<N<Lr|qH=qCU|5EAyULQ$Y344tDSKx-jK{o;0!L^Lyk+VbXLnFjqky;21RUNB>7
zsc-5U2C5cfNw7qyoR`!})sP0kw34uJX*gCcbfu+7R0vKUr8wS&8+Ree`J91=W|$Kn
zV8uU;@$u8PYDi|VhVkP<SMfN@yK4H;f*M(R?c;;^Kim?O1y778kJogNPJh@4H&s5*
zu~oLpsmL14Dh9d7N=I?rR>gcL&u|a$Lw8oshJ`beAB7$kaM@oO%tK(d8KI}cU}RyQ
zByTLHj_Sj^zsgGKSd8iu%hN-{$0t476fGxKQ>j&%%}lXFP%qOlAkB*t7S#Bf8A7&E
zv!{`q-%F&yNSL}jEo?MRDn(J;M!nkP7N6KJocmb6M4TD$u{D&OLiZ60HfE_Ng)84K
z_cT6g3%7V}jFmg(JcY;2zahELm1jnHGQy=^sZC%th}NjtvM8qbT+*0J0!DB6$Q;)0
zaxeTKkSOIjfxKMWw5goTJ7Fyt&SnFc`-VyZ5@XU=&)7W*N$Uf-tS<>gMBU=f<p%+8
zv-)0z`78=!q=l@+*;SpTmTBdlIIo5ZFDf=h3=&x;IsEHF1n0#{<5CVvCo&1TN^)16
z!}f7R+T3-jW3VY7vl0zM6yL1{cVah59tAR2r~P^Dm>A>c(7dxXvgokOfCo`gz2HD2
z`-$$8AD8=q#lrJcHu|8{`UX6;?O&oUl5P&?KQ1Xzp(FKOx+UWr4^UbzmOznzY_+C7
zIx{`kk^bN^dQUYCDPFo9U0$A=p5#_5?jqDv1n!gh_Tj#Q5Co(0GRY-@eNsU`1=PPS
zl-ucyT!4&$IfW^2`&d4s87zf}%tY!0%Ma=q+X|%S<C5la%FQZX6FAgpvsx#H91g%5
zEB7lh$ThTHRswS?C4QgAy*sCZNAU_!?ln>{RGzP>{S#`j&G<v3I!)+Cvg7@A_{`%V
zOTgWA5*4-UIIi@lt0P0)<Rs;wK*^}??Y+?G1H1dP;<cE<OIW}BMaAjcy2)RIYjVZ<
zVzIvs*B4lC_Eb)w?J1(!5e}=@Wa45F-&~aarD#p;@b2;Y`RDAuT0fnhB$^v7J3EG2
zv$H9!krEI4`~ap~DL}npGVF#<z~355d7Uf%NdB+~f`yIDQpyz<+#(L}2ls3Hl~Xqs
ztz-|>7f%2M1-SO6kwiN6@5%aJG@T63F~vVl*QsC(`=B0j+&B7S3&@Z5=+u}1h31E_
zW_rt|1~55oZ}PndK<6+EnAZ~AB8Ns)PLPm|RB|Kqd4O#ICcDJ?X7!(YWv3%x^=PyB
z#`YONUoTNx9!dd$CZY7`kHdWzIhY-#sMbThQ);p~1l$SW+oLI^dI_BsuKNlM(JcSc
z0{B5CczY&b%K^fQ%AS|>cuP%=-u@7Y+5d)M2|5|5CXn+2wW-`uE-q(`Knc-b;<^&C
z?*{WiT9qTV>NVPU1aSH#F2~a$V+$x1u*3Isud~85zPgSRM&i8{Z6T?q5xujV&5rNm
z`LJiy;CecenzizN%-yYwLrA!rc|laQx$ck$CcjJui?K7pEM6{cl0{C`NY2zlJJxaY
zEMM}3n=-e1{Oc2riXCE$h;<HxxqrO+<Hw*~E~WN0y~kN;F8A&hpPEK_QFi-Tn<b{$
zRU<X=`-&Cfdey>go}wo`uOqCmuDlT;^0&1z*3QZO5NS!mK?{8A2Pu;=2(IcGx|7F4
zP-@9X{6WfC!yUUSl&Kt4#vPY?oW2Fa$EbxKCuAW6i}eH4c5Gppng(xq><XU6x1+}?
z@mjr&p7z<iRj4#$HTw??;MpLhM+k)^N1>u)pP<(y7}^riDO6~wz+uZK@X=$LYq#$D
z<MT%D>Wj5<A32+ZDE14Xh9@eYP{62>6LCY=q_$l1-NO#D+`YbWdb21P5cIP#l=)0J
znh>L;#>6=DvAz!Vj}?Zs{rSMH2nSMkg$dQa828T)%c-v*nixWf#G}d5Y4=`6@V>k;
zvx>pX0I{^M?62-T4led8@V^UceNtLhDw>hq&oYd1s<?b;e2kDZ3#Bhsx5;PXe%iSH
zaoLO6A;ZrorD-nUoo@R&bCo`0{MLl6oxD%6xkli<;`N6`%m-h?;|wHf`um*iCDZ$2
zd3TVIs3EEUWNYG(`{Xf_nK|R;n$TR0L0Q)@UCB11hHm>v&Fapj$;H#pldL((qA%?n
zai9HbkMs-r7Qf_>x{e=Xkt#|{9Os3;Cs@t$>%ZW8bk1M>R_<8-@R()tgxl&<R5_;7
zKE7?zdee{ie()M`@9A6Se^7Y~JeZr$b-6m84a1*$B0VjfJr?_v3ap-J6=_fD&W<S^
zpM!&g!RfCaCg%g}YA*J9^MM4KlU|}{*6_mkjSZt4VCR5X14YMv+x>#j^V8#LzFxv^
zsa`2K(|61c3t-`pBsN}tqFA8ZXC{>44>uituc6m~{e7(Y4jTFZzrueOkO}xy5Zbwh
zol5I|)Mz4i_zjr!9DgmxN_z@4VFg=yQ{w=54G|>a-m)27OX!c)iXRqfL2NrZ-2Z94
zH_8;X#k8x$TR3j6p~?FZ7hg^xXwY=PS7&#^*jJVT3IZzpe7&eUF+5D?N+-h|@ihEU
z+7$DOCGW`PaPYl{lZW9;{8cgl;%|nzSVDd{)-R1qD*QoL-o){T5mj|Y!hTlC6B3Cq
zZmUHn(Q4{xB_~U8)Yd&=L**)_MG4Vy%(5fQG)AMUSdQ2E@puR|m3(F`x94#Auo93R
z_dL{r^?*oLr=ORHvAW#>XpJNr+3u_x_FbJ(wkCeY4XIr^2VdV|N5#F%+U%pbNsYIY
zruzeXu0<}YmUe8SY?{?d4VeANoW6;%?u$`=uU0LLbt;n5V)Hgfm0(IW-47$DvrmE}
zG(V3py0hq5ny=~uj~=m9M07PpwmwPZjAf>WFW?yaNW|T=t*xgZep>x?6k~hjVs+<%
zc|k9CcJwup0R52L_!1RMWIov$a%@Q7;c_)zoz1dkO1ERVNkDJHJR~7YsmzvLzb2}m
zC5BDSvp8o_MAWJ;G!e>{l0xRljOrLMB%X2=$+j5;V=<RhiE!Rq@>yYJ+^^x?!lcfz
zzi?^#WBswXn<R>*6j$23CF2uB#mT|T^HriVXP_F#Z$CIb4Kn9C?>G9m-QN`VmKM!|
zoV4@W-6L&HS1YTzrro_+d3?g$AIC{uZ%N0C?yaiFMY*(E-hW}@WMEbziW~vu-cksC
z`m(!&qxWbje|S;hZ=p|Qe8}tizFqM~rGB+&)%4!@k-d{l&|B1=5Z0+J@v++jQ8_oi
zRySOS>RgL3eD8KpZMK5-FP430czn>9-X66v*#sa>I$Hl^V_y2ve#cv3RqAHX+c@Kd
zYzK`eZ`<hyHJ84XN0AKm|ECz4vepB^SZLy+6#Eh*rBC9B1@3lo$B;QONypei+uPd_
zFnc5MICE$dg=cbJkwH|{Sse!e%j5-v7L~_U^_-pSZZgAZg>Z0i#^5;ZET&70<JW56
zcYxm<`?ME+O|{;eGRt|$;C1QzW^nv2-_Gfed5waiG53t9Y$tCrpFIak2v~flnqLB-
z-5s!8siVfsMK6Z6Lndb<MZ)IRpe%SzENwwKg^uwW!H7_9mfUr`Pxb0Ncn5oFh*nJ+
zVG6_3Pc%#)gZ3^bC4hxALNAJNuKKn9(~8m;WE4yv+U!&@+4LM3XVP=(jr5T!Nu@LS
zl)1bJ?)CRRNB1{3g6+_R=(Ec~=i3Hb7c^I_#md;j6|@5+j9y+INO5ib<6E}8Y_Z~7
zuBN$?sauPUUTN>NaVa>!+@<7bwauwGv4N5XIr`@*yNwF<vL>c#N$)bmPCq0hOgN3a
zH8JwnG7{wKEErPqGT8&Bk4cx@9`YM`Us~^l#Mt_22&@!0x3_c64F&K)UtkNXttxVV
zhdKS~Jw|dfg1BKOg3vw<0=bMB?OOXroR09$yjvC)8Xl(!h{=zssrcWl_A%Kq8^hxk
zodEmlf6C<Y#!q6@HLAB9ga9JN?FY>-bR!wN?ZADmX%(*^3T-bt%^kL9(Ug(jzf-H%
z2f`XpyHY!$fAaVf-g1`x^-VDbI)CIE1?RTuaw?ZKf@J5cIUAbnUVOH}bfBRDOx!yu
zGx7Z=ir!J}StOQ9ZJd5&Zj%^a-qBRwQbJG}qP@!~k;iQN_<b?}G~I`3OD>~BV%RNa
zP^I;Zv~-@5^6J!z6j4fYCwRHbwmE@czI<@%y(0rWdqhq&Lf^PV*cl{<|M_U8RwU5k
zk(uW?Vk;RUg-)X!1`;&LF>%fp`>l_=G|*TxX{Hg#2L~-zaxhZU%1q#Lm^J<3I_GKQ
zPYU|L`NS?CHcR$rQ?Bq@pCVR3aM)16IU5fYkY8(W?t3PJ0zU~0=l&plxBq0EvN8#y
zcagpE^TN?!K~Ijp-m-q>#g4{!eIl1YQ;#$M3RL$2^)12b>qFjui_gHPF>#=LRQn;^
zhC0pE$Uj-7x|zCPcWR9J!;kQ*Hw1T0Du>P-r&#*b1@O>F-gEO`3od{;z_EN84Pw^t
zi>`nrAVEZIR%-N5NAaJ%KSl}$TAJbZ9F}u{*xiU90q>B$4zM=yr7-j%el4FPfErHu
z5g-)4dDsT&hsOZ)((LEel6Mvrba&GE<|r)!&kyh+(a{nr%2)<#f?|(dO_08OdZR+X
zfRosi$8jq>Ae_%h@xebC7B2e2br8vd9|G8ZT@IciO&=W?i%$+6!;_p8D$dPhG*W5)
z&WX*=ws&bv&9ibNfN{G&gC`cOuv&g#gCiP6sg{_jq2vb6_4(+~pZX)K9c<`(!+4gl
zh=4~}A`K8>D!UB{>XA4`EYP=@AI+0CU~4a-4sPk_AQ`KbV2pL1j}tT1s(P&>h&p?K
zGpPtxjq7+Yfe7@X!ftqqLgFGVP>OMiGR6_18in%SPA2Jx6C2ieYddkH>9MmRXe}?}
zazd7xejMa+l5SZWotP_PS@4nI=wrvrhqGKFpRWncp$wHe=dBs%KnwM{;M)vw_!uC4
zwTda!r{~4e-s*^6!R~|Kzio+Ya;IR7mjW888)j)8-<SAhWASi+!Z&p|Ufq#9Vly=g
z!D!*1-wcZ>{v$$ma2$%L5rC0G%99_3dn`u2?%v!pf*GE0(xhO&>Au%t`C(QpI&ix$
z$;)T=$kZgHKlN`TSi$JI!wQ58H`+@`_;S$rOZH@9kC*>CW`45Nv~4Dd_3s_ep>&<^
zlpwISc~p%br_Kbfv{Q=KQ;z$S{q*I&?0sbUs`xRH)(tP(N1Laai1Hw~{_9Xu{**N_
z(em~rMpmbcnW*!d*jZp-fULpMS;O9Sz?WN#i>K@#qCgyg)l+RJeAs~c_J6s<Xf2=D
zHct-Tn*YUGv9YnjwHA+em+Gzp_XiGRt<A!G%4uS3!Y8==cUY=+MN!J<CTm2`u0tjA
za6o;OPqhQft4@~fix?}i0_ahp64p}ly9{G10s${=!RH^*L`dts(X149e-Re2kr)yu
z>eutlInrmAc^#*~&VH$U#yj_~`XJ+6!B8;r1t+1NYOL;JV;>`20Zan$m9s7_#*RVM
zd7y&CVr8a!a7LpKrcbN;sc#3{(~Jm)bIfs}!;3e_jXgzvU(#Iv5-oLYb}^rXNUe)S
zkv)Ro6#%I;zjMvC<2E@TLw1mm_!Dzm{7@yvU^GbwP}P)}nU^Q+tCV-7^#pQ698%_C
zlqd3?6Fu;<1t@0mK?%>DWTa)XH%bDzcnJ0Z;i?tDa8HqB+S~gnDNhdW512MJ-qoE5
z>0@`Ah-y`R<YMm?kp(0mKNsi6g^{MDlEkwDKng%9eZ>rF;NXF9IJc}(1VO;!s{s2O
zKQJ1QV!Nb}!D;6$`eDrP`>KEZ@yk$!%M;fW2^AXmq>pCJ$}QRXK0j`&H~CZDk7!su
zNV?BBzg@N)OGo$=0g>m1lEFZDhz`&dn3#o7Jue|zMIN@|2$I8_`S1>zwyQhaZOyAl
zxTfPkIre;3dp26&QLzIaBlzt6?ETRJ&PT6Yv|@X4Ab9=LhZ9AHJGyf;80+!(vKS8t
zN3VD(R!S>H6|PS8o;)cSk?hjuhFU6jk!hp@F1(M+edF5>RqS#|gWy{Rc1WOWL-wEr
zlnDVWbckX!l}F=3>)L4e*ive2QKV8|4*L-o&Had85^Of%-6qX{Qj0q);NJS{CeN-s
zTw?ksGeBDCX6^KCgsmctjOc3sURl?v&U?TDsN2mP(|g;$p3`0t8T3Aj{Z9&ENk)8p
zT&IFQip??J2f-L@a#cOr>Z?CB<4?cz8Sip3y6BZ{$Iq5>>77uB3SjmGSmlixNRzH0
zaEo1MId3?l%VNy+-q&!(=x-e_%#{p)kt2!0jQ+q*X(M%_3}6mLWeiXMDz;keB&Puq
zeq46_dJFh_(9nLC)vt)Fpd|i0+Z;Rr`i33A8Z{d3hUyB{HXw0Fk#_gF7?&_~V4<Uv
z`P|57zX3zR+1N{X56yS-{q-+TXj+%na5z147oya1_ruy*(XluRnYA<<bSD-k+$*f#
zX0V{?KikpD`xBSeRg(uOR<S4;x6=xrhL5mD6Mkx0nq(Q+V#dbkG8YvOzqy!tG#&ZD
zZ67x5-^%9?^zL4<yn$5M5L^;HT9Ik=i8Gvx6N^GKEHcWyg}2T)e78W%s9pD!_$r2`
zTco)7oA<IgaWy;=k~@MN;#Nml`|~GaRiXKM6Hd#;runZ-fGxZx!X@t$jeBRL-td}A
zeBUJtPFJdLNGTE*C1#8ZMYu#A!}wsO7R}ju)m;6{3(6o)j@+FAL>OOmz$s<Z_`pKu
z#!H;=P+HyAp}1V%XUdvi?+igDF0CbW3pWR8lQV^7irKy8b}D$TqjhwAnj1JaZTRc1
zL-@v;^?k<i8T=!gGTb>_r*0$foM>E^_1Z74GLLX-uFy^$W-f}=b%{Go@1rur8hBwb
z>lTQD3KoydN~uj7x<pgef-?|yrnkMb1#0Xbd4x_#Rl@TC?Q<N8A(l9EgjlQop`}lk
z79@vtr1@XPNAz2-i8Q0=qDQ_Gy>v1l!xU9-Ti?V}MPO{$J87fhQV6e8N|E+4KrjZJ
z|0_#Z2eR~Om}p;T0-jLHIntd4)=I0JC%Z*a7o{@Lgy=fZn|=?pJs^Rd)O(==z5*Du
zAr8v*{BFM*+>2zrbI(Ujy`^HZqtSQo>KzklZ*%5dH+6HgVf3IfSB*V3-Q~6~3}h+T
z4rL)$9BzL0K5$pde(W;7^N$+&nprn6e*RxT$nxj5X+wH@9r_O7>#5_mcHureHT`<Z
zwyyoM-@9{O-Q-=nO8D2JO7DOCk67n-HT>uN<4yc?Ae`yPgHez-BkD`c0Q&6Fd@L}4
zG%<<aI-q0oescihoAokJNMvLXunk*iP`xaRG*#msk5gSD0{hKk9ZkWP2;>$$*PmiL
zOPcf4z~n3A*Iuk&swRgEwb{DOS7SM1@TbB-xN689;lF5(Q`s$)5D(bMDJXJNx~y+7
ziipHIe)WW}0Wb=~`)+-tP5D*}f)S30`|JbpFC1=V24D{-N$UG0zqIn{Y|ZMeu_h-A
zRXSRVjq6}UJSgZl2UupCM5LvUr@fg)_P@wv(aLn2q3rsD5O2h8vPFW8SOhRpUZTzd
zioZtVnSf%2&<DSb?1V?#-5mDD5^GPg?1p$J7PKmbjBlYl!@E3}sNI9RbjgfDdw%>J
zlO<$(GlhH@KXIi8h?WXJ2decZtAc<K1Pt!LwSmW_EeDm5Ad2Q(T4;1-*G&1dzU#&v
zwoyv&Dzp!HAWi*v(c`gFPOxY&J90=0vO-7{OAN-7yen2MMm0t8im+yK++9Hv7A_IC
zwvL+XvupTSkA_>eI)9fgr_kMCT|fMukURa2g?bqqU8m`Dq;<^T4>nm-gwPv$34m9s
z=1+{G#;U~^AfL%HE;}u<Rq5pTF`&fc*jrfW030>UL_W<>jogZ<{&-3(aFX4)xWE7%
zR0^kyye9j6sAgjGG&g9&xUzFO3G}F7U|>Ym^bb!}Y{0FSt8lK4m#wO$08_NYEFcp`
z>KHVAUUb?)VDIc2$G?*M%ypzd=P#ep;BKoCuAakL`mAN3oD#dt%HusDipH-Hzn7OE
zZWBWsqJn+|(?N$lYfp+0-~6dy`0UI+XjRuI4`=>D#7vQwQk@#POsf)Mc$2j9n~jgb
z)?j-W$lG%RI(%z1XtJ<+IQ7@zzC`KFb%?i0A^q{_=0IY=7q7dYt&18L^8^r#x&Jm!
z9C(k%>Xz+EcB9=XINKxQ&rR-+m6q+T4h;TSo7uI2<qY<sT%=BX$_BNL|E`0lve>03
za!Z++XZ*VS99ifI$(?&xSQRQc`#N+4gH9cFG!5P^BPz7`wcRDgW<x>%v|^~8uFx=3
z_&>^LkAQpVLU1LZvVUUfkb!o6V`R5=9Z-Efi*b$Qgq2>Fd4}udtv*|^Ss(N=`;v4$
zrscKH^q<^=Ndm|{hDE}kaem`AwQA3c9sO}tc`<B`0|M0_jax}|$r276d8$sE1IDVI
z?i1NO;*obaou@tCLe}FsVkf}r_C95C7(IYs9LTxq3Ez&1H1##E?G<GZ`@+{su@fHG
z6XNddVtDPS5QUdLhQzAHlMSU6s=*BY8ZfB?xKB^EML`f8+EH6wHD;4zZ26bT(FxnY
z4qRdIw6n`<`VTCr9uH{40#$Tc5HB?{Ab<*239T3SzfW<vLr?GH`v_$X>3OPIs3(Gw
z^u_(vbnQq=PpN``=_jGckW|tgU}VLU+lserNTa`=rF$w8tB@+1D1ddo&`32D#8N4h
z0v-`?DC0L(es@U}f`^U~6bD5^Y-R;DPupSYt-Z;Ex{|G;!N%}zIYCuUK0b|;#U3a;
z$D|mvao{Y!kLl)M>8*Odg5Oum)G>#QA&JW-i!3+y2_kkX;dK@FFVhz==a@bQMUrx!
zeZ{EV1T(U=otBuRzLt%sN~%zt@h6a3k=PSi(Z`ahh)r3$m)GVWker(lWXxwZ6<YBU
zlj1Z2qZnjD>mk69Mcj9xZ9KbpMhwpTsS#@Ly(*nemp>(E4xr>bwO$X%ChHKPZ|cpz
zy}ZH53l!d6T=F1FO(><P8WD3SxV5H)?&lcD{hg=}-pW{gQ~gX@B@l^(^1eT|GdVw0
zBX@na?E_Y}wb&-3ZVR&9#mcR#?;e#gNEw^V1en$cqkBz=Yeecgue^y8)VQOdY|oly
z*X+5Asw#?lMyM*a<VPDi<*Zzox4I!}n{zI;-WzgX-DDoxzH%SkM6Yq1p$Y1vw+&u|
zc(*4)OPi3v?S-qxJP543I`!Y7T-<yE6cBE0E}k|I*Qt6xMFA17XC^e@r3xuGS7k<q
zKi96YjQ_L!y6sAEpnPLV=)`{WjtqBqgGd{Kkyae_O`n3auQo?YnoB;Q&HX3f)g3Ig
zAvzx~2<gRJxLxxj2M|TY<(eokpk~rkzKI^cQb`14qGoMK3*&f@P#pRh^qa6V#aM$@
zSBOkz6f^{Uiti0JZhKxT0MB@>K67~R9;Yv+Hb|(va4N>_qiYAWk)%g2$!3XYB}UJy
z_5NS7Bem-L*6WpEV4}W5n2n*qa-OBWrWGLRyyWzf9m5i&T-?9Rv-(58UPB2ECY621
z+U%P?Vr$FN1*ShRPKy8znSY*`8K7+vD4GkJo(}|ZbK?ly2%2@Jb344BD$0~K1D4Js
z0Sdx?eSMM!ZHnUQ{2rL0@+#SKX&zYsCoU!<15ttRv>~L9JQ3LBfXU;uM~}{L^dxg*
z?=|@&@?=v(e}K3;xA{&wQ8rUR#8R|eyB<^Eb_1>2U1Z#`Crc<G&@fpQI~StnR(`-t
zbZX&S$6bB~eIB^CCKteUGY!Fmv5%mB?29GpC-<Z$h2XmkW=Cl<WtHMl?g<M~=3t06
z!3R^GjypQb52x(;6p~s?!bB}9iqcQJEnCMFsa~vX91>BExamb3QgiQYg`wX#z%nJF
zEMJ7T`c7wYdvvoaR)l8HG|gL+(+Zhju6p@@vG$g6Rkh!`upkZ6h%^Es4bsvb(k%_r
z-Q6wS-5|A)l13Wo?(Xhx7MzJbK70Sq+3)`JevzLFYclV9^ti?~D1o?CAXFR*@QXhB
z_~tUkb1!nk8En5X3XxI%$;u3pYp^U|Og1+`2-!%yrbQ*M?)5^sqTIXMB1|6^91F-J
z2?Z(z)$J(B(<B&C1*f-ul2!hJ0sQN~$cWcolt|ebN@J6&7t)U5lxQd9Ue7dkF3MiB
z?xqi@<`?9x!noBK+r6=Do(3u5Q7tR8O_EUj?#0?VwB*&lc1Yru7j3$Gm1UpIxJNU>
zkR9zz4lG50#IGXO-^`Xzom-FtM))khIbz=K)|)RcaYqG^0lf88zBj`8lRKWDY?vPt
z441;!jHav!-izE@*+1?W|4@CMI~|$QDyCQEwXEgt_>ne)|I3$s1P3b6$-=CAQc!+^
zSW#bsLTW7OWL!s~vnWx9nCJ$n1Y}{DU8me{hbsOy3o)k7IGmJ8_ovel=Cr7bA~N|U
zP0AC1($%QaDOF+%kI>ctI~z|m22fm6fohNVVqT#6e_aqqc=f~cla3WFoM3fRMEcK^
zxjKaSqR8xEYbTBrJ=$YS3(%Lty_Oa0hMaPm$vldfsT`bf^3*Z$NT3@v5&3g|A(V)*
zvxhF3U|e2-xJFtNZR@Y%E8%y^Ab-{^^YRgsJdS{pw!NspOO6`ia#V~GD~5vN%k7eq
z^jH714tziLG?8g;Wkd$|4vvsTj$8u&v3o;qk%$`N?yVh=0M{WK^%~nS|EY@Lm?BX=
z#^N}fqQUSmb^e<2;c$pYVYFJPi$Dk;heDhB{t`wetVX*ePGorae0!kFlVTWduX+=`
znL3%%jC^Rk*pT+>+crJ-Go%bK1Q<yoM?{8x+3P|>+T_l=FHkD$&i-|}W$AyM?$lqf
zsj0^7@E;_|b6+{)Es#=1<k9gI;r{CGpnXsQ@e8b#tc}xlyO9v>eA<Ju#-|(>OZKKO
zT6SI^6fhas&U``ymc#5SYEFWb{Gb+45fMn3-eU*c@=DnGNMr5reIemtv0B1!i72M&
z(MV;rXm6l5-l`&V1_IKjlh89%<B_bl{;M!F7VYLsjjBv#20C&V@pF72gWzB(s4gMH
z+^exsoarA15*4FjTeRte`;y#gQy-u<I1WDVwM$GgR3ziH6=$VfA1@h_D8%zC80(W)
z(0JBU5i}_#=vS!M0?hLzzL@pxq`7Y?$Q1QuW?S$|b6kD6MK7mhj7j!Bre-2`Bde$G
zmaB-^L>K`Tz6QYKs+KB${Op^`r>Z(cxq>rj_0!-=50_0m&|f6P<?|=0)Rih6=~7C|
zhiO4bZ+kTaiqaXKLhR)iDLKIa>^p%2BF{+}3_WQ^AJL;O6h?Ac<BN~B{(2~tniZXP
z90w>=zXI|o<H{nFbIx_X)C`69QVgWCh2yba0A|!@;x)cQ5hZ0g03@#5aH=*B$BRaQ
zZ=(@#5Xi>~{+_iNwo;&!!K5p4e;jhVF6l-)-mrEjXBG1~L1tU%L9JOI?Qx1>8NXIi
zolr^%gEDBK&GaL!ua7cElddbAmLgCBf4_#iAX^QiUXv+ii72;tLKCwA^h-~3w<Q?g
zN~AidMGW+f;R+5BwuSc8!G~iAtC8%FHTh@gF75((uCT9$i~`nqw2;`AXK&GQF*GHb
z>-pVVPHBBU65CNXN?ZkbX41*GjOm~H-aNa&9NX{#FO`Lskd7O)2;qvyYV%2$FDJP?
z)e28XT!H@d;%C!pUfd>Nx$8DLF94B2C1^pCIHj$oO(Wh1grd<8PH>Egt6Slz?E?+U
z%fWR&y9E{{sM9kTnhtBpM$mkcdpb=EGBVZ3hq!ldC5A7}s-AHd!PQImK?7yi&PI<~
zZOgdpB_VHxr+tsK6L5eT645V>IgVv{&ZfyrXA83rS0}YJ%ahxG+P0uFnOQcYBO*o=
zg3Ae++b}NP{Z5&qCzm}p<Msf8znH03ICg-&sD(4J|6ZZe7n|DIWs$~m>ifrw!*P_n
zt=xsNt1!K89T*TIAkw|Go7e`~YEWf4<|xyHaHx<OcO7aeYWDhZV&M|tA4xsRlO3dQ
zU&J?(RfIP8HQAqX>1T5I{0cp14ZY+KC~G(k7ji#JreU|#rRr7g%36_yiwt=^8Z?fa
zBQCoAHL|9UmTpzjTwWx`W+Y?u+u6*qk56H%yhx$MU{~2jx{b&=r$VCg97mz0D>mqB
zOm4LykcCU8o|(3HR2Qr0p8c{>7M^iy(*%mn@Un}-%|IPZu&)iQY#{r>LOQlLC~Jk-
zCr>iYZVTyPu@W&}C!z;%y~TTM)DyiJPgF`#WQi0LbYj7xhhNDY00?uuOHIdSe+_)C
z>pf9`*){idHHK2D>LoV*$M1#Hh4U+gnPR43Lgx|t<LtpjAaKM=0{g%cK@ch8*-j8}
zl@qaAX;{Ul#o>P?7RV==jKEB-u~__K$RSNY4|Y9`y}cyV9Q9HeAZj{vn!Lo&q=xA(
z3zjX89j0Tx?v(^EOh1@ujf<O_o8#XWnJ{HJbj0i^joj%La~ZWy?h~MahO*F;bBBzd
zf_KKq>M5z9my@5W2!Wv^)EiZ*>0U<wfGn1sKdVU#9W4<-z^!exa+wLt(=1G9=N1A9
zrLUB`!`|2{CG6thDo!VJY_kmWf}asWba_&?wpA7Ex(Au$&`IRtQrQrmT*47?n>Ch8
z6hL9H(FH7f9i-^qyK(NIs83>K<+p%!9<(>g`K0OaL`Ao*GP6$v-uh-n*3AEsxx_W7
zQ0kioi6T+^lRi~s+SJ`Xpyi-TQRcB;Uimy_i8hJXd8~TPdh^ONxu<9aqqhZY0L)>e
zaucZGdc$E0xyDCK`5ev|st+$RrjO=k0BFLxZ(JgKO$iZOfdY3|SaJ#ZxZH=g{j>Yi
z#`l^w;Gz#sSC834#ohGVWwg-r)eV<>Ey{4`r_htJU$5QeQOVi#_Q(_;nm)_g7PA|j
z&vz_?Alab)@hCuchmLHtpLl!8!>i!Q{S0)F@j#)qStb2%suJ<6DjB)X-^hGbDDS!v
zv>rS4gzB-w_#ogI+KOLTvx9n2DUNu*@0zhLn5ami*Qr8h_rQ!IQW*l)SS-x%O1}gs
z^2S8-Ne?CT#W_m9n=pR#?Yru#V>CXZXJ8Ox26LsDkXGt0tr_bzF`_e55zB@2!00On
z#wqq37oKlDa?W-8j-koT4lm1)z0Fe;SEQhb<QPglwd;J4)04yWoFo3OF)M>QEzaGO
zT(6CJ=-`kpaxY^Rl$qHg%gvdZX+=U^-;l1hDK}rN2rs)gC5t%TN7`YWYt<?k2{)dm
z|HZ6pq8A!n&45RS6EKF^0eN?~?GzB7i{1MffF%3}m(g(O{LROCucqDIrS+hF*67Bv
z>@O<-JYQ;W%(dU1H8c9Md$wUAere|cm`r=kAE;=uLnt|%v2Bfycusg=e!s|q?Ak|*
zJgn_{rzxA!-t2`r@j8O~jZaQmONR9mu{~g?IQ@VOn(pX08!^KMzyGgC$E1ha05>^b
z_IX;(2$51d&t|?$%b6i=g(~~P6xRtNeduWT{HmbaF%YPkjxZq4DF76BOYMzV7C8fC
z=Yi6mAIzCs9E;iG{uZ4n@S#loMfrXrrwbXV<yRpTU}=Qn0_uxxG2M&-73BXFc&kx&
zgNQH9^63#^0Iar>4rh$k*jV{~!Bj@j`<N($m1KcXhM&*!#krfY3=Wzl>|aUI!3O{_
zY+5l+@vTtw<jyYBVVhI90^aaifh+3+mIB^hpMS!Crkg^701#c)49JG#0%?k%4aD>Y
zM~p|N0+|kA5~BnI3-t@L7lg1K=HE}1rGR4=w}g3xOa8UtHGLB7?5t{lJiST|v9<Pn
z1hJx*)l2yXNt0}UN-3D}<Gk6*{0>^?``%~td<ZP0<Ovnw`sazJm3vXS$QRScQgA)5
zbUaZGrE<G04E{{$oV<p5e6#djHuY`>HYC~E#fyHTk2{Nz{25I9GXE`Gb~!3sH+?10
zm81vFH#i_3EdH!52W`2&fk=frK`~1mvGzwq0~(8v<m)T#;+?`D{v!N3p?roGUHK+K
z*-@#fFM+U+ioEG8!;*`6=YuYxLUCszy>=jAK-+f5XVpgWyMPPV3VDIi*l54P^?la;
z>7*QDb<3F<()MN2vY^`qgU$Ls14WIP5aiBSN3EUR(?RkVWzXSVd&wM=X)KEU8N@J?
zT4%}gw4+GY1~KvUYRtIak%=5}>o0O>hpuc2L!#;4zmnz53hC+jD4TDtTIYI+pwVpK
zTZyNRr0yg$??^n^pnqMeQ4eW!e*Tu07P?gXC%NBk5Ac(~Oa1zmkBW-=V!BK_sJi$G
zc&Rl@OjbzuCkpdl^*mN0d`C~GZpK!G!j_zWuF$)H1d!Ht0vvMZ3SX7gA@<Vn-@=Fp
zbrVz#P3*q+8Y*e#TWcSCoq?-O_Fs79KPbun_(J%6K3w)Xb*le-S107}qhR<EEb@FL
zVe50h&#0Ua5W3giCq?S0&lf|zzLK!p8Nm4WV*ZCmI8y+kayH_#YWVN<!Jq<DTQ7y3
z4V2|iNV>^!!Qdv_7xkmRf7qGx`P;A1E+Vd&D#UT#ceQbDQP;-&)v@2_|7Ym*ZzZgi
z<sZqz<*LX0_a8BypCMx`p<CmF)%dxsm|+`ly7T#dys;o3I_412k*!}s0<i&~0saC*
zeVy3fAN<eH{`0p;;Xf)FNkC%x=CAUsFasddBYP40;Xf*Qi@CK0Kv2DFNn3fpH+euc
z<${5a?+Ug#iMZ`6`EN68|Id@GU;UB9pD;3X0e@fg1PU-tix_kANftU7;efIY+;%zq
zK0%#;7f<CizWy&4yn%)$rYsIDn<O3G|9V1tXi<2r4}^1iL0|Enwc+<kvxh(Xp7hav
zCWdE}tQJo|{VnhxD~HdzXGO$+Z2VlTw)ukJsMl;u{qL;r|MTnXKxz1SFTB{g9w}{$
zmC*e=oW}+6jN$XI!8F860uV-J?P*pT*uM`?`S}6VV(hK2;20{zA>wVUJ2uux{<jBk
zy@sfV7&y-6cKlkW`&Y)i$KiVJe~#lcalQOq0NqqbN`21OmLh=jx%&TAg5b3BcC`Kc
zf2o%i0wtdxBW2oN#sG5;6cm&iR&r)0Y_UpN;4Uyh4Zx(nuOV{s@r=Yzz{}1!+j;!{
zWj~V;PwVzu^B6&C1V3LHGY+iE5EWhM-@E>wgnAq;>fQ^uvT@On`R;$O?B8&~9F+*A
z_9U|(PU|Hs4;-+G=|||$LVYDLA{gvAUeD?CXZmsR#`gJ2Tj6E|`AR#k#%#Dqb)cSo
z#Lfp~5ks`?f9&-C@O*Ey6IQ5=N1~RXtD5NbtA7=|=6T?9o-)KJtY3=R^M3If^$jW%
zktaJOu$T0^Y_UQCUE|XuTu=XS0Jip<FId_$5NAHXOqF+gSL(jrvuL!UL)0Uy2cCZ<
zUHSBEoU(e^>ui;6{+gY?m-`>aDI>yr;c5MPB!fqOf#<LMwc0!@$SHm&X<k28V^<gs
zeH0GYjczL3$CxfdLu}C=*oGJm2o0q7*uRhOSy~)scEi$q(5wN|#!9L40a;oSSGw=-
z+5V#y|NYC#C0q}f7w~D9g1rR)9+Kp<*imNrJBzgyV}i}1qMZA&JRJQSH^p#Osyd??
zH(qLrr@x5M`DOCkVp_k4v?XvfBG6zZ1zd#zG6S+Z?SFsBKcgo9eu*RdbMAEFxkDcR
zToA<(@Ju(G;{t;x4a=NSw6g?K6B@j|QoCC|75VqxKdm=yf2)r*CUCf%DH-D*AYGsB
zvoG#?meG|p;omd+pNyN8@IP*afZvksuW{3Pwhijtn8&EfCmc@FVb;JKEwMMHvX~)z
z++X<h6jG!Pw%Fg2(5Tg+=F4OnGQAQ7-pSjD7_fcZdiWu3)WFq-F|5lj7;#)j{x5RQ
z7yjpJO%-SUt+Y6^JzLhrChO+Q@6Xu8Z6hhPEio};B&)_#AOuO`bYhiEVIEz*NQ(kK
z8G#7mQCIUODe)KXGp3JYT^8Ml_d5Ci^O-&|p?|E^J11o8;eV`72odl|tp`_S>qw2#
zmCHk?WkDT2RQH=zI58=y3Q&`DdILa3KuS!{i>>9Z`&G$Z7xs^QA>di%UIG>2d)Zn`
z?$34B5H#vF1BN!2`_n<s9sM{;1sJ8q{C0r%-Xeb!4!8#jHK07BQB|@s7YcYfAU932
zp*UhnzyDXq86Y7bAV!)*=?j&paUoB@iuJaeI(>2C<%XA3FhT$ET3Jve#Me(Z-1hMJ
z?njJ&?#_E2?MBa;sdhTMbfp4?HB`aHOQky=s-++PkEJ*fPT}6B?ECavEnm2;Z<w6s
ziasG=Q7QWCb}ab-OWLt!8i8JI8&E3FQY;!{&~0Z=;`P$<+5PzJVnSd53B#5;)G!n0
z_Xgr(F<=gO@aEHIzd(Nj3vr>X@aIfhd`3HZc3^1fUw<FQ7fr%PgoW&~`tIbs*nBGD
zgWe;+Wntk(W|)v9^IJ>))vgdMNZY5#WkKv>-OZtY^u!tNIoe$Cv91s90w@9mT0Fr(
zJ)HF>Pd`h^>g@bn=W=gSKxwxt98dW)fPk22XXB-o?)32G$Dr1v59`8#*@D_m6neI{
zjHtWiibe9sc?GxiUQeD$>^58*TU#7)LFkJBI__kEX*k3+Uosg9pc=7bFXO~;HT}6T
zYeYAH|2$xQU7e<WAoc9AaA>>QDpc>yyU9mNb)}+j7V?Tu4(LNy<_22``rSE|Ox&-&
z!d?08K{U&jnwwNMrpn83XlAHFXgQ)25<=M6TnZJBkE65!J42hk!)7cl%+xW!wbwg>
z=U&Y;Z+<mmo03q&#!-B^=ikXUxFS~Pat@Qml?wec^4L$oNXAVZrLip8se1`JPlDQP
zGq^F<dglVIQd+TC9;=&7**`Dslizo{43^h}rYt@Pn^Z~Fvs2=ao$hHe_ZGs~{U?Ph
za5mg>+sJ8>KI7YV3sb|o$IY-GKJ;nSdx8V&w)G7R+CVMJ0%~fY`Mpiw|8&Y+*bwzk
z-GCc*3ac~t$5Jna0)Zof(}9LGa6?;oWl}sNy|7&C?`+|Zgj!X7v8(f3&bLO2Rb)<1
zi*~HX=``3QsdTM4CC~Q8@(_`5&U`7n4rVIEP*Yc|HIF2BiVkg!GV9HcpZ(R+wC#H}
zNwRVE+O!@W8p>!jE37XbU25v=^?;(U46w7aF7tTYXnlS4^E|sfbzND&)v;MG`Gb<X
zGsA=SeHSXuL0R&4ksKm1QLx^-PGGeF1k5W!ng&k0E~F%GH$(AV*X)b)LA0i~j8srV
znLm-NTE4p@W!J7{fMc>ngoqdFY%n~*x&h;zZw8O;1L%fO2|p8LSlqJ<!3ckjci+6j
zN~*A+qgkk2pc-Oa8C3>0x<7KJ#6nP`lvam1-n+<6ADhDpKKQN_Ly$_%))36YFVo-{
zaJ-kv{AM{)D~^J8mD$PL8WF~Acv{Le>bE=``3URYcgsEzMk`v=;nXj}8CL@=qwQWq
z>F~Hz3q5jgUcsAjTg#enV7*J!&X!F6aRTrUc6?nu7Bn;roZnmfzizAXC2(6RBuj#B
z-BH$m<F^pB->TGR52#YRMf2(0#>;f~RwgZy#1(0%3)IFm6Pb7_r7W+fN7*thkIyZh
z1P>=2*T@FfiX`y`HT`d8KgtF319y|Lu$mPm3x|a8f#q~&mATHdNr$Q8Q-;n-k*qj{
zyv9#gXgVz}6xH{U9pU@aQU*obLIVg$AcSUP`Fz_=U<scjPM!TJq(-AP^4YnqPv3}r
z5<S%X=h+qn#j}#I%Xl9EL=oI*^g||Fd_G2yZ1flGOW@9lJJ@GZ-fpcPVwkq)UXx|v
zO5n`6FeCCLSF~~QLl^;bxg9Eg^Zedr7Vog1lgwgo$_@KCYIrUB=FwMsQ^j->ty(Ty
zC<XIhm|MoN8W;rS2SrZwQ~70Qw<A<*i>J#3Zhve_nYIdLJes#n7xL+=LsKwP;EP-l
zkgL^v@SuJuUsJ)Z8S|7A)@%X4Rx1z-u|%S;_L{?tcA&#sN@8rcm(DPXa-L?)Plj`|
zc~G~$I{R4ZtdhRdRwlyt#@+SFIw+OFYMLae(Iuf{H&n2l?PoL8Da%?pb?wUR2f@`b
zV3KKn%BqFhOhrTl2FdG5vv#rr`oHGdo`WK16u>?X;{msd0$Py&>)5l5p9fWQEQD95
zk8Gjoxyf-aH*ByJ|1t9HU0qW?^2Su8ES>fA=KB-je(E=!-;1S)>rz*QofYBXyq$uY
z5M6HTPu36x5&XYO64w}yq7OzZ`}q5dkXU^Bgb)P}XA6)s1y-94w#=a*A^E$_*96Q}
zn+jgyPRhMqh0#yvfR;$0@c}k4gt$Y4fhkx{W&p+P>+1_`;y>`|Xr=;VYdF)WFTX%D
zf8anD3IXTYjo4NrD~Spf0Zl|}O*lr0Ojn&qV%cQqC7!o2$|W3^t<%#o)VPySmhG!m
zm}J`NY@r42a@AkjTKWhki5(yr(c&{)TR~ckMwnOxh@MK26TMQNeNG#)ASI7{sCU0Q
zfM_cV2e$itqs%O$*a5|>?J{EwMvM4~d{3yxnY^N}JpLf<O4b6tE7kMx1JZ)w_Q4iJ
znaN>gbwuhktj2{<W{gG+zvIN0Jl-HrC1Krul<$EhqK>VE%(*IgIlNp;ce=*td0hKe
zyfui;T4%9?pVT{9g9?tpL0>bQ^dKbXIl2wioP;nPz^-=_xi&`5SteErQ$W)taJ#z+
z9=lA7IiP9!+~Mo1l5n##mp8sPN4BmfKdJL6xu&n+N56HtC3fU@%p;f+CchtOv9D=m
z?xZ~{_95aI+tlg#8HYkI<J?`ccz;?jTDYW1$QVK3x7x96XQrva{x^vGGYjcN48#ar
zx7<}u#J&HOhH}9^XJ=`zv7{vc%Z<x^!VeG&BrZ-3r*q-~{B;y#yS;j~kgynkqMU;^
z=7T1*mF;cVN<&FeVQRaan36_X^`%!$_g8-B+ru5*MB(M}k}A%+sEviX+U}=$#>*>h
zDA+SY?=zes?=F8X8>al><a#s-v6`!*<T@Xylr2$XQAoOof)557+3hV);CLiP&Z$yO
zJS~?^r9!3R1l2mO*?&mJ)+S~hdl_$f;4q<qXqqmh0TERBMOgbQhyZc3pL)x&G#5d+
ze*O`_1?x_Bysc8JqqsBILQWHbE@`n^^6vv`F|=Irg=Wz?%6pHC?e<~jFQb2wMIYd!
zv)S4H5a!WV+&};rz2MT>D$=U_+y>(sO@$_e96$_m0|9nM0b|%jp|_-~)Gvaw#)Jl&
z7w4f)m8Vq3BA&yyG#l%uf#YQoWSE-o^i+3_tFJ#d@s5MzU7cS^p4cA007_l#%}$fj
zf!jxJ@|Z&3O6gyF8YvfQ2lSm}!ioyiGj6_pNBxQ?<KC*$`BMBTzbVUTosMLuAikyJ
zPB3+H)bbh|5Fm~luWO`0RtL2d1F&mvWI1@oQenmk#S7+9tVV*@;|)&|IDm3tl92o6
zQtAlV1N~=czI&xPra9-2@yWrny)&w;-992%FCb=!uW<v{<>YF6Ub1*1VSODQt7o{l
zRMC(lOKkg(OlW2EIrjky)`y!Xw&(xE0iW0*&2uWO-+Kem<g({AH&o78ZxB(0_rwHd
z@zO+*0``)Zmwz%xOa_-S^gdG5bJa}7=tC!~dg$wttYHhtSW+^2@govGL+MNyJl5}a
zl&l#dCwu?!YEdbHpjKBAveyAt8{<H!+qpEw`fop!fwt&MUZPeY0v2Yhl#n;42M6By
zoq(}%A+Z(e=jX)R3%t)nz0llkMt#Rxzt554#F>!{k4>-X3!nvaDA_vW2L7QMgD{#i
zP(p)cfD8!p)(AqZSNl2nOxC55s2{Nlkag9$?~?rLVnMw{AaU+w`-J`tWM_1~V(bc1
z<@S7pKqXL6@t4ETd#eIe^}fo8p+7D#&02H)hW23Dq(?bq{xcszQ8>+j))!BWQZEL_
z={Z0`6f^N<pVERS%@LI@jb7ChjXY`uFip^}y7;-Nk8V=Cm4lRR`aB+_3)lMD?U3^=
zsyy?nCEpJd@%c`B&jZ-x{IUQ|QJH><S|UF`!7R5(LRo^~{I)h9zHcK73tVEn_HbK6
z=`U3*l3kh>8T*z2AWETf69-iG+71x%tVl{D<Fl6&CD3YqsRaY<B|ck&$G)Jo`g}~D
z?TywDtp3*JWg-|9PsNSQk9sfz86_4uA4o{hW1^9W2s9A^sx*ki(Fyae3M4TZUZ`T_
zlJ>`i^7+7+BtEH=yOl%As3iRG>o~ZtARNf;A??7}WS4TCA;+F!7L^#%@2*!8BJ#Fa
z80OV_9Z}{Q@bEpgI@>j*`PRE1Gold@w-2HU0?!rrf4tfr)(qT@W#!NPMPWQbfnG=p
zTwj1f_qon!W4iOPU8FdVX$Lhyrq8c=1kDa34+PO6ecAHl`|@G+m3;+xdFi~4!j?y)
zkp0PT)IzYLDMO^brhG}-h3vf6jL>vyNjaPuUg-H2qso`2Z?uT!rhejqZi56m&#+c5
zZZ(KmDq?R7vaDhRh)F6VFSI#SCV0zTh~PRnhPCTow3Ok{hq4lMyacs@#WYB3q2mXq
z@+=rTi@5c-emJDRMm@lT^TY!CoAe_l(zo_j&N6sif05Fld@3g_6Id+&OgtW@1Qvio
zGv11DVbCkikv-6ELuq!~(9Qw9+D%>U#%d`pX1S%*tQ8^f8K6<VMD%Sr#W}jTWhy@w
zLZF#xnuwD=w1M^<Ub<$lDqNJryx;q#8)e7u(yTDO{#9G%zDNUrebLv$3PDYIQ%{$+
zX70b|AKxJ#$r9oI3LhRwJzds%+Ni*Q*u6e6>w9cevt_l^$>m(zy$|WjQiP{-0pcX$
z`{)~5X~J`3O(rBFvc|oE!1c5+K4iFk@t?JrPE;VA+%7uK4t=|^@a|9G;e+n~JNhrj
z`xg+ABXRIc3{slEPc*@VX1JQznk-zI$4&RlN1A74Rze$neezq0ub5UuK9g^D8mwRt
z75&%nI3-yvQLILN8~`Qd^Hxv`wE&<d4FK@NJrv`osaDMaNl9-iW*f|B<!=B&KPekv
zS49xOlz}hB4TBIHPAY;VS{drZI-J6074fTQl?2@82MY~B!^x?hHV(5RN)+y2Ud~W~
zb`Nj~wq<a;38j%9GP3w`hw-7k1<Lp&pe4iVR~V@fMUDjAY2*VWAaUgyI4y(zc)z<>
zsb3jU3JCZF;x7%W$n*`;2mB8d-V3R*oSH3{TBMK#0-Uym=x=Dm)P$x;M1RpyMJ@pF
zChJFy=9A(lRGTn3{k^-1(|4W2Kqvw%t~kU2LOO@lHs#Zl=%C8scD!|E<1RU!tTGh;
zyZe;2`S(H{9<OqK-O~3vwWAGK?T-C81Ij(8OK$V+U@$E4?!C17#N`&T-2S#4uZgEO
z|L#%S0~oO<Ga&&c*NgC7&+eXW-qUC|AuJ=B)Ry67N(su<UoL<M%uj5<W=--E^{+bW
zP-Osbz4KK)b`(;+#ggOpQ2GhjY1y<ia_{cqrq{hD_lPQHiEfente;Edyx;bMa1yGF
zo0BQa053r7JKb^nE%iyiSE7Jg$QKcft|pG}uoDq-io^z=`MY1<M|50k(=osMkdleu
zdbpS&TkJ>yMETHT<3EVsR^%7C?`GHWdfg&k9oa^bWRSg)^Ee)SfQr~;*BX8g4&-;v
zV&zw?(e_wyTYCZIJ444WaIVEdA4fhk(`pIk8H^mR(|(TsL3mU&|0zvoi3?-vP|f_)
zddOXi=MDzkcT8{n!ts+k{Y|!@BFGEbMVT5LGG9aUOhl&IK^0L%fhk0S4Bu~sU52ZB
zv3O!54=5npXn~Zx`(Z&MLD@XM8K*O1s9PA~Hd>^AvbA?HtRcoP${akkZYF=xJAAZQ
zKMI6RxeV;%=?kLYV?QI}ibv3<19n&~Hd?;kM0g0i#zm+uo<b*omx;$Y@!efi=AtIE
zkB!4K6XnfYv0x+m%z&5g$GtHRX%+*DvHgFfzrKwg<KXZruuO-xbENq}vy``O)y#sl
zwif3A@V{i#0L%s^n;QT29R5UfqR&+yu1oGJQQxlcFMsRp_(DKu1{rcQN1smRBnAqf
z+_~P^pX=Kjw+&ji)6%`bH0>q8*UnaAbAhYQE*U6g-5=}Epc`-#hth+|ScS~PECFr`
zado2P9P!I9E3H0j?(P2Y43-O@74TiuYAs*Us@FiyJ!n+#(bw5-hI}>hO~jFOU(5bY
zuDXXN7v-?V4oX_U?D;5g0{UEmPG!h~xr=f%ADoX_rk1TmU6a8uo#aN27~c>Pa#N0r
zhKj5F(lU!<`H_3R<V==tvV2drMC2R8ex1|yYXw~KH~k+y5aPQclG}R~Am$ae9o;^+
zNysVm@^Ai%IY?T`<G$0x1wbp}9}J_FqN|kh?J3JePh7Jl7#9?tB3vU?-?B<);8wpl
zlS}SVDm5H5c0Mn0l6^NJikY0482Kp^2lXpC$aDgZExJ@Xr*8*<JLZ6T4Jtw6ANLQP
zmI6Ysu;NE6jfUHRpmjvZ;^Ws45WGP&*{6sMrsmtZIc80Hc}A{CAt&)84wo}BeSLjz
zdaAUp$zr2E83UlB`{m1*)x1P)mgsS0f=?X}$t&yYFHdh+KE+dow8xd)6={$j6=aGC
zx@4XqV^!F!i@doUM=>-B-(sVd><%V#mYc$3vlJNGJ&$r-A&a9`f$5c(TTxfVnGVx4
zS_wrlLUf>09gH1bgpHPadxrV&k}AZez?*4yifr?xTV%(t5Brk4;adg1WB?o@CD9En
z*!aENt4iiylV!T5UROnxC#P=X(Hqybl6ybab4y?Z?(eQc&ZctON9c>YbM9jGF5M@#
zEebajMkf-Y`Vcavt+f0q6H7iUSQ{fs&N9x&WpEwt)%tX+aqA;U401pf$PQA~*`oeZ
ziDU|h-A>KpZL7)sDXA;6e|>oxKm_9vu^A7kzEKG=c*l1wk}j0~q<KnhE>HPYj+j!+
zK|*$Ix1N&p7z)3C5Q@<PM}Y-562XQEe1XPXCg!kc6W^!Oe%FG!4@>EHOYFj3Z<r%{
z?yA=Z7hP^9;O1O@3vPev=v&qy{Zi-{9Q|sw6Zz>Ei@IuY#FjoEYs{n=8g;1}4Y|_S
zf>>55(RUy0-qGjY$Z<A{I(*n$k7g3py`kA(cG;^jy$uKGEN<e32RuCwmLWM)&h<q;
z&~g$)ko1n0`IZqM#?$7mm`ZRDnm!t?KL}5<mfYSS{>ap&2DR3Yhd<n4*c|6_WZbp9
zUlc%cG`g=h|C^Toskcv)0v*C>y}oz<c2UrQ-l{km!nPPxnfyg0R^tOAtPOo>=j-5p
z<vPxWy%MOhXFPt75NWcq`(DwLACu9LaXXXi1--Fy5eNQ9Tc}>GK9#+=a)1zy!Tkm<
z`aK4lx!29A=uEX)0XzK;K=g|s5VX$qn~zp?ZJnlVzjY~H0Ak=rnp%a8*a-;I)K^8!
zn5B@A&_H-ee!GN_5dLlUq+HQ475=Xu04X7Mbc?ZI{6rUBn!<#ym=p~a$7{AO@UO0^
z$HjS{0jUJVZor{!0J(LUx15YaU{)X2A$p_MK?;(^9u{re{_J+(S0m^>0!r_Q$J_T9
z!J%+!^vxFtP;X~L7iK=_>D=1d`TBA2Mi+`i5*o-Ckr<S0%c}Mt*Zi1jX}Lp>7jO#w
zv5`3))J*yHvwgEC*j272%xs1M;&~md3rPIL^=6fSBwJ53+VGkF!={~G!BxH+H)Jz*
zR!ps9$z6|vM>L(a^JlwWT$TZI%P0@PFL{4$*j{LrNTU1s?R!|5`*ySA3x97u;n~Ce
z;Vrcy=c0YD({M}KS}li0uSIW_j9Wp1%_wadPnI@nu<YxHi_0%*UeiJz6OY*1$AQ-$
zH*4pJc+30;@sK}Gyf#9AH))PU?;y+5mF518jK%EUU6JXNL;f4GDya4rSWlX>1NIt3
ztYXg}shMy<#qxnN#Y?ekC(;2!=k{?j-`ykjr(ou<qx^Ff^5&QI*d<t;ls*}Ey_m~*
zn%bC~Wqfu~PwJd)iisCd94g}}QonZ96-41;Lm49?o?K9|>PBeRY02O`YF6-=79gpV
zd}NNjP`>sEQ^^iTdI+XtNkMe!g6V_HXE|TPebLM$Uldjyj&xHf`~qG-3R-P;EfG#}
z%J+cl9@WpY7ZSU>_9G2|#3@1ZUk-U`reB5Qa>Rf>Ao3Y?KoWj57nXN#nGMB*D&*~W
zGA}X25RMUmC+sd$o=joLnNH0oAD;U_ly8-8#$kmsj+9|?U&qetK!>=LcIHDF!Ig0C
zgp}f}(Qr(!kisLrm}M19n14P^-hyZ}a#8qGLth`W@qWo#v7Q!D$kFpq$-uI{n1?R$
zKiVCwoTxg!iB4e{{{;uIh5^bLPUJE+V*TW}!<5=ei4*WE2V^y5c5;tP9{0gt5Ez$t
z%(-jE+^F03L+M-m?=JTcF+!?rO#4U4K`kx38{6B@osNMR@Z<ecmgyvjBy4~ny6D@)
zgreg348;D_qMW>}(HGxD+*em_RFD8;?WXoS)V_Fnl-v4`zQ%dNC!mc`1Z)Sab8EHy
z*S#7Fi#Je;N~b=RxAoRY!5U-nbeb?EW>W%_@x*9xiFUY34|IaY)z*r<l%$Gn5#I`0
zHzlwQ63|`r0XWw|nBV&NvYfAq`DbGPn`OCU6I=y?qo$G_7TrT0_GqUz(3r(;!H8s%
z-X5QFG7F@L=L01ueu9rlaeC#jHgL_(|Ksht55&uCvuR6`ZD5XI^?KR!1NCNZG?AdQ
zvwzRi(7e@3zH^4EJFqoA+v%8x#JuZbm%(U=rt(IH_g*6@q#3BqHh#EJs<Uou9DZ`Y
zn}w8Oj&c2*&fzdJaNt5_*F=?(IDu95PbJ;AE9@3SnMON5g7x4SsPIua-?A$XRpg55
zULSGpiO2OCdj?U_5l5%2T+V*QiE<f8;~H&}!PuFj7LQ{%9cC#v+~iNq+kI<Xgg73n
zEp;+Rl2vVq2aCc3igJ5BG>dF!WUipHi_RNuu61~UPbNfh{Y7;r8PQ1Re3hV`Z0(kM
z>s&2gj%ZS-Lf9>#?IwJDVl?G3zdEHA@h}732B*;V@+eGZU`&Zd1>!LjLB-(2vrITj
z{{57KR{@O0XyeigxdABiV*&Hpyn9roK2sRc_V|63m0ezKmQdvLGK5UttSC=07xRsU
zvVpbTZ;Ub1V$dN2%vyD(k6dGvg!@)S6Hn*bUafg%i7T5C!y$~#BC!$kk%xh7(Jx*{
z3NZlmk{(*=4TPSmEL|YaqVl|eGLDJ{8qw~^iCV3;dcmW;%VO)(yLS%JhL7CI_p2(3
zK?<A>>8^8D_74+VY<6^8?doDHKbZBz5zK`6xEzi!(HnUb*@zAXwKIQg%4Hu)e0apR
zIk-$IXD+_D5(nR%8mH8?P=>_W3krY`Y^MP*g3cKkSt@Ol-q1u`6!(9obMKI!(>dDX
zY>9;zHbMXPc?h1H+Y#Tj(gWbNfcljyWU;swqn&Ql&q6w@ch2CueXB3)3Tp<(VxP1<
z?y2yK7%c<@NOiY9aB!%>BuCWO*Yky7>vgAC89#F)p}BFrfq15G5p4?{Na+M>D?8g;
z0L8hUC?7yg++c4~m>C6S-}r|fi3RP)*H$b-tnfYRww$!}Ze&5am^vDQJa`0T7R2V@
zRCUUGr`+DseZ$pvr~W|au@LAy4tt8iYbCtn83D>~Rp04-c~hESI}%hkYtf#+;eJ}}
z&J1wr0w@PM+>V>|l<<pms+-Ev;fDMAd>zb=3+H85yu9AL8(_-dtE@Ukt{hq}l+$y*
z#R{0Ha6DAIxlGI)+^bXYBA?<Npox%fxZZ)kUM@3lH%m5tIJzflo32I2mzEL5nB3Z9
zh-+~?oD+x+crc5~x=MxS4{w+F5eroYRHr)3h96C!h0iprS5FI$F;>qFE&ZS?Yt{3j
zAzb0q80iTvHxi-f8R>7SK!IRzZT+0SqCH&Wsi&3PU{`e!!`8IY9+l=+nd}hkk<1ai
z#a@kn$mUTLYY`+#{)5vky>a^p>&J+(OXCF`LSs<XWn}fbZv7|mkhSVGwe-EjNj)8h
zKG$OX7T!k!9@4l9Ge}t(u<3c6HthqUBf+wf(o>{g3nqd_vP-w_jJ<HSBss9kpoi=o
z<>!yN?)jxpP05*jLjhbj^eJ3qw)X=B=Q>?eE+><%C_a+frjt)V>x7T&oh^_7Av+Q+
z)2AA8eDYNxN8brlMct7M9?6AmDTOB(ao6W{_`nL5xGMFoz{^kS#ItC@<>g*4U@iOT
za*jmCMEAjrC_T*eVp$d<I8g1TXq!HIS~>5tm-7YQkTwYg;owJ@<Kc$^kb4sZ(De1&
z&LGN3_E@N^C^s*1&}PQ4BmR$iH(!M)0M>HrciZ{GOT57UHxg@weim%RkTVboQ18A2
zDBRzoDhcsCSVMsj^FI5?6-aA3KY`Jrf)L2)o3k3j#$&rdI_ZDFD=*T^eNr}*K5x*O
z7T2OTdOo^T$xackDRWqA&DpU5^<}mZsOSVYV5Z+^fIwJC2(FsmAqCLBwXU7?GEnkL
zo=6ZlBLpZpa#wr&&;$kzHb*3L6u0{NxnCxWj<W#F9HPL^iLVjC9j^xEbNYbR7kp<K
z0+vSrIyQ6+ZkrD`r~fQT^v)F#@6(H~VG(G%VynmG=nZ|@bHGA`g!CSED#_GEX)O{I
zpdKBVZe#6!=Z4WHkpd?vBYKHHY3H5WRGrAn(eS#F*WI5YB7;Q)eBq}$dUaNeRaXU2
z2k=rl8xRgNQ>RLQok7P|QSmpMw2II6hZgglzO_qSJxuIYzihUNO*xrBBoL~5kI_h{
zRR?L+%svDHx4n&D^&5r_IT_p^Ux^&`Qq8k5cu^!(U6_s}HDa#ke%bKlQSNrTEG?)u
z-_tmcFR%3eX%6W%)CUB-kJl1ngFl`Yo*Zivvk9lp*;3ftVJ0g|m+JEA&`JE-b@jCa
z*z0#sl*v+NSs@Aw9<wzA`8uqH>&<)W*vd1vJ{c&1eOLP-h=N%yL@Q&p)sxZzPlWHz
zv+`1xM2<BrE<<{Yw1WGI>|kg?g?LqB$_u>3a<ffThJerGr32-E8`NH-$GO_Q*#hs2
zR`OEqvgJ=NhIXP&O!J^?nN6SRS9Dh_=19+>pzl)4i2pa*0@#*rbzVrI2=H1sMpe51
zRAIWB&I040XC@aJGWRg?MlRd6>lnyE{5Mj9bEL{-JW-@Ghd-EU7ka_DpL(C&%l97?
zGMzh}M_ZhL8SS9OEBn&8id30!2?a1(YKhXL3pLOL1UqC;YtozpGq}xa;@7^#Dp}k9
zmEqsngwGdW05Nk8Oapg9IUd3MmHidvXEanvytB^g>FH(mZ(Ne`V^P&m7c%}0F+g0`
zZ+TR2XVmdc97C9c+vPxcMF;W^c*u{zgq$=6yB>h7n0Ean9Z`qZ(sqA@o`{UZCJ!Za
zmz~YBh35H(wa6G~-8A>m(TBL-AJ$6c`vDXJ2yyjDPQZFmU8iZiD)&ExLISd4g$&^M
z*z|W3^;MXS`tv<$dO(8DM~;{GGi2+v2NlI9k^*V{*4^*1jGyrR{>=NfXJ$IVM35%$
zTag9BKn3tQ>sQG_lb(m|7TwEXbvlr*4&bgrzXwDdCKwR$AB=7L$jSl2Ck+a@7DO10
z-z#)|6IsYh5lqnIUwkXyP-&CF{HVLG$gEqpV0e0L?*+XEnye6?8tc26Y>kvnr+U-F
zwN#9;T>WW`s^%k?$1$(aO<Fpl?q0&IvWdQT#vQMh4tq>d`wBkDs)^x|RyA%n2|pc<
zzUHZbUAxYRQgViU5%WE_I13*C(}os+3=o7#CJ5eOG3cjJwC-a-EWl8G>a8q*@`-5I
z+Ph&U6J`ngZZ~_f-nXnPRK`a6rlPj=DK&^E!26RD@xD82;|CXiv4Y2OhDIKw!!utv
zH5cnw56xXEP?Y2QZO61^JCpR@S?~L69GK@kgEN;-@n)|H$k0UK#*>C4ToysegCqVs
zQS;<N)dR{LOkUe-59#u)57i(IQND28RR;H8LG6<39~I5KZr>RkIAC_F{$H3IwCA2O
zK%s(7x>Ha6H%{=Le}>T3Dy?Kg|4dsE-YNu^9iUjuRrz>(^A%fe1A((Ca|xrzonp3-
z0Q|*91=VLG@87UPzW3(B34?fWT7c^fI$a-}gk5r8e^s}g;RbC9^ai0HE~h_9Apux2
znEUHvY$1kzsDFrtT+J$Jhk5St?T?o<^>4kdj$ZPFFnX-q2ucVbHev6+LtRn4nU|>u
z)kNVIu1M3Yz)tzZiFNtisAH)W(l*Bz!C5(_fOyR97+wtJ@TvLuj_zl#<&1gy>@963
zQzerXxVbX<V8HH}({P~R?5v+Y^|19tnd~8z2JA7KSb#T}J1wL^Lf)tfLMvdOg08hc
zpH?$JOy5wy_h^xGa6p6O#H=g@!g}cdho4^!7^xTAcO)46t_=`q#W<KL&yoxbhYd)Y
zOxE~)B&1@ep|DA5d0XDg*2*sAnS-(7FhT_YfLvT|87<}}{IG&%fMRv2<kMv$s%XwK
zi}eU9)4BxNyMd$+f`Qm~ob*!<(G%(#xR8w@<H6vW<ofr;?{4TAp$Vw?c8Vl|#4bZ7
z_19~pY_DO#D5@@ovq&!Dv|cJ|w4&@*hmg11+cH?acB^Pc{VwT4jQ84)S5l*ud;xCp
zRi2v1<ry;Ksw{}pIhPXpD{q!1ReUxx$9L_q8aLG)&%%k8VxNW(pS+Gn`_;E5%t|1;
zOpA2NTn$xu)f149T&*uiuS#xJYwT5-I8|mD4K{1zTl!<Q?+jrlBn&d<cO{whc2jwg
zvAHD@Jh4h!a#GUw0|*5tqvcI+2kIH^4=TwuSG=UnoN_cg6`d;0eoaI(I&S&5cJR-?
zyBtrp@K*SyNBCLy`(b4FO_Tj*tfBbWrm6cKHZIZPl--kUzJ~qH$Nbp<u!QR)^8Jy;
zt!~=}pRd0;3hsl9$w-zD<$V`kX{@jBis~u4JY@ih_X|ik;^#lu)mnL;?D{>7MfJwm
zp-}l=KtSP>=#(8Jn@EqPpk2Sijh#AUSJHpVI^Tmwec$yBYklHHS*-LPmD93Et<4R<
z;Io-*l!456+pqmdg2KzyN|RY*I!RUeu$Dlp?mL#|^>}ML$TAJW@x1B*wx-cUa-GRM
zoxT-(qyz$Da*DIeC;TrF_b8xOP3C&nN6pD?0KV=Wu)J5jVN>=HfyU1QO8%XW7fJ!>
zQEZ>q#CsYT^_+N_w<sJEN!HqL2vV#MQ5}<O(XKZS-q^M%4;mOYWib`+=#m<|N=t45
zEu*>lM(nc%v6xYE@JSA@Ra-B8C+Tkb;nzyOEVhn%i*wxdqAX8B$-B!ti1c_PlTzE=
zBuU@Uu;)jfgh8u!P{_u##P{o?@#%w1MuQ(}Ij5aj%#OjG)|Z*CbGv8PE!u`>{%Sd+
zQ@mD7?k)$TZ}|=0uZIKJJ%@l4ewsgmnqm)sGFM&6cT~TbPNG?&SsTK2GaNej=uAI4
z1Cq8Y$}#jBD>IQ0fJG)OO)zZ)$Kgq)tU)&RCHBW)mpP9?DGh7oCO|%rJji?JGhAlA
zu1*ELyL0dV;nkuO(|D&j`Zz!P-9E!J6Db<YrLAqD=DYEpRiSTrpvDfOP->%dO5@ES
zUJW~7!Wte08<@El8i~F^w!Q}Om5XU%F;ewVeth2(5R_RW`6-pAw$aUM1U*s8lr;fj
z`_}Lk9`8M#i_w@Uxn|a_A`9K>o|R^8z{M^=D11J+K(sMP6go8IFj?W17(0h=HO6(j
z*`h?Oy3-PnbJ|apXwsztt2U_0q)iAWx#7$zs!DqLHTU?ryUa3P?QEv=r6l50t$70%
z=VLrcNz-E)_vXy&C!;HD!l#&w7O?1(LV^`l1CmwrC%pxmr<We!{<|gn^;dgO3>DN}
z=)Dnt#g}-+5#s(~nD#n*@kr_(?OA+L#R9#Xn&0Qry`RiBIvFdgqaEG(HY7au`W`l2
zMaEk!EG@392to^ha>djxxvF#H55@savwnc*ia3>Zvv;F6Rv%yh36zC3aX6S6HMg26
z=Wl*<AMlWG=<|%cu-_SxljhhZqtsriMVjx4Cfy8Y)4Cql_H;qH)VVm`0t3Z`O#rbW
z;(53G-efc<pl_Z(f@kXuWm$stcz+r9!-*hZUz=eSqpSM0;ql<UiM2iwO3PiMso;rw
ztJH@{n&cWzjFkzWZ}&tTs)xocQx*8#X-4N6&Z|)Z_LR<c;fO*B6jx;)Tby7t5TnWI
z)Z<&<GB5a;S-n4%$Z?6=$5TzVez5$wy-ZXmSD^K>NVC=l9yOhb>7rx5^<uX{N+;Gz
z-{$KBl9Ph>^ho#9JAi-^m4M50o1iJg{wzr^BHpYN95h>Il;wIfyF%=r9m$)0HjR*~
zJuKilIXRv504xK}b7vr7|GHLGkO>?kNX+xmu>QVuK6JusH!rc*q#)DsDhL5s5wd|+
zq}>9n_o!8N<y}z^DG_@MzhJZIz?QUJ9j*AmXvjR7;c-9fTg4U%6-@}+F8WH|&!y|5
z)gSM?M56>O3%YCt%M=Eit(qS-MUXSm?Hf<<z}FXYq6D=2Q)P*>l_6T3FUNr*b@*73
z4Q%E9UF}iSqFd<Dg`M&drLA}(qEw0#xd-vOkr&=)e=l|V@q)ztaeD6l_>99H*)qq=
z`5q6WJDy7I!4!&PsYiAS2|tj7L6n+6Sy;+0h_CvPW3tP-%y^IYy9g<cv!|89#;^M2
zes$BD@2!c*FL2%Yc_|AFZ|2G!{1(o2M_-JzUS!u0)fZ+?l&LM_Hyk$IZ$@guKCyCS
zPku0jm-IME&lKso`M8{HA3rgmF|5rq0o8Azw0nu3e1CNui?`e?fpA5DWH?<Ju;`U=
z>@+l!tlj^$C^PB7=gDOw=MnViY6#yxzvRYub+nA<JkvrDuC3!eRckt+9jP+_#sY<Z
zo+sMBaZvVgs|CH_0pESuQaNjz7&YWP;RO#htE++ddSoBpee}9MppM#KZs@1c#{KL`
zQUi;O``xhFl8n>oC`R4#3fhP~hp<oRS&e?{l69oF$K!Uw{m4;tUfv&%@lCo_Ygu91
zcVc1yNz3a&ccaM_^4nHbX!DeAhgK{NR?kGORi-~}byRfpTaGsXXgb|?(P3I-VFsX)
z?p+PKe_TFf9S0V-P*}Bq6I|4PI$BH~d5$%@*txN93<FjBUO^P@!abBnFWi=gGwR1Y
zasfj{&P%~*AVy-{Imw>Gic4aH`^MKwtNoo6{$$Mkkb{siPa-h^m_Y8^i|_Xns_avd
z<ySu(Z0<zd>btUNHj|aj;a#36R1)1|;~HpG|6yHfKCi}Xv4W%>iaj8=N#Je_V%j6F
zcn#tKyV><`aj7=zuV&`C9mD!aHGk-SduF#R1)+7lIITWcWueD${pfbwdvmG{?Qr3<
z1pWq?1j9_NzS~$iQojh;EwAfzC;hcwr$E2=d|y?->t+etUl-%@_$i9nVrrn#<8o5>
zEEd7OmLBXBuhlO5MDR^J8?v#qWtAK&$}UbV;?Ns`$4w+(=4sN9jo0m>PCkP35vr0~
z8oDQvkeh0!ZhH9_Q|o@$yiEKR0Uq9%7dNBGYx>XHBumC;%ZtbO4v#lOk*9iIv7<y%
zh@kViRGF9-{9Vo#9{1z-x0dZ`S?fMlKqZ$Jg@>7sO8L8vqfBbPVV>*iZ7Ui7e64+x
z@*uK<|7?Mg*H|SVbn}J0ABV97{m;Ue;lL10wr{IFVH4LXZ$wMGer6$L{E|F`M3Ae4
z@r?8l5BPPgd1(s7UbFxcpQcxPysdeE?!YOF`c%(LA`}F5edbFx&=McC^{wHy`VZYA
zu7@J6qmvbhYth7FZ9T)V*hsI(ixvLr$&wC}v+1ek^;|Ckb^Tj0%}2rQB_qgRXHMn`
zoPpQyeO}^;=bPUb#s`{3C(h#RCK=<eE`_ck<cn=-?^*S|Rdu{44kk^fsw&zl^V4I_
zRqEGvBqVWo>A^}FsSE?!TC3s44-GZkTCRla_q?m_?1vb)54B~8*y;!OzZEFGAVItF
zWOx%>`~Fe$*78wCc<z2+nJ5}$n($K=!t))c*EHzdNhkUYqhdYyeP#k+?Tel|Cduos
zGk&7WK^y#6WK}2mPh^#NI;QbQo#dY*E6O6SfOzy3VQ&=#nU)xp#g-=k4sU>m1ME<e
zOk&91fEJ2c2NoD5Fb%OQ0KiacKNw+83=WCGA9lx0*PrgM>i4qcg%!pDKV@(N5V?N=
zDHW5eXnRz{Llvu4tI3)Hi`HmjC&IL!Jb5kzDYz?zua6ctcXA_76Ri+On0&*Dc(s<?
zjx~SwKQYBP-eOex@F75@-F2$L+V8%gyzf)wmv{X53z!g1QLR4s(DaavEICpZ7{n55
zI%$@2$WolppC7)z>7AlkCJ^vxtWcb(SGLk=x5~APmU~~TP-XUqL7tMdXyy0)DPGq8
zG2wH;cT5t5oA&GrP=K5LsiItbS7X`Bwz-#8+VBcD7#VWBOjd#`kcL^x34LY*?=!wY
z<_fmG38jIOj^WDwL5I3nz<_N`twljtW<B#s6wUlikfdfExpAh)d2Ozm#C5KR!Ui(#
zW$r_bxgU32dFFdiUQSu#j{-`s;fyBJgkd86rG<KVpoC?TIj;qv-Yh*ccl9E97(XY_
zsG?6KtSg;NOqwPegU3wBW$wfi=+vn;`x0V@G&zb_E?#dXWu)7;c7P3lb(>pF;Nebe
zr^Lzz2PUh_FiMVA^U?Nzt>btFX>O$y)=TK^9VkGPA&ubX@4A(7IFAq~A3qu@S0t3E
z6{$-9Oj!=PbJ|)LB#H+x|FfXmBB(W-6^F-Vj($p`JHx8J`6?;TdxIjirGu3)(ethE
zF}HS8few-6UOL{>k6_r1d#kOUf!+RzkJMwENeN@O6w9|NvgM+LF2+^npH-MwW?6T9
z5$R&=hPbDjm7ap4xNV<2oKk0ZA2?sK4jnnCJRJ6%4-#?<PC1=>#kuUiPE`#|0d2mN
zk!_QjRh`|sNo<jcx-Ni%6@|fk2b5CdmKKkgf7To?(ecu!Tl%(}r^Mfy>5t`@069+4
z|Do<ZqoT}$u2G_Z0Tcv8q6Cqw<RD3c1PKxaq%n}A<eWrB6eI~qMsfzpLX*Zo4w9pw
zB+1ZZ8oKX!x^-rpnfLv3?_KNr{xGvv&vZY}IaPJ4_TE*;qSb5m528U=c&KNI1*%U~
zVTld>%G&LTbd4(Gk=@)nVm6NNjmujUh1zkvnZWGk8h)0FrwL;YH_E{8?o|cfuk8tD
z=fbVsG7l!-+4S%(BHQkb)(G+CE;&miU!tb}w)M3_vZwQ|utOIfMeks-tc}<W9tQ*V
zx>s!ivV`^Z##eq64RZ_^2qq6qDIn)QyRXF>d%Gb!8n-GEGqp4BqLBs#3+=t{dJd<S
z!)%4hhkMt^R1cgQ3?lpuMRolQP>JGBGA<jDFvHT&vcXmVTXV*Rk4OHfPv5LN%6&Ok
z;byEBso{T|epKsYUh`dUExhvh-7Ax6#7i>&!#CWcrQEs6UY9HV_j+ahvshpIU+<Yp
zd-2fcVcfBCgHQbRLR7dm9D8_TPS8@afMhSmgmX8rXKG;7sgY&xHs@LiB2_{1>A8FX
zQIYD533n5x*fkpQ?Q8L3&WbuxHyM2^JTIhM%=C4zJ@rZkS18V-4GJ0ciVZ7O28GI7
z3yt3*28)dJot!1!z=3g!sLFKflF71oD)bdAwO=}ew|V~267}+KvUp;TBdhPAD&v|i
zuHIo5<BKZmL@uD;+OinLH5R^eOZwvguF+fb*)p1og4WD~HizZ{@zNIAD|!MapLy$c
z7juRs3hznNk;d>!I|LOPHViO6q2g4lU1tI1`yZlDr23~C=4?4qZwqfXpY?7`F29k&
zNbO}XphMuXc=@Z>_^N_AInTuQmkjAh4Yalk32*XRtdV!yxtsgu{G3S|jl+Q^CH03d
zZY3MKcwU!O9S#T#(v^wli^zE7cf6+wu8Zqj)5L`Vb;Md+JB>w(fv8O{5@_Gr>(=+p
z70-xIZ;EW5-pJRggkRs-Ak-2Yr@pHFW_RmLW9x`Ukj0%-w<y&7Xs0WE$9Y{-R-^L=
zIZse6PBBQkJxiEewm>5_X%|xc-zIr~^+d^uH!TMu*UugMXA<vl7Q{-?`P^sB)6cTc
z{a~Kj@XTM#=JDxNeootq-f0_!+HQ>~8fy~ydUQ&^L(If8F|YDgo7$6lWvWVklFPK7
z?ueTTeFSUIvr$b3Nq8M)<6iSc)R!ABZw(*BCRZbOG$cR7r@SplKS{v3R%zRR@{54W
zs!pI@U`ey}L7U<r?F&-UIve@MCON0g$c1(>`ksyTQw!7=Oy@M{O5es&4XCoCO7A%}
zeeF$T+o@9}eCv87K)m|uTRljdf2{kywb@z?111}4(&#*Zcv-oFc<J4R2zeS;Vmp;q
zG~xZ(F8l4bBNj>jmL8Pi*La<y1EVBu<yZB)hl%s+Yd~+_8gv}gQxNr9&hTdvD1#HY
zeGY5K;=Y-SBv|O6jiPjTZ+7rUXaeyDb5jS6#RC$<FYleH-^)nCtp-M_eQuGIDZY03
zgqTBw7#>=TRpgz^Vn2sR{PFVi0N;>X-X|rm9E+JTkSt2)ks|VQ%zN_l%@JjR#^P_B
zTXu`e{8pEkRXGj?^22Tkeb6sRA~o0l`q{P2T4BTXWT4e*Rf=&T>{wCj?E^NB40CiJ
z-?5C>a5sHaYV~a%>i6B3cUCm;5`E;t<$i=WC5pIf<DMi6;+M-2uW|pr-ZA^BM2_e^
z!3ht^qc3FqHglhYz@W&%)fMO20d0-wm6esW1faHON%h~2KiZ!mlSQ6t6x-^wcY4uo
zQfW<zUgxEU=UW^d?q`shH9zhxCs}f`9x7zh--W9<IXQI}KK3#JB~iS9cWm46R(`<_
zFU`Sb3*unmVW-<SG_bdWzARO0fvr37{0%f=F5pxeYV~i7zhdG~58pQZb_DbF&&4Tm
zqrcd$=ALBlAw_>s?z7{$i6(mHwNudUX??lmL&6Xz`Hz_AN5V}u<3q-XzH*bcEPV#9
zGqi&nWD9G?g#2seG>9E)FZ1m0CW8gT5mLT~%Ag;m%QjZ}csm-7GTb*iaIx~D%34eA
ziOWb}v@%aA6I$UO;V2L;i7YWk>t}OwN|kobTN&iUa}?aKJk+|B@p#hCk2DqWE)?ne
zpjYZR+ewe@{pQDlEZ-pEC1Va}pUI&e1hQSM%)Z0x{Yq|QyzhGMXvyaSgVGn?3fhgl
z>!G{GbMVF_%7OVV&O26%*>ecgY`EDZBkdo0<8NhO{m7!C&6g?qgHO_VD4er&NxHwK
zEjHQzycBnj3F^&~zgeYVhG7a~D<|j`<Co0nZSeyybi*S*@xT=2l|s^-LkmP7a<`zV
zSj@Vug)Ap5Hj6fH**MrIW}xRpuHAUOn!V><gIp{luPngO+>TP<rV#^$I&#|wZd1Wz
z)K;)*^4H&vW;{_;Rx+<8QoK<L<+ln@Mjq1v!DjIZkx|q?@iL}>fNH`O{ChcHgLij-
z^m=1mBpvdFA5L{5)VMGLkN0~kS#!ip5mb1Ks88Z7EZUMKJXx_JS{<Z$L~0>^F<f!?
zA9K0*9yU|)rQ!stiFz!SYu@bI9W4#y8+owUmsMt^-S)UMU$2OBM;9eYNLc2v`GB&i
zR^&kgRBUTkvd$JKOR)9PD4wE*<!P~1vbx)pdk-$@mf73wv*Dgvn5#z;*apO<G%urI
z>+z(5mO5(IL+!C$2jga+%G5aT<d_Z%NRHdVU?~Y~?q(mEybL~`7+g{=Y8PU4s54{`
z`y(ywIhUyXjrv>P?+abbGe|=KDb$i&rh4bMXW3{WU72AogZlTT&EG1^ZB#y3pONRI
zy;JHCep21YqJ5;qoL6l~wYsq?L3brQ*~si5J0_dHEnk9R2ZDb-^9}7vd^@W2tw9Gi
z^wqj@ZRrtlEN5LDE;8biMs3u0>dChJ?ev7R-($qdLHb&*hjB|PLMP}(831>@y8>|d
z@ZfN_?tT-3vya~3m=w|rGg*z%;lX|IU&<w<OuL-Ir9SoK<c5=@yQMfDapoOxN!e$o
z;mJK9G;A(6XxQo=M|6E8;jpJ4Wcd>d&Aibhg)=YZ!nvJCfhm9kKN5q(`hkkOeV%wz
z!E4koZ?$$C%Hd1*s&<H>IR+EeWacJ^zJcUyX=5;jrl11zG&NIc+s(ir^y_>05SS_x
z5GQxyu{l$OB3=xag=)3EMF9<4VxC!Wfr_HyGoPyuYHp=m=Lqvs*8eMOV5ThXLD!Jc
z=UrI*S%)`(*Oq9^+O)f0mqaI)hB`MLLw|%`3*{5Yx&*zz6N>4VuA(%%E!qK1ms2m3
zZeB0AatfE=`z4tG{p;sBz?1y-?Pq0}k^+2jI(>gUy0LN-lb1C4;_V);HN>_IJ&3h5
z4f#CM&Ey2V*0qxxpTreq%5JjC+=~t;34X3lO@1jrhMch0#IIr?&qUX4l{4ag&pRJO
z^2NN9zx~L@6U=W|YMd5H#sCT%&!Mf$tV7xJ2LV4pMF*Y%55+`@=kreeY3<$;E66G4
zMLpIha$2xR0|ub}`6nO_^13xS?*s0%b<D?$mq9VLI8-9HbF*h!R|RboH@?{PmON+1
z5exLW&}kn&!NFT22OBdvXl=MGj0+9~mS;iZ-FL@c{s|!dx%*6KUjnS7#rMaZ^KICV
z1Ih_jb|wvqRD5jiq({=g$^Bz*<AXS$843*UW%D=92?AnU#O?2AtF>P|{`>O&f=});
z0rPcc93u=;pul32&ou#f!g4D`xb02zOPrDlvG_$|JmMPd0KTC$I+1E1(78PI{M&Su
zK-}(MmE>RR@R1qwh2m5S2<*qx+_>Jp?s^5}Qy0y_Da^HLK_dkH=bwl-KGj~JBmJZX
z%z=@O)KMbq3h{5-gGo+hnh5cBaj)*ZHNJXB@Eq3Wi3wMBB>$MTiVmfL6K|*_M#sMb
zK~I8k|G{dvqq9)~i7g`R0;#=(vlZW;G4Zd}l;OsH;ltakKR@m!FCBKbsN~!%y3_<-
z`D3ct0JP>{(h~LZgGZw0MWAhYE&6fwbvn~;M*4FVsfkC3nkItXn(uv)$9~Ry9z<K>
z=o~fvSWDI>E<1H|@yB4J&riRslxXR)E4mB}=>g1r!wWsR`#!7w-^L_U`12uSSf#P=
z(0vX(<U++2F&@lA&L&w6fUhKeat?Uag$r&ix&ciLj5)*f@UQ3^zuYUQ|Gkut0<q>!
zeVR%Qi=Q#w0DBXD)pLyXVTd9gyl>t#n}wKZS{=9HPM!0_#E><fw-3v_D^bbblwGRP
zf0^V*PV9E;DI>5^YMKt(ZuOT@{p6VK7PGim32pa%g8c{dC!S3@QZkjcv@Am3DP7FS
zc~b6|CH`fd|C>!hiQIoJXUqRt%V`rA%|bNLsI}@OL9dhui%DbIB@-`6!C^~d<^bCn
zaTXWpEqdvx_7yz;lV?X}f;MV{hLJsd1pl_KCL6rn1IE3#^}>j4YG_ZHk|FC)MqbEw
z=$!s^8uqsP)GicXm7(z3mn&&}E>N=J+aC0V>x(9ME)4%NgzFqwpO5~ak%RI1J{{ol
z{T1H#>$33SDvSP|AaYZM;1kO;_d?n7^wFuT+cTf<N3V~(H*TO4Q3nJVjqn+wvl|H@
z%G3*g&s*dRl$3HWk?^QT=N)X{=K8nSMTp}fao!+%^Jwv{F{h*q(^nAB8P=VWVGOE*
z{6TU3J-78M_%M~`)bY9Mo$?;37&55~=N!GrnIpQP2)yvcReg$hWi#w4Waa(~KFn4>
z6aByYPXrzIm)bV7sj$l#bqR#ww%iV7*RufAii_^PIb4<Hk0#2}EfD4hEfVop@81~l
ztFRl_^8)EHxQH;reDm;*)PbqaNX4dTZ>5cXTRSJ;!GR~gRbM7KWqjheY;n!^lX;qN
zAICe|e*YN4)~@k@fSD4kf2LOEO9kMFsVNvoydxzytMG3FpSXhEfUu04iP)e^%mW_r
zZFu%N3=fKEQ{@sNlC;7rLKI4a)eejtSFT*CnkS_fR{{uYCK&6%@3ZfX_(YvbohTI>
zwB9Ivx2(L}Y`4(BY3g_{CN~$P((Tt;=pG`tVQ?j{oh9A$BUVKwE#TERITdQ}5P&sY
z^qg#7J`SG~kca(;&4pou&!nhV1r0Xj_ClL=XnDBS)n>(&wcY6UKAAMrLFB_;CrWl<
zkb(&w>iz1j@9IueOgx7}<IXeNsRkalGyV(7dum|5inoUR4x{78b53n+arsOoTIaH+
z;9@4=j#d^HML3_Qr{}r3FCh;|Hfoph3+BGR<P&yPOO-MPiUnH7dRF-~R=nN4N6Lr@
zs=z47TPU_5<2LE*3DfQqvFz0Z{Vfj@GJ?9}c#Xfm&i?X>mG~-3Stk4BZ!g9aM!2#i
zy(X8l$<!}|`J{(rWVvowTs?qVz~enCsc~_BJX5(pyUc#|qUS*twKn;zZXXU`*jG>p
ziS11|vkH{^e0*36tYmS#+Wn&}>>YuJnVDHUP6@bJrybl7%?1R6uWFJp&zrLUpeRU;
z%!B_`Eo;t=8~x-XGc!BTQ>XTl8Q`5-AKN*<_%=3dsN_qk4|A%YxOiaY?TUVa3;sD_
z#H+HuS<D0*Fc$CcQWbU2o(*A-)U%Z!O}S|tpej%%&w>l%m2@Q&u6yuF#py$sh;nl6
zjuzD{rCPvnGXtGh0mvpVkL0T*RsrMHK>Ts4hfzFQ<(z7OzC2|FaiA!1&9|4XI|-Fp
zhC2zUue>H@n!76;eqwqiDHo&Sb!AoJczFox-1Be-ipuP}I7jO&!W#>l&PW!RR4!F!
zKA2O{%G09c078ouO#uq~soh}P?j8X%g6!(?FZ1OG^&8Pm3{zLUAyac-wn)ZdtbTRZ
zXRK?#r6p49uXqprTggdqgxc4TtqxvGpTfHHYbYwICiJW>?wp1lej*PW9kpjv)u@&p
zl!b+mZuA8iWm)Sk4p*nnI&??FswXdg@t`K%5MQn6SKuQv$WS~p+UStVt<^yX#C+<2
z>etJJ>lGQc5mMi^+|@_{6w2{#qq)Q*G(e{FVwDX!Tj<^4P!L!eD&q3bO=|-vXgj<0
zvoPa2H%g8;dgAj`j}X+$eOVn!A3h}H_n7RYne)9t)~$@aX8~AmMo>{gl`RXnKBB7b
zvESNMqed)uQVCvl)rr;NgNq_|mqvB-30JEfc2~!_0H?#F<xp{8`yO_nd@tM~vwm%Q
z2UWMTr5+G&bdy(V)%<8?Mv3F^Q7s@qAIdJ-r-FBvMtU8vrkzd+vJA_uIw3{@k8443
zU@$84s=8T(K0hAZC72Oh$JoElRa{f3gqB++KE2W2(G&MDTvE^Fs?xMgc!IKJ=NpYV
zaA_*p1P^G!4sin5eS$BzDIyZSGn5D|Ox=0|3wx^1i-7`tzAGhu8TgGUo}k<=y(b&_
za7BhmvnkJ{up_SIN?2lLL}=)({s~FKx~z%R@lS*vgL%U;*28x95Vmboth7TVLbx$8
zoEEB+C&C77VP=^!F_rhaZ;dwkH>Tboavzl`lNMg+$W~iclRB;|a;tx4PF3p5dDZzF
z+(1^qQz5a(<lRkS5VX!zU;=-&-vr5q<8te#oXJpsA36@g-%hxVe30d=3?O@9^wfu8
zn6wYd_zoFVY3w^y13+4Df8F6jm6)z9Or30FtiiV~K`l4kal8=kCIW#N;D!k)@Ezxx
z5RuYFppPsn;D<{E^Yti=drbN@IDAHHRd(a1leMl;oZDF%774sk8w%KF1qPqe#;>za
zW$xhS_`S0q-c)ktUG8ZCWS{B6tJS`ASBd^`AenFyr{gtie;p%THQQ14sTucGOnHGy
z^nB4Rn!`8h875}!u`x*#AG+MWe%>jw{-jlIht_Vmq2NDhqhAtnW_jq19Pp|+uSIrn
z!hhL?!ij%w4;(d~Ha==m(6oADY5j?HdXUN%0%5k9u7DV|cxYN}XkAqk*X{qA#zMuI
za^JY#P>8bAkcn2rF6zDWLhF-F6Y97@x_*JjZi@(itpYc@9c1-u+mTY`h6D4*rUmhC
zB{knwqRlH3E^YT~+zjR}xc@=X>0{(gmFUZASq+EYra1{#j-VI2>`vF6!%6q4Jk-jW
zcs^sd`Pqu-#uSezof4QD&z6w^;m%9Liyn0}9~c|Z>gJtqV7B@+=m(yn&;QEHp?{m!
z0*CiV9?16FRmy*ACGtS9%c(fWk(<PJkz_-q*(z>?Q~TWP+%^s$PlNk9j7G>h6Mnoq
zj>7FFQ{}7u!OT(cSk-N9g2R2nF}TpMvX2f3aa7rlrqC#MG-_|F4D=*LuW$GFL@XEA
zsh5?Nbq0O&UVEQt01rKlCSix5zf}oWDoLB+GPYA)WzPd;^}YeMODq?=-8lM_i)-5-
z@5}6#85L?Lvwhh)^m*lmiVPs#gK!Hzexo^hSGASt$!E0$)fj6bop_@G^6;$(?fRLw
z8AfD*t4Cm5oqF%~@bK|V-nC-9ARpXsPy6k)0u4*xM^UxeJ$yc`aB11O#+o-rr>J>f
z-!Fj|KCbfd=R40k+n%CdFpX%Winr3~aS?T0(h*zA&A1i&2p0xM1H>lUH>eQ?J%us2
zgK>I@Bj=uHN5_UWJZ!!uYJ}wqhhs&Lzq;k76?in(nmFbCXly>&GjQ=vkNcD#mqP>1
z^@jzL-TOu)e*dWHG82D#)8f3EKQ?6lC0>z*yh&Z0ab_sil*se_rKaVAl7`n7slHXu
zH`PQYxq+VuAo2U<fodYC)@!F$ZTmDVu%vFSR<+hma&*P(+f(Y<mwZxW*E@yrWbxFG
z9~hV1e`rwc6=SIAm}=#~iVK_T(2t<98%x~YGVjq;<ya$KD)8&CP@w(NAvAAyH^+R*
z(EQbK-jt^Ga2}ucU{s#7AG%VBp*}+|*-NY1kEOhDrjSOu<u#uvp;ZHP7U5vdBC@?}
z(krExoq%db=TVh|^4QT)SDE$P$-Hdy$N46Wfzp<iT}y-f9vd<g=NazAric}|r}}9%
z_{5IZn{_ajnRi)NezX&_n%KWep;S!vgQ>tG1*LyauiO_j@wM_)e|0NO5wbD;^nz0B
z-3>yk$?P!cMs+&QrUK6`Dkmhp`$14Y6^~&qqU7~0p>j)g^;iC%`yTC3TWONG!?*jc
zwzYOXzcLJF&&|%o!Jc2S%M5Wrd+#kSr^>o6580LZ9Po>!J)T+0+bp=9QQMeHZL(i|
zD^Yk54Rg4PlBI+Ho;{pZ68Py+{h^6#*fKrhJSfpLRLn^8pFkKDos0PA5)J~71MVq*
z{~CiK%j%Q-i-QGm{%*xGi(}R_ncyOXY8_3o+dKGQz*Sw7bgx*Omccc@aV-qqf~BJ6
zzC#8UZCxT$52|irgmEatNWm4Erjs>uFI|=K;q%=I_swz2k1M1Tt1OG~;Q0jLcqla1
zUlOvUI}bPOA5Y!6C>WJcxtzz=<JNIqx5^I${Mf~;RD#`o#qniQ*t&mB&ykwQ6eqZa
z7)<EVNG&!W^J-)Kn1x^AHR+dQu&crD@k`R6KsY}vtMlPm{Yq+<N>8C{d4fR!B2~cV
zc)5*zc5lk!#9ZUTSEL$K>{l_XK345UwcZBb;tAJ1$z8ivoRSXS<x4q9Uir#fgZd_I
zU^Lf3|MF<%n(o}P8Ou&o-QJXYiS0y9v;TDl+C0*Y+8^nS@mWHyCfoax$WCq9$-@>`
zkya@0-t`r;Px9Gl-T+#LnU;N`FB>O*JECNm&JcjZym}&79p9-If*P0tWd4B4x^I+X
zg?La2;55QP<Lw+pKapj$vP~l=V`%+r766pQu!&4O^1U;$km9SJAZ(M(;9>u|pm@ou
zPl0@zlGkIol_mUjFeAggb{YZmP<Uai%lD@;qPW#Q?_LQvan-2^al}PlO575T&uYFw
z=%Jf?M>(Oo{hGWgbyr-Gzb)x^0O3|tw72P&e=`M;tY_I>9@;#UFY~83Cs-W*JcZGZ
z826gx7;X!=4#rK^oyy$9-)o=mYHkcd4IPsMCZhb78~w!b=jD<UltPvpXMw`=ZQE4N
zo^MoYDx=F0e2Xt)t6O4f1u0MH7f!R4nl=-DU0i2rAddx5YO%<*`hwQZwBe~o+V4~a
zmqtGrR@vtHx!dbD-*wNE8F`$BsB@E4@Ve{xbaby<!l6Tif}Maqe5WffCnei_1JUK@
zmRlCfXLMP>0_B!#$|n9bqa~(q$8@SQk1_PZB@;g};Vb^nYEPJ1=wCxt*-z$ww$kr)
z{4D)ENaVMi3kT2YGDyDb=A>K_Hv8$ZNf$Y!kRaihXnwkcQ=)ZfQa7PaL^sj>M5qf}
z3EeN{;1s27Hm)rI>4jnGy}$|21^W9p&7ON*9e=0IzSHDTeb?p7)62#ny#30y6xt=f
zKW8y*3J5fp#)T<(jNFDKcf1wjjt&_l8=T-m#|q2I?rk=QelLScpFG3#cRx<UAVpEt
z`{2a6N|3Tgn7yQK?WP}BYk(5epwDWV)|D6MkMrkLSskJscH=F##7IR*&M=p@1g~JQ
zmx-IJPpM6=bqFj4Y@m)0&nstJG>dO$7Mr8N?MSmZjQ+$bTkF&?;SPafy^gWnWg|iV
zU{d<IR}$;|o_<H0H$7Je^&cY`3;nb58y$MD9cPb^F61_9@Cqa4c)sjUZ1Jgp_-ESo
z{S&`s1Ygtj(g<_T=k+G&;Lc)3oq)0Br+5Q+{k4ura16gz<*gqOG!AcW4VR8J@jqt!
zUQD-bam1p?a_M&*A;5+JlyJan+|F>H!IsrbPeEpv^2g=O%q2H5F(;X0mL@I<2{wG0
ztW63f-A8e2f&KV!ssf^vdap?;DkQimFajiS2{Zz{_1ompuW(9A@6tUl4=@6iF~ziQ
z@m(===iLKOTC=&bPnYoFf>v4WqkWm4HXK0Cc<yVZb8!47SAmZLhjw=8Xf;SZ;*m&~
z%FYqLEf|`8%m;;cy$m|z(=cazFtTQx?F2O+j5Ubp0I%Xh)|pDQ=0T#M6(^b0c4?cq
zS^IgY%zXSpOb69OQv*D4^vLT(Nlby>iI}3PA2OpuMMm+*Z<qL@n$08tcbDZuq?DyX
zdCb$((GdqOeQO2f@vOVh!;uOr?c<h{4tJzKH<q4W$0ki!=oHkEeX@WsaO?2>;c_*H
z3~Su1hM=yZFb?l;w+K;;wR9O1qtW%&qM68|UD?Jd0Zm%UJt_LnD(Qt+bo2B}QVQ?B
zzhMvG1l^IpuU2Kwy=t8jgK_T3N@YpY;d1Av3C$f*OLKHKgLxLQFmQj=`WQ#N!Ccok
zxQ(OrnXAppC3KJF*1@TbrV}84mBr+*jB6Pwytq=|4ykLT>G9z%XmR(obo0&HTlxAW
zR3padU2r?jT!-U~DPmR`<?9x-SxtWQm-G+wmP$9F0}jY*`yEgJpuk$pCKV`*JmQwO
z5fFyWmy?<iY-^GqROf=9%rKobz7NDp?IKgR1`=gUpo)mWBdt1K=tuRGU$m63SK<tT
z2jR8N%Yk_I2M_4&0`%|Kg4Er1tk3#$ac3xZrR|cs)j;O^A2`MJ-n*^vQ2|plDyZCj
zbbHqVlyoQ;6jai={Ir449MypEl*;^?_<R@iLRTVJziO$^ebMr!V|=1Bk)feZfpve_
z_dtyUjcC}&%saYVoxCWzJiPj`3M(#f-bW^IHUZl(2`J@t2XZ0Ae(z1QZ+{TV4*t()
zJ+u^|slU$pv(Q<u^o^8P=T8bEAZR?kG<#I~2iyyf^|WvZ;grjkU0<e^wn4R9m?2_8
zVYI>5h}>pRckUTZiNZ^&wji?II50qD-#1?;4^q&}fN*TJTaP-l;kO>RQmz&dml_gA
zaB5`g14;4a`R}S1r-dAbPIG7qcu@L*Bgt$_C;#rJ&i$;ZlDk#%h%Mm}xlgE2VUu@H
zYmb<KDd28Hr3~ZRLtA{GSYBghe4^`gyapr3d<}xP_yq(^NBgq)?={IO^i|r9s(9@!
z+U#n?^N$|YQ@#12`IpSS>^GTvpaMIPL`g@rM~MXi65DL9X69A2wuXe-(y+t5ggsEH
zv?n^i83uI5{XpD*`meapd@mLK9*X;={SXBNJc*nWiu*+$1D}@5vj}*IZB%d@L>D*g
zdbPE8zOJ6~VqpU@ztWy~qi^+YJ_FqEU@nf|dzZVdt1Bj2LrNhbe_HeytXuqqQ%9G%
z5jq%$PnwXHgz8ZT^|BHuFU(9;65Z&-M$!+QO@X#RVcT%dMKkcM0f1dp3>w{BBWK)h
z=4oYRnkC+?y#6p2pbm0WoyU_5oRHPM;1N7S3NR*Gc?<^oO{!gv5gnJXn)i$ZuW{=Y
zOd*Qix$~V<S0(x?a_6*8k0jDXGvSwN8vTR<#i?)X8`hSACOx?K5h;6+>UC)FMRwuf
zAaQQ3&Yny>d+Kg}EW`EH?fxzlP`d;LUr)z-v(y3ZW6c8RK6P8_5Bgza_n-q~dSyxH
z`Oa99nZ{SFRug?LOWV|ou1NZ9_$W}#QfQn$!<o2A_I>)y?}1$=fdoQ--jgMpAGr`=
z0mmm0uX*F7`=hs=5NI2up|K}uH&Qyx%2fd0ULC*LHKH96@yx>1v^C-q`Zd64+Fgf@
zX>Zg2LPJqU2YtD>SvX8k)BKWwgg*@GVW4^G;9D@`Q60$!Lc28b9ws9KrJ;7^vPb4?
zUSmUHyE|M3`n+U)9h@ezgm#r8NN}$P*Ld~uIhX4jYGH=1nSLKWbQZInT4=8-`quxM
z#pE8%VvQPbcb%W^Zad{};$YQZ6()A{OM}bio8~TUHP|jPzVPN+YCC&|;t6`PPV}0@
zdh5rK8Ay-|1l1@o!b!FTx#zD0@;UR}`opEG2a7F1{^36w{kO@VgHdq8Epmh&#{M7F
zoCa>+Yy(1NosCfe(7#n8JGb}4F^kUqh{SxV=AB9Fk1q|QDnaD$_tn;=jx%BPhfXp)
z-;hAipCE&3TKmyp;vBZ_&=PMgww9CP#lKNX@QQJUQT_uh*2;gOa)E+pft+U2iBbGa
z>mnX@yGW=(RDGg9TY3@`RfChG)@;?$D6)K_R6A49(#wDUk0(!DzW-8&654dd$OfHI
z)M)`g61#4JUQDV#%Ai4?Oq;K6#VJoa=auyO*LrWz%J2!`l4w0?>Vv)Iu$gda*jghR
zx7^|5^KXc?y7h$Brej9G{XnS1H}{|Re<k{zxKcj4B<$hm(A#9RCMW-_9*gj6w{7q2
z#^gN~r4`=o@~8$7ia<fEWR-J^8^xWpDUs`i@j3;temcW)>-V-}HD9m0lxV(<6148S
z#XqoOEKYoX*8v@Uyma5^Pmw5e(%T+CEax^Bl-4O@My7Y^XQl~GK&QOs&n>r1_0R&>
z3%94tZ-DV+b2+Jg5uVNq`HeJ7D#(f5zCr`%Eu<!+_jY7+nQ2>8TKX$}TzP#ojZ9|$
zt(5I(ZsRJQ_81=a<T{tw`7Wb3+fai?KrphS%C5P?%EZUfU97-JB-(tT+xRj@&Z+h8
zfr8lFfcBtmM#D5;GLue#{`BelM(7dFhb_Ku$D~_2Ifu%0xx|!rG|*Cmjn0gWhq;}J
zB0U2!yda<r!P3#YeI-!(P||qB{F0iF+*!?X(oo#xhb4+(0NB`%Ybe8Ke@RKOwMi|6
z&Z^gwB^R%41Iiv4Nuc~m;GfLPj~<L-{F9<bb-0oPur~?EOk%2dXXp>#bS8<hSZA<=
zU+?4Yc$1pS2j+4MbZ{sbU!XbnJSafB@ea72SnNtuK}~UY{J~3bd(1E^hqfZ2MP*k^
z*<AZU`HuizT5h-LCO?W&-HFh<XD$jwE(!UT4|b*sXuB1}Bbfm*$QM;Mneq%2_QYNg
z$jrCq?6YiF-2uEDc9&deYmgnW=&u-ji{gUmdCox6BQKD&nl24+D3C52)Sfs^M|b`S
z!yC(3L%mWEK+N@Xark`Gy!TY+LIrwGcj}pX18xVgCgDIiy1q*<9<T<IUp-t$$``Bc
zAontBot7;V`WPA!>i^D#?jK3Xqjx`H6W;8sMQqxYc?+an+Cu^7b#Fni35WPjU&&Z^
za$PIog2|Pziz4bu3t$=tZ)z^v(`>cGga`!3`9K{K(Vdr-#@5%!sU>NL8+?&R%B~Um
z^(VqI^Ap-SPPi?`KXkL5;soH6o~nTTP7V(|GS7V9I;OvQrF*<aU9aelo~Ux`9;n?6
z?p$1BEo~9W#gNWqJ73n^cEy~Q@^a$mlJWbCjq4Pp&?^E5*X}KTY?^UHb_&$x(NwEz
zmn-OQqSyMHOT0dpgi9Z4QgIVY)86k&sD!X6WdL0m%<IL)r#2eQccz#jcHm3a+Fei@
z-y_ZVu;BEe=bGn&DxhULJ0E&|=0zHon};3kC59k&hMQG2#%2~b%3TwM`-;ZJ`l{@V
z1dI&srEXvNVaA0P@Tvg79sh=AukZ}x$L4><re9J&wKt0=u(3%Qg2FTPmIB(pH^_te
zgY<I=HmLixyP*58J(T9H#l;uywU#`qj4m)q+;mqKM(}@~<%39A*qm5V5<stSN0Mr3
zmKqI=g{s@6Sd7U556{JT_|3z>67A|@LEGM5Ruga!tnFCEwZ6j3fVQk{Xm89(li{JP
zxkK1=Xf7I>8SyvulUcE$`LzW7ER~pnzR@DJA>9J~w%SUY435t+o-U;h8H!<<hLzT3
zCdSUf`E0cM#di(TuiZN`7TXrQ_z$ok6o@|J*7n|ha7mr~X-ioUCTh0uVo_%TAD-fQ
zXpjfX$j;-}kUU*`{0erdAl$t+B1XQnA6t^*F-Jkj4+$kC05T+b>J0-F<rK#>hS=X~
zB*yu(T=*6KaRE8D;6D+(JJH*JALH+WP)aSh_Mo-+lW)jp4<dU7Ls;uqh5x^P;zWrD
zU;PCu&r9Ca&FWaS4DoX%Nbta_19hWWvYlV^#0Bz%oB#|b(1T{i`HeQiyvcQTkj6PO
zjycO|1Y?=*I}p=d^YT(1)gDesM5U-l&T&w80ee7D@U!eo0RcA&R@U!_yTsXND?xG!
zIEKYN?|YO>_4}ScKLzdz#fWiUpTVWXY9G$JLvjl5W>UTgoDyl&Rk_(gil%Q1>|H?Q
zKnCP4WB5TU0lZM2Mu5rFNcXSw{RidGl!vAKqubTZewJ(y6-Hqgf`7{4Z^D8{_mJdY
zS+R@r1Ya8$*z_Y}VAK0&+eAZUZs7p{Z66LXOD)@%m<6zYg8e=$4mf=SG$w{4dwJ=u
zCxl`H{RQv>WX_^??gBx870p_0Q)@XZ(?k#0cefVN_w_LlCf5sLa*gBCEftLaUX&|&
zAn*a%R#bcBPvOA=I4J6zjo!S8U4-xwKvkKsE56afY{v_TGk<rTE;Jek2ndugi{f}F
zdi(T$JnTg*tzS&TfAIz8VVf=i#OyeNq@NoX5)kMoB=<qd<HY4AYMbh?HxlEjz=tO=
z3sAS!uUhbr${0Gteqa?_HyxDJvFT3|q}Woo(N7<jgMxI3RLd3UC9miK_0uQBqpRxB
zqB3FPLd)We{I$O?Cl<$pKnh3&R%hO7c?J6#!H^h8?((g20s;>piZjm<oCF|kH3={X
zJC^zGUC1CrFz>#0wB2X@dm;ucF_Rbe-M`RAVO4*)IS_Z<KNj<2cXqZS<|hh8ZX8e1
zQSIOBxkK>i`<vd&K#CX(`r=oLVEyB!ry$}SqY6n~>7n1jDDtpofPHQpygVw5qAz(V
zGR+VB4By$oYHV_Sp=Ub>DNWWywXN8IQn3iAKKk7(=?AX?|NHO_6Gd(_s$2}hY|C$d
zSRwcU=oQIJ^YAdn637ak+&e1Y`IZp(7o~u>hw6$KfmeTplu;rrlB4yPOIz62FbLIX
zs>ITNsDre4FyaaEK^EC#?DBuq0Nyd9pDv-&C*ZM2ttx14QTOnpC3sY(2y;j{QjY6t
z=?)>6p_o_^?04OY>faU?aTUADBrMtYu<swm3*KM3MD!CSkOKmD*gv1?1s1gyQoZ<{
zV9h}TV@Sdn1N%b1BF}#qgEQ6`BrI-O{*<b`gYu@rxf&h-^Z_02Y7(UW`v2-NF>(M7
zDZ)J9dvIRh2PLVvZHv;tw=6LB)pk&E`_#YR9B8&M;+$?83PUKw0yG-P&kh-E#OymX
zFpQ~$1tg`*jE8pKR)&6z9_&2+3})xwGHN6|{cY1RX2lA6%b=bA<2lC#?9OLGZ6$qN
z>W)t_Ztz|Es&D@K#QT?bAEBQ1<vPxkCXc;yuJZxVdFVwUe%p(rOw&R@vf^#`QM=y+
z{N5TSb<y5h%+UJ}7jeZ(R<uP<4E&5`a0pQUIwxL#9RsKziY>j^ott-ija;jf{$Ay`
zJDP)NCSqY$*SJB@X8`<r@p^6dA}zop-eJ^O>q#1{JpUk5pmQ>c1#5p|UorYSuvYv)
zgDFYlDwan||4Zc=5PdPWuxbPgv2=({E-y}@WvvGD!$N6A^e*3ebGE9^ZoDccMY1Fc
zs7G=Q;8L*~QZ$spJU~?S0`l1yRA0{kG4NSutj{KBFjoG9nuC@(j{@tnwb#<jfBGz>
zB--R1UYx7!Xp6*OV#I}wj;b?qjV;^@gt}h~3lV+4Bt=>D;w}*kl3q#xSTNh)*n`M8
zK4D3sb4u=D;d7A05*hx$#6N>!Eg<3xNQG5kofxy9zy2ttU?cu)y!KD@Ed)vx<cDV}
z5C-XyY!{Q=)MINT^-a9%P0h^P#~tb~fh!}q98n&o9*{if8b%)UiT;0=2VFXcXAhK)
zl}3u~ldDi7>xWfO9&=>x{M+wj+OUB=ZsHXk_ES2Q>7rn9Mo#6s;d^vfyIxzAtUK~d
z5I(&I>3n%b)m}P$2NV;yJ3%<c)n>T0gRlNg6jMpm36Dhv*Tp`CZpl5mwoYynA0qr$
z_TyE$UF1WFOeHuJ!jpWEM)b2LQ6R(f2ZVE$Ta^9hs~G{zF7g=jfYF;`D5P1O>ha+j
zQ&8<9I{VQoiZQaTnYF02&l{H)@$wkZI>V_hk2rs?ApWI+yvq(`(oVs*exZ0AFW6h#
z>};8>%l&&tr8mfL6PaDsOZ%4yNMBh80_~_xeBM=9_3K?$J5+{wd^?CTW#_?rMFsM~
z<cZcLAsf}oC81-ryA7sqS4OpuoC?Jq1rK~Yt(DC62sw;vE6%Tc&BD{KZm$(8FkMfP
zL<yh&`drxLn^WJ8B=DC=tg<Pz$33;-I12!VOYXC<_umd}qHmjN(&rUR=U#&=*UIF#
zNDuC?(<hz${U8S7*#&<{`GcpPfK>y?MBw1UWa&u!Kaht3DdI*nHw|T`cq`WzT-aEt
z%3yw9iGy_8R1$l=eO;w|A-J3!QW~TS+Kk--t*$wb6{<SG0DrT?ZIe0BJjGj8m=P{z
z_)2X4PM$&eGcfJ99cY0}KRi3b@A#b{Uc>?R&Qt8U3@e^G>H!#FPGjY9M|<a>fMFnp
z(Ahr@%q}2UJ>^58CRJ~0(;sV>`QTG~pu$1*-ue`~DphwJJ?9A52Blp?6F<BZ!hv36
zPlK8AlqH-vu&<{dE)nxZENyDI9)B|v#m3fOvC=~yv<R%fl9a^g+m+zpr9(tW3j-ld
z^U3Rsck7eenMzDSn_9Ey(I$K61!KogpeIom%=?~uMr;2X&@@zS<?ibY2j5@5L$q`8
zQH$v{`uV<}n>WgQn4_-nYLVW1;MNTc#e_zAUkWd$2vj0Wx;U-d;G<wQQTUX^cEER3
zyVR&XkLl(yCvOwi7`OylC}PZ&_6?$X)*<T5@^CxK7n!LwXPY;k7Majh5PCjWnEQ=@
z_U`(WL*F7=9td*+{wB;poBB*>(@#e&9Y){3MgNUZOA-Y(AAb7gpH&4WM6I7ZJ3Tk~
zE@uJbnTuQ?UM-G)=#_kU0+7)+QfYW66Z4t)a!z>A`yXvOAy?g%^z>qBzR*j!<(hF1
z=QG7PX*K%cmmeicZ9p(??_0Sb#bXn+mkKDS%yt*=kxR}DgMv2Gapp4$v5f-b<lDgI
z7C{KaiNGjgQK6;+;}(`Ki`k|?{4%dO{?Ydj>mYK?rKkp{#BvL?0pA4*P%eMlwm3kk
z5uDQl9foQNNU3n3(0K@0P@rl<KuQ87jFLclU_p{SCplqri!~2cp8$N#VBq6p^PwI%
z+~?pMa^3WE=%T`leJBDXkGUQp6Z1!Ja9QXJ2j({RBrQ%kh=6`cHb(#LKwsMJa=oH4
zCj>{1im%YP<*ImP*EQq4D7Ke#<p4G8PL>GjTNc^OMdufkMCR+}w}b1_=D_RoY6ZiX
zk)Z<Jf=GYVRL|#hCFV+&i;bFdHLfOw$Dld)`sXPxXOzJ|g&m8Ks!(D_%Eim7|7Up(
z4mKc@&Fd1Yyb1-yZZX=KfhZjUPcfmU<xz{&X!EWFno;FwzbK#y>m#sQq-Rfh^mu#8
zwT@({FVF}OY?pxmQrN1_y-~gxj!-GDw;LDsoR7~j>&sN0uZOK|CfF3mM5~Lp!Bd6p
z5>8*(C>@=bCYERUDYy|XcjGZC>*a2_({SU{b3Ax@n|{?@F{^PD-!q3_lA9~z73-{E
zcvEYw5SQ7p;gp5Yn2*BAy(UtS9t2@{&BmH=uRT@Xn0^guIYQUG+~TVx>kY?xUwyWA
z(lQ|8P0*@O(9*=w0rai&fhOxrrKpTo;)cA(NVBNqWaHU4U*F=_g9s^R0Jpr|yXi52
z9_ejSAlkDXd(FQ0)!9Px;4lo9f5<p&?64b7E1?Hw5XwgiemSJ%xblMj(4kz(r0&$o
z0j<Vy7BvRP+B--_JCsLg;~MLN$wxW08^7f(O;E~Gs=Y2(NBa82Pw_kssK4B0w4=rd
zFgoBRlDNY5DEisCk2odHJ(3#5jbHb!I?Z=ZWxB6_RoE}lCgbXnSifHGKie9K_)Oan
zTy-e>*00rjA51zj@jZ?SWt5h>0znP(MBy>ovK#=5i7|4hXZs=QaP~?FguxBljNBP2
zf@PV%9kr;XunN!@JZO(AVd5F95ZUQWl$1N^w$6KF1SoFG?>@xzHh$taNlfq5&wNC-
z0)+e`t(a5pgYQ71h{L6N<n~U_%6r#kVFS=-Os6T}I;1V&H<WvOGIi$@HHxP{n?C9N
z)~>`_)Uz|R2jLLr!DDCC4IjqUermEc-yI30m~58SDY`CAO@ZcAa=!PFyYyubJ~`!S
zHoyh71cJxX%7MVLRfbZh!C?yKkMbB`v<cAX_Cvk;Si0G#`hk^2fF+$ATms0<*SLK{
z-ik%-ybbzc8)Nw9!qH2YOy%HTu@{q~)@VcA=#sCcd;YJgOACrdd3Fj28^Dd?!K3_#
z*xrJF%0mnx9nh1Rhhzfi9U2owr}dThLyi5UI2b3O+A8?eeF>)&V84oz8%6hH1%Qw_
z<!ST=L*R453B)JyJ{)k(b2uv)hcY~2Akf))|7nNSSbF8jjeKSxEmMgqc{B?1(D?KG
z2u2o~xO|z)1hT%w5B)hBaTckboL3g5i|b^&9=L{%?#<OWg5323AP*WA`>Pu(EWg~?
zT^Z#Px$AE?{kC*m((5jVv4+$rU8;~x?Dd0>&1M<2f|ggvw%548@?C97Jsgfs#~=Ps
zpPnZ@gj3>i_;gv{5eY&!C0MO4MoWsWeP<Nm$ug{Z^4FSWrb3t|7__n|g13$B)Ct^&
za{41xH@6Tdr=MF95PUJjCQ+j*@+CyTLvr(DbYHd_Ek%VZAj1?cEp|i!={$g%nZUHd
zIB-@ggV8*L{EC&C@C04CMq#@#R!Q%}Sm*7z=|<w$x3J?=22KucDIuPo+-NV>QUfem
z>pWb|yedHnAI{uHou9ne5DuZgKV@BFWTzhi28;Lr(eX}JSzus2ePxByd<rn>W_xSK
zVBpD=JjFfdc8(n7;}biBq4$Yqw|b<tJFeNE<kl*#Ln(?K{>bQRh-85POj-(v^by=?
zxj0R!(b&`=U+W9t(mWbCKZ{C(&uG~L{8?tsOwDxQ<2I<Kd3ga;l7HZ1TdX7hs;L*D
z?m$RC0+gtd*#3GZ6jWNFqmqr8G41s$0u@h+R23e@*{4(B!(ra5t`Ie1_}%j9giC)I
z+w1dUi<!kvo1dsvX9BV!Z&2O{(7!^t8zcYc@~kT%C`tbmiJXtCwyFnh@H)&S8!rS+
za^13#QXo3A{8W7`9Q{&U(7}pgv+1F(-{q3VC#tX&lqH_+3m#4S>uWVL06j(Dj|%%4
z;6}K=U>xoG@gHuT%|s7Y{R<E9t<q`GO-FC5#LzeLO38jz0~jO`8p(sPl>cEQ4}nM4
ze5a~RQQpb5K4ZrR0mED+rv=LGfrwGBxL&x7Eo!AS2@Di)S}v+q0cZat+wyRU2)e)A
z`bXNkhp)u+5`^vAPs98!38zzH>C?&^H1fcSz;G(3xlGRjI_<lDUlk4B+d9hQ!XoES
z4R*Us-2~qC1e2WwBa?;;4OAI?ECaxK{Uw!^kIzKdb|kI%80aY~S-)fS6fee~3pZUB
z5P+1522fgQeyWH$OC@esUmMc&jTOdwu7jZLad;rHnjVI+0U6G2=~Tsv)F~O&s^3!F
zKo<zFhPX82iA5r8`5gjbLh?i3K9-R{t?3~PW+CIR+oyRa@35cn0PIQ4?Cfl7x3R>W
zgZ1U&C^&=9#wE~p`?8JS6JdIAi|47J@8NbDGtgrjSbc?yfpnP@9-{cCNuV(%F$R*m
z{NX~o*om>s$6P=p^!!Q_SD(+@vG_G4KtsYxG3e%ZsRbacyIt;KY##fNG{%0kEDHhR
z3;3Z-&ER8XI!Wnb@4Jk<o}YBJ>J?r6#l8tAT>u)2i+qibj@=GX(5w3`e>l+Z(jqtx
z-QJ>o9r8PwE|UOt$3f)o<rNoflV{))2n4yo<#_KKCTukImzk=mxB?d_0xqytzXv;5
zHqj7#0~G1Srx~RtY>7}gfIkF8!KnH0dLx<_sDxrh8Gt}VAm}rc2;~=eoiN{YXaqO;
znm;=eYq=d=dM*p2>LJgie8Cju1IC`5jH7HL4+BlI8(caKe^|jcQb6Fq_9jRVSk!A}
zsW@ex+_vt|E*dB@x@ny+(|?k(9a+9QTCUFkI5h6NHBF5r8;Z*Kww(IivB5;AqrjA+
zgmlD~NXN=(xhWWNfl3DnP%&Pvc;cS=nT@`%m%*ux{cIx_L@l42n!bK{r6rU`z;qwE
zuJF1lGX&#AuHItk2gsvXmrmvIUttz|H2swASc<&qQ^aNs0QUk%ll{%IWrv*0`=Gxz
z#u~Jf%9L@r-|)pYm#JR}x-<T$zpGlAqEcrXa1D@v6pXYXlR6t(xuUcsajmI9F8CF{
zWiJ!NYyOZag3hw<pI!#lnpzz6Nlf`6?G83RkaaprNa*|dHQaSn2v56y*ae7n_Jw5k
zhEa_G{c{X%uQefU+Wo3b_Hb5BE}aYzhc93SAJ4C9f+FG{_7&yV-2oD6&|Q&~<TYkx
zJ-Tq>G7^kt1ghgruaR_>i}#!#pHyrFoj+=xFR6H5UkW0k<S^npbsWB2EP|vsH@)-Y
zVYuq*Sfv6{+@$aDs=|`=+CIf>f{jmyF=IZesq@P|;e5CYGAr&`9u1=avx*c@R_*K|
zPMymN6S@uMz|sp-&9`5EUcYBw^;;zZjg06)PXNF4o&7a3A_Qua|2R0^85Q6Bk_MjS
zX&#%V`#0<&G79*p4)D=Mw=)da<;7i>GDX<<_%s^!zdKhBd_Qe9SsO#=_%YIH|66e4
zL$BD-MEly?k|UiW>kf5AaY<m}p1Jo>p#i2D2jr;A<>p<PHp9_#xf!pbz{mwidqi^r
zMG^F;@m`AZnd9frQmcD)8Tm^a@&Yh?vit(&rjrRVU<ie^^YwqG!O~;lUODRik+ABi
z`(-_P{?ykuKlYX?#0WOcBRWbVqBX=my%s^tgwJjDw4CRFRCqcaH(}PhjGRsRnLEoj
zkh{wzvB~zAkh`lfM)nQLgrighmERtp;sfJ*#D-UB-<r!GFBLe-wvg>)vx0j9xCS<X
zm|m8@yzB-&XPHBH(kTD^qhW<zcBh+#$9&4Ds8`YpCd@Ze%6<!sxE4P{!|G`v!$6D!
z1e62RZgR9J)PLC}K%e6{oCaPtQ=%G@a_$0XhlBd?e382x2+gZ7Vj3D6e$!TIGcdl*
z`UKAuH+e8;9jH+dy+LHk+LUi7*D8TR&l6-Grr?TV6f2mZ7>8W<m*I)i>1yPA^spyI
z^75Nv>p^R9pr)N3|3VDum01G~-ySkrHMr4-3kF6f3Kzx<a>Wr*#^^RYuCVR@x?%*s
zS8NN~oX{Q>2S<b+ra>Tv$oxz`9M>mvQVkQ{H_(kVnjEWbq#H0_y9!3Q=?VBF)l$5c
z+Mr3PdlTM`v$-6PcR+xXy3~l468PcqO$2yXV3K=-gI@2uhm8^8s3bMPtCRTk$QLj@
z!$wldY2Cg<*La|YjV6H&kE0KIEDw5qXl!SDE*eAt7CY1YYJtO7X++PZvU|-((&2}G
zAN%=o@5RAGD$!tYp(*Dgl+G=^`$syL^DCVbJGqVRix1p~;<AsbtDhD3m)6s;ZfRBH
z-ak;sj5=ft<E=H056!@(QY2QJZS1Ms7D<lTovG6LJoTbizl(22$?3x!vl8Ad6LTEB
zv<F8OztgPJ!F*zfLc0wJsS{qyMUWh)yfZ_s)U1OlX5pb2j7NU}<jw|-e)Wb`t<@D#
zY9BNRRG6W1Q2c5Exak{JY?{y1{VXgoVXr`sI|g7e`{An-?~F<5Hi}&6>>7TJ{Nf)j
zG~`VbE*5E~0vDl2DXJyp%~hA(qA&MHrmpDAUf89ylS-W8k|qIX9;Sl`{U~+M$bQuf
zrQX{jVmrdrh(f$H9P*5O4VuIZEA4r_Mi;=yvV@g~pM5w}Lod=4Us-fi&=4B8(0BIP
zn(so4I|!J9k!7fDXY(Gt@(|RLe@REfOm|%;5-6c(F_Se9rg|<v=LFC|(%>o`<<+5~
zR7g0*R%Ak5Xz{#Ow+ohU!9Ezc4nl5GXTnY$NJNy?uW!l=1z9<3qXB$1+l)FsvU^9n
zxm|8nyJ!Kzn2>*(u5wH27N2Ig-EVaylO*Aa^Eoi>LtVqw3yZ|dJb<w8ca@?gE*R|l
ztHI(QRKKuq4j#szQ=CGU`^Y%Lr4B9Iy1QcmzS5c`<}6R-LBEuR|FPC(@d1O=(!FAk
zjlO{OMN;E!lK&joL`3L8IXopM;D1dPS6r>)V4M3|(b&AosMFk$?qb?CT2n~0VNh$?
zU_0*hXqPwnDv-vi{6iYMJV&x#vt^%m=iQAOR`W)b#63t(QQ5oxw&_--^<b>uF=G^1
z2Ew&nhv1XFORmUd6kC?vA5ByK&I{c!pj3Dx_ZBgJ{m?>iXW2*JWQ&Xv?g#&R`hZij
z*+N75m@i(!T|IJUbDK-6=9JsVG4!1+B65ZQIYoz%ki(FE7R<u(k-&E}7c$+d7XqxZ
zrGR|WdX6+V6w@m4=wkLw3ZPMCrcUyID`-6-dWqifozHt8ey`V{2Se!69O&rIgVxEW
zZu>qfua{mC2v_l$U*`McT}$=;CfpdU{hM&(%xIG3)>Ce7Xu#YI?HvqN^T`)(RDhFj
z4~BUH#qx=+iM*{J21VP2MrayIL(l?XaQE8$9U!ThOMh8cU?4+FO|pHsQhtqJrHkO=
ze*RrCBi@<~X0iD<57}5|?nNv^(j?HM8p-It4_kvT+efnj)p6OjoAPq?!OpEbi=<IC
z!VmgYb)BIhP}dO|Xv+mRLT|3~!Ov+l{$W=4%@=EexBuG&k0G85GC^raFEG&pG;*=w
zg7R5n%<EG$mYr;<%!)GdZ@0n1)mmSfE<!bu$1RXc?B1y+8=ZtS7`I_snrX4ZNauqV
zIdd(N^e$@UQG0bri?NO2ac?4Mx^+65m*(ONz(_&l;Cf1!b=zk!5GtQ(s6Ns(oFlBb
zPC5F6&LkKkl+h8#M^WGTu*_s<StR1bnTv0-*r<68b06DQ-<)`&bEq)UN^m(8ijd)1
zHc9^Penev0>;DuHJSxV}`<4r@&hcPq$VVjrp>3m=z=OYO=6Y{IR|#>bPr+CNW8x>(
zB<G;921^*?@)9HO$^Yp3rsD>4R)UCvfzANDc?~Q8r(~A&5>x}mObEOhgZSthcmy7l
zc;D=9KrPzuFp?&X*5H>nem^xaMoM%Fps3T$Z>_NWhCBzz4sV;g+X+hs#reIHf9O_a
zLlpT8sz&Xpn3_7eG8R&*D1dcwVTtC0k9}IdMG?$<Gf81tw3!*@pWUaTvVdDn?u|9A
z0=P7I@Aw5;SLpc_p!a_Agr4Lqc<*5Bd*d?ly!f5Pz@%GrSi*Mf%Ln-xZ2om663AEL
zu4rFmy$sFU5EKoAB!)E*31`nBxmS@4PSrb@26guy_So3};Jr4Xit0TXJ)?#SmZEDS
z0af+dlPcEoGZ3$=&)*}m1l8LwpeZB7BogFIGWWvC1~KhKcv6PvLonIKZ-1aU<AAZO
z$OsPkjM*Y4O=bYc@!ifARKiHMtR7wLCj`TM$^i>HdEINxN&+Ga5s-L!Jw=0?=RfxR
z`%kh^D&;j6{12dj2DXscDVx(`Mp^t{u%5r>3iSt?>aD!4UBPImlK4q0KrsjB0+Y|Z
z^#fAa<)EntWtfW6)MqI7AJcpw>v|N0btv|*lXlomV-kk+GDYY2=Ik-D7HK?qS^1=h
zR|UivE8#;NWHVE3+9|+6o@m2xkf)^be-4594RCl~faM@-%Cs(E>uU~35B6G^nJ@;Z
zwN(YPrz<j4fW1$rfxRO$ER7L`v_n;*tZQ@`rvLT>9NYy+kqkObzK--VV?Y0Uvo(Oa
zhMeQvSOP$C3#JdLo#^{E2}UZ3$cTy_$!B?DT@q8s{rSg{5^J&gdOt^=Fl9llD}9QY
zX-<+sAk!@|w$H)m$d#Vc9mCMZnLap{P=tg*5%M|#4ha~X($?})?uLfIN$f<VKSLE3
zba{ha-rzH*yM8Y3321rW66>3rg(#YDIL(EqW}K5@@&&G&EcI}4HsvfBXG%|(<P+N`
z{2yx&=y3|O2Cu5Q=dk_&hIoL}(D;;=wtxVnWJwSRHw2+6P#R3$>B@^Z4UNfZ7iFEX
z%^>}c@59acIVPw5dGF89A3%!Y5mhIB5{!tnuKSK5m}_Lk4mi~cTCJOI&%vyr(&_2e
z{%A$)6F`yk&m|>hRl;fv9tUt>^;v=EA=UWFe08fB=nM5#G-NoTwE~YP_W$bfFfc{2
zKr9%*ATtJpJL0R)1|sR1!IpE2iXyf%Z~yJ7{(L?Xa?F+|Gu?afvs(#_GCE9ooUd)j
zh6($96jzfuf0IB={%;b9M4vU$%=x4Ll0V=C4qz8oJxuziP9TC9+AR4|b>3(wbxHE^
ztIf81|DJxX0l5}lQ=jU)n+IAHpFi)9J{#yl1$0>A;l<8}ieU6Q_oGMMV#=z&)yhBJ
zjhqiFe%KtsOh^LahcZa~V6Y>W#Q;q@>fl&NFBty<1_t-#>;4)Te96{itjdl{(i_GG
zn%@D^<jbAv1141(l4iovK*a_+*3j|KxD6{b=erW)4i&TRp8^*8ENH2T_Z+a$^I+g^
zQuUN$9K`Tet&dy=Z3*Ce+7Oe~=rhT0{$qF&4qh?#d{|Aml<^k3HFR3wAR~*v+C`3G
zx2)V$a<U~rqv&M=gSjk+DJd;YO-)-C2%MJm+Kxb5tV>R3=9cZE@$ow&Xq>uFe;~N<
z2U8mB?Z;P?JFNyAt*9sWs=1yG3avM+UvwLEb^YQ>$x1?gzK!X*JjvtPqz|1<IDd5F
z$n8%#Cywjwx#Sivt>rKI@iJx?6xfUIc{}Lq4*MP^0o1Ag3CWD*P+>go)=Zi!f!FSe
z0?Yry+FL+X**0y%iXtT?3eqJZDcvCm2uL?bN+aF5ML-%vT1rAG>4r^%C?PG~-J5Rq
ze{RL+eZS{_?)84_UEf+PmvVdKzRqiA&SQ=_W=1L^<_?&+mM9r{HOc?VsM-W{Zq7AV
zD2-6OcEG&Ddy*Q{3ty7}^iym{GoaE3&v!0cUy)D0xq<p0zj#C6Xy5qeXl@ox{1y2o
z&JFP8D|&nAP)IRVQ}B*2!EL>Wv=MCK3wjzF+JS`rG^MA_TC!*R?F0)Zb<|SA1^Jf|
zqyht^u9J_S>3w!u5^-LCWDRHzT6q$M)6>)1P6`zRBq7hEtPXOBSVS|J`fLs=s5I!J
zvua4v&s>0IJuA*oW<|o`u6gsuZ=|jItP%phIRyHREXT_UhjUdrQY<d2?aK|C1&=*n
z|Hmf)-~7LN2!)FyY0L4igi9m>GMQJGQ8ZLVipY9*>p{-IY2L>ilc1@0{4iO_Q_>C1
zlZ=XWs_nvTbEZ)w{NZj^_Y;>*P0G|HMJkTldNl8!8KX34qBM0<^)YH788=bZ-v(zN
zg%mi;vD|PD5wG_=jw6g`)|E-~Ig^HoeZPrBapOOI8OS18-h9}bZp|n71pT(?4aC=7
zT*VPr@c`17^g_(xg+Y+d0~}@Z4#-+leeD~!?O>D6NqQwlG#)S9jPg{fQcb8>sgYP+
zQJh|@7HG%5!zP!{&9ydf4_P_@BKKAL0485l(b)$<@=lSt`*uz`m<2$|VWr}5_;Fhd
z<!C!&e!gi=ldmkwp^%-6o-G#%Y_$Byk}N{!pKnILvT9hX`Es+edE{Nxk=HO@=s9@C
za0cGnX;T(!ga-$Mg)ry_<Scj^0-u@<cz^5q^Z$8@|N6Bl?)K1G8eXdS#65~Iq(Am`
zllUHZNaBz9O3|~;7-Uc?{^ks|nqjJ<=NQn0SHqUWtL+4OS<%^hYq@k%{{Gy2e2E@M
z>k>UlT-jh=5n9Rfn?RZr^s5LS49GIP;zCf*SFW-dQSSN3mGiRZ8Nc@#=hD(rzv~Qh
z7T|SIn20wGWMt4WN%>!xf<k2BU2%7?;!1_XkS=r_9RnjEe8U1zQcg#&XJJVmTZ?^R
zK<V)r_>Z!wsm|CDux@%fIw>1g-LqSu&FzJarzh-eIjM*ylsh+9waCYt;oi~KczqHG
zRnlN3OzGV#fBB}L`d?+^<v+cX`xxA-?;IJiHCY+_^T7j;&A|pX<p}XgZmU=sP;C39
zzBJw7b$V}Ws=^OFV6;ns(4x04LKA{*7;WX>OnLIcjO~!4SD22Y@MX<gVY0)W|KXsK
zic`|SL6iK~LE|9~I_V+qpysSv2)x-(BR1%U<mY~BgU{a?iI7-nPk-sy%6<YJZ&fzM
zV`F0nqpu=Wz+eX1m>Rbd&7f%0!4C3B2K%oKI8QFOs~R(1w6tg<b|Z}Dq|Nshe{lL-
z@TPSfZVsX6RHp)^m@?4K$lf<m8Uy2>pUX<*FzwvWOTiX8z`-PT$#>=2K8~jKmIjSE
zQ9Bh!aw+_=fFFGZ#_zbSs1Y-5pH-n^pMn0KJY6?T-#5CAn(?gqQA9kpj|0LdQ|2*N
za=+s6IiNp+v1=E~*WXdCv$>@OUyG)rXFYzX+u#(;pjIg6Ow4(28hUT_ZL#6XuW+Z+
zJ(I*p_(SVn-KWW~MMoEj%<WKx=RgO!WTYTyK&dvk^0H4MCWhiT{8LyN{QzQP<%XlV
zj+md)wGSIOBCVg<IC8Ywkcn}&_-TyN#l}9+rr9gaZ_4*P-aa^=fn(Fq(EKnojMU`o
zh(L>y(Lzj(xC{S=6329!3bY1tk?H5)Z#~^K48;qT9$gp#vsSX2q=!4sXWSN?TU%%g
z-mHT-*_Qf^1??$@C+b4w`cQ%RQgo**@#xX<45Y~aJEN)q%H4;efIi4Xf54#VcZY?o
zCyH7sOCy+rndt8<01g}T2F-4>$d}3GM<w51xIcLH4$Y(!_1$64i^Nj)9ndgh-WD|T
z!}<a(9C6;+RU3~)s6p91ojULcBhngqsMNW3^Cg9Ee7}Q*wSc0S7~$E{f%JHzSvE>r
zr&^xUAbw#lHTi-d1EIA-Y-GF!YSK$;Osr-zFZfNK{;jGRN)GuH{(y#*UAg}$296ej
zAc%%3>HFu7deeiJvr*U6bGObN$L;CtgCl7Z=K%E}=q3XgiFgT71}xjs`>&cM$<v^D
z{&Dg=DY%qBWv8Ci--nbWfHG|ABYb}Q`G74jhC<)Q(Yy_42;<eiYEsUWp>CuHl6?Vv
zWnIUh8uJAx3M6a-&!iYX&6j4&r(|J^T)dBC)n~~Es<?aMB&T=51|6k_6~z$9Nh>^h
z;-Vug<?{TP;O$pB6J5|o@)?ZsuHH~1o<0J-hrU;bMc9+cfElCO$f0d9b1;%;!VyRR
zeY9rACbC7k=f~S0<{oxw<mAZCnq<99EH%lMlk`Nh*(tPkI_hSnq4;8ItTa}-1VS%m
zr_l1*R|i_^t=JqvEEk0F8Uy1Uv&9=}x+%8UZqdEkYq2{o(TqWf@}IBuH*c8Ha*z$`
zgaa#SI3FTkUq9S*p9*)lc{nzgpUxutB5aqGA*}LyR|HZKXvP}^S~!NlR}0_L)=pQ_
zSlKwivMYK}$k5yd+oRCEkH#QN+@aN=yGem`yeiv$f2IE|GKOF$x8=}tx52Y)oTL~U
zj@0~eB!;682aWJ^jjC$diCNE`dIe_fa*7>6)6KhTv+a8AS1S-7h0PzbN!tzQHnr#5
zo{NP=jj8f!UVFhuPb!^piZ=*0JTQq>enz#n_)XD_VbmkBQZE7Fi72xQhq1s!)$30f
zE4}d)BVSGO?v5lt1Ou_iCwGKxvV>gcc*oxq|KJ*(#qk=zCifAT;<WqJebO_cKX|aF
z;zuBc^&8(@-$MWW_d53!F`8Vwv8-jy|8*6=mKW8Xv9>WC?U9wW690Un?_v5Yws>Uw
z4f-&qE>!*o%H1eRJW3dq$9B!iTJ1(*^xOk|&n-1XACp2H!`)Z%^73fAA9|6D=rHo9
zy^n?Rlrry-iufe^>?fgIm|#}xGlIohR`K^0PZ{jGnEh5uI>@2}O@Ag!165vn(QBF`
z<Wde*-w{ywS%Y8gKxE6CTR8AP+3&??Kcn1)QGEK@N+w`^B3abbHQ^+*RE|_+oy7CJ
z*Kqof(`rl`6`J><s;NsLE%gZ6)z<0>oHO$-aL#k*DbME$vB{2IaRmpFjg8DLDEfEx
zaQOb~#{LaM{`JS#QlbTLz9qi$ts5;A*C$p?dDGduD%}E?3k`|Y4HmL`yDVeRJhZMl
z(&b?G@MvO3(b6*SzV(!2@6@|MDvmPd3hRlu^^qcl;e0xk;k@A-z)-3-c)4q>00&z2
zMR_?#B5wVR5vC0_$F0BoIU$@ss~En}q3{Vj`XJzWSHpRx>7!Ux1;ih?A?}T<^BD!%
z@-6|eW#%IQlj8a61zCW;oH8TZJWyzQtp7C}J^LVLp9W0U=Sl>lnWVD!6rS6o-PXHW
zd7nxRkS4vaU+S3H!Ng4XCong$bK_^C{?EQ2DyL4n8M2G9X=w`NA$Il8|1)U2fpkRo
z3I9#X9?AICGegR2@6%KOwo*{_s1~2%8TD<w{uFy$n;vv~0@okFwGfmuK(c{YWP;BX
z1b5xOFM1v~q$1E7xc$BWlz+-h&f+@~MmW=#qXagAa2U2c%X?YF4n*MLsXk|s+g_4e
zz;(Dlb)QJ+%+a-O91|5<&M7wI(n(+?B*v^?KcezeXSV%qb6mloiSsF)!y3%j`?ha9
zYwg+b)6qpEWURC07l-RytFF|NilC?{d;fb+PdXS7^QFya6M^{u(^oP1&59eFF)MvX
z)Tp7?_R!=5GJ`3fIEi0WN3-o{ltlTe!AurIWcEnv!FAQIT<*Jh12yWvhPwPuHV;tb
z6rZ2T*RUm`#IKD0@L_Vv!O<}ozJg&Z#zeI7YfHNXHWk)F1N$iC$$iQAMk=PL;Um@7
zSh3-)dRR+Zmagfhe^ZxGd7LfpQfLKPdK_zlN2famn6<?$%d9+L>`b>GIhcOwNdenK
z=JEFiuhqa;93~z8Uhy45CzD4fsNsNsf+>QD3hnJI*m`sdsaX)nLDB4ke-4^Uw}+65
zRZ_)uu<qWuMg?zfp@Q4!)(g!1VAw1&ww_^%qPm*t=jzb&*HXSCNwy6V78Vw&PK7}>
zc&XK5(ya9d?9SVhTKHNu4m959TX(fV2}|k$P%8*mnD<k?Mk*4W!_=v;lz^Xf)RkTa
zU=W0CHFjBZxQNXzu_ebf*k8X>io=+Fe76Vsyb8lszrHvG2Rn(mVKA^X+yJk&nsU>x
z_y;lu$y<ewdM$oSm&YO$96*~9d$oI9Ws)#7OB3~vc--dt2`9qIH*a3QcL4+*7Z}Hv
zPNIOlZDRbe&&c4c!@NB&Kdv;(1xj`6V`cFqen2ui;E#s4Sb3y?fYT&yWs?;agR~z-
zAgPmAi_vh!dXK}^lih`bq?u~`nu;Yi&&ldtRZy=fMuU!ucY;|OGG@K0hc+QT@N;-N
zu`N_-n_R?45G?eOw@E5dVT29*%C$~DWs{Oe?a!gXo3_sOD)~h{v?n2{z^9MIx>Jjj
z(Vz6(e24P2!!F3R_DxT$UHiZ!u}2&}`-dYy^D^{5!ej7eC+<=G3mzvSlC7k~2lkFQ
z8MsJAK?<eMd0=g}X<1*WR1Ltkd(QP4a;2wFrF|8%tcx?7@~tOa4nWVSikR5j`<C@b
z<N4)gy=2(;JG%&WNH|RI%6&ZeELaG2w11cf+DJw+?>4$GMoF2&W+@#Y)nc3uCS@x@
zPr}K)C^pm}V6xn5%}Q!En82x|q=YMUc|dLfzq;HjCKT|*z-ESAERdTB?XUD^16`>*
zs>;?L<83`{qNs_#E+2CcGl&kYw4D|u@JC_Y0nW}7)i*6Zx;T%F)x6SUT{ZLc)}89x
zdaooQ@}Q9$T@Ur2L%g&o^9=zI;+ZL1=>LXzLPUs9)WYRKL1IOPQVIW{nriaH7Lk#r
z3L66~fELyE{MDG!Y`aVS?l=7)WaZ?&{e25SR8S4g-?5zH58!v%e1>Qs=@_;8g{L4W
z&$K#!0DAwG8htJoj{uWn0g}{muTuw0AW+hUc$2RWe8vFjr#2aOc2g+hVkH>$LHo?Y
zy`>>yAXH|lGuA{0puW!l{p#E7lXJL~8oWMOWs9L-mVf&6CP>Rv-Ke{=L8+&2d#cWa
z7{{$fNy@1e+ysZH6<)prDuu6Wp2^7B(uM9!m&BrD{EW$ApeZOwD3XqGJiu8Z6HuP7
z9#78}isebw1J)JJ4YJ(B%X92c6Fb!^rpf%y=-vVgN&kE6`t4Qo(M)7Sh~YAi!3Hfv
zg!5lX!N6T}0IIZAR>&!1ih#x=L35$6`Qc!p#sKIsdC}wlq)WfnZI>#X=+G8K$w~oP
zNy$4x=bMf($;q43*;Di^EOAD)mct)f@iXj!8bi$Om-a+h2X|<p9^{g1E&K)P6RQ=g
zqWW$8np}Q5xsQ*aiQ#d!lrUvgs`K?2)?bnVDjr>*0qzforrV3?j}k`_{6rU9BwC=%
zvDhFaP^Hv7rY{&_HM451phHVmi8vZ|a5P(>A3jrx%=?Au%VGoJa00`KsDI&wfBQ}H
zU)$n%+-iAkTR|+qwjyove^vdamwxrOJS?8=h4=(3D=S+>pt4ol&9wv_<S3*Gx9Lf^
zY>v_f$a@gy>eg{jL1r#nUTH|}3HO7%J`yN-#X|ADH8N_4hPXM6+E6Wra-#0;=ddRW
zduzv>hSa+5JT1_!$e5gb>2Wx$(RRMgAlo+r;;jkqbK9G0K$@FlJL998E{5z%8W0e0
zu#l&Aa3o+`cWl8UR<aKgg(3V08PG>Wd=8IHjE$AS#HytdU}EUKW<_1r+jtmLy!IzD
zSg+O?0VWC8d{YHx@11Sv!`B%xj*uw~Mp%C_#ek0Qn2Eh-l=H7gs}sE-C$qx*8mg<p
z>Z+QeAkm8236HZH&ElicD0;lX>v3`;g*R1JgGC=dEl_4C$HI|;4(e)8tmC668{h5|
z8&;X!+0n)5FIO0K2QW>kMU1^Kg^u^R<`$I5ky-so{t2#BKKk@aV)Kk-Jg(2+{xw_~
zO@33`FfrL(oYa9-q<q0D#L-p3PI^SUsheJ#9y)?%u+wiJ;hdPbwF;KwhKDrUHk|T|
zSKEt!x3+)Yf}mS~HaAE@MW@P!2Hy=?mI-HLvWCOn9pCZtWFfMRlC&aNLQ6sDFvdlr
zX$u6g!GbC*YFpot)&4X*Pf}Th-cKO)?*nO=`QiHT%?)Lg!_nNmGY=DPrscW!F-%6{
zA!Ik5$s+VZ&$K(gcOK!mAv07sFYp`Lx+RCj$v&qSe{9X3`(mtg`-^7Z=VzwiD8G2u
zx%Q25q)yj`Rj$}PlIKQ{p`5^0VQVd+OXP4~Wz$InusGhH`5)4N4ah&I0SdC2jPvBT
z^~4U|-bOM-H8ykok}m!ZY~~2>QC+CoY`%qJK7NoZ20O@{5mYBdRhw0N)be7Q+pAi^
zH(t$KwC)!!$Zf11uq$B`9_4|~F`C3-b3T@Csv-|eA|<Z5AF^n5qdFRf&4isoF3<c;
z1yx!|I6wx-^v)HL0lowo;1BYX9>2Y_HolPpU0HH3n9u({wMOj^!U;D_Q_XpDg=&}6
z3J9;YZC+1)en9Hn)~gL}caiieITC7E>ZJLg=-wZIu_E1OdXR$V>5K<btN?TpFNMUX
ze(w}pB{6d?2EVjK8#B9p0eHR-TH`pmQ}R!o=Pc77&NGF}rWpU4GeiQ{@Uf`7(e6V*
zM7kfkPvq@@dQ+d0h}4L``!4lOuM#Zk7phC~H~i&TIA>=)Lj>X31i3)-NrnQ!pCg=+
zaFfKQb-VSSDApTD^3(vW?~;sLP@{N0{gc}?iGTofoJP$ZS&Z_>`WacK{BnqE-BNCp
z@D=nkX5+j8#R}>NS^~rFyrl)7j@;;O07~x88^0Ze7F!6<TkXmh>2KebIf21r+7%AS
z-~t+QHQl_X&;Ng5+V1YnimSktz6e70hv?Uz@+qJ=Jp01f;%-tB%{4QA`@&hf@CXT$
zh%*b!XMY|IdX&TgSLyQMw3zF~ZBSBrL7^lkieSlMZ^WA{-unHMx3fut%Y1>)DGZaT
z_Ropnj3C(jX^JL4z~%39uk`DKIGltF`hSx!pND<C1s=?xnNpIDxAref@b5o+Hu_JA
zAkD29@A{RINP~Qb)B=i@IoFJV#ELhFB7r#ECPDDBxO;K9ZX*sX6c;!k<3G~hI068Q
zK1mht_?eJFcl~bydSX`+i3~~s3#sCZyn1^Bbu{cogXY9*QKKOeki*`>z+&TX?q~kb
zDa(zUX@7p?d7EF#^-r9A4*0t5=L>QVF%iWK+Ar84;HSQM<BoJ<WSvTBi7J1ig_eLC
z_?E^$lGqe3sDMim42(!&lTf(6;lT4Rgx?n96q|iu>qvG9-hDA4c=*b(H*Gn5;62^J
zCoyt*o2m2fhxxY>AdH}A1OtzPQ3U>)WfUU0iu#uH1TeFx&=)Vr@Bg-_eenLr1;vMO
zk`WFd3Al|yihp8#L^p8&k>Q3#D)1^K^=|@G+t5Lb=5Oxb#5lbyc!q&QVZecS__CY9
zN{)y)$;8{XdRwaM->&X|{m~1-jksZL;bFTVP7ZN+)Chu(I-JLl6XCHYMrWVs5&t29
z4u~|C2{Yc!A_^jG0Hix2|0C=)3jA$VtD}S}2e+@y3Sp?vMG@2#w8#B`02q`h;^9qi
z-OF4?gg{NZpnkLnn`@r%&xiSMzn(n$<Lh)}o42pMPzsUSND<k#n4<!tVrTPKypQ;|
zy77Sh@84Atw?p{ULy$Puy#2=;v_$-mPi=-h_CUJ!-}N&x+eZU~1FIn?8Vo`l8!}Mm
z)bo6s)p=*6wuOYuUhvwFr~pNCREqwqjp!zV8%4(|;V$bZ{|D1W6y46qQ^ip-{9pYw
zT_%L-GUfN^U|{RPW=(wX)9)bu?<Y@zPC>3oTxkk%%;`udQz~}|uZ`&cWN*Ne8ol{*
z%nu*FaJqSY%!S}kj@@pxAntx_GH71g#As$C;vY4@Ko~}-VURmD!Z6r)+b&e4Q2yyh
zbN+EQt4{|13JVCzjC4BueUDU-q#F#~ec;pY*W(`zoH#I=c70C@;cbL=Fdp$@^6O9Y
zFGIWj4F&!m*NABEmq`2bz4=&xS2}dyl!)~7|Gg34*28g2Oc1939h{fZKqtBTyBtbh
z#9Iq%qC9!|^q+V`-%-ln7RT@M?Y_|8Y#M-Do_iJ+);ag#vc284_iR&EuJV3gF1x(T
zQR|K_E@njh#t*qHCr54Z0wj<*U4N2%<aZ945#+srv@0o^61V_HeA+sp0gIo<#OhCR
zHOKsiqiWJdvb@CZO)nrtDaX3D%(+J(h|YZ-L~{llFSee1LUv^p8%G(b5E#2#yLE9i
zVY}MJO1J(qGK>PJ3vso?NsS1513rNZf7T$44^8&p-^X8*qEh(d28&vm$k#?3gpYvo
z>YgqZD3nB$u+pxVPUWPKt9{v+4<BT}tiLaS-Z<NmP2#o&G@p++8X8(l=!gcV^|)%I
zdx0RJqU6>mPl+sAz}^FMpqX_L0AwNPTlGeO^0k0XFdD9G;6*tpHR5AR-Wgb)La@7{
zvj(p-_6P!q&oSQz>^nHF1?~_8s78(LQF6WO{-<zj^9OcJJum)?Od=3mc*M^0AW{Qt
zy=0sWC8kMA-#1D~fQNoeLlc`#pm&0&TWv>azy)|XuuZ!@9^~qBc(h@eV9EELZrk=|
zAe-#}9z|_37)__}1?&iopMabVVt@t_o|<~IUK<Zkidf{ndh>=5;Z*O)I@f6sm*Rci
z)fBeW)6#L*tgy<h#h>IFg`Y?#sys|l_kO-Ur5Ij#at+e|hVOve2$B<%nClDr1I7X0
z%k$OEL=JpyJcyhh<RYBU<1SMAp9oFLz_*BU9rw-=aqnFFAz{~_5-UephUUia1U@*J
z)AYbhRnd++gc&|QM4%rQZz~z$bvBZ6vl3+O&p{(&HjaBN`umL$aYRuBG+qsWS%i;8
zMBpR0aL4!PU}rtHWLa~qfnDk&MfwV?4JTs$Onv&+Kr_FFn4!xAh_+`cUtaX<kEZjz
zD(D4^xB7xtpOk_05%VF~xoUr^Eo3}uty-c?gQ%9sC33RmB<M_pjO~rrLaW?w=6W1{
zbU2=CMOo`y>T;;FtguwAaZsyCiH{dw=}n2Acp!1Ln132c#>aF{joo&d_OZeeE!_vX
z)?taARM_dswmDcUAkHLNyUf#z@d&5*<Bc>PMzunwpRd$%oYrn*J4OUKPA%oH@JHTK
z@`<Kzfc(nS9kI=KujyF5INkS&Ok&=tG9vj+iKg71zr2#7qn#QnEn1T)P|<D7U}0d$
zu+aCm2;GR?#^M#EJ`wP`VJM9H%=b@}rEikNyEZ`_8W6q7J}<u>yo-o0W2WpxT#Lao
z!qRd{T$#zQq%4LSMM|G7KFDhdJs+=eG$Z0%#g}=(R8+SCSTbC_mek1V?_Ft4jE^5n
zqeJiA>+A!cZWWkYt#zd8x2wzZ!600P&UG-%jPaQr9@TJ+^?G=P@It8bo80z)(<PwP
zb1aW|9j^0y66QII7C73P5|@o<x;p$6!Cba<iz|vnjIL^@Puet5*tv8<MRdffP9-$1
zVDXB)LI1`1@mAD?^#FU$D;Kkx%cT?6oa$;#n~60AZAl$U?R=Itvv`a4QW_<;0@pO+
z+^4OQ$}n!j&4iqC!d%HP*oNz1k7~ZUH3Jh<R&F$%WGCkkF*1_mHxYExfT3sMA1iWX
zM{LBxv|G(;e&BT=-<LmSy6>C9tfGw}P;{uX560&{=Hcnsu`gS?RDV5pGk+y*cuOaU
zOwR8OB~pnK{1vKb0>&XR#dfykh|387!bYys+0f(Tb5Y`5pDT1Jcn=JllbiPr62(75
zO+?soxJWLd7sL{z733Yx)#+uAipTZUpq~Y01%?2%-1(6=jOt9;pf*SmGf%m4NC!i&
z$)LX<#8nbaW?b^ijLxg1P_L|VVgoa>-?zTb{|S{Huli53tmOO`m@@aLjlq^2If9>Q
zcrC*mfNgrBdqDloK!JcOfFL+;I4{&;>9bVb{z{1d=mJ5f&^J8~mJ&Yu6vX8#!s~y<
zR$VB?O8Ll^1;eLGG$;w196k3Q;+6gS>W)!c>8X%tGM%gyljQiqW~R^e#&Cg#f=!W5
z-N(w;<MdSmPU|m#Qez(KkV=ad<xi@zBkUb8nn$S%b&H~n2#pwJh{NX%hxs*iMWo$+
z#Z5>EdBrU8MHLA3SL2$+bHxHee2DErnyd<O+?EnS3eLDg@IC<LYbr#&%9hfD6BFqj
zYTLkNB;^f5mZ5SjjP=RSjIqo*aag2+qBE@8IduVUB9MSgxar9T8ND%pV|JW~dV)Vl
zgYIB1Ttf<q5JYYgA~&A#7y-{p+n;e-`Ckh`umg2Gb^{337IVEodkiimrL4UC7ci<@
z$+1LKSAppS|Neb2-67EY@+{39C_iY{L1dDVmQDxX`*FdjQJA$8pn<cq*sp%+;o!@?
zGRii$Yb9(w4IL8@u-HiEv1LJUNQHHU0)WJR2iE$?HU{;sA}%5@T-j;cGU#!kf9ri0
zT<l)Z?IDxc;)j+EnjjSABR1mqWaF<yyW*Im&%>{FS3|LE#$5zEiDvDNHno0Ga&f6K
zIjDUqYB-Zoh0rVt&o~W=c7A_OFs*3$yaXrk{3RGq0Y0vZRpI9emn)+lLti3p3)%n`
z?dJkj))|fx0pq%46Ox@J&-1nNRr54UN~LtydzQN5&36h(Rq5OG#@omawX?F&3^hKu
zRC%6%z>(gZE|GAnvkNeHBo8XXL?lUASm|;X4q~sLY*q^7zDQ&r5MMob937w{bg6gP
z9fxgdy~XdGYYR^@=00NjM)r*tlZ-!kC_c$rr>gHGxkl%u%xjlDW8t0))7nY1Dv>$O
zS+oj;lJX`Cf53gD|9p79%)@@=vM!hTO)kf5M|dD>!QH)lcjZu(Vmr8E4OChwQvxeY
zT5EI*UuHn1Mt+UGbdxv6WzIH00`aC|YusdF{nX6)+=UQj^d^!A8p4XEg{An(MNpnU
zrzb6qpF~(rK3wut%0usy4}cn;IEuZ`H!n!W$+8TPuWv`*KmZ8^I_6=T=!m>-E>W60
zr(GsWgY&jt*hxXvbX?X>-Hy#vTUlAz8mO$s8$I3;BVfhHNbh}pcCw&E7I=XMz1Y$S
z5C9^SNDNy`rtUp?AUXNc9!f9>mcc}HP+F(F>hO8$eKtuUVNRCVMvU(RmX+0&JFdvP
zuL5>3!?4xn@aM9Rh{ZrWr)ijdFS%rO?zbKX12zpna_2ZK=?4hIPkZUujbo>Ud2FYX
zuV&!qx47`;WW7Iwy59h3E??PD96BC540S%;dys3tAJ>LqmmI>HoL#C>bqfs|7MHJ5
zbaS|HLbTHPY!PklaPFZlernZUr3+I1?OKZ0qczUdyDQS4L0^*!5O*z2T;SC>F~I#_
zo_tki*76UsbB8@<VEUvhw)miTjtpGEJrC^^(@4CF3beBaxO8iOfbp+aFGLC$ABSM6
zMvv|Jt}nj=%A~CH)}8lbzY4YFba-rI$S$^_D?V$xkpXEaSew~28bYX(qdT;7yX7pT
z_*6R*7%Ry6(;pV*v}e)UPc*e>Ia{!iiWE&l>-UKWAp(c=%tF!pPMvYIB`eW>^A}55
zF>#ceJFBH42~AxZjoop_YG$0rT0-!zHX<Lt_T!`a`-w75!TtRLW1ZX1PZ_7rZI>p+
zCn#_fK)z9|n<m~dsQIbr?=8!MxMd50SP~m?%kr5Nu9prnM8)eO>rK_UW`j2gp<l~0
zOKWKn!~M3GfRh{Z`RtJRd8GVZmmeQ?*1%>GCyrksg|rH(FEXVdERm-Zy(sk){Eo|a
zfrP9RhY<`{cBwjS#TMzCxjKTB3SVUwL<@!P8gY3R87aJ!4h}|0z+A_`F!p{~)=RB8
z(kBKt4!0&0t{fVk-ioJR1{d~#0HK*dq@iTJs{647E04`c-B(<!&D^k#ubTb~T?9s?
z8OkkwBgTb#u4y7CD=1W139^&zhcF`_--mE8b4n2m2{qOQgB~*B7b_wT6P+S1mqsbm
zh0)2Ln*}T1(=XeoazWjfCQlTJHFIfT+y$rch*`WbSy=k~xY|F=@+E^tuB4n!*7qu}
zuzfoj9KC=6c7g9(3+^4OtLe8KbS`t%vdM-EW}Y`-8kcpFcNKwzSdxH5ENMyRq~&u%
zBDaKFtRSf}vS}BJRhSTb%6aG3-pdN-eOm3hWvM)h!pv6x)s38LT8D&h7kG5$N8Pr@
zYJTsgWz_OiKc@&(4(2_esecJnHNHfgmd`*nFrA3Y3bhxqvgT$}2u&pih>c3mae#eX
zxgu|PQr9G@2Aj!vs;Xlts@q%fHO$$5;@1bVr+nBL4m#+znLmCE=YE9gbp{u;*33_v
zfm!He^P29kb#ft$<i`aQieUJxaWIfYo!lK>Q}wY--MjobqSBZF8hk>YBpQ(o6-opI
zNPOVKAn|j58|DJf4{?uXS;o#z`&IBIBZI1D3MwJH`^xXk!L#+udElI^F_-mhxZJ|=
zOv0aa`jMcxI~^AGs5Te?oYE=wvgcS~Q~GE%O8jPkq#&!CkKH)cvp6vm>2M;hxUJa7
z(V_r7f0#Zz;kZv<Ql(cIIKiT?=eBhJFqx5`ZUt7DGO=hjR_DblA~Nk9cs5NhVlAMK
zo*b4c(qhpVds*diML0(uaXM4zEtN+v_V!GG)x4Jj2+Z(T{94B;U2TcyR#=$0yHiDa
zDvK)GL#)e=0v9guWEv~>sYpi1%NEE(w#K0@HE_0ZNCV1j3H`m)ijmL_Z&0IMy2OAd
z__ju^tgH+!%ZY^U>|P1kTDkkz>M97TSkbnypUG@8yKcnEHDLYlp5uk&c82d^fQ3|Q
zE4CaLiMo;#OnFq>HRx@Qsd6H=PrTqdQf{g?{R|S%2y!Gp<J}8Nvn@ecn#UlZujm<G
zkrJr<v7=(y4FkEg0VY5IuSZt;eknf9zxLnR*9eYdQ_tT<2m>m!+j!8;bh&FPX4_Fo
zGxS?!Gl3O`*7_C4eM}9^Dm{lkI$CT))D91R3hY$3k{qq}`+@G+W98><Z!^Hi@(-F6
z?b3|31B@^aP;t)%<Hnq%-AJ^n?QYh?ug*(Zu7Dqrd%&7e+HXY~6PE7AYUtr(&%VU4
z8n5Kt0cxBzefZfMhxWJZ**=$NgJ3*0)z)Gyknu*^u<Ch1A@D0uXNrbOUyHxKTXR6d
z92U4++vm)7->d=kVq9t$^!(n}UNAHPU#vRbqy&Hr*{3P<TKcHVpeBcz2c~zx?l?b1
zU*@*ngU|NYZ9Ru-tjs+hvi|Zj?Ca~b3M=@uE<4F9_mY!LssE-Dv)G>2oml;<>2)NZ
zOQ@w<`I@hj&*OQ}gO_P)N87_d2-RKtO7=&)Yr&1p*@h`68Miy3BewywyV(2`PWOf&
z%!ZKt1wKOb;a+C8&dTKQk-4a<B)w`{{y~6Ud@Bd=U4G|{{_x8?s80vE=k3fkYiv6g
zgG*}#wi^_Zr8)=B(tgF_R2ReYBXQ*Sy<>{XJx5ryYc2wdL!maS0;1^sUKMLrV2-(A
zukds*fkv(Fh<GVX_}fk|s{M4!>Aru^Bu6(hIYwpEkMt*rk1^IyQiEG{_KY&P`4ZFA
zXPph;!X*!5zifS+G~FF?#aQl_ek{mpuZfP5DFgvEv=`zw^>RdIc2_T}VDo3hXK41Z
zvKNiU{jM#cQ^JYaDl06dwoE=Rc_9%}beb2#6%)>?dj9Q4v6}Ran}Iu@>Ew16<Rnm?
zuppflm$el`+>Ek8EO?8aTjbW&s#`wOHqmjELK?dy`|;d1nhH#yanjD)r`(xnjJuPS
zjZONhTD)S6{c{CQP0hAd9P8!N$*RSC@ofz~PHY<0!a9RDm>etE))l76+NNDr)@Z-c
zO$>y08Q$afPDW{kmFi%HXD~aiNnPWmiY?9xMBYlhD8pJu20bi%PbECD-Y3CYf6Q<=
zU+X+P71DjclZ<d*+b`rU)o`{!$Wmh5PEQ1>5S7pDvd7V9la`K?1~!Gsu0Vm^$*qK`
zF|&$}$d&%&L=G>qg%see_Cls70Si~{o%>aUSKTZm$BkZ7HZ$qb7ZFX)d2Pp!J=<Kf
z@xi7`-7X(ZG0)>o<-lEpYvO_ug&A;7e8Z<@e_hiY;hL-R51$DC(W2wHspT5oAP*Uh
z6)l(017aUgu1FyBK2YL&MjS8_0Osj6wAl&meb3}{gBjF70BdnDW(JR)(C&{V^BrNX
zx_i%%f;`$Jo=J-e>U&x6OowTRh|S2~3szz|EJMleQ4hW&W|U6o2^;t#axsVPbb08#
zSO^lYzE%#6CneF9WI_|B)d8WcfO`m7smPu*611)JJ3IwFE7=0ub^)6opBN$mX!R>I
z1k4+Vs0B)2V(!=PrzcL*vtxf0>VMtfdi{cLUgHelybo>%=+Lm31^ubY7d`K{UeA<1
zy_z5Oe4+Wh{cYg|D4?8tVl-Cbn_DUrlhB}7z}i@?pUr*XMmpZ8!PLFtu0hO$(4k;*
z@vf%rk(h>pDbm`Hp}Jf5^oqo!O}jR%^Jm^91!R979}r);s42^l=u#g#9N%V7HeR5W
zlW?0M;xybeU)$Y@sN0SmX3?+pKia%<j!IWv>KrP9i&j-H1yy71wy0{&(G*7=T&(i<
z7Js(_X|{*lU~JJwg^+*86O9BdmZs@CaL9~ZdvEJp`JG@C1v+)(uUwT+_u9m&Ztv#1
z%dhx943=<bBFkmI-6O-<dcNG7s5bwS(A+n={_S0;doeG(_TdRS@rsj=rEln1NkXd7
zFzExwH}yDxq6<r4%?7}p)Agu|=0s}@F0fOh@G~B;Rqyr2M}IcAzLRCug!a76mm}tZ
z(LSDwuj&gaYUaTvV^|JleB|g`jV)w9UwvO~q)<i2V`OpfYPr$HH)e-$^n4Q3NwZL(
zi|fMyIaecnOQHBb3G~#k9h|q@F79BHZl`8%N;C7UBrLuJYg+TD+P*Nj2VP=ytVj)8
z9}M4ZWD!#xQFg0GrIAbJl`qBo{NfYTw3mFmwg<huJ8on=!xfQTyaWE%sO1|^=p!g;
z+M8xNF(RNq72Esu()6c@>G}PLjmWWGo(Yuv9Z2_)J{t6XU|EaRh7#oggKl0q?D>S^
z#q&OAxWoFQ^hdr|9>M1XYCl&QXB@NjFAG1d&+cp>wrd^t`+~HC7m~PSc68Ogj&L_Y
zy=mZXa95xjKK0H>hqdKxV_Z(b_afczU=dMuByB8sb}ZDm$0Wqi`xp<7dc(hWP{54P
zpHmnJ{k<9S-Xi~XKS6~133l~ph2ey^IJ0Mi>g4j5NN-v3S&4&5$6h=PcekjuiV?lf
zTvoqMNQ&>{b_U@EJ`?mFf8fCYbfaaUaX=i;fj&u!>=fSC`gK8g;tZ&?P(e#~mPQ^f
zwGZ9C`NSU9Ob$cM+Lxr&sz&FfG=67>%j3qhJaNP0S(A4<)x1oa#czOim3&*+!}d0w
zn~9m(U>9p6RVeAb&>*mP1Ghx#NgXXhr^N`{TmG7ztUg;|y?<woue&bQlvyWK;!_?O
zP;LoM@8qlJ%Y#+0F?E;28@jaWGeD_Cq-EE~)2fBTsp`-7l>&PD5~}$^g;p+RZu}s2
z`Mc$E=Z1CQzVpsl(nnO>h&|x}?)+O7*6}p;?z=um^X-Pm_nzhO>V02sqsk_sq)-YL
zpDf=Qm2NQE9g35q>Yf~KBWoP>M1ZlSmWQE?qqmH+lmP=G;g<4lU}2@r{*@C~E2TPM
zVc)yQ(s8I2LviRZp(a5(S#8r*qqp93BWuqZ7a5T3MMgLF#mTQ^>&_ZsTgW!(KhtQt
zq|SbZ%YOF7*Kabl-}L86tv>-P<2huI+3$0ZQUJY4)J)3pB<l{uJt-iJ$$T+OET-_D
zp0#U;A|Hc^{$Q+jc4d^UR$Kd=Y;1Ls(5uP5s>b_d4)1K+FLsX@mg+_M#r>OvGk4p@
zXhGWK(iwNSzY-w=86V>33I{YKmFw1Yg-Q@Tq>l_gwVq!^yH@sggUey$O>tqu(+f9F
z)7fxBAKf}<SI?@x38!jgJ>VSLb^qNt2;{FMe>;bk&;RHej4*ze1A68wn+7Pvn8gb|
zP&FghHYdV&dQY?Kmf=;V;KrSOFt77#)P6kpX*>E~g(03Ci^u7(k!d&?zuTKQCcVW5
z_`(kMt+q>6ILtq~=zQj<Zs7wxDV?r`O+NR-yazV8hFrKTKA)<k)I`{Qn`Dhz$Z?93
z-)O@fI~~ote4B4v*Bb0@fLep=n_Td>5%pp84gXSclYV?x`?Rgq<_*wqkUlh|`gpu{
zCAChRh^SyyCK9EnYT74hJSc!o4`x!Nc%^K$3(E|F#ksBzN!K3h#S`FK>rBrxt0@4W
zz6y|FtgTsh!qZI2OC3`5x~8tXRd)6#>-j$pfEd2+e6=3;#ccbj2vA?m;eL)|>ZEGa
zHEMPM16Pf_ehuy|b=BvWAJnTfXl~$Io+9ODC$su$#OD2IOMN9DY^Mp<T-;B8D30g0
z+uDZz*rJ76L1J!gp2Qxt!%ZHMZ;_K6c%u_>zJAntWWQbS>C)Br`b?(QA(5F}Mu#-u
zBr_Zb0^@QU@Goic)WDu=&!_20Ib`Oto)$yb!0%3Bu4mJQi0f+|mKV{2{=A}Tc28Z%
ztzFh(3=DMh@fhjtb~F>IR!O;>5jBO6p^ZACP}F<5#>T$+_6uLw+weWvCM%sC(b!Ur
z+PKR`r8errj!$)FhgiHyH1f5?CY?Z|0n2<;@=t}jrgkII0^VSOJWStKLs6|~*>dVf
zY2ws-yt#cTKcJszp^u9Ju}o4r62Mnxs`z+LZh?jJ!l;O7TCZ3Y9@=hZzOJDkmmosI
zT`W6dWfHH!q{ATSzSZZVU)k$ow|9i~?fk?;(ENMB9*V@K?smR(>Rej|MwW<IW5UtS
z{$kgXmidod&2ABzhG+rk)k9$JYPfqk92a>sbSmxWv6I%^_umewYe2kOj4JgDuTI)h
zp1vj#>YP^7MS8a7lR1I7CtUvbuCPbb)IZ%(phNA`RD3!@{v^R<rO1mOiQ1Y}@~6J(
zsm1BT8c506MZr>brTARYPx6;X8y53d$LnWr@?;tNj-BE8Ew4+DCyE+K^yjZiULA4G
zlkw}Sqxi;WglOOt$AJpM(G^t3>Vfv(A`Z?IaZpd~83KdgHk<SRloRLMuo5c%v;#ir
z>a|%az;R`}C4deUzC388dh~*npI(d*%vM~W#EeyU`YbgIAjkx&=NS>`nCspyVz$-=
zEM^vHe39D@DQ}WJY)9o$Q@8T`w57<GQ+t34W#^daEKUS_{?ythi$DV>r|q;Lk-!ng
zu`nagko%|%@j-ckRL)X9na~mxS<mE|W_etJF7~Z`g~frnTjyf<ZuU9fKUTanOvl=u
zU>1x>hMDM1BE-sEL$jZ3I~j{KlRcZEd`>U?J<(`>TX(L}+^1+w(b+b#A`e{%_3(pf
z_H0yK>Cm{xF~jMZ2dJtt{`qSITiTDqX5WX8zb|aHZItz>=J!}cWlk2!ezyOBQSC!x
z(8{f(XQL}%+KVSLvr=CZ7B$Ap=8w4=jW-W#O47P3O%EByD^1FzaP={gAGEU`jqMWz
zw$wAVJp!A9W9D20(e=C+eq*2=S@3f9rawKsMd=2elWe^By4kp=*`YT!Dv+f8^+F4E
zT*d!MXn^kKZm^Jj2@0$Hq||o4Ox2Wo)!micHUrB>4>^28`7w-J**z_FQwmlZ`Qm$O
z6+djD^?tcwLY~J_(+4L)kSjMf#m}^INf-)V^@}={hKG@iYi+xN&b(P8&%J!!5*oy%
zRr)aAmLEUzwnh<vn0F;q%)E9lVD_lm5{8S-*&1IZJ#a(djth%Q@A~~m%BS7q<UjWn
za=h<$9CmD;1X`B4`uxQ<Cm%bHo5nqLwyk3G=EqrY|4Od3onR1R`oV*Hffv&B-0I!m
z;9Y)nJ|1y!I-!x24&(8J=Zn29dw7|&rXrKjO7><9?+G0$RA#mr3#ZusIy%czq$~Z6
z&JPjMIbrNej|8If&n^_asqCvZ&$8V}imZp&Ha}dXum8^AcT)fnEhK{xa;~NW)vPp&
z%pSR^kGX%V+ANjuG4^S`iVn+1B-UX9taLmE9yM-dlKXf<NUX8PSLZv~U<!;SeT!}h
zSoQ|SIX|ess+Hx<o+97+s}ygSSKzbtCGcD~*wIOrUnb8MKR@<=1RHo~D(KCShP64h
z)Ky+Rjso)HYS3L-u5kZts$tcXG|BW9sHk#!uP@F9aPk2VsruO}8X`24d3?yu%F6PR
zRg8o-xR?ssH~iII7L;AE$6<r~YZ5uu>Yfa|p6VWJ1L{5<Q^(TSPdA$xSy?qapWBp;
zP-7i_|1rXPvE=*YlC89<U9RkXwsf@VKr}(%FXJL921JS3V?H%Vg~FGB^=|3+a223(
zo}!#gocWeE(skKz#ha3*J$qd^i(56Csy#GLkQbf}O^dzMn7@JbncserAPavIf@4U_
zw`l|z{m&g=fpQpacLDR}3OuScaIFs6QT8CM-G`(!HoEAvNS8vlcF}Wg?zL+$zh;nD
zQK}Udi`GR-U{iiF?3a7jtYOQ7DY9z~N6V{8FxF|c`~-3WqwMVJu_wnUH$2$K%lT>0
zF?2$_lwB}`?u%DtyL^Ewe_pWKNV=?FeL|cFHw9SZG`Bahf1_yZsA7Kv!AUXt%<;ng
z$KiH*kgy0y4!7ru1`=!jHe~38aI5j28=y(#Jrwu0$!D<3P(ubIwkFm(V!NPa{+Hf}
zxVrE=t|rz)49^P$Ay%ikTZ$)1^>9*$4Qns~%!IO2M83?-C-a3}qoojq`0UcRx0pD^
zF(8h*0O%lVm~Q{qI8hPC8B}A)f%h9aOc<AzQZcscPVTTaJY=mCaabJ0ZHIwY*se2B
zG}!*M1wCEXiHVDolvoK_t(<H1TOKim(beu%!I}HjiTi(Pm6&_2q!c1QvG(?@yd2JD
z#*+i7hE3G+rv!g0n6k-9g?JzqRo2pt`S<Y`Pf`W})vrJtz=O{ieT@(1bF!1Gn(|Lt
z-19)`@PNcojA<R8K);U}mZzB;(%m)xE+YeJyzG^gra0m0dM4fx=;9%w0U9+Oohs?f
z&7Zo)-@;ok`raLGyd@Y|e4?YL5?k0q#AP|~CJE&S6m-Wun7d>9egv=xa=5928w25&
zwi$qn?OG`Cm&$x;FK=k8I-Z3eRDOP8eSWX{q|3^<F$%eGy`}YDpp20MX7dMD-w)ce
z2WoKyLVTN@r~513q;coTKYKTk;$tsYa3D;5vz*R*@k8k<l?U@&pzb;^%p0v;ZYe>M
z!KvjX&mZ!t0Xp>fJRJS@0n>Y#TemK9)#|XE>yG#-84iR39V19H)7oo-Aa8K!0cO3O
zr_jq*c2RDvNomLKd4-yNseX{QRpoFM5ZxGcYO6kL5|?&%VZIX8Xbk~l?!wa=U8w74
z!Y)J7`uD368v^#vGCQy!3q{#q8wJ&8;5obdW@#>sMOVNe&V1j+MK@aOUvy75YI<KC
z4Qrr6y_A}Tfn7*kH$9XR|1BllK)OQ6+TbK5?za(U;&9PjsXf_#V~ZY!(14e?g$#lz
zcNSpEorBIf9Su#u9W1EUHmDZj^`wa?*qr0(o=(8KIeHZ%$%IVCs-`_c8{j@AlSfz4
zDJgP5Djkc_yPnX<KWy)_HL9c^^lf*cV-U2<luL+DbGI@Nkf@rKBe6ofZGejXV7$Vp
z9bK*a@~jQ7@xg+yVnZ6+0x@{OG3N;nh~-a>5O;8BTB<|CZM|t{E~~MRpeiJD+Tpkg
zYrdQgTsq%dVpQIb;clCDVL^==-6qvp&7i#-+bd>Yiq}FrBI+j&LlZHWrN~n%`*L@G
z58%cuf}+{aK0St&7e!oa6EZJeP+=*xt<mA~mv{%tQ)MkG;c7c@=k|p_VeVkWx@BK+
z6pW=jFpfowX+K}Y(l@;R&emv&_}0<sN6$_A6khwul@hznyUxDCl<9Y;1l@vQ)k}NI
zKSpA1p&a3PIx6OVKxO+eoy?1T&#ffE3f@r9P9ECsHWxBjm?B`lwD;LzVuYM-f8oj>
zw92+$%xz2|GO8j^rbQzVEo&8UrlI3mCW=6i>E99Yz)0U&#$rm_e`S(txk)C{P<6pf
zmBPTqSCz0;@74x7t3Js9eT|26o^}Nh=*-S-MF3jDcYEE5`jh8S9<j>{w|JhtX(kct
zq<(zffCWTY%bbD~Y^irQ+U@hO!&@m~MiG*T&^ET8-G5Z!*wksA2|}A>?~Lgg$<N<h
z!Z<b!taSZKDm<+pVR-l42$#&3uiCLzZ1wkr^N@-RTm0f-C!T;&I6F$Rpy^i9yE?fc
z=oZ`LM@nIUcHL<gCn}ctH~W8r$o`*{0g!-=P^YCnQ`bPWCf#owvX$gBYPJXJkqjU~
zR^mZ)7=j^i!7$IFuE3s-fG*gGo@d3glV?i>A->^+9Phwd59QK*MEGh1m5~Dg!a6Il
zLM4o`8r{wgEF$e6vKylc9rU%f-~kl}*n)9&41p6BGh5GzA{9+jF%6T$PoxsP!OGNw
zY0n+Y(05SlcRE>oIX`c2?CW3cX>@jX$6)wEE;sZa*{a3q^Sxf!s;Uz#_}i#i5t!Mq
z1$s?9{Iwfq*B)m-aI>C)J`E{@ZlKe`80emnF-vH6__Ld|jS>uQZ|QjbTF|wHLIVL}
z9GJy%`$mU>`@QL@xH0Wf0taOKYZEdw;v@5pTFQ16lig!#;d7LL;$ZQ|+tW4C>P+yb
z@8oLEr%|5eR7E>2?V04UKp$F<l}G(5(A`oxCUu>XH3=}2Vu4>~1dw%PT+$99pPgY6
z4IJ_u#G0Pz%wpmjDKgvX)jCDdhLKWl%oht+q4p{UYanxPl5VX=wF=wwCX%~;FK_Ca
zKji>P%7EuY-h-~sO`+mKB`8Jj!il<y!!|44wkwl-aa;;9Dc{JG65vX(yoh<CyrogZ
zL`EXmy@WXuFWTLWlxx{K!st2wRlkwaq_QgmD42dQ5ksaa#0m=!V|BMN4)+(TGH|dG
zma?rG#*wn^l0i`jQhr`kG36;hw9h(u5#9}HSl+Kl3W(NMxa=hMyZ`bC0Nu$QS&Ek#
zO~a%fz*rT|A2xIRodr-`)aWsBY}Pn@emGuqLMQ}D+A^yy6qzG~)L)jK{V`ic-w`0!
zGY3f~O|5Ram;|oN)ZrvGtvKgLD4g99ZWOrh8hn#LAmcG?ooCi`?q*q~*S8=0kpUmZ
zW5&2c$18RyT%XQ<rt!1JDUP_lgEyY1oBX|lu@HA~MEhLHeT2HXg(I5j>r!(d`RA;*
zXG9!l9I|b?lg=QI87<_QKEW_CG1;YE0tKqCS{xQ&J<d?Aa|kSCSo+=O!YdN(-C#Ph
z?CAM;v*Zi3nv1O!b|wbPkwQ{iWj#Hzo{vJIKGVg%mchu6@#PM;r;<8D+m+>k9xc6B
z_`GNmOEtTj;_5btI~o!FnH`E53Ad1qp4x)J)-7evg$wRa6S?e67v!O?4b$`3Jo-SQ
zO855gG}UwabKQ2WtSNvBsLXoMAW+Yg2de-3ulnO^T{a}aaE7j8?;_|Pdw~vt_6eJb
zRJC5pUb}XrViy6P&{AidY}Sy|$ckANYObcH-Ir%-k1ed*1r;)qGXv?5M{y$;OgiHp
z%ojR6?yGiMySFt~6N{J@vKV~K1IPi>8@#u#9yxV4NV;80$0w>Yo%@3A>4ep9MwH5y
z>hlIK)tR5*2W{|qZk@SbD$EmIL^Jhb=$QD&=ZDTuDgq^?cD*Hy^-N`Z=JwSs+jM{t
zgFOTAIIX^o{PlvcZWlzd#p!rDKvQmZTzHSx3i5Qv%6EDMiB4kx)I`@^bg{K&#yHFt
zi}uGtKe#%ui)@DidUg16$N3Udxx4*U@2hWQlX0l&RFGzJK_}i4Sdq*y0|KOd6xh(Q
zPy4vR<`1}Gnc+N|(DONfwL6U?UtLJn1=YCpSdQ1agLX0wj4ZMTr|zvS-ARS-3=fxl
z6+nHUH?s0;zcl~{Tar4n_apWLMb5`EC)svyWhs8BgiCe?4#Z7Eqmm(W%OEMzhlq>p
z655J-!3FIn6YgOgTx%SpUjhc<`_>ZM%L^*+tGgx_)e2l~^*1oS@#*5E2P>p@$4{tV
zqM1T?dqpJA%#Y6S)^@Rf(f!Szs?(zBA{cSybpjYx79?8=9cvW998YTNsXyQpr2MU?
zI$a9Zfh{wem#h$}*>idM>6xO=kQI)qyM(k2o@y~2l&}vEVJNqm{&tQ#7(Dr_swELc
zNTv-eHRYZKNdmv%PoJ+SRS-T^^;dkXzzT)Y&9SYBJ$n+vs39K`_%nquLyF8@Q-hdG
zA}BXr-y`uOm+dx>2&-zu-xk40k^b1m%a_HKCrjfPtkCCR_JZBWg4HX~K6wE4JlBZR
zA?K;YVn2e-3l`NM)#`lx()r>er?eXlal!Pv1Irj<o_o?*<MJT5=O~e@+$zz;rSC}*
zh`&1RJ-%fU+{t#`l#Berw&uVk#W*Mz4+sgqr{5w|qxrYa!B!4?H-CI8rdJufDE6q_
z!g}VubmG{4)+cuW1o`yF5B@_-#@~aO`vU8+q^WH*pnl({;#|hV1dS@8X4dKTb?G}d
zaK{T$>)xv;f5C?gHMh?&e-cL#>SdEj_|_<xCggZ$$uq#98>dlJq4#@?+E+ZJcmQ&9
z*ITZ}>&<K}2g(z_9#7bQ2`#4cC5YFlw3O4W)n(i-I<<dbJyBcZFNes-Q+rNC>5*7}
z7U562B?&z(IPK?vlJB^(i&V}4unX+Fk1a{_p^B>J^QC|w`)HU$g`QiD5%!bKsfe8v
zci-?C2;UXPnuYIqfpVnYhzh9gEKPvVc|Q%i_sMt5n`s;;dyA%~zA+n%$SznYooS5$
z7|R1|D%oyT0`}h}m!1Ymyk;^!hzB6#B%dzk60k@U1L(=iKU1aMYxu@n4QH@APQ|Ta
z)bH22FZ8m%E<AE8wk})p8{XNdj=jDJoUe?yr^&8PlABkg@I@Vsu=S@Ym3#J7wutMm
zK3eO$Y_5}I@wuJr9@ir4T|td3x)P?it^OFh(b3r}my7Vxugt9%d|p+*{Brrp!q3Ue
zE=SOz+!y5$+*eS&L{|Mey$L_<Ao3dfy<_Sd?oYxXVz>`2lDHhN*gdYE{Jt5g;?l;k
z0vgB8^|A83#b>TcEy(;*TEsW)cVCTwea*_2mLD(DeM>>BkOWc@g#q(5;Q2Kmw(%G6
z+(iJMyH>4cGzcM2fGu~sz1;sPC8x$4M|6b_HNtO<Q{t<EIsaT!<yv-5aPMPKi<+jZ
z1@K1NRvYw$t|;jPIr$o5G0{2iYwAGT#jGh2u+fW1;MX9gkAnld(8;Wy^6U0gobt68
z&9B;&P|Hi8jxMhgS|6(X+;jiMZ0w^Jx^NP{5A1F8dhH>F`riv))+oEF6H{-D{CZ%1
z-V$Ksnjk|xsXArKcVd*ku3mI?cJYn4sEg@P;$g;wZDR_kJ}#SPbe0BIAY<V7Roka7
zWJgGy4}&VCRzf?507J=}Ji}M<tFy3XZ!)sd5Oj>m#uFaxLc{3gn3wfmUT?3?-Ex|D
zE4-Vlo-RgXIaJPPk1FY7SG}}SF>wB|G~Yd+yXBRF$tgGM3jL+S_)@R}sYVe&fWcBr
z!2Y`RWW5+j82>-o-ZHAnsO#TV1SzFMK~lN}q(do@?hXL~rMpu=Vhf0Lmmsj|?gj+}
z6zT3wcWv^&w(-2@yk|V)d^u+fKQLf$yIJ>KYt8yy)4^^}^q9Yr3e%sj48}(EGUyX%
z{>x$AZJg;u(l~@-YI#{T?>*|sgz_Kbcw4ZX=MKqHB^{i6%RE-<T-fFdG%>JYQ^y$_
zo^;+&YAD1~@#}?UJpA=#h`q(_y^)4<@RB;|Kwy*E_DsW9@sEyMYq;3Ab;@zN?=_m1
zS|v%IJZj(hxHsPk*;9wAXIF1eHlUcKFsk_z&uQKx$RyEzGkBHGYp#L*Gc+3h1iu1P
zPvf*jvX5ZHW7~O}Ffs0GPk4J~>0q&-v0=|2X<@+z<gtt8l3H|b6W;6@ZN~L4lBCd!
zM>@`I%>@5q|DyO)Zebxp`07n`B8p1!7sq%@#vEr$ZQ5YfnF`BzEz0k)>2(6e`=#0y
zt7`e>n*uEsD-M%&GcB#0h&zTts;2+oS2d}%zb4-Rh0X;(0mC4Fv+uHdyYVDGy~3Lc
zC7XdK{LSQoCCyKCXEjsXPPF-N+WY6eU7BMnUj>Cgy5w0LCK!a29QkG)+6A3-JaX@C
z_uhji@gb_Gc1eFzb=JXv<n)5~gmiwkO2W-wq|~?M!kdQYck(VW>N>IMI)TjhF^^>*
za8D$cuD@E{R3Vl0Q4{b7Q^kuK<G|*LSap@51Y=dli(SU&9+L!&$YUpSTP_yKPE4sE
z=auE9%yiucznwmsYAPP15Bj3#yU-k-((?U)>(3_DzBU6@sri!a*=TTYEIdISP6pg`
zr9KVD16E{%Fbsp|2tkQ{C%`ck<phlWZPIN`MCj5IM@ef)5Z%(8BA!Y^@|3E9s2;0{
z<}<sG>-JZZeX~K`J#ZR1_;_=&idh|Z!2%;FH~>fo@Gu*xV*#~|wGo#_ma5kXm&AOj
zJKUy3KguF{b4BDJ3&RtmVKs^EXjoNo-Dal|P27I7s6*%=d4=dc)}%<f$adYDL5+=m
zF9G&Lcb0)P){jQaHP%xbKVLxS#zE(#lty)MD>KfQBGR!s;j0I%U(;$;CST(P>#Buz
zA<Mk(o~=9Co_%f}^yYaoXnRv?A5mhOyqcXt$(l~nza|c9I{Z3`VB-LB*0p){Xx}d{
zs>L2$$X+H*#ftdbKA;9aA!Aex6xRrqWN9qz%m=L|F_U!iWC!bQA=tUOIjZ!yS)57-
zD`ZqkK99flhJLJK`8aR)sTm|tG{$UZ@+E;tb)pKUh&Ay=!lt<wRcC%#ri!Xw0W%6a
zxa^1s&X;J&M^sz5<tvYi)p#RcQ~NdjYj8)n!;lXfzuJ;(yLep5XTpbP0t4+OyQ_ma
zdKBb2-&sC7=(5Zrd~jC=N5kzy5hAmJM0gQF=2@S~^5IfRvC>KM!WV1$NhEfgsV#7O
zh}xR}DLd}ZZu_+O%;-!K%r~S=9PGSzve6R0Y44d^yBx$D`*E-T=`bmo=W)v8M%@GW
zoM2Eudg7ru-=wCu@e^0G1{Qc+*Q^(N+t`qFuH86A@nK|?&-<lw6SLnJh)M7T1=khG
z?wt&~uP@R*%+;F`tpdZ+PA8XFW@O2@4n07M6gPPBSF+2__;Y~lKTe!kgZJGNtvF@Z
zNN?#s!2Wv0j!g&g*Z$UpDSNr~Ubwe>%n<9UKW&2V`8@5Dd2BQ-1(36u0w>yv->ZMB
zKfaHMHsBvls&pL)eQPcq4#tfPrC<ZseKJnDz*`oVn*$s+WI}d+x#%Sip_(@jx^+w%
z3IO{oh-Qxo5BshysfbW@=6I<qXsRp{quY4iZBR9A-15_58Vl06@$`+vNFY5s?bf2<
zV`8F|%xRMsfv=Y2&>boFnEX3oSio|$TH9bpI7V^NZ^o@%(Xh$UhXhA>7d5Z{T9D?f
zMmuEfX}if|dJ%KE2ZEDL3{XNjJsh#sm-t`d1!6l(UFcYKh~YUsVx~g&mweW<M-_X^
zWs2KjYnEMMv3cTOtP0c{6wourBHKyVBDT}SOhsICF`qc<c+{h@f@vJ25Qnp|!-lRK
z|A6<>$=;xjIp7t<ph7nCzU_$qhaFSPD@;8htgE~Cj`|dzlo#AI*7icYQnWsB7;Qb+
z=eKj8umIgbDWqN>gdL0Yo5Fa#b94K3&}^NzbLM6A1Kbtt5;(DL*2$9O)rV^BRTmg{
zJ>V|upLXBQ8N{D*IO`39vVwY$G?%PLvWcSDWGBxSkwFuW%~@zzSXgDS7r?8*_q9X)
zQ>EZ<lZVnuw3Hn6+*BY=Aknv19SKvA+2k4Klw>*4C|<;J{c>QRFvXh8TTnx5&>zRH
zoEbr;F@VUy2;69|{b)9!Ux3$sN`7Fdh)p5DAbNv>!uGTBBE#(Qqs#9pq8&d)T)%*(
z_Q0`$`f_v9(HojU{v;bIE3QX~&PbEb0Sool2@icAyFfYrv_;bHEm|(UbFavG6))+^
zM2I<9EQ+pNbn2ZgU~_U@Ex4O0v9PUZJIUtrrp99gqh%sIt>wc3m*<V~F?@>U#%|`O
z;5O@HA16(j>5l!zrA{gs0BbmbKF1SEpb6Xtzy<P{|LInTAk4JS;&4<9s9WRV+JPj`
zT62-z+M1Hk20!!ei|yH$g@hC61Ett@GVe{8W?rM75#i&@P4_vX&QSwkXG`c<%`oTW
z%6l6Ofs-j8-10efXKU0)x8-pb%sxd!W$z4xaD>7J(<=rNaCBBBV|%GzTf+}l*5B>b
zI!Fb6TDJ78j8=sQL85<M3}QOPb_y9U@OT=ARHBlyx~6r+2DZ|?{BC4ZqZH_8rik;i
z^0{SXlr=N_VVP!ZSsz?{!lVltdpO8;39tCtF4XLjBI4Z3N;JYnzA$gTdigfjo5*6?
zXH1xrn-%l*7w@Mp<1^H-iJRQNkC#l^ZNOhl*qU9clW8<3Rf!HC$jk#i694%|-+uY#
z7GXrmg4g!)$3=yDpCqydC3qr$3D)$%btg>XHMdX2vqf)}${M~xMeD=>KH~@2k221z
zwSVg8k4K+LBOm>ytB}Kl&+magw#NvqU3OcDkt#w%!v=7;%Xe%a%Jqy`ev`~te>AHU
zNQd#K@c0b~q5p}o7ig4Po{QICzi%$@_4YjdF+>aL&=%f6@(;n;qumRW7SAI<7Nhyd
z;A7?Co!+dLZ6>enFj_<Hb%w5awub{1a{<s?4m`hB<_{dogntDJ<ALCnPj#l`B}S#i
zNojVrsH`VyYi5lWgp;VWzXQ!YJR}$iKu(PF1$o$=PoW{w=0zw%;QeD>$)R06Pbumg
ztM(;1Us^ozL00a>0WE7g`QKCu(58iu`=5|iFbY3b<>9kEk?Za64>eeNgN}R;e26|u
zJ_1Z;|5<Mvnsx6hi=rHS8Ck_|Ov^l?yXUJwA|)AkB?(BZh=TJ?hvOT|ueXZ={v4;z
z_z+YAzD*}F{okl7pdBs6MSe#49!O%H?_n2**WU%TGmh3asc5|1zw$)zn|}AvjvCg@
zfKG-74Asrh=4!6?m*lvO{0<+i2;bx75F!7D9q(uFYmP@$0PBcVyYl0~frB?$H^{^L
zGvNObteft=!TPImrIrRE@#FD8R;Zc3CgU|Kwt>18|Fb__KI2rNB>sAiHkIuQQX}2B
zA8kFMF#4wn0Uv2R=-EoIIzy)1Ljm9GM}&k#lU*!8WpW$+wey+;m<F7^xM-|%(s6qG
zaFG&CBJ3Fm+M*9eb0+y*cOIpRIET4xPd@J=X3Lv#Ln!(aKpqRQks+u^{r{He0b+?B
zK%FGi(SD*~8$=}Jao~X^azQN7Rzy*%2V#l1TiX;W@T&i3iT+(zf4(D;^!vGM($P{^
ze{B#)7=%CMO+?#2@qViXP3YP&!0Ob}0!6*O;E^(L$K~0k=W#~f26z8Afi4T(ANl*D
z|Fgq?kCj3^wwsAeneewf!Z@p48a#F!@z^rKYL|_NfG6|w7OG&s%=kZP`+s)Dzh}Jt
zqn&*$PjdWk6^;NC&GSg7@`ddG2%U|wqq8i7e)D5+^e6vlmSymiU<;pKl%gWH|5kp>
z+M&&*h{^x&|Ki_11Zcg{n>|3*GeN=p>wP|B2YJJ>WKoTS-*V<M&iJ3$U>^kI0Rew7
z7C>pg2dUy$^Yf*ln2!HVs4j>5+s3Rh9%KCd1N@2*P`9EFVeg)R*XXZFkoz#{x8(B%
z!5a`IeS}VdP=B+uQF%FHJpFIHf${V|_HhwO$np<3&;*=iecNlTp0DJMd{h!9u}o#0
zxqnV9zA#|Bf)=%pELp&+XWl{ms$lfspKSYoFUhMvy8SnI_LTn75v*juzOc41==}Z;
z6~SE`Ul!{^{8~mZc<yFqppY3tGER+#WoC}o`}Yt1zZ)JfKfcgEpP4?K#Og1w#J?4x
z!m}$L7yK=yD&vLzd<>TO1%eUs;(okIco0}(r}_DD#(N$AZHe#w;Z9iJA`km(^?ve*
zYMOjMBtiT45_i%OGu=g~lZC+&>tNF^KaoYS0G``%2u3TB|2KjA%Rh_(!MDS&nExKE
z$aFxs?eEw%tBlYLhBax2lY<xZ|KZ}cVgeSNJewN0Pi`T3paC2Jxy(0{IK<)nZvK@E
zU8d0APx8O_w_o%hPKe7;UYo|>!x~KvytF&8u%_(aEL+bC5@B%o+7SR&h|91Y|ELx)
zGjUX`h}3qDNB?aRZvDCX?#^eT{kvRZ5SPnvV@P7xUx3r5Os7tneb>f&HUoOU@Zh_-
zU`;yF5g4WDovdUcT%epsA%Db@<oD(ucIST|BdvIUU;?adky3wOGbJ^`GN@yxYKM+0
zx$CK~pU<o3goOvABcAT}Yzu6{&2cha!Q*=%rT4}!Ak~c4>K_K-@8AD>S0TO*LFhlh
z1s+8ge*W+A9*D<#uuf*v2EGC5PtWh24@#;3IPV`wp4x2H@cuvf2!MUDWZhY`&JJG3
z&it$XOYwhNl7FYjf40)-U!%P5TlpL90Dcff35+KyZ)(7~9T6|Mq@_ocvHpjSaP|Ka
z9U)lQEq2itasO`_t8s5D@jC4b+|KF|h?_b;OgGGmiBU`9GUs8{tNmfCIaT>q99w9Q
zR7P4F$Dpw}3&54m`yqEIGtfSN`Jx()NH78bLBY(E!-9d1C%>qiI^z%+ko%Z?50cZo
z(%np2ZkOAE%+1x_Rn|u)PF<1D-5($RH_MU-bk_y`N>X&5zt+&Y4_?X4J{fx1o!|Ex
zmBPc<r;_v0iXu6mKOY>mWBO)+5m0Bni?d_Z*1Giot(>oxKg4a+&KD-x7ST{Kj)v)P
zp6(q1;A?D~_3%}Hqx@eAv0w|ON<DV5_6G+^HNZDSm{;veKeV3eX%{WldoEaQdq1BV
z1l$()5)pFM;ZkLj0;Mu)vhkM4fi(U*OyIp?QTYv)h~LF9oBZTAl1>4gs#(cs{YNXj
zbzArEn}#g-;r@O7I7Eo6FRu5I8ae_}vy!pCF*S@z;S=)-4<Er#&dZoD+?B(fy+DjI
z!2CVRAm{&Wl))ANLovH_;|Z5VAWnmmd7Se{%a+F<jcSy;WMbFA3|4N_q0S6r8*65u
z1=(z`7D1XAbIJi+%h#(wUzT(-5|6-=dj~BEX>LzC=UF&#su$}8A=3JW3hBAiDJJzW
zuVa#@4E%L>)o~4W!`KZz|5_wJaWi1s=UYPv3*O#w-;%$TKDYNl5kb;*h%G2D2fvzS
z=)+G|X<U(h1G25SW6D5tZ-324KS)NexcV!W*?yfxgke|ub?Nz`iSva=B3&5lMU}<a
zak4PLr>Bbg&hFYbJes$39<k_o-oJ1$mi+<?^}G4<xh^Q+6vXKXziRR-tvy2mlM_g|
zDLDTgd(UVPoE89weEHD%pI_jF@Q$2xtD2v>0aQ!hx%Qi(cl16NG*7KZ<wQ70j&~zj
zaNUEL_7>S(ccv5X-meeB!|&Uq1Jdb-3$$DAA&pM>knj&UZe87cBpWD@XJrg#XsNDL
z;Ea@LZSyok_BAZ=xwGMDBARGFH!ED})U)`nWh+QN75V&rtv1W_s0%D@|5%NRTVTZ}
zGW-*AK`6@NfPTHowg4@0;~={IC>VbFW^gB!7Smv+V|J)q&^1#kJUQl@s-B)4>1avz
zwr<TCp+^F%VV3fi9m{PmpMGpIPvv^kJq|`WGy4%BwOIo^3?F8m3%Gfi+-cgFYAPV+
zU;2eM>Do@7aam6sRm`2(Q+gqP_wqsL8Uf=jDB+5;NUOT@qq5l~?{G$&7(g7T#utyB
zvkL$5-uFGH*-(c#IrGK8Ze^?zqzKFY%9T4v9Q=N)$-H)`4IfFp4Cu0LNh4ywjQHz~
zJnQ_s{1GJg|Gkl6gj+UDQu$IG`0xJl^0`^|Tud5;5|P5!fo>Uk|Ih})#X40?_bEhD
zRDyWJ2$|!41ylIo$k;DC1LRF(Aw}!oArUs>pk<EMH*{-u!MsD7Uo(*;CPB^rfAb6o
zAj`A)2I9Ey3&m)6XUKO42?>W50xpD3x~53MdwUGT=!2J=9!Gd$2dm}t2yqwaO%p5V
zw1R&m5jT68@wS3Ur4T6Ew1I-<mUqh=s&B}YO3hv<_3nE(``H0BuEmFold3>U9;{^o
z>XTy2Reh;1tZ8UsGW`SYVwUK$**<4sSm=7anx1fEnM&%T^McgZpd_r$us_aKGcY`X
z5*!?GqpctLTsb-B-@>Xf*?&NN^%iPWD$;#L6pz-YA}xl`jztnB^;tNVF0^7Vy{|{?
z8{Y@}B@QYA!2n=dymwM|Gfd&L`9Kx$z0x-Cc|g!R^u|>Tf6cTz$Oh|)*7=}C<~idT
zz8gs30vs5D@ZTLW9s*pg_pN<W0Z6L<j#nDs&GKr8FNKLCUeFR<5qm%pk-MbMe3y5z
zP7z7dSv$n(KutvWcp1&`!R3xDQKrl9*%w_%&Oo{usP)+o5UV9N$8IDnM+^6LBe3lz
z07p^vS8o672}paBuYnCYDAxt^*v{%@S^b@Qv6BvH2MF?baTDmkQjjIY3|e{fHDVjV
zU)`@4Uw!){gUWfENsJLpw<Nl2@$J$IKmJ%Ds!+G8tJ-PPg>|G*Tb#`*jVLqp;NW1b
zVV7tKU=q}MPN6mO06LnzS-h!WJz1Gqzo@y@65{y%FGGP-EwmwHObSfxMGm%k=ZN3d
zC}7VQ4T|PJhVxYcIGkNe*-N+H3F)cTket`GkhtO&7?PpIy~6&G@vG5vQk6^&FwKj?
zlY<r6O4l(gCIVx2Ym3RODnaB(mll^~Yt!T<eneZGw;kHHYU@}L=;UN1F5tg+1W*T8
z9+U^_6%z-|8=WFxqLom}M<tyQdsz&V;}IOuI*+6JG!ovoOoCo}tv-n2I3W=cnh$y>
zx&CBz-zPD4EY0Ko$`YBtqQx##gV(E_3y<Q_sUEP?If9a6-QK66a6YFgpa6Qa`eB`O
zD_h9zI1+)bDJ3IC-h)3Ci2%8VAAbHd()Q{`MpR{}9mZ6(2l3y1u1i`nDMoC6JkuCV
zzfot7myHY+dcS4bpnCFDO~LJK@u=ez@&<H5Igt8Nzi3^9(LX|B---Qs0>(PL?q`uJ
zRLXq!)qj;$w=O730oTp6vOlZvgzU8_5o^kB^NEL(T;l@ANOOB-Qqy($vl!ts_b)?>
z*HH5kks$~r#Z<XFev$5BwkuEL-`;ZnJOncc$4!z@kmSxEW{`gf0t*(xW8Be;3vkHn
zqzbYoblQvuVeeZZ`Hjb;Q+Na3r!z&QDlRTO!YAWPDpt$-YoHJT8VYy-_M2f>{NU>8
zn4UP88jv?w-Y8w;vaREB*x%xg7XNQ>(aP6I3dO7QefD}ww_!sXu`4_NYv;XhQG;la
z*y=(N6|i8?fil#vd);B;OS4&QcmqZ)3C(9SRg3zpk%_TWIY~eE<G#&^#H5aksf9B|
zfobgC9DM&XnuzCfZzf}6<mdGm(yE^Wq<2%5@O0M5u3_If`(|budTe%1uI^KmpDLv9
zexI3m?c=F{;!$v_s#aql9L#eZ{s<?MlsCfX(mp0arKDQ~Onv}LBhP5OcK+9kq_{r!
zNl&P(C(66{LlJx=Y@r{~VFdPsCm|s_Yd^DDNGywcK|-r1$E)^5;0F6B3I;)z%!ma;
zW;#c+-Ss01rKxMb)WlZi2G9l)nZvnah5Gty1i2a2%I*5^gW3z!lKFa8DFQ6~gWlui
zM&aj=o6=6HB~4=7ROU9v#DXA7WsBA3yJuzDm6i>glfT@v7YN(wrdR?3T%k>7UP$_L
zpA(rXZTc<F%_Uc}-oPe{;#`ZdPbuduk@&~k2ZT?BGdlIYMwtF6Q3Y+nPljfXx4H|=
zirhwyra@=T?yNA@%$k?3X4nEda>z&tV>I25x(ai$A<Hg$CWr-Io!2_vWNq6%CXz;<
zAouDQQe2kdW%kF*^S%RDr>fC;M97VFl!ipLIo|XQ5FL9)mg1lp6zE`!5b@0JX6CG@
z!Xr_smc5JM%ZNAk$_SV8oTrl2hpUTpE4I%E!N8F*Hy`20tIYoK=0!mUY}pMRcDQai
z!%Y!4KK7~a_!CjaXRi&mBd;`PgF8K}SD4h*TfkgYDNOA%R$oAn`D?YW@P44S&hEsw
zZE;QhjxQ0x#<vu|**UI3LihaNQI|4QKnqNJB6I@?_IGLCC;Yv>Bf=405W(%%+eG=x
znHYq|BfJf!x4$Q!(qk6Sx@chnaIlJL*Lg@Fm-(RG1a~!?T1b&@Y<a_$HfTIQ-aHL!
zDpcO15i3SQ!C>$o0)o_htBG<K+-R*6yc#lEnUJc2?3k#i=Vh1Mwlis7eMhOTv$-wT
z=ggGOEjQPwG^4dN(o@C@TPzex8U<=S1B#2mSY%?d@dg(s`Sy**59QBNUPB21SUv`n
zMs(7GOeTeUz;XDd)lYMKDGD+*p7S$1QltP&YT2MS_sbXNpUG%T%h;b6S0x;Qgo*)$
zj%Lg{Z&l&?K@+<(ajKCe-P6Tr^`%7g#&TV@d<Aa<)VhiCQ0N0$2|e|KsnIWJRWyob
z&!?@_BNbJSLywECb$J-dw9HJYh3^Any9bPoxk>-)fLguNL-jYko%^|?*qqRx7Vz&I
zJh`+Lu{p+F#%uRPcL8<hRi-_PO9jE#9cW)!@|dI3@;6+a8keUnk##jf49B685RyjX
zFxr>6The@>9-nh)9^9XN<{fz2_Whj}Dd7`ET%ueehSp-Z8@8b5YGHxNW?Z;apeW{R
zqH^74A>Z8mUYm#g@3cCnOGO+p-y7e~W;lftv<#Mj!i8w0n%bpIJY#=c;Q&WV2Mv-a
zE{7=*m=^E?0Q9pStbU9xGVGy<;I+{zDTL9`7|e+B*uL(|Shs;jdAGR8=!Ze|5?OiD
zR93LJ=3qQ6BY}9A+Sw*Bwt}Q8q3&2ZYN>^(lT{a{!LXM2Umgas0^iJ2Ja>HkPW$v^
zq^aNG!6=JK8Y)8M+KH;?>tFx$@+5+;Y!kxQ#W2M`MXTmf`gTXd^_rc^6m_D_HPZCa
zZwj@#2X`Mj>lb<4zjlyBac&ArH!mY+$OIK%CM(?Sv(TkR1$}*evr{;$dO@X!O-}gn
z=4c*_hpqUN1-t8x-Ue5FNZ?7X0LBGP3o>*NJI#>vh2bT4SlH?A)Qbvpg~3W4uoD|$
zGt<r47AEV9k{0P4mZc`JsXU1umCH1@4|InHBzg0Lurc?0#yK2Ob1=x^ZuP-e$q9B-
zY-!jWI`84dH6icCml4=t@8M%25|cA;>0k$|b=_Im=Uu^?28=tV>`p|rI&TeYm`f&B
zzHENmxkzVYFVR3T@SknT8Fbzl(bV8s@fZrUclsn+;ZAZ{b;D!haA%j1NBOL|$#XrD
zpR3~Xa_wz;6!zcvv=9gEWgIu{%#iYbQJfC)(KWeF(}Az;d{)%W8Xc7mvENO+*1Rs-
zdoTtGXiL10o&XfEynK6>B<4CG^i=3hSxl7EB5;Q?jWlAp=4tLpC;QL+u+qIQ(L;6b
zqhk`WWPl#S5(O1D!gP;<NP*UvZ$QfmCT*<K$J!7Gz3gmsKU~X>e4p>q2f%w^phLO7
zH0?U|JYJv15b8@`0RMS;PG^MPfJVakI;1|1;<}(gw`OO!!d!7A0<G|~C~$dHP8YKd
zqF#`z+c41@1JXE9#8bx7iKbl8X!Kv7wkXC(%MMLdSq^Ia@L(J`2tNU6mpLqr#^%cd
zW>YG835g1`fzL+YWrB5Wn_@4HGw^!W`Oq4<(QjHti^rt3w<oJipblTPGG0+dA{$IF
z#wTO9;9E{LdpDVEN?k8CTHA6)aAvv)_eRsR=WHvQmUUH`k0iV(ri~0~SXO88v7V|-
zD_YUF8z6E%#o?LAee_7k@SM82_V`3l&Hw0#``ml7B#n4AMWfI2*LeT70MnEBtsLsR
z1?_B!sR5s__+5E)QRN&JR8Ad~=71!oL68h4=fENAxw^|D!6PapCs!bUOv+P^*_ztd
zca@~h{1TbjtWCz9aVkUEq{3q2`0#ns^`_b{ZnFF!H|oH-CQEu+8oG6w3uuV#>i6^1
zh=bcT+8+aq?44;)8@nklE?la0RGZA?37h6i+$&8kG)#zsEz8_~W~p0xrtGB&Ett1x
zH{;xP*URZGXcFK0q*Lg|9~@>MyWY)XtzM~BhF_M9bwK;Bp?->`&&+IPr+DY|z&sO)
zhK<scY~xi`WAWFql7V&{{T4yo6ou2(Dh}Pr#;bt_^(fHr_~Y8!bEN9$$_&6-14Lyi
zQ?t<$orQH0x@)0O%YhHos0K};-aaqp-3`XJv@niKJ9?Xn^UHbo(`VIojD`huRefZ=
zWLcL3`+YH?+B%0o9te51Uw`+$dWm^|f)t=B@sjx$vNy4ZlL^asi#+XL%l`IEsHMBO
zyF6!xj(57XrGk)KYN}+#8#tL2T3cJ^@Y#(+^A&jAdK?x_7Mo(g;YCeM#Za@&7=~zm
zNAE@YPC%m$p&N?FO`OPBL-B2h)n+fP{3V>82svG4EbVgd>$Pq?iaF!fsP;Rr+=Sx`
zZqurn=xa*szlp`OWIvG`z=WIotStI3-x>k#(mP|uZz_>75uI7xGDr68NUR4KlK$~p
z?>)B4z7kA4^};y?-GvQGJ6$`(4Nhg+)(^mF5AVbNF($>aVpj&JibI9Pip<7XOS<d?
zm>~75)juF+C134Y>IO`Q$UJy}qS)=G4??Z`AQ)-e&?xi}zCJT?`I$Jt<+8=cq*a=M
zCk8sq2iM=AK8a=DB*KkHE88%1CA%639s>hy%4-;j?d|PZR4x)wxZK|WQSR`ULDdtd
zCAY4FIJ6ZB8nb(YqBlZSbsik&>tE8#b>)(!=Rr4n&c*I-W;vU7d0>}S$wNr~CKw;V
zd>Srr8;M=M{ibAvStE;E#Hz__V%4Hs)nC)4x5r;8JaE!NDS5O+g~&DKg;tf+JBKm1
zWhIjBnTkGs?HLG4=|<Hj1`3K=2<EVL@+kZYr@!(s)dO^+Xls?$w!<#%mgkS1$LVQ_
z*ma%(w$?!-2dq+OHn|&!G2?MDu`aaNV!2)@goQ)%0-t`0Ya`<FO%>>oWQj=+x~;#v
zWmZGy9@iyDZGms;XF7hKOT_we`uloIT@3qow)YKAO?_#Kfhy~7QPo7sq_l@$QFVUb
zjv6@_u^fIaE6wO}wxK>f73Pd#iws7o2jYHlqae-{W2<ggk79keVggCQTP}6zt~Au^
zW;bqDsF^9AjP?q~rpOXsM};@>Q9!;hF<OS<u~PwuZQoD(0P<`LR+g<lO)jI8A(p+F
ztl}k>WwBF}9~~>nHB-Isr&X9<bP2OfUEcFBuknmIYtyC#n@#+&NUc5nJ>0&hmYOAI
zx971aDjkY2%6#GkUCB9hL^mA1>i1%#E#tL~Og@FG-DbUXAkxwH_6bMAhkt)O>Upv?
z+fTGPz-TE!o%X|M$I9jB`s*H9%tjhTmoy5YmZajUF;bn%tb!4%xO<uv2`*KnPl{@a
zUY}f!y@CYECq30vAGk0no`Pj>_ix9lo4~Eke?^McHU@i4(YwO$TwThDb}p*JbZs@;
z1?q@#<F^RQOG2I5ntaJcoTRrY2I4r1M0_>U(sOw$Uo+?Ae4b+ZrnP(}-ENOxX1kFl
zT)DVw%A|i&I@COD6q`PBDk_ZS{&c6sEM5JBdw+5G3av2CMGabCw5nAcrQ|(>I26wu
z+1SjiCtWdwN@X$4Z#x9)?b?p}M4D%P!-<f)Jhozb@Xusbc=}?@8gWqn)~o&LGO+!q
z_At2JEB}4#`f<jo>rE9-(o;lQLGw+q9Hi-8D<meT5R6)ZiYJX3kjjCH_q;g;Gk9UL
zZ2(`CFJx>g+uKV)Yv}9Ez-nN%6SfMbY<-R)nDQ?ONt3vIO(4{tCY&sCHt!wp0)Vbr
zSn_~L-*@Hplh*qT)-mx^MbcCmY<-W3Usu{SO}NpRxPIPe3ml)sE$mt0Kg6*o9UorM
zjDDN-*p&B7YF-;JdwjfOjUObRz~SEv{NUK(5<_3p`|{U6=30Dxb^1}W%@zReSJPUS
z1lhnW5D6ca-`ZEln-;?bI#G*tb6A4;$5gANgeZszAG;#4^FPD0kFTURf>rlh)wPY_
zK^&WYI)Jg6*12tM6@=`As$&iH%w=U-t)!wZAJ!KV8YT-tHmIb*ExUEI_4=xpEaK5;
zS)4W)tJQ++G=&TY{+kd;mB-kK=K5k-|C*U%VY|~}hb6y6?A~U~%Pk#vNd2hjBL1hm
zpU3jU+aQ1eVML45Cy%1J(kHaEQxb)~?7AC^oIfqxgS(4oLtYgrEwme8HmaO%(cv<U
zcQpy^V5Qoq2LDhwE@82As9rR6dQs{AOG>Bub(DT9PR9<L;LK!~&$sm0R#`p>Avr74
zRGBv^r2U$k)cD!rYu}AdLlT@#-Ni-6%i1Sc+eu_N5Xxqi6{cQwH4@A#8n?%L2f2;n
z<}A~-`0qoWDFy21+XRjfC8<dY9!xSQXVF+|)x=#JG^=@wG{dgbHVzxm?$y{%$pD?8
zs=Mu`2YtgHTQ?gUaXGXv{3N$Xq-6jpIzM{+03V{}B>nm{=Ki=qI&z{St~*J9@_cM6
z?5kFMbN3<irP~RU%|RvU$dZ-yetb{#)~->PyZ6e9`N1PyXTqowUMeVT?oIwstwy-@
zH_u5hk|=+=AM)+(WQppB9+5h%(L?4`UX1zIH@fZb>{u6>zNPoruCn72F2FR}DICoj
z8smXvPpwNqw9(z?gQRXvljIc^TRKJehx6Hl<&i4hZQT{~<EueFj_ha5f=DH=w&uDA
zHL2OywGWbBDMrdm-1vS^T{*baooR8tI<HdStagE9;L)e2cS&Y@(G9VMI2$zn<=H>u
zKwG;5GTHB*Q&|5)-20-fUCoGA1=|$;jv(uyT*<<im9?_<55tHW5##(oeMTv(=wi2~
zZeX7vpDj7cKE~syR6Bu_`C_jl@&^d`@;`}O?%gqk_cFMh!(sMEfKgFTkjnj*(^rs>
zw@9n(-Q9a`BeYk)6h*UTtoFt9r0VhA;Po~$p#;}=tx^S?^TdKMyyi9Z>c*M$>nmsE
zv$V)O_ns#UzF;(YRHEFNvl*?KJyH&|x<h*l>ColVxtnKo&=}iMkv%`p0Wh+KXr$O$
z@Ii2EpEOVDSQ=W@caP<l{9OK;KaIN>u^R?@UqPt=m*R6FvVj9mirN={abi$yk<V{%
z-OFr*?Fc+#3dsN&T&rkwtTfh*@i6=0`t5!uM;Bxs;1`beS=N0(V&}U3Y5$gc*MVuJ
z&rFhK5WGMohl!xW*bLXjmb>iehaZX#&`;@5^F#%BnQ)MoULV6KDlK6yCgpg%p>JNa
zqloY|x3`;_l<Ld^n>tzbn_y5%6xuf@t}&DHhlI>YAe-Nt?2pxAKZk#z(C_rSPoh6)
zQ}{_e3Vh~IFFP?-;Evz&Rq6GyUWad=U+4se8N0t|*wZ;4#L%hm$PuqFL+#|Pu6wC1
z68%9(X)V09FZlo~wP!UP?OqpBiq@x}3zWL1gpk(&tM^mc$9<%Dv(mI;ks9r_rJXUY
z?Cgt9ydOt%xhh!IQm*WnEuBoM6??54hn8NxcGXyP0ddZhNM!JUP%RT&h(q_QWB8NN
zoRa-Z3q0+XUYMvh7xi`YE2mS&(`^B#+#%E61PpH48U4Lwczn6*oMU?V3B%YS?5bxs
za%x!x#eI&r&)67U`Q6013ObPw@*zCdre@a(T0ZQ2ed(UmiloI_JSr|DEtmT~yhO9c
zOalwtL-k}!P~O4FGCdAt0}Z&g_YGIXTtTbs2FB5~^`#fpb{`C9qGkCoMd<W^ml)k_
zQ4e}iQ!u{Qp*^1yJ&-2c(LVn+mo3AY{6E`(^3OIvdQNKnucGh@Yy)AAq96t4o|iA3
zf^Jr%74ltao$3i|)7G$^e%9YYdLh8UiXuKu`xsNwe+&VZFr6qGB6rEz1Ea3op5CtC
zvT+$4YB-Iy>2m=kAAPRLp|2kv%7ZcHPB=oKX*dGVyL96ZnsI>X?~E2r{m^%v$q6)d
z$XH-|O}FPT_64vTf6TY>oI<4h$H0_Fanm#G5^Z~*l~|u)APyU$MQfby|8TP;jBAm2
z+#c;PfW!_r@d|fKelY)S!D+I=(>xAb7e__7hRN9ejts6@{NqoPk>Pi4B8rm7SH_=O
zJ~F%daKs1foa-J|TG0_;qp2cNO{>~1ieK(*?fggvP7AN~O9R%uPXWSZ^;CmRPY75w
z<j}ckY<_j$?@fC5L>OwB?VPaE7x$z4c=J)1TCqyFPG!AvS16_F#88)00xN|(NnsqX
z<=5mpHmpjx#8QhQ-}yVc%jb9LlII7lE+=zl?W+R?Oo!ZHi)tVpU@_X56Lu;wzoPQ|
zBlU*<n4iU1K2(R8IOvy8>IU@ymmuY+(B}-7Cw~mO`Pr|lX4K(kM&}$dz6?F;9dqJ-
ze>4z$e*s88MyQ)HnIc5Ev&*1JXJ2Ogsm*r=+F4vo1H9MaNp({WV{?URhBLV_uGLt%
zo808nk>v1HJlr*I=wM{=*RwF#nDpaA%cl1<@f9dip%s{oT1V`o48r%*gl<#--DX6)
zb7aUS$4=Du`HMoKust~zPGUAaiKmPgLouOCWQ85>lkwjVP=GP}I5*S;mn-CUB@B2I
zM(M^{@QfuM)X>8Q@io##VJFM8$>3HIc>ve|mmjWp8wNJ62DQ40k=RYV{cCN;Ytcb`
zn4i1M6;c~TbXt$MY@5PcCaqhTD02oP)!wV>`UMJ&Q(OH=A3{jU;-YGrH+-7W@E(JH
z{RbJM&GHJL^xTR?!oN9&cVf@dZ`Kc6Gn|mZ{~q?Y(9U8&jN`5I_JP`6OoP&S!n=LL
z6>N89r)irIRt*^WN*Z~~Q%R8`=XvHhC96ZGsjP4KHK|7%I>X`v!BLyk9Z5kEhg3pp
zYbEb}ex&TXJZvHdvu*D6<^MqtrB`9bs|1?Qdg75v7CKro#>cfL2YvUpMmBGpezBEM
zW8p_7Afq+v?IE+Y<7dWcn+q|*SoS`3P}<ipEC9f0OueNiuwqy>W(94qOe|EDjR*qJ
z331g{T1(XDc5L`Ph%nxa_))pR$|4DX%Izwnsx6M1fy|3GG3PQkU6o?L#_P;G146aw
z^WM6Q+WYm;sU{|m!(91Fr+p+Ci;T1iVC<XrKwq`JJL&M~Vc3CpX2l?L`KuaK^Dx+;
zVA}DMDU>Fce)w=tp!?=@N8S{I_g0{1WyHcg9)rLAw_)@5v!Qh%K^z%0i-l%}ivz-V
zNN=`XXNx56?Mz3ie}KyIR=<Vz218n*QvGfg?dje$AtSl#EmvZ|y;M5wrT~ZazSlU*
zB2F1Ozxj#WO2JQ3Fx7A++`DI|iYO!mGv5?KT(;+9?gBliPa)zBV}?G-_Mv1Qg>Mel
z5u|^V1{z9Lq6#piq2F?ij>t0obLi67`pU;d&E*%DBq($PL<vsf=vMy4UhY$#t&O6q
z2^fvwCu=+(O5A+Hxu*>wBWz`}wC^y=D4#kHA-e>*OlCfFK{iMexv8hprno<$Vr14P
z=M|^zqxkC`{8EO(`C>85W}xt4n#)w$APCA!zS%AGADS?9$I0H=&HBkCy516dD!O#m
zp*&BERE=?I*bX`-^a_1OUuD`w=T<j)^%%SC_St-PF0J?7^q6kyjb9aTYL>5~iW8#t
zBgQ2``WJsg{6s(*ky(q&&*g99OzSDgitSt^i8n~$x~+WlEuB~At~AGJ>Wg{C(WO6B
zrbOV@baf&a(@A$eQ2O$+VS+Q3_j$aq^9F(Q?rgvHPejS^YecHrIke>Di|;j@o(09=
z&fR;TyTeJL_ACaC2|jRBrXs!dwRdmEOC$4uenW&1JaKd?CMHGBff5|kGdBF#q&y#{
ziZh1*Kp)bxi;i$G1QuTMn*$l~AuLZKpED*th%Q*0z<#0Ky#&QzC_Vu%hoRWv=}1xk
zrY3V{yf#HP71r-shWIE{zmqn6ocdkhQ!7dHkzT_8i`jy7BCSjejXfbf5pg+&84^9C
zYQ3Dcg^Rdj^#db=U@a+~eilhL8zSJ~7ykl=h}QUMJ+u!>#Nrd*p>5Ag$2K>Oe)JtH
zB!{Pr$$erz?ALFrBJ)gZ5@h}HE2r!H$K(j~?P)QY53v-)a(JM|SzTW7!72WT?YOk|
zev*JYl5d1!CMbyy6+Zlx=hmY#?DwlvU}!7xm$T*wbObhr?;k22punq<PVr@9m^ICi
zi>cUNeS$Nl_F2r{;9TF^naL5h#706l_rpt4Qf9S0987;^6@b|vu3&#Rrh|@7fN$b>
z!%Vcn$r(WcIa?M;7%aKhTJWp~nAF{$zt6=-C<Xv*@nH%3g@1h6joDZi{80akZbRN@
zXUnm@i%w2Y9&ocaWy!HwbkVB-38Fd{F6!=V6<74MH0U+^T`0LhR7t=c8_#9&uLAfC
z@5hBF<<z~P>iH~OqDC<zGMx?aQeZxCU_O9htr=SM**9A%{PWN37kxS6dFoIi=Z#_Q
zt|I-0IJ1FEeSOkCpVKQ>Zks}A&aIw2R_`9(ZouSq;Ts9l=YHvqzSQ0+xfFtHSg!u=
zz$pZqn%raU`G_lw0sz*eyUymP;)xm!+!iD)CWcnad&ppCXKo&wMKv)Ech>Qd4F<UI
zYdsYMb<CRfKc^&uP_Ve*>0-WJl(EylT+76fh+<k}j8a3I%v6;(rmyAXDXL}e{oq$L
zf%4TaZwD6=n+Ge@DEFx3#FUyGbf(81XBNup_Zd}PRwW6wlvD44$<n;eI}U<`jK&w`
z0heWtr#t#IqpeO1-*>z_lRhGYF!LooGv~^9Z=_ZXgFzPZZt@eX(I=8DG{Kkj3JDD#
zs&ov_GXi)~r!`QRYUbLA8p8;b<G6ehIh9@8t_zB|UrOZZ?%`RQ7TMNI_UE8gE<fXO
z9<;g8N@1TS!x4lXYRs>^b%%LP)DhQw+ed%7rNE@E4gKXD@<1}spuxrFH2H^Ypxx>8
zoGSXF#5Y<bc3kgpGfRWemsR;b0q?EsZE?TGX6Rfd+AW<QU*2OI)n9fmzrNHVOwjW7
z*$Q}~2a=Gj-<F3M_V9?`;NK2t{l@|@Ug+mnD^QWFqa^Gz(5`!PbOLv^>2otI@{o6t
zpAwU_o@fl6@vYa1;9ecvapp)jT<1bIDCUCoA6f>bv(MgqXo{5Zk4Ix~m>to-@3?e#
zR&+e58Vhm%Dw>sGv2n(iLw4^+ur+frL%9Do0q#A$?S1Q>e|$+#7J|Kk_=iS*yQu}W
z1hwt$Lj(`tUB!Xd_(pV7`l@ZcW=`dui??U6^q={v#lGVwMvl4aL0PR(h17cP*WYlQ
zpV7DHATk<LHMXv6E!D%cQFFdG!r^2W(K5Vo^0Kl^9tPRqdMx0+T53b3$ZFWF)=t&w
ziEB8oKw(E;U;uN5>mta7Wk4ZU9Q)_>Bvg}qqdj;I&x>&n4{CIE(NchQj8$qH-4=k#
z==$;GJ-mG_O?eRr--gh)s_4a7E6Ckd1{n4xD{TlHCir10v5Bp+h0t#crGc{XY;`eF
zmCN<_)i2Xhr?kB6#%UERC7zAHPJV0m&8v&p95<-8;S(j%7qfvg)<YzPd{9<ZhwT>;
zxrNSqY^_DHtzZzbblT8cqk0XnkuY~^eCA<Ui<%$kQqy3=&?jjmq1sg@9M6)Knek97
zaC%GF0KjG-+L_x4<LlIA-0i<zq3$16{n2ru9i{6A*f-XabiQijhJmJGS5SE?6j?X4
z9v*iR6RdC3`+$h`3<5}C8yrM1Qu~)4r^2Vuwfmc+Lvwxc0_Mu6GdtVQ7sFIL0}fXQ
zs$pe1vj$PvY}4qH5oCQC&XyVoR?{W*QT_IbVC-=tErf{4f9!2_1~XA3Q@1*`eIG;c
z0d*V!Z$3nurXseBQ{Ze79_|9vm7*<D{_zI*I|dbaZl*A}>sVYZNlWZlRqaLWX%{0)
z91(He^}RL^pQ>jskzIh}wt9>MA|12)9u+qa`%r(q({wq5FM^=|TAIKu)UBnDjK^{Z
zxctzI60|AHazS%2L6dU~G#Gv08+nRsz$T6JXWSEx1k(Af2S9qPfRyyFNKAqM<DwxF
zdLO>=TS2l+{8od^>+I)O22lz&@0%Ik=eVvfZ^XdmeMKU0<XoURXx0P+IR7J{?k(SJ
zQzxJ>gpia<`kfzJ2Zz(cr)Gg@A33!3C8~)wZb*N^lT>|<;^lzJgW)`76ENkt&SAz8
z$X+(aN+_(SYo8O|2gAcb<S!0tIjUENH8y0di+8F)_k#*R<mbsJR}X)FiQf>?9goER
zb`RtdayliF)d_Ha$(s*QCqTQ|G<9lh<iT(PjjJJ1%Do{Pq??UUrM^PVw3xnVUJ6>8
zG4-w*>)B^t6jSZ;3p7;7dgIweK`AKb=+1?jhur=r0?nNIdV`vC+xjh<gWkU5Zo?wi
zucPu-p=$}UO+WE&|4yY*9TLuE{5-aLO0R8-XWs|%UYzXnF&0&gs?Owd7XI-B4|vT8
z8cduCLgQF<BW!Hult*A&F6E$@TA<nDFQd!no0gyP^^HFh7p6f0UNi;uqqT83Pi(p4
zSC=HwUF>MRo$PYeS#W1VkxI<^bycdM#WC@$+H%P}#WmR7bWXJaL0Ca*dU+U)Vda+n
zx^Cgi>`Kp$9qWkWcq-j2Z7rDkQ>`oRTB5cRqi8ML!)8wN@<z5!)byN50!9wH>%Hu^
z6&M^Y&z^jO&$QT<uqTy`QBkwuI))}Fj7AZ)^-wU>J2lCovqOlOWx&d3J_NofDt7Kv
z-}xfEiirc%YQ|AbYFiI2{i1quLTpQHCt0E&NuW%;i_{Y6m76zRf%95k*53_hsB;OE
z`ImIi=4t6fIfpla!jBpY-Ft;Jq36-vk&X|ezboq!4aj^PB!CbPxPCJ^hCAkMZG<D@
zcP~Wz{>Q9+vRh?Yn8@eZao&625Qk6?e;V{o=AF1EH`%ICepU5uhO5||H@y3m=?!7u
zr_>T3M&sjN-#5nvz8}<~mSqtWYaYo{hrc7&3+tAS`qvW3|C~s_KThPW(x3nNRtTc5
zGpzTGJ31ytnt$2QK}Ps%Nm8&J@zoUWl|LIOwEC_~DQ-WO^2*VxKiWLS(4FPqjrWI)
z1dJKpus6sFh&Oo%Zzz-IjCT#U-oBI1gc&=HVjs`#bq3?MPFmuP5N2dH0exqU4!83+
z5xz@Eo`KgsEz<y-{r7iXhk7g>U7ZA{`6%pfWv5?<LAxDRdJ~_@bBdDk+EijTfoY9h
z1RtdlJ^<N%Ws24$9z-`7n>@oiKVql!fS5u0DZZ6)%eF44Gm<BJa+Q^T`e=o3zXJw*
zN0>gcUlZ#YGR+t3>SeN-VIuO=cd0s9QKEcjOKDXu&&F44xXgbBZwQzfCwS!#Y21yZ
z5Y%ZxZD3zWFs^Dev7ViI2v~N(>+-g5UV_?*Qmg=^)}r({h_2s8>Fth$aFI?;POVJ!
zDIQ3sZC3NDhT_r2I%iK*nC*Egzwfy90rdm5ag@k|-$r;;^~XV2j62AMqMjMUWu~LZ
z1l&Hd8m(j^i%fH0r$vFR@2GOX`*6kx6wxn=>2zgbRi38`!YnO~VP|rk`o`hn?<&wZ
zpi)z=jq2KOqRSL7oC_d?k=^o1Wu9%w>fsZ&OGXZ~kJ*6+OAOZ>lVPH0N~>4|VkDtu
z_a3I(X=gdnJ0nx=Ku@&Q>7DI$63_qXBHicmd6Ve+L9?4r5r$l$h^Plkx28~w6v=3D
zRS+led_e1f<L>fR@u9VTEa6-D)!W`qbSu-7EJvP}In)ifwYv#vfm&S{$snkU>dlr^
z`KfZUXg7WYlc(|yHYh+)uOGQTf^c4oC848gbu#LN$CwSO1AH52o<UD+&BkUcZT~nE
zOE~^TXw|eKBi+6lEWC8)?qnaXbUQDo7vo=5xA54yKkgxk<}e@KWqF{WK6V~Fa&@}1
zbE@2Y36J&EDidP#ZTLZDKA>ksSOY14#u%5|)n1s`^){8_AJlE$7U}%d!JB+-_eAMm
zLDSFg1|1}KZ&-sgFmc@4-f6xm`o^){4=urZm8pOvpDq$^HrTxC(jDLNcB-1S%685l
zv{UBk(Rt{&CUTnQ!R`o87;D}Mz9Yrh5<SBf_RNwEOxa+Oo*)<YV1VdL7L%X96oGfl
z0Fm){(UNPW+rDvd7QnD588e1H;xgj~ScxGjeH%KtguLk^7Q^Ngkl|YUbPei~%3#zB
z!&7H$z;DGraq=Ba{rFKDWD^$djPN;AW|9iKY(3yQPt>V=)5C^lq2l2o0ATwa0*Ol{
z;hK7SVNh8Z<yO~7Rv^d-Gd)jzq6mPJ+LfmdD3It&l{i|283VAt(aSwhEGsLsGAa~?
zII{h+u9>k=jEsROU3KXMYC9wph&NxN<QdaWWqzF%7F-80jzB23sp7;8k7<owSMNxk
zTc}FGz?G-#uLbdSryyA4tG0Hl94N_(>88GeTeAU+vwb6$ai%Pbv;HDX<=lC(7LD0K
z>B+T5RY-#bw@VWCc(rx2nX*)Tc&;YMxK-T8+R<!6OOW_R^Ssb11clx9-N?ag<x0vJ
z!``P;)UqER>&<yv2$x?OY04L9_pOS-7P~OH-51?xX?{8rm>X#zf*@U78wh5XnoG9p
zVyC@n>}Q3U%`MdCPd#$;BegyES?0^CqCjfC+IFTF>5J3xwQ5|KqB`7884~;*tF|ak
z5u{X8>KxXo^2a6_orlfCRp}Ln=)T-J1}*S{T1E#zPWYavNK46ZCKLPI3}7dK_><K+
zIkvUWt(65uV)?24rB)Ti+PT+NK~c4I6E&UA;Hcb8kfZtF!C~11Rh>l@iPIflg->=n
z)7m<9#wa;C+nSe_2QU-u0H*Lhg){d;$asf^yLugk?}H#}LD#K}6<IRT3mxlvk8qvg
zqxY*P7DSiFUmQ>waZ?+d)D1a4T59)|6MbkS9xPG!4;_J_4wl$UdHbe<PqcBkJ8hDk
z@pi$>{%|9eRt|PvID2sc4=;M~f?6exvgL7!xv~w3E+bRB2Cn28ZL#{wDf-J~fw%7<
zUG~ty^by$CZ)0l;XUn1Zl_p<ZP@m^(89KOhm{)l-UwZ9dn?Gu)ZI3<GOJv8T?tw9s
z&060Bh2~)xsYyyRR`<1a<wx2b@2=QVE%N9m(!QWlvU(WLh);&BHDn9Cv;B%luWNjx
zluH}KJUb(q)j=cb>-hPB_AfG>2sz*HhyVu!36BbVgRyY#a^Lw|?8KFPw!4e_lmYwh
z9pZ2tH}_JxkF?B4j9atPg&Zi<jaMhSm1g}+CCN<ReP3HnRx%Q<*s3!_a7cL={Nw2f
zLrtL`$HhycKM3h@g+S}ET$6_i&-6h^UXlG$_txDnrFf34`t>pTHYxYMadcWt-shcu
z=73Y?djr~nJ)B!7vA*4!;l?Xy(HaA7H&^!4@-<{xyoK6EHv#T0eW4dAI-!g)f{Nsx
zGt_IJM1RQEf)SM4)76PHER%(<>vC{yH;pQ@EFE5ffisWmOa94b(>wZm(az6JbThr~
z0}sokwe5=OsZM?p{}nG$-Xpv837Reo_h=^Jh#?T|!Sw3gUXm3i5*qXrmyagZ_F7C9
zqNtnWRy=ty=i6zjmm|jlTwqxVWaBHA3cHvhf4Q4uVq*Wuk%O6CPrpvWtS?4=tNoRT
zUNjdd5~04bibEKlLl1l0!7M9LV&`IX?G9ca1710vTaS@@NB7t!Q*4H2VGn=9Or`l=
zTM&5*y*im-T&4uZfO~kHVal)NYZgd@*<i|Z>S8WTjlSfO^-Vsw7u{$?r+PNKc>Yk%
z%fh_1y{X|Ir)4JkrHfwB;x&QPcQ3X7+Ts}DPyO6{;nR}9Ve_HM@LWu97?C2Ze~KTn
z2p{=;d6)z)!NGL;q6W`v=Lw85!u)>un!KrwVC?;iE42$^N~g3}P3N2N*nPdZN`B0I
zYia}6CH%1u)F;kZ;IaYf>N3%TAY5EN!q>9z%-SdhODau*5CwRcJx_fzW7i>Z%XCmI
z^L1{O%{37|xM4&rLkPL8O-Bmns4vq6J#zy}XA%Z`ubBr&!mVv`9aj2Cp-#0T-wZ$E
zpY~suJMI2>VDq<ypAsL05`1bmSg9|^qLBY-$mib!XKIG#g;k~2-lto{;a)faw~#c@
zxGjbg>SujWZ|sXc#ac|q%~W{u$}ihqv4M&4*5ovP&-n1rMhpw9`Xm$+!qi!}9jF^t
zK9k|P$3}){Kd4^L3DQ4!0sr+yLFwGz+p1|P@U81XnRAJQUa`^wbpck7Q<VPq)YqC3
z#`oolvxPyNse60=)iq7Xai`$U&H&LD2gdzwf@+5qd5{85uKs>t;XjthWj-!B$o=V#
zB5wE^CDNepnUcd{?tOvY1@&3a&LJ@s2Tq7&33^WFV#p(D+ohXSn+E+@?RvMUx5APT
z!pCLTR6D7i4jE5EJd3TZMlAaae5KFd5EaI>T%=tv8a8{GjU;tjPuBX!v1-3o{Dp+-
ziWCcqU*&#9(Y?DimnXevVpu|5>d{1_82E}P1`e&WWrx<ii-{pyJQc~Srm`i+BjXVz
z#m8sD`Gcvg;wOb9R*c08Gaf8Q4RlyIMq>-&sIgG!hwK+KJVsTGQ(+yH&pSh@hdxp|
zig+xay2SU6jo9X;$-kT`^&z`zvI^A`0KJj6IWp>brkgwk1MtJ^&wvreKb$@iZXi10
z?X!1jCONL-L5X5;Fsq*Rxu0YkWcgxfsVtkY(}#>%^KF{W*^of9S=Hk13e9NA_jjNh
za^rAm`U|Mds$RVhmp&0T&y1hAhCxp%`UW>H(htu}*$W8Mzg=jvGO2vd>mz=n!D860
zF*(Xdta{ou-jcJRXVu1?*0s>nQx)4FF~dKhIP~k+8~CR#8YEBGwvB7%?J@JQp_K_^
zs8`&t1!PDj_9MQG6IQrT=s$g98=?V3{CM|A+iJkcKPlxS;L->`y0FO^ES*QeG|(8u
z?nP8L{7jL~x+WiGKEf;Qg|uvYDJXdLb0v1l)G=QwVq(gbOPCUXblF=})WenZ1hr(6
zQYGDXrfP?(?#|v=_m{ebBL|5i+b@&;4{dK9ROQ;X4=W)cN(!hn(kU(7-Q6H4A>AD!
zASKc*-MOT@l#-B6C8SHb^Sc(v-p_va`^@*(Z^mI5b=JD?E6zNQ;{*kYxTWP3Pi2u-
zYE^w~k030nk{6^19vblIWLUqL3<B4=k%bnmzyA>8$jf+6h_<}Unb|wE@kRA?R^n`s
zuVAt4>8t01A?sh2?uJw+V+5Ojq5t`=r=c*zuHFmZxEnHkuVAskf<bZj4Aco8VK?H5
zmGd+;zQzf0_!dha^oTC~J$(#h$K_|8N|=sk+WsX@;f0p3rh#E8&^NUAhF9sBn9II|
ziO4B?>2THCp%+KlwJEW<2m1UXH@@YLw>$}0v>m4v`2?(e_*=LsI;a3tXnui!p^*UC
zHj^(B3YL>3=#FQ}$K2Hi6D`on%~R{=dg)1)zXffHC`d9T<~s&KeAUBT8(5(^EmJ`t
zmWWi(P5<G8CmE4{lEvh-AlbyjGT#|b{UbO3-l<2Y70+@3ueaF@#@Vw$^!=^5xY<gy
z2)O;b&o5E%BZhorZ)shX(2lE?-`8q1Z5F^LYVXF;0To+B^1Fs1er;&Gp(^N=#oO%u
ziz({K5mxAK7~8=W6j5Ov)PS#U4%gD+Ko(fxqs3{jjO33(kO|Jab#Ii!2e6IGzioiD
z071sCS^KDk6}h3ujwua?-D2iko7A|DYL_Rw;VxY5mtrS$VCMvb?<CLkC!p@%`v-B<
zU4ozR&iqz?V`fn8tu?HM;&XrM!ZkWT+1U5b^M!%|bXQ-7-&aSic>7m5wnGhW2!_jI
zkK&4-Ug6YT;d%zZQh%KR<V>_x(v$!PH;obJ=+HR~WPgT}z&d^JudgXvoo%rnvKIy?
z7%mn(%IvP#txnv{%FW6_>p5QjhZKgx4{vc%WT{6-&6Q8jN3ZKS#|3CS&^jY749Uh|
zj2M{IA>(%+D;)+NS&^VI#`@Qs2&dg?xviCBID~AWlZpiLX>D=?!Lx)d<J}8AOhA_w
zeT3)UP%4<w=z4&wC@uW}3<LKDv6!)mJ@tLJf!%gCM>8GQV=$~a>(!Gd<qqpcwbqyQ
zAKL*<oj(A*c@NhB^WEm3Hu?<<|1ByKfSH`*Px{OMr4j-c5B!GD&yct5sL(N{clGQ|
z(14r-H<F1>Y_%?}YGK@I%7i%JrHbzA(Rvz^?|xwzjaLv(fFOcJd<GU#Qy~}OADi@N
zV}QOS5gxRke~!<IXN2r=t547e#kG|E43Ct8)4k658)(9rY5T;|`T9lHVYWX#vIUDS
z%zSq-W@ndd(Xs?+cq)e#Il5rTma#&Btho-B%OaD*SniBJPadiZKT#bZAD4#1`fn5y
zMg1WX{b@P;3G1MHAO>@KjtT<1jtQZZ+ZGm-q0y`KjGc{xDzJE)53xQ7JLIQEdnfey
zn@PO8X*Ug`V{Gq|kJi;A8MM*(OevMr2J5IT+ENAS73zc$eL;nOvj98-A1%Ey(myZO
zt)(PFEB$lBN|k(XiIZ=~pv^Ofmgfw>Pg@T>UXpq|1#Z|j`(29$8bC{Zgo~S4v~;*R
zC56MF`&uoeShapT*r75kJuDXbjdx)Y7;sQZ|ChdkFSOMCp-IU9fF=D_g=3Z<1hFXL
z3f8bt0If(1QwJJYg+jDy+Y=_-ty*b=8X9tPaxIlWc!rXN=x1WG*e;9qxv)*@T(iv~
zDbSsUMMm+|d<pnAfA8+CfGG5Dh)8cv7AI*ALeig>kGDCnZf=$L{cVU#W}}5J$#RD4
zFxuxk9mft3YE5+ROx*K-2X3l@5PzL9ty&}ZVs|3D);zD%B{$$*&kW0CcoKeBZKH&P
zA;18a;of~bZtdrtV3zh@Yx|$SprOO<pAZ5|hCUQ1@aNFKB?0%*<m+9W5YSM!Fe8`;
zaueGT&5KevDuF>ZHc{Q*PGfRZbPQ--=D8i_ZU9^4Ncmo`5Z`*XT@Jd?-e7C#o-6-{
zOwT{Q`~Syy(gM!+U&a&eE>PCjt|`r00{SjlT|%>lNYCyYM*<EvoAqp1FTAh8KR)_D
z-b^2A@`Prw07q8#Ry%|WbS@IfMXgD%zoVraR|p*ZZFs<)br(Q)fJ+1)TlwUU|4WE)
zIqLsfFY%jtG{2&l)}ODQ)q`>MI<lfkQ{%e+T-O2&s8R$X6%24q!}h7n6Qp<aBOl_u
zcx`t#?eU+o-aqUMRFXmcrqAcMxSuxk=YwBLg435Bh>nK@wJ_-Q^^DNAj2@t}cjG)#
z5c>=@$BB2X5f3GW&;Hjkc$3~>PDvfg;s3nSB`~*6SCts96<<Z30V`fb4OI>C4kNka
zttKvmz!@n613(GQ-a>3RXhDCR+l?LkkDtC|*Nq`Hby-5rTRWZ&uBT<f<CgGi;NAa&
z<-PW+{|}b;`f_jYw)cZ8=`L^whCxqW7{7%a?3%^BX5w)g^xyx>Xuw6>RA<A6!T95w
zJw1*E_VMC}<jM#Nblbr4ek~UR)6BAqt7ZgjqN!`}TUMEKOxpKXf%t-Rl}p$im^9Hl
zVC-@t`aT60^!_LSqg+T3^}qBu5Y=vupmmbKKJFj8q7AK!v67X(y7r)@YR+#(V<Qw}
zp>5hwt+T~gs{J9kSKQx2KM<iwgJTIF$vb(71r0n%TUyj;?jQX3alGAWU)Y;%e$j({
ziumXJBtwHQ<C<p_YPO0PI={R)B9zv20zc`y@M7E)pO-Vkn3-W9jht`6c*xY%p`3w@
ziLxmp8ENTE1VZ-!5HGZ;)_Z0LVp3H1nz5z<M>Sl%bC924@uPAuTPCqkHE>r!608Vi
z(lH_~8@Q85@cxKe<Bw55R6K*&+S)3g^Sw#|z;Y<bv*8xMMf$ggoCPjjvG!S6q#OM0
zy#54`cV{sBm%UE8`;X{SMQ{Jrn;-O$+){r$bacCpx?6O8&<8F-&s*UV)Y0^s)K<<<
z_ToS0$tH0QXNaM8g+HSRA>aw}Jo`N+y=Tl`qEdjHXEoE9e_U-d4~W%`y_PDJIE!#V
z)n*qSjrc22!DkDfot=0`AIHwlTBPDF`G}rBm~AU-_!$KcO@KDIt>^-&M!lND%d5tD
z;^ALV=1+e4Z@t;XJJMUS?)-pz`<#DyWbZJdn~NN{%1`mfmo!sA{b6L+mt2g$z$72C
zAL_7TI77Q(UXAYi7fv(%c}guDZ!doN6RO0X9$ti&m{~$_Sxoq+>Sn%@K=3U09%BLk
z!{GaexF$VugsY%Y)=pYA2D+`LBl%dMpcxs|4V|8Ge!OGZ;qTjw4umwU3kM>upx*5j
zGC<yyP*^p7oE$DLWFqAA_?UcddoQWUexmG)n%&|8Pou#%5@p_Ow8d{pLung>bY~4f
zqx9YLy1<Yk@tqx{{4vlAhW31YClLE}XyCrsT%H|xMdzzQ(%yUg`XW+cG&DG9GM(bp
zKU$<!ILoi`?}fR8c@2<&f6Se58^-VffJ7Z(BI39FU)KN$TYcA|JPJ2H8I^q1+ZHvv
z$iiY#vsC*Sc)8l&m0BPLh9N*bTKI-(PPSnfDy$1#ftg00gVnwAIY!$BaqRMt!?=e`
zr=fS?bT3~e8upUFG+;y%M3o88TigRTskOPKEPAiqqbOH&V(zeq;p3@KWsdRqR#~lh
z5S_%;SS5X1G|Lr?0OZ#YrH|jM0gTD=nm||X?YB=iGXpW-bVW%FFxh{IMDm?K4?W(c
zam-6jq}OYd_PK|WIy}r1C-v_)e@=FDB!-ZLt8RlcUtoM>B1kyzUu*SydgD+l#}OD8
z$QgD=qb76$xHW@SGY*aFht1k`dH{sZ6bZ&2%t`T#FtkCeFBSHE0AhybU?>Jixn7ux
zt7M9+a?lSszV20Y&jgh*jZ(z!B7-=G-BRY>^7m5f1Guc;Ga%T~{(MAS7X0qKQJuFk
zqRaNV1s^`2BTLzaLO9S=vq%8Q{>5pwET#kVc)^psg>;p=!IdUV95>Z4J1n}e*lD-a
zhi#9#wkjV$lerolJoGp;Fd75WbRyf^n#|*7GW+%t{RPcqjQ@6>!l*aKX}^a<^hPEK
z?F5?CoIG>DBfeHmD-L+xfLz(xJp;oKA7jACINYS?#hGB^o9t367sI?ryPd#f$i!;q
z2unszDt~exYo%v(sNCTP+v)ErJt`iaDGQIbV4NIq^pv8hRr1_VcI|ftML6R;!;E_3
zWY<TF?6hPl>^H^(O~+)jF~}sTOM<EswQFpnP1Tms$3Dm;uw=!>8AL@WiiucF*T=VF
zee^xqyGjST(z)wk4weESSmmzIc%`(^+c_%kEzwajGKPcZzgWjf{B-%7XELvmi9wd4
za?;}o#=0u+P^#pUF7_sdLX!#vRDw(nJ0rUj8G4aVKX~j{(59?~?69ZEtWWC8UBHa@
zYHQ*qOI5=*{P1#gLP9w*sTk64O+Ysyg0~L&OYKMqJ9KQj^T)V@wqROKZhnxy?FUrU
zxfZpHl{M3V#*A`_t%~QR<cpU-OKs?qc<d&LzdJ`J+0K<#nD)X^E9VB3P@f$vcE_4@
zjP}|mwCTpf=j9j)T3`oY$&-{rabn1%@zH_rS)knlfX{^-y4Tn#=sFfT&lMVfk<_sZ
zZVlR(K6}6Bh^uvxP;bthMQG>VH14wfSf>_`XY}NY!feJeCS(+P9lQ=t5GzX)V*!Oo
z1{R^w6d%U)*0%qBDG;CD9ESevI}dN;y*{W{T*mTu_LGnZjJl4bgOh>aY~~FD`T^ya
zOQtvy2tQ)|>vz*G%Q~!bsNB|iF?)uOoS}4=r)=ip(bN;Pr;m|?tJm!uEo$sn6<?Lt
z0vgPEo*JYh%DRhVXD~}@|7gZ*2!IO=sWbCci=IO1Zb~YSDQ~bxf&K<V(|LrX>q5BL
z%15qEmhSAi_Kz2VjaQd$4i<Q0o#A})KPuU&e#P7A|1DQQoCg#9BYExO(MXY6AF=L?
z_Df_5puL<y=!KV+F<ekG1;(<4gPG?!zFO_l#@|0Fa0|zcRBa(Em*-}f71L~(S{-go
z>;r@UI5^KNK80c&BPn3`lTS6mDHwFVa&a_cCwsrsqx^pT{YR9-01PY-!++P~*EvVm
zR|9^eYpQv%`H4EU620n(*T#xIwjx1l_xUF*dc~-&w)PT!CY+>YUh|31<Vr27tEG#1
z+I}xo`o8~8Ty16So9fCFL_dWE;K0^*K36!$Ix=&4ZbQN&{bED0LwdN17c(XSRp53L
z8fU^IW2Jw@=R_|FI9#^j<Di)5#e@Mf$F>@eh`l({Uf}b(`<`Ad>&1USk@$CTn<mSD
zjRlt9VmQ6!QW1r*g81GziMiC4A6iL6uSoYH+r94q$c{M}?4damrm^b2UC~_ZDld^0
zYV4L3_81Iuc|DSC)sYQU)`8@_(r6y(ubv5JZMKji@NkM*k~=3xDA8UZ(in!!(4ZJD
zE=7j&rBSQ3>5wE$CMHPcR9}GWs`TrNpUR~~B>7;ho~Hypr+uoH<r^_@$uq~*6PpcZ
z8a*~*Hlw;IunSuU<KQy-B?q(k0CHA&v~hR2JEt%*P>TzRMzt{YE-YRVef=MifdFgj
z=rgjIM&a`qzNX%!m{wGL&Q^haBXc!hZ6H*Unjsdt+cKk1tyM`2U~px%q%pOb7r+GN
z?gOMRD|yLo)(<f0tZEg~bg6i>n*q#xP=)1HYaph%3~iFjqjV<2uG~}7lqi?=BKAe5
zRANnd-ER)K)Q2QJKVoZxi>8y(pYD7M@-TvdY{W?AE2V&-t>`D!=Hw=&G_4}b`+Vi9
zA}tBKWm|>9fe}f`U(3unZ+PzNydWNZ42{?BBJBB1RExTpVq5+2`ee7kVgIR}p+v*j
zUY5D8DG^?Gs`!5Wduet40w;Wy?xoo32r?;!obO2*$9UZ&3v;9f8-Qgn=vX;^(#@c>
zidW~}ODleI_?t_fqjFs1U6EumpI0)<4sVss{JjJoGb1Arl?3%+^Pk7A)J2EIc=fUP
z*)?{?G%b6usQbz;<RyN+R7yQMEUJZ%#U83}YlE8d<)<&Bq7#a9$y077XNMNhS(yZV
zZM0{z>kl-?N76;4s1?f*=>WU*z1L+PBvIi2jGrna>l>9+SFW~3ABf276J+w=yGjr%
zP%Y{y*Xi-fcCMGiJD-#f3J#uUb&hFzyj`tk82)edHlp$yriP%IZvSnN_gN66d8%uO
z9i`S#Mavh(Kcvs_9)zpqBG<#kA(lW{=i<If7zr$IzN8oDOwbv8sKqf;Bgq_Wq3p*v
z3b3l*(M!tIM&&(FCUl$l!-r2`4F-_lvd^ZeT@0HjB2k%B{9WF^!-$2VDJ4-pioC4=
z5--tJVC+J^oGmj5Zk{q5l?Sn3KEGc?s#_TFt=j$qz?+N<UNuCiOQBR=?WK7AC~|gK
zA5C&SEXRKyOex)7Z!$ol(oikt4oq7#mt>%NrTLSG1l;0T-%ytw7gJ9F4WG&;F5t7S
z>#AX$we)WAW2rTqow!UsFtBR4)KE%d?(46%o|jM>{@3>&!XpK0Y6v@J#(i_He5E-R
z7C&MLJdgE_bhK;C@mNfV>Z*Ir-;U{yi{T7VZ|Cbk!b^eu>rh?%SaJt>lN+e&<Y;el
zyHJ)KI+(UQnoo&S$l*D~H~3B-P(q=mm3+~IsN>16mZeqlJId~)#bGd5PJd1~^P1+6
z8lDycS+uM5b1%5f`bO-jA=+;&He#oYuKL5;Lo9)`x|D>`RGOX1Ab`1FAzP`@b8h>c
zdh*+1($~@Q3|^-J%Cq4lCx=()2NjKve_#ph;(X;><{8i~9F6FniIzA4O8SEV4DV^~
zmX_#xOzpM!yFknhao(;wqss(G%b)xtZb@pE(tgS}arOq=C%!H(x{nda9Vj#l>wf=2
z&y##o-{f_15PLdm44JB(`8q1_qi&m-?fF(8-zso8Y@!no#w*81yfw}{S)Ln4KgbI`
zcLO`h9*Lc1Dk%S37IqfrI&)-bnia|VV^h%{f#L<K<h+2nGOe@3+h9=&HB*64m@L0x
zVZ5<j{A!!mXIp%rQ_CaNcbVRwZPtZu)@^xWvAXP%K4moUt=*hFKylq45F0t5#>PBY
zpXpPV))|B7rQAcoYsL1rEx{_}+0flaaw8}i9B6QJa^Q2_Hv!}DGI?a^6WFc3lav@q
z+5?bAiX%?w^!<9_;e#G#IT~c$_It@*moBD5*+oI8Aa(sc+9cdc=AUx_sr%@ea>CV{
zz}l@2u;j-;?Lk90(*ILY0s#JepO2PoZJSFK@KN!w4Y)j>51r`9!hOQ!_^DKp-16Dg
z0c2Tuzo=@u-Nhn?SeS*Jo*~I+zXl8@S?eFuz+3t>MtB5H7qwmqM%M2i-3ED5_X~1>
z{fnZJPbC@=&n=pqDEGul;&b|LNL?^0F2DIS6i+e(%zUoN#0jPnh|V9C-$6LsRHY}-
zVG^-{19tEm=+5}3dQ9aH=XpB#w+_-yc11HI7?N$f)_TC2#y?(`XDdk5{hFiD{$^~M
zyTEpH5D2jdGBobr4^G_6qZJD^`n=e~qx?yyM<o}{4Cmo*<M5;YG)Rd`Ix~t&;9_B{
z-fG_{l|>9~C_b0$+0oW3nq-&pFNTJd$MIT=IN>9oQD>YeY1j|e*;8}WS&EC?HfNer
zKx`o7H_l}2F8HpYet{L!Sp}l&lkBnSQuhKR;6>WJ(Yqyv-!n5w4gHk6YR&Wp-LZZm
z)wRN`eF8!XOIytDBT)?mPp-Nl`(;`i+%|Khzo#35i$A|8=I+z`76G&X`OfyeXa$|@
z3qnq+=65FA`p2#clJWCCk6rOReXgI@ckgY`zl)(8&~h)3^(3wS6WV!yrT|sQ&x8T7
zuy5fR)VFtSzxj$e0*(NkESTDuGVQ+iF!mc}fr0^#<U7Vt^$ZO3nCfh|i-R;MY$vu9
zW2YV0N>NfWND>n#lq4vkKUd)y*=2+ox{$}|s&TpN0d-9;i!;r(?Q-d7z^WduJ5tIo
zLc%2foD~9LvQVQ4y0h^W)qh98R02aS7?o!~Ro3?NEUVk0`ROd|80_Y^$Q;U+M0HZP
z)hwLfh6ioief~=3Z9!c@ldnP#6bBd@k0WdcC@pE-4o>+-ioaXA<1@}lIo7D?GCDfu
zyy;mET{ppU<|x}&2DDsTz>jNpD2Q5ozU-Pm8er_L#>j-}yx0>TJQukZrVhi^v8mkV
zm&x6PICh<L-$fZ41w#eDx>aOg_#wZh+IGzrf;A0C)Ak;VY&gqpP-`buB@lDpsR7gs
zm?Goki&)z;iq&Uc$KFdlHjiH5b_WNTwg&vNKg~~kT~aubNC(D>2_kJZ9not|YiAT6
zgkJ4?C?J(A=+eHDJmVZLP7>_9I^#PXRi1U2@!(m>PP9^W@w~clddln?#nZIW>rvxr
zgG;q##?aUwdn7qi*I-Yvfzh2~=RD(NWVDrvO21jZXSt}Ulpk?&W-^X|QgNvV>Bs|8
zsMMCA2xiXeP%cz!bNT!V#iY~$6GtuZw23ne{;FnT%JJR>P--kwLB0R)Dx~kdn{eNx
z2f_6QDSQW}kq8tv^@g!z9YFjC9BGkS=;>3?j<Kg6rgJtVw*?-ww6sva{J{aRVG1x>
zKRY{LNb<PuTX#dNBWYY)^-5V@$G;FzuuB@j99bxLR}%9`dTvsJRt?BXMPSown`q`#
z!7w<@GieSba5_*wG>%pNPE3}CGLom{U&O2|??2rZ)RudRO)1ZBh(!aO^7xQ$k4ek=
za!N-@aHiGoH>ZMS+9d{lwmf<B2L*^z)GGN4MBA>*Q%+Qj#Nn+vS$O$%$hOV8QFITD
zSSdEUv;qMOSd^h329n+uq?BCmLN(v1Z^%Ik@Qd)3Y^tU993ul3iR_=B&->PXk8Qf6
zwNI6*&6fNkS>N!9uZIRmzLXGAk{Jv^$DXwdJ4aE(!p(np`m?Kxsl!P6*b4mmo0)+~
z`jFyr&$r+8YBw-arUKG{+}&ZB-SYRLZia)!hA%rVO^G^>oL2f3R2b$~tUhT!KzVY?
z+19T5n%#bRH9A)Br9!uYf3bZ{1C7I~ZCy}e=a*GL?d8gB+FAP1b+9{8w!Grk*jJ}M
z>b|i<!R#<VIr`Ofv`~WLW6Dd$u{~2c7PkKEUYX%}Zv^G2YQJPI<4VSf-3r7)%}U@Y
zOC<dA^72^RMx{@|FkafR6cu=|W0`Cl5gK3QUbXjscrt_+w6NHaN?A7(Z9UhDgyZBL
z=Y^oHJ4H%PUSc*>w_zx3t&^|(hHSIed50v#5NDyx=)zL2<3FV5{}ey@kI}CyNq#dw
z(>ngR$62U^%2bw^Dfe~lS;36!@f`i#$7?VUfI}K^n(;8>9Mg<?{m9wlU}S79)e#J@
zGOw7I7_!Bf03oPjuZa}lHE__S7b^oXxAov9s3T~15pvl2whDHD?C(XU3$Q`##W!48
zNM3Ccye<eC(&~<h<a|{pqoaf<il?vXw8ciNA<a@{Z0kN6pVUv+CPy4QEn_xAfx3{n
zGAtlKIGI3|!oG^3<P1$uaeYf_?jDC^_@gSWZQ>sq%2&G6MpNNP;n07|2{BWfoX^;S
z0XbTskI!<!jFNY(U5FEVV2-5>rpkU860*qw{ft(kt>xZOU!(ly6Yx$_kVCIFj`-I5
zqapQI65>))8DJV3*TTt6&ev$Sc97pxdhw0z0+LbI^5sE2b=k`n7%(P+0k2EXj4%3!
zlf(MYyuBh?#Hv7(9&HxS^KZt=x$**&B_3Q4pBUIVnVYAAYDialL~F0H_vDx?4C|}u
z4Q;?~L+naqfKb<(jmcs=_8N3&dl}~Bn@7JHD~5GwS|(6YU3z)m$2Y`xRk&SUY<A9g
zMIcm{P@?};boeZfH@mI1tvcWw?cc8E3sA~|((>w;(Hs6ys_s4mnIrCe`md+ZvKfg{
z5&~e5-gzc7d(ejSEQ$=xMk-SWDS_@0pc$&xlez<S9Pk#-vF1E(hom-r%HcYgLGaYC
z)JtC@5iU&ns$*<fd5?v#S7!5ioNg04d%Cd$q=>{Np+1cS&_U715x*vtQpv+G^lJKQ
z{Wy8aRbah3NapH2r3BB!KWms_@klWcxfN)Exv@M<j<Rzci1XK>Q-wrluJO4ppk-}N
zTGDTKh5Puul%VaQ%q(=b(5%vISo;X3cuJsYy`agkL?M)J!hYhXHamNg=^xoFg$!_%
zGonHd&+>CJdh^}EDSXr1ERfGRQRfdb9H9}7Xm-t6;B{7a4O(a%tn!7XY%_lLw~s0A
z82zq$w9O<~<+V2aCV~5nK{Fj&U|TNer9#u*4IVI8lM<iXIgBqOa{%bRyaD4l4_TIx
zr@VTanBxnf!g7K~rNQ#kvMOj&#fDu`SwNyI_rm^u-Hc<UdaOfH=dJPnJI6<pyom+U
zSZG#||J3}{p*ksM6~20JuE7dTDrST8FN5kbxx&e}UC(|yQBqL_f?B=ERGkwuv1Rbu
zR2{p+#<;{({i&%}CEHHukNODtCQlD+8wVnrG|J8Qr1j^!-R195>B)|@W?5f0^PB#x
zE-^LRnQPkzDd(F-NwEUaKWPbST=P1<QBr52Tr#)B(a#~B1G-^Put|yNP=veP@_!O1
z%@xQA@t3}Olr$R}wa{ccO9T}t>afzp)V02gW#pfA2)PFum)Nt`7Ba6L;JwFK1-&tx
zb<74XqWR!-3Ehv;v1p9!yea8|b4@ot)zI!ItP&+S%+Rb;f%cIRjqVXu)qqh&pkWD^
z<u)|e7OWldOk{SE>3Jj~SZzCIEb7+5W&sEldq~HLQ`>T~$0P^x=AXLofApNc1l%0|
z59AMZZs!QlLZK_c=IF5xpe-x?rd%JoO^ml-ZP$KOF;tj3WN6~fcwFI!;Bu+za9#C}
z=6nZ(vz>kpj1Y6s)5~i7)-3NlAlm&#;ii-$%cegLbYe}8w}0gqD$E{$lG9))-$&bA
zCCf~`K|Z8SZL(Usffoj?vC56^E}Won2}T(E<fB~E3v*FiU=3T={cv<s0Wl@dvVQM7
z*Zy*f*9#|!DR$H005<dSRNt4`PtG4BdB;91hH|>zY~Rof>48hUWe%*LvTl4|4|<iy
zwAiHte*8)gF9F>OE!^4J;}5SL5x~lGf|U;($?u_6kqBk8m=vdJu-0?7c(e&IFfdU6
zJguRzL)%$Q;(&&%3B*XcEwhZ_gjZCmt@TYi1tGq^!qjTTw9y7>RxR(~?VXMr&Pf{f
z4if>C1l#SCwr~)j{O)bt*<0%kOS{SfoN<Sv*7*i;-gT0Hx7mCtZsHi{?}V<meN-c8
zA2kO1n+>2k5?_Jt8V5eI*zRXYh>TZi@F=`>i14v44@ek+tlPmL%7$^QKuXC-UgTXu
z=}e^hwc)((VoZPeV(l7AIy#veg`YKcIk02U#@lA&nI%?L1fA1?F|saa{pG0_6&Qw2
zuUjvEb+NS$6%|g()NQkPRb|O$rh-W>oeGLal5JI%Q|~V?w!8|~0mf(WvpykbR3t79
z41-0|I#5yFZ-(X3UfUcgz`1t*s8P-9wd=(h0zUU>Mu9qq$|erTO_utrK(?Ah;Ig2=
zJKm70-ni55g+F-V0qY$b@)^2`HDD7JW-H!IQS*xPE-R|2!Z5_byhkj#Q)yF_QNbx>
ztE?>uvUDTsZTA}gjApat@A&(ZvjWMeyQbg!cnJl-yre9h`Y}`j?*1(I-h_&kMYYqs
zV=^i1f<90p)qJ^7e35ANMhuAFr%)R#r7Ki5y%{ocUGE(WQ9;<BOzM~7#SG{-Tk3go
z7wdGPD>@ORrn2law#aqgD+5E8de0&o4Xei6!?3(w>6V%G@=Y$!bS|~Uo+_NHRHe%C
z?z{jEtkJj+W`9?sZ<CnkB&mH@`z|jZJK*15HZVg%2o!uQBc8Ew#`E}q1}d5}7Twd5
zNW4{8w`&$#9pl+$oz**%O^ilx1tS<A;-7MY`iLBTbX&m_=Ik=$_GtHJ_2kx&FuWH_
zo#8&H_1_hmJTFY<+aFRx&a1C33EacnAhk19R)iNj9oo=Vz(}rw4>%b@GKs7iFek|U
zpm4A8lO;^G@MX6UUaM^zh-CWwdrqR<I^mI*$_iSab>R<y+2qOuG%yg*9(oV0Hm_+w
z$!>rSaZmu<^>DU~mg!(763A1OvJfO^$wC5&iY=#V^L0wFcYl=60B(~CkR5%qq!J5d
zyusfer*-~7$d}w`!#S=3e{l>8bc(g17IbJ<qK4aLPeHKM;-UGEdT-ej&R>cuMVXxE
z<_kIH7kN>hFH<DhHMec4UIx5vM#iq+w|(0z71?>p`Uy_gs%ei`%Z*xs1nqLnuCMw*
zu|^s0O1RjSTpMKWVsSnc4}KW@7y4L+-<9?13GOSu#FS5-FdOyDz4Ej-5vqH^?aJbF
zd2wEb^2XK<wT_^EaqZHKeEaF?Den16I!tgEYJWFF!-^trKl-Mxu7SSkZYI+HnBE@D
zWEOy@XBa1Y$X3)O^EK6<ZT>*{{pu3m`gmcff>>w*!vZgf!!8CC@vG(5gvtJPZnp@P
z7UG-U9m?MmE-s<zi`OuIm%|s4XWA_9cTXQAHikUj!CEwKQEc*r9QT$AP1n0bqpfUA
zFb@}uWoVS{2qTh3gDJrAP>`HKxKN?vs(ijO)zcR*iBt@CBI}4YO@*xilvzBM_N%{_
zzLUj#gfpukN+93m@iYGgK*be2SRZo=!0o0dX);y|$KZYv%Y_pH*ooOVdhUTiI1HQe
zO^xWt8U}ai$+KS|ccTpXpdJoO5L6Us1iiF?YTAO_7n~1K5KxeyH}D*)GvLbrFaN7z
zC<XLzEkl{>&=e+{y<x#4H*1Ci;0hZqRBm9YcgPl6Zub85%Ll<kZ_Uy_|ArW5T2Kv$
zVS{;*9U~61m8G$XboJH9hFvPDb7WEgtpfY*^S4UL=9a0Uxu=A(Fc2JF=XeYZ%wZx=
zJk}ti-qR_4eujphDWG$mH`mI#+ln-gKNzwocDW7P8_(QLJf*H%X!+d<<3+>iT16i+
z7`^ZgyOduG;pBXGGHh%_m%;|ryE_QH6axz(+BIM1%Jj=^7x`+dU4IW`P_SAJDC)==
zqwkYqYrvDlAvMI%YJ9=&;XQb>$IvvGq9d-BN<-^T$a~JL+2oldbiw3UvOuNZyEd}l
zg0RJriMx!txAm6%2RpRE5lyLo#yx(-*JoTu@aPuc_qX*x<h^kU+siOeB;@rUJt*n|
zvW6V%`mzO#xv|zLAfD<|)5C8@$U$Q9IAuxTajVojodil1plc0lF<q}vBi)l9j!maY
z$r!nS%XLVBE$(5Z`TC1*AgMnDi~@P-6!fw9O4u2SZ!jz=5DzCg+?{h(5SApV)vR|e
z;hA<Oj(Jh*ur4Z-$d&;>(@!GB3zeaTH|57Md|sZ=$Y7*6$$){v;sL%XW{L|FJz$@$
z3JVI79IOuc&&|z6X$em;mbfx`p7#yELsc*XIp6B)s(ak&XW6A=GwvHPq1vEH7AYGE
zs+ez|e6XFfvNzKxlAXU0YX}>o@|}Ois0wWEdCbJbWHK-(vfm`f%P5Ml!3la5Bs~~3
z4x9_G(2d(9RYrdQ#d-SviC2U~IxK9;7K=tLV~$KRkMnSAO2!{GtKjS9J9uOz?P$}e
z*diwh+;z39qQaTH4;tr`TD&n`QNe!A!9bS&wH7S^;`iHIXh+)WRm|qv*%#~i++XSz
z5|d3%(=c;fGdZYT@3+ycb!Za$)L2s|!R=s{kZb9G)65u_@N{bk*TFm5I7!XF`r;Q{
zpVOBkgUhZsQM#DxC}{!OgSD=Fk>%_&k0rSrH>_8JH#|`Fu+Suu+suF2E*B?7Q8*Ep
z4p*ZihneM`8>rZAr>d<kNQgO&J57y*Fbzze-f97GI<95z2DCjxj{_sIResO2Pq{Oz
z03iTcOY&_dO++r6b2ypAOWY$bpHgboGF7_D*At?@Ck#&ZlB#Ah!H#n5&&;rkri~?3
zn7Pw$yXN;Xlcwm9b{c1TsZ#>}8yi_O1d9+-=pso-8i%z1{OW#)oR>*ebe+>yx&SP~
zak-`PzY&FK>NmioW?M0{+x%G$ij6bIO;fK@{}aqi$Yu+b#CmQ-Uh?A<AvcGbWaO_!
zMb&}{HQqK<`(TdGKmuz4OqW`#*c^d4?UMjBAPQ`_HWDcdCaHf^R9wp~1<f-On+g;A
z<v0y|@G2?@g9bH{lLv-qJDQ+P8m%Rc4kZT-FE&rc{&rD<CSt1f3q)>P(+%7+W-yi&
z-QzQ$`ZiKL)+sP+_<GL0LBIDt#;*+DjhODXm}*n9Y<bX2*cb^;l?v_wVU#pil|^<W
zh52aRMm$r^+vfGBc%ZIA+x%-X;kmBIm9jB)7<&~X_0T#W`$n2v_LW5f1<*rU6;H`Y
zaVUAa`m+Vv8jSiD`6*+hLE-i57y(~BJ&zOktyn4T2oXx&<BBv|N}BZua`e(r3JQt>
z7H02QQu}pB)QYWsfkm66SKmKzu<RlvipV*+oIhb8p?Q)4fj1&ab=%atG7`{kk*;G%
zQPVYUIYWx{xU-i+#R<V|Iz82@xC)~5YA(2Fpbz~&pp0okH~rK8)hDih^$Egsz-IMX
zo><c%Tth#L&Da-CrvM9n&GiibQ3w6;IXbijk2yg$02(+K3Os9YcdOviRc5nv$ZO$W
ziK7*00$Dmm#tAwKKam9$Ubc@0;}Nmgj)DDK`+1naj}z7zaqF9~u1nbrs8_m+IO4l~
zWGg~0e9p2y4bO%EQlshFmyMf^zo!E4msHTpef?BXw^A1W(Gt!<0|b5j)hFfj2Vt_i
zXJ!EZHQ38OBM91>4kqi(-WU7p3{CwoKI_8%57ewcQX$N4a{{0jhet%{kf1h5N=HZ*
zofcanmXZx%YGx;+@(N2xNOVmV3KQ@o2;h!SrAE1J6DO+l?C@PlH(hd$lqdhF{aM^P
zX5d1LQ<plTe|34W-|>@!#V$KzT_TA939^HPG@Lh76crb@^4#%BVvl!q(I@UV7|2aZ
zQz$rlTi79ENQ7Ry@fbe?`%f!cd`xh(%7t!C`F|MtYcxCzWcw4}{?k8Dz8)yfo0cwO
z{@Tuq>&`sJ1-Lg<MB#$wZiE$Dm2h?|UIRZr4C4|jQ7MPC=h`f5tarR)$<Zeuh7+zv
zZR0_vVO&m|nP2@IFyjNW^6zV3emU9Optj~hR=2>u&y%KFsLq(*MNiz9%rRfmCcEqk
zoIy`9WL{-|+QW?s2<tD?qPwMpPVEHYz9~s|jh{I~E$MC_9#)1d-PyD9aH&65<O>Rg
zWKm;yCsmtDOG)Lx15nEWt)}q*@q&amCSg0CdH>O$7c7Osiwk!}G&!%~vTw|u&I739
zHX{^<`{2<CydM<ZyD^IvwdfBWXZGa-zqU4+>*b6`o;stLnKR${HcxL7GgptO&*on;
zV7Dba`x`Kr$Ps7r%1!D^5)3MM&&-rHLhoS%o<o;wG!d9W%C8I^ahadPXK)WHK1$s}
zY!Jh858Q-VV;GU3M}}4LNfRVGtd3ewg<STQvQpYVWCJA7NsXcMzk$KCQa4>SJw*|n
zKV}b28`@Q~WPq9BgyN9kJx9_+0L1n)6k@9`gTuN09{P^YXJ?JPiEj7(zYA4FBv5EL
zs7BekGTzL~@}`6mB}{O6uWONi0kZ)fO&3P!Fbs+^w$N-QCXJ=wyv6$dci=foar3Nv
zcSS31pA`=Jtb#)V78uuhF12?CUVsH!fiBSgG9ph;0`yr$XTuIO1yKGzy8qZ~@6MZW
zHs}*aoA{p>0XfcqC=5LqJRVfZ8oC3v%2@(HYZ<(W-Nd25bT+zKw1{rZTh#ksNXOe>
zwlS}RpxBf<8Jd5-77+%N=@8OZQ`wN9kX?9(yXiJyS^Fu#vaa-@yT-9XA*~;piPtOM
z;r;ik-$vfyLN~y04!fZ6KgR}~kc<#G=uV0JNa%0|2dADCT&dXRFdoutkTte7;<v@X
zTc*z~IQFk>{y6Zuq|z<-R)OwM!3xeBe5g;qy?mlCbShygJwFQ=7>RZYAfop#I0RA4
zpy=Wd^cSxiRKsBZT#SF60NWd|0Ew|IBgUU40I1dSaB*45beeMpF<Z$7ngKTFCy;Ab
zO7wIY?-kHU+5QMl#Pp8fX8-kx&}}AW8KZFhpC<y`&~v#Igwq_X;oDhzL}=pBGx0hx
ztsk2f%Cn~|6xzQF*b2T#{IghJB7KToq`?SCTx#oW=Wj&M{u`Hfdl}(wh60E*zcxVp
zvm4gY(6xRTfLL$a$)~<e{nWzl`e?j;D+X3(7ZH=m4~()(G{=1O8!z4CocJ;>-R=M0
z$XUCalbn(v;&*$JS)fm?iSTY17{xE|)WTv25<rCu5eEvy@0LzWi3h_JJ47iaIfT!S
zncYOg{vE<xAChqKn-daP7R-3lc@m}p2T$zBF)^5pMl(6e-43`7vt+<v)x*8tAeOlE
zh2TfIFqgjxp_e%Cr<F(l_ktXU-<*=rFa_4zQxXT31NNtRf1=OzDPa(_hmu0dq02nE
z=QHgh3O*V)$7C7p_x#bu8v*+N`~C&s-B{Vqc%=`wGe-dq(t<Q10)xu`TneiEIeCv^
zeuQu(-QlkA{HIqvV9BNdl((Bpw-Y}Bj%cH#SE}4D;Bd!(X(&+l-|aT&mcG40T-oCT
ziVRIL^31od$e#)=9m@aqljOQqWXLTP*$3yDNErGG>6kv2E+WuZD86}xwKM^v|M3cU
zZe9T~PWk~jY1j42VyMnp`Cac|QN;Rmi{4lD;GuN^KDArwWhX%d^r2<`JoLiX|8+Uv
z65d$RbHpbqe_(<9Z=sCK=H7b^93@~A>7NE;KRkV%3JX0&XhF~m+NL3pQcreAKQu)B
zdQsfYeiHqqLGjPq@5^<Qs#W)qo?g3#tG;QMW-%3ei*tEJ6K{T#wD%Z_h$Lu_c*C*>
zm4hhj8;M|G?xWKXH8fGayo-g5&7a9Gk`)Lq!ml9U+mA$yM9L5I9!;F+#Au1Bd#ZQS
zNUC&V%7wm(!ELMOQ#{92d~e7W_Y4PkRwu;Hqq8Io)=jh)Wc2#s@m2b5CeB*2gSCl7
zQ=lJgQ*IUy$Zg%&&}_7gE%(k{r)R*X)fFKw%_H7LbYn5ix09dp5^Lo8{6B~Wa^yr%
zx$@lwmDZm(zLdW??yY+hZmjDS5PAcg{wsPXZ+`^^r-3-eR~7`T>yV~&FwtZ3C&5F3
zR7!9FRHF779R<Lp6ML4&i7;}(kh_I>`oF%7_~zT9u)cEt`8FainB9wHFR3k4??+Gx
zfw7PDBv#}y3DRk4`sIe*Mw2D4{M$5q{r$mE0yzbs<)Z!wQc<q|)iu~6sVE@GR1hd5
zrUHCsaDYD08EYuh`7(_HGu=uE!@z}2ATtH#!tzWG=6)A&xSBdd4hsCgPdz^|dKgrI
z4-4a^{Vk(OgrC20CivwF3I4Uq46=uH?Vb(B_7J?h%rg1nyAu^1Z8%Z{o>U&hjd|)N
zbL9qYI8YU7b&D;N#p4~!TmYr|az30F32HNxVs-D5VBzWmK@R}M{7zgoKG>adGKD0c
zwadCG98AnxCBT1P9B;v!?V*0%zj8Z-S6duBm(Gh!tq1VXI=*EII*$iNidUm{^>f#K
z8n&9jdKWv8w-aKzV3p-vEOx&Ej5#S9HToP7+$EYPyPBeb)LpE6s>zE_=F^K7^1Ab<
zpceEo*=0$C@rV^@hk<gyF7r;UtJdR3*jMRqk-XIu<U8WvWxy2=$z8)!K59yBQY&7A
zh=wEp^{lwZAA?8d=Va?lO+L)ugZq4G`57_pRvhy$=jr_Xt_xIR4uOFr`*x->Io!h8
zROa|PA=Kb@ud~<C;FYV*wk<<}V*pF*|E&)a)vHwR%9<pCglilL0Nyiti1m_DloC)n
z0l=;#c9e{M2C8n4F!w&0l$uX4k#lP47uBeZPJBuIe2fDx4_J%uPJc7jAhNJmAyUlp
z2nmg66lFnQVMeKG0H14G?m}boji<%W&)$uvrWrZ4?_9X}@2qd#VTt?e$^ZK0F=8hy
zh}0g4Ti>c*5Xga@;F(6}!k>kK7@X_9R#qaD3tJ?#&$qn8b%dOtMKl}G+%2eP6b#h;
z8Co^<^?#MS9YM;if7KcNs7dd~wuz)!Qiyt$+YUme^dJEh%FhO2`ajxIcm*aVMu$pv
z+dq!KVT<nUYhuA-(EU_ush#uTgS{kgtT=mF*+aW9_UHoDoVUB)y8{~(DKsf%T{z&Z
zuN6SgI?sXA9XQ_PT3dK#t3t09Yhebc;rq`&snmB}E-Ct8RTl3w-Cq1eU~THyPhJNz
zgrlQJb%S}rSZFVi8Om)iVIDqZ$uy8Ywmu(Ms52UVUXH%Fw9p@j+3~xy8)Bo6Tz`DL
zNTZw@h)J$Exv2c~KwH{VDZRg6er=?n%B0G;j{pqzAZ%-BbO+!g+Fk{`iZ??sU%r0L
z12yJ-hG0{t{T1}dW|G(1O`cQFQRJkYw;GCozWVMXtP$ZTLN3P-5s{H?7XW1~UFZ0l
zsXUh5+uM7%*uyO!M=>-XK`ked-AZxyWREs~+!5r3Vdh4MWu6zO!}%&^`C3&d@b^?R
z%UP21cR!0GPXN?{=>Uo5c*EtX**!O<t76>->T_gd<P2a#hCl`UA#Em@&sqd7?^Q->
zs^r4@x|mwAb{a^Z`j2L|Uea!EFuFZnSx#GK=vYYkBm)M6#d#4cH*mhPTPN2Mui@9K
zvSjQQoyp-b%OM;JcZ-JCZ3~V~O>ht#KZ2yA*UpPwrme@1edyXp{W!i8RYd&oYp!&>
z?P>9YBMy$LmHoh1_91}{`)VPR4tWMy)Tim(M;aRJD=TTRE?p|rz{qM@jBw;`HsyFO
z6L0SfN7KZ)yt+Vs|IGDY7FPx7`n)Pn-QB(+kTv5XLAUqRsFxzsL^w#)?Ch(>I=OU$
zBv2yCU|=saMlae83hI%mS1Gv4AdudUN=}w7Gm>T<YyHKfhFA}Z-rtibmR`JU#yt66
zp;LFr0#JSfmY`Tz{`#AN4TM3ja>H(Ic-51bp6PcOa??_uSK>#)u~uszpxQRwK*(xg
z<gDA^iUqCOZ1-3Jog{%i?!7{^k55!S`{R+9pY3!Iu7Z63c@ak6RINkKU0QrhJ>wyo
zLvh-qkkA|i!VTJd0@vKSw7_XT`lYp>HDwBfgkJRlY?i}{T<{18L!Ic)R*SP`9v+@1
znq$)imT5JfBP*Dr!d`IipBr8s{j@`Uh|k$Wn+SGj0D$WS?3U^+NlNR=vJVTB@P-ED
zRN!?%-5_o9;3?t&p>b@lup+PYolXWb7zVN5`Kk~BmHZL33q6Ut)>hADD*xYprHe4R
znjxCB32I1lf<^Ns2yI7VEU)=YM^Vz6C8JmGVZPR_wbsSP^)O=AUu=@b%io3953M}C
z_Q-M<_;<WRbBeWFdT`hEp5qPN_Q3x#H@TAh1c2I_wTAL`=H}u~Lk)k!0J|A4@jGDn
zM-Tmfj83^(nXS2KnZFM1lnSb=7Q!8aWbn9o(#g+otIS4+hqt7|M-vk)28qq>9__tS
zsC*})`2uAHOxwx)7D<7ms#E8P^^TeVzCiS$jBi9#RI6f#VSp<^_&Vt1p&y-#{iw89
zJz3Tx^78UhX!mo#q0jtGscD!CRGi;4dS0Fw4~ossg#fgJ1lVK7@?U#W5)x^5u-`xc
zs=oCZzM+wkVxD4_@JtMxE;q~*!W85RMJ0xk$~JX42rJ;P80jA^C0YfF8=re4f5*VU
z@J-DJ1mO2Bd%K_s*>BZ!A$s`yGx_#hc=HQfJv}|f(4O^p+I)>t_2AT0qF;oN7uK_P
z0EI)h{1@N8$7Gq~dlbBS1(jJW7d7M(1UoxBDym-(40XFx?}d=Si(GFbNdij-z|Rjh
zsSU35P|Z{NEW%LBPo1V2nCo`@=qyl8a#i-u3YES(Vrom`CJ)|uBM6+{!+>j#v0xUy
zT%wpow07AqBz>&o(_jS~i2PAWX=r8mTjc)1SmMe(sV8Q?=MHsh?Xyg2sSQQ2vzTaT
zg6VZ@g~j5YyLCAID2fl_Bv1fRjazQ%F<08-v$|gx7u#P^b}k8@&q@p!Jqvz*I--^!
z|D*gX7~82}M^3*S&R7$`6)B?0jq4Qyun!WT==1vWCkyLN{&GNoI5ukqtV-cyal`JI
zS6*^q$6O(hUkrR(uf5bZs=%<z8EOLM|E`{Z44v}E7yHu_W&hQUhFbo3Y6$%tdVSE2
zSGa<VUBjdj^7n6iE6P)Mus=Hsm*|!o$}AX~aT$L)RQAR>iWduV-D+_1dmF?DSowY;
zF;A)CWY1q7MXTwu3Gd7ufK^C~i(5XX1Hw)pRExEVH)XtfQkvd62Z>B~e8is_0EPMo
zGMpv*K|c2$8mtn)igdLD>5l%(i^;TSIIronj~mgvZS;G=yxI@uga!zGun4?{Xiht_
zbV&8iQ!`$KsX*>sJTrZvZ`bvFr*VHFa#EiWCv3;W5R|X6N4OnGaN>6M1J6$Z73R%k
zdEQ*|)n`9%-4BLOTh^z5VrMNeaXMe}sO{m#)sxeuRT8m}AN0+s14{e&^dy1($2dCW
zb@2wX&p2&n{qtcU?J^l6!^O-wasl=qvf^G0V0*_tb0qU{r>x(ZGH{Shc_FAabk$p?
zs2`FT5gN)smLioJwI}iZRMTNy$*)<`$WQ;hXf-j2`D9X|L2}h$!P}-+1i$xQVBU*n
z{IP+7Y3i~63t__wW>0YNEY5?F=8!`6Q>qA|2W9K@(miL}St9b+md0ot-E7(>y&|Ka
z$qk__CEYe1&PC_pn&Tk9*NuA;iEBHsU$;d|`6wLcs;*^p{T^n6P95FHs*&~>$IzqS
z6qoPkNt~s|zNdJmw*~XDYK0uI2gBbc*8dS4=<@R?Uwzx-XRt=1|6`Ee?t*AdhZRkG
zwhe%%)L#>6CyNpB?WlSlz%Q2M+^=_5E>y@!#ze2*rv+pHvbFJ&NJ`L?PE&YIuhl98
z+B}G0qP6z;UceLXk<`^Tzt@b6jB`XzV8kiQtM&&2nO;|yfPUlEdXdair?FocpPjuw
z{wfqHJht#N>9(Y_^y~0a(I;6PQEcbWWBSr2rksY@$VmWFed~4faUsyY#*AtB3dhPT
zh=+~IJScC44BPNnieY=LZO|9x36t=?!`r|~a_LVmSJb9i%tk+COUHMmb40&XX!~Bu
z65AI*?UC}aFll3E8tMeVK+5ceOkwP)-!c3~pdO1}2h5q0&*yf7PXKEtKN^DT5<`_K
z5GOts=gJt5(U;6PJO)~dyJ*f&oYiZ+K^~NGy~X<%xk@?oAs!Cgm`-MIOoj&Ol}OyK
z;7Y~iTUuBjq!-xH+AjCR4~aaI@zCS89j)HMj6c>4o^)C4YO>$d#t2qk6#{{I8lcSt
zEor}Iz5305kUiI^QMSYq5!jLSVijOM?7_$Y>aXeV+3q7VkMFfF!RbO_;LCcTU?a=r
zvI|!xN5qF6&q6}-4k*krw3o0n=GxD7AP~}$=<(4}8+%S|Ox4Bmp1;)h?A^#;z6{0X
zYe73<;klr0>qtq{CjVIQ9ZXWo3VMGzt#?d-S$t*Wyu_~V^$gGXABDl|V%|0r%r4OI
zWnj=!uf7S8Q(5kwc&a^wA#o-a$>`W}ks_g&TJ-z%8Jw1$EU^W5Xxs6bsL8u*(4HOw
z{bhq@qu}Z{8{=vsL88e|ZC3hoRssI$p4&xlx(Hzzi~L9koH8bbEQSK7^8#dNzGEOw
z$bX;w{TYa_(BzCe8Khts=qCYAtm*;V;ZN(k<3FtWaHxn+&Qn}XQ(Jyw-*aV*(Vab5
zE0_lYzHF@-ksxx3%tD@ewW8+5>~?7O2n&lWsJfb#p8h+fNX9d>oUNH;H*g%XKbQj)
zw?Ph$Gd_nszc32(Z;DKTXXM+|axQSX#1C`b{etWlZSw;*u;d$Iq>eN`+S=L)FO*2(
zD6Np6(dT;#jA#75a~-o~&A|433`kp9F;VD!W=em$0_zhHj9f0tbCoWB)`3fVc5Zii
z>Gn#Yd^$Ne7n|<1A1y0LZ1iahiCJ_VzQ%el`_cg46&_1M7fnXTePV2eg#nh6<6YCA
zFM@PkPq0o*RA&!bF)vmx5eU#M0IoxnM$KK{q;F<9L*t6ug4FBiBR+G&g^q2DydE06
z2;DYdbaV)t%4{O*HNo$NTphZ&u2`E+)mB(LtjEyNGOgTyR&}uMf50y2gYeI+6uRFG
zL^qlIyEb3sKY4|9BB&b_+=D|075LpC9xLjlIoX4k;StA%bRHQd@^|<^NMcAm9YF~V
z{Q!mxGc=LSA{|vjlH6s2#4>@)ionm`PYGK}s1?<fPUpOz{jEq}ojXT}^8&qR0~l~U
z{8?XUE-&>S%CI73LRreiQ%wF6Aw5qG3}>Ku|2~UElXg=53>|C4_nJf%1s4pvu`5la
zRAXx>^i+JPX8cQYM6=m+Jv-$Gk!J&E=9ZSg@nnk;dMGQ~gg?b8SUt0U{ktdRmDCeB
z-KS(~$n`K?2oa$W1|8W3QpF(fEhBkjVa`7i*~>(Rs|?zLaOu{IwAiUO7Z}Mat4)=Q
zCt*SM6?C0_(Rpkce@~#B_GY(yJy5MCR^~Kpn2{Y?Qr->%E=)u1m**2Xgt#MpaU8+G
zfJ^-J1cSq(Vq%PxXEKZ#)&??iD1S8j&L^^Yyiw*mtKd+sFjc{}*}E6=<U%pIGyUs(
zJ~LL4XQ2e`SB~OW>`8$&x)@$wD+nv&JDzKNFW*wm<%N13d-^v{uAU(fIERUB52mLq
zj%l37Guv;^&YZB86*PKXQRF?7^6G`C(5MZL7A1ykcudrh67dHc#3UzwA6>0g;2E7k
zL?HO@YBeaDe|XCcfVJJ-*w~vlzJXE(#HA`eZxNx@qTb}O;QCCZV&JJuz<y_i(vrpR
z^np2dL*;LVM8coJK!6apGT!joS-E51GmnF{Ec|oN!wCc8V$QE9{9+&R^asp=3IXlY
zwyQu_aHFLzzsYjhuRw)X^;a`YaR&vzab6e;+^;811S1Ks2NpCgo{Js<?gpAvZ|(>H
zbi4zYLL<`c(uKr|3g)NH9}&Q0R`udX&O7!-51)zzc`Gqw$s4%iEmCaHg}5x#(Zn*8
zbn3*@s%UWBe;M9z>~P^qj?cG?TC&YLr_n};c4$&id}Gb0^o}pZNO+#fS#ZCZJLc|n
zepGn4k@O9+u<-iSVT?i4Vp{7sO}sCzb#PMlQ`lIeL}cBHAC4Xd8%SBx<#;bUJ1@T<
zBblGq=LOgC?LWulIYMV!Qe<h|+dQMS)qlh3vGz#nq!4NN0Cu=QEtFg~fh5RNAErW1
z2F~=fGTC{i#!hYR2P7qqQ_si2Y-~`^>*7rrjnna~3yb&f-~S`EzxLz=Lf84jBBRv%
zz&|k{e<SeWJTvcgM?t*-l(kKz)<txSF`R7P0@q~)CRS^bl6YJH8l`d^Pnc;Fp?am>
zMe5lAxT?wps&qDQxnFm_49;dY?#aw{nxR|6M|Xyb?*b_0xOZif{)ecjM{`%PT_og5
zJZ`Fpoq~dbyTX`u<nLl%0|9GcFguj>gN5tY45uAR-Sg9pGPyS($wPCF7qs0eqk-4u
z<>gi8V-a+Yi*XId`2MMsayws(FDi?-fJiYkiQ6%b31axT6K*VDDEeJ~kg;x#?IQ*d
zOj)Es_lEu4_IXV>)jc^7A2S=9z*t3+s}k;&LA2O?$>rjyPsi(=7(9+!1T!vo%f`fJ
znJBg+4!Pf{2^zdpm^n{#-oXH6tXxWVc25FWR2szl`8~(7uf9w(y^qhy&K>~L<Kr`|
z-}X_1A0M7=H9c9Awj$*#Y@&L?{cpJ#XV{y_n!S+R{nkT<K#gKMEEQ;x?bh=2iRhkB
zHn_!hyMrmNj}Lxw*imtl2xh7S;dzLSA+H?M0g2q!aS!uXzuB%&-@f>51$S!Ie@FKo
zTll7w3!?n=b$~|iAJel+zc@R>eaPx{36rna<mr9Ce(5<I`Ue?N(R&BK&#DKUPyNxK
ziOK_5r^o=1s@EX>*aURwVX5D_se!pVWtQ@7snjHkV`PpmQj(Gk6=qf5iJVbuq?0Z#
zECe{ZvH)~fhHKid^c7mnKpi6kMiuB{N2@`rm0G|>1vhs@c%9l>J#x0WO3%<LrPP%R
zP#$viTD*v7wt<$TC(DehXqns%E*?_;RW1Abh|c=KEkJo-y4BUzNY`xuehp9rE`E9k
ziu+cy=)(zW%D-P9!=NYI9qSeDzX~ePD~)H9fxCdvJt)U_5ts9jA>iZ3Y=F8YhKqcd
z>}L7M0Vw!#TTYk8PrDuIXc!(Z3{>fYF*!n-B4Tj5plT}(u$4K%I1GbIat~Sdi<(a6
zf)}CK<N{z~9)PlsT!xsL!Z#?FUn+(cTW60+w*x{Z72BUMQqb10iuz<V7<tO|Xp=0T
z?%@Ap?k%9IT)Tf!MHB=jq(f4X4y9XC>68vZO1ir&P)d|e=~B8Iq$H&~q(P)R&-1PY
ze&62i{lE8~anBfMj6EEv+qK^Jd1lYw{LPFK5TNh{yr^<4s%^8|4O3u^Dt_R?_{5(g
zn$@V=^j+^ka)BNBL5zHn1Uh6tzQFBA>>jQ+dXTySg96Up*<v?k;bh?U>#&HWwzRGY
z(dugcLkhn=BsAhrIEJSV`Nq29q5u(-aTUwu_3PJ)zyZ+sUVja0od%2KJV#U=v0H?(
zoYrG<O_sT*Vw~&$6}z7w^OV8)85ieT!5QcTO<-q?m~8y2R<ejshx#=0&ieBAgd_|V
z>-V6dns%@?+4*(bB8=M_OaUk*id+X_H}(=9u&H`|*?^(~Y{|yJwWf{+85!7MekR*D
z2<D+CoMxnhxi`QZGAMtes8=`y)P?!gi}~X}4y99J58<L%|Il651L$39y-wd$&vtxI
z5Y7+}ikpTg6<DpNKIXqOd#Vc<5R<=YL5V;e6&F|JxNKT!DW~w{vEfv0+G1Wa36{Z;
z+HCe)`WJXL^gA@PmS+GPDx0Lcrge9n+hy^RK_0SpYPc{0)4*eqkA`M7p|5JQY;e4{
zdtPHJ7E17CF<L2%drC%Yp}0*?%k*xWC^E1WsGgo8`L%R)g?Hxe4HudyZWfvjF^4n-
z#FMpxQJAm5E?f3d)ohSD<vuuB5RgSCvZW!M+ZPWaNgC9NHs~v%BbhxmCuj@BY}j8r
z1=#ZMSJ3%e6pRKjdPmE)?y0vc2>fK?^88#Ahw=~T{L0sGAFA;L+vB3(6AYON1Socb
zD*!D>bM1TqqeuQrO@UxTtHEp?)mK?c!J7-S-#%We2J=lp5WUNW8`vgt=&)6?&EcnB
z_gYPJwl6^#iB?&{k2cR@ocmD9aVR}#Iy5>Olx7}>M7g{bO`w)$Gab04Z}i}4L{Jbe
z!&gl2a1VdL9hesqSJMNb!FQJXlK}llH(1wBmq=obBz0B07!+cfqPT2v*#JjL?hnj{
zVvF&51?E*FpPYWtcXvJTHT*@jrx8lPaOL-4%DlucMf{>yb^-kNapIH!s^Zk#%un&B
z!6SQfvw5oJVZm|D-rs$x%+`(+H_H$uxZ<CsGksHF&A%xO3|69MSgO3|!T!F2s=j&7
z-PnL6NxXg>4k(Pi0Slu~_g<cQbdGVT6#{zd#v!I^W(l3Us~RPz0))J?Ce~e)a#aPj
zs$+actGtFf!-;%B%Ljd*>gqiJl}q9CIh!Pw2^Uvy--yUChe&OYCFdmW)9*nkByQ^t
zcCxkzIgtg11&+qdckjigS?2_H=<5t!1!r?lz|%AO&D#JzDW2+43&qhF&-)6O##xsS
z@I)Mah9`Nq<~vxH34dC?x`O^6J9nX#+G225Y=DaD2oI=2sK_SQG9Ln@GXhipu3N%>
zg>m;i`e`K^swRRiinV7rt@zc|)eWMGgE>Y$KxH;>fBk^pqEJ@-^;krxH?0e>N<}S6
z8?#BWm4>7cho}H#E`HEkB{2M=_H6f~Ulz!3+mFjFl+LF8nBF~7<1LC=3Vm-C25M{(
z$XTK3HX?w1-CCcJXIB~J#tqhA+Pt=x)x?^VGv&ycgKGUaT7taUIv+lK$ZD{Ojq+6Q
zz9inHxaR(DBVOAL>CZbfL~|t$`LTTQTqPFo=6TDb9ze9kubi!M<wZQ5TRm0rQfvLT
zd@HkFW8i=aXxxWe(>uN`HA*JW@ds2xV!1tD-OoOyTP?$QFTO~tU5TjmxI$#Z+EFB|
z@?lD=GEHe}v4soI)6YZbz~@{&_c<d$1P=o1>%WTZY%*1UTB{y4?Az|Q#-d>@OrRbu
zT%sGv^@x?Pn(!E2i0=hNEk;T?C1+ryd@(%Uk+5Gj%5EWcf1}xNQH6>m9PjMNCrxnH
zQ)Rs^rq*<5-RL!Qv|s(C8gu;a+L>gOU)SkLd@{TF8rGgh#FX1i(~j6q+$pogu}GK$
zx2mrjKqk3!yY0UZmK<{=VGGqkIy;R9Ym{#$xttt6Jqh?eb<x=VPv~5W3bl@84<-|;
zE^%p|2L|3k_kaw%=6@f3^AfC&SA3Vxmir@>v>{UbMdMREffFoQy0_euLU)_TK_q#n
z&GJ1+>`*RaS(ez$p{N&2VWBLwspM!kil|9$*@ebGYKa%kz~^&eWwRg_1x_4u7Zhg`
z!0q7gG&U-NeCL)PGh;}PPB@cJ>bR>zuj^WM7885<0>%B+2SKfM=uSDz(fZ9n1%&}^
zCbKR0)79&sh|+VEwl|tSGl~xSSJ+rs!e9l?EgCEXB9gjiAY1%=c9j0~>zj}dAL`M>
zkiI?Nh$MY^JYR>N2}aeKC>($n=={Fd5zQgmaGx=3MrtR#T2_2eW-|WE9&qucpZrkM
zXXlzlV%SW5e485ztnK)=qCO|Kn-Vm<zItramu(p9g00H(Xxo~RMO$Qa8na9yoKdo9
zd4N&}x5_WbdVfuTS{yGU>&f_`5_#^2T%N9#(<&P^WNFFprw*TGNq5J~8h87Hzamll
zh#n~Hya4?ZXLv5Y=II*daq#UP(!1rAm1z3JIVQX97R*fbB0{#n=k19a19&y)&f}&9
zMm>PrE}(pRt?gmSRguaL5?q`It5U=VA=?RyVck+I<AQ|?m;!0iu_E9e*z(tU7p#{D
zsw$}4+AA3m4e!auV0h|}oz-5!zGWkhVJ-tQB8;$8OK$UtO@?UC&%U$+%&bbtP0l06
zrxmuVF@uX>+(vB1_3&#;ggnKIdwVa%rB8kWA_&k%ZlL6S!~XmZMcNZES6ONz^T}st
zZ~L~_!Jl!cDkUsA&lkIHe-RF-LCw|z!(Yc{l#~?I;U{#s1pP`pkq*_eLCX(MAEqr|
zTTgGanfWFrIxec;R7!RCdkj}jFIciQ_C^epLmLv9f*KlM%ZFt{3@wfCyr-?$0FTvy
z6|-y~qh#@Xs{zU*M&IS(0-rJ}_HgSw<+d<}w`tn5dfAg6M+{v*3W_?-40N;68DGp~
zeB>nRTmwp4(%P*_`dTYBvo_1R*O<~foUJnt>FiE5-oaeD)^*%rdRE?d5)(3ftw+-@
z7-{aeb#x?@er#TRUJh=4aLcd6awt77IQEI{!o8rCMoPB~H{c?^RKsfZBWqp}3vpdo
zvAu;SAT(LbV&aIx^)sq!Y0<pGczifJ6Ewu*U>WzEaXOCOoeC>NxkIrTb$=2+I5;@5
zGp5#0h4<7+V7aF#%UFM@89b_N8^4ZT#)y7fnb#`F=?q_#_B?T)@|<bc(>u2NxQEP9
zf2bkqBk^aM1f7bk>ulEf6H>*CjNkV(2DAQ`A0je|z?^+lO?Nj#hDz6jQkKInA%Yn*
zH(qmHn%7|bzC>tgGM3xCJMrqyQJ1GGO8QQr>0mam;!I-tRn!U0C7doWq9-d5>)G1M
z8~dr&5CQ1avsMue!Hsk<k0ah}(-#=@RTNY-`w~&;KZIjDZ1_GHyx&7J=XOi7Bf`Rg
zn^!`mXqoMGZ1v@!`(YtgO^LD9UrHvSHhC^|kODPp&U-#2sZbdK0Rh233Xt*yRv#Ri
z?#fhu<nB(d`{k3ZRndFWUJaVHZzi8=9=B3@e9<b13M3UU?34<*dQ~~~9umJO=E~WT
zNUD*HWQ9~7{Ww_((S8W-W83kOqU{cj==R;MM?rByxgC^28@^hb+>WcnC;MOb3f(KL
zmmjOG-HZ>YuTOW~^P%D89cyu1CDOSPSG?I4Kt#jBQkPhv>gi`J_vd`+R2@A2C8_j{
z;6BGOMPR&NbNr~6<2ehp>q#k`2uPnfpR|5`h+(CO!24lfC@<$jd_1WibFd7^6jH&6
zHol<-@Tq_ztd#siGt@IwOqF8qn@OFzo(?!foIdRCEQ0>96nR|_!^BiVrP=-YL}pUM
zW-LiVBO`(oo5GAMOcscs=~oJC`f1cmD`zPuMX^19H*aliZMW1Tsv#}P6NkneF>GXH
zkf-FG7IEo`pOvxXJuteJh7opa)5VbL_EQtw+htB7o!`HU)w8nD1b>Lc*9>h7O4*vr
zNGrqV_o?Dx%nu2;e*L<`m&*e>q2mYw=l%TO^Pqw^;k8+|0U~X9Eg=0NsM++d?*@iH
z>h?v}c67M1Dp)IxTnQKvR&?3>fJX$W5_pK$i+*XA(-|@Qjf#Xa(d?mtw+o0d8@^w+
zAf^I1qpyp)i(&wx)r~7`kCu6~CZ_XP>Vm!fKkg6q7@9)x80gj*{snjq{1E`M+>ao-
zi2!qeg|}I7Fuo(NFWv^dfregfFnZHNALbO64```y3T+o;3U;XJIRVTMhgfo3$qxG7
zAy~Q1Z<WY5`0wuwfB8?waMZ@THv(c8bFlSfkmKzx;n{;x?ygn}uy8b9U$^rIJ~sK&
zr&gs@JCoMd&eXy}C2p5(e888YY|Wi*3lK$vc}<UAi$ge=FOYWBtXDr>{FD9(_RV7-
z;UPZXAX32vwnrRlvQZYtnPFjK$~5lRw4|q&#jW@z*@k<5&nUl4Ja>%;SP*+;!Ksu^
zb=QJ4D0$3+lE=OIHBPq+-pjuk8C%5JgLqza*1>BAza!5$QE;++rURW_xCp?;*m&S2
zKqcH9=+0D_a_)BmOUY0Ky@F086EE@k!CYW+F9MWNxCRZ~y6_=<kPmU?&F{d1a>%yg
z*cVU0U$p|Tp5$=K9&I!EN_UtdOc0cHo^xKHWPU#t{0DXn7}9F^5~}pMh|~&0=i(z(
zQk(jX(rE*ghVTjk$_-j>*s)mxG<7(~m(=oVL12`sV9z{0d1)Q6_Wu^|-#-W{!{uDr
z@zODTkKno(NP1TTs@1lxV^(6+wT+w#-iE9J2BP*5;)Ec$N^>0Lg-_*Y6YE-U{vmXS
zo>><iUe)32`;L45tz%HByJC+X)x!azK~`R`K;eV1&wy<gl-0OG?XQ6kUV?pa>nVcQ
z%-_xc{@d1Du#=#vxH<)}*bw#-?-npnOm-cal8*pMSa|=<7ciFs(gfF9B0vk1^d%8G
zfJvh2w)H>5OxQ83z!7%&K7=FZRX;CREbys&aRzl=Xi(V?#X}`Q9Fhj;WK|f_@;ku?
zGr&)FSm%<}Kc6fp&_LZCgOW?ca5{x`A?RdZXRFy?hd%YQ1qQs;3=a0n|HTKZIi>7>
z=I8%B%CsmY{7EaUy{%pT*$Nd=@Y5v-&FID4tsD%Y8HIBo)nm$MBD)5crHhK*g#vn0
zP{5qKE~fOAujhw-2^pIVbiJ5r8Tk^kT6~dP4bA}66nWkE>eoAvg{tib&{G>WYkw7d
z$bO|~LSQY_nTpr^|7^c%W8o;CG3QWbj`J_h4FbY9YBYE7B{&h2hLFz_@9Px+kQcfO
z0P+dbq6>@^0MvR-9j1thIYe*%KnB4-rvxr3Hqm$ML@qQDDiN*PiIWUmrT}6+_f!M7
z7Z?XCfVi*JlqR0RxdvfMGa+YoR=;nNAbW8Xe>ELeMsQ(q)V|w(^IT(AD1p)4Rde<*
zC8^88Kf@#FXC2%c&zrn*fE1faRO_La3yxPV0D#&vzmz&2q5`Lx4Re}n#|~fV{`q@y
zrQmJqHU|0M#%78JGE$238gg3z;v}+8n_l(G1H4{k2sA-ap8Kv00^v--KDx1b*9z~S
z?8qg=M-cYrb;m^pKOqbZYE?7kC@%=w02#|DjqzL_A}D<-<iu5FJoz<(>s}fb`B0<8
zECDn#)y!U^*aKMt6dtZ07a%JR1IF&9uCcoP%VlW5-IQ6vYxZ+nF+~8q$OA(Ss{#?|
zJ5ek+67H2yV&K^01rR(Kn0IzR*-<G3+}qKkNeP5Nsuc8NtHvck&W!T}s?)k2?Gc~;
zGuqXQ25!*)Q^WRJfGkhfPHkQ!C4?;s{6(zljOYz!+7ykA@y&<xBOO+To?3VQ`0)c2
z?G&NnAa0{6gZWVIgr0^{x;W@3><o+%@x1~0l`<^9;_xW>fpvi&|0|mMf6Pu`SkMEl
zS0rO$wTYtf?`u41qL`oZ8W<R;#TtR^I2`~5ls>CktLIIl9)dZ-&&A>?+|b(_eW@B&
z1aIH3414=6N8;*#d3!FnblTd<U5p0AJ%;?H?QUQfAylWgaoelyq4j<!{3f_2o|Hjr
zlfdAaX3<D-F0H_sTiK$^_M(azVImkA>MOAnpxUH0R6J@6@1<sE4+A(C8Ng)3KKv>8
zCo%}tVW`@?I4~8P3c$cztegP-`}AdSG-O{iFklB2?ash*`=8~T+79-lIYQzAmoGFF
zly#5B4X%`b6NDVk9F<1*QR>Eu??Sr8BjmgB0^+0|>mI?rl`A+-8_LGR`FEimgtH4O
zt@EN~a3C#GaCk?9X72@V7T*k%nWcP7>Jz-diz92);ale!SXk6;r#LYI$t4nmnUQxo
zSI(TLYp{tmUs_C5KHi%2=*1Bx43O`eA(Fm^&UjC*@25`ROa(FLwLj*Z(a#&jUXAtG
z=Qgeua>^F^wmBwmV36+)LkAA=)({%WuWH-Lnf;k~ku7bYD9J|*V6(EI@t2UBYc*1J
zq@rHBuI1X^UHl%h(^g(|*OU`#-#vVTHX|GVX~pcPiLA4}_zG*Z#O#7j6c}rlQRB#d
z;BCweusF%l!^3a5RLg19^6x-xTxGl@I+O6l>DSLBr9)|bz-3s#E`zRmd*+^0A|PtY
zoebtM+0P}<#_uuqPb8T%zVBqk<(;T~27aEaWg+{!Xaht99N<ikn|i^a&kiXSQM9Y{
z0}%+}Y|381!>!OqkyDTBWIg{^xU9cc8wNi9qhBK>X)feD=`K6VQVky-f|$P0^Gv7E
za*{vG-Fg)5Hn-e(IeGo={Fi7u@;L<a@$%Q;&qA8nSy@BCKVfJsF&~uxnFU1KfP#*m
z21ew&YgQcVz>0Wd(15c$IkcyAH8R_|O>jV@sU^bknBOxFPzG5zbh>DGSU$6SjVIgj
z-_Tn-+m#^}37LUc{58j$4**$cTcN987p?d@RJQB?j8(tuEK14W9CR!^_#lTMbcvKW
zZze-tnDC8!<o&sAErL~B8;kBGtmZ{RELXLP=Y5%UuMEoQHwW{+dMZ8{xM|uEn(-2x
z{qys)Ul(PtqFLV1s>9b;rGkr;2GvW#zbl7aI4rc59Ot{#1(&Ew$RoPO8x8QifGVm#
zc@T?au&5=1!|4#UiNBAPZ6T&zz7m%ksbXixdXx0jA44UQaJ({7deWmJlK*f~xR-Xr
zt&4B(`}c&e?IRQA_I`j?5<Tj{f<0xz6VSai*<S3f_ZZIa0{FC}*Uas9ml%(u1kTL4
zLEk>1l|W<ou^%qOA^~o9fZsQ%oR}Em!{1QW`@ExHP1mRD0QF$fHI3eA(1q#-oeyb0
z2L3FNK`Lk7029hyZtf?D(PmU3n`Q2n(o>-N(Z9@=E>T3NM^EDXQ>fLs_32TWS=pt`
zCrP+|^U6ZLMS;yEcdCurwN3#r>1%FNBJEwSw;w*<YG+f-zX2l8VOZpuy}yZ9RGX6C
z?08k*|7oP4e2%AlkY(hJ=YNl!1-0N7(SGj|?|E>?4+R45acX<Wu;6YDqYoF^JMort
zSypWpNQkzNx0v47)YMG5{u*HmYue<+>e`pHvbq@@7O1i^c7TQTyn{vk3Q6p{(Zj>T
zcbfpW+0Gs*%10{<ipmX1WE)_b_X@Na!@A3J5nvk?@GU)emX$I4TPM2!o*Rj%=>+h=
znQYEJzN**8!?MG{#}~_}`6!_$rA-c$x^K*!9&dGRAO6fCXbR;>-96Y?9x0;Z+t)Q3
z@HEMk7sk2)n0((Nn^ek@u&e+iYw-BOQATDh-DWnfp1ISV&&jVIgg7(2BxHSuUHSQX
zC2^6TagRSVS8%5NIO##!D)Nm3um1*yMpOt9zPkPpUv|!Ed;PMX5VLLZg!VNMM%2S1
zq2uZWOw3^Vd_$y6RhIXyVGPX^8FwabXJnXcw{`IhSJ->TF`jNUcxF5g&3v<ofg4(&
zDaf^Pv=ILi>E_%f6*)`rK(^Xl(g1#lM=N&K)9Zy=NGq*!mM=HrK<&^47Xbe*s6#IP
zl-7|qG)$FuJ(a_l5nwZBR;JeRhRA)|!sc)Ux0Lz->=H+R?MOdfH`s{cb1kOF{NYC5
zeWMe{hHA0_oz14xk9XGpSjRLW3Qx|pexg{yg`*EvqLTOZ_x+@~o1^+nsaLZ<X5kbb
zFVki_%O7ZBQ!qK=I5DWMqd~Ma^o^_IH9bU@l}~+(0fXdTce;ER>IR-{DChG&+lI!+
zn=X5?ju{q@e4S=Zt{HWm#(z$H@<qM7C76Yt?detd-Gc>5lYZJ?7-~%G)1kbrgRW~;
zk~B0liRKHPTB=I933{3&S6ATJQk$kQM}BzYn}5T@ab-UcmtK{uX;y&Sepv(pliH$T
z(-5V}#MUb)5t4r5Y0WyH5y3YFz7CLmpnNUe9RmfN=VPo<PX7UQl6CzB)T#Cx)G6{8
zP^V)xR(^suA}*=p2PbT1O-Cp%%aenGj>!YD*(%pcOM&S%A)1iR(HGZqJP+UEGM)CN
zKi>?=P%6pZ)n?DkU9VNVR>SW4Bu+g}y>!wu?vt077q5M#7itwQqnnRREU$@@4#rFk
zzY(LgbytdH2J2xcUcli3`WKBeQoarfpG{L}aj46Vgmuo@4{8B-(!hx=?9O6sj{JPp
z%*h)X(W7IXYG=2Ln0$8@Wc1F4EBlNuJkswxltdgJItSTa!up-vv_MhrmXeb*i2li6
zgoj&N@7Z+qgKNfi;@f<LPRK6BbBE7q-I9>QLNiX3uoX?-b$gM#b?}RZc)WY+ZK}QH
z{^&P12q;?7nKAoby~WxbVu!GnxnJi2=2}juUM&oFgP>cCsb@Nok&$=?U_}QdnW{uU
z+2xifn6F?JDYI$X1tgtMGpK$1_yMYzMnQbJd3NtukdKN=j5u>`yut_UWO!;keFFr<
zH}G$lXJ{9&OIk;?Bz_;ewOfo*Nt{R5s6fYF8mk^GKG9lkP1zM=V3*zJ_btR}*I%9w
z@7b$2;=wub0)E9GWzqs03HxWfk%7I$gUyFAoG^l=FqZ=$5TyM53lL-&S~0iZXSECk
z(U(g{sFO)x$gE@i_!yN*9#Bx-=mN77`tt1V4G-|7BDKYX8hSvP@R?G3lA}yCzm^Eg
zEDiy|AmGJuqSea8?$6X3CFACC-KCd~XAixeYDu_)s^?||IE~jIa85UL09>YC&6&IT
z@>9TK0nosx=Fd${DS_@b0o^4%>KX_Yg9=1{`EOkcZo9iQ1=<PEbD4Hb5O>(xPiQuQ
z;gfv<k@fqe47JgCq}63{APEuyJ9`30z~%`B4rrM+=;j+akP8V5i#prb+}A3z5gn7%
zh`Vn&@Hw&&%<U8u7Z}xu$;-<pGEy1dX>4pHNHH!9LCFI{6s&p;kDiuzoVY;b%?(xB
zQwBM|Kne97cEB*b!Nm6jS-)-Bd8#Vo?q;Rfl;mmKIoq)CZ7!eN`J-*XNk7ih<u}K1
ziVQULi`Aa8pZ$IrldHWj{{6K8)x*ZkXEIaD88*r&*=phus*<E8BWV&{|Ba>a1lYy&
zBVqKn&q+jW>W)kNqxkvkIQ{hc)kDn3^IwZL7ZPLI9KU+p_vzu4*3Rn3Uwupx&5}CX
zdAHZj?$|%WWH_*2{7&woKM}j#&i1@7S*2N8HzQQi@33UT?PaOpSkGL`eka(S@FD(g
z&F4_yM%&cRVv7a~te>6aooypp|3MHiAr3d8?xv_ga1;72uJ!{>H)Cu=tx1jF28h~I
zURKoU!pf}{xi|YGUSu_D#bok`tw(XJ-9$k}#Y+5gcDi@H0#|25yE;Y;;Co7pd5pj7
zLd4smC%}z~0<#($Tr0^m(c{>YD2fWWX``sYMPj)FI@@V&ruF<mht*1FY!X}<HTt_f
z-dB*ezY;)<dXJL9S{CWUc2SGnO%R77=k=l&1AeBPdVaB7-YS9zf}0yVDQy|yB87yK
z2uvhjvgMyCViv77?MRh>Yj|~<QihR;Z;-1L1i8n;KEL_YR3!p{b+kFhIxg)XgkQi2
zqYm>YMK52T6IBEI&&Nxx$J4dXz!2R0=@Du26k#2`o+_g|Al9V6on-xPIN@s?rb)yB
zCuq#4SXNIYllCl51aHLRIN{t8pfoabbDHu-QbS}Ch*oco=h9auGg7=q6%eyCspfiO
zN37<#BEa`>>~~Y;97o}`2cP70o*bzM3(tVEcqanpfN;}680Jm0Vg~#67wQHr;vycD
zO8$dcMbPo1m8`N0i*tV>8E^cv_<ixl#s+=QKml$CiJttUIA^geoidxNV2Yvr(NvLP
z2cdfYGi#Eg3q)htUGMO!Vw+CqYXx$(5T3EWSB~!2?H^aY!!PT5j}1}u-RF4E;E;-t
z19035FU5irEBYj9Lhwn&!B9+SmQvDlw&z4QW4}^VgAu<mxiB|IZ-vf#1aZoh07$N3
z4~vXb);xe0%&@HSNaTK-lB!kWz;LoN7#|j;!Qd#Ot6wDiWEcee5cr|n?A$f@Q3d+1
zeXh+SJ5aN051@k`8XuwffR3f*D#=k7F;2+elVh(1Xyu&k0LlY+Ie48HRNBiNI-p%+
zZACmXb=~hI#v0`-l4^e@1>wqDS-~I@<ici><9A8|3Z*3^5<wfdb(%Mx*99+Vx-qAV
z|0qQCNLA$-0uz@J;}~$xN^xaTxMLu^Zt^EErw-c<gg)9UPtd{)^LZpu3oZ{JsSOH3
z??(^77~fdbxNam931k86F{&rzNcnKrU1X%!_WA~ex{8Gb+CexifU)>skjCp+-wTpI
ztO;+ddM5x%YEQJFjMZ|ff)raR62Sk&4BDR8FgaE9^|6*){Xj@bzSAo}e|LJV=FITh
zSo)Z}cR+l+07N62Ob0eG@#6HpRcgyke?`8t{MLF50OQ^t`|G;2yev57G0kayb&}R?
zwSAOj^w#w+Rv5_HIxaXb=QfG@^M&b-5V?e@%3TVIm^mxGGm50B`Em#2J$&gm&q6(?
z%9=kjqgs;7g-kPce!qQH+jhP^#TS$dpJmLF{OoPcP6;a}ARy=~S)0K%7x%}12(XfP
zJD~jWO#aa+?S1b-&3Q}CE#Pmn`f_x1{A`Pr$lV=Yfx=B#I`<O`Ke;x|uHvD{|3dl=
z+@;EH>Fm5uw@#~AOx$mZ&-g}~mq<JVPtiYB?u96VDR%d(6ia%VWhbKl#`+zdii?*#
zldp{X^bY4r2Rn}~Rba8jun+(huxl`(-o_kaE&IvnVpFTAl&2s%9MC8WLWPZQxYz=I
zffdfLp)+IJ&^_bYI|(J;_%rGhfyW@0n>VX3v^Nu!H?-K!$k&As0WhYr?U>=YHJ)Q1
zI3chL1y_%bzlNz=RSYarnJN)eF*c^QUpswI4MJ&8Xv4>}wq?b$rCaI+E=9qyZtvxD
z^7Hf49oMuIOTn~a!><Da%P3JJGeAiuyf;25;}1ruG~r{ZOF;mW|1KZ^M~K-ycEZTj
zdFiS)s6C|3wbgugG~aUX{1TmL9?NZSR?ITE-X8fNv6K^wXo*So0NoVqId-X;tzvKh
zvll(u9#N9rs&C)czA)`i85`5&w$qK@5BW7`Wc7txi6)&^tE*BBWXqI(p+~QPcH2PO
z?dhR&oNv&kfJ(IuoB))vD_|VmRxG!pd8y{GD;>qNz{YJoU7FCo-K6a;U1oEc)qdm#
z%8k!t<r1Kq>Vr;t--Q&A{RCf6PZX`HKmlW#C@<ozdOAsajoK-6bV#E=qY-lo(h(oK
zlGR*>*#Ulm6@i87nu9Ma%YQFA*J45CW(cXm7tAt$<9uQ`8%hSUNlMb2h2H^|hIcOL
zF2DA>0-XYv-@KCBJg^0!%9<j84}~8sgOy%X(yNJpeKFTp=<Xtz-vG3Ag}fQ427R<>
zW=lOOAa13tld+7BiD^HKlmWGhM43~3&UG4>mAvML84uhtQwl#YVq_$u-Z?bkzBkTl
zzs&l>Qco}OQH>L51G3yZNV<R`rqKL`B0dR*ZVkBfU<mZtJqUstlhfmpn<pc-fPPf0
z4L2c-E4z3IT&p<x?N9W$b#2=K1)Qm!gnLyvgOS4R_JL7N##^Us%_44P)a=Fv9j@)J
zQ+LDBbU9>@=C#7A#jZ6!c@K5K$ikvG66v$0P*dcsSRT*BM*5Syls0Ye4tFW9lRm|l
zB94H$?33C9quC`e;BuCf=7WYc_nLg&<=0M`Qi=r5^mKl>jthU+KG;TmZ=$!7qGn^K
zDR8}abkyan4#`ioL0l&~3Pif$CtBs-Q;R#<Z3aBWSMttQKSxm>ud2?V{k>pa=>zXH
zx(;B+U8oVj5{kVLU!TTPV7-QzUc9?r^8We_!u$TmC&$K1AG+R&j5UtiihJY554J}Z
zq?`1n9)~F?Dni>v5>AfL<&wk_`YN4K0fBpD`i#lVc=ufbhp8y4xC8Vm20UJ<?3AKA
z)`b?A<+uIln5<kiPtOj}l7c!d!fmcwbY`)bCS3Y$NbzhxJ?-!$1sWkD!tW)~H7PY}
zhyh@i66$3YFgBg8M8hD|3eITp!N-@jRb9Ja(32VTd?h^0NH+_^DjZIP!WmQEZL5Rx
z#NNuALxRRKfV#~)jp!}F;e;ey&h%l~2FVLcv>_?#+gn>{v$oemZ1^AdsifnJ6fO5*
z?P*pvifX1p<J4*+1+*d7Y_T%82dmLj&6S*>VzmLx!6r@aq)M-)%6HX}wWE`AivToV
z-cV>2LiE|G<0bp@Gmq}c@*>lvXiN6Fr3%}HY<l-+0`hV3wXG8y&S_XwGKq&fMBf>3
z^K52)jUrpv+l<kwTm&S*(3>x{#y5%}i_zl7bp9G7*ZsM{@UlZNw)8Q+rlu^D*B~#?
z#{|rUZiV0(dKa9I>RYZI>Yw4vw<cNs-Mv_$!{hutRrGd*a}hv!0m@!@B06z>NU((M
z-Y=E*ei?*wj*5uyCT?+GC3q_GhsFj6RgfdHb-I$lcdMGE<shS=B+`6LlY7J`9g&#x
zagW1tA{jic7g*9l@7IvVP<*T#hMM9eA?(aW*#q+Jpsu7BQW4C-w@C)Wds&X0eQ!s}
zM&6Ii)~T^jvh?c;a{`&fSF(tYvDt<h4B`3M;l*GU#3UK=>-x{Lv}Uy!(w#P@?Uw4D
zB_w<~mRtWD4EVO_6lbqm3V&d+n0ZB0k5@~I%ktU6%#5Tae$$aOSA0vu)3;(fw0uze
zvl!O?>~ZuM+kdN6<-!a|2yz|QjwnPEtH1ES=&!3eOD&mj5!NxcJ8NCc!^XrUZ=G<{
zCjr%@he<BIJ|uiD^60qVKIlY8UUKR9l^%QOkP{d!$m{-~W)sV4n1_GO7T^JwCS2F%
zO19_1iIxD$q=E0OE{RN9f30U~N>`r!$g^N^e?$L`i-#hJ47hjSBZ2&EKs)H$#7^^R
zZ|_&WKMKS5;DuqwY^F*$5J2uDxVEf$K8Rf<qj({7)3GP{+lnBof3exH6d;VG#-8K>
zl?-T%7%VOE4S8FPRxc_mi{|t}bmh5BYK@okh$!RtL$FG;!=c&yzhHK6{9-<Q`0&cf
zq$`f^jg3bypb3Q_p7KqK{F{A2sd({i&<xH7*uMIz)?a{ApRO7C#*Jja;(R?%`8A4n
zzN(vcwOgda+OYIm)ls&5*=e1;_9=a0Gk~OJSkF+?DyI4`ekh1Ep}HF8!Fy7b3FhtE
zr@N;Bey`!fANW0bmnYdy4t?2FehoM+6gC@venpI0QkZ&vpopjNrF=*AkinCs=||1k
zCt|Al_jq_7)|c@~<Hh$RD(r$S=Ef*2n!%_@x=!WlY~EMBxE`4zS*W#j4hNkG@+Y`E
z(OelP9(4@RacYONAC>Z-Jw`F_dn6M5Sq|(TojeDHrevp|d3pEc>5I#EO<H=MxeJQ)
zhg{3^K`%&;_53E@y@$$FeJ9RxtR)e^d%RDN_2V(*MMXpuN><Sy)J5RhL~yjqP8qE2
zgIXdv?R=TM(2cgUu>Ga9_{HxDp1$JsW?*}0e^%P{LabYzJ+q@3@nx}4*0|F9kv|s7
zRQTvz2jkP~n@)SN8vc|GQoz9h!o<BV47}&E5e~_Qm|$EunJA?KYi99Y=sE}OG9y^s
z^;yy_7L=s9oz}g^^*6rug7TUCr6V+L0J+!G*MEyzX;xNh{EoC0Y(RSiF;;*=g_hfh
zo<@lINXZ)6e7h+3+qZB1N9%ayE9g7A2()7!;L&e9dKwe{B^*BA8~`{4oEk}vKbBH^
z=>(2!P_rcbkXPzyZf3^DGkhFOAX|g)xQVYNJ(%eDO-$1Zvxiwz<mX3&)cB1w+3%rk
z8L5pDd;mGdPy$!d@VK;lZa*5sBQZ(~Q>YSo0Smbyi?>zzw>9!A`MFkQ<LP7?rEE<#
z_q-nyF@mOjTTFxs9Bpq7Cq2Ow7-;!0%NulRkF3jzH!V24ye7baIDR}a7TVZg1c(7r
z$#)8>r5|qg?){|M>pWchTow0`@@LRV+CASt19MQzhM)^;8X8WBu!!apBQ%%_^_qRB
zQbyubIwuzw!}_v}EHjlW91`|D*!knw%{03jlxuJ#&K3(7A+Xm68Z2|Q%OuJmSJg<&
zNOBm9@T<%mOc%vby~9MaGA&eVO0Y!VsCN#lyBpDxrM?rTl&b0FJJd)tmrJc(d6I%k
z6LPv{P~bp|BlO#rjW||gV#(PXb>{;*l;O3+TVm2>UZLXShc+`}R8lg`nGg0bZru_J
z+I5Zrp<%4};tpUMFg__S5;L3|S_9-Iq$vYm&Vt<B*L*b#3M`?qu*Vf12a(!tO9oH%
zJ15c~?CP%V_r!_c`PEazgB3gZ7OmA2DW22%#gi|ZGHJ5$VbWV}xOZxJV_gM-3j#@w
z_%p}}EiL`HARPMLE&y#7*y!KU04@nUeN2}G6+>l87=StRm-9a0PSU-184S%j=+Umv
zS66#9C~1d;+P_o{6pcOtn>gM*NQkI%U`L-yxCy{QxH7O*t!*$o&Hf9R;ohK*<XUm;
z5)I2|At(2Kt6D_;x_J8sph9#2>Cey*j;K=C{{Dl8Uf%LU6twJzpl*YaaaT5mw@##(
zfL%6$`e2y%n~>S!=d;cco*Ba3_y^m%7i3Pq3!kf!@H$Pk>8r@|6xgc@>Zxk;$XcR9
zIJCHG9~MstPXW+UD&$wh_87?lp5l!ftP%QwiRjwDwD377V4z!@B+)vh^CPQ$47E|7
zagZ2wLX|iO@Kx-Cw86>2Agc<)+~!JMV}l;;6JTjW<*ECBkMV(lO8JV7f4|>U9P|==
zMk-DP?_foHbc7r)ulgkaI4H)ieF<8ob9H_`8L+QNfR(F>sxeCc<y}PKa0F~Mt5SH{
z_6ZSEnR>O@kD!2s9Z>$uO9P5fS|l$a<Wx$@O*=zqmH{c)897gCw&VXjN`;?D3>=tj
z6G-{_q8A(sfxmb<zTw!ypcR^VUCh@26bcD2Q?|XtLs#U$fUr35IX^e@f0!nNVKm;s
zQDrpwQ&w28uNJ%xjz0TU0rx#;L^wB7uclVn{gO>|Ze<Ry`=~d?!2|qnfEZ!C2;n#0
zJ^ZZ|D4|dkwoGO*#HGMW@gkhaLQ)D$wbjM~9N(NwmUkJa1cVrjfmy}wHT0F=|MD+C
z)GES}KD_o<SuUc#7D&Ce2AmwP!{9jMJj4?~W;vxnDJu;#@d^hS5X@p^Sa!m(PpgOW
zTgw0P!;}Kt0EX)|>z@CGTsn}JDmf(Uubr5HXq<^-EGz<SUiRXF*aBmpT(Pwd0laC1
zT<6g->CoS+MQ}uiR~j6`=DdueH*x;a?;#Ji@MUB57Od%A;mBDDkc(DPz}m`CiXd6Q
zFn5?r5a!NeUAY1KFNXkwut9%Pn*s+PGByU*o&O)7<N$q<YXaKzn^<A6`Ro78IV-RV
zP0jtwIZsVpi^f#^TmAj_Z><R6abDYdeX{f59l~#%XfIwV8@>bsYZz+W>IDjC#Q{~;
zM&If32LjoCoOBH>aD`;(JazjkR0jN^6X5BBnA6g-$>uNETAZPim>^tZd<f;^m99Qt
zp}s&Gq~okYc2n07$;^6iFB6aHKKM78xP-uXu8IUUH{f3J62fa4Aa1DcWE@17pgA;~
z0*1Fs;0a2J0Q_srT$Gtq9Q3-9<*y)#JD{8W^Sxa{<PC*82}Ko*t@F;3cO{TEKFa{d
zaA;*)xZ|3Y6Ikav#R@()M$8v&%nNYOj!<~LBr+3|`WINEVD0%lBcpJjH~g!yDRQ4l
z6iQaz=KSTz5(nUzc2*qtH=uU)m@X0Qy;r4xqBv^bZtr-4fWdB(Tw6DA`=!HQbmIcx
z1^#eC5bhanW?d(Rf5R9QB4ld?!*P7?M8()T?0<b<Wr;d|DRb(*KvGao5B-m|?vSSQ
zn|eob$^gRDfZLp$)jqm^l)KKqcgh(K*xlwuXVyO#6e}HAt<@Yx@(4=Q%!EJ}n;~7C
z3A=&CE(|{PCJJZ7FfsK7l=%D~{+7OVb*TFItEZj?{x`rhfa)WjH!8&D<2!{jrM`)O
z6H!xy?7zt)8~#cjDHjf2cR9O?!x`=A$Kt4|Dd`Hri^AL=VmS*iUpdFf2^T>EFARb)
z(H<Mk0<(g)JjeqU(q!kMYlrPI=++zeXNIzuhzqkp2<Ikl*NSj(D|9!|CaQaXkp4Yy
zx+rDD0dW!o^R_q_rG76X2+!KJTYowXvjZm;*KkRMbwLh=O-LxFQEZk98j7khj!sUT
zH;MPLL#gFoh;FD$60v_S8N$WMCda_W7GcnspuEQ8vW*<e>)gY3C7R$W0@DLIxmjyS
zbHZ*Aw_A<_5|y{hulthxO;u<Ze%=2CdXEmL+ersa)c*{Z1{Gj@xSb7ByDxP?gS~kd
zl+F&=xAU*TEP#Oq;p*abdiCw=2S?$F*Rh%upF9bxrtNb72V~o3;X`j2h%8Plh=k#q
zW`W^Nu&j8<{$;d3qIdXp3|^NzfJC>@;0n^#s3XXSA$p9YR?s%;eQ{t(5c=a^HK_pZ
z+<8sMnPE;G2vM#W(EKk&8%^cDU?+9c86@gEVn|zCk6~d-OAz`pUv%w4JQE(8Kgr2E
z=|HedIp%QpSF?zAquF!M0~^A|rly|O&^8)2wtgxi)_h2Fimip{FmgkIaud>6G1usq
z+bv1hFAt=Y+Y6_ISoV!rTh0Cpu&pTi2LTXQSY-akuK>vo^SE76e1^Yc9o<0SVxqIQ
z=I<jznC|GklFjO2y7lQ=uuSlA5bq}Q!9i$#<Ya%=61~I_r*EYhRhXwRa^<E`vIr_;
zal5jDr`A*(>eG*Ju!%P()vv_4y#u6yWQ41Sb9f+;6g?nH_;YXIxx>?dJG`>FO<jcx
zg~kA(kz>oy%YgTZm<UYh6V(we9*D%4PIH54)zxkXn|*1rq)=&hyuvf(HR@!)%FM)d
zpsie&b1<YXFl=%E1BOjeOzb}xwsj%_0nbdev^e?5BA<Ou_BFSjBK3m3S#BT-{a1XB
z9j!&4>ATF~Fo>?6)|@7SDWT3uWQKn;)?**w#+o4<>EnfI@qq#|;U*HZh6^x0uM+`_
zy(9VePY;D@n-B?_gKig@O57AClDCjSgQn0K0fi`DajjpFPPNe0D9)!8DOxfq@?DLy
z9CworYr)#JL69S(W{3lvh!I8D4T(pOKAjw$C4$A&1VwD_Q^maXD6(md=9UxXkMR^3
zzk>`5B-g^J9W?(FtW9dg86u6$eR@T!#)B`Yihgn63lA83d<+^!x2B2WQf<youRwIH
zEmUu0Pa>c>$as&#Zn=AwQS9atV3!kS5JV#?aCWRXh6nge<R`fN8EU}#Buf6<C)Qv~
z)Km3Jk;h4lV+R7C!7xl6q7u1Tyb5d7)&}L-_nmfAF@r-S@fD}%eed5qRZ5lOa#wkC
z6ceLici6yE-qfJI39wzPY{;hcq+2Jvb@Q<%1``JkQ*}2X&x{Vlu0gYq*Kj2(@dx0$
zT1r9}X!(D-C5MHx+anBhPk)PD6BO_Vq^VLX3PXcrv>^d0&p|O#It7f&bcYiS6!<==
zFsuKb*?%UFPQ@!BE1RbFAa&%Kz9}U{=BNpgIi|7#GRI<>fW)LEll^t0SEa3ei}M|3
zR1qUmr0&}ZCZSH%3vsT-i{GCbnp=*Si+Ub!Aaz7;l?Tg7GDWCg&^_LGaNFyG?vVp`
z6x?!<w%f*Cl<U`7*f6`0&`FZ5XILM4nSCO)JtvC<{0wgUKYXqtY3G7Hz7T0ZdO_pB
z_qR7WI@g~lPbp_A5rFmImk$mPuh$Q&akMP#R<U`9Cpjo*4Su5Sf9{)?ovfwzqH!za
z>#psv&1I!8VhmK&^bgg{(3<tp70|F=ZGy4Y^7n3mq6_8Ztvdn;w21lqt$v9~K4-X?
zb=y0cW5PqpUsyS3Yi2Zxo=Xe++{C+CGg=)B7$?GNFxCGp6f3<855+VX(Wx$&*3lrW
zg^xeq5DX~C>vU8;*|%0z!nU(=k{%JkK*2<_I(_XoD`VQ2@>D-4%ekB$;I#lc+kFT>
zCjn5HZ;jljIZNO8`Zv-!tRBC;UNn!-0#;zg=I-q5;LJr1K8Q5G@8_cQ=EaK_zTyw3
z2SIZm;vfd3cHdD`osyX+PC+j)Bqm1c)WbuGk8_BbF(?sQ-~E!I#u)-$t(se_uuFan
zZvo3ubHQ@PCxA-?$DG4rOc0d4^6F#+4CPTOV}5kRUhpU0v-t~uV&kDYmJ`==yzXRz
zP~Gm1)2a_*MluAbH`=Z$eJbA(ZXBu%Ecp=*ARsi{D#Exw+TukIr?&*GSuO2&x`Pn}
zAgLz+Qoo{A?vT_>x<*HsZL~I@!{HwKzkS>=LY1jsKjRb!{fa-otu!-V@DE?5U02VY
zx;>4Vw_gO9cDI{|Eb$Y~$HC$=z`?vFblj+TH;{0L7{CJwm=|9|*v`b^f-|FZ)Ba4H
z0Ad1R9MzFW9`2_H3V@e3v~<w#i__(x%^gq=hL%jHFPPi{eGA&AIr&;`=Q#sm>>R)~
zbiZy8yL%N{k_X`tS6)Oin>G1I!YG@xXe5!po*pcac0ai|-`n7P`%6s<eSPicx332W
z<|!@RX9p0(Ji4VB;U58OxJUEbZz=8APILgc3v-~92I4`0aU|rp-vc%3rG*#(9mohT
zJjq^D33UZVKlB<f`p5cGWBs9TEBA{+0Kp7EpKfvpq5eHaya*Oc?!XHbZF6<WaL2$K
z1B0sU=uQ<*HadZlMNi$hE;B^NV)N2`(Ot1cwlY-5{UN5cxc4As(Do<L=)aDKPI4Tb
z!bTk4Jf1**q8CKMCvpHaa|*inarUZIY1_z!-}oL~0pZAhkYIpykAgh()2mkn+wBj!
zeA!*{aPaJ{f8YmArPTa4YaqEK)<Hli#EH2)s^T}F512&`r%`9@w9H2e$>Vzb#Ba{X
zH<vO8=p3^6NleY%u>65|lmNzvT{=cWVnSMa$R}=5Z|l*RVuFM1MJ);>;jitXo|i7d
z?;(>)HkGQ1ka}y><;w+;Docb8P_!6mS3G|-PCb|{_NyFpvT@`|T-TXiGUaQh$U<%v
zI$`&C{vgGY)p60UIn~D>*ex{U|369Y)DLLx=NEzylmMAJ#t0>;-Lh7rWxBz-O1<u~
z({J5yRi2BB3)=BDQeqjeHYf}LSzNLSP|wqv$=tcM60FkB4+(Q^AL)!cAruuAeOn$8
z5sZz8XLP6d@L(Zc6q`|T25jc*_Qj+W-8kI&xzsBwfVtP*-7Uo0L|STW_M?7pX{`p`
zm)leTMR=+)DWu5EIjHFAk`Ji|bGz()+gByTBFf(3+d3X2pxXIsE{(y##d|PV7)fN7
z*@Q_zn2=Qua2zJ%Iep`{jc<%>2^POPLy=o3iAPO-T3BY-8uD-`nSl+M)Va~Zs-SD=
z0}Ty6=*>MEmYqoeD>iTGi~Daeo&_{MQlfE73K>?psr7@>sgXu#r3TaBDrckE0~}lH
zJ=a`nrQ`gtYI#;_FH&%5e?v`Gh7^N_y*!{|XBa^vWQ`zk-<Fp@gBDEz<u|&s-s4xY
z9b0JJ{UTK+mg*fKY!M;#*!NC2Ea<{j1Q@=?2Y8Yolo3j{;<eHhI035s#^Er!9>dAH
z=4j_A$RmPx4}eHh`m>7qLOu}SeH(7mZ~#fUSUu=0KTAC;Yy?x|bf4VF4)zaw=K3Us
zH1%?7v-IR}GUc<fBU-;D`79Cot)~D2;E%<JQ@W!ix`>i{qo37m$=^!>2Dcu@w4RRW
zs1`alwou%B?3&Vljo0EqT)kQ&7C{b6m%!K#$PtT7n=h)1W!bk!_{2VvtId%*t+LRy
z*GD5SifZ>TsrXjxtAaxV;jL^2h`k}+NS9qT2KU6-50hzy0YO1V!NqY!L&pg|BzhSH
zMTda4;X6Pj_ya^q&t1?Ji~&s}#zQt7Cs9$hgdbmh6hTFH%fAi%2uvI_H64tlX9GT`
zAiiCEzSGh$#vWtl@hh_AW!5ud@)VI=^%@Rflk0z-mC}?l=+->{POV_~(S_#qt(ln?
zZEqC-WS`Z^WR)a{dJNq7a$52%AE*oDzkF#vTBFw}!Fr$SjgZjt9LuA}k5g5e1HUN-
zBK(_)+oOb!-5+&eJh+H!F>;~G)Trsg(l0m#!pmAZvfAFkTU(C$2rj|lSpXE~1A)R0
zjWGe8w4%+XGvR#^NpFLnJ&#8L+dP;8PZxbaQspPUF+FG$?=Asa0k-N>cadDdPF$!z
zmZ?@ibv5F60-_u1h)B5J;B*88=$rG<Aq{i}ftUYw26Hnr!aKs0A{-_ecr-uSX(|x4
zQzXMv4g*+^07BhvNhse#LSh0$Dhxb8txhCEsJ|&7cYRu3(Q0HOxy-`A5Sm|5gsg31
zVzOO#v^F>S?|}<87c6j531+%Vb&+CSg;GA$&%)?S$TWn(iQU4*nG3QX{eTN`-D3>r
zngK`-F57tpM8z<}{B)t9oh5xdRFml7;D_!<{1)8~4ZfItUo;%$1x$KGfVR|_-O^C=
zn=-J-1<W+^U_sd1G>2`2jO~3ki!n~nva+<E%+}%|<Wu+C+ysqPlkP;(M9njO*knXW
zn2gQ04~-2;ej9DL))CdDl6xN_DJu=)K@0f~Xdyo~Je1W~0VG5q6!c9~-QL+slB8Fc
zb8raLLdc0K5~j{oFlg=QNEv$R`4&6qkSoIpY<ntRo_c?_YB`xe$#*a-*uB2~Llvxo
zb>2st3%dC)=};}h`K+alGc(P(WLfzFnc;c1QYYpMS#Bgt9VtEm1fWTTd@h9;OdDle
zN-qE!sbxkCfRRoFT=y>D6Ado0K9*JA%%3gIoh|jcbNLFzwf8(aJJ>gTm*gI9Z)3}0
z%Cn?Bh<z6!_`ym~?7puAGucBMG)Yz6@LWmN`f6pi0nP$z2Zzn$sIH3MUM*#<lV5Kp
zT#xcH9oK3ie}Nd>r#+6Z?Q_MzZ61ryQnB~%YG_r}1*!wK?}U0qmFW9%h^d<>PL0jY
z(ef3zz{UNFxPpYHaAJ?xT77y*M*tq2CaG(tU*$}HAe>%}LRNr}R%1L(oR7i0i>uje
zPrSCR|MRDb;sV4<;#+ZuMV}*orrq1IL2)W8P8j5iP0Ryuj~?C)Vj6|ybYg`h&tFPO
zo_W3)W;SD2IcLvGevJG)%zVF&lRBlM<B^eC85`z#SAxvz5(4tyetDJb<$hVJmhKJ{
zdaTf;%ZM0)wRD${-1ahU@Kt&!op8E6)v1a*Zp>`0m;c<wD>tsXT=^zRPZjx<UTv2B
zPxj}8U*!{psR3h}T(2%4jYe@PlH5wVBBAqGsr7w>*0iS4qE)ctu-(oVkeEL>S_#sy
zC{xa^SmoZbFC#4b$-?#`TpI;z-DN(~=q?M3yi7bl13)bLLv^ZD=_6s;(V;Y1oh^HS
zuiXTY^dYV1E-fYs3IX-W;@=4m_Gj_|5_F-OF6UU_U_s!F2JEO~8$HGZqrG(LCBLXI
zGx@x__mIJK{&49r-=NpvVL#m+;ee@7`wiA9Wwn4~Wjg*krOABjFUe`QJ4Te0Jnjw6
zmacHldLHSdo${^qw_&amrine#%+>Wc4W;(}^YF+pJ|OI##JiK?e~3+1JU?1FGH`xO
zaw*8v?breSQ#hAPSkm4{3sPUJw9^5(FM$bIzOdu~B3Y^U(=YTOSqGUg#jjCE48ENN
zZNSm?Y^t{6E-2u*4GL)fT(0c_NVh(0|F)DTU!r>Q^zU(<9dGrwh>Fev0<!yV`&M96
z@RtmY2(LkDj-8K07NvEC1+IG*Tlt<qxqH&(DFMM_k=@dWvP3v71Hf#B-iyPh0kkj=
z40eLTwO!P}`elo1Qa%?Yz;yc<jIo(5$0doa=Ko;SswKV5G@hNM_OQy{9YI_DVZ+By
zVM)nHva-vezBDu)>cuQL9G0qd%{>J^`B8<&U+Q0^Je!Qu`cUaua`aHMn$0AR`fmS8
zg!SgD&pI;^jC}@<ec89nY&2bnH_zxkrA_?m-E&d28Y%3WC1SfziTa0Rl6eU_p$y^G
zB39OK9d?@n$pqqQb1S!NFJ@PClU;0`VhZQmo?~D9Xao!CBO07-eEws3HVU~nI=p}l
zQzXdBUMN70O}F+o$?YUSmH(VID_EiC;Y-c7pWXRlK^`jAN2@#~_v8Bd7Y>Jw;v;Fu
z%;)M6EA5Dq#B1&W#^>UWxqV=IrJT1qIL3DE0ZYgmwA)m7B|@x5vuhS@`zXI^+I&kf
zoCK2w^k+wtN(HNrJ*6L_dpPNZMVDB_d4*pY{`l#MO!(Jc7lu(gX78GpM|-WST0CP>
zw94iFtQG^UW~2Gmv4o*NeMdcxQly4$dU7A5ZrRKBpmDvg99(^ODEmS>P~(!%@fj`P
zC{eyP<{VDLY1C;JnVyPe_z<S5fBgkn_VN)zgqMnwwt!0jOjreF5OxpZdaEBzG$Csv
zR#F_C1|HfHu}oW=^dv{NM{LBl$MOs^0X)t&2H(iHH#dK_hrEp=Nd{?G&)NLx^M>r*
z4?Co~e7_RWj6325n40J9#=%05NX!brW4%V7BrM_b>WlSEQ!4;f$Bgc@Ud7WS`}&5@
ztayorbf+&!4R1XBUc6hY*(uOw>Du<N4CSn_s5f~*i+E=s@hyt(SU5d7G5|X_Exhj!
zB7j&1iw{K=6el_s^<3gfLSaK=l;VM{pB}!HvL5sbzjtEKC+6|<^+w=;S2&vCQuowK
zqIhGbVoCKuRH1Ej45vr?>W7);p1TivS$gwIc9#20$#CeDS<IKM2I{VS`;Z~_nocn_
zrr{pzdwe#RaQ>#K(3;5Z=@=wOwLJ4ho1drq<FAml9K-=OlB#*Gnf$Eg8hD!U1W$gZ
z?Sk2=?zLH+x3~UoKp}fdPNO?1fU%D9txY%$CZ-tc61Du3Rhh(1q4;%vUMl#L)pmRW
z-VF`xhTG}Ktp|E%eoWP5fYFKC3W|Fb6EYZY5fRY=M*fdL^xmO4Ip>4%YI*4$r$D7l
zC3!SbetIzb>36W5oLyo7$co9|zWvg{(%aKx06=n`CS+Tt1>hbOa=@<o0;8bM+Ev^&
z(;mZX0gi>&D%FdAE#j`X{(SLStEinIb+cGIPp?r_Hb-^LppfHsUp{$3dwW5?`PQ|^
zJW*SVTIC*F4YpDTUwsswH4jKT+jA}NVgjwTA>ORn(I|d?7oDH80b4Uq?{($rNY;T$
zBH}+O?jyM33T<wFr-3VOB~V<)99kdiy9huM>-Tq4e#Rl&0l;^5^)lhx9F4(`(^nY_
zY@5*zj{Qt%HFs>ie=3mkA||p;8Kg;V&(bc*7Xd-hf9Ikht1>|TC8}uVu1vtJ!AmWp
zeroOJo*;?MiSg&po07^L(iG;ND^ys#7_PDJb-_X8i7_2E9($Pk&AQ*Z<!rTPZeUbI
z_G4DKLCp!3Wz`)2PWEseI{X>oR|lCH@RN5gMlO@rb*I;jbBQ0}m+o{&H-3!-C-9Sy
zRQID=x)&BkGFLAn9+P8yxy<CLiksXK5%D2WLHk3nwL;&R|J4kMVPZsNb}l)qmLKzS
z(b<)ov>8}B;(-1ySt2yEQ|RM8*$)7r%2`wJ;-6fLHp1>z=F2(j<rdqx@F%K7T-oBw
zxgT5_<b`)R=TT)2*F8jx^#nizPO8_V^d0)HMeCLWT(?<3DK4Azv;4DC?}O^5ZU5{$
zpDF+J{ZH@d>RiHFN2!n$_rZj{b&E2PT3ZH;1fGb*U@w(d6C*LW2*~>qUS8ojcTDa@
zARtB)A9BvR;h~iq<$_v{NKbF?9X2-QFh(_cfs<|h&ey~5{^?cN;jfZg_RJ0&{wi))
z!K+NZz<lC`S&8f<I>gYiMCRp{a~0X?Ks{vl1-W4Ew}e1p=2iZ{xBv8k^l(d;n|-NS
z6n0&;d%)7I9)$^4h(huubcB}Th)jlIcNszZVGW{PEfVzTzMT70hKbkz@v<@Dm)&tU
zDG7ervvlCH4{-f+5fJ}>e!|8u2K7g&hl<GtdZX>%S2I0bj64(k28e0}G7G`+1>XT7
z*oSPx?Ko6mhKicWUCz*~=KnN1f~+V*d!D=Qx~zm&o$$XFiSlx<76-cv9QpmH8j-aR
z#wl0CFL_hrkxk*uaR|PO;Rm1ix`ABC!dT`C>>~d9OD!erT*JjRvEi{G89gL&^xQwc
z$}D@SV4nD3R_eL8NI;>E;4Cu6`nwoYf(|1gpj<oFzVkI#V|f0w1{m(}+h45MjbVZQ
zT5uL+Xu)+h?rEn{6BHqZZpGF;0hcl*3vO!+C729czBP`u@2iSP+jC|7%VVx9)mC4k
znwrbNpMz^GvO9>l&`;tHi+!NGI@k?NWJAR8<pdvx>G(Kl^A%7GMjkYI=Of#me>lfJ
zxUovy#hq$^=>dftPy@>KzD-`3vD&PBI0Q){#`-jgFXCn3m9u<>?~HZCT>0~5y}Z(3
zZ_6axNbLiYT){<D@V1M4eI<Nm-HBz`@PK;Ty!S_U)X8f`bxW`HQi<(bml0pkfP0TP
zBpy`(vg&sCG0&fm3O?{vkeB<J(InCv*{&s;^Y5Rf0-{>>E2!@mVkLeZox+-VC+cNH
zHy}rC;_q3plprOTTbTOC&qEZ29VQO82O3;;y>!5pk23}MSS7)%+$&4j@;8_M7i(`F
z73JEtjc*YJQNco_Q3M181O%iJX#^xkYDOiL?rsH9x`#%(8R-~cFzAx*5E*KSp{0M<
zIPT|p_VfC^zqP*g{jv92=-xN?edT!`$8jDfK`H}yyK6-R9(M|WY0+mAHTr+d$=`=2
z_9}iKO_irN<A2}3U(S_~tL~n(fw_4G)ByK_m+nM?M@g=$3Q7?YJNvcxeW3pHD?Y)$
zqJ%xE->)I{P64OKM7RIB>N(0!ftPC~SF<u6f!(eHwyGq?^&9mXc%I9=496dK`YFQC
z+W5zHLBi|tr{Xjx7{66r#uMsOTm;Z?FSy-XVumMoz_9tvq}#p&6HgL;{-MA>u7|(B
zp7;YkfAU_SA;JHdIGAr_3fWcLPF`uoQ;0Am>*6IaZ!zFoztzxfH3@^~PFAbp2H=0J
zZXfIG`0?A+%vi$@MiuUH2ZJpqG7TV*n4Ll=-XtKt299J%>dzdSTewf2mHc+`4-Y#<
zNN@*#!ZQf@|IY2YamVER7hk<i+)nWuSCaQnd-TDeS=n}5b4bp8qNX|-Tl`~@$FAu@
z9REtGUi-%{C*W5cT6J7L<O1vIq>1L#A7A{*?};CcP8G+$xHA_R)yc|B$$aOWFJno%
zh2c>Da)}o&s40c)W1Hu(odU4d>=fmlDv>iD?BLOr$z|7Rz}S4Una}z2I#9<?Tt|LG
zG5)^77J~Ecpkm;gl@d{Hz=Al()iL9@o=zT9j}Ff3mredvPmw82xIuB_pAoOX5D9QX
zh2t{O0CM&$nf3h?_v5`Xz4nqXUbt_4so3swm0>!%avQaJQh7gTN}@M3Q{Hsxrgn{e
zFyi#bzr6t7-#zqvI2k=0_-j%A*S{p*oyVWf@0{SPH}RLRHxX|1ANIUs>n)K!->Tt7
z?A+KS)9;5iyhLo|!)+iI23p*-W50(g$jHbf>w^l9@-57eO29Q%HlR!hTkJ!1mWl{_
z;O1dBtL%m|7%Z0r@r?z8USK0!DG6$&-~!N-&@uk{|4Q=lKVAaa04}1it})#r|22s|
zwYY0|O)b0<&Po-R#=Ws>+I2_8XKb}fT_O4|>yIYS+lz}PE-~9fT`FR6uj1)=W^aa)
z_SAd0EspKFl5eohsO~-TS2F^hBs?w~xIXXeIm%_%mOv|uagSXI13`zSYkSM3-5a6~
z1kk-Jstgyv#zcFByY4JAZC|-^`(|pr1_C;v?L6aqj^}09-FYXi|G6i?n-a6&@B0V(
zeEaxQN@5b1**N94jJ5yDY}ShAf;O(*c(4GK&w;^qRwfwJr#x8h+(f)STf246VX0pp
zgkNiFC5DS4-Q5l^bw*YB6owgnYxSOhcVT@)G-Xy1L@y5Yn`W+F?sSRvhIDbB8p(SU
z9Cs$=p|<}`-ntx$Fgudohu~Zx^|CwB&2-yc&HAh&etd`C{a({%TNG%>{y(=MgD>Io
z`DX;soA#;;B>2PH?;1#8CHb#94r~)crMFUI-dmhMJ}bDaEa2w9!e!s%dfJfUxnjoo
zC=OlaRW-&3ng~_iS2ww=2%u-GImy{H!psnLTA(c%Ct$-PDyKa283q_@?w;aW<Fv|T
z8^{373cK2bD=Z__vp15V8WcNO$?3{QtlD`&*En=Ec$AZ$JnTp>u~Lah6mw`BA*v)N
zU&u?_f67_$I!e{685pQAvxLw`8kk1apKf&<(8yt#2$20jK>$sLZC~fmZGA*`k()f`
z<QQ4I-ei^x$-4cA8xW*Jx1UX&jO_Z{?B}cbJG6y@J0A%j_)<ZoexK(xWO%aHe%#IH
znSbpeEw+~j)ML#Se-D*kO1)OSHu>qyXJED*Xusl`Owyqd1EOl%pV;RkC@)k;f&gR?
z0ZVzQ3(@P*1$infFe2gqP9v&6yMbmm+~2aYE1XxNop{<9K%O}!O(Fkg|6+!5VZ81B
zmI?Xj7<=i<?ij#~BWYDsI)|(6DBcI=GvHFG`is>3EjXNNKUDmf0fe%Vy0iyO@v_+7
zhq*$aS<yjm1o~bI_0Z9C0u4)Q{d#A0mCzbZlnpOHylNE{y$X{>-DD~(M?XmF%ASno
z4B8VHSV}Uo!ftk1AdhV4I!s0?Tns8)9lgrjuV6P06)@Jz-=32tkbo`+F}pG-jEj-N
zt^XOIgDXuEzhy7g+_49#2G|@vlDOdMX2Ln-QqZ(?1N*Y2j?gl-&$G9+1edYB3S4zt
zC7){c=BPy_^Fg*f&bvTo0xD2K&?>n-k$`kz1Ff4{DgX>}cBA3+NzA_KetTjJXe8Xq
z82W(Vsv}Ck!F&RsKrIudw=1alOox@ay1|&Wfi7{g0}z;vCGu!z3>|NF{QWT50XSQ$
z7y+D5TOeVrhYHK4UsKR;@vX)8@cvg;J`$~S<Ujiqp{Ka4Fq#N$-MoPui&61J*C#vq
z;gwy<f{f_4W`*F<bz==q(JMnu<@r)D17v@mx(XYl(6T;@R`9OBntI2=i()n`dG_nK
zU_J%VLj^j_ah%)cN3Zs7PowvuS9>$_FH~)Esy`1Q2~tjcF!_JA4?zgw4H=#&vmbUM
z_(bC3XWD=Ps4SyW{C(~QA&FA6Ax=S?8D9XiLja0|9zWjdOP>X$u8zn{R&{$Zw+|^-
zdmnzhttoIc%$*BCBu4?O?Wm)fz-}~XdFM2^nH5sx{^<-w3+mVbRjLA77icmDF)7CJ
z7-fRxYb?d0zY4g&Fbb$M6rq5C*3Fi*b3%;TfCp8`rJmIZ<UqgIqA`kYo4r!C2_(Y<
zB}zmFadC01NGA(8fI2c&`(m2d5#I31ZJjd9m!F@?l4iH<a8P&JEQf9s+eCc(W@EMF
zQ4^#eUvA3Ir0`X)?USMWXmO_{e~OU#U`||mx2`}Tye!>+Vn?>`*FIlKt}6-?^Vp9k
z>C5t9o^n5mo{whzQxfJaL458PJSVx3_Kh5W_>r)JJKxWoc{z{wHAqoEB25-QTAg`)
zd4r@8AU3>PYg1FxS(%xwfT~~y2N?g<w#GYfi22*EO-{I<py9CDR+f}|n0;B`8#BA!
zEE~V(N+L^}r=YA1{?nXi=`x}mVEe*@f-Y!U`r;UN=m7V{JbKVB;q86%;U`@=JxM@O
z!)R5z{&s>1z*=ErmPjR~#-}}xM}B_2$~bT>yglgvh>(7r`1PUS#AjAXo*mDIY*iax
zL`a)8<ZF(F821;g=nBLw-cZc{D~Sax;3aY{Rmu2Dp=Q0n!i2$GhQZ5~m^9Qd0}xap
zZ@a8nmcodTTaI<+W3>-M=mZT1^}WjEG(Hv2G&YteV~$^Gv)~qMz4DRUu%ch>7LVm}
zv#C_W-v4%d{>sZ!10^B&>+lW$>FX&<;y&gp<AT6ni*=X4ht$RIMT4S$6(_1TyG(eV
zCXUZ72B5{w7lp*cpl5O?H5i$q!+=jzZdku)*O9=~IBb8%A;^)}r1y5*y-yxOrNG_^
zwiWdfP$yx2=TQRbuU*t->9K2GD7Dp^c5a8!&wl68jTA8Joi9ZTn>R$9KVD;1lZxTg
zPa`l+U*>G(n$A4fZe>|j=aT^=XPi`1V&xPOKZy-m-@HGKR;mLvW;x*%I&nV=V5O4a
z?y-mRBGpi;yuA7bZ9X0mWp>Dk<qMv)<0we*{faNu`iLmC75?K=eHm<?u{mj8&+5~S
z>s33WVz$z2lUd&Yk--Xc=jK==S;pu5|8?UsNS(o7wyr)40JXryJWyhA=}>5XsUcCn
ze+5f|p^oi3kO7hNafr}gJELX@MS#7bfeDr^rm*q>JFp*6l?ieG>^@a)mR)<aBMdB$
zN#>6ewQ6(I$0+%ipYuwmC!e)#@b-$YpY1=6<z7<+@L;K5&&GM@MbE{{ZF=xm7oDrA
z793PgLnr&~E;<+L)_o45i78Lo5020ChMZ}o!se;6LqQu`lh?0Y%ZkewLriXfb?tDK
zN`Ax^J@CpZ+h`?kN?JvLvhX~kvx_IX8#OJ-YnobAY}~1{*PYLm;MTHv{m!4a<11qP
zcKqS`?L2-vy59ubvHlf%;wS^|u1H*k>@N}dNcbbSSbb-Rp+#lj?#l$0h-ul70*%}>
zjhss?;4X*;)@TVYfMP64*V5+k{40zHuzAS}I`#x~HE7ZjX+B=18a!IAcb!AWFtFOg
zRee4a4vU%Vj89mk+kW?~ngcZUiv~@B1nuu=0tv+Y-53}!Zuw^92QYEQZ>JE$B;=V=
zkAr9w1YdpTt3Fd30HTid?IlHXJ*K{%{x=5$cWjz7b%ICL3Z8Nc7Jl{~t1u4(N1c9=
z=~m$tEZZ<2y?ysHAj_)5g)~Y>E*ffNnXx7?2X^38wXx$h#rE_~l+1rEj$c1A5aVxC
zhG{!F`~V%|5Is**F~bC-02vUcx!Lt{pPVOT9M9}#(>M*CK*H`0LEQ?$;Xm})Dt3&#
zg>^df(R0_OufD#%<^%ROUVv6bJf4RvmIt-Do1cj2aZOt$Mq4p~bc>j!e1z@wo73ow
zJ6HvV)1dz}1zbi+H(o4@=5b60?bz)~Z@6gqsKeC^HKXSHzK&yYec47|Mm5=D?b<8@
zMpZz-hui|uO^jQ=1_JbxY|-KtbV(5rF@IID0%ZSxiZ=W4(PpZn(E=HM15DzQ$6XHJ
zmrB3rl4K{&I?ghQkDv8xex%;O)-0s0@;vpU#NBIUO3KRDkGxn-2{VBzQ(>rRKKJ7z
zk5<-cBlhjJDVR>VLKN^0iM?F5?08gdzo<sZx5PT6WL(GKFzIF$M5+Cls1g*;Midqn
zPy?Kn5j1PDu>=^+?~iBd-wL>xP<GGbv63JIvcjsBcUn`7UwP&#Rs3b-7P0M1jSu-!
zkLA^2L|+}(#_0z7cuk23pmUDc1z7-A1BZ1Pc_qGpR45Jz&&_4E1+9@bMFH?Q=`oKo
zPNM%~y69Vi&&;C`S3Dm58m|w}K+*vHsPi2bj{{J#s6fFt1m_8P$1{bg15P2D>FHU4
zy#!ATh|0pP>i2Yj5OLM`U>{>82W%TRFF03gy#ivut>qC#oKl(FG*7fnWTS<#1lYe0
zy|BdW4Y({e!ZTa~uSdkhFb~0|h6;;VU?5{ii?WN8I9sc1lo+L;nJ53aHNy5uaE$$u
zhD^~ZM4M*5VxiFX<7~1_y0F{ib3*yAJ#3=$<W_zX@-`+XC)>0)l^gGWOYG*{sKmvN
zRIm&g-sP#2>*~*e_0>iS1jgUz>pDrmgine8Yh@5$#Ai;g^vGQC1g19^4&R}$@KdM$
z1p)LODZo4!E-hQb#r&RJa1N&2tnV+-RtI(!43(2h#QcWn<a^J-(eUJEvp2-uy_T}v
zY<;FtJHNHT=S>Fa9BX_q1oL77z99UV$$pU9=jb^<7f?URghM0NP_So%rN;}y#pwn5
z$U(wSdb`zUYnhc3?|>-OdLrq^{s?b~s@u|lo$ou_yR)B~R>mq5)T9R%B#IQP4#_YQ
zM74UsTdvCL_har{W>nIx;8qV{UQ>$jaElnvTl9V!IadfYkVvPtV-L6Sf5k6m2n;(!
z&&DqoI{=5ZQNSK=*7E!x2InRioCkWxC*N*L$^O1-iM4T9;t1(}t^vn@#J#vBm2i-v
z@gCU+g;@?BOHvdHNXWrxgyt!HeBP`^6Y_OV*Vnljf_}epuCDR0kVr^6*jOd$c8j^q
zmi5)JidC{3_au(jPKtQON|k#+Pq}UdV55;J=An}e{2cbShhP&+7}gsHTQ)%zpsUmU
zJ?s~<uL(jmJ$7A!vdPXf^1S3QHMNL1PgRwaxf(r(0ZrS36{j546y>;jk=^mqu8E0(
z77;SBpC9(b+;+@efF)7l!B)WP5P%VCEEuQJ)5IDLW=Bip5velRwwl>%*u1CJdHuP%
zQ`hv7OHK}C$!$7HOMI{H7L&6D&^4O%?GKFX$hM!wrF@H+eiWq6RgeG*kbt}AuXpVJ
zZzFl!T~Br)wW#NJD0m60hNHj==qd&P1$Ma>_@!n7$^E!vbCQ}u@Di`(vh2fiPK!|g
z7Y!I7?Tl>aLXCd_m9#oQEO8qoq7lIUwWX0_H>@j3I3ah{-lyOcBEfQrMPS_eO)e5p
z+*jXzbD-uky$u>ffRF^Ku&9>Vx#g@P!mS4Mpv;r~+(b{r?TPcjWi*Gu@r?UUeMaa2
zay8J!&7qdRx6aLpRllZe<OGnvt)Tztt9*rOTeRWwu#KA9#OcMw#SI|c%iEL>XHvWl
z?3@ymP|S~StldRGh@Ax=98zN0E~~4>=Z05pmAHJ-5sdNdw|N3jQPL^X8Y+yU$~1%D
zUYoGk(a2X-%o{35&*~OtG}AhsQ`<)XQ&BU;a;kErzid|WjJ#IfmGI%l+FG>SJf(gp
z0UveegcE8183~d7jf6l&_k(^xP7+->BxG~4Wg_o102JtDumQp2`5kdLFTEfzXmV%B
z)R>kJy#{0{-{F&uU%$pO^uNE_Y}DW_ydjEfDPuVN(LWRPQ5B3CNPoWA(={{0W(>j^
zlHV+NS8>tAgWoLpG6b=-&^C~#sqPpm4^G4+3v^l98&gJEF;37W+j<Q6uB2yx)~c3c
zpz+nMA5FmyW5%dUSX;TDyrAFCH;}npy(LoRg;<^}|FV(Lt(Ms?_rtibV?QPsb6a%f
zoi-Pw{&if9s@DimWQ?xTU0_$scz0iIduyulHyN1)y?@LAVrk8_e<glhi6cDRiVJ<4
zG5?34$QmCMeySs-p~c^sFdP!WHFm+j0+3u_U49qK486>J@5R?2y&3Ynaoj(I<Aj}x
zU|mHZS4)#k9r^e?DTr!2O1AmcU_tc-I+3R{KYnyxdsh*WOt4<seau3kXPtWAa{OsT
zWaPlLca<X(bEUu(z?7;<EbYx@z;io{Wy_Al^S%r*q@`?65UO}iD}`LC7<>Fg(Z5R%
z4lc^p7ksydyrx{+9ZK!$G;-B=3|lS%7tWrMA<%cOrB5Z)HpWK(J&y9WU-XXBSI7&C
zN+RVpndcX@IgFh!$`bGBu<x*6wx|=@rjlz^(0rWW7U9@}BfMR93Zhumao4O|5LKNb
z{iD!+2Q7;s#qe9wnbH_X<{OSON|$SN2ZUW83@i_&7EzV|koIrbDlt3Il2;nB8cbg&
zI>ptEs5!2*&LOE?l0F&3PA)i!ARf!(!>9jRqLOlWfL4;iuLuu0K9R#|VGMbnLy~Ye
zE-oLm{(1g3b456?Kshrj1u7KIXqTHx`-Ei5wt%XS$hfX2{?(qxdoSe`6*qH&0R$oU
z;)Pi*2u|}NEwe=RDlILN9qMv_j802aI0!WNrKSK)phJCrN$@CIXVRe#$U~XGX2>4&
zKCDQL0nvE5=~xfPbaZ6!L{_$#NFjli>-sPLJ5zpBiWQpXYcWVzW8QL?ce4POz4e9&
z$*h(5wKX@%PwZdRY{`$Eh+0u6LPj{6^R5_;Q8H13+uSo%H}CRAdUxx0xgRB!PWJcB
z5U$X;h(E_5VfYxtmy<*vFWLAIhKoU3j6W9%;mC&PPJO-KTP}esGE&cDfbR;dvIwU9
zYCeQ^V~?V577p{=Q9S7Be+6j#WgyMaGZW1l1bxIFt6E_e+k|E{)q`uuvt>3)K5^2H
z3&(hBMC`71@t;XwNubj&FfMdvRj)|A#tt1fA58aHRBcjICvEw3bYR|-bA-cBGI3mZ
zhHhoxV?R6@zCF}ml3XeI=gED|h368E%Rdm|zx5|h<KQs>tt#tFleS|`J1Ki?j)~P}
z({o)-_Z)>Sq-~$YUS{kBgdgE~DYFLlVfcOKtc>J0sysZ(0aUK-KUSmeTsFuu@84c7
z3#WsGOur_q-KejEKwYBy-y;}-?KXhJHD7*jjbv#ph~rJ1(*Bd`MS>xbaQQ&|K<r-P
zzB2505XA5jth;U(t657X91j}q=459~%rJcwAm(DvGr}3pU&6K>5QzK>I%gl)3PNy;
zrYD?({nwiQ_2Xwn{KAF~1yAB}I#6HjQ9rNAd}Ws#NAmoEi+4sVi7zC70urpN@+vBk
z{rwu+HHO89TYaG}kQZEk#!Wf#L%e=odKdp1cf4_l{|5!BYXgkVi+-$B1_q2XuWfN6
zl>a2l8`y6w(OmsQO7NG@G@jgi?MC}R2>(m#0Rrs=tDq#c;C@ZP=<N5!LxKLX1j9Q(
zeY}3xo$A31=!KV2_kI71(7<0d!}uKY^ISxaD*g=EAP0c9`+1qCU~GZJXgOxi9%u-M
zz|-706x=>t0@U*bhd;9T-V*;mhqE{2!Fcx8Wk8MI0p#PmpERQ{agUXe2V~zL&{E%E
z{AM%fq@=|o1Pn0TGN^p!Oa3eW{cLHXOazEg4)BFTX=M}_aBS0)`Pe@`jSzyL^Knc=
z&u_LV6UR1{bXva(#2seVRVs^&1jK}@08qHJE?CwLxQ)G_h_`=QK$nQA@%Q$y9*@v(
z2BRK#Z(DsL2HY3GbbKdz6G?&ALI<a{kT&7Eft!xhF77`^^+otEts3%4|4m^kf-l`Q
zO8EXQhV);eO@GpZnozuG(|twW4Zz7R;HkIP;$?nNUd9GA<#!4GK^8(Rg~U_LGDxEN
zQ2eyt20)72?L@_gU8zPOy~#ZW)PFF?J8C2FdOkUq!5s6!h0;`_ydhFBs50pvS0WAm
zCKlZI2xb%vlFvsR74mV}{iaaowcy7+Pv4FC=Ye;;2;MR6JDcpW;1z7Zp;-szACd7e
z&0o_Kt@-vhPwI;Rv*W);={#hI%XQHcNsj>k`;H3Cv8r7z<G$26XX!08diIag)1r!h
z8Y3Ase!z)w<4M-uMUmF$N{G0%uhRatBF^s>i+Mi&U?UzoFWU@u%`@<_1TvjIhhT-a
zhgRLk>+b$*>qxx&t<-qu7-{*N3zRqo(y+R}G;gKd`9+9GjkhEMDb-IEF#jj!CW6+u
z2fyqL|KsZtljB!Yj^5>cd{!s%9WZ%ySPnnP`Cqg^?dnrkz)POODL<@jNf(H~FnCI2
z{`qK^)Wa|J8H#}4ROOSuz~^&GM8CV!_KRMdk(s*<cJ+VKqvQ|FLjHV4<ow2=&;j3m
z3#&+QRIr~FYpu>RLU8GQcK{VBfYqx4l(=`KorE}G*f&nIDgAMxFU|a>Ku}NY$?yw@
z0Jj=X<w;4Y{yK90-@P0T1H!%B*t^UBaU)w6&D$?K*K{OuKLVQMyF)z7SQOA)olx5m
zo`8#F1H~=-Us*T)M~43mkNKs7+w965dd?9RJ1hgVrE}|o?wg&Ejm7LpQBIYIQzYQg
zg)D_<WWo7jJub)wPVZ@U9};r57Et-&F`(B{rk-W4&8nYQMkC_PV7M<O`;WEaBX{MO
zlt8*y6Rr2_Z_@O^eVyLv!%79V!kB3H-dpd6cb7vIBbhr5n}XI1SI4WXcXB{O729@>
zN(F$s^xuJ=M0Sg(#F&kIUd>U<46t9aFETL({VPgbHjPV@V~2Gt>-UUVfg>5Ey!m9U
zOV=ZP_w`0Kg}N|BC8cnHcnMd^j*@`u5t-KGA_lhgW{uq-*y6_o^T}h{u6nk)Q9<v+
z!x?3LPtF+$o<2g()$JZBg0dix03O{IKmK@6@%^-WaA08Mq!&_cX-Flks!Bl(w7rQF
z+U^Tmgjs7mzzxg4?gHO*{JBVjp!2{Zfd38zjBqROS0Hec{ho0L5%Uc`_n+wzpx5L}
zaZnn?akRf3c}qH=4fJWp@ravu*H*eLCpaTO0bT5pdbV<Ov4J>0CR9vFuf}o3bg<HV
z<nHc-6Q~gr2Y|-y;^N{G<84z)A@dwNw~Rt?JeILjCCxu-$bU9e_xQ2RVsA!_1{*}@
zx|LjnKC8(YGjE_ox>P}ssSp#!&#|PSx5rcRqSJB2ZCdV0S0=_~z8#Puoa^f$i?xvv
zj;-&S-x6hV9gF0UI*Vf0h?4xD9yQbRJfCqMLB0&N)BOMeX7IP(tR2ClxL{o?-%{Lp
zl;^tJkHovI**hrk_w?_@!65aUlD2)ga27vyVwXTbK!2ZHOX(6$Q>`U%H;JRR!NO^r
z6}(-Pje&T?*4A|G$CKH}_j6KjFSxX%Up1YouiIL2t0QqCU(Y!N&BRL_S9Ib;T+%W!
zGMqJ7D!qpaD<_$8(5Z>R-UfOjwmlH&^5}Ym&Ra~?PZUsaXpL7ZA+X{F6AymQuz<7a
z%o|$gML}DeeAlera03>j=>uM-9~~nEd}<m;3HsT#F1eHtErn}bOIo}0!EPku$-1ZA
z&r$lgma{9O!J!p)C{!uB_<`o}#jZ7mz3t9~qiu{vbbyUfiDsur0xOYPXj}5^7h55J
zlz1^(K|bAgX=G{SVnW4AB%=w-@{qR&^kmmAb5k(5W4*UmrR6HZ>n1SeIybz&?Zb&I
z$lh8Ug9Kc6I2;QPw^6u$H<l|>b6C7LhKkRu&HI#7UU&)B0~L#*BK?i=QkC}gAI(W)
z1l2r;#g}_Orv9LN;ILF?K31U#+)!E0qhKFosK#!z6j|T>$FzL-hCAg>ycQ(Ydw<^^
zHyOd9d9yF|F9%;-xbfG7DGjp*;aSoe$d#obxQE+r%YxI?Ifa(|52v^+KofYD>Wwy(
zVrxXEXx3vzVYV;+;xno(?3Lb-T(!){4f(MoOr6Q1ijHfOD<Wd2xLEvT*$Hb!Uf6PF
z0F^`B>e$b@XmA|AE*5n%5HQiGODpaDc<#KR;>OMS-9s&%oNwLYZe`&=+lmFR)85+`
z7R-2U0I-kcm^<Yl8T}fRu%muEIc-dE!U>bv`@xd0(qhjeZfpCB_Wr@#VZa$9l)%v1
zC$F8TpE}WYD{FD3FO3Fjk~Yu<MiH*Fv8CgF^Ze0foNLpE$qwj=^-aTxn1;}qtu<j+
z1^sQOVNOI)9H;PZ#wfz`L_{Tc+yP@znZR1p4RB`E@qWJh(ExnO>Emq_y>Kki!sxch
zqC+FO8q$%rFBnvE<xLGtkt)EOYEOJNxHw-9)E#_nX*L2l?!!eQqJI)efG)uiZySEh
z7Wgye5*3Ki=&0(>>2c{)yt?@t3{2m+Sb|sXHGnx`)gT1TMp&FCM4tdBI?A#zxBwW&
zpPD&OKKYjXhfsrkY6);18+kxD%$2l!@L3R8>nrf(KFtl-%y2ZHxSg$x7Ol(STvig5
zO=?ps(V*nDm2Yaj%J$AhV`oJ^qAy!n@L;+oO|~-sX>MMWraCJq4tyAJot?S4pV(v3
zM0WOxX}|)1n#av)&5yz#WM7CbdOc5zVpDyrWj@8y?OFfz$JrN(%`NN#u)8)!ifA2{
zh||zF``cm67ft1wa(Q{Ss#~k6q}oE{&O5u<9RW&f#LQ#a`EBhn;7)hvqx|>I)J{^0
zLk6uz%<_qrOE(2CqVw8E73KLfF{4Uuvvu;DryZAhjN04ORYV!1*#rr)g!IHsUd#rM
zMpM7SA!}cMFlL%+%D&p@YmGFT>sYg8U#(oB_q;z?RtLI@QttgU@DwJ!_|JgU=hDZu
zljVa337SZQ-^aYS7f$?#l08>9h!_8@6=leJQV=_~v`?Mly7=@ar!pP&acl;iLioWd
zZ6d<N5_H^Dif;k(1%o9n?GmYah<e{JlUV}>FzpngNrpHMuz<?u#b!(=k3rLg;!n)F
zT$p)s$W{!1aq{4C(Mlg=Rk*9&_ekQzj>Zb4-)tN$$MwxsZ7&ICnQc~F9lV*C_3Exp
zS!{nU1U8`(J+AEbqegu8>pDv2xy@KEPAlSHwj^N546vZ?(ZoGKqfw63n7kpeq;(iW
zU<L}O<X*5J@{LBA`S337TZ~k3b|2To0Hg+-il`E%K#Is4eC0DeR|SdA+nKGuo^zP3
zPYzLi&!4Y~sy{S(bDQ4r<e<dj<hfva79#L#V}kdS2f`YNEBUV_n8uaAM{MfIVdfk<
zE6B3%Mm^$8*IEoFBFp{D^j*mGT<3P_DZ~#Jp4raOmx3HG6r#d(_+~O>;n&rwBYsTn
zbdE)$JBv$|;x^a_wTmUSU%J%w7AtvFe=txl<#>9E%L99bZCqROi2B1L6Cb@IOdrH`
zyXG^EZF9&9&r)u-lz4NR2{1J-yimU@#`{{ksr3RS_lv6KsT7(gubn1o(`7n?!;^#^
zTUx>y30%!dfynefuJWHczhY9fnf552ykT(0?ZsL;!ub}VX-%n<=Y)vF>`NqFM&EOY
zf5I4IZz3cJYs;oVD-&}DK;AUDKeRjVjIPiZSfIix$SXx}b_uK44>vgoX3FU8gMyUV
zFJ$8O6Xt`|_g^uPiD0dA5m_A_CIF0z2As|p!4;B)3V<I)bLwj?@xQvw&CL|Nn;R6V
zHq*Ub3-p_V`Owk|fbNdbV62xOj-=EM5uRy}4vhu~n$oMgkG7xx7}YdxyX|&$!5V(?
z1Fh=!hBri!N}@+jwK|<b%=dG$t47N_9W+8`r5oBOxsOk3E9`*rb7r;RH)>wbX!^m`
zjgyCu7KkSaeI;`a#1`Ai>x5eNyxvA7d(E4TAWz<@j9!#toYWJi#tOwd>dDj!ap(%P
z=cumG)gvpv#&8+z)E!RRkCY3{vyyQ^80WWZa>`jLI=mqjk;LELX3K~&0!bWqclCU-
zhYYAIzV?C9fAF~_a)q>d`ty0EY_Sx6r6bNgBMIT38|;WU)qYaC$Kf~0L@#|au)Ft<
zdkZA`I87lJti6{GKYgFBf~;<Oo8f`1ae#~rmZU4GS@n@5!_%7xaI$1(XXmTJX&9{+
zdMee_)Ifl#DWyW53-9Q7ytmQLHH(wXAXooGR|D|m{&&pHQlU|q*$X}G6fpPX!em{>
zQ$Md1o<hV}2*p}Q)qDPj7Dh(oZ!Ju=4CW5!Z#B$Bk@?>61Nm3OU(Ndt>?!L2CZ?xz
zyMh<PN)*8afYee;uP9FS!IAmjWYTg`&cW^J=v}6@{+uj(izVV4#vIk^N-Vo0y%)6w
z=J$_;$gxYCFB{DI%Tf%{J4e+q+XEpo+j*@nv{VUmb6n8u&lR@{<C_$D`83n$-pi@H
z-#u7bDRJ)%5h2rNEh@-^$X+ppgbVSpwQ=*^>f6b9Q(`gXsp*uxw<}_HS`^6yn3y)s
zix@55hsmX;z9r;lm1CV<-TH21t>Y<L!YEAi39>BdYhz5z5vvK0$1zEz$G#%1C`rFd
zh?iH)QL(;Op%Ymr`OYC?VNxbfi!EDbREU$e9%gbu=YAg3cGMeE4yF~wXl?O=7)H~H
z$i^{mxWMts)vFnrSDWkd-x%^z6txXD+8Qae4ZtfQCs`D#pHd&k2^~=g+H6Fz&Ie-P
zum(kXIck{WLw384_b|?w6o@%DM%(Ke^K_;xA!f9`xIa(pp{a($A*n6)NsakPG3@$X
zeHIW?wYomotaB(8vQ=(RlwBN8a(`-kf|U)~UY3DPi1V2ZMr5bB4EmyX*QU6>ycIJf
z3!i@p{6Wy4&m-e_O8cWiqzA<RnosOgrpi}+s+gnNZ?D_#d7uemvXqy=uKBCt0Vyp`
zR@$GZsTh(U4!W2Rv+DN0D*)c-9Zt84i}brAyONM{1EvE~L?r?RQw;4fM_Hf0GtJJd
zigpxl_kUM}&xxZgvX$rCCQcK@34!YJND7!UXLtR9>wKh&C<kau(l+f2bak9C0TlqL
z{44hWFsB3_;W%Y9{|x^ZKXLUmN3LO)%oA}T+@)HMMKuPT94es98(t5^`M#R;iA93a
zEkUlSPJvyx*WnL(H9bFT(72rwG`vUMW)g(9IRW)5otJwCD-v}1ary2y&m=g)eH7xE
z3z~ZMsnxkUY`?zuD4P1F*J1c>yXO4EqmQ`Fp=BW)Kv!;dFsNkg`e^8*22P2$L=NHl
zkbo01)d3-s{AkZ|`ow*+0j;{6kZ=z-M|n^~l~rJdHS26M60CPGO8EAKO{1V-RHPuw
zS#Ql>__jzqZdW+$H&-jo?iX>`-YwHSBl1?cMf8ShvAKNibqsO!(plG>2BqDYkj1^p
zluF5p+<k4h65GAmc2=rxi!lkys**s#j=SVCi>Y0iPm9yE$=Czo7EvmwJ;5=@x>T+0
z2i2ISRkiQksxc+kb#|Kh_hvVxM<k)U6Rx@UpQLiCz{?XH+ZW!iCWn&lCuroWJtWPb
ziO!zdXVX>ZpdN}iC15WwhKj4yn>$>fyTrb{hddi)@BG-`w}jJVk!AKs1qFFtd0N}a
z=wMZ;p<VYRfV{2c(dnYF61K0IaPG*t_NCwuFGh>zef<Gxp)$*7^+iuh^~Lt5LLK2h
zXZEZ2(f41&#hwoB1ZSwM*>&2ybVs!jE+!^fYp?T957a(asy<$uS2zPl1#)&OC@iT`
zikkSG6Rxow!oc&UwXMh{+D+s~BX4m9?{Q}9cUct8!(tDzJq}21yQkfhkogcq3<T=g
z;}TS>g_B5o>_e>rK#3-Vvu5EIZ{71jA>fl$T6@stRcgsU1$rQ`ohF)KFD@2TiL3?Y
zEH0Q%0bBR3rL&f`xhY!<Hu4qWdccF+OcF{fWPiVTZ)UR_osX!$hjBT|0YhJV*yi=v
z?O<mmT9%G324a)4M!kczHW}@|e3#yNSKoGH_FM}6o3sA_Ablk8l0O2bE*pG8iACW+
z(G$5;2f|;4SD26tfrpog?OWKdoQ9SfcSZ?JIx~)KQ|HLQ7ABCDBda<x{wUyCXI7yS
ze_tL)scP+lHiE#bpeDdGwaWVYuI-Ez7FvMQ;{8^XQLQv`&%DpZtzU2*%TV#z1ud6&
zc9QT#&&Y#PW3Sw)oVbNWDs|Fjbw&q4nKOCN{1A<NsG@TI<>|rWb+-y3*GGVL&6Fv0
z=A9T=B1g?VWv1f40vG_cU2}DqYo*zOR!$yCz%_M7Iy42grZSsKG~1<CcjB=A!i}RO
z8ljjYv2Fy^@<9Kz^2@G7&F{sfC5{FW8T8%vJ{9^3X(nklAFmPZiMGo@`TB|VcDGPc
zZE$vrHjD8Zh~u(ycm#K2=fV>ka+*{8v>TwHoXJjqA7+=_U#K}!&067Z@}5<7+<nNW
zu%Mla92=jNRb;R4PKn)^JG79H-CZo(5O#l{&%YuUbEPp*VN<3&(?0h`--Ny!X&d`m
zcgJ;GJ5h={=r?c3^TX|Rp}d3LtP@Ng1pR@8rw+Sn-}=B|)ZJ>Ns)D3h-*7OLMwFSW
zZa0ZW^En?9tY>Z1c-E`_=9-NNyV)7>M^W{lEA$I<N=nbQ6Zv)VN5P9rYcZrV(VFUy
z2J_V$DTPME?In&kzZaMfsf2nC)s-6PXkye@ixMf<3m8su=~v#{RS8w(j84#aqQGT0
z-=T`4_INS4dGMVI+pB&BgE~z;h~Q061DdHvphRHa{Ka@xamlk|k$I=O-jB~2_lAy6
zw9>PMj*~GaH$mSyCP05i0g>4QS;GNTWF06swRG5qgFk3P(Yv<<?dPJ_CQ4-;m&bD@
z{f#nAN{yKp5S5t5K5sbZL0djTu`$2~2yr-fCxqp!NQTp7)$%plxp^kNy(YuWK5{&x
zosszG@qH7IjQB}p{05b7;_9ky4sxKJvZVv()TB;K;)ePA)@09rIz9Z0-Xi{_C<%WJ
zDx(x}G@4;c*i9KPz+&<^E;k#CR<5|te|;a>FGp5vs_`b$7W54hl%3}xKRHxYQtI0r
z)IEvjSz=1@eEt*Rb=1DR2vjmbG<&|<|5hIw?U+;_n=|Lo19f#<z^X|@dx9%a3_0XO
zV#B|bRH&m=)yc7W)7P<iYK3q63-krLv09y@>uQ-gO1%30t^<x`oP?m!JX)5lN{=nK
zLEZBd;=r{Wem>q$s{w=N?lTH)Z+Y%&Dk2)32;H&|MC67AVtPw;&3e?g7tzQw>=Rjg
z?CGDC-dI&jooQr?f7bC1A{JRD^4a89-e_vt5~TjpaKSE8pDYqngE$R6BkD!{q?cB&
z(k0aW9@<SXb00w=Dmi$%5@wl|)IS9~ur{twcP0ng(DNr_MWV3LGHXJYdPv`8Pq9sb
ztKX;{hsf1((+o7SLbEtE`iximv%@hnAW88AiF4WaFkv@EO7g1S_RTeS4p*Vp#Oqcv
zSlgsy8#F)?zDN0WWtE0l?~D>H?dN`gc(zCG!i;22v%hM{2di=ob)+Bc?pnAw3S1Km
z2RkVD9Qu~Ksj#l9!2vZkKVW@rJ9Wo0)rTAHN+Yzw7426U>7C4Wo2U<3ncz^<3Lx`T
zWLAlv9!JRbQt=qZ_UCB#9Ujs1+rOiE@NuddhPXiIo>FEuHEDhT1U)!4kkDz>LLH{I
zBeKIW%40UU2D7j4aP9-A$@ja$kZW|)j*q=O--jaDLvsz_PaY2R_dnX0M$w{>`<t<4
z|Kt#Uf~u#J(zVk^E_X+Ns~UY8Z~*wTkn2LSH*xf4s+~Y@<OgCxq47)=o?aQOf`UQ>
za<ztc2(vp!Z52;p59~R@bgk+dwO7+a#bWX_Y17*lSlt26ngNxw)JS*afCJ|Y!S*w5
zK%)7BgivUjTsJi>>fQVBN32AhfisB&P@}e($hS%~eM=U2k@Ku05@>-n;>+ZsewAlD
z30Qv8rzC@sY{;L6O!j$07|Gr9u3&ELDbQ!WiDxSsOJQ_X+BXSaR#s|v#2V@DD7>XI
zYK8=2h@pX=V|Uc+9a7#F%Z1<KnVDpl4pqpI6`(raI2kAP*j1uX<Q=dQ{oEIc@Cvus
zZ*eSKl0Px)5^!kp*h#;uyK+OiyD(fF<$U$hh7s5xo0X@SJV?0e4}zB+&owVv6rHM;
zhjE2xqO1lJ?DR>f0J`I~SCXmmE)RY#ElD(i)yh*uca&u?a#NU}@95B_(KzlWIzsQj
z+{xMQs9@@SWVV!l%d(oJQcpp4a_z@Rl7+nEMQNfBlS$KJucJ5+;&tbo%T*qS=?u(B
zB~^65YGp!l!!derGdBkfQl*Y8)+x?tX%zb8E|z~<GxngFZ<-Hy^~4p*$Zi|jTy*Bp
zuhBSDFzJ{Nnn&5VtY<<xUOio0Y@VI`bb4av@6xXA3!-_S^-lQv43O8We$FUnfLJj>
z2@monU}|(_#MU$V^Wo2u2fn-|jlQ-$?x??7Yxco@b$rAetUXLI0Qo^j)*~vc>13_n
z;SU|z9A&2`L|yqBxu&1>UH8{nQ#{%1=BkKZ=ywM@{3E|(pur!C->u6R0NIHPcazTn
z{mjcu#_Vf2QFTBfGLDz^qr^R+DUA%jj_pk?Afl@hhn&1j_LLbdvoMp{-)|N#vWZcA
zY+m^Kxs$x4<ZHVGeNZZPSv275&-G*_6+_J4k4SI$BfhXxh#9tP-*QY8?WUvNv__N}
zB*dq2AAmZkz`Vu2D`Rot50#VJ!d7(o+tv*hv!Fd`jTw#;gzxhgVud(OnziHw7sQs{
ziLb(+SVVe5J|Tj#Paz68U_;fpTZ=QXs}@o5UDjyFlPM=~h<3j`VxHpChL`Kw4h2sP
z*uN?7*h%g7SW5h?V&y!SYBpeR%4F2H<FPR~EI6{Hm9Gb-tD9FS_4pJ~zR_4<G}1PF
z5hUk--_whRO(v8(huJ$Ci76JE&(;PpocE{jVQAH8HCJ{tC_{5cPw52Tc5<Va6<6=q
z2qy3Ek8kWpMdteV&Nl95wXa{zwp}V3<F_hG*|syg<Im+ElF?4h<{V?&vc6_dDqTzB
zjP4J?RA?zJwTL6ujQL$`kL({>fg061FZavX{r!BzEYS1YiF%ZZEr0*sTb9c>>o`@n
zn`1(DLXup+Hz=%DVGe*Nqd=f$GOVb%*ndaIRf@gt@aGpY;H|TUj4oDZ1={3re>&F&
zi<ILTS7_>W?9#W?^b0jFtt-SZ7hU(U)po}7RiVNEyf+`<W5Umic|8#P;@P+kFo0S`
z=}D+4@b`&LQ&lQ$dM$DP93lI7W-ueibh&ihrP{T6H@i9yU^r-GGFe;g66buh?NJ(y
znL?q!*#vG;gDiJ@jt{bFH-0INPr*PH1p}F3L%!7eD_!B$I4uh()3CkZyqFx#PS1Ys
zVnP62svH+6U*k=G7sXci`eI{1oQ3PP5C^ZjkUqsEzA2oV3Go`XZGF*MNsI9@N9%Ln
zT*WRc)?kdLz$N+|)@2^$B*(N`tTl``DTVHnS@Y_(c}JvLK`e>-F(qlciSJ!qWiQu%
zpEH@`SvSl_s$wowr6L8DR0t%`Ty);+J$cJ6++J-#EyN`cT0{pWKbQ(iM32Wd2M7#x
z@1q9`==d!6;#W3SYRPSveGe9Nv@y=Sui=*IRW-80Wkp<kd0Jsr8%7y&s?EF)*ZRIU
z%6Ls4B<qRmHz$A)Z;gJ4A*zzmSt*G}8u-`fdXQKuricwGevt|8s1TTP?&O%>UPT(*
z&N2+5{A32{<*anw4<vm&X8lx|(f4S+TtFlC<Ll*-QrWlS`_>ivMU38lIt_}UB93q3
z(>A(cH~Wd9nV>Fd$#k~+%AC`CV6vzH+^X8m=f9r)=dl1ZH@L#a@Ad-=?D%8B1y|-i
znR&~Ki_w|;HDq>TAW^lR;L`=C#V%=`2F&!QH-J_=vU8y4o%6`mF3nmVEmvO!-=NpN
zNDJymuZj*l0k)p~?d3Prcfw`q!a*UzoOXAL@HuBe`_q(Ip=cX5HqG2D=mR)78V;mF
zyQ2Gup*uC0MVfpq1gmSC3^Gx~Mo%Gz&7yvFqE3BhZOp()8qI>6@g0CXp_!hYmT`$L
zKKKkAMGjK>vM=5t=l@_Zw!=Sdgqh!tOYv$P=Hb~m&QDS@2XXuH!TW<K*RCYN0vx3A
zM$cg2TC!tL9~TR~2%Btg$e7Zer|VU09xOX=3z-+FQKTU@wey8(8fW$z$7d%~Kc9ZS
zO1URiw}Bn;)*Sqc#}Ni<02upoo^KB<Jf~#g?OzK$ZBB7`tevlA!M8H2ZXDmlxa7q?
zb%Gc_VLXd+dVBgmp@qK)07-{)BiZ{ak{O?P5nskB6v9^t3x4Ui&nz4NkVw6W({XFP
z1L%TSHqcQ?&vmC{LndNy*e9Lm&&#|uz#W_&-6KnHvl<#2DgbVNXzg%yXVC?k2Xd~v
zs}}X1N81n{*R5Ab_URPhJT~h?>TFc^&E-t3`A8b@1B&3z?6?2W%p{hYx-dPosGe<j
z6i=S^=4?;xB`n*|fzT#zc=DiC>jsC*3yaC*y9rLW=XII@BFzA_$K_v4WpjXh=R4w!
zGOdn)b@J*+Y23!DuS?0pGj$@`wbh<`doH$mx>+AiAwbH6{*H80Y<wWwARw(IyVv|y
zKO)Anm!CCyrcGhqjwT)AXWM{D3#?H*(Y53|N(PF}$2Y{gTu5CCf3i(SM?|mzzZ^TL
zf5bLssC8p%BKy_$5HZwosrie4Xv^tcB7Q@@rNx(-jw_>0Gpoq6axyZLjNRz>P0IgV
z<}JSqMqtFGcqNQC8IFDMS9&Y0{>vTVuBC?1qVO**xbOb9(bS|U&;EqdZBfxqr(m~X
zwcBTF0la!QR9s9FlrAi5eCyj5S^pY|tJf}F0RVIuz{lgZUnaX~UAcNyS|w>06ic^&
zYPO{UP?A;_?6LnK%dX$Se&QJin2Ze{66Zo#on)Qd5vH-WZZ(+@%!)0VJ@ztcYgd1)
zQo*#%6UlBWe$JWvuvb>S0kikqBSWM0N{M5iC2tb!Q~7b;cO{91a38P8B~#Nn4e~CR
zjo{_JR3`pHMyIV6W6}t9iTUx0i?eUpk+DbBN<BXzWTgl+#gmQQYr*v!;@L*})o6N(
z*sCJ;5A<IQX!uEke~2`#*D`nOBd@Zk7>V!Q)%`V%MuJkwu=60?=o5ijB3C8*j4jin
z$+z|wn_hEE8~kWenhlrrPq5Rjb1kpk*a$QhMbZ0RbgoMWJW6iXD?OCwn_BE4?;b7Z
zm?t$BII$u`Hn1Pf54h@<ZL7b(rS5c8$$nMv8^Y-DV)$q=rscBK%2HB}>Av`dj&3zE
z#&&wbDR=tkIWM}9ihm#&r%-r7++o|}ANXsGPy>K;r(M5YdT;}$$h>Jy-Rmbog43xl
zF*(Xp3hbnR@I`J_%Yah5l%WcXF~hlzIN&>HdNpun)AVmIfXStvA6Ie_pY2^o>OGL-
zcHIo6MPB3f>f+laYiBn-c2_4#o_%uHE_)RYY;)vvfZhOjFh}>Ax{8V}^<Gs8iZW^+
zmkqS$zvfL&03|i_I$NvoH7d%OV=VTx#pFk=kWBhcN23JbvIdoagZhVGP~FJR*hT4p
zYvE0uSAcvm6EIE&B{mcEjt~tmP$u;g9h&7m6n3gE!?9DLL|`vW<Ycw-OtWn+ZVe<S
zxXJz4=bPP%E9F_PZnc#O7DCtP^;gH~IcU3;ntX-_&cexc^_>)}h`@%0rMjC?+Rl@!
z6`8YcFLy*$Hg&~>SWwBq9YezNV>qYoM%L@h%*FIkfY=2^05xFlgbz^Lo$Nw)QA5&&
z(*B>fc+g{+B@2~G#uMAJEaZRHu6O_SO!?Hqp%O<?FzBLu+g?+ikbvBtJAdQ8$jJGZ
z&rd^D#5WUhP_FIyS7;aO@=c)Chf|rdt^R0MX%T(1+NK4J0<EIjIZ@;0yZ5IZR;!cH
zMM$D}p?#+Y&_Y~P7kNC6?a#>`xKp}bog671sx<bG&;@8He_dnsF`1(HjsKbjr2L;S
z53NHU<5YRpt0Ey(1HX0j&cK~r_J|)H=qaBg+lp%kd*Oz)Z2ja!jsERNZ!d78arM;(
z&7S6ic4I|OpdMKsbc8bkLix08-MgUFAUAT`pKbt?<TM!r?7n*}h8B9(1hY{#W8XKV
ziJB(eH!s3Dd|*t|=zF^_0lc1Slt5~l5tn9beF7b+GxHzw;{?WWBo^g7pde0<1yH`@
zJ4nx5z497RHr;JLT4R!wLEBkZU{)swVkJ#1JB`vQ1g2==&b-5`TcBikW3IW>s9kwi
zb*%`n0yRlv9Sq7TD7|`EjTq#KXm1RijUv~{-m|ynDnhYl+Q=_-Fs~H;O^EhFZ#}7n
z*j9Hkvv<}m3cD&$!m@|xxwTzkP3AnZ$rW@W9_^MdK0$F;n;q7n!)&C`*zyfo6jnuI
z#24xQz$mpqud=UTe&<U9X1?7U@*6r;+6BK?SuABw*HWKvjBB}Hs%UYfr@)KXsk&p&
z#GzutX<}GEULX&BhgT(fkJ~M-Ao?|^Z})Is-J{5K-CkmzJ_hdcpl_*JsUyeO?&q_$
ze`h@FyC=azMtk7Q59vX`yaZ1On(vtK)+cbn+`r!l9=PuMs^uOqKK0uZdVa{l<FrbH
zRNPuiR|$5N$<xd?u5h8k?$3K8GxA9eFh={8Q*9^50*wVkOU><wT4qp=7xjjStS!v{
zm^SB&EzLhJiv}({6^6q0-ob}N4=;l-_ydi|J0d1r`Q^JxdjAkDpUaGNa6m}622oDs
z!k^h4eg2j%OV-16$Z!6X1r#_(uW@r$O%veiP1P-bSJ)d*I2_=Bi^HGmT@_8CDGZ=v
zud!<*z30<A0A7uBVKq4qDvA`qRdWlp<%4Zkk61c-F7@2n-&$k@4J@NejA*%1R+L3;
z8xsZX3_ts#LSF8k+2_?c4Hf#9`G(w)HCOVz!;+AUq2g$DXHbaIF0FWsCG-Mj4e*@m
z2p^3CjmG=cEGGUmB4KyqObIK2v!}ef<mvaS=}wE-FE|%Him9F9q7+<>BQwWnY>x`4
zgT4)N8S4q!0Sr#neF$+fz1yhS@XcW_fod-&D8Awz(@Ir`c6p}*++5sR%5$=;*&^Y{
zR)0RLH(Swe)8QAh=D7PYietXL`}5gE9f3gj*uet=8rcxKNGpnhs6ycgCeDh2`vnjs
zPC-=WHFYsp!yI_?WB9}YDSGs1lA<zPvD=A|N1ZIYb%ReBZP)};KW#Z&BB1MC@X%e8
z(!D*?Sm={_c6ZBRqnXjsoTyrsebBiWK7}01kjh7XjZn?h;sV9z-Qp;3wTIb1krfak
zL6m`dU+4VPp3cr{x9}^Sr(Q!(G&X#`Z1l#i&GzT=&iyP*7*HJ=<gUxCuW-$4N?)v2
z5t#4XZtv#8Y`0<DlBjGproGuaHf2K>va&BKjV8=!8Ex(uj#OEsjKn<24jA`B8ra_v
zJ%g^5HZvU9Phuv#0V_?Tn#eEb{h7r+d;j$i(|mc<Oyk7KF|5D3I<8_18*Z<Ch&))k
zhuqD~`!LS=GG#;f<n_3Co!g22vCT?(){3a9Z(nw@E6>#8sq@s>8ti9FTbz8xfKJp_
zqdtLKe=z@<Hdxo0Hj&J|bq9@e)p@d-9*d3h0~#T#r@AM-)IE;<)4M@|j|K|W83C%P
z6tuV9z5-Y*PsYw-x@;fkbdb-5vi9sY0gY0Xjkh>y_mx$|nHlNaq)2Joj;0b5NAE22
z3tON=Xvfg+!$T=51egA)@_0!8E4Dqe&0}qi-%{>u;20LOxPO7F@6>Pg?W)};--q)a
zJ<`9eeePvkBqU+`t)0~RW(tk=T5qH<1T6%h1KU|@AeZPU3(C#S1++5i9bFweDpMwy
z%2c6w&^W`ltjzxE*-gW*0f(d81IPa^6M@f<YPQdAE%s%-tK1GCSN~ox_g<}5>fC&)
z{fG9q9X!0<@eNu~M%#f9l`sWOnsi_Dr$`0myvxf^X@FdJqyB2s#HIi%t-8pXB&Qn+
zhE$)758rH&{C)%5o1OJY&kI>q*sg61OFH^N4-&xI6jt=WH6PdhoDH-s-2ivCcd%Hm
zCcOMAZC<N|V4RIkFeksd<4Pyp7V$0!=wDhL<!iCMBv8%NxS>jf1!9~bO3#uQ0oa7*
zD2ot54g1h)7+Lo5Gr(<a&4DI5)@_bq?)-Ycg>AMRd>DUm!~H|l>Z75}(rCRDdNY1z
z`M{>~&Z5Ls6b0QXJJWgW?#WQJuHhj?;7aOk)Fzi)gQEEP6pvMxT%Gbf6R+=|*U&#g
z#q8<Wv!lU@YoFk;ug4|ow%wNNGG767qpd$xnuJhe<P-BODO5&TE@fkS;&3h)r^T4i
zu|=yDA=eQ-sR;kfxlQ3zOM|%}N}SYHFX4R4J`ugAx#!6+D7zOCn<@6DiG1_V<mdRx
zFBy=87p=eJ?`V#}8Yc&-Vtm^au9G)%n`eNY0BRb~cOA%z6TRt@rkC=I!hhB{9NB)u
zNlfNVNs?fmdm~&cvg+voO)pVrcC{_s&e3_<^*|<Yy&_pG#8Y0c)Uoz!Zg{QvN5#+^
zws((mKnY)Ama#~@nUg}^<$B<8Yq66}Gt43{Tsg19PvwNGA<6R+$*GLeJVmJjckwcZ
zI~gNY42&@~XKRyV_tOg|9U4|Q#$FzLC9K|C+I)NviGtozED3rryXeF9q;Dc=EGxCY
z;ClA4*fC#P&uU#RkBZX4E~c%Jj!(1D)@AR2Y2|jRBij5Sg6kz0FQYxWKaA9Lagl*N
zitERC;Uh&%<+7^!_7Phvk=?PthmZ3qFo|rFH&i?yVPt*Twfk1WD^yx;bA?<+UJCIO
z(ev2?$4-;q^!?y8ePo=6E_II+*3BvmqS)1YeOF(c*dM)GlGIL>45;QfQwLHpv}59U
z1;*<HnXiiNvQUSyHAcg)Fa=bTA1Mdl6R`WvHqTGnRkQqBs>hR?>6paSI7hX^Q@30?
z=D1#Z74?O?4Wc}>R-HN|Z^D<9ncW^SCD1yHfC~lAI~|{?^V-@PKC)c3lIiSySPmRd
zTelXcTH*)19)vE|*aFPGHCSN6kpFL#V`zd70o(I}$OBi9{#ONj9mN)nqHa4aulF_$
zfhU2ZdPR3zbbbp5keqVpR@l3Fa_R0Q6lj;q?C+u)`&&7tGgD6ByUV#U=P@^dYL3T<
zjAociMRd<MBhzJPmqj<5r1*Ph<)mtQdki<D|B@K!CR})_P!;cy^>-};@&8hDaUDqb
zr49a7tOEQ%5eyLtkD9+mUE7X%iYs?={X(_8>U*>f{6vqKE-ai|2zxxC6B6b}s!6Nb
zr*YOc_l7PIYJ@}wsb@3EEBU|7roLcE|JtSC*#Xh!_<6hK8MdgWg$e~4Ptu!dA$@$S
z>V2AY;x>8rl+G5eN}K9@1;)?veq%H~e6(9SC5G>VT-NkaySaMRwx(?BS#uBMk&%W|
zlXZ0TrILOmy*V~lS@V*oK;tF&?5v0FdLuliVYD+V7~uTt>kjD2gH?#Sq?RL{Ed6G%
z02D6j<|tfw#@1-~%a=@(KIXYFS6?+z%^&q1ts8xz;^2Q>l5q4h_+8iVTg2su_pu|7
zk2w1quAs!h6>+3zau|OVC`eRN`9J*2#~M`TkQYHhJdr@|ZaeS{SEC8+97RXXPzhGy
z8|e19E@q~ch|8fD|3A*&Iw;QW*%l5kxJw|o6Wm>bTY%s}g9LXE4#C|mxC9Ns-Q6L$
zyE_aH!R|xyzNgNq`@83>`u>`#k!QB{?%loCYShO_lYM<J;I<%l1NH1RHZ}463sCu7
z=iP5G)Ht~dw8eOKmA4?b7_Eve@%HaH`QCvCR|mgohDd-0@!y<&7s|gF&(Ns%f8Tu(
zKyM8)+<lm%5%2{hE(-uv&O!pB?mt}buf(SeDH5-I;9e*$q&TdD@_t{{;#Xg#y#o~e
z^1fzx-M)k%c7LVksh@3}-v;+1y40ACE5WSZGikIwI4AR&)B?D88j4cYyYq^PrkmAV
zFFzOz9Gtf-EG*~yThitfH9e%`g1mo89RD`dh4!z0R>sVCf`8iX53Ih{AZygeNw$1b
zLlD#RlE#ZxC^|VnjQY%Iq>>2-QC8Uckj4)QC-(Jg#uK2l-=*(Nbr-RgCod(Bn4Fl1
z{bg6;ADP#G*a|+j|0vvcP3J`Y9SoP3jAuqdWSY{SNwPmN{sjUQZpi?03)4?_JUsxZ
z4FR)j`{&CNSx%{(<`h5MQk?`^0I;&%zX;8Ly5aNBsXmkb{qNcU^gRKN(k_cgh1DN5
ziqIQMPmxzXXc)lQis1N_y1ekREO=@EGYzEnZz!g`#ov+OFAc=<g+OH`>2LFgRD$jm
z=HLd%HooxC0$%5OQNPGG1{4bs{{wvgpNbi9KmRfX%1;Q8|L$<_7h14j6ndx?<_ik`
z|5xLlO-^aozH>L;c0o!9llg!UGlXoJPLy&bkZG%{$0nk%oeKg)v~nTyQ1XPrnwpxR
zXZ7I4NFYJ?E2&0|P0sEOTPLwH_BOXMgqd8==`Hi=ccbpf*VvV7;jhTs;g})AzrsV>
zdvQtkZ=hS|#K7xlcmzA#yn&Et{|Nd92zB^szauAU2bG1};;6$&d_~s-0iXTH7ZOkO
zX#93r@O#~*29AHfLc)L^ec`TI8-spm?2Cih%(_u;m<&9D1d0@RD3T+aI#w~do^R6h
zn4R#yzxmHkpClvU`kK6!U}i&#`0J(JFU|i(LbB@|=TA@6L4^l=))U0-90fGdQv55t
zPAysgHX9_QEO-#k*~jSr-R_sao4|o+fEWgqUG}7F8T{MB2@D9HwgMx3+zRWNwH{yy
zxEVF5fJXKU!7+ExK`kR;_n5zo5r?C8^#3w0zz?e7`jPdhT#Od9`hD5{wwxJ~3a<Zd
znSwM-lDQ-7|26DP+l<U8xccmsNdL~(Ka=)9UiJgNF1<4LRdXZ#b^Oo3FhiO}eN9`P
zY|RUwhQw_Cww6#KK_Sxxj2kWr1kjRttxiY{pI4ZvSYvNs>0nTC^#ASkf0*9?kM^s;
zp#+-TGHC@w(~efU=sGpM)!j>TdbQ`<8S|&rg=oM8BOqNHYl6Pb<u38|l1`%NW2gNu
zL)MM}+Iq@dLaok0VC?*Nu7Rc_0TW`vTrr_d089v8^MpsV9Te~v(G9>7Qrl_urf=~D
zy7UIt3;RFx;=fiv8tR|PW&%`fmJI$bI-j3mz-U!jqh7g7fXXZ{qc~h#56HVK{<NQ)
z2UtY*=Md52jiVr@Z3$Ks4MQOZuK(>Xl>GnBNa)&z?7uT7lrJRo>oi$JoeyDv3Qxl?
zi7*ILtq16x2Kvj4^fVoKcz*sIXFrMyyNiGSZ_EDEW=q5U+W`|I=q2ZWI}rHN0nIl0
zs~~tCS#Tx01a~?x!f6D+vw7}b^^+}|0M91J4WehwYQX=uP5)yV{qrV`h>-OwwhlUR
zTf3Ll{%6=ol!1+QBTM>|Fu?F-8y|6})ziLgh0vF+K)0g0dx(jd8t?v#n|pO`m*~IN
z`2Y1kYr}uH0?!5YTI)YwGvokmJ!DM(HYyVA=n#&Mcv6KcIv-Zr`T33U&q6ZnaUb*?
zB!B}XWDs=@E?Kb{J`VqEhrij>KThE&HyszLa^)sHepvzw2Ez=w0+6znO3cOt6J9^<
z5dW_R{4sfdyNwGA(eV8C28u1xkRJZ8EqwVv{bebXFl1^Bv2=uSxERe;4B4A}28oE!
zc726_QeN_VO_$j5aCf1UmdUn&0}Ssxj(q6|3mkKWbVs_K?eOj9N8JB3YyYel0>3{?
zBgp`~`(NMlseV}+W{S=drEzlXtQ~aZQSyllVPwo6w{X;2wfunJiN|TZWLldfEG!H@
zX*v~-B;Zj9oAm~YERt2Z@{k?_TTE?1e~6=i_@(#dK<{ma?PUIY@3|o%Y;0^yZ$87q
zA<;vuth7ecsWIN(tlpIy+;d6>cUiIiYnXsvt=WRMV3;wR3B2gkUrCU3k*z6`FtP8i
zsP{YXno}I5RPl8U9)$Z|JvF1oBhka3!P}t`5<&s`r9M_#b=>4wOD3;@Lq$!TCm@O4
zCB^_VA|vC2T~|X~xR8X9-po&3Qh6e^H@uE;6jW4HbO0kiAqx;$h-T3Ga=V+^rVkVo
z9@yCxyC-i4G2I&sa^wsCnNkyi3GXAjus@wLqylMcf66x9##;*n#S}}Tb}pxKvBurf
z(~+-T!T|ym*lwOP`276m=H=f6?wRJA2OidG<&07O%RB;4iS9xBb6^dA=1Oepf}2D4
ziT+56wxmKTN1*Kn_v@6`rf-2wN0mq0UML0uV(nlXM!&C%<Q?m~P57c%Q*gAtLcT1n
zDpEVZHPl;}I%T&buw?{R@`-i}j2^Pi&yJz_Uj7>{C=zD(Yi&|-pnjPWg&d&ewSG0b
zDio_$i?tmU5)ufo06Usp9Y|?uX~m7GmA^|wWJyM4<fMB)e|iM~jAiZStB3bY8vp~I
z=$v%;f$7DBl8kWY&IWIO0ajEyI@}f$5nQWyn4ctspv&)DmZgY#=sKnhzqv*9NHodn
z{gYH;gf)0k`xt#S5>7JhTdT)S#VnF7x{o3%4p)1m<GKi2borN=59m0*gdtmT;x4H7
zVDHfI?PukQ{3KC{;M&eI7i^jl^US9)$5A&7^!LAYfValUH!Z&);!tZKEP0-XaCSx#
zesF53Y_{t#k<S#?HUx>S)?2staz~MOm1gLyspY3>pm&a@``q80q{xlZ!zcE(nPhja
z;VZC<FO%}a;d~h&XLg*krB?k>-G8|^Zcy)Whv6R-6c#tKJDSO+#Z67E9#5xGPQvg0
z8>{oI?qF%YDq0)2D#1?V2YR7G1sN!j8Xg+`xlf*`3sCM^8{VI^-5%UlnKdedgn$sw
z(r!4<X#}JpgDVWn8XJg);0&D}=u}IQ?k-+4Ly)nYk@^P)ZfNS{O5;fa>qBTpltf@x
z@WmfsI_y*I2_?NP-AMX@u=nZwV4ALowktVKl0<%GDZ0$%T@1}TT8Piqy>M;b<$@;`
z5d6{}kafT2O_oVrr7P8GKhJvU@!4M3^<9O$Ew_ANm1?%htchN-W{ehOZqsN#(Qbr7
z#f(++*RL%{hM(qB^_y@?u<3)XxY55;qg&sPE8v_mZ75{etOKedDF87eYDF@%hlg0N
zu$`wzF3Y*{U-p}6<T7M{X{MiVFy!q4F;Tftvhj0=piAL{lw`nUG(bf-XhPoVprwXS
z%JeGQ+Vtk|_-UVG)c_27wp!V!*rUVFu(0o(AdNL00~@a<Bb7_u_Ojgf#(fJQlgj>s
z-{Ip>H`R743kt6HL+i%^f_UmZ=qRwC+u$G+uI?H=)q1K;3-Z$w1o+K>uyTP%>Pd@(
z<Nf}MJ|D;4&L-kCZ!1g>ttwklOuw{At(CulMG~L?o^p;GL*dOetVpR}*lt(yajL9g
zHC2vMYNSGixR#>hcJ4TgoEB5_Bw?sp5$VRwuV+NYqh*?h*IKoH?@RdLo;%k)*Y!Qp
z!1&K*S3PJ@=;0GHAMP;7l<P@|eXs6saeUrJ5qJD*Gsaab!M9#Ep}xhYfw?g_?c9ig
za=f6xp&3dYy0{#`q^Kqg5S4lMyWI<~($H>IbYL+a8EA2xVXt>R$Zgn?#k4VdD25M6
z<aN4`rMArAnO5Qi!1Y%{Wzpo4A6!ByN)*W@+iNWJ2R?786`~R4yJ6Cj&v)JmO=Eg^
zp%BcWUYs>?Q%THov#KS3-(`}lvq8a;ISW9%@4~lfh9@m-Seio@wz;n@G1YN^;P)t$
zALL*(7`2_uAIX-PEzKDONLpQ$Mlwel0<%UCK0hO$=j=9pq%7Scz1pl-TN&6{hx`0e
zkKXufq1j%ZwtZieM@bD&+X=ptw|=!4x0Wz}>TSMF%wiu;@-f%gl0luBc;=^0LJC>h
zEF@&WAhxdrF*{ZR<53G7EH;frP?_f)t>I`4;YQAe-nQ7#H&_lv)Rm`|`VZ$=*Nk%}
z+0)@kmNs|O^*RE0FipD)qx=Q~3zXSALxa2#M6viLmVtap)`ygNX4+NqDI!lB(%n@Y
ztEE0o>o*hCavZ;E!&ggBn_&U<TlC74r3xsoM-C$k1+xX7(k0RtCzv#XuUwIHydT5_
ziy~;fpn+Z<xR!wTv$?r>4Pe*>oNxQ--JE;^Z$_;a6xM$aQQ7f#tk#wVLxM+i(L5BO
zf*jSD(t{+U=reyvjoQE0x+8HW;_A;3;G@`}65=;sfopRmBr3?>K@O3YXk)FAZV(L@
zl^`y9MXpl>OWK3b+0`eXHFUZCcRfdEcVz>mk#6yy-@JR0BHhk4!697sa=V_^u`=r7
zDcgRA!K>C#Y!N%ixjo{sf0M$~;sh1z@x<XjIb;yB_PK;0?~v19v#f<7)Fy+2a6ss-
ze_M|Ul!Ade&AMQ#H8g?l_lL+Sk1Gah<uY{hlSb5Ml)EL%D&R+7%?Wh^2pAiD;5f9r
zGK@LP>_n>Me}C28w-5Fv8zwF!NMZhEK#&M3sU~w7xW+i`>uTJOTU#kfWgW~`3j>v9
z7IcnGW}_sG6Gdp@Jp&#f?BD{g*ZreBIyyEs47nuIBo$sjFdV1j9P^08a#v7@@80%C
z>`?Um-1v9q9!MZlc9Habk?U&$0_wWp=WZ!#&7a@0v0A(hM>CM6-J~yOIVoHp&+csk
z`S-U64nW^8JI5EkRPsIzpf^u_J6>qO^t#(Nal*RCg+PXke0p?tyvJi^m2OwO$Xt3=
z`?iCwYV~<)a1^*jokh=wkxZ6rK~Za$GV_1%Ktc>+8hn#36M%J{*mjcYl%@W9yTxPi
zbP??S@R2rG`dzWO@2q_4+OKWC0kv3|qMl;xE<clL615C%TY*a$qA6t*xO`#dK-yyt
zFF!gJf1sLFm|GOVJEX~cIhN`UqFoWdxB4}0@rufY<>gFnR=%!t+-Ln9cepe^m0V2?
z=ovAO>e*BwnaP23QjfNekpaY`-`+Rs+f|d6*p^d6$chi?jcdop(4?e;1M^j;k-oAT
z(Tf!Zd`I2llr<M;XFd`U_@dJ64a#%Gy8eojlH4hZ>Okf4G=8(YYR|>m<1Bzkv38g$
zA8ptFa|`emUL2f2<DW4@3UiS}CV=lh8u_Jvd?_xet_)_}p+LUf?;bvd+lfSAXk7Zf
zoprlod0CXfx8wP8AG6-^iJpRFekhp`aJQRAxeXr*fU9m~i)7KKwd%U+NbA*=N9m~F
zgIty{)4WdDay{b99h1e+?Ga;`(E=tP^v%m@V-xJjG(y;UN>Vu?aym=%gVX~#>Cv^3
zaFzFI2vpEh9Mz;$+;N6|5Z!CT@OV*(qo`0{EAg70k}>FP;W-|{i_?AdaYyIU@9|e8
z`?Zuwz{nWQmK3JJpu0236T5b`Ck$zMyN>T?It8oyoTJcchuD9=1e&s<*ejEaRg<ta
z%o#^+dppHgE+IgDFG7x9GY=21lUhC+73<nYRh4tod0f|D+WU^~&O3z#u|}s!Xl}Zg
z*?tRb*fdl6$=wASRU#%VG&Jz;;@Ri%{yNlllS*!VT1^Lv%b5!usK}gL4vQ+E>=2pJ
zMzGw<qa7P|I(J67H&+zbFLL{QbLufyWx}=6#y|Gc)nRX}mArnfg+k7JRW<_z*!K6O
zyiEm0PQEeA5LFHV8id}`;70Ff9|?=npr9b`pYvJz<k4c2c`}LZfRg-iII~)k>OaPJ
zH2h}#&q@bw;S+_@$F~d`Kd`n2zSopaz{ust6v^3(Nws0(CQrTkZQ4e`%K8{Wheuke
zo~3{*XnL7_zU<<41I=B(m9@8Sv8m&8)L<`UX-NO`w_8n*&SENwQH3y{NqNBoV`)Ry
zV>C+rmv|_Q&lq}l{;y35d%Pf<vO*-(<d3T`)mymZEegMhuI`ce;#@Ji|2m2$H$mY?
zy6yKO{E$!O9-*sr!lJiEG7gBBKJq(Au$I^>eUt!phekt`o2S9c#qP2fy3dFO6o^6$
zT`g7Vct$p5nny{Sd}zMh$RyO4q!S2e@V*iJ65n9?v8MpGBMg+vZdMsxW-(hAn@|Nv
zUVzVs%D#<={_ubPEi+H>U6#Xq>MKwSPK1=*ME^)C;Q^3QTwAn><NP+|`aY2!Ue{wB
z77_|-dK~5%kT}o>>uvW?)Y#+FR#f$A!0VKjo+$h@G}BfYW<c|dzeTebxOpoHet&B3
z6#$i`m;H)#^Ao#(Bi}~iT=%cTb@%|tP%<B8Sc;sZ-4BE~`I<-k{H$_Lz;(#_^=9;0
z5Iu06agS1JYB#enBV2B6xsM~d;yAj7$0}0SV6R#4vmt?$9x+#|*bXyIDQ^kpZT28d
zTWJ1}p0@J@m|Rz^OTTNsUbwq~hpmtrx^ADy*|)NiBk8Ce(5nX4B&420qm$wpi7l|%
z2aiH<g5EHkPq$Vnmy0nVCI`HB`=;H1TBtz3;-I>{i-ps%EyKA4_Wib!gupd!<c_oV
zzi{DoWF%1i{hL^7JNGWP-+Hq_qoUufNoZnSp5BO8x?DarM=_5`CAW5+&TjTanVr{J
zPh#^rdwuE#3TMOb41cWlGh-D%<#v0rcf5D|rXG5@X!8mXSQR#Wp>z@Oct|Px%bL`h
zFKc!)=(ZwZGieq|%O47TeETMk!>e{CbNVa^R5mxqz4zEAFSlkM3@W=>Ii=c=&*Vkc
z^?po{CW_Pp!9hqqKk+p_4s#<Aa6AvZM6@U)@Z7^!PnHD(8?O#R-nS75q8yb_lSpe`
zOM^VZev5?ZjEI9TXC`eO6V6dq&0Jvn)45Q^R)YhblxK&IjLWVmq>`;DkTH*Fyo(z1
zvLp%)L>82_K6F$}_f0C;=N+7zl2zH`i_iO$!|Rv<$rP9)4llrUg<Tf>tv=NXkzfrl
z+4>48QFsx7>!x$!)1VjYOEArz9?XGAu2AqnVDB=mJsu-AiNYD3LdF)|Zj|Waty75)
z!*}#%p#CQmklKOd;^KmXQwV0|vR)Fp_;Qxxo|_<JK4U(X1#x-u$ddt-F_;K`<$V7I
zl;{)$)GR=-(vC0py#Mlz+s?QD`_ska<!N@egZ(TyJF(;A0!OgC)YpxkFi}9cMtla4
z`TUOXTbG2xzG$($ZWUP4uW4t|ZZ3d=dbXPjuj@0>Q1gap5W&D1I?<$Un`ds?N&a@J
z2_IRFF=KMc3sv5RTJguv;P32%n?EB%<Ob7C2re_fB8Z=hh7D4RZJa~xlJc4N7Hj-K
z^T%R>YdFK2yxQZQbK1c>dgm_M=DS+~4QBs1qV%LNvkLnj3+&6y|LC~>kv**e7uvo2
zNclm4<xAN#4J^bRKhk&y#9e#e^6LzKPZ;-Kx?J5dquaqv<%Vt78r}t@=Khzq0pM>g
zw<ZNeUxI|<^9)K@b3)VSq8@i`1`fKXXP(;bM9^+sn?zOUQ@j=(B=pqs{E6dfwxC$x
zQP&5Lo62oZaf2hh3(aO%eAd<w3O`ka%+38uorRK<_4zg=P1hTFytuYEPEI8Upvo85
zg2Zt5Ar;vQf(n92x-*0(YATw(JT{J%>l4VYLqa3u^hRK>>DDu2UD8okDl7s-KmXVD
zEbh-wo^hYAO*1*$np>LJ0gYE?lMfiApExB77Bn}DH0@zgh|tvg*{`PY9;UVlx4rGa
zreJynxM6e;56DoV)YedJ{2B>51J{eSZ!|#*?ac^xethQYp5a@2^?Y^fGxN%}`|U)V
zM^x)M2|t8F4xHLC`!JJ(!h3GI*cLfOGMY0K%7$Rco;!Lj)`zd<sElaHY+4_rREi<*
zqW!nSSOsP4qZWD@yN+dW)(*z~M2brrNs==?JU4Da6IVVh>OFgV`@u$bT>JHjbO$&n
zph+K$o94S-ZB^u`2kCE;l-WSkJKCZiJ>5Hts*2O825hKW;B}hI50Bv6LXPmKIFOd`
zeNEDx@CkyXlz}IkX5$B=eR(LCuGl-&x3%vwmup@S+YBv}fJ1sv<kM*V+;f)ED>58m
zVQc?LTh&eMbk{=;YkH9ALwl^_yJlP>Zi{Np-V~fN5>99~Mf<6Y)P>wm=bDBQA>;yw
zseQlXFkoJOlXY6rA&u^x`xXkrJt{`d_wcG<=7<QOVeroZEquc%I@JLH6#BL%|M}pT
zCg0OE6<!Ic%UuG^TiK{s`hwb@nEB9QDnAhd24RFFwQs!$&>_^Kj)LfdPz!rFZmk%Y
z=qj<j-D{Y(vkv!IHnU8}bGUc;zsd_LVmD9kn?HZ6*vyiO$q_Qfb-&&#{ea<>G7E!5
zK>yHZi;`YK<}z>a6pPGz_`q{^D7~@VLC}#$Z>~bj?h^dfY_-*sd9#3+!Z5|+U7Db2
z29y6OacdziGf*zrbd)4Q7oSUgWvN)V4FUiP;v)oKg<ICQqQj?h*?{Eb<pDVu!tt5d
zo-qCSO3IWkMqhgsocKX%IbtNY_xGD~GD67q`nKraf<OWFK)imUp`XTOmjd_Lt#Lr@
z@h*Xf<JDRxM03Seea<!kOt`i$Os#MMXE%bn?})QmB34!zb?RTyeWdT(-4w1IF@k=G
zJJ!Ra)Fg9JtkT`g9(lM!6w=n_H{W>{Q^U~e%j9SiG#9q?^sfE#;JAN|@;Q$9bM%`Q
zaNBd%mt$VEaDSj+Z<w(5kw6y5h|y3I!U&JK>(xV~$J5V_sNKxmCR1cD={&++hpC6R
zTwnRV>=|BN7>u5o9G@mJjJ64ECy`Tg04G6{C!Ef$m$3EIgR3oO8`l*<OX^f%w#WCA
zrJBhs{lxRutB*Jpu%f4k-lNG8ZQeDCe(G>U`Aj|*H#h54=15v07tY_HN0w(c<XNS5
z3s>c%AYFosbhSu(&z#<pI2sg!>+t8W+wLwl@H(yL*bS<%CT)>LL}E;Yp}j-t)qjxG
zyEb)Hy&YW}M4uE@5X0hY5^Z{-rgOL&h6?a|$QC+#SX1tXon^uxJs2dc_oT$IPV2lk
zZ+w6k7l9-pp%zlH<9cB9GD+3MCzI1mSXAv0NVXJmXN657@_id3FNW(r$aGIyHX>*h
zXn}U;zf|1zDPT3mj#b(L+1&RHHn_Vc^xoFv7@ovRC1B`Yv||FA6n&Q8z`DDghGKcS
z&7$$Cpa>4C7Oh!|Tzx>3vZE;)$K~}khH9U9?|Mrc)UI=SU)QsIL@K5}Yn1v!1Md4x
zB$m394ZOsC0mWTJYdjFqod5|@O<MYb2g1D$+(X6lUFfbK?9GYjrPGlh#uicU+aF<O
z4>OUva+Gfrh$S@r-RG)L27mDYnYE^>s|+}u`8{1A_rfdKph1i>Fy}l25q)*ae4{{?
zMP)@PdH&w)okkhQY`6qC*3&eiz`*_Lw=8IPI2r0<=aD=P2~c?|5T;R)lr_cxLd;)l
z(+hAX0Er=()3)b#DQ=hORQQq+cp=6(ah!1$Kro41A{^`PMI{MN550b0C=y$wZv(O^
zGc!{?nvmr)cN({yNN%1OV+>2g6E_{e{7py^(rhZt;vr`3+Y6;=jYn&qsM7wW-9Q4z
zRnh;6*ISc*3m4Vzyj~*>afCi#wHXGz?ou!<V#u(E`Q?T)$h{YJlK(nPcochDj0`=7
zcZM1YfE#iRG_T(peQO}ycm9-~?cyc>=3MC$c%)dhf#Kqa-yJ!>gx6H$9Pi!@iuyDv
z435T8vedupR=kO$p`dvY3DQGg?V~J#$Mrpo93J$KgiF5;!o$$p20l^!v(~B<{@QEr
zPOXUS_)M<uZo#jQIM%{p?<v`@l-GzbTBsNo5lv!_60u7!4sC=0vFo0l)`s78R?7%L
z`Sw&Q*Y1AB&!S40$+BN%x#e%oo25}$uO50+Z9+yA;>5zUB07n^(-=7sr}wW-bs3{m
zCufw(RuIAZH&J3$79Yz3p%HhA#L>Jg&e)3jA<)w$yr8XhTBVE|VT#|<7*ZLqAS5z|
z{kZ;Q+p*6m_6d>gL*QpsprTmPDw-iZ@OY9EwWgg1gqw=y405(;;RrB@p#niQGWdfS
zE#0R&pI{D2Fd2rX0ejtEXt$++^L9VP_`B(XFX<9;uejui;rQ%8wa?d>AQd<t3F1o;
zkp*jQ%aY)*xKX|F;HMm^UHD1=qQS8Ui?#m2o<Q>{ykAH$qXOenrLiEEO?HI3Tgz8i
zaP)aex%ke1BW9{``BbK#1YHT<&lZ(Q7qmmMv&lV@SEg1dCvgESsS4uIah1UmsPLl9
z=$&SKxPw*m*GzAMqmMW&U`~EoIv={RJ)M!0vma4gm9SS7MRz6$vF)3spUoW-x{$x$
z*l^WA*XFyT3vRa8pfW3+!DzN5Y@4~(MX(vVtxH%_Md*_`{`Dz<T8s$Ed;%l*!SrZ2
zhR=#Y{&>!}O<;lR<gi^>G+Ud;sQK#X%&u|^i_9j0NmoaO#c9yFQOtDnx6vHY1<v&L
z@WrmPa=uSe63$YiD`p^)VzrBm$9B#8Y4hl}&ep+^9Z*mO@<XOwHTvIs!3V|ZXXW3T
zNIx9&ct7zEi(I5QQp=6DT%6pG0d>>kZr)DFe#or^s$K+t-htBrWTN~sGCcxM1*L;t
zPaP8oxM8(sz8fJMC^j0Jxh1;F&j$1joU?UT-(e5oBB<}1`QNt0B6$J&f}Kl44Gs&=
zCiB`KJ9Mw#3Y5{1x&X@7Frn-EQudy$d&mG71P|Sc(0k?yh+@4Q5JnG$XNbrGG;k<N
zjII$;^6k6cFa&&GR3!Fw2(KPA!iYx&2d%2H1($`Rf5k+mJa0X%0_m=^ug>Vzni#M}
zo?b^BPnLI&mD_i9Ne>64ad^IJH&Jdv%Z-BzQ;klCdMkq7#l@_*LCC}qlxJYHh5^%j
z-pkxdNfCV>E(((5FqBDYtHO9H!o0`3-BY~J-(<fRGu##*+D)CBWHdKqZ-OI5;=AY~
z+vkr5-QO3FYHj#X+VCqlLe)N6zmK<hP$UP_B{;S#F5?J1UyU7>Z^}=0DP}-lY&41*
z2%}8WIp3`r&E22A1H$P<6ah6S%SxuW<dAcTy0vSXVb_E;J9Hc%yO4tx`&)#g<ht20
z|CTK-mD{Dw?OphidurHDYu#3;)G_TGp4qL<UYBpBB>ds-uhwzMvedUfQ)$px^&Ne(
zg*|-#OG5@st6ura3u+dUi}>-zn{~Y5YSs#k7}sXPqakoR>wVK8)fpB#E;clNE7vFG
zk0yy?++^he>Gd#1y42r4U_Zf1c`aTqqGU_|qChAAN!Zrw)DoDIznIl)X7BxY2WvTB
zInRw4lnw$?-F(u{$jd*!27S+17o>6#Fp0#E)<-3ehDI+JTd9n<W|CqBEG(e(0S1az
zA->t8IGELyXZP{vOme?Epv0B}2qJ#DB^81Ej=!$}3OUZY_tPEh)02B7X#_t&Vd{%Y
zbE_}+!jf;a4gd=C1Upi>nCZQ*6Iv(hA$jO^n%X!Qt4>w|Pz8w&PELLk+jdYm%gJNk
zqi@04;NoXcA|t9{Da*kJZtc-5s*tJk{DjO9IfTk^zb80l%rv4+nu5MUfy4f7Ej0IM
zbgZs8jctT`JOr;gd*UP3i7i!-e1C*n$vc;ZZS=bj{>y=g>*LX|(%(3uwG&3W<hn5j
zEC%0~V8@IuPJdN`j*}u>DQuyWXEbt1fz#?e>EDLCb-G}Ys}_LQnYq-(XqGCJ4AwPV
z^5k}6z_8yQMp0FaOL9Na7Fj_=XJIxx`G^^tn$PwT1Qew~_6tJdFdfegSOAn!;36ag
z9;NX`Cm!$j`-t_Py|hi;PWt&@r!U1v%4#;%Q=en#56-0vTfG68UsY5K#EWkPjKjzB
zrQoZRMGC~1Uowytp9AG4%gdSHu(`z>S4|KdFTMv?LJK0Jp&;b?uO+0J=JFKFt!78l
zMV+TnWz`OuracePJG6eLR6vYoB?>mIxhT`1QjLMhFcxTKj&2Gz#SYjU?O7&#P`oIh
zmxsQB)6ofd%+?rXLfWbXUzo)Be-V$afTUHy+Tx%so^7SzT5j+_pOH(2Gdko#7puW6
zJfqF}Ovyij`w9`p6Q;p_*9QQw=bNv!cQ)95+5Na)AgGe>@jX9~*%e6LA&%%J!s)!^
zTF$fc;r4^G5}~BGw>HSg4XfAPHXW&J%LIf-?}d^x-g$)^(oUs(IYHX$PnP+%LV+2!
zm7{QvldQ&0)i7|r!(OjAZw|;1uGT}lcBuO$HOar5a^r-l+#RNwAnxt!NH0zz<-)k%
ze=>3Zus~iFd6@rUteUC1>k60Z#FPHo`R;Z-2jwcWxzN>L)-3iT*Fjf`O>a>ghnEGM
zPHm*F)^GVv0PuS(4R#BKwar*}zmJ%Fd)95+Jk~2=ES<N=bC0t`F~{V$@q<cTLwV)n
zgO!!;Wb&?$-DX>Nm+0WY?Fq40R<c9*MI20UzKc}IQo>NuIv|FGc~M~ZuBBXHhsh*U
za2w`Ej=}|*LlivGrPDipKeR^L)jqB2`rPb(lQHHme9F?JfcW{>Zkt7QE3?yJUFElR
z%@R$gTP)Q2fmNPZzZKObMIaeZ@icI*A{4bIeu~PDLeX&48E~QggtsLjf@iitc8<s6
za2(dX>%HP~VKwz*Wdcnc4<8WfrSG>1l;U#_#bJVgf<+cSK57sj86RgU)E7YV80)5q
zkb`0@gg0BNXQ4__ufllx638h&T?CKdMuoQw7BJuF9#}g$$uEu>n>jNXIz@FFo4GO3
z>Wk`*G9+bibv8KZ5U1$e?Y=3n-yX#G!YTcJy$&R=DEM%=H}0yS1v9)YiM`pa3HJYn
zb)>;$NJ{q)a|RFdzweEPE^JWmBKkg<!|CLvJFaDQe2%2VaC-Lg3@^q^fs>5HW0-Na
zUUR-H&lY8OrRb26=<QzW@pCK;Ax3qLXHdpovRxsO+`3-x3JmqTWM%qf)ua0<iQG%D
z=<&#f<f?{A_jS&ZuFEUNlP2m1IX8A6Ums`%D3>=!8BJQ<MbBt7{dMXSzrUpx;BO6=
zc)+eUdCI4&-rD%DFn{xo4>`G8vU~haL-auzrEZ1S9kVU-yX^?+Tdy{pjv7#aBZZU>
zV(iR{;ayHbs8CDYVTj&Qy1F`>5h1^4?orEa0uaz6=IlJR5JFamCu2b8@RK${y)*iB
zV6k1BU@Irab6M$)zR{r8p`0%Ho3cYDaC3a4tE39uMZPkdv$(Uq^x~m~fFr)7r&XZq
z%E;jta3m5%@z=M4$x3ypgJOxh-+kpP<cVN+d)@BNw5kiOXw^%F8T&~u0z<^%n<f=1
zKXV%Lwmfo2*r1^21J=e^tQaWv(msnHq60z%<$YK)9z4F+lIg^|JPkgtqMr-nq)D~M
z3n7I@GD)4Wlwnf?N6us~cmuId*q@9rBP?^qf#k;I%`8F4khX{Bt3)8&1O<!Y3)H-M
zmHhE&<xx~0K^iqvqsmM8>M3BIl`;0_;Hrr9rQV!Ag*gJLGcpbe;KRNRd%I7~gxL%S
z-PaV4(Hu@GH)L<_JG&nz8PLnJc?~6#B<h<4M2g3{ks74f3T7khhJNT%x$LiM82HY%
zw{dl;@}E%v?2@65!z*90=wSww)H*q;5R2W$?e!Yo!O!i!%LV?)BFUsov8fVHrKmj@
z?(m<LZ<34GR~~br5t8L~B%75`MMBrj%3tzwj-FP`tYys$scQ)fPsQ*$l8Rk(xkmT?
z4-~py?1XpQsmKBI(g>*HM@J<+hY4yrnE6hHUK43NRtL^o9QCM8-bhymG>B3bvp<EE
zUp>E>2p13yL<s__(QRtKWcc==HVv1{-TWQ^DinBRs|@*W&k&r|A=<NpCGK@|%w_v<
z%OcuX(U)><Md>n+DY*HRD>?VkHz`F=gyM(5#giE3t3fteb_-Aclp204jGaa^Ofc3C
zrCc4J7nlaCNI|+g-QAj2(YQZq=ZEGKlQdlzAcv%silR^vP)Tj{6FO8%LQe1)>Rmt>
z+yy9168S5v=@&`fdCr)kMA8N+Qza3y$rWe^FohWhwKn6Mk00<D`pp^K>Fh1<jChye
z<ai+%4wZECjG1LXOisAxT=%)Cx9jeGagrg--dQ=XXSt*7)G?~5GlF>*z3vs!TBwf#
zHSM&#-i>8xSUg^q$yK`mwi{08q*ZJUACj?jP=syWPR$5G%&PTl0iNH`=U7J4NXwh$
z4aI=v@@0rEtb9oErwg4&FvtcMJuiqMxdO?oXla$44qJFHzvf^AuZ;u5q}5ke@|a{0
z&HH)eR&7Xr^ST08+4PJhhH6eZwHH*xu^J&+^=6hvx<0f-$NzoF0^)NzT@pz8)HSw#
zPE&`WjiZgYwzlj9@os>9wtSsj(cR_)N#*<1cP$ZBrk#er!)1Bj`;GyOx%F4ES*V1(
z!591bayl{)7JqEG)$-cOoitMx2aLT~4sea7q9AFAAu!9o1#wu!%$wP-da>bh_!HxJ
z-4*CQ`}hWnuLBM?qMRUW30Vs7!DL+~(g8+uznIbmHiGMnI${uNO6XD4RouK3nFTVz
z81byUHU0tHHQK!KUO74-E@NET_V|&M3V*joO+A9RMKCs>-0VXtoc;6RV*vBL-0?`V
z06wSHggLuH(&*9cBI4xK6#0wQem}4^9kkqpSmmd(+u*RfR?JibG6TXnC2fMWt%8fZ
zUKCy!nMJpc<eA>TpWZO*MX%pwo-fx8lnU?y7W=i}mHOsgU+t+bN8<jr^Pk|&G>GZ9
zXT|nih4CM&J-WM!2Uu-sz-p^};chL4Nu;Owap$^&G*=}lBSyv+%b-b}Yr~q*Y`X59
zLNyI48@jc6XLW$(7bxj=x;I%Mn6ftfcJSe9HnZG_Emm9Q*T)A{Rd^8>x3;$aYprW*
zABs!@Tf;kaiZ{y`;{b9c2r>_$y=HTE4U}SCy@mJ1;;RKrz`EUrfjT$8(bgMQMfIYZ
z$|pO=D;DmS?doh?vM`RvdiYz=ZSYMS<@Y2ZGNLq&FHS3k$Ut@%XS`rMZFPLQ?<`9l
z#q>&C2HYQXTG}7707&;uiRE7o)i)z)k+;#)mCcV~QK08*w`iYfU9!;M+w<_d>CsjV
zmr=O{=)&RP{VF7ASSr+r_{}t;XZ>uzmr~qJ6PBV4gdk%=x&f?LPHC}Z8Ci@?RJP7U
z^vr=bgO8NnR<ItngL3iXRJ6vnnP6f17)+w3FHZ8t5|2p|iJPL+lvkL1Dn5HtNowQD
zPi!V2`|%qYPo&Ozu+hqNk4D=jJ&iv5)3njGG0O|6v8U0fg74=`N&*`e-lX3R?oC`n
zVGyCNn}#Dh&qc(w2w4?IGnHHhlJK@)_W-J9JKL@)%QR*UWN#L303csyTKV{NPppt7
z1c5GTjM{Gq=_w0j(?Ed4K;8fylq@(_iu*bxQH-G_BQI9~&_yXoLbcv%6p~fRbty9P
zP4Z=YLBqD}%Jvq)>l{XX3e4mpijm$(A>^o+J)I#yaBC#zIVAO9HmITUoEvh=wzm@u
zj%-5}@YaBp5C32~%|!gFWsw@+R{7&`P`XJhXC}vM{q}JXlf`dfh_BLH;7eDe$+8rl
zr$7z3ho~LBm}(JCR?6xv!ff6v{OU~~-MzKJT;r3<<7DXg_^Ce|Xf3e0fgmdU6U5Vo
z;R+xdF-BmJn=fe2212y6v!`TKN^zK}wxR17%D7EFRMYGQT<KU4DOn;tAs>i{iaK>u
zY3JP3twOVJRt&th;c9DqZ=6g~dJGc@ViNS$1~sFGNuqX(3zu+?XqGui&xjdJ5@m{J
zR|?w-a>67=;zH(%OC7&gDGPY3oghxfis^c%FhQekMiy<T%UsVDEm5+eYTllotZds+
zjUE3(6%}4aaIMpZvGDnqWX{5COv%m`@D|Q{LUFJrhiiCXnkZzkoD>GcUT4O!xyx95
zrvg~Kq}adXTF?Y<qMxDw2V--vb?lA&I4vkh%S65-A6FUBxyMxh9yxX?2J%-<oz31U
z;FfFb{zfK!KR2JQ#lBBzG2_Q;(@M7i0P1{?&xQ)K|J4HUrWg>4VM4(RKx__(xx9u;
zjKt3&-7}-@{0dlHr{@yfw%Y5}nX@t~DcsF$6v<Cb2o|k`Wsw+O9Kr_=8HD9F9hP!L
z6KOO0d+ON<ktfFhhKggqHnHxtx7GqG0)oV(eHq?w(N$=%IWqf~1fxEHa4pyG;uUS=
zK}|k8{{73n&}l$CE<iS$kh`4tW0_`%VTGw&icWjV-O&85ycSpeHq0piDq%JRzlyt`
zs+g1+t1x(L*90UQK|@JQ(@TwIR36A)US5Sf52Q$YtFRjz)otFyo=a>Rm=U=GKV_3y
z(cGD^2edt9*$vsP76=+0k7*au{y;b3<<H)3N*O4Zq|~f&Vsw1SC~u}omQ|&BkH_^y
zxAg6*@1|4i4S!*qzJogU$5c;1EP?OgX_1K)Am8CVrToeh721$&Q}Zu#w6-o)AQ)lA
zrd3fF8-I|+bJ@R<I<_SAu6=r%`~5_JZ*zP>H-t%r+4>vfSBAj%Kv*5`O$K(|)%V^1
z;HUDWxlnR%E==gW%<o*EDvs~fB8=Sb2>&EQIXZ@BcKcG!Ob$<z1TwuXwz!Di7EuD!
zop}U+hR>ilVn^YKNh5kpCHsJffPIM>bRyMN#3HOM2c94=ueDx=>G!8;aI%=~1kj+<
z(}>3f$#;+9leqX$GibSZ&1%FCeh;LiR1hC!was#}X|sF<O9iHIVvlbfV6`O~^m-$!
z<!VHfBdk}f!AApZ>QTlJVQLI8hVP=6?gVfY?(c**KU3)gjVkRHEM#VPDf0>D<b*d%
zOX@WDO(OCsa!JUkf2W{^CD3?4owo8LJ#*SgQxr^#f${ZFenraHJ<tMkSGM0&Rp%$t
zHXb$i$)|E0M&jliYo%Emh7ODAEmbskt@}rXRz;q|rP@kUlhI~@LgB^M!?s?++pS3*
zA<dAgO=m&RII%vl5F7nLoY$|R1)snzcIYT3!Y_srx+&2zNy<-+^S2slF2ece^wA#H
zj-fki-Wzq2EGk!NsR_R&ajTJxl4f;4&Ox3tooZG(E*{mt^ix6<j7)?&nbISm+VB}-
zN=bk<o!ztLGPW{{b`!vC!?Q(E0wUy!fpjg7V*|514%PUWiCe5H(GnR2g(v9*43+a6
zrP_)*)K!~ivNdsST?h5yd-Cw>@8wUb=}lz8WNdhO;{;d@)Kfclj|WBolfho?+gcAd
zHQe5_DrWQ3oEyPMqDH+~yM7s`u_ZlH^wq2TZSYzHf?eosjU+zUaRfPg*1D_T+c_ov
z>Sh2@dDVh(Lyd?R)!UMz&1~D$H;LmBNWI^?9Gs>TfBbgY_5s&>@BT9bx}dWOHT{b7
z3`G<JdWmLDha8d-M3l-c)5EDCx5sU?s_KG)&t(1j?<;(vI@EVq<NrjDaZOnKOUzaQ
z7ggYl&5?popcbQ9hwz!u+}WPZ;$4}L9*ybQ{HyWrReZJWKH|@&ZZ``_%45yn=~7gu
z-e#e76!y~DgtEHfHS6HsM~tDpwmT!Rywz!{mkZ#3MCb^Ek_<aHskOl{CK7-3tYSKj
zO<T85?fZ=UNPy?`jD!$R9UzvIt<d<vvv8~#d5}+@{)_72lty&l4(d@rSh>8>>qa$6
zv}U5W@5CHppV?vx)DsS1>=(wTW!5QDGFAAb%N6_f?*=ZZ*70#%C7I?ewa4G9+IG|x
zNX=Sg%JO|7c%n3Sy<jD^drci;P>{s>CA`LOpTiUx*n4NiZ-aP$DLq>eK3`L~5b9hL
zr!7?KFtmcX?&|Btj3s@b{hkX*^?$&BoQeNq_R18$Q;qr7X58PO@|4^8(O|o|(lBz@
zLspwDqWJpyBJD&Pt+>}4Uw7S1o+&7uJJfMpBw2PXaTJec)>_*>gEwWf&)$!EpzCWE
zDH+{9guR1Y0jeB#mPt_Mdq3=(=x2a`Us-he$DDZrpnG?h?F2RP>Wq-y{ncj*_IRB}
z7xdmp)g2lqLP|wGShINYIw*MlHeB@FDObXE`GaStqh~ZsbSXp)0N*6;;o`!5w9p_L
z7j!n;9&_+DB}=c=mMr!ZP(3ZNuzy?9mzlRpthJhHMJR|N*jXqUbwY*4X+HI4#q-n?
z-Ddy3E7z7+Y%VlYQw+H3-#@7uB<pxdj(FQcsbe%Bojs_tJy||JR_<QdL_G9vQq+LT
zmKrYFXX9ESP@|fuC`#WaoGn9-2*$C^L^3WWfSAbOZjR0>LVAf<*#vCY^kO^#Y`YZ3
zlMeQ4HLbH*mBfJ;o5hQANWv}_kl6&S<uz~Y`?aYIzf`xGdPCmo9dzG}DM$YxWWdmC
z-@sEYterOo<G#L4bxq96I5@B0vdc@CsI#`MOamV5VbN?JBNj3ZZBE@&<!kG7M6O>s
z@G^iymhj+wD}ssXp8+kP;OBy`xU*DxVQX4+S0fEXjPUdw0g&shFgdG3$Vq=Fxr-3X
zoelS(32@b}PGi7p_!eqGkX&SW+bZ%+#_T=?K?xUpH4;R%>n^OPCmk1yj=s)pnpH_;
z5ZjNgf$+jPD*BL@#rB6DNArd%jj|X>t-0pmG=!B8{{)bi-Wil1Trlho$rwLt+RH0I
zb-iL2&)Qva-6bTcf(6uc&=*>#T(3`-!w_=~kQ8OXtU~Jw@|qYmm%NFw*WvIwKqU)b
zB_ls^r*TE+wS|N*S+E-lBW5!e3E;aGAPdQXQ!3V(E%{5)l%^YWf2d;9VvjK8P%$hP
zlLGp7G(RrB2s=m>b{vYhgg1Tz?+PWX#uDTgkji}e>#8xq>#&@mX5EikOf927nNvRM
z+4ePdW@3YwCe&F!Z<+R|&MuFAQBh%EYW2k5^Lqj$f69sFKIC<4G_^~I#RKXLm{ch(
z&COq{d!=?yc8r;Y_00Tw{=E>-?_M@9yaylf>*H-X4j=<8g3dtVRu=SSD0$R6;@sw>
zeKWX96`c|vnW#0&p*Wbb!gA)g>#E&;eUgGVb@B^I2d!5g7blB$V_91A{hKEtJLvAh
z$!^F#)$%dY?UscB%!Sf2B(amR<9@OW%#pUBj-j-W9<tYT!d=#x2<TUEAAtZSD&_{s
z(VjkcqkTol7tVPbGP8uA8aM!c<GUG*O*h^C-ADwUQ7*hh%XJY7*=T~zoNSEUGzNEr
z@Hm-zv4fg$^>_bc@8PfI20`LP4&FaWT?Wn!j&CV7Ece^;t{Eb{IXWyJQRCLKV_--_
zrj?i4$H{k#;Fa#5(t+&mTQi>+qYyahe9?gz_zyLS0$M{_2W@$)s9Fn5I?bTw5UO+V
z8TPN~X;o7`Te|^D&c;NBPsTYF(gS8sOvzV2J~g3$)}<9RDGK7owoX=B=-`-p@iL}3
zG}ycqT}?6sfg5cGivf0h)=mvTVQA-`{_WGuMEM@HaX(Itp34!K%;ps@y<uL|tO=Dw
z)FG2tFnK;3O<{agX)@}QPc{^4+HxInQQ)jTXoDgsbFNN1diypii-KB#kxV0cD1)4D
zEStk#j6dycQhtM$Ec{98!3x*A_Ti61w9Uo!L?1yMl9>@A;~QGd<~8?7?vs*tib`%e
zNofi=L8Puvieu&1|J@Ce23Pi77>wM;jkeXa>0Wz0mBg&Nq~#{AiEpoZKSP<0p$!P^
z0Yy-tpC9>jZv{`rC-pLJ>Q=qPeQ!C@%boz77d-q;_H2Q`lys-Ou}NRVv(hap5g>Q-
zI^XPkF0?JbQkJMZkmTxoFA4lri!r-{j+K4_1d%cX<qIXoZ}yG1dH8|L_A2Se=8Zj#
zC}D1m!^JRz?frz6sJ1<k#g^J^5<W+W)0+vR%I~iIw|m^`EW+;JWYg7v_}-!Z5|ldY
zm*j9x?E!wWn6-Y52{B`aj<DhP*u~md9ImcDsY&>)LITeu-JBQoO<#3!w{7j;1Lp}^
z^T}!p)38Qp<d3J@1V*@sCN69i8Y^8@epMaTeF5WPb?R_D*MV^^3rELzl1Qa*)e57x
z`>^MgLmL46T_DVPGS~gjC6UU{mply-g3L8$v1L(ZQ%aLG1_<KCwPyH-Eq8P}b^y!)
zYc3Z+QwS#aT|FQ@vbM27c0kDQ!c5SIY-TSD#$e`tkbe)S<|dMF!~=xm$fvy4Q`<-w
zFLwi_C^-1t;`>2myIcW4o(3)4Z$&wU)i=pYn(`w?bL<fLB#=y!87y;lV($nu{1HOs
z*^d=cRu+{J3{Yu|)SHZv0f|Q~u1^x0RqfIRva9>QiEei;5~jbkXfEhg<a=tt>rnh`
z0kbWhvCH<;g398B3}t~#StC9Bvlt6c-D6bdT0ki=X$T!cVgx?SQ^)J<v!KlE_fIW3
z2N=^9qK0#?)$h|Q=hC&^lVjGz#Y)qw;)YFP5-Zg`aNgHjyl+&!Nw2n?_Pp@yPc8e(
zt2t{ExhAeTvv5UB6P)hcWz#+w^4%_u7uFGvNAX(_#b?4~`RZJr5p*CNb#D{07LVsU
zi@|PZzVC&*`Yj$UH+-nD3%LDEdAp-EPn~O?PX^BPD;oGGOH4Fhxt@;Fzh+6*A>{CH
z2>`JY6SG73GBW&$E)mvrFxWIMt+7ioOVf17%p@%(0JucSav2oo<V5tdS#s*=nFI(Z
z82Hb>mz!=B4n@4H@~5|N6Fg;4e$0Bi1H0<{iGG{w<^cd1<1902ft6QnELt;<?4I+G
zW~xt*R&8DquQ0X}fCXZSUs652kvY9l{v>G*moXEr>!h_+7r6HN%^Nt;pa`@ecqy5k
zHDRdkjQ%Z~{9r$KcG%0q`+$%yjOL>{Af_Kfv6Ee^O3B0V*2u!|F`AVo<bfC=2X5#=
zlhZYo<>T~adt^iH&lufLYV*I1vdr&)kR5FGDsWev`15Mao&tVpR2%A)YZHpg&dpeY
zJRy(?R5hk_iOFAfUU5}(<YB*zXTJHp)j&zcfpRqZ`(+&;-l!~!zA&Ykj)T|G$fHr<
z3}Jj{ml_=OPnOy^Op)F&zry2GQAzud!VV8ycygqZe1HgDCxAZzq09CTSO8e1fSJ<e
zCONKe?$-~Xg&K>um5cyb)%aH$%>!^v$<VGmscx(ck$|4BrZC@MZi=rikOZ@qhRLzh
z1~XTL*fD!?POZnAf|Yi;u4R1Hx|dz%JkEdERZ@AJFA#D&Enmi`4#z8UxJch!mg4%X
ziQ8|Fq~e&9j2C;{kx;Ajqn?wmPmhdDlbnB-jMAT&#aw&1a|q-%kT=KS7U1XCpW3Sk
zL<aBey@5j(C~}1bUtRSeho|HeRnL*s^}#^Eo1i{~pUFnqek672$=(?WyO&!<oqiLW
zm>+y0O?$npu!t2C+@CHq8Sq+BdHh&rSO4)+8fG$beRuR#x<7+TK7VevEXi~NF1*eT
z`&UKp;RbEjbD_m2^7iGonf(~Vp0K5v{15;I4_TbLM5V-y%o5lFA#&~>C;)se!~@^N
zBj~M(K(uYaH)DYoD{=zON}*iJo3}0SI@fz`l)jjl&9SquOzApgZTKSyZzw?^>Vh42
zk0nA3%-18_ZmtYH0sbn!OuwlqlpH8P8nC08Mc&W0Q!sVSCW&xVG{Dr)ypc&!0-!(0
zl0Vrq8MbR~rj?!<YD|inDSadJ&H=c*11Lb)FGzU4(g^h6ma@6!8FQ<__H=ajWPN;J
z6~DS<Q=E5ZfFc+oZw^OP8BSh0vr&+ku$wtGDro*du>LoW$%fD|l(Ndy_;Pe8-#_d{
z-~j%d$|#VE%aX<2zR4K&nS6{fj5uDb?Enx;KW5XG;dEv;%IH+6BB}#PDB*PsKb~!@
zY%wf}Y1bnw&gKl~C|@MtDO7%x7X4jSFse5>JYu_hPWbO>FnjLJ(Ehev@@LY|v}%M6
z^3CaiMlVT>X8WxCiWyH$VV%`xk=nU_?s~5cJpOQR)9C5tKEn623=Ewb>1$U97G<J~
zwN~P~NerKUSWGOwLUONU2aw346X{d?1Qy`WzDd8z*Qg~(tkC-lL1k3^zfTs`G}?6l
za)@j?uQ-$#Q273g{4@JjJLcVNnJ&%_j`UT*0#HT?zR~Ia6~|ivUm$_guBJ<ACjBPr
zz(-U><f~=3_uaNjOev#`F+QL3M|M93&1yKQ*DO3T_C<$Mh=PFIsG=-VKhY(~Fa!ks
zOg<3xAgATxxX~a2pHRHqT>DK#PR*HoXV-`7)`oiAFH@xK(g2j->53JMH~@^gZUNnH
z%{oz8P1ApZgQ+ef-?);cSXg)t7Xh=La2Fi{`Y7+JP3JM>=;>0IfzAgAdOeSD7Xw&%
z=wE>mcwO$NG*st|+T5s{eGwc}lmbQbdeT<+Q@#Enabxsq!YYD9P@eafi6eNWSNQB$
zr&L(_A$rEt{zMjF<s^BgHVPN%5$WDzjF3E~)DL95za`!<ikR2Te0egb-4er0tz**t
zdNtX~$%wMT{bk`ApL8RF!&EVsqJF8>f4d+xkx8S9Xv$TYN43x*=gjq<Yt%o7$G3>;
zSS!@UbHlMeW(c~_W8J>Pb{p)KJrFv4((+E9w|fOXsGx9Uuu0)n+HwOl3IHHgO85Xo
zKR)L1PI>Q=`$%$Q>;iE92zbs!S+POLp5hsHv_?k4IjDv)ZJii|1PHY-{p~Fl+nXKa
z<msbnTHhq(%~_(yI;V$XId<ds$U2;B@=&A<a6mc^nd4i};rymS)q+hZ77Z=jI7MHc
z435tZvjCUTfg`vZnQH-bID6yJLQlq6bMb$ed+VsGyXJ40?oJ6w2}wm#x=TXoRtf2n
zICO)6bV+x2cZswh(ji>}(%tVqUS9X_et-AxdY)&!>-pndi=_vJbM|-dnb|X+nfVOy
zw{#eLKOOV3CrAl0jOBs`lnqX-7?Y(FNu7773Y;5K_+c7s27%wRrAdi<6~?L>T%N0b
z*`IGlR^YtL>8C}d2TWPMPqU@XMj1!4jF}<FL-i6Z6yK%lyf(gSed2x7B76Cf;!WXw
z{93~8yBk*O+;r>k3{W<&ck$D(drjTQD0XBeH$O~t#b)TD`g}j4Dd@3>SNxF<zvtIw
z24mTw^B|TO+_J~rO03M^gk?=N{S01hogDL--^Gx1gwsR%Hy5F*EdRGE<5{5UoA2@)
z$$ckmp98I0I7Z3kwu@hWbP5!9?sWPE9mp!J>nO5nfHAR$I13MObKhlsSHGFCGIj!a
zrN^Kdhr;!t(@mkCjw~j{UFY4%QtB0qsb1t)+9sDK@jCJu+glo<Nku(mCA@Ual3~(I
z<J^US*35}bR>>zTZ~dQOJ|2s1mh;tExs}iqFb|eh*Rav}`J|!sLw$X4&*yb?(XMl{
zkftFs{^}lyw<Z%yl8drdvy2FUI`;;?&T_`mUYPeY9}XzGe1F1SnD7E<x5lXHYf9Qk
zMHC}dU*c5q>*H_jwo#lsUwV7HK=rvdQEXqzSO7XP!gGnyqK|o>`sP7|rCzF!*c(m}
z0Ls`!K;wJV#|Z>oJMo|&p99bjYh*|1kLGNgI}t~DBxl3OKox#(nO<`SXh_to!y7Nv
zz!o;q?WX?$O39W-GR0|Z<ks*=#(rW0)qXt|U6AX%^J-L|E#Zf98aMWLJzh67JXKN#
zqf}!*=H*Yr@XI{qqF-1ClS8X?)tfmw<r}j>u})uI+|tSEoB~xv2C;5f3$n-kY|f$#
znjuJ%gt?z07HHPM2)G^*G<mj@r!5uo)Vfu=K8Do4`S9WD&93M)9%-H;lFoJdOH}=;
z7_}nRfcsN*?p$%DH2?k>1zBDW8*p_l0s>)9iv?W*gNsG43j1|?t+?e`P*%-Jc^QbJ
zL!+5n=TYSFvtn7fNY(63+tQelYm%vj%htL^1}JUHx^=m~f!~=l<M|*d#^LqKk5Wyg
z)|{))FSL4XWn~3}K3`IT^ak1o+^12)E8uwnLxjOi*FY#@sqH>%P*WmpYc6br0a-i8
z&%;dkNMT9yrgC5+<F1)9^a3;^cY#hGXwkyQ8e!Il#g;k6&-`o5v8hY-30{H;-Q2f<
zei2@{Po$MqrgAs;pE#sEVgF>yPD(84u{6HnXbZU%i#pByZXmAs$V*TvW~hup-_~gT
zEy}#<<sE-0Qu%-tzi7aQ6@of4(Xb@k4|V(x@)Mr0=IwXkACwgRH0plMWUf{mE^X|h
z8?kXn59>zaFOKc$HX?x9m?woA>|zQBvuAVI1$GKgr^*sEdS*C0cfWh-^m>^vKxTY}
z=eugCAYml@SX@%X0oUi09r@{u?Rxet1?49?w=?&#i!ZL|Z;dBkI97GC^SsGEXl^iQ
zXU90~NgE$F5b%QgNbw9yrt2I)_9NBO&W18}^O<NTce<VKQ^TnTgY3c<NA7}V9Olfd
zFb+R|g?_uwm(7MTqx9OpwWjd|)ap;X7IYOTTx^DLzbuN3O|k0K;u)Wy=&$y81t7S3
zp<uTM<i#PGZx3VmlrwmQUaUV0rNlLA^2jiKD-dEKG?uUM-GRAyIelT@rXQD}XSpd^
zAm!=roRL#4k{jAI$K9{nYeO1xDNR?eI>(zwL6rS5AQHlpm%r$DcUZra4hvjS!t_+7
zX-)U~4P;G&tdx#t`%llA<4dL8WAR-weqd}QWKuXUbq>zXKA-+VxUn7zFd=>4Il-)P
z;C+j-YJ%}b_8{wnC_J)=ghT_Vi8IeSs4InZ>__CZlE?vwu!y#p*8=6$kQ-O;DY3za
zMiO|7{7)256i~Svk2eA*TXn=Jlr$h`Yb2HzcC@ht`fvl|Dx6AMG*bQCz^{%kooz#l
zEj3U_IKOSiW_#Gc5)<7j=Sys?&EbmbdCg#c1lVn1lH7kte9_{#)@-wLDfp2W-Pde9
zNrWOynOQi<i!;uN!c_Ze(&?OS8a)A9|LHJXHxqF{lg$L-p_ZN>=;61@INll1-pP_g
ze}kwk@pdx>+D$#<`VC5kv~FpbcAX51^NDLm<HyDOfK2hAPnKe{@&d%f#8e!Upuqe)
z(GBwBGN-SfDwRvMxfJdY(TO@hv)AJl8S$Qx%r0Bn+F1GsyQN3gR1xHSaC2T6vPpc$
z@BI2P6nvRPLd(bUl~lT6G^6EXW`+R^%46?5f7@JS5AB3v<whi<UWM+yx%#CZu2QoG
zfii35Ja<Xz$?o_0)Ixh{X&)4EdjYKg_cN@ku6cD|m2;E0OygV;NJx^l)NOOu7lhSh
zb_CJ6q5-k)7QM`hqewB*$ruxnpjqW=)i+U`Yw4x7d+Ig%+zKg{=`>!8_T=gh6^n%3
z>MTVNSZFe$cCM$S9%a!bQfBk&T!T=CxbTc!cbYOSGd?TvnHL^CUZKHgA(!SuVJ8eQ
zEPyQ0$bNUqiwXf5IrPG&JrRRJk({SLJNzfKarDD1e}Ade=y^N(MsZAl*T_<)skxLE
zZ<WM>9B^tnq$$t8NPc~uRSJdzcZ|}72BhDOWNn$c*JomC+B@K#{b;QI%zi(OFHF;@
zlz1h$HV~(xYNN>f!E%mb%2iLu8*joqxCo0a4f$Q2h0<=}*!lfAPs&`a!kA_DUMm%q
zjMk&M)ARBMnL4GIGVWFoMU&t-{i>jEbt(5$t}r6Ot>3Mu3?Pw61Z`j*R&!pw5F*ty
zGe9|4I@Oecc8j!<!(kQ~(qOAdL_7s;>#4$wMf_}N5#PDRO2)axDntf@2p6*;kIj;V
z{LY#2fy~h-mI@23v;D|AFAfEd+W4i313#sg7I9S~jn=aWoTaw1dZlIUj_H|8IynzM
zJ*za8^^4CvY6=sIU|FmnQ3Xi9e|VWT8Us%WNB_dw>VnuaQo2Xd2U!kH8l6MhF;hz?
zJvr3h`&7;Xq?A|V>Lpm_#hVi1Q&|6aOYfX~6Id_CS{2ZJr$9{WU0#k&p&H_UcYF2e
zp_ujFUO^=(7tG2&fmM-582!g`{RwNl0@Q(C+q;y{$N5M~I-B40(@(ie1X-jo7obVU
z@p8rc{dTW66LPGbkPh!oWubx=#%J%&ET?N^`GpG<=A)br9?sPsFCHw@QdbzszPw8?
zFzI9ySfYPen*Wi6U*8lZmltH!-S4TMbpV?cKr3ByY?#2d57X)wrQ^3RBOlL#=h-Uk
zKo#6)3Yd9pv8T+;#GSeV9bL6{iSm1F_7=U8Yrx-p)(=>F!f0z%pj9CJE4QqCzP_$q
zY&S%BD9FipC;)LggLu`SUILF1n7XjBahw+N!<(6q^ee3wyXP^2d+n^dDq4J={revm
zZMH92f76p#D*0-d_oiRn>F|5a9$(f=d2aj7g7W07=Rfr_!Q`^-ZQC|34~AFol<`}@
zSSEz`Cd_W!97_A&t{-4+?mYY)^DVvhV$kX5_J>6!$LqSQoi;t<5H%*IBI+uls5%xt
z*^e|g-0tn)zaSVsiH`IoMGiI(FL{neeD<hRX`pGxu@GHSJl08^C)Ib=A|hM;G-c!}
zR9%D~3HDow^|c3?`QvuF(4YFHQRz$r@q%Oy4~}To4s8PfrA+7O;oz&BrymE3Q1yGK
zQaj)sG6}3~Yx$?}jJQIcNPmt_lvicP0^bvLj_D{ayNVy}M9^6z_$RSX;ap;u^TNHW
zx0pI(%)D!67ZIs=+euZ7-vVa8fu_(`Se#bV6%-qHg3_<Mya3M^sG-*RmI#F;-jN;u
zSj6z|07q?`UHvzs(kFU6uC54pZGz`+XPh4&^3!))MfL>W-Cm0W+Lxv9(1o?LUo-Hl
zs`Lr&?(R!qk}Pp(<-&qcQj_7^x3783Z?2ZF_qh%^M94}&>IcacHtKYca}=fSO&8LI
z&ZhArI{SXtUmlL?zQnlIRn$+#ntsU0vAkkYMko)`3q(H0H^Td&^nsYHnjmUnJ%oTA
zRjBPUfQ6^rAfS&Q*LQ7cBc3<}Fx#*-Xev_bW%gpB?b;$`rhe@LrZW(jPI!>zQ`sF2
z$TV<U&lY%oC-imE5lyUITFeuh2L-DSnSFu@na>v12jw;VhGihL^Vb;GV2m@44F+j?
z;`5YdtaE%yG6Z2<r(S;%B7duo?zL^Ew1<Z(nw|&b<gIwHE_&}pn~QQY#G>G`ZY~c@
z9|$-XXR>Wo*4_ix-eY#hOBsv_{r)gX9y=T9D}bg&6ggjN)amkNz8RaF)5+Pf8j&Uc
zIh(uFJW^w(f-Cv{s?t#UWp$6Zc)UtxW)kL$(S^%P;sK=RW=m9YOF^JD^HCA#3>~S{
zb9?mhaj1@JFddNZx%}r_{!ZoJ?il*ojF4QJtwYiTT;OEjO;>xuGL2*dZp1fIr7$R^
zBsquEE+#t9lOxjDE0k&PZ=MlPmg^LoeOvJPEJ~Q!AJl3ahn4>H*Zrm7-120jikROk
z;0R`#=9*{q2OZi~xE^VakLT*uuxJ-Df$Vrt-!X!MW%^tzW>%R#5{KOb&1|fTIQ6vN
zhCUQcE*ElhG<i~NRmKJ_vPWl(kJ=^Nd3YP&aN#Ahd84;UBk))StQC)DSzl#KAH1?a
z0nVnO^(k6|#};|R<%L*h2S*kbO$e@!-H`Jt_0<)ZxW`)I{hl;LPKD&2VBu;9+xB+t
z>5&*<MTWoMl(0c7PZq-6%XrLPTRhTI`m^|XnR{1WB>JM84D)n=VDq>vj-Lrzn5;F2
zU(yl*B|hpKY3wdqLj7fk!ADffcoc0jP|y389CxiR3aMd)b!U0@uxq+^ClXu1P1W*}
zhAo`QpKAb6m#l~H8}1@Uz&07IQDkpfa`1nG+_$0VT&?QVJgB*I|L}%oQKUNg`&1Wa
zx3z%)di}w*)N`Gla=|N`oeK^878$@;=Z-Yg$m`xqcbs7Uj#+eI@~Cb}>9(TQgNtaC
zeP|d*%YuM{S8mwjP|^TJRAChAzrVRYE495GrF*os;fqGdBvv|Gi}3Q(=>5g2^P_o7
z>hd!A-J9-X29e!aNB_squQndxJGeRR`vBJi^`=<87>k-3?UI)Q6#}FIiKeMQ5B`x-
z>*6jv?&(k5xJAT-a@|1P0?`VS(j>8F2D)hVqwm>)=%q>9N9Ap^B#SDu!HlC9QvOBg
zo8LkmLpE5oMP6r!-DP38BCyv6R!qB9R=5r^@%kObs8@2xSlW!{6jI?tCoaj#Pzk)>
z_}JtU);=G)y9|m>xxRGw^mKaPc?=~z;4-S|%;v_FyZ~M@{JJoxc?rmPD<gS$CvhG)
zO7G5vrI2VYJE(=~CEe0aC#_87y9|(#0CnP~ZiglN!3~9^W~;%A>fZf`(*19B;puA!
zv>C6&5A44{t4_8%JB}l)7Td!icYhU~xB+07|IYN+?9sL4`tIe84y|y1h7;&Tgo6t~
zc^~4i<gH6nR)|49tz<f-TAz7VjH-VUUWs3uLLnK=XQo;fYT{WeXh0_S!W{v?H9i#;
z#oH^~tL0^1aof|k&#X?7dC&tR;|Dqq8VYzD>@S$`Qllp+WwTYsYZ(=u1q@~;c37kN
z2!pbe@KQdcdiF(F9(Eqx>ppBk9e_hD|7!3&#F%1N?`r+PtKh;_xMh8zr^#a_Shgxa
z=z<o<iV#*{{Uf~5iwAa+YK!H&jCgz#hs9d{5iB8mhUXNqgjxcYuCK@ao`yzpiGjia
z&8}g7U0NVnCJ#&%Jc2s5|Et=ATatCJn}eq%S0-F%T{qg^??kap=ksf)y=XAXGG_)q
z?R-x<qh*^9>|>6i8SY&~);_bQzA>UX8sAW{-CcA1(2S3)@0q5YDTxSg7tXPT+cLn-
z7`ng7STYbr|CCsRSmr}`?<prMHT#tmMw##<4?oWP8j`ZOHT+xcvvqql){rSu{3!ak
zoF`cTLw@kYHnLCQx?XtI$G~Yg7|;l&mY)C48V_@CG`5q#_(Vnyh)}9*Ew|md(j*~0
zH&;_}+?ga~*USkE{Yvq(u_r9~1ODiVsNL<AqvcLR@FZKSeE=HaXT&+VEEd+h7*rYU
zuL{BP!McwN8FF1xK#yCcoPyoGitkwAYLGYgM1QU`-{|lwBCd!?CX1~PBXs>{U|4U!
zAn~x6Zi$OnFiS#QIpD+CV_VGt&0ci8FH6B4fo{`=^J4MPWIoH|-BNmL|NW#}<9cAf
zUXpjc8^yfq#vVpM_w@@Uv(~u+nifsgV41hNpJd+B5?cnz*DGv3`^&>lWVj*cDV(35
z|JYoLDlH+g1h=U9L1E*(Ld3`S2?m!o1hO^}8wV@sJ9+Qw<@2bRi6gY3$SX)`)#T0P
z(Yj=dzKf%%#ccl3zVkH>DW_>hncQlA!02O@wh51^3I@;p)+tO<Kny&aH?#n5=bXek
zbw^|i$33*%opB9mvl|EDv#;0qY`cr4!3jQ1Hm&S^x*V47bSqPJ!k)g#`HG|rs2obk
zo?W)0LyM2XXv$J~(IlDFiOhhe%N2}du@-IYGah}q7SAK>|B_Wni>aCuEZg+E;?LF?
zHv9#8bg<|a5mxVz{iCKrJ!l`~V^K$4d(TlAsicmRl;V8inmvBiPk!U_Q?xRG1V@si
zZRAv(QNK1%U6-8wf`)FzIz{LWRsU9hIV(!W<WC3Cc{zPK#j?uMA2{L9(E3q=N}$O+
zn7%*$(8A(A_^SzMU>rAal(wN+wmSY=xXqZ1`s$2Ia|YVCI0fVDW8ify?vDJ4_O$5u
z`f9_kQ#??t&HZxxJN+G~X6`CUfA{H2F>Og=JLC@GqCr|o^yHOc;n~;?S47|F&QxJG
zrYD!|XPm+#9KNk71J6K@>$9S_gzQnKeJ|ocBd;u}<j8XwAa)W-6rG`XfMf(-yWWfz
zY)^K+UKj7aMXEs%@Fz*L%sh<ymPF}I5->=9t-Z8}daALGH~z5+gDYpdvBbBXc43hP
zm!NMA>*4Gp;@=chpD12c7(>gG4I@B%N>2pc%^%B#eY5tg|2RV8^GQ<lzJavB{i8zK
z4Zy$$T-*e%)rc#b!M|$i*7JpA-l2DfZYx`G3fQlqyhy%EEzv$_Le<alIm0dMc5`vr
z-k9^3L)`d!DbF)RbTdKteC1qazOB@gn1@*4^*EYttFB}5C@sp%9(x(QqEW1=j%Y2I
zi81T-ja8)55l-5u;14i$hxrOPE^5^5vasf@>iAP8aFPexQN<P4>4F^nYv!dl=BygY
z@2mqqgw`u;a}!ge>SM1^bc{(W9lTC!wpJgNlbY>kY1~dN%9L_GwrK1*EjWyFES{n)
zPi+a*o(TQ$sP+0Bn!bKwFiH_!()HtXr7g6=YZ+GDUWx{yR-lOsMp?5P(Z1hSu^Wm>
zeGlmUoZs!V3Mi+Qipdb_b~^|W4<Z2a+N~d}7(OCHpeQm|kzM@z+wM_`w2ESlH&2sb
zrrQ^*NC4X!6}sAX2?D#>)f2jUF!@r@<w(LvVc&k7F{%X(nE=sdoSZsX53~p1P@?13
zTW6T{OvgIVg2WVHighDFzJ0UsqyWWzvMEp|<#z#!r=)Opz%;j-oY*Q_cZQ~rQeWY7
zTt^aFHD=}F$w?LMA^wdb=8xzIdSt5p90BexKInT{@%xZA4et=qWliol`gQQwjIMme
z*X87+AcAeT5<=oR<cv?NuDu5}9C0DU-plOFk7Cx=reaug?bahjCa`Laqs%B>u2kab
z;Mfu|wVRAkqbpe#{W>~CAc(cv1d>+IdnC#MA8S`uz<qyF_e570zP{@vq1~&6ZaT9}
ze{MBwN+AS(XUib=s}n+((*X;nE)ny&gmp9g631kxrL8UMZ2yg(<AN~5yOu`!BnFJc
z5kvMHsR#-SNc~)k%d@X{JJ^oT%(lTCYHD*`^H2t9kLcOXu)_kfsilKaL>$kB*awNR
zxc-S>(1vvUntAXZrp35@n06$qwR`yaC}*NSWzf$sW24vx{n+2Z{*$iz$-@Q;S2!;9
z)PSpf_eU#OEGg*koUI8xSB2Lja|ku7*&xJ6Jf_}R0^fPcQL8_0^qGl<>41$0nT*N5
zV5@pP@=ip<p1O2yHTVZ{z&&mf>%DW|=I8Re<JpA8WjKSQH5tb{^lPV1{YQg|@6!q{
za|S}oQ7|<DG?`>6t<LgUQn6HuM;@X4^SWPVzjUjl;AHF+N(O#kz^t3B3UQ+J*Qmkn
z$kqOA3C?$olx)A|U|EI9OzS+veKymi=7q&$(g`I^k4wy&azs`+wx5KhXV9}|8Vx-+
zO`{PWh&@Rby9_Va^SMtb4n+}8ysR;~na#eh`*;uH*|H#tpwf2t@-2R|8CqY$Mvwbp
zpX26wi&0iYOIG%s`oDQTPWHX<{NHK+q<rQ|peq`t*w4q#&i>PTBXB392VO&iwK3(Z
zK(tvaz{VeG1W>d7&XJ%wSk2b?0ct4=ZpN*<`4$)Wz8aiX`A3_xOFtG{B;_-AWjxVG
zo3YJOuJ#uZ>GKjN9HZ(=ofkZmKIISJx!;9^hx@2xGDtQ$FRG-m3*t*xrC~kf7X?+9
z{u|7v{L@3pJOPt*@7FlB(#mQ&U(nCBw6^-6ZQWj<cYRFvRDLJ>OxSGE)aSy*)tu*p
z&3qFovqp)?5EXy46+iRR{)cn0;fSLt!gqtgkqk=KKKGm)@I}Wgn*4Xa4u6|Mi(X&~
z%_oa61>HPpDymOzmkTz(QC#!~#cWbaUPpbQ<@)XN<)&;2-UHetaD3we!s7|!;leXs
z7GCYYE^p>&+J8y&2w1A$U%q+fdfwu$Rebnr<C*irCpZd<!ooN_fb7Ikc5Ax|+)bp4
zURQ^1ke%K7&PCyl$N<jb7@|YT(3&0YK#XsKAeUO!`?5XVoW$}Jf2+uTZa_H$;)$O%
z)tMW#bi;Og+8bR^7;<+_a3&SDBuko^^%7o<(JcPCbrV2Y`Pr9}g6+!{vp0&fiwTBS
zw}l!q=-@aeeuj{C_MxhT<;THWZo7}BYhNC(4TWjf&!Hz8?tl4QBwK8(_PB`@MISJq
z4wjTEAJ=L}mKT&~vLw0-)NSy3CTy>o^f3y~zzmEt`)MMH=^J1RxaZ#r3Wu1mDcLBD
z`X<wAU{QtXtdqs!o3I*lMI0*c=iVkP(cIaby2#^}I^XM)&Y;!~F_gOX9c`42NBGG{
zw@I?#wj3q&VGp@-bIr9iI+X<H@5h3on$Ro|jQa1lr<*8n>C&S^iLY5k;#3`dpuF00
z6W+^Tp#;h9D1hFAxq88jm{=F4J8VmW6WzafHL;e=DIpou*W`Tkn-7Y&4sbc}YmQA9
z<7mWvi2nWXLLe`DaB~^$PRM1MI*q>BcdaTYg0M>ZdB{>lo_)5~EMRMavqFoK{mO4z
zbqER|KA*hQMwhfoV0=kFcNXC9k3e;-X|(aQ^&zV@5&{CsSo9`)igZ=EP^FR*o6bRY
zSd~rtwPIv=@X3q3&R1duV=-OvygckS2O`n9RdZCN{d&O=_E)RAKYnz;^CSiTa3tn&
z?&o|fml|5k453|4`g$u#lISaA_K@%Wrj)%ZYLp;1&5tiRMshpL?uFvsFYH~H8|=Cd
zk5Lqu7BJfrw=2aB%ezJnKd%|<u32evdund`SBP6%^g^S;h(jA>6mso=+KV}rpFVzp
zVvY93l5sVi^6y_lApTTjK{RFze8f1)2xx?CEN#>u$O#B@1z)D?YUzxoc-+NKUuMSd
z(?GC)W(<P_smd*u=tjY9<xTb%2~IVSr)v8`5+~>^T4)qY`v!7cq4JIEaWBLZSalQ;
z%4r|ZPUqx&1+_UZHYKH{lRv4*m3?d-eRQX~xIUQhy=FaCRV`KP@Eha4O(C2PLv`)y
zHww^p)gnAtHqGH_^so-fhcE*#Y;kQJacyHYw{1UscT4Z(HRcLUYrb0cyQ1J7wE+}4
zw8nKBa}N8xVPx!+I9Ve(4(*->nkCwJEqHi);^j(iA8v98Bez37ccFq|9`Y0Xk%9-#
z<NNuN6{FPRPP+FekJnhWLqbC&!<K`$Mv6`qVl6bWY9rK$2vanj;S{Yg6x56XpCS$y
zgq5WEMXckuO)M8X%(J^zga&6a?3w&7rxzfF)Ir<Mzt#!g7C|8pINhiDhKNHgwckIH
z-{B{MWC&4b?G)Z;mX=?jso=h&sn)_MvRn~L6rWl$2a#cxaY*EXkfe^=*ZFkZ8bb#F
zbdUq8dyXKC-gorBx%ydqsGo&t$H(FJ>7sC2PNOWiwI|~weSPln>~iPp1Z;dfZUwFn
z+R*oLlezFLqWAP%R+he@&)|q~sdi&LMpOeT8<S?L?|p}oxwTookw8D75ohU~XR~SX
zhmMp;n0K|{y*)fHAY&Up|1xu9jvv&YsH(b}1z?l>>U3NgEZ9-&^)T&T8J)e5U}kFS
z=Z?s5pdr4$w%6=T(wp-x{;`Ub%GOiPZ@d9R&&;3L)%^~+772a*qLi*MK(PZ9_q+aK
z0GR4!sKJxTQ7fmgiqm!g0PPISRdD@OW&2SiPin~zTiBOaU-^Yy-j^D&yge55Zzw;h
zMw~iOI4eo0YT8)SpTMo`{g~|Ue)&;kmR5w+WwzE0my07#BF1?E)ZqE%x!(JLi8lEj
zt3TiXgS-(F!o@AC$~+qp*dJ!N;j^1TC|TZ&<AWL1nFIp`Z!j<ieK*%=A&T>xHYnSx
z^2f<f7VnstBTPC~{)#N6ALcv%Ugh5E3*Zj?nWuEakbdSnntT6k!KFj`WzCx#I-f{5
zRMb{PF;qH)NP4PPS|-Nskkf2GM!EeVBt}Wt<}8|w6Png@8Y&#~pRBQuM8r@~4~D)z
z?bT;@>z~(8TbH&TjCH<yR{x&=_!oavY)Z<bmb<;T-|Fk)RlboAMuzgE_T9~=ayQW0
zKn_0Rh3%O-_u(Umh=?Ol9gHd)cdCXWP+5*<!Xk$%AP|edAgJO!7>rk68g%RK*30em
zLn?ZK`CU{*2jNIMHgCfN2_<_~F*U<+jKQoJrh*6o{DKITJYL6sJ&V>ZBPR+9oYw9&
zJA*g%!O=%{7=y_JKkRE%!?%V?-!JS8cR4WN*qfhFD<k20cQE^P&}iW(i;A4>GewUW
zsj?jm^xR8IY7F_uy%CIvx)DuKBlF&zKw*J{#W~=F!-2SHhjmcALlK$I$wtB&uA%q>
z3yV_`B$CKs+`qV(Zav>5Nz9f~&w%#X+j|O!QR~)>Nv*hy@mt|;^3R)2uhu+EMidlp
z7!+^sbFf^V{ZgG+3<OKuKJ!H|0+L}9-s-UP^dlXBH=h-qI#@;Z*Ols+9&ac(8DH!*
z-)H*<puOB~bvs#4z~2q=6QNpSf{W9URFTQVk!wzn;@|vbuT~|447L>!cBZ{pMl9xK
zr39@2#H?!hvndXY&sSO)AB~MlDMb=#n9uYNb!__@xC3KF!RGx>Ujks-2TWkc;PEyR
zkq=lgbkWraM)!M`?xj6`9q4fErFDAKm~d2)vfvO09*y+Ti=%>l=|aaMnf)5c`};Tk
z`n`Yu(>n+^62Aj%q-J*qISvdg^y|O&AEgDzgHcz&cPbdTL}?hf@~?(rDIDQ2{tD0Q
zmLlz}FdqB;`<wmSYX}7_A1sDX!sY}f^ss)v@jIx{&0J`Qf%*@`zYf+TXF{x?Qs*vX
zun1EGlm81MEKVOObp52Kzjkx|D`YjgmX>x|AFjjyd5=F!{A;1mwc<q{d)W&qyI@{}
zHU9NA`-tk=*-CrAWdaA%>6dU^iu@GpY83)3N=ualmzxJQwdJVVQ(lONiZtv$Z8rhJ
z8p0C<eKf{tu%zFg7KR^r+uRenTyd$Hg$u_XM1~1Q4xt#a0x2{uy*is56`Rf}*0MdA
zBnr3xb3p&LAJFrHLHR^W1yutMY2?j6hb)o|&ag~jC$&Dw?O=s0-V_7NDUIf>FZgk9
zVtnt8!BA!%bVAI}^m@jA;zZ^rj7<M<kTCtIuTfe?9{hRV4mT9A*=}-12C_??=oBr#
zEFPmE0^u-56<LZiE?y``!+H~=p~ip)|7X+wwR``1;q;ee%mkqO{JmIw=weX~^-Lcj
z=;J^dEBL4%gUzvd1mlyyGig4_jE|tNRX+Uk?SDU|e;wCvS<7VoYd3(_;eb6okL_!V
zejO}@@;@!oC*l7`ixgQx^hxkwMa%^IQN;okC(8*pwN7Byinb-*{Mn@cRNf9YID5DU
zz{=TD<NP^2Q(y02i(GF?(8K(ps!Pnx@CcmFQWy~ZqaN)cS7YA}=A8*XIgEcio!{?R
zgZO8s4=CWOyw20`W;F2rwwWGA1_b+PbY3II6G%&XwZWrMX@%+lhcDCUS4*haa@(yT
z|KkVjF;H#ZueoPjv-%?bOD4>L3hP-t*AAsrtE3Tpdrx(MhBc`@->DB>M;`(7P0>t@
zqC24~{JKMi;(xYfV5bBk|1xLr%*gbAo3j|GIWuw?lIp?>)69BV9Y!4JCnAMYpjA!O
zI=x57L_uNw^s@PJe~tONoOZ?Qw(chj4zO_SHbp}vIz-?wtmm`W{<YHo_ChP+_vbP1
z)WOD*|6WzcHB>{c<xE;Zt1&p&QzGADs>lEo32BW?P~knRw_-dPKLU!Ie_@qRc;i6K
zYByfjN5dfK%aKka|ARGx@hK4%QG^j+isRZQ%SHJ8Q^1}X-KTNMUFXF90PT-=>`YDD
z*$nyB!)d>-Gm*(cvseNIOZ*2y?g)}n@%eGg_n81Q*7~TNDTe5}Q(E6YHI?9Uc$G}V
zru+J72{Rj~*{J``Ej%MNb(+(!>E)0|59P$sT0#if72AY_u)5=XC<WYQh}m^<f`r;;
z*3Awd?{^_F*ulWD(E~Mg%<vHYDV<9r_ws1|kyE*Bj$X6V=!ODWsq|;Hf7IFoTR8hW
z?9~wp{g+R${~Ref6)>{MSrAEOmhULo`ug7^U!vgHBKm-u-IpkZfbd2Pv~kua836{g
ztuUU249gk!pWlS<GXR#OgIT_@@@vNHm96cQZgM^`cqA<4m{=7%N+EZVlb^VROuC=!
zuP*uGq?lF#qC@z$qp!DjiV9OelWeI&6zV1nKA#4N=u1$Bj0yLU*Va2v@p52^9P1wy
zP(&VT&3iIyRV^wA|E#|RYR*rU7n}(xz$JIorXGf87Tv+W??`u_!e=&FF05j2AFVTR
zFlSRO*>-#FWvOvDQLK@lVBi^G7GE_(DD?EHPdJ6392l>WcX0t}UO5oiBZ3INU8o2B
z`!dwj)Ugao6wSNpNH1Qz$N{|BsG_>uwCt}T73$HSJ*9p>#0=<?Q3;NwD>UjyVbZL~
z5IXoJe3wycp|KND`Ojuqn+Dt=Pq9jKwf#!}2>I(&U`<Mcj@pWUOY(WGd8|wfg6qjI
zaXMNW#=ULAE2j;N`VTGSgb=%tTJwo4Vtq)O{RT!wvfHcChosLPD&}d}>(N_2otH^}
z4b=b{@j}4F>Xe{DasYT#V!>#inNR0zhN9#YC2=_w=`VqHSEXBS@+{`{gpq}!%+*=v
zg4yH?cYP?R|7cDqB!FTVlF#}vA?E#U{^fwt(n$Qck=5l#jG&)nQS)S)9~A*{J<EFD
zO}SGnV4nWSUTSGw#>y63^Wk%cjH7kt5ik$f?CPX^H)PM+hnVLT+gP6<<j|hC%I=%q
z55I)QbrP57+K>vYK@D%QuA{9`kGrpr<>af|J~CjJ#6hlnT@JAj^v^V`y9?w_4tsAU
z{o$|A$Hog|b|XGU{x_5HU*9f)4rYW3qMl4a6tWk<!~A`nMbHBUh~Vac{|NQI$}vpU
zW$+MEXqT*`G^Eg5c;j&BBT2a(9?(7N8N2pyokJYZT$;#|lwTPX-xx|xpb&zHROTC+
z0rha$`@vVdg+Zxn{5KcCM4?L1_M}H3m}DvM>B-j}9Smy6^8usVcfg@u+T(FD9ZG!O
z2Dl7`&@eD+NcHsre-+z&gPkAi;YDA`IUB`r3}uPOr{2o9bTpc+0sS<=-(q^P##&>W
zkv3zIwS)6(X6DYR531S&8&MoPIz(wcgJRa7%{K35DM_gR$s-c!@I&cCeXT?hbVjB7
z1o4j=aYB9dq$iUBQg5L*xbAdHBmqhR!;)f@h6zdwZzd`}J(_YVf4d3sliUtwA!?sA
zmkp8_W2~{!QPZtax|1;_;lv!R92wm0iE3iCLhXq)QsK_kJHTeg>2^kGQa%_HK_O@)
z&m~0Q@}6D4PQV46^G&<rkM*vV%f1{8A;Htm=TuZ5KFi19zU8&HoxN2Z==8U9uckj3
zl@oXw$#Q}W$9~P+4CXtG=UVXKLI;ZdS~zIFjl#wI^928CH3U9@yW(uz&J<e=QRUBn
zi#&t6J|up6MvT8*pMuBKBsjJYVV#3p1oQw2T*?bj9t7v`_AOj@Z|^g9{mT<EX0{yd
z76|U`K^Hbs+~InH!Am2f9NzOt)EYMZ7ASXL_Q8Se(fRpQIwg-a%kDz!997w&4}r@e
zls%mI4B?55KHs#^;^^qu;{cc4mAbrYk2d4uN|wEqDd<xd$zdM7se50Rz@BEfE|<r#
zp4HH=j;OC4%zzdha3`{4>}6bUe#_#xeNy$I;&rFHcF&jW>HmD#zn?D@D&qO!;ucYl
zEs_3+xHHs7Ht+WRx&eU;f_~!sMkFQ5v}DIa8g?aOh@Gu2XE!2owaL)v`(HmU!H|Wv
zRvg{joSYG4N_P=J*-bFjD6=}mvq*3)D=W)sJYY0iX&A(dg^8K#yyy`@3LZNA{MU>)
z=*7Xip1iZ|#3y#G6rS{bYOKM%TpP;1V`_Cg4j38LEYQmJHiuL22A?7!AkEN0Pu9Y5
zC2R^<p>}ots%t3=`lFS(5(BSH02)vKABgZnAi}EuCBouR5q>%?8Tc7$hS<#IWRMVa
zm8hyE^|f&zrTVQQd5Wp#aLr(9*La=+nVmjKU}%GOou%YNnrn!9xt4;(R2kO?ofe2)
z`~v4d6fJV9pj*7_`JS=u{46Z7t6dcFeLk_9-Am%@e0*muFbb;%9AA@drEN&FdoYEN
zJJpL?jiuZ;NVJ#wrGLlZUDDo2CcfbHg=dw~;alw*Q=k7!!YT-SKZh6ZzTL(6`uRQP
z;)+}Fy7y>xW}`a<mFgo?243PmmW^Mgr&Y%5Z4B0pL$7sVxLuA2>c$QAo9tGRT5r#E
zh`LP15laO$=a>&THge)1Jx*?OPk}w1GHt!W^mi7fprzkn^f+CYa6J&IUn{yTq<ZvE
z;R;GaI?%Go0p6PH;7+)|-B@?18|yBwXF>g2%jzVlxo~W8eZCSo+f@tB`%Qr=%mSVI
zG9pwZ!?Xq(xwtCE@sRMc7hpbf9*ty(vZf|ufd5)1nBAu$BH}G`3@q)*q)yX1Ijc!D
zEOE`z>r%qZ_-ZE;kqKATXdDQi`a>{?JP(Y}iiwE8o^SLB!oyqb#;X*F12=lo-OyAx
z-G`C?x(5D^FaP|@5)yFhHJMjOtVR4;{#Z?s_fRvz*QG{Et_E1$^_X>39n|W2)F<cG
zu$xL|VXE}QvcG6kEn(RaZ?0^?mB%nBjRsMAzOF>;jUZD}D^e#+Yn!e2lBF!OTcsb*
z6h}tG#(u}lpsmjhLQX-BYW`ug{2IJ(mYJ<TK?oMEW}>O7zdg~+BPkKf5e(VYCdVY@
z?N}2~{By(pM*!;WoexN*LBKpR_RCN3Uyl|JRrJ-TwGZJbT9!KH=U5+1x<PGQGp`I#
z^i&~_B-ZcKy>C;MK0S$IQY{bx`g}6L%pPhB7-{nsUgRwA@0Uk7@6K|q+^??MjDn7c
z0x*~B(+65#fFICuG-v<b_9WIC;#8=F51gD1DH`^C%>Ddzj&c!-(x9Rq#>VIA<UOUP
z_Awd0=($7qU)bj#P**~HX*~~3r0&lnM8ZOyY*<-0hiKiUxUhRa<nq@MWsDDy!3<Py
z{%*aL@_h6bOVo<C`#WSN-G(Q6EfAk3=Y6)MuODz}3xOZ@)(b$mHI_54p4%>Y^TvDS
zy-1V;!WP&e4_A4xRbng0e8@sDXQ3z#?5Y~~Tm5?|<qIzLe~CN8UX?JR|6eZuzrx*r
zdvT8cJN9jCXL}9%M<*IWfZL`Qm!>}2i5GSNOh6qPe`|_&bGIHjbh!;-G4u*qm}Ha3
zdVaf!@6s|w{g6WG9^7B=3zKpfRWz_k8i0uw8TE^ksN5JdRer*EpA>-Ki31_=d-{Ab
zM0rq)KP+U&F$f1TW03psdE1L`Lf0i9D*lg+3ILn_M`ukO8ZB**vSOSm!U?*bWky>j
zb~F@g{G3aC#>mI_cnrM=(MQA5k|pfHQ(cxsdRRNV$%2>Jg@E^VWn4-4RtBBuCj!YR
zKe559()XJ@Mg+I-z+F*bHRrT49Ut_>;}P+`>3Zj^)^e=+N@IhzAR8Y52FjzuQ}y#E
zOC90Lwc78*$at(PggL~ZD9Qi$<&6x*F0@I2op<<`ofn7)+buZRfdNGvK^R<MMy-Wo
z`|;m>{$|M^-K7)09iekBU_`ujtvO-$7xK)XKTXYNYe*!Y*pV*+M@hQX^_1ZHMk!rr
zUu7_!wfhhZd@}6~->m^NLzvWx2)N8fW6h_^6oiC?R-Pm1!})a!YvY>pS>$*7y7ePM
zAEpoL_=8Xa4DMq2q%;`MR{6hw7y!{J=XMbMF_g-(P>3|<yY5K{A+z#dK_%^w);^ry
z`fod<>y0A|g*-0+xmf?Au=k&M>|3P$<>lq~i^KGhR=3CFxr1&_>rdUz(h11PUoa@9
zWPrIQP{TO`sR!M=B+v53CQEfrr<m1>BtV;D*2swRE#JDLwssQE_<BEn2pwtM>#x7~
znNz@p{7mw!NChfssi3(rmrbuZ7zJF5nKNED)?P;c3$?%o#Sc)F0XY%rZ&wQjAq5KH
zF=ShClOpH?y_o4i?-K2pKnTR96pe~n2R^fx>3ox8nWBEq6sSC1S+G+~;gvG%4X<R5
z02Bm%M{E7!U{Yx=s}A>=MR}_tXnPp%RZvpOo}M1#^tj^r^-SGMe=nBZzz5vYtY6-=
zwY449Xl~fu-Lw~a-Xgtq=><#w-n`$I-JYh!pLX?nC_oFunq!82{a?JgKRc$4vgz^4
zpTFAMF3<g;kS87C@Z7BQ%NSX@q!ZL7$+{FYguxFyvH}+6WWN5{um62$0sJmE9Hvij
zf1;-(YViC+4}Q^z|Mt87@<?iwsGc{WVLo{BL<Q}rn>c+8+zzS3#UP*gR;vdj4ri<1
zMc`P>$d!orz^N9ivjXxpV!NkPd-KhYA3yF_ufb^FE5x3RD*~;J5G{DSlaY21*s=MV
z(xufNK~}k-ayh}cak-xzaTSUJ=%RBT$F$e{@8vS>Io7Ud!E3ZXnrIpb1-1+;LNV4U
zS}p?VNN0}T{q{ODOop^i-Zm!`Kp>F7jt1L10ao1_@8Bw@cQRMnFUD0UOR|f`sVFHa
zn<IN}>Ory#LiO34E=>>dI7<X7SBW;Qw^&@3(=rkl&Wl1<S38Ag(o!;i)ZyRk?BAXQ
z6}X(IReC|lM)<FgZ3qfCnqW9ZWr8>v`;Vsw9N-jMZ)A(j2I_c2Xk<IQ6F@xsvT~)n
zz^FeONQtM%65so~oQY!f?f=hlISxd0Y2Blgln!9wBLuJlnifS(oE9ty`jf@hV9u;+
zou!ta$bIEH34@`F6g)lee?HJ(|1v@ZVD*o7rdAVVC4U3c7U1f$X8p*c4`4H3B@COT
z62UWZO2A-Gk`}RGCZhptYhY)lm?!QrzHEQLY;0ttNVC&khSgl1c7%WNznp;o{$gqQ
zFVsY^CF?cCpX22f0d@yV;xHuR_Y)Cfk_3Q-jj%zVsD7`;hz~(uyNGof?H^%)GV0&x
z#V%=@%-<oTfDhCzcgBCM0bm}m%hj#a?9fwuLJdv@{}FE#EEG+IDFEU1KZP#>DZrQP
z;jIbMAo%)srT`fV@A)w5;}SsMwIz!>8wWh$EFE~$-O1E=mY@!K`C3Gse-3xS&}t}X
zq}PRC_%~p|02LsH>F7jmTc5w7ysuxURgR*Ce^!~pAH=$PKLj5Fz{VErcY1J)E+#l2
zsr8JJ7W<zCmE|vNElrKR0_o2Kjzd2tiL>SbPtjXR*DrUXON8Vl-B*4?&?CxlfrC^`
zx)Yjb!2nP)E9v$B!o`mLYg^<iX`cRBfGsn~MKw>L@EC>Dkyc7%lO;U_i4l;EVn8@}
zed~{S2C_Q{`Xs$X|CreUE+ihfTpt9Tjg$K7{SlfaUhua36e@F1LAC*o-KzezCiefm
zr49>1j92fovWkW5#qX@Yz51Ol>ewZOfd>LnB>?L}IebI~Lk03(OL3WysDH|J!Jt4M
z!SdY)*_lR^P&@#5`)`L{5f^N>N)#74syydszl6YK_7?!&JwO7xd={vEa>F6Aw0`M`
zfd0>dGVw=H6o|I|hO&QS%N|4x4DTQZz8!;ttk{iEXQjgsysMN-9|jaCM>1Z6{YO1X
zll%)VtKLSO{9F1+p>SDDAkpgYI91!SzJdfnq$3n%sdF}zY0NJa&L;s`1M9`#3h*By
z=Y#PVbeJmY9mVoTp&OveHy>H6Q|*ro)a1u3OcWpVzm_^lt*D-%fDI*yjY9tO!~f}Q
zLH^jIZ$-qKe?yk$K=JexNVPwr`+#uz|MoJ!K#g2uEiBD@=<{{>am|YSpD7vKgVmA$
zQOSs*_Mv9l`pq+F&JDN2ua;OX51AMdjvc#<{1ehY9udi3h~{%Y7+S5rwF@4qUDOu!
zCc$*1)Ccw!@DdwPDFZgA#^);)$oHBkOHusMng13}f^V0!{#e{%{nwa(_PhY<3vij4
zK4lXCcSvrx6M8a`#Fh^*6eX<%9D)suz~tMmcX0m4Y5&1+aQdJ(A$WEYga`e99A<Aa
zsBOg5YUYxMW_bTv=8_qL`DBSCd!1WwNKlXt=dQIJN2zvWG;mREo?@^~D}nputXd2V
zi2({B!2ji+L!HvU?8Brv=4b0a%X&fwo??u7!2{{HF>VgXcA#2<@%j0aiSu=bNV6e}
zPM!b8aH^p*1c4L!K^u)rB^J;R(oU1X{7182Bl25Gw9#u3$^NKkhY(PbdiI)g|Bxch
zD2ht28K~JfN_#tFfOqM~R?H1^Eld3f1tRRT+$F7SWaOgVctojPZ=Ko=r%|Bnv*5a8
zb#!`atlx5%2clR_j8ODC)V}MA-AEKzxM65M*2U?=zk%G^G@#&*!u<FLIsxv>=%Y2%
zY;r#P5d*KG+)^EGi^2#0N;g1nt`12+gh>f*6a<2Pph^&OpC6a+U#_x+`RnlvFXrsF
z?;r4z)mkbqVqd*1{O~H)ohKL%56^6>EVagEOp2AbpV>0uwpoLq$49Kgk5~Z0H=>I}
zfY6fMalUvj14eXnI{d@|<4oHoKC74MCN4l$F$dy@g6?jPv9&ATHclKgm?i?LVXf{Y
zoPy>b99g39ph5<D2HWlp!=#^!gvjC3cj<Tib24slL02~x6QLzsWTq-=yjjU$AeBEs
zbjI`AipWaS=8}%WujBvaqZ}~(C1m<)rHmit;MzRfR9T7`5&aQH1H_3LFHNcj2x<xE
z=LRU}Ig*&T3#pjiEUtKMji0GFsmTme2{WlT@){f7L-=JB<Z7Aq)zLX2eNUKl>Pkc_
zvB`Nwz}#_TTP);6dEk5`CKq47Uxj18OASCSUwVB$g~S5m!}4M&^}H$CYdD2-XDa<M
zA74M~Be2%GzIw0wh~0s9*VFA2Ft_wclm>V6X9jxu5kRP6Hk>j;KuKw%ky3(#f<38~
z89#3T5bPfY$Q3XMx(XSfuR*o&RZX`Ms4$k8D(lv2*$X2+iu;gJu|mh_eCK=eL@?D_
zuUT$NDLsdOs=TqZLG;Zfqp(|7m<<nmN;W@RQOu7^bmfJEXqx$B<a@&Pb!3+=$MwzY
zskcg_dS}<6HjP?t{e#m7yQ5L}jJpehl{Pn<TN(>lqqW;1W9QNPBP&n+wnVj)?4Be%
z++<fv@)bJ{5n#KiUtD%Dc3=GvK_QftlRU+^d_*Tmw)$jG01E{x)7N-Vi<5e9%}%b-
zV{pZ>RJUT{&JUe1uOh2^mkDdLv+;Gc;%h*~pxWd>g3HLtnhI!e#qI3uR)%I(@)fl|
z>Sl^b;<9`Bz@7YD77sBzFN$GMjI8A)!tX*1LX`k<ATFK!OV}RaThZrwt*&w5l>Aa4
z%5mgn)sSS=u6Y1(IQ>V?R}Lkn@?~;lThsJQyEn`lg<_XS8$7Uf_nu7MU%pg4%}%DD
zvV{ZsaE$_ad%x)s>qr-k-(lX9d3ga(8Dwj;+D`W^U3gQ5z`s_sLs&y`K!>IrC63%H
z0k8Z~$Sn<FXoU-D7V<ge$VAKn7g6l9k%%M7wQ8A-o<y=(*Qus1xc5=T^~F-g+dtD%
z_vU3YbJN-KgRm)*(6{3@TZ(Q<c7=s2FcAZhDi3p!Ym9F2n$q7cYO1g9g%yhU?>TSP
zj!l_%)swYWwYg-D{}2W!fC8Odd`>hSZNckK29M4^Njf*yXG-j!faf}|s4*8rN4nfO
zIAMjh<>RgLKWE+!eJ6|5LiHibE(3|rI`-@t=;q((e?}5tJN@)23E84KllFBy1IW-i
zC5iOTt``{j;K&)mqs1ibPlPX5aE_tYSe?_<TFni=ZF~0aMLuW)(Q2{Y`&<m-TR=dW
z>p&l##BnMAUR2;n_qFK*HH*2Z&&(RnDkDN;!fo`W?@P6}i87V?w`&XbcJ@)5&sbCB
zd+SShD!(V<$LZAP$_=FxzD!VhP<mc-`ZZavKw^S)<)*B$n$c;ByV9UglC0>*He#i)
z*M)Sf`Er17JSEn5^iIf<T8waJvJ+OHboGgNC_y&zmRXI}<T(wyj+gc+ncSQ1&yUxK
zS+#lXy-Szqr;OcW&?A%t+z-4_XR$`xL+|s}5WXd{uq{?3npVeytjw)yll{qu+`%M1
zo8nt$#DF?9$8`t>nQ7`<X3hBayIXAG=yDq;*FFjDY^m@J(2%NW{Hj8k`fPN#ST!J+
z^`pTLmyR}J5cy{|f_UwV#Qc}2+%G@oy&Cwv<aI4m*>xLGT8{=m*|LBUnT>8nz40-9
zUCV}moB|j709W|x03c#b`c9V0ANq)xRTtX&ZEt)eGl&FhvnlNK1F}NH{hqAdORwEC
zwL#ju@fV_~CDrRN@8<pcz2QYtGNrbS{@ZlgA2q7?02SuL+AX-Hl?unhzYc$r#ACx&
zdh;%T_9f0Fl8;zaK*6#brbNNCUcT8r-2C*LUZv-e5#`u)-3;H4zO{zB6z0pn97=Fl
zCEqwGNpAG9PHD8>i=KF|;KrTlPM3z#tM1ttZQVUzN7}2xrf#a5c0|zM)ze5ZTISN6
z${|0v&cjx5<YsrbggE<j?hZ`7C!YwvfxD52PT4dNzvot5un3P!0fPO!{gRu@`iG|N
zOr0b1?M1eSp|?K#s2>{5wKF!yW0e;^(6r_YGt)i<P!flNHXu3Qbe`e+i`5C_yi#x>
zGfW9bt}-$xjz33y1`^6e_?;~Cx5nDl^@ppj2aqk40&wEXVFEa?AKCMJZ4l(<&UiA@
zSFarQ7q}y$y_89NGSDASvff*G{)%yH*s96t6z{OVu%r#RIH^QWvOM%cu-HWkx3GVP
znaS50^0Ev$z||q>Kl{{S5#a|{PAwj!0&4uG1%*<Z94CUKIa*(1nS2`R4bpBAR^A^9
zk>1Q=^IYhi(nz1JRIo_w+ho7BGufTSYv8qzPJE78px!$rd4jp9WcW6t>utMBI_y_N
zO|wcb(^HP;HLsj03ul(Om~`r?kAK98d0}35ysb0d9?v&tcc3z8Px*q#Mb@5d{<P#U
zAW!i6WhcivfMhwHUsJ9QnndJ^FlQs^bBtYsDizmRgr*_=yaWHCypEmb#}4b79~nLs
z4It_4Qo^yTL58I6wl)pAFVTtFM*48Oz6M4yG~!tPtayWj?^sxP-fd$h+)mE%;MVzo
zN}-PW%F+3LdGF@5f_!@UM*8Ce+3v2c(@Mzw&T33p@JZT<L2_c>PC~lZXi$I2LmT1;
z#zfNZjt`ygCPBT5$y~ivHl^o<q6^wJ)oYQC`ExJlO&b_-TI95adp_Tn@~5CUGj4Sx
zd=}d$fwq)(^>dS4MwA^<laO&TTsg_kR?iF>);rymLff+yHLii>bU(IkT@&`AE&a&%
zywp4rrU%v@OuA)Hau=2IFT03&jeX(=ZFHBOmrv#$6g6!Y4GG(rtUlHV^V1XvH>Z#!
zB;)wjZK=3*F}ZrOC>+ERIB|ujF)z#{rIr;TyvJ@!KHZ)UGHxY~oJq9?AT!769TWH)
zbB<9!{w~sSitvN=Xu#Bmn1Lvo0UML-`A3kn*}4^KedzmulvECrj4SJvWnwm9TYAR+
zuK!oqN$9WA;oDzB_VdY1@px-?jae<A-U2s)-OcWH))82Dx`%u#`uiwAX64VCcUmH_
zb%N4Zox1~626opfyByfp%Z_3@JxzL6;l*=lnK|AhwEJKlEx{g(;k(iFu-dfBlL;*2
z!?7zBAYNMnw@OG6MKU&>^?Pr^=qqc-9U*aO189C#NJp`|U!H2I9>dFxoC~sFyA#4&
z_Fvx|^$%Ym*Nrc!yeNrH4UTJI$e&OV&b~n3jO*iYUySeQ)`CaVD3Azi{wbl_ym6~o
z$zT5=XBLa{TfD${a8=_u+g^95&FSK<Xg9N3?%Y(_NYyu~;P>%&7gv`r&&WNATHUom
zHWhs|W?P$U&XQ$a#~>u1LkRMZ!je?VdgVp*-oc%6y;xgEB{Rr+8hI<EW{u0W{c7zQ
zW_KZ`mhw_<S{&cdz`lH2$<JNhYh<%H%j(g)kBN)V_6Iy2mTz20`Rp4evg*x_1!~{1
zFCDN73HfXc->R@<SdTZLI+`v<!TG^;pYFF^$2(OeIIviSE8=L&_0Ajvi%HTvS7)5Y
zJ6DVUlJCC#K1rV6dGGb<rjkN3S2l5)jl5?G+vOlr4839o0Cu0pgpJv?=)GR!{PZH^
z=k5(CC7@eR^O>3k<yoN#a63GvGOtXVAm3>~!u<_>lr*<C?b6<Ld-L&>wuhaYVC(&R
z|HAlf14S6--pq%!?W$X&Yv1%s)T~QqqV?Ph7251Xufmc8^<!42tHyY27L=tr+vEVh
zG*M3A{g@z6+AOa8HPJ5qV<+;dG<W-p(bQyT({AGXg0J1xS=W_xr0~9&bNUjec&cTv
z`0Eu`sWEWu6jKb%*q0{f#_V0WhvGw)WjK(-&*rr^10hG~eWKs6U3|iBFGuIUG}oL|
z8%spQQd{m{S2eh=%BQ#<Zxmf4JFh%_y+q{`BHRUr6uq$N+4yc8bK5LUmI&LUR-)-s
zb?Ei-yV}E>rgz?4)-rzp5zM|QIuuR1KeZQ-Wri1@7#}$7-6W|I4TN%8Oy+=0n+kQE
z|A)i);dof>$`#6$7_5!D{B+NxCWkF^ZZ=Am#d;e`kHhXwhX@7IM#Gr%H_mHTtlzx7
zsnFQf0x^p=2s%gi@?VAbUIV+5_^=!j{3>>{(z)^i_@Phl=mlL*KKLH{b1aL$dE+)P
zZ}hxdLjRX<EsfhLfR}4jS^-{_UncN<R72n6|6%N{!<vlWw|@%*L=*&66i|_dk%FWJ
zN+T&P-JPQ*DgshU_asJl$6!dq=<Xpf8U`cAVDY>Ce7@h`b3Fe&|8u}G?tAa|bzSG{
zJg;;>*nX^x<i1pP6?2kf7GD@DRF*CiR+=thsxBI@FV&sE?r)qnhwzYjv`{{~<SWl&
z5!cG&9rWdh@LRCWzlE^+R~z|lsxnbFResa9pugGwwvpABok)}lovHrOqmBgTPskvs
zgz9##bw4(B@2-y?_Ci7|xHrJ7)rGPr{hiClV|oKOY+FM_saM`;wAC(f*yy%c$^}hj
zja=T`D|wqY{dkn_5*>$1Zh5)-^Ir^VL|~mkFNLrlz|V0cSgj_uoVn3Hk~o6C%GW7@
z!c^0Z8P+GuOw<tM+{0T|w>J)gvgy99jjFp3F5o52&)>1o{LatkyaT8sTppjuh^xK(
zFkypQyJv%ZMvdPX_>-Jnq_b&&S3GWnFrJI~_lj>1rn7CG2ZHDfsgqi_cfA+s*P|av
zcXc_)h~D^0$J%<M{+xu_Bh*Y&O8xH(K1k;3&NMQGB=Rrh53VHk%iNcZQcaiGy#D%|
z=a-is4+QKMo03Dp4r786^{;VEEerdMoYwph#rm|DMR~=pPb?kfxP}rqi%0eA`Wqeu
zCDtkuJM?vLz%z347n(;s6*VKhCgd(gIZ16zFxQVy#uV+b{Eyso!+o+;?@g68xpY#b
z!#f5TDy2u1&e;41z_wxn-NYGR+M@-73tNi<iD%<=m}@)KkJCePo4hfVmb_&`6(4SK
zYvgbmw6(nxx!U5<$!OwlIxO(uxdZ3&nIPzvzmh4Ew$msw`}c3wzC;l8W8gQaY)`_Y
z`w|}4Q3FRR_)qDZ$p*aw02A{kAsohUBK6LYO*=Qu=~7z?Fn?Xa3t@Qavx~ws=IaCF
zOAV!*)w2i`RGN?1n!h?vIy?_ug<S(gk+SK0GkiWcKIX~rXmegqNP|VGUgK@KM9!Bl
zW(*7yX=7~855lWgIxLHBpsk%_f%wdCPr|=x^b#J&bu5y8Gy{cuS;v?v11|IaFVlZD
zyv^eLnFkNUfKukGi$_a;pU#4}Vo31$7k;}8e6!}_pH8g4a#A86y>t!hJz9URiMe&B
zKcTj!?+06Lh1<>x%Z-b2j(C%R+)MQRbZ-y5r$?P7qp7^Kl^Aj=gI{wUIB};p1%|I-
zBvfzo7F6EjCl>3JNE|4zwv-rG>5ro{)wHuKfBlMk`tDX^AW?$Y<P370um5A$()oiv
zZ%fqfx^pzpIAq>kQ&?-mQ+b>L$MYgQ89e;H?g7HAlXK0svLfl@P&|(qZif%9;#T(1
zpw7W6VBlia0e)3G<ENCzN*DDR5vRv)dTQ{YWZIy@e-7FAXRNaN1^2%1am`c#D;;Go
z-xqLi|D&{20CRaCLX+IchVa>p*%x@y?$@^N{`H-v3+c6m!V(?OI@XZhuXoCCj`U4?
zL3FIqNn+(cU(0cF@`Bvmp^6G(rDGFx?>74v)4TqtM1|{?Dn2Wk%Kg+83!(w9pNUGe
zfFI%4DRUd0;T&xk1M$QtXFX@yL}*XE7z<sYHVm%(jlRo4wK=s79+?i?wl>=&{0TS;
zod|PVL8`S7@KaC9V&}xhGJvh>^ZiA0hhMu#Yo=qhK8ID)l^SM2*rVu2jPE^<atlW1
z37>n7M#%<Fa%jV`np(>RDQD(r)#Z4kM-tzmjcvHo@ulFq{!dzlObV-SYq%PK9?m+`
z^8Fp9kf@y8S207=Mj~Y%J-&C>bg>uvJ@J#LZwM{OB<HEU&d0kX&K1zZ7p-h+fmwE`
zj0I+z>F>=r4sE<rz|Vyj>)(|Kc`~VIw8<S?Dw<^-Z0`U_>ez#dojljHt$ugI3+H>-
zUDPwk*upoT71rgXx=32J3EK0DrdoYN-w%<kN{;8AxrDwpi8)fdl8D4pAi29X?W1qp
zoSVmr-N9VTM_69Ix&;Mx;8!}hxJiDUW+&7A9LGH{fhmdv(YYlcim-`Z`$Hq<T^|mX
zJM~z+qJ59Ysq4ARcyQejkKVyCD@dV}jYT=I!j8MzFM#M}I44)g?1%-oBIAkIhVpEy
z*0jEXZTZ#9KleoA(ya&6axImo<6>gW%u;!<-rD4C2QnGYNcT-lRq0Y<Pmi03P5It^
zPk@pWaqkjie|Q=OFD5S`=qLpPP5XtH0B3G6?&jWs{eu2nEU*lBB2T|2gTeR}9{Y2u
z43z^w6CVJ$*mIAN+v7gc7F=!7`=knAL?m|5p^cMG%n=IQI>qnnW||>~xslb5b2?S{
zhBLPHskMgnq&!Skgk}DIQr8@6bNVB|c@?Or4KKE$CX{y-h7wxC^A0HdUI>`95aQzE
z`lVWNBB{l*C+q#hcebHbC`j`6s@-*fcfM<`AEtay8b~MG+|0Arlw-fgXDpQ#vp1g$
z<d%)az`{GHllzgQd6Edo;J$k&(WKHPmt^z{(R9wD7w8?(*hJPmB)ZBGmG%Y~5otA0
zwF`(N4L?dtP)FYY{SZ0oI(!j~gWPS~S(*cCpbbjDMUlD#6uYS1M#hIaM^r9O0NLJh
zGRvg(87#DpU?iOq#k|OVDd5}TxuKyk4m%RTrR6WaqKnBbpW5B)st66#Zthb=Veh~b
z+Oh5-O5s~2GRlJ6(@Fyl_QLymC;iay$j63x$HFDi5ZCCBFuRJxT&iI8_kVBSk=?YS
z4fp%1>L}YO^_wY5HuS=dT5uP7=2S_*Pe(2DP0=kn+*Pf5|2y33xfd3!%>%;{={7m(
z(qZ#LMB?C>I+MxlAKCOfJ_qPcMJeMhwPXgA8r(NL^6x`28OM_(zX<MgWwv03fj13U
zbnd%|sdOgqjoHoZ{w7~uCIr~xd4|;HO){nOFoWSs9P#hwT~4FVmkzH~!dXTdF6V+O
zTr*K&CEr)NOL-xi5|(ezd*j6zVR^YDyW0vL$E(_n9@8GY1_@1Ov6OMC2Z~m}E?Ot?
zzFF1B+-<XJi?ra)#ofD#^&PV`bT%+{RN{x7Gl$6{E~YnqJa8}KA)4~}t)CXpjbRM&
zoS}kMwMJ6@A9$y1`IO)P`NVD1bdyKvHooe>XYFmMMy!S&)BCKkCbcRzwvXY1#y$P7
z_LkRwoL>W_VJ*ukcI4Pd^HBrRS1Jozsgy)sFQGG>AG%RoWV$l{7>m^kni?+{%LnF>
zU#4%>^7iB?#2ziy0x>EtF$k1yD5CyaDGr5sdbN^mu`Dk@1)#n={?<CqZ2)xbuf%+y
z0vIpSb?$3Vh+Lg>MhuwIB)T6@3EOvTQWyg~0NY;8_CtfgP*C^1+xILI|J|49zDLS;
zEc?O>CGH$TdzYFtE_nTQ;C;qE-(PHZT<;Hv<i^ibxPvvL*CZ-f8K2aYd`PG~KTCS6
z@3+Al&@>5upZB)q(*vy8BTA&@hL9n9<!*;uN~0MxtjB%_d0gOs=j68Cy4RB7!$_0z
zcGjcSx)hC(@_7$Y!LTy|d~)f5Y`#t*E47osyEJGs-*<*R8PnVHj(AzWk~{JINg=ec
zn30U>qH(yJ!q+4GA4m41Gyh(Gi9a1qrHiLIR{y}7-cp0Qs0X5U9qg2zr8V(jz0`+%
zx}^_~H)cXqtYq%Yajm#L-k%!F)dz4}f<dhVjPVxFN*@uhv5tTc1U8yusN3hcm^%8F
zon>+ohhj?!VVwmS<3!1n9z<ndD!cRa-HlhNt`Z4RYH8xHpaBw#qn34P&SF?i%A0_*
zF*p2Z=t_E0@AS`0mQRw4ykwt$@(5oB84I*1|J5$ij7&7XW5ydBzH<fVTSLULa0PdY
z)g4%}@`zYC54&kY%~oD>@N@HM=Cz31D=c-&*+fpeg<t&Bh+_M}*0I-c*-wtt^`y)z
zTPC}8NxjkK^nxSa_9}hkkKFH=W2-OKk2(@vRx@}QBQ`*z8%Hx*6<U`4jqx6z@UH_H
z6ltu_Vxzrjlj;>IJ0i*sRsi>=Iw^E?jXzo18yL1Zo_hWGBMN)DJ^Jg7R<4)y*KNX*
zG4|018GbL}#kd2$8}QT05Ybr#dls{CRa*0at@yrHj@h%qiB0N1qv8R9{fVUc)AlKk
z^DX+XNKr}nV22!aN5dQC>)tkKjj!9--+E=y(@XX_;)bGV%|`HEG28;6>;7{))e=U1
zM0ZU}T8l*NL2BMxyvl!<|4>F6+-8)0;GEErZntviKfdn`e0Ix6;x?S|JbCuc(v9B2
z_<-V@L!Aa_<aVHvS~4MC?s271)I4ybd}#7|<cpq|`j+%Qw}i0zI(2g_??y!=77pAu
za^#|1GT9ERMS0^!W|3~`@XyCz<2uJMx|Ux&0sjZr<6q4JE;~s;v1U75eg_zFg}I?A
zWAbjwr~#?&C}Fj!spO66`I9vR%xwr4cj^anXYeAyTN6kGlM_+81gb$mb5wxbcC+0j
zZSeblFjchdmi2*mqRj8U^zRWSemn%HML1Ui(+lwEeqB}nq`@f?Yq6FmeF@lE)urwe
zM%z{#$Z`Vf=y-dXZlYG!8Y4S;T@(e$_?~i-y~;@E{`UIA93!mo3q1chX()$GlH^oN
zCVEWahV%kU>&fo72PYB0r}QS9*FLsbR`A9_>{?_?^C40C14N|WIsVFiHw%vOwYp!?
zT*f+?|CZ1G)@V)Bz36p(nQ?Q<8UY`or}>?l<<HtBkD+9`8KDWmcel3Ndt3hU)43lc
zUd$2G3b;_)UIuJr8@k#ifc6w6#BbJblQy9|95s&?b&@I}GZ!T)<ZzNO^fkU|DkbnV
zm0Y6j;ZQ;_mO>G2J)~a4DKJjJyld%L$z>7K#12?kx^@PxI7Ln)Ehv(b(9E5k#@YMa
ze}USvrUc=b$7JoCWT?qxlKflvQkffdUj<`pA!qCe1_i&ZW{-IONOR(v4_vd}-?VU|
z<tm<u?><-iLQ7z3Euk{LS-{5FVwIOHZ^WeWXH?C2I1aCO2EXebR!eFeSgN$|GYPe;
zEwin($nD?gJK(8yALMU@;98_$<ha+o{1@P@-?V-W#Z8#RO5&1yTn^O?f;l9>gR>lr
z1~prGewi2vd-v@bxAcTs9io0E<JoIoBZl?(ECu(ANYT(7?japPaNuZ&<!sB-ZS!el
zjM|>TnY}|u`0RYI+Ai@;0_^GG(LxHCu=WpMe{2BKM*5t3NCy>j?=SxspJL%zH$qka
zeDWW+uaLniI_y#zqp^*WQPUQC4L;`a*K6C0thz$GqcENt$0EP{WLby|kx=D?B>+8C
z7H-i`?TWO|(go^A&$aHW?C2KhM9Nq8I`Uts?_u``nlC3>_G~pDpey?y93AWmX1zVl
zv)|Y66X;O+RNy^FSAA!P!Tem3n<gckKST1(jf1K9#Hw+bf9R3{my4pcvk|OHtmIZ&
zv!b`gC}&!8vQDW>l1xxp0w#A?J_G)vLTpvuv-sWPAkvfhzf?PsCG}UZ){EJInO}Qx
zzOn9WeUClX?G5M&OLf637?so=&sEdKCW8A0dtSpQq>rS_$pd2jU)ir?rFVT^Xa;ia
zFU!LO1I1!BHa0p_<DNFrNOwwsDbW3ocOsh;-oLSO7P`}L|87^<Wms!CsQLW!jLY(=
zprREs3ovJW`?sI&=e*UxS^RS+0sm=`QRB@6%fi)F8;2dPliGE;zTQ2-`PeH^e>AY1
zP9>QDQ&uGRuFx<GX<<IZ_$`Y=NNM}^T1nuP{#2a8d9omp34reEWcX38ofi<w!ykee
zL1GYhZ6{#iua(l_)>b&xU_{+YKT{8ltiQGYY)SXYb$Idp9%<_uk_{(%e=0x?v#9v#
zvO;1<We2!jNeJ{(g4xib29QwL6<legRGJ|9jNY!9dQwFY*)_iE>xceaD~F+LSBxJA
zhpUe<vut%*x;ljQ`mDVWmNZ~!u+e(<*m%Wt01fI?5gW|N1ty7kJ-(5_>bnAmKHAk9
zmM70GKctA|)1Z4c)j*NSJ+Yb1ht^|Zj;S3o<o1;~=jpeQe(x`@lM^-9g8LI%x0A)1
z)Q#7;UOO57UQ2CPd&pj485>!L>^A#If;>n|uw3F`$;}fMq(4mY!iwXqh8`y@t}5|j
z`7*%dWhBpo@OcY=CFXgbc{}CLx-B2vTa>z(;ed)MRAz1769POm13Nd`1#w7%n~<qw
z8HCGs2`N#UflYozYLhfXm}c!^%CY>9WDRpN39;c|=D$j|ZW-{KJRFgl#?Pm{<(FW!
z#6m7vF=NMbZ(v&TxQQ%lhA;rJNVaVW>iL+jAY=L*=bU8))QtUBGf%ZBi_^l&5)iWl
zYRbdYPxGg0-xAFOr_m6M9(|7s&25#G=k$U@>C!wI**;{;p|u~RuYTst(pC}siyeon
zW>@wc9}BR42FQqQ1cZ^_@Hen@;eK2vJ-%ocGI2t7`*Kc6=R;isR7N_Ca5A%$#XX8E
z8-b9;Mo$Buwk4uCc{i4L5HK)`Vcfe|ql=O89h|>4D8VW4vrq6ZG-Ak6fMZ|d{9Hlr
zIU2(lm?1kw{Yc_tC@Su+VS`E5TZISWHrM_1c=O&rfBg6te}!O>dTj@nb1Ieu2?oCg
zj5HBp950-gF^Z)pxv;yONe2IBxlw0?!?6By-`{%C-|Xg~Dd#kx>{$$A_T(wv)u2A{
zuR&PdrU+e|wKW0?prU06kYS@on0(|zQy228Yh0>i3&ifUVVP9+zio*nvB?~@K!m1X
zqItGVcK>^ixahK%1BQU|mRX|%0w%OI+>ZmeoXa=N8$uh&-Nd8Xo=1COF01(?X8vd)
zKYkXg>gDfueR}u9!s@2OFZ9#NGR;NvGWB+ac@7;L&da0?P`C``_NnkeEcN&5Ay`7d
zG*!VP*-cjE8DU7-{=E*G2j0%g6i=|iG)s&&-8+w#8xL5>^S}n0qZcQHBEN#;#dJT9
zm3iuAW*D}r9*c{<-PdnnZvFkuE*piu(1Jzn@}CL1sU($|Bo~+f)07XPNo0?qBn6%#
z4ZY9)`*}-$A_VA-f8>AA=+MlKO>GuPjhu0gZsieByHK+;r?J0m%ht(J!C3Dk6ur|B
z3JT!BcbY`xd5%q``n=X`hlXR@+Mp4jt5>gSoTN3n-sI;NUgYmKoCKk`$_n@(FUw_X
z&dTFk2;OutGve>Qls|>^5*(!7i)93Oq4Z`&o$LB_$Xpc0gpT&3khl(=ta`7l2TbIH
z%q;rwt+8e>iM=GfWiW@hNvE-+1+Eoh8si2H?&!6)&@`#?ls?#-gq+|1>pHN{TR{kz
z5l>Rxw^3Q5j}r@>6~KUJlBUdCTr+2ntES{6Y4{iv|LmZh_Xfh9*Al3YuLRodu{6eP
zlCX&p8IEJ}4|(<ANeq1Yzu^%?WwxK%6aa<|0JF)bqHlCqm+k>ZqR^`qAuRw_5eCcZ
ziny=hhkHQzlx^gF?M+4$kowv&*Wz!|h5p(OEE>)Rf|Idh>~p}FS$<?>WZ56H*u24;
zI^WYj0Q4VSH+SfL8YDA>$Umh_?=pXoPm}Ok{k{J_7oHJ+0$3D{=ejPH1wkBsAMQko
zHhB6pK5RDB#pzryadMqb8^Fe#?r7ync@~%WC8gD^<bTXnzuME;p^_~zkxh$#{jIzJ
zSw|k;z1x0~{eA)@%Elxyt9@q9<v+6GTJs;y_QL>OD)>V_gvOHRPw>6ea*Mih=v+c{
zLm_E(;;Pw<LZDP!g?kMn$UJC@5eku4RHFhRun!JPCt|EY-*o+B-ZZ!}k_S?@J6O7$
ze|@inMV;YTI1{9oiM_2Ci8C5MzMGAl>`MNC1^A>~OZx4z6;~G5D~vH%0PHc1%kzct
zJjr!EveczTkCt@Vb02<66Ett^6w`@!jXQty{Z^ikWuLmfzJ%v?A)NwGncs4Yeo&&u
zr#3k)$#sGv4KvLpsv&)&Wb2Z7i92gs1<;B*^`U#8Z1#;o+zi@!X|YPr`YzxV<<-M+
zP#;S{j{U;<Gm64-LorUX9f}{}5h+Jo?=pkK!+Q6Ev#$<I*X~5kTPzwX*L({L|Hko*
z-C|Z0<9)*JC<;h>Pk?|N{m=>hqluY{gAiMf7hQzZZ$d_!_kmkN>3bqn#qT8hi)CL0
z`X**<J}6+-wg{^6yYsTE>EIePmnxG{_Lc=Qr26#J@5QRg6kC(fXFPb(hThYJE5@%(
z4O_*&HMCAqPr5SK-Bk+WOmv3(oc``H$sJg!J#!II_%*X-3mv0ANvL<TpFB4|x$3Ux
z+V{|)CBo8!%81DPvG%jsWSNG%*#F)Ld<ciHaMr<U2#g3{$jw_6{`7<<hR!*qe0?f{
zLW2kKU?_p2fi3$3EMe#aI$<b$g-Lm5NY1xU#nB%|9GsUOUn}FKLao!8wSSMcK+;)r
z@ay37O-xo;uXg)y3b*8B-@U%jl&I*Jd>xO1;3`NCh*uvCt_>csC<e{^bApU^fR1MF
zT4qpRqh{vrctlv$HBo&+YKw*qBoii15O(K~8oGJFH<Ozp>WO4@y)%VFL6p3c>wh`V
z3(KjkCC7o9`s+X(Dmm>TG+_bwb@P++?^HARTJ!E(e>dM57j+~^Y~e<_vBN;yw2R>g
zSO&^TzVEk~GM&TylQ%$!@f)%6z_n4f+6_Uts=af2q0ax)4}l3Wn{muo#~_IE+fz)w
z9_n3F5)fUt8ZkaDb%DCKTqf8ph*4vx<u$M`hgwFCnyld6_eG8nJB+Lyf^0Vzy~=@C
zHXUNYo)2N5m#^L&g^)QQ$1rV>@!lz^0G;PxJvdLEm;`Rug#`d+^6qYFI+xWAgrwO5
zzrtj2_P+x2;I#9+)k9#^Q{O)0JQ3Q><LM8GThEQ1Io~cLKRtI|d~MO5sAw!ecK*s6
zf2pi$XU2akuGg0)+P`57kPWJyIUN2FUo+m<M4H$}NbW&}$P59g!oLzgk3RZ-zENEI
zV{BqhJC6W69P50;$mdJ5th6duH$Lz+P1Yyl#-EJ-#8cq|RV2=!{MkA|&e!mFyiez_
zU#`Y)dPXJ=skgvXD184#vULUf!h`L^JM&m1L!<xE4-q~8!pJh^{`*0RLM`)<Ky{|S
z1O3cFy2oA<Ng-YfhV9AC);5?+wHlZGdgGigDibE^?Vt9g>*CJ+wu?(VHhV0SBTu!E
zCdnVadT&<=Lfhg3Wz*Mayp0W4-s6jEO1j`l+kHcFhKA~$!TSDG{6E9Nan5YOsHS^u
zHX1mW@Eex1C+A)P{)?m(oLz1-!nf~1sxiEN_y-lk<=2;{KfadW!&`8{7L-<IB&&nz
zsmz(TQp3anfzI;dOp)+a|CM9Jd6~4C38`Q<S18_I-S{E%$G~BWUNyD9>pMUX5(}9u
zLVaEg&=qrfNar3WU8Yuj_Bu$2|HSAYZ&#`^aj5y9e4!y{Sh;`_ZI6R1W5`YzGn`#D
zjV*!tuaXFybY_36hT^{1FFxyoE+*%X5$A)F7>)Cj-Ol4)2iuq$d+KXWeDWS66zH!t
z;W7O`Evnh~m!13LqKY{a5|k}tgZ*!G7sFpISvH>lk6o0U4#P}75(r&tpB=0APW=$H
z#L7OX2*X*C%v}Pel|1tm!@k7*OnWUI_)&!>Vo|+Fw}tcAu_X0#D%_05QIceVond|K
zwd53(D2&#ngv*>cN~a?Z-hOUF=H2ZXFgyg6Ncu0<PZvf3e+-Df7^xG^W6J5~2y00a
z2z&kJ@H&Pyz!xV_KiF&%$7hhRH{a6UVMtV7+;<qwx!*j}P!-yqc(_oW(JYrc9Y=S?
zeZ4<ZyXfXz2o%a<;H$V!u>*L-*pZe6z?q)ZmLTQ}NS(vf-(N4m*v!Eul;7$B2j2AK
zIA2|{7yRaN)=D59`?(Jf_YA~CqMT<~L19DBFUuUt*!^!7z&jyEjNCM<1|{D^>7Ufx
zum^@^69?2qN+QoUNf+sV6u;#1rnNmtdhFn`AM}b4GhzQ>VaoF>yMJ;|6<G#MrNMuv
z#}O)44|0vxe^xm8`xvE~3n&BsAVZ-)qhbzAV%H}8s*2uw&#XV)^h$HOFwOe3GpOl`
zF%Nr`;O%vn*f^#4ZWq;e2KgwJ!Wx!Y6ixfLIjzglQ_jazr!i@dmG3d)m7kt4R5*PG
zih=Cvz%`42do6SyvTOH`Iw;cKi4`+2!{aWpnFmJsu}D@pW@Clo3-uE15N8SE-hUAg
zTO>%$VTl9EB=UpWgTX4RPDEeIDKzNi(7z`b(W;~uXgymti!E{_D+a|0(x6>|wD@W)
z@}N)C%!KQwM2$PoZU!#()xEtJyTO^}!MYNA>5ioR=$oZQkwCGZLg3NL?@34)Yi<~#
zqQ8B+hrJ3*<*MuJD=}cMGz2{S+28QBTc<*;=_vnHaLJKyeShNXxh8KKVwKqoI>2mc
zDD1t|f5o)QiZB2D$dl#Bbs%8ygFiv#Yfe1!wBI_`4>`jI{l89jw=ZI%$1>FSrCM_`
zW^4U^fg7DTe)1WXe@@^xa`=oH8*2Ieg@THf@r3#l0umDwbF<WYcd~tpHqs6vd*7n#
zR(*G_zNr0(Cwq>p+jQgY8Szr#ZeZzB-#1ISX-wt0h>tpixLU5P)UeY7<e_e?Lj!*%
zcI4F^h;bUSKYSlZ2<*i7@d*fgRxG!?4-2`!DC<sBPYBGJAFq|I!Lih!Ai#eVfe@0h
z#?ItHhr{T)<9*)azaZgY_ZcA!&&^UM7K;;{8lUXHyYT<@M5p%=bsmW^wnVxg?%t;J
zaR2bx?R@7Dln)@Z%P`@+zvHJAlCV}}+Gp(-GS$8l+$qA=wL;*(M6H3-=vQVttW_9j
z7hclWkhhVO3DMKO0IRf~i)A-UDjd?zbUQ|dS$Gf3$ywv>`{J}ItNU-bC~ENyW<+m?
zo?g>^m}8!L^PHpRARg@*(psd4vFZ;8-&?Q-?eP;ml5f*<IsPbSQBafC)lU1N2Z_5?
zB9Q}Ew!`z#xdZ+m%If;iAK?W#^=h-)TbmkMhp-3BE;y9mMn7{qBb%i^^QX=ZdXM$S
zzlZPe-_ae|5W?Bu3(4ebPTMQpa@==w&zz^$|L9G-o7uj1U0P!CqcBzsV#dXEH>0`4
z_{EV2(?$9Z=+f@{mB*rScLNpY(q}M$4a>D`SjJ&KIJ$s?t&5KAI8^sPX7fR|aPeET
zfEnfMhzQHWe;NP`FCTHqhvlMoXp?v+DsW7C{|G~N{r);#;1zCZvZ2cH&t$YLiS24S
zUgM6muZMRJ|9u?bec#!&Z145Ad_5$MduWjI!8>3uO?DHgGIWgx_XE&hJ-=J$KDk^1
zjB+)8;jxUg&stobC(zE&M(KgSwjzCZc_@q#4iayX<Vevlfz{4ghlW>1sau3&jmE^2
zx8DxTag%o+{){!_H_rP7aTE?SU=v|f0UO}hhp`Z~5m4%_)Nj8y=K1#BatRts@okF_
z{0>tsD>=`GW-Y^q-wjRBc30JP4!13E98DQkWIt>*05YHX48>7wGeCx@kTb)tWde|w
za$ng@_1yRS{%yClBijd(UeyZo8aulhdv}7J4Q8&4tI5;(^BL4y#d4N~Zu{Q|!b8X^
z=QuJ?)Gj{T>$6GnwJXNv@!~tP7y%N`+5*?`G8T+~s#qn4zZzPt>aftWI4pA1I(ZP=
z>j3V)P+Ob@zDUV<Z^DLL80tLuRrkCi_FG84eV*FrY#H^nI&jX?m*9<tphhpSKhn3N
zKl^<IG0cv{t8KfW^N=KcblGkiMuP_FrQ8Vnu8}-@%vq>sZ-sd%IIRKDUXPhmCCkN_
zEJmA6xyA%Z9wDtf#6WHXRcwH{CMVp^vsrw1Nj7}*x<Q~ugF;XwHmxC`<%oSf)#LDc
z1Cn8gzRWP5`rcL`M+y=O+MV_~<>*HmgocIkK)5Eoe79$#D!c{U?*l!n#$4dQOs14|
z5y5T_0X)L<M1smYvC<DIpc5wVZ65f{!B_BCl-O-kZVH{j4qc>)3Q5#%oK5DpozwYB
zG|F~CUz1_24eL(NBmZIBdQKgPhd)A6Bg^Y%l19W#)P(mVxXQR>jRariD@S9digcli
z0T{^gQ6Geq2|irAcWs14G8QpQ(sd-4d3`xg-9%AF>#ik$mOpXpmcC~3pH>r?t#xD~
z+EjO7kM5(w&^LhT8)t&RXuCgr43J%C!qp#j{AzgiV1g7VGzhAShQ^U;dC0e8cN!R{
z<bkaThx3}JCyoZxZJ!YrZ-vmrU7}F>g%Lhj=!+*O8DXDg&p}JhqyKllArIiug0H5_
zO`rM#;7kYbcB;kpB)hx@j<qo0Sc^Xx*qtkcSU$A=HzUukMm;*;+anv|iLSY%iGOnI
ze@U_Q3RL}oIQM>E@|X$ybE2d-KiwT&H1|#&@>(N`ziZLRvPA=sXRiEHAr9`fCnhtC
zyOdvVu^wV(rzPpj(?jj>Ol)hx*ZvEV*>fs-eVVy=@+I}}Y5H9oX$$i#2(`7jbM(!}
zR~UN+q-^RKfb3{lIWqtAhfM!w-KmmSj6qR$-Cfay_q>l!2P9xG%%Gs;k6HRRDxe)5
zO0Id!%55JdO~VmFrNEEw%2!*i=)U0Nx4y6c4Qy(?h(7fKK%dxWPvS4-Q9Nbj4u5)r
z7lKkR7JyC$YGhZgd!q8+bY_Q#kEI4qztvTf=rYK)E^Fn1E4mgQ>OZ;@>F2+)E13~6
z+XQ|f>$h8bm!FpxbiB2Y`s9gX@|6ZJzNo9z<B=iBh8;H&|D9S&bQ3Sl{<%V7K~|J>
zRkZ(!k1$ue>l1)mz%7@|im%x&H{%xF^SOHJfvu&vrA8{(;1*`{evG)~&N?WB6t*@b
zMt`-Z{Qg0KfB9hOkx_gu&>;4~?mJhAT^oeHKy%+rQ32w7wzc!_`V1I0K_?#x`M-(m
z4y@2&)8@`lV-qp$<-Z&>Rcze<sG7y#Rv38yN2HQSZ+~L*pQoLsYf=_mPwNeq(8_oK
z9~8thd*Yp7mEvXy{emwd^(A{3#j`1lAp@!J$b_o-j_&}_l{xCL`Km=FRbuAllBoL{
zZnaw~albB-zfwVUWuUuT7j#Q_{c(h!@_j)!5p*BS;8Ij~bhO&<?Wr<4$Zu)?4cXcD
z1bAijzd|sVDkyQ~Qkg1L1-29TVpD(ThW_~g+cVV)Xlk=G0YKW!P-!8o1_$xX_5C;C
z7XEvGcrtFxMvAeRm^6!bibM7S3I^??IWR2`-~EF<Nw5AmfIAlZ9Rn{fFXo-be4a0|
z4DR9!4Nqf;WVT2P?yUe`h=hcXygCI!qCRzr<s)gWeF?2R$4<0H;`Pv5{3bTb=_(9q
z;nj*0#cv)5{}7lWf$xD>z+u$JS2q(si6qL>^mMwTnMCMaZ<T(0`)+azemb!=u6KR+
zG?)+3pF>67Wi;g_y2>v-n~Sd6O`OZhCDdZ;CP@G4ca-vPt*11vV<z4_4>DIx%e(u2
zm$dCIQDYt+kwsp8{l3M66Lm`aTM^`Ew=&0#C^-*FAt=RhDwI_|`#v*e;BfKc#kRR1
zsL3tCks6BwTDoYJ#-9mfU>v2)8>W+KMj`kfiRwTz;d1*a1iF|r;<#Q&zUtw?r-;}p
z2G7Ju02vq^&85A3oC4~IZ_#`~Uxfc>NNdMYkH#d90jXQ_AB|+6%^VB?o{niu?1$yJ
z1{A1vnMXP)h0dq<bdVHC`@P{Hx*A0*YmhthgN8JDLow(QO{biq|KY)L=1#HN8WSV)
zV4C0?{~vVn5H^VDuG#?c-7d~#*13Q<V<#H}ZFt82f_pFh0BEWy?P~X+@;1U~b>R5<
z1sp$Mf6?Qz=MZn4tm64X1!j*l6pv!Do`n)fl73{j$-oyEiyww~bp@_GU&(I`?}n_W
z<MIQ)UVTzP&!aPpf(+1~FHBQStH~M}?2wPfqIW2o2Fy(G?<nDWiz=Cm&B`WM*OBZ|
zOysc8N@tYJNmiSdrH2L*#VQ!d>;igYm`|%A@a@u@OM2G`r$JxhyJdT#DHHhE6s=T0
zJ*ChuP{7%YOh044a*B;|3~6Q^gwEba8mrG)0}8yqrP<zXpJtIWxsxv@w<>toa#>X7
z@<wHp&h1Wl#(=90se`}#<}#31Hm|z(*ojQrE_j=3U$G(niPUE<WIK*3f$L>tqX=yt
zaQ?XdJ%FYK1s=8iT<_%w0X^ej8>t++X>wKTdrggVSt}C6dhPHD>c^!omyZ+{8^9sp
zUW7_r>0&NVciC`cRe}lk5nJHdCGm!KUF1DsD_(jl=3n@(?who<%fT**EbgEsVQc?(
z?+Qx+z>#U~@|-zQ>R+M|*f9IsE5M%pFA}DagA(3yYIeyl8~y}VZW%4Xoxoa=7vEFg
z+uIAc#nO4@H)pCiq>+ms*XQ>CwkJ)|x3gq0JZ;?gg8efqr(pG7NdJxx1)4JV`tz`E
zjw(%!m`xFbsLf1jwP*J)^|#Xk=#y{o^wa&ygf9SoO7*nNR(t8$t{AQWh);RZgnsd&
zl_R<&ASIO*{nx(oS@5X_r>SYCRW?-8J3*(!Pyyhf1sY2K6*H_?jA!Y6xVA?|TPj+M
zUM9b{o7AjZolh{a8Wv7(61t-+#dlvU;)ho8+ep$>2wy?D5}R)2+1L&r(!F|%XW>&F
zOzITOM+vY0X+P(zmN2wz+_xtXgkCVn%`&i@X-F)QC~E=enl;^w=S|K4aL`;_vni`_
zUDK)4C>ITlwu&8Z8FyM;Hv_-tFJ3`%%wp5lZUrUIV&`bZUp(2@??@1@(KhL#H;;bV
zCmx0U=;&{N_6}}UvMnnKkjWHv8^2ef{1gX2eua{$&H4y8P6uE2i@ecuitX~RdUo5z
z>dQ|*Tc4`Kxw{Es{aKH&ujN-UKS;VNWX#?TC;WMLOlya6P-5{@duT$StX_ER$dp4o
zN{3XtJV(1R{R1Fn2X5T0pNa<}JHxE;26awVb)@rDUPu0IIc#kAqzv$?>CQvO{mC$5
zLJOpJHu^=N;?)fP{pH%izj?eoXDr=N*?7YI|MfMTYhRrIr*ELIl)F8gy?-9L>m|QL
zf9KAtHzAR?Gt3(j`+*GXpFqE_k|v@D7w<m*94&h`+#$(0G^c$DwBnW|`MeutD9)F@
z!kl1-Fi!n)h_1D*eGwF?ACxeAs+e8FxvzmV(IXY}@Bb*)O~~*iaRsgRG~SbdpOw=_
zzd1jlg!^RS71y%$)9p0&;A@CCQ>rHB8SBx*fHzIWVV^yS5$8czOLYzt>gsq%kKC2<
z`E8IflCvak`toH<PWL(}p2;L7!#P?uF0ptINm{UD1;MZXb7LD%7k^;mqjjmP4;Mas
z8>CAn5yP4i)|pJ~R)=J%6XllIpFVwBppv?N%Ku2lKWVa9kMAVj6_S3;<66eQ_Iz`5
z8(7YCG^zwjp^C{|kE5BqpYp4(1CYHauV2s7_|*ur+^d3Rn5lKB`|79k#rVDR02I%u
z?4m2iQ%=vuzCT?rvGQ77rk3#C%<UA&*!qLa`m^(;?mE1FiqAfyR{SfV7mQq_LW0)%
z;=}C(GIjA-`h4}wFF*>%MarB0SRGwp9IkS@EG*%<m2**5S6Kjg<?;S#X)6yG>1z6-
zIroJ)Po!)^Vy=B&2Jf%iJ#ZD*J9kjGs$f(+f@*S8$y0rzW9%D=UJ;U>Y1Fr*vR+#v
zW2KQ-u+`O^`<1H~BNDqu6WUSGj9u9;|J;_Wy*I=*Mt=bw5PXyjB|@iB$H>(I_=14`
zGkY;ZygIFQTGQPbSf5vR!O6P%I~+=!dH=$rGM}`r$R-0VkR0CeMjD_A?p;(bX;q#H
zTqRArLe)pI<T_1pPDY`!E8<OZ?{sr%&NtuYB)q*Y<oJ%`y8HUA+z;8^TND;IZiL;X
zbMI(X`uOqVJ-Q3ycl7|JKAdUY;XhxE7k?ZIoObE&6%dJRbLv)*S#AWMpF?Nev*8MQ
z)EwS`mh<KVsffsfIQr88a8&H^6a0%Yk|CJvdU6ihtve!CO$72D#QImW0$&9Qq#7^=
z%p$uI@S43t|9>@HO>|wvo@4rn;oaW<=UQ_5>gF!L)cH>rkLXL7Sis=jmgZ%+7^W-1
z!UmQr?<}961pv%=8oEsE?N`Z`{;>~5fqY!LANfs*>8T1HoBMK#DykES?3^N@ed8lw
z1ki{_%OT8_erMCzSas7A;(M(;gLK1jshTz;>Vk_k{%w?sEy=|lE5j{MFM%=ya1V4s
z!Av|I@P**Jy>A}l-8BadNoP`Hn7pw<t|HFO@0lvKvuakpFUOd+S5-rzK*D+Vhki^e
zF@T;o<ut}B_&JJ{t_v}E>T&b3bl2!^JUjPRvITF0|2H^URG)9!Al%_2|9}1BZytzW
zx`?~8F;YbnZ{b|lVbuH@HJJ7a2vSLQiU6*VfBg+$QF&&vM)4PjL+#&Pw~+`qtG>vz
zSr86Q6SZdmmdofG>UN=>FGpG;b<(8$bPQu5|BU8a(-qm`Qms<n)aJ}^A-`DM-~Pd=
z5dx4WiSADD=AzU4<v$a1Yje}~uAkI*6&q>rOV4WfA_Fr}0*h{O2ThTxbT?yzB}=TW
zRtf<wrfktpv9rx>?0C+*U_DymSCLR^iY4X9=XFn~y#c;o`LzUnMxTLCN+N3(N+Qg_
z+B6xm1DrO!Fkr8=(YV=n94<#yJ74Zp82}{QA5j_H`q&U~g1=H*taEX#MdFvt)|4&)
z_fGw1REz`6%JyF*d8pty>ulzq4LdX%JSANv{$eR4n(b3x{Zxgj0#y=CL*Vm-No8Ui
z0QB{=Z|%)QzY9I=Vy-?_;BsjQ{N4$*dVtUxXw*8_UNCU9O0@A$Bhybh|3lDvx_`-n
zATp8u?x%vf`+{a%-2jYyT}{V-rum=Y!`rFjhFSuclHQUZD+X*C%{2qB5CDf25718+
z;&PqvS>o(z24Vp*f|QjtZ*wBl0ZiNX)l_n`B-b?q{<4o+^aooD*f8^dMt7n7PPM!%
z#@w@IJbh)gM4m*O@tkWQdII=O&-I|G)>m(ik(9WN#epnbs#)g`s#ih)(2+cLm&xx3
zCdDB(PdWS3^S@mje`H7-mt(iF-vHAG^|X?dGlCcuI(Wz|JE--0JM`tB5dyfYbO-Y6
z8p+m~4C1JVty5Y)@P~%0OL+O}rM37RTq-fH8D$M65Z$7rSAbmMQQ&{ZY4AKoCF2(T
zI*_c#)pb8EX!Xj!Xi%H}jSqcFfNe26;b^O<EG)qNHB&MIKtz)7#k}J9cRAKp5|*69
z<M7)FS14=jr!q?yJd~Uk;P*jrpX9@<tawS_AP69TNElwkAgWO_C+1<$>ds&1c@Zl&
zpeI<(*{uyCYT_7ULz?&cSEL5+O#^N6dLJfQ_!xvB56&Ze0$$i7(#V=oZzRnTuBom%
zORytSTcXCzPeZ%(*;(H{u8gU5rNZxV90L7-A5Npdnr5LY4c;Z&-mX-hc-=!uH`O5P
z1EBI7>(7A<TYwEHc|ii_TVXuao85fua^*E|Gmct4WzjNx4{LhZ0$*la@HO2(T!z;?
zdypPk)<2xi3|}@|v03p>ja!?Z_ojeYvI7<$BXczBQ!WAEgv}NQJhPy525Q43*tIzJ
z*rEiReob+j8p7}3_o;sUv-`X9U;Q6SyJ#(0#>mj^-R0L!%1V*@u(&LN8DE3{PzXwF
z!Y5B-I&P5CW*citORb4#RR7EqVOo`{cVYG6AO)7YcRNVegfQDLu6z?&%X#vT#Dn&)
zJ@?EQ-k}HglBBnX$KyqQln^>CT!5^XiK{;+9!T|VH(Xf+m+|1&`xUAJi8Fl5{Hk4a
z6vp#F+GCgIM4>jGKlNj19uSc|7IgVqXNTPJmS{fUP+Zp6(4alu7%?iw@T!)}_SGA*
z*8ZUWfk8n&t5h>G>@DFtBz0Bta&t$AGv90ir;3nWZU8q+u`r(|hY;2xNZ0G+O}?_l
zUG%3tIE$3e%RDt^m>-vSIwuS#9|TmX3x)LJ0SCV3KR9o{UUy#1jkYSO%Seta8oUmd
z_wxD9O+Tb&OT(<OUY0oeH6;3`8@SZh*0<<YwK#5|FrZp+?aLp}8uV0St35!~=pod<
zEiac=!Y*EYQ106KYNAkW<UGJLc3JRU)Nn`G_b0zI+rMjWj#_qLFE{(12prU6mz8!m
z@#`kHbNfv*cy-I3r!8sE=HK-p?i0PM1DZ0E6z)&XxA0u`f%+Ccz*qgzYdL7a4`-75
zEzy<ke6kPQuBt1l`)*06h)rv;CPFJ57mE-*Lusv>_{Zj)-Ys9uY}@6succ1Y8^az<
z_!Xs!lTn2*51$F4uL8UBfr>$oO*@)p`Iw7R-|Jotb;3&lk|FqkD964X5puG3S>}gO
zz|tw5{&l_^(nrGz*IBRs$PfK^L7Hcah*9UYzSi{niEr&#Rd@!vJc~8s3pI>WCxrs`
z{@0U7Io~fl{&@upLEWh8XK$J@wpthS?-?9~9}b=eqGr+;lC4p=sF9e(oMay=^{O?r
zEh+5-4O2VS9x9ecbSnp0S!SIdZW9}kvn~rzXCMBUbjk(CXh>=^_@89*rf(8Y1rNOy
zKkH7tS}&k-xg2Rnma_dq`I!e2R6F1ruv)LgFFdL>{#924rs%fU9Q{7Bx-lyxyx0&{
zs8x`_D>+&6>;90m)u_&?4fX!n-Z43!dCDK*_4-9%`v<amG^FX8Pw;XX&G+|Le56l@
z+q1sbQBvOOi4==#@diumANd{crz)a^*ZY&7mPG}0Y6=NDx9w>JF?i3r7IlmGn*Lso
zMv#dbn~+&s`M_A2)0Z;mJ7aEOD0uCqDB-{)65Vns?eYR*P$X>~<rb_<<)2Pw@!2=E
zU4%EB@#}L=nRt6P@HTqwvWuZK>|}tA?%?AIaw7~(2;<Op&ZK4ofz+Iu(d>1eXT7}~
zxOik){pd%TfHM!U^YWEC5vw_0DgpAg37OqG4V+sMnRlV=JtWYL$Kgtb6scpZuPj4X
z_7ST)S{o)U$ZuG$p22chY`{f3AUg|1aZ{@Moc@9|1U@`i><HVE7}OH;BeKP<faWo>
zXv#c>Q(t0;FF|WH4{1Ji0W>z62u)U%y?RDs**l@}AUF0`$dEULKIYjVNag_~s`YJ-
zq!Su6QK`<L94&?+>y^E^rWv?hk-h$vdVlm{x|$TeItK>p3-r`9FqtdSDJd*AsZ*tH
z|9Ez}sPcStXy5`!8Zy;$rxGx!NN=YU2eqLBiUL33*0xJMec81jb^Q(}Ib#LsIml$#
z)K$nSil)+w)aWK^Gg8xVL^5zT2g^zOY+hlJ-v4#Bx4mfK(mqL@gQ_7$>`GJACtWoA
z<K%4NzZxytx}92q>Y3D@D=s2tkda2#3e*$sGlSGkt4PL{Vwa|%I+~vn)Z6*nvUnkM
z#ZVt?;-XtX*_J)8i7=#uaP&v5ROIizw`H!C*_|cPmlLuzU(T#O)L(tm&2YHu{&$_q
z5?_Zf2!B|6q0F2#sxk|mUhFyV#zEplWy?J0)PAeIzO^q=`Nm#mo6+fK1KnC9{WD|2
zJSF{VEYR2Wbtc9I>O!T!G0OO(SXOsM!a)BLKm9e%0$bZHcw+9_k+7O(*v?|J0d^b`
z;N1;n1sxLhxa!^-cioP>Ig-@VE#~=#l{Kis+(c8%LR0Jam^9jn|61G!im;-B3u*7h
zI~y-wqa0^!E#iI;_RuDt9ivI-dx`y%CDHu6!g<*#CSbH>vcv?j4JtdgWvT?kL|ELs
zsK-8+FI5v*5!H9=>%0Q|s?R3XCCBlf?|ZkV`M6#be`!i6qPjeSxd?hcneQn7S+{dM
z^QySf0-`8w<eBEJq84{Do>c7iMu21jRTbJu8s#747}Vp25-VrzgXGiP(~cZsO^Xrh
z3(l5kXoK-s3Qs?Ad)?W;>Z1(#*oG88UU&V`XV~T8Baid?WbWI$8~f(Idilq7exIjA
zr;I_}ED-nsY!fdyRKU7yA{uW0KxkEHq}gWEc6NLS=_y$f!qC%W^W<3wO_BSEQrB(G
z(#VO3nro$<;S9aPLsFJTCB9so3kc)WgKn1IZkB)z{W8=Fv(NtHrx#Q};|L3*2Df1Q
zfSKf~!Lx8fai8)EpOa!e?5w>xlD%Lb|HwNkj`x`Ap0qS^Jl1YwrIS7v)FdQ#tberQ
z4$3!S)fUtNZ`0@Ocx6h-n)Yaq7W#pnhT~aO<4_21@<fs+QH>=cG2Xq!ea;9~6rwPu
z3S)e+9syA?S|yA)HhXR~V^IEj&w1TsWmK8GLPQ)E2B+7WfXMjouSA6Nb9`AJd92%b
zUMxQn-Q{X6nv#1ne)~Gd{ch;qE4#U^__ehz^SY|R#1oEqV^$-PT{=Bd<T*w6SV;8G
ztI3Xra|9`HR&kQH-KVS3$vo@u>@8flAF<zavis9zxN6Im{Di$W<I|%1=FG8=3U%+9
zjD4PyS6Hy(>zKP8-r_rqtqG7j$N0EGHUk$s<zs@O5MHGg0^ATAIJM|-6p^c|b$1Ci
zwO!k{CHr!ykzK7j$KEnI`6S>BfZ7vI60+yi>tJPEaVugEk7<rifyb%KNosU_dS~f)
zRdYyjp>ea)eO<NTFlr9Y{91GzBoEbWcHhj1IaaCZp19ox%%0tqoT<z8a|TU@5?(;`
z=&t#a#BuY7==sAz;mV}K!4eG1X7EhPx{-IZ#+#aW<9ZzZ68#40IPkSJ`MWQP<vGD>
zDmq>!O-fIOcw}yW+}TL_O0$?a1n9^D%!12Ko6`l^6$6sa2tJblbYNilEl=Fpc3E#R
zW?=}D{f>ngMcgVfw*;ufQsOpdmqz9&bfi7sc!R4Ic{IkD{uNJHolQ<r(2=&?`cw@V
zlX{sw(=|{(iCE<QNj6hx-I>Zg*_L@yaUisiiGih%iE*;Gv3Y@Let<8@x<Ii_om~Pc
zWcf62M7nk_^C9G~5BbLNG0WD0<}av>>g5~zKRUNTTC&^rg2OnnOErY^d}=PGyDWod
z?c7A1Xm)T`mw_^K{m-d9yfQRP`ja91l@9^FJnj2PA_==K@i7m0#vaUP`p5#}xj~iY
z`WzM-R(zxQqOnQ9aXkF+#9(rQTb%TKbGD|aqJJ#<djFJ3IcYMzbD22SNPf9)z%r%p
zYwS{7F;k|=(DMU>G%=8HwPCSMnHYb+!qaMh5P=$}=}Bm$U#SoGQz&9CiLlK0(gXbZ
zKMu|ddPU59==$(zVFo_3Rq|O2^Yk%~aM{aCaMk*wE4GUb$rYPB-d4!2&eVQ~i0)W^
z%u^MK_%kA5#9vPuw{bk<a%$i`d5&p@$tA9JWo-@({#-EdGSEGjW^o`|N2WeYO>pp<
zi>@J|T29gl4a;hE$A35e@Dymoq`42xXf%8Mxci7RCYlBR_7**}+rKlpI7lxeN=X<I
zTPFVD7+dx|SWC8;w0DddrxC>^6-9J+?J^ZzK#Xp8ZwKme94?;!acn+54U2~w1ikhd
zZNlAfI~Ik>a-L(6Ad9wB@7Fziu3|M;y(gT9hc_CK(AljFxR(QJP4{OaI1tBydaL+`
z#`ucQv(W=(qubXNJ{@hGk5e2)2|3PcCBJaDdJhKA)g#VEb3v0OA1mhX35^&uRw9pw
zwG)kelaDq=-t=XZAC-qoyxiU{LvS}G9~e4ITJ+q`?k)wkY&MN<{4NLj@FLSks2D)5
zY)E+L*LBt@F?(KW1CjWRlwhyE_1kXp$=I~T*!LPIX$$(DAu%WA?f8+!QqLw;jVc}6
zCMQ&*+{r51w^*lQYi+#u&2!o%^g+1`-%Zih&HCE=Zrvt|Anw&Q#vVWSgx*mVNm$_S
zgP4ixj5JiyS1lcrm!21<L%mxPJSFE57aA$EtULs!DY%<6j(&z8>Nv%GX){}CARW$q
ze}ul&BT*1AFMImdoF%w31U-i5vHaWUsKEm(O!HJ`>UElIoerFsG;Hu|t1E@~C#!Ee
z<1T>gX&C)*JMjf$GKnbd=%_~B2(PU!H$-6G1F=?`q6?)Q<J9{oh&P#HHnQDGXi#m|
z9l*1&+aN^#-*39%du~AX{jIE!oBTx2sQlDAwDavPlYAPcz*sE}=?k0gV|81(YcbCd
z3c$wP)i_PnUy~(DU%ij^m2vociuLB*s&4C{zq-!rm<Q!)&dY7b<f{rIy8*SLhX9Qx
z{TOa^>w&#Nk87%lGHjaM1bk7$8|YExDu>Ncw~H=o5=0;P*%!#bFAxw~(u7g{39?e2
zs=AXZB;lD5NWPaFNXRiZ?{l7jW6)|7vDtgC3go7kN8w7|=BR7h`<QVK77c0729qPZ
zMfANFo7n9Lk&y8QGxR*hV(P3WD@43s>cq!(y!Pn0-g*5wp3objt!8>{VJl_=@|$vp
zi&}$ItN9&2-mQ?*L7#7894xXuF08$;ZJ_I`cF}l}xsCFK`>;UM;yfjOi!sL&W@;t*
zl;#m<?&a%w(ubj|3ARIYA;#w8WAnXrWyE(z76ukl(&&`GqdDf*?(zLTBvj=a>Q1Zl
zN;M{n@rlObmEJr>ZO_H2<}W1~V%?33UPY$-$g2&>z!{^8Z}RT@9*j`@)oEX3msokx
zq2*Hbllx1s%PStA(=t40T$B*_*G9jI+7qs^<C<^$JY-fJJYAbaKB?p#&@X9MIR)U6
z3p78RK+^O@nOVo>{~vd69aZJl_KlK)D1ss&-J+z@4T>NkA)N~p5NYWy1C)^NE@>7a
zwP=xCAkrPu-64JETKMe!oV|I!@r`esG0quh|KZqz_kGVfulij%-+jQuY_`?&T;{Q&
zLAR`Iv1hSTYqXrV9GNN`-WOHN@=u5B!v6yNW?oV2?(&|H9iFw(BDqrz&<*UGg{qWd
zN#$2pV4QV)U}$thFzsFGne(}OVrWI=I7qFB_GawfnJj1519SDYHLG3)K71zT;9$ID
zufuLo@u;RD&Z;)$t!1sXg|@@ppF6%Hyc0Gn7Lq(LEN0>KM)n;~p108@#l=R!I2t^j
zA=w0nIGZ?j=K@`dU3Dpm=Rtz&P6qb`P7`F4N)|d3jCb$l`<n25am8zEyN@d}AkHmx
zvWcFGuAA2@&Gh@kj~U8AL`b-_w$M6aZ<diGaK5+N-@8bm0_|%Y69%2@lF-<JH7vYZ
z4gMq}mLB2SC9fPX(wT%fK|%1;uC2p-O=kUmJ#$}|LP1A=ho*5Z%HB0u^uE3A8rOri
zkAhYQ0^hUjNA(x-#l=nPfIiCZ@`PuAX1yN%OfV5awmcAWFqDRuoAPY@T_i!9C=t?;
z_=)Nhbb2hErcOLwdlcKrYgBOX-sa@P%qe5vpl4Q#f`rEiOE3ylqx$UeUavh@rr6|p
zWB1v7?Vdq0uw37dPSW7|@<mRkEk`HBKL!;ZtWmWeM_HEZ!>u3+<q+Q+Ury$W3`Bfx
zP4$B-Dh>D~PT!#m6XtZir+Yf_Vz<C#UT?pfbSeYd-Jw<!&!!^U(<{t$pw@Wepnh;;
zS4Beuc&MI=Jmwl3krG*F10657&P>KVlXsSw9?S*ADe&_2iqo?lyTq956ie@~4KZd1
zE=%n%4fhCTa_LJkZUdIH$$Ap$UZumsuKGwM;t7YVp-dcPdB-61%tMzYNt9a^XM3#f
znl^g%+u;eV1p!<$xYy{FJA-vMa?Mi6qAWwl<Hk0wnQNEmIuwj9jpUt5uk|00scOK}
zUD0wQmE`twA(gv@p#%3FcPz`PGwvpE^zEgE1<*G!Wi1|TMCO{2FCUq`8(D6#l#{^v
zz1S7xGTxV&nIm*iRea62j+v7?tY1{t=EuF7i4v<p5zT`Y7s5rm-J_!QZu7xr-2u72
zAT06Rx|{Xsu8TbudCL_q2R4dj_uSO7Wf<&FS$gk$QQUabwJ*$ZTFE~9rkkex)R(S4
z*JR;~&2)x)fZO0nwWNpJ<j$U4ImNNlw3U~7(2lFr=*;My$~lWpWl?-xX2F3Cr52S?
zuGiy=T9mzyP5bkW^4Q6yGKrhtB|WcraMC@P^faIv-YPw*eF{Bl;8b?@mRa@)PTY0(
z{`z%y`zn)0v8!W2cU+XbO-09R)`8BBohthng899@RQgkP!A$K>1WY<*pXadzGAU7v
zgq=Qng<;y*z}m6xmH9|}XM)bPafiP?n9^N}8wXq*36dtQAbn#5X4$8rSD(c6^!5h&
z-#a2+bGhT6<Z+b!jXmIOmgF<n{P7#UZ5(6DgsMHR+Th<|3&l-!70o`M_Z>9($NS|@
zm_+<z>Kubkik25~pC^&gYoMW3Gg<yrM31*yUpO#@zAY)<b<~0O&Qf_sIU2L?z#vem
z{16s}8%vBP+_|pLcwg)*9d5R4*A<hEl$XShpT4G+9uBk*9y&cgh76c@F;}&32|Jkt
z`?H_rUcaLuprXy6Om|J_R6qsV)5tuLY8g71r`b6ArFk2SFwedgfR`N?Ifs5yP_a#A
z(<7Zh{7J|tmE8^zaPYuoa683qR8h25P#C@gx5Gd9?bz(BGbwf&y9nt|d%8A~K}_F%
zcia9Q0HDzDu;YDhp56u<#|dZc?=G07k@<s7Q91rBj9SE%ohy0^KjMBz<{g?8jN0r-
zZ`A3&z_5+!f{QHILpLVeq{~>el^h~&c5rTfcJ0UPzB@Otgh}S9eXmm>>g?^1vR9OR
znEMg+lE9{p@QQtpIP)?M5nLXI#WYS3#xHkxa9V6^W`gfUsilbb@U?uHWNzG?kxOOu
z@1lpzif><$>IK2D9*h%2XWq|{&$(XV9{!L#J##M+E&U}h5b&Xe9?vZQH%1WlWvAy<
zZv&XjA!l*SQa_Xr;RC%RX}vH^QTVDg(l@K*o@!HmOd(dWxf3*|_QB@FN6V9<gQ$IL
zBe!<I&+<8{m0sO;y#4c5RHa|og*Z*3<j0Qa&p{8}soV@_wdkV;FwQKjYJ-FU4BcRk
z3mn}6&5rFu=e4V4d8=XiKd5-e-ExmS20B?mnOnY<-=aw+P8lL3`EX<9grMWhzBwh{
zv(fsjZXdQHF}b+UV-oa9K;y`tgfdLy9la34&jx8|&5_>W*3$#Mpp~xzA0_d^`m>(X
zDa7UI?=XZWBv|C_00&C_{q|uStk<8d_Q{nS<g;4oRznlE2fA}Ux;6~hy#b}fBvzUp
z=`L!gPxcCzO=NDLYq)vr5GE)4x^;`*=<D^tB~yW}A4HnHRs3A1IO+Lq>j-b|_tqS-
zl$SaS#PioCC*DW>iF0uaPut0(hta1iYcJi;x{ZD+vp~*W>WYNUKkV!gm>>IYpAniL
zb{=~Uto&?<)GJTn|8Q$6W2bQcb%lNd8p+NW=c@rqDiFdMN4E$$@>VxBr3hN8RT>nY
z*s>X?yY0F1<3i;=*r{P#Ho=(IC@=Lmo2W2M!%;DPl~-`Dex<$^U2^j?<;c(8uTDoV
zHIGyeSCU?NsTYn$jRSQ9%cbnD(YwZ~{rMUtpWbP7zUi=ewaEEQi|A~ov}jfShV!qY
z9xbe5)dx!!yJbe1il_O9s=3eQPQ_NANlVKWu{m_Qn%2GPn<SkDUYU_3mWO+;OZiC3
z+m&|tU)Y<)`y2;*%zE%L(e{nZRS$RJ@+(fKUtGTQHu}57nu0MHnYx}i-LBD@d-KKB
zqC2zKxW^V!I8ZHJ-1AO5IDC$x$16+5JdP72d0hC87y7u(?mD8nYl`cQ{uD*A8hBO*
zRkIsxbsz09W+=9vk({Z`^++0sViJ~{KOFCcJ%PMBqYg%4CuC`OkAjB1yE-iULv#bp
zWFl4K$pfA|J$5P&E=^4JLrThfw3r_opXKZ2&15?b>jrVVgl%O$lO^s{uM=QDm5}^e
zPFD|4BDzIWpZhX1OprV57rIQ<ea}O<p3(fYJ)zZ<(OSJ_{#^JfQBNv_BKzf`#E=%D
z3b({w&fZ#aAf(JrFFu7WSjR=l*kq8eMkjf&V#7mO*e>5@a;lY+BFjN~Ltd$Tpqu@`
zw~t+j$ZF^=)U!saEK4uVIredW9h9;f_SKv^jr|@jM|RdpV*7koaj(3f_}TtJ9hvmx
z`Q&-uo0_D<63t4kg?QJ*-Q|AxVr9b#X14rSBREmoAc_^Qx_#`8<ttw)DWBu98jh<$
zduwc#UQmgiEvDJjm@Mthr(3<mz2g*#^HOAFG`+T=QfBW9h+JNsbNT$BocTD**IsDj
zWG9dsy1VOA@atBm9p@K?s839yR?4qleIcFSdTCPNLcm0}$Zgb~$>H3CHNg{sMd{SK
zM=}i@smSt{nk8<F3iYpR?#0X2Cc%ADr6;s9?#JV$&S@t{Tjz!=IosYL100JlZj~sI
zQFHgIBsYdkp-~K#>h3k~`Hw&jmS-(;AXT4t$xj>&oF1RTUkJ}FtOv`<dMek=>(DSl
z90H407o-Ucn^vs?4~snovZ(Vr5^EUptqIie6b0ngBLkZY118?~3MAOT$Zh3Kpp3r#
zmA^e5afwf}GUHJ_pVuu4jYhL8H5$};cCj{B?{!I>yGZIz<?-=#$9n7q+0J4SvMgBS
zq`8PJIqZLs#M8K6syrUb8qJ}pJ8Qqu-Kp-SF4@Ae<k;CMDbirRp@xE|kfR2*-0jQo
zeVV6J8q3_2lKPlCeomqIs72GJd9#N~%xR>~>>VAaJCw4(=VaAf=-6fTPS7K7qw*q=
z!4`!~4`Zp7#1`4k-J_gm>%>XK3Q4s7nVzQO-=p#Nf8#zq73V(#v5Jwec13Q-%hxRJ
z2WwWBP?&{Jf1e2!o30;NuDA<dwRhz_*FSA6^(-Mj+BzhLaG-tO!>q@m`kk4lT|NMV
zjk%ec=ESG@$O=LBoPtBADRl~bo%_TIy5bLwD%XTqv3F0NYu7j?dNzEJRN(B-p%5Oh
zSL}h-oza#UyR(;1I8+re>n%_v-1~VNXOBI1LiTy*y#A4K8;SAtH&u_aN3GzIovFS=
zJw$|Z=>5jNz4D@si)*ddKldgH+XX38RiD@4_&N;KL_m0UZ48`VjfZ6=+Soe6i!)>c
z)_fq4qoZxE?;)CB6h%a1oEOPDTw061epN{`etl|?7o~R;R4I@e1Um@qjYvAX8DoF6
z)5W?y9DYB?I9PL_X>OjN0Rf=hFz+o=EedZ#J!SWn+k6i12nWD?2Ok%<=<!W>e%n66
z+umD&Lye&`vqvjd4_4i3Je!yIh;NAQV3I5zd-9D;j+J{{w>zINLxkjQzEAI24T!2O
z)V-<ou+x2OajrjE_ZAWSsaUmN1c<t9CStk8l#%kVDE4f%(qWC%HbO6mPBMokGYDh1
z?xe?`@?B3pNen6k=Gz+uacig`>PweaR=+jQnYS+Cwr#jE$Z9vOf2u2}#98EW{xy>3
z=V7}lv;TTg&Wtogx{M9s;CvHkxHR+7qVvo;H=eNZDRMh&scX&QUmv8>Mb&b>HVZ=V
zGF|>I(lzt;x`&H2J4ABYd9_iMR>pU+0Xt9)8iYz!5sYMe<v#1TRkGNdDeak<>e#y`
zs&@}wCp>cP{O}+t(?whKsAlrn!rJpegR`e|qW&wtXl&&-@?0Q}cyHk2@yz}rdg(3^
zlgkg`il^{bT68r&b`*W8q+j#&*nYy5k3Zy|!7_8qRnN8TgFd6Ay^AT!pJ1wUgViq*
z7MN@9+3KM}_O$z>&X~Mp6cXF@YSfCCxlh?8gI>5gu10hvMVqGM?kV)<-L;wiNf2n>
zPRVJsGa%ezv^Q8Y&aFJSE>kBOWAe2j_Rvh#Yv>k#;euCX#h5|fNjo9^d(0!(my@-b
zclb{@JZq~rzeVHQ$acs9^XcBnpc~kO-w_^H1z${mj{@Cx*_~>_51a#qi_~5yXwPro
zJ8ly2t9qq=;}&&2Gb~V7SNDNQZx&apq3t@Pt<#aJhqWgoTU}5hHhnPk-Ln6j0HKaU
zVFlL^UC*&x_=&w$$l9pmgPam+%)M}mTiK~DcNx{yy`OjX6PMc=Nd2HNZIwJVBNN^Y
ztqZH=8wPhy8NB|knycP+=GNuyd^S&<Z+9fw*4rgyaD5@;oyXo!{kZn)jCTTy`=sQ;
zMwnWq_VidQnJRJ>_kNSKs^m-JX6IXStxOdN+1sk)1ukx=urf&W#Paa^9FMBLx`*w#
zlNB1D_cl$7r0u|RRLfFI+H;3SS0Bwq>W7N`SbEk>rW9^=bf%B{joqQ{mI?ke%7;GH
zW97D0ZriOj-h{N*v)>6LvUqRE&tFh~G$Cp@@-6vEw?WE4A@G&AxbKmOOICBfb~#Cd
zlC0`ad5JK}yP4LKK8r~{%Tvj^RiAGdD|I`h6!b3q0N0d}5)0e2cfvYcqNiRfTtGLg
zzKS9)WsBr@RfBnlbo%JRtKtNu?$2MOkTM+wd5O3#`u~W@A8ke5J1f`0Ri@~;-M+wR
z>*=!ib!=?RrtyBv3f<xBqZRi&-6}O)i%PoW@!@_^h)5mg`!yQtKeBxR$LeqPrE1ii
zefveM@}Xby*Xwir1B-DswS^=n=hL{2x+1=F%~2Y)orYRZOf85ND#Ux9;Kwd(4NN+|
zIYau5jXQmp!f|Yw)0MN{?EDOk#9_u>(q)`E`G;B5k@Yt)^8o$m`t2L%8a19r-*c!R
zg_82*Ih@8S>7I&xT@))?9j_d`qgM1*E<p8_*TAFxcY{yy++VWv){yoq4N_m*UsV_1
zSyP>4s9w0Wygy<4xifY)wm)61riaR8UA6HR5z*~K)nNV8({>@hPj<oja)h%EQo4>4
z<+gesET}%ewCAgQXD67O8=@*9Y=H@5H&b{sS$mW}h$3uO3&S-V$bV7oW49^yXu`w(
zw1ArW-RombI9109|3W-tXDqMs<hb^yvy@<dx%l4&9nm74ZtXKSQEi=??=F+da@%*(
zMQ3kLp$_MHI2ABjHFCu+9O!SC@9^wSNq9vi1nISZMnStuE#{?;#+8bjBjy!_OZthH
zR^Qe;OktflO3ymu`8DCZUS$Ol%N^3^ZWw3;ts-)`rTmLJ26R^9rdJ~AvTtI8X=}Ak
zaimNst8cii>V)NM&rDxUkrZR1Vbgy_Nt(O`bIvA5BgEM}f(A4GQj6vFnpqO~YX7m(
z&qw7ek548F`-;mv9rM(EG3H=lADBD!F|Eb))y0Xq9*&*>O3%!bW6t3uvLQSH_$Tru
z)b;3+s!unDm_#&Kl0=TOC%s+fwq-XlVJ&kGYa^BYHX)>mTbe$`cAO8BqER8N{jW8p
zBS2#TSMP5Z7XCbsYN%vW4*@D<T?=^v$2S`|G4REx+tIdmn*`cbjUAug25Q4^XcY(5
z7e{9=$ShqUsV9Z+ltil`<(Z10H|CYV3I*Jv;l9PawceI><;Gj)3R5FWrA|aYg>B;P
z2ZnQ=ei<-rt>OYVNyd^cALz#LT3HGa#}(6fiCxF|eL{q8=kQ4^9((gBD9q=h(!=S8
z^(%ToB6kDHjPKM$E&rmhXD_I|i&pJ+Rl>nN3snom+=fR&T!pTsr)Nl=ugLgXja7O?
zbtK>qIgSQ=4rEveAXg{c+w_ASJX}%C5cTBJQ|r=QlW7d7s>kKM5e6o|$$FfLqz%qd
z_3dHmH4axTOywB^w;@+8hDLRa{3sfQ-BA*)8hg`5l-9`ypz9}^UMSFe?*#1}F`W3n
z{>tV7D%D8}H$U0;U<9_OP<dPs@_dZ5>M`{`8ZO6Z>r&&>JD9^T(+?ePTiHXzezy=x
z7@K-Z+^fq<#7iSk4DH(Hk-}8-o?@xfwauPJQe@aqS{({u2ogF8_En0~d*Y?;9QK;+
zDz_MO-&&fc`hJ848f#T~@C-Zugh7T~m#%D`78ATybKP3_+D&Xpusr>~lSv;M(yN=>
z=dWoPz~}H$QPHYty<{TiFt9h7o_<5az{f5T8!cN)2XiSxqoNqec)}g1DCTv8DbTE$
zf9AAU_rM0PN*=0p9;ywnpD<X$Wg76sP*5@OA7K7Ic_p*?(Q608=~OVcbB47(*YmtL
zeb73ifd~PYCfyJ6^>A(GBF=*)1IgeG=vcE$nMu25WVb#jB*VSPr7hx_B(VGpC%#jm
z{ow0cL!Y1_qki)w83I2F?T4l{r9Ii-U<<Ah+;4AYh<i-6-W|$Wg8dq?d{=UOAe8Ec
zK@V)6f~B}&<4?_@f9!v86EGx8fZ<!jxgrnuzy9#b$CzdXwf0W8iNNB;P`ptvu{Uw>
zS?Xu6cLN93%lCTQP4H9jqbWj&g3S&KkZ@z-NZS8;#b2)tZbbt*7n>C&UgVpcz+7SG
zV%EoqOpL@nHk~8*X}vEBDg=;~f(R`5+c&AZ|6UPz-H?nI3cEHp@dpXSi56CZXF@DM
z@(O#?Z}q0+I(Wtl4?ORNQY63vKKbE8$g_*XM^fPLKMEtjlVzrCIR1z=>f0g?Y19kD
z>E;ySFkQeH*cd7mc>WOOrM(8AJI*z_n13A*@=0d!q<O#2#TnJlgJ&elP)kaR)1REm
zw*OdCyEUxaWW4@L-}?}iT|`zo8*z}|2_H=Q5|sP&u~33{`}wLRU%zy-Pt@zH&s*#l
z7hxsHb3-*oob|9nCKkKPfA6<e<M{t<o%UYpp=VF=AojG(a)`4-L8AmT-fsQ&?ZGwh
zrB{l@;)rAZ``9l2ul@?y=5TVzJz50Yh<yXxL^%A#@T27aZB_rTQ{n0+E#R`JcPi<?
z#zeqLZ=-%+E<`MrNRs2xr5jU2Y%Hhp9t&b)UY+1D{LIl`8QF(k1VW_^9SM^v<GeBF
zv8sQwFl0OiFS(^&??xp*Mygcegb%oyQp=m;Qcl6wMcp~08ca!B`7wb!(fIqoG#ZX3
zp!`2XOp??P6lg2ui&<cHv44ZLz_IXi8)?BuH14!vTtY?^RPC$yQ%1S-sfE}NC_hsD
zXBGfr`8>o33B}EF-RvO{=NiZ+&@@464*bn~K+K;K5&0l=`Ga?%6qjfY@Hpc0R|22h
zL<kbbEreoi<zWzZ>V9{jgX&+Q3A^rx?sQd&#g@PRRXTfoZQJPRs|knmHa*lt<5wM!
z&NJ;04ksX8Z_5p2|ILHowW~~EDZ1L9Z4mUu9(s=WNEs>WUpmE{J~*sbRWjhtlH;e$
zXNONFT&+?km!ucL%GtZvSa6}>Bfs|OFGTB~UswgeC5l4p69-bC(ffga8)6~t^P2t-
zOX<^jcc*QHfw4R70H_<ycf>$sC$g0pNd$InvUMtpmz!454>udzAic%k%E806fl@bN
zUQiThoK>ZqmT_6+$>}jYuVeYiW~0#I`l!|8$%p)x@{N~R2SQ1Z2n$LgSoTdaawT?u
ztGpp8{nepCV2y5*a4%EdXJN@JoYjTdh0uumNGT~XI3J8}Z67WqsYWM8OdzD&vN3k^
z>TjG)*m0t31{h3XDX3GZ?;YU0PEu|pbg5XNpdJIMF-j^+O-Cw;eI#>ONO=*1LlOSg
zN`WehSx~V|nw=QWGBe>KzP)pBSgGn12JUjlplcM|sBVM?xb7~}MCoj+6V67=svnJ4
z*&^}-9M;nq!=+|XdZT<aH&G$-ujhsayVbo0y-?9JjB?d_a#X)?nfA4+PF<a8fk)~6
zcq43l<x)n*SfvBxav$*vMUrbs56KHOfAhl0?TRy>Up-8m%4KJj5)kLZjA#sJOpvw8
z9mrK@2Y9zm%ErboiJNe^+zPtPuxk0X`t!$|Q*#F?;@|Kw+%TOqOKNwE;Td{$9?hx4
zC9m4dpn;_YuP85HjX99IC^=HUmlw?Q9!WAuim8b7bE5@2=1;2y)0~c+h4m+1#7P<H
zD%kY3Vx6(2vm+}7QIdh2FNtOe!6-Xw*09)ErgvC)k)J69+raqcSukr6+i>T-oLMbi
zi!J8LfYrSv`;{uc3Xe{v`%F1bcN7x%NJovh%xFN%wM|54Z-@8W(_)iGErne25<~(p
zZ}o>w3xy*o&oz%z)#d=_frs)cw=dg)_mf)>HqM8C3E0tADib3`<B#d-`q3VGYcB`|
zD)7f<Oes?jJc5MW*z7?8b#gWvS*{F@2W*ulzaJ#s9l)>{`5H1&qo63>S{lB)3k!|Q
z^>xz$*KNp!f(#M7sAZok^!#`-NR!vL6U^Y&mgh?e>I1hM<fzI<R#yuR*Sc4^?e#x9
zJUy7yT}l-u=+esrw?wmaYQ4&F$X#hJwmGy)efOnWu6wLNHSUH|m3&Tl>K(YfrhQC;
z5GII`zk7g4d`*Fox&<c(5m5=xo{l3G(myR)VLqTxnS}rjLUmH>izCs%>+9XE_<>0N
z2GHjv$t+<Y3VY|)cLD`crYOh}Z=L-WTmf0Onq8%AAVrlHk*s=m$p)ZNoIm(_H5~Vc
zjVm)udeT3QIW-3Mlxp*q&&`LWrqVi}pB@-}d%rcGnkCX~=A|wpBWKbL%fER&^N}A8
zo{TEtoy<%>wCdCv-8BJ|oPhoS8_n~+JXLL_-W3vmP#Dq<6IIhv7qk=sL2C*r=RNL0
zQb|3Jtq(31)iZqTOaX`uAk^W1{~<;T#5V#vUy1^`@l}LPFx2*={0lW<(BS7%L!EFp
z1vaX8X4{#ep)wInB(b1&BMjueq$&D$^ucZ9^!M*e<KW=XGcYu1=<(FA0Bjnvzcxy?
za)U~Q1>BV$4sP$3@+V?N0ONu=JkgWjlixEz%{#BpJ`JKkR|{H5=NT9nik)W!?hhrg
zTL>D0zF$ly30FY{i->p~-4VOi(DsPjJHmnakjiH_s03#3XB$KUGIE0}N-BR(%U+Lb
z3u9~xR}i%hARt8IzkdP~>JXqRWzq-I*^v9+Vnc3J>fnDAJU#_#qDPReJD~cZ5aPDQ
zU@}ygvM83uUK>qg&>Ub*fp47TUUr?rrINWq7Fr03FR3HoY*ignQ1r$`*LBSpLC1nE
zAz|ThY;sT%m$Y?~ndA|QMfp4PAyua+$Zv8TEOpfiIIfuNj+9z<GSNvfWk|}^A*nkI
zQ_0ur#9r?S`j9hN)L+LQF+H7H+(v#N1O(N;Z{<}o&UR04MfpUyRqf%3HALmk<${V2
z1hr|!e(}kJFE=iT9t|)|%&idT3p~~lB2j?-{t@*Ea+}<sR_PEFEO-5k2QmRF8ye>f
z*<p*cbggim7obx3k&ba9zZi_lHlRbX;f0>ZVMa`clR2oC#<}AP$x+K^0#}wtylAwv
z)20e!+ybRdX`0uDVa{RXB03{G5p}4L?uj2GlCYKnp0yHsP0TAq#KgH%1q_nGQQU#b
z3m_UzD)jp$iJjV#VrG)tNs-%bw_#@SbE|(EUnHBFvjQcW9~boP!n{92Vu(A!e?fHY
zN5GDUxNcCeBC1fyl^R#ZZM(*c4cl%7rGhhy1d3!*!x(pSJ9?;C5z9;Xc-6L9F-Xv1
zH5krLWvWS*Fbo);N!!&Ez4~Qo0%eXemgADmvdP*qVX<S^dU2EW>JFkRPH4$6%~3G0
z)NYBxd47qp->h(`$U%ktGHRe!0eo&W7@0PPq=W;)-7n6U{M*ZUd;6oqn<%zdLi<yD
z9h_Y<RSs*0;9|p^sDhppBH<8`qalOPUj7!1Io5h+#!P>^r5*{;Zcb~z@<rCvG?wf2
z&wB3aG^o4Nh!tNXFix5ee|i;z2$QT@6s2Vh#l0bRvO#Fb+tWi!c*1Xbpdi+48v`5D
zT@NUgvXvMJ@0F|DIBsybNc66Ncm@Oe*#f389Fg_<Z(Z@{uhzhuQzz%WA%S!Nr1+2;
zF&z=txBzg}*xni#j!Q3_4ZH@)tg1~gUVu=ayk+&)6=>|im~Bw}o5xfJ?!zchk5l=G
zhId%9KrcKw*q*hZt%t`wTiO;wFX$LcEls%b#B?;JgkDvK!)NT7Opf90l=So`19?Zf
z+Xrh8{byTS#L%mk2l5$tZ;;)MiOGjM1AU~rPRgG;W<zwzvcXow+yJO0)LVOGg5;uG
z+DItC{x=jryZuoWNrWp-HM>3V9>h!{n0>B}eSZXmo62MH#gaqE!)6yVufhA7yJ0Vw
zq%sit%%a?4^zPAlfv%uYqYtj6z6MBZbwR%Aki2*Hp{y2qcZKZEt9i9t`JAt>hb5WR
zvuUyLD1#&5ME*DSZI*8Xe|fH5b+!SED)f5)XhP!l_BH^2QMU;rZuCaS#WAzj?NVhb
zDg6(EfWS5uv3_qa(1aHfO+5J<isE~TvAnCYdpPs39!~C31TGRPs9M*edjKa`@@KC#
z-2Is`sEJ;^UbW$|)Snww)K=}hW7r<9VASvy(^6CDVC;@b?-yKDh$Yip5(e2D!nL(L
z28CR0z1VV=HE+|V9tp|hDEpeQc_6(45_>L=!$#t`i5ap{ZJY|C_kC|fTyf-Y3xFZl
z_D_oFI|9C0op>8gg%Fo|d8Bt-iv5>gHkB!s_h;p1zc=G%flP4S&XkX1I(Po{!6p?J
zRRAs$80S7o<*qkd9a3kYqZ4;n9ioZSgOC;~@x0rbVU#j8WkQ7*y=WH-a!6JyJT4)s
zGVM3*DYE4?=mwUuJ+WG6#q?<>7O*0}Q)LZ*CO`7&Vx;n9p>pRMey*l+5!v{MEPFpe
zghiffg}Na3GX(Sua4c?#bKUwA9N1KzIwJFtW#)c1H6U8v3aCeaczAp=#^KfmVs5!c
z@W^dYg-9mOLMh~=IN^SvdpPy(KsRE2xFmDz4L}3QkI)A>Kq1_)U=*d&dXKDcMNc%R
zx}JM!yz9Dib1#@=+Ws>oDke8|9{`ZV?9;28GBPqqlT1P`V3(yM>7wf}Xb?C@Hc${b
zUMUFAux@_~R23WS_bn2>LN3rCrES&DJL$G|`|k3m%j8?^F_4i6#ZGA>q>M~In>wmJ
z9hdoPdaO3%42@^AgrmD}&rC}+-?bp)vKigYurem?>fEUsmBA89!D2_NCVvyHEFp-k
zW8KfKB+RebT(c+n>}}Q8=R&|l+Gx6NG2Oo(0t#W_KwL5;14(=GG;O8TEF~l)luAui
z6UHn)O0JZFn=eB^RYz+)zim3G_OMybKAi)2!4VVt=9JN<^XZI2eMDv;U8Sy;i?GQ=
zPGHd}ga17I7sn$=e-4AJ?`lEw5qGXfl)LMW5MlRCI2tf65A>6D+}iYTqy7UF-rtOP
zg7BLD1r)k5I>_oB4pXdC50$A9zxV!51c(k>lSMc+-NMsDWN6kb4;)s_ax(M&<5&eq
zN$0BO-VGAkX6JvCELKo^#8h`+y^>!p11ex)Z;SHCEXOJy@mP*!y)AVi^UoJ{vR@z5
zl>A&R3u>V9<0|Iu^`qBW!G8%fq`FLr#<V0^b0$G&tI!;QM1faPHyRK~zHPJy&YJ7O
zlv5*J64_kLa7`6u=+}0QTct&Cy#m<e^7t`E<x#8|ZXmcq;_=-8PeyN}EYeGr_$Owd
z#HY(xxsgizV+~Lo-4^Ib&vE@`%LM*MgMaw2J?j*Wx?=#E`>#{HZt|Pk{wa=kCEOiA
z^FWI@V2A`1S*#8$HH&OANXx9>jycUd;9p7)3pfF#<t~p}J|`H0Sx5+dig19<lAN8L
zIZS%6Osm2WZf3E?C{N{fJG0J88aDy7F1`m<%?103t&CcOXQ!4SsRFNs1~V4Ueq3(4
zzGv;?ME~yXwKY3DU07y;cvDj<ywtJFQq_-MS`KOk?9L0)gIwy`e&$HhIostV!27#q
zuioPX^z{PWHd_a+o>k#l4!n%>z4CzzTx`Gd+zCl^K7=O=!wpY}U|?9*Q*w|m?-A_n
z9{21xcy)y+nribUgc=8+>4yZZZA(mak^uqjXH=dilf~ecy}~uw1Dt_UGxhswk3<#{
z91B|9$iPKn04IlnUP_V%9nrJjX{)2<T?Qks*|;Ws(<&7__xmfg70OYder1|vzlj?m
znV<F@V1tz%4hiW1a8vqgXgDdJX;eP*qwQl(Xh~@P^$l#TShdTse9|NHxj(onyxq1-
zgu<6QRq8UM4PxW6AYw=i9ZYeLNZPyjCqvT7N*O&rIJHWd*0|_~iorO-=Aqrq7hNx&
z%^wO6ovgtq5OJ9(-5}leK(QwnF8iwt3rUXNTvpw*w1-w2br6x0*TpAb0*uFk=W0<)
zyWaW6`D|lbn9=^~@LXAMBl~BPo$80zXTWTw`{%!X&&5R};Vf6KP4D^J11%+d<I~co
z*Gs8~Hj9c&o4(x>@==WZl`t;L5gpTkoO~A(X53vSwMMJ;(ekHd=34A76HCg}s1R}X
zy2nTR!cEl2MrUro7(A3;NISc9&qGS})u`lP%NCzxQZBr^O@#YR9Q}ZG02LyAL?!Ih
zf0f|=FhZICBKRq68K@%O#K6c1pQv%2>*Spb2N!l!I{f@1M^-r>YsMfbII6*;hnY6!
zdG21Y=MeqN-`+`E8gDSGYTnKzNY_Z!9n&en_J?y%o-?OOe@;Xnbh5tm@cXBY_Umx7
zAEj?e{;h2g8t9`dFon~#pYBm3L{$t80aAvW|2t-iUtA9^(xF=$Eq9zN0b_WFYh253
z?jowv5c!@WHqeVm=`@v8{IUs0T}!Y7AWdJjVowsVoN@QAnjWBP%l+7t8aYMan*o-0
zFOTFPP4IAb={;t|D!j&#0nTf;{(^NV-ocnk%F0GSj#GVu@{}^{e%BPo6sU`fE+_ib
z9<Nsw=T4vTqe84FpIm(|29or=V|>rR#5Hzc|LA#n)jgtl)p0)wFw-o{GyF^GBEwfX
zKnclPIA2I7{xt-y%$5H;kc9E=ZnCd|&|aT%;IA3efh?L25)w@KMo}kc$2c($4P1uy
z3DyEYIIOIK^I(Cw9v;KgM|z2V|D(=}Mx#b(0NJs>M<GE|P+p#V=>HId0YsU`iQZ`Z
zq%Cerga?pHlQ^^Dl}m}4$_%RZW(4f)#)rv}=g5gX$0~v;3A{f6F%0}ontEb0DzUs9
z{@~LuUeFU<`YLk<gp(8N{|$+shIEil4)xzq0~oIVvpfXI!@-GI>9dvQl1-Iueh24i
z*G&xV1F=WH3G%eb4*D~Jc6bn%mmix2?9ImlZc~6$EJQ>^_bmhkBjQom1xtyHE_bqp
z(B^UV3&ed}!gMZZoF!F%ebY2Fgr+|<S3SIM1@`S7mf=n$YqJYl^;pbegFj{USP*t1
zf)dY(ru^;08z^9c07Q&zs*qhmy!vi%`uwoNY$2qmgky$=s%$7ND}YL*^vpqA(~Zi?
zDnw^407ZSCU7FDgj$LL1j`tA=pJBaQt`i_lBJhUc)EIL;DUh9+e6MmD20-!l!UP~d
z$M;6`XWWa8U~7Pl<S1qMahVM~vw+gpqQ%M>&NK%q>F7N3io)VWU~YKhiw0UiOKKN1
zx1!I9rC|q8yrROilVC_U^&beBPZjv6nPozI$k^@22rvF;23lINpcNNOB>)iw1*Wx`
zXTrz0kGXTlRV;>4>?OiH%Xl?LGXeQbKo~1<@k{0^*iL5tz59p*`IlMyb?bo@iY<kJ
zPU`GC<S)gV&|a}aU>gNTxTG?jvE0lPQ>`N>CvL+<?s1FHNtj6!pEL4yZ9L_%??6YK
z8vne0W-7>ZCLwmz<ski4>E=|#YgQTeOGS8-Reu6yUf`=0v(m+4@Yzt!g4J`n!_;Hj
zM@HWSGDt#oopTo0Jl|H?k$`Pgw3|h_AwWNzt%Ygs35qucAz*^HJm&GL{wPpBGkm{`
zW&dMiVz&_(O~>~$8c)>)eygX|zv8?kp_-%e&}BPEv&094Q2M1*Ra6l0yZ_wnJ{ucP
z<l%B9Tq^wxaK%ogG9@y@6_wB{ht<e$$sziae-Gu2&O7B7Kp_jF?zr=<<4Ahn0y#zK
zdsBI)OPArLhc<sIS|EPhB!M71;G}O%`ncQM5k++kx&l<71(><(iFQ&#M1~7LGfh1_
z8%r#e;%6Tg$WJf=4RBl<Lm>;8heA7$<1!AR#*g)KJ`Y;?nZjSpeL>z7>_stlVTKsa
z3<U`+`=zDU#*mC!Do~Wa5&kLSEe$D2>cgVXuT8;f%Lu0YOV?sMA~EmQgF-sVKlbk*
zXct==SjZ0h#o#-`7eOTNidzr5Hmp^%?%f8yE6}FjUNo~IwzdHnU>}(u0M<!F)&`N^
z`WFw>vt7vlXhzdL#)}o#V*Xj(<G(^}YsV}_%L^qu7hMA)-cks@eWC$!WuG@KTPJ=Y
zMEnFL`RFo+{(Kt*wX7*dLOK;PE)qy8^+I)wulK6e{Aoy+8sIAp4LAr9Bt<Z+563Ze
zy}!X_OGQClxEjstRe58rx-7F9`KeFL`iYYu_nK&ijLSHSaA^2>iDUj3>iL#ifA-cb
zM#LiaS)x#z8L8TDc0kATd?}J@pdK4Wix5=-|CT}rLZlRq6tGHFUciuh?BG*ysPrlW
zGH&vc>Q~<lZxjqf>%_;Kbf*(9ffGJkb8z=4A@O}8=I@tl!yht!5duJ3oj8jqm-yF5
zyeKXtqD<WEx#R_5P6z-c&oboWRgmA9ChzRS@W#iK460QaDc`u)`$aAyhSS)kGhaDV
zp2Kc&PN~wysNa7OYx|dPSk0F}U&72pmmC#nA}!FVhU;UMTZ;7M9Gguef$tb^B8uD|
z7aAfn<p12S82L5i!BVsYKIy(-5o|?3B&>><wJ=}@y`t9eUNU)!RbVuKcJIV~Px>b{
z^<b1u7uFg~BTj!mJGA<E-RbaTr;F(s6+D9AZZ$Kw<u@clHnR0&2;ED~+d;?k{-ysL
zsm6<QzY-{Mk!{4^R0az<juCnh`tS)ID&(r|1Ld2p*Z#{_^_gAR@Rv54@Nj)wG>J@4
zogRSJPPWQfC{rtQ8+5nIaiP7~2yQt2{c5q<AX{D8)u*(eC?Q3P(g8RO@O4(H!%OoB
z*g8PcK<Z}7!QA^o6IbIzFB~|r>ZP|!AVH2mSu3%(7e+zdi;A!99pU+&mLcj8kNbBY
zLA-(MjI+PoFZ+Xkfju-ne%jIfU~QB+O>&%~lp46)CzhnQ?iK<LygF8)f_sTvqM))P
z1QV^g8l~t@u$T;d-I0t)IGvUgaS}8XV&(yWB&Gv-41*BI8ZOiLn<dmx@CaJAC$O&9
zDTOoy99HRV7k-3*tC4AfJKxF6da3`kE5Q9vvMCX&S0dx*$3)qz%m_MlUZI+04Ju3a
z5;ga(X_vQxXp3!x0oBz_8}nXe>wl{b6jUq(+koG1J`(G{5N&ycXzMh&seDAJqHXJs
zg{0n#SHBCiGWVcDv^cm~<<=?ep|k4~47|8hMEI62F0kE|K?SYS_V9p!>-R-eSVqe&
zq5y_(3uTb4o>v8li2%+Yw}q<>fh#t<nIc|%6x0ved$}~rEfWTXXe((G>onAJR5W8t
zJ5<)x1_SlywkK!B8a&F41{gv38fGPI_`2$I0z;*X-_7@BFPCWf-F_Exf1+Ce%Qh@g
zHo0tDzKCtj9147GjQhBJq2}=my_`MpoW$d-#1NF{5q*E(BlYTcj#g%nqK4HZI!#Nb
z4TJ2Fl?U&nbqfU}i2np~f%w4~kFQGb0GO{mx7BjaigknhUik#+R4FsB`qAzZod9;L
z03jh^8%Q+Jf+}m6y|v2x4Dhu6q>)r|BhC446H<ofJe_C8+4S3YFe1x-ly==@EWNVG
zX^o26&}w46SepD00KBI>f)Pkq@(*+Irozh^oeu&P7p!*961h-AkFEkXPUb1wl0=lq
z7|k?Br84G-<-M(*=C04Rnyj_i=`7C@OEZ-WBPPG6*r;I{5zB2R14dlvHfVtx(ZZjn
zt>1Ul07Y|$hlkBP0uAfqAV4t4*6*+G-Yx!gIU59hMb3WHf$1yifeYP71W>)ak}68(
z2qsky9UdzkM$F@#3=3cLcNwWD(AQSR7K{`D10u{%DF`A0UXTo)7WKeJx<OUdU!d_H
z+7l>v0426uC`M8`AD3Q;F0hJ1b-v-BaCv_qbDHe;5uI+ha4MUSPCPq#VU)*L=+QA~
z>GA!MnK74Nhs5csufEWLx&?FR-EPmyKG%bFR^AD|XFYvCgIrvW*Q~cETsJBQR!BJO
zWxI%piQ%(tVTNNB)<@Y7bzPQ>Y<_(p2422udUCQD8|-yqB@<H+$PuYH5Y@|r9MOH)
zV1d1v8cE~BFMU}{pj+T;d5K!~pS0#f`WZhXf0e^)`MDIr3SLoZaY^l$p$R^fKmI?(
z2+JRA?H!EK0Xha_hTa&sY^GwdlTnu49=?y(ePi3N1qHg(RVP*eTV_gYBWBZ}PFtr?
zEdc$&8*B%Y=L(1@jyVWufoQToIoALRl!WsOJo=%**uV<opq}SDP?D(Gyj{}8=FSpz
z?=jNhmn<Oy!Iis&EcUHgl^5wC^T@uhupZiy{H@(CxfP@1GSN;|AtvDW@m>EHv_RPK
zH;MmYKd403!wdFHxdzzpr){zN4S{-Q>GL!!sKCA{zl^^ZI>`6ks$40kngeNBE}yGz
zvmw4l6V=X?+GpKQslwvp$qmK}U+}hr=6v0y4iqTJrnk%Sj?>5SSlH!r8Y6CgXRqF*
z%6^{a1N`Zn3eh97skzz+DXy|ymF!}>)@54N9JPpdrq~L?@6#!5!j`gt0)EOGeR)~b
z{R{mY-!t7ufKbr&SJ6O|(N+7>fe<8YaS?hDBsPZqM6g0uU5L_k(`CCYGaU@|L$qIB
zC*k;RcC2IF6w&;^U!b9+ON0)Qeq+ujnJP8uy<53IVx|L!{}2+LcWyHuk41qNKX{t>
zlui*2TM^qIe6q)*27P2;umeJ3ZD%Jn&2Bb(x3de*s6^Z}_Sc6kIw!0V;!)6+{ooQ@
zfr9pO0_ASK|2tHqS@HgU6M%|O%5>+Zj}fZtjN*R!V`@LNB9N`@_XkWf2yxW~x8Bl&
zoM#l7WyORUbG-Zhu<7gOo;?D_T4s<#{)}9=&74f--hei8-P@aVh%7i-b^AARXG*F1
z2yTBVE8|X4#|4Ms3XedugFud0nZ{<hjI1oh$n&!L(y>pRV8uoK*_@ZG*sB*I(BSu{
zQpp!#p-=P(T$e3>*7pGgVJ-RPrQV74VZ0<9%V53}gbF!7-Oxa!<3Tc0v!HU`6uR~X
z$fMtSldOVO^%m?|ELU5^!1c|enIO?V{J=(C#942B59<LXJr`@X#7*xJr>49&w84;Z
zJpIu!Dx4mqu%&_G<+sby@X#x6b>fl*&is9v9N!Y3=CFj(aths6@=F#EloS0|z~s@u
z>#%&q<cm;NQx8yqCsAlBtER>%-E&@S3ya{(--gv*z-M`L+hy`Pw4&?lJxm~3z4v=Y
zA&YmJrLC(gN|vp1$ZTf(O(QPH>z|s<N1!MvLeKNGAF-K{O5043ypAz*9*zN1i6Vf#
z{B!=@Vyt+_yT+cNu`As<m#29Ew!k+2F3O&^ekJS5|C+;3MRz=sm6zp&FVv`%Ay{}~
ztNpGDpzUG<yw|#c10$6Ue`ShI_m|W4P1w#4!3?WO<$!%Bke1j!J3lk-h&nac-&NJn
zxJRt>rgqd6s7rRY<?PH^&<SRv4Nclz>V3KnTd|Z@5`LWE?qHIvQTgPimVOlbz!`>)
zGp*mO!yYMD=-o~&(kflpZ{iS+lo4DqW2sXglIz`B?*WFevn#%S89)Ltet;E6=LGCt
zmR~8okYQ>N%{UYmsvKq{Mtb)mPnj9yUVE=t-C@h;;51rE(w>co(o+&vTl05u2N||p
z*{A|USX_FpJ;G>ZAm8-tk!F=ceq1NW*uW)-bq!gxlU>$f>U&d02_P(<s}7AkUMFJ(
zvG4-=?Ck9AE>96^aDOi+B7d7|9rwvFIdb&#XQ3@)&jA#61?OnEpC69Vq1CmH%+GEh
z*bvewf8hfCLsycs0Vf<deZR2K`Vkeq_)_-}bWn`gPUC=Ku?s(ZVvr!<@g@Y+{n0YK
zX;K}O+M6{bIT#>&cy+yJ4`_aN-2z`Kk0&sYTQ)Xo`Aos#e#FI%F@t8(LobeSh8Po_
zQoDBsK<d`0FY9@++aU*C{$UF!n2K6LDFSE<-jg9q&&c@n=s;ACL-kEU;y}JOBkzRM
zyN6Wyq7H{I*Fg4$u|&%9saF)Ebr&2^W%ZlVWzY%ZmL>qr=20s@KaCOfT>x9}Hwe7(
zX3jXu4H-RJwaHVG$Dn0H<YSa-T>NlCVNZ7zeM6#i{+W((cwXn>UU^=7%ur%)23@ju
zW|WJipJ}O6W(x$06ogI@qu<ig)5B%ch!-I>5SJy17;dx3mc0<I*MPx7uJ>&lu5_I-
zWhaj3s1!__*cxa8r9@u?LHBvBLW<$!Ec{I40^0urVu*di0T6J_hC<*4*;_wk(2*Kn
z63~RQnZ+W65D{h>o)*gp#(pA>m^qW~e*D+WnI{gzb)KFiAbFLC7&&9vJ(<8|KBVY#
zo#f^2kZP5K#o()^rlw-&omV8h>#U&YKhdnxem=pmSr&wnPJsWk4eF!XCeQXAP5QDz
zn5C_)L-HV}zSX~{J^N-%2e)5$eqSLrqtK5C51)N0h0M2v@7tAu!Z3ct!pYJCkZ%bO
z55LouR+Es6Px*?}h%3S;Fb<SYnFFf5@hZf=RF*J^fh@Iv$`g!*OqUB^^~n<esh-mB
z@cjr!RM7j)G=`<p;OlzF#}{zC{N9?ix{H9c{>1Fpo%EKLmP{*}4bm;g?b2HE!CZhg
zr|Vp420_9DcOoBxNb=iGx}WYYvQz*G3OcSV5lzkIpST=?5dj}>l=UiqE$4Jtp2Gv0
z>IL?ufN8_!YF7T{#S&j<ensEA$OBTxBg8%4d4vWS2@qUsw3Z>c`7u_kE3szwWQQ$y
zo>l9KVG^Q@3r{pQ?`@7pfYg~o2N$GH!`M++jY&0UmKYRe?971)n35x}t<;~R?%@Xl
z)0Iv06t8_l77g!S-aV_Te9#LFt|D{3+)32^lduqn()=m;oDxE4|F5w~$GP{j^D^+c
zt?$+ouke`#W3b);KHo^8%C$?$fO8QNC_wq7dO?JtXMhN!c|$bBQ3yl$Sma|XLO)<j
zc(D(pEEeV0fym1tvxLCqviS5ORP^0M+4Q0*05~y@vF~qe%3NxcK)Kl#gFYxnRL{OA
zmx@R#|1ZOaAZY$~*ifGsY}ztv+b1`ESW{Ce_3Y-9YNmX}vo;Vq1F;<x)LIQJFNvOH
z5Cg@D{fv9*Sr+Ca?C8qRGK<F-wR>J-{NSw+ONqDa`X42IUO(Fuk6#A;G1b>Ln*=7b
z?>%gP>ZShjD_!Y7oSuunf@Y7MD-Q-!(4W(>UKs8zRsbtzs=|M<gDe?n4meBmBL^!1
zVVvJDDNu-{-yyQbuLXE6%`(@Q{fU&7UA@nD@xD0(7_TI}S}XQfq)d7f=8~6q==~!b
z%j@ZFB19tK`EAf3kX9k<Fee6pGWpP=3dtqJuiv_eObVVUq9CJR)ZU1<qp7w*a~?dQ
z6LvbZPYy;1@5gWyy*xSw*;+O5wmi~~%RC3_sp}VePw1ZLyM_2#JqZH6l9UQ-$-02x
z?aE?zJwnXz(E(vvP{zHhfO+x`l#jTKFy!nPG2$6KOcbQ$x+R5h^A#gba&QpmI5+71
z7#T!YLPYSwSq`-jk#5rmLI2RI$iI4VUhuesq^t5pCAcv*h-(=4?Z0MSY5*bRw5RB{
zfcX(kP%kOa?XcEEQP{C~1XM5eZmTai=CkN+6eQ85r~$(yim7hrG9i51|HoE_EXV)<
z|H_c9ZhBZap8%P?rLF=gQ!1V{15r$PP6IN3^Dm12z`qFCk*vwFB6%mC2FO^#^U<_Y
z`uhK`QuDt$dTi{9Z09?WA%ghco<2}OJ*|oeYY%QeFZhmV0eLtQqV=!XE#esPKVF3T
zy|Y68v{d~j0-n~EZu@4`XG(ycnNOY)@*@-gDmFMs6qe8{pav4e-^@S$>l6XMds$rM
zugWY4l-^vZ^L7MovSGgE=8e?Yiw(K*;G)2O0Che8JF)-GZ2J`Rki&h1D+Y`^9puW}
z)C1Pxf1}~zLaKGOgD-k6s1+eVtfTb8hGg%ghEP`DI>yd)z{a5dPv6A>k@6Qe+Kn3C
z?u}jgT^0~V|GV$vI!}3DpGq4Xe$BzQOdQ3V?{?Pnk}v5h3L&8W>HCYNd$*7pGpUa6
z${*}ozw}3)9!nL%_pn4fN00f^cCqPGy>ur;(Mv%_%iGfUU>6yoIxvXdro-p?M}12S
zWM{1}I}B0Kt5Tq&xi`J%?e_bZA=E_kmo_*6WRC`L@KeZqLK{I$j{Q_YP&YJJHSBnU
zib6)s9BGxo-Xwe`?Mm{rN@YOT2Wv^~Iol5zDQm<cjd3;);W2CS`G0g`@*ib0XR-Q~
zegZ1Gc{nQnRCzj_o0V1Whrls8m<PsSVq%|R+Mlz1cDxZ$CE~clS}wiPF%VkknKV1U
z9!cd9%{b|PEH^Et7>0v6y?5F>IWwp|2huI&d!Jw+iicKxYj5Za1RDcctfZv7C-%^^
zPgn`u<?w6&f9wJQxrT8c?q39eS=}PNXYC#*5zK+wyYTr=S>KxRuO?{$wT>#(n!$ie
zr**{is4Mo$Ms+iEwnwcvJiZBTFGR8y7<EwNvwG*;FU@!{$jQK8nqscK`(bsom_w`T
zmFQLK;Cn52Np-iT^wV(w->Z6?-oM{dy;7tkK2EI*MkCBx43qbtmVo})kAIFRr2O+N
z<@DZ>cwthVnMy8g%_wgOtW?Qx-A}IAdazb%JH!zU=d0Nu#0R%d({!+4POYkZl9Ex+
zb8g~O)A+#{GjOVGWy}8z#Ib}sg+`-o{XQdU-CD_4{c~JG%(-FoOP<60<1)8OLkaug
zCt?eI=*hHX12p(@-pmCs$s9&TIH<V}J~<h33wA$VyDAw0q8T^pawgKA;#JOu*5yz`
z>FatnCK8z8k*r~#2pC%nbgNEAny-H9IC#O>7a`CrPYwKfndQ>)Jcvb`RPKG%TooJU
zlOX1Dsb49LU|rK}Z<<NaXQyS^LS!Oj)^M)*&w}}Nk)N3E@pOMVS{_s=T^@*PY-(Ee
zsb`<dQP1^2&z|Jy)u^>S)f%pHk7JfQRf|!|g`f}GdcJbV)22IiFy{^Rfz|v-f3(7*
z#90HW)Quu%3vm}LmtLQjlN@hn;47vMKXQe0CPogbSd5C579~1ZYB0K%TX4@SFQ?0-
zIZy;RD|nU_oao~0)1L*W2Xb=Ef{Fjn>u$4f_Yffp`=6fg72dvm+bQ+aVzFe)b(Ial
zh(Pz%$<pWB11ujG&sGziwN}<c!HjVoZog}I_o@z+D%i`%U`~)=`!@8RisNC)oBrF5
z@YSbSZNF0AZRyNb+}BPZO30A+C(nKk{SZzrLVxU-7glY5&1iC-&|0}!ikSZ9XDUYb
zGr!%fDdzJs3Q}p^J>8V7LJf~o=X~gF9y{IC+Rg%)m@-`E5<wo&ZJ)x?G;0!#Y0CTh
z-k#Q14x9eTxZMLr;eNAjCGa!D4lC^%rTyF$W0#!q!jL|*iJs`muZAJFDfsj|e2=@V
zJt>$hToUvRU8y~xZYNXYHd$Hs#;RyUF}~5(A2RYu?wsk_+q*aS?&19qZK#xV&2_3e
zOJ1RBU)Wet5S5f)({V{0EjdrtIbXIb;Kg!M<Uc(+&2oJz3j&R}rKzbeL5v{Kd>q!l
z7-QDYbU;;&d*^|oR+%Y7eqZULWT1?w;}R}o02RBQ2S1&dbLglXHRYrzI=@GabKHWX
z)e3<<sJYplipXl=*(;8z-{ZX=r4|!Yya&daw8Pn(=v$e8qOi-2{Z}W`<TPmBP_21C
zE*Cs_^C5_biP%Zqc`KHT3el8XX%jtijF{hBb{bphhdzrKU-st>GxiqAStvjZIKR`r
z54@Z0oi0&0DAH$%Q%zQ+l{X%9i@I5F|HiZS8SJ3UM%CP1hl>9!6do`q>iz(t_T%tJ
z#Qg3rI+aaDG6Z9K{GJpnc9}Sk>`^QqjJaN65#DE^HUf{$Jf%{zs4!`Jd^k6QM=$DV
zTuGnOSEuvJx*}OM2x9YX63QXNbKZC`d$3W*F)z3;EC)++4H>-UDeMqnu37ed<>-mF
z^|!0;hEvIpdcZKkG*i)&&38x74qmF{YBHxK?81yv&5~SsSVEHY?zyj365ZW=w!&!@
zu0>*zkzS!lRL9u^joq(yuI{t!={C@!m{l$`s4>?TQa+2`3T@%qDl1%&+mKrOlAzOc
zbSNrr)O9qe(?!Qm5a3A<pRt-~GYL!|*DRNAj6X~DsGKg-Y)g4LybU)lKH4$PczsS;
zZvW{wePoLQpHRa7Av5`_l-Y;dNeePNM0-XXiD;F_kv&xYm~oSOY>PB<u^F<~TQtsV
zO;Ge7cM-kZFYfSUE$$e%{c0>WK29pOY;ZfYI0}ET8ptv&kqoc5&DdFb7clL%{~f&`
zvG_>Gq4evjLtfE|??H3hGSw@xorEqvS=e>Hmgpp|qy3MVX9><L!UbX+H6=@3XR;0j
zdd91RgGuD7;M&j5Sw-uR4ocnub(;Y?{9=@aq$%u9vU>Nkhhr;91|PmsrFw58Y3t4D
zqd~#GuF0UYeCSt;@O4^p{xh;egHg-D9jPBWc5YZE{SQ?A`tYKYPFEMC)|p;9+nz!U
zS977+D;uh_g-0hRUB?^Bq7`FPQ3n}Ox@;gJ#M$#Bky{qx8rb!~qk%yz)yet1FT8=W
zZr~L_LIXzf(Z(Oa%z*ee@ybuhu>0~fWeaN7T}=A;=w3a7G+;PkK92jJn&Ny>ps+nM
z8Q5||Q~Ur_lR;uRs;TzNYxBY6=RSSX!bcK6m1FGw(;BAAm=P;vzmy%SRsvJ!06Ehh
zslZt7IZ&V<0<)J5f+ISBHsqzMAys*3DHwboNRtVd_hFQT<N757C56;_uY}IuuRd=W
z8n_>Rq`mWL@Gu#@`s_H~T(g!7l1mt318&)nm7H{}<5H~QTwJR8L|}BZn|*UQD)X6k
zV(R}z)>{X)-G0%7!QI`VP~5FpaVb_xfda)Hid%7ll;RErin}`$*Wy~-A-KCkWb=Oa
zx3fF5GnxFCnI!Xho_p^(=bqzhLhhYxuQQteCgc7eJP^2UshKm;rrqS$MA?2$?q1JR
zy1T6<-bAOGwRik?Ux^Rh$R(ZRHzVS-TXjDZCPy^fw6TTHmP=!FR(<yG6sxoPo|LLx
zjK8N8`F5NJZs;jHt}LYP{Oj{4In>c-*Aagawe7&XF#u1Y>;9I{j@-W{swgLt0)~Af
zJ$cyf><gTWkeTha_&GzhT)osq;xZ$<Aqk@SX@&%p0@kEMV!;x}8@y+UoI5gkj+e>B
zOA5euQ8)L?hYRrxfdU8BTXv+=>2TwzfNz|aqEF7V7eBh;7YU*dEXUx@m#{xw8c7$2
z*k5w#lB~urRrfPtao2t(5a(8P%I5PtUod;hqayC3pE%(g{Hp(+!#y~x4_^w?cRv7I
zEJRHBmtE%8cSG^xrneyOU&pLi4nN#iq{5Agt8Z%Y4i!+><Z2#`yhHYyY+2D3@UVYM
znD}nqCvZBExk9>|?2LhhcOCF;4XQo3(f)l$S3`sNINYnnuE^x-w3gp`qA}1}RrVEY
z-~}>AjQ#K=)Up&0pLp9RFmC@3gi160-a}-YJ}(Y^AR4}@(D{Z2RGh6fH@ml~`KWSn
zVdOS<WhQyN*5b@_m<tR}bQ+2|9>R}@Q|I-3*h#qLYdyf8BiDvf^-Om7ZCuIQb9d))
z>^H_X`xPfYWrj%(BG#&hG6!KZ@xKn^)F<qqRooHnRmHoWSHr3N_4~`x<oEwCHN9R_
zPPv)q)HO?WyvVP2h=m0QoGKn^STur>y|d@bGu8z`dZG5sFAMX-Qq>8LJ{RX*-~Dpn
zdr?b#sbsB3JF1qT-dPi?THPMsz@t92{e%;Qfse@-!DUVxvrCXDn9Zdas6eFsDH{EQ
zQUbfFj0^$E;HKXau_~d3TJsRO#ifyjs^GVRNM%Wb`SfMK%PtPg??vogWCq=j))^L$
zPVsJj#D8O@oNY?GeZ<curoe}=i;d8Ui7fSCRs<1!#<~@9b>ir3jkPJz#p!U!$J%F<
z&#n{r9rMe2Bhtbj+*EG0DEvdu6%;9{p~rrh=2IgB$Y+Kd`Cls^*aebi&`IC_py#RA
znhkUn9bBlz0Vyz3PP#gfbg10_4$__b#d)NMf$XjM*M8|C)XW6W20L(CAop(yTQdDu
z%U{}6JOQuv0qw|RI?mi|!lr+bBic3j%MLsd$X$b$IFS2{jD+Ni#VxR?SWoro)-(O{
z5MS1}8j)o+YP5>kYG@I?C>TV_>n2rC3Sb3``3A|4eW#8Ht*HcL2wq+j;mdh*YMiBF
zM!g-wwycg$e=nSCC@}cEJ`y*Nz{6fO@9BzhUU?>ZQcm*fZmEQqQ|;jP|8vNAFj3ud
z)P=8qP#7(UzKkxMXEGe^5m=E>x{+bwv}!+wEg~V~r=+JoowK?Bv;6H+7Ps6HF&J%l
zI~`tkSx{8=VfnqY7#2qv-OB@8Yyfx9flMkQF=oa4pKe>!ID1}@K3?e2gTpf_FPe9G
zEs%VOZsV?kDNS-SSD_7>SNq&zXUE9PW`vm}V9cs%(|y~04B+|u(secB9~|5M|9AoD
zRvCsZhN;mDG9j0!XC@s6N;45#49D6WPv=UZ^*|f=r+siRU{sW>V~;FLc{Px<!%_~q
ztwFQ5ea@y={Jh?&KLVX>cd3ek3y^(CP<x|k2m8aKmx-RAcDvgoGvLwked&CNNr6cG
zpeEZH!u56JIi;P6$jHb#^TBBs%46+)L%52=l$XCqR9xI%o+#k-dUtp`oUY;By$~UZ
zskAGKcSeSOkkUT8X$XtRXqR+Cit8^amLOfTL-*S<WUF%;dI3fx^O=~iEWcpWZYH6i
z2*Y-mn_eKmxGSOH1u}$)7<ddFcVXu}>#3sbYH>WM5<PpbaQW-<U@ABqZ%g8#by^Ze
z`1>81^c%RLVJM46i2HnUH^N77k(ds<uu)PWe!&R%;E>AUcr>!k@ps(}4?C`!Yhm^H
zGMlNj)p!UVr(*Kkd<|{oyNy7dzQKV)9MD@9<H?U3`PSi1oE1fgon_a#0S_o}wSCC3
z+1g@to&6H-0nbtHffin9y@I}_Q+p7o$XEJIew*x1??$ydR{M#$W;Zv05%<bBkr1sk
z;aqJ)bnybv9e{FBv)o~`Jw%6Ujp<2q?Pqj1eM`E~Y~Aw=`qW5M2^|~bp})TNjAY%X
zx<|b9VyUZRVOiwUicLcPnQ2}a4C@D1F0%^6hmZ>|-<Gj*jk;w5edlYiCM78b+``c|
zLx?JW*|Uw}gPHAm$7V3v<8w#lyM0W_1p1!8lz+a0c3NHCC@`mk#MF>!%fz9l{J(wz
zZ6y3$$l}0Yxq62RNdV?xgBfZ*raIEI5s)`Vs{K7>H^Kyh@#>-!_HMk>%fj2VZuqm=
z481Cu?%DDPN;88PKUEssK?toC7=?v#hhm_@)4-@$s&~N%NMUUcW=uhFnR-CZEhQn;
zOYoESrACd6(JRlihOT6H^k0>bEx;8&pi@Ow>Rr<{&YZMnaA%ZwFNdTgZA94VLZ$A=
z4+0zt^dncd?}&~3)@K+*nM<?9Qs06)(TlDo-!bN?QS?oyxViCL%<{f#0VpXcv4%z4
z?ZLAoP;L*WEuj5iwi-Y!W%DWD2Ke=|2cO^pd3Nq|ev}tZ$?q(Haai_rm#kHt!foQH
zG6p{Q%GgY@{ar;37|`hpcX!qx?X_QA6mYp!_NZ|@-zq>|*3al`{Gq+<&HRZm;4K=J
zcZZA)Y2bkqxuGvT%5K1NlbFcLS7}53-#H>cvJ*eCP!k1~vJ*p6!dd=p4E~>vZ7yUx
zS^`32q-gl>J-uM;pZfYJvm7`<ZyRD1-j>LkdUKw2J)j$R`*MA(@#=|==9tJ4AX69b
z8r;;{9g3UMrTId;&|B<^$J^+RYQYgqacuRCuxR*wSSi_q^iE;sGrPvpz_XF*J{4ZZ
zQ_eEKPmyACDwS}U;^m{wb{h1V=py%hd7>h9f=SRX5uWGUOsN(eVfMM&(+<$wA0nS^
ziJUUv50=xmIo;Ptf=ZQSQq$AVv<_Lw(rzk-obpn>=rSz0`71=vb1_VrR-$MhR3pL-
zS~d56p4rrl;F?})BFwr@s79cNu7y9yel<rV(|<TI9>-&Ud537f?p+XDVriM(9_>J2
z#aW%N+{2@n!?6Yp=_rjGJ1CWY3*b?GbyNH9XBpQdN7^>g<Pm{|^YdsJk6~|!<cUls
z*=?%4;+=qzoNMqfUPF)6yDc%$nGQ_`kBZ!9ZQ>t>J;)k0M!&{uFc|}M>}D}JUDenu
ztVYL1)zrgMmdU+cwu$8rk*ZemWaP*tELl0kSy|CZC&&P@6=Rsa7FzYBPk7IC9M3bs
zxxExC;S)3*GAerkt*v{ZhW4C?bBKoEj?geU6z}m7<Sp@S{6MI);AQ%NUR7C8gz8$b
z^hdX;iA@@6e}m9iKb$&`YxC!%zlaQcd!!N_-E_HI9BmGum3=C>|0-UF^32r{2org&
z3B|8=$aMbziRZJqCKT=J>Bu=D<4TPYxF2W2=i~E3T|tVszQM+Ga9wgLR7ZDqaF?-C
z`*Cj+UQg{P<5zI4_t&=-zDZ>LW(x{tH9Yfhl;V-og@`YH!~6JTGF2?$ha8Vrof18Z
z-uQ48b`$Fxs;{rhTVHg2$mN~*3vhg$__W?4)Bl%)(&sK8Xk1qF(pb5QKlbiyGzvpB
z468u|DmHIBxx5q;qt3v^jGVI}fjnI^nyFGP<^NtUwHDX%*Y&_WsUh{k!u%@23GQ?D
zh7uZe7~04V^I?>1U~S8AFx$i9l5N!e)WNYdv;ICcL|t_0Vx-^=_oX&pie^yvOMGN1
zjkfJGo1TcSS-{cO63;aaAwr}^joirS{nd-rRLO?t0-bYh&24SFCu9ZT4f`Se?|JSp
zNa@Gy_D>}GMX|B5D~1;*spH<{N946C4<`o)xKQuBGV?(d(8&qr@rVaCB_U?K3s}<U
z#<E7OMp9BJ!LD6sExoR(slW-lTm(8WIQaKii)DKVhwUl>Yo^6n>fwFn4+}`{>5>e*
z8_oaetZvy+6S3uVj34Q+;P?G9<ljI19EDolYt+{m3}9$3P~ocl7?qY}OonjknDOt9
z*;b8x0zQisA~QpK&mmsi6rwoohHlNykE)r2E6T%*cQvS52?Jr_Lw!)A72i+4b1@IC
zm{^McF7|NCa!KKpX^v-)CPi)0Y5d*Y?#-dXhj1#tiSBl~;fI|`x-#pfx|>fl8<dU#
zb&te=JLmsAp<0#hcv%8sa$+?cCTsV2tqWx++za+07FHVGaS$E`erhK=nUeeTte&^y
zrn!$!Go%h#Mt%KLw8lGq{A0Iw#`F^1{yEX*t_w?G-K7Wj;G0U=XGO&;D0ttYMtw{E
z&e1Zgq^m<C9YquGvJhG!Epg(sRiIxLMVoB1yFQOVYa)tw2qix7A<p-Jo*Gx;YL{u{
zzLRrPkBA8Z2ojY~E}YHF-B-)nQD0@u$&ml94Bu=oN#v50Aa<hrMHhZsDP`O``*7<P
zb@J74D3@9NO1w+c!lk!a)4aRK>yZ}TQlQ{@QOad5I%fDzWsAcFincI=`EcCZ4yY+P
z&|^+)3or#g55;6dPrC;OSnLbV{fl(QZ*GOU9{*m^e8%kA?#jf1Ty76GvTOb6T=3kw
zz&ZG1wW8-5FfB}5)xO&17o<UDc78D0tcvfeb=xH$=@|gKit?b4x_gH1x&3QqU8M8K
z2EHrXK~(P?j~>*0ma|B5Ie&N99PsvZxM|a9b5lhpSHs7T)!uA~Q#%WYUxRs=11ghW
z4m_6ZNj0RYnshl|CFwLAmsK#l{V4NLAFi>x?PN)v)kB6*>nf!%wcx^mc5bh0soB9T
zWx7SzglgOv!ib-&@9mG7HRyTkuBYhqG40;ZxFoiX&7(|*Kw?ZkG_y+xtK|MRFG6qG
zeV;*M+6rQL{L)eLvU?L<D_}i^>gDAHMja2T{fQaG<=QC>WNGT2L92F2SZnvhI@@g4
zGMF_dbF%+}d6L3|w252tsV$4`p-0z+2X*+mOs$nP5#wt+o%br0oF9+sV$OzFQaude
zsUsuU#7Dq##t*BXFz0WEX;V5ecMq&UP)fI`?b<*M_pxCJWNC$+!DB2ZKa15$l7WyW
zE8xu^TiJa=MrKHSso@G~e=u>S@b@PRPetzOlP^R7=@7oO<;Obbp++I@>8!(XGjbxA
z+ZXtN_OsC@Y*L{iRl<5g@9Oc<Mk7NlGM1W6;RN=y`}ykb&a$_TQ3;n3-J!ffsmXDT
zR9{#U$pFmDlpH&kSpHK@lC*@Q2Eb#|^Agj1it(F~(LKf*Jz^ZIx3ccGP4^CYt>Gad
zg&a?Vb`<DAa&XI8<GGJ~#cpqg8MjEvKC`x1g<fs%UH7^bw+VR3)A7Q~8B|ph<bE#V
zN@-~fDaByBx`*LbvV^y%W}Eh}#p*x(6!0=#Q#eL@?d-1Zof{=3{OtM$cE#2-9Ixh?
z_JfM+*2_4^@2Q^ikW$ApjAv~gk?NM;Z3aKGfvX?PP(Rvm{eph?Sc_(YL$qu(a(DU|
zO}f{%jCuYlHy8(Tb^i*;{$>p(lhptt#ec8)7c=WVQkol3vwD>!?5R>i6$%f%zqZ~Z
z%NxACwhz2Lv<i)#z+F6DNz);4vBg_oPlIgN#y@ntJjsSiLVDM~0v@jaT-mD_VpGE$
zMVa2m?#WbC>Ors8TJls1tt&(>Mn9<k)B;wSnzGR{cP}2#U{$opgD}t8qp9Ixb{XmH
zu_%fyA&B0o3evh9g1Q#gjvN*5*IxHttVBAXUit}XEPq<ea^v;QS0ySo+mZeqWV91y
zc4)@mp8q5H_Wf*1+UUd;EO|6w*4n=79GJPA3OJ7LHklandpKiLBbVYHzI%zNnh(U+
z{`M|`#M5f<5c_V&u!RFjJUe3zC5L6$wz|Y^IR8`rLg~|s<{VWGrox8UgfxB1GwttM
zEb$KgLTW^dg%?Y{^si}i5rsjvoQ$S_<(Z>>5&3%AnU9ED=lu-cV<1)%f)?9n60Y>x
zMJ}c8@aoDx88CMJ0hkMSKr;cIyLJQj<9yzl?Y<_}sP^%{ImgQ>stKN$HqLZs1KG7B
zp&ZS0G1CEnWOWG3+Z)=DS4nNW#a5eu((^RYc&XBNeGsE)CZGF!Ap56C=-9iHNNfY5
z3`32$T7>w60D?SQ&ctM=Hw4SXPmkEKSF5=^XnxLSfo}Ip!41;Fv1;EC6y5@3@oYkq
zO>CIedvkXgFoPZ3rY^^GgM(c5=GV&Np}Tua7@hx8-qxdywcRcAqU%ZFCNYNW6_C6K
z8t1|5CA{~Q%YBqG9i$d@Lx%4-4^EukxIN$R3`W<v4QhbDxZOWI{A7^pLA5_Un|$LM
z0%s0-Z>&_CLpsZ#a0{z_5onf#E8>@0sGK3^twydSQJ*#mJx-rsJe^bsTuy3Rl;0|3
z4@FDkHvSi(MM=MDiq}ej8Jp>6N1TzAh0p`>Ag5hV4)IX>c!HYxK3j0s9t*vl2zQ+9
zTvvf(QUfLS_c{%`&i5blDcIh3Ad30B$~^X5KUSx6XBN=IBrk1IOQkoId6-_6<XV*Z
z8I}R&LM$yZ6@7cl!mc$64j)%UlPI8jFP+eR;H~Crvjjs;l<_JP!#UhO#Jk^o4WeQG
z7cl@ZuP%5t@l85-EYkzFPXSY#a`zT=V3%sS!w2Aegrya5r+@74e>c%)=(ghF^r9wt
zMs3wvD9o>tx4&fVEI;?STS`R)W2+qYbdR(eU}bpi8%ogPZUY3`o*qo%QNmSn+%y}^
z61^^a>rDdZBj$8~+6l7{_UKw82!m$e<5x{7+qFO0Lr-#Qd&oBxx*7n0)7BrH?-%RF
zd6Z+9FQI1OnRC}G98f2q^GQ7C8+*ic>6gQne8r9_N=W=79j!?lAoUdM*1hdM+=<9K
zs5w-Cb|5Mw+r7k=H8jYAOA;0pwzb?6O7mSyqi7EzXLT$VcytOWpUHWn2ZZ+p8;$v7
z{{IG)x-ib5d^J+>5P`!`5|zbxo31VDini79MJ_UL$f!Vi<9(K*HVU$Wx_=Abvi@(o
z0nOeFKeIZIOA`GAT`Chi^4V_gaV4~jtr}et6)L+LB)V=A>>lc07n;WwkR0}h%A*MW
z`5AU8gsuZ8DYR`@Hnop%4CVAv<*t+)Ya^aY3Zt_t>@tBN6ivq3`llg(EN^|}Otbx$
zL*Fu`!k{;pF7^B&k>}ZYSw4397#}6news`TkB4+p>arsJ%@l9&&#W1gn_m56s>aGA
z)WX9`uxPxP1%y9C3-jNF!en9z4DFbCV9i&8PseJUMUqR%$|r?^%_aP@iT%bsB;$GZ
zFp{*sVJ}xb<tr+HF=~*m^3mZ>;qH7&R)+*#S2S;e<aw{HNuA)1f%w$W*7-S)%S|Ly
z9KwWG4`1KDkmntT2@R|hcqeE<m+HapxLBo6X@|+5*NWI_xGn+Gmlw$?2ps&K3ts^+
zJG_M}ienK#srF=(7@&Jk7E7M8iyV839b}}ymErVe@APhfvGyjG#9QLbB-~)LdQ(G6
zjUxKww6O9z{a0Rg1ZF3Z{OiOs2MgR=sc$$3`o{&yvml0$f7JM`Ush%mn{DsNGkTew
zB@$1SnKo;{#%q7<@#wZ?+1ePx@&4ulYsR$*4!BeEHb+c!Kv9RI*9mt__+*bJ!EMnj
z>1pnLZa?s9sCweUesrYWYC9Pd&J=KGpNYC3G@UR$b>(#B8MItHJ;Eq|;!^x5^~r54
zSifen++|h=VgLS%gEzf-v=a@4S)tapqX$(iR=l4J?WXADyrNkQ=vQOa`TEp4siq#B
zo?yzWU|QX!q@V+P+n9g`%qm52+o3XKTDM2$C}jW%z3}BAb2?(zEco}f#)u}1<7!MN
z`zU)dbBZBseZOj19{eFmN=Jd}%AnCZ(2r=C*fxW%uhyDuV7l+>u@Kfbj+$|~iu?Sf
zx$W_+?|p>a!H3lec9Xwk6OLzkB*-^njo(vS#SX}vuR0ZfX_!Yvp||4<bSpU6?k5n$
zbO@XV$}!iff`1v6L%9n}KwG(WWr`*2=DEnbTZ8tjr(bC`9x$WnQl5@#rTVqFGE<Ud
zuMb}70tdnn4L&F<hi#jv$|#)J-MgCD^s2BL6iarhY5Yu{Ghm?7`eP@G_y@mNVT!;#
z83x)SAZEPlnJ>koXOqB>nXKxYsw8+|)Y1_a4N5Ck)hWB($K<uH(m)@A_a3)sGIn$P
z=vj8CCBh+4^gT~38QPOLq$<`d@(6ySLi+7d9OUDSp!Xr4V<wRQ$-500wRWCaV0?&~
zIMsjiO6XPc>*3RwJm8rSDWg5Q!wdJq>GdPw#OacC!OX}2_V1XjP!I`~cUb%T;C2%6
z;&a^!;G=awUv)X))3#e`y{GlAvN6Dz2?*H+Rt(Y2%9+~&{4_pgWn^=ZW(q;UeAE={
zQ&-=l>0Wdzr1*NHU#5GWa3i{av@l%4zW!07stwmdiSdn1L6nTnhZ}?MZ&BMYxd;qn
zx!LxZE&5fW1N$#-Z?sZw(r)b{d&lU~(>31_$Um1JY^BwQaS3L(ra@?k{++BNvITv%
zgYkJ)q2Kp>MN+il%%G;g&|si|LB~@(Q8~z*7g}Y{eA0j~$i{`weDzutQpUe(Zh5Xz
z#p~sJ`bCerI%E=}=qbs_Y_6oOl`a-*jF5)oY4%&rPLB0ax+(YwIk~u&-)HRO;@}`@
zX=z<uUn5XaQIUS6ucb>vpH?vh?C0{jCPitAiHf4gx`2yaS5b!P{QS(og%TWrPz?AM
zB<oaMcrtPj8J^mQ4?mPxk%F_jDtv?6!g!%djEsjVqsiL0qB+LLsm^s;qC6%$TgD#z
z>v&N=W``8ff87AERJQ}*gD4V~&4uNeVdoUj&p)VM@eZHrnz?c)m4?XO_%xLzGEOKx
z#Hod=#Vgx&;ZxxbfXCPt?!SmQ^M+tg7qhdHF;n{&SW|<@Y$~O?3V7A@(t7ipDNLlV
z$jp2-m2wHUcPFE;yLyz*s*KE<eNLWz#><7dC(aV?fGGICrODQ{HhOtx4P#!06&;n<
zdG)DTQV}nbc>9`vJeK&D^eso_cFEfi$UF2*Hwk<OYpsFfPvghtte}-m5S6=Wt9Xn+
zWVEy?v|8(Giho=H3a@cS-oC{)2?tu35c#g*NmoX6`WUzK3gB@n3v`kU$nwa5ea?pC
z<(jEVw9yUw%l;zo;K)A|sh73~tE~`;QgMj+>=%ISgd6d2Dy_vK1({=pj-<!~%0p0s
z?iA$<W;hs0EL5x<$}LSy#3!W0Bt19)8C6rJOucZwT{xlw702JB{e3DlDBY*(ZA0k9
z{O=Q$xPON$yL;fHVIDjX>JCz93H~?ys<k%9b9RrGeYn-kA+yx}If1u&gOXu{NeaL-
zD;KyFujEmUmJ_!Uj_H`#Rf#=iFgg=#<>~ca1T#?TyB6V@wGGCc-#aZDZd~+O>(gl~
zmyIe~TBkoPga=#5H(whL8<==DA`px%twK084Dp7X%kIcP!HcY&Mh%Cs=tsjJjc=HF
z0;;yw3h!gBa+}e1IX~%t_GMmII^Y}UXP$^c<)ch4tQ*bzcoG1CUrgyP-=r*+|C01%
zkKjDrU{#~p&o{`_8VBU5F4b^)AI8zt1-yQ_XBxcNoS8*0@$&c_Tv(%2)CW0I;}u{-
z!P%JX>-+qa^Cn?w%>A13CK};0Pu*o#KP*jl#!cqHzD#csxkB73l$4Cx4|Qoiy))&2
z<)A)n!?1T&`>7-PV*o<Dd2T4h1x(wWA0@deQ2*17Ju4GOUfou%xv0l^&kq076E`jg
zMj%q}IN*vM1G4^a=$$qaY7m+9_^;}Od{vRQCr}>}Io}S|N+}zv+xbc(+Lx-QjAD3u
zDUlF4L}t7Atv85=ftguR7*?Uvv;C$U3mFZKaamPlpE0uzfEdlutJ+oWgW^r{T{2!p
z=U-Mh4bx7D+x#4Q-Jg0CEG!N%z-Kaj*xaH3R7~1vebN9;yL3nN#<@Jho2(?E3tGaF
zU}$zZR2UhEedD%&wd;Nn&PDDhyrI#Lr{+n@Bjz(dq`Uk>JXU*=1J_U|xHStOEYxhH
z<szRPyBE0bh4B&1&I#Q3Axz4MfOvtZPjgS$aTOg6&r$$qPrJ!4v-?xqX&R^U{JjN!
ztJ5zgpVUW1>F1L7dds^=l?;2JugaZCnPJhSjW`2M^MbA4&)LsbIx-zGXW724vQj^v
zyIB9pckK9XdsE79fGp{KMenfsR9f-1yH75YL+Q&mCsQ%qdztS=PMnZT+kzQH^#@N{
zAp*6DACgTr+t?rE=iaWfIrc1rE%bVEM4rQWe`-E!dzCt~)J?u`muhv89FPc<H%{Hn
zlqZ(9#`$Op)z#0F7~9&;<ePB79HjgDM>=${5^hV&*C<9jtv;BLYuFZ*y1Y~Ag7yg?
zz{7vNyJoDX-4=FW>U6#}SZP7uB5V@-qk-EAz4e9ck2)O|#prCT$vsXEB>FH<f9$Ns
z)#S{tIUzgRa3Xmao2j${@LtkUEX1VcQ7>Vg`3+wSK`2#QCab|mW_!JYs$4d$5(a?}
zR^D+3%&2&@^l`Htx#ZDb)!t7?lV%l<O>E*&#uv{$ILqv%Zs522{C4P)q?=H5kIU9y
z*Fx?=cFL(i)LhZ7!tq3_{u~V40~n`@<Ag?4OIbXJ#zS%AaV;NB5Yy&qp0EVgeuniQ
zi)IU@4~X<eVMYL5Fq~?hNnf4CIO119QhRvT-xCpQYQUdE2czFkyp)Sy>DJxfDd8)l
zQs=H~Qx`8xpQa&s6BK4V`X%=^cLSo7y}c<Y5>S=LKCcEAzoeljd(L^x23l&lOW*!#
z6Y$n?xE1A(z;HJaO-Ok3Bhq2Ur=v4YEgV%cx~tU&o&ajc$E8wv6?86mk=Y5wDcYHk
zYmAJc%D;a7h>p||wG}*}W6efk@=r}fOw@gp)$S#*yqz^nNV6QuEJ(?Hu}Q}8qj0Ak
z4fysQ4F`~FkSr-(LOmLmvsu>HKlElk@MaF^znP0L<r#LJ{W6_Bsini8Uf8DF!xJc5
zM;1Ik^MkuP^vH<myUP9W_^c<ixVx|06e`gQgwgVlZo=|-8tgqSACWtMOFCAt$4OYe
zsW*Ck;8Y86l2?m^d#WPYfQO2%?bnz2p13HvMz<PmoR3!3|IyWd;DNZ-GeO4@Lh~>X
zPe*B%d+4Aqs+bA*@LbPOIt%Dq5ieEK<MPc!#$o9;H$>H7YU$Xw+E<M5F|m^dwTJV4
z%$89<xT~rQCFb`sO~$XVwz(vq4k5kH0UbQLHI&YZHu}&z)u-=Ql&;!2;PyQ-q)yuR
z{-_*j)IXZEw?83`O8I+`xwte~-`76hix`T*cr_aKga~qbMiDyEJ&b#nl-R#4mOh4p
zjxg<DpTvNl#bDdFCf|56<|MCQ-AMkDXH0z)zca8lPTJWAJm5$@Axlu9LoyFc4&PO4
zPMT0Oj!9d7S7-$8;c{oA@huMz#+}CZ!z&uQV-F$Zw(Xrwu9;f9cfwx(!955L+qHVX
z0s@@zmt*hLE}opn>32Q?Zs+1>pKB}V6T=0f_ffA1t;{z6$SH+rkvI#oz^I{=kIlYK
zXI+F4&0v(7Kz$i3*1EFcT(iGF<u*7~(bITLLQKBYXgfx{7L;!hY{h8@_uRo9Ux)uU
zG*(;O;DG+4t@xmV&?AAey{!nLkaVnR=da_v=fu*dc<14<I>9}Ai*zZ7ohjYGlsLMb
z($eu)tt^u>o{4+33f-mW7Cq|=n3c5B5Ob<YP#X8?aOcPNkLN4M-+V<H?hgaU8<z41
z?B*c>l)9mtu@&{8$wS2L%UdrUWzOq=*LRYWd9tEZs4)e9XOxfo*OOR2qj|^54e{3(
zM;haFZ9|y*8HD*CKhSer+|>taFmrF&gC?UopLj#6dv0&+AOTRN>fY6f6cqJUZ^R3R
zf2wCGH9Z^)xq75Gb259Qtq;~QB}TiuM5gm2&hyE(UCxW0DE`oAGEV4JwzMAj@0$g^
zG9fJjC6CAYAKjiP_@G?f9aAq;VcvS|-+EcIeFW@l8JG}fck-gHC*3#oV$${#Q|R8m
z-uU-u_SY<M<>&T%3IsKJr2Bk$fm8^>O79)>3R`fJBc%;{j3Sg03hCeQC9BI?^S^Rh
zH@J2%(lc!r<7eDgHU%o16=e1Y0&gl(?@WwQjh_GiweS;C7|z8T5)v=e+TG!}{I)`c
z290DjA*bcKL@wzpDIl)(bk5`~mthk+TrE2Fkz;Pu&M{8SUeCZlfG7d-f^jCkI(s6%
z4!BBMvNcAqB4O86_(Ybm?BAzW(OGQ0c>(tX#gAc$oJ$}mW$J)G13Fn_vZAMFM3nau
zMtN57a6m=DQgVXY@{Y>*oC<(;k!}FLckEX$Vp;Pd0PZ!~#h9G#_6O;RJy&k&hZ>cU
z`P848vT{IiKzRla)Aglr8D>D{qN!O&tz?i8O9R>PTMUxT2r?14OClf~mv%%el7wJg
z2SLVo?*a;WFY&%dDJeePQza9NQ<!H?3uJP3`QjpEzZl}I6qiJN4}QiH2{>VDa+*WU
zp^u({uaf1%wbMz0+uPeC$b6b4%$p!hlyBF>HbG0OMc0ze2V|*x#fhSQsKE-x>IMuQ
zDS5zEX|Z;<NOl~bls`S6yA)&WqJ)Ex;%Vd$*p9cT9j|m8XG0d0OSdkwMW?`ErOv+Q
z%U6AT9&_D7LGvIYN9y+yz$hE5rJCK6;Mio2&XEt{jsin{;}dGi{-K)?%z1f>%s$56
zl}fQ97M9+)3?d<NS~yP`#7u_~&23r2@>G%1C*Rq33j*7<w)$kt2YxNO;IkvOcuT+G
zl=0^L);wq<tY?uwIb{bi0%H()Wq#znQt}|O<wSI*gcZAX&6z$c+?uO)2)#&eYJf1*
zg))8v0Xa!UNwL5^8W}&c{p`N`h3+?9)!=gD)Pw@yOOyvf?blj1bQj-nt7If^*Mqvl
z(R!ByaY2koP8IXRoh_V-$Be#^3$PGQj`0Rp94c;IL9eRnE5oZs9+NTlKZb|ut6SKI
zoxykQfEaH`t%-HP^JtIGAOUEYbY*fP5hY3#{MvafWnMRCosjSHziCiL<k&e7AZCtQ
z*<o-f{S;Q6)Q>J<>%h&~+oh(_59Kk+BV}1sfT`TGpn5A9Zw6bF+e9gtgXCYt=@Vw6
z=jBC&8e^Gqoc^Od@g6i8wYD#_SVq*mQ8jAMLld-4(=$HNa(9z9gBN^1qAsCc@+YEa
zQTQmd^Dzidf57%uHuD<T8GpH*15(B;qyOSIzG5euteZS7G3!p57)rwU<Yu{<y2)T(
zstxSqG&(fd!FhlaKp<2vVd>N{;r{2PkgzQQ;UR70e&Blt^x7mN7PYL2gAb$1qv!{e
z<$VbYCF<fwkJrPT=k1>M+siYINnp6FF<jVjt)Z?**f9hN?Lm1*-G$cNkqZog+YDBw
zfAM+4*K0qzLkBugKYpxf4M4-A?)?iV`M-1-4pN=nmN<vjC5R}u8Eus#W&6!rnPo2K
z{G1!URQcb(-js3xFI9U0+sUs!f6*YB_1_*Y+fh4Oj7W6Lm!}V%Yp-}`yXKU1_9=FQ
z5m!OXq$~$6U^DCjuj1Xp|IKXi-cSy&AZZDy4o?6A7_I1%Wi#+M@G@P9AOb`0tRnyT
zs@?g~T1NMe<A0oaWMS}OskG5SkIGuDJj~xo!*NSun~GjB4Kwf_bi|{YC!39m{q+4N
zK9`)zxe<z_-{Cc#i>hq<kSSgt=$Qe#aT{3bNA_l$p&K>CKPNja$b;-Wx@*Qr&6P|C
zVUn;n#KIGThh+^7tBOXE&~W<Xj1d7!x$yA4YALuvX>@n&7H11^0H`gX1d3tPh3^_#
zJs7E<;+>q*wN*>8qIk0fz*uRd2JqB!0k!>xz&zn2F&Jq}?yDz?_i;nu#A#6_H=uU(
zQt0O@Nfy1N5Y12U_XIxr$Z>}+)e`=5ZIW1D8y*R>+A;&45)cOgwQ}!5x0e`~23LZ~
zn|=js;!-Cr#4I;=>t#R!^5XAbNf$PHH#UFMNUwPABQV)~SaR-m(4rE1Gfvs2qvX`v
zm-#uUYxdsj?MtQc2Ac1~N%3r2MusS@wW}$pCav{j%X4iH=xRH(;;Ga7XP^-F$>P0@
zU(}sCSv)eLHfdXHtH{$ci&-`oj}?jH@0seezO6|_^Eu=GD@OwKy`;sH%P**kEpC><
zSn*1I3w7Aah<ws2Q`n5(rJnM`u|y0g<jjXS$ieYVF!o8Q#$-lqE?v}Flf1zMuI+^D
z&#OU;IumB5g>GsGsWye%1BD)4V?1nX9$Ms=(;-Jaof!W9hmUXfRRFauM<%hq17~xz
zWd(bKQQkHqr6deH*d9=o1Q!6j5~JX<8My6x_SHDg3f1LFyyxzax~Y{Fij0g5uWwVG
z&+F?YFeo`W+4pnx<G|hhMMpn#$)db(9O%;QJz3@B&JAYk=i1i1Th}161=SKALL&3T
zHVzu~V!dD?e!s+V>3{u@JU|mf`%SoSNhrMja0VZhdNDd5&FP773EH1hv_3O^CFZzX
zAnWCzLHG&*u2yR*7gp5pRu~|Wb|c8xtZ{E97wHQ$aR^L*V5T01`4|!^z4M5wNUcS~
zikI(QO;wr}oIPTcUP8e=R5a@AXt~-{!2kmAzC*Di@rvl4UlKHGV&G1BvT|UPg>kB_
z{9kU$dgK}QG4gXb2rW*1@MU*Pb-{0woKdV(aKriZ24j92ckkynA0lHD2cqA#G7<2<
z^Resk6@L60_z$dQru973P2)l}*%Cps1@e8CAewB$CR5_;3D1?fnq+7LcO7!e+=^J+
zlJX%xz<8Ayr4ZIn?!gIR<Joy6Hvb0YEvEIi1b#M@DLrNc4(=yzt&UQ(#}WZ#y)<a7
zIL&ticW`p-#bLp{yWs;f6I;Ij-o@YqI|*x$b0gII2s>cnY+X*zCQ^*siwh%VL~5U4
zS_B7;AFWs+|IQ$iM%D$=L`=x(>S@Q~9R?+vu-w70Yz}*HDEO_hGS!xmENA0)rlv0Y
zqP2}i!MVEed}qeEpauUEP3vx6z9%t5{p&Dxx<@@RKiN>{cZ~+3L1<`tUA{S}EG2@6
zE84nAxvMf4*ZC%(>unPq*ArSJfMRFheZ#;b6BWXt?8hn+G=ZMk2abiFpVH(BbU`1V
ze_rza;%8@hyF&|CTastY7tyP<iS6}!%=CPQL?RgDJ#vMy3@_P6Fr$iQr>|1?eXygn
z8_~8N6gJ7zpDAG<63bx~V54+`I{)}V5i?BE47REilup>jWd5iIVry;lMJB^h`{%%Z
z&%@uSQliVl8E8V1mdqjrDcz4DiV;mvD>HtnuT`uc*cnDBu;XLEr%Avu&mVwKHXQSw
z(6^hWTg~n)4r_nH$jaN}{>M6WEkmwqdt@6s*eY7B#&zl4>qI32@6fF$35VEpn0(n8
zqZzYVS-f86+2B^zTj{wlkF#Y8{eDT)7J?Cpw*6cnc_w@O^!XTqaT5lg<rRG_(V?Za
z{dy}#Rk~^#cYen3ej7<ft#@}{P9z$KBF>Dz)XTdn>|C60lVj_R5cab*A9ed@1$eU6
zZ4zUm&{^{;Zluzn8}Ij%HMIjc6!^D&OXFLrNgBE&aGZ^2^4#fS3qxiY&z?z30{B_v
zzkvm@8y0qeyr3Sm*4D;|ZqJ|m3YRgsAW*aq)GTEUj>OsH3O=sFx?H3+s4qW_60HK?
z|3cXi51{6DPUT;Ag&d2)bi`m<1u)9<4(anL*{v6wS#(=bkiARU5r(+6hIy5v(5mOq
zgOhn?tmoG8UtB4$kW;$+Fr4u+H*yD>!Ka6#_&u(O2lw~HL(OHwbWTyM+`_m^8pQ`D
z<&Yg$9e62VH=sMk`*|HMm;oGqgo*TWloDdPfqneO3?=-n;!oLU>fGaaKSo%MIznXF
zdR4DqmA0SQoGKAOZ*Aqsg3@YEhs`0Uh*vKGE;d6ho-CY{C6E9`L+aa(U(G-0q#TFA
zepf-)-<pwz%!8Irh+0gi7s4s6)cjir=F5*J`lXD!vG^Ov-4=*W8UkyLf4&5~*RUa9
zk^?-E4!m>_Lg3OtI`o9MhfuKlduq|DHd5BKFVxmHHh3mDR70F!BL0rjk=$bs#S<MA
zoVY4@_B81F)UjD0zhj)+?qK}=DzwiTW4hAO&yaYIfN{0td5qx8Cw<z2#pklueXu$*
z0>|FBj6}eTKnwKWvXf5Lv*1eKG@Anox&iC{lz`uU0wfNqe><IOs`|5Ah)j2dAY-{3
zgyproi_TaDu$wPe*V$WXDfT#YbcW~9B{-f|PLo&U;UOmumjn}&v_=bR!xa&5F?wjO
zoAe~?cAAt`s{|WgYpF<?XhjZozocUuN~N!i-+GTuw(0JUj87STAb>eX0WiK<o#NoF
zDkvqJO;~M6X2HAM2=<s6HPL;<G&T7Mc+xafw!Ze&0vKbIQ}BY8Ae7k!PF5`GSKlp2
zxgUeu9x9z|ox26shw#ph`RSG^QAj@pc{2z~VH*#9vC7{p+nT}7s8(r+X)R44C5eK`
z(F-3TGOc%2MRBldEL0eSH1iQX&ZC$;9Z-fM;7vcjVnklAbZl~$Aub%~D*ZRjh?LaM
z5l%(A@D&}K#0NoS0bVXBD!(?E&rdQ`q;YxWZh`$nKh$tyj;pB#|D#$04dpmeo*@#$
zH4JI&MwIMJ&e+0JHKspHtOp%_l#r5wA{@f@_5fcE14W6XQidm6NSmI(95-VJmjcdg
zDT+kAnj_!6pGq(F#jfMiWh&_b#+`xYS5a6vB)XH}fjothZzH38#1ZejxuIROv{~YV
zvr#}>##puC1V*BC^Ir}8Ul#vaO%Pk!HGZ*Dj*Jf8J7Tp|iTL4yj4p-KUKllAS;|X_
z-pUD;g8?!zo40j*`LnWCNZ$d%NYZa&{X!qbcl8@O)(&N!+IoE88sFoA0Ml=~Wh8(%
z)}SOL@8&E|%ow$anLBgN24|G=v3*)|`lia&gpDyiPS>E+tVsDW`7;$EDdT|~GER6#
zXsX>vi%P2Erx=V%0ns<;h>P)|aQ^>$Ewm60)Zf=~<82(G<;gK)QpGJJ522&(a5G90
zqQ@lvoN%s}DNSrvbKm}5N@C)P;LWy>3y;#Njwg!NUKxX`%~M$-YNLV%*JNV6;+j`O
zyL5@@iHa>z6Ai7+iL+qcrHY$7^uT1-j=Y#`j?Taw1e=5JA!JXq^oNUk0fN)4oFCBW
zAV`y?(1CvU*HI1F_PK_)e{9C5$!dpt?;Mk*M>HOdrROy7P{`$ErrB2a`_2yw%^JCQ
zy^Sg)-+LU62{C%@;jtU0=HC!KR>jp~-zW2@^h5vlnYm%ZL$v)*nkc+^74)P_C0t#v
z@o8u#g^3ZJHh!q4H6d|}_HuA>(fkY$N^eljs<ih>e{aK$)#0{}32yQ)XEHv<*)rAm
zs1lCBC~Qlt+wl>F{K|6?RhJLdyST)%w{;u%ZN%ARiqM)9KPWM6iUH}Wf{4;C1^Mck
zDpiK+c&`kezmq_XaH&xZh3`Ood~=vGm76jJd;+JXxBO9~EoXS+xH-ox**2Uu{kIJV
zmRz)bW1k89Dk>)PcrBn$+xASilv{IaQha`RbIK2V`>;6_AZ6jW2K(z^3w_3CwJ?i4
zzzOGDG&X-~cfSJ!;&q}d7<d81EE@uT^5*WUXp6!2_akb<Fs?oqNF}w=uktJ^$h=1T
zg7rHs*_M}=>yQkSnN?m%n~f%<%bkPL^jg|${_D=`NpCL>UxDU9y6}GfQtcHN&XLkf
z@?$@6Wfji^t^a?)Ayhaq9wO|4;C<X4$O+dW0(iQiYS_kjxo;z)EdmQaJD2zByI~u_
zZ{V@NOQ4Zz7D}tmwO%a$jq&=cFmawE8j#Lv8FAB{E1H)$N1a?_jNle%sy&A9sa3RY
zEkqBfTOehg1FmzHO3_VNoS49-cI~z`H=n?5KU=RSf~VW`WhR}bF8{Wf%0l68_4>fg
z$44+JF~p}z>On_GhsUA2cTV+tmh9*2ZooTU0q#Na&I={1ExaAy>zRuG^Tie$=4M=k
zMU1ktpT%_>0Vaq16Fqy{RbSxH)^i*9-J4m{P0dMXYCm^IJ!lT#69@XU5M?IGC-T#l
zmy4dAKUddA)L#g}s6?^w*W3JDs@12Twt1|5MnwfXxL55ia7}c~BKV4NWz>IpXHazn
zODT?828K7$<I*Qv7Wcte%ns6r*1y9U&8jGc8k7e9I|6q*M<?r5-TjfZ9A@0<&CNE^
z-;c>&xWeO>uR$vl@@vplxde6u7Ypc!;C<=rYqgtG6!A6%=5YMEuR+`FQruy#Zgj{Q
z0IlJ>S-v0GXrrg9jhB9Dg&brOfD9U$14o#7ljSWNTsKx1Tn;Aes&)4M^l4FOhzO6F
ze_)4qzKCww`e~CjGHS@9-sT)!n(i}-RoKPnUeW@Au~J}c&hsz@V%L=uD2yM@w^X}5
zx>5Q2tbh_ZRH+XPC($TD*1wCh>mr!r7=db6jOZerXm2i%%arW8azm=PQWLuNeGc5o
zCA@<cJyaOsmsbMHA$khGumb*P)*o4hwd}J41)SO^^bRjd8zSfkRLIO^I*50yDDd^2
zpRH<+&>ie6LZpeR4gb7NUgXN1F*9p(!7PJ+a+P+n|HC9ijsCmBo+F#bUN<l%V)6}r
zlo?v+pO)$H-4BZlo7mMbdR28k;L^51lgWZ~aTN~86-qQlk>BvGCnh72vj;$561FOb
z^<3=P{SPB#oCeMmuuTR`{h;BS=;XjG3qK#rz!yB{p3gyKwc@3f>$iu;p4q^CtI+Hv
z2CsbpPn*a+uV@fiak)tkLWB1`ig<@ZLb1qYGE1L}DJ)O~2+a~nf5rjSI;0-;1BTQE
zNrie<u|Jtt>27^A-^B~|jaZS-w6pD&$*x8@mu!0`D*nO`8+C*lz>E3+=JYt7&b*CJ
z!ClYuCnW#wc7va~2++iB3RjHiOl<G>m+<`+o(?LHw(!m6a(jaZ5%uDvtO6#0KKkIV
z#Bfg7>!WTP)Byi{S{XH9nB@LR%Mf7v--(C6-+%buj)sB|lo<ZM7&oy#Li7DqhBREe
zUXZ;>7GIFkOqQPCP4jejM*?{2!K>hQ#LlMFQra4<(6p9l8tl_EyeZ)oG`0Eh{YMmx
zs~yihkJPzbUth6*{Ejbb)+Kxx^|*}P&tKn1F1~)LUXzAFbL*bOy%5c=@uCIE6PvBM
z3(#>B##Hay5sTc|#d!erSvT&_@Wg^tEy(H)<||}$|I;kchr(ljw?m|g=?Mq>|JCCl
zP_lk=AuBIyMe0OXkh1+JJz8!DwZ%yI*B#*Zy~FG;>T;coNH9DQOwV>k)-+hZ)rBET
z#5Kz%(GYHIh!;Hakx{sfLHSeAJNWtQbi2j8N}A3liK1#0`iAj+K3DOFtRR1Vina~F
zn`A24d7(n+4z{QDg(6rTW*83$_7`E)5~#bi!~UZK>6>jsOiy)JnzQ**L1_FQh`aO)
zH*9`nodQEA<7S&e&>J1@_Z6{E&m7IHo+<l$v(G?;z&`MTkME-Tr)gc-dy_aQ%{y4@
zPyScL)TS-+43>_Vj4?IhPuJzweE5Ol0RGSLq&3V!9R6uk^%0Ko-r|(LAm>kZ7N17W
zk-3OCPnF1sV&VPCq_2mvJCcE+<S2QuwWOvAl|-?+dVZ${my4n)FJHO7s7Oe;&qD!x
z9gg7A<c5YxQ87Yc_T;ccgODg0v_{}#VmbRY?-x4Smhgy6^Cwk@@4WT=+1X26;`HN7
z9y`XCS8gF5miA&TNAF|3>oIz=$UDoxrMf~Z&I2ezQtdGZFz(3EyjEUs_+ZDBhe;g@
zeeD1S{nPq=#+?#}Wa!}tpZSupPq?K3G&xHn^VDO{O^6-r_kI24{ON0c(ss8FUpkg}
z_(3<*xqJd~67erO@H49mIYy!{-o(A`QhzITMF$qgQt^+m{-7Jk5cdTPzGsliNUM5W
zpk&rvhhVutTJlHGzoDrQCHp86eZcHMN=pmiOcXE81mDqZ!cq}CJp!PeH0@J8cg=kt
zs|-Z>922v=E>ZjL?RDEmk}8Xf-_FbB={A2`=v!IA7)y0Wc6S%h`Ax=S+~1FK3+fAf
zt>C?ZADWeur&>T~nSvu~ys10E&EY^+g$GoAKY7j*n!E;nR0nvo*}*xVOh$uC@wo#5
z2wL8;r-|k7*g!A<m&>4xUmbeZXEgNr!mye02g<rBb`z)EVtn@joGFh+1nJD*0$pFR
z=1k^yHC+EIuTWEf_wk~^Gin`mZ?p<$)pcnr0RBT@F6XCWfj3}}1s1qKd6BLa4F6p|
zf!Fuy@Pz8OCH?hl3_I4gPtM_k(x%>3OcFfU#!1+s>w9D%g<m|~uvQ!qz0AhXg-M^c
z$NrWkq~rvc=IpFKeKEa;pW;~^pxa5hkRP`}M@eg6C~B{}q4;$4>B4Kk(QGl6YP<U|
z?s9j4y>SDH9VKo;lv*Hy(uGwm)i?&p6DJYvU{``X8;UL4<n%s|6CA_~1V+(C)j)I&
zQUCA7K@DtU=b0W#AqbQU1Lun~BN}PSJZ@eM-rp`6B!%K&xWM#hR4RL4V`<{m_!vpT
z@86$~3W&Xe$k;5m0tM$<{oCZ<1qKH427-|V9nCP{K6AXjcdXtw@_8+A6Lef||7ifD
z;3Y9F?bHMh;U~4TO`k)WC-5y#It4spmgle6ma>Lo)Ew!L+@5f(0*8QK<s6`jy4&)W
zmC`Rp{?Ot+z?GY2MWjNqMOzy<kp8nzw3Ho|(}#2F>=aZvpj4Tr0)%~v_fH3aI_Xt9
zYpI3ATWlqyhIlP&N0jvqX$ja<r4ZVWNl%1C#Jp4P=h5Q4_4AU9>y!4qL9t43KsD*7
ze07sLPLr@y65ks-@1|WFh5a$Bi+}Y*{4{|h1?J}FW;aFG|KQdKPa>y+S`H4>6FEZJ
znqMjpryWCw0avqArU!7r>f{TaC40cn-eN{6U~SE&p*rUY7KjA$#Nfnf_pmZ{pDA64
z7pCPX>L{255<}?hekFKEHZHxlA?|XPMklnIYalJ-;G&s*_jm~3zIbXn$Ns**kwFgM
z()znV13Y9VY}iT-Q`q9M)_&~ki#I!nIc__c5ei;f+x<suK=%uBuUcfQ`&#jq$la1T
zaeZ(wfPVj2?%+`Beugtu=lPrMCKt^|HD?@HcM>;1=U5C;;ww4`Uq5JRBH7gP8v?an
z|M=u-Gh7b|zXF23=5kt3eu&2kzs1_p$>=6-sV;^?Nb@~<q!-h8(&2}iJ)e6Rw8BWf
z1|t5dG3FFIn_zBj(GpMp#1fPy3t>a}kg?Jc>bT!t<v5BSq7s=BV$=GuRTASz5pI(9
z3pjOTdcV-VP!kr^X7P4N(CfRgmrK<KZD)JDwK6Tu6Gccol>1{&VQ$MixFp-q@XZ8P
zlNAV1JHYY|G&Y@UuUaBxSPu2>gP*Mwr@C5cqSzAKg6oS7KVIM_HFw+&M?eQWN(6h=
z>j>ack+u$xB{RK;K@(CY5sWD)GI%{Ac+>D%uCB@eb2bx}GVo5(d=foy3X~e0`L(d;
zYiVNd%nEAB)cIgP)~tNt3j)#<NS>s0K(VjpvSj<|_N!dCB<7(8C5ko5o+tG0A&iHA
zcKb4tQ821eo~Y<O^OW^=12bjgUOev5^Wo>o=Tfc*2zOy=1K16l9S+D)BHEzrHNz)7
z7!+(}YU$8_&|?_|hA*weD5tA=bW1r?FbzvsaPI$^+TY&H*mdz4SBxA%;e&B$2c`A@
z*Ds{8wgx%FbyeGdTAS${c&P2J;McWoIi;tozulajd1`{}`oRCLLQFsK_A77|PA>~V
zUEqmijp)k)z@Lh+aYso0+S9S=`B6ytuDRK8RV3x}F;(|-DPnXpHB$TRV~b*#K7tP%
z?ti{VxnhU&%-lUSx6U~x{sBY?#!Df&{p*g0gOel4J*)`EIF;?aM@~2ySqS+vyt}yq
zl>AH8XUIgGP80q6i<hZ2J-6WY6Ad|2Z1Q)3gx-Ew_M~#Cc>Qu?6mFw}{l1SrbYfl?
z{ryWd`Z&Y!baNlH))7UdPd?kSgI#1XX(ytqR1m(Z+`2zIOR0yigcl0Qe{T>Bd3%Yz
z)#DdRXtrT>ELk)ABE&urRNxJa+W*%Kiy8<0pO%D~65f^k-y;C3EvS(PRhHuaV(cxW
z;%c^bQCxyckf1?=ySqd10Kq*#Ah^4`ThQPTTpADVL4t=s<23H>ei!e~zUS<F_IJh|
zWBusSW3BG0xvHi<^C{C<t=26+DHx!x+l~yyl6bz@TxWlGK^Ptp5el@W5&mBO^(!(T
z0^pviop)7%odYnAg#aYhbqhN?7PGB(EQ@Upu*Af~xf+%86F?n`JY#92(RvQ%SxuMM
z91H%&1j>Dgfd|x8{ksWD?p=~WyJum|iA^+0(X{uY7Ccs7HzpAdwV^gL5|af2=u7*z
zKu{~}yqO;w8OsVh$Uq(oVd+6=^(!7%dXXQ$J$&p6a<YX!U6<8v@nKhC1$E!M;%>+a
zC-mow0RE~lC{_UyT!i5(!-PK|5D^Xz&du(2GU`XU;|vFrkWux*%?0-vgw8ye3G#Ok
z#>J-<(?Th^v({Fxt{dd9C;D2UAt3EXk=N^Qi|LAxY%+qpgJ?LIUIS4u9bJYkDsYA=
z6lh+5IpED9KS!4SaxFBEy^_VwIF6zo_XxWK-4D@H=b$K-YHY9BSnaQzd!V@*fj<Yd
ztRkC;5Er0G74HBklJ?kx&XQ3MsI9WiwF%G^YQOUlvpeDS)Ch4kMD`mt{*fTIdc6pp
z(ibd4^Lt3Y-Sc${%dm*OVtdy75ua!zln#w~{Uj^3R)>S#iLbff@RQN_rwC-3R~5IX
z6!s@JqibX&H^>3xb5Jli!?hDeeTIVwrsDtz!~jj&8crUc<@3|w!*!1|uYBeJ8FMFp
z5Z<^_Z9??MhQh|Fv-32(QIgstT1R)ISwO~-Z5He*KBqE(3J08_sD<&zTj-q=!TGAj
z?8^_J&gz}CE;W0nhOKwP<K<CL$$QGkqLCx`*lI-0Cn&m*qnYM5x<m$^g7g5<&N_he
zeJxVew}w1Bt26XfrLdV8Tu<G#ZRj%*$A`6McstmDsk1!*>jPAf(czMY6`}(<oI+|8
z^e`SD?|eCP;H6gh^NruVHiiBAZ!Q20K-1~}OVf>KpOe5;>xnHO@TDq)%X17#2x1kc
zH;y3P0aBKTh`e1<YXfmaC@K~jItM^&2P!NgGEpXtGP$U=%hkPprjq8f9}pYOi+uSb
z{XSaxYe{}l4kGHC<?Ij=0bD3uZiD!~@|B5iFuM=hA9002P?r`l_nBLES<;Fc0mCd0
z4S1vm6N~<8{C>YN-!qZ_c!8y=HQG!Kh<heF!%Cy##={P}<?!NE{NiJq3SKZ*_)t#L
zRp6>`aWzDa=X>78jKo{5oA{3AQAM0*MQ38|9Ha&0RO-I7re`e9gFZeBy&L_!H8+*G
z*1g!m2uCV_1a`GCPHYn}fllggh)x|OwfbxZ3%<4v5|Fu)|IQeGYxk1Z-cw#V1gRA>
zCy9MFbL>0t+t)Z+VNFC#9M8xn_1hZDLL6gec7M+e+wq3}AuA%|q#MyEPhudJu>{B-
z%7Mv%9{8It(7ID&!#BM={teJ=C4YJd{P^R#kNxm@+!GQ)p;qk*W4c>`G|PN`gf0!I
zi~PH29%TY_kb@9V#{F>w<<fF(Dh8m90%Y*VBMZcK?`2feMigz=!+4{BE`gBdr>;$~
z%hTw26vz&{%c@(ZGB2?JEx7MpcS(cHzqKeCXDNaZk%oz56~7}1`ZDTFe6tH02ElwD
zGYSA<qto{TK-*{mY(`rZbC9jADi?*X!xF}8HSYT}Ox0dsB^%j>Q2eV0V-0hfl23N8
z;?_Bg*GPAN<Y>H=!jgkll{;tIIYK?+eutTL1`}!r)+;F4w1mN#=jDh18%6{P1<+CK
zLMP3z&@t{8(Judg@u5Mf|8DL>K--XoE!TLAMS1g?^~>)*LACU)QX>_LZx1*SdRS!-
zbb^x*TIuD5S~CU$j?bu3ZC=;R`KRrhIG=WU!!V3zD$<c2A``wlI6L=oD<UW>E6X<B
zq17BJWN^PW8~zYSKj8)2C2!E~0qx!%(#8B~hdzW6C&Jy40Z#cjGOIlZr>RBVNG$FM
zQOr^<k+((i7Ud0uE7!(m=R-O6)b4ZaN?<#<Hb;uiTL})5k749kFhkmnVN4fOt?CcH
zaeEW!M~$!XRQs5^YHCDqex4(H%!SbTO6kCLbV#@QUarwwFs7qwWmFeRNlEFT?=n9G
zg`Ad_6`XH{t`iIu@yjA~oeS2EIt)(sEUA2&*wULK(>l7t1N*2VojF3&a~;5^BcKu^
z#l|XG2=BasF-t9ptO!0xH0f6|LVXP+!~#To4GSaJNjtg$E3rui(WsQtExC{F>TotW
zMsM<QXVEO*n+M8@qBQqILpC4imLQfq)||W=Rlk0T+zyP7prW>R=co?)&%xsx?FKV8
zFG3jr*c$Qn?4B>jUd3_Uo0S<_9htswE{+h@-|(1!wg~TL+*|dLb?mG<4%Bpl_IGxA
zRzl+U)xrij2NjRT+jY<UOn!XCa%bS)i1_Y(iVTU*&|JN+gg&5<{qB0c=`S_`R44FS
z+{Q_7wsS@;=`NhCtc_7d-;o%h>PK{22-}8iE&i&=MC2r`i%}<V+J;-y<4{#?mKbgP
zP`3hucXhn4d2(>)`~DS%qy`s?edRNH5*>q}mmE3bN!g6mEBUbZ*i9{#NK}GtjC3n?
z!#t2!at_Bh^ygP^X}%X(Il*YDWCOenmOfXMN#!%qwRz0KVSNyyk(?=IrOT*piPCY>
z?hvwI*YIJr7c?jSaL<d@#&jR<8TxwpoM9y+t{RS;B+6*eK{je41+=pV>F!IPTXI&l
z>=>3l^^NZwU3p;oGP{KeF*hYd5Z0&pW<EZ)Daf0?qn(=gSUMY_m?Vuz{PPNBg<4Qi
z<=41bZh2uH4d=}j%SAhUjhJ~?<0l(ddK2W9G^G*c=hDYpcDO|3<CZSJ&*B?}B%f-i
zij>HXbP<3?!IVA#5!b}3zh$^4<-@MnZnr|}kkEXGi2f$fKU>=RL8tLTrpfp58<ldW
z?_-|!IUb|62r0WN&pn&*nyG!>DdJqZ@2wg9VzZNOV$K=%6lb$8k6q8&&lUMK07_9H
z6W4R+Vnubj5=~Ibzf%tsJB`M(^%LC-dF~dC$R5x-tSr4)6MS!M@daCQI)nIHHnvd>
zKJKpi@EG5(q*Bq}ezLGCQ3J7~EIe#$^Lj|$XD&mJ@+)U?!!k0CXx{<#(eB8cRQX?O
zokL%q-eoUP38ICyqrko6b|947R+ifq@qSWf$GQm@eg6qu{|r?E(Tsy1BKc&&XGD+$
zVkU;-zu!K_^xn+pZSDIwTRP3~_M+(Gm;tZ?VgT4bsS$V?3w}a)#Pnt$mC4NXt+5S$
za}r-8o*O4up}p<0k0NWrj;F_$Cy+(DY`yJrfc*o{&>P;C%d*B3;|0<=XpoTsw2}BU
z=5(dY`|6?h_q)4e>WkGKtCC0wJw=mppnH3JzsJ3CdgSMIq`JS4oUt(<`xayc8_U@7
zZxevw#d$y@vW@{Xpd&-5pBCs#PGug(c<;B#Zl1;wK5Uyk26T$NhwiIVB>!|2E)~^}
z$S*2wdz_yhkBK!_Fqgdje7)jF806^-CIcXvpN#uj2KNDwX3jl|)nfp70Ms(l>0xl%
zPy%IO;>8(!m)+wz&=*4kd75&s(W>?BczS$uKYr1vY?Ws8Q2oVaN45CXaO>^?$*hxl
z%adLb6o}b{zSq1m_|&sEeWCg=-}x{m7!Q;)42bU^wB@3NHbB=>UB`e@Q&YqGx!$>5
zo>>UvrMz7QD6wro_jZShfX_<=^`kyLoz!%qIhWeP{&{|P93z<vmXD}7zR?kjd&A8b
z4W%kW_8y~}7XCfm=(8e<m&Jy0_lB;s;H#=&*=u8&hT1SsTk(fQO666J4JX<Azb2z(
zIY$rgKPX_jAZAei;vgyzgZ22`l|-l3JzW0gK!zh6$hQxvWk0;LTxev{9c*%A2@j}o
z9A-gqe+1a{t-A|hRYNi|P*94KM3|V+m<^izi{jy25u4c~EYE?%StR;FEk;(l8i`bI
z-$IXNi4+^(sU(&_*+nt{6vi5Gxocy%-F~*D$+I@@7ObY<&6P2y5*osUqlbVdgzLy`
zBV7$6JdZb|FtQQIsJRxl#>hvn>4VsqmD+pM^u^q4Ei(5$!KB9L1R}Vrv)Exwd2+!5
zHIwf1RFE+^`QCnA7FX*Vp#+#e`$O+&z?Zx3I`_2d)!@(>AcytMy}9RyK2fz}PNz5g
zJxC-__dU;HWQD<{U{*K&e(@8)P6Q?k8NB(3MtJdhqQS~-XRaKdftj5G=JQx)0)tTf
zbr?=pvw>F%4HG|Zeicc`M!aa_uJ!sZB085Y`JlL#kx$b-K9YcRM$?_k79QTo)xt59
zjcEUXJU$oD6g>J=HI^+zsY|y4VS{Qr!#K&0A(@A~y~h61cT6k-XZ)k8M(Vv6XXVC1
z9#PUY7M>BUq8L=$AY7gy*sa9fJ@)u&A?$j!e?)?{+o7viQD)H_8?TsFm<KpPv9{ag
z4O;>m!|#ZBB+ga>GEzBhb>_QCA@|60sG~kqwA~?Od#4rKa9?k-k>U9Olfp6u1f88i
zv=gAaz{tZ`kfAjaKhI?jV!3$DQSuRl#lXOKM`xR>ADR{~6CE)=IYqQ+1%^h^HO_qd
z8UB;j;LtQ^#lOZax##ERpFf;w>>e-^dIjW}PD{3s^Cwgd=fNSD6C-7AUNt?#uMPrv
z(fS_l*~BQt=5ClWY<{CpD?t)58gEu{F<sWlzj@)D4MMlkj{P`xV`NEwCJ@s@jsuAk
z>f%>de#9RYxH36rhl$gF0?s~GbN`fz(-rv}2w*l}P&>E}X|HqAPf+vi$a*`=In`Yp
zFqkc%CLGJ2nJ7&x*liKh=8>RQ7cz>v>a4ufHxp#O+?S$K-+}(vlJ9}jB31a@IOk*`
z*(2XA!rK_(o#W@)OESVfe(@1bLmPA9ue-lU!*mZF7og+x7pkjG-Z$>FKr3n#zu$!7
zFAJO~_*azC6=jOgQPTcCBCOgeqXtN$;<6XddT~LgdM?#n+_S&|R6Z(TjPQ(#n_Grt
zLq>(i)&0puOBV;s#g#{);Ou#FWSkY+LlGsH7SR}t&ovZ=or9)~Zl@S5f!fWlARpTK
zybv*`n1AZ)%wQnV(z(jzbT%;pR!WX%R=3^)Imh>k4~LSEj_~Sm1;q_()(~BBO8xRo
zyl98pn$aU>9Sme&Cz96nYX(oIt5+e%$KyTWx0i3&g@rvYFvIg^Q82i%7V0Z2nW9!g
zXny@z9dfL}fo&^6hgn+@jVH9R<(7U|+M;bH;`aozHIj{-m-lw<Ao3BgS$@TCJ{Dl@
zwBx>?MO~xi-MoHd%hgRp1nAc=IhM)VsSiN;(#n)f*o6_(R^LxtAMXuk>8nd3<a4s$
zD{fPb5*HkYVIj*tKWLnfCnc!KHVJuLlPbPAWz*95V~=`;uMREF#8QjY9r1kbiQ6tL
z|96MoS4K`5N_%X!tlvDEg?BM|iJh!JJVO{idf|-)<C+@b3$Xb=O-JF|KQGFLqaY)&
ztGqvFFQ)HV6=qj!cAK;&9_RQuH;2%Xm4R52(X<ia2>9(U;Uv$!DY>x3>T!-K(6FG4
z>3jbUr*pas)ZOrn#qJfc9yi%1Qu&n}ATI;}c#K;#)C03Endbf3s_rq%XM4}hf2!Qr
zV3$GHt|RZThAJ;89dL8K#S^#F3&PLezC7^F?T1D$yaPNSW&wSoRfOZN3N(Y3l_nrd
zA-)d<zYAoEcIVN+jGnKo@JzR^0Zilxq}!*u>$ubPa6zI_4yGyD8E8Y}o^3X1U7pS}
zeIc(i6^VU_7V(DVec^M976F{h)x2s9ZOXwBmP!#xL=h+)j`Yj0!;IA<*<Dh2Hq!<Y
z_QX*)iwAOl&5d>eqsT{atA}o`yJJnBGNfy*d4%Oj<?cy^-#6TBa`TaHO!*1GkA48@
zrrut+qLqn%$t;i5|Iwn}wfKi%P4)NcNu`kku3&_0U=#+0y0IKMP8~iktV`>d3v-KT
zQud4elP~Xgk@0Llgy4P)sHQg>VjN*hM75vR)TUNJbpiG?f_T5Q(}OUoVmhNXC+B&g
z?fa`l`Zw^w+DT9>EcgOx=K=ONRA>v$`)59XY~Tcf_2(w>JbA7{J(Kl6uKoJAMU~@C
zF#q{W{osQm66s84>;{^L3qUOzR<qt;x3N8*6J~hYrRb}tGD6mes#)`e#khCcy@}|O
z_<%7ww<QSq;))^4&(LBQ;eI783kx&-LGCwIArxKVtyObc*G=P?J0lu7&UM@s9CdeZ
z+O|<NC|Dyq1)^y%dyb~;iH>t6C?(H^eR??tQBOKnUS|KlnO4!!Zw<x=vko3|<(!j&
z@aG9<f^Hh{F8<(eT;&ekZNz^{R)+~3N!Kaxvtmc%D05-*?!I6N3JMZ$HmUDa=zsD6
z+VqCOAYt9i*TZF_WbXU)ZGAD`jv-l~`Wm*6mse6a2){=aYbyS!yi(7-=In}czL%9Z
z%#Cxji4{&Pwh@MpE5PAO+*yb9(W3FQ&|cCnuy*Jo8?fyWhVy&<or9eo&8ahEV5Cb`
zh(<YIHd9Zb^IPl3!1*9QC>;6Kq!{j7)dF$IU7W-!wdx!`%>a)(Dir7ewrz)x`|(D;
z<U?`CMFO@(iYvjS6dZgBx5q0Oh*VS)kXJ$=qR}ix)pj$6=81>T<8B=WsDmQj_?{rU
zb6X@P>z<3FH1S-?@gQ5)AHy^VbXKNo;Zh8si%rV$xLd~yg(y%a)l_3o7wsxWMh3&m
zZ{^WNppFh!V9tl<2%7O{n17fEc)VW)b#hxOf;jU%k4uq6u`Z;G&Ig0DGby3)py>wn
z4S;qntv^#hKUgrd4}l3-x6r?fc{R0BLRydD<33*qH4wV1zy(OsH;{!3=Z)9)S&Aqt
zRRo0r8r*^px}qc;2yYZBNpib+h`MG~XE8N##Af<TY%et}MZz26eo@%Z7n+fk<Cm8_
zwz2A8t~k!nv9b>d-*gR6xyH0OK#gv^MdBFNZuuycQkX1iZO_N|sWHFfoSjn2ie3Lg
zIfQOk1c?1jL;v{gSaNdg6gBAMVmUZ4z}cizW)#tG;-gRvvb}$OacA}}^RbFSaG=x7
zM(N9Qo}<tG*w1Tu85{L#d%p8(!659%Q}&&*;RpF$1cB*=;&H@@(mJTb?_PW~165MH
z;oYWvKMFopC_8%4F}_lK8ci2MN&H&)LX;>c!Fr1FfLB*jlftw{OS-Jn>04=?nJDUG
zTfH#*t@~#8cx|mdz2d!BqhW}T0BERRC71aYKmc)3!x})20&KKb>zh2O!>*S^U4c^~
z3q8NNEqh>iwlPHy;L1ROPS>Tkkxl@AUCQjnb>~$BKXNXcO~xO&t(TBw?)(`y7tPg)
zXjhEi5|+>AoF@{;E^(^8rNB|S$^becK-E=1E;ZxnA0;g^lq>n%2a#9kSUk)YK}*a=
zCYNR(ReCqyyufaTYg!~XU|4v*@(+~=j+%i~mF6c*%6Dvh=AUhXJ}<pvb4qkPbzEUd
zQi^y2q8Y|*;EYgoCY?r8F}N8Lj?bn6+FX!JyvrL2ldb6Vy0mm-=C3!Nk9RI7=jSG3
z@ZAvVDtY`)<A<Rc9p8Sk4(LoApq$9Ob1IW%#?Z<Ycns79$}X{N_A#Dr&@b`YC8men
zZ;1n<M3@43nINvz$7DXyWO@erD>;IG#=uDjp110NVx0%I1f<J;F_5eR;{@bYdq2Nc
z=l7`~JMXa`Q8ZTRoH4Re2}P8xa)hFhJF$gjfeX6@Sfin<FW2;6s1Q|2mvE`OqV~v^
z=g7Wkeyz%y%JYHQ`3kTO(fz617<rhV2RT3LM?9q&S&DQ%*L)iy!^3-}R;-{AHSMe0
z3&xj@dDDvx9KZ?dt9KT3)yK{z#pXxO#;;lDAGbfZJ^RdU7#C&(J@iJE;iVj@4CAxh
zg*Wdt<o82W5W2HN;LT5eD`ythyONw#%|FM=%whjQZwloOpd$at>I2AvY%bA~O*aRJ
z-%Gue;~r;USpmM(Mw^w$+=?iVU+)l4eyR2I(5e7zrPC$)7>Z<a%6}}>_OmiHApn|`
zv8DQ4rLgb!=D`|5qw6LW1@^F(<SY*7XbE3lG8H2<4*;nMx4m=KQpo0#Br7}SsX}*6
znakh+ok%`ZPSBFuCv$IAEDBFpsoVS09V16AS}7xtOU%M*rw=Naj)xi~-qF3yx}mT<
z7{+MGc}QjYFd*vbc6r|fAjWbrHoLmWXItHP7Mn?O8zfPFlzpgK8Zg?PLK<C@#TVGw
z@Vbau$MiPhGVOn@L{$HZ9w(u_n-asm48W3n^S<C4_ILs{ob2=vrmNNlJ*@bUDH}8z
zL$_`zhHR9W&n0-AZ1VWo5=l0zm)1Y_oBd)fVrI9q2(DmToOHtI@I)px5JV&Cz=N6v
zyV->Z$Y7jM9em4pV4n8Qz3j5n(rJFcRq6lrX7BngJY6#nUeoa(yaNrC^5RO+=SSqW
zAV@9~5o9?XX9RQ@cBW~!1PuT=;qc6cjWfPOE$Sk=_Ey5Sa@J14FtG{G^0%^2#S4mg
zn-Xvg-`xD>Bc*D_9)`8SOq>eojyjubZeD+fQ&Tvd^heR5zL~&roqch!lSp-aV<oJ<
zdag!|#?<Ny%GDK26D>kI{pYbXbl^Y>G(LJY!z$sx^a{Q91QHrpr7??MEys;tu2y%@
z?w6Q&RY#P=nzXe(U!3|sYn*6&F)_W5G?CRK>Oh%Z#=#q^2Lgh(Y%YA@-N>ycdNVds
zWUlYRK2UkZJfgwhcDdi;DHHph(=_J2f%&xt`BQNvsO8ci^EIkr@`9pS=H4$5V&Ye_
zwjqe8l$;>DM^x=_J_+SHv^ies3nR=$*c!z4NyP`Offjm$_$>?tKv#GY0W^FmQ*l99
z!gXye#hMO`cUIr1nz{DMJ}t0J{xMMVcKv-CCMvG-BbL=(&(k`MDrZsA_i}uALfwz~
zawT-HJy@;fmTPiw|6P`*#W{7-K<ytFSsQfWGa^ZYNpJJh2WKX^+h$@oRVz+UhFU^`
zn%r5hZAkxduY3K0I@x2`t0Fgr5RDv|fQLTj!#N3e_Z|H3e&M9A0L#&y*_PYWbd^5h
z&i$lJ1%bW-=h>YXIjm(60@?{wB1gvk>B->WdtToIT4Mh1S+|p|I$Y#eL3`8X@@J}q
z&i<hz!bh_mBpC0$JUs$!CN)xte4>_70BqAhh}}rYoRL%a$5X+psbZQRXjg9<7L5jx
zpdWrX4V&>c(QLySFjqC6aI<@;mu%!hU(km?5JQpyzA1)O(qN1`9(W!%ujEK}j_ls2
zB_7CxL4dmK>$mGQb#-A87LHTs+fdH&2M2R?wVy|SYCC0gV&TZf4LK1MU~dX2e6Ao{
z#KG?dfEPKmb%`%UiqGHQ^+u=<=la?`#M0%o8^0f^|ABrqlzf{s;taL`%Nog#&g*?|
z*5oAp-O^%G7y5;%%75`9HT4#hc;&?BJneU>ahRtRXHby_Zc3^3cmUJ)pMJ|~kx(=}
zrItD1_ERSAepn*|Y{aq?zRAij0nvvSaKG`?n;InSPOgsUhn7pYPvqQnwF!M+?w@ic
zfr99l`=2mlX>9Th2%ZPCY+65D8+cnp9{{qcnjb8PIo@}Kq`8%O^Rva*U_ez(n4XaA
ztUTk)T=4*>Koj_B3|;90mV&6OoV7oPJw=1p_QC{lh_^a;mYl4hxqmQs;Q*7EOPmNO
z2O;ffqpYNUo|!{bFNuC>qyBZ(`7u{pj$s?Xs(jGCBM@m)XlWCPvV05}X6yh~L%Sz!
z6(PB<roqyrKTY-82kt>bL!hVF7a#7%Z*dX7j6Zc6%5$^+X>kt3USGBfO?ox+VV>6O
znTh~|>sY!Rj|PTo`{<*2)Sm5$OR;CgU2+(xJ3&{uiT1YR%60?I#~v+P&j5UktS7U-
zMPlV8PH3{)ns8>G|1(MrsYoF7F8e$W%5$vrQ4YKU5QYww9i=cCcB79>+zC{63wdBy
zWJ_LU_lxdzZd4gG!vM$;v!}Kv+@B8t!!y68i03_5`K7gSOglZJ5PN%@6lMwIk?<up
zFp6f}SYRo2`D-tRm1KJ7AkON`ZSF~1+b*1?76|QD3xQt?*~Y|zC$>Qb5~8O3744Z&
z<EjRy-xJG)_gIvUl`S&?piBk9UxH(!{K>zJ8PY)r%UWm?R8}Jd#uAANoY+BNztPv4
z{@{!fa~)jPezg)#7Vm&AB%MrlUNP8P05>FIex>nwMDWwQ>`=czvL6?DT4_}kA#_di
z$VAI|NJnyVeg<jNbuBu1+SwQ)58>%4g-~}BRKK>>JF7-i@L)931e$_sxB?}ge9+QQ
zRpPOTx)pLZ(k3x)`>p&He$PU-!qa1z+TJUN^_eG}5RYQw7jdw0!0Ik$7AW%B6zikt
zWdANIYU2Btpe_OF;N)!A)r!pyNDiX(Lf{Q2A7nyT{bb_!aPK5jmt=@R7JynXm(eqx
zEgVuP?-x8c7~X^3-nECtp|uGwYGP`M&P~ddE?7F*En0*vpE%`qe_rlK-NLLs4+jwL
z29_qn#%hD!QohChZ6aRtjK54!W%szLNd}k5UgtJo{VXomw?sS#+W5t6dAn&!Kf=ns
z{bf}vLS1%Cl<xy4h<!%_V0!C3qc>671vr1Yhlew$k>ijM-=LiBDJTy6x3&r-F-0j%
z@tQ}AeT^|THg*r+Dx9GJ+ExGn`P2Bahrf(V*8bhsV9#T0aepY}w{N?QB2f?&tnC*`
zXq225v2!vBw!hB}MI83IVs9_^$sXW_^$o@7>IKRZ^H`%+Ijboi!~F3&{{0AEp8uUa
z8U1VI{Zz-#pwHvX<!x4n>0;++&*euqMXuSAuTs9HgzlBm6AO7dPwXFR9MB-5cFRkh
z+^zn2E{)-*<RFzDVk=2@J~Dq*zEL1L9&Uk)J0kAl(xCX(PVzOMeJw{$4)N`S36jAU
zQU`sRtn;T@Z`X3*0G)D{`7m8^3X1x1Be|n81}4IbI<Wmd@sUSt^h%4Z`He1kGj4q8
zCyUP0*I_%qYXPQL-|v*8=o`K=<;_fO_oZLw%+6{l43CNBJ_uJ<SAWQtPFY=x5}|xH
zK9shZ&8BttxbsGx7IABTCNP9*y}O<mTkPDs#z0R0O8(qS;Bq!sTG)a9b(<;vncO`i
z)Pc2o7(z^#6Tb83qqD5#>|Q>{jwRXL@pI;GC&RKxv;*q(B#z%RWNdt;cavLZn@-l!
zvW)a+eNz!Mm!eI<bdvnOx~h(}H||<N&jjO_$*3}-i9a)JYurHHrIq34@kHj@=<b5J
z@_0{Vu;gQmnc3#-&8Z9p<M9uIDRoVK%I7>2n0LzAjGevv&*QS=BG1Ij9$u9{n}dW-
zlg2TAO=b`jqkJ`s$+EB}n(Nd@AX?WVMj^uYr;=rvo16|hD`LJC`m@ux7Xiwl)b706
zAviw1ioM_SePw{#=IvtRq(=q8funW5?c;RBBo#HPfM>xVsFiURlahMai{W|8&o8$h
zcV~9$bG^Kd<zqtg-XBg+LewYye(Bi9uv{VHXBY-qzsS?dN*;x~hZk~`{8YZVRFUFT
zXze-ZN5Pf5pC_ChSx)hF&V!Io=&Xn`HH0On(;C?zo1Z3omPOaF+Ut{uP=j(K9E<WH
z!@U&D6_TDaz|8L*Mf%0_`RVayw70X?t<3PS7{b*uby#&xwvJ+?iDFPy#HHFjJbmcp
z>63kTj|lKR9q#V;lHC`7&pMVZliGK_R2F%}U0$eOh8cPWcHF^%b(D`6wa_{xrNa2&
zI0hb4`&I-^hi|Ou<2<ZQTjzqnQTcs(enMa>sLCcb3eGza3Z5k=O&Yxi7U{!@;|f(t
zI4V#P>dlvm!larE@O31EXSp6l(0vCD#u*$Q9w-xdmXR-Lcv^Dd^<8v*r49aZF#l$I
z`6;!7Gq~(?GCj9A#VNt=vW}Hp_2%mS#1dcaGuGj}!JVzm#&N6Da6)sKKTuD~hiop+
zJA&~K#xCcbs)`_+d`{ijyh@Np&`K-{bCYPf(Pa)<Z=;Pa31}p&>N_Bkue<*e$t!~b
zfzAT`R+{IhZZcuNxT}X+-vOkOaGg{`U-;T01u;E6VsUZtlR(MM`C79&sgRWxlh;Lx
z!(wV`l$Ms3)#|Z!i#Iht`FcHi#xZ*HHaxc7_x88#!62dh{`=PU^^TSttTtek?9FdA
zz3-wyGBs7`I@=s>s5zKDMgH?#a^A4E`&@m+wfw|S`pO`i?VSEmOkY3C+&Q$J92(o6
z5IPyJu%>3x?6SEa-weY>Of;T!eyQa#wn&HAeO34)$+D?W__)5L|ARhU;&i+}8cfIC
zZB$@t%n)fevzt%1a3HhiMJaBZpr_|-voZF~+_)d~rPn}ht?I*ZoG<T4x%V^YiwFje
zJfGP*psp@fBsc=W6Z_*tzR!?y09%<&lD&!ncXQkAWj;q_AR;3NcK0LOby@ZmhG%(Y
zu-p+k=Z8%W%|ZitnT2E9fiDa6D+9e(RH87z6@-=MvrpDgqQB+D|IKpZqe^%_)3dmj
zM8hrS4}Aq-%&1Az3I1e28`}(sl8Xt=rn2(p(2ndX2&>gK-0<d?$9od8u$dWG!6(Gw
z3#KZYAs(v?w?njWMMW7IT?XO10m~I)Dw)l5;LM9*X)Ud^tDNewOuobOb&?|}^U-Xk
zgb!7Jlr(oMD=2eOe~@OIXZW`+`$e<(3q4*>45=06LsWepN$yVcami-QiKwm<p^)SK
zGmuWsgEG46v@_tMuiY{becWkYW-8p)#>WZF)Q<e0nIeQ9tWN;DA8j<;JRW%Lzh3?z
zEY=RFt>Zi&o6mftz{9}h_s*!T^PVW^p-u2&FvtHPkWc7|+nvi`9X1Q-zVXX+icN=m
z-&Kc10P4-2X1MAH1H0&~fpF6u&>#Q(GO~c_zxI0&x|pbNNBBDucNFOL$0gmn{W4$n
zKzvH~W=p1;e+FP54h1N4Ol|{CaTwe-X{6}lum5%EFOtB({5yIhc0Ra&jUIc4`k&!r
zQoF;Kh(tqPuiH6|pZ+5^8BB;sh0v!r-W@oAe)Nsx6aD+hKhyq?&jg}fH!x|PVWj?{
z0)OY!WrYmrR|5ekM1e8fm}tl*<oBxC%OZljfq4jPu;Q&v=|=u=@+K1_?&aV9>*dda
z{dd3)u6*zQ^^bo4jCbLN&Ryl?><8CBV|6Ehe(Ig?eb*<`D$zYGLzB`=@$zQ=+Z7;&
z1X#NB>xm%IwYPt7IAMnYc6O@E!tRmk37~i`C_cgeGg8!-pC$Bcb8UKA7^%49l>hZN
zU%p&<Yvc_*vLbOmmgz|Kuf0O`k6<I(+6a+8_?@9_UEC}{rrl#OoS#~t9vsH_J_C=9
zQy8_OhlR*^Xbj8}<xpS}zRrs&<~TnW=3+(<{U4SGuxz@71CC6Ttq@_0mn@#CNZ<Z@
zSSPPwTm+uKUrrf50=fqf`fDC~0a-xituJ=%XwmccAYk%;TUWFE9pXQm`aeFias#)<
zpqV#{zwCG5G7;-qfoCbQ0CX(gHQ~ZPVtx6!IjLS)W-8I{;Sg5s*Z;!{ghF;l2DFC(
zyUM}4zqg<U`FEli&<Cc{D@+pLa71tRsQqij=qdUKrj|$43hTc7cz%!1e+=t?A1Gwu
zWj0q2j?VwO<w@#ggwiLU;8>np*7<Y*xyDff16wcZqY;qo9;PWy4*I_=h?iA}i-GZX
z75Zyp<wBCfNN;<QUIeJl!z>^V2vFeVFURye&)x$9JUghi`yWTg$`9NcgRVIv_g8>N
z<dEY)d^Jw?z*K=FfkxnUh{E^)_gv;d`f0IqAzYF6+Fbv$0BHdMlJc`1;QhUYSJXcc
zj2iQX(w!|Z74`=P%Rg^_8<>S-_FF50Z&2`{Ji=4dzia#d+yy6GfS&NSk^W!$OSBuX
zFO5$Hbndt3`%nW)!05Kd4gIY^&FJYkG*^dp%NDj@dKRp}Yn!QtwZeVd=$N^XO(;$S
z_D?S=CpsGczi;0cl>^2BZoLFpl>go$N(M{^x2^uCXm|N>HUt6rhAAL0aIWe8hz#B9
z0o3_K)^^f!-Yc9#Gye{Fh1~c@E=<4^RhvWe|6N(W>;|G2l^Ux3iA?riD%Hpx5bvm{
z|J_$Z)?#z_LGOJ=2}WQXy63+p<NYb&j#`gt28V`z&NtW@0~9i@<!Njt2(~S|pW)!)
zWpP3Hr@t6j7KBm}Ljl$PvOCdy*vIX|MKv_=G%B<Lek^;UgoK2kPp=;013Ku6(DeE5
z|Nfr}-Du-wF=P^g{{0>RuMfat`5KUVZeYCZs*68fNskl(Y?LQA>wYp?TD(Wi+XEJM
zc4YNS+I62-%MBmtVPIfR7oDE_fWu1Jc5VeNasYqq-nt@AGV&v@2p#(Qnh7f%Jq+^O
zb<8)o;k7BQnO|(XtG;<!GlIm_G&NTW2?+_^AptoQ^z;Y-b7LRb(@9u|$y2>p_i)bV
z3=`@X-EobDgpMqJ_gyPk3a;RLH9A^D<<WjLS>u82)6;SX88aU`V8j03*>$13$U9K>
z6aK&Dod)-yfAVYCBvRU@lr<2{dQ6Zl4O1WqNm;O!(Xyb;20AJ%EG>x(H4s2oyTv)v
zN=^G!WT?KMjwe0Nw^l=mI%pF$yQ;@Pm6hGyL5Qah=i~V;EuLE7=%2FkDU97bowqCV
zyfYQI_y(T4g*6t9AhcHoKC}n6!Egv`XQx9=?>H0%wtx0~IsjQoO4?&G%PIBM)(3Z3
z#ZB|9XSd5tEKLRV^}z|=Kw!_(qGMyxAI|c^>_umCMetr3Jn`-mb0EieY2kz`BFT6=
z!ci1ROinEY74>s})Z{G4>-VE7p4(RJ3NF37cl6Swnd$UKTGC%K5qjNg%ObYLAV}Z0
z_Q1SrXJf{plOe!#6*rA@Imge>{83jXKrAJvPF@L&@oQ@7;j#U(Mu*Zm?0*xaKb*8U
zu$kXmoa+7Et|!(oPt3r^*7Rv_6sL3dxQh9;d@CIA{4|r5#`tC9mz?}b>a?G0)CS=5
z%a8sFgh#QTR@bE9<n*5X`e$~QT&3p;Y(fP}X3+dJT_(`*Byv8&L6IxOb5PT?Ci%)B
zNKF9=t$&H5mX(Vio8&BHf2kFH)mlE|r_``2&gtlZ!p9$OYs*VvD$~mWgM&zme$TLj
zBO{V-Zahyn10tWMiWKp{w^KNP&^Q-}%Xx5`OpOIpzk24vU<v=={*w{5_F<*n<$+#j
zI=Xq609c#V7Y>}0`v(pQi*Cue1??g|-zEIpAo(aP!_wBDp0|5q>`0_+)T0Kj9(u;*
z{G>+e)V~oesOT>TKQ2T~%&~DN>U^@K`plf>U!t{e{d|{-fl8m<oYBc~xILmIrJ$GQ
zZM)w+7N@lEE%EI&-_%ol^7+5rnt$!L6IDP#wK=cN+WeJo^*_e!bvJ|P;}A>Qlu1zB
z_%VAQ4B!olOcUpZ;e<y=_xQ=;mj0=C{vm4+i)29A{f3ArY9G`|+T6@h?Q#B2@M@M!
z#__f!OTOFc&ji1IO=2tQHzAUUvyxvKQm=0YBI=M5>!VZst{ib+;~NjeX3f`_l_K-b
zOfZ(d(Z#~X4)pSUFi{vEosJc{-N13*uWXoa?0f>06NqEn!HXzhp~|K=DVo&zJtX&D
zGt5KxI_n6;6Kg1?%YXd4RA+-3R#dZiP?W;6^qQd{33rB{v68^Wy?6cl0o=wI5h$j;
z_B-?fcjm>8Eyg={LK4l%w#H7kSM(Hf7AX_e4qDz)=zj{@*^?lfwohaAojV+A@o9L}
zfmS>-!av4I1I4Zdrk-+NpOgQGIdW%vvEhOq2mF7()&flAPu!UK#9WA(i}?v1a#MhR
zD>Y~muMPM2Y!mOI*LZtLX=VS9V?8da&CE<<J+DKTc@N+`XKp~44yz$iQrN>%l9F%+
z-ltODC*AjWmzh9ekN5cjB|a&MHeZ=`Z*T8|ib?<)(aieEYOl|B*`MerysWUMCM_Uu
z^81PmI0j+me%bAQj4%pKq8<$;4q(e@D?&?7IqlY-svp#sE+!Ljd~=+vZv51|y>>5h
z6M&b#&r+_r9)uynsU()GSG;wy=(KHhZ{Tye;tr_X``G(^1b7y|ERWcQ1tj+Z$c9}1
zGVjw6AM#*oxO`bjxbl5twv<#vwyl7PV}&atFV%a2j>q<|v@DhrjXt+B6HTIuCvR-t
z{(6my)-8YOGPN+!Krdn1@d>*po{LiIH`U%QQMnvZ_2$xK^7K1}h~9&98cUy&a@+2R
z$4!d_E;Hta#3QxBXX1*cjLw3?R`C;6Jz^U_)*?aazh1<@{EcM=z)9j6C%sqt`*jLn
zUjRR#k%HD;dzrvn8fa{RC=FRL!m<3k1b6ys^?I$x7?NV2CsNBhfc4$JY}2J%{fvAa
z9vgeqdSvJ4Mg079-Py3cJ`guRveE)uw>`2eV7t7tv(xpB%j)Ey?)i`Fisyc1(^1QK
zy7FWrsA=sC`d-=z5uRni8I%<t$zmS!gZBp1gI&R=ADNa$Ab2ssBDp3%Lj_uSep0cX
zt5p}czFM#w0H|s!Y&u!aR`x_djU~N?Ie-NLr*Aj4$N2NSQmQgNh*{5Rb*K2PZYfQd
z0Vb7bko00tjliBPGs<K3C&4$~o~TkiH@0m}7tMi8&quhhkXG-+V4vd|X2+ZiVlvr4
zTDb0IxYP^eRMPb0%Px(_i>7$J@@MizI-dH}fmDXm+RgtmV1Okv`u<{=lL*FX{`$`2
z)PNg=)mA?(+db@Lr+PK=jMOB5cIMn&-q7$GNG^WJ*Kl!31^|)~kOpbh<Mu+P#FeKj
zw+~pIA9s(A`seD*^QzK$9r9hXYM!@6o(UUm7D9)aTTxRDTEwH^QW6sK^fmSLq8IF*
zLmP!OM1XjLii8k1cmQuiGFTFdEp@LE-P?Qsy8iuMcKx4^i_cxk)G)d*`~m`}8DV77
zu1c;s^*@}zN`j2+c{(U_Dp<Tzze8uLn4MgF8x*^TpPW}%8xU&VE`1=J&K6AcuOb~P
z|6DMlWZmDBgm*YNP>99*0Y?~8krvO)C~MajJg5|%+FACo5pLB&A8F>bR6)Ul>k?m0
zr51mOtiW?t-Q?NcOpsHePCWifXnYrG5+|aGmlUsXY52q#VI`StO`et@!)v<J)%TH8
zQ?N7K^{dX>lrui6fitcP*B`o*+!=o<&$L{2XRE@={c1_qc1U9vMp&nk(pT4K5Ee3s
zQM_kBIJ{fTl*|+m!iuOdo_FCwtDL0(bN+By4GhFRoVP)wuaViSRR>N1v^Vg5wMM<B
zB&o&voyY>~OMx^6#9HV>0Bo_eW=dMxe8??_02UdnWXL|2>$e5}Z+B1!yqLi_Qm|81
z`nA<0vZs%e?(Yh($@x{=<1Qgx$irY!uC3Z%P}Vn+akQqaX(@9Nx3_nT){8<)H?Ymx
z`f2=mMBTqlrEH+C$WZ!@C_P(r*ZJ2^&wkp3CvdBafNg6lbh9|#7NSIL@9lf6)R237
zT0?mMc&K14X?ZIls^WOXlcR1FzTrZH=G7<mk8?vTsI!9Hx&6FRUnt}4G3@-^oP%$W
z5;NOpUs4}!l|z=M!OZDRJZ8wIX!X6m8XeIsdDfa$e8y%zSgVgZgi`0ITd8?vuk4$O
z+GOxrkLSh31qjCpUbZwLjrKa0p2jSzJR~QDFsko@mMKz0&4(e<>=0jmVTSs7@$|!^
z+P=;BR-G%QMBz|7mv1d|O%|WV5`Lb-bSk$>?By%lnM<BO4XZoL?E6dHIpy`iYM-en
z-wC6x_J}WcP<yHql?`V&oPB_AX|;}9DH&1m4MH|3J1RY!Pw`S}nHh=2P|CYdXrKK4
zv!LKGgMkgjU|}Yw8e%Ox-ge0NyvX<EgO8ofQC~uPVXf<@ct+5YgDjSX)vlz3B1-HL
zL+U!o*5~`itS^Q!JoNACK~=#?v^GLzNM?oR2vy*_c@5(G`nF^5hE;|8t;j!j8JQWu
z79M1%aj&M2wm*A3mnRL{1Vy-xopD?TEc{0}#;WtOx$(4TfXMA%F|4xxOVZ>^d2Aqf
zcE#H|0S<u@f<81n1<&%+>Ude`X5a8RQmt4?8*<-+Z`%d#xZ<+Okz2pnDTp&V-x{4i
zzqxT=^xU`6YP3$j@&;I(0Eha%!RFFr^H;J~!=BRNEyuWE5OC5})$y#BH4sm}_xNH-
zaWt6Dd*XjEr>!4mNX8qXber!L815m`{#=Yb%_RM`tv_a}FbDweuWgIm6VA^sumR_&
ziR1{8C=-iBVK7+BzvU)6tI5J`J5b)KoGQ2X)hT!F$+;RZ(JZuy*c0GjVC7IzPQLVW
zrC!zYc~1Skx0Zg&)bz!ZX-(p%T(t_lPSD9tF*2<UDeZ(_{7krR(Z1p5P6L9FWE>(k
z+gy|&jL6>8i%B>l02(Dfqz-;hmA`|ufc>HJy{dAX3vNhZOZaD7hdI74O?%>x*^lqx
zK<Csjit)A46~C$|r``7sO*FhNi@|aWQJce0P-bT7k&ZgRnYk=IY4jjF!Jtb4c?I*G
z3{Cy`h(ZcuEqz;u<<AK}pBh%b{}k2~(iZN79maD;n|~@=f_7gw8Fo201V@Euaz7Xl
z3&1|CtLt}gROzIx1eB-j27<!`U>v&n^to@31qu99XLK7udpAd#I#TSgWj}RqN7YhX
z%GYnz_)j;-_X5G8m10_*K9D!*SxZ36+Mf7^=&_1=fThEJwk}chnw*e&UZa|C)2D|r
zW|>=}NBb>@?%JXEW0(bszf#;{3(CA9Lir@b8)1px@bogN9fw65_i7V+bPn!rq7{d%
z);J?D8!ZAg?j5ikYR?j>^=meLzN6E#Sska;&3p96@ok$^NWdwoyL!`}{r<9W_FH^c
z_qV%HVA&->oz$z*gw95}_U||kJ28}v=-LPJIk-{jDD0Tnmb#?YmKNYUF!|*i{n!bS
z+=<*!c>jZ$woctZ@bT&rEM+y{yl-0Dvb5yYxW{K#igy=d15bxiC8?Y-GlfNEKgIi;
zQaU{z%*^)_==O(NN-mNGmPJDLUJdU!?+KdEYp$7i*B)N$?F*M|CsU)%wk)4<Ev8?^
zaMxe*7|!IpH)xbo|3c|%BUp)SH#3m6X|7L}^B-x%E(;*!=X&!|o93?z*c1jtp|1?)
ze-%JBvx(v>6T6Jy`gQ)Xmn9`g&*vg5Gx?6%PHNcT$kz;P*O^WyV=ZncK;W&DnV6m)
z0XPR3Na*M@8`bLNM>_&a-Q^e|1J(~l{kV(@kqrwuOs^Z<H%??D>fuZk(*y61+GQwe
zWN!%Re%2}hH0e3w5x%Ey*H5D6n%}3q7uIFiKRM~faoxYTgavlX_{m5xo_Dcm>T_dC
z$m*$tCl&GeYpnH_(~NUDOh)MBUsM!ep#{d6%-{(n!TMZO>51mhSkcUiRF<QlRyOJu
ziKvqAdjfNq(S}EI0dO=mw4b}n)nZ*_zk__H^DGXKx`IoT6k>McGHdTd+lDDU3aNwF
z5e>i1(ZF-b|0(|@%Yn~a`_nyQ?bCZT>SU&yQIz}dekri5C<c3JkqFLhCD2S1@Ff;T
zghebT;5N5c8Ip;tsRziDH(S%qKB{uf?}?>;`$}417De)MFqar=)KI&d70RrQjc>||
zT%Nz7-cv}B6jF86DvMT>x?unH)sCds7E51G`!{y0!vOxm{Z_LIaX5z=c9`P4vi$D?
zZNfvLOC45p{404SL!G(MQ@TgNf}buQRDOI^=}C6sbLGbbb*zYxx-2rf?>@lVUpV_q
zvcRfhd&Ym!sj^x|euFtQtliDPS49Lcxe4@mF4fE<craBViRyjC_)T4%QR6Ge5HQUW
znqN@oC#=ur3)CdfT{fB{AsjA6q{da!a0JOZ%E+?4Oq1A5%7sN78;O<?X__?H%JFTv
z-xb0G68%4_B!Yn;4x?m-(Y@45S?aDV{vISj;a}RKPW7(f;He2ys`!qQGJTW!^`;eg
z0CpcE;oiP^(NOM<+PdfSw1l+F{JLpGODc83j}dCUJ7V%}44IS2BqSw#18%hSz{~sm
z!cvJSJv`Fafm$Aq@$sQLDlRrjxM@rDoSCJ(!{fmD<;4~sN2!V=KTQ^@HQ*_SQ(2M(
zjHX|WW3jn-r!dc^hjQ+00l}xmWMlN#%uTy!!|CFgxX3^1Oo{p5>>7llJxX!rtP9$F
zbz~BqihPonIk{{6e99~w#jr0`l0PRzRz~T7?<KuC@PVCpS+ZjmC6ckkGd7cg&N-+R
zWGYnVH4smIxa0>|vbd1{AC?S^ismWm+nxDjr_t|Ax;T@M#TOcwx=`eg_SIh>2zdRe
z<x|$GT91Ac(0$oYknuH71sfqIL0t_}#!&!tT*=AFO}ASacS^;O>98IXZeI}=j9o0)
zf{`?V8!>IJC+F`Uu;-wsoQl_FMA~$}SG^Ooe}*loC<~N3zkwVOD@6Y(n9TfQ`SaS9
zlv8t6bK%86{qPQpF=S#C%amNU#5&#Z%9uj@uG;qgH?uF3Oe)1pc0^wk&4q=kbR}4+
z>gVRyixMFL2JzF`0IGFNY^kRfHv{;5sVmjZw-HY+J@j{}4UkJnEG{n3rHo7Sr%ysv
zL)cc*zZ|dzlBl+Roi$T`wKukd%kC}SufCh^^_eb~-)mL}kH#m3wYXfQJ`?x9E&pgY
z69_f|5%)!`^>^@BHM8Q#d#Yu=j(|F^R)5o~yD@yJt>!Xh95<+`-09P%Ofj51DEz}P
zeTv3z4!f<2*A6BnN5H_!?s-V(;m~C`T+Fc9^wn7MAKkJxn#s;5N|i1>?UXUA0qX7D
z^ZVTzD8bH|v&;Rx!b2@qHIWWuUGf>bI^6mZpXS4PZiS&8EaX>BewSSqI$KULHdftM
zm!0B_6lP3@6R}bFJBK+55Q%cb`U<di_x{~@{c5J(V~(oj14}#6ZyE>cpRVg$<qHk<
z$z`3uH^Et9ci=`gg!RdU)7He!$+!f;vOl)+RoTqg&CIkeuFk6mr*9%c)p;r`45p+o
zGiDgVNgnG_Wv(uYIX^m1=gSva=BHpIfIFR`Y$%MrMFE1Yk(}p{X<?V)Eqm>tDyu53
zqPlUm@7OSCT(+`rAjm74`z`4!`DDX8i_{X_ctmT-364DuQjzm!LY=H$thUd?j{?SJ
zq+D{cpXt@Vzjcs`^sf7`@#EzEWA+@AN>bzoDG$E+En%QitG$cliDS{D6V+K>!rgDd
zqVC2@coyC5*x*h!U-h`i_{$;05FJnPOF?lef!Aj85t?PzDM-<c`R-p36-A_fckHq&
zIx8qdiKo8zw#r#B7v{`AOsKar@RM6p-B&KuRhNnz;V!g$$k<peP4F7jlMc#h_O<;F
zBj(TWQox3nni2c!7G{e9ZXrC24YlgYSu{~1P@fIz(i+w;(^rmzT&_h~o%G=-6NDcK
z<Kd3<RA|=$%r@>+RDCZ;q7MxXAz`G_Vyc!&J~i(afiCrx|7F4ieU=%6W2QQ3$tu+B
z@HN-$23%AmM(xba5&8Qfk&sdQggA;RSh&lM&r-&iy=~5yJGP%1#k#Fd2%mq|zhNAn
z=&bj7Fd}YD*~eOqE+5$?B%4i$=0LDwg@Sr3CMzlSks~H0aI7ckokIA*L~!qqap{86
zUdP98`+j%tQH5zI)v^dLGXS}MAxI9sng~>-3ULvWLcBjJa$Z+W6*Qo7OpSD=uJNn(
zl|i<w$j9(e&j+|)Xobq!ns-rWhWNHV;kCJvlqPaU4~&L23>sZ8bIMTg!%IjZwr-zh
z;SF^9^(rX5kC^ygWhmHSE_%-+ckkr2@Ppbt9lqiDeQ?2bg=z`BJk|HKW!m>K*ja^@
z63=JL`8Y~~+8(|Fc;nOi-YycDjU?5$X&*(uh1);6%UeP5x86}|Y4hxdLrj4`Cr0WT
zCSru=Xz=ZLZqVo(s<ldqw(GoUwSot!8(K@X+&I}_+i!!FL*zDChfnnxcNtPy{;0jT
zog?xG3)dgyqz6#0yHWc&8A{h?(W~r?HQOiRxeR+}MTR<GNunu{R)~6KjCFbI*|6v_
z?_x|9G+fy2OT``}(8_HkzTK7G)?-y!Fq5}uM=@yp%}O6(HODo@B`bGny!7pHYfq(`
z6&8n@E0?};kLRv9*6(6VCF2Y1G@BD)gi+ni8L{H`UEI>oy~BtNgC<)oMX$db-B}Bv
zE|p3o&pyl6+*VILpo$Hs03e#FcL}gE{C=m{Z|O&p^4ZiW8qF@GFZgSJpvJghhmMye
zW!dcDKq}BLg-DS7Odj?=B`c}PdH`<+PGrdwuQ(2!1lob>Fk?YA;h<mVguNg1y$a3o
zS$m~ejf#IM+T+ga2wK~V#tiLSltcUcHofoGU9;kUB$BGgf$GX@Ty4a^{+v4kkmFOB
zEU5&t#MurKwfI!INKFz)s)wE}kcQ8rZv=s4Wm!4*aIG2s`rSTgpf3XFo}zu0AApH4
z(PuZ<H3g>bUA83333{wC&U<!ZV&H#W6KK{>%fK{YE78Dev;7VU85<ebwO_@_5>>Kh
zILcNl6q-{fj1)Np7YLP-By{V$yQ`F@WS?43@h(2gmibNsd_1z&{blJ~^RGdf(fvfl
zOyFYe6VFvG&Y9QRq?-8OsOtoTm1J~Nv->UKmh5l-z+*q|$z#LIzt+X79ti{sEJU8n
z%;ZDcl+qfhQ7@&^Uq?cwO(VsfpP9DFH8xnNQ-p5%j-bH?6oyrPR}Ts{olM<U>5`%?
za;iS1sv1j?U@7qhH`VRRL*h*`lrw(&%bzW6Y80i&U|ZCln!0umJek=>%D}I{n7mBL
zg%{1}$jg`)z110NT_oL4KzS4<m-1R;{|{qt0aewvwGS(T5-JVS9nwfQ(%neO0YSQ?
zn<F67AdPf496ArFgmfRek?xKI-{$J?{onhJ`;PIAaRxXJ+r9T%Yp%KGeC9LflsarY
zIDhv=HpX%n?DZi7ii^46f5mainH^W-I|c3#CX((tkh`NwVF?{urJhL*`58xPA*tyh
z=4gRk@oDF43|>@C*lL28Fd2hdf?R0bRqATjeoJ@3lnPUWL*w~e{KKYsDd$v*jb+l;
z$OP4<2HFq9FKTmi_BdrDf(xVlRI<Jls`=EuoLywyZ4#6it!7Cuf6t((FK)vqTpbbt
zbIqFQl0i(z<yo`ZI?_OGi<Bg<VhIVyTrMtbd0}G4?3lpcH-zCtj0;TxIub0TOc(aB
z3@;kjmWud>L`$74f3S;uP~kMZr8OaC1%wI-^dXM;%A+&FmH9Z*A~gyXR>kU67K>iZ
z0*DZK6L{gK=XurujZDb$33bSKhJZju8p)hoLtet$euet~A2J#Sl)3#M8C_y&kdL}B
zZMWJQHPNoI#O>&~&W?^vNDzmYmX&pU=P>&ObebV&WCVac=n^-PQi#+EThT24r<@j)
zx5wTdAnR&mzW9-t@dla!o6GZvC%^k{Et4^!U(@ytSePU$C3-AlHsux<Q@&1ud@W@?
zp4j$}1o&wwOD@-RXeY;oqwTi4WBsy%N*srvZ{dwp-&fN|{mkp$^6OLagT(|IAE{b^
zPx-Rr`)Cx6mEI?xpH{$wS@5A^{!i?EgOC9D3~SFaC4jzoltT#zMItT}5dx!zFFz%E
zJy+I9jvYgD7S8|%uNDL>owb#2kV|Dv#mcWG8VGZ+jV=UWwQo4e(^<i0u%KARVn_N{
z(ZZEH;W_*jwG||q&Nc<H$h-`>Yqqj*UR@ggN+O^Pw6ul<7>%p)BLhv$drg~15jYV)
zmOFeQ@^G^YJ3dO@??@2X0(wWhcRc1#jlDjakjb3qLLpNki_h%~m(IrSEhU3E-79$?
zfj!+bmL^0RGwX;6S{bj<=YM1lsaWjA;>1vjX?i()OyAATa`!%*`GD3SH&J^W%2Cr}
zz<{8kUt@C3<1DBGQh3hS_wEZz)l!WzB@^yUP<br##W$=54b|6|{eB5Eb-PLLnMu;+
z!t3sG@91@7XoQS?>^!7)PNTN@Jx!?nBH8b@E2XSKt{tE_mkT18K=1z(PBvFm(0Lam
zYb>>iQ+_88@K3vLr}e;5$9I*d4Ep8O&i5~Be2ACLK-hD%|4=6W6)4hr2xy~*l=%M*
z&I$Ve@owdEmVn$*YR~0G#JSh5ua6g)+~8|;BAr0ots1G?qz?~zcWpJ*Jo^T<KRfb{
z6hM%2m)4Q$rqN9m+B>LcvBI<G7j<<41JNUHLye_pPpWqS+*gRoAW_X<p2NAJgGtA`
zE(75TWl#6I)3Y`=18R~X$ibEOqHcYXoCYAzaXaorpn`t$zi&?E;d==S6~!eJVmpp;
z)&stsJWEU$V00^N{H-A0Hi6a2sI*3?w{Gpuu`sLYml`eRz}b5$t6%RB+~fVkA7U|(
z`Wi|2@+0xfv`VsOxzx>|B~IdYt8#V$qV~RdzXZbM;!E_dUs1-glw5=Stm>mw+Yq8!
zL;`U(0ws7YV$3o!NPHqy#7>ZQXqXC6z3f!*43EcN25X$SZ>@McN&H}+u1!K0Rs58U
zLL_)&I4g=$rVM=jkNJ&Q1_#p{SWrR6=~*L*BEV?kdj5&V{cG+G9;g~H)7aHNES5tv
zz=NT8v)D=ZOAu*&{%JQ&v~AuY!Dwl~54IY4{{kp0SWr^(bAV^@qodsY)sPt`5s^T_
z(%Ej+(8{#gy~WA($jr0~MEWTz8riD~v+9}CQ;&o^+Lefuh4)4*+q>xzDP1=v*;Fp|
z1)<rxF95Q{ky40dxA)2Exam!i*kMo0$ATWc)_uhxw=CgT=zDSmDyrrxJfysJ#Ijg$
z`MBOm^4-Gc;^NX^)XtyfN=!<2BN3iSOSrhgFGVhmeB&uqoq_I#Po#&&GaED`dGpRY
zr2>qUT>NI7c>NMwDpJWV<Pjm-n1&2AE0e5gGaO4yj;K<4n9wjZ4MfN^rH5h+j{EDQ
z4>I3+7?-0L2Ixtm{dOzBWF4=cjinKsO?d*@_U&Q6QWKM=!`CiJsk_d|DN96R^`z;_
zJrt4Uimzc`o%L~`Gi)^3&q5~P#W&dwx{j4+bGWxQ6Fa*tU#Mk|YSomFOc`HfQzTY%
z)~xm)wX26RpyU>n{K}Fq!+>gd{6b^to7^sCvS^z;qr+sl80(DI)yy?3DYb0xs(YHJ
zT)i2z6)b?rDt*-;cj!><jm@nBu%=8v=>L0D0a3zrhUk)iBHnY#08Ix1(B!V}dxVgC
zSQDx4S*PzqDDZ$#P;0|RkWgqF7`&sT5P#}xl1p>hw=I%gSZLobusPtDfSFpHm-m!s
z;d0{fZp%@)-O_e3WaL~+Q*${lxn<II@WCv(S-fvK_nL2Xb~_!BzK#g*{CdQ%&|aMG
z@=*nYRF4fCb9Gl918#=iJi(;aU01s&t_~X>iTheMATR`ATTpk;r8%{a5-yq9MD?EX
zguiKcR*R<_zg(>Zo0kZ2unCSqb4+htTUbnpOI~!@oj;FlGo|5NokhClOQUsT?v?L)
z(RX&L7myq7_Hn@Xart0s+84-se#u!8LQLrXox|f%Nj8fF&$ESY*N{0XY(oYZYidqz
zq(;+IY^XwldGcGzJf?3267s)usJPxH1k}nPrr~p^R0}(6q{*MqCr<iyIyOb6mE5Zv
zkEK0=9!0@9zwTo|TTbHMVU9}dTRrlDuZb2G8S2ut)T@Otz9y=D`T_3JNADtq2pPl5
z-DPEc3H71=L_*Nod`+@!2VwENp`zZ_7pqK5t}1K91qdJ9%3NRQXdc_Rt$*v}`?{p5
z!(<fq#A*x|FzkjUwUnfttmzw@Jj<8Y{dJRm-Chys8lWGrbXIt;<H1RHgV`56WSg!>
zh@_ti)UZmLC`xj0H+x$TJKB&q#RFO)L9UL^^@zIELXY^til9XW?PEiCOIyvO0$3Xb
zrIYhGqVJp_Id8cVGAGg1Ig>2xlmCq;(WVdJ`3<3hv;QKi0HJ&s_MvM#BWolOuhW!l
z?>pncx1#oq!l+-boyEi>49QQs4b)p>nb5MsgYH95X0<Df0={|y9O@~kJ2ub+^b63x
za%m+r!FVJ~63bUCA)o{aQcyq-*tqJ*xOa+*iuKE1S;IbVrwAwbCD?p{DamvuRCUb?
z^L8{3r7?9en)OM!#o47QwOhHJxSy@@zvq+1w@w$v@}Ca2Nu&Wcc_18Sm%c8rAW8%c
zT_>T-Wj*6`d8<oh`yG_Ocfr}d(-=x?bhOJ^YG-H7@9*lWokynrtRJ&lO8l@9-b)<p
zg`0o&0Z!NH=IwZozsX>;c43={f@`4=7ljO(K{}=~*uHD5&g_jEbG|$&4y@U$xMt_d
z#;yYuqp1ZdAuVmegyaveuWM|2q6>8N^@ZG)SeG{|Pj|{c+6u4;87yA)UXyz{467Yp
zFKFq}=n|;V)eS<@UeUX)D`URhedB$56M?i8P^T|&m-*YC`c_l_1I63KgqWa^>vuY=
zjY}4g@Shs8i>|?GEfAmr^#1I-k0;~nSSXB4l&=QD_uQ1TdcOA=MM)b;P+ELLb|I4^
z{27I(g#sGe$oVj%pszCD+Kl{qH9LxF<j_On(&J!4+}vV2a+^nkOq$Y-xtSk7$|1du
z+tsi+$YfFy<;_X_CYI%|Lc-k{x2_c&v#S?0n`;A#((ys%Mb>zaOLZkU9qntq9RZ!!
z1v=FAICIhgXS%=)t|c&USw@jssXY5WY1}3Csq6&$C49%L`*)_+oFouTZ|bSi|4R<}
zBn0?C92gmQ0EMY72&c@zwj>H*m&Kq6-d!$Y;^9Sj?q9Lb%+5;Z7E@4ATz0aOidk8q
z0qSV>tF`g3=v;u*)Kq-}bd{%~oW$maeCKnd^||~(Mj;Fm`!+>SLPC<ni;s^lLN1xj
z50sb(e{FEwu+#$Ccdm0=zG?;rU|sbBli~niFaYeF(Q}j^bDq#l6p?Aq=X>+-x;oe(
z7ja{N`CvyoMmcj-b%lF8f)Q=Xj>BiahfD_Z7svX(^MNR;L8G*fWBVxA0_$3)w-0N5
zN0CUirG=vkfdd=pF`|qOeaG@D5*Llm9KKkd{R(2Uolsnzdc3L>rJnb3b7jUH8Fb<p
zbGR;liu^%HNN9@DVmm}43;D&%pU}CFKPAu5Bx?~Nc3|75YFHf<2`d(uY!N9Hu?~20
zI1pAJDaid&q3-QjO*<7T!7AzgYALK*_6r*dD$}0GjVYT_!dZTRhI1m7;hqTTXS2mh
zR^E9xNg@Y2c}X==@N4Z+S>4H8lJe^cw$>+F%wtqIE$2QMwYxhTCeB3z`7jo%9}QO?
z$yOpSA85YUgX*f~EzaVMqcNxYU=QI}opJHrja$9%))Yn~TW@VKT!<^J@8gU0*qPNu
z?gsNjy~?Xv?^?ck@chearIST0KJcM1P_x<=Tec0JI$6`bQO)(E9$iD_6A=}4u6DJs
zc%DqiBqIJDspKL2bGupHS&oKhYG~w=RqIn*CJ<5N(1#P&KnYTe=PK!q5;Ebn7geUQ
z(l9Cmr%T{7#0m?jWqsV0rw&PASeHDLkqQ1;zeHY8{Vf@m`bss93KNRQlw1=0vB*~_
zS!s1QSU0p5k7Y<qt?};K@sruF&qo4%c5H8@CC&86AtZ0#`T~rM4guEPy3J&d73-Vd
zsBrzmq*kXlYP6fJ2~*S;`ii-^3TCEUQ?=PUb{Ab^^!yfJ_}=9qj$CQZQ2S)$HWd=2
z-87{8-#HLnApljhf^xv+@0W(BD3?tSyq>dbe8aFMu4^75J@UuObe|TzMcyhYu}qeE
zqXG5V$>R1|3|fd8wLo8~q+c$ZiFkhM;l^VHl?3Z;{{%vyFNXwA!se|U9L)@Yf*AmP
zES7cUy49<!xcG-WYjaR%D65!@3wLi{pZ!j0o%T339$sGXM-DSQHopWUf(v0;fS@K`
zl~1KgO7dFMhUD@n?MFepG?*0!`n45d|GQp9iFqH_$xt@C8^q1<Ba7zFcp~@h0biW%
zlT!W1+MfKV0>vGwb2wqLs(V<NC8UngGuQk}7JjfWS^Ii8gHWSp@><?pCFHrM^7xX3
zJrzJOIQ;Iu8pRwbMF22&Cg28Iiqd5{VpW>wvS3rC5hReFAB;JDpsS?t`e^%_+sgw=
z7+|7^jHT*S6lB4`uWg-k$6u*L$<*9X)ANqw<-yG@jZGqlK7I~E=Zh&<PK<o{C+tcK
zA+%;r6n1hzpNoVc6~D3Gli8Zsh$0RKlNDd=$CUbv>nf~tgHKo7qFBfXZc=ce8efW&
zA^YEC5*}~jC|i&1ixLZ9(??^Mo4>=Sjf8c-qb9f}y@9nM>pME|A705jx0i?`INQwP
ze~vNp|Aqq#-_jA9IeYvD(RsH5UrYsrZSLgVmi+*X-S<h<HahvH#j7|g<-UMl#dr>r
zkL2#gxnlu1Xx10Dn9+rq;Fv&0RXQU%LzT}G?IG=7EKmsboV_-r1L$9mXI~X=6eUt2
z*3>wy^em`pgs$PTV76kZWwU8!Nx$}0K>0$}>W;{;m)TG+cc|tJa?{~9qR}sEApTb1
zL5IEtvHuP4I<NMNZ8;*isg#(}aM0G1f2KrMg)_KqrOQP9J?vLSqGP5la?$CxfYEok
zGA2>%nUvi>$=PX8dmA;oH5$96f}KoRfKUlysuE^>gild^=JR-ZTh-=0#`B^SoQnO=
z$flE>)8_+ce3Wi{eT%PJb(;Vj+i*XkRwy=O4cI$R9fxFpjC%=%q=and?Z+vdWdXRp
z9N{zMZ-cez-0V+JSdvO=GA5_CerOhy#@}fD77|}@#abuTkd$0h-+`#Ff8xe9yZT<V
z@(-o`54Aar5I8-uzsBSK#hlv`0qS$yv#W#iuqDZMtNsHaZW#np>5L3R?){dVK;uz}
z0et&@WlZ@ZOiu6h>(|=lhL1J2C21UOW@}%Bhez}Dilb4vy%1)XJ8txpnhc_HFYM88
z<#&sA&|(DvR89!T$;goD<Z9z<4+)kU1Mh?ze`X8w?M-~?fsNulyR~;8J{09TWyZb|
z@4KpIz(I=MR>cMMzeakCkL1haDj=;*NK5h;wOp_2`qZ?C!cKV68(qHy%Z(&74t6Wu
zEQwvzkr`X8Wy8Q8(uuRZdMRo`O(0oKXDjN>*DY_=glcS?+X5W+wGpnH5qhj}MtNN$
z9^2+TlBjr4|7ThT%g+;5)VPVVQ<cK6|A8OAoMFPR{uQ2|SMzXwcc{i?;I5k7^WJh|
zhGlPs2M&)jOku9`Ci7Yz<?bJ>05=z%4Mh5t+eex#mg+fvye(U^V|H_<Z{H~tDj=g4
z`XIB(o6_o#6mL50A^3YEpC({6-$jkrG?Y4SESX`#E8P9&^3H*HM$>X3*QQDBP_44x
zNnIrNu<|a~-`uVWJXCVKqEH}X`h!`L&Z>NtVPGW%?M+lvu6)w@HXk|WQ)SX><|Mu!
z0KBkUQ+z%f(-dZvVzF2tF2w&=u(JIUs`iq*$ruXVSfgWeDVi})`@6@_ql9w3vC{1O
zarcJ!3?>aA64v8ZK0v+phzsRRX#IVaul<~kkCc!X^}j<9z9T>?g%#&krR`s1<dxnZ
zKbY}>va;Z29gZj%*9LUq{j|pgqj1c+lWZ)$asPd40X;rQr~v9WX=&}%oT(lXdTeVn
zcJ+1BttRzzN<2TJaj5blxIf^?b<3{rI2e1A^h@pV&Dbk10rqO_*7w>GZIATdsX9z%
z-*}viO*e3I77%GEm2_7=mt}l4&e~8NN?hB(Nles7d9=DfZ(tSCy|h;qKhlPm$GJ?z
zaaygSOd8QCo$K)vLtvo6%Qe=k&}TYJp?^qGqI`=~-JwrdHlcP;B>?Y(JlF01xe>IY
z^G*1wWR;rzUbL)kD+t@(*gu?}hic2IT7m^Nep7m)xo|&TE~K#-e-<CAF%LkVA>4Uc
z5rsXBzelGh{Na>wP-X{3S<TR^Z+*2K(M{z}K6H7?`|&*=CimnuAjXfiTe-A9)?`X1
z#$MW%)Mq@wR`Ylo1gfR{JkYn-=A1r~J;xiJHS#$_qQV5N(Qq)V_~%z_Nq~Uzqn*mG
zkbjVIvrTftg`$h0%2o%r{KG8ou7E9pdq2R;u+Lf5f;EMJy_}HuZ{L%S8`o(^q!X8P
zIPNHGyV|!o;vQKfNsuNb#$-sAy-Ckd<0g$Oct2UV*uPP*$0YlM_k$dQMv=q`VHw1x
zv+&6}uW?-CaJ^4QEN{QCL90lL>`1|OC`N<B7Qg{;Fq5<ws<q)Y;WRn1?|gCfq|5r`
z=R&F(O~*poKs<zEdw6XtIFXwJDRVg<%g{f}AXq5(U7=R#?5Egtip|6w^&OBTYH_ip
zRGb7hk>&n)O+>AoEewdQJEg{91%E17VFDrw=ZKKCQ+g(CVac7YOnn;Omc=)c1yy@`
zk;<j_1RFV2EU%3|Z*nE=DfcS1Y3P8LF{8z5FKFJE`X?Pr?JlbNJuU8Wmudx=BI7@#
z|4Qs1%JnNnKyIaCSa$v*Y`zu$%6I@RJij_iy?r2E-`mVh4f+C2vLATYwy96K0WRxO
zH)0rUx%{vKmmiAho|ChXl8zJTe#9Pq%>raLG%~5oF9dgVneG-8cDwwFoE)D>AM7UT
z<|FjZdtjwJo8)6De`c|q8ickbA+JRqlI%Y+%2z$iQBHfYi}K<nP9eS8D8bi^+)^~j
zI7NRc7Q$i>h-Sn)en1hHL?lP9ZY+b(POj8NzBrJbmx<dM$GoYg+?5fA-Ol>D>{*2>
z7PWSb0omuGM$uAM<6)?LQc&c+l$;p)jDUxV1}1f6e8-GR_)n={XOxA7YHGMaUB4@u
zp1toh$VDrSiM5VE_LYlP18b^o;XDiV$xZ!uW}H&8T#qP3{64$q1A}I&NE{ocpr(g}
zX6)PqZPcxl+T6g<{9fc2+#wPfQTd_QerEa6x0bVO&R*6F0#DDsc>cQ;C)4Kq;2cNL
zSpAdY<O-ZSlI`+({y5M%Z^lY*V0pj*xwX&0%*VQ0vE9nry^0HlDHDwT!zQ{?Ua08!
z(n|W%QY`6SzjJB%-z>ZTSW;kN4<A<5%MrxK@aHf0)c;CjAywzJWCVaZaLc1l;{ere
zpAL8q+;ItA2!MXjt9Idlplz6vGgXU(r^`7f;?QkvBb*|u)r6B=iVW?()e9sg>AjKe
z$Nca4Lv5Q6*-?#NIs$)#RADra!GK-}k<v`eVy87_f|1Pr8T94@c~|}e6A<4eMC-Nw
zp@V?F$WA5)5J;0~6lYtxQ##UCCu(0hlKs8W|9&2jWed1pqRT9Q#|`8S{7)K&6G3~Q
z{DGkh07$g$09jVY*RM}Q9s|EaERJuK7VK^IAGH_D{wxcbdFKVKdp_}E&u1v;(SIz_
z|76Y>QUhxRRBj#m2gn!#lAJ<c6V~9$wf9xoX`Dv@4{?2X$b7?DP85(`lrwE;@ZazC
zKw`Fj7%<VGb--V+q|5IixlUoE2N`5+pI-6eVL0XTfS0S!DY*2IANn3SMl<Ta=2|`^
zYb89u;568swtsWs+Sq{mCuORl0$|-3$8(UdD}dGkcKVPa^D_xx)6)FewDhc7>`hzY
zz|h=RODcx`gNpedd3(fwg*14yI`Q|4C0XFVs2+|^QX#P_H!@G-1Fs9F1SBZkbk^G#
zK+=WJt^Ymm=zpg1U;p^8-aC+4_CJ6SaJ>31KhV~Q<pjHRfWfEG^z8h*|NkHJ+I9ns
z^|*!4IP&i$ZKVI80g}dH&0HPuKX08a17z&bcbH84P2u||LHB=))FYJ37r+gCI3|ec
z|0Q)mR`dgC1(0oojsyL)o+Gh})GzW$0Aogf$fA5g*ZHgoNLGAC7bpJDPW~&6e-!J(
zPhX0M1xLU@|7&A@#>e~vgaIP7-is3sa)MPB1Mev;*@gl2vQ!}s>&BE(P#U?`&{W;G
z_cjjvk0Jl(d`bm=K7x~h(S`WEbQu5clY0NpM|XhbJU>lK<u(Dcx`jJGu6I1D_!oe$
zf_RB;Rpws-M3SwT=&SxEZ2#|7|IN5LWcriOTx~Xh<|+O+3_Xa!wy>C5_=5<di3vp*
zPk+dpUf_LXc4O_8aRNhHViEx<KU_M9#RdvYEe(Xl01QI_{*Vg%4=46N2Gqub@@nz^
z=wi5qua)>uPU>ec7VsRn&8bvK*FE~9NB8$%Kjpgr(^z3Q^_ds0=FELMh8Pwg^B8id
z&D0d1omAdRzRoHr3E63cA2eQXzw6T-)}No4cfRm;y_na6ITHopSTHodrfil)Z^kC~
z9abZ+zIRvRO=w`gSoq%HXtob05nfZ`TjyJJ+)w$=*Lssu@7J*pqksD2%5mdk=@=nr
zQ2R`FFZm+`atwEbZGK{RdBeAy*yeMb>hBITEMz&gu$`Yg#(4C9e1<VpPQY&HrM`ZO
zf3Nw(`<Sam07^)aoSvR8ZGVf7z={kN+ZU1np702P7NgC-1_dKZQWOEh4N2k)^23Aw
z>j%RbaU79tL0npYEKBUqCF}~K;Rh98KO=#N$q)UWL9};n3Rsape^x|ZYM-Hffw^uf
zx`ey_B5d3D5%TB%`uU8GV2SVw$eC|zr}*c6=^x&A+-u(Shd+M2`S`s1Hw;A4M~MC8
zpPyNA&{IZ=B9b4XN+55%ef044fBBGKBNw0;LIWdOY9+(}{GC$SaM!AtnQLXXRhO|(
zeYGh!U^asd8A^Uw`IhGk3NV}sg-7U<6?4~<6C?<%JKEXQ|K}8!qdn$&9Ck76Vu3mJ
z_+OKSp$NQEWi3~Q1QjA^@|-vJDFQd$aFZ*U$I_i@Y)tYFY_zusHA%#dR54u`Xiu4f
zoc4&c#NR9+@ft;RDL0)&&F{a?4)En?b>NEi@p%9FKU1zm{>V3>rWDZ^|9_rDtD-#>
zo(8@P$Y4(4+EGsubXOZb!W`jwj0~L0?W&Hz4NO>+*Pi|#>-q@cU-!h;MdAMQ7QAtf
zfP2>x$D4m?>zg4B92ITrLhK52kK=dQRR9?8xt*c-H#MBBtdTA7y#p05FX-V4SDa~o
z;yw?H5+dy*UoAtapbsg)O}btkhn6>eeVOn*Ha>PZ!N7}D?W@#SpvEgo|Nm>eZO(uk
zW-|Vj7SU5ol~vEviIQ`|c7I^RH5V8uNWQNq5ASa7b8>P%dR(n16f`zAPA0kT&BT#<
z?y`r37K>xk`N#mRdCItim9FW4=>l`}8j}LE5mvG5qprL?T9e%WaiA!!+R98-hJa9!
zOzi`$M44V4i^;~C8ax(<-|6sCT)K#zSXmFkzlm2{8RDmVGg!Q@emjQf{fn>B-m4k#
z-C6E(CXc`3mc}iq_*Wbs_JtI}!%j0Q9m;Oura7EHxc?lDg>5l61y+}obeAZ(UGhh%
zoZCqA<Ssb&Jl~bgmKLFu0NKCo1lkI5;^N|t0R0t!XeLtuX9WfdAezIyQ4m19u4g|(
z>@Olcg4ER1w|e9HIQOz;A4`_cjE3dGey`g#$&TfTW#}y~TGXv3uxO42uXfKxxbL6t
z&!+P`55@!*7ZsUzjsJ2w+twU1pW+D?m69^1$SdA5=njcYie;<}#zO%3Yvc8@c_o8e
zl`$*A6_mO~cp5@R6?cNRIeEFNy1Gw_)ae$&)sIGg<mpEe<(jEjS|;h;`MUHfrRMbZ
zCJCE!HZw3*={Oc?v8qN?)IVilX!mv?vzVe6D(I1pB+jyel_BBcM|H@Ps|sH53|Q~i
zeH)Elbvjy+Y~A?b+!1yoQe0-RY-DKCqSSh?K12p9)6dP8eyJBcXr{B-DqO+)JA+^^
zztlSCfQ(ANB_65vtth4nb{nAdf`A%5e-<D`8CZcqh^#r+=QcD1$gszABY)9EWWlR(
zj`2oCBEGG=g~f&NpdLmIU;OONv3&G!Vs};=TH0rddC*(vA=Wvt6tLjscK*#W|DdPH
zz$PUFg~sb}UY2FP@qco2F;bZ;FV@>{er<@_<b9|g8<&c$puz9m7-kB-wlB30eAz0k
zAUKIE$Gg(6oHsVjVP>i5AH#)s+~kxS7WSM%qh1c6roBMz8*V~6$onqFsVX~`uYk%B
zu1~d9*s8x{gx^%@s5@fg`aJ%3$@`YD^ZjWP{4u5qs>$uedRg^t82C{x+HyXG&15t%
z4@G33_)SVuo%wR{tJZF}=W7+;{6|iUzI~wD&!x>;z+GSGG@g;(W)t=&|CX>A;Bmf>
zEuoNwLKcR*(#H6<a{?O$24M3w2UD_MLw4uMhV66H8fp$52Unj`**xye*3TH<KQHNr
zZC!x3uYkI|9QL=oj3ZY}XmA)EUN<r4j87VF_$k~tr|)9T*Bis|k3t_I`@0j!f!%Q=
z<Y9^PUJ>>9WGm?sUrS|5h!)&iV7qBl^8^v5h=GRKp-e96w(qtQsH|4?o0*dKc$Df8
zH9+CVS0JGMj4WrcgR#Fij&U>9^^Q>PxFEc^?1u}`7yOVoI&I{q$x0^NGpP9y66&&2
zLSmxCbm`2~H$R;3h97@${k$%%AC+zW1c4R)!lSQk_RFKXymaqc^Tz;J0!z(QYV4VM
zVv->Wtt}e@1W2k<P4|Jnrl9bRAQqM|@M_^rEWwn<sP{g^ps4N31FFf5<)Hf~?>bx~
zrq?c?jT<DB&MqJtdHd1FZ>Ot3NasBlpJ=rDgt!9jIuH?9Tg{D*B{rZ4+Y|YAD$eM2
zZD_FjjHI_xsMLo^tcajoObj=IhWo1PYg|E_n=Yqoc)G`3d1xCjtu5X{ulmBO(;>H1
z-uJJzj=kC2*&mK|B{%f&NrZn6e&mSHgp2;6BtjKS?P#RXtbCqq+6X!fizuynB+#7b
z3nH#8Es#%uQu^y`GNBVE85@_2d8z{W1cYUR+zRcoyq8DOkwDIW7N4W3=lWQMv9!mM
zuj=t7P$hb+&G(5@A9I}=2t>+dw~#UzY_&L;Dq!9fM&PvEfdn~yM_PX3&&7%sJ6{xT
zUiX}by2;f#7fmzHw!2#3U9P-Rnev{1>j<9y&N=A^S50OYSklxo9mU}&?DN^rk2eK@
zq?wJ*J90xIWXj1{qsLOfGFa6l85ZL8T`?u{<WGLoDtn)KvN1G47^r-F!7JPnf#C>3
zeT9!{i!sd6zITe!LR15z`!tr<UCZOEolYK-d%dw%oAtI1=4K_JqbsM!Z5InFt!`e~
zo#vnj7oVw4n}rHeMcT~_=UVabs5<6$M`z#~xl7T+^CW@d(9l645}WBqN6wvUX*}`M
zyEAawUYiMB)9SS<Ne!PnD5JWM3#!>L$6de}sldj7eDoybprzVn_MC*iHRE>!tr`NW
zY2L-%(DqJ3>MW1;Y>Ll)ewxTG<)PU9i`tE8p0tIXNC=_i^&R`@`i+sFF?j~<=e=7}
z!cxS4PGk&1z~l*x@4c$fS;FnUUurM*J<-GFdgMz_jv*VBfQ!Itn^m`X=WktT=W{ZW
zp<4pLz^7yBcVRO@G)&$B%zCxMp{#cud*c~z>qZ=hgy<r}$?hM&AoZfFIjlf@f!2C=
zyCE{NKi@Pzs@Gr)d$zN-hSO^^o92e#_ak>ZH1?Bs6Sr?d+*UOLWE8tQCp^stmZ8d@
zo5vL!=xV#DFo93SxOq}NROF2eJ&oEQF621d;}NA@s5Rm6uKA!ZLqMQNX8pm^F94}n
zolY5<n_wlt_j4MGZNBoM1^aekE4NT>Gs@3vL{+8<k=BfF9;e&P0*^hF1idyhTmz9$
zqDY&s>m_K@719Y~$+fMb(@rtmfUv^s{(QcOGnR<?vf<frZ~YySRnslY%FSZc?;A2%
z--HF-spacj*ttxu<Dab)(<X1Hmvz5QW47oN)dCK4x;nQZ(8iMm^wCt=K_=C&rzU@`
z4#1`=IGQg!->D&z=j`xLSZMKgBFErHh{AH8)?7M+-NTCysa2@<jg;R2=T&A%ubkyX
z5pHf?Ua!mL<to8xB>48n1g);GR=}a)x9DiG_4Re9m7gebatb+k%zARHhAD=C<~rRj
zHhynWx=_C3@BFq76g^U71uMAhd0T`<N;Koj@XgH<+fC=Y664|VMryJD;b9!Lpmzn_
z)5W%`(cMO!6gcUV#1x^Qww28kuovzJzs5$5oVMfT(Q2QfLUpVAu_$L;ghN+pNJ4Av
z&fFu=fB&w{+f8}zp4RMdy;$4H$m02CRra3W-Z^LEdyUn*UYh5cKW%x=a&RiBr}>t3
ztcwq|R|yEYttF838+(7;TpZ*YcS_G^9r8u|Aid_cog+tVX6}3w%x5&c`de(=J*v02
z*L-$zV1<8a@gzg<E5+_wXeCi_rKUN{&!1<ViH?9l!C!8d&cA!j#3&#s5HbgmEK1iv
zz0p>Qii>03vrC$eWne7+0?!XZ`ilPqS>q}xF)l`2F_}BNOOY`25`XKXEJ|E_d{D(n
zxdjOPJ`R&eYG+Zux>+~E_Qy4sPqU@v&F22Rz<hk!n_@UsyK-Oj&Qz_wrzJHswJZ1l
z)zgw;rX@T&I(oBKU_Vw>i^V|7^I~_D*3pKjCOrYxi{00pYxWVNm3T?G|AL-oWx)bg
zM&hKn3&Z2}&R23Drx((9!?7f9zOU#W2PVP~i$SvSu4aNc(NSt=$Ykp6Ql@l9?s_&|
zGYKNdV-_MClQ*t<>iN>)HZ(Mwn4Pv32X@rxyc*EG%;98sFYNwe(g79bQh)$q(Qi_J
za^!6?WDRs>LbbSM_khFR412=gbhLU#f;0@mlC{b}nOw#1E=j18Lp?)kSEN~q1-r>K
zpWVGx@LYb&FC-)mdUAE?zARL_c4<FTQzZjZ)_f06kGj0G>VBu(gfM>(<Q9H`_deyg
zEQX$XZIg)XIo#*Ne9mrFliNZek+(wYpO)HMz9lq5N`+Duz~Kw6gbjBV4ci3w{q;Uc
z6F$IZ;nZ!ZWiEe#uuS`)o32Uu=gy?>{<?t};fUjxq~XrRrAioXZ<jRn?%Vh<f?oN`
z1VMM{54XqiBQXq`X=gud45pqoEyCmFetzT%j2Fu}>mq8+GaX1$1xi`sSlG<#Qi%<t
zLV5SE&vv%%?+zek)#8CKv%AT_@0F5{9ZZIVZ%%^Tk1B!PlCa;LD_!D$bJ4T@Dkk8P
z^3{WGa(g4gJhCajlv{JPnfXM+r6}*<Q+iMh;B9O&5Bg<#9zb-qYjV~QnG*#BaumYy
z&~w?i+OxEl;{KRCt5rQQbn+GpyWfR}j@sAOJ`%DYKXw;dhfAJpj2^9ayN%&qpSK3^
z2L&s?yt&xRT{rMq=I<uD2s&j#<)cGnPWKU<-y=TYv|I4oC+2@oYEb9GwTF>~Z&Poz
zIj`2=c_!jhGF1aj<bIiM9LbxT#XRub^(BE4(>5x1xio35I8imWSKv$1j6wISnK6f^
zqM{ICz3R_OXcY;N;f%N9gn}OnFgRhz=|Zc!^HqWGN-swb5NpkD4KKncTk|pQ*7Xgd
zEq`3sRC^cKiGH(bSRKq1V~e60NILuVyg{L=awP0L5=TTcux#E_B~zP_RVhfk+E;Q?
zAf#3u<P+XDlit=>0N2ss8$bA++<7tW{fo^6Ep#BB3A6@F#tzlFMz0Tu7K$fU-_l7L
zTD-Abele~U<OKJg#_45mK2uguh!zo3F?lc%g97;b=5hO4ayY~ccL=nd+ToP%-$shc
zTZN{bM&Y?_*@%?6?r_^|#rxLDA`<bG<d@Ai_0jCFJsu#tBZcTy$vILBCTF5T!@@)W
zN=V4(sGS7NJMWuCrhP?zSq?nblmi-4t@ESGLg+1dAYYX*<`DM&>ZdBx0gE=~C$HD9
z(IYkZ&)h+`yoN^|NGsh^Jn?-R8`bGi7%~sWRNq-2)7?xhvdL`ErN!D!zBT7Dd|5DT
z3X&#rivoSq>AK2de?NG^?L{VhGZwiX$sW5WC6fBjo_Kxk(JjJJmM%4;JWU2PYRq0Q
z_5eJJ63RcDVus-*{j<ORMOH9id}S9ZwT~k`IC*|sbU{xLFewacdio*|AiycD$LVou
z{tLYFGx&5laCLrWC0@@q^A7%OI8QOzd~1~TeVRx$0xRAZ_@?xb3_57$r^wCp&}M|d
z(>`&a7Rt+k@7PIh;>ih7Hci6Xbv=W**d6kNnn%ShFLf(4Y)GLc3R?L}Bp<ZG6Elk{
z=XPL6IvrIiQmYE?Q1d>mvc^{ytoeBXZH%Y!t0oR^mEk{%;`%Ix%2Fvzj5xjN0}4^_
znh_u_djiPlI$X}0>v^b=q_-q!)Q2mVrMh*Qde7!rVk#3j(%L>8F+Dr?vfudj!J$db
z4f*@ouWk?}dKDt565}ZUz1sjU?HAB4I};<FUeHkVdLc)?^4RWovSfycP4J26GJA0_
zgRaLxksi<6{VKx&4q`s9MD3oO7nXjJk?cICZo8YRMc8D@rAV{X6j`gEDyw6E52db~
zfGu?iUyyKj(3HK#vuK#d+MdiM-r9Skm}eFR>s^;$uhjvEO{SBHNiW=U@m+OOW_=e%
z^kE_-JX<m+2qfrFUS;9c!2VdIlvxX=zN#45_4U2^jOCij@2*zsY^0WjfxD*W<)yF5
zHR7{C3JseXBHh?;xbP{W6HIa7Wfk0FHycc_8Jp>ZM+$jbJPGaCZ#Z}?2Tf}cb5js<
z-lnFZ9?$MK{mya&KWmkN8R+2)%}Q-ADhI91xE5fxKGi#ql_irq@M`Zu=Sm~>jjw$!
zv_<v$@Xe^td%HbEfklp!i`BzS@yhTiBGOQ0jZ3eij&jfAQN}|fBKO<n1J=;$)y~Tw
z3w#q7Gq6kJ)9WD<!e$?W<wb>{ZXK_V4+m-UE7#Y#bCY+nGBO#@q`~^2Zm)1vL1B@@
znm`&>CD*q>6<5-anS6S2M8wo!%EGmu7KkB7dV24u5kXS>_q(6qZ(>?&nf>Ou`F*6W
z?}iHC+gCpl+CrPf!s|DLuSm?&mbG1`w&1W$cyZJYSzU0{(NNe<e$=_~4d9HJS9_H`
zK|t146jgjQdnQypA*e$77ul0|0@$$9;`(BR;yym4oky(zs=0haU`>ywL##DF+-do&
z{1s2g6W?!uGc7sZ<Z9=!S7RV&3p9Mo1M2%EaEGpoBOsNw?ewv>#-_Cjj?H;r%%6^{
z-_xKgrwgavok74JQWYN!^aGh+_lr`rqe2Bk%lT6o(gQHv^=+dO;>Pmjwt6z*+ZqZ!
zVoSKXRVQEOo`|Wa86e98j3kLM;Uww=A~bIN>@9z0=}vWQCJ!VK1KA#(vUVj;h#?{<
zW&gL{Gu7l;u0FwI2R{QFZ8|!M0|NJS?fufs{v;t4z+uc{ma<KLeaP>#`-=I>I@1cJ
zN1_5ckFmU5oT+^tAzn{6Wk)6`!30TU?n^&i=G8IH5Sc*{K0mBE4IR?&Tdsh+Mgq><
z^EaNq=|CW;TW~_M$9Z(8n@9V~FN<@Z$$EQizKZ@8jB^iyvW)yY{{uqW1SQjCH-y`t
z!K=2vkARx_WiUGcw{mD;v_afM{GN6m$ti*-T`3bSK2lp+?K4lPbw(Jx-m*{N-fFd&
z@SyRVZ_e|TQcpe-Fga*5BbLhj?CdjJpn;|p9UMjv;f+Q8c&2}T_|@}T2sQ>o7M!j^
zMiX?$`u>B7;_mcR4tMKX{>SrMcD4JvC$_mRB>Z1A_z^)A%c!rWWp3<$r(y4MbXFcQ
zMQcz%0HgkVo7wehrVCd8=_wTggenkyWRxbo$p@pIls_=^NZK3h9WFA{xY=+=^dQee
z7nT>`J&LWX=mf{K>k$c9jq*fsxOUPJunN8N1IgT@rWMbtxeu`t=IypA(2vwo`r=va
zQ{zdM0^HsOSL@skl3v~h$N&iEG}bOWoutgb^!TEaa+v*MM|yMBEa%`pYz9#JUMSG1
zViHz?fe&?;QO_6kv@ui0{~AE{di8Z+^9wuE_afeBfrhh@W59M8F~4frjx;96utl)E
z8+v_^`D5V8)nBhcloJEMB00xtV);dvkkCPyr}#gS9`_+@Gw-j2Opo~E&z>EC@1@<O
zEqarWb8kqOeLr68&v#hCq;vs_vEcrdG+^q}EdcEi@ZrY^t<kbT*H_tt<_n%7Yo=+}
zUjLd2G3Ms=La9FU=+}Z5)$vW9uD1Dd%gc=MPY^+wH9qfLULNHjJu{F;ecC%<el2?C
znWlx!1hvNZTr6N_de6pVNUTKGi{=tx00Cv;WF1Pdg^IiBbWe&M#(}-Bn)Qvo&vO-f
zDeot~K0M}nT$=i58pu$1Qa^C<=JR{>?6*URbuNAfF<a{MKOb91x}adE3I3M-Xj8uz
zA&{FN*BgSG#J)$xicT@jSGrldL&})oRV#z+^wJ_Gxv@0=t^w$H-ZpC~*miZ@5{`k8
z??mC$=yml*G5yUi`HZ|&^0BeIsNXy*3peya+3Xc<hDinK$3FRld1ePKH7q0M<38&`
z!2#g@1U@VAKadGTuv#-{m&d0D<f-dHW;Mg9&a}fcs+_t@^L5?i*-dcnFz+Q+0brxs
z#*I{Dx3qd}56O?^y}yv?l{5=ASsHh!-GP;1_D!apRc=nPpO<a#OAatb`#$jy{A3Y2
z76UqaOWJx#XllYX>SLYn;&oK>oJ!fRDnZO=xoaU+TLNd$P+|$Nt=RA0gGF+z$5F?<
z!bKQJ!P|f2cOBB)a(&E}qn~y(7MbtvP3IU;XLv^nW6EzD*tyQv|LWFRnOkjlK+624
z&L$rP`bX{R86!4im+4D&E3>d*U4W(bw1&vi5LovvqMJttF-4RPp>@bu_B|th-aZxL
z_go(LMe8MIx9t3P1kFCzmUI6_MiHh?d|2n!DZ&2)D|`<h0P{<^a<f70EKCGe&vONB
z+%ZH-ihZLc7hE@7JeOR$G&eupI@`So)(4la-4BV==k}TH2H^Vx%=h7`ihFy3Aps%J
z^BjPJ=Il<4z{)BJdUlFhR-%;u{9w2t^s>{-yTaNGcaH@%JyAT)>_Qm`Cs|SKu{z*0
zCrWpBI)F0~v$w=whprZ(#2b!YC5ax#vBcu<GI;luSU0W?QaD^d6NhDG6=OiBQ^_cv
zWrsWs#_?^T0qnb6p>(=6nQwo5b?{4#+?!LCu+oBzr*S*$0m5nJw?0afB-rjPXuMik
z`DN*Fkg$EZv8LFf`y6N%C~|oS%MJWy+}T;}wk%lZ2>p>ZRWHP6jk_?xje20YjOwvX
zMi-A@a$_m@yCJmx&6mS1TZ+#sOIsw86K@s2ZQ0z*oOoVF+4Zbr%FD}}-=*jj>6R&<
ze{N4>1LRDGpyqxVB0`IpbhcI*meyzB@O>94qBDuu?M>T>$K^0pWbb;97jybA3vFmu
z43MF1GcRUP>S~b1IeM1xmEh92`fes`kNj|$YIt<=t+EHrn;;;xVt!*mH>Cx6Pa!z5
zJG}C3RyS(+=aF%<L<$JyIq@*#VPlTt?MPD5#<d;Lg)0_pT=9JG5c8tf(k+60W}U!&
zdb*)Xc;X#T!5$uSmHDB*xXF8i)jDo$0k8XMQlSfQ${@>m6*I$^4uf2j^|8%Mf~^~o
z?DOIc^wKs)$=hM$pJyiNI$==5ee10kyf|f2EBuA`gw0?s4>$+^UBK!!f!qy%SpgbR
z>Y8uV?=$ED*F|7$MvQv-*9P8|1~B&XDkdmi#WU8I+F7c%SvZdoMahp5DQWgsl4doR
za&_1B7O(M~x71{&jkb!PlEO-WekEf>cH==cyuyf}kR<o?cW5=I@!ecytk4hDJF%>c
z23~9AsSH9NNRb17Bl>C`z5p;?nQT%I2`1K8%Ih0LW8Gu<i0RrtIg^BQI?ANqVKXsV
z&s2G8mFieyEx5Y9?iQs0glz_TeM%%sBH-*oVw8+Gm@ZFaWWfM#XYx&GrD1S)r%sdj
zt&&W~4n7ZXcn=6y(o%6rNi1osV4u|jG~m5yROC$(IVpUTCl@(T$gM)AhhrQQp@?{y
zAjltLaOv5_Qwhnxdk?Bh_E7r(6#d$Cw)zrOS|Igvve;E*JH^0J$N>6Dn1oSy+axWC
zd~6obefhnt!XB~0dYp^JKDy}EEr=k7=7n>uEqL64$+vD_(JlANgaqjNQt>^K9NGT0
zrv}~Hyy*F}qSjhb0c7e^<mzhY;TYj)1lH`m{8U4O+EX+NiTUDAiaLP}e3ei<=Jj*n
zxSdv8%5}XRdG~JU%-{$HfDHckJ<nQb)0l}+F|TQo_}#PQ!^&`Bw%V-#?Q6cIw9G15
zvbXdLo!mL{Pcf78nLIHywMr`#BS4Nqy3<`Q@2W^V4(=&UT6Jz4_A{RXoo*u1qgw7c
zEL+ckNWjN73T9?S52m#}MFX1*=477ZJd<|We_4(rI|do&=)dneH_yhZjK7Tf`0k=#
zz_Uk=g?1vmG0OcuCq4Sw)`vPn|KzVMl~81Kxmw9pDZf5^I9t!R!po_Dqe!UDbsp}q
z9FDqtBNg%(F8}Z&I6>zl1e^GwIOGhaV9ck_ZSqEJXOW=xxQVU$(dh;o`eu9et<HSF
z3o@b{@NNJ)3-eNQ01ld6fs*^xc$2cocf(L^RF|=?7wvR-?BRLnh2=X@6NsVb_@^Gn
zBY7z6NKM?S?-V+_{lB03we65r;MnJB%S|S>$<MyLtMx{)zU`cF1Vlz8;m3vOg9*dO
z?$fx7bEFn3C@Z|3ITFhRWv?_N!_)KdFk7vbqU#w)e6fK`|HVI@VR6xwW(uW9wD!c^
z;QSebh)Rp^=(8m9=dr?bXXqNOq8m@9$qMdfZmDR#4bNmqXP9t$SEE6zy*ippVE{;Z
zB&|m#1OuPJM}Du`&BD$YU-|mC-j3UswrMkts`p7B*Pm2q^H+-n6$m}?{0=o)viX@N
z_5=wTihzj<hkm~mXHAtkGXSr;W(W>oxgjwG4&7Yey{a(~0$(zuxAFkUZAPfkl?9{!
z!bXBjSgX{5K{)6hp$5!$!75dj-f}HTzlYy*_i0gtka<xHZvPyy<G~9MU&6H=?IHVT
z8L5C}+>xu6mVJPVOd`{e8I96Jb2|0s9s#G%`r4WdM4wU1gSGH%Ek=1H2$SmL{dc|-
zbq~M{TH{6pVfhz=OYkhWm?N86)^Qi8zdUx{RG60K_xhAxNSu;HfCy@@n>)m$DzuNG
zRg*dX6;?PJs&!Z>%XDVU<V|l<Sa0dq`4R!r0=LV2Ng}{7M%|5c@>|6s7_97p;r5;C
zaK(h(b+2gNU+>qE@lSch0LIPlOIo!Bznm5}auKkxW7dwdp{*t-w96<)LUtZV+1MW~
z{b<#0HLmVxgZxu7My<dZ$IYKTiIHQ4hY>$yoGzEON;``!y!Z&txVAzI`-xap>$Ly~
zcB)LqIR}6HJ}Bu(C?6Gi3To|NS}a$kYP@Js#kyM-f3_7mgs<**`54plZfyhgT(tLs
zJ&i)Rg=OAx5#C{}8qVXD#w0{NYSo;R7eW&);9RD|{Rn|o*{|z-;5Vc@NfdT3>YhY%
zIC=wTw`}#eGh~OgKe;h+*4gdp5O}$(={6B!;xJnzl8OAKnp@K77BD3&Pp|O{;7`KA
z{mKVt>V2Rl61f|sN|CvXNU1*9B+)FnAuhmbc<!5^`BU}fUzhGnIskI~Fo<rJYr_i1
zaGNfc?np|cIb2g8QUM^I%`b^=-UoIEAqL0^dV?JR?6G+JTakf@DOTPDdiC4R9LTn`
zeeX8i6-ZX5b8dEhx^)Tx!`0IQ+xlL_ycY04(t4L~HAfwz`@1^cd7-XJ#?710P7a=$
zh5{^ejiHCf)9_dBtzlj(m-ZFa85dtbHhct%26_uMsetzeKutij9xK#|_wYFWtaH>F
zD!9Z)A(%uZ_(s2FcQ%=n!^{Qf#G0*~r+ijq`8RTVTn|A}<9e&6udhg^NPH02;seLo
zLJ3ipSjP%C04pd-6$e|eKEfkqqde^G9kfSjtWVvZkjJ=?vdNV>93vR}cz>vgo4qH(
z-*G#RIC5m%Z9d}H0MhKol?T6o?zy<nZD55z-9y)CNq9^83`YcfUUj+LqKe+DAy8|F
z-xpTq&_|(i1;|V?JHJcVq=DW?YTCq_^%IwV6lfV3e0pw>jlG+88@?}~v}AI4ZGv~-
zbkM9EqE`04K@9L;Wtg77`qWoi$v0UBk`!>YzOYP+*O_+eP8DCX2P4dj$}?GU)cm+e
z-$Ri!#FV`O1f^8IeAc%MB6{@-&yC;~*z1e1lV_gC&8}-tViRMjix2GF_e8Bv(_H25
z*RKiw9Q`|Yl0!g?fSa#?&c3#*KOhT_KZtxB;V;UI0&r@Op&haW?*D{QY5-u^)}}Cu
z^~D1QM!AUg;W08Y!Xo?*o&Gg@R986MRpO`q9I^|JoA)YF<Or<w&UsooBsA3GSM-nt
zP-u3%#oKdxriSs1jO}xDO!OAu8lCnTv`7(gk2B>y^-Yj4-6ksr>i+cYBx=!v=;_qY
zI?<{fJqMyw^ZY)Un*w|#*e4;+i(Kd}0)hMbF{=fDj<nN2N&C#NzoCvvoCEkTU#S%b
zU=F;0q`Wpq^+gw&LTV7RG4Ne-Z^juz{@tWo*;I|=vr?U!j(ld<Ilfq3Q<LCz4ajf~
zdbd0C4_KzU+4ij6XN8+}{PZR$VnP2nBFcgC_tQ+61KU6nSANsidFJdL9T)XD?EZXG
z-<S~;;TovUckP*P0ZviRJ+>jc>of!ho=b1#6y>o=Rf@iB#5Tr$`$qorpeB?#ycV2u
zbu=1VSZMK+b!OTs!>osu9w#e#;kcaDH$nAg+VO>_Aw9m|W@NtN5mTCW2Af+Cn|lf*
zIBfwa1b^_@a-4o108yxKubr(5&1doI-cag;d5oQQUzN7j$_O9}8YwQBRKvrR%B^M>
z!ydelFhCEjEasLIIUkIubGL_>$O8~zf`eX7`~?R<KX5qd&7JwhG0@WNIsO`ERy=95
zHTkygm$w0evzA0fCj5>yNhBd6l*~tx@{7lPzV-Nw2zY;2SE#OtQ%d+jFX3hX^}G)b
zuCi^K&c(?2R4CWUy!x-5zAlovZ!UxM2=h-3%KS%ew6b9$*{kW6&xQ_+*kH<WlP4Up
z=b@*6OoTy^kQGnUJD|CX<ID-?`P(*}Keng(Cra$Uj!roefHuu`yh00q;CHa1H4%j%
zJodzPyN83-qA|Llx5x57K`I@X+rjHBQ;hh^bHaC*7yb+@%@=n{Iz}t4wQS%!uj|Eo
zcqk((B8UYi&t?<%z0UVCA327aokZ3huiZ@wejSIo>T3ZZD&PpMGfZ(S<lk-|5zB~G
zNMO;ACMCXgPdScD9yx6}etw?V3b;CBHzD|d|E&bx$(SwF+~IyxTx!JE9B#xXgtt-d
z%7O>^bZI?;z#!})VQY179$;VmjwN5H$)!=LYBP|oEs4{DA+jQn_53vV#SBU`U{Yc9
zUD=GM<=ye1=eUTy>i4Cy^;Ya?q+u)1UT51Gi`?qps{GtQkh-LP>lU2SP-Uj}y&Ee`
zztJV%k0oF<;)R%Dl_xCXGxt_FfF{jUPEGFfoDGvw8f4MhAZG88S@-}5lN8X2Hda%&
z+K`k)<lSx&=>_;atc`S^_tNOY_?>UvJVn6sl>5;k5p4M|k|jm0VV2Ye-5^d^w2C}#
z^D)*dYjzSoFBQN+KU@7J{IW&RT>|jOySAs;b-^}K@6f2LO^WxlvE2x4L;%ee(xj6f
zh2ysMFAw^Ar-&p|ZqJ1fv0EYEIdSh$>7AgXJ@lM}U$yly&k1d*UR9C{j!n$$jEKK2
znF3!!=~|{J0&6L~>1_PK>BLjlp@|u<9}Ohi@bt<~An-nYt0^RQH4YLv4f|uEf^CM#
z<PL`fU2#wjQmy8iUB7nl#nvlrwZ5mzzJN$Uz%%DC$NRh)K-;P3p4~prg;V|u-n5zD
znUK%%JRqZ46hAyl6$mlk+m4%|pL+UO{ek6$3{_|kR`^S8X~TO^fd3zBZylBO)<umf
zf*?ppDjm`wN=tW2cZVX4f^;L@0@5Yj-3>~Iba!`m-~A|_^WOIz-aqd5jd8{qoWXM*
z_TIm>*Is+hHRliEEe+$ZPA{4*GYWX<EeY-JD5b2oZ9f55q^??PYpxuC$6@;t5r;X>
z+P7nwWyY2>lU~(NwAY)!IqKq+fQM4Iiq4dRmNre$AG6<^pqj433aB3k5a_P>gs#_8
zIvCBSSWW4xrc3mtE`|$?Orn5xxbAdjwst|;yfGhngr<AJR}W*1TG84p&~|Zc{()su
zwrqTIb|-vf8(z*}RR9VO=!ucF7eX`a3d++`IT6>%L$sduYNY<ywFiwW)oiX!$F$W%
z{Z$)q1A2C?d8VIR81f6Qf7-#wlXJ~%%SV3Cx3DNlu8p&{hhvjOkdgttV$}=A<fP|V
zZJ*vdQ`Ks!hpd)$Q7ifxx8zE3VG=L+=a<%o^jAJYL?eE2vrJFNP^C9W7VW}0KOS0#
zMY%6-DEg=;k-dwScGrMhWXxggBu~wweF??aKMKX#>KmxtIv6AAv{3Ow(|wIc0yiU-
z-akY}hj){$*n}dzfjPOkzD(7Y*6Uiple!-Pl5U=NDgdY^3Z3)z;$(;;+q+Fh0;;Wc
ziN=fXnXI%8E{8^U;+JrPjveC%2s8w?dpbHFBwQW~nHZK{lk^nGX>uL!3`*%%Qq)SB
zp%b@+E!=puz-(dg9=in1iO=Z`Id2a{(HKqFn^MQ4Tr=kJ@>5<d9GpA5_L|@Bs|%@L
z;;pg@PFD11g{6IepjLZ!WA%0BeC*_tes7=2yiO43u_1rzW<i-?Z+ZWPaaXA-VG^yH
zsj%!^3-`-$Di7K+&rr0smeZ8fatfk&h6!gO@-cq;5#gm)-7AxkWFf-NjFOTPN;%uS
zrN-H11gsbBrZ+!k4sCJ!9;Pe?Gt+@9LCPo{!#OgZGcr?8_mE=8DwC3+NUy;g5|4Y4
z4^F3P`KFwg`gke%^b346YNnS^>p#WuKoxi);yiH}n%|_=B0uL^8OoB28^Y+`xfR;I
zRrm5m%qh@%e>gfqI%b-(n9;wR*uNVrb7|~wGk3~N(kvV3NcUqj9@N%RJHtI4*O8Y|
z|77$N2h@$@ut99o1`)_jL9464-4=OLsdiVMC~B1e11pgb1s)WdCZnf)NkcH^|Mc)0
zLAu07YzrHygKja<t!-QeF-V>dA!_7WyFN91FOLTOnOK^F>`5Y|&2<4g@CX=s1eKeN
zqsub)#Ij`Y5wW(n&*`~R8SKu~mGWN|_pI}3cyB8PznFHYc~omuQee>aFfyuh!?N>*
zW+!#Q9+~0cID?+0LBlCMC6yTsgfgfcF4M%s^b_?#(?xy#-+Q4y*jdhg^1$lnXwh_y
zb^k_q*Aiv#BV0`FB33~hz@COrSgjEv<Dq=c&=Zd|km}k7$u<>m|8{svuxEm&9P{xT
zxhTH251Dws&kz-;*YjP8TWGm?GN^IZI-L9IFFn15iX}Gy3hG@394)k3A@Z}zZ$Hmr
zhQw)JsjBTQPv@4O+5ZHsf%>migQ1#yXnPE9MGnF=t9PDJLU#so%CtM({M>tv532=5
z$7MEj18zW1_}YWw!e<-B8Ft3&x>nD*uFcYe;*C7M))N=*ZI*Z*W~DB9j2f~J&30v?
zAV1A&D5uDQL7gZbwtfzy+37XG#bTyRC!n3g$v+f9kjO9qiOUD$m}`!j&R84cHB#RU
z4z4_qTdSK#sob6|26u|@9?!NPcfGlxVO|?vZDsBJe3%tRUhP||pfQ|rawCNI_7#HG
zC@U`N=YlChPFwS<8K+CRjGs*6YKQguFKcdbs%{TUX;DY%O3ocdD5IQ67BimBa+Ayw
z<R?D4e8A~q5UIR+X`?ALCAWn4_^pfi?@opo^J@nB8^cLR(Q5DuuL?N8;Fog4x~1@K
zBdB)~x_6)9QRX>!O}#gBNq#%R-91&;6WnaxrqyRBz?`33N?f@&=I}mffldT153k;Q
ztB4}B<*9tw+mWXt)@Fk4jf|K4?EB@9i8ABvpA$vr<Ht?a-_+>V_eq}?PO=o()a913
z#TV11n3L%(mq*lGo^GWc9O@5KI>JMt*bdJif~FLMA^w!K(Qltte-31P?~<cvGPscL
zJixH|w#U(m=EL#qwRvqt8=sb8X&ZR=56)MLT0Iz?(k>wbPt&c}{&m834{wg01J|-z
z5mFk`u<eo;(i7@DDq3-%XiwU$j@osqu0k?a2^E532(z-YlLZl0P^He83{^`~N!qHO
za~M043f!-;RwaRdf9U{vuQ=Qo4^izw(L2x;#DnG-*V{Kw^3KXBO$m3xW{n~;pwl33
z{=l_mRWhDKbh6wmogWrCGgIgKaoJ5ms{xEA!phGRO89~FSD+22Be;Qtqo{ZGKI!AR
zOZOjqxF5l7t@`?B&AV`=q2lIDP{pDVI5-@lixjt2A#RRV(c)z-7nG}27?Kan3S=1?
z=CkcFt)CUWJ-FPgD$N!Hpi^eU2tI^TE$AGCf3DnTe~?<Etk{CEs(*@K=doIuU+nWt
zjvOJ_6oUvOgZvuB+^GwFv`QO_j-f`wHkqD%&9p(?eE0R<347}6t_Wvd*ppqR$x_wB
z%^?-rds}LY_X|gS7E<xulnNJvsnm9lwRRyfyTxlU#2;LluSN4y^}=pjGw&Rh3})dn
zR7;x2YLkrOv4v~`Op!y2i)MBVzv*IySo`R0Q2aq=9m-UC8WW1$h(g9v#`yJY`*mWh
zjxPD1ARcq7Tg=edxjmX7=spDZG%vYBOxovSB`|)HyAXV(r}}0c@3wRnnR8T%VS;Yp
zH2D43UR*R(RD(00kfCon{6x+5R2*hzfn)S_6V@%(pcx*m(b@?a&#764<gO5g<A$^j
zHavF-cO}Ix5=g1Df1Z2)K8nw4DBHrIDzab^PolkSyqb{*UifsvLW84b8e8!asA0Jr
zMI8;QTn;M%k!??;h>bpbL?#1#@H0mbaoErhV-+rm{|QHA+Ceu-%!!?0?a|R=m9#_M
zXc5hmUP_`@MM5SWR;)IPKD69OH06vnkU$_mw2OW*e(GeKgOH9FIMHkRWrR=y(@L@Q
zKEiYUN9wRQJ4KN}2M32lPN!Sax6&IM)cGM7mz~IMxumWqB@q?+hC&5e3Fj(h0H=?V
zL>uMAd@YX<oU+>D1j|vNEU1;+Zi;pTsFRfD0B09s(}w;FcG|jeP|9uYF74l~-F92=
zhpmtpmr{>=Q1g&B%YA${T+0yhKNPhW*!3iG_Df=(u#gMu=%qA0<X3QDt%O(#KLf==
znH;|Pu9JlwBj$Z4j_s5$oDokYv}&waaeQ109)<E4ew;~wE)}nZu1O`Em`yN!lyg@K
z{?eg1qBUOUe0aeM52QO>kShz|58Ix;{&QU(hE$7IRUt2eIc<OQ<D<l;Z=QE5u~-&O
z+$V0r)r06STq9hok&J_NaG<+^lp@k4`FJy<@5{VR7aX~`xZ(H!=?%#x>s!XUU>b7@
z0jMa#M^B;xQ)ZodMLG?p1niw+ULBKU=RU6Gz@3<FMT8&xcYKZSpb%RIM)ckHUSen2
zHpye17Boro;et5&l_6`rnZu|K?z)TJ+ED?G^e(Tk-jb#t4q0>Ll<g}Vq+1mmEY(P3
z<NGnd;$twEwvRo8e#xurF7&d=<0zoDd1j9loq$s;kv4`vKHuQ>+e;$UyR`?)%$mS6
zO7?6>h^D1pi-x~``Q5Ygi!$rDOg){b1*hWMZ<LSCZ;jxE-a&!ogZeG8A>!ee|8wJe
z4Y~16y&3FrhdjJDyYlV7WI=pHuCSZZ21NOqAlt5!dRs~o_SFf~84YDV(Wticjc_^l
zM0?{E$OX3qT7<#<qLYCg+zCQPpAZz)A}3wfMbE+gJ468zH;2ikfu_UdAu8H%Nv+Iu
zE7CN}`A!Tag|LOiET#8yVp7>y5w@|OncV@dmr6j6gp6{}P5QS01j!S7;ZDfoS_f${
zol%VW0BV1LggO`S1ws1hz{EI|z3(B&SfK&vnuYB-^q+R_e*|5H_uY<~1=yVSiTCw)
z-%F$l8cW5MZbc!YG(tm`qE8T@u8W+dFC0bw^beOm2dJwWHkMEd=mdu<cxg@d4iWOO
z+#by}vArZ|eklpS!^OuT5B{C#oxaAE6V78&Es~o~=OmLe7cvC5zPq^u;^_Vf+<3@b
zelmOgV1@{$;DsCb5`N8v5zGZP5dH}wifd!nJ&xxv|2r2vH&z`Pov_D7VG%-?y@?sL
zx{q3nxpEoV6M~69!a+`B69|e7=93rusP#@J#v=lD3chSIg--w}HqoBnXR`n*Nc=<t
z(Nz4D{m&wx&{{3Up!wgw2baL}!~S^9#LB7>`h6RMG9fW!qCk)KOAl5q>fZSHE}UMv
zfm|Tb-YKI3$b7fR6gHXw@O3_1khEFPT=q5)2)f?pG?LwY{GX@u&kt~Pze99>IbiCp
zift5wGIFdae#8FN6Ef~%er^v$uu!ic%Cc8eXPAm$+z2`;6o38B!biWqli3g@>bJ5C
zBG8jwta+sJnhL>o?{j093?61Hh%o^Iu=c`Qu@gl?0GKUO&_?^8XZuHC<q-+kmR5(g
zJqw{7$YTTlXp@4yq^6RN*ZCQOp0FSBk3nMd2lSpc-jBc!I>TV_D9iv+`P)ciQGN+-
zOv4_!J^S;WV9VCWehE)0{)Na0TPZ(90N?2Z`A#QOqc&`?3)&RjB<?=`dm#V$Z<JpQ
zBS@KD&#L}JUN|IW>P1^q<PdTv=KH#s!+1^?j5iVHm`eXjnz<{12apWc7zUE21AZG9
zT$Ct?bp}IXy1xw_<>SNqOt;?PZRQ4a%8%|k@S7m59WTvOD3Lg9o7|NckM)OOz_+@A
z!EZMTefrjcV*9$VU;Ec-akq8;Ebs6CeER&?X){46@*MVV)o=h4UlaJIxEUQ2q<e1L
zJtOT$AJIW_1CySU1R=4*QHX^Pk`}PJwfNsq{u5~IXup?wRq?aw-P-*t7XX4o4%^oa
zSSb&|uY$;cKvI|`@ofNr*k4J&@c(nU`u7m{t(R<M{Czq}@cRYa{f=+}vggeCX&^)c
zTrJIx1;sC(cM9Z?iFnwP@BH_m3idt<=KuBiY3u*~((Ng+Ld3f|n-B0or+u=oxdFKY
zmhk`XKnc0IgBQ-Ucy&&VF(Xa=7k=Fq@2N3D1>C!j^JHzh2AT8YEk$QX&#|$Bo&roy
zB1>?(RN@K?k|eYgkA}Cqlv@-b3LDS`^67h_|8-h(mY@{~c{eG3CbaMm&1D9{<uZ_@
zs0hXli^H}>NJ^NNmk<uh({p<5d{qmM_`Sqel@hMBjxcf<Jc1`qXh32M$^xSo;BR#=
z`%eA$<M{nhAYuIIx5Sn`sZ5*XZbL&uSoWrtpaf+|Lr1~ddQavfxTnuwzVFT%DtfCQ
z!}8$;t!C}m2Qxc6yQA$7F5U}^i=J2oS&VO6EgQ_uiC;pJ^m~t|tq>V#9FfJJxccAy
zk?~taw_O_HUiW)BBne-hl+8rMoNsI8g)e9APY--Im4525w*YEQ9L7T4Pmm+YO$7B9
z>?$iuUk6}Uc?}JX97>HE>$Em}hk%8JjlO1If`Pc#CB}ilVK<Oy;>L-46%1;vl_CMj
zzc2eQ%oi;CfNtS$QD39zFOhB8FSS$dwmAhN^cBk4&Z!HJsIM=h*;YeVa`Kc^?jHUP
zL|EziOIZ2Y{{K^0iE9XYuaABZa8Y(e(=U_6Fq^9O8OEbLK^~DbAYGk=bBjEjL}B{t
zin&RHHN~KM)qJ<*-R2<w%|Xqe%Lh4Ao?XM)xw`5=NpT%NE;AeSlEmc}+P&VM_VKCZ
z!>~0^yF6OwClQ_z_x0`IWuTzrrmOX+ds^CVJXWZ4bTru8e$^ICKnJah=KiAV(G#LQ
z`i5|2OWW-Urb7nnk3nEJRqkuE{Wa^aJqN|3<VTS|s$X7kMpMIykO?(GsJ!U0_%9f6
zYve$^A|?e#r_d8q;S<#^9^6R%6`RFm><hl*9`DA~>tMxvbzabpJo+sZ@Vw~hg+iSM
zp`z>0B-HhACmOt8Xk<G*lL|6XVIx{IA~tzr+V^F{e^)l1Z66?zp;VqMwPB=fEukq`
z8s%*p51}=SCJr)L{xV`78c+~XN2n24{a#ETMR1k|k6fJR0NF2!?fE7SD-u)$nonsv
z^%NA{!wJBq+Al9FtsO<vU-UCbjdn&wzTX-x;AS!!`T~zo(^*+#y`79kF4?}V2b$HF
zyCUV<g7DVeV1+u~B4Bn$cJXjs?fn=^mr&D{QPI;QHJz#qS?P%tUtXT+(y~v#1s1ZL
z2rpg#cmWudb!~-NpUk!JWo;>%3e@OTDma`5<;n6aTT7R`)vIQ++K@KeJo!3O7}EL~
z2S_^9(;qkhn0)jc2lnkpP?J41v6O#ymlXed`xCA}s5SNm@1S!bsC#$&5-tSPC;V?#
z&ekAI`tq4%0K5Q}n}}a+E{d(WaozO^!MhZv!`R@F30v^C%Tt4)%!2d4!+zl~!>LMh
zMuR@nqp4559kys>jv^0Wk&?HzObRUZdlS-ZW}UnvXw_D%C1ag8hO&+lZ?7h|9V>0N
zF0|w0;`pjeC*|tweNmf8=V7SlFRV?W=yC?jy3GUwW0}L4!HZAC^(7-kcXbgx=5l0&
z-ueX>h$|InrfsV+_c851%efC#ploV4g!8wVMnGl?u$Z9ba^C5?<B10pQuUh>yF-@0
zW;#@lP?HkHlPaKTjb@8Tz!m59_?g)8=4b|xLXR)Bw6w^}$PiUvy-<fpyunA}xtwAK
z1_yx@np$2}RSf(BrAw1JWhwPtv{#+o^)j7{HJY6va45KKg1z?d{NBF}rmE4G7pc5a
zhy>D9pkFX<D!|H(X0v#RGXZ60RsB<=T8@v8lZst|PZ$~RqcJgNY}u~*+rt}9_N=Qb
zm5Rfn(g$uzG-b>i;HLMVCCq>P%mgxdp~ftKO8h^Mn~xlF7|OA+!ywe&om)Ti{kS%V
zAt>iPClI#~9V{v_9Y8G6mvw%4^$$vMlh}YPAQeU?ArBx1#cwUJfEAN~C<OA9i}(_x
zBqT8K>k~2(I2}5jG*|ZZxi7P(R=5+^cdPV0HsdgGHrPxARg%8;r#XDkEzp2H-3{q_
zMK+41n?(q%shIv&2MeK=6?d%0|7RlmqC(5ncYJiMiWl*$)*fO(SPt>Q;SW%3Tg1du
ze%1T`F}r_f{n6bu=C)+hVGSoj_Yb<pL#PZkFEX=pX)|?uZ-(&#0kkF}wt#qSGCm;+
z6Lc=7ouE7DIG3n99*KQn9$C(Cb>0h%S+^%dgXJe!RozDWQ-s%j$(_GRV4nP=e`pbI
zIq*_??ye1^shA;$Un?1okCo7hR8^)VYvHs3`Vu)FB5Ov6{>U0YWf2+!5Xj%swhyGv
zgeU@2A~}ryq{n$kp|TgQ-5Uo=stAKp{az0RLPBuKRTxC%+n+1b@5R69ka7m^Je_jb
z6(O3j=Szs?bYQN#++nv+qux_3HF$EpE_J)e;8cmkw%o*~>=sF$@iD`AhTc1d*_g=F
zV9PZ3O1+0ZzzPkOqQc5SOjH6*+*&g|nN~~GJTb$ms2CYpvuI!-^AA?>zg6ZG1ki{-
zz`yWX9{W?7U!py|RQ(_xcy&@R(s=-CWy5)9ipTi>*jmg<G#Z&>si7d^*G4$ryuO|f
zcG-JK6|^TCh(`7%6=bcxYz69dK+Kl~WMJ4z#It$c946kLy&=eVm$WNHs*vsq`%t(%
zoP{R!I&VVSUFaFTKcvt8yC+qrNrK@1{=Vh;04b3DVJRpm+G0MDy9D7P|0$*T-}v~i
zpdo}LfQ(vip_041o@*FbWIa>kBG>}f8=wrojwutIOkuR*&oJBD(!t2R=Qc)$^2i(u
zE%>3^Xm@ntfWvOxYQ+PII9A_*fdK=M)Q`4GxFh%fZC~Aw<-#Q&vSP)xi;dPV{7l_T
zpC=X>J{d!gJxar$X;Nu%PQOhx!3X#yS#RAFG^m0oQ+s*bzhx{h2zm?#95kQKH~c$e
z;R5FrI%6EfU)s?!PNXz9o_jz$YEz`rPq-JuZu8<A@XEt<%UN<6GP1I$rW2*Un$G8>
z&w%ktL*<mDGU<@4r<bgzs=LtF!Rq*<F)JXQtR{xmcyx@ar>K`9mU*_<6s4IE!V6pn
z>@m6iTE!DuLqHgI)4-VDpo6j$WL(j}HRX>rNEwPxYNdaVA6PojTd@|%GP5UI1ypxO
z+_#71c4qqvExMNt%b+&rGPlEfEch`^0(Zv}Wcrkd@w|5-`jUyMDSX{l$DJ5PU;90Z
zEmXTmU)$NWI@S35v}hG!6Ylv9M+n#bZG5`XpvD7+Dw*uRj(na{2&7ax(yLVmK`H25
zoF26CHp)VUVA`1L#e;==sRJbuwU?weX#k@NIjP7K&hCdtM%J{<#}nM1kz0Z{6n896
zIF_yhloN}2)a@fenL3QdEL?i6hll-8);An*Hpq1Br+_zl%T$<bkdn!^)#e{u?JxY0
zw_k{wJXfA@0|kaEj@4i9T5i~o8;m$(vhdyR<2i!d3y+2<Dq|WUtJ-vo-VEjT63zA?
zOFz>pmf3RQ?3F!efsz&Utl**SCL2?nv%1{2>Fag5`J{5~iGVebc&onXDZbwaUwSq+
zWv3h6+E7h5I9BIibJ0SlnL0EipA7(e{lx3n049=tpCp0o7MZ+p{VZUvlO02bbuf*^
zObj$NzAF+`t55FIH5BUY%Ql5I>U$YK=0BPcKgl80)(!e-UkwgrQv9W`x(8SJo48gN
zDg1*e1c8&trcLR2Gdu+RQ1a1u*w0JI0bPH2O&}e*#|$Z^Nr-nARDrD`mVa?;5T3B_
zXDLBJ7+S6R0Lgf&6onkcftfl7QR+U~yb_CLc-3-~*YO-GVx0CzsWrRxv0!H|t-~O!
z3~JpRU||f?a)K5M8cm#ebR#<qG9+j@&G&~9L%D*?8c)RO&1P$7l$aMBG4+^xQ5Ooj
z<V*G3ds&M<qJUDuKyT>DUpD4F=&9cgNmEtY$akNKgV+&C=DXuhf+P-Px)+E8t~~Pp
zeLKO6U>nI%3U)q>Wq~9z`>Xw3SdCWj7Iz{KRnDme7x01rz_=^3xQzhM1F(lB&Gt*#
zY2d)SvPV7lHd8kX6$wFa5`zDz(96%%1p*5^;4!5$r7~|DPdLo(5NA_x@4knkn;xtG
zgf(8!n?RYue|cINADo5<ykN4*WR(7TFl7>f1W&Zb7kqbexvhbw*weKvnU73v5EGL*
zdw5+pp2sLp8CDcF#)=qv(8O_HXx6gQFya5{FW8<S@>FcX4E_35pqKL$7t(kQ++*p-
zvlVjIz#G4RNX)fB<#~8iGrnt=&em$Er@rj$6jLp+XM&szAMxaHDrW4d>-N6WE$smJ
z8N;iy{f)1riPlbq?{zQ{QsqU^7r4uC7y5s|uJI|Pv5`h{*IIAKOjXcpsH@|3?oPOa
zijrT+!#jT=#e3~)d=TO?L%Cs;5YA5nwfJ#q&Y4X^k*ebDJ~BuQV;h+ae+gNhTnOd?
zAv!j<-7o%NLHMAi7!4cgFf4>TT*;k=LOkd<q<7v&Fmi`Sk>fyr!#+{07uGOXhQB-8
z(14B)j1mHWCU9<&?qRc^a1Vh=QBkb%f!?i@YhdC67(L@2hEVeD3+-u8A+fkAnFiRd
z^J_wdxDT%nU^6C9F>iacQ_mFm(rmHWuic}35;N-~;|K*+Kw+jX{|Dswr@;H?hbss?
z2FAbLW`g_hPbHEG;T(;9QNuGJ`L7^zYb+BTZjJOmY@%{l{8b0>xGa6%J922i<&O+u
z(|rvK(bRo~uIAKI_S;5afFXh|mNVFNwl)Fu1rj5x#Rnni?dsC1u1H^hmG>)9Q<`Yf
zeQ`o>UA^@jw9yj<w;T|Fz^gizvH45jxha!^xPyqk6(?bi{|uJ|g1kLPCI>1~kgUm1
z)W#k|5q={Am&%6^nOjifk5gafRbS}7ao9T8f=98nLv7;v%hLp4CE%z)YpK#v1(VS)
z7J*Qk)2*oBxV*IQ!)^BaVJZMds#YSxyF>mIjwOE-C>pdq!092hMr4``xwtB-Vjur6
zQvPS3;6P9lXib(V?LQT0H!&Ef%5(RwjQ_w5VIrSb>t^AwS-E3rl<}K_r={x#IimVH
zGgD*$4)=`I=jgA6%Nz%Qfuwq1*$N&OKE2B~TjG!dck&^A?OfAuqpW+-Z^*xd0~=9T
z<cRZpEzo9fI{DuI*?cz&^2mIue=P<;fY2W~-jM|VZwL``=J0GmW@|lx&Gh?_Dog+a
z9HG~DQ^LJ<hb?$G5-M!?dx)Xn7i(~e5ab=c^Pe{Qe<JXoAGQR+7#+%BA*A51^<n^x
z7SjQ>abID9zZWbW`LWU%gs<`h;ELaOp)#Ft0DSADH2&TG436P9NUifQaO>{uZ{!1e
zv!YN$4IKbt(3<6IJ}-fD7NIqSf3TjM>5So@16S;?Fn_%*o%|;2Ch)iKQ~w@%vj06$
zhL>{^K|t?cCS(wN%pEWQoUYm|G!P3o1jToMzkiiO$g{jy*gH;v6=Fv=!mRy|G<7tW
zb^<?*Qpc^jsl;2M@R!k-t~WrD+av>J21Ou`0d+`*?C&uh0q#9N9M;;)ABf!{7Lp)_
zR3`IL0D>I(t1JW$)D;%MZw~jG%#<Ou8fI=g`d`m86AAF7)L4)Me!Ket+djD3TvHyv
zzX8KHNR|2f>)>iR{{Jk1tLqC${tO>$@*Q)>f~Dyn`{w2z`y?HbU0op-am!QXpF)=b
ztdv!zP5swtNAdq=YhH7NAl!Xu48o*rYx{>YgBpp$R%Luv8WZv>+b00_#6rb|djKZ#
z{T_zOU!&f&2Xd6xdY9YrH*wr$DLBZt@{6Ei$Uq{1nu?8{3REw1>VTiIHk*9iVF6bg
zH>6sK@z>?-hMcDR_!GDZ?EuRE1+i}Nfcn6?utf~#*Ab$4!ty&LH6bv+Cp7GLP{$X%
z<PnVcYZlP{^c&+gosoX|r|RG%1gA7gsDPk6gdOwq3knbevuBNjkX4h`lEpwlM_z_$
z^4F^K{-@vU6tg$E#h*>e4k3N;Oo|2`{<0`6Zb+hmtjiuTK=|pNv!Xl%q2_s?s`#%t
z@qX+bZE)!I+3s#S5K^_?`^$5xWC%Q|Byagn9)x{k6=e4R=MVo+=T^gey(Vi)@!yJX
zarQ<efDn(7e#`$+Bz}*n0>ZH?N(=oVjsEL)2+8|&zv1@n;TMGu@19!#WHmxK;-bob
zXLA%=CWE==6Zam-#O7=vA>oL|mJHV9b#k=!^S=kL*ze%YQVw}`_aT9=Ak0XN1fb#D
zPy>~dUqMYH34V5UdUUii?TugQg1)@8a=}zwoc(#FH&%EsL+TI*mi#k0V4UYvh|-<G
zUtHJs{`%K&nUnt=F7Xqe3;$qZwGcA(@{J{d8-&JAuJKN>2CT5#_wQy$SBG@a@wy|q
zQicahqP%Uw0<(}u6N?ZO1373u*%7n+dxRJI@j%?sw#G{oF}yAAa%LP4urCyo6iWwH
ztB{?93@7;f9bHWPS?cb8{>TNwfW3h%Y1s9jJ_J5-Y`mghIF##}f#47nbT`re5De*m
zB^a#mkZ{pn@$hhijeb<ZFZS;!eW2ayoi6+5*mskg0WVuN+A8oJ`s;7j4IDWDs2yP7
zzIe4g4lGY{l_k6C)v-Ox1j2b5RiLq%j08w_o{56%bGlF<Jq563OMeq>GI1)`b34yj
zT5<uCd$*<BCcu$aSI*jRiv+onD>0rJ4?TjmeDb>){0wFmSPBRX4-c2E01GB1`>moj
ziWm7v5^-llJ<$v`BWJAZiD0i@moz;)gd}O~u8ZRh+1nsmN)o1M#T_;=;m%I}u6spy
zXB{CFG_Y~ZRC9j8B$gu;TTYO=NZu>h2#;>~wb3>9LsAmIx2&XOe)q;&KMCVXcx2#v
z|6f%F@R!;$EWCA%^#pC6Bl#*44yQYh)KuEXSnp%nULWam+vt^=ZYo}U{B8>z2BJ2f
zGV?T2LZdD&X6j3#>OF58jQOD;FYDYwnO?KC)t5xVdEFgMNlQCy6~MxErj6@#6Majd
zQzM8}nDVRb<sL=cpHdDMLPWa1VQ!KC#UOtT@_573Na42Yd<*;aYm~@h>rE^b6*0;4
zGYD^j4ekvl(!=ZHCFFtl*FGqAEif3j-O+>c^6~-zh5S}rT>Nd|V=Axv!+vC!vs4=W
z&ac4+6Qzc{8CHA(9LnrT;c*{8d7e}@A7(QxU}I@WiWZ+!D<XCCmP<ja3R{-Us=4e{
zjX8Fi!B@UVR-2V+8YP#??dMf`u6Q79CQ%GVQt#_ANg;P8d|J&h=xqx9wxIeX%ghmv
zYAbHLI&zZQgq_-C$jiDadZ>`Mm_uGgL4y56XtX)8+*#e`{WrwpuuYj&Yucrxg~bdB
zv^PwmQfX7Ut@N`!g5K)~$FImT1lgEOr+Dy3%Y_F6<U0*j&|G3s@U?R5bD0LquG{OJ
zvSuZ=mz}}1FP0Ozf$3izc@=glnat%#kNP?X%Ly(k?`kKVEk2SRcb$%tQP`k-I=i}~
zpV-?sFM$l6-|KOTw{UPeo0ZWHUUm*$e<*3<;Pd?yY>zz@?citE7snat(LI?7dlBYf
zi%(R2g54gIK~I1R$$8#auEB0Joh>2Fc&72)3vtuk&tD{j2#Bqu<UmiW-aH0I_|erT
z?v!k*QwP6x<rNJhU0qbfr!RSKv_pE$=q6T3O*Wk6kUK?szxbZxO#{5Amce2#WQA6>
z54;+Y#}?jbGrJ{(M0hQa#l>{e`qMK%L^>#qYINE3r$1Oh8i_^1V_U-@k3n|Ku;Is^
z$V$pxh(?H9k6v%F9B<o<{c3MM^qQfc&JT|iD=V3e-v6rhs`IJQX#NWR%|Ke0<y@mP
zoB0AX?X|A2iClw__eVZRSBE8BAIhI2+C&nZzRWCxmWPo058WU;20iqBPUr;3jb}#F
z>4@>H&H*!*lQmDC*m+XzE!dx|4|)p))kdPC8I#?7&T_Cjx0@&3YWXIp3G!Y_MxwLO
zdrt7qZ6cJ|r*B>b`MSdzw=ssNAOb~8>59W<KkrceIAT*P0>O(UCsO^-Kc8#8nYe9e
znx<I2cwVRfy=^vDT;Jp4W1v@VJclm*9K%yaIU)CESK^FAnsIv78<8qCVqv1?bAtI`
zBy6|0Ckyw@4vJDOjFws2>%<Qh+lQ?=y#eTGafSzD{fl}>C$p>7@hqRn<u7|EF4Ho0
zlDf&5(D+una@K}#qj^X3r=!L?Fp{$quN!oVGgT5zQw6)qqh)9i8}g_T@sueJFSgkk
zG`<&o2*l>$tR8~HCv&V09Wj|AU!1ZM$HF!jW~sU!n3VHrv9AB#ThHB1io1B|;^=~e
z$7MZ1z0p`7Z!pxSso6H{))06bV7<lgVr7%4d0-aX%D>xsVyf(Dc|s%GC+ZAzaIzru
zYRsPRoKkRcLGF)yn<IHC(TUD{EiJ-tKPx?_vYQ0()dOV5p02m8K&qYgZ4JP|uo|@n
z>RV5JtH<l!<PlPQ$%Alfv-QWZJpGo5w-+h1-y&#Bn$PT_Z>}<KN8+Vu$Q`c(wdAa=
zgAkesW^Oo5XU%>_t#=Nk2AWM*4+gs&$SIj6(rUh0YzzJbR+8Z6jJ&fw(+;0QQJrR1
zr%LdpIeF;y2iLu7=Bu3=N@{Ag5rgB6;f44mcCry96&2pOGOZgw)iNVm{{@29pMgaR
zn9i@Chq39ARY`NRmqZ069N)ZZ-rn9EM804$Z#kSgTmHOQTGD*VS+1{Mayon4#@%wQ
zrLk}stW|$Ph4<QGY>QarR}a#<K?u>G!XN-r7`*54fcN^<D>!s4O#@enCL$`DM(z=r
z{k}&{;LTE+@Z7Sd|HSE--mN<_mq<MOYX6;0sj9>0O?{$0cz8Kw5<SL_)T00#I$osh
zS^mfuFwW~b3T!9DkqP}@Wj&}5hlaf5h2Quo_-TzReoaha$mq(%4x<OscLS}ECQn^H
z)i<@|q|Jlr?&NDd&zf#^Yuxru4%$A<@CM47)oLHnfTkiT;xX9!tEh!xjhk6*59Qj*
zd$KMDFzj#gMDHir!`J#r#ih?Su(XBehoj`&$isQb!&Nj=%U_0T2yvA`(fwRa3~TsC
z%N|@={5Y~P$0gXB@gl*wIIh8oqFH{FGv#`X-9|=jo+<Fh6ltvC%>b>%Wz&4!TEt9z
z<^~^A-PtAOK~w?vwV9FdDe}6guWr_SGH2V`E}9bp{DVieGk6VA);sJwIX+*4JgGjy
zQ+|RKKuWtgmXlpO9(7qnMW<1(bS0B?9nJs9{3+vS{CWnrQv{G*erefDr9yZ&%tfGH
zeS~n)+i;5^$)L;pf&EdfroG+cvJbPG9E+Oi<j#B7QKo1l7zA97(1EqP&ga)UyfeGb
zm+2u}-(yDP=32T?>yLonmR>PSYU1^k%BVB2M-AC=$;!%NTp1qCG#re%4DJXc>%Tgm
zM?0!%)cwH-RrF#HyN@lpewLiSwjqmuGe~~m*3rC^d=ls;Mpp<jG}7E=tuDH!=9*lt
z9df(p_vU{bP2?0j?e4L$_$8wKzy)an{Z-vcLYni)C(N4PLrQu20hceB0JgfbX?+Z=
zgKieWBejwS^*ezR7>5Qmw`NR8WGCQriGW#0xcRvtQBCGbp~-k;spGi?fc;X=hL0)i
zOqxEQ%WG;%R!mvspoChb15>?0py60Ym>*EZfzY8RlOHlh@+PGb=3{OS!n@>EWvMiE
zds0j%bFag*;t6s$hkP?kicExl2r-GHQFz@MxEhUa4t847>~xwACSWtx&YOxF_hIyx
zUs~^G4r`iT89+osM-dXaI8w*W1AeP?>hP5Nd3NJRDLQrUV(Pwcj*@>@6YWqr-R*K4
zD6w4LKtz5;gyGr_R-&Bv8-{J&VUuq4$NpQU#qTXfRIjbLOisM1z8s+27U?uNDcOcm
zagv+X+I+OZcKqblHKUAT>r}RVFEGA*N@4ZmqgvbXHUj5GB$c1d(K!akN)F2>Io#F3
z^w?>g+u=CYgG(yLODCuJ)#24E%L9*IIoBTV(Aag)CPEWQN}{}t;-=Gzdm-WTWe_L5
zQm?;84X0Ycr=1ntd%c8CB`Kf^yz%iRet6H)b}giZ&)8mD&9`(-UV50l{nF=u&p{lA
z_2U-~AXg1R84AoO0m`0x^P;9lYr;zhWi)4Y8y)0*n3_ic1i;{M#%c97GkM_JSw)Rc
zK@Vnown59GeP~+*!Q@Te8)$~NNk*Z{H-)*~6_v!F)2lGHDfbq_KHRK~=Iiy<A8+sW
znO02ih@ovm(dAPx*j+>uh$4p$FF0FuM@43p4mph*VWF6e1@Yt})K>B~=irF>1gB(+
z-^`Zmp$4vZ?3-<~6l%av$7(J1u!KSt*xa7fE90f$Loh{62h)Jq!1vp~TMd|V^4tG-
z+5Ibq_+=S0jJ5X&s{D`ftk>1aq|2AwhVvd_W4)WYU8i87z>An!Rstu+=+;0SVfTmA
zLZD=f3ux2L2c@qcDYH=o>Vo_2S=;5&ej7o}!TMwc9p}v%a;DwkO8#3T_ej2~-TDxt
z(NHPiY)4L>A#FB!vVc|T8~Ptkw8QJlQ)$o!t3TtwO-5`j+d%l{g<g3(D62NwNzG2S
zrZ5K+AROn?CJlmJp%yvzG`E!5t=<gVMe&*!`P0o@9#If-ici4f(7fJVx0Iwg#LChZ
zn6p|jfnh@ZOmOnFB_V~icCUGQh>zynHhYVM>8D5vh_@o1;K?FYA2wDG@ws6}l5kDu
z3oez1bp9P(Z;K7Cw<GbBHa5ECwQSv|>Mt|*8p{M)&wZ7}O3IXFKSl0k9|!H_V+1vd
z3mpuE;DWvG{Sm~~=<Hdb@(hjIi=M-g*oLG!htsIH&=&jRb69lsG%hsFPdFmO9P~gl
zSGg&B^vO1mHTn6KU-rO~AN?A><37xM$5iDgk5dE+?_64B9K#@JW&qYv;oMZ}r3OS2
zXCG^G`(i&_E7sB(@#<xCQlywaZ28>iPkl4J>zrtY$0|)9^~#B@C+^&Ls+9l`#tbV=
zMuX*fjFtnbzNI`@wiraLP^U|211$C<SD8$}VWf;^i_(1BZf6`vy#1k)|D0~tubvI0
zd`zEz5WH`sAggT`DUW$Um<i>z)y$M1Z~|gWdMs|EAR8LCe@PlZP*PNkFlkv>(9O=w
z{4xooYpK9%8Z<Y&P_N_>6&2Mr^b{X;VZtWou$4%v`eZ!SRiab~q5Akr<)v0+tdhiP
zMYxEXc_<;U{p%v@UQQC4?N@+|c(FDj?gxyNYJ^&Zkx*}qs+}^h>F~=Q0arvU(7v#Y
zb@F9f!MfNZ2%l?i#Jb~HPMw*6j_XYtc~I4F9>(ayHrKXVpQ|L(=(FA^Z>fY7!yFqs
z{F9p7FDSO0jv8~vtw+nH=h|7bmG2YVfBsBLsIwQ{^#DH0sZ{fZyL(ALO2P3{)Z8cA
zFhg#Cw6=brUBpB4NI}@=u~~H%tQ87ADo}AW7gUHF{<yFzeb=$dCBYmsqo2-(+}bvp
zCQNYsaCvogu<CHtFl%qF5*TI0SE<C(&{i;%t#OBjGQ`O7sRk;2@4{Hk%-&+f)8dT%
zxs&r`I?8mokXIv1C5(~iO*Ib#mXqK)UUBnn#E>KnS{uHrpSa{;vfkv{P;|`xsMh(`
z69b-Jq#^neBBl?jhtvj=CA-p;v?_J{FC3PsO)nLrEk6|?9Sp5f+xQekWr}CuZqP(v
zzmpOmZ?@UXF@-f;JmIeotqEE#6~Q{UOl|#sDWhtH>T8l&TdX?fl%QxfCVq)LdZW>8
z@Rhi;Cw)Xkf}+NbO~Eg14+)=B5H{$mUokRTuy_4u8Mo2t3L6s4%edD{f`|2EG^Xtz
zW<ymUvHwIU8j~q9S@=v>agH8@h$Bxik?+<;V^;Fe@Ys`Q3EPy4ZH+CTIS7}V-#>D8
zPd@v2u1tYOy!}{-IKR8q@Myp#@ayqR@nYc-e%jBhtI|aKvu9;mYV|WW84(8WdX;<f
zPbYm7^HYa$PCK^TF>KR@q*C3S*kt^>g_4oeMM4zU*AFeCe;lhJ8Ayar?prB$A6uCh
zU<h}4WVB^{8kG$@lDA)uzBK4{LmQHGq_geluDI3wgv`DY9Wunq88~7xA&kbQvff!>
zylPUN^)1|3t42oMA_5bBUb(Qzr!hyo&17S`tn6L;TR4a8OFqZlDvkQ%GPTr4g93OB
z=vK!VQL}iuTPBpyp561E;W?HEmQ|I`U;74_*gY$zbLvB@g4Ru4O7gjZ4|1}g_{H&u
znXkRX94qyESKzJO!{s_7XE~=gyyMK;jXeX07K7by`cLTw^5bg^es~=(v=KeBY}<C%
zD-EYs>I0WSc~mt=u464JxdP3)G};EIO$k7LWpw2$=Bdi1XCixpyfm^A;uFb)<G89Z
zBx~#S(?l^WJ$I{gkF_lLeb1HrRPZ_G4R8zII<D5bz5jhCU0#WUV1Mc5?5(`dDoaaZ
zomPQb#fSp;wve;)eMHn5KYIFs7K>9u3)~fbv-}^$bddw;5;$f35|hkSdjN#_(4l|E
z@O^WFai6~cU_>&`y!U}WjO_XOr{-NGE(|CPt?xwz{thkgqkGh?3<uL`)0jlUpt|zZ
zj3QdC;?Z%0gYeU`<j9PXtICg^T>{E)Q-Zn3E-7Yromp=l$lTV;6GmW~45pXaS{Ee0
z<$KBEF!F}YaqRRutpDIcofYBn)_7M7Z;kmI8ar0I1A%R#hDo8zMEo1z>MbMl1UPzE
z38<TTimYG|Ma*B;Z-1|G;EjBd|EZoTDZ`QBG7)0wUVXGa80mbrBzG_rgvY*i+ThTo
z#8~haygp;$eDl>tTqNDhXgpSLfVe@&YNA~WLfd`Lt8t{1>sbT)5*3cy@BS7T4}L~Q
zVyrBCZsYFkh6?ozHrp!LMRSd-N=~bi4M?bT4839q`6;iNbgegh)KUIP-nswuP-ztN
z*nnpfJyC(fvN~pEEAzTaA-3-YRDo9AjqxkzWgiDGgd;5}&LpP(Qq$i`+jIr=XLtQJ
zJdYs;agP;L6fwjZf$G)R3IEs%?w6S}*`BNflgZdi`-^q`rJb|=MPHY|bVOBTO-IMW
z6^WzMhTC`~T-I-aWEHm;4K8WmeF^QRnlt-(x4koVjia`8=2t|aJ~Y1JQM}Ke3w5gs
znwE+ABdNONY2ck?O5|j}hgHbyPgbZoF%u7*c#it0xE;S3_GUG1bE<Z?Za02cVrn0k
zpla9Q<UHYU#^!qG@C)oYN2%f9!`3kGD}L|#A1Pu>gX$l0aUPaI8<kNXIJ18GK!Gl9
zh-Mr9?zK|I!JOP^aF5(xAa&?Mcnp_S({u`yU3((Z=?{O+iLdQTF)}0+djnk03L2JR
zKa?YW>9$O)B}}}?DJ}HH-1}(l(P<`#j8(&U;HCs+TwLwUVTXtR<sh3VuC|n=%wNdG
z#pNlx8B}FRq@3(LD7N={VunN8M0*qJv|pMF3jFXzBli&xmF(v9HsZvh)AT5tb;-d-
zwCKuFpdd+hI8E4FQTsq?EFvZ44XzquL9zPDW)8=QcIW3`uGI~4KRk0f7~VK}adu>j
z^-bOoaXgXtD4Kh2rhb<x6^EdQ_JN+>DlhaCImUb~{yh4aa=TIPH@V3XBE;AzHlO6z
zmR_)8dYsGp^yy8P55CDI4ak_JgBf<KxG2-<AM%sIvY?q5&-#Q?og<f*qIT)Ew?Q2k
z&C16VxSPm<_4v}qRf0-BPZnRO;TpaY&HSr;rN!oblW`|W*(Fk?Ii_{@1nCqb7_yaW
zQ2|By=NZ`aB^L8-vp-RaR6;4%Q|70?Aw98L$Km@<@Vz=ua8{qs4GZJ+czfcj!f}hu
zWd~d4qdImLw>9sMFQG!3wa`Pdehu=I3=xS_H;2ycDlY1Cg0yd|YS>=64aEBh7oI4!
z_=`G0Yf4}bxw6=oJ^#)}K1141p6AfDQ}Ts(Mds;>%K<j~dovG#CMouthg4fQf+O>u
z#!pa0JR**k4@`6=0=(!lknan7({~SGm7TTlS486QeIQ2t3SSf~JC}0|?-nIrZ4_4o
zT%t5$_*Tmihl04N7*pG5F*FChiOyjNoYzgjtNT2CL-jn3!wa$D7AE-l&kV+fxO0}4
z)8MK7!B^5D&1b8p>_Zw?qg@dL2Jubkt6Hx|kxSh_G%%o7Tdq^Rx|ND<_eaP)*_uJT
zJi$;=7<pZZ+TK?%YrHq%dOtUfL0|GmdLTE>6cvV2-TBDm(nXGl33aZAUuylO8R8TP
z@vC8NzjKGfJezOeRXJPUufJccpTgFiAi%@x_8$pL!6IK#c7HElKh_Gy=Nw*<irOz=
z(AQpUP4ti<8;=0Zh?NGf<Z~49=;`T+SkIWzShK8YsHt&AZVMwgNl?;zqS=G53HhF8
zn6lH*JdSWIQl|BfTNK{8>W!_qXEc%xGcM3A*y7<PFqMvNFp)07{UgmEOFrzKRs-_0
z1I#1BUZYefj8P|MV=wto3dx-dhKL5~Ijg<K`?h5^A4Up*iN(u)^7z=OsHY;pV#_NK
z+YsIM*<^jzNMhVBLB9aUY|^PfSG{IaJu*-#Xty32%8m~$*dK2ox<5o#Y}F52H0%88
zi`|mf89>hxuq+iD?r_yXOZREbsD=Cd9WkR>awY!N&g2J1cze4hET`L=Z~A(fN+Fe>
zNTCW4WK{Zc>e+W=4j5=FP$F=pT-zBv6*Tmq#%;^$86F$U@IFnOLX!IFKJL8`ep$`j
zEjY(ydO@>ys-(^kjK_d|aL{~;SlyZ=#pZI~B)>Q5_}POMUMP`!j|lHScZF_-K0DXI
zHNJK*XhML|9BJq@_rMhYmMW+@0%$+dhTQA3#b8&}16jle4<CD+&blNDYBg9RzIS34
zXF@o~&|)|sUhq?OG#8563@o!bjzPJ78FA%z{s^bO9;zUeMk&q6>VWz@TUvys+;b|_
z*-$IXkHuCYugN*k>GHy*<#qUb4Ho#?QYookva%!_22ULPgc8&z+0qEq)zF$~_Nbdm
zOUtE1I!o33OOaW2Ug-TX6=oV*XHgtOR^~ErJ(+45YimzGT3Wt~$eo(TKz_6CU#~zN
znKMl4$RnXKEZaq?lVszw>}|4la`HKb$(XXsWTsYh8*AL6i<+9H>7i5qIA~kblQ@D|
zr8)Ra8KjKbhdz?8fs7P{6cZ}A5BjcMt&AJcS~{jFS2b`{-(0yF)NCm$oIlIjW2J|l
z8%Lv9)xhdhI3n9mQ=T{`Nas_{G;HXqZ1fLyuiii)!Sq<WDA1~)lI~(-eEvM`N2D=w
zrY{=jRA&>7u2p9DCmBo(cNwBk2J=@+Io03U$Y=>LVxg&>*|Nz(QQ>LUCL9iqC_PX{
zEmfNBpJE`L%NGdvmlUoCH_T`Ik<!uWHW_V1ado4j_6X!@PLpqQlN`$*9(edQmk}b*
zn!diTbK3Iao5A`1uC;>Sr=8HFOmE6JZwC7cus^AZbjgK`zSj+xVu})*6WmNw^c#3|
z`;oY`gia0{`%LjcMzLSnvqOq!^*8%IKC?9sCSPHF20kJJ-<Gtsytc`nRQP2RMZwit
zKN&6JfP>NeYC8LZcTO}{;M(p0yXe~rVm+5aRE-b;eK4ZWnMmj7NL*)&OQ|*@n`?8o
zQK#=$X78XZ$v;z8Bdr!p^yE&gquR=J>B$MzWyfWdwyAi?VXJXlUQb5K;Eu{}di!5y
zT2(1<6X->3J$#acW)(K>qb!#)(wOeJkCS7(zr-?DdhI+16<4FaR2{6^;E-nZfGcfl
zFig29C89};52Rx4{zdQV$kcfqbt(Z=8A8q*9F!1j0&a;g@OO<h!h}v_4}g{CcM92r
zprq=GjAG5|leJS}ouq~8uOq_lQ|FPF*CaMqelqt;ZjO+ii1kDK0M3p_X*onUGo}s;
zrZ!=X?DQ8>JH*VNaE=NI3WpsEz1}O(N>mA3c<@r#EixwuM|w1BXUD8L+<}Wm<>2*s
zNT1V;UVI{GIdnfqz(kQLUT}!?^UW+vwP=o!2#jG0-(-n-sq)e#A!bZ{=ZcAN#Dc<w
zoxSBWfcXZzn1}6_;r&n9p9C0Uf`Wp@hZ!u-)I8zgBNfn_PiLJFfRWQsNAs7*>8Q5-
z%!wS79!I5ZA9tOhRcua{NbQ_HTFCkctuuVK`?TtFHn{oT=-eAtNl8g}c`{*J7QrB!
z=tvUo>TD4?*`TT|c<Ou=if#sUyY1mu!BR+!xNC88Q>^Bq<dKt+HJTi3ktAM;@IGBC
zpUwEdtt)Yjp%XqgFO!f*4h}nu(L~%EaBkLBtPf@olxW*TDLbE%Kp|`-9Iy4K@X(&i
zG<kmY7ka%Nt9#vXee*;jPJ4B8IcJRH{rmS#!f36JWEnpo-Oj?LF&QKn-_%y2JUe&Y
zjk%ITa+!EmwW(!hC->kPgEdE~(XgLFjmfxD^TiZxo<!~1rPhnR<aip}gU6^P@blK{
zNMn=XpD~BK-277(YOPr)u~zU!2~W8f<}EW9p|7$11a&lDoNV0;%fe_5g;I0o8$La6
zx=j8QVSCiNyN}hla)CQ>7NR2xQstL>s60^R;;xCarh)h1Yo+J(jE(WzjCrA@=hC8R
z_-SnM$ms-txQOU=*I-7k>&f<H308_f7Tss?)+g~5>U9zEs-h94xwOs#)-HwIEtr{M
zBO{Ctc1k(-F{m9FY+fZ*_|s@+o(xW$%FOAVJubi*f573(gsA~l5Nyxn9Z5=qZ)n^<
z1Vy)jnqpjGmMeNeuX|ap72Y$bwJI4+k67z7Nl0ZK!)yiroRpMmaNTR;!A6?a3%42@
z|0x4RyF*jm=_FWceyywi$amifD{2d0R81Zwt>yNvP-tz)u&_g31*W>~@7$=7ayTiS
zaSEFo{Ag5?w>`o$`Q`%Y3Oc)Nvu$CAU>r_Hn8kl!c?azKA-su;?F=IF3ReYjT5Kng
zW}I-U$|5I9Hw>#+B7(0NrwH?}oQWf>ZTCLX!G;OfXQTV(O?`yMM@fo&nF&u5k;hF@
zJjB15ZraB)O`89l7+L3=+4O~#T;*n+#U|Giop>~|ADeZmja{_YDpU7$&qapy@T_D+
zHDCrlt{owg<?FC7Nxde{zu2qG?>5CPNk2N4TsV=T`H2o+TfWUL^^*nOx)$jsIwm5I
z**d0GkjpYwHE3e*^4WrsDv@r|6&GH=dzD7&I<*V&m3*#kzb$?%;x?3XbD16&CHJxa
zHiznBhV)!ncqM7BB((WZ51|I^Q1(-dRcT{QcZY^%^@n1QYL^bstbg|13>I6A5@6X1
zqUJa3aKbXQ9_u9s)V1X|X1VZ3xtb9d6$?GUsF$%x`%W0=LbZ@=?Al9!K@miRS(Q2Y
z23ygDwR_6>;9wVdz1>4yKA>VP)=5Bn6ur6>LE8$NDYHYsO1yqnO2FZy@v<;T854nM
zQ$TI*S8{7<<GK8yA#qSYoUM4D%So##s8#e)ZS&R6j}a%Vuf+NA0#{7V2Kr=dsmoay
zP1F^{>*@6E@h(-f+!k%Uumd$xS^yRH^a)m_=CWUUDK&6Gd3r^CdNKb4nfvqmp4bvD
z*;ALzk$i>vFD4@DElvmP0%^AGxG<Wfi`SRPt~UjBt*tx-=9s8Wm>3A_Xqo<vKxR~!
zn;kKlsh73R@ZRn4Q%H~Bveu8DSY4$qi`5St^RwzwAcqx<Y7s!!T^{LNHwZc3E3*$j
z<GOGUNl5~&tu)u|^FQosrUt$7dPvZ1uWv3td?DW_p^c%Vq!bOr3tYvlT|1esvC+X;
z=dLIgJC}-Qi~sc$m1vYo76cdVqFx&_pIuyp?(XtE<=k+>&pVde*(b5N@r0tIdZS)v
zM4FnGR>U>9dE<+gfr1r*F;>sT-S_h7LJR(9r-E@56Z^l}YxKip1w(~_>15ekC@HF|
zlzho7COWFxv>o;|kl`kj^z^$g!Y;2<CSdEiV=FUqC8p$M`!}Ork=T`vNKvg_9}RYh
zg*@j3uI!E>BlH$%%LkFa3O}2x>}BDAvwIT_SM>fP!s@5VyDpwk1zoRH3J(h2Q8;El
z4R;uqEj&~BkSQ%ml#p<<$}dW-nf-X=@t&98&l7E5kOfqus=dm{xran0B-};OxE1jd
zL{H8Uw8ia^Ohb9!lKv_1a^voCH>jPz9QN{tqC>aMqJ<COfm-4D2K;L+yGOK}{JAP;
zD$P@t&|j#XFb$C-Ckzb8`r-(+&@GWNM0`w5n^MNgkQRrp;@S@XWbIb%d_VWh-REVy
zZLaONo=s{&_4sobMq*@aybii*Il>KRR;l7DDNq}8EnmRbI_B8&2v!hRsMGr7R0s9a
z+MBZDJVusd7{+eko3dI)LwJ=A&+y*)As|9Y+ISv*@=m%yxc(Vm^Sw{!hw>-2auY9L
z;Oi5E$@MLwSXz))j^=v9_{7-EC|>uw_ge{7P5J0Y)}61}`Ew%j2t(k;&1MH~HuWad
zE6k>SVdy-=sWf_o1%<@w-wi29s#PODu^A>Nro-m5aYQs<MfNF<B);nUDyN)8)!pHt
z?>PWPEJO6b+5?J?@_vZ)y(B8v<Q~QkOAi!$(})%V1L1T(6U8depg!EF&UX^$#!NGE
z@)3gH<hD6~apgRhT*!(x*`2^cLyh9kHN-ZStLNe~;0c9HC0lK~oj?(<O1!98XmJQ1
z6;7k$^=j9WETXe^-du>eXrffOhfk%%t88xCZCfRzhuybvsa#o`7(EkiQ(-ziAF1I+
zM&tjX?JdKq?7FpK>5@+AMmhuu=@1bRq`N`7V+qm?Qqmw2iXhz`i$)qGq;ye&<N~DY
zo#^ee-}l(}-haO1`^m8ub6wYrF~&T{d5%#-M+D(CykHU4aFJmlYIwds7FvuCG)^bj
z#7{6#j2__{2Zit3@GOai>Lh7BE#>9BTFOxiVP=BA8C02lS!HT{W24)+6^GT5XO?Ix
zjBoN>imJ9n4#k)~BIj8u3b(kwy8|cf7Rw{;mg`3?tGGx$H6~q`D`Rr>K}~~oKWY5z
z$Ev=xUuKn5dybXl;;JgTxi8i_ZenfKXVG(K?7;kkMJimg{hM(K-b|HNv$8W$FtNfj
z#Opwy&!!@qd&c9{<4Dg%gk_G}I;U0~-OJkTtu0{oDVi@w>q|pJQe1&uv*d;h$Kbg0
z`788oVee3uN|nY#?vo4o-P1FZ5X5p|6gn&4%R}Bwt2C}VHO}C=tq;E-aV(^@otyjw
z)V>^>dxhiXxgJ~793#LsAw?FJ+0E>#*4d8>K!Mi5Wbj8!o{RNdu4S=S@ly^Xv0$X`
ztK7{~`B-u!K*Tcb@!Gva!ntfT)<|AB%Y2jyKiM}8;y1hmM_f7(ow$)wnBMc}CJZLo
zEwWoOdhgynW-n4EB1j~(aJ##=mj_FOZJa)E<_))actwTkbCM-oqQZb}cy4f>`%)|~
zBE|18iWIZu1G0VRc^tJc;(WamF^=vpBwX{d8@Xh$@4T`wCa<f{OW<?@&KO1B`#h6Q
zdAXn{`EK&1lJqahc1llSOa;E0p1ma!z;GA&!Y;Ch-*s`M-J^%+S&E6VOGc+~F1dJ%
zobj%;w=|huBn=uvUXfK_ucZhIkZp1`+G+O)T&^k*PL0SH?X-djDHpo+rL__-bzgR}
z=Nq<xiM3lO@n?Y>#?D4G;XL<GREqeJ=UbWO?YVeIUtENQlNrnwo+>S9>gb@i-yBm=
zO89BmMpUhw{x&w8K2RM55E%WoHx#tc(Y=Q}8sm6KNQkg|XWDEP&*P&iwV#U@FD{X~
z*EQWK@icQWAyJ0OMKs^9;M6C=y#xd}gOba(bK85x{$F`|2JH=F?wNJi0TEn<&6mfY
z*#zxRF^V)kNiRH;?Pzc@a|yBtB#2u5-o-Tec6@k)q2WzYi_l;)m-2$PfNd`a5)sj=
z%xY_Md}3Bl)ANi5kz%bcXahd?{c0&GJZRM3^k_wYIJYZxxew=iWpzXh`7|wBSSxXt
znIzO&=gC6jVg$#vNBxh?z4XwCi<8}s&d@{6W?AZq8Pj(3e2kmRE5XZOU*hsaJJBXV
zL$zSwhN32Zj@10DPKzdJx*8AJk55lm5Y&y=e>Y=ZoNZL<6MU1SV1JrkxrEoY_vi_3
zyOx;{xE?l%zu$!w=Chd=J}$vizPFeum(@;=Gk;=?$Go-RxS>rY4yk4sWU)k0xL@(r
z_ZQz=VSoA3k@0R!0uTHrT^bYexe*^URjDA&*~=*2L+^=lJY?~-ea=xg&tsc%@5a3j
zcX~*r&92oL#6Cn>UXjDh#KW5mW#`UDXH2>LIPHgr{~E`iYd2w;g~Oy!^67o}oc}WU
zTOl8cAHJ6v6P#<~?M@w1W=Hm@`1=}k^wg|@sRn+o=iD5{Hu^K?>LBGU-PV3V814K^
zC}(<bfZ(Kb!8?WMX0+fg{q9%FfU;K0t)6A{IhM_D2ZZ$G@0ZG>y&|HA2JJJif6l#&
zNEKo4R@8tAoR>aRZML#xcF$WbqoyM7hz%x9Z%z*s)8{+MPb78He)Kq*Sp55ag}@n7
zbu?atd}ajm`5$dVh?F}SNhsw^Ur-5qk3)?4mI}B6K4|^g;C&`Tk6*XQysM9m(e%T3
z_ZHVWtW1-JSq`1)?;as}ttCqv%qhRSWTlBcP#5BIBZQn?TqN3MrVq5KkxorcEvYYm
zI|=u&TUwUuX)JrT*u-N!hL;kj$26gRDTh_#bi?-=Vr-h5*yML{<yC1Z*EpjR22Uk`
zfa?ra7^n??SlQD#B5@s1tldNZG(|_rUkTJQXO#W<wUV$!@Y28JMC~%Pi|?@s!^vsF
zqZ<Gbq9B;}z1FH0l`mye&U_e*eK?V?*ggD1u#+wtbQyo;AHn9+W*z}m+&xe1GQJNN
zfxu}mD^~<{+ROx!xXbbQ--)^)`kh%m;5c(-)hIKNn+QsMd#pKoulibJOLcMP=<0n&
z_8tX0e0fcAQ=QAdu`he!;Ny>O&gJo~nG^ZDf(9a5oPTQpcpNd80|()X`K~kKyV>L>
zZqX+C7ZGjK{mdK1Fc~kR(X&ZDOnMGE*c8axkO^MPNR386^uIbHT`s!Nc^(p3e|jNt
z8+j}*nS1;v@_2I_d91-|?qYI6a#6TB2ayuvB|j5Fo-cEWsM(Q1uHaqXg?hDYV`zu(
zAIET<eV!W2`x|e>wCyxDGzF>{`dcl9PA6t24pTd(dbnC~+gMZjZuqWG3miyKx|1YY
zx26z*o7kzn?i*-yvrZ04i&;c6(v&1h-1Rjk)>E~1RS-RV+rQXz-iZGiL{#bohY99#
zxfsfHWlXUPfR=r%qinTH631oKV`dYm&d!|WAL26!&}K2lSN(|?zc=2o$-QCyqSV@f
zVx%@*X{}G~xMs4;f}~STS}qTrZe5>hQtd6{udz1B)H!eoKj@}1WHl3rMq_(-P?`^s
z<YtP;$K<FZ#L`@6;?Q_br_{RcVNc6N3qny+wVN8=){f)`jWs$Z0i@+fGDdM$s-Qjb
zkctZzQH7nu!JjhF@!Y%BFybQ~InKq{*D=w9A2?nEhhOX`{<P%vTG5mg17_q@TN3|K
zD&Yd6#$zj-A)_|MQhSruBA$a%ZJib(2~z}N#BwB-$cq7gN2&EX1eo!Bv}W`ASIZw<
ziP1S9KoEQO`KJUo`-`jnN*636M=nd#-9Ds#0a=^gl^<DTrJ(ZWH5^Trwn5jBR_F5<
z6f57a*&do6SE^g;U8ptYHpZoopds;GYi}dQTp!ig{J@eqZ;?HBrr21T4ArT6>hl)m
zP-}OoYx-0d<lqfgNcErqbot3v?h+q_Ed1NYYu|XpWaG-*58;~*O66TQ2JW3*s|?l4
z%L_K`cnUc!7z-+F#ApfGZ9U#y1U}Q;^jBKtb~wY&pK(ivJy>+Sya>$7?=S-c1MQ!H
z9?3y~C4R6}sUqK3HP+}x3TNipzaOo(igsUAD3!g>AZr}lP7@ZkxMfZiF<J_H;)T00
z)1spv?D18ezj@l5g^q!-?;PEb)Z(sSuc@9sj!YpPI8&6&PRp=TX;C_P<f5chqet#F
zo|ce+LF3PF#MugHr|^#c=Nv{+?G*uk-TgXZ`Sv#Dsq-b-lJi&4>Zi?mf8GA#U~Le-
zBUmi=a<z`TX!|Ud4w1WYO9jUtxMR2}ecPqOqe>tjyu7@eeRBPE|B;*a&Dw;e>L)cO
z&>8rjlWk4q+UBou0X^ZAgE6JHFC1~#i>^Bqjecv5EPi1|{4^0ZrLmJ%M9l?%`k5<a
zznQv7lLEGOr@EPKSH46UrdgbV+j4ZQdT>{r*Pexig_+UAx#Gnr-^tD*8t9g*X>JyU
zevSB5?VU`f*^my}U$<_@0^Itv__L|~=YiU+=eV4Z#!popz5o+>ng)#~@*2<8YlhnW
zoG7OaNOKq(7zm=1K~05k+d7V@IhGs|8+?kbVH{{|^pVVG`zC4l@E|@l6Dih`nEPUd
z`mv1JCBr+5#Ozy#JjeMQmOpwwh8SW~te=gxFgIXMF8T6?1a{Ladw=T_B))Wj@v6fi
zLS!H712Q{DRN=?L*;ICTkzp&rUEfk{4Y>Q%EH-Q48*xM|L*fg3sfkQqy}*KScbZ*!
zmd^2ZN9iXa=Zyha{O+|<Uo=rf_@CW}XUHJy#YL(P#+x`Ia(`-b!%qTDqcw!5gjoGL
zMZ+*Bt#2dexEQP!>#T(x3q*W$$8SftO4RukCM>mnXXm_+VVbErTNykCOV8H(c3wnK
z^rogq*ezxFjs-MeQz<Wm8#VcX#$$R9KOsG@ROpUb#jh*hiQ@#o!ASeU9*yCl(`%^R
z#j%4ksCeq2UZRxfbG^phpG<5!8{g!|BWq&eh*++hJsj5L;X6Ax8JX=j&@Cqu-YVa%
zmvt``2E(KOA%d`ytv}n~#f?b9X+TRq*`PoO@%rivFUfIcV0x-Cn?OMJIZNXAezzvo
zCrF*1OwKJR2!9$!+?<er3j>$!o@G~MFcZAy<lTKXB<6}9BL>JuYQE|*i6VZhBmN5L
zEgF5fcHi*=NlO(+&Jz!>n84M7JX0J@m}`-X+9CIl`D@^&PU0$jmyWk*-O_oc7DA<6
ze`LpM@9wkIx5PKH)-}8T#N4|}^?1Z`B1l`k#&kf$UKhsHlYr^EKB5m@;1_4^B@;h`
z1Zg~+b-6^T$QKPy5i=?ICrJ?>fQ<)R_o5&xvX0ou!{>xVk|6KW29nCb<f5B58aM%Y
z)?-WSYtxbTIREn*EcK5{rY>^^{1c-5+}N4@<>f!i7l!F{24XxE&}%~uO_hA|BlU^p
z!>i&`Q;`H-Z6Xr;5t9%}TEjhlILhg?mpZ(M4#Mx%%LbCxHsuUXNLz1EHGEw5lix+M
zZCu07ruveiQ{l`zW<0b>2;`7B^BN;E=Sg2!;<DZoLQrc04~{Z|qqRAmi*%5-v!am|
zRSpi9HaA`3kDkz-jukxfJ?IDF^`Q2b$Rm!p1I$2&r+Ul_n9+elC8CyJ-mPT?Hf6q-
zdP>WnZPG#ETEUGpIhSlq#SJerpk{m7#5)r$D%K9e;JDeR?PiMN3~>%btv&a+&hV_8
zJTjL}`g+BH*+N7z_Ij;vJ=~9+4bInd4lFLl3?qoz9#x2KeVjaB+v)?&hbbyW>P?m<
zwNCKqB|mW8`$?`}{gcdjCdVuCsIfpLJ5U1u)nWr7wgf(wXH!rqs7=Xx)7dy}A*D*;
zWO!I!4lPzM(1tCZgjIihhBsr<PB3F~j@-Czd>yp#bqh@f`SA~Cc*X-S>eJK7u(xjw
z$Rr&3yBuC<hc(o^!=7wH#eVtntXn!3sX0!k(M))u$s@7ni$qy>6ujjOtD{TC)c1ja
z0CrHYQ#8k0Z*Ok`1Vu%yk3z^s3;C3_{0|+9mi=^QrK;%M0}B*ja)-?g4U$;&zkv1|
z0rFBaFp8L6M%YX_K0GK$`qcI(0XlB`;CrP58%{)S^EjHuzH$NdmJMk>&#TX8*L?ZV
z!LMhe)UsiiElT@W4EDwi!-nl@iecG)YNGUnrarxngX#Wr9~V|s9ABFEm42eE*GW?{
zU{*<RPA}2hmHU2^2UYZVe20YVoD%5KdkK19Q)8U1e)~Qd*nX!jX?^S?wZwGzAL#fA
zlpF(o*enpMJfEft10jIJ7Sfk^$w>U$B>d@QnX+H)Ir?<z)jOT^0gg(b8~gz{C2Pqe
zJT?=I)5GR{u^r&f|1x#90HoG>V=|$gp;+njZKtP@s@6L|EKggsC3awD`Q>9wUc>UY
z$|MRqb7bu#Lxt4$4owYBG7iT6O&GihCv*Z#2@dlIG`ASdMG7PQ+;7MG7?F>k|8AQ>
z)mK=@fUhKHeM<+`Ll=bWAjxc7k1IsuY>{8XGK->`)(Z%>9)1)CMXbnb<Nj9&C&zvT
zPQ>18D~RO_Er@B?`Aw&dLE%_K?{b`Z3pVpA6@tmTH&xN5aftI?HLr!}Wi}by9U#^z
z6gU;lBii>F|KR7bG1o??aiXQ8EqvsJzAfe{r(yBArbBglocd4ly+GFHeEVw?RFO-9
z&Rhn?=%bE5$bhg>X59Rgtm7(M@V+xleqP}Skl54HJ;J5$MKOILU8eKjk{2Vf#>MUR
z2ZClN?l}bow^Hf*PZDpeWuBN0?z%}X;!M<Zul6Y!EF1P9T{n?oHsjnBOo!QaN8>>j
z8CHxrdHpt<JT~kcbV+L)ttT~%JnTDt)rW3PHt5_n>2J8Q4l1XP;#v*8?eTQ_-iB?=
ztv`@h<2N97GtdgMQRSznLV%%|p$F>h?jbm}9zBe%M-C+2xlin+ob?dt?b`viKDW?@
z`isXst%hg^UAaqLH+=`PvLRi|a#+b{XQ=*5&rYIcU~<M|pcGYB3o=(g9P?{+pL?RO
zbr^lt8s+#v5vy;;*9xJIJM;D7j*HDmwQSN|#{OA>F%mc3)oH6=CQyuAZ?`))DP--(
zkB){)Ozou3$WOY}B=~e}B_sE?@}BEti_eGY!QT|Ae?MXgZ)g3DX;RhaB66$0x+y#k
z-1UJ#pjGACcrz~f{nb?$6(-lBpX{yhSwQ4*dmz+hO0-HvY8+;8_##otK@FCTlIuT5
z!Z+%payH8KwI7G+cG|eC#k=Bn3RZVP0-AL+*Aj;`n&CG03=%387>Jjbj)cL)cL`98
z?!yT<&=zD7xnrR>-)Q8F=!H9fC`+{CxsXydHe$AHaEk~!%qewa#SXPD&sN{uxze0F
zJG_yWl|`-|$d5ze7U>0fdKpz!yv2|Y9~gzC7qSgny<<chj;(ePHiEa?e2KZ2bUqTC
znzIT{GjUGx)rp<+R2f}8?iMrG?H~RO_~MSqP>u|L!rNFRmO}wnYrRjp>QlmI?cGsi
z_sf+=b&#{X*uN)B+;!FZI4f7>5glEJ^KwH|giLl-?+=&qdE}tpQj?xU$E@Ia3IC6^
zY#_t}9iy<jSr{eZ4vXId!L5%ytNIm-3-5iuv?0Tu@n4DSL8jmLi`^4Ljk3re6wA1;
zpCFM&V0Agm1;Lz(b41{t?GHH~|8@s-)=yolpT#_dkKZ&^*JO4hPM{KFJyCyr9Aqnd
zha@!~RdIULk1lU6q7>^kEpfoF0ke!cVqt>k`I29I`=Dc%$d!z*1w~g&Z_w5Hy@=Vv
z0@)fVJ#UgB{aSe;%DTk{KWs8y9l9V<$fgM8mHsQGk?RT?H>ZqiA*_YPw@cl#^A$JU
z0$QFO1xRVdDV?1xu%{)y<K}VH!A(J6?*Ke7Xx@uv(-srJ2;@m#UZ}RMP92-Awr8I-
z`9xIspJ24O@4rVJKM8j?TPt5^!foF^15K$VKBoQ6N36hLcfR}8r(EGN@$x3<m}d<A
z=SZDi9x}n!b~vkon6}}W-ABeJ)M7eG;)vy-^|+L-E4GS^l@;?s%gbN~(moo;4#fd%
z-BF|RPFROb((p*OAZcN-v?*jg%XBQ?PMf6mFirvn4ZP~KsN<~3(WFEySCPm<jv;4{
zEl2Xd#(3nlt9sn=r5e%gWOcKsqQWKu8m&!0G)W|Weo9zJp%fB6=#Gwy-FjW&9+<iS
zSSI^}C`Rr<A5}6j!S&(Q=2w<h5=sH@yYtsuckwqIh_HTvfZrAb{9uw=j0|r>es%Pg
z)tb@1ehF-1Nc!?ccs=LktDpJPJl;b(Bpz!6#HUunY^GJyJJ2xfju@SX9|HBLn_lVG
z(;C`^iV%P-LNfsOW_Vl7Q~-Id9ry`7h$v3bijtGCVm5|hg)=_B!^{{&IbVgU=>Sd&
zO*x>{n}P69{h@q-V@EsPvq&@ptLvqw%|S@YyFsKt5v#84__BY1C8BS5r%q^H$ciy1
z5_*0_(U0W8k|tpHajx87Aeoo{U0aJz%c)!c@Ni%P!}poy(;yVAT-|D`yvue%(&)^{
zVmV(<$ap6)yH-e}+Yjj-5f51p3@^|pjdOwX*x_2tU>p0hJyfSdQz5lj^%JH>sZn&y
zvEM1x0akAxpS&Yg&u#8gRPPPcZgQhicI*o|r~-#-r&S(gHxq>{<h}|xb67jZTIhFi
zXhhI`j<*RA5-tMt9A7?vVX-SDk`lUfLxF%z&L7aX8h-az==A=IyydiBOAkei5h~X=
zkN!(B%jMG7g^%)3*&q7dL;RjOx=i47iPDkzBXT12Q8Jrmn6TS=aJ8E-iSN$|rqk<Y
zrx4xAI*^(%zgY-EVkwV4Xn9nTH4&6h6j3b0E<yISnrZNc1wWsXWtnJ-=X^&yK#w`^
zPxQunoHe3a`}Aeq^^B7Q_IR9{oT2rqaTdC)NL7PfJ%j1Wh`;R5U?T^N9lcZ5SQ@jy
z4WpW`n=8fT{DHCDQ!gxW-Zi1V;0lQv$V`Mr$0o+6h7nWX$XM7{6_yu0s*OC|Sy^8e
z6xnmX&PODb>gmmgYD-WOSSAdr=%nXf3HF??m`Br>q!3z(qKE2=KC``weN|0}e9p?T
zpz0N??I?G!z3p~aH~T2kM~?jAr6;OmSZ{^H_4+OM?b-0aD^gF&7W5Z4&4b5{kXRN+
zX1fzi-L9q}KryQu_BD0hOVv4g!L<;$D9^QJiz)u9oc(mVsPmxoyJtp3r&+S)_S4j$
zPw#zXlArE!JOl9cYQ5!&u35)+V3p`1-od;ZfHcL8e_dHe{X?$k?C`6!VAc4f7OHEn
ze>|nu;Km}G#?i?6I~!?wkYt00hX*}B-s0AWfyUtjeiIkswx&g{mObawz`iZ#Bp0`t
z<~`O^aM6!T=YPqDjEY)yecf=4CgiotG5>Ko7(fKl3&d<~CpI6Fjz+Gp&?IkWjLa=@
z66}hp+HZR6Lj6CErlI)xVcJpl(7}NMRIKHu<H__YP{#ur^B^Aay&hRthq*fSrnnFH
z0Bmxbwfgo=bLk#yv*Y5)P|t@7&=A3;8@)&DVwghEq$jF8^mCqrd6~qJ0*uLEaIoEo
z*|m?AywC&~3jhETW41hdCyLQ-Kg+m51?|gL3Sm~xs1Rbs&s#W_i}|mVfD`6FH~*$<
z5S@ZFW77@7*|_3-orCT~2NGKUNm!Gm@h4Y)$JrV7jxS$=nbcEj6Pf)=Sc?^w|FIH+
z7|2pg8k6%OmuUj&m+?ov*!!(-X)|Z-GZLZ2z78y8-^&Qht4}=1?c2}I-q9VH-xn56
zZ<u|n!{OHR{YH1dZNn@uAesKJzvjF3*Opxq!jwd}m>#&_JfKC;r{nQCraZXQBu***
zDnj(FwpXPECJv}nk8n=Q$gz#%mQd)F^(%E@@~L)LSWLg7-3zVl%d^97`Wb1+*;=aU
zT+L4oM{o&-15vwmX-b;~nTY%S>aS~?n?*zVAnSljBOc<iLe#FK!Ax`**7!|F-ISy@
ztS6WO|3<T1H*=@=v4qKVB}DI;Cy5X5vlGQ8$~~kj4)u?BPf_?yr*ZkH3pzl~(zHt1
z={;2O;uo&9Chh>97o>BnAe}pj!Es)V&kfcvfVJNLq0gE3GJ&Vr)koFNpKReH!n|?A
z7RN#aQM6prJ>`b+Tp4+0+dNGx(UAa|a9rv8FL@0r&6o=1jX2b_>peX^xAXV46;max
z3w3hnPY`Ms4wz*TK$bgn#@Js**Amr5o!4XFgPDs<j=k)Uup9jc&|*13Ek#c=entZ^
zjC;@NRHIrfJj*GNlgT{-s;Hw#SMmMJg45JDxf5QJqTYp2ffLZ@l|KK`Mx8~<+q;SH
znTO1MxcB+5doD;`XpZ>!m||!(_G)N)2{-(!q(q&m-)}HJ+vpCky(-cUQF(m7q*|3U
zZn9}?c+47-6ptg&A{OCM-a7_wghi0NA?WWX)@fO67x-yzI9(9(!M#BV`C$UDg2iwu
zqA?9OI%XjP^)4nBa}grG-jn;QFW)9$qdoh6XVbA<wDO}yy_V(jGB4hC{|S<1wf&V8
zge<#vZrLBCQ*C`e1?cEc5D}>JO(Jt7if>>D6ln$AJurOW)2Q=GVQYMCS?#OV-iUGz
zg^PlMjIB4b0ak37=yFqZc!iG(JwoPfSbDbKHm)Lb;S_ard*ka-m{ew{|0Z_<Fc=C#
z!5juucH|Hg6ct$ZO(*TSDc{#*R_s#pnLzK_R_o_a=-t}g7o|KYD<jtZzxlLM@nipb
z{`g9AAq17sE0_PZcQGOIq<Tc(#`OTUJWR@-U{NEiYzOi4QQYa})F%(5A4YHVP%chv
zL-@EC!CPSp?ncO2iOP7CAMn_$7H@y$esz%481o@d+%zIWDWDm5Ir+Ka9IE8^GUZu6
z&u8M5s-A?@@hjy9x}d(;`Qtb`YG6K;k!(ACoLYveRQ>#oF;O;mYt>M+>9tCvVwc!T
zB=~oVX>cT^T~W(%z^&W0-G4RKSeUG8yjf7#zcp9LUyS~Q5!CygdAa+>=Q`QvidJ-8
zP0&R{m5SPr^zCO~*%`;h93W<<nF0!UisPL{2FfbyW{=D|9@|N4%Y`}z{iUzt3<JLE
zPUxI4MrLNbt+DmlxVMG1>i}e$%9xk-({bONRIq%t(yI(hR3YXzIXpO6`t?)YIaH^l
z(MRxg#5cqxO}^}3feg67Smt@CycN1f{?N8N6W`aU*_${hgDqBtHE`w>a7aM;;cC7~
z*9A?p%Jpxpz&s|mON{ZRa2vnN2er&_J@@8Vi;Nr0hmOKkVRC20L_}HTAs%0Lkj;`c
zrh+!5&9X9^nBLEL-$Jdm==eo73_;0%pjN2r@<`R8n^%gBjg1m*LTYLOAVN}>93x@g
z=37^^@5A#D+kvLB)8l{vcXPQJyYk!A_Su3O>APrB&VY@L`)iPmu!UnZe0Hy2*ZO2e
zevJ(HWFl2Gx&{r-Mrp{r<Ku9^c4b{zEt3$wRHlQ!`O-$vd5A4Dlg)Yyz>ZZ}vRkzl
z^Xp3J>dx|9RNs?~L-7rYQ*k&zN_;s`0+N@Z4*LF@yQF<#2G_1L?I81Fp_VHxr_-?E
z=D9uY?Sv<_`;;@tK)uev-q01rNbD-B<K4m*hRjXaE^ONbO+gpMnZIVkJK;y9(r`FM
z+(GDU^1SBawu$a{+f{GE9N6av4Md69xNoA{ZfttvLqyS4CSJv=X)&7zH&ew#MTG!*
zUw@&3+jD^C8f44Z?FxUS{l|n$B4(fi7~-S5U5q?w%zb#(bZyLvG$JY?kmq73Wr+;K
zTziRhntmxRyLL4gC)e7132WVGR9=v^_AxCjHm0Vg?lv@6KW3NF!>x6tFAz7}v3V*u
zL$MVm#d+_A@)b#MIKTolXys)TQVEaW>tWNtO9~+gWF)SH2NC%~cQFxxVxf)TVcZ_l
zGn{2oqPeGUF(Sj9aEw!i4(O4MY8Zmi+A+j@j^1n&#wDG50G8(O`0ks8`m2dl<<<y0
zCh85W^7IEEiyKRqe*S>#jx;~yzgJC3X+Wgq$bZDjPKQ}mN{$xVIGa%gwJXOC@w>WU
z|MF9@_2(C6J71|T6eHc)m$Gj)`a_flFp()HYbiZ=3&_K;t+9qFSdpQkF?xwB^h+jY
z<KfX7ACUQ6QAmu47bA#s9qH+C_QK&0#CfxHtp^6R-<F5iXmn2%xW)54b<iJZx;M-S
z*fqpzk?3@tSst=bhPxk$AdLjtLF)4D0}E#u^RW4%+l`dxF}T!s@mK<TM}m{V>&gbO
zG@HVI*`PRNOuf(KC_Gr%mrkIIBlJ^qA*lW4vHq@!r@_D83O?ZWoQL!9to|a2o_Xr{
zg<maFVZ>9iwzuNQl-NT4S6(ac`iFBXxSC4s#ESiJRp}Ops(!SvvC7gG9WBy2KL3Os
zkIEWI8bfogM`111?L5~x(v=F^i{9+?{Y|y#BLaZN$CUTtH)a?bMIS2Yf!MA)e{R$)
z)mD`IhQH@bd*ldd=kS%8O?p#g3g%3iA;XD&)Si|hNlO?m4FZ)2TlX7{5^>9cZnJ7O
z<%_4r5u@)O;4Umg`N0_|Wt5cox4+lN>DE-%b0f{p3d7gljLOlc$BAES2#XtOL9UzK
z)?+6K(vqP4M2GV8`DHx%HP#r^-QGB2C%1IaGyhR3g38qcpf{;31N^qa_?<)*7S>X~
z1KvU~QB!6IT}5{}QxaktukkQjH0CuHaj~$1nT$C|<TBL&0XW|Gp%0gHYD!*Mf9&Mt
zxTtF^P2=GxiqWj>Ynk%z3yX^y&BMnkZ)o<e4hF4i`5Sl24V$ScDXAtmr-*Vl4@QZ$
zMs=<~;z7n;$miSG7|f@$0S;tJQy70(J$sl$(hy52ez*OqPB~3(%kz8Nl_?Y&$f1I8
zCe^<^YL(L8no9Y{1n32lr=9Xu)}6MmPm|b;zp2QvG9jI+8YG5X@qZ8znoZRz)>iM1
zY`zCy3Dr>k%+r$p=oftE6?fZ}E!%c0CrOM=$xwd?wuFPly0iBc?~CIXkEiom$^Ov#
zYfq@v6K)x*ztgX*AWY**wi<T1MDy6l8-MKUu6MZHTS<ptjy`6*gH6jFZZ}zCqvVoh
zc}q7DbiwxgIU$$z(t#-$L|14JZ4iFVWS)n>C{mX`6NdJ@dBfFrA-`A!s9sjhtP1;h
z6jYxR;fZ*XfvLxq6)px&&dk$Izpz;%Lv!}x43merh#<rB`?w3tDN0Y-er?^5-?DTY
zAO~h7&5&lG?+E(Ry@`A!P^+;qSNo{tYUB}z4VsI;&&C+SCwuah)sz{XN_>o8C>S1R
zYHcl#syUwYG~2b`Oh;rqt&4Cw@`io!AOk>q*u-jRBabL+e|Yy+!BR&;OnfQ<i;~*>
z$6aBoH~T(Xa0`-oQ0){=!a=7zMTHDxaMN`gWna0!iO|!N@o-YHB(Y83>Ngf#nrxrg
z?JR8ga4{GIvs^A44{SkRr^}Ae<NDr$Mq2hQSmm3x&e@#Lc9fpjFvS^O!m~$O_7~TO
z&PF}Uc;zbdF9eqJDt*F%I*hEgj_K}X-gL4)E)1Sd(Or~m<wCi0qu5Q5=CyXPddga~
z0yyYzMQIRk78|%rv>Hnl@!k(Td01#!LlZeBPv(x%a=8WR_?l~|gAejgO&gw;W@m*?
zGgdJ5(x8kn#o87C{o0s&Kj2d1B7b?&d$6*0RzP=EU<tew7raTuz^&|D_mb+TVu{N0
zeOlb2ONi)|{bCK5Fb+9^or@fa>d(1mc@Co;Vb65kTEZXe^HlmX;RuVwB<}C<q&6o<
z>$?ceIAg=8EtF3-KQz>R{yZFhPtgl*HZaQl5eJdQj8pNu^R=yz{da#Ub5Ay$+@R{z
zj7ikdgR*YJcUkxM=**U4{b<mG6@}%=CYy<?8#FV}+pM1`42I~NR$5%{^Sn|;BPrNi
zPL>nDky(^EroCK<ToW~g$a2I|(RQlorE0`Ky7_o|&D(Q&_O)>9EVt{M<+?K)5hg|>
z5*qF`Mn}EVK1ZI4dX|4ot6xr5uJosqu$#EXN2{GiyIeeJI%3`@izhnS9vCe@MvV(w
z(8N48iR@=v5|Y_RB(TYmp*bDF9eo8)J}C9@<(lRy8OWn3OE0NeTa)3xB#wM-V7M4j
zxa48QI?$23A@T;3vdpLz@x{#<g?N@wB=*v%#7S3KmVZQ;dC}QQa#M3NVf54E__rku
zKoRwx1>fI>1TyY=-A&9?OD%7xuWnb~Dd`WDS@hdmtVT04HxE&;o$od9C!>c0j0nLt
zRO@!J_3FGaKq2D3s3-fR({lAd7^PgYfgJ{_gcV`5)+7ra|HBk1<$Uh7@Jp}FcFK0Z
z^!cFcB<8m=!)1@Y2mKB=^Lx{QiR!vWStBZ}^-BOA?}g83!;X4LjirgXxpTCLUkqo^
z2|qTUOD*ajJ7PJx2tN*ta`*YQtxzK7MfZIz%I@aF2U#5+e`@?FtEV37e7oxOL=KZW
zF0HOt=N>w>u8kIL%Mtu3zjMtkthz}IMmRt4I{1#XBuCp>RNe)YwqKhKFe@3Qas{Ru
zGoht@moY^-DTw~;%u&)G#J@9iE;R-1dH!l-V)`>f?$3&SwWeN<)dSL|DYvi@KQ7ps
z8E!1ww2Ob^TSPSJUlPpx4?i%O4hw#N&>_%z{l3q{Vik$AF-CEjJ7D-oxW?sur`lhB
ziG3#Em&}u+)WAYXTI?N$S0KRt@jO6;m^)Yzn&mG_1*RrHD+x1gY-qp(fEkCtu_*^g
zaFU|f6!zx5|Frc6RH{zM$5td$Wj!#fGsq`5*?VkMCF+Cu@)JgU=4HISxIp1W47os9
zQW8-Xw}nmqt*j3+toIRu@ubvD6Yd=P>orG2jEZ*C($sV$pDdAPdXk%$OAsYJW;Dw#
zftxE<4KeRa@*NpD6;fw6*1q$%8Si=wo=%{xoujg;73*s5zlm-N_E9omF&oQ<MlZj>
z*@{zhWwXOg7F|peNN(uv^QL-q{zYK#t!1QYlO8edG6_G8+43*9tq&sff(KX6Ltn*>
z!FlMgH%{J&cToQLPP9^BzVqwp3&>WfS46`zy0rZ7#*@CVbDHVRU}-ICpy$&tSk)iJ
zeVSPRAt51Q$XjuJ#4ystfov=BArLsSaTr$yMPhHnJubAPHw>cJMbcz7Xmll}-~5Eo
z__ERYBBdtnS$>3d>h)N6UjYdO0wGW|o|Rl=|G71%q>&Kmg^EizZRo>R(!5Ck2a-b6
z$$=yFsvmD6277^S?tp>Xqd0Z0$)^7(yw010S9xULd<fDAjn+%O06YmTl-ejc6b07L
zpSuk=41?E4)BMu%Ub9XcD;#Q5okZJy|GG!RX7Lt2&Z1grhO(x*A+`bp;IQ%c;R8ax
z54B1R-q+B|4;nKd&b-0lj`CNCQ`h(TbvimUQ1jWx-@$-`$zkr7E^KeFuSpSQ`j;NP
zxOiY>PjIkPrUlt03XgdBLyTu7$p7G@0lK%@=IRY43{S+{tOQ%fT9`83ZTLKi0gI^>
zA$-j%hCl>Kf5$o<fm{+AkOUpn>kV7^?Rs_S5o|SIZd9BkX@wMiwK;xK&Ea?-P@zTK
zH_*Fo1cPGsfGz}nRFzL6sO7d*ky<aPlm_R8B&v{Wl^P(-lp8;&cQo_2z>6n<d@jU^
zo+CqG>s=*5{WMiDHl})dR)F1IYnLa*xQTDN_c}f5P~G01!)?@B6(#K+c=*QwQCuv~
zGV+KNT{(WUr@PrQSrPpaUXSJ~OA&7U6B{s^Py^B5qNumJYpdk#4S=n2Dva~@`!S+}
z_d_On%_n^Oew3_Q;QhjY)}_RX&4m`6I~{xk+vI$Z`ON`jTNCY%cZbp)S`o`nB*;*9
z=4#EW>yIz?V9RpDj<TiJQOXaAHZ$fve^$^n28xSH*JL);^Txqt(1|lm*qnS7AIp-g
zB>Z;p7hJ~OPY@9imt^P>^Br|mC?!zw@s}QZ1UG#G$t@c8X1n!gr-!4ykEen|0eF3f
ze%p(|G4VnYfXg|r&JJK8YtZiS{V_-5wH<-z|JT*LeIQF_7tjv@Lx&w<^O{FYY;ifP
zpd6(<6eO2wZKopH^M0rHdSVXcydYO`6lp$+pZqK=EpPR&9sW0lfJY>R#T)?I;=L1n
z@KeOYE-gKswOBBbStS$-mF#E!E}&kZ%$%)Twb|7Peuanz;Tn-FTZWXzyySKf!8VJR
zR3L<{pS*EAk*ojB+Hc(uh}Z!+Gm{l$c<)><sU!wA4T=#HGI^#HBFPh2?d~wNSnZ|R
zECY?-^$HCZC4%QaBMl`;t}rV{Fh#YM*iE*^Gh-38wH@Wy&sHgQlTcAv#>((+iGze>
zFnY_jtnY`sn2=M55GX9e$ifmi;oK*J{+etbL1X_QsAa)Gr|ng`$6ZW$Qy1h{uWXTs
zqb%1gx>_U9qqihH$uPbW{CSJ{iINqaKXE8@?l#?B8>jB^>ONdLFm*EndP^As8E*n8
z#TG%2Lv>6pbkM4R8ZGvp1o>aO$A7|DMw2dNKr?=Y<Ioj-C;XqUX~_c#R;i<j2&ycK
zQT|3d^s&^a`)cigg`d=mVk{^d3o%+Ka(sXsKJ0rJ$&}4@Ne?~<RC|=~fyewaz5g}-
zKdLUU4E@Z|?>9?s*0c935pSRJ_B&QG;FpF!$}mkPKm+bT9$$m!9WD)tH-7;B0SraU
z7$7(;P2ON=05o8l1{Re@fB*B(=l?Z2__9gcKd;i}79u9|CroEFxsTxICs^|~e;wS#
zL7+Y{!*fgnhQ?w6Ba?^+l1%s#L3I0NO$Glew*POx5rBaKl02uBb0MmgY=1xHP6OVt
z9p;z>Is7f{Wop}~kh=XaApXub9V{D|rwf=CZI^@|@BeM+GXfZQz`k(J*$Dpe-G8Pp
zAotdOjJc+~%hrRl$=#ql#PqiM8O;0f<}zqRi!^|DsN(MJMFg6Je0oyBy4BqjAHW6-
z$|r)~oUz|i`)?C;g$!7vV6Cs*Vi;uqOwc?XV4l@IFzb0TF2|q;uc{S@Tag1J58WE7
zbmfR-Pc+avN2F4S<L`U_%fLCIcYfQzTFFkvzh5JH43?I&WWK67ngmGsn0)X}QGWlc
zFgRg)IAR>d+~A2>pU|QCYTy0wce(zb1^xX;1uEiii&Gai+s#Y+55%H+>p%2Y0&hqD
zEfS0d)1HnGrLcRDiO0T!gPBQ07)@E?9=KBRKTSpeGUJ~`)g!=t{2%oF$u0Vxkd-=a
z1A-nz?t6o1(Z4@iB?M!i-K|7jL{|O!!6byzy_|R`@XsdxmkBWu`)4bPxkWMj)q>wn
z^yA<D?%!rPR5>bA4o9mA>Z0>61O78FZ~hF+8HvX5cTedsf(>5ZKQg$%-()QtnEHAx
zSnl^{2e+>DRhUk&BjSB~H6Cf4rWwp1e?8Q{%ro^r^ZZV@C*kir-_9~a;H|7_b}plD
zA54Xb)vbXXV(xz09Nfv=(@l@YZV3C|HiyEWVN<$;6aKyz$8X-U#k!?CxgkHG_w*ig
z<o*8a>~?F2%alk7A`m@fC8I-Iv_o<G`z-(c(RFbDm_+^2x64odt~0QRr3sQ)AgcKP
zX_jw=sZ8c)CeIm7e33y96BHyP3UmS6=}Do6?YA64uBSZPbG7Q`)JkL7zz%GUV!Dy5
z+zD02^z83A6$oMayKevewK(GboFY!A-HN`ybH$Gj)<F5^G<n?ZD(G&_^}5g@1Y_{q
zP9lGNmi5uAQQ~F+4L~D?dzWd?Gr$ijx^?J$A&@jp3}SKR*=g#W`#UlJ{Rf9K|NP*v
z&$|k*zdv~Q)*yr>Rfe?$A|SwDU$PT_y}ywzaJPSq7ydhU9d^)p`2?DQG4xIh?ecQ7
zYpE+7qznnk!{>6OkRW@lOC~Q~$d^E_5SqRACela=-3fu4XmT^dVKfoFUDmI3Xe%>#
zDgW3X#(&v~qKKDQG~(fPEsb5&e|aopvcQ}O<m=ms>cOS4jHa9FTnwH-O%S(coC2yW
zvrMK-(&MwU%WDCq9%H&OmaAH%Ve_?aM_UL251778D@+GdV`ml2`jH`^lNm*E)uc%v
zR6v&-LB3gStmUyT+`TF|dR#a@{;b;@Et=t9&5_C4KZkmaFsAFDZ)DPg*?K5o&8Ne5
zYp6lOPEbG7hmspuXEx+I``H0ApuQ=2L*F{z^3sirZ&jK8fQ>0jis>OIC$Y4&w8_PB
zDbQEty|Ha>2DhqaH{&-9@?hy6y59e+8SbFV7P!Q@m>b^yXv<H}kxuFB5gulCQC#nA
zF41K9HYf-z`s0~2wZ+=}hXjilB_4!-^S-x{&aH!SS4iwT{<9aLB<S`T^Hs9pXWuRr
zOT_&AxW{{kb9mjyBS>0?OzxSH#s|E_<I#Z0`78oL+{R2fw~&a)PqB!hp}S^G_NY-U
z?+Cjn>{?S}ukU@@fZvP441ofpm=j1DQrsz8k5+q(mOZem3SVU{5rt>J^qd&*5h(Yu
zgqIs=2@ia}ppmxs&UMXpYFXCDd0bo8?=>a9P8Ab8hP*=}HHB%4{1;*Se|Lt7+8;ae
zkX5VXubaHX5CCdm7^2?>KiZ$mgzT{~(s&Wfk&VLc_AM?_eS@rE7Xr%S<;9-x>29;r
zT~^21mz+zzbJb>+a5#r|B#nmzB_^hOdyQZXWi6_9Wff^d>It&^GFQ^>`q~dkt6uXb
z5z(P6D*VkD>NT2yN$hC(im73jEe8Dq0|BS<m8v?bCbe7g-ve_i6r?bPH=50i4BCXt
z>q8$4u*(=N5t21o-9&FiVAn59_hEc<TEnp1QS9>Povm0_s$#?jvhzmyWm=BsCymlo
zuCM=x^PnVs2gQiFBO>|l@r`E$fv*Bb4+)T{5<!UPmph{pK$nKwsFMg}x3RINk~Ncz
zMn`GhiTPqKEqTf9yLv_G!{jd3joL(CJ=}WmL|HK~j`>w#^`M`hACC!CGGz~>ik*K9
z+0^n$NlA^pmscV2-~Rf%0kmkECrJU_nb6&Eg&}a0Lc?Yp)k<AY&xZ!hp4d1v;>hXg
z>9$8H8X>}1El*SHf;VezA9N(g_booErxj$;Cu5p>`0;I);l08wQb}YzIW6;$WN}uG
zkcbMCeuhp?(;WJWxuebC>gr-1y~e9wKM5OXs8MHSw=D+|fHRzx$NAw;lmi_U{ZXi7
zbH}GyEnYommYm*Wd}GOiWz#vlX=F@La_JjBiV;13L-4=3Vpu2uP-n0@Vq^aJ_kbAi
zxAx~}?vj#7_kTxK6PL$%78e?Mr7orj?NIjd-b&uvD}dGTJG8R0vI?&gF0=8?5+i<4
zsvPYq62{8FfJDOmwm|!y?}OwJX!P+~ad}E57dFLl-AI|o_E!vW*gFq)zE&bVbeJpD
z`UrT7Jl?;^NZMUi9)mJ3RQCEho?Fw#pyFk$YOA+L?ZMBVKjBv=-#a93F5jnU5#V3?
zG%(KbeZXd6c~Pj_M@mUasaqLzDO%y*RtkDd+BcHdZc3i5Yjvu<A*AJGN{8saLUmjd
z%Tcp*nht-v&4JEB&z*bG!}e_|r%GEO<=wlCyO9_!@FbmcR~HYYa$A820q#frEWYg&
zu7vLhOh1&O0()#lEu40P4>r|dHiLuM_7^D1H=EthRXI>a3Rb0mHH4~sw{fJKFODG}
zQ3dheb2=?|duy=MXp#>`<gS6``y`v-Fsdpc>(x7Am1DoknktLykB)A(4iszl>^wVM
zSDJfZM*_+J_%SFv9L;S%H7yOjv9VFLrx;TRUoe0l)Bq^fF88LR=XPtY#Ic_UY83fE
zUmVVxAlakYb{+US703v9*R}_e0s|fo>ntiny1?%<M>!lyBo{$~wWrA6IH2)6qE4RA
zto+i5Xkn?dUEkEAezkdC>B=ATqjCy(fu11-w4V&L72a|i)7{}ryEojFPYDMhoLk;f
z@AZ;9DqmA|f3)gs93wjw+|G4J88v5b6i#r}>?kinJJoOvA6h_+h)@h2lV^2)m*o4j
zO+}+CXZl*TR5}5rEx?u-+BJ*uPSh85y~|v)x+^%u{i~b8tCIG4Iy_OsELw3+thy}h
z=j`g4zw-Tyy*aKq?)Bxvg`QJ4uJ{)lA{DBAyQjwIYSMS6+RN2nfH`@15Kyx%8lj{V
zo<%B6C%~>US@y}($ZiAEsLYa9xEb&G+dv4jCRMJD01Lc$`^g-O)?M`j)4iR(`1FF2
z?Bm?ZdZd~omz3>i8n)t;puuiBGqKHQ#PZE4JIO;5PH11jLyb~BV%LcLfsI1zTdBkK
z`4+b;_VfD!7S_`x!h{K5y5D!dxi97ix*ek)MG&j``1s_^P-%1BpaCvBTgt(kWHZKp
zv)qB}w@wr6l^8;BXS}`hfk1=o8Q3b=+%~gJV{(8_&*6h&zQ_44K(!`cc{SfjTv)P1
z7be#Tst9y~#<OVaBdj4VTwGk;B40JEzqJT=k&uv}60-QQq2)fe96su8GF4T~(Q2mO
z3xDAC`q|psBLc`h^;o_6q8)u>Ufd4B$ps!v6q9jWdfFJB&Ai;ZFI~Rnn5x(LN?hVt
zSczKAcS;;lpeB%R<KW%gM<rOUiB=C;D{-IzHt3!l&IEh2TUQ28U8b~!Lg<q#{mEcH
z&u;nbr$T;*2qlmFl$o?D^^5Z;hA78SMGc8Mb*GeGbeWkPbqw0lmxsz2g`I1%7h26U
z_;d16lkA;qC$$~4a;Xk~Azq%~GwmGhle2Lz(9L4wdGAj_(tc#mv)x9<JOFCpD1O^T
z_9#vYuPHHTAi_smB)^E*EO-<bIkq+EOG^7XVo`~T<X6evBes-KB6@feUNTDSCc6P6
z=DflnX9!atAuXS>;fG(gzAwn8rM+=F6Aw*}b0Mahdi9)|u(iECT=PEVJA(D}mATG2
z01^v#nl4EpdI_o<Vxi)`Oth2$HTeNUArd{Vr;OcZxhI;`bm!zdX0he`ZEd;;{J*i{
z-}U_Mn~?umXwD5b$G`U}Nkne~5Wk95>nlIB?TAKoAK&<4C6E|}B!!srSTYr&sNM9b
z*KQbaSVA|Wxy7}knnQ*_ZAokZep&9`5m>|jA$U{=5@tTy<rw?8=8^hcEcX2X?0e0+
z4%<LqdrQnc^(j+M#JH1|2+||_EqpRbRxbPPK%moAnEfOEQ<2s6Px^hioxE(ciV9KT
zUpJnZ);_F_0Y~2*9DPe}A|Yb&mzbg5-qW>cF7XNKcLdlQ1KaC6*QhyLm!Wb(1!kX%
zn+mXoC?=^F29qtZ7owhpM4W2eSCmcTjA$qdvJ)mzkuze)z3i(y%U1EO4`@mrJT$zo
zQsR|ds~urpXrd@!;1hp`;@KkJZJyL}=oG-Qo<#w0#gU=F_%w?OPz@@BK+$L<_PC@S
zAH#;nZR?&uLZ&s(<89|aQcgYi>ODp);?A80%8Gh+6wablBvN^l(Po84o|7j*V}qP_
zr7~138#AgLn1`;FXw4J(P!eP#kFE1gKzKtYB@HF6j)-uMh>b;%cXh->N5A9cg+jr0
zpa)V8b9XUN^i(3EVJsHdA)(&_In1ag=jX9(r%UoVs$U*53;Aw-aLsn?=j1NB>-GOE
z^WQ%T@jzI4n=yFm<wE+Oz;i4ZfFfH7Q$<xdD8LC=YGRS2nKvTyM>g>HkoG+()rApL
zQ{!a6I;do<1NA#QK&2wxxj-Z|*u`FZ;*hpMLW-+-X*pCeIk9pr<OqagAsMy4x|3P+
zGwGJRO)HFe5R8>jOS_A6!obu=m@RCYRyuD82}2<Ejua?H6Y6Db@QmXv)`+Jgs#bn0
zO#WmOTKmQ5n~wX{JN~R+HhN(Xk4#nVLW$eH-(Z_MV!lKrrFYB_Y!I6)+87B@W|*N0
z>JvT_)!lI$*>cEzK0FYweTp1bHd~&;MQmytn3}r+$_$hdVwoH7H20sYT<9e<#9m&O
z;tcIDE@sPpO`nTO1x4+InX$C4la*w>YXt6`ROOrO7k^XDHMmzNaWxwLMyo|94>p>C
z@J)4m_8T*@kyE=EQIqFZ?_>X88_&PC?PxP$Y<_z=kYoe6*u&j@Up_ty{J<F6pY}qH
z*qZao6=R`Q--5}pKhsGDq<M9Y3k#p533}mh4~Va&kZOiK`qz`Gf&LFgIsc*o044tz
z;U~8kN+e@(ET|y`AX)Fg6&Oc!Kv7!saobHmpgrE)f?$Si(liHL#CMa3<H9?gk!`cc
zWoz0&waMK^$p6|{r^Y$~q^_cBZj~^hdc7$tEsDu(C_v8=FrAp1ie=gz%76>BB!XVJ
z6<*E(HAxmfo`Mp1n0oi^rExAB63#&tq1Z*p9f`Mi&88g6v0VZTP12TvFX%@Gf=_0s
z2{aF9p%2GCXc0dd9tf<Ipbll}Moi<WDL2Lz-<^6RS1Jm@7zyjeOq84F*1J7hfJCgI
z|4dqA!hAd}1hKIeR0oRGf1c;w_y|Z$3w+G!xMWOUCd|w?2V&iI*!}D|bD4;~PQ40e
zjLEKJ1nRuQ2Zh?@)E1&6v}R?I@!8xYw4S>Q#9=rTy*duFRrj7{iP9}I6ImNJI3rA#
z5@Yr3Y!5&u%G*$J;|@UgK5Rm9O1p`Jya8vl|D1;Z3$h5n1X#tb?z7mP#_PW@fLnD2
zSAxaVbD+8dI9n^!#W_V@^8UecD>rCg>@b*tVgzKP!N4B6e6Y<1wA9;DVhwKVI7;tC
z6*yak7&z8?=X7#YD%XVEHV*(*lDm%LiWYGq0!yA+1I5U4APK?vMl$8?o40o=pW}k7
z1eksJe`f#TyG9JOGTB1QOyL{>7r{ayl5pQ@8dt0+Sy_tSUx<P%^60S&A&rklijqq=
zmk^7?ye#+8%0jw&AJk7Cz#~XG;e1w?2C(ErV|36vfrTdOpxOgSqd%#z*Zpy3Iu?rx
z=?cB5Kp{gU8j9cEQ#eJWF@^upqpWjT@Fw+c_^!pLwdXMvOo1~QPHku})?J-%zKQ8H
zIJdE37OEHEyaKe6=$rMu_9f7|g=h^Qv*mbi9t{8sMEPH`Y`(k*Y;UKDzOn9v^bc{k
zO0d<p=$VuKD=H@`8SqCg7F4#v{GT`_ClFXGyC-#X)_`jZ9keAC#2IqMK$kOOV%p8C
z0YQkz#u(ixXo|qk6(w=~6~l5cC3I`1ysJd_fxr*;SY%Ld?4eenrM>Wg-bMzm7$-{J
zZg})ZNlloglhY_rZYX_XRlp;BiHl-1%JG@M=Wi{5$Xuu*0-~^}F&-NY*qU=I+DqNT
zPm(F`AnBb+b&(V6UTR-(MIakx_MITGfRdy^+On@Q^mKuJPg>?-#nSCW{IlU3q3oRO
zq>rzib#BEaCC`Y{#@n&yxt;}TKlP-0{ryO_^y&^bTH2x}-H1$JDmk@Iv!|GlkO&W!
z5pU%tV&g>qPSP?5E0&>j;B@SF|8O8LDiq*@z%x~6W>R~~bz9YdOf&7kHs*i0lOz1I
zqp_M|Gyh|E0svflSw=T&`~LYYfLd(0AjC7sEGcKie|b^f#FVs5p8gUf>j=CQ)Mw*Q
zfZ!a=r#8iP1U`ca3_7EG393Dt0&<^yvw7dM58Fg_zDu1i&63S?^>oRl7WqK?`ZxJm
zLM}n}+^PR~3x^Wb!LP0(T#ia_<qY|MtXg!mR^UO-e|@qh2L}M<>?KUMlJDj7J@n5Q
z`>Lw(afs#X-2kn)6G$l=9`7no6PU_Z-3>OV0^=t+-6E)>18opGxL0><$Sg>;9WGF<
zE-<*@rQG-Q(n<RAs;&X5m`#0;9X_E|FOJCTu*Qr1uZR6104r`Kw$l$u{;w+((JiV!
z4atE5D_B?e!=>ekBm;sQ5#;Rbtm9yfT_<}qTLL$l<WqDF5E>&(DQ8xRW*{4ZJ0iG5
z-cRVci?h5EClLs`;Z!b`>eqKpm$n~#AUOMLev{l>UBg8DuyfphPQ<Io>f@Vs0DvOr
zAq_CWQ%W0o&!vz<mHVZRzT)j>K7}R6ze6c-l*cI6ns1{@M5e2hE7Q_^kXDSsJ>`c9
z>f>q3cD+F{VrBj0{Bxowuj7e*XxO(vJMHoawN=cT)f7?>)c++c;9LV?!O8y>7R29{
ztszj*qLTYhLaD_21379R_lCU(f;BW~{0Wp9Bkesj`dRl#Rx>m~$70~~a3B!4NIE-L
zxcY(G$+$GH;0T0><4=?kxidUBcwD}m#(Y&a2Vyj(Y;hz51A~a<LdrDJmjtqpi<+6=
zuSK)N_m-B6zH1zjGfd_=Q0R?xRC1i2qXZbH^Qr3S+`-T7P+DaYz{v%@Nsc`}gAAHl
zyi6deYrIGp<n1S9BW;@Qj`ilz|HIl_$3?kq@xy?WC?x_4Qc9<iN+SYNf*=k^iF8YM
zD=0{JBS=V%(j5ZQ-HpNkLpyZ8d%$y!*W<mvxBk%2fa8AFUcJ6+?fq<;1Riip&J=$K
zY5Qb9@f9k=hB92K!7+3AGKTVDiNOyg_A9U;&?}T^0cY#Cg{*oPA8K&>`uf&K%aV}d
zN_MlAqp_94wpZv4{!~ko(}AWKI0Ilro=AU#_b<ofgPb1~d!0*d^IQ}~@Ybo~3~b&2
zqyMcq2q>a>s5ZooZrg*LMm;I0<j*7}F%twFNWjap>xYL)<F2%84zv;BkD+UEgO}eV
z`FNb%yCg0BwkKE3#&LTPQa?BtNh|^&om{QzIEc!NWRP!}XDJ3;;QpX--NohR8V<S(
z7M3Go?&3rxIa>L>(JJO*1s5!-EUJ-LO;QA;L8EHdO`ML<$ihi?^=VEXU#4vodLmmI
z2~38`fb8BwsAD-=X8L*+S}{wd_!ER~Ows-a+gr|G$!=}L9ZCuqsis}ID(HmMP&10J
zkmT=C+MDU5=?E3SHRNL%tl`^V-<vwsLLmZPKJ*d?L+es-v)IdoZ|r38py&j?S3eTW
zDt_sV=kq6H^v#n9sPzOVg73S!-sp%C?wlbxQ%t_H233?l*rb_1z`Bu#Bh5{$Uw-<_
zUA?0PdMQa#I`RU<Urp|3E8m-fZlNj@sn)t*aC*OlUTDxs8x?ZdgC<A8<HnnphCjY{
z(?qMzlHEhNx%rC%vYsyu7(Z8N6v=-7=@Y@DWMK@=N@fjKi-|JAlRaIm_My+Z3^APg
zIOBM@xESCz@WJnG$8X+Xg8+w0=uXEpD`V0CE^xplG`TnmSMTb|zdS%^ah;--%ynml
ziO^w^#yd|=M<s0BOa9sIP;KiMHw51iR{F9mKfzlXv}|eXJt*L$k{!~y6bc$V9h}x7
zTC3I=k8V|Rd#weUHuM{IKc5Qn7|^&~GnkKBH8v2<Q**3w`$pLnnn}Vd0>#s^Jq7uE
zvdQJEmnQ;c2V<fcHg@1A-I<nO>T@KvquEt(vQPqWdW?Vw(Fs%EHl<iMgC2x$)UmPl
z_{FcKIgKT|Q;&RBA-IQAcGlM3;D8X#!Vza~5ElMggZKXCh`rVEbslHdB8$nm1ec`x
zI512yR-BWX;fv=+I#xU3)db!zLjZ0wpp%Ja=?PQU8n{03SEuYhdIBl;e}-=6$!5*J
zz@~?y-XL_#(yG~A1^oc8Xcdl^H*Q?H{i+V!j!@SP6}~~Ae;G{8>pXm1y$L2SF%|<l
zK7A69Q%tw42e<Bj5m>*BVQFc}2yS8S4~dJz!NNPb7))hYS7tS<nn3S048Akc{(WuI
zMYP-+rmA(oARs`_u2qHtZlKP1#{$O%kW|JO)~-0t_g`|BcuctjKlkE4h$^-&C>#l}
ziZe1R=iestEDZP(_Y7RV;h4bAw#3NFNKpPFS1Sk4(ebI?vGY}Oj8^H38!K>S&Te+a
zhD<!g=-{n%w~fH|jflo^6VShTF(2x)MMw>q*$RX5$*mn;$r0pX!EzTMMXUeZs@Pk6
z1N})3GGp-3ge%FR@NP#d6U2T{+Y)bjenHxuEUUd~(?OSpp*Cc-U!*iOd;nb!_aV8>
zv{Cn13x_MtA;<LV<<N^W-}UgT<A+|?E#cHZc64R#7;%<VBb^QraF-=@+}?7)bP;GO
zkK}?+_fRBItWY!Mpal8)V_1cL+<!S6T0~Hl9Z$i!tR9#k;;H(?1vC0Z!8b8$N@$du
zFYTO|qmmb6(0Y+YKZ#@@S*L@}cuC&Ncd8?-T|MBC&$W|U!rZr)t>vv2H^i{3iO|4#
zMsH_#_l-7|#QLtTphWSSXBDr?tS=MWN#%>mB99;bue=&e;OE$q{*qS<Aw4LiS|0PI
z;u#hHlS^h-X?I{RR2l{ZubmAsh;m(*6GJPJN_m_{-=XwW`kgDhkK=87`Z6Y;3RFud
zOC^Uy5O_(8>6*Oasvd7rV#mk3fygtLb#=aq=`zG+9;cKV6}Hl*6m+32wSKaxY~o`^
z*9MemL1w@^H&2{0G+=bQL_;*q;5kH6=d*;my4v;NZ(4g4U?z6I9V&J!WsSlq#hab|
z5x8iX^1&-HdM3laVDCODFAXoEJUdYq5yu=&l=9r68}^!)Uz;0>a~o1Kt-)^SjP^iM
zstUhIB%93V8Tx>0sBaG%IYM>C7yCOPY)Mjzp(7L1r@n`8;es;zOb$m;>>CHh5A9wS
za9BI!qNnN1HcnpN`{7-L9Zhn5s*l2XkA*cuTIKU!L(o558~lPj@g5AwUm#YOkLCP4
zlIxG)g)hw1Ti);1s($s@WE_kozS1r+QwlgY-8}LCo^_vc4KMU~=YRht>t+BQ>tU|S
zK|OKOKqG*Zk#OOmUySh<ZI8-(UT1pYy<}%xM%JUepv5f45qS-AaLny7Tju~F$YYdC
zb^H%Hw!g+z3J(~*8{i)bXHZams@o1SveZDO&}fHZGQ}iS#P=`kCV4CZEElePr@S)!
zuJ1mY+gAfNCy@5VNY7DMrwVXq;So8PJb!B%to@pZ?^Zh3(wkM{Cs_O#L$Bh9CsN*N
zhCW|JB~&?<&NWHA__p`4&&|>ChU>o769h|6PT<`Hyr*^ns*5<$xqdjszD33;N$ii>
zwipzW>pK_G_uvD#juCO`??^3LC~DcgAhXXRpYPP!=SrI&lkT*JtYQeUh*$gT)6i8C
zd|h|WdO83NyU?-zt?9c*Ma<>qFO4^b@Ut=5gX~RU+!8k~%KHUI54^S(6e*q>%uC|3
z-LXOCh(0ZJAbsh4b$7P8mZ5y^yD$3vceEh_Xky-`R*d;g=|x59R~eO<YfDb~l^7*t
z-@pF;dS-2{$*0MxwQ1YB)uYBH)~|ela@24))GcYD&<RF4o|x#=ohw*5ZI}^Yn|GSQ
zwkSAUJ$7@qCf*r)YWify;jK+bGnI$NiOp)QW&wuBgiErUe!n~)kJwDkIA!Go4o}w6
z+h(e8KPvZ@>cMYTnThtH4R|6GHM`U57NG##DQ#F7)q0>QtbX7cgo1`m?fLg#ij!z-
zm@hS;;t+>bMQ3yZQ5014FBi*ZUCPqi9hjUqZr0_vs&m|vLh*WshVH08_i+TDoUFn>
z2)D%c<Mk^YTXRhV?4r+!@R}w_D(pUn7ekf}A^Y%LCr(qbW|{+>#AwuNGW|ezA$@7n
zcsag$ec7mDtP~RG>JL=%DG=xsV)zpKC$UO0?xT3^Qvgg!e@dw{GF>aP?M@Qv3>jQ)
zc;$|OGa#B4k{uGfAiolh+(JaCXC<nfC*-;cnVJM3oIsR1z*C^cFgEYIa0V6!S`~Bt
zV`XY|0wYrDx_~IpIzF(4V)dB~`S_XZXjVic_T#H_F}lHpqkTFt-6HD=W%{8<zwqXa
zON#b@LAO!0^dWY7*N~4u@hU=F+e@<d#X0t*tis;N?#Yn<Od#rs!ZC(|HjPa%GGO7=
zz-R7lh}|eZv$yW9P%@V7#@OD@QTas68Q%2&_!%h3eH0lhv!WBI+H}?z%mxWOdjrvS
zlPKZ~x%<fVbC7P{6Rjj{GZU!t4Q8mha%vml-sJizwe!l!_keELN^+vgJ&ZKkfALPS
zZW3jl-}WMlm&&cPorV~qI=FV*6ns_)q5)UA_`BVr^TDQ897S{eoWF7qC<{kE<Km6)
zeK%XN&=N5ugKp4Gf}3sb+03^{QFSf~UReK~cb=kMNahW{x5>~wV;w5`3znIn_0OHp
zy*MR3Nl~>hOrFsO07;?~%>>xpW|;S<7k#c=Nrl%tMksqu)jz6wCh=$>@eaF1L^hu_
z^8ZnLiqa#g=2oC{|4I;u?x^yjGD8kfEeWV*PiteI&Al=*pyhNo!s-_N^6xxA(tGbx
z8F`(CUsr4p#+mXHyvYM9)XeLH(RNM9k#I&OB}1YB`JCIRHL6%PFY=Ah(0PjwzY*k7
zeCGZSQ#z+q)al~cg6vS|Tczg@)VuPsc~@@p$#+9^<brQk<2Y$NMXz7nXsUR}ob#?w
z=DD&9?3?1(z?j@W?Rk!M#sbBLg5Qvz1ZkZ>$xDC&QjT9HVbnca@c&N=JLTmIz8vKk
zQwmr}(2?9$kDa)vS<LHcCVb{Nu0E?<^}AF}*$1^iMT;L>rt({w!ebQrHyaeq(bi6=
zhTrGp%`<VFiHYtKa4K}scT`3f>jNmOl!`A+iG$tv)7O!Lt6Cu2{z&a|zme_Cm9p_~
zIf)LQb2YyrJG1WWpNUz4A`xpeMo9FdK*^4!@U^Oy(SFdMJxd2;?}etSwvr_&^{2N{
z|EWPgbyRfw=YlmAnT=-)Mj|ycQvJ&So$eb+=M9-jPDfI}ZN@MZ?c4x#O;`?1T}~T0
zN|V%?4F2=4EE!aX3o*+*Dr(19$&eySxsNgNqxyb8bcrfbM3E&{8>oOZ#mhj6NX29A
z2xcV6&xQG)3yG#2pikgF&liViPb$AS^EPe7KzrKQbe6&hXCyo!OHuWefL_s1bg)O-
zMP_YWR4tV$6h`5H3&B%V1?Nl`^V^m(d(OGWjO5z0s-h+n6S7-82T-S#GGgO}>>2!X
zIpgF%^Y=wT)4w^h)1V)wS)i5yTxO(kQ>ZzTmY+8K&!?N%WrrRbenFlssb|Y$H_Fvf
zOzTGFc^mqna5!%;JKoa8KvGK&_HEert<d!%!AvBFbf4J2*8)s)J>Pq@LSm@$`SS{p
zp{Qh^dDX_(h_)`LZ;TrzhT_GE^cJxys<8&qC{WJ4y9I%N$FpCAEsB0F6hZ>Et7nvZ
z#UNMfC{Wp0F~Zm4zw<zMeF~%507)PUaA<okCP!a6AUH%lAt&<Eg#X$s*tS>Mxwi;%
zkq;F)r_dXz*Bf-qx{sVUQn8?IMy(NOUO1%JMBJ4}EvJw5^Jv8TqHMpVVjyNN;J3WG
zSel;55Ja`n#2-|w<m3dxD`F|)3e7KM|GkwE`Ew7=%OrfRb4dRDsCKnZNKUwdR0a2E
zS3UyX)}wz7niTC4+{~?mPup~BT5oppVI<WKa3Pv126z-HmKo}D_?KdpZvN>ZGv^!H
zQE@y^3`Cuf`*DiCxjVu2;1;S@c_~>G*mo+<(Guj8Ax#R(f-m^8R`6gk&3IVIpyS%T
zgGJpB`T1R2-|ccH+z($BZGMGcs8MbH$ji*f0TPD%@#F;SxOdlt?~|}5aDa+Fid5TG
zEXf)1w&T(dra$N`3fdjgmwcY(codudH(k!PYK|Ic?LAf{!ostCOK|Jqc!|<o(r|*Q
z^yR6i9epPii3Y<#2CPd5%TNxf8&<Cd1_s&!`LsB8Cmk%m?$2(}Xy?u<UW!b{LaX8&
z{xK?Yn*NTAC%ZuoT6<EVu~mABzpDAtA2qy9`dkS22FaX$rWl3D6eB4IAxu{nfC6nZ
z9gM*C!Xeu0_OSRw$3Oe7|3akMY#?8hINrShbf-b|IFFqbHN;xwdYe4oBsCiwn^#op
zf}HE;u1tF4bRz0HmPEP3!^+i?%F7hIa=y6a>^XTQ&tA-v=htdcI?cUrG)?+fSVgLc
z;-mA>+Wv8<h2@-&vB2jDZE8gBGNEdLNT`*Q@c{ctjA%Zp*0Uq<>?b=@E*$W&;ya(d
zf{`OR4jn^Mp_TxSA+MY_*Kc7H%n;vLZ%GRZrLZ5VXWv-i>TXeiXkK^KnSbynTcwsf
zf4uG!COwRE>w1HXN_S!l)HN<tnQUoqj##m@vF|#yd=hw{GlUs}bw3O!656F#7dP7I
zWZe$7LNDM8Dh_Enyc0Y<vayDzlP(lE&N)rG-?hGvA(wJmr;@IH>h+eVBZgo4nK~DK
z^hd6RiiDjC-j{=e=?c>)eS??VKSHBfwP-gNIwLtmP9Kboja_kixJ^5}oi3B6G<~a%
z#j%r@2g(4t7rx;Apu<|>0qhmG_r7$z{oBTVF$vLk=o81a)@67Uw|EP@&%Pm=i{$7~
zEUV~zTzs6~>wPIt2yhuQbkZO$NP!!Iq@?A|^IZ4p5AW%F3@qB|H6dV}#(jSG*rLtn
z?_)W_4-U6hS!$1(IP`~BNbc=7Gw8P~X^8}Hk}i*p@n09TEyFECTsr>dV%ZMvMLRC#
z7sM~r(A2EX6{=`Ox3^mkiE`;JF^iQud7jFuRxnZ>>3F%Yrtymk;uQ*XhB&W2$uMb~
ztFrDA2ROuB_8l>EiHqUS7Ig(!)T}E7zof=r!YUvDQKg{8jFPLBAn<Z;O!NE$CG01@
zbsX;7<nY0q=n1Do^!~KLLNA=+CKB~l;lovq&H2u7k)t&}uc(Xs%6HJJxH%S*T#`Eb
zLZv84xJ{j6Ir6o0$;n+>LI`iAzki>@X1Lr(*QXELltb0hiB>mV#D-TEM1P8k)oxpf
ziY<82gae-}P0lS?qK@~IxJ24QOEjl1{BXoiQ~RbDv(tS~$cF#aivTv*t97?&_KlVX
z{B~SE4buOqkH|Wv`Hg?>xxpy%0)^D#z22oP39kp1D#$|@CYEB2&O7ZYJL+(H!OY7W
z-Kl(rU2`VrVreU2Vl?D3S{0)0`rXg-xV)jy`orTf)!Yt#*!Iq3hc0uE!?-XUU#sQk
z*J#Ckwb1K7ImqdT6$TsHwk$B`;D!wjtFpi<8gilH-&GLaNcmKcuer3;V^O^zjd{Lf
zygT6r*?1jG^vAGr4VjFfJ2qu0wcwmfkPxYPFF5r}%XVf|(oW-=gAOwULJC+U_byiw
zRhXEge1oZ8@oFR4@G0TMaKcFB@Fzjldc5_8qjIY3M{2dbd@_G4Uh~LEwNwfU^mhC9
z%AmS$u*R^#j?Y_5dotf%e3V0@F}+wJQ-jp!Iz!Q_W&TOP15_2@bJlBC##3`7=2y>8
zBN~Z<v9x3E5&j|c6TAV%*XhC<)>lT;pGt*_ejf(}kCvu(`#ZiyAF!YW=2dz(yzXDp
zyEN6d<5YtH=2Js!BWu_*LxX6_Om0EI%<bz_fO<rkE{>^G>@MmLb2Xz|8bftX=CB;y
z1l_VbO!k?7SjBA9k>sZ`pgUqfSAf${-5Ie_sI1d;m|}96xI^>53>x=2TGfj`xTpkV
z<;GkoDeFtfm?2t0oo~BNdeai!k@!B(F1HV+BVFbV`+FjZ!fuD{A>VGTs;^gX`mU;V
zoKAQo1#j=eRoZOOs=SBihQ`fUnkgKrG@pNObbxu+CNY?sw|g_xC7j2t-yC=20}xB-
z>saWC@AIDLP%S<nmMqYGERgX&BPa(`)_{=lwW#&&=y{#w<DF8qR&H0_8iWjzacSv9
zyf2wotl3L>cz6nS7U_F!qgd5g`CsW~FfAQ$rfYU3gG^I>^>{;yp;eOHoVB>PnA37i
zFqWrMB8trvA7Nr_94gCEezz1omi&)ucm?}R4I@#KRnC(IMQTu7aVR1_%SR#U^EaQR
z)x~a<uER%I?=wrjjLr{0;b71jYyRY=tP^dMK1g#7E5D$^ZNImum2>>^w-{spiW)iN
z=uJ@gz@EB*cj|;tCEA8vrV>u=_ttjbe|@x)%Oz0VP5x(gA@d)=E(;!U_j7h(bAUYH
zn=)fJ-9;oYA*jw?E}4Rk<{kq1>|I$D12WZ=0_9vzvzaF&Fz!nyJ@0Jf@MX9%9?66j
z23bm|X*WkOFB79`)h`$3=WCrzpB^S&ex{3C*^_Y3MsFyW#Ms<?z20;vSIv4~KN?*j
z<j;D~_!D$^%j`M$lS?Q_E{XPieiU|AINM#IvjN4ws85xx^U1zpKok#JmA_=7m4wcP
z%rET2X@-{9g{>)iX~@8k5w)_gBLsP2%$?u^osn&Q`LYf}kP|p!SkyL@&Sj+qm0Xfb
z*vr@07~cGlmnT%l;>i48!WSF^6b@)rGTNkb=K<Tx6`AhV^sz+SVk6n5F~+?AAjJd&
z$Wdz04>tj)P(xQ2|N0&0cLPI1ZQyo(Jp>k!zM82i^_$zvmm*%qc0T}47)Nj;MO-gf
zXy?<V3A=?v>t+ffZ;p=tqTmnDB_<hp|LM8J-Y^1*5r#8WHeF8*MS&KW7U^B{GC^iN
zlsuF`n}=a!753qwY4IO`TLnrQ*}AS!B&H=sY^|x?W83Z~j5M<uF)XT^mFrWKGj^*y
zr%?<^j)MOmZ9a<^6|L&~<5?gOYqk6uSyG~jK~_yNvW^f(b52+T7_>-zeGhf6peEr8
z`)2IL4IC{mWQKObwdK9N*F_?WaF?|jmj72YAkmz*{N6Af^lbT=HWp}@#UvSww05r?
z-fC<t=0E)$&HrS>Poxcu{ms213gT$t@1uLhuASR}`3OT3Ohs!A@iuVU^Vn6tXtE}n
z*iK^AxGh4VKDO(V&tZ;6e1HnHo5enWtt5h|X4kE<?pClME1!mk=Kqd7Fl&$+*#4Co
zj3Ax38JB9xyR(ARD~_b~rl)8Py8Cv{X?Snia3mIGnKq@{R<A4FI87pj!^GpF;Us)v
zM+NuY%G2R*h4*XUER&kzMr42dD1BA?0u&Sfx`nm}qPGZ7$dv6_Ssl85-lyc(nih>&
zcly!{IpV)Uv|Z_K7CK~d$2|&ii;EjV0(FKLGSzUqk&JI&&KHpE5?nU4_afDD6g#nM
z(yu2qc=X3){RJ&RN}9L%ZQo`66-V`N0R_|#|0bwkRQ^%=X^aOCxN5j~I<`ys3oPv2
zS!SxpzWqR$Fw4N}vo2o<SGQmeBl<$ZCaKeM9-n^!d+C)@DtqWG0=!1*2L-4eV9S%G
zCk*XTY=wodH1myDB$XiA$;Lc8g&3RjZ4uJzbn}-gYaXEe%+V&RrkoM|$w@k-j-V!(
zvm`y?`Cn>tTwA8)7eq*`c3vN+m>~;3GtPv}cYQvjLXNPHOre+2u&*jTKiZSmuXWpv
zF8005)M6qWcSqc!R@b}g2qB9hEux%ib^Kzos-9j+T|J&@`E56S&3<-Kaq;M|PV^=6
z8De|4w;hmHB4ApOt={GvEaT>-)tWON&>Ch?n?3&Ds$x|Q@?++|^5ao#pemz!cNMM=
z{sqEpK9J!&bLZvQpvWa<o5y7V1+_tW_3jh|6Uw6sDjfO?SovWw`x)^T5q^}e)IZ`F
z{^<WB!q2fj>uer`|9L)cfW-O)AuzW#g21gA6{oy7P&$jMA(6D)>>M*LSx?A(w!q;+
zZN%d=NxK-hJeT0?>&x9E^{+_(^avQ;8M0PUwG=pU?#e@?0e->Nsr(j%Qcz*jm6*1@
z0&oZ|0I4{$b2+=1QMF=O*8N2Ir2+iO25u>f2A6}j27m;-Tli3J{`KBD((qe!^@{lk
z8#qaX3Y}}NH8TIcLGtkpARhSUn`E4?L3M;62EfMtkmfyD0t(bRo9*Yme=Ao+-Oq87
zh34=lKiw=ck7%ahXzCDG?!Wf2*8?bd9^<_KYyrE&eMlZIHT$-xFaTJbF(%y0oH4+~
ze&`_m@#S3pQ(`Adt#uCG&8l$BVV>7^jL6!KF3?&d>I~LtwwFyJ6ix9)Vo+j{*Jo2f
z?l{{<WBMm1V_!u^1%Nbrc}kO<uLkmrS(l4XHTzUJkr)G=xo7ST@Gmm~Jmx9a0N_Ln
z5VGHLr}G~PIL;xRAK9eVKIbZN6{tjTnB+b793e+|BSB!bOSJBBs3G8T$_f$&+)+^_
z!Jw|oVa<Lk_eTUI1aiKnlRn*@bJ@rsK{C3|2N$0{!q)<7=55f-3{qe(OR(MJK#Xo2
z2B6X3%%rdXCg$_am7Qa5L8iE&9LV*&tVzn|hi3!gj?+923pA4jYDn#1cT}$<YxJg+
z>tPt^1X%_E9)sAdl0sL&=DXu~{)h(=ke(B2^^p+ah1|TNG?G`Pyw_8$^gSWFD&+pm
z+S<d^LS)X;rR;%95M>S?o?;125f&uS+IP|QWIq!w%-nJaka295xAaIT4*iSl`JT`9
z=x=q%7WG7dGH2=ezd3slCkU7RvI?G%UQpV9P}n``D}1kDWg1tEBoq~76gb#TX8Lr1
zEov&HvFA9+Z>Rw^2Ot*qI`qN$lO8gGFUv%ES4(?B9)m^oo_7zXo4V=NGe^8a@;VEA
zTY^|`|1J(tt>$Mm3V&9ur+~~a2Vwl@MN>M`sFZRmBbEVH_y$$WtpYz~Az!J)eh2`B
zUO?q>8XM*G>A{m@Rj!TxnM{0uYiv|S?q1jop_TrrgraYeXl~;u<G~V7U5?}_PcTJk
z>Y{0IJ<jAsO~7}YxcGw#Otrk>8Si|bMkM*J08fd;m*{&FkAkXYl|zU)*Vf++`5Q84
za}fEoVXBAwbAyUT$YgTM`FoVRjdFPI?NeZ=FFhg2lKn1_VPUHrkF%w0uK<-Mx@h^t
z6Rc0H`1UI5A9eA@c}{5kO4t5e%rB6r`JJv8Vg;aEB0-jFr2>{E?GGR&0vsf8KxRc+
z;&UADz^Xa}s^`Z4+sa-D5`ZRL++bdJrrkX!dJlMqwOR;nH@rUQA*z<o!R7F=xG@tW
z<p_YHwrKzvaY984l9j-R2-d1Uqc0Lj7YR@+TOQ@RXJ*4p1cb@VQUajbpE&j4Q%5$a
z!24yb85*+T6@gSTCnhe?1bh#O)mJsvyO#q#sJ)H(Gb{Xw0M(Pnb^a{W828U~GX)1J
z)iM7rz=<U!KwvUn#K?gLV*&cHKSXg)0f_`VlMDYDt5!N^EpxFi6Dd;rM0t>DQ*mVC
zSx>NpSHX!8bR&@zdG3|50uy0wH@VgSQ^>!-PCz9dAmJI%aBFP&a{lj)GDs9X^5acC
z-?OstK9?@>8R7>j9A)#+;S^vT7?Cf8|7g0*QfEncj`dPR*tz}!kq^>~;Uh6Y_4v#x
zZ0ZmRAPH7cSB)sJP^5lwsPP|Hx_ORDNW9R~`Kdj0V5!e-PY5~1k<B{^BZFKtAYf^*
z8Zuas0d0h)D0TS#rsiiqio(u|OO;27N>|R8Lvo+?8nP}hG2M&+&6WbB)nL2{ZbxcL
zK`t-npK*O!q#s0qK77ae?tEz(FH?6RVc6ko=gr0G8nbZw=H2^w4EgXgv{+-De*Zp-
z*A?LIRBk#xRaXQ`j?*Ul{g0w(R64I<q6Wn?&K%X5_I`g#EzW&qMrDGec?`7Qb^zDx
z@>5SPKqB3bvFL?k?%0JDm9WcKJ=&!mhMAa{=*?v3$R^hur<;~a_72OEaD?rH<S;tf
z<EFW}ITM7~zC7Zs%3?f_hf$Lf=<ELNcK`XriDU(;U-0>F-Y^1Hd{B3TG!xm?wl?GJ
z0BC(AyQt?dACHE*I)jfNUMVVMx{3wye;Z5Gr)ppyrU_+s6!U}-KjD=4Gs=q;EiHl8
z&*Vr7unzI&IyDm-00VG(<YEBwn~nU+&X|SS3XQnry9i(3{GGs|blDH>Z40qzRbSXk
zhk6M69P~MK*tlvVM%lRZoBWCUDlJ9S^asUw!MrVdh%|jmyK9J1m`=1Tts<QQ=%|PJ
zXT<zbJdS|#PS*s_J$K4|WOjVtpQ!8_vd2bT_WAZLH0&pSz~)xBC(hGfQ=eSnW5)`k
zmxC>KajSkvidZ2KZ4P-|z5-*9<G}^QXfqc-cZteVa@ri|=ck!=ewz6|5j^IPM*e^F
zRh|qWZR}Qe66ra7llhZQ#SA3am@$f<xH_LfucmV{$Q?|vEAK%4KAfc%<F7EW&vO{W
zXmmh}?6u6v0>;_5Zhs9VT`e{}7?8HV`}OOZ5ZW2YXb7F+be*fPZ=#ZOE!@2QP77s3
zs-M1nMU88<N+-G<qRy0Q+lS$Zs~taUb8qn0&(_3mA@}bevmSYU49^_#hM0PSDx%j1
zVrQ`*0s54EAh-@b;xgJG*#F+Iptq0UJ(TQ0!i7AxtIU%wTLsIpy56O>Mv@)~m!$*8
zgD0_rh{)r+E7tB~g9wnJntU{F`y+?`b^wZRfy4qs&-$|<lX^>jS0C8o1aOBk<|N#8
zEKcxG?fdX8__((3Wh&!o=k-KBv+frs3-BaAO?FLZ*pV=*7EHrsj^ei<^q)VbjA3L8
z)dkRyf%r4FiyA?NiXH}{y$qV#KBrmA(-D{kJJKpwd*xH%07zH0#crln9)Wp(&<xrH
zULmMh5@fS~bL&r^kP{?1$ntS(rkGjC@v}1WOGtM&uuA>&3AQcGUOBlI+V0%u1s%NN
zcQIqXu#?iRS|>1=ctX_2IgL$C!(ry_5WM%JR@XYMxoNt8SMet`p4V#{j~w$$@}Dj(
zEp?n8v~h6K{bHD)tBgc)+Id&kfbUqOe+1@Es3E{8l>%Pl4&YQK%zvSJVb!%l5_`u^
zX{m#*n%utpgC6se{s;;O?vjaS#Q?e;8<Y_r=l5&`1TWArlZp1lBwtYpgk^U8LRv(j
zXfc)}4^JTBCK1WmKu`joE&^!q{#5|u6dR0)=6!14UK~Z@%grZkw!NtsoG>2;{e8rW
zm?W@i&80RcJ}{(Xx~!x&G-g5w&M$>bRXa=XCJ8-A9v&Qeiibz{dx!-a9qTB*dhA~N
z@&qkbz%t1#Um|b4ugSd@+VcWA3G=s%m_eujF43%k9u!ffmN>6b&}fjN4<zALWa+RD
z3>4C9T)d-X>is5)UGrwR2sr1=Et6Qe<Iun!&D1Hg&pM34K{}x?X%%vE0aK>d{a9X5
z5Sa`8XM~Q(sly5Xp;q|pgZ}(*My7>#Ra-G-E8pMW6Wzvn;^GOhArj{v8v<$a_8L0l
zJv3}vz@eNpKNn(pMcL?1yK>+BNxiv6`j0u#X#MtQ`iMg!^N{Fvsfy-L?dh`6zNv1y
zI$1w`jS9Wbt3u}6Vm==XgOeh^iaGtW-Sbab&%E|8&9^TkyBT;_J$<94@G&PR=h-D3
zq+9tbWxaP1P!x^Vo24udI&lXVqO#-XI}=UYfg}c1gfJvgytsjBru(+?D7L4EwOjKG
z*0uC@_NBiU<8Co(^ILBN9VtyEV-O{xdFyeGs6nT_DS#w4psHQp6JDO<ae6|WB^LTG
z$}GI1qDW$moe=>2iL?j|91IkL|6*H=L|!KNpihoO!Ss~r;z3r!iqv1(g)3RGOaj~T
ziVA17@yqQa#p-Fe>~SER74#gXa*toNFE@if9a|8)P&GCd6+2ZK^)Q+pm(zCSwy%C}
zk+0~#Sacihz;qYhpCJv@u0H?*0e^(p|6&f3O$0XJxz|#Ac^^A(`0q!_?0|w1jP^Jd
zE1N!lDlaepMf2atmHjf5%J(1O>f|SIRnQ%N%4%x9dRtF-1Qynxw>1pNM5>#4dsM6E
z$%PN6o~V&s_xJzBtY=<Pv0VBF?Q%$s0FhH=S+xFFW|1P9^#VDK!W?ZL=?YM|P@vl;
zep;3jdw2ke*qe4+_9*B;$AAO=WPBzcz2qM|l$OjE!w1QbbLP0CJ_5UP@kwiV3aXZc
z<5z$cg<5D<s=UQ(`o*W5xjis-Lc*cOO4S)te>-pxvK?_g>4x;ODRRK)km;J{XE?3g
zU5zYT%5Va{M>A3RIXXcLD@aQ!6*e*BAA-cjAU87kk?W=kaCC)G;QN39u2_5FJQd@@
zz}<LO^zuE^HqQ0WJ7Y=^b%+?+)$^|Lua4Z+s|04wsgKaxd>RN3t*$&J?EZxtqSU@X
zJcKj)@pR(cUtccM$^zxN0)!~@rAy`#k`ga3Y06*M1N;V~BESSYnBT4ZQ~N)u1{ngn
z<7gmo-`UfoD8STNz#dbXo}`NQpm6va<u;CGf*G>^bOE*`&)<CQqObbJb&4jOvF3n^
z_w-uo=l3bAwu;F*O6o*rSx|3-S7&t~D<D}P_4{nWRcx}EVq5qXWAzd_%q=SFW30=J
z?FC`~PP|*#dpK<}I?Q63?6$Z2dU|*c(K^nm{lCbeBhK1Efu1KBgfqn^Iv1**uJWi>
z3=rE>&`pM^0>ASFS-%l0M_z3t0*@UWDv^s~SG%cM!QIlM(;#>G4-W20Tpf;b%1?VS
z2F*ASe^~O~L}2~HPcMHW<byNleT|9&D|*DacZ_dP3svrXEW>?+22eN{GQoDTlX?5V
z8`JS)BzcBaou^k{t%t|n?|Ltq@&*0bvuAqq9nkcz?<#upK7alqBW3l=*Rtf!-2}AU
z#=M=~))P_<uQuiRcbO{6j;aMTFM|}?G=I}FFjv?pWNW3DtAknX-=*sd#@inCuKP!Y
z-FhGe&DhPi0Dmg3&4;o6infRrAfuh}&zke6!b{+6D2)hD%5!MpZhcp=3w(!mOVI#G
zHd5_%=%grGIl7~<H~)i%f}y8Gb98;vTXTa@Z4Y15%e0;UQlmy?QA^K`xWSuj84K)0
z<8<4a6-ZC^ql2~lyed6UL%be=<?lR5Gr#(Jtv;t3HrP^^lp{OrT;aM_M2Emc!)}xW
z+B@<D<9cfva=@d)gmf;wd)wP`U90+oOE=|?lcsrIO((!Ef79bTBu45r6YjOzcRjp1
z68XA?hgYsl5YNio`W3tTKnUh#DXYx-86SB@=VyNf8%j>9>N5+e0tHz*G8Njg6U9St
z5YX4j+PrVzDPh+%aUZP|JdM36@k?wz7bs)4sJwiht+CN_)vu}9g`B^90dY$dnUIb~
zJ*fgUgs=L4fLE5jo~aBWM`nE=z%a&RU}^r$EeNZt*x-e)ZGA%}9hfd`mg*MX)wYU$
z**8YVtTxV|s=urRY+E!IdmzSiokvL>V(L=?6uO;uTJJyl?_o%@$Kn{L_otYNoFH&Q
zmYa<dDHc|xsRsH}6Xg<`R4h4<ys}WW20u!E{M8rzAz6HbEIfc)iF)V>5#)Vn4UF~|
zRsr|)--gP5F|ilGhMEWhOY*>&Xs&$FHrNC*SN3<o4XwQmG~)GR-Rr;b?-z^tJ0bc`
z19*z6RYG@VhBz2EOam+d2TL%!QH1y$T>?d=hqBV|?*F&lq^SN>K2rcMnuhBNA)z5J
zB@D-Ml!UUwke`EZe|q>|zw`Qz({Z#UTlqz++J)4i>5iJZG7*q-Hb@xh*}}{KO|3|p
zoQOmI+5CV1q;Q_%*-+QDk25=hR)7kdVm9#Il9_*)6#bXRt6?nGn}R7vwMgcdzTmwP
zV@iOzUXijOccG2|B6~lgiv8c8{TH`W>d*#(E1ejiW$CDmGXN06MB_tbv|+>tA*d}a
zsfF%$Q~S;GK(sPHTVnvA)FpZSK9FK_1QPY=Ljtjne0Tp3`h}FR43lCfsus_S6Hvp6
zGmTR%OM+j%09FJs%l3ZvTg3X)kB&$RfQA7!7>MF)O%2t7LCY)?u!Zc3117=$;}!_i
z!B@WqsS}QmF+Kk}4>&2R83uAmYh<Q-!!%IvPXo;VNk}As)qsLVPPZ}9AoDO$;K)!O
zcAQUK{Y!ekGEvdi%LI4h=iq8A3N)3E|0&Yw8y|xu?hfHN{pvygi%5ZEL*XbvI}<C?
z`*i-M`+xe8I_MwSi#TsQE2arr4HHC04GE+#T%5}#_%BcU+bV&sd5RWeI>HG8`Oi8_
zo}I7MKypO}^0{o^XBqF#_jy$^#p4uJNm=<8vb6+mejzoW`*7a-0{e_mO>tNk290{s
zSP_pJR<*Ec8_KRs{-+k;ummW#U<EI~eF>s^QkPRv!Ed}Wr8(anZz$V8DF|(}{+gbR
zQ$G1M{oUM!zevp@L2?s}tb!OzzW&G)Qf#&y0o-E&_7iK*VNcWxVEpccGbdfbpzDY~
zt+D5Q!v|S$A68CM0+Ic>*>{^ueis1Rf3UM^x)3ky7FWcs8K-J6^68tBCHv7lKOCc`
zTjW$Ol^wcl2a}G(Vw=rXE9{VH#P}#&vR)3`{1$3YcV|CEyVjla`3y5JU%2oQbtsED
z{!&W#P(US$>2y||NDfr^q4Um?zU<BqDK6}RjinKD{3-RfnE@nhVWS2veKS#aA2}Bq
zEoj;kRa<S0q~QmwL7APFhVtTb?>VwvH!6XHx9i1{zuf$guAd>7$f*{^rvB7E`|-j3
zzwQE%2zEIR)H2lE@6wTaHf(z07AY6cpT6?$QmD@9-jBg(?G`W^g7Y~}HC?UiuvJy;
zt033OKGb3zzLTR_X&(+U>d)!DHgj^#l&69#;lUzTgz_<Czt?zNR`NATVp!be-pQm;
zm!9Yr5STAPXi<24dCNJHVCcSa;$l6Ed)lgw+MlSPGVY#VQu4H9{6xK=S2CWqCYoLK
zljw=vph$sMcdNSoRmS%R2hO7g<E#2UxV#a-qqc4t_s@-)=10xXf3}{f_lwh=zQ4Z}
zt}yq_k1~X#X0J-LJgZCZQt{-|O!{=Bhd6V~GAsZt1T&d3>KN&2hk_t)zR>*)VALgO
zkvC?F7qkvr=;O_pp;d^m376f(>&r6($w^EH?ZUWb<x9yBy#$EJg!!&zyFt9A&O+tf
z_uAHBZMRs}`FC6%>;NiyScP{mw^}+CF>X<<hLpMuthLC3ZFw15OAjSWo@-@G#t)t=
zn%!}Zp4<sxD;a4sST3zSk+|t%n#c1X=x}X!b=gJkP#P8yQ;wE&wAh?El5&l$?H0ZW
zW4G|;6O0IE5s8=M;u!<Nhg(EW?Pd+&g#~gMqy8tOYc4Bv@fIcJn(G4}!(n3{+L~K}
zS9M?G;%e%*=arP`o13jn8ApQQMV|4EcElV}u-yS`mt|x5$rk;@TalyBxi8R?ruq2z
zE!$=TyY3E4hg7MI{}7jNa}v4!;Zba+W}S#(#kUGmSOfmFf;5-Kgk(XtJJv||Gxg}U
za*zGAqLPw~1c!CEop9XFPS?cz3NRWqg6@P7`@PEJa@eU!^0^v(RF~1{7EoR&v7Vw3
z8bdFknxY(WpWQwU1%neD*55eK^q`9a>XXQ2Sfa5vY%|$j;5KpU>7&1LKu(K*iU{|j
zK(~j~wejvQhBO|^MzMy<c5bJa+pwHAqrSaQx+hIjGLB{#JNHi%>BD{k@IEAP9cd6g
z0|xlBo_fh#+5oR#NNnuP&~zAA=AC{a>-24ZVXhu)typEnV{N#+@=k29XGXugCnOjf
z3=~EWTbCpD^yPMs!1!#Wz<Ny2H{DWKVL^V{8x5rSiAF=&Jawj7aJ#h_-P-u9L<RXz
zeUT82I7iKo3YhWKHDCt1<FXdJ^{Lx#OQXZoBef@`LLZK9!#j7UU4}7DGAct8xn1hD
zEjZn|MmNV@#<#1s=gB$0m8jo@a%HK{5o5@S`rW&S$kLS<{~Z4`S5?Qa3qF+BTdhx}
zeK^fxJ)BtT;K<R%f%Dj7pLu<r{<b}Yh&pHJwCw20c)w0fAN#H?f-r=@R^Sr9_Ivqu
zClNKHco`XwxvXC6JwmDRn?i<Yaa6z>BbvsC(H+d6gL}Yj`*DY3MSC13+wp=$1mO(4
zicef*gifnO9QIiI1LO{y%gjh)5!!*t`_l~*`wk`R#w!Y3r4eO`4hCK3RU)_*({~R>
zX61v&Z_QomZ`g!IYu+eVjP1(gTwO@bziZ@_md~(=7;6|*Gdz{qdhC-h<-Cl$ztqlQ
z4h^!b-goZNdvPy$$9><2Dv7qZ*sjEZ{rJvcX2!51MbzWkW~1(gS>A~et;#;Ms=Y6p
zh`Qt5#sXGY+(%c-QrMDc&0n(jvPK?wqpWJH#truX)(?8GkymHZNt<>?9Xw(=^}{X>
zl?~f_)Nb>Rw{a<m&{<afh+C;?PU3vg_^^C)XI!pZ<#c&w!9s5SR*JNrlF{vkLpp`#
z<PA5Q`hox>4t{*0o_*gKyz=+8ih&hX`NNS5h26rDl~pr&{5JKro~_Av@o8Gls45H;
zI5Xvj$tB&}!Ro?Ply4vC9yCrq?^{tZ^^Bf&@y*F#>A<~25mykFNoX2e<R$j(>o~&%
zvt``zgX~sw{KOIl8!;_EFHK!=>g~tZS)%b{Wd&jOV3D1N*&qB*l6G)X#JvXMs%kcO
z;+?KL1BLmFvwS*s%F-X7dSDu?#LpUoH=1==kykP`ba`~7-vCZS6hcs%G}Na?oO;ri
z$1=QI>+xN>;2=e82Xip;w2XDQiN*QE6`dA+vdg;*VzgmBr9d*45!N?M-fNh!ZPQD0
zjVtk1k}cw6s`y5EEB<$@b+~S_u-hC%W)cmU$>g;9K8~1<x7-rx+7s+Qxx+p#@fGdK
zsGm-4=4X-Pd8xY<$4$pog$eO?J;%OOw&~y<4-SWn${Cv<<qpdkmk0EHqWG4az1eGr
zLf%_X{Fp8*j2_45EQqvP8Nt;%y?|d*c-)`B<?+J1Qb~TyrEG08BaS8n$|Ii41yi7&
z9ydR+mX!G?Un&P3Brw9lzWN$;B2mC=<Fh`Xa8U3*_Pg01|3J1g@EF|h(Nd@K^iBhV
zJ6&}rE-h|FUy`Jj^N-h$YTwxM(Q{4aBFM!uXvmKDj}}BuVU{0cquC7@{dQqrm!aDt
zI9r0zFrNs+82IXZOImPoEp4KZOVrV-_vV#->;l&p2Aj0+{Ayj9k|6+w#N1DG9*ebC
zeQb{9cDPeG7`kR)#<a{ly^QCqd#h#V)4`HYM@Z5%*SMq4KF<!?z0(Pib_A?_GZCix
zfpj2GHC6~##3dIZsvXN?8l`dE-L8Lfw4eA?$S9BpHZogdx@<UB#AMxBTV~vMk;#wm
zDE?)z(7`9c;{l?3teX3UPi;i+XKZGfj43>|W)V4RNz<Qe=`AoD<rLWZ4$>+9tEJkt
zC)Nlik=2c)ohM<;1h%(`Zd4CX9gaDzSMFLk?WdFSvy$#eOav+Gv_F<^e|?<v^<>LG
zqSN!(SSISBCFZ0hH!trPl{oyK$H0`8tdlTtQB|m-jp|5u@J>mNm{uew9ADmk%n9NW
zxTN5*XFm3#{JrTm77M@JE#(t*MET@A2js&)#d-*`lMSXN#tdRWD}x~Gp_dHKMjs9t
zr(TR%X#-wKX8s&be^Pal>ycIL9o=ULDGB&z=4h0>N7uP6=L%dyJg;gtqhe9sTn^Nn
z&R<Kt)Xj%_g>A>F2e#TVuK*f6Vm?D58S|g}pxPn;>!IH4=xGJ#QV=EAy>)^vwrplj
zRUfvHs9Ts%J8wruo2?r(NaeEe(|)Z}!Su(2ak-6g3%H7xh{h#VJHN%dRQQ$5bVQV3
zmC1Z5f~lnR4I`=+*{9Ny^49YCIMX)foP2uod4o)?5VwXcg3NmQj~R2;aDuDLLB?U<
z8l)cT?n*kXg!;kKf(>j{pZGoKE7;|#hmh6X9WHa*`*z3)Z@}m8Af0a-*=}w<!MdSG
zI+zsrHE>+<siwJIESF1(hGTuXSC|~!)ZHmpoO0=t({lc}UcZ%iIz2-izEoa+%Br{@
ztugQFr)Xo+&gH=3(Z}7f+TBIncGn0fGWz7jO0lY?^Z0V?`T`JRBu7kg_l{u=cMn(1
zzYAE}nW)FP_v}RG#J9V|SRd{Wt%^+Af5*C_N8a^dS!#S%sj&0-RujR8*KL_QU1dM$
z<DUh=`!m~I)*sn&Q&94ZAk+ocUX=cb<*JQ>Xt_Uj^|Rd`rkOUtzJ`1I=z9Q1hp<I~
z>pqN>V(44#;wO!|<7jpFV4>ZpAMq9j+6T>eyXDF2a@z~@!_AEQy)d5=-9+$yOg1(y
za|KHuEPRs5E)tGsW`5!Q6(**p{Swx3VHd6xIfx3`<5KW;tY||D8*tsYb$#JH8+JB@
zP~DeuJ*%vXu5mx^M?;1QqmT7Ij(L@63w2-9>*9KPXZ(E$xjE$2WgAwvaH0H0^T0&1
zHB)J=M$D?kvUy23g~M1Az0IaPUyR$BfP2_{Gl_bPmJN6*Nxuz^(1LRCX7_Qp`Qb^&
zVeDq`cBj*u6BKa|qZG{6Ri4R{>E!NJDw|REBiC0}8^ct#A`4Ki#m(Ex7nLbRM3}ny
zo+j~O-GgrSBa;30fmLzac}7=6%~f&93T%w$jI$r}rgRrOh^)#>WkNcI5z8Mo^$)%F
ziHa$(COLdZEpJ%O-I*7dVeIExyGgznw_2ISqKwdGUr?^eTu)fuox2SiboKifJm;D*
zmdt0rZc&2;P26!Ajc5&D*`3m>)W~PqYqw{V3hjz7MdshfcmiX~q_Ms?r;HaS<)97Y
zBb&Yfpqy!Ta6j4HuJRGDTSpaJQikfHCw6lL%rh)GJ;~mIX+v6v?Uxtg7yfa+O~hIA
zU?TF)X<UwAUCuLdQ7b;KA#kt~+m@uqGwHqpxa}+act_;n!PaWLY9waPgz&doPPc=i
zMwgTD6h8V%PO%Gd6GsOzvYt`3;Qp3&gjoCR^oPp&E#{r~a80?)l=jLh{mmYozAdz!
zk!`-00k)22=9<jAlQs^1@41f2`AesFv`1ar^B!=_(JPSMwi@@a40YO6DrH;Mf3fbi
z%S9UK!ob12{>Zf%Gs?WCDQc%s!`Db-Py>6AJpAC&!JIK@26N59xDboC@aa7C{4{&M
zk=j=5CROT<ua>Nbl*U_D2os{Dinmd`?4jYkouYhyKF~p~t}Cx}B4R16ZryERBTa8>
z(auca2I<MR26@qY()V^1KMqb~C>N&MW1^-6M-7vY%@rRY-to&#8PY4ta2PGm9acDP
zev2_ZyjBaJ&k$OJ74*P=tW~ak;)6|MiIw`Xm5xc;PwDejj>v<vee1Qm^3)0=))j)U
z>~>1iz(}_87JW#(wYheA1>E^d)Ofc;#_9u0YA`@VwwEQwU8+zvNX(Jhe1Bfqg}aZY
zh1*lsPp|jAnv(o-UTMwb)HWAs?z{l)aB^2>eazvi$Md#h@E+7W#7J83hZ{khW=?jA
z{AVSc<Hj@IkuC4d)4r38-C^*Q1Dk*ctqS?8s>ASwbv!P!&AlJ-ZE+cbt>KvQiy>BU
z-#+Q2>FS;S+S3{rJt3lp+10kR3S{WcKq$PZPRR_yI2DN)i3&tJo62txOZ+m`$*lSU
zJ)53xy8@z5Wvzr$yyW>=_uS?klW(BR49n&>-{Bc%k}DsNzFg~})w$yE=;&LpIp-M5
z+VSq>YFJS)7R3<-QAceOs7?GagVy&~t5*++EUKF@VTW9&dkmSQ?^}7UZ5PP07f|i9
z$L>&_xLTaXwA+6}5Za&4LPeB?C!N0t&sQXUf?4gi+fU^-IIM5vC9bS|>{`~~hf~@d
zC(TDE9~(;zdM7y;?4LyBQ|xWSO4@_UNj9r>K{5SJYOK`qcwOEA`$uV*;YGKTtc$P;
z?aPJJJ=Bn6%DjG+)2c6cYNpzAdkoQ=Ow;`iUE6zv8C5#FEbhYns|<d46zpr2j?6WN
z$xhEGo%XyMrF8OH%3jObP2DI(f!-g=Jh^-GVfCSiV{5b1lZqV}ltFtu&s0J1pB~Ru
z?UZM;F8>_b>*8|?n7*tA=0m6z-OyfN-gwq<xjvn=TQc@JarJ1jpz%5iS=|=0I9yDW
zTDat_+m{~8meSg}AToa?1;(+Ev{2yMgD|UH-6?1Y5*Sy}I9$)sUm9pd235_e0;e19
zuda7Bqoct;@ZA;J-@Bz&rT4jfkMGIWP4mM;b3|}Ehy29i4##D7jZbxWG+E+MH+>5<
zUfWd@pK9Q~R}02;qo#@;B@L+=zPn-D;($C+>#i5g$2U;CK!3blRzgJ4rR=vp&|3Q#
z2A!@=$=@`l_B=rwfNA=)*PI-%z^6tgx8{noDRz_=WO+K?C$E9?1LkC8GZ{j$#yM__
z@3Hg{AMow0?#+*^k5T$<l}|Aa(gcyPYZzU?*qVR+2!Fx@dJ)s9OBiJ88Q;(pim-CX
z^DBp@jD+BG%6XmRmeow9lg>6{dc_N$eei_2A5T500Vqs_<ZNpAdJc3G25h!Rd&2T_
z)6<ORqO}YNIHJUY02c0_k=B3dYyUb0+u}|NpJ3^v1y=mm!Fhw=!={%J)+R3=CmioY
zO$6B>ZB~M*G<n@@y!EZf-B!$}M%1sPet@F0*p6UJ;SK_h#<YF+Lv<zm<faq<UPyzU
zoN}Stp?^C&Nww1wFj{Tvn&O3g4*71)?RnCTvHZ!CALR>4p?>lquj9j_+x1V=jTcY0
zatl3-{VEf<;TOtJM25>g5Cyx}6b@<+9L<dd@r1jd98vlfkrEzn*X|Syf`i3u!4*q2
zccQ5|MBG*r3xcoHj|~PN7;`9WZ)=(zaLLW=*XGys2@i{il@_LK8ppZ2<2=^Vl=`?E
zo^FCQM${H6MWNeutAg2QwNv84PKCod4RY}PE|t8U;Px`z@NA4`>^@P(M1|SF>KZ5^
zEc|STrr4o!ON70}uR$x$AJa17puceC<e>{!KZ*(8_PU5DcbzQ5>SsmEuBEw3y)loy
z&GKVi_VL&GEdD;VCvy7(+Ye%`)f6HSMwC7YeBeUEZuFk50tp#mX#10{Pt*NJh(eK7
zMvbh^F2>b5C`YNLeTN<B>1D0n9X@`Me~8N#oCJkC#XrK2U$^KMIxKQaYERba&U96n
zzBfE8l@AM4qB^tCZ7EeU?Bq3<QGxZUNu9E<w}**~w8GlIb+zNTP30~RQ3=59m{+|7
zAL46)msA&2KU*r;PYR>3-lrt^AiT{l*|T3{w$C3dGh8!aN301EE>V~FyZ9F{DVkz?
zj+1kLO(jB>Fz^!LAu#C&Q2!Pbj@2f;V_e>%hAJZk_Dh|gRLL5D9Bp>T)x}F5s#R!d
zO>{D@8cTS*jyG>3>4`Ae*FY;uWv40<bnmIZ=W$Y9ey4mSpMMd-o*XNPJT<=~vhiFX
zXX<JnIgCs$E!@7TcGZ5Gv(|HJsAk9VWS<msTO9X$#rl-Xl?JuIYj^rEEsaAWG3^(7
zgj=h@+x_ryvwP}<kJo{X?$u;;a>tc?qd%35taU&2uIO?Z=xrYThGJK(AhP|y&(>~{
zY_&BFdi{}A?Dc{l2-#D1{)xEwBin7EYIu&=GXVHH6pl#M`d!AAs~X%weD_84aZ<TV
zTrAn8bX!Nray+^W9i<6n<v7wlnRaS^_27AjRkKGoW+>YoF-H%f^@K*}<2i1}xkLI-
zk{+lDZIBCWcJa3LniaW71BGA9aC@if@}c~WN3KEB&e4a%z$eNft71Zr_D=B46=cSI
z#*<I?1jr*Y;Sx-SPYi3T_gC-A9O5jIq))il4Bno!Pfa$r*x9UHEAbO94#$+NK4@z%
z@vE6zZR?yBA-R=&;=b{bfhxM0%B8W}8yD~1>Q>>0oQqn6qFpSI9Ry5ZZ#(l6m0iaV
zdn1V33D`~Caf{GfO79|vyoO-GF-#`7`>`cyLi|Xr6caRG*7CC3@YYOv_*BmTd3<Yl
zvgI+W^07p#!iarBf=G3!eE|HUtjmo7Y0HYG9tion@s=8U)K5DSo+7Pq)BW}8g{}t_
z$X@Ub>&0(7ci*>aZm#F(#a$m7O7^xe6q}drQmARq*=L8j7euViT;m`BxYNSYV;71+
zXM3TxN4Kj(mk8=CWb&gmf^~J;^Ol1PCgBJRBMG6YM29XuaSoI5lasd$aMqoPMR4m<
zakC`uS})}?cio`;iDJ-+VsI-v92rwv51XmSU(eqHrs*!vqA9#x$f(S|{8ovwQ#WFB
z-c0}Up%9zO{%Ep4ZX9c)li`5<%rFFD4<CD2LRpnsG|PC{lmaYL3fwde+v4gjk#KHs
z^(edb0KcF-Nnt;!rqJN#@T?y@QBl?7rCaxsV|T*E5VOe&3)Y%q?dsW^2AaD78P)gY
zn3~Ya*;{t<=q*)xB(PeQ15OL5le3;giyRBX1RqbcO1jM}tvAp85M)+9R4R2fD}8*d
z_RkmvbsVy7(d#qZ_P##581=!pnJV&vlQ-<Z7NPFP2kj>YEmaK3jv7Uf&_st(&5{Wd
zQ-LQ_4fvCmE+J!GTlr~xBL<x&aK&p5x=JoKedNib^woC<(xmVO#_7h$1Impf&HdE@
zFumQZ#?e_S!W~r8mFb6R6=?iS;cLuPQc>nd;|wV*k0lG|$NT^UF#i;dSGu>Jb80LC
z!l}v0iPb(GZ%DiL4k)&6j+>1O3x3@m*6e>joQ^B^DH-!6{6j+@T;j)ED_>9d5elux
z@d?Iu?{bWe1fD6?)4BbHBpyI&bV9Dt#wcNi6h1DaYg6u_mgS^-#n@((3ItrN)V4u1
zW|Stc2X)&iwA`<USS0Zb-!StPB{Lnb*a-_2+zOB9=ug8mUhKrcMcL1}Zjd)v<dIl1
zVr@FAKRmf=Q@gSg80o<~@luy-3wE*-IlbvC5-c*8P_uqG|9?^T)p1St>)#frARr<l
zC0KNb!~~>7LQ<q-AksPM7;FL}D$<=px{(+?!l1hbi~&lF8Z{V>e7@ZGIlptx{rt}J
zob%sad%-uZU7su8*ZUe4QaczpyigaFL8!yu2A|0%lIO__msUC-2y%019zQQ_AkNh1
zKjr`PM0zmh_>;MW8ad0%BvsReIv(3bCX5BFB2{M4PEVjiNfK5SjZW`QTv{ca8U6Y6
zq(xsUL(2!}-Yq^mFLTschEuu)d!FvU$bC@0F^fhJOI?=CmBxMCZSUgmbNXzbpIHZL
z9ds9nPv(Ib^w2}*cZ+{+-dCF#eeBPKgQOL~Lio7nT7&(YLh_Lud$x5BgIpg8`sv1>
zc_+L2W}Wm2W{&4!M?Rw7YC!=WDhoF)C5NqodT=;SZNsne`UI`6KXT3)y6?u2Ci6Z)
zh}K8yVW9kkloPI}`3>x6SreM+1%lheIfHRmCG5J$$y|?ki!^Wl*{VEER6$|PbmAEE
zhy+jpo3V{3X-GU{a?~1JEyYUVyFMjOB%G&_&`DM=<DU#&uH#VdNelY@XJC7LtVKst
z0e<SSiAHcEs=v@4UjS>4Y(JHP^yz*7n@4ogzxBL@(3cOm#Ikw(5Hbp2EYQNZj2~q#
z@^`?##mTYtAO9$G5**l<PX%Z>#!k2f2!Hd6JzMg^H?teHR=@SzR3BMJ9==7D&Kffu
zG#Zw87+6qA>jcf43hugrNEie$vIt$ZElyt~9W(}&?$4?~3gT{hG<Yok6L8@<Q-FQg
z#^9~L^Jl2Yn@u9?TLLqvWCfoj^G11^sQOzLJ~`{=W_ps;u=C-zSmE=4J9i^NXKUE{
zi~||3xi-i8E&pJcKR#IRdw>H0RlL5~#cz)QDvAd$Bc!)q-@$o!AU!WhQ&GFNa_#?A
z2bpkgG@m%XlJ?3H+ft;~4D_wNxBH}ocp(SGE7F{Bc=Y5T3U2;j^m&NHa7R>@lc4DS
zA#m-e1XDj##H8Kd>lJ~IC)FZo89bI0x_h%CWTZ(V%Q7$D_;=IDZlgEMp3ivHNU1;Q
zjIZ{}b?YZt{Cby-$dx{s{vcEFO?h9=VZRCCT$t|Xek)B+lpz5AQh<Cl8x*{o@Drx_
zk{EOeerQ&^8fFORQlxtM7%%}nS6}T~kN0uAmMnugd?tauK{v-7s8Y@gc-(VzB1sYt
zwv}Y0e^6`ZbRRU4+^-Bvi^#}1-&^u?h7P0*____Mi{_#QSl6{fez|`8Y9E<T9$K5x
zpTF>FWvvF(%&KH(CO4J&XZHAgG+5gH%P)?UPc>(ACh6j3mc@@QE|RBG>n=f*e)QxK
zFChop=A5cUUXJcs=0jLKziU0TACVBdqzuI*%QT~uWM*2+WD+1$uZDlJ>@J!X761)g
zq7&;oMd)?+?&ZibbD~-D_#?W+s{XE)dssocetN*$0c9TsQ5kbgIYLH;UAT_rIP8JU
zrhre=JQ}v&iIS-EfhPO6Yigb(`6t=4-2l#6@aZ|ry9(4gVqIkn3q5Bi%ht_+N!k0`
zBpU>`Lf*2haI8z^<&Lpu&<0m2%KhEwLaL?1q&_zwNnVibg30#NRiWjm3U|*>&`3_L
zbt{(L^=&E(n3Gt3{ZgVBsc{Tb>lfbNS$2Sy4V$h_{Vnt)E!#`TRfpzNAMXn<49D@V
zSq$tx<<}e`EShvP>_C&vV8py&nT=1A)Q9^j(*j`T&g--ENY)Unp#5~<8pwokXG?^x
zwhSE~6JkWfb?!Vy|B(w)yB!Yrk#R#t_BRPhPBM)5WRf25R=T6<O~gO?Oc$ekB0wll
zDmLk_rgQ^`c936_l~(ngC)B0#?=<~z{7H}Pq8lx45ro7;zO<iY>@vDbCm{S%m8=}h
z`UF=zSBHN7gV-rU<ec0bR3)b2Yf0Q~rt`$v95Vr+$>bc=K%vi?ZQ^-OtfNTGg|238
zTk{?5`v6&?^Nm#unYp>vNsqQzeU9sF9>z~&6Gu{JPb(1_+V#QYR7TqFH<{7`$wlIT
z#=1MnYh(3lki_>fiwGFqg<J%ER~FFTe`vY%!0^Y8?O>iJ+p?3uM;a5WxbF{OOx`YA
z3Jl|GK+qWzRAX}N;oZV^xMX?oBINRLMQtaUnk~eM0qorbZ5W<w4Pmi9_aqsA06P<X
z8f@-=2C!@%YJ#Rr9R#8=#9gHyB{X!w!Io5|^oUh@NF7$cH|>^SyP?0F%a*=F=a7SN
z$e09*U`{l)+G-I`3w%?aC1@1xc}<M&<d-k#5wlX98>g!dKCoK5!F+EYZom&5^3w4;
z)+N(bPD$e0$FM;&Nxs$QM@zFCiRo=)fM5LEL6et*+^fa63hEc)05GWlP4byL`10@S
zTHTDJ6A%bYa_lhJ>F>v@8vos}p}iE`&}mEe@(ZyeDi_!0aSg@4f~%LZ->?_xC`u%;
z03~l0=;39t6xarQGW2tG`ToAZcI&}LXBg<PojyliHs1{RK7*XCH%YjC=e?W8t7Ava
z%y|9by%62uTf9}ckMrENM+<jl%qM~4gy&ZessWlOtI@X_oUVpW=sOr+c}QB$!^qf4
zH2)rjII)+ovCj?BRHQ98$}JL3%Q5!SDs_mF-GofmTKogjqcYM~9#EkbfUeag_^&3z
zkA`ox?*^Lzyh_h<2`uV&)#?c4*yVZ;??<e@gBx+1pDJPIf$0q?rgZAFwTwnaoLE@j
zqg9+|hXHyx$xHw>fv5S52U59{0|Mzl32YOIzf<^UDtGuaDX^5&-e=0kZ2a^{-8?-~
z$L^R9r71^tP^#E^py(3U2(A~4=5FD&KlWfXCx+IWL>|5C!*SHyq8dlH9GT?(%}rrF
ze{R^sG;=zb2E~Hx{eP2ssu5SB*=8OktWvCdgL?>zKktrJe>>xlzRNVOn#+l`Nrw#y
zKIy`(d;xld6D<$Y%zu5aS!lMtx#g$!qp&|?cYWnP8%}FtGJz0UkF9t2{s*LtD@;}t
zKv3E|-I=v=uFXvm`Qi{<msAi#H2ExFAd(y!3+{1)k0-cy6JQIMmelcj!<g30V9H*>
z5)4#&V8||l6_{F$(|)cJC`(KBk#ROowR|e9(_Q|{{X8UQeI~wFZ02hd*cs?DaEU;P
zj>E=d=<OYC&G+%*K3z2-<YH^J!+jM%2aPeva+u7U#87qAXrGa2nmx=-`idlnEeAVM
z)z|G8!heT)c(40j9RMAjxp(q4yBUVpRfV(Oavw75INsW8e%6yNfc<`Dnhy0Ewbyje
z3E*E)UKm7mRgVb62Shabcuys-Kd^BtMq88N$f{fe*cBs$it|i$$1=Um)86jY_wNU@
zq?!Aj(0{GD8J;v55`TLs>_UwcpHbC-f%>QdT?~1hsEEk;=RASYpGM8cxgmmS-1g#G
z5;pb_bBzAgn*4>n*o_OYH=Mo#%}tD@x=<pM<vCjSA>z7kD7U9H*nj^(;)HzWtuZ93
zrm<zvo!a^2#!liw{;Bd$I1>1+YOs4%&vGfKM`?x@Faq;Ool3B;RTeUEnxu>#HM!Zz
z?s#H#9E%^0K5JN8#{cAZ)ME?obJu_p2ERV{UQGS*i>mWAtT4;ItkPo~eR5cA4AC}6
z%6Qow%}O_q1PU|#K~*u1?d1;^`r1A7$X?3}u6Qj{szJb$bgM$`$cyFE{%F?iW_`2j
zg%O!j8$mpt0Cb{OA6&0u?i%c6`L2NL6)_WM%`>SRma^u_YgQZaRj<ND;(B4G+oZ>~
zKw?x~lu*xlp`h$E93zxb{6oKUV>F~k*Z01Xdn<?|D1N2lf771EV0V?J(`+ISml{v2
zg-6Ch{VBi(jw4zUK%P3^hv7_Qv+40v&>)?*Y9`HbV90mUl}#Q!fASJ9eZk<z5h{w|
z^;nL)c89-X{>}g}Mjf{|2`Y56aU3n(WM0b;Bz?7qvEzKs1WP9u`T;ZOGW^I@BU0bQ
z;e+1~FaT2=mJeOV&nphEJ}cE0ka|<cTr$}`?8Nc11+kNvNj(~8=h}S{bt##9Rz0Ym
zTJlgC;}&F$(>L?y-Zwkn+jMy7##l3`_|S3u5~fI_@K)mxmc8Ho=l<J`BiS(nw=b*@
zmp^t3dKRtk)b=+Wbk|aWsy8lP-gE^-|JuK^RXXh&2x2Q}2byvB|CN=&@R*J=kyD}=
zldqMf?lUHW3PfH6*Y%tEFWi@$kAkw!yJSCG-Mkx4{jexaDFoiI79A?l13$dX+4WNR
zo@rtKA>*FpEW086$c4y1^QR75b1j9vRl|JiYgiXBcCJJ6&wTgl5iEu*|E63$4WL-E
zQ45nzfwc<!UXgyrJ8$431FQKK;WcN^cE=;T#Nl>qrpR&96fA_*ssZ0@<#tq7R2s`D
zoIBySyvZ-&h#|uvEcO^n4VGD&Y<&9$--tHjSZdUA+w&Jjt304%cq2|3gC9-h+nV)$
z2ZSYp-+X&clBy(;kSAqe|HZ9-8L01Bg_~j3BEnchD%3&EO&fWL_1`&!xI65hf$*pT
z2#*R@y|jfe0T}8^>=fFR4+&CD+qwC<ogyvpRGWoTB1ti-bp#}q^i65n=fG*G3=W_0
zY+zN3$l{po-r;)$pMIQxqCN}W|MniBJ~13)9ll3cO!~~y@4)s?YJDrugcQRj95;*r
z*`pMtAVflRKTfW@|F{Z_0!GG^{jDfAKPJPQ@e37ZBMU$@bhx7_LvSPn&8CaJ#wEl3
zg?ox+G;?uUeR+Y8Y$Rb9PUE3V(V8~b@5z{#@z&0H0NRaI`gwa%;yt-f#EiSJu^PV4
z7@DjCvfG>#YWGJUvuhCcrz-n9@)mvj(2MoYq;p@5+6?%5?Y`(B<XhI{W1L)l8~+C#
zc9pC2)NBt1CD=I>Fuh@oAKbCeYz3dcNL?jQdA-K4qT2PUfvqoL$P_Xe)VT7H_*9#E
z;daEO>&5`~@)x-`8P$M_^Tj0R5sv<%GJq(}AG+ahWkHvb9b-D;2SALjeao5v^&+yu
zr8Rc+OJQYVaspSZ>tFkKd=9~+gw)SS?+L<R7p?4g&kweD0sCl9Lz@@%yKLKOcP+6V
z?HvGP;liQY$p|;f5db29Fs|!_fLwIN)*MJ!&W<@bJ*$4Q#^aI#evo&m>g4RjZlEdl
zrBX9}=QD~i#eM>q?HV`B1yBN#ACBwC)SZ`p0CbTzLz)wB^Cr|rNIbr^huy%WeA&<4
zFuu~RhL<PM%_|1>CD=i29UWt1V19+}AgQL6y4KTrFOey)d-*ytRV&TS2_iT7hoz=Y
z-Uv9a9|gb-jaKc3C5WZgGdstQb)#ZLhOPZE08#XrOvX>f_2@!xUbiAJWHz52qp5m@
zv<LXDuFkwe9d|BSJYErs+RAfZZaBi6lK%+8_fgHtZ8)t}1-iZSPh+4O?!1}_ki9x+
zj}pwp=-8s#a}6gry7^w9#1!S*ZI_3zGPA#Gu>HEtxoKWW=BSp;n?AGA==jAtXUq|H
z^+^q2%mqZGq!7?PHmtp*)XH;J$@QvG|C8uuv&5xkA!W%<PnOlHhXloHSDZt`@X^?^
z&B{P1cHU!{H;G6g(Q~0Fw_d9V1+^<<l#l{y0~MoVm_&asLFTo1mYb~K6^1)S%u>U(
zlhFX8#dUvKu>}1TO6@bfhP#jG4~lQT4nTfuWx^(@0TP&};UL_x#B%lVS3<w1J@xSy
zq(p2H_3}z?K7KqW<}lHzIiGNG0`hygUTkj~y3y4OGR48KFZsk03fM6U)pJUb+lnO-
z>?C&sxotXPeV_w6=MiLVo7H7RsDe0|HBac5iQyGcJ^5A%V1M)g+y%NyN?x+)OT^zo
zmz+qPR;Qj;4Q77F`yV6b&rJe!wxoXa%Gr&Ljff~-JY}%cp^^<LemIla6WrOfGo_nM
zG!%0fHEpayGtyzLoCikZ)SEiF&beF#V8Hw58m9ymj%G{dtG&DIY!WRXGmYfl_=?qA
zx$W;u)(V{)MyDP>K$YFooYc;neqCI)@k(a<eB=-~aR=(CLJiOaq0L!rU`M(k)80D-
z_vQWWdK|X*>flNyNHvDj>#V^{zu0_yvm=9W>a3lN)G#qWzCgpB5f7FZY+Q-;qf>=0
zkN-55oai6gy_D5lAx*5MyVg3;1QB9!t1JJEifBCEKXLSlKCz@Q8Sptu*^@YYcfxyo
zYPC}fP(W0EOqJ;Ftks>yJp(&hvpT1Y3?WZ58HhirJMjb3e2v3EQ%LEOdi<+};r@25
z_QW@1KOHcp=4P;EGU#0;8T4mM4`oBR3hoO*py2~~@v?jSTjK?Qf|bBf*^jJgR&RsY
zBQ(<<Dgb-aS?U^-6RG`+<O`Q}fKqUm|DNai2X=51{>d~V|2SDE5zuVS{?(J?8iFLg
zNYtsh9qH}_#;K+s?hpWmJ3FjgwUUfXFjrZ8bL_!0Fr0fbpqVvSvVWkl?iLR)cgF+Y
z{|4FRmn7{*m!?@th6i(dNmoniljEs$g0AoQJvo2JqvI9TJbW_%isk#D1UJYA05M-S
z95gwY4mULAOx%yv2xJoinG%*p&1UKO{XwT;cxF0CiQlGvAt-(ZTLu5I;|SfrdU+}f
zC_@Lx0#DQLYkPTGn1FQX(w1zVJBpr!I^ekIt>DyNKmFi90W6?=wCX28k}E1pK63<(
zKDUFxbsd7bNU<~2-)_kSo<`*tI)S*6;MO2s<1hT9&S`v=;&`im9M@|kjmwuZPKQq;
zz)_M?>s172u`@={U7+MY1y>&9Zp{XnNblgEn6_Us+JK?1uRQMJ>}dB~&1-l2r$B}>
z`{M>TOyFa)BGu;5hucgs?`+*sUVztiNd6g-c(sFLvy&4se!I_J?M(u4zYV}5wVp!L
zo6ZQLCDFx({H}w+I4^sy6i9j8T0Q0#(O+hkt0TBo4J55Ed{)nwwibXeH$4boL7TcE
zZ6T(|RU5F29prOjDvb*l*>jAWi8tMU(ZC&{Q-inZj;#V8Mu#+xv~b~lo`tyh9U;;4
z0S6n;itmE!KQQV^i_f;mKMnC1swxA(w362|Wg^Itwy#4q_GY{y8h3sXK17V>_@K(S
zx7yh{vuR|M8_P7sCT-~^91urqPyj7l^>};pJgfAcSw6NPFO6FYy8BQnzPIvQ`|^OQ
zgvZ9TJnS%L*s-4#0MS-U(V&2g`NI#<7JN$(HEnNbir>tuN7nXi$(*d@bK`TGUnZd2
zAKK@ELcfP0elwB(wOl_N+<S;S6D7Rt-rWo8XrP-Z@6U=CE_ACW-uSaXyY5b^&Yxz(
zlQj2)B<x;~c%0O6SV3GTi+a4MC5On_fE?g?AIS|`2K&*Kmte&lxmb-Q%f%sXN%>~8
zu85=sO=k?S^Wx=j4s^=Cz0JpVQ2HJ89E`qfL;ZpLZqx1<b8f;f+XKObV@8{!srB>L
zY6xp+iQ7g)yF1Af(a@exx{L`wI<zx=K~_*$P92klx?-17_dAoaSI9D;+qVsH5AGmS
z(Ezoxm*uL3)$exr!C>x54;FgeO$J3&>kxdplAAT(1bd&WpiK#ak|Tw_wRUsrVsVfS
zWQ0FyF{P{<Uvq@^j}?;b?2TQ1bfbDot41;b<i8Wti#<S_d8y~Q(H!;Abc~{XsTP5@
zjzbW57nyQMOtw1!oWyC0E1$dDP%%FzwB(x^51?q=q`Q)N!ZH?Y;K>L=pI=oF;^^=s
z+W}pgiMkJVnYh2$9#wfwx1mqMVt!VhrgEl#r+5C3w&fa3i*U`d`7>czq|XmN)$SKD
z!aWS@>WloTIsS*U$ejzZ=2rH}8dHk&lSpR=Xl=@Pf48r`NCmBKuI*<9WSlhxNU0y9
z)%)B;e4u=PWCP8n6dt!0<`x_pc8BMIamv5VugJOpGfPYWFTP9XT)7y7LFCjKy~LC_
zUOm1VDKB7RQ0<Z>-N3EJ9flMjfqh}&{6-j<ihKZ6W~s%zwidfQEgp(<CcV3-mX1ap
zlLX;_vg?=uIN0-1<ftX8KJFM!)swSFR^O;VLQ*}SG<V)5_MZ{-kQup>R~yc#p_M1t
zeE7uueF@MQp2)}w>-9}Z9;-yu$pB$eE@g}_;U%hk74xHMe?`@2rL*1X^#}5Ewk@6U
z#!mcUVOTtF4-2hXURWfn`6vr=_gHjccIG=+YiI^*KsN!zCk{_FtgC1E<M69r?D7X&
zZ46}sxe3^Fd1k>Oh9<4v6VH*C>RErJ21!3|pL#u(4xO5(dFC^5pTUEI#f?y>gc2$N
z<$Kic#;44uc{N@BwY{o`-c7pfJxn<ihGkZ7IW!_JhLhKMEDya**z?~Fdm?GwQ2x19
z$k#%lS7bnO^;rZyhQt4*U<*bqMMjQD18YgE7Dak!0}ufwt<+)U+!wqmfo_CfrEYk^
z7!ANRGR#ko&#z(3;Jb0QniLYLOVK|<dtugZSYLRc%9+QH%KBnidi0C^>it#+3MX^j
z4TM4Wah)hcXDge%hn{LE)$>&6bESG9sku*#!W^`X67XX`XiPp5Im*GD(<orJPHtTP
z+4<oDCg<m^ta(mHAjiOMe?~>2tim;!dJ3hAolZ(vog$v@*O9~RS;^84cZ9LOd$0e2
zHGhaeu<5@u=}N)ZX4=IA1=%joSxAWQ@NY)pwL)r!BJ_12Y2Zt7Y6?CQ8i>BHy5?fu
z$1+U0)74p);EumH?84_*=dr6*EtvrKA9=aXmYCrM;ukx>5_(?80kf`NJK1)q-LZu8
zYO^&dJJzM?&G$}yR?;6nOC*eoI%%xT?qGPI*^#SZtv<znbuff28r>5aFPCRBMwjzA
z8Nr3?mFtdK^*hZ+MBunIz-=`*l2<i4`YsQ*-<A)Vy#4FQbTbC1cKScHYu6%%%Iz^H
zw`2FlRmHH5ZvH&S0}aG5mgBcl2#N}@r3B3O1^`@EIrU$26xU`K;GA6x^?{||WK4lR
zh&TdB-orUpo`2f!$(cU#<^Jvy8$Y2=nsf&H{tI4*UA!spw>VcX6VRVrH{nH0otfJF
zR7Asc58V6Z-09IWc=c}lH!!_>GgpZDI^u5RJz(l>m&|*26>SzSBDGdK9TuJZ7Qdhp
z<N(YhC7^FJc}Pj9b(n{+aTk?HbNL{NNMiVI>&1=x=TL`dveg(kL}lj&Hdvg4>Rxa(
zZmXj<{Z`?SYv|RurZjHse3i!UX&TEg(TkkT*q^&|5mK+t_e`ZQy<GGa8QMEMBh0$K
zHLtBvdDa5~+b%aDMRZTSvSR~)OV+;Sb{h*TC@)SRY6Z`jo3iF=g>a2bH$~?~$Q*aD
z@XCnF`K3%m_?h`<4TMiPJKElghPn*zMMJ7CUN#w6&^T;;_Mv*QL5Vvrw@BLnr-tWO
zJFxFpe^A2()Po=i7x(hzr`F)Jt(hnd%am#O2DomyZB?R2uh?&&cNb#4v=`ZYf)AvY
zGO6_u7GHW@6q01xS>;vX9<x4I)fmI+pO|=G#Rq(6^42a#iiZ9XfdZIT86j!s0txjp
z0dO3{faCZBc?<M0Iww>b(}Awyl<gJc-a7a|r>2Y#{8wHSH@h5;vI0&4XgcB#ui>)5
zy$h?*!LxUG)&fKB!^4ZHT&4bSIVl(_+ktZ;+`_!8#N&oXgWGOt1Si7P_ZN#MCV@I3
z#ePV(b-4dA=1M3SA`>q0-9fCG9iw?Y#Bp_x>d=2N41Lm`4&6uC_@;OJX2vQJuFf|a
zLc2%&12sBv9>m_qCzp+YCd15OM)n9^Hss~#Emthf<3o<mxcfjD5Niu8wA`2K+yFx7
z(BzXZKosV6S|0T}Epg1YI&`uSzV%b8YrZw-gwI5FlXL*b1Wf)ASb$p6%4sbL9C@bf
z3!2`YRW2MIECJED;GM(<PKB={Oitsl#_n}u$g3pZ&25ZYX*(U*Txdl&!I$QRpjKa&
z-@Knw4J`TbKX!!x>9wn$rVHA%9trH7s6SIyZB?yDUWSYx$*Gkytmm=lb)mNvmdf=z
z98?m6B0ca71#`*z+rhG_7k)9#dUO@oD6<V?0;j8LC$H2cIJq*+xJ%=u%>=(%rF@(S
z(l1?j)(0)^wjm6(WFApJ8Zf!Uc4yzg9Au|?gGTCgvt#X6+e6oR+rjBC0;t~*;+$x&
z0%0RL6eoc_Ez-#h^J;EipZ|)acBuhK%e(RiSKXI{ltL(dez#t<%vh#X6^ymNItFYR
zF8a<>QDO$Qz*u8gdjtp3HLZ3Z$a?8e<7KEzb`j=4^J*RJrPeVX8bsX8k~gq_qXWPf
zB<|%%(Muhy4W~KZbZ82fI)-L~^sAJriqtoQnUh_CDJ=jxU^o%<{Vq)>Fpe^DyVqS%
zLxQ9;c>8*M@|h5~<HG|DDYq*k-yVd6d`z5nN3&aZ#zfmwA?hHhMB4}h0M(Gf{ViT>
zSqF5E@bhMlzwOJ(b?Ewi_1wI;b>1*DAt|aUXg~OJcm^hjy0_rlujN=jb7@C$x}*o1
zUmu;;TPG8`HLrpI?x8y21<XP#d?e+3LkiyS`}?S&22F&<H=EU_1-s$Oa3TOH;?a`^
z)*ivVen%-`5}0J&OBkPsjmGxML53U~u*8bv{keN2%JrRP?S*osTTwu9%R@!N(Fgp*
zHwX`8{pGEhlMNX%S4#R~_-6!I_io+?IukD2VVqQt2Hzmpu^1>&FIk2WkSC~D@5=oL
ztb{kSfU5rir~2BO+2Q1rt-}NPwWgQn-mI_3!T?A&#!sueXg6lP_SZx3%8?~ECcrs_
zX{qt&JLZYoVQC+xxyI7@H-tSL;5X-`4M;b$fqba{vbJ+V7#Ai@Ri14Rdm=m0vhzG=
z_#2HBdw-H!jQemo$4kHWms!xy&bNuae(bXiewfB-l_H4o{5i%vb{n$~-rrve^hMeT
zv)(a)=v_>6HH^q*tbQyYGtrlVW_l<x=aZ(&X%+zkD!86H{PU;CmIvM?w<|)#n@zEY
z9l5!=ZPtEce8ZR}i-@i#!fRVUm8uZubASnlq^v(+FYE_Ycu~D(X1ls{_^}}YOl%6L
zkNH;g1*Z+P8y(wedaWb3SNzORd+xbMb*1u9O{tZ{xt#(4M6KsT2t%(C=4DPxz#=Lh
z(~T30#*?eGzNVWYGe?tFdBa)6=@Qg{Kfudv?L8bS>0b(YDxO|@ff9_U8);bN{-dd(
zFI{7d>o^6A{z)ewyG0gV24|4Dm}3agl>)pExeL0pMwd4WTU2tC6=>f(034PS{VHoe
z8a{t}_spV3QTY0_<KV6I7gTfFmv{hF$jMq7St`BmK|6x%hC%&(wMe6<-g0Y1<a53&
zYkC(N8YF4YQfi$vy|VBE<>%kbVE>%03|gx=km)z<w_3;62~~Q{tsmWzUQ3g7+lIbc
z>^ofa(K*zrw5H;1(n8BF^BA*vii)f=hJI?mDYWS(*Q@Rr;dvaOBP$A+YW!NzoM@50
zam`0lkS2^&^rK4WZ3xV6xURo0K-p8?xSJ0W-Z`0*`G`=Z2+S<qKsGG^eabYsNA1<T
zJ-@dXqj+kzZEI?7IU6fT?7x%)=L(osJwFz6^G7Cu3f_Gzv?<(uc0ZlM201<H=|PtF
zDmso=KRa4vr%`hKZA^BM3qui&V+eH}XHLb757*=2kuEH}-b^Q0&{&1Mg9VvJ$+Kgp
zu`^OiIysRmj|rg(r9{1XpZj#}0n!hgh86oqsVw8l)e6y%7JLM@!u#3hW>Wf`LKg5t
z`n#IVK0ozw+rM6~*x7ufFkNIS%8hs|GF7(ZI-ws=tX;LH|6GXS^TIX)si;mqKo{SV
zEphAcm({Ru;aax@HIta5rRg<0XZT+55%`)XOM(Y@XBBSst5~Q2>gzA`45wuH#0RWN
zR-)ZVY+IzOmU%_sUiG3U3r3YaA4K<p2@Rd60MC>|porD+-3-n>>PL@B^Y0@YsxlNN
z%|&#ccBSG!W=RhDOBe7Q6*%$sujae=8<z;4J$LoZnG5V^&R&wu_;s0mb7i`+_E)(+
z?1P5ERmn522MtL6F?OOY3KqG$H+M^TE=)<7=&s01v7ZUpyf7j<Z3^AsMZgX}_Xz2!
zyb7AmmU7svYxB?+CSe*s96nD4MOh4QNhP02&GOkSvA?=BRabQ7(c&ZHq*F9C?4+dX
zetMzS@DOqnDr+X8w>uHzgjYx6W}|tyf5pYMC@`2gE9~=d=z66lu@nXYyt#*lAeAMn
z)kn{1!;h=&1~YS9koygf302Lilk66JF=csyRl+HAV`VcfMolFSrmn`7)?wvp$7wx@
zLh8ARLfL{h=Djc~Iu~-CWkmCL4Lqz?7z&3;-^=_L%F7-vI{A#mJidJ@iZg#mC7SO2
z=-xd|EvZ-T-Teu#2!eUc=gRVL@ryYpeFVs)+S+nd>E<#+&jeUrh`+gK42-0SzLU0B
z4zKH!2W0x<?wb}~QH}3`vbvmKqRQQ~1R7RG3hs6%2*&8QHQpP}J)$k}40=bE1DSyl
zt&!`gn{#{HUEP8T;gwNLXCLLYeK3fVpG}<8hy-@f+N8b_#@rgPF@|cVQN4Z^cYUkt
zi7fw3u=kdgSST)?)oJR*u~GaQkCan21(d~mEbQ8~2?^@z8FS7FujZyPiMcGAh%b6^
z*m16In_N@PxSZaJcs;QAMjd*344GGrt+So6FDl77p;c0NoxkuiD&p~y!`Z6(G|f9<
z0=Tg4<eCK&r;3ojDGDH+&D)VB=LAhe+FS<nbCIE;W2z-a$ZTK^U0VJf`09I(2S7LU
zAV@M#vA2U}XX&P2(3uN|m)JMAv%X4SvgA0s_u%WODL9r-_?L|bZrDC6tXNe;DmQRR
z>n>Y7u->^o-;bRA4DQUA_eP&DjMPtQDY5bHTOT@<H94~B>DrP#xe@O~vs77vDxjvU
z%~tv7ZFM^m(HzI(GBP-(yD8;`jThUSwJOjy9I`I@(k^6y<+>eJGB^8{PP1HK2Sy^<
zkT!$7uwS?cf5@Wlr(t~S4ZNiC#<c%h_X6RQ$0}&XTV29&LW?+UBXc0>GuD%|J(_?x
z_}Fk=*FzGaqqCQQZY;^)*QWmS<eaKY3;DSTzRfOL0u7~UnAoRx@S4;VMdWNweB-67
z@0DcPbby8GS!)kzs_ffB+hCVuTL5NKK{l?nK-qWKo|_*^AH4Lq0RKA|05R@lXT?cj
z8`hghLL;`P8z9}qhQdeGm4amFUTd7arp12sjcm14Mt?OiSK|7g=Oy@!bR+uWK4Gyh
z3gG|F<}=j&P&L7`=CTQ#8D-0ZN3Z7sG%xAg3s~`#E>QN2CHo&WXMZkr$+D=0k|E56
z&wKfcr(UD$C)+%Q&>JtxOi?RBlXeP5my3;%DmVBHUba(?H4J@>@2LQaa%FtWw#iAl
z7e-jK>Jw~-vJ2)%yJNlvo^wDtEcP@%Y|GT-aKD)<{5c`tg5zpOcX!O8GuBBrPd)8U
zD1%_%Tl<hwi)tiD_xT^{%>E@nw!xEGbydvC%HRC+q3smJ#`q<cYkA9&?c#*kx}D%Z
zM187;0foREss3L258cmqdFrVFYXv!Toq>T-KTKh4A>C-}YqY+?-t$obO@6OsIQ{v>
zoBAT+;-ZC~!3C@r3fa%rQ0uoAYTf_)N&mzC{dwsBmyh{RF8o@C7Cxu%&fziGRC(Fj
zP3v_>@TgS4Wd&UZDb^Z^F{uQ9d+&Q`LO!G8{Sie^N<mTBXer=(R6b9Py{YAeww>Wu
zmpOaEblFBF{D182zr7z|JPPjyIMRDB;Jo5kj?h$;rkC519%$QQA4YBU%X2Odx-Z?_
zOS4C+V!f{cqIiAbs(0|5BF}&HHWL6t3d6aw*tSLrl+Jw4$yI31+v0tN7g`A<8y)ba
zhC;KAp-dI_H!VfiGPLjgtI+?UGXF4=!2Pe>`_mZY&SnaoZx_~m2mC;h0Drl+m72bm
z)_?R=aVqS_WTq>bTIU6rm_-Xm&MN;rl~Y9=pk|JEpGm6!{nr2bE&I(=p_#W*Qku3}
zQ<R@t^6Vtw0wU+{Oa4bsF&Yc}^}1AOk=+c3V?5mr%hfZ=mqLP0pM>Yl8{-h(46cvB
z=l?}T{`zge6^_V~{aYp?#}2K$LG1#%|71J=`nUi35~o@ri{u1+M>oH>?g6dF`G4|A
z|NlEjww}tpu7%h5qAYp8VIlSZef59)0+D1F;!jpT3mWfA)!O!KpN%AQOXYa-|5DSx
zJdfoAK*z!Nl}<dq1?rR2So~LaKNGO>j2%N}irpsUj33I+j^=Caviz)~_(y>9A3O=8
z+UX@~ZNDp6kZYR#SNDI8y=)2WFQYWQ)L3}HlIQ;)ozuSw;LqFIxAFq7zB*m`DCj`Q
zeYDd5%v*A$C;yS={rzS-X9672d$XCel&16#db!U1S1<n)@UUM46IjKmm_;c-fy)16
z;{W-){yU9`1r{-xg87Y2MDA?z)I3vc`};%vEgbsGkNuZ#FR21{<woP$cx#~kIQLVD
z|LV0*S#klnuPr^9)rG};O8u`?{%SnnNlip1%Y#~Y*RJ1T{ZG#4|Hz;#0{G_(rk?J%
zH+h<$Dfa#M?<~NCAD06bnNUQP7SeW<n5i;Bh77ioN1~FE4l1oH=L}KaVSGmpb;V{i
zO@+D%`+t#JzUzgRnqtlrd{wy!5HycC8yM^H8}Ntb@<%h8^+tPiQx=-|7hL@}FI6ZB
z2+m-$!h$70-vhBSG1x@TJeqJLE&1d8e60OzE%T_JlU+8$N_TL9#oAvDPr$WvPQKOA
z0{)UJ8ofi!MLT54i1ZXLRU3he4FBeS?9T%L`*M4;;u}?fK3Si{M+$`u#S#<lLS0D-
zrvO@q5<wqmqx0P4P<^}NV7o<AL5Bm;i|}Qh{#$U_zlc`W^J+(dp|-32XqdgDR;y7|
z=97l9t=zC|^cMDho}!&gf@=1iG8Y<n#C^ewZ#DmoHt7I_LZ^E3Kz>&DY-QM;K)QS_
z`D|0V&Rz$uI*%2Vw0B{d+XfA<>aG_XI!!$gNYG<-%}J;Axlh?`EtsI7op3L-&E+rG
z9u0c)5y?~?-58&uj9PTcewL!1HHqBWFszte)yFqYb2{_$Y^&U`4o~6No=!>UV`~3*
z+8Q82+u<3YUvuckEq3Bs@3CQ+%8|<$r(R9-=F>{Cz3IfSSHkoTiz-|DPs-C}S488D
z6vsy^<UzdaDkF!xi(v%h>hU#hQ~q7%>m4f#WY$LL*v5VF7g@QqAAFwtOn#EI+iTK)
zOYASV*P%JLiY`m|RZo>|+so4_Didr!0^#$(ctkrN+`8)%_DS;K(NBW0rkLQ^NHkbr
za=NxLg08a?y8BCXd-u!6W9azX|J6g}uV3)pS-PDEtWb4Y%-6bW_4V!LQB<dHq5nkb
zMrVIJV0a=8HVa=69`f>P8|d(XJy$u&9Q3=*=-{#Y{1}zWFihU}%v>MW!7u9ah9U<v
zhRE0Hjzc+lw4S5UhB4Cd`(atwi1)P7y}$kRR7lq@|Eukj<)Afim>Obp@4Z`LKXHe&
z{UfSEE5XUKJB_G0eu3W0E`O#X-4XOf|7-2~OBeHUKR-;uIxpg1l<t4t%TRXq__lnG
zA>l@K&MECXp-%=xX$1C2e&145<O3Q#1pJpP!xded@fR^G%Ch|4qoV6i>_N7Ct2yr+
z8?6{7vhAcgyGyu3^%**fe-wp@@lFnyYG{Oih~eyI8i}6@Tj@3n)$2?xpu<z*f{PNA
z@e;hMhMPvs&Zr(1$vlZW+3NrDV6yRaTt;U1)Ft+!52a}0?3xd`0C=gHr~Qmc@<?~w
zGNpdk_;RQ}T;Jcb``L>I^U^iHV^3~clN!G?KcV@Q*k6B@*5BSV!}qG}tZv;=BL37u
z3K&}}vEOLq@w)TE_j16lVoMyR3hBO%s$84;TsQAK#d}=&s^n8jITyt!F$ENJgKA~m
zpK5X}A(Kgbd!Z_L`@qXg1v}ZD?P=<)<9Af?>X^rH6Z7@O!Gsp+0&&to(6Gs`&X1r@
zlIAMRckOy2LbqZNPqZ?g)GIOS%#aIGP$<xpCcRZl5i2pe+fluh;&fze8dM|U`U#!u
zm~wYP)cV(gF+Hh`nR08g1$HSmPPTRbRl$t8!?M?6oa@9iYmO;CIf@US)?o4uE~ZPx
zjCm=bIiHG^=%77Vvu}pL^&kc4JA&6_rrR13xbE-z9PN@lK&Hj6dP(O8!8tx7FX>-|
z4g__<X9Spd$)MTKFPM^EI3Am~7HN@;Hzn3<=dAM5JU?EM-e{}$aIjkFihF3)#kNhv
zKsp<J2#q1b75+U!?Og&5Yp)1ATn3!D^w7GNsyFI39J|TNq12>`)v>gBG^81TwR3jE
zPY%qM$IG+$7Y>p_t@?&UJsX^2>W3WWay_A4v7Ot?Xhav>bA=mRGx4k`@qyuu-hD8W
zsKBSvG@p+`2M5hLFRkQuU<k;!cT@?<qM*l@wm!VDN82F$dHNp{)C!K`P+4}vxvt&(
zHAXJa9KmA@H@dzmg!ZJS@B(>YF`sGUBQcd=zvkIMO3O0Tu|vt_DIXl`HVKDFP_3ia
z)iC5Si<cm-qBZx4QY|;&V}|FuUxdXD`L>TG3R%n_?aioigR2!*W}2H*{kFL)Jn=^2
zTi@wUd23$``qRhyjPJ);9g>$==ziEhH|yp&>*m~YeoRkK-#ObF<X5E2D!z~8X2!jT
zgd`026?UN^e6e)rDuUnKkJN51a9{DNH*tGn<^%iAy4}VM>A=^_IG55LOwL8X#O0e1
zb>E#Km4@2l9wEJJL_OmZB_l5gHz~xudS>p3TkKo~MDduNx3^okGjPvWNX*$>E`ZOp
z;wfx@nUl2njb`ZB_`9(uhgp#?M(g8el2pyB1&SmwkHW^?G0a0Kv3Q)zkLDRW?cO*a
zt{)+Y275WJt-F$7zkezv&h$Y$S4N8#zETQuB|Lo5TUD6urClPk^?%1eNq^*1f|Ay}
zK<GtLNSv^l$##3n_T~hb1a>_+k{|L7LL0*Z>Z1IXK8M^Zp`_)Bm(`fltLPk)?5K8H
z>3DB0@AT6NQxzrL_h{Hz6a3`~N3XGS4FMw(P3&F8;6vD8%8N`|FQw*6x2AXn<2M$I
z;|yis++oSZmF-wWa12A|whu2B{T5M%BG!)phS@xIJP3l?&HZ#!=#HmX9ef7Te3b3A
zF<oIl%2T(|bf6NKr*~H|%(rpmc$}4|SSNl4cHp%3+4TgL;xjwqU$kDGnqYS8F0f|N
zpf1)>Yaupg`@>3NaT)N%BVfgLR>|{Hv*y1mNxV_6@6TX{7b*!(QKfZ@OcTxx_ywT5
z7zyCs`o)?v4|uo;Uv^bRU_oQIwSOJ#LUKn?nJY<M-XGhAChGOIoCaJ2$9|NlFQ?y?
zTh)mI*h`Bo@#+9-7}*Np%jSh_2fSemU@EDOOw(x4>sudHu3njHRXp7a{E1Cw+PV1z
z<Hty__<-5}b~3C%T$vhL*AGZ|r*YtXn;C-Xb8bK87T}4WnNGdq22W*!cI-9m`3{1<
zHcReGw*ae{@5qP5A5yDb2aQ@xR|u1gMls<}o%G+G?oUIaI5a(}mA`ZJl<U+vOv6u(
zYEpeyxXnLaPF389U~wOitFZ265<lEL4j9f8maFe?pvSf^TgsXK#l`^n@kjPZ{JFBj
z!_w%i6Ces8l?4TUY%%rd%I`QkOK*_#WENnjypEjDLM&gJ-lp}=39{WM<YVoH?XY!u
zYhQfmd=@*~En5T0D(0vqpS}%f?la~XW{AC1B~eu@2nO+#Ki&g2dUv2L+Eu!5@GtzX
z?2BbfD2^u$!=inC?n83Q46F6x)y(cV#4A!ZT|>%Z3l_!->FMvw$e2w!HI^3}*Jwx|
z&Bx?h>{|u;5DsGiUNdBKqgSe1UtI;DE=GIrl-Q&)bX=yHhhtzV_bQK*89!))1T~Fn
zocRIZbq;bfhlWg`ZvGdA*X<gtC+6A7aforZV#MR^*L4P4!;1Pk;<PQd#jcGC8JgwY
z$-JbMQ~RvZf;WaO`G?cXWa|8u7ltT8pCo`ZKQD&<xL%Z@e%ZMB=^V(G_2K;{vlD9-
zEN@|Y!KXZLmY5PK{U|v<r!Dw!GIm}3T9pQUXVK#>m9c4eg1SEQVcV1XZ4Lz0g=7&Y
z4&JahHRM>TN=I)A5I~7U-Ve>fw&X=u7q%D7_((2~!ZS>24;EbqZb^0k=fj%s$b@Te
z$}OT~pD@!OAHjKIQFDUHiQCzj7;}~kNPuannx<@2eHd{t?7uZEqk3$@qb)<yjz327
zRR~VJ1C;8(I6IeAGFqXlYBySuQ{_0pv+deTBXh{^HRaN91dim}uxv+J*=!>VYgkR+
zEnZ9&aU35owQ(;0af7&*YShgl=9t*HH{H;=X*soJiF@M?;u7#e1jY*(b7($}I?Ulg
zWCwWZ-Vf0KQ`5>f#Us97`ziU?I9*5d9DTt?fxQ!YpMCQo=(C8<J2F8Js~XsmZ-JHb
znse2lA`y=3OUs)2rJf=t>Qs82)_bC~bO^pujeTL{vBa?gb6FjuDkcM=Cd$mQ`*%o|
zT{0D~ryUK6dwdhGR-LT&G)l5Pd#~{tpBxICjRb$ybkjEgg`cP)xPn7-Rkh@zia{sC
zv;xhC6cawUw33`+VDIN0R>R!;5tbl16e!mWiWk*7tLyk^en5WV`rH$Zl6WaV^4lZY
zCk)KN8@g{~E1EPEo<{Xqd$;Rx$cU(N#*8=CyD#&2VLcN3XFUOeoDN`0!759~-R#F0
z@5ElAX|v^SS^nJCeobaqf2?bCSl-h=RHc($8GH@No#sLPBF{bE*wDx76_nSWPe%`-
z6X&`*S|ljB-dI#@T4~e<m(&|87I0a;RR;4QtaOQC90m6)z5y#0tV=hvE4P^in+vO(
zpY==SKxgI@u!6USE92A<(%7lPj+#-E^6KZM@KsRK_8h2fWeZ(_+roA2UYu7wn!LZh
zjJhMJ{u~I{Mhd~I6nYHGt%YA()OSq<+Yb0EfR*K4mpN0p_>HQ*kl??6hO|B0LIrex
zRG;OSj49Ja;orAE$5tU++8Bw)T{?jMZzS}E{fOF{;oWD6q}c0vV-yFJ6rJG;d*wC9
zsY;C^<ENFke@^uS3RV6nsq{$oz51gtt-^OZ4hL)qDXvP5(U2H4vfYlaJ6MM%9&su-
zudN6nJu~$*UwyMqapI7I60iGfBjtkLRk$y|ARQlUZ7(F4wJ9QJPz#cjroJ&yz+s9m
zAg?1$cCcPEo$YLJ9UlLgCV#6Kb+PgTWGWD#i1CCkR(1<CjQcCJS^X#~Yq~?gDK!+2
zJJnzT%)7uMem=g!yYm&vdg{?C1*GN8*`Zn&ixkhUSnlmXrJU{vo?<3=0j4^O);sR8
z_xSf(<F$c`fcb^7*dM&;PC>VXXY0xLw-59;x_f*GIRG(6S8_Z!+X2%yRBY;Gh;&9B
znwvc8Gisc?mMr6uS)3$%zohExrN&7lX8iHv6@EO%D{_B#wKG#8^iy1!rsc2iA1<%v
z1{SIJCJvXE`;lA+Q+CRlk9~ER=u<pa$9fHBR=9u;2QvQ0NOID<IyYRWLmA4xMjIt0
z<v9L&!jI6qz-jSe4Opc6#SR5`zp}SB`0dgY=44VuU-%YaV>tMoCIHD6r*yuuP#x5K
zle@cFQLLR8-jgb>4LjOpAORRs)Tml5YZ*&Tb4JEMZKa>uWVI8o<l2`k_qFlCddbws
zJ{658$I#FGmu+Qsmj<=Pu<qL2A_A{$Zg#%~$aVu6neXFG>s)hyDan&c53hqpz8Cma
z1KMCC8_cvp>*`2(41Is0Epb>=hTrOTZ<(5)GQH+4pZO?H^ub0mTlwZ9tMUH88W4oV
z19S=#yFjof0R&2pl^Z257JLXARjk$h9w@z<9A8+zS#uL@s6hGHF7W8+7eDH%8=6i@
zZylSDsB@{9yFW3)lij))7Tw;dqgxC}<92yz`13=)yDJkRIc$ELu!7xb<Bn&XX^tj&
zECSu1GWHWK!oyi8F#1tfdK44Ile#7|t=^U(=9XETrzKWB6Jh+Sh!x~lAOeRhdPrKd
zT1I~Yz#I?vOq#ux2IPq27Mgd(AoqQ5Aw=vl8@Ic7%XI~JrA$xi-<wYs+I0_2KUmc-
zoV#Oq(q_#2sy$|IPWtFkZvA@Q<DKDd$u!*51CK3-n6bf#&lp^r1&{yDTn%&51@RCc
z%+ll>=%Q#kWkIo3K{dMkQw=#;lChCY0>VL+$A4~eL3%EX%xelGC|3#zth&#Nf4y5$
zh!Ag!9u)JhPH0n4?f|05PaUhwb4|tbUUH6Ut0THDXwPVyz6I3;zNn2)?8OEb)kP`P
zeewL*J;}Ce+XMdO&L&dH8YI__Qm@l(ra#(uQ6W)(y-ug;cuU`BHax{@SuaHSWI9FV
zU~$*#XBTq2?|ZY=)TbZYq!P}Aq>n%(oc`z;<)Am<i&MlIYN`cCOkTH=EgHG%6>Ov2
zI3|oX_$8N+g(;w|u^4aMV@PmNDPp>6+6f|gO{j6bel<rEAx)fC1iZLU<$K4AKXEr}
zMIT_%odu;91?lJSgo!ZAO)jhBuo`g<pfF6h6~p4;=e?vImipz~l!=+h;a*5|f~oJ|
zCDI{Sq%EFtabIjy`h!!RSNiv{yK&Va%NF_}?*6W~o-sTFR)_w@UTxn4LM1_<ZFV+5
zpPm+&++3^1IJ*uiFesUb90KRV^_YZP{;WJu1ErBzVlQxT?rSIamo!u`Zw8LV$Y+B9
zG%#Q`KOdtRKZ$fu`k_780oW!hGST%GD$tbek8}HAEP3IhUgjOA3ArG01y8I8I!*8C
zXGxuxpCPx255C@nJYTf}(5)3~wR7QmYMJd#z;)|@<hF6J!XCrBx$WRh__a{svUO)p
z7pXj^%$j796*kee70RP4H|sHO9@6>dtWqe2T%#P;`V%uq&$({l#)fl4$rCw$fbtms
zDyW_pwZBqSYz4rpEHv8F%{Kc|bRcRpY|>A39*K9p?-!`siB_&QhG6CUfaDI!S3#Hw
z`}*}9?~2dwpF?`BfR0UkJ2^f&=+;uA+O#Tw{GNfIM2;7dU=jM^m}Vd%<=vDx+7Z47
z0)coUfPKJS1E1w%C?+$nB?$uaQ?W-x%uJK|h7=KP22XN%pb`G)*CoOk*D%_%yEP$T
z@Q$2CGwkA|e*qB*Dlw9Jbg<^8QsPqouHb#2VKhMWyKItFJqtg{-_#^~!=xxJ_QF)i
zA%T2j+!y#+*7i$i78>Qi$xWn1=IwEd2p=y_EHwrPBrtF3vwrkRg55aP5?`9oVV%fY
zOV5?!ColFt7B<p&yp`QSQku(W_x}E#R#8M;3COBl9k>T_M*D#u)%e{N#yc`6hcRAW
zmIr_?B&=f_Fmw7Q<#LafyGCKuL;A@siQ<fw()Ntzt2lKWDE{k?gW<kTaH-NQpIEU@
z@-#OP*4-l8e{ur|NZ+RdxnZ<Tajo~aYlH##d`FZX%Mx}28;)*f;#4yh1shHlof~Ce
z)i-PlHaoQy(P5M_;RU78E;V_dbhn@}h1EGU2X>?VE1uGon!+gWfnQaVT)+9Wm_77Y
zuUr^|CBG^X6`r%lQfOs&Nuow1tXoid##RFI9&|%QgQJ*kx>{$~33=rRG40<&c}=}o
z*7mSw?$f~i$!PsF36C5v1b$6)0ic1M580YgF*ko*q@$Y_tUtS;kLE}B$Fqi>L^AzY
zwQ}iI+_nx&f5A1lz6`E6oAyz>0Y6DUVER1_MI|byW-}Je{;ty2th8!8nTEQa3>;*2
zQP#)%bW{75tSmOq_-4j^^y+h?r>=z6SCu2CJ@38pp0vyBydA<~9|N?h{hxI(2X4Dv
zai>z-^Kgw66(4nb<KQshS?^wsC~%EX&znK51)3u4e2<P$C&&J(NAE@$G<S01&Qm{P
zUjbP<CYhH)f_6T{=d~h-B{ip-*l~Rs{w6Pc_fLRRFQe`H*ZN|>&NZM;3N#OR1{Jap
zWP+f^joLX4ha~0ZqLi?^pLXdO1W-FKEIb@Qd!u`9KfeaM5_&-&jJ~_J@@~Ee=mjin
zi4}v_)By>|qdI~aOs~=o#VX9^1YSi>&ok&e%E&y=sUts&Yz<6c6U5dWEvo1EnDUeC
z+pZZpPQCq3d7_rWRb&HMI`Q5LT%&o_x@tMM{v5)$YMjCII>~~Mu|)W&1X5N=&rW48
zw7$Pu7OErnL$_wyHw8JF15zHPNIjkb7OLOPj0S=Qo;z10mokFFL_en$|B$4AyZnut
z(^2PhCIzc#wyT9viOrJnwy!*)q-OeIVEi?q2#V_)^{ea3q*8u+l5B+Cfyfk)XpVi2
zJ9>3|!6~%i@)}BLZChd?RvQSGRSi~BlO(-L^MCLz41F<|XU3;MnxdE?jji`T954bw
zgBdQXTI&Z`IP8o=Z#}Z2vn}Q6z8WOg%yS~gg%BZ?@oH3xIR0(DdTp^s$gOF>=-LaR
z4;0GDH&y9;36fDQyrWH?_<?hy+bKq6FK$m1>K3UbIjI?{JAp?k#*%E(&1-feRB`QQ
z5$(`73#`VIoJP|h>3JR53h1N7oF)z8lgo_6bjsCuZaX3nzAFX9&+*}^^lXLqC6Rsk
zy94!h1LCfuy81?o`&cCSz_dLfSJ&F!N$Wr{sQTG~GM2nIS+v`^NK}mTDqu_y3m<s}
zYFsQ%9t-a?u96$_S4#m!r>JkGCRp0+vadaz83e7>>(wxUv>5}6;WDdbZ7H-v^GbcL
z!!nPsA}1rIDbKju?ubjpWbM`v^68I=eKUU7rSY-y3^e<<Ti)z<CiTRoua?2TRp}D=
zRiQzpW>$<0u%n{gnaANbN4CNf`XVd}SJUH-r*Tv49)tU~n+`GSdlo;5WXs>!Jt)2@
ztuigLEIL_air;kq<H%dB8Bhw>G&)@#0wwn`{|XCMGvI8*cf>k@3DDhXJtjupTHY|s
zkByQJhmw*e)0CZuze@Mp(&io_j~#!2x8RzVDk(=RNoun>c70eB%H3Yic>UNtx5uD%
zNRYW<Bf$$1^J7l6_(FSF?CcxB#Ya8rv=VZiw;*~cuBmdGk3ED;$d&yc%HBFE>a}Yh
zR}54{1Ox;G6hx$zZjhD+X@)_hTe?9+1VKPrT2Z=Vh+*h%sUZdiq`QZX-;L*e-uLKP
z-}76~TCAmiz|1G^z4v`z*R`*$HVr1tCT(`Rx(TctE^dXK?3B{rH`sUcO6`t23%j4#
z*I#dusv5ZcKH1=l#Y?{Y2;aOmP|_oHK07sUIZeEnU7K<j2C;owjR0t&5df5mMh-x9
zPuy}_T{^+d4AcD;+PfbtvKjl`(T+!N6Zn013K=UALcF1oBwAa3zt!_BoQs_1_U-hv
ztP8<poPA^(87x*E@0<WhDe;XW9XI>a71rDzlf^yJC&5kRB;7*p1q<<k{C71B7>Y8r
ziqizYi{>bPtgNJMp8cvVJ>rB~rH<AZP@4v)hoz$1`L!LZ1OEGmFQHV&*`%&?h~8;n
z9S;}S`60$-uIUqV!$X00R#hW`C?w;y(dLvyUxhu1G6^;s5bG7S*$TO2X`%LpR?ouj
zkoHO=lwz@19kFfKtM*21Q$^!`Hu#g5`4d{IsZBZp<2_9ho5RT$EeoJ#T7^>BcRp?Q
zLlrt5{q&~_v}?;SJ3X2>8;!?+j1U9^=8bv8Q{ZXqF%kf*?4q^vOuxIqA=rcv%{MF4
zEEIysABDU1yMCFHb_`Cj?&P>h#xbmUec7T6mc&5zf;*LLV0I)*18Ou6$*H9^)ftn2
zxgM;~ET$_y=D8;ror+wo!<K3tE;PV=$~^+k2PRjp9M=8>7S0TqXn63#0pWQb_?GqA
zWPd~d9OFerYGYfadzqgAfF}GJl_D~gt8CPqk%q6bE%41;SG-9s2QP`wp~wRGh(gDq
zcj)--JeEQx4ro!elNo28P-7owXGNk~Z#$9kNhkLjHK)t?1l+;P$Q+Vu!-fMTQ*2^)
z9(OfqH2NA6R_EJO`j(U^Hqm{J_xU*I`&E0QY=AZEI^|?A4t#B%@(p~<nUUSkm{+b+
zqR5dEKYn(yPG7k?ny0q|NwL=$dWCC#(W>TTw-|Le51v!W)ctXF+j=!)h-Ghe6_Ey|
zU27ejpCQ9fl7hcottFlCrTIgfif4xmoe4Mjs5(@Hhw_FC@1*JV_onkDQ?aYh55O|G
z%iWfQa+mp=t5!Gk8>p2-gbqzD4rH5>mQvItCJG-w&)%D5&n4#Vrop|Uj3AA>`38hG
zxvvo?eNEE~TXLmqYBRjtTDp)#LRed<A1Zy(H_11Ake(^IVE&1fn58@AcC0T5zAk<(
zcij<mA+eM70gQI=Ak~bsksK$sNFlO>dixZ~X5nl@v(-0I&aigU9f07l{1#o=iCHT$
zItv8<8aU!+UPF)}yQ0S8I1Lw<9E;H9bRi^Oo@cIFJFBS8TXf^=C(Pl}2{UZ)RVRZJ
zhwL@B7Q|fu3#6mQ^@l*@$0>iZP^-Z-4k`;zCvLYFdAV)xS-Yd~L%*Use#BT0#O0k@
z^MU+Ht@Unp{;sLyB3yx`BQ9a(-tE#ve5I%4nXf~i6C5lVk<5&tQ)M-_`-XCNxo0N4
zmu*^)W@7Zb3J;b(2knuo(71HmwDZ)77P2*R>#4L(M$${8IK7I5kUT{AJfW(WjoN>w
znAxIgPsHBK6wfhRVn~=F_vaJ6t)nd3Ifoz?4tI6iVbBP=Gh@N#NQ(zTu_i!!K@zMs
z@OB7aijtm=jQb-?#u29{k9&-(%LJ$J#2OUgQi!h&xkpRPvyRv{0<l`!GH4E(%@fHA
z>xmdQ;<&8hTsOS@s(yaI?zXpPMb)?*KTd|=mT0(vcz?^YR&(9lX8Q#wxwnM&Codi8
zo@MNR)5wR0tzScg;~=OD!Yx(PYCAp@s+N2shL7QDX&4c?j@$QC?dIy_&t?KRdm^BG
zxAYahqij}+B*{QK>T9#nhY<XHY4K3H%Iiy2Pgl3Lk5tP-LWK?k91kW1^XiKf68WTZ
z++0HiUpANDfV^TBz4AXbJ!iJOEXJ`0u5hx`uUOTjqn{S|+I%46!8$27i$Vz@QQI~x
zl-IgOl7ij%qhtTVb7N$b=L}+72GZ0VxQ^IFpco#j;8+~a6@~axdF|J^Yw|g*JT}i&
z$`y(7uU(GP7<h&Jrfigzq1uw9{YWK9J5)&9ZVV<IT_byM{bIDUWu~;*#^f_3R=8|>
z^3h6hKGE<}Dcsy+qYm4V-TE48o&@R=wgNnB)pP8RR?9vFdKfeiDhin8zILU$3oo@8
z>;0C@btWYhZgwR3(dCD>)_@Qh&qim)E@s`k+!2#~9WVh)DxNEsUoACn4!ltOFq2J=
zw)5SIO2g%&^X+aa8t8#BIx+bz4ms>BviAtkC<>nlTdAnN#tbAL7VL!wv4-%0q;PQ*
z;M&$Lk#NTW%qaO3#^!UWdG(^H%_mGY(=>IdH${w#h2QjQ3=5@Hj7gC_L?X#PVz6nD
zS2_Mzv)nUINSez0*wFDt2i*#<-13Z-B7!$#^KG6{+@t>uRx?)?;qhCe+;NZ4nyrzJ
zqNq=q54g)pcSh4fE6~;t8H0y4#5`%<^pf8<ugL!LQa6o@In^zldP9cx8?1w*W1t5b
z=0_+bOAEKTw~l!wU>nZ;lQsroKJK*)n^l&gFvIiH?LZh|SE)O0PgEwkER(J$XhdWB
z<7=Ezs1Q(2<dZzM+FJEb5|M?|(Ywyy1En|@stEIOjtY+NUFu@j9cnYuiik+ORA2f6
zycEQk<GqD-xXUwdjYS&@62!{e1mOW%1pEi`NQ!&xb=5f|Vq_+a*-JQmKM->pQS$)v
zrL6P*P?^ypp+=f>Qn{yg`hBaR{kB8RX;szM-EC<J+q8SX$sg`-0}T<wBKu`%6uT3?
zi<+{}&;!X<yU|SAv=awYz$lHugWZ=h&m<sCp5Q#bHENMB8GH{W;;`LSCcZmv*U^Q)
zEM17j>UrsGwd~u3xVnW13LJms^SK8?gim=aav$f^E-$7_>2y4e`x<D+0$-??9(VZW
zzL%R@DM*xV+G^|*gT9^9Z}-A%+|hTkOZ57|{Q5+74CnS)VEOHvvGS@#s=6FmO_?mZ
z@Vm>eg-NrYX^7AMtR4fMJ1LKt)J!wfgE=zDuX;|V>jSm*+||u^$&#JClcWX3qWCX>
z!T7M%YoI+3XbW0ukB=mJxz8{w2UMg_UcM=@80x-3?^s=ayM%e|QNdnw!JOls;QQ1<
zCvL0JfdJ{&DEvA0^Prq_#SCh+0gCHxR8{F-8{JvYjW(#;BCYH3rm}L&N%c)qyBf=i
z+30Hfi6)Jh1oLNI?)K<G+GxMD=g1+J+-8i0{~DDQ<SG{%F|*Lo$_s<dC53S!*SnJ%
zX_TRR7drS$&l_itN-LT}aYKdp`rywKp6I`I487|<b|h$-T<OrCuE?Fxy=zQ5Ldo;`
z%RQHu!i>YpWt<FmcG>zXGJvfqrN_nti>j{m2Oo+%Q#JvGV{M?kWniOXYw&Wcyil^q
z`^CW1Uxkx_uqQ^`o^8Qnz_J0^lNv-Jo9F$u(<mm5$uldZ0i3$~#j*_h2Vc|(Zne^+
z=FvHLgRa7lgYO<Vp@shkvQMw10Ywz<hHaK@ywn$!TIFRxk3Lk3w#7%)+>$}S>Nj^~
zNkYGMumiF$Y<|qp(biF6;E^z~b#fYBpFf$fR$~2@t<^@Q*PtEeeqw_|O_|{4+?VEU
zoDWF0;N+aDJj-=W9R9KrftX}#>{W94X`bdJY)E3(A>UW4)|pQ_I?S$Cbhu>E<vURQ
zvAAF=VTBt=HN6hqQ9TAxv&b6Xoh5Jeg*8S^n4GZ(pX8kU6Jo2b^{JxEAY2)+@^M%Z
zKLU35imby!d5&M}I1Ix&b)0@!sBxcFEq{m+L)a(9@985IZBEb8F~reH>7dL(Y7CSB
z<Ich)+#=HPe8{m#=j<(X-IOBySCnq=;yf!4<v=p%xgN|)b3vV+byK;mX0l?*$Fenz
zk@E<LCp$N2RcwO*okp|yLMEb96(O-`*Qs4IVEUswO}A_i{37guP7e)H+vlR+vHVV&
zH$lzqtL#iJjxdT({kiTv`$E?l%0k;=JAwBu6k=rqME_|!L15WelO)%)on>bw!x*&O
z0QRQBOMKo>hSR`Q;S)&gb<JDR>qIuL#XNPIxcq&Zc=kW%;%$o7CIK`K(2?|vL%@Lh
zBPHTHP@a5+eqKH5AS7>Es+PT9`SC5jGo$!JPT1%z#f%;SExP#p6WQux+Y}}}ok*@Q
zjV!Eu<!_W_YnL!T+rg>a6ZI)3#zZ&Rjk(E897bFM@IlEwF!NsAxI2NKkWPWa=2Z=e
zQDL`)j1%F2yMgu<1BQF{U%gJQ?gp>xI*$(qkd~HIdb6!P1cTsYNSeGTT_$~+wbiMn
zw+v_)i&UScYWvtdn@`u6Og-`~X&S%0i@u8#paiZ_W+O$ZMCMs9i*p|QidgSSAMAbN
z?X8adVeZruwCJwvmt{3Dg>5#7wfZ*f@hnNg6}<H>SB)4=;y58Ky~+|YZYX~O5u@WX
z*A|L0i-FdL3pH#Q7X-E@x)8I~VepX=(Zb=D`NdjT?MId<x#w{5<9DmuxQo?A)Dksp
zi0I*j3&T%?hMed&`Z#rSh1`7MUl4~&7Atw+TmttSfQjUaX5HVQrMbCtRU>Z=r%!_=
z^ou=PtH%Ia{dpM9R($oY<~oTOg`ht@s`4a5RR;xQSmvXVn~upncb|QS?*kSdFZW2H
zOj!BMI>UL%YS4rGJI)Zaiw3P3SmxzNK~i{<ZDbKprrt<S@_{FM=Cj9mcB{R05vS&I
zLXNx_)0mJvRS90ie>Sqd7K#Yl6kEtOcr>j=zTSvF_^#gBbkwt>N4=WEO6gfO3Z^J_
zPQz(m*OQaN=Mj8%z0aju>2RGQX?bz6oG1EXBWBBDq*~!bwALe+Om0Wi0vsx^R#tC#
zX{0#4Gm&3ILHL9tUg!V9YdY5m98-<7gbjX3RJ)<@M;42}t~E*plNsqzZc^UrU?uf^
zGSo(nta&-aKbi#S(1O*SqAhFp3U9zR;P0)Yd8~EvX{%U?c%0k>S`Qjd)L&RM0>C@F
zLujdAYitX|*R_9%FY@#FiupahfF$%jk5Ayh-sODVgY??B8bq+kS=jek2>XIOG~Y2#
z^}WAFz)vC<B4XlpfRsTPaPlje1$h8#z17XXez$+0Tbm>VZUcDwlqn9I1=QXJQVvsJ
z)1P^jYbB!h9R23rqAe+&zIt~=cHqFh;UHCd1F>aJwycJ7iXj7Y<+_rCzB?VE@rCrc
zkn-fLC~I^l!V=0v<+WX$6SDsNfzoc~4MdXrnyd0fRR(=OTT=FywaQ@`xF454`&{Y?
zr*ImsyCFu6-Ps&Y8?=gh1a_gVmHdnHO6$Rk;&^HaYJ~tro<{F*@FNEkzr#sKUIj6y
zv=5M%cXS?prOua>Jf5W6xY0-KOgQXrpo!zaG=2TyH-@PC7?;^b)Or_Nl1M#yOXbN*
zanA=fY1KV&)QbkvAmLSF#4BF6<ymBc0}dj|bC-0QdfOYFLX86CVAalIztk~=NRs-b
z62G)Z7moLleC&bPT2L3#YXT5qA1gb_S4#6*;4E~@M^EtbO5OkfQK_46nQ7V%CeqC_
zee-;@DD%+CbM?ID?d9x(Um;S|fMkX84GDjk^Nn7{W$D5;TYJIWFj#DObk`!cU#Ar1
z<oU#DWoVAf(Dw<m@?VuHdcH48%6&RlZ;_H@lhTPFU1;%wIwTJ-TyVjD400@<Y$Q1U
zC_5-R@jNz;cbiISpj3}Q$GebzkG}T0>L{TTvn&!?Q$*p5hm}X0SxO6?cu0nmrx079
z&=}GrcaW5u2a6kQ3qxI{V&)9?Tfk2~d4SpFqghJ*Xn2x7m8X|nC524y^)t$<k${XR
z?7K|m*R-d`=$boM@=i}ZJlx5{po@H=*@wAwXuH3k;5G+=n|0ZQ7a=dA;TFGS&L?->
z0x9ax!3D?RPp{c0t}GE4%PTnDdhP0tqO?KrD@-+Q+9~evkFt8QImI=vAO9Tv6wsq(
zg3C5Ujx7#=oMT8VEh<xQB26W2V*RmAEZRaq18-d@cp2BrYG}Ica5!Gd)y8Dm^*f>>
zT=;it=Hj(TU{95Qu3;$v+I&kIdcOgvPn2Y+NnN&VOdj$uP+PF~i3L)Q#)Z_>kHCDj
zy@LH16qX!vescQm<mVBOw0k2dLzpLej5-(7lOJGHA)f8eqTP0GAb?Ghxpe{sq1qIF
z^U~0V=EE2qhK)mTGNR#Laj2=@B(;Ejw;qS5Sl`ptDOQ^t<j9X+87R*F7|$VQZdH*u
zGne`(#13H~jH90ash-}z=;(NNt0^?XaC51C`0>~3bcPMLl|p4?A0QNtneuCPwd;$J
zdAb&mrjM*dQo46mOZpZ1M#||_okOigOA2jOnNqA}5!N%|<Co<z%{%HkRz^(n<N6(>
zyj#kyvr!r|aTa+|tEH&!wf+hov#E!%FPTW?la4DpW7(xxs`m*-Jom;uuR!yZGfQaE
z@-JIdNI@}!v2^@M-faI+Hld@0i2s4+L0ip7Kj}q)y<WD_(W-L*oHsdxrR|VUSzCjf
zPIHsc#q3^9S<c{LwD!-wNk`!+3Y|^yoVezS6X_Xq@o6(~NMlJ%BDY2qiZ`l-Prt7*
zr<c4ENyfsCchj2_?^eW9obAc1hi4r|F}hA4EMQDp6><K0dQpxFX>3%ml>$sqOgBdH
zQ^iW(_e#a8)&5m->vFWf;}dmmSpcAWC~qyzX+8a-@!fO8X!B@jkY8E{_A(|<U^L$H
z<OUxL;5?9lF4NTbQp{pvMUFkT*#V%qz)d|P&QX#Hp{@>aTGKD$^P45yy_e>wkSeG@
zRAjh{VMILzq=<@@ETZ~32Qeg(%`9;vq$R6bmr+BP-P(frNuG9vO7)RbLhcrzPb1vs
zXg`8(!1lfAnyC7>OY>QUV%q{0JB?zq)iFRWe3VRwiL;8dbI#=?uJpR=3cHh|jsLt~
z{|x(KzS>@^^Lq2rfpEt_S<mL$*7z=z^$}s)0<8c1eCEBqyl!@)n_Jfv`^BQFY~{;P
zmbGB-mT$s2c4DsORfh`Ed>?OF^ud<ME7Y^jw8B;_%lZVMWh7DZnqDE#1imVKUN+Q-
zd17H#WdEjve}U)2+u4KgfJ(Z!bz=~Dt?S2MiNm-@GhkI*gBGeaUszu*R=pJ`M!bbg
z@LB60Hs&XK9lb*R9C8Yd$O$#rrq5p=@t~w<O`E~_-^PUh+50U%IM<F@ADqimA8fD@
zyR`E+-pDz=3|$?yvTR~Z<aZ8Hoxd{uN?DiLT<K{foWJ*p^_XS_*lMkm?uFjKPm_za
zv~hCXYl+UEA|fhuX#iQ9%JxNief;SOUa|k+l^FPx-Fb~-!^%?})2LX=%Kq4tN<lM`
zSlc0(Fm%a$bs?wts-)I+TkdK|y}0OYl5}k^;#_WIWnij$_HG}%!@IAqF;>`%g|}l)
zR@oN!sp7T1a1*c-bYHJh<a1nl$Zp*EsknzSA-YIW5TnYw^CNt7A(1f76`aR1fsa1+
zaW`&OJk^@9jevf4FgN;Pl^aIp@kZd4$suBHl2=reJkjPS3z07rLb}?$H1xGWpXtZD
z4(gDyd=`C#-PEe{;to4n-V_|bcXgf7w7Ol-C8<hok~u^h%?RdU_4re|X=<04;yc<4
zDeHz~98*g2EX!D2uRzafN&N97!*39vN5a?7k+q)*lWGHUoR>Atgf5wyG7>KepAA`B
znE=^sZikMeXFS;B*~hSiMHR?)UTPS3LNObmwR=F_;uvqh6Q*7rg)z>KDu#l{)L2Z4
z@Y*h9!UPSmfPp-7MY0iVLYPv;vMQtyrV^)ez1knY5NcVo)WGGqIwP8L>WI13r`|P`
z${4zPRkvm;IH<rv0%02#@Xa96a@>B5VJaa$hednd&}z%zXIT$y!n1j~;eUaRcp3Nl
zJfpVJWsOpU+YZ*LqtPy&5vEM#d`4S*Kbwu!js`61p^{^Rtq|`V2u!7#dy3^mH~pDj
z)}oO(6thek7UOEx5{T&RARJ`)ygP%`WUWYajz&veJ^~i6QP@UxjkwWYBW0<5VkpmM
z+r}|8`qG%P0An`8){~;yXdP{wj6)qgiBDu>3D@CB_j8VsZ1)$+!G)X;Eu#QnK=4`)
z*77bLmA54{uUv<l<^hv%4JT)K=E!d)44Z-u&E;AaVY}BHJg(5JFnyFLJa7Yn#*=LX
zU^adc(9TGlr1gRl2B(-gMB2)#&e00hd_x$ydAC%$x$K!iY&I+^DHV||Xn}SM{^cH;
z*(=c=e>6vk+-JUAq&w*s)GXuB>oON>(jG|EAt6C)o@xp>#R!n7nW-oH@K5KHz2oAe
ze5rlMm*L9Hq=Fl@myjp1L9c-;dIuO~q7T_7YLl5hTuX9a4+976ZpsiMm(0nf(<A@8
zUp3pv$LW$i0`EBu>*JFUqvPK$c`1)Sfo}kbQ~=!NGobJ|gKNNFJqMK6xc*UEVYThb
z<!5Ve0u908#n!;nEDLP2gzN^CFQq^ZjB;z2^+YO|xudui30yqSGVkO=rhcT)_G9J&
zLpRe(6B-bozE`&o)*z^DlvYi$;{>{ngM+*8SIU~Jn!yKIZ1-)V+QvG;Ow>}?<7s9Q
z36XD-g4Pqpp^o!_8=4OYslzhxoBSb$xA~|T1!7WYyVK`<9%sB{QwW&IkmOh~^!@pZ
z1Hce`bj&BfQOLXCC~JqZD%1I?kQ3DW#p;7I;r{msg=laIW5m2}JEo+9hh`dxlL21$
zcKY<uRq!yOr|V})ANeSc0Is>Y>)zi|d3`l_dVCG2$`{}%bv<t<T<4SM+~XZZe8KQ-
zaYq1^eCQi}+esx1m>f;D)~ui3LWMZ+db!GD)JUxN?q*+D<w6frhSGta3a=_y!YpOu
zNb6h=sYwDoHig5dlf#-bK_b$1xLAwvP@ZmXlNfp3@paTZ+CeeScH=E69{NYMr#nA%
z&@)S;;PXeV&)6D=wX;6h??(>YCOr2f6VoAy;ZfO}U|7KT%d3eI&*r~HQ<Qpb_PHL>
z4OXnkM|A&+XSJ8MYZddKEy8h$WgX6RohO)egVlP0R!nO%C4?Ne?QlqET@{se;MSj7
zS>?5?@!1yNDR+aMq>YDx5Vs9k6(|6<ow5wS!aDyuhWzvpqwl(P-ThWSUus{{6ALW{
zP&4^g#$;g3UY-$_OfJi+QA5{_CY|$;CuCC;L1i@$)ecSu{kP5*$6Jn*EUDe9gwTPN
zNO2;~bOqhT+-StoAUi9XDU50$TtnY2=R}f7wM}n}ZztR;M8;aTL(LvDRbzB4rXgc%
z8-`L_DmG4R?(?cS`mPYM8)g8On<LOxb#n}TJQ#<MAcT)r*ekZX2|DWGG%MQq2Fl)I
zX4n2V+SLcnqumQYe_vniZ~WXPQ@#?c0d@5QBRbZ@66&|MbzacK#sz~@9U8;hiV2C1
zUlF)hn)r{9N7S?>yG&ho-E1OBDFTM8=eT!w@eu$s9sL<!l>G-Xfj*6y5Xz0<-iPUi
z0?@>Ua<;I`^}9euINhJy*6$G_r8tO!Nwp7H`G%LYY}9c{?UIS2%gcetrs3K(>k_1!
zLo)jNAbAV}Qbm@Yocy9F=;R5`o5}_<xh`7f*%W2G1u+z_q#O`E_rM42%`n3S`gpBi
z+}OAHX1<|YDaIR#?$YDw+y$!Ab3{&yUbx+FHCjR_ay$6v-xki8KG(L<vi1ho@ckM4
z$oKi~Fd+v>y@$ftmVBmGB-)=7oa=V3R-#v|4Vk8af37y#V>>F8apFH-0J!$syG9mO
zR`ZF@T%z@-$oiPlWxyvEib{+-VM$Wxkewwuqf4!C4+hFjoa}`PY`B0Cd%*1!{o^4Q
z0D(Sbyj1bkHac7>R<zOrpi9XSf;$bP|3SOP{wt988LyOuThHmslv(SHJgt8HQ<N7p
zF61<20)$lUyxog2*gYNy<wv#i05`crF!gR)F(AO})fMP76v6tVg212wtoLkc%Ja+l
zH7xnnhgpe7?rRk>g+)UXcIvkANG*x4A4Jc~^xhoN`lAwVg_YfgX1gdtNpOtUL&9Gw
zD;MIIShK)|7RXYT1NY`UQs57lm&MI=$B)Iu+BJ9?Z9H2KG7FV5SopL{EzO#Imkyi!
zT(DRL^DH)jP~EHr1Y0gB&qOUte3>kQJv`G6F~NzKxF<Y<JZrN=$G~NEQ{tfJN8jVq
zP?i`-v@`$}>Z`FOFty$KoZx828u@_Kj$^Bt4nfU!u-25!(i#xY)eZJaQCU$HJS6aa
z#HhhIKct~QXZYhF!^l5Z58<GH2tynWpoGSePdrCCTpebl!PJK9Nb~y577A9uvlp+F
z+0-ZFa?Z5{%SuVB7@eB>kD#LaO_WPFE618jm#&#5GAx~!^vsg;?Q(TE(q?~o$bYs?
zYWtS`t$v5h61q<9G*`OiOEpCe-MOl$sUhyRX3?}9Lh~@>IwaTfJoNSYBTarxsH1j9
zpk&-;ukvct#xTJZ)!M5%h7<-8j`3hrt^koMv(_sJPYA4L)q}=lsXNWesHHzYCJtuz
z!n`gyIXJAQ+C|VBl3#AI8g7OkrlI5$vsV@nxP~Dsc3kFC-^kw<ZFqYHr!z<;MxuiB
zW+l?y8`}*1EKjW=X}ct$U^zVvgM)V3zmDJthAyA$NVzKZMzx&*$yk;)igkKIILBAP
zbiPLx8Fq3*&5ZBb4NZ&~w0Nxw-h<`V#Ef_Nx!ot_51w{D{XtUs9+%wOJ7)2O0oIth
zN4T>W99X$?oPwo>i=Oy&I3AUWB2%fV1}e~Uwtm_T8DtABGh=d1f>gUdW5u66>LPCE
zt=zKAF0%_Y*5mHP=_FRhGwNZN?jzr-Q;RZ;l5s9QRp!1?_%nbe<Oz3P2q$&^K6f@|
zZZrVD;ag6<ONT~pSG^z3$NQGPrgb_Y+FvTx;1*StD-FTGRa<h^UT;Sd1Gdad)smN?
zaD#Kkn)v;ge7W?);-_ubUdM4+7+af{l~xu*C)LuEI80H{IIFR`Ao`8naNd5S%}A<L
z<2VRA{07A9fG7nkS3Cum#2IKU!q0IW0UFAIFR#R_o-J1|R|EYXS@v@csj(YNm!84`
zW-t4AnLUz^dl&;znPQXM{_#b9Lv=WXWdrhq*8ylGNAm%}vF3tMw2HscDs;F&Lq1!3
z2`{o=fuEUeVyC(2)OlKqDm>#8v-%`a39}dXdtC~(1bd{GFZD`fP@sdIJ$KGUpdwDe
zZ-_)BuJ;{yHZ#(py=*AGxF@Sx0QODh6A}-UK9PJYlvtN-NkL1{3p4*@Q)x!-*OMZ=
z8?^*D)`d|(VQ6!%Aa!yU@QDeLhc%}@W5!-U^(b7Z92Iy;aj+oGcwB_vnLHiBuW<Dy
z&!|_hCl5e}_JD$y)G$YAZgBj`I>JDLO2A|PC$^-3K%*MX*8RpKC2G4LmhW6&I|5Hq
znRRrPQJ;-*_383dPkg$y|7!M=a~6Y1_Jjb&C|46LmF$K}N3o|V#&nepi*n~a9;#Hx
z#`uCWu8@pCoXk1rAFT)dD>89%4L-x_Z6M$4l{;iXXeI>m{a;a5M9t!Qd1kak3_hQJ
z_w(CgeL@3=F2m~e;%GB;+bDVd$`gCW!P0$<JcGdlLgWYW`6ZW@sa1`nS<;<Rhn7TV
z!m7EuHkWlQ)TMOR0+}nVlL8T?WvquDm?o3CLoXxC$d9K<FIo__CF4GQw)55WFoXIR
zW$i_=w9yO(gpGlfX;t<<4ip<%!NjVQMDb;NmC)i$M+4ZKocW32+s4e>r?+mn<z~(L
z^Uj;W{}Yal06Kt&(NGod5%28v0UZTFp?Y3R{YFq(nz<KQJ%r8zUhwPOI!BR~7}w3}
zQgKAFx7H7v5AbGITs}2i;Ru;H5Zhapm1~KO!5v%IH8E21)-(Gtao604YnMBc@x}Dz
zs%l&mU7p;!4SkKLHl0nt(5@=LjuiRIctgKOJaT>Zn^VJJ>>IMHyt9!6H2mKrgCnmK
zK2n{ZQ?Dph`(B;i&WTpNMiNY9T4%8_V$yMXw7SlJE1Ff$`mzSjY_j($e%0n7Xrw!6
zw&&mDvSG=3Z4TNTKVG}G^BKLbk}bhnBhWl{?-VIfmfSs1>D9Ys4PTTbH58{=`<jP3
z1BA!t_;$Pz4z#diS3H_T*CFh9UbsrU409C;WV6h|r~BV*Yj&etFL)R{gcncFIytOY
z!;bfA++(@N`B5e3R!yKcPB+QbxMa)<B4Sm7kHy*|L&g=urCSyTnHHjzd&~e~Wv_PC
zFwbSZ79pS?C(Bwj0LPaH>O<1ZsBE!YLgIX6Kcg#2vyU*6D|o^ltN@oa&GaWRXI^_5
z@km%$xcyZ^AOYAcFoMIecWR$$5<|6e%pEIKY4PGfJF>8a@|%CoAT<$Y{|ZIRQncK(
zA~!X*qac~Zm1TgIa)>5e-2Ix>AvPa}l#;MGe4{c^BE0yW5F9E<zcY9D`3ZgG*`FkE
z_Cj~6in#u$!<J1CNlYnUfNvsoY})O6Xrb&7=w^HG?xMVdX8~wwJEcyKfsz?CIWIk$
z{y>-XTI<n?s>Nmhdv*akOM|GupCxDWUGWyVC7CakCRBFO385NN8cHeE3aJ!JX_8dx
z3);?m<IWY9tMghWiL~ZV6_^=Je|RPGY-)5kgCm?%GN5W~K35iUIxHwLnyWZ-DGa9y
z49)`Yz2J{--*nmg_{PA751H}?-d+W)oh?t-6o-W-0E9L3vH``f?vSvo*=z5s{bu{U
zAwo^y9OM|q8OY9q_r(vC4&|OK)vGcKn(fz|xy!_nZsx&F2K^(wzA||d87o|k4b`3i
zeTdEMay4m{iZD+!wj$udd~C5jORLg;7?3$w#hZ%HiBa9vHt&*8_2vwHVm0XS3>7b<
z*Q8VPHUuX(`TZ9QKRt>Uvl+9r+Iu_Y@6Yo@*7@c=p2o{VMjQ6i1|c+X_rubR-L(d(
z{;PuiW@I&7OQ+{?+Alx=<5nJdHXj{LRBEF_iWBFprbkDRm_2=7$Wc1zuh099i~1l#
z#CLLJGc(4<MpY&t>C9S)$Eo|V#PsP0kNTD~w!cFo=ALH@SueO2SvM7_Y#ul2E)TIp
z<tiLEHiH#6TLs-A{xW28SQJq0lKPef<~74)>OSpS=9_2q3tfiW`6g{c;7^v*Wyy~g
zt^Bn!2PeY3etr_ei|SWkuBbcQW)<!LqZ28Km><`OTVxsEo8uc%d)yh9V@8;G34(rx
zTI_4`a;s>e3_4jm5lnBXPZEYyn_oG2IXzdMTd0~JoyxI*Sp-L4%k}t0n5AW`QAIUq
zrQi85ahKi#^<vQ=*T(g7H_hy`sK2|cfd<JX$^UJ~*9z+NOa$%tWpK_ynKJBOmLeCd
zOqn(eUztu+S9$WQU(sL?-v=!!IkaEzTP?mqdst3*;l%RVM;{+=D?X1{lCK8ZfZ=#^
zb6WbSFPMJ+lcf|UE`hzVZTzQApl{3!T~fu#B@^wL|DZ1;wq$Wk*6s{eAHnd3n&ws<
z_fK}MGLJ(1i-U5US`{t*+~xevYnBtW%=n#ha(oJdMpFRMegLx=Dvhr80=A9rm$<cz
zP@tbE;0~W=7!vq5hfCl&KqO4ezdp}p&%A99Gzj#mcqrnUPRDAemGV^lS48n#-JkTl
z4w_iCn^){po)L}U-hHk5#Vy7}&jt`!&EZW;k;ukjne1$e)$KS=i?;pE35klK55d`Z
z)dTR6NcvM^8V;{vp&<vpy}+QL9L`qFpRX)+`!FZM&AAiu+~bzTm2+{~!JoJN9gK7t
zl0jum+%8o0!&<r4pTD^BV*OHq*U7CCP7N-GdwOt(Sl8C$T%ww0E_%6NWih^cx4D#N
z*M0c>sCunIc{!mSbm`8I4a47Ay|C1aoOQQMJl?v|(85YJt`TkjnY-tSMQoa4Y8BdU
z%*nMU_ldz*hJ3;g-GiGUO{n$5H$8#WpJ+I_M<H&zREFYETJG_wsN*JzblJ^A)4koz
zM%_56+ddiywvM72CJQYfW3!<En@fai`Km*1GE2>uWTT%XB{_zh4M3@ya4AcLKf*S^
z8Ip^&{8??e$4&7i8sWN`B3V^?d*+aftD(S?AYM_cCcUr4h}n1N&raOi34p+u?Cguh
z^3l);A|weWW!R9JH+&q57?60LEQE@~R$9&BnFp_!i@M}_SPE!Oc&Ho`!Sa#vqy%&u
zje2%<_oQI@(wB+1#>doD^352{M)Rr$GGZY)Fb8z9ipj{mMVJ=O!G5Klk(F|rPTt7%
zFm(+gEV@L8B1;47_6hfiDmFkdWSB2D^c<~`zq+E(-&JVeEl9V-qsJCe3(yO*oLY*9
zV48V2p#qN(J9*d@*e;<<YM<pHH<3)+w5n9dV4-|MLwKlB&D}v;rhQn1r&_Ye=AonA
z=}-5Ld3zi~1#2C%ng$`2V&qklc{K4ya<}TjNf<{FV_3N?jpOjyMRMmQ6r@J-iz}C=
zu;7#7oF`cN`8JF>Z|_|G6M7zed+v@<Mvf0GwK_s-<zT=`qMy!n@#Kh#1q8X>!xU{H
zut1~F8GX<($-d0jL!nyc4Pq=xE=gcywY|OPu!6T}sC3*4HF4mTm6NNiW4BEvojV3;
z`%u^ptA3e#CkOJ#&qDoqup^_<x>Z@Yo8xlpy9txlkKWOe5K=>0X)@i#%eMqJL`Zoy
zm~`+w``v((Bj^pJ(k@KbzQ8jTK$FWU5)5Q(>m8pSh%r=ktA1IztRQr7$70d?aK~(G
z(ibmUP|WTz36?(9o8Fqm#gL`eLOAS$z2<%)bi7&Ah2VRRB^LQ$K5f}8zESn*BL9}w
zw`9Q&^Ia`6)$$7utkn3k+!)hO9xq3CmK}wEs7xW)O1*Ot*`p#oto-b9J#<1{3G?{s
z?@lG>8fYI5V7%d1+i{ELGSuv|ylqiAaKV-6TB5tL9Bfesc4tvQ{UxYelEV`n|Kg!w
z*_i4aEA$cj94ia$lFa3=&sOh^l<G(w{M<7ua#1S@3KL)Cx$3h;{bYZo*y!wJH`FlS
zUiU0}S)K%pTVRRNv#rSI=OOV2HaYjJF1uWah9=FZ3toSHD?8~#CcDUA1R5;Lo4L-y
zW;-f(u#j%n>^Ag%xkvoY0G|dld#%W+jU#rq`%015>eUYDhdx`&OW+Q1nTE4?upkra
z_bg=I{wC`_XC_pMf$>hcX^8=zkH&#Qo$oC^&09Q^7t98;qGrfsRatVhikr(VkGrl_
zLL+Ran=8h(&OoyT2Qm2#&R0xMw3l8$ELF@#6UZJ}1snGA-txKe;7gu1Xz=AWLzP;o
zx`O7=s6vC5b{tj#R`Z`h=U;g5qGPBBfataAW<iUU8l*1rvd>MLT3)6GzK=_y_utnZ
z*27d(Av8<ergD)gdfXGsPMKPj)t&nb=8d|k3*W1KG3<`&jdFMw^KAMX!XUqCYkn<#
zHQ*I@ZUyB*y^&RJ2FD-;zw0+#J@0>veQF@tL?rhdIJ2b^DEXKi?XFr;oE|Q-#<H6z
zq$2(6{|9BxB$&Jx4ZKUw_rC#;Y7a@fd~N<rLVvaA{sdO5=PG!?YlwP9YL!0^u>W}8
ze>aW#g7_bwFP&?Mc8kEUKb#T&4C6m8pq}v8!VICj4E;%mPyZ)A{@c#|k3YSy1pUkW
z$pFVk!&Uz2A9DYHKGEO)Uc?1!gk@tXI+?X;PEVl>*z7eJbdE)i2wh++o6q3=6Sn*N
z9shArB3!pyojeu2gn-=`Ps>{kE;;AXYyUsD{r8LeWCm`-5jZRQU&)t@<#NjW@19_m
zppPYq%g+?s5jOtT!b!E&c|P1fTblmuYFb6Gt|7L7#~m;kqG56|nmkTz|LsZr>)XG8
zH3-Vs`8o|SsLPJ)afrkIw=er$kbVDC*g5?Xl{}$lx1)Fd4%myZJ2V$9sV*2bO4<D;
z1wDW0A`mQ?_D=ZdYG@=`Fu$|{OLXz{+o`{<PujMQjb58i4Jq#qy+PuEhyTyNzH@G7
zcYi~>wDZ<ACKrh=oa%qR)pqeOyUp&hiMgySFDM`WYGC(Sd04QUUTHL*vsYZaSwi+_
zdi6L*cd~Vafb&|d$mA@)@bLA2Jc4TyU+UIEWfiJQzxIV+`}GM$@gkd9yhT$H5yj+K
zxqlim`aC{go+_ZF;dSruH4S`ac3;+iycHj|b3di4E)UNeT|Uj8TP+@3_;T>a?|EGN
z%SiAHZn{HCzVgrPDRTdz&!Nt}`@v<Ee1_)XzmCfyT!fl@YsOl<Cta43BB(#(^8PI!
zOUw`dS`c{&^mW$%eAXk^2F!{RIacg)2FypFn-5q+N;{?hvdtWf6X}Jgs+7AFF`ccN
zY4JNlVAhPmz>@dxL2+*AT%>l+jCo&yj__TmS0w!})6y|`EkOVg16j#CS{dv2PyfdY
z`h8)F5{OI=4u*FuBCAYnrQee#GNG_VB%LXv{(MdU_Bk25U~y0QUSVYd#+lFmJL62Y
znEw;EJhqp5%K6`X@f#6N+P~BE=I?5=<GO9*{u={EVBGnOn3RNY7;o&PF8#5letT7a
zK7_%<zbFpB+H81_?dX4%5Pp4aDly_e`JkLiOhXVneACwt|C^-tM&!zQQpRH;0~zsR
z|3~V7z2HA@?sf=BX-qC7Vf_Wl-(J%MsQ&p2e>b)G^X@^Ks=z;AK1EFuG+6m|@rH&s
z|M@$AtoFbCf=>a6<MS;p1(S<kqUiTuf#KtD+jJbB+hvSK@GiE72!Jge)5BW6aKA)_
zh(BZVxALSVdhV|a236s^7`1);%W^F1@x^zfY9$64#FyCuE-Xu5btG2%y;bhdr*;4K
zU;C>|SA8_TxQZG6ig#&t@G)jrWq@^}C{_-Q*6<<+>7Tjr?;rGu_OEg+M&Y9o-RTl{
zo+ZBo5{P_Omf(MH{_MW*wSo{sB@<<}e`J&29u^jOxPC#B{4a02T#4fr|0_jv5Q=;b
zGyY<T{ogzmP_LDwCZlNClZ?-IJQ*pMZyT%jhJ4k&-FhF~5b1!HD$&2)&;=inzwYSo
zkA<GFd@jzyYAoIw{&bdO<SxFxB-bvV)q6k!s75({SB!XHWU$@b#|I3HkhwH4J3GTR
zI96=+D?g7i)7X!?MGzzjNqX7l%+<dwiGTiA1or3+NWL)?lfWJpBam(jRvj&Y%Ti`<
z>CSYha2kPyGA1aGq5fl*Vj!713D%(evFot@iPg|Y(ruMgM`fdY8We~1;}&bAI#-qk
z_XFQ67RYvXcH@pA$py7UQEO`}v!T-5&V74HM{{DUKYbB?yB^i+e{7_Rw>S?$1y_4T
zta2T^;dVk(B%)$xX++j-XXQaIswC=BFuAO<GOz-jr_wS#RZQ5)_5k!M@B_<IvC5S5
z(I_6Ru<J~-qODQBWTsN7o(aD)QfR3ARSr@rDtX2!MNBHov3P5d*mxjIP4*W5%IgsT
z$$ftwkyZ)^W9y<p*EOX1qpR`_9Gq`)O5Y@Ld1pR}83DR7`W(JE_o)NKpiHKV@&|@Z
z*^t6(18(2c`%0c0v~@8rqTaq0)j}9%b{@G`-)YgrzCl()5FgDcp)oi5$-0$cjc?}%
zfzJ>i<_zaFX9Ey@RUzNo>087FimYT8%bt^G>d(z3L}eR|9baK<>uiy*7#cYk&QY*h
zw47U3AcsYAVYV%i>)oe1NpZZ2fhx=yH(D%)3&J3_vufw<(XF5pjh5Y5F5eEe+WXBv
z!LHq`6#5^Gx`I#T!M_AXM%-m^dyg(%y+;E~VS)wRZ|c18H0Cwyd+545(pzNOn-W>v
z_MctqOJIuIZvQ?2EE-~bQ}cJv{4v51U_QaEd{HT-An#@3$CE<~*R={0!;vDRu#70$
zDJ9z>3LWR@LzubbQg}#kl;84fQL>j}Wh>)&{l{-1WcRTtT|U`FfX;Kye#IV1ie;O_
zgHK|&f=0R9uI;VWcn9P_D%i}u)%N?+92tQlm7k5;+*z^6Tz5Q`Ba`WIMxzHk304%0
z>wD!>sBKI~Wsx{^5h?|75BH=*S<~>oj6kZCS4%@r?4v!n0L&kVuLT!SwX7({H`%qR
z$sFK7F>JZ@1t79yOqGh$EG-~%yVgkQ(ZOt!#=449W(L)G8>UdtO4Cdam`iL9C$$L)
zVk$2d*im4HbZG!(Yww@kIsaF0Ano!T7`YBu{+?Vm$8XgClKGV!uV<7mN9$NeT*W0z
zgN1`>cQF9{r8Wu!hUWhxOnsbtDXjB62^#YGfLXL{wLZQNS@V-%QygB$&RY$8)3c$O
z-mSo4ftD`)J%>%ND3|q+g43ui-D0&Pp20z88gHpMU@{*7N;jG5Z99Q&Le;EskwMTS
zHmfEESCei5E&Uw+C|Zsu>M6SxDD6@13_3k#P3nfz{bHt(D4BR`{pKIo?@5={yJnin
z^JC~=JVI@O=DdePQ1_}rJD7C0;QUGk-_56Zr}6RFXJY=h3bCr{e6eNw)4Gh-5_s)~
z#+}=R&%|-kQV2BaV~+C@9}a2K$Fn)Y3-6VUBELYZ1Qv(&ap<2Q+a4(}m=$Mh|JY~I
zRXb3<_*}X7kb%Awrz4{X`Mv;yk)3bUHShiL;pMoK(XYVShw(b;<x65_>+>i&_nD%l
zyyK|}fla-tXnJ$7p;B45`V6Mlrk`P4*T9N~i$BBBei4-i8<4+$Q$3<ZQSL+*eP&W<
zWt>yK4D3n5W;?h85?<&lE8E_7QM+T-{{PNcN>$f@9ItexpdqB0y)hIxgU}dlzVgo2
z$rL&=8!d?iu6kyD-=q`|fVF~QV}L&W#SUNw!9sQhWAnX|A328;c3yiQ6aZ7c*20#g
zmsfBmJdc6}w#Q6kZN|{FH@bq!r3CSTzhMJ>+70wzosZ&_$)ej5clGDxLO64qnTu=T
zDI`7W=y<$lH_Od&kT{rG#l&@hOL>-!N{sGtz+s=V4J`v~(V5B7Q6ph!@ftU#ehH|Z
zq5zsYaIHGJy=o6l^CGxBKkFUk__meWqho=mSu%^GR8eNM-nLi-Fb{`$in5j}(_MAY
zF6sOU%ix(Q0^dk|@U{(;`ru(RvV(DrY;*E8uloisS9`%vyw)$pS5aW56m`BsK24$3
z?h(2%C#WMhqi><|`}@r!XoKcjmQ?}^lIv|_qZ5^clU2WV$dhOU@!bwh61ja{WJ}@U
ztcEq;9w#@82kTmipQZ6-1eup!5u{qLK<QKyE*E__2C>vrZI;N_S66<dtCc`Q#ma<V
zSW%H_O*&|&p+@X%R{6R&<Ic5ziMHF3Z`he^(FgObAUvlZ;ccy?$GVn!oPEOfz<trk
z2&OModm8(I6EqP}fCB^4W{>gQ=0kafOj|8YrI%MX2rLfffFkS(o~>-orO3d$cK&56
zPYs$|fzuQT8(p}X2A1dHP8d+Kh>enF%aOy(X&sl4Fk~F@@ph=kX%oqLZ=w27T8oti
z7*hS+X5v!Lf)Qw1wVhUrxny3kjM!!=>2gJvZ@O>ia$|AIYf*Ua6h;q?H*fWW4lV0`
zD(~Z`K3nt_Grg$20<EzFixS%OqB(c7G6k+6gJy-t7V652{mh*K&KHSnymM-08DnB%
z=s>Z`v$V=7&a5oNrXqX5u%CV7fv#wt%YmvNmpKIji{PYs<7|W<Z$BfeB)CT8zQZ-<
zuY1wA`EI;ws>a!UYedxaHc(eJNAq@6NT7w-Fy>o8AazFNQeIBVeXxc^acQq#mfr8S
zuP0rTTa!y0i<M*R*)%bpL%%o!?R0brbUoSiSyh<b_)#s~<W+)%o#x>9`z=MG?I(NV
z7BRF8A+GU3%Doj>d_U>e;`rzBxSuYM$h_3JOU;@-6o&O=UnsXxdo$fGHDN}Yp0%FY
zgM@N8FL)qNNdc`>{M<PEhkuyDZRe^iB<9_IU(vj2shmpQo7=!0<RgJ?xGo#(N<Ie7
zbYqI8a&zPE^-mZ6?Pp)Cc0!QCdpnlvQkS9+$rY&Ens{Gbb~HiPNAkVQ*kY(&adEK`
zGDlCfJm)EN`?6d8=<d7g(?);~@lmfkZu(pc2G-L9s2JAB7<0qs`Yj<E$&a6ybrNtD
z=X0w}dAxwUkg=|hc{D0ZBR{G4M`{7)!B_LQ1fe$v^-1Xz<L(xecR1u|<Y&*M#k<KO
zd*$f$^4<!``NVuRI9n=t(tskNwrN?t3|*kF@5U_J$3Pr<o3u-~joKd`tX0PD`UXrY
z+tf3qhe*AC42|Eq^XXn!dn7Tl_Tq+3gFoK(QieKQj+At-&1H4c(Ro4$y3D#lh@N|;
zznA@GcePRX@icEz{cTs?st^|gWtr>6d~~W|3fH4jwNh`4GUL1cv@SoDPGeFM%{^H3
zFQFkhP5An1?K=IpMyS&w*6fs{uia)`C9AGv{)Bl9t!2yY=*_4|<IxI>hMzYNl>D5!
zRICl1K1{LjGYCjxJrwzW|J=s8EU+hn2p*a6Nb~q|U;u!fgfVTI$(qQ4U4{agmDKvr
z7u3TBvj(#bkC0Ym9+~AlnOfOt16f)x%#k^%+=I5SdQ&8}qHnZChK1p8T`4M+_t9wO
z2~xY#BgC)NEw~2}OiM_(rv((2E5n7lU6pcmi0AV1Q8$RT-tn24nQZ}|EmM>HS6Avf
zUcP!hIasz{HCks?ckIe$z9Y>lK89DbKP9W}Fy+N@MhBXm*b6CbwLkw{#R)5$Mqh@e
zg?gV@u+olJY6-`KzQc*FQ14^050tA{$kXI_^b!f|T(jvCJonPA6>UjGYbf}g<ao0L
znZUo{D=P+|<?5SS&i1i_9WW9^-h$FaGA@8rvZ!e97v6$`FhzFnk7RJ$k_4iH>H5yY
z1D~Jiw$nKBOUT1$Mg!+jN6Wq5=`C*^XY;Ql;?P-pMVXNoym{Mm^5J$jJgN<{R=W8f
zg|g}z+>)BXydUM9fxmZz*$-``GCp1lyynOy`u~0@;C(3#TpM2X84j)k@5S=V0gl*&
z!66xL{v8*JZk#$5&0A2=!5edK4LSi?0Nc)5`Ao@Rvcoa3k7lBg3TcgD{c-7z%M}?W
zt}UQ|H~_|&mr7nwf4PCrr(gfh<0pSac=*g_OY*14$UC?o#I)EP7En(wK32aB9n4aD
zvD|rgwQr}hSg|c>-2E6{eaGd%FSAxo0f!yo`C!Wlao>mJ>g!!ClMc@l%1>;m9j#MM
zII|!*4W@j<!X|lt6a7w0fdWq~<|MCAVa#zx8od`qKr7QO=(!%Y&04NBkxk{b<I{P%
zs!;}?j(mCCuXy(0j!T99^@9dA4P9n#v`g`v(C*3JWqs1zHdGbxP>@gLqs{pmk_eT`
znP$u!%X1r23{P?d6j&u&X#2{zyHQu2nBD!Oav^o*>W?Kk+7fU&<bXbj?d#@lK{i*N
zIH$T2`>jA$BDw~+Q{+kn*diUz!jq(rGcrVDLl%E%w>L+H_jYLb-;3Vti@UzHd@5$g
zRJQRhKWws@OZv^_fBAV8`ld|qwj#ml9Q!O*7u7PDievcRbikf&6eNy2jhbTbZ-zBC
zK5T1mSDA`yfqe^)U73SfkGlaY89FmC@5oM*fff7Ky>m8KLOl;+R#XlZyaENvk}9B<
zkOi}WSdH2nvk#qH_a?mQUYl;ofo_dx;0ck5%U4L0O8fBPW9OK7heA-Pl)0?O7PS0`
zu>rLVCF3x?PZw3(YD_e@9>kiKbvi$o7#mBU?76E|ZO3y#U-^mArJn|ewxWJ_$+*`D
z%>XU#usW&+QY&M26l%2b1EJNC`T$<_c6a5upC+%@aXDhAFQ~|);^e9Yu<bV5FZiia
z1{D;f12$VW2aOb;Wk1tp;DzWdE@BUQ9Ovg~7S<C-&~1a}4e2uLd1=rni!t5+etNLs
z&KTcu&LJoxu4<)Pma6jCj*yH3Bk~!PO%2Qn5Bt)p!85FUk-5)93KDf6WLYZY))2*^
zp#4({?KxEOqri`|<by71F>L}`i0ow%NbD0Ga$Zh2?tcE2W9C0O`vkC!9$oQepIQdC
zGwf0s%yB1}Xx`&S?f5Q!y(yScq;S0gF-WMIe(&*&?3ht5r6|p{5QR+ttr>d4*~(ax
zdgEx7`l!w6GkQ9;jEc%Nc!M@m7TO(@&B5ogCg7ARC1^s>s4(VdS>0?P4)wp4+5zlo
zEi(s4$`tZxkm&KzFQvrJvl+a5v(33%@dOtQPDfG+WNtcHzhbU{`a#8cqyi9+tjAO3
zd?m8xC}YB-?Ib6oQZGaI#FZuozqzSZq`QjID)BR|=V@AT-`wP8nwA*M&VZA(wJevm
zdhbz{<OX3s|JPM1{Uw871BU&IBBJI%E>>i_1zwAD3o3oHSF@rhR!rX;7MO$Jb%|9F
zDaT5`^_}YM#D-MRxP&)VFTZk)Z*lyHm|m|Mf!c)3QeFsa1|IC=Av&nj<86Aox+^56
z7h^dI#f8{Sx<3Ic{zf;=8w3>`<^$3nMA7|5LZ>qZ2X3PrWm_kQn22+io=K)x@;YVK
zYMzPNkf+uIufCpliMeUl;FVf_@#wsZf7Rk}$Hsw&t)Fyf6L=AEQU!G}&H)=&#buzJ
zU(V;dmyusbD%rYyZch#J-DJBLQ16+CCC__^w@SUkCl~V2tS$&i6MEvGu?D2xgzrd-
z(^gSsZNPYb>jQBQ|GL0p|2zw)KVj|&=7?EFV80%xhtVgta^qp7&?}lsursi>y295o
zc0+0eySyC4&NDRCQPS~g%gW<r-O2H<wTz0NmPpC^Q6#hg)Gj9|pHK2wGRsU<)w#7Y
zL1%;KDU0*&QjJVq%*LZmyCs(mL7eLEHB&78^+qvzEM?<|+^g05<Ie0xTQeWDUmJiy
zEAB@-2k~u`n?r{(ow(2NlD3`NP!JB+2Uq<)Oygs=9_f9Dl5<&RG`|qVAzvM3G8G6W
z<5HRCrF9YVWAu}q^egzNSYr8*w<6terJb{AS1IWm<k_^Ta%z#l=P?zTD5eKANK52T
zvT1w!?^Br(c`1$q&ci+wqpi^&nMlh$5|>@dCvKYdD)FgiGejV5q9?5GF`f`P>kGsT
zW<4t7uy`1B>t5tniw0-UhOT#*h=1L|eR@OT^LAH6j?{bmO1v=g3e;gEu<v%TvFJ3I
zFfEM#u0<#HUd2@b!CJ>9Aax}Ukev*_po~<Qt#*V|ysEo+T|riQd%h>;nJ?5Ss_+J4
zGWv=?Ee{Rof|8w@o=$aI9o2?hde8xc*tw&p!)nNDwkzT+tuwNd7_ez*lOWOkzTD?I
zUh%@tPQlzH$8NU$dOa4H6EO&+sg@%z_dh=sz3(4v8_>JEGD4#jILI(N$?3GBNfJ7>
zbu~o(_RvrG?)sV15Aq(*qunTrybAT6mIyk<4Bn_mBO@bj3i?S8a<z&j!N^u#?jhEO
zdx)pp_t)x;PYb6<RBE7}Ly-5EhS_^&uJ<aDaE(s57z8-2icZ)jZg>mMvRvin{SK6Y
z<MK0i&8Y<Ey`I?1IWx(4BTjaoI94tFf1JH_RFzxTHm(R#3L6j*X_1x?>2B$UO^4D*
zhcs>k0cin|mX_{rL{dQM?(W)jd~18o^ZmyAJ?A;+d4FU0hXWY*zW064wbq>1yykUv
z4&F(Q*0ZQfE04W?6O2@}hhA@oznAE?Rnn1Z(lb)}X4eMbI53-&${Q#{b>bh}m2QzQ
z3;x&Yp7NmzE3TTGYt*B|jg#@FE>!Ysy%b+V?EX?POfYR6db+vxYxk>}hp!8ABG+!e
z=k~?<$Jxvtt&O;&z;o{i=5WDBf*pCDNf`5Qi}wALtc4}MQSSNP87;0Xcv7NE6qlP=
zcb%QQ3(GjPqU{Rp?y^E8IYR@(G9c+ex7+8{>ymJ`>~Rj=?3rq~Fgbd^4O1gknTfR4
zk$HJmdN9#yQo6dPTvdyN^F}0JL)I(Ss{~|1YDSDH+AH~189E)Jmp=>j_<&$^y$}fz
z*Ul@ZM(h$90@~ZS6#w~O;BBPq9oT12*yDZn{5_3iBo@RGOZ7;MJzkn`sh5koB6NaX
zCGG3QP92n7QmPt<O41xg(8|zwGUHL|WT9WpidJ8|o}9m6`_l1EX9QRD&t+`AK8C&4
z+kv0nH(pf|w9h?n#SuJG@?nY)(UkJTVVi#x3h7W?@^z2`Stg*{M1nFy-v8~>^vy>+
z4t|Wf<lW62Xhl+X_NBb8C_0>)f~FyBn0~e?bhK=K2~Ydhfz%;Bw-IIeJX6&XmgQH7
zPQ%r)k^ni*W2X>@_;=M1bR#@eEKdbHrbrsa<os5<Yt^O>Y{eBINLAP@eGfhLK?<1C
zzxv?DW!QX+lmTzmrU9-2zp-{@1iHs>sv<%@-^A)V1QDz^?6(_kLsrGf3mk>Uc(V9N
zGKB;$_g>LM3+uJb&byVvdw1xzOZ#n<=kWDmgmYpMXB&(~vI5RUVI(|q1kAc?hw<EQ
z0|~4>Ig1L%6<=z7@!!O`PiB-yz993Gn{5Knti~+*jB;wU5WN#@6ikxmC9iXBc-QB(
zHoAj(zgW+HmTk!?^-^PL()P0i+bL3!-s<%2;YruW<NbDM^?e%5&~S#TJUy9ucH=IG
zA|s-PP&}VN)?z*49KF=U5RDxT$Cw^<6zUHQd5J~&tM7{@C@`^1T=UxZ7gJnpsP^qM
zmvVS8sdcV?!K7gy>XZuQx>VTeb!d6ATIFU)TUevA`mY<q$T%c()r(TgzIpBc>LA;%
zqC1TI+kLBz^|sH6uw0|CvfB>68zactKtMf3!qP`e31D@%o2muG(IZ_>Bm%Uwxt|q4
z#k-0JD{^#io+?8nQ|17SqA|dR8PDrMr}Lc5eNAM%$~Hx39B7p5qSqa8dO~vd!GP@O
zDu^HkhY|umsUBu=sy2b?x;LXQiI1E?xis=}px(_9pJ30L>DD1g)Bg;hIe>>R-CXZJ
zuWBUdzy`Qp)JTC&Po?$b5)Abmg`<r&*;NJ1)1-2F&3ZZp{zy&|s-HdG$IAejzm2E_
zyQ#@FctPu|p(6^q?&~Jq4a>@2oeWE0ZoMNqa8rfH?H~h}U63Jx%hm;-QKvFrH?K88
z^fl5b>l4~@^Q4QGzGqO{^u16#q#`!_#SHJ!S{3@7k7V<a<y58CVGe{pxXawga#B_2
z@V#NsAY5uN#jYO%z=h7Qk>5;OT2Ufv>ldOUdUOOLA4z=$2VlQsC~?m%e9kh5Wrk9t
z#k&?085XIS^*_1L>M4$V=cZJbOd6MTn#y&)>p@(+_P?t=Z~N*~L9Cd;M~Vd-73+N@
zbMi=i8FP7tgHiZ|`S~?wbnxi??(bH|jqeU-&Y4us)e6=61Skn}7e~KMGj4w7FL4UR
z>ayteyKqj#b&XL+Dx$sq%tAYKDUKmI<?pbcxnQh08uqaOS^tgl9Lf{9zpILck-i7M
zZStT1S-m+D04JbUp@rfymKUmbUp{RhXh$yoke{WPQmD%*xEFK@NX|+Naly-LCFu@}
z_qo>U5hgnbzoJqT*%-b7;mLz{s7;h;-%ITmCAZuB<wh!fZoDcn>`&fXj{_>VX26I}
zsc{fiPJo<b;4AzZO-v6wSD<yN4O#<P{+tNAql&;y0nzOW>q*X(chF*!cgwHZ1H(iv
zD@}R`pya`u#NS*8v*Zu<zFob0v{F28DOmZMx^ZJ|v?%3hYg{(C8CVh7eoRg-oGfMY
znfG4>N|xVkyo9U2qvKsu+BuvZ^sp=sDt4?N5*m1x@L#*mcuo`>y+bI<UtjI|)WlSH
z+ogq%)R1qHlpWJg%mh42!&xXC+Ki%RZj7G%sbIR=S;_*H)LoK*L0wVwAu5mk^y^%<
zogX&bW+<l>uZ@)XT@Hp1aqD~TQv<{0nAeky^6%+7TBu%Np-wxgy!^-y)TUL+G|~#w
zi@}x-bH#IW^R{5=USJLxcH}p`jP$%8&}=1Mr}0sZS^sXH(t8V$T0WW_$ou|0$a{+y
zWy?X-dDIFu4la4R3Om-rx&pJZonMC&jIUFvBE_k{spv?NE;E>lvfpLg5zUqlltddQ
zgNjy|%isI;umJl0>hXU*cqm|NG;_OTflX&W%<uFXJUk~G95n~#Do`A|J@+ek%K(@F
z9j~y81(b6E_Zb9iMPRkOwB&j}Q$xWzD~3T`=6H9O<;{#+0J9mst9-(742H;Q&^A8_
zn{i-9R^>1fEm~4U$RGQ}G0mPYcQ#PBKLDi=`c%>ut{*RC%k|Im1ts)X;jYBh*cXu^
zDPX-(F}GpsQz!6s-t&Cj6(MwrfpT7VkBon;5-SgHbgreSuJ!$+6}q9aRRilDg@oe@
zER@ytJ&^uf415u}1C4u!ifu_-3fyILf5zXq_!COp{l9yFS^D1n*38QPn+U(~Cam<W
zojUsXUL{?cLwYuunRw;((0GE2^<#86uJLU9oznU2P7E6QJ&crQM#|K9{<Ec9B5Q*H
z1j~tN`GzdoBSn+#r#rI|G^A-aJMSg{L<*6<>jCEkrPdMJin-yGYop%U#jtv%%IhU;
zGcvx&Sh%c*GT|Fok~9Cj@p|44I7mVUW6bEp46gS0%}5I6(7t_S_;$*igA2{gkejWP
zrP&=@)Oxa&g8H>Mid5~iOL~*5r|E<w;x)c0PFHN6emw@Gma>2Bk=!(%mGrJ@sBt8Q
z5RaOFs`1~wdJq+`1#tjTLVOO1IAJT<&B0gzqEyS(9siM9+@vj`an0>YgwxZF&$zU1
zmOOHmz_#p|qm=4v;MLpN88OpfJK|Pgt(eR&EqL)m5P80b1^Xjlm3IR1abVY7=d4B5
zR`NkNpLCCAFP`7+13-M05p-}OkY9lHekFztk7X>XX9Lf4thD8T-aMobi!hxFts|&7
z5dtRWCJTJeaLw83eSlFFwaP;a9g@dvfn5>pU<_o|i%YfXB%p>1M!2Hh<c$p~@aZRl
zg8HLo-X#2=3tI)kqHe$t%X!407dt%e*t0=<SH$29<6;WvT4c3-@iN|-;^B?f{&HpE
z<B{7I8y=N^l&(_ynn>@mtz=O}Fg4NGEGhbX3KM2|cf<iW56ECpFX~)RnV>o_P0n2B
zvJ;*9EuecwpiZn-qvgTz@4AT93*${3C%yI3K5g;<W$2Z4&!g*~vuyL-tMmu%OOYK;
zs;}BZ25ju?ET38e*e4(9in>jEB<DmzVop6v9G&QmMy_X*SC!mU313<&(f!TfTxg6(
zJXdu1sP(6t9ia?tRH_}(mTUTg43pvR+(M><lq*zuJWuMsS=)#g{8Hr47fgqE!Fd(Y
z%|2jPNJ1(CW<rX0@40H%Isb^~kOkVGI{k1(K_c3qprF#%XKZI0{%%Jxr2wA>T1~vc
z>T@Wt`+l4*U4CVt)=hH2?3#SbAxg4T<*4nuNSN3Z@vpl0YR1n)x7sch0j8XPUJVEH
zBO<jf+n*GFmn>(WpSk0exE<GVdo}_Sg{7Uki;Yx7o1M-3GFvdfxr;is6F$1?kCDV?
z^5OEJ$0r6)cg7RUHVG{cLl4DulViY!uNqupcS%I8rkjc!EOpI#LbEr3|CJnVaje1P
zjYUqY_+uvvP+`GyK&^u&n)p~Q2N4A*?%45yFBYvTEQh1f97C2?R=S_}3sQTyT)3!N
zOqbO}Gw7*sURBB~7?Z^wS5-vfS`N-I&nIhN`t)SV`MX*;*$D91Z)N143D$=xK5*q>
z*%PJH^D}u0^3Z(!1{F-+=g*&SGrNt2^H47xXef@MLelSRO6WtJD2;mQH^4?u_0vF9
zseSzc77WTQ%C4b?RmQ{+9pfK>X?At%q}1{{3EJ@CvYLy<*r|A-&{UnFC*4{beX5I0
zt6YXH+Aulj?=U(5-+jPCWPF#sW@E_lh(eXVt7{{CMG>UM1z3n~{U_7jcyvDoFhLnF
z`<3Hmn-n;w{9n)1Ygtzc8L#-jiZoz^$efS~*DMD0+|JpXYZ!*Is`Sc_I4U669^dCH
zKQ8EXzIFn!6e%_V9Y3cs43ro`i~)wdN9V^%76mjDkyJ01T2RS<rrs)8?*7D-H<_oL
zE-486eVQ+Zk9AI*EbNh83SI6|Ew`)6W0CScL1@5kO;+`9{(N75mX%Q{Jv@pr>e!zw
zz`(CF<5|wz=%#TibpeG?H)8kE#W#S-#+vE;u4IcE6v&f#opa?rv(D@b#y>-K$96yF
zm=HYK_9)VIotG#zyyhq3n3xIeJ>pr8|D;l);Rb_u@2AsdhB)kY_wiHetlCDtt2>-h
z%B9hWyqiQU<LN)(pj+b_!%UbhZumIhjcI2t(Wacbky~bSj}{CXPDaQWP*qnBF+1KZ
zTV4zoRO-*VOzm!UcxKH2N38y8`6&J+$Ze{FQVnQyQr!=3#OjWAJm4TfDhi0_h~DAI
z?It9y>dx1*5OF^7osf1AivpzSSrIqet507x(9BW|zw0e8E-ZCb(yQd@)_Yc%1bCM8
zT%2Uv9j7?|14bdtjec5(x?n3fIQkn1W8{gWd<35g;)Fp#*0g+mu@k!#{b0HY2ub@O
z+!^EC3R`KCaf%U2wg=l)JIwmd8$*#G=@$vMSn0h`MHFm3+9>*HU8q&mi#sL^O^OvB
zK$Lzx9H6U;(D6dOI>0$!;<3A06%t}>`4MLqj26S?IcArmQ<RKI1N4CYoWrP|n-ST~
z=^{1}|Ecp}w71t$<csBj9_GQ_a8f=Rgc9qfCnD2B#Kv&V%cGU+iwo%@{f47JjUp|k
z-4G%woyw)zx8J9P1*_Sa!1P3K$*NPFpx2JdC{zEiRjUw9=TN`UoAkj9X}sl~Ai9Ro
ze`x_6XJIi~I{S;!_<Wv3uTOSApttx{nhBaSV)||-5jq|a%rHbAllJ-N7lo5&V>~M(
zzvwO_lsH6YRMO<Q+2xbjl})|5zFD!zMl;aE`Dmq8CdHX1e5<XxLcTk&P3j%t5t7qx
zyH^4mO_L>R3)we4m1h<X478(G(+Y`SntO;~ggbB0Ts@9|crbfj!J!CCC~o^8(cEwJ
zl(ALrq8lWbgi_562MkyX%=fs#wt(UHK>R(Tm@L##C$s*g<YGb=Ln-?SlZ5Dww5HhI
zN-L@g#^|VDR#lx-cYfiwvOcgM^(xSj8tle5k(K;ZU;na!1Uo{Wf+Q~XA2tb$;6HQz
zMKpGwe9Zc_Ip@>jWIliDJzqO3a3<Db<1?rs?4D#*RIDwgYb%7={gJscLBm&aV4$y>
zrrBik>g0wQWL2NiUxar9EidDEj36}BEXRHUC;-6RxA*)HZq7%s5n_LH1)3=Or=FUj
zKEMN)S5ZafqplZx_#n3FQe7tJCl8nziw1B8;kc7%0;u^@cL;TLOnc8IARmjsR^@QE
z3|(tXs0X`JnAaDQmXK2`K!_=|nbyYtxE_r_W8=AOcQE>wKvGuuy4dp)hdAyTK{nKn
zn}mH0A65)mpKEc716nS%3Y$ll-}b=`D%N!wr4t-(g>v1kYklf_GFGySsjryGO*!j%
zSm6mqGAE|<UWAi%k8dl$)-a3!hPx@RS2e$i?Z^ik1tY6Z&61oy&6u}O-OLB<!V~>3
zh71bp2dKj?FJ@<BiJqITHS&yi7_NRMdc)r2vNfj6QzMXCcX}4xB`BfaIkYnINhQ_P
zO^eH_VQac{)Ww{GcqDp-kUi>0gI1~M#G^@m1@eq$Mkg3_oy{bAtU4vp%LNLfb4|o(
zx@a;m<MGPz&F%jUV~99^@JD)lE0S=4&_M3~SKV?`GWIp~X<$O8&rr_%9+*7K2%H2|
zSW^crcXz5SFTk5_>DBi^cYq1vN#XR1@E%oJsI0<+pf3Olp?tc?Bu{L$T6naDcQEjw
zqV%S^uDa$Y&23_uzt1af2cVxawjFS#tn2^osiL43;hwTkS9lrvgxLlX?vH}5YVu=7
zTQth|unPi`TFBl0=X&6vA1Io=(`}KRDCpmNve*$`C%8CwygeDcIf7Xj;W1JPEzr*N
zH|~s0N@B8S_;JrqPwGWDsrr1C;7BWr*W6J!Fx;XijOEX!-L$Vy;j&G3S|5-gKYrjU
zLUFWJb_W5dCVzkO{JH8%e~K+}BX-<7CgOYKK5dd`ca`L@gx{k4dN5V#nHdst&kelq
zC7>DT*yHj`LSU&SfGpa<r2of@AM=3qwCQPgc?xU+jDb<8&GMy@4eg$2ph~sx_l}Ou
z^Q{%3l~aJ;*GxFphPV891~p5&>^13D->sb7`N?d4ILym#(Jek+#&^T(XXI2<mlPes
zNPj3~K+zFST1BcAS89@RD4+D?Btv_&ovEaE@u=m5H&aS<o!iZ4Taw42H7@i-Cbtn)
zn?2G=eO3%pgL}dx+n;Er5#q)tXw+(U?hZtNwzWgFa$W*4<sjM^v?_mN6O(SxBQ;)@
zG3y|~5dK|@pl8}Xl|}NGXkK@23rTkr#dk|Hq3TjzxGZ5D?VJ#E^Pw>6^YE}v^;5#8
zsft#imhBAWNHFns*FV*_J)?4)iml#E+fdIC4N@(gw|k$Fx7&GYl4BV+fMf*icr=`8
zGAvV@XSegH(nU2A=M88oDC{&|kWHW1FA9#><VPC!RsKy&5s|LYz@F{aGoq{Kb)|<3
zJVia;J>f;Oy@+r@0XP?P`ilmtbyVz5D(sW0o{zhlMr$4i&S?;AR`FMq+^!;0&%H1G
zJYz|b9&%f5&o(Jy)>62i1EYz9<ubChnT9%DM>xlTZjc_uPd0P~O)w}JjS%{jCo#45
z2*LO^nxjf9vL->b<x7D|xhts5%w#^xjL@z^ihaTzM%iL?FX37>OD^(chBz<W4Wr%;
z5@tNA>lg~$<)rz-Q^PGR>dFrv>UOxpYh?nW%K=au<FCZ2Bv>`&5R65HR`PQgy6R8$
z+$+$3wA7>raQS8_z}eb3RG>3z-3f6qQjm*hm+p<+wpslVfJnj%HAbubas8s7YN?R7
z*UuCYoLLMus`Tm4e$Fo(ooVps*{-^g$CN3o?bhc%1xJYmC84f<dpP+n!(@RDmvd5K
z<kFHc)PoxxTF2wK^3_i3#xCK8d)0~jPSUG2F=c7HgN;$epkuXa$?9V!O;!T};4!et
zl|RaCQymc5*I4w<`|66^XANpA)K`<9Ajom@O=6~$+r8eW?7f3RXl|*pb@NT}b9pw=
z2X5+W3x$juPo$$hEH9sUp)OCu&%S+r&vpw0=t}TNUJ=$nVbB_Jn>I@Wd*^ZRK;3RV
zt-4xZAEnq`*-yAL$3CaZ(sFXqUKc0bd#Pe3b+H$M(a!=@IJNvG84Hp<HaTCbAeE=r
z<{m8fNINd)I*Rs=#^jCEs*{_0SG8UWBT4wZ9o!6b9;@Q~$|SHkG=QaRz(89x8@)EF
z1HPPBa)PF8A+%4=?p8vHW4PQ@ZI8BIYU2s@PHnlV?~%oXuyk#GcKU|f!ByWhn}D@X
zBt{Rn`_RK2jfVGRW4GZK?I02tydwC;{+72OjFgSee`@HnKC(>$5BL^b@#%@c)mtWF
z&^tp%9|jaGj|{!K<AV<JraW__-HDM^w+JK_Ue|RVoGwUca@5bDe!Ch=AieA&+l{AN
z5Pfvy)RZd;boHYjP#=64M8dM7lQO_h^g14QSM>sa)>wMxyaQ;K8fj^m$dA)N(S4j3
z(zT>Gu5|j@<>fX$meze@&Y^`Sumro?Ly4~>f99%NZP&YOs1;%@R+|Kui9YNPGrZ=s
z9MbImYUf~Api}uejsVkrrOex<HvGGD7&To>zq9ty8(2ah)>9y4MpkjxSb9}(J3}q*
z<H70@ii1iG+C(O|vvuFbw6sImYWL-Sr2SrQ)|AGKWnSxx_GKQt2{_~DS8=qCOL3W2
zOU?UuEe}q#+bxXRd$~?D!h(-Qhl!qNF)HsES2YTo1I2G>E$L*rMfyGRXKFwwootkJ
zuw_EJB15B>Kh>AVRR3ganzn9WigXpJ*LGup5&Z!*5~Ax|600U!FawV&@5JnQ0}`b1
zx|8ll6@nz4eL5F;-(!_`G}JRZUdrd_QTG4BTPW<B9C*SdBl>)yuJsF4Kk6L5(ZdN(
zG77}t@mlI6dQs|1tt3R7`q3#zL)|halrRMSmC)CbOVW+Fs<~#Pv%@)@E+wCPN<+9P
z`V!k8N}B!-ONEdk16Y6tAWq6zf^Im>i5u#Y?Kp1NXE2Akw+)6r%1ANlwXL4~?oF>w
z&6%O19|5wJlZK5Em1I~a?E~Mk(ay+pr_*+M8S$e%D(t!n5*e+k52r9>DGGC>;?AwH
z#`JQlS%r_5qmj9wI0JG`43OPS-9Z(G5e613A1&I8%AGRnbjf#*1{PXZK9<nRYIruZ
zb1HIUi7q)?z2p6;Ta$)S<lMf@`neK|3|gqfpgY=Dz(-2>CRGSfUgkDj0m<5Yv^H1f
zYk<?9VJ)I9eE^Vlb10|R-VyfFF6fu@DDs?Al8onTHKFMqLRz^V;gR@$j22V!#f^&A
z*s+wNjm}f3#ZAZ<=f*^d7kbq3LoiZU1UXUv#nyyab^GK{ZM<e-$h5_12_gfz$$_)Q
zx3Z-<Lj0PJCk%D$WAhHbAKe#YCm6)+G5WjKhA=Xk@X~PINx=ZHoPXvK-ohCy(4(HG
z(Y4ftcSZ0fl?ekRwVA8B%5U~Cj@yI8Yk(F}E~_o}TGkxaF+wNU=lZbBMbj5^456Y4
zWHJX<0lxHth{G~EPbW3nS-q7DylNwAr6R|VL))4<VWfSZGG|$0qQ+^bCxU~+qbi}5
zF{Lq!CKtZ!<0TaCtxh%0<q<;SqMwyJ#f%R*k^g{zAMX;GJMw0TS&bHIh<<{K<x>4@
zB?-T2Yqj@!ToFdG1rX#UTn5=P8T=>n<(+JLK~G1?yP{Fn11gFcX=QZl_={xH--jA^
z^d-qWu-xTck4s7U2R_7GWQ>$sDEbdv*R`YoOl{j9aDD>dHEz6f#uxq-EjMUUuLf4+
z6PCtd{Tr;ID-ZR>=&cF@cEME>sg=^yq;rbe^rWrvB(~w3$dRL;P;{0Iwe_W%a;4QX
zjI!TrPh~z&#2v4BB9GqS(vy>@YsRP6W)&RGnjZLy!DTv|qWebn5tfLWNC9ER<~Qez
zFO1!Xf45|Q^YtWRzzyH~^>vjQMSs4@ADF+o09`fA3_$*|2_@xql0u*ls@dMmcBiGX
zsnHdA;T<4z5T*TDYv!1vo1GSjYrU=A_#$^G=gD$jY*_)f)r~Sw`C;IYjjF8LQBz=m
zW%;&RG-(DaRW~zQofwit#I4cD$F9G|O#ZGF`@2iqgr+nn0gFwh1H>@rChm_ppxZG3
z3QfIH(6BPe#)w?B#mLNWvSuYmk9g~YtgSz;CKDSPCEsL?$mdnk)X;N=YiozhHT1e^
zqlaURGs&a8Hcxtz)h}XRjnd~RmDRHgRy8gqcE+ebA2}OU3Ry~HrIKW350FMOdeZFt
zB*adO<L{WI2;Ql1D(;u&U{L8JXEf(2?TT?KAkM94if>y(KBpid3nNkD&GF*0iE8`}
zIr5KRK{Ao)_R`+PCdWT;l~^b3wn3~w;Sk7||DX2+l;>{K?=cKrM1&%s3*jGl;7Tjm
zw{AxWcOqAZ`GrK_|2=UQ{8pU)Hby<&-hgTpQW0H)*f<m7odx0`Juq$S^j~3>rU*e?
z35PlFp9&RRIyIyc<~<o{g-@y*O}O+q+lu%bF?1R2ue^{R;JR?i{=;ei?_unX6X@)v
z=)gu=e<YszF4o`#^ZDOxS%2B66&6PaR471072<VO4_j+{_3Gb0=O2H9f*0rvBNSsN
z6U;Y5C#}b5)cXAH9}s|l&&nUmzXg(yJek+&@1Q2Ut`g@fuRQ+olmFj8P=fsNwjBMi
z^iif6_!a-x4>gh&0;q*cOCu^sH<=lgLilc%{<AOhK{PiZZQcH-weWAx*cDvvoD8EL
zi+rT)9hUx#Ep9U9KUB2;wkg0`A0zJR54vNK!mbd86;`Pp?w-tC=bKm$feyU?_bL4S
zLIXtPmwIz3s4N+uv44R*`svh;gl)(JSNsO6cCvqf`2Oej<CdlPO-14*O^ZZgF|&O-
zvT_fW6jjHgievS^`<AfB3SU%~yCpo4TbxsnSTO2+6L_BDgH`4#f&85Ke|0T7B;=Rs
zbKfDM*(mzXn;djVgVB0Ven0ZPC&jNWG`s>gt7(b6|8cqg$&!IBh%|3us?NnsT&wL@
zXTU;R+txBzDOhcO$RlFwmuNG8XHD3P9(*IAe~;<E{z<bIlBvOG#J5aL(#jA0y;3M1
zBma1ph*T6fXG-<ozD|h!zpnFG@NA6YcWer;{c)Y2TBUdYEs*|0-~~#8>u`TU(We%_
ziWP-H+4~fa|A6_w+(KFrQGh{je{qffZx{3jy4z(eBzYiSmwvD2<~;p(k9qyat$%Nv
z)_+{^b^o2P<p1u9UrupZFIr20_>Y1OkR3pz7WlJuiBwd#ap^|>__8m(;&{0KyKf77
zNMm^H|4MyM0=4K{0Q@MMmEt}0HdYd{)E6l{R&0mDMTv8^(tpkw{(MJsF>l8S!_;Af
zB=vtV`LpX)7}{yWl;+e!ikJhyL;zTAzhA6o^#lpkf46-IKmGlUpYF9fgH|ZzqgVUa
ztDixF^x^jHLkiG4d#Edi1#<Gg=cWGZx3AGYd(CSSxc+L9mA{8^=k*R28KM^pdo27r
za0y|--<d!D&t?4|&qQGe@{dNlr<nC`L$Lq@5o6)l2nX@l={)~<tMdk!$N&1=f4sd`
z#JcJzMf7?tO_d))!X|^A5jP@yivAguXLNtB%oOv#T?tAL!Huz^=p)Y5b`-iT&TtaJ
z{5oMHVIu?d%HL-|3(oJC+p_<P{=W+paLBv-xh$$B@BQk8g#Pj_D)m9!k)bSjbo6_r
z-@m>4uWxV({j--5q9#yZqJ56~dxI{K`hA%X-}CyPfo=D}UD!uzSs5Ff!bSO5I%QF%
zH$d2U(YZ_%alf}<b_E9h^0Av{Mh3V4_(p&6(Gc|ixsac%Bv4s96?*F8b}w~@Uv%@T
zkTZh4bT3@^WM?|V<HYf@hs3aOyv!$dyzB<8_(9pbw{8)tbKlQ?-`_m7Qi%$6j%s#c
z^iy>ejUwH3*H_EkF|pA@YCNC4g^#ypr~<Ib9qR9ENP#d<KyGdD#^+QoO!4<Z858^u
zkuLn?&v1l22L<gDz}C`>9pO)9cYAz@9W(H_NHwxrb?h$4WoaN-k%Zs%QstQuA<xJj
z_7rTl5h=G4^>b;SNX4=3fAltNGBz_??SF9R#a^%q@FDnq+3K{^X{1&0(tnXEK$x;Z
zj}O`a#D8K661aN0qG<IxPTwO|4H6|J2hJEF=ugEm+Ha?1lJpl(^7jMyB?%%l;p&6=
zra|>Z6d2aw5`jT+Ag)^9^-Nzr<yTX=t|&_Mdwh_qQ&m`QoxlL!9E}B7a!+4UoiPxL
z2cR3l;5`FrVLT}Xg-^iwS-Crwg%%hrL>u^AanN*e(;uW&Gak_!lPxKr*LSyd$euYY
zUv7*A;n4!<c(AB`zE6#TS%E=4f2|^piiqf=Sfn3RkY5DJ1^E%D<&z+3&|1dZ;2T(w
zz+4{6QEGG^ufUz|z|B>UGVRqtYxSX|^jrwro}{)ORp{U&%N{Ao>W!C;$yL{L7L&VM
zRjj$Vg9MSVm5F6$0?n460^Qx+15I4W0}V<&r~?FtlF7nn2g@-JD?>15-5D&WPDHhu
zidQ&nf2kZZrmh1|dn#=9W`Y{;yJ#Wfe_awbQzC^DkJy80LxR<t?WqFT!yB;m((k<t
zZ2#JbztyIf^$p^7^+jACmIa)>Gz%Ng8FKU+YOMzQv^xNTv>ZTwO%2p~6X2|~9jq`Q
z$1hjww4R3kS|jXHzrcy-j{!T;B?<f3=Yt*mok_T^97?`n8H2uIzV2u*Qk<<u38I-E
zuUd`d(}yN-9!`vOFZWPWEe4Jr{&Ibs<3dVJLs!HZ>}V3@PV+2MI0L<0K{`?<hM_KA
zuhzJPgwK5lUQ^xF!Xj0mO}n`p1kv19kX7|TD;85=u(#rla+y;0aWx#v-kzY=sd|lN
z7L`AVjies4S16HJ--I<$ZPc(eSvMN4Vpi&>eJv;N35CE~UA^PsxIV1quJgXWwGWRE
zQwt436WC+oD=gP{DXcV#K7!R0(9o~I-V7f^|B(M566i}>VOZ=<eqyJ^vH$+AVaaEe
zXv%(iI5}y3+E`0ZY&9kg?(8lTQ*d}Ry7~3-=9{KOpz!VcQ>+nJ_mOGer2^=wZZYbV
z@W1Kfna%*hzwWAs3AR~`9l1o`9TH*pHa_XN%Yx>oQ{=MD(}Q+mF(mrF`X>;AKlXRv
zb5mhHE)&qvqu!r(c6fcS=h7(i$y_iHRPnW)styACgv`JocIP=Aj??)@nd<7Ce$+%|
zQnbLfd9^xE-TQA9Jvu(Wyk#tN9q#u!hG;jrgpzREHS4&Lh2MfHp=hUm3U7u4%j5a)
zUxv`YpkFtkNwx5dWZXE>pTtFpdXCXQJ%>LmJCp~adDeInB<RH5`OC}@WPreuWJ`kW
zciI5LZO|uZGn%z|eSK4QD#jz%&$EhF;gcyc&5rx&{Ph3;uc1(AZZQ|5Mt(GaaAej8
zOfrC&v&`kNp5<sCrZjTLdwNyD*!98ey6(2t1Tq2lPJxr7VX-7$IA$EDwf56{ldBI)
zTI`3_8#1CN)~*3I{)EZ8s{fK-8Yz;(5G?P4MGe%Vn4Z{mJL8%5+c-}X8PX`{8^z6^
zSmhS#Hh@{6JZyZBkhG3{sXSQpz`b?*b+i~H{6gT9%FCA@*<Vj-VxR5Ji}A|6%;><j
zhsq>ysw}YkR3m+#a1La5G}!iM_=!<bU(~pt$cKnC$*5+=Xn5ZH^PM4ao-|W4ay-vB
zxhk0-*p*XX^_uyuGGhd7nkiSyZ2e_EB5Y3~41*dMrGdo81O`P{zR3jb4r8-q@&f!P
zJMlSfdOb)F-ei7N5>pfs5Js<&u~J5ws>xDFvYbrlAoEZ|Sb}*mQ&EZOd%Hz!sZct+
zqz2><Mkw#8z2MbRR12X7^{lsttJJa<cQ`n10>tJj?5_C%XVy4UA`~Kj{}JcV6-aVA
z^(9>rkum(=;#di<H974+rnc#1j`kiZfEsL!<YiCJRC^}@(ngWed5ffkD89MBcJgSm
z52C`xaJkCOZ_{N`e>gBTMMAx!ok~(y%I;K#Ws*A^1TD}_{l<Cj!-2t)z0T#{3@_U&
zyrc7%#Q@#R?=XUM{40#;oc9={rZ`@`vCvA^;+?Bo_9sk^HO7y{TQ|5lkCpqphn?bl
z&-=>RV(LkMgHd}(9Gm?@o99`H)}4-`^ZSpaUKVIiXc^63UmeWeT)xmK(vM;h!eY0c
zP`f@KZCY~#v<Q}uadDJpDbwnpsaz<!A01_z?Za5+b2DA=`pdTFq$aD6NaMMZ8}Ty6
zuk;Ry+9U(-IBKB2hwo>)HC0olreUvhKM%n0ouFIe+z6U5-6=kjG-?mqJ%MqE)Hlid
z)b!7kG360c8fB)vr6yLSWn6^;;Utm4%(Y74CReragXxpm&68vy)@v~1AjTJKxD`bs
z?^0(o^I7{M<SZg4h8ncXas8ZhfxWZYbDNX`lPjVkoq5qy5Hgg)RTcyMo#`TT{-NyE
z=1IIUj0s%UrR&x+l%DHfmD97Xi=oqlL_{wRmi?)qz1l(U^6Zq|VSt43V#v{|KY2R$
zK7M-D+Xo@dJt4QPw<l_-3^0MARLn%SUJE#LP!heiR9LTG`1B-Up$72I$16+npuWt%
zP$+5{sbqWp+@ybpeUoz311+v3OD$hbnn5i;W27JNqx};xK*4_+fJNrCj5(TMI8hWI
zK><1>PO-%~iKbM!cSpgy*{IM`3)yB$;HtA`Cw_1DaJ<AT!LTrOraLCj{H|7<)_JYF
zBL#wTIHb}iFXc9WDkCLYVX2a7iNE|(T_!A-!|UeS3x(~T>1FM&K_Li1@hA5kqsA7!
zazEZM!B_eV$zUw8+_e8haO_}g3hb|vjpuf^`pc#*uF<FMlbUg6Ef$6!IygEwn->8#
zdUwl_)8x55<b<I8o|*8J&zhodt@q~++OQO**;qFCz8$9G;=)44t5xROl!qq=nX>iA
zJP~+c<qS9uM8g7K4u8O3N#C}TaK53*+qIHH9XjcOZ;ni?I35@lkM`$W&<>R#mtAX5
zwz(^(o8G6-CK-x`B_-EshRfu+{Spl_h~Tu*w5?-a)cp#4k?H7%_E9G)!FlL4snMX3
z8n(e<X-?o84j<$8*2qy&hg=U&I&yx#PN*Qaru09!6u$tONv5a&fu#ULc1jCS%O0K;
zD!z8VxHb}3e@H8yDq(%a0Bx*)k|*@OwajKae)ufeQGR$g$5qhqeutY?tELshDhs~{
z)|Swholt>7H^T$<+>FMH;aqzBAuoTsvd&j4eqD>36<_mH8rz#4|2lh9A_2G-{&=1x
zBI8JV2L=0A_y`8>8+p)|W4z<EBkBmeDAdD5Y}e(DF4GTyt#uw3hL@8>pU{nG%}wKl
znt38_smr!D5nyptZ6)zKM>kz<+p5T-yYb_Rt|3HJXWUk&Jqxj?W6al6ud&x31MTqw
zToSz}_>3A(>igqDLXLQ3D1%`Y_x)lM0qZo+`)~#Dzf~V+@xePlHk!v8J=+cR-Wdcu
zu7{1gPR>DpwiEPclXt5JQ75WwS-j4tEP6P(xS*ILU{0=4r)=bz$6~Fh|B~l+1r#Nr
z%Ffv1peuW7gO$9nc7p+o5}IDw?@ZOOxgR|&8L{ms2XUnRz?6%;nCJ>vqx1+}8?i9l
zGp)}m@`ua7phl5zY)AiCtaheon11E%!!kUco%)wU`4X4_Wv=b3(nXgQ_|5=vWLKYm
z3n3V0CgpQi3*v`%?IV#m`{KA(SWIdJsW6z2elW4Te<F9<I>gH(LH@qFQ(+JH^^H!Y
zO#x?So;&9{-0>WCRjMG6z>kN_0n#at<tixp5~np7q5V<P-%^RKtd>x@UEV{(dnXox
zcAlRT8UIT1t$*))sLb2f@(;N<<0;?s=C_FtD`KJ-xY^lE$8%J+wpz;k7|xfFP4b!?
zDNs@5p{3+cHuD{OwfU(xIRL(D*kQ}?uJ~4;BU<Ph)Am@S9wyCJUw{gk2{EUoF|=R>
zg|^-ocg5}%weiWlILmGkl421a<#GQ<<rq&WOl5dUnJ1&aZ=zEtH(z0w=vAxuW8hO$
zbErd`d}j5BXW?P&!)fY_di^4Bf%4Zi2ik31H~lq&o06_S`pl9F4u$6`UyiG!oQVk#
zb;BJOuF)%QS_+%8rg@z=r5n!Sy)Q-?#RaN&twwXw!`<*){k3O?4I^wtNqty*MFXcA
z#a`$+Rh%bV`}Ma=VA4{cu`MW|IosKay{?y>?iqRT`X<TUn}Gd>Qc%Cn-MMjgoArHK
zy?2bp!ew+cr?wgvtTD-z#0n?5q*}5rrrNW|g0jiEfqfMB<qSt&pYG)8Y3YE%RkE@C
z>78u+o=;lXXPyQRMif)-%t`-sT}+qt`xNvCr{DuuaFAEVjizf?=J$p~ZI5SSyiTXE
zALZ(<u~LWh>6wFxPZk813VJdRh?`Zw;XJkZ`n3C2cHTwwY0qoJg`%JH%qT{}@Qq<z
z;xfkQ=ila9Y^&8x@G&Ttu*L6<*(oRreN955C_e|J7w0&`$&yMVT1nAm7o;LYg}|p9
z10@cZu28J|oRMj<iWLp>7y-`SepN=YK-4J)NR{+cD+mY5`8{DMx-PAM?{KI2?wx@|
z9!KLJpWo<S6^D%zj)Lhj3B<U^4bn|7*X&0V&IC-BhNHA{-Ub{#&r>_CV#8EL!0${6
zXSj{Aat9exT3WhL@CJy~XdkU^l)Eo#jm++AZ_<UF06@xes5&zGsj>>^UAhP`VIH((
zX_nU;rVlFC@VhX=DWc+*pe1>6zYD@XZrAUUIoW{>3e(TW=r~W#g77*jI%$~;%Uv3u
zr4gd}P~19*!4R9nm$@O%<M9nujp~jLBIFLDh+~yrA<-Yi&cK{f$w%*x8X3z_PpFVW
z#m=%?Wgb$M7f2}X`mnTpz7|D!iB{oNZNeeMRO}mJ8|R?FW<#%GKfS*=?!M#t!4I6N
z_b7D)60mbaS3b%-RadWhXCyD_`xUYv+HZ{iHBsf|f-d#O+lZZ|E|TpPBr~!o3b{Qe
zF-+%6y4gxE)X_I+)d?iZ%=U&#BIqqWIc8<jjIk`LX?gb!m7CsclZEj)M^nti&l$eE
zz*6u)L9cJ-s?hUbN|PiVAMZe>Y><ihFnCf_Q`FEaL=_>d6<D+XG(ZV^88@2l!NTi|
zd&})L4iYUdpC|DIlG}N`<3>Rj72@L(G8m3`?*5?{MTq48BjgAF8=eY%(P)*3W=xZ3
zv>|2V3;vjL&S6dO-LFI&d_+l==r&m<-rv!ZvDATb+4&e1evb(oOf!D&6WO9Lhi~Zy
z{U*|g?tCf2nHTK5;qb{D3>$vc^%*`fc=FtKf5x4hXg)Sui8K0|Z~xM-lU_Y2q?h;I
z>^58UCbf9osrM_~5mD}4x0%`GO~Pa&)R@5ghgt5S8xx^8&f=5j{=2A<!dU1bIr`>d
zVG>`(w|GIjb5wCRS1jUec}Mxsy+{3G+`61L18PFgi#3P>3f<wvYi5|b;wM`(Orejs
zejTFh1lmcLXQkD8Yj-rC{PmdzkwyMc*UYGWg1|2k;vo_ZAUOxe+$ZOi(nlQ`jxi)W
z$&74nW?Ctai+tPk46<WB4Qs&yOxW*~@v4eUp+rLI)_b`Er0(E<!a=9R1P0FAxrMT^
zeFIgt2Ba$xRB-m?0;1?>;h_d4E|w_rvEuSXg}U`)_bkLx#0hNfDW6S$feoCP8qXJp
zatu1lEe3z&6a&-Oc0-E{67gdD8$j+=1ZFm`pb3bxY|5dBiT4PjuL(Xf$$Lr3rr8nF
zKU1ym)jRBPD9=S1TzIqVb0gfuB}DNUF^NqerK#7L5BFdrWm~#$@s$J`0bD$3U&Yit
z<jjh!b$<77PoGKiTM6tAs*Lu8jTe@XFKJO8QezMu>;;*JF5k}8=EZLGUVl^QF=*X(
zEkmy*f}gdAJX$yR`9=?D@~n!tL)S0&w-zhY(p_W{Q6kZGHwl<Nr`X;puf^yYDtE)w
z>pixfG+qtc&XT$M0I^1M3tn1Jyt99sq!Ln!g}%VbHy<UK<Ne@$b5GZGg8ZIt#Yk_;
zs)4!g=I1J#aR=TXhGaOe*<Rrhic-FoV@VY1--L7AyW{1Yc16>Dl_S~9ZwBNQT+DHZ
z&u1jjSs>Tw=zSD+X!~-2T-x_72UC>t$?J(%muO=C#<V{V9(;YOS2|YlDLrI(9)p>~
zF0Uj@sUy5NWb9P36i;MW75Lr_Qi^VqEQvDNk_Nlk?pXLB>)#(L<CCs=OPP9O=lkq2
zTHq6H#uLKoD~j>yCJmT)twT-gBjfJHYekDF_pEx{yM8_2F-5tm(H<A*)JX<iVy&HA
zUpDK0Z@}Eo%)Z5<34_Yw6BK{IsQCbQg{4@*guLKC@HXI>@az38#V;vhdOr5O_S=yZ
zcH@=K!FiYvXjY}w>iKJ6O<hr+cR(@g$9qkYF#LVa6_u9u+x^F+-2L;{-vvsbJj^z{
z+tp(lLBb`UY*mby<<VT#7L0G+xp}uXK&<#buAckDQTwqE?`h{DH$rT+qMWaIzxcHf
z10}iw1J`R|{=nTAQV^CGJ?AL<_{eio_A()usnfj6)t`276h=d^=NX(;B1`9gyx)Bd
zncGn_a<0moHNjCKNHr-av|e$ai@S9qA9zC{e&UHmxD0=ejp6gx2)OV*)g1jChO=Kn
z<<`B54}qV;M-U(`-JZjdBweay-BEdUkJ^^(l6pk7RlLKFHeQBfti=rwypJsF@58h|
z9FS${Ift}vU&4!gA}4L?<e?3oXBgB!-M+Cex?AUoqusg7pLxUUmOb&reIw^~p`%8s
z(nKLU(dm?<4RI&UD>_i~?LDB1JKrX$|54M5>#FB{w#@s3^4w_E#eY%2T{i>8X^h{u
z*%a8daBtD<9el^f!UTlqfiOdl<E<D_jmyPy3E9-|->o^Gu!6tHn@r%!g6i7)PuX|O
zI$g(DmfgTdQ4?}?i@3u*rDnbP#DHH_#%utazTRyg@kC*eyDxueTJnDef3alJrnk0+
zJ=+`Yk4eZov1*4=@9F%2`JP?zo*bN*-O0bW)Mh8nvsc|!@-^~fCcS#P6fxvP$2q@1
zzrBEDq~}&wXor;sH5YEO8YTA=11OZ}>HHt1{Q}GA{x4x<eY+-KOoCP@vwpNsp}P9x
zNCKIszQ$D|dXN;~KE7XqQ{r=J0Jd$rjV2wS6imZDVYAFoV{%9{SqP}zF2rjZw=qPY
zwu-dJ=dTJ(o5(d*GWfCT7R)hMb&4$!ZJZV$1;AxA{UQdEyQ*tNs!iJzX%xRM%L|N*
zf{&KG6%lm@wu%&6-8Td+GnL10EQ!0WR-SIMTP>$iCF}U~R6C=Qn6xa}1#e8`(w{YK
zUaAG7K7{+W5m<a9zWA=Gy2H8XMue_J*Dd-@O1mjaMJ8W2S&+F;!`9@#y!N^tL$4QQ
zG8kLL&b-R%CL-Kq_mkgLUo)f%lvNb^LYfj{6@%kFKYU1r4nNnrApdbVh!*8Qp#<Gg
zl_Yt+A%SM;mnK<?8D+IYo@kJk+_Zu%ut(Iz010b{V|uaACe)+XQ%uEky}>H2{W$D~
z7p4a(Gh%9c&c;QnXm}sSf=iNTkJbNd35E8MgmGgt8xw8zuiHDq&!`YhX7g!8I}0k~
zP@1T6^Q$FKKUwF4>SpgUN4Ru$H_usa8J^o2?wk2pzorRNmd(-w(SxNt*0*<n8d74$
z*PlkG9p{s_{dkM61U^fV0hy8Ko7Qzsdvla-@L?#No{Hd`kW@GckIG7a)th~{`R{~J
zwESm9+>gg$%mK`KN@$eWLZ@?LNganT5TQ>egT$hH$M0#|%EYT~`Yszs;zY?X63U?N
zb>u=b!(e05GM2*5i)h?g=dGW&ZQ&e=T(*tg;p8-aROfp@5U`72+4r4s!EE=CbCQE%
z*H5Ew#$X<ow`nyzt2^c{x(!Nzx+_nHQhOdFT^o4`n6>RJNMka1%;IzC??99;Kj#k-
zveOnlaGGm<uOFb01YaR*tt`-Nd^(p(C9cm1-;*qLWG&S&=VY*ds)EE~b>XsmXWfUD
zc!)GwhlHdL!hqiQFd03JXq(SvAYhyGtH2@Z`FPGTWduwU6Wyq=nCG6zEm2d-jHuQ2
zy7g=v*ZF$AH9o(ZcaCT(@wgD1>3S`2F6JZQTYY`zNLJJvEmbmM5&4+2ws(cS&!5-Z
z>H;GET0^ul|A(B~HWX~QdQ>p9dR~{Ee9jYDkNYBbPuK%bB0~5QD&(mm_Eyx?GiB6C
zM<6B`wKoOuyXS%rVX^9oZ;v5l_%H8T<>sD;@AdLk+743AUf%!pkRE`qqy4-$zBNAi
z`K|knU*LrE?<f`aX$&j-F!{hQm%lwTwMs$>osH-Ec><IGquk+}b*;1UHMg?++A_o|
zykmz7BQ<*_ll0%sORmx{91q)2Tw$-ASrn$=q`MuXoK)Mpek(&uO)JQuD>4AyMINdY
zNG$vb^ViS@_xoNqpKCoEOmkN!n3v})z55xlHnWTN4@myHsr0}Ef%>&p9KLB9o%Kxp
zf%?1s%;IM*p4QxB1cP44bS!tr(+&x(tfnMuM8+!G$6{RUscREa?_dZ%O|O6lkna?U
zEzgfdP}+8vnw<HgASTV&Ej|)H>e43I#Rd~%*!+861TVW8-(|QRuGn<&A1*!@ML*sc
zR!tFoDC|cp?m&p)#R$gyMmhw1{0722hzHe)Rr&K`&7JnxUbP!IQ?;d44axDKsO744
zZ9l3GALoM(0pXF=?swRNU-GJW{f7&5puOQ-M|Z#T;%hH2$D*$DpU&&w5M^ccL#*MO
zvC!;1rQ5c0<A&`z!ox;Fq&-M1%}i^QdOzK=nIqgHMxD(`tKP3^H#+6u>eOOBkZYo}
z+<(CG*^%ZFm(vC(>sO$Ce!^n%{2h6%`j=&pFo@l)pzs&m?a#6C{G>&{vSs)plbNRD
zx>3>ZIpp57yjFU%;h>TH{Jp~-@5@Ea_l@d&ObQ1pN+|j*G_;dd?|VdjSXVUwlKNe2
z=G+Wf|8v4;k7V@JY+i;)%8yBSpK++?>bU~&tBchNRfx38RYTS1@Hb8?JmN46?ouX8
zL#j<kdsXJ^!x-lE-5ZO2Xvp=&m~0Dr>aoS=Oxm&S2Z1uJJbocGulc9VH4zLsIVd>h
zU6@%b%Tu(d_i8_{cC|Po`bR3dQy`&|iML>k2UHIVs{D%0Ach*bYFfd=TYiDbCREgW
z81Qp{_Z!zRzR&%s`Ar~LH{O~fauZM1Mfg*^?o)wHjHR-gW64AdWP@sQNG1Nsj%WqV
zH_H2zFXnAfPH6g<)NaJwyxn!0_%AljYQ7d4jM#tPl?TgA&Mp5Pn$bA$S#Hs;mcN4i
zpv3Qfm}B%!(jAK;1USt(_zU-CER=f3@9)L@b))_RF(4`(6q<`%G@>NEvD8O2>G466
ze)GtHjF0+WvBD1*{O}$FOE*F{CLUcGUTAO0>&X=Qq;!zhGuV&12ej#ZJ*%9wiD|m#
zV97_wh?xMu+3XSjRiR=EUnYXO*g^TkcM+9yiOl_LlVHG}H`?>^R~J}Bdq;ydX9eWU
zbz5vANm5`iFDgg1>E~_(y8n@MPq@;=es-w&1J}4`I;^Ljn6U+XJDsn#`ac)Mgc3d1
z1_R}(H-M3U69A{*<c~WzTRrF<ovr@hnm2po)`7)Ae%CbxyYRzPTRE*B$`spzMR?pZ
zBw8SKh|)GgHZl_yuvq#TwMKQbTKzZZznw*B-n2QA$Kt#>Jor8TF%e!P7A?ih+rV$n
zW1v_<@(EQ+3xy8J*#}<CQgcR}49cuvqoutd@4o9SsL6@Ch0Mu0j>Kz>jCK8h;j35P
zLrnNt**Y0IEVihG=h^iKd`1~O{B{WOvdelgZlWy|OUW*-L^k!)Nj~86aeTDFV;JlP
z2|-H?WXJD11Ed0wHsLYLw&&MF<Z@)seHx~%P|%M;I#I24Mz0OeapmHaMrVE7$+wY;
zlsd@oIjY|6-%_JiknpXp6#4d^*LZP&Iv6qegV0wXSbL28ysgfKIZEMJD0(%!>ddx%
zW19o8rQQe68{QwZE(}OwEv?Q^F}?f`lhZIwkbB;mEH^PLk(jf-8J*m>dkc6l4_q@V
zp&!%6WNFI%R9kN;`dU|XZe~P3ofn!(RHa@D*2^^crfim22aJXqj#O$k3kA;?i<+)z
zcEi196A#YLfy*LYs)*KjxkVH|;JEVc0u$9?gLK-QJq3${Hatalrr9zx#TxjC&JjQ<
zXz7*5?_JF#D0P;l{eO}1&Fj0L<k8a0tHksL*T#cx#@qHB%e!^E`Zas4nDCAgOTo*m
z6_lyEN4fGj`T0-Xj(!0QKwR#iedx%oKe>S+f9VxXok3C7Yp@RUV63KT&5YQEt7612
zSeg!4&NGVkLftaOZY+NH%@lx!i5x7LPz8X9-M>r=TnO0aiT1Z(cu{7)!D7VtjrY^E
zGhTIsb;GVurxIJcKZQc)lPxz7f6?qY)ZUniu|s)Md!ecMm(r47ZjELGX_$+rzO2SD
zznep?@%1Q$%Gs~>uX18OFIj5vxfW>d47M<6BkQLg1O(r2ReSuz=nP}IB7t;jQ?4~p
zGfPyx6{Uk20Cw7DPciB#vV6Z{SR`PeG|1NUoyt^eR2vL}=4U&6Gv<y?ebLsrE|Blb
zD8W5ATLfBSX_|y(W#ROr=@KX-q_6Kf-nipci<dR`1i`Dm?7u+#XCIZ%Rtd{WVYRGp
zq{y|A%lxMj#aL?@X8&unMo!x)isk5LMw}+GZO~GydhNoo?(}<eO1LTPb9Z~?C-1*4
z{BZ5ugftAN9d&WeWaAmhCB7?uEPOB|rRYE430BBJ2-M$-nCV{~E>>RGxbJ!L-|+@i
zdECyZ4tV48+Vm_kP13(DFdw1#2wb-lzf-R+a^=b8Y{YT51>}mXgvuf?mRX5=#-G-I
z1z<Zi%OUeCL<{uOCng<poSy<GQ&u_zsJo39%r#3NWslsfG^K1sDf>T&TC65I)=J-8
zyM?_%s4!k0rlh!O6t$UE$@C|?6`G>Wb9<dTL6iU0ZcUlzzl&Nbl>x>JKM^o#n;Q)S
z9ZW){sA~s~m`clG6@Axvl$NZ4%d^8}(9y=6coCTAZ+XXg?57b;o;O^hsYU^f%i(0&
z?Z*_x`6;B^)l02M6^F*q>vKXD73Geo&M&$>(Iyp@$qgkrw0<<M@LY8CfpRU!#E-o)
ztaWB@;=OIJZa<Ul8F5R)uqDnvZC$Vp<SbJT;zV-ZYrU#>viGKxSngKOP<JTZsmyNv
zv3`wOB{D5hU}WDNXV-*9ZoW($bdprdJ=o~{j#o!7m~CVH{_Wd-sy(qx&i+?NBvCl7
zE!%df4qp!CAkre{fe&5>O7`;>q$E9Rs!%v2JH+gB#aDNInL)b2_XBHrY1tN|($f&B
zsD2YWwq!U@V`cME<GWPBCyFrCFe1Qv!hDi{HPvKW^jayc!1p5#z46zdUo~kjr8UVh
zab4&6F#MiN1z?dzbL459sX8mU{kXh;e2$;>E*5XI2*=fJG2~~9U7C2Q<704IDiLlw
zQPQ@P%UsZ5qOx$iSx*!L)l18#9Wl4?Mb)T6z6pdMYR*QQ0iWMOnxq{cyZ-)qNXJZJ
zQ(l?=%!6fk&%G{BTMV^1|A-K~szS|@k1i=~yDAWh6g8jXcgQeHAau*5^4&i01bb_C
z)gg!pBzs1k(7#5b138dNX!cs+q3{1-Q{j(PWXYpYAIKar9e}~;T--O-81Jfk?qR)T
z3atE%9s!M3w(QpipgY5q^M?1w7yy8&4LtWV`$n5?#2i3hbnX8z_SR8xF3b9GLLgXz
z1`F;E!Civ8y9Rf655b+_L4!L4hhgyG?(XjH_Pu1E`>l1)-RJx^YyO#8OwZfhRn;X=
zKXnaUvKwtDXoM>{l5$y^?T+sR>|OloMT*=Uz<6E=zM3lr<w3!t_W-n1fKT_5eKI%4
z_F716-3MA7#L%}4V0$!6;P9RRv_QE4DFtZiddW-H`1z^P3LdyU5M9%U)`K5JI}ay=
z@4r+29S+SwEd+NPxKaR99CESbVPFK*WAhz0n_L^Mr}q6hzBR1<u;rm^VwOFqbHDs}
z3#gJ~f?U`B>{~tzy4U+1+zJ4R13PdnzGi<S9w=SzgjMQ2a*E4Al$%dlz-T2A+<bf0
z&E%Fa+hUVpf?fd!!wsd9{$o&tG_phfcfHEXg)8gPqWHORnGpygu2tbdjhY<0*gQ}V
zsOBhhKK1A&gz2@K+j*~25<wk@L^akMa<x7|_9=B?1>OI)Qh%1QFq1VhHck%P%w>+Q
zt)@;=WF^1>9xzVb2I-%1;!|U;7phRj)VEbX5pJbowk*~UF!-}sjMtVv?UbMN#C2MH
z+I$0qJD|3j?v(KltfzJn(FaG%rpRJHeY96Za(*k@UTBpGQ9Y4_BM#{z5eo#ze^=+P
z7h!2Zb{<u&98!ldAdG&m`j>O(&qzl;wd}mtXyoaseu&rLc)I4f*!FSaryjA_!b{rs
z*7N;a+g8A~j-*<tpa!}vFY%ZUmgPcnOPGSKOO4@Jk*oz*pt{mmr2xtOG(4<S;~jrq
z;k}A4HE>tsGJNEDtuL?JVk<v*od-AwU*0<VlGO*7Y1nlQ))bUy_(o>j{yq5VXFXDI
zpkdM4|8M~a`(l)7>m36?Vt~A9W;)sst?aZ&<7)LIV0+qMr2xGtUdj+(&N0nSvpUZz
z;M!bQT3<iTK8Q(3#Bm+fE6&vo-*=n)H@L3`U})=S0k`yk#uX;j<ET$}IBSKaRQ^#c
zmq%VzT27P7cOwAuOnIk;uxxzEU!d$={<8nv(9LPa-g|rYQSjxKW~B&hmK10$lzIao
zVHiJBX5XSb;RGnnH(zKoW(h^^PCBBb<m;vZUq*bo%%uMXj0M22?75(WN?tCCIv*`i
zGMRX9JC}*acG&~1%qg#St&hGG78agejK5)?uhuqW6bsPxzv)YUvfqri-?ysU`(*_%
z+}Uvy-}X;xOar_fB*0D98eV^CEla6m#jF@nJhzEt>6UAimP^h<)f9Dr*lQR=XRO{c
zGmA3Ahi=*PF`|qq?sN|hZddd#>>~GfgJ0T7Johf7S@*;<Yx3#{hz=ydRK)RF$}2|i
zH*0hom|N4{Sd_Dw(4Bk>&JTf853Cjr!E~Ol_heB;@PVBy+TN5W!VmTW=K=-odaVxU
zqZz{ax`y&`=gqz1UkZSBjplRXir9|8xSn|TW(CY;LL7fjJ>tU|{`5A-$h?%xomsNw
z`m*C<878~3a>)OOFo$K<bfKoIYK7A|85=a3?&Y1wP{>sZtLnOnK0gU@`?oOpBKIYJ
z%&(9x6!q`i$ckJ0>8f?s$)t0PONF%GwF}B3>lHx6%XKe<jU+ccRpsL<r2&*kE^dE`
zK{aR3XQ2waj<@?}ur*-d>JJ|z(TRCp8Loe-n1%8)A|AIZC;^N?{HiT~l6sPb`@s8s
zwm5;F7K|M|t!AZKh<9W|MCUy8x=@uyhy)WO9FnVB@o#%@I!fP^{55S1+qIzNRrJ!o
zYAL&5)P4HjZnlX6m8ejHTCm?qV$xcvC(b}?1U~ExKu*^gtyooeQ2El+_YHpYo1{x@
ztQCPE+YNSv*Cdb=w!fHqfz$8&!7=68LZu(TGK}*)nrpYP7TU&oTp!qR>EcY4e}U8?
zt7e1LY@9gud_Rdlw4&bRHP2e}7H>3sZ?d?2k=zasAPJle*}hXKDee0)o&yv)lNtU~
zG^HQ$3Q{Ks(WHpabtndPFY3s_LALYVxAp~$yw)%PRKH+a8Xr47i6^6j<RU$*tWk?Y
zjr*Nf3!n$l81WlH7DICRoLcR5k8t=wq0u>pr1(TLep1(rxJ_N}VCH%=if<u+Vwi_b
zZjK`V14*#^)BUop;SYN(aS4eS1l&1`{7;r&zQh`wtgsm_f}A+%y<Jh^8W`1<fJ^}F
zbI{(e-r!HMNRlkp3qo8jtN2sWXCGXZ<uX~9ysmLC5id^Xn)HFXeM}iE=hm<;K}vi9
zL}7w`rQ7)+A?LwcR(?L9n&ON34t7%{3U705NBz0yJ243ZgH7yX<8gB$!2OOY0K{P#
zsKI&B0D}QN-}6H(zzMBjb)%}<9UK2^M{Dy{bY1WBVI7kpaC3~)hCs{d^<{P-itIbw
zyV|32jzESP*g4Nhn<kl=ktd+gX>@yrCZRN=MDWeRW6ln$j1x#wAJ*>T9=J;T5I^qu
z*Y{sEumg;gGenmkWqdJMw@a{pr5gZUQ%sxR%UR%6&6@Gl%7>T}WK~P5V8F1`6NVqP
zUA%E;`c-28$nVNY{P5Y03!1>92?llos4RNHtc$7cH%(q5lK&$7VTP>t<(yX-R=UDF
z`yFcmav7ye0FVDkzvYt$r|eI<{CgWGX5V^9eUjpNL`a!*2s+Eik3j(Y?HtG{%n*ko
zi*1rxxrhcS?2DyZRYgVUNsvsQ+<aZ=838B&9_uc2L*?2I?M^aesf0Vao9aY>1Lpoy
z(8SN0SM&@Fu(OUF{ww|~t;qra`RgSE%+q^pmIR?o9tha=pkV5Cu|WG6s?3fjU&JjI
zKpO}q&Q{(`Q(1ib@@7rSvX8hVmqqVMJ-~VDbp5H#*gJ1-MKp~iJ{wV>hUjxiz31)^
z3yVEw3lY5_Qz4%c2V^2B_Q9kE)4TmcGy(3CC`?g`LjBHADoZ15ui<odJFO52j9aZ(
zK{I$G!6xs_CBDpyWgt*UNPY&2g;R^{ZfE}dB%#N{YR`7~NtgIo2SCV@K!0!=G{)Pv
z#^n?{o|$wyyZ6m>VbvDL0v2*?YUB51)fC3SIqEb95f4d;uB$h{e<({`GD<?qCH(fu
z!wI-0tm6(1C==J`uHKIg;m+rJb<2FS?U@>xk&cUH&{{l^`Z|NRJb2Q$rh!eUEw9a2
zdLH$1Yx8e#{sajyag>T0kD5R3btGvb_{I!gAapb*RD^piAK<`5tk)V;-=}Nxg@Hx@
z^%iGkjFpFK>DekdoG%E<jX-Q`TMjoj3yc&_fcd)meOs_}$?G@iF@byZ(M_Ze9nV1D
zZmmpQX<l6c!q{$b;FwGzU0SZs^V1#vthCn_TFTlBXjsd(4eD-Wqc_$FAiW+mdxT45
zB$i?%Z@x7K5zvs10hGoR0A+1CM{XCVBAHBT0bj=t^OaT;?QMYbh4h66<|&+^>3j&Y
zNiXD0Iw48L=L?|Mj3n_T#!54a0B$o7AG>G6+(N9Hmrhd+wdW05ls9i}IUAqd6)k7%
zLvF2i%gTML$&ik}W0^SxDWhZ}%7ivbB~qR-l6>=EK|BMHcI||3Rr`M^bcL)AARix(
zAs!?;p_}jzry_+hb2q6+I@GryrH?Ac8PJ+Isa4{!9V4F=CZl)|p^=;j;IWI7kZlHB
zb(jnrZl5Wsa!B(_ZP8{vBjL?*+_BI4z<gJnubEz>X>4}I=IaWxyO(fYzl!IJb^y>e
zCK$o52*|!gzfI}*fk${$;(2{IPmMiY?y{eZ?E1MrJ|!iaHTwLwob`_hXq)wJjincq
z%_5b|3C;1o!>@JGw3!nTnBK9_fO1GZw40Um$~?J#AX}K=JW@TiyWgbU!(ZGpP)2k2
z?wW4>Kz|Tb8UpsBpGu+vgsgs#Q+AECS|@HrjZ{bE*0`Kz%@?=7{reHM&$VRVPn+k7
zn=jlUMcd6^xKt-QkJpI&q&-Bgf4*k_n1Q_O*hbU&c7+$lw^|&=3NDjMp$eV0S`6;E
ziNlR^_W4Uj2GY&vf^BNI#;Z=fM@9&GnE5D^MtG&uMfm+OaD&6b$qJ%vGOJBy)apI*
zj39TjP{@kZw=fGJo?GLHg(m6~?mL~*T`ei>&zNr4;CtM~KK~DO5<3zk3{{CDQl*5-
zQ#TLn?uiy!TroZxa@no=_dx#HI^d=);;&0Vs-cYLoWOm?)_y|0uk#0Ir<uY5v13&#
zwNi^{_;z-QyXgLs04<%bb7+xLVGKvf^LH#dRqVLp>70;Q!yuq^VguWr3fvp`%;D^W
zR8N!S?^C}7P+)oj$k4XaJ|-uijX=OFPc{5>R;y&Gw7UQk^f~}f<tH)3k)MKI)kX_n
zMl05(2M19LFzZX=SE0J<W!D3#yPTRkXg7a4p~}#TqM{Z@(H_bAgf>_!fUSAa^@Zh_
zc8oJ?!2mdIh^Z$7%f#uyH{VE#-78Mdd&$?&IC3(NG_7|_p^TN|h$C25?*>xXWD~3K
z5aWs|J$gwo`hmV4rF_;ZM}`1KAI!0Nr6KoNF9Q&Z$2uQW4nZq@LrO<#{j6k?_zkOE
zn`f099RXMedSRVFp_THj&pMb8^!_>vU+l;)4tQ{IRyMv&;aQdmGOttXDI#Ep+x9cc
zg!N<;PfhYr;h+c*5h~%28KV)wcEd@`lmx63_@fjoC)Zlf(wLbyT}dHPP1po~5<D$a
zobmU^{@{<EK7>maJN_871FQFZBK-ciw0HUj`KTxXP8fzwq?j0W>QTE-?@eU*s#IIG
z4caSL_`)A`X3H`aJ&kl0Dy3rx7REGmzKJMm<r*~#Kz*R7L*U0b2M4*)egf^SfW?n<
zTT@?bScP8@^l|TvA1Hz#>ykK~;x*IU^O8KskEPPZ?2pqI=hVB#y#_X5b3MC<o`;v*
zTBnt#o}W`j57L;WlPABkN{_`IX=^0(yoFMdyHfd#jI@c!_W??XKc`0tSxzpRHbr1}
z$s@N>eB7ADgV}8EsbzWls)6TvYiT1gc4KR4cpQUc|Htt;_qKn!EZ?&DV(79HS7kg>
zVI|%{EX-@hs!CTHbh{WW486qQw-W3v>^JNZi?Ag6`ufUAN|f`H4=ze|<l91VpX?_n
z_PwG_mR>s-nz8tQIL}!+>I?p&|0zt0n3%T3qxV=sgst(Y&%<MJ{N7~h?zH;ZnA>L)
zi<pRQ{SK9_Hd&BmqNl~j{Cj9NQu&yTO}_`HGo?w_O_P<b0E0x#b*{hO#2PMcvwT@d
zm?CAP<Q#d`{qgR-;!)GZ^vzRZbLf12y?!6JZQR4^Eh(KbvFO(9!_pU=;@~p2DuWt^
zUN7uE1nrOzadQNT9$~xPm}fR-vfkJM8PhhRR~B3)>AA|v%3U;h2iKS9<8hyVq9DC`
z{Wq^2QAnZc`0wd`K5T}ggga%D1znYX@j!{F_}0<Q5*Kx3IpB@*in837+n^jI*UQRQ
z$vgws6FYMQ=<;Tnv&3r@0a@OyI)@%|WWxAF)%r<V<ZZEfk=f82pc$!?`MwG%o#9np
znqEhs0$Jmj(piw6U9&x#bTaezFi3ejJG=afh>!8x)kEA*8228x2B7Sy2H;O3m2dzg
z0bCPWiFyl5bFyM9i-RX|^ga6yRFutD9`aLv?RN-C`{!F2npF<rl}+<Kn{_8At)6Kn
z$cwNA8ei4ni?K%y;Te>!VH4z#5L1-}f`i4-h4RTql*|Qh$m?~AFvX4R+$Xg~ZRzGQ
zpWPtzoj!*uKSA9q<GsVHQV4qI6O=l3@w4>A21kEk-AJuz_n08IbybI8VXw-!Bx1S2
za7ORS$ZYx>=VVlGH#%BQ5^MJRj}Obb2)+d&AIK1AL5iQfLy|8b_LWe*thbjwsu|FO
zRn3oup%UtunYU1#J1)PL9rQ|fSpxGJ9uUEy+f|SczqjcJusgj|;in#BW$H$rxzB54
zh1vwd8{{ov7j+XU!}P19N3o^kTJty+D6ex$s0~alMQ^z|wk?KbWxKvI61;-=o7V_F
zYz~4{&Q5`txfzdCkon#uQcUa`CDoXnKbq)mvZh91Wsyk)>>aVDsMpk=y$0yRP}@KH
zpuS~KK46D_8S_buzoq9C=eoNwjG;lY^?PgoB4;!{<N<6jbw2xm*>-(b*V{ReTa_1U
zc~obGB-e+~=#s#Wl_Mk3*(VB`(~obd0MYvtz;DCTBDGtB5x;V~3&s5b>hHwy)oXef
zLz6r^L%%Oni@Kk2$)CO(QalT`lni`EuyBeyrbq$D9niZZ;gegz?i{!KQk|ecmlND7
zsxhk!AVbjYBB3I^g<L4@{`&b9<b(fL@9*mzN91fDI!;1?=tyT(aFq@wxLA%T=p-(>
z{Iey?A}R#ET`eUAPN_h!ib~wI=5!U^r!^Fqul)E(I}zKe`0x7j#JTybY*$`E^8ek-
zJ%V2qf<D`}f6}vQ>ePEK`iTyw2ZFxA3DA|#!Cl@U;}NSDtvjKFxD!V3O_W_kcg%}|
z0h<4cuDmHxhi#cwBs35XUNxtfdDRiQ`t21=68}%~3|%tE;bN+jhYL7-IKNjgU;ppx
zt0*K0Zq)Q$(~dcB6elu&z=g{yKe}sMTNpXF|LfP)dkjjz@3s*A)ZK86yq~n{{K8EV
z{r!iqyu3WlSec*m@!X~!Eydfv6PbULqY+%+krAXmG1=TNk)C=|03aqGun-fYc1mf^
zEEyFD2QFkkTi~Gq%TUnT1~h(2Q-vOSd0>7%0^rAib?{3GpaUlMH<S3c55M9gBb}-!
z=;H|c2NlZWT3h5N&%G_KmqeVL^yK8LP5ZOsG$-HuFoxk_-f+?*q`n4Z$oGl=k9Zy<
zy1;uu{=HEBU&D9(G8mF8S_ID#Z}XFGRz>FL_Ym!0pM2;UAb>GjN&YMx^wwi{0U%0$
zyZ8V0;X}sPe{Ft0%xExD#8b;0gTTukybOipdb@ep`Saht@*m%Ry>QWk0k5nCZ2q+w
zBZ#m&7#xr~k0)E1{ePq7|F&g+y<LHL{iw|z4W;w>w+|fQiM<|(0RGP|d@V;Fp|^(t
zdmaw`<ol<ieL?uwXaXpJgJQ~TBAki-vaCBse<WL#-cQuwpN=&m3Hh%HPD&~w4E`k<
zN#ejZ5}q)|Qtd(f(_LI91Vj%=Uiu~;4@g`<{@JJ2zaA*Dzb6{`A8j143wLNQlLLzT
z0Z>qmsQ@gFSb+JeI3R53MQ*>6{n<b>qM3gr#V_CRLH?g}GrHWG0;sCG-U5_hrob;j
z1Oi40fH{Av!+G-`Ea1NjE6gW|yGC0Ac<{I2=MO|e24AJU-eJ7V?7{EPSey9QsM&ve
zxc}XU9xsFagaaeJi2NWd%$tM6w~;R*{?i8ukP7bZ`|d{p`hO_%{H@x+aGxM`ULUP&
z9{v98{qN8IcTe!Y|HpTU80bF^snf(ZKLQxue=`aH&$nMSAt7G;lW5t`XZfF6p>%vX
zUoU8o_Pl$sY`kJWPlXD!xx2kiwth<fQ|bHy;miL__s$o?|1}v6vC`|8k-S6+Mszp4
zMDb|<-W>nm=j1;|g1I<u|4X1++o<WvT#RuvUJMp+7RK}cZ0V5>2<iKe7U17(PAfDl
z<eiJ2-AN4O%VP1?bB~g~jI@*fGEyVCKh8g$-AK!yk=R`cg$$l`+IDyVOWi^WkZjr!
zJ;^@xsO0`6h~XpAd>W4butRUJib;t0PdDYl1j6@88wg)uz<1|&!pndR-4VV<cE;uN
zKFBHPpT&&pp|01=R0SS5ZMDPge~ZC?*7y^QKf@A!Bs@7wtO>URMC9TP1knMfcX+3E
zs(_#%B`0SxQFfN;t7A#dvC+?^w6qfo3sSgXdP)j4A)Pk!<<Tg9pYL4y-~O?ET9Ji>
zczh9SKySz0yVQVP@=W@Q?jpX^d2{1>sjIqJT3$|mD~r<tLUDt-3j<RJ*8h{E^p9PB
z;wKn+F<MRnEAi}WI6g_km~UQ|_=3YXGPE=8?q@qA9#>I2ZC*}}+=oWzh8T^R!D0~T
z&cBEHw_bf0FqOu3WVe4RI6wJNU&Ii}^)t}>V4D680fJz~4-y9!99dBxrmPVc9X(R&
zkoXw=yR*2gEYg7Gt-P&m@S_pj1%?|r0s9}>|0j~=E%Gv{uvTiZrw{1BnQC%9mAkqF
z`wE&q(UuVPWqOX1tvV~Yi;XWEMogSNe-_CY7auP#DheHBesHjso3UPDXBQc|hVxIw
z4RA2Xk#?2?;NjtR*q?n{;R!$9-ztb)17hbHz)$WwU14Ck<Rr!665^LgE{+5K-AheD
zktD3s#;Oc?7q;;BEy6!t!&byUDg&VDf<^eWrZ8XpLtT_#7_Pe~;byzLAMnt(<frH6
z<_jNIJ_qT2eDf%Lge>>rpB`eq-a;>H*U<(KQSM!>HLCo_rTH1#x^Eh^=WMKk9x&5j
z)4-XYeE?D0Qmtf!hyYtdi4N!{HYWT3+r0iuulPt_ma4PufA%Nnx^A9u7d9I3Qx+=)
z-oEIfZNOJ1UsZr`gSs<q>!r&O=&f&}qEP+6oCy=iHB=Nz%hp%srUm)6wXA&DxPfo}
zAMRrr>d0OCOg;NF{H?r<zp1}pBEGcAJ19v0Rt&%e-h_8~?e*6TPM{$a^M`YilGNsY
zdDAMZ#NBs9fBN%O|7C_J!GKS1d!hg|x6;8Y#s9P5zA}&mCwu<CO=Jzpg%sr7Y2M3*
zWaSjR{(!Fs>!a>d?`N(NIa0QVKIi)DyTqP`m-D+F%ol;XVR{V%ez-l-xBTzYeuVV3
zm0EXIAXvoT)X`*-fd1vn?4+-Nm15>~(DM|*(Prn2S1@ST-cvME#P<4C7&8^eQXhx^
z<1b+wAO!xE14sTZN9_Ne8h?Gl|4a^?i8$a1nm|9*XWaqJ*MLu91N?M9+mT<k4oQ{d
zbd6%AshUC#NXzF2#)`f?UmGn#X>mbB+DdfdHtFPb915;X2XyCHPqnM_)yJPh$7N=@
zK)>iQLg#CNzXWr~4Fd4ZxecoS)_45>KOEr$b_(#Xk_!P_IP{ISuRm{Pg`kLgf*+dN
z!Ykik2Nvc6*%w)GjFO5mysvn_FsrC6%6-+n3dyx$sEEyB%O0}}JKsprQVoWs@|T6T
z9Y-m3VdnaxBT;a9)Syfjhnv}leu46?tL%%hF_gL9RqQt$P*70vVq!2(j*gIwZ^Ll`
z*CYrQh?qLQ%6qjC5gac9@cye}-t4OXvQ=BiUtbKuq~*8Pez5SSwDfic!*}cYHO->X
z2A^mAK}~R*o|A#drkscdV|+Y**8BM@jsaqF*%TEa<O8AckqL<~RV$}tSzSz3_PDXP
zWJMil`z|Ayb0Rf9T^9@=(9w&k8o=>q3Q;6Xd(rL}Nrub3z3h^RO7gwF=J%3Q2HH!S
zWK+Op+Wap<WSfRLMN3|cJ`pvEy&)CMw{ggOuJ=cbbIJ;OO<ToW!w*MfeNwWShmCzZ
z=|Q>-r77*7UBxu&jH1lGNdP#@M&UeVlC`pVllPf&=)>rVY$J^p*YY0S40U^m@bB{^
zyEf%?G;o}7xMXDM7qD%K=#ia_j1V&iN@zlZgL4EYm8-oMd$+@oO<i5<`y6g;scUL#
zu;}%cB_S9XDkQXAa@JvLnAu!3HC=@upXrb?&sdmQM@|hA8t}2PyT6^SSohDHnA+In
zPpO2pj)rsQc=M3m*KVkF%{tdd2)`fd^ap|Kq;P7EEw<a++bI|sC7g<zpK^9Mf{%@G
zmKDVZ2c^A<o0%n7(6F$?VMD~h&H{zaWeLg2A9rs~k4T!~@(cNZFWx?>Ymsod%CNDq
zIBB+Ed0porxLtL3b;iP^YpWY9Zn|7I5FR7BB_{n)!gp&D67G%$m*+%~dGq#xZOPp_
zl;`a7Jr(TXA~HUO%+1dil+`9UTP}AE>pL{mGdXYk7f*Y~3($klE4jwFfDhVobD;Tw
zaB3mQI?K2BR0-_B_jvYQ^{`4U>iB*)m)Yz<Oryb?>(Tqjr*!+!MaOH;<e`E-R9JTM
zV*FmWx@BSaCS9{daGX3+VcX|?1H0P!9Ixj2j;ZAfbnc1FZ6jBO-M$X!`E**kSdePW
zV6Vsu>o~Ng^J0!`*|9IL-=jZAv6I(%?I?vl6DyV$u|BNaXJ)QZG5^C@8k=@b<nog#
zEK{=0i_mPR@qV`kj}du#?&@ZYi|Up#<`(-ruFF!8_MS03#Fnd!!$02*#JL0U6jZiZ
zyqH>-#}H;&YNN_QVcsw+{>e>tvnLX7qwObYyyUD@FkVU>_0M*e$Ugki-`aNoQeK4}
z&2=-fC!0_(XcXwJW40ZsuMMe*3Nw(zq6zD1ZjLaTtV|6mwVOFXX0~)K>#MVEo2E(N
zEV(in<kg1729>tb3C=z#%z=zz&78!9-KCtRXL0&muM-pGjD#Bo-8e=zn~cT^_3^nG
z9M$OF57)rdv^+eZS|DZ{=$p=6sPDP1-#IDC+l{!F@*TTUpM=Va{TvlGD9xf8%<>EH
z<8rZ7b&$x|k2uWf9T&SJDXgsx1lXC5s@0k9j;wIyM@N<9)P!JR6MS9~wF4KG6FCm6
zsBag&u96<{u;N&grse2_g@s){iqi6#uv%-$9xlSfHf`>S-x{L3Mi}@e$}k3D&_4u5
z;(VSl9fZ{UkFM&83m`m%LfOgd0GOb8LN-l{pY8F)Qn_s&pFY=x&*^D2yI7^{`RRva
zn|f^g$qF*MmDx76_SV8U*+{o;xk}LWf<3HsMx3mqigj*xx{qoalg_l!01DHi#ZlS^
zT(rz$CpQZKi7X$)T++QEK|W=<Al%}$$H%Jf<ko`WdW!R-%|S@P2g9`&Gu{2f{bLME
za9^?cZh}WftfEftcs|DH;k53T(slk$LeSwfy;@Y$tZ!@B&fLC@e)msX_sjUi_}FkZ
z?j~A~X|s-(^Thth-C<HEs#6<;Pjm+ITtnL2sA<fL$9r}MC{m|2?R=9N9BS=7QKo+$
z&eu}qqZ$-Y+<wv4HL?3JmX)>G=sb3$jZQAQ?$i=EIk=KF%V50VACgKPTx&VUPb6Va
z{)5ywndP1t-L>J_x(?0NO*bf9JE|8Af%N`r>}stPnAR;nl52>X>{KEN4A?U7bH3k3
zoG<fMoL%3k3|*+f^yzx{4F|gZV57x0!d#U{{$)M63uBeNsgk#EO-LD}j`77}3g?D)
zVj7cB2y6s66&AeEdwf*YE#*5Mo!LR@@>^`5hrKH@kSH1jgFfwdr^RI-nrE|iM&+z~
zhceY!HTYBHii_Rdid3=b^i5>VF3Ep$5+7m!2L%05P)=`jW+`fP^^Ky0>?;^BcMFzD
z24|#o(;bd-8}_l6;Pb6*g=jp_b5ChpLUKVn-O~-PW@axM#$Z-IeX4Ndb^N%6jgPbg
z`^DOUS@v#9Zi?yCSj0v4ak@x{{n!rQF?|jjubQdVG7W>Gybi0dNb18$CU*UHtt16A
zbKF&2+&K1enx(3)jj4I26^@E*43?7^kGm9bKJRS$496-`1-ysJZ8H;(<047xio%k~
zBut2M!5`KXr*D1=7&4|s^u>_(0V2y3m&@GzQPOQG#p}}_iF{e~7yvheA^>%2S+`IA
z)U{@s-Ou-Mp_%3%f0xXq2?GwcZaU0oHr$abqTmyw=YH182myDQ{2qO;SXHoU3(a#s
zsbbEzr=uofa?L|Sl4Q-rld(o5uv^|QVJ5BaS5@Nepu;N`g-xGDl0_PZ;RyGh{gV??
z8ly9JNbz*7l_o_5u7XJTz&esbr;?8MSCI%Rg5E0c!;eKpMJL#F>F-D)1=FO{IknNW
z>zn~%0%eeLgt~s-Cv;|iOn*8M>RQr=_Tv$%qePh714U8MAmy7cBDe}Ic#60|L-XKM
zL)Se5gyN5#t1zV1I?ghY%1Kp5=OUbPwaarX+ISH3?5?}w3}5&$2a|b32eFWy(ayE#
z_*}mNR4o!A;=M}jpx}-uP4Bu(L)<-Qt;J9=6`ZM!YvVLP;0AUY*_?vmRrOXei^r2n
z+>kMP9ok-U<_|;Z*vVm*!tWB941+n1T9zio5xsjH4BLPAn$w`f$oprl!BCtV0PU!0
z9{RGw2WXTXZrl8-&DKFOrLKT<p4WnpqW#U|q9e{yb%u|TN&cf*0`ivxKQDPI>=G!H
zeHr#*vuP;4wn~nEZQb9<v2_`K=R18snZ3Ksrd^Qy<oWc`{i;UR3PhNRnlIg>h)*(i
ztNVkExz^US!L_KYP?Zp~<0jkRGgS=)O2YFv!nIJR4cwz-7}um<5PWkZIO&XTw|IU+
zJ>|SOYgdP$+T{p1NEhoC!^$#DPVc212Zu9ioqOZYrUt<4G?uvxQS?X4hb9O*Sbi}(
zh09vyyscI<l|gu}Ywx2fx*cZ5w$<b)^+b)lNq%=0fWjkP@l=PP2v3Mmg0fO<8sgvP
z=3W=}?6*}pP_mGv@@nZySV)?4E>0D8K#%o&KCO23;HbgjkjRge$}ZV3g)@1r>LyrB
zMZCFjYo5_%L_P|YZzvD=<vcg)$Mr2U*O_clOpKKjEw;?PK~J~3X&(mnc!RS?fO~S2
z9ujBOwY74VmN+b|tOd5;h|G~9J)Dm#Io)?FeQPh#d=r_D^3zUfNjE4=e7Ex6r$HeM
z^<fP+Y6ek5(EgB(&683*zDh_i)~Gb~tr1u4(_}i2bWVzO==v4k#oY`-gr=W93Lh;r
z1L!)GYFmEi{VeH#jm;})@Gby_PL(l`KU7H*2l_G4e3dr(Ud%31Q&(4ks+cnlG`xN>
zac3fE3M$UEdtQT?=5y_Y>cT73$IhY<^e*Svzt|VvBOs_`$=YGYxrCHBi5}|(1vIk%
z=oVNnIlxh#J~Ij{EUc(dv_}3K@=ES#^xLhj6X@u@YT>~A8Ay=xUFCyOWH=P;e@>ke
zeEL^Nuxktt&Wr3<{FbxvTMZ5oKGz+cL>bro=dC2G!fE;&?Xt4fSwGXg8}7bdsodW;
zrbVSTd8J&}#Unu|D$<Qd52r$=0{4A61BHrkW|%<^sG=nZ&X$EMzpU48s*JkD>!7u*
zA-Q<99}WxmPQsup%yiY!29uIxv+bG8<Rl<M;3p#&p?8{w6USF;i9wj+rd^Z^vdCfK
zc=6dolFfaBm*zeUL9$wv?kOxjs$4C1r!LCcG26|2V3Cx%MCU$UlRZ<=iDqoPV&bE)
z-PPU7IU2LiELn;q53RAiYO2wA11j{<)aqUm9%vtqst-R)gMrbh27FXZ4J`9^W4?pT
zwYUv#Sv+p;#gR#WFSc)DqlMU=0bgF;RtJ@k;nIl|x<bGxR|ZWsR6pB(**J$om*Q%V
zrG!Ly<`?IH0t?f;OU<h>avEF5g!KAnjgLe7m$sT*VOLL<Rd{Lfc8*V#=XvAt%RjQ|
z9*_Iu0pAm*W@^6yQPrWTj3nqlmOG!|q!Q`C;=8J|0Lh|9*QX*rPyh5MeR!t?Q{*&0
zve>R|5^BQfqyZskCb+ER1mX{<cmiu<q-GsY8tyiwrJwkRpih13GL-pGk>Bi$x-}N&
zlqt(JrW$XVjND{Cq)UWvvG6OYFH2B6<K+lz(v}6$sZK~@RaJ7(Y!-NOde+ASyaC6*
zCV`k8ZAdZ|bP&t#Ax^;z>$OQCEFxTSLl}{jl{LFc=0DFNMYM+Of(DzhNfTmA6T;Wk
z-AVo{nkJ_6RVm3gNIUz`kO<{(aFo<~B{-yZx#D6{Ira6Bq++Np_`BKckJWW92*adw
z^h8L}O0_;MD6fAz%mcUjLqZ7c0>0PcHrV$jW5y+PWwsK{l9DM-64JQ<5r?@hj)CF8
zVs1J*Qv>yo{e-T|zO9o~Hk^p!7HkkMvTiVpU`+9*ldd+JYXcK~(+_NruKWBX_)27D
z^UyOfx@2uDF*QcuEDGNFfFf^;tp8!sEAf(GNZ|VcnC!5ZNpQ-~-}#axBs-N`leGkB
zQw?1<L3k)3HVflT)^n!;s;}xVnTXYuGt>?vB4RA#LtcYC?@;do+Z^Ks4H}<2FvQ^+
z3cmrn4AbQkksv#Vv`WTsL&wI%OfYqP_e%tVpIQWD%Undf5**B$Pu6qc>e_HGehgCH
zYL0&(&JUB@j0=F!Q(j$t`<XuG;HX5lSND_qJHGw(xHq{2<f4>ZCKPo%655p+s7v;j
zwcv^t4T`DB2iC1_-j{U6-@m^4Ai)3~uk=2@_BrQ~ff)r-lZwWUobW}~kE0ySd0&D%
z?ly=Ix$x<$V2Mo!D6*ocTbNSxvxp<|C%qZM$bX0I4JdXOtpg!Ty<$47aK~;Jb&Igs
z8&odsSRaNK+gang@nzoX1~UC$Ts9!FG>^wco1JPb;kfi<!&p&-tE2K9lcy)Xxn6xL
z@o6n*kTPbT%*^A>@iY23Ujwh|7*k7Q2;;b7T+%@iSGv8%1~bB->)>X-qNi3hOH{DJ
z)9IG#1q;w+K$eHln6Y-XjJ;n?<rpx=#Rj0wAd~Sr*_5BjZa}OwDypmAo>;G;b6rmD
zo0xyTIL?uOPcm<lp+;SSFx7{S4l^~$HhLkR5M|I+qi;DcA1op}6@AgIcHEdjqr5*c
zQ`ho*FL}2ThQ`cH9e-5+1o5#QLQ2%k;glD2T;an365`vouTtNj-0j6!%7&t@WgnPc
z?CtjUVu`>>Z(AGAcAU0(D)W!cALbTD^8g;`Tx)l(GrMtng5KM?N*W^)_fW2z14m~d
zrP^khSDBlA!_bwS1L)^^*8IUOEipr48|_^VK;XC=D;+7UsIfwd<D$Ym=COYzFL^J|
zq10Y(6NM+0c|daZ1VYi!)hHgq_DN;p^doyOof%cDG%Bj84PV9fi7w`-#q%SY(R*eU
zqeWeCY53DJc34SwbLDzytK=P(KsbXzH)UqRQDZO}Yl-H*+ydGFA;hMjw{Zd~O#)qZ
zov7QR<=n3}JvC9}m=9@;Djcgj5AM|Zl*n<x6w+gf89rI`>UC>B6`74oSl<1(ggEXw
zen<3srp~4Alv%hcShBrDT%$XZPjIG&hA{K|7-tQp+OEUhnVXAJCiYi+cDGtO3u}Bj
zyRCBTn4&(}BDqVaIw;j{-x{|pl9HGyMVKR?s4$*7L7pebF>b@$E&hj(Bl*dhp^iHf
zn`4V%@fORlBr^GI{u}7Noljwy!W*Q$?Bx-MHd-x_R8$CaAFiF7Z4BA!ka60FX38h2
z6R9z%%*2GuvcqID<9rKQ5BK~S5eggP1uZ}++{mt-m0Z(tsCsh33k@FA2tk8n5<R@m
zr!l}yQdVq2)z?83IH}(=%dF<=bwYS2+d}XQ{l-iODAy;xSJ`^o%hyY7nutIKnSMCk
zIWv+p<!;mqp_l;N!SH4eO;P(Ze$sGMyL1_CAW#`B-*>EzuOZ*(NEPhibT~dU^x`z{
zA8lA|Adbh*)w<u>r?-Oa`j<u{xnh}p!T*nkG(^x>dLN9Vh{mr-5jazyW7H9JqMlnU
zC|q{FC~q@7Z6DmLM^AQ@sm@|iK44txC7eHuUVLw`8Si^vi?2z?ZBdCrFRq3lE=?O$
zSOiMPWg(*EAXI61RgGtz-vcAbBQhGgk<nYG$=7tmZNU{Wc!1ezt??Zvkd}ob{TZz}
zSI2IO5#)mvKuKF_MP->%t*x%y?ezXjg=$vK!JKsCE}PF?9kb|iI#1+~euX+oBkFs+
zxRN2<k^;g)!Lda6X_sA*9LCeAqyiZC+un?#5eKf>#e=ftM?u|6>wH;EVT=r(0Figt
zCG2YSsWabyk@gvdr=^6K=^2OqIGB$!0K~<30yw#?8~5ffN@vmQ{7rP8#5n53@5>UV
zy$&T-Hg`R*9fx*#wQaXZKwBOrzviRQYlt$rJGBL4>`F1`YcX8iK!G{$4VtVDev$5L
zL#DAf9f))s2_1Wb<9Hv9X?ZSJ-qRdadOq;9>n-#lXiP~tZ}Hcl=aeD3;yphOx>Z`l
z(mhRmV6o=7Jq5>KtnKU0Xt`|iLmK-SlK&csMyfGBdV1t5prB9j_PCBWx3XFQB_8=a
zIOQuhoTYL;Kb%|ky&x+1FXDUlBh@+L5<d!-(=SVNQDa*jh479*lm|{BxL@s;P7Fmx
zbvbJ2a1MU_Az|c1dr=oqdrZ@tnDS9lRSHX_GhX^)I{^K4dIdQ9v4Ji1b9R-&L~d<l
zcJ=xfT9(?{@q%~Gjv<k9+qyUUJdYmVEfAt3=XOFI)|8lHIu(Y1qKTWN5Yw6*DIMvR
z_>v;p=B9+Ho?|bizVB}WbP2H-?wSK{(qRO<S16(+;zYF?AXi`eZ3Xh1AQ+}D=_Erh
zzOeN~IOyIiT4azI{_jOf8X7G$1~|P9Atgru>&HDf7Z_~(QQZ?69X&4<d;!>qcMO2o
z2s5uukrF{pIt%h}-M*94r{{SZi}6wdALbw_Yjp*_!z#KXDbtJDQ~NnFbSZ|CNT8|}
zIe^Yo*!7-o0nG#}RKsPlv}2ON$ar(4-~nPX(w}tvnRwmYZL#eLQYU>t(q=30NEKpu
z|8#M{0@fGcp%w3Pv$9;)0dC%VCOT1CC<rA=OG`hPBW77~w_wY#J46_bD!?^*h@(tX
zBh!b#r?Ve~)QgYhMPRE@Y^vE7GqT^T0%y1uq%6m3QjPwtf(1UVl5BpO9eR-2yId4>
zc^i7(1|6dkBJ&s%G0k~B1k`%D2<<&2-_dF;rg+I&WW4nlQh4#&NCh3<Ag+Nvm0>pI
z-@VDxdarQ*gp*iKGf}y~Y2~HE;mp=j*0J-m1|WXnl$)Au>W{rF+&?y_zV_^^#*$#B
zIW8m(L!U9cPAIP1j7S@WC{HjxB5%R}{$EO65Pkq|1*Lx!4uS!gM6+ybTR$W;y}?Ws
z8M-RZ`B`_hrBy|;D$3bma{tiJ*>RELb>)4RvEy{_an5ZbHL=SJLAFXH>d#)Uesr%D
znCRTjxIco&$wv@dJd%|cNHM~*&^Wx$eD{@Z+Or=BZ}x?;E&C)*yNl_#B2d=!<1B^+
zX~r~KCeIj_D5So-3;n*Nsnb?AKyLA}m{J2hL7Pyug-$&7FF$tdt&!di^E%-yx?gfs
zO4@+0-#>15beb<u;u94$>`zH5Ion}+tmR&Fp?RGQ;g8I;XNC@f20hsQrLYH+Qf0$b
zEsYZ6Y@MWeDf(-mGdw#qmZTVBYZN*n>EXfElCdyvt?w_-9e<6jo#~;Y+H5t}IUL=J
z+9=aGG1iu|U+gUSU{3b|q$dukWoQQTR}l2F)6r6}22J)f0);J2r%;ER(fORxADO-#
zHLf!{)f>2A@mwu5PC1bY^g;WazCoj^XnG7rQJ4#&!i`~wPQN>hD0%=5HoBE*{!RdS
ztJbn<+o7j<bdkhg4kDtD?H_Blv+@jH8aq5%J@{UcUpJW^CRWI(W+*0Vo2w6lEPuj-
z{RMS{!Fb$Ui9oqYy<S;rQab4J@Yk%l@3g)1?cIQHzp8{3<f5}iI^6Ni$usMSypBUx
zPPr;;&8S}n2f}O90eYgcZEH@+G>w|#RPXyO6!Q(Fm>86-_MO80p`WR~b`x_;pX-`W
zpbm>`!9hxablyO>#E?AMlqF$=c}Z+GtDN%YyS^(!Hqp6BA%D3r^r7Rpc?$g*U5zY%
z+ztm(3Je-#X`{;4&r6EAo~5q)#>zSZO%Vq2!6eAyr8+gK8k!mt6&vx0kHjKdh3j4(
z*OeVZDmC<cWK~?UIE@!Q4z?brtW>nK7ES2GksA5G!jjNkdZDtBL?VSB2=V8IxoZtP
zDx}?D57~|1HAYv!NC~jg>D)xXHBoGa6Mf`BM^0pa7UPM@ktO0r&HS1g`{|nqkn<D0
zqc>Zen?&f~C<>GDPNFrgwCU2eOYm~za0ap$-OR~prDJ1blU~p6OBj1kVjg7)iQpIz
zimMwZ{a_OIOIVMf6S-Bx-YK5Mr!LEhwOv!;<>8yCe%@s1Q<!{A#K=Sj8^vibh2tdA
z9%;Q)-3B5PddKozyK-%9eNqD{GY+BDtfXVMnH+*1HanTEj|ft$e#OFkeLJj*IZcp5
z#4cD37TN;8c6bL==Ykj(z(JBrvi@MVag;j`B*9lIWR-`TA9Hi7t@g>B3IU^l<;9kb
z!1K1rN%hyJwYM3$f9G{&!saaPF$6MQuf``b+3EZWgeLl9EODZV`0GIS_1<IZ7{I9$
zjK|TKNdj-~S-BbL2EM};X*eh#Z*RBRa(NO(?gGz1{})6CK7=nF(1uk66&DOBEUk0(
zM@{zdX02c8TeP!ZsuU{6Vt0F?%ky6!a1yK{_+0t;)abOVttsxF!5bH?qgm9AcMLyF
zyGtK?UZ<K}WJ}792eCqwpARRAv1y&sI$0qHS$U*()XkD3n};AtJ~8@if(|e48xmN<
z+vEBKogBCQd{mG0y3Y94M{FHr`~y8!f&5i!0~pOU1bh6F4``<S94$EW7$G=2o8SIj
z-4Q;h`N4FF>dx`$<6WmT#&`)ORJH9by8Bw^wU|IxTK~IrpF>o}Q2pv8aV-pU4#0n)
z<YfGoH7hSQW}`+?n*e2?O{$CLiq)xVFKYwZR^R_LpuaZgd2Kx8l`-9W?bh^C6@ngK
zuPZSa=juA`=g7t!o2ivw*&O^B!y0~xSHLdhV!zYTaj;|}rK-c2LdWG3$Z7OJb(fn-
z?SS3M6VK|4-Ap@L3Rirhrwxx!9g0jaKX4tmB`XXB_S(8;Q#96K3}czwt-aUzDOiJU
zl8^2BK7H6iKIVH^g+5>so^QL?yYwM_6QM+H!ocYO?--GQ-|lD>o3s7a7@HV8n0ML!
zYr-KXrO3oIDffE$aFsul*TcB<g#AWAb55-uVVmP|gRo=$I_Bc-llbX(X|j$sQbqgS
zD+lrdCZD@ys=F_nbREiB46~HXCXVQ(GwL$bw=LP-mVB1;hO9VR-nZ8~Ma5-|sk`pi
zRl~fw4G!DRX}w29=;;%aQ)5N({Rd?+cLemS&@P8FWm*N*jXg5FON}OpD5XH($(Rn>
zvbs>N4KEt}edzZRCfBJveZKu_6`lutP6&-?XDR}CWt-8#G2wI+BBKEnmiG3cC>pyC
zB81^EMr1PSMRekrT|A90dzMqBFg1n)W1<GwBFNHj8l6iGT?jm03k*f;sputZ)wyiO
zfChouLQmIDpz$GiF)|pVy@U4n>gYF}!USLdv>o<F7CE($O|b%S+r6QJK;z<xY<?m6
z=VS8?gqiQVBdfUauPRgKWzZ4k$cf)H7^hBmT}439S8X*`)zCkRNpIQ)&=kd0rw1@7
zJGWyZOG=~*1{KXZmFjFdTm}K!j@%slN@NU7&wE%c5@FR}#g92TJvrKkCK-`9(Htxn
z&<MktSfM!0;7u3iDxNMmsT?nnGh2w15$(oowD%6Bt$_V2z$q6EWsOT^0bq`q?yN;{
zuMF(}Qv2bXgN620ZbVx(+53&%yXtb$NK&C=0`%~YvGqf}9+{RtA*a=If4K#?jJ)(X
zO(x-P6^Q>Czp=sx04b=x7(}kyo-k4i8K_DMLNY`-m{xE6W-ltU`iXty-j)0~&DRh|
z7KPo5Ulld_81)!id$99>aTjx29`)?6P!A@_Hr+hZqyvhXXW|0Qi}uG3Dx-mYrZ=Yx
z#C5hkog~=4Kjf42@tfr_9$DcFtZzr_CRgt>=&}=+Id?tRN?Z4#F@~~^wV5R+ACIrm
zM_Tx_a#EZ?P1m)@V-v7$)s{{SJa-54GUsLtvE%QwwN9LTRav-7LI`BYVH*;YQDg-f
z6)EZ26f;!l6!5(p#@rXir5pvd2VHEo7RtRJw3FM3C~ik?R#0t50<G>HV_D~0_)Zli
z)<*JT!Yw)h4er_aOM^p;XU1{R$9bh``f{JItNJH*AEAqPJAJ&js-LfnE>A6dp0GN*
zghrbyB|z)GEqmj1RuKsLSDBcdxCf`tjWPk&3yKP#`JM-tIVX4b9E!5_E2Pz7z%=Zh
z>MJ$haKXGzD=YChxH5daULQh+_Ew{&ic3$oK-4FF*r`Ip%a+I&*4rcDQO#AUS4tpq
z=TEie*YwRd`gcp$&E<%Vi{1~X-4}Bf<<2QKU)gPpjH~Jig<%PDT7ilhP1oGKmHOdL
zjmb6LlUj4r{6i!og)d}Ke`rWZZeEv&M(xCz_XK|LCP#hnqT7ZaIGfpNPKvZF+5%9p
z`s&~}QU2dko-Y#}Q}^xSs!uv7=$JxH4?5WPIM+BnWCwSUaM)inNUr40JDBY611DM)
zrGr%d&!1m5%Sa$nt1sH_n8V(2OyCB+nh=L4ic~E4A1(m!MFp3pY7*wY11o(~8n*jj
z4_F6m+dRoKG*f$E(H47v{c^4X*Tzb2>15o9emlky&9qr;m2m9E_^Zde(GyAyin)W=
z%1G%n%W~wQvTtYObEj^m&v}n4gVAkS*w`qM6TFP=$Wu5MiFS(gKPN8W!%|c0ml{c;
z7yhcbGTKlJ(=u9aJ_h1$pk4zM%vvIPwc8RJZ)uN!9vgybOxJV<KB<RXni-L2Tqv%+
z;P_wQNJyPO!MEKzlsu=YgYozgIW408zP>mlP@r&}*ndHzJW0NKK}Aj+uxhR-$0bS&
zXWLVF$uWkEkkYY+z9s9{?C8SP_np3c>pP7~^YD?EB+Y#9<1R>--39ITk%uowpiDDH
zzWOXkS36gT=kP$OMlZ~uEi4X;!}C*T1$$0eW=PrX?YMoPNRmGNk^<IEw|~~E<MVKH
zJ_28QU5t+BBfMAdK2pTAjx(qBg;iK=kL2@RIPaZ#O^vk)*BYy%M4OyOixJ{ue8&oh
zq{hI+*qn%_OB`pvF;7O@kcb%$m26BoJh&vyxsn+F2*b9gpYQq6hn2(qTS(*iB1NFR
z%h2O#vxVvJUu{a7%R<vjW<NSu-*DTVoY4D-K@oG60}iu@Zz7w8STgg}{ZO~$&Sc$o
z#!krLR&KX<Njj9h3UAEOlBx{X6^>Gww&b*$0RC*kFP^bYM3sq=QXKd3G{@;djPZfq
zglK7>ZKreJ&o|_krnO_`_fIFXbD(h*)4e?hIEeBgm)yEe?Xfp50?e$nP9wToR)-rG
zP9ol%gFVu@k2SOx*TP(!?*|r<A{5$+>oO$Od(lsG*&R!lRmHKdR7Ur-(W(n4>Uamb
zD#s_{P%|MlIheEA)j95V7Gd9IU~;p^j=e?9J9`7Y)B1Y8W`n{f$-hTmFK!^dr-$N+
zULd5(F{v|;4BfRNNnk8Vu}hu`o+f-7XHp$NBKR@UeACTFGIm4`x|Nhwg@~wp9J){7
zq)@)h&23N*fQw}XJXX;)+Fn%THvL4!?H)P~`%FNuCWi$4{csS<8{=BFNR?7aRDVky
zfowR;mw}TC&9wJi9n$Z9X0<QL(XHx7J&?#w!`84|lQPZe)|6up+;$4&WFE3GxCho=
z{oHFk(1~OfBaPIqI5eW_f%sj6EKwjzMF>o@hK#?ClS*yzc{&WZT1{r}aj$>)_WHf%
zwXlK5T-vV$D8FKL_8kiG`kC);*_L!x^PqsMM9wE41lU`O$Apu(HDj_e<F1MLmz-9L
zd{9M8<#E{;pxi0)IW>Db&&y|HChc;!06Z{V&|`|i;Gm>b?M}agRA6*~R~yj*iw)KK
zN2?w&H?$e!p!(m;KFW^0Mt8HCwcP({rTez~zv$It3O^7B!NHwT{(+qu`9!u#x<e$9
zo+L9lF>Bi&DfQuT%LS0xiA(^{Q(<gUBW1_?H}o9TBG*e-xXxvjo?jT?z&bY_R?HNg
zXQyLkdL2-9cc6o<?g^~yPn{I542Joq*+JuP_>QrBr=1crK4YZw2(xU9IqDw-HQs9s
zD7pVk_I7^`TSRZ!o;n`62tjXtlwTpm|FF;g!RRvc?HzuY3%YH+%)KEQs_b?no5N9O
zw{`Z!2IQW1shZZ3;X_x=T8Wj-RCM)fiB5yD6j5MfdPiaCc(NCY?>0DKe^>XwaGT~a
zLi^!2)X5i8c(C_odh0&E4=4=?os}j%B&pdAW38ygLl{2bW0%SdY1T(>J*^w0yes2<
zsSdT}L2|Jz+ZV(6k*s~iNcV{pY8@Hh{om;%T-JO+=DyBF<%o+_kitt1>6@S03>Qg2
zv+}1Tft!^y7Sig%l3GRFhQbQR&Nw|Ktyv)-ot+!O7OzagH|slPVPx`pDxr_0ROJAp
zJk65Gap}zLu7+;vCpa+4J3W>l@r6n=VqA{38HWB?-cYV-7<3sDQc{;&4?p>V+yD}k
zBdf!`ScHhHLu|f0?0`?P`BM4yH?H>wGEu^xO0>VGhM0y25EBuptvDrfZi*FrNoXw&
z3}CWQNpq}ZzG|zdw>DZ^BPryA18*$SMe;__oXvL(aYm-&YpfWdqsngO);S2aJNGRh
z$xnPl+^VU%@^Ek72dWS$0_e&T?1J|b3llm1Zt>2U*oWsFoL53C@ohtXw@?8^oOXh!
zzC~5ceresmbBj}#WmD9CZ&8F$$6W|Q7Q}={ev3Sd0>EZ5>{2D2n-+wPp18HWQ~#p_
z(m}Vaz;VKL+ZkcrH83k-N~+(Q3t$|uRK{a3&G_&{yT_v1vlL6dQF?5%*fh9nE;SDm
zInq(!NM~lgnIMG$AHc3+{>S9*L)6!)>m484Lm%P;cOfKK7G??oV;HcpES7Yg&ZAW*
z3}Tf+Ij53r{N$yQ=Clw>jC4C3Lhr}lgdePM!Rfb)(s4i1+uine@^pDEXl+`~SJL=?
zRs;x6ngQ-wLlDQs+E0?F9Z&zO1eH0AeMirW9R|?#==6k}sy`(U<q7EF0n4$Iv`Sfb
zY2zfk+=bA3mpR&6CW+G6eq!P;P=G<tm9~-Na7Q_N-`F9C%l?P~XDfotaLZkY^y9r6
zf!gwnzQfQHf8w>u#nzuV>T&a$Etb7BUUh1Ww#9wO+jVLkddAM0n`>B{u?)?`%A*QM
z#+qFAv54*lac_%O%~*Vj62^H7H`@f^0+FE&maO{qGt0G1Xk_S$lg?*8k6#X$!WJTp
zX%6fIdxPZdC3D*Lt~)#G8-LD;Sh4%|2FW^a9dD{M)lbnX_BWlfIR3hEo*FAPcK;t|
zZvhnN(sc_*Ah=s_cMI+wg1dWgcN=6NxJ!`W?(PtrpuvN?yA#~`A9Bun>yvxVt@^7{
zMP?{qx}Wadz1LoAZEyN5q{xC_tDh~5fEG~d!Se~c2a*=MewUH>$fMY4La~AQzr?hP
zcXP^?+C6gl(-@MNee=V`a~5kqN=8OZ7EE1D)OqY8oj5ZtR#8vBh59ih;w2<4A(5BW
zMK_9O|9ieM$D@Hyt%;Oyk5W2W`t7^aht{mDtn?l<8M>dJg^+>{Vn0|?AIch_gCa6G
zHDEf)PC|{PQrX#P+M}6k=wt(dXpYzlx-f$RI4@lE6^wX>1$DzI(<LINBsghm^~fL;
zxBXQWH7x+4DP>z%Cgv3VJgdU21Yq7R7cMr^iL3#rXt9ND<&mo8>ibULNzY-acqqkm
zI7Tc@kFGB~8%_#?W#1v<eS`^t8F)Pk0yFYd94)pDgNhfxauB*_L+^QPe2YCUi?<F*
zT$ob}s)XEnhq)f<T;^d_%k6klFX(Bwlk*+EtJ`nJkO3qF^thckuq0usP(V&!;RF<7
zoPvgV2pAKmXT4^2mNVuV1uKC{f<zl#DDe-HaWC6UIvZ1cyh+GSmk_uUDK8Tm{GE12
z41h5nL8<s*Kcyg=sxgB4%Cy)uYupE?7S5(4Pb2LTI~^6fgDx+DBQAO?ZO(*}g7w>v
zf2no?3~S`wHx-?4{LPeWW&uJBSfDkWBBJhL>mjsmVUHBi_`6q0Sx$c}lC~H?!s3Q$
zaoX*<x+1;U0CMnRoUqd&uaIHz?xz6**AEh(#s+fmvh9^^DA?-o@(G_VB<>A#2%1Tx
z_auB06hLRcTU79#exEbkAB>3BbW4xSJE^5^6%qh7X;<kh>n5$`q>?0#^Q9E7>z}Ox
z*$*fhWcnNxH~nZ=T{Q#;brh69GNQ4tTuN--rP1n8*323ynqoRiFzQ>YkB(_#PyGG4
z%6q(beS}c-`F@>|nw8AI-u|ZBgV3$6xwve``#y~D*Ly@u8uOWDKN{ZL%WQp0Y9>`K
z|NbIMJ<kkGx&}{Bydi)hAcJ7&5smv~DZy)t#^z~MJj5}_e1?e*o9=gE^qb-Y*^s)=
z3zZoI7AfY_!9sCK=py>WLdsL1#OXM^?905gwC3ChqNkIq8dxfRgI9dqwjA-3T&}@m
zV2Ao)8L7-Lik)$6Q7$?LI2CZ~agv;wZTyC77ML$V*Bx8OZ7cq&AdSHLchAnnVa-U-
zWF%}PHcz^u5|lG7zrFJGTq6ppn8FD1U=#Y9x_Q5@#YUxHuM=zoPxJyC?8~Exj3ll7
z{G=v3Q{yuB^)6iay}g-)9AT-pGba7b{H%7v{m4hwUSEKu$#Cj0<umwG>uMPN1=0g<
zOaVD=x(@0SS6A$86-RxAQJ2Zlh8ry|(_V6;u1kz!3wACwgGL->rH57}gTH)j+el#Y
z_AJgmu9B}~QBxMx8WCdHF05BJPENAou(+f)QMi#+<mBQvgwLdMLGMQ=_O_HC9v~+I
ztetS~!~4U?&r$<T$$E{h!^vI3E3feeYLb?kF<thSxAyMh_(P)QVxT`YqejRk^U4I&
zu?6nLJN&sFT?iF~htmxJSsZp>Hsty3lKBB@!MQ%%za;Q_5N~u=$q{v9khAT(xpYSl
zcL?;c$|iGV*Xa#=DtMiPV0}zZRxdY7Mzd;U>pVZ-{>=o7=$UNeq<B2+g)1da4bP5m
zwrNT<k)@WuJru?64W+=`8n4&6k4Kiya1~8lFYY+_o1a)%;$qI@qx0?9w1He=a0Y#X
z)Z1+#&!OCiS!!srlpZL_MeYOqFxNh#mHg(dG?<o_q?6^L#%7!CM*cbGndjT9nTwSu
zo@UQY1bpfC_UoVluwbvPHtop#l?j3b?#O<;Wp7-3`VgWKHBgZ-h008+;7tKKIIe&H
zjS@8Lxfj70E^0nhh<A6igoz@h#-PU@a6^<Ns<rM(aqN3FN^swTmClw_e*cuTe=*>^
zFeh=?K1~PQleWR9zIEY;c!mi?5?qvcYLh-t0#`>ho*={*oy}1gP<Y35H5WumPm?NQ
zTDu_Tu`4sCWVkm%2bIma{(N#s=-a4{-St(fF03w!Ab1$Mj1HAxLWxU9mPxsGwK>`6
z3UC@W&rxaiPHFIYYW!@O0RDx=*#6+*G^L`p*Jaa?0luOhPUC4<@a%=3*WWr_Q@v!G
z0}W4rkLV^<zSr#G)zi|@418LRj~`y+5YtHaTlcD2@ezsi6rVY!7#9HG@F>v{MxE+t
zGSAc;^dI^Q-3UEY5Ox&VOy69^R_p#EOn$&TaajS%9XY*=&MVA0|9J|{uv&Y6PKEb7
zTY%y8?yszoV+Rsn6xS?dOl~RWmlFZ^;3(v_`~)yY?qrqZl(~=lA?tYy`OP#Xr!w#A
zHlh#68FC*c%~_}^*i}RN$ykf*@el6$Qkf&W?WH@vFlchFWSv@lfHNn9PtT13d#Ee}
zjPfEwF&m|2*p^&_KOmMxG^N*fn%Qw<?P1&0jFh?7gH@l$CfFb?xfxTkb}=&e+}!aP
zRLsXT^wR|nGE3?7jk-FvTK6r7l)*oH<9O(AYA^Yr=1qi$u(1wQ{l6s*QC}Fnu#ROy
z0bq;iV~z_vKugQEJn?Lr0Jo%zqG45ngkxHNl6cs`KK_2z5m}?_FtfBR;1E!kw)J*U
z{7%wYn&R!mjvyV`Fl~um7Eb?O`1<+b9=-FK`5vHI-%XKLIKxg+c1Bn-2&6^Y-Ndrt
zx=awJdx%YKg?<34cr&R*B)rY?Q*5?t+{yP*QDxvs9!0P1T!mW0QK373NUN*8OH(f)
zg|BP16{Ru9pw)`21U`QDmreBcIJ5?DYQqNqII_P@#&wVf4dlkM(wgKL+Z&##x8y|)
z=_vl~tXT8zF=Hin+^=5v>+=S{AFAEj$O&Khu9{kR^a5w4PSMUdx$l<K7Djh5OPb|~
zJ)a?#Eq|BNQ`CZ408t0g#a}!X4DN0<v?<=-^&v5&imo)9edG4L&-o)%*p;$4uu9YE
zztnZfUWOcGpNM5_wN)AcA*1krdAjS%ke7BMV`FO=M{pGo30jCOeA#2=t#`17@vniq
z<7IuucyyLXQT78->*<3d%|#qSoG$nK3=}aA>EZ0aF8qr_HLaqwu5+B&f;SbF(Vqe2
z-!n7}I<K99HjmA?oXh%g+k?fdw-BDY^YQzJ?YY^#ke2HQ;Dg^cZm3{oJbU6ln%bKZ
z=T<$tdrua6Ci8=v_zzvQv|A!D8Fd$}`3(b04~glD2TW&Z&mnZ@L&Sw+LoCC<%z@l2
z+@OHUpZ42Dn0;6<!*nAYY(d3kJ)()u1JoNTAPMj|l|KwplzgPz`ZfviYjXdT)*BJw
zEeR@dm?VmF{$|%Bc@-|Sv0WFVg|v>r-SujqRUnQ24)Z;kbMWcM&P$0KdP8QVA)`{Y
z6R4(+!3np$qs8D&H(K9M_zu>?#TfhGq7#4|JWKUPEG_(eUgMsRZzYd0N4+Kf>sNCG
z9jZ|n!<a@ofE|^>US4qK2Nj;sym+nrlCJ3A;=w8?0%{Ayx`zJzv|1;aJoQ{q0wM3u
zM@>^l9YjD~6OR@TeSlaqtJEwdlftAFkP){N6}%lDY4o<UbJl!PHP~A3x0wq{xSY5=
z@g;j{jXxR24*Tt+c+8(WnPIyQhSeT(`KIektJMCL6IgO?k44V-2f&&IYt<Pfb*;#B
zt0-!Bl5xRG9MY@V4wgjzMxsA;xO$qrt^611%_-yG>WMKEz)+xR!D>!da&R`nVsGD?
zm5wJuHbwViY+poWU@suGl%NdX+7dbN3B@TcvsCOX2)`hM-9e%_!#X?rDhhyOBz+_V
z)B}Vh&C1S&>HLPoQ=bq~k~*_1nR2T4Ce20Bu~G8N+XvUH)SfJFXGY4Qm4K37&qvW;
zE9o~O`+6)v!P-q0xKopC;|_>QjU~Ch?+~Oj1)jIxZ4r=d+`++hv}xDsUWz>bGRW$(
zKDu~ZAebp=T}~!9ahOK=-$z^c`P9<w@lopi+aR*xjp*DMnv#RvbKB{0pdLM`nZjpX
zi>iR#XRS@EQ+Kq76I0(*taiNxi)pGeLP9SA<p%byu|lKQ(vj|R9Ctg~{smy&7HN1J
z&S$?eo@6ZDq<fuCtXEXrHW&TmT4WFE59@S~Ez<Tb$&(1(_XX1Yji)7L58rp$whfTf
zxT;&_$Np~P@sLgPesbe(o`09^H&ZvW(tXXGstevS4kDDdesy{JL#F^CM_=Nrvi7o|
zZTY+<>E`d33r^S|W%VpIeWc4w?f8b?iHjQqmMo5}fPi=QKzm7c<g#8>>^B<$K@p`5
z^YK$wZqo<((6#HhQlFHJ=Tw((3$PyAHib~kSN_0$=yqNe#KxyvsOXj^5yu`fK)L-@
zE@FWVsmsi3sG$+&>|8fFzL?$FLP0@ZWM?Nf$0yhQIR?1LabXHcQZ&O##OMXO9?!}m
zAUKn)hj(`y;iRXObmKb!sMaN&YAv)PfD@2q$S%RO7$K%{@4#Q)hx<>>H=9PGj!aGC
zDf%*FpVPTSe{K6Yt4gPreOGu8)FBni*~k_fVs8U5K!M6G$%DkkX;usl&c69fB))}A
zaF~vXDq=-gc&y(x-$u)E@nd@G$v81g4oxSnL^Y=9d!@c(v9Dhh;^F`eI*9(@mQGe<
zJ$%RFOnH?&(tw%qV=lSGNA0ba$f&Ad8Yb!_Nan7%?^4r=!QjJyIK_OkA$6R%Zw$?~
z`j48$rBrJ7)YNay4?%-9Exx1Ho0i99_-A8ZMdBt6KdlTGc5zauL1-Osb8rKlWNUqv
zng_yFI2W&hjcD8zxO3)Bs@y6TSzAN8!0$3pl8^ZGEM<R#`ZYTkg}m-ufK#)|D#V?=
z1dY-Q^pY<%F(QM^QUBS?Lhv&RKm^4SW=-B*RpDd~J8s%Sl?;!v{~r1=b!u_`6O27m
z8eWT&4^KHyhDptP>BW%4i6_4)r_7eX00Yt~@*Fc!S$OHt9KFX)MVxPjw_$GgXLst|
zoPcg=MOBRe01*JtJy+MGkBqATKX4?O?VFe9aHE4{-nBa284{0a_Cf_;lx&7uXw%as
z+{u_PhL-H+m5t%I#C{D%fZoGZ+_%KNh#w11IsWDf^m{UC^WfR}1TRsbx9Gr>hag=`
zn9hB?8kNw)GgvCjxS_dMYz;6qSm#w*du1gHyTfaZHi~5L_2|^4yxq29Wp^_E!b5~F
z5r&;EN1v@6m*%)}*?9d3+OEYU$rM$+g1tO5tZzQ1NXp`+_8R=+vH32DZ@r)(dCh;9
zEK`4+uGFvys*`yVL<h~i+THNmEPU-Wirq!cPUru(*sc=At#N`6Wjj@eGm!#GChJA(
zI@_Y-RM@kAx^2P7xa`gzAuhGceBX{~mDN77Fl(H?+y+uybxssv)r1&dz7q1sLZgtO
zfZ5xl3K1+hvcnY>6<hE(n{=yj>^3JK#c9&WNGJ==+dnvn4;G1xc-b^4@xdG)6US9h
zeMT`c33eyrgFo%;$*z*$9;PL3rea2S_x4Q06;a~Pu~&6S`%`l#QJaiA<23jHHXeH|
ztcEr}1q_ha<ULz9OuMTL#WV_)Z7|%icbwIZt~Whr98EiOsp%r6$Ab_XdKT)b#CU_S
z(o!#gg+J9_V+<(14vVq&DqUcPzlY$zqNU{tl90hplr-$q==`LnrZV1CS7N>YYYl&E
z^UfL1VoC^~9TFZ2*tujS9N-xlK<idMXyv13R_KqLR@VKUet38QMyA_ki5!3c%3Y0g
zUmLrkF>5XJq4GBbu8>B?G-$WdGlBt~?^xOou78xooO%Oi%~nYYp0YY?{e8Q_Ro87M
z<ri#3U0<<o^agEbMB_Zl5^r$%*C`J62@im@57aEF0k-5;rSk@#_gI2;{RV8%_*_k&
z(tPGeSX^XDgb4at$I;h!*HB@*s^wby(MITHyRfJmIeYt3as^d6K{Uik{ES*C0d%Hn
zRi=9Plb~c1*`b1Fo7RtM_kU>3D|HC>6j)7YAPMyby+tP!I17ikjl?*OABeh00_S>|
zEus@$?GGq<NRo=3^-vk093^o+6gWPo>-c@Yb5xgC9)}-q#Ebe;E(S7=GjG0|(NLFU
zFA#!?7K**>Cwf>dC4C0255)BH=y|SOHC{L_IRlGjT}w=J4SP1X<%uBfmElB3REE<)
z!c<YWmTj`yB3VGNgSTwQg|L0=GJR-IM#$LixRG<`&~UyK%SIND+jp@Y6t;VLjj6uC
zdYoH8F>bsgQ$W3OPL;fL5?<7lpWdcf>!a)4?pRn)f_QYJrAtau33S_`ef%BZ8X=li
zUXxPJ88*Ua7&CA`H&e3L=<Q{qG&1*Nh2R;6oU&Je2TrM?*^z;*iYJ4~`7*V5fn_w2
zjYx!b{?)0E-(nn96L=aK76DOFR`;ZQN$d!}ehsJjz(n2bgAOx;7?<nc5@;!&60IiM
z={<L0<@aFQPyFDNr6$yDx)EmXi6@bWi|KKL7diuYz_gxQI~!WM?e5HR;*JfFdPOkc
z<ls5iY9%NykB<v4aOP^7sMb3uqi~SgD^<y@;SGF<6{+g!>7i~YS4BinbKC_?b_dLM
zE7w#TFo85|hIkYWaGSFX3;r2il$V#Zq;oa?G>*Dq9&dXWt~A9(|FgQk1F9Uzm!yw_
zc~Q&P4qYfEg5Jh@g{V^y6Dz<hs50nTAS_YbIwdl}NHv;VN^(sZj|;!*2Y?OUE$Imr
zpEf{K&qHzl)U4IULjmv@lSE905bV>?*0MRp%x5&QD~9^5wb;+`!m|`^t%QaQ65aGt
zAJXcZuUgYimO>JJ{X{^mCe%B8_G>KpfMpw^W77mZN*u#UM2FOVw5dNdjWJ(96>T~h
zOu%eMmYnO!a$a}le(n+yeQsRK;5WMLY1M_D)=3`gJ336Nfa24Lu(_lm44)WQ7Mo5o
zNfXnW<LSx*Fb84}AQI;Xu7BIyCRP*i59^r}qk_P#)kc2Q%6YXDNp8BJYX0I!Qe4l;
zHvsA1Fn5vX?X-!&;8kl-($Y#9X1jm;f{1$=>GHR?2Nr&4qgA7;J0bYvQS?7tasKo2
zAr1h<yU$#!1f_wbZtTY(r%yMG+1V_LWQT%tp^s|$${1h-K6J9*hDc0_D4MW*5yTKS
zoX(sKu-*2kyo0fJDr6R}HFTPr=ytbyiZ;4s{MGSPBroY?CyG9QG)eF+qC9T@7Fffg
zWDQ2s@z|MYdSCzeMNn?oRV^?*^}Q4eMR<1fFJzjE(!7X;tEB4b+@o}D5md#hV92i|
zRF*d8IZNbQwblvezjy^2@3gtkC#&{1_H5HVyC`^bzACvM3?()cT=CFgE+`{FG2-HZ
zU5H330M`Us%8K4DF|)r-6OJdB)+xEzc|x`~^AxPQUu`X30+tC;-8#KL`a}a2yi}R<
zx<4v*t+~t(ue~3%NDkNVw9pey4mk+VWh+tTbY}luJ3(@cx>Nj`vKti;$uNYGr`8p9
zjW?1=hJ}QvtRtbA1&bfrS(emT$OtfI{V+<eb4dB*6CA8SCjDM<1!XtHZExSq7bFuL
zoA7;}V4KTaKtQ{!PoWLC7<Ec7c6XagK(L^4t8}ipB?DY6>;(*z)QgJ7{`;M<s^#Tb
zj+_&d$uV3*=Q;%2nF464o+Wxtvc!zrAdN|5+HKc5LLiyXZNXfWn3YGtCH46yoysd{
zh<AWj$10%MZvt5D%XBF(ViOOnq1<bJEm<j5+XLlzXrc6n_5&5@pFlF)w6(m$y|p(=
z$-wD|sxulX9rN_mi*@lMVX4{SV&`}E3DGLeYx|!bfg(Kll{wQcm_9FR#&S$Hz6{#Y
zqT-|a<4?$-Brjava`{d+T^{nVKyuMy?tP8jy4IF-7Zp}TXGdJNI*m^H-qTd65X6Et
zKLc|kP2QfGN~!VVWL0-Jx1t4oY?U>yClPIn?y*m)N@Sa7ZLJ>SsoMJo7WYO*XA1lY
zI*~3Xi&?1=hdjhKq9pKN<<&0_CrKI9Uq}UyQD2hYR6KD2P0b->QQvoDuK?{g6x`jL
z99rXOwdVG!t-Sa8rDxy%3t!Lj<?O35fAb7j5<1>FWy=9H)h;sKk82NDGZDjO7xP+r
z6FYD-8uzTc9>`%CZK9BP1M=hlA?jZ?wI4qGZYweGu7p1md!5q0NE)7V4YPRq$g=lP
zLlMh)&BuJ*Uh8hS;$Pu-$>ltn)-WpwoX78i<nY2rgLB}-3KT8E$ys$>(~7Mua*)_n
z#*?c9kE`!4FX0gbsIt~R@{$)7SNoD#Y1tP1{3)KyZ2d0i6K-Z|eRu0eVa|OrgW9in
zG1eb~1mcu6tD{02tj7|nfV2{@E(N?^#5mw|juhUYPAheK?31l;snC9#;}qDp{O1cU
z;Pyi4BZvjUz(lum$_JGDx4wQegeT2`Ju-e}v}H~CJ~%ijbM!{95F|r(<QXxc;@$bL
zn+uk6@jZ|<&+i5!zrTIFNp|G&ltz9$NQ1lx5Zc^kH0<VlF+-E%x5FnV@BMW*?6D{3
z{n)Xzp1<w7#pV2TyE9h{bmc-o%;5eh8=RYcp^h`Mh8sJ(M9WX2d|B~i2Q^iTm!&gB
zU;FzrY5e4+?sxu-H=CI(sGpc(19ZPC;AvL3rMnzcxkQ)j$YDfaOZknDmm$1JQ;}Ur
zjzc%TZ;(92OwNxB(|%)AC^wuQngy)Jb~#>Vh@$}(|49FhJzh1Nt#TVG`^@xowWAtL
zw+`PB-qb(ZnE@t&FM2Sc*TSsDTzh~w(akJX(^0XbStoTPIu7c(U0Gb5%9s`*Lw*45
zTK5_<vMk_^cR}@9Egh&NT<+2fZV_cd2Zzm8u8~slm_i3|-lk=3%d_#gTIX$VQ^*6$
zb+_Q<(-m+aF1`EbwF~(Fd`Nq#@~^H=eTL!Kf_uZr*G!JLk-8@u7xNxSz}6<m#)Rse
zWop5rLY$iB;xEtrg4(A%T`A+?nvoss=LbwW-j^>$5ZzUlpZAHLz{H_x{9U_LK@Qf|
z*5oicQ)bW$W)?Yx@PN<E%!@OpW#Jg|KZxZ13QAw1(158)-~>VTXLM#)^?@IBFU7Af
zAWq4B)S}?g<6mq71sPFx3)QVAP$6{LIqm*qr^A4TjACkM2mS09Me1}o%akxkO!}{X
z3RtVSuggwCBErravKm<l{LL<e08g!BJm!}G`6UV!@B|XGg>QoV=R&}L{`Oyx=wsYp
zrb$Xzh`NtXkU0y$+x%hxJt?D^eD~jn{a+&T#h-{$avy{oK{~QGgNB{<hc2x5;%-#2
z2y^lFA8XhDLx}L;_t(c^0dC??Rhdk%fcaG$V1A^wvhw!gKgaw3_?iFx@*xEHEy$pv
zTX>%Y0eZ`Dz+ozr@x?MI;bM&a|1rP+M-6#H2plWO*$Tt^fMeBj%F=t3m!G_O<zpzu
zqs-{w;Lx%^+y=f^zFm!$PjP?qC~EWeE!4l@%>V6Mt3fZ0a&|(mA#^P?MOL?hN^nI0
zAEr|nATr-}TMJVD??L_F-^pA79{G#2(PltL$x6At6CU8E)d!4qYl8!N>0b_k|8As3
z__x6ndO*iupBhaQ;Pd;-_GQLwZSlDQkGTK7X#VLXztCU2wvPb9Lpe>#4cNs210^~=
z>q-eF{+AQ{|IGQze*_s{M)Zb}Z3&15Jt{%@z`)<U*!8}4Ze~*d$As>`kLT|o0sF@b
z4u*yf$79i{=`piYFyqzZDrQy~FoMTa;CDVgyvx4-YdBsKMEt~GJKw=)1_ruYSX!PB
zG8xGK(@6h%|4D@C*Cih$Bw#vL^Ri%T3YlJPwO2@hWpBHLbn))*W$)iHxd&84D82#W
zV5xYFtuJr>A2Z4?^Xg57Cv1#>-D&9gUP$Q3%j5}qzxaxsEH@tdi_=I(<*iXG#G$i&
zStk`%F+D(Xm6sVrnO9j7#zkURl+Y<TL43pa*W>@=i$<U?Lj13D=fh6|RKNizS1U7l
zB_u>$aP6BhIv}L1paCJ}+UEC7IA@cc6HQ*PfAeJHKtB83XC?A7>Y5f79U6b>zoz5m
zQ!{3?@$LS*XWtimU}OF9=<`#<!)rO5euwyCFWP|)to<b4u{g<?xx9mUY7JI8YQ-tF
z|KEOQD=(+X$~98!zbF@8`3U~yHfk}_^<&WWo0r1adsrBl{DA>UZoAblCr<EuuYrmA
z;IJtk8XB5?cII%YN9f$OVFGwhzE3NHbmW5Hh?uB;0e5gTX4%@mr%uODR`xa@pm!(q
znNW_Uwy=g8XQ>(9E4Z7R!yIj%Mu@k`5K&PDuM`ji=hWH)zUT?Cyzl&hr3m)Lk9avL
z{`|Ya227UaxxF4Z@%h{*55D$4w<jq?&EN|`{?8S;n)6cE{oC-g(#*<r1q8mpbe|~$
zmiqD-OZx>RmbN(1Y@nw2X4Km&wC!dcE+`@#+Y#2-#AN*G@!q^E@DlO-Xa9tpKpF`N
zNfAIj0a^)evSze>@Ol7AN=c~&(W=rF?C)FDd2c6~Dyk=1W(_&%RP#9%CVykpv(dy?
z{7Mj8Jb4@xUQ=5e2lU%9b=}&`VmP6Xjb*#r*45W1-r9s$NV~t;h$>A3h%Z_Fu?2-2
z>+9CFmNN_oY<f#>z-7p-&2+5ZdSSP`*=x;(Bf=19>OhHsh1IMR!~qG!kHB;;W6?$D
z`%+?b9K4S`TL>4&^We#4`=PRdE<oB4V-F}IF~#uvA}1!`u7x+ZFn=uf(`A<frJcB>
z_`GHBpyCp<$0jy(bUbPMD$Is)z=wm|q1#($7I68GuN+4CO^Pp8*jk2=%^_yz`JfFr
zpNaa573vP0d^kfHR)F1ZB=9gOAMC5j&;KMgH`!QO`5`nsT=70;G%d<pe{GG`pquLH
z(eBmJtnQ*Qk1WrxKCHWxj*^1J`}6ZL&c1_#11pnM`$Ztf;(ykTLt3t~|Glr1Kh1vK
zm^5Q87o6x}QQnWx!82fjb2sI~*jnK3fS6)G;qIpb4QJEhCWo8x)#ULQ507rNiZgWM
zd2=RF^(n2Ts3>H99+9WV;!w;Rq{@T;GX(Aqn`+bsTh6ur#zV)_5)SYPaaHTCJt!~D
zIZVxpON-5UYL~+K=Fw;{hq_$vHW`(>iH;+nj~Z1Iv2S5{>pEmTIX}OzphE@mKf}|L
z<V&D?VU`s(A^=YRdg~|;YsYh@899@a%JWUuv`gR_9a$dd=f~>_pwEp4Z(TTn`z~?8
zt*-YY!exRfiF*^!9wv2r0_(W-T8-6lTiW@i<L&iCGMnY(llRj(g{YX=ffa+TsOQyz
z-t&AdcP<HEemOVshE9_cb?e<eZCdr-*)sE<a#d8?%@*THo<@yHk?u<gV|sZwoiFIP
z?cT=uVOq;}jJD#T%Y9hQmErs98%%!9?GrdgUO7Uqn=CDzqXQ=3q@6xu=Bx2HZrKT6
z8)&rbNw>JOI)7cz8GMX`_50UcfS>u<FZ8X=O8}6Co|(n3)otUa@vcR6-7_hnp#>WH
zaZ?25%QWz!ag^(cVPHTxW414hB(g2g%-geb-hOsi?eKc>4AQ_%y=HnN60|jbx`<M&
z1|SxBcidW4p~uG^K7PA#_8U`cV>$S&&n1j${O6yxx6Z{HiD^#8d*F2LeibfYr}M-F
zBI1@KmK4*NKh96xDYnmDarmgoF<tNM<k&BH-riEOJJz&^^DyxHeA>dITFZYRFvy^x
z9Wdv3ej8ZcoqA>5#B*HKNO81|KZXDJ<gxU9`R<NyD%No}oM#fZbbK7j<1(H79Gf~j
z|G{?*9g9%zYLp43RP9{gXY`IbDctN)Y|>+8MKfdMCClk-m0_*Jt)hih?L%5=P20y$
zpUxZ|Bb!>%o_%!t+xSMRlfBxSosC+`ac#}bv&h5R#)52YV>MRUA|Z9Tolga1HCj$_
z+n@Tl+)Mvg685F!PxMj;Wa$>=z@=qBW-rwiX#VIlNZ(N0Ug&;M#<6$QuyUN*AHc$~
z3?kKW8td67T|Du+j-I-e#Ns<?Ip52PdMZGyLzdERBmiHaIFEpI5}2fhCRZSI-5*L+
z%d(*e9|XXK^(IVJMUzlS4-%{7pq&wLU?3uXu`uhhUDu@zN>Iljy>`A)+tppltU1M>
zN>~HL+k93Vwf?^=VFQf^!zvzWu=t0eTzqj+s0ng-fKT3k3Sr4uSndg5z7r26a;0qQ
zHH9e+x?oCKs*$kpBZ`Xkok9hL@D>uySDU|`n#9{@6;wNOqA@yyd0hJ$Z!w5OkO_1>
zaqSSZ*M1h@&JJb>B@2ak1M`ukHE|oFkMHT;w2wa0BfJW2=6kQK_BtxoqOS)GgZ+>1
z3!f)E7_(h{1f8OHho7(03?my`mzrCb&|-dhc>c0ZI@@k$sqx@gd2H)h#H3`S;xHCZ
zR`L_1r*LyRT2@l2cb}5fY&MCv?kQU^stVPqS#6xFF{ymhIkMW;IMym=o0n^Uy81eq
z*S^J#X5U3b)pOWpMImqDJ8{A{dL6tWCDdM_UrEroc@e7^Fz3+2;qEj9=Z2G#q0~Z}
z?oyIcNXVp8q(9&WsOYtf3-2|_poP#owA;u9_&2w*_btu*7IR2+`p3cLWJ?7kmuoS0
zQQR2nw>?C<*MV`9`Eg@S2&0A=BrbMChEkY2@=x0>(N4e5NOOM~EHdo~ddm6CW6U2L
ziAtP?vSX555_?h}3!HLDvb`rOjd+M5pMM)~L`CJn78jPFhsz<ccJC^s0{_$7Qnlhj
zGj|gW0^+rhATsiQ`LbFol39w@lDP^QiyT4sm0=sf2T-o11R}P|7!xoVK!DHs`_f_E
z&xacd?KgVk5)%3>L^%TD?6>08#(-|5BWo9`RqNyTte-msp9H=D-68v)`^MR3v_<wF
zHu}T}!QIaS@Y@ksNz^>ed@3d1km=NH7rmb!m8%TMHET@Rz&C6C?w7ZG9<ZFH%Zhcl
zQOxquHWS;!DSLqB+N6qoaOOZ<YN|B7R(&pmPE)lW#uQf}pU|a5$_OK@?#DdQA8<3r
za^6kffPTWL&e%Z+xV>vqVh2(<mrBsO3dErvzFL8cpN5m7g93VIf}RUz#dXtS(e?rf
zij?h6san}xsPXx?A2!_Rh?L9a(*xm$a=VK$_R98f&1`fxIVudPwZ`4WGIbx{O%}00
ztAA7~kj{O)zk-Ad>stqUXY}q*=OoZL@|R#(n@*9GG)fo_qn&_T?P@))88lnW^eb;1
z@UmI6EZFkWf0eq0t%A>#OI}0Z$3!F|clgdEJwhquNyei$+8rMz)!(w2OJq1{qKj}*
zA#K^Ln~su)$z5Tjam<_g<pwIZX}kIQzIgum_DgkgLUW_(ix}3~{owV5RW$!VIrMl#
z5Oq5y_b8gwz>3x)9YFXwuECx(s*YZ{17h2O_xRKobNh_jd7lPaXfjQ}mHlY8ijN^0
zQ&i8-&><>xaEtnDKwRy8oDv}e%ypqsKs+J*y1nfy35-n!YtZs+6I%wdMY7jcbQzna
zq7p^kjBRvo?61^07PFa=*zOC^4GLWggw-yWd~>zeBe!NF?`cXBzlj$n`H#V2b-R5L
zdE+iebh?CvN)ln*p{wrd2>A%;Id#o=14HwYT#Wy+7XMzEM3@i*+&`qyTgW~d(rxsx
zTk}HeKHei`Hp}@NJ*@Q+?oO%c!W6-U>a==XtA^PHArYDw$M8*N3cY>GGQ^!SNb-nI
zIn8+jj$_|YU8>B&erY`~E=hV;2E(G8=94B`psO@b)wi{L8Phap%q6dTy~%~+W-k9R
z6*V1fr#_jd&j!oCEX+Ag0?Sw@;<}F}WPZ?caRunE+5155-Jb7Eh#>Lp;<yll8Utx;
zV1Bco4wqU5H+Y4`ZeH%Lev4Difd$umemgwK*C?NfJ5SpB+L*OeR7rJn;)%3xcPRW*
zoMr{LivAlluOF}Dp>7W+Be>bhq;_1z^U6Gs#&QJaX!myAH_s=DqEk~PldKoU#&V#g
zI4E+*L3D_X8W8re6x~%Mvtw{#^6wo<UXzn4Z-^!>KTLx~xjlE0Wl}%XL-T$m*@zIl
zM@*wC(kBIaF}|01f9;sKE&_C<PON47kUOtay37`&(o!1eAWvY05;VCS)83!leeNak
z9?B+_F#>{-<0zC(hIhM9{eV|xPm1<O32aH`)xKkXa!yuwHJK?&EJ^)rr%B*XAXRuJ
zlff-9j8Y#W)gja<7XKwo-k%{Z@LpM>Q4E7p)#k&ghizeZyTawR8$2V#`kZIKL3$tF
z&&hsj87_ZAttl2HJi*}hkRK;{UXN6r$Hzrxd{FyCH|boiBXksX0km&PW$e*fYBQ$g
zYLMtt1!jH|7!P9&dJU?U6}g46A}(nNvgFH!kpExT(Q54{L1<mnYz602P>|W-Tn**r
zdO+9R<pI-eVJHciPdKZ~A!DuQ?OCuN4If{c`_-Z7a0-W#E!oL@UD!7Uoor!3L>yM}
zB9^Q#1sPrg^{K!Pl5c-{q>k{0He1ZCx??hz^5Um`3eV~ZlM9R*OJZSW-o0*bS3im*
zctk7HYKXkM*po_1N}4QGAoXgl`~uefq~~=@j?W8{HzoBqIULKOoGRA|%an!GsxpAI
zo<qI)4L;kH2(`l)Le}2^8t|^OLv<c6x~{BHQBqRUu_-q*H0=uKO&asT7*{Cdv?*HX
zZZ~FAu=GfdFoP!+fHhq&Bggxj%z5{hkcy$fK70GsD8dig>8InmQS*!o(;M|U383?C
z)>l%o7(!pQQbXt`^@Up36J55*`C9X?ecP$s^HG5U7_?r?nY~oUkvyR3ui{eEr7ZGq
z7bbhl*Wl+z*B`9Y5kQ~1ubOohdA-Eq9^0VWe75T{h>D8#C&^*Cq(d#BhwX01(_^j0
zrG?7%blF-cuZc#LuH`15*I^+|wnj}Xam^6(l1+tPyDmBXs6YIK<bFiUcL`k?OUhqh
zz%gj_2kFIlA~{HccWA^iLpUvEO6g<y6}5BW8(O@hMQ?u#<sw1(Jzx68?_r;Y2N4Ff
zBBK_cQs|0R>QMPE2XO|Lz(jNrmx3FB!nAtXr(w1|sV?~npIaJSqgbdE7N|^`h1$x)
z9<*HsbL0mTPpeqLE>q|n+ca4!M1s%dp2}{;m`k`_mbZ8WIZY#c1t^x3Oc|O{W(H+)
z$~+K%4XLD<pN;?eMXB08ZM`6Z<zy|9)bCuRJ6x;`T7{O;stW1d+8oy}Z_m}VP(n<b
zqln!JJhgM2?jbIOB4ZZ98K7jdWG=^(h4`3g-SWi-A=bBTF**aPSXm--GY);q6B!HW
z!B|p%uAzV`2|qS|xI!q8{#HRH=$9YKV3r6JhIxVN5jRaOwdW6EeoXhnp8;d1GjL*G
zp>?TpR6bFZw6m)9$fR>JSjmc}Se&z{7#LUwpr9usyF=>Z3$aHTLG$@@91D?&aDAtc
z=M~wNF6lu-n#?PwE-9NbQi0YU1eb2syG?x3$|!Rt<o65?Ij<{1TuHH*Ec`LE9j!Q6
ztz=nKPx_7hpry*dis6eU27|mwPOnU%j?3yC)FT=g>-`t_cZ!MT*31j2ofKJ7GI#>t
z`UF>#HJOC?3pb`p^fG81S9BU3xQ;eFT9Rzw7-!cLQ>wE2e6Gk<;fLIryiy+~w#4qj
zp?<)HR)M}rY<l^Lsv}#uRQsa#62?iysBgi)BWJS)F?7~B7y>4g`l9)Qg`_n{IF51p
z1lP<3H%WwL*5a%6<m7DYrtSMJg?d86wBNVYC;JvnlBaAdHW<g*PNhz1%Ab;w;_+Kn
zzMxl8+vdRN%(~o1rul*CgJ4o_DWOxy%PM~S1}){ttCr3{xz#qN)s#I>j`HC?^*TiP
zR!rZuMxr$wP2KE{sxvX{-^XDf6?l9}k{wOZJyz%-1_shZx>O)buB!VI{eF#NcOYkB
zaco(4<mc3F@5Cs3G58Go;jD#x@KzP5w}L?uJutRPiUeU3R$amAWTe0S?JFwkRW59H
z>qoRBn^Nl4Jh^vKfD7!`BUc{Gp|;X{dF!V(#Rgrzz7tXTuZvxb8mdK#Y#>5E65KY^
zIc!hcWs<Z$>>^VamdOv1q|!|3<^?iIMnGu|=8f+cA|hz$|MEqi0)?vRptE4#Ks>mY
zlNQ9LU)^0MVv~o6&oi$p@=zI7X=n0Yh=o|3P)!e9ry0i*W#~a2bhi+lBGvwQ^x1j8
z<$R=$LjOz+>yD+Q_e-KN8=YMQp+I`N_fuoE62+}yckuIgrjTiod<by}2&%h6ze{&B
zpe%lW(s@Ql3`_6fxwPN+KEvxy;BM6q$@l&%dms{_EHyRWr|^nC3^ncJM5ombAEzbf
z8J40_mk$W&#mjCx))b=wCAR30N!030w%tJRJKsN2AGBM@Cl(2$LPgof9wA<Dd%V(8
z$y<1sZx@GPtax0q%$VR`I|qW=TGg4@Le(1*(%`S)y9))4p(=xEYpm?C!S}-CCXGan
z2n4*G-5mZCcx)Evd3kwb_^yi*^qig<Y4n=4!N={-{LM;EJ87;cy{`@d7(l;s7Gl9^
z+ArUhs68t}Cgq(MFZ+b=Vn7?SqX}r1wqgcnD?!B<Yd(@NDom>XU~!0yo1^6Qux4|b
z*H0L7)*l>+6d-+%sc*tKY~FlF0(eA1Uv8XTnkkgOdOJN^crnn=R>JiQAG#jJ6j_Gd
zT`a{|Uo4Hw8>otRqVc4S$L!u(zAJ21^G+2@xHcDYwoHZhzMtKhFgwhSHL4Epb>3|Y
zYgP)&)zt67=Xs)yNUieKy|?$8ZG0C3b8(u-N6k|wG|PpTSWOp2a0hZYP2HP0Um40j
zZ^}j6ub;p2eY}`8oiNk4@$3}P7`$#i`L-HgWA>WOJf;*{e3~1D*#srX@~wo3R?a8s
zWOG8I;a$UR%FbqDX`NbD&AJZlLgB(bpoK22@K+6r`fHY3r>B-V;w*|X^TVslP6bw9
zwb)H`Kt)p)nm7zA*BlX$P^^MR)eIIZHs-b6Z93(xdr8#VZ6f&5A0WowK#;Ob%AS(h
zZZb*eQ^#URhhY&A#jfFe{yJiD>LzmRuGwgy@v|tp$&IPXO_N)|FyI<Y$1J=BE6J^T
zK5i1X25IQ{)s{Y}Pq)=VG??dm`uB46(|6PmGsq?kar^Lm9+%{`gkZ1ji=w+q?m)*%
zQMetJswOrS<MkN!LLdFFBi%NDL+pcZmx<R?B){qfr=Xke2k0UWU+?)9@eD5*-CfH$
zeC}cw^@G>H(fmI}%jye6JrO5DtVMEvAnuFs!K-wV_&nra`v|d3)x~>kEX#D>$1Sj*
z{myjqKVAUrag2ICU3SLI<{wlDVQ+bRjjmGz;8cQzz@4R7S&*&a0?r8EGg83H3GL=e
z>6)xi{ct9_Zx2&05BS43=0i)oRSV^P?vNfLNa7Fa>6DAf$9}dE(UAIoz#QOUfpKM8
z+4=ku*$P05Ir5PS2Y#MaBXcGKznR<QDTfC6U~h%@uRq8dSTpWVZbNQlx5*`e&@cI5
zIYB=<%AyL;X_2nYYw)X<aqZ;Zf7tEjtxwpgGFQrOtCcTvcix}6m!5h&9jf=7L#?yE
z)8|n0z}KQ$Jh(X>XH+)4iQ<Afo^4Ch`)*byYrWj<=qmg9c-s88`4w7o<-YFx$(7qM
z;(hIfYVJu%eulfp)Br}U&5=cb^@`V9jgV?zcbi(JSkZL%2Vrqa#2)CHKnyJ31Ygmo
z{~F2uj%&z)Uyxhgv^OSLrYw!gE|S7mP8<og@N}Gywr9q9enG>WU_Z--P<9c_FVw6n
z_C@L=^nR%NfZ78zfzJIY1@c392T6p?fQp88E9K31>Bokt{rfG{5LwyhcH5P<i-h(E
zHg!4TXQH-<DU#E7Zi<RA?ktFV6f()^*-yqX0-0y>Y2NC>OY-Z*nt7p$H)H&OqD3uW
zPlT)ee(3~#4&L??aFg3Wwq7SRmVXBys{eH|SefMMZ9wqzldHcw57uTC&+$zOKgPpH
z(5J%iI-4cUHDq3UgSP^ABG^ZRjADU>fjzN9MrCOCRWUW|3V{pk2>9-}#GVvZvz7Xu
ze4k3J8*Wt$p3p*8x9ZwGjvVI;;26F~m$yH;Um9XZ&P8ApmJm5n4&l+7EUEe?%rN<L
z4>>SxGc614Lj3r$;$Z?=F}fQ>=#{Ca>lLu_3qHEpjsPy<KC%0iGi^BJY@veQxRz~e
zUj4AZ`?qEshbgvgSu=WsHt8;l>|ha)l0O@y{hI+VjKuI?{_#)9+;85I?EK1V2#nvl
z)Xd4OmOd4}4-4D8OlTV}bXG*TGwa3CtgAyV_fMh#Vc>B}Rzzq?21Vf`Nw8!(8}6rk
z{pi+wJ+Tn`W>c3%XfQX~N%Wdkv(1?iA*FVi*SOglwFtP@2~U+MXN%zBIGi7Yc_o9F
zAKYHYR=m+4=VrAOl+*5qfR}x{(0KjIda)`2wM1q6LrjRIHGE%ta$TtIg9{?N-_;p{
zU!jf#xXycbmr1kH4XeZsKcBtyr%HkQs_w&GBIHH?=Bv4$3(LWD@MNW`GxvbH)uP5v
z8bh%{jmMA03Tz)T(D67wB6+hmevD~JuJ%=X7fYQ@4HBwDqG16!5^Q2FZe*ngKtjL&
z$xGC2=Ep2|zD*xTLXBSbx!LtZ@wTefYe_Q?8H+wbwSpN-N;*ETv-1u2z&VL<I#DSC
zJpV{KA1OslLZjU#dNztNhxN2C4EAf$Msp=fYDfyazBgJkHhfc#FjrYL@;}2IzZZP@
zn3)kWU8;+nE$Ls2&*Q3pIsK{%nT!<K$4<bv^Q#x)kVb8^N{4I=!-fykc2fD02gJ@9
zsWxRfy|PhOHpKW_tBqcSTC0AEc;y<KLT6$+oMZifRIFlHB9Fb6ZG#+|!)`)G>nlH|
z&ib`E7Y?*W)6ry`CRA<K#St)PP`}*cyVSe~F+#R}>-fer)3a<`t0m2JQjK`2ln|KX
z33=OBTu`GpTQ@7rx_0!R*JF}o8NWAS)4Jn<dOAuuV!WI9zVbgJw`6wuK}zruD7UXM
zrFLwJ-voQT&BMPCN|ay_*7c8dX4clT-o9j7C}$GmKL4J;)iXqR@KE?Tv~8Dxz;#Fo
zzao_>7<}-ST;PKEecM~v6lNyzOtynd<|hl5$g~{oxBie_Z}^8=-pz6xaQyCWTtCc^
zpFUpB;aIfGbI(ELexNo7BiP)vie<r90QWz`w3=bBbz{#g*@|nb_=FuanWjtTKXKCk
z_Q!Xs6Q%9TU?-#x6MMh$2l)n&-kB_Y_56rm087jGKJh5{a{0?n&oSTI^V#tpF6q;#
z(q%}x)S(NJ29bhGmU{WXgx_nXR++Mnh^ZW=n9j%JGSv5Lc)B=DA*Y;}FT42Brq37u
ziU^Uz1VfQ`WfsinJ6?fE9gc;7!){TU4o4w}SD_p>Mln%6U%!)p_NKi+Hi^|I1LX=z
z&eC_r>nXySMnE9=|8nyqf`&j2=4dadU88~3wO2lEx)>kajq-lT*?+4J;X6N7Yd$f_
zFWe^NW&!x{TX;{GYFtEl^A^|th6?klXuTp7?e5He^^=pa^+NIV!EGl^Y)1RMfT$6U
zQhFTrDhR<NqzfybcFGq>c)7>~gn4v5j_NG35Ctv-?siG>5E(Mv4Ppf3M^d>Q0XRob
zVUzg~iNKS63A7P0AV#OU48GP8!eC5=3V}8vnGHrE-HnywS6#4q{-W$>=Uxe9s5Q)E
zHToKa9*6e(lSQ$2`bNtwZlNCoJ&8(uq5~b(#XB2;Fh-RqkZzR!Iji@R1O@2vzHz4z
zfl)h0V9E1bCe#yZW+NaZ<LS6zwDod&K{5}~`aUVdze^VfvxR0S!<#><%M!0IRHGq&
zb;}t(%b`a5kkKeF7Qo{DrpvT~bc}(v&W665q!zgTAN@6^h*7el1H6_i^+iPA-Q2Gb
zBEqT6x41dF130OQSF9B_)zWRnR0AX&W+4-zFh!|Y6oCc2r7`c24w0F~xnr5aCk;x_
z>$eX#p2hJk1o(?FF&4`D>(dVNZP!GL&@3{i$v<fH1m+4orz#ZU1L4iee)7n9HAhGO
zPGphESZTUO=DVAqIgdN4m&g_Nm5^c|ml7DtJA$N~%696-s=yV*PbR0%o+?mEV7ax-
z;uqB!#~tUxa>*m3Fu>O*na<E7l(DQoRM-((zZ;clS6HY~+nEp$NRte}%STmB>DOn}
z<q!{W=e4_`S~|OXuQ{quQ08TA95Z8>Aybfw@H(%20Ap~X70bCmXii3j%W-CNLgz$I
z9(Z0(NAvOS_BX~2^;D)`%b1OGANJ^33Pm-WNXTT;S^3F|8U=mOi0(>18_WCS`>!2c
z%bGeVbYmZin7{I;oe*sC6^4bUA#l;Zf5BUPMd9)$d%9WPAMeO_j_Ko}6hqKp*bHlP
zhJHK+T<~Fah;+j5jcc3qvJt7^^nbtWQ!7^=8Bja$Rq>;nY6DZ&ox&YfBKtv_CN{o;
z%)r{AQ#M}3i^FSjIx6op5Qene2e6k1U&r4aUD}y7ZI4LIdIckt6=g*x#${S1o>@m9
zwB@2fg7QC@{Fzx*T3YJoXnRj3f_QxeOm;;t^tC<S-?=d8H8ALS6!vhGNG4zpjN$B$
zg-Q@aVMKSGK3F9ujWn(9oBRoNSWld{rg!_bM?tFrjjxWnYu=-?4cWixGz*GM^W9{a
zv?a&ly7d?R&9LN7)k*!6jHN(M34$k=W5LG2hCr-IeFxq0NqtAm|FrwPpU-X}KP2-j
z_;c)^xtdu<d;(bI+EvPFHPg5UHwW`+J0B=k=XKsjv!K+=w;z6iEt}~mUFk+M53BJ`
z9-yf)k=>D3TZ7F$9jm|))AJkkI#HnNI=KAJY?|^2;oQgF7TtHi2kTaL*~cu~Qj6u>
z*<ujhBI=e=y}tGm^fdY!Qas`aft*(%GB%3SwYc)k*QXA@Y7tj(e~c#EYlmq9$&%+G
zoW5eCYjn1QtzpCm<n<OC(a6YuFrDAo;dBmXPez~&R@ZAjsyZhkKzvqgFbuGuf%5d%
z0QWIPZ;l=c$hT(tBnX$%=nZS-+6VVe`(trXgg--SbpNkv#tVY{{xvZu#5Vy48l*H^
z;nNMttZYhw8)4!*Ju2{wr)WeIbO_qZOPC_T7AMS?905RIQSTcOBGxr0-Jc-9KTPDz
zVCVVi<QctRD&qr;E)WS`$AWBB3n*k$#YcJ1Yh^JX{B1>o5LMt1SWKi%nfnd*Qzf2W
z&23&S*ecOL{s?ce2hu|av+qLtzbq?SF|&uZ5>_GE@>6V@B;p^Z)N*!*IaXLpR2Pos
z>vFVg@dt`U^&FR0Cit!w2mO=1Xg=Z#PZ8IW2lEl-Z*8V3=l?RIC^RLCGh}_M0spK|
zH2dWvTE8UCkAvz#2BkH)HJ<W4Ad|+m`qc8__r%KMMdKi2dun;h8O>BWHj9a!z>{gE
zwR@M9KxC3(Pw4^~=oVX~u#1j^kuhrO!bUC3ld}MUn0yWQa3e|}A4vc&ORh-HKkl#}
z0vWjy7%}oU!jMmq4~q2DK141vI<A46uJcUbg?ek;$IA-uwMvQC%;6)BJs4_sph?=P
za%a4|#%U^fXx-Owa%}wvw{R>)G-$EucU}sK%xWE^1h_{^&{^-r80S7tsM$^g`DH+l
z-gGqjAiF$2F$G=K%zrbFr;RJPAL-Bc6N{Qi(}Tn;9X_A7juo$?@ope7A)d^hx@(Zh
z6JtO?4*4{!Ez#8mml5Vs-874qaIJD(3&3_+rk{otdmh?6q?#U6SthUGRz~tGOv@0d
z+rSfdlkGY*!`kt3H8%qL9FN>1Mgi?DeC*=K%q*7U8o8_{?v4v&lF5B(_1<@TV(zzF
z32Cx`yfN(2W#H5H8^~ZSXbC9AFXqs+vsFs3c%oz39YKr}i*!ccB@FN05N4XaRS_!L
zgUl5-FLkT5)#0qp_mNa731^3hL4voPV@xI7H6#-KqWwnXeQ%v*XGoYCY2`cnE@do9
zNsDg(P+6LjHw?D836?nMNYN&Jkw=omQW@uAV)&|1JbqJ1pK&=Vg=fZNM}?XqX&y*~
zPWT@ug;C=Iwucb?*Vzu<!B|X(o9jPjYn;~-aY63Xy}=l`8aEMmpCik%Ip4xngFV`@
z7@ry=nWXVrg{lzmi~lc@GV;6ztGs#EuUNgAWN!wC2J$!2{T+BEH-NUs?de3dYpEe2
zOX|Wni7#Ob#~SbE$DbS8Yev%NOUYB_3Lma_L-YGnJlGD<ePx>@EM?1q$!4w;kv?(3
z36drwi8#vBA~-ci6x-Xs#m@sKQVq7RnFS0OUiFvgclE|Kds)BdsuvD`ZTZ3@{&m{L
zN}wp(>?LBc>>N0k$~O$4dSQT)x>*jjDtt8BLrm?j<yamt#8cfDvk`t*ukTx)u8aaH
z>!UUyqhtM?TuV5kz%^CvOsT-M{d!)j7t<#%$H?$&@IW`|IA4dfX{7B9))7GftJhtU
zhASDN!e~+F0Ngth9)ng6{}Dsb6KD9gJM#om4Zc_3H{eEAptsw*FzjP8>vYZ^!Yd2G
z*nT87H`eQmc4c!$f{>1Mm&zqby}5piJvx@3^yuBcjyE5NReWKxd{8#JYQj}b|KC8i
zKdGsph6qrNNTQh!_BRWE`-66V^|i!$4^~i-UD!f{ZGph!Uh?N}K?LsVMZ2GwfV=r|
zK~ESK)Myg!N$WL#JEW=}KC=X^e1~r~hS#h1-@UldTMKhQ{?+5K9uZ$0O_7+iiDY^6
zNvD@<CsjlwaIx4$ED}!wU<uUoZ)yF2%SDZr`b^aF<py<_0JJK!KUIPylg1sN?s*2&
zx0yV&nMl+b5+i%s$wtuQ&uNW8tE{{)H>|Nm&BD^L*v(Za4t~5;<JOS>K?@=ZMBqr=
zT_?G86#yRtH3|b%Ww|`EvtJ@e{~u{@8I{MjbPFd)u;3P4f=eC<?(P!Yo#5^kAh=6#
zC%C(N@Zjzc+}#~+lk9WGk^O$}z2p1E2!wu`?p3v_X3aSlWe$yI-tFzvJwbkjzy6jA
z{XR2{mPZfL9^C+B!+AHR_K#I0AMcU(5uAnLtMEGcSA4tF822|>5iq`!m-{meyEcJE
z#kp3|<ezf$((aU1xbvU++TU))kkL#8fqyGyih^#Zex(3ZazmdX%Lpvcn)ejT`0EhN
z1y*#pZkNC=UDhg#5P2ZVo~2ZUJ4F_*pWD)$-e}I&kP<boJ-cmDqmzvlD_ga3ZJ3Lj
zsf1uujZcr(fmt!tS<1!xFF)YKeufM%{9?NCR;|e)Vp#9q1f_YaY=PgYnd298su-u6
zl?Fl!&#xyfi+C*E1W?lfqGO(UgxBE1^0SAI+c0OKj6Wr%lnYT?t6FGh1Nwk!i}52n
zgX&MP0>xD^@~-6bN2oXDRT8Kc$Pk-A#`qAIut9Yg@WhDuEzVYjkAk<JzQr2iOj@_S
z?<8C0b3u}fVgal!&KpHCUn9=0LXPt4i@1ljSmO9lBRwy%2U!^Dhu1J~pAtg=vAwTj
zdh4SiY-GMI1}(HKA>DcMg2(A-NT7;yIy=_taz~$SKB$T|Iw?wCVQRfMT-JhRzZQ-y
zs7nSKECb%3ndl;v`FBgVC&V+AfhlGC4Z+99dP|-xO!)&b#HTvc)?{5zSNb`4qMi(X
zC?@s^Ny&pr40|<()P|Md^RXT;VE1=@f1CFhda)Y|Y;`dC;=Do@XI(bpE|aBc_+0n-
zNExg~q?mI#$3Gw@-bga~sR|^nCCoXZ+Wl$XtXQryj*QRWkF#QJ;p9gH<Fe>042<y$
zlW4{9QP)m^R^o3HHxt2O^>22L)x<{kd|G>0EnD6gK9Z$%FYzqU$ujuCBqvOGV4Y{x
zh?x>>NJT;)n)8f!NhD<B_5~M}wUYz6VdL7)y?O8t-u1AUHL6whq;f2;HNTIkzX9sM
zj|mdV20;8_+~pI{JQu9V!v#atktla&8ZZvWd^_ma<!WWk5Rvg{Ie5`&9<W@oY4GJ{
z7qhX%6=AV&q(683g93T93Lj>z`7VlwiEhihBeC<X1rKZlGe%0eQ?xSMh^JZwl}(l5
z(9}^(AFlV9bAb>~)0)$Y80z;ZHw7d4^mhdAY}u@VYciwVA-*?9717!l$bZAv_)ha)
zW*SDzqN<YhY`lyFqKp-_xw2}(4m$nHx7^HOe_EDjn8kRMx5eH6b)9}Mg3>yyuU*#@
z9H?2eM6CvvBit_calassqDhlis+**Q^ZwXV-Y{9R<_Fj%0lC>yBhz!>x1Xj;P0)q9
zbkPsGq*lAOjrP0z5!`o(HTOW}GP+-eIFt7UwHc}LY%K(&v<Xk}L~sYxK0XE<7K`>1
zLsT^H`9HRv_Uuddd4DFO@L~P7H8@CFy!8qUcMv|YfEB%2vhA?;^!?b)>3V||7lEx>
z^slubvEs+2Pw8$?x0n>~-}?Y_$8IVEFK*oNAE+FkxGov_Zs85X(W@+@S2m5_W*}58
z0<~P|FSlbZT!bp8W%me75KjKON{o7qX)LTuqfYx5A(giSI&9z1-#4#Gu`C(0nYEeS
zZ87$IvzyE>n~XTf?MScbQYm9PgKH1L%qxsPKnn8<2p=zMqk)&d!;YCtaIKTf3~RcY
z;D}aMYXZN88N1nwINv!pq3-DK^2#gYj&7_mmxNNGHy=kak{iJ?fd?jl5d5Ou18F=i
z$2Tiib`&*QQi{xIjTptt;&3w-S!_jhvs8A85M`j*Jmpyy4uSlhV}fR1su+;S@`$Fu
zhzGh1e3gV-VffT%CQ6E5KX}bwuaa8nTdG`cf%(N|>yzO-Pg^On@<p>|jfkj2@UgR)
zNNOvUXq0}Lc1TDk6ne{PW}P4xm)K*e4#J&FWr)zV`8-!iD!wa5U=_dgEw%-_2r{lY
z4CivSd?edn>_JjlYST|GruK--l^W&46@9OjJ{a=e>(v42oVU9VYZ>nTda=83{mdo0
zS!B2$@_pE|1+0@CI4(m96%*?n4LxJ6`qqSsKOhB56kAL`=^+om^;ioAXfaM9A+6=w
zZc-Hv=15>rdY<MHP?LK>H`oY#0KNOL6}e8nP?aLUmXrbc?N=8>1|PEJ#4!K(Dc6^Q
zxai%?FmRrCzLPlZJRIpIy^OcLByFk_vxjxZqd`&F%zEA0WYjhkq~rs7azqMjI!d<R
zm?D(aJ8dG_`1Y#RL>J%(ht{>W&=}e#Sige4ZHXM387M(RP{Lii4<f@zQVAI=Uq~ec
zB__KLJ(-5{v`~c7#ZBZ&j!y-+8`f+dXZ7{%)n8&KTqb9GtsSKsY9}!2;zrMaL1<Lj
zG$JPTUN}}ajM6+STr=J5Y~%Yqc$6ZZ^|Av^QrE!E_>*wc2ghrQ8?)(SM()&}p!h4|
zh^q#YUwM+8!F%|dnBaBXnfNNQOA`VQbVpeE4D;^TCW8;s?ufewNAO#m>x>aZWjG9v
z<;g`Y;k1)@`(KbEDl)ctsoUX*{7yBz?@2udlIY!oU5A0RVxs*}&7;O+-GM(VG!Vi_
z=L`O(567?&Jb5qeHkpN?Vu>4<YtN(|^xYWjfsD+BRuwm~tC%X9=f7rugwQEH&@m3)
z%1Uv7`P&i)J`uL;=-1cayHOG!GIFJo3n9hwD)dR6O~!>871N;boxjEwf$<<DWXIMm
zdx#XUuuU0pA>@=TKR*#W%#r{mu$T-ZSVk#)&o?53Xj;uMS^%B~4)7L_6&<WvZ{N6I
zPAMBswbn8vnt%t;G;YT6h|uo0-XD?s_W8sLdt+imBL~}3gD5=DFK4KHb85y;ySmIg
zuP3&FiJzuN6+@7%ot>)U5r)~h_r2OCJk(&tnnGPVfMBQece73KM)I>xZ53A=)}(Sc
zjqi+QnE;bVwNH@OHNne<Psm87?v{fkR=}KGtBmP^dLN=}jnL`!b=!r7a7nc3s0hRK
zXkiJtVyLxrGQwEkBhv!xZt^Y83m2j5fs{SV#r@7g3024tn~f#j_RMkDynQ52jA=Lc
z$fWwqz7{q!<w=~wN%oMxShnkCK*L4%h4uKm$`+OjCxBIuDFt&C@cqK!N<SUy6Z3Yn
zllE-ve6D|y+s5%P5g9}rCObvCmfe|!Hkxc?)YML?@aAj&LirY|A+?soqsJAJ3UZZM
z%3nY$D#I~1Y~=vzQ$@poB^w9x+dccr*QRI{luqRxFQ!8GIJ!WHp}WdF-Vq>O#B<p(
zw%QrcfhLvl_G{g$*VIOkObZMtg8lxl5EQeiaUr3{F0jdZZDFVhuf?%AF<R&_!y4e^
ziL;JjSag(eP9rTGkh8tMHvxtxFG(^-Z=$_Q2zqa08Z=LVfM}9Ka)^Jfry^VP`;LJh
z2M-}NLmu@01g@)SGsr}Xqax)L&{a{f#exZBQgRggT>~hDUAnrXj4TO+?%DQZ7>^G+
zNCjF|c$T#-D9sn%bRA*CA*0*X{b*k*qCzB}zjsYm*kN8S!DtT~4W;BlM;T(9bJQ$x
zTF!_J*&h6fZ(b}QzVq#BOqcw%4+=0(IliN|4-{zSoo+iWiZs5FKKyX>6m-&XSPA}F
zA;0M>gig)I#w1~)Qabo962$Al8X3dts<k7tlfJ)th>Zw`Vdndw_|whWviYT~l`>V&
z;`J^Gw{N|m9*V5|BYDdc-p6m_LQNt>Z3J(Lr@|^rlyFrV+J9JZ00C^dMNf?&eJ|~C
zgQuPkn!f$<scrOd!tQ(Qir=}RD1YRQ(MZbhh%>I?gD-z+0W@aBmB>Dn^layhvCB7M
z9B3^<*Tj)mh6MBi4SSq-sMoc{wTCzN5~L2I&|277w`l*#kn^ex<pt2fAa6_%@sBk=
zK<nZ83LcML;qg@l)D(bCx)4Q7;oJn6M27MXn~r4)CCJTqJ~5=o$;;m!KGWJiUe4?u
z=%z>TT(LSFOp4*Lh*4WLpXSQJf!ml3B{AvV7DJU2x&U2Aey8P60)S|G*Gcg7!&Fb1
zTATZJL!YcJw7hZO1prpbILL$L+u>lP%bL%`1J(E0NM_Qw-1x&)oz{K>t9c_WPj@)D
zdQ^#-$SJ&{f^B{P22o(iqYv%C8XIEgc-71E^bNhIk_|!%_L=pa_~%4={Wn}!Dqm$x
zhVI**-TMoXrc3~o#D2j-pd`=Ydg*RU@Z`*{WK~8Lm=|F-zyY(+M8R!Crthk_9;Z;r
zCn2I)Fj^tZN120UHTinCX9_<d%6$9LCz;0wN0!92LFLM0cbZL~_vSOX-RnN%xYyZJ
zM~N^-i=qduTuw)}$NVa1#?yl=6KYr>jth$JO;~hY4m{~zTz0Y&T2g1qj0@YN$N^P-
zC)h5@$rBk;2#{>!PAE_Kg@;p$n|1DS|D#)>MVvIL{_}gTvo^{*>k9X{Z8LwPguBaV
zXL@?gTV0Xi;A&o7cB?wkoRKEgpVrYm7m&f?GD@}|eb<T<3Q&lO4?p4v5j1`Ih7o>2
zOnk-{1RFAyyE_^JeO&LZe$ncbg1&~aO+yzVv!D`cGWwlps#IRR;3feEc<B;FN;Giz
zXCVPftzX%xF*;J-c0~_sHWo}IG3rhq8mulB4_G9xdsSf7TDCVg#Qa#rU`Wu&g3&e%
z#Gw%76N6<A>V&B^pG(57>Nw(4YEI@fX=b;4vhjf#7ZJyNY5oc2S`0ZB&D}_yGYB$x
z(9sSu5-0N5m8Qt5Xmhfe6}MBNwV;uwQiEb;R0VD_ur$)JT7S|k794Kbfb4=3mrZbg
zAm-g7Z<I1LI<7Yq+Ky`KRMlCR!6vGysC?%~&|96?SagstLv7y=EnO;*PHn6X&^~xY
zG~D-5%}92_aA?wGpUJwgt^VGqWF8lzR-KUM0KlA09vgR-Eyj3D*0#}v%SkSnZg&5%
zH=EgU{Mnq(>;TS=;iL5Wgh|Ry?b?Ke+c#$XcbHS|{qXq40zg7KlJ%euRAA|^RkP9A
zd;?y0Sl-0qoZ9;p@-2vxHxYAd11R@%V0lh^4{ri{X9F3bI#LH|5GaS+zWqSLwmZ)a
ztA!|Y{%cEaec6)dlbEddN<Pl#Yf_}IsqzNEa{ts_LpH@4DOc(|hy1B4!}Mm=;xK8-
z*9aC*?N^f4736=ivU!mxs9&~bOtj|yRqcg?@YQ9q0bWp`5!B0UA;WSB49;jG@6)!7
z&+_QQZN|riPX89c-Q8VX2oRp@>B(y6#Wv4!v8b-&N!!)DXAJwh;l%7%qjZ-zPw2ii
z0@$l@f+y=lO{HG_KM~HponogNWD<CWm;g`U@$n%mYvRMFu8_eE1x*{2=EcG&RiMNs
z^SEnD=e{1C7&+m$P)Fa}8<%(<nQvZsD%b6FF0N6y-%_zDTo?gpG}4=I@Pf<78tjY^
z9PT*yDHJFWe*nxG54CCv4Oi{x^0*JG{MRXjCc+eIskZyc9~Q7P$3|-W!3|<p6jL@n
zto*8W1Y2UEkfOA0VKjsh(MMpBI=ORP74BcCiMXpZ6{U1Ali7sbG*(~bOG<9?!7ztb
zKH?XnITNaTCJQlDED`+lSP6LXLtzkgn6bHZk;n-VJ99ZqB}xvON;X~LWrw5(MHK1}
z2-oa(SkjuvI5LoxS9qf~IV@50j5b<8e!jcxY-YL`q;Nye7Op88>vc*g!@k&^G`L7l
z?+D@|SI22|=p%g=QPy%X*lCA$)9(q*ozZfm<qtlQKjd&U^y~Dmg?svjK`|J0fKhPa
z!UBh7IiAou`)$nL-C4fn`A5~{kvN%PiIH9mPDr)2uQf%>-9;8vakZZxnlDusaY$`#
zG4@2llz#c_$HYF~({id}&d8|o7&+A?#Wr^yn+_F#>KjS*3xsd6P%$E@!rrwhwPu@2
zlj#0)(6mT;-<r>G$pd4!#6j59j+3s3e<l&S<>yA523ei5zBlGi21gPWjs4cgH&mFw
z2qg0&u4HoHog)MfiLH-Vwf*mQe(^338+S88*&8rehUTB{I@PzBs+DorW@wbtRND4d
z?Gs{s<4uKOTw|K16xYedVQ1RpvN!-Bd`{R<C%q;fU755PR=W8Fx;*swQu{y7?ZDI0
z*M&~T*YQbSX@HYYT&^`=VzbsX)!&nEnNXB?(FM5J_HP8?mhR`vqfVWgKAZ`Z{W2=F
zKmwaCMo@&NrF4f!xN89R-t>K+2S*H(KYMk~ePO&C+83sMC+u`fXf4C0_cfTiYhE_8
zOL>bcUd)2x0OGfa=_BfpWnP311#pqA7Z94<z_)M*^`TkbCG?Wzm-|fDCg0a2RxkMV
zHPIote7}RWJL^22mGfJ82x8=3qh}@_^0Ln3_Y0o%5tAZ3URUKZS_SJr8kKc1rE>1h
zdK|m+LcOvkQ`6c!3F46v-yblo-`P(P;nV1;qPz>b>_%iDn51G*ZGmH*r9@0NF;M?E
z?Zt1tyH}+zFXt^+4l)bO*gFx(GC;8yf(eOJWX<b&H^Ef<xY~)xlc|P#*NdHbTDxGG
z*X{#V#L4q;1KwgPYuEvkzq1J7|Lx@jWG0(HL!84fa*%h%bAM2Un`G5IU;DH>Uqel+
z*{Fcre!<4FfmjDo2DI{l+;=+yn$<<0BGmxp5CPR8Fznq4BFA@%9g)g({+5`sM>PNe
z;(2Mwo34Mg*=QrutTaEj-(Sq-rTc590o%<4pqj)3<dwa_@=E~3higqWvxggV_kG^4
z)v`w25{rL3&8?LEVTeV0V!x~nKPub(9^qmm`ct7kgVAs{P>#@9@}tZh)L#w(GwyA*
z&eTfL6DmvF_@g%w2$o`EOogK?#Xp!LV(W_y0T`|n5z*_jl+}@wsapK-aiqBVHGZau
zr<y^U?ILrK0#MY~rB5V&Z-s0+f3#t=3Tt6k0nP+7Ih<ayzu7sBWZ$387Y{R2&g;hM
zT(FmVuD!^6eW>7y7e01j=C<n5c-DQ~(J$zq>@kt{;TSd0;<2NyYIk3?NMJ9l+71{M
zA;;V=&VS;06b0OBD;GAXQkC-9og-s|$ifl(a7?^9B#mD-^kg_J8L9bNix7akWB;<V
zi*rFo8(mMkPUH?zW=XxW%DeMM$H5uH2$#&9a6~ZS^!$~gV;M$-K-h)J?>>hWqjPfA
zJY|K1S{|sM#~YK<5yGhI)oSG5a26tRj<GvgspxOZAQy;PV*kpa=v2Qq|H5!d3v*cC
zqDnjT^77}=Xi#S~i<~c(ud(2c6o($v`1Q_Qfazp$0klpHn*yo%SjTNOsb|$Z^K*SW
z#P0i?5N3pbt;6M#ZJ}3~RSRLsg$U#wz+eDGAGg!_NB!3l?Yb9(^upTICsv>e|4m%u
z2m`;_VB|3sif-}qV|1VYtbWZ$1Bpzp1p%r;WD9dcB1G0g*GDsK0V;9kfp7<Wd#VYH
z7-*=8adp}GAWSC7Odt6;X-P7{8=(X|+45{)-`@VmzWvfu&rA;7ylmTTFWWW)3P54M
z%9L(<m-SXfcJU>)8-d$*jNtd+c_&ziW3Vt+(9;k9#&TiR-inUio*}~Fz}}y@2%Lby
zw>p}@qZeZ@$l*(ZMeya**E^lDE#B<*D(o04zCd={4Qm;q36g&X^2yj>$T7-|G;$xi
z!%-%Gy*@r<A6yshY&GSByMFrPHT;sWZ%pq1mfqjA($HY9A$(UzVYLd$yWR_CDQ(Z!
zm|<$VUn=VAAN1f@WxoJ$cy%bvNj5v7Kx}AH!mb=nNANr)a6dm(>0l8W!eiM|2i%(=
zaT-P`vD?fFM`oXZOKEAP!L}L0PdSYVVU7WDKEe};n=w~qG|~2iP8eKI<S9t(4F8T!
z26<#<Hi2H>c(xqVhkFlx<9MMCRH9N5)%yIz;m&$<yPKC@AQS<B>=Pw*2r&59O+*l7
z))0UA4|yYeq{kTn_)1nBTid|c|LHUz*3-0h^6g0A`aiaGJn7A~lv?sM=cvl6DmI8Q
zSu#_ujGhecfKQP;ykK5oxNK1`yxf|SXAPU~SbJa~n7{NXarWvp>Y}6_wvpu*0XATW
z!UM2j<Al6tXay{@ws6BSH@pB%R`02Z`igwaG#lGD%bjoHkWdlhX8Q5ttNIy&6lD-)
z{pkG@kzR>0DmBC{Ozz-ALvX$v;nNtui*~=0&`zr-c*PA@rOo5qg<p4x2)6aY6K@Pz
za-cpOWpuDURT|@QJxhJfK93l1l|N?gv-e%Ni?8#{Ku;Dx|H+FB?)8@W%f*+w<(N$(
zSS{8kZG?%Na8gNqwNAB*W3xN?)IG(5lOMW`S5pMWP(>*XHO!I<!004?VFQqjd`$Xi
z5WIgOn$Yi?Kdtde7P*;s_7xFCt=^nm|Bz-Lz>x!X{SeZhW+F&ldveMM3;sgt6qAyP
zXoV}@>(JyrC!e8J_0+2U-qT=Y;1TL|Yz?M~HL=Dp7mLRhny$iFO&)J;H?UP1`F^WM
z!hk2*ql>rtsY##^Yyw^>ZW}CT%zJ~b0X4B=<wi!@4gmk(ABK`AYqdGQDjv5!PPtcn
z?PMHDWstwk1uEA(VB*Gi3GUkku|-#934+_!nm>SAM;($SAk&p5NN3VlQ}O)KpoEoJ
zTt2BmE<a<xcB4JX0Ei%ifLRZr2~Z=yfc(T$W)>3F?qv|5d@~5NI4a7wd~pj6`flay
zNQ4~rJH;Kndp=6Gve9I??9l>>o!^_8jg)RwCR{G_<QIn4MRE536bKYECdk@FpLM-3
z;A)i27D*E4Yt70KdP7!Xf4uWy^uK*;N7zw{&w=5Z4grJsnbTt0Y-RFDev0S)(7KW>
zcE@O$T0;sTMjOnH1!?mkYa}z9l_IRC(YZ}uM7lJQTr#o#)dEDsvn?Eu=krXTZUVXG
zZtyO(Cl5dgB-~{42tvPUtN%$QcmHE5fgaR<yk%(&F6@)ZR6I{0Mbl>U*fQ@tuOZ`H
zzePPyU?%5z2&V<DcfNG{LCjEl_O$9XTgMY7uFCF7zbA%XzsrN4IDmjkHj8XBTzl5X
zs~nQ%bdlSxN5Nt6D1ywHjZ1rW^PB$PB$OCPAfKQk2}dG@1qHR<Hx+c$IG^e%?IeoJ
z=Sk;OS2JR>S|eTVj0w=TW)K5FVejCBjPGo<3F_enq)78&YKK+bI@H_9suKa^7y2r}
z#y12!FrIhj3$<ab&#P`~^*Ua}etfq^0K3b#`_(L__7}e6*8A{zM}en6!IMJStT!#s
zPf-1B?)O)x-WQ)Om!$y<Y3vfMmLzN@Q$bJ_u_{;*^><Bx|Am6uE?m@jNgzeY_9G<Y
z*{P58uKal9rHsI(9Dvm_^bD(MyFauW;l8)(AABpRrCw{EL7=*8_|)veIX$k(V>R>P
zggLv_a!Vyhp$?#=x)R40J=UM~7ww!4fRvlwEwA@R$lD1H#L*T2H!~UCNAQlk*X49?
zOoSi<IAL+Gc<<Z`3jZyNAil>9QBtqPG=@n^!zuhGD{}LLhFOd{28`B>mM5y>CfmKw
z^)fB9EoOPZ5*K0E_#WBl*#p>}{Z(V6&?gWCh=xpi-Y-Zn48>$<82sYc#taO-;buQ>
z#V?b0lAVECD7H~ogvg!KgpyXJEp~54^!xB`*p42V>6B!C@o?MK1m~T(DPd?Iq$Y5-
z(0OD2dQsg$Zkb_erU^B(EI`7aj6HuWwSy~^t@((zeLptTDMAgFxQqGmssFhxy(-D0
zuP+A=5^5JPbZ*=mq$wP5=;YSZ{`J7d>08LI8tNIGwBl!0*14vutG6^?6Wj%1i}q8R
zj>TlK8wDOS2L9}vWegcXQM1WWv)_2hpBKf8*61S^f0_ySEv&9Im5r!6r?QT&AkXOg
zuw=jY(dLRWKSHP{K7A<FX@?upq>E`X-Grs0m@U~WlF!2rxG^i>KU#SpM!>1^d-NxI
zzz)QxLsB|%d^*zPxScCXf|Z|Xb_w}D5=|ba467r$kBJyF_6G^*CPT--uvSTr4Sw)9
z>dp3tk41qhh3DV%qJd(9NKkbuhTHymTr;FaFPu6*%5z6oA%&Cnjc>lPuyB<##{K(A
z7VWrq5{{&dbhf=^kC!r#b&3|YuO@&MzL`v=^#j-4<GJ;blbK33wb3Cqn5tuM*Uuta
z!xz)6(XsP7^J^s<hIt7QyaSGmzf!j~(3fazhrDp@fs!R=zdF!L58$lhTMRGciz=%$
zTXbZ9^0n$}h77@Mhcl>IkE{%1&8B&KKD!sod6amN)5?*{yxtf+#rD|S{Du{yU`c3+
zCu?Z^q>RtUKR5xqD;#~iwt^paixq!IJQne=OsRxDs%YEDcZn%hMqEwXC;i{aRGoTQ
z+M>so_<qg5;RvAe&1uO;-9lgIJ^HbnS^ue_9lS<Fe0vMu?_;wbQh{ZRnNc1#HOsqt
zi-3ui*N1`$YvHNvP{&RQZMElC4hdDKe&BnVgpL`AohM)5E7|$|%tAH-(knI{zBnIZ
zHgZ`4r4HmNphHX}`fL-u0+1i(%k~1#mdH@9Do~nF2JOg13`SSyW!o+}5W*A5AV8?_
za~S^#HooRtApvvcqQD1}CYPY)QimQ>L3o}wbn0?7OssNtd=)AFbX9ksFP+M}gGrsB
z;@p8a9Enr+-kInT5YDti#Co+0y{ZZg!(kZ(wBd;q)AD%CV$`gWF)@OO+&4%$d3nim
z9kqNtE*sz4pgb9Ee<vS)$mfS`{mBM99a(whd~|=0`-OJ<`@_2Z&SJ?6NNQBbp9Xg;
z+Rv^~sSeYsrq_TBXB8<L^@376o&N+j0Hl?0vwQ4uuOTe_rfBj}>Kjz2x@fR*x%u43
zaY2w>v0&lC{yT5PZ~aW}Umh=6R8~pt+lM$K4gnETkU&+-XD-Rk07T_%pQU1HYv5=K
z|C9*E;l+PIkDpaZoc%OX^nMj6m!K?hP^6kFmGUyoSmvc;SXGkp*4v<l5cw=HXIRqi
z$*->JUkrkZOnRT*TUHh_l6|9!^2S7&DOL-@Z^}e;Fpfj3_!3!%|K$7;kHh1Pek)A<
zjeL=C&HJr;>opYD{dgg&u-%yyrrSxj5@a6iIUG?#L=V=)D?Hm}%loJ`&kK_FeZl}^
zTueE>Y)DuJ-E1MM>?*2`mDvu+bL0KEFXmJsaX=eF<phtzG_BgnU1zbx52uRvQ^BGj
zQ6;4DdIw!Hxs!xCva`BDlXY*tg*;#g;R3blZ6r+Pf|J4qsb=mHc_6NYErx#zKPwi+
z7op0{fjEjyP-+hdp8_gG2TujB*aLj~6wG#JEky`IvL?}?x6!(E;N*pOwC{R42TW$a
zqu|`3#AF}5y}ZP+j+1Nbz7@@gTGa9WnEBFw0E@gt>t<{E0jXI=WWtbE1+S!r*imgC
z;uO`iL(RRD1hd9+A`V9HHGd{kx&uK*Xs#r}7tl*k{}XH&F!3nXXn+lf+QT>qnP&c)
z?YOf-RH)SAssW?ryqotv;LG@VLd`E=2dR+L@rc|p&;rj6n>@-qN*~*@S;B~X&zs^W
z?m)ufyz+`xvofJg-wIAlY5Wd5<=icTA4{tY@vP^s86SVD*0Jo*KLb8!t)B#DZr`A`
zpw@X|yxLA%UqY8jMB;^F^b)!ymN6DU=oT6O30=Or3ayqmldbxBJLm7(4gw=Lg1ZVC
z&W%WT0A8fRs=@DY6|>yt%?{{LVtIO;Ao1NU)h-G-W2)QXC%*I%o$VDr;df88sEVBj
z)t<@`bbQ#0|6o06%70QxOnm=0#REX?CU47Q)T4p`DH(q44p|LAk_0%5Ig^u<kp$M|
zKTf+b)9n&E7zz}Nl&T%}l@Q{cODxh~%kCXid5TCSF|O9FP*X$tqdy2=0Row>Rk(mc
znSh_hQA+lFgz=gHl{?rRk~q<X&`(ldu|!!_YJkyK8iF4FYB%qBz1)f*A#ci&(Hql4
zp#^Al5@e!>LU6q5^7B5WOTTnH#LZlf7Yv15gtc53qdvMsm%M~7XMLUp1jyu{(j<X#
ze;FM?GwwV3H3728sVzFW2Hdr?xO|~SyO9>j$=$s1$3v@Yl%Lk$idoT`^(>;No>k68
zI)G7Ogh;x8$^?#8b5JK%dH+BVi`JOZg<T{xUnVx^jrnEg93*B6fiIETl2#8AEX%;-
zMsx%)Bt&j!AA%3vmjJcI019w)T<SZ{m}`$GfSr5NdD1*LcjywzS%4u+E|nw*U;r`0
zx!kLD6RZsGcG&9_pErJjrcxLj_RtjLRlR1+!an-07!a#+F3|2PXD!?_=LK&LP?DB`
zwoCFlMIw4PBsYUMcdt{EC^t*9By(L&Py!_8TX}LnzKB%-inYw9%V`svxF)sSYe1Mh
zUIPx~=32@a1!`-nvE4fKgFImJ01uZFcwSSam^<KVG(J~6t=Oc7o+{*S`I)JFB$qbt
zh3kmV0;5HkrdX)r_2GEJ9|cu<i<Z?ouxC*FQ`v*F92-c57iMl$_eXg?&(-!Ak(QUr
zXwh}zUP5f70oeghq=3Fs@w;!Yd?G3H;r3+cC=`h{LQTGnt6)l$v&N1!I>?~IZ4%Px
zAKf_=npbI<`xpm8QgUwd!b6Ee85&n=xeqG@e}Kkf0rdN3S1a6sDilzL@b2F1yjpxe
zg>;PO0pqP0D`*E}CK}$H69z&wx9`97u`vz+#R@uqd524z^A3CY%9|*HKn6uscsZOq
z@Q%l?57sNZI|&XGAY$5-ECi5+Fn8Iz_hrn{%@v<*5G?u^zJKy_chn=6Y`KG<wDARB
z?A|kVG}Noqd0H&r&pEFb!!*JDjthEMU!Z*d?r;JGR1(UoM&&UvxwwTC-`egKNb*mQ
zHntxhhFpqq<E2e@OJZ=y8Yr?HFe1tf#}?(c>3`))r{&kC&L26wP26-%C7@O;91K=F
zRBb6vyW`HnsY{139f;eY@Z+L@N(%O}+zVrV`pPEiNZ4;0YcvVJ7<Zab){|kp@Y#@3
z?;51<F=<&aVtk2d@GLm@ZOdjt_JZD5)t49x4Y`Jo4Z&`n`AMtA@UlPh{;RY+kcu9H
zd%0jYog27+V(zCLIsr121OWCt6WY%cMKww3n%9cS8=~%E=iy#=PycvIvFC>NaP94-
zP9WQA((R>~eP2C?P<H)hi93Hdw{o0nQi%_i8UB3s%~OjhaAd?@9o#u?ZPx9ogL#HI
zK+%?H<8`O2v(q7T_$rBDpq-!@=*)9C<G^|ej_S7W+-dc5$?ZZ(XfU0HJfFF6p!&Xx
zp#uwd3$GR(RB>WwNHSoY+BYIGG-cHR@XAAC6o&sscp{UFgygN9+xRPU1s$->-1_N-
zB2#C%bQ4yE9X!YcIAm%0E}D^@R+k9;Btjbpbb0S8LZ4`!HR~+#F5k;)Y2gDxT#Ed8
zbo#83XfC%a1s(`*Tu8m-TEIn3m_)MWW{r+NzfrRp+6CYn?3$mc!Xi-=J{{%m0_aEH
zuNF6I{tm!iMs?RfSEC1e??XSmZ)7l`g>LB4Qqw0t2F)JbpDAytoMm=9^riu3gSDu$
zFvF*68^heo%EL`Hxb^|K@zW9TsF^UXWGd3K4j&QYhqEt9=}q!}??V-EVv5<BOC%oE
zS>y`UWR6_z)GP-#N<|&&*=E>igZ8E*WyCdIIIe7syETalH60B|0P5`Eq$^dietUao
zHJK;N=Hc5mOm!G7ZAoph7hzlI2K!{aqk~#%TR@yuCArV+l)6UmppZ{Pl~Ezxh|sPC
zSU{xkGwY9jN=MyOnL17EeZA8-+GJq-3r+n-59OzljDC<IVLQQAWVn!p3?i>)u;h;o
zbe2}#3Yfz#V*HpYq{iW0_($i}44WUB>JDTMKaBEwy&<;k-R;wyzx0e7nz?Jy)yBz2
zT_5&%O)aneAjF3NnQ;ud<Ms4~+neT|H{l)AZ}bv`g6GRC>SfaKo9l9Opsynes#3Vb
zZl8KaZWoB2SH@qVD?W!h;ES;K^h<u=_Bcpz{Ux%@9;*~}mo#Syn&~}E!8>M-?{Pyb
zzw)kd2@^l71vCXZNa@spPl)5DiXJd4@2FW1x7~biqrB7AfK9XR+$+_S)WH14q|GvZ
zq2l{Q?;T9eQh4gH%v`ZAeN$z1Azn-r-$%5+A<*$6K@$=}fQXz6(vU!qARh1{iTDo}
z0Rx~skVtqorF^b0I;3A3a2TH|rQRlhhrzRG5X9v&64bAF!|ehremN=U^C6a<qOw-1
zp&{gDNUwULuXW=Ah@PpuhU&FnuwD$|Y^d)Q&;V|pyjNutJ5uTC{82%S63h3as(>IZ
z>V)QMR|z7EWv9TaG-wVLpFXL}BIS$=e<sQ-S=z$xRTNz_NBr+jM&^N(G+7)Y!7Q<O
z?M2R9XG$C~bx2nb;vWgGinZ&M3eXPcS_ag;gklCPE9wIasnEM&@pINbrp8I%5jlH>
z&PBy$O&6;bOlB6p(#=5M^f9kD8nMi&Hj+XubH@@m<(KOZ^5<1OFf*ta0&t2H%$Ld^
zupdnw-VwiKy`a;QNo3S5rhScTY6XwYm<?3#)QU2bRWY%==gjOyldh*iXMZEVl}SPd
zf}1P^bkbHkhv!K<ggIVxOqv7EdkCkCf_#);ULN^E+q>J%i`HcvpO{E|uxH>)g<>`u
z#&rc+05=QAprLDEr<XTFn6PI@nH8tmSyKrTSpgu_OaMZSRMZJCEYGVl8u@U_os0n6
zJ|LL&+1yE5IvZ}DR8}r*6p2Xsm&KA>VC(RlxZOFJZdmGg?DTpbTszzixm`Y^?>blm
z7;xCK=L-C3)aObSTvsND2pP`L$CE@Wu`98Wk-ST8{9H9ra@9VC5d4Uy;B$;wQWybK
z5=sHg8>M+b0lYI|^BhBu2H5rRLP7NFX;X(-IMzSds=N$#yb_S}`$r^Y&IDP_d`taH
zG^>)7%G7k#F`#t_y-mQyJgx?JYd_Pa3UmM6z}E~q2F>G>&1zaKfFi@*M}1$pd^iWm
z2n!3BgUpv(Qyq_gm56G?<1i~^I9j9VB0ir+h?sQ4-V;E0L&kK#=O?^a8RdVuwY_ME
zdd?Zk@}%-BL5hd;x*?`BpOtvXHPS>FU`<bRJ6b-aeL#yL1D5Bj%3i9ZY3c6=Jxr9T
zoh;J^4rOYJ)P+%3xSZk~*8~|;3)d5wLw+$$9Io}85g%d#%>e`r?kh3pI}Bu$LQ<L6
zJPgHZ4b6fp#i^0qdSQYq@+Z*U0$0*_U|KL*Cv<?6-*h(LW^@jaw4!4mZIpI(2?{-R
z^nu@BPYhzo#}?|)*`%<1e%p;DLphA>RXID;ua}I+@ipbQK^fs22&B8p<*!xwfJ&fU
zBLD#}dsm*EgBz37wtjQk;v>43$4sea@nS6XMk%3dCDGqd?q2~?AeeTEOW!EolS0KJ
z41gsQ)985E6GH4I<hai}G&Gd+iTgGI5V{z1k^ZTpV?+ViO_3NB!fHTh-H6;Anj8C5
zN|gqog~nTi0>9E}59vhU#9LfP&6V18zS!kwN6zl!Fy4Y{gBj)FLfs4}?zIJ$fK7k`
ztUd2{nyZ@1SwkST1pI#AfiPZ;#XVDVGVAjLW7rt9NuTboFb?fxC8fpne!H^KVh|Yo
z!wcZwrA^{QVEiX2-tl|2q+TmIy@(z32)L|~doxzNQ$>ndog(3*rJ5Wjw`b^?#yNaZ
zpMa}TFhN7N7fosue%v<(U~FSvNBOCzxuRN`qpJx9Gy}1QAI>2y_&n=B9M8{(0H&Bk
zuvzz7z=|wQxkOIrR|4<&H%OoyMp08y7?`P;`I8F$-k2y%epqyDT^xtI%$pc`1+;we
zL`UeD?p7s?1#_pv&4l09A{E46Z>un<ZTb54M>7N<YUJtv!*K48$=CC5;^9Iu&0Xws
zEFjfCRerXPYengIg`#j*mgEFr2(R%MCBOIrI;!Vi(b5l?2O9yPuU9xe7k_UA0SHbi
zjv4k}%uN2W0Qk=@F?xWXSQ|Mt;3%eWO)CbgmE+7AwEw$n@+BgKD5DeI_)lAu|GdP1
zWjfxsz~iNk?q5x(a3<{;wIC_@%UDGnSU#H=lw#!ny&V6)KSU?sh14Y$*y9a01rlr@
zuyp?U=g~d92ezx{cj7RA)93xyef`U4#25g#5-Zep#v^+ojs{s)$%!nw06fa?J1_Ou
zm@YLb-2eXU{`CW7Fo0i-M`~8!!33^Gx0n+K+>s3K%Q|C~iD&<toc248|8jNv&o8X*
zNE84Kv$$B2D!|jCisQ-kPDAOMmU18O2bWxw-0wlT6>#kV9Lp$){~nwFH)G~sKaB7z
zuj=+SaAV(jFCk=4qA2-(=jTj5K!PLWQxrq>|MqrxRry{_66X!Y0)?k${8ki|{F|%g
zflEp=0ddJb6)55U|M+rJwEm*^=%8fM)1O}K&5dLK4is@{;EGg4nEZ?X`uF_j!~2_`
zeUBl25e8(gkP=}_?2e+>y}asbpwuZFx6SE#NeO@ROaJ3H#mRu%h(Zc0G!hT&iDKjJ
zrUouR@%ZwtFSG?ry#B*R=zois?w~)5TUhplYWS4g0a$swSiHc?Fjyg$K>fXPP6ByL
z<{k2FbHo*7%7J9hzEOeJNA`dBp7J<=yX{wquh#&mQf+BRm<y%u1})&Ty2QP|^JpMB
z@bh5uB)PcX_nn6c#^rjM0n9PR|6pYg6Gb+EJ^z2tyMObqKpZfG)aCcEz>`L=YbSyH
z-Qnm20J-Wwh7zmyAKPh*2UDSX3CdKVnk-xG_KNI$!!vZruhw)7ix1h0OHkteoojx;
z&7?R2k95DfDSMpo|K<&S7kvpq3g?1wMF#o`QT7D1-z%9{RRnmJq-9X{|Ez?lN>dg9
zS-5*@RqWOldc8O(==a}Z9Rl3wA~EUi-~46&wLZKm!+`(&u>ki8SocKEv4;h`Y9Qc^
z2>Aiu4u+kZ9VqFg(wuSplvCXZLv@}8G($p9_-ZXVk+sJhf^LX-vb|;s1%m%l-YQ)c
zW`~!}xqSVVTH)nb-WdO9(>Q%u3a7lX{r`0fe;4M`o-h88MHWgJkNwZTXYQni)ka2j
zd9c8&7~rOuOyo+D_JC{zktjYueEj$kFnTeKNl!0(!i*=-+DG?}SKe4lE+Y-lZLTnq
zFH~&+L;qM|_NR-BCU{M(&c?k|VWPRW+=x8&IaB!s#oembQ0rdB>6V5E+w6~Bzt@9g
zcfHstD3CElhLC>Qn%VtyBouS-UoXOi<8dhMEyymy8&4NwO%=!ogyXXDhhTy}SUTlr
z-^w3+?OOS&g9)x8l%P;5fb2~z^gktGUT9#Q0f!v};j9<{3;~JOGiM!#d7i-<Z?}>a
z9|6LjC_p@`xXb~VH8D|9{5UL@*?w@Cv$^f<z_B=TQ-v@uaYXhh?I1xqeP^+Ofys1I
z<q$Aj@Ts+0F0CD5-=`_mnA4<S(8S<&I+&GaFdPh2$D$Ce6GJz>^>MVEE%%x()3#!>
zvsK={4(aPdk=RlKgugBo*$uWw_s4B;?5b@Z?t9ZEP4n8VU$B6|AiHyEw&hy_?v#5s
zD!{Nc6!4}ljoQo2(&j(0_1%g|ebumk)jCw5cWYbC+4i+Hr7jJDfD2##F_t<mZ`sLI
zxCDoEd~CgKTq1fJrjMEoLSN#ooU-Y}R!me<;gLQ^tyLD}`Sv`9T#h(;?AA&<xc$y3
z(E{UUe|%n7((9V>$NTF7A&UjyoClpSY$kN9;ZiJ-aQuwU&<Lc>gHg&>{ZkTWQW6rG
zLw1J-M1^dwCa1AqEq)jKWn;$0rxqM(n5$3+I~7^gR>xY(=r@;3RvxTa5?D+w+>|5d
z!RnohzHI%~dsAjI-NEQX0<{ZJtOPxlB;cn7fFB=3TR1Maq@Np{sOMNj3<!T)uYIVL
zyY6;>y698t$c{K*QJT5b<TwT}R(F1Q$w(gd*Ky>wA<m}Sox6kG+GAO^$$vggHW*5-
zlTnmTVfE@Y(lPH^cZ<{HAjWgMN;IO3e(YO6j$(OcJ6U3oyHgpS%9r)IyE>ErR%0Ge
zTqiM_$W0yy?S7i<mvHf}{EDabwdroJXbO(!y@&^&es4IfjdBU2R>1gIv!JHYwaCBE
z-ZEfFqiy$biXIUZ&gf|QmMTgdyfE*4_%I8VO2l6*Kg7kwGjj&w#<`r9@i>i^oNrbG
z3f!*oCDW3mBe<>-F72(Kvm&^21(l4zcX#8|pKv*ks%@6tujSLZ-6wb3o*#9SI9SRP
zo&avQ_*9XyQ~#DT?nV_LEa6R!5P4a8eHC)tURTn|%wgO&E05)$+1s=wJ77QPLcPqG
zCf8sW*^is;e0~8)PWn;9Hh#@BF!~t-)*>dSvK$K#8(+w{-`pJo3bi~yaFUzdXu1!S
zE9Sav22jXxr@#1i#T(4F<_|9>)}+#45DD?%Ef;(nYx2utn$vC#YJAOTGO6dts#1xa
zcGrMm$(rbi>0BWblhrrj{pr#SMe6u{8lv<mm-Ysuvevy>;P82qfw&=}?N9NkzufQX
z#d6fTw!XfrFqsgZkEx^AV`p<QMGAy!FH$<3pZw6IAE}bV#nYeNsz|Lo+5_KkC-cqI
z@o+jiNVrCktI6>&o2?2=&@(Ui@$QI)=iy9F7_h#A*^sL<WZ`i*o>NDz%#5u7w1uty
zS0K<=!s%K~x58z@AQ+}i{^0p4BNkfCC;>M(IDzn9vtBq$!=;L?vR;TXX~~mu|0gbk
zafna8nvd?h@dnpeyY~>|`yUrQ^6K|Xn@oV|e_^5L<G$DnnPonF#)(8RVSuMmI<hRy
z<Bl@EA(OoG`X@jM!Zsbx4ibOMv<KK2(3|#To{^h&=kWncZ3!HaQ?$kPQcf8V4@|vG
z>Ei3Dm9fhNOn%gKX&T!A8`gi16oFFW^}o@Z^R6zhP^?c^`Bjf!oz}m7yt~ZedA`M{
z$v*?$@HoItSS^?Zfc<YDnoo#@IA3fUy!(|K%k4(EA^-)EdQDM~ip-|#UV&$U{+3HB
z`LrLD=7+O*L+^OYXTbM$7hnpEHSIBICHSJLfjLQ&dt<J+-)<`B3x!}%39bVOk2V;x
zlVbr5N^@z;6Io$D+%iG)^M}KQZRwV7EIv=8Bm78V69?27+nKzo85c4q6HxhA50m&U
z@jkP^m;x7+x1p$DiU}u+O`mvj!oj^eV9B@yf_}aofYkeuw$!8;2EfV`v@N71sx86K
zWeUB6=d3G$FGNl%V0f|`)jt-M;#Y0Aji4BD83FhSemR|Y5;z%m*tGg37}7wSr?x6K
z<H`P|XWjLl)Oo6C`RlyX4w`~x=jFrY%sQtB6$BCBYDWqH4pjBp3OJMnL-|sMO651k
z01c(}eh5*dC2p*4`4yS7B77~=ygz^^y|mRpA|0!Y0vdW34#y+@8dFGU2MXwOlF8<3
zz6z_O6jg;Eb|#!d)Ryy5pj(^gZaDg|<m`Ml0)xc!)(;Cqc~9IcWF<@2FdGvFG0fgG
zFT%0XCa~aoAX8u`inm#wluLk50oM4<K_@M<3ORNHCseSW2VZF5d-WbQGm3St^LR8R
z;x%l88hy{VNAdvad%2+I@VF~pFxZUBy>(Dy<XY(ekf_9g*5LskW{d(>t2JN`SRzsa
z0l#wlvHsy#-v8x)^DBS2y5_xnb5n1#ZoF7uVL!w)Bf}1|^t>1od3f&B`K5x1p8~BF
zd0eJMi)2Zz!us2@{NcR^X-9H3froRYR;uAh8W=)Rox)*H)?2jfg=&{`!xztf2Sr@|
z%8#Vv<nk|c6^Z!L_HM|(49kxl>3d*MHMPVZIhUZdwh%`<{o&V7a<U|-E_6L&|Ip&}
zg>o<emL@|B_XAJ2@Y!BUiYUv4XpXm!$Zk!A#O_JOY{y4`%|TQsDrJgK0&fiE^rnI@
zrZ3<bSwP?YcVo1|d;MQwJaN#Qyk>Uj7o2ai(iVLUAB8OkxXQp3Y5}*jI@%$XuPAJW
zFjJEv_B}aYDw&2q3G#evyw*ZpL8}d-tgB0HvP6WJOYf<ft=fHI8Y%rEe8HaGy_tup
z-Hat*Tm3Iz^RyRVbMa!u5J2mI+$>VMBGb~aKl5gyPuLu~3s|N^&WeQ!iFcJB$$x4P
zI?`?%eL%VnC*Tow*qhcj$UD#pJQRIou2ovddqa;(<wDl*9;JPt?AYTx3*DnXe~@Gg
z_D#?*0y@$!;PR!?w5rV%f=r04mjpLB4hS1%fR6PbSf&>!t;})ME<-;oO*#l?hNXB4
z9I>OLpmvp2U%W-ITTs}9;&be&rnGr)ch?S&a61(75vdTF2&e8;qxtLhhKiIY!O5LF
z*yZj^Hnf&I2?nxX-MdAbUOYzQQB|t!Q>K{*`gc_079M8ozWTnVn614X2zG%oz91n2
zAUcEVc$A*SCp?PVsAJF%cn=`j;Z_4q@sJ)1NmNZ*5QMzUirwo;G(}E@{)ZF@m_)p|
zoGWO@B8B}5Fz58>dQoyMxf7GDBl0})mbC(^Dgi>Q%cCXr0^e1Ub70sZ<MRgISymsX
ztwvkoTXK1MfDD1!7#w6*;|UUV;x6D1NV(}{(9HYgI*6rR0N1Gk)eOsW-hNuu$Y#gC
zEx+4usrbYe;55A9vWezNNMO<H?iy52S;)irr^C6>K-A5aW44(lK$?=NX-JF(@J3UO
zVv;fusJiTIY{i{qNE~CWqv7&_$^X^a94-9coz2l(K1wH?=bd_OY$)`bFGwR}_e9{K
zPRmg^)`&_dUkm0>;Ifu$`>|2e(8#R9ROE-6)yDPps*M#DBR7AiV|Kb4q&u*FMTF~i
zu~&j2j!3{Rh)Nz>BSj9C^<HKXqHK$HyuhI7?dHxnX-Fao8g?-9Q|eevlbrp0g*(nr
zG6#oi7H6*UNcI2;nG!yaM+yvnfQkvF7csyRd)af7up&ODtbnyc`by+~(G5>xchURV
zk}W)xG?`^YNaH%32^pNQtq`|l!|>ebU}iEEY@plMXur=_V>Tn(o3U17*LzjYsD*IT
zJ!Iu^Q!H@4)*Fg7k=M2OmSq`=*gc)s&$6Em&yLtR(PZ#YrR{y9%X^D9fa5lq5)|-q
zR!7^@CFomJBm4D;C$}&lVO27*v$NY>a$1&M?gSjp)`M5jtvof@H2G1x@0z@Ils|sR
z)(D86A)4m?@-ff+Z^mqYTJje-Dz@M|(8&h{S>A^h*#nCxTdUbwrOksY2lo{}%1=@K
z-Y5Qncu<6ju&XQk<-uHtr?Vvxrjwi98JgAhyC~>))}!C~#8Y7)IUg_NYd2SVH#{Ei
z<<$WD_0=&IS|qE!k?lIJ-qE%0kj}HupFfWtdwN!|bGu%As<vEW-<!w-0S7KsQi;B&
zTJiJQl+?KcSbe)I?LO@fk?F^P1v)5YlDOFg{x1u38Ms7FmndQlNCv@K=acq;`XMgG
z;QOO{oXw35-yDC_8DJooAJbS&o^b#)G|J*b1Du%q9RkIlbDe28yVL+fOs><e=*bL$
z06NK~tr^zFc9Q>p{^y!X@7jqeCJnbnw2|l~2mdlskXuK}=Cb2_16ONqzc(55!cf}V
zX?8h>)?YLg@P8}2fkctU38*lpCrr)LTnu>}zVw7*F#@Mr)f`S5(wHYI0r6$*X%pT2
zf*0Js$r%Hh=bapSi5=zh%#>N~GIv-9OQlc94fA=Ex=eAl)ppOwg|azdd^vEn*6Saz
znLsg&UhA7T&xdV&nE+%zCf`<^0l*5@teH%u@~I#8mxOa}4W~_kGJ)=LNIXND7F#aN
zSN!5=7B{JmOaY53!&Yc-Di@{(@IFam63u=O*e&@V`dxH3*Tgh&Robd_s!in^nJLwo
zY6L_%yX~hvGI}m4VOQyJIfz+_x_^|90f9Vln(oB9{O>pu=VJtPYWp_mJ-z~NgjVWm
zK>J16Vn7WT)l0oH0QqM7n1(S^x0~%xf5|cQ+YU`)!kT$6f`$d@!Y4E4?*Z7KL;kTp
zf2AdpJCPxBt}12w{N!HP)+7cMWokNMSa<^@d{w?pLQ*Dk!I}hLukzdzed_!25EwPb
zF8;&#i9Dqfzygl{7r<cVGsx&e?VTIWgAPziPA@<~HG|p~)q(Y+h#Y#4CF+>4jLK%O
z!Ostds)0aZ3-bU*4=G6auA|6=p#pGA(56J*wY#f=)sIPuDs((Qd&jfhAenc%&ceUM
zhYn4`8sozaUBm1P%QR%sMt9C?;ih=v?Fnt57JDk>nZj%kWr3ckI@jI`7lnLB{gx#8
zjB}ePd)bu?dQMdyKLnlHi%#st*0z^BXdlKK^R0fF<x-=#YCpgOoN;QqT{YtD=Vg<g
zu2!|{H^#fkY_PXMpuX^@vS%{>A?}+BmN1mYrpX1x7Hi<d$xxJv4M#X3wdQiBtp96#
zm+xdi51nQ94cRXhn6In|xO!OI9yaI61l*mBVl;Bgh}qT8`&aj0C$3>)_G;fA@`({T
zPnBt>f5#5HeIfX4#FJ~0ovUIkyNHBg=V&6_c1Z}aEI$}c8J)Oaw_N{H+~zwmohik8
zd^mr{|5Iev^O?iDtyhHHdG0m~mhP$Rj%(m&|8jE6b1729v4GHRlQ+)6SHJjUjf&c(
zU5;<JT;<<&KAmu=7C#Qscmjta5G_*<?c=SnQ1>6|L(Yah6f=1~aq{OYlEd|FuU)^d
zN)erDzrb1M%W~(rS`UbCwY=N*En0Y5->jnt9WuE)`V_d7eEu6P)eBn0s`(d0)`|;)
zECZZ*M*%<c%~3Hti(Y7q4}da?;farvGlk&e3RE^Q#7)9PG4tQl?$<RcXU*ut2CUmG
zRg!?CW=7Lhncj5K6zR4*KHQvMJe-gCrR?=)SiJO|4(5QjKw%_0dzWt_63-|C&J}Tq
zMuQw)>rvzW&RWQGdLqf^`-xA_A_QMf_<qvor2_L6d03E&x1?h?dOQbd768zUzo<E~
zE9cu8W%6COQ|l5rF-w0S?|1m%e3UQO`xO|QVz4#!=ST;_!|y!p{&s=&R&9?;7EMEC
zDCg;-3C@SdTK6eeFzJAH6Com&XFePq35zfEV1oSnTiqA0l+f<$WzP|sIGC7<2qH9{
zIJl29K-LxbBETv|^X{L{=4#c@1<J=XfVa7T=dU~`0dBxD>I2go>ysB&CBZehZ%W;Q
zNhb+%WNrEPdWwL7R#5c;aP*nhqN`#-GT}4Ofnf^AF!tFdfb(MbvDM6V;q3NPwZmC}
zq@!jU62<H-mB5o~9625%qoJHSBvG5K^`_#0Q=eRZh{>93K1A91lWv!nOGM$Kk6zRH
zcmxw0LZTsq>+vF?33?Oi5EuLqkX3+?MV6$%>cfH{2_Q8R^evO7Wttw8-buv&Ka72K
zRFv)Zwh~e*4GL09r-*{Ibhj|%0K(ASjg+K-w3J9nBQP{WN{52<zyJzJch`6Go^!t6
z_dDlZ>pN@BKR#;)XP)Q2_r3SEuj|^AuwxR@{6@BkmSVGlMirE|em*;jv0&&bXJ72Z
z)pzVooEi>60Vj%+&Fzu0`qjIlZ+Ui8fqR?NmwTH6_QqOq1FVZhPTbFa2P_M$&Tc2m
z%`hf1_z&4+miQu4xJ1j(Ac|UYI91T5W<<jK-e0{YZdd&NVvJl!=55~=q@<^9+G`fh
zVWj>{v0uFLRo84KY@5*1-8DVhYHpn;KH+hVG6wVyvm|uP8k#4W%P(~K&I6X`6>A>Z
z7;AyoWW-UR{dG~d=NF5IBNjd_q*OZ}Q!Xs<yt`<O_**-|)3Hf?NlEn$eZlF5Un>l1
z$$%EXCX8}eOCb8ip_kq%oM$hBGATeSf78eMM&BoU$7FXKZ>h)F9?!i3@w(JYi9zW6
z`1qYAUP}S(;#7@mWcc2+IDJSZ0rly-*+%zX$8RrdoEDMij>|48WNCv%r2UCTelbjg
z8?6+CB}8;5Rk9?OEp)QQx~1<(*hx%M!KW2#l<OyX+E!0_PlIfqka{esFJ_#P&%P69
zHZK`Ft-&OGQsO~(@wr6kAvZ+d$CV{tU+>9D6)on1@gW6d)dl+@q<rt%0Nw3gg0*y=
z*GSnd@&S!;pEV3pkNVBVnY{<EpRav)xbVqU`LvLISjO&G>i#+GG_&K%hN1F+NlP-d
z<t^&@pss#F=}ueouYA$K7NK9|_dBI3p-3lZy}76*C!8iU1C=bA1*k?YMgTd~3Q!7U
zo_G0OLX$oBmse5C67QPw3|PfIkh@=_?^I134GC^10QgC@d+;Mqx5<mMAzs^rZvz}q
zG>QT=F8@pJ_tIV&u)fCna)S5kpA~!!=^h9^4Le9>i~EYz!1!zhZ6bgTQug}T_;H%K
z+vQc6;SXhC3JbsW1Ld3LymF<*MW~dlmLr|Y=~?q3YC=PM6GIT+ttH5SCP#$tGR&oH
z=5l|DV(S9ucuqU_7ySHDM4@kHoeCQLtABqLhTp=3l6b71KH>-<x0_xl6~GX>)kzs&
zQK?b%n&oo7yAuozkpa^ybN4^S00i86m#E~FcK%*>a4-gp|8Xq|v+66n=SH{Dl4uEh
zq)3#~coPdUy{1Qpz(lFUu?mdKc|Jx)X+0cqFbK`uTj#pco@jw%_z}O;pPF5>XC;;-
zn%OT#3-T0_``F44Bwsjn+~c$O`mltUwB_Wj&GFXknUY$r1jZi7R^RYh^nBzg@aunQ
zuPz~UG{B?6)Qf){Rp<GDlCqfp#O!Ti%)P#6(-1?Yqe=?0t)Nh&H;gD=$46x^*(h9J
zQfaIVso?5k(B7rwRm_O_=!LTM%+T@0Fd<s?iE$bFC^GA1&35U)2r?{zK9p{NYvRC1
zo^==R(n;I%xt{kf_dXLgLQ6b_{)A)^kLwz(|B2)hNnRZ-=ohqa$tmHaj{uIjSaM8>
zv7cR5N90RBXdJuuC6t>Eq;Pwot}5)aRML2rq@y1hGhrcV_?;4<IrA>Zv+kZt)-yGw
z)z<FiO!u|!gx-C)$lrCJo$A#=_;x~#?e<YFCdIyOE&S+ro3bvMhw()(!=6`>rDgd0
zUY1Ynukl-mui(FfMLrr~K)aPc#UK0WFqvQT+s7T$c-p90>as|?QSmd-3@DQvPd{Ys
z{2k}LmK=W%hsktu!`3Yh<*PUEx>w%9Ad{rHm+W+}ex*kaF8@>i+%aUpphYjaRIMSl
zX|AkrC@4&VNx6S0h>0H5Nqz54?QCuD?rQj>=n-UfsSpm9S$lihhg`aJf<Aju8!tWd
zahbUvmW1U&7H@Sf^?xAMl$9s;XtPpfU>Le<+J+a%S!WsijUAiH2mOk%-H8c<t4sF-
z2em*c!nv}rW!6CjTa5gwt0OS!R2gnC)rO||@fi&MLS4IF?Cm$P1gW>$cg8c)m#fZi
z_w#7eoHSz`$F2Nyf6TsR+Hf-ao|lXZ`XH&Nzp%CV^=f5bgKGAR`qO<gZ=L?WGC!=b
z(g{^PkG2QHUr^BQ#3jxPr2sh3ej2uqEuMZ)8YDd2YOHL%H>d?`+BKgj%6Q|Y;j%r(
zo{Yx)Qa<WMB5k2joA{r&8Vk&RjT1p!Hq#UDcNJia1gx1|jeYIFXFZTk<T0rSsk&B`
zm40<9++x9pf7t{!U{`Yrzy9$iYjdWix9gs@E0Lc&uMP6`u&s7nS^@j;)&4Ml#+?B5
zjxMEYhN>3QP*1C9qjj!Mt?=YH1_jG?r~)n7>-8MB3@<TEsNMNijZhcidx4AHSLw}&
z@iHBbMt4uWZSl;Az6NrPOzmsul?ztTt5MQ_vQ~Z@p%Kj*jS$yNkZ6Ug{>mRbxFR~F
zay<D?*UU>tHdtE1zR-w)vaR67#<RT=&t3n<!B@L9s2$b14yY_?e8+smn;z>2USLcq
z28EMu=;~|vo2m0ZB=oY5d<*|59R^Ck4*72Ti#nF#71ts@`(NLlRwrLPKk!sC8sk-U
zVBNv}N%NC()s?KT0mQk||A}+IQ`tst;@n>I{V12rsl#(<%bOC!<vUsG7IYriP%h@>
zvU@*BNm$Xb?n@F<`SkNQ`<wQeP;LlKUh=m1UKr3cu7;-7+Z_)lTi5L~rF)y$by*+t
zKhQXT<oF3g_U*sF)G2S{HWmHRkSBky=I~=Of6%}QOjWhcB2aG~8N4{%Kja=L@7R02
zzdU%jyWMilS&o?2+x~@)KMV+EzDt!%(kShB56n+?7BUZjFQ!flw@s&kY=sotOKM)5
zI=7CuSPw-n4{{)<)``~L0Bn@iLG%?E@E&c=Dtug1sg^WC(TfX%=~y3tpPWo&zXP&z
z>2L($>pd&;^AhQ7Agt9Cd!LZd?&^tR%2P3sOPB09_p<;>{R)EMo%Qmni-xfE(SmZf
zPXTFLbqmpyUCdZtDKIP@N&`akW!I;wLJL+MXoN6`c|2L+Zt9h-{fGeMR}-v&llyeK
zipT-?T4%d~6#VK$fq_t(#8`*P9plU@Col^1i|ff-8SHS3|0l%VYlJ>3*RL0EW)PM)
zIvoo3I$SFZm2N(u!w7e%!X;!vn;YpC;?l3H@cR-Ss!;5!pP0m=A+0wf?x$xH{>!MX
z<^mJXuLdqymski2M=7GU$+8j*x3z=10s(9-l#g=-85=ufy*Lz(NRN6*n&%oo{(wHT
zr`Ww8mnfbmlE}_B7M*D*i&8F-(1YW(7Q*c0>z?LQbFI~%LRyXP8^?q4r!uAdf++{V
z#Qt*I57Rd2Th41*@gAC$&$4tBa3!L5D>L<q9xN=Y=eR_rYh+i+?ejA4PROfJ*FiSM
zi^`lDQzWjmR%70$v*;aB9p?J~JoRGHV2-)+7H}N$DzBXAOin1P9si)OLyVclOcLFS
zM@B@!!q=ya&b~5bJtSAZN6IQU<+KE^uo&9Vk&BoNjLQ(LS>L`}XC17`5*91Z{1xYl
zaZA;ba=i4%lC3cqwYi0)qfCUU)|pAYRX`M5P3&r;>%H_ZBV$~ZJiNW2*&I0@XXJ@z
zcYYC~dg^n2+cB`_XCAfm<1CcJx*77Nc-B{|JpX>Vt7&)Eoxrzv<Mp(hr%MGNy~<L~
zXek1*(JlRLkXa=Kb}!_no8KI+^;xB!ZQgcsHoq=HDl$gQ#unQ7YL*jyTi70zURvwt
zj6@kZ{4($C?x9f%faG4*e0w$z=-~3gZU^|{1p<9%iDZM!c(ep!Z48+>pNDFD$!#bL
zTk)JbwZ-vZw~N%`t*aYNwbO#e_=#;4OlugJv6=f5%d@IZtF~Z$Cilk*XI>4@WC*(T
zoVkW`c1hqgA&+KlJr6`FTp!#&A`@3D=@|H!c*qGaqZ4WO+PPN|eTU5wyAJUbO+%0d
z32$%yh4S}~T(?nh!&@F!<AkskCmZ8VOC5?xW`oVMN92&I_@Ruv7Ku#ayX4ZSNq_z2
zL2*cE%g|Y`q~M%DGc~r0aKO9tabtl*A`B>~j{?q04J5T#+SY&o!?c0%$n{=X4$5nt
zLxsZ4;r-Rs`ICgkMfSegKb$a@!XQY)c7R4ea{QJ4);aEvChCTSV^XxQ9rZUk*~nMH
zX2ytr1*)cw(3Vn;BxC=p3(x7tJe{K0H}k7pR`(JR$w76T2AKy)@-UaChQ&ylwxOU|
zd(&fg->4JW^Mxbo)LGFq>)d@T6Gta|_L1FezsBL0_d7`}@BU|AMjxw-qdG4YkeoU5
zqhcPDki1hBo-k>VPh@ckhJHiW@05La*uO`HPJ8wTd5WWQ21@B-_VwzqZalJqWQ6az
z*T_KhCK;Mzjm1)uo}DINs^D5l%jHp;7mxE>mgT8zdjJHE<9{aO)X(aq_jO72jmLgN
zj6CRgZz^~LF7>@Y!UfjAAKkAUSo+PFWRScqQo`-}C)Ok0XYD6TpYC@H6#JR&DpTek
z_R)Ob(&;PZ`UD^7EV4nm@k>y#K*~~R1y=iWJrWaYp;lZ>eg1d21d$7(Xc)W%KQQoE
zH0ME$>TY=)@<(uJ6}XW6ekfg?QulG&ZaLl75!Zg`*F7(kQ4Edck?z--8vEZ3IuaHg
zW#ssNnO;SaH6ww~iRaacd?iv|I%fM^>|(^{);h3Esp80Jm1xs>bW9^tYI&40FA~YH
zUeS)j*Q?yrTYZ1x?LKY?E*sf)XDzF}g2wIL(@QMu(GPAjV?d<|PQZk)UZ5)cydOg;
zsx0#9d9TKJZ_0;{XyuZo$$GzE<Z6=krgAqQT-#|9_3JOwQv^&5z#Cz0%a@GPRUzJ8
zTYL-+U%mIw$DHJKW-2AjV07!>D2sbPI<G8E6|VmyPFau6J<(0UghV1fe<U(Kw2EiW
zPObcd|M19mWP9;lU&G|OZQ5Fk<!G|)hX4(~i7}*lLAsE)f<g23Wu+*rH9-n7)~^Kb
z>vfi=H4}e{#&y1s&O&1&Xwr4O2Ru@-`s3&a!-AukAytw7hOzWi?KpKx$ct`i+tn^@
zr>WfN+N*jUyr@1%34L+m_n%>oHpZmv@*L`RzkQ_09fl$MMbiz!VLnI9?tzRiN%w;L
z%#YDGharpj+NnGDq<sk4W9%P33MKMbSP<%@m5Lx6{YFQtQ-6Uvh2hE2rkpz~s4qP3
z3UkKbPUXO@JhjzK8suehe~bA1wldCDvs57Sj|B(^2ZD^!^^aedi4bZrlbw?i3%(k7
zCxnGh{e6pJvs!g!W{A>4R6T&alY^k1_Tr%9SZ=v$mKv!W_(SbbZ|7KQf0N!<!~shC
zM=y)rH3Nc@tJuJ7BMgorcz%ZW^7@eS`FOUd_N_Eg_Zq)&G|&GVf4C`Jv#3$34T}8m
zt~ag+x=Z8EwNBfsT(6!+oSL9@YFE5YmufzEQ_@9uZ{@C5gM*(UvwrRux1b0U{eiUg
zI$(yy0*Uc2bdJ-gpXtx7vi>mfhG9>g3|+~g>YwFd+ZE!}K&K*TtjZy<o_g|gaQKZF
z4V8VgZHZdPA#qR-HE?voYuXuUpKp^maOY!R2V9=<QDN;Lmtf%?y3UI*V7#z<q;%(8
z_j1O*MeR-bu~HnWlsEuVaaC78RC!LZ<r`uF#W(0X$8DQj2$pmjTr%5GE)Rd40jk5J
zL$)p}l!DIE6Mabm@pIrp1*CUg*TAhm0T}YA&I*QKTzx2$^$ivPB_jGibEjzT$;+yG
z>1Y0T<5iElkWmx0!vQI&2nU6KFAza!Dog}5qRWpjD>a@^9axwI?0y0conoV&ki-02
zp_6&^%;g)(5>o2<cl!$W?W?#Fop=k!j`)Sep~<hm67Vtt&w9v8ThYkab=!UenSBiI
z+A+Dbp$ps$Z(xH`53xn5L<MG_<W#Q3Gs~t4c~<(IEMPJA{?Loa9Po47sxQa@tbJht
z%s_H%L-CNUS;Hjh_Y^G2{QJ3vEfeTweE8I8X4rADBbd;a-5LqBL%~rGpINP|z!DM*
zST%_f(`1843(H$FttvgKyF4DZPdc`Dz9zRpG=6mEYC%ebXHl$S`8wbP)M{OZfH~Cb
z@ORH|Qlc3?r`Zy^YU2q!M=)q=&i?8NKKu2-+8AZywAcNTBh0myq2DVei%i6aK?AmZ
zgFlH?T=wES{1ZICn~L@n8@3=SJ&q$dcY2v<id`p_w_|8Tp^Qprire_WQ)ThjFL+4S
zeX411-`bZCd00QUD&#b6Xf?Hiyhoj^32|)FR{ScOeNQs75AB{-i#_Cz?V<&d=qz@V
zNLnLQdf=eN?-QcFrn*Q^>`LG`<^t7Ph~^%B)sB@>mh2R=-;+v(mAjuJiN`n$FUrBt
zU&3tvdbB+pD@q)F#>V<d$T!|;BIOU+i$?+E`fb4DY1VK3fE-6{@A`^w&M*%02uYO0
ztR|29rDd0ZhSmmIp<H7>Q*<2U`ykTL-)^d;#KZO=ZH!E-t&|ptclIvoA&-0&+4YYf
z2+wp}Pw}Oy^98oD%5xLEr{kptrN}8p*Ily}zH{k$Oo(@P%;kD2$(!_&sY<J2@kyDN
z?px`t!oLj3OZ92*Yo!@A<B)}zUGC-RS4c9*^0i^VyH7pI)t|&U{$p9_RoFB4BX+KS
zX#S%b>F>dp{|G3>PVN)AmOL&p^$mhw^tsEhC*3o8&#+w)r6srB@8N5Y2ZnGIe0I{;
zgqz8)Ib*Wfw4q755;%(eMyE@nGHNRk%aIf#*H8O((bkT?+#TrYTwVNHuw{y`UH;Me
zk#It5zb$GuN#;|I8rIrZ2>>0L>4s4cc#-#!Kv3=kf~Kl1hVI*QEHVjts>Bsnzlyac
z%1jAY*lO4f@=M69QZEQP%QdrqO1fKwC*Ar={r(ogssp;^cvafrVp7`7p4q?&!p=(x
zk3&+Zpk#ePOcW7wpM@?z-l*)u<L1m)l==71Yhe{N@p|)^crCWm)j!^-YUg(K6S=)j
zG|=7>^SC@jP%9u`zI)2f%d6$j1rBbWN?1RcB-Y(!cRpxJ>$bT+-E04gL~h5nvMMAJ
z61IH!J+G;pAi{utLf@`y>mU_-g)7d}Y{K5KC0oQK;E{hL7^bATG%c{phcmKqi<_(+
zq!J0V2VZKks8=taXxM+*H#!#le)yGg%Wheq%jkG`nWFcCTTvVY_y2zg2^Sz}u!stb
zl=lAcx>(Dg2vS})TedX(Nkwmz`Sq9BZd)X9AWQ83Cg~o{d_1lvk@x0XM4v#Qdy@gv
z5$X@hut-y>I{!_i)}7|l{MUv0Qjt%ME}2wY->)LAN-D;K_^1hQ!pS0shDwHjYp(k?
z<ZuDFj{zkuA!9GR6|am9l$34;s4&9qeqe?6t5EQ}GGGJ4^`z@e!AMTiESpR${EGWT
zvd_)QIn}a*NjP+0%kUHOFce^NHKMML4m(zLs(vCV787l#yCmb~>h@;`(<z_*=D4ic
zF@{YoBhHCdDkg4mQ6FrJzS8sS_}r|uQL{-|Z#PabU9o-$$9?NUEOKU1GT(UXHs2zj
z?R2g|W|{U^eLONH#49}wkxBF?{;<Igi~&6D)u2~*%QPK{Dad$QN9w}A1>LT5lseg{
zlABI#19B-${OXN)mjM!wJRkD+-PZz4+gH_`;d$lO#UzPcq;E`D7Bu!2(sKi8`8X+1
zmwq38xKS++EL(jc3eC7uOVyPRc)e|nj8!(BLh@df*~B><<RV|t@7j0IW0if-U5e;I
zJYibesztjNUY#f_d|vWeQDxNu1A0Uew(Q3V>&?HCA`jD!ueb}hUU8FAB4N`Kk6`92
z_Z|x}#b&s`)YB#%SkjMNzbc;Hn@TEF{iH#s^2NtZl=t$hSj?!QKV7?(qd`BtR^`PK
z{8v<KfAoGWK4ItCp*1Gw<4sk#t`cmv_={gyi*<p2QV)&BOX)_qq-R~0#22mR{MO1?
zQNj;H4!ch{p_d};P<<LHg&TC{4>r5n$7HIVS{!kvr-AeRpF-e~5{^P#ihlkxvY1e5
z)ldQdE64n^v^87f?{@v#-vmn}B^CS(Etpm>)${sUC$bWo7bnW~*aY2e_9J+(09H96
zE?id;{EbIjq)LK0AbAGS$Pt5(&bjYBFj*^Q-&W#&nzZkJxAtoaCBb{KtQRY_hC)+)
zNyS-bhH5k>i1x<|;l$Ut0!m%1@)+9s;kO8lemHE;&3d5*y&U@oZ9RqGM$()hIEp0;
zLlO?9f@kG_!`%j3wxYPq_8Yk;(EW%@dtOZt_q<uFQ^$Y;(wfG^%8NK{KHd)7xu%fH
z=ow9#X|k^htZc}NPMl(g^@(!wunuudCbV+ZOK#g>?~J8og!uFFP|hV^Os0*27sM|G
z>X)5(+zKWn|0vM!50s%0ep0^n2!3r=NLh)L-sbdd5VK6%pobFrXHc|kznbW_J6kX-
zGr8+_?Nk3w@Fq<_<Kp{uxamxrpU;JiyM+_`Z?9KY46g#nF`-^|X`#AyAWN8R%g`xQ
z&pVLleRX(>TR(6wS5?ci!F{`o9r9v)Y&ts;*mS7s+2j7qv=?IcopsZ*rlQ*DN@9UD
zy4eDS?Zkm`H6|2fFkh<eeACLj5B{h<b6tBqTC#3ihfh5~Sz&P^PvWt#{6b%i@e5Yf
zDB?=DvEm@)ffD0~A$LCKEl^gdmu0^(JwMv)D?<K4bnHK(WU~*en2^t^xjEShzd&=R
zZsS|dE5oBItCuN3PD2kI1QT$GuU682^Ydz59BoYHlpcB#iEm792}XJM7<ar=INe)<
z&7QfAY}T)IYRgE7-i+-%9rnM<(N_{Fwax@oM{pia7n2s4D6gZH1DspFyPJBVJq8$H
z_sBAs!VRQ6#ojNrX(%Zu*eEKWnl6w{CBz=I@ufcFr1;tbyLS9o;}iNwc)vCmawpm<
znT7fKJsac0pKZVMW?+Y99X-pW{|m^qxfaK6e7l*wo3W~})Q>4AWzr*Bvwu&$LDjC&
z;=8Z*Sp#C2Twu74$v##c)49LF04r~l*&fpC#$aGy`h;(Svph#VwH40}2cKDi-5OG^
zp2R;qJsa(TBGW2W4;%s6+DU0Kz%R!FBl_ufa2ak{I=S*J6>+3(XrkPUAsojuhA7!5
zJAu~nhSvGq+#zG=XHnB${plzp<Mk+e$3lo<{rmp?@|imNhdz&K{hp5JMD_Dy=Ol5;
zxjbBpH=vnDi}~vur_AUp(T8+(Lq@gAe9nE;>o?!QUTW*_-}{W=i#WZck^%S!<`-7S
z-3EDW#h|CpR4q!_6WY`#podgVUa*mR3^BU1fNkqw;_jIKz*A>5O(wY2MB)V|F0^{@
zg<!bC5?H;pzV3R|=#kP?ytE~yT}owy+E0R+3AP}<v#ryo85`YN(eZJ4^6Mo89uFtR
z!Xzl#IhW9!GMq41xs0HOr6u}w8>%god?hN?u^VR1bxX@NO~OMDV3wSmh@x&PSTzPz
zxs2(1j6*p~+)UsEXnkix8~UE$k#nkY&Ye#(3!g6wbRe{94W%nfkzTl`Q;v^!aK}E$
zmfsxAb&n<_e$;`3nMzr%?w?0<k7A<3icZCuQcDIdhZ2n<zw;w2Yn13SPl=3Bqf1`b
zx*G^I`Y7m-3wdhNMJzwRWY+Zg%;v0><3G0MEu368G!hTB`Med6=NM36#SI~I6ete;
zpd-A_NJl5u!f-d4u5R^?qt;X<EM9xf>-v%~ur|o}+4Tn*>Z63?+0~hX@}Es>tW>s<
zS|Ir@Ee%=d(qm30WRAj$8x}<=O%Q{PJCr4o?f7K;=Tc+y`Br1%i?8P{2L+#$UoR%%
zAaov!+&^yXNTdgkvA})KvpaH-cc~ALlRPlQg4>Y?H9JuM;fai#BkYtup%o`kazGE@
zk{DJqgB0SF0c%pJEe-&%Wy3QWOYklvnl8%BFkfg7S!>hC&KimCMtuEp2!^Tk#jCg-
zDc$$D%O^|oo{DWMLHo_Oy`{b7c|J_O6rN(NuNwJ2d7XMDzX2dJw#f4uE#Mb?0$SYd
z3dO-PF1@AIbaSR!>dYtVFLI_Aq!o4cC^?4wc3<*yY@j)g>@mTB7Q0a=v3}c=?K)Up
zsw47%^{0z%KN;TJ4E?=MdR1yMs|v6C$)Tr;FlaPH7$m>l5DU@>m`G9P$n#lf+DopS
zhg+RrWw}1yrFkJ^nEq66h4Rotp-`K?+(xbJA&uwp`CFLxg&}%<jaRk<EdzGb2;0#K
zhkAukR02mbv(P@N4(6k%px^}Notw$km9f>rM%(3<ei^2H3383q2Ia`-0yxt1At(a{
za;`nrH+q*-rIK_6DW`XSc@c6_<8R;#9}lrXvaGerzmNSa(=*&#0<6Bo?`NQ}_ANeo
z1c`VbubxM|0tGAC?rd{4WjeqpSM_sy9G@Z7_Va-9Ov9ndRJCI>RbmNQ6E179)QfWY
z3&9rCU2&N0h9SAX8`IaCc`uR~TdTYNCsDUOt5$mGz$DS}@pXqNRIkIZ$JqhPBd?I`
zZxPnV0b$5y@8pd=o=`Tn1)Vbe`oy&FCV`&Ow~V=vB9H5CTDCv_1W|__8kcj0X`t&6
zS4RXRIf_b%y9}%Ko3wSHJa&&FNmv*)6B!tTU9BfD;BFqSRb<mIift_iZ%)`bTTgTj
z^C5k8!$F-e;uvb-#|}TdFHX3*lB*cYTT1Jx!w$UATqzv8{SFOI!GNhV>n^r3^WjYO
z7C&^VP*nX%GbOuZhdSs;i3Qz3bGO5$@jdwL1Ln3d_F6}hQ|<(!gHk?dDcR63X`us^
z<h0aR_`*lsu;7zw_Jk^3LMz*Af26*7eSNtDe_1GU4ubt{=otC3`JYE{zWu^bmC<3E
z-?j#4G>zwP!cobdQWo;w%O|h5ehXo&*RE!z`PF?~w?N5Vrw`HaWd3#bx=x#qlH1As
zM|VS(7EUA!4x5v@m-Sg!Kcq}Z^q*6ZTWGW6k+G|m-6`mGV#uus`kG?WLK@}r%WD_V
z*7qh&sNl>4oaRRh;`hee2yA}zWd#H!kOsY6%KROS1S3)z8*@tIDfR5^JMXObyyu(C
zW#@Js(P;(r6vDR3&_pw8=u6+6LwO<(eyVt`ihu3l0Q5Vo)|k7~0+MOG?q~OhorP>B
zpTaVV0!3>6dF(zX`T|u64cz!yq^VFZ-y}AVOB%=)3_KC!fD&ZQ%)Bq5a2jo}0dAc)
zBlW>7wx~JoZllRsz<%y9Q*RC!?^SBuw9~#{sWpaGe8(e4D6-Nc0PZoS39nAMZ`UVK
zw9SCJ*~FUjiRoYy7pr?#^+rx4jgr;ByROi>EL5QY&8@UVLD<AX{7Cg1W0nu11*Su>
z%11P!PZVlt5=aH(bhpHn`g)RGPF2!>_om97T~|xh(BRkzcUNz`o*%oOE6(%#mhE)%
z`(eGWk%tx)O0|rfl6fMsTlt!y^h||YiD~M-Z(aRQ=8Qk%td9aF0I0|U1`Q~v8)k*k
z_@xvgKOxAOr|f+WQ{f3<9y48txE~%?m|{3uxe*#~UAxuzqJS_3wiE4uBT*nu)BIZL
zhsvkH+b^}rbYJ@05!Kr5j#)872EWDC1v`(p`Dkit)%OJ-R-nu-A63ZSbM?b3+>e}R
z*ij$Pq2RSE`ZZAkW${k%=;51ePlENyPl~}f?zSnl_|81-*7=Et$B>X%61V2gG=$Y|
z-*Uxnetp(&DyJ1dj=@>c5K>`s&I`-1EG;lRQdU$XEQIpxE@A%`gQASs?WT5(@VXFf
zb;tYf@m-tbb?yg|%3$1_uObw_-_h$&K9{<`u+7K(SfHHodc4srw0aJ+jS6l24XuJ9
zgM3n4pC(ahwU~oB^6BDsu@2i!69Yk0qrVY;d}onKn?X|VgrmyNHv7xyKesYZ`{FkR
zc~V$2-UgZu{d3Pt+m2@H9Z0C>Dq5hdw%@(OxZayKJkldcQ@p!ntY7$eZC%U%FtyGC
zw<*&jy9(*haj#($BzPE2<I#|b2lh=r42M5r;w|^*%Eg<0&*Fo_`hj4h7Yx<3Y9M!^
zl%FRp61DrQWWG6>?Y7y1-;i%~Vl@8m{fqzlIAHOoZ`P=}a(_l&T+`^hS(8OauP64n
z{iq7xr325z4@CUcN540eHdiS=pFvpdisWtItXd_n{X4)v6+7280HXhh<A#lK4-c9n
z6QhQY8EKXL3M9&JQLb<1T#iURgilS$EvG8;IC(D5SNF<dV2t$hN^@lfjb8eqAg2cB
zAhZl|Mq%Iwn6-T`Q0&dy=W4Zf20FEN858$hnfSufgWneX`j;2LTo~}GQb}lxj`2;q
z=XF<2VS6r|uYYCu6IXf59G}IN15t;shgbkay&>Qq_&oAv+Wqp`SVPXQu9*1Yu^@63
z0VO3H`klKwLb3na<kd7^peRI}I!%e2aoPF1Zkla+zFC*}=uF;C>xcYKxsar_K3%C6
zze^YWm-rtQ89dPImC__{|Do}}pd)3|Qhf8mp(nOB7pO=ofrA(a<2Q*Pz(P-M&dWNi
zu&c^dV7Z!kN8ZjcnP0A1Pb)ShUB@)FvK6kVv$%J!rqz12CJ50h7E{ieXlPfcrcR`M
z!O(1OgPS@*FF@+yTK_c(snwFrd9+byXgWo9J>K>vaw!==V?9&OD@w$BKb7FQuFaj5
z=mqR?tNn4fK@m&CbTq<_L8e0~V##<i^C2&S;lG~`r0g~~T^`LSSFQVW5e+>&thkTA
zl|z`#vZMRerf>uG>8AnBnPua~e)8~Ex8+ioE%X+jU7md62l+%||J<`;CW3e)G_HiN
zvpH0%TT#hedW)Kg#xXsBtbm6kKEu;VY;0*6O5Y{QpM)iI=#+Fq<T&28J=TdYPP6`c
zYYmPGl?@tu7W`_FFU)|}ORNGD>Nc}*MCmGaamU^5B@^Pa2Mz;$cyUpV@2u530TjaZ
zR51Fd)RQ%<?-k*{2ND$`hs@Z>{jP$=$E@}9IO5wVmeQxHnlP-s<fIVwwGL9XyTNcs
zPx}%$3SusGvLoKL;w3iz^HhG9E3$D~E3LCVUFBUMx7P??@uDrZVm{ff4`TaC(=^1T
z&-G@An%_s8>>AN(F9_yR$ECv8{#4)VqdJV<)H_7XqGZP-^^WZNO$cCpNy)gRY?hF!
zD*sEV7`AkfK7Y6vo2}hmSFbWt$~f4pMfII;W0CRjS&m5R1a0OUs!uk$mkXU)SSU#R
zAn^e6wN)=0-GO>kJ|*tt&4(6lIy=y(?|TFB<j_vzF|RqZ^{W~>TTZj@E72L!1`Ujm
zwV1SZcD`d$&hEq5nRDFFlOOjfwq7Ks-8A{0`F8N8dy<u00s8Ffy6Vr<-ELyj#m?}_
zL)^L=o_&wQwXwitd}I`Pq98wh+nKGvpL`ksgiYg*w>YfCJdEMk*>kra81#@hoH_{5
zBci?i?=RU+4CbAp>?nsX{veV=WjC2-P$${^x1(IkI@ZKGe2-_-a_f&aXTZ#rQrD*P
z*5YcXF&>W{g3Y;IF4)7{e9MTFMQ0T%0yEdOgJ7pLjUHn2NUbt;J4(8^cJu~=MmNjj
zNQ6Du@UyzWvX(I5;T0J5SzH@W9P+r$&gNrR;B43pfIyZ>w~a4)K?`(3FTM%sCD>0_
z7dq`8h58)N)@FKC@mP+m#0h)5IXaEbCOB5!J6@2Y<<`im$=;o(LkhH0#oMDgIB3Gc
z(@wX{hJf5srBORz2OB>O>I<)R^S6o_bsG-z_+R-u4hSbIz$Yc&;Q8VDaRW4z@t&UE
z+ZUdDrZA;-bU~dPl>f{>COSweU{`+LEL3&<E{ey2Cukdo7+7kp6TYV_GwJS5DDKiz
ztend(2TYCqh>n1G?k9%2Bp$+Zt8%t^Xydxl(H@44%V?4PR92+J95KAiEZsxtfEEP>
zw5U@Eb_ha}b*C?#uGz&(P0Go9klBQ6BQ~!wnx7(7BY+&q6aD9eruWPARP}L~5dX3a
ze-84+^k*r!`pD(co$2?#RElf*VlBhPGy1;m_cv~q#~<`L^^af5<gHKYIQ{8-*!bn3
zF6Xm;abFribZc=X5fxAo^pM=EpRF)%9>@^nGZhh(kYlim(A><W4@kCkHOnEAw`pNc
zs5pOrsd{P?K)!eGJc^B{=eo`}(h_cT&w6VEmC)ZLIpM~P4w-adz=ni5D1lppR_<a2
zeWi*)$k<M_)U{jTv|=Hi#IA$sI&XhB_=&^i3L8ZrWtXn&+UmBGcF=U?DZYVF8j)|C
z_=D+JE%T3wl595!^!Sx^I$1ZvD>0#A!DG*~`_J@rTrvtU%qCM~A#gkejW0B9WFGaa
z?l6WqR%lajHwWEv230Gl#)8L+wR+}+8-;rTLx9O7mWmIJORu8VdgVUsvn3p&AQjP`
z@#e*#&32}6(RF|G2!K?wImE;qT%>W1qLvEZy-%|sPdpjCdpp(^&K_S`{gGQjy4=eL
zzlc@A!E<kUjB{U$(=b1tJ9+bTzGmC5KS$%omnTH)1{RHWm+$(VETFL6t&$6bL#9*c
zs_?cA<lU8i8JILL3}~eT@AhApLnV6i%eX4u*+%->jpI!_-+*lgZP-ooXT<xwNP?}y
zw=HMa`=74+G*pE1;vJ}gmZr39AE6Kj*M+a`9gM2T86O%1K3z{XtS;W6f9U(Ty;*vX
zWs5&JZ4WrrthP{zUSGuDeHeF;hpA!)H@T(`)$4lH7h)|g9@r4=*E2-sBAU|LFZchZ
z|44{K`+X+HIBQNm6L&8qQ<YSQWl-4fqNxJ)^1<OO;A~eX)&pJpq*8Bdq!xmJ-|xZ$
z_Hl~`R>;41E~7jwQQ?<%zu_PCKKdb7+)cf|HkXpNduP4M^3&hO89a>a!tHt@&mU4b
zPMYrsKss?m8EidXqDJPmY^f$$@3fRF6=|IZs++R_y6JsV54s`F7%aj@_iZwv?{9Ys
zgDW%NVr6=K4-Qqu29&q%Izr7H>3bWj{S@a*jjO2MK2o-7=DU1XseJZj)LO97RYSki
zJfDLfp<bfj-*aSm>^_-%uZ^4s)&WghG<Jc*8G<tJw_}|&_zijO=h&qpNIujiN>$qE
zRIOsMd+3qczn^YHb^__(TZ7P+O9vV#1`*F`F{R@V5c}+?7NUD=w-=J|J3BMW7lr_%
z>3*3y&~;RARNA9NPN6zIItZJOelyhjO;%%)3XjY-j&yOxfz%9p6Qg+IAjhE5JI{8e
z=8RySQtK9NdXehqK(I~>C|G}BkK>et9sr(J5~qPx#G38#7MFK00}wLB!mI`uU+S3m
zoC6}SJfI*da>HyFd{05AU8uVz@u?)WfQxM7?5=5r8=x{xjb^v5f0hxD)jG@&_Cw0_
zGHyL9SgT)N%GJNJsWdKk8m#vyPS$210=;bp+coCf>K_0H?7OAsKKXX2Y`%fN9v}rL
z_#T#ZIl1cN7z{=Sb;A}nTr1z`1(FPWRI*CsdR)tfXINhe8(-ZX)MorNJoDvvmwO&j
zoCgibKJz#aFxgv8Kdjss_EoQOpsufX^Ry(<L&lQ}E?_q`0Y8x-02%-X%!VoW8DEc~
ze})=a{?$*k=V3WR8RrlmQr1u9t$5hi$Vwd?H+O4pjk%`NJarpbKnOd=%-a2Ex+be4
zb|bN-0F-=W!qd)+6d5mO5UnNy^ML-pFB@|XO$$47rxEYAtNoct&LcrL$=Z)xhPPSD
z5mj_|#kJv1Ax@3Q<?}f0nUDLvJwaQWD=A?R-vGp>ME24WDbHbH!+>N1YH>D)cXiB$
zR~PcH)kpRPi4JGbxE{$&+t)<~&&UQpk-2ZZZY*=3W(2JOz<Nb34`ISh#<%g3`V~R5
zPYGe92jUQRlH<_e>Dw?o=hY^n@uhylS4QD@zMc9yO%`HAVn*<_7kLgJI=3T$EreV<
zqPd~CW~soJ)h<yUkLf{jOekqLLkrh|-p{{Ueg)ZTGJx=vhm=a54A74}LpRb}?Qrk=
zBp>_MGg-}Gg@pCBwmgfPzz~%mF^B$BzVH{qxl?Zjh1cB2Ky*BStCt}?tJCbXPsDdt
z+IdC}1J7=#<kY^hIA~l49d)uDBI8q5ur^z81h0kU%&KR-@?$Y*h$5OE8=VO6sgf!E
zVV>zZ-Jkk=@iOGEq$uEJomsFTKZbU02yEJj4zQ~0wfqe6+7%J6xVS&MplqMs(3b#R
zK-_R+Z($Bn_Y+huTWl|lLw9Ao21!>ZGoZwu?HPl4hQ-J1^+r43l+Z7F2%nJ7F0Hs}
z_`1bJpv7@;rTiJ77vVr<B>{yA1fDN`>&kV1u=*N5t_PfvuU?4xi_cO@WXjg(*kp-3
zc^~laOiRGM9KpT4ugFYsmdW<vAtqFf#6#@$UOOI_Ji_PnVhA&=3e2+v>+1ryN%hZ1
z^Gr4I5;7?Mjv`Dj5f%tINvxl>C8%JLS_A=U!8h%B;qT1$5ht_aQKQ8ZY}4wupS`S?
zBiWE<U-Q_6i)2!UzLb7S_U`H&l{5l4<ejpI{GNNseb3ag>jor6fEBRQtZTSk_?>$c
zU-T8Ptm5=-a~RBUe}-EKd0^K@J9Ph^Id<sBBJ!vQ)T5P0NX1soCz486XaMt=C_lz-
z-hdO8Y|2g$oDq~j8)KfxM5`yMH_`0OtWJL7HhJf?%8TUFm5zGwSqe)gVJy{q+jb>!
z%QWM2D{+Qk|Gf!RR)4!L4zhRAtcB{P@7Jw6-yVWDrngW&)tl)H8U&GOT==;p6&keO
zjGkB1dvR>ecXSR`Zh!o0R-4?zmd?2t;MITfM!nodjNk8w=Hbbx8NbJxeYa-tlbycA
z7x4%61>rxLsfequPAT0LhQpnIf7-vMc+8Q?6?$Mj@w$(s?^o>xsxNM8Is;3{wLm{$
z;^9*EE_n+WQ8fbKeciA6_2#p`Y9p2>t{{=*7xmZ&aFGyP8?~syr`jToG!+i!oiFlB
znrA;%sA!exbCM^tc3@!ht?^ly-iN`7w8a2oM-0LM#k$z!aVh%aXW0I<KDcDSOOOFH
z5)S&%2u1YU+n#-Bak#n=byC%teCm3R+hk<>MXaN1?GZhk00>6XG$WKqUUC`iH9ivX
zXdR781HOBDhL?VW+lBq8Xi+w~9`X&J^Wtv4q4%wLu5A=EnrpY+v>0NK$Y}|5OPAFG
zQ&rq5I3!P<CoGZZ*#i+veH?`<o{gL+UnUSx!>hORg=?2)k8Y1Ir!tf8PG+iedA3eJ
z?4(ylUv^?)xP?pNu=RA?C}YsD^#$orJfYKRKRO}n&?gQ_DG|PP%%#~%fN11lH|@+k
z<f5I2g{a=<q6GtK#G5gGqw@0YPr<(Q=}$BHMYNgVBsP;jn87IUXPj)nh#F++c$Hw(
zbQWx*6O?&OmyXUEurtC{-w*{~;or-MKw>wuix2wFQUW&}xqN%Gb(hSLq86jJz>)Pt
zXrF;ywzsiHOY=8(+Husu>ZtIK5785=p4emdqaS3?jr(K-CIIXY(ttDKjkyPVbr0<;
zMADAx8UCZ(pbhw`{1&bJpSa)_Qtjiq!|YET9A^0>_ClK2RQUzYUBDAkwZkn>iXdgX
z<GQa}ti@3e#d!+;mCsIOI?fr!%Zf)p%;cAi5_wlFfuUFZW;&p50}S;UdBY}jP=PK<
zx1Xq4>Yn(5LoiDOdz8SajK=KTSK<rhSBK=ErFwh}UkdYQwX=lm=5B-}cyo8|KKRm&
z-VYP@YD(|Sqqci<yng)7Z}J(i>0Cu!-$QXqx(ESwp1f)@q&{xCOkZDwx-!~sHWMPA
zVeNt-hk8J1-{Fz{PbG2<Dv>C;+<jpR=lh%wr)#%q6WQ1lxU8-|zV*CMNGJK4Ll0Wc
zA&T@`Z{fs}fK&BSh|jn+fASMhV^mBrYWNNR)?hc9|NgnnWKWfr;vJ!rv)yi*rC%}e
zNg>{8ewSyK)?~mFH0d__S=t+~NWV~B^B(M40^hTPG1xfUgyXR5X3_B`0GPe3B7?#@
zg5Cm)sDEtl{MP;;_9-`3k^xSG)T9qltD}|*P(zLxM)ToIwp7QFuLBQ9`)wgC$=ZER
z6Z{PM6e8ZmHUbWPa%w7>6nS{P-$V8O{Q8XI{7@Ll>p60<Y1*HzMr{SvEDPtN<Mwp&
zfKB;tB>1#!sGRPY+b7#FY6R%(EcH@a$z|Y5(aR)B_9x3Ks4jI~)Tu8jkR@ojvi;d$
zQJUARet_)LgrE$sdxk}ao=Z5v2g~#oUs(CT%Q`+W_rIPi32}P=kvpfR2<|y5O}sg!
z_2mKEADWVg$0x)<;Gil3xG0}>1Q_y*NGR98wgy)^z-oPGv<&#7H*bBQ>y$lt@4VRQ
zxHN5xNS<kwRw~mPuXM6lAjVJ)K<iZeg4OmZlBZgu$VF$ffna09VeO~fYzyE}&-}>r
z4Xa|+iWpmbVd6>}&RpxaNzq%3C^tUDZiCE+yu=nQ>V%9v<~~5b?Rz2NYyJy%J8YD|
z2UIVS)u`1`^H`#_TI<zku(A5fV|&&$A-{_hCy9ENFRd)!Po+;)+e%yU4$akC&}pA{
zG_~5BW7J6q<(CxLs*x?)@TCi=`99#L-Q!5%lL0~SN<<<9%rzKWza99ezR&BU#_otF
ze4TY&3R7Z8;(#Fzk;W~V)08G)1n7d)#)n0T(}77M*uQduD{Zi>4YX?+=Ns``R_5=M
ztqW=QB(PM89ET))$4>gH*m~MYF<Wz}LY!zyx$4DD%CJ(;v-q;E=+gIx&nQFpj6*q=
zxaP&5oR}h1%{^he2b&kbiE@I>+E{q{I1f$m)3#sTge+oda5s$b$rv6H!$CjIuyFE$
zdwH+9Js7hq?Yemq933dNR*-pi3}X;9%<_G*Go1$=T07B}DYsERCth_;n$^xdCe3yf
zc3}aT0SxQT2dJ~uvzr)nRNsae^<2*N3wyWKvh4@^TI@!&exO%tr+J)>NC3(GR4v{a
zRH^PbCOs32>5`W!BDj$y(w5#?So`{MhUg!K3U3ox8IUxzouzB@i2hxd;*j{JOHo(H
z8h8JCv3Shos=<{tl|0!BZT=1=Qms|e8<bE$Ey`R%IUPVi>AdBEUIoy<fXdYqv%yq_
ztBcd>Rv55lt+X0rjTtM;!Zcu9To$2DdG!d>I1OiacUKHk0}LV<wfFCUwE`f;I>ON#
zlc4VP{%r5}-7cqJUGERkwd;I!>YZS($0?=}3D(%--L%u~6vB>+xo+kSP~o1tBu1F{
zS`9l6r-=|RuX^+9{$O2mx4C|}O2EX@W2z>qu%>A~_B;+xD$)Jgf$0iJlD%l|^SL(k
z-wZDlmXgiBN?~Zhjq0rrE;fxL8v|>J1mIfr4_IQ^(rSLf*XMBnvQUvcR`%+}E2L(N
zx>|1%OODNqzasAzf9^M16_mc<H{7Oq-TP#336eOWxw9{@C=8vxb&QZKcLAkYPz2Ox
z{}h~{a(5qd)jbWyWW@eB^hH1dGt6TsQ<#!f@AZiD@<5)H#K~0%n<dkwM8^Yic26-E
zC*APIyKHq;c#J#GGTv$C+Vp8MASa}rjmw_hE0%sK<KXGBg+%qSj<PVYIuA`9`=ouv
zn30y4hfUy%QFl42>lC=K_Eh#Wtsws5z<ia-iI#mJ&W`CwhqPYwrbRl3TH}Xx&La+U
zi9*EgK2#1fZJs=ATq3hO1+~5vH#0IqygE%C4NA}a8QHtspA69{5uslnFV%e9&(S+B
z+~k6J{QHFZ1{ywGZ0|8$$D@eO6-{0f=)XBFJ%vfuOec>?or=l#9`h$JK%J+2<%hn`
zTw<Hk9Di!P*JK0-P@O9pNPXu`n?4K}Guh5~rXO?+(O98Y^^YMjX{SMF8~ipX%Bq=&
zBah97`o9%HerU}bIo4+>Vcv<zj+CxtYF5q=Z~~~}-q`QnXYN}_`mqI$7SQM$w?E&U
zZG?cymLKRn%YKLH+1oNu3AlWhcp&VRpqL?WC{KO=Tp3O6$=lkuyZO&MZ30T{q)NXk
zs1jmAlW$oCYqlHwk~mb5ufGT{8;EB8JkixG1KUUZa+?2b=(JegiM7a|$XsL;&907c
z;4FMiAM;zSoimstRJmUU&pmi4iMzcFy7z`f2k-%PD>yOwpA)dOqTP7xCP)o;B&YZ1
z*|mOZU01LDII;#5Bl4D)h}W0lHQ>r&{9)WHC*rprrJ$p$UTvWkK=8nLc6#i#fi|PN
zzlQiZkS5hSS^It3k{`|#Mnlj#)}MLRpT$#bv*~lXC0ldq7jEWO@5fTCoFxkIP1^rE
zt_hINI(>|hhE_I_Xikbl{eDsg^7kK<^|j9f(<JMJ0x2T_c+wa35anIOW{7Aa5_Kif
zUJ=u-Gz~vkJB(lwhHu=Z7Lt6ESe*Zp*+_w7CG1z-1;%_tC15i5rS|b}9=Yr;eoJm4
z=G4t??Z<3VcwMcvi*&Lcdl26H@tYbR4%1a!IfSWa#Gw1pQVY?uJktR36H+cUc~(gH
zC>gh7lc@2h5^V%YBg7@ERUzS!)10iS><=-O^a{%kE;?CNz9pK&InMDX#z&f*vgBO4
z1T}CT4G|6-LDw~UU^$_#l^4?s2)^=1bcWGax#Q=!$w3B{DzR)?=q#&3x#RVIn2P9b
zAO5Boic5T@OYYGYNRDRkoUy7EkIDF-jg85%h1LLcC%{eQIAaBhDmVOKj1)Kj!?C$a
zKtk?}D*QuiZ{!9<B~GRB%3U$np9a$TpOC(fmY@sh!3G*ueO!{B@{;@P$!$TXsFFBS
zcBuf!vv&L+E`?1~xw=2})uHwF1LY;&OTDRT$uGT@(;o>O*4l_T$ZKu#bI!yByL}|j
zE+k1#2dwE^No?-aOKU|5ru~^p(S<FSX;+i6i!a~J(BU>Q@9bspka(ODEpX$UFvaTC
z`@ApJmud_TQ8+gctkpm+(P*Z|Ecu2!7sVX8du!<MxpNV}>fbDm9Rd*hxpa5r#W*SU
zfA>BCm0nVV>pBjS=M-<I);?K9G=up@p3-94^#Sn8UPU~46#$74WY~y(41muj^<UxH
zt)N^&c`5}Ya}iR<gZI1@L~AOakET&D<i~h9QJ(JnE%WbKY1P<3MnnGIi<6-i5KqNB
zs7xZsIC6oMGwzAE8~^z+%IRc>ZmPog35V`f){R8kL5d)&bv@#xl4V)^m;z}6?zg?(
zdjFyRi57ch=U*yix6ONE#c;o%_^@Su+NXiskP!ljE1liocaj}Sum9bCidX4>jWAu8
zk+)1iD^GA@oWv&rdARi3V^Z~*hf5x4g!B6NlJ9o^t_65@(*h(nc%Dy-2Q9Ssbd<b#
z6Rmgvx%utCNIkD;(JFM)M11e?yKmX^`(OEF*+en@XV(9}ugL!TtLI?;s^P@y1y}C3
z`q*)%SGqzgk9crmTbBT7Z(?a_aQr`2lYf7O7EUO;enzdklZ{#avnHRP8vHmCX;5U4
zxQS0v{mrBQ&nC!CuxP(|EO=0_zU97*bKJCs4bGb%sQ(ar)rMz7#NKj$qeJ+cJN62V
z<wl&KNlyic4^J?mEUq6a4Z-^$yg>0;wz1zmce7Ofn-_?V|3jisyZLUt&16#|U@fwO
zTLfVh{`!dQzxzwzXE35!8qAZD%Yb!P^h4?wOxMxo9fmCJAYoQ3+hB&%{gl566@PoX
zv*l?^@tQ2!)+f1zKZDb0t>F#q<~GdJy$VRi!gT-J5B=@M$F#BIn9z#(#J`fSCW6~7
zYzSH1Pq!c!IKOX!PpAulJEnfY@&@Z~a<~8FoPaB|Qs9oAQ8!rRVwRIMznbC)D}n73
zcp8u^{@>Vt`z8M7A}#-o&JC=D8|I1=r$mhs8hvakxR#hY%-Jpd-!6mX%$sHK+_b@B
zAme;wn78IHrvuAaaMf}r*SY6!*UsNuB#;6`xgUYanab7kq~A2Z72SO0*2my(V+J+;
z&HMkuP~ji%F(%HsiC4mw%saT=n-za8z?V0F<%!~e<bV5{=n39}uMdPb1$Qu^x3#cy
zZk|jl19(pQXr_+;?N<A1`)9W*aDmT_obcTay@_$XVEeiDey@D<U;h<iuron!B>aPA
zN1k{+BZ&Ssk?b9CuNcr>c>n9oS{Md?Q1yIX0T0-!=9&<o0(fRB%Y}o3Q|W!Yl`zVE
z6pRrU{tEQT>AjCOD&4oCm!cmV2py|PJfxzcG5_0@`4)o&{8;9l5xf8pfp>i!fZSQW
zJDSSX{M|iDR?&-{AXKy_=oHB(Fw+UTZzUwMK~4sPdVtG??0Cu4@5!$@0FFq1d#Wg2
zsteDR{g8d;@FP3KX}<M#v;VB?gxvCgjv{aOOb`}+4?y&Cw6Iv8ne0vAL^*^1qtbSU
z*S}X_D8ap--UywAo=!vrDxb`m<Gl|&EWErlD~!YnA>{~>InWifnQNMgPf~Zk!4Q|d
z<$&vPv(T~rL`9=z3~&`ussx1NiggE#w}5$lpq=#J#td2Te%z)5RuF4WTkckx4YF=G
zA0s+DJ9`=q*K=o_hcP!^gCsA{@A8hk5d0M|O(K4ZV)~?*fUI}6{xSM1MwIO7CpnMZ
zZ^?ii!+5p>YN0-Wt{z?iGt4-^Xil+-t|j>7x;-as<(l=FC*LUJZI3l5&z|{R)X`5V
zdj59opqKl`!oC<n4o%2cN?U`@`s^!Z&KWo>@vM%Qrioku%Oe=@#>}ivXmAFPhIzqc
z@q&uqDOfR$m!qVN@i+x!W$P~7;C%XTA~$%?Tl|1(&Yg&u$auUp!@rKXlL|TFP)lDl
z$zSw_&Vw%i;Vnj?!DaRLKH!l7*4{%kIGCxC3{cR1;FgdJ+DO#>ko-zuL92tfJfifq
z2-dFX8*90y6c|$GgJm<AHH=_D%`Sl3b`lu$^iiVuJsEMiyvDqk6_Lm7ZJ^nE0_#s2
z<D>vI!4DN-8uO%NoMw#w`xyS)bMPM*WsO1Vj9}u7CTluK0MWDuvV1sU$dw@|TF932
z)Hu-RY_&6tl~UL%>PC|SaK*e5QrDfLe>JxHGUgazj+W`q?dQZV?KxX6_9D-&tAuu1
z(bW+?n6TM3;=^kbl_`txkDvq33A7FSKds%MUaJhfDctckQ<XX*S0^YprL!M7-3fZl
zu4hkyU=lo6&<5*C;m%Rg=nDbk#h^`fufM2@0mH!JvqZImwrS!LU_8<{3OwV*788xz
z@K(0kuxR20x9TK5{U6G{IxNcVYg<qxY!DD6q#G0jq(zVx6c~maR0O2E8%0H=8w8{~
zq+@95k{mjOp@xQ`<J+U>{NDHb-t!%O|MB7yoq3+U*Is+Ad)@0^&A@P3_ELGeSgus0
z*0Isk8vM)4|3ANysmDYsv`ZU-Byj8WX``6JDv~Q+&?18_WQ89mS-OXq&ZOG{Wxjah
zODM?cOTr642-e=4ES>r^@ezo;+}lE#0!jGmw-CUbMM$cj)~Ay2xS<DcwuP~T=1dj9
z;!&f6**%Ka8gd)kqVlTN1ef}dEV2or)xfkR*Q(3n(uEY;UAVI;^*F9rm5#{?Danm1
znUTOhl5)|kXV`fil!8GxOTDxDEyFAu)}KC-{kd0CzJoE-B)?|8mYw2Hr8xP(9myq2
z`KLaw$Ch&qdweP6j@047Lc%Lh6cUeo1bPipUo=W7rzse<MRL_rh`Oo+1)gjjYS5%r
zGAc;Kdh70&+9_wi<7GnJH(^A!M}z`)Z95oT{Ay~ly8TDbHE{T2==E74S@dNS_EiB1
z0yghVCn_O8)EoSrYB25NkFEEbUcVu{3l<1!J>N;D<Wz28`u$7dTvx30^EiSRV1+R?
z)@m`sZc~o(K3p16n0v*0avO;_R1>Lg5a50=v0!EEfJv}@5tXh)FGfr-1kRYqIQz^d
zg_(~<D>cz4mMBZXG=%Ot6W~L9?;2K!1O59pfc)-IBQ3a~kkHAuq$xmeg2)R8I|rsY
zLd#9?PBtm~eTkTM1hcd&3JXsobTEMW0UDu^hO(aZ=a(JK+6)o%@bY^EZ<H%9d4v&a
zR-&4UE1M)|1^lrA)b%707m>sHl0Y{cn68Hi#6t}7%#BSmC+f4PogAOpWX_nPj7)(a
z<H)r=?PTxmv(NqLFissoS+^NUFva?bp;7`(uV5TY?9f@z?W_OP?DCI(33R{&4JBLx
zr(fR-dXFK(F{z(OIoaSzt;sx46&W(0G3EERm--;OR<$nL7S0w)nY)KzfqDS>`N*@=
zvQ*I;Aip0nm#LB-AiO&~s~Lribv!+Gism(mxJ<@9%+^NYp%AqpR<S#ZD$bV7S6DvR
zkPi-8J7CQvh61+Fi;9!ov+b^Vf%yANJY-_-@P!A%-2f|0k@OAGRIu+6F*|Qy2JSK8
z;|)4F)d)l=E=iW?@y2<E_@fabLwio2sI~!rv+^J8RXHQq%C4sCfwLY;aw9SB2Hj*N
zP(7F8Un+(#>D~p>5!)ht0)~fgR{=3NW2pVa9YFxPu%-9_M~n0;;^RcA7)bteXzss6
zT)GDZ(!kY+7ad|$(iDOLPr8k#N0<%cEZw$G)Ju%R;X8ePHNA)XBZgH3L+2X4h@TIC
zz5=bLUT$2w{mtT*9_Sznx%sC2l8t_E(qq{^S`kFX2kd<M2V~-Z9!6aR(ZG*6??Vue
zS0v9SS%Dn980aF2<7EMXj?CPZhYG>GCTb$QH>S!g66k3^{?fS`U#6+UzJ7tU0y0H#
zlljX8QM{;|Cg`tB>o@BqppD@(V+8|6i__!41XwoGclhnjPp|s=`u3`M2U&p5A=pr@
z>1GQsX$I*4ib^x}AMG&=ex)0Fhd}sLc{S}C8beCeG`)zD1Pm?du$9Sbt*5xy?C)@j
zq*8b?13wGcw1a+J@v8VYjw_%}$|oDoG0xM_u5N0YGe0d`UVeV>Q^BX*L1<`o&b!Ad
zopWQ10gc3lkCQR`Hhv)Mb)@hX7)R#zJ(YDKj(nc%z~|WcG7By#Hr+c*Lt0vGbb-RO
zWZbX5KRX>F&~`HD{;ZKcX3}In2Aw8eB7a0@UtN&ngT5-hkSKu*F&5OXN7+P+x>drr
zcZHPalgckGRSh_Nlhqf$G?ZIFay?DqKn|#oChx6Y%fb3|`^9Ln5x4amo{+$F%>;ir
zzmHbGO4bwg-HxDp$v0IZPPq*_Q#vGCM=G|7WS2kgXeZMWz(b~AUHIes{^6~kSQBU7
zM`fyCOgg+bT3K!6UHISs7Wd)1{<&^+@Ta(sc1`{N6!&=<v^VLZd+F;PHShl>?L*}_
zEgo2Y2_Hjw0ZtgYcB!KS5Ps->>iamA+q*6%z7IoYyN>GXtxr~m36&$6=NT00H-S{s
z9Ek6Fe{fTjnL1S$TTH?BZrF+KX+r~vxl$w~FWkG)@D`tFu3w31*)5&=`e0ogRYQJl
zw{nE<MFy79bS2%2<*e)rrV$)kX^&t1QuvVp(*xrae=7XA-fvQfm&=U{W8ZML*?68w
zp{2ot8vgo*WGWHW`|^iD&6qdc4$HUzzd<MNs2t^dW1yVO1JnJxs>zKUW#dUhGv~1|
z$1=Z;t&jKZyH#f^xHXc1jMq5q;a&YlKw>}aVPT}`+dDVR)%@ip)ms~Wiu^qMyxYzu
z5?ap6p_29qzTI6_3Fj!ikH#H6+%*G}DxCc#f_wqV_<Z#{e|=$B2k|dP-my0Rg3KG-
z^#4?f{QpElAKpH^j}{3oP8iq!g}#0$zw<6D^_vt=_(K%vqS_IxWsr|hP0B7SNoCb#
z69BuGKknv`WYPfm+kh0~1}?g3K++kY<qCa%32t72R9gZ8yy79Cj=lmBJ7cV&Uya?`
zxW=Xb5<B5I^&C!-k7O#r;ZhPW*<LB?VMSOXmNUR-_jGVaYI%`jv`)T@BSgUbT{02p
z;)&wPe9e+9;Y~?H{gOqK!Ci;G+_7!Br#Alf&v2o3mS*@buDvzNhUV{v@xNrmGnj6_
zr|PMG`RvA>0<RB@>N1(w`BiI`@>N`tQ&x)9?)x-7caxgFb-6n5ER2?#v4QT(?3N<S
znMb^Vy4#<+R)%M#KVzDQ&AcLGdEfG_I6GiMz9qZfp`#!JY;CzD3p^qw#jrrJ_~#)z
zB%BPl`Aq4rKL>2&eA#xo{<$_?qmEbCKiI7v=0Fb~;@VH`u1|4cCJfhwL{ef@Mk^NL
z?FHK%C@TdJ89~@wvG@1>JcelicN`9E(+Z;pp^(R1@%l0!7EQ=4LE9+%GDoo9P8;>O
z!XuztGc$Lw?vWZ`RJFzMng|>1V#FW-?&dAn{<jzeQtNLqh(Ibjz`q|<^Z9g}PwRLF
zRnt3Q1@3vdbVXnDF)(O`9juv`thHJFr6j@+^4IS;dTlVME>5248x3RxcgFH79im-C
zp4-zI5Jb_)Jdz`IoS{&9=KX+(+n_ZgSFFBWC7czaP+UrjMk7>2S|Ve7jhKfqi;oFr
z2*r5^IG=(CPUO&!=389_!u@DXiT`{3Y1SwNcQ_<nd;n%Cmk+D98}E)2DjpP7KO|sM
zIDVBhePoQGAny#fJ$qJV0m?AJrzcY~%2$WZp4VTdc^Xge!zpz^2+{h;3wp=;_lVtp
zLSoBD82IOT{Ut9>@?`c6FfFAL!(5xT=K$DW2$K?w<-hvodGkQu`~xhDYF<@VwH)S}
zO_`#`+b2izC0T>EVH}!dJM*#1sn*1+qgRGJuziMy)!TBLo#$F#cn#jY0M?vsk{dmc
zsUq#X=MJF;b5ee)6^3YEf=^ds^kooe|67|iVE6%leC7F7FdyexmHykRW}rcNv3=f3
z+7ZMGo=E~#mcE1x#pkYCvFJ?e?~P4~e)9%_yRwbR2Wa69$H)JzXFgLkGXxXRYOu(E
zZiJnOJASV{JLiSu|0zcXm|y%RcxJ<B_symSZu=E=NhW-1xBF@yq<3b3M=vz$XI$N~
zZTg7REQm_+RC>#DZSNzcVDX+T+T-;e$9Hn+HZW`zb0IaAZY*f&l`oJZSvIy(TlM}F
z?YQG*`4frdaC{74MMl{6JjYys&{`1aNHBta@M28P59;{9_ecY|G+A9$s6D6-HStpe
zgJmSls#%`8)NB^)*o~Rx+7)x07T|E%M~{}6bY$l<RyO#7S`3&N5<Zk`(ck4yB_fxm
zc!C%Wn|Lp?>mOwV(1R_&zVgZW0b*;y@-~TbLLAuj%k{+i4W}2PchQJZpVaj)$!+v~
z7~Zwp{){vs5fL4L&!K8asy)j1g<*9kiMQ2i*d?n5R}%dnqG`LXUYDtlV`a}hcn3<O
zZ9vjezv1oK0i#oZKXEO{?_Qg@#lO8Hq<BQ40IvNCsWJdpSzAZ_FA%DbUkDYG?0xO~
zd?rKMf(~o!8bt<Z1vn50tv>_bN+2n9-7uU(i_bSTZ*Pj426*!@&{vEJKvr1RtNP27
zbTgd>A%deMxu3{+HMK6iu`~fOV@*>CMPp_Ec8^2<rs6m1NableAehN!@^Wvf2IRw%
z4Cc{6DYd~;k|6fUzozTP`<Pq5ogT%X6S+`nkB($`rCn|pb+6vLUuYdZ3poQrD3FW2
z$uO%L+%&jWZ|qO%I^goifwYb@@q*%Y`j?Zm!zK(*$1rjYc&c1|$39^EkFLh8Y{mj|
z+-zri^>WL^ouyFbjN;j^U^-AJJ&5bJ{?m54>#|a8;RRZJx_Jd9y&|Xj8)W|2*s$JX
zq8UGM!~xI?&=y&6Bkv4o6+HK{=6&!af=hRem-zja+nmUbNF~}0?mSX}-mnFV3_bH}
z0OU?#M*#1X*xjW7-9O^zab?5H9|&0e_}RpF`tjl?8`{(IFzkFVEJar1<#Ngqt^u9Y
zG3xZ*^K?o^N%_v385NdI8mG(nzvyrV<;e3Iyf!}@azQhnoVF{xuIbf(YvwB%VqMhx
zo7zw3wT!l9ZdC**Sy*=e?F)HN0oyyrre>#49#rYu=~F-9nM{n9^sOez@W?VI;HA6q
z*d0~AwzbLYB_@EoD&k%HU)(zYJ%ti?vFW&$#E>@7M#^zZ+hBj95|R2y!oiArl_Ch2
z+O>`=5eP3yZq2oYN=~EaLUmF=qEXqov!32jB^nVObdF6>Cp<g@D6}rQ0%0_eX-5K`
zZmE`Q<o9JN=3`U$+{D1tF*Z<~?tgSQbYAj!Ms*t9#+1;?l;CQbWnb)*kqT5r>?RMk
z7dlY+dv>bbvS|QS!7d@rd(fdPGBb2zEy{K5a+&KLaB*YKsL0vzCF4BZ-1ofZ#}5u%
z`{<`=<Ujy_`PSWsm>9Sp5DYWSfUEPrkcB9-DHy=b)`>#Z%xty@wLRgVNJ&nAas-+h
zD3-!gozdid`MP41Wv_c_omNY}+0BNx^?3Ey-~jTX0Alef4$NJVAo(Bg^?!u!JugrY
zeMqZmu}WrPro%Wn@5ry+cKaJID%NXULO;*{-GOop1X++?xNCcJfSX#3DbZFr9Ha7U
zF+DL`O{57feKeiR155arYlx|vBv(6iobM5RIE}=`krI<g``SfRR=yo-XltV}5O4ee
zCk(DW=}7mC`G@534Tb4JxYH#LVTl%ZAooPZXPS{7Xn>211!>i7{!<z-+bh?1*OckW
zp>`n{$qa7SP^Ng9;(4U3?N=fW(2T<QmaTgWs#I?GRtU)a0uq=EXn@CvIu(Q<lBJa}
zfX)gi)&IUFg>j)fPUTT90xfvoXt=>lFP6`jWdHA&BaVG<ykGI8R=VYhazp9Q)|7{+
zPT8raN|-IS@pop~z{a`w$0yxO=C5MM+FW~_P@ljYi=ozxW|4t^;ddS-(CEShrmlsO
zaO8yp#_H>51O)p8@au+=wU#s9nEVhlFlP8DG0265v1=5*wo*$|kj*7b6#hmBfR(zu
zm8n|Yn%L909PO`<{2HDgqyq>!1i0O}Q_!Z|E=}#0u^0D23^bJjoQDPAI*1b?r>zvw
zn1UhZv#a0ze~J0{&AhJrmJAnSGspO-r5;)zb{bV|2M8$?qs)rGDR>DI{!g11(QS+a
zMB4E$;udn@tiHN1puG{gZs^L@5y_!qk_(St0QGz{c`2Zc5=d6QdkQr6MoX%oAO!YX
zadzv8LHnHsWc<y}=QB=0w1JZr{=6uXU8hoYftPxss+QefmFjK0h)XLsuK|&FE)SEN
zgvc+qyPR5g>E^9JKLNCuvL3PQdk@>*Mc6dXvo<h)gBd_>+d|YY1W<ErL?QeZqP5su
zH=XCB4Z|L$`bgs$Krw@~Mk;L52|w}<^nxVu#=U#@wzfJ%Qd|$V?7z|<U7yA989?$b
zl`e3@;{uUmVh93;qAM{T+%oP^zje6op#_QoI>JVwOdgr+L<}E06hKZWMhDao<3uU$
zzy4x<?;u;&y2L*sisdO&1F_*jHq)<;t60$gK)+!PJacyiSX>r1JFeH8U)J|6FJIEY
z$iL9-6e8pbO6hbYUh}9|%kaOLYkj5+ceJuubO0KGmz|DQXJq>@g@$pVh%i89Zmr%c
z-Ilvn+WmQ#BdD&Ut3rwi#7Ke=;r|4mzx@F(6hm%kYH4c2K?h>zGplbjjAv_Ce6$7G
z7KUIt!4PwR=im#-V?Nd@jwPx&>dy!X3B#(sy;mqikUYu+jzk>rOc|qj3?q`|I=^lP
ziiM3eD}^03bdL_w5DX^~t6+W8zb3L1M4}}wV}SeN(L7tW<~pm1roAUh5^zm1f@&3R
zw=I}ZC!i}TN25p%G`@v>NsF0l4VH-102k=aKXFbk(4QPuC;FKE9jEubm!V};*jLA2
z-f9P)FWj%AMMA9?li+38_;>F$T<W>>&9eRxK*l`me6*y?^|s7-#<%LDBn79E?=4IZ
z6}uf>HSU58<vr<oaIc4k_U(r({SFk)P=R?hnj|y_p;T}{1!$+p-6)K>FA({y?@z0K
zV>glZ<hIdpL9k(Nl&$*Y(ciSwToB}I(w)%jRN8X8?3$7RjF%;?Y|-J1ox#u8mI0Vf
zYOM|M7TIHkw?6>%<SGH&G-Uj@Jb?e~Ctl>weQN@}LGe7jmc6f)MAfl@8drRs8_hRu
zK#vFk+2ybX?I=Iz-1Ec?K*AG8ftjNfb3m%=k~SzmFo5pFE%j9b&F}gz0ZLMWhx3CO
zZ%pAsVBj^@C~}Yr)<Gr!DG3R1S>C4dYHU31tb?^zi=Y)W45(MhgTP!LgfN8w4a~^l
zEp}r;T-RoORP4j+{NtPKYPaplp&i!y%WRGXeK`E-`S8B}4v}OX<^jQ?ZK*=)wu-bm
zHo`u3i9d$_p8plfQwpUmJOYwJ2HrkJxd3DxpD4|B<#j5=^ybMvQ(q(#JvKADVFGZS
zEkMGgZ?j>L9tWcEOWzaUP&I(q@fFB%pj(#14ul`bvD8~{-+P(zu(Q;?(b*}_1d%c5
zCcp~1fUKVy-2T%tagZ}UhVH@cnA%wTlbSKvPvQ8AMIXCvlytmVzb)i37;DA}dTheU
zcxv`+;lRhp9S=Nv9*6s)Erg*DG(^Pj3>0G8Lw)`I!~X|y3cJJ2(xuXI^GC-NJ}HOt
zG!mQ2?;jX4{|IHD!<Uik-J?fje(`I*`KsRJFV<3gg(XPw1+3>jkhl?ZYO8}XX-@z2
z?#3Y0r337&h?7dk)to3hKwAQn7XCw9D!J@Gd&lbo{@=8vac<6^w59U+IaV1jsCBU6
zA6M3c1pnfVFs5H1^>^Bu3kHd}{6r<19!#uthYo||iv$>3J5YL?=Z_1<>_ku>_%Gpo
z-FQcTY%)+102pU25=jBP*d{$H`jW#Z4$a~qZ=6fA0V^ZOl_`%7VBVlg<6rzb{AD+x
z&?CUe2m_grqU=5DKL#;9#r~oikh0W!N7mxEKfuHh<$WMTuuDx4-~A^g^MAbFLL$Le
zgBcEFU@^BiB})~-OFLs26wW;y(*Mq&s7}5E|62>-zfl<?-~3AJ7C;A2q+Z3>D}dTj
z4C>1H#g0P)27emve4zSOg)ai?7K<FLLqF3>3^B)){D0-G{(6?nIItN`%K4vu&JYv{
zt($!-{&7A2@h^`tj0{j;?fg>LafbbZ9kWg4AOwii@@5B&i2wHT|MIg@?5~w3ewy|0
zU2!$x182-yd?55{^jO%)^2O%jqWE9kpT9nhMZyaj#rA##lMLNC2i6DM^Tqu?Hlv4<
zzj&9Nikul9OMqAnzkZ{h4IUJI?xv&83{%JiSTLD;V7=t-rF&D-{C{BB|6C4#{oti4
zUbpCCjqHwNZ6;c~^W(?sdU>AYI=1o5#$(I^O=E~YrxkbqoRx5g8<;yJ*mhs~5{!&C
zR-FCu&sCp(4Co5~t7Ws4#eiaqNt=KZ<@36}11b0NCmE(3Lwr!g`BUq><Mo;lP$V#`
zRy+;yB!MSY6sVH|zSk%wFdP-xqY(JhJ<uiquZB_ABIa<^`G{;11UuPB3pTRvhsHwG
zpXRvJeSlf_lOVr!wld-1db8<v%O(>I4b2V=NBk+6r1r)0&K+9T-Gn4sh+xJ|qrMd8
zF6@_ycmy&xQt+4w@JMc6zkVZVQhu?Tfxb4{*JVX#EkxehYub&I%etzlsLEzN?ycCC
zn+VaDT3WeCzb7K|#V-0L*w;7Ys(L;I(|Fe9GCZt94LQR;kzif8{_xzt{Q(|St%k`a
zg5Ah1Ba>Sc8)n!;u8s}M<gP7e#>U%EJcq?4=DO(m>UW>>@D4G~vB)&>jc!7J1LqqX
za!m=`oc`yq-NB=D<Wuoe|G}f!VR>A0Tq1xSHWB&@^rs%an!Sj3$J0{`@A}5p`}9sj
z$$xzl%zK)D_N>K)XG|j-8OUwsIvJ4bnFa>y@j7F#7D_qz%^9cagdo`vrAHDxtrbP-
z`sj9I-^mKw3Kx2%8tk;GL*CkUFc^+Vgo(qpoDE)llU2L(vi_38_UCu6JcfkI%pydp
zN`)wuRw+?rjyBX538DN5Ih5PhJQwo~eO8%MY#(}?p%v@3P9xt>!tB}Z8fo*W=weaV
zgutE{rpazBC9!N?V?^Z6k_4P;D#s$?0ouQU#B3MnU;P+}ABd}V*^5!Z?#B^`TV6j4
z7J5<e<{UP7|9|`A7#HXGWWC`6-1XK*<=&}a-x^wUzU5W@3JbSh`~KN<;HOsUgr3k&
zjl%ZC6PFa1^fX`h=75PqdE}9Cw0q-4+faXxJlUPk#orSpB5RaWoy~Z{nw5sE$@{w8
zhlY48$-~~qB?rGxk&h)6rZ};<ztA2h9q(F`sajJO@zwy(Z!fVsL5R%+dcr>2ayigp
zrFQ&zS7_L2PC#7cQ|`C=J2A@uB(++Wuj}xAL-|`1I_E`Cu<ugG_E`S@#dq@&U*HgW
zW(R%zPE{G~N7f%wI)c7Q2Yp*ZaLTTPhZ5SHdP-7jar6df)6Z{xrH9QqJD6bK+^r|{
zXSs5sn)^&Erqub#70!qAJ@Kr5^NO{iPsbw4PE6DHZTq2#HxjP05_1kEnuuj8uVUFC
zwFIW^6d(o5<7v-W@lyTe4LYM_ov$4}G_N|j+T!_APY<~q-a(ke+BKqkd+3yt?jpK?
z|0KQ44PA7&6ox~X_PN^a#>SS~NB7_C7iKpn@zf9E!HzigpNJutG_dmPf<A|wb~h7h
zXT-PDrdCxje?`zQ*X>!`jlJ@%u%>O(`^xxG6VFlP>H0mR$x^?A%SGvKj5dbuGrQZ4
zV?C>FqOW%#ufO3+$PUVn6JX`HHsb0pf4he-xcH?%t#*iEctK5cc*!5jx~H1AOZtI3
zyK)3aJXbBJu4x4Jpgf=G@U(0u3`Nrx#Zt7iebO+(?R31TbwKALVy}CW6H!_9d93~Q
zs3<eD`tI5!XHohS+fODV?N<WKs>N}*n6BFY#=l@rWeD?gqzj&7I43E}U&nGXi%_|=
z>cWL4-HTnZ+bY>graO--3SVSMK0b|4(NZV!^o-myts(Gt^k|9g-&VtObgJ5!?79KJ
z=RnD0l=rGF=1KQwQI^KZWyT}>^-m77au5@ls%|&>2M?-O#)>4IYbUv331=@QjL&iu
zKOelgfP>o+U>5u8;ok1m29;;s9Rh?K*53=f{_R-(I&?vovDl_0>N@;9p@+0r80g_$
zUHPNPCGl)y7?jV07P{BHH$Vrg;>A*?n=WyjK`3V~pD6#x!|M%y3x)$SyEvGIGE8-c
z&$a{zHYY`D=cuN>!_N$>tb!X&mALs)2swW<%|Ap-Yiy4x{V=P2$si~9rX_)Af%EKz
zm+4fc2D#{o_e~Z}ZEnLh#z;<BP%Y$fIyEFU`4VZjQ1i^Hl(CN#t6F9r>%9ps0qgk)
z;8o_vNBXTFL0%m?9qbj_jFF_zRJb>vKeET1c3Iz$8zD><Saxe<Bbk>;yJA_OoVwP6
zh#DK0uY}8FgF%mc{Nzek1duzKM1`vfwS!wxJoKqp`KBW_8HQ?5b1vuiPN%)Sz1H`)
zf{u%Kv_>kOlHG0@jG=jS9(Z)K-_X$RO1S*uMd9=A`v<G(pr=+j!OM>4NMtDQw8=^Y
zRqh_htRik3{@_IO>#JbXV;ldG(uC{<h;`R0r_&a3n4j@gD$#PK)5!ugz8o$6HRNhp
z$PN9jtxuI_F;fv8881#m;zv{WuCpY??*Wo$idI$R4|GwW{282a7ruj|{X{z<`c&9i
zbQuBm8d-Iq8*PTLh%R~+9;v%TkA>xBeZ2T0`m{+M!D;NyXePRJiQX>Wc4cVlm}1H1
z{guUe$6e>C2|v$BA>z?LFlbi}V9>_`)5Ld{*=U13BlE_IH4`mHuQ+J%Ncg}x^IbYn
za<HKb8+LW5F{l1i1s_)Bjnbr{R*H3JvI?%|8ZOk?epfNCai1o+aBr*CxSif<PTSVt
z06wq-m-T$QRoJ>7=QeuB*V@8gFr@bR3q(iz2v0h4`|En!ayZ)$O8Ja>MB)v~G^3%k
zA_5YKt;<+OMt0#eiVKNa3Z-aSO|Tk@BuZ&MkACu@y?18H|HQ?iy}VaKf3Mpt?|q8m
z$-Ax2OB@U;^ZTeG^NHigEIhkMJ~~u)7kJ$ZBl-_^kGP^l9vdi-t=qzLoOiiux3cEi
zNJ-beQh)NTNb`os&xKx_Eamq*iMh1k%EF5hUB1s(eKVQ(y4*5Pf%&W2_f=LX_iLhC
zVes+7Pyzksxv$Nz_2Hf;c}^7{A*o+0ONAmA7nwD7CxoMgXC!PaENYfKA!muy+0Ruy
zk8{0WOF)=e1oG#Ex!kC$e5(x8Jgy1vxAGX1HQph5>5|;oVg7z^QH873#$PL1FB{4k
z+1q#|gqC014-r(ta}@Ym^!t1BPLR}v9M{0wi*VY8Mg}!EhFcp1m)lrg@V2B^=#z<b
z(Nt^CHW70$%(vq!=}@fx+)8<9LSdFZrJpeSl6PO`Ib|B+9X!50(E^9a9oO87k-U@d
zddk^rbXjsLQf<&_zJ3y?ea}qO6bH48k4o~8jixd8-S57zQcjan3PPLJ7z!~e7ATi)
zgtpVR{Oi{jZK!p+Opc>o$Pzdm2;S#@KHLJ_BnwacaMUdUTg&{cN;?gLtSn6$n#44n
z_eql;M^B`gyHCl`hTrWgokQ~6!(egAx#!QH@2a?s$XAo!tA0_MYk{V6(}bChDq{Di
z@;sRz*OTt#>4>L`#J~Jlr<%4tD<sODfngews>$J$s&}nrxCh+jOkvejdO-1Fu>8kb
zCR>r)gO{EaHKzt=3eY@lz6F%!*ixu5748RoO%APN|D}Wh!{-y<+ylcdz(e%bmXq=m
zJ@|GAJ)9@CdQf`_k?m0qxSA4*J8pAKx-qO8&H+8p7gZzujEv3!)o)Pca5vZ?xxJE7
zPma{;q4IGz9zZ`Jkgt_7a{9YRs8xPkk2?-Nk-S~&SC<%2h#Xs6*|xv-czERBquQUp
zm5~6UZHw-C*vyPoMa+fsu*6i|(CINMMTtO;%|yx7Gc`^NSFzrJU%NZyxUFk~EK-^b
z2N!7916I{MMvhVYaQ2bH*b^)2tGpfPXiD@GE<Xg^jI>C|Wz>+{VV-n|CVlVQ;fMs&
zp(N#2%+8X_R?E6rEDB5ulpS?gVoU9S@*Oz~w7Odq^NvlrZtK5Jnc?ATE8;4>Up7d?
zW>#oF$Yr3*CA;Su%BP%bAX0Rep5@4AZK+hWdPrvX0aX+z{UD+y2R)s<rR;Z=kv{c}
z*hy8HUDgkMA8*^m`Sesj)mF3eioDY_HuV!Ff0p|aQOO)ESoz{~Em^7O*6$})CU_jH
z>A1X|6&$2?l!^DKD8Zl5sUqQMglw3GYI3U7YK!&H`=efc%rYp^^}*87m36x~bg=7^
zLO-3FAE~-6z8;{`@iyYF#KG)df&vbY$w4RUAaxLQw3dd3)iL9Za<#6-%znk!=Cvgq
zv4!_kZp~Kvi@_4C1^dZ4svR1YMK-p_4s;bg@(Jd914nD|(QW}}$FmOH_5(td*|XuG
zU5!l8xsZVI9e{a{Qnikn1N5Bf7-r>{g=wadl08>{7ysVzd`NzyU`ynbd_%6-8~Xe;
zXWPCf0Xfb$2&Eid569+<j8t;2<Nd;K+M@B#bxpAM1*h$P>_1!TM-mG-?0)J$NpQ{c
z6-K-A^q20(=D%t;)T3x2x@4|FNrW=I7Pok=KjVcP<qRi^{BVLGfPSE5a%!~n5nW~F
zK(q=|u0i1X3)ZJ;XG@5?C2uFCO2XpNeKeeu&8#|kA?&(^GVZY5IJ;IjDYL5j#af|y
zRj0lVj$P+mAEPpl=2_{$*4Q|$cArZNaouJo#!8qFtUv9%c_l%N`$$4PCKaiYaE`S<
z;&)+|E_1oPk(J)?!WsY3$>9kp#Mk&05Z5`}UcQq6Q?r~{)}0f9L@U&;B*@~rO|JCG
zLAa}41ys0i?~-XlAgz@SravA`{5qt@d2DIC=Doe2^g5<c`Z5U!O1(n974cjjo3yqa
zF42;!42P%6+q=r^!RZXsQ(0z*Z*M`atf|k@jFg;EYn+S`l!={Zae^IEVUDc=F6-2Z
zZRG*kcj6AgGAmdBI$El0Zu6{3BpC!g&pOiFzi^qsSSS<9w!c;CJ`&4Tqdq$N7A+Q)
z&_y}M*XFslO8H*#vA(S-%KsLz!9YG>F-PsqxsL%|Kmp#nIzjymIa9Nzhtw5B7lnQs
zSl4+xt(!XI%wcoHS<L^?hkQ99GPU!VDm3WB)wQds&RWgiW!e(<NJ~s7Vfb<$;(6Nb
zoQ6F&LnWlMI|eh@eJ9V_)2<<xC(9XDh3!fiJ@e1Q{<>OPs#aH<<XY>3XBDdQxbHjf
zqZtkffsK&L=Ol>O7P>5`Esd3w*k$!si3k^};>a_Ocrz$c>e%Oe{~%ukt;)m7|EAc7
zRZu47$~s~*7ZJ)7(3Z`Sz?(iSmW)z<Kg5d~uwZ_o<-k`p)g8;Jt9ba$w021Ei)xOt
z1deB3+xJr)$Y3gZh(&QdnXyxOuS<Uve#Oylaa1Ww)#YJQa#D)?n3Qqn+WB{MqA^(!
z!R#5V3KiFKPv9$BWJ1mv{f;X_lcI03v&hx_7EnTpB~_{P)8VSyAP1C19#LJdzL1{R
zQ2JtmwIyohc9UG#{VG8`BzZvbo=sV9BsaWvw^5lp>2u~g{q<ytPeKqpqoK$I0oJso
zS&R|5RvA9($&p{DQO@ggJG|+17ROHsS>AC6S2>u$^-kW_wm2&Vp}D&{nHk%~mO8s_
zAFsYwRO_-`Bv;qL+06F`r`s4`{ea4Y<2ZPc(EmmFWQeU(R!T%|3u?ZrLeZRUD>uvf
zCQ*J*$>P(IidhW-o0(n5mX#}rfV>btkDU_!rm<f;x%)5}^@OQQlXgiJhuj6tIKlLF
zI>IjQr{`va9^av^6&n^DT+)G(94`7D5N2di<?5h|2;z6F1lNpO2>i7x9mPw{4mwo$
zrCm<FeHfH#ybZ(>zsqD+b;vp{Z87eLakwb9h497#MNY(5)gPImEh#E~`&e8`L;7s0
z!Fg^!9x02lf9BBrL~Yi57u@a2Ig%^_Zp&|NO;3yUKIh%GxO)0<jeyG}ruvE_+GRn4
z#T_w0n96FXA<tC_gRY|<D$TQNbZtdb#)#-w4kwIx=cl)SYO@l5=&;~&blDbC6gX9N
zdK|ZQ&*fuh6u0Ok5=|J+b*ANG3SuuzSUBs?l{tShNtUcltNI#MTx_x>33oXxq;Z%$
z#)O#4-0)9UrCBXYE{jMxF=vM_bOVtg3#s`FbJ2A?*=pP3M%$X&sSjNA`Bf6vL?DTr
z%<A^05J-WucD{FNenQ`-laSI*^-jlF!eIF%?FBeH{^X6{U(m`bb?tlmHg#<E1TZoa
z#h|)RKCXwCx!+xs$=%pdX15sU)~cdS)<2lfww|%pzVS6Ddbd5!LGf9~qvmT48s~dy
z@@x6a6bnM2oj&KSUpyWUaUXKZTmN~Rcc|FWyPf&!ay;`2xJ|Ti2*ZhGJiBdbeX`<w
z7TUJWpqIvO-pH_ah~i_rZ~gj=YH2bvGu=F37aWW1<tHVbHC3LGS8Ih2Rq0q9wVoB3
zCeBJmUQznFpY6~HbGP@=*~8~y>zT+cYh)V}?%sL?Rost=4%>?G5x0^fEleh8FgE6i
zs7g=_9e3KQ0!cKV&QkWs8P)xk&kc{L8lXduLk=(JY{M(w^JC@D#kdF==4__z=)7NC
z7Tf)#ss<U{LIxg*lv?avUCNEv8ORR<(Qpl*>?OEY^V`1zqyy;6_P$S=+1yM^0)I<w
zj38{jN4a*-G(RkWD|4IvYXW5KdnY3n7xc#NpKOK1udR>=;=@VzRH_9Cuiu>KIjT(U
zmq#!a$qW@dOgD+IxJ8Ga`l!{-d7Rgyx(Lt(D+i&L0M#%N+}q_suSQ=cbG09=C+s+C
zQx`DSdGJn`m~IM3@3*;7U1?T2Q+)L3kv=BET6NbE-Yufu(0@Hw6JwX^6w66S7*lWM
zH`_vs-0!8cKAf`x0dE3<#$ZrG8L0z7vm;T?=FJUqQG>!cHp^HF5$mTM$@@vOHF>uu
zRMGj|Sp-q;PPaG6H+yeFymEphAL~HmS63~oU%^j6D@t1(jPgkpe?nX3Lrg*%&%Y<*
z?}@NPCY@JvUTW$#BiCrGc(E?HIOy^nmsQfSN|WFjM?z-vm&hK4w(Y(*d(HiaLHV|h
z5^MQHdq>Me5Xd?dqGR#BYBoitm(cndL=!cB=+sM$SoyW?Z#^S*63qSp=qjfDl|hC-
z$I0)!LUOdCv1EzR;xY*J^vHMop{?zc_c?mD0k*gMfVF;!Q?9~#J&Vd}5KdTmFxWBj
zsxhtH@>9C|0*T1nQjk&E&(%g&UQVG*UZiwr*P?5VNz-*dRuly~y(a}NX1edB1oy~k
zk?R#b<MM&%BOl!stx?PGtzVT>hT}vpIikt9<<{6CQW(@C7q&rhog!n+rK&O?v#!fW
zyRTWE6&7nh@K7AR@80<twOW?))(2y}_b@2is6&8OsqH4eZd+JSv-*3Ab^n;+h>J?!
zd<uj)dZPviU~ca|sm-S%w~+E%a>?&0_vDtEC-m9mc0X5i>4OMK$2-#HAY5_l`I~a&
zT`}sT8ukPGyp%borC0`J^aL?X)A`DA-B<eM;}MnAsWCnJyE=jg+kxTS)|UB>vr0?9
z@_{Co3-|vWDE;}{6s(_sPPVN;nJ=p@4t%HZQ_)nb5v#-F_!>sH^tj;KU8z`>r)e@l
zdO~`yQ{GB{^9dk~rT%(vX)X}GDRE<W+kDUy@tG`i4rJLY)J<Pc9#*%cIE|GXYpr3D
zfQ9b(2=i6gM<|($ZYS(n>x3NzzwHRH^jF`cRUl2--dQny_nb<QMVt;F$NmDdx(u=M
zcXbYB2AAzRn+z4nn5Htm_@ht(Lh@~~Z=^F*@4xAyu{aM~70Nb2e5l%$UcVAH<*vEx
zY*eJ1_YyL4+B2ot({ws6jFXY$$ABhNUm#|CrhM`8(YF<6f-}2yu}5p1T5UU<kh<&%
zlttEERUMnI{B)%-0Upt^cXN&iJ(rCcrp{Bb*s~B~c@lvDr_seemk(jtH%YG-Khlan
z9E}`zb&%oGs5M9>sA4#CS~{XfMlYSJHF2KUR4gN?Q`Z`;h%bt{djtWtlB9!`bE>VY
zY#h@C_~-o*@!!Jr*JbFiFTmxZnP#kfrND+zu~5@mh(->M=d3cN&-I8rQ&jmfzFMEg
z;kKc{qBVa$T`%4~Dc>LreOt&y&~(%y)e~A0b4@N5;T&sqR%{#m>Bur_tS3TU%w<th
zce-VLp~H|GmGv5-i-G4`%+C)fM@1tGvtIFjkromtun0_k1Dh<6Lu(eA9I0s>P6$g^
zO@iI}mep-{IDo%2d~B3{v=|o|Qx^H2%I}hUoS>6}V9AHEQV%Jm7tBiX_apLc^Wl>=
z1s5({Z0~KA;I@8xO~CefLVxwtqL6|d+j$hytWF*pwmf7QmDz4P_ubto+Yq<p@*)|E
zd%oJe(J=K{XenWCgw=S#ngbbcPOZ`2JdXw`21M!ZUnffAirAr{NsAfUD64EM<?s-?
zig4L6a{8*_qM|Ryf5<vb46B60do9XS<Voq70;$7;C7iPu*c}AdviWmZb)Ap0GiUWr
zb6A}F;lf=lF?Q6!5vx_vqL|C-#`&s_O+D!|5!B(>i5*o$S}rVfdS}@t`{1;_HhfHZ
z3%)ZLy47iWW~ggQb0xtjhrg@v(+e`5XrzoTw1cP8<<~A}Qf{!?j+uoho{Tdr*l{pQ
zU0s>7P`skL-FmvUch<T}VoLX~)eFp_JbR4gaaLvNxPOJf(at#N8TmxQvw#Hu;Ffn3
zN|v1A_|$YXWQvT#($vCs!rJyL{?r78365+yaPF*vmJIwN)qTc+w_-!brP^RNDGew@
z(7M>0Ik@Kh4DE(wJ&sR9b56~C@DX7w4uJ!CXK!D%e{Q0HeSPKiiJGTjnYChjK9XkL
zgE29Yj2?{MV|2Ygo*5IuB|*nAY8S3~P1Ja;8Uisp)En&CdQWaRlf(c(wQI6I?Srbr
z%y9y1*`AR#>QiN6s`4z8W_d2hi#IfOPx!a?5==Ukg9IN!xs!4P4BWQ)rc;mhDDEmZ
zbg14>kAFbIB2U^A*>xKs+pX<HpJa<up`;@Qa(96m%kKLCrA#*%11H*NNI@FSk=aux
zs8l;9cI2~dsPDfe>T(!%lLMwqtNO5OYsk%wc%u)ooXGm-@v#<}0`B1sp>OP|CR3%R
zrUr3Z5w@MPQwLRCOzV=0Rqc7g*udn$9)(hhiXD!*w*-Mp73NvVnW&r0s*<)3*dK`m
zewi*eHWlMgnQ7}qG={bTaK>HM$)M5$ph0tSy}B|V4#~=3_&x%531OcwF~%S^>>gqu
ztLkeAmxnvPY{KN>qO5bRH9Cs|XvWjusWS>#_S--5n3MHR;rVT-Z+VGe|7gm`u8!@Y
z$K(CizRk8-4?0Ss_IYN)D_<yY23&88<#@WKA9!h{d{@wVIYwAu=j~i~jkq}%-xRu_
z-`&*oi|NStBTnt^g@Lt78(<+j!#ZrzOQjYDO2N@8&8R0WY>5DYYwI?Pg?KWKTg9WA
zCw0aoxu6bP-_YOVs#!zUYG1G2kKT3C#*<w?;=Z5sMwPO1H#BF&dQrZ`<#8q}l$7f;
ze~TO0MqdY3>3Sb@YmVdkdVJ-~Xvu40!qGWAX8@+9N(kqpZ@p@GY0h<Ok$koI3Y0iK
zPrK%o=1LC-?|B$;wkm&u$b$#&-=#d(bfK<XdkFLA&2t@|(16bsDe~(Ms*d^P(j;zY
zT+MEGI!HWb7ej|#*|ics-hVb&VSAnZYvfh;r7YuJsC7bQjg)eHw4IX6cMd6>gp0KY
zSt`W5*$L?Qkj;ZF!$I=E6Sp6o)C!j7Eu~Mmzqq)xB&s|kqa1UlQ-e%>^aov?fMi!{
zI`TQdsmkVX$4J0t{!_aHPRz2)?)LGCm~|D-*dL_a&oC+XN)Z7p`qBAU?Ir^BZkC=3
zn%1!SoEr9LS+D)vd2_?XVVRK{5FOt!rNyIak${-S$Co%lw4D%@>sbvtN4uiz!Az{>
zV&*2*!C3jMgT|Q!${sd*2Stq8`tyv#Qr2$UMPz<m%2t)ueV_`ENBvZbCd*i@3gIFT
zvM>2}1?55CDhF#@T`X#s?8Fe?ee<+cx9eNz8*3rSJ3gG5`pZN4rw~zhkAi+Xv?3^Q
z%yrc#(_5TA%JLq*=ajBXn$B>!MInYxqtJk~njRLY*!3fBee`?Yb}UGYD$|^vt_Kv_
zZA+zdHm!dQnl}@QHI{eA7em?Yf&o(*4f>F5k>^?Rl+eKfm<9T?z>0rKIs<twij>v0
zN)x;A%}r=He1$mNmN(mHJ53%Gh*j;rw$MxYsKf~Cj0tvSADJ{Rz|1*PAtm<_8>0Z?
zSA~=&%yPsUohfV^xN{bzJ+ZA!cVhxhz&&p=PcykxxId#}t_}JW#{j$YMRwNEfsJ9R
z5eo4nR%BYAIwAcaE~?@xo5;}*Hs!QO`VetW^ENdbI<(o@WL%+Tw=MDAqk3cRb>A-O
z3EB58F=eYS=Vj;FM<_se9274kmc?qet52P)cPJtN5IaMD*%ffrA41aIC6KqvigT{2
z*Nmh>#=S1oFgai@dEb+q%B#I7&&aGv;_L=fadB}l;z}IR;aK9aF)i*J5TG`bXS*4n
zUwbCKMtmpkw{;aSE%jgK<OyBt^xCou)F#}qu*#EQ%4;j9?v~yCw3O1X7u|KU!jVDE
z{TLNuDs+>BbfEMk{2u+oHTLWDZwwL~?t{Y1!S>mYV(nQU8=tx9#8K;c*BjEcZ~4q$
z)v+a7(Jw^h6{j@vSN8Q+6d4M`8cGsO>P+5cou;0@>yT-zQL#N2=~m^?nqcCw=O}`z
z)0s(~_4%5km${kOD280iWOT-tqij8}>5{AXlI4)PD?c`Fqs!4dQ<yA$wLQWg<>owf
zWIP1HO8U&mY(F>cK2m7(CfOKj>{0qHPj@FkDD`RZ%Xyosi|d3!{0uE<o;>xEclb^^
zHMaGt@?*6QQ18ecdr=Z*)nWGFXbvrVUtwz*d(#uGtJK0l(<Q68{af38vkIu$em&dV
z>C`dX67Fh+<h<!rHYWyTDw_k~PArqYgd@q&cHj(erKtCj{u}q>XNq19cpHF10MdY^
z_tejr<BBbUG}=k4YId|fwOiq2VT%i0la?*(>1mzmHy^Sn?)rRej4zE4U3$}#wb2Ff
z4Iof~)Hj$`6HURx&%=B@1ouS7ap2>7Da7ELH>y3WJfSPK5V-AYUQj?FB$=OB-vZhj
z?VGbL5I*)HGc>1&v&UKB_#V(;qy25LU?h(*5Q-aAoW`r{_#c>cx+_wKYI|60-ZaU&
zzZ_h<98r4BFhpnzH`XQ@G82)Otk~M!>VYs-nEU83_k<}_5P5&FE{EYZkwDYz3v8H*
zBy{744=4nWGh;bmak;Gz58o<L)%%pGkdX~+tW6%e)_3-!LC0%Zcn@`a2(B{z<qB)+
z-==rd2Kbn}%uTbt<Mg`SU|x@qLF5k{Z~gvBW}|~mmZKTTvX-(g&Kr-t^;;5|jkpiP
z7UiC|Io;Tx1=Fsa8U^s~1i4}Xw88B$+gxhd8*lG{kQ_3GH(B$<Ii+YeRzXe9%q$&J
zPVJ!ACAqp-Uh$1Ohvndq<y~>4`Rx*(>0{!pf~x=}<<eE#C}iw3TrHB%9P`$%kMZMn
z+;z$x$=;h(G7OPk#}DN=N=`Y5O7Ur2;lDHexUNH#dRXe5*8r&u^K|OEd4!4TAbdco
z;mxxSf#ob6XN{J(u+vj&r$>Ag62A@oPcLDgo;u8^Y9#f>+zJ(Z6<I}q(*d92Y8SEz
zCD~Zslw@>*8%LRnTxWP9MnA0|?Ytdd`<y0o^PyY6U1KE#<C85EldpleVw%Y78#Zj{
ziS2j!_wb!ax|LK3on`sdO2RAl8i-90hjQTl9*y!k%kr!}(-~&M$`8TmYnu({kvS|U
zE~T(Z)pX2wb>&i+olw5ak(D9E>ZIu>Cx&d*ayrRw?N7nF{JQpn$SlnglgVZIt)4^^
z#nm<Y<FDS4Lb#Yhve#{fX|uWx=q%<r+>otyzjuPgtkdfrq`R_psKyA5)R&vr1A83T
zdtW=9PJ~hgRtep$wz<j@(!y}h099_^LcDZWbo2WyEUw$+vEaI{yK?=`wB7lj3Y_1@
zThr3mr&JpR*SPf68VSHjQp^n|J`1m?|FQ4S$zdm-9?6t#U};3mqQPAK*5^WNTJ^KO
zt=SZgq6al*_P)%7?4<eM+Qo45nyYp{PjR({_-~Hs2mxXR@e68j?qzha0EG<IG5CAv
z$%E+5H1dsSWV$R*ri6V(_S1sSqmv{!&mKJ8+<eSMI9Qe{pPW(anxt(1wNR3)MY=%%
zVtIpsSni;4@ElWX?m7G(X*`y#n>r5@1-91zmTX&2Ez?r^1G|QY#$o3JRA%hhu2+wK
za3xYgf1;bM&t3b6{JqNR561M<NZEJxm@l%s0KO=I4f^=ER(%Y?e37%S)QMa#p?^GM
zPb;GavPPMv5d9^qfmhH7QqE|nI#^3^v7?;>n$odw0WM6|9{@a13NKhOqgCI#RKNEw
zLnIq}p3p4SjrIhNr<x*B&#1DZ#IXmCKR|%a#7a5E1G3pcQ<gBgrv^2_9ad`&9@=46
z@|^86{gZJPwfMyF74n~XSti%RIyS&SJO6uIQ36?d1LTx-h@Ti<_zp*=U-QM*jvE=n
z17>sbCCkXGP8?H?8qSJn^XTR>-A>vPx%V;8qeP*#NlA|l^5J(vBXq-fNYRjL7eJEg
z_JsjU^~?urdLS2q`UBYJHHH>=VCvi4NrwGOD)MuPh{~5}4YfP+>%tx$QvG~0@3*<#
zmmU|bE@^cLzUcc=uQ0!{lfW6};PQNB;NX^%`5eB0Lt9l4DZp?0iZLl^CLMTnJM9YA
z-@khPPk=(2`uelV&tu<I=P&wI$K0;q#%*UW$w|r^N1s&6bML;tWFXtLBaXH8EZdau
z*@IziY3LUD_UeIS2k){z+1OwY{k1TB-V?r6zYu#prH;Wx^{)}GIZ&E6nRDo!?|Rlh
z;A1n*x7o1r9qE7KSedNg`5;ae4}SlA4&eD*Z*KJQq(9#+U)I4@YI^V_g@Ww-EA>zm
z4VRncQ6lq*on&rR2CQidN7fhH3hQolexr_stGlKm%<`(0Q)P{4OFv+~Fp-Ud)9N*F
z<IZ%rV4gPS`u_KWwE+btD|*?H;l8geL;k$+LDNFEVOS7KgEL(vPtsT64C(Ef7GX6I
zUgf$;JB_^bI1j_Qas*b_;lk$p`^z4Wp7UW{cG!hQE&#O{WbsR5dp8h9?i5PfL%L9>
z%An}<x?rx21iFb@T)K5&;}CXSjQsf7I&%~W20PpP`PVQn)Oz%--plTdIS0y{MKO-j
znDZ;+bq*{4=CsxC_uliNFu)5#1>_?fTaFWHXoa<34o0?kLYrfV=<n(!YW301H(*s1
zBt7=lD`Ny7dLjD32h1CCfHyQ@75sxYbfm$cz`WDMRPn9<sc$)oNAFf@3suT-p7!$B
zduaed9MoHZ0z-a<lK^MQOHBEDw|W77{lCiMhqQsRGLpDl%>A%Pwph`yY?oSD%jZKE
zz)s&G!o_@8K5(T@PaaGEZqLC#<@$>_V~dl2?u7VRrFM=`e%*KNkWDWxN$kD~q0jbX
zFZ0`csC6TvI$DS*l6kT492r`_iGz=>GXWL@Q|Z0&TibeAcL^;0Y!4P!*WA77)NAh|
z+@E+`xTsr9a_489OtmBZ*O>%iKPk^)AFpEk2^5?I_{$`s-<}viFT~J763)Z$)i(M9
zyl4a%a^@ZJ@d&m<(DOgdh7?*H7RAOyNcn*m%N*$m1$ky04_9$eLBXfO=WDhHb_aXD
z?&cPPbFI<x?NcgUwi87ru`A=HO|kvvzM_D!5&^h$(O)@F%;WVscYEMAV+JEdCRMZQ
zn&Zq*GYY~ubu|b`Ss0=Du;4eiyBKJ%t!6?<MZY|g7qRm^doYU$pivkuU!gPdqhyP2
z<+w-)lP*@j#Yv1Va?bZ{Hk!e?{`LS(ZkI^aEa0VvpOKXjVt_1e<GdvV=q)Ea76G(H
z4jTX8X7J~*+iqg)gkq!57PB0b-rH*7-wE9MPnG?RjhZ`9lOY+c0AC?;(;%8wyXsgy
zdcu*Zigw@D*aKux3ww8l-k#Mb@BikkRdW8t8|yMElT5g(b0`<ST+*d}TTG+l-n<r)
z2jRYW&uL{TlHM>+nDF}b>07lWUtL<n3LWcB5A2$*sf8*{s+i<0)w}H+2)BJ^$fg*r
zm9BI!j#+dRvPW@+uV?EYUb+4K3Eyc2W3Nr$qxZ#pdn>aCt}91{b7K|e(echTnZgI!
zDmLt_%UQPOCvYGV)@P=R4Kvqx{d?~Cb(u8J@b%3FPiPV`oPBKPF}a+KV{Gy5E#;X!
zwpg*?Y?lQsz-5|<Iag*~hdPJ^%1cT$&qYybS3FvUPO2CWE2@_)v){(S57_hE1Z`KD
zAXy^MV=PKMq1lQeDVkll40rFwp<1j*YwbBSYvTAN3>2sq2I52F24YN{72Jt7<n(Ov
z6;E0)`FvOL{>efr_xyyHd3x(@P;NA~8mez2lIqxFm0Vl{k$4<|*`I7KG1y!Hut)l#
zFFu2A5wMJjba5auBK6^bZ;J@8%IPtF;t9CV#7Pk)E-P&d44_r9&~>Sd&}sh*dQ*8v
zv5svO!eKI15eP~>Et}e9rrJ!gXQwKq$JH?JH~sRPRkRBGY`R`!3JE}lBw9fKGyDFb
ze2W0fh)ixpT8m^IYF@Ro185U|in%M__x>%Tx`^4p+kASLfboE(B4=bExAXqFmYNc)
zmblcpz$ZsJ6Sud_PpI|~XRQ`^-2A^UAebj%qV@;E@UUJbTVJUo9t?|bY2B2)-e-B@
z*cg^&3?1-VM=qDP5!xW%x<$dvw0_#L6Iwj9*Vhv|O5o@d$;qX2beUH?52*e`Eo&Fm
z9CxmUuI@CSt5}$fnI8rS%Uo{!DsrR#y!laDxD+;wpJ_TZ;Y_PhEI0`avjrpvTa!I+
z3NiZuBh9c+%xu-TZqozy0PSBIs`;uCJL$CBM8a*~x8t~)Ir993iV5i9wrk)1tqUx7
z`k5fT!hz?s5Z{W?^4?Ml{xTlUa94!}AFqujg!7Hv1G~w5oseNRCWiTAEML)5%_KUg
zY$sB$ttOHe%awAYvRWNKQ?=wB=wnbV)bC+2R7?oV)jExMY?CgJ#-$3eCeDtz=kef&
zGY-W>tucBO<`z*6un+#C^q3mJ1qr(tC}voS$UA-Peq>|>-$jbC2d!%H%QvR$2GKtD
zlLyGrTwl|rtvy}TTuak7vcYG2a}7nlp$XqGK}WAe5@yM%P9EbR`%?W19T0pPTdU)a
zUe}MBFs$VUsXciBc`~>iUI#?1;?DpR7vnmE*_)5OTwk^y$K73xXx|$QA!MMVSDM6L
zKISR3IU>=xZ;_^5;mR_3p!NpE^8oNCOpm0+-jIcaFpwAN_atV$9t<Dzn|wiG%RK*j
zj^;oXqBI6*%62a44o5tFJwF-_Yz%y5bgbAU)T7v=c)B*nKPwim?vU@t|72w!xX+kI
z3%eJuzCP~4uyr1<mv>O8-*<>nI6795PA}#|?9>6OH*(#kXUqvvj5bkDKP577SBTpW
zcIEd-)5}}*Cygl$eoyT&S-do*uTg{yiZVf@v}8Z|frDGMM@=K*yk{dQR^k9yO&8$G
zS}~~Kmq+-ef0CNc!>|t78af!rExPsOs;e}K>LRi71<};}5L0f0c0!A3q0&<hP}vCv
zWggxZa^P=!7k+WEc&%2LiW4K}Zuc$N^*8Z;;01jlj;p##3Cw$0sV7^c>=f%jmf>?m
zPfHC`HZ;#t(4cm$3}BVf1dx<zv&V6Vi*d88Iq0V0J^d5vS^>&_ngRneL3zpOkBX~9
zimC&UBHL+1Ka<9j`3d(a4PC_`@@oV9;;iY4#)bfN<Tl@VI#O*D`+rzF>$s--_uq@f
z4Jvr6h)5ZP<ZfCTQKUmUhX`Zz=pJBV5mKX3VRT827z0Hm2h!c$IgpJw?|J+Eo!{g9
z@x${t=U-!=&*z<2Jg?Wac%4q)_EsDAhqfRr^zdw%(}C)#6^+aveJ5t5NJ539exH|q
z(qWsppQ6lt^fsn=KwMowpjTJP{+0j6=fU;R{(>s!R@BVyV7;iv#1*>iUG5Pd{kxCl
zpHC+}NKuuO3rdu7QS+@HXmPyNwoou?-<1z3C<(lK{P+nNNtRKMt{^nD&ek!1{_(Eh
z*telKeqAH2RU6SO(XG{!Gt2R#`VE;DtrU49Pe)J@e^0YXaI0K~{8VA_**N9)v>-hc
zwOgG2b$DrXHMQF{3<A_BRs}LH>J(c3+RVrAX&mhrb`<_PrxfV09cyj`UmF0afQ;<F
zDL~N+S7KY=-Z8L~2v~ZV6&o$B$ba!i1<2q%xBg40etG-`a>Y{f+bPZ=WDpSKk&N%n
zQZZYt-cRqx1m9lzz~)y~z0kTo`OcNF0c(sFt9ka~yPj!hH}-oN!_1|PqLhLhCnLR@
zPz9D4_dD~tbJ^i1Pn}8-VCt(<^~LoJ3CL6n{L3Q^U48#aK)`iw465g{SaeBO4=*n-
zuWru#+SeRO<9E9yz+5{2tObMmx132uT2)_<WE|o>HQ#*icR~)V&jb<cxM)(Xm=Z&u
zP!?J1o}6+g%6Q@*L%oZg5c2#EI%Sdcvh-D<^L=#!+nckkO;oU~dK8Zrv|h-Zuo(8J
zpe4Pn)O@EYx_RcR#F!^B%~)SpPVI+d{{+I_08<d}!KkE4*V9qJdKn2QD#q!u6if(t
zLS0C|CNzOcInK+HqxBuYb>CE>>GR;lfo&SQR$b>AZa+%gW!U={8GzK6@OXHM&x@=f
zeYV;anH<F))e)sNY8UU@xX~VI`;L7-Lk{avc_&HRTPHz|L$7o55?U!QvKu7(Utna+
ziCHqql-Ie*R9xxwlykZQ1$B8=wMF4q-q7BTf06&a3+re=mq~r0x@!zTeN(kK>GTZg
zuNJiI{evEg|BW8r1cEYb%T-&^9n(As`(}3ib-(aoV#4BX!l5xw3UVX=9*c|(Q8&|6
z-8fTVUh8E*2+29qC|wI7=0C%(_bnGaB0SEEbXd+dZ^1z))_mxm<meYC_aEx$9b6SJ
z&*<+NHC@fQYnp<T`ts?lRURd4G|JfhpX*%JYNm%Pj!D_xA$wD*#Zi_+LWXI{pPlPV
zS^cNDc2lmR=n6Y2mq0E8QH5R+vzapF(q7Ui79MVs4OrZAAQUCE)eH^rnt3f7mz*{D
zP^@mZtGWoQ$#)vWx+JN^t$oOrFKb?i81qZz$U}d=7^0TaR*$@<dKs@=7^p%s@)lSO
z_Rn9^WKnw!ONyv(-6Yp%@D685()?@keNU_#s*>4>5M15rc<qJCW0P?2Pwgb2=?QJS
zi-18IOo`#wmYuD$`Wf38QBdoc?mN1eHxU!u&76y7qVi_o#~mFV{p+U^a3xG1v&Y!9
zFc>Uzv2QlvmWBuPWSdE=Td%w-6!o6x&tAp2mJHS@gx*JmeDoUP8Ya>R(Uojnu(g!+
zSL8cY-qqgBGEo>Dv9v6)By4ABu2|meQZ!KbL^U6|G@EieK$qz5qtKcpZ7Hjl{D0EN
zEoC$=^Vjs}U8AjbBNR3^i&hg`J5_0D0=%ApI;I5lWxwj4FD^p?qrds#?<S#zgdAzK
zZ(eYVxI{_WR+W$SpiDBsJ|NmFc+1nYcc73m$UR}7p>Nd@lbi9xBE-Z~5cP8(g%-4)
zl3R2Q_1gDI0BNA?l761td7ACT1!`r4r!6`=&dfD2q3?dZ(>{}`%7WZrtE0&UNp_=p
zM2~6b)6(P6%A$UNKwo4IjHSM{5J-g4dJF6f8SJP!j7aCjyhKinvOoF-v$Q1JIV6<%
z>Mcm^rS%^;-wQM%EV|CWfAT>uyI1s%zBH?s<6%A1s>qr&mxq@Rw>QJNKbj>Ka+vM!
z@$m~eI1om<Hb(GmyQBTV)kA08R%x`?YH=pSX?C7+vIeM}yCqm|JHM-Ht>iXLxt>bK
zwr1A6HsK9juUI8LN`r&RM<{6}$pnq)?a`PulH6YF=s?Uiq<vzIy}P|>P+-cR8oYzi
zaKVm3bDy1M5^r59fbOO)2-UjqemKYc#mD|@MufDYleo`BEOubSNYRUg9Om=Nl<dhG
z)rv1$acJH39C6=u?clT~m9m^bKZ?GZPTfwXdeOOr^kKpvfEc=}-QukOJtq4>Nn+`}
z$rB$>c$y7}YFo;z_$n96PNZhpQ8hlHdeH-jsl2z$(p}5D$yfbou5gXRxU<{nZmK8e
zFPA0I3}1R+A?F2gjsJM#KUx6Hu~)k!`QOj1lsf@QCH2u!YVY~wG~5!Pl3NKG74Vd{
zSNN*I*Owvz>My1W894EJKRAHRYlwk=wk_#h8AR5}+g^4nR@lDtn?s-wz)KSaM;yZ9
zgbj+U@b_zZJ}Ec29C>hpx=t!k*ZGG1Dzg0E<Zr{d2|%)Foi}hPjjzA&-4+*cRt{5v
zqwigI_hRf_U!xif>HG8eCFJsT8oyhOBRJP@v>WRrm*(95w(ddStnXpCSi}?N?Iz3Z
z&E@Ody_>%f-;PtSq%S>M)md0^y#NRqDj8UFa_31o*O{h8Lyq;XM$4vVWNmXNvROa#
zh8gMW^RxiN+a|axvI9e|wS{45!&lnY49%hVlrq{nTN3^=YlGQ1Or5-iWQ&K3MkQHQ
z)~i-xGII<PW1#MpnFH;2VnH!y{PaJP!hTIIee;#(n$ZlAlkzU1G_M@`W*<Y7H&@Tu
zPbOL5YrH9SpF)#6WmvqBOFQN5Zt7w6)ZS*l+2Y~zNdv$f;|0}l!j8$up$FiolUU6~
z(}#hpyVY?b<|H#|`bJ~;b+xk0QQ5l(`}?VNL97~k#`4{yUoI%On(bkn)vNm%SxtXZ
zH$e?TKG6~XhHxCH`4Ekrc~n|`lyuk;R>`}rGp#&i8$7w-JD<rM4Z4%@#8k4Mef(Xp
zmF&%{6DJR$zTbFvy(SFP&aQ06&y77_Z07p<A$z{%Cni3$df$)kN&Ft-uO@<j^<m@G
zZiIl&<^E3|k!R=HN8CT9AZR5kl4aL(*e_hVBs->;H}iC3PA7zHZsOt2(rp8px5lRD
zaj+%>(PsSxdopN?lra0>pskebQ-i7+_UP;p#EXZ4r;}wie`B^}_uR~YXt!NM$-FOR
z*4uvl-G5o+Tk+ew^+h%-Z@uBd4^-!;A<hXpRWymuvz=RQ=_Hn7<>uC`+eD;oc*Z<_
z^T3_6&X~?mCV{06Fg~{i5whKw;HRAA6^f?ULzjzH;cj5)D(((o2b!<6rHB~e;w3(>
z-^y)*>U$TuyrI!vZ7+YwLjj?@$oL12x(qp52g()KKX*G-s}|l%rRDKH$Gl%bhI2w$
zrEe5qLeET=CtMgNg@so&>k9@ijo<Ja1^%0gUn%eV{BSo=$-X;R{g_-(w9Oyts0lU<
zsp#9L)dc6Nc&p3s71@1B(3>L~AD9=7A${Ykww4{$`JrN7Z&tfVrf@5azo;7!KSAsD
zl+*|33fn(CCF#~?zqo{}F3<L!sd$3QAo)^z8_~TCWf9Me(e`hz^uX>oWfKh;^iF}g
zleXGUILrSAaHBy6{cBaSeO;-2uhm0fds}PvdblfDrLNRzDn;rS#6dyzF>i|hn&%Dp
zS7w%sY{-02Z*tOLnr5%QQ=9S`H+9+;0}9B@2%!Si<pVb-y0^Ynj!-?NZ{HPQ_(*Ro
z2Z8A+g7<pXGuaIlrFQwT<*Ovq^hvMRpr%{3(cRji@af(AF5NXuNjg4tqlY&&VNm`s
z5Sjg-a}7i8<jm+l6cE<aSg`F1vSE9bUN*e-Vay(qpGO%)l=Vt0hnb3l-{iJdxX!+V
zK9zCSeH$;f=@uvA_|fC`NL9x9;OgPdjaS4+z;o0Yxhl|Ox`Se^iPTiAwk%to^`kbP
z4_!G9P4YYUZewQ%o}aq9zyGCRlF#w>Z&NDeG?sXl0WHq~n*u&_$HMc|GY2cUbGkb?
zvtg5eM|tJ{z;TD!FFI_x51-U5Vs0@n3_r^x(0X!a>%t2J!J&Zr+wv#E%NnCyTzto;
z!DDU@@rY(vSK-0B1UkARopL58h~90LXsNM)?QAX$_{SoK%I~0b#j7z!8g+@^*z^W1
zYgGPn;)zHyJQ+r@8lS)i{YN#s*H=l8qJ{U+fv8jIxr#)d7kk(Y#<+&!>(KF|gBn@n
zpoYb-yg{i=ub!Rs&&;?VvH`N@GNjx5dk<5_D=W1U4E!WxcuT-Q2S|_l8hlYT_@^rH
zU_Ie2(@>|x)b_B>%es+(l_lHxo)z{A=W&0mJ+@=~Tt$tB=@k`&<y~JQTW5Vhfc6O}
zxgv%eN*DFJ<R-*RbNC<Y4pVZWh9*F2f8R4Ce4?NRE>2oxq<XcyI0`H79c8R9*vC{X
zdqOj%0txpRzUtE3-QD#o2(q|v+U%S?Nj9+FZQI=pL%;sR#ynyzY&0-}_Qf{ghfx0R
zGA)P7hc62FR#UnQiOU>pvHCOdENKPDp)J*mvXhN*UMF54c|mkVP!<)}Rh0L6{;n0F
zi50fBR$lmUXz4ZS;PcM{HpSK<?qi;{y5*gD<Puv}&6kI6aM`xrL6BdsD3GpTIchP3
z9#JRBSjYG{nhgMTQT+4?JuIyuSHeUnsAtts6N7YsP}*YMew7sf&JI|d(B>JVH3BMh
zabZofv!_5+qjV{bP!#;e-DL7IbJ|F1TWp<#ut264C#YIU>mFYIwb;#4=J?&ybJpg#
zH7hq-VR{5RxiHVrCavww$g68b*=|WP9`X{RVJ6@4GC%)|qTO|U^_}c`_xjPq1l7uk
zU-ePCPqT16m}aSX)Odsp&Y}vIY<>;??n)6I+9bu|LM(q0lX!`_-j9WAfU$Nly^H8V
z{LB@$>(Kw$Ef~tEOStLxjTf9Tl|cjTs+#&)P*qRIQEt_mgjx5#lbxrt9vVBF{^M9T
zFsl2~IgPrV*=r%=sRtxydb3G4({6y^3J$EYP<jbfRdDij{XThSm$Ai~?*SPbEkP@5
zi-=H8!O<gR7HG_TYxt(S+7bx>q7$jPd(bzvCj@8K%=22@DX+;dO*GCoJsP@E;`z@$
z$Q?s-mR7$;(MZmP_W+ZK{jTACF0I0sX|z=DZqXg1rqMtIoL(CLNcMn>MUy~;_L|!g
zywr4}zcZtyY!TCpf;5`aUF(F9kNheRT>f4O5ku#?@$&(f&I(JG*&$V9l=vHQ?4!ox
z46@eGy1OSmn3)fToiX=Phb<OoYNo<~bHloTd;TT{gl?qR=(r6cYirB3k{}?Dt%Mvs
z(BjMR#xM-8rz%?Y?~FE#2IdPi-_g(6eGg)tq}7JW5peoD&0Mux6n~iZ43%Z0A>jfP
zCis&f31az?i4_}4&$7!sQz|`eUi{<cKb~kSxc^3zc}ID!Qa@wJXR|qcM>g`ukFy_V
zTc3r!XnxK9Cbw>8KWjEYr49~tZTZ{my5ml0;MCZG^h~1vDW^znFO*Jndr`tcZ@xlv
z{VHvYUd`T|dlES|H|9^b_GrZ{#c!lVGUL?;Pxtes%?U2eB@31Yx`u@A%WYrJ{Iy^i
zCPR24)mt7tB3xhz;uy0%Ayc}#_jBf7U`b@Y=VV;M|9nf3|5of5_SkYEM25zDzG5g_
zhc*jZoSb!IS^`7M+{Y74yAt_Y&knc`&h3o*FH~*mDmP}(C{u^tDXPwH^67;GDWQtV
zR_8F(NR@p8Rx%BxBXWzhn{UBMdJgC*_m|msdjldwOlbTJ>dR;<%ygR-7AA2t-ek6)
zTvzO~aoKsO4fo-$=HOvJ08jf<?#QQz8>~oe7>C{AxMf|FyjTX<Q`SDS{LJ&o1QjsY
zDZc@5qbgto0m^lk5FYCx7i^d8)YbCoYg+dTG2mdx2t-(448piO2TVIHcl2uCRCpm*
ze1uj_XG2B~ohN!jQ-;k3F-kRJ1C@&$5>dC8>Kg6%zdzUR&Av7Z9Ar?ltN-TyAGiZk
zWSJLLgS8GwjLjBMY}r=Md}>_E>Z`Wp>H`kMsi8QXBKvy%I3Z+&u>GI{sC2A##{|Er
zBrs&hbmu&(d0X#j)}MncE{Anx>*k=p=<chJ`UuIQj5;~u9ebUFp#udoPs5a71m>vC
zYoNM{-Yyy(+GR_{MLLWw^(M*M7x{~LJXxM2;M=TuMN?ctvVVx!8Oqi_p72so+AK>#
z%YC>J`dWuL27pZ12Wp6(-f4w5sHn;8t38W($!>|WcqBpl#c-GQ8zQ0ZOaI2VpY5TW
zgcnf$P4o<NT6y*q-GvJax6_9&gM!Z8GnXQan{IG$+$STSE>fTT;LXW*ll?#?_C&>t
z-qvh*?g{=B<X--yZ_kVU%5At6bMGo~071ioo>9Ag(bq4-9Od1tYP?U_%Ql*|(0Rb?
z7L%)AoHgO0vAZ(xN#S{&%({1gae_VZ#M?OGdR-RD@<7biTvy9_oRnk9;$HfYNou~h
zRHm0AS+OIP#|;wtCBbJ_uGq2fM35{m(HM6{tjV*>XVX#7BOkzt=`KJ!W@C7-04OP3
z{1kko)pRXfo{VQa_{>Ac?aeOAnTI}bXU|G+`+7?Ef+VMSz1az<Q2JXG@WUI;vMcph
zq;_GWE6f|S1EY~{^K40}Jm%3=8S$WCzVTVbfoXBavMWNlG82_Vn5~}08FM`J+-kVf
zU*uBVwt_UrS8_*1cRu?X$}|Kq5p{IV2C4q@lO9z-s!7L?3rcBn_oZ>`C$(KaHow*(
zS6~wNZ|wM%^3L5c31cjd1NZP^25hC`^-wG_#s(|UI&|ttdu5FtWUR?i1|TVwN)3hS
zoyzA-_A}xu5WCy6x2=OsxoL*B9cysmxZ)0UQQU1e<*_n2J7@aJ_3qLNn&X}nGw}dc
z0(bwBPXd{BbMmerJIRKhbNtbMc<op7cjc${DvCi*Izyv_y5sf!)gYtelck_o!GnEk
zJ6Il2de(38T)m4q;(X<L>8;*Pwp!Cow#k&`li0n@ip{JeIf2Jr7p{%zHT}^3+^k54
z1!Y5qucKey?JgphlN7@>R6$EQc7u_<1?jIrDUyE1_s=d|uPQsV+}4?7{E*P4H66cl
zGS+@YcMlU1ggTV*lMz4KF1ZR4^?!NC`RMg2QWOBsS!J`#EX@>6V!L&#VL4G6tlpNm
z-RHT)X+=yuvRi5HyFr90rvSx_@gw;IkHjEUpfo~;@94)2{QDSjVCAAjEC{Y|yY0Ip
znJQcXF|Kxj*+WkwMdG?-+5Sx)U};vO7szG3WW5x;G?1TRHxWaqb(36N4(T4|@2(bm
z?KDz(SLl2=cl0b?s{qecQ4TtIeannrwBjXZ!{=8)>Y~1=#S(Bp<W$Hk*}X8gBd3Pq
zr0J<#e{$WgDedmJfP3EMU$a5XS;qKdJH+}N>jm&GN^)fG;Wm@}kzCq&r6RI0+Lt<j
zz^PpY8+8{Re38ueV8H7R75yM{D@WXW;cEZx^Tj12ArF9bY;wNrB>w_=hwxup`UBb}
zO^F<}t9)Ycdvp{cFmsJ$3dQ4%jNA*L6=$mfz9-&~?d)Gi4s<#C_ux3qx4j$sTzu~)
z9X3MJ>ozU;pUyl0z~MXdXY>PLU|!Q<H>UBN>hYq{5$tvBw{G214!b2GVSKO)FZP$Q
zjbM5u6_Mr^+0h?=Om|J?^;IN!?%Ke>New!mJn~KDuFV79B$yg11N|r<EUf$DtdEK7
zY-_?+#v{qezE4W?-8mViIRE~hg(`J2(6W)lWdJ7hkc|3_0-fHY9oL`6zw4;wx(uF$
zoq)E<kYsK9)~Nc6{V>@5)`u0|>yILm%?u4=x0c#XoFK-!Gi@n6pwWVm@~qz=_$olo
z(51416%bwsP@reX+pqs%ISBtNjulK%FjV2%{Nn={xZ8%O&(3jzKAcJeI=h%1X0J;q
z(3(=oT{p^obwoXsSvDqjk<C5g7ZH^9Re($c`GM6lV$y!`4~Eg@HxZOK)kzIalBnk1
z8PZV**q^4~o$3s`5J*k6Wz$)iq?-dZ>&Z1@PrZ)}mus71E+UgzQ@bvg!RL(utgcz_
z8S)P-lqew5#sYR*_84fdR}Q4W)4?1mkIePxX(Y)+N6g;rFNUEk>J*iLbPs606%Lv&
ziYxTGN&gy6Q&=AvHH+W`6rYb%BAGBhVsni_|JxMO9)~`D{8-R=>^v9fC+<(^R*RDj
z%=aU(m5Dn1d?rO&I<y+aAv-cOA)rf{@&uif7a2c;wB2VS0}~N9z*D)5w~kIqo>x-)
zUG>el%QmK0<;iT@llz=W@-o-3pF0XfI45`MAyCtg1!j@bRbKUyGg;SfBYhc&ty+yq
zk_Bpsx9`O8nJi@4M-1jsfoC?lCj#5}uW~xDaAThTi5X}`{cDi9azU5P%N%uzZ=-nQ
zikmVYtTxAs<V;FO+z)|9oj%7RusjG3YI4`P;VQ3hi?jLT$$s3b85#wR{ci9ylU{z;
z^$7*9;fNt?^<&4O%IT9Q$tx=l3<-u;_z%t{HnI)@5YM!zCAUJ1AQBiGV)zoQ8p1z2
zvDTNnTx1g#ewrwbR4KA<c8W3Hn?|L;W?JUSO%^e;eT;sD1wOQjLW9>RUj*p**GJ3l
zH%Q)65$X-Ez_bTNg7^3{nLKT>OdgpA1oaJ{7RV}yGi~N_BLRMyCr_SK0&Nh;)9%FD
z4BA4)Z-a)XN_8*7666fEw8Bj*-5-EGjd)@L6xy8Hx<f!K)R@O7f|Wpvimj!7Ga6Qz
zsZRwM%3Lr{%_agwaw3fC4EW@};MAj*Cithy7yo4m$+UQ__NBFjfzpI1J`*UIer_Nz
zzV`EEZV+hU35k{Q*_e4p5A{~&*3Y!szIpQ|YyhQWwOm=sQqZ1jbSBHJD%7E`5DLWW
zS3afuKfVsr8ufVs-Mbd{tE-{qCY3vL>|n8m=bKeERJg&VWhi=sP~8GIZpcIJhVD_*
z@mj_AWCisGvxde1r8Ir|dOy(mSGUj}l(NI3KCGU7S0lE+d^;xb9MA{?RTwwn{9J*W
zB0_J0;3udUG>H&O6AsiUH72xZCy=YWyLk-QBt|->SKdkO0{wx--aT$kO(spUkmh*)
zT8DO~vw%<(dKB+=HDcdrb*Ri}dud?BT?(Kd@G(3Ri_{n~<;mM=OsIK(FDmOA*+*zG
zDsHY2%3v4VD9k0o;u0kjehL=a?r*Yt`1eSyd(wCljq)B;;nFl&CkV@MWbxNU9B$6$
zUseif(I9dJtP9BA5?*p)fyVlUkb)8i_MP5bc5nsg0HR;)GklqA46R9h_N;Dn#X=Kk
zW55?D2#ax<tZ&lfiK(iF*1gbdC~iAwW9r@4-YDV-0(QvGh`HiG^+^3$_;0b%sIz?d
zWK#R=CL3^2ersyjew<wD%d64F6~xSoImn6i|D27#2Limz67KUn<P6|l+dV73jO)Wo
za7XDA8Fzg8$l;*Ml2<wLvmcuIMiYTRl+VU)y7umf@rC&7yd$&X1y3^ml^adNE|_EA
zWQ?D-Pfpu{dn|Q5kGS*Pt{N##oVz*VNl=zu+__BwNpW`l`^e+|8va+kPNzey{ob=r
zMUQq}F&AfQuC8T+f;(YHLOijBLNIV!*GSl_a<FaHQ5M5VdfyI2L|M<W>p|N8BO)61
z-$X>SjfY#_!2i35=s*7v5d~rw?df8ox%+0onjY`kHXm8<Zd=IExvUiHy1fn1J`=8A
z`}2r>=}ku10g!AEZ~SpROeAMIHLO09{c7rjbX^Jdo~25T#DD39w*1x${d;wD@ic-|
zA>B_I0`xV1KD?FX`^x0{7#*Pf)RJy<+@WN4AK2=xJV_dAqLi!_kXxz1r0@P!AEwX*
zQVG+&)1VCVy>H`pN=7NJZhL7q20fVEKJhm+)qhYBxY^xi2VmKXytnDgplS)Wy0R?j
zH*k+~wkVpBX%Mg$<T&x)--k{ddE1xA{es`t*0i%tqlo|7(zGA#d!4k)9DIz*9J0Xe
z^LY|xin3{m6br+yeNol^B+u@qVP%!3Msj_fYli8W6an4pKE$}@-eeTbMg4tK8#fd$
zLecT%LdeKz40d_;Z-M8O{&ZKB$N$mZ-vXmBz1-oK73y&j@t+VeIP$e$RClWb`632{
zaCCN0xMvbc$=TVr9|I5G3aEx*We&f+=sGY;y1hwBMNJd)A5E)g86UCct?e$_)S`g&
z;%$%pzd(e@1xS0lXBq|(w9!F9$L2dTP)mcDw&k0c<519?Dg4DbRus6PG8Z6sT<1F!
zfMJ01-x<CEiY-0;@|}2ry>OQ4_PwnQducyUR9!Hw&(h*Dh5hlg`?dD#UkcFL-6Zr^
zv%f#`P|deh{LAE-iU%xZTE6sc{H6k8R^cjO0u#1Dl&9fSs$$D_ws~NbNX<Um$TpAu
z$24K@J#n{{4c5yI+j$A-@lFWnsQ!)JEylrhe&W=wiJm+0fu2OA^ElR$X~Zc_-zM!*
z^g{N9&i#m+a3|2m=N_OQ_&9YH(o;}@5Fn@Qay5AoE>(!YkPnEcTMXAhTuW;<`CU?z
zb2~Q9b$Ww6!);j-L(lUe`N26Z-SSMU=42hR<2HD(Yr+>MepmbIT2qX4u&=ep^!7)u
z*x7>FZJ@)j(b<830R&*%BG$3D&3$}Ny!f7#i%6j0v*(RZ#5<=jDKYUlvd|rVX~(dN
zNMBFLog_+sR6C`^u7M~pEK&k|@qNVWeN*Xz2zw{5#>j&Arn+uxYoC!DJ1<I$fLN9r
z1W^<H_LhANylcM~Xb;>!N0RmPVu8C6>Rt9Mn`1sjDrLQ7Fk!z`q>7fV(JET4x=zBa
zl5mKAlog-q4SA(kOCPN`FBI*!ick8HMkIGyhvNK#1$GF8xsg>@+^iq2&CTgxEg-S8
zdou3>vu|@`b`4^v{CXZ^z=iz8YBS=_RinUpYM^>bQmYAL3G<b7e^`)fEHS!N6_ECq
z3Rg;xZT11{RrA)QU7Z;<)>Y$sA#Ir<oMv})>y;yW%<!v9qk}aj_KKs6mR^h$5HIe;
zqYL)VuVDZlP1W^ER{jan^ke%%IOx#z^<>%hGD*RAX9bqzNn{ZVc*3R{Z;CH*d!U`J
z!soRz^iDlNv<d6uHdRn_;L5$Y@*Z?piQqAKN%aIDFVboD?p8|i>7beuP@bCDn?B~Z
z*y2(eF6XNQmDKsk;HG@mvRM1*obE`mkvyjSM2|=FPZ$IPd)U^?5|LRA3U28Q&EHg1
z(_4)47MMm+hm~xd-)Y}DCWzf`^(mfQ{qd5fvnz8{`_vn#JLzYF*kLs6jSLF>FNyrY
zQJ2rNk!gmF8yxqhZ#g4ozaoNRUtR{dZmm)Ds%ls64Q^OO4{X@He(&77y}GX)(z(gK
zq}^efLxfUg2yV|pOm6GUv?k8EOQ$T5G#7;<&xSpJ?zcq0I#iMOM9<!8sZeIS^HG7@
z?nE2fJC0hzu~SvRnBqg`_G7{|lF(4835tg_L)x%iPM?XX5c<yOhkRHgRynh4&daN(
zH@sr%G+fEGsE@oZ#1SIgwmox~GPiP@(eex0PxpLY3N^a|{EbH7{A{245Fzg1P_AE0
zR``xS^CMF3dWKVi!T3J+#)Iz4nSnC=Xv0eiv!o^k4DtapS(Bwt9C)rrU578(fxpVB
z1;YQQA=SGj_fqq(#l>6L)Yjg)5Oo86mQ_Z#3^AInDd`x^6Ud9euBVH8jnx(iy3MGG
z`)<9|VbG+6RO@PiuFCwVf<5*;ljlvK@9t!lO;oGNiP}*Lh%_lm#H6RcGf?HpGb-I<
zTyLm-*#wtK`<R;@`9A8!<_o2mw0m)4-Ms3J)1T^7{+ZP{+^vf1S7LS05|YW&`%I5$
z23kA5{gqK!9Suo?nCYR4&W%;VVg$b>hjIj4mQQFh-hLwU-~mull@#vCJG>%tQM*qL
zn<F2{dH7QuU+G~cm}69Wfm7qrK-S#{cS-K<&nA{uGe_?X&i6-dEh&a&`jvR>{anXa
z%dQTj$E=WAmP}Zux&5!P8X#`1gW8{rmTI_WoQ!G`M-tW9;k}&~Y}!Jv=J~iO3gi`3
zl#)0cnH>*FO)&9-B@f0<bX(>C-L{&v&|t&kVYPi?-GPRfld0GakWxjTneB$?s{ODV
zUVy0Yl2^xhl8`@@w?h3;w?glSKt|tJveGMg2gHC$V+N7(;O;4<8p@FUp_T}A{ZDPW
zGLzeWDrq}?XUfZ(2M;<t`lO`^MxV5&r~8?%ThDwx7&eZJYg%gSB{BP*i=2J38Q1yL
z4}&rr6q9`YvjdkIdhs}v#`90~yC1##wey2eqt<I3NaJi>+pGtvF^PIYx}~;*_ni(%
zi1PdZZWB@EOnH%D8fI!QeCMlspeyx0aXWI0n@I??b2P&6JH$z7PN%w#Ts?LG(k7xy
z`?kSqERu#`c7ts@&YXIqly^FhO$iT8$57oQ#Z41i9usdFt?*^_U+ZGxPn0%_X-RN0
zb0vo6CQ7@1M08y*$eMi7Ks$;MCa`H9WC~L+^ZF!1Y(fdH;bt=S54Wp#*Wfl&%e1oZ
zUbFU!hW(OTwOr(I%SEN-=;q-raY0*|4l}K#7`t+k`n`~f%oFia*6%Inn=in48aPX@
zCWJ@P9Jo7n*4kc%@LWnmk@h^7sp(u9A1-vW`ku}?%o1f+j&E_{2eY31^m`8am|LvY
z@OJ`_-tY-#!X>`lcwJ&iGS%=f4yk%NbF3d?SD{v2f$JPe@oG{NN$94cJMBLFae%UC
ze;fYu!deGGp&L6pMr9ZGV=0|W*8eas?sJQ=OtDsbgmy+dJi_o4t%p|j-8aUeqaod%
znxmB|<~eI0CN}_tr}xmM+Cl%9*y<%L=Hl={2WC*3@Tp3sIBY#+(V+3?IMU-meGEVH
z^t{-k7t|aaF*=-@N{jdPn0vQEA<J(TZvWC+r8qK35hTY;)>=J@-I%Ibv`?91@b=xB
z;{!cHqd{}G#tyWqe_qGX;r8IF%D2~tk)WA6@X?p?9iahPhI)_A9Sfwyf@T3XljIjO
ziAktr|J78xjR5r3^xd4AM2HY)m@8Jr>N8)?L#yef4;PsqULC0^zBvTz{!o)QrgRUs
zG@Xa!5&j5A5f>*;Etb@;T9Kt!I{}{aY^2SOOWMAZEWO$kSrg=6Z2jE96w_2`g=1}t
z(DOZ)Y-LTBUM)jFn-eiLlfcVLvuqx4B`l0;?DW|8XuOW`#wT`Ch)JJ`A6Y^c+LOEl
z%e^SwMh+}!r{^|DPGg(0oMWL+v=E~RZJ`I}sAVrk2beQY0U3j2Q1zw!A~UXW%Q}#g
zd29ZPu>s!76L0Fazg9+jpjRATYO9TRsoH12oy2~$%ZIDw80WmQt;b1MrFmss4iyEo
z;rpJAZ^f|IEtej&QjKg@zfx26?&GgjV)hBRI}i%L?JZ?-*ENIwGT76>(ICh^I>lmV
zs|zlnCGI`Mw8{8GD5f-b70a|39Btnqd3a_qRfLB=2c{D|pN*ffCt;a6dp2(n^Ne9j
zqdGH4$AE-jn!Ovt1H!IA(Nd_w@-Se@@Q{_ZtEOQ!SfK6byMZN5?mZ9>7>%(hkq|J*
ze`q_3OEoq49MxuwiFkwJH%5IVBpKs9y8~<Giqjshj!45san<eF^_}WH$JV@R?FVNN
zR$qhi$5}{So&D(g_f#|3WT3YdbQm-DhPNE1ciBkXZ*FRCe7~bYPkK>51L5awl}8<;
zR(eV`k-Cz}@WbDzPAGFFQ0=Z#rmU@`W#Y{0OhcWSZBr>8pu_WRd%2q}{KzhL-^HMP
zt7B%Ir|I3MHnS}80h?vgQ{Uvj=^mRa+gcn@!B>_vSALuK`<ZrXp<=#890;t1n0UMc
zr*~6cf*5<r9a#5_n}&xm<q5?$?PeuweIc@@s-r1J`+L|NoQ`&9*^zZG$GR?CFAF;v
zP?Z3oD9DT#vmI8T#%XJBT}br3TsAC;kr=QV^^x$?aLatEl|QcJC+<b^<*GAKt>zcM
zyOGdexCC>5xn4+po$sfAk>z(`<S^=>V`otM=0fognrimI#|B$`f+YyWdR`A=xqVIh
zhFa*u3XjE@c;$j*CRty@6w!o&<xS5-!?xl;zfBYNF&Moix%mEwX}p#W3OF_2YwV5h
z1ff<k)729iRUvc{tD=q(pC<2<y1WRBB2l2c2Q<(#f&E-Nv@ToE(jLVBn!sk3TSd~X
zOB!Z{_b;$1%?bNO;?5g6H)nGexdLUSnRDjNu^*~)O_Feg7Wvc+2%YriKxiJL-db8@
zr-vq`zRlEttig0GE=7vYEwL?1JjcqLw^%&%mT&}*R{&M(CSWzuDoOfJw9_L><^?5U
zRIuLTxx#sLGGo(?5~F9Hr|D%BhIjQg(>HCsx~axkNnpLH32$RZ@h77=L}Z;yIz2Kh
z3oJHFon_nx27?SxxSP}cv#vSQ%81*iUYRcTJWjrJhYP5vhS*~f{DUON{*Ok2UiS^p
z{~$n-OOC8_M)>b%cMA@al0P}8w<L)Rm=b(nHEFKm<wd=|dmEL_x#@flK<MJDwwTeT
z@<2y5LO6HZsT@w+yhnT+H#PkT%?@{lUQ8^q4(n|D(HtGhGF12X!X~=L9qAeQl9;Qs
zUZh>))2HUL9XH%^*5hv1Sr4j<jUV>yF6WjV;-8=wcS?~Xp%?dgt9?i&=Xm(!Ynvm+
zjxH3FyT$=>A+(@R4{y7T2cXO6(dIQ2*7NzmifjPg&2m*A5CcHxOSCG=$yzi`)X}&Z
z#7$G(Ys8-CQH-qu>4pAx?g{BF=BdY-cR0rg(bS^&a(V~XSpm=Q+R6tu;e*bvsy2v;
zbXUoYbBV3-u#Q0eE=OKfc7K9OtR)amVGhVz3xGB5-4i7%rQSy||58fzNrBwTliU$2
z1pw#WE?1v<K`D;F#M|7C2`~6i^BcF^`f}C1xU_!i6|Xwh+OL)ON66ge@anFR&VUoM
z*K3Mq;&lug?*44bX3IuC9G=AsVS#1TJ2WU@S=!r+VE)K+*b}U+h0oqLOy^Cn1Vt&z
zl%;7IBmVOcWDO8XO&odgHic)t1Ad8gJ72pRhdt0>cS9cJzAAG6tX7Ob{u}@%P-H_u
zj($}x;y5(s<meF*7jg(+fD43Z0dWp$k|lE=eLHL%MAY!qhq6S=ApIJFnR^i(pcca$
zS7JYSC%Gv`J%-=x#^!9>n~wdF%VnqKOwW1ene0DTW03rMv;M1i4x7saThUGib4P}1
zX1(k7nS-+-SZ(avu3T2`SCMQUQWNBU9xE+e74GASiF=df)JAlXxth|8m)@>(7*2AH
zi9GB&>$9}ZIn|OS+a>s#RWf<8veOuU5N&`zo-PIsHE?|C3WdYo0p|yZqAIXBV3DM<
zEt}D=QgsPlf~UF_bxF0AZ3*zN_iF8fT-zyls<$3B6QlEHhA;@`t%V<MvDAOdpkw59
zo8j4_bJIe|dC0IgLMjiH+xb(-r*w;P#yK}$Z&gyH3flJh;#8wU|1_&er*X4y^u4xn
z>rsD4bKQC>3P_a<=?}*ClL83CpLDI|NzRnL9zf&Gt{ia>IF>i(yWfi79N>C=8Ay_+
z>ps!LJbT@{K;+njU9J5r&^AlcRK%>NEXOf*AjiDj96O16f==G%m}yf@qL6S$5fb5Z
zfHr8k>26YEjJq||@j{w11jU)sI*ti4$QY?(SIoz{E)U3RV^j>sz7v=UF0_Q9j4n6A
zjALz%Tgu-N(r}gv;tpMwIf2iu0K@u#>Wo4uZLa7getngzrArPp27%({)*37@Ggp6u
ze0|LkZ!z9y)3&d^XSR-YXYKq2OIF+uEl^HsDv(T`Ues9eho~%+%&Utq_U64VtOUMe
zbP?hiU$D62o|aLu>#Ls~=0uAJ^TohiS0b_0F{ys!H@mG`xy8T^9FK6;z&_rmzNNIi
z0p^4B-7fMV0!Z(CG<7L=?J~LNklZ=%=O-zf%?S0Y6p&#|7|dTSTd#m$-0gG%J5_4O
zC}_DFVIDZl)0wUjt&^dtFx_)2y7aW1!x?YBWJ$ft__&2_GnE)WRXfqY5*(Y&$X9jK
zv}#A?IOn+a=?=O<_$60^u)*M*NU)C2GD)lAy`zor>F)aR-T8Cd?^4tG-@T8@+Pl1F
zcWFSGnx4-wSp+e2a##BlxL4t>QxT!nFLGQG8ca7t$GS7o*;R&y!>Per;e4a{9(e;y
zvw@!qnf5%wbZYuYc%7i8Y+mxIu;ad+2s}JPw>hr8-t<Me#-xHEuE~NRgSyMidRMaF
zX1TQ|aus>62<Iq=B8JO~3To^_1BXeG4u-{FT=1P5Ho+qiHFAb>Kd2pjxb4kd-JDmq
zff%SYo#&eX;9=iGx4HY+f9Kz?8X^w+a%~d*h$U|s26RLbhL+pQthh2r_T(?g-#<wy
z_K_ujkAw6MQ)08b!rPPBN2;8PT{QN`zP<=DcsBt<2W--$SB&PHUB7sL+iP&Ep$WLT
zl}`xfe9?`TrzN}TB6d#Mc2p*?1qwemH4rlLupiV4kPT>ga36v&%(S5rcXh7GH6uKq
z#Ez`PZNA1QEp~j{>`0rT)M#s`OzCo9E2yTsyjS_}m0E@fRQy-ORK|P^X4{^R`uc{|
zoZMLHsc%_yWDTpA?>0P%q{;$&=m;#}t+(2Fk_540L7;&uUx~5jHQ+yl=~?2MYs?;S
z8`xjNbP0x5c?Ce~NM0hd)jpg#AAvXPk#dkM3@??6xcw<k-Ck~|$MxYTOZ~JfolJO`
zy|7@h+I-{zwfCu6AE?Ztpd2tLZqc_Uy}MIAn8nUZE18_*m1~6CI@mM12%CQr=iBR$
z{M~Y05TUYsKTkbQR)Z<}vGf4w;s#$CCXDvxpv_SW9to-+6}$X$)}gZ_EsnS?RK7Gf
zGQHVguRI33Z=qLh9|Kd1*?UmTWP7GmDzysVyRG1ncz(^b_spNfzr26^j*AFLJnenD
zVv0ycoD1p$NwoYgEOnfGTH^_99DART&0=;v*_%bc)fD%fdOzuLg9mhyFcjNg+s70+
zHlMzj-<WX7&ZT!?<|C{SUV*j13&!2Hd#|V40dHZe4%UcaQ;ui?c}`fz9EC<P*RGJT
zc8&!P*MqVrKHC8z_MNmQVokK!Nk$<3{D|E=lAikV1B=v?GnF;unygmj{cQ9lw*=p|
zBysjd98r6FuY8#IRMrW1U~$IT_XJ}oAZ9o-%$*B~I|^=#KBZsh2D(*Yt8J3(j+JLG
zM9iM@QRq%#vlVnh?oRXz!il$w5vyXFA4GJtkoUl;N7};d4;LIDjmmgdn^F8KWpFo@
zm(-a?BbB-2=jWH%Sr>-;2|b;cOM%{4N2PeaPUhoFq3$$#EK!Yx4W@UK>&1y>O7)X}
z5fYT6Ig+^ipwH{K48@95vwT_FHqz#t4PP#VJ$v=V+LGj%M6DV66C%X`JX+efDk<|D
z;4%-#-Aq?~L}0{}z5J3``S!Q_3L{Ye$?g3~nS8_8)vC6Q(P;uOHuBKPVIh{(efifO
zL<PWm<5IUOAoQ(KK0=%eX7!gJkk7ca$JN|&7njQ0JZ3RBDanGNAfjB)PRdmxPQ7L?
zhHaM=o{x~(hTGhu%({wMxWT1^Zr2MQbjmi$Kd2yLDpuNpP*9q}2R87=@bz`)wk}Sm
zQ5;%czUKB5=mRS6`SY5<J5e`mah%@K0F`#fL?*jJ7JFM5{A#{gfsC}g0=|k<WlO1i
zW`5_usm@@-E=#OMB=9u0BTb$212ZvuZKQZS**@t<TZ)WDY_7>Z+C$|AW7sbA7F&1M
zlBq=OmHzan=DzwOq|0C+J;0Hc3m<su1Y)x>Q04@2{738PVjR*oMK&-;-|t^H@rm32
z4>$22RbeR3;d_egap?2cQCb%0{B#`pjCCfE^{ikXjGWCERsA*}7x`jmbwZcp6Ug{m
zyaA!%oy`bgBSWP}zi;+}=86{@TP+ITnsMyPtN5#Ep33x?tijS{Nd}=3lukAAn%;tN
z$ERLr(7x_X{GFxTt>p^~CC|n)v)-`Zg4wmJPLw(t-yGV{=e%0BbPGbyW2v#T^y3}~
z>h@=Wl;(3K{AoVC16k73zG|<R-6;PH?D?B0;bPS!onnj9OwzlG-;$ohVk@KyA4R`m
zvYwDnKU}w?*og1&QK*%#)SGy-CB6!`*-%~5`zVhDgSOrmtVm<cjm-WI(>i+)md><>
z4PJ5TS0hOx1rYJPvC`nPx1WLoavxf4UT(;>Tj;9ZxMpbm3Ir4?9PrtMo#<xmYUmla
zR+hCQOk3yA&=%9+Xzl=0#SNU67XBKlL#mE=dwtNt2<IJ29gB2K5*&ROqG+ZRTo0~h
zkx4cME$(_rBf9xd#ZY{QwfS~?WqM6&r#VrkO4$mWhl_c@L5@bK78jg|VZOT<zyDI^
z<KS;&INuS-o^gK>_=8}O8feS;=rlwqe-Eg7?HubC;+tO!NuHl?ny!)3Uo~zO851$U
zlXW%QvigfU;0<i`VJs1>UjD0}WEQ`;efIeRbT#b-*7NFQcg?wP{Hv?!Lb9&NwqAWb
zuRe&~QlSF6nnD=|;YiuljYT(eF6jMJFFWGj_hrdyG~moVC9RiV&wIVeJ#c873g^|7
zaU2;G@uu&u#+mja_a2Qu;+XQ-AJ7vr8F)1sde0DznOt87O*AgVWoe^hIx{rL9Wkds
z>2g@16X{#uka=a&r)p$nNXr<SuJ0%(8bs0eKx0!L)Ca3q-%F_WMABKjr9o{EE%t#h
z_`Box0mxSCE&@3kq#7dgb1h@A)5Z>opLr^40Kw88Jt+gUGlKy*5_n6S^604u0<QuT
zyco`$#O9{_@?(M!08jJZoOC)e9B_;R4qgCwj`vSeKxSD_D*{Vh&K=YSDj0;4{$Ln}
zsLlh~O4xS=Q)+KmQ=-D_XkNsK{Z4CMQQ&IZ%6FMr@Eeb>08ufzo4LA2568(|@YOLk
z!cS%SPhpR5_qM#b86=krR1N8PDj(lJf}#QrnhO|tdLi$)&uX<it$XP{Ao=fI3&w)Q
znR3nh$icW4`tR4g5T+=&z1=(m<Qm5wgFo_pxFvPv$k58mNbn$lwmwz|&4>?hK3w40
z$H>n<CJ}bD{Ln<9+<Qu_{FA5C`NWG55Yn!4DNm8c#fuyR(p+p4$H6i<&km;Q!NkXZ
zj$RUSY-D3aK}(B`eR5`c?4k9VptNc&j}wja2sOpYl^OuWkr1sHkEBo^m-CXB`Pa_C
z*v~w7Oj%~JjNswUqkv)^7PDh{b|l(%@)`NF3_q@Kz=VFpedf6qu!>~^imR01Q+6og
z6px-#3O4WthAY{!Eo0F!4A|pyUTrxyg5=IppI>`@$29x?kr}PyT3}63K!ldS<BtXI
zV+D`@_4OqffGZYg?W32(!&ApWTVtj~)romokf0tt_w~WUb6}S~?jvD=tohex;Fn^x
z&>Bbok~0}uef|D@&^>^>?iS5^ABR$iANbgwJpYmcjD|pvO7xL#vfQyVCw*&q*kakQ
z;@3FG=xPt?$AHRaEm@{;uSpqp^bgdMe*joOXt5X@wS;S9foG4A=imVBv1wX`g(ISe
z<iRdH2}b1GS@NN=fB7eQ{PzHJ*bI5A`{c;waLrj0Oopm({D;~LA$zhE;OExDz?MI}
zt$pSXR(0&Zi|HK$_GchDVKGM5APksJ6FhqK$H193EogZSs+7Fvb;3p1@I(*;_TwlC
z)N-PJu1_|De$dlfDS`KDZmgWW@;IY-HY!ayvN5hRu*rzPYBB^kc{&U+5_7aB6-x=o
zmMQ;zY3qH$hFo&nS!e(_*wqKzH}+H&)D&4HUFB$4`*!3c2mvxBLkX*@-2>|Qo1AZ#
zIDzXozrFt1CmE#%FvyfZCKO0Ox|)0^SbbNEV`p1E6EVNe8*u|>SFzE{E}r*A&O|IP
zk_UC@%EvMr_9p5UC&+$^tX2fBI_>WN6et+&ml0K15$3$k_#Z8RrU5<GYMdAc^){n`
zI@#Q28aRC8Za>%n344gWEo3}74gC2c$Ia8TZ=6CmrUI1(rMAl}fIsZzN`@%Rb9H@u
zrrv#ZT3PeA`;4-eGJpG+=kWo(&)INo_9G|ne9p<^`(*VL5IiGn<e<?OZ#1lferM9J
z<eaXmVT?3<9zvu^;RbfT?wurQ?##}<$(zO{i(HUPyxf2niMWoG@a4^bq^YLd8OhN#
zqsE!aM`Ri$n__ATOk<dVXY}>K2~)_o`N{T9TsS$_E9ul<e*Zr0$~=LjpEV)}4V=BH
zbI_V3slEJE8#>B(@l<p6!?BE=CyzThX;1|y$m?y(E0C4>+;!KDuL8E6C6y%kvSM{(
zujnTQQUAb+UiN&lhvmadVJW4i5ge*cJPf-|&#4jjp$%c|$M+$wvfA2oM-K$gDe^#o
zP6x>cbr(XY{8`@PPGhO*dDy!bMGcl;a;nm|f@Ul;<&Kdcw>`2{ANjBIuJ>SNq&i35
zgxRWh8?RA{^4T{dM~uXK(>&<uSh%vRFBn5^o^}_SUFywajN}Z|mDpn9(3B#)^=Rrk
zTn$<LcmlQ!is@Ei58KMNbzFQ$sh8$ZT|%*?nFh*ErZqF&lC)Q(by%9CzD0$c0|BCN
z=v@w#o{VI@X5r+hA4EN@FKw^<TY7_choO1v6F@b6s09|Gw$Gnh^!M89*Oy^O-X#<#
zZ(RIqE66~}xzM;^nV+H{*Ot}4Hpi+0lV<%?OURnOHJMj+M%_y?pqg)X+gdi6N!U8Z
zxPz}a5d<BK#j+Q4Hz`4ytLiX^!#AtRM~Fk|-31t03Cz{-i-M^t1TN-KFYl(Nbkg0+
zZAqZ#x0=V$;8wBIMo05E{5rYa`|tufd(W=eG!gowV2N>6x&1<c@`j>Lte`oc`7I%i
zQ0F05lvi$TC?WLkkiT=@9`vXZx)D7iF5G1&vD`>wgAsoSZ=Z;ZZeV|*_4Cw_k(Ga-
zQmRIi-+F@#@`rYZThlU@FLJ1{)i6unIs?~qv1_QrS0#m760iL@yb)$=zVJ(b^nW~H
zSxU$WHsCpZ|Hyu|`ka%G2|q`mX~8AP&2#a=e5K_FIcPzjmWLVj^V1{lT0Bs!x9jF8
zqpK1AcC@J3Y4O07w<oh;r!PuJ^tH5<BAZW(q#791SN{&ZO%<rprv-vA4CsYiFJhk|
zH~y%j5XPw-HTO4Qz{1^a9t>7q%BaZ$0}xRkmhFXL*sa1WOK8b&&=opG_FY(O0+pok
z-|UO#>&-n6uYsCb*OK-@=I?LdT=v+XSJyVSo^fsBVxGOa(D>m*jS@yQB=NNwmZ6lL
zIms#X`<?fP3M}UYo&Mke<$f%8=w)HO_WE;B@51z(G`VpDc9Prmk8n^%y3D$(j<-Rh
z_@qGp&dFfVSDRNWGnPtpx@jLP4hltO#QkQX`bR;yt{*pTvR*dS+3(iGxax1UvOlv3
zb9Fw1`jDP-Z&;PV*@2r>vE8QEzuBo_RA60S=}SN;N`5Tr#5&UYJSa6nR7;3Png>$J
zT56J`b9;kycr~+pkHxrZeZHgu>n-Ad3m05TrdTRfh8*<~#0DDFi}WUe+}(6zMsafp
zqga|pou(;7HM`3;%7DR#dr;{6K~J8EHCHX7H$Q6MFObGyq<d*$)F4gkUBpK2LRDI0
zL}Ssn;^`)HRNB3M>Y0(dl-u#!!8uAvN*|6pkfE+Gj_cDyak3y^ygvR~p%htpoTt!I
zFCF!rX(%UYFEb{4s|40ajB;oFr}gAQu3$a|gjBWKSEgL%U)96C@RO#I^knYghmkEc
zlV9hUm_z@AiF(b4^8S-Ac0^`PWfz1GcpZGyyGOVzDJ4THR!)2;$9Uq=9E{!Gql@gE
z1fk<F>^*p{4XZu&{94CVha>HcW5;QW$(Q!lS?Ky!O1RYSs!R(r!*Cgy1yU8x-+L4~
zh5Qh16>!6(JbfNbnGwdyT@}#xC|~baEFI%o?%MMTL=77Dj3U1dx<YD<jjxu?Svi>t
z!(U@fb4x%wpYH6|b)?a$nDh|V8-t<<=fq9VjM1028{RRT)34*>ax6-{q(;(Fl)2i~
zkEsjLo>3Khy$ZYj3s*|FCJaK|d=)7}$aIzU{y^&Sd;688o|P-hcVwmyY?G|*b{p#J
zhC#KCBi%#eo0h=@mr83f6WmWXE@=7_srVZW53GBl9u)1&CV?RI?NVMddC;3|a>Hm+
zleu?Ul5V8n2CH74y@uo9UP$Lz7}3goAY--oxMarRUfr{vtqSsu^#f;t%nLKaTqPJQ
zWo=mOyAj()yOBm;@MEyR9oQLo(@@++vz&KD2plA($H}g>ElB`y_r#$kuO$(+<TI`C
zZG!-T-mRSd8GyM&U}SUcG?>Y%silq%HMudN4jD1w{`f>jk@7148keL_!b_Ut7T9}U
zxi(_t8GLPX$>k5K+Qux%`XpRW4w_x1&Mt2oFdBUncwxO(>AD+XS(aOzaTs-y>SC<3
z`j=;~)JFFY2LHD0#isW|2m>bCA6pXa(le(v`X)7F-6Y;_wpI6+ie?&R^yCxev3zja
zr8zW>PP)oXFQ?HMw^@zmn%)A{%C~VK3Ys<}?kigGDwU|nH5Dzjn=1II=|*wMNc-Iy
zmDwJGy4iLZ3L4Pea$_6h#V__1nRk+Wx3lU%GL??|QW~7Ixa^LlEb1%+tJtzx_LuwM
zK>oz<Lomx!q5{l79-Btu*C;ZiRmwYMYni~0ye~8ug?kTIU=%M*NY$w74`J-Z?~5T0
zcu@R_^mIYOkJCMJYNGh}?>82U%d3${UiR#Mo~zDX7R!BiHGgweCaA95hwb($`L)zb
zWV|V@c`cT@Fw1CM_Ym1ro(-6b&+BJNtv{$XTRLI~EZSC<waaa6YffX68{er8crt^J
z<`9}JRV01iAgx=bQ~CB(@*@=!81VV#H5@0pA`*Zk&nGcWsDTiE{@D8w92BROuE{j+
zE?xArTng&Xz%ziq3OR|r!Kh$*^i^~I<udRYVm~*(eGmw|0iNzViH&y364H|qBhXuh
z_v}P$*zaV0u`Z7PrzmBP{Y0KR<gr2VolJ4l+kQp7abm-jQ(Mdc*DzEb&AbcMsXzCQ
z6*p?L&`yze|3eac+vX|!Cn!x(Gu+}jquY%LT4pKRq3j$kG`#MrbQ-)|a=@M8TE%9K
z)e|jWQGRB99^H~Chv5>9h^*N~`}K)$7klF>WwN>rp#XA9#R+9-WUux6_UFc&llma<
z^3D;Y@C;PNX8xi01OTV(wE?+$J_S`AN3={H{5S%G7}b89+BQXBs*4^m#cw&732}y;
z-D$zd?%e}Hw85cbmwj%A)goRCkXB0@eaWz)H1XASVT#Ij_?E*qx7$<VODEFSzWzhS
zu$;+ynw)9KAw0WVD73=lbWzLVs!C}kUOjGAEHApsYbAS!cM=qu<PXUd4{4NsoeY;@
z#tS8stlT(d&Skqjj9)=Rq}Hc8JN)LXbnZh)eX_5M%f3yoPc$30zwhzBJ_dV1&-y1v
z=qKQ0nx^j<eiU##o)Y{?n$7)Sh++PcaXqhvO~KFVu<S-sv|X&ue@H6RP(ahrz0FOm
zX7)|b9p9If{9>lhOdO;Rzo+{hIx+w;7(bB(P$Y48BxR0TYq<YM6y=`Xw;Lj)K5g5+
zqEzGmMcP+KMftyNT7ZIpf{1{CN=c5A(kcqV5K8BuQqoF?fQpC$(hSl{ch|rWisTTI
zLxc1%bj(l#`x(Ff-gnRLIm>r<|MDC?&htE<xbwQMo2NL)W+?O2Gha_7%QBm%2(j@9
zZXP!r7E+xz(vIg6VNyhh$%eYEPfK=AARHAs6J@v+s1A8X%57fm%gpu(zSCOeXUjaT
zl0v%ua@2k~@}|M}_X|#y?JV-eahRvt&A+M~<T@l~t1vG|Cto=#KT_#xA1JQf?1^R7
z&cD8TP!Nl-?PzPXI@kUznCG=+QvOd6tG+@1>^`k>OR4MUoF$?~wZ<PBZ0N4_6<ZEU
zzC0ZL)j)0-T9JqUr3mCogU$_nzA~r<pos;-_GlEJh5Nzab<D3De3vp%Rdx~cUS{UL
zy+T#aw!Oc$9a5WLy+ZCtXbZ=Rz_yf~eB8hM?g-BDjoy>3!F)}i8hu!*5`!;eSB`u{
z#k}*ds?2gmb8D(&Mz#62*M$Y2u;x<8_VGfl)cPO_G}481U-_r=kYA7x#;L-XrI{5l
z(-s9)AB#(CLrdiCL%<BqecW<{xT8!o1^p;Q!6NE&TZPDp18HCMUqEkz$ZS?d2{hy$
zZM(a)Q2)o1NBp!`h%g*J0K+Nl>2BChbIkD=$WxubU1-&(laIBcU=ycv5_hXpcXnS*
zS)5x+7S}LcAGH+V_`xb_-D^aC$y<x0q&DgqLBbz0=^)=lgR{y)b67m`7Gi=E90oUn
z>ssD*aY>p__Mn+67L(z3`M4|W#v^}`M$H0EUEIjk{Xak{Gjr_{M`k##!#ZZurQ|bK
zyKUzp;p(iB>wU>B_yGy*c7{K0`KDyKox>%}uzl%*8MpmdRhs$394=5Ab}`&c^QxlZ
zElfEL^U{2Z8V`QrTaCgqp~Vx^qE(mrJm0fF3jM|Bm*uNLX^<IebRHCHS@&MQjZVW@
zjHyh{SEP{5mU|q5#GQs&fN`KAVrd-F-z|zxxZPV9s-Tgo36;z?gU0y*%A!7J@pPpq
z>@_p*Fp3cpHiW2FB`RtYOO?kJ`B)<VlibIy-A%$)fHA?Y+l&1QEMCG7gKB?G_!x&#
zF%R$Z&zSuIJZgL2R**@O7|3hvBe7OqYm)Je6!@RE>VHN|*=Pd9RMd`DdM+_6cue<m
z-8|<nY(>Lq`2DkD^Tw%1_Bq*bSUYHPFAWiV+aE(&J*v~Xz9@DaXz4qU&Wn8Kw*GM4
zs}APjur<j7!V;r&q629w>6+CpQ5btk?v0Rvk`=0-NfXA4<*(NwY{U%8U%=ZFE?)lO
zSfj&A&kfUF6kB~NFl0gQDFxNWh?s`QmML{ul^S<g^$oadvl$O(u$q&&<i0@%`UNPJ
zh)TDsM+1;FC!s$)VnDmV(tumP7%3hvVpa;+2oU+xu)TZEaiw9;c_J+)YIpabF~T09
z1kFmqx9NGM;Vp)K_4GPu&WEJ;)hto8ugr*-urx*lmQQfhqFUPLRtI&D5~UB#f^iPO
ztIZ}KUtM}r??u$Je+%^NM`gMu`wO3$xbM#DnBrGh&3aNlIdlhdd{6G_0zAzy{W2?P
z?dx4L6ud*wqZEJr+s8zcKYIq}kLPx@P<7g0;NC=kNyDxv)MImIDa@LFUbGwerWTw~
zq!}*DI3pT5gGmQ{?9dH+A5(#@cqw&lA4I*zle$Fox7-bTubU+Od`2N=ZO<2Fyfyic
z(1JF*b>FAWp?l|JklyKun4G4gw%85TlLcq@I<sGYB<D!e_?8+-->KBAPuF4Txn}zp
zs+3c?ivt&f80dqUh6ousE-0KU3GQP*`WU4&ppFtb%vVEYatCre>PU9Q{1CTP$I3Yh
za9XVOQ2%=S-J2}~+NNpQz9|qd%bO%}*te`6onBuP@{D#K8e59ds>f2(t?dnZw`LIh
z-TxTDcoCRt;vG)gSnZI$VnuAe`dSoC`qh&Kj}SLOneaGg^^)};EE;R{i>orvQ&Y9S
z2b*`qWu~onHb0_ISB%sCK*@ZazQ0{XB~BQJ63RV!LFY6KtL<}Lqls$$g~+Q;9>w@O
zp9baRSSTi{*Hjy`0TH7xjk4~Gn9Ak$M4BOf@0xsHNoEhKh;}upKggup1Jnk=uO=5_
ztT2sy=6ZLT4+3ne|H7Ou1zOeTs7`my^!M0*@odg!=&98ZO546FbuY0UZba<Pmgedx
z=4adQ&q4Q{q_v+mkL$2%0uOXp5bNHK=Dpmyb*^Ey1J46ZQ)__Fjux6Dl&^}^8-`%s
z=zP}+fHuGr+LxU6-b&mRdwrLFsLZRxy*4A{l~DAj#F*us+jIlg7cUQNYKltCvo@_y
zVRgGziB6v`;Yow^aSI97`k!|7UqF-$Dbl=sXLQTDKU?d0sSkm06*R5;-$Y~ip5Z!M
zamrK}nU_fMGD{HJh#?CI#m$7C*@>{lZT&A;?aUUF-!~0g5>_87=9xS6j5Imt+(2&j
zN~okQF+D@^sxrxH4&)l%NZ1bwT@v4H(JBkFAY|J=bgRQQW`f|9qLXde^SmRUJ;0&y
zf!bW;Pqomy-UrW0&M)?lZ(o!tQ_}%9VF@rhtOvdpCB^9tb^`bTzh+_X{+puk<)L`a
zr~P@hazr?UWnjh|o!`&XQlFqY)7uvz^QiXLl=fOeibI*lMpJcEM;4&Npo$+pt8?{?
z@n%bJoz_b%O$wg?awIMtR(BE{r3=kVC3mo0JvBzUlbvNj)zg0>Ulcq_1a{U<@5bxn
zJ@HwoTw-q|6i8950xb@e$;~S`QFc=jeZvMF4pa??2-Evm7rwuUr*f6BsFI55|H3&%
z5OGf50v6o!KeyoTU$^YfN)oRz!OAlXS43Ecy<qltS>WHLKt5k7yKj)lV>OUoed*>w
zHbSb>)l&$n$tL2d3BJAq(JklE0=Gw3)kq%&`pr%jc*ZL)nP22Duq^l$TLfjYC)m|Q
zx)Y=w-P?a97P~hvdOj&x1t*jQoKTjvo_QvJ7x?{$P>hj?dHNTInyKax$Ubf<d_3XD
zJGZ^qj5lad^iZleG;zN8iaBB~b?-&5^VgY9o%*X)6mCPOU1gUKU>(UW8ZbW1_Q)fv
zp;IxpTM6OW#LBbFScCbOUI6r~-Es*;fznn{GG*R6K%$OZd?<cwk^RKmLE_}1XiV%C
z3OBzG<ur(#AEYMotw0CzH4E7*chZ6zjVL9;9CJ{2g|$x0`!K?o$3yK-7VRFo+#{<j
zWfq~qto%?U<Wa=HSYNvu_sm|I&x5Y5EszZb3j#c8=6yMinU?PaAah9{ygAUhqle<K
zES_0RWV8AJ1|?f2)dohpYgma{*)Hx(|9rwQnDRMZ(v#CLp#bh}l#R9(_{5@UGYrd6
z8dU$}A)hgjuotISs+u76&D__D2x*#i^4YE6RhqS;>|4@4YO|wz09Xh)2s<$_!B=a2
zT7LuQuhl{D(37ue|0)s)@0D9+-szDs@}nDkMd^kCgpsF>AxU@b4m}$x7dB`WwxcPn
zwHJ&^+=1q9V8mQ5T!DtS3yU`W2MU!~7}sZkAZKl97GaDTYTHr-Wke8)bFO7X@AZ{r
zY%l%#c?Mav#mw*F{*y^8AN4iSR%>!eK_OwFb3ZB@<;kig=5H(z&%J4`S}G8;`myPm
zAq%87nC`R1XZlkxRk?uE|6;%VL2pdwJSlRjF_5dq10TgzECr<am?IAf`+HY60#GL*
zHKXHeiWHi^I6p1a|HAQ4v@}x8n>7!p1e@Wu?EgfZ;oETszxVCUM&OhVzegGVH+&Nv
zDdP*es4WH|#no>S0M(i5fL}2Jk-!^`$B*cj#9tt#cAcnb&t_}vIycwUt^_?^P2y3J
z(CBdQ*B-MI8iA8jVP=n<Cb`&G1H*4UxuG#P;>>eaY^v^>VYQtvyRH#>WET{7mlxBB
zg_v+q2R+xi`3{+U--(z`qoW~-{Eq1%Li;X401^8aLKH|Ps%P-vyOa@U)p9Rh|1C2}
z;%Wx~RSe+u2SfB&lK}VkK31o@I+#ECjn2FbTmJ?ep)!=?W2|jr?`v4=)XlejCHbAB
zgp|2${>g%Tf;>t{{9VWF-%3^cp(I^So4=M-41tXduNd9MsH=6Sc3G%s8_UQ;EE^bZ
znqO`DClCBcbP2Op)R&I$gr1d3J@pn0?K?-My=gu68NtEWn+D}t9&rub!U*kg%+N)H
zfJ<ykZ~ib`!SBmbTy@On8$1@&yv#C%=!>;QXv^gzmzg(umsdg1KEPen6_l!$uPbO^
zu0}y|U(at*)RL`H$&aL3o^nNC!rsurXai#aInq_>=uB&n4zrcmNwdHd+e<k0BW=}a
zWlEA<$0q9VTnt~$&sKjk&+UmDYaaotSdbSh&O0;S<M&?(BkwfSV8ueY8u}TD3sAQs
zHes^V33Vs>t;+bOl%vfqvXQ&h=w@aLt3#zZm9{?CAk2>d`QT4gzhC{CP}&es06tvR
z*!}7-c-{`^v4&IeTS<;hc-8CD()4oujSZ%pYCzSGv(k09Ah0LXV~{3V`=tFpcOr<+
z_66}y41ApW7jXK?XLQ6a#mkq2sj|1rAEdBcIXv&)IQK^9+YOG?S2_7}6;G2|TjC47
zloP9m`BE}06oHWlTn>2jT*O)%;7-|fR^~fsKJHC{Nz<l}l7eB;j+DHZq5OboFKGC9
z970LQNrfL(X+7d9X#N6{;jw)W6o^wz3Vst+l0|$6^)MqGnyQE1qgnAVc!3fAySaIW
zZCqX0#nV+1M)=ulpp~c&3NhzM)6Ob!cyQj?cTw$VFFVYE5Mh$I-e9k>!w{J~F84lV
zGXO<<6_1vbcvNbFZF&jS9^UUXy3m?MGjb2JVGrH*;O}5yhGVbjqh0z5cAz+E%_!nr
zbS6zX&m6ILZ_il^np9=O#tG5%iXM1BFf3BQZJ~CA(M*Q*maCVVx)aGLeVMvVm{^&c
zhPjciGk@qau%MQ1)j6#rbM+7p4r?9sYAh%mL%?iezmHA{02~S@vJd-n_P;*dhjHFX
zkG4ObXRMc>J%rhU0}6=9hYw#YY(W_a2!gIS6^Kngp12U*40UP_a4BjEgsqg?_A>5i
zzBg!qGtbUGe>Qy|QUbc2T^Hd=f~(d-5##^qI<&!%F{79}>C~VnxA6s+=6$RooV-VI
zX0MI{`$k8Kz(vGf)H=zVe&_Y^L*DRI)tvawctWrDu;Pr7CiY|2hKDu>vt3V#iV@-<
zy1BU$?nvp@ks#jv{%NAdx7;lT!PfN@|Cwgy3D4ZFsx`xxiD%_l#>j#rY`UblB+m2!
zK<<F8H^Cd^S0yvgvo*73x3VILdKsW}JW=D_#M_Aa@~byN(sibfmCJMjQq5fA;%=mP
z{&LXgWfX|>S~q5T9p?I2FXHM7_{x~d)Jqz*ZlT`bRtMTF-Q_*U!amD+4uPQP`Lu4)
z$O!(N+mOf~HKJpZTQHBL4WD|Je4{Mef8+3qadNjhC{HQ=Jg5K@e3hlj4E?B6t@1e2
z7h@t6+7==7KYyBJ3Q>_S#4PTG#OJ^B$25+efBb4K>hxmNSvL|**UjQ%Biy?|K!S!G
zUcIOm)Hyj@@G_c(@~yD1j+4R>0XR&Y^Rk$JV(UddFttb%wW{^WE&>6mKl7iepq_xk
zizKRI&-sB9v>!(bh}af9#Qu1_!clu7)Z*&ehD9Zmn(7oR?C8OYMLjQ(UF4E7Km+l9
z9V2TU4)Ebp8>H$tCP_S~7$I3bsTwH3!)qq~I4ZZ0N>UKw<Zs_x^*uHnlG1&9m)ebl
zY(Cs=PmPE>@WPP0e$R1RpHeIs_nQ60r`GaKjx5dRs1{HVM2uO$)HaHmeTKD-WbsS)
zPP{z<W~0(QW$wftFJg3?2-6`YhP3zP3_j_fQkM^5n02g#qUQx3rFSW~mXO{ZC_R^K
z@G!R;qA|y(o@?sfD^RmFc330ZTqW9b4Pa2JK{<HJZeqjy*o~|A{ihx9j^*bx>yD7z
zI}^80@@n>jSsE6tVQd*AC^D)89%&CJS5F`dXmDAT`1(aeNL((4obh;!$j@`cRl{&F
zZeM1D3d;-M2Vk_+1`%+HCw~KRsqHl!Gyn1R?dK`PwiC<Xd000ys1?x}iLVev4pso#
zq+ox#UE`Sh08ndp0cvgg4g5vW$_cjrxBn0PNHicz{>g+@qvT^n>~GL_CWVBpM{wHe
zGl)99H$*z!ixst8inh=_ea(9KjCWRu5_qw<cj>{-FR;DAAOD>Pynt4qeuiYXV#+^N
zw2lPHC~Ct8sXGW*8YiSE#|l3YfFUP!-t}emJ^}(F9LBW=#bzjT25FB}<HZV60KKVu
zseTUR_1DfIubeq{>j6-RSYY{w159BPD{PsnQy{akkiz{si?he`=x{&4Y2lZufZ>|j
zn|4MZgLNY<gLq9Qqrj62zT7+>Fm`P+4V2hGNMuqE^~8qiq$z2!gVEvPJX%(e>iX*E
z(E>)1Ui-M#c=4ot{?W7~8zLBMeEW17aot(~F6|-bPv>I|{)xAle<(3jZjH3tTtBG+
zfwR6DUOaFDth<57dlxWExdDtH#XeiTH+;MT-%kOcO-Gw~vLJNwDI(_(a0244xqMdE
zCt3&)vjGTTPjJf6v5R|`?{DNG&?`hl5;pcE-R!u3;;p~Rn>Xl&0h7|>g{41^5hKLs
zqy?zxj<aT;ng$7SY0hV_t*rsDu7}%R0Q`7ULhbv%^lQ&E&#j8;p9X_7>&&u%z~U(_
zaFxH}q*j4s<1yd#Gw7dk=_MiRkF#aP57>m<8aJ*hZGx-(3>dfV!tE=|#|zaxuK<S!
zAQ;&q8IaHM)KLT1!R`S4BkXSsum16vQmOM`2OMJTo)e+EEFadDm;hAetuAr=@qp_^
z%HyG#EIhzx5HY%ZLT=KUbq0)qz@F)XMc`Yx8vEhcMUZ+Ao)2)L&!F|#>j&FCroh-n
zfxmigR`KiRu_tx%8?bqeG@s4aWEOxrW+`T7H#*=;`Bj-honU71onMEUOREk`Ehoia
zKb?@<7q}>beDuj7oLy19;$gmFEjyRbkqVI|wCrrJHrJM5ER(Aa4d;Lgpy2IctF^mr
zBL=K);;4B*6#|r%^qXbPG9M0hJqw3t@^2q53b{IadUhU;AMP!iwnyr1NEts)e7(qk
z@Wclb1@VHJ#~~n_SsUat9=TVKV&kVj)~KF5lYIRju(Bw%#DC$y()m%BJ0lT7T=FJ&
znu86dda56=OLz>^hu^qq_Tb^n%qNp#lM&7s`i?`JzZDhtCVK^HrDnMEjn^=nsu#Og
z2k{Yr*eI-|5}0+{w2V8sX=m8tVn6ech)-<=RY}d!6KBPw-?u-}%hvX$td7_464QtR
z9lkJ1Yq+FQFIjE5?;D*v>Z<=D3EQ~_K7a_n1U9Onpk-FuxZ%2AU{pAuALZyzxAypz
znEJ&c+Q#N=#a;1x)A3@@u4BcCB^T1I7uL)k1S3o@&;$3>Qr`WGqS@FRZy|3gO`6>-
zBti03EZ}0C>#!AK<F$t_xfTO9ztmy;gb&2#hr}!nw1x~ewm19)t=q0-V2N)XP0K}g
z%q=8-lnj8&64Cna0ef`^T0FL5eJAxV@=9a+$54b>D-u&ad^ECMKI-GT<Jv`jE8%dH
znl6-KHuE4%fhDY&#piypbcEanz1z^m;_iE~7+QrpZSExzy8I`12Rx%Rna|C{mGM55
zMHw3?@9W7F-JYb2@S4l=L9XMrD^ik-DnN5UyBL|mP<L2tfICELY*i#8utW3rXJ(Vr
z*saSgn9a;p82EGGosL)che2dUrSxyKNe+m+0kH4#0ROsXU8Un!@cV-OyIXrt#^IY2
zapGuGk}q4~-k_T8TI;r&shhQ-Uj4-S6RYf7ki<V>?04(3MUcG`OegRq4PIIExZpMS
zxuT#hfhZIlm+w0hra*)0@Ud^nhRk~!vXpw%%mHzrYV!qR=wE6NlM^sPJ`MJ=B|BL_
zwjMYabL>9c9R-&eXuJj40W}QuG*vcmaKbW*rP)B@#CK#!FgOG>-=(1%IhWN@#ufTm
zm9IZw7N83<3vfdYb6bkL+8s-!Am#bJSeoQk^!SN8W>$woWq6D8;1y8I68FKC+8oUB
z0#lGwlPQ%Toq=5MRG1qTGloPEOQ-<E2nxJ%>~c-b5B={^v5s=_)_&m<%Qtqc(qXNv
zMg0eBRUIq-sA7M(%x4A=o=iL1I2=}%7@7$l=c-Tn1t>ml(<IV#<_<1y#{-S%7((7e
zUi7j-tycbcl%rRO?>@e5gjF+)tH1pr_dE60GN1gm#3Yxty?*Fy_F__|o%S2<<igPW
zlD{-G4X=XWj&^0GeA{Y3v*p%IO^q?)wk$R+wpq6s+E~`ls2wb_jS$b^b*Pc$@tVm?
zvRtbP$qZt}%AmmXBs$1u`i$pq4#fn{no)$K0WgU-v2}aup9@R|_=D}yw}oBj9ssZ#
zmqZ;|j!HL12#Xk~sNj6E?&4){?<1)l2VfUBuLBLo24D=rF|;2HqDQ?eFoJg-=6zZX
z<7BOq`HXJ$F8w)>b_nrL#~S-<7gUJR>pw(Wu0LSo6w95*6Xu||M2g&~)78x$u*-gD
z6yje3^5^tigKfX|FTy>TSnIDpM1F;@`rY3Ez#}_s-?JFNd<`oCOrQQNYNxN+@&q`I
z1LWz9{^VSTkJ(UimsxjwRxlJ-&bRYATyI4MJzbTsvs|crrCTkSMP|~e)%&OoGWQ79
zk84*mb>vB*?#y~Kw6!j0hNd=XFKg>xY-L*2rqbz@D02FKo|yBv8FY>ZA0w(|tJ@-@
z(NlV^!L%cwQT2M|Y@lrPlo?M;3irFKA^lL9e4s&=HCpT^)W}GWa}Bg&b;o8f(I%{$
z)V!YseO(Xp%xIW^004ND2*j-dmF+ei6n)E*<#c@K$VAuSxc0Y&LzZ08hnE2-(_)|`
z#fpZ`e&17JwjyODeMIEx%z2{yHblPE9u~>FX!)|}aTrZcrIya7)t??@wU0T@%hEp|
z1S-#Fj@KBxTd($qBk{{;h+I~S@K}@fYWsOudddOaTF={05-P(=Q$H1zYdqkYM1T_!
z)o2nT`whMrXy55m_bM-lakSy~qoudx=(~Z|2|mUMJ}@v14j_C)wsyycPt^_ShJGOV
zbk%t=!H&?JIh6QAVs|A$(qSWHqA%9~&EYs;6D+#;X7HB`GxI%OPXnj@ZO5(i8uOh8
z+##9xHo#|_mR|aH0s9@dzpeaiz(#NQ`n?}#<__PVqm7xWJ92pd3Nn^BXblb?`M5+1
zGjGXT15CE7(0<JL#8-13gPb3)#^IoM0Z^apX4%3H^Eg}ajHN>@QjDNEh!4USvpZ~H
zphz8}-hvt_d<=+i{SM*waq|lnM0PZHrSo)?b1%Jw4QML5UyOR&^Q{^npqzLtSpR!x
zuY#S0X?p3(Xzy>ik5L054zUt9Ow90>3#jnw5oV=gM9hN32Uv0VlDdl8In?TRD-Bbi
zH|Ld}lvj}%`=D{;aQw;c@`4Ly_AWO22){r?eejgtX<t&9Z-{nTm<Pz>U<v%caLR4~
zpC1KnRP19lUsIa240?ch4HOCbXx<EUNdHk&(n9Gs75<l+l3##RW(H7G;;G;A=eDNS
ztR&SZCi-eJ2@UTfMDvZgX%#4)O0!<HqEmY^wv|COV%b3OZb$uQpuWpvU^sR@X&zLT
z51~)y0j;Xm;Jmo@BG`DodfA?Os++juK}zgH>&FEy<`d(Wz3%&0a)vN0=&BY0Nau!P
zUK3|z>S+z55#g7yji_yqe=mo&0<h)yw%@ylsoK8UG?6@I?umBMF!P?_zifLEe}G<t
zb8My?M90^%@y-uZF$=^>*nK=$Bgkv0ZOnuyrTpp)pWl5qrwbt)nk^w!?fSS-5B4<L
zJ7orlfpNC<RdsVUeJ`{1^cm+C>d&>~(wyw59YPH?`w@@=to<@Q_y=?JV8#n}AZ|7V
zzwMCB3vU+{D#V!7XyvMFjJp*Cuq%IgoS$PRDOr)91HVleGc2h~BGha*f(yG<qaAmH
z!VQ5H@~VSyhPh++mRIvaQZ`1iwk(a@HQX0FV!1o7KA0x%XfxPRQi+Oxv!j<l_6(RJ
zfI~{^FKfQW^B1#}Wj~Q<)Kjey`0}(GSqc##CSLb?-6lpz+Qw4C^Xm_m7u@(cKqFM}
zYQV?!<r@1Q#%-gr4axGIt|>u$DjY{R8IsMXd*Z;LO>6fJ`cV76+$TVcq1f*BM2JNz
zPYtP>U`Zfm_VS2Wfm!Fs2vL6nGg$0WnKr%%+{i;H(!34(D>6|JHN1pRl694r@EZsN
zB#dHU(C{+ZoU1z7&v1V=A!aLAR4&NV1I03c!-8l2gTo5;&tm4ib?FI%r@Qq;Tw$p6
zg;ainz8q7#ii+jFR@$E1rTMXX%duKz(<87>8G)twlwO6slVQ6LT@Q3WSG?X@{~&^j
zfA>i{2E?0+81#gYKThz^{esky5iaDYTqHqCZO7D3&_}c&oe4O6@S=T&B31yj@x!Ya
zF$3jcMAFAlNT)w!`InclYwO~Il;|-2%%1T~_lN1@Rl6szUp%|zL(e%m+x!O1gZ%})
zzBp6}qLoFQ#TpP}m_x#ff04@!ou<Rxg-&Z5^@Tfe%no$K(F}hrHoW80X`4Vq3PD+c
zq|#jieV>EDFBf%xEuiFN0Y_E8Jj@l&G3quft7sf64yk(lw@9tB8)e)c)|C+~vcK2h
zee@RvwQZTP{2v$;!Zr?_BY4Emj{)mFaRtB<C4*VUAqfWkj#j?TPpK*Mw4fs@+YXkJ
zynIgg{06nX5%t-f?T?~l<mBC_S}ln4LV`De+G1z{oL{&ZSN>P(Y5u0gL{W4}2*v*H
z!d95Kys0<NrE&x>?44T-@2ayZuL}NF#$4j4hu(H2VhQnuS>eK#f}qj;hWzw^Nc8fm
zg^#_l54Cn&a<2u>#dA2M<tG!-p>0?6=8s%E*SViO`sC;+3wMuOO=W8lN!*dXl&-r4
ziPHu50kH;AcQuRbI7HHgk9nuw9<KfX@$Z$j#U360M!exia$BSD5B=kxd%jeV@hrUs
z;%^Gs5{|@B_70d@sk086RRI33)Q!3zn!oN{d4ouTnw08_yPykt5r8<&qZlWU!v5qt
zV~r8;wy^``tZNRG_Ih;lp5H=C7cX5_+Vj}GA0zYXy>lx!nAPZQ<hJ-uB>dXF`x$!8
zTkatK9*-=Evm0M418N!2iOY7qP?6xoT20WXE`S$~-jv&SA=hadJIBj6vl2^)hk;kC
zur?iCs}1hOmGc`2L+3irQdEnRkB+?JsraMC)NNRlgg3qVgcYNNbRIBE5%hL)uhEn7
z_)t9XIr~F`)8>%%+Jn~EWj#8W6RY6XJn%FTaprdtKpde;(sxf&1*9SA#?F$X1Q$j>
zm+&7Cp>gK8f0}W(_Pcl2(wO&-^g8559?TbY*K!g08lqRl{za|i6Opg+^5si`PZ>w=
zXIg#m*D*qMqP;-lP&fHiOQm?YK!XWQ_lA8Uqdm3e;Awu}<_<V$5x7_JkGf0u>U=(m
za*l_nBXc#~>WTpfK2GmP_p9$_%^LNn@yq-C|B+D2xIymbUS&LS$Lx?%Xe7!@Ptj{U
z?pl!8>{7aM)`j8o24__!>?fK!b$MD@DFso(nAv6I&<%2mF%S_87+2k#?@WOATMgu|
zisd_I_l%c+43di4bQ(Vl{kZoidb3GfV!GMNch+(1S3wWL*$eAbxms>Dmvup8v#(Cf
z?opo7GnBW7hwPt|{6pk^!pGdMT+d|dsm~P|`0_+suj>6}&Hu2gOmU^Ri=Vd|=D0=H
zfnaPUg;B&>VK=6B^eMqd>fz&1NdHU7aaAM0Kqgkg{;@I)NYbE0ZUCgZ;ely{Z}Tcx
zws?|jp4W6X*K{67?iK(kw3|H=_7k=I(!*l6XJLRPZZ$w1^;0oiVnxywR~j$rs01{0
zxVVn)2#}D|{}E7nMG8^-o$~RAT;h0R_eW33mHRw<;bQl$*tZRh6xnUl3z{v3da6+!
z{RfXk1aog;Xc%kX#0hEZF7zeUp(1bl#w*3|EPpiFRmq^hQ!UwUn&t+2@XTY71ig#f
zVFL6qj!w-X{iG-&GBM2rB{6_`IRPLx!caXJVLza+U=NO1!4O{WN-qTDi9XEe+9K3`
zc`%oU#cz%8#d<m7M}Xc;wR)bNqlQhdSdQ5!(3CZhTEWh0KTLbQT^vPZNwn?uP>m^+
zEmj&+^_#H0MiSwu`z_7O$LFEB^u+Zw|0FL<ij>%9xi0Q78-_*y(J4}}TmuX2v?6rh
z&v@gb^ud&EBmW2<K5y*NcnJ+u5XxRZsWfBp{3l#u>m)-OTAV9kGWX>4cVfLW9zR^_
z9o4HIfOE*-*Vb)G5-LZ?H1t-kIgNYQ6`U+s2xiTpgok*!+yS}+o|6lD=9pg*bw>bh
zrYRIHRg(mqm{C!G`oh*95B7!1jR<e_pagt?{^A_;A%X`4PN6`a2Hk<HjLKPitC>f4
z`7D8mKG3b}OwZ-=K?jVIbU3k=z33k(dlAG!2K?IX0O;)TE5dhyxFQ2WZkW%Yug<yV
zen-@%`$<Q=MpIwOi_S}WQm*=y5=otj8g1DzE?YS4c#>&DES>p;#@FO0C{^`JT}ut~
ztx%TY*^x5yiEXyOxSpBC{yOI9+{t#oO^Y<W<$&N#T*4EL=tm%lE)tzAb6Wwb@)p@O
zt-)TNPn(Ryt1(fiXd-PW{&j8uAmb<#OF!aHIw4w}+auA1p*6Ne&qyJztIT8TCgOTB
zdu~g=V8lLo9yE9rupzW!OIOU{)MNNfRm>P74Kdf+96jNiKWL@lbQ%Uumnh76U#g~}
z)_h`=Bxh^8>03hD<8Jlz1sp$<soRkNZX_PJ-R_;BbyEb?V>)(0$GN4vgQ>mtk7FvC
zc$#6+xb=s})mz(ld{tcP#a|xR#`Jj@5nR+&bw2dWIhxqnPSS0=47irml5kTV(D-TH
zE#YkIArb0uR(l&Tx(ka0z#QnonR7G5c&Nr``X%%z%BMP6Gk@T&U6$EZ*VO}<pF~xx
zMBWfWz(@+BV&(m`b4XSOh-bn)dHHtClFV8)43_Zn!jh3dXSYhqPcz^Wgm*j6^;XEf
z%QAV)t>QXDcQ646ERB4#*FWl4kCAE;ccTINO0>6>4quQXyq8%)r1b5;`{2to!=5w+
z9shL&s+H)noZ6S5onHIiZ^_p4@yUXggJel>K6aD>D-l<*g&i2STuMKyl-1-S+lsSM
zbwn*$nwU0*Bg`ivLjH5GNs+H_e`+@XvL2pTYg|XK{d~+-M5<iZv+$eUZ0S4s%W?f*
zSZ_uPzzQb>EPK);JUWJ<FB9q8-3do<;OZpWc8FJ=$!Dkk37Rl?ZtMR}x)V&d1s8tn
zuHA_9*Y`8LPn$}qwDa^3KluVPed%{Kb#I33so4W5_;QsT@ptqWNqB~xnb^O(8w=wT
zWIgo<@?kul{Wc1gy=I{o=zh69BuNg>G#lC~{}X?E#Sazq7e*1W{!6PmC4PiL=ahr5
z=G(2Y{MDCucVm%Ys^!lRR#8Vi8*(=eAlZ99sq`+3V*G={Cqm)26C0mnpDiJm2CEc7
z4d=zUg3kl(PCKiy)aY*`>E{LFCE46J>)6xU>Ucxa&k9D1<?3;Q9IZ4U0Jf2j|J54)
zpu@@OFRaL<NyMn-&t;+JnWT#`24<M##jb8Mm$xL}#OoSE04>%#>>Braqo9@MbJgec
zxA*Y(>6b8P*&hTvx_HsXT5r3~S`U?9m1Dj7+=yb3uBf0YuqK!I2anRl3xE|q?n%M%
zo+kXrT}`S%`AbYYyK8vpevOp5xt%oLu~P--K3B1d8ARkT`||74X@}?+*@TV0A~f2e
zGw)@D%TRkbpwq)ikxC}&@fGEefmav7@QwK$0&7=9$<gail(CERpUrb2u(h0A!*bn?
zjyrZeTNm~{AIW{LS`fmGPUBl48eGF&dnu*MgUAe*Nkg;srd6L7)Q>OL$EQ`Z+>`iK
zznJ9i={M2ZO$=`HY;P^Qeo(H|cy7*orcZ*08T(uwyvqN$yYPt#;x~>g)htf#^uE7m
z%Jux_l{yud<@T~TNpqJlYdaS9EX(bNWdTp+MhK<r0xsavT2IrsM_1_GE1e>TCDaq)
z_z90zuhN2U9EGUS9sBZ9X<@dR!AWZUXN#Zw53k3G+MUf^@i|zXUDcVO**Ta9nFw=*
zLC$w!+Irsmy&KVn0qmLo3vUi)Sr3>|d{^?WW2)sQ{OyJ3zX!ZzE9_d~Xn$#jFD#EM
z9&B=BHowk0+wxe}=ah1GBLl1L$5!Ak0Ec<LROpD$B7R>-Q8j;#>fC;8iB}GiFiau1
zR}GOXSJ<Q;zpX9_@Cv-^EXT&#cfXc`rj3N&kJR?ue3G<AsS6>lr@ub*{h_1{8}%i9
z+<CZ}=AesDOqbBKYT+&m=%#0_;gt>E<23aus6DNG#k$Z4k69Dz*!m3dw^4%@K;{kI
z5T-HN8V^q!7*yDZ_UAP%i4ndgel_w}M(ni3+0@Ht1Um(Ou&TZFHf`K1q)21N_Eyw)
zJLJ;UYD8uEf@*jAi=bII>1N(lFaG{)^ewt7`4~$MGE8>8dV^+1)nb!mn#R0cxOz?@
z<FCk1CbO-Vv!<8+qXpo<O1_k0pS-LioEmPJ7rQ0<TUc>7Z#ae}$vWLEUSeIr{dX4G
zwn<C!oU8Os(AB<F1ZBOn;ES)h`bB(&U5*7_?Az+SX0scO>5L;2r?4jOv^HC<`vs^q
zR~V(IZYtp&+MfyHQT)PdM&NRX8lJm#=heK6OfQ#O=s8($`_l@a8O2`3aX{=tVya%%
zB5|u+ay%s%s>U&6#UwItJ+@-3-7J*@HU(B{jhK?9CGC>rB%R@aTd2J0nW@wA1r26G
z*@am~G@}$&YXq?9d>8*SFz5(q8=O=cKmHn=b-OmXA?=K%>+G5P&P|=E@%TGxnjH4M
zra+^ZdAvG_(tWwTBW$;>Gkg|GPqM0>j90+P!g_j`9(jA$0&J7vTzf1_<}e-RJ);EH
z<AJec-nS2kbQMM}@pKRL+rq2k*qe$<N;G+o)4xYPf_4)ENRi`0{dJ{3^vN`alzrt<
zmm#;VN1qE*rPrOf&W1Adl%I4o^U~;p?8wwG${HyTE`(~^nn7`#F}Tg0OajAe!i!bt
zhSUQ|<J=J?Ynl$p0nwku#$z5?J>_0pmakuG43$|&?}7`)o_Pf&J~ih5MhE$P>3A0n
zs?|V_gATd0vsV00r}SiVc`@x-`Zb>F97m2b2gEsgbzWTw$78BL0ril6#qcdw4Pg(l
zhbA{jdFF$RL4)+b{Oa2`^x)bcAJ1GpHU>L!O0|9!4229j&wcCYteXf>Bw-0?+fb^{
zDc)kozxoQ4cqD##1mTX)%jgV<KNNI6{Y5ETBsU{3&R0Kt;Nlw3C&uP$k3B#)H%)Bj
z{J(gg{WAwFYsv4>19>jO7uJUHk2T@0DzPHb-p%o*_7;1QNv5DP5;Z$eNqvT=6aY)e
z$E1a+j<qCrCW$}WLk?5ig9znVe?N)#WDy=D;uu(-I*@~oa6M64>&m}5#@v67asTE<
zDOo$>OL7=FjI8}>+BYE4^A!As#I3zg+Q+XJSpax-!Q4qeEwIK6<W&O%$2~@2o12zd
zSuWr^hi)*5*@Oaxv$no04b#@}Ml(_G(Gy?a>BNLNUO#goa|Y}$k2{&8=dlZVmw}@4
zH8mZQ=FUTtu0-kC+>%3fm001=S)MutFpdWQItUmi7G!zUvor&cDFr<@9r!@5SO_Fz
z&@vR`#HnS+JR%ZS4@Rh6T~ngjgb1BHSs?$J5v8SL#I`(KRw7+yIZYb#oX1HeNybR{
zXIZ1>N)JcB=0?w&4#1S8R%fkg)!mb;_Wu5kWaD7-C~_N%9_sqE^PBi44;CDNz|UF=
zz#+)uB=AAUz6iT2co87nbaicUuqeXNb!=O`!cKZ9zD800_0G2-MiC`)@{JUnIS>rN
zOw`rIznY5)Pt-Opw;kc>lG-di*u%zWHb*(7FaZdS5>Lx3@ZEPa!HYbmmiaf!Kzuq_
z2K9Styl$42*z%E;(3u%iFx0CU%t~@BcAW35^vE{vh;^8a(t+Yv{Gl*dqSW3(!?|<r
zh?7Kk+sZQwa1O5}gGYW8wmF^`cj4ySHz+VfZzJ<vv?|JNwFW=bW@PL`h(Z!@2H{Dp
zHC8&Q-Z|=N0r5VE#xp-@)rzB#q?A?7n;6D1BIYKGUYBUCeiBC}%0O^LQK4h71Rn*!
z(I?6Tf7*@4JgK+-^>shhsM@960S)GtG29;2N|C2zu)+14t<~ULz*x8+xX2I4{JKMV
zgH~&>#hg+uYJ&u&svhFC<Di?lL;PG#V6rmFl8$*YaW#~<{&{-VS1_<CQQEVu3_X4=
zPRw3dLwKAAfk0gJ%+Sgia5y4R4==k;cxCYE72lbv<>ux#4`{j`o;ZFt(F?~NbLZ9b
zpI*~rlf)zDHakdEZ$C?fr64J+|Am^05+`^EFoiU8QpB|7v1Lzc7V=;taHD~GLSZ>f
zJ5Qw^TRQ<nw!XYUPqhGYPWPLW%`F_!hCDes1>pwvHR6ki>7j)`kM0{JB8xr}F@(jG
z2LIyor|4f2$780QcS8gif=Diu$qsq%&xw{to-9aB<=N<qP*Wt3Ql?b~7(am+n*KS+
z0rhJa!E<hY1D{Lt<JFbpZZkOZx+kMo*RAV$h1lfC+w0WTx_6po6S*zoU!}j^>_Bfc
zF%|eXQo$JP>!BevYd->K-qWf^USyMr43XKpwd2I$y-NH(8d`^I;8_=dN)_*WU+QCQ
z2+{1OT>{?+i1~to5_;d&$&f3R)2!iP-FhFWyfo9*l3+F!k?fQGX;6B^?%aqeZYgGC
zt$~`(^RuqYOMsKo;nQCtLccD7z07fA!~Kiv^U>(P4OdB|hA<U_pe6v<@l=cpKGrVK
zGqRy3K5%A|Q*frJ*=&1J%K@7wM*si)Kp@&;6VUXm0Tvz^sqZjk7X8T1&aO!Marhe@
zC8dD#Ot@n4BPz#)y8rJdopp->0mkUb0`0un!+q9LX=nVHYg;%+VBoUIDOe*-(P^+j
zk5_;vX{(`lajbd0_Bab5{mdS{-PM`X5FW^UB1cMH)kT&59Y4-i?Xt|{^7QsYlcEPp
zM2`_!4UT}r>M6$K-G?U6NiZcDY`S9jA&Sq8q(E|I$KTY{3I0uvH44mP<1!6(0#n!Q
zYIj9rq&?H64%Xxn4I3y=K+<32PJI35B$-@biw=LdY5E%}o>*FxoRGTuW<n9Pzlv?G
z%ayN+We?7oIZNMXWF75W5p(VdDYl&c@H`~ztfW&*OZXiB@L>9Dd_UK974j9V-=;YV
z{E}Qb*PbudS2v&5TDH+4KcKejo=U9Z+_SMX#ojq}F%hG3+g5m)wGK+nL?L#)DlJ)T
zViSjWMT5QaaVr-miDS=#)yTImGaU|9++M{t2Cv{NjiIkRp0$V{d&}Pj@DX!GX$m*O
zdWc0EgGD^|#Ouv6<a!hK9A=XOf_$WU=l27K+f#D83n|pnh!0FBU}unfSH0p5ou|jj
zjgowJ;7I%c^v^=f?4o7Es<ze5`ZqWnMx1^4%iYoAg1R0o;`J+HGvfxPO{I#BEE*SG
zD$OUQd$5@%wi*IE({DmKqg;)vWzJe^zNf|x<cGi2iD!LgJ*ztg($n2(gilnW7wMyp
zNd5h>KAf$A*@l|QOxirlh`oUs?01u*Wm5mMquu-JR{g;-i+vhCteds4r3LR0+O>`Q
z5st@)S9EIis}mF!=5E3dO>+Jo-2NE5%5_rin=K*3BN$7JL)X{u=1J^`)!OgH?wjeE
z`&=AaVHt_9l}a6Y##|@3p>V$7DxX}Yu@jkRPZo?5f}`qSF1{kWTMb7oKC<3oOSV6&
zj0b(Cbun5me)^`fZ(Tx<N<H$}mTrPg-=%WP6Qj$utC~W-*N>WSwMOT&xyr1SUhT=Y
z{mMW>LQ?FBR?T|G(?J3u=2hRQM_G{B>UH=<Jp$e!3Ccfx6$=#NwYhQsVz}GKheZ3M
zzaz)%hEZSSX540%`*1#rQzf<y1*y9!d$3lMA5giqGNvF<z2s0Ltq6O)J|XCRQ2B9x
z@x#f}!C_DVgr+u#;VQ;G9Q(Y8e&z1Nvu@0r)x9%Qykx_3K0BSf8|(Y_?`xuT@f4ng
zWV|)xpWS{%zE7OGd)6(_s7C#8bJ6h$v+#m2Hk$hhUOZF`=8COxc#w36yDXY(%*$4H
zsOf$1+nPzVpPNbT&TNQ7-y7OAmxL;pq$98OZ^+%A60!~c=24e|#D3L;>JMNBC9bu#
z-xM>oyYXAHfOJ^I!SH!HhSKnB3lrXRw7{n&@Z}$G^nW(anNFv?k6?o(<S+?A58M(r
z8s_Pn)l~Mxu6kL!wWH(nou^g<x!`YoYS`&MN^Q3H5@V~6`{}8vEh!;XVOv|I8%rf>
ztv^4}vaK+!l8ON_&qjfHtrzS#UU*j`8Q7nJEPR_np-ukYs5L9JrcZb%yhicEsB0jf
z0rF)X1%6>nEx!t5m!+Lo#b;1_cLlk=y1%T!pu@hW=e13+XGiFZ=-sl1k9v;upZw9`
z`8=uf_RGiI<CPQBAaH!!0y2SP%-&s+%WM1iABm*M(j+p<Dz)J<Yc4Qr8J>~kt-i6D
zqSmiFI+zIpH$xx7=boDV-^EYApF-frJp&}!^Ox;Tu-};6-lk_uRai|)^YT~jR=STs
zNSb1j-8Yt_Sy3Ohv8R^%xamE&7A@p>5+qzpu=E{CY*=(&(W=khx@U~AcPY34aX9AL
z$Ro*Smi-2?B-8<-WOhraD;l0RqB!PZ8D7n%U>+NwIuWO&ATB;~dimqFO7eX+f4oGS
z=5vW*<%Xe0**XQ+N6O7n@)}{5?bJsRew%aeg$ov>^L5LKCg$$2YkOo9nTSZUU6^0f
zT3r$nQtcv7#aM3DJHGWq)^a?#EH&oDv+{FXo%_z|F)W+X+_v?+{57?hlIb)pY<c<7
z=EjEU*svC{Y-9#9zU%lD)_`%1PMobvK#Pm{L26$%N0QH0a1bjYL0Vv3<|REvZ4*GP
zo}PCc*%sL>TuIiNa$?wC_Avuy4(GL2B$2OV#j@11GihGj5cIvDH@dYQ6JZAO$)&RA
zgznoVfeDFE@JYglWbWoIlOO%5kek;nE%!Xp`9=;XEuSI#x=9zzroN#M=3GGRrDdTS
zR_2f@zAr$UYH#cGe(gdCu(Y#3parxE0WJ+y{TnMx4FN09n=D>WE2>>sy@SBPzvIMv
zO#DYZp<h?G9V`6+_LUBxs*m-%Zv4csm;c~5=F;b3@z0DRqStfxQ|-n)Hn!2m#9=5}
zQ=!oxsyk(mAP!TXxLV6?4OHBgSoByg1#LXPRe5sKxgLvB8;@$J!iSstmyQ?2NPHe;
zYDf&vk`1XC>8xIG5TB)<U#>_pSO=xDS>GchU(pJBeqnkhn`yP&Kg12Mh3Q?rW7(7I
zCuuYZ_-8imUV{;WuSPTLt8~ZRm>Iiobxh<}ww?*3qW0VcGf+|UY~%2YtF@O0Szd=U
zOnB?<F*}A+J|S`0S?<_KqnK^9V2uKVR=P3v<^-pzc;~~3v|xsuhtY@<pWAfbL}Lq4
zw_SQke6C(7hOTYP9<A}aujWPHFL%A|<?}lY4W0I-XpsKSw7H3oecE5KQINq(1>^rd
ze=wC&k#@A6@u5^D<GItxZ*KebMmKjDe-G#FC#>xY&HSh{wxD)j?RYi-lRd*~puU;!
zkB3vVBN`Ahv&&&&#$Gq<YY)^smvy~g)LX5kK)yWH3~v{{SE`_LGm9OnxCeIDh9<vj
z3txY(P8OwX^2J8ZrUK^pY;Z2YqiNTnlO%e`mbRI2txHDqj%i(ZIb@tTE98B`zX^Tm
z9{kB%&74IdI6O+6mIhmuyWRXLfgDr;nCvaEcq!<2ezwLPnEPyhxkI#ekNZ})|18>A
zF6WM)q`<hd-3d45wVp+deEosFvYa$42QAvWR(8tSL!9}#RgYFGe?Q+p9Hdo?IN5wO
zu4$RgPbMb)GvA=v!!OS!l~q0_Ky4ys5}LbD;;-s7T-8^)7hdOD0A_}3yToPPVq)og
zU^SpzgzmP2L8Qgl^FyQ2-@-iokxzN9I~Ol=-=dq)&NH;iwp)%gPtVo{$8*_(@}czh
zn$g?GhHKJ`(wPa`YCVez{T;Wh@=o3}GFMJ`k-k#hU+XIC?YbDVF<%Gc(8|^>%ULSI
zq6cN51rxtWKj4<eIr^13ZW~RVbK72&yem+H!`&UJh<iCDZ&F}uGq`ZAH~)vVm07tD
zRSi1P*yqedZ@!V_@;aj(YP|FbyQ0l6s~L3C5Mg@xv}@R;btLDc7R_d|fCrVAs8fI}
zGd{nLGiX;e(R0chJ@ed{^$0yut^^NWS5p~WX>f({<GxHX2bA*;9QHV#@swXI@or9J
zU#9AaeE05@1|8PiAd7EjZ|^XlED27<V6?Qz#j@wGoFFVv2(=uhUj>u>=$_6~{);?|
zgyv5|#{#^7kI0Pkm@|4r2^Oc)^5UmIYg^`%6y=uddy$_d9_k$(5@v&hx+0xum3!KZ
zK&`^*{tu&JRk0IDFw_xYaU`e*+eOnByKE~FZjO24qM-Rmy~VV&kuJ#L<`YSyB*Ihg
zg;F<qWAR_!2WtsBGt>BqmvQ%Dfg_MRPRV3eE!Z+2S#DXiD<)kU)h^5kk4fq9{=5uA
zZtp#+s%@ox88|EKgS@IN7UF<QI<kZ0T;~;uIq22h*ULzi#3%En+8<2}b@eJYmNc^>
z8)_jQA&gTVvwq*+W<ki}UuGZ7hFjY_Qu3AcwXYUT4Tz>7v0O0Uay=5cUeUbdzU{AF
zxEEom0Rqam&g+1+<M#SX4Efq)rfjB7LiF6I-06Ao#V@q8qZE*eZ`H(>$!%JxIJ0zA
zU)q9nN8;^=<AVLU@VHw~yE%XlXeKjG5e9j;F>;PtYCSoIv$V#xt&3KEgxuV2uN|hq
z%oYvv%IUlHU5-*|%zc{U?R-<2bWaX$^HWA5-5}DggNIi40M-<P;cFNoaXDC4QQU`8
zQ{(!&e(&+Q1%>P$@-pDs*{ZCcTE56;k=a{{<NTs4H;}6@P+{nG?`d2ux61w$aq8>+
zh27%~`?bgS&KTDEzlm->30XEy$Y0OS$q#c`9v)g5FMZ{!93$}%q`d;f$^pMY`QUa|
z7T`oGYG8WO0-aU|j26XSyg);A3-2cS93~~Ip<bvRj!^$O61Jm-sw*sRS?5CO##5^2
zSi2C9I`81^antA|uWR--8}TENp>Lu|za%m^s9hVStNh|V{f@00cW!*5#`W99Jb^N^
zP0k95DQkY(o4rR)4A0Yl#XU>!aSZ%WDI65lU*><X2ApbpOTj4T{&1-~h5Op4Xxk{R
z1iN)sF~jF*GBRt?Tmv@Ou`Sou)*%*$rCIdEbp^^h-TA$5;<WGea#T{MtL{BXbX!oZ
zmf2Bwc~b%1%(%9faLyld>3tPw+3-A(uJz&IsWGP9z?8nz;0%u9QZW-Wdbg_RE8|Lu
zY}XV-m5l@(ek`MQiQ_S?F!Fpdx%TId(-k1Jm8&Pit!*Xe+T(es$Gl9ws;sEIe2fhY
z84q)v*r^!NT*4X))arZV_k}nx71_2PcWbjqE4-I^^n{OeV(xfr4qAK_CZwUy;)41t
z7&Bi_O{@-E+~tLjIXzr(%C$(qi|y9Q(&4%*jJ-|MRlvjv+vpx*J8>$Xep%0X|4d!&
z-k}(7$nbA;_*Nwj-$#Xn1d0)Jz@yM;zuV~lbL>m}*EWqmDUhj?U_@PvPt3WqZiwLJ
zp^}Vv=Yb@fkEpyrT=wsR-whMdpJ=({M>-;G|JeW7J1b=FxT5d-Wkp(XIESNY$ndtl
z*}_mWPNiGN&`iL!cnU{BmB0tPqqBn8b#Q&rV*S!>Mv|7#o&TmTO|eNBwScg?sk1U`
zASp6H^3mz1cuGP=D%zesPBcFnd*od%&A!7DsOr4X={~BMfii~FwR#_HM7Yi_qYup{
zCSL9n9NY@LIZu@8urR+a$*L0WXQtWMYezM7I8!uyC?ZAXBiuu`7CnPzmWS9*7f5xL
zy34hQkNJP=I%-yC8*115Le8qsB(wo#z%8ZN;R!I4W#6%M#sQA`#7lQ%2J^sp0Jn~U
z8ne(Xsf{b$+;_^zN4B_SNro>Sq^s-)<5Eb!1$<!h#Z%y68G=%KgAr*a<~m@apBpRX
zZ2{ryslV;(XfnT~k3f5kJzf`Dl*%x<&CB(aHHUe8l-h1FdduUy=f0NG1s#zSdXSOK
z?1Y^KWQhAl|GmEljHnVNAc`M^KQ_ESaq1J%wAWoeY-w)^J+%q>b`pYi2TV}7UHW|;
zAoY=Yui-<uIgcwQ+?K~3T-SSZoe8`eDt-kV(96|wG>40%Z_p<TChtD!j&rl!sZcMo
za(J}OIhIj5371rRMRe3npZDZpZj1N8Hs)ww_Bi~kmKKoZA-tP$o72s~wFUQx)$j$o
zt3q&l+$J=2>=ZUm*!ucsYCCgT1&Ys3i=$eC#Z^O-8u}imv!Y|on_BO^&7u*r*N32u
zihb&N!=0m7YG&rDDdf~AUV}Vuy{Dv{5>MrRZ@6@oeJD<>t&Bd2;e|!F7-&<LI<+i3
z*8w+}ajQi(&B(vAxLLE)K?8DGy1;wjt{P~Ux$L!DAG&-P<EWgFVO?hhA=r;=Pb;TQ
zmQUwd;eJHy@5#<Evet5})@=89XP~)xAP0HmL!S0j5nT$%8sq&b5!S61$0m;6_vOX2
z*@1_J6CyQ+-3wnidom_o_1vDmg<Z;S#)vpo^~@(#%3fIHRq?^>-j_<*(wjKsYM~Rm
zq#Zz!zhutaCvC~o$DtEJ;;2HGJA&8x-m@89?o|{_TLTv;lF9M&3<OiDXpqNuZqBl+
z6Z3XPVl$~KQn8*lj9IV8v6>iX^Qt?u+s@~(zP3KaY(~4bmvm0FX4jyQJHESa{6NzR
zokcHdNMq+?G=HBh2M!4v$=|moZVourg<0dm_1;wUYdveIEQ@%q4k}CA4F2<1b!Svk
z-{`Po8>+S=4OSSQchOv3^XO5IMi;JsFLu~{jv!S1zz7B!ws|8D%lC;H;qt!jX_(r<
zKC@+CrDA2TpHW6s?IA9McBwqH@bUY#C`m=6*JN<uEMpN!R;^gDUtTTqFXwz%P?cEb
z!&qi#GmoYsq{oUIDP~lK(lP|nFc4{(%W7k4(OmvDT$D`A?BAz%4(ednxsE0fF8gFh
z?us(Zhj6b|@5pkm_27u9L@l%cUa20XxOO~C^jhene`?J+%DiqI#cWUyJFycyK;|4o
zZ!I}T9)dTzpsU^-B36BoLv_k<e=^FTO5-(Bh#VWSH7rp3{A*uk3{B<F58Kve4OJrH
zHI}})`iS=TxqFI%+ROLf-7Y#~eS-wa;<=(CUWvJ0Y}cVA^m!`jG@5^J?y?2}drN~v
zIT|dNT#^q;^P07QCvHhpW10V^M;k$Ab*x%v<*2#L#fuL=qk6%fwQ~A7LjJ}nSO^0>
zr7or~P|WC6qP1#Fjnyw~Ct0HC^&i^iJP(At(k*>elk{Q_dzzZ3FhB_1+Ab<3M6%KQ
zAUZ1>pOTf2ucw75p$3-C{Ig13dS~YYv<)d>|AVr(0BURN-iKSH0tMP)#VHiG7Ap=F
zN^!RU0g47M5VTmaTcl95I7Na>aR^Rv*WgkJ7F>&eC*1e<d;g!z<$g06CNm)?=d8W<
z+H0@p+0T-hs&@gpHWnFp%-#(A-cuv`+iJ3a(bgK!%n0I4)vgjMn_FsQ-iT}30YEj7
zovhjXVLvxu=rlFH-4Nj=zW;vwBB=0yo7a9=oI1iriW0*0!}?;5l>R7Ta>u7VP`aBx
z(2ZoL=In>r(ttvsw9OWN^~QN~qx_)zNdIvHs)8Fa$^iU;D1kWJrm(3ruobs&#m<^A
zGP-!AsKpGVU)HNL+gjD9F!zo2BJnecSvRC$CCiT6tYmCAix=|)L&^BG7qd8EXYqsl
z7yS`Q!VbuxeFc2oyfRxMXF=T|3f__|GM>G>>@4`s5NgR!6(_6ZlgGF!x~w4!IhExi
zQA~jXRa>v=D@OyF5k>Lyum^5`1anl%bLGxl6GblP#g8n#AXC>#c)31l@xN%(n2K?)
z>Qh(>CU_DLtCn1i<IpaIZ{txnQ7BE_aeRo&ae1+|(6Vz@XR9WO#uQGazMXJ|b#IJL
z;c2&Lw9mn>CSw2QB&LnlUKzkC-=tiH<+zOYsHp;x^y*@xIQG+4c~~acBHrwFQQqBI
zj=C_RJ}~N{5**bpHvn55IvP;0NBH)C&*9CRkVh|(^__`u{e|ijuRTvP@l$wORz(V&
zdRAxoN{A;z|MMA#ig#BMJ37xThs-H&QSEV^y-@kHUD5O=(;=4HiKYkxtU2Qnd;blU
zZ9l+B&;-tvfSu)WYAvP|1WpK!_KQlrzA4XLzAWY#O7L+Od#2}3bO%e%oNcJSN!3Pd
zcR<{DJ>w(ehQ{9I5bD>kSxrOUcxFFRQQVWOJ>^_VkAq9(&^v_Uu)u@n9AH8PI|GgU
zaK=_d|HWQM63}&!#O4wvVS9~TRDYou&Sq0JTww-m1ENW<1fOj<s7!k{{U8)=I=(tn
z1G_GK33o7|9@8tVLxOYkvI;kNqw}}wE?BjHT1gwwB+V8hlrfD5&#U)lG*hs~P!xdi
z3xza~mP73~Tg?J=rNqyXzw?m4hH-rL6J8d?qBvPT(R>Q~)~xgmX1+0&9yaaL?i-<&
z8I-RBm!bBWchWBZpxse!TW9u{F&Sp%FCexDsZ>sj{?af3m0DC!JGb+dSffas$<N$|
z*37zHN%dG<P08EWR2e&X-rSiw{5c&dtc(t;!-&|q3s5d1+b|Cz>NLl}ZQIw=xICBS
z20K5o)tq8gtr^Pm)_kY&vKl&I1T5<%R+GgF)LyIjJpRb$M(AN^-d^Um_@92+y|tan
zg91Ie(DuvrEAXY~A%{~+bT?`Dz?p3%9tv^cG*TZ6gca>ew+TFzf|_buo>{Jo0(%``
zmh@9ArmS6>U7b7@yvWBrC`gL=sj(^KBs4_Pdl0e^1LUjMl?h$0;+t6$5~;O73m0gK
zo&<Igj#5)z#eH{?{XILv`W#3LO=R1ZL9T{%RHt}oG(+(6-Q?)&471ADGx<4)@hgo<
z3tu3BynGd1BT&h*5rw;sRHk&x_Txd}GU>kY9d8ut==dyQ?_a(0sXae8dO8|a`yf=;
zezcc+-cNP2d?h|tUi^ypohSdM)nHBCf$;L%wb|05`xL|)n)|HtnWXTQ1+VxVBH<~N
zjaKEmcbD5dae~$nNjNH)j#NDGaqBIqe1MI1_0^pwHlzi=G7#vup;3Q!sv0M16vS&j
zuEkwi)BSDvoKMwaVpIRq!PnZewua5KdCy=XP^oY{&F+zpu!6qtwy4>eMx1eNrKxSq
z*rt#S?0&YO?F=H%J2n~Rq)NuVU)g0qzB<hE*zAH^vJ3<wC4@Qn2qn$#9iccQHhL2d
zia)e3mM+Ih=gkdl!3X`?9rLHw&6h>w6Do=D0!`vC-xq3Vg<2oHCrtk2r0-Iaagj+H
zlGX2c6#&pE==<xR^7ZflygEaLnJnJFXPkXqGuywJalq+3^o*khW*nFG`@t^dnyvpZ
z1f}Qh#F(SANRqw;YYbj8pT(eh?HcpsRYxeAA!vnD7?i<wb+#+K*N5_d`s`xE#Qd$V
z8X6=~8D2-_9P1o?XVnz8ubA2d->G#JY6L<XeJFuN%^V-Jb+*ox@fk1M!-F8E`OK%u
z6gFOs0j<r+=atdq=I%XeiIe3#h{F3@m2dCV;%`Hv>W(c&bGH#9b=x#j7m8oSj)>sB
z-QJo2ifuBV6!v`w48JHuX{;X3x$Hv7P7cj%qKRHo!yUI7NaNOZ$>rE>2Ipfn)PV(b
zQs3>X%W01ukHBh7N`oeKE$TF!)xt*n7!-fxdXisr^!MJ3U!c-pmc9D8A`dfxe>;cD
zMW4j>{4%hXJ*4{1jYd^UMgtQ9^nd^Wl^1}!xgAm&G|TvIo&XsTEY5TbS!{F`eOzCm
z+6qBtm<2q*naB#riHDAcI?H7B%{<H0Fns@^>(|e{r55MbTK&O+FB+WdUd@n*J)Kcz
zQRTuon9cex8l-;~^#j2o&-VaZ@qcK5IkXjEYBJvE#yBl2;IsGZnXq7mFV1IBuc_@n
zX>0&i!3k7oUErra!bQ<QcUHfRp~5#X-A_pQipdCtg_W2Bof0H2At!3)_=%35g>Oy(
zbkSsGy!WS;RD9ZCQiE%-hAB>mWkyoY60xqbbe^`yZYO*w1LB~nx53-l-ya*?Co)Dw
zGJH6?lZeX|%dW~%VD4g#is^;1PJO?C^**T2Qk?bD3uxH4=-~4e|21{DseSzn4ZM~1
z!L<P7RW2eTV#8EZ-SVuWU=Pu4TZa0K32xd9=B*FrK@<;7c-5=nqh^QI!ez@5cH%Ky
zdd$FtEWH2SV^L!Q@w+X3D`Vkja1o_>I~tqtakpn0`ng}1Gejb?2^>-`VgOQ9&hd;Y
zvEd7-;8w<P=(hY(-5vIAa+f#{noTKbbUwhcrOh$<4g)MH`R8UL5pDQAfUYJtXx<(T
z^e`*Bo2>yF+6mQgo2-D!{u(BoDKc+FiK<@6Vm_ymE6;xyn$Q8H%f^#S_aF7I@B^^&
zBv%Nsg5kG%i@09cDw_~?<{kV0@Dw%ENXrEQW=PsX3Di=fE0Ii9v~KI$McB*RX?OUU
zD@>90aXgl8sTP`P+XYqol{W6#ytWf<v(AI_dLP?kOyNhn3w37`;fTIzN*xaClOaiE
zMKY9&)nu)I5*-f*hu&DBHUsW*U(_g@=37zcowlH9{mH(dSutyR;#xHy>>CL_09gZg
za;(}7t=zwE7e(Oj*#Uo(gBJnd+Q$W030m3OF8{^$cMu>7ypT+%qJg4DgZUN4uk~7#
zUSXqW+Gi(RKwsykI}ss717u`mYC9#qU%X?@`iYp(U+Pk8MANQ`5`u3APLQ-{DE+>R
z^^8Rz6~IPtIjsVk;L*<ec+XvhyGwMi+>FNKaQuCVM?1L#1k9mmOg9L)F`B*KpT@u5
z2;5MvUWbdnX*Aaa=DTiYF&P)T_}-r}T8uA;y-wHj7+9naQdaX$!q9`0eGg;zlDg=g
zH4N`xSotUJp9^<GR+m<-CRtxSZ0wUuT&Sd5j8#V-&a0yLV);_He7LXgmfLsv^^Mn)
z5WJ7R9G=TWiJaO_F6qa67R7nAbAIrih{Qy8KutC#3RIpE@2a0E6a81aIt=e*`SN%P
zDZTZTDk3tH-gUW-Q+oL_GUD7&Deg4V{Z%SAa6JN7lXcmxoBi${)87>NpWku7oYR@A
zk6|#_<W)1?vxb7H5|iLnFVI9tc<h{8%9&*9hwJOMuH#)xJ^eG(>caK+07?Rqd=Rqz
z<4MRp3Vti*a=B5?7!M3#Ildx13jTAFz1%Lx&@*!vK+4X9dHz^@$>e=6THETMz0}A4
z5!y+yYSRE|F8QkNjM!%!9HCu$kEj(3en%%ISub12aSy9&gcg(Lq1BImUEla`V?m&W
z;XmItt<npu^UFHBckh^_hrHsn^>A6=#YS1P(c#_FtYZ@t)Q$&aFDpWY8Vf7zkusg#
z-8`y%Dy^tnD53aZiOh$89k|!3OjEw}xzR;wX@LdpySJtv4jB971m>byUof3XT&qQg
zYmUuTuoNAo*6LTA`*!vl2XMy{7{E;hirmgfeEiRbL3^?i+V{V+kkez;P9KEaeF>rC
z0}x{+--<LoQ^eLxiRqyQ43ck7^~U|-&KLBIJj+O^mcNOBxbxF{u7Pw6D7-wEG^%rZ
z8usdPR^+Vu<Z0l0^;{MIaiWW2gqpC<&rj8QdH@bK*!v01YJAL!9@G1+$fcX??k$1+
z5Iv@9J3(qq!QPrZVF1<ed(JpOp##z>^hIcqQ8!=2|MB0B0n{G$j)RDZ?y2&UT-9<*
z8tuN@00!mD^{o8WX>WSd^Gc+CxQCvVz^Q|WJFL%#@kxl5WGyUmGcq&PLk2;wbiO4e
z0pNhuH-P>Z@yjuWxGdJ31S47#9VOXp`|ZtczSkdUi!#m=v&@_1Iun0q1$TCK4&`g}
zB*!viuxS=X)z*p-Zsl6M21_d+855!dXx()H<?154kuT{J#PFZ_ch6<*dGD2V{JVnr
z%;;LJBhrB`Jy28kGk8YOeV3o;*<b?1T43UB_8#6m@k*}g6W0?D$20GDrg{z_z{gx}
zG0KYC)&5abY1EECQEccN*Hz-Zu18#xWlo6^4Y1Pzn>cUVJKty%@4wJa=B)`3(t6fG
z^X<2lr*APccf3^PTb|0fTOLFjU5g|2MPqB|3a3R+Jw%aM9G_;3>^2swx5USWb~Xt@
z2)c9Z4FHe?%k>mDeHTFV-3zOBeKc4gM7KlM`MrWd48RAG4a!+o@2xFTX{Bj`eIm4<
zii~BdhFNGTD12RtJFa;acg8er!tw|3Cgd};;gG-jZtezny&fDl%MCs;32K{HHqWx;
z9j%q?%$*;-^st2$j2Of!=y#&UBBQd<V;q|$ia^hwe;$yo*J!vxwTZ3GJC-7Z{9q_N
z_HtiuT=tFLa*8zc(S|+dXH9^B>U_K5>M7STe(LR;P4gMZ6zYmKc1m)Rfa+E~yFBvv
zcKG~C@G!bKcAs?q*roYP_07ResqjBRXfc0Yy)Zo*=xYpoX#-em#Fx%|{zY{t+xYqd
zI6y|kIzivNN$c%BhmL{Mwimq@H&u$gudWBUnbiflIi{x|w)PA%3@e~g4<_M=;%YdR
zfypPS{CF2PcUQuH{Q)_eyBa0oJ-5gpvH0)?i$9c@zjYm9?&r)ykF>oahOf2>3<I08
zQa-WMJn$0VsMyn5JHD+%y{t<JjNXn4a9Oa0J?D*=P5phH1N38pLDiP?@-NX8^^hko
zbOB*g6ZeZ%Pc#hO7Xh%^UC+P#AcjT60yp34{tWU6aQBBPw;I|P_dnR)_$%`g*U4S7
z;-E`A)m3;%NZ;P9`*zn#iWfOIwSwrOqu@%SgUNpgzW!EhMFgHSw~)v_C_3I0Vf_)^
zihj0ob4x>37&@{YiOlm^jmt(vsK^$=k1T-G0D>8a;o%`<oLNfb^fVPf!1W@SfJHa_
z&j9H)m=C@_*~=?>3|{Nr#-z<4{DbxyN^gvFYVljbp^P^dXg^-Z?EWlscIigc25{aY
z>uQds*=g#3$A_Ow<J9Ap%ioMppFJYLp<UM<tZ%d&?Jn9M$M<o-y9$HZ(eOL7j-^XT
zWanRxT1*bUD_0=Gwh;P#0*ma@KoDt9c@keN0|spO#p_oUIwFN@-S!M)8jCHx`4N!U
znXf2;ODn~A(94I*hu*tqw{|8Y_tAN`2}k4hZVAbX+s!k10tdZ(0S-0ku`5@t6~RJP
zM@a|V5*T#tj;SKRaDu7Vul@9&^DSoK+YMe^iE-baVlV5fm}(#}xF*UY5S>g(&!~h<
z$A|kapcS7^Mm5jm%ilM4%R>A7fl>Pdut~i-E)a{;FK&v+f8^0&j49)@<_@jfesASw
zJ1(byxC?Y%RF(G*vkQ8D(kfwG2eI2^fj33>TNrnvu2U8CDzabmIhF#u6}z@<2+^2e
z69X)%WG_Bcg;4W!QM)-dT-vvhnMvE*mxx^c8n|Hfs@{)18r{ZBE%T&ApU;S@1SVED
z{BD)lO^<*cV6=^jS;+M&i2*F>qE8H^Xn%Tj(S*ig*O+L!@3zblXs;meHW1w6;t(W7
zKNB_J*jxnA!kcy0qLR>$RQM2}E7%k)LHDGYq~E<Wn>s5s>qkd4R>Nrc^uztLTXy)@
zFxuT*;Km6?lGA5y_7f|#V^;yWw61fj%5L{2s?{>>js$Qxih++$-eR<n<5cYBOU(*n
zvu=RsQ)lip?vRm%0N9G4?$bk*F)|2gc+9fd1?XPLY)(Rr5q(J!k)?HIS-6xb@iC0@
z3Dk7J*~b`G^$262aTK?6Uw)(0tRHD3N3E=+UPAUtR@$tsb~&3eVCUQm-J9iKBxq~U
zmgwtPefIZpvR96|5!Rth#nH(zoc$taiFE_mq>1_^xNWX#bay0zNeVL56Zlo?+(N_0
zh=_<f$O&~%p?z`_aA(^Nel9Ue&$nEI;hLV8;1k28%4NQ}WQ{3hzUo{+lu&AK?<i_r
zg`C#X%Untu?iAYdU94Pf#r`fLM@Q4`NN5NPo?E5P?KN9e;@J7S(QI~u%X{jQk=R3?
zE;%L0z8|vetk`$7Sz^||^*vs#00af9>0ga)XNiU{2c2YoZSR^RjL_ZX(IM_1{zzQU
z;{_bz9ihXKVPv91A8}Ih?m{39Yvi~2!&~Mvu%t3;#B7Bgo32Shu3jhXv!>g{sZS#U
zCQo598I^*0o4v@UOuO_=hDRWNiOr@^oG2=`5yDei^FESM-elqPNr}tg=f=~BTIshE
znbvSXKsTYH#KElaeyDsTRkiT5Ijs4|k3O??ifWD++2v)65?1Sdaq*<nFW9IU$yL|+
zDza|g$=AQLBu!{+W^*9p4^(w!!l>&qO=W^YD1<>y8yzg_Ms=5>;M_L5=l}Sq*M{(3
zx%S7`a)aOFV_2n*QCz_BmzZZvOx=r$527KeSuV2^3ks{qTL4WffD(G}0yxV-#4k5m
zwfk!5q`0s`CHhX>SfL(Op>%Rl-YS6p*CV@QI;ZvHVqT2h_SVT)AvSC10#JrISJAJl
z96~1Mh4;-Bl6eR3@V9iLc%wz#4kCcv_C{H`c!I=tjhF1bzmeO!LuI~3H>TXcMui@o
zbC-XP<-DJg_F`=7>>x4>>ASGqUgMr~yl;Pt($S8vllwMj!Mk*INHYgnT%h!@X)iE`
zh`G&<9;lAy)r{om^lRizM$`!|J;Z~L%F36b9LafJBGaaFJTLCRRw9f65-88%hh%fR
zG^b6W63Z2Z!F9tehrBWCx5s+r_L=$Gr808yugik81~YSWcr_4Zl3DWIGe6%{*v!<-
zMSYdTWL3{&l#P!A@nmWQS<O|*SA4JdMLw2of<X<8T&L$I4_^0d?Sul~+E&v{WWein
zgspk)UXNq!GWc^$a|I$gS3U2omDk`tgqdq*eDxqYp<uT@heuUzYG`OUlXlL<dX^dP
zyopl-TAlK6f->0lQ==%XbA|AJWyIHyc1d9`&wWj#v?O&K+exW)Vw-e=j@P+gxywiC
z{eef#wS73a95D*6kWHaT;w*j_8jl8lCMv8gJH9*i>-xkst8Md5rw!|`kHA3c3TMN4
zW@Tmlii7n-D*}@OxX!j;Kv`Qe_~Ol9QB=#v?Mu?)orQWoqHD_(9a*)hT2A2~)|aG@
zoHZd+OXyLp@L&8FqgqRf-cp)qG_ipYkiR|*rupw7HT9#lk(>x>uDcSEuwI5z2aOT$
zSa_lPsGV9^a-H=plab@O06(gDeoIcWIBh3Hj;Tz0D8(4O#VR~canAE-|NG$Fl#=G)
z&R=Jg0?ezu9ky3ym})lBTY0LN>NzT{1tr!)EL5Z%(=Q9sg;#)0iB)Qz{FGD0hdAN)
zz9tQF2^N^9HhLKdd@3GfI0;9y4YjyU$dc6@=aw6=b1YWXv-nGa6faW#iTGH3kxo(a
zM{&9JksM2LI1Qj+93$vp8ppzhs8T=cGsAEK%2z|@;U0+o{yDZ``6<5VS+Anq4plJQ
zAyr$5iBjXyTw)*SmV9tbL8jiBlJJaI>mCvadx_z8->6lAGo)+dEW-i1(}D-ky!-T!
zd6TgFM3OqS_QRHCR-<hSEacPMlSiX@8WR>4O+T6?^j*wJx5O6L`kUR&IW`G4&EG_l
zI}JHmc=vHkFbW77ovIP?vpy(*G#qVsWXy<cN%4rL-bWDYl|9y%C;Xl$Zd;hcT`u^v
zKl|%~OLB@!yY`?vYj8jL-nyrYBB7joG$o;9(uX%-|1EOZhE20xxqS9VR162X7}>Y~
z(E{LZ4S=VG9coQ&06w5q)am(8;rBnm+2p!P*3CW-ZNgrO)hlZI$iQ{iTO(@?arMOg
zFjF?RBMp1s%B0Y|caT=5;j(>F2236Ts<hF6BAw?`EiugPQ19xnf~A0L<|oIA7cflJ
z+a81bk-_8umFInnBPsFpy~F<y79CQ?9iuTGFTRbC*m>Xbj&n6b9m=bf8J$;F6UA9L
z`Mus5F<_xFDsS+nsK^ix&z9F}Wc-fh=c$bLw;*yF$Ks3x8Cl7xtTQg|CT=|QY81qu
z8!ycKiPSbdLXAboVCyLZgQOdcYgEo;v=v(-<Ovh7vI9q-ji)kJaPZr!_aXkQ1p{Tk
z!Qly`zL|lIqS0@_A~?QS{&?~fYPor_TJ4w+kkl4RWs)njnI}VJl{K1bU$OGOU=n1~
zqo&CdtRbHuiXuG&dyVAk>9`$kS@u^BmpP>8G)7tV6(9!A96U$`XnQEQrVq-JxP@d(
zmjlPy%o}XyDu4r2ZvurlUw)TZ0Q!SqF8;EFKd&Tl_F5Ozh4VIME-GzHrdSp{&NLL#
z8;h$yH<_%5=$}ze^lRh}@BB{l-`^D53j8Wvz@6FuC4dP^>2?v)c6R<txNo{Hs@>8a
zAaPaQcZDb^rXW(}J7i<2LDk(MKvOw`7QI$1vPB3y7T7;kbDrI_uSBPWq3HC3vy_GW
z0_X_-)ZIMr0c5Zwld29R{~l8e<SLtY4_osM4)rV<>{M+Sb_TN^u_iATbZh*n0;B-&
zynw>8+-RMe1RPaz@O}L3s#Mv*a3xa>QuKLNcHQUtWptW5X~X0eeDrm*MX<@yAY?a2
z0s&-DMaZ$Ic#~TA^scaV3Orz|%y^eh`?;5m!PR__QKTn1&3=^c;3Vm%x>i`%)N8_c
zTrjBI#*$45a?fn&*Dik|vf@}Etr9O6+Z`*#cDBgDc%p>C>Da<Fw<rA+uega#?-3==
zu(ii2r3t2W)4M)}<CNX*vTzwg@@AoY*_SiV2-`xVH>WBmjwitdN97E{Q&{?pSk0<@
zeA%XjKa7k4rZ48%lrP;mb7+FbPoXr;l;VrR9};+^7V1TD4RTzGW5Z=lvhaJA&vuWp
zl9{UXn)-chhI1VYrpiVux!p!O8hH~6Y07?2|Dib+)vVE%BK%}&^Vyc%F2NMg82f$5
zle-dfc*4>tFuWhTlGadJb1cxTP@2;KcO1;oKO`s&fY&B#450yv(xPhq8?y{0lI!Y%
zckF%2)wEI5T9D%;T%!OKe8+dX#Mw64N~-}J!>Mh>HePjjI$8DeJ|=XN5i|(d_)fC{
z8yVrHXdI+f>WzwraVyK~$eYLJP-l*2oYFYd;?1A)E=W<t5BTa1FbE7}pwh8@gc5cT
zO^oN|o)<zo1=7a^;K}lBgEyvmy(50)Dh|MWmNt@y(ihk-kys-JF~62>Ch+Z(^7PKh
zRI;pFmK{~2kXz$V#pBnt7f1@8!4P8}pGirTh68nz9KSe;A->Lg+O0U;rr8uP@Pq|V
zd7YGGnhLc{*dQA7@)}7#$qDmBr+&pN$bbQ)MoG3Hh{;baQs)c1raJTEoR#gw(a{6<
z$iFVOU_K+eSxtg^X-UK73>w1j&G*EAul3IZl<4x|kWQM{Z5bLaD9g|8HRcRCR;niQ
zvE-(wl6VJ@;@zy>WioE{1;@euLQrhL5dec(Biw=Mw|_1$<<b^s?I?Jat)a)}dKe)D
z#m!O}Wnp1byzEqayKf3=o1fYT5FG>Df5E(pRz~j;33p^98f9sS3OqB^6U)d|FnJ_D
z*xQ#k?x(9ZLo%OMV%@E1OJLOl?ZV`zj+PsooKCBNdi`~h)t4VvVvn>JCjNl137pEo
z;4?;&kT!l{njg(m)Ymb|T0IEgN|e-};p30b!OM!55s{27oN*st!{@`wY=UW#kQ#g;
zQDYTq1y}7`2uNjVj96$1iKg5^l&OpY3QndLt%FAo5uQn&AKeC`JZc8j-9e>p<vocn
zIF=r7%0HJ4)2p|NyYJ9jGUb>niFc<j<t0LGX_B&}!E*qG8i{SPRxGlGU7-fMx8M_U
z{Z$`Y_nIMevd{JOAk#r8=Q^&shC27-uH(6j{tARFFg_nVe+{L$;UG8*qOzh9L7X;1
zZTheT7Ny>UOq-ADJ2Brs<_>$Tr>UAa@fc}kty5mKbV!Vf7NraVi)KU!k8>FE1P~e#
zIs7-1r5eB#p(RxDQE{W?w2$=8mJ@8JhEIVyrd@zE;|4T5XDHJ!rR=~F-rYlHx(*-B
z!+?|Gy*pfmz)0m}0jhKxAP&RPxjr<iK{%BAno8JY(qYXpNXR5r2bd+v-iR0N7kwHH
zILYq@lDMWVGc2n-N_)!u?#3A;094$x<E6qZ04w5)Au$!|EIT;m*CMTzp9=&!E()jM
zx)ktVaCaXl?mXt4hxUAAdIDdXpJ}e2tAPe@O3h^dV8Gihx0q?GM?gW?@@(%5z~x<7
z9Wkr9-($2ezzbWdieTLal*ih|TG}h70(O#u?Zxs^rms8n$(JLlZ!KeOwkJ^U0iG_a
zBqmtCrz|_p)NMppRdBogh4^aWa%o&&8AMgP`h$N@oM=m-gZSf<kQz%rcTXAazUh-L
zR5S~Dw`}siXlE3y3Y?-x<4u5aOhVd=$@Jf_Hr&GXj5EtWvc5VAawhruFhw5K=hRF9
zO|oJk9w-9}GZ+CC!jto)gEjZE0;SB+pfZbZI&|22Y1lq@DBVBjaK>0+z9)anYV*Yr
z&sn$1J7|hzjSqAd1P23K4hDLj?qra!icseK(dLw~l)_h7&e8xr6(OM0Vj%~l?_V9=
z870bEG(O<YzG4f8G``35g07F?`PG$)mzQXHdV20`8P3JF^&YzK9QZYn4!-ztwz}8S
zVQVd!XYR3}-pDq4IdUWk7%&Xb$;#E0A`lo0IAD}dG=K@se8_q->V7rxX^chMH}<Vq
z`j*f_G7X@@(<$Jv!qJUbvJm1kQq-AINO_Y)t{O`%br1n6x13_J$dXHb=E{%_B3%<h
zgJBW4s2h`apDsG|j*N$gJEQSjR;v-U1>gQ@1RTlV&I>nc>%N_;%B{hp`od;H<q0>A
zbIV<-kzX2%lhr($ZC@{+7Rv%hsxtMjjI4^y`ZnS!N|fvva;T-g2Z0$MWJEUznL%Ip
zBs3Rm+C5}e8DIcC%yv#m&rq1D;kI1nf_)z8l5nT11B_qk^?w?_e-<Vbd0%#|EC|#q
zmo?@Ptnqm$hn-NpDew4OTc2NPkVb$#BJ5B-kE+~!LIzX`u_TBSn!q~d-@@IJ6jFpt
z>o$-UJX<Nu99=96N(6uq0FZl&!UgDuyGLdpH-|RAVSsCT)i;K6UcR)QWe$wPaco+Y
zJpL$4m!j+(YS$m8x!9ve|E-ApD+<VtK`%Jk<wAv8{Qwn#NfRz@KtyEC<~6w7GA<ku
z!vUnxulg+^lgR(SJ76B}$0CwOA8LBxrEY?^bOnqqYRW5cRI4<co~zg3zZk9Ix1MBH
z^-O+J5{z4E{wL40mxyB7epsNwVn$=KTztfj!71pD{8)jWk*{PE(_ci5A77=m29tC(
zWAA?^_@+RnJ(Tb2Kp~TGF#IRnTD@l^LOT#jj7Q4>5}2zH9O9ey=}XOrnTs6#A>1qr
ziIfjF-d~n4Bs&_F&wD~S{$=da<&6wTP>xNZK)*o&rkF%&Z+&4m&?GNE6=4-!J_E;P
z`;>{WrCl>+mBt%}m=w(;{{nkF1FB)ohpIcCTXiUeKkjmZ5lPkP5#OZ8I)33?=}TLF
z;uuCh$~>Cs>T-(_HC1crSo4(-L|^jro-miQ(kiF5BlFuur!euF<5dW2@n(b-VUN}H
zAKLwpjqSDg_-wP0B=PBe)rgPFeVQ>v<Xh`be;zqK*dG7+<{)llPO~Zaa!W{;&2==_
z#A{`Be5lw0LdxY87F)q_U8wwr`Vo2qgT@UTNEKYLxwhdwQ#`<!kjL4*2i7-h%vers
zb~a5;u0+;>{2UP91eP&KI-z27^XO!Mxoe0a__YnNlsfrr3eBWyC=5Z!p*g^A@?d@D
zWwBRPkj^&@0nSh9(XC}dYIf0iljW%IEHq~m`<(jqa?3!vb1+H1HRL_=lmj%`Z}iT~
z_RaHeg$v{)oT<MnB;BBfX?9KVzYDX}VP%t18awfP4mH+!V5z(uNG4BR*jwyc3&aa2
zDUwMDv+Nr?i>zP`g5jUx#;`9B>bVeLygzG13D^zttw5ECai)gGFsnOpx7$%0ZW=AB
zSVoii5qIm@L^ihT+|>cY+IAv0bnOiPXsAh*_#F!OW!vYxzUm5iYLZ50{27Y9QfMP@
z|4X^};j_WX%&BzjTE{bGDS~1j8IPii<Hd315}ucu;#-x^*2$oxILGHv#)+f(+QWW4
zaB2H;W5Q=iME5|g@Y(XbDov^tkcm?J&pV_{it)_kYIv0+&#h5|>9HB+9o=#{xwqdO
zPy0=Y$3VfC)L}@sYt@t+hEAyhovCX558d3qGpgi}>p0I<@K%J}cjjR=s8E&kaHGfO
zbhYZ<(Z)~10H8cGdB{I)#EKxo;~Ocke68z&^G27vjTNMv2gEY@!$R_-szLEjX3hF%
zF!~WfDV&;&_*)~781H2UgH<uX=~5mv_einty74N-0OXQM62z<|F6sDA1U1bXd5wIm
z-R<aRj&EKujM*dS;W0x$RRct;-K?f6M#&-G(rlOz^&h~<9i$b2Dqlp8;<P9UCH<I$
zK<Nt9GGrC{oTkDGWt8J{W=C7po)4J-ory}IC=zMu921Op{%4kFd}^6fK{_&vuoe6*
zXDUL$DTf{b`ETo^mgBNT&wa#`j)ph}PiFxhZ|y~nb?_MH3|O~O_Du0iIkuP4<z@AI
z6H)j=B@NK*c!rNoRDAa<k6GFZ-tl=`&EKQ5FGW47Z!e#1S#sZMvj?wWTK(WpJPS}e
z;NVkLF`gbDJR;+$Q4~q3I~S$yhfdtwe@r6P3XL>ASLL;tv5<<_=-9J>*uV^|21}yx
zw#-c^Dpz^!WC6wtUf<G{Ms=sPLy^=W&#0f=>QjNJg$ff#F}ZktYtt;ck+uFHP7Y8-
z%o}0HsB+WOHnQQY04tjhUo9<j1J|mdCy-`=3Dagto54+Tx<P{|9p2(H^M%*Lvza#0
z)kSlKKTXSf{+NIa>f8xgfXNl;-n%g^8P99Yio4to5QN|4#bXzeE+<b{gUZYq3giz<
z0qSS9x|2{RP#c|O1vT9+GGD><i_$148EwR1;<44e$E-`t3gq{x?^?ud1}{fh)r8bD
z^O~0{AkZQpcuUufs8x2|*>;?Km-N~pmW=5qdnR<)(huc~$FTlK$AonNo9jz4u2_RR
zjiT533m+%RCy`PIysG-~T`I#_@{f|l%2yxj_F5g~lP%Y463s9yl`{34`&GPi_xw#}
zMozxrv83#z3(2hFm`K<Z{RJ0WY70I|U1&|*oI0l1{)RuCqhBth?er~2oqm(Xx()!$
zrAiHNE~YDyU5^%^$OarZA_&lE%vG%{<oE`Anhpg0EFH(G?nQMrNhER;FAnyiii+Gx
zn*S9GUizAv<=vq)>mqPnO#vMdB&hD~Y?y*z)@adDe3zkxrY><IsN6yps`^bH)1X?|
z>Ft9HhLYZ`>B$(2(Y!dPmC1T%RQG;){%I+293f|KwEZYnA-Klb7VJ9f^b_$Fny8+W
zMvRGjM4`D`$W`%**x)Vz*B9N=lOX(O^dI=t$L|{CV|8J8J|8{st-JG)L?fZkmZ+P|
z#VMXK^m~_evaWaJGhH+kM~L5pee(tFulXHnJ9P8vePOh*QmGr*j=9ZmKxJjBSp4P#
z18T}s^gu0uZ`f#y{jANdRRv(e5xC~u7QB7)rn?EvEdVrmF~G#<k1}2Fxo{1Xs8c|^
z%<sDYK0p5yCu$jxuU*%5hWoLN8{l`*>~X(Zrn|8?Cn0!k1DN@<dG)VhG_mheKVhk;
z4nG3~EegiV4KIWMk``M^fStPHHGhEct-{ScIn@l%Xr3I<YD*K_Qv^Z|JeyK2nwLS!
z^^5w(J8JZ~hH&H3zIh{jF0h8(03yIObLY(S)~y@ho?95v;J-;7z;9=IbyU9s7+urA
z8t?{O?H&uiS=;9A|JeAP8jb4Wo1<}4@l@fkwws~n7uV=HnuYqoMQ;3>7Fl)u(;wXf
zVs55=&Z57*@VB021i<kpae3orkkq=3Ip4U>0Rp-R-rL{;;Oh%{t!qg4A1$HAcs&Bx
zT&ynYu$4G>fOJ3uj59$s0X$LXMrKUPHJJhrIHM)b>N2`NF|gtU>=k^vo}&3D(dnes
zxHkj-CFq>VH0T|xi=?N}INE0@Z=sFhdCT#U{LNhyWv=;Gn74~aIHriAWFmZT+^qbc
zY#$Ngj;?j9{@AyT-Kv@jH#c4UZx#^+qJ6m2)w3>xU8Le*k8$I3{+DFbDC`pwq7ab*
zXpy=GcE#NoEB=rB<-+2=-eS?uBmEgy{+UhifB#g3XaLy307{Avqg8MAu>Vdy@I64o
z7FV+GUl1+-*Uz3w0NZQ~B|(N8L)HI&g?8Tm79jHa<6j7f{ns2mSb!L*%q`Zeo4w?}
zMy>@kWs&}LfbjsTShfni<euufzb+S~ou6gAj^3Dx=D+{?Pw#xXfDVCq+y`{W-VzL?
z%<mOQAOkAvyjH9%&|!wd`8Th(T)HQTBjC`;B`aMHY>JroDqwJjlh}V9=pWzR&Go)h
z8*!iykU&0T9x|H0#JHzM?E{piWM1_OMKm}Bs^!r|j8sKujM&n}F`Y}RtY=Eq4NezK
zaHA5ApE*a~cPr4LgYQe`j>&yvh1+MyMCU4pnb7~M0r~TWc7iBg@Mzp9QxVu{yY8DF
z!8G%=SQgvEqQB8g$$+uh*dwn=Dm1sbyh0SW9{b>M6|-^aD>S%&-*`@3?Mb;?Lpl93
zp={IPgYG8y`K6^ck8?bw$5^XMfg9e*#*aLP%$gjGwwu=nw2kUX-YXVyVcwmk18ATR
zP{odGDz4|d?dZLxVP$N)49uMUZ)(RQ?7ib<Sy14X%1SCpiBv=;LfY*896#Q(0u4Ux
z+80uc?6d6H*gvrEMn*(rD54x8qp1~Evp=QUIH#E->ra((8NXQRyily*xb(*XKWd%$
zuXFx?zLP)_53q`wC3zICItQsTUa<obU0>EreZ$zcya6tGN5^(Oi%li>1oiZm)|O@-
zDNr8+0Ya>dDPBh(Q$qp%SG`&e`5e16kf%jYl$y!dQD88I?6l#+(Ya|$NzHqZTMYpG
z%Q|h0KLwPnB6C!;I!a7r>2%{pJ&6Z)1zmP7_@~k0v#!T=&L&5R+A;L$s<1@&zG@W!
zEF26+%r`k}ewP8O?d+lcLe@XZZp3guB6(j>p@%%^wvC-qFy|`I-9DqiFV(P(TzSXE
z`?RQ;;`x=ZT;b-Nh7gtROFJn+_;DBgRRU8AfxDVLseJSjt7)MW2^Q;L68p=6X!TR$
zi&H3Zh9vJlw#Cb?#Td=gjI}JR8=Rfbrg_)3)EW5!IGev1By51}BHo*YU;Wom$4jaT
z(F%+s5p}MmwR>H~5)`&oyCkY_>Fc+(+e640A{iCJ=lQV|o-D{iHa)%8ucYr1?%-4s
z5iNDUoI6)E?fXt`!-M+7YS(<9smq@f3}`!8M+tA&zNxUCqoz~NQlN6(X$s5)Kz_8!
zXTpmEXvfjsX)5u5Cfh)S0CJSB5LGRaz`vQHxh)ovl9CcG&gunU;?B`d52)Qe&5MX6
z6xtDOAXE7M+y`egEEFUixOn-@S>Gk7_Ub%+?_?#Vn?6j0E-TSKsP2l?OP5YH#%$_X
z6a?#L@WAP2^xSPFwQr|#?to+^F`9ut=861iTiHV$w=h6vBK)d9{tn_A`0<8m&C`Wo
zqTC@X<jL-<YW^zQx%AC#qk`AReZsb#@uPWN<)XTj{|$xz?|0c77)^%hS{RCb^na@S
zaaX!)%D-LppG{R*N5}DaeGH62S=zyks^{LLg=Wt>t}30W2h=szX1yXF4!P4yc>9Gb
zy|(><_3&Zwz*}|!BL9y>KD%z)HFGs{>{4d64l8gTBkV`YR<!AKv>_iP!yo4!JbaDk
z7vcBJFC5$e91Ly|V_JE(lDL#eIp3g{cu@}s+gv%hmX4hryH1C&yGXYGQcB?erlzd?
z>g;&4;AP)_Gic1@snhV8fuhrN`+_vRv3Q9;aXGydzO1bA4@1L|%Ay@|B#H_87*K5d
zC?pG({~4}9Q0src#-yA|xI($jf1hNmwlt{jd@m)(VMPm6<9L4)fM4zH0Lj73lYP>G
zIG!wj;v(^Q_Qln=RpySoyCg2)Fh4M_=efsF!3?VCqF};(XXD&|$k<3@nb^&FLinL8
zAN|5ts`MNOtNe$ssKLIZsraABQ+dH*k(zghsfIjPz9a|xS$==|N=h$I4+$+!^^u2R
zOeK(+A0We?7LTdH?|+JGxbG5BM<Jw!`i6!u5iG9Axg6HTD!G<02*y`kGnl)<+{op{
z-JuTU^vu!x%Gg@Nxj??5Q(wX?C0*TG_HyJ(il6rQB;U+?zS0Tj)9E-W0d9#~SU0>H
zUt`pacRX&2v=|$6%k`9P9Rs?sG<K_9NzL#CoE}n0Ffg<p^bNJbf;xCD&kQPlyyG_Q
z^$dFbrX^z~aWuvAwYs`Gl<)KB&yY4kp3at*NPHS0iG-wI{;+ieRrZV={`}BG*OO&b
zC<&ac{7A45?0K?x3~T@rNH{)yEkx?`Ow6P<(z;phPT3cTUmS=;nouT<(~;Cp*R^E#
zdYg4HrE!(-;oI2tM7O%CMM1;4kGax=egi#xBw-MYBNCvQ@SmaWWY-uvKNV6su3-lQ
zON-y(hP;leb}aGk&J$A={6@;6X7N%D$@Dq>zXT7OvlV#PlAk*M{&nAN!Jl+>6d;Zm
zo&0WOn6xiB5_vMkmk2wAunkxDpo$te<^FO?2imp_Q8XlG`BI2yG#ecew`*gKf58>B
zPb$Z{WA@m^-`{^Y{6|Z6MwOrEi3x6WY%JgX&LlBs`Om&xw6`#Bc+uWlO(VHiyUz7x
zN`1a{i=Oo25_{p@P-uknR_YAgd5mH@qf?cIpZ{w~X{q^WSJ*nT()cxC)`>}553cE6
zjG|~ZO<6x4vp(~OnVCp(s|+$8Dx0R@R=uB*8sQ0n4eBk~tZb>n6hN0_6XNp8X24*(
zs)^E+#+Y<j1;5RA14?_0l&*H8o?pKBa2(8Y>NgC?tY^C)Z`mi~bhEA@<(XDTe$+Yc
zu5yx#Iy|a7mvG*LY%=bL(TFPy4i1*BOT;)Xx*VMKGhb=0?0iAx<Ms}sdIl*IrRPVd
zjT(km0G*p3q7QG~{>PUOJj|QZ!lyCs@_eokgNwS8r=OG7)|Te!mJA79(dOZumnQ2i
zM1;d}+}xZ4@m!bMTyqnT*~`OCEgKH&ZuyW7ZZhxKKi$<2OZKp^(!&}X2`1mA!+sm~
z<8yc5YI8lYnsOAv0P37#u>RbR^Q3a~4Wi!~7Ghn*t2HYyJUkpZSsoVQX)rT0;}5CN
z8(Kk?TP~-dkVwhRNlE3mZz=W;4pJ%n{iB@dq6_u=U)q3Y1N{P2vJ_qnP0u}DunCqw
zhi;5~nXIs8nxO;NJ4*jSiZFP<<E<o~wK;u>gkgGke9G3+a_S`7!Ur_xt(9~|rFdC&
zM>lyo7AcNmC*g|Xah`O1l3E_D5s0r3U3PszDwMzSC)DFAD@oPWG*m9jEu)e>zvAE&
z%HCP_#K6GFsnen{Tv$+3*Jg-@Lm)XBTCveF@dwfQMQn-$1gupb-xNMl?N_z_DfnI%
zarca489G((;l6NI9(-V!m{|J;-?zOD)d~K=u%aBwV&3Qx^?d7*Yr+#MxkY%OYO%AW
zP=cyl3Qg7fS=W`-Jk6^}Cn}jAtygDrj-rM*@~AnV53fHlS7wLQ3nxpu4_V5yP@gT}
z)>K^Sj5<bs$mc=rOt_~!Ic}R1_nwr3rtT!139<=CD!`Ix9Wb~S>pCsP#p>Cx?_ev-
zL(BiX;Q|Cg#31KSeBE{CNKXZArU_(cpZ0pZ8+RiC343C?RNek(-$8$R_u+sf$3vIV
zyPm?hwJ^CPMl9W*QC!m-9yRNPtZZxr6tpN&YFEcQKNXCxF6+wVT@W9S41ycG<88-J
z!3I8v9976jxur7>9&Ti!y}dp2p^Hpp-9y0$2RpmxqDSKo){tyURqADoJ2les@|pc&
zI`XcrhkS3@ILZ!8dU+C5#uhlq7iqL*x4=)MN(>)GlOjPQ$75noM~wD#)RZG+A^LKq
z+4!VE!6+G{wplh0v-RlQ*1$7B9dfWR;WL>imsmYTC^b(7n2KbjcxR=Zrk-bKstX$J
zotvK@;zB4FFCzI@!Stc&T32*8cfZ!H5yldZP>PqYg5VEW|4NXJ<s6#i63>!(s`WcH
zS(P3OT-0#%G7fg-;_i;?zy3O|?Bk-FkVme@_W>=@x=<Kc7(_|*%<su!+Z-2`>m~}C
zRJ}>WI-}oeXwCZIiGWs(xUpd(H2@gAZ&y_@->6$`#Z3*F1@8qU%j^CA4cQp~csO>i
zC=Xa}2m9aEyAyj^j<q+w`VtkzJ2YRtzI=Y-Sj{<7C;CCEKYjO!qfhKd>bZ6ey|f>E
zS)Jvupu*~t;g^LT*%1#`lt(S`eMraR(jcxIe|e-G!>+tv@mgs`5Y?=&k#d>d!?iO*
zdUDV9pU$2m+KN`2zC`+GBUFnxCDRi4JvjWE?vVY4v25dBP$JF@*Mu_!`|s)Wzt(B9
z?Rj{7L(~PrvVko|O*S@0(P^2jnGY$2LmcnP)05D!Rw1b{N*G16fULRslf(6yEY6FR
zJWXY3>5msp!rDQ67+gB_hA8)icAAECv1V^2Ev>5C{(F1&lhsBPR77o|iK4|-C@!xP
zwv*FSzMMRN|Cg%-UVn<*=!!`7&(p1rqctz5GmaASN?P=I8GB|~&pho82{l50Y=<bC
zoEXuBm1I+M{c?X7#z0C+`ZPQ@JSI*?Mka%Si=@a-!0n)z$SUW~+0mwAt)T@<4aZV{
zLM84AHMKI+vY`9X1M5E)1!X;%>p5Zj>==33%%ojyV~!_#4BD0Q2^GyH(P8Xe>ry0-
zvgeUV`Gz>bg!A)r6Zh(B!Kl~-*+<rs4|P-*>{bVSgqp(LzH&ZLvi`X70E25QF#Xr7
z0v-2(9&Lwpt=(6V9PCGSLNu>M!YIe`PeQmk6JrtUW>pUr@gCE$;+G$mWP^J2UEcZ$
zEY<mCr+c4YT%hjPj=!E<O+d+r7Nw<qrfZ%GKkju^5Oj*Fzw(T9Q%ic@AAi`S0S92X
zSFc_*?IByB(UO%L8&;F_a&nWx0v6Qrq3JJtND<n+tO372>kNx~cBURogDj!2Ntu(6
zc*spS9}TRFH!1)+_K<4W_3I?l`dUjsSZb4RV26(CS#@@{QnKta7MT4G2l3eHCl3##
ztgyb8%K^c?)bMa6*ROW7r-%AO#2*Xu21btkJ-_Ca)-m*5`%-(+pQm?jjz3b5fcR5^
zQ~PHM->drtaaVV@`Gl~noJsln`0~Z_N}!eIMp~NCW1YPZvU+Vkd{3+lo-(cEevDC_
z)nVN!Ii#ql=hxb4i;w=WK*o7y5i_D)ob`;~^p`^g6xHvz)99JClp)0Db%{aFZOlw1
z_USK;e3umRy``-6)fcE2fLfYVo&OU%M4>ULW&{wun^lDBG403ziA~S9i#lGR*YmBM
z>8Aa0OxTJdKDCCWrKL;XU7Jc$)HUo&b}U=Zy8YQ&URT?#hzM%7ot&JM8Mc7Bh?iFc
zs;a98FOC(XViNvb-ZgAReSa93lPcD?FUoaU#GjuoXZSN1^Vp;-3PR*MthX3+94o#1
za0R+O7|AGCmBO`_cW8;i68R+VsP&kE5uezGDldcO6-h$Q%8rO&9yZsO@Lj3DeDC0q
zzix?q*ReuH@>)R5U_>@r(v>IqyJTTu;gIAMLf<wV`G<-2dAMn>n+)}iroUEDK@!Vx
z0(*qJ-EX35v8sH|dxqU&4#`VUB)y)wCwxu+w|6!avx9TAO|dHMgVEwILrsnqxdK5x
z+v#LJly5f^J{e;{$S%1DkQpW}4b1=L%F9P9iv{*f-dfsPmO;pN<>XGDPmHRe15*we
zcgpgrNAv3*?b4MXaRHF5a^ZCU?*}W5XRc}E{To|RzV#_5;JJiPg^b(NPxFOmA1gX-
zC)2W@ghqP(%D`naK#dhFSoH4I5A=VmqxmXAZzYO*LLjO$7yFpj^M<?}NZcEJupE_x
z3owcTYP#>-i(&Vy`$31_Tk2E`WO01FE=ErG@7HDP98;U-WhA|i2A8Yd=AVBKU3bJG
zY<@;OUgf*h8r-mN{g50#lR*iY_@Y8>-URj1%ENl+Pk*AI<Q$IeI}rj(EwdLNhln7?
zf!GH5S%$aMO9LuNxPGKI8k}D2<7U2K&^aZeeEizB{^$2X<O;yF#<hYpKZTArDp%U*
zb^2eSCgA#b@b9J0c7Bbr+71f@t0^8wIX<Jr)cWtuv;VA$s|R@<ZOw4Bf?5J`gB5%U
zGar9E%t}$x&@dGxV&A%tkN?B!TcyQlJM`qV{UpWf@(Vs$TyF6Cz&Dtpms||OU-wNQ
z&ZAf*!o62}vwN9py1Kdu)6J!W)Q}L|W<LWTInDk-|JzXFU;d?9JHN#QWuA<P<zkkH
zT1f#(?2vK?YAsAeL76UPWlz<*e(RCO<mnLwZL34dr}H1h<3_8jQTiB)Vuw1AFY=^*
z%!5=}1)#%6dJQae$^@q05F3IHnZ&d+LW%J&In8=c=l34Eyzqzl!+@#2rezk>?~{Jq
z2^@OJ(ZBNfAg(#wr6~4HV*%BK=nqT&6meYY?u)^7xoFa&i8{#L6N3C=CTE_m-m8XN
zAf;5^j!~kQF54WQ=CRUZmc^pGPwxMVRm%)mwOTcR1&dM;dK%T4T#~xFml@2s5272K
z+?~{!H^GA&w)m|i{{r=k!p1L7QDVOZml_w1)4B2&419(zFWfVO-|;6mLon~)r%^Yr
z;#+c|GqV}ykerI7r@bmZq{pK%Kw31(%*pu}qtMwuwg$)dhx6*d7wY88Y`Lj=Yc_y$
z+D<zcXQNT5%K_(cSPo%?=2cHZRG7$fHrCf)11)f(g|dWY=3AGKKYaMG_SvrcIMc4*
zOj-%5rBuEg>=mESE%9lI=Be1xe&9)~Z5<=Kw|bX7F!%)GE=9=`FEs)=bq{QR&)a48
zCU`v)YZNFZ{wYOWpl43XnK3*o>i#xm*d#fJ=8#hFNouSEiBD|$FTK<8L(65VM}zNb
zrk1`JIP5lMG?xX^WPYU*9;|jSGry?eQZIRR-sl_2B37U0L+i)!v(@oyChx~TUg_Fc
z!)&uxjn97O)JVsMZ;(g$#=oquF!iuIi6L?+9}y{;e?j~7%c;Tz2fewyK&_`BGHc`E
z-6WmJsUeC+p<&2$jnjdctNEnk`Up$F(6GOML3uezh0P)CD5zkswY8OE!>n)cm@ycx
zwPZr+LL+hkH$$FWq!-V2{O(<L(O+GunkA4*e#D>R|8nkUMJ-q8$#3eL_UyN?HsmEp
z%g2G$1D0IZ4yX^Gx>Vlx>AQS~CA3cAT)zW8Y`WV`VKu9AJ7V^(<v4WXi9D6xZ7K&J
zKH8Q3l*oyXANBm53p@ARB8y)`>G(3id?q{I4ZUl#W9!6@5m>S(@hBUkx#B}tLFNaf
z){pLl$obFpB+?hSCOsq>=JzNaRC|>5UI*gSh-xLhVm>?VV)NpkGLxNrp)>J{%%&Nx
z{ppiP`D5yPdTz&5O6gd#N1y8H*<F4TX95c@OU8#+(G0If1)u%W6i>)W*ZKWHmJ_DC
zQ+Kp}75{0vS(58LE_WMABDMSZ%Mpz#TeTml^EGzcE|QcoYbx(E65y(Iw}7EvN2e!6
zF%PjN+Z|z5oV&kZ`xxh#9kNv>M#P0UZ5Tya$!_r&zMogUcSzyTZd3IhS`CePM_h2J
zKZQWWWgAAu(2$Dn-g>~y@K0IA3uM-EXtx$z3?wr@`gp(N(|2pN)VmjFiGh&3?dM(2
zyGY}NH%h&D<m$z~mq&x3nosGq(sW$;Jl(LS!Lzs88pc=sIz1a^CLd+y`bEe+Z0oOP
zg`ryxp;D&@+snA!pFEpA7HuZ07fB&GVRJ9!UH_j0A2RoyW9!w;)tXuKlEC+YUI#Vd
zE)rVaKi3764Cau|DEdHxAw}_v0R!Sp?T((>*BhJpKMZnibw1i?3!#z%@BrdF`h~K)
zF*%;4l_^;%$y}wLK>q{G<FBx;O2_!jPwL_Y7XbzRxYv%#%Iqr;>t|Ba?~f2M!(#(B
zSA3drF{X{b>#C|ampDJf)?eHmWp0Q++V~FaH~K~3N<m3S8xss-ZMLQ60=a!#Go4Yj
z4)9JP_ASF*j6f)A?BSUO638A<G#e%XM@9<s$n|v@cE;bnfiEMe|InUp!EINES|7ws
zk2`=s^GI{$hw!(Fyso*9E!hr>uFUMUPa||Y6e-7naWzZUmY5Y2d!29S>G6PE#4jM&
zbrAchMd)fjx3iwE+S~3Jj&Bp8y%eO}m13aR^T<`#5wbh(RRj7d?upaC>a}V%d0oR?
zCnfT;Vy!pg5w8Z9k!1$Pq`BGoX;)`Q7F}$%`5G6W@=H(U$Ynkrh$;75u5M5ZFn^1P
zct^frM(sP9@abZi;_5ldS?5c~_$gg*0Ea7#ZyR@%Kxg);ydZtN8wvlf>FGald>Hq<
zZ{6?`h`8kys9(G@w?w~v$A^@_ajVvhnU>bO5ZnukPWfa`^3sdKb1%pBb>93dmiDhh
z$8)yaIx#%##IzG#wM~H(CM6oQKy}F8!C`eVOydc1Y<90IS*Q5D8wzO1$h0XlYgm$4
z`V7>C7z2WO?fK3{B_OE(DDq8%^EB4_MCnW9l5VD=*#Fhsbwx$7HEYF)NDv8%AOezx
zB;t^R5(Okm9AFU1K^Vf25s4~;WF$w40}MG142TRlOOzajAUWsZHs|~gXWf6T>v_E0
zZ@u>F?%iEgyXyO@cHtXL?wh~VccUh(bzQG%YQFVDU2+=yrZ+4;B7z*<;{*KTQZose
zv^1lr2u70B4I1$e10OW$oa?c+Rj;mTNhl{B7j?dk@#dtR?TrfEDY?A$!%C!r3@G~Z
zn6c%A#G~g#E0E1u1PK2(FU3CoRMK@LynQ=8dqKQw^zY#GcSfz&9t}BZtFO|bC81jH
zh)2uoLa3KXVWECC=T(=*rCOMMTtXz1KW%2z<8ez83S01(YtZ(@>8&VZ_2=eRBgW0+
zighQud}RJPV25oJnzb?Xm_~Wcvt)ty;jkkA`qG=Vkhc$4Qa>ZQ8KAo<rP=)tRw^P6
z{AK3pXw%H~ybPie<gp3RZ0f8j#q*6hxD)^IF(1iFr|@dXBrBh}n7onEjMM7Uo#UC0
zc1q4#anQkQ3HqvQN|*(SSBIn&uZ{4I^{f@$m0l-24jXyA{KF@bd*9Odemyjoe*ITa
z8pPB8FC4yPK)X987&q023Sw7KCJZ*eGz~|ZzG7IE6D5lcW*@&FlHWW?3G~e*c&ryE
zuxm3XYC4}*QxlKT-??v4YbhwlBk+9bn(WPqOCR@EFc|>P)M{;hRvcAWaAC~Vro@$s
zW1qrluuV<s?#H^2O6M=RjLP8^+uY=?Zf<UBPEM@b7Hi7fpQR$LY{%c^$?X#ZfRvKg
zk`ZrFH!%o&h2TotAXXFNj?Bq<q?yfdZT3_6LGOplez&D1UgfdVFLw2<k5x)c@VV!A
zYGo13&7u3QkSa%5(tGWS<8TW!8XLdLMJCQ0q~jJ|`e-YD_Kj*~6gx{4)WAG>^IhOB
zi|F$SkH-UdU6qng$>1Stj0>1Bah)v`Mc;Dtkqo~_x9BYr68_kgj}POOlhTbdWXgLa
z3=6a^H*45ezOfIv(X2*&?)(}r=ZDhJ3PW2{x;+j~!@OR&Z!+p0dD?d#wu1ep0cG;+
ztEtwTxIGjHZ>6nM$-3G1E|_eJ-^p3xc;v3S=vY`o$A}k-2Cm0Y<MnD_akKD?VIKex
zb>T4<|MAr}6tR@Nf6!|{@dbkbP*Z4gMO@+Tb+OI>#u;{GYU*>dmA(8sfpOMj;mbC(
z3p2~1;q~?Po~r=ku(UZN6%`%F&UHyfw&HHH`gJu|=?8Hs;r2d5o?AV#Xp6s$`N&dF
zFsqrovGA&qb>Wl#h_B9)_j=efQd1xOW)H>|tv7acDOp_~nZ9Bzl_;e1AHCmnQNiOa
zX=8_Lr^Kc5=><9UJ#B59u-W!ra+8I%h^tUM{{6rOM3}C&^e`~ADtiH_Z*(@NJ8y+J
z9NbEaB1YuYwyLI@tj`p9N#?Z7SLUQYj_Jq5nxS+IgwY}<GN2n3)7Y=IyS>cZP>`CC
z(&y}5;RMVPb&{aHejy`OA?X&&*7i0PNJi>Kcme%lWQ43*O9&l1he%%X;1d@Y7bBK!
zH%pLeHTiAQ&_@+jjYd7m6OCu{JlpZ!BZEvQ&F_A)sAmbOPwxSwi{v2%7xcRJ(uC<o
z>y=WJv2(4e88a#Eh{{C|V^?x?o=Jze=h8jB%?rGZR5_8egCoY;9mgOQc!ATKL~!5i
zlW{ThD*xJ@EL5P)#P8RtpoNMAz+Ls%uT3xoD}EfTEF|C3egqQTfn2NGTd=;~W4)dL
zh}G-4&2|3ZW0iL-KEo%4s+!IPBATyztT>5R@_8i#j{rl#S!24z_0bM9$%eO31TT^4
z$tH5+U2&-!<``{{$imUthY8uH0rd}ARPOlpb~koq9~y7`ApNRnWZ_uPqak5aGHv?(
z{&(-3fKL*zLVZjIsnVfE#Tutg`ysLLhX?;BhW-~y0lReBV4#0w?mZ>J6Dmjh-jxYk
z0Kt(!)E=I|VX&K1@x;R@ocxN`(b1O`8DI?&3Zi?^76+TUqTZBwy>$xcvxK;X!{N&I
zJ9<9X`3iXy{l{?RqEO^hauUd$S6L&w8xmo%Av9ce^%J}Br1cj#k=M2T1U|zE9=w|K
z5rA*mRIGe0Gp;D{d+Hlt!Ta=S1QOKIX4+YI*Xn5i<mV)VRTF}OOf2vgH+?$MiI%F2
z8q_b;>3}ec<jP`%_n5fT*|=Hz$i9LfPAC$q?6`Oq0^n4c@GPL;vcgnaZMd;;OFvuj
zJuk1b42y+2Tt`kuhK{YPvz?A!wl7doEy?Qt{G)&edSA_Hqwa2o3@iTdyl0SuonwWH
zLr<ccqds%IkV`T(%3W0ECYi!#uIAfh39@mL`t{J*TcRGa`&*UuUSDeiM)Hx!p#6<8
z#cY+7C@(YkJCiYIxD73^f3rGlXLpl~yIb5TwhD2>{rpN~j`grD5SKo_>M%t#GojnY
zESVFmJDuHR+f2ZN>QI12dmnAfv{!|_7z7W#l`6{wY*((VKKdq+UCkr^XrxLP4vv${
z%w#SzZgHOZc=*Yar4kI#SC%t~F_p<`Kj)3fwiq}gxn9$QT4?sGTuN|B{AraAQ)XtS
zB>25S#YCb67dVuqg={n+unX8f9uzCU{A4HP98X)0Dw_m<bLSq4V>HrT1%QmVI+HP+
zjiz^~QZhZAcXYcNIr&xE7eGQwCvh8tqg}(ahv%;jms>VIVY^Sc?<GI;t%0vF>^L!4
zuH8%6@Jc&23gv6mPSghIrtn#l{j@Gj+1{HIU5l~9J@Yx5KL;(eFFw?>a_R5-%7p%^
zv?DFXeDH&Y5{GOaq>phGy`b2qrQ#CR+;ZJ*m>LazD8yKAU5amrNUcpSZk|obM09D{
zKNi_<1ixu`9u)N3;?XKHhb{YOwz66YOvO!1V#>xaiT#JVPYkfs!F{Mh6Y5UA&d*qC
zVB!WhX~g^oODCfqW5R1{YSb!voAM!h#e6fl!!ZlwW?*fRJ>ijH!gq{}Y>yvH=i@{j
z+@`;`fvKPRw_;n}<@v-__;KrWvVSpZas}+q6~_wy=G4?>wlopQA~wW?ikrK8`?lw!
zt&v?Rgi>3vyb$FtLZd+whAcI>PH`(7QjQc`I-EO6o<Oq+xuKDa#(*sDd^`|xTxkE&
zNNi7k6t=aSPss$MNl+Ny92CYxy*Rj&*RRouhXM6PTy}Kqo9aC-PPBACbs=x92a(a9
z&k!Ob{gisTbE-P7Qn!v?5!N2cG}|_hfa2|^W7HJdc_Y^a#}II^<@P|05HhJWs0RGw
zUGa8|*C}Wxqyj~1i)d+{r8G1&#6<g?5tMpQiwIx!S2LOFqY!bDj0|+M-B58_A5&?<
zR2r}a!p+Vo1l?1Ln304B6NWBYJDB+$ND{GUNXbYZgU>J)LG3T!LE=!vISn+28Be4=
zmW<87mA(jA@H8CR34Zx<Nd_PrSkYYsvjA(I8~Dih0;q4X+k}n((LuggNc}G%TpAmH
zWQP0QGMZ-r$fR2VRg22EIH7N?O;_FWQXd)8z^f*j&2t+%05`X$LD5UfRMzG&CmMFv
z(#TC><Fv3+DDZM7<`t|z<saY{JJ0Y_Qr~7NLaOv!fhnC=!~QU<zQ$|KqssO@vM6C`
z8ToIltUp5{JIa<rhZ0pJRG8nUuhQwv51M`09KGKc197_{a9GtoD++2Cei?TXqszIj
zPFw=c`u<tUUnc9G<)C8bBGC$G8`@ccg9oI9eJ7nH{Y{vY;thg(tkN!%FIy!y9nP!g
zTD^h4kvW(>Y<S{fQ1kx#I@M9{sr;w*5R3GuRQHG<iuwz;IP)$s*~MN^E|X&Dd9(g8
z8bR2TJ?dK;081K|7!#vt9uQFI<#9lU9-T`is^wfx$#;5ymzHzM>N9RufByW9!3GBh
z2Q#`oNP*^=pjxLvGOS=9YJjPkR_d+uAb@{HFd5QIe6J36a6kbd(MiT$S$N}GLh&R2
zm6Cv>rlz!h2({j}nh*AFZf=WZ%f8|5g-&w(!qAP%E{xykuLlw_C!TY%m+LA|>GnoM
z_?<roXXAe+Gw_`2Ia+tU;lO&@8l2M4t7%y%fg?>fhTzTIL~g5JuZpw6hbw?}v+>u~
z{Y#gKRpg~#XykX&gYuWQ91ZlXlu#wD5$8Mz-<9D^ORYIz1Mj>^Jxo-yitF>Lt~Ct-
zeN>MYx$f;w?}2+a^d_l27mDI^sL1NKjwMVY_eGfwLxD|J78N@DPL*ehff0ZC;iop^
zet!ze{uass@}dDrnwSdQg9=;SwGMC!5!3yoT<r}^e*$e~+x4)Lr-i+wjVpH^e248n
z`5T?jd9vzsfzBIRN#!p)s;WNeN)icmKUkMSJ2U_6&s5CMT`wwGEk?f14sl4Xu)&Ax
z1GJ>9l9uz=&B8cVt`xz1Rub1Rz#$}S^Y5_78FZAlo<1BVBqWT4kI;Ryt;RkyF!LeL
zlOLVEO%wsdd^AZPi;7^D%%CX(!>awIQoi!#4f;n0+*&t@prg9FO3swIB;B*=jF5`X
zT^6$r0nr<_l5Oq3&64@3Vn#WNOsgLi%c2lR+}s#b`BrF;^|G^pzP~H#9qnGq)6iN1
z8Y*9!gYuH}V3PNzQ%-aJLRa#<nsNDc^<zW#Q{-nS-tcA#OdWnKlg`nG?TQ1h$^8CK
zX)L10mdZAssHS0MZy3*l*wUq?p<?MiC2yw~I^-<2T3$K`sNRYdVbW>9t*vq8(?EEf
z%jP+qzHTMV`8xgC#{qH)s$LU5+k3!|_}KWv`b(F7jZ^XWjlAyWCxU{p`0bc_g&td_
z<p&-gPkzwj5!>6_@%_ODzf0^R!@}P1%FWDkm$94oB%&x?DG7Nyu!=FOAob#oPrYn6
zb>vekRnwYX))b~Z>(oAd54vqtdhc!X-O`McW&mw2ldUq7f{FUXBOT(;do3V%YwiHq
zgVflj;(_*wZ+#&qwBxexWA^)MGi-Nfw|jC^8_WBI_dzgpAzwux*4CPfm}AmVOJ&;B
za^fqS`31~$X3=Ioxo%y?JUTP_XYBW{ToNwD4>HhDF@8T_WtR2vd7%Xl{KB4@mDO*a
zQsAs$PfZ&5MY`N>N||Q23Z$RcOhgKA^c|i94-SHznE4`6L@rvZwnUe&u1gcFhC2Tq
z_=xL8nVJ9Gr>pNh+I4j3DwRPQ{fJ=8a?J0X;_BRFX0@xo%PV*m%jgN|JMZ+?-*@Z_
z+Q{jhNU0_G(I!>J@@}wQbx9MNs1l&fqvrOWyPC?ZZwkO!8VSyp=L#!(hoW}i7+*Re
zi+n!0{)#nS7jy%W^*{yO5ArYPd%@G%)Nwp{62{2rubd9I{<Yr$boe=1Y%`s24F?0X
zrJ9i%g8{}<rUqZ?V%{r$vy8$AApZJ`X5`_ag-9ehY6R&oQa=O-s`H?a_C>5eBPwbX
zsx0^kps46)i}=UF@A>`Si#uplHP(U!h{gP|x$nFtmaFAhdgacK<CG1!7{w1EjBkK!
zA9zQKTP0C#EX7a`Zsi*DpTWAn(Yyw=tK$<Bxd!Npd8Xj$akf@g2?;~@-9EWC=BH0f
zSO8jp!7Mk;y79KIvNE?mSlCKyGm(lREUXuCyt}M8(@323&~}_H^_yI1uaDuulosA}
zk9VAXSTovG!(a~N@3O8%{P~)PhORQ$cD>&uO*1;7`pJ+k-<5aG3$s7~9$S2Ht1@D6
zcfEwUYh-(EkYZ?Q4Q#l?_2&Tg!VESfDSa^D3k(cY4TFg+&y2=LxY%R^DMIR!k_6Sk
zG+-pl>niirK{P!jCH38tcuuye%PTT2`|%A+SAB*Wqms6<?d$R#?F!$oU5!t=G^AU~
zB;(ih>XLO?oKL#YzfyKU--{wXBqZb&4dHm4I4{r7%}KF_WZyK>CIu?B;-A6hfQGQX
z@n<Iok(I5tiNB=2W!SE9-vd#`L_ME3WwxQX@n-_}zh6X=5THN9V`8#<-vvZeRtiK%
zQy`GwXSU;lK|w)`06FjAwwxJb1>~+M0j=mL?z4Le9v@GY%}1*U*p8EN=lgf?UH$L7
z{);O<W=svU+<=5E`*h2FLhI+m19qN`mp2@sN~OVI@ci%J5RT2+1SYu<Rd;vca%+0#
ze7B=picn?^2m}PeshgT+=J(pvNlE=%4f|(~8Z3q!=Hika7DfgnJw2kgqkr+@6WRf#
z9{NyhDcNH^w|tyA-^D(Rs&*tw8xAk0a7z+#3GwxlV&hCF*3{M{(*A;VI&;5FNkye#
z4e;$iZOp%z@_&sfN(2N1DBzO8h>KH@-FpsAhR*+9P+*n`kW7hI@jBj3oB8qaE}}jI
z$E}uJ;8}gTtl~``UqHjYIU73xP8Rdf(x_3cbKko|{zN;jMH0w5U}V?@rI(aE)!8la
zv{fblbExvavASt)=7zTgLj`(~g@uKHBq~j=hV%^vi28?dFyq*OByQ!UGIuqgH)ZCf
zU}CsE9hF~kat96<V~CoO#>_Mf3keBbWE?6eDt_a(x2L#28WJ_Z&8^+I{ve<g5dfv6
zr0g%zj)u+YaBWw;FOVq$^(`0(bKK+qcUt;Sho*r}<pW&(H1rCh<d9x(V%EDr4~_7C
zIKMpe0t$ty4`6ZQ6MAY;Tarvdub~f@uVf6Oa&p*mzpKNm>Dbq2_eXuHwSnMw_N7_T
zOT@;gfw8RY^(0Yvkg)U8b2U2QaI|WqJ(;Gd{%h8=h)TFbVvieW;r1DXa$u~lP!j_M
zHqAigBeUC)I(Bl=YL>Kl7^HQGrs}(#*q=x7SDNi0*leBLSl#7e&z={HIflavLwKY+
zh#!?5qdAPs57MNYJDT+*i9P>Shtzq=Cg4pWMd?`5t;Cau($uBQ6P~uKGIR<#E}zYD
z<TGn?YZlcM)6~Mciy(s)=I*V~1LwvNy1_Lx=PYeMK}ZXk{L2Nj;B*GzX&FX(!3(y9
zwDvUe`vtYmW~{|>N<a&uXOL*zGZI(v{dx@5!11(B!2`;?XCcM-+f$33{(f&W--;<w
zRUQ2}qAfZvI^QjaIl8sJEMTB?Os_6MCWG?cYPPu6|6W@fM$*+K+v_Eok0<|Q^2TQu
z=Y%`;y^T9S5&e6<7KOprC(77Fl;H~Q5K>-<(iCq&CI@NKv>+us3vK{YNz69PD@km=
z+|z;|9`=RM)8@gyy^U_>9iqqM=izT?2Ow&^iz~xO(QNyMBflLvLn13LSpLwLi+c!q
z!|<EJPe`l^a$<M(tTmH=3QnJXKl)a9tz2ACYeg0d`eK|YA?WQ&ckf2ImPY5%aXF~R
zk`{)aKJEMGv%2X|QY6Y}d8lhV)hvpYlQWu{q!nJiOa(M+sM>hG`i&1Y@V98uwY&X_
z;Cx2o7t}=Ps!LPaw-EZEvu#{QR9u|=^7671kg{*o#}U!k*w{MUlOif6)}|DD#nF)x
z|FGKLvLX*tr6?Xv&xYrNQZ!rsPBtb%iXO;;es-3nwg2AJG#Cv#RC5C^&pm_p@ZK1_
zo=l3@@h<0)EN7j+en;XM+IJ9|>+mIWd9U~!hR@ma-JxFO={8KP|9zG^DMmYY=D1>~
ziIu}PCl0tF`@eMLdV~n&YzunZ<7ZE?M|s^h;O}AiDU={XY%^}aE&U%OF1`ow)&3uh
z82`K&igwCo+Yi%OKMifsfj|_nG66vQO;k70gl4vKQU(?UaNO#zUcE|EMi}rqs1BiZ
ie&D#r1spmp&*}Hm(eedE2F{m&LtaK%8YTJ0_kRE#d$u9~

literal 0
HcmV?d00001

diff --git a/test/integration/consul-container/test/util/test_debug_configuration.png b/test/integration/consul-container/test/util/test_debug_configuration.png
new file mode 100644
index 0000000000000000000000000000000000000000..8fa19ba9399855fe8a9b76c203cb0c2ef09c3f0a
GIT binary patch
literal 294046
zcmbrl1yo$ivOi1+1PdA@!QCaeyF+jr+}$m>1b2eFyTjlvK?iq-1a}DT{3qwiJ304$
z@13>2S$k&p?%mzBcU5(D^{;9|<z>YY;j!T%ARrJWB}5b<AYkGlAfWSM-+*i2MR~Qs
zzlG+)!t#>B!i4e;wkGCQ#t;w^p$SPa@^OopzNarm>>5IpibA%2PLL9Cyq9YtWTZp^
zXoiF=t-vNfOF>a6bWt^EbgcwpOHp)$aD#6hgyFtGdQ7Y0HiGwlt+s0(7h@wS7o&IM
zyt|p)H)H7p5Mhwww6eh%5Q8Yjl09C$?`!OTzFi^gf@JD?jUcdT$J|#wF(KeP81dBF
z)(Mj>>9Op|G~em-Qk6TnY3lIGR|r*h!`Oitg)ejup%M@a4Pn8sF+V(nCg;H2!vY5s
z3^<ho>ZOX4bDD=u>QR$3t-RC6hHzyHCP9S|Fd_67V^j0pB5EbEqS}BHg$+mjJUR&I
z5x#xj(=YLMgG6q}l-w&x{H!ru5}1w~CD1?J{t0ePI+;p#ck3x@;AbZpi8hzgHxvbj
zuwDk-8mYmQRXI&GLPG^byTP{zZc0Cu(uuFaQ}t~MO&{N0aOk`O*6(+JVNR#L)E_=K
zsv$8=&f3Rg{1!|01E>Lh<hi$wq_xfk<_b(c@L6=jSy^Zwn7=Ld?0x?*_9+}TIr3-x
z9odxK;`1G`ZuDXcA8?JCsq;{6FtK7(D)ch$YAj`yU$-}PH01-$GEVgAHZRUQvT!U@
zw?T{0X<_4^k50NN{LI`!4QvR_Uu!LejZKq5Kan%^QD8k^y}o_LfD#4J^mWSW8y`)z
z>U9j|kRwLVH(~?~B5X1*5LfnT1=SbSBSOTTI^T1(709&<hj?4hCC&S5ZGMD8Gx3T+
zhA<O7h^031>L1k3C54>OA4re_7I`Vz!o3a=z@PBNo`7`kdY}B-QV%)(3-{TZXF@0u
zKaOfxJ3;tC2(+)S6a87UQPBPA^k67qRP^{c-bVRtW`9V3gVkkhhqnUd(oHgf@TN=p
zBmA1bJ*=M{3UscJ#aA{Xh!nv&ly?q+Z8-vzxMBWiM6XEw@+Tb3@RZ*s2y9RA6~DQM
z=7QGttrS|FcwLN)9keEprH}q8$h?}|3U=H-<s$-;FUgO<Y6u<p-EYum<V|lYgQB}+
z&Y*9(Jh4s!b$bjceTj4SDDmPs!$QwR0<$+1hA81I$Vy>V!b-(v^E4FjikFLZW?&EA
zVTTvyelT;aV_rhW3*5;~%2mr{&mEo&o|M`9d}-}O;Ew);DBNwPH}X;TJsUYDN!OMh
zJYzw!f3nyJ*@*TC#11cJc!6PLH4=c|3YQI|^=&I^E6%bnZ}f5hwc&srM>_V{+g(3|
zZhJfRCZQGj71R~Z6}lCO6Ozn;`F_n!ud|=7sNQrP=(^$j;hlj5z0vQ`Vc$Se2*G|4
zA0)9N$0e*ovq5<SyD1`?i#i$jUh)%JB~c>kVQ5lFbf~Q)X)OIv47wOvtZE!cVn9Mo
z!Yg0Shzv-z7?&=P7|R}m95WtA@O5305?wfqn=CU{bWx-vM=PJFz%xD%q&`@)?dnjr
zMZJ}}Wi!+sOEHKuSi6Nav^$&x%KF+##Gfl5|55o&`8#E~a<M!|!9?E2LJ5^R#kUG0
z@+-xFGFKIQ3AiGo;;o8aC2IMlDkp`Ktgzez1>O>^1FnNt2V@5jh|<itHRdIC21^PW
zSk}twl8dUG8k}m)LU$1k40xjK`L+A|m!p@PmmZhn)Tz|87#*ND3GNA+)C9`A#Vuv$
zD&fjF%BQ8?s)ogGWd$YHDwe7qxlyX@D#%LX3hQ~^l3qqg)=?L@C+WGI1G_vkzO0{E
zdsq|AkLLGg-cQd=UCyFgo=mkBbLNW9JIqVXE>$|KS_0Bak4x!h)+)VZAE1R(x()J~
zLGO<v6z~x7`0+}{_%i4-?6pZ&DOc-T5L@IfL)<^L8?_(1Tf67oFWn2?4__T#5@4ge
zO@2f5h8vOVE#G_W5B={e*{#@cnG{(KaJF$~Kk%{@zHj}&z*@=HVd%%IpPHX?#MW#M
zpSF}zn5>$-_R)XzXf(j2b+l#IV25iAW3(c3*-)0vG{rP+KIKMzf)0{yPJ>0WEwzZB
z!Fz4a4ez2ueM!Ag6TjNisK993wtlX3_8_vpgmu29=ROLtuYbTKK_-0EQj=M;;~0PW
z;j?lpVe8dr>(9E!ct>Q{SJ&T=?vX-~5|DU5VKc`!$GG*OZtneP0{yJpq@eI9qAl8#
z_2Eq8F5;Z$LLOyL9nbR7^X?3<L>Ms6lCGlp#yaU-Wm%OLg)>mGbez(f$vys*{XjSz
zkO1Q9ao^V8C;Dl2dHa2TtGVZ*4GT0pUp81atU1IDYF&9KiLQ+9DjGALnICgWId$WY
z(Dhwc?Zj^&PaCe(kG|)=tva(sCWH}ziihDrU_p$BYIxHv_$;{WhYy1T74DZNEC9=G
zq&XNTpEpsE(;1}yP3RkSPiC-YAOrGgNVXVlRB@y$!9Hp;=ea_>eLPDkodzElQ49IK
zaD>_?$xpUNZ3`GR^P4l90rqr1n{M}R{eK!Fv|$|qK7Q3pl25j?&6(_32~@)>VUW^w
zGO2kq7~6Okn%tY*yVT2&jv~uyN*kJ?oWcUS+B(_l*lNCLxCpwVe?)uM14=tco`3BU
zt(N(izLBVy%0zsLo`|4ZbYGxa;4Oh5$sNxYgCDo{^~<=#2nU%WT0!Vik{R8Q_7ol4
zJFGB|Brdwu8Yg8mLe6A3WBL)Rp<E(=g`ye2y?-6UGHWaGgQ2X`Sg2N?mV%9GrukY>
zTeoM{V^&g5l6_J=-Mo5-iQ78-T$mS4PJ$%Ovg&>XHGs8x$>r(?YcH$0rMISKbA!=w
zt25)F1_BF$D%R!8_XlC^9Ic%EYSZ?M`%;2Qet4gwCB0hx`5;@-wp`1;#J++)T{Z`H
zorj@=B48Fd8=39Fl2xbMIOY-NWTJ=WY6CvK0__mP{yJt|g*msO$K<sOH|A-RhJ~g^
zeO!}LOKl@<b-8iUb0uACM|@HIdc|3>S@BHqiu|2EyX{Q{?}^7j8B1AM8Q&?!NqgtG
zi>^|=zVp8K(eu&MII;-A-fhaA<EY@3e;-UIJ{sNuFRph}dw))0p=#b|M?5Wx3LL&z
zyR99Csyw=@ovR1zJ;c6&F2?;DtWMHrhf~+CpAGLu-d#~3%Br#{;)JJW7q%5n?!@n`
zB{n6VC_NV~X=G^P_|)HCO_*m)W0=N|Tk%QrXxe?=(0XpJx!AZM!GglNU&d_YZF%qU
zQ`Q6EF<;;-tw#T#)v?fhz~R!j4caf0Rg=>;)UoWa@o6uauB`pZ-nx$6deoX~!?9x4
zyzg3D@8Ny3sA<zkzjEE;b%*pYcGcSL(t0Yo+PWS$G3}A%;<G1s?>~=ROAy7c@$~+p
zX)m-VZmI}duFQx1u03bI<K|PAn(l6Gh-vhF^Ap3%;N#}7K({04VoLD1JC*1#XZjo8
zH+EfGSH?5NM+eXRGr2x~8r=__Tz5$ix*2&jd9SO;swmd1Jj<@HC%BhgtPOJv<<?Ex
z2wvnb6^=K5$c@P1Wf}4zN9}rcdr>`DoY!Azb~O&X`|$3aK~w-UD||LeU|ifQS4Y^C
zcN-AdYf!#TdhVH-XlC~WdSP8Y8~Z69Qb(_f#Xs%2L3pC_0<j_ThU_ta48>4R;dQaG
zF=eE9742L~P6|E0bEt+mXng|cK|E7UGe5dKJQqO&%YABJAZO7ax0Kkk!R{$Um@z=o
zL`DXJ8eE2jfO>@u0Szv_0)P2l;rzQS_KFhX^&j<+5D>xU5K#YYBMUzN`g{d{fA#st
z`E_g%1Pu5J4g7V@hWuA+nE341|0+Z0gYQ8IDhW$Ug3n5Z4#vhdj%Kz_^*^&)z!h+I
z66%f+5SV1YzON(|NzcIJFPJL>oB%SPxD0Kr>Gh3l4UFkst?hn|1Ht3U1uj|}JLwa;
zT3gvTa=G#n|IvaAT>e$fKuq{Y6DLbvVt|Z1p|GukF(DiMNBWP%eDH*Xggg#LCR~al
zV*l(8zTzb|b8@odVqkD_aiMo%rnhx4Wnkpw<Yf5B#K6Qv2W~;<=w{=j?@DLmNb-+C
z{xyz>v7@1bxt)`_tqtL?arF&sot=1ziGLCL_vataY3yqLKa^}7|M^<r7i9Q#hk=p)
zBg4PP26yH8Rm&xB?rLnME@EyC<{6j<A0rD33(p@N{^QpFko;3uz@NHuvV8n=*FW9*
zYgZLVV+UbdYcNqKzW))}KRf^V=07{~F#LM=Kk?!pjQ*n*%xOM&9)^EQjSn7wF(MZ%
zNL+IfIc4w}tY*JHkW=6v%72`}Wys{fcF7|p2nYcPNfAM1*H=dw(0X_(OV8^~tdT0Q
zEjZBd=rjd%K+SwtO%2Z)p~-q%jL-al^_NBjbbzP5xqYM1B)qE3Dw%n?ebUQAX0z$Z
z%FxP|Mr>NzZe6qE&dB8YNCr3ac-v_xHjgU+!CsyK?I(>y3FUKbVxqI;21`^6rdTRX
z8Ea!rPP^P{6mM2zs#Dexo?XKH>^>PqnYR=p9M@{SRlUr4Q)yx`YcVzLs1yblpwUe_
zj^~=Gg<Da~wsv>=YG`WRdhT(qsh(ak$@dx&>9eeuh2C<xv-+lDnod#y)EPU68GV21
zZc*oQ`CWy5iAvS5BIGR&E(@07=*9Fu`p%Tj8&kb{L_|srui3fVKV`G@w$!qiJp{%>
zJimb%?E_pqUb>{QcCymfA2_Q^LHPLl?--Q3dEd9noEKdl6zHj`D5pjgsA?zClKFOa
z3pz5+@$f&bnvB{;N>{jRC!%$&f6s1yZ<(3(Y*V|_*k7R9PA?7j-PUeGD}r@g&ZklR
zLUU8G?EnAcqLe&7m?F#j^Cr7=;pRm&7DcQtd-vT&8uCp=`yBb)HMDk~_NRK_J**RM
z9CJ*z8I_EGm}9|nSu&BS?XPf_Y=Nq?wX1eyQhdE^QZbC3v~<}*OXg(yZ1MJy$UPHj
zj>SU@DB65JtO%{GTBI54?8cnM8colDqtcgHAgRtKCAJ#kysGgfUwQ)LgXOW;0k#uW
zdp!9nc9G4x`JxWO%7Y-iVDoXg$#kWa`zoNp&NdYrr=+AL1{)i@xF+T$HMO{)IVCmC
zZD@Jb$DP7ny}mJD%Ee0|o!o6S`=&T0o8;sbj=DzDr1O3O{r;M{Vlb4;qN>|uhkf0L
zY}%~vRneNbJ`N#Gox=CD<(<;*`+Tk|15q(M^vl!?9X_|u>d|x;gboD4x6eNwf-j;U
zaKkPbvT$zGb9|&Pr+A!`v5p;(V)V9HH^$b<+DF@a@5Gyi>RHA*#|9$!PA;eR7Z|5j
z)>l>C?4L;NR`*8U{~GhhqyGhix6j!F&f}@AvNFpH@O>w<><!w^c+`jPQ{-QF{MQK{
zpTFNw+^!Qm)%rc~@A-6V`!tP<_t*5Ansq2M9>iN>8m<D)S&=D39fOMZ%)+9gau$-`
zhlNHKG&Q+K4U{%f8>1&oJ(@nANa9_8_s_PXE8iqWc^5u#rL3zfUSH2jOU|xfB1V37
zJRi-(%uGc`7wKLzE3T**dmo3;(3>wZYrY?gUG6lZLWVr_zAi!s+R)$k>nmw_d9BT#
zw;T4U)Z+<~oh$-Fd511VI1&?l7nmI1tB_!E!7un>7i&{1uk$^}%lF6db%IUqFYCI^
zO<xgEoBOM^ZXK{I`6CYDZk!XP^PRPIo2C&1nx1>EuqyfQhJW09f4_e>pVjoN%wK+>
zqwB+H_Y`?(tL3wKk2C&q8&OQ3Yya})fnmjG;~8h1VCGKV`~BG?^mtaXFOQrZziH0}
z1*iDIE`kkx|3#w-+jWKhs%m0AYrV3Pl5j!-hO&;TELm_^$#=b14APWAqC5HdMq%O6
zYQ(k5<}-xDbKNk4>hR5(?oFQo+S+tOy1Xxl*euE9pVB4r#3S`<IKnF8a7vmBQlNKC
z)|w4+XpOb8gdIAIEtsdA>NAm*cp5(h-YFr9RFq(FrcmlBhNAyCzR#)Dk+ON6KUo?h
z4D@LDa$SM!$g>D5JgU|=8yrLMs6BuY#qarI_uPG#1UG1l;O+Ak>7dAeJaXqWfY^Us
zSIfs$$ME|-!n|((H$|@uo7NpCZQURDO7FU^*iT;UUMzLgzCR<}=r+ADopRfOd4uc~
z{be_+>4n9I!v19x>g-W43+K|&YsF{t8RusGK(OGj+uxFi0s$`O{!!2y89)?eu&Nql
z0iY76LRAkig41lY&Otn!pYHJTpduoQ*|?KSM2lF*2yK3KM@i|3+QEdHG&eh|A|-*(
zYeFlN;m$-xP7X|P;GLbDRZ=&nN=QhmS<<#_YPYdcOdQVjlXkm{<A8+qh4_1ifEjEE
z3hpR<W#7^qdQ4wCYiny%c(`HsmdN$Tj4_{fs?fg8rT~u8%F@E^;m%yTG<F&VPEM*o
z1I{Yb@AqxvIU}XDXqoD*J3)OF^#HPPoI~buu5d-A>EhDTSa^i+;=1zqO%-J|&4IZg
zMc7wR0uX=iAk=~l*-QWWHT!bSDYK)=cAYOib}F2jdU$`;Wv#FjL`_CZK~7#%0KC-T
z(|`jlIjM*D1kw0nH%MVJx*aXpvv~Ett*nbZzd%;p&k?4kzo4LryR*yr;{A6S0|8q{
zOxObi&=(aJD!RL48=IOcQR86vTrV;$wVB5`_+-SV=Ym43kAU)XLcn|+d(;pzVOCB2
zaOuO%DE=s<&E{BS+`*!$DPd(Tt=t{ypsy<y1cZN^0X?a{u){SqHSq}v1p(WyUOUXJ
zfXY-Wa&Mblr7#s1=_rQ*00}n4IK+$Xr6mot!>!F|{xAJe1mYgoM@j|`qM`+<IGp8h
z*^Yz|kbm>AM*CQv;GrPq{ss}7Cxp#*MFLEav_?^O>n<@5TxXF?oHqNu)InJI^}|qQ
zKBJ-7v^_<-gvZTEL2j-=X=P>M&W;H)JMrHn2X3~S<QoE#3=N$rvem`rF+-`)YEEyk
zSuNcGm?X{9Qnu2@8S5{Qzf)0;S5Q<W)^?q=YWTD^oH$gF{$_aV#N&PT?%$>L{SzS<
zSE~DsY(YfCTQcg-d(g1*H~b1j!9~TOBH6;07L8IP!Mj{e$CAp1Or)A*EdT(PeI8Rb
z#P9FUBT`fp>Fo}yg7lae+0an9x~+mF5qbQ%o^ITt-aan3g^3)eEd}xE9N}QIm*>}{
z^wp?;cPc<Y5hn>~Y2hNi|0=AWqJH`9W?gYcAVqi)BX?ol*-M)@Au(ZMr5Q_!Zs6kL
zJRuM`=1=zbCO`Py1dPx^3??~vc{6|yH$}bqP~W!e`vg)-OQ|XSnQ>iuLXWOnVy}<a
z<su^^V<cbaLB2wP_<P40AqozTwEr8#e4Tc8Hx0`0)<a=3QKzYylK5`&5oj2M;->t7
za{3xxiyrvD|F|NkC^XyU<+KOuRar&ZD+>z(WPO27KaQGbW)?(RZ;lEN4pKv~dEUJK
zyIM~;!S*FTUj&=YDOp9{=Eq&!p~Q|traj19SzSdEJedNW9hPxxF#e0x;!5}>mGxF}
z1uw7mMH`>Y`Gcm-sDjHnmZds3X0Myoo0*jrD;x3NH~}Xo7MV=Xw~;v9iBd>-xhiEH
zIevbS<DUSp|H8{J__6{g89{IHtuW$4scD91w?N{bxWc5QkQBVVy(JiBjxs)p7ZpwD
zmq@atQ`ns(B@2`TlmxX&j`gJXRzTSI9d%)INov7$+PXB-5+Owa0V2=gMajv4u<-Eh
zXH?cR+$pB$x|Q<zxjFZhx(5vx%5ySgx%@3g$#@phFK95N@>XJX?ys_Q@>493XB3Vz
zxk{H5g=e`fg(q<j{v!CZIDyl(_WiJ724-m$W#tJaIex>+VBxJ?1cvPNblh4RUC%qR
z3iaAKt>|6}PfwnLq9Uc!8D%Lcsay^3lolY+54u;#!ouPJQ<(3dSdztkhVo#VB0M%u
zNja;mtZc9Qg{QoCyUfP{!`R3u+0gBxqS0(Pv0{gdI1`FIf<VqR!?`d8psXw+$9GlN
z90mIyO5`g@$jz+@wM|5u0#s)T1_FgyOh(>gvs%2x8ywCPeoVBX?8&b~PhDil@b2|#
z&oxxGr0cbn3g@h&Y^X$6FEcYMj1B|s`THqqXscp`?JQT25D|T`9gL$SBMTHUPwL`o
zoaEIscl*{_TAHf;MNJ8hKVUE7D-(6hRFq7?TAYW%r`XGJkj#w$2O6tNqx{_shH^ux
zUulCNV9u!;>QADF<%e{@^S+X+RAz8=Kh&0yLBumE>-L91o_c<I*zfwnW2^p+*lVS!
zhUM_6cC-T>6O&r7xxJ?03^6349te!h9|>BC#519Dn@vcnrCgjp+Eml^kr_^^`Z!NQ
zMGSekWf)Zm_m2Dw;hTL$kgA%RG!DCU;W+<G?ywH7%`8=L0P|R~<U3^U@>$INm)r*e
zqZ*#b%Jv=X=;On=sv=~*+X)gx8XHK{+GL(gQDaNj+Zb_49Z12yC<OS@?%h`pOU(FS
zAewnd3|XJ3)8*vAM3<ny`S@BpQFBZSB}MoS(nzlU(9abq^q07XEv11-r1}NL&ua5i
z8&71HQaUxQ19&Khvt?KXh1a=FfcbCGa~Ac<w9;@=H*C2(4M9O~O3RD$;l004#}GMc
zU>j$~iorc?B7UxXmP}Is?$Ty38=2%yU%}uM-%c}8-?f#Kv<9~b{@Lpw)Pppja-Z(O
zd7>sb+1M>98u{)~nm5V_R@ETBd)E?R*p*AU$Ms2$%eq&z=*~ok*|HMUwgQRx)S_wD
zHYI5q_aFupHFdt4u7^Kpc=$N2#Z$Yy%(nfGd>ltft!hhj7v|;SD^R{;=b#J#_^e6U
zc`?>Xn`nD*{_G+O(<?1Nt(kXNeHkZb_O6pd5Ahv&b>Ml54T7;-&U5Gs-_XrtCCsb2
zkr4mCtULn9<b-P-T9_aqqA+-bbMvLk5AiW6lH4vQinfC=-*!PnUi(YkPgL|`<rbns
ziE`uFQ=|%Tc~<o+JwnVBAQ>%^BL0>KLf-nuiCX!PIVb__&LO&~h662+t5R>N^@tNG
zf?*Jd`zS|vJ>|oUEhayTp0^EA=JL+9=KB&2cr|r3LhYj&4nVH0MNUs6vceCToEjEe
zWaNh59@Li~3KBKG;CYsI%6o*^nj=V>Aw!OH(Z*%!wEcz8df_Y1*KFF&cS-#WZA~0T
zYkB!&nS_+lxSW3U9H%^+{W5Qkg;DIU>*sZg+S(>$pSFajtxZ0#n4yfex>ky3)?3a`
zrPd$bde?oD879Snc{`W`_Ioln7SS|yP;{FeRH8G4?{?BK6%7n>hdx1V6L<rxE2T-v
z$;C!F=^VcdU8>TkR=#cZI-S%n|EnV?fQ9;XmtEoY8zja^EoA(WylJ^CNv6~JIqPLV
zhdb6Zx;R^$m~RF^#o$?-X{l&uulJZB+5ph^J7JuqQs)>~%~W;L$iko<@)lDM??JkR
zJ|<2Q5^W8pGaA9Uy=WQ>E5;VvYdL4Ndm7ZmxfP*cDd_}DuDsj{&oE<$>vTSJj7<xP
z7{v+)KY27UTxK4pvS-Siw8j)GW9}OUA4yc&1mRjud4xY1IRRKW4mgkj89>X*l?p9M
zN?lz&ijME{jD)E3jf>S_v<PakP3x6OrkJ>PZ&_?K|4&`AH{6l+IXOD&1mYJ6`R47@
zZ4L2RS#sl@X9k14-4a;w^&UUt<8>;M6BCjqpS>Out`54syym%1Fruf!pqVWa>Tgkj
zfs{z*`1z5`aOYF4k&+S#@7Z@@!PTm?1W~hIEJ048;3)ksf7RSUxIuKqpg>@boTB&I
zD=v?@=J>D40-6n01^xZ~zSs$zaX!rM*}-X+-}n}bWsMXJSIHu%zr+X18>fyamcZu3
zhQ8!-09#8FpMlmsgFDKJFmF>*K7g)LmX`pmrk+i%$^J>sa4Q5E>k=R5aBy&n^S9)G
zHRFtf(OQb$s9hYbuRFF-PTq6YCkru(BQ0&ZkI($@8l}u+QPHP5^O|2xU^ZDv{X5~G
zbs_-n6-A7S7SFEDirIBFcmu-Xe4vcYX%LV?j+!ASvSLmlS74@dP;JmBRa)xM8X6T9
zwZlW9^r@UX8ej|Z>_c;K0M6pJwzM_zKA*Innja-IvKZ~5V6)g|x3Ht-XllXQu6GEV
zUID@a_sA}G)6DDZ>z!U+BbQ!X_ot?(fBNM)ks$G>2O;8^%;k^}cwNQ-C1wxZ7prV_
zxgJBlmDpzSSx{&7_mi_$wp-=2*gU;KMrw(O%YGbXU!Te+iPoc;e{}%8+0w#AO-*fJ
zc~)Oho+sR`byFahMay*_LUQ{|8@I(*5wRHlokn%<TM%Nwk8i<;<retIS3HH+J#ZAb
za!PVsLnLXR)GyD6t0tab!;D;l*Q4n`taS0uKkklQ*37r@Ioa3}`y=pW^28#QJ!50z
ziaRPZL2ezZc-)_hAA3gdWmA~~(c)GTfn{n{3Jf&S*sNheNFREf3#hBq?s&v+OI6mB
z=lT`LlNs~OKWdJfnBLq}yC<b}5hO<k2zwITKOyrM--c3T3OL~I6RM5`28z0?(7oQ~
zHR!dA_ENB`_KmK(!gn6Fr%C+5g^r0nwd8zwNzGX!ArV4hFGH`opx~+WK<9JHX1ivP
z7?UIw;GwEYKK`&893A88e5yS-P}pWhG*0JKjh`eglbRnltGJ`b|J8J)^Lf=}{b%@V
zW6}rRUUxhrsj`GJ)qNGmMU00vt8^0KJ6x9JyUXp<7Q3&zETW=)%3Y2X!!;E4P=9rg
z_aq=4bkSMA(#0d*#oPv2@n<-m+@TX>W#h-Qu-76SK=f1rK6Mas#|6rEkSNC%(gM~Z
zV(&#@Sp#HsP;iLe;Y^k)3v<-74DyC=aOL|{Z6{2uH=Z<Fz2%{1FDS9f8Hu#0n5$(%
z3{ZlO!VWS;`jCif6oN~AyQ5T2C4~BB<W%|t#f_@<`%M>i%sxCtgH~~2CX~D^p}F_T
zH6MXB7*|*rPTvC|qZI+K{^XEAe5oXz$Q&$vAQ##kWnUef-=@FeX%p-PBJ<w^n(Hwv
zMJ!!^^d*_Sc;B@9$9IbEWY-7uNheNZ@_ML%wuS~KBKD_8D~yc`j+k5t@c8U=Q%oX5
z2(R{m<K>dne0Rxt=KT>LOzxvHxc6q&bkz<!qEtj`!s%Ol!LF~t90@9Fh^|IkFUj%y
z%(A<9B@@?tb+ul|`@W<^N}{<`8?5-iZFx*vyo&t0=S`K*uiFg=WNYE=$#7{MOGfyD
zD;6QdMcNoP_))K%7ur48>GTzv+Vu#swtQavkq0FsFcp5D57S>2D~@|qyfbdQpwIl~
zXQG=iV?o70F=$UgUtA$bJGZ&9F`BQk?kOxT!!<=BV_RNYn%^g_!$@~I&UNuN8Vk>f
z?@)2a+xxu4R5^B)`o<rb?-Iq!|A*I-d67fsD)BLx6-`wPnyo@bBgwJ@xQ-Di4PYa}
z_l%i#_!;vMV5PdwIE;8RKb$l@ughRM{L_r<^SMzf(>By+89d85{b;K-VBng^sTUcL
z%WL51&iE;keN7pEF^bCqE#vb+i3#Rn@Wx#ic8kTjG=b5H)t$EoH?m}=$@Sj#P|>i2
zj<UdCy|XV-#Dq6yHc9j4!aLi?c^3@n6+384b>@x&HXY>GvV|VxNJTRXW{o?gftohL
z>Wk+g90!<*#sT!(s_Ngd?~C`^#rUG)*;yv#=1+64wr69xzY`+IZH=z&nU$<s&6!D{
zjfffd!A`Nl(R;Ny<FBoaq`)H}EJ!u44dQ+`JwFq{c6US)rRYoc%zY2<0ilNXvCmaq
z#k%e*(X=McOm2G&d9IV8^Sk3_{^(MdISpoFq~G>%+G1Uj5L1Z**Rrb)7eWoPPMYpE
z>m3=ptzLP;P{tn1vWE=S2o`1aWm}xP>FW59d;fHS<@=sKl&#ciId5Zt=xP_))@^AG
zEKRMUx%D4ixem*jM@QF)Sy@@7_Gqc77;8D;DtE+!CA_@wcrQjAElLR%ap48k%X^G<
zzBlv=d8m1!#w#f)nRj2!yP-Ry@mGAHPvMtSH#uZE42J+R?2L4TR0PysnN&%;p$dv@
zgQOar+q6ZlG#2W+x%%bdLEYyku!4)Bftc~pd<T?VS2IfKz&fer{%Pm-G2)tOmvR*o
z*)tXS6Ob3f6W>KdiqnF=4T42c%^nM{TC2_g+F!S!LXutR@y-QqFxOK@%@;EV{gG*a
zO=qeSE`Q`<nm0EEX+fqq20%<xy6t#a&};)G`>27w-oi|(P^Cz|_8RF1@ZgnCNb*Bh
zrKh{QTuuSoOCA%ylSV2df6BI~nMw>x**%42r47eU%%>?v%}m8i>E^aJAt@N#`;n3C
z=Ut$4BkY>{nZ={QkI@(t*`xv+Eqe!-!G+uujf3xxFuJ>qkNj^VF`T<ziwOQ^7wu5(
z(0tROj9Y2Ush+<b%+@*WQxKuDA7g?#j<T<C*d`uMeZI%21bjkeaYn%!Ze1u<^{X<R
zHO}bmrO0xZYHq|Ev?<vgO*_=Dp`*{}qt>KN?{jXLP1U4jAn<sEbCe?Sfi~WcYkKRw
zv$(5#<A)KyE#?H4S%U*BT|(noTHRbn*&A&F)tcE<n@EJTJ6aUYZ($fTd&5;74di#Y
zSd4Ca6FK;I1<_2~3SwgJWt_=<GPl#?JeD2l$13uw>{$*3^ISaVdxoC6>aqg_F1V2d
z{Hl0Lb4gVB0RVF8LDTu^dyY$!99;Od3^K}L>GvDJ=hU*Q+{??itYUX4?Bi}nK#iSa
zkV%=tm2X$Q%1(TT?c{4v>D@-NBW0rY@^Zz{b^)wD^$&k!{*9LN5?+Mu%9R`7xQ&LZ
z|9~{h2CDVzESD`@W}6j2wDo68J1lJ4zoJQmq)@$fD(aMnOXYqJHkBT0Ozo>l+v^l>
zbN0Q|t1*n@UPQjCwA6)UJ9LhagP0hAXyPh?{g0iw;4Dl!%n@Q{oHV11(c)&}l9Sq8
zrhAnW{Q3SaOs2+Uo)N}-gBhZFgtyERhLzrBM(Xq3u`(3<#xl-`Lt3)k0p0VaN~e-k
zr5;RXj+I6wGr6v1HcbsQ9I;)?3E@@+y*RJs4=s4;lsj6&uK8jKKHbP;{-)MK;E8VZ
z6u;VNv(%<uACowj)*p#CoV(<@iM=)j#LV=^U@wrO5LAb1P11FfQHPQyFnPWe?;njU
zLxypsU)x=jQV-VQDHuaUsGKi5SX!}AIAT%ded9vpGIGMF*+A=dXS~$zfjr9fK#LjQ
zpOPZ_33GVC57IC!t;TR*g0t2nWtr@JN7ELZd&&g|3gjU;4Caw@w6}*F@@ytH6Bi$F
zovGP-hCz?kOBrrkP}8vw6ki1c^q>tM{ue@o(0wO*O^<L>D$6rb`9!y1aP}&$C8PUp
zhRbZcEPg0o`Jl4oyw=mZ=yVJo)AQPK-m0BKOa#>$V8e~lDFxLYDW%Wl&w)CdRriCq
z1X1P%nM;&R=|$}FZ8GhhJ6^EY%`6QLmC&`UC#Nlc+6rM8<V0`dmXaSE<`&TPs@GZ-
zAL#2VEy?elt;Nl|?}J1=Tlc)Mo+jxs%T&5+bL73LnGJ0JSW^qQAELPYhFn(Bw1ght
z>b}n1{{H9fyBF4?MeKeC&OyG(oQ@71yreJhq4&6cgDQTlDqk94n|9<?!$`LA76vdu
zSY?l2;6dRO(K$IoaHU9js@{n`mQoPga>v=~6&G(%zanC&t12@l%wsr{Rm+1uxTwre
z_O076PC-7RtLfI%*n2u!ln7wgmeZ`NUJWPMEYp*X@&J1Tf4TBAX=7qidRcid9|O?t
z2U_KuuuZ-!p#K1)oRyj`BLIz7TFwY%vZS&fvv^k76)&xtSpB~n$(DHExWNPI;NA_@
za*njLH0}{0b<Nj@&sv}N$?$EW`<4{$v;DOP(WPg>mPNz%dRfSAW-!L-`EEC5o9w(l
z&31CGLUVsk(`MsNCDMalQn%g$!>jLNOyip<);Z4zX3i8BL$$ViVsm1a`~3%MI_L2h
z%f_|%maCPSZg@~I9^04IyG;FK`f=p;<lWFU)51{Gk}NIf0<bS1+5rm^$MxoT0`&Sw
zPdqh{-hr2ts|wX!MM=!?o+&xY+w0|1Gcf2-LfV?$7P$N91%|*zkBHZFUAv)oT11X6
zcwuNLgZ*5@VL?oC4IvljLIM1O<u1muPBp4?-OmnU)qW0Yrw@EyK!EZMPv!af#ooiI
z_xHQin^G+7%Y~XhLr{Onb&RkJ6XdV%!jeDO_WB_qo0j>^W^fd-_{o?8Pb`#isT6R4
zQBxnt%MqSz1=l9&W|MgQXnHBYpf0fO!_`?DsAkcexvyK<sJ!9hboN~k6sE>r8lYd&
zzgH?AXpu&?+ClGJ+|hbI$WehT$U}W$Z`{L6LP@P7R&@;2CKYkpeJSOw9Ijs6Ax*Fe
z>9;5=6K<(PpL$F?NHgC&=Jq^-1OB$P6c|8*6#;YJw{NMTxESC}53pCFuF<3n_t2_=
zsMmPN;JG5@dcNJ1Av7qtKO>1wJ)AC*%QK{qW1F9^(3K<bJj-c5VNq>`H8I&4WE3Zm
zDN1MhmMUTpNQK$fxaLqR-oik$>~fSnuj8R@T#o<(LoNAgI$ooB*fkv(lVjL*38vK}
za@+QJqnp!$uHnN59w>+Fg8pw(hQNZAom;eRe`2#<J9-HpVlI?Z8wfh_1%RF(G9Ny<
z%yF%r9C$K^_uDp$7`A593f01nafMJ)U-)ZQbZ<AsY>Ef#L2t{Sft>}nS@!jb-7KG+
z;6)3nfyFcZZ}A8&HIPY$OpJ_z?Vt29;tH~#TG7k1S7sk{cp_Kp&cv>IKGA$kCuFEQ
zGS*jb;|!UHbZdU|ACV`nSYK&*w$zWb@w+upADXfs7iYdvep!Ey8K-TpP(T-308Qoq
zgrJ`54k84h#z>5^go-J!B+d4el*Q8)H<YB9cs6(MS@~vZ$lH)1wH{3GyPLCZo_sw3
zUJl?35m82Wx<K{y!m+a&%?9*}dZ~FSB5F34(mv))uSl0s(k*LZr&8TCWVApe{uaZT
zD1b^AnQP!uR#A}zLl&f=9%^`gV1tj}nysa(DizIl9bh9w_b=yZgrzl`$7ijN#qPU+
z;{(`CAA+}kBhE!NOQIi{nZ?IA49R79jy_tV@%~(=Q0K77wXACHCs|FxNYPcNbtYSY
z1|vkbUlP5~&C4t>*IZwdQBb7qulv04diBr``5Sv9wbtTun?$HrjUdvTcpmG|mDeT=
zJ7%1OXVX3iTnDn!>UQ|iH9chsFY-m#Pumk6F9e?QdfZHG^f8ptgGYB+_lQ1P>k^S~
z7>mKR_`_5S$$OtZ-MGo>?P4wV6<nyBW^@nehB>RbM=p0tgDu97>QnJ3+#D?rO<guS
zNWy{bVTMjAFj$nqMuPa;G6`Prg@n3Ha%kzRc1yyJ*_%5W8eGo-pWW~V&dF#hiCcgj
zRFF(HWhT6~K&c(4guaA<c<_q9M!6jcpL-j)ygGZua>H%N$GV0lkCHThU~QuIPB9d=
z+r3hs>@$uG_Lb&&3Zhgh)IK*19pC&sdv%|Hog;d5ha+sCX{(k?^Fb1u(c>GXyDdbE
zOe1qGHYoy983#~L_P*kY_G9P){K4Y3vz?<n4&C>6zdg4f#dlI*rFLuL=c9#^%JFd?
z$HHJs(;5^nKWO7JyA4vCrClX!2DxfKVAFSuA0Nrd=K>5|QjUMk(?W!S{(d0NHVq{m
zoi@eKEALuhYNAI9jx9j1@GvCgc<yWLlyt>`Q;mV=P5X^Xs<!-ElRZiM#fit<h7}`@
zOym0J@Zjz85Fqhb!+;XC1<m+OT;T*9MY>)C1@Rs44ZVf2v0LAEl0v8V(}*W{5}TWw
zJFV7d`nASEH>gvI_ulhxb1#2dYBxo0MSThKcDgrr+KLfR-Tw!4Q?X0maIsS32-ALF
zs*i||<mW)?x(vPT^>95I&OpbuD3RaJ(^37^oyisH*s}5&ZhfJ}#*S<ftylE3xF%)r
za0kIh!r-V>mQbTLGfoCqggJAFwrxSKKS6$f0BcafU3K!93M~A#{G<AU>RW>X(A%AI
z?}esor$QDaQUFkqXu}#6P6wF|sj2S(Rho(Yba_7t)k9k=t#h-yH56q#*Q%FemtV}*
z`MfBpIET=`G&>fe90G7`*~PkeH(xY(8W;+!z%d96OiWJIP0Nk1hqWa)`8p?`wV?Bw
zx)aT?@Iuodfs?IfKWG!zrZg7|Z<$T^Yr}o+4y2YIB<%bet2PDre)IRuq6IvN596sQ
zrsChpT^5UJwRJpQbDN~b+1>SF=}t*yssVz3Axqmy+NEl<Q`B7Gb#3|3#UW*N4dA>h
zGRPZD=O`)w4C1AApw~GEqPhEgez3+jNL$5T(io$%!4l{by6u$X+a}su8X&!Dd%nl1
zvwrw2Ub8^315PB#y%^)3&$A?8(3S#&P>j<-Z$Er;G#$TwU&P=CRJH?$U2;c8KGo8P
zhNNB6X*Rg$4@p^AP;2|FvU;wQvdfDt)S16)e;RAua(aB)%?ak+sd9Et(Zka$^y$Jp
zK=VXZ;9e2}dtt{0_QJyL?%mx77I!@e<3*_7#NVUbP1AEd^a#N>I^2xibb=#d7}o1G
z8Q^$c$^8=;tA5we^^!^Vv!a_%t|<hF%=;JuLZg4sxnbwy%hYw>10(00EU|P+FmK;y
zv!@IfWw|B7!^4j_i~NVT9}g9uUEZru$;x0$fB?Ek@Wn39_U!xGQD+D6N&I+xQrY|p
z)ihzkoCgbqN?BP0H5~EKSoovLy=iSoP8+=+rEL-&@)4-0=my<^_H3fng}UGZXB=N}
zX&34NVWL!9ElJrsVJI)ZW<!dBj!wz(1LxKmXUX`;+XEjy{zrL(HvCSBp2AhedE?%M
zj**R;9kYlYGf;-^8$AgSj4nfA5Au&U!@C(@BK~ab@uaeOV^nrNVbqKtAOW~8FQ>=l
z1#|3mzZ*%?IEIJamhK8<I$x`^*sO3w*90iaHy|i!Jl3-<tN{!S3@9lmf}=P*iDi;M
zc55j2Rpi!$Y!crdd`)uktq@I;S5k_TB~FnB^itrlZP|R(^#-rsv8H`t7?;~>L7HYY
z0d1GDccd3{8sGAwd1Z}_jics<pFf_iwz8kjTUMyhsI5(PxO$=?%*M&_sl(0Bed>S*
zeGb<u5f*ti&GPsHJ%m;(g&H@`>yijVu~^)9{3|?kx0_|UlO$ndQ)#|WcQ`GZDK&uS
zk}fiuJuL0VKx`q70LuC9wGm1&A*ocDY#1MM#XVCbhp7#=IQTuD*?#A4yP2Cmg+vt;
zh<NX2m`#>tA)8m1)=$ngI!X0Zdr%*4=BO!Mt~!!VZzghtM^02#RNR_iTvBOPmZjgB
zkcIpiy#7@dK!M7A^Y%ThLovLDd}0EkXCAIZ@&b3t38&}#0<i%~8g*1-L{0!P{r0Rz
z4UHs}{9<LVLef<Quo6Q*<wd0$r*3)v_!rPKH|0I>4sB!BAJy$Fzjc!c*U?8gsayzH
zkHHId7~9D1NEY}gUshQ;mb!fE`U~fAn1%?GjM_=FFC^+=dU;1GHjo?~GT3HwW>4o<
z3nG5n$O#R%QpZM~%q=cy3BBg|Dh`e?yS@HBYsrcC%e9E={*Qm*(0R3=vHCyH55}tR
zV2lnA7j4BGVKXhzjqHV$8vv>?L8e*G<lt?%j#|Zv(DLq)Gj>^1USg7>=%<tA#^~T-
zt6HWgTpri2nI6y3(|)%Lh7{A6=F{cs63ON2wTY#crRM0G5Cq(J?~(0K!AovF1`T4F
zHF%dvJv=;40?u=Z$;_d3sXz=N^jOb@8Ohg6(RKO(&Ek1$SIehM3|0=N(^>#k_*DyU
zh+ezxy7$2>O&}P#pQDa$s>l4Hb#iFbN!w;GScZiyl1^))&sDF+;Qi{m-Dc3p?AIpp
zmvP}}dFOijb!;R*pc5TnO%}2&!g;yj_@Ln6+ns30?JX4Y3V4t8+0xAI+hZ+5hdcvL
z$OJV#$dLAAyFdZ#K{C*We693vQdw_vLzuUh=RN%Tw37JCCwvarjLs`jDmpkREAR}S
zzet}x$IIw}d|@2G-CP@sz<1w5EiEs1C?b0E8`=h*r$nTBu%L30u(RZG+lKK>kD5|G
zc?4ss$Fj-S`+m6gjQt1XG+9!&%JtOd%Jl_1v^y+hejqjs#$H2p#&R3&QaW3YV*$n|
zufta=($xeXK74qD$Voa#njte(o14%eZD8q2Q<gXU-b9P2Kc6t9Qka_?+pD5Q+2ecn
zM7g=8tfsP(9Ue&vD+pJ32L5Z*mE<Ibqiu$s5$Vr0)pJo!JXb!BLz@z$-~C!4Q80E;
zk05MNK<l`%)F+tIsRBg<$87qXjFiPOS!ENbDBp3iRK~l*?R`~0Kf^OIhr}5<+p?;u
z6;Oqx>mC{w7B)&t{5e#B!$`t1XJy1FR08i;<cw7`n$+W6Je{b9DF5wuVU0%b_7r?t
z$Hl6okt}g=;LRlCSkx0Ez97?nvwy0*cHE{)D*Bk13&b;>#%9enEgtb+cDL5!#LP{9
zDOhh8o!-x(x~(tO0}M&s33O$U$qOz@wtb#Iz^%<<|Aisac?NTtcyC6sn;$k<Tf>7C
zt7&e$q@>_4I_7paZC;+AE_=cmIHRya|7=cwl~Ld!6*w^wwmm<)@uuy{W9l=3MYcZ!
z&T_b?3kM0uy#t&W)hj`1#t5iKvTn(vibOgYP6|!7jeZp(%bFox=HyRW)mD=B(PwmX
zRySK~NJ!fs8F>p%9*GOeXAXKpqY!n-*Fuu%<~o`e(MCk;$O&zkQGT!;9j_3|@*U`n
zzRs{_2ZKMFVX>oQUbAq9S_#CN$>)}m-C@~pCmJ}6zkhVcj6*24z$uTzVDbF3#R`B1
zhudc9-%5%{bDsb{(|H2Lv-(Ca9LGD0r$mlgj;8Lw34p^S(K@KodJhfq;J_zh>sddJ
zlahrSIA|6d(lqy-MfLD=Q4@f?^KNb#G+O7?I#R-AdL4K~-g>1~I@jh<1>D+B`jt(=
zyhu-(l$7KFa7_K69m8rlHz7{Ia3z71*sPqGnJH#k%k5BRX(MTCVUcg!`4qKr*Ku4d
z8AmD!?E_^@_0fJq|8kQc<0Ouf0<+Jy?G7{aqbagse?+09>F9<g-G%IArf7xF{XWzE
z$-^mcLm+swkO80A*wltOKfflVtz8k!>XPjTTqzpw*b~C$u*)`7a`3D(&EfI9{ph{F
zAvACfHYbWrG&k)dWW0v`EPO||h(Fo<Jbl*PAFQ`yaw4r3p#C~n1ySwbKtZ|Ge!!6&
zTB7%Y>LA_tIMK#PP@!w{9V3gZWCIl4mvb@HbafVM{a5M*VWq=@C-aAk+gH5Y=X)3p
z@<_%g2-^`6PK|FZoxVLqbnW>~x~P4VvTE42+<8t&Oaxk%faE_%GZhsmjHUC59EiG>
zp)dqMeeemJpv`S9zu<pYXBFq%d}^gP?_7nhFl1`n=J$K%;SXT}oy#`!ABgyVS(qN>
z?dU%*mn<vEQEe-J#E26poqQ&f(GnYf{2A?L^TQh-GGfH^aUW<*dV!=_@hQvW*-gop
z^E~9+zBvDVjC#G-nCc=S=7d2)nXtV*<I~Mhk=fQDs#Evf?xE3ky+rw!<8JfvYaTGJ
zf6yURI2H3y!|QQ<?%b)h%MDZFcwZN{xO&aut<JVa5*K3AjKe;u#=}taq_aIGz2gQu
zIn4JEQCe1Njy+FyBgqx=p3bJOQ%|jR?k?r(S}*yK%ZTbK1giw<bBdOZf-E$2ASiW-
z@1}lrwz(e3*4{qGlc)3RNB2w0=*^yyaZi_%B~b$JOGa>tRPxYu2w*hq;p*tf>VZ7g
zP!P(l47zcQl)g4DP6-^f#9KGGqk(KkB1Q`HFu^;z*w)y+pLH`bce!}H=00@=Xdbq8
zpJnoSVdM2XdTMrtBO+d1g8gTE4K!v4gt6<VZ3Ki>@sxpw%V{~1A2wIAg!IGw+Sea4
zoOeDUS3y*DKEJVE?$E|klTPt>or)2ks@4~ty%E0ufQ2JoRSokcgWIJ93u!EwbDEX}
ze;~c1RlE80;p$MlD8oH0m03F(;NM1B>pxHv;TCYP{n_&AKT=eD6MXXmfkv?X+x0fz
z|HwxndQw-8GI*`oAY`&X{gt;5J|$4T!wpMcIl%BL2R|`{#R4`Lk#>%+;g7@=3AGPX
z1tTT#V8}Nu@meIGwME~y*TWq_6Cpkgx#nowPy3XaIpaPfLvpfaL`KBmnIYWlM<I0*
z)PCJ$EMp^35D=T1mRfRlEUbJhXr^Tk!;K#g^IKFiikxu6(cPV^ufM<e@G>e>$!Tdw
zY0>YV!x4bPW|e)j_R^(w8W933W8g*YSH41}T*E=TVdm&qyFNO+(xaHw)}Ya!7~L`R
zgW&?aWw=KT51gxx-E~>3_h?KZeQG)Y(eU>6g0obpf6R|;iHm5#-W*Sh!!`C$l5=U;
zFZq1;-G^UEI>^^`AfRHvl*Zd0X{IAuO5)<?k`q50`+k}X_!^#O_j7LhvPZDEpKPFE
z<vPsFqVe&jKGJMW4Q&fLvO#CctgHhZ448Uh;X8>1)Fly)yf&VkdtdV(=s+8)nK3v5
zku*QoZ&F)up8iE0^i)5^dnYCj*AMcl-C}`~4>gY-iv<?7WMZB&<R)DRS*Fk)gQff>
zD|Knu&ZnZ4SXx?sh<;L)%uz_#@HIb2vDH;WX8}MWH)VR7(ou|y?0UB`rWx6R#F}zY
z<8xA!q?U;3TCr+gaYuG$SW-ea6DO(1tAszBd0$^<@OIO5`fK+|a|FLmOT228&Sv_D
zk}zM`IRhEXMu*iw%vs`3Al}pl>Uv^F;7PrW_(}?dE4QN{^<Ou_zP_hWw0=wq-fPca
zM{=xeb#|097a1aDPm^Rz7(v0cF`}1pN%Ca@icxATY?A|l#+QPE=7T$*8g2$U=qoq2
z^u?s4m~MiPixDH|P)w~;wh_JDHg$Iv4rm({nTi~iYD#7vl6BDItlHEopo~t^jJb?;
zEOQD|O{iZgV?nAadSgb*9p8R`tbkZw0OA@rK#A-!Eyw@#7NdIDBA@~8Q;Gwz4Cl|@
z24?k!u)}jQhEB9<=aPa_{14El_|40VX1{Hh!B{NphgX>KFjQ%3B|r6^U$vNx^_8B>
zH?=j~I2fE7agp-|lIN38p5==iWT6xt#UUJEo0-bcSr-@QoJyCOdAZfMn-!H)koGDG
z2@${a(XiW|lQ#zR2Z>p1aSk3F9Nbl@(s36EH;BasQ7D4;NTu)-1%7h=M9(7H@I+_D
zwa8y;b1z+05l_&xEH*K%s32ASErSk>JjrD1u6H=~VI-x^g3`Z*pZIi9uuq!g;A4mW
zz>1XPcy`Tnyy3V~tWtaXxbyQIgXYc_y2(9o=K0N;O%|%dZyNCjsNqThb~b6L!b?3r
zu2;(^9^nyDdYry#_-jLf8)8DoQd#ahquS{LW8=%K`QcG#ktK?WMq2`GZj-lHKkg!H
zfxv}r*3OY(owBg7@RI86uh%Eb;?U60$7%t%e5eq%Ss#hs{iiNP`YsElU~GHBg4lQf
z(0{fX|4aExrgV0F;CZ^6#fct(@@B;!lH@mo^S^X`MTC-&LE=am{_T*Gn!{`)2e<Dh
zVskU$f2{3)_3{3_tWNmDQ6g+(PR4QSAsPF>=KG6`{)!R&DF>2=HeOVoPrz|!%+zBW
z({I=k7ytj0%D>6|qcBkmS3P|A#VQN84_yNwKbE)X$e=1hNO^Pg`gPvle)k((5G@TB
z`qreVBfW{+2S>`yiC+PTzjJ)al<hLkvC;!$mbJTMN;K8-C;P!~`jP+Y68-lVnwW-L
zfHMBJ%}N{Zaj*a7=Wof2f5}_>?NTn&Y9wcba$)<b+dn9f3Cb83`@d883%~xjR9IYm
ztqG7WET+Va|8b5j4)q`E_ZzK0-SrLkMT;k+&vkf38?Ozh{#zXSgNq-vbiz|d1hsU=
zQ@FGGwlP7Yt7fDdzeBPAi-rhfi=%}cjMG;kJ{Z;fA?01v9r=@(0mwIqe~;4;koZsl
zdHgOvCb{ep!Pd4!4%+xY$lv$)f1Tcc;=-jCB)#AwL^fT#F`}QtI4|W#hrg#EuTW4R
zqv)%QUqcz^`2IIx{8zE@CP6@LXSSX){y_y60TN?-yOf}$-6L4kX9Dj3q|E-Rao93b
zvN@YD+GIRqfSFo+GH6B1g}(QnEY9|a6_7t6tS<gN)cv0V5E6j!bATnxh5v)(mo7K~
zd8BkassH0|C<5Z|?9k&26h?AZCifKh|Ii;_6yNNK%|A{0|0D*k=}GdXqHL_Ilh+sI
z8wG2M#w`KV_SvfW-iKd<h@icK1;x~{Gh+U)9QYzZk_}~y8b>A|A62&+{_~eu1#aK@
zX5&6T!1Dez%J};v-)n}-y}u#QD;^rj&L)&or$mSXTS49=c(H$^|4f)e5mLHfTd@3J
zcG3IYM`&YvM><T<FSC%)wOzkXtMHH42TL3!{<Uuq@qZQl|5Q#$f>Bgj10WO~rMSZX
zW9&PlnrxSL6+u80q^ndxq=SG;4aEkEQl$4TQbP@d01*TMQ2}Wp9i*4gJ3;A&UPBE<
zAV8>r(93zyckge%-#+U-=Z9-qmJi9?GxuEA%r*1S2}DWTkfvNe`{s*Fz=zn~<~;Z7
zpKmxaYoY?;c}Z7n-bv%UyTtna?cb=3BM5M=_R-jD<o^-b|KaO@g@ODWb?`D;t}WrA
zo&itC9ck1&fyHAYhX>=cYZRea%Jk{=SlN=>a!yv?^v#DnvO<_FYE2!TzB3WsfND&C
zu2!Bm-`nSBUuXK`IbtiYW%%C}RR8lu{}mQSs^8Vs)|6t=Ju+K$Hwg2wCjEr;^&g<%
z_wUnig(mXcs)-DAfvPb=8K<)Qo@(wXcYuTKxqVKd+Ik)Sf%R{Fo&W7#>~-W-Bvus~
zLIRyxqpsM^%P1D{AW^`%WZAu!j9$JJWr3{}yNz1KMm94F)?^I;is^oz&M(eLx5`Nw
zKpUI}TdNM@<3o*ig<kffmcVb2vy!0mI|#a!h0QH3>J3P}sIff8mbSKtx})BSiRbr#
zsZ%x0=kxRQ!z;mx=K#m0E}|9rFFoepZcx8qu4#rSXmB72sh%2A_ew>&q47htPYD)J
zC#+07CW*$1%s|JhVEEFY-_kE0&5vu7m9ZxWv2qVJDe2V=Kqq7<U_{StWKX2x#zda9
z$7(A6{WA|D^T{OOyd4`TM9%$l*pS@@emdZ=qQ*d!Rieej#B4Bi%CC?1Hlvb~X3*!9
zm8tq#KQb+~FeYbx{@g-e;{2~&05n?nB_-onefLCi0bL@KV-*H*;NO)`VpWTC1266D
zxFG{6z$sHlJ05pEdrg<0sqd@8YsN7x+Bi0NT~v&q!7yLF^sPNko(|88SK3osGoR!l
zz$ptc49`@RGs-aaLuz@sxi;gUjQBo<wX>g7kQCkFd~*IDFaE1>#1sCaVThvdPEf&z
zfho*-(uU1*a;N)<!8{#XwF`Oq`6*M!YvP&N`GI=1MNFEUvUEGcg_Ulw=wa`iocdZr
z&7H?;g$RT-dSbV@11oyy)aW~DqA)7U?hFG#ww0a%^GunUxAl{2N0Uf!lV8qkT({Nh
z{?9fJJ_DBaiO&ZcU3p47aFScWS!(Z6n9XW^XBy*|nrX9ozuwDR+H7M>e;9O`-@+s)
zE+PUD=(q~9K<94hBaiI7Hhvsx^<^dds&qMzCz4oQ57q*d<<aZNLm`vCfLqBx59w~%
zt5tpd63?efV=JA{j;N!6{)8vxysUlnMEvZm`Ov0To4J=jR>ysEhprzJalalIq}~K<
zdY4)KKlS|oeIcA9b0hZ4_C0pdRndMgN`WG=rJU!{juM|+fINa(mS0{Czo?eO>37I5
zsd{}W&TV|PQthd8u|?7jjaX^PA_m6Lm)cKLLx_pj+EJp8vbw{;cUHW#HB1x?Kjh=7
zEIPz0viW@2Ss6_~7&VdwKDXj!wr4r@F9&;bbMtZvKebpU=~U}H6Md|xnCC`@nzZUU
z99AVmA)Oxx{iD%=3-b~Y1BDd?YD5-`HY%o-O7Bu5-{0|S)Kc4t&M}gx2<t(6`FCOS
zQkY*$H=G``_%U30DrrJuRV<$*VU}-OT9@`2vgSg8)lR+c@1g`z9?>LHkhF)8ND=*`
z51u0`Ap7F)LSewmSPY!CE7moiL<nJ!x{M)DrFphW2#8Pd26{66UqpU+kLjrt7Oei-
z%1OIw>7QaR{~;_aebYiQFZw;|*;w(w)u_nG$k(?Fgqj{m5|bKS(>|{tdD-Jq&HpP6
z2@$Q}rQ(l`&ZfJG=SN+klvb40)l5cu4{8_reh8JNFZz~4e_>+I;X<cxI0AKGSSwSO
zDb4{QLu@6UDw6(0?d8j~XRlwsPRY!C1-QJ9D=*HlNNxBQhXwinXBb8WmUMRTrINYw
zC@vT;s6%O=0c2{;1)Lz`8t8k)za-uUm|L9RUT<^N-<_?Fw8%yx{oX56s)LPHXP{9)
z5{GQP54c7=uQU>R?ZQ82tZy`?6!Xk6k>x2X4S_BO{+8J(l6t6jxsEVU#C=u}QjI)g
z$ICP|pPaNZAcdJ(E@};Pmd@9YgE0S$ydT~7%SNK+%SDt{@lx-NOu_A41e>{t+uxsz
zd2XweQT&jaoXV(YB}1LixOG!0jK)#Cgk1#ge2|5lMbv*My8rx}$;h)Rm7IS`LsJFC
z=aU%4lka4nz=^zBv%KzzAoX`KJ!~@O)AYx$!{I^o%SF0!XSwJ2O@}QNGsu_3-z7{A
zSP1mbx$gtHgg%cl+|^YaqExx+Zy9vg|Cs^xMk|Yd2{+%r4#H(IF0FO#AprPxM|Bo?
z|Jl+#oYOo!fG^@H1AZH|vE@Ovpjlmgy-j&@MHr&KBz26{R$<iGM8`nr&>}S<ax(dV
z&}B<2D3CDTJg|EIf!Z3R_A<-GzoW0eWkVor6^MahdVm&YF`ST6%(qKjdcYMmhND)f
zPEGYItX{}fA$hePWK2~?8*Abl!k3Hd!}$$k!IHJ-R>06i6N<K-1Gk!P^r$i!D)B`f
ztejM#8n!CD{m-B`#hUsx7f(-;beL%>GnCX%Jhe;^;O_H<x6KiX#PclD9=&X*z16O}
zV~1uY=wk=4jj*)|7~!2=F-~G?f+O6f8^>+M^q?W$U9po5!i04+8ok20Psu>{^5n;Z
z_hDh!1_@UKy0(jy?Wq9)p3&NBx{sjyB)}b7BL{fQB%IBh_&@#QzkeU048WwAnZ^f_
zC6F5N)Vp;4c#AOE2g&eFy)2^Aur}nHo%PE63Jy6;YcC7f!p;X1U=H)a;P=Nq$?X$S
zN0)zD8SI``xWFUEY2?5ssrd}H%i@H3SLXN}IDByobn(AL9)Dv-^37*hdb4)qnrU{x
zOBe_(T;<0K-Ah%;dc7XxGl`}g?HEP-6mXAtL(Y$&56aYl(=h5rLyo$zVc8QgUlJx8
z*bHQL)w^^wHTypq!H!lh;XN(@n7H<b$^*uKE*p3WoJEx-I_McsIhvN9{;{B-V4_MN
zhU%~e!BP@iia69)E!sb#4{(R+U)!my6UxFZ1!oASxfqzcB+JI#y~AzbUQko>u3~-S
zMORlBOP|)@Xv^6hut_Pu_1~uc+u!tFJpWLQK_NWwM_S|CTdq9HZ#r=Iv)!9s><ZQ-
zi}s5xRg8mEKhMs-c@iEM{dgBs8cZ1-(_2tE!K}uT%4f;wyNW|rSODI#Tb^XPwa-t6
z+bO$qW*ZgsfO<#8qxp*Fx$QE{UCRx5S;5EZ4n{0MeLVE**RN8!@!6H30QXv(WqGsk
z&jylDxk3a?Z!$!OzP}We!u(jh?523-M{_^$GH~5*uqr<J2|%$-TGfOHcEkCZZEWxl
zlq`IkcBa>_$GLUgLj!eql{8?rMkXm+-4p_!+HEiQ3Gk!}>;L=5j!@=SuND-MEZ4bo
zh3)>Mke}uebslimd-v~uHKGgM%gwcQWr<i*J-bt;g07wa=R0MN25_tD!(j`{xVX4&
ztlVj|7vUK}Y1bnI7|!<Ht({VP8Upt(YgjFdHKAx&ou_a+1SkT{>%Jl$YsN3q8uAb#
zQ~Ky}n#hd&;GgvxFi9<o%mO{Mh;ZGPEA0I_XQ#~Pc=x{=%YQrLb40$>XWaGOCl{y>
zkehQU&*+Y?J6+scZuT^M9W=IgZ}S%~2-JkQ^dES5-9<!CN~o<5$mB;i-Xh{E?MEL?
z9`9WiSI`>?%@(+MYMQF=b@(P_<>T|YOaRhP_=HCMO+5NvXv+;wl$j#nXc-DL#S*Hw
zasp4?qf#c0Bg}}|ubvP$s;g1LZ5PdSsNbYaXwCHr{i9`p<squyuSV%Tk70M^d8p>d
zcEjb3eAQVHuffQUO98XnXZT6{KOPalcs>?r9omYJSm}+2he|#R{7WGL=w5*jQS7Z=
zt6(~pEh7IPxP0>S_Z<g=8mopro4+G8zxJEG0G~V?5?P$aOSwQqpZtbWGiNuD#Cl@;
z64T!)>h@jWet?a!wt4=|{n?Mm%3Pp={w{Q<Zv$QSRt2`n&N3lK1c1hsCh}&)ZwvDL
z^0VJtW%~0EXRPph+_^%NglhKxwL~Fhi=0QHIuNV&X|{sEjOxDvB#j2KUXC-fY(F~t
z>9fY`M<T$}uwsg#|8|-m)ZYopPDg4t{+@x^-H4e5qcXgz>L^((2mhe7=|q4AuiF=K
zxe;&3-**#G|99C}9(xsd3fAcf|G%I6=Qpdg!OP>7a^u{QHmR3m(W?(1QvNoiUoUX*
z%u+GgKc&yhgcG_i8vL8@Hbw$puhF$3MdxqN>ZK+B!hqu7V`QYi3Y3;SubFn9{d=$b
zSy-?fCJl<Rw(oqa|5*H2ZAaen>?2vOD1IRN+c)Fzlh<UcP>b1*yrNJYPBI@lR0SL$
z4Me#0H;bP+i}k(rbfv|ctnE)4jhnCi^}&F&3Oui8Z0efe-yAJK?EJudx!X$v9%W|#
z61Bg^#1>xz2ABSNXPJ@6lRfl*%0?-*XHW4Mw^$VZ+fyD10cjzk7AzuqW}Zccvo94o
zIk+kvLRvEE%V>V?FI)8fBAY(QXj^r;eC==Fsxjsq1!`1K5H(Y7mg+sMhrL=%wc?H&
z4syuq6ZvEDcFypzT93IampCsm0UwI#ek~Epzh@LTA^@X%6Ss`gMAFy{W;+9;@CxMQ
zAxOsUo7TX51Ph<!qwxxdw6U-HY|q&Luq>cR_8r=gPM+=yOfZ;|J$n4OZ`$tyPlk?Y
zOG|5R?hRni8L-D;XH8mOFdqeJOIc7GW)T+R`&QbWl%ai-$Bs|;&q=wR;mkyZYHWoc
zX$i<<%3_YamzL}@i&T`TsAx6-l<wP)^wPfjAR=}3yYuupuI8tSUDwdU$W?i2VD;3@
zEkI4NTOj|Y`o@iAoB8($c0ST}s+O}uW7i~h!cfsa9R!w_^r{md?EFkSFL}(8*V7@K
z;@`;8<}j0VZK#sXfTwoQ31}Cr)lwXv?GN#5=e$}dgir+$G@m_xJ}chFw^Z6AYscsf
zs90a)=Pb04leHc*e!jKMQsNKUsVsrEl-v6-)s5QpmX^n5F7wYCI@}@WeLhH+8yFk6
zVr+-i_4MKf7KENkA8l|h;yZ-1=H@KD2tzuHfEI44*VhdKOTG5|j?daa78OvR+RSAd
zuLP%e#ft}}Da)c$!`dDOJ$t>6pO=k&_~h+(xzkP68**kut5cO>3=>6fYP{eFr6&HX
zc6Zw9<&IY<p{s2Q9*eFL+kIY_9Wiwwz>wrxxj|x=L^zHSkr+08g_bJ$(Ws=PX7dvo
zCh>gkVje)M5Q^OldNJo}XM*bKNGIU5gG#&xNq#fKY3}n0yT`=uRsjD?e8ztJ_Pf?F
zrWYc8ePys7Sw2C2oz*OYN`~1(QecXY)?ut9@y4imb#0)wE6-V-oW-<K&2g=D?LNac
z<8OCOVWJ_^QP|(dnxtS>-WmAL0i~)iSzxB%{t~OlgtHqq5v~S}5jy^Ia=Z?&jALVx
zj+F;YY~p1jlJV`^-ee!p3+@HO4-NjZG0d*Ax;hS6fwFj}F|$tgd1q_)@X%@4pcc~)
zKOCRxi{jN7Twsx|7$~U3EDPEx^-I^*tGP*ikyTBWee1j5VUp`8pjQ%*<hA@$&Fv>v
zYJ2lb$8h=SR^I7mHM8gq;_dzAP+?>Wz^TE5Lx%&&$29gPZzb1`m#jV7?c^wH9ws-X
zhMh3K{cYe_C)2S}pD*{1HQ%c$r3lNJw4(X%vGmu~y_RwxyPS*2OYf1xjl_;gS)R+L
zJF^Ez@VV|o>M}7Ax~op?cg&l~=6&pd9WayzO>#E9-<eUfHoCy9xlLOkh?RvwK`&t5
zJW0iB>O>~YVbbhzb=?AQ<d6UgXxLEJUiLXF3;VTmTwU`o=@k+ZdX+lQsHvtlO)pDq
zg?Qa)e&(r!hZb<s-XVYd_R_%8J0{0laR{rQpIf$3{0Iq31q#nkOb#J-+K9}l;}egH
z!EU4a<=o`nmC;hI^t@`hhV|)_GgnO+)lMFl7CNHVe9)%@V>$2)NU`T0I62_WN_YlT
zr+TznN!h%^0nm}i%EeRZK2fPE?BXK9LK-1f^NA${ft3S)7?*CiIB+OmXyR{!sEq*~
zw^`>F!jEQPEK&iVUSs!ug=OXE%jQny>72@wQZm1Gy^Il9uFt5{yMF)RIr}vv%luQ$
zFS7eGP6n-?ZiE(G&-a(FC6=1?UKxDNGk*P!={ca(6md4f@Jv}*2lE}jwWVZCc7?mg
zRE0U5L6-QF?7{1=@Sj{!%@_@1{iDxPzKvNPKM1!(MAShYpY75I2Q{_yw6y4t_j};l
zTUVr^`MCE}4{$sdqcnPk8wL+A!G>^Ch%m3)l{OvscM>$flh4UFH}66^m7*a)b2K*>
zWb!UQCr7LG1#4jA>x}3?Jb)5--k&-ElRxQ>X@6zNh-WF%WT?iIcrY^c^mt0nYx2s~
zsQNVW&?|m2;nAeGfBt-0aBvzwb@a~M;+ImsWin8{)gJE{iSEjLVT4_p{~*?#0{q{{
z1ROBXl)-4?ovOvg1)L#trDn6ZjrHDE@YP9#3H*kb*WJW+h9Bhio16;yQ6}D-kHt)^
z73UTn5YGc^j1Cslsm6V#Z`hwo)z+IH^3RViyTaN65&qA34wf{7WLa<WNcY)DuV%>|
z^Cm*Zmb}yT6?KfEBwE_qI{?@y_=R+Ei6|dhk_gVHhD^Nn2Ax7JCNTT=z9f;l9Me39
z0ozP@*!C)0QaHz;_@7yWcS-u!q}S^n0)Fz=!Tkqre-izxstZ-z$M0vl2Z`eTXnHW`
zp0aAcm|a{pAaMV!JU<bOv#jF~8FxS$OC0Me4Z}HADH}d6u5w?bn!36Izb7ggwqA?Q
zp-{STo{9***Tl9oV)1cl$MS1#^68N^>v-+fd(VS-(fM0pH`_ZHVvW7XVdvd;bkXz;
zfi-V8H=Xak8YJ_5LZ2Qf6GMupd}*d$toYR!*uHJG8CC5*u9BO#OPA(8T4*eF3DwVA
zRkyZm^mgYA!KGMVT?Ax@%E}a=&1PCadWDc$yGDlkq}zB~Bnr5(V5{yxVoHA@(=#h<
zsO@JarnVN0psFZ;!z~oxShsnx?Pj}7e<j9?>G4*butB9`M)Juvq|ICDGMs3Yh0zGg
zd3$?%6PRs2wOBeiWJ@t?de>LsFuu4m4%VP|Bb;no(@o|ePCn$7Zb`9_CQb&ejU^%4
zQp8(V6HVUE(4cU!rU%q(Ru4D7PsNJ7t4SPCk^YD%n4t3CU7u2=U@)9|rBla(!1Ryj
zUuN>T-ODhwQ%C0p*uUanZtMF|=ZLz+W+~IFot=^R>(n6<M5(fDunTnd()C`1w1#5>
z_^v%5)Fp>j+!FRjDMt)%tX59-vz@+vp8o1Zo3mqv-=04S#bSbMw-)=DnD>%^eyYTi
zf&PBav4X5oPfl$gxn{eLlVj4eorcC<OI-M!!vWwt8nrHqJfUPm4a{-zQ_KOIiD*4I
zDH?+)qhCta);jWk+j*Ay91<$1-7VF=M@vgPVq5*S!eJ^SvdK2b&=|*R6N?7wdXI|!
z^v3`IHY3ENvlUjQ`x?b$jbF&F8l41oLh=g$YC!HJ&or-Jg}~wtAaSb|egx*~mm*bT
zKGzw&z5*x@Qz?Y1)VO^1W=J(PHNRnOS;QTgV?SmI8r%nV3&6WN1o?Wt`@L0KW|M{p
z)OL5g+@H^UgsPwi;L7WR57+OS?~$Rdhd%^1yt&<xOD>R?OS>YIY;!9>O*Z_BrW)nD
zvmvDywA`$%jPZKUCIkgRkIr^^6gm)2B0~3QRU{(%2L_b#^SIiJoq?f0`cnWhEaoAQ
zFP-;$iHr^WOXgsEGm23LLXsziHOtSQ+R`6M78V5hT#xMrAIs+J7W>N{+Q(rmg+SM^
za~oZX^s9hiTklvNZ?wVfY1i{rXsW=d7ScDE!#!}u1f`|pfvrpXwRIsTvQWWnXcjOo
z^>Yf#D?mpHEcbhkyeavJNqm8iaRGnM3vc<Wz%ou)htzKBE~iNt#o@=1v-_)C>({<_
zWYgNH?ckLzh<m4G^{I!g!LG6}_lvKO#H^E2wOdd}hwBaK_|9MI6eziq&F4}JUn~Zz
z^W(tn6{U)AcBkOUkadhh%%(Wa;^xhH70G!z3}X{-P*@(&O5w9aYXZZCNVMy>Xhp@O
zhL#p|dYEjcu?w~A?o@-4894-QTjA$hnNf$BS~oqkwJHdMO~UIhyG<!W;kymxawY36
z=7!zW`0>QfwH{;NeJl5q66`oI%G8x89s6zzTr8s&fdh2vrzeN&Ia1rY2{D*Y7wj<d
z*Y~7-Z3bj3<a;8KtPgkY*Rzmfx)pXTdTl77+^xtYlY&Eq*+$LoC1ik_al>A}u}2r}
z$_2Pd8_O~zU;9Z76|nJ&5m>_b5>cV=C2b6(u-tRx=c!+Zf?>kZf1-`9m)(bF5Qw%^
zn>K;fVh@3U=3w@#%Ui|bJU=Qd%B!Ma*}Ho+YXhpX>OHp2Bs-(lJ?5$pvm(fPXfR&5
z7sylJk#uQ^ZjjUV9=)WtP+hO53ePTFWp^R*3NKyT;)m;5y~4hm6hrP=vHW$%CvGj^
zR5#JL$+cIm%cym2)j@F(i25Wm%?f@+FF&c}0J@I6pxM~yRz;#nVMT_Tsfh1oJ7W*Q
zhG)?fI&xdvgyXhS`#kT>6D-_!)HbM$o2R3z@dX7qjZ;s}`4ayA_-8I<T}|g&wF={F
zpwpu*f#y!l+4tq%!2HwkFE+Ri$A&O`Uv9A01B`ohucy5~LwN}pAy|zl)VZyil)u13
zeY2DGYka)TXo=M}0)CwALtA@_4E-cAOGe}IvmYrVK#9GIA}#SFL;1O|ikJtK7+!aT
zrjMealQr(!K)TfDGV&n|d0RL~xR)w=i}WD20QF|P4G{EUawigm_2dG>=O*xD_gBym
zVi!YYNq8&QK9_C-72c>=ZiBHBxEm)@9vP(v9F`Ur`vvyyE=DNIfV(Fp_1o&otzW=n
zCf|hSnNeR~RY212Vqjq<D-~cnu+byBI5wpoCd;mdh{>Gw$<m-lPSJPlhDR4({S_&8
zqdF!&(ImK^cP-nmmO8RTFbxN>9#9qNmp|jq$tbUL9Ot}%04_{PTehbM05AC2I7TBD
zD$Dv<O~@>D{#&HVOYrg6>k=H;r_go|49C$GKUOwT_<%dwXx-B=gg+N(pQ$8Xu(PuR
z)mYB=sbj%5YQ|DE3t#Ot$Km@O$wSIdO3WSP!jG>ndKirD>>je%n-t6^eyW$>t^dFk
zehgj>3vR=YI~)sj&|Lt8tu<}3pQlc21~Lay6yAQ*3uAZ0G?T0WMe3ypN25&$^P-HO
zD4FF^e`d4-JN79&>?SN;rOj_{6GB<CgEr9n9UK`BEZc<d<>(tz28nA9*HJh|u*0JV
zUPV+#K2}#zkhzu!MOJ8(pux-Rva%=>vgbOJ;p+!eCp$U_BRr(eOL<qH`u^VI6hUOF
zXZV_qwPD=&vIaZBy-n1p1u0$fzDza<?>)f~Z#oWLtHut6`r|o9*-o6eRpZOkwOlnk
zzw$z3IE{NDYZFf^CxGE&R%R@#L=nw9;s?$j^l{-i!*i^SvAtRiffkBknla5V-EDfi
zxeEW_=BI_wnE7f23kwZ{QC?7i_!SmWB|Td(rsg3C?NBPu4R$M2i;?|4@6NqWewXx&
zC4r*kJ+4Lpb~fn+pj<;#bmmHCODJRMo!zK5Ry$R-6LiB#fdJ%NI9a**Jzho{j*-_o
zil0xi<R%?1-5aLhr2b@uWT~d+1yH*mqGA7yzJOv2m-DMkvlbqzjEj`a+4*1GVW&q}
zxkZ4BY%Fg5<W7EGISHv9Me3R|GB6a8XkF?_9akOVCHa;xbjf9TFlQTQa@v}&-25KM
zbQ6YDZAv_B?Falkq$oWJOv9q@04OHd=5W7?8ZG`Xi1OZ)x$iLn?MXS;w%94wqsfu3
z`~Bxhtkd+HDze;{&czb&-ANBkL)o%7=$OC~!$ILW#+!3{`qeHZlfYKa{~bs>q$iM8
z^HFZ?9p@u$?3?o!x-9m$dgLrN*V&!~u6lc&Wgz=`g(6+{_gtRl5By6O=#6QbiFUiC
z*I#FG^>hKV*|I<g-+Psu;YjT~Z$-T+!(JG@y)XZ)+g4F+hfr1YNtsx{;U+J$#mH*^
zxgBG6*C6Gq#YYSA;Fr$FW`f`;IjJyl5ycAJFLkl#yT#4Iyu35cyXwagcb%zsTbU4f
z7RJLq<UstG`|x0uHpy<LW>&ll%X@2^99o{XLO~9cl~aMndL>_>T)xcq$))*ygUYSL
zsZ(R<?W-Mo%0h97NDxxkZ>2}RVZ8r5ykSaP+i!bFALF}1QnPNw?6(HDgU@*w`~I3g
zGJ46eW&JpZkr!Az1Pb%H)%H%e0Hu6sw)_!_(6grcG^AAq=Au%&j)c{}M*%tKx?;*@
zB9?|S8>^Itfs+L8W6--5hq15=qe4H%CELeLz*dRZ4!wNu>F-W3mI`1U>nCl_;wtNa
zlS^=f^aSZbW+e?!0g(n7NTBTju(wQ8xTu{_Z`fu68O<=Rom=%J#5fkTvxQwyWO0w$
z$B$9T9ZfH8zMg3e^p@+7Uw8Pr2%zSya$b5yVMct(2jb!y<BAmxdN8hOZH8Tw^=m%i
z0M{aafNMtU2$NvODl$VADc~S23Bu2A?Hwo&NL}yHe*X0fs@At*h$LQbEAadb0v)aP
z@uvmb-jc%4^!((cW^XGStHH$CR2jC)duyg+aT3lP4eZ+<TJ@fn4gt5FEzgl&Ke`YS
z#OEAXU@}WNC$Wo_K}cK34bOk=`dRy_o2}D12e(nNy$j35kq>P;TF<OQM~#u7n0`2X
zH?I5&4ys$)>weL7ZFi*2A)%5;@=3vQR8`e_(j7B@9aR_(jmYxAK*yUde0HBe9x=T0
z4=JC**I_rBT63&vfkmDf7kBWBbj{I(H|IxDUq@@|%kmR;R(mvdeTUsx7%S01AKB8i
z#qB313eOdExDWTMtGx?!v7S+s{!^lxR8T`kU}Nd|6HShn(a&_lN$Wi(-5CMQ)jHwl
z0CWSf#?N&O&1CL;rg&DYZ;14+=Hq9y<zTg;c#UJ`0d9kzN5J4?9x19HNrvQDMzwsS
z<T!dZ=~de)BI+=9w|w;J<+@$W;oyr<neWCm+ZKg~vPRJ^wcC-&M*+giqEUp>&Uwy4
zajxKw_S&_Yak{#*Qi}6_#;Z}M4*__;{04uQl!St|!G*5)=xoH~^$^1Jq{r#gdR;XW
z6T~Cs>fRVrpVF<rNaYXb*w^QKo~p6Rcovo9((>z4XU~7pFI$v_3>?Ji>7=x|r~E4M
zWm};-TCW91l)R7X7Bo4z*KiIG&+RD@nmQjxs{e@PdK*xDNeh6C4r^}=C*3nbg$6EP
zpqc>Je5Hx)MjLq~+NvTA8unUxd@5eX$ja_b!v}W_0yLZ{9FC2<zupTiti$sWTte1r
zwW5l4y1KLLe>LiBFEd1FwsHw`DM`!((CR)ywv?rOcKulQE#+-_UA;qMTl^Q!al$5#
zvvcj~avs7{cd+B(F0c?ysVnCe(JDY!x?TBJBUe`6$%j$pWn00?Zc#}))-1h>Y!mB|
zDOiB?Cl=$w%hZw^+@;6fey?%28#VAde9Q(rJoyv%S@OuKAKO}EWigd(Fuyfej(G1`
z5*_43Uka1K2YXRJ9Ck0lMl$lSdT%HUpbRHQL(1P*`NpzqTsvB^mK$mTong$MbUbh6
z+k_p)+7^1CqTv?pn9O5|@Ku_+#JBm!1nmmJGdlNiI0Vr*fi}V>T6g+nRYDEk;SX92
zm?FYiJ1@ZDt!yaB37bjY2PSEi<Aq7zLx)?!QHj0>VVWL*oayFH`(}&<`Zv{c=Q{CX
zz9#NiM-wtXpW}`j<?KdW36rRit=5i$wzMoi@i&C|94v8rmFlDFBkKk^e)vwN(6Gqn
z|02r>qOz;UAhDQk>i!p5c%&Dv6Q3PI?5Zj~W_d`rT#*<KQeVQWD1#mJ2c(<C0ud`#
zm;Jnq$RW@BAt|g6zS*Z73SSjw0{}9`@37x79gDEOXa0p9s}2>xev<Z`($*-b*mq4(
zHiP$U)hOVKF)<!2KiL+YbH?!%m$zXzmVZs6I7YTyU;=@U*$+F%6tkvEO?M;Yu!8U~
z^{ivzo_j5?TMVuuLQdCDj|VnAbWvq(5AnnukCuyqW*(AmDWB$`xXP<CD}qKwfR)AO
z5~``!5CPa5z6@M9Lz4H~B^8o>IgC~esB5y`y%SX8={Wx$#Wz;$T3Np=WCEVYdv#Cj
z4>q2<00IOkw)aod->;p!*NE6^l$L@)Kn>jUbiy&!+UFeK>`KGwDnvvOn4o^HxD|iG
zRw55<AYxOde-%zDivO--$gGDeH@*h2vREUHDbtvUU_-j&&9KwF{$^X~4}aVX>KE3A
zb)F$K#FdVdsKQ7v`ll_kC@VRKTkyCoEL;{?K-9Ht-X^4E;?`$BkJk@SsqUrRJp;vn
zehyz@m6GsSo)$+>E?l=k1lpY_W&JXrX0R|qpQ<DPek>3@jeF}LI341|OO#0I;><t1
zAvISTm>b-`^Xq=^FR5N<y#}gbrYzSUP}tNg(%2m>l)EGn+%db=Ev;IB#H0APr%q*4
z#i2&O6FE@>*&seG_}-aMr)#K!UT}rT1463Gh0-?R+7;2S;yp#8M#bimFoC^D5Jgv<
zm|_UZt4Sa<I=&pN{p54y?@$)FH9u3K8>-*L6>He2UG#1!N|#&?s7wLi844Sh(lDU1
z1tJ;RQqscr4Tl%URE1-&iy3;uI?}h6ty0>8hU!<pp7vm%-xbx%;73o{w=wbkum}z%
z4Z7`he(hZR!6h=j$B$ZoN&PhT{=78P)Zn_8TK04b^70DA#I&|VN>l-?&xq#adICl}
z9URwpc7%R%?SEveo*d1Yii=-a1t(iKciep&bXoiHjbs82%~*(g*AcX|a8Dm=hHNF-
zEA`F0xJZ>V;v-Q@t)qaLLT|bqOfJ+UdN&-~@S}6EXl&9zF;?{WI=mj#_KAg7d(Gz~
zA+AGPLA4Ec$DqJ|tn8`Lec5O-o9Na787I{D<P+B>0&>4bMJn#$f)oL2`i72F+b$eq
z>;VOdEa2-45DBf_$LF%dg5)s`Upl&#uqQGbyMYf=mS;$(SIGSZ)do8_fI@kydis-}
zhmO9~fxDA#jQI<BS~9Ue7#^v}ICg#!(eSFDIZUuldRoV=<p3Z?TF~JNe2^Dd+N{5A
zljht_n(U3wnP3R0XLn!T{?KtRkG7u8Z+jy(7PkiLUM<$=-1}O41gWR1>aY_U2+6vX
z=TdE7>T#(yDO&=OWvZ3MntUUPcclc2lpxg1f|ENfrb9`&T#ZdyRpB=~<AeBBEm&62
zMCGh7Tvh|Y`(Vl11;^~$_XRW=2OogtPQ^mk+!C<|gzD}dy8Jrao|rI*5Q&gHPP*uY
z#0eZ3#e$0GWTjce>OU?tSf6}~kZh=Q?}(K|`9K)=jQ!zE2GFrzj2ioox$=AsTJmZ-
zeehNwEvu@-Inbv(t(;rJkDsv6BoRj@<v3gF6*st?FYdt)<)Ifh<P?``u7*oGAzdDP
zcx4tR7`^|Mb>tpo{{6hwAjT)+i7e=aJ{uq#Do{K}I8$87-{uZaBDP}9{TZ31mhmh^
z{7OfxFe7+DHIj4jsoKu{=A(_I4l9p}mEi(Aw2)}1uSGM%cYAVs$|>L4=kKrECmt-s
zU+9XpX>AkBE*puAD7YMryQT6?;NqU*0s!{eaW7)@9%Yj%)by?j85OmW00|rrNXjMb
zcd0StNffcS#N-{l=`$$WGL7%(C6Q6J!c*}w<hyV7YIwPK*&0i)#-8}}!X<LV^+&Ca
z0HFC0C^c%maN4(2cypmP^FBp}5IHzmcPOhZe)312i+-h}pi$sfwXo1k&}CrxmfyZ#
zlL7cjnp1IdQSBYr4zqb|2Q#bkd4*Bi(<hLo)>#Hp*BgnUva+I^t8f`mw$@g}WF293
z99=*VfxR-d<2fn5ejO?=!wlCF#;g_(?5E<3g8|yi88T^GO|jk}_th3%C@5Ua<Yde*
zxhO+a@7r;ySq_++O#Q?njS^29rAac`PzORvMw{<r)~2S-gpa;YrDQ?mdS!#d&=$^B
z^<!#exx&1==!q9>?{UJ<$VlTm1JLCqN@fXmli6MX>l+0h%>=Q{`J$F@z`eeb=CUD0
z)%Fv%lgGd9cA?$-e=>`rb9ycyGyR8de5*to8LNJ%wwH!`tYWCLD{^~)0LvB?o6TyV
zI$9Ma*93vQwxedb(0L7a+jqU{SSU{gSGZ(u@%G&HI{Y19*dey6!&&EalLql-3Ku~u
z0xh@7)imeNB%(0>S;jogJ%HUb*Q*M<^VRbJ%M}#7?vC9Q*m^fo);VzaBaj5u6l7dj
zyDo{gDu1$ZPj$b(;Jh}J;91zDqe}1P>zX{+p@j5Gn}v8@(sp0oOpv=Lqu~U?j2!-Q
zZ%LMQ9#8Nho2gT2Q-$CDu^U+D5UsB$1Ff2s8ZaOm^jayHIvGxH80mE1>=<LZf5caD
zPS@_pabx%*cq?H`+6XI&fEI3vk$Pa<6S|cPn>3sbKrce}9be7#0MS!n{u7<>DGt*r
zk2qFA3rf329j@?t@;Bv9X>aBhMt!X`^!-WGlC9gv(fFM`hU1>{tUx17x!{J@{JNV*
zS`kh9=oe0z2UTSZJ#gS9v`B&ZuE_W_)#OxK?sP3THJ=*#sOrEXHOgG)2Nu6Ow@oxk
zV1JjculF+A+x!8^_GTji<;k1BC|>%C!pdi3<RC>QQL3MyeRHPq7W{-rv+T8c6GxQb
z$6B`~fzn0sC$Df~S_|S+-uwkj`8&2+RGFRrc!|EX<;G~1T0JugojkR2Tdisj{wbwW
zf~D6LKW}ziXv&H(R<HC`$NrBAy{o2ueg$2p2X;XQ%J)^Ut4|UJoYaU|DOz6@f53V?
zE!LrIkV)OSU|eio?F38QBYJF3{`B-f6d@TK>AN&VdK^S6m!Gd)@Rcqk*=J|!=|}ul
zd#)@9^Gsm4Ky}oLtG2L=_V$af&!hQuVh+FMxqml8?kZAHmuja4@9SP7Lunt+R%G96
zTPc^vriF!Jd{wDzhrBIARdy;&=`+c}l=FeWOFHo%we&xENXco+g6*cZdORWvtEz<<
zD5JR=x;cAs;^-DX!O`WxYGqlTmEqO>=JxT^WrFl|Rjn_GDTi(>Zg+gDVtJoXoz)s{
z!oKP5paxC+(12mhE4Ehgswr<cdhm<;19s8U&&XtJ_buAoBZ)$$>%tI~$@Oe+m4hCZ
z-osb-PGt%rk=-|46Axs1{qzeIykL{_gyt_Dm0KQYZ@G<b=_W#^9xEySq^0EZWv3rg
zKxKfMI5#P*g(BIinIhS~ez4S<>Q_s5tnspfs!YTp<>aK{97MlMC(jcuLs=xw?E532
zN!UE`Yf6E})`AajrO&kc1BZwv|B^Ajx0M*1DP(=8wDlUZ{w;y672?10lU>WO?Z;^d
z47KiXr3jVRW&ll{t{G}_a=ig+z;GWwzQvuCU8R!uJ4NXy@m78OSNup4t~UDMt&bAC
z_NTr66*GR>*vG{zG+}uMMqTcBFpMD<XrL$_rG-fg-^+EtEL6+kWYDQS?)>XgC!NYe
zRC%gdQv*?7)}<)6zUBceqsG4FbH}E2=l1=JE~~rNllc3J?hx%Z4610kQcDIM`FSg*
z!+Pe+uGA~DJ@C!TTgrya__^-K^!!oj{Ef8JzB9vPMyC98hSe@FEeFkNn3?z^oh03D
zwPGK*?XCGdfv(}RteA=C%f5yE^->0&dUBMEWzD$G2_TPUIt~s*n>Ar#IG0t_e5d_l
z@Tr#!ST<hxYZcK%5ttr>5HudZnhm+b71!$1LgSb$iwaA}fdyXGr~U`}>_EwggXgd#
zu7w#AXH;ldZRy>U1mZWmfQVXyZ--(Wo3-@0rmM#v>SfG8I|_$gvE71TTcCTO5HAka
zj%~qAA$#n)SH78O%hAzUs2<<BvC`zH<)gjn)mMjI0=j_w>A?2i=wO$<4YOi7Ft}bR
z)&lZ&w9H2A`tI)_z+KVF9!`j&iRxP0H<A)k!7%N!PIB!yTjL5Kt7Bh<xut)5e`!l}
zH4z3~W8L#8Q~+|N=P<^#NKBPZ*#r$9dMDhFAZ+{$C5()02n7u(X20II$?{dn9y1kc
zTJnhR*d`pVf(;7rc_MBl_p|F%TBmYBolmH|YSxhkw~b}uQcWO|CsU`$v^wZkKd^y%
z4!LshSanOD(4=#bFFEqWb$lDCSHPV#{L};+J}Fhu%mH2nA^=yh<)I@ozs<Z|E-lh}
z+~8LScQ$$08hoYs0$lnQk$Tt(4WEI~QenZqFSukwzqzm|JuPjn;>H3*@3-@VD7`mZ
zWM+eo52PAlvXm@R&+mV%M5>RQ0q>X8sd6)7|JC;4y7Cc+P(vNc`19W5JJJg4itHfo
z#d-Y#Wo<j+%5e=}u-zLiV-N;_W@mn1%SxT#nO2gk5vD5GLnkAI8F9U#`Xdre4?p;Z
z^r&R^RQu!k8_hhr2oiHp#XzO}P?Mtv(092B3_`_>Xxyt+9uhEI8?6mO(lu~Gf(sy>
zKgMNrwmx=jqDwzVd$7P4GOFc}Nd`Wu8s<pc6bz2G;*XgC80vGd1v}bz=r%Vlrc%<@
zy0bpoYzUm^Styo)6(qJgFS+piZu$C`Dg?Pe)arBhZ+|pN8?o|UbWznk>kX$!@7LXJ
zD=JaDS4wH3fIpwFW)xX}oKDnG-F2D_V&Y`$Et1egdP5mI9;u2y$z|rcxW}i|nXn&H
z_W4!n7dBle#Zl(uoAbx@TohxtKUY07Pd9)v802K_l<i`?_wm(EulzikgCA{v7WM={
zeB3G-Dxo5>LNV#2Bwzqqu#8nTIj|!5sC`gPlzIxtf6$@3xRG4hJkNSj)dwL--QGui
zifpv&Io*!cwI1uQkoE~-%p#wc--AXa7t;c=DxmR<N%$M|p%=;*zK|$M?}N^;Qs46V
z8r!BS=f>Ixgk_g0+b!Qud>>Di+<ddWU#(Mmje1WM8cCb;TT#}D@6r@2ijzvq{Pt?0
z24E{rvrxa}A^}CV8J2h;Sz!BCHpy?#(RCEkFm+NEjVneWT6=$vrQoHm!}E5W3<xP%
zhf7(>i%nE=y~4H3!p3!v)~wrDA77+W8PgdWmr*<3i1tHaznxAv)q@Y-3e{^shM(5D
zwmT*Q#3O6R%c9dASfD8R(L8spcF*dO^v&>HVaT#F!iI?OeahhUf_e{7=v_h{u0?A3
z;D0_p0NT_>xmt%x_zOmu?%Nz3jq^1_-sSIi(Z9}}BF(51;1t`dhnF^$!9E9d99Yo0
z^U;LsX~cNRMg_3<t$kxAM0i9<w@3{cp1l(cSqcaO$cMHu>)@1-$%*gsUrsKL{@+es
zsz}T~p(3NMH<Z(s6=QvAEmnNTYii#rL+U;#&{_7kt0Mu7<aNv<NATy1ZNUYzQ0XMx
zuMd>ZZ-X2#FM2(T;<<Tpu`FD8q9|6-*V%w%XYUSVrOI;L5E_rQMUpg@ei*93t=DP#
zZ0{`LcJKCX8J%JdYlRGoEiayYIKxMU$GI<5h6TZ{gX2|O?qDlj!Z=@2$MYp<yp54D
zqoBTFUBl;V>^xH!{iy!P@-#WajY;N9tU4}vq^~RE?wq7nJPIabk#Y;4aO?ZXIr#RP
z>??F5utd|SL|iqxBVn*ajg{LsTN9z)RKe5apxSdYoXXM%SflPQwyv{_fP)^a2;Bwd
z{akc`cg#Jig{(%k0ax{q1mAhpN(puJwkjrXcdN(xDWlQBTj{JVePIK+onhfTwo6Cp
zweP-k0Ns}i%1R^t<#{O(0D$?75pAE;(z0~gP|^1cwu&g8`z|#bsTHp5k69>Kq)zw)
zv!?9vhd@ECYSOh9AQyub4$^V2x)Vm5<=$wiZK<1F7`k_?p*K+F`Zgy^qfG@Hgkt2M
zPz4>kDQX#(0IxBEY2b##P<yH7@b*>nWF<<-LP#X(Y>Cq*Ak*7T1zJRp9P2mwm4&(D
z`60{L5=|yI1<Bqihr+gj-SOlKmr?Egp=(llOq#~rzraJRj(M!xZc=d26}D0)Z%9zj
z5BmbF18cVL9!h@RwIA-7g{gcz3+tZpaNTfE+`b!BwZb5nfKW&p!+jJ%J7Cuf2M+xJ
z(C=g*W=pnx0nV@DmmLJsD++y0N!p^ExC~9mEp?h{#P5<MBWRLdXFg9%6Z)x|w{J^-
zI%*wa9FpM0+-qc-dz>`19y1ApXq=v&=+rHW27JA1!(ki+;y1qS^@-JM@g^YuLtDZc
z_7|8AfcB)}!SqsdE}IuCp;Ea)cnFbqc<VUhn)G~TM#@UFMxa*m;1}F;8J5G@5LB)T
zaOW7S;*hjGbcPj)1a!{tE4=ml__{!1n3OhjsJc>hYfsW@sUXR;mNl3#qLTcwgmvfc
z_FSau%dLf7RP1pz=*VM+eiQ$RwXVzco^?Xu7G$9&_aQho%VMi;J1XYiG@GbeDE<)P
zDRmv7*#|xqd;^BDL)Fj^n!bN-@}Y|$jKOv7<BIp#60PKIFBz8jIL~K!I|>VTBh-U<
zc2HWeb5`p-f@{0@fq#>0&(<ctt!RE2={(&<MXa!46nguEr0W7ZB&h4h<VlCuSecXx
zAc(dE)JX&V4<rLTAHGIcvJd3?W&cqSvRlw9A%MBaOLA`0_1z<Z_tyO~1;V@hOK9X}
zR`+uzc$dxJXEAZ!<4=%Lo2k2S@p3r06~9^K{Ok2(O}Y0Mfg+|<;Qm&gksNJtqoZyo
zEkOb^PcE<Qv@jOyl~caTPil1#nC->%kOwg*7K#nj$#QVy2yCmv5-RzC+!Nz_M>FST
z;E4Xa3+wCKCx_{C#RJf;xWw&_<-^_vIGoqmsoKO>GHlN*OVWvr)n{Ae`Y|AG7|7M)
z?|S+<(O}4$9>F-h<QI3AGEn?JO8_^G>5~&=WC&%uRjF%<>l4R#HaR7pez~A9I$2jV
zAnf=>-?ftn&@1k>T!(}?Qr1|NN2hc`Z$JOSzGG`>(X9fIq{y`&o?VmGu31jBU#k!n
zB?0;Y0M*8BmF=dNNX^Bb8>?`z7_<+{GGFSr;H>301|CO&Y7!5s1%@vA$Q<uGy2c@W
zf7hz4qfOWznxHR&5Qu*VlRf!&Sda<QTThiEOfSmJ`Q6+7TATyx;_*hHUs4bH#8sMr
zT%xMk`+Dg&3c4D*)N^Alryg_7brN#2HdfCzjo-f7e#lrq@d1+Xnd-=0`((IDn0+%;
z3G!Atj7xiKh|l;qvA;#jgJ1xinD&{l?n)A5^<Mba5WugESx;o^#VdaVYM$j+L*?8@
z)15|&QU?KZR#Q&U2v45uHh`}h@Qz>6KJMMhYcN6{9hYf1>R&>s$Y|*jo_>^+yGB*U
z&6g)tFiUXWDqG8QLwaUT%N!hZ2-|J!aC&XD;oi&nytJ6k3%cr9i^8q%?W0~|V^}{O
z8-=azh}>H?GuuDjRip)nL4G}vso!X%5E>`;1X4k_gb{YN(_Jg5VXL3T1CGqft&{Ka
zNPNtWwi;3)<orj>EM3bv`kfFo3F8A<m7@6v4)i_lIkJ*gvpMzifjkMqCdN{*H5nF3
zFB!dlV0ofi#-;hd&_jEd!>YX5I1y5Y&->7ea&jZwJ388jLO7BrUZc;K82OZ9h1y;Y
z{%AVLNRa>raKD?8Q8PIQS-x<wMm?T--yn2SP5oV8jqXfkZYe;tq^GtJaZS`R*a<Y&
zY^B!eU*Z*dI#KP~FPNZg?u?%e6@D+SLA%SXBB)TE<P<CIy(ira^JSKXJg+HTARY7a
z1jgjE4Jy}~#Z6WkRmejU-m#Hw$jTq?tY)#nj}&?sqT2o<(Nx%73=`KxE}B7(4@_pa
zw>x)j(P>{%qwSMw2hU_VbHikZKWC6uo;IM(4T*6OeQ?<JDW&s}zW&~#piNh|9@Inz
z!xr{-0J>Us#vINV>>68#Yn;iLC(wre43c4zzTfvgZoFW9y$!4V<2MLnmZs|5-d_F!
zVtfAOjyf`-5k_1p(Op=gIn5~Jwd))Ao<T4-&E9|q7S9MdXo=1Zs;W7cbEDMq=gVsD
zYX%RIAp0+&@hTNgvq7Axsi~sX+`we0=u1z?wPy!ko2m3YyUgugP$t7qu5Z@q{IGrD
zA|<!&eI%beiDHv-Q_|v=1IiAzo|z*z1tNpUD6HsLHZ%o%pzPiATTREKrPy|8<GA4S
z1POI5JMXcaWZJy@i@%n(YrEzp_k9lsv<nCL8f4!g3$J(?o3sJ^V?rCWxFms@RKDfj
z;yY89d_7FEHpa^Aoe9UZsr7%v9Y8()#GN+oTcqSSlv~Y3y>c|AMdA4P0m`Ox_rej8
zU*cKhNfR>AcXKwsCy(wK^t4B;Q^OIGD^m?7HR;jZnedTkaiC_WI}Lj__e=_Ahd|*P
zVHYOe6`RY=-2i@tG79%MKBia-ToY~&O20r#84ky7g*No9biLapu~L0bSRTp(G&}>v
z>54f)8&$K)Max0P?+(W2JEm0Ob=RCGlg8+SgQgFr%<2)|_VYQ706GG3e8IVUIBI2S
z)fvAVszGG+h1Ekdr_26D#B<gY5v&iYRCz^wA-XP;OT2rvtmCVBa)ga3U*jIh4d0ri
z2LKaoS+8lc`Wz;E5bV1*1LLf&gcdHu54dBx4OK&+IZ}%~yPDCd@B^_acLqPhSi;U`
zv7AL_rE|mrdHa;eO9z({M`(Qd!bz?4uJ$_zjPmz??E=thD44CLgvV9cakp)XeH^=&
z_Y;;n3ER=A^L&LBvZU|HeiqHAKoXcy!a5?lzgSG`*kY*?d(TcgSFiqkCk+yY@VxD*
z(UY{$_SC=R^(8}N>1$!VSJUcRc&z)Rd30tzYo^R43I!TUxJQ}yFlX`iovO8S%~Wi}
zjHX5?yCj@VD#~YahGR&qd`FsKUdu#bdTPT3lub=df#plLffo$XYGteW=~viu?KWz1
zDBA*jzi%&f)yQL#3p=qikhRp7?E5Xz9R6gDLhd<0`bl}LyA$wIwc86mQj!};xq*QB
zTLyf$$f&qAvQ)~gHhIOe`sDruZ|9^tYJb%Flyg^jLG%-woQfU#gai8`<5~3FiOGwv
z_oFSo53|*ou*hlt`cCy7+Zo5tw!9gJ`p6_sCVbaAu$C|t94JK}mD0IJ4&R?=q!*NP
zoku+mY-Wl8^8Zz^(e1U-PS;2_<|G;D%S>k}MB+}z02RscdBNQv6PJ<VU&6Wi<?lWB
zXB?LtW0|^!;eg!qmTz^FLD3ly74AWkzVb3o<cBwSu0Rp)tdXKtYvI38!q9-gz@PSE
zqh&z7U3g_XlwXs|dGh$X_92sNjdH9|$bL;kcXETgjP<_XdwuL)4YxuZqSUk2yyenn
zij*Nzw=Z|-txGZ#`Kkg%sJJbe$mS)>@Jl;iSIAI*{i@t0<(EzGJ_f*Q7VxX)45y@2
ztj}QqIMx3N^3pszNK=Pd|F@9-D<v|0C&e0a+&T`uZ5qjMkw;y#_=G=wpe5daM|ta%
z2CS-{Z*fU;0z7+S3Os&x{>y;*q%HeIPGu%gYCv`H>lB8=!CLy#TW<!I|D@X36W2tq
zscljt?-wL_XO-)hR#HZ9^T+IBiz^9Q<*E&Ay=X`G$w_PWb(4wcWcAr2==3_p1^DvJ
z)MYlf%tPem=BXTDQM|5pm#{l>qcId;gOqg*_!loj=QK38KaikEc!jem-xWJOe#I{h
zsM8?>JyuYPv-FztJH2kVg`P*R<`^A3bSmX0SA`Np6FqZ#w{Ug^Mqy;Xxt9$+A}oHW
zrpG1$NVVSo3hJdPX%m?Mr{p6Rxh#R|wQag1y)d7pEIGpBgB-nE_bdJ2%6D!0HJ@yS
z<^$!U`=5a%d*H3i+ar3?t(-3ANO`pXyY({#j16=wI39|<@?yGBy@PYWyPwt6x{f_O
z3S(!we+B%G-cL~pm0J8dbh~b&OKfI|-YUAhuuJww-wX34i#(LUM9zLk``IgrR>8?)
zE0e+%iX!&~b~Kfjjl_tpe04qd)ac6XPRmA`xD;gSo_eu=_Ua;E`#M4lx~a%o<Gy++
zko?#C-idu)#U(z?tr@sRw|59^T9+`r+_FW7^ky}Z7Q#IESTFBf8C()fx|xc$X!!_X
z$g>YV+jZl2S(Uw>0wp8Al7=lu8%Kg8Hmmj23V{mC)mhA~iXAsbUFP>6>jic-lwT-R
z>lT~4^ppZ`QmV0wp>FeU90yZHipw(Z!%uhboV8i1kZwyfX3^n1_n9ITAXm@OEC78Z
z#Tu`Ry?RDLr7EH42JFktRsQTT#bOqmz1-LsND=71#_VoeRd=65hPmkRC1A|vRo4y9
zXaL5NNG!!>0X#5#XVna>0p0xkPRmqz{koX!ZHSQ-x9%Bsja~YUU6=O=Xp>k5aLu{A
zemv%fVqi-c{zFPA4Q6b?#@MqXZ&`=Rxr?f5Uur#B!t}fR!xe4lUgZ9kGBxn(+wc!S
z9jzjiQ111^Z_*t9_B=r})c7LX7S&;x>{p>jl~-E1z;>Sp_RYB2YIA299rqL~S^t$#
z-Lu(RbqWosjW0<p4&7)2_+WGHl>^U%t;q#ZpX1-jv`52N+Tt~^)%+*U@d#8NG@j?5
z<Os~v%#wV`U4B`j>U%wyO{jz{!#@%F-DY*WiRFUy{sbWzH+YySw>WFZ=c&)_llU<A
zd6r$c7Hm~?;Q&;C$n`lmeuISM;nrj?Ku>22k3P^~djOs9wLOg<*B<xGtYnpKfl|n-
z{tY?b1goLCkKF)_o2TG95@inUIXd_G?Z0E}C#z<rO5$x0)23w5i`k4~phL@*6by%L
zFY;Di5ann-4;z_@eeFXI#9N0Nyw>~pu)3K_l`m;*zDwB;DCZ>|V)M=lddT6gAdbt|
zdZ$`&6zKV%wDcyGKubu!1vjr-aClVmkrwgXutI$2#M5XqOZ8y)(<$U|R^eyz=2lRK
zEU*K7B$+T0d$O+)cES|6`+q2V3#cr&b_-Myq?8U3q&pRm?(Rk!1nKS$DWySDx<R_T
zq(r*Aq`SNC`gH&2p8fB0{&VjbdkozU9em&WuJy!x=A2K@THN={O#iZYs>2EL#$-$@
zvhVmN9QMWsk!`bFlN%ZmF0n^O+V%E7`U6J~OeFf8?%W2YpO4j>?^i<->YE6&mIZR1
zNeJXI=jF6PMMRmq+GtR)!r95weaq!^a4)87LEF*%2pTK3Kq;T_LfuehW><l8%7=(@
z(Zfkl{q6+8bhH}Siv`Qqd#+${zp*FRs&kHIp}&s~QfWw}e(TmjTy?W~hwGWebW@{P
zfy5xMTD^NZ|1FNnsJd_;o#eM20^?)v_n6Te{Wl75jW7XLw{92vYYwE^K!!mS%|$s{
zXUC*jr0%dinj4NGaru-V21_)SR*iN}bdh55e1qV{d_6Y<LxrRXRtBgq<ZfeA*lD${
zt8SNC>GQ5&gV?1~@4r-{y+;k2r;L9RJU7Vu(1<~Rh+&P{IGD;S+X7$k?u4f}$tc9y
zLnU8{O84p|$($!L`NC(`uYwR5otlyfn<9ywfN6iKEYn?s-D!Ug&j7lb`a!LBfDutG
z=_7&AF>X$k={R}JU}H&9!itFZ%;R80b6r>dzQ@%<R|>oBg@`!Rc~LI?E}++(z3?U&
zbHYM4yV6x&n0+^%pKMOoo{`$%;iCNVBv;wPwQ(OxbI|JSyOiw8o@(8;-n(0C?=HR6
z7r{Wr)?6vG=4d@64Buq2Kk-cVL}1WtoS|5@h<zQl+dcG2L$p3(JK%7?yy2=4W^1r$
za6XDGbIMYadw23>vRubYOZMUZqC%<B`KUvnv!yXrRbL-NI`uw1IGdZIv;vYnlMa9k
zEWA?eU2KLXg_md;;*O1{xNnQbdfJISD^`+r*{Q>wAtLL7h6gC(MqtY8EO{n(oETGN
zT4ptCN*1lWX7e|kx@NYf>~xYsT58U%>+t%JecRf~d$6mgaJ><3N4{g}rnkApCio`1
zq#d&v{K|UJ%pLe{dhhb*?xx;u=|3+wEnx@&ch~i1?Cv9{%9$&N10JY_l?_F1PdB_<
z7`SfpjC!JhA*~*n+N;HilbHi5AUO>IRAT&i{fR=g;|r+NuaijUmrGPBC08ppd|34N
zSHFCb^S~%(Td8qwZ96iCKxhYw$xUc;?uwnHY5qyU{nk}7h`&w0%ih0ktoGRfD*>1C
z=9PoIcduT0XCMXjI8uS^?~c^AaKgijOVRnmK{y1(>A0I{acXw{J;NO&h}E=mMYu2Q
zYCauZbX^~~6L7w#CM{T9Jh+W~?)G*$&c6rlK=HQe*FpX<&)Laff$_2aBwYbObm%ox
zt!^8*hf-o{k#bKWPh1gXT5_r0ES?=SncAgI7$~P)+jBtDXA>lS8qAk7iGrlbqbMM^
zUaw%faLn@)vo{WNaMl)Ha+!^awxD?)MI_I>%Kd1>0CVk}$tq=Tgo&`>$2;$Nt%^0f
z!pm3AgvSv<NcpmYa)vb)yd~=NFb0;o&O$<RZ<$}bw3BQ!kxMi6$R93$E_~PI`;vPk
zEJ2x43dYudxD^P{?tazjlW%g>B}6lbts!jW*r_a=2<ktx&}#llJy9&n8OM+&3G4K<
zPauB&?kEv^tyd*t-#;URcr6^m$%;4osq8%@h)Vb7Pd(oNVB)jM_*i%wU}8@whz|FT
zpFKP6q<vZ>^rd)BM<b8bbh+^TSFyZncd9tLqUruO4RY%qF;06k2C9O!G`TrblA%R$
zqk?cbAdlJ_Hs7)~JMMAVy3^}~#rP!bYfp~8DDA{r3_nyoLVQMrnlxbMb!{+?eE+81
z!|;HU_Q&o*lSaL4wL~iZ%6K?2*4tFqZE;a8u`QR@{nyhOTOEPuVUvM?gP~DhXUKmI
z<OqixUVDY&G8?eLd_bxlwa9;uKW!48>3tL#SX6VB&eQVsbl$1g@9p6;2KL*AUC=UC
z<#YhlbAj!ZTQL*akHz_R!fJ$Kuy4UVe)(4`CHvsq+4L5m5D}7H9~A4Xvw5vYw3tOG
z{+RpBS6tF+|DcDT`kv$B!n<X@nXTxv&Ik^tW1+iD`^A*w`H<ywIoa9H#V2!hKWCn<
zcR6@-MXyqpuM&9iVcB>;$8`pmh2PQ)r}-3RPn#ydpmLWgzqLwk*R62I`NU0g`Lggj
zH*Q5qZv7xfQI>jPX07{ozWOtMQd9cXvgiwojLPulay?LDV|Rb*H;(y?hChCk?M$lG
zg}dwmATcc-<tI&c8$^CLtAm$U?U6e&46R$PyJio!MW4L}Pq)V<=VoIL)!#l??kzsF
zSdO|RY$UY~xSw=YJeyn^Y+Sv4*P41@lD5%s--LV$@>9#`o6*@9n^lW4iG{x*`8lr>
z7YX<ts<&2kchlwm;%0jD#$pGPN9ehmr|~bid)VmJvtGwg$Dcwq+3@3)#;xALB8@mK
zJ(u=J>kJ<0R?HnYN$`B>W4q9JwVB#3KUVD_I!##H=*UZd#EMSo)X8z`9A0DmOE88?
zr8<ihu1!`m19?&uL7x3hiL;|*N#!@OaY@pBw@$F5kJaR~$K&)aMBZLGpj)l8neqPV
zefn_TXv>-}Y=xN+7R+UTmcg?3D65Xwo|Q7s+QC>}RHfWeY#?3QJ(`<id9RYAT>x+_
zh^T|pXW?hJ3$;8v#X{EiHKH9t8-%`0Z)aM@-`>fV?7W}EjUqGD{X8#oydhqedWOhg
zFB|(56({aHV7ijf=AhFxe?odid~UyxV#Ar(>bAb68&OmI0pFQq_2KNjZpaO`+lQ@#
zCthw<D1i0k1bYWI#7kJ=I&LR%yM<xEt3tmw)4{SXqTMc9R_4Ct8xQPy9+Mi1EfVsA
zO7;S-{o_OP7fMh%-LmWdlq(|>{eaUs8{!U-oNEJ(E?3?;m*igpNv@Z_8f5@lz|*9)
z&&A+;tdO=bexrZS`3n>~O`1*?%WlFt-10U$+%QctO$@G$4b|51fOQ3loqB_39KRW6
zwU+k_>}P3UsnD%%x5d9s4wO7{usuV|oTzJ7Zz^xgQm1&8|MTZl8P2UfFx1r3fKEGr
z0|4-A&B>O@?w3TwfcxTPuw?@xrgzE#fDM|;R_{4+nCx(4a?v_R7vI>{TTaJk=7;X{
z5V&qWK$b1X#Lexco4=Jkb1rD%y=SzU)W+<Z=w!D%2rpc=MGRN$495Jjc*cE$B!+0{
z5XxJDh-|N1K-zrhKz&_VD$<;<gH?P`A}+5cT>e$FQC0rhOvU=eBU~Rw*4Mx1qL<J7
z10H-@1+K348RWxur%m>g)NHN9VcyX33ff|4QHQsP33Art_>XoC0iannQ#3pWELiL{
z^e8_<vEYo{oW0#Ihskq`Drda^OyCLBJWsp14Q9^p_zwE-QqDadsK`1vE_?@c#z64w
zWmPI#@RKW4Rn>0sY$`SWx;{K3m5tnytHrN2-r07%+8wo;SV&Dz;#DpgZrBf&JtT2B
z1P$IG;>6oLg4%*O2-<TwZ++WxCQJ-_N`uZC(}Z1`c(c2FA9oNuMaRsmDd$}zrR|#c
zx%9o%>7x@shU&TNA9rv!bcb?3SgbTr)GhLm=lZ&xe8idL?Y6n68<7h+i5ci$&05=D
zTriyfIBCYBqe{G-t<$|zKWc10OHXP-Ys~HWLPGJj<-jwj!83WHL}P_pFe2yI=X{5q
zoTjeO${#Bw*iU5lYId@}&o4g4O4)VJKU8XIFq7dTt)rpHUb#JzYPC4&ND+>#JjPfb
z6AW11)4#nn$lFGm7(A`tuYkpHwCSG>P3CeDa2}l@X>5OW249iuG60i3!EvCk?Yi>~
z)WvD*Zl=Y(9EdtUq!vq@kCugx<Gr<GJ$DCRTvb4TCRbd=n<)bF=E^Fmtw<$R=Z}q~
zbK0V>uDi(0>dKwu?%iFe)_2)CTzCC?-<|}bMX~c3!>l2_;_P;W^-Y^AxS&xgc6Z?*
z!<xb&@WQ~zur)3_9^3WT9n1CP$ya`RBn`E&5(fCvs#O#TvHNWF;j@!8(na~?^*2k*
zJwER@w96i5s}U=YqMWuSwtN|jqP$LPc>Ax^_*gV(>|Rzs+Mhgdusg<JccP#?xp%@7
z5Ui-RAZTFT9WO9qoD`=T`OZv#+Rq9rf3n^m`Yz-Zr%2Gf2s9EOVH9x1O%i{~5!wKZ
zN=&#OeOqAh4n(JrkD*o$Io&n+biriwCH?|q{Vtllbau^Y0SD=T{wWpSN4{&~U;Ez5
z*V~WP6JJ7GKj?+q7R@;133W%dan72|yt=O`g|0JX$m~}F0BYKH+bfSR#BK9wQ$0%u
zTAb$VLX0S-<R4p}Oqg54KsTa(uRjPyDF#z%{E0PuZdW+pP73{tOBj2s7*wC|N4Q?^
zO5Vkn!yR;deqfi_=tNw?Qx!AhkDpgRn8p_06_}&m)MLzrSLctXi)M%R?cJHHJCO@d
z(M$D4Bl8te8qhk!&tEL2IBRIZ<38d;pQ$hkM=`z`_Jc<!t?{1?8)mpcyNl;lEqYN^
zpds<YE<rqsTpr+}TRY>pCdc*dryI-Rn?22R$Mq!-r6|)a50C1+5_;UOPff1DNZz<B
zY|sAo(&lPiYe$qI+f=zAkM!8CJCcmqY+{4nhRQ|{D_W&Qo9=~FwDOS#{dm4|Ca@b7
zr$Jn>*7P4UP0eR0;sG5Orpp+vIWUcZoej|MJOAZv{sV6^WQxYocS3YmajI08WaJ?H
zwD}$gu{!80r*57B-)O#T(g=Kf)oj^voPzOMuQJw@UDLyqAN`cHv`5)AZguXmm;?l(
ziC&9hlYTS;&?tv-kM5B!B~h-Jm>w72#Jij-79X@W(pTiFpGVwGeF&FSnU>PMJghO<
znJA)yg(kZZ{yxgnO(7$qc)G<DyOs!0(idaEps}{mP_C7n8vEO9q-l+3*i`aa%MMm1
zC=V1uU%su)v%k82{_=hWf2QRF;;Z>H+$#5ChUZ?DPuH5825p6epkuJHCQqu9BQ49E
z?k{1qrk47YM}Xsm*ji6a)Y&m_qx@~H&4)E@SCQ2{u<bcX#-NwHeqo(*Au(N}W~0A*
z6@cl+6NPnBItq<TiG(bEh6P`fIUk4@cDmwziOWs&ZcQFMC!(!k&Hx-Es(D{r)EeYk
z3)(EZ7Ri9PXHy7?bP22$Gh!|G*9GkCM~3@O^U9L}8{9DE`rXu;ev1@-cP~ehuZvqA
zu<ow;_nG?P>yXZy2HU(^ef)*4j7$L5SLwLNAi}<n<i2zcX0kopn$$|)__8JASb~7V
zPGV_Wc=qL`a{}9&BN&*K47S6n2Ul%8U%uB6x2wL)D4Us2u;n;Lv`mt+Q%!Fd3CiAL
z9JHcS>?2<`>mMw50RNewKA*>T(B97^)9kkxA)~VC7T$+BiKV3_oa&OzuXa%2T@QwJ
z`b)&*%kwX3N6-a5!I@gVO0t%8{`DO{pxYZdvAY++aEUky`FVY+4BY#9S&AnyVF@^W
zJGNfBs#6)lh`xqON~90~imi+P5ETv{KAlq{E@RHcR({IjLyxoW7d%`y|1dmmdIwgg
zB1Z~xyZT?~(f-yi(Cs+Boy)!B^A%U3mwO<}zbo<T&3Q|&6M$bVAA+#fBO-59Jmg~`
zN;Ns{d)n{!_;fbRI)TNIRO{OrfaI(xlqr)E_4G<cj{_7duZGy;y(W*Z>^*0x$E9ae
z8=Vh{GXyj>lTh9-MrV`<jq>6$8}or<^+uEQxXSwpEUBAuD>5BeI!lbNi8Wk-+XcAz
znGDTeX`m;bizMYfY4EXK`4Jj8?^N*p9cz=@g+lIe)a*pIqzbiWZK-4<$C9x9az~*3
z<`5C4FhnBjEOwG+!(-TIta}7JCd7$qP`hB`7<6)g=v(wyw?MZ#W#UQjHUM(7fR1*1
z_(xgE+*4$H+H(gJ(^Xc2(zLmpent9Wnd<|EM>2eb0T5^M<<@RK>Gmhn&zQe%BK+kK
zrH=+)SU2gDP)kDzs8(7{{hr7Cxxj&fk=y&db{s5{yW-2%Bf_%#H+Jh%CXc>u!P5CY
zE=7x~OKhc}3>N833XFx+5-&8h?KqX-u;kUSqm^e*2PIg;<wyOVU?f;a4H$Hb^7>6=
z<3_IzsL9@396t=#S<swOYIM;SI&KcNiZ$4*h`2u7$^WQpc(M>Ii~RvmAgxr_Y_G#!
zrRD(7orzBW>IT~>AIF~P?lx-YsD@s88%G#}g>T6)R+xQ0j2CCT4=w{{vs1^eV5txW
zCMH=hFyD1gE^?oTsb(G|EA(=<5^(YsHgGhvtX6Vt>sR5QHhGvodtyU~5(0^7E8p}R
zS(ZRd!&Uq*7c@qW$8#<Er>G(ij7*Q6^MCebhBpI3J~RpBsZ5)h<tb$Q@1w%APPVeS
zKn;=0>M>#yxcihFruRL6#=;*zi}5U@oE7{!eQ}SVlr6{dvSlCcRZ!p>WzEt7CgSE?
zYVW-E2}WMam$t3j`H#uM6CkRiA57;$9kk-1qSBueB4lzn?4#|cBIZku6rF>rnsuNE
zX&0dfP!6(g_8SH%4ZF_wnDvb_zV}UxL{Z45L%|@tm~>g(o^K%W6Si?IYk4n-{pITg
z8W^&MNSR?pvq#Q5Rs8C+tU$!1){o9ZQhjZ7v7~tbETQ;!6Zri1GPDG(YJyjiY*+4(
zK*$gSBh(oBA>}K;^+~TV8XN)26kuXu*kkN<UDDG@0SC<qe6?D61aLAvKt1;62Wrz_
z?xfy*LXR#O;!P@tRen>D{-~M2jucBMBH<t`Svl!vfMq@YqY^6y@ZenR{Nz<*<?5~9
zhFLB!9_G`(NL?zx8ky$xWE|MT55bNtAJ2cs6dC^Fh~8qMahh$zccyAbE}l{R=A>Q|
zgW}7VFO^n{JUGCNhPO;qXZc<W4;4rP%(r<o_htJw%;#?>G<>x*bt^Rd4SJi`dShE@
zDNlI1AOnA?!HMsUUe+LFe$#Gp#d!JBG#Zd^pb|Kpin+Y@swTHuVWZ~W0gnM{qSvx4
zBjrPYo&Vwk!?M|Aap2t(Z6d6WexKubCZjAucX00Fz2<6<Y)kZ&UmSFE0TF(?RtMN9
zBR$AHsis9<u~ykKH`T<_qLl@OxI`PU)0%p}v-ax+v`;)JYTx50hm5jtMf9_M2u%6Q
zNtDl!=;KXXALGa-#ovtFpm`rl%VD`urlPu0Iyrw5dtvZ2)1Prg3fZSTS+~V=3s1QC
z;gjCIEhfs|YVw;8IYeo;*Pvt>D*GU+RUSsbAhcmBo>9>&Y*X%hq^CR0B`G4Cc<!xB
z)mxk_8t$1o6<UqoXIWiiF)PykiEPiUFju+DkYBCS?V8JB8^hsXp<j&AVw;&-C*6n3
zXh*L)#Bf*@d2iM!4Gex>$}8qbrGsNbjvn1|V~NxM^-a6jWRA3kyh>#D8PU>t{UD7;
z$c}rd^AQ@Ts6U5%;I9Xwl^+gXb<?QPcUvvPa-eXFfFz>TC(--~pFtwhCmeqM*CF~T
z1nRiRz^Axcf7|xrO-K<zN@+%4BIuWahmVSCFD+~K<_f4!qf124L0uL1f#pbrek9#N
za%)wm1r0t}m7>)=oy&4g6{t~?CFR$d>9IQl=_$cL(Y<}%K}zbG!&anzOu=#4&KjWW
z<I<<O3@)iiEf+`>@OS_nK_38C0@~W!l~J>5=y-Uv>t|W$7kGZg(k1pTbRlBXV_*%~
zMZ)*cl2?2y6u7%S+nRS0{idjgxc%mX2=0daYpVsWB}>lX`5G{Fon7}!e8sO;(mr|L
zU=K|}h|&QGM@PT(({eyKdiqkz9_B9>K1O&*IEwTZVg0+k<0}*~v}oZEzF>Lt>ws=2
zjGr=A_IrG0C(PL=L@w_53y7lU!zm@XigRm-JR9Ror5fu$LK9!epKN%EpKJ`W4qScI
zQc@}WYCPS$QD?iJ(Rg)yl>RI!<s{yJ87TMVQ+XH)^yyQ<*CKXQ?r)Xg8)v#Crc9g{
zw_{(g-ZF6G&~CamDx)~f(*I-n1?*B^m$MiTeOz$a&|1-4^imTB2F2^u>`Uv?ax9bS
zGpl=wXNwvfny}vQA(rZ@BE%nRo*?TponK}+{bfNIfeQcYo{S`n`ugwQ-CI$7k!kL;
z0(F92GSP(hh~#mTCUoQ{Ls&id0tYQ~f#m^Bp1CEwe0Azg`l>rKIAC*OdrJZz>&nV5
z>BZL^P~-yIRXC0baBQH0Ugd{mn+j)k+f}%0K%vU!+<-yEQUI8}el;*`PzX=qp2Osq
zjPsN>f8MtQptVy#VX2kQB?ebMM>;WtJGwW9Mik7CSzeT%vDR#XLm@XERTVmKlgjNj
zQETb&{jBfnkxdXn&+gM%9n1AMZw}JUi@|%=IO6AmgT{q~P8MRE3T{Z~?80n<`b+W|
zA_YPxj*I;;>)%4Bm<}{JQ+u32+|j~tSp4iSI`r4&%dBNy4rM==RzF5u^ITQ#QU1mz
zI*TyrFMND1`&sTbrdQ-TC|oKtsnZm9<GOWxQw!s2l*To>*QWi`bCb;>T@30D3#1yq
z9rJ~Yul`C-M6xMd%*wmMnuV%wT-fR9!yvRS((xke4<A0P;s1zZps0#LpD0iX2hfYj
z>h#$K{maw!#NUrGt<m+&RF|D=Sd0UNNC=<XrrGVnavPv%KiCO2EjV3I;m&raN7w3e
zqkzLvvU-*4kQka6q5-{<RU*3O0<?kMtLF2?O*YW+{e%=M$B%mm`xU{t5OW&(*ZqIw
zEhR*F{JmLfOvC=)tVs!9z>^~Mv>itYO7)rOfn#+phlKS;t*s7KRyUoMs?gNVbf~pS
z(l~ygpSPjqDquj!+@@|>TyEXZYp`yStm#UBZpucfN#r>R2M34xK5wHzuo-vK$9Wx4
zijRqzVUbhFrU-zRld;(AZ2Tch)l?|Jm*00G1A<Y=Lu`Tr(W5$aS9~0QNy{0=jnak~
z^(QE=>mkm8MXp2OafB%3NX1iYI;li&uy(u%!DElCwwyQB+<3CD(cXYN0@iJ8o^Bb}
z!Jd2}5mguyh~GJjOH`9f;kgrBio6k}pMkqSU8IDDB}7?;#D}X#1`+H0asz}<0xkcQ
zEyzj1Z9+%lsDJi1!+m}c!f$lZZfBnUJuwWjxiTqfpuHC=D=U6iVbaQI)Ol@xF*-5P
zzRse>?G$u>dr2oDR%_6#pJddXl1hDRhGxJJQMpmZ%75hztF8e2DWAm+YfgbeAiLLi
zVen$P6H%$&-o$jO6cs$2o^QcL@w~T(g6crEggRMmp|L$t)L`Rzwyg{yp@uR8Mtlxv
zdT=evR#sO0tBxBgEoNCr!W*7g`7mzau<Tlxj(z(A1b%V0pTl0|Np8^pI9uro9~C8#
z&IMxT-dfY~{Lu&^-#k8VACZ^UK89wS(baP2akId?N(7nvG-7!FRfeo$u5`@Ct<NJ^
zuWJUx@4SQ&NMMtX46Lso`5!mXzaH2>?1c5zp#Ys`iWR5@tko!a7w^b=zHoE)Co|Dd
zcIdN9BE)9oFd*g9s<oR-C$#Uxjqu_&S4b5EcTWzA;{2}k5P<{}7kGN&wx3lQkj=n2
z26LN^xv5JnFLe<NrZF1y)OG-_r?xtBMXxz`p+-$Cke%g<)^S&pP^uKED_3rK^w9rM
z^Jlj+9L*389-{(0_gtlNeesnf7z-@T>GC?`;SBmaquy2RCbW6I+{(1R=f|IMTQGnM
z$Lhu1@{{Tj9+%^+-up3`n*)W{|8K?5Kl+!!?Ehkc59)kUel<9?*7akK7orrTZZg!K
zgCCUYT+B53Z+3#^?T>zX)|m9`*^V7g<^i@-Po*QYfy`9Z&WV7MXOA`RUNteQ%gMU*
z?<lIVYuEO+lD$;J#4%K>v38>=ousYZ<ks&<Vd!m~E>8^!rCkbG9IqIRb%8q#EHdeY
zmq0bu&4!f>R;F)OSr`qbWFM_`jSeJxb-U*g0d>$G;F9CGY0x}kwVX@aNIj4+O-ee~
ziTNyx0_O-UaD6@ehW@_0{@*O}A9?pl5z5Q0b4Lpb`1#vb&I!hQ3kmHG^l5UPb7vjC
zQhL}@p;GZ~!yi5B>{ryuuI<H+%C@5*Uu^XBHg!;=8J)q5X194>76&Zkxn&wDZ1(5s
z3_Q;U*Lve16PHT;ZauJd#y80EMy=XhZEGe$OK#^~_bz#2r}_e`3;4^HC-uQVf1JBj
zx50rM_pV4&T(JYcdtI*H9;c3=V&NR5ogr);(sAWtP4?}f^e5v5Dyhe7y&DQ0<7O%*
z4c0A9`rT;2ShvKce^<d3D5*gUj<Dhi?5H|Z`ot$@AbuldAG%&lUcFyvbos=&$7D1B
z_n5c)u3BOfnRWlBz~e>%lPF=wO*|ZzHMW+Unr*A4C;0!*<9meF6DGpzSB}9T>M(nT
zm0^n-PG<h%gqUouaVheLgw(o_475ShAt=k?CdaeaJiCBICFkc)vAgo34_HwkJW|ma
ztt>BhdUnp5tC7x9&kYKJv>VapveYKL+B^o4tTXTmMU)$!S2(wn-?Y<t-QOzZ%Dj4G
zskQ~CP8{x+rL)!0b`SF`FTN1I_XQr&xDgT1f3qk4=Mf(X0M!ER%kNk{uQ(jh8mK6~
z3rx3vB%KS%oSfkmYDo#mUD3_{CJ^;dF{kKqGB)Ywe+-k!4B9w~{L7!r@hr!=Dj{5K
zki+B+a<Y%D2)@>z<xv0pQGfjjVH3I-V3xc3a7XVwH#(YAGf_H_VLbYdBe^AI%+sS*
z3vJLJlUn}Cz>bQP#T2$PIXu>8p+i3|gbkud@|F?+KZP8}*#1B7d?VCC6EjSoYhGb0
zCz%qQcIC4Bw2)R@bdVkJjil1hD7sX}5%WutZTXqafL_(s^%Z51`aQ={N;e#&x{8<v
z$#r0t>CxT)u@}n_1VdW^A6?MReoEVQnX+7{m8n4!prWPivlG}et$UYAC0RXZZ`_X(
z(ESn{4}?~IOK=;RE-o`K{wm{syIueD_pQ?4Yg&gRtN(Vk!hvjFddAzaN%*%W=ih@g
z9|t*#LZ$H$G-`l=0411Pw5~aD;7c>Vf*gVoB2Y|iSq}~A|E*;DM;wq6{9fd53+FEf
zM#nkcAH)9SgREEJUz-3!)Bn8R<l{$H@co)l+y1OC^2Q(o`BwNS!}>q|%*QB)!5=mF
z<0V4^ruI}?fBq{uJA#~4EeLP&zn-N(v6|2Vjubtb(|%V7ewi11N+!Z@zY8BmNck9V
z(J`#^AAh>{sSt>KGGY-HVS((@DAA*%hv`MXkHI}S1~LyH0`UL+LH|81>T5!YWA$W&
zzcI?lPV1Y09v<+swn=30&!_hJ1YTVl4g&N4brT~|L5t!a!>B=7b8s0V1sylptxELA
zGo26ylAIrZqeS~ZZZnh+p|~6tOu0V*c8HdFRViTuUI+ap<P&@3Q!dI?3-`Ce=bs19
zM1s%+c`X8^wozs@op0^;b6|&DhoqG-?f?Apvyh=I>7whltX-0Mo}v`}c0xXt0q5A2
zfWMO9KYnyV5_E7~pT$k$xYYis>EU=FY0FA#i1<IgyvHbV(2=y!=xCJW>&yVt)IWs(
z{RJbaK?#_PV5szeZB`0{BZcoFcI%5brlPbHw|3bJpkVy7QQ;Eu#KONv;Qhx>{s>y(
z3kacwYLs?&DA67S{zJR$Tki(k>2U;$H8cEbY3OZ!2d>8`V#MGs1j2;<U#EEr@`*AG
zO6ATyoYBe+$*47Bk1?o(*-x;tZprqosaD(aGVRZn)q+CV`QeR_<bQ_Z(ofp_{+{t*
zGr(FO&yyjq|M<|n-;)C@fCh05X%NL91pN85`9_y0G~3m5jmcs;)o<UG3h~xxl_E`f
z#=h9D(`?cQqdJ`}yCCRPeJoDFY_mNj3ThCJCKHuGXu_9FPge`E|C0gwM8L~7#I^a$
zW&D4sr1%KAQN=K#{lE4Rk*|Y7gI$QSX9*Q`D~}*=WMYTaau{9EXarN&rqN~#k6OM6
zU)lV)RMvsu(gG%VuEBTTY%#R0+#vTrq)Cds0-na`_bR-fS>SaWjd+XJ{H^c*$0rzp
z@g_wy7}l(9Jm)g3v0TW2Qr=NaS$0z3GRStjACLVzC5Bz1mTsURQb0i9oA{NFQn9rq
zhZ9)}i_niDg5EeeEL|AStxcYKduyZbw9%5$l>A`YlzF^H6Tm1)MNJLqT_lEwhx6I<
z&f|H#JWav0W99n(dWV6-arfKG?N4wMBRnA&oA-l%?Eg`9^MFKiY!NpJl5__2k&aNu
zexGQ&Ncf5sxm<CO!&V@^)yVhH)QZLC;`{mS|3!BwBTOe7rJ<u%I74#@jr_1;IkFjZ
zvw0K$VbgTXv4`4E$4js`mJT#uUW!M{o!JqEaZWoEbR2f;&*%Uy<#BR0d7X{HZ8=p+
z)O2@l-R001&-odPPIHruml1s4ECO&tM+a5Yv;P@I{`;TAhx0M=*LjGReJ+PXiKZhL
z9JW=eQWkwVQ}>oG2`DZe?%iH;yE0c<&Z`?<>aP&ZIIcEwH8+^^Z!csOa@_-Imhn&;
z|0(bzS8Pamve{I(IGUn^r5G?JJ8kmw3kmGm{(Pc(Wo;^G0??}GW4hXoug`Y2e35g8
zf%(oH8N6{)i_bC8*qAJ}!92EzD)DbRmeA2PnD6_^0<bzj<d3omdjcwp?_h?C_acn4
zliM5MJBr@7Fr6&ux*ghrD1UA&BmU!aG)w|)*$sxIOi648{YIn=(f|HM|N4Ez59rd*
z<>60ITt%f#&*!}IWbfRS3QUFL8$9o>Pa(th6=k;!ldZ6o<64iVk+FPJd6NF~z1g*+
zfhKuok6D<R(@wT}myRp#aluc|vO)jT%h>-=`mxWlq+fTj*<-9^ac6z=V`{|?kb8P+
zMDJW5rp#v51kZLqB(?+Ax-pn~uWu@Gd!6+2k2ShP&hCS{S4^Hq8P~gqj}RR)DTaT_
z9$K$js0!bc$e{CbJk0dZtr_uow5TE^nkp5XFaLKq^-luSSA_ym$;S9(!jj*C;6UPT
zpFvcXYse3*+9QFU@nqI*gH{`9v*_B4^T=I0@*NM7Z>Y~+eUlr{Y=Wj-qMh8V-SmaL
zgi~rZu0NyKtK^~#Ca_y=b9d3}W3a(7L^1)^5oSQP1c2Tq575cRu7^eQ)W=Qf9U#jA
z4EwL=$mpwNI2_#*IGpy)m4JR0(Ct>cf4IDU1;CJ;VLlB;Mv(FWE;L$fWgZU@8k^}y
zo;F*cPiS+c8`zVSGMSVZ`%_(@z(El$XODw(p*WDlZeTM!oclfx53ZE*$^Q`UEzv=4
z?riRUV<dy#(1?Wk;4jKnlXUjk5=b%v3E*}YYbJB`s8#YL;FrCRyr0~7^lX?d`#i_b
zQAg$#+#R@HbO;`9^@Ys?47l>Iy^~f$hXfZx_pdZIH;Wg)t=V~)TxPzdyx8-IC4n9V
zA9l3SA~#E8SBs`O<HW1@unL~>?yu1*)A9a%LmW5~k`%J!UbqkK$hnHs<$=XD?1J|8
z%nm!}jbBuFDc==-wLY2C%wbR~&zeH!@E!o<SWc&VVcz@8%#^X=GF~6XnoxiHeWyS)
zvTRE0{W<ofPp%|)*E=QnvnNW4EJ}3>WMH&`V$d6#3=Ag(AdSk^NsCnM0kAyH0{DWW
zKLX}A`>l~5XBM;7^5*8WU|;EIM_?cW$_s2jK_UDFI4A~Pn-RlLygBzNMW@S+qP%DZ
zfNRA8Di>)N+3)1!{fv)LcA-&0DXals6xdbtJmMC>{vUE9AsZwg3b2I)io5Z<91bl-
zt8l?xp6_Iz&RXGG$eWI2;c!pq&}r4%2QJ{gnR|zy8;G!Q2RDA*62|DZa_qmk^s@7t
zT(LQZ!#V=plw-7QGPl^G)C<0rJ-A$x4<aM}>ay|;Pn{I}+v=#u&pGJA*@P33lcTO4
zwCf@UEbh8Daw?671=J}DLTuWWO^4E01BDHo(gA^o+4&HKD9ezE9vP4ABS5-C?Rbo*
z%d<=I_XUK5Fl+)<DE^vkO5(DZ%gOV20ZC4s1^ArVfd1c5#6(T45YULeHIyz$KY7q_
z!1JX95tBi?jZ8Z^iQVoK;J!*X8dV^G$!QMosL3DIPo<@-F*#8xcNPM-k&WaL|1=Kk
z>akRsfbfxzx)_`mMzL&(PQyC;o8mvoL>~_7R*&%^b}3FTlUVUwc;(sSXUYFw?nCg@
zMCizKIV@zY4+BDyhz0|=sAaQ;sNT{OwKj^b`4*gN-(Jb91$HMbC1y)*UM#Z0RP*PI
z*z-@@i>JJ+cL_-#$4eXXOSGq#<hdrQq@PbK+>eY@<d63s2Zk9h3@qnrzbtrpMceG}
zrvbqhz1}VWHUc}9FjY4_fQ`16rg4GUHHF5eOgy8SDh%h!u8`b%^Zf?zpo;~rhITj}
zyH7?&hJMtvZPG>jz=pvCkWw*w-a3P!L{T3szZ!uJ7|Qp6SxC}x2-An>m^8{?=EG3E
zcBa<e{@KaRw@xUh<otFS#pS)u`sQobKjq=yyRJMw!cAIWa#1g~E3Q<XNFRX*+*>qN
z7H??eVg#m*Z|h0yDaj|wuMd@jH+Kn|8@}MP9ZJ^&1FcY7fW$}xaUSD<2lsoGktlNM
zoZG7tTs0Tu^?(3t;Aan+PG$fX{+E+ee@!Pn*bkNE3=w@HPG#OuFd?SSzh{wIJKLY0
z;|6gvq7%Hd@d4Q3=v3JU{h7F%({$1Mvw$z*H<b=M?>L<9@x}|~qo!;VizeCd*sMPS
zYQ3_{9B{^5+OH>81_)U_W!#tLR631nlm_W0&pQr?5d>zaEO^hnpo~99CoFFuOM_k;
zT{a;3T{;2eM-Y^4>o{hozn7u>?Ftf}{Vqmjs^#{F%A%&E*@^mTqm?I{0y`Iq3v8k8
zOhn}d5=lbZ%Kb+C3vBF9-uW1yCn5B#P)MZ#3JuO$*gwaS5C1ie)LGWJ0h1r}{bCIq
zabgnWp~I#2zzd4??-Tu2O>d_<G0*$rnScYiRVbGuGVsTNEOP*BYhgo|z3yFNP`*;&
zZqV9?<8%L*+PO@yHk+wApy^mXntJmgPozIVWCpODWV~*VKHKnsF=L$yh^ujdFh%fs
zI{F^S+pLRtq!;Gza8$n;w!Vb$luIFyaV&*|BtVF9n82Ta(LM#Ff3%w$Hv304?Hx@P
zv3jgNhW^Zra%a8@Efffw8>t-3MdhkBY83fheuTt-`q<-ewmIwzEY!9Y_AZYE?2BVb
zIU2w$7Mz!y=?bInO<-#On$~9e?qqZL0KH*&!gsp=9Bh{`2HI*@G>tAGA{xz+$vnoS
z{#g$64GeUdYRnUYH|MXu0WeTx4D8e~9?y?afVP@pHepx|2!K<sG)@oxX0C5*2ZF<M
z3?Xkm1W2}rl9MOpm-|8b8>Q(JhrDb&r_+C1GzLm#LIZfx3OUQgBOJ94>VQnSU#!Np
zz9U<0LKEd;``Ln?0%e2MY9Z^kYCqf6Li?GJ&FSPM)0X??Q-tUJ%Ze_Bh-<(QCFss;
zvMyRzX2n)MY18L8PG^91POGb<LoSX!xxYKx;TULgo?{OK{a%)e_Er>aat$0<klSQ&
zbaX_I)sbIpK3y&kiqUZ@I?dXM^?_u;A`M;%Km%b}zWNArGMXzp3a{JhemKN`4YW@t
zKv6_*G6oNAAPkjC7*P)C`DhpW)Hy&G#BsdI3fNVK6rk&>7<_d4&jyr`?004{R>bPj
zlrM$rnZwdjTDL<oAtGOtC**7zuHr809}OA!yee)U(C&puu9<PeV3}4{5jS)sX~PrP
zvzuRMvqCP?|9?&ikMKL|<=g>dWqWkPAf|844j_8bG%EBsMr2$K`qp;K!D;4}iHXZ|
zB1PJF6;tT0Xlp;e2<`^oa=bO0=tF7i$FZERC!6zskO4kGkF{#8Th|z&4Y2Xp9(!Ye
zJiy*LWVr1^L}|3WB)S1AImS1TbL)IK{LdZI;O|G!LmTWj(NpJEf9*TN{?|~@@6*WX
z87!qrK^(2Hgv<d|X^i>qcKlebut89ZP1M4*HBWNrNp$;}dWm+^CNSAyA_n4_|C$f7
zar|pOxLN<cRiG!5Y*^xYYB+N&(+Jr~cxWVB2VLWd9h=QEbkpTBB4CUMoeIkt@~c|m
z+Hty_7v?UnRY@nZ42R$l;BKY3AB($|j{7RDhj9W9TwlN>@|>DxV!SRgaNQ2$C$xrK
z)G#s$iT~D46EcA{c1iIfxE_C-dH)_3iqQc&MKBgNhZYn(kopb?DVEkXPVkq0>szW>
z)V#PDAI%!G>1<;+;frHocG*(zIV)+7E|7~1HlT3$@gpgVhF2!T^A&!^uwATzQlIi{
zC$srf1fXh@7bXZA;8&Ngd4#KpIbef2R8X-~yQ4D*Gb#?ixZl9gMq~sa{_-HmuepF4
z39te}>2;dTH8*@+&$fpHP)R~-wY&~8_^p~vl4iLNh2_>6&#GT>yZX7F@0!%)>u()z
z49WsBUIw*tz5)QU^YptT=}o|o766;cSeFSYaVf1IK~YJ73mvrFU+JG4n}$ccpQ>Kn
zsAH>LVOTV$&Y$w@_uhy{-poW13O=^2jAvAmsxs5L!MVhg`#tQlcPs8myl+T{;(hnM
zYNqK?;QxpAnJ@;vwn`2u9R(pgKx{1s+Qor&nTqz5+@NGUXq$Vj!JxQd!6Jb>NFaPa
zqt=fWBeJt;t+2rzkJWOQEnhqHlMOouM*>(bMlw@w5R96OG<D}Nnj<|<74JX&$E`Ca
zWJky2jF)QlCF=6~p|qN;9b-(OhBQrJv&rD7y4xy9<1*+`TB>izpndrC!WRtxMgX^3
zYkQ^nZDRvbGPje=ZaAJaAlBK-;PD>vNrKWfVv2x+AQ{Y&b_=*B$x`E&CUqFH2YGJ#
z#6Dm}=gK}rc-|g~u5ciMC=Uh6e(%{bFjSzxB&A|97<l#fP3aLcG6u!c-J~q9tZ3o-
zGW{u8fk_Z}iYNP$RBj6$*!JP(8hl`Nc*T4!=Z;fW&&65H7P{qp)>}o5sexd>|DiQR
zc?J&e4I4sTK5OPv3n)@bFAg6|5z(tDpN>`9*z=vq!Op#N2!RO9$q5%=ul{{<===Y5
za(Kmm6@Yp$0+LC{pWF%1Q86tJr#C^op0{isr^EK`k+teo+h7gG`}Vd3beRNZ`Je$H
zPxd`t@25GjZE?|A)A3Xz8Jspv?A%`NjH2!5y?p<YPA8>f4Up|KKjXWK<!pF4!tJc(
zjpp>&VI89Wew2i&Fl&Gp8)WeqjqXbyca!}V@hf&)q2ii#Gd5%-C@MP2js8T@TMP3K
z&JS`;>n+HVvF_4w^mVS+a+ArPz@EQJkH-+(Yms4ieL=<W@xQzP`V*6}&`+-}g-f44
zM=QEKKj4ipY5BnM85GCEfKq54uJ!z=P4_d>D@v8(q|>_#-XXvYH05MK^WhUAjCkpD
zeAb(5va+!k*s068l;Y(j;}WF&MVyFomS~+z+FQZl+j%C5{^Oeo>1@TDcbp8g$?MR*
z_8iv6EO7rF`GsbGTmw2Mc49rJ2v+XU1eJ2ew>w-B0#*m?yOo%`hVK2falixRrntD@
z0SJjgQ(W^ym#$~r=jYiQI`Q9bH|fWzy3;A<gh+B}oPn8mjH>&1JE+`D=4x$RqxU|5
zJV<{DmX0{s$oBiN@Rn{=W74UQWk1j!o^Ho%Vl`MTHlG5?ap^D%Rtz8^h|_+Jqt*(t
zH5K^6sj^5r({l6!SHzR&m(2=e(k{WC0*VZHCC{K*sVN6jA9#D>7*dC2oM3MwdsDqE
zF>k5|t(|aeOvDJu07X#1r&Av*W*!DBN=*rAwO5qM(4AH%65v!X&JK9LYgOS87snrR
z9NVVG8R&r5E2863MJRaMJ1KM7z68=RIs*nvwDPg!r`^1#kD(dSy~j|Z<2UwWGB=(5
zoDPI{x9dG`I^q=A37`#fB5c#G>wYL*<Q<hmHGGJ+EfP<RY$dd)&3yN_BJ1ZSgvs#-
z?gIZTIDJqjT4KUXJSO43m)N^$(^tbY$CtN1yR?+{oKZDvd*;lAh?<wIQ#qKF@fxt2
zPQjid$(pHMq#3-aB4%FeF*?V7lS|-z8imiR+qm+1RR($uFb+n5Us_Z39$2miX)0#w
zP8g<7N3wf|Aj{FnB%-Y+F-gK;wjt&g?}{~bJMw%7c~fKhu6IEPetLVNm91eBgOmy`
z`T%^E5x?4*>&5>3vB4{+odOBp!7(yOu<#GU+!SA0Png$oL%6M3(^$Iakf?1%5&~Eg
zT+mkTGcV{hndFpozzEWGJO{3NSZ1TZB5uW)3J&@sA25~J2;WcR#lAS2Sym5!mb<J>
zz&ye)$0C>Y^Kpj~@oTX!dHw=_i`j&u=n!yqoa{4jZi42YzDa_kQj2+6xg*Ygf_a!S
zB^`uoGikC{`JiyV<8AY~yZAYQ+pf(Larxu5f#lijAHX+x6etJ$vd4Z8Y=H_w9P9wf
zHroN%MV%^Hg#klwRijn83xS>;&cZ;y4`ahuLzU45fjZl@teYPou~AgKXms79w!q%6
ziKA5$00LkKDr(T*j{yp=-ei>_3+*$}fTp%Mx|?@Fd-OO~sil;6`K9*7#6lL;0qfu2
z^#Jy7Hi&_XGX4;2HZM5nhO|DjO#lt)*?;lxh}5I;Mp&a60+#B6;Dbd?zAL#`tDj&+
zTPBo-&+<#_EB>lc-MDDb056*yy&yJGi1}`}*$P#c9^0opUhD_Y1?X5(xErQsZ*1z6
zyJxD*{EcE1ad5F*VWG&O^2jJDNar$m*PSvYbBnY_jCz$L5_no7%KgYJ(wD^L22>hf
zVwMnB&;3-1EDz$E)cdeG<Nv|lc2J_;^(ZSZR|tUgxtzFMBrD;2>f|GMxdKiLf-t>f
z*>nCqBWF_;_V=5P9A!rSq8D?`69ufKqA3|lweILW8io1hgH@8l_UAuSN5<{bIbX^R
z2lX2qH<{&bPKT_}>Q4JVn(;fvE|IB2jLX$vU7<YR)#X4vLf2yV8WY>t`#8^qU2^=$
zpjXQ;NZFH*oY&2nNsIj=oQtQ<2vds<XGtNX<c{T}85Nu6+KB+OF_XujHzgeD_8dN$
zH}=xDBA@c@6`QVHmOIlMqiw~oMlvc==4j_zJtT`9CRo;d`d|MTwvs|{beorU<iO;~
zolFzX0&XAP&kwF(SwZ<*t0IHkz^(rr1)!RtdL>s6;)utEy*f3W*O&L}+Wgo2TTrO_
zYj8-&>DPsMVMiOS3PWj=cwB63hI5*Q^(o?Mt*iTvGQPgw({I00x8SKWir}`%VyzQ(
z+JhR+bOD$;*tOwIQ3D>VxjjG7b1NouI6zMp+8@5hc*WyBCBp(Suq@>#oPsf!k7=&s
zq@@HlZ-jLzI(4@G98R7C6R!I7up8bKC}RBVq@+R!-KJJLIvTw`$1jO!E57eC^T|0%
z(0i<(h|0;Na*Gr|>P`i9V3`cP$|X$G{ghz#jBZcOq6t&(%B^0(pPb=mWnAV(utzja
zgM-VfSP}+hk6$fqk##W|D6CeRnI2{oqem?*PIcO8r&?oa?VlOx^*Y_`jqY+otGD18
z@Mgum7zpS)1-KVXn)07vkreQ<@decSD@PyU*jb}%1uaOf?Yn6IC`w79q{W5r;9nrd
z%v*17r*s+)a;@Z&sdexTgVZ9d?$Nsm4FQ}x4rx7f+73?QKlZekQo{CcMesTIY6jdE
zXT+8E_ctgtQiw&88=46OhG8dOZshfMVLzSrKh)Mx9o)cXAgDzgzL^{;Ciqm_;K%m2
zs0_yM5|9ZaGW)bZokv#(Ytqv3jH?J~KuwNYjfFVVLr6ODnwf(C59A=$pA{NLwH|9f
z&(ESSrU*{kn#N5w`(W(f@Qj(^|7k@-WC*!|2M3E)3wP3(XEyjnN;UJI>T@B$iN*jQ
z)}>Da>G1w!U9QGb%k^@pgAU_ek-GS-UkwbBtF~j;;7uBfl_vuLmbL1STAYtE4u6(@
zZoa=Z>w<CwvcfHISo}2GwVqy&ZL7IP{@hI2(ICuTDot~%U-Vfb4Rhl=r1Ww=j2c<I
zM4Fl^7{$eR@L$@_&KQ@V618+W;k{9!5iuwU*X5b&R|YuqYNucmYTDV*(FI!y)dbzn
zYh5p2*L*o)!MwqZqf>dezJ^T+jC%NY6<h%5x4ufh@f>%7u7w2Pq>)&6*bG`|3~y4>
zb-d;wn^djEca+4|ia7B-DywLB;&dh?2B~*#vcYG~7<er&OL_;^RQw2bB$JHAu&7T2
z#lO(4)_YmnIphH|O!uwNb<cFJ;@N3+ngtjO6|&3cpjNlX&GfX`#0uWsNf|*)a&OY!
z&s|ek%vFkOPps6X-j+XW!Du%)ZvGY5QTsZV!1L0(Sf`~Jd&{=)B3tNaxdUIvx#bWP
zEH25S^e{`%&<X*35{Nyy=SAsrFbC0X7PnPEu~t!Suh_^8JT13w$=1+f+ic<nhw|>s
zHp5(B%_H=j%}8Yl7~pmjUuI8BwnfGk>72wAiUaoz@epjN9fAipc~zkU*8CBefy)B0
z)6nQ~P=jr3aR*)o?X+zm%R8)hxq%wAWifV_$4;S*?!PLv2Q&&t?vx77tmQp3uqo6^
zN@)k^JJ#@Edf=?^)9qJggnJT52q-8j(lpcb>FNvmoin}q0*V6LZP(-al<GvCXo+cd
z4Al<zyn^6pHXzmcYh9|OTxVsRUSiMNs*~f()V<*61sb_`6E2GZ4YacZdJk16UBa)3
z?BBQBbJ%UNs_Cd79{IP<FAMwKF8f0x)mUogO6H!+C4C*d>a5l8jkz4T^*$TjEJZnk
zl)iua?<2e)29^5U>o{FR1FUGl4zE(V>J-9GJELs*CeChX4_*zKxb|cD0jN$&x8k`r
zI$OuM5F3?&(Y4Vo%6<1|{@OgkE86=)!icMx?28WqX6?v|n|lP8^zqhzrn~`suGrDQ
zti)tj<+_`KX=~Q1B_?w+qw{VIcpthn8V?gEFc~?P%ddIJu=9QfP}AsgXYguSiqk?P
z!#Cvu*z8Rj2GfVqA<$Oo&$RGvEtNY?A4dphft^*|d-x}`jOCO(j=Nv=^{QI-TsM-P
zvTI-+Ne0&JZWO7Z1pwg38a{=P5sEPjH7tWQA4_|s4(D{<_+irltTwA~I0HLNHmVu8
z*1hh|u%!WMUW2F%=mzv|0tPHk%D-No4DQ!-P|9bpffJVuW(j#toot3S9@FIq&{1R}
zNorzu+ca*-<!A1av9y?2Ysg~hQ<SQBrEoW`umoa{D`ivTsH_$muMJH22WHj428~g&
z1##X}sHDTun|7!Ji2WAVQ1ozcOcyQr$xNBWtm8^TiW8_5vR-T-HImN*S&%{!3*!P0
zWCwupdS5&Sro)hX;3e5tK+UgBMr;&D2%aR6t}&AST4*iwk?$j1)~7W0EhT8>dRChU
z{c0udauSnQiu3Px#u`%aNMys!bts!?=G7kJ^?hsuO_3G*y`INxE&B!Uw8TEo3Kp1K
z`M#e<!@N&Fr~aUkk_z|WP5iEjA^eI!>(}Z@RD;UUf(|*{n`?wrg{ATfxgycUFKrYW
zx0VUx!=(!6x!PEH2QH3b*7901=R1e7>=;+GM&&a1xyJtMN-GZwj2-%6Oo%<tXQZ>C
z+LW1Vb`A-2YFCX^rpF1~qik0hs5IYqjm9#hVq2CX+q}{Ct-15P+p39oI&Ic5UaS`%
zsj6Kltz2IT<<~yS;LkKN>LyR+KIPoIw)y(TXv(#L|7I(?LCobSqXV<Gxxt#-Q|JIc
z>~Ga30Gp`1h4|yOUL!b#S-V(RVXZ!E;@8qxlth&mHSQmv?1_AvSQN6mU9Ob!+O=+_
z#rWLG%=lqTb@t}<O#Y)l$h9GSg(i03bG%d1LJy-O!fQFl){drzt#gMO{hLvJxSR1X
zmZum^;^tWQ+3wraM%WXLx5&7$mxSsf&R4kr+BpTArEuJMPk2sqJMaq{2i?CA3x~8w
z(!NH*zm1hNaZPo%PyvG3Y&UD=UywzYCxcP=JO!709+30eNgmuyOAX6d`n4~EF}SxG
z8WiM!xjrPx(4-&2ZiU`@wt>dbhDopa^Mzftl-EI%Jbl0ETy2^2))LvWhYP!AldJN&
zLGK<KnM45g3fjh!Rm&YYj0yJ%=)Vzq_k~z<;A_w}r;a`-lp5+P#dHy`0y^Y#ekE*f
zhc`+Llk;UM;Wu3x`boTADZmR`6nq`Bg#q6u8pIWdcGVK=JLY?XcXDp&cAUBJ!|_cB
z-+pBgP?sorx_Z@yf@SnfQ%2p9!qx0%6G8=i)y$B&gfiKdi^C^ZE{(4nJu$(TZtg(g
z%8uXZUsd*U5KxOpHirWRzEV%kVQWXJ4z1fd@5#Bu&yVGeDzUg5>Ormb#AV9qX1~P5
zTtkOh$XJgp9pSb=jF7!jS_VzsMIpXqe?47B;q(cD*)n(KT7gi_ME>(zwT+{T&incc
ziB|g)?BqP9JqkY<3tRqp;g#hW4SCcr=bK@jwhy{Zc-0)13m)+PLD+HA4rdd>O`*N@
z-*IRPBWwD+v=K^0plsywTx6-;F1+-|bQY1A3+?anYAQD+tKL1)kAG*`BB|sNaG%<A
z@-ciT|M)@vKr5D3(z1Nc%}I|ll#dX_RX_l0w`~LpI@bRYA}t+l1X-p3T}3GoJRK>D
zx&Zu^%`V%%bR=Ef&sf?5r-HbLtNGzq^DYUjYyBa#-5cvs@hX;g3pWct4=x7Sdvz|z
zoK&Rvacn-T%&%TIc~5B{wIR=4oj&b2d~0=I?J6S=`X*|xnUj>P6SbDRz`XR3+0}Vv
zFQ0R+<Hu({AFGh#62f_(3KuL01((=0ox&CWGRt{Z9Wton{OYaUGt-WCkvS`I0X{gm
z$3%qCejia#pnm^P30BW{V)_yfhA<*W#J5~%uk7*kRUaSiv@oNgcTMya!+JMsL{>ol
zs`r-kduqfUlp;^CZ=1>nw(UhB8_|2B_+>LnAI5E;&ckreQ^6WIc-H9yuZNo$<4=n*
zvL4%uP}K_eL>lP>iM#~kBjC(!;V!;FM=7aYM!5bd$|GTI5_}r0bDM<kvWi+2ifkt}
zg`A^PYJR(|(z1?~+<Y^CFa#Vcd`*cX1yG}dr<=|ar~2Otjf#<~uHOgF>!cd8PI>3Z
zL9bbPp5QWnp4TMVo38lWe9?5!kT_p!^Q7s(<3Q1e42kD@(`qZ+>o)U-YoZHG;m3J2
zMIMkfQcazHsxlB<e!q!%5%?kXW^UtKn2rpe>uBPl&_V4QR@L)iG^`TPR4U%6>KwRl
zSnPVbCC>0V9}>2Nv}Qb}P&{SslyeyA`mBaDO=$hFO2Mn_;XieC6u!8IRbzvnK|%Xv
z*ea=IuUZ3sg}<%7`JnmWn?>%5oc~oj74MES;W=>lzO!t`WhqoSiT&~=J)uqYm+i}L
zS~EuGaFWHPc2T9|83UHWdfiT>GJ=a329GUC{C7PMSE)Ki*jFcG?5eg8r@0TGO_l1m
z^Y{7=Sp>Y~&NUY6Rq6yMH`Z>BNv$U-?v<PRj#d}%^NS1kC<}F3QY@Y4L;bL^JP(@=
zo+{{TrUaryhnER&jHq~p8Pa(*nR-2BIw@%Ep*rbAju?%^UT{eb-&*mge#F0B$u(Y5
zCOD&}Y(Shg=X*4NJMfv3svy91itM!bv*tw4PfLU($KrImjsJ(Sua1kdTiX=`>5@iD
zkS;0d5)qYd5C#w!5NU*=K^jTv?(Xhx8A`fAVyGdc8_t8C_uKn@zx_M={5iw?9-eit
zd);~6*V5~Y89ghQWzjnqO%~cb^fMSsx+*J$#8$*%dXi6eH+s0EXqQda^~XQaXxW&W
zx0>1yV`AiJSzlGHS~rG$y6C=hd#K%U8rMBPmuTgoSWi@ozO{#``{Md*zHXo+`5~`m
z<k?KKSZ<_{h{*fRKz3d#56n^iN9Xj$LE~B)^4SWDlEm7>1#TDrSIPfP<EQaROww7|
zOLrCfZ2o*5faICa%qU3>fR2PzbquW~Sf>?SS5_@w<(!iRreVsAHtt=<IoIu#B=Lz}
z^eI$mFKOgU-W`eENqXGC^#;atYw^ZNSDuc32qnI{;Ba-<X#qlw{JI}yUPbx&IXG_L
zVG&PA2RQ|{rsft;A+W<sz#`w@)cQ$hZdv%Js-mCSCcLDv$D;blkZ8PpyIEi5u;?&N
z5Q}Av)6iUv3Sbg^0V5AlgOwX*AE(|4oFaN!ngEOdJ1I9RJ_4o1#V}$59d(&fw_UTX
zg?;x}sJgoP>$CYIdr;R+$kBIy0LrBB1Goa9sOBjd?dvmOG+a%`0QH+OGb^jA0gG;l
zcMxpY{q*y86_ay<L7vv+T#eQcx%W^I{A8~YwAvv<m3qC_TJLL<ym5PV7Zwo_5ycB5
zZuuo;KfT4T$WP$D?wBAjbh06KhYXf0z6#v0ZQd=uzMC6QZ@t;Ix<>rYF;Sy6Y4nlO
zKj6B4_@=Q!QQh~onCSH~&Io`)npk{@Bb;WyW4Ph>#8Q!CKz}ZgS1?raTh9$L(a#*l
zu+I_f3W(<-PP-xO?Yy{3T0wnjCl0rA-YD1%rWr`E<7>LAgUM88jQ4d3>~4o<dwVhF
zSJc|bjeDumcZbNI@?1r!B}mKT@uptzx=_+(!ITWPG2g8l3S!$Rm|<Z+Ya8Y`k>!QT
z`Pm#0EE-mys;!R?QK?MmPBnLc(5#T=_8My4V=LCpvnYuo97OmhsVe2oOPxDKcrw?>
z?57E$rpnrqJ74notUU^SYY~g9A?QhZT%(tkj5BW@JGfdW#yK%SzEdZ+NI2}_4@$mU
zEE;Nd%fCSC5br&EoqJ#)Zgzt3NysDM{m@?a>80(Nrjg`7?eo(#v|ug9Bk#fW_19n1
zi~7FT{;}M$sGfc7jGYMt>>upCv^BbPeG@fM8Q$F7+_2WT4X!TNGPU^8Fz!#6dl%od
z<R?0KEIF=**li?JDP4Isg!z3$DO3!I*SotEp|o^cAUx{fYdMeuF89qA^wF$T%PbEa
z<n*o7GoD+Xg)lSDRRebc-x)hFr>z1g1U>PK9WDXFs1NZ$aWip8`|f9rz^t!(shsO_
zkX{;CCbr<SCIhb10(b`N*u(8=&MrXj<*%43Z8IGP>tXUYUW!3x^g=?~_35{p(qcJ*
z@fo>HewT$~tSASUy<)dZHd6XFI3rC>K;K~3%&;SD$Z^SSNxd8j-`<Y;Srm44S@Q%1
z>eDeyKFm_u)KNa#+vx3E{k+I8d_dS(D>B__eu(YlWU4iARku}R;_LKa>*Yl0#0%X|
zp8aNB1Gh-p$sP7}wMfGct&=TUp8aG?C2w>^jiV{&P!jmz>iI2^QG(QM#`@^4>_JnY
zAHVUzQ0jv0!{*(BAnm0qp?5|su#}o3*18r+iX(7(l3G;^k<JCeI}?pgr5*Zt_KU|+
zEGdSbN533Bxp`~jUMwAaR?AjXgv^!@(F%PE8(Ea@)fKKhbvdX`&B~atQuCLSaO$UM
zRpfLozSuqWN4eUpr)tmz27xofP-t=lDQf-G%sZdl)Q!6$et5u1VN+1<UW^7m-MQ5p
zxybaWNr`a#H_P_hv9lW@8hUX_ierK`8EL=voB2wJ{_*wH9Z2+zX**Wuxbnaap;Jhn
z6SBYUn>hoK)pVI>%QdVtj~*cPwt*~N8CE)#&H;CFy8&}Fk3%Wu-Z{)K2j*_Ft%}_p
zxh%wlEg8mUDu~@wL5)M1l5P$s{T0K$rtQ$2N0++B6S3>O+1=eeUd9RQUZ^_sZCpvT
zboLg+<Rr={V#f$Sm!!HZtA5jV1t38)0l*jY)Gu6pJRE)ohS*|Hd^HMOhE68NyNltl
zF~FfG+T2`S3{xpDzi#SAdA;tke?#=Nr7{^{#Nb!dW4x9<m?D5EmBv@Sv3!q|2;M~k
zHwwzh>@lQXqX2Vf{RK*4$Q;9MH#Hz;CMG40`EzY62n=?9{OqR!>#2jNCNn-0<M4YM
z{2<#@CD6Em#qA2*v>V=16sorC^i6)(w%)%MKdKUa>PG>ed*mu-ZYZ|BPebA`GjUgQ
zvi<mkW1ulxV>nmfWLdwN3kFOd8KyY9;0RY>bX(_Yn0EDp+;xDzip)BNaacdVd8VSc
zcs+!|$ZPc!3+q(bCFCqNdLYnm#_RM~s+bvN#lk5=jvv>aI5JFTu$Sr~zV1i?AO2zP
zpk`Ll%HZeru96r1eKmiDY=7<fSY%sVnz<&UVIB>m!Z2E_654%eNB`vBFq|D9GZNR)
z^P$=SNC)Wlk=X5OkPk`Oq)}jLIw}+bK6r4;qIXg7>4l=i#qE{HdJSdMk-UrNFDxrZ
zZ*B4GK`Y7}z1vY3CHFVLam7Z1_)n!2AxhT(^FGk68Av<g-Pjs)Sh5H@<t=r>x)~E|
zmQKFwq`DOcZ2tZ<Go)(AiT%p-ssa+-K}Jc#`|7>L;69txIWkPFGVS_%T@C=+k?-;B
zkz6)mK-Wge?j<NnGe;jZPA=3a%^7y>;hoA!E9x~^KdHu&S$Alit4?u+MShOOK@b|5
z-g9I$qE}XY9c-jY+nc*q*R8g@N1|TMQ7N>!$Q~PuFC^i#RVdb99tYw$9<PwvtoIHZ
z?T%r_L4q%xK7=MUvln^UGVXrTn3R0Da6GE8B<pRSzRPCe+Iz=bXqLo{44Yt0+aR*a
zyxk+3J&5FUX4yWE6XWEKvO!^H)cYiQOETRqHyB^a3N>MG_B2?D5ST;Vb>D=z*Doi5
z@C4ZZEwsMhr#A2_eObkIi6GxYFwYT}>hJHKJ$*id4BOuR1Q43qZ8-8_eAWQjSJOBi
zPb*!{oAhcABGI%g+KtH_x8pQyy8{rUEr-^t;sWk(74klFfH%$sSb|sy8O|P3IkxVi
zi|eRsGSQ0sY8&1x@1<0k3*U|{5FVhSVQl>3z9DqR)UPj8s2xJVf!B1DT${fD*!&O9
zD_<Gj#9Dm(XvEi>`a|pC<zj<9%T0f4Q`qCjkLNG&YHQ2O-)enN71NUen1r){n>u_J
zVAaW*1>IBntWn9K552L!E=6mMN>48cM=Us6%ZD+IdR0(jynF!A!x70{$x2FgUUvlb
zdwUHB+a6ZX=o5x<o<Grb$TaxbPXQ_WcE5j1M4%&^gytT?rL%LDrL^wShQy2vLw?J{
z&vwTgdUg&=@`{VDSKd*AnLgbspF+cS8gLphLM+W)mJH2B5~u){$0$fpsUy|k()DnG
zgNbfSs(kC=m+F2bnV<GncUFXkWDJ0H9hsoYoG}BHw4L3Z(vmlx{i-|U|JI|!UXzr)
zoQ_bs(M)lStCD(4KSAlzL95NUimj^HGVXfK`QTe!mh3x&+8v6MUXgQsliM5z70yO|
zX~C1xyUYT&R^_?Fr~lk)m>jUxlSELyCFtEIJ_fAcMeF;f?|r6)FRjmv4)yhwVkL6(
zS5{VziavBZTaX3_Ws^{<fI-<=i;0U|v72!B%du4Fq+V=;=$4aWE0tb=ZBC*FJ)|hj
zb-($pyTpG+3f3KT9O^L7RU&rTmh7<jmT&Rgx%x^fw78J1OiFRmr>CX3Jbc%HP5UTh
z0(UxQj0CE8IU0M9(H>t|7(^_+kwF47BC)ZPsmA#T8oyJZr|~uxu-CBa%a%3(I008l
zz2v*6V3_ruMl+i-><x7q_dIV6cqk0eWC0uh5X*PTs8aFvFt+to5D}a5S?F2o5*?SL
zY|aj<=L593j0*P0@|>jh@>OX`5xlW4TH#NL!VOJ7runl8MUMZ#zD-#TNu4Y7e+%)d
zs1e<>D9ujB3BI#PX}o>GJhSKA{wxWgj4<UB6$mOh&-G^lF34S#*2`KQc1_%t7lu)?
z`1~X+y+Wrm8Mde5Mh0tkST@`sbQcxgBJJMn`kOkIEhQ5_aiW|05%{FFqt|8Y<wc~O
zmmv{K1TK{p+DuaYr(ww*+xesYQpFyMyfoMRi*v)Wm7Y?rr9!Q|{oI={*8sspd8ahr
zCp+C!Zto}xU6-%SdG{}`2vBe%g*-+I^KM>}@+Qx0DX|Mw2B1$j)E92?OdMel8o!h6
zH=Non&0QRFE?~PVbb43wd*lBt-;Sd}((&R7>U%Rd7{cslOTYrn27^_MP)FtNZNeAa
zI4Dw1MjGa#!{P-V5eO8c2JrW%hq>)!QjR@1fC(*KlnB-U)B6n@DWy(Hy+a~;jsBBG
zpu$iEpS0^O1&;)3bXt+F10#>C&CE}8m+5TrcpQKZxdmNSp+YSQ_OJ>Sg=dgpVHMHv
zX!G5`<L|U#KT>axO&pd6vBnTjMD{Nj?4hhzjY}f00}?IdfXl7ZG+JlrUQvm;d+8N9
z>Vhx!99lEy3lj~>t9O7z`c73C%&n02vY@&|9BOK|_{T2XVEF1$uSz^|mJP2_?77(u
zWGNAkJkF%L4S?*;X4e!`nO(T6D=DS>n7{>Qh!GRMFfsdU%f5bs&&HTJSZ!4wR<U8(
zlk<*PD{bzk|7;U<V!^<eI9U{utDDtu=uw8->>t5xGFC)r_4Ce3xr2onEjNw)UE^ku
zmb;NrTmu<%er{&W3jP=qn+H>O7egUQA7}a3?|UE8gWUoWE`mxr>Fp~C4@rqU=FGwv
z&z5ICPkVRIYBR>bUlustx~RHsI((X2LYe=jchb&KcSAt7X_|c`efvfv8Eag*TDzW#
z?}`F#vBASw2>;$obD#397q9=?&&%Hizw1jGhC9*{mbl{g9?P%B()*j@l&-ReMu+(D
zF9D&W_F288$2s4b41O7O=~5v~5m8%&Hu`p#g_48xW50EhQ2naE9puicjOpz^G5}Ae
zSNZ@Cu8<p(j&5&H4`4k4ZNHM><F9h}EE23Rg9s6S7iS)zsjAoM>}F>-Qj$H=WL=s0
zdCHf3wKfRjB^&<!J&mfOEFwBO`_lIA=4_1W_9s)F$m#U{#J;wI6^`4M*sV7-IJSE6
zyoay6d$U#1&aR4C4A1KjfGlj8>0Oa6pVhRqq|~;)Q&UqbaJxa^JXlWzl?dV3m~V2F
z`BuoMqeF4=YOI!qyj19JPD(vSCSI?(Wa#KBKqQ=ivf=T}u>0#lCqqM8pdRk9IWI7*
z8Bn`;iS4}lWGQcbd2__@IK;|T(jpO@n3%XVx71>l)M#ko8-y743j^Kbay3;|%ffAb
zaxzD^MG++=%%K^M?Yscj%?*_`mYCV%e_p0|F84yh3E+aWJ6lLqhv)6Rq;QL0&~mV|
zBjJ8$M?1VBWaYuo&UU)o>A&T&bk)-9G=qmok8n*%y$lYp&Xsw}xWUmBqu%7c(_J1Z
z<lf~q(@7~=i68Zpywt7Vfsr$_jka}>)Bt0_GpKmmmH$4}n{Z>9xs*t#T!!58HNmY&
z-N=`c?P231n(19{cM^%9(_!FtrxUp))$;Umt61vG4*T=(zrKNDY<go`PsKj2M@%`A
zmpbl=7KmP>(2Yw+)Xr>XudN0lT-I&XTxp%_nL`}rPe~zQ_XJP^Jc`=^zj(R2AkwrM
zv+!te|I$|!_JIPs@TPFzb+lO?m!;`C-etiF{Lk#sGhYI5NtE_ZZbxjjBdB*8>gtrs
zc(3wNPWt+o@GPYZi2o>0pR9fXI#mA>IO2(x_1%OIaS?Z~7SD8X#_vw_mT~}^x&p)G
z<m4)|Dfv*UIe9udIwToUHhS95SE$gB8!0X=^1wWKJN?s~-AIMoWYBx6m1!t)6@XR+
z$Vw8O>kCUu!$g6g9vHMS^uY0<VH{2ph`hb>7t6}(dIqDvMiDzl5IGqaQx&5*-~=Iq
z14@M)oNKWs$cIx)(~0%w(;c>!?ruI;0e5#)<9s-;-$>D5FXm(bV9Du&iF}0u{!*7y
zt+#-dXl+%qb}i?oI0u3>Vh_o5#qZ-ufchxE$vX3POJQjc-YB=*dUtd8a!S{wc-9Yg
z*wXA`igPDswWxEVjL`M0`4;H$?bwl%rS*xDxJSw<_BaAB?x8^=P?MODuoZ8Tk~2EW
z1?}rwUhV$~pR~A+$m@T6aL}8Y=1+A>Fs3LUfg6X4h=(5qB#U4-Esqsb!P8ofuqWt6
z-1yuWre&o;klUTz?YRNfid}CWht9^R#ATqYB6vj5TfvqF<8uukHD;&NjNKmZ-ScG8
zN@CZ!eFQb&EN!e0)V=Mdxa0v76{Vf*pO?>y9qiQR`xV<1qp=6_0ePnV`R~fbqFzHK
zzr_>?!AkrM>-!t^Tiv$37W^6XI*IOAeo_Y=yAH}DA6-og(}D#JRvxReu3!6>k}>3+
z*^et(Z0R-in7o)ftHCmxq1&l&>haoTR)2mNN0T#Vlh_niN$s5CtK_kz46K)$oik*;
zs4*J(j*p9Wsz2PBwTwi}<tHDx$EA(i8#lw27xUMK?*_H=ieP8JoJI|z!_6M8H-ura
zmuMNq;|{H1+Ia}%4ukKfH~CI679P-s-3e7sP}-+PV*T-k|0>+&Jo2>hI-IjwCV?i=
zFfmF?NtH`!yy)&_ki~j8D)Z;p0VJOJtc(w#cQ;EnNFT7b&RRW!-A^l1^DSK4q;?h@
zJp5KxdML5sk>1|kJCx@Fq1soU>^Ff9U)Ivi5Md@e!Ls_4)md_4V*li*UdBatH$)4y
zV+Ej=cnwq!rX@{`u(S0_od&V&ra%t$b5#|#si<Q;c7#z6+aCsrY0|)>l9LAw_H#c1
z#1fZ3>Z}GX@D+sH&3<u)efEr^AS25F#;F33draoR2Q<j@&rFPs8^YqBlo?3rm}p)q
z{I+4on#qTW!CqW@6!+D(g1RYZ*Tt3t#P-^j6SfW+rU;+5Y-(I42`8E!#KMK540~wy
zbA!PeJ$@+Sv3OTvsA}VEF>lYWd5=b2u8JqJ>dRyhhvdPS@15ggx|#E=D2CDI8dlD?
zkFhrirIH78d%8_S$Ln@44MaqhTwS^J`6jn^GK8Pf`9E?N+A=sYg@D}KXVt>oy58+s
z79Q~DI7D!x&vZK`YXluWgZM8@EpS;<+G$-7{k9$m|FdKIw)oa)P<(Pp0TB`JE-oiq
z4$Q6O`>a(z165XC;v%;7I{I<vPs;NlAu;oy)j=zF?#2@LR>7s&*>~13vm782POxkR
zc<vY(71h)D{armS`tf(TY9iq+DqucjaGme%fQe{fsMzHuEjhykSSt%V*uAae=suI3
zb-6z1-SW7b0;e0Tm(LCL_h$<2)k$hS%gxTNuasCTDK1vC(ZV~MNqD(MtmEwg*FLMD
zJ7)EY-T`WvPB8iT+1GWaxru2-t5_%<z?hB5>O7VtX4A!bEldCT__(SAFRnL-PMvsI
zMdP;HRa0Y%)Qm&ZDiJu`JVuJHPBg`Fh2t2wud*IK{siFVQdPh5_4S3SRfuA1^x>A)
zn$NuKzBYKs3fpghuWs{%F4#}?j-OJ^xV^X}e8bg$vy9`BwsZ?|EgA$=<%^zia4x{}
zHP(C<>QL>p-@F9OB+=Moxo)eZLipfD<a-@W%RZ?BlzQaHaRUN;{RylCs}TE+?Q8DT
zdTsl=K8CyY6nsi9|BSt_wF{8K3fbQN2gV&udtep-r%2_J-y_U1_j^yk5>6Q;zM08Y
z^T<{DaDP<G@HsfNM-9zvlFi}Ti!IC~yf$uh6<xOSVTVbATpp(MKVlPv1Zxa%m+a8s
zApY@Rp)P@EA2XxBi!=4R_Ll@JAX8J*x<Ut4s#lA^aDg%eLR4K_%fgAe6fPUUB80b!
zQ=3NqmL6Y=kJWGamTU?40S<*A4?9r_$O8y;J_3|jKC!sY&dyP0=4QgiR^X?3CEB&2
z%E}SZg=@gIWVkv;3e^PL{7Hw2MM=N_G?dbxYsT3&j(vP0pX9(GT3E{jez+Zr3Jp))
zuOh`Ty%`kCAgRgQ+y9hNk=r6MXrgDsmlP-HO$53s-Lbu7wl6BVe#`7;%i2>Vw92!9
zD>`Op0M`6#Wq%53Ke-s5(=&daUt7<4?bUBq=flkQ<SxdBUo$%!{Oh6A*F<vc7-j$8
zS}%xOr-KCBdaj{jiV2ixvS%V%(C<%6hqO2n>{t1*+SqLEy!6axzQ#(s+N4a;&{T5#
zSXrj}qj5fYnv}g;X|VyzZ}0^t4u7oW&jJG#!AgIZzm6_a4-y#SvM^8XBtbgaSEd~E
z4C&8XK0tb<7-Nr%hDgIG?Nu<&bpLhSHSlFhoIqe`NUoH|f)sMURn}&lV`&IPhyQi7
zkozl(YU$>b)FBk#VY?I%Y2y7F{?#w66Gj8LQo0mF0}U`>kHG1e1Yj@>?`cG;7?C6w
z4c43NKfisRjT(?9oSkC^wNpoeF>$MnD&5-$aZR*<G;;MMcNT9K_;vS`ih(miH(k!y
z4}B_ax+xW*puRzqvvW4F1#Z;TEzwRc(f=_jzu&<60yoYY0|wAKf<)~Y`rb&NgFVy3
z8N(L4%7Ts<Z}lSX-}R?5KCZ-t@^IU+xgH>Pfl@B!-%k+(gm6XsY~!C9+3)2cDcsj*
zDu7#uFJk62jmf{p`Bnfda0(HTkG}<8G5Hy+;4{*{2sOZu5H29yfx~KhuT1k=!&XcK
zy1~EOsh%>Dz;4QPx;4}?dmY-PejrV~f0;HR1iYx`&*7Q>Cc=No^X1d$>xT(u@c|@I
z8b*IE&|-gRS^uHuhZ=rL(j5L!1rc0A$u7>~QR4vvPQcD=r?*RNn-|d;*a%n}1w3+0
z&B$bmDNe{d_xSS)Z-9jhjQVg4UrH&q2ycL1v;9^B39ZTh>GS@(JUxHm15L2&Q*BGN
z;#bUmz<QTcyKX%Z01#gZYp6E+xZ=zAkFt$mk0yR}PttG0KjkKQ2@rGxqX_Y~fnh-y
z1=xM8_y559r8p9pVLU7NZxSAh{DKM{`>YFA{SQmGHbo0YgPOw%*rG=0@S-?&yO72N
zS)-&^@MoIsX|O7fwg*U&qmmyh*l;S1kBPlvTe#6J?3WMC%{nI`BU!0$omSWlA&!E>
z(-$oRDR+*{(vuPrI(i01bm6D=)@dGJoSj|V!0`kd$|?~|f_}x#%~=vPYkON;bY-cm
zOroMG>%)n1Ha6v|YHD&I;zrup>aUg@<lbo6!y_X~Q3(kJ4I^V?k`Eu64~ludE$u~c
z_e3(Y5(M5fcg$QqrTn8reSQ8{KYxD)h2AWNKkLI)x<6zDrK<m|{oTtxmI+XU+`cXx
zY^*VB9U9m$OM1k-Y9OcGVo8gH;F#-(VOF;QQ&hzBb?n5TvA!Pm0x_2egGVm)O-i29
zedWo6Po|VzU4N+$*q?-`IvoyZN=4e4tzJ$<#l`8*2?g{mEQr{()TC@bA+tD=8~^I`
z*<@@d193t}#_UOSjM}TJt-qGXbnVsNz{{e_7pjqz(bKbTZO8Oe@Yvb>Cq%*eYK-Y?
znsBo5=fmJ^$M%;e2CCB1C?|5Bv2pY`0$X42)meZ0@t54}`FWj_(Ty#YXcY(Q(a-;`
zQV4&2hzu4V4<@}R3M!AL>+QF&{6uZzB+_Th*tU19!b7()lp!U>omaC>FflbX2B2e@
zI5-q0tV^=}XI(%s(D=6pJVGpQDXj9W(hgT)QK_j4mFw(jfeDYcEnCD7%;7s6a%vI+
zbOP})9NJxGDR~u#nAJ7aE))esznW62$dfQ>oEC%0-#2~q+|~kt9;&4jR2*|PHR3Pm
z@;mPr4&P4t0=gcDux}rbwv!x0juq0jGjqf!>gh2!Em)tO?fbgxod8do^80%``y3fH
zD<@k?S^4qF*@=q1{RF{gx!pf3@E<Tm+c@>liI)O_(KVwL6#>EG28_U!<R?<SN)RQ^
zL7A{j;uIHk-iYvUiMi6*lA0%tmw6?fF#1|*k*~HYs}lzl9D8Y}kk~Zmlj<oYwcZES
z<4HL_%LuI$zE}EIF$3_)62+3T4|D)`e7(&HCN@@iqyF7V7z;_xLsQfID&q+*HEk^?
zI^NnU=VC1kXmT>h9M9RA6$fL4#6@sQMU_9&zz`I(*s@K=LOxSGpJX2DImqG9Q!5`3
zG<B~X$2*rhRv^GSV_z=9aV2Jihy}>VJgbf|-Se6C)DV^G3k!oDU0yM)Et0$+&aS%G
z260p*nFld_OiWDgWM9wt`8jXz{JI_eSY|Kd{+Ay7{p^3S;Q2iBQp;1H1xz8Sg#^p5
z<$1KK!f0rW$M*egjz}Y<0A-`QySvJ~UWUKeVjsre=k`gzJ|9i>TS{I{|GR$8V-dN0
z)=<m&ifH*-I~5lYZ}+KCSgQ*x28*Cmv^Fu}ecp9f-&>TiRO>vUB4pU<DYl^PPMzq^
zK?wgSZf>Uj@-U6%jEzn42Es@5-E(bX;KW*TNhyYs&-FL2H#Nma#iY2`8-6>$xL0I$
z7Q|%o?X>jty$Z5QO!dDz-9K9{o`vQ}7&Y=yOUvoiED;7QKtFrAi|1W`qLj4>C@!U~
z+^sSCP4MI+f9br8^dR<{S|tS&3|Ix-(Ml7KLlTU=rcKV6?+5R$8<Y)VBFQFo1`*uL
z1A6@#=C2=x(eg&KVMas~k{S^3@w`y-XtfGjKR)Jx4!p^I)+M~|e0h19mtCDKDA?13
z5ZhB<uNBqCu6T50oOi%mj*6-NCM1Myd|@oJ<^V4sE!eeCgPpF*<G_HAg5M6)zb88@
z>y;PSTv-`0XqR)o)qQ(wD?4YMsAiIqJXVhi)ksIsN=Juvkl9*m^@Gl47_SqTyt0LZ
z{ecY9_0Qtksgn-R>fnVIkjuJF9U_3F=?Tx7)DqK1tto$lgCH7()c<Q>z)qKgDJt%p
zc(d?^g#`uFSHR~sX-8J=24K`&7>sip3q}MHt4ok_$cp<6{j67zlT&9cUsU8MdRpA4
zJvS+=naF(vGOH|Ud0T9lEL|#1AxUas82t6?S7v!?UDuCmqFCi94|4mqF2x0OJbtD`
zM0BlEDZ!tVckh;fB6|UP=gbDyj?}UENZS_FHe~^B+Mtz{)$x9@mP4q(AN7n&K*H@X
z{c^W%Ze~T;zm_lHJ8JeH6gO@SsRs=x=i5FB`Q-rwaEI}gc2@jfeXB{4w?C@e3J>bD
ztU1;^-rJ+fIx<ft=l&sgk_*lEMJ|n&As!Qdk3eYjOxf0z^#lh?#n6PR`n1k~)!~J1
z+GYy242I{vAYK%{7OHMVo)2<ElnvH00^Y0k?SxsI4Qgig<+^q)Ez;GYWpOu2d^OdE
zd9@7~Y;?u9TlZ-BCvb6*<~K7)>J(xM2L{+kx6!%&@u;9?oS19Zn3^k3<C3<b@D$tQ
z1{SJ?FX#TZ5<WaC&sRrbMP4R`tJ9j_dWj8D({klg=}_A|=^IZ6R;?e3Hs*<=l}<Y2
zHIfaWpzI>sn~^r-c#<7qBTObx7j(!u9b5}+kB26^%xev_P?Y|>Fn;Y>f>Fu3jtQgA
zc&|c?aRD>Ww<O#gJZ!Kq(+U_XJV!>(G6WNjLoHYBN8xy0wp2lP_iW|4^GlMhY^lPa
zZgl~<Jws1Reh}4L){h*zP2y-*lQm@}?AF5jV<tU~EqqSbJD#b988nRAXwa5FM(5Ab
z`_Cbbj6xe7W2L@7Kx9V4sCW6+X7r(o;;FhQI4ib7n!P~fhCn7{gp_B|Z&b}T0~xlq
z_6!UwG{oz4KBLjb>h11UV%BEvyu{nmIdP(6ZFJtc)G2r61cMv8i~>w4l9QpzJdte4
zcpD^WD^xyU!lStE!MbVwnm9SN4QfQV;}Gu#T$nYX`pbrlqF*#4Yt)Ezl$Z*PDTz(H
z;+w5)g{n4g&z#l|Dspmzr(A;+E~LF@6#Oes#UF9As|k3-AttMpRdMZYkW3QKaFKfP
zX@2a%-D?;4W;B)JL_V2+U`~iyXr%eFx2q@5>Bp{wxv*0K^SAYRC+ZciuoB6MK^g$8
zzLxdOp8Rv*iT9d<BDNhUZq-W@6G8p+tNBmk4^!UY_J>8MD9&AWvRWlmB{SekXmLxC
zYSy0}pBC6;ioMZPh-Mhh<1NKT`n7E5*4E%MQIJj0uYUIC;kB)}#*|c`$!VU-FrKce
zc<O-BA>bsQ(a!zd!v8B#_*axmPwdHw0p8R2tm6GRYNUIVOF^dJ+Fn~n*FPxBMC29;
zyvDwM4rQ|8v@59hZ*Z&AO8E%Xi$|rR21{K0wNMKS3UZFB4LOH@z9f#xvnItdlSVDY
zO$w(5=$WLvu9opx$;~u6aZjm_Gp?z%5%xE1XHVE)>34~|_CmJ!9F%KcCfH8Zf&{KB
z9s;L30xb3KguSD8!!vuMaZCCQWl5eWQ(+WH3t)32i9bWNkn%<5v9b)G?TxD@%pJ3d
zzuyy`mS9qodL2LlI%x%!69pjGI0KrV1L&fpW$2!)?u(sS?yyYFU0-LS*}?^TuRHWT
z99`<Rq}GZJeMNPs*;JX7<GaAe@=B%ky42s<LCPycks~c)5~NPwu8T3?b<`0Z1=^(o
zMM~Cw-2fMQXZCpCN`btw6a0Ep*b^1{J?I4s^RT1l`0)3^94T|puxcE>ZI?4DgR?0}
zX~-rKXi0v`|6=8#Fsf>Dv5f{MB})vO`V<p(OpJ!2On+Q=b)O^>nD52Rzc%DgZuq~q
z>iHHb5S6p;w7tC8t(`9rWMVI6SkSrHQKa^=#l(;sVKsWGZ$FdeQff<s48yE>0jf6m
zx*foWVU+aTS9A=W1aUT^o36n8;vkZlvV4~G=8IxrU3VFgFNRU_z$GGH)Q1DKewk!_
zj^biHo1)623|nr@epzk_9>0LZ{u`f7QxO~`=cAr#autEu&WwqzI$6&l0#>=608@;o
zqY1dR4j=kl?ayCzn-bQ}CiFH~0jHt~z9L1W-XC>t7UTb92MBu$CH=!<Tr~X>FN)^k
z6i|EK@NRH0rq3pz3_Sg|O@JmrdXSG(p&wlRfnGDSlbIqPQN6<t!zMCFK+O0;92wl?
zs*k?a5b720q*|e$GF#oBd9-bn3#W|~d01p5WAn_4=sQ2))r<LxwDVu>ou0}I+7^-f
zt8qC6q!s1=g~|GV*{43~`#iIy{UxcFEx{cF5j4`O!u5m^I7%8$NAs`Hp`SMhMw4cI
zp%J!cDL3X$TTDN;+}krqUY2dWo32{()wK6AT<Lf`t%t6zc&b5F6k4b?&(kgG0k)>}
zIsyXwDBtHgu2lSvvV@-n*;UfGk^AdE2gV(+(z(9}nI+x?2L-7$TK8EHz8iFPo+}YK
zs#}mjw61J+&hCGw)A(%a<nl6Qm}t3d#}9n8=;lAKzA?!K1fJA&hOYyC(sV$BlXV+C
zMK<<VWeqI`M}pNZp+`x)hjBUs7bD;UihwjsmO~L?h}C3onfzkahid0#gvqut^wZd+
z5}eBUTW{%w$+O8*ect5ZgPd^P#b&)`;KG+ke^e+n%|H8H|C34lk9}!dd-j}2GQOJ)
z$Rq?9`t(YvZ?U==R9?4}duTlrTvBof&A4h<I8b=VY-H46+y4k`kHI$%V~{5^>9OkQ
zAR(%kH0Q-)k#0olAAVH>@o~gZQe{A`z|HyAhCoC1YNO^9TicUGQ-ai@!=f^tnml8H
z9AZ|y+I3lhDkW^vHSIfLXJF7&F)zDpVX-y8upo&Gv$N&;En}HM5*v@RJ+Y!h)QjIj
zP1ZCIT#qJ~tPeG0LWziBgT;-{Xc@u4Y-WLR;kZ$|J-+Vd%?92T-+7C-Z06SthH!?q
z2m;dPM@FRl!)E=TeM#IZD#C=hgIcrF;Af}1c5a)tlV+o{uNQ-L-Z$lGQuwLW){OH3
zT4$b3fAv2S`j0O0UXb)S2mru)Go`L6ML2S;kO5c8@bx28_Yb1Hy~bnWs==i@?!(<7
zm`X$X7|8;93X)3YmgVDC610-fy$)w5$Z=v<$x#yYqwCGiL>(Zg)j>o<xvY>@Gr0v3
z5%Z_cy4@NthLKqqYb*KPd{(JkWb#>=JDa&KJ*%wl@V2+?yWjSR4h^UB`EzlNx>i)7
zXUX?~(d}~d^GUDBP%g>LE6j%X>a@gkv8TVsRK00Og}(o2Wd={n%wF6;vZr}*vXh}T
z9US0W(Wk*{;QH#l;_Cscx=*z-)*x)+^)eohi|8B3%zSTh2@VLG!-`t84#Xv8JI32w
zFaJuhCX=D}Kh}Hxc1Cra5m#BGx?v~TsZnXp&&L&lHVDchZHuEUgZ|<I$S8=h4D185
zfOq)c?pQdNZIKTSzfBKc{vfCXk|tPv{LVX{okYTkx3R(x#?Bh0tvz@1;-N;bwS|Qo
zx9w-f#A071;v&64099E=Imwg+Amw>h*HiKf)XUv$$h}BcBs&wda@j+hgU%bvi2M@a
zUf054xle>q_P6@Kh4nL^w3CZ~C}a5@WOs&wZ_b{XvGjep>er*&9xwim0ES=!Gz@TL
zsQ|mV^m|21Q?SM)__U-bmQ}Y+{Z0USbCuHUU$pR~cK=?JD9BT<f8n_VnKtc|8}LjX
zmXG2?y&njED8a{z>Xi#3|Nn3lrl<fKwNi0vex8vtieYdZX)>IjEX$xqUeql;KI3Rz
zWhXD&TtB;agKUkYs}n0Xzm7Uqermk3`zVe?P_*`p7T9GOqVjWIT7Sdk(=ir=0KG-+
zW8s9h$x>W=4D>_B7d_zekcN>*%5})F%}vIRxaG@B#70ZeKK7*Wz>VSb4lV8p2v)DA
z-`q}%s0P)z#I0tFUHIb;0R5MYvvm7MX7zET8=R{Mq0Nm~(GQKIpIXdSn>fsy59Fs6
zfwXWAF;Gi)1io|D`VW3um}AlUK0NS7<0|sC;(FXrz;3Xr&0+9V+?*4+nImT}`D?F_
zm<O7<A#i}JhVHtUkiv@GraO$BWvbhv^<MKzT0Op$E_m0RtO~L+rQ{CLo>sOz8nCDF
zs$dfp_$Nf@f1lHz5%?tdQS~eV>6jScXEsj7&t)&eJ`hd5_Cqm!CJ<!EIE*dhG51N{
z1``%UKu94olIdmsoDhYUaX23I25=b#+c@NcIYkc5)yRd0s7lrc7C9t)dakZXQ;vPO
z(I4^yRr?TALPyNep|D<-{QP<VMehC)VK}vLv#w5aw!$=-Sr?=tqh?|@UPE;1iuR=e
z%Z!p?l?z!=MKOijg@~J7*^PPi;Drk*N6!PkzBkqk3w@IVw-F#0Nble!fa1g5d^%2>
zEa(Q&F*hUUo9k`CmzbGrcn;^i$iU*B(PB)5BXN+lB`hS!_J0zRAO&L|RwJ4@n7xyK
zmvI7DFX%iWk0kG?Ze6o;i-Q%p@y?CM4E%aoW_A{bVHuf=3Z>_q`Dc^qKSVF}_tA@=
zFINMj*Wp?MqenAofK1N7bKq)@iCo5*RW2bpK<m)Z4yruaI5KA%YBMusv{c_q8EPhU
zfZ36lG#{9?6O|hr&1B%K7vN?tzn+z~zQQ<beM1<Xo8OZD)`GU=V3wC%W`tX9V_J&0
z@$@vJY8nm%`f6OP?>>M-?5?|*KAC?~pPRj`%gv2FrQpv9ji<U`{mH(<NgeN1@jIAg
za-=Vtxb!<IWCZTAKsyaU5&1p|H6ESJ;a7h@6jRP-7*lR6`WbK{jjP65xn5j8r*h;j
zq?TQreyfDJGisNbdIu}*6?7QUc|~&=s*0zz?1-eqvsL&2(_P>oynde(`u@7jGjm+*
z`Ik;+@Gn8VJ~+7<dLQ%X_DR6!II1RceO<s%+r34D8JRrAh~LXD$62qhpFtv?prA<R
z&x#m3NrxWj{G9d0u<cUvgVn`bgW50<B21gZ-0nBx|JP3gosqk)mrl0w%GAx<nIzDZ
z!H&T^62dp6rB2fi>Z%KZS12^;;g?=`QA&>x3u;28TtA@pB!fT%#KgJtM4gWx&%I&L
z6gU59ht^pyF!N5l(<Z>E?9$u>KHHV`3JR6Y?dU)ZG+f5Zm|MJ&p6-~T<Ck=tt1vBo
zOt)M@4AZ}vpIlsiTJ;H`G!c1ud;2}lsyr_8vX>wqLqA0&X~uH{0yDmW99|1a!%AD5
zVE31=hKCa+q<py-R??Xmg(zZ~e#Com2{wOYt2PPkA?R@|m=+{*d;3;inI<!o53}~C
z%PGYvE;Df4&8P1z3hSP#;%f?ejR6aWu*}@r*bTwZ(Xp{8{h(MJYEfEbX2vURV$WcV
zT>uwu?`pW#nIP$E^<27@6Xm^ZkCUDk*HCRuwTk^9@=3&lu3t2|`#{dmpItN%7DK5q
zciz^Il=z~=Mh_>z$^3n~5QxfHK&R29aJZ0I^6|9U1B0Mp_Jr&n9)A8T-2#&5NOt$z
zw3i?8zZ&TOJLr!L1%SgvY*ALmu~X*M_pzvDi7VveHwLyByg|wpAj=>(<5Qc8+~W90
z@1JM}2c3rZpXKWVxD1dCacrJuN6RNaMwg70DCw99mRM%aq180-#&P`TcXix2i6y=#
zHe(GWy;W&N!&jGn_B`{?5-kIk16?Kpv!l8YYip54@V#CPC3<lk3X%fy)<On%IqB9I
zg=<?MPg0>SmvQ<2Ab;~GGBCLxEc0{}1ky792ZeCy9sQ<nUxeRyqC>yK%|J+8?BmNa
ziak1|pyqit2yLtUPmj}irv$NKSi>zzui}g1(i3N&ep}QZ)&Riw16v1_-0U60*q~5o
zvVPEwpHh(94j@#|DDMedFpLz!w&ayF-?zr(Rq-Uq{BKdhfBX<<_jfp7P$U57!`s>!
zh_9qkE>(pRg_&n3ahg$fm#LLR@^A^iv@i*)w6FNgNxJ)pg)tM8mHR_EMn9<V0fr}L
zOj0%RcK8IXL~x4Qx6&f@r#}<Wh$1(pE2f!^wuFy12GfNheTDs6tFxaF6gK!;pWe22
zRK*sj0KvvgvXzK7y-Sb7Yj;g`4qa7QQq~6<rGg)185Go*3RN|2Uk1F^(Me7UW{EEj
znJTsK9%d7Bx1Fz3VkmO?fQG?h%H2LosNSDLZJBabV*w;q^UR}g=a+<0N;s@toH66$
zMsz<;IaM^{JF5kXX7N&=^btf2wm2F3Ttna;tY&=dQLVQ9&J$GJDKA3dQ4vY9baY3I
zY`ooU0iA4u2Fy5RPpq0`zZfwvt_rr1e4t2z+Hd;sqG?P=H<c8z58AjDck~mR=D+(W
z+C>C)OmCM3GTK5N(P62U-iDVRzibgF1$s>6=oRpyitUW_{!=0LZ!WcM?dfyiu0OZO
zu~U&I21zH+0xvT(RZ|4~4PJv@p}fcGS_@4;52U0tSRR8h^Z%$=9zyBwcH9%2CzUMo
zJ>TY#827qb=O>C@)+I)a+0vcTaAMQXq~NA6F6C-Zk-Vd(ra9%%vC=bwkBHBrgLNQo
zK6R+XeVZ7sq%<qu8!pX8Co}g}Kd}!;5Yk)R$eRn-CH@%}H*D>MC1cNk28)c0P-Qi4
z5?{8GTZW-|SO|cq7;{S`S|Cq@QAVjm)}iRJE_+qSc5ZK4{(I<(>iPEN->_W_K+fKW
zi98aL-j2XLFqrmv_l6)f>2;qLH)9}(;z~wjmyKX<?)B$NmHZ07;xC56#Tqx!u}3fU
zY0$)9C5t)K*y1cKaIa5logsA4vsOPvrIr8nG}MgE)D~ziI@u0~9n1eW`LkOgt|Gx|
zmpVA31b~Lp3DN80Uk}(4Rs)}Czh8Ls(7YIEZ>P=gzm^KA*Y5f5H}lx3t~K_xrcWr@
zc5Zj&QM8)1oFupXDOMxsKwboWbahMifdP<)uuL}yzOE<d5VMI842c^qy96l;Yt(b0
zpw#(`+F$P2z2;);q4zqhihE7!^WO@EvMPv=C7sCR0GOCplHIm}!!U)2Hvt8H9sE<k
z$Y<mA9~XW^WYi{{ak+T!NTJW@%k27ILSc1dg6-9|9KDsHu<0cxYZlRlz2%PUAK}Un
zH_^OG=-D$mYOlj*$s}7b|Ly;yBG5lyCW2mEARF9}wP*A3@O*d86u_>?m8xi^$8#ZM
zugo+w@MedXS_*I=b-aDRUc52Hl+mGeQDatJ+$^a@Pb*rL)u#Y-ocqM2M<xG5(fV&e
ze4XokyOo>|=vs#VJQNJPV_{<nLXDoE7lvrC5S8J1vP7eM_6I!JqZKgEPwKKPD;E(K
zE}GYOD8n!x!#V}~7(ubsfHuC6{pkOlmi*h}|MsB{^F9nSPoKR<BM7juc>@Rz_J>tm
zul~Fwst?c>_Ed}z{_j~UJC<iT33TUmO?|$E7GoyMJ<wnaj}`4hHtS#2f(HP~fEE6~
zV?k=9zq`A(HM)Cwi-)JANc8m?WD7gR`X0;vZtvOLqapYwM}K1n{-00s)W4Ua&f|M%
zzwHxg6-odkz$Hl1J^4dRYleU-71!K@uJzB(%W?zFV1-Jw=;i<DHU3RtZB;b)7yy4>
zJkF@zO{wy1+XhYMFobZndvUda-vV3QZ#xVA@!!PtTnaU~Qqld2t+t><8ffN6V;C?q
z&}AzE!|B~!U5s$B86|+UzJH46mJIOFEumU2u0LDyZ*TKAGYUXOE&*f-EF7=am&=b=
z$?I@jnvwR;uRRq}?I3n}E2cZuFaNvbfG%qNJszZfUDBEMerxJ>fRC;-a`l*wWcY97
z-=+hq2y@D*t&L4cB+F}T)DGe2Wef3pgp!||YeI(qON8gc&&05#KOkq|X@qF!mscjt
zq0*PX5eWZUK@(m;0w=A94}N*6>B$eP43Mr1Jc=Cu&%*ot0o{uo)=?OLlX-5HPz`^P
z*J@E@fsKQu<l!M!T~nhd=|+Kd(315FH%`Qao$Y<oIIU}6cqa<shQQ~Iqk1}@Rsp@m
zYVQUPT}*{cl{}&k&wc5G8b2*c<0eSlsmm2By|JQ|pcZ0?T_5Dg@$^Ixgr3!jD;paV
z5yrBrp0#;jodKiPqif~x#)X5oV>Vj>xN+2oEw{JvY3y&f|GvZeFHs$<6+<%^nb}wp
zzhS?j{qtvQC;T5cTR^D-){NaDaJjkpv0?A>$+fxwKPu->T>tBjhlv_o=k(vAqF!lO
zHopIA-PzeWJ~{brL}|qCi*Mxe^3(S<u5^RUtjf{kLe6p9?Bkau*61m63d3onP8aWt
z1RYKX>hN^1F?+C_(W##A)8amWiE>`hk1g>M=Ti<RsJ-e}FH)Vl#26N#P~@)TE7Gl$
zM}rOvpPYSx%Erh-+-ikHwJzCie#!k*28p$}5Y|_Qla;o%deHFE<ZJ!ibI1w<pa_PP
z`YOghr}Yu=5sRdPln5~gSJhz|5rBy0J7=DAi$3*KR#ur|JHo6zuXh->tPwTGk(rA%
zqvOUf9tn&tocMLN=M+CXr!&ACmX&41tXuZ2xbtdrybqly-v1=u^au+hyIUqk$;t|+
z`FQ1MwZ~rIISJn;lWSX37@(8_45Rmp(+vV<7g@Y)v(%@%#$EDDQooWeoU7CD>UwzG
z1@C_)$NQ~A2!9<JmDn#D5~Q6>EG(%FnGq?!8^%6uQBMI65EWm*G^V72$}9wl`ebI-
zb0R`Z8#!q;|7v7}b9`D+!5@c$Bvu+5NnTtm&lh7_ob42`)a}#SIOYz}5$8nT%BI&}
zlzyc+sY*X}mff)aN)b~05D?VV39h*n`@{*pxmahknDXkxiSCfcosU^)7Uf?r_4|1D
zDd;Dqx&A?VGXR-zs_<6&y;af|#05OK;K0fnnKu*C3>tLvphHT=bg#(?X=-X%3~sBP
z5Eu7qMnIs;1Ko)*15cw`Up<}dxxsTBZ0rIH5Oz$h^#*3TAU8`8uHj=F?`6b>kkuE4
zb8iE`eog0r<R<~Z22RfM@tGM33UjB0sVNg}3TRt5EfiqsXX)2ECgsd(reiP^zsWZ>
z1%R@WWupjTf%qk{kFV;j<m5sMm_W4@8pj;8v_V%1B|1g`XkQVdk!A|^D~+h5RsOOL
z<mNe~f~Z}zv9_-C{=Hx$k7ZU)&!YvOOFv#02!#D9RnO$uf*f1%AdmiYS^2k0M>`=B
zd>g$@v=?yhLnLmKh8D$19d*cy?3|p!gLdbp%w|xr+A-ZXqg_cI9dhu&`v=3=HJ4Tv
zrVu^aIDB&H#PV{R0=DO8;9^Qtk7Mp|P>HvgGVO4>fY|oWO=;al*}#yX>>%RC9<7nY
zi!zHvX==vWUz)bll?XjwoVIs%)_AoxD(~`on;-x$FJQ*}$?B3oR7yP>=vAU?{i#}M
z1r6Uh`{ynwjpX9BW}=dk1`J7-uO^+~roC=_SDX9p*;9(or)<-vk|@8;r0TCz%P+)o
zO}G)1T%EWvDSL5Uk`9Q>&7EH#Oo9=cYrZYX^Vd*@b=l`#1?}r!Y*uIQhu`j<8EdaY
z@^<~M_C592hsgaGu}?20>c!_UW1PxbZ=5mDv5y-dT)LGMjl1G^w<9n~khJ_%siodO
z0#9*%)H)>Ch<~DE9<7%xf7v^VKgI}`5je3A>F6#H>GaVhT99Dz$i6!{PSFLY7bdC7
z9kC|}_0@yZ)0z$I4H|`=S7*%~Uhy)l<1lJhO2M+QNsH+$N=O3iX$e5q%J}gq+Dp>;
zx1FHc_+Q_yjk?hU9ZI0WMKzV5ZB4ra)pYxlO7lOA)S4&N?HXay1;zXT?i}f@4toe<
zt=o0KptF~s!jf1Z6SGraHir;4+mUmiLO0>i3A3JV<`Xq4GEAcsXn*KP!GxLG-7h6I
zdp{>ijVnj%#^4Lsb7?a&0Gy5A+n;yZ)PLAq_7R&6R5PC-x64<C>TWcC3DAppCv$^R
zBYFK%c39Mla_rnC+7obDNX+=Z#ZnE3l8d;0n*^@Z(CLE<wtre$To|94%N0h<%F5bS
z*?y97l<s|n#z7UwL~_fBf@cVaXkhNYOX;i>j-B)otOeN@Z!h&h(F+7WLle3Umzu)J
zm&*rX_SnOZj63=nd;9y%4ZW@!AS2Rs9ys*K+DpzYI1)dpNH%jp9L;$pv<sAuI^`$K
z_Qm2pVgpC|Ir?*>V7KTaNb9KC_qk>Sd*{ZOht2DXiy9uTg9rvKoxUQksJVIhcn>iU
zPFx2|NgVXJj<jlTLb#{ldQ<ymu8WQ+E*9w&jV;<?(kp^?VccCyJbGs?3x2g$3`ZID
z{Plb;aBtCdqdhyVBcV7r!}N>6@+-r=wOYNf&Z&l4-6_vtVh&-pjn+!83(Bx1|AvP5
z3sJicX&!fJUW!xUVlg$zQTTs%b<_h$J-|f>E9*Ir=om9Y0PxgvKDr4I7os_xl=<LV
zxZiX};8IoWZ%k|5I1sM2jB`J~ndS4P*7LF**{QEG+TsF#IG^XfQ$$Q~Cm{>2L-1-K
zf2A8Bi!1Ry;X|@O7Hc#<K0e{*?Cg;$WamxW4`8OQ8%IEc2@i9Hya@Bd2TZt$aFcXL
zr%J#_!FFXwfuM9p@d9WW9e0u0Q@`cq=gMvi$b!(7n)syPryL&iu%Yjnszm5d<vRjP
zOG@O`=K5peauw77BUu{_pLgmuXKK-eA@FtSKI#k}kgX|@PutrIGM9+wlCLW-R0!)$
zMD_h_EKubQ)IhCJ6GB2lSoKp?dSB?3M^~MHb+5K*U70Q*GDOnI(tzx*P0vvX6VD(W
z^gVf~c|EC`s&+A0Q=HKdDKK_|+_<ja9&pgkMR?@NX$P^dh_=sh88DGgMSruybM?H-
zL)!~$Qlw~-)9Ougb2HC(j`u%FfFjY)YE;e#pMC67d@l}1Ge13{ii^}ghkLyj_I=ZA
za>nj9eIsHrB>cXMgI#|>$U(UD5+=F@?raKc!+%gh5saLI@Z${gRP;eP-bpm2kl;`U
zUur3+sSJ_c84GJ!aLxA8-FnYFdM;y0hFBO|ARmVV+kCm+&(}!qM1ZJOX2G6)gBTs%
zxV{O!smTl_=(c(9v;6GK4-984&3;8^j}}O+ejB|po1ZXGUw}n0qW0?X{Osy2M*DL`
z;=7ift+h+(B`?_S@oWXWv37O21$%;D@>;HQwxV$<)4g%cPM0TEe}52i(`J+Vd82qp
zyp)Q;V*6f4k87z`(M}t%jhfDdj0a~=(24hsIGWFs`0OZq5pS*-#_iX_vZZs4{sC`)
z6$g~b2JU`%`2yo7^=iC8SDaQ>v|}RdS7%|~`Ln>U3Px-K05VtyC)vKz+f9V03+Ijh
zrHg4+tAB>$E#2>Fe0F5OQgR>z_l@WLcD=YxFU)5%UQMzSjY0Mgt=?jMTI|9ipTbcp
z5AhF2Io(gUgm4ETjhOO^<@p5op?GtM-mzlfEiT9xB4$!CI>2fQHNU@mc6{)w{oxLK
zt#)!ZiAJebuFkKQJc|b%mG5}`G&h+e)8;QJ=Uc<B#xkM$12VD2Mh9cCiYGCZWmRKL
zQJkA3UXTNC`vsC#B9*5knWg&ZPcMEwtx=`0rwcJ;(I{40mAotJ2&uh1=Kn>pDcsJC
z4^Y|4n$e>c;&zW%0mjX!W_!Mba!=b=kpWXNcT8XmQ&IZ4*^sMsi`B3t4)N6I^&x;K
zEtc^B21^#2hhted${16XEuI}UOm$?re~^r2;b2ko5;-k*|3DGiqJOjEi=CWw=%3eW
ze(_Fiuq0OZXDpu1RA7n2Y7WbI5PF%bSeZwusQDG(YQN?0bs#gdh-6IbQ<;4jY&d!6
z(~E(|QT_%C0j;kIqCEq<;B<GAY|Qnq!+@&?)N5)qLR#{4@(aCQP^FLawbuC%MX{<{
zNPO&d?!|cW(-SG2)SyycevYdj*}3&)qBB-Jpoqk-bD)0y4R`|g75)Hu8{O&TZXHLr
zl2EJgmn-)9cG`<Zj(ph{RFG9W=bOY;jHv&^)>}t4;kN(df+7e~N=U0nNsDwFpdj5b
zMhHmfKw_kTNT`H#=;#>DsF4EFy}?E|jL|vjH{Z|md7kg*bAJEqa5!fi&V9e`>$+aA
zt6*aeebAlR*obo}&tBrO?DGhxX?FO`j@zIKscqxJsbA~Hv=397+$sjA$jaq(yIm$>
zF2G}k*aKiC)7%wB9}b=Ns%h{h#xVs;efOVW8U)ew<3LC6<o>q`q;UEV3l--}z|W1R
z;i2nYuw|)W+`D1(B(+p#@+mi?l8DM1_3UbfFq#3%m;SjHbcxbTLsjMdlq!aXt5o(h
zos{K9PF^PSr%wgf{$a^K@8QeFbwjjgRa$96dMEd_8ab8ZWS)Oo*=SlM+D<N}?e3d#
zh8%San|G1}D4g)T;bS_P>F?XKP1d~X@p`{?h~fSpcqI>sLc|xF@sg!`c|qhN+qKTt
zFY3keTAU&SNl5u_4X0t?V+y`SDTts{*t6R}N?olMD0<nr$@~$mAh*`z=|L93@_8|v
zN0HB{JZk}<n0s!IA91tUD9%LpMT>z5vpj3p!#gWQgC#!=*Xpl!Z>NLY+izHB45rw8
zkqR;L@K~+P-CoS?2fu+&XD<aoSf50b|JXI(7EA#LVeCb2i$XiF20&G+bxmZ{#c0Q$
zg847L3xu95jenF-d+i>q2RonSS*L-Z0gwun1gJ7@FkP;2vy1pQu<p0gQ)@~B`bnLj
zmiM#D<zm1^QTt=I73wVigCD$ldMmlzlc)w`CkG2wJhLbudJBq^fA|#GBgpx1wPd0r
zXwWJkLYvL(Nt<X^YA@X)pYzV#IjPg49Q#%NETyuE`nJIbgR(~lv*yR$h1pvP4BKz(
z#DB`q@=Z~5F`sahh-1J#TQCsXIbFRhFuy6o)Wi#X;w3YU{HY^1UxvpR-Z`hk@?2|}
z`r%V3VoY;<eHFrD`}}<1#jH8{?k6AamP_?Ahv?3^k9*$6?(Ri6meB4Pg?Rk<qMFzc
zKuhp3VE-Qz^$!&OArN?(qf>J=f_!mb%FsWa{hBJORfN9u*P~i5`+7~aNIQmv^hA2y
zHGx_&O`w7F3Qhk4@z{ti&?nk5L5f9JH0~doNA(<U@j{h2i7u#w!XC;SP0704XL-KZ
zxf$`Z?F&-_Gb*&EyjE!(`*OS<PhiLUjFrDK<F~V4Egh7alg*@vkWJDaoSx=2m|<W7
zH!Ua$vtXa<!uo!cX@>MvX~-8ge-}&;KK0GEM>x3yI_VHTK4)e#E|`FhUk&92AJSbR
z=k|#FzIn9zr_q&fYxTC7mYB&_HbyIoy=U!lxqXR!ZX_2}Wd8#p$sgtjW>XE9ddsv;
zv0F!Dj$t!B&c8CAR8dM%)EiM+Ms_@7L%_RZeH#oT`kV|uJz5C6V`zj^!EZL>vyAD0
zuXhS$GI=ePj5VE+6}(?~Y~4wzU;gDdssH@5ApJaQzdkQ7HP*w_Ifs__48_l_DcsuE
z*EQ{v<|JUjyYlPT6airFCxSR?nVbn$a87A?V{Lg*Q;=pWz$YIaAF`b`R(mK#u^JF2
zcEm_}Y^-DiM5d3qwYsxH9ho*UBo$R~4#W12d*aL?m8*1HvL;DnKVY!E)5hAZ)j!)G
zCCXmP4w|2tr#A#nQXB`cLA^rj#UWX3oPi!|#d1L8*E08J)PHf(z3~xTv1{N`htMj=
zAc0vcP5)cVbX93B4tw_WeiBmsySl%mOi-lifTnY)@??XINLf&2+!Buf=NDgGL_v*T
zkfF!%8=?1uDzT8iZ5!sV8&)jkYsAgwN4NAV^P_GzN?#gt+ge*!uJ<GQ74yt$_t!TW
zU4&`hi&76|ru4j<!nK-g+U_-1RrOs`&6;FJ%Kb=4z|R|oW`8>Uh%dZK;2%ntWv0lP
za~1zFaPakG)EmIXd~Jr6ke7GkbkS|?h~+!-1pQ<PCu94kCRQBU8ZKGB1+(MR&k7Mm
zpk;hTY2=@Pf?Mw%{V@RKk(p&^$loQ`pB`S(92&bmO@j_Doudrk#zr+hRfhY2BpPl;
z*%<bp-m5BEA>^?#R^54zY?XyTgI_X)wh-4eILBjt@WObCd&ctB8?5+Ex*?^z|9H>-
zN_>H16+UU_!BpXVU}QMD7i2LLOS~Z!rmE>BWt&QXyT6qhYAwX~2^7NN$7^CL?!mml
zd2E;i5XT&N%{5SZ$<$=~H-|4hG5Mr7W<Qyh&CC~gC>+sU?KQsXbJEAB?cMOoo@70_
z8+E|kkv^kO9EV3;nS*}I;c#@4juODmfy~@>+<Cgxsq0|Q;ls@r4PNyw1CWyrt+_>x
zJ|oQ(NO4a5)<pJZKhH_?tSd_YA;u795pZtu(hK=)a~Cw{CKIbgNzuHc3Z2|RoX1HD
zU}|S1ZZ521Gg;n9I<OrElp}ut=CH952U2(6r_Y|6mv~){G5dofAb@eUE%=l{maD*I
z{efOq8K#?${#{zI5G6i2umOtMyCr4ju@&riUL?+p`Llf@`mOox|B^BY9#J{}t1<^v
zN3HP=?5f8SAE$oip<3`nJj{|DvpD#-d1i}287je*qJ6*X_oyOt{{7hNzs)n@0<~3`
ztqS5iFZQ~Pqq5xJzh5<u)pif*X5@m;;VpYEChPao>-K8OEL3yeqkrsuqx$9E*`uQi
zI_8Vf!8)lbt^V$%?fcNP__}DH3<NqH9TdjT9k-{pT*1{ikO<ySrkv1{zp5}X0BTsT
za24d{ikhma$P!R}j*QHUBkHXFIPzj;5NUktMIcAn*q7dTgigFAz8&qYF!@-~{XD8$
z!gN1uq}qI`A9KWsBVkvp;iyQatKOe*e15f#OzC2|_sdc*zrf~hl4r`7``sJUQzB+n
z9eQG>wU4pj6>C~98uZWTHsnpc#)iKX5+~h`JpE!bq(#@Jzt9B)zD(h&V>heujd8z>
zZpM6?tDj{JaQkxoD&zs90De|N`k7Tw0J>E2BD{lkt?BF_(ZNkt$)BC>8K20d(Ovek
z7C8y(gp7UVKp}w=CsT1fTlK0Bz9HJD9L2oQ>DaOAz&TcXCp&%gmE2zo=M5pF=ePcG
zP!L+$L=AcHcBrsL%$2nQ0QB9H%rffG0@~<{nee!H!ETBlNO3lvKXj3BQcXGl$);h~
zodO;HY#S^208dzE*k)qOTs$Z|C4ncyFKYRenH}-I&j4>%@8-z5oHzmm9?Ytj@i#W3
zSt!>)1>GACa!q?}rjtiQNSO_f@6O2W*%CA?KsrO(L3Xvd3`2aDUd=#qfY-#2nv$2w
z(PCu|%X{MZGWiRZ6TPzSomXYRK=6-)|II~PdH&Wa2fRW2Q`wXe*EGH&;q2ZUZB$*y
z{dLe_VZldMJ_w+4<|BYat{FELmfC6_Jrm)HU473{h{c89mNGLNq?0()6>=fa(-j}?
z<n-$3*-N<0#gCS>eV;Q{TWY}V;7Ec79g&+wY-(tVk!8r~ygsM=*x>$rNaOc$x@48z
zLDx}H;hV$!oSbC+QbVZaeH<g@C$I7XDQUUwoHBR!!FYvijIM0;(vgfvVE=&ZD@vK=
zPe<`7>X|ZX#FWG~Db_!t4r}qvuAKg76E38R*4+}}?oKgGgnVZUHuQ)*I9#?GlS?mK
zB7D@LNwaHXL^HGkZNN$C&0T@Z$|WX#)q*5}Kc2M7Da=-<ET!AL*F37P@?89wV&6R%
zA+W?Nz*`a{=8XDP<hyrfJ587HFC0E!E_KE}okX6h&<WU#RDHy|V9d*zh0Of8*Qy_8
z*HwwB*qBaTIQ+e<IK&qz98P)`?j`&U-l%$0J6uRCU)%1dCbtEOEHd2@__<It!3Z?U
zcrJHw)P|oZm(a3}c#$dJ^qjDQ=GR6@-0SBp9|?9&3X<!jvRYgY<Q50gf(6O|si^{S
zHMA^?Fuy87g!NubOWH&KQ<a~H2%p)yGg4Y{Bbe3Ni%B~ZUzYQROb~h%X7*BouD>Sw
zqIp|dy_-Ot!Cx(1*5q{}SMNxFU5-_2_)AU1bO_uQ<KDLG<?FN|Svl*l6?@aL4*HKn
z&8BR|MI1D1=b*`tcL?xQ(;>PU%9h|UYV)xF<r&u77a!JNbw$aj$CdfA!(-DA4SN4~
zE(o7O`I}B6v*hl0!SL49jQ6h28aq!+Wfa|TQ?#M)LcOhCi^%DtLp?Nrjv)pB_WTLa
zU=jTDCYyohj{SKjJx~|=rNZN%X0h{!HRI*9?2Yi_q<L+6%GJ^hQ6w-wwnOE3cwx_N
z>Gtj0-JL(G5!5}G>06Es+o)pQ`_jOGu&{74v$U}gcabO}zvEOlZU}cucV>M2%P6`;
zO@Gt$Vkp3rzMG`!eI$S07n=d??fXLq$%K)V4?X}b&Km4j+`W&h_~;-pbY5S3P`U0^
zP2c$6+Ya`7ulcxjs~5R^@Z9NBa=k?e$j`Hunoeiq<+t4y@XoE1Tk9A2wSu4dM?bkv
z@H?Q%RVXEnq&MD9EKeDTcg9b-tv;bPY0>58pEw}ut~c*`x4w~{v@aieeE9Hq9R*?<
zKYK&g%PSe~E{8Af;Ahk8=u-BVnHD<mGrzdkLqet#oG=nnpm+DqvSRtnOIJM67y-C|
z1lK;oh#Z9}ih*^r;f5A!D7}iBvhV3!m#ruol7Rqzv&wg}$rMTWp&x@y!lLJqPK{@k
zt7GTo^U4=GIgkiSEiini#o>SO$okU$Y4>Lv@69)UCr$7A3`%}2FDGQ1c0)>h*a}On
z4W_!gTD}qe^uin$PmRj;I8nz`@=8(&PUo_l30qc2q`oM18Js?={;+p%B4*QL?c-&G
zDbUYj1zTOJfT%bM2&0gM|Ik7p!CY}mK_;L&Q0;8eFjwPy@6ucC187<4Z|?g4V+n~v
zT>%ln(PK<(hiwMeuCoSTJR93)(=rA#%7k$Z0h)tv{~v#Q$|Sfi@wRz0=1|Ig6v*>W
zChotfGkh~LCpQyaZvlRcvSzuu|J3B6qsma$OR~wtBi7&1n9W~{i<We8KMDuOYfrTA
zcfVCi{m!UCv>{+Hk(-;#Cy=oac$hz`6wBb%P#=N94322#_bsZ>lI$<>yEH`3aCK>_
z4fyz;CBhYd#QGmAgh}ypi;Ibk90)cq*I2n;`p<|O)W4nv@M&tm@NKOMW#EA$n(p?q
z*7@vvPl}7XOD_BO1Pq0;5T$OipPN5cq+MNo&6nl7?r*BZrr|B(A*c*2nwyuS$pt(Z
zk~t6Yt+Ok|r=Js{E!&LE0#=1kXr|Ye|5WNq+;&v9|Jyx{zAm*#f6}t=Qj-X{#-E`W
zn3*;8qp5Cx>#u_*(sE5s941djyHowCoCNV{=isZJdOkjg^gNv>uy-smK;zh@rIn9}
z&t0|d5{&bCxL(VxfR)y|#kX%7IKowoK9~@VDX`u`%icOUQlQ297NfUXU=kx$YyA*>
zChFIz!~$pBfhWg78)}#CCGEvS{TB+=q`j}J)+)V|tvAD<Ynf*eo3OKm7=l6R43S1$
zzZiUgp0C-%b{Vffe9|>qunT7B6b6_1O*kZA))h=QaF|eh$t6#q$Fwnt-4gxWvno@4
zWaDWrkzopPYX3P&$!D!u`?oR<`qca;720|}pTm|o>Arn`XAv-$IWvw}Wgxu;eQ!_(
zP!9E<t8cZe5y&U?J0r<$&dGUVR)wDE%LIYw*C)TfoIdtVZF4ZsZpre(qJB1ms_>!-
z(k=Uhw|e97f0#-C(`8A(cIw#8^Al~d?k=%-hO)ohq=!G*uhvLF^B?G9rnl=>X=5?N
z%(g=Q!^DA?W0!}=EE`_%nKby(OEwQF?}jFr3lK@UFKs76wTkajmxe=ySp%0kWq}b@
z3Ridni_a;-V+pa4<$q;&|C5<pc>H%TLyYB5W`UCXKn>H?yDDi~Z~pdUvJO%9`;t7q
zcW;s1;JK%kfilyPSGA_ImN0*>DyZ8?iFqF14<<E4*Y6rNGv%6j8<k=51HV3b?`s`H
zz2rr<oT^b%dwVSe5;~Y!%y4pJNJS#4H0)sCrd%lV7i-93@In~b(fGIw9T%m*rzldg
zsRoJ2)d3G9oALCr6)`D25Y=00DF9l6>Tf$H(yS_DIKa=3_;P8(*6o97yD1Irpyk5X
z`tHu6v*7iw$LBcHA4^N5d%+4_xqTeveoJw2ME0=N3!e!#uzH}MkPRysd^wJq9en(n
zUH-wz)i=;(gQ%`dU}ll!wPLNaEFiZQD~E84ULoo{7~e?p!mj!}hyoP#6$JGE$t`*3
zRn>F(V3D}SFv2z732YekY;|%_SI;d|uJ&$Eo(z;-RyLy)?OPb!?aE5GNOu#a*}HkQ
z=|UO6tRa;wx~YXAJ~v13SSEKI$!MSLk=Cl$dPg?;PN=NVF;U8Afv;Z6J~@FYUlTq^
zOT^62Q_+@(`N}oUcGa_Yt0dldp0%X%SX4~30&Tc+LQ9=M`}mB6ouFh518q^9SjSIW
zij=8kHSN^@^k!|c#;&u#K_{tmLG)>@;51WKNy(GC@UW<@Gcpwt$`_z7)!EU_^TE#A
z?v)L52}vwgQCiLU`>H`k(_eG@eiTP!)zQOGFRIdQH7{?cTKB4a)wX&G_pK+UvnrQU
zQ&ZJBZ}f)$Zc(N`awYUVbv~h*#)s6;%}>7h$aZ^95Xyc^<7_rC_opHdRxUTbO<e4H
zzsJY8(vgVPEqc7U*-XlJS%|D`w@dg}iD{AmaACVlPcyu6og4!Ft&vr<JlA5p@{I9U
zhTv_44~6I8R&r67l6=!ZlGp1f;l#=b{`MU6QY-L7s5^n5v?8kS1$Wmr@7cc}a#a>y
zKedW7MfQ<MP$<&3I}7zRea&Vz{m^00#Cp?}qP+_*V@%Z61c>INPf;s|=*vs+R%Np(
zeD^1Ux~1fX_;k6s5<VJL5}mM}sGU*fK5Byy%J9ywqyVJ7HRZ2oQvL*zE#)$Pd{(&B
zk`c?oLWW+f=Eq1;EC+<`{hCH#+vYs*E=Y9kBeM+5M3RpX-)PY1ZI~y%?-FGH7078^
zZ!a1_^H%d5PYI<y99Vdl8rBo}UYhg~wWBv`tdZW0ON@#V(3cpAn=7Gmr<knmeAvz#
z7zR7LRmz4-9;+W)frHN*0=~`RJ=8NiBfM6LIMD|#bw-WVaXl`HJQM#Z?u@X)7e_=M
zN>v`eKK?%{XwF|1^g{D(r)F~sz^n@MszNjNIc^uhmXy*RQi&lj_i|@m$>Y@YfA<`8
zLOJSFs~*d+o`=&}8E;?Q=*^9?d+5Z8Z_L&DS7YvdQ%jgvV@Z`1lY?FMfS>7tf-m-!
zruy5rdHiW&`=P!`w2@O3B`;L^V#oIG)2>?7!~|YAO;xvbOjM@aAzYaS6OaF_XSVt{
z_95Cr<m>G00AhT?QLj`dJLDOkyhY*k^z<|Jf{xGz(PD!JA|n9osw=cecDm(&k1vfU
z*=@s}>hXdz^G2fV`8qS%vW?0DakBYJjPP%g-w0Wcu7hAs-1QG}xT5S<=q^PYGv!Ng
zF1`=EVPT?7+ekfA>LoEH%kdwIkw6igu)Xm6%-^P2GN4ond@13hyJ=SF9%v_iCElCz
z`I<c6*a&!9_pCf_mv!wWj{{=IGv-&U`6O|b`lIRD!*FEbnPlgSYXZ89j3-=HBK6Jf
z0t*HLz&x{eBiNQ!fgyaMX~KLAXncJ9-4ML|W!CX2o#NEZh^<e-LH}emJ}7nf{)VsN
z<^BZoPfJy#wpC#$QpZ?T+q2vs^$<aozr8z4RA&!+H<H)aF@OFDkttSeH?vqrb@<lG
zjNh?Fc%(=)D?hC7jpp7XIj{TLfuo^R8=(0UYTg(z-^^O@i@dSHVz1F_MyYq6KDy+N
zpy?yI4?XR#m+&p5G2=3ix}HyGF3pDB`Wf&UnA#R<^MoV{_2mvmiAzR8{{>AHNXo)Y
zNdAr2UDv^$^s^#L&|{x8!Hbw+iN#Z;c3jY8!Ru$t#a6=1+utrZ0>Q42xusWJj%ks7
zUa_E9NyUBIn^SzY&S@vqyFo$GxAe<}x_q8A3EhAps8R<$(TkVIJ~yCWQ#`4OZu&d`
z4(e+Mz+0Ac<i=8mo|-P<Q&~}T#Ws{I(`9DqBVgB2x?ZVz;Lr4U2ZogkfQNc_Fnxr1
zXXy^X#|6T`t4;9dT@f<UCVbQ<=+c9%S;VKjnA-O7BxLGnX1k6x5dW@Z2j5)gZ8ZCy
zdr1ji)n)U$oY=U4hr81UGX!?9=((e%oB@Td*yd0B=$*rcV^O>~dgx@Ho%QmwZ0JBx
z+~0zn`dGrv?DzNncUg<YllglI%0!PjxION!a9@>G_s@><M`Km>EFPPa_Rbc)W7zn)
zMQxZJJFK9~C;G~ISZJ1cH;&U-GyH}RcH%;5cRkd_&;WMuQqnNg+MW5sWh=Dg;#Qfe
z1~M8A0~D4B2;Vh))Bc!&GW)=$e?9^pY41su@QAPD7i~q5mWzN3`y;t$C4lcwpQ`&B
zJ|}+6{c^l1oIe3_7R=Gh`$%_U6<6op$NBVq-}@&rtr6#rzw1BY>oWvdh2+k@+7@6I
zlM@YvmfUNWdD4xEta+`X>q|>xEGI=JEfpcxZ>YBWdcR_xCTil}&_-)phv()YLk;%u
z=Hn-;#`3?zcgaSCgJ<k*%X2FNcKz};`LO7~;hAV2v-S`MeRf&L#AxAcsAHyv?CnEp
z@B~jnWdj9oi#ej8rbPa@4LW83@UFSHRuL<-Q|?R2X>^Vcm)=2>l}l`!9ulZ}JZZ`f
zO5%e~Hht&6B%Q!rW9F`ZmK>B`;)6DoSH~|oZouGWj5V6!M4YC*zN$w4l)x5?Dk(j`
z=5X_~9Gyo|y`3B!7ikMP{*A3I%^&Gh7JCmL;A^lwrU+fhO$ZmwuKRTYkrN;Nf#6bJ
z{~)~^$A6Zsxx(Nk_+h?+f^(N?pB({!48FTrnr_CWo%5CT`1vl@M1?!0>*&|Vv2GV1
z8ER@`DV?Z$A5`=9u>O8IyVq1B-P^g(NcX|D%=dVMOLh<v=-MU|5Ag3ue15A@{rG|V
z_7($(dD|AtM-ZCH<=hQrv&nzx3IUWO?+5}jN~ItrosWKl+}ON5lBq@7_B|w%Izm5Q
zToQieX`Ix1cCTx_7;C=9mv9y`aei^e(aUI5MtMkm;t^eeGfhn8Wj;u}h`AH;)N&ay
zt~=&dTP}V-pzp8JB~|UP7B%j4!LpptVkB<}38cDd(e`z&z&y@}&ByvgVC6C6cKgv>
zZe6DFnN+(fFJA31D^}XFF>O3MtMdW~azA9h6_vVaAB*vS_HeLa-+c3>JpS*JU(0c6
z68k}>4tfOuF}SWKmsMABD(R+9Vah!IDocEJI)U=o7~zC#SpC+$A@S_lv%*hh9)_Zu
z4!0cem1ZhO+IJ91GvK!;0~g2M@Y{Zun1;|5?DF3n^^Dt$xPOE%%VtCR?w)txDCivL
zHSYZBiq-X*cXL;`#}zaSpQs7{ccP|oZ!sX!mF}a_-Iic3UX9b2YjQg~J8bVgt79)N
z2IjYe{!ddv@SP`rYu#hM^kMEiVO!0+xYPRqn!LoD|NHe=;SbhYQ`SnXBE1RsiAHwV
zel0IdQ?c#ckpgzTLc6FyW@Ven^s&oSQ!txXZV_=^VBo&p=4!;mo6k&9rxkBLBb#jJ
z0tS~VcY}xsKB*c~ELjZA8I?~!6CM!)y|H>l)9SH4rY6!h6S)+z0jKv8_Vh(f4a-a`
z(%AyI3W&=;SKWmn@jVC+nC`KbcUbB~Ih`uw`?Wc$LrSH-Kh?<m^)dqRBK&V#RF<CR
zZ0!;0O6&tC7J03=%938SUgYGDPEw0uJc?A5aapIB_%EXSgBHcx0}%b0p(>CayGcrT
z+`FICo4**G+h716q9M>1drPjyJ}3()$tjkc%i_#`d0p$ozhl!^`YZJ>&fj0UulK!S
ziSFFiM}`?ttpx90xnYo0;H)XCJfL*@X-#!?(UE7c6^9k}Tvff>X5~xL4GK0%F{s*s
zl!SYAg1WA*uP0BqEKl{GD$#Wo{5&YWs%}SKE`OG66YhP7ssQq$N_a9T^!wem3Sj|>
zuH!i`)AFU?lWwZ5vGEd}Zl+dT!jre@edBN3xpnUac0A0tKE!kL^6DUCtRxeSwskp~
z@`9Z+!0Y^ur`A&TGi_ax)?gx#9MGM&B+o?&W=v%qZfd7;)(#hfFk;SKp~mOL7j>8W
ziFu<=d>iQ$UUXEK14wN$MkjRoX!!y=_OKN)?RTmwD8puaWO@{@<l|jSAkIJFI(~as
zhg@aT<8#PTs+jbIhyT+4l&$ZauB%a-dQ6kPc?C~y!IgbzmbR#bip*GTA&|C}*FnqX
z&>Fwd;0?!yht-S^|Mc8FBi@HBqSn$a?~gtk>nF4r6e*7*-L1;%3$VlVY`R?VSkVD+
z5jeB|`ILti@Os17b|0mpe|@@Ec_|gWc^_Ej$wpr^{pzUy^_=K2uIF`1Bx>~}7dOjx
z1j;CYle#(_(}N574GMVx%Juf_XODw!5RyFn`#}S14GXG-7is|jcB_JQGqWBg*1Z@T
z#7^O@1e2*WAdW3p<apJf($DbhF84_#JE$yO8g1wBzC`Iy7Z(v(S+hH|*w2+__o4Kr
zTR6*Q!Qnn{nb?Dr!tY7OB0gCFrrpw;UgWI@Cs=Lr@w1>x=To~<i!8pMOe<S#yg?@o
z83-eGr_i^GOU+(tQ;K4{O(VCXm$H!8H|9<UG1vqkKQ=X)b~P+%Qz`b9lYvkx{atQ{
z=Z8%PUFg~=p4KF!8UbsGgAn&wQAYE}^Vp2-jmZ05DQ;Gnyq6apS*+fWme93a{APD=
z7ZLA4KJQ+HI4otQ4F4_0en=?15PS(jHjKy{dw4JWYWNOptF_bJ7a8KWcV)*fP8<<y
z1=42+1}sEXjI5@l7dKeD$JkhAZGwuVims~>HEfCy@Y)v0uhs12+|k@fr~X_}WL+}r
znVrdSO>gY0fPn9SB*`|o+r$Py+;mMT5hJ?W??DFM+lDnKS8QJtd?f5W`tUJG;VsEw
z1tjkLh|L@^Y4>yKW*P2W*n0D>I7=;}0#V)c<d!z|aKVR|Sbg6Pbsm78UP`YWbLb61
zBbs?o^6UP`eP2$l9%D39@xS`ljXu<TMo3QB3q$dgB^ti0_W|6*U!{(dmfX$W`(0l}
zmawUVsZiWWp#SqjlWRt;k{c#MyG0;77YX?nMs3}>Wdh#p!AuUeMZr>Rn$CPJ9bUhY
zx1~1?*q@KRC6#EwrWQvN&M{7v97QJns^xt!Pj)*2tZ5jGAJ*%SiiHl3uaU<imh?sw
zrUS;Km71R#7S1ob1fHCSbLCcW8B)ePK)$JeWw)8o*FXFybVldv#e$ajqUdDpE1fKi
zxtdi#;^ks+93pqtIbYJCciA)}t4Ea4(WBwG&@8_Q5(kA)cSJChwr%Cpl=*da`8ZwM
zJ>Amtx>dopP`38><V8pRSOIGTfbM%wM103dV3^4K%tHF<OuPKBz}{`0$JtvCPJ<PC
zNIn>^7mnG~9U~?M$(*Lk2b<XtU`bVWLgi>?EP`i(z*l`NCZ3Aq{xCfiP0lchh??5W
zthzjuXBKGYZjpg0_n7*6gK&x(e+4YvmV;p@SC-oVRQP|dV2iNir|B)(5_7HMLHZQv
zW%&DC(THOw@q9|So=dfr6vOq@fOvxzEHxarl3T_htH&NK`uL<eL&@1BF39ov>hhhk
zw6C7xpKfe5QVxzq6;Dg``IhjkAES8UP7HKYzx4L{D)I(41>`dp91vI&MT@)4GWNHt
zm6imhZmuA=ClV%78>F;GeFvYyqB2Geu<OG=;bflnvbMSS5vXZgSpi~R_6c4@H~rg!
zD#hjOk(~Zpk@;5EIhDc|7lur`Y#0jg;U3q0XkeO(oKzQ*y_s@p$Uwmpb!Jy9nyLpe
z4s{~C9TmFfRjt!dG?efhX9USkd?snIcJ8ZOuXI_jwWR}B*XuSPrE!M)om4tRom8+N
z*09>m;L4<wj>&)!ai7uunFV0Te7+b~227|W0)!$>$^`-%O<>UNzWct+>5&SMLl<A<
z(dt^uX`*yOP$m76IAJckkn6Cyh}ZNd!_Xr$==I@A8&`|~z)qR#Tu}P#@<Qn$cXo|j
zzIqx1Iv4Yy6H}IQ(?!%&P{xajiR9roJp!``qZK|>|HmCc6g1c3-;V}w3ttPglC0Rw
zwl&nFW}#6s{^s&JGq}edDAPIurd+$y0fw=ILlc{WLHO$L6p!yAy&Ja@%HTK^*q~bx
zXyVOkMBsJz<O1oqI{f0<SiZ*2q+E;J`mTj|SS=yCEx|r}kT`*t7dzf3IIad~?pH>W
zCfLPHAB%m+ZysLnV^@ytq8K}%*GT>F{HUV2g6+rR&0Z}OE!}+MF{6W{OC_g+vLXDr
zwjq0X;&Tp|(r0D0W>(T;!Aiw}^6_F@%Er6{=9B6ye1)%5n+#1s%K~nhV5Pj(cCx-#
zKHgy*Ciw+igtQxe7+``-&r4txb^o+sq3p_QN4iB%-?CLJVrTLcyhti}{SvZw<V#|P
zdAW5YI$#ErKid$T*1DAtYU#+XDMbkPJrRBxPEi%e-hgyCtg!0tA7nxIZv&)X+6onV
z6H=-eXM1NgJHwrb;)=2TqUXn0VdX7b#e0M#%NjvQi>s0}zqd^%;wP**SN}csTyED#
z*^cxrCAI7d&sS;ycF5a{z4(s&shWB<GOI2MmidrGbkWz;AMj^Px&C?XjSL6~ge(?1
zSBp-UN|JjkMPMzTSc6d0%`UFUDNLfJiPm6TDH&-eZMVy@7s4-4o+_!<xy0dbKp-)w
za-Z3}FGJL$p-)cY$OQ%kU{Re0btC=FTcN}bTb`MstDiHxj9VfonKltd6t|}?DsUO<
zjqQZ~#(~Cdzh7aHxBFD8XU1-Omr1cr1K@enC3EG%BNpVxb~rn$>)3P&xAxi^f!1w|
zmXk86>`4>AMf}N84Ui&Pq|q6_QO=3VFN@qVqJ}^DwV|d&yhmanC$hlBgXUbfY%E)G
zvX-#VxTV3n%xraQs!B;G5)<yn>7?2zYM3<wQ9>1#aWw!m<j<Q%929|F>$XS+u59K6
zOQzsa+F@-fCp2Q9$aR1D?YZ}+<A&w1`z<Pk8w9sh6oO8!?ybL1{rq3!^qi2Muvbje
z0HCH&Uw`D-Eyh3aIT$>Uc3z~`H{0<p3IWpLR(9&1(&6f#`ci81vBk_LiY3?o&=W_!
z;z`&$mairpN=#m@vzsXt=(`nJFah;8BbL?%{oeiQENj&Aqhw#7L8b8arZzb@CNSiB
zYeu}G5I?LLJl51~naiu(CPFllAm%vjm_IP9?Q&_1&60Hp-$0hRz_rp)S=^!sX!(sS
zaXHXt0w5n(@yaM-d+e}hry3F<DtZ!mpKFG(pY)1Ll`%%vW!usFGvP4lE8a6-?mrjZ
z${pvvzdu{7R;miRt)1G{cA!=%q^{Ww2&{oS+{glX@h{+~$ih7Jld(MB4;g&qu(HTL
zF5o7GPryi2UQv-0f=dhaLnZ4L22u!{^XUL>gDNeSIAPnTjk9MI5F{nRN;VDpzrg*!
zKRxFUCUf9MQ#(%R(K>&sEHX4}hT2Uepq|hb)QoAPZH>J)EE*0696c)q=UWHWx|ro1
zyGzjNSkQN86|U@(BcB@evQeEO8Czv6tBRp1eg!!e2k&Mq$tn<~6O}#0udQTE7q_e<
zf2R&5dv_Z-PJVmyN7H`M6x>fE)T4%dBFG&r=G3nyK0Ci}2n&E1Rn-avZ7K&Mn5Eul
z`r`1+-t;;amZDzkw8x$RspjQt6%Uwx;2<-Y*s{EmYjctbC*S-fc9%)t`%+g|Hw8w)
z{F&vxsj}pQhp{YF)8$Eh=|&<m1rAt5!?1mtb~&pce?aHf3~UJd^?E`1=&9@F?#}gc
zCWV8^?zAaUf=InmsFONUE)jDW7sWLt$RF)`SMCk-^E=KOsS<6`EF!&F-;197nenZZ
zYW_sIJ3q>>QwEcQnul12>b&aa_Y1(RTM0|KAEW;R+y8{D|HQ2igA~T7%|E%1ZA3-e
zj~02HY!M}RI||iseN~2P;7vkIdDB$`tX}Jj-h@j^nAdU+;xR?uEZnc2=Nqm0bmhu`
zVXIf~N_-5$T-G*!S5F96kf9`%{2Xu?y`eJ$HAsRx;}>r%)YilnBRup*bthBrNo%Qa
zWS5L28e17cN)pYCaH&&10RuMjIKwvQ(o*KEaB>#Q@!PrP3X=AJ4F(nsgSG8RSrKi~
zev|>@JmH(C->Xq)qxYD$X8aya7E_l?0TrD&eC)<6^4?K!8gVNWc<~g<X8}K2*kjCP
zpQn0_L`5-;zl<%48pVgL3}9*no)V|+o&$MzTFt>_M)F!oz_~7TEJ|S08Cq|jdB32b
zpc;HqnK9ZB(6ZjMJ=0jPwN&cFX3sb!f3e}_t&X=Oxf-UAg4x=TIZ8zi<NIx)!~;95
zSE15hL=$crI{udv{QH3abMnKlZVB8<a0+|=!sjXkjr}ujti&z;okFFa(MdWr>h{z|
zB6~D<tRTexz<%tP7_K1<?-})K2@B*%e1@UCO*R8k;xB5Q&|=O51~L1GW4LA<%DoEQ
zt!}Uqd=r<JB9d3{RNB{Q(ZQ*sWn?V{+Wde!+;-}UX5Byt>IdN}xH7%i(?R8k_=(Sp
zVx=aHq5-0p+j!@LtxsGXFC+`rXVaAPKP?~mvt&N1iy}3rC<pC2i1Bh?;KS`1#u_QF
z@juk7qpF<sW4dcjV%Y!yz)4xxyBy21mDiz9rO)#~GZqDXPte>a*f?H_EU6sN)GO|b
z>2L7bu)IyNwUbAT^hm{>;{OeMD!y%W{#O8(Z|Vrmq{=2&sZVKZdHZ#*Z5_)($&I48
zkT7GevjP@9)^}~b+^r3W!B5$(RZ1z8>vMC_Owy>MuY|K-<<FwY0yZz+I~|;@J<Tq;
zfS5s~#3xrh{{~EDe&?cjs%wK!dyo272TTBSn`960*EifiQKNXJU%H8Np4b$1_AHlf
zyZVf()y4fzS_s4s!EbNEgnN&h7?=V#4Vy1O-XsLpf}Jk^vj6`$f&cT78rvGiQ|6R`
zX9pXe?@*$46J6C<)R<>efj27uwuXdP`6zSo<O)KPd|Sg-dM2nc<ef;qhKIu)E?#B)
zV6`NEae)w@tJY#@x|Q$o`uDBp2VK1rHt~QKiR9;T`Z|`xW4vVoBGTU5U$FZGE0eKL
zm>5~$%Za&O)z)fT+%e5f?z4_#^*Z^J&GX@e0i;b{l|#fgd!;y48smsgY3iCSR}Uw3
z$J=~Qu~l9<FeP#W^bMC^IfY+r2a_4eo^nYkoyW4sJ3ohe{1OH06h?&f;Okh08VPm2
zb2+4yDGS`}O)-TOR!jEdjgKzy!!Sk}@{LKgp&67xtTSGlJIdAOe&Hq53f0;+=4u>`
zh3ey3LE>r5f8hTAV`x4Iy*NV<!Rk>J;dqOali)B4g=`>P3hYLTK)w05C`)SEGB(Bg
z)S^6WLmJ0s)y1<*2x&Z-WbJd9>WgnU2;n=j#vM_WogbF1{YO7feP<7^_n>Vh=ZyIU
zfH}W}x4z#xduAn&A~AB8Rc2VNvG~$>Ob;Rs9@U*@#HMre+$hi*U<_^y3=ErUvUUj7
zf=g+z7w2ohrw=zL#%e~^K)<1n&T(H71qx)d1Lf&I2jHgGF2@8uq&YV>cy2gC{m`NU
zUz4z?;kKX>ucxjOzT@2Dadn|A0G4<59YvxJ7^2^yL+4n03K}Iv3A-kbiD5h$>Up6P
z*Y`rs;_cA`QTH4Mi}TWsGwJ~;{Wb1n_;draq;{a%mN`0P><e)p2^qJoyR*=B0kUBK
zvtw2}sOUlu7R9CJin-6*S~4=wmLn+j;rVH1tL|#s8l;+kJ$2oeY?W<#dur+Nd01q<
zb5fo@k_Hojm0D7{mB4aSo{HN(Slvr0tm>FduN#~6^$p2GDuGr9j_Gh)DuwI~vR(0#
zjT36oSNH(u-`IW#2qq)2mgX;K`&sgiggak#iY6AO_=HJ!8|7VYH`SnKOsg$)HVjo;
z?T>_rJ<t;;_b_I7zc=p;XiTjYb1f_^65T&puYepWad16V3AR>iED2iUk#5(+&^eS&
z>T0hIf(RUmpi4*>^_2_VSS^LUU)wWk4rsydST>Q=ZOO#SXLbgLa2m&PT$2;JS~wr8
z29Al11?os{nYI9ZxVcM3Khl!uvogA6sB2T{DE4@Xtq1In^U(LJcRtB@<_>a9aL@(y
z{Fa-*=sEzr4X#mwhRiiU(_x248O@QX+IJ;)xNU!R*OR;#7%nyO7V%%^K54GDJab5~
zeGu0%|LB;^+^Va=-OOzNm!!?Ll4w#+%Urx*TAZuhcaLMRrmB*zJ}UR&Y?1oLr7RnE
z8&#9WAZ%aFyLn_?whH-Ek~lILuu$SMca;})`EIh_1HW^*Fj3OE<&XFBI(3yFQr%-$
zVR1^gQa_l`c03)(OOyxsc<V9Q>B$T0;pr<IC1=lAbw}sG4m{lKZ<90FOM$lDqtMsg
zrG7wp=bf*5_$(<5ZC#<xk*IQVF>m|D$;DaJWy(D+w=FaxHPh>D8RS?M$%IJal1^Cr
zf2`G?!W#rD>HDja2PhAlH*>5u$^&*|c~-V#KTQO6Y(l+aa+gFW@+KlfZT{dFu!Lh9
z2R2YR2osZZ)*7|Kjo^2;Nd9wZ#olZlJ-JEs3hVfK_wPR8k0hhBgnACygob4sZH`o`
zTy`?Qv8T;CgYRr^I+Qt7TjD|x2>!GIJi}p>6+;p)7XzziVrRj))V=$hsrqkirVC3Z
zT@WQ^)-B^dW|O8W0R}7i3LzyEC(^YoDT$9$4;(mnZ@do)qW#n9z{}w1ah8_ilJwrj
zVn{T<#iFf&)BbC7a^vEWb>8ZH@GA}UNikWL(><1N>wk}DU$l52Q<nb6j7ma;;L`9<
z#)C~>)q5=Ma{mK&Jn;7)Ya)sb*rd735ixZI&?2FCJ{j~U=`^FY)+r3qo<V(n1F@tY
zd9Qh;wd+gM<Rk;e_v)+i2U2vn-j%}7tOwJdFGU=SI~l{oq)!Y|HaohR-le3)lg9Jl
zbtH2l5^fKMhj?Abf993TTyrRcoMi&bhR3MmRFm+6Hg#AciJ<Jq1Mj(6xL4ly&~0=4
zdeREW#)l-#@Ec=UeN??i#MB36YFhWz82_VU2iG3~>$nGUmN|Xc^bA?$;H8&dMxVyK
zJPnC4(`DB|lW|O<#FVMlWpHgxD?QKQ`A0VWlY6VbBbQcl>FF98Y;h3D7X4>V(rfJV
zMDBa2eIG8|jOmrlDw^ZFp4EA3-&{F0yK<UEhjQI2w_&3nQb2m?kFdD**)LYvcPCN4
zb$&dgq%F0F*3#!Xm)0r2GTAQPDJs-g6i5C=$-hlVYMeqlb+2_^KNQxZE2UNl(JoX~
z)p59eyzNZECT$Vg-aVSy(2zl{M7c57w}k>a#b%NMuf-C5UGL%#>{~1zsGijlbirF>
z&y&*Dr(AqCCG*@5U^@AOHj6o`(TEsbRJ9v?s+nJ!U0<hcBaA)Gqy?{@#0(~jqQQlG
z$$;(mM@8b6K#BcQZTV;x`H@3duyyW0npi6St?X&gFME5CY}4Ede?k36^Wj`s>FU0?
z$eaL!msPwhU`!q8bA&c+{dj!^wmIshCErAK3b44HCD?5zi^H7VfZ+$k*6smMvv~X^
zaRVeP*|+~68WTqIFx&LaC36D6As?>)h3)&ap_cQln86wh7bY+kZ+U|hn(^;wO|{{9
z--z*H1~#D@fHf{L?!G$RTgv-onZ>mCfM&!Ej63#dtiJmAtB|}A)bgj4EpXekGz046
zz3T}p)heO~jE}`+kAL{F)E$fG7P{ix#el|RC3fI*LY*-=SgpvX4>ZwAb@rd45epM%
zD!v+st8IF~a^4L&T^%drVX>o7gSebVX+AV<iABoOlU*WlE%+PAR;NBPvj|e``G*py
ze0~Y@9h1gg&O%;C{m3&p*;c|BZ65R}N)O~9`eUR};u8UP3Tx3Bn*%@=@3ZlZV_(dw
zlBHmP+xLtg^$YYz%Y}BTAg5Zpv91{B(sJ=?CX;-v#5>2Y`+k)6<5%4EKa#e@E%(G9
zr4Admcx{h%0!*YfT1{N)wT#;ChO9jC!>*^F$~mHIOE*TUV0}QOgP!$kA<QRql6v#>
z;noBiaIR|R+jhnwrHSXATjW>U$44J~YtO=74~a_f0p?C|`R?TQzpJ4mQCki$mzFE&
zER%SN2T0Nec)o{`$@gHv;g%O`;&uXP-{f6VulV*V)fbu)LpyX%zpGz!^$h}<u6C@g
z#8M8u#b(p|O-Ac)kAj^Fqdid@7@BM8E0?^hOm8e=pm|WxeWx=u<;6~JC8g>{wTK)g
ze8_uqyb~Ng{EpSP1$myOp=Ekee+6p^SiG)1T{}9_6H(;eknIVi+Z)1oTOExHTdbU3
zUg2W)8OQu=kkA?Ixh*}K-gbtM&Ny^(t#pO>dE;xVw>x7x`9q!&@XBQlkL5oLpYo$w
z#77Rd$I!=}idCC2_${dK-2;m7n6$W+0Ke7p-=|2*|4k^nL?tl^IYY(cNyNkU_laiL
z;cXJV_cdK5i1hHo?+;8&)1;g;f5!i4sWmdcV+{M%y1g-$A5Cc7z_StWj2ddPgpzO8
zK1&pnsCDmjzfNd8lMYzy%v1iFSpg1s+4h^<Yja7qQLyCenu{@SV9e(f|Fdyl;OeMk
zYVXN%WW1P!<bZnNbdT*?0Pp%mI6tuMc~*!|bMu9$$XO+ifaXRP(j^9Gdershwz%45
zJ?SK;@k>cSw|Pn%w%q+9z^BOq$)j7YDZUc=R(#K3in=%zCoz#Dr<xCpTS*%n0M0nJ
z`1g7y&4eFe7)$c~zr)ozQ5cR9P~nD{xHC!CQ)wfh<7{2q7D>s>7U2F-G2zd6!7R%R
zCk2!`&n0f(00Y?R>3w^M+OsaCL?)IA(*vJLcGV9wBgD`nsGd0JUW!4#TLj)*_cYam
zJSsb8k~pfjVR4A~afkMN?&daJzArh&1BuCKCiymclO69ca+}lEmkF3*Bv<p!#Z^IB
zqW?*;<}>V9ZlsP_uiBAR0dnsS>#L3HTT{Qih{}Sy9G`9MIKssX7dOmq7B<()s5D>?
z*E+9{Ykg<<!9Eo!&zyWiYo@<4%Q@<o`p-0Hu|~<uV!d#8X}B{b_U?^!2JG?6>7f-0
zp|2-+07<7!hZ2)ruXavw(GaahmA)i?5KzpWa_g%urf{jFckdi>MUIg-{|2x$Hw_&k
zA?3zgdW>=;HJntw9+F=wX2D56ph9>e0(hc^?=NQlS-$X;(<v|{>~%Yp`EQWOovaWV
zw0}VaLkpH5?r91bCTR-cZMUW|;jIMK;+BI6lpOdRZNA?rpy{{TZzo>4T*7jMp13`V
zs&QB=s<1j2V`^&LC6b!q%Md;wZKQBkt?GjYHwMh03_)CzY4A%NGUkQ9PfwKCq+h#i
zep<*FR#I*q(`P?ZRMRNAWqWCe>s_2YgkOah5u)+S(A+@&#SJL6#1iUG6)wjsTSr&*
zF)rR@Ulal$J^-pRu!E6nmYFo7oG=kXI&B|_0O%SQ7tf{hKi}DpIbDgxwRJ%w9(`se
z#x5)hfzJNBDrZV=<35qvhLQm-GRyg5y-WD9dCobNJ7uzdUTOH4;-2-4IWQr>?%P{)
z<p%LUyhOgCREw=)A4WpW82a9_8*xpVSK?lPbD1U?3G$f6NM(4ib1<aZ3A6OZg%Z$D
zO+zA3t<eMfM>OUG;)8QczqWR{fsPZe5Arl%;&Wq9k{W1`apnS7iECTt2D9?1UUCbr
zlnTn~>g%JJE~QN~+5-+Z#)gOpb&+91vP)+47Tug^wh1IsKEpv%gzj%JR$5c2@J*=~
zubvF)X|R)dW2d*7M=#H_@A`um&j)uj@-t_PsV-CP0t+s+p!x6mViqwOp)FOH-fw))
z9kPYf-r-EJLkK^egyuIZH7gmA>ai@QYc$%v1@X#dEU(n>S{Affowo8Si#maVRbsyR
zaD_GfnmRW_N)Na>GWVH+MXD~lLhe3WExUE&RLj_vM_87<BukR{ObEI;W-rj>Lf8WD
z=r;?S+W&&GsVn?0i?dP;>rzqC5UHrw@ACZ-zf_zGFm=q9o2Xdl4mSq;aXS%NXJmO8
zkSjQCce$*q!?~7!o)Qw|UIcG<`>%#rPgg+3jlMQA7)|iJmEfVK{x6AKk$|vQk-WC*
zQT9k_mCaBML4%ib>YAw6`{FDL!?r~?FLHgN2+&JV&m#Tw_;~X)J_t(12SfF1&-b;&
z89-Iq1TQ#<QfM8Ic_b{~h=XCyQ_F)B2UxVXD?|XaB=q3MvA8a%UsxJ`>@F=ePFz4t
z!D!hP%T$(cYHZLfMi;Fk$9Ps~7fh?^e>IhVVNsC=L;du!)AcORl(HS|Olr`Q-E$zq
z;eOAV5B?U`uV_{J3qA_HhX9E6%C8(LQ_K7p`a*ysKZ^yAV;i?6NCM<AidSe^c|5Hp
z73w)vTvlfadfB|);D{l_@%|9>P$ZKrWExxQ(x@cpZ75U{ZP0_5f=Q3V@>Wdi7mp@m
zTqe{YAiu+{6=)PamS&h#+Yf2p^3=8Tdr#>WJ?mju=!!tHf18M5Y~CA<qnf2YZSX_{
zV_O+gy{M;Uo94IAMp#&3rv6UdJO3q2)}UyzqwH7#@@JVw`Odgu3lP20q)$3hHnsKD
z6PoY%BW)0rEf=YwbuKTLHNSM~@bJ5u7*3jLM=j+r43)lBle-3~)mh_IQ8WSD7*<@=
zOh&Wfm}CRmJGZMs2gwJczrB?{nl0J5N<1{9PG9uh{bpfvm|P+70k^+MZxwjJ<l&YQ
zcCqUeeT`nEq$K0cHyQftI}(!y=Y)u&kFE-FJl~r3$)#2M&KOjyHL_d|Sql>E6^yzm
zSj5_+nMIA$wnf65hjRr(?0N{ngZ6x{W#u<*Ne8-qI(+@~UpYhJ=PiL~&00}BM{p&u
z*0XW)@%g#=s{SA7aXe8_sQ)A-t)X@#ZUNHK61S+qPvPPzkimSBbf$4}eU%?OqGlCC
zw>jPud$(4cCJ8;#G-lK9j+w!Aw>4FlipDlhDgb_IB?kZ|=RfDoljHY)v6uq&#TnN6
z8+%JnN^lO~Nn>fkZZ0(z-;|8UCL5ivhtLW>GjBG`GtZB=Me&W53mTD^$9TP;-KR%2
zYHMI)X<IVT`GS1)9kW%~ZLz=a47AQDooawlA&y79O_y6Dh4Eg6`|Z}9Vm;3}t}f=6
zJYBAQ9f&w+=Joa=#mglaZAjr_JXCf<`oU+Yw0AN~iYQ`c7h(KW`73Locaah|#`tdu
zMy(@iJ!E8d;-nbi*zEX4i4$#JNv_gpzJJEFFIQCn-tN<u<8=~}Nj%~Or{GEpH$>Za
z_@x<v?0Jx!cmAPA8Yhg7e0BF%qz;evz-zJ>0kZ1(nPKZl$0Owiq)u(GS~v1U<JX)P
zPF_nc0JzIYQq`jrXuAaGiEq~QWAbx)?UWCTzGkTgIM{YfI@orSaF+6vQkUY=sr=>Q
zy(n0pjo*&xu4kY)3@bbpjiUWiS^<1Fx<-)2=&{$$fy1I7T*ErqnCLXsVVQs9v8RF=
z$jM!5NdGQ1JHQpZ7Zqih1r``@tVxkQQK5HL$EO$$h{;(umE<tsS*{p=eN7*Hp7~g6
za;5iZsPj73Jz!TP4EJJ%Llw9G=^nw#dli|8|A6Ql<zIQ_Tv4Ar!3E%&#+xLXaL}f~
z@DGM=CDh-p<QH-q%@vcF7%I(&K`+{?huhq{P+GnCZIbrotd+4NpO<-bZ0pjxCiD`W
z$D{J9z@5;-b>+d^2P)O2O!$HX{936y&MKBfH)vn!lFn)ZPN&DnogX@oTg3cPqj`X+
zPR1KQk2CJ_f>v|?%+yh1@fS<+&NM@fo5n~1HLRhQmbh$LnZ{q#uq^da@^<ea_eh&@
zBg<F*MrL3v2s&GAP+G0?0!b-xzNCGYQ38z1U~4)vX|}1EvT_mPQk84X=INs6_eZcu
zjl^beqG4I*gux-Ak#UF!W_gQWWX$p>{qftd*n_pMvbhXy%9f$VBB1E6x5z}o#|<_#
z)kl!Vi#;4m%@EkAcL_hP$!l!IUV6f_g2iH{(K{<gEM{dT=8!1H6Z{WuqVG-HZQ*ef
z8K{Q4tbFr-U<0dg5V<<*!pUEq&M(c2QrX1ETn%>l>2QL7iisbizMuxPZC#~5q!nC)
zwrD+8>!*}M9N@O2>iiDER;!K%<X~#s;*5=DS97&f^UDh_D}k%JS1n+sC44Y%)j`<1
zfe<NSZUL@vJfrYyIoYAMP<_EIKd>)sKHpl6e;YEn2q#oBf!Cdz;EK0E?z@~ZIS6+q
zT)U3pzoeUTnfq9-?DRKb;Qu<WGnzUo&Dvc1PnCqd*2iq@2?tZ;31N8jBtY@JcochX
ziVp?35ud-lQWQx<cg@O-lgknzX_8|!th&_8#jA+By<BP`axi#3$MOHi*jvXnx&Hs-
z3L*#sq98~5h)O9aDIlSgf^<nvC8R+*H?UArWJ;HGP8vo`RHVCGfl&jd^r(HW4bM6H
zdF$`-`vV^`?%nrwy*i$+>%Iz=vlZH$?-47bDeC{&7pj?bk_`UQVQ$-hW!c0%VY<S<
zBBQIH+CKfA|H|9hB<h6I+d<;`!*O4imL#f}7rm>DOr-aZI{Nw*eVwDcisvNkHBf4`
zcdAbN{)oQGs%Uw?`CB^G!pA4=(s~4rsf905j_<01){el*<1E61s%^O8T!AWI;bz0s
z{5|jJ!d6n|x~{=sk)Yi>W8Pue@yv~%?T?x;4E9qyo>!eRG%-P!O~K@sTp)V8BJ@eH
zL9@`#9*T-Dm~)GR@Ak6)dWzfL=EJ%o>U17S&YK3-N`Fs;!jS71<x!TYGLs|h{hM`r
zL)>B}6L)bh%6gXY@?Kkh`%E`2BXjrFHvf;USh6pbS;YE3LQxhR1y$}c?cy-24Z0*@
zpZdd9YA&TFu-fMFq!;Wp!_mPVTwRV6pWk7)E+*$ycV|B!xaAcpA+<HAjM*Ev@__Mt
zBhjjK1y`sqlVFL%g>Y9T?uOZ(0u#v{vdmi1t5S`wi@i-!`SS?<>e`E6qt@TXgQ7`F
z$C1#sg)4Sj6q^?EB+cK4uPOdhJ~`0{fMg=@B~|r|>UJ?1^xuRk`U#C0rp7Y=jFA5A
zrtEW}*MRq(Wo8-9-%)UfudEG1RSP|LJx!bh%6c5Ewikm1Dtq&7Sw<0YrCh@4C80cg
z6fDQ#IOd#tVy-<k)(B_6#9=7F&fe!VTE7~-3vV77AGHy69R8BHGW&Uei#e>W=wtJ-
z5%z0hUDPvQR=<yEZl9M92O88ip+nNV|9NLz%4e}Ri_b)F+-2(7x@E(L*yEvwG7-1Z
zj3pf~klK=wF_S#9G3zi~F%G5U_+GjE{yi<0X%H>y#%lY?*@;pY79!9fqqZTr1=6m1
zh+I=Ut#l@jTti4-31W71_)9a_*ffT%UhMUDpvmK=N0OR|kMFjhEYTXC&&e!5#>QBd
zkPltAn8}g(u#kjtK81VMcisjch|b*0HYOeCFp%D_blsL5+q?h)NtgdZ6d}Iw+aGqg
zNH%iD-Hx~H1xa%)o90NiK$5jyaLUJLmFJH=TJOo@1}8W?Z&Q3b%j9w_ksUR5hdGiA
z-b3K{y`9JFx7V2Bq&9g|WgUw)W&K{LKxUeSlUeeDN%powGSkn#YJ<{U<EmhFha!`B
zKC4HYZ;#OR0=x&(j`QC(2>lI?uM`%#Pk0biU99jI1g%aaXf<ZlxO_0&aJbk<zgx3D
zCy?Y0vWw+5(pti8`*yiQ(FD6Y=fgCU0r$Did&}=g-6cK+1yQC>G%Pl1sYWghbhkZ_
z#icVc_LCL+p-EA*L+k7!T5cw|;lbFBdt#nKZpY~{q6hqx`IVop4*TwNgI%rhA`PJ$
zv|)BhqGJX1W2L!N6qpRpw`ma}+L>)m>NR&Wn>RQY_bMel?8FF_Wr@-{X>1M`{a}B$
zsA2A%TiTVjhI3o*?R%v+EflD^ZG$|>a^ZU592Yg)+5!8(y-s9F>gNzQbw^`VJDE|n
z<}Pxs?%D@m?QGbfNHp;K>k`Lv)d%<QGN0-z1{n!vpQ22>B7wlyqb;-!N=x{=Y~M!!
zXDb)5u0UBq#F+43#F#yJfs*^duo{HXZ)2{zG;ZE<g4}z3c?pUU4-M;E>xBBDKO6f(
zUqE+67b@jBpNtF+>CUuQ4JROdhqQLQGQO^y$?olmI)zU>Q6_U|Kps&D;A}|r%~v(#
zVJsq_p)*X0ef~uN3AXSC4~(Ssx7ss#K5v)gXERr0Zg`#4P&?Q1UoAP{28HlnDXs8<
zr*lV}3F)%3zQ4co{DxnFq4fN#CWmcnvNmCbd&s7V-5xJVkHvRlrI?IbHQ})$REkL<
zEQwix9?~COI5npF-S;T`RG;>Gw`)YKsFro5iJX3bWBNPh>KF-RE2+!}f_h%<JBO@e
z@s);3Dx*Hl()q@NY6z-7_0b^#0qEZwPoLg$r$$SIA9K!-UB(lWN_Wzo9Y7V-ax7Xq
zQ$5abN8uPY$9?O49rq3yg(_7J+-hNo5UT~zvQ<3N+D+l8&S2~lo=|yHJvV&9JqK0E
z&qZdqR{v5b<bQdWto_#e^jnC_7<-*4dAW;;!&zX3>z1<i*jqWFlCNz!^!E}RWW_<e
zRux%Ow&vUGzA!4!!!RO$7=3#rCX0VKbKQ3@%3lvr0x21SY%0WkHvX{E0}YMtJI<sm
zFg#?S_Sr9`K&ivja>YV>boJh0i%s({N^iZN89ZB}HIMqX2Ys|Bs3U_(iGh@`$nQp_
zxYlChwl+KNj@K<|x@SLi7(-TWviLbrs*oO~DZ>b<J6YJ+KddR|1I1j4Bp#hNunv_C
z-1UZtpIauS@1N2&yW5C|8gnGa+d8i(5ll1%<p~WCi6u}6d}(X5K-Au+VY{XwV5BPN
z-89|OdWJb<xavW<N$NYnjp}~J#CxPhmyF7UcNV#uMBGcJ&qoS~)p)Oq8V2eG@b7I{
z_cOSJDyCg998lL*;`Pt94p}{;(NC?U8pQ(p=mv`2OVkTc2Y8Q)z{L`jdX?pqu`g|(
zx^|Ah0$-mhlks$rxXzNmm=1Y_u6N9IUe({rFD>6$$70oJ3ktJYDKGGSO9p){!OhAM
zsjGOo*^ZKd$o`2i{G%J+Mql%pioJfl^Efm13k5_qJZJS(rH%QJdH#U4(h<IV?~iOo
zg#vH%d!^NN^e*;*mwYB<I>hqLmzFy$G5JjG-+o-Yv&nAtSv7i2(H}cp+LI>$nF>3`
zl#Yp0-uqZk7x4JmptW8@701Wb4ryIP?LX%GbZizOtT*0Nde>IBWE>UOD0T<xBx!>u
zUwuBIhGuHig=I2pw5JL5E}J7RNwI@hh>B?{*Y}fOdJLNovd&cO-6%;Cu%YQ6oR1&q
z%hfXoK0UKwJHEW%PnPNJ(3);~;UR6wkp@B}R}&}d@J`6mE|fK8lYIT5N7Zzo*5%}Q
z2dR%2KW;Se-V-}n^Z60>;fvbi=qObU>FlF$@{#n@ir@$SX4ry*W~4*y`>iBKfh37G
z*HX@ga29bpQ-c+)#h16+)zLx<c^p*{gm_@Lo43wo@IT)z%fU#5gn8tr<oOq!)Hano
z3MGO-rtbhl5Eh_v*=LMCLByw^s?L3(_m-r>HwnhO+WxwA6QI;kMc4Y)097!$I9w@}
zkrpA&l#+TE^QvATR+~#b)?KtQuPc(jv3lTWj6RA^61uqc!t%@e>oe0$r`&VKUvFf5
zJIvU))R~e><&9%51{m{P=h(MC3DhMCCF_o3$Wq(leny=jT4*3qh#2TMIrHM*?bY?1
z8oNs)&5mMChfJ<gNYjk(>T+B^Y;>M1KqRNktf5`>?&v`N_pCi78g@|xzsaOx`$FNX
z)sn+g8=%1R#SAyxmr-;dC8?O&AaXKad$xVK(7}*h(!FH)(~;R6$IV=tjo4*}#~+!b
z(wUo?#MeK3m^J1QZPnFIR8P9n;@5Ru+jF6X94Y<!?S|JK1O6U*Sk_|j(jrN-$}QVK
zn{6Av>o*WnVXTrvhkEXAR)+y}=zyu8xacL%3$@w3GK);TYbDz4>e{t#Ef<PCuxy*@
z)PCR3Ex7%qm-KG$`lLJ|I-EhuJhG>8m_?4t*Ve5(9sxy&Xr*0u-T~PH5G43JgJi&+
z%g25mm$lSe`9g~r9>kRNbTFlKaM=PB3-*$?`c;f2eHXHMpGp}qB+xLw`c%t|pD-AZ
zU7+7u*<GWb9S{0Tl^s;uXL~>g%?u*i{k_iL8M%JE`1lAGlR0q@QP`5H7EV?*kyB6v
zIhyB;4H!duh}G<@xh2)~*6NTp$M(sAb50XnnrkQQT!hN!q?C5naQ0izH63#7`}m{}
zB{kvdI_S~1dU2oxnf<(z{<KE_tfZfGpAK5G%u$G0tQW6!!|K_!fPXVhe_45uYNFp$
zSfCYT#ouyg5+lj9^Rlwym-uPaG-U(CRWVu2Q03T@`gO&kqR}&v8NSdlwHNvG0k0pW
zCQOpHAqypK*8cK{?@!cyuXoF~D2IhC?zQmSmBpCi<(Wh_b{XhJQRit3=43sa#b-81
zv8BgeHb$HUKEufsuSgz_%Z9t9y5ejRNbiM0t)gxDhj}ffUqNN&!v?tvMO7WkwF?zM
z>>kZFIFdW=f0kkN%}e%wluUVXAvRc@k_F<R<j<3pn`Y)3hJu#lM_3`Ruq3$_6i~yc
z2NHbR6GwR6t(^A0nirTLUEQv0l&aL3lfB;Cj@R72W?)d*oc=C_&Wk_GPHFMHis9z&
zIvRmYcKKG3bs#schhv9UM;X<9O-hcIY@huhF}22fG`SD{-WG}4qqB3_b?0xPUJXS&
zW&<&Zycf<7#2^x)jC-u;8Xg-+7Il-Uk+&(2vLvS6ZcB*Z%PjQ6pTkBNPQ+W_p>yS0
zV-H^UtdEy(4hdu*$uw81ueUh8l8X1g?*0k$=}8A~mW277#-{PVR*9VN)CN-zW5orC
zsL1Ir)QPDA9oBy6h*ZT)7L9%!lL>$Dmz^w<B@2s7qwBLRStUt0z2Oe%cb)};V8npV
zPv(N#_8L#s=hfoxy3<$w8Dap@rvU>YsT>l#A)Z@iPQ=!~d<5c7`j=PFz4BK)X8TDs
zN!l+Y<I>tKu`&0hQR{)1V=PqL^E2a%mHNoIia;Bi(K#&uk;fceUW?JM(3JabyX97D
z`^|doxuV8)TEttxvT~9xro!#!7B}tlHr_2NOTxp*hr6Rf>f74)Q4Gob5`lH|zI%~N
z!==UR)y-1I_XlSCxYf?Xv^5Xk8q;6_ug;kFgQjIB>Vr;Cx`?*|`e@{%j;P^?A&JeQ
z%p?kFbXm_sJ16J6N_VQ5`5*?Zpj_ecQR=VD)aD6JLSxWd(M`AnN>@{tB{yoCh@pp7
z8L5woz`=bFIina#)ZYjzo2Dji57Ox(3*hkZb_l9=l;zqty}5bhXIIr+N4K`^wCt-Q
z-pZI~JM=S4Nwh~9CP`1vZ+Mwm-~_ez@-bfDUZxawS?ymVdj;y~_ejY{Mr~WLwEJO`
zaq}Ws2FEW9q7GAX<Uqo#S*@ztGqvED%dJ8^gouc9U5OLM`FM}Dj5T{yasPBqo-6*e
z!aV++s5NY`G-58^Zqoz4d7+O_8M3u;&c_~S)@`3DBe3tmix5EZZ_KDNx0Q*N_qLq1
zkrc75e|L{_%*q^}m>i-$WI(efeglS`oG90Rn5|z~K~8F?;kDHm;r`;O`*O_3K-$W#
zu5H0c5~MO1Okm5@?s$h0W|%TZT)}Z;Yei4wq2-0+TJP=PY(Vxl2K76w;`XFyI4y0n
z?~41-BYqR)pn=i?$&OpcV2t46gtMPs?+W)lo@RoqF~uZaguP}Ky<vbAGc;5Xg3lQa
zRa?v55h09n{8P%1)gwS1mqPPw@>8x&sCn6A?XTPr=c_e;M7XB&Igmd^e@_WBF#1(k
zb1#e8GxmdF>NAG-E$-b}J?-xBZUg3bQZ}T%&`%G_T5iE1my;JCe_(1Ft}8RLRp9#)
zV;#4Oj?VInS>!WEoy+yW^e-gQh{oDwHkQ>*%VWp_6A&(v!|z@5_dIq7ABvrnS{%H+
z!HDb-;Z?g%N=7G4<|%>5zU`YDYn@iPkjwLJ3Ns8Z_;_Q@_U~=Ey*pXXQ;3us8?e8(
zC2RL$HWZ2m-U#GYmTO~&D2ErQoVMfN3Lr$@Xg$33CeVntF08TdL8^{6+&d%I<3a;9
zvvfB<c-`4tu#!N{H{Z0p>6FcW?G2ZnD?61u`&du27)x)c8IH@_6dTTTFaL|gv45dg
zhXRbLddc7&6FP2(EvlY5$Ly7tRbLyhh?F@X>ob2r#=|5rROdj(lgKCjFS_(8W9M4;
z-Zt%J+eK%R?*XP{x|z2VzFI!%e09z+_Q_8LY%poVSaJEr&`cYAV2J#J5&;AgFb$e^
zkvrcml4OH2gPOt%vmY^Va^*2A@c_bbkIewfwYfLgtZeZ)Hd~!<&m&S*C!l+yW|x*y
zva4?W!*K#%U-}VT&Z@R)2gIo=PCA?iQ5>!sM!bR=be+Y7!GW3cAc9uY51IPWrcSP;
zAXJM$OZ#s<lYG8>yl`Kox~}eP%XHR+`1zCU(lXHhGH3vy@C!J47;Ur!9{>P1jNEq$
z0`)k=z#d$tlnc_&ccv<-3*GCk-<YwnpDra;0f3PocwAYRlbunspv`279HMKfb6p&~
zQtZ+oO2A|>n$t)(i2f_PU?=A4{vz<=2e;ISYo`OS4JFwr`kz2U${NWE!KX9qN8Ah0
zT<VD>*QblmXURtX*Ly$Fh&lwycaCZ=h_^Tl+E0g%i~jWYe*rTG^tQTBh#cL~(>7Hz
zAsN;D#rXa=QDTKTTC7Aa-6w!cLTZ%be#%gOy+e?~mm9K`{YT-s$G90)8oFt~_W*HE
zXgKgoDM<bC!OEInJ}@;~ShzoNe#)G3@%hS%Tl(DfIO6py7eTPl@rC}s^7X&9j32@$
z%R~~Qp+*`kN4&mB09?P5G5z0&#Q$7hMnph|F{NCC)h)S;paBB<fl9P5aaXShlF|Gz
z@@I+q^#=4hUp~MG%9y}RSZ8gr6JdwvfLukHm-krx#GGGf6kvI_^X`+Cd@2VQ-3QcY
z%kIZIr-0B{%>bE+^CH*s`{Nhio(6uiAU`xzLoXQ6)D6{hmGHzS0!;-?t}FcVnE$kx
zaB~jO4LW>Gl6b`m51>lYFtLpLug?CmM_F$Y3y>FPmo`Ng32K|@-iuz5kdh4}<`s>%
zLFQlyjsO3E)$)^_4AbBjvLH01_*>5Z04&EJIt<<(`KQetJ`zi)C})g_^&STc<~|1G
z^L$sE@X25H@sorl$55UFNyQ~J8WU?BnMKqVpi&&kqw(Is$UkD<;jurU0-)d!?(dv!
zLRrE{cwPv2_=gH@-k+83XX400$-pa0LJRTpNzf{tjQZy-Azh9;5bfJ;z`igP6ch*p
z?%fyD<RWmylYnS(oah$(<8JH2>?tZYMxSyx{}n{VTW;kXfTrSv+t=sj@*2w;*xxZS
zW$UNkI50FXMF1@fQqOVz>23iRE+or3FNrhXF3Z-<)yptz2+Qybq{%29)06O<2@!`b
zMvHr|Wr>@Wziu|<&Kmt-FZPt3FexNhK-XN(U(wbV%!7!#v8h2$So{`Y@i6wD8-I9Q
zGCi5^Wdm&kkEP+hy{OidjEv87GND!u%Gc4LlVs!rq*K;l)m7+*xPiwC3xS@pWdyjU
z%Busd`kj=<2KmR$Y>yg<`MGr@N~w}d@`}H9Z4J{a0K+@%Iu1kUGElYeo)v|L2%+70
z#~QB?rF96Hpm<f)l^g$-s(%s>!e>^LB(rvxhZLWxmOG3wvBt1KAfZ~)p5Kxac95+l
zR$YSo^VKqHS8o`U-fhNIZ<3J_q~<)(j>>aY35q{k`TybwFipt!MTyI{ZTc|jQF)tL
zFpe=6+iW44oX1m46~h#wVcCqi;ZANr_;xxMxYgQr{OLd4s{W#e&vHC#yl;Ex?S2Y0
z_bpDih*o7@-cuuWab>n4iP;Yn7LwCQB=Qw7{^wPsiQDEm2CUMH7mt5ON8)F(FZ`31
zk&Y;6hJBo9gpD5nBLfiZ_=PJ=>tG_>KB!-#pTgpNMz#C#T_V963xVvjkVZ=VQT9#A
z+7qOvnwhU!y|f;BtB_XIF|65M<-Y7XTV^%Hs|8j%e?wOM@(qKSQyT53ui%J^bM6#i
z&+WjUQNO?PCpONXmYepB;JMTsfJ7Zjm;fVaWfCD8?OE#LX9#M~LC6Xytm26w+OLN9
zKs7tf$%4d^7nQg>%C$|SuH2|>G7Zonnh!ysG79}E!sLH2AKVWECXaK2zOa^?Te^{4
zWve25;7wGNr+$wwLF@y3flX}>6twu+1pF)n6w@lnS4o>^*MVh(MA4y%*Li}6nm(HN
z#gzX1rFssH>VKn=>{5Jl%K(EMtm`Q8i5K{Ru)Od%(I@vOalWaNJVy%j^&OZ+lb03G
z$2@vW^m1o`n+l_7u>Rw7Rka9f%}W_QCm_m8Y~B$Ft2Jja{3pi<50ia(6y67$&8)V3
z;yiEMT0(!IPr%6C5Fpx#->x#i?ijtJ>`+0Rv5BrVy~aV%@Sr8+hvri-a3r%R_nb?L
zzI^XdjD%axe0O?qc216HOO${Rv#8zWQ(S7oA|fJ|v+W70MdP?E`lC3FjN=6Q{0|>v
zYh}M5g_Cl^k8z9bQAIEjbhrMjM)P4bm>`PrTAhgvASI81?rq2P=NrX6CZ~<w+u4lE
zO!RKPXjGPW%Wc)f!>@7Fb1JkTvGzWGRR(V+;jwHtj%)Xb6$0}pJIhrad4{FkGA4p3
zZ0(NOdB>Nz?LgVfaiid%ks?TmRfN}Cmkc_Gdqv@Y7YAgQkE9+HPk)MJvOy$caG3Md
z!ERn11Aq_Q8zYA+SU;>i!DJuvYEO`S@P^;SrgmqHycG;Yo@9&cNQi<!D{&*Jy&UVI
zqIAA8Byt#7t`EC?5WjxkeJaT1DLW_Qc@NZ1KCVd}I$0LH)R1RT+-ebJ;sDB2mLpqJ
z-fdO*0CMFI$)>5RYj@xK2h0S@?56PLM<Wo|9%>OV&i_}nz=4cGLdh4eDss<$T}h!J
zil=9Q)^Tpwc2AP%fU!&d9>0E!<`>V+<uOa_c+CvJ3oE8xQ3_?UFf6q}XZ07D*w${<
z3w$a@?|nD%7_)GwL`xMIlWD^?t0w9foceV2<8Z69aUdy-gKcMGK?!N&QzBmm_4-KZ
zKy6#tSsAPG&05I?k$j!w3nCKgv;d@hEcX8Iq@d^mP$>(QG`i+h#!&}-?E;G@&i(vn
z1c^T3<^>I#!{`{H2eCfby;schKGThKsXVFpZ-Em7oXD+7l~yTse8ri|PRS$qFOO+s
zA-j{a>tRisr0lnKJAL+djaE&3Be^@6L4G6lg7UQWdEgkW8@ez4uRJC{Cj%7A1G85-
z1qH6!rp3>k=>V{lnxHiINzzYi>^H!6YncOlx7Vy!*AcL`ygP+w?}Z;fBlyX8HEu$9
z4C&@!%L|*6^ANdOpq;5^*$mI-M*#*#=j8CNwhDDb`|WIqT-B4jpo$#49e=ehUfS>T
z?u;013>fW+5qFvSD<AE<v3RD~d);PrGFYG=%xH~PTE6!`ygV8#P&>#X<=uO2rSaqP
zUu1ghu-)%>Y8#e%N5iifZyML!UVOa2x5KO&C*?YK*#*oQ7eAa*EOz?3>P|V|(i(lm
zY_VjVtL-E0K&bb|`tcTZueLZb^~l_4t|Z?NELWZ0Gt73ZE=7Kg7dK4xPBy4=55-Nf
z<L@90Be}|hO`ZNZ3qV~ok_%#qbYGfO477z;WSj}#j1#m764KlMe$;1k*=6aQMPQ!+
zS!NGJT4v&n&UTLJRM6b@3;@X+of_({ba*^#^J)9ty^o8feSN*XEW(%pgqX^ki^teL
z{E{dAkY!mqDtgd`^bG`KU38Gj14g_hNvGG)`?e7bsUBGWq#{sbUb~v$$hGuZ-ETpA
zX2}uN&bo>gfDHk)7j)m1oWSwBG_ZO^gWAKV4Qn~h=MbpZ3mgzkeMc1AZat)WqF`j#
zwEXC|aOhgnOe%ZLNC|Lb;}6m9K}%TjjQoCNQ%{C!u15$g`Ou=0^vc&ewE!9_A~xY0
z36t2^*~8-fy?{R050_Y<8p#ap%hivuA1R9gF96OS7w)c2yocj??=#^Caq;p4mx*-9
z;Nw9L+d9;YEYq=SX#;dq1**S2!Ue*%d^|?yx>DO3q&K4YZ{}GyJic{!HIU7_k!*Bt
zKODBp=JJtRY%6dbir^C{x4j9g)qL!_!#DUwXD7$B9uWBgAoAE_yLr=c34O$CN$hU&
znQNX-m-%+kfrcJ67`NNM3$VDM0h83+<oz0YVsD}leEZ{RPl<+vjFCIte}!DyDbvXI
zPF=dX?<89>klnO>rm;bAj<`o_nZ4t%W;NI7#?AyD>VnB%RSiCUX_TpzDaLoZm!~Jw
zk-cie+18_#4^eGb`#sdLw`GEyM?_*9E@fJ09{Rb@9R=OHJyK>r_MP&kt!qg)psc23
zj@MgOp0T#Ixvr044$}7Si-TVib8~WpVVfSXDB<XBU>ci^JxokAj1NzOW;LU6k71V~
zm!TVWsQ7^%X)~`9p2t65vzM|6Rk%XEijdg~m>;jH>f(O*Iy-G@V|mO>!hLZ%adk)7
z+ZVTjUXG4)tQ|7;TNgP-J?`t0i`(BsCG~PB!xZNE^oP#w(upLq)Q_zyR66K(IQn6X
zmfha^x-QLc_fx>|^`Q-HKCQdJpyvua`)#P8zzYI_o04xViS==M#bh{1Gi2)nW1F$$
z)3p@2z}6%@ZYknDLrHg*vFenOwze7c+hbTE=PQW2mvzu=2W+3p-Ecl-`8#SKLpuuZ
zt>s`(>op7g)Yqu58j+ut{2j8_H+vglT4UU~RZu1USDdn82bYn|;B4*}JEtc_8Qpq!
z4FeXMo0V5P@Vn}TJhcKfYg(zvCZHw@_XEUgR$tmd3*f8jga?v#r@8F?cUUDp0iW8+
zwA;8iUehAge{;SHTRURkvKBXy$Nn<>{)tjlbvAFL1ElgOeOEa5VRY8={b290aVVHf
z?DyZS6u7;+_&`PowYTJGEHGD^Gtl3gtvzOo;e+68CCPS%&o2BO`@0zMgn)+YVYF$@
z_F#aPJKYUQG^e&{gNIl+F)DJtq@jEmy@Q3l4`CJq@pbKNVz|=Vz19cPW(AcqhKwcK
zJ1BfuSMN|=T12_bRvilIU);~L4;FIDN8+!v-7zfm0dysjy&<vZ^DY@xEBWGDukytH
zMtSRGeehTrRQ_1TxDPg}6&&a=#=U@mt~;95nI~mu6!gP~nXL1>;;}vxtjj!*j;%v(
z->S{EO)(Yty$QSsYP(NhkEd|LFnDVl<M<9ULQ~4AfWIWVFv9)~f?qf50jK#Ed#zfI
z%;0A|swOm#zukxu)2N%@(5+Estb0tP-ei#X7<5J`sT9#>3%DqNUol(npX|qI_0-z-
z`V1oH6*_f=5C2cdbVBw^wQLs|+-KOo$kqttJc8Pm{lg-Mf0WFo4GE%#-|fKLJ)>oh
zxO^ujXO-05b!G61SsRF<+A^iro1SF)ExRO%>6?0`i$f<XVqlp3LbFHLn*|2lU@cSQ
zn9{Ouo3)$a%UenNYng>~Z-(j4M{fgD7kNh9Ic@0Oy~nI6xS=~zkC^wP?T*6N6)MC1
z7R?GH8tPVF*>^-=`RF?*$L`((1A5s|aAhyTJ5cG$^I=HL+RvL`88Al<EUgbf9G5F+
zPpKK(M#!w}D7C&iuM(6@ZbkCDfCdR_D?JQTo<CwQ3b>Xm4g<kUx(r!FRl4b7tBW1Z
zIh~AsqQ1A5DdW<kWoy3TQM<bIq`}G$Es3q}k;*KMEw>+;Df4?NXg7^e#O}|Cq1+nw
zcNt~GXr;E2NBYCL>w1&$yNnJ}LyV?(%=f>t@BjTq-)Rbg-{!NNX^k;pO=0P;y<6$%
zGcwXzV%@U{AMtBbV00_zL`qhPB<x)oqU2UuLfqbNE>F1wRXWD4<Q8Sni_t@{x6vfi
zEh}%|f82k3Aa=^OKTlL$8kZ*SJpJ4!jQxLuHxLD1(l~k8!tI_H4mr7e%aB+s>pXWv
znJ0O7ULE$?*k`HKL3vbWr`SVj1@^5j@OB^#tDV!ru~i^P0>@T0&hV<-!W`NWc_Va8
zOYs;tetUp67K9?PAa?F9NZRc<hFMV3e&F)NxyaucM1O5jsNDgFX;<H;^ozD2Mzx-(
zt!dH&hb6!)y7j*=*(`^r9)YJKTX+}Ta$TxCuntN*6J{B=V+^rWl->?tu#Fgxdad{A
zufP1IHvD668lOlM*fkPSU);5A@pKyeley6u1k<Q`lOV2jB0;6Kh<=>v8;9!e7gjgQ
zQDdwt#Yua;`Kay4q}^U_?i`N7NA)kd?aRk32RQes%H2Uo>em_iy#Ha$5gxEK*zOd2
z72SJ8%|<M4cwkvYM|U+8wezgfb!8f$COcw;8hpP8Zz6YVZ8HzS_HnbL?q*9p*I}z-
zFtZHxq_1K6ot}H!ZtiPyhLY5{3u2*L`n4-!irSC|e90`OC?;E#qOR$JhYD+)%Ch1)
zRfBI$%db248E|3=;qvE@GiD{vin<9W?u>cBdO<wJ;d%9^8NUDct8hUh9?U_XPa<Tj
ze<vH8>tAfU4l<9}3Rxa9xTM>H`Tmp))C%c_v7B(pUAp->oGXE30D(3H4q~}ts>4K`
z@b?L_Y<KMV5{dQ;<N&$q<5Z}d@rCQnz^IV3y~9X_v)VqcCm)Ud{Jm!n1eSdSH&xYz
zy=%gF(G%f?-<iP1zOl-GpgNmxUGut|nj62>AX9jKS=tf=I=~#^N?JI#rm*;Z_SPrI
zP8FR7$1f06_nlPzJJ$2bEPW=XnurneemoZMH*6K_cAhMc9lGVwL^CV?zY+DJ084(b
zVf1Q(mWl3Hl4kFUvg+y>4~9M>>cxtN7|X#%T{^g0fhE8qE!P+NW|H>jcPuAr{iu-(
z+DY4R)&$>#5tMn;{ndO&zZQGg)<^a$Sg6OC>kuB7gty)&<N=cUsehx^^Bv>BITo>m
z7)-!#UZrsMK=e_YHCVUncDi@F-YU%O?_dzAi<wpZt9AY>!0NZvZ1(r<yx>ZFhv_zr
z9yZdZl==3a)M2`~T}3Q;Hy5%OPIXtnu%xqp7HUDKlByIgI<fUxYz#j6LXmqX`3uPJ
z>|}SO3Rg?$ESXDDA68bM3f>q}Ik(T+XHuz9;~=v$)Dhd2+At^*S>9lZsC5U~Qh879
zfC<PXrr4Ky2k>8$CdGbd?C2;7Ie3^Bs3;jRj?N%Mc@V+h7Sah;UiK6{cd36-Mr{qY
z77+u23FLTIPL5zOBg$OVVbm(KPHIk(y(2-gA>^+sf*ZSjn|^&@?y*fuPgXb88{`yr
zY6%h+P>``iH?YH6Ra0_HBW1n?NRCMqWU42LLV&4g4PxLM_1ccO^-@q-*1%$aP6=<Z
zy^hIL6-zHsJerg%^+0hX+rRI#%WQkh=}U&aRNT3tOilUgQGH<#lKlFsH->ZhlRT=Y
zyoH>;$VMeW)0j1Y&qbMCP>nTr9oyR!z>i$p9CcAVd|x&7QW8j9s;W<s!5u5nr(Fh2
z*qu9MHb;wRz&k&LnWPG8sft5~!7Df_KP-iVBa37}BDHMzjpjRQ9UTH-P!$8Ry#p^+
zLY&7I+@vg;={;0s);i@J5>`Qk=z@N&ALB8$#V_REdPm>HukZ%s9S1QW`#;$-J%Uh%
zuuro77a<+Ic{am>Kx^%j1X?eG!?JAmHylwmM`_vOOZbFsHhm^`3cU8#2QaLe*)D|Q
z0)JK(S9`p;S$m=sM)5qR@KH&))J7I{b3Z#-3?L+!3`vESju&RcgsBJGX@J73h<pB!
z!8%E^#B!qgV8p1XXFNC9P%GK;nlbV)I?e$(bo41!FyFA$*?=$lqKv9if$Q$p!=75d
zohRC+wo3~zToikSY`Ns%{+$}jQe1b<=Ch-4H)HsIa~i^TEC}u4)QtH&OwZEARzEh&
zjz+Rdy2mrejAp1ZN43QWWiCZYt5wlqr6<G|8Lt6r2l-Bm`&~akBkkWJ2!C>(2>dlj
zpywHG7ZWOM7cOW70WTFm5?wyJ!X_rzAO2<CBvlsEovzXbqA8VBy4Dx36s5*pdsH3d
zU1I!b^>a$Gv#(#jo=FL0D@lFB?&uUttHtZTz3eeD`o$~M+Yh+1(dS>2@RPGMDdg-S
ztW%`Tjy3Dxm0Mc^_jgJkHn3ua$|s;zR5la7tE%gXJ*4>&zN>9mkeI5wa{|O?@={`r
zPpczr$4GK-lUk88_p!F=&T)F3M9BvZ7yWa)5^e1cZ9Zi*bxN&v12BovJ5s*2V&k5X
zas78}4R+EZIzgcPin_V{O0lI$1ekL*d(awvPkO7aYShX)G*1sd>NQKwByzJHB{<JF
zk#Qdf-W&?-kc@J+c)0X-7H$)UFCQ$NM>eRHFl!c!@D)^i7_~!{Ty`J5x+$@OV+ASv
zMT4SGgizTnb$Ac@OB?c^G9!H^p>Wr+`5K&-5qR6nB%bkdJ|TUJjg<wMvd4SLZsFv#
zZ1+(kx|X7LcO1b{NNm0m^BbUm(*}}j`^%dlCPH4J;N&U&?y0!pNXXuTpXEYtHvftJ
zI@<A=cixnfY|_4iVV0(G-*8!yT(_g|Ubr1?6~-cdUuH8eRFyAL8T$Arb<y%iW5{bQ
zSo-}Q`tYU=Oj;qvee%-_%dCX{T3t-P<!l)1@^GJ(CpbUu|ELpC8*2)Xx`SeJ3=cwO
z>PE(EqAJmWzK)LfS+Vu4Z-FxR`D><6y5LDS#VFvml=FlbpOE>HjS`AZ(-|kHgJfe#
zjLWSbJ-qt62S^c0zqv0&vy4qlnwXl`k#Xe2WmKLf;3~g<KqIo#fmS-`2Y?d}W0lyv
zK3xQ6Jd`3)46D4FxLMtBoLzcU3jggRN=Rn^dpMQ8fwJP4>O%vUqJA5DW{}h~Ym^Cs
zLmcMObvWXa4qDE6UaYVVsiezT&j!g+*YO-&rOWIn3@B}oNLqFEsP9**q;M%q(tsOO
zPGhH$<lMw*>0fJ&R^x=5(}ZZ~F@j3RYOO{#p@`pU4Eil%QHepOplGlv**aS3q6#L0
z2#L0_BIQMWef_xlV8%F5BIpE1)XNL_3(++O92&5v(P;WjyN#QUkm--mm_KoTVO%dv
z>{Z?%^eQzTOjqzGNVo~6DuxOYV5OiY<Dm_it+-jF#9?;0U?k*N)33`VmT|eo3HRFp
z6+1_vj1ao!^BxvGcR>J<EDLT*bws`Je`Vr_bc@q*xBC}SU*OZ#*N+9R&2p;A!ZP2a
z<44#iTL3y&vxd>T#Qg7f)xs4XVo31_@S;QIMG^55Feev-`OPv9O3umAM?i<c7ut-$
zQ8|c}Za_d#eSbl0_y9E`4<0Di6_#T7$0bJ`36dt%1%c&LLP}pHVk<aQL7(6c!b#kz
zY~*RMQ9)a7vH9SzW`ftL2aWH_XrHLE-?<=y3Z-)qqQmtm91r45im^AN$R$FvmXgrR
zdbth%ooyx-eP7xWdFvJl`i`N537?7Kl@+^@2=)WLp(e-?$361jXwkt!g-&yi`#ax#
zB6t{W>HAd6jljkj(4TU!WL0$gBO6{(0u48?<&JtiMAu9>QSS)ogq(l+<<>zMSoAmO
zPcsKi{{$WU$Gja_i%uP4ecA*ZR`%L9#GCNpc>p7<Ohd+f{!`;uL4Z&w9&!7*(a*S-
zew!4mG9UvyvC?{twDdQ9h66cjBsN4u(50$<eXkvwZTmIa+v{)e6ZsxW1vWhTobz`Q
zNBk@{oM@DHKvj6P@<cY_92Sj>K-h!Rxvc+4TYrM!vD}d}puQvk$%LFcpp7#q4vA-0
zn}_{M5h61WIQjqxm)Fru0y5xGz$7qf#-n>Gm_Mv7K<gAY(%%_j>Stpwn330d8SR#B
z(tgkpuO@WFHxG;anI?(<6ceV70as($+zNzeF+1Yafw=q)b|`mu@Q<?Bd6A$!Ee@&O
zL@KK4Ci8%ksn@GpOU~53FPW40054tc*2&IdBq2MMCFR!`pF4D4&EBswKHIzI?s_u8
zWc;t%#y*z4bp+l=M?eM0!8DYJQ~;U8oWFBifTNJTz`n7Ne%dxTw)D$%4tZ;~iTW%;
zR{3`YPJ$rQ`^gdx##7DTQ<ANWF^SP3Kn1KaNS@MgdmvXbGxFr{mN`nLbd4z4r9!Eh
z#t*bJsJqJlolEf30+VA1Zf&R_DNhF+$PG3g$roWm5LSh=K=y7*yt0H7APBGKZJ2_7
z!`l;@#CGGA93nn|7W68W&P@s*kU)!(+f^2494?-LSwp0m-V2jY{zPW;2Ktf3Z?)^B
ze)56O`M)O0_{7|3ddpLC_gqiXW_NgzBKHLHi|D}JjOu~`>^0)b8zW>>KyeghkDAX|
z9hAJCyPT>TENbG?t5u|sjH8T~)HQ2o8MLB7;9rYZdRVX8Q-~0=v!Aw2<PZlrN%|>`
zGEXJ|LI)tS1`0Hbv8p*?-iV`9mcVu0>@Bg~qYM^*RE9$&hXda2jMR(YAexOz{~}O$
zKAX%^!8Ayuc4Lg}AhSa|Wk^d!C%Qp5F!2BG_P}rea<|EIEbcoKVkD2CgBWS-c7aX~
zVKKrk0q?{{eMNFR(X+V;@c+);{!hCORLlgdr3G~NfZqk({zcQ9(+40{V~#~?F`U7W
zPgy7W0pk4h@2VLGcToRvhc|iDyuck7fp_#F1e=Lsc=?`V1@0}6D-LJFb<kG+ckMrI
z%3PnY4Ul={vum3^*gShyj40`!$v%ubG0O-^D$yf%7fT))|4v7UpRHUv;SQ?=tPh}T
z{$NRs_JugZ36&yv27!{b!jvY^+TmN`KRxo-WehP;RH2N4NyPwmE}F_8kf5`I@a?Gw
zmb1@qL?tEYy`=i1>!>CBuq?m`64h{xL|EJv3()u9BvbMN50uTOd{XmurX}_NFCWV4
z%+nVZlwB~7M(nOtw&q<D=qTW>JaCmSWeH5FOA#N^om+9~<`(>Ix0WELjg_*4duR|E
zCe4~RW8xwD^h92r;5xDKjM?K(JKJgGZoEiH$RFLBGw%<Qg0A_Ga@Ff7L<`U5m;?L=
z2T{D{0cU(mBc1=qnIb;IZ9u0#cE#|8zq7jlw=)qEaPuNqNZi)kBKDFiZpe{N{7<fq
zVp{Hpj2p;_vk%Z8fEdo5pz!&q>SU$n&H(ly9CZ87``{-m03Ze?ugRcAIN>f(drhKA
zk|om8>86?(l?hahS!w2v(jk88hjdgqIJ@blYsyx(?i(4ICJGq~9t@|vrvfbAo^{!)
z0!&8wP5*?{B|hrke_k>ZRfQPjUPz9Q3l1_SE}V%VBcj&?#e9IIIv6Sx5CmubnCo(P
zpDSi~ti+*b7!Hy}wnLW`3D$5)Dzpcjit<>5y!ES`$oYcnt3Pj_1443dGb$K#a0!F1
zQ42YgVmAyLfe%@+P(4tA^F-ncyaG~<aMz+Cc<@#dkRFI6RJroZT<8`(a^j|(Y!a52
zcO(7b(ZF9>({+R(>LBD%4ABU4Pj@;^PzqT^5}@g4EMh-5J>{1P&2i=?eoAsU^frJQ
zg!{~ZsC@<;2;&Z)<Vm#$nG(QcfB~ZeaM#X8K^FtV&Y5gui7|DRpSA){!XXGTHMfyX
zD6wW*73+M76HetmuleId9D;e#;{MOP)bn1p>eT4TuxDnJg<|r{Z(j<SzQ1HM{8Uz%
zBtgQ%{W=<q`@|$jmZ!VYkpCKfY7$i#>`U8p1bDUijA~#=vZAPGiI=7E5#-fDS~Fb0
z6{m@5BdGQv5;u~MN+Hg+7ubumM-#6-BsmSRcMlJT>MRcxXC^$!@3$K(%Kju`CH=GA
zm^S>!X4?WwSs=i7F#7hK5lD2X48MLj5XXXHg<1ktvnfLU5+4>RMdk!q7pSE7SaXqt
zQmieEjj$G4tbSGuo3{QXZr~95N4)Y<E+PR!Bj%X%kA^Z21(2`|CmTH)V2ll{kHip`
zfBxbZ(&pC;4CnK}DaEoJ+#njus{5q_J*@>63*uqpoJeAIPPXY7!J1LM{m+`w=K@cE
zf5`yQ*cC);T}xL9N!7nzvzw?qKRR3KPZtRol4m@Ko~oNynF!Z$5dBoEi`u0?AdZHY
z#3_lN5^$N($9L$sO~5_VM>b1X{<~>_FV&MV2tNq*)R{HhD*|{BEw^I~fI>RDG!u;r
z_jRIi()`aj1>6T<9pgMHm8uiZ0W?V*$@<`DsRj^Hpfbm}GiMvSh>WE;$3QSJ-dd-V
zE&_VlQ5q1W;6F6oOC7L2Ew;p;qoaU}l!Rry@GoL%X&JDHh|D{n!v8UKnmvsVx4wOy
z0Y?lGkwK|9dPxo+3DN^M>~g<EEyqy==-KER{|lPQns{q)wg5O5>HzB*tA9L@Xo=-d
z5(Ecs@FcRxV83+0)E2bh<J>Rh<mR@5>Qj$2B0HfI49u?<hVP}vNc$n@M=OhS$GcLM
z+Qd*e)nc2z<_tZPg`VfK0IS#rdO2g7MrC%Q0Ka54eLPVy`7$Aool?uD5VioEP_6XH
zV*W{*>(BqNuI_t8uO%m2S;22^NQgFs-H1%+lZ-?E({#x&aU(NA?V<%T{Y<qbuiHn9
zV1m5+a<a3pc#M9ZUElbg>_yQU=aG)vot44z?sUr0#(*x=gSOPk-lA!cy+s*Ef#jMA
zuyT}}j{IjAF8k((Rl;2}bkluG#f|w2!uN}suc!|e`;}mxzCJMDjInz&VNBY*3f|Dk
z8Qjv`+$u*aWd+?CnaBtoEw$BWcG`Vv-Iw!P+-oJxYbun%a&uW~X0D5KW&pMCHjI0C
z<0}aB8Ea{?uG;{*XuC{uA5p#qILEUtYX6fjPJTx;!D7jFN<6j)=;#%YR18wR>;~p7
zK#LBrtWAHX*kC{H7GoR@>#$hXc2w=!d1fnn`!a{I`_T1Vh=^xx#>`6t6x8JL9&Y%1
zm`C+T-^o)+uJwB>Q7B<ND6qx3cY)UBYXXLAwjD4nrV`Y_GZM(Tgf9_Tl`E5_S^;Fq
zi8=9lvJO~xlubvE!%wQYBJjh-_ut`!GZ64?f2G9ZgTqb|*GNxTW0Zn)Gi>Xt(rrwC
ze%m%RrfqhA0kP6o0&i(jlogL|AT)tvAp0vQZT=+ExD4>Lj3I&EoD^A?<J=vwB0Zo=
zn4l;mx4XXyyG+1aF^T5M`oubqQOe&aY|{XQ6Iv9``RVX<Ss`L12D1PB6gx*tkiiMn
z7-kbpQfCMu8eHv5^M$jEB#+kkcnD#e`P#nS`>2ZA-)jZ9sMdYIoz@<88GC@(ii6KR
zV;;A@pca3ZADI<s-SzgVxaT+jglFFAUW<iFX0z5gm@`6_v0!wWDYQUuxZ+{z5DJDG
zfzGEhwh>z5?t|d~yV4ZGE+Z`*E@Imst;C*B1rK498r~gB8k;QgUdZNZi{MlO9dnn~
z!9ug8#$_7NMa6|0lvv%%%L2<mip2PAEZzg!Xj{VOVquZ)wOsk2?HM)m{RUj<)-C{a
zv@+<oy5q{hNseXqj}3~<U)ZL$pSgTDS@Vq9=a4H>-fNd7OjC1p%guQbpfT6HioAA4
z5H3Uc1hCaOJLp!a&bFJhR=PZB+uNL&NVe*GxIF6RfG3okKRoRikW^f+T*%37?M(T2
z8wK5v5cm14qo)%KfKF$>x}C(*_tRz{fy-=nRfRU|dryUm8ON;iHjo}!;pk)`ZPthQ
zmEu5ga@v*6droZTYao03V;vg>VKg$mpCs(Y`@cw<jmZuy<$)T$6!?(@NFx@MxG{fg
zo6dssjaY!RC6^Exm;Nez1@tE~Z^umbi!6_nJCX*0uE|jH<c-xDtY3MZ3+M=mCE;2h
z5K6a9*D_gi^%0_w?e3c8%Bp2#%cygU&q=n-1X}4W+tpym?%6djsfXAaNYVALLn#ee
ziL}==7|&53<z~1BPU*tfag@3&j^eiw>@kFj=Nfhbk1zIMbJC(8VuuC$A89(XE`P<J
z@=?$k7wL7KyJQU4-e0_bgw#9v2pK(@km4@iQJSj?SEv*<Za=?xU6cN0#W_tn`u%mA
z`9cqOo9LK?`7_?A`i6w%f(38giG_Lhg#qkq<A*qgB1o=Y#5Mfq&!Nn1h8<?+Yjcxd
zKkluE1F`8x+$faU+uy+onm69%Yu{YxGs@9NEO)$Vn>k<QG47?bT(g;Yzo90<ydmA7
zct-D>p1`Lw6Mt=poi5y57y)X8-rr$=xl}gN&V~eVPK)j|j~crjF93#82Kb?+jc;E!
zhZ!lWNyyoK-x<4h)t|&j;4lc(^lFDp`JM?1TH_J4C0@@=4iiU9+4O2hNVtBSC;)}i
z7XQP0Xwd&Ev2dtbawott=N_V^VEev4@iHeGj~qUNUei+0P!mwMX`unXEIKvt9^p82
zm_qgt$qD~MN1D$b9@urhN@kH1DEK#`WfHBH^f&mcdAL6&fLSN_(YvI)<h;qRy80%U
zUi0b}{RPFL8K+{ZT0Ot(y#}2$qj0mfEr3=u|Mo>PI0cEX-AQjceZ}DEfC3d`GXk}D
zp=z-xc=6pwnzBXwzL+VS&*BwvG+aAxGtZkGTQL<Tik(e@y@9~?`W$k(N+wb(qf;(P
z&L()&W;HJ4$dRcE?3O~3bpo_^GVP5ki#mJXJh%pLXtYJtSUy?tk*~25$@Z-6T)W<a
z2PnVim%FBT??SidGt1)lzYicjJVZCYw&=^z)w*+so0>`Z`SXE=7kQ>5rM3fQI3S&6
zd-?*Fs)n1LDRLJfK6hJ^bQ;hRN{YkVeWxnS8eDdDl{3{6<j;8DszC%&GtVpycPO#@
zwR*E*+&Z(h8*V0gM`PS3OLsQcQOvX(=~|^Wy4m23Le%NGPeJ>U-*0<#Q4(u4-<KOT
z7A{5uP3(G9l!(B^>Ik!4b&{1A?q@u{ra&qX$}Faq=sEe&F-n~xEkV|r3=MjVH{(R@
z%>fkzyH48-TT!^ow3gn>3cpsAUoyPn-13}mv)-;M(d83eU`zW9Ti^T9)OCw6hM8KS
z`7sZRjm60>dg1tzaiMjK)1k}B*5lP)qT7!g)DyOE74F2c^`wc?NG@I;N^j!t?i}q9
zzF%Kt(Q;cSa8r4ZTVe`};)-{w4((0uI<m6T9J8Na)<re$jafob#pLUZ=;fVs=XePw
zKj1Fr99Bnvk)uOD<cL*+lb7){KbR#Fbb8pMK#;Ra`S<JZsdGZF531{FfR4=*Vf*3U
zpp)3@)iTi8J^N@12ts6mNfpz>ls63YK&ouzsBHrt(@5OhUrnkl%X{`juh4*uTy<f6
z1cg7um*+6}t`1(ME6h@Q0l(eQacwo^8h+Ph!&4A;GW(-|hRqlRCS{@+#&U-4?D`$(
zzBsU`jAJE#7xr;_G{bq^A@whT+Zg%Q?tK>+cjpoNJ-fvH7X^4=g~b-18C@}a>d7E3
zm15YE%Yj(W&C0>y_dWDa8E)Tfd!;TNW8=AAJ~B>_m0?@Nsr9X%G*dK|DWXZGd}183
zF#&@)>H`tvs@z>^IlD7F4s72D<rhfI%c1g7Z<TW$_!a+W7f@4S*CVb`NBY$>Naaza
zlLHJw;u}U&&$<~Ummm=u!%j%M0Qb&L@uw$u*@dl=eZkVo9QINt<2F<jd{j3_g<8G+
zMp*Y{IY^Hvb8_bn4ujr#BbC_xjNi^u`Nq@J)I5lJ07h7SFtS8SGYBC-$+3TT#qeIl
zP_b^tF#7FpP0_~r0lZSPb>^NB5)944@IFoQfu2{25X{>N+nXqX=hku%e_Z2}71&%|
zU{FG;<o4Mv0OPiSeCCO;rlD_*Jx|)|Qm2w#(k2NccN(MuXk%u&VbXsM3&){=ZzrAF
z1OoLnM9pqBV!oMnt{n#^N4DUkla$kA8^;qHk#ul3)kzip%1`bPGEHhmmIO74dGq<M
z)WCJwb*iKUNskDZcAgb~!b+!y9whO&=Xi$!e|AsrizgsS-pd@alXQ=Rb?MExA|!T6
z&~FujLp<y|ZZcQ%>I(PoFFE$JL09v|&`agPKAqOjt=3QGX{0=2c<ZxP@j<dQ`Vi9T
zE6FLr-R_%-4q5tlQPA=svxQRMrt^$Z@9>ksW_jhMl(zuB+--WdJ0y6*%%eN)mh<MA
zhr)v2Ow5D)xm;UgAAw_8$$5#Bu{zTZ0BAJEw!X%FrdYwMyELoHL%<N`hBT<E=(yx(
zcLvYSkOO+}4?bG&c%2iZF$_n=b8$leXw!N3dxMdXN)&(T{UUFD#Y}*78F@LdeP7Pi
zYGtlyQ7*aUh!z7}T||?qT?#we*h0&caGmonEAIWXj^o#Gdz<SQhOcXuJh!@TAmuGk
zyES<ee#lQ;0W#TTb<%C2H%$ImrwEpu=A!pkIS8f1Omu3xGMcyhou=G~o8Ofwu~WBh
zM0&IANCnc0PoMBX3<D6PeXXKIr>Kn%MX3Cjnu;rK3pzfIB~QzCD_7ek&w@1yWBkyd
zb6uV|$kZg;^XbJYRr(ii(WI~JM@|d*%5v}rT&NO_aQ-Ybj-S*VJymADaFQ)f)bSNg
zrd2)7^MxQq^ZA!f2fpVYH`I87U^_esKB!30f*O6?#6X9NC`k1b6>Jstlon206gy26
z&Ev=tCd%!%!Tcp3uIDZL+<Q6Ok>vOZeO6Oft}Mqt>lWE3^3aA@?<9vy=g%I^Or=4|
zX5T2ZO_=m7)0wW^9RI4Amu)tbHINv!yN;1)TsXs=VCp?@!S^o5V<S{-{6xZ~@N2uz
z7b|+y^gJuKCWFu7($6sFPviHoXZSQO-Ff%k`}o2Y6Z}@c5k56e&vpG1uSvP#0HR;m
z^V<m^o__K*&81Sj=d86HZ5eXh+8$7g<=@xJa|N(%Wzg)jdt=JwUGu|-Gr&dU5d}W^
zw-kidpX+^1I1*rY>ZXE*UVxt5NG^Bo1g8ns1e<Fr@%_`OB`S%;=)8s+Y?l6KfkB%s
zzZx;GY}Gi@B^CB@iKXqLpaME<y8Hl7KgA)YS4K4n>*qOP%pxovz<H%9hBAplu#BeD
zFZMPaFAYFoH6lQOCkzUQs$jx)gR&0D`3u?lh{T%mIj`c7@}j7d_Hp`&>J*<iJA101
zr>OuG+pv6>#pRQ?$XT5H<6WDxMYWoq`(STP!%teAfU9tPJ@m5^;CT5rNdXT1jk5XZ
zIkx6A$k?pY#2_R7h%v44>@n+hiVsl1M=PCG%dckIVn=R4sb4QB0{~zY!&Yzc`tE8+
zIK9tGQ)b@HWO8Bp9Li(7+p0<XuYK)4y#1^^bOP>HGYwFGym~HY8w^XVtZR%#i~;(j
zG{j1)XG3*Bu|Li9Gox|md985)f8@e|QxUo)DhjB?hi7|X@zoY`3Z5pp22!})N6yv_
z3UU#)H=P-tdT&%~L3h6^t)6}Vx?j?Gz-M_B=etAV|7?7JvA83I%T04`1sLY8f*033
zmW?YnhHcNb^<5rpixr8S`yNg|SkzT&D`q`VkT9lw7(zBJe|7%YzVj+<>+d4b@&fc|
zITj{ABL7I1{{&#}GI%#)yj#CP8E!kFr*tH>=gfn6O}jA{RPt^IEYYT4My4ZirA<sI
zv>X~iUW5vJbIB-ny%|w1P&g-r-o^y?^A8BVcwV+m66g`$(}`!2kd$Br@swUgdrM34
z{jo6*#+sXvNfX!GudUuTG9I{s$HE#;OX@<bG`oyyGG+EXmCv0kKdqc*U(ahsPV$h#
zsw5;*{SxJB;`6M<7fps}%qd7|2j*&@Wbp}jf>k334*yY5@Zav+??q57rq_p7!9Fz4
z(bA%YA?iBhL@lKuDIhOM^&F-pzbA9%Iu5*}^BsnTYglvLTpE*iwoA4{lTJ_0GFQpS
z)v(ezy&5+YccFS7&(PBREP3&%27mv{OOg#NE_u|ec^?Xb&K1zBYq<9%<s=&qKNOz|
zfem$53^NL_RF+>@%^NCCi~4?Uv1j)5saLxiT@M$!(~IMsJ{-Gn(NlBKe%;O&<c6Hw
z)f@7NN*11X7E>iXYC<U}fnpz|XjwtT5@V1_{Mr#%<)ywMT0hONO<YOv?^6vp+G6T}
zJUYN3kb2lEJmvFiGW+sAK+tC+K6(j--`{Dax>RbP2+`<&xyRd_<FP8WIcjEl<i(O#
zHYO1}R$VCt;iQ`L(9=HqHow;Q?cWFy<I-nw13q$jX<dIY30vL8=rP9{##xZ+wDzan
zFRQgnn|yedC!*}U7Oe%x7rJl3pT5hZ<y*YgKkvwEgee7H`zJOhlAj~ti1BL6S9*Ax
z{PT<tAJE;>sMM~=RddVh*Co8P7!P>FapCX)shH*0<1ELC8rB#Q9^^fpqY>Ze{h0UJ
z+VWocKwMxJa56>M+DqnKr)r0&Di_dxD@|P8DE!j6gI>Re`>_}h-iDa4Bel}sil~%E
zFqs<QjVg;Ygw5CP1+wykK*rXX)<S<To3c5bm63WAm-fA}z&N{TF1EoV#tp7ZUvQ`J
z?f+x#z2muV+yC*abtQ!)DMdvgM9Iibglw{B_NHVDkr6_&vS(EG-c+*pdfQa?&U%Zt
z@jG5`x~^RJ{kcE)_xt_**F(Hsuk$>Q`8=M-aUOflIrO5+-^)2_d}nh)zHL=Zu2b&7
z+Qv)<-8kWF9(7+J2h%$h)=o~PvLF`j^-&@w=#J33o8=Q2;(sQHgh7>tbG|Tvc)cq{
zxpIq&v|M(ElJC+3xSKZU=!r?jV!@dYaw((UboRF+tWyZxBFqWhwp^D?3swWU(LMaA
zR3+`tJsR^|8vHUbP8)`-JDNl?8kO?KA_BRqCI+<_Tdg1SB@1TVj(%nkMN^6iFL0ou
zhlHGN1pK*D6i?m-#L=7@?XCNXrdiD+XAgfT><L#a&D*rKs;TFf^1J7*jbu!JDa9Qs
zoWk+Y%4;;{mxXI*#8gE(k73ne5pi0J&G+@yu_2Bp{yEyFwW0p>^F3K3?1obx@Yw8@
zu33C_IjVf%0bSQB03Sd5P%)z9_38!&rf<@ZZ`RWhjnYwm+z6cLJ)h`l!BMUILMhqO
zJcoP<Cd7|b-DIqHA7soO@?{%nRl#lad0LD=O(e;6tvEjgU1Bw}mG-Qp7N;mw)!yr(
z%ZZ!abwlGE>#N-wO&l5PRZE+kNDE(N@zu_ExY`;{>$*4NZcFni-TT2)u;P_En97Q@
z{G}(HPwQDIsAE0sO7+S+cGfFxBVJ%(=xX<awT(wWjqZK4TD(9K<VjG`?eSG3_fY@>
zY165Hf6%RkM%lyQqtch>mNitU2-{FO((y7i2Ud0F+s78H##YJW+VGkC_$_5FJ1&i`
zi8)jY=wH2J9eUgA&`IHE&qSH6$s}V%^a&5^Qj;?Mwb96)yD$^&29ralmWuhEsC!Me
ziBC6*+>-h5eD_F#u6(us8bTiyMhR(#pwzsnn-`@&SG_gNg^XJoatPG6E)|bpWim$5
z({W*r&z3GXqv({n`(H{--&<>OK9i<>Tk~_nQZ1!_4}}w-9Wc0<>{oKylFh7!H9S4!
zP(SM1>J}EKPcdC|T)Ao3`7QwInWOkD(7imHlaTh4G!ZdZZ9MO~ZJnIjL=P6H=h?G;
zpy@Aj2soM*(q^R!EK$iYUgvURm-=8jYDj(jj=fjOW%v-%)|sNfNOxie{VrLk?hT1X
zXVa;=WgU5fnw%B}Wk%M3$F1I4!4Fy<6L;INL`Q||0gLaRZb{`u938JawBSqQ_-Buw
zhmKW$w-EoXr;h7M_k0{pLo}qwS!c}*dotq?mR_p4lUnM7xtn;L&htf4v*^jTmax!!
z>RJ6>IQ7wZzKU@(>E_pg0!mc`_=L#mhL)BBbrfW#+0l*L2aBUi)9dCXy>gp0qD^tG
z@Ly8qLOqe>7?V}GSNf=@uBSB{r@rn~0@vS)0SEGm776JlkLcprr5)pA?-KP~-nC}u
zz*m?tSp_AT?8g6t4NhBTf$&-h;NR+0DjA=B;LHKk*taSL^Q`n}h^nY;25#2s5nQ-k
zi*xb%tbGJ9`k0OFoyK|7-o&z-4cs2V!xT1kv-o6`qzj+4gPM^*+4tAtQ>TKs7qnNS
zX9m_cPc;=z#`}zF?9eLT;t=L5VjlT!r4_1X9Y9DqpQAlPhWR<-uhSYEzu2K2s%r86
zn7>1Ds41@%Jq$)3(W+6-A82vAzF<BhBdyH;CIx3sl0@}~`BZD%bMBSkMKM&KDofQV
zZ&Sg}iwf+-pCQJl2DmX-ANnGt$)Emk(b7+O*qU#uLX?D23A?@6rDZpJ=h7fz(aNMy
z8`)K>-D}y5SznC0TQ3XR4jBqXjFAMvL+BtZO5Q~Gn_GNyC#mA-A_o9B<pMNIT4Ve;
z=W`h~CnYH2O)H!n=Z;g6dVPhMINvG=E!hxqUHtZzwr<51+D9PuEP#=|ufKLh3HO&~
zKfQa2_@I+?FDGx5RyN8jb~a#)2pgUK(z9CTy%ZkkL@TQTTUcZF^%AHRhj;SUBkXzQ
zJ*Pb}qf<e(8XfVoPhj1C!}7ekockATKXyS{g>;i;D{)n|^9mgRcQF>LCsV1Z*gy-X
z{EN<27CC|2E18wEq~*mSNw~z*VM+J9*T`6=4bK}Xx%&X+v^7<-wB0Q-ngXEx9Nm00
zwVLZvumU<LP=cc_yn}^5S!}%r&DYHVhJIx96+b@VYG2ps#Mo4{3>gV`x9HmN&NF7i
z_AmXxKqM4acg(BRmL{0~xp8DXm`<VZRbBwm)AO_k^PpNnF6}=LMA<>N-0k|*PlLjJ
zx$MGzx4+|*3@t)4>Sf1`m4MzHpZJzSH!Y1W>s#vV#F3V%w6gCm75lA01(b42Dx(QA
zUoot19MQC+ZDjDRV95Sfu|4|oD^?g1R8OL28CMo+M9GZ%EZvYi3ZHlL5rPHGt_d$g
z<mpeY@Md*@ASb!>$LHfq?V^lAF=lI9>eU;sJwrF+=fFeEZj7r(ui1?SbB{v(B(H?v
zjYEx)G-HVE*ou27a5DQ&{v5iw)ydMb>U6_Yc`?+7Im5Wyx#1XfWNgIv(4vRqpFL#D
z)B*W+y6bLtJ{;bRw<xaCF(q=f_&`}{x8Hwd??o2D%^|P4ZE2_--b;~VB|?NB0GsRL
zQFW2$-L`a&i~%Hb{=knjh5(lgq`&*x2Vt$w*2Zdpg+CWlyEjh2p_{C-T!jnegjE)1
z6=fBZ$_?8q@y8N2bB`rQ3X6osmI8sb9*=E+2KL|EP@cbHdt-)UgiM9*(XKL%dy{jI
zp3aHRqatHdQ?Y{nWA*&4r;rKEHXJHmhA>TWVMOal{%mKOio(WrviX%w%T%Um$M=k6
zT$tHg0kgJuA1A)*?NKfQ5b1u2_1x^W4T{gt4jh^-9-xl4eZ4Z<drPLP@UgZp+td45
z3^LE~aDrYV##4fGPNzbpSg)wuGH&L4#paTmu&8Vzq!cOeCTfdDMw$g}6o18H^?4J>
zsuw5bOFZi&dACkqOF2)*8BM7l`PhS-RlAyvD*Ovsz*EO>{8dKcz~5$N)a4?rTV`ec
z4o<Ty)%U7Ts4y>4vvT*twd4nq?Drs%S3RGlRcyC7IppBkKg;82mamz<>hA9_UsUi#
zd4=>(OyjK`-G=gw>6CHun;bHx6sA6>^$s0;dnq<PI|*pCrKj`0@DTH{vy%AT-Iq&G
zQGX5Bz|V*^L5VY{W~s_bHQ(CNJ99cQhL&aT7vquWM7oM8AA7XAbE&u=X!YLJrhI?T
zo2Fi-oOE{K+tHUK29`zxg;`3;Y{RyBWK=N5<$6e3d`-W3g_@Y^3hrcIVKD=oY5t2y
zHoylcPodYmzie@Rb0ccvNL1)$N@odTIh^fX6>jOPd!2+1?4hdt*>7^)&rz+z>g}z=
z+BMtVZZbUW>Aa;Ty-Y+KB`Kk%{PgB&+mA=8`)_2B;;WYBCUiU};L+)3P%nJsqG~_&
zwypP?zmGzIx9k>%AhRTAqA_Hqz>RcmX>}RK7UV_u6mQj15;V9SbM{fSZ;X*0<=NR>
zP7|^KiK9@0MycdgnQoGUmKV0JwLKP2jPxi+t(LMF)|#&NbsF3J_<FheR(2NgmU+=z
ze|kvthY#mpekG5nbKf5oq1pBwGxoKlW)%o@Vp~&<R*z%MdPiMORS}ztK{}|5^v|Sa
zq!JPVbZf$|oD%8;#(ES`@%*8t4J}W>+pT#WWr=GOn1zZKL66qV-i@UfeMo*eXH!R)
z{5jLRJ6t}MhIy#dyrD7dh)l8s*^{T{?3+I*#lCopusVNsQy49ph|cMU+iGsjB*mB(
z<Y_<@60j<Z!Z~Ii?PR`MUSZdvch2Oqy)!uR{M7CHxuyX`J<smopSmN}{E08_{_lE^
zbL}s*g~`=IIK!y;2!ySdjvfQK;A3IwM-xp=v<Y3L1ep93o?O}tEp$RAyiu@7<&bSP
zXp4W#4f9epOec*PM<1syZEKTiu`srjs_JpYCUl#lLmO7|z26=svwVeDm-c-zImSu(
za|Bz5=?evC+L2Qk<?W;IU-W;FGv*xPK-#n#rh5!EWDj>3zc}n7MkFjJg|b$&pSs$P
zev$uLfgwZSmetfBTMHi#5#-vnxmti?Hu>D{_DT1j7onx9SgNO68s71{E-k<vX~llf
zxxKZQ^lrZ>ctb#D35i`t-uC89ydh!#Q^njkV*p@}tG=WxOV-*>65-NTmZyHr0${#R
z?zob5%FZh{?aTcOuxW&_X>p%oukG73_C4Q7Nfi;MJrY;iXiqcKbLRBvv>cM9$4L&@
z-+iTv1UFJm_4!+|8(w5c8mD<xij+?&?A<$ufyXr>5W1uSy)Jkg%1Gh@Zjal`914WL
zJOk{mMeb7pzbCqyvMA4S{hq&JyHtk{3F8?xjyq+3+E?)k($u$L&_O7z+=m_t(hY@5
zear*EAl^Pm_REiAG3xxG-+QuW<KX>NmRKnKUxIplMJijiLWNDXy==wWki$)Pv+IEd
z{iPc}-R`6#>&qjI<KDME#=Z5C32_BgI<R!yLcX3|3=7=X_2yrc<;_B{-Ak#5Md)a1
zM!vg8%DWUknP6y+r`<66X}l%Nw~>-jPMbB9wX74^mgH;CH&GYK{^WbK&ChS15t&OY
zx*Zx3I$6hb)gFdiYiEfax$29~gfHvQpR%7IjUKw_#5q(H9%|5^FHf+366f_Ft`@Iy
zvk=MrW#3$~#rGhHmj(7THnj^n@(+eydRp|BZ%=U}8Nx@zvhlH8>PJ7HrnW|+8n@s(
zA6zX`<kK2CD)qx&b!POv+Gu+!dx0E4bz&`++3hX`4I(u+M_8B8u}d@)lOJ2@|9&C-
z{i|ojPVAAc*&d~=?=v42;n_8j)?Y4-pE`xS@4{6GjsEN!FzF}w5YyuVQSV8t$-pcO
zE8C-I4f$0wR0<@bowx1m)&}nr3KZ)-4rNeFRLUuv&6?_{$TvPMgqwNb0L~~gfaj6q
z<fOZ3%I>kaND(6W&I73-Cd<^g3m=T%G$T9F134$MNS=L*q;<{Co*dq>MjZ5EpLDv^
zZy)HuqCgX3PE7dw8V~$3(eb7Tl4}i6vU$~yly4lK8j$@SuzwcV+gsaf8LCBh`>bx)
z_-XTfO1<Gr?TD=Ge_AbWJ#;CC0!8dTn7p?zj^O4Zy=tLUwf|0xSQyh)J)WbN|8N<&
z@(j3gBX?7NMVd$!eNqsC3Z;(MLnZEYPG4TZh*#`|>V|M0K3HZgH&&CbH~p?juRg@i
zF1G$anf8-k2538=J~*YenwPD9S}rA3Xesf2V42oaaB}@8VLMF?G7a|CIrASQuWLP4
zzdFs*WAa*9JvvpXOs1LZJfGe93Ts0iWQnHU*rF$OwkhvBC#|DMu|n}!kh~N=9m&QK
zmu#^=_=@QLc^o~F{n!)CJDErf6-N{_L(111pLaRqxOnZ%(>kovJuG^`7<-sfR9M^k
zsrL8PJd3@63V5q=QaB1keR}rx{#abt50Si1R}0N=7KSmygnaBp#_sLAPs2s_=Gq6b
z=}wb=$q!klJ+S9<>M$2y(W5Hd-dw{6UQh8sSakj2$-U>F*q``ai%bx?3O&ZB6bB6e
z`3&5%NL)ap0toFuER9aTlhoE1d}K2+PxYitk?XBSbHNmqw9PChN5zu+74RR2kBveG
zYc+!+R_mL=*bP(Jo~in4KX$h!Q4o<Pd%mLGMEx>Nvh}w|XRy0=MF>oaczQ^usD8iG
z^z{ibtiDMd<XjjKpf%HIv!@36lVKfs+vtA4g-QIOr%_j;#aMmzH-EhBho3f?np~Ut
ze^~_Vvcj+tPjalu&_Gw><qX20Th5O)4`9RCZ7NXEZ8eG<mEQcA-XUpDWL-aq-pQAF
zbY={Hw3g*pM>Lextmn?pnI8n)+-`Sn9-IzSg-R|Rm2q{puIN~3p0Rf@w4D5IE1%sd
zKDGz^#3>YNg%Jl?*#H_>942#dS1@7^0~%K#@aY5@ocIYVA0woq9(3*C>I_?u5!8d<
z^K>ZT-1#VeXJ^N(H~Z@R!O_2r-0n#U6YaU^k+-Sj^>fRd%5H9@5*@(;EZFZj8H&j1
zS|YQaUcVD*$z3_*r}fMSR%O$b5<+C(DSk?SubQOUYKIfVcd%G*sT%LR?rON4Emi2J
z#pH(Hmr{FX??wE|+(B|ku=qo&8THmv4LKEEALKQs-T$_4zoh;*1;EPQ3bxSqKnexd
zH7x;Oz?jDPu9U>Wk$a}Q-y4BEsKj!^AHH|PLBRL-Pxu{CgNL1jy+im2W7h?^33Laq
zj#`}zJ;#cbFT@vli{;N9?UJ1R$A<m>kURE!r-R`NI%XF&blj^C`{$Q<5R7zNX{rIN
z%F3!+_&<d9_eWk5My$mn+<Fnzi+XqW2B0q2rkqg0e)lEB#~b`@BmS`&f9YDg=$=Xa
zK{;w=&q!f}1*%-qh@kvg;G}0S0?KA@&v*SlZ3Z?Y-z|(GwD?#?_F2R{(nMg@)!=V+
z{p+p&SX5#tVn<3{v%h(ITKqqLL<@frzfb@dSJ3nFubGIiicQ6qa=!<dV)#~xIRC>!
zUa9Zxr=S>0R<TgEZ^DMz-Xgk@o<^8adUs<E;Cw-#hH9Gd0De%{014@9yV|r*+kd@7
zCvw*_FP({WD{cO1<-WTCFDT#<g2W9yX8CjasoF4o4{Kh27mvS=>)h4dRH+nX%yUyB
zyLXe0=1s8lM_K&cKa#?_Aj|*upzZmT_|^ZP#a<UBh5tSL^DedG|7Jt7zYm;RA|)7m
zsiAUqci9&~?7J1NBt*cjwlzz$|EFDjxhE}3Y~V^Pr1{ueHY1dzUfnGGwUa-P@I&1x
zi8sfTw__{8>3`ndleH)IYzr`pTrKn%XpP*l#^N<1yRWa_dUB;7eXE0R_ox5<oFFII
z4T7+S<)!Bm(@b3IqvN=Gy5Toh_uRl2unM^1|Gib9<KznJa5y4;9=i`$5Ne9}<S6rL
z2-=w~U1<NIKl_ZraV%a!9E7K{DmDLVxGpuR^c=w$y{hFKH&~g}8LXGj`pwJ#lGfj!
z0^%(EE7-=fGnD}ce|{;P1-|L#-ZvE@&zZl~9ua7YnVQ4PLp1*1N-)GHQhN|iffUru
zV;LBC4dXM!$*wNl+6ptpgw0?4wN?LaZFlsrMGQI`4D>K19yyZ3#2=!J_$&Bk9?*dF
z3}HbwIP8R|1PkP6x-ahJO|vBG`6|oAX&tF+XrSZgPELWtc4^Y{dpP3Zn{D4jyRJJI
z-gq`n{vXoOe;XtM>c6Z!namflYqG$)7+E@a!LNwx%`x!JQXk|p$j2Gl*>H4%pKb57
zgDcMN`}5^~&wsM^-rq6Z4My?^mY^n;O)v*lq5-VPrs1$57XO_(L>hlbHBv338>{Dg
z=3&y=eV8MpUrNjN!YmL1gHCK*15igWAoTqrP<{1IwwS)nzCSSA&7LO@j};3_<!etK
zw~L~-W6FuWl*lhyfZg9qq1XsL@8<6j`p0HYwgB&bh1`Qn@NnH*cP$h>!<}@!KH_(M
zP?EN*ym(&clk2*Y(Gk79t^al4qfpp`EweE5BS~|`s*h<9Hb}Mk+b%(nI*YO-DA8L|
zCVIW*zdBRdCl2vyDxs9*7z|+X7G%XZ4HYOEANBa>!?E1IFet3w!Nt`Z`(D^eg*`Ex
zbJ%?|18@EJz8Mr_qVtX2>Eut2bEG~OtH_p!Ro~jk$6GFsh*-^U{o@~J4V<t2A>c&&
zn6L`6LvGmUMb`hfGgmxj>$<e0+wi&X9`fNtkf3gy{Kq39L)#6yB3k9bagT={ceU_S
z4`4nHa&$)+t9e#zzi&CjzKTL2PGitRKBh{F*LQHAi5WfhE6f-@u0WsTnmyl4PgDDL
zF?QD-pOnEG|G|Cv$6mx<B=83xd#K>^{QX+JyI?4g+g?lYw7_ioSzo}hixLf`G{t6y
z-~b_P;BNjmDZu~sz*YqUUE-kSMqaL<CsP)Q*f0DnibO*nYW8L3Cxa?EvRCLraUhj#
zH)uVx??@22#8xY3NbBwF<dIm7<ud%<e>#;*G@e#EQwj_SV(_+YZ*P7Dfp-{wWvF+D
zmZeZ?ch&#pVI77$P+AG~CN7XHh8uC|Mgt{z?r)T;vc~}d&!Uy@X#aR)#99=Pzp3Mr
z@(kK!fT>0=_dzxQaKL()+7{7jH$|J<!h@-0C}Ga(5|8|8RQ%yBIi%|k58~7xI8>t=
zcI8>DDwSuH#D3Fo?BuTBK-<v}EpfP{Jg2}a6d?3)3VkO`-o{(@IYVLPtx?wpl`KUj
z7^ail(8M;Z%A|ds-J(-kNE9a0nHbl+JV%)z$Q>-zU|wG2f5Ey(Gk<n%xFs-}+kwhb
zy%=}!QKfG?)OJ(`5gwgdmka>}us1;9p1EkJivjq?5LhXZyie;~4(}ZU-N|1($-@lz
z-dI_>vw@h7shpD)NtS)X@<+xJ{5V7y%2t?iHtt13MK%5<87C`G?z;imBV*1xB`GlB
zaR`M545RKk6mLJU=ak^ohmDEOoy745+#|bOO6I-H?7LIO-P;tvKYHzcoaE0gU$@!L
zbTt+H+Yg;p(4H5^8*GLhLtE`myWTMb1SB-%(!~Cq)ZB}bOax!Q>eeiaoI)4}E(5#J
z$9K!V?vu@MU<_?5Fy`fceQ3s|X?F}Dn<2FtIeKZ0(cCFt7Gv=v0n2Yss0l_5+-l*X
z1pHc6Cg}lj5S`oyC@#$9(=ozil%!4I|J?7rZmM~Bto_vJQ=HL1U0|I+|5k*W|Cs_J
zT3Tmx@5IvQ<BVUflgN&Lqxw)u%$=S&t`0@)Cl$@U)<?RWXLXRA7u}<M4(nciIlNj^
z#8Ch(iHAU!j1<aSbH{^FSPyX=Yw5O+XgY8H+_~?LORR&A?6ugk>ORty=QgJ!DkV|q
za*p;zY~<xk+2bzHj_Jrqp^KNg6gqTkUtJzDL-7y><#?1go)?s2SPuQ;k6$m`b=ODt
z0-!?&33O|^K5An1vGy$TO6@-rXz@Qg0XhW}Hb&ni_=gNy4~mnrm|a1zYI?QoFSg6&
zS7G$;%jx@zgAXLPl4na6cw|bf$*w7+N2aQmiO8Nrs)@pUcvg<Jmpw%Q4HPI#VQGru
zR6r{D1-zR-4y{in_|ICG@_O0QXgpoK8o$++_$_VNcEqapNelN_YEE;0O_D?u?Lrw_
zui4B+=OLIQd3kxFC6v<7fDS<$q1T}v7zet3gp)P?7a3uohJPeUSsMTh>?^I60Jx~V
z-0I6V>JnLQS9O88h7u=(5)88lTucLj$E;g6VQBd$que_wX;Ky=8laD)<eCjC=l7d&
zMyyt!HxFm|E@W4gz2p@eNj!U&1wg5y6Z^Lh=L^+tgg$FWV>3zf8ZwyK2G@jLO*TU`
zxp=N{`uJxjsN}dDB{%41kzZuyK>RwDWHf!H#~@kM)sngV2-PP|dGa_2Z58In@&n~f
zFrq6>g^e9EYn|oYs|^e>SFWv<j^?L~+QzQg8ii`5wpl06wrU`}FfW^E-i0vzZAmD)
z+EV^tUJ?`JkuxCY*;HSL+AL*FsqX_xZaFYpr*0*t;VuEx$V9P9nEw;(K?i4((~x!l
z91^^=q4Cc#_2BkZ;bsDgI(ovT9k-qoRjiOPbQAMrG(e~xW<=>|G%Drj`Kns?j@@iH
zVs(;_ou<9ViweAsID$~_3j*)$g?+wnQW0D-w`IX#Wt1z-u+&C)H*!ECXYNP0OuJKf
zfjNm=53^i@Q__o-Eqyh`q0Z$)uTkEZ+M+5q-JN0Xj>o<I>FCAUub*tD^{xy$4{x=9
zvF$QMdTQvE3#FX4=Gb5`p_+~-nRRB(&RWIdQjfNO-L>RM3Z%I9zQB7HA@WOh-`ob4
z$y~nuT?}{l+^4h7o8K2;Uhm7J!w&*v;Qof}&spSBkFCFcJV5xEb;xd;%TyA$`MOZ-
zLpc<;qx;YM&s7uRgP^)Y_gI0T$#nHO{Y}wgxVLPPzVk`wbrmWEYUHq*7FJh}HtEUa
zqm@rJXjwj9Ps;={EgrDZ8L{p~P3}LNgJ7y>T*Pqe`#PYs7UGERt+6h4-Z{WzEMLd6
z(4WgL1vsg8{N2v{wcxz*a<xJ&_aaGWnqkMaC?Z8rq_G=03`-1D-ggf@ao%Yf$N&U4
z3uZI1v4-=ncmZVsuGGp3pk7f;n;5jACQhO1%4dbjGx{;Y*kA2FP24ll7zP7lm%K07
z>8K#xXnD7^zBpFR+Hr1|vzoMi6dY{DEIBNcQRnElEP5}7B_N2b<wJvAgzVQzzp~oP
znN=Qv51Z*G!$Yi!)HpW0bO9!1w(HW5Z<GT3EIY98OU<0-2&akSHc0C2DJWrvHD>5i
zk6@s5OGt*#F?oqH6`iLGU#4B97nR!G*@Kfw>&AQ|@F#8Jhd)y8K2H)$i+ehk*Ik!Y
zLvCzJe>1N5C>|-zu=7sYU^lN*+im3+Fz&Y(vEAghU!CZ1XSVNCN6|yIJAil)Zu08Z
zP-qlghrca|%VLWN9Uo%-{PPE4<tlT81n-vRRQuS$_t3y$BfROF?M(qxd0q;|;U_IO
zZs9Ko)MxJ<*ztN0hTsu@-XZIa_sN2FV2{onXwB3-G=)klQPa9)(OMA4h%Vh+I(&}P
zI(5OIEy<&!{HrSi`d-|mnA-QRa|OfK2(M}xyIQnFD}=v2fuGf7NV8C~Ku&eM$>(0U
zNC%2Y;<h@6<>X1bn|1PqWB!6Kq|O8L@FlkeFwEC;=JJOWcD5FdYoX;5%$}|+)-1I?
zCkVdnf2fEbLOz>n*N|Ulvl{~y-P=WY>_ls4@Ykbsa@G~3q?Vd61EdtnyF_?R1k(7k
ztKiZsH6;yD(#~1bT@CG-M@WUN0~XB3i61zuOlp>y@UH88AoRxcQ;-g=M?PuJ>Tls*
zi-g+tu(9hj-)d>ssvFW$vQV+3t~2*d3<qiN5*K(TEzMsw3bW;V^X;5B;~#SYjq5S-
z{mzD-nDjEVGNs~0eV7LN^*N#WGz`kC15SpyzcWz&JX+?qJ7)7OWYpD{j@R3#s+FKw
zNAqx(6NGqYh({pZspUHub|#3iG}B>p>`egW#XM1b+p{a%@r-{M_LUmu&~MlU0BQYV
zc83IK9hxfKm5Nvl8f2(Ib>D)l&~B(()KvvA!6Hi>HIweT<Dzxn0EF9{{UAv!03$Yf
zjIoL+2;tz{a~dm^Eet(rDO-ZJKfB~U2TfX2?k<6x+iRsyC>eVVI$sc1V~SylyPoNW
zGFoW`voO;n%5hJcCH~0RWchTNYD@RzSwNzFJ7MCa?D9c5lZA0%>Yf|Y!r{V2r507{
zts;kg7`(C!m#M;bDmMkZLusDJsvbOc^dF8!5t~OIuP22J$~C*{<HcQ1eFO2-m3ow2
zSYB(din(H0A4BovUCt?T!&LJTD3azF<F>FF<D|TZy<eGzp6hQhV^l4?L(V*;4lO8y
z^EH@2Gd`tCkr>PN`=~_kPrzh)_hv1#J4E2fm||R69=;mo`ci|>#yo-OU~<cK!P~r@
z-nR<|EPMh#y_1&g|Iw|ikQ<v?12+9*KHsGd*Cmi}Du|0q48A;{NiUHIp;t2cv^mr0
zT*tn?Zmn_;1r3e$xrQ;lj(7`Cf$2ptlk2=b7RqEfsYV!UuhIDyhZ#6<O+y)SFHnhV
zjA{i+M+~{GJH*-UnG_!$Yhb7l>oZd#QeP;crJ7M*RTs%i>+^ut62)%{7+$+2owf=8
zPzkO@0SrYTHPy@_lr1%A+8_0jir>`;T8hbt%U-=23%<T*^V4%rfp~pe)}QnevB`Ft
zqM@0#BY9q|_CkvTJr2K^<mjqY!nGlyl2&;?3L5hxCwq52*It@-Ckz{S0<KSWlo_Up
zg_R9W-9|#sR6=lU&yA#Zxs^j!q0Hu}0gt!xl3EH-_AQ&W|A-WnmRlH?s=KmbHf<2_
z>sq3d)E^gHCwovv@odqp_qd(*4Q{_i)3Wo;vzD~E82x0pd?x_7HPuWJk7|u86lXIg
zq2?R}%(NU&m?(G2pKB>|5D0bTNZ^EYlvN*JH)q{`VufkuJQ{H$57SqPQ{QIU<M}b4
z|5BjqQkZ`9we@u}`V*@k=6aVu;G8A)Wodi@+$^2;#5#F;U!8C~wFq_hk)^Q)6-iBV
zQ|qz`>#6qMGuLToUcp5!8<IKw;TdDh;%|O<8+0BM&pNETYRNPGF2Q6Q{vz#7D&zU}
z2Omt~I@4V~`3K058f}$BPgAzs9yu}9lSRYfac1Rs{f0$=$13XdoT({6I4=zPeyO&s
z-ksk)hQ}<%Rww=tT4+K8A+o&w3QGXD{|p3hmgpsoLOTDz=dl-#;w$~*M6lsla%?Jp
z+0{`N@_OBk;^bxIR}NBRt=ucDl>^cok#*FF045{4Q9sH`FVPlq57Szc)jxeC=oHd(
zjh%Ux8-e^Sk{mmmp?G8t`dMYF{Vz`NUg(wR<Y(u&kgwn(@p{-=Mf$ceFyp@vN%mQB
zuyoFhRU5Yio0S(yUg4s5&GtD}bNLkpsYR2VIa3ekPCjL@zSQ4K^2B<`P9J089lE&E
zu|u6vv2DY?P&o78-oSxF8=^oUxVKQjZLezRqi!W9$qvTR^o5C|*Cdp#y_MWaqLuG`
z2iij)6ZGnNM4?d(@}Dp;R+}a6mGcWFjne1o`RX=<dGTw?s|?V@7YpePwI0jbuyf2@
zvfjoKU2}1LH6rEEyHfaBuhZp*WBHzIeRfE-xIjnomBeertKKU_)Q!&7f+C1!*E{^$
z-XJWF1?h?2;OJ-KhI>cGxR%Y6>{Ox;?<xaA%sa%^VO_TIJTvBHZ0gJt7>}wbOM}n|
z%JevRtzK8yET~^yDzTi>Dm7Q>vEpJmoX2}FgD%pH&+gl2choJ(vL;KlR+t@4si)X1
zcB~%ZZS`qDoQrpUexbx!rOF`6q}wfamb#MlaQ^j!Z;68nP%33DPAhFfOFt_8Z~H)V
z>rnREP}AH-4Q=zZV}V3eae$Tk-`wj;?=PY1(@s-YLv8{ohOr5T!tP{NS*mH_k&u<i
zJEn5HHcY|&UW`r`d|LS3n>_17PK{aF>KSNGEE+@~uUFS#GwHbm>5gS|#^oxx3y?fw
z1L0;1olWtF##)Q0rJeL^S=SGbeYq`-yDzt+ao9s;9m(r)>U9@flWUND&Ax{PNVu_N
zU~&$fcg$>`-MkNNpNxO|O|w!v`l+|Ui%FOc+xNjzy!qU%^8Eg((?QASB};$@O^7#V
z|0QIV3##=-s6Wc2E!8BQ>w{vszPzAySjh25SeXG*c}^um(6n3m7A7vtF~EJA?vgkr
z4u_d8(-^xQA!h4xP%3+k^jwJDu#e${^kTMwbK{gR-TINSZ<Pyq<gG|Xu3lzeBH?8>
z0L^~KO@?xn1bNw%)g7(kcOGTU$@Xz*eZk3bvLI_CakpP9k5hEqjsiIqL1H<FT1FZN
z$JJ2Zg0$#HwPMwi88~)42N~LWtOjh1+9Po4?^BK(-j_4PzTAUE0QYG+Ed0$|7sans
zQyBYD{@gjE;$7l;FG8XIvnvU!$8ej9iXT_D!SzP)0QC+F;(lK7zY(YnUZA3^`|8r=
zrg+o)r&m`I3UvuWq1J2qMq$ob5zA%2VsMUoqj&Pb$b8Ky56Jbe(E2SHarHAd!DMys
z`fYEmsEM(fhUNN6H@nnV-L&=>>_!9fd-iD1D-vE$r%5~ErW{t|2>HyKlR=aQJ<mR}
z3dQESF2Qhhfzb0ml8+oeBk)-a<BusIKxmdfKF?=wq5FmKjeDlX8Wdinn^zdLwFv5%
zYL~qLQO(q}QIQ<iZ3v0D(W)TSEUrVTECmy^W8O+92#zO53c4vW(*7YC!&4?8_defh
zvh_0S_vapi<<qn_DyvuDp1JM~J`)jDmg#DL-fhKrwYH<%8^(b}8N+8B-)!AJ9ABk<
z-M;-=a^J1*?v;KIbQ|dpkG)a6jkD*`5cC%Qd1tqq!|LOr)Oa?QO5j3&66?}Lur5ud
z!0h_g#voO{X+abr<(b|`sOhT{lKRnhNtQFHL60hgH#X|W`DgDea--0(tuyiD>cA^H
z-Ly=N_dF`b*^iqUNYQrRy=vyrH)}4?b*tG#4I-m-1i0&8-)C4<;4g+iMUr_lB?*Q;
z*8|D!<oiCW=rb=uC*;1K3hEM_2R>ae#A{x-_ed?|sxCV(d6u9?z#^gs0qP3lTvO?o
zSJ+C<#)B;DERx8+x5cG%g;sS5=7VksIZ<^8(lKcAF`q486I!SeZwyB}@fE>sB-!2S
z4)wq#ohuuli>OW3klG%P2pd=Dt;H$3XUsISPP>U-;JqW;gHD$1pLWkiz3S@L7)}u=
zi}sD<fBB=d!_T^#k!EeCyE~nK3*Hxg6^8-sy&R^8u$ogi{s&g`vpZPk2Uypno$0uN
z%N2o2;&!*l>#H)3qOk{Zi61FQod~0oHr=H-yU?CkfCk6>G+KPIr>5~wO}Uz<yHcpH
ztISg)$%0a7PIePq;+@L1t`nd?h)|tj>}YmPm$4~uovFlTYT}I_<eT)$;B(L3cn=LS
z1~dv$qtH;wXwpk&-NPs7Yu{(zJC(Qt?KTFVOVfkiKS;ikORmqgxCVK3FkQy%HDX%X
zlWLxpqqPB4S7zu?W~IyD$9e;sE{4XYuJd~i5i7Mk;5Vz-uAW)y3e^bDyAz@8gqc?v
zy+6?f<Z&Q?(X0(RSLo*TmOe@*cSf)^g&;`)O>1xf(1M#MG}{r^r1h9N-1DMSZF=%7
z2@;Oq#lN+tEe`pQVjIcR_y@qw8*?M_EAWJCVzlQcfTFJ<1<n7VW9t(dnQLZc$qU&H
z4EbU%Ug|eLzNp_0GE!lL(Ac4+vv>%$<W%&4y=qwuW5p)Z%+)lE6W@A0okK0mO8($E
z<^ppN{2OmwlWz}wKi(Wgw{e2vt>8yS+GG_m)EVH4urfsc&ijIjLCkKkcOMPwTgAtz
z%Sb?|dKqiA%E4;U(R62MXl$$$Ri!TUGc$O=6c18@uRDs2Y#CoE{a@yOyI;1Y7-L?#
z=rLe3{6b3!$wR*zPUw~z+`Y$ZdRNf=x~cdk1PKwj#@)^G30j{J4)I3QVzW=^L>_f?
zZ0SU_L*FWo+y%ejP9GQ!();~b11t?<l-B?W3rd`4GfQ0@XCTLCdtHZ6t*j3AB5epG
z09>5sTlGG5fy0JJLxO$mv;&xYpcdO=sl``t)e_dzOXe8}@%xswP=OjZ*1m^suf0yA
z4v9@Y2MAV5(Zp*0_q=%^_4kjLuO^!H!ERd}bKl-FFNj}7Nb4gt{-L27(O>20Xb&Sd
zA*Scdl0g7S%8~$qL4Jnl8O8u7s>oFU^UC7U%d(Y|1Ix{M(rnDCYh`Qrj3F%&-w&@8
zy}Qpn-Vt>&s6#wxV_$;glDX$QhM0_iix$!l>Vzc1J=Rz#V)YUhVd`6hJgxV>Jzlah
zAir9-WlP^^m3m&hp`P3J9^ibcRIBnu98R$h@@dNS(4{J;V~g(9_a^HmQ(G=n$WRx2
zXiCU#4#S-VH|I3sO;!%z;W@%=jJ`@RD3Q?6ShvBll9!H2HQe4@k0-ZZY+jxy`}zI2
zV2@K@^vn*Cq!h|xIxYFKd<2WJ9%dpcWmERb5DeKKOAM6AC+`QQHneo~5|DEV1ikg<
zE*NM}7O0&S)&yb+l$&ZpVrSQe<QTuVB#8$~HaUxj&uT50+xxe-V!{Ehm`5gb2aqVQ
zL?<@j0S+WaBpv_WS1L~WD)W@+Z9ukIjhQm?F${c4w^qyFo6>5Om-^x$;ivvgS8020
zmvg$HY3tj=u<)yLv<d;$oU9=bcqrdgq?9&*1iW}Sxuq$dqBx0|4%at%xu5BYo(tSK
zQ*&Xs-}d%J&3H4}>~$ilQVIkT7#x>0Ly9qJi?O>@pudVS^VlO&kV2=$rB+Hw-Jr7(
zd>(>@EAANVR>yAt&g{+poSeSO4r6Mx)a$aQrCJ7{`=)Ohm4@l^NRQ^`%+fFMpl)ht
zxJ9&m>#F_MxMIG=mLh;Nro!^XN@p0=>0x3=UMje%lqUHD0_R@AHV#m|y3SVwXarTF
zvwtneVp|XdsWc$65uNX(6Wn4|ORP;PPitH}_JGVWeSU`NfFw6dy+=5DY2;YFvS29p
zZHSRf9_MkJ^l*>csJW;eywsI%q#LSk@0H6PpEerYkYk0}nLKrTV;I4D34{Q-ASj1^
z+*#%J?dA9axuA<&wwdp!nXj!O<*%VPtrYv>pG#~=-GwmdiS|>2BUn%D=7ue#uI($N
zCeqS4%$$cLzSW~v(!B-dm0TVyvB@DM0NlDnn3xo`9;~1qz>m-V#Vui|$#y*bM%+q<
z_vnlVZrVg-pgH$ztLqNVFo7hdaXq6Rtm`DN$;?devWSCNrKJD4<zcP$;*NfS2!pQT
zVD9pVpIn6xd$s4v(LKnR8u8;qrJqkzuj{KpaGq*EGW~M~8Z7q^ghsC^TyS>YU`EPi
zFeW$JusR2`Sfix;vE^!aKCH-8zyRt_za#;|j8}9>NQ{sYyNn-Fgod#M`BI;{obhCA
zDS-@$jqCA|e1hiSzTzPa8R)3vuhLYDk2UI|Wldcs(Riv^DMzivA4)B?Fa(9NI`}Sz
zVJA%5yV%J0vf=r~eWUJq@)^_3Q6+`my(6&NLM7$cBol~<=vlwzbUi1{7%i-|pdjL7
zr}l6W+>f2H3nSPW2VYS-VbFDFjoKNmo0<$w1P%zZ7NVp}9f(sF>tCI2$#={kLwKD~
z=QTQP!6zk=Hr8LQ1Z9)gIW0U5_F~9(UnNZ&s(~mdSG^Xp>_7;UlLXG;n_vJ~E!eu5
zc=T7MwW|<V$^#GuD<gK94zVw>Jf_dT@t8h~0OI$AvSepFP5j+_bo}LXt2qc2oz;gN
zZDhVY45SiIgl^jQ)LwOT&&rfWztt<sBRx29!`@iyiK}E-#_V5VAGUQ`mFlprt`g{F
zlkj`|-2_JJH3*<ewvL`3@VNBs@1^aX&Ec^|KdYVX0#R_ml!Ca&kI!w?(K2-djN#oB
z{@(a90hxVhV+0$cOo;D~lXs->TNK-g_RD%1_WVhLI7e+>H;rF(1?Csc9{sEb+1H-8
z9nQ@C=#F7ZBP??zA5=!)x)gvD29WkZphbwn#bVl|Dus{YUS8bc4P(+3X?%)r_Mi3>
z`d}kg16hdAFp$6kRHZs`u^W(u7@sWB<Q;?jx#S9=P9z$RH31ujuUE=aYSo`FBn;6L
zP&{d~7h8Zl(nUKHz-8Dz`jFHmI2AE<r1mHFS0vdb5Xq6?vuk(=EysFCbO)n=qBO!U
zu-9RD0$E|~M#$f!H0)ufQi@hsctLfL!S_#WN&atzvGCfXJuS+}6O5tP$>wgKT;d32
z5W<oME|p>*Xdn51@xZtY@_JgDi7;o||E1Dy>uT}Mn>gFBBPr85(24I-3P^5__r;O@
zf{Xt<9qJd)viVy|U=p^NNr<TRJBEF<4TQuyo-7s(D6jmsVg*m?V4}v!T2hx%i?Ku~
z!e{q3o`1@_(4U%jsB+)C{y1zAut%{AA^gD=WEJ|VyU13l9m^2;Mu`o%I{s#c0`r~o
zpA6m$sJJ8zC5lY`JR_MR3*FuyHGe8)K6DCEb^-S5zH(O4{oNz&orn{wof#;-WJrue
zc9~eUoHqZP+=WBuV$@|UytRR6vc^2R3hWl05f41K3jCR89T^{S-sxKaI0pckAe4(}
zD^k^n-Z-B42YssN%r73qi?h;2nUC0wY0Qr+P@5u(aFPPc(ok#sjio^)RpG?{UcSu!
zO^NXErB`wXH+Dq9#?%>|zp+OYM9MN)n?-_UsL;_wNM9PYVo>+aJ%$)9ES-yQmE$*Z
zO4KuZ+U`_oQCiv5huyOH4$e~-4>O71=@uI*)J#ZK&%tdO6{}3zPp*3yu~&(o1+s;-
zHr|*iy6^2b<jnG~VZS=+za^dlpR^L@H>{`&bpDCeQ56KgGuvuh34%wgthg%w?o9qx
zlifuc?3L1^JuN)_DC}%$jyitQBtRCbge3)3QU1Nq{ipnwd|krYCm3n)kMbp`v3mU8
zH=TUJ2LO(*G&7|qIB3eKc$t65%wJCfNvcJNWmwYiZD9N^&fp%x{_jZy1M;N}$r?22
zZ&9pycXrqA{$oYElE@_TueF>TbP3PiU)cSlSgaA4{BIezD@e}>$}Ki>=(zVD{g@Te
zPV1?aiwOOA?FH#RTF76{Vt12qumy=@_2T`Jg?3E@8cInJcYk^7j)&cZA4qL?OP8rA
z3g~^a=dJeJ$KN;R*&Qesj)(G7)3EVwL^d_(OPuM&(nA~7WZ`Ce<Y`wC1ASFgZ(JBC
zvq=hjW_#a5_T>AIgJD<%I4ZW(I3<B~C)*(ZTagm30zC=BPO1nyawJSoY`1Ipj{_*F
zanfIku}{}`pX_4#`c4>O(D}LSiE-bGv}@yWFJnu^)pM9hVY@%F-p7J>xBd=L{>>w>
zUq6LaiYQNuL3=z_<3i)Q21xB2Qa!Wd>4D7q|0YekRZ}YbK=6F2p|MM)b-9ief<JWs
z;>GPhw!c5}Z`yS-c|F+@XINJd+elpG(99ke{UajWR;MK~-=KxV!Smh8{~(zMFC#1n
zfZZ==h||)mn(?cT#9gRm@gT&?!VT;vef@9cGSYSFjCCq}iO-8&v3xj#JRmJ5Ecz7i
zgQL}@j_(U4_v^~xUmaNKaiyPaX=1dMNKQB6hO_SiDX}N8_WJH`VbuR%NOtMq(ECHD
za7LsAe?8>N{}!U`|Bk=xip!-v@$OFPewcHg!p<(+Vob!ayS!}7C-%Y@U5{ObLEtqC
zVAK9rEOqD+vhs~JX*(xvH#RNTp04Jw+s>01O7n|~tAzk|+NYap<G`>8C%-%WAC8X+
z8?G4f*>z2KSy-1?<J6z4D7~?}9&#`V-3=`(`k;En&YcARlQ_Y8!w@N8fa)X#(AD)A
z==aFf-;vY%{+6jA6imU)IhOxq3ZM%KOu==im@tIyma9EuBkLM`im{gHBjVHT*Tc5K
z`H8LhZy-N(i@MV>xOT#U1pL##9_8CBHx^2Y-lkqgPwlo=)u>`t#^WVSLkP$V#rlAb
zOBkfBar(k8?Ry0=S{>%stbIYNOXT)`DgdN2Y7uXXf3Y_%*`m;HWvLxwv%(_z-pS-O
zZhfdoNlt$+ss5SMLFszU*siAoI9Kjm>URaUKlQU06xfHH^n6B5qd)Dbd7(q+AFdy<
zN3TW>GjW?E8ntUQQX}aj*nB)n&0>bz@VOyL+B|;;8%X}!^iXHRQ&X|1jqzW6(H*5r
zucqt{ffoYr`lJgRn2vGP5pe}IeC~e1gQPFD*#47uA%9yB2ykjw2r4rz5;XqJ`XL8e
z{&TkrrJ7S|3HoXf@UqP5<o_>^R7pSE!mng=%uel0x!?*R2=E;=7AMG~|J#2<|74Q$
zS&!iJTUhS#KJg4Xaxg5K?Jt@ouu9!Z8IEgQ-asOJB-@5I#XN@p^Jk&xs`pxMis+v@
zOj06&;02_u<Ik=y`{K>8ZOyatW-AB*_%8>A{ioC!93A_iU3cEA%7XnYvfa-r*!?V~
z|I^O`T*Z!N=ExTqe*Vo^;3A?MIx$%IpkW_;@ZZYE*ErQP<s7@)Znj&{*4-E7itXGu
zLC3ZcOzHxt+WoE%oV9?sT=gN@iB!HCNlbcBmEaS;uF{AaYUBKDm#lT_W3u3=tfb^3
z{@7H<g?eS@Clex~=Axf@{PxZW7Qhw6X?eP?lApayLujw%h6J%cay)}I9i}@7_AC-i
zTVpZ~C?T-Xk1PQZr@FBP^$DWvdcLD%CQU7STwN9MPxJCPH{?|g2v~<*c{O#>!|5F|
zwkh&)b(qXs3tc<74p&SzIc$42%}n9F%sse8G3<JQK^uiqzR8q)%Y7Rcs3r>K4?8&^
zt%Z}^F+mqx8W>9MhO-z`aX9gN3>Zo_yFV6BB6(|SZdh@&E|;adp}LsdqO7S1#j~?o
z`0$ftwpJCcK2Zbdg5uT~W}=kqU{g;>^<|XRX`0lNXGO<(h+XIZ9CA0E!UWMoW~0mK
zjJL#BIE00YU?84or3ap=9E?7?$ML}u^^LS9bJMADrPO7&)0YsN!iGW;=o=kLed{=G
zBnip6T?uosL{6$hZU;4ezhJ8^Atn&Y0yQit@k>G19*j;U3soV!RB0iy>j>Lz9BxxZ
z$iu`zhO<}hKg$w1b+)Pjy4-hetnkB~k;`LWpZlnPT>s{|Fa{;&MSXLt5*Qn70ZhAo
z3*_p)Qp|k63ODuOk&U&BI?)fhbYQv_)M5#eN;X=%ZEDE)6GejSmw<-TaGa4#9}{tW
zB>cqB_WXj};paMi;WN70Y6L|?<Eq9QOx@Z_BV;KRPj@UvaEGwF6m<S{L6rQJCoz52
z_Q9Oj2Sdswy=3T&hfA_i!vY!4ErU2GA|)((G(CGiq!&-uTgpzQR<ihMu5Z2BwQ)#$
zUMS(^jHqGi-6>7K)liD(s3~Y1e1AfjDp8}N9Ltft1{~Qp-+r-~p=l)WrnY(zTr+#7
zp_{Dw!{Jl-ckVE4Rkr&7EF6)zL0+%l!;b)rT-!er0!*SzW(SIVdRqdI5vjk1T8Y3?
zsjuprS0@_Wp4BkdN;-1xycT81ql&Qyrflh93r*F)Z&H2eY7F_64nNbf)EWC86o%Lm
zLsUjSvWViyx8A`k)^KuopWD(kEatQ$V@RFYe&E+EfaHo8&0YyNeyW<wQ5V#@r8!K4
z+>2MjYthGDddDMc*C@JJ&FF@c1u!HF4x#t`yz&{<i)8yqGAb5L0z%Kaz`ewEah`hW
zQhsc|?UpU<*5!;{EJg!*s=uTgiR^hM5hM=0elPfbRJa)i>I=4uFditY!rcP^Vs8(N
zKF77ev5$xPg#nE*Mea95m?)2AOeJhI1?nw{#M8=wP_JaaLSsL&0-Te8i5SMEr_0^d
zitC1%crFwN!9-3@lnz?=*AWU`xVFJ=+Lyf4z-Ua_i<#>d0kt+;gIjcOE`2(>Ahd5&
zTXI^=^fhMJNBr^HlL3`^JR)e!LsHFh4j(kKbb*g)t_RgnobG8_romUh+ctBPd_iEo
zf^V(CoG}<(v=LFapg}vgvUZEU-|JEB=<US7gc%NzWZ!Hlh4{7iH*$nW9RiGY3W66N
z#Bceml{H+c5$Gq$P^F#o=^nPtuN8fHN6OWr^zn&?g&MJz^GMLbNMl@UERIv}<@o;E
zZf)o-60U@#qrS9A6gUF<pNR@plOL@*Js1vVOC82KiXd~g0MQD80oshk!m*eaK`!5|
zN%^I$<1ZgN`1lxNs#QnI8wIEyT4>&7q9;1Yv*Kc^?l5NsbuIBx%)&$+jN}%a9sgV?
zNE-ODIv+K3xHu@7B7NpEoo}y)FO@xa^+;6h7F)y%8AFZIZM_eS?{jZGFs;)o)BOI*
zcZMcHJM>z=*HAK(E-%S6UdI|m2iJ(>f<=@zcAa85498cGUZtryzt8@_HG84%7y?HG
zjd&G^jqOPz%rHPY?JIzKZyn5M)h~gI4cKa7?#P4q1{ikqPKj>p5lo);lT9rwOI6Ad
z3}MtTLk&C?f_uIn#FyH{LgB%pvrVYMtYn@FCSbe<)si~{llEZx>|293bCW?YVxKNn
zg}y+gOaXBE8fGJvDYCrJ&jT=u^{HeaRmqzT;|Ad1Hx@@9VI5e8s)~MDQCBO_h0o+n
z%$=Sw9uZsuXtcils_1B1!O&}{y4hEq+J*tdyCm~5sGs1KR2w)smCqU}qTWgK!z$SN
zcVHZ;I6#dg1w#U12JdD7RF^eErCz?SoSSRa{I5Lr6~(g6B~dh~;ZSNAv(bQ}6Wbid
zY={e3@N(c+lm^fN$DmLpyy~e5g$mtaN0nM+yifUXUL&`4-qW?g0#?~o9?Yz9x&L)~
z3g_Hs_N&uALlMkVWslIaO7Vd&5kwilrP^}LtoCyG7MfEjD}IvmC!oF!1;fpGH3`&L
zfZN31_Cu>=4kb$pRaS)I*cih*ocm4NVIiM-efvxHLPLH8=Ui^iVm!}hvl)&G-mMkw
zEQ&UwgGlwbZ@6!qe6u^LVzlOB*Y;@#UIuHe*PJj`{ZyL6MAXh@m{Fd&1@{PK**P`k
zJ6g&mPfY2Ap!r)mF!q|7aY{KqDV0ipPP|E8FPhx4NL##MZaAMT9x=}V<>JhPnI1Gy
zcrp<C5Ruha^D@{XL#-q~Z70H9ueMu5(qE~9JXPkc_ka`T&I1iQD9{!F5lWqQuF!sU
zGC98pIFvFe)?~dy0&Iv&HjT0W!l)v@qWU9rEnlTzNCP@5Br&Nd64Z)4$|}1ob3mPa
zi{8{>tF&yvrNU{jdHiPv+i=2GqYcbQUV8<aR|k|Vy^54=>lv%1<rbe&n5*~Nc~hI@
zy?k2n`u3KddTNZ}wuYhd7YtXi#*kC#%qO~pnBLLY?vkOAm7Tn4C|pp|PBxs}P=nEt
z6`M`;Sy7FvqZ8A`<lhHF<1=a$jT=gAXNtUroVTK0l9QCR&}4vX;8?h|y-YL~XoOMS
z>S8Ul#rV&xMm7FS?rUzhpr3o9h?&|b$JEfZVT_nAY?i8Zmn~hJTc!_tyt1ZLFrp^3
zo!vI_u7d2jy?SVpvzHS=UWV681;d30PDx%S=5zyr>*_x-QIl&DEsuTucWkrQSe#WX
zIm2xz*0u~VUIXT;!zHrpN$qCN!$e!riG4f@&UtuFPU#q((uJs<&Gv0)m2__NP3^?~
ztNjJ_n@*eZJiz+BLO~OX=I~<k>npe1auORakF_ofnzWh?wsB12F#r02aiefIFhM(s
z)*5pKB`_XAWAn93SnD9xx6&O2_5rdZWUQn8G_UCca;Kk{VSbnbMU#<<+b24Piq8@r
zg7_P(%wNWVj}Lbm=sODeu=WE5zS~AtlY(PweL|3uxtxkph)0H=PC4-c%k+D#b+&;=
z3Av{IDDn=ep+kSJu(|RF+>s8?H`+li-llq-LY$M#ne$RO=WBAzC=|f6?UJM9ztn5M
zrQ-y-#`rbUGfCnRI!mK<OeQ^p+Yj=K=k(*ATE#0>B~2!N--b(DXyCSWP0Nrg4T(@j
zjQ{4YIt4utuV7$MpB|>44Ja&>g%=H|KJQ3>mn9BdE#6q^kn|Y?S2id3)zFYil%(O+
z<>w>b990rJM`2FQrQnMm8wt6N82s!?e9oZBu=30t2sqh6a7~Bg6o}p9yUC(Vie|GL
z<`$u*SXcUWIUlC!d09a5s9!s4dvn2g1i6yIG-PK}K|SoD2EEKD7LKXIGf-oqgI*fP
zEc%`G=q;@yjm-y+UZ4TW)kA`mvpl->HC5g}sSl&hwk^WEr!3<F%yH9!pUIOxx6CWH
zl6D?_?uTMBTuU2ed~azo(DI<9#s=KA?bW6v{}qP4B@n(A<*AhY1Jho5mSv+?U*v_R
z6GQR#Ch&H&-L)!QhMhIc=Y0tJo<NU^%zO2+pE>$D>)e|VFV_8B)ZR+Imml0wG;!wM
zX}CCs5IuH?vBR7<_;HuLY%AA9q+bBZxzge?NirhhEEr3lZBy%ng0iw-0h535%Gd|s
zbu)y>^`SRf{H@6Jo@^qsKyPi=kVZQ@7g(M1GVI{FhTbCML|2UKrt>#iT*-=FG#(4n
z7xXG07!z4cKe`ZUVsZA?_`PMV`zjc%xNh==WufKv+MTeS48?M-A{&||rM{VKsMXlu
zni59SIs5iywbH<%9V71WaArfTdC7^YQeIOg#;&JuJI#1i_04<k3ENZ+)WPWY_Z6I3
zTB;hHxq25R-$uRt_HIkK=E?1$H8s;K4jSSf&tq&-XVf(mX+d>+A9wO#9+b}1($zTD
zQ%Y}OI)_<I9gS7KM>nqBb%>rtbk#9tvqp5;QFzs9te_$f<BR4GoN)-H7fPe+vYsg_
z+AM8H+g)qh;iYNXDH!{{Ts>3alyB74x5?1Nh~7z8FE79FK^m`1i7#-+=Dk7^bGMg*
z=S=bHk|+jqGZ^FACxPZb_swjG=?;CAQ%D`z?K1-+=iTM!cd<lH7!5+taA9vsX<{&B
zjS=#ck7-2<wgisos?jO%Uoa-+d0H5zy5rF9)RXC;BRO&{<-WW0DuX)Q`az7p+Qh$5
zh+E?HN$TD(wD9zmJErJ%M#z_0(Lwb<pqb3{g()|}1U+~2@e8xQQIczN?|@N>q#!f*
zjQEHzAH}~QCFUlUmxgf2)Qn}z-Z8%~$ncH@QcA&2$D7bleePB4?8XFyRKE=YB8n(M
zB>00&h0~U>2Jg?Whmvh_(r!=t$GF>zrX0=nK0AFbUAr|_^AM1m-ig=Se0lNhs=$~|
zSfoY$HTm1!1$V8YOvQQOMusn(((WXyw^5_!G2VUA-MN0t)_Q95)zzXUPuFqtQ|;N&
zlaJj8QM}Vxwh+<WL(9E#0@@lS#^laJm8-922`X7l@mW7Vq<#|9(`;=AQ^)4E62ga^
zUltg(ZRwY-nsgrAzBs?_b=CZ!67>N;t|j3I<=&2Q0xi;#%4I?Z?U+{+SEqTMeHXdX
zG)=bA{R`vU`sI~+YU7XuMl3wCa~P5wuZk-19Mml+<K157#=zXgbLLut4YouFjS579
z<1xM9hh7R<#1U%FgkwakRDy9+iKr!l*oNuJ13u@BY(R)pmWXjDx&L;qpx|EV_Egz@
zjl#uw%(UT;?>;R;AKJ>T7MudSYNag+IvnQV8Va%VDSZWKD^-L8$xrTJqBF`h_~VK6
zH^nj;g*0VTOk#9cbfKbRVY{C>(2z{F!&y?qBCNf8227%h2*N|%$D6O8J2JYt%qbed
zdi0$CH;qx0in(>4q^@dSHgp`-+jh>I&2(AQt0uN=<7F@NTKi?nW*L8ZL0F~E{Nr=S
zlou@rjK#a_AU@@T%Q-96g<6|V$vAUfh&MyFZ-$q5gQF4sGh=6jpg~kARaMELS_Np_
z(#o52sF?)$v~cvfiqDPDH?y`0-kWoMFWYHppF!7AUwq<S5B9)4+7y3iO=ZD+y0^S+
zoyVw?bODnbeHZeRrJVyJ4&3)N2+#+aoxy!?j(q1BuHp>Cn5RAlLYWn7xZ5_bA_y!+
z%MnMynu}4NXN0n!zBY}~uj$fgvRPcZC~3VJXsW-m8bx1Y$?ZAfI2<gOz1F33`=_0d
zMnQO}--J^3$U8@LvTb)jh!43?Uh)p_sm|s9kFv84i*jrC{}y2bB2oe>=wQ$#Qj$X>
zjRGPq(%oHxARsB-rL=%_gCd>M!VuCi49EaO4*b@D@4L@_&;Fh3od5Q<_r8YbS<k)h
zb+0=<U;fck+GC-Srgkd!zH!ybW7VguT4(h|c1p`0nT<*)kKC1-_6{GxQ8;aq%cFhf
zW^~cCO$8(g9OH(3aXHhI;fBrhT~$g}ruKX4J0~YuThU1+jDuS`1!uEyg#*c1Ga+G}
zx$K|Tw?q_5z2ku>2?tWE?W|t42OQ{w{9J8R(tYfRtq#>q0(0I8_=|zy_^4FgAa(Um
zf){DRb1udwIX{E*^g<*)riw>r*;c?gjUpqD*{VCXHmg$SB%?7b-)3m~aV2Q7>Ey&A
zH1{bbOqE>2DXg7QCFciPQ)+4hOh@fC3|$880?{yQxXI4$0Fa2exm7&9(WK}<ZDqOY
z-#|w$;5coZ$}nmm<e_`Bbd8b`?N@d>ki3#v-HI0nIw!dF#m`W2a+rw^pg`1lrFqha
zeAvlvN-j6mIZ500YjYTl@&m_JF!bRD=DK+NKfG(a<v!xm^!5WV)I$8bIz4Y?5#uE#
zgbMIc$ky<HSP!5{c313)lHDom{HD}+(_?Sl%KL!&W#QAUY!DpMJu@nhukbS*R~~c7
z0kcg+g0?<}ETb@4z2|uv<vGSMxHOKL!YxuH3U(|_7rj+$lAymI-nT%6U1fyTb@Ffo
z0tXirhs9G)v!MrWYuVfHH$i*KrDfqMj(c<#Z_fff8iL<Tj8X5TmpBzZK58KtfGJnh
zm1LULI}RSJ6HdoULvEYJNhIi3??s%QsL~l%T(c1qsUFojAYWiaxGBRq_BI6(6~jfJ
zi{>{nL@$R1)k&3;%7VeGA`QBXPAwFeSSrm5ohjr-7^Qhk*Xfw1Ny0)DdkI&4JU(un
z;$J2dIG%Fwk)Heh%k*qu#_fyDQ$xar=gQa;t(Wm-RYk9dzHILdp4*YY!RCA=f&G-j
z*AM%$tFch5%HTI!yc^12{ev{V;)VEK+LQlsFXP73CilwS7Xkv@!^51@<**%gZ%Y?-
z^%EDTamPmQt*!<d$l#L%F0&|SoL^BB@lYO0K8on3XnLrne*lQ>M;%)7C#fB4KR@s9
zp=L~C8)D;QN0U>Mks4a3J}#YN@(+HozcM5jc#~{ur=or9fa_LslpqXV2l{oB5A~4U
zVnfp|XIcOk-(hdMY-Oew&vu+(z>(=a>qXYvRAcaXe+tQGI@cm;-r`?R3b`Ll_vMT4
z<-Hd+pA7G=gZN#cm%OW?%&H_6>PG!M01j2ECm|sm2I>q{iZhV<X;ON~GcfYGPgl{`
zCU^wY15B6Y_}FvcHnmGq6GhjD!f<7@$sY%Oe<3_cyi-ZqijB5A`i6J-L%jV|?Z_py
zC_5!$J4W!1eA`jPERKQtseA)k&?lP}7&T9GZ1&l!_g}nEL)LuUPJ4D-`XCk~d*eE}
z(DjocxSyR5>7sWu)=AYsA&ZU=!p?H1Y#}?v5~yx%!}_%!FFV|c<Eh`=&lpf^rna0x
zIYpivrVRLLOPjs%cU*YVzmr0G#V0^JUBxFh#=C^yKK{<3n=p3cmiB)1ZFVa>d*~vv
zLAH2yuL00_?+$yd1b&E#m8*Z#zw)eP7A2#JzjkD?Bj>Fcw}Lu578x=*t}o*6<&D?n
zA9-OM<y5LsuB-fNqMHCIzdo^ZW5px?V~<ga>s}|%v{TGZZ3FaAFSf-;;n{upVm$Ca
z^N}X+9E#XGR5Cu{7J1fb<)A(Fk^IBoe_mj@7o%TWwDg(WUhD35L3?9&WBQnR_O#i!
zD2k?36xWhXv+%;|odjMWKB4J_Kj0LBUPJBqlnpMMnJK(*qd|w#Y~P~@AL>lZEN3+8
z4bhBxyf!kPu0Z{ZS#D}EhMw%eKqtCYyJB5#L-16{w~Qsh3ACZ6Q0g_^lRuR>Ual1X
zUUdi1tJ{e}V`#nkr6cZGQCgrt3$2+y?hL+G28aUBzKb1j_U2ENn@|n+>GIn!U&Xz8
z<0aQ%>sBvlAZ$=EtL7m%eCji*rcUSI<t(L?k(xrsK*lJb<y&T|knXWbv!DgDhJgvx
z<cB>+Ae(LOJ95yv_90?ZUtTvvW>%GMm<)fySA_dsWM9Z!)A1%S%lKm%%Jd2{`qSKJ
zN|K)$asnHP<3uzn?zQcnlxTi7$K|MG-!H%(BnE;`Yr(^{Y`srJQGQ<lu7Vj)wc#C*
z(XzGTo1<}9m0ifLtOjjNioG`Z*d<XYa20qONNu0j#bY(O;GX7D<>w|sVohg3Bll|C
zf!QIN<y!DkxZOfAhfyaaSq{m^H(Q{_%<cN?u*||g^n-K+7Zx{J>E?i%dKmXD80haU
ztvg(PCnm8y$K$yAkTVzLMGcn4=>$r2d?MjY5Y1pzIbH?8AY@;GkUSCE+mjZHC#14I
z;SH&MHIVuS@2uVhI>cqPKEkLe!qc<i;WKG&K`&rVcm#$fl>5@5?1L-XFpHIHO1#3B
zJxT(|xUK-tpn61rCBnJq#H)vummaJ)zl~jgEZwkc-WBS_{iPqJ>gq@w)&UB)_9qDs
z=hFQ5u=)BsT+2G%#H<BqV{<3E%H8&+_=14ngQRwL2zH73Zz8vIUPwGSt$DxzX-4c!
zM&&o79#^@+wndAZXPuY3InsA*>yCw19Y)!4ldHXMTb5_m_M3>7eAvA^{J5;dAafZ`
zgC=l?)D_2nMvAcwFqVYM!`8cXj+R#VsCJtibRYu4ovx*BxNe)Uy<CqO*Kr}R<Khj9
z5!c+)53JH>PbW_{RzAk-Re5g-jN3e7{I*wLR4~AcEX}KV8THVlU+d_8M>nKmvr?TB
zU8=<%Ep_^1E4wzFtV9{Qz!SgUkueaU-CjCgy=VotTbCP}x_&Hvfl-;_-cdlor>oK9
z-hbknT{Lg_U~7|EpPE0>d)5Ts$L<ErLMjpF`e~HrV|iv=$%aqsy^c}36(|eW-0k3m
zpw7?tv3jViYX%bn;`kMXYp0ZQ5*|@Rx4*jQvDnGHOEkpCC>Pacgn#b=MRXUb<=q0j
zn6?eaYU}A<J~unE%yl4o)oaJ&qiuDYXXDXAwQ_|xAcl}Ob_zj_O3CP^EP7MAWwbIj
z4jn1<hQL`~z@t{fVsyH_aAwsjFzL4+gJ1L{IRKAb;$<?^4>2o_Y{t_VG&Ut!S8|bv
z#tART5vs)&kP}LixXRgP=f?!&;i(#6O*Gtihsr!iieDMPP_@n0Rdt#-kR%0}C<W%P
z-gZjW59duX`})}-BZA=i5L;jabO?Cz1*cj=0^SAQIbse=g?6@tUSDU$J2`^e9KA_<
z&sZ5DY2lJU@$#L_1|V#=z7WV8`F@?G(F0=P=^5O$Ol93L<9QHsFHvJP&UMg}!q@#?
zx;H(!zBLk8Uiaqwu`6hk=L}TW<`B&EHFqE>`j)Rk@1a2o15>hJ@jl2^TI33B9;n}&
zfq@~RkTBRK4)wGXOQD~yFYn=MOoyqF9Db3N$Af(>hITqt_Q+PU6L0|4pWw7(UNxXG
z3)CL&%a?&Ps)gvGo3S4DTGl8lO#bdTYVr_amrxUq({NgD+-HCEwF<_1>*svcJ+;r2
zt7&e_H?1CdXa*Q2wu`I%q|rRcm*?rh{nP6>?bXr!G5l89P)a06+Q#<JSZ1wef_C7+
z=UJDI-A+-P)6&p%6j#n1d$Xr$3lPAre)FP~c;_dogUVi*0n!D}^@>sy%Q>A~__1u%
zfm?g}tUCSQJ4oj!nyn_SFsg&-d>fJO``lSB&lrDt6lq3HJE`$y#VPU>r;$i!T<(S2
z-A)HtmORIennrbrZbS;74c+oG*i!t<D@{-Ezr1stb}5D%bl~1(uN5xYI6@2BJeqd#
z=3AcJ%-9c}MY+XusrXoVqa22M*tMGXbs}f2)V!MbHfzX6z%WC>_^;FNV>l%Wg7lWc
zWl+xp@=4ag9J)zw_C6<YiW%00N3r$pOOHF;jknv_V|7dJs}r@?g?1G0Egf8m;U*tc
z-kd0mK;<+%kBwvd^(~m|cMUEDuZC_a<x1Z@hx5&qm_*ZZ)s2y){97>%doJLUH*WJW
zp5B3v&$b@86gKu>cTCh(6<+&judrfKGD=rbJ<*OA93imzLj67Cg4Nyi`2k^-qOn9K
z^5)iWfqI*}5L3!H1uZZ(`lpq<qXqgdOb=1rgG80o9hr}oic33~62x@qcodnJctwL@
z44d}F@_1o4Sh0@4eQL_`(JXQV{SOvnGnJb0bqFfoFQF;Ug0%@xM{{iA;d}lva)#U;
z-xC03x#>_jVQP}QPH#t?cMZGDjpO?8S=j-7j;$ok+LfxGLw{|dbe7&y7;*q!td6|<
ztn6*d`NkQUW5x3<;^r%<%|S{t>Iz6GGqNMA{umZmnM|8LqaLl&(W3QsV{f+1W7f!a
zWlv8iqZ0Ofk-eiUF<$JWjuef+hEdn_(Z>E+`tfW9%B_M(*X*UuLEiTGiX&b@9!ar$
z|Baz95}fRrfR&Je(<L{Oz!A%;`(qEcws=UG-LmO$c`_b3wtT<hXwpd>9R^>EDCCh#
zs3(Jdzb}2t?Hov0KXt+rc~VBR2Rh+z?q3JAa(!8ZmQ1{b2jT?vc(>R<t>Lr_O)<L+
zX!%jAvZ9~9gx>ZjN?e$g)$gJ?KV-BQKF4MkK@Hlka(f*`lOLtSF{g{p=UJQu)kDth
zIQJ7lpW}T<M&D*NC*9AsqzGoqMkg)wacLSyQR0c<m6i^h;|7%BdI|ireBq7m83QJo
za~9eXiksnqtrS46@z{7wx$pZ3U+j)lGio;k%i<2d>6zbDU@?3tjAY_ZH^qrtk<J<@
zAo6@RYR#|9^K>+^KK;05(}ib06@K(%TeMxSc)+XP8#<6Izn}VR`y0o&vz(CVCRsBg
z+L08nK$cCQ^gRyoXL}yAIET~EM^}=;c=yeC!Fh;#Yfz6R3pol*Y_n7X`IDr_$BkT&
z1&J$tj<;zQnr0y7Zfs8)MLS9t70Ampc%Q^VRZ=Xx_|mY9&`T-UTrr%41Q#G&ktTew
zBRt0!nAm6ca>*D%P`^O&a3m^QZlt0E!rKIURw*Z65A<xrllLw4<u|is@7q<0puiU8
z2^j!MzifW^Cr%xWXYDXCRRQ0M{WOow!6ac7#Ojq}(Mk6KA+p~2eNf#g?ia522|#YV
zkz;S<nj0RX0Q0An!#OZYh2{GZ8)<AZ^C^8|@}-!Wn_!170U+}m3FL9pIB4C!;w<H;
z(kc+sMX_T-wdh%oE$l8$MjGW}fB&ExWSz@x-#r-7U_7qkwOvYdHwfTNdLPPR9k&Th
zw*;l*WH}xp+Fe@)9^!PbHSNY%fgJamCOqfE7|p4IMaSu0XgMsg0qVGF)DEpYxJ^!I
z+x)eM-XS4@*%@csj<qR<wo{rLgZP=)|2ArHOCm$ie&h!0kLjAI*R!g{X9xLuL+(~j
znu_hM!NBEk&KDvMF+@}pX|U|gD4g!Hhxh3wfiSlkBO19hOC>cQ-FL0FYCLwfK3r}4
zNbU^b4A}TO1S;uerK&$5oXbqKkO<Zj)6BZPs$}Mr9<DnDj{*Tl(EO~JGU4<iDMKK4
z+6mi@Tus~lRxSR8l|yD@cw27G?62c3ixC{ktHqImco4=fO2-ZFfbHDr;9*y90HP|K
zIzCWDZ>&MW&gW_M38EwIy>DOJVD)F;QU)IBNUwS1*ezC;GYOY)?y+}zt=8$bbQ6fC
zsd$+4GM*hsAMN)ts?fn_iEI+g3pib%`vH!RI=xovgo|CblDc@NUAy+&mU6x8Sraz}
zWZ;1yUW#+~o1*uI(XTxKy9eU!y;V=s3@bSDTo58^IzbYkPop;*cU{rCb;<hH&GE|y
zDF?OTQSD@)57_4_QajT9O}If<GLvDsbtIEd&g1bTdqJFTxam)EzTwaRx{V}bZX+&2
z#Ym)1GrclJUx}7=ZMIltx=+(%edD?oeE3T+H^kfI)3y;pDRE!+lwD6Z$IwnpS6j=1
z^%b}*tfVf4(d__oSs|DvT`}6LtPIGD674nWCgRojjv46<TN?m4hv!VprdnrvC9p7d
zQ;z!S6201qHrW7p(BKED!rPVXX82Vi6YxU3cc4h8;vhT?8T_;PSIgbCs0aNMEFdRQ
zY~5Hn&n^F8L;!fHr}n8J?Jk7S+Ii-{#6Z>+Dl$Q{NQ7NRhq+Be-lZ&Htuoyl;o4)`
z8sFkFxGNTppxk#PxbIC7G_<t89#<syYn9%oF5o63OpEwHUh8Ac+@IC4SGNlHAwJqg
z>2{QIW1*r`>_8Z|w??f7**$o3*aN@8Grw2C!_2V$c+(?K*sHt9HmKINl=$vfBFYG}
zDl8+r`wwk@*5=%)R|L0(i1Z`c{PDMjzV^o`m^mdy?kZpQ^Q<4)M+@cIa`E{fIWl9a
z;Icj<6Ws1vCNj}O1L2erNaBV~nX0>Qmnoon;w(IL4jbVNJ05EFr!8Nts}DBgh&r_A
zZWU!V=oe`+P2d)!Z!5?0ebjQT)>!lq%=TcL7;mG9l=V3I73b)k);!}xB3deV_6TS2
z;B36vS|O2zO8D99bd(G~6z#Na-zHb9+v$i#S8%F_>-T@tg&HOIIE)hEQrbi)CG2SA
zz*kLx5B~IS04|T-DR$u5&xE_X8FlfjI&`z$ANF=y-dt(IbDym(j$ocyPO)xqZFnQR
zj~>~oY#Z>RH$&U@R!-|C8z%R8-CILfC=DI1{a53?Up%$watx+=4W@eW$5rPH(czzm
z>zp{woo?%ZQw+}%^7O`T?aT5`XKI)m0&O`)xZ&x&uLJMdCTFl<HBu7SpwUN8ZYkfr
z;N~xiec_&4erC+$wu7<ZYgvpe2(Ufo+9Td=VB~FN<psLtt8ceLi%)))<8&KzgmW6(
zdY>+tjH+1hnvhxEUH7Of&iwY4>ClczIFYtf>>F*owk7sM=UP$NdSV$x^e9NzOJ&<P
z@&j3KJt;Y@a4TQr<7p6cE)Ia{^E|Zmodw!~o-yP1{n`}?8x+ISq(Eul(0>h?A^(vY
zyIain58n-Z!<|>FiDjn%8xv+$3KIUgpMLofuyH|}I%WRlUlV|TeOrSa;d~0THD!g+
zyN&|M6I+veG*%Qxw&iEDXTl$Kz4l_Sm^I*BihnsIw{b`k8xh(bR^J|?ST6+sR9^Yr
znrg3yy*V$04Y_|e;`-{+F*x=2JRLI2!$B=h`?lkE(d7ouE_S_LxzDu^2tLYVp*swc
z!1Y4jG9(`X#9>zX+!JKEjZa3{5x*uQS(Jt6TBB8Sb@&r=y7>kfD2g})uHNE$0s0Zz
z8I`Mss{ki*U`}Uuez@QK4dEDXZhLs6rWa79Glq@>HlN3MDU+_xTFvz4qQ%QEpN@y~
z^zU<nx?kVZG9_#1LMD^Llj>jAoS*m0Zz_qV$)TKNntaf|;;N3^PTj|8lOqf*uN9-^
zJx{96O(-OudB)l$2M)pMc(|fpUs5Zmj<&VkMzw4Fr^%L=lvk&(30IV;H>IoSQk_^9
zV!W;7_v8L1VU*y{chwrXRP1-QG6uY$dmdKX4zn_vP-+LO>hYXKtDNIjo8t$m>EMoP
z-?-&>VqLht)0b$18iznD)f1OPMBns}ZvCN^)MNH9hx^QqZ7V`Fogn8M<LSZ84#u*?
zJYccfMju05irDWfD@uns{0^8|FyR492!4v-?A{8K@*U{utY&>-zGjtW;@ES3Mx$mx
zqq>Aps`bY4MMmBgkHHhCo$@)8*aJC?B(Gy7piMujABav5PU5vma|a{4y-lnVd%X-H
z%SCwBTJSat{H)CTVnzbkR&c(RtE!;&f>TmqoQ~c`VQ4XqENjgJxMO;GZy44R0egco
zqI{r<?ySacp@MHf!x(y~w9=nC>W4!R`jhW41^&ah6m)MpwcpIm?PZ6qpPlYEC%*!;
zG4ObY-sO;(V8be$Zs)|DpH4m-D7W!$;Vpy#a`OJysvCH~&|O<erbj_>*7P%IuXE58
z-!7F6T4Y}5?0?L;eNw77g$N+=_$qg$lrktsJ~7L9AWbcQ1K55m+gF1RQpsj|&z6L%
zv<aB2oSpc6%SJ$lT{WC2cm<}G?6rLty!hp-mlN6BBV3ZtsyX*J+~nsCK6XVzo`Yxz
zCTxYuCeo?fFhEhVYUZuP@5iRHt0gyzHL!2{3{x<@)wWHe)Dcxq@YHFLxHD{t)17u!
z2|^NW0{@b|cZHw(_UhbQjvd8L-`}sCKpau2lQN9Y8j_9vvLTF3$dJ2M^~Vekc>=~e
zBj7Jai<>`}!dSh<rNgK*TPJ1gS7*=+MT6zd!HP}s=+MA|-n-K+^^T7_UAy;c4fWy|
zkH?8@%&OB@Yyi=86tp+dc2zEKTTL2uVU?$!NV8n>+#5Z679K|9`Oy;!qE_!C`25nl
zc>Bi4wWDJ*lVa*`DS?gN-8}J_n3-(`g@%lI#;x%m-IR6~D4g8kSHZ-~`og&zcJXG-
z{0{pLdKU@M3m?6B)PPiJ9;blrr+(b~TXgJwlss_E*11(xAUqq?bE{OC;VZXZP+@pT
z1)T#x@G0>B+cUod>BJ3_V~lsEal*OX5yh+4X*^A%b}DZNE{i|#W2m^z8=m84s}o$O
zEBWWJ7}!0kBBHHz37?)?FMk44(ujhzlUfo2Y4BOmvrejP^N~D#|H1pxx=*{PcYio(
z_D1c46roBq9a`Nvj7AfC2xMNeP3NvbgvG3~C<|#j)w8RooeM##T@=Q|?gg|?o!Yf`
z!M)Mkf3_@g4u=GLf6J$8yL_W<0?UYFAMpRkb4s$TXqP`p9#{kdy_7<bb~T~640wFe
zWB!q;0~9}GJ(+y>0ld$YtER0wD*>DGtZSY~Q%spIO1<|Wh*+luv?3JtFpa<FA%UO%
zK$Mrnrb?l7u$FY3CnO2%>+%5Jbq#)KXwMUVSD6*#`G0`2h0`{zco?JBHsML<eU%YV
zcS%~U#v=`fp88)IfSexzQ3r2HMJxP4x<hm}Fcv+K+mmkUKeO$hp6}ldbh=bV3o3mF
zv6{e<7MjS#ZUa=MM?s8V0_u)JWU=OUExN?S)tA7*nv9A*DOC4otB+gj00a@E`NcOk
zOMm>taeEuWzR(szS?Dt31_Ny;tW`f+4oq0nL%MfU?8*}hHza1pcS-4YzJvPZr@qLu
zSeve>t<cXVpykn-2YpvWUFht#{``#3nU~YJ&H~vA+IBC&_`b3(kh&T*MaZekLk7~&
zS)|aQd_NEYrH{W|gs+=He9q8UKJcY$OIKS5=7DaL5eb;sib`cV9HTT@G+2Dwx^aol
zL1CleQHkT0_s3w;5c-)w!}Hj_DZD2R$X>A%Z#ehZ6-3CkK4=OZ4C5&%TshDi;U3pE
z>kXH4Z~lFd+;J4dPu9j9Bc(Xq-fnVe5C`=oS1Z54O*ip|zO%T+acBcQ{+QCA>Y@S&
zT%S(SHSL14cRW9zya5nt0tghb1Jk1fael=#!CG<i$L-;MZN9gBL>}lEtM4lXi|3(!
z)7iJAfgv5~=7mmc6EzRrT(}<FzW$8?#+&RD{+Jx->P2L<Nw40}C-|?B-YjJHSaIlR
zF2SPSp;qanf<5_k8Qw(ZJaLLSUKHSCRwEg{Z&ZW5ZOF!*s@E&4Vws;mQ76l^ne~<(
zOK*4yjv9W&vfA(uQaXvY`O%1DgYPS1YzsdYVjKFv{^Ki2Hvqx?26i`LrO3n|rSiJ*
zd8FLU6(dCSL%-*9?C<?dvUOnM3h6y8hN}CP6*UU@oO<40bp?lYSfbou0SxrFlKEk2
zWw7Yn5ptKG@5o_k4f*m5NOh@zsv@^=CI;puE+sFS?lhJdj5FjY)_wWfV-cC;#g3eV
zdrdq20;8Y-R=>L|yU1Dh@UsF1s#V$%<l#eoR7e1zC~}1PD+NQ(b^?d`dWnZiqz=Ns
zKHuH^NM+p%(NhDcKa*Q)*QCnxoDq}D4W^XS4g=H1&|ye&K>Txm1%NJjM=`?AEp}aF
zqy*e#`Ov+bN`-)O+$CrJ!fkSVLKjM+4DPaCQVI9z)FeCa`CZ;7IRaXR3H%!<BW7jm
zp^w3J8WwNHXFgYvE)Q8N)kLoTAwZn>7Q4)gqoVnFyocxsHQTsf1Ais&$mv2dm3|Q(
z*_d84GXCcpMckqrw{h<%-P!sm^yb}-cjU8$hdV2YL|)idbtgRT@jssqxi*Cv>7}h;
zU?xX%foih;b1<9PrvoJ1i!u0#*xga9I|Gy!`fHY~p(pZ{){WU?4`+H}Xjh^t?U(qR
zCXBxI;fl6w7T2FzafQ+rQCbq39X^)zOaslAoiz`EWUj%hG*F5gJrd6&k$TAHhVU$_
z5waMQM{oCt?Nv9U`wq$}&bnx6X*K`YO{VA#=Okd)P4%vEmoFz_*aA)51vaxP^4ws{
z2iC^v0+N~%I%>v39NatZM8DE7*qo}>bnr}zT0w!}HZwpwm2`X*e5e##K;BNy>3keF
zOR%%-_41??z}OV)zyByY(L^8S)+zdU(u}K!6(bblXPd&+){f}+VXwdY%z*aNZ(73g
zWDW@2I|nX89X5uF11WqeKq>UT?lU20bQo@zvKr>zLd2i;vAI?-UVDL&Y6k4oAw`Xp
z4bX<Qku)2@X(C)A3<@jgZ9}ioDg;lvs;89@<r88E40!?y4xT3!12#T74cgnf$41GU
zM?G#(M2ustZOjRZlRbUsa|{BfKHL%{UT28{9UBnG(9lDcX{TL*@Q>->pd8xa*EzGV
zCHm&7h~Hr;?zG6}wfomeX`E)=@T5*VP2GDvp1-Vi>jZO`sRftt$#?~y9j94*P`Em=
zj^0Hje0sMN)@RZcMSJvNG12_J_nFz`r^HEv2%$Y(JeVvmDKK|AL$(EhWccH5QU<xk
zi3aH8I8E~5<9It3D|zxV9o{EuQgz@`{s?QyapduD!LiOL%zeBp;Y-(!j!!Yx(zV<C
zH==n6D=2gdXvD@w3w=fi^az<u8RRAb5xQV*61UtWhhNQm`w}Cad5+Rq&sNTfvRroN
z#!`IS?uQ6Az0VY)E31Pa!v44$UnM(%L3nA_rqQLUr(3qUd^|v0zvSl+@{7jFRyl94
z-8S}=NyZL`-W$0s4D>g@w7h2_u_`|RNz#gkO*-@1$Z$M2>9AXg#MiqHwG%_B`D6)-
zdT`Eky#Rt?=+@GHl6bw>#FZE#{=8%!1@7<6&lOVnC8xcrp`sr5fFw<xAGRMTRuEf5
zteiEP@RY70H%R8RSNiLdR8S!vIRV*=C7s!?foE0?{w^k#b3*t2bb(Z`+ij4Vf>2iJ
zCt~S6A_+Q{7q90o6Ab$UpGau;B@Urw@D2sGL{Qn`vKE7q>%EnY&j4S*Z8zU2l?QL@
z!4*IsrLNyL_wC_gwPkck|0&rWD4Lbeie;@H>3k}!)$O`J?LsPZvPd>Nt|YkaN~@0h
zd*gWIEP8kUgiR=+hn|)Yc3~|UyAQ7J4i7vdycMH`EhC~)eIN3;^MqN99eB*#wyV13
z#>w<1`L-+zO6{4H_Et7^C*H*dcZ-{Mr>(0!7ir>NXp2^`w~icxib~9rc^APaZwtEb
z4!3wjZa+ZxErIZmQcIkVYG&xI{D7W}O0~64`2o{u=P-`OuNXKxL}l_W1BCIu%JB(m
zysd}arW!iDw?C{X6U{8mc>j~zi|)9{9tSm~NuBPR>v8RwL*m65_2g(ZH#NW&oKoo(
z0;^s(+8tykqpk9ar?S%%H$yT&=G5E14c5yU7Jp&!Rfga$bR<trtH6ecI}zOirKfza
ziCtd3^OC|4CBB+l6G{2cR{@{x7U-736pok&eg;5T<?-SW`_E*OdLDNz^Dm!Y-f7T1
zM$~eri^PW0G_|3Qm|8*>F#|!u(9p=K;gIM8_3t@-Ev#aEUYNaK&VUP=jDE&OUczU)
zjZ#x<;gd*T6lFX}(dGfUJgRa}-Md*r_m_Fv_CK=tbyJ4srVNb>SXJFK725VEtCT{r
z70k3#sXwlMkxWl+rE|DGc<mLIhIgI}@!Yr8U^2w8v7WqM2%|avv;NnYOp?*slT0{4
zzjndJiX%jr%JQ=>$9B0gJ5m^w$l85!D-^`aL^S3lR%fbh^i<yB{Xl#cOTOZ+V1dd(
z4p`>O%_vd)c=tsLyA(OUg`=VEtzv<#o7^66{2fl;R47@)uIY)ir<nsB=5eu;r^d5Q
z&tEY;mygfAqLM3|<-Y<N`?HE0kh0Mdt~w5VFTQD3zyPwh0AwtBR40Pph*aJq-fjCV
z84@Q&RU{MLzU)nMX&q>97l51sADTpgXh*H)^=G{)a2qs9Qy_%`+Aix4Pf=$wQF)>L
zHHQ=)@hMTD#8>p-M~k??*@p<>XKQX7<N!qHRHp!^Vl^3%u6I$aLT-=`pDHAADIB;{
zICR~cBLBM3MIS#vn2+6kUpjoO$rWA*0!gjD#GN=s=@SPxQDH&Q_B&9)UV_Wy`SAYA
z(oLt$+Ba&$IenoociNMSOAM0~hPrm(Kn<Gn7FAkRZmV1*`=m*4!uuhY^2KOAQF-$a
zo(f7sjwLFquKD-UIdm*Mt}BKX4hl{>55hWjQ(b1BlF_N2CM^3Ayj^vx4meCOo2s#R
z5aOI~`<|q(N36eS(zBWw)IA!D%OV|tg6B=<+mFH<XchoPIrpa3LQ&PEtc4nzOfP;^
zj&5U^+IX=}SpH0%(^*pC;uOHXhoKHb*!!ctNpw~=I-jaG6wdF(_xE@?jA@_=aY?k_
zLHRidHm3{i#f0x92)KkN3A#nen4E13+-VRDSp0b_Fp*;BO(=ayvuL^;%C!uZ%DM$M
zYDp@RT43Yz*>D_@GZ)0nb-OHfb`sf}#)IGx;4e)lNSDXNl*#d4XA|2z9TE$BiaBt0
zGtSCkW_HSO-JANo-*hL+2#>U58xkM?Xh6Ve+-MgKgbD0#qr*QSpHnzDT^oX$xqtu@
z<T37aSXPhPc}EHx*RelPh&=9hf=+CUc7#+guI_XfLr1;XjO02|O*`M7b`wrocP00D
zMS;DG;$8KMhi~!B{R}7&obBZAdn&!BY*qQ_P0hr13n)%hj((-@6>|FNi(3G#Y|H%m
z2G=c@43@F*AQ_&}bNqpetJ6Ugx%4QU*2f;N&N@;%9R8!SiQ2>0en8i2L=#QqTV`QO
zd@(G2_yB~MI~vk;Wmj~3>Z*cmT><ZqJ7oQypf>=vhq(<qx-~eI5jO)5ZwjTSqC(sn
zta$MW=c|5z_T;*Gw8@yJKh<<SWKPz2UXsdYSb-`5GBK}y2&jm^iefD(Q&^On_Gj>=
zcC`G(!>D+9TIe)PcggIH?u{$;*1wCZWU*al4r*3ljQ+#7h8S<5?K>xg&aZc8fQlL~
z*7H64{x8s#|FlcVBm+yu(0t_cd-G3y_j;u7WvSifssK{trnSYIm9ojXx(TI?_moj8
z=?Q%n<JMH15opkb+rDUDX0xbj6&LWH$Eu18lr;8G!#S!;i=^s4(Fzr#5hTXjj_sjq
zlVu$$wbxe!N?0Bda2`g=ypWk~<Cn>y*=ag>1#?|En%v(~l3f<t?s(p*JX-97Y+3A0
z9JtwE*2$1F8jzUatwe5rlSnO0yx^3!W9d;Ea$CDQpnA7$Yp2@l*s9NAc>p?|6v4gd
zmij3+rB^E4VebB6G%Vi2C%gBdn7x3G6ZX<7lhXVS2a(4Tu2-@9A=>`e5Ddn!Qm)-j
zGQfCTAX%+<yVk?;(KKc4jEk<&;mq=}TWpUPy;o1`Al&D>vwHR+6Koc@_QZOp=5XS9
z?4gwRaZg<|-Y#Ic7z?-T?Oc1gKe+X{%V|nBb)pF>n}+Gc=qMdwy&LNE1{u|JR(IZr
zF?L$=ASRYo4KJn#_Ya?o5s6zEN1rqq%jAfDx>sH>It;o3M(dRzdqHErJivqm6Sq>+
zP{UeIau@{?c%DMa*dsMrGARirU;7(-%5-1^3yL+-bfddxOF!^-aVu^e9z5y|%c-vC
zwz7fu3v7FJT|PQK{0>Qxms^eXc>n>Jm<BQ|k9YJ%NE`*mbmS`^u2p{v#clqGj4uA+
zN~z_O7`Wq*{viID<pM+P8MSx@G4?w|Q%G4e=H=V5cEY5y=6Sl|FG`nN?ikfuM_O56
z^3T^9N<ILfWH1Rs&)mt-kY(cg3zc@7NbXDH{>e_FmpHH2oxbiX9-EMWYsy=W4=sCo
zAI#x`3bvp7(b~;mVXNAuxXJj%n@8|og#6T0twR`OQNoYdg_t1_FFxxoF{!Vm?p4V*
zJ3ta-Y#^O*cV|VK+iXaD9lbv*S0V2?xW76mR|&*sT5C@bbdNrhX<;D;zk&*44(N%<
z_ku)(SV2Sb4Qg5BAKl5i&DhosCdPUMsb?Bh<rf$P-^E<@-N3sJ^P)8JaX6f&Q-6Qh
zE)@5nA$;?>gb!V^(;J#1Oy`<<#;3{{N%30gl9{)ZbR}=DQX$W;ks?)?cABasYz4j5
zqc>Icbt^zh1YSANQx$9-Bm>#@U=cIsU}Zh^p$*DkVJ^OrNx}B%lVn0?O2=*NZa06K
zr^G=)B30~fFaLRU$a}R~wgO0QK4Rt4)=v{iwi;_aV2g`pt~^{xwy7IT5LI|!475J;
zs<7>K5<XSk&YdI9dxf14Soi}clMj<mEuiuBJh3)t%J-wJdacmyJWT`3!I&Sj@|eGb
zxCVAN?GfZw_r$fEL+2m{5n_x1KG6_Gf)7Mv6)v6z>Q#l9_yXhu)IjE2ej*zr0>y-O
zzrQgDI7!BVK$2h)zN-Z>_`bIIhR3fMAjP0^tAc3QVe4OsI2cUfu}V5x{Xq21N-!Jz
zh4&<#9W922VcGZaS`+@*u?=Ns)4>cHMABm&9!$4;M(2i*M85)2e`gg81VgS@V%h@j
zWq=`t5E<d)#gyNE^zni~OM_YC$TGi0Mn|;hBz3OftC^$Mm#--kQt>=<f{#3HMxWLn
zogOb~29<w5;0>!Q0n!Ws{9x8cq0(Wc|0xiSiKxRL0oMsb8Jg9Q%!KM0qxgPv0G3yC
z0><QmJ|U6A525sV{`IPJT;E+FL8vT=Z`okyH3~N5a2>$-=GinI*1fBWF&52ujQ5a;
zvcoAS9<$(n#GNZ!Jj=;6>NMVNe#KM=v~!wz;khDix5*8Vbt@dpc%btt@XFdn=M^Pp
zx#J&|cWJF2m76h}oqK_dN4}r+t}>55x%v+bi_rj)AMigf)<%eMsm!QAdO$a!p_t9(
z65^Z)bs6)M1;ylbr+G&*LYPOIm!;XD{8sai(1uqu#Hc#oi#q*H4$VC6Ds9kgNu$j6
zR^S2xk#`TX(yD#T7>^X~j(P0XSdky>Z|#<(fVl482n)dc+eBzKoGybjiziOE`v?oW
zRzZ0Cq7%my^a33a3!osjAIx87!XpaOM=(%vnqur0Z;nua4){Al6|<EX{>0KRp{hAI
zR|-NSR^`pX!s?sQ1MqaPi>G4{1P+Bttp}W?s_2hEXX_6vJ6d8?h`#neGA}rY@jRx#
zfTLN@x9ko#04rl&v_9~hc9AD`{-O#j|MwS7duy*$l&PI{{Z@CIE!Chj<}m_*$}f0R
zjlaEV1NaQ62=9NQd<gg|3F{_!++~!t1-?ZwqhYpoA0u?36qX^;Xn*{Nli~jTUESa$
zJ<TL6f~UVrB`2h|3N?pCZ91BnaF^;(&hvl$GZ2U#LSvr%9oc@qp4M1+F%I>ow74l}
z>6K|QC)rv9s?xWeVi-vXm!`f%QJs@1PDmIkM5@2<9e<Eu`fu2fzrYoF=GfZsp0tfh
zu#9}%hhS)#_i()MDQB*|eV_Kw=cfymIgw6uB_62t4`b^-;O|PxUGTwviGxDqQCD&V
zS3ofo;+1jrfA}LoX|I88qOg|kG*$p5EMf*}=xW|M`-21X>Q74<{`y*&H~bH<2F5&T
znlaA_&Lj(jA-<83Tr6J9c4o@#R|&I=)dGYl+i5<eN6z=Xm1^FY3&7Yv{m>s+Pf0M}
zMkRwqbv&^_N}R9YuGIMkqdE6Rs*eA~3jg^Bh&zFh=K0>3w6ULf#1*q65XwM!{@9O5
z!22X3m*Ae6@Bwuw!+$6^|F!Pm6|-o60-sVMGBKnqyl}AjFBSmUXcce5&M8UPIWhZ!
zJX&lVq6W?XpMDD|huIHGzGYxnF%I79mJ1~^64lVGqiL34ym&I2NI#HmQFzZ4lLvlI
zHkaXlf(MDwV;(J6M8h^Kllmwl3+w#j=E;Lk{#@~<qI@QtC|5n^g0%S0Yot$xS!8gy
z1_Pb|h@UHXmnuye0)<)_E)+O{NGo`=wEx4KB{Ym>ezMHxa0??^I=MzCdokGtq&EHG
z{qJWvffY74W^(;cR`?EMg=ttzPO96P)T6($&K(Ugkd~#>-tznb1JB}o_WSYvyGz8p
zX3O2*UksVa@<dLK(qBC8*}1R(0}BXR`&-cBJAoY+ILUYAziPGr?V|&#%y&HC3rQFP
z-=_Fo927S&rP90?;H>_aum9&iPZOz!1&)lrN>8$~p!BpO5cDtOBf}V<!!o@jFg_)A
z2AqG~Nf-Moiw^TDsUo$R6bw`~ab0jywXEg%IH|srqw_zWfp`8;%KyuUGQ#dYT#~=o
zi^_}VF8Ia&b{{>(i@`B6Tk|_1&HnxQM1a&hKCk4Eau)avhSV(O|KY3RrT+FUX^lsD
zl}8Y)rSBa#$j`mVYm8I);HR>B^kJQT@BiaiFv}t0jgL8=7?sCPqiHXK`5l4C->W)=
zS=BX%r7cUas(MNc7`WnpeA0g(pIHws_Kn-^32+S$716l10@k!Ex$a_3fnF&1(6;}}
zHN`ZfR>lF0`~K=EEV6ac$s6~2_W7YBVvboKr}dK#3NW?1A4K}w2><E9Xuw)t^tP%E
zDpUB{2cHJMwZHx?l>hvZz=oER1U^%GRB8QOFH{{%%X*ZjSmz(mP=LE1{DmIE-m4-*
z9%6UlLWN`GWWj5CGRTQ!XxoX{UMPpm5rZY08+l$kA~vp9E7^L!^ddai#0)0lAr=4a
zDShW3ycXfBhU<d!#(-6UjVSGH8MQvr{q}X9^Z%Ea$ybcPkwC{M&z2E`MHC?+{)OGG
z-*|)Kl33k;$Q*#r8N}-Qd7KcO7Nz6Lz?oWZ-Q>p{2N|;GXAO7N-`-Zg`9}Lca;C0d
z{{1W9%;^alG%o4sj++;+y|H=c9O;yC1>@<Ta+m&Je~p|0{`5^3{8f$91!JlJh<VLP
zjduU#2}QK={n4*(sQ)8l>MC}NF7JhFwKQYs`J*M!o@44aNNeugyfmNxW$!`Em>6`S
zJM15Vm3O|sLr`F5dwHVZ)vPaQRT<{zuU1+1e}6TPTirq)%xZpb!9z)0#ENP(=Mj|F
z-y*30MXU%mW6SwTuNI-(SSeU5(Z|lp`qu6Of+dpi<szOvzhVC$;#o{jpwv~ml90Kv
z%m|Ee6<{1Ul^Qd!uKyN#mdw-s+HZz@)T}Vg$0Q^xUAIlz2>jCi4!e^S{VP_6%j@oM
zj7k@cp2^BlUT+i0ias}BWgzqgqWR~4kLEv7ehcH7d}385b9wK0tGRHi>6oYZU{$>p
zyP&0pf2a4f01RxbZ`N-;+iKjmZpF^~&2Ro!v@TMC-J;3+%N=twX#`zOx?m4(5aLu_
z>=_{7>`!H!>O65+e1^GFQCYu$72hju2C|uZOYwRIfNw8I(sAwlZn7vv10DvHLJQb*
zP)|WyVtL(S6v1WgGLT#x1r_%q(1cUG6Q4)U+@uclV^jgj#c2`=nzZxAz&}=)JxkTD
zwa><&5}u_N*xLbQc`D$xJnwcc(nWtrWCkVk@tBnl;Zp!&KMFk^)EUj!(Naj~&}n8K
zAe!>G>`>!Z><YsWPeubFb<nG`w%-Ux0Yv2!=yZpUew0zc=yvAe5Xg=K>59CLL#3`Z
zy9<cu`Kz9XhZN^)@$<rsw+EKFOiy6ocdtcSFASyA1x+OQD`OH&d=K;J`FEEzqLS*i
znmmSc79O0hfgv5pL@WEZ!K}u=s{R7vw)tkmcM6pg@n*nqOi6J4LO86P^xiw-UqScl
z3fn;qNp?)DM64FfmIYEAdF2@ocn>n3)UOwm7AU5UK<L#NSk_+7G`N|c90)|cDqNn+
zd#b*ESe9092fF0~HJdyG+;{rMM**v*&|fRF1#};mIK!-XRnVC1w{^|j(HDg-XKkZ-
zLtY7ChME(kzH`h3<ySPId=&vXV0yKB)Z5tp5?yrk^2uBG-NF3WeiEQ&_+QVsj5;!q
z#r#=4dvVJQ=;n_eH)S}!eedIW<mBs#angqjFr}M^#j_D26Bgqsd=4W)B;OjprBokp
z)|UViELWA033fl2lQHj(VPx#tO=dGPzK1z%R5`FjLF(q%W%YZH+M7R<6J{_3Adsqj
z?gbb-!80;R90tW>niW)elzJ)IIf@Esc?H84)eZo<kcURiDvf@6%6X_7U_cV7nD|Je
z5!u~CKEL#{o4MpE7#q#Mp3a!Xgcnmik<-XO=TGLOA{QEo5&4vx*s#RThIsz+J=$;H
zlGjkY{vK0#Ey_G0QW*tXsARLw!t<wj`EB(HTg_VgSPBNBqVH7zI8{(Sa3_Oj)-&YF
zcK)>)?_(<`u%$loOa89RT!cg*G&7f@>8umwNp-r2UD0$P7g!*Xp`CRGyiea-%8Q%*
zA6UMaX%LYBoX(i7BOzZTU?P2>Y(CSpoq73&aQD^bvUy=q)icl#@SNKsj^Gv`lH^G2
zutMfQ3Fi6bKT{0eB|Wywa$n8FRiS|M>U8%?U`!Qcd_c+Yj;)A#k*KFcKw1NkvROYp
zK2y1C{XN4$EtyBle5WU5)M*@D-cqZIn}q|+_n1~OcHM=EgOSBJ&th~^xe_SdB0w1&
zF8`9bayf$A9QlpNqL93V4%r#rOBp517xYqjnP@P|3+O0DD;0vyOv<U*9WYRsr^uI`
zZU$TIA}Wm6P14CvC7r{UHEK%XT5AsGI!b0>U7b~}G#}MO)WNN#GT7;t#PdOlnejba
zcPdcc%foQ>x=;YZqzXOx%#^!cep8)IG5;0~M9OnpQnLD%*AaED^Q@Okv^IACR>KY$
z$<)eYt)7wvrE&vv&LT<Bb}jHg_+>(-g1b`sscOM|@NaI#zYH357GZ1fcIJGzh-Fv_
zLBKh2m3-)8kF#O+I55p<-q}45(D!8FHKt*bV<`*jBBNh?-;B6VUR}owCje?){3D&J
z_ue>d-or*(&^3%H0}1L#%5VDL*wg`}>X}>|3&)uN7(W55C>N)_Q3F*C4UH_Svx5$j
z^)Hv}3ub-v47i}fhl%9r6)Wjb39HXvk8(b(4X3MuLVh|!4~!&paZq|+)nl_Zx0K=T
z@>}VMrj~dj7-)ggJ$_!C4**zsK!MD-q?4(#?|H^a^O=`f#WxivF;5wwFr+jP&ppxs
z@%d!kbl9%iRiLBIv(Qb(kh>6b?aQco1gCLv^O<+RDZ@OVGmgqy^?htMpKWTa1G{wu
z=(<|?_mI*XxNOf4fLUX`_~Ix1|B<4|dyeh*iOO(T^rAa{UR=ZHiZ00Tg1}HYJDZ?v
zPEzy2g^18#4lHH;OOKYolnIuR86fzmo9n$5NT2{}o077<F?508+ldoUqn;5`ohq;+
z$DYko*{uy_ONnd)eM;J>5PUdjrx6E-o7ZUR0*X%8pAe&SJ3$#%tgh=OY0-Bm7tiow
zi_7%82%>)0yFdZXQ(#t}BU_Q)bd1v40~Egk(0Kxr>GQ^Pg1(o&V}wd~TQ=JRlr{6B
zVm9++tE$0M5qMr#G(FXDY1bMM2eBOL!g2xS`CY$#rakZw1wg}F0#nh5UB8P3j)K?H
zG%!kWH@dxzi5^4Xw>v6O+bivLZ)yl!0S=;)ZbNUfOv|dWl7A(|mkx26XsQGVN;#EG
z%EG+Sio;21O9Oy8l$M$1zTPEkwh;sbn027#0!a+bnwg^5-C&e5b5O);rXj$5s;1N}
zoL#3*q7ihjt%H<hRdS5Ip697Gm=xlKbOtH|J;Lvr;{>5Og{h+QI-qYQ98`4o)B?dQ
zVJ-#h(F@k$tprjaQB(-jQA|-w5qhF)l9W21K-au>yh_ea=##~LXNh5F&`<b`kO!Sy
zkX_{4d2$zm6GXQiMZ2_<5kEF_gos}>8!_cX>wop7JH}|*5A8cWG8v?xBwK$J-$iW_
zXxSdCr|5h*b4sDbr7r$f+w>Y3x+LENjn{^#Xq;|RAmv3*RrCu8Z%F#Qu#1)HxKJnk
z>+WMm6N#u3t@3idxC%IaSMGNXjl8H4AVok_yPRpNC%IVf-Hf$#iass`?Qp#n+bGys
zcAD#au!IMY%*pBB^r@N@W$(?sf`OV*xC(xfsJS~AqoVlqmGLNfYs@O>)LIcpRaXT4
zf1ygoB){ka0pUdjbZQnx;lJS6<2URij@I_?0R6uzd+VcehLoH?BZQCgIPl@w$&a_8
zQkOpioLsQuOgKvmP-`aC#4GI#c?1LbdNXX^S4>VDKP;G7$JC$nUIG+;3rx`k6j^8s
z%!Z9MAJ%o_F)StWzx+bO$~7&EKG|VEdXxT?T>h2^mJo?@_YRX<p1O?zxA`K2S{6>R
zkx>sA5f2;F>}$@IO$v%OLA$LGa@^{OGFj}L3w9_@1^u@G_4e!)^6{R-2@$J^kL0nP
z_hTa`pJUi;1?Y^pZzvxtBFt2`)8DMk<A`vN<UjfKO@)@*4!lp0`&>X`@Xnoa`J`$v
zsNaj%B6(m%z#nkP(Xp$Dw?u|h0wXE1KYaNTAmzvvjbQ9uEG@|L{&kyf63#*3nA9`n
zIR=2#YbhgNPv8qA$yn%3^1de?XeHj_kEHB6bc*D+DmF#1=fnfAaVGt`hu6H4R^OYb
zinXMA_@ADb7#C}zn92}la*+W`iUjvl5b}Dc=!U$tue$$s_agiZ0?8&q)fcbjL2yw5
zE{L~7*39q$Ipc$_r8nK+5txtFtsG5iB9*W`ZazZ~n682Lda>X?V<@2jD@iL1CE{Bo
zcKR+l9s1|zgXx%Gz@Jg+C6%!gOk^>x@TM*TPZL54iO}@|jI1|f;ksGyJc|?7cX3Jn
zfU+e6S`9{x^-h0a84a?;o!nE^XwsJNj58%%3aqqgUn3t1rceh46UI|+s%G<|FmCLv
zwXwXPTp~bcRq=3pByJ>q-k<ScCc$&l2f|S8mbosy6d;YwhM7Nh-fSpz=Ct*@v<o0S
zm=KZkcwW3puUVz92~SA!U@c%+5jt!-^{xt@!11AR^@<ippXa1mZgLGEjA=q0&W@hs
ziM4!uqr%F%)Dx(e^W2;lZ%vE`YpKc#mhYXLW}KG)Y#GeQn^pw0Y5FG|Q*aKEw)*UV
ztz(KpK!MPAlleqhY%uBE#<<>@Qu5NN#__CGCeLJEaWF<=d6aXY_u=t8m3z7uYH&Fg
zZW=akOsDAoB`wi5k-gQYgz^MWw#^g3bN0D+zG~StW&_Hr+eGE^0ZrxTbFIXM%17$n
zv<^!)1#ThB!NO;UE0Fb^Wa~%5xs9O{C^=*{83Vlog_K;JXQ7u)iOplzo$MD^61noV
z#b0#qauz>Gg(yb#le0BC=23L=KE;H_ceWy^GKH~>C|T$KmZR`}Op0lyesXqEXbkDH
zxZT|ycPo1QK>6Au!_JGOw<spcqA|khirzXxUx_I}uRuq65LJVJij5V3_WEhO*V*Vs
z_uC)1TNJr;NE`;UQjdWYZ=wMQ)T^5jJp$NNHsMBg=y%Lg30{W_<Gf|*j=%z=QTa95
z8n3;<fIzQbgZdzlb;>(JAqo{Nc^~GeNQd4ime`T;V^xk@01B&07N4gzWZpdHOHB}K
z+#AyhWmoAMFM@s5eEb3Dt|kp@$WKabTW>Kr4f%rbk)+o%_Zkn}J;5*2Qe6TTBZje<
zG@luq0?D2@DKd={iXMkC0!r<Nt$1>@)+2e$q|2zbz_Npe*p*7Wn5BiJMcbdgKI3Mm
z`dM3zE`F!P#@6;xF&&^$AU}N#H^ISW%C7!2ueyx+l7IoQ8PPX?76Q^kg2`$Kds80J
zjAFlg=nQlEzN28Xz@-0g<cRLkqo-;Xh~=MC4!Fq+pj|s3pKMds^W%f0ua|MJjX)^5
zd78373;AR#HQi0*oOtaiU2@*E^Yrv*fHtgZqG-N_m?VO-xb#$<b6K9P0~M&zqYqg=
zg+S)`#kIbMZJ#rjn$w5o5C@i>9<P0chsUDFv5FZ$33??TfHsqn7!c?Elz2BeF#(~0
zbo=i7I)%y+_U6+9sfb&N-@W%ai$8{H<8%W6P|#_{hB9Nfe@Vs9#<91RYT`w{n}^D%
z{?c=p`(GCvVri_2PgK}z&A&6c{=YJ*4f7%|QsnlS@{|K3XL7^&&E_z{Ap9wPiZUCQ
zZkb`QuH|O3X&GLaWI|mz3imK{Op}6;UjPtCv<X~n#^|1n^NLMgy4<grg1XNT*P1wV
z+xq}o5qW%7WpiVqJWOUyf)?)lF$`379~yJD<*oumNbgN8<r8pWG-F-y#m@}Yd7G+u
z<0`eQBF@+Fk3t~Y9l;ETlmUdG75T~gJ6?`N21rd$8IPQ11abo8iQfgjp1sHfSk$A2
z2Uv}Sm1THD8+Q8Z8Aw!Ri6NZ?lyS!elwb2r-QGnkfrgTigHoj&Sp9yf?8%HAnAzi)
z3`AFV$vnHW1sD>nH(2*q1fABeFBk|LwK#!LxBDCr!dbPYU2i$q9TySvQLk&V`Q9Rh
zezm_U0^C$ggQSo^L@RH3Al<}&Om_mbHA*V8=d?G{Ao6wUr)~wdf;(NcRJrp^15v{R
zDN~lo<$E_U`ra{Kilo6JM`ilo!uYlapn55`1H=`2Y`$fEZfQK1gl8UI+T<RiSbg{Q
z7r5qHC?4KakNQr=aF$c#_37Z$qvS^n42Up``TX2d%yyWrGs`TidUua*0ztF0)e=Au
zwtUb5QFmn3&o#KH82mdYF5*P@(`A~*6ml^n2d8ucLvk6hadAHA+t+ChfB%2pn6y6B
zZRb55=1#B#%3Jx;l|R1{a9fOU3Dam*nrBZ|+iXcvA#}F4S9ycJ9KNNpR-M26Z2j@!
zVl=4+C;q!e|HL63$HBJt#ma;NVMK+Bf{?DRhk*A<b0uUbha4MLmGQ!V4)7`)Q)x?W
za^-lE5w!ff-^JB@5OSJW#zjI*mUsW~HN*lbMp-ZMKwaZr^guGNQW(TX+MaAAA1<#R
zlI#bXkkt6M-hEcE0vDecRJp)(>`3b|IRlWvl_sd!A7R5CGmXC_PG+1NP0)NWFW2WV
zMNuc41R5aV-YF(gA+P{kNW*N6-jn|H^~YMi_63hNYPOp7^n2|AGRK|A`A(^|-CRKY
zYOTFW<)=^b$JKZA6>$;qav2+5PiW|>ZECiUWXB#i@C36P;1@nGQf)R@Fk&~nr5@E!
z#^B*LWYy+aoA6MHyp;<xpq*Vc?JS^HIQA!bRFJYBb`R2{bxgG+GU)Q(5)Xf1jmBK0
z7QrQL)bY!A%k%%7mvo+qDe7}Ur-|^X9Jf&~gPcK3f`xNH`0Z+5&6@cTd(a4#ceKaL
z;mvL_UTjqsvnGj*R%9A?j0=+YdsUJqzt)a{AT%p@Sat96?t#Hrw+SXI7@%zM%(xm<
zzG~Z_q+i=!ZeV4g@aZC>lh2D$y0_uTrf&zLN08Z2PdEXrGL=`?;?7e>iJ1ELvsnOs
z%Hwz0{Pet7Gn=j1(iD6f5LNNC@blRrDi=mDom7kp1wq9+M9(l%b9_b?B{{Opc3@+n
zkBPo7$H8t!kARd!Q{m&vy)mmjhlVuo@DkN;fkcIofX&v^mvaC8e8>U7b`76F)c}zo
zQ#Q8`GlhuV?y%CNmT8^1!UOvh?A-XBZf-_In+ia7^dRPLH$k?-0U_sRu`~GG3-K<q
zX;bOj+hp2`6p)6t;Kl#exXARRSsQDq{5bu?WR(S+nlf1Swm@Qgtl<uJ_k8jM=OKbY
zksw-+!%u(QEtpaPtx{=Y#c`HOZAcvo@u}a6z>V5*_>Ux71{3M;!n%O3{RgSAJ>0Iz
zz%m}zw_Wgp$0KHBAW!D&im8VDKla`-EUUC_164%9KtTnhG3agqX(W{nY3c5eMx;SN
z>F%yax<Lh`yIZ<L;GtvR3!HSm{m#3;@8>=ae=sx5a;-bAJkRrzgtJ|6{^v)awEFIv
zi{;2npkZ$sP1<T&#O!K!vX?=3k_X-MDEf~9w?q>h0XQz&!%n`s`A1T-<Lt-rmqk>h
z04n4ax_|d2`f<vrcDPDW;NnMOb`Wvihayh*^Sx;V#m~gU9acG;;!#(eqS^`Zwwk?#
z1h<OJy4y!wmZUoS4d`#<&Bn}0GF0A-_dhx5bXk|SoR_(uLmWOOpYRN*7R}5&WvyL#
z#TZFbmN2GU5H5gN{D{;P#88-_L)2=g)p2#IT?7KvAH271fKG;=z$y@ysa{1dNqR}a
zI|wRA4+sWW#;uYu48jY;ErGU@_YVguodT7I3JJI=kf}>okIB1}XCv&GW=^F4%+;cc
zE#>{J*?i=QfARgu<Q1Sy2bJ}5Gbh@fC{^tj77<hug*VXs6%pc^CHAv~{FBw9Y}7hy
z?L#iPEh?IQ_#naQBBcHa2>}_oc)~FVh_lbx>nxmSj`^V2rR`BR>jtzzCijUkEMrws
z3B0yk4z}oX;k&8b?+ih>tA{YhzJUwlr%*&}Nb(OO^DcpVVBV%{K1TK>N{qKc4q^DX
z093mOAs|Nx+wwqecCoTxHkgfoO;DEf(g^8Ctz(ZcNp!|=p_+_z+KUo#L&JOQ8KC;}
zK&=k2yu;_be#RpiYDHLD-Hs*g59LW;kGrb5ZUKc|4Mg`xq|gj$DRkL~VvHXEJzj~T
z-VSN&V=%HzG(-nyaQIPxez^?!>)Hp<#|{}yZRI?CoE?|u3o3}(j%=l-wYfG2X1=?r
z$`q1tsgwMHp48U9y^+pMP<_j-Z}EsI69eK9SOrUvaWg*!N2h3GwOh5jrWD+Y`}fnh
z55T|b2@{&=C;nuZY1x65;sMIh;QRWt?I}+|?YicOhxc!WOcvM(2&MxJnXH{m7xRT7
zvpF|pc+HR@Q$VcMjkVSp7zZ`lsq4nYKwMmf<3~Ls9Q<W+qzj;M-J`=@dh2DvGn3V)
z{m!Gt{Sb@VevdPacRcboSo_plTuY!Ymeg(sW^^Ni#?PW8=h^YiqB-v{MfL;D+*D9n
zG%nE)u!SnEv24Y~gzLK2a3=Yz(2++TnAcF)<ZlL)GJ3_qw7Nf`_trhqI|UquKI2l^
zW8~&mLsJkpce1S*Q6WwUa5c)W*r*s`e(bH;ae;t?V34}PMg1yY6D9{qE+vgQ-V9mk
z%S`_EzPtsf$Q*0}t1m?oV;i(wBuXN^08$2R#?<F-gSX>8O%MT6w9fLyYJ-kK-*e1R
zmsi^1E4o}j<>I&;IV76JRGsldYK+}B=Li4mps7b95!M7!nHSb8HlJ8&qFPOBIR;m^
z|AuSewkEj%GnJDfw$MKXjTD(ZI^Lu6^dSKoDq2f2as0t4&d#~u6xXnk5qTbMxO}EW
zO=qw>0dml!bd^!$L!2Sfsg;{wZ}vkP>;(ZhEMn12v7uQHX2h+)un~dHRiaH0=oLBl
zJe1hYC;(w*4;u1OLs$0EVzNVoZnECJJ2>_}`P1KHgV%st=*D=m%P6U_HR61Y#b`(Z
zrEjDOUOZ{neJPf93ctVF;mz7g=||y>MwfyoI}{S@{n@1;BdLBde0Df!EH+u0^yR2u
z{w%u>v-uUk(#q7;GBF}pNq>MZe5$)GkA!FS!6%YVv*PZ<a!eyvXu3xqh&ijI(Mz1K
zrut(Wr=8%d>1?%l$=%_!t*wB90p&=sSI;bFA8^Q<C=2tko_mBij=*k&-RhU4#Ny7c
zs&{%;Z#acq(XZ805PemomngEUAFHo?FsDT>bZ7}GJQR_lL}S*2wV~;F@gfP7#N!Q!
zrS8D63>Wp|ZvK5|n11dI1m*d?-EQFQ)#V6XjDB~J^ZREVT#)Y4ohXUf#h*^?i#!0W
z97gMUw7FAXP*>8Z**@OxWU-5L+EuUy^1CuEG-#1MK=D${px&F}{XmRftPksomh|`|
zWY)P5X8~k7-40x9P+Ezq_-Uz@5L+zrz!X#ip!~R;nI6Yz4ILp;F(}Zomnj|1b7MQ%
zVQ8D;*c;2u6|9<xr5|l)Hq40+$IONg!t?_c+G3OO<95`DMzZg+*^H^e*BpH9N}{~2
zUHA*-7~>csE5l}icTb9Bv)!~yqc;Bn+EIhD<h7Oy<9(n{lN~=}*vGz6WsF#?S}Dc>
zw<-pqeJ0aL>X+Qou@q2;T#cnyiWIB>;&-clME;<kLu{_f2<v>BJjUAy$mj_m1u&S7
zsh$y(AYUf{nWt`1F3|?yE+nbis;6xg1wtj>I9Q8EyUp-;1zr-9$sH!ik}g&~$lU`L
zD=(lAT=m>8(AHLLJ=W3Ws5kLTZ=f^}-m$fv3k_fEjj}v6pYxLTK*+s<Wtnu9W(p*S
zUGJu&+nx#mme$$fk`+!)ZOtKIAQyjj_NMDJL2sb`n?C|=kPG-9XqS$-6u1`@q~36~
zD6S^adkVz>24HL^Xjw-(4#sD5AH-N*GYAeIf3dgF84m+6WLY@S_QfWMM#42q7{DJH
zk2ncIYz9U7a(mEo!BX=EvoV<c1`0la+9*sPrBM8?&`Amo!@Ni_5N(Kf2KH4}Tz{=_
zZ_+{BP?3qgh8twzF0x>Vv!yCy7k}BKFM$a|rflKd<-)<l%Q|cE6}z6r{fZ|z^Po_X
zMc77*G6jYbOE5xStcXX|y8o5tz#*8O-2L^7*Q&IR3z!qow;|0T+m1cQ3nc~13mfU*
zp6uAKgzBNpSN8#OSXk3u-5oCMhm!!A9qcVyIwPMzsqMX41f(?5p4tU;#vD`~?#~4F
z6G!*S8;_c3zK|cxt4?H%2NNVZx4^8Kk(hff_4Iezdx?V^0xc?S)`|>0$BWLUQTj)?
z&SVBvTw*cgoK1RK;^D;-7HtvPaOEOb#p**6qLC2_IY$_jh2@yqUgzM+bmWGE>a|_B
z4#l?U$zk+jMTzjfv1*ND`QZXrBUbi<E%negpS$%^-vF{2j?}#!(sl>P(Rr05bPIQe
zGPT($CE%W?V=`T^Nqu|Ov57t+C%g4>-C~=KN5=To9?M;c$s>SN-OftK1%#8m>yfSz
zTa3qB&9uxsIRRu@->-U=w@lTROY1hL<TGBfjQ8>9D#G0c<Y;6cA%`2XTF$?ag{g8F
ze|038AyB>x=A!$Jh+97=_-<pj`qv&gYKF;gxCQBis`X{iR?`5t_-SoXQHB5Yk(=j<
zegB7Z`$2JTKP<d%;}sEn^8?LA6sbr101*yHI0;lF>`DmYR-lLYcmSN-fxaac#V8CK
z4b|w=^r`n;8@m$g-oxf^U<KdiU*vGypYyr81-u9nUf)X;+^4kN&>WwP$_;8vJ(5Sm
z0Po`K3B{SrO{XVF4_vb%eDK+Kv5#al)ZD*md@BRedWja({JybTy+dR{GTto$3Ce)0
z_E^RQWDy?pL3j8GK{ALJ$|$8xeK%3Ff{=F^WamXvce}}V5i=)*g-MpGzh4)rp0QFw
zbN9_$>FGHjRse#1MJ4+R_IYDZw3)jr!tP}A+nU@AAu|8q4618>fx6vI7~4~MpFs0&
znQL!cUO0PPG~Ps6yH2<Thj9@X_NvghKPz;ApG%C%WGsc(G3&~YIVw#aXG7HA^WzI}
zQvGiTV+cj$83?MhU8f~aUT?8cm)<ymiue-67jTi-jYAT#Dm9wdrW!9qcQ;(*5=@%D
z!rxxLBC|c;P7xu1Uf2u5J?5GRr4#ms#ahjGjcqDSJ=pj)jha3@6rd1szkauVVHWT%
z3&cox*J_-OurC)Qe_HzlCS}2+1{`Z-4R4I{v`MsTRJ((zF%mCho_2G_4wd%$T<<#C
z;dQVu(<c?J%q!Q)!LVXv;DxK#d1e6)G(9VOBk10LM1`F3H`}I%URi(~Q;)0$73e_r
zs~<16%A(&R1I(E7NKc)ZK=LsA!*?CphmR+~fR${BH~&%uCi!O4I=p)V-jgy4xcgxi
zT4GNj1`~D>JN8tTN=X};X*E17>Vm<f2AlYn1=3E%(Kjrzr6#fbRjc0fpjT8_%)F9w
z<HrOKXb;N7b2egGc33ZmC>4IFAQn4bQQ)$e)ywrzo@|v;r%-l&1y7!@<aGkm9hSjh
zBsoao$%F9`A;)^zOi_vPmU6iW$H6RP^7Cp?Zp{SxNHP&u+;*~!M{Sl@3y~rYL7tj*
zbi(UV(&Xp>K3V_aq1fSwiOkd(n6M<rpwlLVTt^Y3{N{s+a_UTo@<6<zrsL*!p5|`*
zTLY3D_B-_0ll1GWgkhXOLqaKejw<H*?*NI57WcHkA6ON8cW=)E<PgyvF2;}<o7S%L
z_Kqwh*z2EF4A7J+T+c-zR#QK(m;d|C{dSf~#x%~}x%|#G-~_W$_&b*r{azs=<$Wg^
z2fb3*OC4s3f>%_|p+LFc&0Ve_d+gIpLv8wwKh$DnfnZ3+6@ca4SF=n*D|v_OS!PhC
z4twtEV3w>Xlkvz4CZnM)WPYGyqF2P#aNlB5T8u6&Uq0tmrW5X&v`_ggEgvK=wcU-g
zvaqlCSPN?Fk?RwsXQ|C64CIb3R>AuLphau`5*qg*3J709BmGi1xtx<u!d6o6spmy}
z!${1GXxM$=u%I%kd=#3cOt(j6{IQ_nO-TeoIJ5SR;ehNHbE)i;0JZm686$WMJgf=;
zG+08^f>)MW=KhWo$O2gWb9_8-kf4i7^AwN*vTnZ_fxz#CHRtI82lXGA<_oBO^O(T<
z2l``of!$&Uiq+recUzehTTfQNW>p#-?vMm$PnUTk&l)Np@YsL^Qub(ft+>+rytBJP
za`Qsu^*5vfKwv2ShN>r%P-VIG3`Lt2Km?1cS$_KH3s{-Y-(h7DZMov{n*Ge9Muu&i
zpf2m*oX+YA+P#ti*&wcX?t^~6TWmL(2QPz9>u<9cC7vU@SDRem8v$e)AnVYvrWmh4
z7@LphQMq;Pe+w8pN7nJqf$#z%1N`q1{PumXw<`V*U~Ed*E%a|U6P0h3qMc8~lCV9;
zZ-xC8zxAKl7&Qpm90pzB)0BRa6BI8>VE^C937r!np$XunSbn|~I@BJ?82NAEet?Zr
zOsl}FFf7%dEN@CBP7ReA{M2zT2oI>FwC8}h!at#R{}mTQ+;yu0?f(YYSk*CWeL=Z|
z6<P7ny?=a;xV(gL^&HP@AopKF2{maXFoFl~qLO0P8DGE$?*l#puyWeK%4IoAfp`(n
zDDQ5n-kKTV`Un2XTkds4&I4QZb&nL%FXt$GdXQA!x}0?GaUp!|br#=>)PTQSHA0Di
zmC)3Gn6G+_#+?v@(;DRIj}2pbp2J}0?`dJe-HdV`0uBEpZRiU6_5ICs|Jl7u$U+eE
znao6^445nkV#(1+!xvqkYEesZ0^UWnNb~&2Qe*y0P&tSa&OtQ?crSjECrrQt24f%B
z>VlKt?7(+{?S=}cf7qbkendrw_z>r|usns|kd%fFy9J>f?43-`Pu7BO1hnEeg#XyO
zU!QXE?1OVw1fU)aB?5j2+Hd?0Kk)y<Ls{?mfVaV~00`hea0q|@QR32Xh-a+}HDAT-
zv&2N@w~~UP(69QQhnY73M*cVQ(tmuF7pf}~awUBcRo}cUoRRKbfUw^}YLeCqO&gKC
zgYlCS64-xDqW-c_{Le4w8Cz^w`w{^Lwvy19yNqlL%t788&Q)W;r>JxZ`G1?k3?S9#
zm^7mU35=A8s@uA+CCSg9Ap<dyDbj9iWB}&DAcM%y`NY3%&7U{Sl@@}z1LlEnY{5l2
zW%1mEaQ|CC`v1>7`14u&|CtB>m&}7dAJjkH9alh(`;}@CGkN*>g+cld1#ThGUOCGL
z#{7&UiT|JM)6Zvn0|wLu0f?XDB3$|(c@Y2UZ2<OObBnF^iciml6W{<&Gn!NWv;!h!
zz}<uXY_0$HEJ6{;JOMB4k%K`V9!dqMu_4LtFBl@+<-ntN{pmVRi@a{l9r;#l_z&}@
zFS$NL+n=5Bup`gZpu50DTA$I`shFewM#F%5HB*Dis(gRgIzZG!C2fSa^!&pt@l#|%
zi4K2l;W`2T!Kg=+V2OaeGkN{fH=QEiS4;o|*AvM{=;xNF4A~Z8?vv^*75LqMuw2~z
zKZ}J}D05j{%z6(mtkvTSxAd1!{1?1d5J`#imFt?Oia_C1^iNXjjq`BI_`fB!0!O77
zK?#w`mH`trj3hkcAT_mtHsG9)0kV~IUzMfsm*@bbp|p8pi<swM@n_?j@ZgWI*lygL
zOsS+EKsite{sV{fUoapjBvf^`Ds*9-2DztR+<=~O5eFq~o_{sffBV&|p!T|@h=4Gs
zQRaU^J^6ax%PY?L@5A;PhzNsqL4^6=&}tNPx3E#b3pxGd!a$r-f&Q<5iKPA&7bfSg
zQ0@OcQN;0TOPD86tI{a*`1x);=kHcQx@<ZCw6DM@Q&}KoCnM}51tI?c`ZgPA_h8Dh
z_*KL~T7Shx!!5M7%b6tiD4`m2tl8J=fEd7L0H&cBfC0HamaE_p^?O0(r+zO)s=vWo
zfXUz&O)w8mGiZ#pkwd{Y$^t@>9}BjCZn{D>!<#%nwFs1syTeZZ=PVRv29?zqL*}Nz
z=mO*;Y$?u*!+K#<+!f9M4kaOgWA|zCuugO)05idO!%z2T?#Nao$h1dr@`3tY&W(kq
zO*F24)D^F+mwFoR9|C00tE5d)8oaFCF-vjFW1z5`0p<Y{cjN<zmJ9(@a+f2xTl6cJ
z6cx|49h*r`r4lcv!B5eRnD15g+y~I`PUY-bNtE=uAZS6<s(wB`)@8aE7d_5|^ODqe
zciFRHAXZTO=A<$URLn;5yk8#xG?zS(#bhzAAS3}oR%+Jsk-Cut)}WFg{4$cBNQf?R
z&L_)>+7+PS_GCdVg!aS%{96Afbw0io!<w4`zA81NFYQo~-Jm5`FN&o93m)y<<MhXJ
z57rXoV6*5a&3B%0J0;}OwXo@CeX<@kmRV4F!(bR<YWQ;QYAQjB2!^8a1%DsJ&G6K_
zC{Q~@&$Pv`TjI9yq7?1<!Vf{wT`Y0i3GFh$Guux<wjj?($4`F+f|W&=#lb*}HMs;(
z9G1t*3!!$oFsKb;1352#CcCXVpJxX{te}$8|Mv1iL{iEzD4o#~G|cC|&lp*_OKMs+
z<q4{h$pSASq;v)VZ?Ty=-K<Q=81fju)8fU=2{jTU0-2?*{bH{OO%UzjoMO2^EPA>2
z&ID{A=YYd_uVf6=_C`${uoJf&6!SGFkT%j@#&-t)<n4oTGr@ywfEdX{3<Ip|&O{M~
z^FZiB0OWkbN#Yl_RL)99O|k_7@spW{USENOi5QuHtRn-JW<#SWzrLW$9|H~Dd9OY&
zyS{%|cTXOSr^yas*5jAOWE1G;4CiJg9nAVbLvACR2rIgb5PALqna&rp2L3{~^!@nR
zoFvAm!s*O~cz@Y>g;^<Ud~Zmp@>-kGBc&V12kG(sZ$xYQPs0~70OWElJ3z+gCuI(l
zo&#t>>W0EJec`oVK+dR*ZLI)kX(I;%be*7d!#(jA(x9eTsiKm4LdSM;d!<J_dbg}%
zCV>5}{z!>&HkkKFY6-^2z|wb$DXp!0Yeb%ShpmC{&8^4Xg76B=!zne(L*@>aCR1NM
zmI3mb;Rw_-gY1FsONh!TL+7(x49Zstph%gjSZb2I3=je?87C?A_jlf7^+L^Iy{!?K
z)noOd&OD0VQ=n*?2@OH+2W7JUgfD5!M;qaWh7_s5j%2nFN!S!m24GV6>{airCo#2_
zN?I@Xbw|wxQ>ge|L&45)+8Y%w?p}>zHq5GRQBH<{^-eG2`gL69(~X@ys$NEuAC!G}
zIXjBiISYtl&=vEja)#x`3b#xG6;r0@fvikw7YIZM=4<!&ig%ioP~E$tFMrRtN9Zfq
zT0PE~Pb)jS+PJai-y-LeuVcA@sXsHZ8aG|5pav?fDM~8gFR>W+dt@yNiLkuVz7^@%
zH{&YcvszhvCY?`YIS%S)Ts>NT7m6rxByE+Yq*D2Qq!EM)YE0k=poW0chN7ria<HY~
z0@cwk9o#+%9k(A@7L4qEDn{g8JUW!fhs0#ir>BW8uoYv~<Kxo{YHRV>^jhAm5Zt7{
zdQVI!X4~dA*Rk2-Pr)<S@14e1Gq?sMwH)q0$GCj?x$C8ml9C}*Zwc9wyd8~v-y&RR
zZ+b-9Bq$*#JcMu=0Z~g5F@)#}B9>W<se8uTw*tKPxtNFVqiMh5y&J|O^bEP95|)`%
zu_Pk@reCz^=<I3wk!-)yUiG2u+<o||(}ogpug>1uXgI{2iyYf&UtuC4BDy|x;CTkv
zay`=GOo`yQm^YL;Ub=)iEX>a%b3}Y}6O+2@-BnX*1B0wlI!y=k8Os&QKz{(Ml<thH
z&ahhQVNuABa9AH>eTd9O7Fevm9b=-&>^$R)5eP7DbMr^zZ!jybX9Pam@>b4Py!Q%z
zn}2Sk*s#cYMJ|eoqPt89X1Q#Mp<G=&C&PoooYIx_oW)t|HGISX?-@9EeYIzoV5fE}
z(WdnkOugwO5+){j1N_cM8k>PGj@-thCBcU7@u<^#t+1-q0o74&U*EfXR;K06d!0r4
z(#3p?<{G#_YQ+mUKB7jm)gii*2jqm`?_BPu@jQKhwS@2z!r%X(k|QFZg`B8M^CH?D
z!(sjz7W?B?t3!c1bC{#Y`gx;SaV)gaYMu!>Y6vpimk^;ppE)lVBIP-C4m^80>;hUA
z`iotIT8%4%E>HM}u7+JhBjEA?mX^X8>9(Us009^EihyJ%!55$?9-j(kWHjrIY;Kw@
z`3)k?H_21uGF7VA*|YFOK9>*B(*8)tz#x6&y*heb2LF${1t@|Pow4kVFJ<I7IEV8C
z18vsg(w$EZCBZdMCAzt<+YysUuierGkVr(2HCf?L(+L-*VF_)#6zL?j7IQaZIijha
z-49A~5)tv;83ZsR-vE4aW7|fcQGB(Q;oXU`Od{{qgBgU0GXR&7;Qh*&x7<)j#W0^S
zpVZ(hHP<p_KibJPNsKtSR1n*5*!m5(y-l;XgM&mq<vLsJ!+{?){$Tz&$?&Ifpa(@t
ztaD2qu2EH@a|=*6d4PN*>It=T$WxQCS77tQCse_B*D&tm<m=SI#0`@6_7ypWp8@b5
zr=WuXSGY#2+2N4+KW~)G&6c+Ol!!)y$%noc7Sz2+hJ%Ria_}nG;bV)g>n#A^?qkQD
z?`e_9>mD+AdE8GA@qD{qyS*L0GUzE<8^t#4vN7RAN>4Afd)C2z6W~@j3mC%|A9nX8
zX^ZMdM??rIl{gZg?-!54O5Y$`rNG(P{PBV14j_j1?yild`bnjV_#iKR>;sb1<?Z@~
zYA)kM5!<(+YZ4rLxDOOB_q2AX&eU{*QCk*}yOk(#tH-kk{bZ8dMei@1oZe^|)7hBd
zcqC%`ai3_GZo-Pfa=wj7thAl?7zA_fi=6UYfY->d+?yUK#Gxve_BoDLz3RooJgl}@
z_P{K;TymD)o|1cN4pdV60Eckb&`3};F=`J5Ypb@N>qeI^%&^sFd!aquVWU!<dFuXx
zbh=n~l;6(xKtJTeFB(Q~nw(sYl<roaogN*U&lJzaPCNkD*~5Nkk!*CcyfcnN$+Qz4
zqYsnPRxpj0&3xM3yB<G*U_oZh+&tK-+YwMb-c9P9JpIobwZ$i)6J~QH$zl4Mxfa*z
zodxSd($?tF4_g%<ylaMO2JrYVUq-zI{pm++!!OG^>OW>5<`Psk$PD$mLm=jLTS194
z3Fs}+Ycm9rv9d<W<tab((!CFtK`s$Eqiibpp5fDsO>jEEFD;G(Ej>fP7o}>@N$ab2
zxMS!2SdA57pzy))7M;sgZ4BPzWUobDST|R?BN+TGpS1uwEy`)e%=imzFjEfO&DU5c
zF>y6~@6Cf4r<#^8Ur|O_sc~{x@@FyOUoqf(Dhme+H8d=Pxk`cnDbRiUBMndF;KY2B
zF||WI+YntooxM^n7$EJ0&E@>={W=ix5A-V<hv|8ZIa9v=_I6NEwMZ}jy=_O+)7-su
z)}`)bBoOAxn%FCeS7|m1MQ$B#0trpBK}l{x34|=QTUYQfM_ex<zx~@EZrXdFD0URJ
zHA@Nlx3B4Jx1xsRs;UqD{LQyl5p?b--+YNjXI|h!Wz7VO26MWUT4xN$4_UDp^*$7x
zZPwlK8C;x8QvAep2-=6<LW6izNAP3X8|eTq7`{Tb(76AsajG2e-aU%P#*uG~jB?&5
z!HcHW=30Zb4h{2;C`e65ihL#<dpWkkPRy{F3>eKv48**~YtKYOLPO`+zW*q<{ZT2C
zDMf@e^~`oNdn;pi<_f-p@)-X}xn;T_#o#<>rIJ!$VPVx9Di}6|C*%O4$L0D)@iaVk
z8@-p~HJ}YCfQE)<K@j-T?<?~Jjvd`=o~S|B`L8D_sj1CuE>DO%g2?jis1_6Xyq0UM
zugGwJeh94>9yamV-xmw49k&D;v|b+SzpdB9hosxjpP7ADlnL#>d7J&>?4fQ7d|q{3
zX_sr@Bsn5rwYYDdr9rLP_|0BLdSH~*Y~-~VL7T_m$2quG`Ge;i=xCn>&Xh`x5+i*W
zv}@xCVh-*5v$P`PY#Rd@fu3anBVCC+9cQPxtx0DTQ}ipdIe5IouGMpLhmp+^b38Sd
zt8>MMXJQ}--JTEAX^RnN${Hk8O^zIV$V^eyK?_@IBWqwa2yX?MnoPC5HQC)a8x!q0
znM=-U?+WH8htgSeoep<W1Mt{e_$XrvZQB}bjkh&kE3=F}NL5J{K?g<`ADv7p<hHNS
z3ECqKf~$x!Xc8wH83tpUH-GVYmk?ZZ5NteDvlmQ$TOb}9QbFrwky<|&aI_{`K3zG#
zpP%@^0vR@@a~a33#!KI_%u=ToP#+q!1?tFRFQb`5bu_=d?|y9TpA>iF%fRB9+SwtO
zVwqXul0<N@yfk1;J;&bQV|3i7)z>wGX*j02l{>#~4oU?BhT>gL75HuMFftJ^5PJed
z=aWEi#-d{}*+E)MbRPplX9TuzIY7%~^7LxClA*)#zB%^OO@S=^PG+6a8bs~(S{gt@
zDMHK4Q(2XRiKU@a<fJPNek(B=wg3a(akX`Id;Ms3gDOEoQxK1>>=Yx6getujrjQ&t
zgM)}ml5p72_2Y8g!(Z;%C1k|Qmn(T;vWUMMub6iQLS9Wo?CimWq)OEu>PY9S`5h4o
z0q)i0?wb{yEyNi<uICAVx;LyFtv`^XAm^Eoer;Z8@HXDaim}X1V6w=_$aV&lw&67#
z6u?R)PdE6r3XMfX&~1Inua4XVLB3Lc$0t$RIU%(Gn|@y!Ntr^1Bh@l9G!HK?pyZgY
z)uPW(>2q%;1K?e^J_Wy{hY<kz18rbE00=^7eB}sCybuAxvL8kjl}ruqte|XV>}#YS
zaM^98yvi=G%_IpBn<v$#t`cB?^|v*&6o-0F&lC@;rt7pvHMiH-^N$qFF+{Py!I#Zd
z40S%3!?a&Yb>31cY-B-x`jQ*&m)JYw!S(aXoEz<*KO<i|KSZ}yca!ZWJ{vi+KD|1(
zB2UG>^8S8^o#mP96*(9YC_0?SOoXq2jT(E4cR1YDd`cmgL+Vi!L?qe+MkDJFeH!$6
zEU`^4&NVJGgp$nbaiiPk9*O%t8#jw-Ps(-w2Xs;<XWQ`vJ<|<&#i7<$B$q}@VW^2J
zWPaf^Y66t21`XkhdiPO!d*5`W2nQFXnM{HpKY6%tGUSNabb@l3I#C(EKXz?OThsol
zRhB|_nAUivbO`3n!90K`>N?ruB4mlVAENsro`=a`AVfnyoI3X9(Vorg3Oyz1qW0$Y
z#Ed2(Q)0XIZEItuvv6vaq>fnj$iwO4N;?!&>Tir|-yGaF$ZAU4MELpf@|`WJ;_f>6
zdke(TX%eGTD@XM7_BJ@7>kiyM;`xkrZnChR#Qc-V`fzTt8h$rfUnofZNVNkb0#;`g
z>(Izx|9C6cUHUS*`#@;N>b^Ewn*s)<&$7lGY|r;r?~Rifzeh`|aszRu^}BK){?3=9
z;#l~d-L6L~Yj3lzhnR-P4lI-g-fU=(*b%L-CnmM>2MuPy5c{yj#l*g(=Qqno7X{(x
zj=@;DaD+0K9;O!a;RE5|*4(bx4M@oNzM&4w$GRvw&1)bqmmT2X!e%xSLb`)*<=2Bp
zr{Vq{L1#3SLSDkcqCgh_WLcMETS1;Hio@cZHTvMH_6$?^t@o$xL!WXnnsJ4!ss=D!
zI^)kU#(@d2c)8fuM<ax@2Qt*F;l={eeLSDd&lit?7WduXoFioKQBfg#|NQlD<_uaq
zibk{+N>a?bXQ+ura5+!B^V|Lw5Av1loG1D#R%ev2#XwN{+z%tPZXZAh^(Lyytw3H=
zs-FMg2>kQ%$3nrtQ*J)bTjqsR{?;p;2>^{OD^L(Xz!Gr#0ljyT;a-&x$#Ky8TiQzE
zJmvbmXCJ#e9gSwb`7`PUP_#spmV>XH5IcC4QXRJuw_BlFZO;foUYRTzvX<uNk1Hf+
z00VAB?bq@{-zmb03&>sG$6=R?J6q~a*PpHja#Zd(y()zSBv<FWJU(!#f91#WY3-hi
z>4@^M)3lrNz~sMg#}$d;0457DT4${wT?4szDB2WmLv(29b93{1%?!pR7}{;8K|w)!
z?NNKygEe`%-7W$Gp6~B++N?%Q#8J@H3`Hj;DSsTVe6yA`l%EfR!s;ms-bfs*$8)UY
zhoHXlc)e7OOP<YmJU{WPe$zoCCZN=F7!Q4#Fhi6@-3)xYjLCN<aK-SSj04KKaR~X7
zanM%fQ%D)%Z!yd+rTJ+WVjjKT{cPP*OT$HexG_W*WWT#gmZag=w9df5umtoq(t)G!
z@kOr;J>3egMZMVx08C+xK;1<?Qh<$#37$4(vHTslkERn$8r3HO_M9%K2pmAHv;N&Y
z5PL`}{c%4;0a3N)nedGs$}Oh@?W`sN3psxF^lm_SH49E?3+U-7kv3Qk=bdd!IfUbQ
zTQ%jv&A|+8l1Hg~%GF$X8MyIEg2XuAP8B{M?*|9^G<0XlZlnWs4Jk0SV_cDqjI?lO
zf1gYSfb@ou)D}?4aP&6fIAm%Z?KC9A8zqwXuiM28lFXA@<-Ul+6{j4sWOdlhxi1S`
z`{Q+gq=u-@K;%>S99;l5!P8CjQUap=ijuLe#rWqd;)u~Il{S9X@f4DEo`F4J_6M1C
z?)C}hy?cN#jTdtA!>bl}0it%vmIhz+UMJg1wIa6|eCN3RAG|)(M2l~JoJrKc-lGjg
z;nnbbz5%7ba^EiD{L?luoo`dspSB6u@RxoP^Dk4XO6)1>ZeOIlw;_Lr7k^qL+wUTi
zF4kAA#KO^EFdQKk_l&IPHqDa&Rk$1&dv1<)z$OxC%RF)n5+;!HV;D?~g$CFIZL%Vp
zHGig%VP<NRAnF$e#&-UrDJgR%NmEmGUa3vF!?w<am)Z@d3TX8y$s2W78*@57PPBPl
z6*2X|!eg@%!VHVW2%(V4AgmvHg{JRZTe=Q+I@;Sv|1r}j2`U6NFyIdvoyTk|U<R^I
z@wy(3wPsW7AwfaYcBGvkbCo-`%reBNU|lQ8-=`q890fjAlAqt*%5rUl$y`OC!lzH*
zj7q7*!msJ<yPI{9Rx?WexSk&y^8O<zRFFS=dix(@s6?U9d0mE~k>k!Xoj4KgG)U<Q
zM&1$v(DA1I?RXPH$NOt3Isy3+Oremt*mzWoKbkoKxW47OgSAqMkjO|PsS|t*jjg2U
zo+m4wgA_nDK5>2AK_XQoREwW%WB&dKC@k=w9dtfF59N1=Nx@N%vE>*aDSoVlt-;(k
zpt*Y=1!yGkQtn_i+8=CbAChy#>JWE?IN2UaFmakX*^RydQ|=|sPOoHu8esiGb|_G>
zy>~NoYHF%4tDm9%kuJbG7uV5`)5GlAwc*QJiuqrOvMjK5OpoB6_@M>bty1xvPAO(C
zjd<GQ0b37x`1#9p$<5onuP&)_I5az?SVhv0m>jf|WhtzVgGi$EWJEx9P_9t@3>3vb
zpfxM<KO@jgjB;uF%tiVA=u6>#>)X*%(@CC`vUL&_JXQ;L&)fdHR@tTuh3@W4j}$8k
zyrViXGFvrGMC9{uk`WL%ku#j>cDgxkyZwXV7rJ{M=<ED$_{m7OW$z_f*w_#cNR-$k
z{dRuQAhRzRqhuCDZ~_D-*6KeNp;O2`5>tbCP0gk^>ns^E<#Ms}ZS6t7WZGNa<)+|0
z%)6q>W=g6ngVGZ7A;Y-+irI3;H*VfcCUAL1{_U`M&Ljpuel7rpvo#cNJAFOUAO>q~
zypn~m<8;@s$mMV;&1xZ5JJq&*g?wYQw3CW_SkExW@`hmzr?z`W+oMy!!)&%}*G#U~
z9p4_Y$Jf1Fs#@(eH?%*pZ4Fo60L<Uo(Q$r$XE6U<n<1GyK0F>Muw1pGS(v-m$O{?X
zx~|8*4A*|9(SN?#lZb5AOVowrHStwah&0MS#tAR^J$mjdwU9Ty1PV4qI`EcD&rmbZ
z>sq%}c@&hdrBvNsRONqs@emv+BWG4V>@P|<+B5ug8^_^Z2;MrvI<NO<;QpvwHa`Rh
z^If^N^G0c#)t&ac%+0sZ%OE@@vbz2cm&C;up<U@2pSlKC#mUiLcMV775~#-q1eBXi
zeZ4PP8i(xclkgt+yWVesSGHgmVWjO<Z9aE;HME>W+%6{{fs2Zr^Ickp?}tmoueaZ=
zbA5MZ??Qc7a0Qib?0KCh%3SMLQ03<H$L4sbpOR{vzQ4bZO5)brDGr4U+uO=rnEw#z
zA1ffskP-;AH_%(gph;>Us4Rv@a~?!=Xz3vK`7hgDDLk0_jvmsW&FyZ%z4r+FBG(>*
zE_Cr!4=nBKc&(b7_0WTN1$EqfZFsQGDzm9akt0IvaHvcGoT-M>=0=gq{<X_<h%&Vg
z$hj_C{aSnkiI^0Ex`t1!{hh(|0_}|_0i-qsX7$_Umb&_Td1shtE$Ik0xxcRp6)$Vn
z&5!$Zmmh^(sbT3xy)eypprg&DJVZ~mcxsF?p`(f1!hG4&cDt#Gba}k8RO}%Ig<lx8
ziU=fYvzLf~aKHm%dUfZRD~Ep$=70ZLf{**6qGooZh4;mLP;9L5$Jh#Fj&jsBE;H`-
zP&fIXhm95$><IRY5V@NbE~z97b#}J<<9(obr4MgsVQ;V}IdUrctd3g7lOPgGUQY(|
zL#Gg+Bu-CDlQJ<`N4e6+O&AYd?6&k?ZkE3nWzSdY26D#585QF>IK0Z+VtDlpx$;Hu
zH!BSC(rDesNOv%-&ThxuP=<DgTj(yxcpn5wm;;E!FGmse3F1#P4NGw30E(>Xc{`Q+
zULk`#TjB3|p|5x4dJ3GJi8D%N!ciw|o1Y7M3Th6td)FvfV*cq2xg%V@sK<cx*|Nou
z8a0G(suOtu8T#9=ibL<H_LySvbbIAl_Z{d6B2qxE_)81Q!qs11@Df5I_a7_&ijVdF
zsg79y^bVU|Pr#{bhkXGbdte>6hy?BXyHM!by`J;jM)=hRxJnQvT%4LA#JMwsOP9{h
z^!y3te-r#&jYX<LZ|MKLFzov3N|HtruZGX~tNdgif$mq|uiI?i!})?iK~8S7TJ7ik
zN}_Mbfv@2enjI;cn@UUF-OKEgF?Ma*6Haf|cO3{E&gue79p1D=ZpRNtj<d2eSg)~L
z#U$6aM<!$Aq-Wy8tJ^v~J+IF<{gm?I4nsWMTPr0#Xb6AxNR)1(D4S|Bn(o;}bL_q=
zwacr1_voE3^%7IpFN8h+41apdy@uLkKlYiW=6HpM3#W-9w@B*I5Fj{z^r`*)?k154
ziT-TGJ01mnx2+vwH;dRT=@}gCptP6gTrmI|CcLcXh4X+e^-_OWd=T~%Nb(~==epL3
z#;d~Dl90^jU%GyTAFd!M1mf&}3*R=Bu+bsal<4?^_wEMtTl4o2YHpWG4Z})~MV5SU
zp{A1^(Fbs;RLc|p0k469ti@sS9Y?JroksyDSXL!AF7a6?5zKIEo#$NgJJ<UytS(mu
zBb%yL%Ki~Vf#X(%UMoW0Wbs#V^Ng#%y_UX27<S#QImI&5u5)SY?8o0%%qT*;4O(F#
zaZQl8>IZp*-3D6N;Xl09C4}bdFAiU8Z1IbvK<@_QQQ-T4)xxpjureO9kO4N0=#$w`
z<=GF^VCACo?z<TDhi!CXab7gXJTG0FqYXj+RW3Zk7~w%kaHxyQ(QUlqlUFo$xhk47
zjD@pI4x}V*A{X3zWbuTNYvTs3cf@@^{C(m71YhckLIxXP$pxk*IMGPoZj&&1+5fQ$
ztT&{Ht>&df=Ksf{{dM>Lct{V?#rF*l^C?JZNQjm4e!M_Vh7g1G67>>0Gbo-*hoO<3
zOS}E^Q@Dws_n;${f5%CGepnN9koVcfL@sCiaRmN{&kzcKYwF1Q=GxqC`#aieAz9hd
z{=Ml@93fYU7(#k;B~mVg!&9$=$Mq!k)+!nwEE)3q{tpj>j;O?Sgqk07V^|@hhHeFy
zmnrR3(wF=8Jv~Lt1TLEIeNWGqhO$3Qjf~^tulw`IIbXWF=})66Ar{V%c_H)be{a*e
zEcC0C@j+<Mz4Jj3{{yZJ9Er(&i<b|;XNan%D<ukDXnu=8|9>i9x=ZoMR_~zq{a+yu
zzkgW5T|~#3)^Zloy_}8Q`9+rpArzABA1)*%q1&aE_4{@B=RE<$+4G$Rw`wDvGB4je
z>T5!b$@51{=S^Tz@y~-(VS%A>reJf^uao^vnC_1?0Jn|kI&{nRCE`R&%nxNWCBou?
z;UI6uxxgGqBqKWFnWUP@C^@I@@L%YcLMQOgkGOcl6j5NCV$|FU;!-IYLLB<`=$|NT
zv5nt&ZgBp~5>eouQ{l0lWCH_KBarf|knkUm3?=+|DWyZPS~Mi`de0&fm3<66FGTO5
zO?o8#FE@!3rKP~jLM4`tv=zT)nwIo`v0Dd>q@6?tx}>e*VO4qjOnevT4Y~*)Gymm9
zh`*+->q!rtnU6ouObc{o<}_0ml)%x~=N0*fh5c>0C4`})?}!bMjLhUL%wn2%=0pbQ
zwa)kU?G{)R-haC&&L}NW1khXf{Ctad&;|S+vE&YJv{exy`Y%X=KMr9ABXst`6FP2b
zySC%EgyvZ^LF$nb(dP$6@4q-G^NqLWtSHca-acB$LE$pQqJr}gfRTdmCsgX+e+(u5
zY1BF-)`vwi*>p(dE51Iw1Nn~JyU_8Nmi+g}V<h7I`YcOMijD@aK(@rnC+H`-JOL3h
zCXe)p!?UQk?xhO-3cUKm($bSaFO|+?M=cgs)lsGT@Zy&ELZ&k5b>vA-$#L8L$Li41
zGVvy~63FGEy_CH7>rHYkLnL;hr8DU(_yJ7B0TXGb3V<a#nKB8U8R|tyV4%iboDo+>
z=*f&dw}S<W=e(L9tDhUI&*GQd3gS^Nywo2r2mLojw9g4KImCU%8(sPO)rOT`1*%($
zxYy>iUi)0oA*PUJMiam}oFYZLasFP8h&ep0*_eFs%6Weym_m28>+t$d*S>H|dso8b
zgeeXe@*+)S=N8!d59joM=+PBwAIyj1*#BzK3|zSfX0Cw?a*Q1UuW1HuCKKPjd4=u7
z)RB*ms_(HCH0R}#EBU#NZ;>mWlNS-6J@=&)t~nr4YC);~)!G+x6RwzF`Te}#YAH6m
znfMrb&HxXvuyW*Y{%|vdFvJ27(NnPO{Ef*4mc9?cHK!2;+D=Bu4q01U>XL3~FN^cl
zxhrM}E?(F|S;!+(gy#Mwg89$i3k*W)H@)O72+tJ9v8U0zqFCm35ff27Jbz;KfB8hP
zg4VeQBDY#Nc6%zxIwjjA@;pY7@gR356Mr79b^PI;{`KAx!HPj$S)f=j&|Zgh@GG8s
z0CbKOuS16=b5-_t|KeJ8x9JeXZDU<Gf4LkIHxUc)S%BMK=uLQ5`mIebMklN)EdD>e
z;1ef0W&PC9z8+DUT&Tdw<b1qerO_fo^FYU!MP@pLhx7%aFZWwE^viPf37`CtDbv4X
zA`N32QPJjI#Vdr76_dEyOFL)>d=nwUV?owfyoeY(rA+#+&4DQY7S62}9$7?}bE_%j
z23F|h<273S6e1Tl6lRH5s?sX7gC5c3exRHpEp=?sN|nw$^u6=j#?gjuwr-qVn%2|u
zviT^(tWY_{;r&27b~&fr;q>`uD_m=%rSdqYRX%78`aMX{n65iS7Hh?Wl0Y9U-e9yO
z7n^B$qM*V<<P-W;i&ilC5TAOMvXc!nWEK%2H-@_hv+g10ElI=UCGq7#aV}XeTzl{C
z5~WfTgZze(44}R!;E&J2_Th89)iGe~H@G`Yc`Wq5nRLQ@Kq7wG7fU352s9&Pqn~3+
zzZrK5w+FK`w^K~A`%=qpJqa$sFKyezl@=rsi^+hdONLD-yS^os$Py#E96TFIwqB?o
zbX;M+R=v|N&(H@(eoxysu+iu!8J{GPe|%Cayv)<*ShBm>08c1hC@r4t%yj{hHgQpm
z`avv)#h=SU0>*SF$Ul}h9)GQoscyy<yN$@N?_!Z)@&ui2`9~LgV3OM<qx!v~*_W%L
z-$LoSN+)djoWLkFqLad!2&*wdQkR+^+F(y+H-8QW;U@$a;qjA?q<V^5KqP~|crHvS
zs!G|iooRW>i-0^51}Q49<suC?G#ixxPW2)cNewyHE|^LQgxt##e^h>dx7`oKBqZpS
zM=${~8^;<<iHy_|48Y9<Dzkc|Xe9B^B&^p)`rS`9>x2zHzrCC|-G0Y)Y-?@8X@NIv
zJI9hoSd6f%<vKWtRX~gr2rR6<?}n5)7)Amfn0qN|_z?90b+#m+4c*0!(1?E|UJPK(
zQDzHq4gsJc8ICYBOU6xC$Kxg@k7HZ}P;;CjYydE}^`{LvqNnV9cy_Yk(hpE=*+8C9
z5)LHZkKS2SU%MWXB`r+*#7@We$SCSbt%<S&4b!45WdPTd?I6W~9o?wG3Z|^jlY^I1
zcar7{i@j*_ka9U{bBSCem({3fsZ$^CDZmX@&Nm|yzxY7VB4k(hw42;cEPSm?(zv!R
zAS*AAnl_)+UTOs#*R+ZFF4PCiYnOx@QQmFMfXfogQ_klVP=O1_Z>ji<lP<39X(7@6
z`9fz-iU@3tG`bXVe$nhkQE$gGfNQV>Y1xci#Z;D%TE^0i$viz?NW*Hm`yHS_<$<!x
z6{5Nci&lw#06v5RF;j8)`gqYhq2{+_YVVIeIDU6^k_p7;cwus`JKjQeMY=-)9<+@W
zvLGJ|QR=N16TKplPCq{0kOQitrtt5Nun?|ae_}^BW;1FsGGv$2`~`>$=C0mA9I$=M
z!&+u0LicR;179C?<*LD>+T9Vu<@XF?cf`C=J-K6c%Vn^HG)nNjc-XaD?t^jL;hAqH
zuyBZ<s%P;Nik)}|%c{lt28a1euSb#z!OA+*<ZOD9tHXO}Ny9auyRao3G-&}RG~k?H
z*i2pia-1Vhw2fbK8mfugH!mYaATQVFcwp7G%;^`!C0|+<gGATl>lAhD2q%7tW%rW8
z=qOnJ#L3?HEF4c(uo`=2|Hn*US-xpDK&_{0b#diYRE!A0JV`wlSl}<_uA|I|c(yKU
z1ev?h+HC;?+L17(iW7o@stbIiZ2C7AnNtc^+N*pI&W%_T=D7=}>J2)Jo;()loW)DS
z0NQ*73?on4Oo4*#JNtr=Wq`?7+BX)LQ!-|<1`WALB&tYOE1+@n3f2~AP7s8tWJISa
zp=$QUqYrd&K4wRXak_0CXKe?tuV)<Yoq1)70?{^kFgsju9)9C8YLhQ_5M~{~q$wJg
zj_)o5?KcS|+)pm*nFfZ>J}2NR8>BuEi7x|+4-rj)9J>)wY}N*5yzaD!(?y-BE!=kt
z;rl>%MFI$p^0|Im#iDjtpsGE-ArfX7o=aZejAR6~G;{4C4N}w7B2EPJWkFmjM{9C1
zMP{*b-891LY0hZHVd21CRgt;`WnbfBxL*s2uybp_TgE{|d|h}J(sm(dXq&^(p?rY3
zM6|T9ld^*3_FOMr_7SDQsq*-i1%5pt#jgI=c7HUZ_AFEGr!{d^_}-H2q#;2uP(#YD
zTrX1rlE&gSujlQ<xlSd4P`5n80IQrhzulX$QSG|)rAVzY!WWz%M0gMairYVj*bzPf
z`+!4lKmA(2rFJ$*w4VT8*9{<CIfroevW82CiiWwV{*4PPt=mBNChazBidv!Jmgd>X
zo;)1x5V=C{umcdyCTPUjH=jKzeX_zpT6&AsMftitS{zpqVK}PZqYtwUn_vup6fn^R
zhd?hMOlHSZ;5P6_dJu9`sEUNsa{}2mga|d=X*ZN7!oCW4spW+ad@>6iDlcjrJBhRz
z{B;|U>oW<==@+u4&3kU#BN2iba7B+ekfFF)kd^cg(7eDZSD!CEuCOzuT1Z{yF>F>c
z>=gWM9jUHKZp(@_Qd)UO)lzOrtTAqXPUwNBjcA9Z9fKu|qF?YT+8y5D4sIVc1xaaT
z_TpZ^OO{bys!!aTcZY+%uPPMwhh(ZPpM<N)1Bmi1qGXwbCo|Vldnjt=an$mzyA^!a
z12J=(`{d7<xerQo`mWmDeIZ>#X-6fh=2!V64X6KPZ+!3t&~`^c*D-3YX{P5B3VZj_
z7O48_7k<)3;S|j+Jv|gDN&Rs0e$oM^T}%0+wBNx73|c0)59{7qUQlzE>rE4r259mK
zRRbNz!kyX1tn9ojo5^bZZ$tOQpPA@P8|OEK8NmDHSqg)JPAfhG1z8)PMXj?}#Ia~a
zK~-^+RWAX9&I@(VU<Z|1&{kCN8DkoF#YdGM-f#e#iO{r#^!47VnzK^};ewPEAjdpn
zRG6nY8CtZe-8RvCZ>NSr!)(%|a&5=C_vMlG2#16yvDCaq>yGZ?LgF=m(I%Z^Ag!zj
z?LB}H@@$xeHieJp%HhnT86DYHa;>n0R%w?A+PPL5xX}iQXjnQ+UfxXx-42;}=fh0u
zXn-Gw)v6+si&`01Ea@0zriRG?nXQ0wPQacZ5{>o6;W%sva;Vjj9IQFn#eomjuD_lY
zIe>8O^HuwuL88=|{&-$dG_Q!_`Mf5iaNQ@F#0b~@)B!-LABAO1uO=-_p$L+xcTHi!
zPcfDV<J8D49*}9J+*Ue4sD670?Ea1uTgj(Bn}=6Ag!@Xq7>BnM!vm0e-#l**uivAy
z+Lp*Oj^T8w7;)UDdcjrH^vEy6=ia0|-~kkHiZKqa^yxnzUpGzD>c6cp&i7R`n%Ewl
zJ^lsDnEgs_x=q)SgHLcM<Ame(OUw0daJr*uzfL}QBJr1Um!uGtvE5<$Ye62Q@O@v3
zJelmA0^jBXpv|FmSW|Am$j-lZXRN8+He@N=2)9&u%wFqc?m@|m-W)?YX9g$UozXl_
z$#}2nzQCtz{)=*XVhZC*oD5E>@8X)3PmJw6`?L3lWlH>(MyxH1J)J#OoITKYxMwKg
zUs8nAsHln`@sbV8VLI&e6a6UN3t}Q|-S#t5f4tTMJ5+G)@e1DIoDIwj<UDL5mfu>`
zjF#b&k0^@#n&xygne`k)LB<KlX&8(Y=|jRO1D&HAl|0e0f|)eJTR3TyQR7MvM{dY}
zd}<sLo&L$`v-|aXJB_vQit*K)Sq1B`Jhv^eCr90_mM*Ld*+?caBJ`vKT<eulvs^|T
z7TP1bpZnE1oc6TLPb%R9i4Bs~Yp;fw8()4>P;l2<881_}t8bPsx1XI^Q4Q?5)6lGT
z*W@d$0he@+QpDZ{>6-SdYbKnI*6jW^<m*m~c@skwqdBYeCT=RKlFKRW*$%fHYRl=J
zv_n!(%(w5)S26wIoR3JZ(<*-+k#S91_%#tnKzaAK=qOoyr6-H!o5`xOt5aU5=%X39
zZ^k|c$6|y#{k5#7)OVfwynw=e4XRIEOA;ZDOgr{xnRo@{_z1zU@o+V%g&0dQhRB7u
zH*ty%xyAkBTwo}s?RVF&&UK)@CJiED`NB_ip5tjKw_6|ZP4XbYjps=K5kc#o_2!q8
z_dF#-((n6B7f*z!%f27$TvObeQ+nSBMt8d@I{s+5*{#j`f^NBdN&v));am8M$d5_#
z%w@y6pRMG4(Ye%)*;&o$xNodur$F}>liiN2VzofD-{o{WUW10=X+CJyGPS}`7<q6;
zxeoSc-kBFT>=7r|!0%X&>8Ho`fmW^>y%SwWE7Bz;qkIqHmY0+L?b>syG>s$k#&swx
zj1Jg-uGK>)-~ug|FT_b>syRyLhaXgT3*cb68D^FhjCDN@e3rGhT+;y%RHd-f4E4^S
zrKabZUQz@q;j$_YKmol-EIh*lLs7^n&3_WgASg=ACJJ@MtMC7CoiD8fsy%`=9c(M4
znQl^psi)r!g1N^q`3^qMC%E0F@9JP(Fw$%)Ld^X^Nabb$pgR3vPJ}e=kOJ#2z{Wqd
z1_GBO@gABnB@ac8?y;ybyK#D&;5!=6c%waj!8L1g<>69C9LMNb@0Mgc(9ME{z0$Z&
z(SbY1mkp`AtJp6QwdWmaRk+#=Yh(7RwiE++Y?i}1mVVWESq<}1Hmru3z*ZPh?ZIAM
zM20qIx>H!yehc?;QlI9q_y!QErX$#J%sJ`<>SHg0^ya5`keFRbokIO*!u*s1b82zx
zLi9(hU(O0psrk$---Fwcikvhp*I?k)H@`KG(WRGnQHoQCTg<e0Ie$Id19L^BJ!5J$
zUetgH5zshJOcx9+cjasfFCBWpsD+<8(D?A!c{&qAGnv|}r_&yG?%m<sr?K8{Kb7@x
z+%uFqc|t&;S9gf!MUXhqPtXx!5yaK)RPQ|+ZPy50+LdoqvKZzgH?k$hm|NO|VNP$3
zE~%FRRikWldF5_jYTSmmF6~V6D}juHn0e^&`^&B<^7_~EP9;Z)qZcyZO`!@|_(Bym
z4)iaS31&VS2lP{jDbbiGZ+S=2e4Of)Ja&9Pwj$ZWW^g)f5nScx*V|cEaj>p=6oZjo
zeXI3zyI^KTtN=TD>S~mC$B|Orgb?XSJh7bcNW5K<Tc;w<#yZ`%9{$#+*XCZcZSxj&
zk8T@P=*t(sI~}s!nmx-3S9Nrb({(Q_o4Ka`{G!-AKr=TDdSqm`TGX?Vr_Kv6geah|
z#NuC6m-4aXc&g5Hu#hXfhao_TTH6>YnHVhb^0X-RfZJ4fB$fgFBE(0$UqHbi2+$qM
z+YW6J@<m^EbKb?rG!5p1K_nq@)}Oq~IgcEwk6Xi~Wk9;sHaKK$Z9RWDl&=Yf)R075
z9?aB?HNAK}JSliBT&GR1uf|&E^$9qi#u$0~L_#{EqHNRkAKn1s3i>TOlS7kddlhXl
zp^hz>b@ZcF`Oh(#7(}(w;+{rQ*?@TiQI<!#rQ<fzPViL|9D(VUw}}t1>QNsa`d&@~
zNMT};KCka8fL%#PPF42(9kFxf4m1x1!IZ^Go+Z9x?v>wX0NCmYNe}UQI$UQlQj}>w
zV9Q>-TF{EI;|$Vn*&nMb(`EGRygE!YRZU;*U*}6dT)#>43>XH?jM|em({G#9N7^>a
zea%frAf;@7uXFIQFp<D+R^3wNR7+)$x?)j-VO!!BztlPq;F9Ah;rOUMtzB+w?uHbf
zsS0#RHOIJq)CU`(G6ak1^i7@L;W}wC)`qsBaM`=N6P0fmY)h)eS`!>o<4(%A#)jj2
z)>{PcGr&*CkA_;D>!#Oh&p4|)*Ze&k?@vyuk6tTPxnbZkJ)8Z3$7xz~asJC7^N5WS
z=a9aUkqm&mQ#$rNE)-5}55JRLe+B{zX5+B6y;;8KhkVo$J=BT|!TP|9>X<b(8ilDE
zygcMKuc7Vn^7WIpksQ^1EOhoG)OBAlw=rDBCNd6f2Ps)C5Wk&^(|43Wh||{&5iWaI
zP+3ts%0`7^fTW`u>$iIwMlZbeLN4oB-SXTwbhp@8H1f`8H<$19%5@c9!&KB$Z%(qK
zUYk5awlp~_`!UYkeAwDO$mtzl9d1<K%%q^M@$Eg<p+Zr0bD(nYLL?G?S*?N+^<eJy
zILzd9dXZ$QRnVS(MI@%^V}X=^k*tPoX=j9m3MZm9%DVZoC{zmZYfajpxG^f{-61?e
z$|7E~JHB>hEHq7Px3qq#Oj)pBCqL~CTJs)oNApbNN6W5@k|^N%mIMge$p<?M<_hMu
zP1_SL`D~8|t4|+3@G`dKcQ#jWH(nt!k-?YTB3km>ULtko6j+CoYU2^P2$u;@%<MAc
znbaH&ai%xu)6~(MZA&Vb_8O!og~ZZYtCZVIE8B$X0k3Ng_q7Ke*RQpyK&0n%i1A%O
z?#I%N$7h5p1<a&=$0hc-=6f9W%lWkm27MfFkhC*XT*l1Zf_y^DpfVU#?tc4iN!p)B
z!8u@1^x5>!8ma<RW>sh{UP`B$q?V<+!t8}-^Gcm;1*jUz)b220i8SbuFqp$C*X<d&
zslRoDlFJY!*31&V10&T-6@w+CJ=cTOaMhk~3w8{N+QVs&0~Sr+j|6=;E(QL0yr1!C
z*vSl|7UbI5x_PQ<w8*VY<|a?~E*}A_E(^4m8Psd~uGrEiZvflQSlilQ*&A#|?{ElW
za>`XYs@6b!$IUM~pG0-!0kXOgLx-&O(h$h`HE(6p3z3M1r~(xD)kpvfWhs=;rBirT
zA$Xj%1(b#98LEj+(o>9fE`6}xdX#^5igf>df5TE`MS0HH%H76B#bZz-uqaFkUxeh1
znR-pxt3%!Z@R*eywQ<;I&XXM;9aavX|A)A@4vTW@8vjiY1woM#1eBHrNu@+Vx?@N|
zLRvsXT0}uaL~0NLX{2M2E~S|vlx`FlVkj9(`n&Ie)8{<D=e+NGUB7?4JRWAa_rBNK
zd*x@bEMif4JjS0;o51JF2C8|5Kb@(jWYC&j;O?hT|Ex+)V#*)HOpW&(O*Xud<+;$9
zorQ`eZ)TOGZKkMe@s6x`Yc{!My&Qg%-YJ(ARO8&HzCHcCbAH#?zg4%shuOE3+aDmb
z!v#&bJ~Re<$ab84zv25-^<$&oHA3Vfh72*B?n!AHWfn<w-fxW@-&8S@SZA{CC9rb(
zE|?7$U$%vAVtdY&1FPB-IQFdx6(7}{YES`Jdg-q?)!*gVO<j}t@ku<*j<iO{_)_u!
z5nN-!lP?EcnS^KMO4aR(W2(7d8BkD^%rn~eufu9zt^k$2ozn!yUtH5yxHHTULX*He
z%k(TK2q^7NsaGUwI7e1c#feZq&8oMk6g`Jwa0|iSVEo>2vL}RNX)dM1EO)N~O_dTw
zts~ql8;<3$ino~*sqoqNx$xd6b>z*o-Q4ic2811@vEg|i5AK$-?Dss@-BoSc4@0%=
zp-%cj%uCNt4}fz^HhPrtwM+GOPh0%6;7nt$U85~G7as;0Lf@o)@IFkvQR?roCTX_e
z42z&gK*KWDv0NlX-#BctFIeAz+;Ql%8nYZVdP=VIbQgXz{z)BUFBcOR(oJDS?VdNO
zUm99^iK<hjz1Aehwfv+C!0nqR4Bfp3#LxVM$Hb_Z?L`{H9;wDKn2Z;%IX-@I!_frW
za{=MGzjSZXDC%Jn+~w^~1DbhLuCwF9oHj<BoXT-XA&{Nxg>OvAczK+~b+V%QcTUFD
zqhI!P<y*k*n-L*l6I_X!?qAXezV02Bt1OG9zQ!w4;)i(<`pj0<MYS>1oBMZ((Nh9X
z4**$jpqP71VE*~QG)^Dj<Z4xU2(>+|aOuyno*Yp!Zol-X|GV{cTnyZl{N7W-u%XoC
zhBt2W1x**$U)|8@P=>>hd_fD}{PsKMsjLbYxzw&{FLeq0i16*rdN2$o@`3Ka5A4y7
z+W=lLlNv!R;Jt_nrkpm**TtI+ilc6?K5@yV`>QpGVGBu_TNF@+kN8?Fvy$cgET>ef
z&u8;9%ndgetZ*4>HwgPobzK3>vD?t9au-<U5YX4ZQmSwTwX}GS5UH-MZZU2)mDT!$
z^O46wQ55X#kdbQ_ak8^WZ^b+!%gDRPD#Ma$9-bN#6h}D>s%0H4Oe^p%M8ih%j3r1t
z4G8?+K5j<LfOhOLCCUMtEf5cen-IF6gP)2_x8bXs*_w0UDeV2AxQWQ$$#2Qun}F{F
zly-VlL1nM|tnU!5MT-sZ7c%ZK-Ba~)N+d5<Oj%_VqAzo^(=;QR5IY5P*~|1qehA8o
zDVNT<HeGT}A9A2ue96bZXzufvm%iEhSSJ^Y74`6=41;Y_7GwKH6i~Oj+vfu3j9j-_
zVsbe`A8*Ynu|I0gMoXWa?MsRWGv`9xPX-iE)g^-v8B)d$Ud&!dA{qaTDt4XMd1dho
z10pOUuAaC{TtV0o4XoVc-g~nljQiucrQ@g906#Z+g>hFZtQu+lJ_Yhm<&b?nESQxy
zY^Qcv(!I^xj4QmHAftAF981`V3TEfO86t|gQz(>=zS0C@<NEt!O$K4GS}=V>`twk*
zF~<-dwupG#VTnm3N{n_Sgc|)$cmr0W`POM8E2c(xEAXrCdkP_4AFs7%dq1(DS<@QX
zJzP_>J+kyF(Fq(W_JV%b?Y-o}jD>Rb$>j!LGTKGZJFQIGjE(SM7n$i+p_D?KFpAhl
zapgIi4sm9~ryfq_p$i{q%lJmzza3i}372w2@fOeG7m3IXZVBJ0okIDa>HON%Tt)jK
zyKs`ZoN3n5V8nByp!vm+k-UMU6ydOEsmt}YM^}{x<VI0F)Pr=FuXQxo`Ans%?qv(C
zaK*25R?87prE1u@31q|yPvCJnf3F!o$nz9}%Ams{g!w$0p9kKgJLFBepGSU(D2B2p
z1BCs}>T$Wt9b60SSoaP?JuSFW*g*aGVz2+S$>0&r#q}ZCx2Y?8S(f{I($vO=EQKXz
z+{RQXZ_sH?uc#*6DcU>4be8%m*9WIcIJSjgOWbq7I+fH|-U}B*P%9ffHM6oBaDc^D
zRyH4z&+vL3G%-*WH8Ph9w}U@4C!VNVt9BSSbGT9AS<s4s!&vw{HYUSW)DiKHY(fub
zaxBUmmgi_cC){}Ojm=%K*TTX|61E2#kGaqwd+`=#R3Quu(T(R{tBhV3?WQMmHyyVZ
z2SZV1n6{M_L<Y@i><r%w{6LriH?n3?hAkEqlq|eSA_-T!K(Ts-!^CzA)+-RoKqt{W
zDm9*>JVYgc9U2uvP<(7%Key{h!pclC-Jq&Xo1T{^WS5cslAeyawEZG62!bo@!ri%)
z3H1?}r+GQNzN_(!cGCUpEXvikdy~4a6Jzj=hgh>tH)D=9Ec)W_nTx*&iymZo|M+G>
zN%`X7oF+?^Lu#wyeBaWyr!^`Tm!F6e@C#4c6ppNVncUJ2Lxle{8MGu|$u*#Q;nVFt
ze{pg+WIPNwdG@hD3l@7BzP6R~n7^|yR8X(Rg=w;@rPdfw+oH4l(OEu@Zg{ik#>gtG
zj_XSXK`9UBLBx%Bs^$4OkNuA6fZ)-Civ}cnh_~vRk1|=(p{||*5v<6~Z|0pT#H#@@
zvV$pY1;e|TsXXB&!BD5I0iNn)N>#2N{e@<2UPS6AFb3=H)5aW}Yv+QxBByUM(dcGD
zMq>ZobD@G7>KNsr6NngJxOj!m`=?1^Jc2scKrG+A-iq69SeVdYWc;I&BPNu+D+iy8
z9o#GzN@(uIc&o;Qr{sjxG1ykymeODH0zRE1QdGe{Nk7cHv8T<IPTw2-x_Z5{k-+rZ
zR9()H+@f0OLK^jldB$L;wZ^HCb=f=5JuDxfbQ&YTfS2&J=Jz!n;@h_0FXaoYtee%$
zqf`7x5rNm=%c1M3gdWu6zu&?Y4)ywVZmoEN!XdGU1{2k@*$gLel{~%|p!$RhVP_+6
zkz*Isdlz3RTu;UT>M5_kT1za)?8BiS-z{o#O4e*AG*)fzxjyO*SGn=kcGEo28JrLq
zz#to$A7VECv1I^ksJ2dzac=*6ZW&I-H|5)!3$4n&o7GrWEPa@#7P$Y#>UngxV5M03
z@^FC7M!5|~@$%#hW*3CBG3ZY*7D+}<Evc9gpPl3Z<CQ1J-@&oY69X&G9bI^<Mehh_
zMi?j~7WU*26ocN|n{MUXKg)qhxA~B($-VhGMW%qZaUF*Xdm*WpJ($_X@9zaO>VQ||
zoH1n_wT!RwQd2M@2A9SiK`$MPjQX%{0XY?mY82sP$3+giXe9>zNi&stf+Z!@rrniz
zW<no&RYm&tpzk8nvB{RDc{bu<jwLktR{9fC7eQ=m1+MR(dG?a%+ez~T8N6h4U2MU<
zF)oohHo2j1#R}-bc;QXH)2+K2Kr;f;?Iu9)-d%Vw6y|F?|1DQhgu<_Kp5R@i)Id{f
zPYZ<%HY#PF(fchhzXI8H@W$ziX!j@R_IV0vm~uUDFb`S3Q0S!VFLm6y8datrqL?<d
zM{w`Kk4T-^a(IfTp;wYPF)XgGJ0yJ}SV{ji8l&0y+vPBKk7cvO9OK>1);9vIt_I`S
zJgz|CDVg=gWXFDU)|tt<qdhxZ7X7u?pR=jA&6s94n@|LKRdz1B@b##U`^hTe-OeqB
zo>ayCdnEy(J#@pC7~wT0Iq#8Ddl;h?yX~-WM|N#12y#?CsJrnY_!x!J!^B&5-_2%i
zGPtphjv3KAXpC<UgR+O!M5D<!%v6?7wX47xdTS7yEMNPS#v=PieW0LHb9>enMMRO3
z91`jwrVO)e<CK$_z)V$ya7uW*8Z?rxqz56%;qtgiTCy_xaz~_cC##Nw?cRN#XPT?)
zO>u@}5jRmaAQad|D)+89*`}>hf9l3hd39-r{AXz-IAu5$BSbKL=nhd`mxg&GCf5vD
zX%6BV8c<wABT;!A)?8wIE$FKxd@>w{LhR=YyFH1(mz$d>RJ8d5jxmy=xm+cb(qL+V
zovz5}!>%@qyf%<h(CwHJYhAN`#N}~@&i#J)KG2{<f1A3Z?epW+!`Fh+eM-L@NPL|J
zi5|6$5g}xifw1dD+3a>M#T5+cfW!PN{&(=0M?}bV^BrJ0bQYEoyCz?|E&--)Y4zpC
z#MnUM?@+x-Ug%&+(h;sgo8GlFc*QH;zIv{WFUO}J%Tc|!&B-4P`~#s0y9s}R$7NP{
zRi_kmW4uXX7+u<?TH1MB@kPvQBr2jxuWPh7em`|o0myiwAwg3A%-t^FcjRyM6*TP?
z=1Zj7yeOP)c@oLN!m%q=5W{=V-{|HV!HDvh_7B8{@%Njb0*3^j+4(TGq;EPEs=ZF+
zCa#{dFYl$-<n%)f`IK#*4tFJp|Fcx1oF+`K{nXmnz=lQ=UVT|8+AvFOJDk4}c20Oh
zg>uS~=<Jm%%7%qorJEeCv}>cQV#F{i6O63(hD)a<!U;GPI%TEsU>dt<@{$FU@oh|4
zip>(!CP}lQwegOD>pILb%cW0WrA2WH%(tjpyXsNn-xAL_)upmiJW?Ek0i%~TzsVFk
z{}9=LDb&{ELUlnlOF6=J&x5Hy1fR#Nz7ZJjV*eJOZU?}>)<oxe#vcQ7FcUCG41itb
zA+IgvXjt}W2%`p~b@tWbJn42X^+IZ!R}U>5^K;!({fPYUey{EIxlNL>`Lp=wLsQ3f
zB#phv$^248P0DcCD!<9YLia{HZYFP%<Hq6~F&sk~PUb9b+`kC&LqCLV9rLzxlrv)C
zE2t!Kc>2*|6#ekW=0f3^Z{ythkpI@x6els9?W4xGh?C`k=)~5rKDA5&6I>-LJyh2f
zb8RGlx$w;r*Vqly`cwDvBVcc9Fh}*Mo;hvMKH6Zv0p_-~d4KlV>WYtO#akSy&^aSu
zRs)N6RK3BUCHxJHx5+S@N*5jw+Ayl}$z4LH3FlHP?*QLe1AuE-3j1aN0KSdS&!KWz
z#_^iNmc6?gK3i_tlpYhmmU-Ef-&yO<56|y<eb4@EnX$H7?KqwU&Td;QclFQOc^$j+
ztjp7ccJpwGYmW9?;v=4YLE*({Ha`+N3{$&bEXOW1hCBMMVD5ENaaIsR2j}(!!Cj8I
zcWoUY?3Y|Tlxs!209b5y#J1=8EoOhVyTe1~OLhU1O*P1?#LnO~$%`#hR@4kC%zfN;
zTUYVx+0tesIGDAqJ3lhM0gT*CkQ2~wHe5H25*tt`1DkA|ld7YktHwRRF+@<>KGHNY
z>f<=*pT7{oejQxVvGo4cH-6?0Jw)FpVqVFT5|JAS+=FZu3QfH8jTb-Ho;?dDA}d*!
zq2U_q3_^0!u{~_cK6fV?XR~U%qe}7czp_JuZRX;DM}!xULziSc_<NyF%5o`IEaYQF
z6%Ia0TDYHWD{_`9N#{N69??o`XI5XOFFIjcAj5mewlHV(d}<ABw|PpoI3skQ-{RU;
ztK*Y(C@pPRLj^`9Vk?ZXrn+=}^ktVexG)A;zXLFaIgDlsY?_vip-bxA$ovj?u>$6o
zvxtdk9y@*JPN&rsyV^$oYEQ~8T#L_E>@)+v@-}UK{}g|ETY>qx4>=`#la%m)VA2R~
z0ty*fI^!`HcH`G*q$sP8Tp2LkYiF3ZnC!UyD1Ty22FwPOBiSnw-0!W(ZZi}ymP?hf
zY5%OriFSR=IrUu8dL}MPeX}sdDd{zJM2C`sF(}ppHNQzUzm&+rU3}Sb$=^4ZA@NOY
zwve;DYz!9-r;0+P6wTXg51GSxQDc#OdbuAgd1F&8`CoW^^TmIqrZgVn;TkJCTTdE;
z*77!Z@R@`OZ#tUaGP7zu)8V@VHw{2sxf_qiwRM2e)VHB&rHOb7j8C`EU(@Dp5L4xD
zu-kZi&WCsLJpf}_ypi|TpKf#}YO0<Sd{5)WE%AtLj?QOCt)o;t<+);vzu_@0?+QHQ
zxuxqy5B5%CRBUoH0G}YWhIL`~Oxng|g`&$W7Jp(XZK<oxwMzFBiQ#*j8SI7RjO#yi
zX>z+A^eHTSB=pz1`PGw36DUmNP-*ezhJ|kMyq~~;o3F(_L3}7BM1uU((?%W^JW-kx
zo+py3DUqXVh=8j3HsBK1ge|<>?Y|{H-Vc(tr}+iE+)A-8+1u8Sgr#w~F>gG4GXxy_
zkIO$CEM#V`1aX)?jepoF2PSX3YKB1}qY0F8ndgA86rq>f55tmK<kySOlBgp}w82qV
zDTndJU(^AfqhCz62xtb(GuphX;_N+_Bi+*+%FyQa*7G?5Lm(5|^+38bFZcr~b9xh?
z)g!4}%!*%z2x){IVtg5QeZgs(H|RcRi@K%^S?ng5H%o4JkQxU4TVF4@kB(higrY>~
zRpQPpgJCzlb{h%3ixCrjOmbtR3JrxGh67ICARm?q!mCC;uQmg{?ZrNRyY#Szxd)US
z;muZ23khODgg2SieMX9DXts0_f#T}xKp0lynG4yfLXN8OFe7xNPe*I5uA^Jb$NkxI
zjqQa8GG*ZlWIB~T9;&}L&Sfy(YFkaF6y1Vk0a0UUjGFd>2g$vdjs!s#IeiE73v{UE
zd=oz`)A!n$8Fr0-7XHvl+DOmsPBMu(WTc^LRl#QRu2oX>WZY-CY}q}VDMPL?@tPEW
zBjfUhzHnrqsJ$wO#7qh3x2VB0S9->j=a+eM??Ci{!x9ivOk?a0Ybo(qL4FDcFSYUM
z*JRn4fvN_#0@N<DFOzRucNpAp$-$i^7w~(IS2jgQ5iEm(k^J3pHNpaq`GN{LmR5xq
zCpgHIUrk`2vToM~g6Uq=l|^a;E~(>zHB05xeH+-75Ff%X+aim1pNen2eNXhj95rwR
z8@UW-SlC#oDtuZTi6NY|->O~#gXN{{fJNOn)TFV_4Mwo7v>8>O|DrVZA!f<lQT(;U
z-eXQ58)r8#^aKOS*x1jSdOLjlDkG2g(~u!jpTcZ2<@#c2^6g=80%<K&I=edW0`{R6
zn2`HS#MStjIr;93b0sA&=F*n#F@yrMTxSM2>E`g`a3*cp5buIFOCZ_s#o)cGpVL`i
z3rH6RcL$K1soZp1&G-`Iw7}(Z0qHcM@Y%h7(;&{(FnCk6mru<OR)IfxbS=smW+i38
zRD(sbHyB~SEU~_|s*Di?>OQj-b#1YPBi5XsuKr6D{+LTlF3kkxCgb~$uALh%N&S#8
zOCrJPMLJi3plm{<98wv3@fVTLKF4w2ACZ53t-A|XraH-R8dhvbsTY+Z@nAw`Aq&CP
zCG5f}x9Oj;Up;+UpB$Jl-Rq5Mmoz_wiHApaN!-bEa<tn+-$#Ay{}z?PC0D*~6y{tJ
z_A<7@9(V{sba#<XU0^uwYf)hMogS644aZm#4Rn1_(ZQ#EEGd=iVX8CAD){ms*BBI&
zk^_FJmj#(j^^LNfVIFMuRS&C*4z%Drs4-22XasNL8#?->);{$xSbNMi1|vW9*qJH%
zId!{7Oupxc8l!J4j(s{9%V<~C`~nHwQAPtw;EsCs<#>v~=K>H@@RWFh<d~VLl&XlI
zQiPtHcbr0A8W@+4TN;)j&SVPN1Kayu-V=(o|3=a+{Slu`h|vjGpGx59n<-Fbc3SA8
zx7QG1OBYYsisx2uS+6xS5D&#apMXM>yp(!EvKuXkv0hMB<G@Y!8aO7o7XdOfx{Qtg
zx%t%8WJ~y&JtwD6NAa%?)ZHE)a<{;;x%(qZdAKj5Yg;Hb!unF-ddQTGW`>Y-kYz^3
zMg>vG0At27HB!6txGP1>z$k()j#6o<?1Pm|bn^v!P|WrWOn;KTOqct)<iS_xD}^Fv
zvqLAzbtMBY&wz45A=I(*&m-tuba_m*iqM#gkfDgNF?ScIhc;4i7@Xj(9F}$)*&j_@
z!E8&WZ30x74c~+z-d01IixeJ7$BmU&<R}Z{1c_sBs20Y}mh1=W^ke6#nPeV20)0q%
z?>llWyw>3Dc9W7sR{0dtx#k#rfD9lU*eklrx}!nnQC%taXMEU3WQ^eSCNs%e!xygG
zo2~pRHpeF$n7;3zxqY-iMm1$QoY>jEav9ICgVyStwnZPEOLwTd!#4WWm~)4C7FXp=
zt;P3t@ok!_sL?@pnbi(VtaH2IMgg@XT>7JjeegvA`4LcJ6A0NqDzTn&)gxNMp1AwM
z)lJt=wVMhV)>yUiS{)c*>0tw8e#+OCYPtk3gpGn}c{ca<_oLU1xMVKT03Se3NUnlw
zx$a|!2~x5XA(QWfXP)7KQ1bs+Ha?jgP}m`kiXD=W+d3{}-(4*~X$ebn#OQ@#i8KN{
zJEV&_o?>L-2WHY1{;U>Pt~rCOep&;b`Ernc6k~2x)TBXiu85L@#)NntXW3-fl$-MV
z$OgIVTnlBTJW!r~etu#cjZwl|jR!Fr-QC@#is<-UDG^*W6L(2a3t{-PB$v@GM`E^{
zh!~>ey=Jb`CADNKt4|@6-c)w9G}(;Tb|2RPzI7_K(ADEQB_MBJy2iRFHj8qgY)s=>
zjmO;+bWs75oUFzsE~~s)!xDo@-CVlUNKj03<+_{%sf<wQxss}g(($LjMgrFaSy}bN
zh7M8Vf#(@G?Fp;m@5i#b+O}1q&_mNv-CyPuN`AVli>Ngby+q^hu7d*5zJ%;R9%+$u
zJwS+riaxENl${l7IW;QMllS4v<(_g-lRer>$-2f=LFv<Q$~KPhSi}f-f3ye-@iwm1
zt#ivxtisLB?(T?gi>*lXrOSBz09Ks2F&c9>?Ci?<D@Re!=X!Hu!ngw{z^py~pji+=
z>?_=$y&B_PwyJn*w`l{*u(ue6G_~C~=$M4>euIFomOH!cl*IM@SKZD}U-WEy{zT$Y
z&2<9idAhC}4J2b_&J??~r8%QZ4|6QoN@uqpt{6JNzYNpy&EzkZ&%HB77|$_)(SD;}
zJ#qs>4UDca5(82e?;e7pcz)A5?s||DxaAx3x7LU5^?*^_nbG$5;qSup)t5lswQ3=E
z+73Jlsqb*fqCaqXJvB;Zj)}x_hRQ1M+R((1l0;BBvs;0(#Wae;yka%az-K(LY0U^3
zHAMeBd4AdL`TLwvivmISKDY?;t2i%1kQZo!9EP7?q=~5oqYRu1V6Qvzkz5rld+Hsd
zJ^JUG1H?h@rEF`#A?mB25qk`iOv4j4<zfM0fWpyh)g1&ComxwyRZ5grHNd)tL9^+y
zBzC?NZ_ygd+VvJ?WuO34I7{#jp*nEi(+H?b>`o2s)we})P;jB90#|rf(VtyM7zH;%
z1Wpm)^A29PUeN$5V?ngkV$|Ma4=S8?_LlS7T@&&zB6LDFN%xwYtHM_&;BoatUE%?3
z$K_BLKd1OS*7ljd8`pYkvA-Z06i8Ny49?YRiffV{e^>xz??ml~LCs8k8$xjc%G^<>
z?L~Reo~Ok{QuQWT+?d%v_`ESfkIPqQ7n<uK6KG1f<ObJ`5Kfc#+MDQn417NFje7EY
z1S1_|b^{w~9<K%Alx*0EO2WHxk7v@ntK(rW`x%$H;<y3lo?@RvO&fD^4F5<5es@Q<
zx&<1`xHmq`qogx=JT_`AQ<OUcFob3;7bWHv{2%eLYXtf%^V`04r(ZS@ODc{6AA-WC
zlo1oX$)y`9+%+atXQmSbWozs0<|eSG!t?S)w<tGrgKX!JYtk^MLhQ&o2eQJ4a^#kO
zjCaI(=M?t~sWQ*{D%snQ${yN{dYV%dkCp<%EO5X5E{b8MU(XF6T@m2}qC*+i6bu!v
zvS3Q3GHygvfO=G@&6qgstyqM|x_ahoDkS<UzW0HBMhn?z@1J4W%-I0g**^x&z=TiA
zqO93O<NUCt^@Za+7;DOpN|k@2Ug$Ucg73(UJ4=xkQSpy<=gV5tNhgvybj%FjMv)Lu
zU&vL7ueJ~je@1q15@s1^zP_{CuwoeXvv<?TJ9{6hZmGsA_A^;8r!kK&2Ze5$#Be(c
zF5r0x#V#4Z4Z>6NQfcHxqP2d4Vc%qgr~@}zA+-k7qFC4MvsoBdsPC=6tNd~H;=^}g
zA*9)7G$<JN!PK%G_tmemcGsM5th9bU=~uY+rYb0asG?`@TBAS5oSxK|;czgMzJst8
zsluDv;^e&UcS>m9c)#55BF|mP@15yt8<+vf6~cv+#LCuBCA%r4d0FunVz|Cdj^5au
z^lhZ1I-xF(7rNbQ$lM=%Z^P_S9$9>l<M>PVDKE)$C3Y`5_v%}s4Dk>&(#Eu4_%(Si
z{e`B4N`PIDULW?pJDJ9Amq@u%GPcJ(h5eFf{prG|UswRrXV{INwdlO%(KZ@J6fXM>
zPV<=4Tai(Jw%uxw9oXImMRQ#pSNa6!?hQXM*@{u`pbe9GTUuRx6~z~<-!~3-cq@8g
z^#<b&KPaG7)J#sX5zTRD-^u-CgB=pKNriNr3rn$EVsd*Qm1?^X;H{l2hRik}xFS_t
zR>0M|`%V)S^({XmRpzL4)g4%8r88=e-HbCbzduXv!HP4*^Z_ua_==)|F|`(#3Otco
zMw~00)6rAeq5#z-V%lBAr6~3$-(>YiQIyFz-1HlUyeWZW^R-6E_-J_bj=wp_CYerd
z+qwNxyQ=!&I_dF1_NYVg7Lv2yqV6V+M8&7Pc^1<q8|%&d%0A3H49IsLji1xz3y+YO
z!%nk<o|{N6+bV)^iNScgR>6n0!+l1B*i)j#+M`mNT<G}jFZx&8)ceA4&c{_^bnfOs
zMxfEmu`$8mprP`yrCYvJ!VjoN6f}@ALM>_GDO61MaO?<0FyO3zA?)75T5N=n`M~tn
z0Cs-kq(C3~wjD_O3h;-Shgi%_9^H2qtGn~+X@frzj8+#frhde2`jYj}A8w5n)W)w(
zYFp-QDiljvJ7+-sj>8QhF_;q!Zp8JdI*Lwc7?0XEVS{5UX24R<qQHA)t<QSgXD>PG
zGp&gQDv-u8_j6yc@uC5|PxR+EZ(Myg%4R6v*oMk9d%im(d=%v-dv6j9>^01GWsO4>
z6ce=A7KnRoQ6A4DTrX3`{&@Lb#K3z0J^_o1$^P!TP+=t)y-gsL8HNZYJ_APXMqBiu
z1LlJ`JvOq7dIz7UDl05pe`jvU-rfzN%Pptr%(#4he8#t6`##Qt)qfo4vv)F$t64Ed
zLzzm~Nyadv)Br{2o6hZTstOOeWyXf&QHIOGrBo`ii>N<Xk<X(n&`;FaRr~Y#j@MLI
z8-3_1dQbzC;FXbB>(*!!KZ5Xf9K<VWBZ6wN6vUr|?IxgjSBc!8w+sP=i;g^P7U&aQ
zU^qWdXukP&23%8|>%GVA_1U8@eFW*(m>yBaCmhGwv#dO~7xq^L2?An-!Rf15UHi<D
zpY+4L?M}kFh$7V;y}E!gqyDtoG)`Gw`i{5Dk-U$Zku;A4ld03X-D3AXrID88h5dv@
zT7{L9fAAa;jhJ*}1sP`-;~_-EJzUCJ-A+TKYPeMVQ5d&=8uwfeLA%HYt00mxd&Agr
zM$kjXxX=k&I}+AMJ>o42x6z<YY*xCE>=h-cA;pxpl5`Eo6iG{jYzW~w49GW#@;Z%q
zEQxJJyRb7UIH|;mYB{8KHo3=GW~A?GK!sQeJ${UKw}%C<vZ@@*DmB)B{QY@^=Qmb%
zW*7^d-Y%FIt#9jfdCvsntMs9h&|ueVL+49{UhE^;)nI3pEiCo(f@ZG1sTVb+!a%2j
zP}1XYl#cEtLzzXdDWeemUNn|vlY$~jUt>P4Ms1r)M@Yv~NXdh?r0U}`iuV*!_TqwO
zH{y)G!!4jtKb8oqo$}WhTMGoRXTz7qc|ZcXVRqA-C6d%-_)`?|n9D&d%b6{IvM5jV
z!6jTfB;pECpu#YnSo<P0#WV}X!3_q;L~A{KC=R=ICr}E}_ika9T%c-Gpwci*kq}d{
zu)fi6-K>)o<4|1|&B=x8s|EuRIpKN1agRZE97O-vRH75vx37j!3$<Ur*Q%rrA3LAi
zcYZLP<G3Cvvmy@&fxKEW7;oX5<vTMtLi&ZsIIz4Jgsx+x^g^kxk<gp;8aOM3TZ%OG
za2<%M_m9s$vjYr$x1TaAFz2O54H$zCw$}5@q|Dbo_LtmXm4XpStsBAxw=0$`-Z4!n
zwAFG)Di0SYYU(xg)lMl`Ots*vnr5>$eHk%UUaz8<uuF}jRGz$d*$S0vmzAcV{-|NW
zxu36DeGFI8kSP$EffAD2ET63x;m)PAzi2hqXFrH;?|KYu4;_&KlikjA1*nM+Hl-)7
zyDa9TGvOWi84!*~`#EOW8z-O&ki_@qb-hvfufqKmI<*<Cl07%M1X)qV1lZAh(D4!-
za%OLPj95vGl}y53?7khL{H(Sor@ffGyGo<E?FwC5TVPjj6I$)6G4?gZ6jf_uPCYNX
zy_B0ua{M`{fJey3gtGMef*bilgwl{$BN!R!WAJhyz9Xd4@akICI<Nkh5tpWgsXDDb
z?wl1+YOTA_<3Y!il{@S;y-*MqENV}p^#T{vL6<2Q9r7ZGh?KTDWlqXI#<gobk-Pxq
znB*_Y)oSZ|hgJ5;8&KuXrEbtwIdrpD^(`rIcEh6zP~0`Oo&>uf29~+MU6V$Y%X!Qx
zv4^x2lbIEK^#1z%fQ5r5RZ4>t{fmPeINlw@=DxI9@-(cm=7l7ntgd1xx1+Prl(bIG
zm#snlrNH;$=ufv>mih5~^UX;ZtdhD}eOX;zS|aX8GM*l~&qi9_c|x8lqHfC9odmAA
z^8j>ql0S^NC@Dd@FV0F<sEtu#8!6KkIX1L!F59E#BP`~<BP?J)KZJ=g_LkEs^=z$N
zFQ1zYDecwPSbaODp(0MszMDRQr}iA8qBy87CPr0~2S|xnM_#^xyIbm^yJaGUj77N!
z-PGdD*$_%aj!@i43gXH%vx4y|-q`zD8PLRKSbo25;<80r<^wk{5WQ8ruBiULcb^tq
zIf~--CD&m!mxb~&HCebZNCOm3yY@8uJU?~Ii#LLp;<a#+)xgAQb6z1+v$C07!wO6!
zVKrxqD*OmkjlbG^yy7j4E~%75pA%I--g%is6L0p;<w(6NB*n_hisV(=&&;XC%uO}l
zNuKxPTch9Z%skmxl)$j7xV0hA*&VZ*5o)S=4E1Oxy|_=mz9rKYRxaXxb6&&!#skbp
zwu1UwmxNwitp|t=6+b=?R@of7XSn88-v}tp9uY>Ym^O$#&VT2K%W^|hItYsuNt$l0
z&dRTokux|qy}s0D6f@4IAQ11^IBPv#ANV{!_M`nVL~B2|+Z^Ds2$47u=d@@sc@e!U
zG=8T5e}|HhZr|+$Xx4jNNS9QF{T>kB4TcoYtAMWUPoBz8ED@WPM_RmXkI4}t3!a}p
zcTC{U6Yn&<GnXQrr4lBbP+3ruZXQkPs{vXzrBt(HwK~Rastz@4Y3~zvZqKI_{?f(G
z(ZJ){Vq?MDlpB8QphKS$s;qgHVtN}uHFTqM3+^azm8D?DYH9}WCkMBUHl}v(gL<a6
z_Z8fgKW?%)<QAzP1E@Vs5XZWE*%ey=l~O0Y_t`6}1x-dIx9I06>gYFrb}-Ph%iDrX
z%2X|g?(_icUEW3#-F5CGme6vPpyibRZ1y|`*gd457_OeULXr?4cqAwR5G5FYAr9H7
z_HHu^DaWVPCm4L#4|cf!LX-Z);rzcpiC#`)C_1OYWiD;7WGP{=$S%u!XO?9pa(sJ9
zMN{R*^5Y!S=)ASPktOdB5*PZLTlpyNVFApz2aKwbFrK?L#jXN9Hqz$WzWgu<KX#vH
zf2hvKA8npHJ?6wXO>*kWCw>^o<((Co1dR`5J&%U$EW6z&g8SCQLnl_!u53vrXq`)l
zx6*2mvY>x+=C{W`;5apiJv|S39aCp;9H;320mo@wwKv8B?1Z%itHMcZ&|r6F?EnuT
znSjJmKoDBL@i(yY&|)f`r2l3F8s{O>3dl5~n-anTc=;V*0WJZLNI&BhIL;2SGyfeH
z00cE`f<etAY)pSC?M46<05(t@02{O=ali(f{{gTetZz_2P?=xBs4&2ZbND6>*O1^s
z0>UMcNW*^#k^s3WXB$Efu+p5vmEu}$GYtOyO6TVjImprzO>X{g=@xu=XuWj9Lkb1i
z0Y}UCUos;Ak?H!w8DZJ$sTj-!1*8AGynJqdw;tlZ;cbxIQNG)WPa4jme&r-EeijLl
z3q?``GfTf>p3du*9-`3zSqg9#bY4mnS)(?l2@eo!r=*YgIZ?_#gYaL#*}#?R9sIRh
z@F*d&1zB^}&x!9zJx*(V%}!+6eaR`_F<X6c06@Vx<A3}d_==t@0PK<*NQFFB1va~=
zpMe5rh*{&nWfz|Qwo!li<iYp(K7<HM(1iu0vhC~s{}w_tw;SF7<WU1+MpYd$qu^jO
ziuPc1S)39!yLS#c>;JR^hns=8{0pY0?w7iKhx^U`92tiIFdA?w^bv&3S{0!!Gid_<
zhWql%G9@h_h7|zR%z=Vn9HZ<w0K4&L=`#}Iw*D+o;kgqns~-ok{93Q;{{sz+o*yC`
z0qlr?d~_lQ9$IuagbEqm!+HMTbPWKDb9rj!4(MRfS7pcl{w?AD^$isSCjvV52j-Kd
zcF7$|+&lZ%iv!4~hWiJ|r}k|7(1S^1!r+X{C1vdDvPN}iikv@WO#DvRe*LR&D@0BM
za4m537EZcYxV(IZ+lK!MR|xjNI@t-J<knT&E3FUVLI%*wA__;lftQs*ZS|jC)}zCh
zWdrAMi!*$F#T=&{tV$3l>}=d#k2Olgm_Z$P1^+>Dep`z?2?Sp0OPFs}CI2-4KLv6D
za@0FI2>y2K5dQWVx-lNKKD-IYQKEWpPXAeRe|-QzpLqw-<Un@wIv7sLor(ceu-VfA
zH=vai$wSBcOWEI!V_Xs9UzZ|Tj@yW9tTy)$rHzeNnSiZlr;-cN5<8jX4_IYKd;y;A
zl6_!8v_WR^j$*_Wwcj5lzk49)ug$U0L&f8v%Y*^%Y{mWgk%OIu{IsB_=Iez({54)3
zy!Qhn)SnfT9#n|o#DAL0ZKSZe<X!T<z%|9@3p~GQ-!q^9ITzyo`;!LFlm|*N{}-@7
zAhH$!FV@XwhFh&9pzfV5x%EYn3vhav<wIHj!%H$#hB$EGLjM+9F)6?w!JnrO=%3IB
z{;eJZQE?xeY@F?ipp2MXtyv}_ivG-Ga_}miK-iERpWY^*gL)F3|49dJaXR=5#xhMk
z^k9<nM@H}s`u?p`@<4f#$#Cai`lVxrd->K2tU+mibIR0T;hFUdEEqp|8v<x_C2)Xi
zyl0jQsnG^dXkA};F26W;kZ(WYTMx<4_%mr{RXfm&C&z<(=pQ7X66TNA9cbPk#q;zD
z9##s~deID<vBczJW*b08(>)S+aMiUOV!2vo&Qaq|u>&X<xa)BL^?PaJ**|~42#xKa
zLORd+{@xN=S*nt1hfbeX9q8dwBYsD3{BHrC@XB5YH3-83grm)O@|y<)Pl$Mwqq+F+
znNaWb@AXTUk=tLw!MVPaL!OL08Zn4vPi1j})-@R^*$Zq1w7=0`UWcz9{hPH?--GkO
zlGr>$l8A`ZI*}G<?SZ2r8uw7e|MH=DS^I7-94w0@of2n*5`uH-U)i95tdc0*Br?dR
zrSm}-TmHXY9)M@A4<^`NeFZL%1FGx)kE?t`?ptg(l(Dv7nTRQ!cgj>65)2HB6SFCP
z$G4`i)=Qn21qO&R%PU;5#6e#n0>=^i`)}#-X%0>d=%_m=h6ONHv*#K(y?7x7c?guS
zD}O!v0crFFuiNxu1z;K&Uek*6+4+vY_CtDK-d3|62g8l^@N??e8nu4C2O<GI?kc7@
zLHPzn0>nOR)WjC=*pHNFG?1U!ARBFs=I;UXtfI=5)y^AuEVw}Z^B<s`qfBtQj@U{o
zzgiM0InXJ|9vm0f<z&lW%t*-uGSYreR89|orX-2)&ua)+w4$unvtfZwLoy*6_E6jN
zP2iJFw(M(hSN-%%TK$z*mc5}u-q$az1kPnm?!W^R=^TV3dC^jT_I>frIfg}51&)GS
z={uggAWRM7-vnfWS(3kyr5N`QU2w$t+vU(A`7T4yUFK-!zg|v~%BSYPCL0x5b!m?X
zS*N^9W%-iweX!W(!=tfeKwtHMUv%jh2@GpJ*g+LP>~PZkSn(dp2=p|-AKp57%k1Eg
zm868;mg4ZW+7wQSmr|P`gs29BBCZ#$>y;-y9p6r;6?1?46OhD;MbQzy1zlH6MNbqT
zGL|yR%S8p8CPy$JlcdCAqV6lHjKlhB*rxv#>wD+<C-Ln|_dCmWixV?aEJ@|qM-F*;
zzq2kiv^m`DvN&*O4oPzu(C;?&w3tVO*c_?NL-vm!duGEX#BTsJk2dl?b~lrP26BEp
zG+;^H5!;+3#emnJm-5&wl0F|y7|q<<-8b>{C#K6?1eG!86Cu|^_ZT4V>50(%jkS7T
zj-Ip5!4YYd8uRPHW2nw24I@OlYyp!dD2uBG_c40Nvlco7OYKzDuNGkS0W)%;Dj`m$
zFdGt91>m8;Zalu3a1z1}>YtiC_BVIw$zxVj-e(Bf#eUle95~P&b{k&Fm7BYB;J{=<
z;**UYT<wC#*C$khKwc)Of~qrH2xOtv31<OlCfkBky?em|-4JvRuvzq>1WN`O(y8JF
zAVJzEi}tqWvTF8R@K^MAK(>GHX}kvlV1_cK&x&+&q}~8fD}jeIoXAKKi&n}t&{`hN
zy6Dn^0=3|lSi}}4D+`<jfVfchfut9y3xd2o&`?@!BR8@lkU+?a_t}Ig#fU12?ftxG
zz4LQfP`B`2L2SOL!j%Tc4=VAwf@7X%nA{A^LT`812QFoSpdXBm<zjT4XimD|kS%}F
zpmkQp*xq`Hd@V?H&&jW@h<vr0vny7M)0xeN8%xctu5?%<ql_^F!zyXH;T$eivuQB^
zO{1rtQ?)M2tPtkP#_pIbTa#`CKoQREz(KrA3vKzd+&JN1F3uyqrqGrb$_pLv9w9ef
zp`{(baDnS-;Iet(AHpD?AJ%*|(qa%BP8snl2+sB_op;P2pzj2m6bp};KCC)~c+gGs
z0GK^4AcsR}tj~VHypbkmdu{5yF+ZSj>A@%8DbLlJub9e}cCFmjPzKpdP<>#%Gcsp-
zW7H(zQulZexBbp!2*>oo#ay9ZfFs{4NbWDT0Ju#OC=Vub`FwI(i2qqo2|LTn_6A4U
zSCl4LR)5pJHbBm3CX@d03pk?>xSn)9V!Nwd7=S^vdSvKr3#J-daNpydqNp(T0V82I
zhMnJS-)=A}aKV5o&B1#iV)`kT+{0cQhSvT0CR5W8imexBd5K9O>x@nYsqm@ptI&Sh
zM6$d8)fA~E`9T%2UtTw+8DM_hU+$)ge00+L$2(swOuS|V&s-RnJ%Durcx4<FlEdv%
z()zg*xVNGX#UC_CN#3Xeh%z5*N34iOkxgHFD<PaJGl;W1{r%;Nr+RmNPri~tY+ymy
zRqxAUZ4j4wR$g&A?;GSAcqdukELGaCFL@UA>e)ocA2JSlEE-kfrC=7)C?gbNdgT>W
zu&6hLB3BpNy5A-JzBOA6+nn5*eOJzNeWP%VW0Z|~9}rQ5_><7T5F=1lpUd#j>7o^m
z4G)IXl&AsB$vC62QKqNhUenW~1{PP&l$gU|jX%MFp1w>ld-D0tOUK8}Z_adsvq`tP
z5A<hPJv?94004da8eM5hJ%xos8Rk)j#j0n|PXpCruMY=}*J=;9hQ{_REZ(6AAGE{^
z4|M5ulCTseK`aL`4bL+!0IwEpgSG5VSHn!jI9%PCI&rK>2D&}<CIYMfY9q0p@bot(
zL`qP<f^hK{VmWKQL7skU@Yory?%KRC3e2GEOnP5MuQGKcHT8#r04Jtdh6C!RCIFPD
z-vQ?eTne`O237?XdIRQKrkV}t<nJzgLM+&57`?XL;X|wcHr2qmCTb8A4l9)cFpIpQ
zliUhbiRp<dkUQx~8sympvtMUZ^R}b&bC<g;RpC#TD*3ey!8S2j)*87rL|UV@w0UP+
z!dfBNp-7YjqJH(9>}nrMnA<!T6o&AC2(>HOj^U;gFC^f`kH4RE*+fT0!@eZtQ5u@V
zZ0G8Kvh!CoNOJAr)Aq~aib_EmuPGhO7#T_s9Y$w@nH2KEXF5Rsqw*V|bPQ#H4DS6n
zxS+yafVZMw1AHxtouC!6+bnX7_leP<kXr@URIj!T$W?-c*=MM}oj4{S1J3PWGGWZ0
zIq8yFSHAJHvb34$%~~9Q?xzXSWvR%pKDjKR<%9d+DljCe1>#D-cflQqkP>@8lf$C(
z(Xp*qugOr^(^3Y~DU_l3gg*nK6Aex!sJs@LqU^~TdNkDuB+Skt8yPaTGbMyci?J6h
zd<r^})h|8#BE|e_w{WR?I}?o6iirmUo!$s?8Q*I+j1~t?#|a@foFs$LnM_9qRtAt4
zvw|~^t5DtVblJDf|BPq-C84Y5=^3tc&~!ms^=dWoq=SyPX52_=!|cl=Fa#KN-@$`0
z>qSt09jW@zFtJ!6`%Wy;eDep?cKmDv2&_wgnt5Hr9Zm&#itD_K8%twjt<_wDG8LOI
zGsBw+_*fO*ifzoBz$?AM4buava8XP&C#>O+9WQW(yy36+>g7`@=07>fBelzaKX5=H
z5lEwB4_XL!JDNc?ofem~G~ZdFO7PI?h?jXpmqfccF4^T(_&2L7uql)RoRi!o@1N(G
z<(Ji)KEw&$v8!BeY+M5K+ST(au`hvKQ5Zff&;#Pp`fBjrYY{yF3=L@Ph@9nTh0^6r
z8<g-9X5{%CpE*3v1-0_tYkd1KXg}6t(ajp9R0X59HzbmHx&|WYv@C^k=lwYNU4llA
z6YroX5x`J0jO!zPS=HkLrV5JYlqSLS%8hIMg7*nnV$;o9Y+&Qtpjlp}C2Syd7{Z;c
zm%h*5;3kjDc3vUVVv%EbB{hH?2MA!+$hDx$ul~A0BtJ;+pnm9cT+VrTm^J}XZiSar
z$cCQC1Fqd00U%&8MFuh6kTK*2rZ7VHt+rxIGPuOSfZM0>HZM2?$%iBtvxo5MJXOKW
z<f2{$y9zrY7tq%KZfvo2aBO$c6$21ws%JPq=DROdZM3Qn2!^pk`WoGBy2FL$s#IMX
zsocW23$E+PTS#p~U72gygJQuO0MwCGe}}XEU~jlXHpcd!^m<&@s+|6KE_dI+YfS(H
z@sarbuy4+AYuaR2`-j1%5KDy}fxg~>Oz``O6)}0~qJbQQNbzxl07)yz0)xYmS_d}h
zA58FPPda`8ezM!xFYzBm{)1>_<mETTQbN|bI0cLM#0HAa=esFf4`_+9dGRo~!hTo+
z43Prl&h~3jFNu&&%i!?j-9C;w-+@o_<>Ln@K>o`RTko%{rxLV%Ycy51O52#*%HtM#
z!aRBbOdZVx<&L@?vEr@GtZN@UHWuA8=9u@dFI7qt(TNYAIK$BN!TD{eBOy}zgSvY}
zIWw+XuH>oCTR`s&y9GJ+PRD#zfrlSZd+Tq8v@?VM<6~3GmCN$Jlq;S;VvR2nVk1HG
zLq3X?DT74QgSDx{2_0_;d_NMEtMNw{?^shufHC8&Yf&{j4R=dtl7hNH>1#3<pk6{o
zhk)~xV%3=An8h~V_N(~nxdzX?nmxRt+SBaUV!rFs$atgX&7xB|7QwZo4U+kJBE$?$
zmYzhULa(I;FpU1D71v5zvZp&BD+AQxmp*m)uNUKqhfb;O{DUC{!ouO&4&yj0K~fVk
zj;%!<>ppPS4C0{$`V2H$yc^DN<Ubkh_(>*4y=gCC*8JRp?mLv3$F%Zy-1kRX?yMR*
zki+&t1IuNMiqBR!ul7=rj#q)}_YJ`B&E4=B9oP{ETHFmvA<WzBnwP1J>*|B=snRC7
z=t<A50;4#?sA~P{49Pkp;8uzT5(4g&9O>C(N)WR98UNo{;NFlq7{rtkY5yBloWndi
zaroEx94ps#??bysodvR4C?@52>^6G<HRm0$Wy{`&4&R2lbKOIxD0<qjy9x~&r*GhS
zFP2%xg#MtC@al`X-75j|tHOoE2!k33zL6q$H_GWzZ{EB@WfN@$#nWe@6a3Zwfz(Y2
zo}hCrE2nsHaMJOYhKR{Nu>p_}?FQ_=cWpn(_jxw4vy97zepmoc>xPb9bKr7+gM7q9
zS&pc`IaR)#=;YfWuT%WR)dIsPP+@&wL;{75;laWr$)P|IIYK@ah+FSn)lqQ8Yk7Hf
zwd%p9%E5#_YfN`Wro)&xC&^Eoh!JELwwGJ~`1aWXZ#9BVV|6py8avt2_7t*nGc7yb
zPYwQ3O7CJa`SVqt$#^3#D-g>q40P#;0_wG;g@_Grdxbr?rMqqrt0Oqp0dgSM@_D?*
zkF(+2@ycP%#Y2xY00cH$ZmESOUK11{SY5XBxUyU_?4%&zIPTL8cy_kj&d(&3&I5>e
zK67HywZFVv09B3uzL9r*N6AIE_+GkZno`_9n5F~LBDW$LPW{~#1Pnhh>YrumS7Hpq
zcc0}bSikr<%K^wE7%)0hEr_%DZB>e=zg)cH*xJpf?Jb}bGpASILCo14q~tNnO>|uf
zdNny4+D1lpAHOzQgP&Iga55b97C>?|m#Tyu$Rc>0JRAFX949CvZifQZmd&YHESCYp
z!qPHiX}xY$@juE2Jq3Q}8K6;>S%CC-Z^v9><{D~QsAe;`e682S`YWK6DFoK6cHXag
z*-BXWY!gg~#d(6crC51DoD#Ht?d=~<H4Amkw44FW=|PY>WZzDkIfzdD-kv<A@X7LL
zL&8p>RB5L?`}5l{zF}E9FSA_k{BJjzcG+DDa=ijxJHN^YB`W;VW$H7BlUHui+xgjR
zX5wz`{LPusDl20X0=h;?41X>;$~m|aDq$8~t|wi^Fc39-uH>tmY+&vM6UYT-K1x|f
zw#O}`lFPy{dW3l;W8#(3#*`xBaX_(cRLPTfKKXt~2elm6P!7u>U=m^$U}I|l<fzwY
zc1XnsZnfWV&L0F_Yx6435xe;Tv*rze9eoKZVmR%cEHjd2U+p#;KmaOE=~WrP3EX!_
zDw+Auvhq>>n7E%)XKUIo$AD+Ms$gp7hU$B9r9i1N<$Y>n(=Q@c-$@TMZmNpFP9YCK
zVO$5X0mL<ioJHO0i3oQ8QE=m?l4!$u#J@iyZCe5iRt0L}0J5EVxi^<P{f8iyBRI!Q
zyph?x3?Z?WPd=JV&LDwPc)k0_cO^W~9x0UT!G+iF1u(U(cZ?vcq>;q_PT>~t8-g!C
zY<<i7d~Uryk`%H{Vq8I^muzsk3MZoZiUkbQr9wC99_<|6vb#ODZ{!8&_ZU#>XEz1J
zLLmz(Wvp9NSKu6JT>_e>o%hP^wqdH}X^QK>6>&jWwahyW#Jd9+tDpiL<?`LN7v>i^
zIk&UI{e}ON&KLeD>K?WagqqNO8;k@cAhM7r^6vP{+TTkKF3|0J3U}HB{d(GfwBdFB
z2wrg5=pP<7+R$O6jeXe#GP2`4txGix{bi%>b6LQt(rc-%%d1*{C(^#;Zdce=EW@&S
zN^)I`R><C<5Y__2lt87vOm*ghA1k6(-htl9$%|)?6)EHVqUoT+nEdZjLB3A7r$OEM
z<?K5c%i!(+r9?q6pY5Z+zuPu7ImMNOfDUMmI0rRHq|!xz(jt5`@d4_e6<4N#?OcBT
z2O|XvTz3olek81ExX|^xdr)1zRh26@>o9h68j2;5k=Wh(@50M(@O;JGyR*RH@62tP
zV9i2{c0~rco?^r6MccGuJ)mp4JKbYZIl|)C+sehUnGpSct*VCxN~Q*4SV9kckza|@
zV9bi{(eu#TQJui)y<=tiK_|%X-yW;N-4)IfZNSEQxwTWM(({&=J8PiOB9e%1av;r4
zzi2kiu;+A~wq`iXzE0KZ_==Poa_b=W3l04GeZBzID|X}H5pF{k!0mJ9;UKw&h^{-B
zfpQFr4pP27dhAc>HSmDeZzYF{7rNU=T(yEY%I{}h@IH(Js~1`@#jM31MB|_g-0fCc
zWJa&cd0ervF9{@3FVZtkfJ!3G2>Nr7K`EdJNySB(Ak6Pqc_5>zC+gEH_u_>#FGU$D
z7g-H4Ytk4efW>C9Y1C*sR4u!k-a|AW=2yU+qrw2h5rBb8d~)#HehtQfscut#(2$U$
zr|KD?7;UA&xxbFG03$>Whl_yni(b{O$)mXNhm$mv$CUs4Tdog`G5h}>0`jlQFaC@1
z8V7WErRR=d)RBgZ_5Z;LmH&$(lXrj_^nX)t^t-G9$Uhwnhf(zca#^A-lJ(m#r~fuD
z_Ui~PgEJ+>qELw7z8EBYsZP58x)2IGe6dT|D-#T?>HrzfBGnMwESDoEGNHRg`>OsQ
z3Yg}>*uAyCsjND3B8>Dc7$rCv7;)$GpT=?tgQV20oNwoG5}Kk6z7^D*hu<widmtJP
za+9azK(OPE>WRae{oiS1HxE=sbGin)?Um*X=N_8*BcSB0gas?hafQR_cCv@l?PLR0
z|EgsBmP<z8axShkh4`pEJeL%al6dC))nGZs6w0zOh20CtTVXtD1~*fA?9~>dcq1>Q
zzIEi}y+yIXCCb)HXO-SHdz0<f{`7WiZ!zdK6tQ$&*RzQ)T(?|%SJ-D1HH|g0(Jzc&
z@_vth^aP3I5%5R){bRZ7=*OU9O(bFkYbyzxR_%TM#OZbg6C3fdQ}iS%NBfQoWe!?g
z-%rQLiJzi>as>SAU;p@gx^ysVf=YGNdU{Q@w}jB`(mc^^Yury}oHQUF?v}-`5g6LU
z2PG7@pkIso-GBPy#m!GW)ifPX5P1Q7(nhk59-;Wq?|Q=W&HbDEcAa<Iqdk+pkkxa4
z`q;1kS$pn55qA@RLbgA1x`D3lCmQ7UVU?7Z&;x%Xc_8-SQUHFn2zUmg%jf_38E!$(
zF!lstV%|J=XOWXn3VPZf1f{g4)zUW&!6PJUzpnqsN4QA}J%Uie{9IyoW@{qNVAbtf
z+$M;FZR~Tslb$uuF42t)75>{z1V1T>dmTUVB8Zs8BBU$g?@&UU_31L$0@1U?p3cQ9
z#FaN0U;O<`0Iw_XNtTyL^-=S@0H-MXD{iZ*uP3<}NOAk^DE1&ZspZk0T2Hv=-|j!O
zkx$7E_R#ieOZf$I@@5gkis;8q?>Uei#M%+v2OqlwJx!YMwFo7!m<Ukp@Q;g`!O0e0
zM2QpMq|3|(85K@)7@^&i3wXXRIJ6m{&3j(vp9JER*1^lb_Fm4bc(}l&-&(V?(~x*9
z{BZlOg6EJ)4PV$v&ScsA8==JQJQ%C`&D!|2mn1Bp5|ZqEp$i$8ApuSy2Qr~ScWI~B
zcACyJ_|Cb15KBq=(?@l-oo*aQf*0B#cAFOWwQMJVR9^`2N3elKsI#5F{f~<<Jd|oD
z`%Bn&w8+FUeKVZ?d?N+F-z(r*`MZT3=^UCshQDgn!2+H!Lkn<_9B7R(D9x0-mJn;X
z#|d5tQPi^oLHq%p#lXR*KM%Z*`K?g#e|#Up(E9+w<s}wDz#8DJ5qcH+QAs%<oF$W?
z-)(_(eD8j#`H$jVOMa+f&aBhuXj&w@9kF>sTZb`CG4Jfb<J0Hj+iP9}&yndK2Av;&
zyC%u}L%HaAO^f_IDwX07$@3fdlR4j*-j<^@5eqxV(~rsh{fEJif@tS~l1lZ`A`QzQ
z2^F$ABnCK<+lwL~#dcErwDu_&d1Yu*R!aqoQ{Z3Eh~EkRDec1-bJoocUR!(Y`lNs}
zE4~MR=tbzcpXh@xafv@S{~kz(t=%1>f0T}^hti?16)i22ITUoDTsI(vAEH~g0UBH3
zof7ho8vFWCW5;Na^6%nnglS;v2eR}DI`_8D61aeKGeA$|yezad$-D7hF=$E7j4OZH
zT(c`b8m1NaMMm6mv%I38Ai`f=I@o{P3b3&i3v7`~uWYA{tJR&!aSLRTlpF~EM)sF=
z85}ziVaPXY*O8@@w?|(1ViHXtZS*0aQ4RNPp9##aC&Vo5_=Phvfn$YU=w#&+CtYJg
zXN^d`KT9wPv2Xqmk--8=<g2uZ3f4@`+xy1i1#4euFH{quYa#t~+;7_JNOo#F$i!eI
zo#M}HE2AfQRN)J)%86^(up6hT^nAFR>6qECH<P5n$=W?rN*y80^FQsjB-g2DBlbXx
z+5?{;MkO~lgPgyMC%wik2nHPk$yc?DS3)x1Px^sR)@#wvbNf5GBpV&<-*0j_`Bbuh
z0T1X<KYql)fh2JZS@we$_f?YXxE0C6|ILa--XBGC>d%X5=<3p+h;aTsA$<vGpYKZs
z=xEcb1+u3l)&gDDFR~>2jR_|(GF875VVqbupFG^<WkObms(Yt(ay}k4_o`r(kf2y(
zz~HWmH|Ds#GBy7<dj*|1tLi|*rXMa?EYbN_wm%O!=K?7hf*bdAh=2EVM659tG9Iip
zk|G^D$pKDWp0Cmwz>9w4g?qNJfA?&bkfG9!Dm-c)Ck><cKX?f_uCMx}VPoK)`tyU`
z4&68MSYQgEae8she)yL6-X;sI*f!d&eF_CdVAC^Uv)By%lH8AW9&b4}!kFTb&=`qX
zjHK^5N&1Vv`8AX>8fTpTd<@Zh`A%Gqzfb&Ld?9jGCG&}_wHRi>sHQtiY;E$b`bJa{
z|NNul2iHzDEt1g9us5g48@k7R=^-(rUt#6U;aLG#deT&ds9g0tBQbuGJ4S(~o*+nw
z1u0a0Fd{=pejc?3@<22UAZYfH5EMMXK`wSulwb{<B>|8;T^c}8{pkSk%_fNLTe%tI
zn)bOjTkEb(<B14V^)X|wwMema<fEY|uLmz=Cwp>q#$LJFk&|k2{Xgp7JRa({{r|s2
zS}o-&r9z7(ilP*<U0Ure$WGbU!VqJvt5gbQ%P!fsVQg837F~9-4#rY4wlQQI`}iL3
zp(|JS{r!FJ`}_Ip_fHQ!3hz1J=XspR@;qM0v15kJMAqyp9LUd!jhB5z*Zs0ExND~d
z6-uJPj-%~YQg5VO6S>|Sf)vrC(YC42_KN;haC)f~q#Q5zmWFo9&O*zHadptquVzI|
z;;d>tjOhw)<`>FX1W($i?27WTSJAT-@crkJHe~4Asiso;sx=KC@Xc@hSn-&)WVT>)
ztjp^81b?>2Rcp_r#9dG9edIe?Uw{qVca^g9BJ}|y)5|yhV*$w@?r+?7ex=~f*9|Ee
z8R4U4o(^o*WBg3}#BwXFPs)sNoUu(eSM5p;VN*FPw=i4QWqQVA>7L8N@RO@1Q5w<=
zLCv>Pr#GojFJ?8-4_-!0&#S}FZm|7xIb(NjDL)xI%EF7$E9TvCgEv;!8_iELdn6tt
z*yt(FkKDg%Pd0woJY>7=(&zaCOH|hOePT+f8X1-Yid3ycl_-I46*6Ji%XkA%-2S`g
z(Z#BezZ5N>nk4qdpA#E;zDp|LlC1cUp#I5bnEhn*>BgHIRbamZFWmd(#$k2#e!DR!
z@IjSmqH4}z0TSv+tZw6m>Vde=^5SDFPhNX~t&{!4wpk*!IOFtoi4}rvv9fl)wTbV<
zhixk%h`ve7p>Fgze+R%V<daaoe*sFfape=h9^^}f?>l3Ah>7D=KwX(_$o=4rA~v0A
zSo6lXofV<^az1;cm%cj<uzM6AsV;OJzNVFZ>!B1GR2oA7g$urXC{QG5uuF-)8WdM@
z-Y*oPoJDaT(rSuOr1;oaSs*x2T3F*NPZmyFwJFt~n>tqPUNkS0PQqhCA(gEVe#TA+
z{v`;+AT%HuR#)x<{FQ&MmGhr)RxexPGY?y}rN8*(J4OEd6-kTdS~w(2Q7D9!=(80u
z6<vi6z6pZ|T8dCs!(H<Xi<CTkVhxhE#V-$9&TC|7^N<N#7Bxw@o=_pZLpf#*Vi-m8
z1k*n1`yfozFjHCCD5RDtb1<nycDkzxI@k{QiC+vCvk+jSoSN+%sKfRZkN1O4x}pn)
zCzJ&B^<3Lc`|o%`O_6gFH~+dEj77LncT6D6z~I3Ojl182fiH@_yEk2lk|^%@+7Fz>
z)IeP*6ibf25ECqf3tN0PQyePo>-U(w9=8e|@y7f97>~~1+p~I%3ictPm}Gz6nIADg
z{mjaqtDeYhEdaK*KxCi{roB~xJd5!lPn(y)3N^Ijov{T<eC+Kv<9A+y)_1J$dX#S8
ze=4heH&#{RhZewB02^LS4?AQt)$bx0^$ac5fb#BZnDa>fbRSh!G2c5o)~y4hZmd@l
zZ;=9drEWj!<<zv+;WgnOFC;R-AA`~MT4go;hHS5t5&lWo$$Vl9TeLtvAtr{=U($K(
z7*q@$`d)$Tg%b3qxh(2G02GgMEWcOs&P0;0NeAAbX2LX+T~9@vXlxfcH}&~z9rW!5
zwhv}Rx{jpSSMj)$b)qyEJIs6^$<4+{8hv2Uk!JdRG4%PqGo5I;2k*cLzSPdMoOkwR
z&H!KvQv(8%*R6|Z6JhzC^lg|J_=L-rDG?>}0}&zs=6!OSuSt-afMI%P7vK2Y+7xz%
z!<_T<i2gj3%tteAa4ZpGHUgS@Gny7n@mK7dD9axnZX*_vGLPrmwP!^nsHbU6k_&pZ
z*^kpJo})P?s;4b~aZJ?0Hi8**+88*~$)H|A^OXp2i$^eC)Z4mkn>G97Ikv0%#vFNC
zt9Slp#3yBvG!S0qo`T5?{-J`IZ$I!Z0|ZqGgB(Upu4ihJKe>F`rP=8cdfNMWgjje_
zoS-pi%mu+|>U@`H8zbXcx}DPvml;wRd9Uw@SbGZ27AGEwjOVF(#I$d;u#>H|mmnG_
zV(c__l9ylmcU|X=2G`Y{`YX}r(RCwna-Ts;<u6786h!S(uD-c=Yw_`pk3?9;obefd
znG>l}7Be@Qq%rz>=9GbscVmzgJp>a19!-zAzgVX8icXRW)6CShcu>IcrLLxijcIfY
zsJ|k~ATMlaDdj2LBtZ)^B)<EE1^Gt;>Zz|dOD^CN@tJy7m>kNjwhPJtAu_vwEIt`M
z-T-6xOvX<)41sdg38^B@@SYCIYLE<wPR2wJj-$xV&FIVH%BLGS$4{qfp20=VDn+K@
zGVF?mFGdjadwgbloy$)3a45BruwA-%CK)O}$S=JFLZT{h9!dsPAiidchvM<&LP{s8
zWTfNuV9dQft|znU<%)=FIMEa*_KRzHmvys1d$_W1)BP&#%-E4VG<Owo?lPRW%j=s>
zy^-%h46N-|2z{?wFoczr;fe6hj({@ft&6SSH#Iu$83B`f`b9LenOld+a^2_F;!Yb?
zX>pZkmw~WyDpsQ@s#pwOjD4nzT9~bDp%vbN2#;Ezj*m^GJdP4I^K-|@i(7HOy<Oo)
zSw@7r28uW>@$gz?+{+B#ySX6xBMsW_7+*%6yiG-nH}eWG%vYc>bSN%rVEkxO<RNz5
zJ4T0IrAvModYwL8A1U74FICN0lXs5e+{}jIA_Mv|ZBHgY5_OyKC=Zy(+_9I=y-|WN
zqOyS069ap}m-$-;uE)UB{bIK3Fl!Iabw*@X+eVUs0=izcCz_{5Q>tt`Z&N|*ut3g9
zO4et5tU1X)uQ_*xQjo@m3qpBH%o-8$ZIroPA9LFJ2;#l+87EMUoWmb|{IldxQ8~Kw
zZAcwu==0Yzz30yDs4X3gev$8-FZDzwn+=H@M&Bi~{xfcnO<<?Jl*iy`@y|G6ge4Nf
z>ci4M>MpW(V``=?Fmq?@rd(GY1_+7^m|eOPteiV;QHg`XJp;ZUwyeHm>og>M$`}rs
zo#URu$3|10wGc<rR>JKwdmL+0rsnk>8!u44&-30pGxz8{kBSrwLp81pc#Q>+DlGbK
zP3@ge7vy<D&z|`7$Z>;9SkS>hhrG8`S(73<6DAI;-=+d!+GS#d;W&6jPg`|;j&MmW
zNT+D$r850a3h3|YYp|Q2BqkP&dF}l8cy_2!9!|2YYM7+6-?Kd@KS)YVbS5aW@4G<}
z`*Vky3MvEjb_9leby(-&CwW43b>o%-d6o00<Vab~2%n~TUL54}Y9~V5XE~DF4z>ic
zqsY)VO!g+TTwd%xRViusj>z-KWrbw0A`m5Uz$y^Nz-;oJ@lqX>9_^TN69)j2JP)!v
zK}pdZ2I=<}!kXvP^OC5wVRk$tP@EoYKZrrqkM<v|_vLvPp&-mkVgIPWa(?440n05u
zRv)j)lTm(wmWfeg8E00mA9}UFf8(~|ZX_OG^qPd6QwQn1tav3MIG6Ulx*IY#Ws>G%
z3pRzVK=-l$AUatGH0E-fRg|?_kXbJj2Iai#J|{{C!sVPo*(2McvkJOI{uro_iWvF5
z*=l~g32UNQtV$nmkSMNdE#Y0FR2@)NsJ+)SR;1g@UV*#!BGXwA#o%vzoq{qSf-%P2
z*?72<;;z?;x`8TYHIyE0(G&Wf%P7RDDW9hX1OC)`unMKK2jY)STIeobVW^#!k^Q&j
z`XF;r0!wr_UFLRJ%=ySXX1)s}s@!)j&P2Ds^6(E!yHju3?38pDgp1{E6qnZcN#Q-?
z&WfDO1j(8BK$VvsrutTTh~r0nozz^&!Xh=Tw)k<2l);1HPDNdGKo0kpEq^Y5`ds6q
zi9`eIJpqBIvimnwU)6d<3w8a>WW&UR-W1u<!be%|D{yxxOB~BBkQ<OO|9tw1(L)ds
zW`v=6{)$11AfOezOd(*(ow{Q`7Mly-)C09JTZ^6&muwrSOHDCA(bWK@Xj5Rxda6*<
zw(0AWf?<Y9k)!gwgO&%Ey{jh~f^@)HL<7ECi5h7M(R1ohA8Abs-Q%YX3wKAZ@q2sK
zJm>`&?-ezDW-F9`4=*&|g<Pox%iRp~I=^q6|G1gIxO#SJYUL$dn)*u)yB2E_y>CV-
zN{Gk04eB{p(bciA9uUz+&liP&aBy$^E^?XbGXALe&C!H!<5J5Xwh4pU;F5H~J&D=Z
ziBk=pe%W|cJc@G&hQW3*M@e~7&xJ{$^KDJ5jF5<I;KXrtB%iWw1s|)u+qXgD*|BXJ
znU(j3hE7!Px)8qROYK!_6U;|dTDkIHy1V%DpGj#Z5znYMvjBErFSO~u;xJUy7s5?n
zvuOX$@=44p))suGfYvn42yriTr~ArW1)Gz8I}jb6(_<yM?Gw~95_WdIr56@sJY3_R
zaT&OsHC)N2&irjBBB`>(e1;%Nr_m!YgVB#Ea)3yjPt&!Q66cRp@z7VB0(C`^Da~2I
zkm!{<=-C&(w7;>(cI)BT(Mf)Y-itM;5<&TyQehy0xE&2zWQgo^ty}9E!nc}zYHeJb
zhqAiBIf4N-%Uwz_(%oH)sv+$akGfb9duq#nO>zDDK;&t?ja7|#aO-L+<=-SE2dh^T
ziob36JKZfe0Ca!SW5#DFL`%ZBzp}VlV6nfdq0<XXDJlVh&{1(1(fP`JytBV2zG{o*
zxG^~)y#`>kKb68nc;*9w#+$eBn_YXPRNuNGi7i<vv;Aa+WA4;aTk_Sz*@}ZRtt%P&
zdi*sZ$8)@Uc$LF1yKJb26O%P`u2xVZ{lt_Gdl;X{WX7{S(tl`2xJ05-w$qu6Yg@$5
zfxH_A!<(WBl&$98Q|7VVVfCo3hhj&A`{7az-JLi)%T@ciJI}IpQjCCykVo?oi||%m
zcEbCJ_HA(dPEfpVu>NEF$i_BpInj?=2tBqMx4Y3-L);EQV%ZMyoyh;>7De(LIX9YR
zBrBKl1}BoQzBx}Hj<BxV_s^Ya>`6~Jjzn2u;}i*WWx7^QZDeIZ=M0FrUS~e{UA6=C
za3j&Snr1tf7iIzjRU|sboSAZ>M*1B$RIlDCCBqB?fh1J3vV6P^A>S#dUYzC_mbgqk
zJs@V;VlL@}g2m}kYm+$T2vK*tEGoOapmgF<NL#@t`sxF<Qddu1qLfi*O3uODbRL!Q
z?&5-BqW-Br=V2hAF<?rRSB~eZ3G(wQ4wwUmV|g<qykddvU<m(pi+xQ;H3R5OJhhm`
z`&q>S;JDz^k_i!YH>w+juL7@l$tOFSeuI(c$y&NUQh%vks8ultD9RSP&Turncib@F
z;b?qs>iJ%+tIVs{0aSzPUt2$VcuY6132Ib=NQP99Jw%C?qPAB=61@rshn7yCO_#f+
zH&BbHb=oVYsJnndbpkjglvhvK_^Pj~?qbrCy7NVL-;LG-w=13pR|WDWC{>X3QswG%
z>Lo;pCsV{0=&M1@CjbdZ?%w1zsqEK1ep$l1x_^TVrTtq|tQ@^oo@KBuu+>$?<i(`u
zaKnM?Jqfx}LBeHjUXEj39f?!bX_!iS&@?~9LgsM?_&s7pNBvY+zD#Uax|V3O)iNjA
zkFf;W5A^%oJjVx;H&jC+Ld3z-Im@IFKo(*~LC>+PLfv<UUi(z{ee$*W(jmzmMGCT&
z?Lcu^>UWCjqInv^L@R0}CZLgIxxYWq*W(5fn~OP|l6l!)p<ufi*_Tk<;Q7T1GTE7Y
zna<=us!r%|v;NVG$?yBu5+*uWaUX}Zd<kRF%+6-{!uIF&`;bHLZH|;T%<b8?NO(rE
z%#VAP=^;6ZwC~U!Q$x?vW%nSGDlvSg4KiI%$a*ORh?{f@M^XjZ-WO?PFpGVhWez3h
z6Y80>)8*%3T3jggNIxLeL4YH*+e}GQZ`!_{cywz~5&g!2$?D7XPzXosrqfFc%D=Ae
zWo~3IZyTMF*3U70K0VrT*ri~4xcQQb49<M4cXC>-?cGYZvwyDCXHUR&8o7Quw`hHp
z<yM^%edh9l9xpNxuAj`pPx|ZV^+W~uo5{Dt=OX=y5w$FH9x=E2!EXR2lqh^HL17o#
z;|3j3Cj4um5Ay-j@jPNpDB){5K0_xo`9Wsn-M{w6Is8e=YUgtME*Hn=E`d+U^|F_k
z{famt$93|9>LSk6z<awjHOsEz^M0%|FWD@wUMF)ZloU75iE6oubsRREgh+Q@)kw+|
zIRMZ0vbX+{34H7=dtobol7O$ws}d(NN7zZ2U_afQm|p3#dX0k}*S$!7-36|xXvE}h
zSAH{MKJRtJpv)rgDEY{T%9R!B_&HIfnL;tyq?ym0IUt)E7WQ%0YMxwhyeZ2_ejhgh
zdIVq!y-FuSR+-jEYNdA`zSwmrL#H60aO$~5vwpC@Otjg6hOOcKP#YUnbMlt7_jS-8
zP?HpsC{t9aB1t|1aYfF1<pUb%wsdDDOn0k@^Vt4*2t9WaE919^MMkK^id?PC5TtUJ
z`|duDl`03G@i+w5!75RH!4T=3+mU`;RaPr!VleyD(jL{pw{7!bkeab@{XAwObsDD8
z#Bw7yeH7gEoAw(jF2T1{0<~jI?nGgM<A2KNgfql)vZ~8!O*O@m-*4hdPrIh3#w}bn
zi9Pm8rkAl|rh*P;XXZ}1kvyW3bOuRnJW-?@+OpzNi{DG8TrWd%!p37{c_3otq-{=y
zR+>geeD{t^mCUD|PQ+yNDjB*xc7q5B3pt`n_ry(wws_Jh*J<;qk57ihn5gBdw6Kru
z&Bb5BzF<9Wb=EUFC<P(K3tM^9uKazPz+1?H`YCwCVe%dJ-)ZG`?hVKda6jE<w-M2^
zUR*E!lK+(PBH7nfpm^ks+^3WVWo7Yr6pUw77H&J(RL*c-&zBjMK__jOY>mI0lHcn#
zb*ItAe7WX`XfEZfXnB5tF>)^|^QjF7H==DC;~wfd)a6|(cCxX%o~_9=Z41dD=A7$2
zURd6Ht?HU#zgZ>SdT${7#;#P07k<|BE&2sH5ie<ZH&H1s%oT=6+|;x>`io`O^xJP#
z>ofj)MR^<PB@Xyc*1t{<BbP3Y4P4rCrhPuaX24H|BbiI2pSL47Wr#gtI4CXG3u_u!
z?>+}USSQ!5vrkRVs78n>j}_bH>dEwMPda7z&a3<@Bn?kWh5FwA^5l7X`9)+!v%TXE
z{j#FjJ1#T#ndaQ0VsGRcVvE*%4KrC6Qq*7jt2>q|Uz`E^77zg;f$a?rqXEqOPVg4)
z5vFn=UH3%5!vD&FYxjnm67rJ<u_iS;7hh_g`iy^biG^_31vZz;Xxo=Jl(v>HnEDEx
z=!A>UIpQ1+6qq+&bLzT#DdK!;p}Xi&d6$OP*H7U_sfoYR@XFOMhh(yB(X;g1Foa4`
z4w^pOW_Qm-ix9O$873RCFo3$MI#{rdwH{Z}?PP8&T$U6Q&Ht@}z0M@+EVso43>lgn
z%w2uQkG7_&2coR-)z_N0x%ZWCv4<ev#?@89URJ9BHS}377oSl-J6e~Q{?QT0L*Gf5
zUi8W+XK~o5kA;6xN|zWRF(a<C`@l<W^a!soBpd@qA??EZ1*fz?AxD%D82ivOBPO24
zu?~c}(7Z$s2c_|uewR1PM0>p??1t*$E}xOEJS$BL{Mh4i+(@u0`bNX6lW*Gn1*R`;
zEa>&{!AUQC^WJB>$NJ*tJD&9=x%V<65qp&$DG)?U?EmzYx$8Gjxoz`F!@<OkE2?}0
zO7)Zzc#pu<Lf-@wdH%A&_+bAS988k2PF(qr<wr~0zsuhYnGeFti@X&VUz9P{o=S$y
zDT@5PWgELt*849uM++D$wF{_kT2ihP7~i052l`!X3wUt-xAO+m8PDWxN)_y;1#ML(
z%7ZvYEF=m9CE~G+{t&j|%9mP(BV(#g_Iz*Tn3nnWtU2n6g`v)%N!xr*EAG(oiv7)v
zJysIWa_iGd?tJ}l9@BrKMyt&|SzfEax}!S8W_f|h=^mx&k*my5>;r*Fn^zu%;Z9H+
zacB*8{iULLLzhnY@nTEhZLI!f%rTDhZ7N%L9etI4b~R1_M|HU^{x{l&zPl5tDyH6E
zttzrTlZ9kqd_-8oY+=gvx{~G`g(IonQ;l!Nb8zlui(``WH3mWgcen2Yt9}!SPZ)Ky
zugU*hbJ|zj4)Du$UTmn=PJ6mrsZHeJ>iwW6Td0p)Fzr_s^}!AYmj~cot+Htq%kxKR
zRk}y3RXRQgI`TyN$6K0^opT(sI`Go9Ggp&s3v`)C+k+t5W6IN3Bq5bM#l**KxRH+G
zj~z%5!2gi<>OX@3ItCHe<YY)Vs|(yL{3B5n&C{BBIsfOgWNzUn2oCI<lu)e=2%VpQ
zp?i51p{cY%jGsX8+SBauesOsG1&r|E*{K7L)jW}?z0Ww)psY0N<4xz0tgkRlDsRe|
zkJ<Epc$BlHQ%@+P){K_8KJ<H=ara3<I^xBuBZO%xghtp3%?{f|8wuf|2UDB*Hz_N)
z(%uc>PypG>Hh-#jx1e8L={p!oduVxaHWZ*=L4sY(!b&-aKI12+o7qgjq3jSo!6VDP
ziD5JU;JXWnPk*sin}e=%uloBc;FVatj468?8TzPsHLSdBfP~yK4{QBuov2~K(K$Ih
zu^)AuM_R6ov}N!~wxu7HS()?&S6@5in3e#{8mQ68u4MO){2f_&mAGpbzpnhPL#t(Q
zaS9z#NUykN_msbvy^{3N8}txhB!8iq#835q6F%N=w<0cKrfti%e}*c*dF!%n{@cF}
zlhFzV{NZ41<TfrYTD|zje&k)H?)(XT{RgFW$Tzr<4qSh0nZU$PB3ziCFTBHb^%BjQ
zJhlzVdhQbZ31svMAjzS(MOTG?{fzc<YYPeiRAMNWq9&bWbq2ixq1CT-+5fI!3~p4{
z=}vhq`f8T}E-9$A-#$;Pw2#uBE%?}f^=!ZbN%+|7N5d!GUtPqi_P?x*)9UsmoYe~<
z2QmNa2cuPsqyD$AQfqwAkJ_&8+_W0<9%DBk+}71yC)Y347x$CTtd{?k*w}0=M59qu
zk6hTg${aCm0E*--Tl=51a%?J6j<rlIEzgN6!|<mcLO7uyc`q+}@y}=B$gj)GKrphO
zjXO57V`D>_4ge_;f5P=rYQ{{gH5A`R3#_HQtv5O5M0vU@?Ej^{@{>MNYh(ZpWm+xM
zT=VH9%{<<)q-}DApWBFbQT@vwt7PLoHHs_0^DytrODse~JHA!pd<R*O%x@2RqJf9W
zWErMmWj|?=pI@Cnj1XLAvK<V8sH4Y@1vnHriB9yN(+Y~=dVZ>q_W$~Gkrmmc@DoG%
z`R(hzVogVIA*8P0^e{~WvM8k{%<w?`s}FSfIGFrIX^FWEAh6~*Ui>R0wDzMw4|Vme
z{7ic9Q1j~(JIq2`dc;zP{iHkonPyyjH{3T7?r9WGLVunRL(l`<>s3aII}bic#KO>*
z0x%z6tj_<7$^84%T;06NjG8hN`Nxh<(tgW-&lUzdkOJ`2YRt<$hv;b!9|OOiBzdHz
z6+VC^@$&v(cGKT~<vxXc05CJAJ^dflH^$Ks&rR6@qGbN|$TQk5_%Fdz8uh6pD;^oK
zM$joB#U392?PiL=fF)_HlBhqo<j=2I^H*Oguq@)j4by7+7HED!TMueq*7GY|tIzvi
z!JFw$upSiVL#L7T@XkfT#9S5TFR`#7vb!#C_<IF@buhNAZ3-qZyJJmx#bL@W+oXbW
z?liwZatZ;yv<qhUe+u`l4}rwnBc80%qg_ZYfAN{&EO1+fR`RQe@UOQjvPG_LStE*5
ztM^x5?bfHES&;mOHSM8h8NhjOpE>OQPfPLhlX>4k&O5lHivwyJO+bx)t$ay?9oOY1
z;e-5-D6Ywd>env<Par83Ss_~SPU|Od_Aj=A_Bm(<<2Jim<~n?C6Pj%mE0pa(7O}&O
z(cwI7ip1UVG&<$yR`~f9YaX&Goal%}ys_4I-R1QMuOJw%e`n+p?F8DZA<3_&{}JT~
zyYi;ls)?w)OY_4*{-e{a!VnZJBI9{CD{d9h^pf3*eD|l<udS<rgue0g{Qngd{evAr
zMWthryaklhcEADUJiK~9X>8lW{|ws&n^_x^u4rWB4XJ0!#kDQngdk8&4O?yPU=cHU
z<7s!w&!zkM6>Gu|bBSFumwI4x6VABMOm%-U&E{VEX>-f9V*g@3ZQSb~p-7g<OMtAT
zx5i9Tj9688t5rW};{+@3JF_ud?8(1adRZb3jXe`<?RwOTg$M>dN7L^hMsSu%X&3?e
zst?heaq7=yf1KvU7|0@7g1eESeY{10I$6^&Io74c5G=3Gd-vCEEf9))4&b^S+;e@f
zj6qYiGOqlZnfpSTkef4D9oY)0(mziotETtv<2p5*OdOS|>Kn258u{X+o<7jct(c<Q
zlotRs#46`r55bsYk?h8k@&9^h2H#vmW9wf>hMFPH4i-$j;6%4#Bl2Msj?g~L!}TBL
zUE=|XD|sWW#HcX4YEb`>PcePYAzAt264zmwmFd7*H_~&pN$!6MCRmf*)>z;IeJ<o;
z2kgGux%t{HSb<m(+JS53S?_S%>6+l{Os#uGRY+E^Jr$!8CGmtYv24X73h4$k37L6E
z&l2?4^N99uruA-$Z5RWC0r6n67kpv`LcUMOEn%(66lf1*ck0f=VOxbmYe?PWkcJ8o
zcNjQ-u@P$`INXtw)RL}s9V&2#>`Jaq(+4Pxr#xVmxXf|d(wZ~@$-E01Tq1w0Go9W~
zh1YI(ynGnEa%$a`EyyaJrMXM3|8SQAEMm{-g(^*joiK`PNmW-2Ij+MSs^3{qYmF&g
zuxrY`eF@!VQ_wAtV_GLL6<O^h>%&}8`Ocf(CYw(+`WU3(vPqfb;0%vKUHx&727}zo
zjC!K{B2P&eu49+>-~F==G>Vr0VBEgP5HE^LLgs>sk0igb)=rAFw>O?SczFG`N}gL=
z_!-w%vGztrbPoKQOX$Fz$cD;Zjb4q{9Sn8uW?8!;p|F8(8{0SYuLzB8oh-~>@i0Bt
zCgC{5?Y^jQX&O@<SQW@u1)a@(S5IEwHtyjs5$pE#A+8?=U1j?L$rOkr7?39u*}`8j
zFHte@C}Dm2$C!JKb2mKMk79J*p0w%}B1!(^nzx8&fwT{OQyEFKm|xf`Pr=Nl)RtDI
zsfi8N3_+e|P8;WS37#^doK}31ckWM*dlqKY&P{wH4kz*b_2yRM?w(~%lx!iSe8gfQ
zRYRz;!YGHXfZ9yksb;i5pqG6l#=+Y5rocLbEX%ldAp$So`dmCn^ey@<jhE)81+!!Z
zk#i>q^JX{QRA_9rK5dD-{>>8g?Khtun@y&#&XhddjDG5cRSY4ozw_2Ux2}ULzr#0L
z&fz@b$z4?UTYto46TN#J^+f6_wq<SHt0p}hADD2#_d&c$RCl~WumBcG9-px*ErB6?
z2^wim<j$tAuWrX%1SU2aHZWpcrcAXax}6g*4O(F<Yh84D5}-ldl-fzTRxoCJEkhfn
zRbU(S`|rP3?z1ZqQVcnE^hLU0<zT1&A@6Hqzo*@Pz=$>a$OvSV-Lr;@Nl3r`E|~-P
zp8Y_WS%;0oV0|#?3gxtWxHqq%bj5n;QbbCJ$M4Fl>kw<D4_A+hQ#Xp;q5~VOYzFx`
z?5$5*i>dXJcA>9Cbx3a<EYAR2%kgT#nu^N#J^fe!<fKvhqMo=!)fiq#*1n{W{euST
zA|goFl|%k!@oY+g#gm)n7z1f8EZ{R8-&z$Ky4yY#_u{-JCn}snWR{0j#kzYvmeos7
zOzkTJNv=uIj0wKnX)tDk<IHquE=&Smmh1Y;;b(Ubr|1>?K{VdE^jX>fDZmrA@P`gc
z*pbXC{WY;mR>l*3ZjwO@!0rj!bndrgftp9zqN-wg5_*MK1xcCw3|eST`uZ-M0SDTh
z#QGe$aFoXm{lii#(c^}TjKlre4YwVN?aH;d4waNL1t2%B?e_fo;h{ZL(Gt7xU{fXS
z#yQcWS8uI=q8u+W)au!O7w0GL2{!Ex4N^p`M`+c1-l1?ysJ9r@?tdRxccM~t7lDi%
zRCdY2pffN_CRx}1ioq52in<8TlXSD1{V?$8N_>EdM^dzFs`7PJ4yewbTO92#pC`CV
zxz3IqH;Y0!^)2-WUkQwUarfI_JYrl<?M6*W4WEvZrqZ_5!-Q8K`-%evHGt6V92|OD
zrjHE7pqr={izUgJfBWk>MR)n?`*+?C;vqRp?Z$q}Wh(*l&K~4bekbU+?Hl*Ndrgj<
zwo>9Q#zhHsdPeuKgJ`{-3#d3PMfe8mj7I>k{5t_-r;Gn+V75}2N!I_s7v=bJdeo(K
z6byb(VtE?1^49Z|k1sB9S`<XtS69JuWLVdrgvQM(YYZN|2Y^sXi~1=>D8$6T^EgKf
zo~Lk$;JV`KGD+(T`{5~EShIz7q303uu0JxfTj`v*>h3UuKJ03|0zNvtI;T?og^v1O
z!A%(2@g*WwD8e?AcI5AG=I{0FU2eK(bwcZbeT{MhfoUCBrZEgtIs<`iEV()3Co#fb
z2-BG^42HE5X$0G2O@+E}8o_3Z7AH|4Bdeo}+k^6)1Q1awPD&ot7@JFBX!|k%Vu4YW
ziUt0APU^y!xbopl?ied{U->nSm!!EjcN=@~>S^l1QnS{tlD`3$6DB)yKrF#=(qZF?
z)84S-5oVWZtQGDz4l!%<nplTrOJPgB+@!bo8eMeZ$mwRzPes;Uxs5Gm4@cjA^GoEr
z*L^;~iMli|a_{>LWzV>OnLfu^M0w5HFgGhpZ3K^r*(`0@U_$<?pX5iW*1PRmgvldL
zPPSM%L$<wr@q=P<x+c732@5S?xu&6`L`;rc1jA#C+if_qsQ9vIVJFN&4Vh&tfi0hU
zSC0h`?>HQp79j*`L@%sC=R#}-O3gKpW4F1ZhqfFf5~~2|h<wXfMc0vWL0|%V9A8)x
zbFgk2v}*!-aKZ{*gp}%WJx?iV+Kaa2IJVx<elPyv56+lYl6viaYoi_7xE)BgwknFV
z`l@&!t?e;{W^8MMEu{6mjyHSRL&BMu81bn67U@J2$6V`|P@&G6yK~=nh}}%4%Zjiq
zx+)FoiN&fb&p1wNJKoeKw=OJ@M2$hZ?uom^5nGrIQhTB{kIdRG@56lZqkMznsB?xR
z*)=oLlREEIz=%ZzHX+$~yO(sLj$^3lbvVie)S*n;vtB#tt-QVOmPvlXrl_?S(6C0%
z&?3<3)ER?%%=w0HP@U3d-2V0hW8vv9Qh;y8d3Vv?wrC;eaP8|+7D`?CX+;p;YdcRy
z-RrLrBH3kjWI7Q7Rs90ZqFs2idkuuU&w><=L)|4UmSwv40565k9rPN*bL||OxxTO4
z6YlTxb&f8x-Gu`^9Jcu8`ET9huIUtyXbF@;wm!ad-yGnuAqcZ`s@;VctXU0YdVBmb
z(eF^~(%iR|EL_>?w^AP&rY`M0Y}ZJF<_Y$8!;*sI;@l(~XIuy>N_2kvu)jQ~+xLTL
zT<(&@{^At}_v)ibm7qvDbj*`?7L!(Ly^hr3#zS03K*|ilT%GcTiuf_?r=^+(gGeiU
z<O0oKfaWm78Rq}LnAn<AvFYA#!CvBb!?AfX*>e4xuezKMvDL*euOgN5Vdjw>2<0@_
z2GoVN-#(p{EPsSgSmM&173#8$f2||^V~$g8Q_S<<xJ-(+nASlF<t7$Q&I{dgr<)Ie
z-(ZjfYKr&Nx>Y84XQ(s!Y-4tulrn;N7CV3au+g-AoTRWnMg9_~str3Wf}hkMv*LE>
zjhDR(#%FhIy6l^JQo58GD$MTw;sZPIl$JdaqGGRzaWYwNvF;3@gahtu#mjzGi__c(
zsBS}_jVSlXd2Ura?0jSF!Y{4_@<wouo+d&{U-V<T!LW_cRBLhXjBM0{4zB)bmD1@Z
z5Btfg3m-2n`cH&Pj(XWcO_T_=(e^_)P`u<d_sG#KDNpn0nU+8+ex@TTNy`Hs8UXUJ
zgt)pW$%<ziPJ9qF?aKqTII-kWoA04Afs1%W|MeJ}J+0Sq(F@D$lCh1BsJpURjfS0b
zAW>s@*YNB8!J@QAO`|Qw97D<lx-`Qn0%_ExcO0@U7asiCDS7w({dtPJg(u>@Hhzso
zJst&O?vO<7-Bco6y`hXu96_6@i4tN_HXO%_XM3(Xjp^4-0seJ4a$xKJqI^CT$8>Xl
z9j0UwYaM{1O44&*9t2%-{pf(Xnf*r_6!x#m7M9@Uw`pj|cBJ`J&f$n5JD`-^6*N;w
z&M#90l87wL)Nb`fpS|o&{R6iKsl#Nal^D-uQm@#a45<!K+2B|aDyCL`^uPR3X6Zep
zzjUronuk&>c5ikOgjJ1Q@3UN<mZorFaIxTw)9uTm_W3r{eeTh0@21-O98lvtH^(?d
z|ICRJUHJ9UzQ~vaxZ!vPVkn!8muK!~grcJK23-h>i`%>Je0**X*DK-brpz*`MB{w)
z_2akydX^_2Pm=bW7cKO>PW&jg&gFon$JWvVfXmF^Pu&LXnSB{5QAiXrN{gX_1=hz<
zKcWzDoWmG{@=8{g2KS_BVxo^1F{*-WiUZ++BX!9|1Wg$YQZJgyEbjLj*wkKVm^X{H
z>Hvu&a#yxQZwAGqD<r|BMx!ZJT~Kn`DM})*?p$GUr~OD5uE<=teVfo6E-48)2KpLW
zYcOFU)6N*@o|RzKy<46V^M#K}+Rj%yNKKbuH$2yOuP)jR%y9n4OIG24m#fBwzAe*l
zke1X!#*X{^t^*wb22Sn60E<;JztFc%a(N?j^K)Sq%KSU9hoQm-wrFX-BoeNyVOrnr
z)+7GemG*ZAV_EdoJzbw9oE;mY#}>iWFVoY`H8=7lvsAjy@RRe>Nux5(Ix_OWwPHr$
z&gGHTp`Jo5=a)rr9mwThXq2;`uL0+7@I89{LerX(VWIVj8S?tg^5U9yE+fw&6=Zyg
zW_Z>$zd{tg=G&<PAH^gw{JoWi+btnP;K4^pHFFcHy9u-Yp684PHH7lBgU)mY!eHSB
ze&XX^XB2c!)r$}A-*>OJre@LoQj>N&v~~LpGm>$ACOhA?ocg(RrPKwhVf^?tDIQ|n
zR6m8Rle+>zPq>xAsqL;3Gg~ENb=%ZB3ZA{az--&Coy#``B&P`}RHaal&I7q`Vc?Fc
z<jNhbzwib!H~r4`ZPqF6_p+|`?IYZ5L$%4*Ebg7W{~l=o3sWtQ5ytnWA<alfJ<-J{
z3zvvEPv60JlIzz;6UiMw2YuL?!aM5T=19ArPEbrtv1Uy8YG}ht3vImqU1&3ylEnLp
zv$*)OoSgUc2+Am|0~&yy+qWC}5WYF;Yew~+b`ghB=*pO?kjYJ=NA6~5=RGB>M6*!9
zk<F3vIjy$TyFx8!&ra!Cf(8!}^Uv>Y6hF0*9C+pD)I)>_{zyJXxA5AuXPPGaQ%2|0
z0j;3;v=hg#Cnt@koM-ggh4B;Aa0`8fZog}uT{ql6xYclhtuuu5dN6pG`Si$jjqxvF
zTnSy*aW+>SRm`LIX@@$F>~fOT8qcGn7b+lLnHj8?RBo83XAS_TC8E&FcYskfsVkH8
zRRW*43_fZwbXioxPP6j4ud05rTg<w>ZZb(`xoS*>xw5E!A|K8_T!>QBpFhS;1(Cj!
z+4XKXvfP_rFu1gx>tIIRxxu2h)u4-ok#TQ>!~G-Vs5Dv2WYdU4hxxXoF>rchb7}e7
zgv#{=LB#Chd79ly-UTySHprAE9SAAREg3Hx_pq?OpA~Ut<(5x$o0pD7%|W02w>AXv
zDIj%gXqusXCS?|@>=x2B#E+MJQxX62j^20Un1Z5kxBHpyQ|Cb>+=>M+?qT3Iu@Qn$
z{p{vT&pD1mE0*dI9Z^#00Lv*<*ISD>jwhuOoAr={0rcWveE>9Xr~w&WjlPy19J&TX
zz-$Wq4@h3*RgKo|+q3cro9V-;qY>Mf)&R@a-{nxe5Gb7AgE5d1huD{#50R>zG-xLm
zk8O=xP-T{kjqDQajw#4QJ2;WtzPLj-S24IjnG(hMy>}N6*ng4RROJsIImEqJg!KEC
z0l=)4D#5sqZ>{8IR?$96k}#XxJNXDp1xNjPFAv3M|CJ6xLC<I60&mo0lEX@3wU5m@
zU$Q@L)s=*#eaCiX4XAsPU#GL5gKVjgzVisJg20-M#0=^uu~D8kW{z;dA>q#45XR`*
zjH)^nv%}Q9x6RbtKo5~$b{TrTDM|}eY+p<klriNx5IknPonef;?v2r#<QK`fmxHxo
z(5h5gxORuX|HQ68S8#5!@-XF<+ylm{#!JpwB<CKNq>`Do2q&rehSxrv0>13R`QC&5
z?kPQJI=PkoZ>uU?a5;ewd}$$reNol;Cg%O-XyOP3aDHLH`jw>5ho81GbyLYE$bdKN
zLe3j@il|RW^JV-5*rF}CBTG`}0_m%Xg`DB}GM~>vgH_mxuSY#Ycq^CD?tl616Aa{2
z7Rc{Kf15FGi|vEgIc$^3DixG>0sz{Ar9m0HBh|!=T)STVOc0=M{{02tw%x}9Kvt`M
ztjX#|59w=>vo2v1Q_){;LVo%4MbA+B69l`mZa2=f&TmayDqT@6cx<KvZ_Mi&VJ_|{
zN$30y+~kPh<h$kB#hiRnCp|>>nEd*pgEXt8Xk5;?-YVT#%V_EwyYdeXWvJx+PnYBT
zj|MB#B=0ha+m!SHWZc<7a!b_IcX=2#evhSiyl!Rb(pb@AX8B#fPSe723KE73OSEip
zGrQ-%JYd<m=y<^=1KJwRhrXm-PpW29UHUk-@@DUt6L@Y&dq~wJv4(u74Q7A~I*oyP
z^g$fj;E2Sr{6sXtreHTAX5=}3@g6wvO*v-%JAHl-kU|4+tz~E*IEM7zpjv*Ltvdsq
zvL&+zbkHZQ<SL%;<3pP7YCxR)28cQqk-N{)(8u&CHk3Fyw^><jg+@LW*Kw%{jn91k
z)3HaFX?l1PCMZ|I*waoF1bNaD@!8DoRLCQ^7L!Tfiu3Cg{XUZ(W#-D;Yv{_4_7!|Q
zLdN5>pqrZ$j{L(e$L8msT#2Ob<E}DeVBTCG<5XunW<n<QSu~^c2zk!Sh^{LpgL>~a
z64JbK!t7rd;TqHK<=bS8(y>s~!ixtssJ*%PT<M)h{7}G@1WO+EabJg-=eQI`h83<h
z5pYlR;~rBd&FoircN(utws`NS6&fJ%F7$SN)yiRsUUmj~$H_?fOSkHWAjOY6nc;>1
znR6Kfg`bvUX9HDtSHI*@RPvhjge(#&{_2~*oaW4#tViOeiu6&f!Jk~W#W?G;4ENxQ
zyD<)=()j^TV;BdCaES`*K*9ik!Ri=BA5|h9r2efk9OqzY?gKJ9s%D<3sUNa&YLH+U
z$S4dnKfmN?)`M=$)b|m$5|iUp&X<5pir^B>2$QF5I&VmzBs7?1mcF0o78~`#hP3vw
zxdFt=YrgVw?|pPB^eKyqZnE9i_}UHCc(7a;my0py)@8R7GSGtw2wX}BOshKcNa<;e
z-vF2#o81%yHc*nB8+gSklF68q)s|z5yZvaRfsN~xhHSZ;bu|WDOfOX<D5-m!T%*HS
zioN%{n(H+7jCOw1eDLJKCYBIzYTe^cYO<;~&xG)As16Th{E(y^VcNNOcL&$`{piuV
z&^p;Y3t6=)lhB#w*79p`kW+K4icN<a6zOL%9JiV3&)5|CFDvDmHy*kwq&Kn2*q3~#
zWYyd@9a|nGd1_9VZIkeHft_A=nGxNwsOWj*TApPUXIofTncv9z4t4KH5ZJLpG=Aju
zBNDQ*-Z8t>?XMPhF1v1oSXV3BjkghMQ)?nOfWR>97*ej_eeCAc>+UR?K5n=#{+OUD
z)135V<wvK@1O2yg^REI67JIF}LqvUX@ywF}nS0-voTR_ql6=`?ZU_S95yqfKeg&;i
z+G<DuF;+q7cor&bwr-Sdd&ERC!RuN1Nc&)S$3mPWQeI2yDrd;m^QDYw5Wr0E+`U}v
zL{`F(t#-;4lr!hVRakwY{(vhJZwh~g1EM@S5aGjjzf0`yl-bL@ovx94`w*|<ja1Lf
zrr#uL3p|e=e>`%4-AUF3vZitJ0%(~V-zR7E^Fm9QS0H~nelKFw3gXAKdPtmvF=uDs
zJ^ZDfUfjs9!8&yjvjTeK0{Vt7I`q}y`WDD33(#y!%Pgv<+?!qb{+^IDb=?yrSO+Q&
zkVg~yk<;bs@_k)qOjc;yS{2qc0n|-G!PP~0zJKfLa&N#5w=;zKGsmRUiQ3(?@}yqC
z-8LiiyzlfCYsG?gdALzVarh~}0GJ_~-F}ecarDXC7oU8Ia}HqiK;Xp(uQ>W=gst$I
z!QzR|)~PNxmn(QMXY4$@ra?lRkr{Q_#;(!uYtYe#YH0qn@e$K6v`^T3tvIxRU@cP(
z%-{oNsSJ5FQeUU7bK=A$`oY23bG_4-sez-qX&Tw0xk>4a2G{F`39schHF8Ekv-;)Q
zGig$<VD|2XdFmo`d%VAZGl$zPOqb<A>dip~+r~JPK5gEHZ|O6`jc<I&FOUKg-^d$p
z74q}c_hwRjE)$X<5q^HJOzFLMTK+M>XCg8J2l{l;xqLqfP42=qLUZ0@X)dYOf3s8G
zFbtYdnlD?CZ0H)FVXLs~S@IozxNP78&2~F+*=&*pnL&fDZ%0OZ$I9>}=TJjK((Xbb
zkozWleS;$}guRkLJw0XJ{<&7&?LK+lv(qBUwYb^iI7uROR<vK(i&82BEf~t<Gg9Q!
zdS=z7(>V>bC)(MRSiVy!4ha=}h(YjNp3hn3GHE4j*-V;x7cee$;KE4BtjxZ~+RyOD
zA}y=GZTN~1QeOvkgXGtjgT4$gN5zNlJ+uJzzHrVwq~6CQ`sXyQ-WOr?(5!UkqM^%>
zTD9j1`KGo^T-t$=dlP+2I~}MYAz_r{7V%J0ONz~-J3WT<4%CDGijtbM2ON|xp);BN
zGo}QDb>E)I(67pLJpDbzp=pG*jN_aK<cyy(;mH!h>11tYrY^jQ9Ffa&>FRD_eQO_m
zAwiiaye9oKiT<~gHWlZpX;*VC)SP9VsEdcy@dwmBu_%&Er&Z!&FNCi_6$v^$$^KT&
ziO&xVXg`=HT%%0t`%kv0qW>%a-z2}+1C3s0KX#LKPD-~E#Y__IXL82K{Bah*((6se
zt}BU3LC@FwfnMMTf-nuUuG?yF3u_e3>)Y}VukW~aeu$Kkf0KIJR^y2{)mmMw2}^Uy
z@!g1i1wFH+(Id`GzTU9kzVU4vw5b{1kEmVzDG=+uU~8&BGnlAydg@Mtz>82StI_n(
z;wZ~bNdB#3M*j{3WMh|*M0WeeAW~~u*{5T-JhmPO=@9C^N20WFp&F4C3K7n;kpULZ
z4*f(N0S9H@39H@q;jnN2O0MfFXkCh+H&`Kt#t^#;bBvq+GNf<wW)ETjDHE|LGCO`~
z0hlp3p8qZCV@c881Ua7?{MYs*W%TK*E6@abNvL#gr#O(bqxqn^|GC~j`mEQkb&eQo
zC9Sqx>}9XVrk1Z=dJr>JzC9;6Cg$X!EvuP!HADwWr_Du<+~7o&YklB|KrFhuKgUj%
zE{cVAnhu$fukP=UlZwWt>mQEsq#k|W&uw%C5XTKW_J~h%T7bIyp$tgIJ*i(#motqj
z&>pO8yWn$$OUyd?7|7w?JtnyB?QsVbuD-s3{P@*kfb1U-#w+h<odgt%rO@@rPaO@`
z+uqREcwu37T-b-Rv#owPGBp)6P4dox6$le|Fiq{YUeD}$Z$}Um@f~U!1;C%|{eE|i
zKN&{q!oyKf^H(87ImHpM0f9@_&f&J9?`=^MDC`t&{ANz#(o&5u*0jzN1Ta#dKkqo+
zC0XY0|NPsA*9akVn~R3(Sf5<k%<to5_kxD1c&Wl?m^rX>#1cM3p8b(^XPx$o{{DkC
zd@YC(^~4H2e7NxsS@B%-(^XlqYY4G@l$puoI{c7?Ye&{y3x9t<?YUWtR(}XFBXS*N
zAtAD=_Qs7w`#k>{?Xg~Qh-dGlMEky{tJKgn#0I7KGkYL%TBR4`e`z9HT|VTgSRW$K
z0;RV%sZv3w5v4Sco_b1nc8-?kNBU)qf1b;q=Vskk-i8|ya%ek(cDlHT#il#(lVDl?
zUmpcQ_2TqdOx$Y%@K?J``)T4=|HYC307JtH9^hWA@^!I}kW4L@&bd!ORJhW%9Q_v-
z<;U9r0Gvi0YMCgj6=r35K{s$oO(l&5mPJ;={6AX>CjNagk4l&+yle0c7J+ZD4ciAE
zLk36b_~muZ_>Y9dYHEVp@@HD&DY$7@d+qyu;Nkic5d#@~@#l52w*P-T`08I*QAc={
z-)PL`p;dl~AJM=#zF2GM2YHS6E%$Hyth)a4RoohpGdcq&MEQt66nA>>tUdsZJ`G;S
z{rrDCKs22Rn^GJ2nzHr7opt4bQ;3Y&|1%IJ8e0+^cn~9BhN-0Oxu0#>U<`7ft{&fi
zuEUybNM2(ReiEA?Q^36IRXNSFv#QasuBe|$wV&ysbzlAe3EF&|BAX{Ad8L)tOd(i%
z@o~Qmd$abn<Lj>y+6UXLWLSflB+MFA3a^Zd&(C|>F@&VA+5k~I`>&}R8olhJ=L<j%
z?S#_KRc_}U4;;WEKNeRsSd${@cw|$S>&ZT-YSl4do3*?q^RK_;%9kXUf=#<`IQ@|K
z1f(urGRT;=_zH-n<YC@!0Ui=diuMuY_Ab{jtf0&)2J2CLZI+YwtTWrI*8Wey?}VZT
z<B#c7Z{t2VrqISQ?7e6^??Ie3O@4c>S>6T7C*23BI(qLTJ60b^0a1)pl;o>)hs{!1
z6oBaX!TfSbXKF#EQ>(-4)Kz7?b;gX2;REa34Bxy_r-gU?=<2U&q$(F!-^9Ic-(L-w
zXg}v6+E4dBg~Z9HRG9h$U=Lm9xy%5Ex$>ZQlxny}dcI6aS7AH4=ieNYstrbYe8@cn
zz$1cZv#6tilkV)UO)PoHS<Sh1wNU;VsY1Lq9Z@_-m|uMQVO4gLV}p@9ozh_|=3hD@
z;ks84VAVk1hqnl)Z|!PwLi+DDn^fsPA^JxGuW3$}`cD(aErk5IXTB^m>-PKVQh2{y
zdq_l}b_8%z9=j9yw9oRVAnb%k5v1`HGs%@+#Sb*;M_CElgYnt<{p*8OA6<JeuuIK~
z9U${s@CSgp)h?IRERmPwt$^&Ui|S8)9>mAKvNsKW`_?Bf^^1W5!Yy9*CV5LH1t?P<
z44uyEzw;L${?8ag!9=<BVA=Ce#5?eVxd%6XSlIAtD(kmj-vM|fS)FWfWo2*U$ERs}
z`f8n@oc!}3=JwK+*9cuJyKxsy;1C*K{uVgAz}+nDHS1T>d~JzL8T|Ig%j+}kCATzG
zT0^U8HPoNKgW+(11-yvg*SyMbFYJZyOfFG;E?9n<UXzbbs~d9zvN7pvVxRp9?_=+$
z+enL^m+VW~M1$Y9@bh_VU<-gA?AZ9`?GI0fX5nNv?x@U_daur;xhO(s61s=5YRUM0
zkk9WIUyT9}Ojz@^_!eX*8hI;~{kBsrv+E2C9kJSdnP2K3M=IdBw-SL(mk8%`@Vu<n
z)yXOLV(a!*zem;(NedY64SJylKk&`HQJR3(<(-w&+qmh7M?Nc1LcHvGiVc5f|Hu86
z%)KEjpYLtzS2#BAvTLPgkX9%<z4~)m<B=_B%$bl7OkPqH+_y-3eF|HR7d8fX*<Wd{
z&IPqulOpY)e@bj7pQZg+OXSe6r(2!6cdiz?H_O8f$8;ET!@^W@<%Y?veaHv((m`Gs
zLr`~quo1EVcY^s5@x-5wkJ<!-h>hx<)=DV8G<Z#FJp7<8Xd|oDD^%U!+>v#F_Q|~8
zA!q!Z2>;>Nu~XwMDS<7?+49x82t9dBCts-)5~x9o9W>ucEr0dph1%%8@aK-zeSu*%
z`G<3x%-}cf7FTDvkgFM2EfVCG%LxiQ29}+wQsRj%%fn-}@MeSkSM6}Kq86Gzra3R-
zv{9uMKI1)Y*R0bqjGc;E<ss8@kJ+fXfcB7xZCCp>|J!`DeRO5@)eBi@hvl=XWh!a<
zV%P6d*_#^%XG%Wv9=MTpI^8}bScr~@{qsnpc*=UU!ZPy`tH39qAb?y3;7_o&t_l`%
zA7piuJ@evDxS-r%jEZcBU?+&na08_=(Sr~|1b$F2+B8g<y;fCI^Mh{8Ke>?^^K3&Q
ztD5wkGMURY1J6f^T9cpb!$Ma~3`0|I7l&Zc-P)5=4H3jbi*d#f+Z$V;xk4d)RTy^7
z2*e)RR?ZU}X|0QMWfC8otH+Wu^Vo{-Zw)u=j1J&eYkG<pKdB%Tvq>{+MF9SaGo2mn
zcmP)|bw|G8o)x3q;P}QMr19PbhTrULO@`zHqy^L{-OdIU%>!y39*c1XLAdW9wn3GE
zh0pIc_-Re-XCXHb@3~S#-tw)&KNNaZUs0>}Ygud*S>AASuPc8H+7dnNad8v+x&A$}
z)O<y==!Rl_mhMhXjuy;el4sWuDIu=CH;b<FfIN?Y#pHVX=>7B<YlRn<*2NxvUJWAR
z#_1=!us&Fi%X=n^4y`2J$0DBU#15Lopa|{hQJMXU!sH0-S<onp+`i||Lr{vm(3Ytu
zDCHU%I(b&?keBQ*s2M8GJ|XFY&V`;9{4sx5?4KKd2SeX(H5F#whF8+ZPhJqFBR>6I
zjWVMKe9zPGF&nCpBhv3D`<brWCU~2~3g~5M|D|JFsLm`sXQ<O<g~45<p*uYw(jY!n
zn=`uLIOQ1$;IJ^LaRi;R>(RA@M!g2<#dKO}rHl%cU_Pi?UIlr`L;ptdu>5XjFcJoL
z=1G2t?5&JfzXb8<VPEz^!s`d1_;ZsGq1}K3a**$3dz(nU6<)>fY#gp7qd4M5ng(cm
z>hNvcxN-8YeV7_ZNbekW6|5S@Xy++(7RWSln5&M1)+f>xUq`xzR`~eH^90JA52U_m
zGK6szq&s~hnmr~u)sebA*vznyqt|B(9R_z7vy`~zL*ZA#S^9mcI}~*$p;+26(=YPK
zBz5+-&uzaKiOS&$52Wgr-@4?a&y7h!;Rk=M$G?iW0JJlC+2bAErb^%r4?^+;S9nP}
z7*csEFlVD*{kmf^=_8AsnMX>IZ!YxG+Ts_DK0V##w7e$n$m53(2B{J)?cB4MM_M{;
zNdDq&l^{q$gu;S=(|$XF(%<NawV6BMkEOG;Uar4gm*mYG?t&`9R^FBAX5KADeuyQ`
zEJn_RynfpKEduPjcc1XVlKc!MX(oanvGDw1371a|Ej2Uo&yw&BjBj%<BXj>s=K6f|
z9e;?Rk~q$dbrt3y@E`?8Z8XY-1cJ*V6?EtVA<LHUT~JP^qv-*nF!SF(vJm|wZH0F~
zp5jWP%a4{q?^f(3l+87N!j6(K#CxJ<PlSN0#un5tOf?C90|lj{p)<uw%wlr&H$dre
z>DB-)>KGgEId$s-ndL2Pyf^88Xb~1!ytDuEPVQQo#_<)~DNn2XN~nPeA<#oM*#vh~
zHEfx9oD^<Bm3x~;0Pz)t8-p#^Rf83Uj*je=fjP5N^nX@S_IU37C}IOCtf+>Y^zW-`
z))S%GdQ|)8Tr2TNa-QO|;}f%p-Ko##EL(7sQ26iA!=YzGK=nj&KC66jjqB`~MU)!S
zG8fWLSu`EV?k&UK`T9rUSdrCo#OOkn(HTXka-8?U;2U0qcqiQ2jNEVsF?%PAZgo`!
z{j;5jzfAV?`?kr@BRQga?~RpD4@sDIMt@07S-l7jzjolaVlmO%GubJ!rioyT#4Y{S
zY*m}0JV6pIYF6Ec)M^6rI}<kzIu?(yWLfyvLgD@~qrN6a=+xqrwb%DxP5o@CQ<%4X
z3eDdN!lmp$-6N52Xln;da#dFSQuH!3)U2Q(M#g}VrL-q=aRrg_Xeyq)ke`%ji`UN+
z)XdEF)?(@zndivu29j~qBGb#>!el?Bjv6_Wi_B#wV2X40dor}w6WVGB(znX*xIpf4
z^zK51-IriFv<hrJ1rXt3qq{>kN&EN+pK`q=N85)5?~*FTRtGua@c^iRNxpE>5+okY
zDJw~EG4GKpG~21h{Bb(@jo(fj*Nn$1^@;ne8LmIGs$2NBVOo0*UA#yJB*1Xo0LPw}
zbocp4tFrK*6x*Ps9SIP_#zarxVmrAc%`xt{fubc4`DIg<XD9C<&zvh=DP2sMXfwom
zgoH#a-udV+qX5-3<D@7jYz0E}3{-IV6Hv<zFix`?LHzE?phj*0X6t#RC+DRea=&WC
zdrj`G;NtZ;(4;idmcrwrK3VHY@(jTDYH=60q#j*yHtlfW=W4MQ7VlH7OPJ6vuHh`k
zhdht)2qE_Ft{yb-5EQPxXCSsbt@y+@c<6PB(HmWlZ*Q8GbKmrPnWAgzC0hfy+U#DA
zYh=DKGl=9-r1q{TM5gUyoRMk{vb%ItcNzE0ZK;>XuW>Tc&3a$)@`L%9Du?Et<9DCg
zo-Mq-PdrZ9A*Dd)c!zDV0M?Z3>S8r^NUO{!aKH17#?72|WyP2E-AUhW4T}2MpJe_=
zpd#zHmEnMO9pi0__r}LnKcf)O#H1g*FUU55<nvV!9<yc2r=ckfNXtB9*d+^#jmT~!
z7LS$cgpc=jQQ~p^FMVxJDAf$JWDPHF+%`~yfR}O3@iLba<rjOL2pO(#^&H<0Ab{l~
z`kvNOP`$c42`G<sx1iY2EEIz~WMe4(t%j7L#y4z>s^Y}o3%}go#`fO0`|DPIQt1to
z(asrN1Z_bTFlktgH$gv2`>ez<EMpET*;Wq*%elkk#biCaOckT3S^X*EK9dKH9FZ-u
zG3?20-%ejn8MZp1IcspwNLYMf=nX2gWN}P)ue94+Jz<inOAXuyH#ox!7<FJ2{E^sn
zlP#T&Ey;~ed+f-2R{&Fe+N~<#=!!6^%Qp$k-cpW3tfDQ`=Z;@|VwHg#;kx(5WAPhf
zH|C@B>~M2Mr$wjdBBAw(esxh<x_A(9u~zp#%TKFGmJ~7O%=oYsncGc&{dlRJ>*x|F
zX^Gt=Gf83OeL!#I`}q?fGk39*bDVOXYOII2v%7d=mkJc?11LV60dsT#n-(MH$0sjs
zlMWTzG;VeV_q`K6>7QhFub2(vvvSw7FdcsdJLPvlX6edkdlA;WN>jwGC4Q%ziE!-F
zGK-7?waLVOE{38i-MTb%EAZUOyN^nw(Q;4R{d-#tM%prY((qJn9HtagPHpy+yy5D+
zlG9D?to0{)XJdlSn#y7ViLWRb@zrfyGA^5jL@gR$ViGP)U36-8z|_9TZlG2WYz(&W
zvw!=-wBG&bPe$yW^$E`2`SU3SXm_n*r{_bFRT8y%o{h^zN--Lf=!BKGj(Ab<&57Su
zH{IpW@*OD2RiB*u7-Ij@mtHnA(R>rQTQm1s7V)>IzRv(AhUY1fMMcP<v}<}{zuNy{
z?7E|x%%1j27X(yPL_ttgf(R-oNJmhyARtO_D!oeyy%-hj2uhV+Ei~y6nvE7Z2$2#{
zAw~=d9i)Hr26k6>_jk_cA0G6OH}}1FX6}?{p1D?M8)r6`{6H*^)F_21eJiy=J$5vU
z*QIW^xOtss2iZ=xL&7tf=YEOxc5}i2aGnfzWtGVTIhC~dwGS+#1t08y#n@i6yZ19I
zaP7S~VaCq1Yob;W=f?Fq{z!`FVRHaCil3-mNVV;JC8^h6wPInSQ+@Mcy#@Z3n>7*P
zl^iU@=P?Z(iyAQnt~Gm7Y}f85IoKcPR>Vl&AZ5+RI@E5tfrRlE48MFHZ<+meUzaw0
zr;ME2MDnaMf}s7}$UijOJ8X6J%?-eOZ(Jm;Oy>k33_*o4fB=4bvc-&`siUN?Xf^NE
zVX=nJrC?`OefE%fzxF&0_|{l_pP&j{&%t~X2BbOlT@eJ?1pEkcA-&$i5Vqob*>2e5
z?Y(<fChp%X%v&r|ep#x5?k+w{-`&4h+-s=C7}i_Rr<;xad9*v%vhBqmrecP>2cqKZ
zI{`DlG;4z@bkDZYz$Z?8mW`iyl9ywmq_67S`UjOW{rN;>gU-25O7T;_9a4u==(jxb
z9XEcvW7vnHQr+As1t`kiVrix9%Au(boRT`3;%F(0m6Z{~`dIDBmD=%^f<p%`Y9$qD
z8kh@jJvW};ptC7-<2l9id$%MV3{O6&crr#ZEzCYVZSk!6y~fL1gi|fk{ZyB#5=Pyq
zv8Appjd5koeG4-3{(xF;nDuF%G;;NK?Vnv(Vv_NoBN{Cp{5|23skDayXH}@EdM?`P
z78|$k6A`uG8VinDubcQIUh<~ueM;SOYOl>u9^%F(F(%?RNh8y3SEOlf)LzDN$CA)Y
z!JNE3##LM>JCDYE%a#dk<7ChEy_=!Is0U$_8gOy&Tb$|5_ZuawiwSy-srjR88+ONS
zn~h^X2X9%7f32=uB1pi<#4zwBK8Uryac_Ei<O=f!&oe+LF5L5V5}JoXK7PDB>sUDl
zEhW9wd^AQkaRmLaQd!ROXgT=Kp~(chj81kbw@HU#$yVo(LiCH3qdqgek_YkI(t!K1
zC7`f;vAscS5?b3DMhzW@L+$)fY~{h-e&t?XC)?#?m89F#m*xqFdWePYLWGpsrWtRh
z2|oFGZCQmpe~!3A8%rpQW$)c_B@i5?Me;l_6k5rCKFJmqBjw~+rI)l|8<H*hp^#Df
zQrk9`S<W}_HljHFUdQlS-87AhIJl(0D?rSy+|_U3TfymeQp9<5mpX=yDC<<N*Au<1
zQpRtwdsf_bq|DtUfY*5GI?r{ywpJD{X-1)q)P^6@<=QU$lnX`nVNd4gKW5y1VYX8y
zPICoSnuFi!VqKj{{ahOr(dHDht(_{|r!*I;V4SL-V&)Kf{!&2bbCakqcBisP{<@Dj
zDkB;gaE@NzR#PTx0)Vl{oMZ{hZ`m&i<1IACWX|P~8t(C+Vwl@yx|O;gCdFP`PD@Yo
z>VCc26OXyO-ji@$Q0IgK<0-7akY@99gPq^R^j-_->iyvO)bHzxeF)@`x)(JR9k30K
zt#90!Q?g7d(y0WeFkp6W&+fX?W3z7&E;+;<qC|ZlU@Z#6I4;*b)reNYI_n5fwxWFa
zQp(D~R`f)~_f(Hvy`vp*E}SF$m3GEF_G6b$4Rw&E=1Ny)w^s7W_0Eqo$k~@}sqkg!
z*LJe+(-f;a!t7e^Z6E5!DWo}rwM=@(;WKYz^C>aOy11>U9d9SI{Bw}9ozU|rbg~o;
zBT}l>rK#J7UB5Mk0%3Z+ez+5x1>yS0C+C^T^vRw*uE4)k)H^a-WqJU>Htp4Fr_==c
z6#rmTNtE;cPO%*MeD2%MPYbEDH*|e5*{;G&eQm-mVmYdEzCcNYPUUg(EOt0m{@(2(
zB|aNF<TmW0Z&+qMVaR6jjEAc`x(_q4k?WiPIOUvGxF4mzw8F^S<h-n+$J^qGD!gJ{
zt^yoo=?VFv?>n?9eq&Tslc$9NmP4okKPm%G+S(HtI`UU4XT8{Gw{?7vI@AVAc3(4A
zRUQ0!?V@E#3s-q?8+p#<8WWCr>-UKs^57d6TE5X5Il~m~gn-h}Y{eWU{r8zbOjlPk
z^+=pVDYk(2vE@5YQ_8GzTE`0UHJ`eg0bg-URLbYuf%p1}X1fR64ZG$6n^yPXo<3no
zW*y+|mMm)ws6_jC@-!%FSXY)taYF^2MUL6WxSm40LkPv%TgUqY$D^sZ3D&R*9Otn`
zH~da(g)lSsJIN-s8R+VFOE4Dx2tmUN?UZeLx^+zN`IX=!moJeftwmVB-YGJ#1n&2d
zh_}3WAf3Ke^U1%_k^fv`rYT3OSZSfhA1g4w^@6xlzue?N4S6}k)ATOmyCwQoKGc9u
zgN2K2zPDF=R#5gp+VYO;F`BahgVjE11;Ym3OF<XfC*O`7I(t0aZPZ+uFqyARP!bIj
zQVe)Z*)v}}Acc#gH$}ToR>b#}WXt(_=y;4isM6o9QE|MZxOsipbXB!_G5e&b2Sh7f
zpWL5kjV>8#kn^t76USTngu@R+L^c_EoS9WfDX8Opy3n^i%(Zol>DO%GW}_QQ(pc`}
zeWdj!s-$UOX=i%kEn@(J_MPI03UKqH{7)O(@QIWVprG1WwN!K(!t`fm(JL`m=!$er
zctm@8q^i1#dt~$tg~><VN47^FF$;=Yfhnb%`QCd1Lz3meZ<*8Xfdh}<-eNj0A;FZV
z&d46tB9jrvCsC{xojERFxPeblccs|oQhKIgadS{7u-n;ZN3_4)etU=i4`<H{NxNJR
z!;#gzli!8OoAmm4{RgPd_}6Jse0JApSx$~0|3l*vOx~q&gj@E}g$D~MYP#RIis-m)
z>%~KetHs2QW6g5S{Cpv43m8fzkHp0{6kVK+5Pt&6i^F?{ea^D`$Bo|G*p-6F`5xzF
zw~?=9yXyH^$_%$Nvxdbj6$a)7wJ%@Fy;eQqS%+PW;n%584DIlZIgZIIvZc-sY^o$S
ztL1aqHVDodnGMX3X0W|y4-=B}iR2s9uYFWGz04hF>z6}y1^bYD_%|hD8QPfGK<4E=
zQL!HGJ>7jKEs<ObnpA6SdDlIqZgR@oRpmLuiWoqBRTB%E0qlBHVAYZtk?hquS|t{B
z!vSELF7MV0)iuY-5?^J=EO3AE8OYE*R66$V!N|g$T{{F|w0&Hh2R5%u?7mYOMQ7*4
zyt_-&al&bG@=Ycja2{$R?FQ#Nj>HdmSp@_5;G;ISt}Zks6|iD~`!zYHqi&U2dVl>=
zRvcdGH<}-m-}JLDMfGv>mzPeC<>RNJMKIH`x%M%?P|r03M2S9z_(#pjNghq81vRYe
z)U_(STM*7PE*Ld<|8nApLhMrwg>JV<Ka90UPujWgyo_C*pV#RZjWEwzHgaoWuCM&z
z#*E`Gl0CKKqwIkeiMXS7N!CAktXa_kLK``xG&$VVmKzpTuF_cq?Cz(9Lx0(%QyPgc
z7;un$3N1?iQm@dl@#@=J{+g{ah_o}0g0vr@x2Vyande=-Sp;x&CQ^MUU9yNm`*iId
zO=@p(4m->A-WrYVhdQ2H6w6J<MMXOs1lwNst=<~BptCev<xvOpd{zThD{mJjZknFA
zHBQPx!^DVP&e&IC)?lKiGPEkZ(e-t8Av+zvf6M5Vm#}F!mxy;sQ|3b5@os#3JK4Mc
z3zpxb&l!AOi3m-Vd0?+Bm8O)JX?tbT5uv|Hqo<&LM+W-S>#OM^vy7#|=ed#OUIcWG
z+_JK|b!Frxh!*tN!;l=8`!f}`cD@ebi`CqwKO>|ipo#R!12Noudv&a|Q_Og@sk_d&
z!Jl@imV8ujE6S<6NTqVlUpxMJ=*;BkL>sBwG~%vDqTI562N4}O@g&zPrq9=@IbLq+
zB-W%~N5&-fSRb8e*kpM@=C88|F?+Y6)G&GOomm~_rK6;hJv;U%xKh1bz9)sJ9e((Q
zmpXZySBT_2xVq)?<6vSsl)I;euWUn%k-!gR-(TqZzP@<|&;LNF)TV>$!fg4iRDfO;
z_1aQic>u&xx(<sjJ0XMqVIC=ZO!O&p)HYl*<Q_#KT)b`V@zH0N8V<CnKWlnA9ghAa
zcaq%^GWz`U7(<k7)?+EB{)2d9e5Y=(L<a;I07uVsc4KSUjzcU-(u;VH5~=|->_{|~
zWTaWl#uLQHzTCO+SlkBtNu5u|=z!FKZ@#r|u}t*=O@(^52g?XuWXmAHxUQDv&y4mg
zL1U;y)^n%Llx+);5{nQ@@O`(-?6A8RBTnX9q5t@a=W~;!7@g6U9xqZY%xKts;n~qp
z=%7@M_x$Q?Se&nJTDWthIWFHoyCqioQq4oJreXuK{A8m95nzxJkYK|X$438TyS>1C
z<tl3!emPXkLoT+g7-J`9Cm44~`u#QLk%{?$^o9|weHPQtrd?VRa~ZKH^~7?!S(DQA
z*)gL9Nhbr-`GIKk%9s-&b7z%IX7Od|%w&5)(IqTFUL3z1nc(rvjqF=wtgzBCIutlA
z&5tVo`N2UerRVC*?1@>0mV53Mlz8f}^UK)oyintli6aqLcl~;gY^*~Bz$MYl`A$7B
zsz-2=nvS*Xc3obI^pnhuW<#9#i{7hF{KJ^o=uoj8sOM1uFSD7$OwJr!?UNKRT9>oa
zv4qG}7LZDQd@3=MB<VRe*bez^pJzR+p42{0waBjXO`mX`7X<p0n~x7}=*8;M4=yh)
zG~D0X;2Kf_ydj584|I%2q3s7<h`8vkSk>NEt@l-sk?vVy?NRPF_P4ctWy6O(vrW`s
zFVMY*&QMw+fXZV2X3M+HYwE~RSr&W~Ysd3GNL~~fsZ{MSP)UgL7lW4y_n!W7kEu*O
zDs$(D1Dajfqb2e%#tN;|-q8WGL<XMnSFZH?3!kX^qb=K5R@ks8(>TY>iyYN2!)O+%
zo9J7&`%ctk>=nhF9>ztuIxP*#ot{)bs6uGg8w&C6;Rwkvc1oi1%3Gls*B2&8W>Y82
z@O-zpg$2Z*`?v6;0H>Wrm;vDnBdIm`89&F{K)!MR>v${txZpC~m*sVO+vzN<c&|EK
z^?grBaY^cLTiRn2aJnnt5;*#i@jrxBb&d^;HTNBmr~2&1FMEkzr?Vh@n_)J6qPSRd
z#hv+Gf|z>vrW7j@irTH}_@qZwmy3_HqSsi^mGND%iBGms>+<EYmMQ6k`c(adZ=Y7~
z`5O~&4+iHpeDj}pwCMEJXkgyV_Hw8YwMv~sIAMC>rc$@+`whSNh*0)d5zxFFV|HtM
z<+x(RyY2f$R1p{POhx=5A;-iK+a$Hbk?GvEs4kTj)n(Ual!H~sP$~toi1ff8O43~n
z1tw43(OF*zsb{(99bKU1BqlM(FL+~n_t@+Jz8?A)9d8ckxL-U$Ppo;g^L&;6?0F(C
zJZ_I`xvgG>D~Y3*c;V{$FctZ4SClW#*5CP&ZBby`i7WVnN@ANQ5N$<_*wtF3Ns8{{
zCC-DsqAj<iYcy*$yKqR0*<^L#I(Ieu*&}l;<VZFq4qv^Qk^1@5wufuObrUm*K)Nl^
zb|jS0akPVdk)eaHTpiqv`@qZ6Q6Yn0>??I8mXh*RDqJsksDa79<5U(cVHMTYpufAs
zX}5$k*ILx}*muhECHmv0uIr5-If;}x(>Xa#Vcpa5$H;|SUn4==IuExemoze+s>a3^
zqdbTyr@D;|$O?XrRDmpYc@ry(<>%*#;q{Z0^5yHyIR2#pEicDDpGvfh#1Mu|{CR8e
zoJIi2HF~P+9WOZ!i~dr^FBaN%35?h!Y^uCFdl}mM+DEs!9}5YT^2xz=SHm;28O^y)
zvoTdCV0M9a*K+PfT!h#@QFR4%jx5i+`7bx37En>Y*3@9&Bg@Y_CDJ-IKOZgVvD!st
z?nMH-Yt!D9u~C@3IhFpSX5ymIHn<IU|4Bqd{=TQ&TN+kFLKf9G<e;7E(Tv?v?b8~u
z$LnvW-ob$ff1$Wdp3Md2Zb-SNdrL14p}FA_V&b@kt_bpk&Zt7sCnA?$Bt95PeVbfV
z^HJ$SZBLV3y8snN+8-8;v5TT!I$z%<YB=;fAwZIFMI)luY1E-?v2%%lad}<)De;8L
zF!08I-(J)sUo2tcQ72(pZi90agl0Ho3ez)cNSSPgL);usW9(dnya`1?-!Nic0~(|i
zrN2d)si7*>p;cXSr89n1Mf%$n`M&U=uhfx&A_v3X37y&(?lmP{+1224@pTtDl+E=`
z=fz;@iQpF*U0Rw@LI|EqGRy``o{N5Soes1)Hlk=!yik&U!RNiNrBI1S{^T4Zt_NKf
zEYe@%%q47ESx%^xuPN{^g2_|%?|ybwPOI<hc{UFmsEyNUZ1R!2Rf2j}#HQFd>6xY?
z(c~`avhf{Oh!b^i1I8tX+#KoJf}7v-A--Z^h)beo9M>6eE>H!BlXg%KGdPz2&N7W-
z3(C~l|9olXB_E%C?jwDouH3#tirI@7UPTKOpCCMIuW{qalHX>1MRqDMI`3y$cxA>n
zj<6L%mFYH7{oP2w|773&hUn*U0*``oEQ$$sm0?H6hK2L4P4id!p}&oET_Da-xqBv7
zj%0-?uGp3?zV>}|`Dkr_5t{3z-(l2>t4jKm_ZX3PLB=WmXjaJ1F2x?Nm_c;3aK_p9
zJ?=ah7mgjj<;f9dG>^Mv!|l&`NP7LTlAThPE?0-Y^<3CYon-LPr+Tes6UfovariAo
z(=MC4p*QgCQl~r5my;iV@Us2cnc007x;4X3z3<s~KH?MpdV@RmNY{;d&<Xa^<Ls4&
z1=hQJ<a2{+k#^FNPq~6a6W4Oh<Q_}wd9V+njlO}PJSbWeRqN2VD$Gw%rJOUU)i!})
zi#ggZM;~7@ylz*Qy=!^!xSdoNT>XW$g=V$tz59v+bjOx!VIo9|vK2YtVf{~q)xbV8
zD<t8Fv8t|oxz?NWB`%$#l{)V*V5x^^9J%WPdSbU+53stLD3%eY<dw5NZ-o$`gbNp?
z*vAhZ(<ED1-SU^uIV_sE^SG011y!O#Q%=@9_~5+dscdvJ9i?j_bwB#TgQ1C;s@^!u
zgT$Q5g|p(44o}sYYaj2|bT9DyeH^e0>+#*xRD3PbXww~!=3MK$nU6NGnnh(EM6@{>
z(PoIULR+`t;$%FIqzLmT2Ik>~ZV_ooflXV-uwPCWJdtC4;IZVzYj9aN4w-gV$YVH@
z6%CG7egf&$d6gd*Q{wZDbygrybAg5qVowkwBlnw%&z2*Y8&ygr0e@@@Qqpf3{*>}K
z#4tx*BUplPo?F87cI(;N%gglzmrZO87)|lHamJG5Th-!@^R@2%E459!31(%L*#>D(
zwn&LSiL+6e-=_bwT0B|~YHFt{b%iwhuhRA9UQ!5SYf(5A{8GOfA6{7$6<<6i%QIP{
zTIomEWaM$muos7Y_jWuOy>n@EeU6<}-G^wlA=!>_^x;d>f(OnIKiOyA#6RplX?Ms;
zBu-3$(9DHm7OeYiyjI9VI`zATQFIm+9D&Ewy37zSC}NZK#HtZ=_i{*YY;@}-9y3ER
z&!2g{f#wPCKs;gVk6T|fdgA%NM<rLN8M4_$wnGRLLFp}i;QmO?gUVcKi?rS$t$WsF
zwK!<&+9^xTa-z3X-uy;>ucW)OKqPJFB9ywNkFa0XI80C+?ax2dvaO<d24j-(Y&;_7
z*ef&LEdAmW{wDbft(Nf(963fO)E%^17<y!h4QYyAj@;I#RJiVvJzISm#}7#m9IYJt
zcUk8rMov@RlZI!?q6z-rd>)v;d&np~vt*@0J#>Qj>4wzb$sqViX*0`~E+y%We)Bc#
z;!e~Bj83(iK62S}bp4qR+OE?5ANip1?12@}Yt#N8?ph52m&>GfWN7Hs$`d8kL5+|L
z%OB(-pQA|r1S~)(^a$y_`79C@%}ZB8`V0k*-Ro&SGFzC6@|o7SV8x=KsnTh2iEUF!
zGaFPZBvlnm3J%tGZ${C6`Ipu1efg%8WPGKi{4hhIdI<$B%o1kj)y7b`2o=%%-mM}g
zdtOjd3NM}uf7O}yOsK2|oPqZC2-OUA+@B+lH;yVv^-nJdT$8)>QfnV_nLw1Ld@hV-
z5&SOzh9H9{p(E{RjcQ~`=a={re1yb<xIZv1Bbh1s9e3|Ig^637n|p;aDUY%~Prk-n
zM(v_jjr#u7?#B8>I_-?xt=atcEp5WZ-%d9Gk>2^mf7X74pCo>8pm|REYo5~<#B;is
zDX!W!o~>B>_QRJ)?oNbCKcAOcX|KW#>8j5xEfw4Mm!H+iUOWp8Iy>(Oo(n$UtPxCZ
z)IY6?q!(?Hc;m=gty)&)?Hc#F5AC{MY+N>rV~}v1VzxYJwF0>a)7!JZY#<VGzh$|-
zAon(d1I+DuZj|mZ(XghyPoC^Sa!Af=>ndP?b+x@}sp|8@j|Rw<(`<2_A@Ysu!zO1Q
zb@p6caypE0$>r^&^cAW~TH1$7Pe#@~Q*3w5bnV}WlHFYXD}oBrk6TU(Ai+EuDG-z>
zNoz*pg`ezsX=7s|`Davd4biB(+94VzU@sEhn;k>^(HjYfhHOSHV7BEJGvH2*+;sj2
z#&7o~79?n~@su~+uQ{{Xj8<s)gKjqqWL{KI2U3l{8V8(VZc?X7Iue=*U|iak$2Ow4
zDdgI=-_sD|n`zH-_JKv-2aq4gj?aH2v#ZONeK{U?(zewfap%t@jxZa1=--Uu&Sk6l
z^81?yuD<y5FA!3Hp(m=xmDR1AeEgp|B6x0j@FO(sxuuNB)67?>&-8wwi(AX$-rKV=
z3$_w6P7(kRd*i=LT%sdTN&4b)$7iGq0h7G@Gy46b&bHdJWxY6|Y2?U}k0}1ZRefjj
z_fih>>wR=>-tnJl0YC9pb~MjUhr~>$OC9YlcKHZI7k-0<4as5|J+g8Jm7jd0M{6<I
zs3~9&@CQ@o!$8`4fBh?D<DZXornl%gr*DYz81XG!y3$HSD=*HzrOjOrG(p_Q4Eo0&
zOSv){KM<#M^C{$s`|op-XkUQfs{Tq4A=@GM7VObiCR~k<A<8ZhY7K45(zACS?W6rx
zC^vG8Ri?k$S5vn9Mzvat1{^(vv0hsDU7LT+XZ_{n6Th>aB!k?5N^S^4Zy<(k*@+@=
z$H{C$aWAbLKaLQICZZ4-GDDAmJnE3n%ER|4C9|9)bG|t_{$;h_V-0IZLlp@WD;2~G
zff%YcD$ONkbSUc&v=h-(&YkCJzqRKOaw@(TFy|k7EMXqsPopi{gl=oIk725(O-|>U
z9{hz+LKZu*?WaeMeM0Z<QHPsG<kh5%E}I3moMVFPoh9uFn>HaYo;oJLde39&1n-_0
z+Mbm#;1ZV0w`5!%D7>vt+lt@*67a+<83sheCCqa8-;pbtTD|F%qco)@B;t;QP5#t;
z%}TrGCJ?2p!*4110N32l7kacFozMF;U!C?5CS)eyZ6kiyAlj0=SVxRyPR=aNImh=h
zl(ny(+UX#%oLfttulbNuRZ2w+Oy~i{Di=^s|Jqt_WO*QpI}Sw3&A15b<Yu2aH{Q4N
z^{NE^ZA;;&>ukI~b!VImMFUpmbw0c^7wupDg6wTL);HU6uimT@fIA>biUKkk2NKro
z{A<tYuW|*`k-^r{f?E4*PSLOjU3bD#kh@~@37UMmf=~3PeExdaf1T3Z%o~Udv4_Qh
zbCoSgr~#qO;}<$d!?KQThO_Z@;2$P}2(^<`ylC6=Uw`Fp8e2Vs^-s~bMzzS`xEx6@
zm;0&dY1OBn8PLA@i2<@AkuW%jjLFnpzn$k_%YjX-WBpSG`HW3eXH-tw(7tdEQR2w~
z330;@z%CTanD&=${c}AZ;EQOA##~lT{aE^d_wWiB!rGqL`PFr3($;bR|F@2xO8R9;
zP8>D`wYn)R2SE|o%h5xTps95UoA&)~FMnCh2W4a-P?36=#QUIS3!1iKhK;bNOrMS(
zcmR@fS^d89Zxza4B_&yG)v8$#<vtPNmP=XgPNt)6TO<S(_`<W7tp?!{8o}@W_apWr
zj{qws;pk#{8f%SM9jI`gVvoGJ`kCv995>HfSHZhjC-4*hLmO6K=p=;8v`qyuWx%z~
zX<l6IQE)`Wlq#B%zqfx{m6VD49n1ZT!4l}9TQ&JzN5U>?sj(3s6$R#fO-~bjTy$jZ
zYXv}8_1fTg|1|r*?B(C5eNty_S8Y|<h;{xqQS3BLM<EN*lvTZw0tbt^l*sZw1?)Hr
zB4AME7qDYP?z5=2FwRzGX%2pwS4gV)$wiucJox{~M<XI1l9wzkv6P8tN5TXbt|lL)
zeX|p+Cwq2Rs4>^*yr7R{SkUik`}ggzQDog};K+a3VgpgnulxmV7}6WWF3ONomUfKJ
zr}+7Y{oQ8y_eW_zZRDeUekTgtMV<D70%BWe+U3=kHv;Qtgx`NL?vcmRMR{q~UwGnv
z(Ky(?yU)N1SkMt)gkD;u@)k!5KV}x2M(54Y@gILL9sPY20vq*_??$|^ECb4o=#yGn
zx5aV<7k01i0cH_#59daCqD4X0&6{s({ig{+gyfniBB)>JhzIs-7L{a+<y_i(N~@#&
znuEF@O$g4SklSbLDF~xGy|fSp!hh_->OYmt8NnEGp;Wt~+gFv{h<2C}e;=kmC?hUR
zRB-you@D@T+uPF`PEK8h+=yU|ltTn`#n#0WeD)Yf2L7vSP^oPjV&k@8@=UO>%cmAt
zU8ZQuI0b4BuE4EdT>)*S_d^{9@nR6<-~S=JyfmvY=Q2*Zjk~Cwj&!U1w)^)Z5EFcx
zGfWmu-NW3dNJmVb#t^MRK{3e(Xs*!QFFJAWKx@fa3F$nf*mEY5_)_tH5h{2nRWyF5
zr0qfNSC_-9x^g1<BSjyXkB9x6xcZddn(|mKn#a-nu2Pl&TWL2~Qz8rP%+Uvabr)C*
zY<f-3g^P(M_+gcR(t|I&;~*4EW81zR>@N1m@x_h}zW8_|>0ig8IYqmbEE9dl=FKhb
z3ov<=7cQI^@z#ALNNX-ZxgZy_Ufh|#4>aTj9VylaBVWi#s^IUuw4peDhSK|hsRNS^
z0ckxDRGUL_2BRa?nFn|Y9L#GIf?VrU$ZOWs@^c@2lcSY(zrfo0*)hWk@9<2cQt>ZK
z2%i;9s4ODQ0Tt-}#W|OozpYd0>Sp9XA+unUmMIEDL@Rqtn6c$zYW%9fNYCaOTAd)X
z`FQ_y?GL$^h*qAtjJbZR|BCUuEUSqjVJ#@k%4IA7?Ku%3u@O)jmTsYJ_9EWmoQVXa
zdhex0Vq_=Kzj|!>?$%o*e;y`L+08~P_+cOND`qP#a92NCm@YGImYY=b`3{2uFJ6>m
z4CX<M*<a#;%A*-gDNV`9bALIFrFH)9(ufo#o<Xn;X6Vhoo!IT2Q%vN|j`D9AaLu^~
zO)HI%;!k(ESAIUq#>A;4sSLpRZSkWJ>RY_Iu`JzO0n;#DdL88V?b~+>ArqFcY#cMx
zNQ|Yw{d=4Z69=}gUGl+6_R9j#8^|yG(@`|23<Nrm=6aKUQGW|qD;KRTh@Z7LRH@{I
z)9cG$x&|3=WPDDft|=cSqsYAeiB`pF_Lr{qd<fl6Dzr4X6Mzv01w&XLI+dA6Lv`&T
zdl-;2?VcpHa5)rG;+qv$e1{1ORqkyc?r~ZC_$W;6RA#d<K#_hb{f;u&csGyc&TI(d
zye1<WHZ2Ms#2nY@aoV}Vy#fA5{4b{9BI7%D?_22g#k+(wyK<lS%#@2>Dck`pwJY?=
zyC<`a%Z7j??I~0@8TuskxgngdoN)7s>%G0|vi~VeN||f2j+7N5@wxMNFLK_N;0*ke
z3ji@zH)y(*26w@q_H^$n+U|&b>EcpL%&Zl^{#mfS+{@KRkDgh<zUK0BO*2xgbpd9a
zPjl4|xEo+h=t%j3DiEI!0XDz*K>>Oc;YlMA7Mf$Ebdeqkm?WQ$G`IxATy{tR$AA(j
z_j{AG66r^v$>40W{H&beGB8aE8Dy_~gfjh0&7|a!ft8#MJ0%+f3ZXJ_uBX7pE;0b<
zk@KK7^i@G;*2`8G4{(_$Dx6t+k%Zy`OkUJLh^}Q<x~*1(klq0B2b`+pdmq;OVvpLl
zzA0iDaJV_I4W%ZZ(F&2BQjU#iwYOpbBzutRJa`%*syh!_W8M(a1hXG!i;O&YOh|+M
zHDqjQ@k_(v>~ULBppSWi3+I#|Bsqzj(rF+Xe(p5}>TKZ%BX{~kGnhK?W1^*M<;;AI
zTeR#f{n-l_(7Ls9zuyT;A#3i2&K9l%R+i}!K`tTu8zpIO?cIlnw2G&ZOwW~*TUJ=Q
zX%KyZLx^sd<J@!DisP@)6AhgzE{K&5Z8n_#-j;(jl~8;S8%vY@u~q6o-27B(AU57^
z;2xK0Brx99GTnDiBi~_a5>!<X0X%uWoz3TNVB+iv(W@0VnHd!K`n<g0YVQez-wl&3
zRRVCJ#SM2j`Nd#jyK}HZ--#DpvH{DBMwl@mWFJwG>i0}Ba;^@Sp7E%PmZY!)8@_Vz
z(lLAa>5rF)QD(u;PPU|DYW~A%EA_gje&Ke;CTu@Gz7+HrAgBh*&wRQOBWh@Qa93Rs
z3kfT|6=t&1D6(U&SKiF8n|*cSb#S3y4Ug3)3vN^1k_J16rT&y!(HS;|$~eyEMd+59
zdB6t!UF+xB7?&-^elNbB(OL5~Vni-P;_K&~N#)2j^>ft@o&0Y*#DqiW&DedXOA54e
zIyOtkUTLow1;|L6@7zS5SuIB|wpeYry@;4yl-GII@E8y~skkdt@&8%Sia^7xSmLL0
zpjCCD6dL<A0HvKE&yj1lM=P2i?pk`qUIeTpP}4MWz?VKo&rc11Wx#P8UB@_VGR`)V
zHhk`wIVeJ&`<{BWph(7jv<gkud3pKe6N-ZGd((ik<D2)To__QL@O5X)9y5Kf@ELF<
z-C7!7bZt3Lxpj2{EP-gi;&R!@(X4p8&R6^H@VeX;wd~3)Zam(d)8jQeUeZ!)oPg(E
z=N7}kCl(G(2=&~JFk|>|`L*i%2s`Nmrul^#%H*R8K9pux7XcXPBAsFgKJE=cRg#}t
zPJ|!Ow&yXx&kh6}T3S$ik+1frO<8jmPtal^a8)~%^&f3lk*?EVjiEUvxA!4INJcB&
z2=C}T+w~Xrw7?b+4t<GIN}=nx0}VAGy%jBPVV_|_3G#-zZhKbmbkX$7U7E+=ruvwQ
zo-b?j{}M>@Ggh#Z>INFyjajCK8E{R?pD5I#c93@23{+NZvw8RR3(&-Oi-z#~*oVaW
zPSm@{E$fxJXHEU+?3gtvy9qqKUy91UrvW5j9Vh#1a$oHZ)D6+P?Kp$Ppj7Yd9SY=+
zFj<~!&kEix&hLfaXu-oGr-`|?<Wp>1MVtkOS->?Jw80B!rI&J=9i~jb2Ao9`Q~3_u
z3QS$UYAluY9cZ)iv+i?70ZQ;_(p=p|K|j@(C#I(H9#3I-<$MGqYZzg7i96f!&{K_{
zMR><rr>ctLmcePf5JJ=c#jxe~qVNr+{y*>2T?LxW3o367klPkhM@tZyUi!Ql0;<m`
z*Mt#UqV$^X3sXhzE1@bS{o1z9Z51-vx#|ehei;?p;o&*Qn1xN!J+C`k*@K-9mR+_p
z+`7OjCE+(eb>z!fw|m=zLzPi>2d~T)HJ7{R`>rf;ekulKzqf&Zxgh`Ce)U*$m2-TC
zKU-Bq8o*wd(OU?8s`wH_MJ8O7E&W_SXfa=4<KFL=`GpBLJUrZ`X?URQxm|YYX@vE+
z%z9=-KRs>Ade*kZi{d{2DkIO}nntwvDR7LU%nYYnor8~kSf1(#EL!-!*sRJnhIORs
z^vl#tC7yUpe4#P$ef+z#^wWUE%t1#xHmkTwQ|#q=&hMl4KYThro7O@`xE|Um;`-bT
zb&7{8+5b^+-8i;o&1>pVE`2&|doXYtE<Ry{4$UDyc^SE5+s;j(4)#xzoUJoyd;%=W
zi7%kEcp;A|t~u5C0{K%(Pk6q&Y35V+t8$)W0=-KG`NoJ;4y-Ixt>lZ^#ks`k@;xus
z&B>%DphvzOF*9-1A<h9|I9D2619^@Fnc;2;k-Hzqz4^VrUo9ILs(<SHB`erD(~OUN
z6p;RaRtS~H1MYb@4-b!f>4F}h;uIG~B)opS6mlq~@<XxmnAxevc@N5qoSjA+0khM`
zlrwK~3(sx3n6NnZezy6?jhwl-$JC*%sM%4)Hw+)M?Cqx4(KC5=9rIsg=v^v|Ao8Q^
zKIfb$F1qf&IQ}-zbNm|NAbtv@5ICkUjJQykjLPV(ejS1WZe5+}n(zJX@p;7ePBSBA
zT!@cFvdD8Hxs0p#*Hy$(cz;mxI{`$ol^GXAvk2=L?;9lYj_oyKE42GAd};p!rYfp1
zVn=gy^?ZN4e2x=*EN7b$D`6FkOt+x^kS7(gSyNaI%5Yr~EzklRL(wuQONV}mVjKD1
zPNp1W7K$$naZC@+6iXTKG<(MPeik4=;#n!9GvT8OUDxR?a$GxcFn-dZMoVnBsekFG
zf<?Ze48^KwpkqD@<q?Wyk7#Mp-WA{iy^t}KmS^3TY*a?_P{7{OO_T$KS+emhr~dM8
znQsRcKi>rY%so)vE*f2=x1i{h10iR!Xmy!;)2@!5s?0y((qjHFX<`V<%TojYO8Kw*
zGn&|VLoA2hceCDVj!YYg`7ev0x9%F9H@@@kAWdyq=uU}hc7;qMAZO=vq_Pfkth;qm
zWoD=zmTFg5VBf@}{E!YKuc@|7v2eD{D39;gU-r2)h|XM(b4)Cp&MBfZsk~M?RWWPg
zY|!HfxVVRNK5@X$xe_WnTHZjFu<JS~p?=*xvSW_V?nI3y$Cfj)*-1<|@Q}j6YtXjE
zXH&KieL5!rFCRZlT|f`yff`Cpv4+(?<Pq8NVd1eNMP%`F<DYSY$1-NZF6UA1pbSa3
z1|W6zSS;110iiLIz7tFETEN%;%CC$Vtb=RUF#pH|_7X|V<;~*x^M=h<>uA9P<^^KT
zQcT9*vO?IM+5FTS`N+wwC|gWknVmK1Ss&cT?dcZ`7u>raHw<AGMm==qOx~~Gf2&*S
zqtaZ63P)(}V9i;;15vhDXv8>&9sBU{hA&)tYI=*W)~m^W+Nh&(ntl@89>b}qf<Wl~
z>lf@f*Bw0}+vUlOYj!pXSej1PzRrb=)=7nXu=(1;k6ok3t0vp{$^jl^>VFF97)Anu
zUGk327w;@Q^53MClb{Z}Ad>Si0%>LpHqJ7B;B(=3WG_DbpDE_+>yb>(pDDWTX`3~e
zpDhwxzR>=zd%c`IE6dwY%g}An6xc*Ze0J>dlTCuBKZzxxGkd?hzteD&F<~ggy0<86
zisF-CEa@|IkVjsoOgkt4%Ok0Nl&(=|r^7fnWhV{4|Jb7Tg2xuXH=M@?cPCt_QRxRK
zTP;T6f@9^dWp5AGv}&PoAlya^>T(kMC-sDlu?66%^CDcl4x00|qg5~po$%_^&-BIM
z!q*JAN_t5N0Py9(hy%uCLXcfZb_YGDoIpdw(v=aFD#u_l#2=}yB=w>`CB@Uhyfy~6
z@%b5x^hlpkJ<LoN09Zy?M)nV0YY!M9kz?ZWC6K#&4nVgXUx$~Inlt|nB9Wh-{2BK{
zlfwsov^v6fa5o2WgLPE5{uY!#Z;ZEt_cWHk;LY9BFa<C}T);}NZ0){|TsO3uaUAf;
z9lXU%+BNGjmiV@PB=zZtWbTHr!a_$<vu?LHTJ9?4oew~-T{<r4i<+PVC3cMgXYLR<
zt)U<a^$_RnZIP3BM<p$y&LqltO_)c^c|FO`@N04kuo~1XD_4N_Jco=SfV{jD#?AKR
zTOBI>o}8)a-W*%pbo}F?-XkF@6^^q6d`p3mlUW15;?;7s1j#1dNC{VH@^1*)t<vb(
zx{tDFMXA(jpmK(d5!;@z!I)HF-e2sLFsJp7h`o!jW&E-^0xUFL;z5bjy%o!WdgO=a
zw=U3rVb6Xf`J%@-w*`XQNohG9T5@zqFa!ng>#u&xbKI$L9nCy6^`RW|B4<TQH~ZH-
zj4lcvrOKCCe16Z_+f~)fBoi?XH2e0q42-umD3!vL7jfH<u3F`u&ZO(+ZOJXfdqVMJ
z6;;z+z4rL#N=D0X_k?yy^@_S2!WADw12rZQ+NN_C8lhSDbg*xc(t_;HJDX98%Rjl=
z0g?u`H((?ev<<KBJk!aS382o70-S%780R#$(7FxgTzS@+bW|<RH#~G+x@#RdOsyvn
z3dLqQ!(t@mFG6@?p7SVZ@fMT({vAKco;wm8L)7E)43rKX8}#5jEE*R5>o$Q5-Q-%k
z_<5wHB?OI+YN{Vu(Yk;)UvpYd8X|W;#XD|d(74K#ceQ|edq1*U@fETmQ%+wp$amO%
z3}CRzi~Kyl1^1mjj@^0MKRPq4u%Qa|-22J%dQ3QjgrF}F0e0!j0v-LzQ?OLEULrf}
zvGm^nrx-n1(OldgU7r(}8{91iSMknFJE>-fLZi(s9mTVXXc$M*&NH&pw>P6qeH?Uw
z5%htma_!zO$NFO%byr{t&$*1QEQ(&cjO3Ky;|*cZ&C%t!^9Q;kj<E2<>g%mi{<}ey
z0N4zNR<3C0*qyyHvHZ)JJTZQ`pU%LW7fskJD5&!7nRw-b<4YdHQY=z?M*yN{&z=p1
zw()b|XIoU?C#pODvwS=xxR!{A>K7f+SAj2+mIk{Ug{a`QtwWbIArd8x=^;G%0wIr;
z_AuhSU%|+;XS_gpJ(FqG9DCKEG<bYH5~UaH9D1@ZA1gJJby%XuR)@aXwR!Hbv7BSy
zaj(gyPY;taxAym!6&qct+0<pz5-;!ao}FM`8_YLTF=+<fK0q9+y)Xj}_yt)Oap-0{
ze@vd^>?gBZBPG?%3iC2eZp`v;-PrgVm$80ua@5(0hMZ613Fv;iXR;pIa<hG?fghSV
zG20T2<H*N66u2stIh((uO>?gW9?}Cqm+nig>H=$iRBhMG!K$*+3U{=;S<Qy%qc+J-
zJQDv1ZlIzgZ|Y7*OlfRATix_pBS~%L*`b3g{;!|Ex>kMuw${lHGiP6F751#7P<wp$
zbr)#%TSE?P*v7_JMEV+T3(W=iEDSn2-M9Ol2wZiyHST;xuDVn%)B()IhkH+lT2(m1
zL7JY8Kk@N4c@9%`8r_Tu@3RLW8)oETjOT^!++Ll6G<%>AcF52&e%Whd_ZiY*F?l}S
z6ar=<+A3Zc`sAD<f&VvXy@}8#ui3|!)TOK4UM@x%AGK=c<%+EwGKm{4FACXZUUR+6
zrW&`^W%RA%OM<NJY!f6-3LX^rX4M9`@B^9WCG)Qz`qo)NOm?!C$+55GUf3bi{%v0#
zictCo$VTWp(Gmksz*8aqc-Fh(xj2A-aq;~_Zh}5=%TqFXyZ6h>8!LcsdLzjmg>Mqp
zE!#5MHn`2EH4*c@RJH@K#f@H#uh-2&lfa=KajeRn^Rb=MCXWF~I^0v3;Sg$+q|7)V
z!=74LSQs>JTlbH7keY`P8@MpLVs~e!Li^&9NzdXE53T_3J2#s%O?C(}%+#AXd?_hx
zD^)=slNX`PM!YWCO&h!_z<{`5ET;ks0O7_toY+mXu5W}|(;a+-wXp@hGsAQp;_k&x
zUVE)@VZtI-1=8ndqQx+Z#y_3+KHw<LoS!B?V0uJu;*WUw^5yQxOCLQxc2)Hl=kKs5
zV2@coPZ14@Icjs@4xdhU!H0gEvR;n#jPKX8V~UOfwQNV)$$Oh;uq(hsQEGr8F(;b2
zN!htSk$0Rn$TL5yMwpOQ==!~&b?O4R;1la6(+237XU;<p$Ov~MjFes4le<ibc%r4I
zrEE{+Jy(I5spkl5GH^)hd+Ew8@oZw90gAc(8V}9A{D9OnHs#c%ya8y5v))0P9<yjA
zIzP2c9++ub&B;G=zB0>DYIQvZz}BaCtS06Q2UwS#yW2mzn~VH*0U^oWGoHu+FsrHb
z)2D~$`3skT=e=7RZZv-PyBS+LWb~`l_*#U^8th!RL`M%7HQ3c?29x$BIl_YkN|6#?
zuGZbZ3%#4Q6V<xKT?`sJno8a!q4~FFHVg!eK0U-8Am-z)D*2kD$iL`UuA)`1@tsfz
z)PSD%+VRnyH$1>?-X2j8Q1-p`n@6eH(<QEjn$%Bowmu3ElZ-+da78p-PGTK`EJR`B
z%@J<MLbznwBgAe38}*b_h%g!Sj77)N>$T#9lvB?^h@A!0g7+S@_-AP)<PSQ4)wml7
z+mWyF)x0n&bvY3?4&INNhCL5t7U<J6$UlqKyKXgegc+Nm$gFf0+E-|?)!iZ`aP+M4
zSwsXY5-Ye`Vg0Yt&`A@4DpG??a9;59%%r>`t>&Dxydt%(6^p=n%Mo)4f0wIKEMaW#
zwLfo149MPXb)!K$9iBm|m@=8-`>*3#b009@Sr{gLyVr+Lv$&}dfvf(!euqJ6YBYX$
zG+;TDkgh!eSuRRcJ@#Ol-k0@HDdU&344Q8DG28R^0ZfIm9f!TS?eBU&<_bWT<bvQk
zn_N@u|Mz#UXISvn&(~v*XnI`ESyN!%rBmONTzdGzIzv>9O8Ccuf_HAQylgaCy~)bp
z^ZrrSFzk+X95?ZQ7OGF`CMLE-ItZGwM>Z*%mSpbEo3qjyQs&+(>&<`*W>}@DbKZpd
z&Mwu?%mejIKZP)a6Y#%wT43W&jJa1O?_o`yYuNJOCgw*-`5$A>eRq}}kZVE<)1<}!
zQLlz_SIEJZNLNM#=9$}+xjyW{57o#)M8ob!D3v>vjAvI_8;b_hdU+7F`NfT+{qxPH
zGZCZ)eayt$b%_!PsHl66WfeKGkqzTHa2-PGgAZTQIDP-?;{p?O^%K6*Wr2A|8XG@Z
z(_0YLE}VZ*eqgP_|5<3`=uSt7C<Z@^{*QORp|pv%gzjH!N_(*7VtW!Ub8x|mQD5oC
zE5AUoeUJa#@&6@Q0yd0Kh;uIPK-phdqzTx@>cx~mmv;XdX=LuLK>FGvqOM({nWX<Z
z2&E4U$RlR9<AjCXy!dh-b28GjjzMJg9XPx0QU0}kf9?ruq*9)oDaR*e{X>k#CfwPa
zdsUGNFjOpPXP|g7M}+k6(&DN#?8PFVZSGW#7R%vUN@<!yzBcf@K))0~@k~pynP`vt
zZ^6l=ebh0@_wx;NTE_l$!p2oYb@%StSMRyI<==p^H96eqiU?jTA8O~<#)pq2HFX?7
z{^qQLS&<ZV>XtS6Bc39q{xA6hLk#i*hnEqUX99IthM!wpS>fqQn>Ma~nj3Te!|wm7
zMt^<$L}H-J4Gp>nv>i@9u)5`s4~PZ+ejELwKPN8;=*J(jV#cWhBtiE<D&P@p6ArS{
zE|<F9s}E?w{1ch^w+dkP2qLPJPiMikpBxq)?N|%m`8^j~1B1{~Jzf;e8nkU)dkKO_
zZRr16NxdlTIbci3NQQqYi8O+2pC`+Qg`l0I^MhB_<9=E8@8|f1ZEwRQaYSkEN+cdM
zIF$aIsX@=g*jC}Syo4{qSHJfFMVK3Vz2ont|Nc{A2rKdsBaBOJv*iX03Ba?pYwW*+
zh}+(%H6eH_CiMJ&K@#>pLWIb212J{(jB7G-c3;*`p1V2Y-Nk=iJ%6DHhJ=v!wn>T|
z5W-B;-tgkucByWSL;yCJy_;WX=04#yc$pV=P+JTBJo(-zt^F?}1n{oI?-!RVMxDCz
z(E0WQMV%D~zD^=`MOIUCaKDvh>H~MLxK$VqZ#dnmD2}aJ#|59&f=l9OI!Mu_UVfpM
z`&l-R`Cry%Z@~?P6++2)&WkuRMBO;TE*K<4pH1W~)Y!sEJ6eXdw`M+hbvNzwTj_el
z=k5x=>ZZ(&4j?l&4i6~z3(2(n!xe-LsTT^-%8UZ<)C3nHYNz2pSi^qN?qw_@UbUK%
zgm)HD&le5TmJ)UFn(%vf+zi<QOcdLyfS7TpBY;Y!o9lV~+#J9K3}X+Ga_HI1%<_b5
zgw<8%pTcu{|MfG0tdf`ei#-yc2YY{k@<g`?s6vObbOI+`25ozi*NoQVY_T-t<?bEQ
zeD3HcYdIm=5!l%;@3VR3wzSH>4ua*JlHmb}M^3@rY^t-u`%!_BfLc|u(`NwE`J=D;
zVY=^)Z8*lI53gxtnM!BYENe*Xr!_xTv$)^cT|q+dmSeWxfyUp(9bV-I>t*?`ENr>n
zof;R{okeVivB}QU;GE&C?kUsOKCxywNGIMOply@@1JG~y4b})0S#ter&1d$nqa)TC
zQH)mM2oa6jaiQzdx6nRV&iIw@JKP-QXg!*n6_Nn3Zhz&>e}Z}hyck)+1YIflfL#qJ
z0T}0l{hGlW4zJ?nhD28Z<fN?ktEG=c29~f%u4})Og(5;AqLj!RZKsjQ%cFXZ)^f#i
zQJ^0K*B@u-BLdB^aj<SgO<w%x9sI|-L+j`)4n^M-)quv>o^=xUQd7@Z)|^giAm3b<
zM*~GGdD4w@xWQ%Y={-UVc$E?xt^T}x{=SvUVQCfStVMEH*oa%shJt5vGyFr>ssP;<
zSbdK>N;P7%{}F>P<z~wNr+7ghAn*<_tJXQOgsG&PsnT}x49f@E)<<qjfGdd<x4;=Z
z`}mQc2*q@^XD^}kuRXcihPhZ#0P>n9tqZ4Z-@`=gvoJ@^!5RL?@#KAU0v?8~nnTFA
zNjOp&S?*RAAx%f%-EjNfdcyW&rtm(1<FjD>79_oZlqK)`gH!A9`5S*XbMUsTIdFdF
z*%#g@=|50EZ@4RZ2Wpim93#iDhwuBhi`s9rL$d=`aVDn>@c;lo=AEu1vlon|$2dNL
z5dK|uPgOwGdTFus1^SmGr^y~wv0mSzi-Mu{gxZ5HbnuCoqV(b;j`_{I@hJKmoy4VW
zgbh$)RAxu!9|(C6(8WA+Li<e5@a_4YRcwia>|EGrk^Nsr@h^D~RE1p>$M4ZiL?R;T
zE6bZus!UO<aIT4Mcij?WJRC~#r?LJXiRBKxlBMG{)I6(}_`a>odJ{O2lr-2vcXo`+
z9|GGD1H6s_7O*fiEC_`dXvv>D39SJlK<%Y*qy3aYq2s<tQ};mjcv55hKK{lS?(4GK
zYD_*O1cVTJck2LYRtACu%2i~s{k1b3_80Y$jsX{1DhDy@Tup^KL`upazItoot1i%v
zalBq=>9loto`A{g5_kT3G8%@ox(DuZ?a_8mP?-JM1wj4P2E&OhEXOo=0YMmF@)bbI
z<avzt%aNhR5eVR!`XHPP@0+sG)0Ss$$cb23RMI^!b`&k1tt2?k&h$FPEKqjNQQtHD
zLlo=xAqqu~BPe%=MMmegL8{9Qu4i-GM4Ea7R(d0{kE+`1bb)JOMQILi>L0q&KR$2+
zUB=C^Yq8|0T~}lAUFdXuixf3Oo-4h;Ot2j)w{D>H&i2bSc<98t;DlW|wRNL4OQZ5p
zEqF*|;DAZSJbn0p&t!U&mtzC26;w*a)$Gu3hDRV8{#Veo5HT2kg55>IeG{Zt6Q;d{
z7u!jh)~2$eK086<Dq7i4Vdhgx9sqgz!ugF5nnsX1t26-eR5}3X2@nV#grQzfdkP<i
zLv|19o6Ca3J3B0(v3l>ZW1YG|cr^kRou-}9Ww~OYRXTAMX0Pv;_;~7BBQ&L#*JvtG
zO9p)hWe=H@>%ly|kPJ`u4=u8zzGc2Jb8`X)>GsTBfyNkDTc0j{Ez&0$t%@LNp^oX1
zpsM93(EiShRxjlUVuT$!N|(zTwsq<QS4=&OB@(Q@&&Yj%tRU+_34^rzO-=nHd*ncj
zw}&A)qrbHi!>~m_Gq~|o6Wpm@J<9s@#4VGLxBY5{5#=;Cq!xx|53CQv=a@RZH_37y
z|9Z%L?DN}F5yg^J-JD(`3|uW3T?Uz!4bFp}Y#2gw_VKRbIv8;noly=$R&<eWDjpfP
zyQGpPgBC!u9ol-}a$R9nP#YADA|#rRzt1iMVou*)1};`pm->A!<gDUuKj<<Ra;lUj
zG?R))fkEs*F`-N1v-HdNHyPQ?KivINY36LX%Wvw4O;5qg7lrW>W>zxd<$FSm=paMS
zw#N_(6CD@aRUv7VG<UN}3YloO)!d_qT^W>{Wv}G#jkQk@!WMD<8zTr@_xps5czPJk
z^Va+WbA}nq_@c*g$MAfd(i{LrA_aqwzYD@ax?21MSyVEU-ObmmHux#X9u6RU#In)K
zr$C2#CQ+#rfttbG>p25)XcX%$_(~8UHbh1q(0=tPSH93Ut1MuJ*;TtU>3tfM52Vfl
zRTc${FnPdhr>y}hdY5J?y(AIEZM5v1P0LHQXz`h-j{@?3DIj?L^U_&=tc<QKYap-!
z5A_}12$rjIwg>Coxc%J@eijJ?m3EaqY<lx$nJG=4)_@z<vv^LqkR{m+fk=|(rPFp2
zI@d)zGEN?IHEr|3B?M$gB13c{#EhR=UBr&U3_3AYe%FTt-73$p&}iWV-^JWay<Bm8
zWzVhZQ`{DQZ--%48W2d3Pgd2r^*K*dM$MP_Dr`G#WrN&I2Gv(ciliuk3d}HLN*-m8
zFS$#!sQBL8q+(-!vs2~rX$8{)6kZZ4r4g`i-9(uF7sl`Z^DVUek&>^i``rt?0oQ*X
z|Czf^^bjKE!2zAT=uS)OphA>V=?Qe&j*`J{OH{;;1cW1*&t2^RQWOU0QWM$}W{2la
zjdXX20eh?l@eO7vS=5`J5!a$PTmDgDMz4$ll?BH#O*E^0=d18Oe;=o|F{S5t(*yyh
z^6{Yjo=RZCwkz8D+Wq}f((pO&p%<Z*(>>Uq^W?I#-FYy{<Ju<FV_xZVN8hxD3<3{i
z*u|97b3dR0pPvTo8Q)?L^oqUa_cBjBB-chQM35ypz1>#vJXdE{>WU9RmN-O?E>K#t
zE90>Jr;eFx@bx)#reO$#4Tw4VgG!fW$*q6DzJ#hp9ex`S?iYX)7K+&=oXu8}v)tTy
zh+p1{Dnh;TiLX^XL4n}^7Q7JKQk*HER?6Wn0><8|Z+g#Fj!%tv#qgTZjVN8}nIMXL
zYBukZ?L))hsa|okZL?2ggloSSX~!MMqB>+UVXsq5F0d!rNe%tO7guTrCrI^MJBbGU
z3&o_Z`f8t%8=OhkZbk=;1RqKf(&k>&IZ~Q^blwCgOpIfkQ&aZO&wZ`CRfxAwKeE5k
zR}~O|uv^kG;h;bo=wO^#=I3OPI?dmzsH=}u2{-Wmyz77gcotdBPoJPc4l>5Nh1%s%
zY-i`-l`L8lYh5S-VEntOuj971afBTzO}%AP8fTGw6$`EGio;QjP@gEudS12Yk}FL;
zQF$S|JTHYZ;SI1laj%KJ11^@dRO04inoyKUqY#qahTCUuQu`}<XAWG1Z0Z70;5qXh
zq%6nuo|@5*MT?XYBMg1z)d3h+OU<ZI<n{k~wQ`rJ+lyPZ`~mNZGh`DxBU%xJE)1f4
z7BAR->aogui{~Z|`xZZ5k`8cEoc{Q<@~}R=6JO0$d^W)aka6ApM+=e>mf!vAjmvSA
z?59fI9>V`XpKMl7oXIUr(>r%$k~n0_>gI^BYb>R2YJO&l-(sz3WkzSAx~CjJvJIDB
zsAXv>V}`mzs$U(`#kd9TSHm|yQoyK}#rgmIf@udFl8+t~E5ifXxaT>>0dyoqIL;Zq
zdEdFaLCLdy9jbuX-FaBEiyBuLW948B^V)AUl{7x^BbHdj`%Vbkw5Q%P{#Z6ksdNrp
zh!N8*+?rqHyX)|k8^dB#J_vo^_@K}yY7Y8D0X@-wiONlxm>;cLksMSWI0(R$%E9X`
z2!4$sV^n*l%k>(P(d?tUw*!UD7EKoQM?(_(9*{Gy_-5Uko}Cjdo_f7Ir|57OwO~bD
zMd0{T*-uL_&vU5TD&Hs7x_|NV0^>eDs?u|y2W!aG2Lfl=zD`E4ez*7*y62WM3F>wk
zR_u|5;gfGL^nO`k;CAgTh0S)5hP14>yt*7|p~8PCv~%Rhk1-CJf}8yd5iwmjnNspz
z&7!@Fzh02gTcq_lxQrU1!XbU~Tjff;FZ5HNh#Lg9vOOf@>q*~R{Ziun_P_93l-i>?
z!@Zv32Z^ki7Ft40^uAb*3cUr*|G?Z_zt=l4lXHpR_jQ#6d-{s1&F43F{FD$BV}YSn
zoQWSrJ9@gyFdj3}p}|=^co76sAM4&^YcnEJcdVmg;gJh5T(@Um%d?fI(_ilB4{8T*
zAAiV0KY3g>coL2G8qLXSa?3mym&}LaTqDL~=Pn>?=bXLe!LBeN>yfjh5AzT1iH6+8
zOh75sDQI^|vq?!o!BHN$pW{Z{7x83wnWpH;V7Otbo5|bj@FqT4aVz7s2rux+wmSEu
zxwZnEORiO=_!;Y@th=KX#W}`A4v%9e{Xb)v9oQ_a6#Y8IvZfo9WFGO!>cl#SLdAY)
z=eHBJg)mZ($9*U1PH=VR)uN*NCI#QwOpj9$fp7czdjriGxpfrd@kO>nc|zONUX0wX
z$G&F<TrCi^IGjN-;CAN{dxT{*-3v9lvRJ}g^>b;Ci~uX$y<I4gZUkux)vqGXmeG<y
zj=90d16ir=b1%(yIRT`Fo7b~Y)1Oj!q$uMeUvVBxH;>o-`t`vfNn>NHtOUTG4C}Zh
z6Wkl4a@~2G7H9BdW#Fy5Cs+f*L)t6;;Q*^cz3&`R-%M*E>no%~_vR{<(^*WCo-Qu5
z3`{(>c?l-L^TIwg?oJ3Q3Kk7+h*eO_Cpp^wn0d2IpKMyGZyO}Ta&&n6l#ET}M<~PP
zPgeRhty2IlqKRodrfORLbJ98&<@Z7E{1ir&QBLZ0U7vTYIyK83(xg~X1Rra>NG%)1
z!FXy)dGKuJ?n3n)S}+>9IjGkC#4g1?G=R0&RnsEwzg#;3(68OjCP^-@dl^+AGI*%9
z+-uH^vor)CIcLo_nyVYS^$hR;)QWW-d5HEV#Ys=JpFb3>^MMb!xZJxJy(Z0vUSv|w
zRM5e|QXbJ`wjW<}4j0B;$~kK&WG7+~R};)9C}C+{xX}l2+o@2*$@5?G?yV@mFT-5+
zsP8LRJA`{Md9La^wlM!6V{aYTbo>2}-(rh|q9D=+DWD+WXhlUN6#<bFDQP8z5l#e5
zLb^c_RAS_a5h_ZI&N0RaX~s5k2qV7NhWGmpZ+@TOKRgik+UtsQo$JK&JddQu3lF&W
zps!)hWJO5I7`XL(=;roCy8nbJWMob4^xD-hZ2TOo-Q{UC+*#$`g!-i~(GxRZ6ZAXd
zOJgRSyv@o1<uYM4#?;%;?F`hj6wmk)7f5vymXUzN$V<X+?a?4$J-DhCB^-=hK3)Kr
zjN#;EBqFlM3As~~D7!y$=l*;e8NmOn-)m=JYhQn?^|0LvP%cZo2P<i1+^P#?RZ9zW
zxhob;3w>U`!^=)*#l>;CZbz<8+7pM~yf3dzyx!SLk+T`-&uaiU5R~d2NB4;6aLc;I
zCO-JOAAxTNP?Z@kb^zTz&Bi?=JI>d+Is**DLM)@yh+cBrhwz!cV)Y`Un{eCF`tX}2
zP6|j_o7DcEB6(!1Sc(EP8j{jp_M(l|o(jmpkpUpb5+Hp&5)h891twm24wDSL+i~lb
zk7*DAuAO5*FBUZZq*mb`xy8#3n<pwj9b%0unuc$dsmTcGzJGp1L>DrYMj9+MBwL<|
zXl|@+tcFVLbQ-CCFj{YOrH*3*kZ1W+L)S~@yh+$)&q9)~VRgw)M<}su0tI+i3$q3!
zRKzq=HmpNHM~r?dJJWl!>TH+womQ3Fwg&xmoUR(V!c;CWV8SipI1(B5MRM&o-HP@7
z(xtG`L$e27S4Ib)R7vFwF(p?4ua%6prcyP?1-ZOXi_~qtZSp^81$D)xX3!+R!Pp4E
zz$UT7j!j5EJNAqbIe`7${0^Q%zz}-|%}_@pkkecsj3ht2vkqwGTAv~Te;nv|p#<)Q
z*S@6U>JUA7%X(&^8*kHbEnI^5pN+DNg<5?K(?eeZKz%{o(8YlFaZ~fRGVcOXIE}V;
z024#5=b6`74u9PZI4@Ke#+$8H=EtNTk<IF;s5IUl*!*Bd0={~AUGzA=ffB_~NdMC%
z9X9jLDnh}=JJ7Hr3iQSn1HB^B9r|O%K*+&BXH1R*LfHUJ937dh3N1g3;j)*%N}(;6
zlFxa~AL$IJl`{u%@YBF<hz`n-BOI6dgca9?G%o4YRd@ruan+SwD8&Q7T=}2aQp5X)
zXPH8mMq80Xm+Zp~JbQOvIiVx=;r0-r5Ja+<KnCR4^Y^p^-p+C@dW-jMpImQH{c&=%
zupa8I-OC~1I<7oU8oG@<Kxi92Jm`Y+Z%e&M1?pf?UckDdh8(JvWIJ=P3>_bJ_3<O`
zGpq_iLZ>uD?-YgY*vVb6WM7|Z@-`RHNE$kt;czB+I?vQ>l1)>r5S3Gd3i<vV%oBYc
z9n&i7R(cB<2i8VaP8^{0W5f}(+I>e(EIOL(VUuH0R8GSwyz2IfxUWuxS8v<_rpEq3
zyLF``n`EyHP=L`o4{+M6(UKqp-f)^3uk00So0MJsF6%t$<XDK^N$iHPuzgGgzdxz}
z2y>O?O3i5OxQyEO<IR?6Qp)w(H-~nVxQcULc#z8JzxMF0`xNQ(6OERtzLVdZWuQ#q
z4@O?&#u8my@~;3hM0cECtMLS@ATqQBh>r^yL%3ojEw^0tC4grcr*fyn=`_`-L{@BW
zQ04(T7l*{I0E}|2r*^#T5<`1Wr|fQ)t5}AWf0e`Q2=4ArD{y@relVg~1K4ZQz+U@z
z&fvPW^Hz-F2}sE(8wwQ#!V!z^{0ttz`?b*-Ix2`)T>ZneF1JgF3dm_$|LkU4*@gJS
zexM?d+Roq&;DdlRmnN@MmSc{JxC}G`;87pqSm$~%p1{<!aa<lWB`^SFPXfT#>d~ue
zP|^XF0RWO@STyMhJeVv{9;1DpvxgPkas=!U7E~OtNL#k8EH1ivk=B<-gGtpTCY5&2
za_jUE4u&R<bpbsO)7$~sLaV}NMWm>%zS|jHu98l!ChTjf7E<G*?h=}ayXQA|t(m?y
zRv#6tHa#O}IoMKxED+P%cwp-`CD<wJ6|pww*K=Xn%Or82(wSC5rU_VvgFswF5<L#C
z->A(s0TE`?{Cn@Gw7g-s+DZ~Yx$_m;*aX5ic3%*UTcVd+4Lp_fWdHqz>G^VS{g9K3
zEE~`W`Q=c6vOQZz;X&R9-95%%s<O;fBnSJcUC(r`TDcm;)XG(Aug$F)Z;5-iFH-cV
z(mxN^(?bt}QQ?dcM?o311W(l8ax;Gm0$$5d2A&A~?1+HP-ugnDR%wev)o*qR!nf$u
ztY(!V2(2VeO6lNz`~<tCb$z;8nb9NL*c=lx`(qsUSAoN+v9Izg+ZoDU(7V03fD&^i
zuKP3sc@XFM<%zb2eMxrS-Tu;t^WzC#p=sF^o`>HK@vm{;t#!=Bi;1Cq0N)<)kn$XJ
zGDTWJom1IJh@20$IT4~#`>NqUf-imCMW7>?pLwM^+}W6RYZ@z@!Fxu)i{UHl7pCIX
zJR*vnO`-=gI_h6}f!NHt0~2FhTpZ%%B(SqY>-@CTElqv~vF|Y_XJb4-3;Ol9A$y7d
zPjGWSJj7@a^glv6U<!CNNle;(D-Y<#Hr9EH%<im$qK+{DAc_LVfBb_k@=MiBfjXf8
z0NT*~nf#QVP#}2-(;ilg3IIoo_^&pU01mO%m|PS1lCLe`J^78$?kpe|z^9v?4_Ukn
zqMA2AlHt|Kt)Tu>!La-P!#fp=`r}Nr<m6fSE5w4iJYpHH79Wj6-1N`}c6FT_gE!*7
zGG6|XCmj6;Xs(m{mPThbWb__OMRH4gc?Hk5;Dl;|s>wG1oEr`>g4Y0G$tS@PQ}Dg$
zaROgo`3$xC3|Cf;?Dvp%0I*qO0JHmOT3PPMkkd%L@j%b_5b$>saMN4KxbH>vi57?O
z<#ZO=I>%Zx*+p5i#qvan7(^3s$i@bN6o(mMxtD}2ZZsPpC}h*Hw_HxA9Aua1Dtem5
zcN}r>7;t~t28aYerUm<U^x8LNLwHXBlj0ENN$7@HqLP2r+E0s5Q%B$C5-=B$Z+dJe
zT9P_SNWK|$&qP7@ng^t;>XS+<mM}ucooXGo4z=ddqE4;C>Y63>Ykj)kT9q~(mKg*9
zu4V2zppq4FfOtDoz#d#N5=Q5mV0VoQ#8UKKp@WdT&Bq7XWp4qOaW67w<I!k1tcqLS
zW2TpnO43!9=@4NNnqy(akA!~a1w^~&{*{_!ehT9J%-1eD0N507STBtcg4dhwIjf+m
zwy;gZ@ek4fv$Q``1p6>J=8WMR`?cXj=%`O-P7<K;aRc}C(`>Wq0mWW)@Xs$=0L{+E
zkm+vbsKEJgD!Z@`<JvK&=5B1o)v0Tg?WNgwSp3Zrw7Uk7_X<|f0YrLDFq6y<8$(Lq
z5iVigUbQ;@9-(;A$YP)M`5S{EDmGZWs@RsE1FL(@A<pBwcq63y%S@K}JOH^{ct^wz
zV`UPR4e8kx*K8?)C(U3xtf`HlI_2uJAU)@u{XTK2LUfppd55I<lH(@X;@#q9-9NFb
zc!eY}jXxp;{mW-$zIKO}+FG3fMC&wS&b~4C7b`LG(X4+@e1K%sXY-@9gk=?V0@QLE
z904tv<Ea$xwJ_e7%r~FY<iMPzY#4f_dd;<4FUj%cC~!ni)eYOq^pGkRav6+VvoHL-
zx=iT$_>OC2pc1~PXw@p!HX~sMUfqI;y4@Hp+WdfSv-otAgvoup^oFjfg&+t<Ndc->
zbw~SAfao3T)ib(I?Xa!-m@ohuW9w6ka;UA#;d>8eS|R*~)u07!4P1hNeVr&9`>*ud
zHAUJq7r>47cz>ki{>YOx*SDhRUqGa2ugG@~ni&G4ra=D8!H8EJyycN<RWg{|UF=_E
zB#6X=jusV(fW^$?LjVrxi52^_UU$XAnUst+KL*-rIRsm@Ii<ThSoppkPp^@r8Q5Bc
zH&CjH;#9nlRic$-F$P-cM1$L{{>4#|1#IG0N}KlTtskR8%BhJ0+HE2<$UuUCP)6YV
zRqQ3hWojzQjn84Lfw1xikWooP<?~Q?<ne*0$3ZI=29EQQj9jwU7$p5F7<Vu?9SK#2
z#E#ti7ikpmy6Q#2E3l^`PZ#MhUU}_HyHif^gDl9o>j$X8jyE@XK`N9pFP`mH_zx?_
zh%St0eN|GN7pvZ<wc(D*jvMo&WX<_Hip+SKsK`HTXR1rb>q1TT<Tq`F>B~SBg!TEc
zokc(^ivLP=o&>LFV%|z2&mVbakZSzii$}=w76*nranlevDzyTg$aq|5Sg>a9qOp*W
ze($w)0e)Hgv_-?S$JqSe6Lu%W!Pwb5XT;!|UVzbq{noF<k|_w3KN3OEl2P@d%;3g*
z6j$?p71Me>|K?E_o?DMkQ<fcLmUwVhcZ4Qz@sQ8CXK3iPe;BaLAZe@ebO9@BKtBe^
zQxFMfg9=iPY_+s|djh=psQv*eugjaOyr!@MI(vYU`^%L{UD;4bu+pxTz*IQMo4Y9U
zvHlyQ!mL0Q%U<ifsJ)Co?+DtrgSGoBu?$Wf*_?)H0tIq&2O}30C3^n-4Ud&8XnAGo
zkCAIzBFzUxI(T256HTP_A1lW({ne}cPgK&Q{mg>Uh9eGM*SkM;Gsdc&I(<b#Qu+YE
z6&(!Aq3!Bd7G533*3e4u4*(Mb7iiO~gBTDGEpUCX@i&RxN=6PH=GE~qe|nB1FA&hn
zTmu=jW8VuzwnF1yz^nF7eAA~r1lv8`mE&B+k#GV;7a}S_4fnvaEf?VL-x=mcC-nUV
zaFO*cbM$N!tWJDL^sh*9Rvk;HJF>btgWKz4)Q#JmOX0-kkMtV041_i8gZ;7Nz^PZ!
zh)Ax4r#Dg~Sp`KwdR5`QgP>ztQDBF^(RECu$^FIwXe)Ezsa*vlz54eA=IRSJCp;5H
zOd8&ZHb&>xPL$v7Fq!CIE(=-hFqq(^8xs`Vs+7By^cd}2Y8sOwYkQq4BL%v57bhRy
z>_xVbwM?u1DvLVQA#xn?S^t)w)R%O=>gw-HOK&5bFv21RV)!5JbA)7(6meCC$f$af
z*|C%(&@Jps8^aFx;DbuBY7RF}TG8m;UDq2|8$jhmP9URKrPqQr2H`GJW9I7lzwGa?
z1q*ve*C$z)p8hSU;ku4VC1`P%t^ML^u1{6Jm`?78M1h>~U}cEV@=*aASKTw_*;NKK
ze*WZzN6)FU5cc?U7+;M>o^kZ&aL(T`T$nSdDVzER2B!&!UB?#25a5>J%2nspIk^j^
zhRnQhj&>y+*&4dif&E!DZE~2oEg7{=VF-Kjl};|xg)Vc5n%@TN_O~DPbUTtHy|6uw
zHw~)!Y!xE7GK^PzAYCdLW3N<1-yYP9yw4=hGmo}X$-K67rq#pVCVm}vA+%TiDaC(Z
z3+0=;UBD1^QXM+H32E|~F1dkL_4xDwvqTyf!rjcRJ#2mbE01pSt+(axTmb+4&agPT
zviTJkK^<vAI_Su*LyqI|7PJ|Etxi20Fb$TiRg}!B{2;z1<$o97tv4tqD1%+#j90--
zSk&7S{ixH2MbbZ755l{z2<^>O{`-3TeR*Kqhw7tRW8RT<^e+Zg5W^|YB4`tJJ2AAx
zk&7Pl{90qZ?X%~PQlG`r8cCk7Jo%B8y2<Z<tzWdXNX&K+LCZ?oaHrGy`-EZ246cGU
z>p9K4srqK>^wxVb4eWJ(zfXRR9QNqX<+r3O?glWwQ$ZjCsBcbdN)03K+nP2mf8_Rd
zL*GH#wY7mW(`nf=yHEo-pU78WS4Q9bI(_Pn&BedzzhB#iITZ$uRWO}Zr}v^xONLRb
zJvDDCq4F6oV+?O>eWm|4`u83B^=$aBt@Z$onwyT!wW~npgNC*sF)q6*{A!lU*G50M
z=x;Y}m?ixvYNF8*RsdMG_V2Qr;Y2A$2#U{AA{?7mwk}9!+SyJq`sW$=+n)1EZmk}Z
zRj1ZLucSB`kzy*yP{Q!n_(u`%h}(=`S&a7jG-a=eF!a%=h4k*VpX>ClW$R^I{c4Zw
z|0QwvGLCIK1#VWF)a*vN3WJXK)_gj|VYwHbG}UzZ=$5R%dz*LoA4mA_!zWOOZ#Ax?
zMKKCLK;0t@U=E_ns*NY!Ws7?7_u(s(4^S5l?AHJ^R)m@*l>nSQwEcQ^_3fMAANaLj
zgkN&vFs{ki)$@$eiy)~)zqa8a_^Y}uHFNjYt|gO4eYX9UkF-Ok0&~d%A=h1~k7box
zKp(*HMAML5d%3qZ?{D+`bN?jNc?}fJ7@N~(7UH;3-H6}<>8Qc#vxRqF_0a^>GX0mx
zhQGf0e%o(3Mg0!4j-oaE-Dt}MDVjxCn0-E8=@05I!6N_Mwtx)Y?YE6~*d0@id$W{V
zAd3kuODfe-EEBilF_A`7Y5ng?SOm7HHGZAoIv4ZbAZ33pkg_*Tj-++OM1{j^GC74y
zl>B27&t^X1MosxT-;@J`;LZAV9J1{+#QxDo=I@%F4@Onx7e<Q_qOO7yZCowyscT~U
zOL=9gN$N0cJ0UTeM5HN~73<N#j>qXj&^K4s>5<oJe@VZa$(DeS%8#l3UHSi#jIFt(
z2T(PcMrtCXCx<(A_gp}kB~7e`GbTE=*$&t%+7a*#*vsT7_3~LOXkN_j+j!H9I&Dd+
zJh`J<H5BY<z_=~_{*QO^4izig8pfgZuGy{JfC^H+2>^*qXKiZOdY#S=fwrY-2DDI0
z&wq&1uhru{v;(d<sFj}koKqz=@!9b@+6)(CAG1taQ#hPLVGmDiw{Sal-4tY&(&?FB
z-v|`S-gAX^az{S_7dICnkKT6BVf*O_bYm}2ULAIR`ywUNRz6U>bBC<}8$NC@$oOB_
zhQB5ZPHxd|R89{0z)sk4Ku$YQJC33Xts4O8Xw~VbY5gfwe?9W&Z$<l`dJ86?VSRRh
z88c(IpFfs+jfSUI=6w!ctM+ZIYx{@Yba{^mCYYl7RJ^ptjG@=T?U->Un1-zVMg?-Q
zvB+(iQ~$X`&y~S-{v9-OWr*}059UTC7wrwCiY7z=xFoKcEn5)X{}L<9Fy;G<Rw<!;
zaLEtDAE*?2VWMELn2tBb|3V)8IZc4Il|FEpke1Dc3PWRh`;A$s5BY(IrqKLd`?gc0
zf9z0AHDR&}s_?kKW&2zU1bZkPDYR{M1c<=wx}*?kWOSPOgE`~aH%`bF#pXreS?n6V
z@Xt)r-(?SWWZzRdE8W{PbL)<nifN{D$_bhzK2?rO_*2vU?O^|U7`AwH-)>YcH|mZF
z-Poezc{?hFo@E3WrgSks`garZ*KUS6(xoY5jM)_;3v;~6s63Or>%eL0tbYB0hJ^lW
z;r{wfnRoyUF*DfZyYV3&g-F-s=pht1Pp~fF;AHkBY;no`K0>g#lP{EwQXRfpngA^#
z7hKSK3I&d1Zep<S)^WUc4LFB<(v1H$*#DX}?`gU;ZdAsFpbD+$kU*MDlma}S$uapY
z%ICj6`PXl}&ATqa=3DsSBEl1DSu1lCwhTkPkBngBslvc4Xk(G(qPeYbV@|Y*=_Kpg
zj_XL%!(0&O&!MRS`t%a8u-+w1#lKaC{V78AjyuM6S_tHcY3kfs!I~;K(+U6A0oeMR
zvc?W?!Mb$wowRWYgGuS8X|QiQtbM2WnGZxZS2V!-j<@r{eaCHJgDJi2TT=E1Ol%*s
zpy!U4CR^+Jclr8reAn{9v2&7wxqv1AzHx+Fpfp+mCe<=X_s4&oHQL|O^JxdJbx|i5
zp%7VI<+u6ue6F+}Z4v5OfoMC}s^xBbCU`k^Po^cl&Ou30wE_DnaJ(<RzM{A77+tie
zYDFE*jRN*llLIOTm?ULJFnX$9syGCqhqXyJw|$uTnJVx3(PB&jByxn$f`_W1VaY%b
z64f+YwzIW?K(rnx!qdDIQ5Yl=${Js|Wo)qllq2yg4Fvw@0{(MRJ1&B;mLT>(1?|6s
z<CEs~fx3}l>r{0#SZlofSsJHGpcD3nEA{A!fNd{)%U-rU9p{;&vkctwMcrpkD5mVP
z%L?R!7Z$xQJ41a~lX`B8%s)_Fi*4lWDz6=rRmx9G*dP=0)~D3K%(P_B?cVMQFo!%K
z6<^&rX)&%g7BC@&w0g*Y9&g%`Tnka|0wC>q3LAgs<rbRL{P?l@V`WU>7hUQuY_onE
zsV1q$Hz3+~nwelO@x@2Fsg6RyEg+rh9MO&2YJ~a&Fa$75x=l4`-mhVMuJJDF!k+`<
zWbeFn>&Sn<4lLK+-9SG#f8T4D1t_o?fga)<9eP6(r<>GJoZUmzwr5+J*AE69T5lnH
zrZGsAE1~_M7njlrD9y$^B?cZY<x-{n<3Cq5%z^sw^$u>-aY0Ixwhg!?++!UUQZ^<}
zzT8Wv=qQx(Ofi1*HdSCXfWWqV(|^~p?T(h6U<RJ-t~YZBy>c$P*xS?dxs>Dhq;IvH
zyscH@k*2thx9ua?zs$=s+lU1C=EpX4z&5gXe9J)lj+gr*n%|_Phy#kloBf%gM`9<u
zyu3UVs&AfbyVqxqB@;TjdIcF67z%Lm=<hatUnbs(-t0U;#k(r-DW~?cyhz+u1N;FS
z-3QJWr+vM>fJRSR6lDo-v#G8Xb;14w-O|$1+f7?0mrG-pcR_#^TLEHM<m<^U+n?}B
zV_p!M*cA>_*6e~r63(JU<z^nB#>U1v>K3nCt0}>*b{dr-5FR!k`d<#iJK@hi9HQHI
z87PjBCtv>wcKL@;c3h^aodZ*xz@9N=TMk2u@@q&7y<a2^rX)A$3;6omijS3-%Sw`q
zTMw!Xi1><JZ>H{55|FrlYW>?^7v(>GONRr6>#?NMGc5}%=#(>@(BOu+SgxAxm!dzA
zZCcsa@^MBIR={|pg?d+~7lKWbEn#%uRtD?csZw<6?UIg@qwTq*2qTA9OF~-Hn+-ZJ
zYN#;9$IC-;Y!QA=>hd2jV^$zWV?7gn+pcAY37E5-LZnDj7&=2Yt5XHTPW0}b9qvHp
zoyEa}SJ`2rMkUv~`-%@jn{ia-4R$*5Q1j)}+kT_VtyEDRY4ZXxnDXl+6^zZ{vE6>v
zCg=hSq%WtGchMrMv9NU|YJg5o13s@OV$gSed<msZLQx%>dM|L3Bv$YKV>@NRe9Z!;
z!(^q~a9_ogMKJRr{`-gHFqebJ0OyGE9jXyxRj4Dhy{^dy8!-SGb-ywuZ!4t){Q5G_
zeJZ9~O4#KF&^T;HN%mXD?>_`%OL^5FfqB5@6R%4K7Z@fgmvtXZ>F?`10eaR(fSzYI
zDEBcp1^o1MdR3LFPnG=KISntZL3(3(x;S32V*7J0b8Ww3da0d|NF&YGv7Try>H$2d
z8q%bf`Kp{q?L`JK&YH3PjZaZkuRh5|T><pzAQ0SADLwIG+b@(*P3`1Hc?*g1gF>`O
zM<y%6$EG(`AS`JJ6-+o~IIoe~M3XfnkhSs>=B4dr&59~(|8(n9Uv{b+LXpuiG3qIb
zzE7}^-YC+&e*OBUk&%7DroOj8rgotYDA}64{8+h+g;$#94E*QW7)qns|9qCb%nCX^
zt5fnQ*_47HRG)fWGKw2<C-QBvO~D45l|P{@qIs?13^-rP{J^-exg>IfR-g1=`W<F`
zbYF9t!;>G%fDbh-`xr1&JovRfWOKM_jlFquSV+1uioR)~LY}V4<F1-<`@OI0j@HSe
z{GB3YX=z_t;<CT5Xvi`13mi(;1p*aH&n&onK}g_V<uiYi&D6SGKZt2Fk@thE!8f~W
zSw){eeAaAV8?PZWtdKhAII5|mmUCr$bIe7Ps&hpCGIfALMm{`$yGO^+e_sqvLdYi<
zl$oCslDOz{03!rk32%@<D6>(}bw`+ZV6FgS4t`KbqM;Wa`LBHHU)pF0rhLENUiXoz
zs~}WI=EYV5W(PQFKaZ~fPKcPdZ-0D{bMC(_4tQi^R##U)V4-$aH*SO{LWy1yuHza)
zqN2r_-L`DGRjYO@0Q~Fy>6mtluBoXQg{0IOU3tGf6L6H?)Se!8Pjd=>udWnv<t3|^
z$!XNTQhtA~Tj=h-C16)W(E37soG5N|)DM~*7wCZVS9P^=BH91Cp`l?@k`bu-0f%cI
zpwv(%o;acA=H_$Dnr=1XeslDY$yD(`u3SDcsO~t75MwcG0))nX^ARb%pOj`l?{uMn
zp2a_`+>k97+!DfA{!{wG+^PQ0K{LW4fY6`PX(>mHKcQ;#B5?DDzzt>TBXKq>lQm3Z
zZ_P|cO}hybU@Ve+c-r{{%?HDol-88>;ie}U7!t;+C`3GYrBZRnMLQ$<p`oRuYb*bG
z9i&rh5m$@%OHr*Fm+RCCj{{~G06s+xZu+^-@}{&3s01C1QezQ7!S-^UqQZu-MKSXL
zE6C9gM`~NQDr)$xjqqSQD?lew7mQVm$8w~tyF7TU>rj|}$?2$n7N>0KEoENOT|U3U
zC@adcI!2;E^RW^xou*DVk$Nk_KZ4#>0EF%W!2DMgCaE0_dDez5H8eIx0A}v`&9zph
zcf^=_6x?qq%jL`N!IEG*ogA3EwCJvnjyca&q;cKGG$w_ATzk}2S2)RB99*F7Q}CHY
ziaUJa*N3?Fr9)HY&A(orvsFeuy0O=w-LLbTTEzSACi^vvje4K6#$8Q$K!-$z`>!Xw
z;)L9^v$r1u{lTBz>3F<jr)AF!2EZ0gEPp;5rt%{h8t9#-aw4Ar9mi(?ffhvH1M4U=
zHCUZ8Q#NrP=?KbWs9cDYHBdtrUdK&w?mg$dQNt*w0m@~>Yl0INNWEfG-BR;iy4nc2
zYS$rvl^uP`qE#fG;<qY9C4}bmndJlZk4L6DGehNn4h2xbuChpMU9PceFYJctH<onn
zM?)|V#;N)Fi#Kog8o6yu#>XG`+E|$Y)K%o=U`qS|z<zryq3twM6iq^8r?U`O!GMdX
zcrY@cU0k{iI+HB{9=lI~Vpv1kssBD|?bgN;+~56znMZ86?aQE`J%+`0QCtPa(0Em`
zaK_Dz<#*)x%y^GuiuazLmy$-=sK=lH6qCQZyE{C1VVk0H+5w~Ih*GBtpM)AOZs*ub
zu_}%0>gr?d{t9P6$;ut$qP^TdPeWRszDtmHe3J#QIFoB3ixnDBUWqnx3a2uvQAx_=
z1|gX^ThQgv46@w6;2_9emj8X%5U6>0YwW*HdXnI`v9Kw5as0~{bhx(LCO#J_UFtpF
z6z9?c8GP=&K`m4QoW}yy>jdY%z*HiyZq3NM5Lr~YoIsCx6_3~Gp^5iyOR`V));{_n
zwh7zIeRko>AZx$t)BQKAJvWvu#aTA48d24rcay?$KNq6xovW-Iw`<e6c^nC`bfKDn
zz-m0$c#IoW)Q1KD{8PAeqGyOJx77WO5uVMv&~!O`VjU=7X-ziTIazN-Av^LP@w>D^
zE~yT3bcvw=eP}ds&Z71y;hp$-(8t(pBc%d-nt;fskstqV6%?rR0<OE5$z}1TT#+$5
z+KKD9NnPBXj2EtjD9xR+XVa!4(!D>QWKuc>aAe-0rFATV_`I%(gdyGF3O{^~%os`p
zeo%x$r4*zWUrRf3^eATO_#<@Jtpx7Rr>(ii`N$V=v*0uJ&VCE_$X1~AtW~ZMPG>8m
zxVPusftF9d-H|W3wnVLGSfQt<Cm=G$`8yZ9k|HA`uX%Zu#hKLDp#4GVh)esG>b%w@
zGa_$cSsAA1MnK;Zey25C3d5b0M?dx>p(oJ8ku3Oj6F<vTKzmuuMmU%KGKkn$V}So~
zG0Wm39$r3;%6nW4R($E1fR4VsRF^5XPqN~Jr!&^*Hr9}h(CyQ3noTaVC^Y=)>kONG
z@+EP>Ghu*7a1VABFd9ni*mMr4E5~Om<N^C%pe4U@exW(P=Co4vXCmC3yqnEO{LvZh
zUrOs=OU)~{yKgr&901ZOzzDDjaMhz)1m*jID#<n_hLyh4fefr4whaiO8*6{3ish~}
zTS49McyymZ4oLPM$#3)O=2zC|LS^c6kwoD>-JfL>$x)!aEnn&Svy&lVg)Op;2OSkY
zGs1j<R*g3gS32nA*_!5qHt}qzT;7l@ZT6ba<k&nlQX5(#PGzzy8;>`GB)l4i%~z64
z?zRjL<{}qb<VL|wK=0(aH?DjhoJWaDn@#@Xcdm-z%0lX0A#mIna_1Nd6)~1DxR!y_
z+-X8!SgYl5?nTQcE|yfeBe({P3;=9Q4zQWWU>sLPdLRLEu>y0uQ03KomSu2@nL}qg
zWi`kE+HbMb(Xo|h^QV7}x6t5&n%AH&BC_}Gz@riO6&%TrZRV)oWLj`v8A9qH8alRD
z>1WmYo5#eN+`_7!S+mA&@k5g?pLgu-Eh|d$xW&XJoU~O?{hL7rDl$cZlTmDNY+u(t
zm<w52+JG8cOn;}$zY8_pV|cqCLnijgfsBn;tCOAGfn+V{Ix8F7UNeI@(+|hVilCD1
zi~H*3iAx(q&uV*g<=T9sNAFY~R}(#hka+139X8@ZL9nY0tf0l;2auX#b^R=#OuqE<
zx-mLs1<+FA>f)6eRD7KGO73|T=MsjcY`OA)CSVgM0IK_ads2xk?#rNexQmi!42dyP
z>b!o8FL}TyS=yCTwcIWiKJ0k$B8;ILr{H0c)M?@bZWKoGoHY2JKH`|F(rP%U#5&~B
zowB)RBL~l~x<Kw7X?id*n2(=m-Mqa4Y9m_}JvTed8$#uX7m(9w!Q5|*oY#YWiMfR>
zOzSl~ruQdac<?|`LYeiTqQ}laVRiB(wPPYuW`UO8{+IZIe->y^omS(m_^$VB5O+9(
zyd_3!V#3R{TjI2iKJs?j!|Wx6DZ(yPQj#kuxO!W2Of|?yiGpdp5`3}8JRNkw#R5B<
zW9gR6;F_nLf%E8t+N9m67URa_j{wL{&-w#N=3Vk;yuF_&z~E=%GKRA{cVf6K?e0^8
zmDUue=WvxF9|WXCXo7f~B8QiHuu;RaAsDcSp&$dmrh^KFa$Rd#1d+kKOv(N7E34>g
zr{D`{ciF)?rHzL#aWh4Mj5WTX*LowUNw7z&Zny-^^_UmAKe9LJX9P5SpVn5<=*!&J
z&@y}RhbH$3okZR(!sFj8Fy&fmBza*+9+_qenjQphm_x!%8gb9NT@pe%`n~nDx6xcS
z-V@Uu?GJiAf}Pe}=&TrCovgW&H2CP}?68FS*QZ1MrP>Nh>Fngy+Plxurk+U}NfLSp
zC!AgIIYy^vk3hwqrI3h7M0q)b3#csKUE;wiXy%C{SpteRLI{2G-HC|8meuG)x0~3+
zuH(n$6#Q@(#{q7Vw*=>5G@3?s_k^FER%^cQxsp#erm&pI-<hE)xv(!Z47PJ`>`EY|
z5flRiD16%qdz|?2Dt5N_4k!<MC7|OG{GGT;0xLu{(6D-&E3N*cz><0CODqZu`j(mO
z{elvvm4d``W*I9qP#KBGZ?=TW8hB;~=FwunzgbcHEF-C&Qg_c*;D|{fQt}hmM=FhP
zSUz1GtDs1c+%1ox2zGvZcF<(pW$ZeHRMDo>uC=oI2s9GFny0H@zkV5dz|6fnihmZ`
zNCXtVn_=KKFZU$PmXR$Lho6oFP~2Dr<tC^Eg;P>c)7jE`fx(}(G8$Z11ir0bmZwmR
z$SbLznni((O)fl&uE#%f*H9hH!Y4vpEt_J`d0d#iJ#kGxm9x<Tv~9O;85ePI?}rsw
zbhTF=#vhk;dBD?&Q!dNSb`*15hIoN;vfs^P<%|Ok{kLO2>V;+vq(LH^IbVU;S`7PE
z{%A2(nST$;dxfY2!I&3BvuUShQ<@WGS{JW7;tkjOK?_}y|Dd$n;^2lyA;B<f2Oi+0
zbCDjUpf#+D-)d*duH~sSfE=~jy7{=IKMC?><V4DSk|p7N_RAJ**241iVdt=^$cRbz
z-mh=hUg&MiV1hAT?_a)n@kDhhv37NEb!kU?8#y(g>eNVGsLaXAQy>Lmu+ysUKCb-J
zP({xdl;`}ZXq8cOfEGJZ@n7+SdMjA}zDQ3*UZ;wonZ&5O*dW<hj=F!cFb#%Cy=y8~
zCO~;hQDU3S=JrqnS=M4WBSIS*)InAmyEJ@9+(B=U@5Gg3od5}dHR$Fr3d$%8l~+o}
z*N|}wGUw0NHwYNi%2UC~&f^;jeNNRsf0&{6^7!0MspGKpSeCt~cSe6D#@OZKO!ejl
z`7D>+TJ`37s1KmtH_vQec?#-H(1Nh}Gb;_+es;^gz*GS3nsYd+mU5gMo(mutcK890
z>UmII`L|D@xY7lKY;Kg6(RnEuwZJJuT-51gmn9z@LnQL10C}5ij5F2gv#z&y=6Fg?
z_`-}?>PM9!QI1EQQ{`<tPL*w}B1{|LmE?G1*Jikblt0)rR9bLLK`Z#%9j~ePZ142_
z0YP^Js6g!-!c?l*z~;66=2<wNOrI+me2A2Pu(?jG3203kD3py^0A#Vu#yrkp7#w~d
z>#@00`YSYbspRhHm;;zU*bk`|R{{qL+T?>;2Sx=E(RTJuFmI@FZuz`$T-EY`hr2fQ
zucg4p8l~P3micep<yI%1dzYxx^zsW$on)^w!SyVlr1{0{e_GqH8Co1-{LaB$cCjiD
zC^nu3r|7szb@{BH3+PbGU)O$Y`k6yd;0?hpD^j8O4m+R;ZS&wRk1?(EZUCGRga<t!
zIBFgUYU}4R>Si!+Yt*X2puU{F<2ijsCt2E2ybRQ86IReUMmEW2d;qgcFSiMb?}d&Y
zJ?eoA&ajym*JQG?c`j2wLv+6|c15vPcyP+M0yHLptS=(czTxVUU0Wb7{SO^oHB}kC
zawrOmZ8aT8Pv`c5uQ8@B&)Ij>^2o3CT7*V8`%|z8nX=rOkIEPv>+z>%55JEQf*_vW
z=j_Y8LnkZWs-M}5Y+ri0eXzg4m>TGy2N19`&W>VCz}UE^LW@Csr?Eqbi&xBE>b(en
z%;7-0)^~kGsu>!_fg5bR)sL+E@zbXRMCej?^_xm^Ut?A7$B*H4DUXa5LFAlW{!!lj
zeO^G(sXcs{kIQxCz;o8MbQl5+VdCE1Edfx6&}Vz%X!k_Ns*0rN!UGK8vmF}>U}6RC
zHr17XDOP?>aosJ=b+t4=Lm^cTedx^DA8OgWOO(M)7^i#J4G+?8de+$CX0sT;5&*(3
zR&0>9*^{G>cQWqV^R=CB%pP9ZQq*`0x(1kYoATjmCMK1j=>Fn)&eq08`kwSmIxB@V
zr08O@7oe(a(!udG04jdV+E>0*D<^+!nt2kCJ>=fMoBRK75s}`4cqz$Xm*^7t7;5$|
z{W*v#_%ICbLe0%og6=UZltJfcpa2yemO=CJSl;CrkE+2uhC|}#FH{2bc6wPEr1W&M
zvf+etRaX;4e&A_NJ}cMsof<o?7nsU#9G27PaAl01am0yy)SyMEg2vfR*Y<(Ic2+_&
zt}V}Sb(yElsooy9`FSVP`N}W;{JVGWCNK_G`659PHoePexETUV?Y{0c`-Rw=mM!oy
zQ?zKUdSgj^{u_(-E<9@^UujK?z_yxFnHReI60D%?DnR!+tGHUxjC>H;twT#td3g4V
zQdDt<0T&7Dcgzd~)T7UYBS~dOMZph>t^~AGjd-$7H*;5ISKP?pqXmYtDQ$ljIHI+B
zZ46!?$Yy#!We`w^xR5Fd6Jy=4kCT%<`fL%ZF1EHGac2IuT<B~=iy(t46F0@-`Z3^)
z<$uY^MZ4OwbBR7TRn2xSZ}en3no9v4B=p39^~$c`UBuOag#<IQZvX;a6kjl>FpGdz
z<n*+iq~%Y;mhqtx;E;`iutK5hIeR8YlOokwi_mog;NYJEyHjN{!5AqA)G1~y{+vaS
zvERy3@|gd|0uKkH9Cq;r_D4dde<#tPyl|qt&?NXI`tD{R+t+G0X6-WXkYJvTm?NyL
zecb5kRXwacuBFWDzk`&pnZp1Zpv5%yqU^+Yp%z$E0~J@PKi3qBmMFC0u?|K#+1lnW
z2)CvvDP<eDc-m#aNQ+ZY?1KI5YKt7{+Gt`k4pL3&wKNSzax&Zp1v~yz*b+EHD7C!0
zo$uX<$$2+!IgjjY6Qq6-+oMmcIdF1h&u|+D2Zz=0*FeH}iI$#;AkEPI-71#Q{wrJ1
z^fA$X-ZJIPEJc!J_hAdmS_{C+HpUS*%(si`!#EG`ThftcYYsz0y5@~(SP*`Yk+JPy
zzV-i+juHgXzrO%_XGh(Si0acazKf;cG=)aET-xr1AOuTIS!S!4;xDE4Thu1fz$2+U
zfih!!(EB@2+@Ge-<2t&gw3&xHb*L?v!th{-Wqx}ftpEAnzu81nXOx-7+?=?ksXo`}
zV=yYl^Aa&z1qZ)<m}UxscxF=q=ZBm_T=RW4eyl&&*`YUXZ8aWq1^H#k%$yIjmM#DB
z^kZe>{-<<f`k-q%D3B+y4$+be&LFW|xs>U){Zhyt2J!a)f$q46mc?f#FCeTwDwE!T
zV}%jJ#!nY49-yYFugQP~a<e})y=|QOvGO(EF@?yzuliKIj~)rOYx`12Fp^QnO^3?%
zo?OjPTvt^~*<nGb?GrbpC*G2{`%2@&sE^R33BUT_Po%@`CBFwoVoGykOK(h=<c)$z
z9z{o@4;CE3#!J^jm(A`bm)v6=86Wa{u_GcVYiW>ky+k#pS?c9`FIUauJrbT-ms1mw
zj;&GKrYq8`sW!NKHw}}Z@w7L-h#R#xWj$|EjO%brQ}k=S`Dvx`Z^dwErdpwRWP7K`
z%%_Qs2M-=}M%HW^T-B2MQk848QdP0s#`Fa1veGbG<9F&ES@ztkyNwy{^V6aN`>oB-
zn2YD_AGwBSTURBXmK1g>a5rB2x>PX#F1WM2s!Sh3H)d@AFqiE&KmE@zZ^SO2lUG9k
zS}w=6yD!S4-kz55Pl?1&-b}5K?3%H=!k?h*bt_WYYjH8cvSVg5KhvmW(r{(;dE=8z
zqSC$i8L!1C^3snOr!e=IDfCW_;{skQffD!%fzxn<w3*(%`*0-RY?*`o00?R++CEw7
zwZ_c6MfYG7!k<egndl-Awgq5}OEXiHr^;oSS0J={nE#SC5E&L2;&7s~N`a(YMd{h=
zpYmn263`hiUWhy6Gj70Ts@53dSOA&55=^;_Jtm^lla{19<5x5~Hm2VF*2dxfG^f)2
z{v8tQKk+k-f!dqbdw%kGN?R?BJPz-)N_nA#u{Xy1Us}^P<MOEFiVGyf27-XCfJA#n
zp*`xWbx}-Ywlc&(0lKOPaJ9BKTDIlr1*nkyMIdo|0khURm6n~kOkpD%3*|~eVDq)b
zeqIw*q*BCUf9GwOi|Xl7yR)NJMC}wxPImGpDJ0g#E&<DLRAm|V8hxZy6L3z3zVW1h
z8V?)ohHa1hJ~#e6NgZiqoH<-lNJng1?)IM7N;=nrHKKoXq;*&Z)eYp$D@a-{EF1<)
zvR>O1Yp>ZO>UCpU-`_G=id%N-tk4;u7(N!JLTrz?zxr{R?7Y@2Mc=E_S>@7ep719F
z68HOI9nO=trX(LEPVKL}ahy)wYJJ|*QkQTOI&i;wv2=dU?2Ux0rnj+uqqOZOBhf6S
zmC*A&IWIh(ReDUspFil-S9*0%NSx5ltC}%yU=~*DHQpbMmSEZIi$bndTwh!d4lL=g
zU+^ZyqPcEw<aYVZ-RWK7DjZVtP<-z2a$K{!U;y#mHRBb##3MAqE1RwIXWdX*d*6xD
zhZ7NpEza8YJtRk&CUhF%e6w>0tBSuwKKyX-SY_xDvRFjxKq&^1L-Dav$*gZv3s%2@
zdC(v(7(E{J_&gdO{Yg7T+FFljGEybbzx2#10wv9WeD;h@_Ppzf<uZz?82fqCJ01>E
zK}(HSpoOYP0UUpyw9#>y`k}eKYMVDG&yus8miFF6E=p0BKk1zjoE8YEB|0NWr@vdB
zOm8SsYwj>OmA6KCCK8qhz0r!hyKz;O`0!OE16I>J=3v1|#xB2&_*?$uw;v}Ec_SkX
zkt3DbH^-)`_N|wg55@YXe{d`PIX{1SvxTm4puj(qxGpgVfw}M_j=TStuSm<2)gOhm
z0oZy9`}~~=9Yu^ORCZZMOlC)S*GWI&K;K4ev2JrmjMdBicdlxtSd=I%2P4kvnq8)k
zs+}?6W3e&mCCazFxYBASkfrGN%?mSSF*UTmfMOsP{pJf2fi1D3u&(@QHnPMZmy59a
z(w1*#$WbrT)8$bQ`8l&BV6&O6CLF8>@M`_&QU7T>_QKYN4s;iv%SW^Ie4qJIE9s{l
zjuAGSXYU^=gIAf(Z75kaG|B`f`Ond#8&RR$j93$u+>fg9h_f)$(ZfG~xMOZrUaM`E
zZ*-c@7CjNlQ_;vLLFl!gncl5!>=Z17W+U30uKgfc^;cyE<LDPQDe4@;(^b2#yq8$X
z<7sSbP@Qb_Xbd4V7ySILR3ERs!O_o3QaGd^Dk%NYsdH%eWv{~|sWK)}spTI;Rg=R@
zrcRC+F_FP)?dXct&Hmu0#m!%B{2lwo&kGTigdI`{<MgZ~rNy04ac!jy&km&9wO(>h
z53AuE(PSQD?@w<;B5y3l*;|e#3tXGZ6Edevz7!pAJiWkE4Jby$_Bpxoa1a!U)4p$n
zwJRSFj5mrw{Rk3MHdUt%JARZl3yIt86@TZ5igo|LQAnUJfn4s$G^Qu5Lw>H!`V-kB
zB4dgqGI}Xkq74h`+G7&9y;l(RIj`~W+ZSWIxL;i1FP&eRx2!|(cXAZ;I+4zNJ0qj;
zylzHUXm^H<{a{)I;aoyiOzc32J9*^=6Zb3R-n*N_(0Wq=V}X@GUqU`M9{)a#Og|Mh
zXtWyt`SwJAx7FC*<p!Ydi&~dr$R3HHn~q*vT`soDDncPQwKU}j(=kW5n#_F?URy(F
z+_e8929Y5vBuEtRIhCj3eUyA|c>denvOW&aFA)a4HL9`6Ni`awxZCJTrv`eDpZ3cu
zCj(0PSgael0qaK%qHXqU^@pZtjG<8}Ts;NkK%585G2ZrP`;AL#ImaSeP1g&%#Gp0F
zP9&Dx7+A*MY_a3FoFponi&b4Qv$z04`tYROro5_j_nCakcc`|T<;azUK2+V$qa-Ov
zu<Aggkqo-el;W*TKBq94R9&sdqsU84o^WER3|)Z6#3v8gYqX9?Wz?;e-klvRGJkLT
zNuEVIv<SPT&g&bjbzp<xzEP$B=E}_yGE3%lb8~ms^*ch-GW}0Gu!O-)vM9rN<FOG(
zFYm`21mDF;?SQlbq-pqaK5?*{a!N1xPKmFG(;L5&%N?0-&8}mLh`JcNTzJaLaz<XO
zGIFCZ#yN6~f2g%9P#L0Y6ym+Dl`;B6xr-0p3DHp;D#BvD=i>kH!N`>~cAz)89RwJ7
zJ>{m^zUZjQeB-!B{?=b0Io^Lih={{R_6cVx`E~7btY#t$f{R=mgD<t$#I43FyB1b#
zgdUK)4DV^@ItB==9<#*_<hHz3nbne86`nGYZpxika*xV3`I%k_Ib+!wrAMD4QMcI=
z*?xbS{k%s8!;sWy&n#idNF<;#(ml8(S5BWfbNFYIuBOpJ2^H6bS?3jOhUh@)_vnw+
zdq^&MQx6^c?%Bj<<9|5P;|yXR(OKc(-gET)shgD`xnU;Pm?xy#Ks2lDt?IW6D&3eI
zREl`b|Elv!u-U-a<HBa<$;@7~J)1ngUnjo1@|4}XiP-{89GZEhqR`%jobs@Pp=0nM
zU+!|#yeILXy%ATf&vdv_2`raUbe)W|i8IfO!KmPtU*_Ik`LbRx8kI0Jc(H2bNlmh<
znJwK$oQK)^d)VTSn9U>oRgJL0=ys?<AHlv!heV&UuK8fF-qrp?wprc>Gqm&|)D%u<
z1UJ_WEvTDpTjE*6`x9K3^TS~-p2P@CXmq^z(;5Hi97lBFj3#!WZw1?9+ATT0hS@VE
zhmeZ*xPU#V;`C(opfRwy^V&a1{71BtW)vy6?CS-k`Ut7-u7dXBKgM6<WuGDxG@J7p
zS|sk3z#DI|+?+nlE)Ag^Oj*@q5e^RWe=YOvmCP|0)N`M%<W4BJYq5!mqxW))f3|47
z8%f5aRzB`Q{ql@3m$lbeFcV5g(s_ZK-?GyR_jY15LO`sz6<56)UuM57H^%c8hROI8
zI8Uye*d>DuDA>~}vO<8i*va_MJPl}#%D0|0H&OInv@uu6l|wo$ui!5B*DHiZ30e0(
zG|_MM?_#WTG%NLENLaJNtlOvIpO=Ux>V5+!+O*`_Kov<&I?Rolb3M;3JGW10aEY14
zSn>XZy9Z+G9eG^w=S=Xa)<s@4-<Lt(A)n>(r!^jM?D?4!CrsUX2Fj5wstSZyGt5aT
zX4AC}hC?>z%r2izn_V1%OIE(}HTQo>q@12N?T(l{+eb+d51j0<9N+Cf5~7PO#-&Xt
zT2JT?+#SE+w`rzSK$#X_E?ZJRNWxKYcVjvG8|3!~4d?py*Oikjz_gat3KZNK=Nf`H
zznLZn;a5q?&?y`5KBlBcrE#vSqELV2gqkNQhS<74va>Sq!?w08sQ0?O3ze1r)+Kk!
z3@hA_tODV7TdpW8-;6xz2e4BL1G{vvV>xoIVL=Ry?~=z;B}oh|*yGO6*tO3dDb7n0
zNrF6=n)I$)?CrmWJU>nR{$7Q!DyqrRG+S&G;L47FNQyU)k%@-{zY~SVo1#?sTM!AR
zl`Fk>osB(pSRre9uG~qk-tZAWdowYwsnCKS0ecfQ_XlUl1~2Vn5w<s~@T#-Tuo?X{
z1i@)D%8qbLIxHVU3J)M2goFy{m~OOi5yt!6Lr60>0=~s%_B&0>T#uK|4nsRT<8x*>
z(HMncglBLh5&Gq&wEHv<A-~YR!-BuHs;vobVjgVZw*nu`Q>j;#LpSL<7cRIXYaW#}
z%zKi~*Mx3@4GH$$+)WvK7T;?6CUg^e14*E?Qjn4H$tww2Y>h_CJ|d+!Um}CZK-4nN
zhWUd8%5yp9&9$ZK1~%uxL#$VkSd_1E_5>GBpn=>4!7R(Pl;2mb{`^XZ89%6i)D7A=
zp+hVk=1d7$zW1xN`FG3uu>swCE62`iZ#}<)Mn{hMzD2E`_jZKqEP}1-YN^?-i9LQB
zcY@KG3TAk4yAunS_g5Fzj7=wI!{gEtEJQo2=0w=#hjoyU0cOeMyMp>&<$mS+9rnfz
z=}$cIU5aLr>yvUwa7|<!r1a$+HOKagU)4@I8DU+r`#z7nn|WSIj-2JogD;ataFv&0
zs>p1Tw|<(mWIWwD=Bu?<dGJ_a3c+f1)zLLz;-!xSfx{pU5$kABhh=Sn{MaAKR{f}Q
zYHB^t^;%QiVHP{Qe35Und{w1-@U<I*UpnftU4urQ`tne_P{Zi<U)y9_Vym&MFpauL
zNvn84x^C+M;_a6$nmFu*auV)r#4$(L-sKb-m`hse#G*$`{$PXuIagznIo;T4ejP=T
z(gt7RQ4-D~sAI#Gx*O!tl=Vs*LjSN9$qQU{2p68rR-|{zDXcEuZAgZMSkTA2uG7^8
zMUjA)&O~)3-jdsT)+HPt(serc*Ju`*aHd=iow%@F`~Wt3z>+e71?isG7TxhjL6K?)
zC_uVt$)rdz=a_Uf#>aRz>3laaWW2C0CTBycEl!EGXnpN9`KL?m6bkgAz_AyGsh9_!
zr#$1!U&rK{8cde%9*?i$DBPD6@u)Aq8i7^vC6-vnPWfXe=5_(vRnPFaOq}^L352ru
zmr3WIbA0GOgNXI%4Ylktb=(21a2)3Sc2qE7CBq=zE7L-BXH#Mil6#ShMTh8g)u!cT
zaRR91bA=V49gi=ZXbyTrT-d24x$Ls?GenC8kpoO?uVHP~UiZ2FP=!N+;=W6p4F#Sg
z#;jn<cfJXE;lR@Yr|t$dZO*o*c=V}2+9{_n$=;gBUGRzB>sPg0&EEPB+$y;fUG3>P
zI~d?0XIXzh;A}HlrvGxn&Xmhz7Z|s3{;%bN5<5SvQ#~FMC18ZHWb(pw59x^%Z&nyJ
z>6AuTxi;I(_uy>$ysuJ<k#Q<sv2p5#F^@nOz$a<<tsr>oct{9^G42#YaY|!?r*Eer
zZt9(@v88iU{mx)5*-PY~t79HZ0-<KYcvdAFV7d*RKB+U{OdL#i=ymE~{&{JjVqvj<
zdXE`tuDH>1a`Yqt{|NgPQi_Dl1CQKsU&<ho)S`>HZgIDaOQO_EH>xZ&`bA44&be!m
zn<28&Nw-eC&q98ArAgOGYI*)LCcn~f+Q9c1;k-Hijs_ePy0Pwx6icS$3($?Vf>@8w
zT#uvq(u3+)_l<}*X1(aOBzf@^c|Wz_U-xr4+_tM|guq63eXn+b8S0_)OR3BXXo{O(
zvWRo(bHonC=ctFA+g!?F#-LhqO&S!CXhQ|zkq~Q8X11bM$BpU?DZ9Fd<o#^&0Y-dt
zY%<pK^Q(vr!FAQvJnRU=xsm-r_gL>s&scdg#Uz-1!<IO_iP;!L%hI$%Kd_qHSL`fA
zN0yaTJRp;t$Q4nRAt&jJxngs>9yRQXOiIi4bg+*!a8@)$I6D?CJzpyZC$qRRz}@$@
z(W_W~NnvcznT?sK1P$><|Et`>7UbNp=Y?WLc-(?*oolmqTbKBz@zt3D>+;&gNzl-A
zy(7;rP9bH%zE({p7HXBUwa62FZxw1?Q{<Kg`$|nsSFri*S}d+6@{XM>AbzpKE}Xq%
zP2Kv`E|WyBM7d7}G)t%U3DN$lN?Y<~O$PVr$^)yhxI1IbSZyh@=-Y?zVMV4X)CHBM
z`@a{o=cpj1!>=B%R_Mq3ZaKF|w0fvPWQH?4yyW6T%vs3iCP;kDAlB&s{kdk&a!Fye
zjH!}8xd5CB@Fyp3Fwh4juNP;pj8=zd5@(mbsfdT2qZBoNLC#K@H5}g@A&|wzxP(tG
z%MRq4RsR4ygg>|*^049K7yrmaXSLW<erTF8CL`aaHerO=Ve?{plSM~t5Y5h%?;Iud
z6VABlBW%E=N})8B-DtYq>5+sK?fQ{g$WwrqnlZT_G#6srUzxzNKhh@IJ7JMa{>#(v
zBF$^{3n#Rl&3GK9+pt~lJNe-6`dRX4DxEq%u$8-70clP*9F+05aXfjnV)^rOlTRhj
z6$Pu0`Hr`%jX^Ae-YL}TaQ_$isplXOBkaG9h^Rq%pnAJ~=I$k~&;^Ondm@Zfm!?~M
z-#BPj20i()@pd!U(Rle|)j^|L(x&FZl?cSgow6Kz<YzvghlW$Pp<pE917{sAhW#7d
z0#M*lE0dkE&1u;Rk?v}Bd~o%>+L7y8W#3x@u{y|G1JKD!?a7rytL1lMh)QyzJCV8Y
zosQasPVsOi<N*dtbwQjxv<{&y8Xo5tY}%Hn0SnpIxcbt7|K#3+_i55Iw=*X)bB$+5
zqxhNqQB9$;`qs&QND%gDet<En-@94f##y2`Q`(*(@Z*#uTfP{cRY4?0{$ZSNZnbPV
zzfGp)E>xiJo_d(gMkk|4g@t{9&uYK>&EiS+%xmp=4@2Q5V!nGq7;;@p0&^36H#$4A
z@<IvS>n#d{(Y34HUwngSWYx(RRu7DHH0G+G((&--kwL@5(N2z(6PNP-Sg@RV<s~s3
zM#AWUY+VcS`E9ak$w$iZlPR7an&s7GKip=Q5kaBM3wOe60=AHDMd``YWr#bAW&AR5
zFX+1|a#qODa=f7Dbo6t|Q1ZUWC7<@HdL4-ei8B^g1>064N@ScPWr!E_5YkSQd8W8B
z?Kgz7Iy5{C_`Y#NK3Nrjr()1@1LrC(dyqU@<L_V~3JkRjwvC<SvW;f^*_9>h+*J_O
zcI7$YyBhjtIKyVaT2g+q{IvK}$Ib!VNe{U@@iI9tSKr6xB|&Ge<W>yxUk}oL>%zHR
z;PR9KD2K0hM5{pbR7~w3m(0K0E9dw<iYJIvh|aG*r=srPz@53UEC!v>>I|4y5n{h!
zdX?yveNcM%CG=r%ELWh(@m)NtxXt*-h2Nfbaab<Zg<gx8+Fj;{N$993tMx_2w&E1*
z67c#7rpOXZc@$%u!?gQ{g9-CTq1lY5*H&|m7Fb|eDSf_)LG6u$mFm*jtI97>K?!H4
zm^-spPI0^?ovpcE?T%*eD0=9a$H-+8QK%~clB6Zb7*NUda#FrclLLLt{6<_H-un~7
zOLy)8)0Ha-VUValN<{ScF^6?8@JJ1tDX%i5SdW`10*|x52MGyR#+X#czZX~U{+g)?
zpDoc$mA-RzW{zQD@SODd?()m@k#a}@*@EQ)%_Z-9qDdwZu8Di%R0O!3%%tN@>&;@t
z4ZGkgy?csx*3H-iorFjFbhebA@tb4%v6kdvdCyb2+FMws$2{4<f9=EiiGTs6opnuN
zbCi_RARgy<qfrCC@;+m^LX4|Bi{@G^aVL3?w$4aR4x)t@oUI83GBeelJL`xx8_jZB
z^U#<V8|#&h8;)&hv+gak;=Xv;&??jBQnknVT?)_rE{>?%3<y+ehT53)`x~tGP37dY
zDnZAztp!)1OST;`#$Gj=M-Knr1_1|+Jw(r5S0>n{qM42T(zH$klxx{YNN7-MTFC7u
z?(_d^?XAP2?6${m1Ei!=y1To(yE~*Cq@@J}1f&O$?(S|-nnAi-kxpsp-;JJlp6^l4
zd9UmBnm=#`=H9XP+Iz3~EX;DK0MqkByg+G>s>OB>DaI2Q`L-W{%ZXpE42A{}2t3iz
z22Q?}#ocD-^)4vvaNG&BS7b(2tMK-2>2`-1G>ty*z9HCPyqcM1+mi2x1)VOSww>s`
zs6HrU|2{RnZ>lmWJgZqf6Qtj?w1{!pWV4Ajo4=y)>7&*(R~UEc>w~l}Bi;L7Xws~w
zjxAoboWo4ZD7Akbvh2iX+g+Nf_+%G}LAf)8w}^^2**O3hb^9n8?$yP)*SM2cxv`J!
zMuO{<nCC=>&#f`0jP(FQb0Z1r#*h0Y8ixP0caSyT=BmTb$!??4Ztd#mYrC&mTg|A6
zhKp+X{t`w1$prX7-~i(oGQ58%SIqmm<LyTJ!Si9L@I`~X<f|pE4iEa|r41H^_VHOX
zcI<$q>gpk1>L2yE)|8iDKJon^)mVCkO4doC#1-+U1ezEcfP%7o85D^-Ulc71fGwug
zN@HTF=ho%r=Ax#TJs4+r%BsmHqP8z^Iy`ZAn79{?a<nkP8HZ3aL<y<Kto9`__hzxJ
zRu1_dg70)Vj*XEA0$zxT4o3#N`{_wso*K!Go{M2;OUXt-k$5dTM6OH9i&K+|VgU_@
zEW@mPHtoc%Zf788Z~<Vt-C}aD-t*oqal$`sa4_Sa_^Q%w=IO`1!=|~Y+uHY>>e_SG
z0-pr)oQ=-omRrlzLtTO%4-z~#?|gvjYmXSheqMcbJ^J}X5Rcd$^di3bAVV)#LnwM{
zRL^!}aZ<k+6_Lw8T&}!g11K2mVtR)>ZgRAH7Y!Jkp9Rq3WnCU~*vHwL^{uo<T!r(o
z(<<)g;O#x;@kLM8U*dl5u~kv%%IRo6kHM025Tjui6W#19^6bN-GNuaIrG{fxbEof>
z*`8S}IOTJ!nip6KfDD`ywZeMLyH^Fv^JeK$ws&8bmTG<1Y;LUPVHrIhzD;|v-I5Vm
zaw<S|n_upTX_<atek(p8i?f4?veb5-^5v{gQPUGDlFgR|QtZb6%Er1Zp*BxnM*qU;
zRVu&3G|k+y)cpy_!)g&ORC@1vm-~r`(BUIJblsZsA4lg0@K;$Ob@OfLzR_(W<a24~
z2MfM-GZT-7ke0a-PoWU+6tUS$pwsM!v&&-ud;Gi-Hb1+8SD_AzKm%Q(g5w%IhmwdF
zO5C?U-HZqu?-4kq@F2R};^3+_dG(Bi*ugx$?PuYsmcb5_NRBFd=4NH1wtUKO&(cm4
z)8+hf_tqoB^B=)CvpyQHkO?kYQmrmnT<9Ae$~IJ-9a)sM;2#MRbg|x`Q1z*C@~j+s
z!L2pF7KnowrUjYWtmYZIy-*tNQf#!Ju=xz$4RFEsB0McIohY`(JctuL2ywO>e_d|*
zv2SZV4B_cu0;_gTp-&v1_Uu+%ibb;XX+s~7J|cmb{IW?Ca8|`+jTw%;yjACz^qQI+
z587K^ydq6Z;|94TzL0LK2e?f-$K+0}>A~>61g=EufkSb)JNAVN?a^kEcSSFU9nUMf
z%{X`I%rtNN+^ZL_PEL;RwcP~#|Df%#kLF&hmjYSwvGXEaje|Y2DpZPAL3qojG8>@?
z^*RP?_8K+M3ZYV5^S2hcg|V#?z{zG28W<2L=<hHnDLm*SWElMJAEt`;KRgT;lnVHQ
zo%U*S5=Vfi)ju*nkj!xYE}E$15PQPR=UZ=AhJME~E&1|7=aWe2B|^MZ@J%E@iBxPZ
zv-+x1^`(#|VBXzdPy_I>H&e%RU2TAI>;TRvbvjU%s!RP42=|w)Df;6UzX}p8;%`62
zuC?v625K3ue9kNp;bZt-f8em~VoD{@3US8&)s1=NIoCdI_>M*&28(aiP^6AB{}BH+
zdus7%>(wxe$ZnaF>l(5jJ&@<-mPl)i&=&{XGjT}O_}!M=BTHAd^3!81)VPM8`tf&n
zGkY~8vUl*ZbJ$1M?i86GuRlYy5{~{)dkbLLTuuAgG;MYu+<79$Y7mxXwRS7h2E&6=
z=b4WSVN`+vWh}yt-}B|0otWuj#_cqmX&+)4{YI(nsn3y3sd3O<_eIspRoC|te%{w)
zi@cygsJ2805j1-`#NT=%;#*o;Dx_(3Dy6q~ID$%LdNDhL5b7q2v^8QQCaYbNDh4>I
zsJ3E3mu#%8VDoea8E_-l?*bnLtss<7FKn&K$X%)a8Vv$O8;KjsG`vBu=W{-aR#s)#
zg$)Ip^q$e>X&iAEau_<kyqN#Wa}4VT0SOy=*<aBgJfHn^U^%*{New0~q;pJ;@P21-
zQHTQ)+Oz0Z2OYfSKJfZ1VD%qgkXHBvlxQ`}2O$8C+JJ%F$!p&xhWK(2P_^AtrIAy5
zlF@xLs!q^d&m}y^x<EDqSHigJH>p)oolgocucxeycvfqNCxivON{Y0}oT%mNT!2~<
zO_r4RMW_4Vf68(Vo5~tMud#s3y=@p9YqRBxbqne*RxgKFH|qMH$=u)-RZ~;bH^vYz
zV{EMQN~ej}A-G>Yb&N~Zb-V8#KJ)K9!hil0egACsss+_{yPeF>xZpz9eBOHt50D7m
zcodXu5s(iC2zR3x(t8fM-fXh?rooL<Y5n_*vxWVe(Ih5cKHgRt_abOjIVS=<;O^Pg
z3*#E#GqlVql25;TpkN+!&i1iRIo}+-JHW!y=YUzecb_zpMg5cxt6$QQIf1v4#=?cf
zXn2&QIBeoZ=asi{^kI}F*SDQ{w#L2M>$V&A+-x|lxpQ@mMq@xzMM7_3n1xGq>T9Ko
zp}xt$$G;c*`WdK1NO3P8rPCjPPzoKG>8NS`!~Q4j%R5a<{PzPRhycBMzh>nUsR^E}
ziRw_Y^)_~z&^b7XWP4TG1mewcYs24z{5^NsXHS&vq7|;w#plU#cZfSzo0>dkt%nzF
z@c5Gs5`gSs$fxVF@NtXNvC6uzzdK8OmnBq7U-oeI<AIBq6G;@D-7(9&FN;g)2B5d#
zIYu$$e#si>`WyIjO22V$4ZKsUk4UOTgRY|Dh+#p=G3AaI7|5WkvgqIFFE@cA6NQU)
zIq!SKJ}$D>x3l%;?Qc0KTEtOB!}hJ~us}|2kVJ`gweq@Zn$6DYIm1bl9VqhNi4pbm
z*QBfD{bSPi9rhU;>s(t)^mWJr10l0IX?kJfpx|){v&9kW(XWhVrDq!~RUBz%Kg|XM
zi@;DMc!tl}!g?=pmv;1trdxq-ZJG9z+BA1_{*7_Xj?|U3iqLP&hkkZ2fKbfasZ~KC
zAP^jRls*GH4ZfLv?!Nf6F6C#c79qmD_=g7&Z_^hZ5dozp54NP?V|&B#=(s7WP|11F
zL(!=LVNffcmVSBjYy(LF-z}MW^x1N>VU;?$`lFq<U;v1TdY3Q5Tj)j{*wd6II@Hbd
zyXBBb^mCA=pyAzZt(0rc0##LqV%3jD5KYUIgO2WlofnXPYE~T<HGT+iNS&f%#15sb
ztMvQlaU6CFCcx_0+d?9@<_irA>$+Z+wqzEuzdw0Zbc?NXrgN1Q-Z(^WNF_|;=_xc#
zM0@;ZK|-ID+-uyuS#7r)n@pne!Ai9g#r-D2UqmivfQ<&IBQfcT4WMpGv{Y;!skV)7
zFP;8%p|1NHy2IZ5Vk%HyEhdJ4kxwqT7YHW5*O@!7(p7Dq!^J)|`>?~N#uVlf3?7o-
zLLuil4LSW_``D&VPoc!s_;>I!K}o{VVS5qtzW3(9x*2~g$`d(*59VI2r9V-udw%^B
z=pk7pcz=rpe<%P{<aGBq5QiiEVORI-2vNWwZ+F0+41Bt^9CRv-OdVv!tSevQE5zUB
ze1Ej|6BTGbZCcW!^95LY<nruyPC#s|6tJO6_y1y|hWuQj#OxlxCW3XuJ&Lj2_)U5+
zrT?4TP@=91P86H<w2O!1c}jmG8u?D3sm`Nh+v)MG!Cr*l%{0{&pmMi?xQx<L2(W(r
zv!8m1i!!R{Bddz#y_VhG!;6vp0QkBx-s3WTR_9d-YILPB|M{ig>}b+{=k*oEl$_kC
zAC*y9ocl+>hez(`Lf+YUAZT-f?FrevJ*ScOm#TC4hpO8r&`?*W{?_vzCH>;g=<rN-
z=!8*gl9}lZ9rd>Dd|_c>qh6<*GhcVN*qBvY%j`l+?xMp#P<($6!0glYQ}y=Qsf_|S
z4eA|diu$Hce?ejnTo!-sApk7pmx9TY{iR?gTE986$*R{zJek=qBtO_(%##KA`#;gD
z^U9sDUqDk=EZN!0H^5>PNwlA@le<o*hv5mr{M}e4(*0aD>Y?1LY=A9&Q20J$T5$iD
zMx{&orBMq!d-wQVVpcacHdKdABxr$UX`|5Fn<?^apdvHCc9K|R&0_i+kXtD@*@Ug7
zp%)vGAeQ>O{6Q47`%#8bFYiUD1`><qg1;7P7mMf**HW1G?clSli~ejP-p{8)LEza*
z-}g3nFsdeeRJczwFc8qDW~C5MaE$hnkawCL_qLpcuqmx8O2T+lBU<p?K9mSmJp<n(
z3jQP5ZI<j;Kf|Cw8d8BUART~mQ#CCo^0T{kzq(ucj|~Lqu2@i1<&ZkR#T!6?7VPxn
zAPuYZC0nNP2f7AMM}<w#Pm#zyXSqSY0m$XZ-)|9l`=MD06YRi&E43u-?4CC(k%7Ay
zTKltUQor=jmh!Iyfy)7>8}y4ESwq7kt8o^0Z?kh**D|M-w})q2F~e=I)J-RhO@N()
zbSJAdK6T?ncBp_nx9UIpD3}0we~L<=nd*dk3&64{%CxIHfU=!EPukmq!&aPs{Y4Gt
zy$(Fnz+X;My|@qO#^-C*F!ytGzYu)E<@JHiRShGspKot-@?s&=(F6}VmPG9JZ+dBx
z{_AX6wiq?-M6FQgV$^5-CpCKxs98mF+5I%zqKF6#YE<%k>2$~6NQeD>`%CLJs8(nQ
zcx!B1tW{zGe8guaCjim|<XW}bVgE!KIEwt#qqc+h?WdR%UgQ~q0r7Clke|w?{W@`u
zkFJrnlxAis@n3mqb@Wmk3%V7^en^qE9QsX9auR;_<g#e~i7BxBHUPOC$}EBVopAj9
zMv(AEP{Qvh0*|gLuSj~Tyj<qX=Ox^%W8!lvdU@%u;c{{@L&tPLD1*#oQ&Ntuz%R`3
zKj91i*h(b@elGmexcZ&U>(lJWN|z*oJJj+W@!xX`{w~+}_oOV@j9o)(Mb_UQ5dSJ8
zQR4U9HnW)>!Hgg-(0GAE0qlSMn=iTdp|-Wq6YBGVS~T~kjVk@$iTvN21x@(no@{mx
z+Tli~^ju&@`*}e5&n5Yn=Dnr`SZZ=&n?PK)_0PEM2Y;LJzB7WeTba5{8eI~IYphlz
zMStY${p*`v6OUj}CNpX!2xjyQW$v<s906y@SXiZ>)#m?0U;L$UfIjqqzK1hj0^#W%
ztgyBJXA*z&-=8qD1KgvgEXTB(B!YHdL+*)4?*BVZ|7zO5KX^_07ua2u1f6i@-x~6}
zW(p=jGX^^*u|iD#rXl}lnT^T40jQ-@#1ntW0{F|XOQQZKa)z~#_<wi^(syAX#i%|>
zkV`OQSBylF{J#oXRKyd&_w3DIIFA&CDqmD_dIBH<jlB!+*^s{(q`$r=7z)whL21wE
zcNF3TP-3~oexUt1u>GIIms9;yuyxBt^ff-SRa4c&@`1)1XA5xt>+_<#{6+vk6YaX9
zJU=JdUmNnz@BaIHiNr`#B3uCK!-;xhu4!C^OC>4F<IiNWe|EMX8Aul?E&T+*B+>jF
z9Y1pYF|OiYkBy=NG8q!blqXRC;F|uobVyddvH$)hv(yav@Zv2|xk`zG!+#%VY&d}0
zxr=(A6*As1rwadHpCU*&3$&;oWBvLMUoIFA_v1742UF9VTzktxAdf~`Utd4ofGJ@b
z-7h{KW46hq*k-9liruaRmB-3TLw;n?`}CHUe&6_(CjR>R3Cqjk@?`VX?=~nSR}KI_
zVr*i<<knjD<|fgAw0qo#wiSGi-p?>Zu3eU!4^hX_A2H{ayY+1+$Hmi0A+=U!11Md&
z^Wyq8P>(x0foJEAYm_5^_}IWu$PaDzT7b6I<FsmWuF^Po6K9J3IH=ZTp52oDj&M@|
zwkhHdY5Kr5(82He+Uo_o7wBYP@52u%PG)n6I-6N)HEWH;NA{l5Wm-=Dw>MDIe*FlV
zNSm@Rll!B#x2M9^r3*DZPLm0}5nA*~%iX9$v){{NTFerM+h0q%PWZ+j(O6<qYW%#-
z#P0i5`2-Z?*cXE0<D~%Z6N<mJjm^E;Lb`KZj_R&QN*I0pPh4ceaEKG9x#;YkXPv7(
zLC;WoY@+CNlD0--#rIZC)oMgE50=EpC-4ZprKN4uSXK2~t=z{15~i=5zI;4-`Jv?8
zG@wzU-gZ9eq^gxQfA<IE2|g7iB?!gIe%re!EC{?aJxzXtf0&ro?;Y8a&d7DUZlr+D
zn0d5rPNTA<!Ubd<as$9bvc;#SH{a-YrVXAw$D))+G{K9=03aA=+)GWSVcsk=mD$~1
z0Xcg(@~s|g$==7i0<eLtp7p0@^wh8j)|tz!vlWJ|HYEx-iZ}~@%Gm)@m`_;JC*u+E
zjf&g(6|Du#2PdpEm-;bBhEJgosOupor&MKHFJ$=>0df|Z8ReNz9rS!-iJ=p7*tdlj
z^oq)3)2>Dn12YYk`q(%)F&<*wo(7~BorrQ)FH(4UAnVG#wUYQ7xN|Wv0kSYQupm^l
zqhG_0`(B^krErR<Y}S8Zg;;8FH%@5Z%UcfJp0EELG(MzAds&L=jVf~{fO4oybM<#M
z@$VI~MW4|c8y4y@ub&P`O}?i~p#e7Za~%G$vuCz;OGchl6xGrJvad^96#y)kE48su
z2Fv4{v4AtxDgE8Y$7G2n^tlpz#A9Jxv9XpZwHr&Lq{(UA{J9C3!2ZgxESMp_t~ykU
zE}2hMUaJ8d`jAj>>%3zvieX}E%lOc*trYnzMqW}aaP{`~TzV9;wbs^du>8jE^-E6)
zI{O_q%OdTyRGXbr^Z1*bv}%S4N@g@PM83!30=uGItsJioJ>_=Ze8r=@1>|l6D_W)i
zg;#_yNYK#Go<;VOFd4B_r=Gn>pRc;<WJlox>e}h&eomPPn3}%4-uC!0YXnGeo+jRr
zHgFxfkV*h<uezt-kx2$Qggxd3UfzgHG6&_k28~VG({3HpnQiXYTB}0^56W8>D`NdY
zlSe&%a@XE^{3y1l<?_cYyN(&nJWVSdEb&Vt5gVn$Y7!yF9+Z-TkVOXSEThPff=WN^
zY^KqdUi^wA@iW926^ik7v^EE==LacnX9#X)=J8st8$-LF@6^`Y&f9L>mK&RgZx6W4
zuir{p#S=e2J2`p(=7n)+8aW{YVP6<@%-Q<B>yERs@|fx!@$-&1pGyn8^PEP5SH&Qt
zOijt`^fV@}5f|nJxX*2$gde1uZ9chz0i%d$#c)7_SLV3c=tLSDFx)1N*5a`G_hnIx
zwS4;eW|++^rJ}i;oMcbnpAbI!<BKHv4LN1A4i;{R4Ws!6#QQmpq>NoV!;uSVC1w;D
ztXg|Q%E+$8uY68t4H>(1^yS^mTzn)dFwJ|oGMP0s?@9xk;Tu(igoHpzNkW;pS0bWo
zD_O#t)HuTU0dF2b|LOIf^ocl307(eUy2q<0;(IvRZ$AZ;W3h>&JkCCYhggfQp=q%%
z(<h?zoLj4HK$9HqQ?@G;lclGkVqMS+ZCI3)8BootYG|jYr+x#(k6yLC6n~(L_@pmE
zjGLdxj4U{i7_FAE$euSnMs7MG{P`?X#3d5~tT`utM|%b}4Gj;m=WAVECZQ1_Th$2k
zSRhkJb#;uvRG!GHd^44W0#4Jfx+*Fn?w-e+#|-@0DJgsO_NbMr7=}6v1{@R9DyF85
zfUg-DLh#WaUtXzilsYoXolfdcU)0*aM|pO$cYAT^5kAL(1oHN#Xms;VLj}3(O{$?w
zE5?(pukOA&kWM|pM>bq<=-&ckH@qwL*9%X?HDVrJ3Bwqt%D?WA8jc@W_H9p8Z~yUx
zjhziaQ-KEb0sMlNI&9L}Qi`dzhSge()Bn$t@#c*IDx);kiFF@;!|Uv`aG-gJOT_K^
zF-lj@{HqM?tBDwvocybXgtgSa!U$=J&VMdp0uwhB6~%1tSm`~X-Y*2GN$N@b-a$nM
zs+yAN-nTE-HV!m8oUNp(QyJ~?!wCdFX}4W3H5X=Qcjn$28-1fBB2v<l#l+CObS@;K
z_Is#lh(DWV_|~V9^;gpjmP85kYkoEj(VqBe{5qFVBIbrA+?pna-8Zd<J&S{ktSqkt
zV~li{so9!WUx{5j`G0&_J^{+cI?UrI&yyLQx^JWo-_a{h3*7!7@mPyXu-WG1iLQI`
zBD){W%1As;bt7wJuS7r>>M_!zKfVkI?}ZAkq$23){h|S+8A?4Uh2dVn1QpK$7grkD
zu;?kBT8!%C;=7nYTC{qvh~TOp_vlcDStPT0&_Y5%A%bgbLiF^?wNF_S2cvD&TEp>u
zeq=rl+{E#{;z{DOMsRU<9f6-VkQf{+Ypj^kb#QZWQ4+dsd))hd;p|i20}@a868AB%
zq&}5U($R%S@E%EG^SGv5^4Ph%zgSye9|O>Mj34a0>g<GtpWwMn3{PCT?#)R7rGeSJ
zN`EcJuMk)$M#|hFC$m#i+mqUFH@OWBzgk`F?b%L@8(VL3r0Bli9Vqbr7U}QkDvpH5
z!UgIfg9<~FnhfWw;VKWft-kq!ABahSDgTu`t7%<d`$}&9jn2xL`&TqHi^8hroaD9{
z_wTn*yCZOL@R%S}O(2EO0t5Wm3#Wc#)gl3&OI%z`#nBPAw!U6P$*^s}c<2LDfL-I7
ztJ+<(1b&w7d>z7!>(MHe^R(W10k?v{F`D=BY0u-G9XJ+d2^Gp-)p!HJBy5}$vA%$Z
zWNR525PN6HT`7uG(J)Mg%$yw37{-vxi2*aUtFyJy%hQ9gAb5h!uxonX4w&Q3DII&Y
z9RLSbzscb1-u>#?KZlCba!eIAvf^D0B;<vvjtXDOBBHfHR)TCIx7=x?{j$DQK{>(H
zE#G9K(p677geh_WCLVzh%&1V;0ntp3oe!d+f)vHg)s^~Xuf|Z|3j6>nB{gr9bW!t`
ze{YH}gSsBFh!c5G5z`#E$5!EK_{mxQ&{b{XXJ~FFT}A$vnY&sE(}k8V(2$XZ;^NS+
zM+%)T;#1w%wQ4Lz#lS1Cx9sT!HgOn<Y(`tmP6t{HpKc!b`UWg{yQK~oi}iLX8yTV0
z*3?v>yF?G{DL$;Yq5;MA<<pE_z0HeM4{)LSfV}x>b91xhV$)qV0Da;qUOAoyRQ3TK
z0z6zcl}c49s*ROZR%>H(>BdsLUj}at&kBS8(Nj#Z@s`fc5{%BFf{=>qsf59kRnG`M
zxMpI?a$Q_G3OPg-5ocHA(u<1d+as;wY9fgfmrh92;y~v1Of@|{DNOp7cc}*FRacvM
zL4Kh6?w*L`3|)@hjruMRk0w2Q9yYQ#3<fRXW&7K-+v6=Dsp7td^&|rZP*jh-RPRb5
zVNNpl<3~d5PCI4M_e%*0o{EQaYY`9YY;nTJ_DCS#^XBDIpxC2PE^ydopQ~D<m}_#u
zxf^T@hHNTy?pSEN=Gb(Y;x3*p$#VmE3OkJgri8$7EXvEt<>#!LB*U!REQ_b&c8ueo
zLab#jqWdC&2pTz)*741dUk6SNWy#Mqwa3=2x+$7y5}KMrjF-S<f-nejUWOK2pED$F
zZJl3*fuT@A2b>%+L$~g49dqe!TFxv{`RX%GEjaqabUfu1%_x%wtiKxPWY8W)swj^a
z)YisHhr%s-c&-?IvzSyFE@0}4>y;p|#hQ3+xs`~9k1ubUONQ&)XsKwc^x}_O7O<On
zg}lj!T-)8X@%Z8wXJRxA!o$Nm0pJ58#pSo%L@NMbBYu5YKqU_F=#Bsg2btR1T7;d;
zBQa?3lBZjBzFdA()XRv}g`vt2I(knT8R>$otj{zQ@Ivku_1)8uYmF*$&UZ1I%#f%d
zwcneQwKt>PE_bXd*B>=qby#pG8PkOE?8cwzYhTL3uc^&orz4P38hAD(Vhpp<&}`x(
zoLmjx)r}BLpA%SHxP5Nc#-XRw(bGTIqGZr)csJ>3Y)sipL8?p(*UE+q_i^#?k-UI6
zKb@9iWz&w^?ExNcdE-k(9zr`+-tZM)7nfSvj~WO?bkq;34hH1!H5s%<N5~SmnNdJQ
zYeX6V^m=@_<a_s&6+p78ZA@wy<N{P1iS|pN_&F<{)8|T16w<J;3+1Gf?hF_#eYqMN
zX$jQlyxCSrVhsUC(#u6}h2;RCVn*=nzXobhQs?I6M7^7CcHPVItrT<CNj~OGb8v8Q
z?r3pmjc7H=%gd`0Qego=GNX|Kw}Jo<a+{;f^;4dnHnj_|O}J~l@CM*PH2{CJH0cyt
zXg0K?m^nIHiPfh=lr8`I`ljVBrq3oK<Lu0Jt}*-0dxD$*4Ndg$Fl4(XFHd^$ZgUgM
z4o3>*iRzh%w>KSI^_9&PE2wTPfkcRllk)=`2!c&jMTI07$+nJQ$|LOqsN|&J?2J7v
zdnZ$|6t96Q01Mpt^sL)@WwT<GsHhqqm%#lZIsB<>%jFzrQoL#5-N9gK%?jQ8<q*W0
z!61BoZu>i8AIyLohU!;0ws56h&38Touf8K|S~O(XxVR5i@S0|(B!LfOFFtMB6)(@s
zXlh@45kbR47x6q_9|P#CESq#$S}OIdPPl7hSwi&^PaoL1k-nopNkapTkBw;x`lN}V
zKXc^lwK8>}Wip47?j`W$UG%xaD*~?%CR<({J@qAtzb$J%<4zi-P@F#>pPiMmZ#~5T
z(3s`(Xj_nT)B0D%j_q{*72YVB7yT4>qMm2Fl?+*2PU|CT8hWJ=7FQi*W%3@t&0s4K
zGp(K>Yqr{a91x9f6?zH^h~Af5`6pedz7>}F>E$I7yzbbkzm5`}pBQMYpLd62=L*}}
zE!PDeAA+Kz3!9dzJt^R-BlOO<#TI#|_(XHULqoSY$dL1LTe7nkwb_9Q3TeA(^Y$$C
zGiZxC_*T=IS8S|eOk&M+bKYDt3Aedq7HB)sc4!K>w)>t?+gq=tinGjiJ5xpjh)8>S
zm5EQ7$~h=XgVC!D?b#mBeoRnMRk$aq$Zzh7wfNc<EiieeCUKlXpmy|N*`mU7qnH9X
zq2t(QrU1v8W(VlZ4*wf4T?mhzov0|pqI>TF*Rvzd?fw0{s{?~f(X~$zWMwMM7oX_c
zdC^u6aBQ3aTjK+>lumSizJi_s;C;dXiu6ErwE3Vc-#p!WN{KC@94J*!AXO4h7J@}H
z^~p#nB`&UeKbVe5aP9Ib;(`LeJt?g<XceSU?>4JW6rG`GV92i+QIs~#)D~rzTK2u;
zTXY&;oT`gKj=t)_@wLVic`H)Mh`<!6sIA>py9dBu#3T7H3u;Tfo5e8>sA*^@i92Ma
zq@<=?4ZIE^`HuQJr(7>Dgca+I4lTqPIzn+=NAbJHI6UXR()K|rqU-cw^1xsgVY-;M
zgZ1}JBWtQ6Md6}vkZ^566z2PVf}PHHt3tsdmNXwv_Sl59%B)u!R>g2JX)Lcm(TUyh
zlNd5)_F<^-LbJDa@VD11-#WLNSm+qoZGL2i$KQ3bMQhmSdQDcd;aXpOT&lzbiM?t2
z=5G-iQNe4#v2T-~tY1iQZ6aX-*Nz72eUGQGqHQS9{)rf|;j27TC6n`fsap}jH6Yl7
zNtjYTKk%hv+`(R^Y0L(s4@?Hqca8fc!_a!dtX=WaPxuZXx{Y0)?jT;U)9U_^X<Chu
zQT0R)=#F{)ttWh2S6A8qpyfEPgisV6-`7!AFKN(NTN7az0XJ&$3jla7-19nN`7NM`
zaXwI0nmSYAw#;jQj$>Yv3OEa+0o7jRCl?zIX)Xcu;Y*irKDT|{rmsObYC6bp_6=V>
zsK0(_ib?ZwL=PvhztA}amaJ&8da3gC+PBqMg**VXDI1uC#&odcnNYp6OQ6>1(}n~p
z?c+@f3BwW7%I+=TdWY^{oGs>s!(;bEOhQ7%O@pJEVL9uq(N)N{m>yN^kAbVBvl*;|
z+&t5Qgy%WBs3l|qpt`fYQ-4QN9mz-n0i_~E2PGo4*+4|}Xx)+zV)ifkLbY7J_#r}r
zMS^`c+@qb(hKW@rtod!SCJA`zD(VTgGRa0+4_*zx@fJ_9jp5wc)~b)ffoZ1MM?%Gz
zKuEU8vA&;oGOYE#<JWIZNi{QlL-(&LVW2P%#!0Z8KjrkP=zB^UsYlS4%+i?{6BD}`
zF~6^Bhc7DYbJ)GHHNeo$xk_XLOkraFXH1xfcJb@DHx!U-Jo^o?#^?n3Bg+72u*PX4
z^G;4j)EL<(a`guohkrp3D4`rZNH_TTv&pA3sx?a$T@3~u*VI~FhLO;Bv{~h?JA27?
zO(F8!TPBn1!@jpH%@sZxYs36kxJ>};OwDI!iq09}WochcGRq|BOKqe$MR4miyV3!8
zQ5okcE%WNI-QtN_plWprT>`;qkxpb)n&|+LpWNzuJUG2ud+ei@m(BoTN<$xMChCO5
zF{ww3yRrH9n<hq*#5v5M$0v0GtyW6frob+p{mso04W)}w<DNsfXO+_PBiqk&OP!1C
z?FHI*EypjeP)dya!qjT`#VRHFBf1@>ATO@8R?9{)J$Vs@+&AmLC?s@`43h^JMc8@f
zMzqb$`YLc^uk~D*X|qn3gihVo2jUyJ5x(~$r%af1RpIa)mXEC0T;ixX8L>Q{ZR&NM
zs4v$$h83E%NSNM70e$=SZPvT5755Q;+A`QOH$PopOyK5ZJnHN@#2V385#tAz7Xk4X
zDItLG4P^<y8Nqy~v*zh*>P5tycUuYyRbfl7>*`9fWEgI0U3gmstq=6Ii&=edy_({`
zvB-D;*uSmZgsFlS^3X7*3GegL48Y`DxN}C3L}TZWtvBpoMTSt*&=NoLUMAsIe6YVQ
zJOw}xTE)B`@<7%VFn|U}6uj`1>+lP;ww5|8D?Kf%SZm`sN&=ME&bAemZ~HgJ)Rjw*
zm7IR76n}rOqSC@T<hM}s>fB?IwhWZ{d3h?zj#b!zq~f@2i`rH8U=-WTp0A+jL@a>_
zDG_h%EXs;KXM#><c<7d}b+=AKV>`Au+AA8sKK3ebi+97f{#DsN{OdFQZWmI!Cbl<0
zaNv-Te)Z%p+eNTVufB>+4BWl2%-lstm?pkna+zMlJvIvUP~<!L9<VEJQr~kC75U2D
zyKi#@>CZy{u^0NavSJ%RotDxSmT3a$e4D`pK3Et{!36xNc?#)6hhgJ0np6=+Mn+Uj
zOwk>kooaUgru$^az`zJkhGAs8+sGPn=yMuh@}hjXV!~9Zj>Ns_f&tqBfd#-Rl_u4%
zGO29qe{<1`@0*e*pIAhz1jU?{#Oq$=m`H2%wHwo*<Z@yd)Botr2Y4!3S!wmkD$@$S
zW;ci3Z)V93)#8z+hivj%7-2uG2-sB_w&T$-3pwZ5@iyi2hCdY2P7Q#ix#Zmn!wGq3
z>c&caY&?aujJOoiVoJpssHpP5p^kCWVXJIxY^s_S272dt_d2K@M?n``L_(oblak?1
z2hVn9B`NTz)LdfhqE}Pb^zL-r?DDuB(Tji;&eYbmR*nzN4mN}FmI7m-n1gkUCLRA(
zbm`>rWcF8o$0u-LY*}OwCatchxDMsOQ>CSjXsBQkjpuXM&zw@&ZLt>}dJoiMr}aJK
z?rkgqmiskj{U%v}eQ0~I+~2F${*u%7{gVeIAL%>M{l-$>umZ~sT+q<vDu19exlwKb
zC^}`P#OkUl(B^tcxgUh7`I9{W*2cMi<Xt4wn$co5C<FSeo)Q=s=sd`#!Glw^>{6=N
z{)7UvE9L?qG^^zzfl>vJM%MaO@*LjVgncJh?>m!vtA%VwhK`P*=u%s1ZO~efJiMR1
z^XwG?AKTR{=0sshRL9^k_4RCfdj?9GiySExDqi9gZ5<uUbNVouODxxBzMw^WnYrZV
z;Kfdkq81KsK}Gz_#fBY!Np7bIW5d@OO9aiNK@kIWyXVaY<=K&S_()m6o?&c_$oJU+
zRLvq{aR_5J#TK$U*J?j8uF=c`h23EeZV^_*ND|iu){>dxTP}aFw9HKU?c?Lq%!Nq+
zHBKgV4YPI7v{SZqJ~fniX3H+2ENz8d%UZ8!X*rtd8sPen5r}aG1`vJz<Ii`7$Y<Ey
z-vPdU9!1*g4zjcrpCnD6f})}v0JNxHo5*n>if*sj#X~2>YjUB{S>`A9op1evu_Zuf
zrQPJJSHv&LxbA>spqAM@I$}ogTbRtLMa|@7U^vJa>?%41aDr;5gp>qm35Mt$og@}x
zt5o!n6ir=ed_1<>J7SB%uBLQXlUhlxGtXfW5UQG{@TGNLh%7HfXQV_$Np8JJwBqJ*
zTUGS*#0lx0`|tsaoqjh5k4q<2ZZaD%Cm`b8*~=s3)5zC0l-(M6;w+v`KTF{D-s|DS
zPRABb)f06(D5|i`h5_%DU<%Z>`AzwZ=Yi8(c!MI6Opr6-sGBwu6kcn{+9iuU{}y5Z
z3qHJ73<(ccLF7K17r?dbj|tm48Q&O3KoGq95<nB2Ei);B+iM*E;qwY{PLl6e!6y%$
zQGLk(z0E~N7N}n85lT!<JR|oCZqe&lPWlJlrv5wRu{aI=!XmHJNsXy?yk)0hNAB%{
z?1|Iz_S>YXasvrKgJjETDDXFi_5g>9691#@NPh9z+1ZJ?DQQf4&6g}of)tSs&4mj9
zO)~_8?s82~?J7=4aX+}r7;|ilC631>QBcpe)X{p+g4uA_PS2^aEtV}3xX@X%wHD~;
ztBV7!gDGZjaz@5?2<iMHderpPstl_4J7kXifute=0)qNsCYfkq!)#emNrq*xoCf}*
zXGz6AOKE)~iul~8RF*;~8^sb-2@|DwttazrwKZhvYAcV&vWz>og6=|AZiH0T=jAr|
zjEXU>{2irSIP|{H_*La>3VQ5sb4uf(=Xd~^E!U<shMUqGC@c?Aj2HBj^Sz1~3DYs}
zYZRwSe7g69q#V9hEO1uO%1R8Si1E1X;WC<id<hi`)xz5lJf7rH;Uwt&p!RrnuRTm}
z>X&_>@BjuYY`2ENO#<W!RH_m3jxn-PZ$x#&{QW(66F4NPo*H;Lu;l{x=00_?1pQ0v
zVDFaO%Vm)1+AD3!WsjXw(kJCP06#PwApOF}P5a6M_wp`moiU)60Z?XyqoVfE7FXaB
z!ey_r7e5;~?x?Qq2>@jiI>j}3K;KJ%nVFJ&eMU)aeO9vtHqtymnHw!3CjQLoFlM4=
z!q5dAEs>MNUb%u+zM)c)j2qFV)N>>NUPK#+ub=ATm`;p&P(Zmunst&9W??2<1}p65
z;rJv8lf0)L4NaS51W2IZ4e`xyl)lZ)sdiqLFQd-~lO>eQj4H6N*&@=f-_!e4={l2B
z%FGsy%bm2t8L9HFE$I`7v|sN+L9H;z;2Fr^BY{*t(2cL<bSuWUMEh4k7!vT<`FmWM
z-L>&<Z*9d>z1EB2c-`|JFMla*HX&i)c$IQl@*(x|B_D#9j#43wHxV#fBg4YLD7gvh
zY6_fAP#2k6D|kywN@m=j6Z5PwlDfN{C)F@yObhe12xOWKZnllQRpJbqoT*ZsBFLT{
zzJdiar(Yekr~CWQz%zx-o-fvCrNdbdhH8=DSC<(}w!aN98%mKnUuqVvrCG0i$76l<
zqj@9ElU@(FXOP-ea@fv^BJ!Ca&l6FeH@D(9BH`h6Hub$`bCq%!6@vd(^P~5yEbBC@
z%z3?UuT~RQVfA$nia=wSH_X9IrQ8+{a1}G&n&&|U85?n$G4D{vm@t6dY7_O`Hs%`l
z)zMp4pZXttUwCIs5j-N2(53XQ`_+fG<$3wY+v4b>Vw>7pWAea}Q=3Fy@_u6Sjq3Sr
zF@yzmL{iFu_vHeevY4mcDj3C^P|HR2A)k18i;vRup93aulvp||W|k3%wMP*Im3$Pv
ziqwUcxDttav8q)A0YR7CBE7CI6&60<$;ip6&Z%<A-lgwSb4)z_vpV`N_aqGi6u1qE
zN&6D{hlb6TB{B(cb>$k`#i#!Ax{8ml6|f=5OW<>b5tEQi%30Xi<pGwdx9s*yHmy{E
z*gs7LV5{3+S7&=Q4&O9L=_`9H*^U9rxU2vGNSAt^O$wi%L3_jZ{i8JZ$~zL$0Yf6|
zO~CSE>NYPh3gB`rrb=dc&q>r08|vHElZs1?F2He!WA9&JVD?n4pD+1F)?J^(I%d)e
zp91t}3zygy*F9|yppJs701^oOS)}iKe3l3izn&uZRh#9at|>oqGGcS)X7>b8vpGjt
zl^k_BrpqMcEhP=zT16_`#N?#h%Anc`R<bO)ny#wmN6!YUKHJ=<H#0*Jrj=dsGlN1x
z@duGL<HJHjt#m?)_-#B@@5PqHdXuG^ZvY<!NMlM0GHwwK9J%|vPBJYDTQ=G-{>G4i
zKuaJt00yk=Hi^!}YHn0urLH|LH{Gr&(_LHlq^@l^I)y`5(RKA`4%Oe$M3t3{BA>Dz
zN-Xd~-yIQfJQPEj01g(mN*?Hk@6zT^mIx`~?%*)#bI8Ils|#!@Rb5>b09|l@lCPNG
zM6@l!b)7K;d%NoDrVP65iPF-DeGCf^$8i<XD#=f9dTu_5UeBI)J2N>c2AoB4TY)+?
zQv-l~;^b<1Id_Fyhk?8AonV{S1>eNfRGu^uCC?j^?_`yd(?&2HhiMDVZo@+6NZ8oo
zDtTtb9&D47xC{$f*_&dEb930CVK{3w<v<NR>b_<3@JU`!9rL@kRu&<x?Obz{=v^nN
z)?F62t2(-g#l6%tE7J%hP+$i=d`0%7M;J0vqC%?Qb8*&_w>pdm(H6`LcS|;on(REj
z29SFk1V3f!ICarO29c#59Zz>DNvD`r3^wl7*qnYWt2;G*pVJ}%VfvWV44f2Lm4dT%
zq}>x+uUaJ@sb(J?7mrqrUg37Zo`3~eXt{MQu8=VJRAW5?;*UOUKx^Gfe$;_5HB3)U
zl`~IuVb?hwQeI*_J<ra}^aDzO=%8mel$6LCm<$52;JA1?9q~k5b9D#-x)7SJTI;+1
z%A}34t`OA1tSo;$DT6%pVyq#Q0j-#ZY>fJeGpY3&qi*l*qb8Rf5NAm_$;x-K_9oFm
zK5A}l1JSGVgN?)KF@O^sGU&pE{P-H6g{!E4CU)J4eHV<=z9c!!dsA~;C39SB`6UST
zr$_V4OXQHv;%*ez)vP%!-&k@5HT8|fMZOx_oyel3)&d+XBuT(lzpFiGRLKy>Jv-=P
zDyAh+KL;qSn<UvxRyNNh6H9|7eJhJsv<rYAk=1a8R88T`^!AoF?tBU{`%Df99%w=T
zR55J5uZo&_e*7wlX-f2K-XrTf8&QSH@I{c$oS5%*d(Y$25P=2?zbuj`g$+%~7`*DX
zd!78pa1r@l<_5f`RGw?G<Q_gEVcxaKzWWYB7af6^l?@Bl4H>j<@;+a>0sFdyClosR
zn$B_z7mzS#hifJ);O}}cn`@+iD@~w{gWSx*EFMcW(Us*%)*M<9-kv$x`Jlh)I^^Ep
z^zuVbSJwzo^JxamsOH|aP)QP8$_1ylFWj{VR3(yb?87+JTwxAtwj_yZSmVFk%%(~b
zTLYrRB3zn9V8CVX`RtcMSgll3Lc?hs;_89Y6SdN=xvkMIzYMM7Rn-Io`e=4vFbPG+
zkuax;h{$gdYPekT`2dU0G1ew;DBnZ`j)0IFP--hz+~-qga_lcB-kwi>FXR}qu?VHD
zDiT}m*;ud6d|}on4n1XSYuD*f68|a;Q7u{!9~I?*2tAASdswi3cZcl_5p4a~um~cb
z^w!qa#N3>4{gNxo`Pz>`EDbx8=WvTKw9a8Vv49;_1f@yu1)|FXVFZFNNs$2WB`ypt
zqr~)moCXj{pl5LLecG86wwW8OIM>7-Gy#~n{5_<Ec|S_GSU7m@4fg+Z*;a8ZpGUKE
zbV9DZ?ON4mqMz2)56hsn^pua_#=gmHjE{$sR#JMbL&I|x$3N22(b2IPh&feI|0-t*
zFs@1f4hh_Xka1=e3rZad^TM{4QS|!pknBGPJOG_oko`z$I5IdOc>WCaR|E$3`(d+&
z%y%6kmewpVP!vQ&M6|f5-Mtiw(pE)9O6uCuYiqd(R-V&j_wgX62Tcbgw(LKx160>>
z7!=cK;h81vN`S2ZZO~4ti@4!~*qR8;kk9P}+~#|hp^Wr8o3B{N3WovK-^q_rC`A0b
z2LcopL{-(}ck)Ac{}`15M63K@103f<?LoT%VH`h0MLdo$;Kk7JrRV*oX!T7HdAy!M
zK6|EJ?BeQN_0?dAXp3)3{yF$(m<*1yh_^EqZ~^aE-*~ce<ngIP4DI8cJ6Kq2znIrX
zv@b4L%TtFZ4un?JfGED?<UW#{YpQI4HSAZKBQ|s9%JE$M=#%C{2QI)M4n5W;_OZa*
z7%+|ZH?yEAy{5E<(ymT4_EY%4*sq-nxciRIH>gUxJx0S=0QWRBSic2E{Nn^KA!U9=
z#=-y!vyz&@bJMS@QbJlih_J9`N?a;hP+<kSKq<eOWE!Kyl%%B0E|ai0XQIeOvT@-D
zZ$C(zB=;@)@|PB&A|XjCDJfaO0-0<9W6VKgt{H4$pY&h9hJb{4rikg8WovDXQ_wUW
z2SmOAuF=I(0wq*teMNbrglTVfFfnCVU{y{^3LZWbMOmK8I5Vh#w!=<KtDmS_75}p^
zsaX{-t%=Qx>Y5x$Jg9M~?FU0z1nyVI2~_-Tjrgy)5rIV>U(Mp5aU%k|<maXLYqY^}
ziWb!RX{{E&T$4IKFPG+gnt6D8n>xZA@F?%+cMrNc%a*_*F}OQ8>1iwT7Sy|+9E;=s
z+1Ld5NmJjDKi?l1VB@vPEU!MD1hTQVXB<!`j(&!CF|!#~w6r+SutC<#<EDDPf3qpl
z-(P6u#pLL0?w_$M-_*8T5A1`Liu<N@ODH0<x9kI$oJ2$+kjq$V6QfI?IvmM>Xr6fu
zzMSKC&@6EMAttbFg=g@mr{Eh7BXR;1dDaJJ>^tfc;^(1)n##JOrKNN}RaUf4ln`C$
zj@lkU9*>3eMPHet7%H9wCM8*IZ(6u*C~nS6Kz{%>7%SD5e|#RAbjR;TusK9DQa_Bc
znb~tb#OUnu7+8fiX`j#fX{j~T)T#z{42oc02Mkzyq7Yw`laf=pO(;(dbyR86aImpG
zzue=vAfsSr*482mK7;9BS!pV&GMag7b#?I#_rYNe5%lP>fQ5r23t7}w*WQ(p>C|2j
zB_v}@{cOh4J87H0lI6t_ZnVYD&+m5%foct7tE!{(ZK`sl(H`kt7*037Qzs`{5f;08
zql=PKeya!?+Wr*NNMj_*rd@6i;t-p&1BOsy@C0DvdfuX>81LRcFS?SX-8KOPwmC|*
zQV|O+uE94TxT?_^ob2!87dKluB;%o>75Kc8d~f3Zl$w@S_LOW7h=rI$M0INzi@%M2
zNOOP0gz5UeY}E}dsSF>+fVAgzNRPOjw0dxvt+^UU+M{=B!?->~DsDA8iZPrY9u9xK
zA`;6JEV4|J@@5uSN=a$d3LPH))Q*GydHRJXtb8g@N1@?m8sUiAC0Ffj#n?#ZQ<PZc
zndREP{_98OMK9sj#Hibid*#U{iclG@kql>XU*xteAR{9OvvvX-rLur%5_YRcX>bka
zL(=o;F$Zc?`*>(v)jDKVAYB|_9*z^UP*8|WmXJ6n@q6<c4n1smW`;BL<$#IQinnS>
z>>{44^4Ug#l2I=17>8YQRUT$Gt6OC0v##K2)F?h;^<5)2hAY*W*VUzkg^pMFFwh9u
zeJV>P<<pt^!!W2P#83G4CQe3$xA&}AY?P1qwopN)pY_obeq6)R=RETHc(BlDJz|#w
zpWL`8c=S|C3$J>uGQ^kh?FU(EyI`|Vv>1Iy12X0kP%hsCGQ#N+yOUnDkIeXWQ9Y#n
zpT`Kkdc~NVW2Py#Cd4k`B0xfD<fvtd40zOER5^~q7#T}wiJ6K#>n0?LfAg;2#f1%A
zU5XqA9hxYJEFth%X%>2>jqzDnKOK&J*1pGiPkOxsdI5xKNajL9(M5Qe({SsXRm?Yd
zJZ{3TCO>|Ge&_&8_yzPvlR-?PSJ^}rE%EZXPl~#@-!d}Nw=x9wA68a2IYB|(^*TOt
zPvdW>#4W#m{aWJtR<qM^Zo0G47X``s6mUDUi`uC5yc5?c56gA@aiT*>X~?d`XheOr
zLC@P))T~|DY=v5D=f0pgU}CF&WE9aYtW{P~qN}GO1ymZt2s{*VIp60CY9-2%gO+&6
z2=n(CxdTGNpgwM)#sn*?;w_-IMs~rb1$c0=cnRw$qR<HAq5bXeL8{^?NW&!T{#8E$
z(>*(QvC-27fvc&;IsoB=Hhw5#@b3X%uc02pV7^2K%?h*tBj%ChzDf%QW6MDX22S)H
zK9726ng0Dma~&zDstOtsPMltzm=Q!Jm(QV6sV*!jd2eN9brT7z{`|qo{A<?)fhdkT
ze@AN>IG~RE*e;hq_I8pLM%;kkgRZ;3we%w*3=pff17UjRu{b&_|4B&5`G~4LV}0EW
z%s`p3#P2ra(+4H<?9ax6zt34aDH0ae$IO^&XMbkn&He2aPOyvfP$Q<Ipx~pu`S$d=
zxw&f;B#Z~+i2pjVx6*{XyeU2J@oi}+!`K`}yzvGTozQ?Aq_Vphmzu`(N9kDuH<+pa
z@%z5GL3I7#<mcB9ltGY`mgf30k>pfrTZ)E*Dk4GPiF<DhS8`x-sa#`5d1!6_Efo39
z0V*^CLf*-Vb0}-FEgi^oOD{EbVq!uvKiz>mFepe_%bg4G0)3L6JwJz3e|Vw(Yi_@6
zKy-0)v9rf3E5{V3c9KAmRs~kY!EAV3w8yWL19e=p6RXWsSahfoKp;g5xWNalYybMz
zpFgz85R#I<9n+$TV3Zg+Pv)3~0ekQ4Z(8I}#ba=9fmHfGn|(IQ)YZ}wTU=ahlX*t-
zfT8H`b1y)S1O)zsgoL2=Vu0mr-d^`h5TNub%CGhHL%jzDDwKCA+gavSR4|fJ*Vol3
z+v?E)AzsRW-X|dG8WZ~a8u^=y{`I4e=g<(4&y-c2L5^;C$jG0Jj-CM}gUyAw5+O}7
zqHIyp-747}b*$k`O-)BnNX&pc6pfmys$(|0CiVQs4w(OSTHotF@uMY|cpI$pM28|-
zOZIlF_n<JN;thNh2`vUVzOUaE&P1s(J3HX6c6?&jk`<_MY-Luw2EZPyY;4{Z*aXAn
z|5c11`k8SI8UhMR#Uv+jQMXs=wJ7J_;9xEu*F061NtU8Y0XZd46i7=Eqj}A>PI7;H
zTQ%$G2MlUK;G#i&ZLPA43%tRB@_wZRHri**hmJje9nkAUL0~zCe843TkPZ~a;Fxyz
zbfPl9a&5!UDnp)DqAy1;;D0<DBk)Gv#1uJ>hlj`FWOEdJQ`^u7R1Z>Oies~0^RcT&
zboRsjUx)L}8%!i5A}&hGccn2TRP5wI9kY|Q4K2W<FD@?7P*8+34Zn6NGZ)^G1yy~X
z&m{cZQAzzRa)|$Y8i=|vBRFLVjR?(4OT#Cl4Wrr3%QIUe)+r<U|Dd`NA0vm$?e=KD
zHK`P5PbQ&cB#i3B;}~&U_7MT@7vRC#kVRb?BQ7m(ZCX&=E8LHDeXT_wiAkK?4SH6t
zlM0gcbnBgD*XZlihrrmS3onC%B?`(w4GVM9Kp3-kWde`Zt9`TjnMLW>Q*X_X%kV;{
zi!i<ZrX~KqmHeNNo(H|r#M`-p3`J*duEvltiKP;S>CenGL>n~^r@ge-vBp_jwaM=A
z_gY)wW~F_<166F8%Yfmcr8d>vvQ8`^T&`PPFzkKFobCqP%qC|G7hY13QB>3HG64x(
z@{dcb5J6qE+Nk-b?v~l914=OyPR?@ZN5SgrySmL~0^9SO$I22s3E8CY5pN^T-p=7(
zXU1{yOqcCMUb0`dOpFe#QNmmyUJZ|?DJBO9)G(WG%(>hsEsLioaL+a3k{R9^-f_*L
zS~-3H&u`on*cFiQ6t+dU9Ra7LT2G%!c;k5MZ(D3Qg5KT)-)vYY6bybM&`zv&+H1Nk
zu+JWr!Q0b~h^e@%xWnCpspa}1LgVCGrZ-J+YJ1{dc;9%GGlH}9Y`#o(C|?WHp`qHH
z%j~vreg>BsCobuZ+s<338j6YaFNmd|XB%Dhd?)HhH*zCf=_RCQd}n<BfA8GzfdJDJ
zdOG^NCm7KK0|Qha7Il(^WdUh=*Q>4E*yfas1y(LhFQCQf)|OdR+79V<)X<>NA+4vO
zS^e-qGc-Irx37SbJ(j&#aFED`9S<A32+e^h6QkPl3jZ{@zfG1Shi#{%jb=I*^@=H_
zwi>}A!9jgFZU>9ty7JB@opPv+!_|Oir?C36Ot<$Oaaq9Y?)yzOzbxms-NwxF>|vhb
z1F*{$)cxGW-Q)moG*=Cuc*+_WT#hF6H?}Rb$%6M{@BcWVZMXN;)R2$v-h!65MwzkK
z_ukviV-3&vzR_7H5d(>IxBJJAA>NNY&6U*s8>Z=7=O5bIPO=$doxB^p6G8J7=BIj%
z^xm_PUrSPN8s-{*w(7^1$eZAe@-y1#?COo6wg~=%pZy`Y7YvQF*!wrY{No2q-ridh
z2IL!;j#tc7^$J7V&5nAPRRo<{JXa32PWN9NaY%RV=}8;(X|6JWPX^F@PSC~(1`9Ki
zwJx<2iUz}nF##a!oiAUI>SPhrx%d69GS+^~P*C0pJlE1s41qP)cm({D5|bA#6MpIc
F{{U`(riTCk

literal 0
HcmV?d00001

diff --git a/test/integration/consul-container/test/util/test_debug_info.png b/test/integration/consul-container/test/util/test_debug_info.png
new file mode 100644
index 0000000000000000000000000000000000000000..a177999c0d95a407064d4c3953a823fd136a3d35
GIT binary patch
literal 622325
zcmbrk1z227wk{08-64cPBf;Ih8+V7G!QGwUBoKlI2~Kc#cMVQ(cM0z9G!3`&&CHqe
z|Mwo7)6cVaRoAXny4Jg-DojO58UytWDhvz^hOCT)8Vn374Gaw86fz>Tq)>Dn04*r6
z78h5M6&EL0adEV;wljx;kqJvkLQ;uaB>Z&tQpl?-MyDp`80hv&21WRKO@jIz#TQ&t
za<0~zra)U!NqBroEd=}z36!>y_-GL(Jsso`pK4eL?TXp}uLD~h*L<$VMpCXuAI63E
zG6e6&(f}~wucVojLI_|6vCU<>{e)jvJ71u$kpFze@e>YBWXp-OuWVvM<kMgzq_wRR
zDNEL8*_UI!GvK8%XK>5X1@@B|j?$*N3nw-(Y#*&c`#S=R4eRFo@Go3t7r|~Wlp4`5
zXUa83snRt3*5Q*z3^W`oc*bvFJUK$Ba9~6%$o-{wv_5T9v{Kp8Z=y&dN8osj4r+Ic
z-@oqemqFj8Qr@+s@k^3EZ%mV|NqZY5(m&m<fU+i^Os}-J4apq1=%l977f|oPR&@#Q
zWqn&MH<+@jtcOc(s;cHRh>qr^exaU5c@vRp>`-9&gnq?m09#Xk(Dj)!jp^EW_|mMJ
z$}&0gfRw%GJM~75E_BFq=&tW--Se$gIRa2KnTInoafvy57Q6R<6OSoGASZvjh<~7-
za$0<TpfrqLYysA+adLDXX$>ZpkIIEz$K8yjtbz=CQ%6&X8J9_-&vt}K@Ten*EWHM8
z!luQ|FP_{CQ$U=8VhucK%`vsM;^vmgLl;=-#@NWduyFUVtk_Z7dY{}f`^HC8?Rs6q
z_>?K}^UT<_2hp}T7bq+GK76guug8FiJ9B>&Xv<e_7Z3HfpG%q#`mn_Yk89x<iv?pP
zdH9{d!moc&Kj+=63FCnTxtc;hbw?DqP!Y0;Pj4n(dH;N!3}<VEmG)Wi9PybPULugM
z3fV~%br1$O1}-s(I|~~>h}j5<4(YuShz~s~a4U;A4Uy=lxfAIM{Kqb;2{go?@@%MU
zLC(m5PS^-JVm2{6W-uwDbJ%z;!EM<hbZ^6ha4BHl1?Ek-SdnU=Cy4A!0E-YG5d;wQ
zKUIjWPQVpmz4^K(l4*>u@YTAC#twNrD1{9T^ApuZa21RJ>Ru1RIZYFK#n<ScisuOT
z0=`72!G_(Ybe|}*_vuLE`NP95C4#dyRe#Z;*ie@szYi~wn$6W!B`sPmGMGU=#CsD_
zkV9<cTF1GBMH;-Dla!;C!<#ca88WH3?{RJK2Jps*V2F2F8I7<hz2>1Ir24sSgvy?u
z9F#0ILOr5C0<$Yj7?E%KtqM~cWcQYbpcTCpr<G*+lW_D&|E=kO6JOe!G4#Dav@T~S
zohGprmKB^8{uSmGm{Y2ZFZ2C+TYl#ko;d!@9r%V3poq?3KyNf2J~ARatr+rW=|L(x
znz!V2xDMEe$XgPUIXIKSuVodeD<~3ij>3{cqr)6!-+gEK6^k#0`&~0`NM=ArOU5rx
z*^Ih|eladhB=I|MELQAz93W<0jSgQtT#!2ByX2xoarTEip?u%?+##L8>K#v)(rt$A
z)NO}f?cZq!Nd{}TiGJ-3Ck<uBbW(tFL{!)`&NY71m1z{I@a0eBvK7d@uTw);9Z^{+
z(k}IU?<|8-XjZgc-mA`_vQ+7&TAUf4bEqm@{NYgG5cZJz5C%h@GpE|RxXxrrRhP(K
zLq~Q|lV6u#t6A(J(uI{&k~gpR;NW`ndh6QfdYmDZfr+4F2r<DsL5~5Tu~*bmdig#=
zgGA%3#9!02$g4EJ*#5n(rcX|kChvPJ^>NkpTz^?VGfexatGB0VIs5~ALNlMZ6}Y>(
z6RnTu_h(*D&rDs<;@h51wH5K_NY1;=%gruTxNF*K|0p>rVV+s5@KXXKh^KU!<Z%wY
zK8aK%#UKTd7LNhbS<;>LsaEM$>sv5dl&?d*723_(PrU8Db03!;MIVQ6j;;Z3u+ftd
z=@A7n1ki!6-w^k|uHd!fdCQ^3Z9=j`GD|GXQ}DW#n3cPNr^7Um+c-5Z<(Q}08uiCg
zN<p$_@)}#v=<(<mi`LPWJ(FF5F@n+ZjAc_L9?KNVAM+`9Iup#VnCEo4^x9GjL9G63
zb6%uZ9Xd-o1$tyvzGnGmJC5~pC9{X$>WjJOTe=^kF#7rjED{tWMs4*t^*T<-mcbqx
zt>mpY9`+uFC#1*Jw>P&vn2(rYm<gD|3U4^$n`6EDaJKe0nuadwwrFX63YiMGlmhsF
z2p00s3t)}%rjBO@82NWbRG<x*XUbPH_Ha+SSK3zoh$0y%Uph%?%@7=iWP!<tza$I^
zbbId@A5dIaUElvc*lzB=Y9ksNo-Z9N9oG9LIMliVE{?8<{#iI?IWs@@G3Cq)6lwTr
zU9*#{f#%0>g>m$w;C<z}BNjQ51bjS_5E>UoJbVLUm*}(Tav&KJ34BE04{;G>K{LI<
zIF;Oq{Or!J#yw&^4BZ(adcmw%XQ5eAOi@MOJOKwd&HR_D@y_vFCCs`&0g4uyNAXB4
z1z82h<F*BY>iMmituM~Z7ftv3_dyq?Xl+Et+H5gKNh--sj@gslE5TYs#jJ9MZWh%~
zCS#j;VadJ8y-U5UY1m5KmP}#k8Yx^uH`}M%9ox-U4Od?uSe|g7jcVjwWG`cWN>(Yd
zrEMmvrE*YS<0qmS7Cz={=KIT_$qL5v#FE9W#e5!@8R4T=!_5y{O0r`9r9Z{YgGUtZ
zlO({rTJ5HROU|E+V$L#R_bZ1YNVRZA`!T4Fb(y=B5^SpEHWv1w?}Ms?Wrp?I*S0R-
z%%{wx>?G%;dgghZ4hye!)VXj!#_R-H#%0Zeat3Ygs-=%N8{ECz*0%n7w#^M@C#~-6
zN4jWSXqrUVFTcU!`q>|{^QtV{uO3SPlOWW9<0Ye7<N2?Sl5IJ*eTjYfeTF<PyawQ3
zhlMqnG(6Ofhf8*yUgLzvgp-LrdaDg&EUHYuSP#|->&mSKO?@VBKME3_HR;;u>DI?J
zskhWNGF6qCCp}j%w|2xA#;=#37g-g}6s@Q{81p*bl?$Kx9F}sGhL-}*2u|BO$3GgX
z*BiSZ_#ZzXL&mWr0Q>hT53Zx4H$i<!on*MAhr)0Do7(%c3ko!IJzPmY(3X<`zdLR3
zs#fMQ-|XIi-|S=b4g6$3s3z)s_v~`!`SYRyZv^j#7DGvsM~x&RHLIYlU~)HpcP+6g
z@l^e}a7i~^k0hY}{$|2DeVV{Be%uZyFQn(>vH9V-x%z7Jii!xH=y92_QMl!`&xMkY
zw$FV2CwVOv@Q03tu0y_$eLF)3rAk`L`lbf99S#BQ#nTnF7rd?OZ(5IAQyutLteOuz
zYwLad?-unO8d+9uTl^j{!DBbAT_0P|Bv)J4<0htkGCv0Fi#`U;W7PtpK)R6ES55n2
z-EmWeZ<I>|cpuuc=R58cGPMl%YC|ofADbbpFN058!y;X-LswIxCtax&N7>Uoz#d*h
zCQtTrwI>(fymRF~5ThY+r@%uJ*f2e}Iv1{zx{`Ly&bRdTc0zFZqrGXisq(sI8{kFd
zTJ>aWLwQ7*G}9D_6}9Kv<wp;;xvam@``I{vM~sJO67_|X8#N0%I4%y>(-k=dZxbeK
z4gOP;k#|N0uGJ&JDEw!@=0S>&+%asCw8Fj@j4zIG%^R59U(SRZzhdd8NPqJ1aHOaB
z74BZkPKrI_xm3X%wnDUxV4mrxIiEg)p9>Lc$^vR%Ud`gZ+E(Yyf|{o=;pW=17K(~6
z4A49>3_R=`7zAhz7Wx2TN&YP_1xp75_gDEV7?==i82G=}QG%v_elgJJ56$0FxbI(K
zkf8r?p^s<QtAEr+rOAT(M;>ts`VB@@U0hZcnyQ<+n43GeS~<GuKfZ2+7N9uE=(xhb
z5K{knU}e?bokQDSu-4Fa(^gavFm<$NF*b8FF=z3#cly%~jF6`QG;43}W=!sBZ|C4D
z;3-V`R}BGZ{!cM0CHY@f+-!v@wG~y!#T{MD$$41VSlB3msO042LM~<&0%{Uce<z3j
z6Q;Csb8`}4W&QZ^Bg;ol7DpFLR(5`VepWUPRt^qkXbompF9$bcPi6;Ks=qbzk9H)?
zT}@rAo!qP)9mxN*Yi#1^?j}r0`KP0Q`~7X4=APF7?8(9P@6&=#koC_OR(2LP)_-do
zN-FfHR6xbr)7(x+!rC6XX3#!>?7Un&LVpqbU!VTj<-a4<{wFC1H$UIMC;fMy{{N)!
zUCmv@9qpl=x&i;WVSgw7_aFaGD8%|_?*DEr{<hG6l|ok<h$_VTZ@UIWZK>?0gl^<p
zYYAlyXbNSsKR-BY=!@=eDKrn?=}+v0uL}bs0wXISs^JNHtdC@bKRX9J5T-z}7LzGb
zBS0X4m1M$)B?;B8dXe$V2@K6K5miY=E-G5cP*$z}gu0-Ts;wIS$qkvh&TVQqpi_{4
z_}GGXan+9Pv#T*@W17!c^ZMAx*viB1hstKxy~J3#zP`SNn8rq4FE1}u9i5c5#Kgoy
z<|UQrFFd|6+KE@x)YQ62kIt7D7n7G|5$?;=U4B_afLdUDb`Y2XYc)nxtko+*$c&A~
zcY)>bn0n53&eRqF(Z;&$=;%nS?m`5AVICF*Tt11W*oz=FQbqULFKqg-gE2`hh$8_F
zBe&XXb^yO7yR{mYxnc7)lc#gI$84fsE14(Db165AN0wxqdpbx%X(|I-#{BnzLg3y8
zPmrls1@E%uiw?+9hu5(gYdMg`cjSal9CID#@M6O(QCj$#+&I8k$7tAZ@+&Znjqu$v
zdk&^cq@dfy$1g%hKNG<&fGcg45RUom$S?jAJ=!&xb0HkKTW~shq#r_nLYQ;Iz#Pz%
z)TY2`h``+V?F0beumzlO1b(!Jy+MMIV+r3o84mWaL}T4d^gT9#9<wlO8X&6CXE-R{
z3(~b@`+Z0q+3i(T6PNnpm|=cmWbQGhddGmr+^A}?jGb!k#%fk3(_8tE3@>odVlz94
zXv)!R#=&f?hN_-tQEIcMwKh<0hI=;aWt$}E+SqXNE61=12=^M+c3;f!-CQx+Ve}&K
z$jmT1^QOk(G}=F{3B%k$I^#qfaAdYVF?OH(jotW1kvN&&yN0gEMc_~a3M3{xJe<ip
zJLIH_#qy+9k&|$+HahCq^yxLxaE(xdj2(dEnA6Ug?1qAZ0v`uQw5zL&U@Tw)jYK+{
zY!+a&d3L5ODk`cQ;`MYac+^km&ldGz+|<~Mvm<8j48<!^6cDdN$T8T{@xV*wQq|Ky
z4hP;Jes&@`)B!Zy|0HYtVV^r{muYTyQcGHE&@jGb0#X_GY8Z#GV=nBOjROxCfMypP
z&tprx;9i~u+FIZ}>}uKs7RsJtKj37dYaxr&>ll<~`BJrWk&6L2|Ey>idk?Oj@8=<h
zGhEQR-r^ZsuEp{KdXNwBEP`gLl^UXXl&U^^_XGSz$ikMJ080}|5VH~E%#+l{LGiT=
zzr-!}8o$9Bq2&QWZ}J|0c0yQK*vBR;bo3c}A)bAs)#FA&l>lwfu#ujMO4a~^&i*dY
zigTE1eCw<KU^b?g9lx<}B;KJ{TO<lNi~~3k#B8PmXcVQr6td{=VH)RHL3&)I-M(ON
zbSBfQ>!JbMChlAq+1_GsSU@Iv!mcb<txUaY-$o;tnu4o>diiRBwSIN3!c{?JuB2cn
zzYUyNZS_L5k(S7@RvT_9Oy|&ueMkHj5#2<1mllDS`_WjJGE6~!B+v!Cu^`^Bu8*!+
z1YXxTtkozvaDsc>%Yy8Gvh+JD3Hi?r>s=eKt0MUv(;hC8xn+}@b2b#2f){FlK)?^M
zGs$&sW;5$>HYQ3#Y!;sT#DL!fBH-!i>DnFUGCMoFWdt&rv=ci3L?z{$&jMXee8YOo
zCG|HqGgDDgirPsFKSCcAL-cxgi*RcUw+>p$LKBEt2)O-xBaXEd!3+@G@2Odd5-|G8
zu@p1nwJ+9v23QUe!aa5cY>)04I#_}&bgo5(!Cnj}SNFzo17C%JLWDkB0}JQ+Y|k<5
z(ZBu-|M3%ODfaE6<qs=fa5rQDxI`X-bzFt9Z?QgdJBbNq3SkCL!13=Jr|<GK4C}3h
zXp`M801qeT?Evn(9ahpNBvzF}z#|br<T?|UenuUZpUip6g(X1Mvg5gjFV+YUHt@xp
zvtl2Kv}~Md*mTRoE_)!uZ^mZ`2!`>o5GpkVZ1vNEK$$hQweDnFp;1wDcgj{h)jeS1
z{=h51P$W(R-yTIa={j#k^KYW1m=Mf&brkHUZGFJ-UV&I?lC9{r=BPWsZ3Mfq*Ps~D
zV;9X+5c<-n{h&DFmRUeEsrk$wxnP1WirM)F$D!Rx4-YtmM``fNd2F5W@OaUZWI?RI
zY<gw4%<o#Xn=gCV_d`|&#GJpO>p3@lVC1=qX=sr1`Izzg@-9TkOdIP_1h6ccVJ}LE
zQgckZEG2xmA#`U7jzJhZCTbL4dlJr#gaosHHc;B{d4_WF;Kkinfx#=JlZFA%vL*Tg
zYpp?@DC>MR&`x#S-^q{+ZRno78hshbVIPgu$`m}9ONL^<AAJGGxUCuj&+i~j?Dec<
zzubh*e>?v~noAmXlX8=V0Z8N>b{1|B(j3elX(1ms70>7l7`(WjjOz7P88?+A1zLdV
ze&99cV*2R-+{mjjx1FE2j#wL_J?<lzAI~4K-0wvI;NHh7$-p+w+eKR7ix>cCu}%)>
zXBTm@?Eg}<w_WB(MimY4-0b0LS{3qN5E1leJ#Tl`v77;1e-<*U>O&IndK)87I>ZzK
z$qeXuyEt&qFUlJYaHn$(RGRxNaQoTbnRMub<v6gh*5LVB)ng90{Tt2q6Y$-3>_mTZ
z@?F3nl~*_L`X`xN4Rb}1|4cT9DO?6q1oP5wDj=QKSCE^F7--PN&}S<I*bprg4e(05
ztMl6r@_%P{vT-&Dd|V(45K^j3!RrrZ7Xf|u60!r_ScNd*_K!b{l7$Uaq8*NRnr99e
z+hz`+ym)?y=?l5&O9TmNl3_Iz1worLwLE6?f2X`;xvtGRbZ_($!g`)?Qrl^l>1Uc*
zy#sj*;j1QV=o4rL4A<CyJo#}4+BXB8EQVyx){k!)b$SK#HD&+6yR^e{Z)nQKY?;XP
z>$@A@3+RuB1Pc%T81J;=%zVj?!`pgA{BA)yfQ2gh3kQ%+u*UHe4jjqeP`Cti+R#Yw
zi%c2#dXa7S+>wPO;OYAs)ZepCutb4H?3<O#0gj|Ua+?F%kzZVldt`;2<fb1%SsnMu
zJQFH;UMoxkrY3qZ8@=xD7ej>Xx-gI2=R0(ee1m}>0)7(J8H2>h?4KZ6WLrN8QEp;3
z{BZ5lv}xy^4QpBEV3&&qR$eU+@aZ5m*4jg{jcFLl2PD9A4DX4gfiKP+Q8B@azD^Jn
zoqcJ+BTG<L&_EFLW7eo$kbN#$*iQEFF|Az|X4uV7)>^;q3uDj%Fd6`vuz+fp3uB!H
z(SX~CBOTs`s%Qv`eIx-m#N%3;<c@n;dJW2}%QR4pv2R37M!OvH_P8gh<T$tTp$*oH
zEcdkRxk}jQc5;{7=k}OGZ_g{{_+6x#g@u}~?i*4*r%zD;kkY}yfj0-bAPaCGj^B4u
zhOUQruAFfeP+^K~1jn(I;^Nfw?Zzm=zsRz^sJ8G2IOm)F1>Z!-iF3yA*n*|cL`1K-
zzDmG?^xQ$2-#yeE5t7=DZTjY(8%Y|q(?nXsWZK~95Q5(5oMG>ha#Q0slN;skN_I0A
zx&9tpMs&N#yZ<{V@@nA{$&Y*(Sc7>Q#6de)y>3BbB~6TS0)@pe@3C5YyI688@CwoL
z;nIBgETBOr!S5bM$Bx4GcHo$HDaJFBj%qy2J!=H=S}%Uo>okaYo@(5s?1y`eV@&Y~
zu<^%9?YdpaGI>Pr&EWEqH0k%+TVkw+t`;3uH)oQD7)xRY@f5#ZfkDxXn<|i9^iGwz
z&h}`_0_L)`ATG3}$I*MJG2_xodn`_L{ktdZsEV7m*6-9b@pI>H4Zq_Ym6xapHa0vw
z?Eg5q!(qD;O74L@MY;Sf<h-UiHX>PVAH@6H`**JUSQ@|jj&e<Z_G|MPbai!g>-7%5
z>$~*;TQQR$M2sTQp05IrI6349h=|rat(loP_Aq`4n#pYOaiZO#`Z_6LPw*8(vY2SS
z-#A>g>)Nt=oHR-`0yF~s(M2qkmlzn|b4$h9;D8^837&2`n82BD16-bCuPS#2Vgek`
zeFA&U?P9m@q%(OxCp|rH>WZD<75Ir)fVLmyGdYGnqWh%{-V}Za7=|DzeS0*czXKdf
zVl=-@&11Q|P~RE;{S{1t0=X)xOo$9Dwrd$+J8j*5mOlmUJgc8}4v*vT8N;A^JyVPa
zTvr$=DExW~dQ6XhAW8{{{o9MyubTYIk>iEtD!Lz1I|3Sd${hiDJ3Xte`WYKYt%sB_
zQ_}D5W@MF(F!d3w$P0QLXSt5?hg7s(%GoS8FxT78D@p6Z8{=$CU@r8#erPH;=g6hT
zGNDAZFs55;cBL&h?952zc2r_cZB!W!>Q#{~)>TprVSaCX6Y<`RQS9}o3vG6<Cqq6*
zKL%d7w;HUyOw|{f_Kmo&stq6BCpEe<9|<%|julkOR!%A(!`XEio-po0e${1aEQC~<
z+Wb^H_1g85y#;M0zoH?i;@q(5SGWZ&zHHxfMj=Dy-O@DpzHUEJ?HN8m*!?XOLq>kB
z>qE0FSvz-)-ObZ(1_?)4<VJ59T_E`}F!*T-VA)_l8UKKtJ1zf!Z|X<@R`21?*0zN8
zOw>KhX|KLdN@JZ(nz8GE2T1I?;q<Q=w~Qhu%-AEW=I59{FShl{!J8zpPnCjRjPscU
z{(=gf(56w~w;%N?I(MGMPdjH)em?ow2q<gvg$&&^LU;D2@nYKggGBtx&JoMn(2Z8G
zYsf*H$tRCg!vN3X*@#(C%zAtKXT(G--oz%vXzXF(y}iB3sFUUW%z)=?px@&}Fp)tK
z==u412hzqY?`n(NK7}wvi5xCtz}kMTMqF9zcfGIrcr^~P?)i!_)8bA7=}KwO%8Efn
zMZ0zx)1KmIWi_mR7co;P!ML}>+x2NX`U2sX;s02|{x5?2MjW=#(D3*oPk(akO;c<f
zzrpeO=vP6nZfu5daB%QnV~ae)K5rjw$<u>xCkhmQ6lql&JWl7y;zeNY!@ppA$MA*c
z%$MoZa<Su#Ncm1pPajMTx5PD?NM`Uk2S$+zOA)6K$H%z_qN1U3mtL$R${eG;3j9P)
zj*R@jNGx$+bZ}I0#KpynGbri$d*=#ceq+DilLl2n!cw_yrP2jI7M!lO+Tv0ohbc()
zCZdEJa9WJeiO2WaFE`LrSI@LPEXKQ1hG3G)<wv4p<GQ+;Nw|G~_rDs`UsEdNeHHoz
z`Ma@pG9}$ysWi&P1p`1z8ndv3Ao;3Ty-;bU(b2H|m~${v+nx9l>ZrGj9o;TFvMzV{
z2~yMY7VIZ$OUel4p@a=Y7g|$LyvtY<jEPkG*TD3jTU`|bgB%X^-tkFE^HIVr(-TA_
zgAw905~YYfIKk=%KyCy~C?CZVWy1}^o3-bfobgJC2o%A$`BrKs9v%$_cZ(Sm#d!Y;
zp8s<QP<8N`6A6~e+a#HiR!YUhgfbx^k<Mk)`Ea(B$o*(;R7~khn!!@@-K<s;H8pQ`
zd_2VMcwcpBcw9ZNcZw5<ow)da$udxKjc}M83PdC%b;#ol0e>}xxutnbB_$;$nNafg
z@88{eB_tGQGL5OE5>J*J4W;EqhK8nWg|$lb-yr<YRoP!tx559MH7F8puailM+e1g*
zo7o0wvz^H(Oh_V3Q0od48&ddHK&2P0YT)f(uka53UUkpgc!q)N3nj#teqx|h_fg4x
z@98^-94kWsGe7NqVWgdahKgH>KDN(a666UF8-v%=({ocZCMz3O_dM?IExVU39&%`&
zW-Nh+2VUnZVxpo7iYl=Rg9d%b*jeQM1)coYL_SFW9A1w2&f*|bU7pKb-Q$i?Ux}1>
zEmZTsccR~F$PCfh{T>8lxYT@UvTAw9kcQ7yDESJ$bgE`Qu4kZF!k9|-4-bEC`3jS0
z8x<CoJ?MQyM?n$Q0lp=91M(MgKV8v@!;_bn|5d8oX*-PhmQO}fvb(p!*0AcH@m~?j
zLabNh)ETR-^paf2f_{kRZ)A5r+dWzyC>8z+>j;nMD^nG!N5|l>=J%`7bG_V8@GI6}
z+U}j+lTV06er1XM%HQ9A=66{w9fLslrK_?^-BQ#W?r@dpqHqI!*5)!MD$cl{N=g4J
zT%4bg$E;AtZZ6Hde2mPbEDd=9O8Ly?@tNBj`T89alAgxf=@aNW3q=6sgf+ERi8`U|
z_ZwYG#Cc%WWh@pSKvbARD>cn)$eO#C8IZA5Z(FE(A#m3gWe&v?OEw7(xBrjW{kK{7
zSsy--60UglQ)1!h<!ID|#P70iXpL$H-W^mp`kC0jrK5Qih3pd@J-D=)j-FP=@C7u;
z8Pf&2We%a^%etlfeRL#`LBf?aF`+Uvq@X3wZ>Ye#>K2FjeSh{g?P`YKFo$|>tx{R&
zUqO=3)1;sCB1qJHTa%~#lD&P4NusCL>cNbpwl7U|Ep7hoa^^}&{W}93P=2#69Ck8$
z3l$J2M2g?}-853t(&~10=(7>Xh3SF~(@<4K$Ho@Zwp3@!TGq>HWf_x=`Y&iAkrVOX
zX(W0$IW!q4D3iFnzHRwa*}#Gv>I{N?t>Te`DNnY}P@3YRu<w7#Tu}rvJOYBMiwiCS
zBK*|lS!edc)t>rR|F_^|ZK6(v3!Q%j<CR$9S(=VMT;5&*+Yxt+xbh|Qub1_XNbBCr
zPV3RAXN{+PmiCvW7p`+x&i9nb{R=?r31A%^9px14WT273I*>UlM*A7C<-8jWIuN~1
zwhQ@xWgug3;aT3etfg>jb59u>fNQ5N#_Xr_rf#RpoqN|?l^Q92L7@uD!(!w>U{p>{
zPElUbC*1}+*^evEA=r51S!ae{8U7V9ug8a_pwSIr7gMO~7nl1B6K5>ob8;x@fxrx3
zzqY~k@#y|<B(%M~OHaXJj{jY=W9B`)m`NagvAlS=T!r+r@pHTnQ}mQa{$xhxt-7&?
zsy=DrJ@Y@tJM;Qg{kP-=z6RnO(2JD7clR&A`yG7-hKu8~MhS(wwS;#jIoxDwxPRa;
zSj5xwH8qby9!vm8z~x<n#aJ4BZ*R*DL3rbTdu;yjxJv_S!=*pslEM>>e}rF#TlIwe
zpy#AsZjc@NM=L*xzlqpW(cE?#Vb?2Jm3GG6`TPIy04#1yo=Jy>%{ig6PrkvTM|l+}
zvMNSSM;H2rS4p#1BH+<y8qxc1^&^xQ8au=;H2<5t@Hv1O))7DnFtnwW3lEc%chi^1
zbrJ}061=>ukdfO~BBy=ka7>p_G7~ZTJDRK5!;5@%baNID7Zyxy^J_m?XxOT|+k?|c
zEA-DjlqsP%$;pfcaEDndG2`m0`FaWkBYsu25_xUDov*Isk4Y+{oLwHmGyPoWr=hE9
zBYIST=9o)(!R-DJWcVyEi1}h_eI>E0fsNPRbELXGJFlivOSp|kc#6`<EFf1?OXoPi
zBWG9>Dp$+FbaQH9L&eU{!J&plD=fUaYAoAn^B0sQ8T#|<`#NjcEL44-YY2FO)ou0Q
zW;X0d3y(M&<F80nk@+ZyZ1mD}mq9U;V~!Rc9yy0=eK24RzCF3_KdMw!jkTm&U2^VH
z+o?nj8%^b=4j^E^xHAmM4n`w_E`MN@*<Zlmg!lP&FI~Ca=O%|nG1Ug6)#D^De>ic{
zFrdO!J=g8O1j{TB3YFa*NrPw6?JYnNUzq<k3AWjek+UdS0zQ$dtT8a1w~APjMho&A
zw37r^2l=t8>7Dm)#&=Wjr_Jt6A9a#&2Zxv<ZD~~poRcSKR?-hiavJ^h^&gL{O>!z5
zS>5ec!de>kr9}PbI#+L1WX6S+Kz5Lf=e15z-g$QuN|`WAVYUq4z@QV1c~f`l=4Lmi
z-EEsVJX;cW=ic+!8SvrSo5Fng#Hp2}Jx_E_)$O;hVq;aWC&W$Z>FIwtgtYtIO<f<T
z(+dlaI<#tJJR@H>x3FTgJP@|RLGHJ(tS>etJ(g{9rpCvkQ+XYwIu5BD0Eq$eP|s<q
zn1ZGO1FHZNCwoSKDdr6llG=wX)`SGF>DVW+rSweY0Lz`pmJz%<dd5bYe*OG0583CL
zYA^D7>%2AG(7VEWZ{TC<wv!b5i4t>xA{h1H?&P7)+0i(m#YT+0$(bC17b_=g8wOS5
z`9Z3f7w0{L5^MI8cyN4U;U|~IJ=N3Gr&Kmpfj<fm7vAA5TTDgstw1Yo1d*Q-fc0t6
z;fKb5sasU^aOfBrb2%i<MBpVzuT}7H;pmtOK8K6!Xf-bz<j1dY$G7>)(+SNbU2>o%
zq;jA}UDG-O97{XA4j$?}#?Ca|)&4EkvLZ^(!5=uLKIu)GpVmWbwanW}XR2I46|1Xy
zCTn5>nb2-I$kC%`=nc)<8G^ZcyRL{9peHh4*V&;Ytq@7(h7_DJKber-%KYPM@664&
zOVHs?dSFRH!44WhP)xaOoAo5~GJ9*kRQIby36(nphH^tO?LLx*x_}fU1z@`W)L^$-
zhSA_K`xOzRB?XG}DBHbZcmPm27475wy~+S4>A};Lph}#@Xpw=$mwpPU8Rc=ZAbK<h
z5$$}r5KM@Fjk98Vs#mO^+M|KLU_D)^?xcb|ngOANJRVgpi5j`T>?6^$vL^LM`Gs;2
zC>2sZ6oK1o$ANmQ;@*?<!-*4UtZgc_y}h?M6f>MWffeE3@>I-M<l8^16s&28{Pu5)
z{GI=tcz~;_q{{C1Q79sjbS$eAU-m*H?<y5h<qWfH=BmvI6)lkW(7w~9XG!@U4fNhz
z(}CXa%94c{OqDcu!o){#swz_}g4#(Qd8m&qw+4G?LF!1A%Esx-Oa-sTGRl}=w(d%I
z)o3SBEsh*sxQ&KOWhwM3H2!`f$n+ZPsW6izFQHV^N`a+4k7U)U2c|o?`<i(Aoy#V1
zXCX4oKj8cS=^jI&TI2$mzN3#{Lrp`*Iz)|*jY$j#%{2Xugi#YHeYF%NT?Ql<+`NcS
zu&%;<aI8pM<H1Ne7n?d1KD;0D%QkI_QS2Wbh?pZAq3l^`(b&d{A7Pc6r%h`#vm;0%
z>beWo?7TjCa%iL+%S^R=*6dHG^9=t>yI~yjg+BQyN4<ECu`ksH2-^$Rd~><1p(`Z+
zK^Zv9F+ia@Ls>ykZ@-Wz_SC~<K<RCgt^10Lh0<Vtwl6=81bEBz@P!1vK-|?r#dyeJ
z_+BXXLfK9Mg$giJB3Hv<{gQ_=tETrOG)%w6E&E~%Q2%Cp``7qnD!0pt1%ey~q4)K^
zXb{r6EIBohXG3-9*RSdt!Z&Z^;%F4-wtGLW`-OBsZf#3%r}HPWw-DThv-IeASSqF{
zNcnw}*9^~rkPEP5!ce->w~uRHy!y_43D@(6M;hBB)|%oZke@*_8&6T!J<-DlqYsYS
z^|KmXdaHN!c3urRjb4*lhD<proR)KM*{cJ@@K<NDfZV8<Rd1qcrazw-YKI$q;oTBZ
z(m=srsAX-80SY-q0{PwE)^jH!mNectbZ|v}pIP=M1P`Sa&}=G->_pS3b;D7^xKJM6
zlCcyZFxDRA&dwpV6_S2CBov)Ynx%T-yOGLisH6*XDymyyhbef1|6<^z5ZxVdiB&2a
z2;iW%-zhe3_4Z!LQN}KkNB%8V=6=+0y%B=8Kg>#`*Sywv#_cw(7-V&|tM~<tOZFc-
z{{LjDKZP>{@Yw8=tXyKO^O1%8Hzs&=91EFGzHM}sRbQrNYmyI9g5P(?g%28mP@|Fa
zEVOvva|FjbZ^vBR7jk8a9hMe~@!;U0)uLJ7L`Z31F`EAqjXp?ZUF3(&H0gamt@r6O
zSZe18ZksvN%vHjmYnG>cfPY<zE0$H)6tCtF6!DomF2ucQ)%@|DHZ+Xg*x7BIS{xdP
z`fY<xxHruk5TJOZKBrn7{`Hvd0SvFQN0_9RRG|NB8T`(G$&e^4Om=+S;?DZ4Nj0&J
zmNTPH70O3Y^Y;33xKhQf4#)ZG{$h*E_nu9_d2<H-&DHit4J~&la&d9nFGcQ-r7MD7
z+U8E#SUQ?&9}T3YFbTNNiwiTV7}d2HMO{dW_=vPiUelWgpqAfXAT2dH!{z4_%WFwX
zN~*Sc?5Q*kx2T)+NHE{cerG+P>f4}WmP~G(rV0-Js@fxA>MN8($ULSATl;vld4GX5
z-4%q?EbEB3iDz|*Pf)Fbvj%*5QeSFuFMSVwhJfh>1&2#2S`Zd&W=ryS*O(ul@KQM~
zl}54g&aCjo@3_LL0?bwL9-Tg-s-^Fa7Yj({O}`Tqri@D2FZc97q^Qz9dFyyAEOwUn
zw)`~t<hBz$<n(5WG41II-372Rg${Bj8T}%WOXaIM0>Xyjr{Cz#;qX2=V)DMy8}}Er
zqb#r#4nHBuSAe5cOyF`j-w4?#t5%h)OLE1n&%FOGFF(9LNHlP;Fi%{j)&S)z6*%O!
z+a(fwe0+r$V(!2x&Z%-HiMfcpB#ZIcZ08X4=J^tgSVEt>LrKL{uGyQvTQ;-WW__g<
zhuQwg(bIr{C*vJyMIsYZ(^<(0WQh3Pn4sfyg?_8eQr<q%e-UxQqR1lSj!~B3>!aq*
zwYU)<)T%tNqZ?<TD_9+HEob5m!z`G9A+Qt8-wjXRC)t#4jmpUC@%gA`<wpF#IF(~B
zx9a(YC!k}rL3gMg`!i!jlbCSRNCOj=7MebOl9D?7;bko%zk||=l67?QAlZG$gKF(?
z9DPT6c*FbWHd1?paPm&q2eR%nRfK-wkHEg=LtH!v0r5r0DOIt7O5UxIFz+|QrzbMf
zVO3K%4(<qBB{%`}8f=p0AJ}-rC`Ts;atgh4xjB@@T9s?wKZg^U-;bx2XNKufQBW&W
z{q+5!n)_8<>Z{+gvUwZ4GT61`=8rw3D96OYQt;A#XQ=z!bBFosD>=Kt8U(fFrlHH*
zTs{Vm$oKrY*rQqMxUau&YFb%Xo`NFV<0hc$cR<~CY2|Ul&GF(72leCy`Q~O?tIas&
ziR>Bi+tk$x+trqYQ*d9-xYfhuP6jQ_t#W9=q$1uRAWy&?wezS=@|U*f0{L=w7xHak
zUYjage=rc?FzVynSP+9tPL~U}ZpjN#EH0qUK$23!QJUNu94fY7o?KIsWjhPtB*Mv)
z3sNW+_@q+06fqM4&k2;j^W5$&lBc5E=zlzP0A$2dSyopL37F*AOcl4ae;Atys(R|m
z4jy>tLMiT!=m@?!lGZX@mCnqPj(qKpNVV~heHHwPvA3552|drYqJ6A_^Pd)1YXTPN
ziA~?znim35PQ7M=Tn@9Imbf$<zC1$?Dq2qq0s~*QY(*_Ieo1U7bo%*;<bBZwBYrk#
zG@0)?Y=n%NSsto5B#nmO|M8%Z0sV$Iv7sg2nX99P3-RLpf8r1QMi>1F3KcUM%c&*l
zpZY8;h$5d`Z#NshIfM2~20Z0TPgSYCcZBeuntN%UiUr^oD{e+A+Nvj|qbR07SqVtK
ztcg}>hYw&L4j7v8p6u+npiSp9QFPkA9cpmh9iawfhR3Ec9M!t)pg#T%!eYRC&{`UC
z&1}GoFAAv|c+ZuraZ}~g6$p*$KA*+Fl6n4yZI^iaDzfdo`>M`nmO)QzmBrAh3&AZV
z+-W*X6t3M70UlA!!h(iW&^unU+(0pch}A`}(M?DgyXvm2%XejF&JvN^YbA|ry=+ff
zm6$!YJUEj;j@g?l`@GkwVrsbzZm|w>lpgPuWuc{5$8ngYqHnU9Z)vEsI)hX!A}N>F
zdHKE@cPt7w(f2gq`5XQ=U{j`7jkQ+-4PP^5IwjePTZKN&1wJ|2i3S(1+V^T73?Pre
zEmZO|DA#ysRKIU@SpC``MG6hqv5uwc>?OG)Zd_Im(5OTZGP_Ikj*P_J!7VQG*U7DJ
zJ=H%~%2o64rMd1;IjqtP9lxt)7i!Dsc$Uf=EzHa);&aJ}U_mjVT=;0{*Bq)@dgN8f
zbF!2)4a;~lUEB{f6}dWe;N(zIRA{OsIE!4!9};34!?!KXWw<Fqa~!k+%4FPI3W-ie
znX~p909l<J!g#2+Z3VE`_lm0Vkvl&|Z)3H9P9kDGt~-v+>I<)neKks6nJ)R{C1>cz
zC>?naREg9#P>jAhDAO~Yy&Ux)0`w3HO%Ga!B<P!WISs=ovu>4r;;Pbg*ZsL47tj=n
z2{}VfUx+ni?#y#tmHIuW=a~D$u|wyq7V=0;;c#>tY7>1|!Lk!66NV+sC-ve9Wm7TT
zW}9HLk^Ce#bqWupeZas0XMq=&%jS&rbkTeHpxEb)5WrNx3;2{C?)+i^P#D2-nAal}
zP3G6B?g2&V=!)juH$&s&g|KjuRXzKmyp-#{SIp&blSH8Bd(*<}Ssn`Mtx|jcaL|8h
zOTZumt7`NV#J}B;XY|*ufDH=`&5~zrme`Bl#h=J#+Io-?lYr?fvJ{tL)T+oEDPs~i
zdg5!@ctM=#7@?E{RYm0BD&yh}YdD3M8`>9&2k-;hWf@stYCSKAY{F#gHxtmTe|@i<
zarwg9I?=<K(>`;^Pb%P+wX*UdmEY9@A%C}d9Q9j4_{@w(D(~6*$CJi&h5AAoL9Zcv
zoB4)xp4&ys%&Dh`D`AuS+vT$?+sgLDSFa-d1~R6gXGIf{#GF=VYwfqG`D2)`-k-R7
zw4_}!X!+LtQx@D;(k@v`F^S#2CJ*+6*%FD5R?5)4uuVTm3tK9$dM0}?t;+{9eBbO$
zC=pjczr-p4SNaa(9-P;LfCY+3b6NuNNBH#B`aQ0U2^&%rG#t2ddeG3-76tV<g;N1^
zKZ#-tJpJE5VH?MPuM<30pCzefuqck8)S}+0eRJN#uA!DgIX*i%lkZCOM!*g}AL?;M
zM*<4rguG1Xpf~xhSGMUjKmuP4)bC!GYF1u<(Jc?6qG5S(VK3LI?T7kA&Z8s~7$~Z#
zBuI&wNxFzBRPVZ53YI7sC_?=ZgOp|i6$ab~y^DW`(dvQJaqtT1Tykiqa^a39KaCj^
z66OStAYB4{P1G`f`9rmO`mcbm!$wFYFLh3en8J6HvQjqgPeMn#uS*IkX<W`__N4>$
zjGVhcDwyBiI7m``_gJ$*TdaGZ;&vXCs)MWdBLP%T1`XWJt!QmCOisL~%%v4No61Mi
z|G0Ydh%pVl#F{q6Ya{xucl#$ty~0fze{K4kD5^~Z{bVyIi%(JgdkTiJIRB|}phW$u
zV?!06Y(6x#ggP}qzg4#~bP9T8X*1nY@3CcM0VEYP#^yB<gV0k5sm#AX?$+yU?;KDu
zF!ITQDhlwNyW%q=Lc_k^5&Ljj??wC2yBa1g_YebpzfkJG9+s;8J~vc}h(V%eY)k<)
z38gC<?B*R8M4-|Vl<!-@kt+oW@xDDSP7>{S*cBxhN!<fB+O3L#@A9?HUd_Vw+~0fJ
z%$22hEA8ZK6%q@2pr0(&4^z4_a1iOc;oO{oM9$zU+j*2FofOI&7NyCEmGxUaX1&j=
zUQg;`zFnxaOPjbFf|95Y&k|3z8l7c_kj-4J%<}jm(iPccmSSKxZRWOHV(e}eG~nXd
zZZ;KTtn1s~b`h9R_HS(MDaz`<QOk`W`QCUYTjOJ`N`GRIE=CVJD^#nO+bC9=g+^19
zk3}G3tp=@Wsa`Q_+85y_I2u62uw-qBqjqT6?0^c_f^-)27AcqKd3tL6?ZOvn#xj-A
zqZ8RUno{b<+=JDR>#C)g{`Q8dq^0fq-4RyXMc_Ziv!bV6ThGo9QVcX!HsMkyS-WHz
zSBvo+Lw{lSQaORkU+LZ-UX(MQ0;BBi58Je?Mh}N_6HNnT6zuX8^Ye~Nt2!4Roi6&)
zt?$oc-S#I$y|-gS^!pbz0Z9-37ZH7#UWv&IJVMD94T=S9?o|8vbAoeuoi5NwVSsjE
zQ<;!NP6f-}<N;4YqY93@FfZ;-QB_(l?`giGPDRM&o~Y?E%dgB`^l#Y{<c?_dST|Lb
ztDM?l0*;>QYgqwB1btX6#NYcHe6bh3%(-mVRF|p>y&V<dc`@^(sBi~qWtfFkqSTu?
z*%S=&&ryLJmDRHq3F7ZH$y8N`6LZ7564L0h{amqBPaVQii#`j%z0AC0uhyyE-Og7!
zTyBJH;ns}mr74={=iB5Mx5`6oa;q5SIbDm)wG#a+zL|RT7bY^uZOs&`-<U1Bjw|M5
z`ak|kao7%R(juZEP9x6Bz2Kj2Y#1DLHq`4txe)&kjg-%+l0PdA(1ZK9$eE^B$X5&{
zpN4a*E_XV^-}m;|OS{m~G6r4NP8Iq0(9BTs#QU~ioPWVbVGRik3flh^UKF~MaaE)C
ztCTMe8gnk9o7a9`oL=Lc#E3;f!fczIK3tvCB7hwhx@-2lFnM(`&ZGYka^rTV|M7?}
zw$R)Bt)8KfYRC1Iy!A+OwYLy4F);%!CRv`IbT=%;)n_EKJRbWct2jo@G8NY`R?qGy
z>&n~`zX~3h-(}HJ8QjUyKbGVa$}spct$|H)3TD26hX^Wo1j6hU?&w+v_Wn{p`xggZ
z(p8t0l8yp2C>O7}ZIsVYu4&8KFZQz@G_Hc?>sn{$UWRQ0G)qh!e$XT|XwB}+PGwQ)
zWz?~6o~eT`Kj*T``kjdU)VipoQS$u?JrL&NzX(DAOeB{7sCO;btIrk<a+u4LkVwqn
zyKruIF+DkN^EN<NXQgoOXhLhhTWh_(nIB$Jo2#{CZ8>RJJ}9iW-A_o`YsueQKZW{8
zWt0V-6<X4yelK)#<5d7IRwk}U2U1@_{gnd~d5s6PzJZ6Gq|BS})WyYHLu7HTrzC^a
zQZPCRPo5lQZms9J+88-ag>L<jE6!ieV9)n0?j$AGr*pN>l+!wrZ_HRlE7T<fMsK!S
zF3X*VOP1nsV-P8>E;BT|KN{ZTJg>T&^L;xeG1fK)vuU1wG1f|OPmemWGW$lhGb@F3
zj>s*Go&Mf<Y?I0R$Omj_=5@!wd*dUewo*U2g!#qYO~SllMc7<Qm3P>2-+fI?0zO||
zGDXAxQ(BR*^pF1apKR``Z%DyQ&zQRTrtTlIM1#K0RGT8%Oyw0DppsKl2R}di;6ZMZ
zwz%i;@bGSGP`{Dz&N*)77h3K&(p@ALwnJ-6GaG7XlqII7D_f?!6MoiNY4dVz2RJS_
zD6XsQZEr6eRUEMuPsl9xea=izR}}nsn#bC4-z}GMVzgex%Z@`#Tuh^fcnDng2bb@B
z`<42R26%ff!Hq*86)`h~VLOYmn&MXd2-|%7NOH|bE6h2W!cuR57>nmqy2Cf-VBJRl
z6y5S#yCetx`DRamas36uBqta0^~kH!eliEaT@9oW7KULxp3xrO+@WiKXZ6xm2Gv=N
z8{f8m|2A4GU-NiAZFM{t#2FYaTk+b{x1ryKjn7ZCYu-uxQSKxH+p^T?sQm2>wW_l!
z&WUCN@WCv5y0<r9K1r?99}?dgwtWW3TFVm_kxybNzEsp#FiH1eIp&%2xGRdN3q}KJ
z?xAe)0i8F$wEXm{4D77XY!U#@ogF@efQ^sF9>!MI7u(+6jZsp&{KqERj6M9*VIPCZ
zrj9qZYL~wTi0jjnUmJa6RWfFgRTxmR+0Ap0P;Pjrz@vPuAg9VxE)+S(D8P_`iJqG2
zCM`oR4{Qk#mXRcm+QSq6952`_ah0YkBg2-TpI^KO3!2&;?T0gz_UGp;jJEoe9Niny
zQLbA*75ny~>o8lqxX$x}vV2XU%0)uq%kMOPS9*T_6rQ5N=xCroM<CSs)R#IL7f$N#
z?$I#o6B7;qFFSU6n=uIm9PU5Br?H!c<)<+Eka7ClzU}6GEz#(^88%=&U7$$NAA~xh
zsGP~8FWn8laecdtr0(zEC-Sypr1VnT(_v-NQsDHK6Kf<gmJ$4;+0cAJpmjXO@6v27
zZU6ziv#%5M(Bvh}e6fGZ3HLFI#Ihgd#Vhk-#<?eXaE|@eDK4Ilse~F|eNzcaF!dLg
zgf)xfUwQWH$2ri*dfB0Ei3+L7<~|vgy0%f1hyB>yG(AM(WDgmcebQSQ_pc*A%J9fY
zwb<MN8<!kmArZMWpkIkDKl`YGYkHZ_MzD2!j8kIxCa>ld%nGpt^a`WZP<*k#o8LWH
z(azG6<@;CAh%vHnd;+7^#8IV|?`M?xVe-oUV)M#~_rE(K3`6hK#0i*jd*^bcF{k73
zGBuvk!qXaB&zh533_Y4#I<+eeV7%8%w|4T=Iv-79EyKdb8yzH850mg-&`Z)DOOwOG
z8A9@20w*jfm;&99meO&)O@tO$4cZvrG>~?yQNHv{DtMb+0m}zgLDOeZ1*d!PrnCDl
z-S4=FZ@+zLW?e#vd8)Hq>WH=Us(<fK+$&36ww>rWn9uI0d8QcFOL2j}Mn=TH<kTE3
z2U4Iz8ln$z5~B{{EA|Sv5sA!YCrjkh$-L3R%x}|#R6Ty(ZMkX;czOO4xa5i*I_6I9
zS`T;;9!<T;Y1Z9CLT^%y1B-NU&@xd~`9r+j#WFRGi(zP<H!NQF_P&5SDYp0aEKe)2
zo|6o`i@V`}QYU>7Ybx%R?dI7)GVA^_z$AZGLwbw_z4cR1Fpr0uoGjvP`b={DV3~Q~
z`yNsk^CLjO{ZL_kb;9t@<7?Vro`l=|)3oybUS@hk&R&5}VcRm)d+KQ5_dI9zuzw+u
z=NEi@ZYBetAOYHxp-0$-!NOR35%@aiJ4uFfpqZ_H;T#rE%JP1<`*UOOi#{Ujt$qy6
zn-9rCUZ}>!7<JJAM`2lyb-z2+vo)<FfLP)Hp@a<fC-C(_E^QJbI@>LCT?#ER@Nr-K
zaIXA^fWzjbnQU_J<6$YQ_4Ct1qJXQ#J~V7os&$6yad)y@xJGy%?9g`6kLocBNgr+H
z1nzt6J@o*aT|2fqDjas2J`%9U{>P!TEC)&>8k!{%Q5hXF$pqv2QVxd8%X}&WoWtT6
z|3Nj;HXd9&$EFQLQuF>>FBoZ}6fSGEVCN=|LXhvhQ_JHakiaeL)iB{7XVQUl+)q<V
zAx-ek93tW!L8%z!=UFCs2KCJ4lj9`bkuGa|_>hO9ceVT8H}qgg+Y`7rd4;02OUvE}
zy{y`^^j<>6>-mAc!9g!!k%wV#Bt>ypLj}gw#oZv`ruk7}VAcP)R1i$^*b-P?3w{gU
zE-q&Te=h|Jc+VLD9ag+7evdhC4e@<uKI6>ba}c`GPe1i8kyn5R{-%AGMkKG;N*k9+
zx#P;9z7ouAXqP*KF^g8v`^d1|BCl|Lds%SdM_ckqY7KgtEEm_AR@9iVSb|{>y;kr{
zXhXt2IWQ11b~Yg@*nAodLT*EmEhK}*9%1Qxav>luEu~E3p1?d_4-i3!)>Rx%Vg=b#
zQghV2J+~f=@u6d7jV{$+LPS6){$zOd{^bL~+XI87$2ppfg(mG(4ljlcZC@#b=Wf3*
z{1_wxX#%C>>c53X{0}7MgzcPqCLCvqCgaoM%RKpQtxs1LcO4F?vuVO7?&}OX9wslg
z_EiokN^cMG`Ajyo3|Vpj{`Xx_>i~4T5coX^jw>5$^0Dfgt%3Z;+JhAN<D;podbrJd
zgiX>V?q8V4qEA|Yr@^yf=Dg1VcIqdmh01_$h1=SO`64*Cd?q<82``iWZ^){6&p*q4
zmRgJ9rld&(7e1Z{swvEawAxvVAL3-U0U;4TTttjeRk3m0)xaZ);d#g$IS839AoTg;
z--c2MAraOC>OKj*DRHMAV22h1$(^1)Dr8OQtxHM?G24Zz?5K03cm9wYEpKS7jVWuz
zbzInO)qVa5*rYQ+5`ln#5FVDEMMW!i{^t(u0GZFs;Wwd<>YveUp{nH61w}!?&MJ{g
z9jvb$xX4;t{lvV>bf({bH}BCL(S<FHWBXwO?g!sh)!PP8W;_`QMmZRLkBhq@iJR~%
z2@R_<ry<dlQgYM86gaXe2~S3*5qy1OR1)xyXv!fpnvzT6@Hz{{b=p#)6x+I5z>{yu
zv55@K9EJ0i@xD47dW+5b=FmDW^fK&M%Hz!uqsxhZx^$jsKtRB1hx3+{q=0X4g%6<Z
z<+C>@?+0lrU+_sIGl#bKRybqDg!x-mBrGxwqN+ZIDJ!_{K3K}Hl&G}F0+ckH+L+M$
zMA=`Q?Y1yf-xl)SI{7l`Uh}tK^pg<&7!<mmczw9m-YVXz%>uvGP;Z;x8y48Q<$Cu7
zm$bsa&d(k%Cz&Rkk)BXGlg#y>9X<aa&fYpIs<wRtRX{|LlJ4#f>6Gs75|A$GE~SP>
zy1PrdL6Pnnx;v!1&&D@?-#W+li?i1JF>4rR@8@~$zOVb*cQi1{BGP_JGFhLgI);;-
z@-_;^gTtT5GlD?=HIxRcI_4T5kUAL|ingf0!L<J7X{e*8F0zjR;9d=JFRl9h;cm*q
z+bQj0)vTSYEj7+huhN(ZiIND#oy3hl#gZ5hXEpL3eS>sEaP9p<wwr55BK|y%JB`aR
zX(JILf{c(cawOoG2tY;jn-_ji>ux{oy-1U*=i&#&uOENma0tWY{DhSAePMm5nL45q
z{N%=eOwZ3OjSQ<;rY>w{%qjJPJ$qFM@OUj43E0c{SUzsm+d8Ivi@(H@!(~sqX_a;6
zO(P^{7H#$Ai}8>kCexkvY3@^d3uU9fpRz>BUlrMD{$Y=viK&M_q3g^|`8Gz)<x?JA
zvNql0ohKw!rY^+wE%Zp{8Dxx7qz;{DI2Rm%mq`Q~;ZVrteKA{(>n1J@M*Zk$->p+3
zQA*pGsld-50Am4t-i7mW4A_<Y@b7JC-P`N^O3TvCcPBiaI`=*G73hk@m(ZNY*Hq&U
zK1ER^0SZn-y{A|8VqHpeZ2QW~`3$DMn#A+by|_%aoxx~nB;*g%x$rMsZz<d7dnrLl
zAM!CB>JOP*yps&_1-}m>DIGcB9E45Cz>o@bvSdBOesfLTzF<`RScZ;Zk;j%J;B8|l
z@gY}dPHneF<Gh>EdyJ2V&4UrU!lRNXmn^LIq+$atRw2IPws=EtPeZ1sA2B=7>qlee
z$X7(m$dcLbvdU?gLpW9xBy!j%rt~z_xr5oxdk-e<1b#o$^WNRA5%PH5akQND^#?z{
ztHS59R!(zSm5`K`o%~S3WQaf3Preqg>W`7P%cownk{fS~OpX`%wV9cCp~h-XH6DXj
zJtNNTzI<p6aY>yJk$7sp!QO#GF=nMdJAyB-uKpO4+lkg{q49-`x$B(P#FlDmI#ARr
z&P^7J@bY<@X}Hf0M}f;~sK9e)XO#cMl)4)Pnsq(Tr#?|o*)Pd2vneJfH}GIbkmtvq
z(lv1|2tms{So0^Cv9hll8}<5eK9U?2B?}<JGaUCqbMwW*adU~`E-DkWE7xi8c#+ZS
z^}VI{$HS6YN1^)n%9<vLyAy{}x%ckzZ>htX(kv}zDr0XlJ!DaE5NYxr1`=85q#WKq
z;;|T)EJkE@#}S&QeGs@scf^(PTzS!NH<rrfn1xIty8DWQcIP<#F|?9)FVygICqI4E
zNl8iHIe;8iNKVCxXwA~j*#pe^Sa08I@5H0htKz7w2G))BGW%!mEr4|8jQlYmVY|2o
z+htL)ByBB*zw7IsgB7rP4ef!zRjl^sBH}6B&Sko-ufsnl1YKWGmTK*76Gc<-=M#^X
zfDP>&Wz&5z-|q5HRGG-#D_#t;Bd(hFPx4$|pHJzbFkHTVUY!cek(j?o?57>(A(u<D
zbRA;!xPn28JvJ|e^ZN8NAu+MAKY^w5^c4Urtf>q;m)a}~_uq=PN|&o=;Rm6)A-N(j
z6wdt+;y&ykaNbgJrDa^{W5IL2ZD?w1_)Pah70lOdmp0wl$WS3;;^A;s@|<g+8@{iM
z=a){Kq%;q^tk!?Wq>)l*UX;Syo2$cG-|G7?Xa!VEN<Xc~6m3h*4T2rn0C)@WXCz!S
zVXK>T8U15X!X)oF%X~<0+|5nw8NkO2=X8kO^5$Mc0emGupQ#C<*6btwIcFWg3rag;
zMKiNk_to}qOQ&yIy0aMpbk>blkxWMi9DQ?Sn({oXy_@6<uN#>cKEQ;)1Sv#iOx4>)
zm?J0%;+}Q@ELTnz{Nbs6_r8Y0bU1C{>}oAS!<m{v#$y)?Xk${zr140U9+@8<0E4(e
zb;GuQaRGp-V{CSAQ&)Z*k{r?SB+eGNQyuNcc{EH{A)^2sE2_vSE7U!9N%Z;l88=vd
zLPn|!DcGf^?7LwyiLg`y!XiC_kh8JPjnRW@`jAa3(Fs@MaPXARI)t|;Q+Pi(aJ=)Z
zdOa*(N)=V~s?=@4Y+k~>IO0U)HrGFt*^e+?PhB*%8(#piPH7JVCpx|@qO(;sryG$y
zrbQ8Ryeq8Ksp~7E#%D#1#WG3JAxtF=!B<vZ@9XAT!8PHy6|XUFfaHse@#A2jVR!g0
zU9-ZC@g2~l7$yDjlE6beuvH|TN{M_Nn8O&*ad-d<@uN0u#O-sDM2{wBTR3pa9)P!Z
z<1~@V?$dTuL2P{VGL(R3d2V~QJsRxc5=-u^-x~mo=&3ipD5}FMZ+mc)K{Zswn5$^<
zU6JkWeZ*%%=HnnH;w&<0lglq<=@1UZ0Fro`RlU7Q=ov=<^-!%$$A3JP4$U+Yo$$+L
z*DiWLdhZ(23WYISZ|iwoqqTd%d|DpKyd14C>>kNcdVGMKz)5r7xm$~n%iw>!t7`6?
zW~@N&=UuWNUWj8$``E5XDaZRZ>Op>`b+Aw*1l@cl9K&J#M_&-g<<_<%XhoGzP%Z+W
z7metcUz04(!D}N{%>lo|pgA#={rz!3RcYH`GW(Ph@~g4QGS%gE0_SeE)YAy=EpCdy
zwU~tLwK;_rB}ozSf2`X9;4)Rh<=0H38e$eGOi_@K@9B|F{gc_ODzTw^K;!wtBQ#A3
zYPwIV9IGnwt&&XLmVb^e&dUA%e2SJq$DaEWZngY6ad=kG`Sg&NS*=$uF4Vy70gi#0
zog*zzy5+4$d+N1>u!|+QC^j6M({frqM6S$uK2>d_;#(Tcu*3ZR*1^LjLT#wN$}Mic
ztHIuGYX@8E@#tt3^!6X_SHN2>0>`<l_coLw9Op_~!|mrW=q5#Frq8(c-W8vKbVXuV
zy4tENdIOt;d@&;k^a`5EcJB+G!%@Tpc4xPa0db03!Ildw0?g>c;I$W5Zo0Vh%v8rV
zX=C<j%S|Wb+|ZKML(=4dx{;PnX(bX$=?cnIf^FjViXkDz-rC)~oKM}Y&g<S37BOPv
zYmP~df}1Av{%lM1WbxKH4x9CeaMk$pD*fG!<RJ`a1?@EFQr%fwBTGQYvgWLtQoS^r
z0(7Y&*bXEgXGyiDf<VnNr}26ovOqyUdke6nR9mDqF;%hy%QO^cW^n`wcB-I4hv1L-
zJ@0iTYo*V}YX~8WpxzMKx!c2S=PeaC#n^w+?Yqvw3GkG^twy6wF1csxy9&wKP<h@@
zk?mJ0czLQSERrh(KIBzg_svZ~0V@ufQ(0~^IFDhr=^y9tA8ENlc=sK@b<g9azeJNV
z6VlH-vAON=Ec$4i^8||PuhJST)8VEg%`Flg@^m^}ES=OKFjMn*N(<|3`29Vx7QAlX
zOUkj+uU~aRq>@X!gg)HtF%&<j$6cp7FM@@8<oK@r7Txw_7Q#0yZ4E)y_FJ-O#OE|O
zo5|&lGm8YZhVGC*Dj(UHkiCv%UZ2!o3pT3K6^5<%4MrZwzkKA7l3vejpdP;0p5b~5
zi5ro0K2DYCsG94!Zm8hxpx9uA<FRxVg)J!xZ&aI&Pek-0s_rwia)baDA&=PeL3)_y
zG&I+0a{%KN={I21rr6WFI(IQ8k;e$O#$v7vLU4qq_h?+s!eL#+o`0zA;ReS|W9xix
zYR_m&Vfevk{dPpCi>dphxwCTD<#akO!DY^>Zd3%r(Vzl$4ygWxEqY$!=^P$h71=+m
zw3ekDQoqhhLNmFs)swl(Y5M0WqMA3)2ZU||L==SIeG$9smt2q%(J*t8K)`3ph~deK
zBiWm+DGtA4`nVj105<3(6ULY+z+VLBg%``_b0mgG8@AGlw`7>SgV%Rc_-M+4eT>p>
z*ZIP0k6eMy6W3Te3D(3~gYfOe)+kUNEfD++edF4-{Jl=2v7QS(O|I6HZ)NC?ba+bj
zf~RZMlnkp@ClTL$*wKYne*Z6bd3-gWcv}kec%W3{leHJ(r+rxXPFf9af4R)C;^EiR
zFXya`y2H5F);+sWy2DD#Yd2(5xyBvY&!)gbJP|Czd)^N_6y_TZ>6R*!y_FOo&_$e`
zY9_?F;*e{N1C@z~8M}@PO-+zZZd+UVBtw>?ySM#yQ*-V(-UMrHLwIPt<yyQ$7Ga=U
z&AyPnAhNQ0iW~!NYEF85Q^~a8OQ4+zsRRJ80QY$AY+odW$51a{TI5OtjtIBybC^9g
zba*r+35rm{Gp`sC!O#^Z5nGU>x>Yi5H(b*p*Zwqe{WGUGW|}c-b0AHm?e0d34&Mq~
z1_tM*AT!xMp;Ac5`IZ`yb<pwjh0&Dju|9Ab!r5sT8q5{C_@f)7ho==-TMB-Kd_Mf1
zh+2?LLAIqTqit0kJ#0>!*I=RAJ!|L0>3e|eMo1o6d+W)oO}dNku*!UyB5LuEZzTh8
zvpBK_4Da-X=)+u3>*E|Q<+6!hp)T@u7)+Ij%{`xyzwhp9nr~Ie<ni^9B$PN&94c5H
zHM&m}y45Y8VP~&~tXUt{vT2cFVq$W0^_PfFbL=aQ_VgNKKfmBgBq4amz_9d<9esPe
z&W6BUX9s|+PAM!~F0~3NH;RT~YutSJ@L{_Sirr>W`bmC`s5D`|;?3b;9%$nPfsQ&o
zSbnr}+M{$-I=b$`jxtv2lD4qAm*F1((lasr6>pzCe0K(!oZNc)t03K_J}+k=nE;^k
z+99(5vf}I-aLghA9ZHfP95X#dI9G5`jygoA?rNR3)vHgN5&^@gJB~nE>7tRQCAv_j
z$^NMg&Q(P0C-6EvJUkCvthN_aaKUvlmtX5d0H8|VuDIm3&^KCxi&Us*S5Z@)e}$|m
zKburjn^L%!IB})lVh^pawPJsjQ2XaGBy%!|gwF^kr+MV?DBJaVsAy3(HFsy(21R-?
zqTGrI3SPEmVNoclWaI`9Z%)J1^~o3*h7YEZVxbV%B7gyXpyt*j(iO|;d7%8O;{;lM
z0b}ruij-8j<>x{uJupveK3knww)j=QC8^3YM&zv4W~p_eV(kSg21dRFNIef*%F_N_
z#tRlE<nyx7&QXs_?$c-#3cg&AeRW^j-d3(AUbDHHEiNAPY1@s&@TU9ug(cbW;q!*2
zq6<zFCMVUQSWl3n>V~1wFm}cdkNNtW0Uytg=T9kU^YAp^RPm5=f9u>_($)@*JN;Hk
z3NKDg%MeP3a0)ldP)KgxLUb>~^x=9W8kOyyA{w2o&LI8T>(5|N!Zg!0@vf&V|NiCo
zP)Jtq+=|BOUSH)@_lzwLSa_Ih5{*DpZ?|C0>#_KEci=+>54Z)_p_9azG$meZzZp0p
z@}yBhAZ!(O3E0a#<#rg6EmJC9S-Fu=93)=e+7biiiu2*<>&0;-c~d0Y9`0C(GDcP=
zl=}wya)5~$5%m(eb2NrL*HiSHjTAq>s)_To@7ykT#}p1rCTXsX#;K)5`_qTNKng_`
za{!DsxfO^Z;%RkUjSwB-y(#b%XaL3+Yw6TQ8^bjNv%dAh8=$r&!Xb+4Xphb2z~Oi>
z7JC8IE3<Oj#HaNl|E_K63aCrjZw;|Ik0WzX$a-i-^AX_jha=?TSDKg0`jU`)Ra~(Q
z({Ff)8N7y<3TGF$TkcD3UZTpsiap&@PA13y^sE4-HsEWSqK35~9ZV?0p=_@6B_319
z!kzmR+6rq?I;<J&tz>?lxVhHG1z6PGmutPoRtOzUmwamkvUg-fqzc1iOl!#mE7tm<
zbcy84YI&HdBs^DUCcy=~x3Y)mKB31r7Np3y-bR>{_S<4v=m(^WtO=1P9AsIbSwL=M
z0^i*cNxRG?P#TeAF&X-34l}>ibl9pi3O1hI|BPca&q&g8chX<|0mQ_)yxrAa(t*sx
z#LB8n7tJjlbxl7hOmCka8tNc&<fg<Dq@Wj@y1wr1Ol4Aan13o0=9*ILsul$Dyww$A
zUtkUT8d^p2C9TxUxi9<zN9^44hmL_kI-e)le~ht4*fmP?!~+J8)9z$`f50{%qy!i{
zR}Rt!vQhP~%aCZb*St<(^V{`k6tKwbix0Y@Zr?v4zUtOA+VTUkQ$;}UX{Psc<L0gB
zy43CF`s7{p$Cr{#6Ey>HdKZ8W^YAFpZBk{cwNtb3u+PK4e2Y+m`S;+#|7Wgr8I@$Y
zT-DG#abAGe<S2``TP{*gTCs+QlCLoyTdero>s_p_N#2(QU#m5Dah;sv5_;^-5zrE`
z?d<H7C%z}szAYQrvCl7pQ3qf>ogo<G7UhF$WvW`?t3eG@?uRY$;dtDl>P~KVS7PAL
zon5Mx-?(UKq`U)HR#u!Oe17RPv*AwP-MaU~DZ%b&cD|Q@$6jfjGS>a5`TIPGxrd?7
zEw1n`14S$LX}_lXX}KydG1t?Fu6yn8ap$Tv!xbs{wPio0EUTyqXxt~C;cc#UflZ(f
z@Y&14$4B{;QV-*f?W;@8(^`w1#N75IJsm+HWQmoD)gtmZqh!~4EO%zJr`e0GqgQ1`
zqgIYVAYU(E)|;Y=^(~7MhwEMfg0W3VoPA)b0T_uI80gO#e94Zf4N1n?*!?3ZA!zT}
zoU*2-WL2xDubncgNRH@vG}y)iMYHXZp^qcVnC3uP0~q3B1hW}r)i^5_nL!CidK_gk
z?Or=@JBG!SrtvdmpwW0$<EF>X9FCp8(X5(PH(x+od}qY<I9Q9Yo0~j($)Dl!vXj+u
z_cU1TxK8Q7C&zgyGSf|D9K&QVhu_PY*RDh<KsIVb2r)eKX*>ylY-LR8mAj<->_vl6
z(nlF6pBMktgBqKfiVw%<l$MkA_)=L#V>f%yx~048HM8M|k?vEG|0W0|9+Yqeq=9bq
z1_pCS@7*e_nEh{V7;R*6m`$B_>1(AI%-o6z7-UMuWw?ghOp-nZF0p-<%9r@mvxyo%
zvMu9os-$Y|N^!}y|K-l?;wvUBV#k|-K9MQ{OZ0=-sUHmM@bU7Xlqgn-iUIXLPKvr1
z(IIY0oJ&-@Dy_NYF5d~$4-nT-*jK)1rs_uRM7WAY{df%ds=LHphB<cpHRC-fXj`$0
zeJMgQP25XJoRAMg>5qAQ+Yj=g_Y~=@3Ck+*$+vgFQJtNQ%gvy5Co2&m6NlkkGTz_U
z*{<3<80xF81|{?`!yqo@N?~wm(Ful;k-mBJ#sP&K6M&QowrE4m34U&=yFwyE7+sBA
zOn8L$d;mI=!}pd;J!4^SuU@jVi(5>U6$;YSNY$|LA0eL;Z;weej>5CQ9^r=qs?XVN
z587&mkhW*{+(jm0^JL`VIF~RwcD-b($Z#4IS-4%DohWhqUb}@LZL6A2Qta>-b3Oi>
z63~&K1QBZEU0mT#?M9oMPa7Tgwm}r3;t{o;6w(O-sa!hR-^)t1jf{TfqllM|8y;#i
zm_>6=<oK81PU)L}rfHC$LxMTJ%*=ydGjraxJpoxsFM2^YeAnTZf;}x<@1ZyUf+WPP
zGSPt|^7e<c!!O;&VYkX*Kt=vqsVpxqkl<b=GX&^&`XBlY<k0{tg9=SMCgSTQmo>+m
zyVK!UqaW!TdxG*l2S#eK*<_xZqor8QJ!F1<i8z+PWVln=PhTY^{oyeMD<u2+L)TdB
zbuW%}y)V#az_;>RY4-<u!8R2%PIYR!u4GS;syffBmB6#L2>xxJIj8f6@a&3&usQd<
zHEaHhaqxZEZNn$Jh|D6-@C}|8M`JyMWR+|6nZL8!f&<&NpB#AmEZ}QvthT<|@Sec%
zU7B%~safDGpuun%<Z7f!+IyJAL|Z27;}?fc<D+zGAqb{M-vl$cI)n?Fvt;CU=g;1h
z@|IIZEXpgO>_<T}Sh$kujIA=$IdibYwk}kLCUvkXc{c5GiFscDV_E%d9ujKR2ZDoZ
zLz4zg5&Kz}UT)(G@sfM~38wH7Kn8rwF)mp*Z&wVPHy#K8?;Sp73+=iMrLMoW`Ht6;
z-#DC+Y?H~Sb_rhZ_!}%9@7Q%R81LNn33|yZketkzig=MEc*-y$(z&R6r3~O2c@F?5
z9c84S5Gpl#(}?02=-8rl2(78~sva+weUyuW*4yq*Sne;|4!Js>As6YnnUx)|SWY9=
z>0wsl5ul*Nd!4`VJRM{QBK7tW5&&=Lc&sp+_dQn0+Yw5D{OWj;aAb!pDlsugH=zEY
zJo~Y5-lTBn?Ct`xv8>S>9}iOkveA$FZGa~uB9M>-R2eVoHM}P6&qmCGyHq+kLbQ2B
zs~s&g?D^rbUkp)gOrx$tUU}*x*uOVu8y+?*N>&kV<rR;R0c>_36+umM<D{vKR;t8H
zevTrt;TV3P)|-P)r@1X|1<VS?FX*p9<NsW~zrEb6gKdc5>`Suht}rCXvtDRaA*APQ
ztYEyXb4IbSt{VhOK)eq3=j_|N5&RG8f%$lh%c6~^L)?ydJt~A6iR0gV*+&7>R#t2d
z$u#<NF7eA2fs09ZlgsGV*>QVB3YxRj(CEWXL0VY7lynOF;al^O4Bz0hYu>>GrqAG=
z{j(hw)awh&V$%Rsh$2SkgZ`M9808fX7CB}g)Yo=jt=bW{ipz(xzkX#z3%@dP13;|R
zJrfvtip7(qU_@&+cmh6Yx%R|cXlUqNFCarMe?LX5rn0zjtOB%vJ&_Z~W=?ff)*_w$
zIT8n0IdGq&nL@~6dbDR#@$mJMywAzEr0DBsOS4Q!hjSHf%IwfEARaE<pQ#EI4aZ$U
zM*KOrQ?>fH<`N3EoDMbJd?ykI5mGRJ@4d@no9ny)irbk0mra|ZL6!!-tGl5sYx;nC
zBQrnfdU{INJrx)Yq-0@<K4^R7zu^okCD2a$BlnjbUNG>ASKHB_E90B8Wks(IENyve
z{uuJ>EG*Th(@dXW7R_#{m*v%6T#x~*R}rzi7Cs24wrjgAka7g<;axkX>4iY>eWg-U
zLq_!OVfJJzJeKZMJ9cq)@qilW;|?c(X=Ke2#b773(fi!v%M?cqaen}&ia9y;qNdx-
zKg_p21Cx>8+}@0PE{G|#WQgxOi0X2+)Lqck+}S0831`_X<)+eYklISIm7n`{m9u+_
z%pq9iei<_`$6N>k@?t3_{R+*PhBxzvm%MEwWAJ((M{`S`DptQBAts82X5+@xJww7W
zl<vEQ6ab!R!5T5$6|T9uYA*O;Bb;ysUb$HQQ%X=wCBMIFLA)}X^}K+YSr;e#R1C~2
zc)#)>rXUN7*f$0fAH8gYf}g#Yh)E7^YL$OEM+U%7Zt6929imAION-G1Oe+QkBnv5D
zD$6CaRyr}9RqsH511Ism@ZrtaD-U;cl((v{&jf)Or}>Ee@Kx43a*(`5=6_ff=bdZx
z*b$DJ?c&Z(*l-7dlIjckOnsMox4m_%8Q9a)09KYZX1R=-*`2$*=d3Gv;*#Mi4^*Em
zmnbREcgc9sU`EA{Ugb!h)&x+yn>|-4zd4kl%Q68no`s=L=C{x<07N|1%A`7M(CO68
zN1GuinJ!t9P7bp>pLvNC1p{d~1dOrFN4!iF?x7S@5at6=wi1Da#>7xKY<uKud3<=3
zx02YbI|e`!Bv13|B{$94eFVjB_5k1v#I>BiO_pV4bA-2`o^U(Y1j5UHcT_7+S_=6R
zK{*Kj<);ZCCC;V5<dF8xmrXToha#CxrrUv|NZ1+AQ~DeLU!(DqN%1?nKKPao7<hT5
z1^YBa#}#dOTQDmU-!7XzIw%j{&l8b<lIH*bNi9nTSdKrNHXW8cg$niByc%}_bC3r>
zw%FLmRn*SqqvbF68vB6mc}&c9PhPDJH6oTBfsXy)+r~%t-7wG#IP`6gKPOWruK|`W
zpjb4#%k$Xq$bUJm!t1u3RjLzbYrJ=GHLyjiHq5`-I+S(@c)gx~&z{t(9|c(9gWJG9
z*b{S9WdQwS{ARS-^>jOgp(LB!AaSZ2KRE;RvF-k%*eGoj%;|~$vp^xcz+_lgSy?#;
z;*EAUIIcADy$Tl7D9<B@#U$-{<ROmRVasKKZi~2Pi(5@_o@q%zM{qRIQMZS0?nzBc
zlLe+TyJXgP)o}+Ynz;GR@cSpdYsY@Z>y8y4spHZPzaPS|?{lGS0suVcEj;GPOmj{~
zy5LcD+F+Hg#XlQDiQQYf^W`kJKwG(VVl0wo;K$@Okg^IeKt2rfKdRRdF@AG3$NHY`
zty>%cZ|&fyx9Syptq%U%Q$MwVO;W-y5_di7Lep8aSU96L<V+NayS8DOn96iszilH<
zy!#=o;0tECng|Ot>pp2wPS9xqzrnJ1t_2jo-PofA+QB5=y=S<484nc|7(K*^FCvSd
zO1ye0EOCyb6v5U)#kWcuQoKyj+~mZ!&t2QC7$_|+fC<0H_vO=_5bgQQwZ_@n<e`~R
zU%GNI8ta1iQ(ssH2-jUwBys~$y>mQoPtA@E(B`)dEn0(%IT&p+%TQ2U=hY{#;{@yE
zEwypgW)|@OoLaR~nqpcb@RUYD6Esd?cKy=YS}|7`r{=UX?;n7GBWTtgF-o%5t)QD`
za!~l`)2D6DPTwK|JfZSI_gG-4XNQS&wje_Rrnc_tRE}3p+AsbdC2Qv)@74NYHl-c9
zA^|f+Z(tIK2@w@F`Fqy_{?9@A!9^DOW>|x>u0iPdCzht`zB)oX-}i`n^xDp!Q8vd?
zOk+ERy@v5UnwGv+a?O4ReuIV<KNdR70t~ToHvTN+SBMvtZx1^^ubfK4?5(GQgih(w
ztIxutRat~=v*XNG>5Yp~*ljnAsU=4FVxkNofoP++LjFpM$Qyu3Rhy0yw}<rtAgauF
z5108zM<01#F}j`I-xy<5GPK<VAAIih6`}sJ@P$n3EZG^LXJ`l(c6sSb8}u=Mn4jN&
zvP8r1`^0FNzlea*&xH=Y<Bn*D6@QG~khbB8%6_0h2bQAI&P$kAyF8F7ovR+D*7ZC`
zy8(v7YHTnux&muf)Jm?Rz6uLUONXXSh)c6hFKv@{2*WQ>Ju2aNFXQc}hwoysItPK+
zmpoVmZLF>7;c;C^iYqN`Uk@g-s2%?B_xC>o+}@a)o@Zf%NaUMQehv=x{<$|$gVC>%
zdiwelZC<ts>3O$=uCA@^%vzM^7MC9g@$vE9a9}g9KhioyCFT=TG21!=w1(B5w``6)
z@c>&4^IMxmZGt(Mwf4!f*e}$u2jS&hTLjKS&ML2klKwp_6{N2ZQm~|@>cdfvTL$i2
zMO1UYWKn)j@Z!)L6efbeYdIc@Z=ZPw6b!=gM{gUQ_9fZpNA$}3pzIU8Q+VBLYkvY|
z?54T$rMG}(yWCkVQYkjw=tG;G+#F1HOm#i5-{^~V>wSB$cSs;$Yg;iP%FAFno>%Hc
zbqCDa`kCMm;>aeQ;ikGDG&rnwyt-L>e8^A7d5`-v-8~1kv*w{Nmy&jHqz&JUUPw(B
zKI;au$}E6gZa34oz-Z@a{)I0QkmBd<H958TJ+%!aK$zq9)U)u!YqoaIPi8}%q4pwe
zr+#jD;eJrZa>d)|7FQM5{bEMKjsD>Yq_XrQdOK@;dlYd5O-(y<tKat$kfE%-iin|<
z>ntzX8lydQY;I#|S473ARBiXkPCS~^iXs#E5q&;ud8ds;U+$+mx<mD_@>Wx)x{idg
z-Rh34BozG+63UNZ*j#kpBzYHudbAjgmz8F>Q`}UiJ|^k+T3EJ~%fP6a^jnaXC?xly
zv{x%dZ@l-xZCLA_MN}-sd)sO=7kZuX2j~-p;l7Lf{1L6<O^x1<D@C;}g-X%%jaR2b
z>8Mo4TGZ53tHyP;fawVM!*o#PZf~2OYu&y<Lq{(V;LAR%(Q)k3#c_oLV<FyrdO1=d
zB!&jx4Ea`JD(HOTEw5rgqwIW*VW6h%8RE@-#L`;^m~(w<1LA0uOM+>+=ydm5*)J&H
z^}k6e(P>ss@B{(#bTl`{CR-!ajyA_rH*Jg`0(VmEhccy_9Mu#^E84$Cwg1@L5f9}?
zb&})fRXC2DCyB4(J4Nph&LPvI%L8D{ZcbDtYz{z;ZXp>}%qv(Q<_l5u#z=T`7BO}Q
zzc49O69O$aYXM@9%M0`7(@Xq3XT|U$$>IE_a@c$#-XCb3$c^x~xLBh>UxL#0epujz
z$fHoK<V3-u?Htw^X`F4=X=rbZTHU8bp-!=XX+~{OTKnAgQLMp7Jmwp!#5mRWxDNtY
zJqB4Mdby*c<#Gp+q7f`x3_X58$&=!%N0fjhRN=_*@GwMsyFc6x;GZjFnw;BG0wUx+
zA%I%z91#FE#cR1*4T<CH;Q)evxS1wU=O95ABQz8y#^)pC4|Eq;_jQ&E>@J3Ki_7qM
zTroEnZ;6Kz&q*Eupfd8}2O%K33s{MHEDYm63crvOJAa+T-O-Vs=9a|euq{xFf>MH_
zh4k5`$?EHdI#e(EE2(0VOq=4kQfj0p>%c*O#73bgDCm0-0*9Q#gBEoXHnlW@6401+
zhe%$}$dniv`Mzw@ReDw*qH9rcAI-10;G?t0L7Mk+IQLc)bpX-eKcl{%!i1#i(|n(x
z8`L*Ov~%0^qzzbNRF^$oC!2vd2h>Gb=~Y0A`uy5_dqh9(+Qt3!^j5_o_7w`bdK{LM
zi7Y{_K)cX;C}H|_KT`)p-m?sPV4SI8VHBOgpCsY?$wq&TIAE}L7Tph3>~p%R5TSIx
z1?oL}sR0Kit!0o^Y*=W?H?wdp(Yy^`iJ@9jM7y!RUVyP^vR4pUYj-eEtjdNyX><5g
zV$T>)y@$V_@2su#JgA+s&IX1p0&ZYWkJJrtkcFa<WNddQFdSOt(pz^E=NMDFtJt8R
z#bso`MrxO23ljH*17apmQzAHO=~(sl^Ytu4eHU2HZCYK!v2;BkpuCdyx^Y$Vv5`~@
zh-ml+B9e5{q>uNNt4pIJ?j1jL;Pqb?h=aslx4xsp{F)yG!j!ah!Ci1!DMdxY%@wQF
ze@w47U7&ChyH;<@2iw%J-!~j0is;@AlnuB_V8}1omxHa!%RT%RSrDdU?Q<0YZ*K||
z=M0pUNzZq|THGK3DKj$@`j?$I$tRYDTaQ)F_&y3~T9|ykq<$ms4w1M>2~{G+#E^49
zSum6`^2lgNJLqolSukvo<ivzX?~tK#;LwvYh+8h-5KdG(5BX^vSUXkG;js7en_4H|
zEU>w6rQ2ikXLpS_|Ge_Q4NK=txeg@o%7L;#pjZw9(3UyKBmvyfq@7(dbgLaaJPKx4
zU!#7moJV~faZyC~;7=FvDGqIt-n*G)-e)WUkXXq92-iVFdK@;>dk;lU8_i!zz00)f
zhFIE#3yt?6I16PSaDPs63V`lbg>!mVxyY)OHes&A7#=G+snf{2KXK=l8D0)vnyt(f
zSCfM1$TYK1`axEEMw!d=v;ix@RQ(|Ba+l&DQGElCB>*xnEvpln^+Jm{dR{Th=)S|w
zU<g`pJ^eB&@_>l9tQcyCsdx5AqvVTge%mDv$2IuITC#l&NmS}C`8sPI^Ip{n$$08g
zW8_^!=H!p(yDHTmSKhVsSC=T|Bk;}@#cE(9lS(ET^~X{7hvfAjs?F9~73;n^F)T5X
z+ROS*CKX5hJgdGe6>xY|PwnZ-+&Wd%_F#Plu06skR_B9xiPOzN6;+&bFO9wk{)(am
zDy8N`%S7HQz{M0^NGG%Dh`fbG!7EH>@-AtTB_w-=avmyly?pVr>i8fcj4mG0NF*3l
zVi{j(HRwv7@3lD6CE+T$aQl42DJ1|p>pKV43sj(WRIXJ0v}+Lf{)x6a&IC)V*GS<Y
zPX=cP&@RcJ7G@3de2Rl<ykedAF$-?ucpWVb=%ju36xO3ALn)cU0n}NY1d0CB!G|`9
zB18mhIiYZOUt(uQm{By1O*P{zqWp!D%c|v=oi?tsY1aErW%E1VKnXni{mb$VOpmbO
z^=GODp_Sx87dC{BW9O#g?#Dcbier=*D`BZG3qZ{zAE+eGoNXIu1gWE0b}ns6RUkj-
zwbfkhVQ=SkcN(A4^G;p9ZKhc|Ba>sICZzX-L!~U}g6M!)?q{fr7wXfBez+)f!hGnt
z@`E`geK=n0o+&;11VtYq!b-mOjQDI!kle2y^RtID+VhxD5(nT62vns^W(^MAD~p#X
zAR!=Jm~Y`c7I&#b=(=Dfn~dIFe|iCTHFt=$MpWf!(pJpHY;0g9-3@kVtSr;E`7)_e
zTU*A7d<Jk(XlU@Gh6Is_g^#G@sOjzZ9dxBD#R-eNrbg!>>v4T!Bfi>V`sjPlYPu|-
zgsow_smV-Uts*AYg*}hQ@^Pcpwl+1b(I)hDg|+OrBu0hT&(T}~zUe7y=^d61oQ6o{
zil2DLXG2vE2DezjuFD!Bt(!H~ZLu-!!c>FosSLadm26;Ig%DXCUI{qwTQ)&5SR)2$
zo!#c4TTk_btCw&nKi+gi;l&0kXQRhz78>Hr_@CAa;gojS8&mj!HmjQ@5-8oEuvpM7
zyxs`2jAnNyTWg)N*f7=l36!U`6wa=JcS0EW^Y`a!xn93$7rre}4B=ps+N4$PSr$>z
z)NORYGTPUfd<nl>PD|a_h;V(nk<Vn<O(P?U*`&hfa+JZB6Za%gT6JF*3Dcc6Xxls9
zT1>jgCQz0Z#L%I<9YPTfvwNXn%<q&qz{N#(ghCbEv+EEP8lLGGPhz^Ci&K5sWz{m5
z-QU;AGQt9e*xBjxjUh8^rj(ZWa20VkjnbQrP<PNZI?G$P)2-udIy`#oRwovpC<!fJ
zyQ@K|6*~|^AIU8#YO2VOenuJanr%~-cHwG`ZQ<^oe1XqyIQv}EEHU0_&mvbcR@quh
zE{#X<B?9i(IVcGd^vMqG!g^>9*OQzD)&pTA_SfIPclInTrGG%*1V~lD-4PupB?{Tl
z-tQawZ6Bp+vBSwop4*_3JN=xFTA*&rNi(C<WWB@;>x-p19SDx1egp_4eE8@0E41Q*
z;5uJ4sME$+=nj9aPCn9ylAyViy*X>G4jE+TPF_?Ge=wyYXqv6{>~-nca8#Sy8anNc
z-Ae6;7k-EI?D_9rzN`X1FUi$Y66o}hB@ed_mEA>RTuuk{gIk@GyIJsM2Arv*KLpVl
zJ~!%%QP9<0g@1lmO8c5zwfae)+5kzfa9@36KCl81Yk|;K&X|~d2-A!^`a{(tx!ukR
zgk0-q(Jd02PCXTA$I$3Bm1RWv9k!A1xSa+xk=ZUAPIbV>dH5X5edpxhkFljS7P92W
zA<jg$sa9CPlxHla>cI;`B-<=ZmPmU;ntC@ntUXEyEt76+2TyIRUn)?O+L#t6r8Zn@
z#5YY&tyzo|Yl>MSpEBnjRfgXxN|sJ7idFS8VWr`07>%p(fny;|JdMe_svU1y++074
zUJ)wzx(Xv_oK|*%NJ>D}9CIv)8nx)dm}pA9Tgs+YdSP|~-Cn$fu%jfHWuMz~AGMV8
zYad-dC=Hz)-OZaccQ{D~e0^sUz5RV>E$@b+GuV5@Am(x3g{Fsz-DV_FfuKINl>HTo
zh%&$F$or}bV5&c<)<*6gU40Nc^)=3FQJv+C%Vk|S>QtuC9TbL^ZHq$P`{J_RiX}=}
zX)AORZfCF9QhR<8_sfGk5DGurkD1#AKIIz8x3l#-CN}}_JY;G}A)u@}tp?)Iu&&aJ
z5=I5~B9BRdqBk+1ca<M<R_AR8QI_*roiGl?Mk}~4w-0-os<~I$@PIKh3W-T0|M%WS
zUBur;vL2LE=ukKN>G>l)x7*J#xw_C{9=VW3ym4E^ZsmByC*5}1nbF}gq;nxDzluLI
z>N%A2;`Gp1#u6KyGT2_ce(7-8;n`?^MZds_AedzwKn8P%0o8o`f}x63xPzKLT+d_W
zMTEX9P_~{nFqL9k@(km0`ng<Tr#)D2zeTSc<{ueNE+=^;D8<(<oyH^L8N@k6(6qR7
z9bVi?hzH~I?Dwx6dI%oZHq+J=hh0(BYm>frzJd+C-OKmgs)mP)^^&cZ#093|v}cFC
zRj9e8s?(A__k_<N2){u!dzL(>=xutnPKzasHWyo`(c2SJw=*KwO}Xml?2dmH!#Mgz
zIulo9JC=egD%}RUN=Si8;cR2G(1G_PX~qkgtyTBYsxOf<e#VRGs@nKb@@B20-1ru6
z;i#IC$z)D8rory5Sn--_a}Tfg2>5WTJ~j}L0bmekc=5C=vBu<^&vVP^-c};YD&gs`
zQiP<WF^ewQ-0l>ib+Tp*&;39bFl0RRs~x&6Zd7}_0H2sNCXxR^l#?fqE%6KE0bzi&
zI}<?V$kgO$g3Tw2oe66FJOgje-Q_gi%axIvhk%MzX)l{QJJ!un`<_3kyba;9OnXN+
zez7><axwvaYZ`VqgMd2sOLm@sLaBH)u;u(3P`ClOdk=sk>8*D?-JHK*S5d4es(08?
zyt&?j@1rgZV$<`efFBm1Dh@B#YYWelPF$5_5{HC%+S1>>3d04UoqRRe>NCuze3jxU
zlSE$a+%r=aJH@FY8EW((-7n*JiijYKECEF65bK9qV)+cZnZ<Pn)C}^42uRpa5QLFA
zP|dC-L=rf`13d2pn&DMlsDPnIxAj?F*x*JK5i$1E9Q!7QgeHeGak}|o)&@V&c^_*|
z<6WDdyMpu1vcGqM;tI9-?P?fY^@pi<jo7XlRxhuNa?oS76lOd!&2N`ZALS298mPqb
zT%uMh`o+v1!Zmgis=RsVq^0BE2EjIS2aUai=F)nbzuG<DAhbmukvW}=ESp;u`cno7
zJm<7{7xPS#__B+x*LDfaX3vIci$kp#NS9?AUodn;?-osznAw}p4K<<-0(b#Mm#dQx
zR#mkLn5`aE0EJ{kuOSnYhE`DfQ{=PEPfR%ZiYye9>5jkXd$z&tnQH_#Tj(Pb5lgJ`
zaGHoz9IY!VQCMlqIh%7*a))zL?hb(K+V%E!N-z5XTI)7j&hYJ%@m~xi`@Nz73Y236
zu|pLOyU{CKH+>5RYdNRb_2PcZ>dJayH=Y=xwsY}0p*j@V>g6vNAx;jlb3dk#x%-03
zIT3gL$6+STqi*haTYCO>(`c_U<YkBiy?$1`tykkarAF5+ax3m;&;f6~6a#o$AonCr
zH7v-exHsNfH{&JGF`@UQ2YG++)S-4ZRx*EnLBdPrQgwLhv|>^#-s-3!ZT@}5HC{UD
z7)cNZll!;{m0|B#Oj>COnNd)KWAp(&r|^^-gR@o)<@pJle%1sPC8h399AsM^He|(T
z&tXuMzDY>7Q{UX&DAtvgEA3R~Qi)x-6emxW>E-?iL>vz-Z_A=g<cJFughNsDW5`x1
zRuxQ02>q#m`m|A`IKFj@Zpi?(nTT4scBbRr6h#v(-wgJyuwZ%f2`so&D*_gk@_pPc
zz}WkQNY!k1K?aG4K>f~({^44E#h_Nz69~VLy<5%3oSgd5&MKjq?(j9v6c730(;rq$
z00N?yOj=r=@$kr`ZfID=HA-?T<dW4GOUy4g#4BBH%7!9UfR57-6t{o0X$1rYZY&HF
zgIvH`OYOfet`lYWgAAB#fk7oCa&knc7>Hlmw@e3hvfe8M$e9|L({UFSV2~NoDhhD>
zC(HS-pXca9JmxYg7&3GMHUd^9>rU_*+~H>trM8o9?>)Mx)Fe(zMQ-H7IGREZM14G8
zH?W`EoSbcI!bMV(p&;pJ`Ngj2SKDn!0*7(ZE4(2150U(DBYee|&uxHpP)NX_44Mfg
zm<~Z|0mg(XLcmlUrt`Q>g(hx17>$NdTG}-q=`Hkc!<T>fP}~ZNP@0uLd;Hy6OGe_M
zOp6v0dETOZNSv>LCQ$|*c`zdrE$!>}j%vHrQQ3b!(BJ&}A=!~jd~nPVL+Yg}<0}hv
z95ku6Vc?Ot;VAvkN&+|4-`8}dX<M9+gtK@)B0Xg_&8a@<<Yl^8vcM?4KjY|}9OmxJ
z-`mXJ8dAc@n^!y+2Aq8fyoBfMF<LH{H@r9Y$NZq$^ZPgcg#tc$S+<J(-|a86OeaRi
z3v)S5U&8nZV3PrYLi6Lt6MY)6^3lC#ga6b19T7u_SfFQlpxL=Agz>1w!rd~A_u`qn
zq04Yw#GPPNlmB(m^m5^mFCkNkQuZSVNY8v(B?bIIe0Me?SIqTxve{G5lHmWBg)SRG
zb!Zy+WAuHAh=_;>)0!2dU|@*ddUF(%kdw#RKfLy0O(-SLlUm@QWD7TC)so`z=BH-D
z<$!*=h_2i>N@>4N;c|YR0>XbZga0b{f4&Fg0ZF@<aRYuZwkX;CxSYnppvllWWNy7*
z<lN3!2F$~z*CG)@uPp(#5?%w2a}4@9o%CzH)|mDmKUVrUtx}w-|2cpCjnsdedv*2I
z^&9hWOoru)Di?PZouZ|%s=DnZf(XTwgjWuPSC!{I>>=yfm5D4|NZcDDoS3fheEg2S
zSu??;5Kk-1aeyF}jzPk&MJ-EFy6F|Z|KD^D<2f<~dZ|XxiQl^PTkF(L&(qwt@-g6W
zanZ?ktCG?>L8YggIb58TdDwMBS^e{F`{Z;DF0lrLk`wvZQou2z$_i*nYXc!?9IXaK
z2#D&=BkSh(qWinR0QhEMq(Ilt=P~(~^nI!va7I1rayxfpxdp0SqMc*+bBNnrJ6aAq
z%V>@6_i0+^!|C569x!73`;3N!XMo305Vk~UU6VNjPx!QT;H6G_05!|B3D0MpUS@x3
zf~7=!(l{Q;ryHy>;JiQjfrv!z7Q@E;hhzJF2J{;x|H~ryD$5eGk_y)_dR!~2OG|HT
zVGlz7o3H=7KSiL7l%<Fy)B|KR>e6Q%wy6KGIsb7d3ln^R5*RbjYvA;cT}8)#BV+%K
z4JOopF%1FHw8xJEHE4Yx7%9j``fJ($ZXLh*j(9Fqb!P`!fBg4YdurZpQ}q8u|NbSo
z2ORQ9BvSC2_i7&&I!ZJ=H!Q^ecqe}zu<wL~K$9JUUMp&Q$AoL}DD`h{`oEC{aXyII
z*wZ4kelvi{a9t_K^tgVV2A|CLU+(!g7UiG+nnMnOMjfLzsL^I^)!ZozxXke#5v~8f
z2k83BRDX3CXL1x^k?W<XewWK?#B@A4m>ld9SE3Oe&m;M#sQM~P3$*De*`kcH{tx>A
zWG1D%W1(d!MAFsniG;r_&(mUkNC403;P+<rzh8Nd6NH&gLOnB2D1gxB2J~njgKPFL
zAJ{ASti5ABBb52S--hN?0ZlaWfB-*v+($S>Em*aoMX#tVuRk>>QV~WVAwh8nb@$bO
z?R}OdAj~upD7Do}wPgY9w|}RwobHDnoIi__W3WK@HQtvf%KhJ4+BYPTs{R1y?*?kz
zlVSka7Yvy2zXgXw_F21dH-PK-uQf$rm+a{WXJe~iPylT`*IhEj`tzSjX@J{{Mq`Kl
z?@iN@B7~Vr0wp?%=hag1M;H`<w_dpB&jTRbK=xr|+DK)Y!2EOl|M_GHcV6YF=x5db
zame=<S|_hc<*9}gnt?%&7&^+AMgs{^W4TgdKzliy+>u6CTN}5tt7~kb$$3Y#<87n!
zVOsyS*^01c%QJ20K)=5Z66X26mkcQ^!r$BWpG8ifh$2$e(QMXW_2erVtIZ-$w;u?L
z8A^W9<GL4UxY5vu78Fo6x~%Xlv>i4JD8NyS?Y>w>qd<!N!yJe^LY>{d1;2d_|G!us
z3YZ)fog{Sf00uotfE%@fL3$vH1;c1K?Z>O?UX1gba|?(4U9^1IiFQ!6+jEW=a8ZBC
z(KkVeoBQ4O4#NNa$vyK`miVQZ?ZQoEDW@AW0*TBf7rSuFP9I2h>OT&xaGC$wM_g$C
zpg;F<84B1(N8(pmf2JV+Y@hybe+7yF`E@h{;*75b*UU*kJHjdiv}j2+dSdR-WtW96
zn*)aX_64u@&xH_D!E9ezD6aeS{AXGD+c^>Dz7a2Otp3B~1F@<l916<^n2dM+Avp#1
z?we;+joy!G3tSez*7FnM-Cv2<M_(VWw#G<QiT~wVU?kvLtX514ejs2bqS~6NLVVN!
zpy`Rvl66v6Mor~%owrV{`AA%<`^@P%(O=fCUI4J1I^w~k|IsV|-xngy{}hKZ&5HR(
zMkb+WT2izzl_g}m#U}$;wMi}vw#6V#jwn@zXM?anJoU@PiAw^KkQC!e%<w;$XmK;B
zu_AgIpiuuKPSbfKg<bD?AHZcL$(>%*8Wk1gaNOP?yjSLrVs;K8j*5Wr=kfc505T5l
zTo?ZpH$UC?axT;z1dGy53Fn|WhUXf#$Wn_@Eh5hUE$JUZm1C%8jd)c`!)G<Lk%8~3
zj52>dv^qQ-c+O(jhO`gs<OCI%*2!kV07gb{x{{y-4&`%5Y{uEnc#}$xcPs}vd4Mb~
zf0F63CdbMkhCmklH^D#Ge)R51E&Nr4V*ftj6w>9jL$So*xcq?zSotp687i&Tc4N-@
zdY6EM#b(jE^0fROlv}C;!I&9a%l{MO--^0`Ci!w{W3^j@y?ouOKV?gV+^2DSZms}w
zTprOt;zLr7&20oaX>I)4jz-1`7m(t*VeUsUxGRP=;Bi)?71@C(rJvAcUG`o?nr_(s
z%J6`@Y>okB(#`B#p6>7S!+`==#CsXEWP@8#B>0#RDZiRh8VxB0y~C-=4ArQb6Gv;i
zJs5<!u~>K)-0TowoqiS4GnMWE$)bR&r7Rs!uajl=_s{>m5C5+>DP;1w<|@0RYk0Ai
zH)n;_?o;$8RpN11y`@sc$`x;Tb+e&ksWpP_Hv2^QY=zazbTdiBB1UZ5?nT`%f95eK
zvWy01l2PgqHwqwA2*&2A{KW-uG3PvD)DIHXUj^i;2Z$}m%KEb9vp(#I;ZS|t-;NRj
zO=`kXe7S`XuU6!M`P0o(r2u=7cVwLLS2hs23Dc2xn#-2GIfhs3Q*YI4*{4?q8(T0l
zO@$!lRFVt#c#zr1;6TRz`1<UJm<|<hCs*uC;?KW5w7);};e}u^9?H^guq!rIE7Q)i
z)@hoSI!VWsqu0>{qO`(W9A3(Lb*AL~pCg$qTx_H{q_Mq8y~aGA%iX7Hri;B*Za|U@
zgF@yPNSCWoW!yj^O^dD_n&xpL(HGA^aD8*5SqgA&lRiCu^x|O7;@m~?(2tR+5JU_x
z)c;b|uX2Fzz70i!{L?!&NBOwmQ_43W7!49gE38YsP2!QO3Es-d5a8$XI%nJG@k%8P
zX9|k<PwK2x`Zy%*a4(B$#qAdBrB~&r!;iGUagL}n-G+jW687yY!oQ7JB1wVJ%fpZ9
zsbcJ2PH=sDJ6>a<X137iSbaF$;;_>G0!`w~BO=y26ad>vB#!0hm*X?Yy~5+*?~^On
zX}t7tJG>XO;i{QH|5XjcVll3#m!?(BfpOfK?<A@lW)7+_-j6ujD{tde(NH56O4#P8
z0g?kHfa99dV$$;LbQmXQN48su<gc)WhxnQPDhax}RLVEQ2wu@To29&Lu?TW}WU)W|
z!j~|C5;?9ul}z*+4?{wDQ{`ZY`|;$yhrK(xq}mP25R^4%P+*|*Zfu6#b!Ecpycd#?
zp*NQ>O&hkD+J#NF16L&#w5q^2cNkW)lh+H)uAjZGH!uzhQOzMBs8R%GDvb&aawTKl
zN}&hW+kOUS`NRSr?%Dn8V8Opl_l`s%K5pQ8tDbE2%LxU-=YRVqU2U{yoW$ae&g*jY
zZIg;7hRLT(jn?qA{#d}l64&u=Uv7;)aH^)W1E_Hwyh7o2-j)9T{d=|5t<!9^8Bl^2
z(<tp&i%`qX8)j945LGa?el%(VyGYcGC;Nf+=h~zlcPA=ls}mA1g8}YopaC!*0Kd2M
z%@<O2&DCyeB=bjsW{r6fOkqDwdGpWS)kyYV0i6IfdE}%Y$Z>ZvHvk@cB(=%eto`cP
zI(-J{9zBsWDtnu`x^V0-RCVw3v@m_HwVG4R&QDj3t0VWiW4b?$uwb!juCO|oq$(_@
za^8zp9m6@~?Pn7c5sOy$=J)!EX*E;nZ+%4A#6%i5i77Y9pxY>{=kd_6VO_N^8A~%>
zMW<Ed2|OAh3n2PS!eh54Rdqsrq;K-#eRtn_wRX9*L(iXI^1=}R@?a@Hf<l_`I&4+k
zWhXaY917-**J6ECEi(aL==H8=ZCv=rirC5V+woc6#6opf>Zt-c&*=&(x+FeX9dCfA
zBNsr|QBUaE@C!D{i4~lii&QC1C5eD<o`8KL8G`2RT6+igW)t(VXO}l34qGlKkFDot
zZ+-8SUiu1tei;peVg#}OHB$&6vrAVJ`!NDr2eaN68)#jje*W<J7GWdWS7*{>MWPk3
z5q6Yb<`HM@Aq<MZ^X&#{H|Xyk+yTmubVc{^{aS|7bBdo3f`0`U|C$zx3qkSh_g%N}
zc@`>ePy;1kge1QEDyXywS_PBK(_AwZAv$NRg>V-n8D6JHqw|E8)J!5G>OLUyJR4+R
zs<&pc9r@-PLnQPp44)+cEgs}uU)=uL5<s{qf8J;QSYy<0?0)WWT@N&efM<V8$nh^s
zTWbkV07OozNvvjB3-uCMD^<gJRJMidR7EpoI(i#|1A7u0em`7W0P?*Ues3?d$AQEu
zR+Ayiz;R;YU&8avTkac{zQOmR)Il0t3@MY#0g7NL${>lYWZx4tOA~y4wt%%^mL-$v
zK9sR9cg&j^bMXj@9XqK3BocMAUpj?`Yt2P24;HfP+|E97uSqAejOV9&6`drqxYxcB
zY)CD{FdnH=V<=Lu$SRr{Ba;$`qJuex`f`(Wf?l@h)rND}(vh%Wva)yyhn}#I9G(~J
z(fQ%wmNr0w_RM9Eu1K?{DA*2ob{6)40fW}}(aH@hvgjUk2F(~kntmPt$0?S4RhQI4
zxFh@(9TT%4iyjd!`y;yY-uuMzMH{Of7z~S@FNS*NEfiK2{pgy}=8oG^Hfp_+8~riz
zqeaSv?})#|emz(w(`>v<(e%!=6LhPTwyvSKz2HF|f4n|qN@`6m9T`j(K=yXsyf23B
zB*=%UUgncJ-+jA1lsd<1d}f+Ime<vj?!gsHU7^DM3J$|dZaiP+bl2Ez?)tR$hP1P{
ze*paf`>l1+K@?rGS6-9z0cnzzsMjO7bSe^p#VE_sLQQGCR14JQyp>URnVn-rCK;3A
zJ8vQpPmd?}F(?;!bc&Lj6C7!Dr1fI+j_j$D$ZYjwx;PpIeAvIr-JkD$Nr{&w^bJ0a
zzQ<;=W5pS5kny}d%hZYr_sqVjH_)JtWcs{-Zr$XOnn%EE#GY0I^D8-Au-o8q=#l?_
z7<=ouDBJg2R1uLdfFT4Wr5PGTX^@ca29cI-5Re9C=xzq-j-eYxKxygj?(RA_zVG+D
z_xWx2`JDe|Mu+E_`?=$~uC=bUqHlid?n#>Y5u7L+RJj#?yfgDfTlh6LIl(yKx0p<w
zAIZ4=l7KY}ck5rBJFpve;54l583Jxm?i<ic<}(K#hROQiM?v487?ld1{wx9bp(J+z
zppSZ_H;433bS%(8HXFpua(Gq@Vc#4KF|pscoJPLz2^c2tyjxQ}N^{QLRr$0;_{S4k
z(i~K6{>t#4tt&=BxH#fP?t{1>A^0Fv3aVa8(e7FKaMrz7Mak0Hnv|2a$If;+d~ig`
zc9<7YT7TuvIqeGkfbo-GyKyzX-pqfAfq@I4j&zhsw~v}A6Z|QB-4xBG@x$n0iJuCK
z&-TRV#pa!0zpQvPp*UtfTvG8o@y9ze#hl$Sl^w@NN10kRcKI$V?UAt;XM0Tz!dk~i
zsygyYgD>b$+IT1q02AjGg@$Qc6B*p&+F8*J8$y-9!jbv0TradUJ+8eeMq@`@lLBMV
zR4`h@K8x?jC)dy?!G3pEaQz1f8<k8@3QyIC6ZP?rtECdxN@F~OwF-B^{G&Rk&?wS+
ztx>7VEj{)r;@G!0?VxG2^3){%@#qc#($)D%_Hwso&JG<z0_TAg87<8SI2IJ^j<;%_
z*hXgUJNetK%-^q?9!Iv~_Lx>l$#`Y8)_*2Pgh#miD?ZS2rcruAE$QP*k%Nt1+qWR4
zY|A$hPOBC9swNxDk8nCIEqHM28%QX(EXNB7DlDf!wR_`tQ(1+PuNZQ_hR3{oC*r?(
z!2cfRgPAvf&|8(Y0yit<QRzzLoX{Puur<oAlE4*bcYo-bNN~AA#^rYME^W`8Xs{?r
z6{;f&5-a;Dy|glbj>>)bK*M1*9Q9z5bu3TE`)Z$MH;}2(S}kd{ySZhJCyaoI=tr5q
z+u(cMv)}tT%~JN5`F?H}jbcAXwY6;hJU#CyN2w{EG2Qcp-B7wk{ecm-A=avKPutU4
zBB3(n4_ns{)4xq-b~^&t=<~g2xxNCXMCIi#zivyP)X66q)0Paxs#E}P3DDgYEPUt$
zlurpe@fIjwMX0RkTAeASiw+iP*E^^odg935puB8oQiP!uW;$eSqVuq90>*#VBvdJ?
z#Bz$u@JN2exa-X^Omm<wU3Bb<ffeYC(y8Ty^?Zib5FAwS7)eASsVHplnqatrE=q;7
zHVg4d_NwA2F=_0F&a0MW`|j+IwB5oU?_34<Y|aQi;y%ns?G~bm^l*uu0yJM~psbf}
z<)ovu4L>Qqg3DNGndj4N${Hc%%D;{2LcJN7uiv_K)^v+lUpzfOmoKb60z|ze90CII
ziI-(dEp<-arLpbzD%8KlsSCqKiuxUoQC<+s@etfTa|?XVo?B^~Qi_>_WT%hhVnXz%
zaD&Ay=j@7W->Q@+gMX^!|0AV{i1eiPgOPmNC5xt24B@-}_#7zW^yV5l&}oDbuJjsm
zNJB$$yI(neeyQDPbX5I<8-z!=bDgX7FB9e<8mSRugVWfQ-4AXo4A%pg`&8Zy9~*Z^
zL{IToeO1VmKxBsTo3!_54yRF$u7H^UMC|%NoYA$;V?9fnr(IWRqN6s-YS>W<)RdK~
zt#vDI05h>%PvjNQ{Rky4KCZUKhqN&cTwe}c&eLg>)6|I-v~0%*DhwBlt+oZDo}bLT
zDG1Xx>zJw5gT8^{xq()!wjZY2`#79ptiPjP+u`*bplnSy1OojHIBAj1m%#?s3)a|L
z|BCp7m0s|G#l)d(gg&3@Z-ZjqJz?pAuesHc(}1EGQ0cIt65+-8Z<w${HCx0iKl$qB
zLf<2x@#NQ3tj>Ezx+w#8&dHwzd+oGRP`R&nq7CWgL{1y1V%mV{jmW;Gt$`=4W~Dhr
zT1eXW?@_SARPBY6iDD>wsZsn-nnkQY7?7R)3WR^<KpNAYa$jPl2fpOA@G>6{1(@N;
zEYT}rDu>5&D?gG(k$=W}RSq0vXJ%sDuwIicMKNfq9Puh~kC{#mGiZ(`*nFCH8qJ(?
z!Q)UzF&<dEgl^=Wh>3{}m^$txahRzr?W=430QI*#z7~)Q8X0YMPt~erjZDNiv?p>F
zuVaX7%I=@dbTUd7m-;<N1J=_@USqM0ilQ|Yyw3B;TbD<wwcYo|E4{f#q6&E$oSQ1{
zI#|`t1fRUqBd@(BTblChA;UhD{7kf>TMWr^SiF4r^i`NdETgn>Z&K>O<qbqD2KB{x
z;|Y9dW4f=Da+=h!I1WTJOKJN)C;W0(&bg5+Pqf9>7Ce5GjhNrZ;y&J<n%FF%<kWAB
z`PqfdRqf^4FDPdzO5eXrNq1xaEV>iYYAd%8#uN48cS?wM%^M7-l+<r#KWWYNJjM|x
zObJ|;6jL-a0UD|dLala2Y57$<0|`w`{l(Np`G*hOHH5R>->n)2&qw0N%mi@2zeZeY
zlX}j4p_YX!k*GUvo&PYp-hWmJba9lt3lEKYD3H?3B;w4@F4T=lPc$7un0A_avt_e|
zp!J1{RYfjLZ3xP8kH^>P)6y|2?%LAXoza;HxA-xJO<eb;0-cjcX|r6eLY8C(#v|ZO
z{qq#gpqK@XX3~KhkY{{S4YS_fe0@Im;G`wp;++euMf<IsTv)<em(^V|jama(k)C%Z
zqUU(rw7t@F$W*CL#$rhJwe{?st4=&#lHzyT(TKg36pQ`!;Vq79ckH*>XIBm8W30G3
zE8SC6m2s!yX-DO)F9pe`=cFzQGOH$6I?n7W9)~1Js;=vgQ8iqR>f`1DIs}duRBg(M
z_4P^J*}+hq?6!#W&6o@RYgdmARw8u?AoiYo9>pv6c<J0|A}bhL8Hi7ff?Ps_aKG2l
zJkwfqz-D+c+^u!;AjDup<+;_im~yUyANrmZ1;U>Z(zir#u<&N%_k6Q6ko7|wXWU!#
zIFtF9vY^xWDgOB8EPH51j0;iNShh_vdY+s%u#p*3>|ymaw7C8KU#t1Ev`BCqDwzcK
zcn%fk+}^r|)&1yB8BRecHJ>Uo6E5nf#o@D*#PIUf!TaZ&`;`M{1dyi;R8;x&#`=`c
zwR=16ox8a-<!fz9C9$`s8qi9|sZ|!xsPVt7kQROba+FlvAD{D|RM-lj==7A5&H>f!
z6k532Q+D*nV6A2dV~-=H(UKScy0e1h7+VeF&m;6fJj9~)x9)$6-KjWf?r}V(gvWPn
zCY3ha%6kY@mL!MQ$r<PQmO^jF=@!Gt-mKYF3hC2#8QFa1zDEVf-{dLwYpc7dzDMQC
zS({ACwGUennDf8Ff51e3u>2`Mczr>h#G|t1!+&xqp!%2>dtile#Ct!=EZ)<`77e1g
zUspg-M+KobX(Qb!X&PHHvx5te;eDA|5C2_g&j7dI#eOnstQYRZ;!i)C%<Z0P)p*uc
zJt0L}9yT-P;LPfc3JVfMmd{ry%20+*vVEpbaS0eNlN3TY4i}oKE|68gK?J)*uJY2T
zCr%Lb-Uq5D8EaOM#}~XG>w!Q^AuR8K2w*|wK(u}3dfo{}uX<P3GtKPC@4EV!@;TLM
z6;zw{nT&1q!5eM0&{^?k$y`oGW+Qvs)|7Bm)s}=4T;jJ|tw@E>c|KY^#Anp{+B+7U
z+)i0C_Z4h3WQjNxrVawhnzIZib?M|>=@;`}_fT@Y?8OGgxpe`{A${(JXvxIVVY$nZ
zDOa-!f$Q;lW(4Sj`%<YUwHbb|CyJqotk!WOYhSa@=n=@l-WEPP0AMV6`<;gBlIPzn
zbr=eTbCEAs3ae(Qu*m&C2p4>NfMT>?-6}j8nb2q)E2^7T5h2mGyVF<wA}WL$TT2#*
z8)oJU_ZeKf53WT>#ElkdyRQF6q(?iMJS^0%``i{xlpn~>Fi{r$TlL-AdrE0`*^&wA
z7iaGR{r#C+W1|7#I}d)e4{}Ni!iIq|<7Ow!8!8fh_oVncJ%B5|3le+zpEAh>gB+sL
z$d|i5Ck{$wndw^7TL;7y^G@{@*8Uzpn~pUu?Y@uiwH$MN_#HOAI?XG{FVg?Z$@}EI
z-VA$p<5QAFe)!gWYaj^gA9K;SQhjoM8cf6q|Mcn8he!M)Z9&9_Tt%vj>KrD({n7Zx
z`O&Q@rNi45hO4aeqxJPw(={5+GU56;^9$&J=7i(%WsSlE<DSg2Bg8P(7`0n=3`2@E
zP>wPaYuRIJ+7DQFdg)#(?+w+eX@VH&8GlJ>;tzbkp(uB}iPH}GSXH8FjOMUWmMM%k
zAo5FiyfBd_K*XUPtG<SW^6CgQJ7~0$dcRp?S|d#x>$$AQSQhV%5j-F6zd_S!oZQEx
z9Co_)(H0HN86MtY>FoNQQbOTv@!x9e|NcT2vYWwd(-vekdZBX1VPjZ?V92_HLD0Q1
zD*R`*rHF{40k(59s^Je_n@cOhk5AozEakKri~JkAVOD(!2-R|X<d;^oGJCtV5gn&~
zRAMMg0Lsq(!>v1wUl-Hs9)qH&=iPhJ%9L(h;|fNYvWds>@vTDo1ToDm*F2=^u~VZI
zcr6;ge}%t@lH?}p4Yy~-WOu*(Xt>um(A;vu|2)q~k4dL8s!-NqWJt;$lpq;gj%!w;
zmGk6Ze5NAAfACM~Y#yzePAUji`)2J5Ntx=zDmnYb246sL*o<=~oLJ;KeqK9Fbf!tX
zk)SkBznx6VypvJ+8Ny5%jT|)!4QW0`s$ltk>Cqbm61mD%!6RQ7$Lugu{nzOUx~=%K
zLr;dhw;G7Y<buc^I;GXp57GtR`U;YN!0D7CZ-$uh-hWkydSrm94ZZdkkbl7YYdL^f
z9_3>SsE|fSS2zaXE^P8Jn~lk+4vgjHPcsE&5?}MseA-_`V?1drEhwnjnrTYOl7bf`
z7R3||w?ZL5J|h_Q&P0S^<o!{6i6vpAE244!fm&En9WK_^C3#iP@gvt#-1RK|+LO&B
z_N8*azxuizd{VbJE!kC@;;2Y7vdRtZiQE|MD?jc@=3x?k4jmTcKi_?0X!7a#Ni=Bt
z6!Acyy7afe&`PZ<H?dxbMW{W;meh|VkvU~uMnt600<lxoC8*I{8mb%A$KP5kn7FXW
z4)I*G#@2ADr#~W*MW<6g#+j=$*tH)^V*4k8S}F?LWtd4O)9!TOXQJ!?EWgrN>bk;`
zC3$kUK{MLrpquzmVWM(fn=TDE-W<PuM+{NPw4;MYUQWWk8@`+QQ_~6&cTK5C==`PQ
zKpjfD4nxulZUSdhcT1H<4ju&3eR6!yA-K~{r$4~q<<(>Cz(CuZjagGJ@tKB;M2emJ
zpmnJ?l5LXDdF8FPgR`DtjmM39?W+p=&z-<e`t8yB$byqHF(o+;y{^a2Rcyz~A}o?e
z(AHahI>g+c+K)EnQ(gguMAMs=Q+%d(vj+-;6oWI(c(K805~|~QV;y$#@H$p!A>={w
zfDn%m>5Q6#M&%W;^<9NTe29_`v=8_mNgXAlF#psUOG6+hS7kEy5mdG{Yni05G!!}*
z_oUD}SRZR~DUxVfxTH*V@?8B6s9Ja0cOdCrQ7v*^(|LB09MdeUx?`p3Aa35&<bjf>
zUBzdpZ}#<^Gvt$S<M)};N{g|Ull7~X2<kN!5FfPHJk;IzQd83u5lXGp&bAE1_2suf
zp_8yXo>#1}lWprqC?9z|l#=XvGG(c~i-3mzMEbC*Cs#3>u5*zN`vx)M)Yt(ju(KW8
zFQ|MeFSU{$yDIwuTkS7!r$7g_oL>V__T39H{RIr(O-_om-;L48qC-}?FJvle-h4S`
ztkCYSOBjCV1+e>3lC&qX!rJJ%X}oIN#5?UVcyRYx1no1kq9nuFj2D_-zja^tUgEdr
z$g}5!!nh3xF7b4|)gEEuk5rfr&3_NL+tD1*0s#$Of{nIIdA6Yn2tAQxtw*+mh2&2=
znb9GJZDrMQc=-(223ZH78ai6q;;>Xy;&Mbt)hWoD?$#C8M+aBa#|qDop(c4|SVF_P
zk5?Cx_jOV*-~UoftM(Jmo<1J`@KWe+zi1kvg7UXvUVbTKM3KlgeTLn1>0GPdQmEml
zBo!`=6#;AhujB)<DFsLSDM2BV>2Z`d%|G~_%kLg6?6$j=zc4%$+Mc)4Hh36CAGRzb
z>@U{kJEHP&?vHF0AM;kb!P3Z?<g@CRhAOiG1vOU=rI)pYRBpOK$Nz|%_*FFNJyWaF
zXCr!>^J?Bp0&&$=c%8=aV{Ypvj$e2pwbKGF1klJcF!K%PW#m!DsY`Z&Htd`AIQd^M
zxP^lbLBgG&g%qoYA5+}4_nGhze{TN5=K;M<Qp=E!c@G#T%+sqUd~!$+v8>*5i+Ius
zj*lfz&@%Q?Je^oG<!b+_qJ88Jdy&SEWwGwn{dH3iXooXV@`b&0|K$*KK>j_sHs@i%
zCCjkLq=(GKCL5(xRE~x~RwOLWY^*=iR1rmcX6@{8G>yE%qprs9MIH{;D+&G18H1Ts
zGdpdry)phW=hJUKKUQugUSkUs5kw2ga9FH2>6-=VqRC;7JRMB!0i-IP{1;(YQQVRS
zJBo299!Ai9oj{8=$=-pqH_H=*=y<g_gz`LM=Gl+xhL|~^c^-|c?(7a5s^Qx-(tta}
zOa`545SMiggj-BThRE6ShrDQRf!=jrjO8Pms=n~l8*N1t-e#OFo&)?hLfSfd$&RcT
z{Y#uhzV+t1_M34CrFvmB2am&#WpysG0l!QE8$J4tJk{@D63!Tp&MhUAmZ6gRL||r?
zQMuBSoDN0Je{`MhXIjdz^A)z)_kN-6bS7OP_EvRI9xtVnd$q92<+l!WHyUh8i08+x
z_&N#a=#i&R2sOJX(wzz~AC&x=DUE`9hYdW3E?mZl5)%Hh1Wv0|D&_JI(^5-I>nT0j
zwQ{kH#d(V<pIBSF9LfeS2;fO%LPE}}K>1R-hSM>#5Xhk)P)H(jj2`aP4@3&HGYWQ0
zlp2=pF}nt<<sgrdvu+LUg|~_%SINh%0>9YaOm&eh^HFY(qT%mjcDeZ`#e7`wrBVO@
zK|d#dSa%B1O|5e*e&@Zj@<gqi=A;67&56(twmmr$b7XBl!GBLvreMOe)DS~K+;S3A
zeqPk&+x*hv!|CZzY&@6!&r*{vu?%_|pFtA@yk)-}`Rwy6&`KTsO1^T5Q-=RYnk{*(
zg;@45xi1BC9`!H4co-LISKRBsVD3eg;F@O3pgM=G`RGRnj=E_A2fnWW=>S`$P_3w~
z&P|A3iS?O0jeKc&!26xhvY3ZkOU4`3WlI?pfiS)3#ie7W$UVIzW?dvrj>#ynjsWOT
zDf5c;F4b8Hs2!+R=%CzbS@%+7?i1wO29gpGmq^)j{Bpfk^a=~fxL3ND$aFumI4FMw
z9l2kf(;>c&fA;{UAQna<d74#4bkn|QB#Je*d-!n=)1-jkL_Z!;mOIxF#Ue90*;2Kd
zC-fc9^@~F=ud9PTo;Yw7a!aO<GPBsErSDDVV)Wncrvj#wvw6&W!!^7(ZlQ(yxK=s8
zg_9;ljh(tvy_LD;<@&}=XEK{&72o&FN4>VXU$JEZ8U>UKeilV7X;YDt*+_nPNS;B$
zWgbVU#({oJ5u)aVy+Ky0gQ8XORX!WvX1-+ZNAz2HWC%G*#Cx25e~zz$=1XE!&z}0I
zQM+CwpN{d<tN1F8mNGl2Jt=)nFBNrn4HQgh?tZ7))=x6vjBX>vL;51l&1S$1p{h-g
z*{@VqZP1wqWoBO$&FcK377LFR-3gJBvxztPV%viv9i@0d4)OdRd{_0lKC}r**)|Jp
z@@+u`xRLH|7YWJKbF>Z-%t>P=S=(BQS<Q;80X70t&vu*^8mf}CQ3(sf12X&5proe1
zR76C|$#sDTX8DIXp$bbW`jeEyRtrA@p1oBk$JZYSGDw)npP;pw=?D}0%!E2Em`YC?
zLnp><I&I(Srt06r;|eILS^44G9`}VOu*G62@QDZ?c^7u4Z5#9FspSqkLFA!%p%ch<
z(**cc9j$7N+u|=C^%ioIOWBv(JNdzUP?}_=)oAEPdQshtf$Hvb!G|-qi7Fj_I5ZZn
zQmBzD{29m;-Q}ICMo6&vwpO*xq;l=elf>khsZDn?Ras>_C89lSx^chj#^+YM7FWP-
zHXL+*fXss?$^yr$Zg)5CH@TZ~h}%Lw-`L<viJ^#TGrt1WisJL>qsySzqEJ-zGsr?G
zP%%JSU^AanhNc7m>#rhmg+BGqbo8q7^l&x!`L%BIkfgD)vCbAL?I06cy^3PvE+q&j
z=YC6D>YFcdAwa)3Q8bhwy%NMM!YK&Kmqhl{wr(b>Jw>Gs6>hbRA<(U4e$|cH&6+`n
z3RM!KUfb8e^`UZBU8jNm;^6AyC&}_o3#c6S8}kqdpKu2^3p;IFb-KK&-2yMIHpS3n
zU7LkrFCt%LSd|^l`4W$1|Cl{_kPqYCH;-AVLjJR~f43lz|4+iHSJW-wpO#S)N2BVU
z?R(pP;XI0+z@m?$_1bkmrmQ@Urs&J!LRB>_RzBB!Ufa`SlF?#c)Y4uW!l00lG)A6Z
z4CI2Hy9~YTkI@61=ue+KAwDj%K2pk(B5+LP`EJlECmgsi>f(#6Pav8)%i{>k(8jei
z==?l4*V!F_%c=H4tWDD{{9d|fumNW~_b)Yk0{;?wZc04dinj_VtinM#KA>K!@R_$S
zwPB$a{%_QyMm-zCytm(!pZn40<6Rl8E?%zkV>ibIo{0W4qs3;uwciPXN?-TsVdxM$
zoMJJoY)3is!+UgnyKm4@>4Zi?Ei&v}n-sUd-Ydn;NL=Z9a9vpCtM-Z6bMcB6&-G^+
zYPZJk;h#`H*bYLD!MF9wRo#GjXcx}5Og1lsML_)8Rv3oA6emww9y~KtX4K6}#Znmh
zK2VlCX1vTe)Fe#%NvSwVy5>kxR<(;r0ZGUT><PA!?TW1MW9*hz-L?MAXv5}E5@OW{
z4?U)JH+rK-n}ZR_MOl&N7DLKAv9I)Uw+7$PN0u@OwmeQL%@LTSyZNS)?s2&%Rx$J6
zvmUx2PSXDL^Fsn55w#4X?p8~aMoX04qZfjcO96G_XkbOt`QTjsRES%(xJ@?7zMN5L
zP7(eP!bj-Qe2*^&2ftcResQBjh3SY2qt=7{3OnGMHZV5_{YCc+DN_+jh!<YM^0d=Y
z7$p8~t}g4j*-;ncRbx|y$oj<OQa~}1-vr8kkWtJ;E&;&OH$Zn`EqHrsXxSVO&B9Q%
zFa#Ci;G!w1sTH(mBTH!V(Ma3(^uF24%#PlM7>fIwn#Z`w(|hUd9gSu2?mffUt-Pyq
zKfatb;8`X2z9Z%ema=s{N)?!7m1e43JmS$Dh&?gfSV?(-D4-F<7&2(+t=pl?zbY;A
zsTcE5D^;p6{_Zq`sQ7W}`eVpm?-6U%1oh7Tbc4&fURO*cwJe#9nC;>(-Sv)MG_=~_
z9_w)XBJ_5OLc<UJiv)x%Dv6ZOjl%a!OAL*?Ejv$(Du;em+GU5JQNdPi`GDYndTf+a
zMUo;>%l?s~EQdm`O3mj(;k&Pk4ql=|v<){*FYI}V)W`pGZf^i@1aNNeZxkDc9Y!wJ
zDW7axsS&G8C;|t7i(kr0O#?JigDXFyFD6U{9UWajp$?16MU!7bj*A?K&uE>WfGU~N
znn)N!uK`w}#IEoR!4;aB@!gC6fnwagB{jtMq&MEdr|O8V0NmrIY>&ITY1CG1lDc|&
zhA@m)G)P<icYK&J&ZCZ>H8Phh)2x6%5XkVLi}lfIfqL0z<2e3O<gW|8aNaN7amxyc
ztO9)2?=L-T5Dyuoa0G9eQPR%qJlL8&@ob6O+7|5jfohTQTu0%%%!otVt^v?y|0Cw~
z_prOT&p*K0?9;nWzOZaZnd}JJN9hmMF>;zMlcz+~(N&Z;s+g|cP*+N)rB%3$<4`So
z6g*m@8S}T)Ig6FK+NZ_M=l(_^Rd4%|=>Eu>q&q=bU;K=5e=ytfuzEp-jOKj^%Z>Rn
zr0>Vj{qXM$>F;It30qaL4-kpsh$JJEJ-Jv)2&6w-wiwxJSgV=QFwiR>3Po8j*P!|6
zUHB^Ct-Lp}ft^a+s}OB*$r}MJlAgIn?~31*+T4beW1}F=r&Lj$LV=~<e;RXimc(6j
zeSK}DvNV|+Xn5_SIns*P8>$vZGkj10lWirM5^$`e|4t)i4<hIziCjrZ-L$Hy9Z{Qi
zdO@ugPOmhT*fm7hvv5az!G>W#pY&cnJ(JtW`LWddPTzT?>(M@ao;r&n^?m9w1$~Rk
zX4;W7H7j1n&A7E{gt?e6%&Ot)<!v#!2T^wnTH@uF^t;}G{kZi=8IN-$Pg$}?4JS3D
z+AwO@GKH_>QG-;}dM9HN<tuPZ`UQ4O?mjrlxcm8mib#}Nt$^eD%n{{yR1KcUsexmD
z)TT{U&ULp1yU{W^mn~Uy?o4#;tVo~-DMF?`TKlQT?r+;1J|nZ-0dw8H%`YS^vW_J|
zX62t~&Lpm}%jKkpH--vd1S0EBoj+P9GAIvPHLdjv#N*$j7q-)xv-B=C5PSb#besM(
zuhAQCa_uG850QOa<+oHOg?_K?R^&kuWG##bUj_&WT-;3dZpWyGf13FHeW=p3QgrWY
z&p@^LND;4t$ANT(BviRr{UBZA#_K`>n3BsEdC$zPq_6-{FXhUj%3d`R*Nx+z6mAFW
zWvz9W@%+#b;~K3}`}lPy%XurYH=kQHTg!sd8B`_y*BUE*=sMv(IZ~jV-B?QgyuE0u
z%KTiNGFP*S%y1d44eL{b)kG~UjhG@-(%5Q84DGp?AB?p<mGwkqfA4_T6$pl`mr6|z
zg9m>2XCX@8_6Pmt1YIP5e+W;EGK`_e7xH=FA%KN7GPa;q&w_4zkOC~&SiL!24&T1i
z)87{C9IJ;en5p*6=}J0F<uZXbNY4n{2{^MnUuDOgOf`u(j*VxOmcN%YA&=JeU1;%w
zf?_aQDFZn0#cq9ca1Ayjuz^gMgaQ-Va7Rg(qDc9HSjSX@Ypl9<41=Zwn=zGrl>vSJ
zA|{o@SPZ%F*vY0{Z>Kl5-9Z8Q?2|tP8c%7YZEz+=n+Q3-(d6&qkBMCyti^`Fr%g2D
ze)*{1r>n@`Y+cVkC6_tu4vS_rXqOGgKRGBRJ-fd=tB<e`(H7R>C$M6W6RF%23$$=Q
zU!&GIy*g3R=RKLU8>|-zL~a&N9yTQpOs@J^Qsz|r&a@bulJCDGX*5|Ti)@~D|H02n
zFgh{t8Gm0qVZa-EW>99xB45z&e}Bb6YxqPft77-l#&CyUCP<4w?mMHRZL!5U+@8SP
zmt6bw;APQ7ejt6bu$y+Ztu(<#4E9Ljqa4?PE6e&5P)`<hb=-NW>wdZSa}AcjG2}Q}
zYIvJE46vxPWH|^w{}2<$*^=;a#BvG>cug_l0y8~{#$3zhV|u(&zQPwLJK406)cK!+
zoImL5?ajAFW0+u}`(r9jY6gyKX#Ku8KTqIgI&`oYbG!xWq#jx8-9O2IlxX>D(6~|&
z&g9?AG!85usCu6Ijao+)?^+x1Pd->#od!%7sRpE_>F3-~+pU?m5M`HXRGf=Zs)fUx
z^hNng2UFBUxq{UOiMWl*hjR29Jf6Ek!kC@=h0!rE6gP%_P1il=Wc8X`T3YOe``2m-
zORH+=-29fi6Y>_glG(H<QuBpaHKQXM-|S59C?wZ9(7yTn(5P?m;<K72@UagbFWxZ6
zYj69EC=5x0w2MNEU>~F>-*vKGUVZn8$`p297RRibB&Xs)F>~H<;p$Y$W?Qy0n;PZQ
zv?<uCa=M<(^<i6480miJX3x{P)S;ZO+{DJxwzDVJ5!1_;_)Ra(GM)aU%8(a(;`jip
zT&M(2-(=x0&2ozY(IUzEkFQ8cUknw^c$OOU2#uU^%``f&Y04efzv`Q~kZ&FU(|%hP
z@sz13DOeDmtVgRcd2WEwVPwQ2f5H+`x)XHm8_qZUF9ZL-tolDMB78hSr0VmaNp`8j
zuOHO^NAFo)I$0V|43rwu0}I%fP>IVxQSMWs=|0w=<`zEl&F0$%qF4I!*p!k$8oTHT
z5vvl>GcKsR30qp?gCvHPTh4DxjvoYGdnd?G6CENJ^wiS!%JJgZVu`%}DImK^vwz@W
z+=yp0&f00zd|xVr(EWjuz~dZY$nJ>XNr^5JG`%75xD*69ggltOC0z$qGw$iPY|&o>
z)o%vNzKjM(A{bdQt`}e=&(bMt;aY%2;wzt&Lw{dBjmqm!XM43MVB-^sTUdB@bLwM8
zJBv<I{lvhgOc`CRv$s~(2?%t4uNg;!#n1vP?c{mIC=q4<VvJQCn2CTwzDH(p<7Gcj
z{uj;UF=+#$N&_RD&2};i78{@zW?n(<E;nt8Qm+Utd~V$N1v^NH7|~T3ByuzC?TBk(
z&sO+gjG~dl%*PKM|7DFAN3HabWoo7s>AjO-A=OIwF@Gi8$UHlLjlx4)mB639Ho3B5
zMvdAGq#z)`ny9ucW-LO5Ox0usIY`1b{?O!jC9$;Sj!6mmKKa^OKx6Ll>q+{ML;J`O
z<y<m)k~Z`gqxzwgc&+wbA4J|daw$62*e<<wKZViTr+@2<`+`R$F+HE9tVRFsl?Qy<
zINx^sk-fcrxt=wk*1?v;T7@OE=u#s+tYx{-y4qK91D3M{wKWE!G81V^#AVUD!bjSl
zccsrXx_E6Dz@^;YnG2^ksY_kRYO{pSej7f)z|TF|1-t->tMg+A()-~u2c1k!zrTJV
zMuI~4PA(55<ft!N1Ezsmgra-_+7NU=1M(E)+M3mn&N@lp_*zO+wgvWz+-v{MK@0oO
zff;tUXB`BCbuZPj!375!J5Nh-qdjaMXrn)~qTw6_0VP&tttH5BRE7;jW(P|}>;T`5
z0<_=Ds(-RLn8)bwYY3s2G;^-&7#=z%*wD9{nm&^Z;Cf}t=)k)*B=)mR%e`vWl|xsh
zk>zOPnU(VhYY1O#{|>vxzky`wL(PfCMySN%2GxJ5GdD@I<5*<oTQ26W!<$;cMi5<D
zHng|8N~5Vx)$R_?I`J1<Xpp*wV?vKFfhns%?2UG*=fcWyjbWp|$>l6sH3uNWM$N*1
z^2WCjlGyQoZ8~@*_zeQOP8e7ssE3c&2Dra-LdEi_XKJaW6PjmgOG}tpObY*PWYer?
zcJF`X3k!kc;?Jw21G4dUh8D}~h-i+!uNC&9eRE@M#;d{GR&gTvs>OUjTf4VhR*PQR
zgNCm}x$W|7hBnqVVif>Z30fivtaH)mxWxKZ17D)#1a~-xmw28SG#)3^+>bln(#dk+
zu_hBlM!Sb{s9Kh8I6))DuHg`+4@VWXAs2?hNrQO6meNmn7Zetn>8p?HqG)CP(X?A&
zh4zk4^=1PtTCekwU$(+}VAzykNloLBh4#^<<|;f<ZNW9QM(7!N^S-9=0p!-0%!N%`
z2Z|>_+=M|$Wa%Po`Ys3wcE`zAhPZE0j6@7*1fh5i+mq@bGt4)dXB~dJK2$6Qgn<<5
zf|`Z55|mMpACz6p0fN(%ctD~$mc}w5X%^gOf#{=znB^5SqmTbDD{L5LFq3H77O+uy
z&B(bdIF!~e*<_It_&pj6^4>EQh8SDW4*Rt2U2XQB99dTOSA&|3Sziv7rt+tlLNW0;
z0LOw#j$|RX;<2aKy<GdXepBzkYJ`3vdRlOE3ozDI{1QT>{Cc2T%0@c{=!>zL1=`AK
zvXw3_OHC<}IbP4g%kTZ_{;@WeX6@<0)uFLOkT=<Jd6Jl~Zk7BxLQi%(weE@D>k~1^
z<LBKw7?r0?JGxlk14_Cya(+$U`!qJRm#av9E47v}@T=}3^Cgppq!5W4yKuu7sE8~$
z?qUcifLsF)Vbszw%=MV@GWc8H*NN4K`0W$QWbx@o{d+F;M|i+-NVDQKs9>&v6qZ7D
zV*S_azNMD{A_gkGSueA9g}Y^v>vD{TRh|`nD_q(F<<*JojqP9k(`N_5L<Px`+N!Qc
zeS6SYV5^wDk4r~Grm-SJ6ph;bRE*EJXJJEB%UW|f{rs}p*5g@cNd=rS`N@#(cioVr
znzvL~RzPddX<MV}I3awhU?g`!P8ze?@rcf1s@_Xaf5F^v>-f+5x(C+RQ47OD3*C!2
zPS?Y)fOis)2I1{<67^_)OSJKq8tWaTcCeh9TQW*wawfKE^I^B$X&>gCOwn}HnrGwr
z0St;mPsL$&-8<;H)cIo-^f9PR+(*ax`h@Q^EC7c#tx{iK-}#O`)MBPl+hPKns>4$n
zq~*%b<F9xf)|If$g1G#j?4Ca&-2FMCR@=?iPF?y8il{VD$G0hCvlus~Q`fB=W_R3t
z6*()9qFC$brfl3EL!2#_tB^TZiTa|}eyzYLH<A3~dyy6xw&SM%%A6N@*q?(dg8)gK
zOzI)sB{J@(`h3{fUbp^Q&(O#G21h?w1fAEbK4<wfgBRqaHZQ1kk2lB49XjzUif)wh
zwBo0AoeZ#pVvr5%08mUJM1`gUM1rqs?XopSJcNS=1E)A=3?-TOw{b9jfKv+&S`8ev
zUyoA|_nUxfu{dCJXTDrPNUA2QOsCvaSEJDdmh<Jab*D0L^FYbk6aG`rMP4Wf-wU+s
zUOG5)Tx&z!e5{Omlxz-D01PO%KqWnx^{4U@Wc~<s9K=fGl7AK*c^Bvjk?^=VibXt4
zbQlcR!lJ6RlU}n`T<;(DtgV{7#Z466Q+J7ALRDOCOEiCi17W}#ugRZT$h)DOE+Uv;
z`b@p=e6CDr5`KMsv7@4I)EOg<7IAfT1#lQJe9vh$g<JLfa*!|tDa^;qVawgg`2gr*
zd6Ld7FWkOBEhUFHQmj=Y1P(?8la|svo+|rYUuOAr181FaSH4;Jpm9rs;WS~d+|Wvd
zXk7JDAQ_JHyk{q_OS-EQUQ1&^e=nRP(5U;o4O$H1;&4=T3SfuL6R|N8Ct7LP#1aKn
z58zvxsfcGaO!Ig`oB`s8Zu`*$xo-R2ISB=HNN`%QEdQBr43woRK`lp)%zZmZ1%l$Z
zE9?vMvK)=46RR}%;-ken9;VZ2e%RFfM+QH>FxXn`-IeVMBdE!iO-Tdfl{iE4-sd*?
z&|&q8x_5upC<|WW?1dl241Z4&pEQW~n#0IQ;?E`8s)zR-qYLx5*oJ>j*ESrim=Y!N
z#@51**CRP~_~=M9;7w$OBjSUl+I7c+SKXXLwH$pPZtmVw=GP!s12?<!bL>JB_rpr4
znt=IW2Eh~%)T}I_+1n=CNE1$$Zu=%si8mgGbmm-Yxn&x_uBJF_6Jffxbwy*6&8s`_
z8_KV8mBV1JYumGVx)Q(qVwh`5BWmWY=*I8uV}OVJ_WfJY^e*Np6B<PYXq+mbG^K)<
zCgf<p{-H<iaky{)_OY%W;OmT~&Ap}M`MveJbz83GD5zQ?;=2@)!8beL!tN3|@<kC8
zgoi30as`Npp@s6Qgij4WqSn#TsbD}tiywpHMN`NU(Cq2%eL+q)6gG2s?X>;eW3nL~
z<*CT?RG-X=wOdmS(9=chrdHD)X+PgN38yzvBro{qkiIlVju48A>lsPuc$xT?Z|&ad
zbs>hm!PJ+m<5v_?QKM8gdfHr7W{<V`&jM+mh^Znum)IP}u|!cy;<<d=j)`Sd7n-QF
z&{wtSlc=7l)Ye3Q*p*SrhJI}D#Xk<92a;pnrMV|FbdH_SB1Mtk6froOCDn2<*uvj#
ze$2O;PSIdS5OI=Q(#ZR%DMY%kzdtbo3<YYehcLgzP`>lGnUVYo%hh`e$~?KCwZ$Wg
zcavDbS1Fi~Lt*DV(HM<Xl$)OJ+dw?olFZg0Aee?~ay)+gI17}%bHq`}nM-a1QFF8)
z^R1Dim`o1cv`wc>Mxf}W>@AIzbJ@mN*Ti1ES*ePzDl7*|p#5!8&&@%C*m;{E7N9}=
z+(3s+Znq>;?f@wxP1EH(20%0FoDYoH`rrZYPwhgfr~Mt+iTK`sw?@pj(vp*VPj3u}
z?Nrv{aCW7prb=W`SXvljha$|eo|{Src$wSe-8mUK*yA8>Hd#C)6NGjI>(LigYRNzI
zgJCyabu!t_T#BnJ3sT|243+h*h2y|Erg=gM;0=e~LSshlXj3ObfwfcK1sTlFQ!~*9
zQJe4)?H<vh39GRH4?v8>9$?U}^#u(i8Pnpj2Uj#m)Mv@`j6OOW!^&u9l-o%)2T~>!
z?oVaM>wXE%w*@EuHiHV|NSg0YIF9~KEq6YkQoI5YtkeUNqT4fdoy%#uD(}&LA}8QX
zYE<vK9`S^sd2XqFq{YLfEYL!DQ%OB79@d^CN7Jlw_j1|KKt+4Tc`fy9*lM=4h@L*j
zG#ld4wrlX?20^L%x>sQZcW%!9^95xvA#Wj-!-tbY#Vn~TL&?~@gE<LJqSw@IrYBny
zvPX!+#xmnx1=sCjb&P+O`AWY=gZWmO)3sKiPZ>xqnGomxnFFv$D*C&-GVmm}uQxAt
zh$7zAo8!2@vN>+qTd?1q@mX(Vl&?pQp1Vd!xer~*q|+M%{6pKywNtBR|94>`=PGE5
zI!?=5Ah=|cizyfzrSG8pGG9m74ie3NM%U(+DrX^8L-;7=46Py35S-U_(CWqO6%Yrp
zUE#5yL#Eca)A{Gthd$f?^;{O0Ce8JOiJLIUR}Dc_Aafn@tq#}`=SaV)yQ`%h>!wAG
ztk<mM*k#K=DLzqLvJJl(7HMI&ynI!5S6&mKGB@*qO#Piar15I-`FW%BLld5yGWCd@
z*|*xDC?>wsFd_zfZqJ4INa2H~@i6zK7t~wv_;D;&-TnnTK9bxu_Jt7_^9DlhmEosz
zj}XH=lNc1IC5!D>-(z0~&dPeb%U-pr91GJJ(2hpFVx_qm-zYBo$RhVL8db;_=AwDr
zPT`FPrNR;PMo#|)=x-O4$x*c4!f51gu{%GLtFfaXGHCE{3-2Sw)fQmXKr2!=O^q|+
zIsi2u>QlcW;ydIif*rGE&ymdF6<&DN#x;gbRjUx2tyV&NFBRK&ZDP}1;eo4zjYu4g
za~(J*YjsWhJQM%G4uFiH(8}TJUfD*OmbJI(efBH-h0#f2bVB?V>pNrej;E{!{t2ru
z(pJ=G;xv8OB!4|S+Tgb>tpB%U^usXl*Bkg<jK-UH>Rg=57Up$eB11!AtE&92Dg~&<
zdrEOEHE)WNy0O*9m~9cjpaNcw)N`+nb&)|z#Ed;P;wG>vYQq%kr@OY82g6xXf0>z*
zlea&b>%k(&)pigJwtT@9)8dlzc*c!$h5{$X4Roo+3IC!m0|K>IbSIv0(rn>K9@_Vt
zqb%#y*ZR^qS)pr&;DDs;rILoHzH4wztk}7}dXQxSvkUOxJXt#^!p7^YL{_c#7bzXH
zTc!&%*sH<3IyjjbY`A#lGBB5k+M5No?fb~cIqbIYpc`(p-|o8Pi`5(Qz!v{mH4<M+
z%))xJq&a!Znt#L&2v_zSF^qOh;8sR7(QlQhFlk;qf9+8;2&8Ce9i$5Qih+>;@Vi%$
z4qtJNY?IA*xXK0*{iP*A5mo)Vn+xp~XhCpPbEsmp(Q0UNxK<k{oi*Z@u&tn$!U=`i
zTC5r)q%N^_YostEtO5Q*IS4=v!={GD14R1IoR6@1H23VU{A7oie}f+!AUVw_qb`U3
zCzhPR_;9?zELQd9D_RE=aSI0ddk4Nl!ic!lA2+iduL+=30f}N~)rCH46gZu}A-(_-
zl?N0eB_)J4kj+>Tj^u5}lTLVPku^!y`OuC?m}Z~5P7883)gL{Gj72xC1(N?jdel$9
zJ%Uo2<kYaqpY3|tD+r`u8V=mX`HcIz=dn7Kk<}^XZGs&e-^ei$yBR-fQ{3kTdu0!)
zV*Xju?<BtE`@+Oqa>f@z>FNDMCBL(V9kXdt)OYOI*@T<Yjt+<f-VeL&+1&8g=%V?#
zs7;f+;Ah^x_EPgvpP(<kBL9Vyg?n2O6}?Jc1{B*wJ`9y!rp&e3>Ws*=yf$l~vvkO=
zP)&F=tc57q7f7Mea<&3f6>^(Ys_zPMG#3V8CBzshEfKJ4`MTb#`v`xi<<opy9bv6p
zb+c^xHNw&*u{kQe@DUx?MNvhlusDgp_?bqPr9vUHE@53bE}5^|_lQ~opE3t5!C_`R
zZP<M{5f3V(mVJq`nA_!>N)>`GJj&Mbz$AKo8kK@LTQTYj;g2q1Q+|X#fLzQ%Qb0{~
zccFn=rBkKEfz?b9>g(Y4(PDd|DzxP)kEO7Jz0Ix7_3e|{&b`nv!+l`Mt{;@}Ub`U8
zoyR7PPS&?GlDKHY_%n+aYO#T*&iQ!kXh*7=Y{ik!q?!kUkZ$-*u%M<Xj@RK=uY1ak
zZ42XiX}8S`ZKuP-!CK~1vDMUt;RjufP{Ta=ieW2-wgN#$T+Hs6wqfaY5gV*nZ3(M*
zP;Q_e@_p@`y?&C~628F=HII)svjt(jkHvVoJl=z&9laW+BCQ%JjIpU5Q17!>8YtEO
zDYJeZ<0R*Eek64fOmF6)kv%Oq({0SM7^{=>rYLLRY&c(aMoG1^(fcF!>1J7O$9#H7
zacq%wuDX29D$#$m0LrL5a$Ez^OHc0U(hh3?<xvJpt9!{7X`Q3hYC{jg--0IRO#F%Z
zUzYPEio;v>Lh<HgdK(06jWTjp#uMW;cE;=brm90aA4b16GLrW#0Xveyf^C@Ee)qOj
z>BxfvrxKYYwdtag=ubozDX0V5x|Um)yc3{BIYNU=<AFZ8YENcHl`@IV!X;pd<z5eg
zHt)5o@5?ccl!a>9pTc+g)`!e!SQ6?V^dS5?{V?zq-1tWH!sU+%7^oz;(26E!_GtG;
zB9S$kcD>K1UR;IpL20V+h*xHm_1wl!8)O?90_t4O+$bY47bmha15aDdd-fAWsEi3N
zuoYgOLxy|q9REdrMqr(sS$`P{1e&W%qd?{`ToI`Hl9|>IX4NzmX*&2($Zg^A6HZQw
zIm?BLp%yS^(OEJMIw{cxco0Ktx;LNiEUoW)`4q_{`OWnf$+sAe0u}QQU89J{l>9D>
za%p?z*5tHIp28SX%Ra1f@6v?PmWKCs=YCM!OrSTH3!R~_TkFmLoZmE(*~ek=e2COe
zdU3RItZgUGb*9sk?oWHXb2Ff#+;uFe-v8K!7LBvV=tIffKPq{Wpn}>^>20Yb)natE
zzmi?YGt0O`nNF|dIu^julqM2Lw>QJ#?i6tJ0*jgp+q?9^o@+U>X0k-~bVEoCJp_Fl
z5w`lU$#v=xIUY{m*QlwB)MszS_QApT!kPOS;Nb~(#etFt<*fZnS*HbX)YWLd?Dz5H
zgq#*{OHM}asrrS6G8xipM(0(o17T*~1nBZF4hWG$ieoRaApR2~W(XEn#PGYM-}_6s
zQt_-fKbybnZ(ci)U|4S57gwxRqQ$HK*>_uc+=g#uo)w1#;=YdGq8lbPRQT?7??N2<
zWelUp8cSDeO(FBF>evQ8sFr~8h}gXN>3|JZGwiGU7odXsYX<G~gfB2V)1xf5H?V;(
zB;R7lkZPnKw^D)Abqmt@d7GIN&aXKmu{rde@C}%Li~5Cp<UF9G>#MYGPR0HaA41}4
zF;X_y-T1&r`e+-uGs@nBI_DGN3>jYh5_hUUR_MWjR-*_P_98DsWa}a)?3$Nqc)kz~
zLdkzf{X8|`)n8($Fk7??5#4!Lw{wNe4rLyfeozJw0ouRzbwLzmaij55W&R({pY?iA
z1Kk15zChbL+qQ=-e%5Z4K%i5Ffl@B9o6(I34XA9bqP~C~AlKP%PF-k6DrbTo7CKen
zn=QukFEGc9{kFSVSf5*Q!X?reo|>neN4FsxGaO_nu=AqwF^wfWl$cj2T`c$|$IOs@
z*24(v*2MJ)-)<q5+nWyCME>Naw>A}<*f&yFEMKITs&om<{x!nnGv$&r-r!dXzeuhf
zq7}QB?Isy(IbD^Af_3eR1Q__~?pGJwTH%k2>&>a8>|c?QC!l6HEL+*{6d5^$5_1HE
zJZDJ}ruS}R8e2CM+;##465ra!_2jZiX=(`l&1<g~&<E<gB=>(pi?^SIV!sV6O2WWp
z6tZeM3ORRQMyt;5O;Uk>>`mfZay%BNl7cp~ZPnRt3jz5lOI13=!<Mc7g0ZsILE4{$
zPXHN!eIYdXIZH%zd2}~9a9oUT3%2W`%TyQouaFGnRuD@Y1vDX26OhJOZ%@9~X#Dhg
zYpg-DMj9tSP|u5kf<l<+#$-!lNl*5rmUK3&#617BQY?ifVd<^3la~QCW)e4j@XnZE
z^u_T={#vC6=6$2yHv~v*@-8|aW#^Nj^)gkA@Ko0kCi&W5lI)pIVjV<L(MH9i0`yMT
z7R&P^P_maG#^|T;T7i4KlMab)lWek^JHhzCaKhBuVN|G5v9_f8F7@|sxz^>ML-{5k
z9y5u65N^E!(qKf!esO=9a(9q!9(fI}w~r8aQ$VOB1Y5lW5sA^%w4f7fabv@**gQMr
zwr3D*sULuCjeXM8!`FnQQsuIy^DW{XxG^CFST@Nh51+m@?uGZ&mHdY|l?}w#R&f}M
zVUx8EW~So>@wt3Js~G2p8?#Mk&JPeZeYiZe!NEQH#Z{TVW)ByyIn1i1Fsuv1zeQgu
zIK93Gt*srcz|-!D$@H!3Ji$E6aH>Y9+&4&vZzc3~Ep2?5*^?wr`L=4^iiw3R@XZXh
zex!=2!u+h@_Bwr&J3%ZPP63J2?|5hA8C|8Z5J*TW;Eq1rM|b?oHhu^7Bd%9DR4NLB
z_&A5;!1oETGXvP*@qa)t#Yrxp#VtFw+LxZIhM2cMSe6E=<xkyu*@l4FzX?B?-oGV(
z&qqj@RO5FdksSGla<GO96~Cb4(HW>r`1_-dBlI5>YL~UG&z9t`b)k!=J+jJ^#O6R7
zyZ!1n520_=jGxo=7iipER;Y;E+S(#gWS{f;U-7#d-z90SxZ3j(g9*HSYmH6uy`tJI
zx2bj_|70jw;X`hxtA)<Rcw@&+MW)EO0@L>PHlDW_sh0rqMT%W)U6-X%<dJ#A%+ed9
z<@2ka&CSi^8Qw3|1qa@33Ir5{_wQoTa3DENxp6XC6Tdx@f^&mrD}kBdXW3A?7>x&g
z*70P_2CH&}EPBXGD=Py7P#2NEfcm%7THwX3m9AcXl*-|z9aEeh<_q>`FALbD4;&59
zT^G4~Z=Rz=64|Bc%7!1cY#nTCa|ak^`9ZE5?*we&VE>C-ehq^Bo+&o`^c1)DB2`xx
zN2jVt&wB9}R)yzx0@CdmyDUr917rmqtu5~T|0N70AVP-O30IB4jvTaB9Fy$0zS^CY
zm+#?i`)iNj9VA>o0h85!(O?&VdYkF`d|c@vI_#j=f6MN0jXK|<?)^qrFTG8=v%v43
z4S!s%u`1$ug>@P`qo*GCXW@VMO`0FbhbLwP#7MRO-x@vtdk_5`Bw`57BW(?Pdv@N_
z**AmrH6qWe-7ZwlPx(m(`U;?-KNrmJQ=&uk7v^b$7?z`2!x9rE#U7JDD>pP=$rIuW
zAc)@lBkOSoHA)xh{G#IFle^k~)wcQj1G*cE7L~=w0LnBu*zz)tAwL(aE4;D&U>x4w
zz&8=4X!sfC*~yM<y7%R!-bI=pB-8mW&V(Svzl{?D1QcJJbUNRU^cnt*)$#Yu7;~4<
zD<Dr2qN_)F&1o`!5@47aHM|w@D%|pS2@BBQ?lvpAlJ8p^$fmW}fnz83H^Ty4?na@a
z68xJ%eR~9c=TLAO%|FW4|L@`a>n;X9T>2~^GL-q6QmR1Sr;uuxNmB)KvZHSXyWgrQ
z8I`Y!K~1-QU(S;6`%~0E91j5jEHLNp4$<19{Qp)syn}ox^)+q1KMBAFHU34)iNG@U
z>XXK#+4d+R-JYF(Ah#JjGkK;v*`#EUKUcYfTK!hQqp4Qy;n-g>`oE-%0K5OHg_V<2
z%Z^1QajHB2v4X>4sX*aWR!fV=@3Y_956?+>S9d0mHs_k+WJt=%!S@{a8V2^kKcK%B
zDR^AkG~NaOw_*Cr=W^SqN=n)Z19*@lf+q%@up%{y!G*p*59Pz-(f=sMaiXp6s9Fuf
zYX5%Ef3E&N|LJSNpC1wnrCN{FNEgLyZ5zr27|&Xc!W5j(Eg|GNpYZ+rXN)Ir{yd#o
zR%V?4%wcL&a5d^ua*Th6@!xIszY1V~dl99HgsU7I6OmNVvz7sy$+tihC2jS(%gJGi
z2#YFOTQe&cX~oki=NY85QvY1(P00o-pTNz8c*%ey^YYWkeORsjKaa2buI9g!eV6L)
z)zx}8m;9fj>Hp77fd3Q4aeE)jrSvPMj(U>o#dtDGgBV{a_}>0!)jHk&IH!)ZhyVF;
zo+qe-R=>lr*Ezld<)e?q3WLD=08IN?4kTcIlX>rA;DgTiyW$~O!2cZK{|q});O*?M
zS?YLQB9m;~@XyoxDEcJx-)Z+P$@AKsLskU(-%IkNQgE2bAZ#42`f$eo8TQ?<Z{a__
zeE4~6K|Jg||CgEaXC->Qy<G$ES@uqC9C%d*F-S4_gI52U?gC@fcXai}_`f{8`{z2~
z{qJ;D5}?bYFh+tZ`seGop5M+6R!sW5opIl1JpIqs_CJPJiRX3*Q37F@R4Vnd+@cTv
z84f#e$eurEA^dlicwwUn#Ho>!8{EG4@+1S-{+5JpkNo!qT`%)B4IQEw5xK^5a{<;>
zYq^5NhT}?u45uf(uQj=+?Bm*hR8ZuW(I^JZ<d%PW-u?Hs1k@=p@rY$W5Mx+zvHC}%
zONj=FfPf&%bzazykPQXn&;9-RegFHgEhT^Rx-v2K$5oC)RqertQpKEL5H0*ilDD4}
z+^~t9SmM85u?`oownhbWRUw#gDA#tW10PcIk3z28Ix;9xiQT{N7ZsT-?d+T_(ZIj@
zw<U0Uzn)HDR7Mr<7VhFf=<`^IqC*GnJ>e4yCgjX|@#RUMaf-VTwd``O!X&*ju-bK1
z?j4ZjUy43|uDsvFy_1)rY1Pm!k7ssiR@@*{s9BW-1YLdu6jhX7wWvI+y~m<zN_0fq
zsUaYd$C=gbXeidS3HaX~9uCOnUy-<<dNp33dzj9gW`m^TaKE!SCkN=8B=cQtDpuTl
ze?X!Dz~r@2gueYoVb#;XoGaIzhS;L&d5MaY=x7l@21*>~tfa+K%#ukB<p(Ip8b7E$
zr?0?W;mys>9~F2);V$dq<8@BO630twnO=bI7oDe4C;@y_GZFef^IlGro8%wo0~ILX
zV>WlCO2fgS4E_fAyAS>!zTP@6s;+w*R}4x)YLG^dj-eYyy1QHHM!G`~X%Oi~nxVTH
zMH=ZI7!Z)|Zg>y3kN5Zaz47~e_~TIfoY`mZwb#1VTGyrTwNtzKekX<Vc&QNI<qQ0D
zYbx`e@2?hO-1Y48SKyiLr~~l&e)%A+ASf#5is?0rWP*a8h^;ZiRc;u86LeTz)I2pL
znk?HAdP@t9*O-A^cFIJ}yBnP`?<fjEroBRgj;q8sR3M3<;Glb3gO?#BPZPCPxJG+-
z8X%Ry1RNFW)il$5%EH2J3r*zD+C_fQh7g3zb^%f@D)U9ERtqx<QZxJeDPid$1i;JQ
zvQaMo&A{aQ!SQCi5KC;4^9NpkS{gB*zScVK)SC^MYWnkEa)*M%U1u@(sRO%R)I=fv
zhXRZR%^EtH5QMN>xu1SpO?}=#IY;+i<Q|#gB{&li5+c>_rm0Y;tM1`>JJ;&#a95Yc
zthfjJrPv~sg(f})&C3w%AKf#v_x9Dl8O9`JOEX$tqJ=;*ebX$GaX{9?htJ4|2D>lZ
zJ_^Y46A85XrrQ>@tR5ZTZqX%<-rg)r-^m_b)wg*2c{tuQ{(uP}{N@N?Hz&J{em5Dl
zj6SfL=!xx@3uI<$Y0*xnmkw<bQ;toSH;V&9Fm55gvdGD+MuebW-p!3_&;mlwZF#`z
zR&!O(@7Cdq=h}{sNR&0>z>y*RnncxssS~jfT~=$9F-x>IgcyqUh`uJ%oxIxfGa9Td
z%uGz{*Y|b&ZnX3yJQVK)ApBElJKBY*Dn$|=4@})@(r1fpSd*jS0K^BNrh_gbyuLtW
z%uzsM&;lrEj7v(A0^qc-c8F%x_ev}<Mj=V#u84df>?>}Oh{-B$?~o+*hyz**vNvad
zIGjnlN~?AzR~lz?!S8{-V=tA4H7!t7o`*!&{C<(5@8{1f3=+Ok0JgcHs$Zen0*Fu7
ze_%q?c6!JRqtrLKftc$WsLqg}NQ(QMoGcCOjyyo%OvT$<fAc3&B9MXs_;TXiRqFi#
zm3wL3dOKy06EZAqUqD33hARK5VKa^8NOn+Myh~gHv%W~P>(1y*1>o85Q+zn&dblFa
zvC;(n@-Z~g!1al^_>>Ab+V{fpOA}2qQpea~Sxr#Of19d5*LjlP<X$RywhH$H-{XZo
z*oEw-0}7{jNA0@@qD9}x{fGSCrXeeOVPz^sUt$uMK&27Ysi48kEz5XX%zGPX@G2`a
zu|-9j04fIbyS-(t1R6h_;q-Qz0A4DKW)!o~69cY@r(Y}i(jZd|bfvvcczASlv<^sh
zx<bzZwc12%Z0xWBep@)l<rxedb}fKK4X~VqW%!)()*a%Q!dETpgkFP~C@FKa{LKM!
zJs<}=-s0gjc8E<EAXuqDEAqy8e?lwoxnz3>yw-YbJyAl{7-YbQ<|ud#n5bif+p=7B
z%VD1u$iTHiI+eo`+vjLtipzlqI6?L?9?HG(2sYL(&f|G!Bqc@roRmxNIUPIYkComB
ziv5Y43G3j$r{`bWt7d}q;;Gv2>gdYAHyhaBZn_0;FU9#+gAmKXDj$R&WZr$_!OS?#
z_URss8-><F%`W30bb>b_1?t%X_d~e{`TH6i%9xrKV&5}*S3c7(6U&ik6&pyY%_`as
za0le0g*L7LrU45;2o(@u)}Z?7lpk|`?(RC}O#(nF=^~<{wqYg}=SHhPlf@r9wR)bY
zEQ$0ASdNN;dVGvk6)=b!9TRFmOgf{$s*?i>#x(N_sT2YlzFch-kQHf`&&S2Zbztgl
zI0Ggf%HhRoQfsAdx&P}GP@$JSx-vxP8dT*y!{&J=7|w5P-5x|@7^x1;6u2<Qez$&K
zP|9?=#U(#gq#A73xB@bLrL5~5_iRZ-mr*_J+k2pchs!hqSy))O&&8F&_r=7T)FJE=
z+G$$D3O)tA5&;^2RN5hegigXR9O{J5gRG(d%W@Qb(C$CF7^MOHeaQPehdugXFq{><
zO$v!adxms=jojt2UxP3DDLN}DiO>1i0(5h7Ri2>{e0V<;;5=P=^jhO3#DtN{ePpSO
z(1Rw})!88uGCWqbVaFGM<ZkwJqRGZ_4S<OpU`6|sos&b$eU@9rXR)U-orjj*!x+%Y
ztl#vxfdPcI1QcU6?&ytuIc@JKhuxBea<<3CY2XqO$$Cwvod5zga{X}0gf6W-Oe3oM
z5{$6Q5SBbxl?#>g)}(x+FNk}(EWss@<oA;gVR8>}l<<zWMU%8xhxjG_4|SAz>ftg`
zn$xE^(n|zpfR{91MtX7&TlkA2HQe!tsoDhijzoDZ8nM1&{f7GMi0l_lPw#F}@Ki3n
zdNH8aE3{H6O!^N)6$&o!`RSA{m&<)~U(<|v+#+iZzF*lcw;o(}<#XE=(bV_goUkAM
zw%qiSemXHh0&>Te{KUS0;7h-AS~5$e941OS;IN`-Atm{vO{*@CMF}UZtF{yp|KGhU
zz%fPo;{VU1`3nfH|0Aw+?~S~9@M3sK_Texd%vBh$2-Nb|2DS`&HFj<WJL;bymk%4W
z4IbeA<}gme2Oydd*@pn0V+cgq#W1)iKd^(^JAfUu{^Wn(clRUz^K~BU?>iLc@y<_0
z@?JLR&zET^u&wB2eNH6|7yAgx(pnuzzDBW$0E4kPW)I81phbSn@=zT^A)81P&@_5(
z@&6NNngV>r_tVYhOEKc}Zv>o)1$-tUYw|Y?pBT(ha2^57`Ssqw!-^RyiKhe4U<QnD
zDv@{HEu5rvJH#sSmmT@vC;a!~^zm`H>reFA*zc_W^BJ{J*4OgFx<nbNHJ1F|ujo~q
ziSwVmw14vY^Jk@K0B*~YXtSD-0qAE{pXB<#0w9s|zz5V>*TTH}Z~&y-A4K*16F&T%
zkALq5T(nVV8P*sZOi$%1L;l_oaBl&t-Dh=&*x_cRZa2zqp2Fz+4^##$yCi?dkbFHF
zz|}5O1V8<&+3??k{<+To^I1}tgkS$1`2osjUjwKG?ORr?_Kq;u0ptIiIlkn;=7+q&
z_(n}G_v~A20Q3J9n7e<){?VxG_&Z7Xr>qug|C})Q_fj%L1!jni{{c5Y#yg6Sp>_s*
zw0{{4qfp->^|7WNrXjsE@(^l%N%TL@^6#qobCHDek2SFwM6Udw4+BgDJs~Oz&MUbR
ziz$JwKaTw`WMC2wAN_t{gVf&fK!9!?`~NxUdD1@%<{ep}#L2&-nkL*Y$m&P$tCxX#
z#r+>02Ufatc`nUIR^<WLBbYsalTt`tK=9)afV$6qA9Svnjp)$<pmQbAdYbY#a{PA%
z{=N91LY}oyZDi1Z`zuHK-ygCGzkz_`LkB%8W9fQ(oipx2St@nX=^ww##$U|-D}+*5
zc)tr+hXg)`;vKaZkN^9$|Jwy#>YptT=0o!K_}||}0dIh+o43zAY{baus2PV`jxn=<
zAm^`S!X5Uv$8mlh$THS1sGs&Fzk&R}0@pX+{QfMPt7u-GKmQGEPkPO4>OjJg4|&K%
z<ONy8&rn2Zqwc4WS<yodV9+7+OMA1EVUGs9VS(P4f1#H1)cai^FTes1WMO3)eB}90
zy6fL3{_l(1*MD|F=J?1Tp_(_z)Zel@KvNtAaB1bZ%ydPfw%P3(9#(*$K80JB-u0Z{
zZ6_bVT<}woLvQbQ%k`|)M!gvx^)1H-IAF>zX&wvyjY<#S02Y2_k+DhWDGH9h`6ulE
zzVrX*T50mn;%445$G-XVj`z_Y2GT0muZ8hA3}-!b{&6z3k)1!ANqr~hcf&cs@jNC^
z^#0u{Y~@WsQE(UzU}S!Tinf`7ogJh6I2Hu|G0uHhfG-oD6T8u_1PHY}1XcY9#rbPC
z|7Rz>;eGYbR5YZeDLwl`Xa3FYv7A_F6RUY=D1{8J!%}Z74IL$=Dt`UUV2WTc2y9@4
z6C5~tKM6AR__y{5dbu=#3^;H)+~N3x{)0DU2>=T~%|oD=DjK!D;|swnK#=VJy!k&r
ziQ`84$7kxFP40C6vrJlKvR*1@*DRN?9Nb>rDWvne<N^$lBQ%+}Q^opXrfrnKy}hT9
zlmUO4j+Hf(kkbmF+3rwMbLO~@zLb<IthgYMXocSyS;mslDxRKC^YVAU0)lwMW%|wD
zlT5`dF-+8TUaw;4?+>DR^U^18J1-y3km0|1fI+7JcL`^{002UvBI5X`j6eeA(dl@W
z@t>Dx>i<Se>@gr3ANL_6JDmI%1nJe+ued*P3beIXi|=lxaBBYB{3;PY{KtXrR2Cup
zXAa(YyjG&j<`d@#%Q|);=)@e7%@(u#-ME&KpW7jp!t2BpnaNUl?kY=Hs|e68uK;y>
zaVnV1T(d3W=uo{zG~1b$4WnEfFQ!=4^|{9C8rv-m8pp&mabQuTjnxuk#b9wb_poe^
z<RFWSPdJwD2hDXynT`NiU5m{cy13XK1h3USuz1joI)3}4!LiMsnCP$Fc&La1*iIbJ
zgeuz{%0f3i5-U7B;So-&!k(NbPihXdFa{uL3R_X0XJ3bpNO6D{{yePk&yvZ?##)D;
zU=y;ue=$*LkS-BTsy^~5`XJy<<zt{gLo{0864RiuH5P%%lpTb=il4e*7<w;Gu@TZ=
z<ghG(OF$qGlzQfn`6j(&xjDi|uK6!b(G<Y??CyCiCQb8LP2{I<cI7|cqPy7_Mo`)O
z#kSTSi^WY}uHvGFJ<CoXI~!h%4<493&Zbo+bYDKvjOT2ThFnXH<qxpfSK}Is$GIaS
zxr<2U2=4^r>v#@M>gTDnad%}5k6)U+x<DTiTER;J{6>a&{lZ+gJ)wJ~LYs-g%p`xT
z>p79dP=*?x^E$bysTn<b=*7haR17FVtjf|VcD04-avKcT)><J_jI5@VH;j}IX6<2L
z0j$fTG!@XI!Gu(GcC5XUJ0{dp`@25ylKo*cS$#NL=by<vX&VV@-@P+(cqfRC1DS70
z$H=G>kOC!68Cn9MS2zcp4)ZbeNw8{qooJzi7>SG_B+wCahZgfk`^z`qz>oX-*9yF%
zGdN6oUO)|DAC_Eyee)$eS(1XWh*9QAlJn&9xonRnQRIkN4)h5+zg?&t-I61)(Eb=2
z4LQiIElB0E%iU`ulMKcrsp`7$qM<7y5WMbz&<Y6r%(qOgNoV&;kSE6Y*NFE)9#*#D
z;1J1v|NiPa!twLrkwW~PaB74S%;M~<<^5PLXuQO<YI9`i!fCo4GoxHy0W<s0KYPFV
zMk_Nuks5~6$|w_8Cv?012$cO~L^0MczsbP?7Y9eQ;PB95Z@#s!_2|Q+Jeu*T0HFb~
zx-t}`$d#7bh44-<?m6dh=wNc&%WjqrYhOX`(zyjd$jMnoitrk~!4$}a>ef0wxw-AO
zw`(>5;SVPsP|QW8^A%qT-TXGz=?MSWiUkOjkx@q#Xhd@cFqqrF5hwYNQC1p3J@-O_
zw(KiJl}P8n3zW2Kp<JS2y9h%PvUJESwb0oy0b#Qlj_sh39gd+6@-AS2HKAfBRza$W
z9wn$oZI%2~;vSD!konL|hx&M6h=eU&u7*$Ir_9*84+^H+E=6+W=1~@NQ6kw}cpFCV
zc3Jxbt76frqH(3se~0|uGR$wlpj5+G%>0=zZvU*nsQ~?YbOjiMw#5L=Q1$ux^~{(v
zn=z*8p0;SgsOrtA5aB_@n}MgLg=T@12}j*_uN6#p^U_+kXwQDR4$(7<=E)u%Ei=gh
z=tkaF87xCTM62xz4P9~U9_na6-)ot8yosuWR6jqK+T^OJ(%LT=qnMMC@umQM=&6Oh
z;FiXYL?m5_Mucp<$u2^)F&ST<taGAN_H6#j&7c+0p)&;Nn8%y?3uL?pN3tAtDv#G#
zW?NlyK%xr(YkMzff9>HkQ$-0PjO*eR{tI#{r96h$?1`b`gNV|3GDOkW5*C8cMgXqs
z75ciPgcKhssSvoJOP@wkvJXe>U>a{uwTI7aohVIMxw-Z>=W_W%W9gWI{SW0JPOHbt
zCe9oa5h1zl?IL}G4rx`<q<PimKHLUZZDI$!MUIPUQqA2}Y&+FFF2sWxxmM#S8Xk(j
zO;m-2d&3t6N&Lha!Ba9WZFVwfK|k+!GLf%d=<`c7QV9AqeRhl@sZ~7Psw`L=Do+<T
zCja#a$t+t85fRBVf}Gs}P;-yW+P9XaGE@!p@+xEk;Dqh$?%jn^PL|?he{7^q$84Vk
zVr>U!E<>z+1u=Ksr1Rb8yKF53@*~)tk2pYv;hc?3Wlq5ImK@>Gt#4JfRa8I<ZuH0D
zRr$gcE(OF$86r5vfb_;=c9Vb9o9_)Y?S}^+L#ZCHNrPlV_griZ#p1Lm>zFyou0GLM
z+KwNoz3-UhiwMEV)T^T=XQXMOmy=T{6hC`rA$wvy!SPDOdCy#x_A1WrqfR~vN>)!4
zrmr~G^Vz2H99sxX7&+l~U4_8U)Q;`<E41QNskI^8(N7LTd=oYW!M6n+T2X9kruieg
z$(ds@oPNB0*h&ZKWF(S{s7$3kIu{2!&H}bMC)4=+!pbgmmL0LUV^FZBVQ)SvmiVr&
zK+LJ!-N(TL58-{1hi+wl8}gAoS~5+?sL(Ob2bn^%M{XI0Lc}^ZG&`4DK72m(EFGI|
zlu~MhnPm1+1<1NGEz5(==PSy1zVBQTG+E1Y7yPc`F-QfJjM%y7o!L9PX$tYZ$Xf1(
zu#b>+KJ}OF_JE(~G~AhQ^xyqNt=WyACbK`jOCHfw3j9=CYTJ4Rw~uSu%6>7FqJ-i4
zRPgXwCx_kUs8oVHp=5IcGp$NKfB6G4E^i*H*IFPtM%}syp{rwv_~8ZR(h;~#4eU1r
zpzy{Lu=_sfBgtxuKvXda@#@cs`08l_4@vK>$P1Ro*r~d{QzS!!`OeL}ss0<enEWb}
z00euB*>;R}VgpV>M@P4q9EbQwwH!msI$)y6&tY?X8s=VX=3Q!;Ix*Yx&166hK>1-a
zO`0GA;w19*-QswgDn44d_W1Gu&=+QTvl;KaZIMtNGS`QXODtCkuPaF6bC^7wVN}zt
zdRulfJwt-kuRmHH%~yZXa&A7-GP9}Usy07%p!xey@bXwwL_^ZX<yy#~qSgUH=u=o%
zRiV7geW)$qxc;Ejpz<d*!Vozl1LAjrv*Yhyjw;3(nw2nBXY##mN1)VBGZaUY?CXF0
zWIniA>K|8G?g?*ME3)-SHm~4mwB)^{iSujyxl_Ar8xVVU<(pFDf+$?IoTur(gOC6Y
zNdiEAWFlYQkdz1em^bXq)R1^WU&T;H#!aof`d}VJ?R!-!eocoYqRp`tNiHIZB_Pvq
zq7lw-r?@q7FP};K^`FFzU}+6w{8T%tz2O7XP+{#Y>$O4sbtpr5{^fH<hOD2Le)M~<
z<x~0MsTFT~83`Qz*mxmoAV2Ce7oj`Rk9h_cc!z^UAP;21ConGpt_5ndIdAqKQoUf&
zU}U)4<ZQ9{+L>flmzmHMYnaf;yy;P@N~C%=ApD$Axf;K_FuxAQ_vvs<WuomMy1|9C
z(Xo{ks&=Z6MLqefOkocJ&!i9~DSr{fa<F8{Xy4v};dciX=i2E3Ast!nh6^%d)Fib6
z;B3?SAmmQm@~9g~>>{Y0n-j2u1x3`M$YUcU{gyk4Ag8Og&G%HUOcMv+?{ZR3R7>PT
zURGi&T4_L41_<l@Mjpd&XZa_Mx7{=S`KMrMFpM)lJ4z)X-S=N$KcGr0oA`S<1Vm<)
z(`N*GZhYUYj?dP*Q-5HhKF`xM@QBRLVZ!;sZYEc7u;91mj027!77q;#eXRlCy}Cju
zB%;SfL<_N}rPLPo56PIXA6&sO;_P@4nD)moO&G|zbAj*3$$}H!bn(FFdY+?T7Hmz>
zN+%ar85|TeQkW=F?Ul`k*4crIV*#(B^X)#IxYI5}_*|WitS1^AdtH5)eyirpWHnZo
zv#DdX$qa8cPn>F=DG^7jwVVna%!B~C8`m;MG4x6S49n%}%@}}Z6=j0tdz-fLf$byO
zL^PbWGH$f5YMmh!;Zvqtoh=ec7I?z^5bG(xsV%2Yf7UiYH0e?Q;X!$6N%Vs5js2Jb
zXo2IG`SDnd>9QwZ1BB_@P?{G4M{~jl`MFC`h1P!R?V3GvyaQ)-2o+G3ETe7X;&ri<
zjjpFxTAq8&b~n?es!8=Urp5fcCEVrvug^-w;@;Z+TyCps^o;N2EmTxy`C3Vb@ayF)
z<<+%68$G-7n0NmHpXe&YJ`*1wP49GkHRq@8UTrhtjr}1f=hwzLgQtg2E8kM_@`}Ni
zCa(e^wb_dOl=0$)H?=UQD-C$1OSOCx1Vcd3?{=LM$k6&>hZuc-*I%5<k4v+fpP603
z2MTXLy>ZlxvnY{#Y;tN;^XWO!aIB($#8(02Mu%nU%c(0e!tiq&*lS@!=?$T+B<aqm
z%O%?RT(tU}mQq<Dj*j^0e7PA8wpgYfiZHB^u@rYhIAM0~&jmfUN5jbza#&$}*e(|I
z&<`p8&DNytMzVQYHI&l$JkY05F^%VyQgEQ}J#O=+k?KWZyO@LZNR2id45f{Bi6!G>
z^|pq|l&e9y$$Rxzv38+MIt0~t%`m4eiN1b*bsN&Fj=B-7V|sL)fdF=ZB<G9*9cQZY
zO(jR5oSalopA@)~s8we&M>5z|<-#@3e5{<IPSrDtseU|yn9r+Bq%_%~hl!Cn20C7G
z^KiCek3@~XF`B;mz^g7l*=IW6dw%3b&At6VEL+|TLe@a}a};<wua?vPVD)Hm3u4^#
zHx4_&+S+LhKXXj?7T$PhU)>1MPo?508{vWCL;0-?gD+d{O|8A6i_8wANsJB_XX6?@
zgw)G)(wCa`q~+tK*gop>XMR=BoD=UpvpsZ4q_?@*)w?@sGE^KWbMJDzjUvspg|&%m
z>*7O~r%!(rU92c7PkcskX}R5^IiDM3IP<=_xHzExX<go&0lc&_sGRJqtg)d-Cl$Bh
z2XZ;waF>zoGP!nFS5#wfJC&Hu>w`}f<w=`98NW+!HOrObp_=7==*BXx(W^(o7Zo2;
z99)VB%SX9C{eJkP(6`u?-fD3wbEMa1);vB|TRSduYnsqtwr*#AQIb@BQV$Is&2qdj
zCT_8#x}Xv>W7qF+V{Lo2jBiI)HV2^n^U%?6q+Mt;*0f3)7l{-%Fd0faZJz3$D3W!v
z8h<T4(Hu}}wJVRXwH2L{>7p6eWX7$xKe=O%U|3dsyC_qiaTE9Lupo3ntJ|OC?!^mP
z(MQ1s3Y=iAhQ6glZYQ%#!(ZE(BiVR<FFt#GW=42I^SLT%SqG5YZ49GDeKmut&J6>+
z>%%%B=AznUFzzdGI}cV)sDGP4@UT*w#(B!f*Qbyzmz@z^60=;ge2!aRp=2)=8iudB
zq`EJT)lrtj*KVF(DH7|odOn}X@XieBUmsv3<^KlTdL8nu+_sz9<~xf9$sW8ivd;cs
z*C{lj9xyDET)$IfA&yC#Rq8&dy4?1;g8cQxKIV7M+wjQEif&R=Dnz#c;4Xr}5i9zl
zrl%Qi$(GKExvXPKvRBxvoks#F5+s(Fw&-NjzgQwR@fZW<%?%?JqXh;1gm#GOkw2)s
zR{Fv-Qer*-f+}UAcp1odvo&2;VO^K8MXxC_?mc!+0oM(pU8W7Jg$u!_EEn*l&w~3c
z4T09^a~0JypbWa-0?_Aqjc#Q+BJ3cXVYxX~t_Y+k^MKrh3c#3PTjiyiq!rrgelcK_
zEs%Cb#^T@Pw)OpyP1e&|dqYAdgQ^g-p_IHiteJ@MZe&1caR>cdH=?X!BAW078^|^W
z<SV4N3yqrd{vNI}m2J8?<sTP2`P~Z{9fByjCgG$0IXLHOfP=Huu-cq+5@5%O839ds
zNLG*1rRrPte0(SGdWNOi&GwKIa_v^d6N95>Eb-3hY4dMhTQ*^al^^X)0iSJCr;fzR
ztij1-3JTe;PL|}5*GgC%;I}`HM^;JlUCtRs@!l;hFk322xmg!Aoi2{Y*SwYe72b2*
zIWps_qbK-fso9{k3VioVqEB!g-jP$ib54=T-_FP+$JoOw5^hi*;u+y%?bAPtOUZ1<
zYm?0J38VDz7Tv+v%hVP&KysH2XIe4+?xAyZ@yOYxpwu*}D{!}<>(QS24>;$_LXF$*
zT_5~KznmYU@m6=?5M;QJpngy+)SBveT2f13-%jP1v#KdrzH~ZxrP1hI*XtkX|7yQ)
zdI~6^^R!Y~kDM~h(Qme4B99v%dGmsL-eXE|yjT-FF_G9Ek>Bd2D!W<7iO_8qvJUc{
zr`x(YV`m;)<-6OVmf5t^);d_@2dfT#4a~m?3vW3ZY%bEY??>Oyq*2TVYA0$Nwha`$
z&RWmnC&o%ja*jEg`{>Yx=Z-oJlY#|%jw-rmI%Det<cthGJ8KyyTN=)-yT%u2gPBG=
z*hBhxDjgGtCU?1QwXBUdgetXVt){-Bhi-Mie6L1Q2NJXri<g60D#dbz20s6sQaXI%
zP{RRW#EK4@A$>$#b~3#-a>DJ0o#+#s>XT2I7qFIe)B=)&%9grRC%X+NuMFoJ4>Wb0
zOJ9Phb$p4o&4kmm!jIQlDwOr;L9#yYYG-<?l*eA17AY-hFd2$$1Y;7!P8glHJqo7p
z4{dv2I~!2?nrl@^iYFz$sDyG7N|K|;Cp!l<ouk3m>*HQIE7f`Cw*E~>r@7CyOlp(k
zsbaU`NI#J_;aMkAe!~jrtNU)~a!nd1&eCG9(95C3hS}3q_EsNVvu?n7t>(i*Mp_B-
zXIK(5495<#WV1HS@E)a*@?PpKprcu97*aahL<HM4Y=G47at{{9fE03=Z9gqa+WrlX
z4h!rUG);7s&A;>WrL%!s-TY*pWq9avmyax^L`0U9uVJa^;)aNfx#og)a&nyUnhQk$
z{?-IkKXr4wNOYoDeM(%a1r6X=B6IF%s)zF2AEhENEx8CI6h*-sM$Y%Y0=OeJ31L@*
zy3RlQaWpl;sQCf(aTecSS~cVl>BA7@?u&^yz#R`RR3GkCpUIaey8SlSj_DY0d40aO
z4rCu0nfXWm1C-uZ7Xp+T(Z$gAaLO;bZb~O6X2kiTu6F81?xq%c-ahedfu*FYh83O`
zxYT@ApOQL2c!BP<IoO<bPCiuI1%iCaA{G@JFVpd;NqLeb&%ipCI>9gsz>78LZ|~S*
zM#1S;Fc8~1GmD!ZnDs1Ba&~7S=@pV*#<!*W0&|ditUuDp##?VO>#I{aHW~0MQcy?5
z#)OtcFh&x>h>%E6?NV-*sEotK7oRCWvjFQ_TwBg?@wryHZ#`K0bXgS@I?j?$-6`>L
zl%Q@iDZ}YY9dS=KY;qeYItn-Zpq9IAC(*zl_pD4k(@5te2gP-RNTZ%0eUM*)=G6Xc
zTFrB3lN~iazg?S3LFh~t9+jRW(-X-~)f1MB7}ZdP%)Weqx^}nsokMZ0*6J~b@}C66
zzOp_qJ-~{DE1&G^KudqhJCz=I(wq%rz}dH)fJlf66~|cTq+qhXE$47I{fcuZ<?yS#
zhmTT@*|Sih>EY@8xdI7#KJe8Gl7;3Bz!an)WE0=tB3{BcR0;;j!&dIhUY+&W!P%Ep
zt8*zFCVu1;z02gMjVrb2<K^+&eYR5hq&2P8Iv#z?$^55&ubY<@+mj<+o^-D`Py`b^
zdjDg>_{E3=R1nK0tYM5%>gvR6{^xayl9Gx3YP@7Y6-LFd122ir1we#?H|2Z|q5W8@
z3nCuMLX1I_DMob$nv~sJO?Fj5E2MB~FEhXI36SWd$wf;K{i1>?82@#v!%cr<jMMAg
z)U{R<tmSpqUX8LX3{3B$Y&NdJ{B*xId%3#ZX8zmt+_Jdg6GC-GI8vK}dzAon9+^1j
zj+{DlB1<*d(%IzZ8DCX?VdqyfO#xZX^CRC~M%~z7Tbly*0|6-E%Ww>3Y2*u?QP3-@
z>>3E93ATGUwz4%DS)gg?rQd4P)6<h>p6MY&!#g+cJ~n{s^?m7+iPc;KYS7d(&GxQH
zA}(CI`nzurFAsu4#g|$M7Q<K$s*3ql(s}xqo^Oc8c4&o#JX^fYG)KoQ5^r*OyP%wM
z*<8A>VGh+Vpsw8+{>+p=k^j-Nc3sWj;m&NVc(WVHBL4ek^>n`SnL6b$fM2GbN_+|<
zXMdmEh15}Tb!;R;Pp9QAQS<jIAG^<dEhBdr=|rktxAq_mG64y{+o~?cUP8B(+VnyY
z#OXINzqH?VRSMk2remn)q)_+=+&L}N5@QD<q3Ub+1KrMsNl}-fp<=8_|B<g{npCB?
zkjcn<vsDKj7B2?$#>1i^f82O$RHx~dMSmaVa#AnRBwB`sJ-=VV6Xigu-6()5Elvm}
zsLk}3w?H*w*H%`>L^0<zRZdkD?Z>`Sx~x7~il^6QtnR6vNAsO&^mQ3A=W^pK4sumF
zb$<6sz1SeV!)o!e_V&tFB?VyL?=C;;N8;52h#141U~)V#cLJW@Y_*^D=j_6+WC1d&
zHEm_tN$cq(!&7mcU@`){fg!U5^K_s_5acjRe`HLBnnzgCpj?ukzI=5=YEbhf+3q&A
z2VR)ywzM^|W?nJ~oy3#Hce)bK40Vp3Cx!v1i9SsfMNT%YjP^1}co4Pk*FpFjXfFBo
z7Pn0<pfkizc^lfkbm9%_Tw&=Z5s=h8p6MaFiT><Lq?fk9a>`Ca6MRa*cu6>R+?KWn
z6zS7bGR;n>WQ6ot9Ub}F&WABrU=fDqwSLii5F8Y&8Ypo%OCA8No@iI4Q5*$GiO-V{
zUQ*Rs6s7Pt_(8&_WHRi>e4NY~e55SL6z~u=zDy+iDI1#avLhRuQNsg$Y^0kt?}Tx?
z!l^n$j=wx{l8-qtcAH{T^iIP6Ria%vo+1g-=CDgCj6$F8tWG8}I5><QpL4wZtu5Tq
zE+H$K&b*;O@ig9AlCegHG)K!}zGTCj>9@`-qn%_~vx0uJt}lM&OS^;XMk<}7Gn4Dl
z#4v;TZEp?*8wsW_x<#+Gr>l)NC{E;T6YBN52h|cwKlXcMvaSGqKAM^&!5=>sx~=kh
z-%Yos?~ze|!izWwk`&wD>+RaSeRZ}pH>U^hx63h&QKSf0r%FOVfDo}u=q=gfKFWvY
z9if2q8rNHNx95c8nwbl=Ta)<TXNpuMJ%8Q8ioF80<Z#iO+tA8kC(PpeKAm{NnV`pg
z)nn*G2?CJK;x^gVCUDhW-^<r9{_nF*9014Z!>?8IKNB!#-L|DdTRy)M5}Ge!CKYi1
z?0R@~lme)<lIZHhnX4GLDyXZ7<j4Is;YxOxKWi8Jz+(1O3sAmPC&rm>-8J)l|K;->
zTaaDD?Ni?*s62%NF}qnDp$)3fnM@U+qkV<6FSDj3jfHgiX#aR@5Rt`q7`*G*R%a3)
z$}Wui4WP04ii*=#05HYzsfw)tjRTknzq?1!bRc0Q2Dv$o9W(VwW>vac>1WNc11f>P
z-50?>%Hd8h_!u;m+ZCEXHaR;3{n|P!ob%qnaFaRXZJ){$S#0X3!5>wOocjCc9$6L%
zEGF(AR`{(iqz6EC3~=H27)!mM%yPP+>pS4+Z10RT!GZRAaNSP+Oz>!t=ZXwRi?2T6
z2>A!QWG{!R{x(uSVtg982((gR7pqS?&8%52l$(j8Z%F)Dy-4!%*R;lt2L~y;ZS;6y
zepe4<LNE$`%rqYN+zpJ+l+0qt8*N-LG!-rH;oIhCCeG@-@IK0K8|UEqQl<T|!f5Ip
z;dp*bZOJ_EAW~<&udc)_W-<g>?+dQt*|EJS)+^zrkb%<|XFK}LnF%iK)bsfFc?t2y
zldGqGl_5oSmWga!KXW4&V84{orrn2q#@)XOGRi=0bPP%kc650@xL)6u$$NGq!?Hs@
z+1f6J@$)np6O`VxQ}7I5$Y4{4y)T*=u!nBX`g+7-FkT4b*V<XroS79nf@!f5IY%of
znWLue_JBl&jotU3hyz(1iSUn~s3+`pzwXpr-w^HOgcEny5y=cpo7&e7hZoOBBzO3n
zbU6%-h6d_Jj#$CE(N*u$S$w_5x~Jt^;kmM6Y82r=rvWAF13A97Or~yl5Z}%xrKA3g
zd@GsHR*5~q6fy{oce&VP@B-J{ZZ}-g1rbzA_Il>5ru4FkA(5qguOIb_%BLBe;-dmg
zU_4LHo96xnqA9=GW}$4I0j9J1iMyNTq6ZBq9L*?-U77EDIX9~*)x-Adh09Y5RpPB&
znLc9|*j+4|rk=+U8Rkv9{!p9i+RMms2C<|Bxt?7Ii#?$G?i-PJa}gut(XQAhyFOis
zBY3<|Y2^o`qmSpC?Tc@gZd*7!pUpH6(=x*vG<=UDr^5P|9N;8w^Wv=@oHZXuz>!Av
z<dzs)-bTMstVTH|-!=KPPYxij=eQNXC68pMbetD*0^<uSr6?pzv>Q`z_r@AAIzxYy
zTPXfuuGh+9VE{Wgnc3uKc7dy<PbKcatt#-{x2okr(=c%OJn>Dq5C=kte-+L5LO<1T
ze|4nG<*HD(+)Vs1RCXOKl+mjJ15!@0Ay}F&S>F@ujQg4DoG1@Ptbxqn_*W+!b-U4q
zP7c3Q&=_9}-p2EHM!4uN=Y94JtuR(mn#;Uy8_ioM1PeAjP8(x@cBT~pf%iaC!&j3>
zJv5VT!nCqCPqV6G&etGf=q3|(-O)bzC5Vj5MSTuCd|KhLfp#*1jSEc>LOfk10eywA
z8uQgQ5*rs+ROZnTom;dzR4os_ji!Dpdn*UR4PlVFs%lCbPwE3JP=&k{{YYHZQ}R%^
z8^3a<iL+l_hq?JNzC$=`h<e3zgS){oaqi<+Mllj|WbivKjs!Z(g^7d2*K!eIWu~?7
zKM&qOdY3COccVmok0h#*A6km)*=Lww^?&g3lJ6$N!s>K7sohRxc1(*+A8;y6<~k^=
zF;*S!M)pB|wz9>j5i0$gP}VBr*}LrM<izgH=9A5SktU0RVAu0szPDwybBRCE2oR1k
zO(C10!F1Dv33CStbUi0?IrTF@Yska;nqqjfW7l|P-VTI8GF?6w2lvBYZz-L1A+Kav
zrS0iIqe5RBMfIJreKx=DH}<-YWr}S^tJLN00R+F?uzJ+frf#fy@4?9pRl9Vh4NW`W
zmC`pP*$r57gUVspMAhoGfqKa)JorX{yJ)7wu(@y3Y+5L@K1#RF>IZr-qfs+(PFKZq
zV+E6*X`E0^Qi5bTfAF&B?~5F@VD~qq3a|QKVbn0@&sN%^@BF?qdpEq_KOsWyh5qp{
zqsr~>yEj5tM$t;;FBib7r1&%~k|YTL@Ei4?)jY1|N~!j@U6@xRI`|rbXRP&`0jX=l
z?^fqGfy|WsT%UKnmQ4H;s(aZ-@uRgQA*boMgZI}NhYVXQk&Gw4?6<_+@>XRSE4-eZ
zx{Cro)_y2|cA_5oaOh3juBktnWVlP@Xv^!_X4}3K8ZUQsw(1DOQ+C4v$;fEIKJAfR
zrxgYkT)PNP2fXp1QA*<((ajcn2as-&HLa|s#ucvuowCZPxREww-oJ!0g16rwV-V*i
zO3V&U5FU9L!#u)4*K#UBbvCX87P9@nacf!3iNHKeJLF4Zs8rfs#}bfM04KeqWAFcT
z=mXZkvOc<d-@LYq1000x?6H10<|#sV_?qSX#9v}{t3q)g4UVJ&CMXEc{v843n9j-F
z4DjJ13OafYAV3>PBWX2KzucC;F_z!RPMX-ij%)&CE|}dOKS`s=f;<2eZt_L}L}wUa
zIOxK$`>s&?D%s>vrA!s5!U6bF^Mb)GZwa~Wh|!6<`4I_V_NP`bZ(g%;pnUYj%lodx
zx5r(h=-PtB*o0*mj#|zZkVZ>f>fMFrV9j&0!WOn(d}5<y+5!G}>uMQww%7Y&7S5%7
z^uGO{I5&lL@SGPF9ooezZLt0NNuYIs%eMuOjqeau;l2xQ!}&pc--Y7_H2~&hTpBrV
z6AQ^rL{*zCqWP?vuJ6lN=HE>3vd3wb2217y;8l=tsCuc~&WxjxMWhw9NPlDIxc%&C
zomjEwrKp}5N~?<#1g-Hic=?<T-nrEK5~Rmfg!3+ac;-g}z9BIr8qLRscSQZ2krv{$
zmERDJhO+kQ?u7I8Hw|c?-I*2VUXhqJn*kP$-CKuLpU;QsWH*CWwvvo{E8DX@Q@?rZ
zT9U*7LGerI7y7#0Vo5sdSqf{srB7TDrL7xElqDebGCM4{RT9ChoYL8x*~H<x%!LZl
zeg)}vF{U|ehBx604K*P=%ps*GE?%27#YvmTy~I>)#UNq{&Kb{KkZ#6X;rYJkJz9#v
zW5A!gyA-s~_7t=Olx9)FB2)#^v8X?dTZ*NVU8X=EYwt>4%mi;d&V*$Z@}QOX$0iAU
zU=l8oFS|ZJrAQzH{#J+Itco&WsY&3FNgcIrP7>XbEzZB19-ZLFR()=tx^<ySR2dl)
zW1O53YdJYhdevE3PM<ndl?jxy;i*VGC&6&%V~us2k#Kf=dG-;;UFKK$a;9R)HtgV_
z=A`fNS5ZXk=5#V7BWeNQ3cF9S9-HoH$(SEH#+{6$oakydS6a5y)}@^%o;0{Rl7YnT
zR7ncT%@2;;#P`4xA~Qa7=zc|8QjhCo=j-sw5>D5;RecG&{67S)ucq272UnX70>vU%
z8bA<tyIe^#eR9;fH}t+PLZ!87<w|C*2OeyzTR)6%cs(Tq-&ub6=;<Ll4p4z~{iX8T
zVVc7Ur=Rf@d18?{S@Jrg3A!crW_9W`&~7mXlm>Y$Il;o3ufF@rs1;zGD-QI$wZ3B?
z3va8KYub1qf9_g2SXPI6lC!=@6MTTK*KdDGGK+E0-ynAzX&A|bJh_JNmVoa?p>TZ&
zakA;_`w-{ndaSOYoPlz!;#N?+ck%I~MV*rBn9eHXF2%~2b(rX8kDoT^5~IS$gG8TS
z@1z^=UAFV#&*W;GC&8HzSJK7A^!S-bJtRnh&Mxd~lx-tj(|7sE=<0g3Q2LqR?KMi>
z3o{P~pZ#yjpg_|@Cx_=UtA_ynb8Qr?1O+GW$KK7+qp+~B-xsN|$Lo}sI^DmbNh-Yw
zhZ0I(&v^|YsB{tzBr}O?N2(VdSbYz8SX~j%w9lBfoO~|sYaH3I#77mORc)1w?GY-@
zhl;*7@Ebp0JoBiAMUk<QF^xOi^Ngs(V4moTHoGz}d{ujo|4V*<?;ek>Wrehn)8_C7
zwz2Zo?e|BPHqR#<6+ic$E9iUCDra;42qN(yfVrNq!JUM+Eiw(}DruIvqeSapWjAK{
zJY|Wtk||{I8+0ZL=gx@8!3gJWcHYVp7+F6xVW9Z5v(5T;*>g7N6$Oj!SXnG<@rEy<
z?o-`1=MS6%6Rsss(x+oOKaudcsPnE3u^O)bDop8;PgU+7M2ri3OG{QQB=s}rv>rig
z7nA(<V(+tm$R}v^XG!EnW~!c6F|nD`SGM-hDiKq%^5{+%bDuh$yg>J*B>pkCy)Ll|
zYS2Z*E~J)4g3)w<y@qK?7%P&9NyyXq+Q^}T9lZ!>n=BKGMb>`p7Z9{$M5n-r)hDPF
zfWjv}ZAlhUCbmLK-OhXg4zNy6#NG<U7F%yK>J>>{0uEbjbkC*DzUyErDZjt~CfhK)
zW`xbou=0yn!@p#~n&7>mOh`9mnSlYTb=Obi=2IWEI1V4HO{>2ela+B7pTUhU1jX=i
zDFxvdUxH4F({^tCu2kL1KE?$@nP;AhUQ?Mz?fOk;zwvin;*zYp3}GHl7UG+1Rferb
z1fj)dSL9P7FyS9+HOUn$88AP1UA;F9-t5VxBZP}yQk=+N|3JUvi{ouN9#_BK8I|DG
zem1y2TT?QV^QzK=?-qzCGYXW|7|woEp}RAutZ{^+2ZCEg5R@G<jat4!T`B0=7OFve
zq6es`n;8@<+*Kzk>|3Rk-qGvB7faREjKeX9Ul|i3ORX<_a%Ssce(s*P&aJ>fDo*~E
zTH!dKR{3RE-6q0qUJZ2Ux;-bYS|CSRnMT{SRMxmkPso!6^Q1n%NHm;b+UxXyhkb(#
zcdy&(r%WnFdLBHHSy>>RM~R%KznIoE)KpJKB}G^QG7Z??yL}!%lQau0$HXp&{DiUr
zHpSG_THX5H<6nW8V`ch)di9cQzDEm55!vTfpNH<vnT10lZ~Q9mxkcL*e*V1OvG>aX
z*=!n=sWuv<qkf=&@NC?d_Xn;A0EhN*0cF!V2@+U9O8+?_4V2j)(UA|8eeXd|z@S+q
z!lYZP30{gaH66aK5wv^W$fG%EhBwdSg}QQ>d!~MNnk#c{WViftr$%ssBA26oue@Oi
zD2~I}l4{k_!`0v!qcKFonc5K)*}JYwLpy&0`v_nBeta3(LeD$SmMq}deodi)L-uk!
z<FekW@DOaGIg%--Yl}zLRb_FIXYHv(;=04Q7)Zxpu{fEH6GuNH>!*iD%|&p@!nx^I
zU?u2snpoon_bU;^QdSCv`Q^_&s-}nlwQ)tDDVpevnHDJDHB0G@%CO+zbHXm46c<kk
zvO~a=oDRXTyF`jqSCa!hp#h)DU}$wNL?_98b=(2YbNeJ-pZXwB>jgn~!sAZCnvdK1
z3^Q=J573?2O}pJU$Ck-NDP$*)QKlXp6unSE)sBK!zd6=SXFjB3-L&oQbltQ>N?Aa^
z6*-846I<?=yu=rwBp!6PDh<}|41Tqp-H1StRZCTt$t<v0a**hp1lvj23gS`Mwd|Tg
zXGcccLNGh2_Ga1z)a$jrSbKF}^$FICm0bR2?vvIp7(FJ-so0+$#H+d8>MmUg^6N%!
zt4c7u*$@;jq4w07AKO|`y-f+U0kSd0!BhFN8P_pTgBPDN28QxPi|?|JBdf<b?MoJH
z7RC-{(Q!0=or5Dy2dM+evLuY;<9|4S7|XBMU9Gvr-Y(o+z~b^WHqHVxk#)=U(~Atw
zwxslgWT)%jdt((B^JO}04Gl#XTsy<SrmPE`jGM9K;WPP)snFQ8`8F0uTq<hns>D!s
z=Y@qm*QT^)f(4H=L$zWJ4&C28;?|QT`H;KIz!WM@%F2|a^mI{0fm>RAM`>=L4mQh?
zoeA8Sub8QT)8%Il|D7}R%>0#<zV9HPX!OEettIJ|ltY1l$;TB^NW4Di?%>GEI$^ki
z@HpB$_((R%;>5`7H_q~fc=O79F8lMg8YX?;$d#3aO}yrfV#U?<*R`#Sb)@6f_UN^c
z6>d^v*0OlS229=<AH%?B?`d5fu1pykPQ5L!RHhG4p#GJ1iN$yrY5|RwGwp6ARm<Hf
z88FTBzV>9U%hn!U`fVmOkynmw>Mhf+i!cOFw^69R#2uPSC-GQ~TUgEIqE^$IV1mwM
z&Tg>9{I4kL^&_9812x5Cv5MC}z&lN|J>O)()jF(I<)V)<+3&6qLhwA}O2P>sg-m64
zbu>j5_xb&P1w$NFqK}u`SQQoi6YC};CKlX>fvyD%pq#-pX0`UG9+k|(A6Xa@^l{_X
z9VLVfpEZ-)jPr!fhQEz*w51ArA*+nt5w=i90@Us3V#!)*78f*<R7z0>ygZoCc|u&B
zfA`g37uv3Hdth?i<sjum0bQRk&+_bLM2f#~(vIt~BXuckhY2D`f*UrsyrsdM8iKcg
zjP=n?D+W3N<5@JxEH}fJNt56rf}*ijsAlHrlOR3DdRrXbBE6zfgk^XB5;jIhz_|bS
zgtZYe8lE!}3iU84%l&<Z_#~UPQzk|+{lV=1s29`;--vpta6aS19tCT6OdF}ol*l#`
zilK}G^;;(wxG@O0I)hxNLfNEsf?<hGXe|>eMZiq&u8{c4yiO&@1w@l2CHR}I)N>+j
zJ#U%$WYs$s7lzH<^V-jHn+8?yNlmLOB#<4z^hma-6b-t)%<?;;nGcN|nB@eoLS3Y>
zCf1eWnSPuSu!uEsf%<)_3;2Dp_U!IlbUhi2+PQZ4p+6?J>&{SgS)FhrK;5s0fI{jx
zeuH$wHuR6tk9j4-R|h7gCrd--YhI|7;pfa+8yn{OH+aVH=@>pmkZqLLfi{Lb7JUPg
zkr&oFpX?gdU9R=N#qDH%`=O<QG;uAOT$|DN{Ie$pR!n{fCsm1lZQ9U~Zz^-IljM-^
zqj-J`50Dm%*Hc}VLG|nkjPzz`i=#Z);G12%$8LQt`4F<vSLIEnUXkLme%cT&w6}T8
zH!ZJ07afr~tnU9Dbv>i*^Uf_=S97gS&5<wl3VJm%W-c*^ts>!7mXGqPf<#Fo+J)KQ
z73)#nAY*EtNzxhn!PuHi6P>TFf(zCZH^m-&2ow88t8iRLtL#L~<&2{5a}vLKliQL0
zYcCJrkJ~qj+@$a4I)xsd&hBk&Pd`O@XumaD<16#5Jo4_=OQ**Dt0%RCdBfq&cwnZu
zeai;*NeP9EyK2&UOlOC3jzPBB03%Mr;IrKkNz!cNYkvz+w!2GL@ZIe+V=sr@)oCff
z8qSb!IViFDPvAFLN49=}jT1W^CTj}+4pGrZl^#f8*y81PGw`N$%xlSMxeQ!kc$Zy6
zghe0?j`EHvAIoXkynQFBuY9mXuWisSCLy7;HJO07zQnf$@P*R*EVe(f(QZHOu5KXS
z9IFR&TF!mk?3z+%Xas0B<k-!Ak~^%atGpDtR<W9(7uUv*PZV16_1uBG90SDGI^j)Y
zVC#3=_dOc^`1kY_V6~M*`rpAGV`jZpE=5|8ur-GUKU!q4$Q3R~nIdX!+0%`}!*)Lg
z$HrPnwel2%8*m{G1MGjP`lu!Mt<50);_~(2^ua;*8RXTEu4f0)$jL=SX2bCrNu-<8
zQzr9-@EK{N%<KD+qw!4ZJ<r}1?<@AXj~Ok+E)3?^{0xtsQn_1b;wso`*45bY<}>CT
zfG1IpOzv~(%G&%)z*4MCTKW#oAL&J!MQti>dOad9sG@cY(b&r^U$d=AIO&W6`m|5a
ze4%<Lpp2euaT{f&k_>{tkU=qT>UT#SBhKz8WL+j~XjgUezL6M=sW!39cKXFZS|5GP
z52MB!*+J+!T*=JDe=3KnFP-PU#=}O-ipVMp4-2EJ?6zFn0@{sI5Bt$wiFo#`>3`PV
z$d4|i#NaNhSjGEY+3yYCisO`+ns%oyPvJFFlx!YOyVuFhL=1w`ay#v#vc?#PIX-ng
zx*OchW(xRu6HYU7YPi5gUCr6_MW1&Tw}OAT{msO!ZX!c{e;4EP%Q=Zqn+e7CD9C({
z4|*Fnbu2SDhC!$$s8rCdQkolWwnJz2LmmX4>-C>=v+H|<(~ay!lEw{fG9*XcO6xIE
z(_p|hrL+40u8i)!ZOl>jkvpF+z@jc>uIpQIL&CiD!*1vr+EHl~>HMAH#%0WEb}0q_
z;>aZ)4xH`J(9LawSR}XyjabKi#y7|ZdH?!zWG(<w2nWls0)nxEjn@VBx46`O_H*5t
z?xXqkK|uwUivbto<$iwfW^Q%V*Rfx|*c=k`y!SVWFVlW6IepeM_G4OIUjSw!APyE3
zjG>vb$#iLQR?MB<trWoVIl9o(X){TbAJa6L4HbW6t3G#Lj(>=5FnjU5@-+ZHp%y6M
z9ro+?XFtJvch;SLJFET`1A#}~c5(=|VLDvu_bS>RW#Fgfo~VK>rUq@_j<|ZmNouup
zy$^a(uaP(nt8{+IyB+85wx$*@SG|_=j#;Awn!z_!-x<lej=4Vv8%zk7OoYz9#i9xe
zua(B38U2|&=HmFqZnkndZ!9Qr`IJPj5zwAv>S`_Y@vUCI4g6Hy0RF^8xvM#eNu}5y
z#}zl))asdhdj*b7ir--`0KJqkaNwjt5~$p#6n;#F@H(NXY@z{g-TgX*>l8DagV$pn
zLkDzJnlbdx*}YX7KPT{zL}=jE+s%KY_{<5llg2c*eoLVhdr>=%uyOIcFw*~7RQgZc
z_VRR-Un!JIT<cW=_DO?_<Qz$``_q@68|ts8?9IBcbn4vOCZMSeBfC8sPJ|p)0+fnZ
zTbe{4qU~lI@DigbFmPSFFIoo7gbTb$TM$u|@~wMiES1)0^EN@Hl}$qVM=w`W08V|?
z&Pg1krO`&+@-}GL7seI5sVFTpTtNP~M6TeYROf`cUJ43%r%MfMh?4GODGDj9{>lT?
zlXFwo&#dSWU8Y>dIw1=(fC~ZzO<ariyBrVYL919zX98{XA<{3?aGNK)hgCk`hGnUU
znuUeriWBf!feIM)<h9tVl8|2{Puwo;H4+;pC(0Dp!h0e-_|PO4hkNx5YC4y=HVRme
z$=LMLAF%^$%&FVHiz)0lOT7)q7(`!76cS$l<fz-&ZJWD7uBKH8KzZ$^Ujf=E_jp&S
z!E14D3cU%u8q<1fkJVR<LUujE+_91-Z=Be>B-Ch(AAZ7%XlsZE$+}~U@f2q|L?Bq3
z-Y;|;c%ANhjqh%YsB}>py}{DTFsjUE|4z%pRXuEB7_229?;!QU+N&P~R@!r1nWlx-
z;19?&6)cypuLOO?=sL<@KGqPDoSnIZ`V<aKrD~<dlTQWD*>CTW=@eSqKh*5&af;LG
ziz8q2r9=M#=sg9C|EAZizCXW)ra`B|SuNNoVHnwFiBzLqd-eO-+tsg^I=UVaj^-ce
zPJ1amB+{youU}K*%tf2nN_kUsbXsZYHM{ocs^wBkj}MbnAY`+nW1V)T(RH!CljCB|
zFw6&31^O0ci0ZDJn17<``6Amvr`D0mcDf?tInr)+8gajOxI+Cx*kav1<!`BKw?aB?
zSmgQ3KyE;6w0sr>G|6&gBplX59LHZ`YbwKT1(KOi;Aq>#k#$6h?gkDM6Eg8P@M+el
zsz$tWh*ldewM_TC$C~~G?2C|v8^Q&jVWixFCqX)vdX#&?+gN_DgKQPx@bF(+3JX&-
z5&sSJscdB4acGutzmt6s4Y_@+`_;mxbf}>kkd^Yhy;xI=E52cy4E(1rd;jS}KlwKv
zIpr#n`gKp0`MVtL=M$U4^}kKG?YsOh*4{d(tuAc)tx>E+N(n6v#R=}-;zdh~2Px3t
zu0>OddvS;28l2!zD8b#G;_d{Ov->>n`<ydpzCXVihRIA|NXXvzTI;^A>-vo;y=d^l
zS|$>{ymYNH>U}CREf;D-LiVoI+1x0pR4{~sM9df;ZP)c)gsD$~-rXRRH363S1JOVI
z?)5B}Q;dEM5b3ceWWPt-zg2Gy!v8bX9b$UB@a!5a72ZUv&}U?@WJNI>yq{ezAGN&I
zjjyZPuvn>iys<WGb#;jHiD%*)Sl+&@J6NB|?tb^GA!c{B&^uVHUA$MVfd!i|_{-@>
zUtqn`W9wH3J#_duSs~TX5OPWlE@5<X^@s}QBS6qPHYFwLi+s%4AfHnby1OAFo2_e<
z6&a8ORw#Svgs;L@kF9RazzweuggN}9c?lDb-|OtlO>wPo&2XKx@FE)pymZT%+X_Y5
z20vM+Ajgk_aji$xG;0h|oXsb(+ZU?F#8Ats>f%2I?B(YPbv@eYDc5ThbEZ}r2a>$j
z%4GZZ;$*@3Lkom8AW#~Mu+)h(Y6Mw4tBG(+v|q8<o&va<Ya&f|B5O8e3<tpCvvbTt
zQf0W4>QZ@)BJX)#8y;`fdh|^D9u_gJ$vL+5Pg`=1XH8;8s3t#_I;+-pLB2^-(p`>k
zFmsc2>~2AM%x*mn&9eNI!$KQX#(>Db$g^MZI6hR;24;kCGvwX{U~FO(6A7=NQ;6|$
z*&m6mKZa>}ydo#h4fyzlxy1yROi+^K(xm`AGzw&Zan--sb>I1&ti}IIQpklg_k6Lo
zmQs0=EFDjZEwmb=cVloyA-Wlo89j!ONndwd*%KLW)?~PGUFMuYT>elbH^H6TYSEep
z#;Vv~-?c~M>ZIrop`3STeD@nm(*<u%;>WqyYIp?STj{%QxPij`%76ZO66Q5=EMn6)
z6fm!#@9w}yh-Q!(`HU@lYb=r6W7A-^3tI+AQx7-pPccXW$wpFBH(dEAGp3-ib=ZD~
z6Dy`2rWT-qjhdIwkeLH`Ak=$2jppSM4RKRb{^t#S$B8<19+CD^1us}{h95}?aL0|h
zhAvmuRpv5rq-Jl~A3suWu%Cbexf*ih`00TcHs?x^rIKvarpPxUoXJmnvhD+bny$1H
zzdtU{4MiqtUt({s8N=U@&!BSNooZ(q-?uCXk#s$t9e*X6!tXo($luquTz*5b%4<)~
z$UgFxyy=>&^hz$2-@PMU-KA{7I#2dDsX-%eN_7ImhWbGH6T3an!?#H@0qiOUzbJ4q
zU!jQ>O|6*=Ht0QHr94l(@V#pMh46kM9vs-Og12;GfXMy2`R8Ge0dt9QYw8hwwL(Ta
zP49OMeEp!>0nyWKG1;JWU|Ju%vl}Z<6wi>40LD8FqcGix+Pz<GRlw*EgprzM2D{M)
zqW$|Us`%+ZyvUJUPdtMRO%x9S4lS?E`}a5c-<ztrbR#fABsbYIN7ulDCr~_%U-Rye
zG>ICUdCS{p7Z!R`&9}OieI4=dBz2E<X_i0X`|&`tMEa+yYo6>$3*;yY(VoU0TmrML
z^&uXc!RE&?PU4qjwA7sVH}bFRa-me-l^LwC+*zmH;)+?wP*tf!yY0Li%3w*0Flytw
zl!M8vFcG(9lx#N~d@^eM{mZ|C#=(HV`xuNAo8N{<T)d**#O3*F`@PipX<SBfksGJd
z9$wmd{9@tz6xs=<bUGlu(;%W}itryh;M=ltd2?77M(=mBe^!W6S);%Q-uBXOCH+##
zcO}(|G;$kvA8Df)2m1qS%Q#^}t~>0vkI>)SI2mD)sAJ?jX2v<X4pNQB7%z(d1v;`&
zF*c?f>_$7|Dv*E79FXWqt8jDp`+N&9)T~Rn#<|20rwVhK7()qNjpO{@R$nGXN`-cm
zv9W}C-9b4;uJWOG%`{Ch<(78Wwrd_YwaY7e*gyF<p^SSk^gQj>(3VoUmL*x_VmR(N
zFX^>=aQPOVdDAJ7@>;$s8VWdE)y1Htp~=tqD=bkgO;^1(L{ouq?v57`-L6nX97*It
zkr@f2{eNQpfxZ(UR~A&~YQP48f7UFxRbn6_?r!nL5_r{*D$KWk-Q7Ay(PI$vT6T$P
zgV_STF4s)10JKC`tQVmf2L4|y^B=TFcS+xl#Wkis?n@C32sB2~SPd%W6~+?rDJDbc
z(sA||d)eGm)44e<{_ue45C-0vp7}^t(-$Q*f!}ZxNR_oJa|K?~ZC4~VM2t*m2{DM#
z>&sk1A?m(C)AT1>3-=(;t*MOnU=f(#8nQ8w{U|v=`hzX1u*wYfH0-jq4vnPw$w47|
z`QQ|qYK|KQgrLvR!bytWg84|k8_?br_8NnR+hZ*!JLx{~fbh3|z;^M1F!oiS!k!{3
z2>q-E?CfL`a{Ph}!>r~th$J5g8xR48hHA*^&)T!!L9yCBnSYY*7i`S!;P&G{yb^)L
z4z~(x43e`J$8b-j!H1Wi!xd=lDaQM%5e?`AG6|ZJaNXx=SOh54O8)H+!LZmOgRS^!
zR2Hy>cZeAIUhWg@s9*dL(Tvh1wCPwJJ+8ms*SoK8%sL`^{ec4?usxiO2VL(7T0K>P
z8_!?XTUih?f>yIfN6t&i@zLb8=3y?KHZSR{uh$d>%U02^StB*~Ld{21kfj6wQP?0;
z(iwK<vgUTHV<5`n=E(qvJ2Q?acDzIy?7XD+@&@jL=lfvAXYyAo|C~8aHG4AIRnB!0
z?|0kk9^T(Io{sd!Og;#L08z|v{g!Zq^>mx{CwaZ8rSP(YCS~iDc;4|CWc#g|)NFnq
z2p5v8=@r4IRhHU(EjCM3#`EU;)@6L@G7+qG1WH)JsazJDx^i>O9l#4$&gv(@*~~Ts
zI@62A;sCN4$Z{J#iSX3Vu1D;Vj5I|&Q#~?nYcD@o_{H|Y)zJN3#cd@gJtT%tJH?lM
z7^M8$KWxggpXKKJ&<hGu(!LYE@?GKr;udyciI&?dlH0rMQiR{5L)p3JAV}AfyBj(F
zG8Z;%LJ*UMUz%f$TJqWMc1>7?D197$*#6V&=cKth1SVx6>#ml!gRiQ7eOPY4tyG92
z@oCI&+MY>HbcZ5Fc+y9vqJBKlRl>dsg#x-A;*)JpGnsb3<zQ{_lc1lUXY^Y(S6|em
zh3j{4SX`x#H7ruDS<8csFpC}uEq#7Z#%M-5qy2{*fl=4vE!73|XH=qd`!&B+MS%Ki
zfI+{dKIC^yEg@KX-u+!DQ|E%E4A3c!%L;8PkUbI~h2_g#qw<c-i|)HjKDLu}P`0JK
z+tn84<_<lpyfE3yteg0PK>%kcTY30U1H9%s6sjB?Ok#u&59v~zn~}$>889m-u(VyS
z{d7+4(y_P|MQ#aYRj)R2d{<1(dV_yHVQ(YU#cDfQ&a7kf!(H6QZmsV?)$zx5-rR2_
zaj2#<cfIq3Yain8N0qj4i+)0##9pM?4~_^Q1$C}Y^+_QDWzccRGAfem&?nW|$buFM
zCqIWoNq|AL(AHnMC<~`i(dmv8@dE^zU_t$4v5s-|-&4ZUSI{)V%Ek<a3Wkb0_>?Sl
z1M1mqxMwih5TNfXx0s`xsjzE$k>tELEYIT4Ua6V46KR!NTW@JK%!yvGvZs5peX)#?
zE}w35waggyR-?J>3t@J#qi3BQ#Bz?dw!s|VTy{M>Wt7@~oEF}a8PB#aESD5{UkH`I
zI4|5Y6f~-zzLh9O;;bX-Ui8hm#nWVhh>n(%biYsE{vJKaW9p#5W5|0Fn%Q;&7B6l$
zZ0{rMoci{NEwq7BZY=Y6)QB>4ZP@>ScX(@VbS(ztzxK~?#_XYi(b>#Qh6K9avzYcY
z>7);`hsX_MuB*IbrIG#l2G@5NIND8aJbTlX5NKuTWN|UGofiQe4mqc<b<>(NkBW%>
z>Pe4pet8ykvD;oXUyS>VO{b^gXr3Y$-L<8@7^OR)<<km~&oIoID&x1yth^L{{r&F2
zlVGHzNE|>k`I|$QiPITIB11qor4;_Y4V}Uxzwc*{dAwGo@kjuLSANJSkaxBTL{YBB
z3#phRj}kbtrbSMW6k)pcjv4WK#PDOAS%e}c(dg*txSfZGa053i)(~L&#eSmNAdw>B
zvsN`5IPIOm{GVRd-_%+*^{wba@!#ejSK8ONp)zU09#$p<JI-ueq&zwiy6>dQ$Db$m
zO}Fj;T9pc<rxK+JT-cdOYn$Rp;ixs_7}ngMOLV9*+0v8KZH~~jKkNaEJ;5NjeK0-b
z+t4N{L5Snh?+cC6Dz4&b*>+tk880r=1S_PT5JIifY~n1#9R8`+XaX{tW9`(E4MX|&
zx?^9uB$#+T=N+9B4;vN3yXeRmE@wF8x=f=#+kd7Djka7MZm}LoZ)3tBU}@9oZ?1(;
zqe}hEyr~tq&&2Ar_+Dsqzl*eEn%TV?zvYW_sIuYp0@z34+oMPQtT6v=RGFp(cQ6Su
zDpON+l}%OqYS3a!wO;C5X0O1^)xR6(r$F<^i%Th8U6rQvL~!P6G`7-{qP;K<jIaQ}
zab!YqiYh9RHzcRrp4a{Nra;Ev*|cKBJpP%PL8h6XbEI*bWOvk@pm#}2H9B@q+n$^z
z&iSrV-WIGl>$wF>T$KWsUAE9IUlBHd6~^jKKWJ1C2$+L(i~XG^^br*Mq5175F6(ji
zi3Ww3SkPs4HfGKVP;4LvB5r?k60JseJZc<Sir1Am7S{utPh&5%=RkX75Zg5)F=BMH
zwQt5ANxV*bQ{<v?w?{`S$EB@0wzhg6Uj!n^fzMb5iDtZ$2o4Q2B+9_IycC_1K3y+l
zA0}BLa_OIeZnwE|5z22_*tL$^J$uFZ{a~^>29+vqJqQl`DXwQ6QfqSc(xKeSQs)tB
zm+LLZY^8+|T)VtIm&vBusMv8cuqYOd(I_SB*3-;ACfVGmK2R+xDX$FDCk|y9VfgOH
zJ}irMz5imf>pM-z&SezKTHUOFX;08EWpKl|&6H+PxA?U7EC54^wbccq1PJC{!xp_I
zV%U2UugL0h2zSa2c@z-F@18`=^4c&_d(;f>DBbVv;62R2@b=9E6-{q&kXwWp8N#h6
z#xmo6WlaU|(~7tkQ3H;(FGMYfG~udPk#bW37vtf@7aah=tT?O5UFV$6VAtmTb^p{O
z<56r7J5gU^Hz}C*hKJ2^vAHsHEUE(<XZ_N1reP-bgl&-ih2$$HSF$?dNhkTVJD&g!
zuHNrjT-Z*6Hg>a7?S=Kl!=9%~2ymSbi_T0yiHI9>#_?<3P)?(s1K#d`N?48e)}LQr
z!_`?#43-Tb2AQH_d6yz(7zBF~{0+-7COnwN8?}6ptXTIZ#D$r@-a4wmvGOZ%**~M_
z-Ptw{j2QYy(khvOST2gQiYz6TO5@^%Om@oyj1BqYD3(}SNs|#OIk2)uz@_G21M3wd
zi$awR4>z}})@Tfxdx!1u7glIFt(28*e*)b#?YKpHOZEz&NfsQupL1T*`S@5+SKTP|
zHCG&Q*;ZGURwB2-@{^fHXtbQtdcY(}Ny|Ht!|ZaiE)FB<BVTWr>aTxYIpi*`({VI{
zV8(d}=_&e8fRM-5uxnor2w-0N1L-cKK+22SlkOi>)YcxFw}H9{OU97ro!TdJZaY?v
zx2U-IuPdDq^mebmJQHz0%LdRAqxDWZrgt~4mR|Fm!x+G^@WtOa#GChkljo{ZQDYWs
zU5#2XsamzD3@UCrc?N(P*an`snvGUCx%0Tj0I3*fd)391cDa^zu2F9+M)J=rOXihQ
zO!Ye=nN6-e>{C1s`QbNd{T<g-0EGd)%b#wJkS;j(_wS+*rEesKxke2d70K&_9Sl2O
zvBXq>ah6Sr-Z^(jQ_oJV=wSnOzL}z!i(tC?-G<VO_?GbRY`#IUQ-q3xk)NhBjko~^
zODFAtwho3IMd4Gw^5pFx^`$s=yq)koWn)OgtCxf_c4Xi<%syXT!7RRx(w*bHGC=JS
z!ah8|qmMoMNF{+`@{{C>^VrcH+jvfFWx#wj%&n%mZ%qAsasKG99l|<aNaVD7dk}EH
zo9+?eencIbZr`QU+Le?Pr<B~B!+CF6_kX3QQz&0<*`4mqMp!r8;yCeJOn|Sf=lBG>
zx2(*t2o4(VA8rF_MB|ebbc&h#B5n+W57EHSt}n81UA^c0UvvVSLuG6NWY5wu5(z;p
zl<(nLEgD`wl5r`N{=j2CTJn%bIXth{S2j4Ppg>1*=XBK1WOIJf%S4`jeIJW9UFdca
zMN*RkkY;y&lr|n_m6Mn+Zf@6uwG=!K(kU41ER_cA+-^ATgCBP`U)7IWbljfL7lDF6
z4@oHT4ed&J*}f3=exsslRrO=(O6?OV&@nM47sxCos~=UvUq0REn<~gm{)#^tr?>-m
z4Iy~7t+4QtE;zrQq(LvV2%@Y}ilC<CM-m*pSfzzCw@KQB>hoA$ykQGMe$Tw&<-y($
zH)<!Gtia%EFYckXqjtPJsi6pN4|(A9>yLbFAm_Cvs6SCa3X?4Cb<=Qox#+YD5U9YK
zgjB1<p&r;8REJ3(mK(2qoPln1khDoEVnLKKPVsv^Z!Wvm1`i%N?`W%k56o{z6$O5#
z0qgQdv`3}SVV_I~@3qxcrnrf1Y+oQfcmFD94#ZZ;mJFN;ban7D)a}G8XPlPvdEGOy
zaB)p+7*u+0%S)8E^?}9?T6D>o{-o7hFm|KfEjX@d4{6@v;ieBEbr@@L1HZJIM>O?V
z(<u=5StqSE2uHI>lxTi*H27eo_iBi`E|#gqu$www=h2R6eTCKH<%>HnLcWP*#Dzw)
zKbWoY_TMrW(y#kEYk)aUO6nC|Yb1%TT`NmTE$!|?wGYCI^WKwYK}hmJE<9Gw3qLt%
z>a;JB%YM_bmO)*ldyS0bhNJ!=k-W#HtE<!u9(IDE6@T)44VxDGB;7oar*V4B%T7l6
zYQDEr2a&)TPKxLj_{<QZS2W4)bi(>NtWDazX2E`uf>T^_ELKa>Gf=(qa9EW4v&IM`
ze74ZkU1I^TDqbUOpZ&EeHZiD#U`cHIe%wipise62Xw@pz&cb@lLKPRIr+4w0bp6Rc
zC9eSJl!ozIRcs#gL7YW-X=(k^+^w^j{>UC~dRWD!0P%wCW|>G5g}=lFaIYYEOYfEh
zDTb5gcBMtD#9gE*8FbKm0wU`bHICbj=D+>63%G&lQ(4yJ$bxXmkk^?FS3YVJzCnYc
z*Q7zrCirteGOtKXVxn2_#>rsIPoQ*tG&g4odC3BT(HLzEq?(;>auoIfK|q^g_m`4&
zy&v(BH{R^!ulQww7_~#jzd?qh(!%*VU~w8=dG%;lAkIElca~Sk<KdSH1r`JXU%w?%
zZl=j7WLzysOHX5^-F{i3yI)~maHpQBko`!%2KT4i@KTK3%}bGs9JoBc!KeVo{{6HN
z?nQoZby&-3)DLO-M-Rm@Y4F@+vb7k319gPrcB(@r-3h@M)DuNtTPzNAy&o86_&DY;
zG(8m;XYl^<LtGZa_rYRg<$yf`YJo^Kxrh`oxw_fd-QP{wXk=5YU7$=TTMxcO&7yxS
z>cC$uVcr-sa^+@(!jo{)n*>=DQtJH+$FZnrF^*L`weY%Fp~<+l$>K%?U#ewb>F=*$
zz|52&mP%o@Bc@>yyG?3$oAGhj9^bYHi&O2MnyX$yxgWyA(oCy6joH8mYK&eIs;{;b
zT(&(1I3_NAT8fxRz0}$y5z;kFa1PL#X5+N^rV;1e>5-?S<w^vd>(d*j+m~bu?~)f<
zCTYTyw~>hGo6C!-bg@s{DFq&;&&;ho)_bP=cl0qwb=GX2P~oIB-R+D;yg^)aFP#pH
zsCo!1k|*D*OcI3PPBvNBzRo<(zjQ#|9$*?!pXZ!MI|R;q>4Vt_JR8%9o$8Zbl)&Vi
zxs1BeW9r%{OH^-5Hr2vvE-t*TR$w)1G2@#(Gvk*I@#)*74dPyB0>5){Y+g3;>^+ZN
zJuE8q4Vnx@-?DBR|8=?AE$rsC%r#cJNXUIw(g0mNIX>Q6i_euMawB}+L1?fDp$N^<
zuC~B3_ylUYpI8nqbYX%Q+QLV3WQ27^8sG4Q6|wb}Xd^<_`=(4Q$u+KQ;GBT3mcG%}
z$F_C;ttLoVd4=LyDKLmN$#JVA*?s6o1{qZ6CkDYAKcPu8o7?o4ykCsTvkTaiI9`8(
zrVF$1n#>}2ie1UQHs2W*x!k>6l~8SqQtd@p`8}wKw0)!2Z+^~-*{fM6KJ|l2*rDwD
z-Pz%i>E=QaMRlOf-Unxg*7O>`Ah~ZHsr~)kppthHve?{U8pERVy{M=HiOv!wfMU+!
zwLiGj=h!nKDlOuEzVXQ}i$7%Qc~(U|&71qHm2G~1oi|`Q>G3>;r5*vN16He8P$v<R
z=T`}RwYQ(-<5FU#MpB+1nL%sv8}j&Zytot%v*E6u9s?!XMZp1&)IKk%q<cMH+loRH
z!-8PPKW=z2sV%wdvi3PRC@lK**9Ek(-b5rmr2h-wh7PM3n?~+!`MX+vJ_i=-j~Min
zKdC+&GAe6^L-{JaUsUb;a&h5w9Xx=q2@q-wf7N*{hD|YTNQ7=N@qpQUP>=XLKuT?Q
zI|hxPRFlDEr=dUg4zlyOA$5NyD_)_3R{hgj6{s_uR8Y170TGp)EAiw+)|kHuDb{Nq
zWB94z^sLEiOusGDNL;h(om8*J?+sM7;k*tc4XBx#Sc;0At{2%Y34<TZyx|EG#hOgy
zzU;zP+i*{VaZxeTUyV#$+(8yfWDSndie;t|NcVN`^APv5CUI#EN0G8>fcvT4;{k4l
zdNZR#)WxBhv0@(ZN~BVA+Mbr_?iidN$;%NK30H-_fcA&gHmpp#Up{T~YpOVQ`@E<}
zu&^!ZuA9(uzgOqFAy~D)1=DX5*KSjHstim+PLXo@(oT4`Q5U%mdGQtNAi5+QxA$)n
zYy2GWFhGyUd@tBDrD}sVKZJ!L19b1w!1IFf=`4Bu>6Tn}gO+T%<35vr-u#@9Pa{qo
zQ7*^Xir4qb1Yn#qRo_iZ6%i$0QR9<<#XGBALX78&voa<@(|V8A^Qd&hEAZUJ+1_Zx
z@^Vu5<{O!Ig0SVSRKhmHZ<WeE`EI(NYS>?t^&ga+buRWMhTzq;@XeW)Nq>q=Hc<|f
zZz_MJm~gRPWfn8Vsv;^isQ%o_4`DdUuW<8~`Q`GQ&_UxU%`EUjXnA8udicGLcYb+4
zj-m5tvRP~nn}9=1qBK(9CgjWhAp}C0XP=Cn7uC!<WjAdba*PXRh#cX%E&TjqKqZF1
zuOKU{03z{pYJa{^xg2l<-Juv5GhnmH%eSrPtjBi>e3r+sv>-7jls8woVQOQ5-_$hw
zIcUEy@99)A-78&z7WP~Ur$7tY4dioF`9XgcwlQmA>CQy(elw>Qrz@=6Si5>75R<~i
zFX&*-fe<O_|8Zf9>vYH@jwDSN!ke2XL+l&bl0%;3LS(~hwm3=;SSQ>?Ief&8USub$
zTC{PyToVl!HsI-af{O&|Tv+xlwlR~{1eyDmgLmufjYBMM(+EHW5^V+C2N-aeQB3)*
z`tJ^v6Yuk`lUpDQO=dFZ)#%u}XuYh0JyW00`P3mnOf8p1Tq_#TRD5+*;vqr#+r7C0
z(xo1^gu=Fqp0*wwmm8V1jeQ;KrJnlETAKpBQJQ+&5?^&?Ug0$xFc^ng+bR0HKzQ#A
zd%)T4MG|k~RVdLOU)j7@meS;hfZ69z&Ul#gYk4tl#sdojAbYu`;ij4$sM^#091TM2
zKdO(=XZR*5E5;|fJLNpwc*Q~{ZcVb^S2V1g$FL8tHZipKqGt7|?#`(|oyD+~r-mvy
zS*^(j6fTzq9OEx7BF@DwWb1qT`ulV8=wC@DGR;S7=wlGL9;_#t(0@!7^iNLFhoNZU
zdQEc98g-*<(f!GM^1VTvtsN8^zMg}P{Bl_6l@WwPy@P|*DwR9Km_fs*7Z>;y-&1FC
zhdXWV%_}+ow;bOeZGJW&WYlwBiKpNVN<NK0rxD*7&)vvfkTqC(YGEFZL9l~yUen}$
zo<SfWP-RlH_MF9HWxNB0$LcnF%2RBh>$KJvCp7(?K7a*+7;-;ohFfKhMC3J}a`IRa
z(?3x#*#g8>#iwT}X5aWCW#$|!6Gkyig1brLvAq)3hSqr?`wiA({r1s<5}Fyab-<<q
zk%Z+f3uMxKnF)qshb^<&U=zfCX5Gmz%fFpv3Tbu*@ohtD-aBe0Y!)0j$iy)3gr_!q
z5^p%GuqkkN9${rx&?S?xp<1<IYJUlK(`o2A+ek)BXrZomK2T(V)Wn+Xz##9nWN;z<
z+txzr%se4qylEZ&{G3XJa-`wB@?hb4IWd-kDNl5#ASD&gQYiEZ<cgB{r6uorC(h6u
zTb4iB?6Zr5-8l)@qSfWEH1(760Xx<^Ze`*n-kMVdkA}C#9$EC3F+?C;({MaXNg0ai
zrMu1JSudophTzp1dm(S)aNy&ucJP_1EMG|<RJ@agx?D&*;#e9h#J%ahqP9jubENkr
z2-PQ1qvz@8erU=;Pn1(OqLVLrdPTBES{`y0E3XKj<h7YjifZ@4B-L~Te3xwN<B*g|
z{71INcAV$F7mCJLhrv?Dl^D(HeJo`K*ToA{M2LxIEg})One0S7I%i%Cf_^Fe!VDS%
ztCG4h!OrV`=6KdBb5~W1*l-q;3aGHN-9X&oR5UI`WcAXC#uRCcjzq<n{}z8UiOiIv
z4XspnVL8GRJ4kexqHhFZefGGz*Y___dV0))I;SCPHZwEJqQ7Is`MYpm#RdmR_QCbd
z=c_1Qem_<{`Vh%`c;z@WF0pot(;V)lTk&gEq<>;`x}FZ*;-vRP>~Pz{ud6y~%nZzR
zePio#SLKQ1z<5IN5JZHi=S}+vn=_#nR5h~vp_x7tYN|NfGR?T(t-0V+6<@O5YGI52
zVTV>ZOl~Vr)e~w+R_?HY1K^waaxgirf_5#-VQPg@ih8aQrFM?o)%fZ)vo5B}-Q8pb
zxn&RF&(mJex%J0ZB2Mlci$Ps!%@1zOLeus`)Kl`e&-@u8XFu8$za^may1OJA)2tn^
z<1Wj*>>y!VRM@b;dG~AoC#1^MKt<8ZOB6uc$24E>L!!Ac2o!Dq0A!<IA%6=qQL<w`
z<6Y!}T&<0<3YATjadwV+?XWrg<HD&KZ83{IKkJ-S>X#jCQ7i;7y5Kqnlmx`7B5S%k
zEU|k%mv>aDn@QpRBs=;gGw-o$a!I;12uU)*!l5=VSy$3-j0MOBgsc=c9s?D4FmzjL
ze%a_t>H+J5q{SIIPXTOsQ*^AZZt41NheyclZoT)Gt9vtpz{D?TuR|eoirmnXs^pd>
zT~xtuD_Oy9#QZ{xv1D-Zi%v&r`q0w&VnTN1CVRFW^X0<yQGZLpW?8{2Z#bQE?TV8Y
zoy(-$%q85aRk723G56_S$q!dP*oBK=tg9A{!ASmkHnjmY<dNJf6gSV7Q*_4de39t}
zpE9w0r>=my<s)ILL8~Afq5GA`!RDjA#^lQ3`c8eX4b<{lT9}{cctVGp+K89z3}Qc!
zXx4T-;>FntSpc-;%~74($^o<bgcDmOv3X`Ei<xgM@``9K3l$gdPhh@Z9pc{CzrU{3
z`?-?5k(_NYyNJ5wim5b8d|zMc7X%E#=vG|3TR{Gmld$R}Lm#&urb6oG-#vpVQ6(dT
z7%powKM5z+_qC}OU@O(#tNRxsv<lC{tZC;93Dhzg#}<*Fkg54eWfNP$A(l4Hu(`Fo
z)X+&in8Y3LYI4}<f`<=~|70G$M_x%3oZX_M5A;9GaO#v1kb=}_0PQpPn&Rs>VoYY-
zS%h_t%fe-Pxg^jJ4@*BRwmr~__PW1yxmrF^4l|p;A-~GIDB1k-RTkA!+D~9nPHHi&
zux#D3fwk=pg&f^F1TCZ@KGd4?>bi$rL0s(K%$M;(4o}pzo4@A0zqDHkz}%sXTz+~$
zdv$uNk5v5Z0|mzx$e)887vK0NbI<ZpWDhRrXGDSZbhlchXsO$h+u8@_wTHyWc|s#z
zTh7>i!-1w{&$MCDI=~kx$EKv*f#Xdx-=!ZBBTaS*_+%p;26X-#O~40T-t++Ewf6qq
z_Uz<gYOQVSqa?1*Q=#5Sui9vn8OS}s#0tPfW{c<$L)o|#9)Fz<*KJT4Y>~trP`?YX
zbp<N^ExN^2TSUcSC#&a)k~WN@vZ#B<?_1>j`@E1vU7%AMqg(jWAQR8uaeqR7LH5>c
z;G9mP#koDKt>5I;-gLF%4WF(<1=_cwfO$%mlSGI!cY&nC$JZ++cF5SrrMdoXQoI4r
zTS_ytWE5I<fVIJaLto^sqN~>Y(h$2Q?S`bz=KkG?&#$GvXM$e4$2KV-ah>6&c!T~l
zgbkn7qWRVJJ0HI}GZ~1oR43r7&<gGTP6DB#LlofMw_|WvbC6BhT(F8dvd=RrV*zmF
zMp2A1k|pw{=ZjJU+5(?^r}m6bF5;G#BI-Y$Cdbvw(5lT?6g{EJwuq;J-&QcFT>mV2
zF_7{?nqcaAzP*bLoU0^MOtn^LUu@G{iww4~yHMVrZH@?@X>t*x3N4@p&#ez36#WmL
z#|E)DSDQ}DrBxu2!UiY}67vv}B5=v-U^N%*vUlT}d{sAHXUXYe_V*SgL8m=d7M^29
zY*!}E#uxN++?7%?I1_VK_QKd>7nLFKO}MTZBi(@~@_`vz{0S(P>E(p&=o)dIm(SC7
zkBe*H$AeVZw9Hs@MEe8*4km*yAhKLU;_9k;77ssZeg1T=)l|-A3BL`#+ObZWFr4$g
zE%<WhwFc0&Zm&WF^5r^x17X*o-h;mUr_Xb+P15ozP2_{n!l4@jL7v9HucNLvLqEi|
zbk?J`-vl5WW<i2({GZ4hj%D0Etw9s~4!%+*R<<rTZfvDaIad30i2@dj5fgLYEan>_
z?l23fjn0bjk+Xi7X`ZrZ)tJq%&#zs?``~p*HF&kU1*$;^Mwi-(`8UITGv%8$n=6*j
zh_YfLXQK2xd$6EWv*kOT>ee)TxxU6XzJWaS?u<iE^{}lM5wTuZm-I=T&_addn7_gE
z>iGAK0B}@@0VbgS&u0FPv$<zGKs{xXMTI&->fcR#H+}j?OUq&pai%wKe(zTu5~vZ-
zB`heY`t8^6ux<}gX$hw;s%mSf9^KRf0qSmBw7&zMq)Q}py~G2YP#*8zdbV6;?gh_S
zGJ*{bI|u{j2s)8;dfwx^H(w02rUi=36q9RSCVzXrYOK3m0w=T<)Q11^iCk|3A_03%
z7kjvS=3yf~aDF{CC^i8>@>m{Ght9k4b~-1mOR1z9ElnKJ7>Nug^Pxaic)sVTe?=v_
z(#xUBQ4NUWoUVc4qOa!FB!<snQSr?qmW8-?LJ_MUi_0>nn$)<R@b*sDsq;io^H_p<
z9}I`lm8JQa6~?ryn1xbh(ETpT4*!4($?zrck8}&BV_oEy2q3Jpr*|SF&|*Z(`<iBj
zVO{_3{E_H@t@g7VRmU&!V1nriAs$PyKy#^AzKIjQb~E+b&tc-VUgXSK1B7Wm=jNFU
zZsuMa#oat6VeyTYOVDJU<EFUWtH>`gZn_em8%q?=g!CTI!4MM(H8!c`&4CxJW2lV5
zRRPE|;p5q7hDWPgMg=b?iXS6!>(aOHX=7FuCfY;x!^Q3j(Vr9%cZeRn(^*W;Vc5}8
zVI^DS9;6AIA2mmMhBZ9PJF97?Infb@DQONQ%cE_<Fqr-O3k(cl0s+g9Xq2u`=7kDY
zeYcV-y}L$__U{SY*bN@8w7CkNbt=cC-_e)nbW3+jtlrqIZOAJPQyk1m3$x99#!G9a
z%Y0^Kdr7^dUR#JqCK=K!Rkcf38INV*3A;H^H%L4>_OSo{@8Yz745U+Ct@NPMg`J7Z
z)f8|xLa;YCue6qLYmy6t>0j;8pXMa&Pu@Fu>SpS4(S01?9Zj~~4`2M$Cb<ub=xoVy
zQ+#nb^r|=r8WyztYx3`r!mN`MCF?lzzgYl=?I_351P;#ai*h4wr|l4>I`1Zj-Ffb>
zWlR3z1_o4nQ{}obEse(04JNo&1SGO)I8J_q2$J^oiDfD5f}g(}Z@FzLv9*2O_nlg1
zt(?ae-G<bDKa0~jJ_+{2VET00GN)<1xB$jpGSFDEzC6Gs>F_8#e8zGG#m+epdl!k4
z@Fm<e-SV&1t}guem49z7-Opl7*vQkv_Wbs7z6`~07fGcv#wBwO9~>+@LnoD7#Rk*u
zscJN-alXJ4ucTZ0+xo7tD_;a~f)TU)VnWqdm<yM#9hS?SaWcmuvZbv$a`|K-pe1uG
zMZpHab93u?{&KR|yKG%uZcx<j@>*GKszBbM9yX_T?AWRdc|y^9*#eux+aAmDV=_Fh
zzl?A+7$2~WUQA;LD04QMJ2K(iacs;&Y+#tE*`!}h`8R%BjfANz8D%q;NZpCpn3Rn7
zgJR5$N-xcm^G{cB#jaF??QkhXB|qsU=xpr?jK0+{P^_>}{{7tCq{nW71y-ELLc%x2
zG6DOewj6XtH<Eg=d>IGQuOd9%9o4UWVZ$i40lE=}Xn!kwW?<;!A7=LFM@EGih>{$n
zUONynNb6iVUoAsn&ItA`4_OeKD8+AUB)x=$BZKGN&S+VCTU87Up<(GP<In2O1YM23
z!6GVR-@{R&8l9~z%Klh(boV&MOWg<-lAO&*8~!p>%2~H=wv?1{nPQ*}E(Sg$I--z!
zv(NyB=@GnjUd@bF6T+!@9RRm4uN@qBu5y|da+XdoEoEIJPWGz?mjQff6HHSn=Nl~t
zRS$a8$uCGLDPF(XIrYG=o2cM-8t;jU3-<`+K|O;kPI_9U;P1w`lwi@}r+1|0FUj5@
z70;fSmxQLbG)(gdHxRD}I8N0=l+NtTa#(ac)@iEN(1R>`S#RqMQjtEt6qBndoq2jP
zvTGAG8$VHk2h<2H1f4TxB{jL!K|XsyQo37W*fmxAYjqUhm{pQ`BBZF~cG^5C^cgKO
z5BZAqzGMOmHbqPfks5u9h;c?8MjoGVLjv1ttT_omc6#s~Q!6b|W9*o|K(Pob%oWww
za1=M;`E23Zal?nyS$8W^0_J8T_g>2$tMdB6?J&<J>EZHa_qn0whD>31qqS2(ryV(s
zTCniyIl8_PeK<+G`%SYMOS_+NfQOaMg;h23Is~SC<nv&+HQ>bZ#xrb~j9ZL><8a$x
znNPyWY%RJJ7X&tc9AYLR{=7v?)#LUGwZ_xB0X|~^9bgk`*7iQqknuUY(s?syc;eE)
zTPx(%6dysThau>+#Tt2RV}j7uq!IO*Mhb~3;E!e(D6CY^99XD#@g&E!ID7G@N#zIN
z7!T1NMW7V|2hZ3^3jJh{+r$Rq4d<sp7NKGR0%Z^4D5MR%Ws5I%RasXB`e!x*8csS<
z)c*otUSZ^;qVm2n+{V1Xla`eHKvZsQojT;N9gI#$!fi=Ou2f=FE#UQG`OE(M9=x5v
zzwFyyM8Dy42f1~g(n)hPB}sD@x`~%N8BBZ8Li+ZZ9=}Zf?TJ0a?eKnB#vl3HZOMNY
z@~-LOKg}=_n~#Pcqizgr0glJlXBv|wx_%e7ubd7RbQ9c48FxI-rcH8O)kVG8hmG=8
z@B#Nz^xyMUG?EEmFWPGu_L7~62Tj#>^M9_T%Ifb`)};?7;cM)6DP&Iv0^)uuo?Vp#
z%2W|_!NyAlXt9tiQ4iP#<XU7D%c8JqHz)G*vF_wJC2JXP$w-C0o56&(V1k9Fu*C_G
zYPecYPBIhrl%~V1sG9%Ia1BSBMlvLpEQOHH9;P`*07E@q?mB$gR4q!bean)=)@b=$
zeho9s?9E)a7mW_BOg=+Vsb#m-sJn~GrPipTg4MdV!7}3!Oev2zLuJNvrJTp$C!hl3
z(h~TrvYZjCuU(73UToPPiFBg#UKC!w?W3}}ccVJwoa?HYXl_`cI2_R~RIe;~e?pkL
zYN<~>$024CC1o)_MDxzU{&Va7@Dk6WnIS6$f`m&;v%hi4-uE)Hb~@$icduh#A8}Ss
zE}=;w{~mJ)wTtIHcR91o$sY?~p3s@Pliu6Vo4)hsPY+6;i#w`b<T%!L!)mISckIjM
z`4oi%lC;?{k<t*bhS2*3`FrU&d%Bh1kiy-qp2T9d=D`2p0*lUtStrsW2*?jiCFbQ0
z+?p)bQq=dn^y8KH>$EK2zkJVz0gyBJa#S;rA)w)6Ew1r`#U_85u?&-3j2)=K1Yf%)
z=8k{ZuJ{}2*VdA=#4oY2v@}i0liH<5YV-WD`JDVo=GV8jZ`zN<-A>l@eb;`TF!d~t
z$KJJ|mUPA2)qiKQLhzG$b4N8ON;&D=#S^+>bzO`!45kZsq%g6A8snfDEA>3rzNX9E
z^IpoZ=`<08<$RSav(@MEEi#%37k#730<_N@WfHoQiw2dGsNsb60r6lx1x7}$FN;l=
z8vt1#>RAN2h<G%;$U%Ru=K=_VA{Mm|C53ILk+rQIPGDWPt8ZQD3P`T2Sbt*%HhFwn
z0eUW3cmX<hmcni{pESvJ6rcNQ=CqVa=X;^Y#iz&P#utRSHXjW<qLKl|_ab);OY085
z{$w0?aGskWE6}9*e(Z<(NcrEQ>sY<KIea|a=Pf16w2Gztz(Rv1+7L5*#{v14>e#F#
z%Bq>OMe4-s#}<%=RB6bJ38vedxA}(W`@>en^y))I>@J}+fViU~rxBF>*@6eEAkndC
zO_JiV5{09f!%dbBw)NxX@T+;##V8s$z2GDeh*2di(-(~zjc3G$$J0<aj&sEI#?@kI
zy2-?`Z3@?|$$9Q%D0|>jt8o)@8*5Z?Ls?lj>$+BZmvwGGG9A_CS2X_6|DZ3pgaXuB
zJ}wW^sE`duv$TZrZAc=9)lR((Jh^l=QI&+mST4i!ezT^87w!htc)!cLCWePTVr0zF
zA>yYeOLb}eK5UB?@tyf8&X`cCH*fuZA0GZY(Ico$jSE76Ak?(&z;%0>fbv5N@Vvt1
z_R`yZF(Dp-@$egOmE!hW7C#axoCzJ2IUH)<J1vNy+pms|U)ig}-w-YdPw%xKa=%oX
zcf*puL!3K)wL0spUj$3S`;>&lEVtrB1hudy=D3SIQX5csk7Re;XS9~NeBspgQ!N@E
zUN@+p!A!lS`vd6+R#E`#_w8F6=HFuZ>Tj{6(=Osu6`uRhsgR<{BpEalK-||W@Uhf2
zF?gUFL~u~IK@QMpzWZ@65`3_E00Yq}rHiKKD&H?WnefFV*z93O@2Ukx$I<GgdeEp6
zCAZVfckbu=)mKz_L`3v(niBmMJt$wZ=*{69Zo_sAS5cb<wo@R&w$}*GKCImmO8Dm=
z(zvj~FA|auC63d;Hec2A=!tVBsA9_p{Va%HnFVQ6a@sr2DYCyQN5rO+?b(a_!LGy#
zKcNUE1Q}2>SdN))8Q#yLC$qM;4KQ|;PnQhFY66?rQtA-w3j<<ItSV^1P#Sx=(TP8|
zS=CZ&h|R?A3(#vgw(@l9sbbR$g_(^33PCMNuF1U&#jR<a2xMv~CZDjPq90NOhh%|R
z!o(g&P?ZcK9lFmcUJDK9EB~Vr<@r{dx{6kArRR4Nok|GRJszvy^?UiCnWtJhF_jK=
zRlJ%>E~?32Q2g0;@`mTbOPNXz-i95^=Zp?H1s^)&*dyWhsVsfDTy+6{*UM}<@|qUU
z)rs~EAv!2Zo;{wV!ih!?g0tnz%8{#;az(LEH36dWQt;|Q%>7W<uNXB|czCN}QT1J7
zC)6fU+5Mv)dqi&Tt#!`&<Aca$UaRFqf~}b5U85dChYu>I)N@WXuN*1HvG@Wrzv$Vy
z)LeWe&cReMYJDhQ^lav;*5l-%3$}dnu(S&OpyzN#Y7FoFeKw(-m6wyHazYn~SqPJ8
zk+k^8rKWK^Kxk5Ia)}i-j%!j1W7Uw*5$i|4_esLAE4Zv~Kd9?lOUERdC0xvQak}Bi
z?3bjnTq`@sn`E@OwRGL>p#W)|d6~18V>{!3u@>$wjR@7(*bXQ(E)#LBe|__I+?Z+z
z1wB98SIqIlM!I{Qvz`>I53Z~r&xaC{8I?43*@+kcctgbc9eby_04yjpDC{SR?^^r%
z(Q}q3!7Vps@8|O8t*eWCO1CI=#t^v)Q?jiCpSQfZjLG`*)Z|@;uNFs&<5s$iS%`;*
zc7#-}!}}F_?6og1?Pn?&qcvY9#=9qFF+CeNyYD~We+g1ISJTYnwOgs@zB;Sq>0odN
ze7|JLBfph(m`^m?m4PR%6%E323h@kHTMM5zakc`4tr%OC^Ern>Z0u;2W8-^3(y&{9
zpuSf)Y0bAFZgoup{ygCB$(cH#`QoE%pT5?R``%Cnw`?H(b_hZsML1FZlYWY!(|vnm
zW8UDR=Yho5KoT0-T!2IXr^vkT;>4sNRivQH9^-Y*mnCIq7Upt{vw9NixbL-Z0ys@q
zuBw+sEb*8tFg5~WY~bNetDCc{k84RL;Q*SQ3!0{B_olkE)_JODXih6`O;cy8Nkhzx
zC&Vup+4eEEVzVo*svdhM(2`2d51XjR47P2}_)%ehOi}X={1Y1DrP8gg4@{liS3YZa
z%=^a5-~^ymiap^XoO_KPa`j@?C5kU~Ix`vzY}zfmNI$1@@Wb#m;XxU@imhIDdCHch
zP@#xT3!Te0(-WTVkxVi$om;ZkVO3|G>~yf2ukE|OiTo;WT`Gz}!OSpD0pptAmLiH;
zxL>HWrNlX-+q~?Tw=c9_MUQ1<p;hXX)A2JDQzkW-PT<6|P}5=By@Gt;!QJqy)?!Uh
zwEH%dRMhlG;a-5PA;_670dll*tb>a^I4zjrI;2fm<#KDQbyu=--{V;|K|QO!^i=3t
zGtQNu!vQhl;%B>~4H35el_?40G{$lscmm&<hGK8LZ*8a_-Ul|);kxy&{Zw06lT2P7
z3voTwIOZj4Yv<j2QQ&{5_wx}1%GxzZw4drC&$rB^*917YB(zUg9T1M4lm4!M0??l7
ziKq@RhG@iNV;5S!)AD;a`K;1xPj+p%S-Y~QK#@;OU0fGp-LB@P(NWrST$I*(a?PXS
zaaLY!jrdvc2&PwFo6v&Z#{w-Bo*Be#_R{>4Pe^~vQ){w;gH1G7DBN;<RVuMzZOF19
zDf*?|?#4BS1q`e3n;a15?>6X7C-LL?u#-*!RDa6{FrbU`_U*=#F}LnduNJ<Zumt1d
zmUtYty0`tD6O2%u%~RHQTaE18tSz$^HMof;FZhH>U^19QC5)j6s8HXis=Uv^Kh!W-
z{`t;ltDFA0O%E`729Q<B+OM}qa<CN>k27^Hpit<0zWzL=#9%GyFk&g#{k7*Y`WWE!
z+^n9|<FWTxi`8Hh5YW2o@<5Gi1ddjF&kHSjRJOiY`D@DzVSC0mzK4>BpojmZ@coK@
z(pdg*t@|#Mbr8>1I$<*iv@==sW}YEkh^=@P*d=ZFVnc2GyMAcDB!S{3k>O{yXO3{%
z@E$lr#?8lb4vo7j(xP;h<VO3PY^0u-T`$&$X@7vbJ<ov#RQh!moUY;<hWOo)*B<Pi
z)v0SfHmn(<6(4fBQ;7UDe-?05IlKEq`lw<NcyiaV`IFIyHMXGSYh+tab>%bjvFBO!
z&mkC-!%)?fR1ls+Dcb4)Y7oWX<*|zeW8F~tY^R@kWtWLX#Uz3#6}Rx2n6Y!Ynb>}o
z&F``?NO1Esc=1QgymLTphMI0>G;2Js<xgd?ONJjGuChz3%_s3na-S`4TN<pDu`iA}
zc}S%e>SZO_z9Uhxy!?^4u@U=WKZu&DqfS+&{HGF$mjn^9mrpA(w5O(JbSAdIxidLs
zF7g=JKUoaE#-*MDb_q{Gf5P2wFbz=q6%Upqoq3y124)>^*v?&@3lF~@j}9tiBdiF%
zG=ZOfjvt^`S{*uQf#--ATa$_`@H17(e`9%5Aseatr9xJU<RVuLf?6T@l^2Ya(_mud
z_LH=M3kQ@nRz$>l&M>`<0}=jGo|orSGjrtFqC$c3HTpqFjTXD7bR%wTZC~=<bv+9R
zT0yH#?!J}CHR1=)@?0K#byvI*K&093BpoA0U);PY;P}$oFgehP0NtYGYyb2iiij8_
zZ4xY>VrZimai%kGdfw5@4xwB<a0J=2=vTa*eO^jB`9eKF^Rq`>sR%t-(JjY8&$NC1
zD64VlN<c$fZdZDA`qzOzh^~Uf_U^`UomkZZ>UB^%!h1eGf9c@d*!2$qxK;8kJYJY5
zx78<LsOfxx{#-x<uJ<0hU1En`DaE$n3P=$j4csZo^M3sFJ^nSIcTi$h2fGxoo`}mO
z@SB_|xNYUcQz~$y`#RiH|0!*g<b_?KCKoaI9#yyd>tO=k9GjT<cx4ja;=I#SN6bj1
zU#g%}RA*gXU6t*y_)NKHgX7Y8xe@)*>OJL=#N6l0Ex@+$lZ|J;aldv&$!>I;SL<x5
z+^7mbG#mCl0dl=_!^wm`rZ;=$T&gX|rf{yI%~T){+hgC{9+$qBwgK++?|$F-cz=HP
zQ)3VNJ=@m)*)X8|-?Q>&#9QEC;J4P^5T=f+waT+~8Fcm78~-}=?U!3Tx6SlP3~bh?
z%)T})<!?3Jj>6YWWYGJmyI{Aohm;HluDi1}5zQ}gjVh3m`e-2eyX)?wm*m#l%_o1k
zl(FP9WvKC~A=ZDGq<<+sfA9kf7r(ik?XlTV&Q^ZaNX+`gHv_ceJ;uv+au`B%U2JY{
zE2@urNGZ0TKKu_E>hgDo+JG|c1sYY~@6Ku<z5y?PKR!%E#~mq|7uxzZ#F)zOm2!N1
zlCK)LRPF8b9_2@P+`+*yR<FjqO$lzT!P9f&KlG8PG|9uj6-#r!@bL>GHO}k%2~cMx
z5*W<>L@d6zI2|3#sXGoLNYARM=qZ;|{UmJFNiFX6arN%{z##!SR=}n*S@M+map6$0
zR^?{0O><mc7%@*K@C$kB%VD}IQ%&xCO^0n?hMQaAQ9aj3o#`K<=@iEb#wTgz<Axdz
znvJ52OZDjz?H>Ilh?7(Q346|f>qI#I^#{P*Blis|{9BG6JaK&YwtknGKhW)bU(vGe
z^DzwuffL7(=&RM*qu;*rTfM9sQ>hM)3fZ<q8d7I;2VXdvxb4DiUvKD7L_|l;j2f-n
zy`M!`<*c=^65ztf4<Cy3(oO5`1>#Stc=X1#`I-1S3Z-y5_<Ot^=j1c|_fP)){>$@`
zUH=Lrf)O&%Lb^QxXV&E`O4x(&4wq*Ij2CF=kB6Q0ED#yXCu%$+1$U_Xg;NO0U7zot
zZSxPm`rl9Y0Y<GHaM$Rt*c6dAIFJK~yK<8CnYN0`>Yt}-#Q_x{O^Rx-TS4tA+YHAQ
zOO}WtyS?Zr--A5)j|o#6uXKw>MC&R`ZYJ~5?4i03N|c`UXwkEqjeL=lHI)e=V#{3X
z6*1x+Ys{gN@E;n=_-%TBr)nVWSm;{Oe=^gC`gL)%QXmoVWl5S+a($Lk$FAw-SiXZ3
zAi%c8Y&U)U^$H)~EOf&Mz&L8Nfx*r93+{AB+cdnq>a`ZlT3!kHS8BwN&o`(^{jKYR
zmQN}j8ZuYVzR<^iufapShp5}_jO`DK-|ztT`CB@y`Tv1v%RgFLT5{YTV{F+a5hT2L
za(CV>vfRC8u8#iE;|lC~GR-to$<=FKU;1X6MAFW#ytKjluMYoz{_Vf=p46Xh(iYEX
z^69n4<&2)~<%Cvwitc394+eW0q$@ro{_h?*ba-Umq^dPvtdjK<hzt9e%!@geDTQr5
z$B?wmXG%$tKaS|8Mm9#%Z%HcgLXC|-YR`DhG`O&(iox`f`;9uaLxOY|fy+!HB$&zP
zt-U>c68q9tPyS5i0N=s|?%rJ8JoQ3kps44SY~`ip?a)M6j&~cAw5lr25pG9uF?e`F
z37a`+VkS5|oX#2A4h;#B&o0^=8*7@V&~6tPVG9ut{0B@;gz@=t51Q$_4^P_KDH9~0
zJ^bIdO38pJd|YbbtEL3RpB!y{?CBPjvQXd68I{V_Bl-T~(Nna)H^skS4;6kY8oFaW
zhnsMIKR$sTKMc1t5GXtCdmYVflb%nqH$`;D>ss|6A|8+7?+%9O7OwL9GviUCrkI-$
zK#^CaNxVLOba<AH?&dDycA8Bh6P8<R+|LAMkintIrGO>L!|pC+a>gR${(c^Bai5eu
z%n8s!kiPK^ic`S*|Db{Yds+WJXjOVUZ-Q*LEgR(S`0pkBVR~4tXJ75{GtP${V9>v9
zavrw%w|I%seS6LzmX;#7OAItgFo@Ltp1A*yU*FPSeBhfYXWPvq@U{MrRDbbz2zc4}
zMsNQCHbGG!tny=SZ`@MPbT7fT_5ZnwC|_ZIe$4dBWc)6HQlV-PL*W0tssFpu{(V3>
zh4Ih74+rrd1RMBSVX40>otpm7u`J)9N|XMdU0t%@**QKK<J|sxl|Oj+fA3v<dqH={
zPVWcUtFa6+<1e!W{-?%c$UU0+hSg(MEyMsgd8oyo{#X0|{|_((A8ktuo%#7#n{!b9
z_ayFL9SyD;5&L)<d*pB2%1@iE=oG%}9H0Lm-rhQ@%5IAr6+}`RLAs<tQo1As>F$#5
z?k+(<L@A}aLj|M+L=*v~ySuxayEeR_pXa>i-aqcWV=x>KW6OTloNM;{t+|X*2=Dyk
zNd8}>;zK+qol&(VZgJvgUMN$Pf27<$>K5>@b}DP&I&zVd@K;yYR{ymLm%sW)_*Qql
z^qSI3P!ET@){zFq%TRppjwD~J!Srf0?uRzWz4kxTQvQ*_$z~v>bIorQL$w2#-eXLq
zo8Qp?_rs>*6_?H&{W}?MK1{&`TuO0iY9lmFiGH9N_^qjwi7`Xm;h*nEs|DYGuhv1c
z>j#NcVF=1U_y7DCc_QINxRRvyqi?x4pN~=jEb96ImfE9+7zg>NMCQ*rxBQ%{(m!2&
zzn{=8d^tZB#pE>rz(}489lrU)zaL1@;B!w32XRmWhlGf4>?P<p7sYvYRWObO(wV?x
zdbypYSzVImM?&F?oJ*3V#`D#msSAbV!M`e*Alj9Z5d^*oBfU{F*FZ?8J@dn@d>F{M
znY*cN_q4Bs1|AC{meFswEd{`(+Vrx$u)odJKTNx}T7H6pW2Vh@wj@8XkKwQX*CY}!
z+p}R6UPF}hltS@~Z7Zl&SBrz8fwC05v(z+<iyav1e2WzKS_=L{T>M{M$qGrL)?I|_
z|J6VakrncoJ8~4jhc3Q8<lr$1UUiDuZ%JajBX=>jp07c&vIlL8PeOZXm;s;YAU%he
z2O@Wv!A<i4uJ+7qH*)d!L+Rs7BUg$n7;@u*I{AQ&>&Az#v=9C!@>zT5KI5e!1B2Xv
z$wzv1R*C@5tJ*4bQvCg8*Y8KmHN28ZI$XAVxa;5!UJY;vtMs<*`x)CgF!??#4&}u^
z8{=yQnE&AyWxOJZ)ZO`^Z-ak}$qlO-xS^af2u~XOk4UhuIdls!NW$iU9y5C5|6Z=`
zYe836P7r>#rYnuTLd#dIL7AINDtjUf^WQABZ{3yT_a8X<cHPL?ASICe3I`YyM94PZ
zPgG?WyK-ogihzb~8t;@xDEjFgof-OQwh4kII-kvcD61+Ky?eA2ghQ#`8wWD9?|kR7
z+_saqiZl;+&MKTEM2STHtD{(ab14q`UhM*6U@-fY`01qp2_EXe)#4(N0#>iG*fbpW
zk`WDzknLg2{<4zf%ha{<ql*N-QaaV9o^Em2q9m)b()dF$xbTe)#QfNMAHY$V3-9jx
z^&SHckG+pwqP<QlnNi^WlJl!yj~}F3mp#)}OWBE(|IG!6{_i`$s-nO{)To#aFXQTF
z=}jaE7sAXo-Kj{VcDe0y@WO3|Uy+e7YeZK$Zeb+Rb4oWm$jBcBg<&uG5usyiBxrmx
zwRE@-$092yzonkAv>y9O{e1vJ%+UFxfxB4=HdR6SDn+y&iYm^@Dn%L+tR|i|T{VmG
z_p2|?;i&oRvY6KvyE1l%3m6s6%<}$~2J$N!d>kUtZ)o5Y14f3RjgYr$n2Mr{V#~(4
z^)6TLWg8GNd1{C_^ir=%WpCVUgB$enN#D_HKgD#(7+S}r*Tu2Y&Qx%XA~hl5xR8^B
zFCwgj=H}*h_b<*Z!b^SzP+c%bPaCX^SWY*73oB#YgFmZvM7oES^!_blCr0sVU#yt!
z$e8gbfn)1CS;m840H(ED0y0m$och`UW-P`=)xm~Rk;bEH+bL*pKV#_p*)}UUO0BHl
zalF4K{xujihf?}ot0y?3o*5}{oZ86p<l2e<A9@LI4Go$TM8J)DP%?90f8^In26iw;
zxxT)?tx*I85^Si#V^YALLP0Gc>@Ie_u_k!*Zu%YW=%jkVl$03)gL-ZJeEZoK4VGz$
zZjzY7AMU_{))zk8i|ox1>U?nT<<?Qv$1Ek!>Ja-6A2S7;mql!=U?Zs6=o6QN0}+v)
z^(|U1;c_b~NKrX_$SYh;>@#qG0cKll4S8EnKQJGwev~AjD}%~!n=*4}?1!0bd~QC!
zqK24_PgS5yBE5n<)S0>L;K7s&xXDti;umwZ=D6`U6iOwr6DMII)8$@OYFb)_eS@J7
zS!~a$vtmRvweKP$XGy%#O$8UCw$RhCnsmRW2(vU2=lyT0F8B%)L}X`fx|~09ZhgId
zZLuyx@!5s3UDt!jRuBR3dCM=oZ=9W#VbgEyK|%F8Kh>qCFv|XV6on2^LFfqIdTT-D
z0+l2UiU$af4Xg^DfL@~0(#b(*l|#0*_Ruf0kJv?dI<A3x_BgFHtbEcTShAYZ15Y1-
z)Ak)@j6tDUCT)vjC9!xsnjgiGUqrl2CG~op>#f9xo8nFVeEiJ)Ewd~MaW7Jybkr0n
zrSM`GP4e-9Dc#H}0_GTlO?N30RZQ3UgmqmIp!uPP!{H{WyV<f5Y3oCmd>3H#vYWs2
zJ!E(on?#oZW~3=tTfbCvB4Pcn{IErX@WV-$lau-x){R;4lL8t8?RK|#m#{dIRLXI#
z`Y|pmG)R530|TAQT(`(H>O8B|m*;w#nnbEk);(sCL2YlLGg6@abD|o8cmNz~_HZMf
z+T+LkV7SV79`@@uJl&wQkq1sOcQ?+wxJQ>r8~GEw?U-`11YgeXm!^V<(rqrTBR4Lk
z_!O!!=I5d!3SY&TS?YGB5D3wxMWXZ)n+CIg<#~VozFk|nh;{EpN8ipu8?_YtJ@WMB
zu#UZDNBPPxV;>!mv@uHDk<lo*`FFt7xa5Zqvm`FcwE}vJ6yGGfnZgA170|)4ti1_x
zWUFb|dVEK&-J(P)TmLpsE71rhr3QX%&0JC6l2l^NnylB-J@er*fB|z~>r<uXJM(4z
zg}(z1HG1`4w9?HTMLH~W*SZPd_t;(s3pdPzJfso>zgSbhj<jMz$)s?ti%>okKo`%4
z>syy`G^Gm3&cDPssHqt-i+$!M*<8v=c?vbz6xxBHnrw9MW#zNxmyQcbE{FqZ%4Xlg
zH_X78)_e0VRCdR^xLB0MYkV~>J%Kq?oXUL;9nzU~UMH<AxVTHZhcl5p%0zELfVC^#
zK+KVvuUsM{(V{)ql=$;k_KY}cf|SD7@61?)_*6693NE0IODkN1l9VSF@vh0>d*Ro&
zv>J8&d6+^)Bjs_;aHy-857T7dX09y3G>VLT^cq=nk(&{NwWC{j5osf_*SIX9KUkc^
z!+=Qit2LeLqaywESg2faq7?#W)%sKbch{pco*%~97q!XfgUR|`4>UJdMv9QXu_NXz
z22Zi@m6Qgupe%IfN8~B#cz;R1D_&+j9&+qtL*AoOEPKy_G#$liCRe-7bn85yQd`_+
z%qyf~joHiQo$9>#$*}wAz5Oahep)h-@EV$O({A5)V&dJn`d_x?REUg-e%*T}K=!SB
zxK4w|Ip-`sUd{a|Ml}on1l)k;?%t@_|IU`W*rY>exASY{kJ`Mvyxs3UIu5x6EH~lf
zpKclk2Sg%c#0NnEVQgYIStMF62u5h+PBzTz^_kJJF||KCpJtDKKHw89x9Cf^sXKoy
zDfz;yyTqnG>EQ^W!1#Oonz3r93{C4Q<#9CU%&$Q~cgkEgbl!0}aL+9)@F<APgYitR
z9efAf@yyQ*`9QrVV<9DF(YEHtW#oBY33X3{F??F{)0;OReL7H(Tz+XxO-KE7)W63p
zJ8$$D+=I<!n7xtHBO0`=cJlmAq}F-URz~z2FR6sgf@koUR<htSfo!=j?5zsc_^j25
z`V<|XwR<1c4rB<?Dfid<-&qrNJ!LO*-ILL%b$>3A5n5!h*uUZ-?;4+HVHiVGKgs6B
z`z!_vH=lEFxWM6QwUr^UTeaibL%ePd2{rtp{MQjB-~tl))>DD-h2h&S!vp;@FH0j=
z?8-eYXW-p8_a9@O$0<u%r5w7p6-yoOH#<3h3oWkbuyS1KPa^WNBp~j#-r8){>=}R6
zTzncD9-av~e5uuw%o!!!!M{^R*Oz+tzuGU~OM7mo%h}MCesZINkA;B!@;Br}LA?!$
z{v8huwg$pc1z28cG&T2xuFmXki4z}-BrX;*MXB$v4!se3S(|L$mp{WaJU!jRW;gv2
zB@A;6owC1JTN4p;h;IqpZ@e_fe1>R6kW69-oG%l`W;1f`JE0~Wj?CoM85&aV+DyB?
zpHTox(<Ka-M<Ou5No2&#EUTu$Yiw-x-Z`ndH#_M|BLO`n`|F?E_735zwt6I+9aQHG
zS_^pe_V!Yr-S={hf8nt(Gj?pJ1$gCoEPd?YXU5v^)CE8c@{(ntfFQkB0af3cew0?T
z*^MGAoiQ@&x4d;|Y@LumM1Po?z+t85IXP|HFL7MY7^_j+T-Mlxg!8cb&eXoAjRtm1
zbSyg3z6P6>DZ$c!Lw~mlYg_1gg-xLr7*)JF<E}+RJVp{u^m&CgAIDtnB#ZE8_Sfd^
zJe6O|y`*UfqJj8L$@DU(#_Joy>ly?#-F5kfAk^(4bQz_Qjk`Fe^SU_uMB9=z@ag=7
zT@*~0wzEUv<6lRQTNWg}v3!3#_%%?1AnjzP&Q|Y@=*CSd2#VPnjCa~x2?*f=LxBZ%
zFFLfUd-Y1reKYNOo}FWOM^k7qJZ2IU9ud()QUA4JitgjRmBj$mafjSWo<@=9c!HFW
zmy|vxLE}hmBu~#(_q5<j?;RUi@*LutSseVvTH{{lx&=+h?dtm??C$!zf`Qz}zck9S
zUv;`WP6=_XjaBstg&P%$z`>QqFCIP+;IP9ew;p@fp2C;|M_k#l<!?P(2CnM6Tk>><
z`2J(3pw3rc!2!mM)lsr%VHzAAJPMJWI3N4(_f)Pb9-!vDsxCJiz2MgsdMlKgiwqFb
zW+@LdXSm|DQ$8Y@SqI#%d32tF#$g^%vu3ekFFx43SE=B===+k*QSig+_jF|*)0TH_
z4{KNYizOn*ykgKy#acUFN!XkTeiJ%0qpJjaVA13>&?C)(TWHXc$Q2O#P`&WAmU|N0
z(w!GJL$6!gW4eS<$2JrQsbQ`Yia#9{+8|7C#J=Dt4vOXWBHy)U38tdStz-!<mE;_Q
zQ{5n;ua5Q9h%EUQ3Q%c=l~d^GyQfVHd8tggY8h@nNyh<E7R6O6l^ZK!dn*GuVK@)v
z+{L&VbZX;K2)PaAb%lhW$6RMjaqGd@RWKVWhPVGaqc*Jw+}pQ~-|n5!Ff&J`XJq6(
zsm<A6dzwY;a~jp2%x59bNCqOT-Nz)I?5X)mc|t`PuXAO_(3Ym(YV%nL_vQCd7rXHW
zA#9O7_pjC3!c~=wNKb%QE$hoYJ#}mSIVhWDB3bs$(FLTPGm7g^^{0m%7M9wE;zWZU
z1>)ORsJR+-RAAvLXrhokI^*=(Jwtp0<@D70@%sp}#c7K4n3aQ0T>T|E{O@;H9;@y?
zc_sf5+cMKB0oC-41f7)DC$0!%hQqH9k|v(N`5uv(8zN_55ssPji&?_ulb4mzI{Zl`
zk!q`eW3!$)m6kqE62CBG-PxPc`!s^)LIWtjmWsPnf5h8(A4XKHR%oT<trnM+w3-Kn
zvKmX}7#Z*_$hdlU8=4P&xEC0@E-0e@hss>XsqnTStnf%(LxSUUb|k(|i%EO|G*aP~
z(-66~kv`e;AsW_M3rN*KdgE2g;^bKd_7C^ZxBShFy=Y{1gPEchmVa^Nw9w%5>^nct
zmZ6jS$w-~*eRhmHMxT$^j>P<{)~z1g!Q`2iKDz=YYJt0>x3*n@k=zA!boC~mgRxI+
zK>e{WG0A(%eAG%0_eU-=%F5WR*dPsEM<H;60Jhck**o?OSmX>Nmq^2G#WdSJO9nQx
ze*g4k{Ly;_yGV0$Wj-4+w2T5J>5eC$XgH&|@l-$kvko?POec>nL&mAlLSO|U#=C9-
zYeJHOlzIdFv*Qu#H`&0b5yx3)_u(r@cOT7u8G(~GSW&|jm@3Dj#l)r{MBcw~J6Wf6
zvJp|(6sQE;k2k!|3MzQEE9KAJcSkeG=eF{ZJ(hB^H0if<;Z=uKjYy@G9&951H!Yc@
z0U4DAV7G_)Y3@x;?-tA|q%!Go<j?TgO94Y0<3cT7Ek}kB6j%q1)l6o#VmP}df<h@M
zD6lXv$V!468=+e}I&f4l@zH8R=53d{DUOd8QWk-Mf3tAfjIN)a|EaPvUM7+AF(h(`
zA5_Z+sPsaUwpa!>x9tbdk~o1?>qPYv9QN(5w&kZN>?Xo4epeLau8)p2kRDU^%5`g6
zw3-AQ9Wn2Jt-iBkzc?5rT<tvblLVBGo#)gdcf`T*H=5Ck1vCb=_et%EkII8{#pFM0
zC@+sQC#T~FD~f!sR?0HJ7xO^Wr6_?Tc40p-ly$)>6<M<<!l>_yvT9ilyHDR%mF+#N
zhf<C?UVX6jU@oph`KeEGRgigK;X?*WBL3KtwU@lbl!LVL*^k0r4@0l-5`*i}Breft
z|4|!v^#}D1q9-Sf$@e*yZ)!=mpu{0P!HlB-ij;nXbhd2Ru+T3o<;R528Jj}SA4<&@
zq-m+`zT-K7I|jFjh2u02zIW-8<`@&{3qoq{?pAQ04yB@|TgjDj5sCkS%V9GvwNZaT
zG&ei@!+t=ACwjg9!aHBPhFu$NJw3&JSwc-Z+HeyNW>=I%jy+XK=qq)dlct$;MOj%O
z%l-xhHsQPH$H@4KmOb+<)uodUj1bVLMYnKq(EEJfHI={ew{)IKj57XQ>*n>v9h8A)
zSXZ9vlOdtiV;B1?Pg?L(ZLr<D7ncvPwp-Hp-ANh8a%Z{jDm~><;ChvEr+6@vp{|18
zCD2PNl5Q@BNqz)Xvw0kYvi-`CTNdD>e3N~*3vO+-L{M!<=@Pp1Y=1BcVjAFOE^Wao
z65Im4p3+U|a}G(}POBngx;ToMwk9slIp`@>U=4ehyr9RisbKw??0^97f-!k&Qs2Q$
zJpgVEf3-Et3yxT;haVo!%!Dvdn&0+`ze~g`BIdRE1+ENIlwi5kZ9x(=_SEHGgtS<M
zPz5D573Y`T2ODYjQ{&^jy}9ylhATE6d<)|mQg@tojg^Rf*QjABWFY=F*=rSkE}7H%
zb#V?RJSJg^6}S&c771!P^P=6U_9GdU=CQ|o8afs(I&Iq=4t7uRnRs61Y~uUm+z_<o
zv8;05gEFQr%r$%-S`;mG>}pLN1k4>InVw)P+~H;Vmp!O+a>x2#g^964$r_W+Q3*Ih
z)~ip5)YrD>+CbCqp+K2I5rc=F&Dnv~i}3JN#he$5y0YOP;|P~-820DG<0qitiyG)P
zMbZ@cyOs=d3zSI_eT&`8!X)Dlzpi4v<94D2jkm0@R!^~8jUu;?mwHU()YR@L@wmvq
z!xM982=~fJWr#&A0+c}xWb}>uG1T#bzy-}45NsD~*TkOhqzshzwaiR?ecnSJ$x9mv
zCgMER_1vnusu03(K>1Ag=BpR5m&-g!H*Ykstg>xMtg}IV&)KCBQaJJI9eY@ugolfD
z%+ar%M>a#i#E^#;Q4$S)8sSyvSb(IzePBxNYV>{agYz{>u7<LJq22ROZ49s@b<*@>
zJ|iT!8(<<I)$oAxAfZ0-z>MV4KuX<P^MU-w9;gHvkvS#3&dp2DfN_i{GkYW0!OtO|
zygvRpVf@{Gu%!L*BNmp|*`N1(6ylTKy1mM-<NUV7Eq7D6{quoj6H-|{uVW-Q%w&eX
zc4&TrkTlqD*hlr`S7Q_H^h9Cw(uWtcwsWhrlF>UjKu#&PE6>IZ3{+IG`3@&<v*#>=
z+r(lX9?B&1N&p1jr=JTUOkJ^yr2vS^X4D$?A=zzbzN?wo$MB=o1CY7FP(k^O`vO2s
zFd9Wg4&EaR$+(?W?;}u^O2F)*=8nZ{W{Yt<SRJ%{q&pK&*-Kp=ipCJzGoGYbINv3F
zS)%y>x*1Mju+I4BlTHNvFRmTy+Rpes+r+{&4=ebq44CZ(8(u1eH%I)`D2?j3;@9ia
z>1bzI+K=)wtj!4uO*YjX(Jw09=)t8ka~Wo~`Y`rPwKcNd=l-M6(Dc<rA@?)#gF*=q
zN8>3;Zw(!s!x77uoA*(3aKt4iZ$<+Km#dbH?@kJ%w%J2&us#^~8u`Cra4leP^q&ld
z)UN$_VO5V&^bO>rX0r#78e+n}r?edkMgQPE)sBykjTO5%9>8SJS&xa+O_NFDdD`}Z
zV~kB>-a#au(_`QA_;{s+etE6G2><ipv=T0=e)=6yy!L$vf4Bmx1Xi0DV>_W$;7kan
z4v-mTW_7>CP;}Xy$HdZLOawV<Oc%WYJq^Fr>nu<|?XA{^%V${TRgRZ^j;euJA%zID
zg#Zd+vg?X7DcPBs57Z~?ZKN}_Yn-`t)MhOQOVOphr$iAE^61*mfTP@<g4<A5d(P9?
zMCU=-xtPXhc(xN~lcDSLsqF6Y<XQmrd#6Iu4#cPhjvn66fwo%}^?_mkxG%cZ5_Vua
zELK3>;n5gxdR(~1XXY4hEdy=GLWT@J=d9C-;Dc1}G0Y~D4hr{!0;6cV2dbJB$i%&&
zu)F3|GuXwWVg(%QtP%ssAmXk#wJ5279D&b~4Uh}nWgHW!pjkd__&oB$?joS~la20M
zpDF)4Y$omW&)dkzuVd;zouA+)n%sdpq}t~C<k^E8!{Y}*SU{Iw6z_w{Y4DeogyO^!
zk<h!1AdJAp#chn);Y@JYpHJwa1~K!Cu&||mO`E7A;NC-#5Wu&fpluEy=f+xL&^#zh
zCV0FaI-}&6->_`j+L6Lh?Od#oMN8qdDhbM!SxAj!)9(wvI%-5edyE=}o{`Xm9)`n3
zz~}f1aa;PEm<m38_Y;VX9^`2rmj+e5*gJ?wNM_A1*S4Xcl)sMid6<q=6fO5o?_D2D
z`yLmQgcG}woT->2gFEvRbrhYl!gSa-`S7ItL+i(d_MR6`9;OR*<c_=xSl_;hAX>a2
z%o85T{!Ynf#e8YisZc=Srt{4KYTUz+Hb$-J^_Y(zcFNVM&*V_DjFOo`6{(7&HwGWR
zJoo<ih0wWciM33x4~5&6^Ep|gP_FWhm}B3)wY+zSiB+y!7}6(>q=Y>3x$i!@I%RoT
zQILyi$#O*Cl4k&5i<n|g9d&X2$6<QsNRQn`nj(sAlV=hwxbJpPKQ;}pK>xSx@;!(2
z*3YXM3+r*egxn;mrx74gJ<_bFtr4J?nq>k_I!~vO7>B*(KFCnB-g+OO7a<|hG3FOo
z*w~%J<rZe^qg>r%Y3#pnn$7(RfhOYoq|1=jeSzV|3!<8zZEYC<NYqAoEGuvpZeU=r
zxY$L$+bN9N;)zB%+!O=@tR@_M?uIJd2lq!$!O^08%6{5?p_V1GR?b)EKUEm%{oj52
zgfZP@{+)B@HueK!!uII?&YwNI_LpJFFKpD5lwD{r5#7AJb6Paaw7>AJN)M-fZ*CXc
zb})YU61|k?{8A1rR&W)$)NJtg@xi!iie`L(F0MFlRuSe}m1s-PWS5?O5A2#&Ud>wD
zOSAJ)cP~bWYo`3ZYr8b8U1mGy-1FquTe>-QPuH=@_IDcesBvc%Vc3PGW5u*nk|+7}
znvq_6<pV);zk*rJf4%G5?TgdRHLNK?M@OGNP7;!r51#ONip`iEUGFV7%n*L}Ml=3=
zcq|SYn0o_WQ>nLKLfsVVU<e?-x$<Srkbb15RP9`><`OvQtZDPUul{Jq2c4tDa>BA)
zxxHuWiuFCbUh*j=qM^LTJ~)*2#1rl-3>sDTcZlBwf()pOwS$*V^bU{nYU)C=hf20^
zys19|6<C7|hTKGn40gfpDhS`Io~@p9QL?`T%?`Y85%jIxn(kt161);_Rs9SF%Ezgv
zxu6%DlmLP$SN-yJ;}>BT#-wtI0zO2)&h%gYLd*d5>W$R}ntbo*vhgbGF>c7L1*`c5
z7%()W+*~Ec;+RU&XR5!-IHC=D;=>M(=}!CI;mSt=$(0>?%3BLYnx=E^iU$p2uQlQA
z^aX~*O|-cjNL@zakS)$jQ|;waM3(z#lGDkS<s<O28)rlt)2CiPs?fHq(MUepTkd^f
zfF~+fZmt}`#~rIJNXNbkE+;_2o1x{lE%#EUD%o2n@Q7O!eni7GR>Kj4{V-A1!+AqN
zonA-1(-nedH|<2rXDsGJp^}~N?#0P@(l&y92My}KrB10xkY*I50B(T6^yJ#}L)AkZ
zllNGQ<YHno17+RLx(5jSC`SFH)5^-uu(hpwDE%m9lZEaC9qk@gHq&>1CQQ4`UTc5V
zunc<~M%ncWjSdP#c_s3nFA7gd7FV*o%PVacM5D~k$q73ce}IV-3D8@Rpa1}p@ww_4
z>khTlSd-`?Nu>&HTcbcJRqwg)v3L0!2E8{Hy}2~nJivhUln06IAb=KC;*+@)Dk_)E
z(^JpZR&I@>h_gN+C(>+-UXt)e;T5?&+ZE60SsHM{Plsd8!#tIK-4fdZ?O<*;DLZ{y
zK~{OqmhUzka`uRIjc^DHvXCOSrp;ifAOG1bc^J2vAkX?1Rqo?}<L_mdLqi|{x9QoM
zX%4r8WOx7h(@6~Fl=5isAZU-{<9+69<K&xjc?NPBDcT)$GFyt<CEq^O9dn*5gwc4`
zJZ}BQkKD}?d*9aovY)xhB$J}#vf+g)x293Pm{3x`8%iAoS5&;THItIB1Zz{rCEc&v
zb@Ft??<#tYXQl;rlgHAl3wi9XX3x$V;<3!q8dyjZfMSkFB>!;;GZ^VAh6P!#tsmf_
zQyTRP7$zX=w_Ue8oyIUgcQ&Uq(e+c8IaQbz6`w$tKU|pJ#oh*$(doA^9J7f!uiY%y
z+#m)@vOkOKH_wX+zLyX=FI~9%Hw7sG7cl>9$Rlo>?K&Fs5yMpZL8ASG$WOKfcRuJa
z-m<Yn*>~nY+jYnXXLV%~4+&yoVw78L!S$LFCAHhMNqm};2NOOi!dBG!(_qqMP{I$+
ze8rrXefBvrN$IEpr@r1NYaGwG{|8mtn7PUY?8qRi0MJba?LOILLmDY5NpsoAh!ZNS
zk&2kui|X+19@NEmxUiQH<39}+<k|M^B~?>xQnr88;WPkMnGro---8J>JY?LCfTYPk
zNCMqnDFlQyQ;^q}c^+*`;;z3U6*gV$)Gzb#q5Ztut@M2OaJ^=OhK$Ug-D+6GVxTw;
zAaeu2E$^1}nmXP(qe|_msQj+Fwb}SHN2xv+=eqz0`=jzLt4XKJgcnt0`PN6{tWI#K
zi+rZs2c#!rjCH1qGqr9zi!+f7V^HQhGxtH`_YgRpfk}K^F(q`c$#m%fY-sRzA=t<!
z)FL&cw6ruOEiFq11iQaUzAQ6xQ>LzeG|*LR#(@e(xwa2-q`+3^Gby4`HcH}UY~RcR
z01;}U3cwXTc9lLceA3dAWZD>*^SOH;-{$nW^ZMwzz2;brOWb+_5+dSahrmUd+sx1$
ztQ;Do`~?FLH%mJ#zD)8dJ1>8u7H*{K>f!%Jwi*mTt@DeU(TSeYpRmHLJ@V(MJ&^*x
z?in-+&}MlnUDk+_9{}{9Z1>&7YJgx#tP+yFi3=d@@;`qd*sloZRV0rW)XP_x2}st?
z4#CD)&V1lV-j|SYlsHXDVi7hj0x;Pf3XdRKNuPzW18Nqs7XVEsWM+24@Sy@EU~i~o
z)BGDf-91O2VK0rpltVHE+!~(;1>DQ`?Lx+OEI%u|pG9^{Kb_1^^}iUDD-+X+3e3vA
zlg8t>4&hkWt8L%{OPbZnYv@?BQ*Hk=YEP%_GWMj#aK7UrNI}7P_?PMsZZEWY367xA
zj_BFdb_1+Po$el&``JspMv=32KCzok{<F#qo>O&!AE4V0+Veoxo4pa0djPbS^}^wf
zZa&Ze)e@Z~u}C7}vy+3IkdP-x29Va6^P0vx9v76DxH!#B4;~?gS9|VIt_d8&S1tQa
zIDp>GkL)stegS~iFJN^3brS>yV0yh&RzV-Oo%wekb^&5X9kQSWJ^?QTi-%Dz*uQcI
z&2%T|-2XCOhk*s(k9YqwxMENgB>1vXB78S%|N8-r^Xd(7?TKkQHy@5eQrvN?zJnr~
zuuzAEpXtCWMC6yru6wo|jBV?nUNY48;7P_m*eX7B5MsFFv3{3?(I+duNtOS@H(WXf
z$POlWgaa+TlD7tC$PTKlPqt(Qh6-F9-X61SCR|6t)V7;jmBf{m_PcTjSmM3c?Mn^l
z<r8K6=QER3xAYA*JDA08;B9~H-!16*EAkTFeBrwGL$}~B595!!0>cV0jrNPyH=&o<
z@EoVlIb-x|7R7motne{df}g3E9-N>l(DEPdOkzQ>*Gi;@D6Y@|4S9-XaO;L|e?LsJ
zT}iA=hVXA*B!M;sMbg~?&YxF0v=h&?mE<y!@gsy9lx7gKver1*Gf{@iB*0;S9J$B(
z{Gc7hjJqa@tDI6(auo<_dsAN<?0!geZDAIIqyt&a#;Aee-;226iC);1lhO=CyZ&pE
zR2PUf=Rkqv0sue?ash+sPZM~wc%Z(no>nd}@Ak8UkmeafB%R&WtM3_8UvI-c<kcQW
zuZXl@fHf&TYBK#lEXe<1P0+6ti7+jQ_hx<W4}g@p<JSN!sv%=>%nHw;l)O@v7vwiK
zhXJB15nt^#F#*v1aN$1re?<>n8VHB0cl>IZB)FEXTQGMoQFpw&>#algqSEM$cpu4M
z5u!*SkNS^Dm?8i|tO#BPqyT;VBG7!F^tY`1WsKu7K@JRtHOas(+|WUyM*<;a<_k6i
z5N$h0fSvuRs@e4)txoL*fVcea&SR%<Xq3l$yQ$aU)|-8~d61*Ivbm~=I#=cz@(MH<
zNUI(`c)Ax&kNJJ>6X>3mJCnVA{tyHT<Y$ruco8mm+8-Yt$KN-^d@=Rcihuv=d;3Zm
zcy1x7-|Up51W4a^*<C^Y;rW;KcKyqGvy8>CVBf2`e-+efH3b{|vjpH8_s%r*DIdTR
z0%sdwE%^ry`fqDq`t%CPsjc+mhVE2Fh!B37^3aNRZDaV<?KBWk)@Jt)Z0YBMByJ5d
zXZ+(!(clb07`nC_pucg_mnZatU=t#Lhcr#MZm9bEp~37*Hj>1iU;Fc0(A=b8+qiLy
z?c#}WD8UKwKkfK4;pNoQQeV(Rf9kN%p0>Sh|Nn;uLbCBIZ|au$M&MFT1*v+%^{?!@
z>st`G?%97dZEpqy?{2}Qy8X@FD@O_b-GsWbJp8_qlsE1L+8@%S7BS%)Y`HQ$0Zh#F
zKLga{@BJh1iwOWPzRPuiM!D=T&it=nZZ8OI;XPyF#>%aX8{BNEG!P`q1^9L>H7R=9
z*Q^BtNF<z$7U77Oy4WxPL5i>7Zc3j3EePh(xW>T$Ck46~mnyc}rY<=0kAU5R{-ZGf
zfpQjxuOK>Iab+<PvSv3ZFvGXQtvUCG*uO+zSNakSU0PRiJDlj+JT$O_nC?RoIVS-0
z0+cFei6wD(zIbG^<4kTBn0fT}SAR!zZ0GB5VW0{^Y&rk<vd{u^`?5f*kcIfj6ia#v
zU0w-P5~p_@OrGW)I-<`RnskA4%7rpe3t{2rPe}KKXxP{i^HmDOOeA0AWmbkDB5mib
zj;a^T?P4M5rzacZKl^u9+=gIxQVxQcRc{zUGWitZF5CDI)2*-}Q`L;Kq~d<5nx%{$
zy=LT|E@1D21UtSZm2jFh{{*9iME$2n^>UJ}QqOnDFH3tccn}|Eb5^WU#9c1=1jD~+
zSf$1}tu_(T5^*pl6UL@s53`ZhpNi^l)27Y|FH-__g74<lI%K3$y=_v@5`Qn}Mv1Q;
zE>ni(l9R?bj~C>>_jVH*FnU{hrOx7BqllW+?pPm=2!rf9wzn7<!(G$g!c330=h($#
z<Kv%z7#~#`Q>9|QJxN&LoO8ff2T~OG6(qrglnE>68EDAz{X`N{;)H{a+#EqS2r(=q
zGdRM)&~xc61~*AlDA^azJM@x<NMQso5Rs^5qd!yA(}9~D6*A(pLFrf7%xtTnZmhZ@
z5!^wt_4*6czgqgmV9@4U2b5I5g}?hd+_Zso`6ir8UvtAkKn5|6W=jRbp!k(&j^vVx
zNyRS?4jA7<sr#?^H*qq^+hE9`d`5lqRX%f5P`Jc!%FY}2Y-K!`?qs(l5bk<!$MTTD
zDX!}{twQU(g`k!DwV6UOKoFRN8zI8m_?-joWeGSW26{jV+WnnXIG9=er<?ub8Th>j
zXP;4=?*up1CSP9xNa*3S7{+nZ0726#8vjtOw2!^NN%abT)MMhdQjH43@%##7US{SX
zmG;HHW&oImF_U7Sdj_D7T@0T_X`4co30ifj3mw+RYT}IB6J?H$j!<GAUv~I5DIjzq
z7U76(6^%&HpB$`~+71-nBOz*$%4ziHefvpA4W`^Qh9nX+FUaW0V>MH)`qS?PiTCGB
z_v9>2`gvh5xrc&Wh><nI?n<?PyRMr$bb}EDnkcZ2q`OY>@;B`bF2G5)xbSUCx0S}j
zhlSQvZSxK;e~k>!z~0(&Bs<~sI_-MSk50u6CJ;>>{E3;00GO#p+L@1NRNPW`ae?*l
z6onuU%@NT(#$LH&v;cIJAx=A(Xi7<RS!i}JvY#2u?#;EMk4X`b^>DH3!)7L;vj9bP
zoy@Tj4&0eNXOPB>8xzd@yIPZ7A@Z07eyh<WDue*y<LO`gmkHf??Ko{#(SHJn{LqPr
zWS)HwPjg<wFgrVT+Wi8z!KFyx1~GdLD=^S@w`qCFUVxfvY@vdSP0o(d!mM3@SQl1L
zCa&@W?r<{<ab&!2a&M_W%0~BD0A`o4M%vv#&Hv)}B1r$ch(b;p-IF=O39lus!2_~V
z4~Ap$r{JK6p}29@ecrCdn2$a`k=&;qK<S2I(rL#3;A|u(TRaNwQ2Zx;&4CBls%~Gu
z+j&NwPhW(FqN`9m1-0UgGOH0408}+-)A2gqO#?ts`2g6xJmX&)kTZ;}V0!mGy4apN
zuVW|G<z5(o0$zM2m}(`coTm^3z{~PU)ui1JWRyx;F<OHI-t(WkXO7jmauh8Cw95Gk
zLJA+ISQR|Qi1}R`9%#!_0k39O!L0JzD&2U?s|O|sn)tSr?){ycb9A?$#~}dpaq|w{
zVLv((V7cNfy4Ji86%rSb^~r9#@BA`*-81<96VJ~A@kpZG$pBP&N5?YJx8US2Xg!l1
z&%TLd=mz(+K_+--fj*UHrd^ZURJY^)>V?S$?_@e>9q0LKDv7cj7Ci|GVmjIWIA%s3
zC3C0*TPR*c-hS?T(PwP(Z|W(Tv+vi)KMTEsv_FpjEjS%MghWLt{Ni9f@ma|iJMpTS
z@x!Q*q`HZrk+FocUmk6G0B-Bv!}S`032KB=&k9p6CjZda<4&Iw3;#OrsEBF@3l^ge
zf%%;QxMR=VMN+M5TkQ3T8oJj&ilJh>^8G%BB@EWPACYB_%T@Wt&RH$J2@0)X8}=-e
z@&#W>*#HxN3sVpJ|NKQzRItwUQ-zy8k-#7S0SgQ2s8&gCO<j^_we@XKXsrFic?ki;
zr-`O{jZN4L8V#WF3GM9c?7so#qj!!ukww#LBi7c^B1IuntPZ{>%$9na&I~)@b-;Ic
zauUXAuPcd-&C0^k(A+GpP5ezZo{0#BfHPG-*5z_V{cKQKj#G)&4by1>&)jn7@oyQb
zM+tpD^VmGJqZ}NH3&5a|45|G2Q!0et>25Obk?iWoG%+^i@O17DGwZ+5<%=-L4Rw@0
z_HI7N%IoLh;oED{{ro9NQsNLR`WkH_7$`q5z2EF;<XwNPAA-rC9M9=6k1CfThWyxd
zW1Nr4YM71mVP;4ygJxsuV`8KzQUnw@<YRaY3=ENRB0ilUozL!}YdkLN4dJ*w`Wxe)
z4N^vh4%WxuhRe*z_rVqB@XwmPDJqUoAxsy<D2+wPwMUstt4@)$b-g&(u0+GX^PsvP
zr<JEl@J@%MU~!U>>nl6r*1@5$v8F)R%4A1r%Ar{*Bup#&!K2ih_5TOGmWjTeUDgac
zjqLndo`*NP3viIHI-Uk~I;OF=U}LJstL0MZc|X$WoECYCMd`fKPsk6t+<u3%EtpK6
zhqi>H0Jj3=2qw)nG3wS4fO*Uu@1>`|g4=6_&)oM&3>0B3$7|Iy3O{|~c(wRmDNg}R
zVuHI3htm0Efe<1$zK^5?hce2);+>ZV?hQUiC2lwxWPKHCz3hPatxL$@ZMXC0<QK2a
z;(4S8YMJ)TCNJ@^9?dJ6$V-@jUNNo&Kgu7%_qV9(@j^BdZ$2nOfVREmw-Ec)l7pSx
zE*4wK&2yGR<Ne}Opz=_hP=ShCg@<!D)X9<0#+`=vmDL{15BwLgsz^wfP~hkS3b--=
zhwQE0%=boc#p5nYwBtZxbTrJ;(vtg*srYMK2-baaejb*FhGr8K%q>i&yujK3lWXfW
zXoI_rRvS75;3cE!5#GLyob>#OOJZkW?H`cwrnKUTQL$Dvyjk9WgJSKIc_V#;C;}CJ
z>i<F5D+Z{e<i75OppSg;GKRkuQ;;76Y~9gdpr{IiHrK_+ZJYZ{df?nHgMD<RVilQO
zXS&F8B87%jBDWJB3@j|-`zd^z-Jkb_jpipO(clpfpcok$ZJnH;sHjYG<<g)BM+&s!
z#w+b^k9%v*?W?Q5`~-xl)CxM57fKnU==1T>K(IpA)34y>x2eV<>K~OpjH<U)3e}i%
zaqov)C$5PMeeBAySFX!7HU@h|sLucJe~_dX4-v+eoyK5~4w@TTyoLG02YTC$=0fvB
zA$BI+Lf=K9uY88sd#0`r!OuP3XhH{(N@ntFq%+yAk4`l7^k7cU%%u5Tcvp!cfU`+K
zU@8W#r>Cbc3}-Mj5+-uglq;p)2n@XwbiPRF>&dY7gtoz<uWzU>(x{p7*2g}-S@~jL
zFo~d}od3cer$h8>(#R)!ZE<<}hQ_9J&U{a)KbG~kH6-zX-WILNYDY4e@Q^Y3V@J+0
zAv-eh+Nhj_fwEZZ{oU{3xL+GZ+VF_hrLEzyVyUB!O+y=-biLn_7ZOlXPza^)d)WtI
zXneB14YUM?rwoQt*xsI{^P;yGUubo(%#1Zx=QB5$XM`~=3)mTbNsZVq4Y~F&@{W7%
z-H$3`lCxJU+<A7o$ODR#o~ECeT%=aZrHdd`daY14B}FR7ecVF^Ht-m?p}FI?PW)vZ
z^ul0f!<?Tc;Z%HMo_c0{LlAwKucyw3LY+Aun`mrI@s|WGjZLTG?F_SUevMcZ-CJs4
zD_Wy%NU5pe*G)#Bt9EYdTQ@FtJtN`e)xsM3WJ6r2T>}dyg=EWr16LG&85oEQ3dK`$
zeGc4=M1ulVs=xn=Faj3#Jl1;pohBqx1bN-uRc&OgF+LFm%U%gr-vM<LT4+$bV)gr1
z#{>*G5k&757J{s7L=HoK8^EU!wWlxAJsKm<Vv5q{THvrM7SM&qs-TWSX~hT%1sH;0
zaGDQk9tr#BbI~yDP^&p&A0Hpr{h?yA<=#BSQZq1}JehStHCHJQBQrCz0o*lHM4vvc
zQ>sVG$;I`aNnSdT12`r*jM82NYKNduqt?N+@+LI9+&mfy+ehcGw@a<O6M{n7eGr*$
z{ktyUKOoU9(_F4CMMgm&X1Q^^dipT4JFkPB=q75&gF=DDg2Seq=drdX5rE&l*d)&l
zei-xyqvT76z^~vMmyKC*)}ekgAX%?oRWo^?x=xu#!vxQKj{v#qLsNq1W%*B{cIJNt
zWIc@waWq3_W?(=bcVCf?U@6-H(?*03);q#nL8~s{IXR$55SkatC?N+5coc`xquk#N
z{hJ2M1faz2JB<}yM4Mf|9c(bdj|GaaTrZ3zt#)^hVJ^--PTOEpV*et2cr3nWor2m>
zEQK3?u&@zCCi$Q-mRc&)TRNTzT}W8i3{yc-QGcx3r;B384jz8<IV^G`1pQ04)}F-E
zS??o2LP{1C$&UvEj*(%2aZxG3AgX9c=JQAevz|IDtawaEE15y)qm}uQNnUSK04T62
z`XmB10}1;FaJ~>9*OXuCZyNpxby7*dM(os<LL=I+{MHY_$AbKfH0hQGZvsQHR7y0U
z$i-g<8k7eJrwlel3Gh8R^0h3W@@0r{@+MkI<Z}4Z-cD36LOu!5b4T4uOWj%e(@iC$
z<TLyl^sCR5@YmPZnT&Vu=f3n85+-G3#RRuyP^r~>f98G)Xwn01w8`n|^p}d(yzaYC
zLIjhNv<E?J@vaSEZYm|oM#(b#cqsx<h_X=q`G7w>!FAAbvur$=Sr3(Doc@MJo<Gc(
z9K<>;!{ZOhRofHsxwC;CHXJ=-+KF!fvpv5|2%xcBs-Xf{SIf+>a$mW{01CIuI`sSZ
zU5n{%iCtE%uC9V5pWM@enqX7C(!#>R0_NJ{gbim^l8&KoTYLfcE`1pp(X0%J#qI9t
zdH-{wGhOs)uKGvH2UJwT8{-?ThUb?nhQAaqDqx}iABfjQ)4z+?3&*)y^Evy&?KVab
zwy-^a8%bM_00TD=1O~RuyRfF8(<s*Yy`hR+sAhnJgEQ^UM2Ke8B?9+B!^z9b3pO?-
zLL=aR{rc6f^$q+MSiE3y3fE;w@qxSnQ*Nk>rrL~NioW_;oA~#CwVMqvchO%l4!h|L
zqLIEdxiOoTNf5L72*r^3{rz*zy$*ZlIZKOxj^>0<FnH{DpW`I^px1hNZdXj_lz-E$
zyGwVW4h4rw^ds)LN&zCDf;t$J2)VVHW_(V-^|^n4;nDg(R<QlzN(<dYqgV8Amhb`(
z5}EhDq|2F!!p2n17!L&oP$aD9w>D?MZ^A^&$G^~`1j<=OI(OUP=8ykSihq&;E{sbu
zImML{f1Bb`dEl&D`cZT>q_nCH(>Qmp)B*$MS|=V6(_Ps!ECMJuABIZoDvGBhpf>UJ
z{+;#PH<s={^9^b>=xsi_4kR3U7wd={%U?<ad7Zm^A_t$5{&bP1e`ZngEjI@|JBDi!
zXF~uaQKD)NJ=0Gw3TGpx`XBH3K}It1al6(Q8*}^*!hK(Zom2Qe)X0tmVqsIH1ukOp
ze@I}0O7^AIo5b!W01=iUNhSXETmO?=QmMBPe&DR}GHUsDR?*y;oQ8aOU>OUR9f=%c
zfia0?P=CNb6!Wp6!RPl^I6!uVYq#(dJrZV-%WCDq|9DG-5{N>0I*<}1U$rscsJ<vf
z_-L1#^SnIE1N<iu&Y$TU9BmI<x~AN4k}2wztl(St_SP^UU#)PjYW_VkXn>LW$1Eaj
zR>I%#Qx6m3oumm0r%8qk$ZG6W5>aZeLv9iqK!eh_Z5f!k9dBwy{{8Ha2<bm8)jZ~v
z0(r)2{T2y1HsC|D(%l?`BVPoC(o3;<I@=;%zZ?^?%b}Bnwf6ywJa1K<{4W;4{KKMK
zkzv2{1$Kx{A8PtSi}D)s?MnaOEj}>x+vY?!1(Im?rEc7B*V$E=z5M|QuBeU3QOMQ4
zH(<d3I4Pjm4LXstg#qU^YzwO>ZiMDPQ*u3;E8|`fjXvf5o2XbZK$N;h{Wb*pXBZZG
z<n_|-?20vd0Whx6t*~%}s31qL;9B?W{dbmCNP|Rw!A*aJAN6qYx3%~R+3zU=QPv;`
z$LQaguoK_=M=@w2ilKBG)X#~8iG<9@@$-KeE5wK^V->^>Gs<+mp_F=4m$8luYe$WE
zqX=SKEImfbYODH{3%{b!mkUAyfqTDZY*1)FkMpR*|KboWhzOGwf}|;a%-yJ#U%Cun
z(7nBxUVi=xFkBWBjI<rUw%K~@fCv`+G-VZFo(c%q*V%3s_n+p82}H$^xW`z3w(*9M
zg6NbW+<dV~y3EH0z8(w#p@J2^jw6_!LljQ9!@cbTFzC%MJ=*^VkEAHB;*dO;DuSC;
z$n{=ogm>a_vnmhu6A=dO4|1L#=uE7HYJV&5>^tz9IXv|!YLLT_F^7Ai-7N1GCbccJ
zjEu~y<Yb-6HT!@+KG1`96TaN@soJTQ^4|g_8VNBZ?&7g$=y}>)jM|8k-B4=r@qCPb
zWIW*{z*mY1()z0dxrKp?K@GhzGJ4QQPg3PGzIPUT!BHz#vw;MFmRNH-|5~QvWgCWu
zaFf@Dk@HncVB6b^<?@wi)G90yR)?#;p0-xOQtHh?vXW$+ifzBybyhzi61guQ$$AkG
z?tz=Q+@N1$Vj`yDj6Q&{h~xsool~2Z4;pec_Bz!BsoQWMN-CV18o#EeR0a}vB+VFG
zmjJ{5@bSanYy)L9lFl-9hsEAJOjnPSklS_cdx+u3_L)`$yu=h&TQK`h(9FYQvlt)N
zNdCU-(V_m6dX-K8pm&eX^e4rM12QrK#4aw5Er>*{$I{W8d88V!uRMTdSVl+lPne(N
zlbWn(rxtmmp6f&C2umD2KMP(xy^NXZqandU=lY!Hr(SH#xHP6N6L=)dod`D7Yei}Z
zhByUe<ceuI_4r)hsOJepM9FeFGNoVeWRtiNT3RGvd$=y$vR)BPqE@SrAOmB-SR}a0
zb+^m|eDqkfVW9bTV(Um)((cH?)M=I>GMmxbQ{hw_3iP;F@vxyZpV+z?%$l3qkZV6{
zrTG_-^Ln2WKhW1@)RGB~F5}@Iqu<bj^X}tynl@^xs(euCL?yhwZ32a{IQX7**L6>s
zTBo+sbZ_dbc&U}<1A3jZ)LS0%rP5JBMc*S51n+nj(?#@`D<~+CP*UQ7Q<aDn<SN~G
zx)(d%siOrdaH<>mlWJcu&)a?m?#_x-dQZ`h))l+SrpB(d@%Wkix)qT0gd6|%fzA6B
zrvTq=Qc{kYIMiPY>M`Fot2eY-kO;>3Qe9hK<L!M<;Y5ri=IahoTxWA%v)V+qp-pF5
z9}iZZ2{uX4Rc9}$5clRn^z=Ftaf&1|64DwKeIhC8PdM`FOO=DkPCjlyZVr|Px3f@K
z)N$iiI9yx0v+TMDFX^U%4DO#M<IL}rEG9jfOG^Bb=IKVQ+789Cb?m;-&hVth?ludn
z(*_dnxv0(QQpj>Y>g^KRd{K*p{-Q3P{UfJYkQVxVETHRjJKUTSu5>uT9+i^*#`XN?
zskuUq4i1M4wY<=trN~<L*psf7XHtO~Z!n{2GTvQOMI21SxyrWF#Cx3f>+n<Y-+8M8
z@_Op9fiEo1&V!cBUAr0LsCMhDeR>>-3H4uI+W9|*1W0<pWbab-ncpwlg1D~BZvN|a
zcq5kzv+V($FNpeG?%B7^=U?7X1uIywBnO2av96A#_&`;=_>Ak#3H(aF1BbH85pNxe
zP;%gT8&qp&9w<`&j6YAJaE>}@f}xLXaA0I_XwkqqJ?9Os`bfr5k>b_`&XEU91rbfb
z7QEx*gO*7N;fQZXpoJ#qUqvKZmoZq_PdZ^bK8ZPmf3tU2*r2{+e1*Pyz?u&>!6m7J
z)3Kep(6dhXHhht`a*hp{4jTN!OCIh0%mc%8HTmG!2<XXgGWzza3p+VSnxw~#kCI%U
zzFZuoy<f|#JaOSh=d5Y3io9Qht04(64&#U2Suk~rZg-!f5c)qVP<<@as2pHq=wHq+
zP-fkOt>ZdHL5QSzadtpVz-51b{`|N=o-zFJn6U%qR^7SD`yXZng<*8P8|R3JfxQDQ
zl4Pavgqo90-yaDTQnSKTm@~Hi@LKEm!NoeI5j{6XS9X#&in>0EtW}%e@C=J{HJL;F
ztzp+lc6dq_(W{&kfxyqZ+?;O9x{e>V3rL3$b$GnEp-1Jk=)Qhm()}9I7B_3{=h=Sb
zRE&n)xpz{)oH5mUZ^R3QVhcX>$!-u`+|1<cd-CJg^xW-?sj-U_-~=QoS4(v=I>Vhp
z&#vT&okq`d_12Jt2~-UKJN+oI90!QpF-D{Hs8lZrgYh-Os9jH;<nD!rWHXGUPLACn
zGBj-H4{^F<FEvL%kfx)?$vK@)ux1O2xtw;hXqj2#oieRGUOZ*++Bw#IS`8}l+8feX
zY2fU+^k<t@Sg#a34jT$@i=G3MgZ(1vGEcqI%Bp6YwK-&enm`x~t%0Tmv=sBcG&SZv
zXqlmiObgYiACJde1cH9)?neqZ$O7j(SC{D&mrIBRBfB}lqR(sx3E(_9s}6!BQuV*u
zx=tP8d>IihPZ!qJT_3AQ!soE`y+_w6LIZc16roeT0@na!rxyfb<`{t)m!n<9bTj9C
zm3YKCgbe%IcFOf(1^C5kv~={fowS=Zl?o}|1ct^RKj_*Ri86sW?}#;*3k;ObVA@KJ
zLBJFbC%EJ7?JcN6dF<Uu<<nqSB$XP1ai47#cN4V`CX&dwG3V@@K3zPIyD%{*6kk5x
zHR}oMkFWqmM9jRps;3oSTjJ@hV;@S<2Zuf8cl$)HR5V@u{jot4=yp#9dh`cc&5l#6
zmD8+HxXLs(4efjq{23(Tl+<6kHI=Z|P%kFx8qzFa*ll33_(6=gEtU>$=DReEswxh8
zy_q5my+)-VxvVo!|KTYb+I{#G@8dhs549x;@Iuv}s69NOu?L4<Hk&u<ja(MVB1$gQ
zLyTn?R(!CLziJvL70;xmP0lMyCxteJVCfQk`@$k(GjUg3h2c%jD?oZ2t}VlHICuRc
z%d(SA*3DfcK_m}U{g%$i!n8JnL@8W>r@Wjzo?8<}o7AN)y<S_4Ckbzux=JLFawpb|
zsO78gYK3v#9`Sxl6NWvwU{ha^{CQ?(M*rs`BT}LEQ_EaqJ+#9kxaBpC-M5OiTUv$V
zY)>N|=s!t7(H1#)sLhLNB1814w^+lm{@SK?q|4sU;K{*~ZxM>z<jTU*z=`w2X0e*6
zm4Akg8d;yISjNx8+k-5b{%8)LW?-rzIqAsTc9$qaM~!^%NNmITM|G;#kiB`^x#PLj
zNG%i*KNI~rYfgspChli!M2Dxe?QZ!USbhRvGE0Sd*hXC|)Y<%Ky$9T@hAug#gTtcF
zwWJS&&}GBe@gG^x1Xdjn3q0>%?l5OSq_aFfK5nu54k?&?kE6!p>MKr+J4cp_2?`Z`
zrgTJ&m?&s#t9_rvFt=+B9Gb+7rGH-+2QNlUVghO$4f6=I2Qbljz6D3Hi`q~*g^_`w
zCK<9c8MZMB%(*(OXk!wb=1px$7v~=Il-e6<Pr71npOK`eetz8-`*!x*dsV^Wd%Q}P
zMqbhh>;c)*%GQNy@zi;nRG6j6&=n7)?CdMxR5^a#xfAj3NO-3|KQ5JCig`V802}nM
z3E_MmP82<~Txx8JojTt%SO`w9&old^KU5un=5&r1Eh2C5wffQI(M#l1sioJO_o*i8
zFP!+aB$TR99O+Hq9?H!1HcQ|muc$o7Mpj;z0O5vTwxF}l(iWIBwjFM|!lF@yCt$5r
zJo-#MgDI*|xWaNsl3?d8t2}j6BI?qjLII7&OE6k}plRc-M(&pWMIG0N$rS<J3x^X?
zWXmCxWq}D{teQ9Ppr5PI`@>+}jY87457k5!)uE7|-6O7ZjELvLRhVH6tDSAFDh!hp
zq#r3H>c=`w$ZMZ_f=ww&e{^iNd^l&3BUM=IuJ+8ddq-QId(WI##A@u8qYSMuo(6HI
z19OcWbWuw*y)qur=;t@u6`oHM&Uy$OBh~Px8Fho1pNY+B^7P9whl+y^T0xD*w;bAD
z!Gd@!l#K}sCu}$~e!5x-hpvkrYRTI0X%UnvazTe2qGZ}IU9&~#M?7@eRR!uC94S84
zQiTk`-%CXk_VrA3RUG-Sad<(WRmN3?^iwA39zJNt%0@X8iE_P1lt+oIFOP6;KP&%w
zB9ZX&4iySxL`QwEj-6Ja@OooMA~%$33P9KS>5jopapII*oVFdA+P6P$)}$({t478U
zq@<z{qS$>X@&(J!CqPVk6HiMbx?_poczsLL!wss%|NL-T2-Qbx^RZuG)mGf}Bz8OQ
z55e#9Ps$jC^>^aVCS`jN20t)G<$~L%p&LwckFYUU`iqc0d(=~j0W7F@&`k4Q34QB|
zXEw@bESbS&1U*`ghdB~@;1JeiB*#l+{Qj??vB`#c&jXyS^ap<+9xt!+e%eN@3ZveY
zfIil@riLf*IS0lWkIy+lQ&W?grEb+TsfKPyN}ILU_P&-?gNml8hk?aoeRi61+9oS!
zO5}%n1aEQ-ZGgCFAL`fLGJIP;E_tbV9?sb3FJeA#iCZEtPdT$MXR1YI%MS)SLo(uk
zv*8sR!RD8Q;5KO~dd~Gx49rp(h%$6F*Q_AzrR_NEiC`dM?xA-_^k7pO^SZ)h)NA^w
z9I%KQKgFTkU+=;Yg8nS3>vQ-FGqFCg(C!tXMz5dANbfzn3lV}~tCRFc-7!2#8nD7~
z{iI}|<RHm%=Odr>sYtFu)(cmi<lQ}y)QO=ggnnu%0(Q>_?KpXXc#8E&&?fDMRrO~W
z3$M+4H}ApMC2b>%h#J}Wy)3!#JnQ&%5VT#fdPb_0mr>1co%{&-bvb=}-_qbcA#MSx
ze7<U9E)h|&`<7()ckcXOT%Bc9RdN62l`iR$l<t)72I-UrFCpC}-QAMX-Q69R5|B>m
z?(V$I@p=9;Yi3^Y#<h@p?)k-c@BP`vK1jfjBaBW7>&o%vs==6A9d`wBB3rTS+Uy*>
zzPXj_O+BmnAX%iC&RhXmYl%k+?0#st;5QK!{G?ei=WP{1VzZ9<{vPRzfF=FUvN>-u
zglHvYo*FYeBxsIoZlDc2c_jX}{kwT(q!@OD*Os!$S7rZ+?f~*kw^Q0xHX2~s5D%Sp
z4~xmzWV`-_ajP`~e2XQGN?@HawEl^p{EKo#->?yrcGcK~@`rOxlhQcwCNyo4Qb*C0
z-ba3Zfj2(n%{(&hHUe13)_egoHM@eIVPokaekaF6d9r3G-@=+x0_JzTu8SA<!AIQx
zmR$k1nu5s=7k-fZ?&Y?8!(=O)G;(I}*!s^!Z7V}-jg(|lHjGYAbz<8tR)@ixU*=OH
zy9S}m07jWz=A1Wv;qivcNTT4s-&Pp%aU&RiUZ*{%N_%`>M;IhElJC0Yl$0=QUe^j<
zIn1b$xJ-U7$B;2DVH#W#e?ai*+vp9Hga^LVaQ~3Zn=T=`-=V%riL4n`<}NoN&2WE0
zkld#7ub|2jCM>L%6{aodl3Ae9p{zCLG@Kii!sJjT(ft5CE!&;d3+>0hRr<M@NCvAb
zdXs$P#xe>Dfynz4eL%93V<iE<YziAhu6^P#7`~O5h@C3zo25AC@86i?WHxs+D;|p0
zTb0T0e5EX*tZZXG*B1SQY}+r-Ko2{XdF(vGIEQ^GmUM>h-eZEh=lW1qO}4_I6ArTB
ziVY4@qft8A>2|!Of9bRiR}_#`FWvg^0SwO3X*}B4-G#ls^d$7<C1KX%iLF9+!*AeH
zC)L!Ii<HDT;H%?t?J($kQpOs9Y9P1+AVu~tv7XCKGM%T6CR1c03(r|U6yacDdn=cl
zK|^;oK#H9?Qm|*=z}j!?2aU^{<%4^kXKdZWt2@+CY=7zY?%>>m`eKdLy{F7!%<gH9
z%@CjR)aXaORpJYe1VrwicH5RGFwWO`bR#LZQ^hBJr@Hr`fuGRmm`Bi!;vG};5i|gm
z>>XxxQSYE{Y~O8x?uZfJa#2%t#cv`|Uh66Rwgb229()!LiAf<D)h_PI3c-i_GgFar
z*G5V1`?Dy~1v||-eV^TEYUQ<IgOh4Kk9VqSH@XjqHp(9eILgSbPM2}gi<!#`S=kOf
z_<np<&XkM%dLH~b#2j`Pg+txOmlDYLUL!}x)U8By3iixYAV^NrPGlwN*#1ObK*0S<
z!h5Abr7-VvgH_R1oyWC`j9fR(bUN2XVA`DeJp8;J|NCKXb=>0P`Kyr0Poynb9`N&$
z-<cefUc0^bg`&hn3tca+>;uSNvm%ING6Jcr?ybyJ&eO@|Pu6mUcv6}d4pS=B-7};W
z^{4F<n64*_-Kg-)are+{$5A&9zQO-^4&uKj0Y|4dgU;ix?b#r0?CpzZz_mwUb+mlj
z+gl)~V|(V@cb3YfW95@oysoPm;<|}|_nzyEiFS7x$)a7-<R?eFhL-aM#ETFSXFB~d
zbwnBPdGFLr$^}siW8}eWh59fuwfqagC?3}RO0Ia<WV+JFUnvu4BOb_(&wcNq$rvkg
z%^j}_s>!&xta^<Bz){b3sm96m15s+4hj_l#)e-~6<C9$*>(tlkH~rAq;42(@@aytn
zjpHA5cluIceR@rQ=ImI^=l%QhkXJcpUy9#<iV(1l-F#t3_}Y7j8(thv)|2Y!Z;Q*D
z(O?=+8Shw#1raW3V#;O`32n{8$Eq!??Co9P`K93<h~53Vh0iwHL!F-8z%GL1`y1n{
zJ%^>c%w^?J5q_t{nVX0@3(>-*%ZdbD{eqqDopsu`P0$dZa#b4al`>$=U~;#y=H0;j
z5q{ya@NsuLR5J7EPsE3bwD-#Or6VIIvrPz7=kzW|qLObq%6aNvT9PtQQeugN<fPH)
zWKC`M<{sh+ci%N+9jZ?ukF>Ul?)AYN$zvMl*Wn<92t7mbv}pQya?fn+3~~neYgY0d
z5OmOIsWoqY2jlQ`S`e?OX*mxcb?zn8?Z>*w2$tw5xxCI+eAw7)gyF%d{mQR%-leHb
zTryQdmpF8t3nSFMI=J3v=4KZddVek^66u=vr`4OEjE!2>&fRop(E+Pxd702R@OzIR
z+B1DZg-5y`!q?vGWmu-dWTyR3LHKTGEB+iEEc!9+-!6zWNt}UmLvW*jBk9M>bNbAE
zF;jz91(tbYq6==sE~P0~6&ZK)t}5zrHRYCM`?(x9R5Luyi$PENR-jFb<Duj|5c9Wx
z{>lfm{sKNSHNn7$h%89%wu`IlS7{aE7;~m%sPKY@Ro7{OVzOM6F`5=nbr`dq{jH-2
zPV7Mb2jbSO3>ZpuHtZ9XAG^oZbvwkd$!))*OQZ*6&8fzrV>_b`e4)mp^^~Tu|KOKR
zzz-yu*vS2G={+_=YBG%LMc%hOn%DF;LpxgzJf$I+6Ug@U+mE@;_Lch3M6ULFG5FBF
zB-ekk)Fhd49$`}ZxAgdW%OlbL7KupMON3v$b7CPI+zly#@9Y2Y!QsIGJJfK((BVg9
z6Y&LPn^uqb9Jt-uRWCaqFfw{jZ+#w`3e*N`v)ikzE+{3s`!Q!t<TWatihu{x-j_Y&
zjU~isrJu#J2XWd)=%gW`2PTUQi?QsgMBq44T(}KA-m!MT&zzs|H{11Q5ig^RM~~i(
z@%ohYEse^d?ydR$VN!a{X_a&|R_w)Bq1y%S7_;!Gdl)qu`UHqrbd0)90(OkldyN~D
zi%;^zK6Dv1b67p<w#n*et3srH#1Q3lKs0|))q9i6dO15c^ku?UKq1Mv?&mYLp3L!I
zGL2>PZV$&20mRLkAD3boC5oIy2>ZkSBIREza}2v7TOb<%Ok3l{YXH*-h_8))7tC0{
zVF6ukOfp_<SO-b}T|8~P(D1<T$JEbYukO0fR1N{PxLpD{z(ua%!M|9(_*BH}i>M2w
zetQ7J31&lr&G+o!a9%XdRb2y*R(M69#F_L*pr+<xbV9iIZ+)%DjA;QKxZkeG3wZ~3
zDb5An5$$#DnKX==tHKaXE`>RHtW?-DXS5gajzvBf^Ql@H58VORTGDQd{uq*LoVd8j
zMRY<!<OCXp*<liN^mnhqF9;*~B`SuWtWJd?tZL^lDB;YdZ`i-VF2I2{7{}_=127A|
z6CQ(PyK<c4kwFpjyM`<n`09I00H&>rf&J`5K|2#_k1uA{Ie1q07pCq8!4p!h!316O
z7%6NnQrWFY!iuXo35}vZKKy7kGxpm2UY#I?Q9HG;F=0qf_PXbtc{9=Ng<7_7;n(iQ
zz5#BfL_n=9O9-9bdu?0I$r;bMON#zQFVE5JZP~nCpZj1Gv}2;}PaPLa(uQzLSSArH
zw}0+WtXpqj-3@X5+(3j$i)5|kggsv+@KZyp_I9|&tY^Y-*VSyPf9?TOL$jdhcUHLq
z-AQC;9D-uZomd8bbXA<MPL0N_aTM#+=*-8bJ8M9JKeBoLUCQ%dwM!D6GD%rN2-$QZ
zf2)pc?kinnF!JotJ<a)k8)5WZoz%X0G0ao@YPn!<uG&qV5h)iyx^IK)aI;??n=K9U
z=9Q6=4WtvURvTjAmZ{MskaTQT?)bq;H@X|mj%EXFT8S^Js&;)rq?%Tmh>cbrz0cLn
z7?)PfB!Oe?ipM*LlO3o6Gt`vJ&-?R&W_~akBdiCRsLIf>V~gl6%<p{+N*HRmO<zpX
zqs6Rxj#tydR>LxjbM)18Ce`$)%Z2Yrcq8*Btqt(G5CY#r3u8ViWea_nDN<BP;cST4
zoIndXVhMY&UCj#JH~b;W(MTM8;S0HJpBlTmHN?U(eB*S-ufKmu{h~ZSj5B@VcJyR7
zbj-BnU!^IRr|FM^eNm7nNiN=t4f=&WzuFp)QchC_6F2fyK8q+?9s?~gdwE+P^jqPV
z;<5{$P-OC5*67{S$4>9hMB0t=`R1XqAtJEYhxmk5n|dNU6Q7;y5`NU*K9l+jGRw^3
zF%$E{c<xQiF|1tKtPm00{*c3_m@=;9BF^PO0?<ZeD&_`J*-GZn2%eXmHBP@VTN##>
z`0yy6d`X84`JExwlr3K`F~IZX#YzFBB(bi)TRaI}AzZp)97z_Y4x)Oz+)0{95%*Rr
zP-UT|XH+|?0!*U!dhHH$ipKFJ(|N^pwo8iQDmzc5+l~1ycZVI7Gmww8AyovNP(s~P
zi(fXkd%N*^{tEJQ)Ez8;<g=!Pfq955fV@5tG?pkE3MOM~zK2bBQHHTJtA68#3MaZd
zU;CA>yY|)mZv`U~G~L_y?~47FlNgO;viD?&2@TM<(fzpCikUocm$W};QG0W5b0d^E
zPt9+Im|#}htq4~J*S$t23nZ<`;M4|9n=`}qSEj_<CU_~85ykI+Q69|VRmJBZF?Cw7
zY~*(AWET4LN#)_U*4|38eGVsT5NFg;7xLxO;ny+l&eOyx!NaYJ`P{FbNk+<*h}+&|
zv-Al!es2~f+m{zZwNUrz(QHM<e9v;>QTxVHomv-!kH|$Q0On0TS$iF^LNxT{_=q=q
zD_yTKbNAbbDIAMV!d54CkivPtP`+Hd89RJ&n1Cj@zJ+!(!#^025|?5swMi=q#*b;)
zwg0%w(l$FNntP^hZCTAD|2vaPNtFlc^n%no=Cn_4owCPZ%C8lE<o7EGFJCqklP%>o
z>tDA2$S-zMVD6u)BMZC4>fspw=XyRou<{&Rx_dgBj02}^BK(^oy~B6LC{7NqG2108
zYyg$r_rF*4YlOuzW+u7R7IM3waQD-^zyIG35M!XIS#ChAS*IVE?VFZ)3T^3g%ij!^
zIFbgc1e}lWh^l;M-tr9%4bL~A2Y$!*X=jw6DKc*Z_8k=H>@MtI!oETgLU@O>fVfFa
zNz@Ay_0LQsg-06{Wx_VPAdFxRt4j^B=O=a2IhSB~?YTy-pzy$V+G`mvvyd%0!$Y{C
zAm^k)tQs_=56Z8NqSj7LedUSM$jI%J+CYM^lN;+SDSUFHWUgX1f2^*1GF@&Af=Ois
z5h-pFWChUyxJ#BQIAS5A0<B7Uc>Cu&;+ClLr{N=n$`LmwH3fXtr4#M9z(DwVYG7U8
z`3yRYo2KRA<J*EUp{rF8`*MnoMGV^wd5V<cXjHnDQK4z|jf(9iXGDzK<)@)Za)HLA
z83)7(DeWZ{B&@^T{_UYRQEPb)9nbdAc?O06G#yABXstsSq+1|cL$Uo(e}Jy+<9kqY
zK!qV_Ok>dg{o<4FlLcxbv)a<PHg?b(<n^K5B$<7r;#7#V>3#dzXU+f30<a@>b0OZ%
zJe^z5PTbKw`q7Hv{Y1|Qv5H;6$vz|51sxpNnoCN!yte*w#lx&B*kVfpudALZV^-cN
z^LQLU{mI0kYfADhU{x6`EL;nAs$B@;q07P5Sr<LF!~Tgi0~9RdY&}z5PZzhIG90r@
zrW)Bk&snPbDTTUeMAl+f73JNgVrPUgLyI;tls~EnHwK5VX{>(xeQ>r#ptOBE$EvUi
zlT^B)O(Lb>r5#36-M{WPYz)ag5I|Pda>LO7l--$#LOgZLrVl+dt`#oUh4TALsul)p
z2((9|G=p#1dX*UqHF!5j9nfkiXD_Q6B?4!)fsa<VRyTiLEu=dlp!a8u<qSsHN;#%=
z%*R<`y-CYYu$XOMj>A-ITJ|rrwVv$e1tpl|<t0E{EKh*XGx~eI8a`NJOB$EBuq265
z*r4Ml`B`=nLt8+*Rq~?GyrJ$V+{cm0<ALu+UOPVS*vXhmNR)}QsAkHkEk=PwyG%}l
zu}7M~GwpDXx_>RH*W5gN4HXF(veck2X}{cG=ie-OKN^0z<mSh{_CsxFwa)!Bqt-=A
zTSjhl#}6M?bvMxg{w+HgN6_hxI*G5eK+tePcSuW1q!j1Gg0F(S*XzO#=uZ|Kn9KMm
zS0ET5F^kESPvl5S)6r9m#!?!1UhN3m_pXzo+G>MOE4%;rNdyn1eeYa@=Wh5-3yp{@
zw_zmqpZ_nS*4?DzSgWXIxBi>bTwWKYb8x1|E+!K1sL1Y;OVB~W5t;w;nY&X%IZPqz
zrSQw^<xcld9J)8b@1^|DNIzGmjM7os-=1)oXh;&<w`Nu@Ddb}Hg-8(#Pevl1&T`#C
zIU4vhk)F@@)IPYE_{4rZ>c*y4-F&kj4;nG-{(%~i!U${N-_mn!(OGJaVY_{AXchK3
zz3VT0+1v!?mvGdb3$tBKaS^(>8@n|)sO+}jB+1d%mdNW~d{ADxo5lgFd5I2+EYzy{
z%c~ASFpR<b#<?LS7eWSk%F*td<xKGN`R%YPDB-usrtj}t+wHx|S)-Pl^iuQ2lVtRh
zDWVjVo4gkeB<K&pTLW?%P+7KH?hA2#vh5XYrioQZ_vdTxcXAazCLU7md;%f7(pUv@
z2usdm(G}$ERtB2;%YBsLP$dW^V*kBO1%h`sokUH!Typv{%2|sQQACgz7lcbcV>bem
zvECXDmQORg8GH=>`JkUG5+JpeN1P}oBul{%jrid05tNLzI;m57BQK4MPN8y8Y%`#u
zP1^c)^HopnU-V@~l>T~Wmn&S<F1Jzri6zjta!E|@SG)r$ImP^_`Ag*iZH0)XZpIFv
z@n-lQ^>R4|N~i;g4V>0$y%;Q8>uAQZgt1hsa91+p5!z}Nuh(J7Q~uaO;_F4x*k#*3
z+1iw~PH{W_WFp^(B$bG@SfZ8K5bCNU6RKLDf6_;X5GWT<$auaIk9xXMUyy-`^vFrA
zYG!c;0aNbh!5=M<yMvyy=)FBngQ8;ZWapm6?Gc(&?E2Cu7J}2c@LpnyZTcMa&px<t
z=Pwlu|1;G6KRX6daCqMzw_WQsR%|be|J)gJHp2J4BX{jNbqpK4_QSuQAp?1w2v#<3
z$^*&gQI>9$9V3T-u@$TN*jBo6_gnODpga;<q5+tzI3T>R2TF3+!Ku`vP$7R^%tv<<
z!u7o|RVbn(1eC9QCDI{{G_=HFqxLq#cSu;7TB%`J-Pl*ls{!WyNN+c9_MbSc7nN^b
zfIbD*{gmw4Epg0&4^Izjn<T&3|GXWuEVj+nB)u=JvAjFcw!i3s5QV2&v0WCX7+^4$
zl#(62{rR|V)$q9X?44_&mc$ttO~}>rlPZnnF7em@=yg1sS%}`k2l?{sEvxnW>62aJ
z@bM%V81EzTn3VUatXu(4cW^`!eK;PJcqob#Uire@VM8vHe8$z7$%oOz>aKaLN>Nu#
zQyKfmxzs6wUH9Sx^qiD%if*D0cX#w`#I0CwXYHkbNxp#q6e>TL`R~sgq*{pQ(!VY&
zx`i7PZqK^sim9p=tLUa>ydD<x8ax7QGw2@FodUZ8`H=1>8{Sq6IPEtp_K-b+Hy!*)
z`C#DzQ+47a^S5`Pk_hE#>mylJ{;RO>UpV;t%wh!>)@E-P$rexq>%hw0x=%L_hxHas
zo5Qzr-c(^X_$nh`@;j^98$YFx@8RPO!QqLA37ZoEh6+i+J=tcqU_6!-N$tnbl}6Vi
z0(w_X7U7_?^O(^BfyYE}zZ`9dZjEJZjgicRm?~px0&A^PIr^s*F!t};t3hI#xmS8C
zO#-;CRT5ZB=B+1w%Oyu=rHtDOj)wJm<>9`MuEbHn-3z4Hd2Peuo(K%@fI>+TydH;(
z{j1fyE)`N2Xl^`dt=3C)>vht6+rFjXaGUhm0NVr9G;q8co=Qinw6}G`rD_VR`4p>2
z|7#?31$VC2jPk?9nCnI?b0Vpb2Z}f~6IY@F#ahN?egyERsqI$;S`BM|4V5`~l232T
zQ*b;Md~HUEzS|wI*Ut`2G4RknnFjZSMYkpEn;M8`7YPXCmz96oZg&H03&L+5=0CI8
z24e}$ex?RjzqJBy!|{TzQ?Sj*`4<pCELd_4n5<%nusy(<2=1K4dP#4@Jfz{O7@lvm
zYey4?R(e^5JWPpev8$VQYPfqnHHo)52l5eT;e4T)vbp$TEgr(olQQYrW457M8qx9=
zU&0Ix`(-4DNq*(xRl?cVOCz&TvA7C7VEz+b0TArL_)J|sW8SxNX?3%-yg^v?<Sq4b
z#{|J5$)BS`0%PvLn<Gw7X`e{{$v~mg$+G~W2`fT&Z#KzoUcAobtC!ooM_1`Ssd*sI
z+P}KzrIi>Fa8VEWO!BjuJCD`W;(xE0rL^U(0p+V<dQnT=>2lIQ0OD?WS>V}t1h~i1
z8xQ7yb)7o`y^DwwPSTvpANQjV<nPc^o4JNV<x>0r4gA!8!cfdR#2}MTx#HV<Ob#GP
zL{O#mbx0%om;D62PcxCONc%?lw{4BH%qH?53m0ui2Yp?F-0R*bktic0O_&tm>Ky0F
z^l9|MG~h^bboVPUj!k}!)3h4du1ntP7Yq#2#E{Gn=d*|*S<u>?SDo5p=^Ku2gq=I3
zHLJ3brHqH(m1en_@_El!lEN97CnZ8@k1f?36OPB1bme19&tnglkq2)}qvl?yTyqD>
z{CEnziXWiz7^I2ctL=lojj%~Hm0zV6h0{LB13cVLwQPAzbc1BaM!;|NAK{tM!0EP{
zmgLG5H+fWq<MnBn*w1#!_H~qxex;Oiq%6rp_uj+yppD>cDp3?NuA*8Bj-u;ZAl<GO
zUh-1-Yd2FHiJnlLf8Qf$e#;^psOsGI*)gF;YCm9t)0Ia$H3}}yoUI*@_A;O?soNY-
zR>Kl*znJD&*<5p-2J@S@!Jn?QeZf~y)d3fJPG@BveEkS}&I?<YEQd=_YG4ct8FAu3
z4ZhxCPJ^1Gs%|$CjPE}i`SzcSf)VKKb!hgAql;twse*!GNT#*2vn8+Qk>Po8xd;oG
z5b4-(FkivEG3mCU<j^ByDF_F)nB-#8T00o|AY&m`CDecR;=PiS=}U?X6e37vSi7m~
z(m0-1&iDAxfS`^@8g~XxV$f7px5oyEX^A%a3TYgo@uHvY-Q2K>=7#510Y<(GV=b(a
zQJn#<scyKx#J?cSChQ!Hu|&VrW>p&ye^n-a{$ljU)4Vq<2o2~F4g~^@_$87!HrB$!
z!A^jE0dVsn1_X*rfE@9DB_>ifxt%T{w!4*6BQ*d?D1%Pfni3rRu;kp14WYa9mB;HE
z+tu#4jEcuAuH|t@a;%#7P=K4FAoMLK4vv5#-k%|_TCXc?-A3U){V6DXH&ZVt+$+u5
z>xBpFUl=p~8_@q7ttM+`2JZi2uHTEiDkvDV*$3A*mY!y`sOiyxq~9h$F#`0AV)?wC
zYG(48NB|1~(DaShU{jo?Wmxxv&3YxZQ786EavpAE8yOL)*=~J&zA}jp9I#2z6_mzl
zl^6EF6@e}+j$EvbwKV&Ex#@IstXaKk8uHKNw^bj(P8%Hl#JCiXGe@_s2#tql=JmA=
zp7g^>HRJfQWYoJ>Jw!Wv)CH9ukEcWsMx4M2@VQ5%=r{_uPmHE8_YNnNA@-hJ{Yv{D
z!D@P-xf(n-01tp{Z{i9MmZ;=-q+ZPzc<~Jma_cPXy{3fpqRS5>zS7BO2)Q$Ld8rEW
zj~bh=@x3!Rp3^%ya?-T6eXb*Z;*d-=w|$<@wEVtj{BU(Wz~hjadxCl6Rm{s_Q;L~<
zh(*n1v598au`HIz>qCjU_fq2SO~83c<#l+#*uP|K?`2!KzEHBhLQE&$;dKk=#q9>|
zwbYIU7+X*&)n6dZ(Y!kHC-+ji2sf25&9>{}43Td+0|H63YIo&6nPrp5l5-Cex?RXI
z8RK;%tL@Tq2#7auhej=cxbje-L=z^e3Aji1ldQPE9c6q_#?*)Q4V=f3+bHw3Dfgde
zmZzK|3BRXh)a%4UC2IdP6+VG^K(aytn}y9zA`l?oAZt#WN-ob~_EJJB3(9Nal#?wU
zcEL<)%ftE8PAf~ydutalk0=Y;0y=6zSmW<^xKgiP;+DCt_}(IE2d&q;@|TRb=14z&
zMD!hdrdUw8ycNC&OXzk((iyDPvI>C1KZ^GqEP~~NwzKiuPj?aK*d+fI@)V!8#S1b>
z7EQTNNB}U(Y<d;)kAO5zCS59MaoPrjq=PJrbpq|ppF%9-aax^X_#H*^-GPmNrAy!b
z+o2)Bp$TH$^6yKLukT26Xe}N~COD_Zh=u7G|9Hi{FCUEcgV%8)_ODzLe?6-X<3g*}
zLt*3R41QN9V5%i-BT!(`nW%}xaL<y7wts)BexF?-n(TcPkU$Phtu%C%1!_T@E3%5}
z`$>eFO4%ZtC3~Yzzo><sDCAFA5mwzbuW|MVMry@jjkVFdL%Of1A2?M6vn`OZtmcpc
zQYK~mP&in2VsKAn5@krZfqo9CbZ+V2Cgm@bc%=$D4Y=Mka^aK_GpHXXC2K=zm>|z+
zTosSfz%;$unL<8*2eW7wJJIy_9Gf=bEUL*|Tm{_E5~J%UMiA>R1zyb#QnHw%Dml?w
zb?Zgomc?0YmYNKQm>8D0=rB3;5eM`1$YUlvBHx!(k={7T3S3GZvU7UwDrC3CrBiO3
zzfv}bve_4tSd~rlb|sh#KegCt(3nh0<0S%3w5RdOqFjBWR%zZ-MrX6H^sLWO`dyZO
z6-S`8@Trmi$Zv|v<M)+eSL{2Llh9jTSLD1G!~(??mEXi6VWmcmr^A=UC$xH38Ejv7
zr2}5bW>kdrejT>tz1KC-Z|eI@@4$>$bLf$p?LRKa2Y<L$bGfbo2GW`KbB$k{lxz!!
zJ2_x6yAp83PjdwBw;cS32b|1uEy}sTI?SuhGT%y_=PL9KTC1_Wj_W5&{>UwloGTM_
zWiNG`nayt@2bWyk3~$>%Zn;Nq?U8ghrf}awjBVX9zt7m=e>@Oy5*Y<M3z5v$hxy}b
z(&8ClbNT+YgK)(9F(G4xuS}aVOsYaLW0n&WJ@pGD&THr((OBQY)KpE4bTtRlDKa8}
z$cbN@*A;Ql*F4J2?pU!)O@5Wyt@|j~8c9l4SbqL|jS+D)-^bGZQjs794u4OI>erT=
z%V&WtiuM)gatH)sf(HuR)T(qZ`5rn=*1@(UoW8TFf|MbYR?6+Jr_-fe&95f_cD3VS
zOOEgMcNmZ(>;agJ{Z)0o48SO?riRt|x<qGy_IidU9Me~fdkY@bTv3Gn`hp9qh7;-v
zVp%$*P;~YRb+mExV8m0aheSgk8Cf-r<`=ndWY2z@+;+SKme6rI4Yl>9EyzPIDNotf
zN_|MgMaIewV7*|ox?|ZYyqPQ41kI*UI6F>>1<c#1myds8?KW#Z^H##8M*$fXE9!5|
zEf`?w%ZSL4j=n(%W47pjr~$8S0I5&Lhux8+V4wpADD5_ONvl-J52^VkirB8a_?Vtt
zqedsMSMR}Dq1UQc90QEB#6<kM!$@zY{D|<R4%B-vfHV&Ru=xDC>PrWo){t@c`arTS
zhHI+w?)fS5zlA3=nA6Eqg4WE;3srQG6GM;H#`Ielie6vaC-Ni*iP^t+r7d^Wv8x4z
z?==aZEo)vDmOyvOw0|%TVb*Y!wr;k>gQ@PAlCVC;qE2SifEqL=29$J{{!pLyze$*w
zRe9V`Fkb|m>KDgHg_pqnT;{#i{5lu;`&nP==lzJ==-y5QlP-);=Z$OJQ;Jw!w(wZQ
zd7Yts&Qvj99*S+>1XhSZ{eHH2qsw=ay}}sU_aXaBbAhg70iOUxTt2PyE0g1L-7^YD
z)jq=tAzF5wd<zW8wC1g&dw=uj21y%YaxZYa-^}IAG2@<lblBCQuZZG7*`F$Gq65b1
zdA!@w-s*rO@_hMT^4Pi4Zh}jBbV9Bl?N<W~6W{lvomxqdk%-7U6yoIDKhk*!m|x<k
z@(q0;i2LYw$cmg^-kV991~|)zh=_2Kk$_{SlXYso`fU$sIni(j41lD#Ea9RJPN~{N
z&jMnrbdYuw|0aHmV7)B7oXJ6ni2ccu5j-Ybwr7%LlX72ypdVW1lhS{(f)uLBtU_(o
z;waSiWEZy7^o1hRb?N36pB@$_{GqT9UX;4cF{yXu($jtGUYP*arQf!%0kKZ!)(qC`
zaBVZ6%t+XEfs3cXD4s8xtALdat5b@Rm`jEt+SN;pP~_TxH0)vfShM#~A%toAmm}nW
zBMhSzgW8q!mNP<Vb<*YDMN9BfF7pVuWQ5eD7~ow3&#a~<<YLp$pU;%ms5juT#<c!S
z>uAinH-7q*+2wMhOE4}^no%}S#6m^ILP6!Z<^{@9RN+Ml1h{Mo&b%A1N4$+k;x6J~
z!gjLU&&O@*N*;iZeE9Z?OaN{-(lh!G?+Gm|NhsQhc%(KWZ{oX>aNEdN%Q9T*_=lhh
zFN;uI8-9dZe=?AfbX{7IQ<U4(Cur@{JToU#Wt}xXA8aP-LBp@qcuQQZo3~{rACjgb
zXu~aJUMy(iK%o-O2_7Hz<E9;mOgFBTeokWJ{~dY6Q|8CFe3-{ZZ?Yq^L-|WcHJn%2
zZu+NDqCJt#^x;WOTg!&Z_0jv447rnXwg{cj8*V&*cl8Cuq%xr&L|L@vpN#7L3O&UT
zexxnmrcy<WNgp)ttRM5>#tHG6VX;lIbw9jc71Vo24*T6%Nwzi1<OZY;wz4!23?cVb
zgwkz0<Fc5N)#C68n=o&0wh4}ksu-x$uzC<x&O}#9QAKCw|L^Gi-{d4YW&4wG;q3tb
z522sCV;N$g>xoj|3|pf2x^sm<q(%6)VGt~_J&reSnhW#)LQ4Y35$29K>O@i#Q^US?
z$>t6ejXZ3q>P79u5HEv966px?pH|)0p|v>*M9?%$Ky1)SkCcBBZdG1_5VsX@cj$tB
zEi5d|bAL-#7*Iw=%_f^kDm4&+Se`_@vw59DVtCkq^>n%r+4*D<aU_`u891Bcy3F(o
zYsVMVSj<p^-p4m3y;3+7G;GPBSWNefmjBdx6?5O-+WNN9^S)vDU)F>2+aXxuRMb&~
z!A?lSd%*4ay$%)+p^K^@SqYOoB^gDle^Fd=8k8op{x{H;8ekFiLIU>;DG85>Mp_ka
zf`hMFK`%Vetx=K8D1b*P3}5g&qhej6nj1SOr-GKMqSS&!@ub*FZy@}v#a|m>`AdBH
zZM22MWJNrS+nV|_Ps|$^BMIDZDwhI&x_vuxu9c2m=)u#MS9<{MIpb0vp>H9`eF9!q
z)1?yw^V&QhS<wMELv!54L2c!2(ijU~%dD;0xMz&y#-<4lcRM%fnG|h9PFPtX{&s?$
zRI>M}jSu29?n+;Ty4O@)g}^P3L7lb?c_^*k?04a9@u0$?jy5PgiCILoJA&_Av!ZIc
z1r+qn-K^+b7tc9xNFxJU{@gEP@;AbBuAwicb8=&?^-Vof;tu3OEN|w>Sfl)ly{WN=
zBL3<Qiw(!v8Btw7fkK*eP_@{vX{z9X{!v727Hm_}QW84ZnWhpNNq0(hirzGAdS<;w
zyfn@dI!5l8%r49__x8SJmPWrDT{qAlXN5=s;2i5L0tgfhuFlG@O;omk^Oo!o4x;oW
z^s^b(r@OqWUD{#IM~eu6=6#vp1blo0R(HK!`DwU#v`Wu=jk(`7l$L^8<=g<?L)^QA
zzt;-p>$!o8x{XJqGCc!y-p{vqPHcyV%^Szz+n2obABEnG5N4|?+k{>?&y^ZVT5c^q
zq>=tV%cxln9k{NlZ%FJB2}cD#ISO2(GIG@KisNOmRCoWbwo+;FduZ}t)<*%P6QYsw
z(Y4<7jpj>FC*(>7{b(WB@CT^nRNxub4(<F>#*|bsVPoSoSV$w(=8ymH^T)+PV@yZe
zzq1rFROz;I`ythmT69W$K+g-b$kx3L?;C@z--=YQ2zsabu(Ak?p7hJA-&9k7yt(pK
z5anaC(lh+Fcu90u;Pp-1-F3AM3g^vylZ{LPR?ISu^4{YgA5uIRJb}=ah(V!)VrIwp
z3WG+1`3h~ScGIM6P;`2360H*3IjKKxeuJb#D{o1gx!`QMBaTYY(a1PoZbb?VK4pJS
zPBlvS`jXpMrnRYkgJ1pjOv5-Xe;w;&$-*dA5XZI?OofbtBi@U;<b-4&2_l56%T)YS
zi+iEXCPR*=WGuL6LFDmuAkz1z4<yb~v*B~bP?5#U7!lZsNa**)-kO?w(*NAAJK}Ne
zn7$`NtU@UcR>!PU{nVUb!h6Ei#^#-aK1#cs^m6cuneE%;2Ki!DApm*j_4@t-e5|+X
z0ouZJ*x7)1If=7Wi#prodPX(4%0a!bHlXVfRCfI2H)-4Fu$+ggw!jHmw13`<t}7WY
z23#|fpE|;&yk-v*(A^*vQhJK~oGSQ-p-^9t+MDu&r8;5{k)6kE=F6BCw>x9cmQ6rP
zI(bQtNz7TzQWXoWsOkUGL~DR7*}A*SGesjv;q2Aaj{ZQC8<su(_J1#tIMikOy!EVX
zRsnr2Y9UVA^!{LU8l5s$hrK_feiiU4i|uY`^66X(2oUpb)6ryB^T{DG6B+Uz(Lf<6
z%mbAJ|0+t)Th&S#YP=DkL~iKHQ<5MY9%#jZwpl9qT0<o81AQ>&RkmRFE>`tH+SG1q
z1gu^Ey%(T4NNAv<q8^kvAOJ{zk&}ec-3g&*b?X^Yr>DO_QVSc?hw>;55HuMLI%M>#
zS0>Na0apE{@7uG=SSdj3$wM`Bu2=BqiLZ(OmnWX5kuP9#a&>_}FDtY9e)0>;lDh%;
zf=Rbvj?Jw?`&K0T6VeWP0F*4?sF`)cDE|kt%o6M}PcL7PZxvQ$XXsr?)6&*<Ah;-(
zvh{5{<U@^J_ED>-9d#6kbgFrYqG?AdSi+RJV+@8d=^e6Kg<7iW@aV^oSWgTZl1Nb_
zF#`Dq$6$0g#f&=wo*b%ybPG4o%?8zjqt=Y7tU*R7aOy2nYr9vF0<Co5v~NVBW#K3s
z)~C`2+YH`F>ZTrS?-t<-#=L=&YG!4sGK<Hw;VTIj0^oY*K;wBbC3;ghzjrTNc^XD|
zlxFDj8-c4ry6<hoh0X$Cnsb<qyfk`o30ri)%$po=aqT4n8M)q$aGYM||1b^;uk&)v
zmW>R*dFD6T4mqhiR`|U8C~7AOi_LpAs<Lr>Oe4XV?fq2xL-cJ=*G?R0e3e8S&j=U8
z*uurXn5EZLoCx!J1wtpbN~;+`+O4G%fVZL*(4!3{y;KMxSA-jW-3zzDi7m+Xme<{J
z_Irt4CN3GgU<nthzt#s>cONO_{}joxy1i(n@*s}zwTdk@GSonpFZoL9v8azs1`%|2
zg!jrFz?s*Ty3HF2u^QJSPggqPddGK}K{fvUp8OP?*`1Edz7}i|jCi)oCM&O*K{zJ2
zbkL&`M|9%z6~F1xgUw%j3}=m*l2+*E#r!{eA0boXNAWrllo<YnrTa;qGDo;TKr@~A
zQdh27bm%mCSmoU4zJ;$hX!VN|4m0ehDVv@1x?;e%<3Y^N{_pUUm9(vRoY<7YLT~S^
zFJG+YP(OqwGSKw*dA(Xdkz^$)n|yCyAT5OD<0Fm2Ng{0PGQm?icUp2$9rMl*CWNk4
z(Ox4z@Sv7_N({XM4E=fS4s*|z-nXh*O~mavH5Dx~)XjI!ucJ1A=>c_zfR6?_TK0Zw
zf3j{zTM*e9Xo;c=+WK{HYd`bENuba69|v_W>whkgyMB{UFdiX!-^>M)9+A_#>sUH$
zNZ#w>Q2!k0H+rx;{22`ONmriZTwrS&S1c!IARGX$oXl79dja)nMiPp7u=xO~<Tz^l
z`P}y%K(fcX98F;fUH5%cuugcWQ7ax-?luq%Tf}~!&TXZr_`}mP{}xOd^gPqTGs6T+
zAMAV6!)Y<SV5yQ<SO59@pZ;Ml!%O9&KgNo}PJn*M5R>h7RjcJtdZIg#B{+oyCM1tw
z{PgG7XX#&mmgRfCBWk4&NDu%Pds*>s#7WOjatCFHU)x4LL<)iO?s~r7Bfo=}rjb$j
zf?0mlFk@p1xXu2?I;)^lPh(7j{aLYT;o#;2BFtA8iG$lrN55<Pdjx&0?aE~TIKGMG
z{?F~>za#yXz^U#JJ{H!8p@tQCLSwcmWnbPb#3({x6)hRI5E!QK+6~GJWjSo7(ZhY<
zL@-tnB~4LZ3x@A8idy~G_ZLsgW0D<Yk>QCCQya|a%5uABcS9D(y;D;pYml5q+Gd+;
ziwDn5q1wy^-y1}%B%{xm)OQ{#b8ja>;U>Fw>$N9_X+I;ku2T}`LY3=G5Ffs4q0#y?
z^nUSMY_y^M(Zb(5IV=~H)Hz-$_HC|+0+3!1!N*SlLLfchuf&X-E|e8JO*7aq%qJ(Q
z{;Y1##G+>+r-eo;7;^5T4<Ei@H%yzU<P;QM6h-PH;$DScms&ETB8UOJGX4g3-4v=o
zI0p)OZ(=5a;h9z~i?ptq%~wr2_7Mr#U1I{mQ1CB6hErPMm{gmiD*1jD4k|w`Hpp}u
zn3xQ<l-?lxJT6BCVGH-6|FR4VZU!cJW>qx`+HN33tWq?p%R;-|9Q2X{L*xv44}W7=
zG}`={pLh6p$hN6Mh||?nwCxqOHZed#h{J#<^%cxeC!1P9m0<)jnnzD{gqS3aFO4J(
z^iR>sJG%z!E?|L93)r-i1XfkskQSO!OA;O}`X3Mt%LOlPj-Q1DydEZ%zedK;*g+F#
zpC&UP3x=SE1rZVdref1U?~I9bL(9FTHipth$Yb9*y4o;UWluXxy3g}8?Th4I5u^`j
z4}}-f<%ep8DSQ<Cs0xG=Agla4RcjL~Z7S+l`A=9=3J$LRLG(*v>17A9g0wAFv`wUv
zjHRhVOHk2*+Fg{nD8b(CP2#IhAh8SCfEoSerVXPrX}-|H9kYsH+DzFjsf$N5@BQp)
zG5ppCAy-;6WRL(v8zyl*JJ0d8bfJb#y<+E9J+WE#g?WT;t7DaXw2E>i-+t==)Oqf3
zKr-DGIbw7U+u(&Ch>Lz3Y{WB!u~yK!q{F!D9y9^F%w^{X5DmR0Q3gw4AqS`)x?H#f
zNw&WeraXQOzB1yC*Ev?x3mqI*Q!@J~NXF7Gn>0Ld{3qFV^=v%yI<#^{5a`dJG`ZwV
ztCLw2mw;?HqPF-_ibix5;#UduM;nn>+2(&Mrx986@@A~Y#ifQqA><-T<F;ca*#gX*
z$UusAnqPTZ-$_;VXUu`3-TNp?(T$tK&pl&fAAm^rMyA^uS0d-~kAGv&RwuEC;_4o!
z375bwZ;gb9H^?)~pDaN+L$1u0lc!(0pe-OO_w8!u3!lwH-nXAY3D_vRQ*`|p@;z_}
z07)#Ky1W3{)7#dRw$fEUY1!|g<@#Y;p|MVrPCkm)n}{Zh^dRaJGM0vnR%(fprMZL*
zNS~-}<0JPSLv+K+S?bn^`xW<k-ZLGVj9fcnw(ni7V#1hi1NPT=I#A!!ZH@DxQKrBX
z`2j4ypp)~#qKa00jsU-_b*OL_^N&f*L2OX3wR5ln%bBr}(PsKE)~!am4M2LSALt9`
zMUPuwC#nlK@y6wkrZcl9NeH5=UkhM&J&=WXVR~^pR4S@zc<F%_H35@iC%^Gz(lv9m
zz;u$+;A`l`fL}MqwE0ke9#$0O$rPh{A*ue?DFY$L@V}pEA7_ZY%G&z+;A6jC^gNos
zo(P+!Yy^{h$kpFR$4JR!tpynyHloM#{7qtl?R6=SKztZBd<{(4YP0>xNx<$Poy{7r
z_c`|UMzTg6Z(Uk(K=hSwPT~|$OcFxx&>!>0sd^@mDV$a#RiNAb)5|F;R(>E<l7}Fr
zOk%w?!yPSDA$1y9qI$+=z@l-}TvQ&tXJDO(d1WK8kpUTP-KMj;-*ppMG>8w0&EwMP
zDaZ#x4}FNF;cr9<VXo9L=JbT%hPB4kBkyj$wg;HO(#W*C!w-(@Q7x%J5K&8@ybUz8
zZ>ENnerdKUOcc35m*<GoqpFt{)ZJjUa?2ucCOsxD18IOU;_ePi>iLR8v_9!5>`<qt
z8;evfmx!y$s3or5$KH~NYq|s>5ILu0UO$<5Xkce&X4@`Me$p2UjDB!u<8=tVUb#h6
z&9@hPf%+RISwG+IkL4~>n_B|>{0N6v9brmxVWG&+ZpS<E7)1!9ZK%&kBcAF3?GMWy
za}OB*vIl@4-~3WhxVCyCsh%%?9<CFis7~~>&F@%Evu0|UyDwg2w88QFX&R+`1_!ic
zysJIa9*P7+fTEn8qWMZT)%@t;_Q%rOF;91`MbR1O!bhfeLe~T44jfO6LOSgXW`E!0
zGx{DqcZx68w}%KQ@Rn{R5iFO#^nYZKC;A^pCj0C2t%m2)WXU3u>+drC(I#RErHR~u
zl6s^_mDW?C)&$C9QEZe}%K57LsLak9)+GIpb>Mxq$`IN%Z#kHi&(qOtW2f=7fqL50
z^|-L!Re6$75S566C>%Q4$B%V;w8z{xr2<{R(NTN16`M$hR7ONrG{)QBTrjG<3WLTK
z+c)v$;bpXwP>D*|O5iQ=m74=%!lp6KX4sBtHyO=q=zF7^py9Q8W2>`tTMP^MTQ0gJ
z7Tnv`_RRoXACA}&C%QtMd2GMuQtt=6jZkhI=DZK#cyubm@%{U#F}so<y}vq22KWm*
zSCiKYt;RamO={suS{u-Q|4bbxXL;1k{vX1@TIzA^&y>5S*4@VA&-1~}jGButros<1
zUQkVCa>kMWC_rz^#vo4Y27uqUj>$v~7{@;_eT4ll){?_L5fC3g0lBYWI0LXvK31F7
zKc=N(PB|mR>VKG)?I~Yw8G^%?$tgfb4W%B(WTWx`91j!i`woF4I0%vN(Q$cV1qn;D
zLhF6^E0<=me#FCmwuTYx2vE=T?d6C5!Y2=82TCm3Ef_|X)Ps{PxV1Si*vA<f)MI(s
z6lQ%mD9dsKOG5#?!17-+l548?qz@brFKcXwOjqS+4~ThZE=pI8j2NEiaCk^1#{o8@
z5r*UR!Qd^U+!x6c^fA5+x^<t>dDzwd&c_)gxWm~wfc<!|x-W>KguCFA%BxQk8>Nhd
z<(qkptV6{0f~k_M(uPHJ0rDk2MrG-Ez??LChZKpI8##cmt;ah2B<=v^F*%eSw)&Zt
zCp9g4qX$^tfJLGIS_ZRi3SY>&#CrZ<q63$DzFd>^<ieCW7*KQHX_qt=eLH<+F`qy0
zUdIde)`t3dvJ@M^2d&FxH^LmLZBc}vHYo1_OaCKT+D*p|G>aGMvQ)iZ!*_GG{<Xi_
z&>I`_x*sM*LMLDFJ3gBw;D$rN&Ac~PXwoh2X!rY0ky?#ce9;`V)3T<k6d-0^_kHK_
zx%tViecsf1+RdHARAuzF^P6tx3wqazK$Y!K?-Z(3l;?Z>sU#eSzld1F(btP~)d7)K
zyv{Dk{_}dWIi5MH_LpMp^652F`eurRH@X!L+thK187O9oX6J1`kEVgU--DYnHh#ob
z55L>zp4^P1mwB2B!WSRBk|=O%zX>)Rq<{gXpsfyh+UBNqCPl*2Y}_E&5Z4BprQs(}
zfuZJR*WcBF_ZgWZy%pU}A}4_6d?a){gXl%yE)Itz9_n4M4$OtiJT?7d*H3A;+=#;b
zaR_f%M)FZ)fti}UfH&9ve$#uq#=x|L2wp7MQgIrlkRhG3CS7jSpnd)_16xL|MtD?`
zZrUfKlWc;;H&LZ$Uv@r{J!VepxglV@-nyNl3GSZ;psR1+UkmC=f=CcUP#?is5=UNu
z1EvI7c$N0|b2c`$kVJXd>r-d-RMNP9mOp?T))<O@wM5Zt!!BN1XzpEjV+4^KzD2h~
z+@73aS~igv|G<B&ac(&S7a$#2cJ%r6ZaGJ;c78x*GAuZs#c}|2)R=V$yr$yr%gORt
z-$d`s1Sv$koJ}qiZTj(pLAio-$^D949>hEHEeIL@4&U0)Fd)=U!CY9xg{d_l62a{c
zXGh#$Y>-h3i<CdI4%BB#l-UIu(+uE(=rnZRim}}@wTg9CSPT|6b`d;$n5{$`TR&rH
z^D^2d;AwQItb6_x?0xTGYqFb42JAj+u=)p0CxRmV`;?3tS;Fyv6Vu8=5ABE}hlZRR
z7c0Gc2G2|EC{ib;QvbbKldbxKR#67Dz-JSV#r%C_q(LOCq3G;)8f8DMw7?pgmXd@w
z><#Y6cX>l0K?*wtO;9@I1vSRU)PZ1;y042h4r=k|4e`w37VqtkQ8R&+s|tBogDjlb
z0%PY?_Yi!Q^*bX{SV6Z*>NvbAPolrO+ySIgv^GsiX)z@=Ahujtyat6|%II|Tpc2-d
z*ls3V#@%6oZ0}V4?n%#vz;fZ|R{8VOww?v?6cs_fAb(S?f7H-JdObM@f*rX;?oOKP
z(EJ$RK5DkFHbtpGO2y*~h5sjFpw7iRpsJ%DnKxQEyy3S8(VVowe3Mi~A8bII6jaHF
zE{N9KZRlXT+QQk7F<R6w<{$5W`*;4$6#8DQaVH8gDmiL?K0DQ&GM-n+<Qq<7(r%>c
z!;Sv|Ijny<3OsDg*6E}gO$wb{{k+-?465`OhL1KW8V+paX(J~nO<GgHk`0siHa%h#
zg$X6oe<fY)^1V+*&WmM}>8bLJ?WcNS^}KRW{v&Bl96pIx)OkYKnmZgB&G|VhFx0`p
zV!W*v$-4lc<^<k1P04SZN*4vdlL63UzH?;pM45L?DyckfXLcKhhlrP#mjLCnTQAlr
zoy%r(H^mT+l$7-LNX$EFCyCVo=;pk*o)A8^66<HuY0zph4vUEi`PZSCIWg<A_cgV}
z`Y-zf@DFBB>A8UuVnOe+yoh8Ez<DjaFg5>nsyx*@iZ>zpG^QTC31EN2%gf3mT4sh+
zTEeg_+2g1rbsAlv_1{tHwKC=p6ca0!%%i9)4C?a`MvDdN5*#))^nv?Nq&<JfZK7*2
zD4XcCe0y)bR?&*&ym-OVyWU+SQ~bO&f;0Nz>%&R?M6cYB?4laN$|rzZI`qxp*M;ah
zgx17@(N(kZ3I6MAy()D$;#=+ZAo3=uq~enYd4?cixngnjKj(?;jt(@<M_-6L7XTC0
zq0qN*xZDZHx_G^x;Q$iqhA1RRqN1YYNBnxJahc0v+KPACJ{51QPH;s0uIkj`6Wr@3
zu(R+;g!9#X!O#r-O)m*4U<piEh3rd;hzQw;qiZly(TSO;myYM#n5hJo%X!B#q2*i|
zZ1ctaM$GB5OIPe(Q+)RBv-iq-CclR;>aO$#I2r;c+`#*{1`5SAk4W}wpH)=&yNsEG
ztsWLW@o&ne7~F32xI7-TiWK^E@+%z>n3wvK94U`%v}KV_)+EV<Lgc%i7$y~hLtv6$
zQDNGyGr9d?Zge73H~-u4ONJ!MUK8n34nYTZPUgX&FRd(p!#R;&gq)~@qlNhr`#VE=
zzLNITOxAdI!8cj_HrTTAaV5f0ywkwn3TX@K(I^p_NC#bxH>tJCRT;7f?iU-Pse;GS
zlBlZ+;s6X+#O`2K++{Vf5V)Nix)+ggAYbDp6bir8A~N?Iru-eC(PprolX3CY#dAk#
zveFjts&&F|Ktc0cb~_8q4-~Xs#)Ad;0HXKf1CwLd<@WawXnRJp*a@A1Z~cj;_AKH~
zP;X=V=^|QTM=wvFukROKE-Iv+M{a<mZ$7Nl*tPDjRtsq1gG*})j7D!?4jqTthEF+v
z7@Bu4XS$jsr9I-W20Sx^?GvWEA1#>l<i0Z5=6WN&uA3tpWQ_-`XACTVg6O2tZyp*J
z4oG6!L2A8Hq}m)q89%G~AgxcVzDucEQ>H#%O@76@SHc=(sSXOCZT*r^9OfSJcA;%_
z)U5W2Pv=@E_x>GrJg{BRMnu9U!@9pgULwf=QQu|?c2^7&Q^yN3@U1pg{cZx^s{Ows
zz3MlG^%Lm1qtM8ilZ%l7^!m@LS&mz3zp@foN4vEd5IjqZY4O?_Fi|VDDpXRsGA}gO
zV7jT9Brvr<Q<jIY$IXdjcEw-Bg4;^BH@<^4elZFy-@RdH9Nxo+>nc0{*sj|%f+-vr
z7^R8nsS-w+U}!q|{H|;k72{UwpC!_KK&bfBv(mx@Q+<&rdl%!^kV!MccW<~h60_kS
z%E>%*=Py+XfSqLbA(h>ya*Y%r$qF_Sa;nXWw}ncIzI>&$?30afzu3@y9h?0L60~>D
zU<K4aiS~+&x(Q>4%5{TSNY>CwFCENbXGko$Y*2UgR;ZBj0Sjue0v__cg^<?;UUuoI
z?sAAKii;pGMz#%ScCp~3sRv*KS$RK}8GrCc`Qqx%zwH(*;mC-jI58weI8qkV+_ygS
zPab&YR{eR|9KKhtBm%^F{qw#f0mz$BIlPHTo5xT_IF0gLogeaG+0%hqbz$wGg6GrD
zcDE_01u1RyeKk63_W6+{=(Z@^siMG=W5*TPPohQaar}ohgJb>mr!IOj1rr)J%P|vS
z!FIrQLVwKuJzbAZv(f-M+i3)>kx?&Tm3Og_+GIjv_$G3JhJu+)a`^ITVGR2~vYoU@
zC41Vg2yr2CX`cD<B>|fg7;<|+;$2jMxwxbk8aw-i+o{K8JIygIXEVo;;lgYCbR%7>
zsIXtv_y^c72sY$)XmSysu)0CSZBvi2e}hv{IB<F^LkJ|GeQZ5j5sWT7&7ZR^?Tjbb
zmRFLY$Me7FdJCv7x~_d#kQ9^-B}KZsOS-$eyAhB^$sgTa(%s#i(%ndRcYed|t<U>^
zzxP>dmTOqx%$&3LKKt4|p}{NE<BtFB6UcbeA>z)uXf*!J<*O319_u`}^8t)TJ+^QX
zG2|WfxKkw1Oyd3vyvaXCfY$k4)crP|{h&DlIaP2vdq_39+U!I1{m6X|3J}NS11nWI
zTpcCJ(XVQWlw;KeIxk;_#Q(y@02-^i7y#|BfyU~YHRO}I(s-S#7g<$SOHfenu=8rb
z1ymzXg&7~EC7VBXg&IudyIk&t1JLSnhyKj-nc;!&@VGTD=qVgBKjM>cfL79kG!Vjk
z|20$(+*t%@3~^pIz?mONNiaT8-D^_*>-iuBS_f5e#t*><R}9%@2L~A(DN78REW;}!
zfblbAcUp$tjvxe_AS7jg8v(c+a^M>|NQi8asCQs|$3$R}GOr)D7Y+TEhO8W;4v5v4
z_pc3&tXfB!4~CbWx0CIgKH|8_F9#0tI^Re#AQ1)L$augA;INsDYmFgi&oxBoPTY0W
zPY`0|R+OiF5|*mzP)RJtF_cfDhVDlG)awe2eWBY;u<puuwp!9sPB>bT)}io!mLY^Y
zf;+?7jN$*fp29M1D9=C6{cJ&*!m9hItJ)nHLu#>#AEUkefN|ZkJ)FX{+Xn1|$#y8o
z+Q)K}*<5R$>S2_dl{P4JeH<Neb-jc-peuiYd;ThAqv(4!y*g1%yHij1JK4)Uzgn@<
zvh2)f$HR>E-puH!RiGn4neS%7#`bpZz#OuY<L(_h;4v21Z1#9$2c``9vs4`ynBUs(
zthNhubV9xTKu(vC)w>)F42FqgXyv!?rRRyE&`#YjgnWSl);1kCBMG8e22<WZPxR{j
z$!x7=_-VncZ_eji<B3z#c#b<MHW4UJ$DU?%H6E$H&4=34g`kj-%x}7{7kk{58kNn;
z%7#vKxbD=j50@Mw?^DymNX|yt*zI;QJg7)|(2+J7j3)d<*xlFOw2B_`GwnrZ+o8QF
zd{CxY$r_o>K3U?pmK?x>LlKO>zP{sc(sc>s@$Q-zW~+&mQ`&5GI_7p~-cxR{>sQE1
zo4*R-kk3%yzO(s?b$J^Xe&V%4%oEoKc~<@jV`uc~+=WgU$hNnZ_t;UBE1kG8*sdY<
z_-g)@)l57-p2d@T^J>1AB(q?RS{)3VTZen8#gM#*p=9Oep&Mha!7_>2C7KqG(Z;Ky
zr%*UCMFoX8kXB}q&3qa;JDx~4qulG%=z!{Oy|nqu+J)iS;9=n+4ND=$PlC?ihuixA
zVkvE@ZJPeasVJFJAvTx#n9rD>%Hd)y4Nud5fmKekfLd)CQiUY%6s08jy6Js)52Zrh
z+7Bziu^h7U3C|Vi<w$U&eo#n$*5=y`Yjue8{pL9;iO#DACkS^t=9N0K>i}}yv&YDk
ztPoCVkPw#E8ei|q&`q03Q$&b6K2Jn(8jO&|AQir%6bo0aG58#F%@_pHYEYi;yfazD
zJXK_-f)`i1oSt$oJ(gdoe9J-cI)+L$;9fiU;T*H8xV2=tze92#;X<7yUu>je-x!vT
zWzFQeo#9K|j2C)nnYo$$FB7xvkq98M1A~G(nMWGWlapOFt(mOeb9A<kuDJCXsEQPm
zOk$GPtm{DUuC-b!pj7hr^OH-U_ZyL1e;P`?WGL2d9cCTaz)pL<d5}KZ_WUIllYgr2
zenVmnWmtVOJKegwHpagZMaF<us+O|!QCZ&nfchCqi_R8aeVXC%fmzE7jFQ{z7WcT9
zt7M<EktLMPsfQI#lg-12`U5Bu*o=u~yzl@-ys}G7Bx0@Am3h^<3OV09Nzrj44Si+%
z!j`+qEb98aiG1i7mwEiqz|A-a>9fvXg}Gscu20~G<T7*~Cwu#G$}#uWy9Df29u67o
zRWL|MP)wHj)a#|^%f#wzjn)_U>&W(W7`PwQQJZi8#jQk{NkI}S_imYoRHh)=?sam6
zr)S@C+dwI|E^bb1uN;Mh#NoqxI2PaMF)A#wL_A01pV6YWR4O&!*N~hJ>EZZ$D-4H7
zT6+mUHv59whf?L;6;s?Ea`n84559A9EH%96mo?IB*gpte)X-3E?d4FQ>^kvUuEPb=
zY*rk}PZi#xS&GLO#-!Xmez}T`@Rh0*xyqFNRBckrF>q{Du0ndRk1POTd-c<_Wta~V
z4sGihdJjF$(egR2**m$Cy$8Fc#bP(#S4>)@ZsdA1cka-vN%ZNaPNl)+w!b;%z?IQr
znh$oDFcStLJGm=}RFqQj{gu$s1QeW7ZkKym9a1df$TD1Lr3tGam6GAcy}50>s!y@n
zmQkrRvIVF)SkTXDuHis6Reik~#Oe_tdG#v9`v8a8Y+4Q$&JaPSNL|xNTw5<&><VL0
zIWJ3nVP$y#f;@;Pgx_d*rf3R|d?2z=a=oc$cr!tT3!Pacttwop<i~ks{1z?)3RnjE
z23uhh=FxtVcrgW%V-j>xD~Z6O`{U+7im)n+8$E#>x>R>yPPGpA^O^N3_A&o}Q~m)(
z+?uNa653#Ev8QVE*OWA2HMpAx(UlQA^Yh5$ulgU|%mkgUs*<>b-x;RJP%;i|N4W`W
zH0aE7khiUP5)@5e#nwJmwr`wE?!_@F$7zd2jIdP;u~<$neI7J+{e-?`ymn7HSBOyv
z+M4DTgg+j<Kk4~sz1*ZwW`l%Aq~~-xkO_&j9F%0@%HO?;_{3sR*ScKi=s>`-laJHd
z7{~JbAbRvDZ8nHClKH@GHl}vPd{~Q~xcm@uA9g;8bfTo0s3H-KSgw=G&KI9YyBgMr
zBqA-FQD!HoyLNMm5>1q`@X*sk5k^Hm$59H5RLDqVdW#Thu<i!*sGxi|Ybob;wn5eu
zq1B_?(UrA`A4j1aT1+h|cUY>~7(3Fcu${k4;sYX{0Kp;Ju!1S05gV<)J&@ZZ&&Lah
zg>nZvTGntn1RSj}ph5Tfi8$9VrYCg7Rh+FWGK;<4M%Xo&j4*hVQGnz+K=1+8kW@*p
zJSh|>>b_o5JJOzu{B>+GHmbDqXoXiG+j)ZDEvI!m{9rgt8I^@=-6VLqk5v>KPsrJV
zsO%j@>~1>tJ%W?h^Y{_0A%<FflSoR-;KtwpGf+}*U4YW#EgoH9@y8^q9utR>4Gi>-
zP84<B-O(SPsx79(28~YZtd`gl8Sb|QOhbWLOUF-8OeV83)gKA^%gPXt>wBao!7u^=
zqazo6lj4BAQn7IR!pwldb|<{O$uW(Sasoy3gfL9o@x#MdkVObVWA`!$%gDCZ0$1yJ
zP6mWHv|eqFMEP{Q;9zmusbGM=n@B6Whye8a^V00SG3%BH^(>j~oJMtu?=r>6H`OlW
z=Wui{1e?<PoK;<Bbc=gu`NNb4d#t4{0v*ZdmAXi@tJiE&?c8?>LY|`FY^kNUX~i`@
zpmAe;xX{KLyxjNlGwN7k88?oHS{cli3wx&o64;zO{Kyft)#;#TO4w~J_ZH%*{41Yq
zKtD}VtaWZD`KX!mb(h{6^E{SYNoR0ws?=S3F2S!+iY9aFGo`Samo?1pSNEVQP|L)y
z_2{)(8zrbEjg#+>HV{u0KV_w<H91D#S7>`I@NrzFj%F0$a<s?<neoJ^pyr^dJYIXK
zwJd+ZK1@{36smrUWunHtzP{uNdvW<w@ynIonlouMO)WC>2RPo4L9^|+l0}&gq5MI$
zzHaJT=$6Oi3Qkk9FovxcEmEKRbWu4%=K1tcaF4}em7c&eRK|!JWJ}iUIZ7_Rf7}Y>
zL5~GQ;K?2>)>l!-V~?Ei&t|tiOIcsKsjKR?IP5cr+&{>ByuYXt<vs*Ydlmpx%JOz=
zQA#3CgWTNwWtCy{4ryB2n$T_66%}aw=O;4<x0Hd&B6HkgZM++M$U{}DJB}Qe#&-%o
zKFf23-HL)gLp`4_fGql{Pa8%$r;)oM?U~W*2+^#xT6hbI-KDPQ<f5v>Q@T;8py4Mp
zuM@W`w*pyj=C<?93P~1+2Kz7Dt0_#c@x+mdvX$aV(Q+K0g1b{d?0rZCDvPZ4<eEB8
zo?9<RJPvmnUji=N_Ro8x-Mftv%PQyLFi<3)T2mX}PqmFfnxuip1)M88TZ_RJ)Ly=t
z`KBDASqg~<+a3u;e>V?xmjoKwb!u$cNME=Zm9}sN)~@f3QAV+RRGX#pt+J6NM1riC
z{SNP;^$VqXPUq`Y*imQV3CtJ~2=a<%>d1lwDicT&G=f}*4%MGz*N~zhD&dCoB2=py
zstjbsk%O1Ms*#h}P76e=`N_wNmTj2H6V2Y{lB)N<akjt_4-D{~dwY<wex(oR=cu$^
zW-;&WsD9s};wc^8cz%a6vm`y^VyBH?Vl5~^NwAXjz4$iHHOk%9ag2>YygzoYYdegH
z-1PibzkYM0JC<7c8@U3#O8iP;u&wQ%UH~0@ZCO5f{e^QbM`9MT^@MP%#lEf&8X_8E
zz40JDK^xM2Ny<gh*^z0xk+SenR!sE=F53r8oaNRT)&#Q|^S&M$c$%qrLY4Y5LaW+H
zMM33l&oIcFmFxrilBac+%ZC9@PqE(8sr92xOZTTf)~JSOQA_8L%yL>THgx8Rq}FLq
zY<XecMr|=osv~7~R?-06Q%^)<mwX!QYxN3{Yw~i2z-|P^8<ftDjy&B?p*OQMtv_|e
zxuGu01HV4xa;jsPE!{agR0FfK)GCdt+0(cmJr4@XX*HW&Vj7%SEJiWoqRs(ZO5FKu
z!xk7|4n%@4t`?dlmZ8Sx4_2PJT(0Jfr#69rFEBY*d(zqL&J>8wl*pUQhjvJ_ig{5O
z`+|A$wpoGKFsC1s^ufM2T(6Lc(0g!HqrQa7VT@=?I<;+LqnbwCT$Brk&iAcPURfWq
z=>NoXX4TzGUU?JCEKW7G-fxRYJkQdoS9~~UoOI4_)+ywtv`5gY`wRe)D$@xbHHAoF
z)u=-)H(3zM<Ky|Bm2Wj)p>lD??fF}yv1(SfK;BZr!f9fJenToe4#!}0o2M*FCZ#-;
zh+`Zr8ETtNs?Y2AN|@cvXV$GxiG41aw%mtJsOnl)&vww{J=4lRAp_6ky4D2Ys*8ww
zfg>#+gS2Zr%NCDXqmI|JJm%w}M^6@_Hlz78FkbDbDC1K{r)hT}&(F$PcP^I;Omd~B
zx`9@YN0&q{^PD9^&5xOl*F4qmg0loA{f`f4d6Mk5zW0xl*7E9>iLo@;JHnQ8c6uPW
zTNGGSPwgsi7JNxTMYZicmXf?h80d}5sqRZyN|9i8$AnnQo48`Nc(u@p0n?7Ix>=5k
z$LOia@&yKks@bTa$;Ja0r_BnkDx><{oI)inj+`p@;wDGbxYiMFW#6T3Oo8u->JC)y
zo8!+WbCH_!*&bgM?&s_ce#K$a1EUE}+On;@&-#&xTLw$2y>T0-Q`t?c1?lpZO)H~b
zEqCD#?6crodo>`;H90d3-Pks$Qcs9W#(({;Nh|%-f086UC|e@{MwB>F;;CLKt_m?(
z5)yW49-FIXaa(Ew#`E;xt{1cU(2c3qdz4TN0=F+4+?R%K$tXZB4D{}yk^xr+eJvMs
zSbAHf!WXRa)HPmeyI`l4tM=Y(3|~OiY;t_##}u2DC#?DhRB`_+2qYqa<v_i1f#45z
zr`Nf=*K==bVCu~>cRTI#l_6Z#YS^Vquw5AFQ~TC2W{ED|HMmiodfQX!BROs^Cf{o%
zEYSuzh`z9Z(;<&21<QdUMF14b*Ph+2ZOF5&42(p@%t*mAVq{Ww{ig!|=&TYN?#u={
z&t0YYJMC!axJU=8*2=~&hdC{shEG6op9GLNmFW$AwV)_1c8r&Gc5(Ams6ZB=wLAJv
zES9mZF3MvuuvIWZm;k7l)7qd##|}a}uubzMn4^Spds;u|VM}|SCm>hP1yeMt{lRv2
zV=kMa^<(GUc(-+>V;8w`xRNBmFib2YNq+Z3bqtmUUJblH_EoW((7h5BQ>ffF!D!+5
z8RS6fg0wWspa@17Zca)ob$U{qL@{VL;fBzQDh-n7o)ZoBjjp*#PTCAX0Y|ej^r2>b
z@LFc+2aL+EsY#wZKHMv*XXrE$BI$Lmb9(G`!xfNUkd$HzWc?pz1Cwp>^r({+kCKW(
z?A`O3Ft3R$g5oo~Y|uH3KG9d7lN?of&ov}fQ1`EVL-tvUiIS}f+Fn`ot(nGA@963{
z=&80XeIj?2dm!Y88Sxac@5H^B&(|K$&WuoFPzoz`yF*hKb~{TkXIfwP$+Jw_)kdFF
zgHxStwibGN>%Lt+TKuKhIPa=(Nx{+87o_dUpxB&8vZ9R__7nhwflZ6qY6B1`)igjT
zl?Fov*UCM_-??oEElPO>29ynycM1A1SO&J*6VWK=^x+CLe4E2LO`ordzfL{rw$Oyf
z`4>Z$2Vi!sA&Y~D-8Z#Jmtmd}2Jv<22NvVsd+QkvglW=ZT?-BzF4w1AzZp>}>X3UT
zT1WHvB{|RHL|3dxu*p|ABNG>^VQF@I!1l(vd^v_mo%wQs*C+a_ZlWglD0*WIw`!r1
zCiv1A|6q7ux~ON$eAefAX<G-*7GZMRk4w+!eSP(9>j3&10m9Mx%KViosB?QHYDD^1
zVr&}ExRx1zOm0C`U2e?Dc3^gsw9ak4gxLZe4Na``U^z?1&xFbyQG%UNP-sr3Kf=jz
z^;a$}j(oXdzluJJ89h_!mW7|*oKDC=U3%SDzdE6-9H;D}j3t4#l6oUvpjMKh{jrkn
zy$m;+c`U{sl`5(auFacq+}S13!7FtLM_SAC+hNVuJo!{KlyH#fKXPxn-^02-Eqval
zYRbw+rg{*yenM~X$umG6J&KD|{dri~skgSCgk`Py%BuCd^Q-2S!$E77=nU}(TF?1w
zd6WcVsUW(B3;>Ffg}!GHvb+jvlhGi=;jy~A@-tGD#T-gx3Zg=xlBr`f51^x?o2)jE
z6M%8OIuNx~Ma6HIElJKUL8F*UIcHhv%g62N9$Rhak51}esI{K($9uObnI=!p#q?;g
zSO@zSla_a?(rD;IBByiYa*iXoZiW!JFro-Im@5lHq;{pgc%M4Zx6`lQS3td()QP3(
zM=7(Y^8|W3@2ifkjbfkgzHek@9pwpsZS+Syq?q07s-3Bcush*DzoM4Q3b2#^Lb(^;
zEs0^y)F&ifu6N)vzLJJ}*7~jRVE*=Cu5v)px0*gQ6a!;&b5L1kDwV@C^cb?3XY`A~
zLjBDUppEYWkITE5dS7pL>?bEIFbmg^I5c034=U7Hur(IOj8r>65csQ{(IOlzd!C<W
zZK)l_ZF<Zk8Wv1W9_|_1-vlPraEf6&K3Tw9#}hwl=D?zK>#e1GwC4RnBioX`J=->_
zWjg(`HOZ9ZfXN_gb>Cx%V|%o7m1cgA$~7~s^VX^TK(YzUZPtwC5!`N6IL%4MDxg#o
zlr8JsQM@Hd{*f^2jo^7seI<`4<>g25EeQoqT3#X$CJot4f9yamGquz3fkJpO;=uLD
ztvKD6g`byS&Gu^*mwBAt4WzNKEa}T0vsq~u1<Yg7m!~sm^GXe*F!&=2^)3eFn$N6L
zsnM6!4sUFUAKykjF|VxveyV9z&wM@s#I<7GJA@SyCsxO8>9Av-^<gwp8JQ)HC0#gr
z=$r1*i#LGo?A-PoXV|n#duCJViwf#?e#n-jqZDg$8mz%&HwEt(zub(=w?m^8L6|kP
zVT5zXjdvy&DPXqcNe<Gc?x#Ldt$#kH8yi?lfx(_2H_$s(SY9Jiv@fUR6dSm#X1I%<
zza8v2g7f_mfNXuj?V?s;4;3~!ty=GFj{dVoc50Ra8;9{LredCqR!juOc~|y1PzniP
z5zh&rQbuke`wIn4>#^V}ajUgp@JGGCDtJ}ZtdEB)zeWhvW2b-K8`@wc%Rh3*d8|aT
z&w4AUK_NjJ8SBOtffg29>P{pE@oAO<#Fx}hZ3_@g=W3kQ=k2FA4&d}36XYe9t0{_F
zlONVDi|cMsi`^}sHdjWd&~>seolv+vBWstjQyQh*y}LDSotqq|@Ip(LjokASJd<J?
zKl@FF0z#O3_9T4&AlCmVZ&>3<Ih{%La6Y4kuD>F36$prM{}Jt*9f+!XBCZZ`DSQbZ
z+OfkpmoOGrS>|QT#LIK(T>>#wuM$#;Xpaz_dstAJ^mooGwU!5j8iOif%XEd(r>Y|{
zdTQ!WmunAUuK1WH_xr0%VE%I-84jzB7m$Z4p$E$RvO7MRB`RN_*;wPU&OZ*+nMdDc
z6?;C-bxnULwRtX>upcQ;D$sz6qbgJ`%^;J{5n)D?n~+9gcz8Icbi56ZnUQR&ka9Rw
zW8{IK<CB$zf<r_kHp{Yw__l!}G7P0~W-bh?O!P`Oqi`7hZc_vtXaSsc#I-D=IN&~x
zfzr!S;S%I<x&PeaA#F_O?b~PFlFA3vwn{{=0e%cde1R-jF!7FPM$_51A5M+;qmD1E
zhpmUPd|aY>pWCfx)iK0s%}~UO7ZjC0i36O11&^Z%@l62<7@SC~F6E|Kn@CBpfYj-q
zT`-*WCb#!mTkg>|j?wK&J&g?b$JiSc(Z&IsZI)iEGu6GXwd|K*JJX6(I>kdpYBB!w
z6Avb0kCu;Jl0gcWD|)eZ?KI&#4E)s)h$`sAS&XZmx!(BC__q*=)h^$(l?IC_H=i0!
z_0K4HVG(Wk!9AY94yGHyTr2wXDD?sjB_NIo(wAtQXYxS*&~ah9Nxp}}{Vr_a;jB!T
zf6ir^E4M1bcPPX2tUvdQ|H{oiP-oOQ-xo)N7xIBEP^>(CR4tq(B1iH*b?JS{Xr)4l
zMgriMFDk;{jSwQylj2BSX+yb&3PmOs5)!J=8P~b&%OiVK==!eT<5sjNZXS_;xZR5v
zHrAb>mh$Uh-gcVOdjSCkg^8T?JMS5+&TI19pPWA+d_bwRL73iD;MOfuL8;C?tK(<)
z`72{Jme2F#k$V>yS|;MzgVCZ&T!XPs!!+uI9(7v)mCzv!95KOQ<l#y0{i+FU*NY%+
zw>9$0cv`DsJ_`a<7=-oxs0@_3ri*{VW1SPAQ4?6j<BiS!3fejA-e^TDt`7SIQ^x^T
zPCJ?>tABZxiJ;Dp#n$26(FI^N`|H~X0EVs52HiYd`%DGXeWmzD+`N)YX)z=P_uh>@
zQoEfOd1eE7O}}J(d_-uBfB91_NdV;Xba9&U{UI<(gwXX0$hDTIX<U%Ub>?l0f;B;y
zFQ+-^uM95#=A{o4K$7SZl4xW2eg|CrjN7iyoeF`&560}&0Q|?4d8E-VW)5|_nT{5&
z=dn3?k}7fRW*;xd)(xW0DSx2x0Q`gY&G&k8YJM9LlX33ki;Ps;j3s>6eejcDRf%WW
zU`)D5O<1L@n1jHthicnRICE8|@@8`tXgF+kDzFy^I1b;yA@kH{tQ4AE9GG{l@0hnm
z9kJ?7#t76}Jv1}+$d!r&-0v=AOZ<T8$rl%Zm%}E(SE1G8HMw#Lwq}c4f)D_+O857j
zEm9U6owVyim@%FVjpB5Ml4{ejg|r9OJaiXYpU1msh}DXi*&f~2LvV>54D?yxbaizV
z>g`}|@9qj1ZSj~K4=^35^^w2jK-k(-9hFe|b_d1fN#+5Aw#RbQJj}@8)_B|YVN6y^
zwODLu@MwKNS}m`d3~uyi2^=B_1m_HA1V7M!4POYEU%EebY~#x6M9je?wi`!Sih(l{
zpZI{`>TmRTOv7GxoSbcdrd;Fp*~R+geDA?z12U1*s(z|T<Q16pr*IN!+{i~LpxXC2
zJD8ID`R(G#ZCb^pw;cZJ8wmE$=h!Z^x@;Q~?pWrL+X!kQ+=}R6R>W7|0DP0mqpQuD
zuo{j7!TSn=w@n|`U?Wa9vDRu39r-N{(;zP%my1YmsK7YgqPNRI6A2UTp$Az$XKFl@
zE&(O6%UXlfIi0VMLiV@U6I<;UH>c|+D=l38xS4g-CGxrNHjQjE0v-W7LV!S`3Qb^E
zrP4?;@{E9QvBnY$v~RqQuh#)g!hJ7H<m_>Mq-nPDL`084{Pb`xflLwB-X4>$)BgR-
zT9@s7i@R&2gDL3hLVnPEm(*e-hgXB1{aiO7y9NmwJXPcsmP{&ZVNEZDZib~$->)YK
zp!&2owxTls-j~5xs&UC{vH95wdXb-f@rOMQIp$99^uqDjMQO@8K`ckQ%k|^dM$~S<
zxcc~Z-R#1^-me}9f6}Y16heR5LMzpRTM4!p;|Xnl(;3Gmv=l;G!tY+MVOQ^I3~5hq
ztyld<o}-KLqQSwG@kh&ywdp-}weG%<P{#s(D}i2SYnknmQRxdX2+nU_SLrzS9jUZQ
zn6F{HUcq>IeS$F<PWC1DSCUsGT5RpbC0pMmP={^q7KS(`d^zeCc0RsnEa0S@=uyuU
zl5{Cw5?3htYMWbSyLDlzcDApFzGrDK_L!f~Sl`jLa1eSI6Q^B6Dj^}sBZCf5(g8;2
z^?<_`0hKGbuAbVskUIV=@c;W-{qXxpb_}`YrFr3ke=d!%7g=@TvbPEoh$sC>!1=we
zm90Id(%w1K5%EL>T#u=5WMt&1oQRNc6lh}bQKBjdlm5HcJyIJ~^!-r6Cl{bY<|opO
zcZjdR{_o3%1|0BU9l$ltH2tXk`(>v8IDi__H8Y8p^z^#;GTO8di5q&V(gD?h13_7D
zcNH3;AC13y3sDBPd24TB>VrtEmhm0n=Ku1V6N}%kalPWy|MK@WWF){IXE#AzQ|7Bn
z1gl6WxFPz0j@UwWm|*Hiz+h08?3YK)5zG8v0luCe8_v%75*JNu-2s1h=YQX{p@SWM
z=D6~;jNoJchrTZ)u6;2dnk*mMKYups`?WSu--QT+(rgK)(}W+M3K57(21M+b6*Xt;
z?V$lgfzQ?GUGw=B1ojI*zw_A@Qv4jhBNXLZ@*Q~A|9N?N!~8yv@ze95{v{i4+d7QN
zwKy&dE!OLCO*RVMH60if%M(8OKhN;O0d~$1nh@b9U_3xek^4dX7q)l>&iwoF7Oznw
zf$#dg<fhmcwy=ElMS1vF(5xPT4``YB8I$JUr?dJ38<zZiYLmj3c5E{j1_$E5P~{bv
zKguX>mA>}uFB931f4|Ki5!f+K16D@_{@QrV_KvQ#*Sd6LR(5?be?C$t26#hJ#_0|O
z49eRHxOceCKk5D}@fm)TKIvOK(Vthmg5e~75icx6`5+KKK-L;auhV~b*o)ysX5K4k
zwo1XA!P`T;D`{04<Nt4*)r<6d0k#sdD1V;rWsLN)0CR;JVH9jsfv}ra7+~l}NwOsh
z|9=D_>4g9&5yD1Z_#?E%tE&-%Sl;0OWuMCUcwI+B-E}Fv5a0gUg4N3xOl$r6N2A?4
zZ4m|V4gu>V&tQyy36#tSu#XhbZ!Lx|+&G@V#^yFV@ZEo7A=dEU=h8c$z=FRl%^CPY
zVp;DBecA?!?SO89ZfHR6aejtF{^c<!Fbm$fR~tY25jWlwqhoV^`KGV(SGNAw4f=1;
zV1a}{@Ry5ty<S$pf7+#|2ca&34RB&D)vNz3;WMy=;q<*bhnFRMvaxxr4#fShO9=hF
zgi!s!#Q!WI=w%72nH5}#B<Ls@?RpuO8hv1YHc$uQ<@5Rb&(C;)=gZriG*yQnefvK}
z>=ld(NjjHFZ%dhjkO<fxBAr-)&p$@i%8vSi;I{IA7{k1Sb>EOgtimz?JOs;(Gnf?r
zFa+;B(rAnJM2TS4#v2IyK8BybK!px70ldGT`M++)1HG=2(e67;1+fqRN_-s_*r7-N
z(p}2@6JPw-^BldMVmSP2IGD|UH?s{HSd41M+N~`>i!DrSPS0X}pZ`UIzduUDn2e~F
z(*O+}hX3>Kws>H(46wJ~ZUYC^MZj~AS9jOqGVKcHr+?WRFd{5?vtf<m%ptyWc1C-7
z4^l~ff%(G>e@=#fAJ_)^SDO$RDEx<Ir(amM7FXa6J57fG>@T>jf=?Q36!15%|Ij4-
z1Nf|$*juh^D!9+7x<_s8?lZJ5@BaMuf2po;x8H(Il7=JpccZ>SzibqT(7i#l%_h9^
zu(Z<aKZ|Vp{Gu)J!>yFwLOA=uzJ_K|uiK&icXfXs@b3+8!S7=)nLL;j{?7-jw!bU@
z0XL)jM|%u|4+tFt>JK;LGXW2e`QUP-jt=b3;y3S2ChR)}rZ*=DG9Wr&p5=;XqXaz^
z#76e$Xs*IyzB~yT`Chze1BIqS0jhxEKy>y4<eO2z$F)1YDgNc64~gCJAdkWU#r-$8
z*?@nuAQF#~9@g+n#N*1kd3~Qe`ljIjJyx#?ezU0S5S9zvpDzw~1im=C%6yDT4LJz(
z{)VT{Za8Iu$q1tPkETSx_j*f;5Z{Fg5B8n&HKR>g)7PGmG~U~D3>i>)x$Q;!{o`)C
zHw2fx&E^234sU#eR=pmium8x*gvMr;&JVtey~0x2sRBhZem{8PC6|*`u*2E%6!f2I
z!ZW4XETWx||7@_=JxX6V8Oo+-3)g0;x;EZVV5vK+t50`KQvYE=fQQ=D|1~a(DPFBZ
z{gJdXK_DJf5i>F|u1kl6j>2UrnY-}SY%))jrp6T%h(=>ojZkaVJ5dlrVS2hIsC14G
z_QI9`+$yx<MWa?rw%h1SAY21xSB%v&kQ8sh_9=Tkygu9A&6UQ^yuUu)omqAR2l(x(
zz5T2e92l^^5l^=+e7AiZ;$ozXL40>(kfGb@FW(=TeZjrb>?#e5T4~T<)O)y8=}#<q
zC)e5o`*)2$JMJ=48stL>a$2u}w#(1;-7x=iec1fKL4H(l-x2zr$n5Vy^6FbO3ZO9L
zw7gwoeYyo+aK~nYN+~~I!Fby@?}MYM3d7ck?~o<NkbOsB`2Wb`EdFW%mJHFLLb^u%
zIpLfu5-=dIiAOdy_`Q3c2}mxwcVsnCX%OEz8y*}9V0Oh<?_!^s;^9z+fRVM-5*AB$
zkY>+kgJw2kV{~pbEMYa)_sW_qW{W;Ri0IAc$<U7y&l}wjmP-|L^e|n&&)hn+Z^=KV
z@=fkTH=>vt_pT4&jHl>ae`Nr0TV0Zf{V&G>Lb@vOBACic7>;YBvP}OGu-SjeNKpxG
z_?;H1LjXZ-c$Xy_>64J$?HQWs<^Woi<Dpt1PQF4ua`Tgm)7j~%ZXpQHv_G<2={(1n
zuf^>)&uB=k04^fJpNyPbEXChP;RjH4Sy5e%J+Qal;IKblnPh?m@Q^QT-5!)e$)ZOz
z(A`yF!_9sx185|w_%MV;_XQ|lh~k{9yq7y2H>|f%Li2oH)*N`a!S3iH$pa4OvRD2j
z<{dXbHR4I9p*p$U($?126qo@fxbi#(9Ga@^_fv7&qktt6;xA04&Lxb)-c+!*fonQ^
zkR~~9`&+lHrb37zV2aJbK@|*ZFExOuX*5N?rMQG^+n~LWR&31te}V}TL;yfE?zNPm
z_yv>yM>XQBz6h=X+L_l+L}I@99k4;xM}Jzt*AY#n?)ZV(f^?}du8L!XT(Lj~sL+}{
z)D}u)ImQ6|R$&)-UaAPdUkCsuDmgO&!FP`*=NxuC_Ai)I#p=o_cs#g*k9U{y+rLlU
zEr><a*W~8Y7796hh(SFJWP|>)!U$uX&<GNKs2Z211Mzg9fS_N%a2l6jt#!Bj+?#fC
zAhSeT=5x5Q4%j>CX`j;sVxX(yEj{4R<R$X0gfw+7=l@Qnt9OlS9j=Yb)8KMRK9s;9
z9z*veU#>?4*zPfb^X2ybprjpU%X!(|@$B8bYV$957i7S!Z0_5$AoRxTgPed9$cux@
zp?syo`RFLY0pT$0Uw6h6Kox&5kSW$1oSh*UWc$Fi_b4SD#aQ1rV#N*p?nB1fwOw;%
zF$_v}=$<rBu?8PB6x6t7O`Xfu#rsIt!VoN$ac^i?&|Yi+P!=HX4fR%Wevhe;Oy3Xw
zVp4u8PviD1n$6y*!EW=-;hOF9<;<PH=E~P~s(};^7NQg51%!zlwPtPitppbZzz|dP
znAnnR5ENN|Gm-h+a|jIyDc>m+LWbX_J%pj3esl8`nId-WgBwC+E!xI;3(#!<6%|#0
zMPJ`^-LKVTBFEDLjUO-(yyB1%b@kABJlPw+f^|RE^2?H*xzGUS!51!_*}wW4xQTr^
z7MD!5XU{|s|A(jze*{o0Tdw0wv7!$MnP3(r!3Vzm<Bzb(gt&(>tMFzAu&*7A*Iz3!
z3<ncqj2<6Qc%m6q7De}Mhf=wenckyc{m_(DF4aoWa<BdrgmNodfb;9_5|jPQ4&qQ6
zPaIx@(1I+1gK7~hN~6>9XBr+y-8$E6s}J06DtjO7cz6BYVvTbgUno(2BIqz3%Mg5*
zH&tDD(nHsH6`bxA`{M109oHbEw%?)@ize-LwSc4}Kf@;?T$G;d9{9l|Qbd@_ZYu%8
zsN6pBrKLk6s<WF8=Z(*cpye{_=+f^EC5uQ7KncTU6HD`CRx+$2l9(LOZbUDpq)MEY
zdN}K1xKJ7aX1H$#qM_n)YmbbVKHsB$_#g&o9pk}~7K=y5%G9gvM5f6)Q53^5wV)So
zgFDZq`k@?-;1?C3d7uNg^SH7j?5YI$YS0@ra+zbN`?DMS1d{xHF4wD37H#QrQYq9i
zL+BRIXngbrEG9F9apRaaAZXAmo#vqsa?C^YzzArGBuKZ|j`a4<y0A^f$ZWbC<>%^_
zfgANIlY|Yfiyk07XY1#CHKd^4ts!-}-Wjcl39H4r&v@@{+6bJuP+pW@Q!H<LoL1&e
z>&*BgMVtc^BJmzD&;E}B{|EEDAi^olD_=Ux|L}xPkXN5G{fXxpPgGk$gYcO){geX$
zM@2QYY><8m5%^&EfGj>kv~$7sbuL9_i;ZOmVVD3>stLj5cn#f*@DkNZ;%d`#aKoX*
zC94x#+j5H-+klB~(6kR|uEJ2hL!g|#(vRvgna6YasD*<<A84hRFP+v>a0iSdEc-f<
zUg4<ZS|U@*5;})gmx<8-Y4shJ%$cfEjvJ!k=17f?4+J_9uFRT%_$MljDppN)&rn=$
zMin{0m4Qt3;xPrh+k_HfiDf5~{ZU^i$paIaEeH6@pcyT85F6ZXBPD}CYPXYsBnu1A
z60C_HdBeQ7-?~stK`l2xz0Q|PX%J&1Re}Rlw{Yz&avFNWmt7&rx)Edpc%DZ_epT(s
zaZ8-RXfpA&cWUMg<a?MYZ1%Cokd@?v?m*IqtYQGG?O7HLilQ;41gaGRE@##!K%+cO
zQ;}=bA)?V}@zF4tPmf&8+&SDiSmFZWVO?nMTyHS2QF_66*tN2f2H+!+1bV{^a|>1a
zgHD7hLI;VFCvoVk$B!1x>P0hR0U;ss4|rT|BEGMKWR{!2$hDp%9*@)k2Ue1YrN{Vb
z_3&hqvpttu(XRont8O@q3)bWp)X6IcfiEEu_-_1vB8H|2z_3}ux$<qc^`JHSt2pjq
zNk0=j)6INJoWXApaBk5l<&|yJrZ4TCC<P!=N%E3M$o<_`R_&agRy&{Xgk*9&vaX(8
z+n~2uxdJKmn_3`jvEqI$X%|SsQOcyNS3x1>4Zch|e%?cu+b+k4@{V|Q4@*X`TuA^#
zKpSmCzX#L3++@W934=nF`5k|x4HBEO6hTtuE8v5=OQ6z3z~YuuZBehWAfwW%qLuUk
zA*gmSf9ca9@;SJ2K`?ZX@n8(qp%~p(bz980$1s~dP-XIhUGFXL-t)fGIolkR&g8)r
zpQ|*Mw*{uVW#dqKEL5A594<emrH;&t=1OT?SNb&obdWsXe#|gNlhsj~#V1#&E4xGD
zFwwzmENaQf9R$_W+CJ2c?Cy+xa!FO@aMUyZPBmFwSNLQyDZ(Y`Gpp^!CJLg?UU|*E
zGeVtZy}xUBrm??$>v4{TR;$~oeR2LXO=5ha@_9Vs>QMW~^axMsoq?#vt<p%Xs)d?z
zcBxu@Bs!-fY&yZuCy0u0+37UqxclqFOq$kYlUTU87qQeydF2C|p2PoZAHTp^j+b*=
z(_MR(!x%dAKX^9Ii<5u&MkQjW(+}Hj^QT}-OH1@^IZ4U=^-*Pc)z?77Og)6zlMo;O
zBAIAo$(rwgWk!*fo6R2&qnjaIw0nV0!mb`q8U?_-Fh2w=DY}`=eC-wP{zMk%*`@HM
z#~5nGM5;YhCA?_kkyJ&5F{guBptZYsM;EZy6G1dBS!dQu4KW)(s-0;~Day(!_#AiF
z1Z&Fb{D3KAI;kna`x?zIXemH&d2gyvI)+>^gU|QPnB)`7hyH1=SV~nsfJ$S7K^*Jz
z)%)RT+PH6E^E1}E!GU7lxXD|d=Lf)_WjTJHyU}Gp>1e}X)tP1ShPA7^o9x{hJ-u)!
zc9qR9zLF=|ir$As`{I1NO`SI|eT9_pAoY`_#_Q3uO;1cGjBWf?8}O1Au+8;#{?Cf=
zR+822EA{R{!>Qb#YpuD;!*j9|@IFc~lIYd>;UfUd2+v<cEWzn|1s{S<mn;;9%ikS{
zVO;nv*L1QE$rR}DcOQ6theb)nVmTko?zAgrYkTTueF==Q$n25KQ?H$ws;^T(ANyg8
zND-vj=wM9YuNs^g6SRZFQ8V%8$s+^=q7$8<_JhZf0-CMrBYmL^LgdkbE4~IK-(o!L
zy~FOjVhYd(C}_G=-8|BYQsUuy#dA*X#)){BfE%0V7u?zP^}1`b`ed!Nb<_pWzb5nO
z6X97LTjd<iMH=z0w?Dl6wIMQ_)uJ(~^G%tki_7)OtlsAL+jG;Y0yN^s!AK%FIGVRg
zB>MXLyGKhT*CE93@w7KqLx5i1X5(n+UbwTZD{|;vFTM*eMR33qD(DUI_oM)BXovvI
z(CN}$mnH=l9stO{ZS}Ty;0>e^-JmCrrwu&BHYjFF3{)IFi7$-%PB#gN+OwaeCXeDM
zXLjn#8))g0nP|X9<os5{WfthA5Y~SD4$-9N8^qY%sY*$}>1O<#@_|K}igq}h??1{f
zl+A={9zw_v+%U#PMn0<KwS;^;>12!|H17~FKUMn$#6%L8b@yXp=aJzAJs&SI)H84S
z21`PF9EN}SZxA3Oo@O~Cwyy#C3A6O0vN0DuSk|NBG}SC4IokgIH0eM$wcVM1E>T#P
z;*d!@M5GKA&Vd+;I3=RTW6udy4NRTuc=0%D$>Y{%uoyj-?br_P8hAz@Dxr^FUX?Gf
zWVnE*`ZADWv;vJ>9?D~r$bRdmo4l#bTXO5lWL9+1Q(KlO3&5c^_!VD*(FP29aKBR{
z{$^a9X5yTtDSesX-r%6uqMZ@?Ehb{ln^KMP?;SwOuR>OgbO?oUQb(6iNdCh9l44`5
z4=5556;+~G<%Whv*2KzJ5$x&HrRV+73~?-cbyaC=!oYPQ+fLW%I-}7~6Dl>H0jKK|
zq|C`n9-v1RgVBSubQFrd?%Mc@=XM-3dP3G<Hvlv8_<YaETeMf6^~Vg8Q@8VT3uIS3
z9;Yrpd#D<$b)C8-HnpAH)}0Q7RMs)zvNN7?@wr^L3I-`%nDvGhjOZ=dA+69nUawHQ
z!?V8FpWmtoU;Y0B14q2PuETqK_Z>%V$nJl=3?i=J1iU{<J#U^N;n1^^+3e@1V4dG(
z1{;&v>Wy2aRNoUdl3%4u5J;f*&i?v^Bp|r#M?2=dHBI3kskJ5mB(hJJYNy>@dxljQ
zGSp!=Iqai1Hn!yb{22(xaj1I-<YAgT+>jvThID^NLP9#QvdvMGo?aswYoaPwu-_ao
zthw42hkS!Nx^S0-R~4o|<E=(p0^|+^zSlVH<WQe3QedT(p=mUqq5ja19z$4VHWdi8
z`uR}=i%upd(4E5Lsio>24Oc!IFIVWbrC%PGRAsKkOoZJ<pY?O@@&1~O{qDm|;x{Vd
zGk->C*WQPrnH8D--VA~KZEW?v;O$!)*$kg2qPzW4ag`Gjau=D9RRkDTFRw;R-c17v
z^=|R#k97T1N;RRl^Kn`ImVln5K?c0X8g1=occVVOiQQe`kZ;CG(maIp+P^F{I1I4=
z^2cjvp_Rqb1mb`BO2zXEAWxYXy~4?P_bI?qnPs|=L6J?5zJ0pijrOIY3heHx+#WWY
z+UW%>{4cUUh=KxoI=TW*Y}CpL$}iV};F?@Qg`r}Kwsb;t9s){hd>0M-O=We@J)_C$
ztH>5HlYcG#JvX4%oYDFSg=K;~@;S@txjW{nPd4+GyGMB+d4;6=<Z%maGtu?ArMW6a
z)BMvvutW_JsJo*g&3yYm&lIN@Z<AB4yRMU7aLZq>ENd9A5VKKdg}{{<8ZVgh>&PjY
z3#OW6Oq8J~nz`c2c&RF6z=1~5kBenVAVEoo+942@VoLKt#U%hmQ!$>^aA1aT+KJF&
zt|Fo3W({r$#}2U4^6=D$kie2*0Lx@woZuizhZ4O?IiA(|43%6y2cGNe32!}AGQDA7
zf%p@n<$N^I@UYz~?lH!EJB<57_mPiN;g|IqLOr1L@8Ym_<>d9&AbGQ3Q0!!-vGkO5
z{(UC`^o|k=5&ysVmi!ptYm=u3=RHm)Pq_if`7fyc&92vFM1y$I=H}<+vmfk%G%nRP
z)3Q3$_wVz4(m#ywqPqa;UP}27-M(2cT-TlMKiKp%IJ~?#taxuBH!}5z;L{R>-yKPg
zza{kn#bUrhI73md>NvXt-WZ~p)sLNX?lx>h)c2-6VT?B6?Q&@p>Jn9q4SUiv=>X0p
zWf_RH%70EQ8<BH9uZw<zGPF<EdNj5!Suk?#g&f=+GS3+>HA{yVwsjwdvL)!CtCs-*
zhcvwB`PQ-d!K_zGOvChtD!aoTVKD$;YOI#@$llw&fR$BRKu@s46OsSVki!Y$i{Hj+
z5#uVHtc~_B3Y8P#t&AmwvH*-Y(<%4L>b={sKo{;){Ey!>+0|<k^Ok5-3w!0)0oX_6
z4+N|7Q4THF#msFpfE?|GDpT=hmrFVM)-b9*`1kaLWAr<7l^E5Q3rgKIYE=Oqccy;q
zEa-6apCsIV`7$3+-&ra;uJ?pkxZ7%E)ClOz0@bchh$FnuPmM9%w))7`L~CqFA|D!Y
zq9yR$PQZY2ONC8ftkJOq<;QvC-F&|Oo2U;~p=&lri)=Mt=A<zq5}j72<AGEdq0*MS
z0&-^SWzM_JI5uL%$wK9@y~%uWApP!Rc`R9n0tBKBBbd{o*FZ8GoMI7nflM;HN3_*)
zKzSe}pa@I=*U)c85J@{W`(~BK-bj9%T2oP1yo0;g&85+<hLb%bJe>UE3Hr6d+3C70
zqvOwBVpS&H43*nT!#NuIGulIDdwGkW11bt8;{hRXw)~H}v%E3;eG#87ZjI9bE8%vh
za-^4xW!QK)IY&0ESUyR4^UY%%H|X9cS2Z25SBc0K^6-I-J1;5|<C#X+XAf{m%x5-W
z5UfI2=Rf{O)<gh*h7t$f{Usc5vzYRa`Ec#Kl)`m~@W-eOX9r*FQ0)TgnNV1_G?5h?
z%uktrd31qy-Ow)to%Qko&PYl^=P%JPC`1AQ6viqN7d!P=1?`{X`_KcR5I!QMbGhAw
za~ln^a5x^6)j<u!(Uh)rA2)9e(*Qx}&lXD}8kj4_aqV2LErI}Sub!R0*nQ6I@P(tG
z@N&O<NE^^!jIB>HE{@zzbq!s1p9%LoUF&A_rXn|Oj}?&~G(M(dTEy=DHNx|pB^uRI
zF>k1@UjhJ%kPnv;<TOY0t@l>sAV?tyL=kcDk~%P=4wIp&0u>!5gh+J2VTI<tWq_&~
zhNQd~`x=n9dLX#73jQv3#-EsSQiDyrM5Eqr0%*V|qvU8y`TZ8?7g*2%DC)GZBwj$d
z=-A)Pn6^PbqA<yodc1a74`HE-J)U`XfAjWjb`p#Axa;HF*jNDF=J<pI5OT8gxUoPZ
z^S8dAx&>SYvPapQ875<TVlX7zBvRP9d3pMFiKG&V4@{fGDeCo@Pd06?#JloyF_pm#
z^k*<Y`3y=FqboJ`M~P@h0UwnzosWjyE<h2KLZc&&OTN47lrPVdick>x83I3CyW*Yo
zG80~!#9r$4+}02oZCQX=EC!7cx5uv@PM(q%*I^qHU_pL?5S;uQ<a!Zx(U(w6Ngd6B
zXfhr8-!r@yWpt4hgG?^E!f+%u1L|n8g&#O0CC5`L9b2O_pcd=Gt?20VKFXf9m&Nb&
z*n>)Vh{LBd1Wc#Vfc8|$H;_EMrFmU`DI88>(|5Fh1nbk;c65OhK*iGm<~m4dDsX7z
z3Ni@$f@I6t;utYQbyW6aKa@r$q<JLq+!@t0sWls-fkZ4Val1N-?MWMZRDWMen0Pk(
z9B!d=6!i{){^tp4hJQ+v@&e?;a5!=_bdKjLlK=^}&>|}N-1ZAX!}j&S2oDV!g{n}<
zW!rMf#i&GbJdwCk0ip$>U<v@^Y|B}S?7q>C(SP`(iOUEjqLYtXdA#@v6n@;?sBi2i
z@uSrcN?<d)LBx>B$KrB|q(8gX);1i|TJ3hn%}1%w#L}iwL6vGX%SlTCZM1*GEhxGy
zx3DMcJH}?K^{7%}$se4~XEGPnCU+;D*CA0R2PA3bHq_z33Pt##5a>lKw>xAzx`tC4
z<tB`V6rzIAsj^mA2li5Bk1&Mb@q{p_lWS*jly_UZhiwf^cH}2ZTR+3QoV0-@vf4IP
z7X?7Sz%&IEkq}zh7I^?VS=a>DzB;w>`o}Z$a+d#d9Z9`J76JjtHjMuG@?ZYBY^cE`
z<5emY$N*=$sI0yo>Ne1E1uziOb6@fuegeV@{Gj7Q%0dv1n<3D?9@x=^=b79-ZS!V4
zfx$S>>DVcfDX2&9v#SqCP5p|QAQnyAtvqGGs+elM0dUt!WeQ_0egsU>ybvOy#j1)P
zcj-OOdhDu(10>==4pG}u%?bn2;&_kX&`_iD9<#(wY6c|UHq{r>k=vs?PGMWvOu5~4
z(KXm|%^Tb}pJQaTWe_PWe&eFlaEqTU$WVIKArRuTiv$Fw5Nv2QG3H|cUj+aO@?FDN
zsx0<QMB``o50@>LN^8WP4{Nn|YqjHc47<#hcfxu}f29d{T<wxj_VHxo<|@U<ch1BS
zS279Qes&3hj9#BpJlUPdy|~-V`WG9MTOBVqGwv4BNQ_rM@#vvE0Z2-s(dpSZ65wAJ
z<iapyr4kjX)~5lU(ctfyJ|Mu>&H437C_fPa$ZN_Li!u5pp;WQqF`wrwcKn3!o;{h$
z8hZQ_x{Op3bIdzjPMt-rZmG)n`mkG1!=4pZ`{|;&$;3j1{K$%odfQH@yYrE$9#xxv
zBAuehBKfp*fMQ}aJ!1hp(!`3-{ZS-4>tlFCbLhzbi4eTVI}QwQ{LZ^dAMU>hOod=I
zD&mpVo>ac3DBGZMJ!4iS+6Nlp*T5X6nvG0&1H5ucvOjOU2|V=nksyAv0En+2%@@S;
zK&x3haK4oURqJ;(oX1q2Uj4P03TYmP$79imAp;$cl~!W2QYqJ#$dpWCvWH+gIC4;u
zVxRKe2b34qShiYfklh^kc<{X<uR<xmd+-!!vztw)5C2_y{cEx}kmXbdq{a6Tp(AzE
zuX+1GusdxL0uH6&^7o`+o?ggAfgIaFVlb-1Mmj7M5<wt^36;T6Y)T+HO*VCQDiF3a
z75#Fr#0fg-!+H$_vs9s>2MbpcY3bmC{75|LKz3UfQ*dg?#DRiM-0t^eaR;yu)?Z%-
z^}oZO9oe*#1J38XFQ(pt3i`@pYQFhs#9~~DhQe$Z*CU?K&7YeeV*#hXp+lKbaU!J#
zBaEcc@B@h1>PEa`uU*CKy(>ekQjvyKgg=5T5P!-CVg!?QwkSkyZhak%u#|4W!NHS*
z10aAO<Ys#Hd&sXR?Mi%!f-ok=vs+E$K%u)!&(Hf4VH>G3FEh$^S~VM^<LTvdBotDM
z?UeK7VjdnI6z+h(orvrXnyk;}DNghJHec(hDjoQ{v%}8O5{C=+i<g*}_fvSK8PfoE
zxOAgJZ&UT2oD#_OB7C@1!zj|xex~(e)z5Hn;dkGN<>~X0B$l}8BCTxgb%;Oq{y$d#
zVhjKhj@a#YSpJ6Pd_cpRuNx?gi6nd|jJL;y4y8VYr)CJej|T8tZ&(`d=OWG)_ig6p
zv$H7Z(kqGYFU)ZRyQoBDCB7)*aBx$=CAs5VG?j0>8dZf#oa2{N$z~!E`3dmW_m!(v
zn~6>0my`=a5a{-Wf3(5L5m^n(gsm%}rNe@IBOX&IKwwagdbHFi-W!ISaet7w%&PFN
zSQi+FCB?wQQ)P_-G8y=PXfA8lI&uFD!~qjsK8tq<h#s8wr~~Po?p$d=seI$L$#@pc
zE-l<su=gh)5Ez)VY2T=BG>f&?dI3s`^<0H-&hv?T##hkJ?>glHy+ri--*w8yhjKjZ
za`87}{>u3;#mEht4CW{4-%xSfCBrJeM5aDsuq+>!FIW#P)n-45E^ZFS?M9XBlQLiB
zR8tyodmwqg!=aBK)T&T}f(6dwW%2Y2uOHFPI_XQVLfsi6j#9Zz={&EGtYy6Y-YO;r
zOm=o~r@I<mr=Y_TApbw~(MSg9L(Tnp2lo$s{`KgrheIsI*t23qlY;4H@TX@)RuP2*
zm5}d?e^)|^2zVlU+#0?E5>BO4u%5|Ark&MlJ+uT5S6b7ii|FdgDv8mn(0OcDd66mD
zk%=YZ+t7ob<hHjwfhhXtHF_C{V6`%(+*oR1pajW&dpNt^-jj|x@!%ZL%*@c1v^{{^
zMxR=#D83?+bPeWwwDG!;^SD^CN(B{g+$TDtYk2b(yiipZikO-c4vkExh0T6<dI))T
z&0J$qvccwvvA^CKrsS@wV%!MVdiQR1IfXD*x0&uG^Tq*4Ik;oeT?29=OfQ6i@u!M~
zN}8(tlLT>8>SDm~(@AQ{P=ZnOxdJA2@Zs#<pt1wZq&{t0PwEs_TfVRvsYqnv<vQD_
zWzW*mfq5YNdGE@_$>C{eM&4wmBt;EvFCNH>HJi8+bR^UCuP`0~#N}|FY4f}D;XIGz
z+7Qh=Fg8yh9`I<$p(9sc0BtizwfARsul0c%Y>Vk4Hix}MRZSru|A{~}PZQC8Zor$M
zP~U=1QI7l$k6U8B*WE~&Yj^JX4I0H6*H1V?>iF*B8e2r$?7H5k!x`<}#rnz~QPA-D
zHccDB#4ih7y08kHM)!NiJCD6u(Ah`u7vlSP0Ucj5g~NXQf2_TASXNv2F1$q)1f@eo
zK)M_0l9WyfX#q)*ZbYP8>F(}UTIoi*Q@Xq3%*7VB`#rz+`@ZX(@4EQo;X$8gt-0nH
zbBuf3_ZY96{HO}oh6^%AOWtH#p8vxSfX;GTGC=>Y>UsJ*ik}h(r{hw04G7addiXTK
z)dN<hd5Vob3Xu0}QmSNQs8`y#raSY7&5hpCe+8$60gmJ<2A$?iuW}HSrv>ri#kF=7
zzrmHUgM>--4cO#XLyaGY<`NuMDNdJDdb9JuMxbErV(nB@Dl;AqoU;2ViN@LjLjFWB
zwSc*;Tw(4fuP9LGY|MVRbz7nPneosM0NDBak)Clqn~3dtj^m%l05S0~(9n{p%bibG
z$b7#jDhAF?Roqq;3oeYDWa*CFN#SV0M=>M5rG!QLI7ohigLm$#lZN>5()WrBh%8kI
z19vtoVPtXlE>;qukZ<AHWED^+J*?6Wl9se?qotaw<@Z1=!RZkZyKmSrmS}%_?jxul
zAyA%9oLD;1Ireh-iEC!)UkPc^(rF)`o%IVWx`e57CU8533(dBbC{i6c10|N#Vy9um
zn}BWrpxWJag%X4aP3NY%7^bWUWuC{+`qDp*F$o9C{z(zCyA9}}HQM0}!oMP|Z3!r$
zw$+fNAw>c)XT?|9Dkk{-e=4u?mELH262E089-f}<6jh6U=?fiKTH=h35Ugk7v2D08
zrqtK?QG07@D-*87;;rNd0~(EX?}z!IVr?O&bUeGgi`ikg70(^Y>+(L>s}>+dZ#wu#
zU!H<`_;N<Vo6Nn`RfR{#(sK2J_T-m)JtZSBuN332?8Zu0@GEU-q5%Q`)Fra7FxxoN
zLt~idB#_3Qngmo>F469f85d-&FZCp3)Lp)k2Dwgpv0lfnnnDtX^_rZGjXu>-8qaIL
zm(awt>}FKhC&J&<-F=X7=qW+bs+EZv*6bTE{O{bt5@t>>5yWT;`>wa)mi>Hwc9j5n
zF?5RE{7i%cKWEBmz0CH@&)IQ<1&ynM{pj{FG%4|KzGR#@PMIUM>q@^%stNV}-=qiI
z9*Uox!6bfYHIo&VF%E}L{rN1Qsv(jh9GEPZCa&5=XS#JQ@VJ%#V^0|!@s(f1N08Xf
z>>y__>a{N)D06&<qfZ%OYy_E$f`y#5(Lx9ssaQO)h7>>QGRE2UIkTbMgt87@T={m%
z$L6GPKcA00-YYfaC8v^W*6Zw1%6lcGSrQ`#@PfP06+a(5SaSyqPLY|JQ)5i-Utp<g
zDe3m2YRz(#e!Ohgd)@=ivGR@S(oLAL+c%N<b$p(I`hmXJ&_I^qx3dqq2Ld{^Z-8-m
z$MU7XqmKgo`0QUqhqKkur3_d*^9MQio7Lg3MG-qMQ$a}aW30?Lu5Tk<GDfZ=Ja4)6
zbHjS_iB8oxN|M@_{K?S4=X=)gL059LH4ordn6e50(H@K*(ZVF#jBDyDf&F=WvbWR=
zATNdLLy?J<gXLZUA9zRRt(#r|uovg&Wd_#Oprh4WZ7R>{_j>`N)#h={Zy)IwlSp)i
z)8Ke`ctDZg{MuTMFNgv`Kcj9rXO?`btUWLfWo<K8zFsniv+N0V(ctP(;7~Ic5K4rR
z(9?gKd}f;naH&;^(&E>>yHKjH`JN$;mj+h^#SHe=#@QgMbrRAM!C!!ul@DluL(~ok
zzcL*|A+7t4%;a*Z<m#1HpFQv6g(`L><Nn@z(2E!7Fk^dU>xdcmOqqXI(r5S}3q?uy
z$Of!sK-g3OAT1w12K)#i3YuKlT_lMZIK-bVK`B7rHL@y~Y-N6>njwV?u|EJ_>-V>O
z!Aj9!Ad}$^>@k(?caSar<k{-aBj(7F%u;HOBoMfZ*5O}fG?)$+d316DkX5pr&mtst
zGs0D0nbG6z0b`Xo)y$M3fa+z7gtW986<>G&kRpnw_Tm4Lbo{~?227#RkwzSS@xBDq
zvN`f%L>zx-e$a~<1?b)|=_von{0O1l2_KQ;+0+=rimAQfISTnCGIU7QRWq_l0;%}r
zJ?(#~2%y@u{OVDo7_j`$)Y@}zZ9*>EJLnt<5&ZAL_CZ03Vc-PGV`!&8n3+NAK#jZM
z5B_W6p|vN18M9ObYmaKi{F~SL3vNtn^3`Gh%r8I0+n=A#+=Fd=?2(X=FexDV;zc45
z#*M|{KLYtpE;<koShK{(LYzFC@83g|*qiU(Kvy^U?yuX|k^+aICE?fKrByTRYd@TR
zEfA}qx?kpY&FHlwf&8__*gZhbtafv=&3Eztw?q2vnW~`(d5UB2;Z216l^0q`POobk
z)&!>K*xxBwbujpM8tfY=q&)F9;Il0+bO!$QOnzVKOdddG_J^WczWz$yzFk08KEZw;
z2_aeJT(j|`eRk3{Z6|g-)p#)f9$6{Qo8eVlhnwZw6y-a6Z{0JMGE6}N48rvZTdLKa
zq$f8{<3A|NA2@-Yr{uNf2(CV|^Ub<!k%H*Ka!C`ggzB+7Uy8t^W8VEIz<BWhqV{^m
zpM`sX2W&etQ)~Q?`}bD*k0%Xe#_;GNJ@-j|FPWMfSc>jAxUUwTAcM%KANZTGI}--o
zce|k%)ly48l6La{$)W=eFSu@{hem&2&9)eLx(*Aa0+GjdV+0cW-3LLke?Q<q4`=8#
zkX-=Zs;ZCon?-sA1yGhtGSsARX0B%1*=<dif`vDJJ+c`g=vtH8SRPXXeE#8#Rw=pJ
zjl=oRr#iC({o7-T=D%*9r_S~B%<^awRF<&XL=gD(sT!hSa~8zfC`&kTfqmkzblQ^n
z>%ZKbgTK}g&|blg$YTmJ|8+NjFAFZe!V=!k2MQ}Zl5GCAvjR}AOIDKNboU9$z^xbD
zQoDNi2f^~sMX;lScD(f>gXu2|HFLSP45Vv8(f@841pgNosSN}m-RjzzzvN?7(9MK_
zM?Uw{(2Ks8bC_57HwXN;Rb0QA5(6vrF3#TnrYb#=aJ`iTP)WtS;Wb~(Us3B_)9NQk
z)pKkl*^(yds}#3>;N0AjG|bphj^iO-jTFT#0P@X$BS@oyU--Q-|Kr63;L<?M`b{>+
zWu{-&W5;@J-B-Uz@7~IS7$b-vuAcj6Yd}(&1>8Lo9x?D0g5SP7>HSAA^Uv1+Z6vt$
zwi3UhUqXTp`q$5KFXxxO=qXqzP_(((IGhlE^MCo#h}v^qF}{U14eM$Xzn%afl|d#s
z#n7{u0$es9?2}HVyVnTuf9$*KU%8_GUY2;Sj)yom%R+j+ECtf;KI`oj$68=t)0+OW
zYmnbU(v1JlpAN1ho~!Dgk7l|4=sH4)&Tm&9ULq)A&`vLv<-Gaod(g(!P44o%_dNa<
zJX<8qeKigbzIZPCOsPqIAU8_@Y~_gL<UsZ`T!sH)qvc>-4g660ep{Ow<kh?59?5IZ
z$^38k0_-SKe@_<3OrF9ZEmAd@;r?RoWB-rLef3uc*lHDwVU#M-2pHsi_mI(+=bHQg
zb%S2Cu1f&uQ30m~WzXQk;p)=a>SUMXVr(j8YU?oR@iU{$^_`tB23jL<R%eHA9sP*#
zukV=;;hyf#9+!mJiu-AQv-{<g(S83VMftD<im<(wi)chQS>Zb($erm=2u3PfJp6y#
zRS)w)r}%45KlTl$|CZlr>C@MBw{F)D0O~c>Na~prO`Bez2O^wYOJITQi!e%`Q!7wq
zx~MU~EhOj;ac}qc%QrMq%ioT#3@?&ROJ4+*7d17^d;a3%t~8NKJ(Pw+#`{sAellMs
z6$dI5@Q^NWUR1NvLaCP(GTI;abX!Axc6mWJmf^gD7H)^*4@gLx1^)?C{ntYnP<cRT
z%ii!h+0rn@CWut#4^3pw&uVMVc*Q(5Q9o?D;%GPsiGiXFwU?2~Uk%LLKNIN(dv8tD
z3N3ZVN`#UDy+UXKA3^(1Y(A9|J+g{g$0e4grm0lWO1<dY>homADXd!{0BHuIfOb|a
zQZZ2EeV^)bIhCnzW38PWBu)C5-6FKDCf*wrj0fZ6;o&)DV<~1cUzBFrHwJxSvH-bI
zsk7}t-m9{77HT_?voHb8vU{`hrJ+U6i!bK_UIB?9#R}ebtQwA48A4{hR+${4wf<W|
zP#W=c_s^YR#{sN^+u4(W=a&!MR=alVrq+HwsE9tk$evBt&MRK*DRC<0gC}gQo3k{k
zhnzIZGY*O$*75#ggrMRN4`A{sC8$->VL+covbHHd`km$33sQT*PYQs+iHKGb)o6^3
zJhG}Z@Y#)2v9FZ*9S0=BdJCYM)h-Vo$D{QmQQ@IoHTB4mavD`06a7M`hq$-`h(uUF
zhVoR&0iArHRE5cCk6*PN6cErTTo}w@aCw|wxS~*fJ{esoG0#*zdX%mDCEr&pi(VFC
zY5O3}Wa7Qm{<EK}>X%RI1tSs&txy2I?akNyV^yKlS!A~@TD@ti)=Uw%1e;b2h4is&
zJ;g77aedk=L2foD1K;f?YWZ><@MK5>0bx<3hmRYmivb6=nFTBC|4<Z^QE!r`Jfsr2
zG_n2DwaKuTaZP^MeZeH>$jG-~O;F&GkkZje#In^oBCfQFSc9K`1FBE}Tq>FJmeYol
zpb}5VRsi@~1Jh+s_<kJ6`vGF<BDAzNx~B=gezi7H`6ckny(uE0<2?y?L_A)eZ>a8A
z`8WB*YRL`7(1Mh?lZ8!L<6yDA5m2jTN4&P=)zo4sXIASQ!31;S6RB`|y>{KPi)mWx
z{0sYo!Qo7yj__5BmA+|1Q8cV#&f1|Uz;4OkO&5;LEZZ;z@!aIw<{z3UK$DgRcRy|Y
z&TUNh997odg)~HpLV4s}#C)Kxv!#3BkM~aw4we@<MPd4X0-YH}5ZPF5THS%WlXVv$
z)=LB+_`qg0I#Ph?&$xOqI+C{p`YfzW)i{bGm57B=4uI00&8_Iqi(O|PPnpHhu+gHv
zB|dk{0tt|B(_YV)yXYuph|o?eg_X{Y3(G=jOx}?o9zshA#7p)PHjQ!yB-+GJM%l}Q
zRM;!^qy40V^K{CQ2zRjL&0ibJu5J%O>E9xx%J~bl;yT&Yqud_(sKuuGDIA-Vcmxgf
zmE5^|vapi^a)-WH_7b#bayJTt>Hn@USZsa%KPe1GX?DR!psVl=p5o)+h+LdqXeJ+a
zL=^A=dfv+&FeNf&E8~3(c@WlTz@)u6eURyJkWoe{5r|Ezre!>_Coz|+jzROvKN~QR
z!>Cn!VQ$}EVR3mA$L{PIh#!;;a=+rH7Fa)_DnL~}*<DCkW6keR_CSP~KNyYtU9X#b
zsUi*`_+>icQaFNELqg#axX>&u*N+ZPS#oKk4sU54j<-R-l`ql&^X!i2%%GMt8g6b$
zOw=+OxlT!QPTD`YlJoGy=Lt7wvQIZy8d0?_Ig@S5qg*|#eS{;9!+I_h!*ZdM^AI`~
zt3yA)qnB)Vkn3a9C4RlKAx99>*t(;g9FY(A4@D4!2j3WhzoD^wPJLr-AJ+bkOjD~Y
z6zc`QTG-IO9oWQx;htJ=qFpcU%S~{Z^9sJ}$0=n<?jr{1r#W%}?3N%L4oL-M(*B$R
z8(nikUePilwK_ZjFo6xUv|HL07&hP(d+J99!66}U`W>6+XzLq6?<aEE<R@F8I3W8O
zj)GvewoP!MGb~0dEH85|@X18Xi(Fl5H7-j=-~5)Z5#ldHzNhcPfJz}Ba8jR`wWo`8
zTF3!WRV>zSzE$@0yrd}m1C4gF;^kPGfu3P+HKuvc`F|4-WISPa8nrNb!@be-%sA6L
zgtR@m49ied`FJpuA{4;Mm92!|k_6z4RU`wGq+iM(r7<{dVL{Z*=p7+3cb{ggM*(ZW
zmZ*1-@L3wUIC`x;5HK^3s+^--@&ygiio7O`UG@$z{N@@Nba)|DGZ>x;u+YENH@@;&
z^$w~N>UTMgKir(u31+bv5D|knM2l){LdEiWe>qC#V_`LOwglSGklG{HfWl!kyQOe)
zaWg9DSCJZ6P?IhK212><JlS?_GGB{=R0K0+un4vLkA<#k!Z$T5a+yBR%Zj+7|2jMV
z&g^7>(Kqt{&hpHZt`C$&fRY3~Fwq6!_W|XVTeKN}m9`D!Lhr-unw9Bh$(h70z(}6G
zH>&hT522F4Kmz!0D$84q#9Wn<@c<H9+VDI^Bv-ax)7SBzLCW6~De?}-<M3j&{U?^6
zie5XM?2yT*vVY{a<i^`#u?AC1)YR{LW{pvHCbW8!zM8Qh0eV|WhLnuNKITu|0uC>b
zmrerK)TnWNy*!z8Ur{Ex(O4-3;&;3sg-HU-y9?qhG^9og@<bA$@jlBN#7EEF!9>*4
z>~3FWM&C1q3@LSzG4vc)K=eydHSv)~1Px<z(UD3BB?flKIMM|pkIxa`f^L${q%Y6T
z&SabYA8nwKh66^xY2A@4&my340E}3r7P~8(8qRlF?xQz4ne=I2DsIIOcOMH{CsVaL
z(H3bz*>s7hEPfB)P;N&S(PT@Ljcw2cT2k<RU%s-@06$=!Sea*bX4rdkIeA|m)!|Dd
zr(FqnBFX;@gGGJed(a_bVqIjWh1wp&%GbktQ1#9b#E7S5Cq4`=q9Hxj6)jl36flq#
zjtGFH$&s7@`Nkxn1DzEWB>j~QwS}x*h|RyFVyzh9;maSTk$Rajn7e+T!EyJ=O7baQ
z;r}+wN>+0r^^Q_G)2z}5U7k=v0*TsQ=6tt<F61lu1fUr>A5F5hQ3O_-LI?|M0w3K*
zZO%JBpQcx+ByaRP4AG>7ag#=3hUJ-6?ayH{?Xrrq*Jp1#F7v2r?EmSu|GP$Dj>8Tx
zUBuu=HxBRyGG&QK#Bdm#9{Qbi%Vu<|XR4Iw5B^2!kKclogS_e{`c6A}3N<A}G^9>(
zh-{-MawH2qXhWr8MDdp@V0eCOOIlmoEmLN;-nS*uRePOrTtW9OwFH;LKDlK4c^K^k
zhPdx-I3&f*sI)#&P3NdqqvWZF3HNbXK7u|W;zwI#KgMgOn5BvxrfM&!22M|wUY>%w
zq#?qWcTc8PPgwjU*RnHTQYn$HjB$MO@Grh(W=Q)Qa=F{#(>yr)1UgiMAtr6G-KXD8
z3ZUrI1A+?bMO!}IWPAcp#y8>P{x4Ln1U~f(TkmMS;A}Wx^sDbb$cS9)9VmF0pqmux
z)%D=yyW@&nS{6O8S)l$JFYu{plT}wKfcizO5)t}#;%kvb9hn~b2!D52hmyfyc9_-7
zH&;PD(6mt+%n%Cp)dXaI-ho=N9xnMHp)kx*Mk%avISf&N^eGPc5{GcLLQPs!$FjbK
zo9<?x_mNQ;<Hf3c84BMQq9zB0&WN*^u*R}!05%&;R+d4mN4@@_MQ1cbiG$U_3=jp#
zCh>bLle#nu3ge{%!Q~HttnXVak^xb(tYWlSIQ8?(%Uc-e=v}60$bBGDx(5KeS6^-5
zV1N*He`hBtk#bN{X6jFJ|C`|N^&Umvc0lo)I6uCI9jX#Kn-!iH@S&4}A=;k8fe!)m
z<hou~GFaQsY&7r9j7r*mwCi|rmW>2dg@1DVeT@gc-m_jitmMFsXa?nr0l1%=_0YIQ
z`3j2#Wp~^T!bao~{&j9=6N|o7QKr?tvK-$Ss8!XHBmPe<z~w(LksjoZGe6D2<t&O>
zz@nt&a=MkLRy4sjI?qK?-w0?vvgqZ-6x!d<Pn_r~>r<sFdOG9AwGJ3qSi<L-*t0$X
z=84fzrl^wg2Yaon%hY1R2hesw1BV?0Dw^QGFdOz;8|*nbTZoP)%-YAlaVIP&o4w_G
zI|UR+mQk;;Zz*+G;Cf@eOoMaX#~@4hpqGu5iqtBc?*potD%9ajS+}Y8XSgK6Omv~2
z%o4)sG@k>0M;Di<`f&D3KZnD0y`tQ&8lb~1S%AJVfAhyGpyS(V*rb2?9`t!$y;TN}
z6wt6S{^cdRdE8?x78#XO1}SV?2jk)VG|><Vnpw7z&2QiMPU~#1g0ek5AKMD?*125q
z2nh=Qn5dA>MHEdoPgv}X>N2H>q1egL*xvDh$0C!C-v^UL?$}`{VS6H@5xEm9o7uv@
zDs4I=@<2%QK#<y**+erir<047Bff=@M$^Zy>MLM=MEb(*F8ue|x+Pks&UI6+kX)w-
zuehkSBW~M}(atYRD2@*qrMGI1@SeS!`pA}>WdC|+31q1rBRjY%1BKeR_b34@97C+N
z=JH|gN5&n5h(rtu`A>d+e%oW=au)MI;Mkpz<b|3}N81R?Y8<E*${>%WLbJbn2LU@N
zK8_s-T#I?wlwGg^QJ44f7~Saj@~lr_I<hy#9j>2wpz6yC-s}G601S*$x#7=!JOoLx
zIvAwjIn%r<5B|v!O>f@ZIXb@*<w>hv{le9i$lBzDP_x#FS$Ekis_y4jo#AZ#NhOCb
z{mx2A#z2t{r}`t!ZEo2P#XP;*XJ>{ujUtiCUre2iPDk~NaSlx@-W(VKS!QCnYAl2h
z@&!Y?r%guZ>7OS#Cjo#2;vORO|EBC0J_YaG2^Q?)BiFZ+kQjInHW5b>!Pcwj;RCAd
zX`7RdpQ@^=m?d>}Q{ind@GHJnqIebRXd`88j9;Pgf8W_vv(M6~sWj=B(r4p#IDb+4
z03ErM+k^GHKjS{(5<bXh?;_(hW-uChI8gKLZ*PC9uLS)nLjb5xS*s)M%k};gwCLKV
z_3-jS-0~SsQxe+r7NC)eq>sPELT(Pz)twF@lO{NP-|ExyCMcNtYbOa8JH<Jh%l<Oo
z*q3(+j3i(<7Pl;8g10w30wN-jEh}p~C2SDFk{cXyAN?$<SPakcjDXR2IZe?Ki`2v+
zkPyh_wtbX3Y;ML2z~BU0(ljqiRZ^`r;BjmWJtFdeR$e}PAS*2*&oU!Wv?$b`d!vlS
zeUE##i)Fsg{%w(byuc@YMou>6=}X^2nVrZ;_7ePnlT(}%PBV}I^l@q@@BqGChCVkd
zZBpz~XOu|3X?~y1Tv(10HHSnLW7xLV+e+-QDqFg)I3{r=5mZthJCx^>Ro1;>J9ivo
zFU6daJVH?G8~q<K^%l+&QM`R6&3?BI7^0Fxd968-e;_`m*x6BCg@`=W>@{uYKJ@r*
z$@Kowx8}nKbtwMM@A7K9fr{m!H<b5?LP1B0=FLLgWp4IHpK?lxSRQB3{r3%TMrs_f
zC8L=|4@{NwUOihK%B#YdEc&YeWZzbR2{HJZNxw6d%YLtY4LI&TRzlr`V73YK2-;io
zMD^m9b7n3%ih!y6YUioG$#iX8x^x0*OIIvA6KFyzgZY;QJ0kLE$kQIz4%K_ooLsC@
zpz4Q;=M1yJUiWa&HiT4CXrvj-;tAH>T_>BZDVhTIP-{S+)nha69s%R<;JMlP!*~2n
zVn_Vuzf5<B&hgWN%ZlIT7?rYkLl*)Xw+-1#0tu??{);w^vG-RStkI;(6f4fNLcR^6
z#b4z`QAjC?%}T9d4oM|+<9Sw?<hmzLh+iSKJyCxs(^I-a{?4^tj_Vv$H7o57LouF>
zSE~ER<HOpM*3W1;XG9^QR}6h{6=-yR{+xnVwbbm^!5S|gOF5~D{8)p|98T>HDrv1D
z?m-j{0=j+qg3z)a(xW(@nu5W$tFtY=v1&u~jZvM-ppsYjq99lO2_BsF60qLO*QAbL
znDDnG=)9L%Y<zw5Mi%7Eb1P<{I+%{FGUGw~z?`5e25B)_?cs)`hH>CMWJVCDlokqe
z&JHd%AoGTv7!Tzp3Hf2Q?+FL+gln81&$Z4rFx$0iMHM(xsFqVdz~|w2V1L~s0wRLY
zrdLVvESiRAL#pq3y;0M*UDt(*1iTKjmF2R~ffmV7kWB>1aiT;YnM9QgMxwJ;#i<ph
zzF4pQNBDI44<MMz4{Rd?5?_qD_D75pR9?DB@OD2*UQ}ruTD8JRW3d{^11@YPNLm@e
zMX3-v9n$TdgTaIubaf`AJt}{pJY*9amxu>4I|WaBMTDmk3NL01)?nAcRN1*XF(I+Y
z`id*ZohOrZw!@TfkddX^l`=E;Jx}*n&@0UjiMg?7r#^cFY-9t*tnkuQ#@)lWMKJ$m
zfrhhD-vCDZk(b_de?(VwM>8-&eS>%$d~HI<NB(UkGf_+#D}^eN^Ye$1nYr9=$4d9Z
zQOF^tj#EX0wB2qu^(M}=lh4o5k|k#Cb7c;f%h*0x5y*4CumZUbDTkcZpFx|}5_piM
zmbYJ@{yKqY8o?XPL&w{Y{IZCXI?BO|Ue@j@TKv6f`z73!@5Td}pFzxZD`!Zi9@}zx
z7T7==hnVW&94pXu&04<+8Z4i7VhTUMxX^p#cc5IFfw}q?l*&Q2VA5-Iahi~txC46T
zy^g=2X<zD&5+Ajk|AhAh_|c4ToY5~F-eKriw4f7o09z@eSEA`)cG@d(PO`&GHq!~^
zG6{BjZ~|sp>W4&{Z;X|d%GkNjG23mUyxt0VLg)Y}cUJq$sA)c%Uv=B$*je<!yb=L7
zL>y8rzj{HWfP8mFedP2-pAO#$2k|#vV93I(?YkHyRBf5bEWV`IjPrYYOFhf=Q6YpA
zr|5nT-O&IKZQGsEy1><vj9gv_3v8B-6f`Al+y)c1G8MAqii-e^Ys4Hq)pnuEwjs;5
zU=z!&TD~lL-=g!*;zpJAmMFxUJ)4`V6FJH+e!DTYB}Skt*eI|%R94anB!i@72BTu}
zJ+Tbxo)O{Lb9(IqEAty0l1@F$W_-LPs@%J;crZ00*^7=XIu<33qE6cM6I?{CR|h@=
z>2Oc-#o1xBlFy*En!8Vl5V`)M6Uf*ev)V}Ho(?M(V`?YcNIAt*zBID$Iph7#q*}gS
zY<G58XRxzIHxW79a$Q6th8P{_ZiJ`5b7Anpj2KFXgP#@MQ0L8P!5fc_-@&5;0jiA`
ziNKa9jo3WNSaM6F4?5XBX-1*ck?jt;I`0sY(DK<?+bk8P5D{KuTrjcC^D(O_wO_ha
z93l4uBM*lhCAfYN5Yt5G1E(jKAw`3Ch@Yz6;Q1=FC;C~81%T!A=oyO66iH{dG=o7P
zO@U{kAEFIYQ{zkyIHX2wdWX9s#c34lOkaBQm8durPJgBhiO+**&H(6NitWIZ8OGcL
zC?Zm7%wz`~`aq!IAsFY2BxjguLV_PjrtfWGy}i&GqS?o3zK`!<NGfGzZJkozB$=Ek
zzSJYrcsoQ{^?Te{laM!>Ux;50RZ-#2T!sApv23cGf67yU%^Bi+a69<o_Dq{_7&L}v
zJ@K2aLB<yj&d`56I-;iB8U>)UwDS{0@1tqU)xL@llsmj()?pFC_^jzi(^q^N`9L~Z
zZemY#U*f*@98jU9VK0D4Q7$9!T`gOZzh<_A;p$XMM)gFQC0SR(Rh*oz`2Yg?QqNf+
zVDK5rlCeB8M<opeyo&0&dx&S!@KiK)57GMVz{#hu2&f^CR);3%4bK4Ko!NZOE)D+1
z;P0VcXZ915lMAsU<2)j4e1B@7{<`G|)ro6VQTA@2<Rz%_Zc(`x)UyV7Y_y~JC&_{u
z$>3DLrdECd`lCW^C*nAw>Zx0Xo`{Wq`h+sOQXn7N1re6`*<#w2^3|RLd0GFxgO6@*
zP&*r}4RnFX$Pwq^Topf_lX-LsZ`}eT*|cSMAK9)fKtE%)NTrY{0b^gyW(ikLC`h{j
z<vksAdTFJ29{Dg#@6$VDSQFXE){pgsO_E8`0<>`%j<dE_BaFJcDJJX|9o6U}?q)j+
zI0e4zpQ-BLr`H!Zp98Ork=)piaUz3Xu09+Uq5*O$MlKND-WDX0$W_eaC_~e<`9TUK
z;)l2#vVhO7TXwKE+<R)xn=N_F&0(RCh%sfp$f_BX1W19|3qAxA_m{`wK;}$!b}nnj
zH&v)zGsc@>&~bu@QFpmplCS32oA~`~KzYK}Y^*{Djz*bYTJ_1=-dDgoc)yP7*t~CO
z1<=e%wyx;1r-vMEhW*W&h9JAF+-<}lJzN=2@WrGeJxky+Bm@j}3D)p3KUX(T89<s}
z4%=qtw%s)0u-|phj~>!lEJ_ja7~T}EwAk>7*?!;Qm~YUV+~>D=Sa*r0SvZ=U_t6sa
z^WNcnP98pZczDd#V-gnTqBLi9PA6!fDKOz!k<6dI|1X$B&?H^Zu@G(X_uE<l07Mze
zB-YR{-{D#gJI1ay@>pjUGQa98Kr3(@-x5WYB4_O^=hf+?r-W%E5t}~&rnOVGwV0)0
zJ_fpuV6x<#h>e5%=`%}cvAy15c&i3FI}O_GE;vDTzzkcY@rNiVi4J))2NPe-1up9>
zm&!406|;6(7P?|0(Bz>R!nOcXvZ(|ttTN*xOl0F{MVX(Q0%E}_<qIFh@`CT=!pK-&
zC&+vK(N5FelGU?)M((fpwCRx_tDXDBWeL43-+Z6-C?T_!?@=lww@*I^wr6d~@4s-g
zwO(j%+SBie<tSx>wNH=x3#pxx-^E`na+y-F0i8@Tt<;cv@GfWxvW`lZXw3R3_@crN
z`HG}b7igQXH~QoP9zP@3<OvZ`KuX~Pojc0tctr1O11LKz)7dMqQBzB+Ai&XPE2%$2
z`kuKDVi<*LAUFdTBG*sM_m@9o98SAbvK!Dr9Wb5G4wTO3w%Y+QwO26-c=JA9xWgR#
zC#2EbQpWOw*@I0NelZxsV5*{ss-RM1g#6{DV^wqp<_DgyS07kRPs6&sPxLz@eGsrH
z1<y$Wz*%%p_E0>U{(Ua|iIec#4l*AK36r5}640ki{16`xPf8>RFA4aX%%5=__I><p
zqa=wj4!l--i;^6~T<<ii?VdAIfCdxWcIv*MZ?G;t4$HY9Z@zlUq5k{6#3U3?7M6Pg
z73<&K;8%yge2Hw(*~|W$fh4AyO<j@NlS%YB={2UsPp%!0Fyol_Lt&G=Un4Xo`W>ef
zDHXESgq)f;6V>{BF*{bi(8LTH$Nq@{eE3j<CKF#WwmR*x5k|H6n>eAx1rDbGz0P_;
zspmQ29Ylc1b6aCQfX~7gEh-H7B0$xD%H7N5aPH0Hyz!Z=+~(yNL@opTY&5+RFs!-X
zaqHQq1p$x0W_~0I*iZn?lL;H>_5M6x2Xrpj-|N9?Y}jt7w3d!xQFjmOOvtPUy7XrG
zqPZptM#kW1<`V_h_`}y@rG|`FBumdDGfCW_%qqv_g9SDo@*cwHq>8U1+9x28dz5?<
zrQ$vE`cjV~Eb8eC!xU~FC$j|Fc;37&i)>5yU5UlJaBJf{l;F(R9Le%Kt%@wjyNAwR
zXB|_J30SU9M$fo0wZk){;;8SqjUfO>Gk?heFWpNm<4;+{S|3KuctZ1L%Q21vP6jHY
ztoi~<s~9h}YIb-}6jPAeq}t$Gq!bdu>{REYeyc%n-TteC1qB^UbtAwMY0lpJ*xMu{
zpfl;UO91GVjIN**>!+FLvop(wTX=-)U(hzkjRZcoY0^Go;*jxvuqE=+LwR1M?$XhS
z-H!q8!IP(Bo>}(S!ueYse6>?<tqpWB7LR`JoOk-{6VDe9I)G|#lF?vJ2P2lx(Z;yA
zQ`SP(U}fv?eEd4Fa3loh3AYNO<((Tc=nueEk`*V~=|OFOloX5ZqC{dI)CPizg|TG%
zqIc7^a>T8BXR}^<_2_PGG?bcDS)aB8`xBoF*xR2Un;#HVmTv^7iIcODzc5VZq>RTr
zdEVZF&l;>Zm@|xmtaRGGr^R`1f$QCr6Y67nDu~PoWEokiDHb~o$Q^Ct<D9Y{J{Rs8
zsYZhm1n4PqYRYzhfjA`=MYf_f3*^wsup+8tS~>NCi_HXFCAvKn+)pizm88~J=n3a|
z)axD-_UNTA0+H+ke*-CkR;KT_;MQUUQAsaBj`SD|P|cT9nKl1ZLqO?MM_g#rWwan?
zo2yh%i!%Hy(P~9PL!#o7haOb-dPx=055hyMgA+my?Kz;i&e9LcFMi-CYuZ~J#+AUX
z!-30n9K<zTJAkd(o++OZ|CR1V#+#C-JEsT6r2rk-5ejfKdT&K`zPAJvKdEfJ!>n$P
zhvW@Q^!DDoq8Lg^eW%|=f{bjtz}Wor^5V?!FgFV8faiFdhyvzduY-`Am=bfuZ7;#a
zM1Bh{%xU3aNK4}`CMAf<;`9!d*E9B8;xlnv`rIuRJM{=;{Ii{B356PK*3KAVnH+5g
zNDq_SX0wJ1RP|?_<y3=uR35e^B{@4)`@C(*UF^IZs(yUUzTrcAAps(t&#s|NO0=U}
z_%7$qr|H!1xBo`^pcgYJAltBlXL^l#lYWF=ryuL^5El-lANL%#1}dl)P?1?0E~}(0
zmpaqEkcon|6fRIe<L7xZ8&_A?T~{W=P2qsY6!nwp1CnYx{;g4<Ax2ta;>%*SaTaQ7
ziG3ztTFqMOj?jqkxulDXgy`yXT&#FBuWF<ygP?lBCY(8lzG}bsrX6ii2cV|Q0y`)P
z@~=HXS{?w16JZ1tSLm~NpqUFngK*AmKlHZ`^}9h*Bo4P!F7Ykg!{?RhlcAHaWBpA6
zSyi~DA~Fyx`e3p(zV9JUeFJ7DPyl%wBkcAG;*!wAL$7-)wB2tniglBoj9R{sod-o_
z9|5#+`8kvkP&f;huXWfkDox6G`&ONr9vC?p=(*k}PC#8v!q2H$VIkx>64;@35+AX3
z#V;T**LU9<g4&;Iz*blH_0ChsH|p;X%q<NfK4x%I_UB)<d*CkoujT%9AFQs#-Q|bB
zg*Z=TL5dzp{xD_Totrcr<qD;peG(^#Otz2TRT9l$vYfl3s-m}##4lJVv{eQQ#P%L@
zJKPVWRgacl0giTmt)LEGno%SZw7CII2vxz{6BQLKR8#`439C@#H+r6Sz2$n^KNq`V
z+~E=%Ks!Ih+0hJ`n!Rq$P(mRDin|ZF><S+<_TqW?sC#&&gSLk4X$frR9|3$K1Rg}P
z)5)$Z@G_t#EGEa*iV5O_)(go<dRd2ySxYQeQ?yu><tRGM_t~JoR~WhMN528kpwSnG
zj7933hPw|-VDDx+9LVByXS8fpvC(hnp$+#GaunlUm6;N?%=W~EkOs0kN!$l}@sA%-
zAuv29l`z2k7mxuEY^b>8BdIW*u*$$-@IdzTO4fJoGEH+OhwU(oFjmGi64$XzIZhT9
zv_9k8+{6QU>C?HwW?^C_C8ftqi^dM;$EZM9!lEdk+Zp*8>SJW@@r^dSQG08#J5B(!
z>K}ONBdMyf7X8dvH`5@kh#LW2<$SpA>aP`R5f!h)V+nUVJ?U5;o?0JTu<gg5^s)PG
zSL)IfIZGw*<RM^yUgW~}?8~pCBR|WASbrjD6Vk9f{L=E{hW$4}<yx*;mhol!y{eQ;
z_qs~yyJ-zab%cLT-RlLwf(>2DJ+3Oe^H}%yNj<^_9mmf;fm<h!BzJ@Zzcd9*;f8(t
zk<=haUQGz5xCxI{TIUdS<f>P(fY#^<-SONs0#q$FpE{$M<oy<D+`SqtQl01(#w_gK
zU}0VEw6Ktf+s>B*F-`~`T1|EJ03%k1dX<f&yNd=tFc;aq6X2n<<>p(KsFd;(0U>-R
zi#AXFjHu|x?l;%l%&!~G0EFE6cj8FGzv}^LT)2Z4L}y^85BVKf*w(@iV9&_4RNHRF
zYn8sr&3TMTt^5gUMhEZ`#f~z|Ihm0sXyaTAj!12th7Fz%<lwXOLO5+r30U4r3;AN8
z!YJ96c?<A^j+?@sS-Bu%y^neF9d0XU0i1`bq#t<sMvJZeV{ibvRz9OOfhW-OYxigs
zz`_U#x~-2|!b_iA^?ti`v0?ov@`hdg_kt>uByzdbPkZFeJtw`XYJPZdjcfh{X;B3n
zf20Am>HcOW?D>VbXo0P0QSHvpmfj*AkvT2}5R?GMU3;jMJ57+kf2w?j6e=RRPKcAU
zv(SrW#!#Lbx+0l(SC<#N4`a#?6}_4wfinH+ViRE_VEUtaRZ96bYEX{434?YJE1<;)
z08Dy`aX2Z4yclBr{<{2YLG4gc5p*N=fn_7-1XGr7umKM~!1P<d?mcF*HZbrG4!CKP
z{Pzv9!Gi69Tko$7`|EbtAOd>8vnr{`NPT*M)6NNR1xh3WsnWo5N)ScH_P)L#!h?HB
z_``Xa$={rXt%7*2-Iy%klSXE;ZKN}S$SEBLu4=S6lKf_cKq27IA3j2;Q48wRWW<|`
zbk&6_0!1S#k*ySLz(O}K0dnDoQ*(nHTSBBl_H~n5z-*O(n63K%o!R;sVz#ypHI3Z>
znML3YgIs4nY%1Y`#=03T0*TINAa&9)PqF>={XowQpcAjSE+xR^^Z`uHt^0r~{_l&v
z`IQagnc$9AD&H_r*&v!|Kv@AWFuOby(nB|ZaZfD&%`pB87F0n1=TTdK?<L@+5dzjG
z=k4J?z15$u10}#^iIme0-G~SRC86uw0L0mgv*1FD1{1KgZkkMYKL>wXDl9pn1hEY2
zEx5fn*MGHZy;)i)bQ2*><kD}N_P`x&|L3wH;%q?K8jdz0KRb^2<KJtIj`|HhF}8Ii
zIt^U$$6H9zlCJW9e%PO{y&wppA?6|CP2lKt4MC*qX}?C;p(6(l=jbnY3l=O^hu;_l
zR4K3=8FdOnnUC`R;C9jt*lPdU9XAUNW==qM^*PV4?1rPPb8Tp6tJgF+=KsGx)!oPb
zuE4eV{-3QexG^GCY~vf{R0~AxD>~HECd|-!)cyz$Js>Rr@R6@+ZQn#8w4K<KMU@n|
zp{Fxi<qT%`{&kA|voB_TKw*}_-s|grI8fXLy}>+Go!!#-vSWdd!uKrVz25q#^1-U>
zv+S+0P2_`LOFBY!YvCxzxf`z}kPh(9B>?ZdmJ@#C_sRGlFV;VQ*p0<>!7dkB)9(It
z1v3-Z-*yRo8`V4?u*;5r>{1>D+AH;)Sbl)L?GF2dy8JHVe|+ZeU!Oz*OF%MFqrR>x
zgSVeRYMtiCU+s!sTYPv5s($*^hQGJBlpxsNWQ^r+vcNvk`r!6Peg@+YM&RGe_-ip|
zA&cK8ZHBp7UF~a&H$-hexpWp)uF(EJ-+&;&o!hDpG||ibebph*RgYmN#a^STNxytZ
z1~E8T*waRVZYN~&`*-#uUd7)T@gKnnSk!JvN}ylHHFWd$Luts$-@*q01;yj4h97_P
z%Rk6Nx)6#kAWkqY5r|xlJ;TqriGuz#LGW51GP;sicxyL*KZDG&h{e4HwCE0))c)m+
zzEMEy6#B-Cey3~{^!)C=2zvQHd$|uK(08lQ1X<rW;EQX^!@;6c^w;ol`JSWL>MDnE
zM0e3XLhv@nR){TWf_{8xo&HAeP$&)4zNK^)%l!sd69zoMR#yQhTa>Xs`N4nM{0Pyl
z1$L@ST9crmhS-~jSaJOjFF>XVOy|#=m_e42GPJRiaC!^mOmUW1I)l(w{iFa}T~m`~
z5%#66r6uBUYg`=kE0NAlVnF&&_o56f*GuYulHJ1F*FZV3y9MY2H-hW=%SvM*;S~5L
zcy!Ge-1^3mjVnNmmunBr(p><Qlpo+s*BPewG1lu|7a<Wl7GYlnC;f7BKp}YtdQKwX
zorN+8kgD5CCvc~g=ywyh9ap+)YNm>XMei>4NUMM(VjxT1>LrMlMT79T`xZ!AJZQ#)
z?5mv)f=%5$?rD$SaR76FEuI!vF@Q!aq=)La+C$lyY8+02>l@FuCPquFF3;JkRK=ah
zK&#Tf!ss+LSX_?jgHI1O^w77y9OuLRr<Jcmij~860=YM~6AMWVnqT4J{aqjUXD5T@
zk&gy<JPfu9!{S9xa`JZp&umNq0e*wyZPsBU*9Wmq$FfAAi%d{*Y+LMTi9y1)@*69J
zC)}Pux2|m+IsRqq2S|>V&(g#}Oa3#(HDa4Lpbu@9Xnzkhg~w?4_UVy0%lA|pe&La=
zJ<#S8G*asaB^<-Cfwr;PWUip@_Y=#2<7@>Kp|8p;?ttj>S^N9gif_{JT7VfED|YX*
zDL~__$Rnp+Z=aFWZEu^YtGw21Y`Gj`CobhadPZr+ywLhte#2(YedqO6tW1IV>nE;9
zerahFE9xsJeoD;xN9sTC^4~;$e;cTlKJav<Om5nhznw27I3r(Tc*cIy0m30q6KehS
z(wj&~KVMCjmUp*T0IIL%saKJ<bC6$$Tp~{a2GN+yZXp}ZY?vZ+ek@C@{-7o|2YuS6
zQYv-^Fh4^+e<xV%ngT5V9Io7u2Yl%?xH5QZ9D4zlFu<kC?jt(Fq6&}B9-7@tL8^@t
zgulC0$LxH{TnX^jr2e)~1Vj&Tc!H~|lP~R!=;|AfN8bIINm5AUy9F3C?A8X;EQ+~0
zI=q|9vhzgI%=R$q7<d?;r%<%EVnLMy>Hw4-B^}Qd1|y_2%sRypgvZV=uS0?LlGFF6
zsMC4@E@9F}MZxI-&JQ?#`YvN$s%oJ?oU<|;_*k45iJD#h3Z#yY9nQ~5$~5eozJ31j
z@3VUZ8?4txhejmLjm>?-0j5=}t=;&@9rA8P1+n?kE?05`1)5jN1!qeMF3Eu2(Ok(x
zc}@1OK`nf#{W|{Kqm3%gwv<gJ(r$C#Ts`i%yx)2b7902x|NBS`?+$sKPh|n#XN`$X
z_v*#?m#egn5)VH>Yv}k?G*+Pi@aUIWazbyKL`Kp#sLGdo3j-R;rJ~t1SoS2=M1h1n
z3FK+Ap7$T=P60~q${K@f(FTjgfl=KV@9A#Go8k?S0~vyu^1T5utk%wPytd)-JkHr2
z;(>@n>)80(QLpO&Cc9QmU0G2f3#gK55Bl|A(4j&SUl@@92_!WZ&Nps%x8#3H^L*Z`
zvRukPrY_^hgdIjXy9#MekbB(2Tzn27_rCbas{6ot*9+n#_{XW7({}cWZCPy_JX+iB
z*rGvn;2rnxV`B(%hjEA&zue<ruqKc_H;=*B|Lx?Z`p!T`mnoBUlhGN6=Fq+>B`-4>
z^#v(7Ni}JHI=+h<j^3m@7L>+<E^Xvh6=t(sK&MNZq@K(TJ+j8=4|xdaHGL=WTm1Q0
zYugfQLQ}P*vONHSUzzq>va+5Vmm2m#SA&W&jBJh7qZvJsLWUlhf!xkTOBJCM@_iud
zGPta+U|=nGeVpKYNivuvFVan%<>7;jCn$4ds&0h=ytD^ggDenY6Y<0FX2f$>$_om*
z=S#iTa5@~tR>&|_A6-D^r4FfYY+RpSu0=DdJBIJT&`y4Kw&T#B(et!E3Xv{!rFwps
z%pYF_pkB<6Jtp_3YeeWC)kl$W>Fp9j6G==r4_50$0GTAr9%97nP1E&;ku3^A8=N<3
zqs)1hYXz)l<bEdu;muYBapwnTD9_+ocUSqRO%Zew28+I4#Q1ge)zAKwfzfm!UMJRh
z%cO?x@1yV3iGg>VnEu@qjD_t{A{ay3wEQStw=H-eSA_}HhMFW#dFS@U=^C9Ub+*I7
z<AE>lG)HaC%;;%Uibp<~|F{;2C=(@~zb{jKV{C6)KQ41w-{fw<^{nViBjS=&ZwEHr
z>)1C=<4q$)xJqCQlP;H;_j`0~I@ym7M=X;m=ev77`-&%DT6^da)$42|C&VB47w=$e
zGN*tHzW)Lac^MEA<ePjkv+VA<0M>5MeHX`zx~t`g1XdZ45)Sg9jcJS<s(HN48+Q_#
zTIp+}9Wg!xRkhN|tfj4L`LHR6oa*YS3ge7b)Ig@!Xywl5J7fdf7e{*IcYr7#AW8ET
zC*pxm*s~^7-?e@E3fi)#h|Dc%7`z}?2L%ed+zDEbfW^0+1wSj_zjZv+YQ@7Y(d!b6
zx?t=eJp9n20pl{Y9TM3?^w#>I`sEtS{Lc-6FQ${p0654#X%~gMj%w7L?(Tl$g)?ZG
z9uFh*(@|TxI>FWq)_lWTmQZcKCwgnv00YPJrWXL<ldc>W=@`{oSP0pDR>Q3ps|an0
zTyF^jcK^K0XgK@;Ds-x{ybE4BmjknYvla6ytEYCyvBaVX??BzvpyCWIEv=QjT`m{-
z&;{^PnQwFB%pRI9h6-&<Z>>@BR!vko#{l#OGws{{r0tr_y`9>H{RF!NK-`*0UV~^;
z*dNjT{55MGgv7Dv6a-4hnlJG&*`n>XERGkYaK}~rd(N^oUHW^1QbdsYk7VJ|f0kUK
z8(q1VFEuIVy$Wa#bL@CM8EbxVYQ6Hj&uDf{VoLSAschSE_8LLnD+%6z6~m-Y>uYD0
zknfXF$NN@UTD!is7t}*3<<r_<HulU(gmPFLRXU#`y}eqKc6fO5$!L&yV-lD1GW|B(
zq3TAua?zYZjj$v^;{oQJ72Qr$<nnBTSN+;g^^<sRLKAHHxwB_e#!Zd*CC5j%g761>
zsv=K)B~Q+p`s8f3SZC|Sbq^Bn8_M<jMHCpckci(pPUDm|+>7$6%-_>DOS-}oquP7V
zbHZ2c;?usco!B?Z-TKTLp%U#f)J7vPwLvLid5i)(A$&Jj=kjQVJ&*H}uT3#%v@b0g
z**E5W%X;<sr$F^Dn|VVmL}~B>8&V!j6|%MdrWiZNcj9Ue+`Fgj_`UME33i5r{#6op
zwL^z0QvK5&KWmhkZ*o!;GxF>BP6~_E0s%ooU|t^Q@9dulzSMMF!@bZVB~2X5$Ln!8
z@?HOj{nb5Nb*$X6YvW&n>^~2#0l-GKKRv+*j$zJ6kXp{}SbdgZA=C-p4zyKJE`3@o
zqWv1si?eiEq=LoG%uw=Fh~Co^fIxSI<d);f?NC3z91N1(ot1tvtJzLbhs$#n|IVM|
zw9SDV)i5CSyZupMAE(0SE1VpxZU~uVs?ppLuiuXH{If(CUIMOuFIYtf9ER5zK>QX%
zNQ5tns%l;$^FuADBi!4u9`Hygy9RXl$8&IfLcSu5kCkn`0OaRzbr4N?DEiW6D2ofY
zV{ZZ+wj&u3K7O>Jw+tFF+#6S>AE*@&QMs~3ePv&<t!ogEfK4kA$6=dhRZz1V6#<bY
z-*iWs5=iZL1PghKOvCS$!nBvoy{94G*WAlrF8ylz40)l`@_c=duJM@kR)9Sb78w8o
z-DowwYH0}mY?gkCl~9C|{VpLMYvGB;S&q$y-er0K4h6YEnh-7tQT`zgi<3Ks1?7eg
zM={xtqG|u$mws*U)l_iukB_F^A4Jp@5!C4)*EINWmja5gfP;3#qv!|#f%V3YP8(TF
z#VVp}s-4b<koKvr#7wa2Ke_7^5AWu*w-~@0HAn4u_=MT)2Z~rov%q3c!cp9|S*5%Z
zS)#EmK|D3po^md`{jOjc7sDa1ACeyi1>spNi#0-%@V9iSnFCR$BNzUSgdc}o7wM9`
z8I=dCQFNjjC7EU~n3GNOQzu<O9rjbb>0URR#Ci4B;twF2>-3v{R`+ho`AD6DXHe0O
zWWeOS1e&qT=y<TIb$SqyQ1)`3eQO$E<3eYT?9Mb@dS4S51<-;+QTqJJiCUh;))e<@
ze^o?N4^0_AjP%{%Zb52c|F;|{r=LhKtW}k2EKF@z6$gnMHSCvZpV2M|(B?`pi{nU7
zr=-DcMlGNP7%z)dI87|CUStd`Wn59W`{|jdC2hU=d?JoKksgq7Q2&Cqbv4ZQ?nO@!
zBZ6#N+5WHx9J6hYx;J{>_vgP`cY&jiFBild52++Ff6rIca=T9a$&JXDo+e$jP2t@b
z&33~eU|}L`Aq^XD#*VfTO8Mu|e`Z(6lyL<tS7!@LzYBptZ*RE15E+w3pF?tqTr#}!
zJFr$^<GSEv;P*DPSTJg=eVzb<>}Iq=I6#e?Xw%GmSW!`h$S`L~AjU<|<iqgU=N)i3
z*6tPnv`~cgTDE0Ej77krCa-y7v(opult4KJ5iu7YF>I=#Ve8(laeJ{SN=!^jW$!+_
z^v^=n*^fDN3q8nblQzQ4PaZ01s{-PG*3}1Bxlfj=b{T8q84=~2_TBLvo<R>Ogm{PZ
z)iL=~o>y|b(*A5uuAi@bP06Y8GTHNj*E8N^pmn)~X`D4<cW22!{HSiQjA>4{O3EE%
z&SoG*O&`r-UCgDVQE9VAP`wu>ORHn8`*|e*N84x;%4q;sDAo2=w=Swe=C)~6bAy}3
zVtblz7^we1{r<5CQ|2*98CefYGl=Qv=q#+QKSxl9GE3{bAALXBtLxWm(dEsbD1K>t
zvOvhgdK8(7Nm`4d;S8$&qJRp46~9VIVLU_~N~L6KN(vhJi7)r?mQzIRw(cz*#d~>G
zRoB{X)$UKUt<99LUj&AL+HtMo{braxFd;j0wmzr&0?GN{C1<|ylWYg8nHO<i85j=h
zhGORHBIx>)g%Bx-8|6@_$g~$o2+nwu4y6qoHKZDjcu^cv(oOZARK{^DGz&$x;+lOu
za-2O{nM*^g-=tOeYKCg9sfIblBXS@A&CVs&tI~%DtCJ#_4VPrq%%0vy+4|AU3d-=p
zVHXV-s_3MQSFUb%bCQLp$V}>#_&>$JJU0PMKyKDBQ1pCf2vq6qX-%?cdl87BOgUv^
zFD0BB80MVyVVgda_%M7qo+GVVH!0Enbg7-_mAMQZEg)Sb+>`cOe`{WcLNCl^FKX|k
zo|QQrQ+Ln*ipU=+%3ew$lb*qHOo2H$AOFN5a%#z|K&Y=GM!L1(8Oh7eC{M<;XBS*L
z=5w)=wp|hK|Ate&F+pyl<8d$SH=t$m2@1d;3q4qPQW_0_PJp$5%1Xe~nU$z;4tP4p
z_bSDtF>DMx^^IQ(XW*I=oOXS-(d0rw#!tf4*6Clw?(V}t$bSa_IJfVOR00C|P%(Kg
zQGjTo<w?DYgBdTEFyYQyY@HS)IWX`pgy1{D>Vu8dRWbRDE@E3-R=Mi-B32fxx8`GY
zF1%fVb37tc)L^<5nq&e?Sbc-!mMW6?c#e`LYBsamdP_7tRnmrDOMzx-eI(!@svP{t
z%<EYKvc`<+lijv;P{&FFyq&ddv#-Nf7X^WxXDaTg8dbtheEq4B?r#|Y?IHA_>gp_E
zy?4Smr2u{fa6VlgO+^UtT$~*Y+UKti)nu$bkYq|TkOrdbSK6cCxH0H!+%a;Tx_$dD
z5^2xyTpvXU8B_)twBQky(oQxdoO}K6taYe*WYt>YQ0K0jGTZSO)$Fj2a6ib;25LJ!
ze15hBq+QdwBze#H?NV~63RJe6<{00u4zPb{k6`t<r@u1`2Gvl=x&K&bjECj)qjR*c
zIZSPfmk7fDa$j~bM+u*Dc8hL&eWJ(>i#k$7Lu17~(I)hMSH~Tozz<Hc)+6Z>=Re~0
z^2K8}Dy2+xJU_mNi!xW{26vUz;Du}`T>L)z)5W_f9gsh45CN}Jn=TbYP!rVr5@e_o
z?0~xBYveNJ2*kEB8@$%-x`+in>M)f)GJOm4Kc1x9Z^p7`+Z74kb6M>ziJ;^tC6zFl
zIF>g8f<P0O<8AGoJxAZ-`}XJA>Tua|X}(<3)rRt=Nm(lMTz0MW)^w4M%LCRX--PO-
z9|^I|Gw&ath#S@HiscH^gJEwMD~~;ds%6Gm$fLuf!<c-Sq&>KkW$RYB;m8ysTW2%t
z$c<O8yj(Va^kfhY6io_|uOwMB%Gd6jGTwKrN~FR#xz7;ylJ9S#$S+jU`x&&+0}wF(
z$u#}1H~Qa2=8qqnEDO{w0Qd>;cUE6M3qSM#Ea1f6;p5M;>%&hzs1um1yxZvA2PRSU
zORqIG#DB@k+&1|9OqFFejXb#9kKVrS^3-qpO$zdG`bI3i0w5R4dlqz1;+^th<FS}d
zeT4*Hgzqz-$UAJ++*L>xG~X#?baPT}(#}H0=OJu)Ii`qB@PxfIAt;FT<SZg|lv)uU
zk;#5^wCLx%u?owKPCA85lxIf!MO@QB9SDt1XN%PWL%%5e;F;`zPvIb{ZaF{x83e|E
z>*&Gz5qZh$;!$gvSz8k!-Le71D!_!xF>q;4u08n*r6FHDY#$;~v=I6MvX}QKo2t~-
zk2rg`dGOru_usUBdd@XbCj^J|<Y~O6f{%(4wl?7Ubdi}5EAzV0HkM!Yz9S6PG*K2A
zq}zS|lpP*eIYZcXp<-_8%B`yUrJa-)m1q{C=T4>fT`~rI-f^bYq~L>Uj>^L)$x|x}
zf~||R>Jmo`uXftpeL@zt#1Cy+li7?#si;dyV|x+4l$%UZb9K`UTZjBO9P6GVk~r6l
ztK6@E*Xdk|gtz7tLSGHvYYxPbj$%3!EgGMBe%q>^k2Xkj1S^DIc1Pi4=JGZH|GM6+
zY_Vb<;QsC{a)oY}e+|7vIT943)JTTa>-;2JL3|aQHc(gtq!6J;R3HxtaVCsC1d_Ia
zb=&DYfze`pbi6)|UOK`~pvgFu$rv-MGj=E6!zSn+Aca&V_Pe22w6O)WU6K<bZ?LEC
zpVZ3jys-x`6)J*5=_@bk(lbZU&6xioi?~wvlv4{}X|D?f)yUdBSWcx<Iz$fQHPGU%
zbX3~H+-L}T-0Ow^o_PHHs}0TDkwT5(csjPwLlgpdom)g+8VNkklrM8-d?@R%LN5T%
ze}AKM1#5$iDCsQWY{v0uk>=Gsx`ceEEK)4;5@pkrV>O*x+B7--!@52%3yI7^dSKJ`
zjbK>AVNAh-K6V;DkC8{-^XEARfbLn=#O!qZ0(74U!XP@_8t$397_Su|+p*6NHqnuU
z&SWrhNzN&JB6BT)S2|66iDnOv%Z^VvUhslFkP5&$sR#>HKe|*|R{&3~vev)$MJ9dk
ztFLc%oF7G>KUZv@Ti`#!t4j>bDOe5vETjE8;qjwPH6-au+>_YK3p+`86zfSpM%z{S
z1`H#I`UKYHnXu)PHPxR8|0;$^fKaVb>Zan0QV1!d9~-j|>bx$5Ux;-?`Csh4RaBK>
z`}J#~gwi1)2uOD~C@I}tQqqldh;)N=mvnc7EI=Bh8>Abg8@_v4@B80-d?$N<V;^mY
z2WzN9m(O$Ob<O#kV4nhgTw&C=Qr5b1uxRmfAOeR3veqw&RF%05NW;Y#NLUNb+cYTI
zG_gWxm?Q%zgr#S@6;ERoLH?Y{L~#@Pbv)Y&vd#5RYarxOg86viEs~Z3u@%-rc|W7J
z^yCm2LBfSVe?C2o&%&%Ip>Nqw59oNJ*QY-KrU%bh@l7$TcI;RN4FYBkoV3^uieO?n
zob3Bp;Gb349G*5ixdyuuIv$<`Kv<-$9R%1z!L{OH%+&0or0(Yf+$u7YHI{svt%B+U
z`2J8KoqWy~kGIu}YH5+hi^z`XwE%+a+l%#7W>rTd{s;G62%%OgL^qW*D>$(TMwq(V
zT7Tq>>~Pm>-X^=-r#!*6mKYygXH<9l?lXb;hK&K{+iZVA%@?3I>xLg`-)|!pLF_&H
zSUjhgj_XIiCi87g6b18ee@f~FSMGd$6d)Z}dfa&)4kxU4cvmZbThwy}kVuO?Irg>H
z=y85mD9C(kC^HrhGMkvjSWHB{jGTJ_lx=!zW}6W|hXI3!oPRfgtl0sVsFBlV`rvGV
z^B~D-?!0iJ5$VYEHbXSATDyBk5|>R*=DV0C2AD}(m<Fq#1gI<6x~Y`;KV+%tEcvFo
zqiRD?2!8a--QD-<h}DJfp0&_y$W4#oSe{X}&GO?g)q&JCenCzwpWu?Z_DO?zpPp;r
z=?Fj$oK+@s!df<O4K4TW7#jh%U=f|&q;{)AA+H1vt^O|B9f+ExPCBqs&&5Trxl|L+
z5yTb-lG2Y}<wcRL-AezSE-W1)apwxK@?7?2Id<vz7Zr$psO$Q>H*Cg-%oNT|#Qd>m
zn<Mh(IZ4b$=e#Ty*8z=S-verlW@J8h(q1Q|V%4Suz$(mTt|`#t_X#*Uo6jg(C!!gj
zEpUEJnL4u4-Ov$;?0mW;8SM?U^sb+i8|UPQhPJ~t5{sNIgSo|o2NjqzW$ihB)Gseq
zZk3)~{a|B)VE<P!4`gBgs@=ia{5!GjK%4R3rbSQUo}&lL41CKF-WPrIvJRNgXeIP5
zKjI;B$~lVaBLR*@PPQ3@SbJ-fc9@!a2?2H^g9*ijVQ0R{@Az>SOc*{Ns(D-cLv!gx
z1Nuzl1K1iwB5U&6R{q!TQozkw)JZD{RdvVVqzA*9{M%qMSIy7IkxEM1HG3ind>*`G
zAY5n*mX6<e_zOzPV@V`I_E%GF6N{^pdM{n<SH57t+Hee#5fSk_E898PM$W&C_KO0n
zBB<S>$G)d`rCZ*=iNHp;bpeBc?zFHgL(;*)fdy(rOjeQSqD4UF;pYA#67$F02&=bF
zGE;6Sh|dQsYUN2hwLcRyG$m6s9sA(WzKtv_dA588)h|j_s^yAU<kRQT!rpPfGFNf=
zJ$fb>P3J27^;dl8rZtqLqqdkuro4B3xK8Y{$>Ff|yzDJQHu{1+!-;9hDk#iTKS7k;
z|Dn?+@|La-w6ier(;9M@Aka2Kj$}fYFMyU+T4!#aHCK}fsXWKN@PANmH;UP9i@49>
z+&6JJo3LK(T|I&LTw6zLd)z$Fq{^hcK-=RcTIos2=k*uuv1pV^g|7wy!Q`d4=S)>w
z_YrhVKy8hX5j+=(Mw>ClYa`H@Q;<z$33Hu>>u|WCmMTyzsJ@niTS(0Q4%^G!;g*KF
zHJw1;GvpHx0qI?oMQP?#fn_Xmx*35-%XAI{414TVEW&J#eq^vs;j4-U-q2|^zRr9o
zLNT?)Af3|KzAr7sFx67=)A=&yr+faZTet4T?z6qQOnp@zQvJI`hpzeV3m$m|?~h$n
zjUiNLch_}>8{u#2t8CQ`ZUV~g&?u=Tj9h$#z)B$tmpFyHs=PbhTU^w1mo1S@%O|bX
z;+{O2S>QD6tWiZOu_80u<~<?QK}B9;s6*va*a9_O1~s*4d#_ddMak$a1;1c3o>*m@
z*N<kIpj#3pDUag~le)QrN`|pm``_TxQe<_u+p?vS3*>hy@Glqm6BRkxDNrr_Psn-(
zP~GS<Tgm+A&Oh?&&d=?vv-H~W*9lJ={y{gPROJU9B3r}zi@^Jcj_+SA%4C&W^zmac
zk!yKa<NN(j)b|uVE2(s8$v2}AwnViP268;j9FA$bDN-|VE*<y)4TO2*NgBq5hZ)~t
zCsu28s`C6fyISA{Xsl5Bcy(&~Er5)Mlq9sXGP5a0luy<$sav0wUUtFAIldgvI@YeS
z;8|QPOGd{oSMKC>b1u+AOJp_{qfx62zd7(y(>en9gH;wkS&NbEqNnQp*gM9?D_tn%
z!P<SDbIooIu-a^rfjFw%?C-w5R{Ys@qAJ*RQ?U^Ne4t3L#<UPn&eP4`y?dz~X$;uI
zP+BqJfFmI{<t^=HaxpqwSa?<5hwbrCRVBym>_EAO0zb2&DOTi-hFtpQmzmT1ubH#I
zf-LOYb77fQ`~`b47ZE6is+<%UbjR?VZF{0NA>zg+DB0(%<};@aY7FLTbl`A%wsNv4
z;HU4eQuXshl;6h(&b%a9+SSKtN7T6#)~A;!zqFJdhdnLz`Vi7CDxdYvuW9vUb50(^
z%%oF-S|_7=Fn2%?HM_&`W(T8O=twDwSKu<&SMjI_E)x%2%^$Rb4r;#XDqWEV2L8%<
zufR~&BrIB{X$kBRssK2*+&_u~9r7H8C2<~xEbpDWjmtIU18vtK3FqTw=ke39^4pC|
z*&f~LJ2(tX(#j@AX%|$|!=&Dz@4a}8oNmtA25|MuEq7Yk{fVqYDLmPOhV}fo_4HzK
z&*xClwisklNQK#a<sR!~@c)+<4f&pDEm)KpirZxf{vKeyDuK$AQ6Y&Pq@COA_q9Tr
z@_{JLuR-UM0oYVrWlvDdFPDPo+65Zv490=>&1k;S>9A2YGc3=1ruy*OAG!4zKBEdS
zbOIE6j4u)ap+JpwZe8e$1xH$w`9>HPVDlVTFVlr)`!Q->Im|oxQ7RV`b$o_44}Cv{
zg8Eg5KhT?3{q!F$P^Q}q@q3cYVj8n$9?{`PtwF7x{nY%z9O35n3ir*U36K$;gUsI-
zuA|xC^wz{DU~PM~8ZXeP9adgN@HAsGUBKmorp5rp+uCe{l5jk&dc#3{#{C;mIr+fV
zWsAvWLvD1`Zi@&D8?Hs!FBG!&!TQ;QYW}Z4MN3Ottnfw9IN&Gfv~AorHIzZH7wpTn
zW(O#N!=Ldv7)!N^^X`7lmpzQ$xlZPYa5D|c4o7AOF7{DB%@WidKUQmp1vKVD4M?q@
zU{){Lcc||cn?Z!w;iaWDU8&K~11F2y&nghXQ#s5?!*V7=sgXq^NFlhyLM@WQ!A})@
z^vsrl(S2iYadHL#0ZHjx$Gr_gi6nx1^pfkE`b*43<8q%h4IJrPug-E*=*=o?ur*($
z&Irc>v7_9eR+9mS>5{lmT-<X|F@iwA$%y?`7QJ;ja`e@?qj<?4C>AJYr{PznClonJ
zC{UKKU)OlQE_)l15k(S|`m;S%)s^>9CeR@63Pi3BL+}3F>Re@pI!h-{2936-o(vK3
zV4Ql>&O2e6zd--jpo8j2KC*!Gu3F|N?tj7<Kph4O7$sdGzWR~ILKJ1|@w++`83;}Q
z&PX0mIDDC2OWD^!t;<Pu0y6U#r?;I;ZxDM~p-$K;h_gzyWiz(;?d@$jkKd>F3<PBE
zxqTTzQq)U{ET*h4c$@{bM9xr^b#xWdL#CGH)(5h`j{@Tq31YzW#CAwWo_r3p!|Y9#
zqYmj!7k%~Byb97@q+SCbCLKvruhDW#Mlq_76#nq>aSeGYmm#geV1$5kk=erhtG<l|
zk9*eS>xM+L9~$hnyRB((0)w57)_P0*);@`veu#MTp!)S!OrHR}Pg-y%UHD@CXt5Y{
zCoz49O|G7h{rQ;n19QXq7A6e<2q<R+V`kTU+Er-Zf59m!1>8yZn2t~6vLy&T!ff_7
zzDC#`ED34C2*sVBAE0f`cB9)Us1qs|&+=cthX;Xw<m>0v6QLN&Iw{rWAqiCqghYcQ
zZF9+i7<9Dz4b2zM5>cO$;=BV~ONQkfjn<C0=~}*TjlG%HF|LMP-67@YNCj!e-$Gtw
zQUz@bX-sHK_JuTw*ar4AXi22&cZMduY?2Wn(QwN#VcEP%=qx2QTX7}n_;4%6wfdYu
zM^)lf{xWncPDUp~_s*l^=CUh-bZ~9D3>1N133_=MV0xhV`uL8^NtSsewqOqX`YnLE
zd*jN!66Q5bD2~N}5cv`BQpKI^N*9HX+3W;RqpX5y7+Zpojz5?sZ8;MAG0M5;5>4-}
zv-7rx`#kRZshD<;^Az!Ic<aMxvx3gJQ*DX;7Fka{a=&xDqvK5`sP~thcPwP2(MddC
zwIHT1NGdMZ^c5}Wt<&&1+?Gha(3MU~Iu9}p!fHC8q+~MRAOQtFJ={xK3j#LyAV*=I
zam|{v#niFr$72ITN3r;|lDN`*qhqq%q<ctiZzJy*=N7gofBd&6A1K#7!Eg<@hoT7`
z<-dNuLIBm7kPfXz6$WRLTbL&ZI=aR8!DSDKWyxSXzhIIaCYa6X>Dn!U*vfHvAQcwf
z4zOHm7hPJ^MuA6a5r;-744Z+Wm<}Kmy@z0+Zg3+5oj@Fb&cEuN4C(>%E-U9Nxc`iR
zR(|0rHgt?{4?EM%0#HeRGFPWA_i4TyNJ~1nN1gbTY;AX!czt_O=Ww!B3kl>Zr-K|?
zv<saX;1(WZTou%D`uXDxc7|HFawzrpK9GDW700f#BnZ$nzCYV|5Nlp2f+*`!$DfI`
z!ij=o_!lq3N1=|<jpam7o3(B_*(CN$q$XxGvikaZ*~O(S{fn$4L-Hlh?p`z384?y-
z_2)>SGK%rF_0mGYn}OPFbDriak%sfl8P4~dRMv=)iK43rchvc$Dp3?toB5BoH$a|6
zZ_c2YuMj`&K<{KVe;bQjZ3J1h0k^mb#B7Y}e$X+ht(nTB2|Z2nVMimCika_ZFSInl
z!a^CC^5MU|QSP%=i89A<mvx%elO<Xxu}Yw9eywwx6+Wcb9C5~@qjML4JRGB)7XD1{
zB17{In2n7<MCDL5;8m?DT+KNcB(oGKj{pckX>Q3$?R!ZTcE>K6p466)Pi^P2Y{?LG
z6f(nb(OfdtD&-t^=F1HtJD!XA+TU7N5uBm?o)l}CV+`rQ^M*zWzi$`+#j4aW%mTCR
zmn$N`#YGC#&a#0+Nqw~YGYi!-9A*XI7wcD7@l4tBB#SUjARf7V4@jnr$7`5qrj41v
z41vavYc|9;<{qy5UmUHOG$;(_NF+<m&(GVfpT5`{$;n9=Bnzm!Th{Z~)dxa>O)3hX
z01!M+>Txg?Fha+7Ct*7Nh-w5mHH-1P)#A{2FI7=rP!PTB<`=t7#?hh%Q3>b6cDMu(
z5hkZ^+qnV+(k0OmVus=ZgIbLlN>l=yS@ESU_N~mviXFk9$3}PAj4ZqKUetWObXR!k
zg{xVA<^A|3<8Cgm;CU~CyL3H*EKd%gtN@LN5w&^-&VSwa{<m`Be0(&o33we{zCQ(e
z(r~CPI<g1>&Fi<#S?PdEm$Qi8y7iOK%KEwpAt52;=p9+XE_(&IbP;)1<hcTed!^Y_
zVt7CG^)hk?$Yw7y@>m~uaZu_QlzZ1yOkE6V&mC7R*5Fu#`?kW+tr6FyrS;1&jjT^+
z^xH5UQcxNU9*fS4G48&jsS4dpVS;$WWt>N5p&x-MQd2`HcWo()q##^;eN*fF#fzG!
z@z><)p|gzp?I?sAt{40%oi)kDwq$is`G=8J>Fm#)Xvb@B(P82xl0`TM8Am~8X@JAX
zh{$|k!0JMf!fpJiI8aHY)_jIl?eqp!)9DPqDOZ6avUW1zoCYXhyjYBW^0Hu_p(WYF
z4~`;W_Kje6I?flWBIGMJR2R>OL3)pTpKX6|nhx6VHV3e*i~-GhG0$aC`pXkvN1V<+
zY;^OJ;%`(Hb$*}3;D+-8FjJNN*4wq7aF|b@Qx&O`@xBy}sDw0wBPZW=DT>>9#OAF*
z<^~tLQMAw?=m}(lq1f$e3K2B8)zE1|E-J=aQY0yx3^_yeSoB77N#S<bE0i;{mdL%i
zJl>V=XlJ`-mrP-f2qoZq&*1AMY<J33V!F!-CW8CTW4VY7A^nNo<~y)YU1_rQ0aVJP
zyHAW^O(FZ|E)B&=beE^NuK|}N`eLWfbqI1n#9c!NBy@7{59&Vh%$0REY{+SxdEiJ(
zFRr@zUSG88&L0qsTE6XSsVA(2jD!C&y!GBI&AM`rNn%(2Gmn3oEs`wy0}$1k4xBlW
z0u|&ZKUzJ!<2VHaM<|t@)SrzEU=)JJiMPWqH@FcOFoR?FXsSLTsKS>HgS(Pss7S3Y
zPE2e-A3D@(1YoK%WDs{;V^r|mdA`czasKBS`Ou-ebyIZITkdZMl<W367K%*0&P?{R
zUo>M0IwpnH)15dholA0S`YtU7X)c#tzo_*Q7>kTC!69)}bk-L@Dl#_lmGZt+dQhC+
zg=?1}cxJc{5JdlkN-Qq5PX}L2XK!k63UC}^U4U+eC@pQC!8oY88G**67(?hk2_*O+
z1@$G6vGT_J)y3OGQG0sN0A%D`fR$|3cM2FD=HC9Yl(TRo{IZmHKWV_jlz`(f>$l&b
ziD)9VQG12YU#v>3QIe1asE{%NsJD#AST5Hi*+BIOuk%Utb=QS30vaHch~B?{Ki}aA
z{t?)q4(~wqgo2qlial5r9Qi5oyaV7(G4T@o3Rf=T$q@NwO0>0)%rv|{_M?;v=@1F%
z{<4<)z!JOsv6kD&hu2s-Q;4lt4MZRjZ$PFZIkOMUbGF;zplDlcY&>c<mwsSUbFz&j
zTjKN1{prFan?9_&)J_3zQ_kgU7&27U`Z|3;<Fx6IJduUGKhpzI*Ht~}cqFwGVcoYO
zyL9I4KU~BOE=biCM35P4kZ~Q*vhs7O!xkI=Vrz_Qn$qrcNA*&~F}xxMh+_%cqyULd
z43p38FzWJbAJ`E!0C*@p*W=2(!fbtU52Rz4zl}&5j%Bfo&`{k**>AmhQfWO>Vz+io
zu_;uNhWzL-maP`)J=Yu9mVqP=;?B}ja0(?tAagn1A!%?X8ovZ;rSGjCh;I+xmFaeD
z@(>;?@W$DYfQfdRi}}4O@hNU!`qw*D-7jclp$PkK#(BVe83k;3Q+Lr+>CC_z?}R@l
z&c8b$;aya8!f9si=vaF!b+OWo_MsNwEY)E7Fs@W*W=z_Qq);g(3MmD1ie@UKiMd@)
zlTLT$g<|iTBxv(Ab6tH7hjB@;<}v3Vi-bO>Y)UiE$;7Y)Z&2RXE7a8p9;;wCaiTMQ
z(sI5r-MpA9Z18r%c_+x<@vX<*4VGrJov44NMy}%lszSOh3^r!m6SYRi2;_pBJX|J*
zKl9IZ+GF}l-my)|ZjQ;=){<>VBKrD4Y+vPO;JL<8jj#sJ$ZZfs6w}$C-e1WJVIDr$
z4diHAd0{QkdA5h!5WZezkZSZmghM*QqSFdDrF_NRb~Fe}KtQ0{tkWiaysXwc7+o&Y
z$ZSOJy%-`1u^L$BnJBTeM4)RFyJ_cTMI~w`&2lrS!BcZu&w_Qn-U&fyTb>|LhrI(&
zrf)kj;lZ{c$?e0<5iC06-60n{iQwhUm`^zHt-9T2_%^(T7Tnn=>eLG^Bo%eTU)8c@
z25X2@M-IIlHv2+yqUM<}F#1=-QUg!EV7j#+LpqxIG&8r6jv>M{0;iv+n{RLru72C{
zvlm3Co!S4|YoHe(E8Yh^wo2+Z4W&n_kEs570+9V_pnW}YO81kfbw1ctGt#&~0;x(d
z+6UcWda!T-4jkxu9^O9_I4CVM9wC)Yr~)n5;}qD2F5_Isd#-P}!vkrffeF+fX&cQ?
z%^oAAmmN^MWuD#WSJGQgmM)s))`4Te_dz~OWTX(J?QCxIX}g1WtRA1?(8yrNg?u_+
zAbOrm8A^VzZH0lIWV)|@^DwFb`Cx@cWprt=8FC4gNFB^lIFmvOOyyl?jIXSGp)P!-
z$4`3a=F{~I^Hs_+sN;zF@AiU-jx9k=NWr@I+*)t55_y0EROib(D*-iVZMWzS;w5J}
zGhPItI+9zJ;{h{sdT2XRD*0h9P(rOuZJj7Fgb@_>3FM`nyz4w89?6lE4J^dR(1{p>
zOvHP@F^r=U_5@P0fO_Cqfi_>hZoFkbZkCf*Ej(JCTg@I%9+3Cc7f-q*FSP<3)QG|t
z|L)9G0G44hn_HvGSF6e|M%slz;0D6f!Wp({n_VaVomdL__c)ApwK(-kGjyryi7mP<
zE1;IrSh+;s%qmT-qCtPh6?A3@f&=oj?>yxmbwb9bDw?xAyh{}lD^Ga{xl^PVj~w%h
zde^Pz?lwmZ(|~G19$YW`8iqAN`z&$IjZGvrN8{D_ZCKb%G{;W{-re8Kx9mab>E;Yh
zL!><>LkamHy=jj!a1b_3bvyMrr&dmJ9l7c`qYV;NU2)zXr@7oY8eDY*3=KTrCXvB;
zKm-&{j;unv9iEIE^5i!&x_ppV#YsI}sC~y%<$t!4=J~KawjVOeO)Sl=DgXW4SCzsI
zC$jVPQCZBdt4*R{gP1BP?9WO^4sYhl!bLjDZz{XEf@SL2lw)%7Tn#N{p>}&@LQC`;
z*B4}4=yvC{H;&hDMll3M3zW=r)lRm`5rby0PIpO~k<(f%L#rSDk2^m*H5kn=#w%5x
z|2YD(|H4kNFd(4G`+Gpa6Tb~AYX$S)Le0^ds334)pCTpo5p53uJ!@2_@=#KVotYXs
zK<yHk*6AK5A)3_+=VtSeZ3IO{f6&JILNx#?J;$HBke>7dt7dZEn}?BU5j?tm$y~}x
zL-1&^blOs&UG;8WVIXL|lOjL7XD6ghjeH$k)`O6BRad<#fRa<~xE~vwe>8kE#3{o9
zZZ1zE@q-<A;Lu26_xU^y^MrI4+rSl!x^Y59LGUr`BrMdf6(S+R_6+fU9Epq6p~QBU
zv$8X7V~nuiY|gf_fd61o)_HZscx>hx6#GccuCn*@>yWnm>CRMuk2FvHlkb@#<83M?
zJUT_%WRR2MJK0?c6ii-pNIQt?8^+Rhr{Lx`RPLQZBXBWSYp}0M$l(z+axvF-9a!|@
zGZ}pwi00<Tl&eD%?F{s>+0j&z1m#iOyAeKGfyi{6W!b~RD3}xzuKJcCIy!6{J<(Kl
zN{;NzNP`7M1xX%17ex+(aNONhzxWA~+<_|H@jAhbH`}*3fecV410yh2M>E<zgVWgw
zPPQK?Ivh-tm9eUD_5*+pB`|!_LmpZ|;`MOS-^JOsU!kiTEm-(CoOL93^-c#`4Kj}Y
z;U?-h6eKB@do$T)zbu`A?Dz8QP^<uVc={USszW*Me6QidO3J$D`Mm4$H*Gt;Z>Jf}
z@6Pt_wqW<|=JUy;cw`uB##-Mf3A{Tap!bJID6vnnhm+1a@^KvEHULl-UqsyW^3t^`
znHkbzP}XvGaT$3+MD0kjNI2Hkra6;*Er;Uwa-m+4AVW=ARO8jR+jZV$6OSXO_Ntqj
ziZ!*usYdDD6M$@39TX*@%f3-=<`-HTG)gMm)y^VV?W%rD(`Y{5>?ZzxEKgn9A2Sok
zQL`ZYj(sU?9FHoN78N(c&R+V(uBTqD%^OB@_C)w3<KZNn(FY|u71_S`C_pFcW)MhF
zI2Pg{p#0q3&!1LnwP1d^Tc{PM!kfc&l8=8UGtiTv^5a~n?l?-8IMDUr5aUHXj%d)C
z-^lLU?F_*zw~%Y&Tzf*gp51LRT8Kc#XWCgOe!dqiB3JzQRI0LolJN9PQk_lrA)ttQ
zHEY+i_tgKkwEQWn0iYOkW4Uc8wN-so@DB>|pN-|EgdnIH?c(8@jOE!X_YmVh^}TUO
zUK@y)L=u7>_#y?S+=`6aFYJS?ib~wm8n7Z8ycmz6Q6I`lb*DUHx0^tg>}q7tYbNzT
zSqmbdce^=x&S~}IV=;}Ng9Q<{rWF{oG&CBuuTyMcTj!f3k-m6b0oEd`d4AtSbLl(A
z=D$P;A@=U~(-x~vzlji~De`h~Xuba7hQz|bQH6jpMcKx@(BL3F@W$x^*qU=gV4FG@
zQ{q?I7F>(a7hxZ;ihtF*z1N|WtR3L7hL5WE0QXm`YyVfP3l{O)j{d(kR+LvM7A>NI
z>-woVVJ;_`kF#t@%J);*6WmnSl%tIyz4raPQQbX<T<O%5gH6&m=IoDb()mftrp8Q_
zJDQF?;I`<hLsVCi$)qg~Pb8%yA|lXH59zGgS87Qyv&tu<1;|rdtWu&%A=bN{s@t}c
zvu0DaT?-!I#1eek6ge4;s&{9IWjjdJZ1pP2SWdxdePEYelBw?0BZ<^lBs!59V_wC_
zC{A7iqI!${Ra^Jy<RmK=;$9<YWQeI;@tu=4fUn|kz5e_6@LFbD|N6~Y`S8?O1Re}6
z)RK7*sX^^;=Bl)L{x%nJkCt>$1}T<AcbZfC9vpScXLl`Vf(BU{5EFKgzY3Y@llhyB
z1nstdO@X>q2FKfG|1WO7UztvmFJc}w)mY4=%+AdkZGIN&CIVPG0HTeUXh-UewsOHs
zFa<gsNMgUvVmx`l&!-BW^H6-Dfe!(IxN@stG4A)$B@V5Z2si;_Sjg@55fTU&#KIt#
z`3Tr^qR|Bkgh(h-(M>ZTeo(`4ila*amG7lSxjsc5oQuu#O#lyt_5AT-y26l6v)1a(
zxTrsUndyXuLJcsU3_^u#HLzUYj(TG02mpjh-BCMFkU~B?YE_g(Vx?83OEq7Cf@4qe
z;N70`;_m831Tj&cI%#VG`WR3#IleszU;WF#v~B$Okp`_4ODBVdsj{;Ux?1C~Kd*2p
zf<stll;fZ2G$@SQ0t_Ev3}?=4UKzv(r(*Z67PM##-R7y00U@#BSYnVRTQZp+uuH17
zu<Pt4)6}ZAM)N=5);+%E<}qG!Y|ug?Mfxw(aCj|f-brYrZ2YyVzJ9q0ZLLt7LWS>I
zRs8rUJ*v825n$UxzBW1`bZNrwg6AoSH$LgVvb9ACV-`lhmjQ@%-`EAs9=XnTLsiSq
zi$^OR_VG7KWH;IMz6CS8PFnR)3A)IVXi*`ox}WRB3q{x2wnS=~QNuH1CkpwuVG~`a
zvWDPbyao1+vG=m!u*x+G-cf7li64Y8dg=rNP)DI$jAQ|}uiFTxZ@ci>++1BF`}ByA
zfDP$=nS-y)?e#^Gq<H_bA77h~a$ske9%5M*D+CVq6&l#^BjH>bkpSbM``(XteZs$m
zJ7~6w+8#_X<@()}EngT+R$w<-=ozj=v|qmKeN=j9KE*jS7$QJUr5(4FkSCv&(dX{I
z72B{k|19Ut!z%>o?DIxc9?>gm^D9Lc=d0bC)s^+W6d`czs2cQnH~!zZU|*;=2)S_M
zpAGpX+^?sr?<fI`wt5b6k;lAt8}umfC9psU69H5zCSCcUCqUDtm(1g$=BpHH9G<UO
zAclfJfdH>Y;_W70#H!kGDxy2IT&&3@G-=@G{|>VcgcC?Ozdb%Yl$){je}C%TrP~Tl
z)wvhbkw8xzVAU^~YqLtZvbmW@Lv#v%ezo7Cj=@~t(9kQ>4?L&^yN<y_nGX#J%2bsV
zAcA{optpjKjQq0AFAE^equLiEf!IzGIPNk(!5|ESs1L#Om2t7ME{`_bUlp$StmpDN
z-HS0(XkVOwS%!7BCtBQ_5+N(}g(M+)G$&q9At)-#MRh~onlJtIZSa}svNRkReZP$N
z$SeUAs#(qP+eiVl1rD%FDmqZ14ezUVH4GPlJ)nEs+4}_hhI{RVM@si3%>DJ(7`S(L
zGvyz2Q)U`35cHpGo3aq_27e&|!8V{iS%g76cpvsrU@knKFc0+(ALxR%JS>D2|EF*Q
zAKpTPY)MHak754Kf$(4ap%_+fQb6I@LA3ome{&-)+u|;I<ahCh!tptZI%rKSmR4YM
z<O&tx{B(bTF03qGFos&SYoX<f87|6!jITcM7b=(~z{~0xVACe>z#P^F#H-k;rt`yK
z^Ck%SgRzn6@9*D^M>Ov?mMbfNxFj<HaBvu>ypQPu4zdG$yP*J@6{6I}WzYj&LIS%*
z8>@LU5udg8fuJKIIOXdmJrOm!Vn=!|<TYKjkOhxH)jgaHj5&a19hgB{{^sieEO<6G
zl2<1L<lX_6&9fZ^i-R(35J)@LpgWq@y5-c_1BNRjICOFu8NooS*wlUj0fCI7ApU>t
zFYsX<8oPBgh4=3QDDn%j5ksw27>D=LXw1e*klawuDbwKzsZ6sgjLGp(XOz5SI}?$Q
zulM(`?QwY7AH2l%B2bzB%kW(2%A$~DKY|TBEApORb7ra%|K`D8Kk*-#%}W$8E#hF2
zhhY8|XJ3~?r;ZAg3l#>y&-8yx{y(6v%TBBU4g8%AUS76)9)<s#sLNkY<pC3?!oPdW
zFE8`AY2^Q#3ID&X%R~Ra3IG3V6aN3StU`y*k3#56R_fK8`?Hq5y92+#Jns7k687{D
zcjOm#CV6-VxP@6kXyicMU75*$59j}Uwo(G~p0i-J>~CIVDKsw<$5a5U!~c8xzTo=o
zoyz}oEC1`Mu|pFmlgAEK{<3~1p-HMCRfK;Q5`q2S-(3nClbOQ|zFrByGGzQe8L)rM
zy8q{h4E(=Q&;REhW7|?k;1JaTo#Plhhs-Zb7B<%x^OIs&vMAj5GYK!={|$RR6@}tF
zQ!6?Pm&NaW;zr}J^4~|~=lai!`tQXW&}v`(X3*>oImi8_TCqbjEkmmK5YRYaiqvSs
zkV(a!I{wWKM1Bi<|N1^9;qgul4Ok&&JiTuAbozcJnEVs;{pZ8WJus|-xtJ>d{i~(V
zehrH!n&gIO*MKcn);RPxxse?P`ojO;VM|o7dN}0uez%nV9&$Or%C~`M&#FxVzA({`
zcg;*ze<2@#M*qJF@}mnnFZ8!{&Hwz)kI7&2qIrjb!RMSzfWsvQjOPEtAfbYzIC5Y9
z-^>1=_XIN4z-;n~r@;j1BRDvA6|-mmVTXPED1h=4B%eHf#+L?sw&7vY&NkN8=|6rb
zRxa=FB34OJKmM!Yx%Ws{9Bg}&pZR(IjR1A%7F32g<RpPE@CKYiE&oGzfx?S&=qoyi
zfc%#5{*$00ok(oZa#X16nc<iCA%1nXn}vWiFtftVK!IE;{FOL_D!L#%*433~^Sh@w
z;KmkLnRGq8@AvA**5Vru@g^Z-Z+hyLE<U^cOBO$koFZEIYk*j#7QC<75E-kimK@)F
z=T31`W?n#xg!P{{@q-%r4lu>_lK;K~$6xOt8<}*zg$|C2tq-c2{`-4)&_9gGl~{rb
z20Mxs{Q`EjsmI-CV0wQa1bKqAC;!$6*5~FdRVY3J`w#VV6&X;bhwrAikj@hZ*h2Y~
zP(OFQdi6<#u#BxLPcw6)MWLVwN62`0x?)U8y;4YAz2KC(N;$8ItxO0x;ti(gPmk0y
z&IyjXv-h(rpI2_R2+kT^To-KjdDzw+Qh>V96CD@VlwSY#8XvIxIJ{g*mUpI@Ko(}{
zXXdMoRYiYSH}T$6U~kL9Wh+kHDRA|HSE%$4`w<@o4k7%lt!EpcKW&G#gcsR2T=0=b
zAKYPr4g-!L!YZB4KY!eZA`NJ@8sFK$lErebsDB$V!Zy^ZxAMdH?Tn*lQ~Y^Lc9JW+
z`?;K*@{l0}zdUMbIVB-qio}(tYph>(R1}&28!qW~mV;;3c<TI-pob`$)ft5_V)5SN
zXnYZoA>xBNv?F>*THj}Emib-bj)I980q)SyFCWmFzvLVoJQi3R*cQYmaeH<c9sHv=
zmi%-`fW-K8NUOA)?721UvqsSfQCG4RDy1Ziroiybb6yGL)CHvdh0GsRvE-!OeLDx*
zAKIc0J;silqnAVQSP}xU=m`CS!=%F(rdnHDE7uq1>{feLl{qki|D7N2J;3(;Xp;&6
zNCWihp922v4_}~0FN#M7?^%AK)Q?8rF#Q?h^pf{HJ~H-`QpLUw&zaG*qIZu8!)5b?
z$D+_}lv(lh_WqtNiEDgToJ_j?#jq8)I6$bnrCY3g%T>%kDqoH?RYdjfwERr<Zq%1n
zYXJJRQ&G{7Fa^==a39?6+@|`cSxh(fTPASqx|cczk{iNPTUy>sMUq)px?L#&FpAF`
zRcAxHy+eE_XJ=V{{s)q&rvlCnsXAAt-%C-dEEih8@{a@C$_8+{9AC}W@snSwFx`FY
z@0GoB$TvM44Nx7a9<Cel+$u!x@C!AknwO^Y(Um8=lVmIQjWgpi(@;O8-I0n2)7|VH
z#7ZoTorj50^Kc$yV!3HLvBx;1ULhK|%Q?R4)66qYFy3Z;L7z11^L$#t|7o2_4x43K
zB3Wo${^#P0{^sXzEavH2q^l*a0{JcHn4f3b-H<BOnUjGLt2dE^ZFlx*alKhCWms>B
zaxCxEWzOJ4&opKztI2mk4;)vAZ(mTZXt$=#JUXbew!b3fY|*QL{>P(C=Y2J}5r#&*
z9j9yFg{scwM75|U8-D(X<0Sf*1t4s@b}PkUv-0Zpnt;vz>0ER2<=}xtxq<}Re-<t|
z(B5oE&*T^SyKs3v6$Z;wuLUgFmkL#?1@RYu-<!XrysiS3Ew_f6j%O_pQrymV;gOjB
zMB|e!MbhoGU&r9`2cE$ouT&+MeziOELtRYV+4AJ`MbsnVB{MHOe3vJb8(CL<NN~;K
zVfc^`!2YTqd4%_Lo|ciALnmX{WLJ%_N8OOTN4{rddon|a%7pllA1iAe`OB9do8u3o
zhl(T7NC!|Mg7z@U<Kap45irPlogrAdJ^YvHOG`@>h68v|{I=UXXRAf>JELxT-4!EB
z*^EbJ(YabYA9V4=Lt{}cPiZt0n$LAhxwRd6sfBfPa8miiCM(vp6VBEN#N_ZJvDVB%
z^2<yDD~0H&xk|#ceW7r*eci^=#mmdpD;iPO-dc#@(Rk{LE{(>dhmkm?VtraA?}gC*
z1tva?o?U7Zy=?qySyk`mFn(`C8I5cKt)j(9gw5pS@SOO%@tGx46opY}H$0k0qLc$&
z%0wjtSws>&L*jX`#py-t3T3eX;HLA2mIn=fpp}Ole4yG`YMF`tA`}{O_4HL3YBL0)
zk4J-h8n3GN<@d`L_PEY-*?;o*@$e)=CS!LYgXG`0cpteG+9ROp#rli31CD@DFq32S
zdU>v{E{1FmkRa`iPBeghXJ`!aWfjxX1^lucLjXft5@7Hpt=$x$2m#MN;g^~4XhE1~
zBqEFBba`JP?I3xVRM7{7;tG?9$6|a6pXHB36S==GEgm8EIixTR`4jgXsh8J5q$Ub!
z`OHe{dx^;Ca)UwP3m>lDtufPZkEwFTunv1Pvf#|Lw9%ld;4m{zwy-9isi|pD7R~Jz
z+i~aAb}vHM0=L7o>8cMFg4)saWyy~BvL$D#ZBo+Hbt>(;we5B$WtUhgO~w+yRh<?l
z5L9o{88SuSvD&hW*5ftI;1LRC<IWdF2;`fbPe{^_*6F@~?g-jQx6)R>3gJ9%xoe_o
z!BWYcS|8CmJ~sZ8@+H#NVv%2!%D?15m?D4V^?J3-IP;N@6Kgex4?QDU8P)m<WE+)K
z&E}@NXi9E%oLWM^rn}*N%lS3t1iu+fsnJ-%ie`02douEw_w9xK10g@2QgnB>77jBr
zazk2NXVe#2gW`BP$^%Xs8q8C?il*{;Y<Byrnk8@JRO&rTXD5XX>li4Hd0(g<V8J}m
zK!=FoQfijKMO)s+pp$>&3(YzKQ2)+|FlJk+K|yC&G$&q)#nhCe0VB8m1Rg&#b93^a
z<1{#2_IARF_-lU;sbKRi@d59=1cvMJzk>DKC*aJJ{jmL2{l^Xv3@WvB{90BFE*PK3
z7vM7_fr2XI1($@nKgh0l3i8;}tu7)3R3tS-L1j;B6FILK&_kS@wQC>tMUsV8ey;^x
zQiU_m$7^W!JdUQ)4aQ%F159<OQ?ieL+qZk=O<u$tb+z5D)vk_5(*|CgTfwgQFnJ$y
zYWnJ}X+9G9u)}!5g5jci5AoZ=vp{+Vq9wv-*BLEuvIhAG-mX$9gkN~jsF4@vQJb>#
zynB$><ydp%GFoXYKeeO?hX#Bh`3{TRZqs3QTce`=!B@w-BA~hx=>)!0`pwntNK}p?
z1ji?!tp$&w_)J_hIAG2_47CLY_<Lx3o3BoB>#Ycl5zLBal(W|?6+fShfON(FlxA9R
zYU5}QJ;6=%t8)VHIXD0|vkI-5`L%M6x-_LmdSKte-2{Q%vdVN(7tYhqQrN5Bu%#L!
z<K;EVAfsWTDQw>7s9L)@GrT~Vxgc+BRp2mBO?++lLXUKg*F{V|B_-e(l{9-jiBV5m
zz9m(-xR|yb3H~Yewa|Nw2W!95rGKBfHi68f-A*JB@t+e_3k5o(5pbZ_C>j@ERndLh
zwQDJRh{<?Y1Ti^awsb3kwp>cR{Vru;zJ3k~WVruZ$lWW|g;@v+vG5kng+_yY^yL{F
z`n@>NoF$RIcO7ZyjiZ|QS{Q>AC)0weFbm`C1TEtrseK%^1jNh?rtq>TDXvYy)_7)J
z_jC^)MEO6Lw2y*8c-b{#PRah9uMVup<*Rklyqko$M_%~gU8QaM(~NU)aUh6)L^6`i
zVEly>03viBGg}1})N9Lqe90?NS(S~ZRAg}yTLRt%NWuv!N&F524Wym(!<HCAgqaUR
zL+NvDR8%q0zDR3?e7d^Y_juU}4B536w=PBR@#UK@Vh-2O(z?3HalW^dWCx>}D1X1Z
zuJ8nz;^}#SPOdz}%f}NKjBbVnq7Tfn%JDAF(X%GOJagH{zp2pSfq6VXT)8Z`PP-rB
z_go#0m$$?FL{-F?;&dmTNv!(Tk&E14saPdjx`5c-{Z^snjR3`l6>^4^j$KGbW~R?r
zk5!#v08H#wwOA5gNrOMf1>DhHV+zmRUbY)1y6$1E$>MrcNek*;3mwG>G&fePI>{P9
zQeM$m*}Smzc8V^zkRdr(P^onwOS)Bcfv80AN&~ZKuz$LBTdaI$_G+$~kfrtfYPJYC
zdPu!{Za#1I86uE*Vje7ncQieeNYf+V%3r*)w?|$mz?=2`iR@AXQ=Gj8k2u^xb_-wh
zZJ(+~=KxFl!$+s+IEVh@#q9ZZS$voW);XlQT6m!Z&BA1%^Wg{WbV5Pvnf1?l!V4N6
za&S%u9MRzl3Gro@hLcaXoP92hbEUIJbKc&ijB5ERZra-+<`^Dni*J3)mm}Z#tP@T*
zX1fZalO=z4?UcvAN~BO3$K`}!lNmQjhVIA{Rjm0eThFh!n>V_COV8Lt+Bvg%pl5A>
z#?bpilbJ%g915lCw@5Ra)wHWtq>lQM5!oR>l21!LQ&IF~GE?vh`^&sG8@4lSLwO<7
zgC#xYT(bCvSb?Z98q&8F-`)il&--+j$lAtx9JQmsa~JWXHuWlJ5JlTTw%bF9_vX_p
z)Y)DQu*ORT(GNAa3Q?+Mk*;E-`t5w;U|eao(==ZXk2P@^tE=Lxevhp=UEoGudh*jc
zL-I{vi0fO^Z-^{$iPIR&M;zdol`VCFX)bv60G;aA{e$j}7@-aNek<cDc?+^&XTadT
zf5RI)i%!yR<q?@zJuH?2Qur{(Qx}4Xv!MgW8nu~7+?lI=(Gaf(0cSEVhJ#v?&->1b
zCgPId9pOzAE!r_zFOq7ptUQYecyjUO&`Kurc{pm<GvoZNI4cZzFi<f$d3vKrY9K<7
zM&1V2+9nQ|&%9;m<|c1H5g)a9jR+aeNzU|gz2ie!;FC>9+UQAddi+VY{}n0;H0=po
zCed-P;x11&qjS+k|LaU31=fDG_2%EuNN8;n16swO()5O==JclMC=Fjhe1cZR{GMVb
zWnd@+lHC3w4aqa2c7h*tpz#P?t(a__ZF0ljyw^X8w<gOn3ta%E5Rf7D1E)!pp^4(7
z4QDxrVdqpz)Hz@=CYgBE8=d3rnRRZ+5vL*(LlUkEIMLn+uYpvXL24GS$$68T<W)Oa
z9bF*ThT)R0#aEvZ^wi*&JlzB3Dum#K_zdRBGMT*%SRDA-&ks5|bvgrAdx1b_w+&>4
zUA-t%H;^9>m~1*E<8kh3WwV?X1pKQpi4~8#ZHfMbZEw1S2N7V8LJYw%HiDtH<{>dJ
zra$nqAVAR;DSa;X;{0gk=VF^e#e2zkbBVa~<x1?8l@-A=Z-1M1|HZ8}My)bAgM*hn
z_pld8s14{e*tO+F772(2sV7Rbi9I|#Bss`x&2F#xHoJ6+swx=tI%S74z6n`BPWBJ}
z`0-xC;fcOihJ$yno;^ph<IPr}%k51p$Y2*pHbAzVuH<N%sjJ|<1KcTQ$M3I05DeUO
zIE4TtTV!{-CbsE@$~*jM{l?gSa1HiIt*StfW?F%jb8YvlOah}4)gy5YU@`Lb6B>z+
zWXsbcZfRE}mxD#WyZ(@KZqZ;U^9@_k1U*wK+4Qp)G7}C0(jH$%9h1ZNU3JkrEe69I
zz2+_Q4o~iHwTo&)G=n}u&OE%PL^&se)612cmIAGcz14lCa-Y{1ip>p;$53}K_^k9z
zDV46X=qDzp$DFVRp9~GkvlUe6H(JTEZH=|$p|jwi2L_{wlnkX-IN)NCjT`?E-*=Z0
zVV$WyKxZ*glH!($m`h9ax`X+i!FP(YlEVT{{6q*7TkezUh_;R$MD;eWx%|epLjjNj
z9`^pE+oj8)k=G_VrMea@?p4pVeB!uhM0~xRs?K8g+zVWUMgFL2<1IlwA>pGw3{oYN
zk%*pAtaX))K}*bYO`ggyvC(|0P9^}FU^_MKSzZxabm-7%VM;Q+Ma{|;O?^{-bCImR
zvEn<HP)Bv0+Ab*HRYk=gr~F2K0FHL1#fWyUDYt6!a?MbHB30Vj>oS{hFVJ*RvqfqG
zJ?F_C1fxJ^tY(1((;5e%Rhc&6;*PdG7U@}FA`+fxu@Ahsj^Xz@CWVaby{5F{E{ktx
zw+uo2#oCI7+sg)t)fqPZ-n~15S2-mwiLmbGq&g?C-J5f_$q#^c^m9qcK;T{uAYp=&
zRWuRazit2ZR}*MIxk^3E=MRwfbv6`nYfuyJ6EM}@vf67`pKo@%O37QZ6OR3hN2@_^
zSU9D_8t?NOXipl8L8QBUBCBOYQPBae%eQfS3=E1wM)!Ck>x|^&WRPhn6c3DKJ-B<{
zE+x#hY^?=av|9%CD}ZJgu1vqD2qDY9Fj$R`<SBIrUnXN~<Lj3U_gAl2tlfphj@I=K
z<lObCc<InkQN76zlF-RWSwzSTl__`R`IYLh?1K3BaIq|3jfp7HdcBmcY54K(np)Z0
zI$MJS>BVVQsk4fj+TxYXIlYeP&*tpRN_aH&mN8-f2e>AecGlLIN(dD#s5-jfa*|t8
z>nkUSVwS}~PanQ>v_hy|2Dl=&TkA1V^bs>5%)nf&5^#xhu5lU>MK6o(eYTijMV7!L
zf=H=Yj=owpNE{S*Wpwa5Xd3?f-s1ZPP>0CMD`j4P3+|Wt2|gJCZCOEBAdYQ;d8#8Q
zHjU0l$a1aUlZJ1;{)4>QF6G9ikcCC@<z>bDTWCXiJO@o=6e2_Ga(i9ZDExjXJL^-X
zo)(Z0mLvPEWz~{dGaK|M+bw_lP~poY5;yTf(!=Dt3Kgjx1}4JP)_W800O?fT$i_(<
zB6SYn3gNnlIY7O#q?$mr<BDp=*CV$%Cf^YB5~)g`tuxneD*a9l-+1y-V-7Djye9Fs
zaqU!|tOzUPCWmw?uHqIvv8F~%qshtB&sfsILUC-xb2)}fvj>N$;{-k=0wjIc)=bHK
zXkT9Cxup88XijRT4s0i>d)!vYFk06-()!2H&X#nq9b7##A*2r3a=+4Sel>r`M&Q5j
zsjjOeiLI`7y7!V=>e_9MR#IIm7mOu8v%JGk&&fzBrBq7nvNL!uPR!TtsuM%;m}v)w
zmBkDMQNG2O$Emb*8m^E~PnNy4-1T03yi^Xpr}&uh+pKN2;lAnl4ox*0R}6??*yrZa
z+8V2gEB?`M58CJtE)4W6rBj-3qljboj>5@|V(7~pMNNj4&%*WOAc8RW_62^9-LvLh
zPkYd8(8U_&MeU4k6UOS!^+xaFDg?<nJhAj`p7*R%a);}OeLc)TQbY&u(t{1kUCZmr
zLkBC{9851^Ia;o{Gl{-7EBF>P!8&gY8?eKkTwA1Yi(O&%iE@+3c?W3xl+dWKy$au6
zx}q|qJ*1|=r*|H*j4M5@UF|Gcamw9m&r2h#!edrTp-UQ!p%Sp1M^5z_>=JUlW3O#;
zz1z7q=bRINwWn~F)lMdP8^|rBj>yBiX(6lA$VmEM%JT3bIPx=9rnUtiCQk7_q`wuJ
zA7fD8et9F%igf(mksCN5?W1Wr+w5jH;Q(jLUYh!T;F^P_f27JnOwehQ^WEc}r%xGw
zWWN)`4t*_r_YfVyOC>6fD@+R3N?>+2#1%c_l}Pi&_O^10O<>}nG=3+%LzrP!EpfN7
zk`nBj6pOaj*7JZ8ShOk1g;bAQS}FsqeIbX%lrj)wu_9j>*Vo{B!RU4~_R33Ym{Njy
zLq=aB@ix*f{hE@R6cL|Mq8@+E36I_C<JvW=I$u^fB<t|&8%|kxLp3#!eOHe?k|QhV
zy=PnUy7d#Y)eqz{EDIYcV7SPcYp5)KdlHEefkG@IAAm|i&dclRe6mwa%ZR=IJsk}|
z8q{JcSoX0;JVr-vzKGD}Yc^E(&6GRYelD(3eadJv`ke4{MdZm;@-Y&h#MrT6fFLL&
z=9xFxmz!cLN+r>^QZoc{K)Cg`<Bx9|R;XujbA&+zODVa<>9P4zgM=aBBuy&u3BmB^
zS#K9TL|gZHS`GAtDC^bL8|f|CkZBTw!}AE!%AaRE&Ig1I9D7`)@kaaPy;yxWv55OE
z8O$u~3BP7vVs-v&b54b^!MiY3wS$EQf=0r2k1T_W?3OUHO`L|i?=cGbc5ljVA6;hD
zj5Fr7>T2tka&5dXqUsr4J0UY_OIW_lKSiu&ey1XSi2gv7qWndzH$G4BSgh@<GGHYL
z*k+EQP_HVWE_!1#hdZ%9G8(YWkznx#lvWg*-4L|=Lw&j?TRS9cS&IoZ;I{`tTw>{l
z2UMreSfz=IfJ*_vn9TxywR@ZBkwr{RoJxs{_9k!qy0z0CK4<wM-A&YN(51}CEnU$h
z^lf3@zq`3HT!e544|r<ov+W(haMW)XI`65o$4<Ve&ih_F`1+81QCxa?*=UM>?xA1y
z7HM=U&h764_BQW=s;i^brmOQMWT`etnb73>5!0qtLgx&p9z4(6SC>i%Xj8jKEgpTN
zH8ofk@rj7fGb~$nb1a_~l3ucy2xF+X(8TIVT&q+GU{Rh3yQ#W6A6@EedbuE^ujdZw
z`IK^z`S^)^2f|x@^~Qh2>5m_)pltT(!Fz>&E!B*G^^Zo=;D8L(K}<3A@i)bi%gXWY
zx^w)H%NHhB?NR3C@c_kdg(~sl@+_YK?&ipf3M&ToK#0!=@7vT9aSJg8AagQV&^qfp
z0}<A!4N1#s1At-}RC;XV1w4h~20c;f4`ATG6Cb41+HDdQsaE*n^SN(^`p+SPtiYh8
z<m6n9y2Elh`w=WWJnH4Uo0{0u-5IjwEiCXOe<AHY#u0@u3=e`>fqv`R9voHZ%mzr8
z-pYS`0E~n3(9|HKA)=KfA`NYy3i0iuVK=asg!uTUCzu`ev&kQuqm|H6Qi>Ia(a^7=
zU<N1^YvdWGGXrr=OfAZ-ZzHxPaUp9d*H;j534l<3?+y;}#GgGp;U2w?X1M4wgT`Hs
zuM5EVynMN6{He4VlOGrtS$l-%3{6g@cu1FC{>+Efx6{!@)FJFEam9ER+F8c1M0)oj
z5QA+l1V(z1e?YR9aK%b-7Ci)ocA0&0dX<#xAXT%Bl*}UPS@}-{aAxm^p4sb&B$&1G
zdwJ|Okc%|RG-^%V-^tKaAfUCR9MU*BI{I%HkTKhJy<Rd!|FAK&J%V0mBZU+cFyemg
z3COZp_$di&mTz`U;@ie))V&pVIudL?K=5>QCyEJVh^=qF=>S^llCxoCy||9&fUv({
zvc8tSzJ9p{!x5}F2vk$d34cOpx3{AzsU7pSaW0*h#dui3b$*)~;qW;$oyiAbEz6l5
zT*kjWW&q0BUGEQe+rFnfN-Y5dAGYMg5i8tJWT(sDxVS$hSddZ^cE!UL(etH6Tky0_
zpr|sEk5H=`aVxoPSmrJ|-~O1bkxXxRV~jysy{!<PP?`HOr%eCWqjG;CcH%s#+af~s
zWfvhSX(;NFq`E6Jz{X64V?r3S$jY*M7zASA-fS~*#2m^s*~4A_Kue}KX-%55JO4Po
zl&%)%_|Ed)&B?k}RvvfxYG0ZBe8kf5Ms6o_;hp$mQg%i>959<J98o>F%N)U-7}nES
z<+JYEfwU{Nefu2gN7fPaM1DM&Kp0Ls#VAIlNq(XdJYt^?K|M&r5~RvH#9=<x7F;zS
zCQp@XG4Xv^`T#;db#y*iIW$@<!EV~C@#G9cgzQ(Vll8~TSj0DnwTi4%j0Z7T-S{FP
zUKRz3@>B02V>MPIeT&}@h3rn!PH$w(6kQHYXEl_Y%{=XzXwc}iCT&XlgZ!eG+V}5Q
z_vCsr8eHdkIlfhZ103=QB!yD)2%2I#?dsra%Y}UO<$p<@_Z}!gqhAW<-Kp{aY>SLg
zEE`RO8@0qrsqPf2lQ)%Nz<oOG<gZ;r%U=-cKA0*Y1Tp#Qvg;j{C~iM9q4IWi&9psi
zxBiwNmwZO)9l%|;-<(LfetvtU`8nAXpz4eOYO#DClmd-zubmi+2ed1V2w5y<1p}8*
z9lAbsY(hRGs?#j}Jm@4CnXz<ut09@H)$EE*qf+`hbq!XXZ)@&Kp2Bey-Tx7SBQ!C+
zaK<&Y_H8zpN<tu=yLooK9fKD3?4xIm1;FR_>&tGB7ac2(ZtJ1wR=n?Lb^|JUzwu&C
zs%;l%XSoGlw>*BK<P%gkGCHDzgM;=ROuF&8$$yj9WHk2;kMl8ekFRD0$PN!~zBx@4
zT>2jCl913O|E(S6krs((FhKYyXOOt|!biBU>g>LX{n;0*xuhd5G*P0Fu|ZyBDqLNt
z!e6_!jEs*%1QX0isKpKMEPMMv3u2>!r^)Ri*InI145qI6lPAkL9%9}BY(AzPJ`lA9
zko@(Ovm1=6_zL&PjOv$!x$l&_0|W}jEoGk&x-Y*I4GN(Ca$e~`_fXtpN6I<QDyM%D
zR3n+G;1K54V9@|C;LV+jGMQ^5v4&$Y>Vz?wRAVI$*^_}Zy5{C)X0vnHo1JsD5STqz
zo~xOXip`&k0_BBqj=9<LId|Rc>Wj=IYGBIb5NKd9h{QcVdzJFoJ-_MwI&DzwVH%xp
zO-$4N)fo{@e927+%Sr56w^Xh5`?LOqVD+2?AKIRbX0;D)21KvU(>*(cK0LG?PgT-c
z!aZ@zv#sH@!7<aZ=`R<s+q~91sg%QG0~519_{{s~P-wA6v&cyEZRa~`X*w(%2H7*2
zDSW~mjg+^Od6=Zdn$~gEmYjOuMHb%l=LNUK_7RL4dd?GNzY$_$lp~UGwOYn`p~0Gp
z53|7ZoDi&cTy89qwFm=}IyII<YXqdYg(ai7&vH%t1{fDUW1^|j*O;9fJ}wT_L~ufI
z=*(O>S4P_ZU!?s7P?lX6HVi8w3aEgTh)79ycSuWjhm>@8t8__scXzka-JR0i-T%J4
z)%$+lZ{C0An{UQ(7-lZc>)d<owO1VLII?(~@ltXQSUr5Pi0*|Lc?LTQBbnUH^pRLV
zKI(W}mSWlc@P0QlEiXzx6U1%EONoO=i?<BA@x-bnaATLrS-o5p23QF*l~OWU_JK^<
z?f0C)4(#5@+mSK{5f8+$WMExil}aqQ3i#h&86oXXHumXb(Ecagd<{uA1M9vq{7E+f
z5)`DH=SXPCnlwYDdeNSaMM`Ci6;8OJBEHO0NCZdL<Av({00kg15u+=wsby_VKLu|@
zXI$b<fjvDn4VUMY*!mUgMMn^J7LB$*k3Ep|NJk7Vc;V=<X=;D?Tw%}skqY;0_2H^m
zB`6LLe}0(ck9lBQ8vi&27x&zAjK`@viL1#q0L)5;PA}mqm=dY3xZGISxnLzO++Lq&
z<nc2xG2!BL3zU?UG`nb+PF0a;;;A^V94dW$g@#7D^$8gbSpoE-S>ZXjZVuAQak>%?
z0#^Y^lnCy}#b(db<F%U)VT68|{oW)D&q7~<k~aS*ZEbD*b!;+nGw22QNT<cUJ<5rW
z$6yX7H3VN{9$Mi%Cbl8W{pVw7bsEUo6Afs2ueeF7n$Eo186%^-S?j#mE5g*bM3?1J
zWPTk#qYmdlnZQ<nbiy5d5egcgtY|+Ej^ZUdP#|md?Dpo^S}9!2nd#W(OOv^7F9Q96
z-3{n-)0<46TW>D$+gNpj12|Q-9voN@h^VHX@d4np$J>1c0%Ii=4kclph`=FFMc6hq
zHmovlq1y(r8yqRn`eO%Qtgd5hX^G9g(Zs9Uc}r)@&cZyoeGLZ>A0?l=zkrZgrY8>n
zenrzoNx%<`bw$M1UuMP+*V-6uic2D%zC>6!U^s5^4%*1;LSD7mOa8&zwV*+yrT1l*
z5_zw<4`~f!S@Rn;&5;zj%jKn(`yM+S>&Qk|t#@#M(#o~#_!AwYIR8TE*$hDEnTqY+
zAKLZLCAntPEvE6!OyZk^O%t}gUkU==rt1NIt=m3s0-K9}e-f<lr?pxwD=_NHRT*u6
zjdo8t<h9eRm4-)3->yL+s#<A|y*rn2>%20rT%Pl;Pyw#<o7=TP9Y4sbQ`7V(ibkx%
z(32)!GzXf3Qf;<kh4RsH9L18!y>2ez!Q-v1diy@GmUfxFK)9*&?l$kCmWvm{IBJ1(
zf??ByTH$yo=r3n97>;s3R}r7AtCpG>svX$h7DO2S(&qMhREky|h{CYAe!Jw@C|IoB
z=dY}Hu)pNdtv$*H(}noh!?7i-57TOSQc72I<~v+;BWW~K6SUP0S#;>9SXRcE{NbFq
zLzecDgTC%d54M$A?=LyH#IQ=I3rTH}H$H0Jq<nP$9Iq+5C{T>@(&^{EjoZl8sh5_C
z4Ytp}QbnIDAb3(`+t=H_Dc-;23ql(9dnBM?|6NOKKFTe*oZRvxQ5||zt0leFm!u#n
z(g7SxydtG}`@2;=lAC2~a0_`7G`*FM?il|FVDRZxv7JE1nkmcmmUEdHa7zhQUydl#
z1wUTWy*j~YEsU-Ky7ZMJ0T@(fre&CGL7Z1Y)t<H?dqH4IS%gSpD?gwl*nF*5Njm*|
zWKX5ZOs>HUu%oT<UET)bkPbR9JV0wJb1`Gq^dV|2UcQ-a|0am@f?JQ_i)WBA7DN}Z
zG+K?kj5>6V-0EZA`{j<HFbmfYu#YOha6(&alG{~`-_=Fu-Q?}*gvPcho&`)@#2y(r
zEi?SY+#57XRqh@SC*l`doGb~`4a<yAe?_p2fU?U1jcKC6A0^BOsy}JG4#@_M$*I8~
zE$VV-D~5tF_mPJ$l>q>*Xg_>GH2`ZP3MiZS*wepgyi#W0f+V0X7mnYECo<zU-fQ@1
zs9Qs6E<Llfv`j6pwRBZ$=9_OfY(71@pWo#H4LmAaIj4{QF<@v64FPGhu&X?yh>F2-
zRNq2Pg~v}4#`Vy%`1_rZk5C;fjR8JO4roR{MOu2{@Vo;fvo)(5t`}*I#AHkmC@l?V
zOXfU1y~y|Nz0ljWm_9l8jq;?@a$T+8aNBRfoyB5%9d6NnYIJUpXRhh8wnCA%D*Q>=
z!&eyl16Cg@A>o*wau15XFAb7rx$W2f(%f2!CV{?eEu)0C4gg0PZ1l7mYlGHYnh5Xc
ziU4dmnPLlKqs5DScPO<G?I(6kJUU9r>7ZOYX9+(8mIUVFwt=#l`xLhI0YXYzp|W7N
zood+TEk|+3cW-U)oImgF<HMkaJp6+{2T>aYI6^jKPLBRNYAZ$j6}83Oxw=|@24zYC
z<e%MBrS(HjtjI#**3qDmEJjoYd>5SN{aq4>Bn;62lO_t2GG<SH44s}KIc_Fj`1!bs
zNj5;3m)<6FIHikd+1$U;d#KaodYi5r2uA0ITYYOW>A@sShTXzg&5xzH;V?psT1Swk
zg`p6Uy2QRDgn>0;1XM#4)x7f4#TUWrk~Pu<)1<9I!2c`wtqje~s654U4W(3{DzIsC
zWrcsH8vPQ+5DA3elj_yTV8FEQ&2l)R_BZ;a?h>GeKySOlyoq;ES<E<GSJj^zQY&F~
zCjP<?9nqd2nl_D^Mu8Ia?JHB?S%ZGJ;|aBD``nR3uwDutt?ON{Me4e;&m}y{yYrjJ
z095nw3yy@H>1X#dj@0x}WWu%1kTBN^3sx3ZR-tXH7OxjlvE4vEJVqnB6La(DPi{F+
z?h-&MBAfjANlo24I$DK>a*2PCMDl)P0uN})kMDq%M*z}<F2DcPQ~$Z395d`W2Fj$O
zG=U((%FMPe6fV<n{?W!JPSZhLgHvT*g|@o<hftbYx`uc11isqi<rK}zizbf)yR?-l
z2uZPKrdLysP~pRhl88_bEHlBVnlO5gu!FNIlvqN2;#a7aaB_ETV0y+GhX;3LFfO@t
zlp3`n57GB>%ZLfkkQts2v;2a#6u+G|-9hQz-QWx2*&FgI>M;EDKoiJGeNc)oFK^>p
z)#)W+=d-_z$b!n~4wiW+Vc8p%Wb7&Ugn&ITD6Ma#G1J>_pIC`72${$w<NV!FodSZN
zzdxN4`s3fgM9{<fNCB{k<&g>PtiNLzoNXjX3C#&kq2GMfc#3WZ^~6-zS)X*_rA&7|
zD2kYd$4CH(OO6C~0-_n{%${^$H*J?>@P#uOPnv5f^zZQ02nI=P03n;Jv#m~0X3qKe
z<Lhv23f>JS0r@acwUJR)egl}}Snc-WYkfI6fn>J@{)}3t7%Z}qF|)~Z&=q5jZ?U-r
zpww$EOmn!ycAXSkU?+GsipNtyZE<lxl_Q?OI?TVb(iP^xpX`3+Iu=sYl*j|-O~RCV
zz1l*yIQyp9Z0>#BKa)Ti=g7t<^EhR(bvriOVcctDf7<!PK!A%6hwQNDm*-fy7RziN
z<K~%5%XZK%=l2vL!lHtj#sbrZReiR%-d<ksRxZIz%;M>hb=~t9?E_aU9=@}NOX*!p
z0&cj04@5Ujx|tR}_;)WZBGK#rd_bV$mM>G4SZ?2o5yxbb3ivR#dPMm%#qNEN;CeRg
z_GVM0@ShiajxjtpT|dt@7|ATP9|y3#l>=NExzkHOvUPy89D$A?_>|EcCl)8Q-mj)Z
zOQO&Z5QitL=DZ4#a=G#&Dmyb3R$0Zh>>8WOZ&B|cxE;=<v(a#iRP#kVdei#;h)e=i
z7R+ZCc<zr~olQ<Me|E`dGw)0tQ}taR2ca{l-~WiF4$*5%ZB1!uM2W25Jqcr{oc(wo
z?}2Gtc){xFJ0ulkpm^VOax90ZK3_OIMw1n&v?HU6q*3=;luL9znVxQ2zyE5gkG?MM
z1$<yC4X^ch>zKPju5x(o`4ESqZnsuyZR5*<L=H^3+%;aaN^%L$`Z=AmJ<tnVeL1pk
zQ0C!Fw?L%A2H+!<KCYLpWwg$IK^SV$o$yk#y8x+^f{Ncbm|p;z%Hay^tw<Dw1><6G
zQb?9P>@J06&w1xs6x&q~U(+LE?6!*mK{7Ssn{UND%yQ?!aV3tv$K4EW{@n~?O6zl{
zGuE|6&7MWI2}^#=D_3&UXCqZxco<aj1&m`m`PU86;biOHKkPP=%-S)_sU&mh8MX?v
zZC%&VSZg#ZGQZ(H3v_!!HtAXjp6u?#X-LO&&aL5Py?S$M-ECkbh`V&<IP;9xwSTFs
zY4s<KrCKC7Di3z}Vc-ofXOE3$zp6IW>+ZF=RgC}`nkd82Is#B#1BlwL6VRdBq$t=X
z!-4vb=NE!_{#k2sj6a_L=`YV8Vh#~Q*BvNU7<JM@!b6ymSIk@v4v*7Q!o^aj&7-C%
z*^qoMRbeRinn~QQMF&iX16l5}h*T6M_#4wLSyKG`pT%RJ!TkB=4B@wnt1Dp|ZazL{
za8zG#-7yD3<{eW~QkqGZp7_RXjA%$8H8+&9E+&#_E`i}}2utD>V<sLrR#``@J^pcv
ziNh7iVaO^HU0HVM3HFo*NQB}ER}IC8vazE^jEqGfs)=T`-oWu!RPDkOsQ|pM4Rnkz
zj<~sTzkh9AA4vKjl^UvdLfqy%6^2UuiBB_in&7x*q+>$~^w9zXDK4)Rf_oZWS6}k;
zbB0?0XnZ290N__1(R}zMEz7&QGMd}d9|dXQOS>A&4BSxj=)T)Kr)&15l+ThtuOm4V
zzk&_$b#gKki;v#zzG#(?V<A^7^{6xzQ@;s&+uT}X<(dX^9fLJP^225Ngf?E8=59Mr
z|K-fS*sjcW58q`XQM}3xV_`)Ia&qgWpN(*a?53vqK$Ca#?)IaSf<ul{8QSSi1~Sa<
zrNYxk>$fQ=7;gjv-iQ$hha)1Sypt?SWEB~NiI9$wD$yd?;^HQ%W}$j38pAp!Ss&U>
zIZ{vyh!BzGk(|!=QZ}m`{3F35?nl-Gv6&(#32da_Q}o6ikJz%>EPaw56N`*l?v7!@
zyqe<i^Bq?{mxjLvDYKZ7!keK0wzF;V@Bw@(Ptd#G_~DhRVVg1AP$d4!erbc@%IeHi
z%*m!X{uJTWc&P9dTDpfv7X8M^<0V`|i@sDiG3D?q+l1V%__pJ-;X96pxx*`I8Qmz!
zcf877etP0_=^9x^1vz<6)Pm8>&dzKk&h-FdLl`*h*FWkK=a*GQO#@uml4h|o3OV^k
z5?56Hwle=Kz3vFBvv`)A+ex#|@%b-!*w7<aMeX{L!_@;gN5oQoi3INkkEpIORox>D
zCc{Y^GOl;6K$W}J*1jpTp#%cOJHI)E2hgr*#q-#DTWuROgtQjyr<$umVi-i-49Hp?
zpIA%MXf(CTs04!J?2u>)$jKqN(Eapl4&(fW=A;f~I#c2{&SAAQ%UJg;4JE?^-~I%1
z%jVj47Z|^W1A@vI)yC0<frU|{4Vhl|D)@xKX?0K9*ij0<cVKctOIGvf=8lNz1)iNm
zo?6@b%irYtsB5=XT*j7oHQ(^)_Q*5@*&xVg%1-907feT-?OJ8&5A4&8wFxW(g11y2
z&-y@4A<goK|IPp5AefNHaRCIsX(j<!1CswUp`ih-%<>(KGdL#&f8+>F4Nnl<LvGXx
z0xnMs>^#{Vo@EWiUQnq4qnU2O-rnA|J@1x{l}cQ$ZA<%;-1@^(zXN<BTppK;XeAJK
zf(Fd!UgS&!qVyG<86#fLF{OYOx~FGy^9R5DVVUUc;u@Rn$YSBk99mR&ZBRjL3p7)^
z1WGUZK+oW{W@=6aL4_TRJI*6$b;OVFm#h{YLwUt5w5R6h6D`-fcx(9LdF!iv-(Vv1
z4h;?QAO_<cPc{ox8c*rYPKpSi5U!OX6~^9@b#Knsx_Z79(4V8veeAO?4!gKSmmt@+
z!(u5Zt~t~r+exMRqo#V*olNiHFQ_6EfGSe>QTKyOs9??I#KP`yPF;nO(`oG)pjVX@
z6XbAmAuS-aS_Aoy!Q3>%m8B_{Yct<v@IyV<+cBM5XBG#|&>B#rEtpSzvGn?DOXK}r
z+JajW{_=+gfWeG(_CpPmTkB8Yy*|IqDl*0AOd=GGC#T@C%mgL`qGXvi;Ru~L)Sjpj
za4m1lSn(kZSlnb`jBK|0F25Oj;>o4AgMx;NPEeZ7{PXyWY|2;h_y)sOVL*&@dR6I*
z4@5BWxwyDuZd=Y}!mL&D%Wo}Pi8V=PWLy_+uC~cp-PDaxRZI?#dN)UwG$ZySGGPSK
zN?eKGE<xa+950*J6@_X5`rh4fGlE9{K=SDPJZdh-GuwIo`D=DQPV3YFn~g!-D;wM4
z)JVs`o<X+#&HmE{Hmbo={x1LG@VhZVD^K6JJI?pUa*|k%&-Hm$Nl`+S+C5y7T!+GM
zdN#@ZD6X^-ux|ECYgtY)XXAyh9lF@j7)q;$WI^>njWeIOV*9e2a)O*ol#MZI$ZkL$
z0YLZjs_dC{XJ6O4h+JdcgX;Rq<|<y}OwvfaM&(Fg9`4oI8!31?iMMs)R&G-{Bnm{1
z2=-y!^2Fq2t{09RYIV*UYR2@1y-C>6mj+t`i@BGHnd)`oasXB{=d_h%Lqxy5?6*lG
z+DkM$@ePAb-S2zNKEB|$!TcC5t5F?E4-4RZoy8P0ZtG;X0<TJ4e#Rh|pASSKR9X=F
z?<qQWd?^?zu@{G(P4v{GO!U+lZ_hy{UJ?(MHa?1etr=g7oTxYULQO~hyIbAHh9PfC
zK`m!T+zF=WrGG^Dl+#@_NoxQVcH{DPYb39Lh<~u^kLcoqz;mt?2;gn1g$!*d;*pcC
zMt4tK((@E&P68dvj^2He3%|2#k;MVj{{2Z&qI-wS+YSda=RtQr+5B!P)>=cF$2->w
z?ST!W+w)Oymr+stDte+RPn!LTSa2C`w$C>N)pe~AQ1|Y)?P@J{ia&J<G;l@jMX*@y
z*H59?UwLG*7c{pDB)Putzq!SCJucp$K8cinR#-Xduzg~2Wj0?Fdl*QN>B=R>Iojz)
z_KH^V8ppHb3QR2h1)>>23W^LnwBvtj{z?#C>Bu<+MaUFmsoo^no*IR?vm9V51i8X=
z;N5N&i}b7SUt7RLxdD7&`eX)3(Rp>c@|DUm7;tQ5CL69h1Pr%J31Q(MclSAf>JcD+
zOb2MR5CCv-4Y+RBdU}rl51;Y<J2#2*$>AYQ@q9Fzzb_o7Eyh$?*7(vlS3JDt@t0GE
zc-~x|WGw)=_CA`};3q)?EO9EIt<}!T%Da0ahIXKa<9mM`cnXRt7*f%l+gkoU#u$e=
zh>9?e=aV}Hk?<7q=h`CJ;ZZ{h6SY&*HVnUCrc>*8|1Py762g%pu55}wHy^C$KY`_c
zg$^Kkw)^A0AU$BOlcpquc6tnl7H*RSn{r~j`1W#R2>+_`ji$fjE$24XLKb=Gor2F$
zKdgwxix)3OlixoY60}gdKilPgP3IV%NkPO4n`cYjDDMp_sQyL|RY*+PtT&QteN6q0
zzJS81{!uuefhLAy=b+}%53ei<<c;Bs2XJt;1t>k*+}sbaWC~KWJM6M`^W;kdFp7is
zwj#)+pUtoIF?DrhMK?A8=K~>%6AVhU6ji@><3V)b_o3R|@mMWWu1J5(yNB~`rBU%-
z|4~&aoLgZ_!1?YB5GPFxPFk(-SS{~f`hoJo!s3wLVHnzi!dfIVu)*4;36lXZ?x6AW
z@eOW{WVPB$oXAndb4d{KFKi7~X}Db;z^{9P2_m3=)Mm3JS3{KHfx3INN)}vJR%Tr4
zdb<FmAW3bk#OmdYaG&iaBYRoC*U<?tE@tWc*cU5cAXI-oe?40L0eR}tF^By@a`~hZ
z(DEQvulIOA0FU0ArB){jKjU{%J@Qk^M15yfrj~g28s@Q~r?mpq-mqtx-HA(;zKm3H
zcZ!5nx~n!<X^#mn(&CV{ev&+K=Pef3k+eDeKLbLPGi4P&=4J-KBvBQA(o~N8oHS2#
z7Tf*Xj`kr1?Fq?Acj7+9F+;R0Qx42d_R8?fg+h1~^TWjQRK-FqO;V}c&#DMfE^Mw?
za}6yEMeXh^+j{<9w=fkb`}fA-IPH@ayYbfk#%5+Br*RiOhYsZ`OxT@=$U(COf-br8
zB2^0K`y437g+n&D;=M8WY!T#YpSu+(g$qqzlqy*^3s?4bqP=D*HrgENF!QmJIR6Q=
zu2zevgTtOrKFbegNA@_5sqwrRZ(USXjiCLXVD7BWVlq)lu(YZwGPBqWv)0<+ht~~z
zpP&#{no;HVR2ro1$1NO#+C=Dt-Bm9i60l)(OkQ+blaYu|_}vK;zDKBJ?<pVKr1H29
z>Oy9l_J<#fAsB}g9%emSUGI}Q#0>HDwQH-0G<oZER4@}=9nY)(Q*8QZSs}JE{=f|H
zjB{w+ZqqT4IO^iY-vLEj0l~1X0m%;Pd8>(V7Qp@HT(0A{u4*tE{5b5-I0n+r*}!}|
zD<0IMn@c5i6uOdC8WN54{+vA%;~BJzFmAoMea$f94_EUQ)M2CCSaJu@Zd;@4?>@WK
z`F4CfZ*Mai4MBTWvzr#|R1UBfmg@2HUz?LgdZQml7*7QiEx6>4;U$qW=*m@oy%?}V
zCf@oYZ=ZM4(&1My4L{M=rz>ymaRKfK=(ar0CU+{0<ZFeBBqD>=BDA~1D=O?sUd<}g
zPL9(YWtpbC?7{1Di>-IUl6~Gpv7kj#K#7eM)PgHb-Dq(`%u#J4R=;lPV>J*}PbQ1!
zq{pP>s&z|h@y#saFkSsqUm|a1C8M>7&zp`wtT0)*@PC!$KaW9*!G@Ku;eXF}d?Ei;
z3^vVaqPE6$W*YX>6<Oh)y6KT~Hl4zyli&9<=c)PFuUOV%+>85tiSNae7dv!WHA*Hp
zqN7^Zdo%ml0T<@JetxNT3oe_};wnA%!WKilrpX}eC-D5*ZU|TxMU+`rXn}{-ZV$)+
zz`~xw%e5mwmfH6GBrG;1Qz8l1lo4G*L363<>vNS?T0K_x*9&a1hoioLS3<HUlJ&4z
zAGeU%VhP&A*O1#M3;y9|qmts|mAKfwy}fWj#Sfw%e2~VGvDxhpc;cgZD<x*dFI~mr
z?`ucMe;$%3wR6X(_mWZW`4&4{e_3kNlN5%OaX-BOw~R{>AhVvgOddVcXo5+hR;!p$
z5af1pNF-ZT*uNFYDTAu1P&bl!%Z*ND$WNoHTZxD?`4s8BaEk?Q{PktlCSji2bQZQ;
zUS`>6-TdKiSZo_b{O~9I#;754G;yV*F5=Zx^7%&?$b^=HU4dPAU4T~%qU(0LOp4^`
zCTbl}?y<cRu0S&U#?H@yO1e))<^t~r+JpcseDJq#thfqGtpC(iD&#vAzn@>CyPwEU
zzpRoPz6tJJ`GD*>c@Pq+YpxSw02*Ycm(KG67napuoD5w&=>=wIXAMrGEqM60^~;IS
zS_<#4&8`3{3go#&ZLO`tOfrqa(zBPphEh!uUiBzu%`hgW+K_4NEuWWhBH~4>w&%X?
zV{_af?Yp+AY6QjZcDTjG5f8nUpBG1qZ(InFG=I!;8C9f8XWX=?gZ||6ga?XUBF?G}
zCy2YVj*J$S?^!Fh*I%$UD2VvcJZE(ZIb8X`-gjY(KUaVEJ=rg+3f_gWI-|>m?D^My
zfkC^lyUdP~L*d9DLtQLP&#@;G-yE+o5-&fi6zGyCLH0&7A(hIrjX>5j8g8G}xAKHI
z7^8E>3WFJWE=qW0Zv;$Ha#}{z(Pm~D8%1h6+Zh2?d{8ujmz!?jZ9ILANfzn=yY$-l
zno5SG*N6BjfrO4Y%f9$s#$x+nOS#+7K4IR3eHA8Zk@}1d3p|2^iE18|UY-vHOb{Ls
zf`m&VYcm=Od_)0GSpY0@4NeWsRNrY~4VP50Fk((X%7NQUWCG7Xhj`U+yuP7m27a-}
zAs=ZBj^E>xRHex*;l(hn!Le{$<h6ZihxznlDbb;9WAAYRgIZynyk=@xabzcD{_ako
zn-|%!gY`Y7Nem-@^{i{YP7M3qT?hLmX6I-NA|Yn#e`rHWsUNO#8VTIinWG5=W&Azc
z=^-E_GJuX2wW_xCYHQUIM?%T+_*?-bPN>vH{n77rKkIJ{rpOklyTshj*)72O3)DT|
zGKX2{Z8Bf{ib73_%848q42I(f!vOR*Rm1g8iDVdiYI-sGz59t4F*v|hYrUv@(D1?*
zW8T=dBj*L*ZcZn(3^*u3#V+&JXwkxFuV+I_UsQo`L?6)hvh8zFZP#op&TJ`s75KQV
z6c3($!L_a-Un^I_#;Mv;euSHy1!`EXq}aI=Eq78`%MeOMES#y>Gn)p8(!z+*9bqR=
zKGuIoWmalujuI(t*<C~A6PF?-6|`YGNTKQ5RsQP7#}qtwH5R9*BJar!>)+*1C|Z36
znBi-H8CFYvy8JS#G@6qACZ+tOir@LX?6e`B=Xi}G+reM{b;v9Dk;13j?mZsKhk$uc
zAnu;_SfM*%rWzas_m$bWqjkZ$v)$Fx0Du2Dl=PhIsajqCFW-mfIIvv?cX=;^c>sZ+
z?&-n7(^{O_*JazAra)@#IMg!Z2J{|sy5htbQn}G$7wR3{BdJtA$%c0&klv(uQise{
z+B)oWXf95ReCwc+@W{5B8K)?BJQa3Pmj-m@a<%ToP@5F_K?G>TM~|@c6fn+~Rch%=
zFpX`0^hV~6ektHCjcBtmns}|4Bs;Op439s>P+nFRhSGJc-j{ePvShd!ODWSXp*ZL4
z?T2<cbl!tEAo4IuKe5=fk4L!Tr+<OIE1hm>BS7n@+&Pu$I^<I3U)0pHy^80Gn@CE2
zZuD(C&gC2s(IpVAHs|wRQ;js&IGyaGYHF>dDPA2<Bxo6H?w0Vm;*O8`Vrgq94hk&t
zL{lIUqD~6q56n!psmtt|N=Bp5C$ih}hMAFuOrMh77IPQz$91o)+#G4bRnopPKYUT3
z>`eVZB+%2pR_3^hG}!I3d6+e2m<W3cZuu~cDLtE-{++a%4!!!|NX#@`k1xOT5eAr3
zP`3%Mywkq1%9k1`mAwsoDLXjAPv@OHqgk%<lojEfWk|s@^)m4fTUQnwG5>UYPlscZ
zq=_;F6%?3W<IZyxnidW_ZUMHz%^;oGA+qM`R_)^GZv}fCFTXAwvoT6_p62=H=?}LV
zji(&-ExcS})^p*6f4#5PDAX}dnI`z-{N!>=D67a7WgJOkuco$F@n&oB)>?nlS(~3W
zsK7M}lzRN+@;;nV?m@7~F3I%FWxDRbWcq2S<hCyot=)TfS@^uUl9P}1JUxFr$US~9
z5fc?orn^x4ysPK~d?0Z!SJTuLUeQ7{aTuH21s53YcU!;V8)I#dC|pvOhlQ1RI}%fH
zpWZo)UDdTM^_jGCkK5GKUw^Gxmxw7p^O&v5To!xSpR4Zp%xqXyFG2Fg>nEr}B9`1O
zZ%4*iFDArOmwYtfGMu#fyfZL)Q}ewdnCY@<Dz^Tn8wp-)?900O_NWwVgTo_!Zw$D&
zF`I}B39f-q9;f*xpf1w2|1sm4;NN5nu^7TBqrBb!m!&575`qAk;s7YCKa+;z??jC!
zi$hQzAB~$LqXmL{{!?)enBsfM)YQ>~+5i6i`(ZIU|LD;a(26@b?3nZ19<g7{JtPJk
zh6<(CLLqo3Km<kzy=Uj8c~>Ywx#cRHiwqjw+2)ACY;b?p0Kmy-EAl==K*%~@*w5V;
z@jclXatB(JL}9+3z9gC-h50&7;fTcJiKmL|wg64tAfWFG*IX@$LnMa`f3{1&iTI|e
zSEtdBW!2Jv$l|pR5kGfHWT&ZEL%lkjOsHX4b-=;``MWMc(6X|T!lEsumg11G-R{jy
zlhMYNntN*j_<@hC*}uPcQdcBxOJ%*gS=#m_Qz()QC>DrUg7W|2;)jYZKcyuG2OFm1
zU+U`WvzV*MrIIU7O5Ds>xdx#|R*EQi<%mLzGdtu3r@5l56|#}{lpOK=?2Hh=J{{Xr
z-z-jF0vu@0+oYnr3uVedA5R960(>`D1eWs-o~PD(#z&D4DHwuIHYVB`iBPFxl2Y-K
zB!7w(Z2w%jva{{OpDo&M)!kuaJ(4;?YY*L~V^}ri>D`nX^j-3RUsciCa~3t|j3M)8
z-cRtTrl~@y^zv*)5<dRR1t24IfWIlglHrnGkyxNcc|=lp&0!^>Xb|w!|ASFfj;RJ1
z>;>2m5&5U_Ti;{`zpMMyU~#Z-<XqgmKsF6e%50Vf682U4sByD3T}nPsO3(C#g`#Jn
zPqxtuqgu?KysoAcpH&BgjK02^a%nK#T9r^68<9a;Z@u6ZMyoRX*IRdK4W|VZ4eU^$
ztk9r2>+Q}X`V-W?9#7UJw5~@Xwh4H9OUY&zLsKo~z_xe=z0+8bE`_~+s}%+MN9P6$
zZcdx^_LC1D{%$Y;?wfqb1vy^5t@wvfM+d@rqil<<N%Lozt&RZ}8SBj(kJF~d%@Oeh
z)`InB3vSJ07O${?NaZYwn*px&(MnM^&*KEPJVc8!hvm#b>#I=`65^G(&gYnnDDwW+
zdjo*TmfsCdgicseMNH>#6fh{Zij_%jeyR*Ew*IbNmP|7N--8CQZe!ZT+pUkDoFS{g
zlgQ`40_knE;dnkt{`XCC&39;onI7+@@tOh9NT$sXb=7hTYcG-_&NFW<tl3cNy{1hL
zE6_z3^s86Yr?FfSYWRqo!-;B(NJ#q5T=d(61!pj85>p=DiH6(<YfKZu-vPwL(U<t<
zuK72K%AO)eTrNd(LW8kf3ux~XmZU+EtC!S-qM{2(gP6Z)$UYN1eT7V@to7z3#uCby
z!v1G6?oySkx>%YgJo;c^0vo-9(0?J-|2KdM`EN+IuwxS4x}D}CRTW}LAYvi=GI^;X
zCMKp<$-;6+$!MD3xlRW)ffijv(H=F6#SBo}%mJPAEy8lu>UZims>o!xZg)3dJBUF#
zULC4?(wX|bM7zVs#-JeI`LGS0r+!k1>V+&*BSpS&v0MU(V7iP!v;r6vGk_q4hzQ44
zV+1oic3N7Rhd(zuZvC?i(>YE_zZDu5m=6}Vc6M1M+U;;6AKK_$a*>_imV7)eYC_vA
z3)_;(37?%OIW>oV*cNE@aB+B6-nlUvInn3%WPYyhUAQmIUOdp>^44E7djy6e5Psku
zC-o><JVqq^)TY)J3$Ztd91Vt56qcvcKCp?Nh0~j4^!vU~Q^N#DDSZJf+P(jgB_#)Z
zKzuz%{C@~^9zaDx_<&X?EeHMp(}f+eIUJt>9~#SOHqXaqtGKp#0q`_3AgUq8`I%~c
zANOV&6mx_Zu_jbV@0c6)L&Se(_G<u1Uqoa|>J3sBi@1aYtmhcC9^H`?f@f!ErMIAE
z4TKeaV;d(q76h?f-th;JAILnZEVt!WRJvJRPa2zwW%kE*=u1pYJPNu&;Ew~tP{1Fz
zjRJkqr3!ONc;vBdnIe^uLw~-_Vcl$vCf8vsjc;#QPUI$`W^?7p`0r1%b-F^WfspW`
z?G?TYi(sgB@GQGx^;CtCf&nh5vr8>7)qT-|4<SF&$=pib8<}m8Irpx%LAF0@R@1{>
z6s8lzGx8=OIF?mZtH*jpoToPsA~W)=neX|Fybll-8AJ2pSQ$<k3c%ScTA>zA4l&;i
za2sU{etG)Kl>d<e;)Wpv;(ajlZ$$s4`}_b-KcO#CpC@F2qu0WoVj)J5DSYvIfpsP<
z=?s{1t=D>U6lmpzVR8Ug-kPm95<zKDkCa}2Fj!ShZ6gMe_VMG#z6|j+#i9DS1trdv
zZ@UUpl{x`~kczgPbbJTi50LI6*Xe&kS^`6xB&4LIZM!nv-xa;d=kpayLUmehz)FR_
z6V!IWL4fYXO@4~(k3ym)ZsigOnjYQEKzZw(JQl!wRNemkIA-SltnMO+>&}B64kekW
zS@;x8vGf%mx3&U91OLjQbIb3sSsYN(FNlH+_LIsgJca&d29Tr54FgdxgqeCO`sj~G
z#2EuP2vLSoS%!o2<Fxgq1(5se)cqO^l#oM+sV~(U`T%nOm7X6b8u(wpbdSunty!4e
zVl!F{|IY%I@=v>lxT<W%A$N4rkkQ=?J2tyah+a>l%k{I&cCAJXI@eIsXdsv>nB+V>
zm;8bje9utGHVivU8oq^GpR?b8)E_@7_~#Y=pa0VmfkY?Ia)H6B5UT7iGk>wbFRwkJ
z6y2$LS=x34bTwK(qXXuV3I5L%=r1rC;{m$`2`z2tT3?(X09cPpWZ54sjh5+ALAnnP
zpk<T>+{Z=_5}-~K!T@b&nReI;X+c2BhDBvAH0R(x{V!DHF9F%FA7bLbfsS#yr*`@s
z3l)F*^;OOnyD<vm0mDLy9U`^+cLc5*p$y@O;VNf93kB+xLM5r*-cP0`Cp&3vUD#c3
znBks29h~3?;*vPJkR8Av8WqNZEJyu!T$}ahhW|qM{>WJU<7;(H!P7qN-L~xf#;tsh
z{S|i2dH)W(em(wkSQzr@_C(Mmhb<_+1fH3TR9C9kTEp&6m38Q|K-zZyZ};FSGTnNk
z=D+N&eBjbNBmd|RW=XlKE&JmpO4A`+aooAE#WQO_AS0yCiL-Pd%zJ5R8StkEP^!Tt
z0|l-0S}uCPHfIl50b8TU5k<J5Ky6#`EALf;%m(Zqll)JX3o!?rWiYHmv%HV==}+As
z=VLtBgZ7$q1xj+lW-Tqp1d)v=zdntF3_v_I$R_fHv80fh5-4v`>tU_j|Jz;~KnyV!
zDfQ8xu=a}r-_Mb&Kn8rZMmLE}Bf0$iE(w#R?_JBKAG&TH(~Ifd*70UWY!is3puYPE
z2^h$j`%3tJefmo)WE(}HH&1XLyifdw$DH0V<-z&?wC8_*Lks_KRlsS*|GF?ncRrfv
zkCXa*3cmm0*dCBU1FVkIbT88WIlnqjA-nEl(rFn6$!;^o`+rPNB(2U*DkA>*=>M9@
zJ6^EDIuBA_{aI9;7H~fwj+s9G|M!>0{y+WYKh#fUmr;2as_pqJ{4^wms?;i7r6r>O
zEHD{l0y!e-0h%%=v;k}JueUHusY0*)%QN$riV*U{muDi}H3PY`c74UjZLR+<B@WUT
zz``cQ7@{!R;cdCn8Inz}+m$7eG#t1+;rrNbAQ2;Kj$}fFWSeGt^yvH;Sv8S2TEBpZ
zdz>Yr<mEq`H40XPhM`=NDFYfuXe6Z6_Qg1uAZ^r;{5w+lzgAcZ2fPrOhp&>ZV9AT$
z)>8Zy%8z=eCl7IIwUW+gF-RL*Msm;uU^oWdAsji3mdZHr|5#-n#Deqo54M%C!F%uh
zdhdJ3d6!qHf41j;pQertJdy^sQ@~$lmtaPysWMo9-)5cEvNHIZn!1=Vr44sUKcA;r
z>&=Qwbgncn!?y|W`IT7VAw(}_C$Qhz{xO|bkTtiU>=eU%_;lF%CO^TwqKM06AFuqc
zFa6&&?-k^(8G7OG8)LRlt^MasZK248bu6^L0muX3N0v^HeodIq3+N4DIK+g4Q~8i<
z`J@Y@q(|)Jv*95)J*7qV_SgUHmo((4%R=#<q9A?75%cbvW>LJpk~#VGp5XW2{-38m
zMC{~&4#(UD#-1Y9CjEQMzxzEU-iudLRqYz<V~`_5fPbELa8Ueij@in)`&2rYbpR?t
zDVo?=diY4!f7P%Qn4kV^rVg57ehC3Fdgr(!)GO`ZI+tJaCBWCoZ|W%0_C!qI%vNE0
zVx)1uZNIPi+d}`(FJ+$q9e$nP?J_aJf*$Z6V#*wXWJNI@E8n+o->&@p8JtR)nwm<?
z%p5)GO;=~ms7n#TCIc2^)B-IRS`&{Pyv+!P$UiKdLL`veMi}l?n)kt1dMpZ~^^d#T
z5`9iEHoqPE|C$0f4jH1PX*q9nG^#DK(VxZIeitm}^Rf)Ss-Ilk+QJqWT|pttG(qX}
ztG9&Y1OgsShy+Kt25g_ZPeUt)JRvL{Mr`XP>i@hPghw(SCK7n5*l)QNR>fzhDoYKX
zod1`n<0Jp`^bk8(tG~Tip>Lnn<B3VvI%C4#V7=*rU?-+lLdBMsmq=JyWAW1PHVt^b
z_Bs)s_;mTctVy+Oc!#Mp1pmiB{HBKceV>^?JlpQAi&~yLj+o&5FZ<A#xJFq1AGy-M
z-tGG~Uh=HIH}#>-?t}KfZbOI)YG*v=v7a$JP0sf-B&Fc!fD}F#bnyP1Ey8%k(NFz-
z<t=lyWB$1a48bFF4R8R~9dh=|f1UjkN3Im?|8w{MS?*5q-zFJ})x!RFnL_b#9{Z6?
zh~`V`!28}%84UEn%#lrqz&uuBe*}TN^e$yFM?U$5cKa9rxvsKts0tttMEdnWSDF2^
zBUIAhIu%Ya3svVgk5y~=&i9`f9fkaUs511<8{@75pEy-nYsF{$vw^`D5?m68Ck#U)
z)mhg2r49>^Z5?(y`)1_M&|QhXYBg(<!wnSpuuZW{cG6q~71{MKe6VE~Ddd{^A@!g9
zm-}bLKlXGXY_5&?=Y_wB3USw{cYDZ4jD+9b-soJf_Mr9PtFmOl621O2&$9;F?^<h<
zS-p%Rz>%<h+I^Gna+^6{g-j$yNL9om;Lpq3vT=2qS8o0T$}hlKr(E3elkNXOv}kLB
z>hdK?&X^7j7HU&CnL7tcw#kWOYJH4%Vq;?~jdp%B?^`&BpsgRAf2v#Kl>T_M`dy;z
zx;ty>Zit-V=JcY`r_(Uiv>lc*nKpUU9G%^lSGfa8oLQ^*@*5+Wc#*12IW!^vCHOxu
zge7L0#uat0n5Frve8|0qo2*Kun~0G$AbMIDA4NrE=@14kZ|uU2$I!IT{u|{IuA?Ah
zia~^3#_|+m^4+1pt(4FIUD?z3F+6G}yThB%*<LW~ih^R#D?^kd_`Z94CACW=-UmH$
zz*Ma%lzAq182FjWnO|lt*034&l91HIbgupb-6zqk;$lgH9=wkKon<!-p((Y@`WY2r
zhi>%fVGm+)I`zIB(Cs;9ku2!1=xh^l;((wd`_WI}{)JM;gnYJ4!)k8rt#<m$6#V&n
z9u9cT2EP*8;a83d{XL#<yYh%YGHPH&jgBZp_64xw4-TfZNYD0pJ$D-^)fJIZ#YP48
z4Q8Q@Pzli}_Cx?BTj(q^8lifly}V3Ep1G8zO-~Wz_57W9qWTkr<4xoYfGy0J{I-P?
zz{bYP>eZNZRgnK_|Dy!IA4&#5XobYZ^|!5qv<fm6BxVyvd5Jil@f`mmBM@8J{WHT$
zV##6mEjMWm%G>TQdDh0eG#LBzIgfM)BHZzK@eP)%;(B?s4K%eD;pSyecXPvgD5K(&
zmb|8GlIb!OqxFBB#yx%>_-}OZ0D3s#pVhDy^#7L!trQ3aIg<F36SegWs)(xMdiZ*J
zgN#qhGW#i1%;)bwb|hOiXSm$qm~gs8+q(+`C{TIT+FS>N_yRYdurQs$NIov#|JVM%
zhwMLCo38fu_K(QBzyo&i6Tt!Ce!QuAU4D*Cb}<3~f29!xVaw=ua)`x*`k+%vVe@;C
ze8^+x3C^6c{pItSPS+GXd_zK{=#$+v#2AQ(h+fm#Le*3=kBnr&p0uq$A_nu?GDIB6
zV6g%T|1OsKsci<+HA9F<)5ShNYsF!CKo#bkmoe53@r^jMNkU^EIejD=AtUx=Ks>uO
z!kH?IeT29%Gf6(tcskFWItdztjquZZUi?2t9};I-6aDh3G;>3#ynlZGg`5ZC67YIH
z9MaOGA^SVSYHIm)rQki)fr9$QAZJ?x(TqnyM~_+w0Q^Z3kZ}qixG)k*;5PJ&K@Qs!
zxZ9XGNcSmlH@2Vv3qlmPwDTXLxG~vNO6h=jwK<X_Dd@TC*U2QjO9YTGh5T2Ta=*&P
zgDD~$-N^u&M)(!3+Z0n9=QURP3yt^XSoJ~xX`b|&$svp#9xeUmEvrbOrsksc?G?jx
z@tv7pU?7A3L`{#=O2`6l(*ClHsA7;!y52zI&=j5C$))g$tt4c^T=awCx3z$xz3+W}
z3Cb0wVvpe+VaY-$d3-Kqs|#Ob87UMEgD&-ES6Ii^7R({QJ?03H<;s?4BLMbTzteWf
zp9S0y;yjR63Bs{Gf9)GksK$k3XJ_YU|LT37d|^7^xC%{b;&O08&&=)=v<CX8S5CLA
zaE*GzoDveQYyC~&49XTI_D@fbo2ZaDRT|6YNb8a+<)Q%mu|E$F&&EYbTDj9XrFPH6
z%Hg>hx`p_~<>gRXr_l8AzG>KcTqf>Iu*RQ|KPq%mJgExb9Wdq)S+|RiI+Slw4t39a
z<f)2~l28`rdS5!$mMZ5LD)W%2JCXyFqxRm1a`!n7o0CfJNWr(A{m$Gp>)iu}wBz!w
z1b^X1DdB2uTf!%Hg1Ds40wG}7?ydr{mK551Ac=!%`kSY(L;TTT34`F~S{Jv{dLY8Q
zPy{s%$GDlbW#{kdvR|OBPU_$HW;DeQzQ5;__7&tDx{LKJjU1w%<0bmLk)^k_E`oG2
zo*Ab2H59hZ{s-I2%JPqQNhnw*EdER%9s<po67sjSI_A=2C%Qn1IOYC!UkzYaG6zIR
zUm_uiqf@FT1GQ>@%<gd$0&)`ZqP+ayoMM(-3i*oSdGfF$)nLNwE4YSP5o;``grxAW
zr%;c_MAk`gap!-sA5tpE$9wYgYmcKmCsnb4fi|e^tAd0Dt}@sUyI_$4jU_*a(`jU1
zmDvKAe^u5QM4fP`vO@2UV=8)&p;!FfY^^sby;DL>vv<-$x-+X^g!C;UBDYLqqOoM#
z>|w;WtqC)3EY?Qe7tNj(C5W$I3pd@e#!+f8Qa(5b>OvCN&V=Lp`uQvgtTukGcLrWk
z7OAoKK)=g_y2R@}_Rc4#ezUU8lTDe}(vzjA$V(=(`LFXx6Ps@)Upl(OJWsE%>f_^I
z0-R*@PUBR*Wel5{VsZY**=3yjzj?yaW=|pzA(al~hip$&4B2W6cHAjmz&w4A>-{N-
ziNMy^`Fsg$`Z&wtJ?q4=+ep$4<~7ERydKTs>TOhxY=X3EpeQUdd?cmN7@I6XU44yi
zLn~Df&)cDShkL2fM=ecivIZKSP<M5FA-GgM(qy8d+gHc~=mvjW3B<(&{7Ne{wc2Me
zd!PQvdT_K6B@3fy+l|%d$WOpUT=b3<Ow8rs2ZfZfKWsEm9_<iRRI3qb>Q6jXZuQMU
zB|ORmt?Pv8atD87lfZ>y>PibKsgP#U<tRiDryRdN2K*1=w^uHNdc}YY0~bf_=(V1E
z3f*fEaeq)2B3JJYG6wLoS2XW^UJiV)NG)j~CHL^%*}?$hJ=W?#9WGN_^VdyAwSY7o
zt^6u#GJ<XbROw!xVjt8Pmm95%D_5I0W<HXTpnA=v`SoUJ2?}ip@It1t*H}SHVvZ%k
zA3x%Vz2Xwbr^P(D<kk{#5jMBBMls#B>eA8AUTh(VqEt_=v2v5i?a@|lUw`3;LLv;h
z7Kr2ZCc185oCd|3Em&1m&1039>h@+IuE#TsP>j0xMzP)=cFBe~wLMRv$metcZ6d#N
z_z1hMW$pV?>*k1Su*Io=bJFpo+F6T_p!M#RTz3o|`sGz*=4{Qb&MA&2h2`ud&1OGU
z!Lb5hQ|Vrj(cC2eIn3|(%@=8$2wrlrng66mt@tD7?tFzzlK2~k-*l-iXUFRUs}(m5
zb#|u?J|J38r~0zPQYw>G#M&)Bw)DfR0aMyF$=P~a76(hw`TIt)>AdM^wHf~Hx{kdh
zGe<RsaHWHBr%1I-e+Zd(V?wPN0bP)lsUc%B#+1+1o7Co1V%c)QuY_Y;lFuIf%9bs_
zws)3<+?z`#HkLh8J~}$`G%g+*?yuhfKhUCpq6v_az%W#y#`t4gU!L(n?kR2=M*^9l
zI!pDE*z5ypMNwyhQ5qjP#NsNuWc6m{1i>#~i^Ssf!RRqVTnp1@HrpMc43Vf5(0G9d
z^W9mQEL+Oaz&oJ9#CO$I*=ph~eAboH+GA(UQ`<?5nWK+`^K=mo4lBz;EcF<=b+RKa
z3Zt8vfoIAF10LrCDS*kIr#>ZvU*=YK%o!3K8~qN57W}9wX=(j>0rL*ok^oST-y29^
z6I_tEmFEhNQowzEw<>g46E3)Rd(m<Z3e5&C4ojUrA!#{4^a%w!iMzqkRzlU7K4JWj
zYj-3FkhKtAb2=QQmy2dsCw!7pyML$=oQFtasaS4~yE|K>)*cZ>sa7i;#<URL1&VFM
z!vt<5{3}aKJiK1d(x93f82op<o@4PKy!F`VVM#q$zW_Jr=KW5>6K9k*^bU>B9)rC5
zSUme;!QbE%-#;e*jPjlvnt!vw7YeTpDwUX@wNs;3I3hE7*okgb@)0hq$Af!^vi=gM
z8WBo`(7Kt01DYzf(>^=fmY+9!4J0z0SsU5JjRc^}x$ppEK6anTjgusCg0Ekp3&XW=
z+KfW<&HW}3%s{A#x|2JQqazi227j&KM;6gAo<t6f#jX?0AJDZ}Pb3zrulD>L+;XOb
z2cr8~ByzDpUTamo)>#!EQ=@>Np<9WaD1pm7@r57aK&A99laWk{Uu^Zw<bH?#er|`l
z+SCl5lbUQ7U<Fh5&y`KJg;iSZO{6Q=yVO8C)MUj~HXg0O)$J~HNS$NU!&GComa@@1
zr^^9KP@PkkGYnAw85w*4rOwZd1yb=1xgIF(zlK@w^Ld)eA>>1sR=0MLuZRb_{}<3w
zfVX+3^%{zVLj0thIs~0oMCj>r40aDwxDxTAb4Nl0lS{;!FHd<D^7UyJHwlUkZjkxG
zun?G%x=#VxRqrOzt4v0-L!OCrnk;*)$K@#$4g-h^kdZBr(bp%gFupA9y<3esh3F*b
zs#Lv=0I}-PN*6D<o-(zYw|gbHZu#u?=NahjG71{;Tbz$!<Cd2^^iOGTueOUAO~$KM
zjd-u2?Jb__y{LHgGSrh)Hk-I^F*smxaq-A;rgFgm2sRzP=IRys4#wU`b7W+u{KlRk
ze4mTfXT`Sl(n@7W@oOwLFA3!dh?etmSgU;aFz2LgxD3r7GcE0{cQu_Xb=PxfgK3_)
z1ox?Rvwa(dW@bH4UkQ%WXRAF)LCnVMpeN#ywYBY)Qfs{{0N6qz9l&U1##o;G>+Vyg
z{-@ijSZ?4ZZKl)WthJ+xgn6+cf`lYMW1lx}lI?J;ml4x+f5+y+wXM?7MQ=WcNUBtt
zju;{choptQxX3szIbVG!Gg_&}7Q<w>_h!1>!aYUxaJ^Te-9;3TNzjFFd%F0eQ>6kB
z%`3>$4y?vp8>kOKTLtm$RMT+WI}U?yNe3~LR9-@6vHPbxro>f^AChn%jpa*)6~aAS
zPjRnolN>iO2We(7EwpU)`s9Y<)j|i^=Hl%W7~b4^NtPdy{Sv3nex>jOJ|#3I<(9Lg
zes$=2`q;`;;koP@N^4m2_8u?txjqtC*(?W856N@=7v+w4fDN^kjMdC{uO!n8+5`WT
zgT6OFkGgg>G&s7M1#u8kx_9vHYfvg~_(Mxe$49?u=2H)YMW#m}+nsJ$Ja}2s5pOrY
zNyz_YJaB1gZv-?$H{;AcDWZ2>D_0mw0Uu#fxjJa;c6*8*h<%^){^MlwdtM8lIfcq3
zCNoN);v0^_tBmmdYa59Sp@;-)Zf`_oZV-eGl4<dM7=Q5iCWtCPp7d!kXN_(fug68&
z-ezmmSKajzRYYYQp3^vqPVbuy<DQrR#CkwLE9EP_N`fQz;4uu0vWM4>!FF$#Hj2%9
z<)W`-GhhG80$mkeA-sey4PLrFVK+HDiDj)5lb84#)TI|g-b%>8j=F!_(d|EWbao|o
zdE@CXp0E&EwLM;#(dLhyn`)l~%x1|(D<Wj_Lc`@Y@Y!;2N~re>44pCMYbb#hfj}UW
z8l%;5X5z&<(s-fl=)rDvMIZQ<V_34C3AEPJaCyCZZcKP4nR|pMvoAW}G<ATu;Znu=
z?Ys&WYqzt+KUQL~I>6;mHR9v;T_xl05sZKFXbNrBgwsCIB3nc2QCa*!@$`cHOJs{m
zCw1>cOW}x_#%ulw_8h!1IGKX+ij^B<2T@}do^lCvzO(794{=^_3S-Sb7HS;5n<Wf2
z^hKV&^6-TndXMpMO+Py9Gb^Ze4aIK<DgA8;y%Xo&je1$Mslo6T9vP{7s!1NL?2r_S
zgh2cRfP?{ceYV~HdE26Ov1-=FhW;iCH8ruM{cx8A`KzUJn{6~)YUekZ!N-%BI91Q#
z;FeVUka&_0dKQ<GSs$%-hVc6ML+RXs_MQI0&kpZ-M+;o1Pb*i>iak#jei)2Mt1tc#
z47@&Ha2qMs<kjW6X^E(uop)>mBAnKzTd2ZRJe_OZ5k0h&PEW360nlH3d>46ntlq)O
zaV;h@_5K8pUek4I4(wQlpm3umLLi8&E8oJL6XJig)l5CL)a#A+ghQni&lyQany=p*
z_Qijq!z?LRBy=c=v_!|ZmcZ&d`BRQY<3}^75}7JR^z`m9Abq9Z^`&8ZQZ}G*J70V!
z+sq8oYJ(9NndNq|l_)YGa){SD7SvGn3DIpI9d(IaJP~o+qNy-|%jHTGP8gF9G!9aM
z2!Ms%2jN@}CsB5{Md$j;9O;ZopCe-j6wv^;1XhXR8MWGOSB@V8a@VKLtw3>aWV+(;
z+_FHWNuZ72$5ebIQ{0PMD)c)7;(-ekRgm$AFF(G}-W*5nSGLDV-dSE|n_kz_E<}RS
z)w4rZYn(^Td{1yv;Qq7C0sm~X4t&t&-?}HWDA?vVray^Lu|eFXz4XAt@+{1zjlMpZ
zTi6G=K`xrvW{ZAv%qz+O<dr8=dPz$4nBzqnNsgym6#V{gq-zw4&VBf8NL^@l;Yp>-
zv+GyQTbKEWIU|^z7wh)VP;diyb<n&IRm$~4>c{=zS=<{)T`yPBfyN7}(tNoA-J)lS
z|C^|W6ql1BZ?q!c!t&MrEYTQYuz6AH<BY}^ftlh7q#Y~RVzKlo0Q3wO$HHg)CJ+dS
zdX&x^k*ve(IRItG0LL?Di8BVXd3F#xe@W4pjfV734=1?Zsk|UnR75^~!&R>VhayLT
zMxOa0!E3T*^Y*&^AO(X~Csiv&S7*%XJ~7h=b3&GG#08X2C~BryqFwIJ)NfinEI>gi
zMSZCUJ)Y5IRtV7dGg`})ND~+?6h6}JDReMkKvABv=TThWx)6?D&jon*Tt>47rD*+;
zk9ndhXKZ+)<y$aSAg*xb!J*Lv<sjG6!DyI&x8#EPq0JzWEDNG~*ZWs0{@~Ta3XP-5
z2kO%nHKn?nAs1yjhc8o`5eXePX@8Kr;Reqx@tL6zHeM`=j8^2W1+IPnatjD7zuWiB
z@Z0A(Y-U91+yM=Yjq82AuI)$)jm-W8ww`Slo_Z$x&Y$)sdGZCqfIKG|T)874{o~7S
zG%fw6uG*=^hsLh#U9~-u6?DSW`n>UKi_Bl)y~1?kL9;)e&MDil7YO&d5l4;$&fWP#
zKmZXw|MvbuJL;(f^R)C992LOhy|U1Bhb(*wGz^T?=23+1kESdM!0pVmtWX+(&t4Ik
zrzqyg)!=;iM(uf%PF^I*5hzthPVKzu<#cnRsv`r)iWu4v5Sx-1$?x`{Gnoktf@|QJ
zQw%8iNCm!TSUK23BdpbSwu41Bo2~v(XLoOaP}a+3yF<KtyKcst(0V}>)xoE?3w&8|
zeD%YJG7z=}*`C0zzvlk=^T12VC!qCnwezys{7-oQ5CK{8ng9V|*=DYcI%H&t;7xZ8
zHanr?9NZ6_COp6jG4%Q2qa4$@+TrcVY$<#LFoMrG!AwstyJnTWs#0azWi)m+lqLum
zI9>t8+o-<E<#rbyR8rYsT@I&45l|3f@X)SAr@aKnC*v*0e8g@f&?qna<U&*g4tjd!
z?t<IrXa7Ii-a4qtF8&v_DWyZCq`O5Lq>)Z(kOq<NRw)6cq(P7l>F%wYl$36e?(R*U
zwZV9Q=iD=M|G0O?d1sHl1N(W_`mXhjPb_%Ap)27#mNiaY71ZT%?2ssZ{LvQ`8k8KS
zhkem1x&Uz%bX+F(?E_R4^`JnwqSRCcpzapvRAWY$x|34hCk*F*9jRy5D$Ye0%_2p_
zvVSf<ELP>lPF;$!2Y<gkUItLEDeJnyl(g3kCI_!HYaEI*zQR)T8oiByd{la|A+dL$
zkm_!FQ8&>Xz5eWIsj1mO8%F!<06_?D%9s8ig`WV?kR>mOzh=X$%F23?G~fEP>XjhC
zG*a#$-C897;u|=V1vTH})SA6Xqh5St(6uzAQ=TTWwEp@$N=YPo<4XsE;rE}HY}Yx+
zCq}+Zls|v@iv?_cz%58tDf6|{Eqm5Y^F`aQJ@m}T3RPCbGOP=BgX<1b)P(TkYO%oA
zWt?s@iCjDEbUHO<*aQtHiv-UNzK#J)_H>~1GiEtnY)I|45T#~xGXEpF-x_jmf=;z6
z766mWRV!o?rVWkMpjRtM$7j#%u&8HY&9S7GNt85}ib)w6Q6H<cPWIwzbOc8<4M3wC
z@pE#R;+j%L;rRyMYpN<HdnvAOAUU+IQY2~neD>!BWH}{@i<O3kF^W#@d2}+j>xWIz
zSE***lH|hND3zIP6sP2**hAFyS<S&q-F*iZi#Q9Q5x|dcvh?!sWX)S}xeyDhrI;rC
zh%k}LTOjao%e&6nWv|O=U_K|yXtX3l8h9B+?P^}8nfEUaES3)&Mc49!KsejMqEZYY
z99<yZ_BnE2k&PK<xW7JdV(HrDo@uU3O|bd_pEm?33`oq(#F+njbK%b>VTC!jWv-w4
z^$=7TZFFg<h{x1#mk{_Q@Jmd-w5>Utbscl;P-)Z%(dO>wRRok%%DleNXKzoWXBV6N
zkgA%T7cwm19H>3;#r}4j_hMmbnfuD7i(?+Ul2WXChLkEYDrz*9E%u#|rZ;!~tSDIT
zu-!WY++TT|WnF_`-u!p^x!}PMI;O9D)*mS&*#Y2%U!H(GHX2+!nD`Z($XJk5E8K<d
z&k5lCl9;Tu(2pkaWKkI}Dq@)dSldaH9>L2x#F@M(ApidcAaG34shBiMd`)^TNOeyE
zhN!nKJk6+qU*AA!oGxMRfeEz_KRw`BLzQyJcpJe08%11u<S~35UxpzLYRjPv5;`qX
zOa@iyKmNpTYSpgxrKpp)Odb)B<drVYXg`^|s7w?c$0VjMcB3z+m}g%lujed{*kpA+
z^V2~NkU!e}&L1=6B_FE6g$i~y-LbK;C0SXWS0;(K9@c<^IeK3S#nQXTY2%S*iA#7&
zqV>J|gfi`O4hGPsP}pHs$z^qS^8TnOkIVM6x{H1M&4)nl{H;ojjQQxs8HqQx9^r|Y
zpl^})`yxnsr&jf@Da`zYO~iHBxuzdWo=<3<+kI?+7T7`y`tO4MuRQ5?U<@p$%$kug
zFrUR>&h`vO03R7T!Odya(@9zxnS`gYJnxxzfl;2n)pUcbR^{u!O5)e-n22xQIHQ{#
zJ9)P2u!TM`+3RG)_F|hbP=A(t<JH(HetQIUaAzqnl<6-(#bMBU7Hyqe`MH~<>ZN%P
z-T@Ea^ON@Z7+3cfXJT1SkB(~m+b<{6BUxC1Y26doc0BBdvErJud3d^7_QJ&fcEX!C
z7Iy}OK-Z<fR@CC}seDQK<xu*9S7e+W)Vw!mduGM<jPJV0lyxChKmPUPZ6qdT$@eK5
znX|=&I9zK^fPR(3R2w`5O0@&PcD&YdREx}Ab{?R+OU(c#m6l3I<!R}!?fsR0C(9Ri
z33V&<APuY0D(;7<k?_M+lVuiq?<PAk7XEE_QKO#sXtT4+(CSibS6<=ydkWEcqv<r^
zjocCvlPSurXaw2CSz?D(Z7aKeEH$3=!fwK{$)w~s4B8*m_uD*)`RkaIsKrGjyu5A;
z#aDd0it=&yt|*qx%}IBlBeG^(?(ltu#yN>ki6WNA@l{+aSuu%MtnsqHU+|XqPl?6J
zT0Ch0%}a$`j)_pq5#m{P^p^J2KNjdvAEN-~0ppvDuO_OB^GGl-NbA|BYMp!fF4|@q
z@69Chwpfp3vzA+5Mib6moO6LG69Eygn~H}%C0bOWLK56yh_L@2dW<KV)qUXX-C}^I
z2lzD4f>w@scAY5lbt=Wn1j*`H7SkhAQU)aVd+w7U7gk`kc#{bWkj&*qryom*Po+%N
zPnFMq4NeEX-|eBTHiKTy$XLnl7k6iL&Qv)Z4XDmxUXn+fljZX>w}9omJEHFp<8xKr
zY_bP6c#ff{XKrCuXYM|?`tK@@wiwem2TtG`S|VZXMg5>}3OF$OTs4B=@On+L#%>ka
zxHB#gIkH3ERd^5BKx<bx^=Sq*;9IVQGIOaow7kZD;M)8O=aVY~u3%9&jg{c(kw#GU
zM%*;D{6GQuh2A&Aor`yO_g04W${@-Q?#=$k6Z6^QQKW1iC-4A7{P+Hj6SgsKy@Je>
zFV=L)xX54=lX1lz+_V}0<QwuDQ}VeY8NvKVXw%Ldbz9?6Y%S}+>R>BE>eHK=#<>-W
zii!i7vKC+aS}TDZ>KD^wPdStOL_EN5YbhBUh*_ZTF_QCP+P=>j*0tChkwhpQNc=o=
zS3lJ!Ojffi58CvS^cJ0F$p_r{(U!5+mZ`LUAc^LQ;iZ$@cjunc52b}b!41m8^fqFg
zu0)V9y_mjEm>{<!S-N$(f$eljoXO>OeHR_5+@D3!Tj=Vk-o^DTiVf{oB;BRg(cF`a
zjb&jq?bd!`v~1HJ`Ge+(;`!LCt&kn}hT(+V7x}sV#V6GU&GP$umoG*bEGB{I^-x`P
z7h6=d?VNZ#r*lP3xd+|FCh#L|41HkR3}0@oax0Op1VIb^MuTpl+Xz3S=tJv^G>~n9
z=33b7oe}z3_WGpEusYJGmPq4x;(l~E5ylljzg}T3YE>oAgf(G9HM72=3-%;~p_(J~
zL#~x@GQ_j^Z9(#0XHu0&fE=(ky3NfOJOElm<Pe6)Fn*f9un>S;kR-mfnur6uyk|Zt
z{_T)?gn|y)Nzy`r1~9Wmr>Z%;lTxk&dSg;XjdhB#BbC;Aw3tSxUT3z%Kq~hQ^Mk-f
zbb+IZJ+`f1-+iE8!*EySr=1QHN69|S7>MvXrq$hVK?Wil%$1R&fUu7pfE!N@P4_o+
z%CLkByaf<GHGujeDcO8kAMhT^R`db*S|DBv^EglZ)Go~|lPKsd(3O0d)?lHXkoZOe
zxD%`sLfPam-bIocQqAZ{quj=$u8W_-AdO{4vVQMjNnfni#OI2lAX!1^KU>S%>#%bM
zA@j9QC!PMliJor$)yfIgBpFigtcNtWzko*Er08;t!{dFyM}$Xw@zm-}R_}FHcO)%)
zxyK0(zFn+{z}F_?dzU9m)?*DD&af{%0c`Grxlv^vqe`mHi>5%MWF<;XOZoddzgZ+~
z%W~)8<MsTlm8|5H&Nz00^%{>8%zWMQARv8g(pK5vx|4wmx1m`vS9Fb==K+nK)UJf5
znui~UHn6?jp-qoCEEJD6`Hk4M_9{1-bIw%UO*gz(b4-^%f)4TIHnGdb*kEo4g?CAj
z9l-WuV@8Piw@lT$bIM-AIw+2O?tx_Rhs0w^7m2*F)JHhE>S5~HZM3^Eq8giRJ{@k)
zs8#0yKC+AAV>F)AVaU@5^h)_GsxCEr89nje6}<LlWyc^Uf;s~FT8Znj(57&p*#BKP
z9?>3XkUVkjM)R-!^*^G10r4v8m8~AIu>HAx-Z;aP|E-F?^C2O)Y4d3^-98PH!`2Ql
z4hBNQ%xsur%YGrPl<z&+O>h8+qTc0l+c(31wFNT$C$9$DTu4KrVxBE>0Fy_}I+t+K
zENcQ{VkQ{A7)bl0j8|K=tR24qO#YAYdZ_X&`V4FMC;C}owXqjDN`B%W9?~wk&p_|u
zXPyk@YxPkbqyc9WP?wov)NBiYd2c|=$5VBjaIfy?3(cet1kV((Xn+<<Au#bUl7>{>
zxXF%!b?~)E|1(LT;1Dt9fn#3bD6hsBvsMY{(N=4FQOb~GryCl$fp)KMAa~fgsjXu;
znIG*}L?IF)B3XU?OUwX6xq|tE9d2L8w`X_LN9&Snz0NfwGQ)rxF7g9L%5m)~7oqiP
zX6hVIDYe6Ur>@DadyBF>&P)s$wl6)vO^tw*jw&UqVP~9DHFD~38f32*^gMy|J)21n
zg~W$Cw*&*j*WR?PLZ2e?AEC@sdtOwZ8T10_db6f&eTNz7i4g(G?f;_3DP*pi-?1#z
zk$-Ep*ccGmaUVfpiB1*25hq`9;<P>y^{ziNgS!+WkD*8=KS1CY_<A^&)sQg-5fp|(
zpy87VlqD2%lu}gkH65kj3!-{YfIa8>vVDVVWxPbe`W)s6mHw&Q9>dH$n63C}bts=+
z<Po??LxJQd1N0Gb_=YwHUQJ&#0txS-VXjI}MA;l@P68nMqcMmz$wFtGGBO&Fi2z)L
zj86-ot(>+6Nv13uL<8{;4MwX2YfoO+n1R#tGIIYJfD1eTn}r$-UZosE<v+n)G}2MF
zX3RyxGH*VG_mrj^3-N3I)c?wufZcG@ae3r<_c@Rf*&l7%$((=l{BL9K&6~>W64q@E
z`8(5}Wa(`r6-bt7EhX$id!V9n(zuLa$v45=-;1J9X7{>qiZzOp<?RB6W!kS_4#HnJ
z-*e>^Q!9lbTDC)LYn=_VrDM8LAAkr#eI)Rj3y1MVr`35?6<0i~VGW{k<&Z*acm<yt
z?y>E%Vbt}zY3+%kk5Ts_RjG5aH4f>L7tqFMsuKY3d01hyEpcN9;1bHjmUDP?7@(J3
z7%4^Jop9}R`$9;T3D}h4Lsz$$e7)ZCA5qRunJ;_eIx9b@lOqu`z0YyZPnJkbTHaRw
z=h25T6qfQ<CkEH<`wIQ5B*UPfaZT&jC3!g05yePP{t#epxa~_CTi-nXWqu22abl5f
zO7+8aj~e|S5aSmBsuR#kwCC|U%f6q#zWkVB$YQ#nemhM4W1ja-doDp-T&uCNUK8gD
zkVaSZi5O(cXd==Tw9VFmmcCT)WPwiYeap4MuM+2{Xko5|kK#o{wWuqM=i3z7+ySOS
z>ERE~f-+S@qptWU9?+W*dq+yDp;~b^za7l$hu6pqIfjN6LTsbeY;0H#HpXMxV+x;v
zR#cb{TLOr>wc6HlBskh0Dkkqw3$}>R)fN%N*X6kXN6|EsoJCVqw=EfR!!JND^X+X|
zg4IPV%bx@72BHh^O~>xr`l*$L*z12UPDxsj-9#$QWerqq$G%tSraf5KpD=o?kRnXE
zI?U{P5paIIlic_A_GttkJt`+KWVCE&X!;I_GY$ZOW1yc(9@y*!?}mY1Odse3nSl&%
zw?DjsRwGNlQM_+40F9&%aJKGL-rlLB7%T0;(e31Z{P@iXJNce48{AL6tNtP>p8t;d
zBaKpfmeVu-1Fsal-@BKE{VgV?RM30$@4M3_OWl5P_;(jk|J9GW&#xz9Q60C_{@(X>
zZ{QQLx3oWA-GUzsRBN{bzDFcK16`sV<KUQ_mnp);_-ESc56{aCs?qOWtb||m(t^sy
z6mA8NUtqF@13J1$ELYLD4nbh?{u4-7sFFVr*gcG^W>LKL2J0V~@{OCVh}q{6hUMp3
zxbR;L>*@axcMUV;0*1w+0g5RGn2689GQYFIf4Cr0;r-mdN7?oN_xrzZ^w6(cQO$M+
zaD>hEAL7R#j)|AYzSbJ)8@xF#b?NmmH+@!(97W<<-fZ<$?y3h;g-=~`y|5r>1>d1f
z_#`$CBnl`dSBXMseFe*(p!)m5u0Lo~ed*R1tp3_T^pB8m6MdT<p81;gOF8hMQ$Y<4
zQqhp;uD|6m93_5kEnBZI4o^g0Uj2N|y5OS!!ae_kCXTqCC9rbm7&82QrFvxGnHr2r
zd0$`Qgq`^$man-%-&*0zVTiIwz6fu;MqV{u1$Jwo{}-gR4Z(H4bUZBeAGS=89Q<^z
zr}?5;jaMfhGif{QK53+VYMa8JFX@pCZjT0t{}k74#J)1st497b!L;nif4dZaRsgI+
z62%u(0O;JOFy8-*$Ntp;pN_>W{ra$h3r4Wfm<wyj`l;;by?-(c5BL?;P+`!Z&kXtj
zJaO>3<Q9Q7ecs;!<IlFbelbVao2w?2*6r4xUAN5)UkJTYDUYXDzXS_s6;0n@woTy=
zm+JrHCs}BZj_Sg-r&)sDCY5oxM>h6nZx+H^r^7EgIoJIj%W6?yg{<eCrC-$Fjru=6
z{1UkC<sGq#$^ZR_3o$TTIJ0;W*wcd9u7Qk&@GLf#i*4Y~TbPEE2DS=QIJ*Hx-BPu)
z`}_LdQHwLy)Bh#}|03oM^>xX{{~X`*?~QQG25%uPaB~^fQbz908bb{MGoYJAl;HQ?
z+vbLc$3(=5?{~0$JB+TjuY6q|3+A7p=YRGth>!`%>!U_Id-*SA@>?N1;PqtN-~LeN
zqhbOs+`{L-SbJ}pWdG3_6##&L(PTa0!o(Y3<x66(Rz8ZE`orIK{qxM%UkmN`1&+>E
z^Oqp8Z4O`g{!cbgm$cR<Fx}_*jxPH<c)u;d!^B>C5$hhf5EwsQhsjO}RPt|#{f`ee
z<kw+BkdjLO_a7keAoSv(MW9kHc&*_^alsHy3?J;>H2V7-4e;lf))TQ#ya}EI7?i+w
z@W(Bx*Z-I2kpKN05p1x3&tVLIjt+a97AI+%rDo|sWYB56FH&|*Ot^6~8BR9sVT_Z1
zcpqe@GFO@DX;TL>`Cric|2VO}eY|cAS@{MP{QZZsAb71em`)h`0jzq&f~X&iJhJq5
zr^4OetLl*iLQw$XtIG|5o@K_@@lLNN_weq&TjlRI1s{li$NOU=hkx<j50CdO>KWf1
z_%s}Y7z;r-cKMFTlmCC7q!aYGI^f$%_wRCe!C4d#b@9T4J775?u9w4+nd<)kWjVkU
z13ubtd-&vUGKs#e0bh<%ESo-?U>4inTcaXZcM11sjQmq&0;5ua8v@m4ERU|<+c#qn
zEHxj{iALbOjeE^k2^vA6znbYn_osl>0oRCIP02*OmHi9SF?D0Q4*~JuStO-2ZZ6~0
zcvx6o*=dj9GEg`F_9ra<zF}IaXP--R?T4{B?)m%;-8XOWFhSwP{6rpql=zPpKvx=-
z5b##0xbu1l;ai$K9?x}FysZhoncGI+ahX0mj7_i0;g~AXzzCIW1%3Bs|1(Cdr~N(%
zw*GwblOG;(w;QO9KrZ{<V>I${M5-N(7wMA&5ApJ{mDNFdhhN{k3QKw>Td?VM6N9js
zRuw8SFgRC$JC0p86J5srx10QKz@C|7{+FU+??9n7Nl;+mb9_S<x_=4Q^{Iq-)rJt|
zL;d@pk6$K$ojJ;MFg;;s+|ftAV~WH_WpX&J+S2(al!L&|eDTa?4fhs!l80UJL$C6P
zt=xQ%hr@EHQ@5BDV%kHDO@w3Iwl~l<+;6HhRwh*9jw|BiT3edsZ>I$*gzQkkQOUEj
zvu5q{&!2Bry6j*+acNVKuC>?Kf8udG=Pvy=fJwW28ozX3xT0x{M9?cy0H5<|@hckV
zh&Q}L-UG|5Dqo%n1>Xfu_gO$WP-D|}rv8pDO+q-bDN1S;LZ}(6J7LO#hT(7S2tU5w
zQd~zn6$WAM-$jh|hu3B%&`a4!zraLX=6Gg7jCKtJ_>7w57SI_;k7m@(eCLNe`dP(6
z20LG`G6amiOe#^~kh`;BcxS{F1v_<rg`KJ@*4Z$11$11IhCq7$0Eg*?(g4yIEzZLJ
z@~<;UL!8p2AO@s<H`zU{2WuX1SYPDT8;E$>A!Ch02E#!O2iQ-dyw01c8q-}*MrJ>9
z`rJdy0Ey+#^HbY>x#4saTCEBXKV6p{v5o=tu#?^Z&t*_{NAt<+R=t9-R|tV~ile8@
zwiU){eL+}%tb~G$j7)(W;RXBAn#77*U-S7HM4UTY>SEu4bCc9j+huCwJnb)({ptn>
zIW`<t(-f(B^TWT9)&~3_8Q*ZI^h8|vpwPYPmH9In4<lP41ryL`r}cwh<ip}{88w$}
zJXJudu&r~;1TZ6Lb)|f9enk9&0<*oQULT~PA9_WI#vS3o#Qbiet-y+BWW@ddcr87V
zw52n_WIcjMx1yMoHD4t2nm+Z@t2QuqJ63=~d>C*h9l|Mt58YX-eO(LUH*$;C(n4X1
zqjn4TP0qH@833t2m=qZ37L09u&~XEH40@i=6?=P~Y6Am9QrS(rM;ImETHKi^zgS^6
z`tqynJKRZh_`dL(5m4bZD4A_}`7aPaSLgaFjs5VG75h)*yphKMA)m}P_Mn9fKJl?~
z`S8=P67wOC!$Uv+=uF48ApnIZSdZ7pl)-mf%SVj_&G8uyTiWyee!E&n#W21*fGHsa
zCjJpVz;7xNh}B2&-A;HJiHt+11l-enhwJwHq?dtIfh^0~vGNlj<E^}iKBFUvqLG^w
z0a|bE5gfIhHJ)o!=k74yh7lX0L?(WqOsKo4g9MSB!JF9-zxnR5EV=&G`Qk=`dAdGy
zuCwFpDXZ~7UmYvWn88_fgu`)6Et1vn-imn$KXay3RFKp9h|qL*qCR1ph%@}nX@EBe
zM)I_0yT+z9LIj-Xl7R=#KBLP}SwP-(z>;*h{hv$dm*e&Qrd#=h<u7FUn>0M*h>895
z+N7wp>BbI1N+P?d+|%WUh<74_zjek<E85ubJmPZ++g`*;_*H~M{{lYn3}W%hG5h|G
z#Jnqh5NSvv#S{rHAOJhuphwUsF+%D}I`=U}c%rxk(A=58(7p{nS->+0;5dv^M+K8|
zK`4eI@ij=%*FC^tR(<ilv>)AFn$K|-kspxDZSQ{lno239EIxC>uzBIh<K#lZ?{WMy
z*WcBeRI-0)>guMD@V-r<8aq;9=|0QMBsvlF#aKE<DPL1wve5f33T`TIc;yP1&Ft^B
zUykA=g8oLJaEUL4*;K>%sae1Hsh-J9%Uxvb^j81_7EUHc3)CdA$-S(TP<SQIoIz}B
z1vZjVN0ylO2=(w^@&QYjWbm18RS=zc+N#fdhw=ju2I#AIcb?<$KL5x`>s&AqeU>T~
zjI>o5H@`LQgMg~OJJ@`Jf@ii8A+|cStx@3N3fmU33@vvXq|4P!;{k)l045|a(3^TP
zFgQ))1;iE7K(A{#c-|2%IH6Ixxa-!V=WaH>rN!ttVJ^5gXS+M!B|TbV66Jno0o;86
z0Klx#8lu@!)?lL=yS%!WwQg&2UTry;JDBZtey=1!&+FVzDR5*CkP9-vcm@06LrLHs
zk^#AU1pIAsQW(J1S}&_{ae5@+9sqGzNzIV)R;;w*&(*E>?;L9|<lVT~LzCViurABc
zuD0vlXp@B5PHFF445r#G&?|tZE)5lrKNC{Q(yN`bBwjod^E9T3;tOCRkp+gKUzr{x
zgVrsk?iSv|-StVX)3Yjz^HHWL>w40u6#y2IN&@4*%#HENQTEZLJw0$0?3yB#b*6bt
zIYjb%K62aM#<1kIZ;dEq>YjL?anPDNkblOI#2=P~+C@{SMiheGBdAz@YbD$6!T~#y
z>P@#qQ{Q1}Z`sj1OSGwcI^zgK-H;DyI0)nqJojW9I&)T<?Zz&##=V{fp=y_$U!n^4
zWnk)O`{bx}m#HvFXx7*t-6VoIg@))=OI&K#QS$}1u06v4@8Lp4c2%G~=}k5KN4$Ry
z&v2i=nn#G5VFl?LNYY!d*D+#wof{Zd$B)R}Rqvk+=BlPWwbaF$6}9b~c^34(>N#*t
zPVqxo3ckHSfLitpM*=BUCl+88Z-XsY>wz1?pdka=d-m8msRuj`%aVl+u-v>#=Plhw
zfGLt{c~%UX4`aFa?%f0PA#XdbMdemhW$g*iTIp_LykKm!s0Dpf`QH2l#N_ONyP)UQ
zcoit;yx~6`mHYzJT0dl*ouDWf%@gr>9EV|xYaEf_;K;H=;^a>KzWwC!<ng)%T8$k%
z<2F6IzDr%7E!+C1Bk5FwYK~k&*-#X}<d<1b3&0G<RBC5Mr>5(6Us<f=|9o+}Cj9cK
z>%)q}Y?H0XPSFf`I(lDN+_$csxz?3WwuY8NW{ih5QqQ<nN&{8&*16R`w2<xHJU{IP
zLMfIN%4Y?75Ft-N*kfJLuS`m>taXSw`3->7T&?Q3fW4dkinPrO5aQ~W_`>N&Tntrg
zP*s2^=ph-OS%=wc>9Xtc%B>?c07;y_@!HOx=f`_Jg66Pcy;ZySf04M5vt1NMY&~d6
zls}^N9>7M%h+$F7J@%A5z#tb_Oo95*YQ9JBN#vGY$P<2RPtKIUf9me@C46tP_`-6m
zPEIy~V{UVn5|<L~`7@QTkE(XhstnJgh<f<?Kj^xjJ32}e3SXq5osOK>>*p+|;rS%Y
zQ{a;G#2+RGr}k7lJc=ntK~OGq8{69QyPQZ@qw`aE{1q#|Z!E3StUF2TMYU+MKr%q%
zr)Qv48m^=zgM^APf%?6_K$Jv9Lg^AuKL0ChaXX<YnH=+<{nfMq=&EB<T5@82A9OfL
z<;w0Nxc=LzFEM{(To|}Ak^UU}VMZV)kDT`xn7Tm>NWA+y5)T)tMIXcQ;K3ru0M~^Q
z`80nnfZBOeR0@q9otmob(Q|tCT9)ECE|-nbJ$@uhU?3rUwi=7~P=W>l0YO@y%-!Nd
z)n#I)QJb9#5sM>~zgeV1NpnZ0sks?Rah8-;uIz}f$c(p4<}NZOF>YEa*~<P7`C)GS
zQxZ^luUsXe&ii<8O2IcsuE(4Ts*=s>NlblWek%vi6(gB+iU?uvwsE-(j*DE#l5gG)
zKt%J?Y;&vs2qb+n88k}T@_c;*;r8THTSvw3k>x-0(AG76#&d5e>)VT4^=S@NrjqYN
zBP~S1V-h|`xQ{ti*WZ4cz)8LgJ+Y7E(0VcB$_iNsW?iqg>5Nr`Vi|tOKqHRf=g0-n
z1S(|YKEAMGg`Ye`SW~wl=Z6GquU!Ry<FWVcjy7v2vo-cia~#*6maMmuER7!UECay=
zqQkwjQK$0mN~_7}q{~>56k)$+`!9ih>pRXdEa5`jduP=p7krtzv2D6ffugHqYba4h
z_OjWGCwr*Tw*xNFB?r=!W7(7MlT%VMno2np1PmFxHck~uq~mH{_M|mRe2CPqXV$HI
z?Ca&D5`Lxv6^+8ju$6W>;d`E=l$H52A|+Bl#7(0q^=HbgG_#xa!KV7<lAenqA}>MC
z%!27q9_i(1LKREz;F1Iqmg`H?AwBD3i$cir9=^Q~lxyKOrL9v^%qTsf7qK;i-BOgk
z0YXtDS_U@pD!b8s?}k<i_gKq*S*KMgFw4|2^D&lGHctwFb6J`ap^M;n-#+hkW_`4i
z09_%W?+GkG#<Dk-ktL5`%*<OUn`U=s7Vi)IdPJk6K$ok^!oSd&eJ)^PJG=jxGe67s
zkKD{vyW-PzdoteWJFD!UF2Y+1Ff7ZU;N0K22iG!Mo(pB^lz;z*9opmzD`lFyZFb1l
znzH7!IU%IydEn=WGr<d_8AN-Kus&;JLM%)G=_UBSMr16L=e_C*Q+cASws8!k0^o8{
zO{@17TGAbuhG0ChbcZ0e2pw$9-rpN@&{-_jWwr?^o^8QCD5S4WvzWRW+^B8aEqoXA
zJ=CN7@n#(r?PP>jg}U{|io#$<XM8%)FW=!dq`OoS6bAJ?J&c+0(=Zx<=uNvMAsj%t
z4%Iu8h@y_e{2bvU^HE>P@cz1Ld-J)L>G|?}lK)vYbXVk#bb?YK^@nmp*sSD&YWQgJ
za!~)~WbKLt@2LjB0S~os8A6gsg3(Mt7O3HUXf!I~QZm0ilt_gnABKSTNJM*W9PE|%
zo0A_&*b>I=vR45mXfK0w#m~H(&l|S$S;N~xe-`K<vbqet-WwwrC^J_!w^tv5C?$SP
z{s!37IcCKMY{B(*n`7n5dNPDoCo5ST#e@OadJV60QnZ<6_}mZg%YJ5yBO@#Gyd5yO
z*`HO2SYCkSo$nX!AJX)Zea(6jVOl<kP1c3EiveQvDYjLV-`g~aL~U5lS`Z~10S(^-
zW7Ll85ENdkUylzQL75}UHUGEFNvYOE!8*P02#0R*6_t4w$cVqvVoazL#3U9;^Wt#x
za#W3No5`Ne&ONxC)8jN73~wdP_7S65N$HtSH5l#d6WKY1bj<Eydy=qzW(@X0`LmgB
zqO)LJH>v`0iIo58EMS73o|F=~VD^2u&WG3bL-!tRsYsgVH*=JFf$DmMk;?O#=DBc0
z66f9dK#Fqdypk+nmhBZChCZWcggE)3N~nHnEiU%Cznwsn)nh2gk2Pgncz)3Hg^Be7
z#H;z%l(!jxaQfE_aZXeyriruVkyL)fO7bbtt(ICFE=&UhBMmjYBqiY-<Bk~P3uZ`O
zR;g)^(qzp+Ho&JwQp*$9FnZw;V(F@R!B(hiESA1R69}HJ+p9EqaNF7>>A2C%*bD((
z>NG&-rsi4%<07+;=&qerl>%)I!qiv#qa*Iq)83biYc3#yQ0lmS_psy#GQ+|cR8oY+
ze!TO${a=dA4ws#a0BTAb0#r!I+*q;-(DRTL8}Ahtv>Yj3GN=~@H*`iVHGShrb`hAH
zr2#d^Ov;X0KvEB=gWHx$fqQ18fTtV4dggR3Q4_zXFaqgKtfmVWomO%D+mUOsjkrs1
z5J^MGS`3|<hX2PpXHNgw&FQR{#ZN_VV&k|bSWVYF=d{*l-#2X`fOpS1uZAYQ&eJ&h
zv($3}nR72rW$Rgj{Y*icVB3Z*;TPE6|8jmql2mxza2v7pHiy+2cDd!STnIOuDMN9A
zIt08{TakL+pDa(+t3TrUQYbc%v08?yi;{q{<(KGndF~AJ8mi2tnaV1K7Q7-e+N<4q
zbvk&kHUyGf6r*VXsEL@O7#$}HrnAh5#HFIsf4E2Rq=;m)&U|0$P$@VX)PRiXD}s!A
za`b8!JuDCES-KQnI@-@bT~~H`=(K`3HJX0>h+FCzJQzm7x;&mki)THj_X%7_azFF!
zd0&rcC%Jdz=ENB(crK&tc7DKVG<B2I_jE!E@#sg^9IaZxgwi^X%g;A1P|bRl-so*L
z>uKh-VHE4>y$5q^)`^~82cFxGN&w3yAehS^y4DG^=k=8O!|e(Bxe|a%Jb-s{Uj7v-
zsx=eed}L|X7wk$apZToD@#v<bmfQDly{h`N5)Vq1%WvT?yEzaZz*bVxA3v(WGycA>
zD8e|f@7txeytP;1*VFQ%>c2gjZO-d#!&^(E^IEG4bhp3hz}pWx=O<Evz@xfs9>N~?
z#tw&0>zr9!FD}U5DfdB%2FZ=3?35_}TRs6Hk5L(qAj#1vXzzBKl`F=85e`K?#T|RV
zy?ElZkEo@Z*e#8!Pe#D04;3{xtaTdGPbR-N3=l9=u2~7#cQuDYgKL?6z5bubKvw_A
zK-qXOQ1isZKXH``BF#s5`F$39=B6M2_hn_)8T|zxG#I>|IT($$5coyNW%FhsiFx1f
zH@Fk<o;aE7w%^Tv8wQrSKImT<XQTth+JjIpwsEFF%9<LZ=heKK2gE7?B14)Rg>Y(P
zhe;Llmb}(V19~Xy>B*jV88&qp6O7F?35z%#)V~AyTFwbQOCqGtKw4G0jl37vOx*A@
zw1Z6a@VF5otpYn7k1I21Mh2EY^1wD(841G`kd6Fe`QF^ReOt^$f-#-g9mZq7`w*Z(
zEq^7ls}Z+<f`pNV4u3jTq&@3%t+6{vt>IXp2K}p&tNzv2a>rI43+oF+Fp^%ww0?L|
zJD-nAWPDLmZehMN>$kHy(r%*?%e4_)Nb7^B=DxUZ{)persII`J@QJ8P#$1^!B8sU7
z5()$cBUs4^6OlzDGPwV#!%}@<x=7KmAyQ9rq}Vf|uHv9kLtky&$r|Zq#?zKafPilB
zbT>ZYpI(y%rE=6TAv8whL^BHnkk`rJ{T2Q07qR*k<p#}C`wb&s?Pi&6Jxp=h$AF=z
zX|f==D45T*PWF0cJ48F?wGRYgXb%~n@d535x?A<qXJTkkeVGrUq0QiUY{4RVkw-C7
zUsycH%;oviw(gb52}qAFN}eBCZ8f1p=}LLTrF&n#E%6dg;;epG+EdsZd&vZlsSXDx
zir|+GPmejVPuJ4PoE?T*l+B1b@cDW^GRk^%mqY&71|A^BwxZ(v0P(S}wx=BZYoP2>
z>Hf#@m-{Vk{_|~N@tNhF%$AzAEbnkPI5yMf@PqIFyKHXUgiu@$KlS7=KmDhNjtB3y
zpy(VM^<Ot_5ul<Nw~&zTXj5)CVL4_ud#BP#GzCgUw#^l&H^}&6kI&>H`5#Wv$>gaO
z5+7`yH*h7QMjwhxNJv}Ty%l;3{UqlV{1cppjKVL?_#PUCx=lQ#p^>ckh>_F*Wey1T
z*}V_d(nTd@!rUYiokchHY5ra!<u-$NO@aE6bPR{K)CvE}yd%C|ZZlGplACjOW-x}Q
zGB2n|7Cgy>*b|}%-Gus~D7SpTH~x%6@0Dr|@m!yj5HyiO#_|kw-dpTi!Jp~%ufMa{
zQ%Gc`Q|F@S)^F6dZmY2M*{(0WCxcUl$uRt(`-D+w3}8Z)@aZKAnsl1MK%G_{FLcMO
zo(aZbzsOx|()G^pupv^{7o{5@Jr?i{<rR{H(0%DvT8&RnCVwrhw|rbnm3o7nSAau?
z<xB-)BVWVh|0Gwv7Yj-}K9T}_5L(&zXD5j|JS0^0<N|K{Vek4gvTpeWQPEPA9gJK!
zz@bX<R|6qlm>e&?%!dzkBK7X|1lA7^3D2Bj3fQKxpn!{Rs-!UX7~@bNq8p{qZHQKt
zZbsu!P%)M<)G7BI7`B*oE-MaoeR9~!E3z2b#^@V&lIhf$Svl1SuF7-WTgq02HyMAk
ztN8V^%2-%gy?}-cWfBRs*4Y766xUcB*&0%z^m^U1IGG2pP!g#>(enbcRB-Ce3w$^I
z)OwCr03k`oB<x`y|J1QWD7MWN^dd9e4%YTEM&t`pGNf^TtT{K~Nxd3$6V~mCKlqG3
zWEC|GBaw=INJJ#UKfRI395H-m4d6<G(ZgqyIn0pQM};BnHisvw8-u3c;t1T4Uq7*R
zJdf%+rmzDHEX#4#G25q9#O;e2><TA*V~|4XORq`bbfjU4tWfh!rO$8{Wc0HiKl9*d
zhys)jPm9Hy|9#(Ijk7xzn$!Od(I%dO>FmVMD0#=5p@E1C>&j?(%n!ff5l~UcIg};Q
z+aCf;`hlGO_w}nbW7YNuo`<8RxLf`Q&HDNv&CXy6zN=a9R!?0wq+Ry%C(4~sf=(`s
zb_Gh*rH+{sVNn-zIYM!pUb2mEip*!TY_2bluQ^{0Q8SUX4l87>#)ZKop8F}y76x7M
z9DWLldpDZ&-)bmijup2y^rp2cY)(`gON!t=AwFX!jPsJQxS2?(awdry8raa1F#6;-
z<;ws_F(e@dWcg`E;$NPdF$xO+(4y{Caa$z64)_7eQ>DWhphw(cGoAQ7$wEAYkhB9+
z6VDT0O|IP@dhnZPh9?|=P^RB#{lsx~PGp5jHvawXosij+PC60ZP&m)*<}e?JMrf_~
zrN9j9K7j#RQj!!pRSPvi1S0|tL*BU+kCzJso5n8xK0do*aYTIZ3JRcje6$$bdN6o9
z7+*Rnp9ad86>hBEnui2xnuXsr&G`}NnUL?5Qhtz@dAJ}6$qiwLGNBTko-8T*#Y{XQ
zli6|{tJ>il{CphooXQQn`-Sr<?+XlXZ~2PI929R%DpbM|Juh0xuC8!-H9zx$0th*@
zscG?hQV+=HsUS2^JvoqBC7+e_H}y~jn?AlhS>u=>0NcJD{8DwA1bC!0$M_>73Vn6=
z>vd}}sXhb{eNwLiHyIUB$+ajL1F{k3@qcg&|L=e>>tgKBWgKGFt7|i70ahAM&m*wL
zX|V2ukgG_~S8zx;X=Q0b%;ofoqBiu8qDD6FxYYf5;Xr_N`4OK{QA1qaB8x|(Uu7(S
zLP}dRPu7?d%kD#&adAq1DUwWmBsf~>m+(EZAUi!-{aVP7bOOM2@|I&|;U_4#3|~mR
z6R8UaL&43ev@zzG9wUCZ+xAXM4#ui16}uc<7x$SQggD7l%dro+FLHz-XE2oW!*Rp6
zH;)vHUJ8*i#8NfxmwYQUmG7!m5nfAWmR_~rg`zMA6-{hy{{+O=7x;48Q_EgO^>6|l
z@$m&9z@e9iL}$QkxtolECo@A&ctN!mGpWpnP<9p;NjLHN2ygl1FXNR~?NX!m^Qj(p
zgC)^|0uDEdU6cln!U|vNw<nQvPJRr`#F9W;4VH0y01m;4--lq|X)eo7%f|%a?Lt@5
z3eI7}){s813!Y+w>#^T?@dHb7_b11djmo)zZ$n2N!*IS_fTx?5DHcdRk@~fDyqyuT
zTon;e9|==RM@O!mF5vaQzm!loJ+%IDI^BG+ak>ThG(02-rV^It`L6LNQ!##lF=Si)
z{&V3-Ow-}p?hde)^E+!_(EkIL_$GJ_!#KD1Wc>#&7)AnD=o<gY3$&}YfR=n7nudkE
zhZ*xUmhzss{w(0n1^Rgq>N*3#fif`QOi)I9@F41By=xwH_IEYQ7q)Z3!(pTpI*-2Q
zwVI#?mC#*{7K10a87qEzL;4P?)a$fa5@@n@6&@#cvkF#;uLiP7n?pRhQZ@il(ZV3q
zDUk9!b`z7TM6C@_(J8t1fjkYvA+1S6Qv&tUdlpt9#MCgq;7`=@DL~Z|rAKl&TLfX_
zCwGctZw%!D_sX>Q4O^O}Q?fhuF-+DStd^r(_KTH~oYuN0+GCi~CEx5y5Q~>rjKuZH
z0*qdej*ouLaGWi%i^}a-w>OnnY?4LI0G1-&Lha%7h3ez#JZ=hmcC;uCf_97D(yqHW
z*s09{4mO1w(-t+WUhYU>h0A`g@VnD^mK_U>cJ6${1&{R+TiE`m;t;uhC3&R&?j(MZ
zw2M81*R(RTexSi3_jxL_W_HV5&eqm;_Nd(Ur%KMPc|0vH=g#GD2iU&3h@ZT`=V#S+
z3nld0d0K@H`$L@{F;Ox$KAZ<#LJahH?a~*2Xj#Af5s@P7kmYF}06AkZgbl+C`U33a
zo`(i@7eH!(IUNB<1tP{MyHm}tmvmYMiD!M^t3q4*ete?7KQZtTlL{cWL){#P8;mmA
zk4qI&pid0uY2qmPt=u(eOx2P})c8$SHR8^BD18Hy`9KRbAU$K7_h{uDCuWvW$gfW5
zN%nK%I6>1MM@{!9?FtgEG83LmK~$E#hpqm|fUo)ATutZ-i1WVn4}=TcTd(0j?eUC@
zgbpYeika@Dp4dgeF|HLnsXNm@_Bsddjpm`f@h-G#@9Ea`ZNsgnsJpP0qUkKn`{hpp
zh(iAxRWLr|6#<6rC*b8^QEAy4@_9K*O*edjVcQ@jM%N}2k7$)QN4K5_aE+Br^0liY
zOgdw&XfG~KNoYWuXE#aAi&{P@G9?KZ%1HyIm!g4wz2#O1&|F+PAG0W23kY=Pzk-CT
zqv+?y7FYGhxKOLcs)GVQSG}0b)@%d7D3ziaNbTx@Z7B7LHpJ`ml$$ilY2weC<&Fqg
zqD(ATczYxhxrp1=xT#*1X08ftJ44;xa<buhm2?bK3W?V-=~PV(Z{r7OQ&`?;&dcyw
z%!QP5?_LplTLT3JO*++r2nIn=luQN=i1xzJdl-0(c2XSM^|HYbIVm`GQ?zddOCm2=
z)*ha94gB7YP_P|sfhflA*68+j2iYAfZ;34P98NDNMSD1T?Zj=bZ7*i&hMH{UrRS?~
zo?(Y~s9Y(AoW`J|_(+zoYH{&Vj&os>!&cJbjOM}U*(k`iz7Fj=H3uaxFJ0y<i0#^M
zhou0#FcSXa(IoNY!t@agnNiQnZ^WG~%MaRk2wE-ucmxHXi@nc$1K;V%)t+66S~U^J
z_5*1W^IqW%lH*suK*>^5a{+=KaKrt938^T+*V6FN#RIlXkWKen?87a{?DWk>>;ji$
zpzC(`HtZ;kUJd%dG07$MsiUXF-avz62X1jpf-%kTG*{^buu^y1jWoBDciov4d&I`o
zfaj(fDyZY>HE`;q(CwDnt&;^bvb^UARk-!sYA%0aII6pZ5Nn?6L8vJE`^U@e+K^<Y
z-25&O*)O~ZC;2#|+LEHXC+Z}8UJxXEn$iGqil}#fG_hC`tiL3YCI8I^Zro~+zrw|+
zO($cR{0Duw3Fp0SZVZBv2Md^E)nC#c*rFWFigHBF1I<-+IOT1#RwI(v*$Vi)6FP1c
z5KYlC1$yRI=<Dl4OZA;=2a~-oTvvx=>Gi5?Zh}I)2e{BvW9GfckKcZl=E_ryOI5P{
zv2h=lR*7P&iqmQWJ)j5j-gfa(`@R9YyCEQaqonG6ydB)D9@+9kcO0-66xW6<@6V}E
z+hnic(3dqjG<OcW@Y2b=rl^~$gROprO3RYs6OYFG)i{gCnpt<P^HT?vKVmPIKg=5`
zF-FnonsTEa3ZP#w!KS)*FHoUtflm6hzNuVa{(FLZzN7YwnI3nMJL*JEeQkD97F89Q
z)$1Hcfy!O=YqM6;FCrZ;BBve}YBxNaiD7!!-sJ%2)Q$b#u-#z87O(M6t^`sig(WRy
z%6=AhKe{lCeKlUO;U@uwu~`GBTLb2j356*@bEDJAEbC0ToC}=|CWkz1N4QTYoRUIm
zJk=g02-?Ll_&}+J<X}S{7&=60d=f~IL_j0{iPu_d!rVSb?Loy)mV}XnE`bvIekkYV
zci|^?17>la+rNb3_ebxD;Ba_%pCzL+UdX@4Q#B|is9a!{v@z&$2kbqy<{g1guLPaH
zEOA<IYQwWS5r~`D`hhzbB|li8Wt15h-|B?bO2@V-9BWukqzAt3k%wx*+M_Pn=U1%v
zp-sS1rmwEL^q_g*^jrXN5e^sp!Dzh?K$#vazzD$XU|Ls)S}ZnuX{&Q@PEOxotn9mz
zs1|@w)G%In-$&uj_a@2ahRrRxACxG6hT_i;zzS<5^)YM%<w~7qUaqP#$K-MTt}%L_
z!jLy|jZ;iJjKVdh*K5QR<ixdt{6uUY4a#5<+by2bH|ZXR^p;k=x>Tr&Cn{NtK&N?R
zX{9KDRj)3$<~;@4zi9>D9nUUxw((l2<WJt+y4~MKXj-4Gc@+HL;lkTU>Z<{+%t`s1
zf9gk5&p}C2*U!_VaTnhCO>(dKS?UK=fMc~&MTsW>$z$4sy?@p+3+OQ5iic=tSFGct
zTMRQfB@|VP9>%w=0L6n|kXEiEpYMMj!Ae|N1M|@&IJ_PJ3&Mz{_Km&Ib^^GThkQRK
zZoMC200Xykmk@1wll95A7#ASc0DOcn4%SD(ukdjNGj_2HX8>@a^)lX)2E3e%d5{zj
zF>sZkUYc3tb4A)fygZG=$$NtG1+;&#r?G^)7E6fYJ`zCJ=VMOfrRSrTct3Fi08SFH
zDebtHma};sR*&^>Peo*ODBINRD}`Zst?*6Od3_{CoH2my;|JCQIc45}xFsjn-j;1=
z|B$n@d!Sx;`x_w^uZByUs{TF=(>=_Dm5}<dfsoScD7#F?Ly`39(-)KN^3KRU`$VNW
zK$s<3qvDQQZow3}9%#a9)>=IP3{X+G9eVsnQfJ0*K~9aLcq9_fa)E`hdlLJKPVj)#
zVQV@R%YKS#j08td{fEc`ePotFb5I8}zRf80T+7cmcGLSC2VjfTi-D~et$~4oQ3fxE
zZtf&yw1+naJb?ZX|Cpcv064}cRHSqX7L;_#52)qNv|S)w;uUpJ)dFolw}xTqpr72>
z`?#c;V37XUxHC5V(bLy78%ti@$$}EVxKmMQ>`W&2eBwDjDQtb@`8Y3onhvk?&r$Cl
zrI+!~aurMc_ZQm^;L~YxiThEyZO6Kl^(?l4jns6C;~sdVOyG4osIb1ex3mhYRgR4n
z^uCGj6ql?fSA1lU<9!*L&MDQH?#St;PbN4wUTK}>DV#{~`0zowUu9G7EQ(y>2>H?o
zYg&`Q6Pe*Lmz7RfC8nN?)F*K)yPT=jL5s(S-_0|sLK~ge`dxP@i>4iCRp99kn4gT>
z_dp)kjYD4jm_5qZn?{>+Wi40PE)9+rZW^w!d%;bQnqPO`NmS#0S&Y)?6SLWZbx}<x
z!w}E$;G<Pij8bseK`|O}-|l(k@|%a$B4an)bP;js7p18;xSbZ5J{~Vf@y+7w-R=F>
z;%anpu*?;Ic_ho@L>XOTEGcVjcTbU?HTg;E7J>ou#L-f)18pD8>jCFu(G8y2>D?{$
z5?qE@dB{b{lwIh5hAua5PE%gP+b21E7yjNyN$^`IiKzM1%~YQ(i!vCuP2Sfo`r-EN
zI}`G6ngbKTP;c|1dt-n3nguI~#>omuLs8ofF_GzG;$mWofEAd{ueIU6zbw=fWaE+O
zALKLReR0xC8vX^;T<0#J>qsd;v4H+l2#Q6J_4YP`rm!N1+0Qosp+vnmTG|cRhYRHw
zz@7K=vM~lMw10h65Z!%cZk{P6-eA$9jtGMaZn*(BE^^%%D+j1KO<GYz_l0^Gt8u%E
zt%4q(hHoHNQ>l))i}kFHQDJ>_k(#t|GR$Gv?dt{M2^<W@#YKd}s6jO~(_ny0;4bfP
z&|po8Xux`-a_;ajf|2>d;VR4mm<Eis$6srTom=%UI=&jqi-W@q!NkZ{a*W2#DT_r?
zFjhA<Hq0z^yvz#txLQnUPxDPV3eUDAZ5>ce2~tMB_EW4V01{P9kJuczjN2o7Yb2)%
zwQ8ernRU%*-LtgNfXrTWUGl|&+Wu0qw|e_N9_XdWM}1WZ*O(JL_YFaw$q;Z{->*PN
z9O^g4FVOh)6yPmfHtt6?$trEAZA@>B2D?CBF&DqwskMd_a|?nwgsyv(_t~*6DJs!d
ztA#AyBtf;I>CaHnq_8QU$6F*>awiikdTRufGV|L#M}90E($Sqms`KY94+wnm4!ECo
zsARIQU5gccJ$Dy5`1ErLOsHh_WD*RrXWRGYLJrhgirPwmF4|x|HaprQuE)AAuchw_
z*0!NzKbuSLksj?M@XLG^Z-1zrRW9)na;bwuWjCEqZ<-msATq$RBVf2Gm`-ZJ+}k`}
zA?DX5ZTiJ&ur#=EZ$v)$XevD!ReY@Qu@pELL=T!FpSX+L>H)B2$M?7dUGQ(e3ViSg
zxmGY*iblQn7lKNG1s@k?&eWMabdm9G6)kjqsQ>;H$t8`Y*m}A_$)UA$A*>Mv*DTlU
zd|kwE`14YdyRL~XO}(D?pz!(1cy|(eLNtSJp0!E!i=?%Y{-1Ep?@0(E1QU}AmqA^@
z?fFEteU>qyV{g4Xntmab@BB|6c9YI9F}~2}pUOn!aJxU^vukn`dxYTgx7gj-MAA=9
zieugxLcs!Bd-8irmuC8zOeWoD(YuRX(g0M3g`jPn^SW^<RInQlp;aS7EOw+&Ptd?x
zDUnJh_Awu=Wi+VBL3JwxfJv+_Y<BY}Wt**o?xo0BaRlz1ou43&joV_MyBzhQ`T^Cx
zY>)(E1-x3c(4s9zrv?Sy8#beMhSOg>gqz%}auhlcw*|qi;0n!nYBX?}<o~`*S|Gcx
z=sPZ2bcv$2Kodc{OS8!xQ;uN>K2Kg{`YvD3`CV_QFblw<sMRl<V>H{C?-gZ<EZBw+
zXxBId0$_yMXyxddZ+!;;`9Av&pFF_o1->ZMq~z<hEFB&Q>md%;b1g65=P_qgC`-Cr
zW+hR+I6Lu+`Nri2ah4AXEGD|Ay7gnjn_jeP@$%g0;U{bL$HRFi_RtHNXtu*IV5<9E
zlVXH&ex<kXnKnhUmuKyw!Ftvm2$+!eHB!VBBS;WCuS7IEiAaL1r|lH`&@D$k5UHQg
z^CD5_GAqf=f68S~)*SPa;3eQ5yX{4IOcp{A8JX&$?W830a(P}rn`lU7&R}1e(-}{8
z7u1@e<9d1funLcA!z~@9;meLf6NMUw@6kJ$wIlWJm1X@kNu@oZwL{4p`udCCghb}q
zJEt;7hgS5w%`J2FrcLFO<EOH5g){6kKT<0s9xOS+4yqJm)ze<G9GHhmv)NKbmcILO
ztCcg?IE|1;ao#5&bU7KNcfWBHv4+@ED>8eGlOZW7-q$1*s^J4P)Ff3_20ps)?|s+W
zHyzQ5GCs1OZ|hYl3R`4!`ORu}TKlg_>$7i_*Q{nwi^-Rae~`A%b^+2hW1gUwSNvTo
zFzcwFd+v)vO!^BP-arH*(55wQLFg$;J226~XI{_W-ECD^1UB7#Qw$Lv`<9K3jm9JM
zVCLP<b}*M;$)f-?qvkhsXJ~EPyi@iGF}y~xs6vQNSyi(Ygot5YXFKX+rKX{e<h<-$
zmWH5v2w4E1-k+y2{lns-`1PnA=}Rf;^<tajB7FySUtE=yW<0&r%4shx|2y-1@`zXm
zogRLirN3;#;5Drt^4rEMg0pM>Wl9|>n8+#nn!f%DI_5w@Bqhez<(;yfuU!Ed9|OEF
z7Z?Y!%whWR){`}qt!jdrWoAO3MIVZzCb#wUR@sttkVz!T4+hi<bTP;bu+JBDhc=N|
zpasHsDhft@4CqK-8KDJ}`IqL?Wp)Bz2rZ{;mea<<Fv^gL=Mkgj_+hPx@-OrjfB`a^
zM8RWL0Ai-7<;qcZOFu;Jic0FpUD2iE>2?F<aWjfX!bK#L`5f7j0;J{T$tWm%cagl#
zj)uWVV&%IJmpt0a(1o(yx$8QsVM{wR^#poKp&)G8M|3IEH?X&tbzpDOs>Ew&mh$~+
zjqQ02x^L2U4#&3tQo!YB=;^U9RF}GjCHoil+s^MdBYBk{HzP9#;#svSPJpBaizf98
z9x_toN9a~l?`QXr4L|lk<|7%{nf=Kou$X@%exF1fk10`p>{s?*b_*ysf0h4+9@mPp
z-2c<zd+Y}~c}mC$;p>etSc=r#jJoOEEzf9{jP!2ZN4%9p4mOZz5+li-7XZs3cLtEw
zWhPy(Fy1+nMA6~ULHkuJeUInDswQilKOwvbifCX&*#K&B)WRHF86GFQa8|{YjF$U-
z5==B=z7b5R9*mh7e*M`5>xztFJ#U?O8&HFf)wyDAj1>C-%!d#h+dSsDs=$LW6;;3R
z;UQ}xmqWZ17L`mon{j*Fcw3ufuNAMD=tP92Mq4zUDxK;e$Tc>#dphx4O1l`GV)@-e
zupRA|tqzkMbO;FnY5x-#2sEoM*B`klf^b?mND&DTjol}*(*a=t#B(`QsFPfvP)=Zu
z^cpc(onAGU!m`HgfG%I7*8gy8oSLt39=k`1lC%oczLV+y;eHdj3K)xVUI5nIN0#0w
zKR^U~gnYH17@2)z^om+Xa2d7Q!*c6L0zcNv`yf2n=6?Gn#?aqYSMnK&)JXWx4!*lu
zP*LW@M>4l=7E*niTHtk9r?8y&hQMd2YU3z#|Gfw!#II@cPptl}=u2XNDl|&Mw_q2e
zF?Er7GR|(Dd(xeFLUb49`vefVXwtXOlUO9i#-?aiclML`#-zi;`vlBHxP6bl&8Vm#
zwyjg5KIb%Salpv5%ufj-w{$IFfX)7FrsF0%E1{N|7cl8O7I$k_JRgN=Geb$_5}pn!
zr~sDm40oa6-FvTyDfj*OByhO}4hH(!P6J51fLeM?n}x*s;8E1ia`Mi)kDNWG1KGW}
z;kohC1{gKgA&7HbIbc%^KrU~z$8&t8d+Jf52F=a}b(r>$(N1ie&r*Aobe*+GHZWDY
zr<G@Y{Mf2$8{O`x0C%(V^O_}pbiF$w)<(Ec13ldFWciwJ+0HwkQ*l7>1l!=kBzlwk
z4*TW#L+pJQ?-IL(p8ft^<7ghBo8V2ky;CJmBcD{aD=n5L9`dEA$Q$c39hkh43ExGR
zjC{6KS=;wXUVwIu8&jCS7xjO5n|%9vecaZ+(s+6Q&vE+(4^C`gW~0@R5uyRsw4WA)
z8Xwb&yj=dNPu8Ssu32ftXgN~!om~8hd7m$6P|E?4*r=2!A|l_r+8g8Lc*K}r!w;BW
zqAs;Up|S~2$JRr}0iyqfn`CDs?WYXX;I)x7Qj}q*jWOdNOThrM@En6c&)&=o72|&~
z_7zZ7Zqe3K(w!m=(jW*(ONWAVcM1y9-5>`f6r@oE1PN)8?vzFl1?leYKK%QDqW6vW
z#`y1W+yNZ;V#nGm=A7&Kd*G)mbj2$MTG>1XBDWtfZrvk!TWnD?>2umc75GEbvM&|x
z^H3}3qx8u3HRzMwrBP@gRc<Sz5<wws<_sK1T+e+|I+t~;8utf{jg6q+q9L_to{@3y
zssN}7cR7J%qXejRd<;NB@5JfM@snV@t6Qd)=jjauaq09ykQ}JA!5Fr04Ggj9?t(B;
z(Mng6yMo&dqDO!ip&ZJrz4t*87BH&1d7tfs-Q61wS{xXmmyqI}0F*}Qgr!b#!2ZO9
zTv8h2h?~OL--?`)l|K79k}0*uWZxC{7>M*o-0ymW3J;a^6V|G~5ToSJP|Z^Kt~FkF
z?}IyF`s0wt`1_e6N{6+h9`6#Tg2W}aov3dc=?9`evjZCY_<h4sS`-3Y(C(;4r9XLQ
ze>0e9LWhubC^j-oG$!*%0tG=xCRH5r=(}#pqO{xC?r%;!g$18mE4Alvt`RsUVf}}|
zz7c1YccS}zBM-D!h+)&!Frgj+n85ig+UM`{L7jmjN9jWv*>3N9##<UkOZ~K1&Ta6O
zplCk;w#7@~g$&6Zo{3Og5n4DnxTxEOrOqbP=AaU4j$%nf4U-LO`Ou&$z+?SO_5lmo
z!YTN>8FGH3?WlzBfToo2on<Oz7BE5cb1#Q&;>ZOM30@@oWPWNbk%^F9OQc!KIT8fz
zMO_9!?9OTqTk`aMA3Idlz6|0!gpQV<D*)9(d&{c#0=17TTk8=vP;G~R47^h|CNm)4
zlAy*gDy#S$hhGT0Zs;X^#&Nw462TV_6t5_<yK*6@*X&%kOMU8W&%$-0OGxubFn&;F
z@V{*Qjpe?actB9w8wi~jCpgMdN3{Wr&zeL)hnuJosI$5a;;xaaJzQ<e!TLuH<Ihz6
zt_>_+?Y;N2!5Y`k1XYC5jD0h|-il+<jiU$=fr(!r!3qOJP_FLitEzyz1}WDS!mtnY
zNmEut7}}r#BuDA*mxz4VTE*YZ{r*b_hQ%BZKLHE%#ezB$-nG94QU5s@*Pw$ZxjY=?
zh_@1!*uK%MU7}`jWMN$+>1nO;F#+Pg?AK+Y^4(Hwo7(?Qa235`)y?={{q^PlM`4I9
zmroZ9mn13ZsgvoGtG9K52}2NLqUl`{G{0RwJFx*Z_ceC%pNoKzOZiP}?U;Yje?43s
zu)2SgF=HVq{N+^TAme?#nnyZp!1a#~{xU4>54<7!%hRjpV8XQS`fva9#bpkm<;y>b
z>oQmsa9!o12Lf|B&kvXX&>q)dnkVd}1QnvN&7OR@YT0YVE&u5*^zWq~{1$wO?m|w#
z9<?ZcKsCJ6tYpB02-98g_=$jOdUYm71%pM@(L8LO4rCYdD=x48#B-DLkG#Zx2jvRY
zJfr>3Pp`*Y93}vC@nAgRN*&oxA57(l)C+jxOF;*&OW-3!6Xo&sL;ZUwi#GgbsCzpc
z8*%@!J)-w;fFo{3(wQ5?s9DA;jOQE2szbGo#;EyWhqkb|ulZ~CB>)e5RthFS5B?cE
z0+8vu`XrRR=pbf;yNuZmw}(g;u0!7IZ3p{8GzvA_QNwxT?HpF$KdbjF3C58==AL~V
z@rRj7Egu6*=UhGW8B8J<T3g4&BZ%^y`${1w>&I!Z{r~=MR2jdelb#`Qu>W~Czj9bb
z&bEAD{D3-!OPs&@G*R65>Lox^$|gxlEjmhWAf5cY|BBq-s7Xx!zrTc^+?6lNZY=p%
zXhQ^MoqdF)-l<B!&eZ1*NPf3|*|G)ma&mZ*`C|>7{Oy;Zx)ha7%D=tZ{+V3BT#dP6
z3(0>XY^b<iXA>}i>zZ)|*U>f#e1sOtK!@I>;c@GJ%HMD22Kuh!*Sb9Q8sPw_*ZHf-
z&oVS2`M34gKZ{@CYGDb$VgI4+-$0ZX1NV^U)E=k1WF$F9Ah2HzZ?`xYo-cV$JH7Y;
z+^@<nmu$!BpfUIVuy?<|m36-acDBSAqHA5>a_T+IObF)hCaG`1*6m_4``%SAN8s60
z$?uJ1Y(H%V;}dsfCsKSujD`Np+;ywF%P;t@imgkCLf7PW91bLqR=L+|<{TXe>+Lr_
z>nC^hFke7d%YIgt_cgnLRF7w$!>E$JJ9W+^*X@q~S%hGzsU%<KY&hqK;EAr+ts4VO
zwn1T4$b#^4FK;Z1fBU`oVcn?<^+{9iV}NyYe6?<t<4L~$AL|DHYTYO_NZ?-&ohsOI
zcU0vycpnncJLnW!`k!H3?lyPxD9UFqV9av5uJET<qAXf4oeMM+oAFCGB>i$CY}^z3
zQ2+OlI>G_UI-nxx-R_j|kMZgdhuKtfj=Q8E^@fZ0WY7FLI31td)gelN|4sTy1{B#e
zi{rPYu3$06UO}jbCN9R@ca(tiw+aw?F<o@2@>-56d<=IWAVwt@$Ev2A=P4_zF>=00
z>9q3WA%lk){ujK4UDLtXwwnKJ(uN0DD0**c#_Jk72QO^;ZUebYNk)q=!n+A~FJH(H
z^w*=IKv2X1eKOOZUD4=WbN~Nn^h0~PfHcXh^N|GBIBEuQ5j5l)_?#{Sz!Tp*UcE}b
z|IsrdSuI@}lV4s<jeCD}G}y$%MCiWt=b6?|veRi;`;?&C4hraZgICg2I&ow-78%T+
zged>#Rd#hxy#8nbfd0YaS78ppv+Qd&wGllm%*o{6)uWaV<mk8lCbV$%85PjTc-hu~
z4}yVH5zj?9%F;LI+sI#$UNnBqBzeI}ZY{s*uOxvgj3evtF|xWuP`pz_)DP&<$+6e!
zcV^&wVB>gf*7A-f*a&>}<7|z&@cfc2HB$Gzz;(!@8M%=A?a5DB!QA6zVSM#;M-GpR
zb$wlgn?h*stDQc(Y7vUKZHZ7XuBfXgmAllPLS;}eF>za?Np=!_&&GAt-Sfs|C{J(4
z+@(YYgroqV0M$M3U~1acOdBDD*5SOWGvCoui<GOGANWZ%tKrq{q5RjxB`;muYLJ15
zG`H(&bc9F%AhEnX6t4Y1P|VLF$iqYU;B3m<qT{GS8eXT6(%ku2*eAvr`NSonWk%_f
z8cJx|X4B#7-J2e+73cDPs2p(g4TuRh@QvW*8{|dVOTKXQhX?Xr{owM`R2r&9xg1%9
zwIYr;kdT`s3u98gbbTKmsxA$jQfHG;+LpWX4;3^uA)y<64PSN{*n(ZK1eYU+gR@Lr
zC@`4V6=nUTl&qc4rzMG=n;U~!EyrZSwak94U97#<eL%Yy-aQHFY39H)CoJjB`r5G5
zX(&Rf)e!PJxkl?^7RPo712X7kmY=Fb?YF<m+i+LpBKujG$VNEXKD}D52Bxh1(b$&)
zRHhdJp$)pWwfS#7RiMBp7E@A+tbCWNlyo#&Sf6l+z9KzTFrI2rIDvzQhe3yU_AU70
z;F+d2=%rF)Ls&3>@;Q&HzAeK1+`mR7PalK(C3^5``9?$PLk9RtmNA#>A^I~S#3R}X
z*-cG?{|q1pe&p^Q$3U_BvI$x!7mpK##P%wbR2<H$Z!T9aWhPPGcD_NftmkNW9xUqM
zAWU-Kx}pp7t)T0D`DCGv`Msn_FcXW2;mq>#**f?%k7ArqUV=6P$Oj1n1Z<>OKcD^N
z+!P$;d+A<id`lXGRhH|$^Y68Gii>+kEv;f>+(R^fq*QW8<SP`*qBohxV!ZrtLb#o5
zx%E}loyUi*AX;<(O!SQ~UrGz~lB8VvSzT@^`D8&V;lA@dP~D`+mkJUKeog+tBEkSC
zAdVI!$T3rVb~ph*Z_*L-U?8d~jPM1=n(vbZq{4C~CV(>-y=eMLb~+h7<WSHAwAgDW
z=+iY)!AQ0;i?l`LpCIsnPHp}k3l-!443ZIiFG{<!M&-r|t1zVn{Pib({V46nQT-=9
zO_F5^mL;6u&i4`EZR?JSeq<{H=w1Rgc>2=OGyvyo2Eq58ykFf3oS07lr;3-261H-M
z;epEZ2NNk2X1!mv-R_@kCo2&cUQ-eS3?p9by`xox?3Z|NEXh0Piq(cEOj>DE&D2U>
z0-H)hCLHtRK^_5pvY;bcKJ^3#W%TVkH0h~sfe(L07uyn#ar@m?8g`v$K>se!9p2lx
zbgpTD|GF&2ciONIP_f>$jM_Mnm(t=yJjK;GpR@vjJ<~&{!`#BUK=RS@PgMm@r2y(<
zozOv4t?sqA!3YVVmBt9>%2Hfqi`uoK1EbZiMQHIw%nuTBKh=%^wh902NKt<(D&mpz
z{YpE3zwY;cKY)Mhmvk4&iGiCt84?0=mmJo7==gmyQ*D&KK}AJr9M68pRxG!SKLwyp
z<EaM!C4(XkfNr8#=sA@$oKJcOR+-pT@B7gkuAAbOzqC+Fsed>k4Pe&zD5eM?&0T!4
zoA$KfV6vqW_M@@VR=1*0L#aZEEN$5<Ik!V*d(x3gKtJ*&NQ<0}Ip~AARPl}zhk0T5
zvkFC`kBJJE{rn`g7X=1K8$izq%L^Wuc&b$uBKeg2m>{iz6~b7OtHnuCT&NcWV&JAV
ze%}#7FJYdgr!QG=Ef={9x~>P#cdgZPizl+EWuv?z<qZl9>{P1rayO<vIQl$mx1=PH
zr&Ef?hBe`!CFA6T;j}tIZelu1B_Qxfi;)gJDERw;@x~axU2{;;X@48^rg>KkPrPoW
z17V5JZ8%pYs(On<8^@Y4zBg~ES!p`GPtLx{P)Y#){#0kIwcFG7`k3Gr7m$RU1~lW=
z0{{`6I^Bd?#Rk!2pM&%=;bcliT3U<V!5IX-scGi>ov`N%%F^`o^kVPI)>GA(2uji!
zll3eOYdr|_i3|dHay1))G&yL4RaUxSJAUG0`6K(Yx;ueAT74J5hFR_=gnO-h_E!Qx
zj0&%Lv~bEp<k$62BGnjfF>5L`Y}Q%Xp+SOtr;i1F&Jw!QPJXb+{}6<lo0f!&bi(v%
zDlVY+(-Ne@h{cSB?12Vt;0n((Q6L$ZB<PA&_Iw<kMT0e7Jy8T%_#B&2J1y`R1IrdD
zopMvE+LS!|NlMCVLz6aGpo{*F_c=G^VDlvYP{hPGtzg>z$@Y)qESEm7P0pGuI(quh
z?V4xvXj;`SudLJBL_Fz;f-9mL7aUewh#*T_G<K)G`dW^Bqhxn^u`DJ6AxxU{1xI<L
z<QUjL7}?7fH>v|>u~U^HX-XmmjDZA9hz!LxO(V4YMYPQ)^S3(p>}pYz7nfPejRuoh
z(#YmhcJ2hET0}h!FA#PhbV;fDBxF7DnpKBnTq#(r=lchxJM;v_g_A))c6q7x*D!zi
z?A$yrnfh~ZUG5npBY1}oKz0EA_K}nQP~zo@2K#^#2iRpwwe<n!hY7OA&n5&As~rxO
zm!~=t{SHwvPENlp6|)h1g+f`_19a{Ny454y@I5o$As2C4vSL>U^d(vnjwxKdidI4r
zVsVW@sbBTJBJyv!;fUS2^xKV-=m5Id9~5fEijoAJ(d1JejPrpqVh+lf6lWVqb^DFE
zN=pk6<z(Mub}23{_8aqwva5)M{A?9<zd=YwMk5)r=Z?=totd@vLbu$3uolsdUY?cI
z03+uoxAt@=p9^S)JLcGy!`yyD5N7kuE^WSk?T>Ln`q%E8-Y>&)sREsW6f$8GM^{yW
zL61M>#i8(;xc>+9$R?pKw|OYQycms9*0ZFmjRI|yKw{`IO^hgz2Pkq}R5)5#EnEx5
zA1!%`?tQv1BWA#<J3I}Kb_P9cK8%cu%MpMMj;8wuMivD9_@Q<L`Ut3Zh+NFDY`>QY
zIC(>Bs7W3zxUXy}y*n4i7cb9mCo26;WV7wy(6J8+q%vqOD3v}wIrU5x>9qia!x=k;
z>Syzhj@HW!yPcVN_vSQp0@dOkj?z8zHvNIpW%(1j)W0e2mGLO@1x*VO9!kttWXA9R
zJh{yqq@u(Su}Vn4LVocBD}Od(CyFHYNR=vV69{k;YK%(-&P1>&uX25RfX${;g7XQe
z<se3HnX~9lW0o)*g2n^(OZZL<1y0Ka!SxIUl(n<L0vU@Z+bzfO-Ga_5@DV~M*<*x`
z!$Z(b_3A@5NAXv;(*<H~;?Y)-mXXz?r4*=DYuYL^VFZ=1(}pILoYU;(6QeeMR475&
z#nub>tji9F+#J=O+Akw8AmLrS)1||MgOBjLAPw)xyF$E7%k}(@k$*JF3gFzvMWm%<
zMCWA8DIwIzH1wyuuV-eT#>Pk1_S^e{t<@Jek?8CGJD~eO7Nol4`hz1}IDW&ObozNY
z)n6twy7Jxe{$FE{u;Fy%6|(hi<u4}%P}W`aGR#Q2LP8`X^vDm^h7rUi^bLP>^wtGv
z+>$BcQ|3IYa$1Iefn3jM0xC1XGmqN_?FqEqzxd%+gwa3VNc-7BBNdw3cSk{W^Ijj#
zPoUzd6hmTmrx+y=S;>qu>)9(w6ijsdb6FX=U^;~o42ZImHusoW#)6JQSy5kxJU(&C
zjf}Lemq+K-<+F>zR$-k^(!ZXFy<KL#{r*M&>E=plfqH`Me6)I#oOb+l-?URr1hPcW
z+fpS-a{8Q1&)uc+$zr_Wng=tOB?lG`+J)ApZ)n8Ci)8Fy2ZjJ}$cuObpP#JE@`@ra
z2e%cb##q&~C}=+jBH=Ok9JgAS=pJXOWFV42Ph?Bpk~62>HRuiq$8V!XV?&O+OKAb6
z;D^vu9!_`?vvC@5S!8*1sH9_nyfY4-NwKKQbilqGBNOsLGiX|;NKc%ik{~+>Co_yo
zpL0)ZP3fFgy3TmP3mg;1$FE0lDGeWbrKk{jo-_E+O1~CIZ-z*9m{o57`ka2G?}cpg
z`J%r+qnpR)aNXA!ppO>3NBZ8?gUE-m+bWBhiy1UQY9lvJW2ItQ#nY)2LV>&pNR{3v
z#W7&jBcoAXcxM}4TpYT=WK5%;W`4GM%U3N+CBf}>KJ#RqH?oQ<R>RLEvJ$AaLO9$b
z8RNBIlg6z(=9%PYa)W%q^$*0u?eQkDyw}xtIV;8D6elUp6()|`ML%SBcw`B&LqZ%T
z$)U*=K6|ezYlk8T=v6LClYBc~J)m^ov+et&%HT-Q6SB;kUIcIRdVlQeE?ZhEsSZhu
zf8L!SLe6nySw_oSWyuvc@ykE8LLM2Lu<Pj1S%tk*Zb<N+#iEmhh^`kO`q288oMBj(
z7bRtDCTL~4;e>DK5v7H`l?)M7SP&hlysgCjk%K#z1S=!#-9{Uo!kN#xR2Td9gMWP<
zKQWYc$bqOEyLF^$)418SGjtXXe4b<NFEtZnWeM#d34ndCprIaxfJK8WSt88cysPy@
zJ}Fx&VF^o0hh%f8kn%^4I;<5HGN^RC5*$W%(jlTJS{hh&S^OwyQJlbtbf<twJPxnJ
zgr=Zax6(fI-q|@Efws{dWg2b4k9Kszgrni-_FR!v=`QbYip$z<H}Uh?uNA$!Ly$KI
zv%-qMt#Hmh3jV<N?^9iOMS{tk;N<;TnXqmjRN2|epBj2W6CdY>ICbBPjBTKnFu>~v
z3wiEQ*(?I~OQ$%E$+W(VZNT1#c$(rJV^H2F06@2_oJUOZpf62u(HdiGFx}eio$oA7
zwVdXphi#OMQF>{eg=4q)R~~0;<de=VOav?@pI7fhjz6z$k~BYk2&CO2L=ujp?{xUi
zbcxIvylt{b@qza|$kvxXTt6+cGk)Cm>B4aOST)F3XqT+SdRRr0O|Ph-v$S~Ptg~wF
zfY{LI)!<#Z3UkgkI~4p5B%>FQrxbpt^CqU#KQ)8Xa_ytHeySwMxW}Aj$|qv*78qt(
z=GsBe+yM$AUcE*oA=CVfWp(Htlob*}dA=wSYyJ%`LMUjELom!GdMc)+v2zP7Zwb(m
zNRmJsX}rj|c84RfdLEgABV@ik<2ZbIK&>sdNs{d>7V@;xC+2v*OmJ4F!?0^V{qU^o
z{s05&2btRKIBhfejVZvU$2Z3-w86F_ez6hRJbjWc$YJ>%HGZX-fFA3;H(syVq$h5s
z?)nTz(VK^3H5c7HZmyqCpt+g}vK!fyR+h}ZXM^$y)fdT&5Duq1=TEZkDP^cJjy0ZM
zaH%SYDzKkAxh%Ih(EJne5pV#<Vtg_MotR^7jQsioDnAgisNCQgrhWYQkvze?e4_PE
zUS~m)a6l}&F+B8f!w~4jg^nNM^N>KNmU9KusWl!|!hmdT5S3cficNQdfk;zATpZ$A
z2q3G|@W(2$4<FiV4Zgs3c_H8&WoIm`gA&`GzXuwd8Bf&IuPqEj1*6g8ir#jj)yx1s
zZ3#XLYu$T(Z&H98!vKN;>OW=JlR#e(e|AqfaR&!|`|vTcWPV3!>q6}>q=N<ext-~y
z`Z?lmZH1_^xgm7l!$Ly*x9p-zX)Rv$imi&$k)@uM<=s*7@%6ny7#PshQuRtrzt)FM
z1_ixvUaPuL^^V$FOehnAJt4j%Mx}qRSXihu7Hltg|K1D8OStqtM~(H=JnF&>%4q4b
zN2Nwkq4>8mIUH~DkU(LPd~;J%Dex#KR;uP;U9hR4jgr_Iy4|Lw^?H}y+->t5TM0*v
z!e*=jmDYgr8Bu8mH})ar4gKl|jIaV0W<7K#TF7kwlayA5W&$Hb`3Lk3ZBS!t*t1-t
zT8~42gIbTUvfd<4goW;7)t?*w2q}IC<N_}%I-=<tn;^UDZD6F8=(JQ?Kvfcn{}aU1
zV>g$%Yt&vwE0f^sFkT%q#50VDT{3qp6B(n}AcN!a*Wr`yc0OuWb{&f7GbV$sqai_P
z%=u`AJ*`gig~m_G;-<6ywv?GOAw0J4iw$8f43)@zQ&lb8_WIi-$7~3iylsFiz?KN5
zSmHf%$gen74;?hm{T<Ew(qKt<-z^`%C9-q&wARPWCr7vIIR1HD%5-a}*Z}?GX)?6z
z!;N9u^xb*YLZBc}{UoWg*+SU#gPtUZUX{=7<dnD%D`5u4Ggi;jKPW>??5G!sFcRJI
zkY47@Y-^F!3=YmcJDDZ4FdjwSKbL#|_VAxXP6HwuGhAig#^yH&I<xNv@wMfhx<H)s
z>bTHd873-bu_#Me8pdtSK*E4C48`A-NRVZinT>cHcbCF<tOR9gZLZJcxE^|ZH(Rs5
zuIFQAWhIC6idq7Pam~+dW=lBGQp*6+xkNvzk&4ugOKYG>{yj>DsIS7_)Qy78Fpfo2
zK{`=nGgYnufHzX-BNTh=!LiFNw5MdaTQ`3bmE`Mda+b9HlCEOCi9=s_&_fp2hVEgK
ztOovjZ3Q~HkiAK|N37vD@gEl~v3jm-VyCvpJ}G_ctfZxl67b?h&v~j3`GW*_%`bO#
zT{;$g_H~@8@)&h$D}6A(ALQnn4tFax&}v6M5onZNG}?n!dn8&B(oaYlj{$bGsXC~w
zKcDW%x*2kWw7b|0YU_F5e}w|MwxfOCNij~RA<v^eY7(vm^4v5_=+;dgNP5vt2&7&M
z1-<@!!?)=bSLIuu-B)ikj+Y@}W$PnhZXWg~fMB5U)GUz5IF`+LCM(4|#6&bYRzmx}
zca+jHI=btRi}M3yW8?L?hgQ7RF<Ca_9$WW%k(m0rC`5ECq5w;k1;cF)*FLE;;lXoK
zYtV;jt$Ihs)<@U5f|fP9sRGn#8_~asSj;omJjvJL@H#?K?g7oNrUlW%=9BU0pOIg9
zv;lX9&*H!uNZwZwexELk5HDZhkvxkezCaotJ~Yq(xk&t`)|W45G-jHs_U+bEs~ynx
z9Qw0Tyy(heefM@W<1*$?lo#ShH^Q&{hG)VT#XZoiPnrow17CNGxY^orSPIKRg6Ih!
z$2FuRxM4VK-cm!XZED#(Z58V%qWa~$Lh4nd_WacwQan{wl)4Rkh7oQnMI!l$=@Frk
z9DK6IYbO^ZB60c<=ftb)MToI1+sEAgTG~`pU};5N#U*BkV?kpJ9*o<)DoQ9vkCK)O
zn_9j-I3;`bgM*Des$#Px1fTJK71s9lc10uwy@FtC{ow@3uac+H&q%y>_jw~D86MHW
znciHe4b=c=Q4S*LB}x3$qUSBD$hp(ElZZGWHKo<T{OOE%gZt$nc`G2ECdwZtl#pXF
z56qB$Br_NUePOe}=(IjUDDWYJsQ4u@v4sw|fcp-ejuWSL5G_mC_nh=WmypmSMNz!S
z8Odi}K(0{9O$9@rELeiWMzviEw~2@B8@GXMr0546w9~Z^yk)mkVL#^A8aXp8>JX|m
zF6~b=Z>U2E$RS%>GfJgT(qtWWT9hm7dd>WQC?^N_go8{em-S_)G<T>H(6D1!hPS>)
z`f9673?^S}cYmRoxD5us{sLEATq3Zw1>f>#?>z!`GBYCc;bKOHT}pu%tj$;ML-(q6
zPjv#-LE{}2EpzQkwxNRFk(5ZKTN56hC5)XK7p5kUX187K3@q`ml$*M{!}x*)kwNDQ
zf8nJ%x7{cEXDS47hhQn1Ydh#3q$~v5hTjW8o9FCOWD4)<sJ!{&V!vkIc$(s{_V9vj
z2IRHTF3uNN)JZcqw!7{=2xif=Mvu3d=x*gdvR5}4dDFz5KRY>m{3WN4Mx04LNx&Sf
zJH_@nX07jqOe%8~N!HfBreStq2m!BU-{gn=^TPr9-s;81l26gC2aZR@%3q%Jv;unA
zS$NZgItT@1?)sW*>l9F$`&6#?9@&4L9KP}*PMfoU-5j#&ZLFdl%B%Wbs==A9+Pn8|
zKkO&55YUt`7e!(u)zi|Fmlt$x&e@>yQhXRn^IY4hq_Y9{Ix7duDj-Gq=~-fzEH)wS
znAv6hHL&$`AW`l!%y;*GC>wn-M}JszSQr)}d>szM2>=|6RAGC~gfO%)(XP@P`Wz$W
z8P*%DMI)tTr9cHstcDcUq6rgRCvLHoEh_@>*>rxnJW)XVPp%L+04`^F9ZmR^({$nm
zi00AagKcZ~>DR<qgmiY=(STYWOSVoavrbMWCdiTc7uHpkZ;is~BVv(qqv+q4L4_M$
z>bFg2Sth^70u+CcZesf=uSMME#Ts9G%uSh&DZH*i*dhog<0t7xr_>_ydh~T1;loH-
zA|i5#sMifbZRVTI8aXsou~oM5v9}+0K{Z|$Vkq}#K>X}4Hr6!;(^&^@8>fIp`Q^`|
z^hia+*I!OyGfw6*j$)bb<i1*Fp!rom)SEYHzo^s(BY!?bo4}!0seIh$%vw3duFf3l
zlHUYGGL5DKkcy07JjHsJC~E7|wKIkrw@mnz={jqwd%tbE&cOKX#P%W(ax+HWqSDr&
z-2bXObBCrFO<-o<7$o=MQ@l<fIC%zDPPYtB>ou)=8GsopdwhNF_8xuVP*y2DA5K#t
z!Fc-IA=X+k!BQ}bNu#h;l1bi4Em-JlljOqyk-rHfdLtoNW(g++{r0A{eZ=1n3}Kli
z!yoHi0>dUW==k3J&<Yz7>d46%NnZl`s3VYKVecyvL(nR5!v#uslFly78hJ0_8ww#^
zL$orlQ!6%;GtxlX7XBs%3DtMSBtG1)5tLb-qdDp<mi=jW*2XIFVMK;Jj%OVbkb|Xu
z{AAA!eq|`&2TY|$K+|)=T(T)aqJ^mGGr%UMayW$Zzv41Z8+1uznR?~NK$V9WC5wBJ
zC>2U4-QvraorH#W#}788WMuHAD+zj)l)^DL<L~OnjDJ4CKtl@{>A;MXF>db^!fuP8
zD1Kzxf&y~7y;Z++x~Klk@^mb|uUSu(FH}{q8nDoLTYCc^7C59kUCnQ&Ky$y&7Vo4N
zOIpnx`HxK<Q7)zgjDsK!>x^YV=j1f+OLJCsRCRE)ZEU0TMnT5TOq`9m?Xk<!<p7*8
zO_H`IN&I76+DSjqODF98h0iWe--~R3w^Ugx{91WlSP#t;l3I9Pd)9+A9Tc}JlW1sD
z&E*3y-K_F4YR`R7!Z@~n#Oi6i^=NgW-8DH(se}u@=SZG8{o=nnHyXBcTfolU4Yw=&
zyK{YM!On#avfGw3FmWndVrMGcztzJW6Qeg7@`=utm&vy)9^Wh-%kM0sr}UTwj)-1B
zgo{q^Y$oh3wSWLAh~2Oih0S$DKPG`z#Qx>GdWUaTD?v|DEC9+|E>dE1&u*A*HY6@c
za_raN<N9_cQPQd*B?3LdZ~6K)AmiotL=I)EYU@(}+3?4rKJ_Q~NX0u^B>GAq$CV!E
z|N72PE7r6K%7?*uVZ^M_35V&*vMO~Z0l!3I$|wt-2pW9kv0$CL4fDl~e*5Cx2#*tv
z$g3Q%q%?b(m_BW#U{AW1zFTloNdWy?jNLSi-A9rdUSYB|F*C`>#I3OArdLh??}R!H
z^x8AOh?qfV-mKXzGj}0)_tOuTRwl&FgL5u;v;NB?Qx+P=Y?MAZR&1vgx-n{1Qja(D
z<%YhWW5<{k6n$I+%~eQTK}VybMRfZ3>CUe$ZJGi7n>8$HNtF%<8Lg7}v)}NE@KF^;
zUDkWVC1=#QSuyaUqXPHmv7zU6`eHc-&`!ty_!|aci7;<tnN73z^~r(pVX+d^J%V1d
z#ip(=3fgxbzsB@`L*5y31hQ}qX9$|=Pd~P{^t2T=S+J~si%?H=3kDgrYbT<?4slK(
zSL6Zl{jrWIEUxPhd>)GS#-A128(0%mJ3I*sF(5P0bE3j&w^gR$+?ELo>2!=u(jx|v
zuVG=$^N`%ys5`VDfFV^X$?kaD1G?Hwbuc`(NinZ8^gVz4@xwVtbxx(th{?*yNw9<n
z8i6Xzy~Gt&x#S3uW5j3akoO=&LqiYGfhQD%rDO3d{qL}>(qNGB^?9`<a=gKN_B6f{
ze!>Xe9r0`%PR&e>TTMQjS*OBvNTb4(S^)zU74r7se#>?<vMSYS=bh@sFVgE~D3~m0
zK!h!r!0EKRQPL0TX}3Sh79Yne1Pfo-LYO$Ed|BC_$d%QPv~FiH{zU)^B9{-&4VD#7
z%Xl?AJ2<(sAR0whyf~+%NzRk^J&%1zXBmq_TY{21;eIGgh5ifBfCGt>eZS`X0`Ssi
zxx4i=Gei0M=pyHPBI<7=9zYRC4M%K%U_?Ep5Gd!ov6yaxaJYX*RQItE1QlC9>bte9
zQR}1C#1D?=Xf3qW+DhkKWwhua_G-(k&B2YJnXuYEuk8eUviF8NZuzr2Xe_>}=q%pP
zIh8k$c4Ii+1b(FS-MJ+x9T%9C%dbSoM>5Wj+zh}4#(PWUYVxsy9>*+Q-yO~wce|du
zevOz|4TglA=<#FQQX=ek1xswKS8x6JIBVB7<2;A;vw51b$E4-cxyeuMUv6tvLOnB%
z@<YW+Yyt#WhBa`s7b=FQIf3jOKph*WNhwB-T2Sz|%jQC5N!SwKt?PKH0rBiDFeHa<
zi%mY5uW$cN;F1J^Jk_ntW_NOP&0bb{?vaE=C^O2Dc#Q1N(_D_v<T@P7AUW02)+Xqr
zX(g8+Ya;FNIVmzSmCAagySqCOFi9IL?0vIeKkeAv{Z=muT9c~J^Nmn<g?gXt-Dj`|
zJl+ib1vIx8sB^emZOBTE)Jr-1pXw~9KQ|*!t7v4dcuB>xqtCOb;n{n-rrB-3E>)Kj
zATh|}Q_FwD`2Bq+-_6Bu$wZ@P!AMUXFi7+hEcT#X_ET$IeSsn09vs4R+fL|dxts#>
zi*eiQ^&ECAvLnQjXWsQMbvb+~y5I6hIC}vStWvHE8!oT$nVVLz*_)N4RoV$ZQXYAB
zo5k)#OfCy~O>)hRn)^<CbZN`JXer(&s6bOg*ZtSR!4$D!01$8wHRZ}w46byv$o<X~
zq4@4T;leqOrnBBK)ZX_D4#+7hlWUe;0G+lVP(u6kIvRcQ*RLHrVnd_j>EKPH$-3H{
z*_MsvtPA!Tm(39*z-9lmQZaFs)3oCPd<7;500pzX09Ptt-pPnJgm~=B&p?+4G8+wj
zdz8r!OF5L?p`eDQh>DMjrq8l2=%lor$ZvYHJ8?IQS)npLzP^~1Z7AYi{g{iz8RM~4
zrH>GkJO&7nXl7uAXLBzKNpYR7(>H7Byblbm$uZej2=S$`Q#|orn~yu_yfV=2jo@WQ
z#U5m5S~;E!+ATUWdR?i&&4{(>!ikE_v@@@L%Tile7&-2EbF3EKwp$PaFXjBsb11|w
z`C;Zx+w-14^U$3h!ujWYT|S0h$C!x7#JHR~`3X94U8ny!#_AYgmErBmqRnMH^uMPV
z{S9!6Nt-qj;e#&ouo8L??G%eLjrwLpQwu<hHv*u4Pu%V7_rQ-Qyx`)x+W=Ib{aKHJ
z^yDpTRD3332sm!x0h%ZXNamx2K{B-lCV^wol)y<(?Aqz(x^uSaD}rVvMaL)Pv=muP
z@@{mlzy(N<EtnRd;G3Jcj@;SZV!)3?JlhAkR7tw7m*uwO0pYVUQ=Rjy)(+H+x70!N
z=8pG{y+5sG6~`H>P4=}vs1UwnCZuiQM?SC)*3}|H#)l*N$caqTFx$Y5#d<L)gRV>$
z_~rxff-D>F8mvV*&*!>rzA+X+n{5{;zUQWrkj@%E!eiDhN7ETMC7-FTgIMEmjMi<)
zfvtkIMy!FDJCqH#7a#+mAVp;7+cK1CU5f;X>R!zHzZMoI#KXQ@aa_Q8O{bClcvye{
zq}K`W2K9Z$7IDMIqI{4COSc{!MfU+^JlxpWSR_DUmXv$R+x-wwJuL1dSr6t_7A<L_
zsPj2Z8UP5tQk7AO)({Zc%Ql>()2k2FSex+NB<FL~VH2=@)zm2F-X!*HHfVo!s=c2U
zM~{x=E%$SHP}soVH>`+6-3<3p)q>;VMd5|=xS@d7k+PDYWieKn?P!o=r4ysdN0c9;
zazmg6f&`1lo0$qW<IIUOkRGF2Q7MC|8}l7v63(zXh~#51*lkqnP#37d2Ixqqgt-#G
z^%G>v^9z!WoOQxb`8!_6>GQ*h*2-N@b9+$AFVOl-X31`Kw~q{<%UW}qJ=*GlYyHsJ
zL{ATC`rvH=F&b}w=;GFNA*xkUjslAd@T7r`Bdmxfvk42TSWYMNJ+YTY%TxGQKoy<j
z{@%qFMOqo2rNY$os|SoTtA-+vVjdO54pH<5tyUh&lWg!ik3Txf0tEv89F*{7Qgks0
zdSlP1tI^j2xuV;vOhh^;Rp~~bZQP?R{9?Wg8SkZi(GV`seSj!k!dvN47wL#jZ(WVT
zWMM1*$wW-4+6hG{{G2Jkd{TOPrf-;G`UhcYk+QbYE)m=Gutf@&%;O|JIHJ2cmJ^GZ
z*M0yfv-vmN`3<d@ikgr6>k1%2fcYkjfmV!QUzQm(+t9LDL=nB19?^wE8RflJ^UFUx
z9mt$vwf$8Dm%r5Ah_p_g^94E|Z#bRis2&Uw@i&V*CBhQGu92ozd&$Rb(t;9Pkdrij
ze3TyX;l2(EO}u7=&^=M@_j02fDEP5R0#@<&*lfArXr>CWQ=9tE9p+a`^ILB1<c-(3
zBVc8$2kW7WMG7gflUOnE;>_GCu8@r*<{zVN2;jy?zx4Gs^>J77;SeYwz4}$zwCih_
z6laPA4-M7H_djyTXcws@RFJVvpBo#aDkhe}qG`Y~?PSb-E;A#Yp)Q^q?v4v$=fGj#
z-eOm+7SIFWCSXTCfBBNphHE_Fc-Ocy=AlMgGU(n+<)2n-M=Zq?Elc-B>v@lIre-LD
zdD2caVwgxe`VvT-F{iiQM+G&6`HNJo&vv<{ohW$owHFg46+m+6o(>A-{@evn$DyYC
z!A+@7Xl-F}8;zm<_(X13nJJw1u(^_P4a7%*#|aLm!{0M3?|9|idt}W53DH1iqft>+
zRZcpoV;;nxHT-t8`;p^~KxPS*Y(0P7$&RDCFPkeYNtFd~G=e_aKEgv0488ScqBLCv
z`jj!%;_|`{Evp(E9X+T*HOj0XalC#A6Fq{wW4)<EB;wMAl;A7seKEu$|54y%=q{Z1
zN<z!GIOp%s(lNoUuV<=uJH^kHjfZqvr?$WL9|=U9bC|bDB~&hko+G-=eacD>Ivp*+
zeJVTmz-cL0L)<GEX-n+iMFv;@dyy4Q2FwO=Ui+It)WAvyE!!E$Xv0cb>95?I4~K@*
zBn9BW5<A;&OX;gMU<FNrDTw8gOZXMOMx^+K72SD`hR>pr$CyV4L=GmHH_`8&;R6{n
z`k4;+UTl#ws<P6#TlcL=B3o(DD1Fa3^Ykjkt#zS5f*o~jvVO8tCjz7ajhhf*X<BoQ
zl8HGV!#uQUlxF;`MP#M9rb0bEDMk$;_<YYqB8csW`OLMoF42O-r=tdpg!(sUX7F34
ze><F>4>50j3*a7j$}51JemFVNI$1v1%tyIovsuJ!5XSNO;lLA7M=Z3xfL2&Z$9!b;
z=};Yl5QubUw$dQz#^8AlqC$_7LAE}gzy14%k|Swkz_~+WiM#uSWhELCRa%Tpv1Deh
zeX_T#x-~RbX&GYsN`7T4I#26xeaKMjeF*`hz>4n>a<y2Ng1%al03KbkfHPh@()Pjn
zDB0j>sTJ?i%k_wGRwl`nm;_diC`j8=)htmRot*JAp8iKqK+BB4dHFkn+BYlPppJvA
z?d^QVUoeD^FHYC7l}aoVdK{ih*-X^jsyjWny-N+&W>^%##ji<dkVegHcbjeMPmyAe
z`=&wb_KUAM-YgWEIji1E0%B_97dmZ*KqX2t<<n!;EP4Oq-3yib-`3ZSoBK=oUn8SU
z`X1&#=FBZtsy&M}?=P#qgxjnRd7QhgoT&=RCOj<YUnb48O8I(nIC-vlpVRO`dh?5^
z&(d#{a-FhcMYrQ06C2s*=p_95XhKpmk{NC}`a6roT^fz}I)aB8i4#qEZe7sT*i#zo
ztc)L>eeM_0ozBh?4a{IH9-34YH59~jh~%yBT(%8s!tq7}oQoO^lkOH6YT>-v=mtQV
z`i%2{R~y6k-t{U4{stl+tXS~v8w7!jlQ-o$ltQtCcc>$n8n>%HW|cQHP8)p@#D#d@
z9|kO;n-br+rFV8deY&Y;gRq-x0akR(AP!95JZu*sUrA`Uo2w6<c!o)<$^l3@`${-C
z6l=vm59=p`*>uaYccSIypq7a*n!;~!O#v71CYw8>FX%{Pw729Mh(kq7D^c;Z&gmgr
z_{w-Suh6T4n;lXVr9crF`dC|viZ|@y(D#C&j2M)|KzdDT0(T&I(B%`_G&#K=BK$lY
zL8WtD*u|Q*>|FFR1@JNw-ELh16DHJWPk%gW`~_g8h@dyH%O_=!6AlLbX+ukHF>vMS
zQ3|qrw61heg3}*S;d7Wn=`HLP?3(GHE%tGc^E%q1ri$;|Ky;|qqZn13qzuL)4*&up
zl}YarclKyx)zk>a#EgHqJFR;GiTe1izIT)JLCkoMjP(?Hc}UI*7h7?Q;UAK5-PIEn
zd-AqxU6Ww-%VT%wC%9u_X!ZsGEEv|1y$LC(H}qU5%pyZ0^#%4#Rg0aT>Tr2)bh837
zYES$H*{K-M7?Nr&$uTC$5^^ivwlQCD!<m7kHnL6TW|+K1v8~v_t7>*a99(7i2d8I_
zoCh#qXZoa1R{_pw20TCRKT%DBpCRsV{7K=Iz3E@iQUaFfl5o=K@1Wa5d9=E%%AiQ_
z84?w>T74j?tSn1q+lgANj4Vo(B4|^6AN~at${Gj>YWg+lyC1^%MrR%PpTve_@W7=Z
zQUa}E(SeZq3*gL%#WJg>3hUrKo2cO@VAs<kD<`0buG=C^_sdWcwkaeFp#mHmv3st1
z?oII95I~X@S9YS5L!V5SsmGinRg|MphJ#XXg96}w%Lcz*dor&t#o9<Ee!g$a*OL`7
z;IQ@4C@9-|0b{bYT3FwnCrT4A=}U?Jf$wHPT9|C{BPTdwNnUF$?B(U<suA-780r}>
za<UMkSqo7MREZ`pt3=41>WW0Bo`=h{dT+mzEiUxvk?`#7dl94DM7x__J`l&zyCh$7
zV7UC~SMsV=S8-zf9oz|QNqDp4i%(*TVVMKA8;T;wj5yVe&!1f58NkRENr)DF*>N-$
z^y7Pby|*}o0M6$gDGDCFO2WP2xzAyc5b4`+V}|ro2=E|Z#1;5K$rh+2R-pI{u&|+^
zqT<5Wfw61^DW&nJ<jyNU{9$RPI4kQr^s6s43!kKS6*97fg~ULEDWS;r_J?D`!_21C
zRWh(f;oZR{b04~a{)m{1tte=H(_=n7lG>VF-jCM0zxpg*XR}W5CJ^Dt?!1Sj|NRyD
zY4yv25q5R|8dEp;vm2cW5+KcxxodM-h!8P2KP-P5cGt*>llRpa%0Lo5U5nXvC>E?`
z{FB}U8-?cE@}dv@Aoh<)Ps%RN8-tY!^zz)EE|0rPH-9#jc~8`S_MT=25l(b!^TLg2
zqk8i}zlx?_0<vg)MaX~R9yE}KeV>BPlDb9z&#EN=#mk4d<}V++%y$<gVRH6WMnk2h
zdUz+rhkQ$o8Uv1toR(DzxeI`Fe_w{2rtD+k8>U}tR#nIWlQgLD1v2`OM~Ts0gvv+B
z54=fBY`jI(K(QJqEQS?CA$K&-d;vV<rGiS463c!(zyr?|kk-Hit$*NW+agq3tvYDY
zsfJ)i3J+cakBAYWl149r2<PIohqu#m*F{T<1cO|F0K`=H%bh`g=_M7LaM|=M{e?$v
z&0B~^a50?0Hvq7BaeRp^e8Sha=A`<;FH8!biu#_+HyJHJSh=|cb@n;MqAa~Aq87<w
zqP^%~4{);7m9;!h#N0$|q3d~03!C9Ml-P*yrhO21;I;#CO73tsZ#OFL#L@PDYim<C
zfjRH}1{wGJ`tWZGTLKrhvz<u=y9$ziM~wh@-O;gc^sDGh`{mJ6`bERWxZwB-k2an4
zNXaKVPkEXa;P8pLxRlA6$FOK(MMbZQe^OCSSj@4D@B-}<gWXH#l!-vAFF|F>%Fy2S
z_6F!iS#eaheBqc)e;N`2GoX`K(V%j~irH4jm~WSDqii8C&c1hC;r!1?+~&1`2U$jI
zo00KqzsXZ=JFG>1Q1A=_(7<;Q+c)uxq^3X`0M6V#*%N`y-uGabp)ATS2^|p##h`!|
zK*UT#1=^T^HsC}}JSC^xJ$Xkdsl5;t5C+JF83IEl-vg5M?rNFC>|Y}XoVPJpV0~O!
zbh^fee7(YqFu;Ll7CtetdPiHHHSpqBtYZk?VfGdg_zeSwe~1v9u~n}r1#fa$^!Nc`
zJ@*VR_873U+hFr-`T%L45xk$pAZ(^D0zAAO>;H4-f4(t_0J){b#ij!kd!fG%;RJgK
zZY*ogH*EBz&$}IcujY`75)5Cqm)}~jdJ$ERlgcGT{jgas`d!Pvlm9PJwh#~4_%pp<
zxe1ka*A6R{AFRZB!&OXm;Ifv%gGtu==L!wDa6UKYUn(>Te+8~zB@fK?tDiEM9^<<H
z^Gg8k-<$lRzZ%Eq56HUyc?_6sLj?kZ9Q~H2$)~?RITrP!6rD#f6UhqzCMDYB(xgxt
zyd9(azpm~Udo@4?t=*8n!5f@B$m7CSpuc_F3sijRpONw<h5R<GezY)~h5J6h6IMQT
zw1VBjx3RXV(&9hn<)3eg9s?%KuA}j&7hl}9bq4riFa>yY@*g>zcO<v98JQ}f`k&1s
zMH~XGf4~_<4s`#9toeJ<Q`H;pR_YY=wq2eiaF-{^>CwHpmA_l>zpod$3DVOnBE-F}
zdwSH@(~d(0j2n~a+ttrc=<m=s>7TVVwcy<mx*3aZ^7}9`a=Ns~wEx&+&O)CJp6g5e
zofVJ_H!{02p|{-$>?Z#{iVO_@q5L+$EgTdsSr!BM3Mv(^Mq|npcKJ4j2AQ8<sCp15
zE)5l>zK<T;|9*o8L@(*9p-XuWUyyJ;c3X~M@a7hK_S|;0U|~-LHZwbn@p3r`B7XN4
zNQ?kjwB`~lYTKQg;@R`hy7_0MND{B+UYY`F%=P-`V1@D<I>cmBQJ5NoLLB-`#lnND
zh|4bm6_^*wlpB=lAa22TyNsH>osR8G|C#N-<O;A2w{Bh8NpBal3X{Kg_y+bzR0{9F
zY!9um3H2GT`3|D8%ZHD1C$7Q<VU)y-4DHh7H+;OFRXn}AFir#F+@aMCSO0ef{xBQg
zceyi%?3V3_t}psOb`2soTxD-3@V8I69cKSd&RslUqVH-<$4h<T0Gt10zF|)K>g7a@
z@TZWK{Jo(iWywfS=^ZXtnN_V1ALaiwIq<)?j=#sv%D=Q6zjD~im9K7>?_9>DzPF>t
zD6XE8@dhwoYH)lZq*bu21NY_l@#qO8LH<nM|GX94)z+Ezd+_QX2uDL0Y>9=bADQ?6
z**_fxNk})L&DZn1MBRX$y4Qz3Rs*YL30~d_;Sg=%p9IZ+=S=kW)l8Lc&+1)&BHG9R
z;%lV(tQCslR=_37rogTFlb~-vfZ1YXs+&f*uv=Wc48qp;dHTO*<oZIF`~gwot6Ml5
z&vjpaA__+jyG2FV{pzomxmHIbJGwu^APl<&g@^yUc$lfNxHL6W290A5|JSTr(q7rh
z`#wow*JH|f1cvL=)S=pV^T!rRTu!jsw!wJ)^m2>1{+&LU;e6_+aibV!`SD)C$Vqo^
z#NTrjL-q$)?gjwic8ZyLp9eul7E^jd1>@QY654&bevNB_1ig{vZ>!)zVz>Br;UUAO
zOe_lC{iQztm(~_|{-R3NtG}Mog;|C2GjDZ4u(ancZw<oPe(dka0<MI^-`)$O=W4RM
z<}%hEkLQHr>*6x1mXXo@{Dj`vC}q?i;I7f;O^!>bj#lNg3U`a)wS>+yv?PJV=~a6B
z|1uH<P`1ttk%f9Y5fl700W{dfhkcE(Mvw8&VACtzfMGD<mO^#)jbIfQC#wd#>rGpL
z19nG&60_S=m^YvGdv_GC@>(J~uMFZ3^FG(Y{={@T&iu&Mr<{4V<q7<}NteX9$G$(n
zngI3=I{IP{59MJzCLX=Z>hS1T5^XSc<HF<HQ(yO27x-wOM*=Vg;VgBH7AGHQe`5xE
z>3-aBH2gDuBvGPbr_jaYdg@?K*SDxgJXb5}{Dj;7AE$#7wz(<qH!`SyX$7a&iP@BW
z#?=@r6#>hY9pLS=zW*9*?t7PyKU)2Otd$tJP#z+C9H2)vnayM!(m<Acz&o3Yv7hfI
zl}DGf=t4(Ai6iXd<ei0fo7~$wDsw`k1v4H=Nf1Eq`fJcQ_OEZx%W2ykbU&@w5T%oG
z2fV&`sh5f-Qu|{S_7a4f)-rPEWu193O1Czw#&4n#v$JANR>h)MyKMM*d%BE1DqvAK
zNIA)C9Wl1lA}M(`PGr&*&s+Y2)sfwR4;z5iOkbma#3VgzrKO>wNkdG2L8U&R_=L>$
zS0R0mj%bfgsZ_GnP(fq&(`fQcO+pGkL60`Y8!n0Ox)BpZ{csp{N*E>EVsP_o6Wl2Z
z3`&Jvx71yapvx>f6Q9bdye~XGp_}iy8Zt;jMCF&i;}8*H!7zdvqpyCr(jKa_mz)kb
z8hiAr0PqJRAvpr?_HZNU>NN!q{npb{>Y1~|`=q0tvAS&@PSYnPKJ@D%rSf62uU=;r
z%HlRe`h<Mt5eU&^1^6(p7g(e(*aS=$&-NnT0_FuEK$y}wuv|H7siL@BS;$Hg@N(#I
z;34)kw&Aqd!FI^%xjZD<h;6Np`IfdsE#Abk4(Dr^Hszb_Ex2lEw<+j<(6i3_VwN-e
z19>IvUgS}#a`cl(rOMEII@ZxRj*AD+BOQ!VesYE`of)})PB2=fLcOh+@&Hqp*A}ly
zLH8-6g5r6cc~nNr0l6TmG7ah}j2n<VE;wBk7KR=-&p#S}{;i|K|CTBPznsmXTcyKi
zr9xv`t}cYr!$zW#Boa$%flO|0+kO=kz2~LgD<8M9kaFKw&$uz0;x#Ej`F(r+<g~TR
zLU*bwBmss7sEd=Wx*DC2sI!-TQ=M(g=&VVSmAj}Nqbm<RbUyXguh%U)<KW!gJ$v{`
z=`&u*^GPv+8lQDiAcVPc{AlOV4+kjP_wxZOBZTZJQ7E*$Wo`Yq-rT!pQx{%m!?5l-
zr)V`6wx}K?bmnll#op9=BuR8`QPoI*IUao-x~0d*%}t<F{?v9?`{sGjWSKJ;*{|}U
zC${*jbP~<dkF6<Gr44#|gAxa_7}L8)&ED5P99U4|tc&7Tu!&@JSj6&z`q#Iu3+oQP
zGaPJ9xwd_NzOcCG;#usWZgflnitF~|j}Ck(b685__A`jSLgXuf8#N*=6*uXP-iZSB
zn-7Yc!CS%FHS35Z?;O{eS@nu;z%<`^F)zudBB<?~n!Z;0)<{mHBn4#^=EGlCha9M8
zk8ryzZxGOYP34K0x$_7uSKsV?$oB=ko}gU|#dK$`Lsl1UO`Ic6*jXfTdEAxib>wf@
zS`n?X=@z3XJV~<4C8<4rufBk4OcPQm=)9bX_u>ttF*TLO&6CZ{rYUIOYTD>osJo$!
ztg+u%`M&$j))1CBwz8+kqPFLqCri-DT20%MBP|t4+tDhde7X%4`t75#wR!_%8Xi_g
zMwBX-)sQ%j$3#>bg?ex@5!q57DK`C((J`=4{V8fsrViaXt1|@f>FL!9&>p`l_nVqB
z;<G;^$<wR*VWSOoN!1TlsA$)Pv-wck|8Q1ccW!^~XqyL{?flUBUF`m8)p=ckVFwLP
zd1A`qHys}|{L-ZQ0H=$+vtjfaJcQ%Z$*8jO#f!N8?K)dj%SzwlvR3FFc??OPx(B{G
ztMRLObw2ER7`1FpZmIY&jJKX{pw&vsCL_jtqf|NA4F2ee=lw?upy%D-yMgvsALpw2
zQjJY3tqup0Io>2YI;{?Oopt-Q1joer_^RACOO5Ap-5jBI?Md<2eTP2tw;<H838NlQ
z@^p7$nrQY~bM|*hgojzc4<drdwz0^#IUoC1Na7_=J8%46_<Iw6Sia^i-qt<>qo=+c
zjI6yANO$l(@)yT?1I15chk;uuN|-bR*d;Nj?apm)_P7a{43wpB+q?q~f$CMpq?*_V
zB{Yx1;|Ld4+pD_U9i%;wHR5eLp)u^SJIXw8@AVj;>S@deg>ermHp-}kdu>hoGwM#W
zNx611`nA$*mO(@tjFFILXDiM0(=^8>B->YSOH++!>6=cdv=x#dM98fA+H%G>Dg|}6
zhOCvbP=B=FQF&kG{K0JEoPV|jRjbbF4PU`odN}}amOf(;o6YQz{Bg@ktk!JWtGqX{
zm{qgf{6d%-6h=D8)rd>PAJWJb4{|t?a$;ln3u`A?4)mJohkeCio9m;AxTn{|`Q+P9
zpuCJXHX5_FYCH45(QH;6L|rk0($Jy*yRTu{P_d0+`Q*^P?hZ<c_rl^a*H_T@lWQK2
z93SP!rmuP7jw!S-FQVLAkqW2Y_pAfZhIe+)vj+y@LH>Dlv1y-_JHX8AiI{&fuJuTT
z!r2qnAPtOJ7WE*yl9wbw6y%J3w#FVr=@{Tp4?e*p4b7gHBi22ih<VzvGXvBn=L(La
zC126me6%A<xs|8?rBhEjBapf2L`3*oh4<<GGad_~2eiuZA9(94scZhik&nn>oV)5E
z_e!y~&O}Iv0fmX45PlIojL0H}sh4C>Wb}Yl|JkI#L!dZ3-NBH8r=bsQ0to+mi`cs*
zIKh8?+_wJwNc!6uSy^FG(c8##fTQ!8NV^F#{}t%SCt3kWw{ReY5E4erWqj_j%DdW)
z>iz<iB+{>tQgm2?LYW3{iMr05F(~a_6r;@tyW{Utd>)LCV?TO99^vR$<-P3simagR
zHomwpL0~%}9T)obR1G&ZSoze&_C@v4(;vWLA4t3^)Qqpz3xw{x<>5s=IM|p#8ZCcr
zpNj%>&g9=z7|&)#CaB4@oQ3R`uxPTgyw<U0&adizcgkR9P?7rR2f?jK(Kk&|Qs`5A
zpQ3YSUk9qwy<Hnj=SBM__Y(P3mHst;N+<l@U?Hnq72L;D=$iHb^=as#)bi_-LhE;e
zqn)j!w$<O9vh;hu)6;*@Wg{q7p^^&*O?92)GDOLTii=iWZO;M->&a$r*+|aN(E6eC
zd07IY3K=+2hE0HUO`<~xQi@;U!Ua-F-o*h2SRz^pOZBrI@7SWz*MXHdGdfH@x@Ul4
zW?|^h|K$l<{7k10i=oSCiLvm<%r#Alpg9lBRD<)IG#lR%k7{Ub$+ctK8x;<dy#s>-
zZu1t*a=o}^H+$l&zCy}lg^ms-s5Bpt22F|9Rdj59)Xi)D1}H~_uoaOjJuhK;=?m-{
zC)g9pi#~=??}-BHK(|mG?PldH#OyF4yPH^KFX<1^{~v2#9Tim<^^FKhNJuInp>&IM
zm!u-yASK;hGlGmX0#ec;(%t1Kf^>IFOG`5_%zSt7(dT);^?v_-Yq?l=E#aPf&e?JH
zKEM6j-`c}gP~|)9@4YRc&r<8S-G9DNn*ey$m(CW!#IpbjG$@hdnOUGr$cSlI4Bh$#
zK=d2Bey;rGbE}`})GyO@ZvYFXf;I<wxuX0kJKGe62qz?u`==g%QCI7&zQ<N>a}*)T
zNE#&4Ts}S|%X--CMX7dNsE9u|CMN4vy`feZ?m0eiE@7IwK9_iLxv|{K@vpXeUJt8l
z&3$~b?xk6mYYx=xH=pc8P2ed9iba5xOxxC@C~4Qeh-;lxWu6|g(d^6;@o$xy@H5_-
z=RDa(7C0m06Fly&BZM>_xSro9)}VkS)yky=_<7wVLnCGTE(2@8v5tC-1=KwM=vtDo
z?q6!?ckR29?~Sj1rGlv+6a7y0OOjPM{ixmfmHUI!ED@VtOoCL%np`4_2AQzOF5_u*
zc7szw#9n0gi57LuYvW3F22+-!FNgqbX?6LNEwRMV2@VSW$JoT=14!I~bg`A1uBk(p
z7x(7{W^s<=h7kd_%H2Kg?TzReY&h-%9WV{XFAlz&fn{NB=cy2OzBmzX*V>)17~OnM
zSyp!bq=+bpbIq|-+tkC55+i4;SH>0kQ;*+ercu$-xllznH{g&C*ZSIwo_`g66!{6l
zE1zvW>>OGg3j1Xl^)uO81$=WLQw(VCwFJlNEaPQMi0-NL>Lb2NvfOq6cXuhcP|M54
ze}U07z5HgkbWyv_-1iy%_9(tCc3GjZYMsgHw{%t22~}+)+vR}Bxi7>wtLl93XBMUl
z`?M9Kn^x&+pl?4^Zt?Tn9TNrB)-1k<&j~s8)MRV{V2yGCiTRLX&C*-3-qgcK)K&J)
z;6-D9ev(@bvtA@dr!@)-#2Z{O`<Xp1AJ-6hedQ<c?GMN?c{`1z^H#UZ0f(s?)AafM
zWY@~IY^4O-oJJcPmLi|P48STQHxX)-9IxaPSQ(6iv-e*T6{d-~-BQ;e5DXAfW0SC?
zjGuKiR8M1r($q|pZy;8}j+ib>)(}QCrFoDLa$-6A*(U5VgU}$0=^h?4A&><{Yo>mg
zgz6mBq8TX0%GQsfSgyYp5TcRQ*gHL%54jidy*f9`1Kv!p@^Mk#Ju}OBwTn*hgG-y5
zhN1YnB1r#xW-p#cOpGx-+gtPV$Dh#}I^PzX9Nvowh7vPViKj&$Ro+R>v$+rM37TsK
z1EHc9#J@+FqkjJCN^z6M56*IsdS&tS7P~>!P?Z96_*3SKoDCeDO&gmE(7dfyO4A9Y
zG!Xg8QC%TCH!Nijn~u5`ACNC#{}e!^Xt8Npj^a1EKlnAZLNCt2N6KGjV*WfA@E5cw
z?ffT;1CK-1s9LVHOfg@BN4W60IA>_C2?hwsC~(Zd$nhT808s7OI|;_nqPO?~{dugE
ze6|=jZ;8@_RGQ)f$?lx(FA@NU&DVW>DmqoK0qR=~RlFe3)kWB2fG_igQwvXz;R9Ua
zer5mwsC)O<>P_b2HnDqBW->$!BTS7IDyq{V(m{q=c<zxv{2Ki+e;HjiaZ7Ob5u-pb
zZOxR&`WUu<Lvh`qWkLg*JSt`2dL6fWZ4l*m1V3n{A<`SjX|TN;UNVR6d(^CvWT{VN
z+Gx&G>9rUVXeezWd1D^l$f(oT^Eh`nMM|f}R?-xRRNBPK4;u_$*D|TF8`M#W4y{SW
zLQ0;;bt&CHp5W>YXECBMqCF#QJ|(+vp})q|*veQOMdE2c3p7lfB*!JCmp%xQ1sU)=
zyl7A6w?uX?e;fW5((jlZk6oVq(;imEApNl*vcCRV1l<))9{FpWr8F3NU+PhQ>&K#V
zCG3Q3k5tcfL0jUm`4&2*T&16w=&p?nGPM+Z{S$nXrFtAC_j=6_-?zW*IURdmax*IB
zNkWJga2U;$Is4(J>C%&)^K-eFQon`v;0~tiJOHs|u_SWWSimV-3F3l$JAXVnGtQ>f
zd9vfaGe)Wq`O}sbH_k#){r>8C_V&iq@IwFynR8e%#VD}3ns`MYjcJe#aAgf;Ygmbr
zcQ{bLJ$`fB^d{#|md06?pRYbLU8rhpIY>m&RgEc5MzmJ=ZQxHenx}46<j<6|jzv+c
zj;qpd0XLjsa)t)u?;}Jh&K8`p_rnf~Yp*hvts*`YyJY<Qt?nFq??vQ#w?p>Gk6U#_
zhL7WtfDYFgf?&j##qmlruJnn^BzDz7*d#B~W@1?!?pVr_Qt5sm-JFxkzblNU_c`aK
zO@hJT8I+k2+1{ZQ3^ZE`2|9MZpLg*nb~ijvc}JgM@|&ub+Cp^m5m@YG`#utQ_n2kr
z+5XdWgFMd+k241Yfp4G1&dp+?hCZ8Hl{|b-l}#S~^FtNWn~Ci~;xn$T+gDF*r?)`N
z+H<GyT^wHwy(aJ23RbJ)Mc?mGUQ@IC7grOF#pjN+OFvDjt-kX4>rD}V)qvMTOQ;@8
z>Gw59p53czu(}WMh(V&e-nAw6Te}c+AQGjv&)=^BfdZh~s^a7mhnLl=iwLv1(Oxqk
z|3Shv)&&~QKfE;Eh~5Pj*K^I(ePs@7Yqc>bL&)KAS+0>5wO5S{l=2eKTji0<DrxTG
zYk9~4e($1_?~#ZtC5`!CJ@!`x?h*VK<KPZAZ~-7?GW21z-I365e1m4$9V=&^T>uMz
z6ec)qWJ)h(H&erM46rSbGe$J^#gHk=M^P-r2@Yp)tHB9nP3aqLj3NnapJ%i%2?9r%
z-uxh9ikR0-G?G5JG)9wJc8{c)#kq5CYi+Xl?Q(uniU=bgNC(Jqq6<?<-r|ys+kKe(
zP}R}?IH(`9Ce32?rMqbcK&3D+#Z>HMaTWC^{1cgmj0=hZXSqK5%2%e#KENfqC5Or*
z0p(T4uplzioND+h)12=YmS+i^nF=o(tj?bMbS>q(nj-M^5p=zefRh+8*+$m|J_kil
zh5x1*TW^@FY4Txg%)<>^et^?NsZWhfvxK(YFCH0`j_9u9knj^5Q`HsEmHV=(!KnA3
zuCcsER{^^~Y}C23liDtdAGeNpnyTZ)cu}e>*fUO7PBs0BaYe%IBJJX6GC7sWlt{K{
zvZ*c#2(Kx9o(|_*qwko8`hu<LRz@G#`8;;U<VaHAkj(=Ji{3qd>51I|tBA`zd0Yt3
zI=cl&r9$k>N>$v1#HIFw6-nG*J+z$!9cs;m1o=b03QJkE3X<72_rkeY(j>g_$p$j*
z7&zG<+`R$tu<=HWbRA;3;C@ef+~vv`7R?eP=mKOk%w{#fqQl_U-F$fK#W8P0k-`rj
zATRb6VDY6;VrJLZ*FQLxy*#Nnmc4rPeRH9hV8KdSPNVFV6>h9hYm3Gw`};05IX4#s
zk(y;|=Xn>3R8+w$NhKe8Jf|t4zBBvSpt0LxQcg%Q9>j?u(gHi;f>ti<SWIq%^$9yk
zhsDAAflQ<*hstp~ta_D3;Y`)6Xam7;v@L}6U6-&_bC=0sz}dV#oHDLo%f}X;pTw>(
zB?aA8q!sLxZpl5n%>3-ueD)KM&gTruX5AS1oy#S!vXpA__{zq{=lTALd_c{eJveB{
z0J?VWwSm|UJIdccJc|er^E)Hm=$e?KEwkX+%?90+r4TO1U7rT4bsUN|RF!XB9JOCX
ztb08g$k|uMnLJ=1@x32ye8HkoSK<R#pIgQ}Dp>~uIMIiu^m=qV6Rk-Ni3JYF>Ud$*
zqNJi<RRM^eti&-6@kykFEp*~C1VG8Jx|wo7CAya%wUS6Jy||Dv_0iF<;fl(*sh@ks
zUR9(7je0ehg6|I2czX+vGS%eP$E069%MoUI<~@>OU2$!8UjRT39p*gOdrX(!EE2M~
z+I@gpOP}%XWx%Bbz3e`~tDt{4TN3&3PvVvP1{4Lc1C3_++hSd-u&PW{@c}uy#nN))
zh6$Rl<SLs>4xkt!aHT|cmJ%vdk<uTsh|!(X;IQb&z!l|PYVlX@=o$WKYj}w@uO)NZ
zb9~AIcJ!p<J(AeoIpX$yUzYynP^0NVSmh#>DSg)vD@?WEt<%!eAKyw0D!^x+#UYJV
zcOLpz0gg8Dx1&AL&%b;@V~B;@iOEwnrj)~NKv27zkS_pjbv23-0P5uDUc`;x#Q`$s
zA-VGS&B1-Hrl5h653IeyweRDy@9LZ9I^V)ntr0A^(*rRjf|MG5Zf6G|YM}HNPZ()z
zr(7*d*_9jTmjXEn4L-Nr^Lx((&la`tN+lEWJNE5jzjasxk?ajOsIkY>D%Pow^lWfq
zQK?DL)gN}2OICpG1G!#SokG^|xI``mtl?HGE(;U&_V*o9s*PF1m^0_2Wim|e-wdT%
zG<j^`x|A#>x$!F@WS_N{rdm@s>fRX-c~=;yRx_kShg?79jmx?cPiCo^t5xKU(-A>p
zYRRg6mFTt1zyK-A_ET@>r^?8aI_RrXS?iIK#-D*4E|G_z29G1gkg~79`BvtqERX({
z(?|*CSo`7xiGqK_UC8khrcaWI?h47u%a}NBYBi}4GG(#*@hfNT2j&&F9j<Oy?#S)%
z6`ctuJGgJvmHzprWp+JK{|sG#TbL%b&jXGB=5HF*+dqC77Rd@Z8(LToPz8=sm>Uk(
zLSQ9Cpf_^N4>{t8IOzjhmnm~44!QNE3OI%)(XvCp3B{V<_N_)+?8)^@=PgZZCtU9g
zeHK|nZe7ajFI)|-o+e^&5V-G|W!x;$ts?=Ny5SZdA6DB#0SDT8!qy3GJ~L5Gli&lN
zLBXq{NrEGDDeF@`l6xS^^?oOQ2VJf?3buFK^AmnoEI`%}Nv|`9;;8S?)%PVQ`>N*7
zX7W5c$+2s>;c)@1Spq?gO}u$Va#fZS^OkF4c&;r~3Rl7dIZp%jz0B1~F7N_a1;Aa4
zA2a+pOV-Y;?)nE71#~`VZsTi3Q`n{JT|Z9E(>9AETpw{Fr|`Qys$Tj$$rYq(Ov9XM
zNqaWH_RGtMESx0aYa(|nh_^#WiI6jUt+fl_tPz1FI4n8*y~Fx~MCHtowSCPTN=hoh
z&F4;At6@1g(u&<D`@Z!`NY>veRQR^Nv)y6D>++7U1u{mWPM`qv*Y^T}A7<K&cYItb
zG-?24;~Qcy$P_0CgH!U`zfNG&N$v%RJUpc*U#)tkl)RezTE9Co95oA2%>VeQcJfBi
z?S>B}0f3SLFf~Eyc{z}AGFQqf^UmkV0)t{+(TQt^;>5ogZosa#die#5QWx&2mdq+7
ztP1N#2)pcX8_L+pCuTb@(biyT-d~L5V8AzOamEKAwYMyLI>PD)ot7x8<ni-n`t0<y
zr53D!8|fX2-}FU%4|KBWhs^LWIodc|VMY%5t?oUyPb{Qfvv&#N_;Qf-K-B!o(v+8^
z10P02_--c!Xy6blQn~FET(-#??4{ToB$hM{?W<S4k|x7SkUGs=?#lVLrpy@FqN0&!
z>p`MYN7f9;+w1t7m#cIknIi$zVP-&^B=x}KR)wJN#X8lcWM)*_1xqh2G)YKsp&Otw
z^d`G_$M=dDueyVZ1U*>4_1MN*jsu`_W+w%O0>YsfwD91&s|cYRknoW_A6q3H{pDYK
zIjprZy=_IV@Tn%_gtESg68#%B-lca?p<?2u>kwqRZ&RbhxUJxyG`@vir9Czd@7P3M
zg5~D?#0cOgbvS`?%*8iAt{66Sq8tGsaUI5~CkdF@Do#9|WtF!}OT1V+@0R<z8ENyr
zRQ7n)xK*ghFz*MR>4%cc9;6#1XmPdmrOG8qe4C@eiq86(>}BmQ-dgoblW7pE6krsh
z!L6|7lb@Js=Ou4~El2a8KaSX9h<*Aj#iu`^x<m$KD+Fdm@UM#?K>z3~iZtekX6?Mf
zQtjF1_vs0^LWUpE;%X6T)O13acvsO`;$~-gO&vpTv6cung@6O2r-NSYNU!R|Ly7rx
z<aVhEAA)ZVe3Bud2Y4$lQSon$PzRB~!HNA+N9M?A>A)xHI>OKlP^I+#3DclRfNdkV
zqmv1(KUdM;<I7u1fxPBz4?At_V%HvF;M@J$WY+=$ONIu%C7H38b6ARqR+d6C7Y_34
z=Y1hz02u?yAzIa@m2a+PubnaV4{i(C+k?J7oxW9d3I)yUvq?3o<hFp-sPwc&y-rIS
zGL({7-jMA?gnq0uX02gRi5F#ge;o58ntM1Mo?{CCx4iL}0SaAFk9Vy8O#$Gz>siHK
zeh&#lzlk(O2U2HT9bqsam&<z&fXhRPVE|K*kXSaLd8f;Tl6l-b#EX&5`=2lS9JwtZ
zHC-YAUFA7Y(O?k|t5!;2{nf)(E^X;v>cF<M&`S9<(tCb_F4`O&r21u)AWL-K)OB9B
z^c6L;=2T6LVZjSiHB7Mz2CqJyY6o2V<zHVN3$5Qbn@xY3Jtq|LKsx%z*zSIo`NY$M
zV$-ymxlTvvlzZi2(s{AZbswIrC#_juS(wse6&vXXhfxmac<FE5U_0*VI0;(;>4XXN
z;hKA51lJTOMHG{;bExZSeGDC9Rna7g-A`50F-~-Jo41J+X~WQS1d>mZi2}@qUm==R
z$trF*MC);R_no+k)LWa#w09#j8w5#|yq;j^)!Q#%-9FvTE9%QOLCQnq(g9#=+eim)
z-+^nc?!j^!I_d8IbSo|pu+kIwz%{PDmbx_Q(q5FXOxXhgr<vD|qk}eEsfnj{MP1Js
zIZh<tUFL1OxncrIkAxo{+=sOKd44-BwbfbnOj&lVslLptKG^O)wOiV7mEV0dHVbZD
zF>yj5-oc+Wd<FU`u(PKLOco_6eT51Hm-gV)rb(C_>C~C@)-7BnEgY4T(As=J%H}q&
zmNDahd}(tKg~2ou#j97HBH>l196AR>>?40l`t#7q&Rse*!t(fslyOLY-tXGfVA29g
z%2c)P?KOxXCk;?x<QaUk6-?eHM3L_F9^zYj9%GCT=H74ab+y-Xoop&UyU>^@M&*l~
z>_qDPsen6}YC#J-M7|e%7U+ETjoiO!tx-OoJb<hpiQDDdSpS9$1W5OS_$G>_53IjW
z1Mnr$WZ=F}jxEX1=}fX_zlj|?S!Rq4-1QqgAi9i7<qy%XeHO8COh4BKb6dLg*+MGt
zV(P9K!H^Rz&XeeFhNe4p!C|crwr&I5wz6^5vvtc(pVEH|eib$RKg4)UsFdvBgipEF
zPLI(3GrL@Tw0%4dP9Z`RJBTh&*r+q?iY2C-EjfYD%gYP#0lTt13k-e^MhM}8E;gAe
zxsd<i1^FIE?99h>`<fW!2sAYyEdWl0S%450=m?cBG!G;jzvT-yWk-~2k_P>Xngnvk
zG88y?n=@K(0dCnBJU2$OYUO-i`%*$ezgmlhNv}hyor&i8_14wa1={#g5<mT0;>%8k
zhF*C8T#|3U3Z6surSOa=*sni9-AavAer=Q8ZENQ%)?QxrZ6XbDWg(?BFm5l`uk8E8
zJ)F^@kP;CGaD&#d6NTO6M^tcEHt61A*bXUs`>EeR8n^@M>)vbzAGE=oPa|i<vV;Od
z1ZvnzluQF#4>SPGt#hZ!v)Wp2u^*M45IM=JWQAq=UdiRYaO>{4Ad!{9Dk`1R+G7)^
zOT~EUz21noA*rbfZDS=R><z(4-p9|gFcbVDV%KH)`D<zxpYo*S){Jq%Vku#k%4GWE
zr6&k;t(bHy)hH9y8WUUzk$G348I3Cd6w-54E&vrn06L3cSGhBGng5S4GunPY4nan$
zRZW)oGmJ6P-g0KHDx)c>ZP%3=yj;vM;xy6$+?geEH_F6{v<Hr2vWDreBYn3g{gBzG
z+d|-~tJCx5!z+z)sfP+>2C7+eRoEt<C3^!&C<LU2)iOGw^CHOG3g6$SUw98bHU{_9
zSzjUOTwXEMP$?!7D`qKbXINt4vazyfjegFBWr`uHsQggme{Pn(jSy*B*<eDC;nRWL
z*_UT!)HRzYS&&So@0l6VzeT(XxwilX%E`+!aYI7L-%MEZ)VkY@_O1cJG$g?9?8liR
zwy9j~+=tPrxmxq)eiwzd`NQ)}X<y%zge0`Qj$cufzdF9f`*A&(A!3}6jWrKwp@~h(
zuv8|;O&S1ZJ>Ok!HRodd?{VuA1;x4KgX!R1-$fz#=o|T9&%cl_w@V<nKUh->AM=%;
z3P9Nz)tQ24-`yVt=m9I&#l?Wan<1cSkLe7OqG{C+wwBb9L&{(cq%2xaCT8g!aGC-x
z2f^a)0^2GP{%gY=3&}kDQb5r$gfg~%!Iv0dku>K_5=fS$B}83zazxTAcVsoMv(npb
zeKwNLV(ty&G$QNK;pS+tG7=@Y&n*2YX*Zs!%q*xPQI;SHC|~p15>`*tBa}c<E)`$n
zSDIZNMrGC*&u@uC=0&`|3{cM+cE9?aN~NY`SHaM2brouI7uz9{(;-`@CSA2Rol1b{
z8LW9pDif^6O&jS9)b;d~3!3Pwd=!7XL{Fwi7%R1HR@%3}hq`gJTItj>&0%vmu>u+`
zo+fc>km)Z>;*gI%<I2=a^jJT(F`SyawK~wRHsp$+O4!)r;W+7q*!Y<nZC`bc*ZJAP
zeRF`wp>amlZ&P#}?6=0Y;$Q?lgtLuK&w9o$J^<$eJ*9XwzRxb_i<Ws93|=Yk!zM+L
z+2U*vOC^_FcRR(lIN%-^t@X){(k}?m>C00{1c?&a!OVqAf)j&5*!$gjFQoI@Wk?3V
z*mhY#xN6kbf(Fi>eMz(-cKi#CS^o)DtEELmQoA*k&%>XMi1^*%!z&qWI)nK|GNsj4
z!E*LN*V)uI+1@7WOm9^ga>o($^wK98k)v&c#4D<*G(g~8=qR?Ldb*e(&b)5|SmDV*
z$lCrK&<XO}M1LwBaG&F*^YhHG_i``f(1md+TLijoNf*uj7BK7T;=UgujNOyIUZ3_Y
zVgI|8wcx2FM40OgoPWA=oAIS4I*j8vduUrbP`TcwV-jG=7i{dklsQytAaJ)_MJA`?
z#!VG%2gc`VSSYmon!|VzDGEjpw2Q?q9x56**`Czu^a;T}7r9{~@p`0<Nl*~OcD#_Q
z>cMYn5|UXG6W+oMZ|{Ip_giT~d7$^=7#x}71x7kl5&?&TX(Db)$|sog1SrtW@Ne77
zxn4H!EA6flsT%_Wknjg}Eo?C0>H%gc<SQP<suEfJn$t-n*>FLLT&2u;teJcN9|_xy
z=ghWN^JL`Qx-I>ymb+3fLi;Cv$=my+93`Ck+=G@8KI@SbC}S#2DN%+)+^zJ|*0$(d
zVy0LCPFLQi`k+KaFGQ<#m#KJqZK#Mv??o7^7LHP4B!<3se4w%R!=#1PnOWnZ5s;sy
zP1vM5bTwc8UQS-=<9GSr%b8}%A(=ZN6RN5wCfnyp8zxR5KX??q%2<!;c0*-f{s|)Q
z48EO?d?BIq^eIkpZOt>Xa&1nN@C;n(c4hQ2t}0!X#cyS|Ot6T>ToAQ=NZ>HrdPXD6
z<U5dQ4{f~+DLyh`G0QuRQQjLG;y&^Rot33qH#)IVAL<YJUa?TF?wzT=cyagVLUH}H
z2fJ9V$lJ+xhp@*!+l6|?bp_u6X-i@2O=?tlq!^@#14N9b-<tT$W@o{3Yx27XW9OqY
z0zjX}LdQ~+)XiTe0STWqH&Y$M+R=d5!GVv+M8OEE26L&*2H_^;6fq!Wmd-$!+NV5w
zdT8)zCE#BZ2Sr7c;M$(cQqzbq0EKax8)^5;4;?TH)}x;|fHDfrv|^wILL0zs#aOr7
zG5Qsom=Wg)dF;6nLnqTWK`8gVMFJ>i2?R*v%bk;AGeCsKzMBj#9~Iv-{yLq_?Kll1
z?p&I6g1#|2=Z?Hd%*>484@2vDAmhuH@jy_mA!-7j<0iFo(WI^{jYM3uqcCUaZo$uy
z7j&PirWT-nBKivbwS71VMVg)UL%G4q(QjB7CndGR?ht+jZrK(2ugf8)^B$l;jVC)C
zaj}rn4qPJ>g*+7?zigLT+*yl5oR>$`>uWaDp`LWRIl|h&u{Dh&@_R@2%Zgk@?gpRH
zTM9rwYkG82r9^cAzlT<O(tG+;HXe=WNKMf7oUlZ%R@z?VGS|!0_!KFuzm&mmnWN>=
z<H^FIt;?V(i*ft53{w7fO7Kbk^RIDoN2KysUZY8E?EpYAkgT31hVs<eJ^R^FNH6nL
zY6zM4M?XcUk<qFO*3NgYbUq3`SHPghq+8g@tgfm(2ER_4QFZG*Tw{}TZM`7WXsWSp
z;thP0cq(GPJmA7{q72I4onz8G%M7?2qF%k_m9qMz^p6;i;tMPOC`14l<Tco2n#3S!
zix}eIr`a*cy;dPxvdQ&y<f^l~!o_!L{Q5-eg?K1(`0|~xbe}AAC4WUU6r+^Gpq4B|
zz^UCQvyCXR&wO7af_r%3yjCY9a<W%7G1mi8UJnAqdm2=_p;`ynWF06to{KCmXEG%w
z=4Do;Vo>8WZ@!3sw&dy8_nBpY+ZUd{La@;2+?es&c@$p3wBvr#LE;Bb*sZSRFcJco
zb#WP^d42BDD|?9fo(2xJkc+geJ)Nx*+dIsKXHb9>9b7yzGwu)7s&ci!h0Ig5_<hwr
zeY=@1*TP|1sP(o5OQ$n)2im-d1Z-{6Af#BU{6@b)9g&!)1zx3je%bkmTFE({fKMCE
za>mPdsg^BUh&O`|>VEKI-IqSVJPo0NrB2Pi+smzYoPI=5D85-Q*f_^H{EL-jzBdbS
z=OGgRCN+^Lb}_`X@P4h5B@a&tD~Xa)**<mi$-?%VvbZ&j>4KY*<e~$Hv{<Y4%&}Rd
zPa?wZ-@pHB&TVjpn!p5n!lzlLj=A_*1YjyU`6vW*y+z#0J0h#-ibMh>P;?v|cmO=?
zHBe^vVH7B?!IDKkyd2M*d2pW;kCeD5oN;%)R;$5GyN>J8BTe0>9~*#j;1|x$id38$
zWuoy>rL^slm)x19FZlWKd*UOA393)`JqH<zOApcc0PN}~-fI{%w0gT906M-9;Zb~K
z0QKbiNTcGGDCc1ape#&<J?BUnJ-24?da~HYQqQG3;}us*Z2@v?QlqHay9af_*aKuw
zw<nyiJk+RU0}X3p(bTRl7;_+L^0&nU&1z`701&4eGL3~m2o9Kau1nPf6$*(7CA56Q
z<SK@pn(>Cmmc3H>oCM)AHrAL<D;MxeU9)12y>^&VvI1_wyh~ur9AbDb;A>0ci&|Tc
z0=-!a8%Dl0H2aw!S3)ho*+K|Z10W;-yfP0@9vyKx8_~;)$JU$B`dJfJ;ad-O7BpVE
zFzQZ>fK(4B)WK)Q0kn@F<5X3bXEl!%YWJ&!)6_Xm-?=>7t5eEllHNZ*u>cYuqoZCu
z#s4HJ4?EB<0u;1!IAqM!A3w35la-ylK-8<0TbcC2j`+Z0R~`)I)qiy6@&!}lgE6Nm
zg`F~kY8*(|0ig+tlt0a2vaq5h=JWN+v(0GkO8N4T;0_7DGYKM3kDp_5nsRQw%G*x9
zux@ed>%_<YdD8BrFGAD<`3dG%E`F8eEsGJIU}r5=hBbsMtZz*8KH#uDzj|9$FQoa5
zOL;wHgn%`Ics7BkNYc(<Ei;J2G<D&?2_UiY&??l&gLIsYe)1l++S~b{4RvUjB0#t#
z(P-@!9^}_j?uvMlmAzGrc?Lx)C=}lrx0?uh)o&2aEWa#b`CzTC`T%fobd!1kFvAAh
zT8g1%@%P*=c)mHpu7XC>9!IA)(`kaM)_SBI9XVA#2tMy<c-lW>ZN#V9K&kp{+G*gS
zKs*#$?=XMo^0Z(Bs_vfbvW&rQ(xmW;7fgmn5b~Kog8tNNNq?w}ddsRC2(sAzcj%uw
zHnH-VxoJ+4kK2LDm-1`U9yFX3?%4L=@|MG@dACc1-@Z)i#YqRj^ydJY$N9?7%OZll
zZ_v`weWhX&c+AUdI-DcN?KnsCI9%d`B!CTG1Mq=aT_dWckKS9aO)b4~W?|Dvc+%vq
z$83@v7dqQa42ke^jM!bi%aH9_n__nPVg}R@9#PdJNzhn4Ui7969v=R<&_4GTiiWM_
znuaa93@L4`hq|<RF{P;~3TKSq+SAn?MZv!3#MaBWW7)}K*3fb4$ZmhEMHd!FmJ2yA
z!G&g?+?L19RRfMQZj-mOfg7|mC!>(U_l(I$-FU4hy{<p2DfM@=g%#7DIvQ{p^{4|k
zdZj2YlZjK$0Jre~8)OMHH#BkQiH6jbsD!uK!?Rtc3S2Y_LUYiFnqo;q%{!x~6gJbD
zO|Xd#>S5s1ft%vtIe05hSdRkH6tM`=9~~#gynccyn}XT?7SsNvoEjk;bu2w7^GRg{
zGb;^s*pp4>9CeJ?1sPS^_}~~q+8U<?z4eynIionX?uFfIc-QXp*$>D*V@BS=&rSwK
z>RQ!VEi$^oi}Z7dgHQYhyry<({_rYSAqFPuGnH>niMGb?<jmmd%GGIuQ%#K&5(7BI
z3A8~1vM`uRt?Rg<#AmvWiFfbo7ubVsF3)x=weaeLg+@U-+k=$bJ4Dg5P}{Y~Jd4%-
z>-_?ZJ}a4Wyr=k9TTbQdR&D8xNNR@}#T$f+PA6Q&KhG;4lGXEj#cpEv%9ll(cug$c
z2a#2zH8|H^l|_Sfj_RSsZ=Au#YIXi=hk5RYvQ=T|Na~Knu_<~InhbzKZWIjZU&QF`
zCf0#M4R^sh8xlp+U)$E$adBWTlPch?z1p94^nx^C_5thi$<~Og%JoST*FLX4D3U)k
ziTE@kiKLG}2j-$z)`v7|g%+=vR65ro`(Vu%mmwRhcuqDSiyldcU8S#V9a$Mq!$IKj
z5-oY%NIRB@spH98Gu0ybR_`VpW;HZx>TbPKPPQIc{BYo;n%tG3E-fWKSX}G%e0wL>
z1msV1blNP8NGq)O1qtn6cz{O&1N@$K{MuIqiNiYR#HVuT4YZ#~7*d0`5U_M)ag?W5
z8Sci}zN)d4k8UU;StI4#z-DtWqP=%rr~ja9@u9s|{OD8_j!%+zAeVGYS7*ox9P+IX
ziKsgfcp2i?5n<Fu3lRhL2N%@T5hfj)7W?ZQ^#&dMX-z08nS?Rsub7l@^fHe<IP5DP
z(9Dk3jsy?AiT;Idj_lhXc5UqdCnAo{K>76UBG67-UCdOGftUCF18|F7v^&s|Bmcte
zVY%yC&j??QPY@m@|4>)#!@f7p_~^z`U(#`3?Abe~Pu()R`7ox;s8va^6JO)I&w}o0
zE@9>U?>Vxboyi__?}^T?w$aB1%dtAz1>#)NxP&&DEkEWfO5sG@Wy3nlW;b44IggcT
zQ%cH9e){y@>TL`geR))6+wA^NmyIZz1+?Wir9~AT?Qp8H^})ebS7kd++v?i8X6X{r
zy77$~y75a8@B#^d54jCMz=FcbaI^Glw_h;u5G=14>Qh{`Sc}gS=13gLI7Gg(vKp00
z73eNNixqgnt`gpHewq4iw{7N&Hk;i|s=ckN#ycL#1~5T3b~7%cDrWfrE&Y?tt?w<i
z5=otHu-(}@wZjARLobc~8IQuJ{V9jqeO7@L3Lcvy3?6o=nQOr(N_B}{S6}zCHyHZ5
zs}&|%t_%eu=0PbUB09JD*_LIqcmbyH6SKllD70gKD<Uaacg$I;Z}?0f8+&SbJ#6)n
zhVK!7bzWZwE_t%?OK$Q!OG_g{?I#;*o~M=?#$K82VNoZy1Oz6g(~q-dZs!f@&4<WI
zOteYyfzn7BQw-XBo16ouSb-E~{zta$!@GBv8Q2{%+9{oIHy9KqCyK=P5bmF@$|j)G
z4jdidvrpr2&X7{3n+V_@;}8}RTB0x>%$!`xePF7bY&P)a!$s<b*U8)mV2NDFM)wzL
zHNrcuI(R$CYygVWN5vk-p*7QH90sQ@8%tZ~9#&WBOB<}XI<xy*=U#l^bYGsanrR23
zn^4h;waorym=FgPJe`w7#Nmpr8WEhf32j>ke$(aTvUeQe<$*9?K==tS$glMz2@v#n
z^fg>uF3w?cgOR&LT;?A`7pwD>LKMF8zca~DcA-KdnrSD9{--uCra^eGHU{>c$XGo<
zH4*3YrTw?3rS(B3M7&O_#z2=rMBjew;yxEBEZpSN@*AZ16sK{K5a(P+l{d$uCz`q`
z(2nCay!=WA6?YG~2odA0+qWZ<{DgZKF-5_KpWQ2y4L&(*iMp;P(de|LuMB>8S}FGp
zU)sM5ym7cVI9u<S0M5j~VguPb=w2aKg<y{l&I(R|WpO*blyRtOb~BoSJMlPL86yxo
zQ=2z%xPTtVLYWzyQ0QQ$Dmj_PmF40@p@C|KTM*uMaK+qKN0G2c2YgN20nr9VQV9c`
z;vE;5;0?EcG37w`Su#g)=6KQM$HdYny;-h^Y9HRbk7+UHpA+Git%)VGmIq#bZSShx
zu$YYcxo|rP2>*2OG$ML&#9*X7@Fu~`l%B@zRewyT^BOzPkK0)1{DEyG43G6ph#51)
z{1P*KJ~huv@!E_Ckleqo*x9k}0+8zNep(5A8bzT7kaiRTLE<5S7Cxn*Gp)no=O|T|
z*RLlDoj1_qMJW5F+iYvMu#5HO9LRd5(d)v!<=E#^Xn_4wuW{xrBCG6Q856=KdLP`u
zY^=$*bwes;;s}-NIu-Fn^p~oa5T<gmurN_G4Bp+aMNnZj5yqI9(k~WmmiC7UpzTnz
zzXERADoNON^VKMGCzjSH>kMf>bT+$!k6gWZgGyH`?KH%_bDfGSGB$oXdzc&7W*V8A
z5a&EwFs$`}w;piOQOuaK^^kmr-t@_h6BvheDL>G7<<gc4f0i<Di(}Rs+fwPLH&#lE
zZxtM7l)1xLO1WMOS}!Xt6?pEm@=lI#UH*uywBRX+gBy#0&gXSln$QM0`&6wV_7b9Z
z!qm=OFN($r66T-T#FMiKVe^%jH=Yj_VSQLHXf-ov*`y98qpr$oTX4(YvLB?62;We(
z+IBL2%eFDFu;}kLJ8`8Kf7Bap>E3fQ2i+^u#A|#}4^)@D#@9!^>tzXd6Eo@_gz`?0
z3q@GiQ^V5>`Om~SRNOxykH0LE)wjHDT)FH`_^nLOw_&$&JwPOs6zts9UJZwrCJ8=v
zN3$KuPg2I6NMBubbEXmOELu^smm4j0Vm1gPz19$W_mDW@yjPt*^CwsRmLCkhxUDnr
za6Xg>5y_D7kg)m;?c2yNqB1UD-nSHw#>qCTxfv0b_C4WXUm>~6GPRlh74C6_*e}<c
ziy;J7=Pu%2(Gr|oQ2B2L6dG6Ow>+y4&KA{8`{xod!CsNT+a$)GHj7L`N}&>mhi6O%
zwhp6pt@E&upeBu-#tH`i?OH?7^K%gyJyNaBeu>5h&@z3~1L;(smd3p2N6sDtT*Oti
zE+CeHi6vW*fhGN&e_HWMX8po0fT=G{etc<1NJ%Us&@O>R4DdYb9yU;7kq`y8kukVd
z2Ruveasaw|QC+dlHR;j-Tsj|b+`QEzm+8<})t@DG^O<5!PR_@Kc2s!RHrCBn-lCKa
z^q5G(g~%m_5i=Dr`v<+&xfb_kN~(MJ9+gtv!mW=$AW|d`igf#W`$Sclg85{{>pd`V
z)XXh9m`$k*9>Eq#_z&C0^CI-j?rz>m7u#*DZ*~}$e`iYg(WVtu#P0-cwc=%FR%jsJ
zV#OSQe?kOhuFojj^3ILJ`EfnyDok@3+sQW0&o?{u+NAp+q6yz8YNuvW8w<jr${Noz
zK1NYaOwVa91&x0%fIZXg>XOc?&L14YHf{Yr(^}x8@3FUYr3E_CQ`GHsm@jLsdHMB3
z!gsZzW}<6i%$|C9SZg!7Zr387LuaDyFgc{~w7SCngo};kx%~?*!o-=W1a2C391HTM
zu-o=d;cgTQhJ~!Mr!EHvn!=Cb--K>ATMP&J>j|zziIIKy^@_YcU@=3i=Ab<7NYCdc
z0i2th@$l)~2i`<_DT8|dor8Sl7rNx#+m&8}jzSNFS{rF!PDbyJ=x2Ed+54yw<KF6J
zHrQ(^Icjk22aodEj%eyehgWzfHuOO!%5wq4ya9=mIEZMyuO@T_mvbW{dS>xK-C^;a
zo#=F<n~B(5<_A@`4Djaxw5UJ6roJj@z5c3*vuq6Nt`O?&NujT6t+iGq$f%~PHuw32
zriqz7X5CZJ06EvwZ`V?Nwz2>27M@e=;AbK}=ULSZL8%?akr~KK<L&nb!d_9o6|%8*
z)VQU2X20irqp2}26Z#OghDKIcSosaiRkbaPxLQ0NXtp?-L{z?=qHbb(2S3d;K5uSo
zr(QG}IE5A;(HwcEHm|QblWCR0JQ953s5Z*r2m!9hQu9iWmt;-JH1^rvM~kWKhViML
z#co!xMmxm*&ec30;=>!>tNioE?aNui<Ocul!3TFoi-n6-y+px9CBS+0z*nc_+>e8i
zU%Mr(_^SVl<v}k7`^RS_NSGy?I8{F~jT-5NrFIXO#;1(ie2c_~W}C)qVO|aXjF{z3
zy*(n;(|*x5z1?9FwwCX>Q+ANw)4R`v+-u2mAzr>HeuL?v*oKBa2rc2LEqVgqj6O(O
z+$X3V-W%{RwL&6R$qy;`8WUJG3uujd*c?*c7`FP#m8^VHWDAR4r?xk$jP_>X;;$3O
z3_qdr__g>2{&?UM-u9YrFit(-EmfZ_QPY2xk~yG0-&eL|R}f`GytPy%+~H|k0JPh0
zjh^bSb~|5d_e9Q*ef)?pGrC9ufMq&}#<juRl-PT1e6rolnXmHPFNhIzlJ`x*SWHXD
zgal|h$T%{Ty&v9x>`q)qSn0!OKjmEHG3wj1+P$bQEgcj|!?$%aJR;(KgcOZGcR0Vp
zh#^r?-_Am#a#Go0+>x^}7445_7;}wiYu%nl%Vf}OQwKVpdOtGaJ(=lr90T1|OcpAN
z8(1S>0<m9GS+9J#uxd@d7;CWMy}uKw#iMg%FqvOb{wBBss-CCR8&!1dwsFW1=_Wrv
z?*jI8`mTK^p41o-P$AzSc;z>0vR7bMW?4bH_;_haI^H|X^|IB#P<OKVs0@F^Bb8N9
zOZU}FT&u>$0PW3EiRp{+JZ19D975$~Zn7H-A8~Qn9#W>$%_SY&JO1=7;o>q3W};Zh
z)3-<m@2kFa1l@{!LbJNx61R*=Ll$E7>Xo<AY-=l`Ox&(468yQI4fY`*l<<2s^Y=s#
zCY{-JJebkahVA9t!If6>iC68_Ue_R(P$H|55?RMK7-l5j#U<f2h&=KGdvUv2-7oV8
zyDc6loAte(Z{kc&f+n>aI-nef)%KS&P6m)uwcrzjme5o><G7XmCHRA~Xe4|=)oIh{
zK6uYM;^I;ZflmsSFoA+N20NO};cF+CGP~95r)M@9Y)*+o2~Y_b<TK&Y!E2MJ8$t@8
z^*we%b~Sq4P?<NI;ohDD5pYq0fkC=URnd^74&le(+iPded|=Ri$noz^*uc+>hgs{&
z8O?9RmEWRza0f&K_XXw{8GcI)I7AcDpWwfYvO|d)O+PcMta?(5`zI%I7(8umfBPf?
zf3_a_z6kp+GmU&SRkm@fal!_C1)wwh1hBtK8#6I6jc$!YM*zOt!dLw%BwQs^K&5a{
zIPSJR{MKrP>HaX#VdR;Q3p)CO<QHPx7Yjp<xs#|i?ilw_0gltY-)p0dLup~I*Mq4d
zB7<bNw0z3eb=H22wqi_;7#2@BtUkp|0vNei^y|E1{hXHHj_AsMV$b<?&jR-y<-`>W
z#_6;pGqv2`Zs5Q}Ln_)ja_^z-9*$?PM5;|^9mgIU6+<8zRx(yWlxGQUYRnIeKl+4*
z!H!h`i<8T`!AXm10gd*J>e(1&pyK<_d9-v*l%n1-o%}M>T7(7+7HphizAZ6qK@(;&
zjQ}Ou<M}ipx1S+2pOZFD+k{*%j_+&gH{6)2ccQ5@cm+BdoA~Oa28OMX9|Of+y0WTi
z=X?NRY&U)1MGz!96Lb;g!CfXLd4^GemUqc{sDMeQFj|3vj?Fr4FD=(^@9%k+M+&=L
zJh`fTRa<J|`OUE3ss5#G0|d<=>!l8)HaL~B?op+E7$P`~E<3wTYd@fEeg`zuY(;K~
z!{#L@`JcY&$BJl2;Iq@-R)CtDJt`@IE9~lc#op#%s?|%<1`rGtNrxJ9qkAhi{#_G$
zV&I%STltx?r%hJk!0EJPvnm!;>4Jy1_U^?qRH?JSmvyeCFXOMhW|>0I-KH9V7+k;B
zHbK5<24KJ48p_Tk#M{e`eJH=``wrmZRYM|fS~LN)-NW%L8mo;y=K#@{_10M7r>alS
z)1PLWy-%9w2IxL1d=I<xnd#}<NWdpsq)IBH3MT#sjpr&)AjR(iA}t)Rexm}PBeD_F
z*Ek!4qtZ1Mu4_su{JV>nA39g4Fpi%~UV+B_#MC6th=7LVD>m0h3cpO&_;m-2sg5Mx
zvSFN@boP|K^4`Lr0`k2Z=zmoMr5*HNw6~`(9?^6wDjxUtSY|Yl_F&%lM*QNkM3<Z&
z{sIl{ZxA5@<P*A|*9_j0Nydr@6BlV1=Ds2djj)rvx;WvA!HIrwMF)fgwUT=s0sx<8
znEPT{V&YSPo$66tV)Cq7wlwC_g-}LMJa%qhAFg_PgVo^PTov5|4EJYfxG$Ra9=y}S
z4|;-Eipt+zJ@EVTg8RDHI@*7JN`A(YmD9;iskQAD_3QApa~(PGUz0Z@L<?*oenGjb
zOFkgN`w`>DKOYPjMn03r+Qnhl@@;MYV0Rol5a?E`wh{8+Q^8N`cVj=NhI5ZcTQKPG
z;k^&na$f*{*a^txTJpQ{@6s`!PD-x7<@1GquF-#&?B8dAfNI9Nv#CN%8teAoVTDn{
zQrsqEJmj&OxC6u186dg|`m3f5(!gxXhK?3mfa6~PD&6k{Jrn<0AoQPk{%6jD^4CH-
zB?Rii{IhRAE>RnCW?(xlt*a8;A=`U5knNv2JKwy)F4=e^hnx%*UD;emSAI*m5v*_i
z^UlBD^7^$h#@JJl35Zc!Xy4yiiK|HVC;2yo@u%L32qR>ip}L3lXH9jmUf$>-^<79M
z4|-C%kK*asJzHS9$M<*gf8x#GpR@7X?1*#{H2&2~|IF7ZTriL_hrvBc;)gc@Ks%?z
zQqOc8LD}D5Nuzy@$;^}mlO)3$sd@ecxG=0=y#2uP$$#|p@9zQ+hjQ0TBxo`fbMKEP
zf00Bjk>s<)XAm|kT@<~%yr0yyX~21nMwW$xR)z0`S|OI}725taESvD(SN{9_CHMCV
ziG|;X{9QwD9$<?Pml*}MJQ`fzat{{<zESyS`F?}~ucsP5m=^@T{WFRHtbWle)4Aqv
zl=2_@1dIaM8<gDE_216^yZ*F*yL$TY25RjA`m)^C-~WLr3CIm5nqEjfpyS&lC=!HA
zk8|rBrGNhp?T>%}4?on<ZF8x&+a7d8w*8(sFq$W43FRLyfR<!nAADSh(~5-I8Kskd
zj(w40{3ArNz);aY&mF0Nbll>#ZQgHI71Y1=pZEV~tUBy#=Q6wg2Bkp%`~%ErZfs~&
zST^PIVwxVW#pspU3dI695eA<W{}vjzx=C*7Kl73YtQSXv$ntYvS~OrsaDVT}lAbK}
zzq|0?Ma!baE(p*r!6kp>F^Btizf)1pOkjMP+T(h|-8%)P@BgzhFQtI#kO|&#Lv8r@
z_3J6u1LbA@F3bNI=Lh4B+Tmyq(>vJzP6psO>rb-pyl`YT6p~5)*_=zsar1hj%umpD
zU$Z_rhWMIejXZ&0zngqZCN%Z0sQjyIfC5U=5ngXMC&qaL!ykPI;z?k!$_q*;*|1T2
z-sB>f&HT^ULnwVqes}}WwnbEB#IC^l=sWHI_2mHF*R?5%mA^5A|7W9qgaVr^q_h&@
zLPkd1D<Oq)Wlra2GP|{k*WPT$MN06W?`V()_Q50X&gzLcI?6J=`fZuS8Vh*-eChu*
zAq`I@cdN~erud?}@cxe1j8Z!<1M6l>vbOe^3BY=M5B@6^fpEev=$asF*mHf9a{N|o
zuMF#&{~SvGyBCK~e=D|AOAOB6jrK;3V9ila$Qb_pn_15AQ?wb}e};d6vKs`FCqeYU
znL@Z51#<y$d26c4{kxNY<r8>tX8XO<^=5LWf0amF7G?Yj6agT(y~>?=Lgad13f-to
zax#;>0><BI{{K>P0K+JLZ2{?2;_v<Xo4Nl&3W${}B;#xy0_gfRzt?5!8TQlu|6OFi
z2>sUefdd)Nzf)ag0?f$gMfF~?wuB?tQCz6n?bmD0Ur7IKcL-po=DrQjDg^>V@LZdd
z*4;+Afd9u3TIjZ!q}y#}ak8MlLzpn2hL{oe+YMr~0svo8c)|aO=Ic?E8+{^NK7a-2
zT)?$nY@E<J0`L@4mSwK@nc@NAbxw<~c<o?^cQv7)w0=SSxk_`9bm0UufrW9nCoboY
z(1r$YR-H0YqgG$YL<x+eb3QjGr%=0e=CLTx0UEWC>s0((7*7bC>NfsPey;qxF7~qZ
z4e4ddCs|cXYp$A07g5{ptPBt$V&cuiHD#gYUCdPv_*CyZ=fB_o?}IbbZ&C14m(%+z
z3ZJh<q41fH4X%O8F){K-Pow*0%P(n)KYte}ijwCCw6K>%C`WZ|>?OF~c}7w2+5C#}
zdZze}T1;ub^=!YEMLJFN{Dqb8udg9}Z`cQ*7l*h2u`C{$={kAYx&T)(_h1MfrPQ!i
z(F>q$`qq50Rdmr@fa+~u_yLo}`8$b$><$U8$9eZJ7PyP_Yg0CbxtOZ026OV1$$CGc
zCjIoYL^uG&wLhDfEHlbAYW5s1`M}F8B-HIF9Njf|?xIUb-x~Mjiie?4=>uAm@9wRD
zTF!p9+1E<{mnAuW@Ov2+w+(8r{%V{UO5?=xd{kK~Q0Kk{UVSx<O!}c38{RGW&^HoN
zYKM9wJ#wz0syt;DI@7ZGC!v6H4Kdwl<&>1uj{Zc%pd=jZxoJkmKrNE?Fe)>X29m%c
z|20oZy*rLhvwbnMiqm2Q(s$&}$&pZXWV*>Jza&nC@&vKJ#b(WAZw_|12^n}>MX}td
zS!uuJiVUC$No^ZbbZl$mf^fU!;<mNV9TxkNoaUF~5|b`QNP7!8!tV()vop_#9P)y8
z5(1s~8HUOo^qTV2v76jagvA7o8qWAJ{_k_kFBU+NjLNs$#4#zOZv1g&zm(8zKd&Yv
zcx8_O3t*aq`|Y-#6rgi1E_ekdP=wDwi}f&i3ZLDpjM0a5fRSG!9@<9N9H;Oo(A*>p
zd99n=03O7Tc*3p}S*HD7DI{1gxEPm=lzI*tB3K?v07%XPig~17f@|@{e#_`PGc$9J
zI1qB)B9$|II>4pzaE)W6&U!dbzs8#Gn=3I{Q_AA<cZl~=ICrIQ6a@*1=3EZIZsq=Q
z>f*%mUbTeVX^EVFPxpKG)1CYG*KI+ZvU(~l-UmbhqNXjI#({x>B-BQbnK}n~%eLOG
zUjWnZNY~wO&umImfrTnLTAsPYmQ4P66%b1HKRnlKE+W8l`5KX*%B@=y|8WSfz3u|8
zYrm*=yB2~9ttaL0Dxn4X6M3J_XKOZl8tFH=W0&gJ_BieV-H?WP2St?;ZLE6IZSRgp
zRk1xs>CrJHB~37no6xk1+?g>kFjila8di}&f+4-Xjy7%FSAT#|%XSBQ9OL1}U><g5
z4@(p0oa3$ANgoem6ABe#>DwIz33ldftb4-%m-X%YwZ)I%A`l@*b+)T$p-{Oz-OUBI
zre{B<)^2h{;639^x9NTOIkD>Syw@VfO*djj{q?ajAjB+I0b1?QtJG-KKM*tiv@Xz*
zP7~>yiBDAlU#L&$6lI6P61aIDK74PyKib>E>|^{%rNMba%rJCAxf`&a5+8x<(lv$7
z8)eZnsSx@hJ1k%k`HUdpLI3rcud`9-;np%-$|Bw&-9J|3#=mzn7eK?_$XG}nBXp|a
zt$?Vv#5`#!BZ@7vX`4{9ix7kH*@d=#>3vaeLQ5+v5qmd(e^Ifk<I&X(onU}Z=V=5v
za)(=t9<boYQmBwn-hpb8o|`+=b}Z~J{m-0{Wz%KEyt;dVD~y~&iN_^s)pF~DhR~cS
zIoDkkzHRHo!RL%LxuYyhn%dt2fbhqo@jCoz6g#)i+uyCf?6HvG(wBXf!k--)isMc%
z^x+o4gJc8G`};)|LkaMuCCkD$75ut%kK=lRA>EBs29$HvRsyB^jr8(YK&McqQMdLq
zp=uTuMK`h8&Cizr)<^&G6&xlpoGlZw3ZpKaeUWQG0W{yT0s>@~$C2RkChpkT^W)L^
zLZi!5e<gq{C~K`ZvB&L*W+0k|v)O*S%ANCysvl@p(*!`YKaLL+6j=B4395FR!8vpV
zGpE!)o*c{_aj7e8jyz5-P0kdIwNIBdUIh8E*^YcH6h*r2W{z|;G+&s^$8fx^gC21f
zF@HCKVfDvZ+uEkwleld&+=l6Xuq>A_cD$){^$e1n{>vXlUX+uZd`~ztR>}@!@C=NA
zh3Mg&Wh~HW#IZt1cuDmosstfP%u17Gi&+x*mMLxH-PvRI`gLbPP4St0Z4tvpwaPt5
za?OtmLTS`idO8YC^Oi|ojJ=D_?ENG`U^Sfhv6l=s)?tpP)a{qi*PwLdX;JWU)T(0y
zaV%NF{}dtWA6S=JaV21EeL&xa=Rr8mLas30drN&i&#q>_&vM3V>+#il{|}D$Z25YE
z37G!+GStHlVvI5IVu4cJOAPNPfa?7|RDZEUot!5%r=F2oUSACk(iJ@>Y?Bpmk>dgW
z3LgvTWi)CD@GtEPDx5fJu6&Oww43aN2&(O5tt|;Mm3-J;Xf?3^`8<DYY)o`@D6YnF
zKE?OcUv42pU|?e)J$0icL#1HS*QctVdG-?9yBA%v((HzMd{^f5bP|ipK4+8fNx0nY
ziiD0LKHJ_3qgj63-cTKmWf*;vEuM`F5AVZteCnyxhYQR%02LQ=K%Gj#j)Q*WJo%=k
zG&C!nQF$Wm@HZWXljSD)H?A(Rr4}~l!fADaA%+drFuf-LEw|CfT6u#6QRg3M&n|rF
z)5QaNNctUPLhjsWEoTB>;$0nd?jQOC{<`pKRLY_MMU733>zb?2!cl_pScx95us3(?
z0*#RL+XI4!Si~Y8O_>jTj@72u6WFwefYuw&c6FEld31}20!Z{p+S(1YVm}Syl2^$h
z1LS7w9QYsyitmzq)sNQuEvF9GdTl;=>vc`=$m+_K8@IlVq!97EvpduHW^Np5_|u`D
zkKFuBku^Z$k&V%9GG@?0N4`5Z&oF&Y!i52e`_b}Vvq-3~sA;&8s%pO10;qQ#{w2N(
z^8V{?@7;*IN51yLo`K)5UTvnd_$1J7jVckl4#1hB9@r2nb?ByBd$3Qxf3CrwX8<7z
z@HWBtKeWAdRF_*5HVg<-f;6IZgOo@&N_TfF-Q5i;ARy98NlSN^2%>a@q?B|w65sv-
za*oe)&inlFz3*Bs7y47U@4aWw%$~WfYlL6kR_H&ra5EN^**233gmOFVMq-|hk~TK|
zMkuLIE-DnWlO^aZET>MAQ|5RY6DNo{k|mg6f{fby_Y7U22^r$jtkrQ3VA8WmZ{k8Y
zBrXt{s}ytvVKW|2UuV(H1_lLR-vF~~QieIkrrbGm@jvl}-^gles<Uo4G%^zFc<PEx
z<+Rl6>vrfR&1MY>W&H}Fxt5NiUiHHr1eQ<n8YG(@;G~Ss%7>0U!n%h=-ttN{kXpV<
zA7@r*l`Pf3P(S)3sdl|xpws428vy3T0zM!Tc3OIo$>Ojy+rT{%G;ooMy}U^Etg91o
zm>>W-{}2Wv?Q}2|UEyWep#qrfV^{$O7mby1nP_L0Ha}4gdwl#*HH@^teS220ByMkS
zx8F`jK;ThuSiuwFKu2}H3ad#8BH4S4JwxGzlwMC0tooV*quy+#-63Q@e};sN9K8sn
z)l*H`^T}vG&4Q_JCbM8dFX<f;DUYAu7qiRJym$0_3{p$yL=iEoEpSG&lDTE!?@|PN
zJrn^`3Rw5e6%;T~+^w?%zZN*Ha}9d?xP-{pkvpiUwXOZ?*3^34`Y8r?`T?6(4TY?X
zOe#q;a}C!--vt;Mo;pJ&BDVTPiy?$MoPb+`A{aLd)Vv0erP{&>($GJ@tS&##Ay^qW
zJ)S9g(A-I+$<6E9{1_+Fo$YSgyXNK;u2BsGxjxdJw}F1cZPRUx{ja-XW}n#W&tmJF
zM&#35VZnUq>=^lIrUo?>a&%~&*VmZY%dZlH38=U+jLWj0H-b`%X2%X&V&>__yib_1
z?@~Xh6p2o;qhJkrLnm`;rv1(_(&pygcvVgK0S9U=wd{Gw?$9zy=r;}u9yEU5-ev33
zkCei}B#|1NK;=vi6a(S263s>=E-v}O%YXm`bG~ql+Att{pI?-)qn=c<stg6Z&H^GW
z240NM6mE)|)+c~T`rO$z)8ZLrd!EpBPOI4fBdikaM9uX&4@=mvLsUY4ZYnV*Ces3E
zCCwK&8v=;>xpiY&8#ghr52eQ`9vmE8e}m_*rN#?9VK9(`5+`)K*mh3jg!%3+j=laM
zn8QM%{gbPv&@tihv94=5JF8_*^|ImiOu9HG&8nXfc0L&3v$v94DF3lPV?KWrV?K;v
zT)OfM@QTu3Az`=FStOQyRV{fg{%J<>xW3)*i{*GlUqJYmZ+p+$q*Is;n@v8Q9<x~M
z_<g)%_$VT9KH2jih(;^1WiTY8cC%Vk=lp06U*mL_6x(pOR5U#HqiYBb^M=3t=78_5
zUzVArxN*~`68GXFBE$<1m!s3v2;u$Jj?|xEzWSaM`EX8jGTFM$`@-u4a9*X(+735H
ztbIOSP<pWNy&P(Bp7spSQ7&XyJ=<?7G&wtQ#IbaFQpMJ=T2N~^nkxLnhf5VR#m<NO
zWO|}&AIJflPK@?t{<1%Vzk@IJ=@Z5CQPH`!J}`GkYTIL0;*1^%1DEbCK3$#<ZNx^{
z`nc)oQStCM9;Zo=pwFOI!)n*KB__Rh<&ixs#-TjWej`N_KO*JIJ@imqmYspD&^b#h
z9sMC4ePs=;)N|)SS+@T6<O63~`msdQ8s|4Q6lWWg3m@I$1!@?Cl6Z}Xvhp5oEnC0@
zVBX|gkT13{AesK=YO{_X=FsozCfb%DB-8howjU)&!0btm^?A(&g&&40baKZRB#{xi
z5u|0_y5|!i!x+QzRtS}T$CKGzC<#DR$m8NoublozLxhY($qc^2eJ3>vr|8atnI})5
zQZq2<WEvI=NJs?p7{~g9j3G-HPhVeuutxepj!r(8u*&PG;b8^P#>Z}6C$x_F=``VP
zO_ig|uVPX6QnG`2&C9JLCcn&OyC*ZRd$1!4kBV6CE9_na)WYVb?4#{adTQ;OIAJh|
z7(=C#<wIyN9lDl6@V(=)7@s}>yBi7%!W?db353g0;&NN^X*a8q1s4v6%L~VJpZ~O4
zmBq%8<oj4U&6+5qNe^y|&e3fwLP7>0MYTCHB9G48ji>*?^+Wf(YI8+LY^iB)lUG!X
zk?GLdr<Ys<{&)Gvt#=ilz|d=POgnT`PA`iV7Z;Z~Z}OdNHKxsbtaepS#lUb@5PnlR
znId2oQ~QFN+QWD8M6Gof7pAKxP;Qq|5l<q{1j)uG)mWc&_dU<?1I6`QfokP%i$uPc
zEUZ)Feg_FWZtBpXwCP|FFw%XZ*!}4X58{C07;jt$&r|W5#mpl6gEjRshi?Xsn#Zmq
zlZU;S&7sUh<AG?KWDiNEy!r8^7dk|Hfn0*=Rthu@!?(%43+E|UcI7-J`BO_fe=nTW
zfk7on)z+UI?-s#qsGcYIre0MF08}*S8uUZYY`6?B5vO3pd1Lg0AM*SFV9n7xcg=dD
z+`sTCI@ij%m!VrD!s{(nViJ<u+~PbIpg7n5$$@Q^cK?`09RZC#7}r*CPv$|_&|ch7
zmdWn6WDKIsO(Flv?WMSb+KMu;#Txh^q?-%F5gnw){QdTr>Ae6*6&~+C!T|-0|1^O}
zhD3DgF+T-@Bx?)|xBI%qR2>EH=&^qL*RLt^WG}x<{#0@iM8K>zc=p94MzY3nfK7f~
z`QUglIqM~nSBnnI_RlrYjFQ?01DHP~@#=m+YTgOox79}AR4vq@&&xDX@y?seMV5RF
z*g-g8>|z&}gwC$WW|Qx&c~`Gh!%_iQKLHZ--d`|E=p@4h>RAnFmcQhS4O#<`#kwd+
zYoGBr=rL-49n{g%^GK-B(IPu`U65cS;H;V^*P&BrNv0K6&FC$%5$6&|c%ay$p@B!6
z&OjYC4z3&e*GBpI(4o>e8x%2^zqMiVVOWJ%e%+latd{{*mA8v)FtOS*TwDq0IPYQ?
zrOtaA<EZId)N7ZO7rwNyr?9u+zr5@9VQ$>IK}CM>EPgRN)aAn*(2!(F@zw>+IWouP
zld6Qrtk|;*=Sl1PD;>=lOtp6i$#?5_4>WORAM2u1zDpV9)W`j9fwFb9{ftwgirFiQ
z>5(P^nft+7M4E*YNmoJov0BaZpty_fGO^F8eSOcq1U1q~{6r)A!j9&7@nZOJc=%2=
zn)6<xu%U(41h{Ruod@C?zOG%ho^uMkKcB<2{T{{GWavB(-_j-5k%Kj~pHAF4**2=+
z)Lbq?3md=}Oel~Lcd{(082Y_c780nUQ4X?XxmDjfzN?(W?;6|L<e?K4M!zzho8MC;
zul-p~z)K0x@V&ac-}3|IU%b>}qfjt?EcuAteb@nS1^2;7@5-cO=^&p=&gJEjZ#2W?
zEecHK<gg!M4NYA~2#0(SMs>C;qJ3a)MLC;<BcGUcb4wTjcmHHFl2i}|MF6+3<x@IN
z&Ul6i2idPGXwej(L9eq942~kvV!AC3MK{6Yc@p*Y0bO28RP2LQ{B1DscmNDmVuw%f
z;X8YsGlfN=Q*9UcHjF3>SzTQzLjqf$A}d{r-+D@R4-6xc^ID0X6G4FTeL|Vy)re!q
zy5sTdZN^jT8VQsgTn1rA-3Fmw&el{oG&yO{KlUq?ix80LVNnLQd>Y1v)Q1FH{WA<1
zQJ)>Ax;t5*9~bOqkU)woR=>@Qf3IF&soadU#%23$(b9yZSGdgyc)7l3+BIME?2URd
zDJ0L!Q!H|Mi~|CHE^tI%<Q7uO3+O=+@WhF2hU4q&B=9Uc+5S2jEz-XweY%3|+ReXF
zokiy8d1^beagMa_aV#7uXZf=euUSD)GB`LGC#C=%%n7aB=;?Lc-Wh#R*l5(=LnRUS
z6$jq9JI)Bb4R<JaBt^w}g5>kQ#iK`}t=6}nYky6(Y(Cq<CqXEy5c#-sX@z}B50`Q1
zHTpw%b>3D2qR!l_#U%GnEiT)$t$T9`>da>yvw?}4*7ed!vPq}(XWPH-yB2s=rCn6h
z;fPk4k0g<jk<pNo3uy$X9wOlEx-6KDP4256_I6|eza@LYA#HwFx3e!H%+dd&7u>pa
z0%BvbV=j}e-AKDqof^97BioDR4$h5r-2kanF-;r-`{x3`t?ar`<g<YQ`ZCs<xWfcu
zV2a-F>!mRyd+TBAmH7<Xu&qMePj7u{5NXn~SQ1N!8*wPu>U+;5U!DQ#P=mFV6^ML}
zD@wCncB^wh|MvqJEr&qzi52wMDLi++QDu^^k5}S8sOUkA?bTOEVX+u>Z{{sELJYzL
z^TA&OnMm2p>00MPEQXQ=Vm?}xJTWrS23d4;bb|pt&2;xzrwIq-*jTr3Pe7gBL8$2g
zZpxF6sElmdA&OSd+6r;sRL=f>5`85G(zm1KrCbbv7vn3~y0GwV{+R>ULO?L{JQe7M
zRbGPAtv6?k!E|cRy`Z9g4W+7TUdhJOlK!Z&=id|@K)ttpmHy(C>?ba!lx>B~rK_5g
z@=^^5D&Aim7`HZO$az`MuJnqjR$`?4S=;MO?#-I_V1Ag`wA9JF)YM!t=jMu*aEZ9M
zXvYY*!xhshd{?hSUV<ecN%CgV4a@|B0_Tb9{YuYpMPxu=XH+DWw0?z*76JbT8f8iA
z=BKAG+Hq|a6ckK;_;_KVp$UNG@r_mX_pv!{>qb+Ii5w?j6JWU6p;eDU{1$VLT5U2A
zIO!gq-UvmaX;y3&678}bGDyXs<f?fY?9U`0(M0w8T6ekOF1VmZyb-$EJSBX;9PXw@
zsshQJ^7ox9rqCeW#I;dDK1T94@0XY=U7T6JYX$}#PG3OPpYC*Ed<LnM$==dkd*W(Q
zi(oM1PE$j9yhy(u?Linz#`17Jx8wSlvQAIjBY)7VHw&JN9Jg*ve8+B0GQnk)!D{Z6
z1~8r9To5qnnP!?L5nSdj3kph=UQfm2CRvkZWlP0tUp4Z>-G)V+nH3Js(ePI*a#2<j
zn5;E_Slra|6+$uCyxv9b6yc8X<yKt#n%;7m<QS*0DX&$>RlN{%$kB)6h@8gOHvq?L
zIZ~EC7RN~4$7TBLP_f!>A+Tvn+3hGobcumPMyt%^Ls5Wg1OS!N(J>U@;@~#26qbB5
zNUcQ1Tvw+nGsz1@R&5LC4hYi9_w|1v2kN2EQTQ*`6lVjYHk#Whh#EtVw?Tsau&2wr
zYV0B-U}#qVv#5faS~guwas&v23Pwhm%WQzJ`vI&+yE#zK33JFi&wRf$-|{{%h>E$O
zH^&nXReVFHS_)pVkVDEJay9z<uQPN|x}B<G$m4&PjsANtAqCxC3SEo$X>7$z5#gMr
zET8pk7S>+j%nCHYBaC7ajUgWjMb<0FjW%9D0kQWrziQEN+`#g*$86hD@Ag6+9yuRv
z>60j|8A^P9pRqaVVC!;v^yp+Zgwb@oB0tl`oeJbEWd1h1n7wl_She~L3PMLnSn!&>
z<$N3r6@r*}9&0wFiIUvri7m4=&p)E&sFa4?;r5zG%g9Koc*Q;o2ezs3dYit3q#1YF
z=~4I(f9=Nit|77d!of%JTAv&F?W%0zJ>*`DpUk{2>aD{!-tnf<;)Dm37NF5>bY#;7
zQ|1~EX4m1Q7Jg#>8dGGmHX5E@UJJLos0c3m63$&`Ck?`uf#y11u5*CqiDA%MqLi=U
z_zsMe?Mgn3blrY|OIgF^H9;X|F;I~x{^|%wQ7dkz5C;c^V$U7lK3nvccK~zTLcA1l
z3-&HR3A4AfhmR@*0C)t_rY;U!iIlx`wB+qIj8_Xc(q8s7qfwq8HX!6++!v#XS6vEq
zrLxm|6>=v<aQ)%eEt>b;{cm}3>H4Wdf*yoxr))QJCh4j_Z-M*0V^{7LfbAiLcrDz6
z`>(R8e}Cp93&AZVTcwA7`D8#!M>%#62Vut%W|&mSYSTZFD5lG4{^xgXtvcm64x=@-
z9M#Gshw@Gply%4?#1H+=Zk^TkrhA|$uSxz33>9q6bmzqT5;KH~&mr*Za1&Prqp}yE
z-01srkP$Gk5k1^6p?Mhu0$&75BERgkU94zau8HP&L`?i<rG@QH++BiE$#}eFr-;(8
z#VV5=GhaAgF=%(Dp1C`XN}H!6K>8gJ4tVAC)Z@Yc{qNsZm-hMU?W;mIU973x)`}UJ
zfANsCYZAA(9-!LmlV}oa)gH*Yi(9_n2HGTX#Yz<xoRIn#`}9&|+64E8iF6O&Vci|w
z3Jbihcbt=?T|T}~vz^v8$~?!}f<wZyc-;?rm+oGWHLvvg`1%K+J&tJp+@T;QhTyq<
zY+PnKAQE!gFx&oJJtPQ}?xUxt&UR_nb`KdPo_z_+>g`1{s2mgy!N%N32<hu16Af^2
z$QDkH*RATmkmVf;9h-K|qO;lv=kM>~XJld2NSd~n6<q;0=$(m(Rw3in<hd7t_vG$1
zx16uHD|`;7SZXhSu(#Iv%;D?>h0j5`L~lrCOtdfNa6&4IC~L<i?a<dSbfw2UZ%{L|
zGX?pxvh}j~t*bN8;et5t5m|8B|2nXgi4A=HM@<(BW`iV!ZEU}aVJ!(K73;5KZxaeq
zziO4>!-W^ELI{}k)`O{EtVr}2WR&1=0;nT47xJ51fM1mY@exV2AlX8_*naUPU4Lt9
ztE6);Nc+nX7DEOHl{CP_Tj|6T{tyn}aBY47hr478oulSsGlZX8ZN}%e1eK92S)PKY
z!{A4&Qb79I$qKu<b(J%pHs{VyQ(y^XLa!H<qdxG1hJ4NRWqU?b7Y5vZS=>4~OwqUB
z6a{c7s0o$v0o1+e5keQn1jxipPOBabi%X3pa!tyH^PFVYo$rS8FO6GM#n0~8%}Skn
zo!wTLbaOP^R=hamKUs*4#;H_jevF#HbF6tXcgTvf&Dd~+QEu{G;ngb!xo>Yj?LpE{
z=g3C%)C#DRwOz&_Z5DeD%|g##`Rvs6^j)Nl5rIJ)_xLw3DDAR%&K#W0MjGmcFHWQ0
z2q5EjS0X%aw8^+2@+f-Dd-R4aOQ+=dqpo<~jye-pKD{4$BzF1qJwRxX)A#XyEZp=d
zI^YBdSM9G1MaJ-toE|*L*Q%c22@>tmHOH2r&w=f5-_wnf67A9M+V|?pg_TcMSum{m
zoqVx|yZTv$K3$q}BVk@z-8Wtuxuu?IvR!aHbSVY#F6UOLt9Wxs>H@yRLL&p6IjXwH
z69g>!)l<1M1<)H%IUj6PT*fWkk!G)PZ7%pk1?p9x3aIn~pU>l!$Q>f1#5*JZVL5OR
z{Nt*vc9oC(52wFA(~AU_^ZoVSOw(xGz3%|L$l{L!BE#pz&`e(+R%m-$13_>-K%JtM
z0>e?oK{a1^x&3>DyKrl~cI(0Fh^n@RhtuX%;>t*PT6^?E$<^SW5kRjH%`Xr=lNbS0
zn%ZVo7}D}<#X<khJj*&G!n!=F-_GGJBe$RSridAI2K?gkkmIAOtYfvufLKb#*dvtm
zrdPW}G83Si)JIAzHsCgKWl4Y!sM=}Uc)k-7hkT~@5Rb;W@*r>Qqm*MH++xGo2_{H}
zoz`jBCu_ssz75MYIR@ZWzLW9xl@y5|Qs*l98!3xP-hw!`3+>7pjaKvoe0Fic*z_V`
zBxVN4Jlm^EjTKFgikvgBA3O4&*Ik^$f8722F3_qW>9H{zz540n<o=gwZSUwLl5rWs
z>bFnKnI}$PUYimYrAm%c{0kH!eLLPHPtNxzhu)$Z11y`5ckNYA`1u;3>$iVumQ;1j
z>g1|kNW8z8BF_ukOpA+Ct5HR89C{F&K+Ue7`got+S~BZb0Mik=^u5lR)4GGzUrwkG
zvwylyxK4qAqctpdB85xL7x?cQ_Gdi2c*ithJF9>?lMM2CGksyx=WSx(y0lnYsGSvH
zxm>0_LB-J<zJcl2dKBDh=y{M-BLqZQ+WRJsf}vT85`V57TMR3|Yv2q$NNUey{&cQX
zs0GDKIi{!-<tdGT`-?#=6B93{S!5T++I-3n=!F<6_P)j&Fm2s2%rsB<qgM=tfQ1Tj
z#DWpWndT3EwKo+FpQc8DBv_tCdzSDi`Y|2l{b%WE(N2g(91-D;t2>J@y;i=iueMb5
zXXE;wWhcqmm(~`w5pBME8S|4~JWV7t`{~QDK~PFHWqoCjg3r-A|MpIEOP#F{ttUF9
z-!3O-3v`nSi>rEvBN9F1Q8%WgRZB`Og*%EQ<dr{4sdugPHcXB$?_`{+6O?Ec-4zl5
z9nRFt4rc}7Lacj(1Q2q{eSNah!MIe|$Tlh=;(1ahh+<tW{3Y~!tFd`<+v@!?$5yne
zyW&8m^!k@Vjq>13=|limi9fA(JN)n^^uaiNBwWa}*KT>&0jt$SfZP7LstuSW?=n{5
zm`j&?;UlP&B}3ra&5$_F?k@OrvJ(t<bbd|bjD%S&+evR?^}QsJ@A!ypNSTdad;Nm1
zuu&Z4ftgD95Q-H7`hyVrW4)0dj;m%kyr5}qcXB$Myqi5&%%J`8S)2P%Mp2PR;%yXs
zfh?Kojnq-4Z2!m~Q2h5jb;+Y?^xYXA8xE*zlq~uQBLYF5>LLadNyWvJ4>$|&bhYa2
z5?|193VvI(3_;=^M#;322L7A)ApE;#|56qK-T~&TIOAl`qz#ivjm&Qx$%3B08ic>2
z{<K6zeoFp3`?$_b#;?2EwfP^YZ|;9kunFV<B_v~XIA+ma)C7S7KG1vAXI_he4G+CZ
z@&l#0WqBZLU~hSVE(Lgx@Qtdc<FF4N8{IiO7&i-Xar{K;3tH=oMOZD{^78Wi60<dq
zt4ekQi@%v!BgnW6DS(;PZf~!jn(r2m)P#tz^vWj*H)Ry=S)hbGmR3nr(LuW9iY|7+
z$m7R713~F&EsF=J-J0B#IwDy~;^->4;iHmfUv2)X5e$Fk-#NRR4LBRkD?7^iC`Ihr
zbtam<7FI!)=XI_u-siFv!IAo>XZv!C-3kf!aB!^b%yXFObSqvPbq{vV<}&Td8t*!<
zjRtMhty&?Wpgam{E<k!%2H2CSM1j~s6$Zwudd@9#Uu56N)6K68WK|Z)<pyQxxO{*w
zuRC+XtMoc^J8_$h<qZBR9XHx=mbf=KF!{UzbjEvk3?=QO^a;04cNzQF^EJK^JKgHo
z(A%}2XZN;h77#sjYCHP2elGofQi2C};aOj5U=-7#sHk$P*IA(X=KCiCq6V7EuX4|H
zbE42%c~23_P5Kn-zA8##KTQ7Ueg0j_`+S?b{&;wtc>;5veNrv~3@uK&je4In85&2_
zYN9Hl;bg~tmz<FQF5`@>EE{S@%>s-)0v6SUV~omLDHbJLC{k*r2KQ#WI_oRAFj+Q+
zr-ofZK+SME#rti^(y!3PC5sqK`PBC5Oc6vg-C8VVMC25M<|nCK7>bMoegw;VBYl#z
zUpE%FX2@u0xir390F2aLBhB=<bO^#<nGNJ}<LgHT$$IJ-v}{;xsQ&uwt2jXK*?l>3
zLZG8;Hb}J&w<(i}h25i-vKX%*s6VTy_)u-oiga@H%yJj#GYhLRfqQqAgJx`06!|1e
zR#p}W634wy@AmCBcg<jvfGN(Vm}iUpL~*mCp(j4Gv$L<*H~EkBqF%EL2V**IP6(^%
z&5)6h_)^NAt0XO|FvcVB3kVp)))_(vPjZ2-C%(GaAfAS{Dm-XAx?iHDNA{ntd}$AS
z@j^j(ra!ik|1Kd9wYEfUu?tqlGZ=Ji+TLHA;csWpm1b&wB|1;h6^-p6!+>n;Ls1cP
zRCKhkXgJ{q`^D~s)$@%U{@OShNy#*zDe-glyx~oi!y6*uC|Z&4%@PLv$GHysZs!`x
zoypW(N|<q(&vi07J1%Ncos=+;mD;@bBJkZINHP6Ql&+aCQ}SLdHzmU>Pwo;1z@&#U
zj`}?j0^k0Y8oY<324VY?asYSE)aNY9u92w;;|5xObn0)tj`We>Zr|>Q)Bm*C!+()d
zYEbG3T18QDan!CQRYijSw|7p#F)wrZX0ZICNUPee<$WaRaAnN4hIAZN+b{MzPfN4y
ze^!*`m6qk%4yconk;xp&_09mm9fhuUtin?+W>cwf*tk|k--COv={1I9b%Pxam<c{U
zG5{$nK}8_nGz8$$w;;2_ti7T6ovH{BusERYRlhVM#Lg%ZRNZ0RYG0UnF{N|C!_sFQ
zS+sv*ob0YsVGWQ9ELLkK$(9fA|A}&*y27B2j=Q1m-&8xOsX?_vN$zl<!_(lILHY+`
zAh}EQDY{h0?e;ztG!Z3}X@4aaIjjqiS4g$cH*CWc6%c?beznz~5i*$8hV0tV`U;)w
zBbb7OvuxaxB(0cvO8mJ!mXUFVH^6K#TR-B<i649W6ebQ2gLa97D4Xr<NPl#iqucJP
zAsB9!mF#6eC{#VvLHdY6KmZ;V@M!#Hr~_z0JQKXEaW<k6@=jpDB1JX9UmP<kXQR>R
zg5vt9MS1UgRO`Y<_F^YzZC#gb3bXGe8FXxn3@wwM-cj(sv8`7nWxeDpG_j}1s~a2~
z6Wb-R0S;NU8(sEkoJkq9&w-zSKH48>FANnG9@{eO=_D{+TnsdCF1awrID&$LgFs#p
zw6((g{QV6ZfSw()vm=?bVL)JDpM4K672InuvnkVtPhZt;H6XCHhyPb6sg|}<o|=4>
z`Nos3_mxc1g|nkDb0DQO1;f>8zwX7yy2WG6!NNK~fbm>Q0Z+1FU`_8kTq0SKXZk+V
z3#K$76a{XvPkBgAF#^bFDD!(VTr~=<s))*w>A=iiLc<Zwfi4s?PxvSn$Wicnr>VvQ
zME=NRd<w7d+6U2u!rV8whY1K8d_ucms^f9BT@vrh>~@gX?oa7w6CoVI_*PZj9xT-T
zWI-N!MTZ%pu>d2^srdQ%4OU++FE6uoKt$T2X)r12zmQW<1i4%G=u`Bmd_lsdmDAFy
z>wF*YDp(UdRcc(BpU&C5qfm$+j|K$;Ck0*-?v55!r9Xh{B3z;WcQ{h-6aPSmSs$Mk
z@3N|wjyYQ-Y8-gS+UPpZmqa@_zPd@nFr{GC^{zZ%;f(mW@_X?!(fW+B>^}>7ph<8E
z90#PY(3?)E4Wx6x88MVw8b?Pdp+74Cu8=kC@~&uGq%dHneOmWjUMcy$KEjXt#c86;
zS+0m>wsX3KG(>?Q+vA`FFzhxD4^|xD_KYvl7KcNN57uG+s7l>9ZTBmJ#X9<v-%xZP
zpFT*@xQ_$;?Cy9;r4OKZCh`Evgz-AzaPb4!WgbE03quG=C*m@PJMmVKe|qyh|M<d&
z@e0*?XeSI|eO>)(cnZOJX9>HSe`{=Rflb}|MIzPtfGz#zA#MI|ksyu$sE>~FMa4@n
z%l#JA`fn#93$VjcRM{(yQXui*V}?{jbT4FS%@F=Ph`*nAg8~G+Vum%H0&0|-+PX6Y
zy0uwGZA~9^&9wM#ulMMY_1C}f^2F=_O5Ps&#`?=suvWR3Yt?Y<kfwaI5`TR0e>(RN
zLX&%#%>w>5IY{0up;E4yDa1bz!Oz%%RX&SF1h8GvOW5w}g}5-vzhKGhuXcR013Tj;
z?i`^)+MS6w3;7h3s@<i54;N`~5&ys1k&)<K3lb@OSpC$#+kepqk|6W}S-BzacnJRi
z7WITEHyhx2|D(-uo$UU)qBhlr(@5Ny%oaVQ2(FpmUe5|t8D&r3^O|$X&+np9{tUZA
zbK^ejzySK}34~)K9#~h6Mn8Y+Fzd1#dc)s|E)bv;+m-2#d!QlxWfx`*&si`iLxM_;
z(2lWv|JAH^%J^X5&%%`l(S94ue|~q*>y2o`f{;Y7-t-8<n%l`&S(v(y91=uYt!tt6
z`9ZbuZX%YMpT!{b4{qL|n5%!e6y$SqmXpQxfgy<sN-*imJ$xSiVH@~A&fecD(PwCv
zl)_=z<P^#qn>!%|mxGg>=tc8e`m=zgPy$#Ai!bkOTt^`xU|7rsg_weGvi7+-?%AKF
z4c+|LKfVC^s+ar(5dvrv_TPIZU<K}*G?fkwICu3)1A-dZGW!Uxo{j)=_)xh%pyhxE
zzfFLTq`x&2^T#**eeS?t241BARlPM(?6-gWuwG8EO#QB`lRCWro9H)h>IsiJ#r;Cw
z{$Ccy_w<^-$j?20vt&%SA@Nqk{KC@kii$!kMW=nDOUrS^Jp%vECI~n}t>(q@c#^LJ
zHK_P?P6%nU|MnU(SFy|qhOp$urvGXXgVtP?9oqv`j^F<25VAz>9B!I4X!EALw^66q
z?BsR-<?*3auTR4hbl00R?-36|$g$l6%W{-vP=T}zMGm+&GQc_n><|pT!mc}lNyCmm
zew07G2X2G^{LMimx(rX4TW{cg+i?>bgpz<3%4$vy!A878fls)uGWfVd7*o9X_4!x`
zJ7t8o;K#`h_t~dXSB7#10`sIKB)LT&u;pd3Hs)6(-uoNn?r+--)=%dtsEj?+9yPDI
zgZ+Cw(5UqwNncYX{oZ&n)79y&$qTtW9)UW!FnK=jh#xpYVG)~6T%BeJ1#wgL7Au}K
zHZ1Yiffvvmqh9#nHuVHFBuZXQlo%p=?re+V=vUor_<ww{#c*ZQQ$yC-^fxyB2|z0|
z{A$zqHemHZrGMoac`DA;mh%aN9D#2r(beh>tm}PRn<C!lkR(hwM<pXiIaeO&bkp?h
znGTpNv@iU3$>zo+F8h0c|F*fpK8W*s!Bc*KNTcv+Ql7}!?~+6RT4?YJLEMyuaL)j`
zy(fI>#fLl6i(DeW648907Ca5CarBM>JcEar=f`bCd+U{vc0B=D|7M&u<RHAE6f@*?
z5DH}6xJtlm?uy;hk#!yk2N<i)c-E(0&C#VTK1AT#h*12Ufr2YI+=^Ugv8*5=7H7_m
zLMqU-1Y2hcog-u;9-NoXyPKsb(|f$fQah=dY2k|W5L3oikRlrp2%<cXF|@1R2+~l!
zU0R8L=(LMR0prJ$pY@645S<89GkMB2t5B+HA=!H=QkHT)3GpvCe)Eu5UpR;ZlW`xY
zDPj;zRk(ReK1oQHQQ_-!A5dwF;!KQ9i0{F^7A0mVfCd>be-DaonF%zw+&u1CjzEKb
zE!3omlX4m`^jX7k75Rg{ZH*np`-Al{5rA#(=~GT9(8#aB!q=h|#fR5w^a=&IXi@bi
z=_d2Hz!M*WC(cT-nsgg1ynu?g0T-`5fYtk-OI~lNtrm+WPjhqjk|}{h=9?6I5b6)<
z8(7{!hV}J%gjn}$LoP?VmVsWoCIDbP3~`^-yX`N<8z)hCdwc7%Zi}8QXTjE*PNMe}
zXmcZBq<$<bQ_`rkO5_gSQ^T{h-5vxw*R=Af0cF(39gK}GYdX|w(~x^|j+PL)a`rt6
zeL}vfaOVD=@30Th)q~nqv&rZB2fF*gK!)X$a&x5;CDR-^8VNPoy{xshjxsPa>V31w
z`@j=DVh}^K{GM+3*8+b0;9N$mVe>UG+x~x9+yCL!LqdZhK9m|u#{!Woi(43eV2fW1
z>h-5vXF%C({SbVj7qwp0x4pd$X_-YP>!QDV^z1&p&S~lAy#gVbWIlh1SO)1@rwy#(
zjFW1GsJ30y`z&z~`p%~PmLBQ;@<1CH#)Psb4#6_Rz`%TTl1lIh`|i0L;s0yB`E`&r
zdCOPfjQ7T?4iM$6q5I{AI$`$nNMjo)9^???Bm-LwJ^5j-elSB)HJ*t?pMhSZiuh1U
z>`!9<jS&)Gf`cX>3<o+QqDB9et++z6m0gr_vy^YqyKCw~3pHo~K`K5rh%m%*Ojr6C
zNO#g{_&r2%8J^>GO6PCvG+vk@tv7g17Y7%6ey_59wlcPFOJcTDn%G3UH&M+pR`1T<
zmB5*(ps1K{u&(PC$+Z35I5|y}$Ww{Us3V4+<@r~=Unoys%VKW5fXmKdU6K3PPtxB!
z0}8WC!32VKeFm-BI%k^Cy$QIAUNS%KUR<gL(?%5lVIazGmLriXKH-uF0OAn}YIXQg
zTL5)&8XDEkqlK57ru!?p|9i{zfwe>Z-P$1}Nxo^h+}rQ8ID3+wDxD)DVCEnFz<?D<
z@j<BDSus~C*I<?4bcM*u7=Cz#x%*J+ISV+jY4C(q$uPG<7UPwSjBcY4@-X$x3Rwf~
zI5;?QeNxRB&0+(fviU$YC3+EhCJk}F0SX&K<3(!jP}H6*B|&sS{JNv?_AEuV(c}rU
z+h##N@I!WC=|g72(N>9yJ?V1&#blhbp@0ULG(7O*&97J9dwmQJ)?mobjNkFD=~P|7
z#AA~G=nVf(;Cy@-AcXAtLgZBpLfRXwp&kO*?&q(*ykqTu{s<imV0y3ri3YIM1Thg%
z8N?Y6JpxH-g>c?+^x^3ncyR;<1c>$NOxEn1OxBd|wc;i((A2UcV(tzSlQY9Y^D+tm
z8mFwI!E6vci4K^Mez5snklkvcXq@q9a|<tbB~nK)m`dUp!1O2pBrS}bNxYuz46<ZG
z0&#KfjMGyqsBWO6|GXKX8wLP0xWC+7)xPJ|zXylwVqYG&NjBQ=KnNjI9l!l>pZ>mi
zNgRjy3kxnS&IgvT;8K!81`|jxvscCxA^$SqMgN;mPpQ|nX!l+7os*U{kukvlA3_86
z{+XE>hqEzO34rPXfRYR{QG88P^Qk&cP!oOI9)ptQ<0Am+GY@3R4lp+6rPjM2a^(Rf
z5vSCX{bwJg;%#WbIQnAE6`&y2KikT$IiIUt%jURoT69OV(Tn%Gc#V#OBa%N}_5oxc
ziqD^?7rk-y4I|=bXg__)W;vGrc4i<1amf`r$6&z(iBVOsUwWeQJs?AV-EB&l#Ueik
zk~oRX-N}#pDk-Gs2rxuiVPKZDR@7-Sb5t;!g>K&#Ok%TW`m}e%!Q)!4Y7GiU#i#Xe
zZTX&_Th+NKV^U>iX7=MIFG@FUZc)Cvx!B+281Cu=bHB9!uKse11Jbowbkq-j+Jy2~
zcx!?NX{g<s7OFH*>soqo#17vqq$aiZ4LwZ6l>lf5QsD$JMQ}gwj4LkDt#Nc`mOXpM
zASER&nFe%p-X<p}3r{^%E$D3yL^j!(|AsT;0l=cdEBj`QW}t`{#)0~y&i-fT2hamp
zcm*giT=mC4HI<~RzE?N`%26Vi4Xzh#Hd%wRzdo+2V;|3dx>ZjjlgMH@7Nz4=O{JWj
zg7{g9!yB+SgkKTF_KxVvvfTYrjf(+k2yJ70QYw|nBY)>~z(T<9_Em_Tv;-r%P)?i&
z^Lv?b8;)WX7+zq~mzv3}(36y!p7s*4SqKFe*7b*;o6U|*v%#TGy?e;?qapirK1bTX
z+k2a_Wcbj3In_Ti#*<4EtpOMtgTG;H`XDCSH-@6xz1Y*i#}0H4#(YHG>-`1vgE03Q
zq@L&cefspN1oOKAiDo3yT}H_@(sy^Agt@)Xc}{-5x1KLQdE|8}+7ff;SWnW%A|8|v
zC9wzy=<`0q#WzoTdy}8-kLd1boE@zV^klC{%abDCixir=MpV+Om!wOv0Yqh{`%g+K
z3ouTi{`}-Y<}ah55`Z<widhUsgf^rwWeq{rF8#@VpVzG{=Qdyc8y^PTlz@~<qr`i(
zIy`C`oD;S7?*msy>yR)*5OI51&Dy@|h)eQ5Z41W_VA}q9FOW(87Bp(Lx9RaO+zfOw
z5ruTLp50F>9s~UfflO+padDIZN4lQJt{ZUw>a7GmK%{1Bv~U?5xUz427!(59N3e8i
zP0^1bwVz#+!dNuwJGQA)fk6|FYqQKC=t;*jw+=>5);MN~61oPA29JZ`m&>8-Qz_}`
zbIc7uz-zGH-PtuMK3<&2o5y!JUz4ivd*aS+Pon^+I!A+<L{{lDpI?5nKkox9ulrnk
zysljZNx;Aw9RUB(wM*rmXqZPbDJdy6H}@rc5J1|h5i$9X=M@bezV^t|tc(FIKPut3
z9-eIk&T`3og_3=w$W*`fTtnYRMsgy(1Xc*JX(nnM!piw1rX?9d6>%nB^U8596u+3G
zX*82yU~Vnv6|H>1!O?#tPlhN+$Pve{7}h;rW=ZA6&r24$Hdg+g4+yhAp<bhAoc-%O
z{&|VtgNUDiCcc_(y4-`CEG`WK?n)~sg79T7wNL6_2?&N@)(ZmlxMSv%`AAv2z1iO_
zw3(l#Y91~<yad^O^p(9k*d3+|?a?@{fNd}2nv9|8!|idzw7)Ugfz{*JR-j$mzKZwQ
z2;|<1(zYIUzt$@icYo5G0D@<KGf4;{fI<+t{19|o&WL@EH(qIt$&doC5!HqZ1f+!S
z@*SnzN#=HD@I2I(85!hcCIJe?dsR@_*WeM?^|1!^IJ|Np)rKeJ(ey;|xetwTC^d-C
zD9wb3rC{M#jXzKAr-eIaxNp|0iZI6UC;#k{EQ-aN`L{#KMRf&@$+LIJCcKFof{;Tg
z_|Dvn5~6!za{mqoG;}?>50m_A#PWc#+;V>g&<p5j4%Q=zWEI*yr`2uX@jUpxsFW&%
z2!LJ06BLbBgqDX1fgzZb9&}nyUJii9+|qYr)>Y+%4}dwgH|75M`4kx9(ub?-Ar2^j
z(IW?592k_S_n72@@ql{oEA-FcpGmWY$XjJ8Dk!9z%f1gn%XWux)AC`)rR0M7ii38z
zHfkWDQ0Ib}qh8riH&tt&TZDn6pNbeZgcuNXAI+xd{yjDZB1{}lZl}S3AVsgEB$dMR
zArV^Gn<~!Db?)j5ms=3m-sY%p{o^IqO+)^O4^rwmi_xe6d{2Py5rr)f5TJrZ(un%n
zHC)@;lAccPc5K)+o04yJqNK)`M>#>RiF`+S3<xs>hlf)EX|7DEdmvL#0FcORfJ0{f
z29&Or<BeG=duV$Aq>*u8ixnB^?w=?!W#)k_GX2@n;<;?A$r=TVqd`U4cRN2?*bxD;
zs9jy(px8$s=fSvulhSO%WRxQbnP?Uuu>g)Bu>_}W0`UC>$adgr{{b46lQ04wnt;n8
zok5!@b_NmA9>Un=?4QT6>7Wm#26~#59i5%z6<<PbbT$4wIsz#_Ac+!h0WvNR%ES%d
z3<}l`oSuw?M-2opmt`Z~=02`Ma=Ck{Lbo%V^+}Oorag91YCXAD&g2JE^q-olZ%2p{
zvSpZq79;P;QW|j4(q3L(nKrAKn$1Euj~f8!72wU4SLdVNy_4vOWz71hcwroDPcC(O
zF#Zh-9bFK@$Wzr>Hf{IEoF-3cgUcp8KUW%T%+~&~@K7neXv>aMi_`wa=xu4pjn&~`
zPh5h}YcTaSvA%rquyjZ;{Nd&Y<oHGU*-!^)kS~sdd@<X4st#`7W!W&^W}zLM#dB<M
z;&FV2p8Q!rIDeW!Ynk!M*345DgCnL=teb+*jq|wv0@CD4(+*#4hHHg7ylDbKL5o6a
zFY@<wUxQoHZ*`yDQ;53HR_lu~^T^9G$mpD(4H`8aOdy5C{K1NLoC~-%&9oo0)@naC
z>I4A9Lc-#qY=G{d9Vj;)h;cjIuq>f&_05t=e0!m&*dr047lK3o5dgoROU7ke4Fg9G
z=^Ozy5V}c;T$}R=0KE^z=X`RT6NA$0Y@ggT{}E{6)NeH-{}lc)0r-N`g;RrNuf9qs
zH9Vns-`vu!oTI1~UsA$J^){>@3_V$TQADbdDkKij!HF;d<t-o<^cGlpORlC)4O%%5
zWBc)hQgY1m<*W?ni=Lg_eS-)t;Ig{1r_6^^Ml@EK&0k`zkREWle0jZGW^l~>Kh`jL
z=)p)JaxnVFt=|<~Jqt)G&VocIHUA7K%<X_|E(n?*cz7g`83bcg*Si5ffPrdvMkRgn
z0>Ji{0TpGiG|MQ$W~uiuTfNi>Uz+Yz4csR!zn2K><Ps5ipCS%r%YXjBB%iU+1B9B<
zYkyeury~MIg|FGZx8Nmk-+|H3KqBSCy=}?G*^H3AxS}7gK35_F@N^WJerjV;nOdz5
zJ~q8d=b$Z}kdlg+^+c7-OUy%gqZhXM6wLR)d7FVo&1`Gg5Vtrx**h5bG&}_Xb$JeP
zZauRcdwZ?4XMiAIvm^WUF5Y0}re;)PqUA%H=6{P>JP_cS`&>=Y%f1wszs&9p#IQ^_
zezfBiB!sg4?9)laptg`Feb!gY6tT)-HNkNL@|~l>S(EQ26etjHnqFZ!F5-V1C2CtD
z&jk=J+z!4Q)9qx30QagWCiY5N-#|$zs_bo*)g)K+#NIKO&#3?`Y<?e-i_W$L&5OkW
z(L!Ck9=uG%*u=+1CYf&1aKVuP=^Dbk87au^w3dSXFy_7J+(ZZjW{y>B7xpTTu0=Z5
zbhA63)1;K+QHcUpAW}z=#2XiFHR;ZpH-cF*lmIh`$GLNl9tzyl+rUjd;-a&(C*F(7
z;{2EO$y%wbUC;9vgQKkopqoPf6d14S$#m3amx1ly>id7hGdZv<fD{Xy6gk!3^scHd
z7Yi0FR<lrAsB4*O7OalzK5Gu`1Y%YKk055_$y)}kuXJ1Q-29myJ$e)Y=n=8~0|U|?
zYDyds5me>em^*-Przs&O_GYpDzJZ3ueaF><GMaF%<-Rm{-lHE+clyUj=d$IAKvxnU
zXz)by9qD0Nj+KcUMkYf9QgOQsS*F7`SH<G)5lstJc@T=9pP#op`G!vR0<$)YjXz3R
z81+4~AyQWoZwJr)MIE805nM>MLp&QZ<CXl8%|U9?wuLgN79RQeuiG9p-MTBkklhY(
zl(d=^2{e5WrNrZsjLg*u88BQ`dXE1@?39lN2rFE|7BWDRS8e!|=XX^9TjB_bcs?&7
z1!-Mf+ygW|tl#ob#ClMWbLW$(!4g4Fc@pGpv!GQ|26s;j{0}TT-$fmlAU~K}rtNp9
zv4g22G*>~{x?mBch^Ao9Uzz!c3=O`;^tnt9rBI>=KBpakceyDi?S_x&tUf)Qun(`B
zs<x-f2U+28fwtsOu4<Ok`q+SF<)nykFjmC&aC1vmlH0o^msv!-*n|Wr0Q;le9nMpa
zoSmD45OtM!vN?)dtMorlrGaiSHx{Lx;ASI#Fo35}cSuP~XS9ZR;}m36DkO51f3%&W
z?3ZQ{H8L{le^|Ijj-xcYB?D=|b$i*D4})So?59r$V)r>rUWp48Dp+7zB~Z-|gzgeJ
zmz{$dH_$}FeS9{jzEFs;Bp(8M&3yuTKjG?NM;xAo)Ymx)!ogw}BWJT<=V4*LA*B^g
z$Mnng@k>?6CngY#pzI33ff4t)=x*WNXx6q9FIbyAi|KhkKAsq#c-;NuAki}+0=~v+
zKsbBalI%sJDNY*|3<9wa)Stik5W#lhuD?e91)VHOdi9}z076`kB(%KxU6r?ZnDLML
z{3|hqNzg`NFsZzV(M3|UFU}e7m8KZFWIUpfh(cq<oLL@N?oShSt}J-ud2)y58LTXj
zCDk76Z>Nxqad;=&l?uFtntHK8;JOFUtH{u8TqNh>8guIOqI&#T5#CQkSeRS8-L*O3
zFx_k@=RlodOjYo0ny4}3r}**LLA1{Tk+7d{rF>EtM|kZ}{t@p!mDD{(5RdGl1LmNK
zo1m1S9NyyQhzaPh(V})+7wCi^#JKIx?rjoayEHg;nW<OrG;h)^Rx|L8oqbB$+4R29
zOulD*I`!-PS2-@#EW)45ak)A^J=bgUIsuvFdQE%~A#0+t{zNqv4--*}ZckbW8UZ$>
zsma%$oS^_r&ZrXu7wn(WMviNv@?4HJUl5ol%;?NdOEgE~*w&u~1qb&_(s&<ER@(LO
z9!f|_y{5NT0b^1oj%!~N{3_V49&nnNFdZ$5*aHL{c-9=ls4i(Z=I;0Gstk>%NWA_-
zK$Rt3v$Ei)>6tnp=sm0c$(?RF?u3Ddw`{YqHS@W|VOaspM>egP1GM*Q)Bq*;!TyAS
zOl=Nh${eMSZzo0;_@2FJiFvylTlfyeZmQ082RQHeZ^w7!pl_$Zl+7WjTf*#=K-*H!
zhenAWkbGII1u&;b0GRo@+q2(6#+rpL00j+;_UCVP^m<|Yj~Ui1P1{AUKJ^vAW=f8Q
zDL;qHXZH<)rNr5rA|Zkiq<RxKs&sO&FYWXBy>$Z#X!$S}=>r{xy`3(zFCU4#js%t7
z=<B>kLa-Rf42@#Y)=)y51>BCpSgG!Z$y~bCc81TsFHtHKfbm&W((nQxQEg4kV;IPG
zE3+I|>ACF+Ziv7sgy>|B8QzwGje@!*2R)=sm`exk`aO!nWi7@|Lk`r(L-E4M_BI=M
z-JQ6lKMVfn%Rt_38ZnM>3=j7pkyG`_^$Rs&Kwc<!IIxiZ@`cVBQek2J#8Mnr+3Y&H
zDkb*sv)1+J@YXtaoX(Sz#cjD4M#+9aP!slnrq109uwE4u(5YZYZK&U@y8lm><_&js
z`YMU4xUN4}Q*H9lDX~JSSA2{emtDbGYP8ftiWt<@y;_fUtj|aMas>sAbW-Z^<&JpJ
z>79G+ZyQ!8B*P(m?bv|AKlLE9bN#26OGb*@R0l6d!;Sm&`sJW5UoN|y@T1uikGcf*
zbF?_M%-5m<G_couEp*QZsjJq<r*6%wjf7>>TO;&8+z0q$K#tFGYNG9oT>UK*_Um_;
zr_keLT!>~E?SA}>RFV^ZoLAcY(s<~=fsKOW`gB*Bn3(Ya0X+YNhZe?v85WvAlQqoG
z5T`GJXTxw>_pU#uV*uY&z3v@hAt7Wd+)gu71+HEc@|5oXf1VOEPE60BXmX$o9`duA
zU|{YDsHb3_%E5s{(Pz8$xvP!hpANt&rCx)HvDT=yc2nT>=S{OPKX>1@<}Poqd~9kV
z{gV8>G;_5igq)m>dviNitx8}Qnp4Rd3fUP&`EnOPe{}cI9E#mH2Uh^RfdvablFjZL
zxPMp@Vm-Ld!@SqX@D{iVw$~fHRpN78H^0!KR^S2y@zi$g6xf%Ri{Jq{*NtGnC=ARF
zQmP2yKUoAUjAoNZUw4&_-XU4}^$CXFggCmXT0d4vN~VY=A@iyDK_tl25U0R_WnS8N
zXtMy^9}@xIKP?Cvf*SO$F!x+D^mw2W{`E`L(Sdz)J!X!1r~^ltW7(aDM;g6>9%EOb
zg)2{T^;|HrKG4}stB+*|<C=tIsTFSj!&!lX@uj$2ZjPdp(6Q@S<+BOfxkxds-FIKr
zF78pWg*yypejoiH%;k^vZNkxmqAmJWm{Lx~RGeZre{J{I&vot1h;6RUAiNckg8lDx
zEr6`+WUgAF!%IBO(3MBeQuj|@-M<P3Xg0t+;Iv|0)0=@621Gph54U*rM+EBYl^C*A
z!nyv59@JnZj<?>%R4IY;R?xPlKCn;a8x*sIL+g8aumtpwnV_&o&s2NIFyqwZICrkY
z&!49bt?KG<+^W3$k@I?`Tp(U!XG1wpwdS)zx5z$%RGAKuJlXZ~%7EqdS!E7a0?QlD
zr0`Ec4+;kQdU;c7Lfd~Y?_D^syhJ+v7_kO4i*s#`q5&%?dO@{sBrX#P*hJuJ1xGTh
zSYI^>RmO=0{P~>Mp;Hd=(($0?SY<rAPC$MLLhrhM^B2A?B;N@+dIA&KN|$bcxCj<l
zS>E}Mk|m<lUKIJle<duCAA!bky#QG~*)-P+aHIlRfOX|FZ&o8IawecELBe_&t`NAu
zQSd8}oHRr84YGQK%_0Bss~8QQyu$hUFEQT^VzPg<wIm!S-7*l{Ox4?edrLiZ5DNS<
zcsDA@NceQRA9w>T(hsFr;$jv~Q<I&a-gJ8ipbkACzIXD5?eeMBWSdUU%<A9ClUXC7
z#l_WbV9N5*JDQC|lqphCu<mE)Y1fK0oEf=p#IJQzQnE#~5qdvyS{o$+fiVhu+SA-Q
zM*G?v{|vjQWO@z8hFYWi=UUj;hLy(%agB|cN%<s_oR6QS8gEidTs?LZ8aM(h*0*3V
z?Kck>b?*^_Mz^yVPzB?{+wayyZPW6U_YIQeJ$t>rml^tCVQzU~zDd{ndswmmKkcPY
z;dQ*yNLu}!8Kpq7MPCJ7*`dgc1h8p?^+KFi+dK;PvP3>$5Y;!R+SxfvW<;z@qdXl*
zh5`}LXOcW;bK!=|{frjV+UrVTq0xlAZW5NyhK23N0c*VOU`0+`R+jzlcF;dQhwSxp
zL?wp&eh#S13{A-}TxlP4ZNDgV%c~+ua=HgZU!P9|OJE02N-q$l92%!<Ck}lamU;z^
z)v65wJ+?jxRX(mXKeVp?IcA<=He|-t1FoHh%}2#ni&P~4Y#&%x_93p^{ySCBgG5um
zkJ1}ut!&R`*EmU8lc|{c2w3`weFV0Uz><qtRUfN-)Jc2MA(A8^8%Ys@E2+@W6Kl%h
zE0B#0+YhDm@oPVZChM=w(;0v7Z`;p4Ry*ldBSn+fXu)Z|oAh3L)7g1v{7`O+gsJar
zDqPltu7_`2)L8AXgOS;6aD2m<O(6#4P5{$F2dHNK$3|TVG?FoN?W%a>BLAJdfiQ;&
zPSJtDecS_~TAEwGouUoIk=U_&7NwWMQFb#MNwKgQN!^J_${;`>eq-(1(vsO<Y0Y1`
z>v^(F#cVz-RXGre<|~JR5Cxr0DjY0!_9B#mCp8_FVWQz!mD716VW5CkgGDN5D39JS
zt(`OB!g5uFGtsMkMlIV5@*YXnkfeA0FrmB1sLRaNy4mIM@kL~b>3~uHui`ceIyx!l
z?&n{de9sm@iR_r+<(>b&!T<xo5&?mXkb15;(Db3}@4)2i2eC}JZx6n@B1rLgX&vfj
zPXRg1T?J=Y9(pF5AH+c+=F}m$jBgD)VyfvH0RG$V;_U8{z?<~+YG!Y*w;g2(TcHBr
z_K`0AUUI(`R5xh3oj3Nn0;_{1eFgA*a_(V1jLuaWSs&g1<-}>bmOa20O@~Lrx-uAv
zLD9T_-1+*k!fCQ63?}0n^f;GKq=oh1TZo4z-CceT1PT-~Ws_r6ak3VHP#r_8u5BP6
zJ3oy$4ujSY76SO+ukd?QE*-#DjL&frtK65s`UQdN-^<|h5aLOPj`etx(1;ipL;3AN
z7?dhHc(e}8k{ymx=2U?6wfX>Hya_Th+v&!XgMnfF)%M0T3hCLMaofcn=f}oYI)Trp
z&`hS!C6))M+{Fhu?SFoaqKT}x#cS_;DL{Nj;3M(psw1JZLpA#8)5XokY76}*11bt-
zCi0x#=XGn-zp~PkB_iEWFdW>#%NAX~tjvhkL+1(GESZ=n7Fj;+BXJ$|gd|nL?|1q8
zC6mW%9CPcAznIGm*rNUMlD}P@H6#_krLQ%rc{?iPw+oo31a592hVov|$0nijt|V4%
z?~<reqaW}v2uB(z=7&ib=!6W4SyFGy$|4&Y>Kdj*i3~5Ej%M|gT4^_eUA9|HbjA~u
z7M_ss-ZRMol9j?n-3bgdG&EKVBoXc~u#`26^BqdQOi;?XR=29trPS*kb`R(qC5#xL
zzlFXpXX{Rm;J+CC5NpYxPW!e=h>9J{H%LZK3%_O(L89&pf{fC*5?P$v@lK(3dgqyq
zgG1RJqV1S-ZHKKN(5~mzUe(4w=>E}}5JG|td~;RN%l9(2H#@5d$s{#{{Hf6;IZLDL
z(I&fDDBi#kF7L+;=4fl85*|rXz9w3X{n2uIo04`Dw6MQ|b{p}`48`P6e%GCVM-S(A
zVX129W1OGBVD7T*I3nfV6^IU{rD8Q38K8qdSdaPq5_MhzOEdok{zPLBf&owN0D9a~
zLP(R)B13oBl+!qY-MZt*vSKow8u7Pp;@xkn9W7eEI)l5rgiMlDWE)XO5^rDrYw~OV
z_vbb?-GYSZ+;C*~l#f_f$qnS3iUH?BEB6zsyG5ZJmh$%2y5x|*I5Bfc8PDDp8HOU~
zu=S@PI7F#VS)wR<O%<!!bvDSQI8Ucu;!79-sC1=w3Hvm)XxW@Pw71`q6ApPH?tet7
zkmq8{Y0srSsL*K^^z+mLmXZqyt@c%il%~aMdj&eI4r?cm)wzb$vD#H7@V;N5Gfip(
zt!%pT)xn6@kMVZ4KJ)HK$-?|&u;rlvIcMcgRT0&=r26lz5%2<OQO4;{<h?z!FCfV$
zim_u*r0o6m_Jj;=3+5bEX3t44btR=lUY<GS0!p0sok6GB5Vx*pX3VOE_d>KnmJ>lx
zXeg^uv{WPjGPKt?HhvA~KaVq4r?m#GG)RQxvW`JNwL9w7S1);942Vz5sdcutwssx#
zl`C_)9>qeSnne+-?NrTTHYf(E!?%T|Y=Ay$`|0uS0$}yvF0kL#a$k4sud?+6tTCNn
z9C}(aP9UZ++_9MKZA4k@Ii_n5a5Fny>>ZYiorz#z&bJ{|=YHMB(;ehvAWpU4zz%~+
zP?y^xp`sFl&f+cr+9s0W?^vy;w9Yp#3WnF^GQWNMW@Jymr>wX7^e*pdk6k{z;m*7`
z>f%uB>A|iroXeI^G<-_Vy;7o>LN)bDr^N$$JKFVtsk`CSH0WP0fGiyqRTxp1vOh34
z9<XE1wvJ^ZY4sVxAu%V@{~v2_8CK;Qb&V>ZVgZV%h=fwoC7ntrAxL*gNlSMch=O!C
z(%oGOqO^2}bR(S$&Rhz<+xPQ2=f`*c?CTQP&wAD!GsYZq%&*vAC1yu2&yU_JOiW1l
z)@L((QG<~Fg)eAFh13Yhf4_Z_t^9Y-ej*dm;l_#2YG-0!ocw|a6YL{}kM;wba3q$+
zFl%CP>slYm;U)16LD-`x&Du8$;`1F-1jU@`usj_1o}4)|J(QQn=*?FxxHjT|Z64h*
zN>{ld1vqRn#=YjSvBm!UwN44%20$`?U}-!joMkm0c+`<Q;bO_B)p|gwu?n4H!K2Rm
zEk9)NwWhNGXH+u4YqH=RWHIU^f=;Z+T8e$c)-a|=Nn&A(FVvh$f4spfcsUTmWtZ0+
z#rbII9jBeuLspjpgYL#qtHmqHx|Gk2ch{yE%_q@4Iu;jv37K@5%_o(mG87p4_0Yn3
zHh%JBK<lVUHNv_Sx}rCF!TEm!@h9Erju^Ym^(U;uv%VvP>KPoTbO@h@?rm%Km+xcZ
z35prXrplD2Y3u5K>+xPN`Wm&=7xGb8g$sPMVxBLjkjAq^h&zmV2g-|AO?9H)GZJuE
zK8;@J-HxAV#lQ-k6??69ave_0GcxL}x(cRD*-E8P9z*3<GL4KpULfIsQVzn5uVD;+
zHFX-5#rpE6F78mVwWqmxA^|I|)w+OsF_SB0@)A)TiF(UaYVjp9sZz3S1&QL0`%A1s
zu0J9$xMAkKLsYSV=hZ#ivRtF3PpIce85yNu)LE?Fs5E&`wmKbRzgnZokWf2WS660E
zBASch940~F+n+ByGo`**t1=t@fSH2EcHOPe(wxx4`@l0SER17}wk5>|?n0vFTnC4-
z`I@8M5n|hTcQJdet)?z=gj_t*x7GtwI919|DpiV9xx9LRnbU5<yEm$bw_3OMk(ckA
z%eUsIUIk6jRUbT~>K(E}Y_fXwljAL9^S`N}Htfw}mcVrjv)f(=#7$3h<vqSA2GF(c
zZr-XBZSeQAZx}L;aJEw52&t+2Jc<i0$n@rQIWdqxd3(4mGsR)O7@Cljbki-jpNR}8
zM2$OUD`m1o$VA2u{cnr=E5xf2MVejF4;LL$Tdw_&-+TmSw^1Tm<FTm5T{q89F9<u|
z5MBHE=taCND)uAqTgKGwVcZct^WEv%uddYT(#AM`!IA%l)O>n*y*n4?Mu}~$jGC4c
zFQTH!XQ@zRS8k;(sX#4#N>U5A{hpScexcJwyG$6fVem*X=2gHRGv2M-5`70J=5dUC
z6UFvyJHNVoOW6(-ruuZBAVIz>DQpVK@Pr7A5vFxn29#S!{a+}I`1|?Ap@MeLP)g^3
zdS{HA=Sl^W2-N)y(K4cfz=JoYNPe_LfIu^7s6y@Ga{lwmg7x=w7%ag_t<j2YRfm+u
z&dtju6XK=7E0bYy0?9*r(Uk~Z8NSI9vkB56^b5nqrZEhL+7j!5hnAr3YE#vF$EUbj
z!R!<zWm$zxwyZp>YD-{>u2{h+q|m+h`gq(tm&;ZAe^5@WAP^k2(=E!AnSQnSC_2M*
z!rEgs088(1`<ao|hAtI8a?bNVN%jB21l%58glHy{jaFs0Uh>av89R*(-B1P3fVe8z
z)zF(yS*e3A)0|d6N3O&`zgmxH>L1OW|MEMF(N4F*;m+=R6L*4o#unCL%K#o8(-E$)
z`*Zx2F5nSFK(uM|(4N>f>&W%+#*{Ji8DAneh=*3bhLK7KFV|oXt6Td-oH#NmC<NVJ
zo?C-py=dfByCn%h?>HkjazoF)S~O&TvXyhCYai;tzCOIsx-m~^%NH3zJSZwUQL<(2
z`B_ES4|O+B)}a?4uWW==2Cfy4I;V$}Sf^C13ZBu~VhL8GdDdK2Y`t`g_`CUA@n`Bs
z2jQuTB)m|%;%1uq^zxh$LRYOEx@FCKRc#isK`k})N&;Ie7wPg=et3UJNCeKg*hYCT
zKgw<cgEuXBmweVg+zq1qD)L$+mwIaPn}4<`+>JJ?!6lo<!d|s>CdWJtHxhF4(irwf
zjaP_A{bpzHY4v=WSnCS#nPO{_Ke7LRB|a5YNM}A?l4GMRK6hfhTpf^cmP6`G@}LW1
zGK0_(zoF;%s!o?(t#e`G!G7)Uto}J?@S8KQPq}&C1^m7OV-hlf$lS>p(KWaw97}^G
zC2USAG=&+#sIn1Z+u()Q8mXY&I-GgWwv`a>OBo3n*?euK11}|n`;5V7tEBce=05sN
zspR!FXQLQE@k++!iHL|lChq~?O0mhX(mBpFI?6t?#XhsOh3tjR(jn)*U+a(9<0dzt
z&?`K!^dZ1(gvn-+a(3f&+oUWka>^7;h5fx?lqjpib);HYQdzpy)8(^!_UFGse`_Li
z{MrZCL%XVo^AW;kklkj#Klsxl&gm6-Le<vHroMAz)4_L`nD~oKnxoHm%9i=pcZ_V_
zBAM;1HXgp0+$m8ia!cwfGI=gHWz`j_oDN^CsY{h6Yg(I9FOTV`)j1A#F@i@57clL1
z6K^cF=KZli|Alc}w~;`m-0d4%&I_d|Cjqf<F+gsCHjQH<eprO2%{MHgYwDg>o_1fb
zPGbH<GPV#apriK%7uy4q@D9vA@A~v+d&EJas;sZs0Ydo{+-((OpsxlTAy!=WHbA0`
z6j-EI=y~~=90hbAp_Z`*Qdo2RpiU5Y9=m=}Tq69wB52a3RHw%_;&WQhCPo9NfE<vQ
zyu|#`T+GFFd5!U$AGL{+wL<n`bDImQ=cLn!J~8SvzOBr3LR@^-^GTs+6ZrP+BwP8+
za@lICLOujEU*6$_K*@1lCx2;pXi0CMtE#Vf{1oH}BP(_&*u$*LU30feCtAxb-y|g1
zt<8Ow7-};LS?drzB833zEl<3z5I)l$etG`lG5Yq$Qv3qa#+**CbEo5ceO)<fpY<DB
zgFl$0L8e4ej3rX^zmWD`{3nL)4{Hb?cwT6I=jLf(HwyarzytE(T6?_3*tBe&7iI(Y
zqQ3b}{{yPlH8mH+X8qOH{u#a2$U8uTvOpKJ#3AX+(-E};&X|=SJ1RCdcEl{HpJ8{J
zRXZsVq$c0fRncdy`_;1V*YL>qRzURPWuA{uCJ{{ym%Cl3B%t@lGuo<9U0QK<ONEvU
z+a?;;g^A^^JFHBy-#iG#{h@r^FzRwd0|lNK+G6G6W%Gs1;(0`>baEqvRvT5jwHX#_
z2&1I!?qo0t?{0|(-?&IM?H?;OMR`@V3aSa^*BbZH+&t~@!YI1@x47+f>F}#9=Rz2{
zzvgZ0mR0Z&F0T3_3&iC62l;JYE;saMf?ltm-1fiL)K&&y1CuXinm#OnpHD2d8_ESF
zY|u=Q(~k~7B7=sh8YMv_%HahOnQ*yFVvZ}7o*+em!wvzi<;n=RdX&lZaJ5VI#$tc1
zjvBLad^oeDaR8aqJ<yn^vebyT%LNTDiCe7Vfl%C>!#&$FF>kRnP{^qL*jnS`-m<tx
zOff3<6DFJ&&#P7P(qi(LU=aXe+4ApQ?&8g^se|E`QiuDaNAsfIHyIvQ9qv)#G8+^?
zApEGKqr=M~HX@SCt|N|8H)?%e&qIu7=jvP3rwqBWiBeN(;;7i&9W7As&TV-8C@|1~
z*<fL1e{0cPp^+US6P`la#cxIo5R97X^XArpUIiXCW5b>dzil!v3*L2J3J~x9s3%IT
zRFJZ2T1SD)HfE<q*8B1Q1A=*rgkV_zKrp9mkod7p=Q&Xh6sVeB3U&yyh6WbimsfFO
za8R*f(spRw*RP^`bC#uuqQSN9CS5h0@79o|moyKi%hQ!^4J>Tz0%hhK#8%^Sz8Y!|
ztl8;6;`*YbXh<4qtZ3l9I0@dPgY`Vk+HCu3r~R#tWC``kYK;eZVv%eNdRIE2&qZsi
zW>F_OSuBj&Kv%G^6#JU3q^3B=C8i2I+!4y1m8|k*OaITCcWmZ;Llj{KZ3TR0yt@~W
z0gRhJuqlH?JgsKEm<ycP%8CQ?t&aY!!WYFcOY1w&c(KmKnqL$%8p<f-*LY^~Mw#V+
zT2WE4l=S?71^BAb!t>sEcumE6=UCDcCr0fY686Kq13@)~QDf{qvX<FetiAdSf+nG=
zMk0n2Gx+CXBQ0h$77`Z#e?>kZfqQa-`P9H)NvX}bFI8L+qkeV}#%)-3E&Cdo;MJ=U
zue+}CPNSLw&h^Qfzcac9=cmonc>nxo8qZ+FljZlQw9&8ij4@2QDz`1K-nc;yp14xv
zF3_z4VSOL249-L`TD@y#a36{^p7wIU#l;o+K1#zOtod>gC}LT9!YWWj6%28l^ivaZ
z%16C(gZ4mxOe{3EGsW8L_HOWqe7?tJe2&TZ3Vx4ELAosw3lk&gVvB>t*(zp&4yuPa
znzfS=rorkm=d7T7+LNc#bls!>;zdJUwdY+alJ%E7t)}{Nwep^Qu_>y8!LKFM>W774
z&0BLOyn~E8&%YiZ=07&sO)?r#%!KwC`1_d&6&Wk7Jk<p#ibJF8N9=pL2p5EKmr;0J
z3BVZ6*`r5%@`KeYyhj@WUbsw+na!H@=9BU^^CZAg3<OH)92bm{4GvMaZ~rk$Qhb5<
z%0IV&0E>P!|1505xp0Xqf3_eRxdqYZUsAg{X*_#L(2Xv3Deo|m9UaZ9hPaX-K&jBM
z=@Y6;!>iQ^FH#Epkn~MK{*0TUeF?(STBQ?r?CUFtAAOj`T{ov?Flr4=_JZl72F-b_
zq89x#+_pbs)mZExw%v=|ojBYl^aW?8>Y}RG9LQD^${=a{`h1?lRFFI=1A}DS&25mc
zM?wcFP4`_=rlM9#h#goy15b4KXDw#4bUkB-@KpkWEWNk4xt{xiFm=E6GBT_@N9g$d
z`t51&n!0JB?-O9p6Dqft29rbd<xabA4T9vaQS(sWu);E{bnz0zTHVPPwRF|1Dt*G2
z7$M)nz~|6b$xnA;9IPrwWK=koGMt(cHC|A8UsE@<KMv0iHt0?l23^gBhp*oi)xn?`
zU%FuGA}5<d=}P;{c8jaz-W5~E!WaZ>8q~Xo9}YHqod+4LPpt1>InB?+U!`SD^)w5b
z<A4sG1ewqK&M$hFg}ZrLOpAp~qt0W8&YqWP<U8edaM5yUMEb6mYXL+iyQKFdyZgWi
zrm69JRNaMOOuF3P-~Vom%V8Ms#no=ze;WXt4Ns-JipB=JKY+Hb0G(2sHk-9P*%ypd
zo}nSBq8yO(^@MI_d#hOY>)6{3z}I<vbcoPd=%L{-)pTE6t}M<Ua@rm)i$v^iFDQbJ
znGz{dZ;tFq_~SwAr37sOVI&HE1&vL?8KBlEImFYZ>#Ts<xbT{dzsgW5l=?uxowS}7
z`=GEcx73c9UNR^Xg(`x@IE~H%6g_tx+h^9&bDIqyw(#C#W!9xwAOcoR*UU^y1UYz_
zl<kXJNf&o!9)SwEHUx`TuUygOJeUemZ{%F5Fy4>0_!{M0_2bQ=BD2NxW{=I;*a}j^
zC367SDqW&oG+jX&WAu*S-u9F+YlxY+n9*HiC8#y~@bWOEW@3!)<&ZBJot*l=T<4DH
zuhMZ&wY}@YNwKgSY3$Q`J3BX}A@Ydev`M<}5=ZOi8GSa13k?hXwwot5FTMLGkz1$j
z>28Xa>e?ob1A*wfn`yE{vZxQi@Nk*X3D>7w96w|(KQGUV)bDFkyx{xW9VG$sg|cV*
zQWN7_GIJhSW0O^oLs-ZB-eRv*yWuJ>_kh`42jJ_s@~>?LfQF5F;G;rG8l8ifqXYSv
z2*6fWn+!jU*d$loz?mI)y>Mx9)WsFLAbSPhE!M(n`$K}#09`Mer)}oHpF}@<uP@%1
z=drN9vd_nl<G3+ofw-;f(;S9e(!;&Qsr>(AN$t4@2GI*Xbe`U!eCxOr-koPY^=^o%
zKg!!j!gs`nTN5q$=x$T6GX*3MIh;+j|1>y<SAG|k2wk$?9j|!L4Ja&Ss7tr?e2-)>
zGwHabKj2d%&^9jxloGVS|AT^523l803X%|v^h*nov);Z-sjyr{yN%04QWO|jozu0}
zOquf&5F&G>$i_ja1#t6^lZL1~6a9#S=<<3aoh<GL3eJ5W(xad^RAq0|L7Y%pls}y`
z-om8xOuuZZ)E9-UT?}MusP?XpCp-N03n1xZxcP3)K!*XHLC=@IJ_YWGj~vM;wmkcb
z((KL$uQukpMahdX#hMjILC0RG_*2!;&=wOTqp_$)x@CKNJF?}B8&5|@rhvZ(h_Q_Z
z#G$jp3|hB8%w+I8w=7;P-x@IVw&qF0TpB8s2G*Y0ey8~M`uvPqC4pIZoANna*R|k`
z!X{Gs_I-qOnWa8Af7W((9nL?E$_t4aN7GLwISy(GCzZSJ*s#D4GpDA#JcZZwaNRtu
zLKzskOim3z{&EBDDt5$t{~qn_)sc~7_EOvS85zEJ;j%emVT|U-<fD`t0UH(^quvZf
z3krE!B>*VMpnK)zp(VNLgHD+&6~(TOkMrT=5=prE4od|zH=^Xj3`#*A#;{S{1wm?H
z{rSM?Xxl};X~Jg)zgaIhH8}5Z^vHy{n!{1ePUoDe3$w)!7<S_2Jg5;t+I}ZauxjUH
zOcZm}>3e#VpIp3Z>c&>Il-~YzMUQhXKJni~1a_UB4=2CZz6c?1+%#lb*%4ee(F|JS
z>&>Az4G<CzSNMoL_!eN=d2obj&^)ujB-=z-wuALb@NR>!(9^N)XbNAc$P1IK^bEra
zO8Z-bCKgK9&s`(~8s4WN6z&^to^B&Ay9ocX;>RT&FwVc&Rjt+d?8h5JbRXCoiQk_u
zy_O3XWp4}P<PV49(djqbNMr9-gY)+7Ti=wFd&PLM!G%2LlWzy-ghPvga$tvdM(Y9!
z_RCy(ee8c;qSE7!8urXTwq96eNSB>*J`_GDic>ngy2i^huIH%W#_w0nMyEeDg(KH=
zLqsEfs{HMRe`jE3zgLnVIq{fygoS<;>5d+UPgpZG<6`T<^knat6bfW07G=X}gGF+m
z(3gMnEV?^w!uek>a{U^;OSMvtflR}DC^y+(35ow_sV^r5N_|0Qn(wW#x=+e0)yO?_
z&VK7drO_J72BWM!GvwWC1PJ#n*nj&*cPU_b#4h%5;R$Lyixwa`DW&}dg%HjD<~E*F
z?d>2s{>@KcB-<r!93?6A)s8K@=>bpz47BR&T<16_f7>8eD<J>mnT*=z>%v=0hvfbH
zt&@JcYr`$f!jrc?LcaB3wx_9~Ms;9*8KawL)#i-B?@d8VMAAq4GwoR3)zoo$KK?8A
zJ@Gnx-+z<xFv_wL9~}R1><$t+<NtC-jA2WZJzWGl^d`M3Okw!-jdQZ#sXa@0rafLY
z0;cm)EdM+qJ-_SsMlFYNawku9K|b|}dDZxGD8uTG84W=itE;IgYt|d&wZWnU*3WAZ
z3C^N`8i7ZcRsUw@TtJz2kgI>qA6Kk@!YjEZfUJ2v9^q@P^#a=3*)@dd@UJ(erUWjW
zAZLA3Hx#RyYOeX5+|Iwik~6=V4$3(eDOZobiNZs8VxEAGqr!P)R<-eCsXp=7jd}>Q
z!<46U`d_WDhR)7@V*P99Pmr*O4}O!r?rpFb3;h1!UzKu5d3{&Z=YQD>4N2fkP!BMu
zWnFjkR6Cnw`_Cs*-}}YO>T{3c4?4ctHCK_K8Y$&Otq4io*CxA(HYBbl`<n+>yReUt
z`kkgYubiU%we47eDAOywu|~JO%_;aa;ze(X|92JstPEDc?*)EY^j`nw@p4>~LN2g2
z!|4!JB)<$=IQC$RT52$lU-q6C9EjKL7l$ff^-V@4Pe@*W-;WEFzrI9CtosQ~%uNI7
zcik(a*ayE#wNg(-u1Ak?{{GC@KrBo9{_3<M0D`Ccjb(2A)8IY)eR6595r-Y$7oxYw
z!Xc4Kd}mS^(hzY=gVORVT<j>uKV|SWVz8yo1@7cD0MvJe6r4~oj~DiM7a^}kvbM{q
zggB1BB|0<G5_Jt^>i$X!W9~nKHl8OM&r*g@oftV&q>;NUyAUF*5x=?r_SV0Roc?bk
z7ag1kLEEo2LcflDw8FrI2`3o2fSI;{5H&~O2HO01>~Xv^SzsT`jj@~cAQPG%Ni;sW
zy?-_ixyfudeup+g9v@GB4~FNO!BwQ+t@rZGzJxFG|N9FAQ6O+VJ-Z4Fd-;om69!-}
zT;|fE^V3XlBrH}sSpIpgBY%4l>*ZR>li$NhyTE*Yzow3L#P%fsl;x+N)BQdYBUl=z
z8u8M4=-})vY+qqMzFL1DjGE5h#5HajQM=<Mz@kPvrksMW!`2W&6q1s+1jwstQs~(X
zBNz7p<@Yixywa&@<wTe+ORH>4$^9glT8&z`o;MN#^Dz}7-?OnIg2BOkY5guUn1lzS
z9|%RQ27Xa-UW)`J8p*Jqhl1<;epu(6`C6SByQM}<B)3D4e$`VB;N9KZWHA;zF%17b
zVMIt~D8b{2&l~v1w~S~^6loqqdJ8@mULBv9s#w+gbYMq4W%L>&4g=nV_YXA)27D#Q
ze1k6DVR4CvXb**no}P`Bd7%l+AgfqSUEMcEqX+4c5CX?%UARa^W;Fqga#wCdNuO)g
z)oEy5ikNB+>lAPEXncTz&7YX8|F5P6WK;&{-;I&hF>ZSCk0q``67(D`m={#OL?Y{q
zj5-;eR9$d^4(|SMx=#i_NElBd)9aiZdaa(i6T%N4k<1wsol|Mg#4=>Eq*QG>vqp=X
zJhdK0Su1XaTal!xoN=O^TH!apKV^#Kz65%{3w{^$Y;$!(T0gHAUHrZ{8x8R_3@GMY
zs1(CHzVv^u?+c{kIoDW{qqVgA%dsGDhOIgrthK|S468Ft^sB_RN`t3P@t6w>Jdg>P
zB!OC#T<=pnG_0S6HFchZk6-0-8A1!jV<91-tPs<V1W(K5p?-zN!asbT(xe#@lsGah
zbkwJ$BCkYM9ODliGJ;JH*SAL_t)&%mpIwdVdl<uMzT<jOXj9D3u|HNnT4WN~IhTC9
z)uZDEtb1y)KGn&-|K*kYe^JJ6-biZub6Q-GEUUwkBHnEMvt(p=qU@Ls>rW{Befy{r
zl6Dz>#Xmo1TD}%u$+<B*P?;?7%A=`^B7lTuDFHzdvjj>SmQI;GPSI8i;UL}+2x)5*
zx&h_5+}_7W(opcDVYHaG6c!dXqw=Z7E;JogBXHiiGF;DYq1#kpw|<~Xnng$io<p8W
zzF2PfthsPlp8eePlCpD<*p1T-iF6dig$vAGPb5XTXH>HKd0v>cWks3a-!!FS9Za_Z
z@H4&Q+Ml5KzYfQh6j`Hiqo*|z=A(RlY{ecRS(ay<_$}@~JwtY#;jmdEoVfPQWny{;
z4@~tdd^L|yd^YUG47#&u&S4&qV%Phui@tc~jEao|5{<@_fQ<P5{ONBZ8pUPzIW%Z>
z*A-oSu`4xTV;K=@G6=H|ykZ-1O^O3v#nEVNo=(Y=oJtT{vM&q3SRADBz{G#iuSx0^
zJ16BAGQ0lOE0(|TRX#$OFtlX5jhBRZDhDy=J3vm)kWdy;|4*|Xi*y)rgg27P|7YWn
zgvrCQs_HC5!q6QuCbGSByb?%C1%!fwJ-otppHY6@qhZU1V)O1?DWG+Y&^|>5wHJSA
zr)mJCZY^M#P9MULiw;j!y8gk&S!-f{d3n9_{MLgH%B-2Jx@ufN;CT=fTvHc2FMjLa
z{8HdNy|<?Fxmezfb@k7^RzngiD`YBk-WOtuL9Z7H6PZ#`a>`AVJ49nEV*;k<$kJ%3
z@o-2{p*OVaBgNW|R^@s(lFbo>B-~{xF_UtXMJ6PrCC0HXOa(zB;XOd7dZsE@>lehE
zfHjj@0MyUar*Rd5_pZ=F_iq5y`<vv|X^?uj?30qBY)1>~#-x;K86;#Z?K6;7(*mua
zYoAKaksP!%EWcrc3dB-&h17gk7ICiZGg2z5CUiz_B6a88M4;|8+%bkyz|_&<ih<K2
zkRAN!suae7_c7O<4oNq4oWt^vB6p%`D_R=2yh^(op<20hCKCGO_dh7;t>QtptWQpA
zd*n6KQI>4Pc@Xr7DpS302p|tj-k1S&jvQ1E9z(}>B4}sC2d}6Vn^Yn>eHe2Of4oN$
zaAeZ&Oi{`84Ch$vUuO@pez@WRr2zB^7m(Nu!2aq}*8RkQV!O<2RVq&=L2X=-X7hF<
zo||Xf(0&2_-@faY83Xf(JVyjKFuJSahL2sC#$}{uxK+5SN+Y8YKQP@EK};;<MFfh(
z8!G2dqeY(IVPb2C)G)0DZcFcz6=2)wp^5vXx)#%_mfdu-?{8`tARoxHdcW9TIe2~6
z281;FV}dDV)4qMIBnV1^K_a(VtAVJ}7|Cv-y|>}h!jHuDOE-It`m1J!!nhrR#iBU6
ztxJ$)z8r=LovFtDPijTj^&c**!N81CuiNaOtrc2su^aW#<Bt_<PMifY-i*;qmpA}*
zI?bUrNR}y~e040cxZ-giSz$$TQh2snIZYQ%J>E<tTFR78{vcUhoB*~n&vZpiYpd1c
zc9xEFDG19<ffM<zE}x-r2S(O}kI3)F*w5>y8dE=7HX6+N^n7CdgRx~WZRiI@t5YIp
zuzC!AW1-)ihuXpBNK?zlGm|oiQa%WHz5QioQA@TaoVh~2TCZK)Z*MOSP(1QZjOGVO
zkRi|^ril12JN$d)f3@BWr%im08=xz|JKnAgVz5$*$wF1Bp6puB)(%P;9d}-!U^~^e
z%0d?h>uHxW<Vwt-77}5~f^w#O0e2^G5Khz7_c(s3Br#kH^{NVtWl;%<5PwopgPuq?
zPs%Y`T3YcK=?Cr(-ZkYQz#|Hy|GfHt+%@_NWVO4<!pNa>3v=%*-&d%M3Bw5A&0N4j
zMU|9bHS&qV^G~IX)j$=iL#_ve;l09cVhU3bpUQy0EwYD(IGbm@5fiV@ugvAiIxLqh
zh^uDpPQcKcV270@Bj@gXjx>FzrD9L)(GWnDBzw!Dm}ZoGp+hamuI{a02he#c6IS5A
zf-RGw77j?}4ek}Zg<2%@#vn<k&>NRq$N+&In1aGB`$B6VRaz=v_X&k+S%G*!B$xV#
z%aKzh;RRl5_ES2|CJNbZ4CR^)kJ%kqM2n2~WL?4$exo%4`=pURxcRZmhgu$rGT)rR
zwdbiy)c(u0KU6?g6C2EaU@b$3_p#6DLB=E*(!`@(b%5PHF!%S;t```MwZK8c`leh%
z_{kGWiZX65K{mYewDU|`46E*$gNM*Fu7g@}xVNx*$yxVlJclM>s4b|PGy=|?+?jrg
zk2!w~xH_9Qg&TPnY!|=By*xau#pL}aN>`b(-9i|}VdXzkN!Y2L{3L=5@M?OAex6Y~
zy}%Tmq_${oD)6aRDKSdV%7B_w@Bh8sUVr9>`fVd><4A7oVW5T(%d1)i(LQQP+Ub_R
zp)26HJ9Vc6DsF?!)_6=0x8^tBE|p&>fH5YoFzi+I(6BIWvhl@Gi8-v4Ezr&lmA<Ea
zR5+1YJOYcfltR>GHc>BXYg+<Epf-h$(qx{|q$hZ|_n+sC$csKp9}~r4OJiYnnDD*B
zPfA861l0vEOH>``5#3YCIm#J7B_m^Lm#UVYl_bwZnud$LRD6I&CKODI^yxd~^lVR@
zS%Y86xmCwiT?xH8Z*ywtU#viMLC9yyp={2d%ln+^IH-Zv49K9>S}K%30^;H1wkvF5
zc}WP#`k1M75H<`l`PF8pkvS5}g3fkfhl8yh$_P=MHY~c>70R_4iup=!F!1N!YCGnu
zt0_bkV2a6n@{m^_7FN1%N~?bJfj5$T@GU!7i~vft*XYz#fUc>7c86#F1rJno@k~nE
z(Z4%9p4r_RG@XKS%ZqQ>RVfR|(QD^kWU7|eqj%xOcOvTzYeN=o3ka|)1EIO}4xWZq
z8UqDB-Wv7y*zNCkU++pm!S2rRHgFho%Q7D{E}lbBNGE@b?9bnH)*MhSGE%gIQZ;ml
zB1v$*%fsahj4gy)POEdt7j+JHR`+B=Xtx`pY;@ap*tF^|A)7~auOm_i`iqP?6|0>q
zk+eJeA`uU?2YX+jjU{n9DElU{Y+84h>_Ej2J-^!$T*vGjJKCuXU6l;%-pA+ab+se?
zq6S$-gBhgBBGBDDht8ZNddJt{*ltAwyw&{<>{c&c!AW~x2C_LyG1p`yBcL=eAE-F#
z+JIs_F>VwB(*Aj@(0hy;HGI3h)rX0C#Ew5+&*%VMLHshgMD$%8N}2C7i>TO9WJR1Q
zD7z!h`}mb48^De6a;@H9YJE3}6WW(OY7rl74glZw>}qTZBNRCEAUq-D-FqIM!T}|B
zsQyf9Ms0S8(gi`ic@8nx$s6pjTq?f;ghW~0w&=v|QQL_p!jB(+&&S$=QvZ~d)w6O!
zyF#0vV>c3!#L=%**_R4iXj3slMY;8KbQ%LBcv4Z>yUl{srlbdfhqZAjr24Q-%>{Fc
zQ0}&C9$?{_ri@HX+6(oIVcZr;R96V@Y>tnU0;^N&`ggJZQsaCx!sv!DYVB%3xBlNv
z&KIP~x&FuGTt|jW)H0+oGGB@U*AMK3j2Z{g$o2%H-a{iwG)fhQhzw5NI0ze7ZWciS
zNFDm1Otl)O7fHjSepGJlE%^7bNyeDtgocLp354I*j}N&)3xIZGu($s^9IAJvmkRO?
zVMW=Dc3$Xr<@jM>$uOam4cxl_oCt>EwKEZ=g`I18LgSVZ{7|lmkN0p#YYiyJ^NAn3
ztvWk96GcN>ixM+j4ptvYiatm;?#bx4*R6#?l1*TFbgs|*RP^0CoZ&rUaL34R%8xlM
z)k4i~zww+xE~CV#zf5qCYd@p55Nc}~G~EvhBUb=rp9CHnldiA|lDuR77>`mtgYA@T
zUrpV!`sVn}@v8~8Ko^ZhAc|?sIS?`_mZ{21&>TiX_CL|(e@`fu%&++K!^Lwr_q`wd
zPTbsFfAusMoj#LM0uI%Djmz#mF80Ng#{e4qOmXFPzbcCg#ogy;D^gu69}zB1b?m;r
zq2_D7beP#Tb4hIR`wz;>MKkc38|IB!7bqTUj6?nP9&jDA-c`(&ge$HFE1MMISFhGb
zB*656z4FpaYn&@y{$*AR11P8Vw+S_<Uk}N_0LjU!{jzT^NBin_<DTSJ(GU{?QPs0(
ztxH^UAbl+&Ut+)k$#gfV+?2CYS`7KnbIyy95?zW$Uo~BhX5Dv5x_ci<-3d-U{ANvk
z%^JB(_o>C+y~eR<P){|-@uXF6pOb3U6sjt#Uu*esg>>p**J5qoRC!8fKsZF_^*msW
z{Dm|6CoR7J&6fD?A(0Z`H{NbUJRCgsjWrxd2++!4G9o;b2@*plvJV8z?{JR;k(waa
zYFIfZSUFG!u$9c;#OJboT4u8{{qD&d3|z{VaMs?LB~<L}ioBN$sG6ppZ{Oxjaa+#%
zrW_?E9At((l{@VXqbRI7sI=6W$f~wS1h`Q@USK;wY>yiEz9{^tD+E5rX9+mHi8>vV
z4N@KGTQF5B>JlM?icF5yc`c!`$;n-z??3j<YcI3T$MOd0e~)$R07ZU%XoKNq`T>&z
zi4A%LEU1heWZ5OSHw&uX3=lFrd*uicA<%909Oz0PfO#WD;Fwc>C^KVW0+CD%v`S@V
z$Yq8{-|09!Kz5LQ^9@<TJhSOcgu(ZvPA*6!D4pZ7ScY`9pFnVxz;^#}o0s@LUDHlE
zR--5<6tXvp#)$rzdOx56fD*IL>__bK&08n9TQD-bpq9QvC`<CYC-Hi-gul%Q;75eH
z7P!E?CL3#u6_6#QI!hKVdS6dl`x^ub38)vM`n~Zv#k;)T8suY&-479w`wE3C;uz<$
zr#-kZM<RlqKMrxpZF;u?1>2*NUF;Ta^<$Zu5mlREech(snF!Mgiq-Sy%@20W!npN{
zxcU$eU_sYAz?k$`*yZO=S}Fnq;TQK{VYI^TB1i|NEe@8;6EKP`7Jn|14@%VKbp#Sa
z0^}@j`VAn0FS>-sqVn0Re`^g}1<CK31FD>UcUllefsD=x!N-7gwwUj>Ya<Ok15fVj
zS2z~jgYo@w`s5#)Ryd2o)%lkLYU+F!%x`)9<!g@5sVlOb$V?@4`2+z(bG!roW_Mgk
zuI!C5#mugS_xZR`hISDrepM`ViqkIVNGXkA)p)l0Cd@ax<rf?@+s6ghmO~kC4Bs#a
zuF;FOt1lAEchUgmniWwaqYTJP1qf`%4&Se(p@PDl>bavSFp^GtmSH>yEf2=MttF~o
z=^YGT3w2y?G51)X4gt{~h{lv7Tkogn;#N$2Sd6WQ#(^jEz1c49m%x8jkwVi)o?$O7
zzH6%c*$^6KGSf=tj*3@@)J6_1pX<Hs<ms9m7yB3#bH_PLA$Z<Q1;vv413TV8n@QCz
zl*uQ_QmX`^jUhWEW#@2V1C)<={mx^Pg(kc2F#&z4ORAM2w|m3OV~{1&W|k0IKG;-{
zZF!`Z$^XCvC(tL-8lo#fFy%l5_R%=`JN@x*asmOx)lL=Jjb)scYK<Ww2l@@FDJ?Yp
z(4zh7R$>gs=CK{43!`_AOh}Bf^y_f&$h;Y<0HL@R`wu^RifIT^zX3-_dwGbR1r6tC
zZ+h=XP?;4RWZ16}uwbc!!G~~-^J%<GJ3l_cES*b=*p%0E^Tg*+Nqk8l>kix{DTz$O
zY1x<-@2QXKj;o~H5o1s*-C%5?3~h5R-<^&~1e#&}T1gm^t=njrU1{K=B!ky2)nFj>
z&_cP;AhBX^{<S40_eM@`!un;<*w{t#YCx3d_6MAzN?lD*H4IQTMZ_G22M3e+`T5;A
zBO0!+ZZ{>X75qh@p|O#1{@|U-M>}z+fpcnPq@=j{yv`af9M89LT`vq|wG?Wikxe(&
z3jcQ@|I{Abp?HC8!GCH^=Y3K$!$cx#1otRo-_h%dMFNsP0up^lL~YTLuQ1j(i1`<&
zc8`Rx|H{u$zTRbS($5NMHuHhP&gVsBF6Tbeh))YaWOy2QP9XCzk;YM}G#Lu5;Hr6h
zPc57c`3hUJpdqjj`xO97G3st8C%)XB?@EQZzgzNfGuvg3^t~((tS|WLU<&D^dBc=b
zl|fYUH|L}_u6_mFR;J%e$45N~#^25(kVwhQd!7*W-t68_{xHKn2<SnN8~jN(ckR}v
z8xn*G=biQmr!T#p&V^K<0cMvOIOE8EaEg5<BJ%Fa&)zTABSRE$n9V_@<ZhZc&_U=i
z8*Zpmw_iCZLOog>axm2^g_LiTwVSmm#3j>vp*vl#tK74|xK~_6C@>Hhr??LyUrs@U
z(W)r$)S1<#`mD~x^FYzlDA=kUFMi7a{4W^8EfxnTU5vE13sl8wk5755FA{_Y!Nih9
zs6|}#!o_|B9d|XGggDSSi+MpTa>tE<NmF=k^yrKhMeildV8^(7II~G8yW%n8Aq3oI
z>TG^rM_^Qv4%&{Y&c(Y05>+-U1pUy*d_}uYj<6_(0r~AaAO^jPk8d3Fr6?QaR`()s
z0o#G1Df>A@o!~BwQbEp?Bxk-}TQInmS*;*SS;pqGkKyFucT66{qYy(7uU&w!Y?WSn
zzA|F|B-wDo%u0=h(`hYXA|njwMnx@`N@36{F5~3X`^HrPhn9!x&;Z7b9lw|5exW<B
z8|a)25}c0Wp+BQxsBZTUg;qLf4)$yR_-KmjcERZX{ZU25<`s@M6~kbLMk~~`?G$Kr
zw3X2qt9fwsM(@+>bZR7E>eiq4>uLhuI#68b)X3J7a@5(Lu(?R5v@yOQ`IhNql-oY|
z+?0bZ`z;D1c4b_9&rM5#f@Q@5W&lbDwL%?(=m+U)m1VW&4F(NUaKLWuX8G=IE;NBU
zju&Z2xtitN+qdXI<MFv~5}6WmU+z56IEi7Hd2XVtn-B2AyH9&jertE;H0ZL}4DUu-
z^DPhjt#1GC{BJIGe=RZ@q-^6^_o}tq)TwcGvw!obkQe3!Dwe#68>oB^kw6QIY3Y>Q
z+z2<PttH@uYarYinoPSV<75um`QyQ&B_ko-yUgz=I}$~wCVY~^JRXh*oKEqboqm5y
zSYup}<o2Iy|6l7$G>gR4K-j}czVn1va4!~Ys!Yw|>4=s~Vk-2!4GN8Rm!Q@-7=V=3
zxIhDfI$fbS+3ImkX34IsqmKM6MhYw9QpFviO%#xQG(c84dEY0zKL?=a_+UM`2X6tV
zK?vqw<!E_slLNS>RKnvclKF&bH9~rWLGsqV=2P*T)GuK|6w^TIr#WiR);0Sz1<gSR
z=yv$Vy*-qke&1sHQWy)(O3i1O`Gl8G&C<TaYsdJc%e*&BS8+pIIaA>}>QlKzoRwbB
z8i5r&i!=W;cNxcuDF)p9PRDCdLy3$NW#=c-?T<^v2he}LHEaXWG7eWSMB#>iHP6da
zmgsGpgvCUXAmxV#r-}`_MV8C<O(qEENfZGH72NGIdJWZ`o+f5OwikQ^j^7ca@pP14
zs4Q+aqxe)nZ3^7ju$=49_khN#f!5rB|4T**vTEm)$Jc_?u}InEU4nYr`->^K82dn+
z`dnK(Rp*J#Xt$<~Y~;-BflQIveVV}k)hjfoMd-yq^3M8O^8<L1invX{)AuIL=M*lt
zKI#dR&sHPNu2>T}yl}S=L_xw?PXjF5zf$n8S~F3>?<3@~<;1se5`P!M5t`%>d=Xum
z6S&TW%W86)iR`Q%YbPc6acwt0;!%I-T2aRSaGU)u46^I~^bT?oDUell5~s;LfJC@)
zYiZC}zu!!qj|Rb|`Pl&!P|cK+3JUJyvb{K!#BycZ25P>el%Z09iHTJTEC2UQ|EYN)
z*;e4+{>iqIYHe7bX#nLK{>*)SD5Ije^MQ<0qRq-kd~g`8Tt;Xov^596jRv(%KqHF9
z+brl!-3Cp{RUytgt^5$@6o-BX33&IZBCW*|Iv`W*%Y6#;hyKF(Cj;*P3<4c~mtTk1
z@8TTC*slPJfD$x~JQK2_Lqd*BQ}COB8)S|8T@6WEJY8tCE-SA}3Lrz^H>pGtVkT)|
ziE6`TU;A=H6eao2^-K`E@Ae*R>#;v8f)iK*6Ajs&_6h_I4G{(mr*sfJYeJXdD8Hf9
z`DbB9!}xc-y=R%+;3TR)MDo!N<WY}Q`hSCl&~?C#f{p0Be60B4Hg*+cJxcaEhkKwE
zGwa&iKi3|e;P<0HbteCz5pYpK)N5BHvk;;SEFxb04`QM8Zcwqd!9A{6*X%)QT(R1x
zLXsZ^yE0BB?7#W(9}HUIw{lQU;lAg<ah=BX2r0#L)Lp|X&w`3%2>=_9SG7j=_i;q$
zIc;%@GG2Rb%<wjiIR%ztSs+h{EW#S8e(|rZI)(Cy^o7aSM`aHL7p%@_y=lL7Vo$(V
ze|2`258=}oS3$OFhB4&&Ze#bKoO&!GdWK(mC;a)N`po~xr1+j+#0tGRfROl~ivlbT
z@B6JF<*yCE7*O}CWZ6#2Q_CRTGMgpyA`xKtlD&YQ|E9fv-h1o=JYo5s-`V3(<Dn!`
z7c|cNu95@h`+NKNSLse0|5oAv9suyDl<w0v!ei<8fP(yIW&iU5W5N)|aHk3@9&Z7b
z7)l&L=uN^HZmn^0A&t9mojaqR9N)X2AK@LG>$WEn;jj_&g#26b1G?PF_RdE)9e<wd
z)ERWKW(+Zv5)J5c46asACHlQ$r|<G<Jae@S^hgJ;h{pp8jQ<rx{racdDdb|G;_#$A
zd7L`h@5j;e3iIrYIR%?<HK~3(=4GKX!nb*u!9Q#SdN3vr{Vx6UkwjPFk#9Kyl1}or
zNAQM5B!XVNU@LC9c@n~Qw3oj>?$$w<glF>SPe5x)i*s`Kzm94g4SbX5+q{`4;BYT2
zff~A)<B^lDn59$li<3<ox(*d9<Fr^2u;Wjy$WP#(zu&Tk20n23+1-<7fmgAx>iuq>
z>jBe^AejLT=4eM4-?e|ARW4d!GJO?BjpswbMvae1Avr#cwhzYqrM^tnrHau7ius{m
zQ;C(a4HXDP4+zA@Jwx{@^5ko{;=!wyxd~i7KKkg$^ME(!EWv_;4ZaWVC;yu1Y477B
zRf`e_NmaSEap~TCx=wq%AQE@8SGZ6A?(Z|^I)kRvMMoFH>g{*+%e%&$Fg$K~deS>%
zr`_H#H;HU7jBEF*lTUule5Ab;OiXYu=<bPaaeEJ2QPKB`_|N+x_sXHZ?o7k_tHj7%
z&XbEwa0Pv`rtVt~y}s%l5hbAzzwks+;nJ&LNVqamZi}_~awm68g>+5itvyXkh~hTP
zPXl<MVxvO?3Nv0ADy34;OJ~e^LxdB!IdZ1yVNpt~_vmy)Lwv0`4}*CRMJ{HXeLDE?
z{P&~R<HSrTcWAKG7Ar{VbRUPkwaA;x9yj07&h_1RKAhvO($6KACUY-!&}D4J(oSpd
zjc-A0dk@Z2H&4vrz8bkt#^pZ39mOt<ab2C@LH=C4XgJmF*zW>QzRst6aDukHJYz`O
zSarn?Tye2qu977``MnA|N<>(w*rL~HD0^j7@3G2fXOvDKma4Phb5bO}^Ju`qX%h8l
zoHFv_{1D@RSZxwwG1Ddr-Tae4(P!kL64BL70;!|)JiDgr$^%aaAob>~RAr!4xg|rl
zkoVKr;X}iZk9sQ6Hdf<@;+qMIh{gTAt~qL4MxDyY))K523zX{gx3krkuBOWFUZqfH
z8QO86UfXW(%<Bvleh%CCGS1GV@J`_VC=JooJ7W)tij0C~-Z%QM`OVbXUh*X-uhrge
zr)PJ(Yw5mjV&G3kW1vl^7-^mK)=NcBD6bXA?9TN_k3rT<YF0Hh)pyq$Ol)*}*cB^R
zeVdO=Y+kUGoXTA5Sr<K>cC|y1Qt;8^nWLVdc?Lfgk7_TX0Z9v1k7kRQ%pWHU>nab&
zXM>XN^>HN==7heo*LVg(Xv>wm>obj$!T~@Y8*>Ot`~3$RxNdwG#i(znsqC?&(OA)W
z1~%u<B&^UW>zI~l#makxuC2X5%=`QMk)rk(2UIgLk}~E6R_u(6N>$ohA$u+WQ4m57
zM+$TPX(b3B{lPYwMRsalG`)=4aef?st;v*vwym6_eS2BJ6QLJO9;B<XCI=PelJv=7
z4(FyRW|AZoVRnbD3b6yr@<FTgn>cq^Rpt1{4Fwx`b4iLSX1vh9SaC{ee|k4;&PBsH
zR&ULSZi7;K^fHI@xfBl?N0&rMD5IV?ADdrkbztkG*3YDsb)on_=Y^6J%(|%?aNUzp
zB3(vQRjP)RM8x%`xs*#5lo)K<nm&kj-}{Jq*iYstue3#YF{(z4S$bR*-%u3pwAW1a
zdfv#+@ah-L{V6_?GU4&H{MhPhmFv%cV2{{4uj&P$mL4fFrx4*Q*NaT8^)oph<{?bO
z%CwVt*-KBDuxMdmv>x=t-9Hg%;3C7Cck^6b?FUYxL^u`nl{^N+wM>2C;VC!QYcO-h
zd&qn}Q>s$va>yocP&Aq7b-G|^VWsVSf#UY`26{q`08ZeJLFZYiksX=AnSG3=gwbu0
z&|JrLE8r*WZ><ExIPWROEMQ5CTSv0#P|rCki3HxegHX49aO=KNN*j!hP`pl~l(Egf
zc@COo=XNX979|u5_|J7sZO_XWz70BJawibIMnwtTT(nyLMbpLT)rl_SMYgFp%1T|A
zWSzbuX63j)d!6zpH<j=;2omY<(9@3YJpJy=WmJp7iiH$0m09PUk70D*d0=%=Tf+D3
z<;D(0B_2n;6Vixh__W|FC>c#NB&bj6TdF*WE%kBewW5yqk@%hcQJ<WPVJyp3WEPG$
zsqKC=Rt+0UBD^d`9*0~N8nn4hOV(Mnt?HU$s%*d7E%Mr<Azw(tWrLJ-qrtQn|64D$
z=b2rEl^G4n#M|O%^@ILBzLn~4Z=bDA;-8oL6w07v9CMS&(b;&Y_D_qAD>*pOjaPSd
zj*Sr?JyJQYGH~5}R~W3}#AWda(Cu>iL$zaa{NE~Ekc>F4H$9o33%lBKh+95v`@rU>
zss3<U5ZC%*zCBsp`H8PhtfS6`WDL6BC@3X(5rH5yqC}{iL!_wNJT?kCamK}OAK7#@
zO_(25@UdJpF>bc+Yz)m6Ha>G%OvX;uRj}lWqQCuJey7W!nM7`<j~H~%mu0D14GVRT
zNO*-^>AvJ?VAxyY&y&p6#nKY`V3u5qEKXw-rSRxwrTTOAWt2m3=du$8L*FM0vJ~c1
z@8<pNmC9Rxyyf!!JKL6*N{FqJNDzI}llw*bhN2Co9{DeOHr$91l3a@wDMwL_C0Kp<
z2~Vt^_gr2|YmlW$pVivOi19DhHTBOoXcS{Dc0V{Y&wt)Tx<0-BzWNs4B}B5W_p-IB
zljPB-H+z`(-?a1*J^H}jdToVHJ?o@7-3=KbXlxVyM*<TT9bzo^NxQWl9?hY%m7L!G
z!0%c^K|O~7Nz<D=+ts^@MMhywdo0k&wOoC4T8pLdH;r)g?PAfIb+@d%uz-ND@RKJn
zvsYfZG%Yw=S(6$%sUL^XswRN4iG5K^cGX^E&j`#JejLFPGQWc4`9Otv9x=4m$Ea*c
z{uBk<H1#_1c2}!&sgYFc;W}Md{=RD<g|v{G(<TnEmEtkPZ!^#1gZ_M`cu&5bgyi<i
zfnb+>m3kk%>}`Go+@z{<)GjG^`TOY^bP6E+INIHpFHiYcgU@GSf~3lNYtaCkr=Lvu
zh-><3YI?YQFrJrAba&Bs?@LAy%)oD52NBYYJ7YdIb%WtCfdX3R^$MS;NGfd+Sg8~#
zv=G@!cP{EUR_|xNq8_%^)Ri+#k-R8zexs6H@|kzyi?%3UI<0AAq`PjCZ-;9TlzmZw
z%Pf|+8cp<Q*iP1XSN@@(Q!%wtzC4|v$*Qu){Bah+2cu>}Z=Q-0z&Q!%=^zLSXCiA2
z04y>mFkgN7AuTi|1Y?D=t)k-B^j05T1ksTFW=Q}a{XkU+I&N{8b%pm8c#aO3L<>GC
zl7i4$9BKxO=>Un-{-#y%D=m`?*Xq|^-`EocEryLC=Od?NuEU*)qVytDmqZXxdgKzr
zr1xR<qFvrd8;uW5zMu`t9eRcibXtPJq};$f<<GKaNs$eK<Sql$FfUwqD)gq^YT~D>
zII`k-d3oA(KYvK^W>pQ@FB}ydv{fHa*Lqy;b$h=l8sg7Ar#HFLpMQM`XGI=Vwzj>R
zaGQ9o@9QeRqmb`VxWK5=R$#eNhuiP;Gr@6p!kJyGSuLPf&iBTC2us?%C-Z`wG<zB%
zWsZ5~KAjfqm~yF4rNX-?$h)ZoMRbVSh!M?-{Wg<<i##u+dW?7$&8Jh23bQGu8ecW7
z7KrT{Z4&59R#((@-=mVH4D>J9pk{}r+4qE75McD@`}eEM7ZyL1dA0P^JG4WpOq&7!
zrax27Q&Ntf+Z2i=2H7-~19OJdmAHmosx25@rUze|cp)&eANEJMd|+7-2`X)hI!AWB
z0O4sBZ~WlYXa+Blpm(7r9-f=ORa&6mv-*xz7eY=NJnN)yX-_=x=QFE@x^q9MNTr1W
z8Ci{I?^&|i=e>A=dbgf>>hPBNkj`Z1KJz*j;slPd)I+*Ogz{6~;d_{fr}+ZI=7N_!
z)79j}qZ<Re-|S*4``D&fu3VQ+t7G4_iR!#6Jsl|!!l8G7k0tzs>aI)DwE*UFky|cD
zk?PfQrDFQ3Ob$XBLDi4m<}&8qPm9!~_KehNwkJ2A)Ryco$u2SC@U5&!UYDvXnO4+)
zN+F#ls3&aHZ(+_Mt!-)$x+qMOw0<jBsnjH~woN$wmLAEpf4<bJ|6*erF1iigraI!$
zEA1$0W{V-D@4t{pcVLpKc$lGb)l99}Y2EqjsRu#pHLLWyCVIkOA0F<?ec#)zSS*q8
z<{&rNotD3@Ug20^Air%*z9Gx9M7PWclC`~bVn?djE+R6Bz$JHe;=%}~$g@F=3Buir
zN0=My(JuzQd?}4ThF;QF`LcV&%VBv}tg8RV5a*251^c7$scT(r&FYCp!G{j9hsy$Q
zVtQRL#dWUv1xgD}%?$s@8!Yj$7<|?!__*33e3rCA`a_K09qFE#V3nBlx|M7$y77-_
zuMykoviU@9bd+zi#I(&Mr&|v{y4iQr`eC$a6@JdH7yD-DJ?he0R5GuVVEmA@@{&#J
z+wn5OP6<8X`G!l1hFsM~BUT&nM$wDa?uUm|&Fi&-m-lA)EG86xREckH6yrPiG?lLx
zmx(l<C>rzC7$Y;Rq`N1wo3BFoQqGZ){ca*5ZxDt)wP)KrErK;tD5~Y#NO7ky4jq4}
zD{Y7l^Xxq@t1^k<X)CirKwYg7l(=*%zL)HrNy|t1K=3382*%%lT~10$>M-|MZ;s0;
zgZ`6cbe3pri2Ti_a|E-L#lzMSWC}1S^U}@lqxC;1=^3`UmZpAq5Viw#nmu0!gwu=G
zGIFqi+9F>c81iT$Pw!Ea{+2}}18&hSW&`70>NMF*%A>XsJ3e{IM6&~ls~s2P$l@NO
zki?Oppv0ZK#+8wG&CG}Dt&Zx`PtH9kR4j5&<+<lC&{Ds;o98YQlIDs<A%Yo4;(L?m
zyf50-wGQl|m57Fl=H`fyifuCY&y_R2sl|wusLx@e`z}msF>Wvx@4WcNPhVc8<fNqW
zrQ(r?xNgmwJZiR_WEalswQA|LZkAVVE>*P;qKIWUppAcvdQ*FT-wv-9^Y$~_x!}&n
zO=$?l*+vh9A3}+^s{G)G+Gxl75K)GO_aFC$Sq7Js&T8Cs`iAi{h(B~*f-O4Q=M0|I
z<sWq+-*nzR5W4u_ZR*U07Y^FkPS)43iE=EVYe)O}57!%qU1u`GIhXl@gB9OO$VGh*
zJnEW#USNuIZz-af=L;6!cWwGU`pzR;bM4!TOW#VMbG%Ab`LX7;&F<SGrCwhmBn+*2
z8RJpQ3IpOgrbd&nEj2IFnZKdX;&31QCOrCe@1{%sdaswWRPy{>TWlzn*Ijx^;Y&?b
zVK4e#j8M+pU$f!5Z)zuq^X`0K=1Ld400wR|Uyx)Ym3i$NqN+sZxr0k-r7W({m&Omy
zoYEEFvz^#mcn8ffwC~rIk??*TKmR7<^D8w$v@^FleT2gZcJ^|37e9I8hX-kCi&3B~
zP3rNP&G|T^2^$Qy)u>0*e^{{F^FJ4SFl*X*j%mr|=ZA*^MZSYSV+aox(E5xhlks)u
zS(%(aYQ4i63`ds|X>wWn;`zSb!p@QIBFFs@)jOL`x4Wv)_~X6#D|K&_Xf4z3RuRiS
zoAC+TZ4wM`_gTlB<PiuGroUy1mpH7)mAm^2q4$IprI|1es|4mR(bNnTCVRbWUrhIz
z2}!EKE706J%)UPuv>l?4`Nh?Rt7he~V|Gt+wB(c3u^e>$?X8#nZ+HvF^u{#YZy4@p
zbMnut8;kZ{Q&*qRo8Hx%Mm*@m?LN!fsph~Y*Fj8Ped$O+id8$kkyh?C%EQxfu21>y
z5naQ&aFdd#Mu1<jPW;bL(9gU=De3-H2LoN6wi?RiYdv#+A$G0z75on`w658XH>5tt
zBlz(CM&9b~5IZZHxaD;*?L_;{`PY8LE3ZRBv}o@{etkw!SD>G*!phcuN$l$qPO8vp
zCMA0Z2T|zUDL+?aGVGp_L2dYHtEO&X4cT%Z%BYhjQxCP4^R|c%r4dujsqIr_RecO7
zl@VwAgA7f@d3ZR2Fc|Og+X|o^iqofNXJ0bZ*3lg=#ATYbFCyyeL<ObfcCSeJt*Pr{
z2yA`priy+{bo$(_D<)4g@HyA)9Q?U)6H!FZ<TdpB@M7dU#INN>-udJsNAj^?i0ADD
z+!{^p+V9Dt7Eg#@9^i?zI(=~U{1NADyBK|sN+#?9hG$qQ=}&{%HyCIKxe-^$-(b%;
z1;nR%uwJA0>rMYQ?X5{~?WtYNcc_s)YknsiZH10E$*qp<lEpoCDoW4ct9WwdQH&|E
z5{rlVi^@xd-#&OF$_stPxm{9kHWeq{VM<nr>0U1CKTQ9GvV6q6XY=M%qko>reax)~
zO}fko<y?f`B9C>$KrjKC*$2WA@d0r%ry0E2ruDZ!E@N(=ee?58|0*k|OUt|-&PM{d
zu3pR=Uy1NvmWE{Ym03}Cw?q$NN8j(o7xs`^L#O4Q_?C(h)7h7OAz)v5);>V<v!nY?
z-r8{cx9uCRSkn9>M@#76)J<cvCEF0lyfl`bjQpzkT$;{4wj}=aLv%JH92Hc&EVi+i
zTK!5hb-IT^wrp8%Bey5_IxU71_qe&8?`ULSeZaHk{03W|An!HGOUJaIVijL5@aKsR
z?^2okj2je6*D!F|TyeA=Js5VoRpM8BuQ-7Rxk&v}ew{kz@4J#^P_S7^41b8^FA?67
zb$7$pre9gqvB}_Ad{6bI+xt6fjm97-kk$LReP6Ada)_#2UDda}OgCZ|v`lykHH*+R
z<c>)q=+(--tGc2@?>9pb<|AT}MN8klc)*-aIOAgOD`-Hs-5}L-YUcUv-2u$=X%Dq{
z?GD#+1sx82gY_<rV#exyyJ;W%;#rMjcWZu!y|K&u#ICIJZtp~B|9*9u_x%1!ymvBl
zYt{UE*MjaR0p~+8{6WuUrZt4S3z1)#G>LchqM9n|!u+5N;e_7Sue+G}5hfBnGC5a$
z?s~h=!=yIO6kh70zb+zMrt2x}s9-T|tP98+`0I*}U6<r@^)xTYvoe$?*8K7CG}*}A
zbu~-rdp{$jYueff{~ylYI;^U1Ya3QXDQN@*q?GRNE~UF0>5^^`B}5vDO-pwP(i@QO
z?v(EC{wC-A^qlwkuIG>Uy)OS)ZeXpw#vC=r9OJ&fb>0?<z1=|mjH&Y&GZ~#3P_w~|
zq-XFL4y4Qhh(5XGuDzog6MgPD8t6NgJ59~$CzzJs6g~$1%v+u;3-@po&Mm>NA6&n=
zTQa_(A^Y5$<(s=fSuedfNEb_5e|Ux8+1K+V@Uu4yIfnJk3R?O4SINU0p(3fohTcRs
zEpVG~dLCqI1Lv3YT9PDgFD@d|DjLx|bE<!ML6=S6kdJ*dzlzeiEG=R9T(#i2<J@&S
zh|Z{>v)<o=Q|hjU9Pw+{+fbSHvGe?J;9Y!hIB~czef~E*Y3Tv#=-=FJD)iAwSTCpF
z|Be`GoXDE2CeQD2Uu%#x!{1`?XT6(Ay4@0So=B9(-NYf<Fnmg^as4`{<n7|OZ^+FY
zTS&|^K78s2Q(KsLro9TcT1N6tl#<WLU-m0w1QMnkzAa=`o!#TWCamm#wVIT+65xi)
zC2TkC5Tc!0nL`t}L!bQeAuJVoJM%0y`=Y`4roNo$;>O`5xLDt|aN(~T(qAH~dy(dW
zKXn?m_=8R2rtp9yuqt^nP|yvgjkAb%BRI1VZ!q9|^H*g}-3@F1R|^T=fG6v>-=B^w
zy_RC+RBXtuN<C^08%-cuWgI>GkmUcU!*claetujKE5?#UmTl67bmmD9>S$AND7<D8
zYZHu~T+Qt<#;qN{-gZK#m;7++yg$~bTEv)E>V}^~?1ew<Q{2rfZ@saEuQxA*UDZCP
z8N)gfa!aI@l;cNvq%*aurk*Cg6fh~%#dTM)uU&C&lv>V!Q}d{xYU{LNhFrIp%UN-0
zJdrH8PSf@A6%==FbZljMuooWhTT)5J!f(7jp}%|4lY<9&v>O^KlTUu&CtMX1rr`<|
zcO;DuvwVQ#LrRt@=50(W%4iti@VHm2lDMTE6#4jX3u*OO(lnsF<^22&efIvh4*JH+
zIc08}0Xqfmw?5i01)NfK+<cgi@4i>em|f1^CJ$x%6Lr%RFJ{$*L8V^CygoztV-F7@
zOCAeNA57Y+BmVb?gAY+`iplOY|Al(JYuO{rpCckx4}UhH<cp6?aW}0`YWZ?B7d=}p
zF^uLi?(k%kO12B1fFR`J!nML0KWuPN{t8zsC`pQIvfd37(2VZJW(95n#3&RLk-5xw
znA!#T&G8j1lNIKeptXG`_7|LZ$i<Ud$IX!T(8Q*`K4gLfK>YW5vUJhM`PeQI4w*3I
z%K^M!fI=b-4FWGzFw9pAd4}NS%b=l*j<>6TT~5P3V|&5pQF=y3S6)93m_2G8D|q^w
z{{y$v)|-b;hobF!MtE>2`o8PsGQdE2`&K<y;3;S!+nA{$N?^B!k&|P<!onh^pn#jH
z^pY^1fk8B>P(HWbpNC%DUB4PXn|y*9dh{HR72fNrHBBLd*l~AShWa%b+0$7G*`T00
zKs~k-A+8vpw>hx?i^=YtHiv6DoBS(t2UYsDR4$6-)#YW8<7$`}FJcZdxAisSoHwwP
zpQuHnksS`E)V3^+E3EFHl|I6>B&v-g+7a*nGEbR-+C;z{{_4rt=6pjDV`kvZqUXXP
z0quQ1zk2pv=k7+Jmy=F+EsOs2h!GDdFRdVATW=bu16mS{SJ&U^BpU7fu2dYNK`6Wt
zf>X`^)hgG(U+jCt`3<jEE7cWy24xD4U;FWsY7~@nPWpzT&|{s)p>0DWZj;UjFh_Ki
zC?QD`R`+B2zL6P(ErBBx?HEbZ@`&bqGV8jm-s(IjU!q#{N~R-yb>1C$rOvdQQ~TS6
z<)SR#Q2CdcaJ1J(u`Js<-zAKd6gO~s%ue*YD%-_>T~Zn%{6n{h<+=%ieUR_GS-8F8
zP}8PAS;jxI^4K4q%#?$9vK4OOX<GCn7AL&HVptdF=wAhV<|&ho+DNf^zbbFBirt{}
z+AJ-W1MN6(Q9^c1I6Z>L6)w`|u`4W9gPMn*Dc-)n$a|;L(ru^bG8JRH`WWVQ`A_}#
z(ml+qsJT&1ZF8IRl;gg^=Z;j(udG)+maa19Cw)|(-Lb_e+g8JnCs+%py_%{gSk4W9
zA6@wFk_`F7N)p9crbk+)Fw%Q!iiDztor}EF+k~dE4DJt3F#dKndav5u`uiVgS8JYM
zN3!UrPhDE73b5hUt(BspB%dn=h->~he*L5}Ns?x+vrJ9%=Vit-%!!@ergMpkbA!a^
z&v>-GykBBD%{j+I?+fs^y03#Z7!`IQ^<f`}ce%euzk)pRGH#kwR3w4s<joZ7x)|T|
z^56G12;|O`==#Jyx}6cec?!wJ7Ar*hkM-(HK7LG|5GD5>`@aGoxhe>Jud;@8s!U#B
zBX+bVx@HF#BRut{K%9NcdFcKzi1+zE^t^!;50m_6YEfZxu8xDy=cWW60imo*N$kTS
z==?v}t1DLkfX$!ekw<hI?4RCVot6ibDIyl+<~D&&qf-4}Fvf9CFNH{~Qa$$E{FHL7
zGoquT{nT{brq<-acnwp$He=|t=k7Gy&ScpWBF_Uk8Gg3!9cW8{qzfGlO`p&7?#7MN
z{e*J$8jX;Uu#?v(C5fFvBfLNj&=&^=VG_kUgHag6@j{ovz?SCbgVAqtB;@SlwQ|sA
z_d@kDn4Va#w0W5sJyJ$Sv<?JVCsiq@h3Xx#V2ncJ86K00`ymOUHVBhZk=rSap4X|~
zCrr#&!*5fo_^WIIosZL0LUOQ}`MQFtjNyemV9CvB8G@FLE96HvwIaYsiyCj+opL4H
zB>XUu*%LBQpZk^e)s#W%$0kl4%GvI$^mM9{d_bz~+H_LJ&WF{OhA1_t<1^{ROIMc*
zcMtiCRZ`E37&^3pVxFCb7W0KeZ5W!7Q56jlt{I25pp1qE0a5Sq8@w<vNh4A%I79dv
zB<Js0_#^81%Iey_exZ5ngKts|EAK5z^?SnOC#xBhRLbkQ{eKIiSoQ_AP}{qTkvSot
zX3I~%%Iu3Se+ntDeD)m`<)F0ybA_>=AnYPJE9~)be@NrMlv6BF%jt6Kz_Zq85;d_$
z{zZ#r($UvhyR9hf=O8^zjDo_aAD2bi^Zqh_mA_aKkN;U-SH;1rp0!ZWp7n-n;1$yO
zXni7;KWmnJjS`$zW*-z*+-B4_vfJ$}c8IR~u;~@^<i#tl@m*f)8Gf=78ht~rp8~YG
z7*A&6NU1Z2@vzm+C&m;xXs6Z-?9!FP;vY<EZoC>M{ERLt!Qto=T*Iv1aR#EE{pa@*
zVs}OD{slIWa;0mVj1!?oAW>ExpKT=pXV+QCPH0GvqYziTjS5IaZ}sTPY4#aRezjgq
zqJ<C)id#J65%np*CJ4*YQ{d=XbW&>)Egujl-$y;;rf3rN=>Bs1Ut6~7e2^*XsK~Bh
z{+Gd+r~!jvhE%7Ba8bPZegEjuqx<`Dk>ZR$O!Pa+aGqFV`0aWa!<bQm#BUs79t-b_
zx#P$yz|ww%AtHUN5UHD`Mn$S3x$zcmllZMIDb!CF1D-76S>{n+Z%v18@ru1i*Bsfv
z1q%<)Y4ZKf99`7_)V6Zin5I69Haa~cz14!xex*~mpj}a@sTQHSrbg-9)+54JR{+uH
z<_nl4l`1P^+O#=2S}kZLxV^rQE_MK?MJgc+Wy?6?eM%*|d|NZ;9`=roSi5?SZhh5$
z-x3q?FE1|SE3KwPFTt^*`NklLrctrx&jkC@^J*|dI26d?dU^CzOjK09Set)kbCc?-
z-s?IR{JwPK{asx<Zn;mgjDIi|x-kL*0@l?5Nn3-v7=R@sb#ZY~XmC3w5A}B18bxR4
z;o%9s+So92zdAvvsjXE=;dSfm@0X1x;`fAr0Ts%l8##cMnCEkUw{!zIBwMeKxn7f|
zl>e}*@V@1q2IQ17$?Tz$v6Sy-*8oT72zWNlRp&i`tqcN<1h2oghrE;lvrWos_eVXB
zh|iy6tpmLMlZc|A0ku+nAts8F->YC|Fb#lp<y})5Q0W0ejcrO!*F1M^FQ?jW(Cp`B
zF<tS}Xj2j#He(tAEa;%yRSJ*uy{uO}l_M4Ajq*VlWY3uu@gq=PZXS<Ki8+O4wqSh?
zOj6<ca-*FbLP$YM?<<^c*p&iZ`NYfD+4oDgU_V36Zgf4BMsrmotEq2Jg_f;MaHjCb
z3Tu(WaFt5u(66vPzOb~H+tE4{L=#kRooH5G9K-F`zgxEv&+Nj^JKQLK(bY2M+x&Wd
zur&rJ(=b`0>kcvzbh0r;Q^fA<JVi;I8c2E1vBE_+<0X~R*Tm4RIIm6LdX0L2TPXfY
zAWyM5u)#`GIhu&``b#CD*LT3My>V@h_TtPT$FKE09^-k4a#D5%QF)f(VG@>l(>KJ6
z+Q>Pd)EtE}1Xi~(v9Dg=a+y+wPdRcSar}ik@*y>$MY{}@?a`Yp=ZNx)_4((0Vl%d8
zQ;bX7h%38`l;eEl7rbJPl4v5V#XAyomM_pQMb-&NvRlrTP>POcqi;D*uT;9_)?t3g
zFAlCTbTRP^&6%E6toUs?#m26x^%6-G(bQw>R3^Ekm7`V&+;3rf$oM;u1+iQ9S1Wi%
zZ4rLMd3!9;*d=bjpmJ`PzUbp~vEArOIA*!l%Lg~@JS3w_cXU>$b?IrhvK=W(*x$87
zc&3A?)={-pbFSx*F2bQRuae#ArNWo+bxk&1)MN{itV?C#l$y}uec7o?{|;*fN6y!(
z&mWhi(le4&&opBS&cUp7`Gw@VTCLA)z&^fsRMobYr2cI7&S_?~Xv~lbVnZ5gH*`^E
z<F^w9_XiOHkD-l5fm=KY1(eG0aME4#d4raT%nEO%61}{}youCABj(dW9GN}Y{f0gF
zLu!1!;4;(u8HKmiPv*S$i1kwXJu%O8XO<ezr~3l;h8EUaoGMwA&B6v4M3!?Tl27ie
zx2_v!$(8o>0-UMk_)}z0NV!wQ8TcrOWLK2xd^%%Vg1pW25@wU85;uG{jiq_{!b37l
zBW(eQ#M_Mh4CyI>pwzr`xwUGah;cdr?*;ZRh-DsO7k=;YI0q^`s4iVQKmVnn6+G%&
zh54jY7WVNm4Dq8s|A=3sxt(#?#i}@&3khYlURBx5zXg+<SypJ|-Nh*Hg&x7uiZ@{_
ziCVrO@AmfvJ(5`fJG$UJ3$SIJ%(*~2d!$a~oiC4!D?s116W_pFL+%tgY3a;Rd=3C1
z*mIHh7IZqN16~$+Ffa%(q$f_maFUYQhKPb1z$75Q!KXR`pwl>{&A`sTIQaPZ;IWv{
zUS3@(dV1EQ!RyvKz8mdJ;tB>Ny_8f`K>&eYqTHkpWA#Q3G`Hr0&i7suTZ4gIh1Z+2
zTw_njYtX{0pdS`_>C{U<?#)Ac<i_%J>dpX8Foj)z2S9(Vtqn7+zOdT^vmh%gt>YMy
zb9Fu$#c}7MK|yKpET)5p%N=6Sswxhr&Ec4bVZMI3RDKzOdtS*oH3X^4>1cRNGNS|z
zTUp@Luybfs3%|2js!FLWT}+v#Dg>hBGx$0(4VxvQP*f62-{dJP<nLu*tR*1*>N1UF
zJ>9Z)KsI$)7KE6&_GH2Vg7MOl9&RN+^V;@z8YW21qBUT3?1w3wkRo&HBq8ZixKz8T
z^{EZ@#i#hMX$Lt{l;;}^(DN0zt2kqV@ja@j#Kdm-Ah^k9S443ezc8&Ab6Ep!%)0Lq
z-EXN^DXMsA*2oNE^P1_6{Hz12C6DnfUXN{JkYgW6X39~wE6P^6G&AOTbsM=OVk-4#
zZEMHf)=s}O7PBXl-##ko3=X<;9X4)M^p-pipBXD0rOAJRHc<WsC&#%ETci!r6s2{)
z{TS7qu;8`@X^5(gND3ZP3G)3|dExGb@%0JG3<Z7vXbhp~<j4X?(nh<|Sokl;pOHwI
zRg8}>gvep#ESbe7W5>CA=XBlg*-vlvY{JR>f;{gK+w6xWb|hZu?$w^3lU&d89_+v7
z?(tSPpp5_FgCQWYEa|lAbWa@0AaFNW%=+TJK<`IJ1=*)=f9bl(V2P!bg;BkL(*B$0
zo0-M8kY1Yh6;^A5kGE7JM{yt{6N}!4IzId)sc#52g=Plh;RC}%u}<CBU7mqf50OCR
zvFUDr&OOu_nbA2vpW=4sAqd8iip242AU2>jghwirXAn-vmj_^3mXzlMg0Ua)9=k!G
zvJBXYM$~>W0=U+BCViT%P&PvDld1#mi(ha=%q03Q3O*nTC-AyOi4%Db7rw+9JH?nM
z1oRxgV8e_=@oQYekq|-W`RjIRu1Dvi)n-G6i;tOkZ^{xPM~gx8{s~aA;E~;#`}d@6
zHHt6n4oOlQ72Cd6nC=r!12PAo*N9k@O}Mv`C@3hxXj26fE?e$ow5ygq@CKykel_~P
zgrOm$!IC*4bnuwl*K6tfFe>vsz5a_;XlD`Jvj<OP9Quqy|D~L2|E-*}J%g9{0VT(Y
zX-tlr{YaryMSVu;0d_l??@8pg?hFtVJX76%CZ#kNWL5ZN7cUSrw>H6W<w|TvHMh^C
z4V`Sa7es$^lP8!h<25$j({4$DW>Xa~WNRnPJ1CtkjBcw@2|$B8zkhw)yPPB9Y%S+o
zo88!4>}3R1-P$TCkjALg(1dhCdv87Ts!An(T<;z4IPSOc>^sO#EhrAuDp)MeOR=|~
z9_(P@pNHkdSu(3o=N>)Emztyq?F*OWB~LJH^tAE1ypeXDDyr;msVnA-IvW_h>?4sr
zIhW4db5drX_l!!8O|_>`TYGnq(?0ax_B@ubp)|u^A~gJs0fIq#-c6>LLxoRIy>`2j
zLaOLdU!-UaM1I`gZ95v{yqRnN3lCqY_qv8${&I(=H12#XLaQ6M=N*$ZucO||$WaHD
zftF^wTzKX1byeQ}y?r7rne+<#hwz})c)>FD27>60nRt6<xv%uH`+n84NXJQi6B~Q4
z$F@ans-iiJ@85XG*84>4#1Tn26;pagptsdCgllKM@)exN{*TV1F$O&H3u>1a#{Xjm
zzJ+feHMbI%?aox%qywDXCL=>tPjvl0V*MguA8&wPW3)RYLe<~}gw)&sf46@(fzf~z
zoC~Us+L0vBwtRn+9UN>#Vsd?=;2{!?+RFF5Kjk(N9@TSuT!tKehbA8k8B>df-}nU+
zuJ^{%)Z=zvXZNBKaDH*6G$s60qg8c31SWVC+0oaLaPDNiy}j|41Rm7;nQ1SixSWAu
zC550yLL!9|ziXRBAg&qL0W}g#NI#itu&#&Wq1R4gG9pKENS2zs16(nOBw~uqiVc+^
zXyo>vYxHCGN#u$&^Zas_-aNUR{KPmE8sxUFOe0b(jwqwpa`u(4cgJlDqm5ZEO@mDc
zINJ3rxRF_!fr_8hsO1438zpS3zZ!~%q|vkI3_n#*Nu$M$zkg?t-WZPb;#dvAhLATj
zjVIjDDS_ee_mXdFoLN9{G|-pRL=i}5C}Fecml|l2I_^vrt6kgEd@M+?=4da&c=^3F
z?yZ~l>Z$rVj1rdQwu}^|El3WsZWJLYi#buZ?b3xk%P~y1&wobxS)a$NRf%=*K4%-#
z$Wfjo@ALVLFs;fcq@}4SKhJ5QC-y@83I$0Fsw_ciL63d?BcXf56gX&^vV|G8AVl|q
zX63-L(l$9G$KdfdX@ocfeHT4SPa-kAJ&CifDPA7yKq<SIBc<PUO_@#eqoRk^s%WU-
zu0z$5Hae|w^33xk%%SE8t5#d51<|PuZ3iEggc|IWb6j~Z-SYPq!shHV=K$)3Gu76<
zEOaKfLA1_WAZpFJrno#gO;`y;k@lW1+?%%pqvt*~q1m&IZ_|=q8)2A@Vpu=cIaTC8
z(O6D5#M2=RUp?+QKBIl+!8Tr{`&8hlZ<97(R@+<B^1k-9ZFc0p)w;nag2B%tjNs7e
z>6wVo*}f;sY+QE-An5(K+ZH6=#`ws{w7titit;B<(T51C;*d+GB~_Km_y2-lwYo4A
zqJ#e^*pA+5ra-C}&*m<j#O;I^L#q*`+u-@D`N(;&?lI^kLSKZqJ)vLw=J7bX)sadB
zFNa`9ZH=t-?NGX=VLh-8#l6}5(nzqca6Dd<skK{vb{ypz21e>*?Qs*Bod7b8hNPd%
zS_;-_76zH5JeU(<9Vf@xFVbt2tv(u?XcYP!0N?`z6zI--JNXC!T1g2l>(3`($|}_R
z>fM<51Sg0S8TPB)=%`Z3EIAx*?(RW9YpZh!yZL?Yk{YfgUoa<}tNlyEG053%W+DD-
zcS5wUnniWg9u0L|dTj=i-qq5KsMl`E;##}ornKwE7jXFn1)MuvsJ(!=5K4UgYMf$@
zZ7HB$@~|^7OFwFLyzH0Kthf!Bf4qu%rnXljV_Lk8?YsTzcjMOz_>pH`8nV3AK3B|P
z?F<w5cg41{Qizy6SclogMPHFd`n5g8Y0kH>3-4#MNLN2Ne8(9&WOdKWW>na`>LZiB
z$+Qv5SK=>G?+G(Pr7ZnU@uDa7bJSEgE_q4qTkZE|R+2q;G*IuDBNk_w&9S{6^2aMH
z7yT`%paGZnOL_}V@3q@tjyKk-y<B$Z#MDOIZ9+PS4HC|om#zxgP95%+ApSs&IV4wk
z^2|EfjAYgw!&;*8*1BGe&qlPRX+oKSQFgL?_Y+HUO$o-MF68K$IAD}yXE@#Qf;tv?
zt-TccoP%LK307H7H<Of6ygKuWqE_q)Zh{Ws(Y*s5amSH?2C-}GXApY^$qRD%@3t5o
z_xc9E&pqTv6J6$)74cc<nnklFN))~Gin6}Dz&Lry{p^?^G|d?^bquzxnHWWwqhUe)
zHbqHF9o7z;b6Y+L+`HuUrD?*k&%OkcEym_Fv@=?!*S+`zq%<K^=L`!~$mzmvbMfEL
z=#W$HQSAl-jz-hn`7IRbQYoi<>(%f2>NT>-V(53o?yrgE9T5yZjnq7Y&B@+L9Uc&H
zm=oxXSEf!0=4MAl6T`7>{NDC#k8AZd0`Bo2Pybj1ICNG~IH$kqyhi*VE3uju{PpYC
z0R$4G_gtL^ULEPN)EA7)=^_P4XUmK0tE*u!7Mo`}K<HkT3m~It{mS#b`x3?~4BP4=
zdZHj<!3aJViyly;5PY7nZna#&*>b}~_SD=NyF)_MKJDrc22SzO0FK~0pT}A0WvrAK
zX)ANp)MP6kjrWb6<<M+|tK5VupcN(A+f|?^-WkrK@j43Xz5~WEMC4OAw$&{b3ff_*
zUeKz``+Xa?IMDO;)Yi@P%S!vXSump3Z*4xG6xg!YS8mvN*|04s75D60csMFA`PQeF
zZi3w%GshZ3tlw!`@4x3HsvZ_?sN>l!lDDxO+NjE+k>kzZ?(@@A!M?8_%Wm8sO2cZ-
znzxozQ1FSNsDS1On|E{pl6LlgcC)8B#rzp#*N#ZLCnyJcVw!&DuM(fhXJOPpaP-o}
zd;$hn>loMqfI~-9K~hARLQU}!<x!fnl{GL7A19+M{U~|C;<J6KEcUXPR(Tn6uR_X0
zPVV+14h(GTWDVv}qsLWzdG_LHIM504>qvo>HBzPjTa~3;$J;dwY^)Qf45H~6Y<9cH
z+P~^;R#x=ovi&Bd|FNKv$>;tQvMA1@DgH*QpZY<Gz;S69vuGltnW}gGHaLGs`4d8?
z>-0qlQZlO3FeJn1CoXlY#Oj#sxiJN|bB9=lZeD4TO1yf$CZ|yS9S)I0#`O>RKF@S<
zGF_#<bm~JA9Bjh4K0W9GzJ-D~8D!37EC^*`xFYmCZYDK>@$i^>NSV3hYul%mJuJMu
zna?CdYLb#WF8Yf;fvn+g&d!8Nmdb}<u(!_JXk;FzChcdH?o{j*W|zuz-FPA&9mc?8
zdd*_yxp=8Srnkd)^F9>6IlB|eq`9eRm0e)^V`j<u9bX3fZjLR-%sCLH?E0clyeM{{
zy=VL3Sl1M$#BN2ah6gpYJNtcsLq}W6$L6;;l3d@*Gx!eAZKx_d#a-)^uI?E0J_AD=
zUWX$x<*2KgY}<>>Y!yqt6<{bhbG_IOpmF4pX2EhGat5oP6YP4g*>FwnUpgS`7UiKm
zdV0xVYuSDG?kv&${(bQ^+$DE|m11;$^a;9{`DrCB5!`=eSrM2IdyOam^@*zlaRCx$
zO-HNMP9t3+2YiR}lw@2{Q$v0q_d7(k&0qD-B)*T})l)uZi3WMDj#El&m+Ge-tl?l|
zi!XSN$m~D+X+9EAJt3MBORFIb01@P?Vp<(}lk8IYsYw!R6=UO>{oS}}RlXV;8g7&i
zO!rtQPst{8E5tJ!Q~BK8G>@d!{{oO@=Dm=i^tV6akx&41LsDz=JPPih-U-{A)^7t8
ztJi0@DFD2NR2G0>iNm4Xh?PUuJJNfPjjXI_opz_i3MDKC!cVt3^glJ|uI$|OYYlv(
zko$5^gnpPr$m=Tj(*i01h;xR}c#j$+)$ueF8@RnzXR(d^gTUa;Yc`8f_-0WQ8M*GR
zl+JJly-)Us6vyP5>vjmND>qJG^*ahvfOGPEI!gU5aGITx7LSaaY-F=wVAF&Wsi3R*
zD3*4k4c26jG?TF8+NnjQmZ<n>KGSm4@RBdr)YAF&fFJYh=RrF5{^j+2`8>sIt({*t
z{#xk6R9^Bl0>)JnCl{(vM;j80VDA_~-kU;Re?AWxiV}VmoH70Mma|Z0!dEqr?Ir;O
zM;6)ydv{JIp)4M#+PE70{rnG#{YLBBcB^45ONbJrQ!L_VPoC&OWbYF)9E?_qTtCTK
zeR}S<R7p1hZX(oe^`wVbJ-pJ%^*4Tmr3d~=?-16UN)7d87oP@Cl+5`A%4)k+IqPNv
zlg7e+u21@006Rr9#W}_Gt%q!2S1{|5<hkDFL&DW=h?T->&^(WQkKl1Bf8$Pw?-{m)
zQK+V^+s+U+t*Q!b$DGRYJ_>t1=a!OeUrVNxSC61PNfC5go}&K6Hk~VQcGImeTU{=%
zG&HczT2F<|=OoeUWWvd`wxe0ngS*jqsZtahkwX^#ym}q#7RX1*yOsQ*<f9ttZAqmh
zC00kpHwjzrp|KBe?ik6*H+-0Rx`z`MX(S8bqkci5QuP>VE^ae%y`NWN7~#IktrVzb
zX$}0aM4*V79FVY9qY99`F7QibvYXmywU$8iicg06)Em!JW9BOU5<R<1yP`JUeTh?h
zq^`u7@93Qc0DJK4F0!4mR*#44$E)-lvz5;0=kR-Gjy;n<PP8UHwRl4>x>_ZxV7s%i
z!`J7L+hKKI62Ox`^RMK=Qing58e4uY2h`GD@2Q;p3f?gs_*%Nn(JA0t52=z$aYXPK
zLo#?-QyS)xn|#-i#R_$S99@#7HrngcZw*SXZidC#@;ipR!9S1VVDix21Qj-7P+_Z<
zXrb@jE_+qC`A*ths)ND5eBjc|-l3Ah2EWl~X%oH9HopEU-IF_Ve>R;n2I&CXZEy34
zw2q^;W3Oyy3N;$$$nA^A6S+0I_?%I1T*K}=s@ofu_1h<UM*fCed6>tskkCWVw!J`d
zCflCbL=Fu2kAF&Ulw^+#(iJ~#p#Di_BQy}+I~k;}Fxk-{t@ggM5`sW9N*oK3V68rW
zBohlF2xmjY1O+i+At52*_Y)0XJkYvH(A{n^l%ACfYU{YS*ZXy7X;BdRtn<d`&ve=s
zJeQZ3LjZ>Ya^7aEq-vR@maiOyusojw@FOEKGPcr|fB*WtxzvWl>OZCZb*fPAcP^9s
zS4<J%dMueXbAT&i-s~474R0htAxmI7kA6=~Us_RBl>-XvLmNW^mQMIghHpTYAQPR+
zY4_>w#sMEB*0LFMz47Ig#KeLnj6+zl0pr;vvU*$`<LaQ`;L2q)%XtO(cUZ?E^Au4B
z3sYhvM)K|hmRlFvNu1x6BUwFUS5h!2^q@}^mVADbNK4-$?hOCnjG@bS=PWKcr6*^c
zu@=-PKfTU(W6GE3&2h|k;_VfFY4e^0Ig52u>nx>@x9w%3qyO3U0TgERdsON#k}yWO
z2z-b{XLMImvnY`q#nwzEYfYWm*OE*wRL1a7t#JMb*|wpXmPq$11X6F-=)0P`B-Ndo
ztn#3!(?lipCb0lynnom%0e?K+dUjNyB8GUQ`xxCu$%{>`II2~uOS=J6Of_v{!tB|E
z5sDXvd7j=aOOdbQk~UX#tbOCT{H&dVq1obO$SmBREs<wBE@RD;*@n+!dU7z%-o<D?
zBkw{GY2FokYoHsKz&JEV74JS8O721t6CsT!$Gx>(((0|&@&0PTgDE-~K?pf(#O2k-
zfRqh)B4zvn0odHNi3Nm8L1!fBO_D1G;Etc=-5(p69mlQYUhk^nsV=+Tr8#rjkxeiV
zX(Kew_A0$!Pbgc-UQdV&@#z+hVc^{ovSUswP^NfQ6WBoVsz;%pfckJVs7KCxSI;GL
zOF2B-)4L1Kx}zRC{$7CkcTjM?1Os2ri)r=wd2P2WP`Th4cE4}F_HOsaRk#%>={+jT
z^yI~iWw<%6l|_veyP4haDUysRC|?Y|(0EVKr|qKgA*Nl%jn(Ns+Vd{{_>Ke)Q{TR%
zM|UsZgGA?CifSUn;cpI$#u)ohz=#s&`SX!)q4+~+B?}KqWG~A3oh3yg-D|<{s1OIX
z(EnqWSWwbuU>?`!`*PYz?Meqf^ff#DTxz3MvKaaKQ~a6k)H8zKNU!)usR@NX+gX90
z&u0MEN2C%29D42VBqGlW60s=d1zq3qdf!ynN_U@Z41LqAR7N1JvYwGVULP=>M}?E0
zt34Hc7_}H&@F9v$up|H#4@pqs8#^#Fd;2A4NW+=ga-4RJgy|#c>(`r|kuAL`s_D)E
zKIVbsTtiAl6+@rj<1FL>O0~#cx72=>`sn0jlty~RdboRdaQb9ylV<(6$3F<%)^MIc
z?Z`0M{A_0d64$x!IG&}JR)m1b1xGkuljUP$p+n42lkJEU4KrHM`hNQ6H<LB0N5X0g
zN6(NTgfb^hU;z4a%)sC?pEetxG@sjHz*#av#>hm<=00t~;?kG%g7u7}Hit5}UKGuF
zwEMerbZh=2*(8oM591{g;!v4&8&Ua#;zZ59M3qz1`KMl;fo|?A>~Di+d`=8GUkxwU
zP_Y4P{(U@l-PZcy8p7zngK35*$(w1{lW^I!&><uBJ-0-_biOb_K!tuWqwQ1h70S)=
z7nE`~T*>U>M*8D}3#Q|f&JlL<gqz?X3K<#i8g2EBZssM2#BjS~gXjZAb2DCt-NxbV
z31#nq@z`;0dfLr4(fnBvY}6vRJrh{E5xb%sr`ZrQy{zB(`8c?8TuE$C?H3iCr3crg
zCsH@C=VJ$OBvO@?-FTHT5FvraYbonTu5SwXV2_*x!YXo>dxL-1V3A~#kv~)n`N*vb
zRo|qjuh=;)rE}67@?19s)!weF*bTg(;C9y<d7WF^;uEiJ6Es>eYT3P?Tu3I*I=Y~I
zeOcj&tWBVnB@e^JQ;H-Jo6<2oB(x@WBn+{+1272d920kTJoVa9xwb84i;GdI4hkFH
zBZRyK9LP4<c|T2{p&D&d*C-XMpDG1MK+Q9uN7=jHXP)5Qz1zC9a)}OJoL(SK{CeMK
zlKx(#oE?}Lyi87egWox)NcZbx>ZgSD`&PLAvlGwJlhPBfMxzH9@*M65x+8pSVlLu*
z)`|skZ$%#E71e}GF5HuO06Qf;U54SiTZX^9#l(qSFeXf|B7oWsj<BAGOhOQ@o*=ED
zU6Y4)g=^3HT=pYP_X&#%NG^J5&dYWu*7{_7-^DNA`LdJ@?C~uaos$luvXZ7RZN~kK
z^TRPWx90rxC!~G+hyjB}PMsFm@OSSS9}ny}U%o%FhLMRAx4E^~v&_hvSicX}{bWbR
zUt?qTpd;MuuD+&M<U94OmiV+)Xmcy5jFh8w8Tr9A9UOc>r@sUUop|aES6h}A0Fj!K
zr-PRa#fT7d^&P!*z0)=}Ab-^Ua*@fd{SlCd4JZRB4uuLZg*IJnm(dxH&yms{OD7c+
z6vXO%!^!Qi7BVVB;O4pxU`K;__gk)23)K}uI-uAA0Rdkb`?Ogp<p51-HUMA7Kt1p6
zNMbao&t(T`^LgC*D*M4fpN)+TDXl{see!DGs9P8Q64=b<8g-y-*;9=G+~uo{jPWJb
zEK^Z3TI3=bz2pXa8|}}}kn{8!y_@?1o&9icJd3FAL@Ky_DO97dfO@XmN&!Oo>x0pR
zjS3M%{!a2|#F{$A{(Eg$u~v#<C`9dKAefT-c89F(2jj}y1hB6kU5T95uwgJg>dC`c
z;Pu3lLVs32m&G1SwlxP?PfNd}X6jk~GSNFTi!TK+I7-r<jhhKRG))hH3uz>={aj04
zc6z$4sifH*t=l->RH976@HHg#HDTrKcoZBa`Bim3e_*rG4zhclRQOM>A875o&spRK
z^rn<pk=8AxmxflnX1`GeDq%q1m1g9Wo$Xx6{<iAHT{APvza5^{o?YMVZcUR;HAD2t
zI+k*t+)@BJt{+k3GY4jag1}|11~06x;yIihyfxC*iZ_J9)lSKuRt^@zHC*q@Nv`<z
zvW>00tZU+aE9g*vC3^a%ta@`~T$@?)ZH_IkQcq07eIj=Wn9i?rS-S6FVhB1Xlo%=C
zT;A_WhOC<j5UCy6JG>!uzY{ybKYZEbW}@7^F(BYWgtImM1NQjnQkJuCe+t_gm4q;i
z0O3zT@eypV*rR4qhsajW|LAKd(ARyxAo$g!sbZT#I9RJMg6qW#5#`@7>5y~{(G^G~
zj6<76Z6+qmmUD&u5qYI%dlrC#s^_jbtnBYgfP^Rm;2R=^zXRQctd1M<wa&ZwW;C~v
z!JDoxaoEB6V`8y(4XtP(fW6EnmB#8G0gACvx9|Ry_x^Y_?$yTefB??Afq_Bulf^Ql
zj$DANtz4|lm9J5NUBg)?Z*R|x`8q5Ul+wReY7eS6c)CRbR$r>!$(qmfNdj^;4(lej
z-7E?^Pwed!g6!C>CIzKpb448j{9FwgU-=xZbcr~u^^%#cyBHuLBb)*r6cIrFhxuBk
z!81OLNI=|EMl2XR3-oC!fUhTNW;Wjx0Xp(?{Qs0-)}38kOdBcH#bsq>Nk`8CL>2^!
zPMXPv^S%39W23;~ZBOU>p61q&mFTIpPmE0EyOiTk{-n3x!ylcW%w&5T{G6EY=$)C*
zRKYoA13R71{>(N5!g$Ayx8861X6$tiA-KfHn3Niw-)eo-g=tUdlm_QLap{`F1;X8N
zhWU<_nh^hUl=lg&)=Qz64u7-iNz%vgm{LL3Ge6v3)9L(xCB(EoBn{{T>$^r$`eBij
z+{VFRsez<bgfvG2G{?N5pY}LjV*}trW4TnGo}OkaUm}(L5Y|t~Y#4AZinMEl3qaoR
z907rZFjfNtHruKbiU&q11N}w#(-qi!?qIs(7*fSGx-sb;0bQfUmLWYh0k<RWQ&`yC
z9!KM9#t$o<=pljKN}owcQi|^s<F)I%#G-&tc;DPZqxiGE4A7*pe)vs%bapmQ87Etf
zBe7RD($k~$U&(XL`|XV(qg((AKAgvS_p8~9!N{PIE}2-m;sizA#2X%yuH{wvUk|Jv
z@aVirt-z5mU%5HZt!6;{+lT_>LTou*`Db*vIwh*W{eCEX4=rB#G}dFnhFYnfCCAG%
zDQ^2ira3n(OQo|G^*{O6;~5gLKiS=RLHqPiX|YosMneap&Q1A6ti(-9tA^2TQxP7M
z<?N`%3dna{RR7`t9Sc`I3OLty51AOw2p*e-XkTKZ90|#UsJe*}#iDQ{K*57Y4I(7W
zFO9EfKrQR#TeKsY2Jq*OC{>1SlH@;*F-X3l67h>ZpcR56|NI$pa`Hjol;bCUEletm
zj1bzkLU#eaX_&=$AzAaA0-hhw&jYG$7x<Guy`{g|o~<cI>$i(c<%N1)Munwv$~N|;
z&@p6#K4ADEVg~JU6E-`whW1P_R1bO*7lN`qkpVX@(`3>6F2zy6t4lJvLXwl!+7^$`
zUTEq(`Xa3;6>w4r%euto$Ma>EvsSRX&4F5_@pX-KFBQW?+h>oUorOk$7%C-ID8~&q
zE{}7_w2724SRE|4o_-{QbmL1S=f5KDK|lE5^nF7OVbi4PpC+D@6Jvr<J#YTGwO>u~
z;g3*>UR{$j9n(Fhf%zl#Qfd%WHOHKraR1(ihBRW#KS)T3Iy^{=!xkfwwLFGiYq99X
zu3T**DFOwr{mR?(8pg-)A3r)_QfgK5BI7bLii7}ARt%kb$XVb!?H#o=VX^M`k;LjR
zdtk1238I=&0AL22IT~FLn>Uz_*7|yc1>!IrI$B#1(T%!Ghpu*V^%{LQI-oB>r2O$y
zPub($=mf><?wa4_nm;W_X_;|IQn;NS%2LCuKdER(SbZZy0cA3ku)708^v!gsV-&w$
zvd%1>HR9TUAb1}WVk_yVe>_7(7ChFO1BI!C$Jei+Ii;p0<)hPO|4~Hn+S?RB7f<)m
zX<`3L<vFl(mF8A!Ep`!zS-ce5gAJ%-`T}Ump^hSfG?=GI*})p9dkZ--y<)on_-@$P
z^Eo2SxG-?|mQz6?Kc4_MwHiA0&)L$S-hlu7w+Rm(bY&pdJ;ML{Sz#pbHq-`7*xBDS
z`bj04jndh4vr7Mj6KP`kpB5^Tl9GmtEr}x+hs!d!zfS1U$P@beV?Bf+W<7OqGk+b|
z-+TUZ(ZmXblF*I}{rdxEfd@yXz<#!{CbLb&`LEo`r_0Fy-;qkg_YtZRAMii+A3mV<
zSdZl!2hig;w?1#PX8Q)tIN7uwi~POQ|GXe>0dEE|$YnzRQ;hf+ivE%DFqzQ~w8Wv2
zPfwmAIsEfY1u1;x1gxb15#!HVlx9&j#P`DwLfC}I5&2IK(ckp%-xnWaz&YKJB*!xo
zQ0n}*V^&Z4x8%sznC!;7V}L&2eD!<$PtetW2J;jVi<q!`YG^1jh0jC$0c)=%w;lCy
zcu;$Jw=^Bt=}FfG{rv0W|L4U=yN45xFig$A&wI}Y#2Jf`*x<J8{;8w2(B;;s?VqPb
z(1Tx=#wk=4p!5q;Z4_ff`%gOXKP1&F3zVh&b=${({`3({yx+rn0IOrS{r>y6zN>Wa
zn+dkqKb=$94;3A;LoF+N;FSXiG5>c7wLRz-(+LFk&$FAl5d<N*N04f#9&$w8TC8SK
znnqm%!hgg!3H$gR#0;~&`E5CRXADm`?)K#fg$X|9lfN(gKScs;f#Y#F0hgceh3;hS
zIl}ng-&7C#=-Bw43yGG+Ve>mN(;?6<bAT-emc#^~k>;NVzNd$|fT4ES%_%GJWgJph
zG=uwNtAAU>{#?Wdemwd9Y5~bKg|AKWuK;_c1Z(w}_jAVuH02|xqmRkyr9~-Cw-*@I
z;s3c)rQjny!Kr5Y_yuuz%)SAv*MDQ!|9qE^KQSW+E0#SBEElLI|9%mDDwyHhsI0ZB
z(Ryu2=SZv!zWJrSt8~REzrOB2j<Qo3_TZ^<_OxsU&J%<5q1?g$eW{s|A8!irG~o2J
zYJK(p`voBJ53*V_DDvj)GFpo5!v|F{GH}X#%Jb~WKL*nD4E{F~CH`clBO`iqtK-M7
zB>%gOcO$$-oj!z?#@J%@KKbj&a361acNsoYH#2mV4*80)QNHz5KW!Uj<lpjmZ~w3o
z-)u`$R)rwBaL>Q~ueT@0#EeKOU-DR#uJ2OE`)k^y4`NCevMPO8Zug$MnQmTkdaVHY
ze)ejA#+U!-Ut##8hL1lQ_`2YOiKTntyCF~hDCYmqF%|~@d%d+L8k+F_Mx<>L;yDJ5
zaIu$0L0H`YeiXTamJ>HEiRBrO$>V>&sc)|gSa9RL+p#Kcc+AsCA+A4P@sE@EEB5!g
zFvFjnJsFbR&T(n}3QArasFWi6*WJ@tVJ_R5A3>i;q${Avet!&GKNPHXG~1r!)eNkG
z;T22!^S@^MKQHvHVKd=&fn`iPKRf&TSa2E&Rzh>9i<0NfLzSsG;{}Z>=#vrm?cn|6
zJmL|4Bjxti*Ii9KGf4Ml&;94+9$rxdmY0u@3ebQT1QjIWgJgXW6pkvk<o_7Tzi%-v
zEa*NMw(nnLETIqgM*<&zqDSn-74{XMR7yPffMapZT1P72W|0Y&|8XLMs>B}|zW->Z
zw=6+#7PTg){6C%yNa%$^@i<5*BqZ>-?5kBrK$oS$KEK!IT3@2$1Lv{*MT9Co*56ls
zxcHd$k2+?#z#RW|Rq8bV62h(&L){w#Qem$3&Pd%5Ci*{qf$KpVd#r2J8U2DZ92Uwf
z&`Mz+?`ag86rFeW^d!ora=)vxnXB-72^kTFExpHv2{-SP{66mSGY_D#D1R3eVzL2k
zo_PFLx#I-dkc*b^+tJlH2A%Yn0@cA~iSSY5&j0K0cn-lOAb1`gwD}Zo`5zx5s7m@E
ztYMo*EgG<!Qzr&q<2z{tML5GlqQ(#gT3Ls`Q7pP|pQ?Z!>)?FQx|DBZq&M{OP5@M$
zN>14ZlvlGPpDG9nGIb|Yph9J2vp=-&i@$|G&USvSR5UVZ_~Ymf=VU<a>5YTpUJ_w+
zbnDr@2G(4|y<ZCS3zJ`O{uVXti#I%VR?XR8aLODxlr_E>+RCX>D-u`X?h8#ixZ_2#
zV@qBq!c>`$tc@0Xd9?qMbqo)e`~DdYbueL!=4U|9_PWGet(OQmYEzlu^Sp>44<Sl4
zo<AQ&l6dxCw%KIy&mxZ5pg;d>Dy57Mi`Z=P{^BI-^QR5EYun@YQ;>9VdP)Crzwyz)
z;=42P6T5$aaQGB0zbK$-UC;B~-Q6W%V2Cv7zi6}A=?)3-9KAAnsB5^#vD@wuaJTUi
zX0wG7vcw*(Gko7;cj|s$Yrp#AYBqr-Th|B704QFcr7D3ef=Y`$CRa++R8bKlnad$z
zyjVkqL9ZeDE6eUs?D@i|%whMUa8aUiHewc%IdWt~geaV>b{1bCy&@?lO}43pZVBz>
zwR`#bz#GlVL$idO?(J`%pPk+a&h5{)n6i2u+ML!<#Y-9^D&)vn1Q+8wr)0O}hzzra
z4Bwe2gs^#syGh>EI^g`Msxn<tyqo3|0ZngdrKR$pMaB$u4Hs;OJ{_(0FiZowxhOD5
zVN{Ar{eO5>;tcqIIqDDM=zlH$5lrQS|M|gI7c&itv|zlYHVB;2!h{D&`lbs2YqG}7
z)%=O)HG73gEieB<R%*gR7aEo|SLZwg#+MvbGM>W<enc<LV)(8-H`~RKy2W<SdV?+|
z*1%|iDzj@k`kQ?k9Gv3MRnwZCMWnUlfqj2;M8w;<#?6GM2=8a3lrYKrjhjUYzj76A
z-kxg>2TC7oY-|XU^lJUi3|b!H_G_C?w7;F2G0jP92~b#U78`Z$Xlq0AB{e0^LRudf
z385vf{JDA?cScPoK`(mS;Gjeuy&y3c8jM~uA>`o^)4``}_xnO+`p0=;t&ID7cV{zE
zU$J9F-b9}!KQ{A}bluRX6T6Y_EpP3&Tvl7|?wE1k>7^{i^GfB-?<*#^x7Ne~J9$PD
z7gVeY6f_36RHk(?PD3~M_GDWmLNaG-j=zvwP86oi)wyh0hS~p(8xI$qj1TT!>q?ii
z<+ncRe}1G7n|Ym8_)G+Gwcg*~Ubn&OCGa`BFiq}YvF6eL+1DKC2vOGv+|No{PGsL2
zXj8YO<H0gNeXMl}^HpGjLHEaVF0ML8UqxPj?Ha)@T3Qo}u2Jv2P|Iy#4%1gCCa<n#
z&;yKLaj)r6;S3x^v>dfUy#Y^`6jnU7^h$C~Q^!<SJSk~PPhizmJ=KI>Pb`sqqMX1B
z%iu4rzxIUG3Z5pP;<IMT%~TlkYKz@|dV0LsdT69NAe84@S$m&dSZDK7@G7&0+R?2w
z*i5r(nN<gR`sD|Ug5lVaSRNbZ6&IID&KqY`mfQ2>lLNaew?1WR>7D6f`WU*){u!$E
zvWsvL$HnO<N`qhcCH?&+uXEZCDtD(xuJ^0ZboLe+C5*(wO>{9aN0?!c6EuC@PxoH)
z(zmnt9vv)-Y;KNFnBzSGV4eT%E@mGBU*!?Bv}Pjw@Nc#zNX!PZ1VxKoW-TZP-#yvL
z59Kd*oNW+f-s1Z%wn)h9>%RkKEsEWRMm^hgP>dK-)AOPugteZnP62)Vxm9%3&mXp$
z1Wr4Xk=i;s{&3xmcUL_h;6|sPKP(1yRSD7RsTv<aqX&;)`s+|I$YddqI3<XQ?9VtP
z`e7q>5mp*3M0I4mYx4mAeH56<rB=-qg_sq5k*>MB^1jc2U+kUWy^S+>JY0Gjy2@cH
zoZ~Eg(2CiZs#(UXo<T@aDf1l(^El>OuJ?R<80xs)kPTn-E}41shmc!YXP?Ji+GmR5
zteH<Sh?pH`mLhvL{f?(5xG|Jl6!rXs{9eiIJG@3e`u+%c$f&)H@#L}%)d09%2@uhw
zrCgk5`jhJvlWU#YF0(`N&1Wj<wz%K_M}$DkO&EWqONMJ8`$v&|3uS=g=(fPBe&`Aj
z*kb}!6F>WYi|g=H5Ux7mX|=1rB*jlu0Hk(#FyBxp&Z7kiep`cSPmoegB?{C^GQnVy
zC5Q04eAs~JFZ0hJj@M^&TYzmY-)pdm9e%PIM?Ne}77JHdwLZ-4V$Gw<7We7IsJA$>
z&2lKHLmVPYx7{!_YzVqR*6VUN%rt8Zxl~GYlO^M*q(E@Vo+!~B$><0-zfPUm`1Sev
znM8L?PhbLvPwLUtrGl)j?P2`&&ZPsWVp8ueRH@l6fHrughm){dLhP&IFgM;J^)ieX
zsL$WP!NIN3ZBZrPu0IESHG-BQ1C19^p2rvYJ;7L1-P&s&@CKb(!8l{9ifaaDltp?~
zs@!bXk%6nXpQga%^&3~ht83y{eD19~$C(`;J?}LuEyTRNFDcdNZPzwwg4}35g{o}l
z(gmjOI@+M`oHUjEg21p@R(DLn2EjF`LpFc@-rtSoe|Zc_kt+FUs6jjX`*J0Ejp=ab
zL}-nuT!0@(cK{f=BPkIPk$V^H4*qzF>4Xn5BDGEeXp(=+G^Bt9nsBt@87Y&XD2n6`
z+CCW_A;yN;Fd??Qrx%r4-BhCL6OW(31s?%-I%Ln+EUGk7vT{0+)pJiN5k?T*Sse59
zczp{x;Jpu>R{m+hRu+)a5th#<d<667Fw0N@@$UKN)Yqd6S4GEOOT4?_v+(qrW7px2
zwpu|i!&0H|Ebm8O5%T54;m1%#rXsE%r`@<gH^&lPYjLiU_V_&|*Nb_-SJ^IDXiU}X
zY8;(*rO~5OLIUkwtACsiR5{*l@j2B*FV5qg6G3T{EeMdV*3*gZC$yujjY)C}m~6w{
zj$IWtmf;hA5TAZ%HHJA>8ngHB;;72Gc<y?{n{dbP7Rn15EK^FHHk?J~ksDbYA;CMA
zq{u#FP^CnLs%2H<t~DK6?#xHxcEBh{`Byl9D9t%ARXEvS^$1B@91su?@WJD;sfYj7
zFHrsr<>DPPU0;XASpG;ApZizuiDI3Mu5aX-ZqFTo&;PG~4j5o}H`9FHyr#|3{<rG&
z=&=#P+jFV*$^qJ4kd4n&S{V+|$G(nsFqu*>d;)6~`cRcGmG_jbpmjxPYj0O?y;<#1
z3v#<Y=h%C!u-YAy=XE{M`kBn=xi^?;)PcIk02qKa!rv0OBV;30msi{UC!0P72m{GH
z5`cQM@5Hj78mYpc;X5K+w0`p&ITC5a8h2j|Mf5jP9;Oxoc|Iom!VpNjOPtwg?vQe+
zJc)ao=ogp0+3aEI=ose1TKzK(@2hAV1?f5W)2VB39(xxTsVS8tK=Jbp`v+r1t+1j!
zlM&BZO%LX|m3E`I*CJFMtMd-@CVyS)yOmKDW;I-)BoQ5<Wc`4FfgudYAXx^5HB?5j
z`!>Pcsv0Wbs(UAJdaY1G8OCv9LMm&dMBpLd@dDq{${}NB%;<Wez3Gn66lMfy;7}-j
zt(efTXf{0NOx1l-0-G8_LZ)5jYn-Pj`1u&C?~H510GG&jLOu_c$fUqx3vQn~-o87h
z*nTfu7H5Lhp19QX45JO;1cV`p_7RhlYCBiS5;*ip6S>SCryXK}pgS6Cxj%_1dCFbZ
z2*pS?x=^ocyF{&oUpZ)w<GAAeAt^V=R%IRFQ1B$lBw@eSMq9FW{Hp=@V5H_ZD^}Rn
zOhP^H93}0|Q<;=T5mPyOT*vpMHI(GK&ygq29_{XLi_JBf38qLZ=h7rY9phqcxwFY+
zcaEJfsk__R+3n=M9IKflwYuGt|BN^72%sJa8^PI4*Nh2PIz@aeyu!H@hm3VhExXT3
z#G3yW*|JP;++O87t)1`6VL1ongS^x31|~W6rXEyS;p(O(!El@}kU=3sQ)uV7L)OHf
zx@TAYdY!7sKJR02LF4wARuX6%kI$A#rd7$h>=eMvmQAF0^$Qfp{`L7;_WzqECyG(7
zXMtQiHnfdfuxT9rAg~q8)EelT5DwkAIna^HN*6FjvJ|Tp;dxyw!hwl2L)Ie*#B43b
zj<Gc;1X5mJ4yGOk6g=Y3Y3OMMy9r<mZ;>eFN|KaI-!eVEw%hP>zY?8ki78HI{Fz!@
z#%u(Vrg%HGg`#&D<dS3zdg9CsZX8|x^C>XFa8U(`k~_^}{w?u?yjkZ4d*)UL5e6$u
zOSA!BLPF9d!kasXhI|pRX+;710?w*70lPyx!!YYshBj^+6kxfMDRrJ&VqI^&IG&GF
z3n5|Ct)zvZ5MD@elMz0P8(<(qMMY&|5b(LvzV3jTh(B*%@X;e?<G5C!?_K`vz+ikc
z|C{OfCWoOfu_}Tfnc!5#G8)v{qvquLhA5TX6?5ec@HoxjuXmg=M4+yRQNl$0#QRC}
zy~q0eKh-zTuW5;RoLP@WFEsa~k52LNyKBbahycDZGHd(E*_ok%{%-57h(&Yj$B%|f
z+!3N>yq;TNZ#Bi2^zA@<6O1;ukGtHyYZjdc1B74%RD5Wcr)tt^yQ$TYY;3}b^0<=A
zVg(-AE`zIBV6UvqAVa*l-NR*nIEpNI^UllK)+yaLOhEF%|Epz~&|R%1?ln{2i9~C#
z<XCESim84hmwU1QMEm#jeGU=ZH07MnzZ%H#f|(XY>7+e-{eqAjkuZ^w6XV=?Z;F+S
zjy|Z}Ca$(8cQ^{reo7)JSBh`)6h7&^cCcIe5h}qJuyxYq(aQHqk}5C|2~#kCz9dyl
zRH|)j`31T3Y_*h&`kHN{)mySBHydNyu6WGGuT)BK1yg<GMNV`YHYsl%4vXCh+yXpk
zSI+)F#=bf%>UC>-t4K&H0)o=rAl)bpLxXfnr<61z0#YJ9ba!`ylyrAXcbD|{jC=3*
z?ESrGpY#61HJ9Ve{GM9RTKBrwy`)mxn7%J+Pukhqy-QbUKMoagbak-P0tEM))fVB~
zsqlz+h>G<m1v(7`95?L#Bn>{#gUi;FB7y;bfG(skHti5i?=4h?yeZTy+%uLmnr38)
zF_{YlsDF;^eqtty7ysXo7F~9jV{d+^J!ygbUGQITeHDdyn|O6oZgvvTYQtmrwOO)f
zEy8gN@^rt!Swwt@i{o*)t3<e1J1v894n5V=SGPGvn4jg*?F!4-_<3l+YTUn5ZZD>R
zQA~Y*{Q6-;LIPhTB8}LT+QvjRN73f@3Mut@FZ*WpUkAV(b^siVmAAu?F@c;*Ynuqm
z#;R1L3IjpZMF-(knOqgkp`@f95n+nhfHob(T$%Y9jwih)r_SzJh%3o<mq+@yR@&o}
zp7I>fF;65k`ZoQksB|Lh?q<C7pIQL&tt>iM1C7a``qh6;v$(xo?{fI>F<fquT5Y5q
z@xq`U>8L(Cfy`yJP9|Rbz;KK3#qGOyxaTNT{^&Ku<+2NeRFs(1N97-DmhQHT++8LN
z0+{3{bXkmUX<oxUUuF*VBe9-M_kRZ3Zt|5Iol2g5)qDzcUIia(#|H`{pl!&4e^;J3
z4$_1=Eq_Oi?P_xfQ<2=0c=zqYtF7(#-%oVP>nXYsSXM8O54)rVLJ0C2jppn9(^#@(
zho;Kz25ao@y8R|%RBAoQiv(^TM3^@9VkFYk%-wkG<TW~y8EBMSwC{z_1b~`+e(`3h
zXmMqi5YwsOcee|U-di69J^f>s)z5x!*G$)&k;|_J>&{hFjK#K2l?^D0kFn2%TC;G^
zG$+f1NFTi=4qC<xGXc@1XyJ#>d4}h~+Y3?7UGIsy@=~j^XoGjIN}esZHF22svCqvr
z)>RgX8LA<gC4MPp>f2VUHloJrjt=zLnAYSb|FwS=A7N%O%)Saq6wY0@P|rfCFiAdw
z>uS{>P^}l!q8uo<IK5Y4dYnV04l;ndQw>tu32WCtVJHWb{5&0aUGJGk+U6RIAdK)=
z&jdqG5P)@7eGAC6ssy$F!lysz!!Xq)FAIy`YM36U#9LY%>oOp|WxpSVO_^E66uKXs
z6^(<;#u=ntAEc{I?~+mL<K^Xba@djd+0pfE2RkKsrotRXq9$jscWbW~e)sNMp%za}
zR?su=<wL){Q`O0y)cm5PCPJWh^78S9!CH<D<Ds0suY&qjW_jGqn>t7Q#~%mB#v;dy
zbY!nn%IfDp{!|#ZN=UnZ!u@<tYp4n6C`WKuYX<}bq;B_0je~|{8$fBnMH(FuF*&wZ
zN_Mfu2g(r|f3oxtJ<Ht(MiU5zPNdK%E8UNgfXsdb04(fWdES1Epnb1h@<W4IC8k(-
zb+@By%E$S>-Q$#mv^4uqf~+M;&Ry!~CLnikeoIv$!vGm2uMb0xKHHg>2Fbr+(ErA<
zo%vq-*X9RpuBG+OVg&-3A^c|a0qmBupeK}Ns7kn-n-;;nnxCde5vDD!PtkKgD@63*
z+apZHPkKkUYn^qqHS!g?V;j_%-?SR-smF-pSWN+b&7Cp*g`?VYpFpeLsX4pyJ3DYY
z?;i(k$hzIZqi+>qXGq@6RGQ1~H!Zx5CjhDwK07yBxx?J*uR-0Y18BGv59Bps5D&%Z
zLlRM+vuC2=^E}ds26rRE?R1e|mHo|8i$CUfMe$CDV3!)Evk-yt;lhN=hUplWo3Y$e
z0*9Rww&SDhO|Ed{PXqB>(md}iCS0^6L}|2|h9?#{=9)6_*pyOiR0>u5TT09ysQ~pV
zn!UT~2GEKud3&NzB6FKBQv{lQ0@Fy?Cke`zqk%;5Vu^}0r6w6$84=vgoAqkuK!~?a
zBrN4CEm|LQyQ(#D$SC^ww<BLYD)Ms++ePRf(Z+rflcm?dPm~nTwb4~3jwi4#D<5?<
zkW4^NZEeNqazl|QDznfg9O{oJJzbe?#uQODd~2(>RN`qhNH`;F+B?9<g|>e~yn145
ztnIdJvN3v!cRK8^39WWHrJ3%zO-Lg{ea`<e02>vQI3Nk1{0|8Lc<xNkL9(Qd&6Clh
zvR$9(Unhpi3zjZ<tpaYtUkF*LzlgUwK*-n|;+P2FUf#PW6@bYC)}YFy`)Q<D`WO5r
zafc4ju6uwW@f>FtG$fD!JPd;rs$=uhz@Q*9f=7p)p`_{#^~oUS><tt}C*G2pB8u@L
z;c+@3Iv!=EH;m-u$S9h%VtBnmknc1Jp}x7jdOcn5%!1tY)5?8&yuhH)H9COe=m=|P
z(E&&Us6k}}a_TNS9|p3-bTI7IP#FU5G`Yju`wuSa72@*fgx9@6`IG60Q7Wi@ic-M(
zVnm`_pd(mQT`OPmB%_^1hu2dQeSbl|XcACrSG(duoaF+u%%l5rdYr$Hdf<7#^}+;n
zh;s_57GVa9{X@(5!EzODtK^bV=|DaS88J&XDYJ%}_rV>zapS=mHa2#*@TE|>E@&W_
z*m(B}tMPPWD6O1Igvzjn$!uo4021H$$~?%++qbm1)+@DMc7OjQ;7l6J*Hjwn^JuMC
zi>QV3SgyU*&vc*g?y=AfJnF+xK$qioR66HFvere?TPiAB4||Tx;jw;ZiN~^LT#!K9
zUH=8uV7|kNyX6z`ml0{n^-}o<-d@kI<`wY--qtzprGp~+eF>SaQ=F$tvGc~~oYx(A
zyg?PbhlEzw>{lwNvZ)FU!>6?FH_G{{{x0X6w7oSg9vCbRTW`Bq*GyS(q~lrDKD}F8
z?Da#zO)q4LkO%}tg0Mn|6o+SuSyE8W(gCqv<cz#G=g2DiiU;t0HoeOrZkp9h*jQ_@
ziN(*Sezf{vrEB$-P~(+cki$V6XsNxPKVGfimDAD|h1#PSK5f{>#1g%e!h^1)EzxwH
zO`%M$qZDz+Yk=AC*@av>gJ0&^V3a1*xC4RC?YMm5eNImXq@cS!TdQYlNh!MHm#5Pv
z4d9?ASrcUAI?tgGl32$$>?qLUH&VP^v_z1nP6r5oLClE4Vd1I9_IXRpQ=X{*p)BYM
z0dSK1`O7J~%qX-+sZ~1yzY?5fMD0Yt&yhq@m5evpZ4utv4G}nzm6S{cYyU{rtI^qg
zN{AcBE8bN$p3OWnin9b1?~GRMpF<!&=%z))#L8}EJ0p?G0Z%K<BfGERdB({L6EmHf
z;;*i(D|VD*WOBl7c1A+%Ad8N_`xbq7b@v1b)4;$W=Ib}<&r;Qc%`wh_M+O9O>3)Zx
zVR8mg&oS3@{DaV#J7W_P43q^PFA~_Tc8kpBA)yOwE~V-t=%vE*m&L2D;>cMn1V$q2
zU+q!ADNiu!3}U?5#G;6u9-t$$G{->1v@~xTHY*^5xSejXonG!~6zuWx9!|bn7P$az
zXj|bF%2=nxQ$AZSG>RB>1dV4eQ~Ds|q&y}S^S9L^c)Z$@?cjOc%r90MSa~F{JMAud
zk4~6Hwy8h%o?hyUFD-6nSJ6?6Ak!bQvrd3X=*vI)a-zRqo8D~90l4XH8ynBIX4ZKM
zZfD~b?`qviyGInERMNezVt{|`Em@+2XDd5B?Ed(!<Ppx7%#-v2P<Z2X17w7RK3#nY
zk=0!+y?R^~nH5E^<}?G)+Y1;%ZFXkx!aza&lmGDLX~SJQd(tS79-yo^RLq+IHLVv{
z<0~<((s|n#wC5&WF4B4j>92OXfRfF-5dZU5lJd*RnVB3Bhg#nI-8@i$+1@B)KB9^c
zbK-je8qgp<@9QX#Xa2x{mFx@E@2kYLUs}*O+7#9<y<5|w$k)uI&yR3*8zqM*P3wR=
z)7W5nIwQx4SVwO^RR9fSc`E{`{(_HSbnd`l#WxoXHb#CSr~i}42c!Uy<e>;+OA8I_
zXcMTiGLj+2ZZ$~7ozkZQHu)hO9kEQgqaH~INXH<@vKWI~4ltx00D+GH3qcMbB<;@P
z;)pjtm(fWWZ(_LYun)g}*BtC@UF(ZIm7!{B#Rc$2OnrU5h{?KqnrOh_pyXBeLqE5C
zWSstyj}MVQyK+WQI`g=L7)l#a(<6?)&F8vat!!-+5Mha(R<<uUvpmd-{59dYjQcf-
zYux~7iLBfpX3$rlUXcnqJgC!4t}MTTc2Yw*)RuANwC8KG1s8uSk=vsVb%jJwg6~zl
z>gwpHafX>xnHf;lKZ!55RMJ1m^-_aJ0&19BEY;r{1{6~8FOPt-O2mwIjimDBQXm>h
z5EtVFc~Hce?7Xaw_QYlIV~VZkvNZd%HMC<n8Y=PK?d{(1=mvW6fygP-&>?}ctM>Qv
zK^cv;U!pK5wn|A2V;DTBXVOnKqnSz^$Cg$$Q;wh}1NFx2`B-GWY-A8tqxlmI3U1EH
zk)KJ^PXzeg2}G{GXvxPd?QKB-=0MbcSL5UtWvy_-BR2QJFyaw%<Qa!3l&VTaM;l<j
zuyR`Cs>*XQcXx+KbYpGpKql*=OWvBTE$^5Ax=F$Ei!=TTp02ey8^(j){R_n>qKBnL
z%1^pbEXnnj&MY-Rr)Uv?C-_RY;|UU#VRV|jORWGUh@Dm~pAOCBQ{9rt5B0j)f!-dm
z!~VP$E9exCA)Ux8F)zJR(+O}J?UukFpkz?hsg*fZQ$nZa$5%f$ScC9`1E{U-ul3#A
zES620S5Nfx0KMtWCW}L#g$1&`-;s0fhk?}YXH)B`*KPjGtd2XA5hDt~uk+!Q&jnrs
ziC$wGo5#IK+A7A2bw)C5=T#D9`JZp>8k~<VLuCmB3gr4T&qiMGna6`lr<!xz7U7<~
z{SD@2fI2i&k@hDESeH+5rNO@qCew>6K*l5`(H;amE)<5V%TsgvJ)J(e%JDU3=GFUv
z;4LO_Jt_Nidz#er4x-frYT<cNPGxrx*ucd#0*Pn(V!L{jf`m!w&(x1jFq;)hU9TJX
z-Q`vlu(D_b_@tO>Ril~Y=VOp>Gf{3KPjR16h}M73#9X)PsWV%(o^yR&wI?t{6a5Hs
z2vx0h;@>)Rb~i<A==dDX%<3|ZUEq?@@;c)NRKn-$G~IL17x=nldUtzMZrlDcl;d=u
zT*v6qE8DkkpWYm}TPym#68PIHGXc&4aHTvLEutRkWBltaIdK@-fitMjA^H~=nbfb(
zk^lwX>lY<y7}3EE=n`DsUNv%8X)%z@f?BXX0A!Xw=d{5%wCP2n3$m@Ux=RChz~)Yq
z&Eo#b`Z^^q-q}{hBiZcqB260@T{4#0ptj%n*A3#}16}j3Fd6#ja;7u|)DA?~&fbSY
z4S@QpQkp30BC&1f*JgX5=9FN^sD%gN=jTraRIr54PqEa&!L{{DNogl1Ya6MMS|62$
z>}C-VAp`zn?`#}B66OL3E))5bh|O1N8B~igf-lvuQq@$b)@zQjfha8LoWZ=E=dE*k
zeO@OHBZ0WL9}1Q;Lj+j(Leb}Th-vBfEQbtI$>_qzbvK{{1T*OuH5_$A0wFJ1-E$qH
z4xm(8o)blWgCPH@P{C~Y0B9B*uQLh)fbt2&T#a3v)m&}NFz-7Cq|<7ry)2If^K$uG
z54(ojYQ&)lj-rE6zPATNjstJP`AtVeCu`lWlFIdNxKZm+6U4Vsk&)B%gb<#a<zkP=
z!nBi&2RTV;z<FEFVl-XS++{i|?Ek{*A*jI|#-O*<=C#{7)#X(<kCJwghxUv)?Un+d
zuNoW$!l&lhg^Qos$O;JkCZ~)^_fA8z4x219C<oHmP`-Zhsfy9H9UpGMbGS~ItRWdq
zaiEvCqKYWXfo-M;&;CQtG)Nq`nmPS<Y$sROkx|o;_K+S(Lt$_N^6uXgPtX3a6_d}d
zhW<hi7>)xDdBps&>da3~C^Yz{3SccTW(hBa`V4$C0Y+yo+)MR{PA-kQjy7)uv|>M5
zMF;ICyy?e)McMU*Z!p{yDIO+wp^sj=yu9r1Dmxqv+Ecyaf(pj@1*{PuI4caRFmP%P
z5HKC1Khu(!mq}uhXW)(qk<XCC!eiSqmM^!QVUHE?OzZ@bS>6FSj4}gB0>;{pdAjOM
zRwyCy;)XpDSb%zFmdxDa4@`w&?zh2F52Jgg2Ht?7Sn~W$i9Y$`;lu$vOiUphMs0DG
z2Y{23^mg#uy^|G*>hErvx+l`-)*@3WO?O87H-T(hl(I41aEmp7g%jrNxRoZ~A-gqR
zAg1$vkE9#)PL&23=wTBB2EC_*qu4(Fpo26erLi$8#ia~r2LJl%+%)k0Nd-ry+fjth
z<n8KkohPi;S*!L|7Nvck%OinJXulXlQ2WR@OxA;9r<H6<q1bxUlkYG)7Z#FQS_wyf
zyn29&npf5jZlzoG{W-DI<p`ieIJA$vzFq$AGDr<bDoQ*aAl(4nZ3j)#fREyG<9=Z%
zW;R+~Qf%4kd#Y4xk4sTYCjoRvSluS&fD|gE)k=u+PlSbfVsUASL^x)#m*r<<Pqe}t
z^Mt#}3S6w-bs_7eCnkgG0_9tQPdlaEc{s3E{baPVg6sNC$~PBw-MiPL!wEpc=I_qa
zEuz8SbK;>Ske&0UHKlI?IPL9}!-Le@RLs<B22rt*_p{ye@KP;W3rFmKDt#7hAnP4n
zmoHJ9D?RbJvCX~ZQM(&i+qGuU14_%JH|)j)Q!`~>$7Pd-zugls&1a#f9Lt+X-di}s
z(CSa*lLCT~F;ROa$bTab8c`DQnN)q>_vvd?MfsDC0-R<F48VbcY?zH`t+ccOO$b0^
z9jQZFenk|HQT&N2G_A~0Z>iE!Bj%^fxwnbc-PV|SXKSlB5b63(Ae#630<;N-I%gcN
zj){`*sR8{ijlfFD%Pq_onXIpMc-&WyZb6)7L{O!aSOdQPcZrvp&G`mbpjXGYs>ON)
z`dkw;r2ar^5k_S-;wt&hn7lJ7^ke62>a>tiR@?KaKT?Ahb~I09BK$#^&|BTNni_@6
zVjS-6y%pP!Xe|M@2B67`&_*Gc(^c=E3n&1;OJvITblda_1YoBR;88NeG9&{^v3jCM
zbUb%QvI$w8o;`%e#xa~l-V1H@W8LZ_4_flR9rYx7`0%0sp{HKz9Uv;1^+wK9%E<J;
z{-g$a)dNI_gkfd2%39V%HqXTE;<iA&MxjUh;`Y!LFd#WL5{e9a(6jrpk^(N%#J&us
ziXi{FPdVmX5ktCxdv2K86=T0Q+k_|deq+$zY$AuY+i`dHRUC))Xf{U{6LY~t65y}(
z#b4xMurvg?i-79?bin2}ot(&@x*EM@QKniz#$gx?+8klsiY#2vENV&>2^=n7qzTCZ
z-b4n8NWe?43e3$%0tF?%;s4L(wLJ#9d_tt6w-76<!qlIDbk6#|-@+NQz|C)*Ek@;A
zYO34Z7e)J%UesWA9S^1O+$fc?qMKtfe1W`8<uc2_+!O6c!6y>}$DB@A&5FUd^mq|j
zE@R6313YN)X-%@)6WP&8_Le#!-BF#40hx@`BImD@dh#lcX5*HjNz;fSpE>q@Ms{@j
z&OPRdqobdr?x$UHbYA40n|9T<;w_(C<}zc^reAXOwTvNb9tF!eG&E?j;|(^DU#y)y
zHLT^Opn+|A5)PY|wyvcGW6dBQKz%y1uFBi0NGCrQpm<XR5QB|UZ|7c}CT)%4*r>xn
z?7u{jzrjWP3L}@#TO=oZZ~p~_>!QJ+M6U0p8O&f?0=^;O1xv*tXuKj~c~Trf6<P*7
z_$5$qvRSooB2W%8hu#PA?F~;+@wtUH36Qbrp3Zw!|2P2csB^SmN=Qhs>I!<cy9YnU
zK9V@87*S!+`M|HY1jskpf?oG~NfkI@`VR9Vqymn;s=0C{sZ`!f@(+U5WGoJmsdSp$
zA}Fo->Gkx@1R=Z8)76!#=z99!ch!SqD>mY+Yx5{I8(gq<=gKtP6A5r@m_m_hz7X(9
zuE$i<K0hAU2zQpsZ-ZOrZSSBQtS(901XKb%qfx!oqJFK~fYMK&gt^~cKbvcKAN`_~
zM{dkanVKjWn(f+O-*CfgR()`vn(&)u3l+bS-xnQukdJLY0Bo^z5NRlCYR0?N=BX5#
zAWe)$8g&8y`jfMzQVTD?roBB1>c&FI)WLU@w5$OP7!OA#q4A0L@ePmT4x*N^fbS1I
z=bi|9A(24%&tFsPt(HEO*su5FH~1bDx7{G1Jlzcsd*bh>f`;mzJ;YB&_UV?(PF-uf
zQp>eFQA<%%J4=R-*lc-8hTv8sk$~Sx(9dw`O^sOpMz+axjX6TuUGBk>8ZXmVyyDY$
zj7Hbfi7lUiH)8&%td|<Xx_WuF=;xtS8Q)E+34zdQ%q-YPGdlvRzBWRha?$r4l|!{!
zdnC*{f{5k8197wN%f5@t=Y4z4PEKad)8+3-K^uAz?etKU+B-?08a5H)#!Lu=N%?;s
z2su3V9C*Q*oOB?X%K!<b#{D4%vZX}YEdF#)U!Eg6-JFr0c_X{#DrFK~HGKwYGMX<G
z%psrUnTyy&sZ>gTb1=<%G7p0qcM%u|@v*U|X#Ji)eA+D(Y#xo>(!8=##p<w#_6XTC
zXGq6mxKz*COrb7_%H=Vx5MUnYCSqWYO24)e7{}m$L!<SXyCR2v>ztqlGIPhBWkoxH
zvVTgv+P(Q|w(;=@M^|39d;!sAa>-WX4M<B(+x;Y&bN?Asy-_mcn$eDzj#m509}plx
z7>{Elps&{{7IMqgw|@i5=P>7=)Kp!oQoJGHw_rMUEAkv5WB*HuDPXP&y8NOHES<M(
zc0DxsAL{Cd55mA{4(l)L2C9<I)1{^lnt{mOltVryTz<qa1qFW)7+pL#XEyl0G0R6#
z3-x1KgSqN-cY&R<F}yyK%pr2TZR^HK6*z|9Z{>$4p6L-+3Bhg;+nG}&%nXb^UboY#
z1xMo)(WK70oMTW*mjNQ-06Rp?G1cCvl6J;q2-Y)zm{=4Sm=L+Qw2|DSVU&6EmIm?{
zvhKfp{J+Ndf4ugxC%0LT>h@B4gH2(SW>N0Y^NR`0OOd%f=GzQ{z>_D%<y4{1jdokw
zIy=R;=5L<UqbtmwHM%!t0cqs}IuKk3+%zeyAfP-W;$1oTy<DBTe*LrPjx6A{`TLD5
z-xsB(-ZT#?{yLCW1WHu9*gZxmAv<$*=xpZW5Z1YxK<AkFf?dN>j~jTHh}oipFUKb)
z`5!O02{oQl9Le=JdR)X*RdLpOT+|QoLUxT$;Mhko0CjPi4*KYC7yZAi+}|nCL|+R*
z35Jq0<l1iANWJte5+FLeROs1&nQ8dFEI9CK${%IHbYx>ZUh(rXMuo)y%FrofNYMg{
z(<Xz-%`1Rf2>3mjNgi8b=X-OQ_B5q(?P;Pnbgwc0DCYg~M=>v5IR*N;+gdL!P&BMx
zYW$9fd_i_Oy-6EAQy>df&6XpMW#7elJRa+}3M?EOOvG(2GLXsj?D~uCdVc`}u#v$n
z7Pw&Wv6hEwPDF^9Wd~~poBuevzYi7<uC$h^gf;M>YXsB}P{HbWgoE=QP=b%+iYD7l
zScAyHKk6Z4$!Dri#!>7~{<Hnd9U()Zq+**>WmzDP1H-5vIy*TX&`g&ZbAW11sg(?Y
z<?q2+fWjIGSYS!RUlMpWS}u-XLsbejoy`W5@6}XSf4&5X4W`IT{T$kuY1lqa5{B(#
zvsP8nB&N`+P*-UfAmiiXBM%ToTL*`X>kH(sn04dT7$eQiuTX%<<u~1N0Z@{JmDPs=
zsP26hSSWu@0sNc2`zNVK+!$6R`0S}tz(d=9ieJ%dKhASsAW&9pbsu;R`r2ojCP4L+
zF2dZc_SyEv234Df^?ZFM2-h;X{WO!`-&{J-$ftgq=LfvIRAvKFmgXgvV0P!D6+Lr2
z(R=sq;jL23GUzlyNX5P+b6C%3=RtO9t6YIM54mVm;>+aywXL0Xga9(N=SS$Fo7&_1
z*4UVGpW+DA6(;+k6Dok>)^-3AsDFNn1FCMGrAVVCD?y<V5#rzqjfjtcXevS4?!^AW
zMf&%LmWlBm1!h-N@XpSz@Cuvj)y^6|LE7*593rSc%KcTQfJA_K7z?JWa~jSUo$!^H
z7rE&~VL~}jKezW90vg3;^VjZ=kZLG|Kjlb=DI~A|_?iI7j}*Lj67D(;E+SbniRn2b
znUW&vV%FByTeCGR$Hl7t0G4Ch(rI*)=#YJpwO}*=D;|YxYGlda<8j)2eWw4rXxk%G
z&fv60$D<>GTUDu^DEg6&4p{|EiX(QnhWIK_uKP~jgiOP{Gx#}O{V~nuUY&N^`Xcau
zy_)kqK|K|%OdM{nk{$^TDFxH3pEFfm>}7AB{kIby<0DvU;kfcGF=J|G#yE;x4<B|;
zbg_Ov@UxW;nDpB9pfIFhDfiQ3@D?^P(4%+8W75_2?d5YmBCB;ebj!8NcnT;k-T-KT
zMMOuZrx`r&twsR$qlhmypA76$1Q1Omr=(OgF`+73PW6ozcAklFCU;l-Vz_BX4RO%d
zC#kTy3C-vO@{K}J=w{_;_QMzw2n48f2xF@!P$D3RbvM5rsjIE?uWvvL$r8o=DEe=Y
z^PTZN|BtlXVg4@yDWB%!?4M@9y^0_ad1#N-Ci1F8s-kEkm$r7RcB?M0P``El1006D
z<dfV0EoucNI3>AQ(1CD+-fM+#!2f+cON>NjM*sd1v)%gHaf7i{X`E-G_iul6y(hwu
z`%!(tmvVb|?1%Ou!u{%e#(Az9GF5tZmxNwTO8cwL{Ocz~P^cF3JJD`?jjuF?(lckw
zY(|Ng@!1L$X5#pM!H)%#-#)V68dZZoX;Q-DFb!iwojutu3bP=nmWrZ7+xmI?(f`%%
zv*qW2p(|fldub+-$gj0Fkd!1OlqcAD&=Qzh1faX{=T@Drs=F@`^j;O-??0c=<j^<t
z$3$d<ZhU&uXYyE~?2YAdOg^<y6w*DoUyt?g{yY*Fd_Yq7K1*V{Fu~|8X^a2EwtiC#
zK_XE&eLm<U1@WuWUIAZQ3g|OZLg!e2!9y^zXO}l%Z<pbV)@s(+mM&cTsOambx*arM
zB|c!Yp4YUh-852kC=J#E%?MsP|6KHR9cRJBzxUC9=pCJv7!o-&yOkr0kdNdYMWoZ~
zn@fcnh1I2T%|e`id`Pb+q&7c(+?%R&$U~wul5ndzLfO{T-=jl)^_y4A)6b{6`mbM~
z$@Q}+WX<frV__nfaoAdc0e=(wpqq*={?$6k{fx_WDAmV!8;BltgQ7*@)&OoeN5J3J
zs(Qb#?R+vM_7>RcM9UceFTXXnZE#{&rG0t=;kEr)d?CQ`G9xM{LKSG1FO4hx$A_f+
z8WlxR2U%^au2xWJeC_jOf*<b_*fvkg!I$o&#2fdC6GK%86GDz*O@f_~Fd)5Bop+aj
zblLU!F{!ZM8iQhH&_b{WTdSFD;`JA|!*(2xi87{_VCF(EuqGP3Q7H%nJbIO+cxeoK
zzDtc5^*w8>sh+nfeEv@}mn@95QQZHW!{TdDki8;XNqkQ1#@)FEdF~J^Jorqf82IWb
zEKJ3)tnN=pn4bdtFD9orS;0of$Q5k$4PL1~?k}qY-A0u_x)*DUSl`7Jzw%<%ZXj~H
zVp}{T0E?WDRLF5(CLG`hoxpfwjIdwKIeqlMpx0y#A+%s(=DW#$A>arx8_OqWGasXg
z4PMOscU$oHfBXE(t6Zz@t;#e5wPk>3TSs)@t9!9QVE%+<Kj<zcVPSTB!IxrUcF_tX
z{k_RDM%{flOoQWjgy#@@-*;AkY7@bz!p~k}!uID;1=Ea3^tV4Eaz8qUNK3ndc)#29
ziyW-kNFWl)?Z6>Y7$IO94?rT{Eq{Lup>yPeB8&b8o7H5*M;H*gj~p4lF;GwHE-ecA
z^^U#mlE}<8-Bidx{?X0(@c;jXzx*H^sSWROb-qU3xCI_1R`2JxkY8^uB7>Djqv(f7
zN42#HfAn8`Pktu+>(_p}2ivlwk2Q+Gz_vX`)c@(&dWBI6GL@{%DXN1F=0l0G-Q32G
zgp{c%9hFWYOA1wWn)}K^`fK2FrC@MT`B%6W<{wchUPjmzr&{>^uW9-7p#_^CF-6!l
zyV$YAVNgwh>BZbZP2{6h25mfq+S|hB=1lQ_AMZm_@cX*)fzxW>TQjo=BbPhANEF0Y
zq#G5eixl8$qW|->Fw=gmG>_hqoFUKXi3t7q)0TN#uoZO4_A)_ib75j8UK~h?4-X4N
zq!3M0e24P;4Crfp(ABp%`=IOX-w{F>ev&4ZVKL=oI-MWW)=q&_@cUZ*F@=Advt)6k
zw=sEB)q37<-=<5s)z~W3+Q*PMxND+-2b7zI*|-gqRbEm<ZXqt5s{Wo+lHX@d=^-Ko
z_83oi(*%|UlYCJNZhy_2f@uX{1+E*IzI^$|2?Xc*QF=y37oZ4{GZaQd6v+_}>`wi9
zGNSihs^}DE?QNXL)}mYXxExk5urTfR8S+Jbe{e5duu|}8N=KEzL^@sne5c5E_!-!r
zrIk;Yrx~^x-Q?(>u>WW;{%?L?4g!bvf|m#sPep?MqKfn-^*K?hwNOp2Xn*j(pK8H=
zoEr<%IFq6WoOLj|xx((q-@i`I4g4~8k}FmpEh@0i>tiWIUku+uZBoUh6}d`8gJV&)
zU-Uh1Df#EK+bJaIXFcD*BRves5Du4!cxl)pIaPY-ywh$5TMjTZ*hDKqAks14f%dcg
zv&vV047wgn^qQs8lPYj+Wy8yG%CDc^ZDgxw1SsWecJ)UyC`;n7{PUnc2tIxI#n@>2
z&hvKA%e&P2&V#4Ok22z!$XhfYFzRP8`zFL?&cqBlPXze8(flz2B3qbEeU9Bh`Uw*<
z>bO<hkGr|K#>mVPXi!#T^tTQ4w@npLA*iWIP5qp3;GnPllEL;6?4hS%0Jpf1w^Zw?
zlR`BVzkfI&1(<w&r;${fu0?pv1Vut%w|$?ogc!$uO+_O}xnurML$ZIkM8?1%BN@qH
z*!np`D%yW<kqZxYo<3j^K_{oVdx7Bqc1oT(bl^|xBg`Pk#BAHT<n&40+rPb}Pm|@J
z&)*+s{f8{kxVOLMlP3`BSh^uy5+SauZDKm1KbGYy7?m&N4T&QWRF%YvG+6L&^YFhn
zf)~~AhnKice<>fA`laKJDh-8bitIbY-zP+08+L#l!L*k+FPQ!Z1O5Bctvm((6FwxK
zkL8!?VPZDM(L?%UNS|oHSd~h`O8A=F!rl>@{y7JKH}rp6G_VVPO%4yVQ?6e*Pjo(x
z^FBBZu3mu5(evRpT5_2}`hMl=;G*|Y^VNP2fI9D6wLXH=*ZPJ;!TqX2^*s6JFJJXf
zzfnS7Y~Hb7*{rP38l5S`)e+;FLp?$UN;3oeOU7<Y>F*;}Kb)@Qliq7M=RZ%?TsQ8E
zCEjo3;hL~i^%u+sS4_|tk8B+<g8y`r|M`Xz>?&+-16@uqAu9%6zuhmPJs1?aivkiU
zU03@9ks$)NoJ7KaO=Z~mH3ir@Q$@CSxnz{G=+*SJ!e$eN^a(skrqpkWZY9PGwanLn
z6G;gKZo&evXs5TrliZFZ8tt&Ya~(Ixi=4p8FqM4PCWwX|q<<RspKl0yA<8koiv?|;
zLUr}MPS|BW{&rtP;YS}whxo-2)(YsK@%7~7M6;*_$g11UIZQ}^W8}P^P-WO3KUHHz
z*hA}jvOx_(#Bw;rOh{;Yx-ie(w+HBwAg0{8u5~b9{lc?Xe0*_{!PFm<v`gLHK><~b
z*hic2{qK(^CwIT(1w?6ibj9>_d)vn?%Xox)aJGmjb+;7MI)(8;vUrpT=mec5jYQZG
zC{tIW(MqT5M{X@YH2jrr+M<_>ZPm$@3uVSt*FTp-UV@lMLP`qREa~H9Ht3^c+e2S9
z?FflEN`%C*)8}TPK7{~1At=fV&cVd(y8Xs*&ztS$?8J$MW?LR(51yZOiD7_asxQ%4
zSC0DM78-cqs$QyS6yGJ{d&LtNfF_y}1f{aI7~H?YDnG`X<{0{9c;zdtXK0F=&dgFi
zVG5yA<O;6$C#)_7UP;v0Vts_?ve9kI>2~rAMWQ_091#-@s-Dwsit10`y+}x&dD83a
z_0b<xkW@9d4QKRp);kk+TQ}Wc_b!r5Q&iclRS5~>XrsIb6OCex7Y%d6{>vV~aDY87
z%^K|V1L@F@{_^{3FEH-GeSDIwlv6ruk$X1Alj4!$gV~Bi0Y6qPzzzzzV^NnX%*NEQ
z88nHC>W>tt>cED)!0$wU3hAwa_i_Gl?TC0>8n9~xhZ(qAu-x*0I3KB07<s>Zp*PHI
zhOuPi<c}di`bkT2z@<$U)bqnU=7DCv7|T_O_T>A?IMqNYy;tonocJ2#qrTpIz)&#*
zE90>J@$DYhc79m~z&902^hIL09dg}nFO0Q2Hm57{?6=3Yz(FEEJY0PXDC(s^QSM?T
zJjC#HYb?>yVPgsC#YuwK>6SB&ju)|P=5K*OisNlwQDX#X<K|lV-pFh;o0!k#EFxTn
zS7M7Jn-RFREPBJ1nOlpzY87UYWijh)azI|R5{P>_PcLd0TF%$lW!dk0L|NLwDh}1k
z)UoMQb+soZ?N}`)#moDEe;xs3eWrG!8MJ6>i}qLeEA9Gi@ZCcCT&;n<ohPXO!>IqK
zE%#a4OBI!Zf~=hV0au5F<dG6E)KjOxP>V<<Gqw6Zd<;?Al}}5o-0+6i3a4!38O<VY
z1Nk_qNE&6{tA^9@xUjG={RIw_K|!ml8B1IBtFy$@y_ldN6d-mT0Es=R)Z%sfX;X7D
z40Ls!`kKz?>t1?XI~5rMnp1=Z#IOfbhO^ncrm?HHH)4SQ3X<r4hFj#Y$G&j^VE^4q
z-6+{u)~-sm2Y!2-paJF4sG{t&+)8KYxg>x|=kmyDX{GpYe;PR7UaZ$gUGW%mqG=<n
z2J3*)d#I^?{y*$p1DKH*)!-vFtnEu`t1zA6r;XZcz>NPqhK3<^9$Se`=+*Lw68ltl
z31EHcZWl+X_gc%#wbp#U#{~E*zTKOxIa}ku+ObQ;y5}(b^#>4g5IHv;PWPW1P`h2Y
zyA=a8W;z^grxZ<_SJoQNC3>yCj!mE^ku(|sugQAF{iS%WvfX+QuB)B0)qT&V5xaaK
z?H?x@)D(9^D*>>w3;-=U&M-DzD<rxdc_!Xm``mLdWa?r2pqldf;Z%cb)y{N<6yWBr
zBN>^Ii|~Qlg>Cl|==y)I6w0I7N{3Gq<s*0D>tETAPvPe5SYmsBZ~e-APoo6;KW&LW
zE+elndW^gp)-3&{pwUg($@aBnn3{_pCk9^QBhq-)QE$L4ZM^fSsXzSwyi~6hz9`PQ
z9ZRJf$QAFt#NTs1*;qFO4ED1Iv<9#RPKSYR*Of<C82QmgTF9jH&2W}1AujWh<CVu!
zn?EqHJc$l_F+*uOU%?#qfNM^gttDi|2S@uLpMSsp`0Zq|o{{PXUS+@{X$UXfg8O-b
z);=RjHtk2X!WnlEFt2H*S#~Ns_<DD}ev|lHX5qw-lu8vLXsyS_pq_0%*ZKwxs3sIS
zO1iu5=--YOTpx94=H94;IKx7+na}k9+p+myGbGt4NQZ!Vx|c~I8x8uXVM6FGv=XpM
zV6(yfYc@10Ets*8_lxiGF4Sc&w$3+Pb>e0vF%b4&$?;!qkQPbfaadUZWjNp<8(L<+
zYx_LIyX}p%a=QJ#WY+Dt&yf)I(H2v8V|b!x+vmqmaB$YK5K*4OqZnO)8R;Dys&Yz@
z^b7Y`2^HIYS&-^<+{dxX<h<WNUHN2XK;Vw<{hULV@f{c#>c@8nFFwcc!u)HAHu(Q$
zzCqZ-O!SBC3^TlCj<6fcWghG^CAr@&1!B_oJ_3MYes^uBHz$nB0A85nz;dV<ouIMR
z;R{Nr;Jo|!%?R3ReyjL`(=zJWv&0A0M)PjR^gvIuQROGI+%qQVDxv3f3GexASs}~Y
zfy~VQufrKqJ>8MC(hu9OZ1aI=)kFrU-AWZwT(BPrPCWJM&v_2F{DTXF#ThtAz2Tox
z{|~F9FG%#p+rM9~pPG8)t((FVEKGysq7h-Z03X3ueowG6vQ=O`W&+44DAt_srh)eZ
zdVPh%qvDB!Ba^OPv84b|*&Ml)k8>({C}_B0d^=?fh!kHrwl=de9P-A)5)&DEq8ZVh
zP+>+lmtv#Ac)+S=uXcOK(W~V{GadTqT112rP#q2e3(0Y`?<o+m?4s?wstjxaQghpj
zmk+Ce8{DjB2f_qkal!2{Mbi#*KjgVM*+ono((i*Sr);bOv|=Ix{)PXE%}&UFuwI^s
zZMJ~#Z<I+P^`u#t9~~BrfHN79z00uG+y)*4ir}FCO=C1~qUNQ|55ec1Ba0Caq!-~Z
zJA!a&!5xKc-}$1aqIBuQy_?-5-TR;SDj!bIyFdBpZxx)%l?2>Oqdu94mqw~ba#;_q
z&U*l#Lujr*uF`tCJSHMI<lJ?y)eo%;q_bBhOAI_Fa86#MiY0iyBII$qq$C^&2mJ$A
zddMRfb+iG%X_i~cj?vW}R$k8PDgd~up^WRx$tg%1H>Q)>C8LE}Vl*m+BnW6b9Oov{
z`8rjVohM^*>Pm7q+!5xs)-$Pwv^AHpuN>tSmYz)&dnC9zjINuH<<hg6jYrI_*;ScO
z^k)+`W#boTFWd=ghkAI{-+tFf550I%q;?Zt&tm#Id8GKo|2oP4+D@;ZeqPnpk8hJW
zI-!2~Zb_Ji!gtbo5_}?+PEIvN*i!Tz8U<*6C?y*7j2I8)T_)&Ds&yiO>T5AwE&&>r
zGEgQur6N83q|JO7%rRe%^^DD?+DdDF(GMhtdK%8Zlt(|IGI_RTo27Lr$uv|T&$@oh
z0_8lKM@ZMtkR;}CTMgJZoF08IG+)HzSiMbn9=nw`c0ZAu<+vJk4aj1uM$u`L#l*zi
ztLodw!a3WeOc>bFmo4+SQO8Z<WY5hS{c4od=otwfL?TBaqy9^R;r#%hh#1b;^m7*e
zNBx_lOhLG%<sONuJ>w~Uxs=!KFV<(9Jd@}&YK8glcEVq52ONF8-kS(5*AhUey54nE
zM6D^zXTMk4^$>%oE_;D|xWvF1WWY;$6JzkYR&fH|1CMS7P??7JL+I6^-?l5Jye8hy
zClZ;DUq{Srs{S*$^xOSck6;_t-zXhYMf&OcuWMGk>`6(?uZvcW#EK-Ciut||uB1}i
z(hJD-c@rV<R(WO`i%o_|VgLo-?R@UNw!6W}22MIqt<rmlDaOYpsZL1-eWZ%8lABj}
z!fmB({Th`B9_(U*-*@r8n`d80UR?(qCN0*8u728gX_#C8_*jhi<@<iR3%xPPCSm7?
zm~%V@KRs$7NoR?!@?QP#ckDAYPbLC)xzgO}jgv+c`!|Pr(B={~(pXXW_FK<aw?&X`
zXM!AFJ%XE&1*{)>Kv53Q%nZn3F;!La`#`VL__3_B(c`L5Ax2NK94DGu;L0H#UaQtI
zdfxpqwk1XF=({=NdN$niotvI*ZW*qOjO*)TvpThXejJJD!nwCYEe}C3TDJT0+~vF^
z)xqPOIgN|3_Y`aODk)BcwNU^K*Rg@s+%e381It&(^)zEvri1&RK?@8-1)?{0rbtKy
z1sFnHDg}6NRrFW@_>1n<f<|r@7huP9*vGN(vNdiz8U~LKrU+fnr&cW_k^$eUhYiYU
zI!qSBy1Dz}YQc5C0o<W{J4b+G-nE|O8D;QXYY=qiyg2M2wEQqMMI<-KG`iY<c*54?
z?eFzscH*1c-u(+)$S5)U@(qfe+f6V>+;19cL%HsRjRG7U4?(q;>e=30xPkL42F{#|
zF80ohbx0z=a-+^|!NLenb6bIiXPGD8(o`oLUY>G+l`pFm2|kZQ6c91W12|_K$%5xT
zzUbLb_yCJ~!*2PAOtb<;dZpRwIcUWknjK#<QR7*XBD}6Ea9uo%!dR=$ep5RHUy8?S
zVM1HY#&bw!jOqOTi0opsLpkxh_Y)<Cg@A)f<V?x(`-`PxS<8n_K_~Va%~dy>_~}<_
z>(G=0+8N}F1Miwrn`V_oEv0+=kvccrczx9uQIBmuUL@YlMD-o5Juh10d|P}Dy!yh2
zF8d6do;f*T*MUg#1C>dKW&QkOjh9ErYF3FFIA;ywGTfVQC8QILZZVdgPb88IaW+ld
zOS`6kZqs(33vhffar3nIds%V6&_mYn^`8L1zl_$Oue>^8;952oCIC&Jb#s+kwatTQ
zr|?^Wk$8)d5mc|B|LD@ZsJq!4p@mOr@(OERH&qe!9mvAJG#PZ@Lb0kp6s=hayLGJD
zm+NnENua&^*&(n~3l3P<#?Zj}<lV`LY_u4Gvr;+tcoe<H4pSd!zkE7f2y&t?fj^hp
z%EzcxtCZ-p^sbJ7^f&$F-8ssh5M6yHv^{fO{`X$jC=~GA#}DpYgaPy0+&58^e!rfN
zf6&OMmKQ1*q@9cjnXTVc!95<|_9&`}$x+}i>11N5e`k8J8qIce_KB=%2CKsd<QKkb
zSl7+L$@NIoBGs5CTgKqN9$&B@pW<7oZ_?CN*`29U(RNwnx_WU`Mc?xg6R|RB-uYY{
z)2WEzvcY&qqsZB3IDuu%dQi?6wW-;SeR;QdMq>FpXPy(PQ1ZL*%$L`faXX1gZoC61
z2DfTo(%@Y0Y<D))2iIGgrWb3LmzH*nZIUh$b?RjBr)muRl-N91k{4|XCaZq}XYzJd
zt&mSjlxZmM75NWoss%z?rEJ|MgiT}iX=NL!-^iu^8P*}9gN0p{%%pZkF`m?!Cg{y=
z#kFWW#2*A%;e2CsN~0N7WWG}d(?-apR;F+wV1fu8ZF8=!ssRf$9tiU>%5Hy%j14st
zrR=I%Po&hUwP#+;P;hLpW|F5>BPS2$h@9xgz4CtPd8?9{s~=0JUM@FYcvB|XZxF&~
zMMIHb6jIU(hq>09V36BDAI(jXJy<wr3iHs1bd0uHEvH!lNS&X6{*)EPp@wggQ0Isg
z`Yhl3iW`bfC#U(*AMdS&hb^+HN$x(V)sX!{$U~uiVOf*&Tc%!KeP+0<DKTZ@sHPc|
zC;{FHcnQXS{5PxXY}$385W#Y~97K+};&F;I(+=FiTZIXAJJ*jCcMqx-DxJ=dD4^NT
z7o0{4hLiP373m%P>aX?t<=)*~qLMYoSBVDWJ<(y%K52yE?A=&B(x>A4HYMvTMii5d
zoBY6m3NM`NFRi;PHuJG~sVBM6)l(y*1tevXEfyNJ#)~v)o9-It-rLojl+vabI2UfD
z3$Zdn?+m|K&LYEWa?4G}<OXv~CtW7yGws^Rx_IC_R(g2Duf-^<*l(<ZnD3~sl>FX)
zS)CSMz^GZAOOeCpk!c6B9<Q4#!)0I8Gfi+&?~P1dh@ZbF9PD8X^4O~IWVlT^fvGEZ
z<G(lZn{HxXV03FW-P_)O|IU+V*6wmB?dbb<QMJmHbI~?(se5CiSYL@oh0Iq>>4$xf
zuxL9e3HvY$!lqLUj9tG3Kc9#*ixpVmtYV-7Zf3me{KGSrdh-bxwc3?!x6O(Eu2$2c
zGV6svhA5eYfpTjdr(4_+&yjfLC*3#4I}tsQaEiWkzl-_8$j9!K1?fL8vXZ)snye1;
zADv%^I&E}$yKDQ{y6@etdKA_~`yFc@=*Gl!uU&cZN8>@)!{FUcae?2#4ZAn5oK44Q
znyvOw5_ab~Mla+(`n&9G!=th-JeOt0vO(|3rX<Ai9H^En^4k4p+~%_(3^dwuPvRn-
zdMgefZRRKexN`hou9}w#(o;WOeJ#uncs5h3wk=4fcC0+WCqim<Cnxkg(fi_1E9jjc
zt>uw{nsYIu8;P_b?QUIaten-amA)@>!@KWpY}7AaLd<3CT-@BI0jZdBIhFZZ(E7gO
z$DdjN6r&qxZjp>S^YQ!oveg4zg~zd>p$v9LeZ9<Z=GnW$%WUi^J&PQ(7U+EDMrL2S
zeI5EvO>G8~j!O)1kGeVtol*DmCissU5iFtVLi$CG*B?=za8K;*SLmgEw`~osnpDQ4
zk!Eh~;SNu%y8F<Ro|tr%e@_J8*Rekzm+K?Pp5vz6lvb?+4ywzg44zXQ`zqfQaLguh
z!RA53mJk>-__RbQDKPdS>J4O6un<k6P$=Aw#b<`UYTv@{4mc$vaGrTC42yGJ)`4$c
z++1mqS{~R0;-3Aa7icBeM$1Z^?)OM^m`75p4IvEnDCiico;@?#r?+j`Tn~nLPGFqa
z4e)N#RTibp3KZenIggZ^vK(JDXyz&x?M<2OC-SX%$c6$h-YIGm!nq#OMmoB#Of`YC
zaa#x588+WoA<kXo(bG1mWxdW?4VRQxko~D`-nxw;KSKLAJ~wz~O!9eyW^C#S<z_`5
zQP4l{tAFE%6S@6?K2@6J7*VYw!O(4#Cgc*zKTt=``y$|md&ORWm_f{$z^as~j6nM)
z+k}R4yrPwK`$#17GP}u4S;%irmsWj~o!jlgn&QMBu$G4O-muZ7ja=Co$9)~S&r=kc
z1*Ea8Xlj&M$4c;~4K=E6Df}Rj3JKUTyR*vJ-bfT%HU$&f9BuGFqhbR*%A~0VW9)0-
zb?k>FRe*?a7^zqY6hlu@Hjd5h;=6efwA*JUevWL^ar4Vw@)zq5JrioQ<hNEd<WbC6
zC}YhzE48}KDlZ36Ci274<oViuZk-I(qrbgX(V4ukX*BUEf935rO`PK3S#X=N3xv7C
zKp52FyJdgTjkN#-EcUnZjcu!>_7&SDBX{K5c_2O=PKtVOgaZ0cuY8G5i9+{^Iu1^e
zE0QkvlA=AcZ%(2##3sLG!SkNZd!FyUY}iSrT-Zj=aJO0jxca0=ftN-BBA#*K4<SWU
zyIn?sp0NouSk_=#&riqMwEQOiO8W<viZ*Eh=JaHHQPX9Z#Z2Yc_N_>o&UQ1YY0;hz
z$R*V5-+E5zmE52%5NzFy7{JG#98aaK*VqP>j2z_br?+z6)f-i~-A+*^niZua3Mhog
zC8?xnCe?Y?>^HeOa}GRo80}7s)_E7Xe$@+#tSvIM3$iux-dJwC|2!a8^r=lXWDL?x
z^&mL0OHpJ}HsAGi`y)&EZ??>DULWq4;DN-ytqhxwA@F;2&vpOI1brfr1E>@zP^xM@
zGE3g-VdO7c#LIG*mS&Qn-BIRfWg%n{;%PeT4m5H)PUtt&NRgw(+DdPZ&rzI@JUK}_
zYk<f1Lv0#*lQUvi)Nm9wA(w|o@q*O}I`@XQ*EEC6Q_-rqEr4Qn60naoh-Dr);#Io3
zE;-4H<W*YAhD#x6>!G{;_~sGwcH9(EffE1aX*|JttfcDt<T-al$s6-g30g+q5r+42
z9r!<n4A2N%8t~Os)}!fer_s*0QIK+#7YgxN+u*uspzJR~hX#U6i|~08sBvyi_2)z=
z8u;e%W;pcR-XTQCOFH%Iv8p<)Do?o3G)r?RKXwqegl(B<)1Nl|J8Frp1+6pM9;;*Q
z7+E(aCw8)~%F;pho_xk+H=}!mzD;{L76QBaEtL&dCu3SW>0XV7Qqi3u0{LM;dWSRc
zL8Is}zm5)SwAr)C^ZLDkR-7bHnk0{-(1}w(%?PjCuaWJJDb9fpTDVTjO}+X#v@zi_
zEIyrgW&U*_2PL;P&Rn;5;pxuJaaB=SFD`-BgU^@o+;4r`$8Anqe2%3*)P2O~=98=F
z)g2)87poqiwbWty-L!0%ymn_WfnFG4Zj4EWn&mai+ziC9BIcgSP{~K*h%%KZWOUmO
zG@Q@$s9WuMN<y*Z6C4i%{t+b+%tvkmhKQEp`(JZ%x3B(8>j?`bQz2jitrT(<9hOdZ
zyTy+eM~et{wybJG#uG7;u6Xr_1)@&haq%-2$RF(RtJ_XjNooRa3|We_#!!IKbB_FT
zJQ7ae$`VW>QJC3?&>C}vYlrX@r@ksihdeX)<_cjk{aNhLk~2K5v^pFRyys9G4F7z;
z{!06~!l>S7%#KFG_o!7`z<}_48!I(5ui1*--YHQjU=`Aky|6PeuNwqwJ+s!EXxb7O
z2pQZZDXWj0Te&b6>jLn5e4mhugUYq~;f-w!|8B#JtBFEImGZ5mH>oo~%Ph$Gm~DW4
z&+*18m#pz{x`)d*g8#f8d1c40)Q`vARX<E+tVjGjq&&%YyXd#(GsU?#`->MiCx=Qv
z*%yz0tUF?Rq98JIZGKyBxlu8F*Y4`p=u6RgKT<>OK*sr5q30|m@Zm})(q9>z+h1<t
zuPoh0PmAn5O4wT#OVbgX)@~3y=ezlF!<Cu3?e<=g_ZVC=12X(9pzCCWRG-{=lIK~D
zdsKpFv(IqBm73${D`&#~3M@5{2{hzaQLJy7aDnRf6Xt-;k*8b4IC%4(5q-Vp$DXxR
zv>QD)O3nTXfx6}dmMD|_fa{$%dYoC=A^VF$;&*>!;Q#GygQx>T2W8sZaM#YaFezoo
zpimW@;SV3Et%)yXbz;D0ys{rb2SaaJOsSrK4%jN;dUpRIm0Se)%z?C@F2U*Oa#(2M
zp2}LLhE-YXX>F@(t)7;m+QGO04TTw0npUEQmgW*T%E;bGI~$oYOw3gVo3%hiwP&da
z2Ofp$Vn)Y1P`yOT4`pmIPsiiXxlXNm*A~HH_8vorTB|-cZ=tW#wKNO@40Hf-o1F91
zH`>+F%3X`j9f1)373=8aD6aL1q`7&g8$%cwZs7(#mRNZPN|YlbD{u;0swdWIdHJ63
zU#wtPZl&$<0EEMp(Ox?XxD$l}vmRSJgt<-HuEjS>Rbvvg7l2yW1+QOml<cZ-$Cg=|
zjW)J>8_zj`V|6v#cuPZETa>cUezO{cmas#D3gyNUc4%gsK#fwAF*UtPe6!1ILsU1M
z_Uqh-R;m<LxL>iXJW=dZrgYykA?NW_%swAjV0MevnygB)=PwJ~Tn>cjByHABZ@V+C
zhm4ZWu19K{{Bh!eGcjmZtd8|2FTe46$?gny&*!`&ZpNx<1dXG}8krXARE2c1btiGO
z{T=nC)lS?kL%898fU_~u1@i&tBEY|^OVJQOz|C!fHzJ-nv5}Dy&zLbVdL9cBUEXJp
zR}J`}e`3g`e-H8Ls_v3<rn<hAA{+A@+!G)LLm;>O7V}N6*=t;&094s}Qp<5Y^SMb1
zU(r%FtG9Q#)M{5<BgQ5n2V=d6JHE`C$?MtNI5_<W2Q$`D+;uZ5_?Oi(bKJxA7u1O~
z4&1y2zGZG%0PK|r&+OZ&c$4?0uQJOqfjcob5bvq$rq4QWozEZl!EkPbI+i6!D;`~!
z$vXFkPV_!(xRRW(n%gzPiyb|9%NcIx;dwsbUN4hSC%zDPIVB>oJb$DFwXf>ou;17z
zYAu;}nZZ9RK+DT(-R4$IzY?34O*r%0Dw-e!;KuY;eH5*VwtBe<b)PK%l+viVY2H)r
z?Gt{;i=+)CO3`Wls-iauBU^S}nV>$Qt9aYGJa0}}p~5BGW4t?pn%4Zy9oar4_6OIe
zKi8cx|2Rf#wWZOsVgfqDw7xhmAiI3iYrpFlMMhR0O4!RZhm7O4Y8)tl^U&_r#Oc#<
z{cs-2+U5N@&+{XjMC1unJTrd6Eb-|=t)nI6fm{DImiHG}DskO)S<@LlSP*+Rw$3~+
z?f-J50gZ(k5As4FQ8%@TA>FHuPH|T(>!o4$q)zD@rlw9h^EHsBT(!oDf{|{Bkxi8I
zP!#ER4pM|N^;H~KnfS!xo%`F`5A%_5Bk&(7!>)sh>6AA!j~s^stU~V29~bqp9lU>c
zcW=0S(_g#iR9bzS;Q}}nws4Oev|vl$k3?ZLf07sEyzQVBVK7`ghNYrq>A{d=aqHBg
z^pLgr|8e%-;c#wy|M1@FAtH$&dMZ((L?=p=5JrpMJJCB~3=u6P(R+>Fg6L(G=maBr
zC+c7@7z{>v*X*;;InO!I+4-I4y{`Nb;~I0%z1F?H?Ne^jOlUIby3Ob#V%y~smMLxb
ziRk~H01SLfxrBAJ5)XM1e{pkbILd97<9TlMDNnakywj;%yS?>q;zFH_^wMs<6}}tW
z<$ecMv#ezpp9xd-({0I?Jj$7V#wvsK$)!-;4O!cNtTs6rSnaAdH$87NTepeT$_OK%
zIJ2=vgc^MbI_QFQ7PxmcBAZr@VrrYh=uNA^oCXGFo##uU9mJ#D1N)ZRi1h)vBb_(l
zHY1B}Gcm&=CqHe|&4nqkeNJE5&ED~Qb3JQz*RybXSJNPh75U-Ft8ANUl|y%WgnB{2
zyG(?&)x*g9%jjxoG_~Gzn=)la-Gc1aa@YNJGIy5+jB1rBzK`qoIfw;0WIM*IQ4XBp
zD+Zr;H-0dwAEjOjxxzr^$A^5MEvj^#UO=47+$6Ib&^0mEmDg(yHy5i;Y;#&#QXFLn
zEq;7W%X_hM!r5G!^+EEy#U>*N&bD+AcBLx8-V2RK`T~mPHf<7xNx6otRz)-qwKV(V
zUDpqEcN@XLv=cp9`4Y#82m_Ok(qYsTDM|8%xP|)X&j>l*GdZrXN*IpEeIuGYSsZzo
z-?Fy0RVx5HY(wH}!R4Az+s`dbvPtjvg@kgPPV2<DwW1*fk*i!wLL`1V(KLS7hFIZq
zbo!2jcO`4RGf##rymL<{$_;RNllOnrUAldlxPIok4QyQ_;MtzZ{?=-ECEFc+Ecf2J
zOUmwwdyy`eZBOD3s+elsCHc+#OV@)<WQzOu>&2*bl9hwG+7}?+76C7(?zi2nRk17A
z`vpeV>t0|^`8%#HamQh#T3Twd6;sq}75+GMFKcb;d}vtS*Qx$vP(pE}6IkiJw?sY#
zcke~PMsS77pu3K)!Fo}7&VFsW5ZqyUIk=uRg7;U)ZaID~O3FBV`~6E9NTyLbykl%G
zv3KhurOX#yc;$+{9UlEE`ka9J=`abH03Ay4l{gng_Yv&W@{t2HH2xHhR@Y|$q^Owl
zm#=qnW~6i$Fg`CXw#i4jtT|_wi<~$Ig|eArp$@xcmG9D>!VJ!F)Y^d3zI1zgrw>P0
zN}3ewjs2AQP$9BWZ%SVv?pvn3K;1^VKjE_$<b?ln_s@GRORbR!m#@(aOs-n#Z4lfZ
zs@ci6%2GvL;CEd7`s}dPdpfYkMKADt!vey4EENviuO5T*U6{}*QLEDWiMp;+^0dkJ
z=m(R{r1<%yv#>l-!L_`O^P66v4+(MUB3$>t{^<9aSQ1vW{XO%K%t~N`cvydu93oPv
z3l9O-aN~~FV`0#5Rod9HrDMXQF&hRsYBrIxI<5O4|83a!^Y+YB$_V&ay<m&e?C<jr
z(5py|X4Tbd(5#dIy$lCCTi>V_yXtXPC-u5(_(yfkKgn9`2fk$0i?s8Xhi`?lHBE_N
z_xn?bmyi3mw%n%Og^Hb14T{(l&j`w=U{7j<$dm3R3=W1SphXmd8;%mo(W^DiOkWJ<
zeTjuEr3epJbLf_)-RO_tkUx&gzgTe5FnsZ49T|34b2*i4+TgKyDk8!{EQp@y;c$U^
z&a3oLB0Iow_<5n+GF^?IGf#pf_pz=$!!qQG#9e$kg~T=}*18CGSIP$-45xXW$O%kg
zijoEE@^kqoS3&=@Kux!tG8H{^^2KS94T-J%AaZO_#G<nmZBF8LmwwpqN+YMCn78uR
zCW*p<+{v}wy>x$k8+Kmhz7w$~3K}AarnM-ZbxX9LAbp&h@tlh&b2aKIET07o7SN_+
zOp#!UP}x0Ntjz!nBq}iEyQ|Cqm{x_6|H0mY@Md{z8UP1;?>H{bXtc8j>XSMkxcBm0
zK_+>FDV-^p)}4*D;M(%u#)5IM!n6HcbJNeR?mX<AH5bF~Pm2tAQ3iRlpOmLw{brdZ
zkeu{24Yq)k{d-5wO3!=mk>KK+%nic!QS7Tr#N0kpB#D!jt+HfnJD&0#3HMxh<I`NG
zl|L^8q9`q(dlSyDooQsWavptXjNvacA9J6@FYzoa{ZJVHSU*TYMptsip$MJN&OdR(
zE$!>@<w&uux@_vNFXQ{!7feK)(3Z%GwT-WHydI}_ve@4R0n8Q8^BMU19t&sFw5D*=
zG&OnexnB&BI#uy$Gk$>7{V~eqC4^e4O(G|jZ}^tWK}~?!n-}=_{F(hCpnKd0V5Ueu
zfT?9Ff?T=n;*$<gH8OVip`te92I%c}@{!04^u<C4WW2S;Wdfn6o0E1nKl?PjL8dDi
zcs2}cuRBbji5S$(DW)75_z@%TgzSlE(`PHk9A&+XG<&*!M74qI6TwLc<93bv1h5cx
z@c5f{f6rRhDnH7Q*V>k2ZsZ@n;RZMf<SE|mFb%=kwhN~oi9b{2Hw}!c@sE7J!H0m{
z^83^BBwG+lY)s)R3x(qj@|>fjhGgMAA<Yt_8eQc=E$*6)eL+0N9H-~YLD!RPvndq-
zLwoiIhm-3+6P34_M6eFv4wq5IWA4~PZ(ec1Pz6f!z;%~>&{m-l?AFKW8j-`!PTV4%
z*#w)r{Ok5uvjqo#)2?!1bskKPfoM-IDQvOoDDl#Z;s&#@y!(`Ffb|xUbBc|dW*FGN
zxL~EQcr<@%P0JO{#jKit+g^J5&p0j6d&hnDe0IX?M~5y8mneAm<;+V)t=O@BR)LQj
zuPz^ld-&n%2C^?X!F)EoKQGxfPo)rgpl#1^)31OPCBMh+dzfvpR!wsm{L=hoJ+CZS
zB_AOSpm~mYaw?;N0%aGQNU;M?_uih5w~$dvj;Sdis_h^q7o4Wm)GO`019YDLd<sv7
z8@)~uEdBi#_`m~FK+&1+8M+Oo2`o(#Ic_GVW(h_?@s+RA)gUJL$rgdKC^Nm~AH*5@
zB#nG_Hh-rFH=^*7-ts)x(7fL`K0r4d94k{5<?GZ0)67?c12j|2Ke)2c$*hlSxC<cV
zrcZaTJH9-V-GCOx<wg^5Q{$l=%0Z~x$`nOqSCdu3Aege&g5tWzg1y_xFU375SqA2U
zx$k6k4EOD`HGT;P2nWGL_W;M4<QRIuWyi9NQV^A^a5vTCn`FVhwJbKHtnMurcDPpN
zi#qofhzlgnyP-ykq7y1Czpv)FMTH~_xaSww`UcHaGFN>@WX0;<vzbiJj(t2qMr35m
z<&#gc#v3+LsNHQrf1ExD+Fy|OI~K)14HJ26vd*&3Zz!hM_9AEmO{QxrN_*o_bYVkz
z>IxI_#wek|mqOgfx!A$@DdedAjJnx@9*wJpccs;E?Wd&itO6n^osfr$9_;X<6C1>3
zLL_@?V#zvE`!~jclRfJ2UFGT7=~KmH-;Er~ulbr~F)80?=!n8BFAf07iMUg>?f^3d
z8)yQN#41mN;gs|Q`N!gvL7~+fD9WSZzA(;1y~wg>RrsUmB{Ui3_^zXdsGny2#3_Vg
zWAq=b8>_$P6g)i}HJ>MIQu~isCN0km!`;v^V1N-P^4`k2K_sdy?F~cR259$V!TH?K
z;T75sV~G1!p=>b%BWl2;T_RyypHvV?9dDy;7iz6XJGlP}`_gn3PZk*l+zrEHKsl0k
za|mz{PV<5>nlsh0;}d;<M*E>_AVEN>1vs(xBz~(Azx8;nNrLFHuFGBpk6)a23)dJg
z(1oCS>TKt>AXg>h8}MoBgJX~PQI{0Y)(SkmF;8si!cLM)18H7Ta1i2XN)Nj+X;naE
z`BNbWKg_wS+*Jf-QTz31^1^d@_Zoo4$s1M3&_=U`y6tnC!q;y;<;5Vcm90ac9O*GD
z$a|Tme*yC^>H_X(`S*T+@?=>9srNYzVKF!p2@>-fa#?nyf`W)8lQx1Unj_YIBT*Zk
zMC61|78_F@fS>}woj<%hsNnK?4zw8W?Lnfe>asy<{u*5dh5xZ`I2}Ztph~U?x{>dQ
zAE<y=l}%t0CbwH$K4sP;{8!n(QCbgLe545Wa(bJ#;#=d5;J_^4Q^U2J2+Vg2D?NPw
z4J3xt>iSMlR=&wq*fZ2RE&an3OsE`BqRe~BZ<}L`&;uto_I}+wmCz-sB)1SW4s`jq
zkEraz!JX*V!vu2liST~M+Sf__VqSgYq7i@G9R`Pph-az*HhP6#;DjFYW<M+h$X3S;
zczGEvT6Zvm^F;B+xemFdirz$?aph<x-R!&aUHmuROMlJ<1)77vm!)y!?o-l}iSe)$
zcoSv&k2O2cQi+F_nCmeYt%h|{QuogpOh>BiCyJbPQ$Oc5ry@$%d7~uqlARRCbXtNQ
zc%<LGuF07sw}^nhkg52MG?81n()&z!+??r25%2T5i-Zjk*GTkS@l5>K-(!imnj+{c
z1>(x&na_D0oa*q`i(lr)H(F|cGP8YhRhyJ?OsgzNyIMSDAjTrl%kI6pQ>gGwp+yS0
zyJC?~RY^WeSIujy!<Oo~8-9F*x&&`*WTX82tW1{I!c7ax>1X3gDr*i0_NJQ1i<rjJ
z;rq!;o9aT1m)^>YoLtM(c?7RbFH)B(RN*m4^sN7^f--QTZDTnhm3{Ozmq6Ar%dh_M
zL?!fQ5y(7LLW}R!6SCF)fiKYR;sjh0awvVF!C_XON=>uM<}NROgjC$<g+%MrLU1P)
zz5!#yD7lM>?U%+Uwh5zP#}HN3BP1=i-n7!VP2}fj74DtXlqIR^6*tX@6ep)2(2rrH
z=EGC_=0vfx_0N)!?-HvkDI#hj4{2Ya{XA~j1r*L&rI=I6NvaoS;$ktlI5fxf`tqhh
zx(5-!-RIfmBP`n{OX!n4z>EfKc!CJL1u}-*2b<O1YLUai^#C2xf#%Ts6>ztS@ZdCs
z>p<uOHU{J+ax5HzaeRi&7v2RSHXg>UNN<6Lu;g=qwNt7l)DeGt&i^Ll+R~9{mCaOU
zo(hNfIdd~pnFI<)jX?d8v^Y$Hvqmq#08V_H1j;^3*x4#5(dDGkQ%Y8jRpN2O{lU*V
z<qSj$+%_W+rns~$?x@`8YT&<|g0#4A6Wd6#vX!^?WloGnK(pW*?Xx%EX0yFwfpb~=
zHDaB~>n%y);rAx1Y>1e`7N{ZTh4xUW`h1o^NSky;C$SUK^KhHeR%F;Js8wXlD<7-o
zt1VEszgezZ3hGRLYhm&x`S5bKF((P|gzL1}pj~_eWt=#zk2j|+%&zR3?^wSANRz(v
z{x#3PB8f*I3?Nm%j*^>US|)lambFrqLQjx$)Ez&9s|AjoydXjzDa=C9WCj71@=K$5
z2p(O|T-;ye_n@8L8YTMWGD)OdTkA`^MmhHW)xB#=>wmwoX-OZNb$?Qd-Fys2A&L|2
zmH5)mkf7XpT&t*dSpa%9a@Jj2?QB=vQ13eOx{_$1s0jLaX6G=6uG=o#vH+cVZw=r%
z#LES;FMS0Frbn}KI~(<CwL?z8cti?#fBXRwnMJhu{9<(c=x?KA`FLT~+_;ssZOv?%
zS21}BDj<2&j_;@l*2HI}-!AUQ8Jc1f47C^LWnLy7W^s_5lf;t=l^Vr$=l~JO+{dbj
ziX|s$p!A!sRonQN$2!n@4~DU{xbA3X2B4(GdG^3F;fpr*19HH*`mh0pdx`SnaUI`5
zH-twmTBPh93Jqpixvfs;6c^It@cAIqw?mkG$X|ypQI<bYn}Lq<a`E&)!axP$EC9c*
z8y)Sg<2?2axOoeFaK|$O2_y}G3c!ABt3#GdqP>w$n$CF!$-B2fqa^Kh2_O{Ry^-)%
zZ5qC_W+lly)hjI*vxgc9aQ&^4mFsr~l{KBW*Q4wDj<;U|%D_;edS6{kS-~#xtM-Py
zTA&v>I?gq#f0>wq6%U|{W>)L$po4{>kqZ}ou^oc{fIZWq&}9*~NUqY?3f6HZIROx<
z&5{IGU>U5F&%0Yc^dVMl5|PqezxxebbkRciib?<u>4SM=b9{B-bBpP-_krtkbc5p&
z1<g8L)1lRJwm$FoK)N1$x_PMG`}7w@$YZlVOHKo{3g9PDh<H6~l5lHu$)~q;DFtp<
zvTebn(*^PPz_X+K6QI~iosjaJ<(@GV&GD8&hu0BT)9C?m%rc7l3VxjU`2xYp*IqCp
zmj`x?_eh!4!i*^>(!D>HS_~Ged}Hy!Cer^UN3XRK-(e=XrIqNDwD3^VH|W|@5=J~M
zI@%(@8Bs2t13J8)z6bFKX#f_~;lt03Nh4>a;z3zGPPr<=$w4jmZ@|DR_VX^i|LfcR
z53)_0!rd5<lUKcp%mKVj70B+SQ?h+}(NJ0yz|WZEYpFz)nl-2}z7zB6$1@%75t=02
zaBeR#b{tcA`RvWsXKGH2KwCWWT3Txu|9Bdn)<?EO^mF&W_+&{j{3mO103uE8L;4Wo
z$4Jro{_7~~e1?PpQy(5fe*7NP{hjk;-KASDeD3rYf)fGhao)9~TJIOj_;*&p@eKgE
zP4{@kQDQm#`6&9*ZSJJpvn!03B->wrKO6iu;AXE#<co)4cY>)V$@szjlH823fBs)w
zw*TKz>^#Q2Eh_l7a9R>!8p=WDZx<z#0xmMbO~K;kFDjNl@4n~?e#=3mU)y|e%F2X9
zZohnaZHd}r)R6ekFSrE=nJdiA(EsB5YTzNp=`-l~ysiidb`CPQu+86C%U~FBfh5E3
z`^~>T>i&Tr3r@v9gbR?~*2Pt26F`_yfv|Y##xnoyFMVDCk^(FqSU=`ppauUvN`L$Y
ze|+Zee~em<h>N=eZ)$yqc1*hY_h0|xBmd(Z?Qg&R{E!fzgD(d<vUVjWR{rJV@{hgz
zKUVK{9X`5L7#Y2K^=e%W&>ycWZqacgeiicn$GiXdi&549bG1Kysoj#bP)_Wf2>{Ry
z=G=m?jO!+k{NJv{4{V7G-Orp}lzyb*4G9jq*uTnm`TxB={yB3N?ZTJ1Mq*-CP$%VH
zMFdHEC_|ivBV6Fge?h(a=dFHx<qwj!IDZbk0(jist=K1>|358=34THTZPxt=4j=p#
zI{2R-|L6aFj>*86Nmu4@2%z}x4mQ~Z5)8b>!SnyU$^Ut+c+wCGl=?<Sj^L<Hjgnw5
zF>!O#`V}_(-<S7p*erN3%0Qg#H<&-z{{MFoqU_s!cxrR(dV@Ub7hCy%S1SafAW5()
zNJ@CB3*uc~oW^gk5as{0lmGIyC<FXzR=$)DW5L)3T*YfIT-{vZ`Y)KD|Gb*de-P*6
z!ou)cGBTy$7|t*<YH}7tfXMQ{ZWt(f|MP2#ufVa77r4mI?yPn&zDgf66e17*zuk@(
z;C8tFkAnN+;07PzxkCoUJb6iriTdy%Yc<{Zg4XV|<iJNZx(U`AUo{7?=8LmI{7?Vl
zs{X^}YJhXT@Dbuz_GJnaNR2L#9O~RvOuD#MRm@y?lycu8Yr&E0!Ge8&=h-H4soUTw
zHA>?@{FT32k$#f9aR=t?4$Xd7!HGLs!FTIiKj~xDqIV{0xoa*zs>N}Sm`}oV)e2v#
z@*68^2Qf!;My;%8&b1cnp9Opmx_+hjKi}T}a0!dP;7D0FFe=T9<6GURx=Oz+PPY(t
z#qUX&YW7Fz!t7TyuIKX<vjS8E(@I85_HAcb0<l?LO}g4kLn%vHn~cNtBRFW;D(cA&
zCJ=Q}XhiYf-$My}*<)1@2io0=92^8R!Qyx@IAGE}D)2PzdgdtoJ?2(W!6bxf=nI<-
zqEU=Vr7#?2NQ|C*P_SIjyu?HkwGYeh3^1L1cw&&0<ZSjNsQ3=L0zEe^Wilr#TOYHH
zSC08#hsJ++?X$_%B-aTG01_vvR5I>pcm$YJY??$Y^M&{D+DL!$bCozs-ec8Si!TsT
z3&k*!i|htaKP9~ZIw27xTFI=v@crv~ZH+9)qOM;~^lGtmOr{InT?y!v=t#JSx@M0+
z%%fCc4w1}-QjY)f4gmq9J1574cx@zTzXja&`z*RH;|=%cIQ=JJ#e#!4UqwD*<Nz#o
z4s@T67YAAAvlPZ*?UZ}bDDLoUj1SEBYgB4eRb=zkS(s67G*OZ$H(52c7<EE`5zj;g
zac624%9P?113W8SV_Dq26QV*$l-;-0E&9uxL10<M4K5WR$)PlXznY}|%YJ$U*mp*A
zGkt$MO1|>medM115fq=`MOP^VE$SRaM_Hy3X5VqU_bdvB5RqhRkKGUZGEu9qcWP7!
z<dWE)#!J-HOF3D<#7O&iE)Rxwp9$+cD4TinN-GtnW64{vsfp~d*4~C6hn2RwcU#@O
z#fK+a0;R>$Hylm<_noz?Z$D5R!kH;G3U5fX%~7tdHxUBg0QJ-Ts!546(YuU{N}#Pt
zevD|d@76#ymbiLj3S{Tw^h>FKq3HDUB7p3@DL5W`3a0m0uL6+{1}paPv?NT%hZFZ6
zR1wuf0Gl~;^08vYYY07iqv&;dNFFcf76M?2y%jtHWurPyg-Jlpe&2wCV%4#OCd&L%
zi1qEzS2^+J&(H+!ukH2S(a{X1pqAWeJUdZ1+TXBJ*jYX%+Ud;}a&0gkq;!OhX1jU;
zR+r=130Ahz>twN1do#MDy)UAd*{nN0c6g_@nuWwu=Xj*baSJQ1*L_m&zM2)A<-985
z8-7~3t-Iewp4u&lu3Lat|Ck-kRT8I#t~*fO-L8)VS~y)r<y@HfNhYAj8w0)x&i2(^
zG`beWN}_Z0p)mLm5SYKm>U&XCU|iRRUV7}WKLQGXQ6BUV<swh_akyLY`c#Q{!|@t(
zJjVlWOXR%h%sJT6Za4-ZqyRL4AApurq;Ym*-U+CCOo3KnspT*enkM)s{CGXF|Ftbx
zDI4SJ(cHe>1{hl@q-w@PmaE!PC;+F)4?A*>=S8>ZRD~`@$LhMqU!&sD0m`sUKu|eG
z4@kzY)DsK~M>O2FJtNwq{4lWJfW?0EIWM`oLvW&%bQ%>O&sa6RU-fp>*I1MinB4zW
z#Ca?F@e1H<(thXXcCUrRiMF+RZtPQDsQdYD#yv&cyQ|))jetVv=rA`Ra|+ql*$K$^
zM@aW4){0-xWl>gzZ~AVA-!xZ=R@UaJVh~yQ$Y}z&vaVh;3XR>nXs<HNc?G-2$ciru
z<I9tFjTM;LVm*dp&oXr~c~30_#j6(9K{m~J&7HyZR8y2&BQ$1-hts$n!l;_BVw<?A
z!D|krjF+O-9a;L&7b#Bx8^IT-Hb|#HH*2VK27`rw3V3(Pl$+0`cR(SUTeH+82%Ycg
zedc%dbEQy4p^!qU``u6qPI@LJ*p}~g9J?O9D$=QW+o28LCwJc;H#Y@xkH1$L`d5kS
z!HVjxdJ7+SK1hMC)w}J(cXyo!**eC4D{b79G}ZLl>wR5OoU5N&$ysI9Q^=+Z-EeW-
z8&;qE=Gf@v{fSKT+d_3}wAMv?0KNIW>eC)6vCwW<lDio>pvLGgA_UJ^FT#q&_Cgnr
z98ryFdQuMKGuTtISQKk6>RP49MMuz!S68&LM<_=Xwbjt;{i3}1yog_{qPRGa?A#*h
z0Nh_MR~t8W_BhOIX=&yhNoJNsVUea*gH6#UJLN1JVvAY3+^OlZc%7+&f@44ras<4*
zZqB}E#%#;=c9oquR<2`*jpg~wu@!a(NEa%i#R}VLtq746wm$C$rG{h<c>&_iaun8@
zi*!PG@-ftV+I;phMlvv$MLYZBX!cdJb!@;V%Aia6fSt%$>~dswh@I^=PlY8IyL+)!
zpX>`}0(p4XJBvV5fvID4$}o}6`$&oBthTF6?vQ|V(T_wvEE2$*)KrEHwtz;!?SrpL
z<|*#kI<DiQ{rM2Px@`}Y{OnUqDz;nGJlS;814u1VeFht>jKAZ#Qe>sgq)ZloTze3i
zo-WY2O<H=<Qk$J4SR6*uzWMq4>c|tg*e1I1j1}<y!Z#+pV_z&|oE$OB1Jy4{7>$MX
zk2F1i3c=zBwuUQjikkJp>0q1*HcV@yIX1l;lujtwrU38srByGrTaX@I)t1e*y;Gn%
zBg<B=k?tE*vo|{x9gNnR#c6wLM~JA?u9q=}8Qb>NAJ@!(lX@aEdh3A6S6{jQg&hBD
zub82=gC?My&@Kynl}-CL%MEzUseTceuPD7WxKB!A6PpJ#2;b{6?DkGKiB4+=)(w9R
z3s45)0p@2`<E2@nTQxvE=F>!2_a+8_@J~)jTWPrkc4L&G`i}%4814<!_oF?OWXoFt
z8a@vQZ9FFO_;}ig6M_-rcl$xJ(<yoN6{9e;dWp{K;JN&>ZHf4UURS{>OfWIM>`?&Q
zLy)|gPz#Vnce}l_)r#K=W@Zij&XM5|R_B$setohhj-%z$nP=am_qX3DYy*~tn8MKw
zxS}WbP;fa14{yNV?-as*EZ+dbjZmQNv2-U!^?W>FyjPW547T%ZVERO2fk*|Dd@oD6
zRc~S6s(m$h7&-g)OH0jqDcyhi;Ff?#nck?!oIm+@z<IQ;(yX>mqp&<~)I+(G2%f9i
z%Q9#Y=^t<uVFnr{YBt0974B*wrH1<*blwmkx}gZx$mfyFGNm`R%A}I(SnVRl`g<=&
z6;kg&opdHea#gF@swou;?6zLkCcA`C3p;867o&$#*P&<Y+sK%4rzPg7*bo}{`_pj5
zyW$4+=nmo|+h2AM-Yfng(gay%>^@F3WTFqD>r+JBbj_J^bGv-rr5m`AcLIiNz3bX|
zS*)h83eY9l&@766Q+_`bJydR?Y%$wVPn4lrq|>G*fLl&91w=5<S-A};_AuEXJz$3G
zn+k9z?3Zx>dpTM`<m6$;DHuRRw|}CVTmmG&Xy7yhwaMtf%TjEVLO4zAEiHpzN3&yx
zGNcqNhV!F`@|2}q(c@1(Gy?2;Jakx9{Uv}FtY-s@sWKoXguuW<l_QW=&UK3N^*;$F
zTUi-KqGqnTWSO<S(X7IR)!};0^5QD>UZvEilX+Fi=y~ommSTra9W?{#9bbVw3iVUT
z{VZ@}XD?vd^(>mMfdL+i_{5~n*VGEyr1AP5u3?e#mbUpA)hIwKS61ET?7wSj8+qws
zVw`Xe%ov}+xNc|xv!v`%RxKh$aTkVE&)`C`ykVs9!ChQgsSAn+gx6tP^!3RL1oUeG
zZ1uaPTtHU2fj63t8?r2DL1*hdVeu-<k`&|qvI^$e715?-Aqx-=8}>t*n)AGTd86}{
zLuv86HWLp49WM%ORRs3cQX9E`Y2PL8LqK1S05%58V=u^6cvKxz+>a=<uPUF<0r2|o
zH`50<b}_{*rd9{41uUC0^&M&*IzarTXg?vT(!_+iOq>+2r2^P0^f^h6!88$SEgqO<
z*y{rETDNO%B3O>87iqh^Sg)G#OM}Q=_dHT57Y`77&Iu3F;?Twe&3^q=*5gKj?_8={
z;@$Ms^)|Nm2GPWT9~chi90_X$BEiD?F0bDtHyrPDzddmU3e7<1=Hhsr`-h$sp>9vF
zj7i=Wi^Q_fMs@E|Bnx2$@sVIdqv_EU|3>-#K&wi_vzYLER1p7#Jms7>Ux0|oV*sY!
zU0>4)#bIb5`a48tuj8s^M~epLqsaC{@9c(>b18lyRe&*gBc1IsexG12>OA%0w3~UR
z{b=Om%a8$3y?4seZ}i&7(9!85_J?bnkOxAkxUrgEIL_HNl^e?;=6<^3B|n*rn*}Zj
z7|j*SiGFF|g!$S_{^)z1?bn<i<_1_mZx=b2t5K4E;`=sKI3aey{0@AZPCwu}4Ltyq
z0j1XcF78nso7fkQ#Yx6UBsNaEsBhaDtB*|B<4%I+<NO`<ldbGG^UxTZfy|fuo1mAI
z44}<Uy>zETq$lIM;1mdpin=Z2QWV*UL(SYv+7B2|6N<Hi`kn}{H6RSULL3n!D>Fw>
z`4xUoTqLdzQ76)2kOD=V9<5a(P|(lNMuQ33wTkLceHA3WUNFvKeO2h;!VfICuQIUm
zhz!!~Lu;14TRq-}<bn4=d+ENia6fNn*|_pI;mH47e%?^U_ZjFPnh-A~MLd;jPkg84
zU^7t}nl~$b+vKwS<?|KfI70fh9a<rexO=MTl4!*436PSBcu@ZI&DM>YgZU3xb%$9I
z=uFjpt{z}0X<4kgiLqjLSRX5SYCXmt6dH=1kZ%D9bD{5-nvzIEg^#>>qB7Ckki5~&
zl%xIn&I=Bw%bJ<0qg*U$k(U_DDZ4D_e=MbxYneDYmQrk%CtgLE5WhSI=k3^yXeeAG
z!R<21Nd<0kK|51>gzXg*s(PJOSJf=mlC7f^T5W3Hn0^CNw>u!a1Q`81_i};}rsJbM
zJrKNZOSa6EF+kvcx}>ugJFX=;<ThZ~d$w16S?)2bpl2RT9+%SCbyDLHXyZso54JXQ
zy3Z_~+-t|h`UgURHlv$d+SBr*hw>dErej+ORB_`boGG(%aZmQNn-vZzs@q{|jKNEk
ze55_8LmnSpqu}4s!|9!Wtss0T(kI}}iKuZ&ZoIqu%_ny9w@5T>sBa6XdiN?WC_ssR
z-=J0~xDY}k_yW+W=^3>vzl`Pqwd;p$bzAS$`B<k;lFkPX&N|O3TKld#Z5qro7uVef
zg7mJe9GRnvlMDNUikqbBI;;G%qx4sbd`f|qYO9+2pfCn#t$K_Ia!!oyIpxh=f(4+;
zrud64ksa;f3d-`3+_y!{a}+0+*OBPq***Slu?^qT5Hx%}M%y-A7{*#Y95RjaI@wdl
z=-{+i8;>2SHfi{_p7vQHJ*EPhb{}EAJQ{&0m{14S`XuE`OQY4WFm`cfbQU&vqcWhx
z#lxycJHn`e4xSo~uE!RgxM%9slS~Cxw1iq2xPVBl*X`?0BCmgS?=WL@u3Q&=CWwYa
z+!GJ*@X8+8JK_xU;;FJdk=ul$Q`6^|vE?wFD`)EwrqrknyV;g<$dGc73JixviW<*O
z*Kfd`<m)@qW(wY&(vqz0)l4o=#x~dF5KyeaT#BBf^BR$p-lrIEJuFZVm|>rV+C~v%
z-%5fG5H#D>@5K;}z+>UalWBc(7~cj_MWF|)8&v#II3E|V;}qpYi!FN@ItMvTA*p38
zK5?e<4rzLZb=FUAJ`}zwGbvsZv(C&!t6y>JY?VeJUSvJbmg%k~-?kN|gKH+51PlS$
zXatfiytAj^ZlRuV>mX`DvgEb3Hu0c>ze~3M@0<(Z9tobts@WG3oI)reLl$P1r8KLN
z21Z-1_v}`$Us^->ybG$`>|#jWxmKLt;-G8Ggy9>k$Ie*gQ}5f)9Koh5tYU%s#aRhy
zX%Z0t{TPhRwFKHMahliTTtN82r`zu548kvvaC>GB?;OifUjJbqN%Hj}=x()1c<a@!
zhomsP{E)D{vx`hLX({sc;fYkmWJ^y(@c%v<Sav@uIH;xPYv+-yDG{H=aKkJ_wc6RK
zk=rkyG~aoEAUX8e&R66st^@4Bg2EV6(2=ZTVQt<SVC{60P=kEQhvCPY?Y7uB8TDx!
ze<h-)Yiz2?qD7aixlM8+1+7UQ1MpQoP{d)S;sG{>Ay*4cF1vDR2wDyereFkZ`eit4
z<tK9nfq80ufXwxZCp9M#-UnNAPYpyXv%JhIZKs*E!sT@HRq~Ab8sBUi9X6gphY(g*
zq*|0L`HWg^(tQy2IpE3FJHpZ#Oy=E#6iVa`s{#-w+TAPn(3e>FXI}YAxunSCT2@-C
z9DTXV!;@St+o3V1vx<p%7}oUi<GrKiX$34%PUEUq+5`xm<=zbR^yA0`VOf3XhANfD
zAm*Z={~&FLLMqy_c<#c<G4)f}l9V!slCK8vK};xomEBZ;DyB<Wa6CQ53N9UE`l?`3
zB8gyBi<u(#Zi-es+4Y+%f70P!OUAe1s-IfMG9<hr@MTu>B*O<3*yAqynt&zJeiT<I
zllS{$A|X}Y=zOkc(dz6RaSe;*;tILZ#uZw5m+o>~4}5+Ob1GUFO;($(J6ukzD;ggk
z-I$;GrvI}O#7y&#DQHlc@5g5h6YV(_r<x08tGyU`tNvA)5B4Yt8LAgL=vsev1Pr0d
zYc1N$>O}-B;Jd;W{%c^;I_X~ccJ;WV9jHDop5o3ds`gHH5Sea}rK$W%88e{et-Fz=
zJnQFJOmGB+<c{V{3ff>cWap-oh4lEa!!-d@DRu~+qx!Y46wPXlB9`{*XMq2?Z?{2s
z<g_Qt*06GTp0b`EyNEtrJF=gklGonTk=GW31xRAdiR-U>_g%&A9qwP%MM6%gecd-#
zPv<;SuT*R_>3tYXncvNyJ?mTfp_!kMzi_#Ct7mr1eqL$v0xTxgP%J3A=W8DhLV9dx
z{g@+zk2}=rPvzYI-F&>FB>Le!5uKOswAK1pmGySo4dSNdn}1fh&tSncE@1{n7m^u^
zb@4?IPnE&E&4U-6{@M2<IW4NC18LSR1MG+FHC6|*HkgR&J<S5zri}w$jI0R(`OMWk
zf=qD%k?qz6#JyJRajlrQQgNf_=$6lQ<no1f=jkt+oN}L+xs#*qeS;_=RKmv|&}%2@
z&#x0HZp<Xp1L3G!G<y9)Hz7TOaT-~knvB}DQR_lUtR1~S{Cu*TuhFmlfC34;FB|HV
zaqghh@7?O`-pB$dD}*4rw8hNwn<#Fj*`IKu)~cwc{n`ij!esB0z0tY=+Y#95PHf}Y
zx8a3Qk!8}|f#4+IoLXrZhA)#Z2MJnZfC}fE0O$yj3&1*WKuo`;?0awz;aW))#?tIu
z>aTYdkZw5-poYF?TsJR@ydH@I3Y-&tNp|la4OQ~pyD+Q2gW3vJNKA{_<IEr3Un?l?
z1Xfb(hkFxeC+I*Md(jqN>=cGrdsT(`t;O(NqK*U1SHa8MlHOfsL&_QJH7-{+$@T8o
zv}D#6TrUC8SmMsSoD|E@%oeyp5?>PnoDIB`r}!_t{-fzgZ!*K|DBp&L-!Zd8VCtlK
z!)|WOlFIpeLEp4fpETZVV_FSY6Tk~35AW;4xM!~g!pB*OcOOmd9~^z+P~CEVuZPVX
zW@f8dyaksQk!n!gpYgEzNHn#E4QM>sP=hBsO}*ajwXb?a&;EBUfXQWBUvym~$|+{G
zGHv(ytTBAnO8>0!3>QjNwECk<%LPI4U8hCRqi;_&$KYL%t2pLSRl}lf;H8Uu&>dhB
zXXG~gdH7@*>2rbeOSyc*uzWHMhEALw^Xvzus8PCYj?ajag3uDhh(@Y=)ih6YKphvg
zdk0O`W$rIde5n=osUjZJ@{=xl-ogWDsUwWPyp~HTFyeF7YkV!K49Gi~_nI#EVpdxt
z<x8JqPfyB3m|d6X^vl1O3AYTXrq;;cnSmh`H&vf|hxVKKIl^k|2YKA|36LpkCC&B4
z2<{b*T~49)K1^@@Cp{F7u8xhZaW`VqC<pA03AKn}`whTPTc`WUhe{e1#qxsGc2cdL
z%uQR&JwOs=PTbKl>(mT`Z3@q=XB7KTC)+qeH~n$2`$LtNot_|g+O{h`t|Dn5d`jX&
zN0$j?<@l6xLbMqBk0CX7vvg?^7|a8bzv|D6c9H$PAwSt!t}D2NcAHUJq&x<ywmgSv
zYKI=WKv?Rb0D<~*1uza|rbkG}vuf@78yE@ii_RJt0Q^yRakW@L++0HP%Rr0aw_T4(
zZdoRW8IYswD<4SBERYh|=j*Os(i&b5pen+u2<-};0i~=Swo!Cd<Imv@LFW|%@A0B&
zF6V(8Lt*!PH$1DGT7gt!Kakn)q7`r9r?fr-N`>ptlk|I`oCv-a3~0U2G)WMv(Q^7z
zK%B+=C=vbnR?O-}yR}+G48oY6vdV;T_`qzk+l)nXAaYW)GuiEQI=~^BrXqj&?eFKU
zt6Q(W<3l;(E>_ttT&F)3fg*pORT)0r&dKt9I$284Ib-_$Mp)WA?U-v9l}sL&UNGgq
zb6+{$wA+^O=>>srd+N`Xvfp0moPiFOS}^W<r$l1?5_jq4YzO0Kw=w(l$dv6Qv{21e
zJFi2b{Lq>3L6N>h-cc5wS2h|qG#flGmVHRiM=m&*bZE9VpMw+{$Cp_t-M@fhI}|ys
z7U8y;Pzg5RYpazBFETQC&OvDNOh{-IG^)erMP1)~QOUbiVr9|?JVKRoLQinSp8-p-
zv!?OLlDcGUy!I>SUBQrKa)iS)ypc_zpkgcX{rfBN2+c_}kZ;WNIyvfMD*SEuwMYi8
z_lkB!$l^YA)dJLZFuO0&e^IAnQ@u|86lYg#(sGU$W#lZR<pn}&hFznskx=>Vi~fF)
z=pwffiw4k}l0EhbC4|p`IHn-1woq$iN2!~5t+k!5{y>Gs&B2U#B2G-L>_#k&)*<B%
z%mx6;$a?WuuIZ3*2R3fMASI=B#n-j;mPTY)OnsE@&+^faeax3eM&<T~NvJK*(JXqX
zX?U!2qB86Nltye_^}V6|S(x?lvct4#qs0od-P0DI+zQM>mTV*Gnf7;L(>ZQL0=Kq6
z!j8*Y|HAnX+?5uCYSk4k;WmLpR0)d$%!U~is9aZh^I}!4hK{Y~q)!Tka`4!XI?5@N
zD=w-WTX!lq?Iw6w@@cs2@A6hXmf=EJ&3V7sF~4C`;sX2hWpqW0pLRnlsV1;ytt`+e
z-7WP;d(JdTJ~5q*gNn_1eIO+))!ua@q&0oQWF(`iig@^ou9W8tLfp;obF8fV+*;4s
z<tu`Zgx}mq)r<|O{--zbZ~tO>_cx2uq`SWvre6idM)KB_<UEp0=G$%8$Xz3)H;kTK
zD`$XMKf0iScHz{_bJPJ!__vFMMF!^EWP2D*y#duhtBii)zO}0=m5|5B8rz<@eluPH
z)ZuvBIyfAkRxMp#Z`cQ8k1heSTMZb*<NysKmwkKEE>^~zn>MV?<ou=GSmOc_ynK&^
zyQWH8Te5!;i))v5)=i<q+Lu#VcPNB5Ly}}ma6AM}30=B_D|{1PA=!>*fsG)GA>c&_
zHLIdIH*PF<7`K0XRC&$JhXroyVE8+&_hH`>kS7$|-SNFKd6MdBiw>=4tFB2^vo^M)
z7Vh8xt^9VDv5Mi8>F<_9Zz3juStAhMjXr1KRi8V*t`&8q=}7i8DDr~r94lxPbClhY
z?lnYpHkSd`$v_YZgCCVPopx_Tp}Nx~RSuAB9QvZ^#HhDEv`W+UywIQFj)3!(6CApc
z%!vd3^{YK&Hr})fhz%>I@J{rtcqyZt0t&UH9ij3Sgk)kn>iX`{`2^|+pf8(e>25;)
zC7QYMf!XILFGe$#I^I3iW~>{(7`b3X4rwsU{|bF17+8v<Z=}~8`!4wj6<lxOY{T@T
zK10tlKV(v{?DAf_y33kN7FI8N!k)>))j*EOFnvbg%}mz)LVMb6ie&)Qz7jaN&2&3)
zRF3<{A6p-|N~V_>)4^E_ygZY5?HVAcIw;mQzFik8k1h!xO;}r4KM6#R>Uqy}9}8zZ
zValpWc_YVP?|=h0f<S$3wnF#ihA(i#BQTtNjN#u%Lg+DL?j~H$+oNq!=A%m0O5CUY
zTohV{RT%CYN97y+Jg}LbEw@=lBquI%KE*x(dPeqwMB!)=X0<OjQVUvYCUmTI^+~HZ
zQL3;cUFORfx*ultO811<^808B-p|0qs8U@Oa)mw1+mtFwu(X!Du;%d!!CN0JBjZD7
zgx8ZaVjY(dPhuUkt1Zw|HJ@l(TNpVw_0?Oi|H}9baYK~J-28P-!xL%}AZQif@887H
zzo)&v{eGlb6x!TMEPU`bf!EG(vq%3+nRxmwOq{|)%v}~1l`Hyc-_<4#E7HX`ZY2B3
zE>JZWDn<8aNOhH$yzmPGJo1wFZa~WS>0TD4HcfQyyHt1qd$?p!+cC^S6j`||Rdne#
zDqMDs!}*$Yon+t4l=OnQ`rx7VHY*8(024%~+CKdD`JLL$X?PC&l8A`N>cbqD<;8$?
z6V<vm4o<0KV;YQM6OG=D_CzOb&G%HeOR*PutNMd&G*&v_NvS$6_ecU0`7F@dC2SJY
z)U21vOg;s*iz<n`^~jfaX*az<0#c@jZA~oa%wnIa9_;0j(mU33{uvs`pAcl7yGS7I
z!$J6ohVj7*Pe$c3RNJDo_we%eRAQEf@~~B?7FPU`pPJR2Yi~k*wvDY9H3h{ZU0k`m
z;tL$bv|Z?EmE@N`j!MhlyEgcT<)Ogk1+;Kqx=nohChE>~@7{Ah8P@U}Kkn#;&YRZ<
zmUC<^@YqaTk*Y2#^$3=h>cN_^em{vAB=O$qGSKYsw*F-0m)c(u@7wSGnLIUrVHvUh
zJbA8H_4u@VegFs--4cAiM!J+AL)k2$jZz%#o%mgu<7)-o?ggm{sHusGpL8r-)Gq$%
zw9whtw{68Nw`7a%j5CMg_}tFsG$OR&x9E3}w_QU<$mG?5|2n&-=@ZD}?ftsIam|E_
z!&*uu36X*V&_W1oU|FbL+SAfzqJH<_2)x;Is;>r>Pkz2wQd@<pi0bjwEn<REiTYB=
zd-uc3FF}zSY0;oc1s%mYOaUDY2Rh`)_wCoCMph!L^`VaX>Yn>Q9jaHR8LIW#!1=Dz
z*G4O)Oo(G#SKbkx>zSYllC0?Jk-9>{i5V7Ozx%Jgb^rFGrq5eAAqg|#V5Y>jzDg@o
z+C5)(4pnTq+MQ04aT0pVWJ3Pr`9!;hdsE|<8rAm%ZhcYP%}7pdV+Y(@$WuQa|9h!P
z9L54CV1t-Q#C0;t@V8|$iJTtz9+W!AcvuQEDP2^rE@0>QG3wjCw<$XA=d}1mB=l8C
z_Vg18J2Q>z&wjE6p}!=`!crKeh;PvjAUR_PT*yr=omAqgjoRE=n}wtZ;O!N5XW2Ct
ztl>sQQlTj-jexpy%AR_I*vQy8^S#x{(cXmR9Kl$up2zB=+DAGD0?x1P970lGxA9nw
zd`SZh;)fP3q~F_sU5t;k?`aAI-DQ!(?{5VJP+5-Hk%`R?(QQHQe&0aSxYDC#4eKh_
zn7FmCbz!fOVXXqu{3C>BR%YZx$?jT_veOy;KyjcSq~E4JFH`eMm%sk(u|QP?*~V`k
z?+7wZRFWpPZG=WPd58NbDlMlL_meEmQDc=hf+gyLokCt>)itokt;qb`>LDkn)P@K3
zT!*oPmNQw;BH89k?J8SRG;>C#@_j*iM||%D;?0u!UZk>J)j^;|VNc0;QqXeLtT<WE
z)5B%NcxB@`if01Z9b0_YOKwuz4m|@~iB{Khs4-4YIgo10o)Oo50?}#kjF%>Al#nxa
zIG+D-Qw5ORO6AS1`=v1wx^B>QuHGf_VI(gDT4aj924$xbcQ9eqn+v?<ThTWG4j~6%
za1vYOZRKrq-3kYALhW_GQEhL#*H`4B7J9gsN>oJ5iwpFwJxi&~<<aRt!+33{ex&e-
zsErz;MxM-{Vl|>{(MS2!$(qF=7HG+BH$IttuwK7!Gu@)IJucq#^gg7#L+O(hT1dq~
z*=B>LaF!uS6HYm*$C58+CUigA$*kV-J=K56JN{{qewX>?TXqf&Jw%1oeSdkwo75!A
zPEO1vVF@iU>?KBRG6TsUY22%mgrG03RCq`~zW^u9FYf^9M-{}apnXt~mhY>6@X0~a
z-mypC){J+fV1@Oe#@AeG^KxMGogUk`H5}vGY`U#GSD6beuNEwTeQjm~aDaWH9Z}o!
zRWx8wsGy>@fV~7FEJAs_iMoAj`|{G88n&e?ESZXw0y8zP;hU#?{zp|%p9X>tpBF}V
zbqSMcrj!ilfwgE>+0U7?{Q<3e7s}P==jSD4YLZ_j*e5iDk&EKR@b<VtF>+QNjY`Ak
z(qJ_8<dqXWHmfwFxfS5JuP~GsFFnH``!aHKA5-#J^9=)h&B(UZ_P5jX<=WNOG{T<m
z5vd|<I`NnK%ld>1m?0`398I3cC>lNyQ)G$nC)dBGE<Pay+Gh#)k<sKAtqPg<hGgS5
zXW$VgB(JY5CCaH($&($P@+_v{A9yHSPWwLjp{DeAf8G5to4ygPa@cVFbLJGD35B-R
zbuZ<UB*TJ{u&ET~jddE4qZMPL{q61T=BBS@ni3iFj;=x>TguzlXau6b)R?WU!mfV!
zd38I{J$b|KdA$&SnlqIW?xNs93a|XoGAreh6`H;I!Gf~Qf~w1fldn??cH8!6a&D`u
z1GUIm@^S~p@aQLo_p64Tbc{P%92OvmPz-rbPHv|(;mxW-I+Cq7Op+TwbbkeOHRhS%
zlDcjWpl#zg;>!_Jd%R4L<Hbk?K$(A0D<9s~+vTvTTd?aDI#;dI{~@$*wXnDI-}f|j
zDfYo@;K(pBxZJ_qhD+CX6=BRAJvC^b*;92ej}q$n@N$!OxyPKCwyz&|p-T13-lp6>
zpQAqO{){*&DymL_uhdof;l8nw&C`Yc?nGrikw??d(ZO^z8)FS}tQoG!wNc{7Z&sFj
zsdoDi8&O-oF(z{^>`C_g+X?+|KgI{*4{TpwxxA!|jQg)0-thSa<<+<p`ulh^x28*`
zhNTyP@Ej+u$@q%HNydzoWq#qdg$^F6kn!SEL}-P#hPC}-ry-%?)zqq#R7rJ~hJhF`
znoAfQFE#igmpHP+mBYQb8;}niPM%*OK2ub%=nT8pJhy3qae4$%(RajLb&W-hmj!Bi
zwz#Z)kn`$kOZnL{bpOLCsga;vU*Mv47NgMknoul@qtlAU&NF!IJV{x&6pvl($JJbR
zhn+=66+kE!0PZMztAmq|oB%KOlb-i<IbB8ZRobZ;@+r?5CBysP;e`WP1*3sS@1|mY
zGhggfQYkZ&gEvcrJlEbGN!KGB(cfW?S??LHup-}JU+!SZ-QC%_b$_{RU@81!qZ1PG
zK%TruY#!8+-#wfz7hGOwI10{J%VR=Q)O+l4!QbZ9Y}BL^QF3WiZwMLB-7vR$GGVcI
zf%F9~k1u)JE<csidYE#3gWolh8F*UiHqwd%-y0R(2x{ownk4A#Qf_mbZy(k;nVV9P
z#+IQR{89<twW+eu&OL?hTd(#kq0z<6cdP!#zIH(U>%LaFBjUq!HPM31ZU^P3`>MiU
z-)+{DGjIplXSeO~lV^Xvq$+lOPuZyet7&C;AMWV7Ii<-%CF~h@C`FJzOJ!I0GFiYS
zLSfG@h~?=>_O9B=0q2!sWmI(@Vq72}WouH*2R)m+6R}{X631tb&|v~9J`uOSh4ggU
z>=vndG<MkQ<gc`KAa~zT)?`16SwpV741e(H7$h4GK$WMv*(3r0jeNHIvVgoQg0Wk*
z#0{o8MPW+p)PtC5*%gM~sZrRP3a;2QClfXgeUOSYLO0}Sz;|F`b{pB!>m8uBtbE{2
z|AkQ^$i4OC2r(_V8+zl>P9v&%E40ayz`+PXEtd3H_<@W=`hnXOf-7%<@$)bKiLTwS
zcQZ_vS)!(?q0CECHvb?*JFIo*0CXtd-!7<n-=?@upbor-EvF7B%C^FwDL}G+Y+R8P
zaOqt`5`|&45av7tF*SQw3TzYb*jH{&-(+-TkV}yOX5wKvg-G+XpF?@~#D2bZ{IN2S
z#auE-nUlSgej=uL_4VS_Z6ugJv|7-z=~Rmr*Y77tXW)QcS&UpVJ$M$xcwFAK>00-?
zgIdo6_(@0xukDjDdQYpx9f*kXGjV^`DuzqP@p<1Cs`J!IbL&#l?E@_50V=!lGXCs+
z!k_$3%ReS6Vv2&2Y8~+oOm$^2+^iAXlUU>J(<f{aHNc=J(pGBXs>XVm{oMW4JC?~Z
z+bzT*QP3?Pdzkylp4x=%P6-GK#KJ4jL5Cw2rjdyQ^NvoH?9<cV%N-V8%w@lJBv&S}
z4+dvtL&P~6lnMe-)HV`(479t`DsAL!0|1yK3p6KG2fH&yXtse3QO4F5yJoR&ca!*K
zi=%Rj9WSGP&1b7KC+BO-yrzNHl(tT6U$0!bQ(%yTdhm7yKsXLKo+MRjGf$OQklE-9
zJ@@bTdVx)Jg(1E!xr|LZogBd=@PkdAO|GVsSp8E4xbtD0{&^M_HkHTki*(^H&<$3%
z-fzFmz&}MiVTTxUMMcFh&-#+FU_!LR3~Iv2O6S4x$09kZ&^_b&gWa_+xYfU<K0p@u
zrfr0-X>`hY`^JWom5bXA?QQ%W5|daqsS!h2NV^FAPdZY2%|@@}8-8*zp@+mdg2`MC
zw@6|0S2c4OAd4zn>rvmYJ4`fVKLXl*XZ|BuvPAT(P7`)QCYtGGhlvf{1E}O=M?8+W
zFOiz}L38V^M>6mGbT}8GKcW~Tp9n+wpE6YS!_|^l1%+mf`B+tV=NFtjo>h#3x8zi&
za*nF9T_UX#$mcmuy66YPc|8_3pH<6Qa%curoR@r&9fUbrWHUQZ^4P_qVjf$m(SnVI
z9?-t2AQPISOGT!;5j*Xd1%~4;^w}^sEdCi*J~b%t!T$^@*3*;L!%m<jI8>eIV4^f1
zS+VxsTj7YrTW^+8GAL9x%w1l8c3tH|GKtgT4H1K&EZy}azz(3CGl2YO*W-U!Kifmk
zZL&g4IwXj<^__<-w_z5KL288|HGFanV#`X#<L3t{xe<gHUb%Adg^U~5W?!=p@b-Ag
zD@GRc?4HCW8I8{LChV*?i{oHoYGa%bn}osm$+5|r?r>~J%Adu;v10YTksL6*m`Zw)
zfI8@YMJ8%_F-WIR@+y9i%AmZEuhN@cmfbK>qf!szU7kI^<&Ra8ouT*7NU6+2JZ(l4
zR^)`Q7QLMNvh1o7*BPS4a@-loKn(KMP_KhI==MdAOlP#!*w?fh-zvjHf}d@koy_*V
zGUyJC-ild3?gQ9SBqX-yx>Rw)4#7qBqMlwq?NRF^0I*v!J{_!cCp1c9BX=djVfu(1
zi%x){g}|v}oa84RPzWom@-TtKTv)il2u+^(-Dv%LbU~*OLaZcIc#VOkAJ|{Y;&p8V
z?-R{b&3Z8>i;eq-4MN;Jaw0XyjGsW9U7u7oESmp*6Hd&bO!lBy7ao(Ik+Ede2o&F%
zhs!@L_M}5X;@f(3G`5}@wZ=C8Uh&bBmWoOoXg@^U|5%`2{QU@&!%6^yxFqB|%H_I#
zCq7uy^@jHwgl3sp_k&P68k$G1^iLmOq?1eFx@l{LmT}{2Aoc{KeMiqtE2}4#I>KvL
znLh4w*3Nz`T{_qRVeTunpli~UtS6nh+ay4~5DHUeDc=-?l*T1W`sjFpc3lFOMY?B?
z_s61+n_j>m##b07oC!L;<2t4%DQWU!l%rQfGX6b#(-290kaR9O4h?Mb29gi@GbFZK
z-bJ*c-Hx@k0Jv2q?zJ5of9Z8?qo-!Q*y|1QEPUg4bwc=Iwm#=BE}nw6PMo{DN3(=*
zmx#d?Lc&O_#Y{2YNQE`^xS=m^9q#5m`|J{Y5#W(u5a=FUz6m-FhQj8~#dm7XwlcdM
zIPXK&@nGH27<Q2wety<^tLPat2X!oy$M!aVeFX)Gdt_+Y2l!`{RsodYs&4ZK4hg*8
z!T>L*ef(SQxq8gLpvpoQ!;%Gxj_RS?pUqX#3Nmy5AcWUGyJPBCa(zeYN1odqGq6zO
z@6xIFZ14{xhH@iW`P!?6&a=vV-5lB_((9er&63C4cH3T=XLi5q&+TZ#U3GVi9gM8M
zNbl9Do=&oI&o{^YTax$hKmJ5qn9>DqWF({SRS?z_^GY?ApCsHSZdla(zU${xsZlm&
zKi7Pb?EbysN-(gSC+rRp`~OJ$3aF~Ot!+h+QfW{GDd`rG?(XiAkPzu^DdEs5Al(hp
z4T_{lcL^N2rBnFV(f8JS?|t>V{}>Jjg6y;RT651e<9VK$v{qaYMW7+f3Q%gO<D}b{
zbhx0ESAhP67ni~mQ9mGyvH5;Uag>iQ(5Fxz$)}_{emPTH=K2zs!WIEl50)CVqpaM%
zcC+S3>Vy-n*B~FTanm>W3a5P9O`&|e-f2K$ZXCwVw|8P?56!jSKla=*SQl?unqsGs
zUa|p$&S{2*k00}qxGuMnYT~vQtZF+QZ#`I8V;xB{j&JFDfhb6BG`eXw|H1q5x{Zck
zry!y%eE~|#o7;ER7*k*RLpB<V$%19oPisBDyG~{S(?0y_wws`5MK`c`UDk644|nJN
zjbY9BwJpsp2)a7_M1=_>3)f039F^5>=gDhO8b%%rmT;%Oh2=HzB1!~h>y>Hg`%G-q
z$l~Pv+J3u!)^y$0s!_&^#m&6rL=mjbvF{YZBP1)-Tg4)*Ls<R~wmS{+C#`1ssir~i
zf$K$Cpp;vvIzfjILorq2tRWb~L+AgBAe=^YY!Qi%m6u2(k3~0&QWd(N>WA*U67pb*
zV!y1(CiELidG%ufGnzw?)C}84q8%NlIXv84r8``{cn;=V70XHNJwe?sQcAQFa@(7j
zmO4JqzwrvveafASWHt6>39fLea1p5C=Y#o^`}rwMk-Jq}o?ZS*ugg*6rf5(623}k>
zo+-Wu@}qn}?EhJn)tmrtm1D?~BuIO@K=oBJED=K=8mAWqrWL&$^!A1Fn9lR3bYwhc
zqhuRvP<^n#BT6sK$jfVDZXsGi9d5EzKNaNNsU%Xhuu3VHlopjO*{yV$pms6oJBtk<
zL4F!t{h?6}%`+WcuAxP-tBU3}s$c_5&{BFPFZ`NL2^PA(Z_l2bHb$NxlbJg`#??A`
zrgg-f(`4t)TZQ8F%%gsRrR`)bS<uw^Iwe~v<EU}+yLytk+!epYK?k4zCn(`2h4Wt)
zT!{fE`8|fxcnO74g+J<Qk93g6bBzRJWV3v!o<R8+Lj$8F8Wg-7c65pysLIA{E?U$6
zK5aeAOud6t&OxK?GD_L~`G#H9wQ8kU5R_zKUzSZLV4{5Ez-@jnrEO#cU$(}tr9Abt
zWbq70lt?uBO-Ojy6mDFfE}|`zABI*Jx+m$do8P(5^g6}8oMO-Ls{9a)r8)!%@1eK!
ziOX^I1<|(B%KZS}Dca9Br_3Ix9N}R#TQ333B?Cl_L&A}&;ll~G;62KCKCe&<H~Mne
z_j3PKilXmIA}~CYF9+@M9DC29e_vSUcnX4YlI6@>!x#r5N1Ruq<v6ieK0>%vd94|-
zIt^FpVC06x36Dy@nB(dz>T`HRL@ciG{MJ^VVyzm`W?7Ipw|<B_VSV00DiZYBbL+-L
z*`iiC7wVz9b-J1}Q3X@@bSk>wZCQm9ZA6ueab0r?c((0jy!C=GJ#zxIV0w+B4-9_E
zTrGvNJ(-}e%OFI@`D$_~hC+qwKB|`%Qo7ce?J|As`v#C_U-8qbuFbKWR!!x|Xi*cW
zuDg!bHd^8;0$(kib-+_t5KZuq^`$VqRuwo->h?fUK_5}fLSNMi)r1C@soFH1F-WtC
zQxHX7tyq(~L?&;`vNHAEbeHF1v*_g1v>i7C>WF%tN}fE)!k6_=Dl4rQp~;wWfy%X)
zt^>4vC6skMS!|s#)Feae;U}{I<MPE!rV7lu2M3bLcur{Nd6}*|^{mvGooQ-?ohI#`
zYaUQF!X`gBYH;53v3GePrtSz=fxEKao<}%5rfX|NxOKY+YVNt4!fxZ^sD4%pD~6R+
zB-tjT&J`Z-&Qb0@U@_^7a*&MAYf`htx5b6p6sR3>`05R>`t|JlARH_=2{~TP5ryf4
zJa-7g3XDvJcHYUX%w0D8S&5K~A+W+N$79sxmN<9a=`lC9!NIe5dGPI9J2sW4c$woi
z{@w$#Fz(Xt(NX5HxVy~Mkp4$<WaBY)9Bw+>?P(>xs$a%it~*B>oQT#@iuw*NjsObV
zbn4Jdf>#V2Qls}p$2PY#T^Phl;=W!`oj9yiAl9rxzj*jePY3lYgmJ$qzIc?nXt3nb
z+BN0E;8r$KUo%;-y0?|Qc#yAgc?)hm?9}~aUZ7EE*xBtuUUsh;_o3Zv`mrheU$sGq
zBhHYd?<R<PpY8X2C`G+h;YoDV>mJ<Ih9MMh3i7u0*0yifpcp-^%RrwrF!2%6E=Ko^
z9q0|%TiO{D;?SyMhP}*Q`;t&m>9m_-)KG4nZqOdoMk?u;ZI@;3e(BGf>siS_tLkoo
zEB)$gqeK=zq4{iEaf+KWQrsuf<$Tq`lP*T9G$nI6XLPZKR?*>NJ4(8wsU-ZzIQR#T
zUN}8-3}=BD98)&Paa7rMM`dTFZ5COp0*qd%%+0uGOQ2+eF6j3}QQLWcNn$%6o6orH
zF;`%j+kMo)a6+z?fq2pJ3^w)_T@aPh3VT5eLMhh)3~|^zN2}9PkX$k*f;96}0NSuk
z<jPP&tKC7Bw6y!<S?ywkq`r{YcNU>rY+;>LT4KlApr4Z;W4&u2Kw9BsziX{6I{wLH
zxcvS?oW|G+l^FR~<3X#7V=K<7-kHA0CL_zOrCVQp0e8i2%|n;#X|DT<n|k#t-AcRF
zdnB!mc{~<-@gj*^6fR3$7{RWal%mIyu3x=Uu-CoBLh<S2m|soElN8OpXnGvS-H)`(
zEQ)8a^lo3fq_IR(-{4@ScS+HCcR$?Oa;BELt#W!94Wnq>bm<&lqm*|1Wz+4ZRZ)=S
zH_3gw6lJ$<S=w<E{Yn{9G^<Njy<<_m;X>!OddmH)v^@*wCKA?gP~{ajIt2(gNMkFm
z9tl{WAX(E?a5|)5>H%6uMmgwsq3$i+JP6!vo=#wAt)h{N^OOQ9sfyg}e*7s@iffgn
zpq-O$=4CdG(z<JZbX<*9IbGk@d9-cnwCpZxf$*o5lC(s$M-6u=rXSq>Sr?8X|3F=D
zjw;sFtwceIaa@k%Pe`Q^?<5%L$+vZ(U%r?wutGf0bb;9Vy$V4G<c6FMu9SB0+iw&$
zkg*6qzTVtK%3hj&ZMYvY0QZ-*=Ns@tzBd#(auJU@?F8f1C0YZ+g3_2GWw7#-h<5LC
z+upn>OER4;g?Avn^%O)t8bP6<v3(X>&3P!fh>tk!1MRVt9Cn=PVuph|jyH(ozB+yE
zx1Z)hJ3GUBJV(GG!f7PsZE!iOUhe_kpH5w}{^>YV!QFexANbJxJ+8UFm+i)gpV7|X
zDg1nDMd>sUBEh&89QPV-iwX-50OC#7T8d7`RF#`hJ+hrIm>?P}C@84NO?kWPK776X
zI?b#t08`0UnDqDE7a$3G3?G7mW#bW@_Eh<1*qit1SbtfR0reVwT*~>K*0#^2EM^&}
zR-x!%kL_^hw$`f}8CwV>s{B61H0^&|5PHYw^#}->j_I=0u&=Hr@F(k82w#M!rXRV5
zDLrE(3K&a{j~5rQby3=7)6E&E+Fb97<yu-;SdiCy3U?Ehr;4ZW@A87?Mw}iq+tLZc
zRcd(u;>BS%7UkM-Kkul_1M{6gL=Y}BP(D|VU)$$rBL3Bl|EM)xhW}AT4TG3xkWxRj
z2hD@M&*Fq|py8f1uIm<xf=eg<_3PIaiJiF?Mnx_nY@aq(fI)s{*VMr09FHy*j>$u>
z&e7_J@FWIZ4l>#3-;fbUrZaH+htYgMhJyuUtd^H|aHtjAGR8rp(G<W@Ds7jY+QNdU
z!2Oy@rGZHOu;ZbXWSKR1@pHD9;_v>#;(qS6JraMsDJDfpXc)lM;R?p*Rfx$i8^8gc
zXD*;d41#vo+ERBk!z02^-apG~{2N%$(>(w_aalN5E;R?V4sx%u;&1-ehrvFQco_XP
z)8J$25ZwGEynq0q_;@o%1~`NtyYu&&!Eb)i6#-8yT_pSn+LG6$f{lxNTi@W#Og0kA
zZ{N&6BT;_b*j^cv%^tKJox=ECaxnj2Lsot+;J^R<<T3D8GOcam3-Psw(^e$XUm_Z?
z1^!sRpNsh0e;eV$p;M?vjnmK=;Cy6e9)6_-kMftN=YMO@MkpYIjkc8z3DcC(*Vng}
z{*w0)$L4>$se9n2-huQ{SWHpfl*$j1U^q=G`HM2pf8J8>5Xld-{*YK--{ovbkhTbT
zSHaqkga+0A`?~(lcb*{Lbi$*!jhLv&Ay&?Wk)OoUnIjSd-jM&{&x5!devlmHzQIV0
zN@r#QES4Qv5u^X%I^b6le88nBI@{LrkWlXG_$l`#7>tv4JtdisZJ{`e@$}_BcuRt|
z%Wd|AlH%r{-URP2lEix-WnAqS@3#|OhhdgnMQg-){{l_L|A8F58GeQtGvajz{LU*;
zYRb3|+EyWWT{Tl5=*scwZvFWc8G6e<lLEo^Iv%e~#;*8<UGU!~{o$=YevF~I(jp_k
z`t&LCGsi6p8Na9$cv~LYEg?H>iGFk@wm*AMBTYDnQ~&TbU%k=PDF*wWfBdJ)eOAmr
zno}97O3v!{!4YXMl<qYKz+whtwPETA|9S=fbKqN;J!%bA|I!$}LxgU$3M<j9Rt-jC
zuk^LHg;bDZNQe?gRE(I%)a(p|praW4*<8J)#pXMz2klqe&=MFd;qUyyph_qrxa1zG
zp(RjvD1|{HF=)-e;OU*s_;~6PTpwvAxMu%N#hoC+ZrU_%m-8i=;X39A|N1C5kc^(e
zg+s061;6OmJABg$YIsjy;UDh&3ztN!f>c|<6zN?82}&CnkUznpsNcLT9;=3R`+xGV
zY!t7R`^1;&YWVyhmhN~ThJNw!|Ljly{`CicV2e+Yu_l?B>FDl+K^SJV?*DHt`omr1
z+6JaFTWcorpz91$Re|`mHy1=wxBv9Y{N6vUnSq=3B_9OsezU<05o>Aty{lI1|Ly&@
z6oq-Qj~`*)f;9F33d>MtUtJs4{co3Jpa8FzaO`IePFq$*js|BdefGaJ=>Ph_Y>#0V
za+E$qzZMZI&H)y|PEo&Le&c^#G7^|~rRi*A1rHfTE=4SDzwotH{(pN&OL5qmeP(8U
zVvFM+;1Ao&(wlS-{_L23$LsU|G_h>kFav!9SPT3A%f$HOPu1f=Wz_N%?nBi7V(>TM
zwWV&fwn<`|+AG8R`@d;r9;}*1&HTfuzBYvS@d@gBgU6WSRCG%d_TASwH)q6(Ue8ni
z*$4c|A^!Yl78z_8RPWu(5#F1_Cy^GWS+$=DjK}}6avz$I`Q-tZj;IjvrW*POk2V}^
z=G(t@+1fY%9>nTY6f^xTIb#>Q;X}IWoX!fObw#+^@W(HF@PErH#TjAYf*-^@Gt+c1
z!ylB>#zos2e;Un>47lh?^OZUeQmxO89kP<NK<3}uan_$sB~yfEwH+2T)EjH*WB+kK
z)?qi`Mf&yx&CzdoXTe(&NqmN9{VgMn(EYc7($zxv3+fMVKmQe;n96o{GknzdH7(LS
zFBB!{{=c20|MBLv!Fkix+1l0~j3*So_71Sue*QOXZ~aeidIA8HLRp1<1O0WHI3h{`
z_)!vRgu)J)!=>Hu@Y%j%L@E(Z*N&9#qes{euV2f~G|O<6%w-jq)vW0oWGI;n8UEHT
zbiMkyU}XM=&>^c9e<tP%i|1`Wp6o&L2LPsi5eU?GR7KHPbryT5d@}6)Uw6+2@vCCd
z*I3Sq>b3+1j;=cr4qxypa#>k!sAnMIe2$!D@GU%9G@b0Ws}w=Pu29@NK2FaN2^#2D
zqO2Gye~<e+H|7gl@yFdFB1NR^6!<g3Yqw#Gt&z<CyxCp3LR6+eH<J?qhe7bl<p2nW
zhp+9&(%Q>hT3vg4z?#za049uyy-qEC=Ws8lCI~Nmp1ZDVu9H^cRiAQO2j#$3VvX7Q
z`hmR;yH{O(t)~3a^0El1YG#9qY-Eeq>pN`Ep1lFnV;F<bt<I5=k#VI!Hz`ZCST`4R
z#S}q_<Zw0hAr&VljRaS)?D}b&5c_)s92)VPS1#St)Aklb+~R5R6A$h8hF(Zk+8Wwb
zdvG%JTI9&~yZIK9R8Z|5je|6xt7{a>`j!_etTrb`u)IWq->i^zgOyP=p1a-r;4;~*
za(iEelUO%=d=a|536PBeG=byhzJdsO*0OvYhu6ss!omI8Sz=+bG2YY5eaQj57w$+n
zZW;H1ZjYaA3U}l}MzL-ar^EJnN{IPF>sckxPq>3e2KO`H{c{-eFDHc>2GX57S;yOR
z8K6g<(89vT`OItFbN<6k&1QFMP|lcL&<6)M2Zbm&I^Mr$VyED2v>QN&xtW>Q{IAg~
zt1O4#;<I_aQLi;FZQ~2fE!L_Y2*T+B7^K9NoON<u0|n^#D2=>q>8llW?Y()~R-tpF
zev-IgEFF3(*Mr_;09i+!B?k~Xe4FIAT1n<)C3c|NO}}vu>Ek*;QP{8c5eA=!e9N+y
z7obrmZn30_E7i_M#beY;va4<qG2xcLfm?U5vOY4X%n)XEbcJB)cn~RUO6*LOnUc5`
ztD}>1y9*EI_6?=tF%FW^+Pug26=}WepI0lh4vmrFHnuT{N2fH7iK5kd<|>($QGyd6
z5VX=oBE0?8mY(i?BVE#?8od^QL_<r(B=pt73>@+l4!1X=?#v<3#l_L}J9bI<PeS1i
z5_S^DOLekgRZ6BZ67*l2yfyhvT=K97EMd0GpSM5juODw~JvHhwxfhH@0$c17NLbeU
z0eK`Wo%)B&_hFvf$N&zs-Le3SJ~CDB-uk;5P_~;o>X+qo-J+VUwejWV=BC!Wx;zvf
z%ov$pzpY%Q>99~4CzBMMU1!&l4x24Bnj3eTCpU?CXz%I8>3PBM-TjJm7T401n!3)9
zcCJUnC(piwpz`b`T`#*U4f!YX_05+8gO%$neu>YCLkT#1!U#C%Rsqq7`z{f$U@eMn
zZZpwwSs;lplIlM4$Iq2!B#P=&4Ng`lNL^xheW|&~Se?VMv~LCZg8SCLJ+4)B*~cx3
z5DQC2mrXt~0uyge73!X3uX$Vh&Uk&OG{$*Xv8~b)Vr#T8oGFIJk|jPul?mpa-49hO
zO~oWH_btM-D(qY*k+nba5Vq<ab6`DK%DRgE9QZv!{NUcB^zW_YgOQ57R*yDR>U^*%
zW%-=BXNNg2kRpwO)7%eV4ibO16dOpP!o_pldivd!T$Ev0Glt!A>pq}jm9fuZ;F^uz
zZf&b14R!gCp8KD_Ih4p>s_T*G`8`+UcD|R{N1rontjt~8wKb==H*b266i>S;H@V)O
zDu2P!`;PTfI(hw%Q1$&1Hcnko>!(j7()Om~X&66t)CP{R`IHpQ!IMC-aC~*0__kPG
zGET%*+l@R`{N#&O8|XO3nQ`IKYl?%B(P0E0WHoHnk#;QRDmgbuD3Ux**=HrwsT6us
zwL-=#+|7b87LUHx$*D9ft-Tb8q~EFD_|*EgYxDa~gH_Md*~^bF=RbT@24H;><wgM@
z3zlIh81qg+@~9vOjj7>erv|B8<p|d|=Kzb`-5|GaPtWVcfl$S>FRn)$!?zYDs+9sE
zEHBHd@K|0pj@g)rKq`#;vv`~MVq}cJB*`|p9=|Qkt;D6QKj$@QGHzPEf;Kx#1$z54
zL~>I{a{DV~gp2oWk@-~~dpJVy@$O|fwsPzhSd(5lpOCnketMx`rK>i!e6W|{y)31G
zOv1ftOLdI<-R=mVu*oLcV38<Lg<SD<DI*Ys3Ep|^I<Pw~4V5~YS~~3AiirmthDL@g
zTVoVh1?;c??C|qHI6J&p6RP*ze%DLRb&&ibZ9o{b8A{CIjm+WxwPavnfi*sc2oI0c
zFi_TN@rA7W12Wp9z`F#r$sJ?G7czlp(w1}*`1nNweS{bo0xehP!5<?B=nFCPlydL!
zTx{7XE7#8B(5OeaSD3`@IIERvr?)(_%wjdqsMr{?C@BQZwnM;Sl_*mM2&h-pJv5XP
z)Ma`tSGF8;5c?Ls%hM($DMM94PWzZf3Y6TYkG_1d-{)Lb>2o_I%oekc3VKL7b}Q`r
zq}FSFY2)IA8mk<fBm>IVcEQ#cqsdoq6#GL6l2TKN03tH30GUl%R*Lf?QKL<8G(=vT
zoWGJ)R#cs=GYyA#@4%e&`^NZUOO))}OYPG4cI&PF`u2P~k30sxdo)oz$mko>{eu3H
z9LukY%4T|u9+z~hUhw|AM?Vg-sE^ODE72dEQ}B}Vxr$G|Lb`WW@y%qkP<|oF^Xb6=
z^3-ERKoikdfQsAbp?y2b={bR#CRppg5XjK2+g=c{Nts-t-Zp1p3B)`a^X2@t)9fmM
zC-}}VH0T%<U9k=PBnb7xLeS@OTbUKMGnIL8u?<T7QSr#R#I&^uEGE7Mh!=9uPgaLL
z1AByvD+yeeeI@Nw-A!-V<geLp0pz;W8lhZeg4tq!soQ=d#(a2U>K!B5h||_-HTsl8
z1jB29fa^gb$=1Ac^XjJH;ZuPeE8XT-`NJ8)IO+#0^lPDPQ^T`vPE-MUvKoNhl#%IW
zUzOH1hDfS)1W+bnF~h?EWa*#cR+5jMSfXAQ;(57;_+2DRznESiy>MgLn)+F8IWF&P
zgImDoxKgU&HraPi2XlP0Yr@g!wb5w^u^JpVU)fzA^6Hy2<~V70_m)yhF7b|SN}$<f
z6z-B$s~chYv`*c0$yeonM3cysYoEJZy+z@6I7T={4gZGAz)~Dh`09adi5Oa!SRnS%
zXO>phvSMqQ8AsMPIgfaX#~+VwuzMWD#r8<%wi&Wn4QofjU6ojSjnJZ#Zzu>5{yJSS
zl7<_bo1F{-8&c5nV?$t3f{4878fliT>O*SQa7~+eZ(qc<t#uaL`d7NT%4yGU(x|81
zz@d_t4-z<S17N*1^T_%=fJdOdC&k6)2chmr$i97gINYBHVq#kvG$P(C5bg~DTx@%D
zgHWSYfoicNhuu4PW6<x+0-}9Vl<jl~A3F?YB;qHEr!R(>?N-CKv7a~u-6efH3c&So
z2Gl)MS^dP)(w~L37Js}P!qpoV$XF^NrA=enfiiP3yD}}`k5T;t0#M6Jng_&>BziLo
z;RCBXBzh+ZA53e;bWt1Zf_gmx9bXpUC@W~sc)a8FpaER^k-FjOX)R6)UUY^pIt|U6
zT>!Y)F{UdW_naVU<SkWX!)7sMaXX}>IeblDU%;RfDv}qG8vfPHZZ_L(?{ItlKryWg
z+C~tLN#zC=I&e867H6-xm#-1aFxw<Yw9AoIFuXKTZSDC|CnL{ZGO5ypNEl)!NErPe
zv%!D)CMeDiT<pkNsftbKH}_QsFkys2Y<HLXqQ$n;mHA$_d;g8Xl29QLP0_aFaCWd7
zw+ciw#guZSWrzAEQMPB$DLADVH><5?YMJj6u#2OF8HmvAF-4Bga`rmO%cFZ-+IWFc
zNagTl`k!vUW72mY^Uu&oXh6ccb?a8Uhw(f6_KT%qZ~L>M7k3e+(MY5#dpi<XN^r3!
z&-slCc{%h+OS5;B9P-`5Q<fIDg|4qI(0Y?Ngo2inG;#~4rZBPV3%;t@;6D(Pi*eq3
zOI=kI5J1^9zRmOU@=L{j6{pizf~m?q#$dC?HZ($9dK5||Ec*9ZrxL-q^!YjsY~&{z
z6(*RuR%5tYrS!$@Hp`!JDvf0-s}rS&8qRq$?)E9wqE<8F3ik$K$Bg3b%w)>Ml?<eV
z2%d*QcMReDTpr=NaU@OtW<p8=Z3~}Q!rRn3DxH9%BrJ~#m%%nyR%(U?5{JpXR02x+
zt0he8{#+gnNV(gK%=~LYX`AyEJQVl=y>ZKd?_%qe6SAn5@xPHCKDo7u`DNvAS^zh-
z=4LfIcTBkeQSlhSCW{CNq#@82)>h`o-f(Ujwc^OU=k=eMd7iyiB`}qW@7k&Z5#VB;
zd^$16gi6r;J?IFxib|yhGvwsAr>gSo*PpZwG9bcQlUD$D0;B0UC~@RSlJ&N>rFx!2
z0H076OfMh<;#bU991167Wn?K1U?HD@{*RP<nRLCu=hv@qEaV)$**XSb;2|L9TO1IP
zQ4J;z$%8ftwE#OuGWPmw7}^5L7U}^4cFl4li6~F)k3Q^V9?1)tP-kLA3<mAm*Dpu%
z1i;LOOaLJn5?HXTvtL)7op|E5e7Me%r<|{dO++LI8sC|q7mjy(>2qu_g-nvLNUF2o
zPB(Db5~PyQrnU>ePQ!rq_;~d)BClM4EL=AzH`dJ($0*RdHltB1Ny26(;B{9Idc4i?
zrrPzp0}TVnL)c2iZCs_Y*my+E$4f?&!)cR4nK|?`SlqrC%RiWJJLqo_hqa4gga#Jl
zS_Xf2S9%MxrVZPTy^DJdPyIf|_Vnz1oq9Kt&p?h<rzvl=c`LHmRm>04*bJigVKL};
zD!H9T=p)Z43b`bH<}zk#jr#QF5=`PL{7!j!hBYI(m^{K11Y5coDQv6HJ!*8>L|)EG
zx?G9q+Wv1Ca^NGQs-@y&rz{_AlodC{r~8b+vsg^o@9|>syJiSm8e8#5COI#P-Z|R7
zNH<m<=Y@s94`;R7QKb~1LS?I}M0_$2{hgCfQg!#xNju*7qbNR%%t#pKtzfrVUq@~0
zgIt9}yOoCJkg;}A^r3EMRMM}a`cuEsstF>|S`CGGARfIH2+OhZWYE)PR+V_?wS@iM
zlU~({PTA)-8dO<?H{IrD%`&YklQ$M$T^tT%=c}`{GP6&_eCD8e$?A_9{S-9q=L=vE
zK6!QP_C9fK&+p54?>H?A+>5R%0b^*YW|tq#zm!+mKNYX7dS7b_w4HE|rs`TQED?AP
zzOX2s=2^5sD}kV63eZ4IE6!PJ(;%06i*1mTP~Lxua6nD-WGKTc{1ML@&?O~tv>kdo
zoGTZsUW1I6;i$MYR&DWc+w5$@RL|rrkJYwb+VLs0GP}S!1Xga5tN0Rm@*z#Yci9z|
z{wF+}`3l7*vjl3b_UC7-slB}bY(v?eKXwtRBxF}V2%IH_#C1`J;R@Ytpdhl-W+q;>
zyfw-46yU}m8%%?0g2HN_PTM1fEDHvrRLqQVppS^8pOyWbhMc+lMyAVwF|Hj)Lnj@l
z$$QGJcN$IS(NEpRq^BBRDBTY3JF|wB$McJoOsCJ&mhzY)OW|8qZr>r0_V+~@J~CG`
zyYwr~em{FwXw(?+BYp@KGj7by1Uc`gV8$k4!Z}y5`dQfPUFm+NNR6%3D%^bHxN{ly
zGG(RH04jz=C%ky#(qv%HSWtaQcKdBpa@n9>l~kc21e3hYl{<@A&8lx{OsQO0;>?`b
z(@U~AO0!j1c5bFcP{Q?;D$;nHPdLCTo`5@AOYE%CB~Q&7;q%J6Kr~u%j9Ib=5l@yj
z1bL-Iq|IcaKcz@8*K#hq|BB0?L~a|=_j6nt<*n~#lY`Nf8l5B)3JRp9tL;ACBk8Xs
zrW|<QQV_^CZ6;1hGx7dLz<~qT?ctO=wr<Lm`7{30eMm@MQ3D#*j*2vos-XOCVGtTW
zfcQtx9poV<Ku5g$D67C9RZ-1A0lQ)7ef+mZYpxJH2EQ%#&OS$N$E^tg7{+%eGdXb<
zd2%o;c?~!z{^sUp<yvcfY81nps`mESy{UY2Giu0Phiw`&T`5d9A6|PO0$sH3GNYo^
z{^3sn$U~5U{{C=wkM}JtEhS8Yrg~)VBlsE<-9Gnl6?6ezatB2f(a#WCq*3vOyZrMl
z$1Xz!D!p-D57%ggkHVm=mZwrUzU(P2?o50<A`%oF9PJi#@*oa?-v=W|QnhO7XjZ-?
zp4<+`)bO+A;|&YqQTWmrH)*pMEhh~p`6w8H6bJ@KGXP;QJ<6*&tk&MhS+2TQljW0w
zNr^-Ei%*&(c_?o6q<M9Or&5)uVc>I{-q5LaCh-+rcUA{QSbzX6g=^_|KOF2-P8TGv
zw_V2cxH>bzEw$(@jVXKk(}}4oceruTN-DDe5PB-_X<Dv(%T%KoS#QEcD0jP{k|(3v
z$!v|v@KZhjD%EMMK@>+E+n&CbebUl|cIL3bP5w3dJg6U$d8AZtgX0bbG7SRG@mREv
ze)7gUK#_LjPEs!>#o0edk8P#iliR!6kv7w251c|?ZIe2In$4&93eKDc!cDO5dHHgy
zWieGTsDxDO)QKvECp#FgVOJ$97Q=xmWU}b@ia3V31{3DDEE&SM8o1c0F9Jr3Bv(aT
zH@)3-HiyhH)KOBEOLdd$9a+E6n}H(Pz8D!b0p{$li~GbvnAV34T%&!HBI*y}CpXaa
zGrB>?!XW!g8mfLqaWb^kwU~VX;9_e_n==Yj+TxN0zl=9sTs*;)CFFA1H=?FnI_v=`
zzbqa%X)_Ux_%4IU=aIRIBFI1<76-1FzC6{@vgCQ$tl!>Zc3N<%-4yg|(}lP`UT*k`
zy)R911!jasa78T<p4Jbx=0I0urf`8N5yu$djP#m$)S)$0?nR<Dte6pEg&wnh7AuZ4
z)c?2ww{Y2ImS16e1}KV<WJC@G+kku9cj;qAd=@+9B7jSS$YJ%R&;>2GuE+9$gcWMu
z{o-tY8ERai&bz`l_Qj+xNnmRRK!X{)uFlY1mOOwWC~<;fVt>=om=@HF@QkE4;UH9G
z!}#lUKNum54U}cML^*BiNkzB6vekDQeRy!#KT~(m-Om_M+i#!grb-%m2fuvwJ&471
z^hrONknD9aiVb5yt2keL7Cv81_1e<KQcI~Mr?OXRqBWGUq=Wf3%h=B<c~&jqOPfw7
zJ6`Q3KI>1Nc6{vdD5_tb)jP{sQ7*=l41LlH#u^Q9-$dJ%j9FV>mjLBMY`&QH_Rm!}
z`%J~OHYIx4m4xEe)oM|Wv37j${MIaIcCKILSXEcaUft~dTfVANi)@Ki;=|z|&)8s%
zKa!GYKYxF_5#+o~45fO?4Jc=>FEYKguG87~3?HZ@;gH+%5%s@%n(s+p&p4#uB=gCB
zgvMAbTuCTL;d%3AIY-0n@kL%~rq1BKA03&$_d);D7f*0*inTN-Z71m@9XTacp974e
zt+X~4jzD^Py7=-d^UT_EUD|v0!tw0lS(D554O`ZyD~VQJ@-g3n{N1+#Pv^X@HT*y>
z0S+joote6IfF8ze{lK{FvOUAC3+fANfGCUWq36CwP9px)L!p~G8Gumf`)O|`s3v7^
zcR>Z4l>6u;%?HxFu^~1^0Mb9?m<b{q$l=GuZ0kYIc+<*K1>TpT1oJ?3WDRJhsJFet
zNd;uiNWdKy26mF3!sB*d)8P8*Rvx$o#iDPcYKx}BIay|}g@is)d0k!N!fB;Q_i&Sv
z3g+02-QH_OWkjhd@+_C6<-Y{tMt-N?5G2LL(FJEb?EzrYt_G;x3~!R&<qXc6$c_xA
zH5l3P$aMQcV07Dk9z{Pxj)9RzwUlc4-e-C>=S?U*XN5{_-B(Y#bMeA#03<qZ6-Gmo
zJKyh#R4!09LrHi7alEQvDP~}-lYDJzo>ZwRE-3<`=>tggLE=bVF1eIO`>j)E8l`&a
zdQ>cqXSfvQ{E=Q%`t-8OMEg}lQ&qs3JT3=)66~g<EQc+i`M0H04bR%OD_7{J1-(r<
zi#d9pictcw@HdC%6qY?bSfk#Tbr*Jd#FJ(s;_=W?snIR<e3#>~l2ajXzK1rz$xQk)
zm0iCjJmlY!V-OXF%=EJ*;>i@LMMM3V%253vA@B&lwwR&V*O_y(98<FN9h1i}oLt2W
zSKYyqf*aK+NV?Miv+U~o1?r%hQoYmlqbl=h)ebfr=;H$QGScnY2C>>fkDP}G@yv!0
zrD{SxPi;;jTe9sLAisi{Z{4|ZoD9=m`Pcx{UU7|kNd41FUP;B@$9xj|`7J#yf&oy=
z8FysnTZw6er3lc!8_50OXQ4T)&lu^jxaC6t6i|T3bD~qe4T}=;T|J$2@*&9O|4E`I
z2m*<;GfO}t<n+7xexetApPk-LU7fwmZVcEf=*Ii+yAS8ctS^SkT&x2PokKuW901C(
zsUmvYSZZx~vlpT#@y~KXj@h&GlQd$~t7Mp5&VcvQ6r2&7YH;;>2dkySd=2Vrj#0~_
z4OXN2SpiZ6_TZl3f(clP$y+=IP_5Q9dd;NCps3%0954<P6Yx_w^W@R*KDtE4p;8wQ
zi~O3OG%ENCf>q2{X<`h5mr+-qm*34?r0?oOmo{*yyZYlg0%JPy?$)p0hA4Lm2^TB|
zpFs1jcYK$~wIeoH_cBjt-(v0VKEk&B2EScvLrbqP*jBKdA82i(oSzgLgvntV`#AyO
zEfK2s3sHLU<s^mDJJ4UYZLC>g9>cCOIS6Ek01oRYeFqiQ*DzyBJl|y`=oTRc1z<6~
zfu&o3^PdKIb8>I00pXJxOhfsW-WyZs36+`$K>~n1jIYf)admr6)sc~r2^T;S>ZJ(T
zED2PKHDyo^)YCdekh?0ObQUIBt-`pm%RO=7&n#!ew{mjT)Sq_<vY2-YXL^M0OIU`w
zmYE#aV~{mx!A9Yw&x5%X7N#7*xc-WOdL{h%TklijFZXAeEBgWrJ3^l2;;DV9Q>rj7
zT|W*D35lXMEGEP;>3t^yI-_hS5E!a89E?81qptO0&LvsBT@t9!a1y%1Z1?`bx0|^t
zrMllG-tm}ISbU8dIeJnT(Zj9hvmbXaE53r+{?(?<WTSM`5cW6W8#+9m$zk6eY3fL{
zT_3f!jbKsShKC<|ebYBkDQm9L#g{@ZMVt;@wg*acGo#pM=q3GS{o=`HL_~y<2!!<|
zH#Pj^tt|QJ$kWr5(fnxY<tDOirHarLc7=;{o{C`1gk(pa{O+Nz6Tl-V_xX%bhi|v*
zd&qL26exG5WC)lh7c9m0Mvo=c@%QxWRPRJ>^dmwJN92N@j`oD5Wa%;J<+4YHB?R-}
zDd|Oea>j`ZS?J(n(}-{Pyv@=fl{tcsEW!T`Kfq7yfy{nBo1D2l@-oR{7Y3gF_>t6H
zlN5APF>{R2DGEGd3dDW{CmEP}+jBMHx4oXIcT@uzlo%Eh*#KxGnDhx#LU~n~>~^;Q
zqS6TBSpWqzE&+#)k#vBYR;aPmd7(#6JRDR}d2<4jf<dp@2OJF|0C}28twdqo5KnZn
zGaH}_CR#jh{hKkYysj9yB|F`_-k`BG1!y8|7wwZ7&ezA&R)X3rA~jsWL>lnju-Pbw
zfbG%M8OBsYF1_S23ZTXXdM&(X=jWgIMu4Qy{YYF_l489UUDY~HQPz}q{a+O>@GHj|
zn)-RJFM|c!W?&gRjZz8cL%GnJ!YHeIjP(!g!W%0tx^~cZI+en1@C7v_@?SGdZf-?T
zzeLkF*g(PxMrQuTPa=8e&X=D}s%VOV*q%5=`{EG$>K~y;WV~X79EdvB7O!q~cXl40
z+Zyp&yfYG;$~AsyZeuXlOw_%eBZC^bleiU<I61^-?!s{qj&7l+#?wdFDoliirg^HY
za=yMruIaj?_%6p<wJ5b`Rc<$yR^T8!DQm8DHewX!^vmRygOoq=h2P)AE^fgs%=v)v
zYp2gooQ(9xW<N=?0MGMYxW-W?iwRo`zEij=Qt==U2ay7(q>bcZz=R0u$t)(`ds9f?
zXB5(U{~XMiR1Q48s)-vb(J*A2sjX$7s<X>|1yUb>eLD1ETAFQ`%!MCUv;=z^ywQwq
z|6~{;?xa~{&(9QFkyq6${rYT`2p>oW6jfZY*ssZh$(5d%`Wb`Gq9C=N!qn63OvXt8
z3C#}?kT}>-7yxrLa?$|dA$OITp(J%P7`t-57(VBJkYmONT>jis+bjupQyy`k=9U#0
zvB`%4H|-&4+S87)Qtbz^y|EWC%mbp%*EE6lLrKs^z(?Fy7Hqu*RbET#n;B&;*h})b
zTM*9zWoBZM4-Ci!*#GdgXgS28WvOGrA{tg&vB^fB^|lU{!+BZm(KU5{ZodiP(r@M)
zb5_@6sY%Vs<qKGc^PX^o=hO~_#{kCE#8d`YZHoLWt8u>f9?dZNcY!&zgAGghx~o5Y
zgrdhyOHOaqq%J{W2KWB%tqft^fQoCR1>O<{;02^ZmHX=aGM&znCf8FF*X^#K?@YE|
zna40P!a9z+w=*-^%3TiRTWD|~v&0uWocuNIXgu=&+*|x_Uk}CoaoQJy(;n0V@7#L^
zYkdTz{lL5wgvPuBuQ(HjzJYj`GL2R>UD*fV`4x=47nZt}@_?EfEUF^GT;H~?ovPEg
z-vP(G8O3I$d%lv$K^m)LIaTjK8~TVx@|ixf0MG|mHpIPOJ|M64)p=1S^2t!l6HQv_
zBqmQd70j_Du(=sPMfh{f$0<)R1S9TXxj&T;0?T<b-3c(d%?$fd!V|7R)bDqpK@96k
z1ImDuTB&YTU8Rklhlom{a_o3e=_)u!MDW#yJx4fSX`+3An+D@iD7sl4{akEYg*WR!
zPgb<F<*TM@sdk;>#K$-F+@e*+CVIYOWyY1Ov-M4KfZ<KBJyVt}n6uHKR}fEIQ@~$`
zvO-*4AJh`Z&)Z7Rywi7!vuP2#UH3_y+!@|ysdn=?;<==+*o@j(P2U^+oFms(&Zh0>
zFUVfzDRT(MuK@;2G=+?RrZFBh@pPpNR&OesSR)&`jM+OHJS7u(EgwO((M@Rx4IYL(
zRCwDuVUk**_|v49U!G?Pcg`E8GN(z*5#koUVouL@&$Mezsb)-25EZ6}+RcVX)!(@s
z#-uYVRzxc(7~ErI#FsCAf^&F~9jLTwI*KrznySd+8FKd*jZ0Wt^SQ)_!QCAKi(FBs
zY8ZQ6g=TfFYgBx>=$XPxB2f7Nxgi+pK7csOmo^Uuvao}sjWU$zx{Bjz@wb<KNgS1q
z#o6Wtk)$G~FkJ}vYM=`NDn+)FYFuo&J1?BLmUHrM?=q}dfUwKG-l*HaZVt452M5wA
zIzJt4jw7d!FIIj@Qgj+>lTbc{P#W<SGnL6CJ{!pnrY1ZDy);m@8+=LQvNc{q)btG+
zyuSws?)iY*uyP=Jfxo;MDBee)jqCdDBO*^8Xnop>Afgdwtq<o6<||3~-)dy5C2W9h
z11X5Dvi=vTeaQ`ho5r>ZcTmwXW9K|f1ad)VrB&vDHo;SSv$Z>vK)-}int=T|acrr)
zH<&*nrsv7gYQT$I2dX#XD0#{#Hfo)w_Td`v?{22TpCS&73rc?pbMA?w&nEJ`{AwKY
zXp%c$eVZ7iKvg{Gu0~Al#f29&NuOfT%JQbjXyRxDR9HVr9PdOsgN2Jh5&B8&S*K$=
zGJs-`NiU6aq4p=TvNSOYL-d{$={9}FiK7xRto@N$U?T+dbz=?$VO980MdEF3@d-xx
z8>I=nM8ev<eXi89PrlZg?Do|1#H;OIZ69`XfV*lF3Qpg;m=aoQhQ&CGYQbVmAZCLa
zjogd<r3|H--66b-FvZ5`S4j(j)qmaC{`u1|ELf2O^n4PMVUfV!0iU=Jw1pPp^PVZb
zgjL9J2`s0pRb=D9=})6tbRPi$CkNnuFoM6=zIU4iQkjByjJ%Hd`f8shD_YXIUG@in
zit}0kQFE?%BxeHQE>MRO2hb@Xe=u`>eYI->dSRS=kGE$oFF~DMG4iv8kB?6tAg02a
z+X~Mj4R$Zj4n{yJWJVe{#jY=@?g@iq_tg6ZH0VeZ0t$8-&{xywD47D}Y;86%b|#uZ
z==yN(dROEpQU^oQSUQcU&#|;7vWuql(od(xsffgcZC{3Jtas%{h=rU+siXIh1LPKv
z>U&%=j8S)8+pPadbf_sB;dWzxM;M`@Z0DCoSXk-q{%!uIh?v+Qpq5h2VkbT|BTafb
zM~;hXTi;jOawQp7e9F<PEf>%3eu{SpG(si3;dj5MdR<BEXgFTD9mT4B$@ps3oFD_z
z?52?3SZ4fL!<VxU&eVZ^&_dFr-ka0epk>E)$V}enO&lr{ZvuOxPYU(68$mlmC^1z0
z%PG`SP9-zh*Q99c)iw^~pvj3x;d*h36zPsupjGpzEZ$?m=j?D*@1eFw{+&=0DfzVm
zS0RD)XeD^{q^=iW&W-F*PhO~4$bD*|hs*}f_5Shrt!=NM9$p4jLCRhI0jenDZG6f0
zGOy@nFsG4g{#G?RWV!`82?6<qhh4yv>?|b%>6u&j&AUuG!8O>+xziLM+J48V?j;7X
z(>}HT;c{XPq4@f*D~-A_K}jE4Wk!Fml9e*Jc49k%5Q9Uf#KCN;lKN<EP>DV9tXqi=
zA589G<6Hd<*kFKEnZ7d8I8}#6z)p-1F~h*X5Y{Nn$%*^ew$AA~MSPe;F9`od`}Nh~
z+MrOaaYE8j<<X@xkja9{%V}89OB?A=1Je`*&Hd^fQE(=w6LLAO<(w^d0Ozs*oC`xY
zT)8*`Dx$_#=gyns&)d^AW*s5xFlb<~aX-(vpX<?%i035HuGrU4fPhs_$VFGIb@I^P
z&rki(&aV#CK$Q|IP%}$QO9|wxt`8m&JvB{p;RQ~_C_KTpdmc>}n;{2$VpK^qSDT0F
zWKg#Knc~m|I%B5n_{P%uvIJN2w8Y-YqJ!E>^lZS(7KPwP<bfAct+VwO+BzH+sxMH!
z9cN4igbx=ZmSBV|;VvH0>Af>(b8d3lu`}!Xdsme16{PVi7~)fnjj`Gno5;Jv#~;|)
zGYsTMOgBc*r&{K!%w>`J)sWFGLZhQ52JqmAf?oq1z)QlaTl<RFDCFzurwZLg-vidZ
zg(hyq%o@6o%x~godzZVo4lD^#nu&e6+ps;npT(m9wF7uk*>GV_$Af3>f&E>Vv<zNE
zRt5qFy_aWsK3<j&Xt>B_x!p;J12KU%h%D%BQyS{kS~uIb$V#omqy9Qj9SZsYaAQ;-
z_#)0d4oP%c9D7$PtDE`8H__u6iDd33$TF9W=kEr19KL&;ZwG{!03j&^uzvLQ(ZMVP
zl6?7(aPJ2O-ajU*uns1?1Jq1t`~&I6E<i^nx^h_cDF_HPt6qsL`-unp`xm@Fm@m<}
z9%ytqpc4+As>_AgH-RBgq_TrW@DRGkizBtDezds#rD|Zvp~RMC=e=<4iNVNr8XyLe
zmcU}t%?ZS?)XHxeftq2Saj)jkdZb|^jK}S26xX@ZtJO6!Jf+-c`yTty;jLW2Jwl_G
z`nYvfugoO13Jk0R48i!ue3``R5ir#j2x8^6M`=WKxfuW*6@&1kD)!uzr!PkWHG|Bx
zb&(Q)lJyJL-A!{S1<`{CBuUtrDoO`spnrLIJiRMUq8yBSo-saJNS1XYQm0DLzp9W1
zoVs}9`8WuOh>5F<c3Y$%EK*H>jaD;p?cO)a%-PV%{^pC~1V@<|8p$&pv*bx~2hez}
z+)PcjKb%llf7e~A&*0F&M;)H{sirHlm`~2BfKkpOv7tv5D{kzBTFWP;Z&$9<-+F2F
z0B_w9r5#e|N42+1Dxl1%c5lj^^{p|1%)1?Ka#ZW8G;xmsd=6Vb`~2kzbtB*;k!H~(
zS#tWb8cAbMz>}|)pog5Cy(fYt7$v$5g3%PxX%)|OPpCEQB+qXLV;6jddhB+UVF|Lk
z$lZ%23m}TcVlYN)^PKgXf8YMCuexR}gpxQy0;v}C=5>xiUsI`q6d`+Y;pIY7twP|a
zMYe;n)AEnD=0Z$YSnynGi?o!S-oU-MlJIQ^rXCeKe{v5to}%#da*8wG+4?29rrn-q
zj^rFSs}VlJN)OQ7(YbWXoD=h~V8k@}Zz1+SzE6yWwKiIaHd=aJ$@KD6?PZ#QLCI!G
zhl0KVKR>a<=J6v?fbgw;HAz<<)HgubUyu2NM3g5^B7FxffN9Xx*XZr)7L9tkAi}z=
z2`0);E*Nhf(7Jj!2!?UtLWLQrxrcH>s@eDfc{}^Q(e78C<98hPmfz+-3f?)nQ+8VH
zaluBok%`YS#76Eu!oA~YB-RR4qQnO`zz~-8)4j!eWMIZrlzlyn6h6$8%DJq0GtPmy
z(M#$rod_@KHeG`s5b0G5(k`AhOKsrnD5~#-^OG;G!Y<@BB)KwrOXU77r514}dn&n5
z=^2sSx!aknBzj4)YrB+oV(!#<M!;UUshH^$JH>4jr^3=g$kSn63QF~++K`c131{)t
zEe_%FMWXxbmKEWJ2qIR^le+9P8>mGs*Pfy1(Tp{L{s^sLj#-e%ECj35Y-kDDp6uCT
zZBqUXR79LC9|UQ*hbp;YKLNb-guKZXr5&vp@K3OA0#tOR`3W}Mr{i{?EcVDv#+f>?
zL<XI7A?TGgPoMoR+Tjs~rH@O#KsuZ<dv3Qtf(WDshKGLe*q_Bq_5R*670t0QGbb4@
zOUOg6H<q)mTQ}BeJ=OQ@`7H~u*5nW>E-*_W<Bw=}&Q{ypzV>aht?y1~*=t<}l2_os
zWCU=8{-7fK#hECI41fFfP(1UZALJc1*4sgwqKnyPkKi|V&O%D`#_>2cYXX=6a}>}G
zi=7Zt8bbI%GdQo>+9Zklg)OG{LoRCB1WeLl?o@PW4cdjLDYKR2x#k@|O7Mwqkl&Nr
z^y0JTyM}IHE7u~Ot@cWRT=p?;vZ|$uw=K>Wfq-jvK{YwO(PT2Oy-Ve*Nn87ieVr*h
z2k{!2m&)brd&N)@Dt0-B$TtUNg+-Bd28;fvsp6Y;hleh4!I&J6)KG&aL~0y1tB1%(
z^pK?M+B!N0z;sa&42;4o)SRNrIU>usW)H-dj|r4GEY{!L^+Iom>3}@Vc~JJAOe@0L
z2o;@_%4)&5d)eEXIT(X9KbTY2vah;7&|FlSID!DSdxtBFm3@Tm9##JYaVoCWGtN5f
zB_Ozt&>zWTuFnv*`=)VtQ<1}D5H<M4FW7}Qkk&At+ZX^EvjP~0DehrXGCklec~$Zq
zD00AB+yNpGZaP0m?BiJ&of7MTA`c7~vvy;bZn$lhjbBr{%eeO)#Qr_cvhr5PeE`vf
z2_T0#Zq-ke%sx~uGZ1mP0#aJp5fSKi>eTDzkKoaO3s8*xfK}z2XWH9pe{D>#eP)J6
z-bSweWfhhf=;n(~9-IzMCgZKo^o2zC4U-Podq&{`j)X30&NvCvk4o~_!$)~`oFXa#
zXhhg>MUm9_pC<d%!x!5W7tgasJ^Y4QD)`HO!u2Q-F69Ua$l5-NS<R*=GqYtA@9E#R
zk*I8@A(x8DvRmy(Wv*!MDRpq;M*J7J{(nPBk^wcRI8_ezc+7S$b3d3BhHeob+64Z=
zbSKJ1@}L@;+q-5@PN9J*@yPLADCgLzI=D+q=xwt*11jUZCLAm?ibp5EtwJj-m`REn
zj3u|tEmDRjlkfH2cV7{rNuEWe@C<$E<e-5O#T!a4>3-T(b@Rpk;E<$zOgHn3x^E;)
zc9&5(Zz34$CRwJBK6*T^qYXOvi+AcDKZ<aK$x+=Wc=e<6C6S&UJRcwLsMY`7*!5z&
zCf{b!Bu_k&6gRlVX7RSgY<;Y1$z>P-6O?9Um40>3y9G%79Nv<>pA}L_>%;@6*IT{f
zsI4MrV#rcccRo0k&SpMbwNhB1L69&)mOY5+s~33jUJ@zj$pnG`J8=Xu@;q-8G9$j=
z?{Ema%70R5#zn;dVGtD%yUV$FZqXM#|LCJ!Z*TTs5SGC-if6ByN=WF5t@3k$9qU9=
zcFw-zVses!^{{^+nbxVBED;f>C?<SAu2+l$uDnNJr(-6!P^@%t`PR6fkOAp3U4*YB
zE1f7B5qHL|IU<`^q-<sg0+ET@rgT{FijjaLm5+oc<og={o!76Uf8OukIZ~W;UIPSw
z1aaDefO!@7yp5Q6ehg5gY&Lts+kfY(MofUs1!jjh!7+|rUfWy_XLv9w3RVutNakIN
zBVTVR`zb1<dqh|6ia?Gtju>JqXR<HRJ+Vo?2MU{|Q_)Z1WqamdpIi{GI_@;F*qQ8n
znc=Wob>Mz#*MF9>dzP}wG0QdU(!Z)DBU6wd6&3wf93Xl>3J1)l-a&*-TOyW(N5U5A
z_Fs95fs}q@PE0URYWzP>Cw%?45z(jA{7id-Ow1%C-p?~qPtbaQ4kShjy5XIX#x#Ts
zr$GPVBr>o0GKu@Yjf(kksn?(2ktphYAQA-zP@l5{WD3r$D<k$FAFe>kpGGCg@H7{~
zkA!f_iz%pGFM8wOheQ3-@cIvOH+>+ZA?mhJ%yff{RJOm})j$20zr27rBR|ui3Ntgg
zOMY8>y8<)w_q(mXT8KYQ%|0djaS0m@$*8vW4ovC8)s=Mmzg&U8t?1t`w2qL$6R*xg
z(Gl^Ok{<L+oP8kcR_M*Yc=kU%*asqSQ#6W>w%Qz9*`bfZIkv~EWB=D1d4K@62K>H+
zWQ-p?4TW)|kh<@`-R)o5$!j7wcq|<pETt$c@@I|=N*ot9y93yNxrKjvj2qr}z$NnI
zO)Y~m+Jj!ya;SU%-|nCVZt#(G(IYIf)lsh=<@UByXRs6}SLr-(Bp6h#b3qY@Qn`cV
z)|ay#gAT1pzqwQM=>J$;SzVev8yo56t%!>#ec`$rAKR!}Zu;1t!(;ivOR)Xb>ipwD
zUZ=v=Nr{6|P9mz-^d7~z%iI8gcLYj|7qlnhSZ;NY<h|Ph{h&=o68Z0$(!9JkSS}8G
zqjbWzz@DjX%DyDBF}l)Hym_1O72})S>*pC>x|NPFb8kX5|M}|v>Lu~s!VFw_p7Big
zZ4y;kS=r!2>5#F9#0^(IHU$4ZGx5*c`1d_0)`XA$oRFW?+a$}xta<g>F6H-@=*MF5
zo5Cy-Oj|TC01gZXOUSKZkn8tW<fr4}m&FS_er|9Sf1jiDN=jB6II!Hgtt6uV(>2z>
zO?2E}TJDK50_YHBFjbqr69fHM%lG#c083+A&R>a$WoV$S#F3kqpM(WnM5b6-N=&vB
z`mgKuAAW$;1iMNx5L}LW`y|$G&5AAT@9z2U&g3svH)0s(X!2+&Rur$ZA2Y^+p(8XD
zD~AtL4*qYqQT*dJf*?I3%6&k&iY)&A)O6_A-!rN|R>ijdk84OsNIm9d2zzcI+p@sH
z_kXaf8{Pvb=+gEw%SlDPki9*4m~Dty?gFWuw^9ss$|$%rkI(C{-U8wA?)+%V<#4{^
zAkRLZf4qXf{EA)R^>e8Ib5bP^u7xmwW!hh5B#u+5)dt<$<qw09Bt9=)&$%ik+0?6^
z$VEf>zgYJ_Z4$Z;c=-zxP*b9ksBFs0l%+#TruhykMn^Gdbyd2{(uFtg*t6So9;bSg
zBss5VFZY%JGHP}GJjOp;)Gy2rDG0W{g`I6(E=O}uaHNfBR?}t_ISQl8X+EfBiAM&q
z=Yx^YUA#oTZ{V@Wpixi6e|zak6^W;OA<WDrzyPA69|Jd!gGIK_aBm^4w7$N4tpF1F
zK8edow)(ofH#Z%ehY*P9@2^b+0yxl1o<sLzj1st<?tN^dn-Su0jgyQm6dgJH-e?gl
zw@4nphJ_XSi|7BRmy;M3=4(H;VY9~C3A%ItaY;NM2*>%pt?lpM8af;-)_5Fu&d6Z~
z0nq}6^qr49xPv;F(jjX-o%6qM{=~2oju9RU3lkHG;?2S%`$H063~4&Gl16Q%sse47
zb{xebVH;}AtUQj@Mar<AGBUB{@j1`vUajh`6rP4#)z4{GUn6H$`v&2ZMm@C5qaW9{
z3yon=5|zYew4@6o;Gsc8BZz=;uWIH>q6xXG#fmW~!+vS+KRw8N;*F2OV4A6finKP9
z7w<>mIm^T~GaPXyW(o>X{8^iT7;3vRx#x)Yw&KG1&V&J)WlhP=DHM2VCH-VJZ%&7e
zuFUXfc!X(3F9vT;0sZc70BG?rlYRJ`_T^25O&qV@t9`W8MlRUiMs<lAF-dJg9<L6N
z)n;JSk#e5=M|&@6m89v$Wy;C=BNGnmZ)r*FHmyaBidlg%)H<4A_-qypjV^8bRla<U
z`8b0{y?s6buPuAU!i$NW%IDCoNV1_2oB0m{X3erKJiVffdRe=jQcBNU&}&bjQd$3x
zwzrOpa_!oNMMV@P1Q8V}5s;8lIu(>|2BeXcM!E(BL`0D8R3wLzZbk&@9zwcfhLRYN
zq26;)@AuyKcR#<!Ki=<;{o7mJ4%eL5I#(RWvDQ)rOTDY?O%Sua4d;p#AQC!ouezK`
zH?@fhccy}MSxPOSL(UvfCnJ-MW-}VH9V?g5lux{Kuy^vj-g%4KeHHA_;uTMNU>3tK
z$ru`2MEf6?|9|*pINN_DqW!kZ2BA|^28Q2Q3ZnouB>VBP|H98rqph~~Xba5P#{A*F
zgI+)ki-ryNdz<@JpPq{|X_dw$3GHXGYL!YkA7XNckNR!z#>MG1Y3i?7j)A6NekW8^
zFvXt5_X{p-WrOM373+(7f}ZnXcVRTEFi5UvwIapC7c}yaALYh@DvMO9V8Ha@4kGh&
zau7RS3g2@Tiw`Pzpw)GGvBReH(SHd~|90p8^{1_ASabT;WWpp(LQWye!5Ort95T_B
zYLG@qUv4p|1v&@mfNm}(BQOx`xH5-ZftB3sUDTEZu<wuvFw;>xdNX*BB}s~-kA2<B
zI!`?C2tyRs!J@;at%lommF|t%%4WVFQfXF}9UTcE?DlG>sn#8&>H?spig^xpo_!F*
z0n)dUfdc3!uyaPeIoNHaZ$`p5P()Y#)?dDwN2I?q2&4F<QVGzteu?42S~tG9q`SpD
z&~4^e_%SY&4L9SOoUgw?ir(q!5gD6QlQ{(Z-TV<53s=6#lFciBNXEAzYc1Ik+4h94
zYWrC*Skp6QDBd7VaPZ3z(3*UAB$f*6rIH!1vdpR#a*xX4x$(XAa7tToN(jIrs!T7x
zz1uTs@O86aPujCcNePJ%bg?n-n`JT||4HS*CjRD%^J-}~NJ){*#Z-S6B`&_l28h#)
zgb|4iasi7B9U*#P5FI=8fKVy=0!s&IXfp<Cw@3VWg$+$$<%+C7KABublfNyT((c~N
zDe8mypGBmZ_OqZ1(RgT8QzTh29hVd;ki)?%BlXPSX)g?NIh1bmx}KxVJ!K-V*07ny
zjkg6+d@pBzvIdaczeuUDI$4*MlT-;<ZZdaAf4=-Rp*#P>_4rROEs+JxYFMqCNjlJU
zXk2H|azKDuzT&Y$CC*M%X`Oo=4On-rMmDzF_I9QbTEG!EQnpJUcjHsL4GI|>N-4^$
znxznn$T~{At`XXx$D|xUG6%*+<R!F&>>)%Y@5M{aQrB=R(7IPLgWu337kFqhEz8lT
zO2Oz)vNDiEr(3fd2HLD(IY|etU`<P{mg{BhQ5V){pFbqDyX8f(YH9&#91UodDzjbW
z|I18M>>B?3YaK0`*e+OH97qg`iX7tG`H4I2R&!a(ftKtEYABx(s6WGj(YMt@4}5v9
z>H7xi3b@2@nXtu}bi}p+e&bN2yhdp@)dJtFZlFL{o67wMEx(-sTrOUK8&Q9W!Bl46
z<(%S2aSzG$Q9h=q>=ps%RX!#VcREvqRRJE<B;r}oGm#uQ_Qt}b@r{dAjdM>s2sjyv
zsgo%QMSp2nr`Q663TNLq>PZk;P^<QFyxFMqr>8FM(q!{sw`BSuW~K0vaA>D*pujTv
z5ZegyNz&x7DbP!CX7zqlw&Golg7N+m4;Lo&+R9pfqc@kl+yo!_22MH_mv_a!(!=m5
zT&7pgbB)Gd3yBcNBa#YD5eBXcks8S>3{6$IA^J!rnvD)DhY16b&%?5t=WhegZ8qYy
zh9;E7^~r4%+yrK5=;<j0G8?3q_iEqbR&QfyYy3%ac#)A_cvqq~KIX@R%M3hLy-JWE
z%k0d;BbiC)hA=!NRr6jSYPH^DBN{|P7_$qD$pS2T$f6=NoJ#IC;DE-qW#IN8_8>L<
zS1t9=y6<AYjYS+-#43%*?3!;R(#W=Td?}(i($fYupjOz>xlBzwBO#5IQR!FFcm7E5
zx7I{R2AozJ$aw4l>=+sZQgo)hec`=v#{1eL*jXVJa&bSZJwewA?M-*nh9)2ZXobLT
zO#rQ$2~Z}Agf<K-rLBJk!iN6hC$b|2u-<Pui34MgIr<V6hRXLzdP_zfQ3H=KXlj~R
zjY=Ko^-(7FP%8SCQ0k6RAHPZsxYrRq!=k`VUYp=NefVTnO1^`|Ak1HJ4Rp>j)p@}0
zQt%$ru)~E$v!E|t|7B(p_TU#fp_dY2%%xui8_sqTG1IfyGb8J!nD!@k$3{rw!=J+o
zO@XBAc*~~NM`JdzW~m-}@{-^m+ru}WoBI~L`MxF0B?gAE-N_kp@j)hAQB3wq@{ubY
zvx@hW_cXNRL&wTw$$wv(!4=wz4DJhU{ZGN0Qm3GN>Zo;3IdumN?v_v#oLu@wZrn2|
zEW-b6Y2K2fXgp)Vcr~{$9@%`bgIq&!7UzZ&$^(7n<ZYYoBu$Zk2PKxCw@<;he+9??
z7BEkLuhsnQOlJmvLqG5ZQI*d?_?P_Fv|4))Sal2xQW(89=B-RN^t25)A1+}}(4v~*
zv8RWP3DQz;qrrwt8U*yLd6*_gk^WSDgs3-;+kUjh{0<V%B^(9+C^7MIU7uQVuP}7Z
znl^4(p3!p5^U|`W_0H8KHKsm+xtkA6r5k+x=c|@R_jmT>Hq4R{EQP@l)ZT}EsP;Ld
z247s0=HL<7NhFG|fcQg8^GNOU+1Ju4GPs^-dnw$vAVG-fqMNq+PnZ4Q3sf=3OQ47Y
zx#lm70c?og-euQItGsfHPYo-T7d<MKhB#5sog7Tv3>D8-zyDNkbwZM@JytOyf`p#)
zWnfEr!zgj5fuZ{2K#WitQ{0WbmFt~ed9P9`+I`e1Y+ELZ7Z`7H8dg>?(2m7K8>AJy
z(8^V}evnyMuSIwHdS@hP6LY&w*B}x4(CUAD9sm4;G=*2#c$t`3|Dwq7dDVVL6w{}#
zfqwGbB^z-4!b~SG`R)|q#OJJJEPC`{$ub9IN(8ffj(fw|>J87wXW^P0eZx6PCAVY-
zmafTzuseI}!e|zmz|M8KQkb{9pgNylpeFGAiYY?&8+CgfK(o&Zgg#O5V*z?5CZ?@P
zkCPaX7YR1z00iIyiTZy(*8k6yQf9%Tx8It8Y?Ybe&77?-;X{HOd{Xbo*=hApT=L}-
zgrvcOx>$j0b<pYQ25bo2pY7;b=;F=nsB$1L&*Hh#5D7dsXw(ePReNE7?7LqK==2J@
zi+7{41@lxg-j!PQsg!SgFE|_j(kAqIe((-p@wV;yKe0DRFuot2cm{-w?3|p#ZGi7K
z2FoGW6I^vPU}{X*Bqm3@BE`JKY32G&5ziNIcEOaMsL4A0i1!rUN~$HH-Jg@m{?3-p
zob97Kb>W<x_IgLLd8W7waW|R|j^D8qD3M*olbQMY#2Ah0F>Vg#RpZ;NT~-?S&>)^J
zhYW&zKnbcU_vx0ED-j3-=g@e8AOnm~D0W`c*jo44FuC#c1GqIa(7j0(5Q(D!58d7l
zVR>-7vEJ7pO_z?Z$Kf$Yk#wYKf2sL{{U42FB-9(i<0$ETAOPI@Ij7j3qslmOfe5rl
zoO*NlqIxy?vibp4-aN_w-4&eL-dk+x$+^hPt{-z302&#FhI||Qz&XoK)gN`17EvE9
ziECCH7hSpaP^~?do!$M`I41~GpkdB<g&2e>P$lT4c(3#GJMUx%r}A;iXS5i+CUID3
zzb{<l5^MM^s3Y-#DYmq%OYyGs4SauVg7*C_?kxcxMGCMr)My`khjAM!Z1h5(gZOu?
zYS};LP*(I8F>JcW@A%`@&hiLd7xdN@$<y%LAlD}HqW8?mN0>+PUmE8{iNb#+qgi(u
zWlpPfyA#OUz#KOA9WUiA-6+KnN>PhU+sXYgTQ2(nJATj<SWd)VVvt6q^v9KtY?&0>
zOb9$^Hh8_^&iLZbEC3QGNzkMb6F}uDMR@x=yK1HaH`L>RPNzXaI5Y1xX`MfbQ|fur
zvd4BYMMf=wg#F<1szRn5sn2(z!f)}^ii2U@L+8zaPfs4S`A+nA$+Z|wz(olUj=qF;
z{wG~R?P}eGRXLV})sMicGkUkJ`Eb$Qwa6K|fc8E*$wn>#kjHUai2PU#<>q|^Y$Z!p
zk9+-hvCv*Gx-0FeQ+w#Pr3i0H1+E-9UiImc8JkwE6ezvp%&BLtFrXUtNfkO-qp}a^
z;<CwnO9paOCBd#3TEL-3#p<CxWg3f+MTK0x&YBI24~Yf?Cp+fbNC!$6E&cl0lmGe^
z6<}YH)3+ua6g+A^gM@-Y_M1f3csuV<z4EQemjO+TcU!&4)-Mmw%5o@&=0j_CRe*wH
zq<qbcNh?q4%SQ=e?sd{oQ8p}Au{v5NYuc5vK>DcCFVH=#{xvD|5<RN^B7=qh^nFmw
z!~)S`ZhOj9Yg6Fd0+^qT<CFqo8xm9tuvNED)q53fpP&1kLxm>)E#_kX2K(^&|Att`
zJ+N7sPWA_dO$5D6dr41u>|=lYL_a(gY%#E5KK=}(+qs#A$Ev2?N%R4sw|9~0NyKsk
z=g`*`cDSRK5tq!wKS@VsNwtw=U~44c3}dYL43`OCZhni+{xNNbEynYnZPv3s<6!TY
zk)V{Z`dzK@dmYAIxykixcjJW4(U0iE5}1i1GgiJPPvo%J838m)c)b)ge_I9_GXQ@l
zk!xtE(oe!YXLGxusnaIz#n`$fhjNWt?Us!BAgnCjS4%@-0KuNh?=Z?<48-iRC7JT_
z8BN&YnuKK5q@@s!84pnP4Rrsq{xvZCI*3b~;KH|_BN9qay-;g4vK1M8gHs5|{E^e6
zmbp2g=#ieRb(3Fc0z7Ry5J4<x#DV}72D(=hWdcE8Bt(@T&I;moTcJpC$!61~$aFO%
z*J4-zAywGAaJ9+O4FC1N%VLS0evu@MD+Y#G+%EfoBCPGw0jb=8F47LWGC_VpLifpf
zWHigdm@PbVd#O$_J~#L7q@DOF9-`W%pdq7E`XXHaqXg8G5tkJ0x;oRO<WB;&b}<A7
z%A#i;7cZaDM`VV|fPj?o8Ww!Bb@nyzC~!hX=ar#}aZB*tBbqW~frJzyGLZ$!^svmX
zgm~r%%qcc9tYny77|K5EXOPA&^S6MAFXJhT8lIEn=c2z5mvTtJfFd162=J;l<bxHV
zHv)_#L)%RuOtvdSsS95k{Oo6&E|t^+;$9`w(HtyCj?hs>Yhf!RO*j_Xg83TOD@<8A
zW0r`rz!&`N$fwK>6170LD~r?uJ45Nx4<I?kPdIAczpLLV?FNe#!ok%_+#ZZRKMbwu
zmUE~z>#^a7t!vj^)7UeqvR`<j7@%|TW;7=nuflqa0W=S83P4L#3y46vBily(cVSqp
z9Hex4rg>Nnkc}tiUEqlG(vw!7ViLJhh5P>oB9^tU%=w%<SeR232?w+I-L03bKau(c
zPBv4t^04e=9?-<aIko-96M1LE_1*hEe*29l*6}Q1To<0x{hb|!eLCe=bxm5jb5CM&
zu*uufvbL}#BRPPT1kwt4T;vB~_6uYhQbi=+GG2tInIbkxTNb{Df7)8Hh3C9`r!9e3
ze^xh*KJEoko%sXbK%Yr|i(6aoG;)wlmL1%~I&>KwQQ;&fYCnY1m>H>r?8JC%C-XAt
z^%(`7t$KD0bW-I4U;HJoG5_K>(a6leCaVzf{X3wWI{REat}C$J0Lb-io{ky`aWI^F
zS>EWXT<6w((jCewkw=Uf;(u4=(#-xM-#b(zOxDNw0rbC4NVxgx62qGt-+R_4{3jjB
z&yya#zM||<p!n7RdHwIg-CGWjo)j1uz60@&RwTv1@bv_omYS`hDU9^M^Niw0-U*xr
ziPW3oLt!hVTv`Hu$!p&MdA1>UTLz%*wC=oo`SQ=hVp)cH(6!Jcc}ZapyN`1XZnd3L
zBFlc?b`&({j%Dr6*v#MG$!vMb!C9;Ec7;^WJLE6XZ$9}`%E$2W<FgGCSrZ>-s1!BH
zrdd?dr78nv5SySOm-fK(%B`nb9DR&u{uVz3x8@bye`+3P3mkiC9Lt*CX+R=$s_gk+
zsND>(KR$FDDLOLigOEZsFEU`#B>omO2d}C19U!7D-rVPZ8K}g`$>O4PZ8Z|43srev
z7eWXaQA)ELHO}owg!hw%!Rc#%8#jr?z96wa7)$8K%A7K=$zF|bEIk2)Ngu1jjC+}k
z<Y@d-P(g?*YF>JOF0@WWL&ouI<;`<{cQdh<V%`dCJRmfyMBD}L!oaY*eu7`{@67pE
z`s|~086;ap?sCDj3cysrs%t<7LL2);|NbFpUWs*I$HKgF!IsQRcPX)aSrW9w!TIl8
z-tThjBRLJ2OWe*+&!kL3k{x#gBN#&WxB1oS|2O~Q*I6*N1(Hw*#^xkB>`ZjGo#NDd
z3e)|v9fCG;S1$g=rSuWQ-Cducd_jJ-PP9RSnIVCq5)`Xfp>z*iu_x=(3P_e4@x$+x
z>Hc@W<O;r(Yv-9KmTdXph?6u<?yHiK&dtTQj~q;0FaMRQ5F3LBe{><^Z{C~aMPj+&
z_1{N54^l~L@)ou3ke}LZG^eCq+EZ}v2XrhH{&(HTTW0WM&y%7F;6n7$vlkhj4o*Q8
zPMy{l9ALMUc2{ql{ojp1tQP=FByyefRd;{sCPLo@K02Xz8u07oyIuuv6*oZsFHGSo
zsItQi((2t}=^16LtgLn}kkakia-92B=h5I@)KQ<oceoDUz}&}6BFOr`XCD@SrtpM|
z)bPJ+8^YO@N}m<AiUywPp8m<{8<@b3%CaY%rZUv{eN8SZz2eP0ci!0L&$XfXdfxSj
z{5g5>%zsTKPgz!QZq}bz7@EI*dt&>o>BUJ<nEwXl>M27`{OT3D?d_TBR^^(lX2+1~
zq@*i<jxj6;`=s<~IDdZQ|9%PZUsu_Q*W6fH$cgg_2aOEpYXMjK@=`<7+mo@*OQ#kt
z5&Q~$_O9WD+p|94li&Iv|Ai{s#eomL?fmEl;eY*PTH?1uVku9|7tW>)KEfkK7kg?(
zbS4YNz6%_B-|#yT_;~HJ-mBMJH^K*aZRI5U2MzQ7yfd-sv$e;U$HS=pD{X8C#0VF*
z@>UG7A5P1Vneb6cS(Tr$sfARo)aDA+FK>A<1N-DrEpOB7-HZex3a%SH`BS~0C7(v?
zPrupu$5H(G(XW8$f;-Gim;CfphOnH4EVw(>Os*2Af1hUH?9k;fC2B?$%+h<LRFz6F
z>7NUJF$5fm@0=9-pU?UStiz{Cqjk=0h`Y!hrw{evpP~*e-V33>{?coeFYY)b?M4zR
zQ?;Cw(i%ZU|FQ_5%ReyecH-{;gtva55ODl`w^~aIf}$_KRmaOUoaN$<-UbZYMTY<P
zpN%bFPC@Dy6E}WSK*TaQE4WhkLa$0gx0@aB>fUdD_vg!>XZx}O|3ZMo`EyMFc>b)*
z5|%VQ)oki)G+LB-28P9i49)*PyvJQ^7OCxm`{$IOVNZFsQ9^DHoHA$ZJD-1@@}sN3
zIFxQ6&;QrQmHhR%_f8+zkwcjs>-qsv`b}b`xz#)ri-iFUIT4Wn2xTmizQTkVo3u2u
zI<=iv8iTqsZJ%jnG=4NYM(MdKQ2hQGY3i?ry_G$X{4f7Fgg>T=b^iBAuvf_`FkeTk
zR6s2>FdWNwFvqp3br0!=pQC0}h`XC16U%AlygZGAocxqHT(VP9H{AXGE%ptBJp$h}
z;<<QK!Ss9Ny}BPsJio82L_RRqwB3G(+5cv(%6EzLeS}s>w5wjdaQggj$!)1kaMEsE
z*k_t9CT!bL*Dw<PqXLRKLU>PPE7LJ4eK5cbF0RbAgtmc{&!i=U(xyTZ)qab+AXYtJ
zOBz7_cR63?cph%Hgu62bgYW+sdnT724PPCh2R>ll#Hjbr<A}xJx*o-v2sr<`cmH-G
z*i)l1Jb!vkX-==HI>$>lnPT8y0u0iejOI%vz5U)Cm-lp9HuzSgKPxiSOT;$Y*6%M`
zx@~vy)|CfEy$4WlnD^0&zG)@=aI3^|WwB1iBt40IPU4Ku^u=fFV!jCN`Ms|ch;VNL
z{&Rm`%NJ@Ky_5Y<PqhF1#y_6wj_T<RA1ub+a06UYRiL-Jgw1a9Dd@6<F%%DXDxju%
z_2Abc*d9*M@el!MN$uP_TbszN)Nn~^=s@rhSRfzia}H0U$qh7qi3vC^-vf1C1eg@k
z2KJ;<a@u5tbX?`Ta_0_i9y!fb{-4BG5_mJkU&+M&Iks1R;MkU?gBpAPtM9xRf%ToN
zBB#eD5EmzV6pLlaXF)X9;(e;%vBUdf+4i8bHqT%dkmbfe!I9I&UcG#WNu$122Rb;Y
z0_J11#j>Z4?53W0-UaVj(V9F^5&zmf1K&UZl|>VY9*Q|WX_b1mUbRF8_NC?CL;){k
zJoB~UHmBA9%V!74-)Y)^dhd=e5FA;j#>bM$0r)A)arJwHwF9Nx>R3hU^5@yMNX85R
zes2xydskU^wD(@(<36)I@X~)>rq@A%9E70xo$Vdae`z$T!8H0WkpaIrxRd;I0`}Mc
zoa`Tmb{ZI6NwJsG<TL~|;4?7fybHX%*uxkHTw=Y5dV$Up`-SfN+7(v2PUMIJnL*3>
z!zzbj>oIlsZij`@FYC0@0jA(Y4FI(0M9^5|$ZOncun*>3b#4Q7hYV=Y@7f0bq!k8X
z>2f%r2DdGu`TYiGuA~1~r<I}jrCq4#PXqte??vJ^HTm^mle|1z-Hr;s^J<*c<YDAp
zdU}(Kk1ts2AH<zQBE0G`ZlJ4VK1TbP9`GDYV4frwLf>|@v`-H1xs>eEF3(%V+7j$W
ze^hX@en^#mIM*d8>YlQW#X#kx)l{)b5ID*nA^kecgZ;zp9>l5!n0IR4`}t#zt7d^G
zKflLr-s)J52ITFb5}5hi^3WRL{c;Mr*Wok_iB-vvk+ng)EQ22BtqGTvg$b9F<V<t*
z<^{_sbHXO_i^e6`IGsqe^1X4hxzvcA;M~8&jgRku$PxCrpXtA57$Lvh;?+E?TU<6s
z(~BUDy+}ryU-LDz1;_7=3}{xM2bq2SA(!=w4prWYar<1MyvNRf^Ndxddjpnq51@aU
z&4>Y%fI;NM6VDB_>&v?U7(Og2>e_bgBfmFWvq9_$OF`u9>f0eL31H>@j+eW49q1-%
zkDw0%Z>4^Fk-jzAWs-iOJ^I1es`v7jS-@r*uMAy&-e<68N$o%b9c{^NbjjB$<JwDw
z)_K(<v*e4nE2id8jth%McD|h3%d(A_S;0<X1$;7BUWGcV)=qg-ON+KXtanbn|D(7h
z>AIZmeov$Wvty0@f{fb{dbr;<A{X#spu>}1L)QuN#@hWGSlp4W53kP|JG>bShh|Z|
zX1w?s>-kCEhzo9oDR>zP0D_94Qa4LMH^;t<TLq}Ij9j1L!YXVgSuKaX=q-mlnXoi7
zo%PLYe@=T^0*4WP?2txo^q8hjtRp7B6Slui+Hd==wNT&7B>1Kayq=xk`H=2uhzj*$
z{>_L@Fn&ev0>N$Ki28GDrMvHWWx!99=LM)#jMIr{m{2e1Nd9L~r4jh$#C3l;@o!B4
zsb*dwlf*{TALt^zI`1~Rlh;+Aml(AGq2p~ot3qb{^XsrU?m+j{hmY{J2NX#F5e9xL
zVfw@R#-N72e17l?qU{lJuiZHei5xIh(F`y|1q;flUivI{e5g|3>84twxR;U3N=PMi
zuT1;k<++hzkwq~~>4n`^x=<;A?5ecn_bh?V`7p3SR~mRQdW`}dd(;3E6VQu{e2X=h
zt=pTl^bH2$nurdzn$Fb<FgL7kDW6;yw-09e4DJO5z<0p4drDud5VT`Q2Pa_wsqO&P
zcZ5Iz7~~<>uVI<Q<@QePkTL2f{NzXxXi{a5)l^;d!9*bdTwF!y+uKKUCUAEM?V0Hu
z?^+Xnp}zQ98v80U8wJ-tD?p8^3t)E-IuX_jD!e|<g0qvrP1~&A-j~6>rb*nYfTLS?
z;C&)U2PX7eI#b0M(Gr)P6?mweujQ25tq-RXb^IA-bvT2!Z-vg<0ywJ3nk3!%v?pJ3
zKr-+xbvxJ!hf>BfZ+~v_?)6-vh{e}-hW71(i=I?&KXF?0l7{sXX`-1m2-|*oO_s~+
zxqg(C!Vs1sG)tCb;<?BZZLo~Z+L$oui`doBf4EDU=|={=)3nSk%2Ikag|$Mc1W_NO
zZF7UjS=gWld$Ezsp`3<4Ii{TPALYIvnAeQ@SAK<s85GFkJ0NvW^S7@nJQTVxcj0pY
zL7hJ-)S4XM<+ms8#Cp<J>-MOe%(JNlmBX3xmJhg#*2kz8O9Bp8ThR1z*<&lnk68-I
zhQ6K{OW~vKk{%Ju$IjKGkc~<9banYsYThvDnh{~TqVR<^FyGdZ^o)@AaV`E8FB;&8
z`x862zMLbvSCgeG9_XF{IMU(CJA2~}p^nH|%(b200WMEIClrWuxe!v8g(rtgpB}ah
zt4fK2iM|#x%Mqp)OJF)~Hd6xp!NCw9d~ihr;+7I2(VUc813of!Q5raXSLvS0fL7{-
z&iDrmG#Ed3(qSzw3Jn^lHV~`&tX})<b!@!EnQ!E@j>5m*6DI-*N#(Q2CtUf2n2Z}z
z?X0jkDt)L-7J^O_*QbV-KCai@%fBsDIhDtvi!rSFxJzI^tovTRQmar-g)EA6*67K}
z?GEz}^zg76#8!9ECNeV8&)FTbWC!#DQ7g3jt0jtlL$;NI)iZA>(sd8ay72B?uSdrK
zj>N0?O}eOSZ=IxK6&Q@!6+q(Hf)U5B{`&4X4EOTci?0>Fq#77vl&yZwc*GYRQ>KX?
zHu{P=U%bYyr{lioCf$7kRX94ZFmS%zUueX)hECP@%i=uy{MzRLlKkiMz~1hHLiY;m
zoE}A?-W+-O{`RcN=IoOp`qutAqfqYH7{xMmYJ3seI{jrPj{&^Nq)MPin1wu-`}Zgv
zriz<4^=M^}0gq@kb-@m37YV8PM{5JB%n_j^-8b>End8K#QyYV|G~IYNpH6QYqwX6x
zlsvO!WcsnOv;4q~51x4ND`Pv?&KmbDSN*>E$QBa>+7ul%ktsqy{z-Cgz-H~ah({}X
znU6b`MGKe)k}iwM+KP>_Tn%>ffn|jfi_uc^oM@c276RkbK&(piBPS~*f-%LlKNzA&
zDPTV@wLN~^ViYQD`ZaK<+Ta2yXji7?Hrd_ITu~G~Qfm%zk}or&lodsVNyoD3$}Kbl
zzyIlM0A1%INT)mILTg0&PGa!QJ5xn_>J!JE$E@u;?w>@UVF{gCsRa?h2e3GK0KJeH
zMnU+ZB5~_eY?a1C#f4U4ul+u(=Jx&QV1sKD{W9btqrlpGBo9mmoE7k=>ZUyjIgd>?
z+^$fdh>hl&_Y#P;up|;6rvgN=)4ZeiW8-|t)Aya`+?91+y$ZG?TP_lKjP)nS9>~!Q
zhh7YUizMAZ&(fH!t-+fjkb6NO>DIk(9_rxkQ#`aoTRXXfo!f3dKjP)HyMgQ;@8WW=
z(@60`y23=YJsk5xY15E?04^TVvD`;z0w$&j7`!$QP)d`ygw{G#uPS&-00@=15!dA}
zk4AR4)%Ul8dKO-}ukU0?v_;tOn~-&KxNMB%Ki-&Z$;%auuGvvR953m6DW~3ch6L?7
zrf8_=-TU_L8X0<@V}GWFASHp{w5~q0=;bz6aWlWU7%E_@GbEO@i|M(gq2S&5Nw4ra
zyWZojXG&_&dp}BVD@W_Do$T&99&_7PDl@B9>d4Pv%2r3}SmaCccH=Wi>widp!KX(N
zy<2RHY*{rD4&6C5Y3|CDA=hcK;Q$-SklQf}=I{LmLlt=yUcHZN=NA)m{-?6wkoYqm
ze#tF`D^IDtuJD7YL7=iXIL&jO0i5Gh{;6H@WQa=GpGY{rXH>bkJQn^)+<VN7hnXcV
zJ8OLcJ_RwC+4$6W8*De`&Uk^|X>{)!+<F>vJ3MnXRJhZOXg{9vc)u~$Agw0HAHBXe
z;gafzn#UKv%fQf{#9ty`xI1^DxDeXuvy+3zZ8uGmqfwZ$tS_{;F{S9W^CQ#L$|@<r
zG$WWl6j-djdrskUP7=Dzb9ZDHMbLh3@dolFj^80>SutV*WT*bubjx|CJWBwJI`D9!
z%rYzI@aNH9y}Ws>CI@F&Jt8!@@M<d|)-auKvm9~0gYnYV?4j;243@4bTw)YJzBd<!
zI>5co$=!ST{c}U{Biuz#O$#0GIt&%Bjw9dZLagLMrFn7yp=v{uAVA^m*_U~GT$X9T
z66%Lt@O_LWaxgcmu*TgwOPoQLG_n)wjM*{Y$G}gblTl`{g19(h>J2A-o;%YIeSk7E
ze9nUT9fJABTt|ecz84crWWjCvRqkv#`vG5uJWyE;;H6iC8&(Yop%!IeM<dtb+5^dT
z9m9n-jW4?`Hv}xCdG3!#AZ5O!dLB}v&6}U`yFdJl6d$Lekzy$X3~xN2ISjcrr+7>k
z$q>9Zx*Y_?z)&R>@jMv6iyg69u2zL7bpmEKr=nDl6k0HAyIHM<5r9E3G5eP%d3?TS
zX;q7iFNS@Lf6j+Qr$*{L=8wr`hQy$T2g8Ecs(-lXo*Ydccl2x>xlHD=O*u^YsVK?Q
zmCn|=%+IHiKd$xJx!LZ}6$l*@4+OKAqk-JOOu?ZuE_QI08Y-v68POORP9it3?4vGl
z#d+adk}KRn;olwWE3t={&y%oTF`iP2mjt-YR_SS}E5DFuMx!A0){NN<lw&9(3~}1}
z(u{Ye&kj$QgL>%Fir4Q<n-3s7rfXgYYrJkN`M4I$Ej|4Y%L4XSX+=HgfUIJ-_ak&F
z(WYA3k^WvCtA4%Cq~|ul_PE!$*lt-Uf0zjR1DNVf1A(b=4vOwL4yVM#>bpI$$mYGh
zL(*w5n>*JmU1pgZe<r8EYT3MMF~PEPCj#6y9tc&wv%_Gb8@aw`(Y^{CCoR_qC8M%3
z?9B*91p5!NHX4~WNYsg|A9UMssMCZIU;#cWzNj&AzWYhbQM{Q>gW)-<Q(>}@&sry}
zt{W3B;}|zBw+$#!HmsP^xG=#t7wjfukXX;LPS0nITb?3AAnuEfr1{TxMGmVOPL{D)
zo6w%P*Ysl6Yfcm|5Z*FY2R#W-{S)<SKZl!Lln4{Mik?ZYp_npb9)MPF8Sy)9r4RS5
zaCEK_+>)jxE5+D-tFfQ``Lb{=xl$Q#43kZhM97FTPsSryrrv#yA_^q9#U%$*&q)x7
z0TS9=ix)MJ=sJY`{(?pvbH`A#A0AOQlMi0o1~c*6fC;LUcb*Hvt&As@YJ+H>>oGif
z<onufJHw#i>!KQ04FjaGN*xkJZ8pl#)B+HPAWF#(g>y0a+A1v>ewjh!j0x{t6-A*l
zQz4+(k9nt|dtWryJILSRW%~-;?w0XV5euY%d3d<G;r3SROe4c*twqqHA?9<|G?|dm
zt76@<LLAJEi5t&ge!T)Kq^>`)u}Bod$gRC*6uFd6M30gw-=#@C9w9-_NF40{d`;5)
zbT<`=aft^vjUE&eap=aeUdJa3oJRVwECrQc)$URW?vg<QHKJ!t{<Fj33qx4+tLN&w
zMU-5|il0Eh_tE-|Wn}`%lGUmX2>0)=wtf;$dVwbGR!XDtJ9VMjOGsoNK0}ItlZ=<L
zs__UpWpPK=Bu5|oHNw^&3Oe(5yB4cXJ?IDpC^2?QH{M&^iUI1g#C0KDQopi7_N7^K
zA@^76KNVuv*2b$MlWDrP!EE9V_yBt*8f&JjBMt*mjwXoP9b@Fx#b6L$XgW`h@|^nv
zGRG&}1X`Gd-jCv24S3Y8wQiS?yn*ZuO?kV?GX{BLG!*9n<}+e<FEqeTg|CmvR&E6*
zUF{xmOf^;_sS%3c^>{oO{i;PVj<wnlk&7b8>=D&p%Q0`l+GMco?zA{j4sWvV^Cnla
z;CNxnm<Jb{?-Bn{rEyu;QPIaG0PQh!-mrG<TnOLhJk#DxldnI%%+VNy^vs<n^I-`I
zdnJ$)<*8J<Z30hS{>}F{A9R*>1JerIsPpV?QB;8^u5cW`z53~HCdSEh>VBekMErxP
zht#)<T{5!-ZGf)j;S1LQP3Uqj4sxh0C}+UJb}4G<eyW8vvnF!$3MH3R{Q=t?oE=?G
zF;H46e!Op&aIB?~?p@ub%G|pwvNH;EqA(v?<(yCxaPsWtBxCP-H9##e&1Jszu#fu6
z0YFXWR|-#9R^Ymfm#?#_mt0?s)D!l|MoQX7Pz;`c@DqvQb;ap}TvK%W>0ySZXqU_a
z1j7QqK!)v+V64ZwcdOdK*w4lbBZr8m4<1q$RLjZtc&aA5r=@yV&I*$qio`tsu70ME
zO7BW(&lSAq{*pK@pd#gihOzfI1|oY}=-!I+7}FcvkowR^o7KhfAJAK|@|V;PA4RQ8
zHm`Ml#3rBor?~0|!&%N@b{#+Hx$ljEGlcZ0#EH|gHXp8(LX~eY3lP){qZUH*1hCXh
z(gt4VqgnCj$hQ`Vgw4xW*gY?8Kau5liP_;*TZrf|0rO1y3v|b>s1Lmh2ZcmFh0Y+c
z?@hTRPNU2ycKu1Yg(MMU3(B$M?5XLMxy%GrARAv0fb<oC>NK-B4Vqe5kCCa9M&ZBH
zT7h0-(6T;S8ygLkJYTGe#gCI)99>wmUXvyR5~z^eJvUXFz+`vzX0hi8my2<H0ivPE
zc`YSUQB;?y5WWb@i$W?8nk$uAK*)}(bPLoWQ9$BveO8Qu$12SK@)Qa1^cjO9E|X5N
zYB@UJ<jA~sS2b0gRwi7gqBr0!`X(+QolJM#oV7UE>o1cvt2*()OSeg`R(T2;9uyTX
zhqWtWw5+D;h5b|jC^o;zn8LB5;a#o;WV?-5tR2tHH3U#STsb+~@b2&)F6iogTG(p0
z&dhq^C*Y#nwx8m$9_?N+@Zf-elB;R$7^&fYD-n7mh#If3J$Z5q_PNK2yC4$uj3zRv
z@LC@#PkJ3#lU?VJ9<?qp4V8JnVkrd{h(O|+(c4e}Y!tg}P$5i@T&AQ|R8%ZHjwJMn
zbe|Ui$SY@fjtGr;<bAObftEtx=+h7z`qa9yM`#bi&jBH*^<$e{jhyzt@&i3;Jq_wQ
zdE6U8%Sy8!{kHbAa_3h^PW)YsKdv1YErtdW#(Vx~IN-8IMfFm3%5KOf@I>-hr*Ph{
zKi<%S)FH|Cr{W(_?YZt0wLs{1)J<y&?pZ<N_bSEXcyyrX!7a>B>4KN_dj+-o%?~T+
z`p80@GUmW|T3V1%a9T6Sx$3HWZ555}f(9F295!9$V#&P%o3Ymp8OI|db!Li8YOPLe
z?yMMbLwA_X(YBgN_g$BDp&W4`_no)Fw>eqGiMh)j@d#nPzZKu$XX@FA;@I|lG({Y9
z8OylZdHBK*24?8$w!c1RYkbgilf_(X4361y7&)rR#drJweM3qA_`)>kYzf$4Yb9@+
zk#Jd>+v%9!i0brFz*%!7Y7Y1(h(PR#qklG_zVy;@tLFyicQ@9l(AD6WKXu$`>nv!d
z7fAtXEq4u+U7B9K8oZKVZ`QWAcWO62IkmzdEyZ*NJ*=-`dx4AxLaOhv#;sYk75Pw?
z2Vm`bo<*UWu@Mn@%x;}>CA!{y<<{Efut^<+td34zLUB8HSq%Hfr;23w;zhPJP?SSS
z<_nQelMh#WXWW34LUadprK8jwAwPJfjyA5LNu#Bnd2oO?1lzVtswk8)Q>m$`T;ps_
zis@CgSW=C?z0+T)FFNvh=3rp`@DfAjdV0#w{)#%`o~x~Fr^zs7&)CZ(Vg<)`3dGP(
zsBVqpHOkDM_O!;i$Sk?oslmi@;2j9&%rfAsqf0XZ)Zx25B8jxD1)+uFRzSNK@y4YR
zW`Zrx-aH3eOcbm4md(GeAbC+@P2M6HDX_aI-YfFEU!Z_vy0-#K=FaXDJeC+X%{z#!
zEP~i^r{M{%7e5RTj>olbTt>}_yAz$;KuagRw=Uf2K$)h=;qCQ?Csb(bZK>tP@woR-
zfG0V%5R%3X2v!U3U7>`Lr8JxB7v@q<I&9QgwD)yzIc|3Jh<1P!_)a1O_d(rqdv}cY
zn`Vn|lGI*t3<HI^-p<I;!A3M63r74*V*o)1@mYsq-W6g%;u6YFXu&^5u|i}*a+w}$
z<a*;BqGMU2v_HJUr-w}!9P>Lp^Y<4$v5LmmawF{aw@+$Vtug$TYy7pT%~SxZJGxL}
znR?KkDhlsZiS7j((`+*LK?g=ji;T~%f@JWm``iUJlX6R=)q|=)R5k^|yGM83-h}Pf
zNi0bIs6}7xv(8E4&!C=?jj3<8_58B!dhVb<)l+G-4BBjsYYaU$Y1g^aCLO3!IC-Br
z3eqi?!*ANzVcsq6{gI^|32^D_tZ|G%lX@>w1UHGG-jJXiHcr%()$nlbq}tNJoDgXE
z%F__-;k6#Wm*{n<>@{`d@jYN8YS{aEK<gWvDD`MXG}QAk<owaXQvS`5XB+zHj3msN
z*+qE@P#aV9TlGY<R0w_0V+8f4#&I2M+j%`FKaf*7oT>kD&j5D>ZHat2*PO7SyxW}O
z>$z(;d$@n8*tKtLcjETJIAWjA`OC?byz&Hp6KruB3ra+W6}3Svm!QJ6@wE<tfAU;D
z%h!Kg7uqTBVzQXIGB1qDw!EH1FRQcv(Jt;;)hj!J*K@V`Mp~dmWn_>3S;?1aUv6MO
z`sr6`y0~yZE_-inAg5&9WeTig(7l?In{cbMewi5zKNgwH(<(82AAFntYyF5&g~r9s
zwg&9BL}^f@bn(OYjy<@XWSW^-s<-+tv)6{*T5Yx9cnOdy)ccB396}HO4h?-M1Rx^u
zGg`}J*kW^8MnT}q3w=ieNe$`4tq%6J+^%h)cx?kSxNTF|_3Pyz&#Q<zittD$-pg)8
z4c2$z?4R?ox(>)7<L&3dRBYoj5?QsJbp~LCKzing)n=2Cg-qY&L6p$fsu3kA$X-8!
z0mUS(Ez~zIe|agtpS@ksY27Mw5Ag|sc(y)PF|5Wlpz4bHFddJ`qEE#yUZ#igZG;Hk
zlGZ1?$FB6@)rglIBz-6viVh$IT{DTJ8;me~2<DxiI?(Aaz{XY<!tiM*)evQRc`$~U
zd&*z)1OXW7uIdzy|3>F$6)4|LxZ}Rpx;Y>}cpWb@$)ji2#{s^d!>mNcHHJv7(L^p1
zDH@d&R&;ApJ8Yx~H*avEAE+o^Du^wERnG<0>2vgeO<!5Q575ENxabl!cCZ2^LiA*x
z|6p*mP$kQ$e!IJ7o*v?(g%`S$#?resQa2{&=g~$Vn_e%{Yn!mErV4rmh;4j=2JlpE
zRA-t<=w%anJF_gb%<9G`l^`;#T57mUgdM0Jb@%*5@^yzFOFtEU^1ocMMi1h_^|%@p
zln`Ipbx~vNCOeJ|(JT<ogM7{HCkd(1)n`AYY>nte_pBEKsE$hucR*M^+RBz<d7DSE
zA{unvCD>r<cTU@!AL@?gGViX8NkYEWJ)!cd4BYn`sdnnPvZtjADJyqc$&#n`@pPr_
zqIrDif4ncOe&ms_mcz9u1u(JPosHoZxn!zY@q_U?RY2$pP2V0>f?udUq1E{DW2MZ}
zc*z!?$*)Q&HZT=RlrwCaE3$vDi$_u4cql9D=vk_|!O-e6rW`Mx>dW+~m`Ptxb-vBd
zn46>Z6Nu`nIdWSN#2U=hFZE5ezf%y^|IZ*6c64_A>|6J1jglcTz#*#aY@A#mT4k3E
zrR+LxFtKm4!`<3BNX6{cyGu(;N7(t30^Yy!HdmDp?Ua@LLamOjAD?d^?H=J6&LP1q
z%$P_CX$LC+ee9CBOkn%|x$Bl-NT-Fs*QSRPY`O_ACJjV0n6s}a4~7G9k7#JCSDZ)|
z44PG)YVB!jkT?<tt<ZYBGyVwXyIVurwi){uVCQ@UmU9|!56vn9NK@7^8z_`vC|MB3
zK38*wx?@@aj2(Zb1+3h$$ut*nf4D}(tLr9%chAv37c_Be>3O-8j<`e>d{+7NCc$eX
zFPKWW-KxZ;Aj`m}AhR4HYiO7T@NGdS2h%zHbX#4{60ai+*s`PUwm0FOMWrg*hAMxU
z`~&x_4Yt;?;qf;iYmgxK$o36X6dHL9iMO6Xk79S0U5A<bH5S#D{jgSDkO?^1DeW+7
zsf`f0qWkj4h*_#E!6K3X+2{tw?8h*p#LrhJbR2BdF@nWm(i8fMeutg`gv>XT+dWS<
zw!!G`E?)gCn+hPP2X^woyPzw9pU%m{1Jd@R?fU(@wv)9Mn1;wLumKIm+v)vaY>gJ4
z2N3FOMMW<+?Q>u-lWtvkv=y~SWTyP!X3C!Xdd@ldy(Yx>)fF_GCFFzMc;(At+YLQL
z<2fRcY>^LrU581-DU{L4pa$pdRrTLnKT0zfl&sV1FLdi?cUWvrKqjIw5YVzT-QcH^
zI8f+aQ`=kPg0d{oEHRbwWlrq&6|2O>cHLJ@Oe($0<tPR>`-JXjIh?K-gNO!A`A9n=
zWk|{?ufjVO^z;gK%)%xgZQM`K00q#YRzUPd_{8&IVB?XdFcVAI$30Q6!|Vh?w~W=F
zP5~IP{sk3)bXTEZx$?u><%f5n`lz{b-{<O~Yc_Du$*BCXcDOV18n<v0;Mw~hmUyvI
z^V>fg6+t|OL4v}SKk14d?CdmyCWEPmYe4(K2+)L~^IvNm*TYN`N#XZkXY1JETd;kx
z?}Dgv`X*}k>hvbuxBOtQd97Nf2j02NPzg3P+3Dj9ZyKqQ4OkZBn~J>NI<D#HTH!wc
zJa{4PFbqz&4r3Y}8%Z@A%Bs8HBYb%oKij=ewY5f@>++UKIlM-sv5Ku^`_j^PF2V9+
z8nC_%`ULMWnBxx<(HVHq#a0+X!HxxxAnYw6&~Jxhbn@o{yg%j&JEH~$gY8F4+o*CM
z3miVYLG_0PJr#)&Z=OXq24Y?(QOOJ#U6G{e!T!5fw(@J>?w*hiU0{JIXjYL93^GYc
zz+u-w-zw{tBz;sme&#pqB^;^Ap}b*Bl!0WH1-XYjVlB5YMAh~N<iUz#^n0)rT?g!%
zXU5J;rHm<oT}EEO$YZ|oJ2IO=y>?-N0#ZfVkVpLpeUya)rb|?pRyyD;dcf6vlQHfY
zAPg7CZ85#kNr1pEgK0TQ4dv~tc&Q^~P)`ERfbL!M6tK)!A2d7b?t2}%lfJ1v#w6GW
zB%o9Sgm;R;nE3(Tv)bjJGAW*0(j|JKnu;Sw-^lgjEL{Q3oU1>5EQ=3gIsi!&Bj~#f
z$I1@MF`=E!(S!9)H%y9Q0y&|%_Zj6A($B_I$IY2KX`?>4`Mx5@Sy>8=Wf&=E8V8*m
zX$nAo7X`#uv=?2-d6GUhfx*^VDaz07>pTlGM^>i_ZQszAt2Df%Brd%URKfAEJA?Ti
zE+t?K(g|JT8^W@L3=!1lWI_azcU45cP7AZQ5nJ6wC3m<dxRHM8g4TO13m*FLB{Z#V
zvYBeDLx!Wsy2iObvkS4vkt=#2cj3yiEhQIP`NY!=%tBR#m#2E5WOx;Y-gnh|72?yC
zYZSWlYY?r78oYvqc!naK4p$1L?d|PRSGg`Th#WVOE}p}853p5x(xhj@d}mT8D<t^l
zgQw6|n!>|Okw?Qa@-6MYuSm~tEoelO+QP*lmQD~EVRy9v5>e&n@eiI;ryP-sRBr)h
zzQDpy^JX03yVoAfOV1l6vxm2N<Jw<^3NOM~<Dwn<4s<k&(qJ~CeV%saHTXSOD7d7K
z1lOc2TreKqi99{o8*>G7a!Eg{J-3Q-nN2M|(TMi7B;`Ebc88f#9uCdO9&C+TlBP#s
zT;}muCS%PJnQ_da0@-?U{)(bM#qvuaOM|K^Jt?G?$8|Yb;)94Z0k=LfsQ@C1=U_kC
zqb6Fv3sUu-xM~-VxgSIq9`8+9TF5**vMsP<S8zKbw+XPLf`47mXzg;c<rKHmxUX#c
z!mcG*1?G5j-)fN2-r$5fo^Uu;<iXnO3nG^!?8AB{E<MHUUt@hHHmOzFlr&05BpSAO
zE#JXoD^L>RGzssw3VO{B8p?9LGOI<-K&QWWp>5;L?mYh<{Lhg|t>I^Prywh&j`kT6
zD`$;eIQjswGUcPie`m#w?`t5a`)VjzPwYgs$Vg*z?wkcP&(4!JLLWVL^88H;kDm%`
zs%Ikz{g9yfI0qKz^0D~aeGB(|5vZOF!C3s$lf#cJtjMrLuM&NBjA?oMXHW<#$*Y35
zlHT}Epft{_53&ig6*lT1XVj6WJ$&Ov^$rRIH6rVPC4-$Y_%vXfz6%U)?ctyhYS5vs
zVH!luy$3pV%9^0o^N1~$l25%^nCXTHO1WSUHfiPz#`Qleg>Hg+v7HzaK3525JM2ey
z@tU=o#Oj(_MsFhDk+B$q^(8lXjCl(3c8<JHhMxgiF~*(s02(`Jos+zI9)}$O)Wq!a
z#U_!Ypo?1KHz?Dw1~VK6+gXkGi%m4EF9`4r6-+p6A+uN((8J9c$VOd0&Lq&*R~i24
zX%4KYA`!(0IMir{Yc|w}{Y`h#rcssxQXYJ^%b%YwE`<{|iS9SerJY+@kHNLQ|8VNW
zTbXtbtSu2J3nY^p5M>#yu#MFs-~`O4ih3Q-+hj0m1D{-F(7K|v1eUC~dKx1o-+O7=
z)U5G1tP87EZXIk4Cwd`HiX{A3fx{yy8TDF6j*Y-~AMzZyyQpffh){X`yoy9CqGtg_
z6aiLcWH=`SuL(~v&laKi(71aJ^5rGy23FZC6OGUI{aI!)VW3_H8E(Y<@TnsJMY9b~
z)&<fv`0}M@b~h?jvaj0ZR?)O)Vv{G01_SD0>UHXbw|_RCPd~@+91xQHM59I6W!)AF
zMPgi9yRS?jKN#3@J2@83ew%M05Pf?*LXOHv#vc&<Io-I(A?)E830n9$dqC@W{^KB2
zEVYGPV?ZvEcn)!eUbXWEtqV`JtURTc6vW$GfV(owZ<bQfiPPHMaRXIkA8$VWO0;y_
z+5)zI4v$c3gWNs+jRYF+yB>th9rSowWv&mYx(0Zh0_cLTSAGgOYU|7Q<z?v}L;T+j
zL+f}Nm39IsH@ve0-ST%r5-b)D-8OvG^)a1x#OlVHU+`-(h#E|)8aX!NNV{7Q{H|Km
zruL~siX44r%(wm}YCYv}XvsgH)N4_*-hh`7qCb>82s0z1SBU45HhJV8hX6|=d_g$q
znzt+#OnR|!wirP>Fg%cYoR1aG=9+)C-};TBjDSH^`ZC$(BVMYi>>z6P894~!euji2
zf6O%AWd4a2E!G9@MMbe_bk~Nb3-+%aA8okIgBc944TVfw4^ZIr9rVjWyD(2+U!T+_
zBJqV!VRJ&V<%o3mOX-RTpEV*%ssY=xG3@$!kcL*X%<8eU%wRWJd0eo-iQIv8VjN6a
z0$bMP;<l?-ETm?>`gdI&&eNo$lMIm(c5jQIhkTyDNov5VoMw!2Ka$Xp+E;-*OM)?9
z&D7s{24)wrRg7;H4%FxK2y|}sNmA!9-(_R5tV73*R2KJFh=g()HQ#Ckz;-*ByKKCq
zFr1j9Ibr%fR`Pu9C7=qeExUx~$$CwKb`w~5kJPrUlh;#IwL_9`0vnMhp#SN9e<#bP
zSuxJ4JrfSgT<(Vi_OtKW8CC+>h?Q;jm&yXEJUAYY^_CQ7CeusUd@E|eqH5P}a=;w1
zP`y&{0C55>=_Xs3nrPd-%aB<O^HtY@{1m<`PxTV_$&M*YT%{~@!+NCH-#WBZ(X1!l
zl6iGqBifw`f{<PLb{hO%HV4OBpdM3p^3!xBR5NpB3d2@%10xv{bEME3yACeHLt0Db
zR=a4Vc)(CS*i0S?s1$B}2AI-3(5>ak$15xdSz{<v>fF&+x^pNGx6{P~LQLOT9WAi1
zhsNv;TpMS-_*(T#jw=6{cN=N2{tw{fr6%Jz#pN&SK9(;L`JzTi6mW16f>ZY<p&mV-
z6WKo-xQIj0fX{N64cjL83~3_BM$oM4+-G<S3WYqRdEeM&lZLayaL%1;L+;Egs#(WT
z>WXF8j%a!7mUBW5cBx;azz4D_u!=@E5!W9|InX)zVzVA9<oB7!XoHeIAMfRDF#bI>
z*lodtY;h{d^tIC<-f)Urbw0*r!ma|R|Ka<Rnacp{?|7r?G*0_28(D8_>zWnMG!qK-
zSh$RSbiw6gqx}MllrT5<nx4~%_x^sCUQgq&NS*W7r||Q4?yssB%|aFr?Y9O7QVIgI
z&|bPfICxB%mpEn}Ui<?b0esW(-k>|FD!=|28ETos4e#N1(NOFZm2ppp<j=3MW!$fh
z?9-VJdX**)LnVQv4DmTGJDQXNu42`>@2*Z>_a5_DVYxO2hN2nPH=uX}93dhx!DojY
zJ23CdC9QD6g74QA_C+&0abI2Y+*wwxcuxU(-T|U)epU!{2-jGB|4b_%E#V@FY>(r%
z(6QYWd^xMAngis;JXMw`=j4i)CK<Mrvp*c!O`H<Pd`d`sys?GW%-NSJ_mnC47T%ld
za+;zBc;{8fUJVaAOnK~4!rA)j_JluV2CW)Q)&fS$FNbZe;2fpGK*wXUyF`0iyJ_Dt
zwKhZ6#s<|A^Mwh`np(qQ3C8D2CaAi#f9~Gd_Q44i%pCi`!ZPV(_GzFDNVT^WMcW*D
z+z35uMZA2MiAa(}pjyWp>ouLnyJ7nK4E(u&W&r?6PSADsa8Mt@n6<_h%-NSjJe#EY
zs6%>#j>fz2iM(BJC1#;_Z9wxkOLaoL9_Y@^)a#)XOqX9#-?c#q+4h&_fE6o<Jj7u7
zQfErCsh~bhSn^qS)W{f$H;M#xj*c;eI#yA`%Zkvu1~#AJ$0j*|7q0GI-Y+MZlsqSM
zBAe21?x3U3XkDM^fQ#)Yp*j>FK9%-Zgu?5m-i4}ok;zyu-@axTVfKLqqB^5x7|1GE
z6jR2FU8N&1QRY-+c3v8jo^y}=hdXx((9TECaVRa=HH%C4zdYKrN$#QzxN?($cc5Nb
z<X~0xK}HdG2v{B@>x&UfPT2*!>`Bl*<<FSZK7VMUXXSt#<U6T*Fp8p>T`)`eHQ&Z~
zT-L;^x|s@39=nAotk!&}E_AwA6b6|0<6~IX3lWc@qa&5=HxvsfnP`(n%!cvUQ0XI$
zgQ|T*7F09^kAc|yd4*<)(cs>EgoVX^(bfWasu`b~?b0W2XH;+5v7P;av!dDeVI~%#
zWWOx5!cE?}f3$6!C$_79RWqfrqD%yoRhu(Ss~6|1z+@z9;NZO}L+sL`FSionK|>U@
zVYx(zRE-mQMm8|KrZkAOb8{e1Q&nDaaMF?AteaI6jO!a-KeFB^d%$x+cRDlC2B@Pv
zRU$}8A>0MQ@XkT_a&kIM5ZMCOG9~12`iWc=01EwASfj;piujhC3>x6GX3_yk&;8Ns
z=t3O6Oye7Z7=kJ9jY!A$D}@?}VWL=|&x7I1f0}23@bi$wxNVcSF2w4y2|SyeZDSN7
z)WlnGG*AFudh!t0RvO4U=K(+gq}n{82ig?J#|O5^{t?K`v%(VJKmeLWJ6n%wb#V!4
zMc)j~?d?CeH)U3SK(b{CgRwYkARIu|B~RX&YMZhmI!n43@12KCjSl7YW_5yM7z^t}
z^mcmm>b~~~Lj@0pQ<@je>!4F&fQLqZFSCp-wc1Rt8++K3sy6eTkWv?tHx(x`p{A{X
zc*RcK%78-|Q4R4Yk&R)dZ&AD*JIErcOl`++5~BA(>`|3G^vu(fae+KozSr>xGg-Mn
z<b67aJ=qko$AQ%<hM@SBzqbiy5vH+hfi?(1?e1?AkB&D^*25KGU#s=7;}EIyT&HwP
zuB<pJ6-p@&Tb;uj#G7>dZr?X6@!-gxaC>E=L_upO0Cy+g!cKqH+_wGlk4Nabll!C(
zZ||Yvt{^7%s5zui134`4Tx7PO%lf?v7*n{unkwDO!na9blU$fW4~Y;CW8LxPNlpHm
ztRS}btjB@x2TD=jo_Mok<Zv6%0U|>8U3lwz&Nqo-rlI`nv~g>;sVO1f+)r?U58i#Y
z-2(C7QD1D-1~U&*x?8XUtMIPWRGOect9uH%zid>PsM-IYe9<&3jxD@!7vR-qS5aaq
z|A)1=fU0s`yM`4(2?YcRl~#~$=}x7)8)>AwmPiYTAe{md(%m85-7Vd@=vaLBa_{r*
zbKbMh_`d&)e+&l0!9dnp&vQRl%xhkAX33@T-5vv~2Yqb|yn7f$zno31f>Xz%86+cs
zmK;z)3&IOxBGtpoR?PYw7q6juJh&JFWOvo|-Cw}RdO1s@P~&If^$P%FPXEa4v#WhT
za2Ju__YO;koQ_Lzp;C^Px>GL6bn8S%9LXDwc76U#z|XWw&*Zcm{{92yRe$npMb8w^
z0pK1{L#7CrbrQ9w1MzZ8;V%L*+$-tT3;2wjyFRaj8Bf%<a`w?m%B$6R_vh|BE4}Ka
z86cY&*YYN^J8rSUX>d@MF4Tu^JFR{9X<}XUZoPos=8pv20%f#$4ayj8r?~6P%qgp}
zEvnL^e(wE<CSm_rIF&tu>gy|$$wtEt8H(OQ_FfmL^oen%1-0x=`D@WqFJYatYFVTw
zb9A<cC<?$eqO{9vZ*N*-n+FM#H^1_9B+MHTJ1cuzURXPf|MpsOul9_{z0xfCZ0F=-
zPWDcG&6S@{J$w|O@H^HLB7jFvE-j}OsC=4n+AjI#>6{eD>rCKClzlGDwV4|iP?n)p
z5RsPmlH<E|i0bIp8RzrnyT6UciG+qLr>x%dmJnyF0nC4UkNaLJo!cF6gqJY&DlY`*
z$_?kK+l#8^jw&iO4(8Tg#KpvEgJ(+_Y05v-4fwIi=Ez-|#j&ufXtyw%Yi#Y09*-9M
z_`<UNs<vVqb@#>SEB})SOyXCyXFDpl(SQhsQX#MCoG9hoIOjSsH(YMvJfid9DX}W4
zl{THrEzI-C^2*7W7lJ7J(+sTmIUD!yybY+a%3lzWh^bbq-@6)7%Hqw)v_C6*Lan6s
zELX1()^H7LjH!OVW}RZit#1^KM8>p}3C3;Tvib8O`4TtwJa$q=2;YnXxh00Ze!;Mb
z5w}+<Xoml@`|t;Yz{dXr1317L(i{U6k=}Iy#8zZnu`WOfAdcB6Vq-I5H@H?WZQcsw
z6}@_inu0>aPA$?&brc$MhOpcNf|Y&)gPb^`|Jg$F*^zWc_7(Z%s9fEJ8nAJXfWt-r
z;7(**dD&Utd$Z>CMuU^xTqlcCLB7R>zJ`E3c>CYQ0lxft0WX}z!)$n|B<_n<?hU6L
z>$j-nr?4%G@bVE(pKqk&9PQRvul{Pfaf^zi_biS_J-S~FY=knml69O{0H+nljOt>y
za^c<JPp`+1WeAuZvRTa?vWOab6Pbk9`g+cdbwe&+_I&SBl=7pR>nG|TX%ZmB9PI&u
zkWnK6Yp$34R@JMx7hupS^<k)?50zreF@4lwh}feDJ~5ggjn&Vw){fhrv7UGvwpTFt
z2F?r!WjBds1CCzNcW<tYCMR@u89f;f+xR?JydMy;UeRhsr)3^HNT*otuly!vJtQ#w
zoIf!$FgH(sV=sGGM0R`k>H(G%0jo<<&8vO3IoFzGw{&H7dDWV_EBc9($}sPBWM7Rx
z`7`K%KV$f@ELVA~;42XVGuX6`ysTu8Xy!_EIrtXubj-gM^Kf05S>%er=A-8wUQg)p
z55;B;sv$3#%ND7#x&2F`YzQf%^B%#~+QR|snoZ*&9Hf(h&eyv6;i^hM6&S|L2D#o1
zzxBH~-L)q^8c%Ik$dK$>lTMh0<#pNoB*`08lo|*PW=S0cOGlmi+|FHuq0fF`Sl_7L
z^gfGTMCK~uWM`X~lFo+^vAw^%-AO{Kd!qcjUALz8v3!lNgu=_0N>85PU?PeL$ko(p
zav=ptp4G?P=ie;46K;h_EA;GT<bItA=l0axRQy!^1%cNrul?Ezq`$X6*>%lxTYmU^
z*J|46ET@g@K0>d7kW%e!DMuoucH(|&cXZ*KxYBnxDrUFQ(OBw~yHs_tFJ9Fvm6W+q
ztsv~)E^-6muPuikh$zv>BC5p++_q^@m$U@RaEweS{^(t&n1a(~Y{b9Zs_y*x?-1mT
z?Xl~;63D{*N`Gk>zia3;s<8$mk}DWgWRCtA!T*HiDz)buR3{sRoiP-LzRN*HDY%L7
zv5S<F5JN7bJIdZ=gSyHN9aB;19)jSjpBTM-x7YTrsqbP^#k@tCfD?3T61VfSU9o4#
z9|T@v%dwM$&xTTtcqn-?_E{w*plt_%Pj%S26}AAu6Y}SDSej&d#`6xpo+NKu6wlV+
z;%L=u^5C(8X|t86`{@R~U+m?F4&)}H+6pB>y!B!^qvKenR$O~}U4x03_ZezBtE&UR
zv^-_H>_)1_9R}zUexmtar*k!ohh><<&b!lXsU9G|njLR2MKVCV)QvC8%#N<4m5Wxl
zZ{O<kX+k$Cx{3Ha)OI7R-*{3qFsO^PG^xkNz7R*JvV50H&;K0*C2sxKR$N=8rTQ1q
zTj~u%RWq@aJ;cDh;S;VrWNgVuN<rNa!dGD(`vy8CYS5jjQn!=glB0mo_bRU-*N5Wz
zRQX?9yevNmh+yiW1p-fapS=Z$art(Gd#?6u%FDN3hiQa5V_DUiFWsQ`YiMW#9=zBH
zW>?u>-yYT#D)N#FEOFkQr=mqAD$y_!=y`=r3utO0Pg$l5Y<1D}&v_2D+i_J-eomZC
zEV%f@v)!m^-1nkI>;s^Sm`CX17j|pDXPo9Cb>qoAu8Cm7h%zi!r-OTcJS&XPoZ@RH
zitQTiA}(7RLT#S$#F%UfU&e!GX%~e>l^I21u@HPwBvf21m8CuTh?iaO*umWpdnH2<
zmQCLg@07N6qbtR8r}}6mBdtxR1S8b1Rcx`srP}sNWk!-BLziB5DjA~l2}?b3gP?bG
zQ|m!R{^P)Y1NIlTX?)2WloBiHKf(n0Yrs|H3H%!ynGZ4oy1Azm5=yJRk@7}97f+=G
z=b=-jiUdQhUi21Ecu=r8Ax`qieI#0Tiu2hrkda7wl30T4T}6>Kli(oR*2aS(<>42W
zi9({E9&{Xwh<xr2t1!4iJh+EbA|{BiQ&F8$bRMo#WgtO8G|uOC9cvXBkn&14nYoMu
z2PxnKy|+Lf`L_m$0o|P}Z}HU!Beb2AG>D&Qdwaez5NABLp0lYU)nZHGbBzGReeTQC
z8P8$Dr&&D-FjESdM6UN-IP_YvwXzUo=XQ&UyvLdSkZ(L-pPWhj5%5v1n$3c71VaHG
zSAbk1I<ofm8Y-)SO(X+!#<N0%20Mf}E4X5nJY;RvN?e%wVwtqtFT&`hR(9=$L_j&p
zMap;`2eb@j%FQP-ft(7Io(r-^0G1t<+Q*3N_baUzGLyKS0{5GrgF_W25lu^u<VIas
z${0T4m>Wc^QSEV2QYO;-F$qt{Meq~RRL-{&u^k>K<w|H4_uaHwhx$4keX@y`=qPx#
zoLgtNikh!m8SRCM&}ungly0}$Gn8AX5{^qU<>v_eHaD{|rAa>syu*Bx!uMjX+B294
z)%j<GuLugZ{HMqtt(<OcF*})1k+HVtBlnKvzTj!!#~`B4zp-Ph(72duux=|qh;Z0V
zB)3p8xa)R#ylF&7D?z|({N#qD;p%u$D)4-J++CcacxL(0bGA1<L7T&wcncWh8yPW{
z3y)0(5>xl)xP$k5Aty_Mp^e81D9;#eis~OZZ64Y}!w5tUPLs%*mwz2*+uU5fzWgp~
zPi3iOcK-08ceckZUhHGBB#on024Dn=cQ{Sz#qBY3ThZxJIPrsK--oRLEr!8{1CLEH
z%bswuLX4y)crLLmh}Ug0FD2~RYoWTlQSJE-@dsypm-4J!6tusHd5!aWRnB(VPj>$H
zD3ji$u^3h9e&$4RCn%h%6G|cV@aI9DN~*)%@UA9{S3a?V>QY)Sc-ZN*sxS)@eL9~h
z|M@_CNcvE7xA;}-(HkjuM#8z)pdGC0+YjE6%E)pd&0k;1Zh$QhC-1aU4hF@w-sVS8
zM$&h^7D}_pr_h0bZ1+m5X4J8J?(tX@$(RMarD&wzuo$OVc!Fo^T)(!55sS}MzPF!L
z{xM9GwtsJ@S<v&<+0{0kX7=fJVb2OfW8$LTWBJwHvD!*Zz40<l6{XE<SNYiX^~yYI
zm7JGflR664$Cm#HgC#0{K~I_AVUG8RDeld(31;b3ek!H3-Hae-eNgZg2g~E*hkM@H
zRW8eeO?RvgBxMKzbBatf*fsCu+7HU=ISq)ZN4}DLPI0p<>6uFVaU4VBK5sZYFIgWE
z@(kwZK2B%$ezT1CaLteQ+Y>5<?yb+n+!6q0v(bDF!IMeg8)<;FT$Z!iuf?41c7AFN
z#*0D4rF>@%%fs9*Z5!GkFqpp4b>PG8_moYdc%=M8#m8!{=B;Mq{7&8T8F}9i;mGu#
z9QxL+HkL#hbnNwllL^AC(nR)Zy`->Sz7Yt0_Byk2dmN{cWobz8aB2LT;5`n_GPG+f
zjhPCz7!^Qd%)EDXCSJ?*t%U?wZ~yZbrZzI7!Fw)DN5lx#cc@1sQV&<cSyf|7V)38V
zM63n)3dEYCzmWLT+wKDdSZ_J3;9wI=iL=|1)xNfxDB#7xipHKQFGjWW{DNdTfTrqY
zJ^n-3(k!PtH)_o4%B03&Gy5bfMPYN;h!V(^o;rNCAq4Z3@5RmJW%kHuy256yE&JAf
z!RzleD-}xD`ly1}xUPze?)Mr*A1=2KQ!Q>yQG(^?BtEO5kAU0BX@>Fz3OoRknuUZn
zD~j6N_hLD#uqlojhJjf)z-!6#Q7NP%1Fb&srEu5^#Xd=q)UI*LpjOVYV>?og?Yww^
z{_JH>QSb(5sYy>&a)VwI!ln5*WC<@$@cQtjl!tJY;_iHUR&TeX-JF<rTN)iAoGYr>
z9m&RozHV4dQ9GOb+5#7J**)2m!=P$OejI2X%-+PuXh|4TC=WREsd>%KTP*>Q;O#SM
zDv{Y*>%yXl^ZIjiMyK1H%XXDi9mvfi{ql+rHjm$z243{E>6)&e5|+KcVk=x#=JkeI
zzVeM3%Tb9L>rdbgXl_l2OKx7F8d*IfTHl<h#Utc&n^ZhSp6b{ez@yhNw+6NEp2PJd
z)0LA$NNej=<Aw`C$YmnC?p<o7@03ZLo}bW(xlALG%;Z0Op#K<*Fvm29L@qN*6Zjb%
zoklK-xmw56Q$j9zVE(z{tm~qNPp4D&<-Ahb;h}C{GEIHC%>vx3mJUU{!}i<2znmIy
zf-nh@L-092p$6hbdO9xbSV>)8o*phQ8SN(T>5e<8ihmm>m8zqY7o!LeAe3Y|q0~3P
zN5ftp0FI&$MI!J1X#og95s2M*Lz~GLJKh!qvUYkhZw)s(52{shIj_^nbAB(6OTgyb
z{MB^N0hqxyx^)*MsAqQ~L`w=Go{h-zbE>^PR#68#l^IuSjj$RSKzy;^wi>BU2C|BZ
z{fV3+jgS`={rK76w3JJ;3pK{5y>r-vwicIv(&t}%onyIdVG-gA6cZr%gguC7okx!-
zdYGE#E}wYEH%R{aPFvBQQRkQNh^#k)s)ahKwO;cN+8Lk7yKzV$;$hF;+g@tjpq5za
zO8bm*i*7&@6vLpK`4+n)7%xvoY_obL-yV~~?S=2nzg;#C1h{3we47|LvDMVo!$Rw`
zCps;A3yreE_h&-P5DT&zCZ5E7<WZA4zTrTk$)cC?rCHaL7pwpC5B(Ck(<~xR!UWE8
z`bq+fh}V4xAZMlk7XEy%L*+ZR-s5**(cBd5HJ2H7IK{w<zFCi}mSz;~19Ql9|3`c_
zT|S7Icf4bz?<}>(dU~YyY>-HW(2JwqAbJPBU~~)Vd**s(rTwB{h@_%*Ndz76DUl6m
zn({U9D8!s;g1D%v?8ePV(El}tfYb1c;Vv?^K2!L*RMo+|C(PDFv=o=_2&DYTAAVc<
z#gg99PkT`wODp9-Kvj{3<qZffXwE%8RN*#r9#^ODH@95prpr(1fwFeYbh))GSZn)g
z2JFcR9kH$8s-lPn#CNq5@u#d942V5LI5M$*g1U~k1RoE%RR=-XA3Ys}Tz~~DrqxHa
zPP#u~vimnzNpAt{4~$GsXxL~tv~OhF8ea>=BCGa$^VP}`|M?!Pe!oY2o>-?9?|g7A
zmV4rqfL(>V57-Y+O<=crQ*5wCtG@DTAHa>74sD*-=eF)TBJlTy=bgQDO6DZrVQR>H
zclNezB|W(KKe~Z_2nENhSTnY>Adxc<1uerBy4Gxvwp)e_TL5ObilByFY1sqhczIx=
z@^OJu<Ie9#C6F0WCWY&<(IplR*T)AV@{5$M{e0hLlHzL|cEv1t!}kY5n*E^bR4-rp
zR#@G%o3g`$(;r__m_Kh)P)sQi{_UpyBM%IPfVYH6aTKZjoJb7l8GAD_ov&LHfR%4@
za_M;5bLmv1-`CTdQW6}#4q=}MBcFMSa1IeC-`j`Azos(u4~e98wF7Fpk8d1rxCptu
zLdFX<@eT=vg8w|Vm@O#3U=04mdJi%Frq}!9eIkMrL@Kp{O{!I8rvt2Re1n?msKG>u
z)ofUy**ECp)WfYm>?{NC!?O_28yCji&U>1FJz$t4@E6G>)(`p5FG3<!XaBspmE%c3
zvyiF;hNCSi4i$`*EeZcI=Us(NDJ03DVlzAaJoq2|<qfXNXPX1P>F@^?|8q43NHVeE
zhmXG*{~rhEk0bui-vwgv!)wa2ITlcHX-VD%vFR^;L_*VJVp4lR<#l}?$>-UwryS-c
z`1=l}Jq4ee5Cfk`iu>p%?w@B7{IOOCgsR)%O>z8X;05}}A^5lN@C#Okf-UUV*4h?~
zD+t8agM~gl`9Y~(@~$a|=;Y(?XHSF$SX*)tG5$W-bbtM+z)eJ(TfC7l#`XvQ@nnS4
zNC6b7hzIfBgVV4w;k)_<cf0s3Pb5CJwUWpPS44NJV8fqI_}2$`DCfZVZ!VWe0V5Oj
z0mux-OiVnMIKamKr-4Bcg;A!II;Bh^$NxVc1(QN3*0eOXih?InXsyqOkx32D57@rk
z&ov)K`~CSbAHhF?%iw?W3BV1X@eA@p#f{7oRNIh<=l^|tYbe3bX-l&4;1?+E75qMj
zJ^%0Svtcb`v7TT8&AJ>eMRSz>0X+&P#k11B6n_4C&Blh=YV%bIE&#vUwwwHbt(~bo
zb%Nh}ftOex7>6G7{dX@3j#jlDI)=718ZNjUg9Y$cOy8Z!!pM+F65FeDgx-Hd$kxlT
zT&e_ty5~LQh974VEci7<CdSAlbk#%q>rpr0g2%<<7a@oLF)scNLDRGp{sH-!@R%57
zUqp`zUh*p;%Nkk$A#fLWoOGH$U~jZ{^{f^0JBlO`6yoj5I+rH>cD<P;%(oiaD+N?q
z(nW%>o;odpnXv<4+0+34m_=CUo8A}(Vz4C<6Y=t`5Re<r1U~gh`Okr~!uMuBv>_lP
zA`3?qKshzU(0DBbn2l%}3E7j}clqdnl=3&JIA(?JNUGKAI=2(*n}e1xdGi7{;vl+!
zO3p_ht-bwko-FurL=Fx*;`$;KsQ2+Hi4<$*b|F|}xo*#&RscQzOHrHTBm7-M=Mh~G
zrg2l%NQneSeI9Z!e0-k*yE)UXafMRsE;ObzH#ctrBXujNSnFr7P%H<wm)<GjG3b16
z@(Dn!Q^&PvI8h;#Na5pc0|w@)UbvJxH4Z`G7iB;VZZ{ba`U~q#41E$0Jy?eL4k!Y(
ztWLneoeN-^asvTXJHg#3^J}ai42om?cek`yJ60`QPtc7Tmj4(RUjEUnf78YWpH}Rz
zPn(|0SPU-l@nS&e3JFkAr_4ut7CMpu#MkUWj(x`Ml$iWv@$m9wAw#3wyvr$!kXvTC
z9jSs}I-WHXu&EU4Tn>3Y@1{Utsn!h_{(x4p$VBYqM)7N#2mA(=<Nkao0KAP0zlf%V
z5%Jm;pSzwP=*M%|M)2w?g}Ee*z=NaUe|HPpo%9WwKC-Fy>+9#5dc8r`;(V~31}YsU
zb%>uoY>nM&EV|oD<?Bn^^8QmWqF1;+KMcx0%~vmN&-et!Xv0&bCfdU<s28JDby5M;
zMV5eufsqB&@t?Bg`v!rs<1tz7szx$Lvw<F$+hH4ChF`NU%KN>%mgZ*DxtbG=hQQF0
znN8s5CO=zsXnM9c*Ls7lbbh|Prqtl!>JG4vB(e$*(34PYc5|v0B(@51Iql{lu*{UK
zT9gOL@}rz{$<CCS36o1s(;Df3mda^ol4{Onp~}{0vfLhsY_Aj>-hJ@^HxvvXMhE6a
zWSp$+pMm_p3<?mC|B?R68ca!d_HGR>AGe?Xl_&qm3V(fX7D2{-UywNAAE1B?QhV)7
z&{_75>!zkQUW96%Byt(HJ5WjS0D$}vF<-O&+MCJk++UI?*g&+%d26DuQD2ruiBeWN
zfepvtXO+WZGtx6IhgkiFjl@_WMZYy$ja_^Pdbr$i4BCZ}t+7;pVe{E@VYibp)zyYt
z=l$UickgWi|15vk@Qt_+g-{1@up-GsQM+70WigyoVc)m2RBMzgODTAbXm|Tf&?l)>
zq~|?6FaMYE8U#;usfXJ2A93lmz+>J7PX(q@e|=nYmDpHnWoowzql7WuisMs}D#Qk-
zlbj-0Wq?cy-)^xyZp&(4LV!Y+44vplfT&S871nuPIk|IIY@7{CGRT8)6qwIz#{q%y
zXxBPvx5F{q=|)In2$WdYHz?5>OnD-y6e)nUQ=_ls98uy5R+V;zc?^a0Gl^Id(zyor
z02tQz?&<DTwA#;2`g3M_Wj3%$uaqwK2rvj_`G>#?PnOdZKOw$J=bJO)*(~5Y;WK%{
zQhV_l6~N{cY>#^M!GdX-%OO^}<!PCWP-`dO9;dIr|M2C>^PMXt-z(5msxNw-b9Pf+
z9<D4vUWS4H_LRuN(-Op;G(aGa0-P4nYP<EchnpkV!6XAo+zhm=R;j=vA;)+nE2;z?
zC+N`wFRy<2fD)p~D;8NGFHbYaVbAZn2d+;`b<gRp)9#EsScTXO|22{&tLt9#iQ{-6
zpqSIX9&($^L6H%ZZvtRWwVF4LV0j-f!r!vl?#-%`n%|_D_b-0+i+c3@^>>b?1)%V6
zy4tO5*EsJ#l<3bmboa$#Q`rj)%fIrJfYhrGSB<e=zD#_76;J=G6#KyVxLG7Y$3%M4
zJf7W}2%PVKyWwKL$=v2Iecu8U%I3#4=x(COYNtxqt9A@0ns$uUoJsRcxLl83{$Of6
z)A7s!u7(XWr2Pn7xWhkw<ucj=MV01qd$&uFth5nzX^X(PnF)tduU0O*W(?R;hM6t<
zOViUA-aL)T*#`87%xF6P@C2}t`$XlDYOeNCsp(MKXp#Os;dZb{6i(KkAsNFNxd<yg
zU<MVI!}6N+vq8w6xkktWX&6)tbdTA949<Mf8J;fmi?fMT@^Gnb!v}+pai@b{C<LzV
z5)TAGe16IiKd<dIt{k3aU$?n9GIAwtuvx^rqNg$1jS38$;_P-jZ<$YV?QX80uXpcS
zwm$|#6n?9^d83qN<MvGZxiYh_Pe>>vqkHGqK#2CO-TyjTX>ARF<Ax_cPj_bq8g#>e
zZ(72<=NVz#@p9OeS^L9;p9<D3rZU`U*keBG^;WHa6w&`V?EF=O2$0k~K0i4UomzcD
zr6^We@Sv;_lVbW<%x0Bf1^aHZ$TCzVXm4~L;BGnDi&>2qk7y1fHVPTT{Ve<9U&G6a
zuK4}A+E;m*+F38(M#uqN>pPOj{2?#|8jjKR+8n$DghJo3dQ0ZeHb={w{U)CW$6%=h
zjLzN~acK@|0{*pfftGq;7InAVR5NJ+jcUQ9pOa;rd}Yx_Fk|@KZpoE_(`qm7T&7eU
z^|mquK+V#$M9T-jJ<*_Y&~k_Yko`{&OAdfknVG}JAgOW)kb<LLdE2_$8~YT*0O^`p
zW87H?IyhJLPmprBrj#AQGqbu@kw0TPwA5xE^Fy}c{v@F0Y~se#=;5mRDNFIGSV~7A
zeIWo^CxT#iCdw9;9u|7lZ|{Q?!E@h<sgF$bwLcKC96mq14I<5tR3@}pTOS~Bq~8v$
zZ-hFu1}-YBbU{sl$k-F21~JE(EZKF~1s7Wq4Y4>MMBUVVJG0O6tUWZr6x34+9C0ir
zGMu*;RRq`w66=HY?(F)9tc6m^%toI$Vl3A`&ie!S|Ek_)NGKo&bay|!AN|LN?SDOc
zcf3s{KwCQF?ZbG;9~?wVN?HUOA?VX)5yKJ~>Z6-J>)D)jC5T_p&DGggdSi99a=<S{
zMTxVv{y?`pR(M-r)0h}B89(off}Ig;+%K1>#$-ORXCD_cM+&)Em7+3TLB!2*#HIHe
zL6h_c6-30UOcED4v?TT*JuJS{#l?jqU%OVOJ?Yj3i^8}oLi7{Clr&xNidt;jjj?_T
zs&(BV7kok2s$|k)z77*!TFn|)R$D#|n|o@1ezBfn28OH5R!&;UB3k$EA6IHd@c==d
zzGU7RtMDSg*j1qIY-T3v068f`?<;r9j>T9G`Bk}EAXX)+ZCcbfH2NfMjMCceuz1$g
zC(UDQ0fU2#RAtLmd~EZ4WVB55YDGW2>U3Q*BFdUO4S%_^dYs!Rs9@(uu2yiwCZ%hQ
z)4J=foB7-)mIGwbYO1Gd8(mgijaPf_251rUAE!V#<+WWxEN+utXFGxF?a$Y<n)GW0
z&=;S(bbe`4(A%<fRI+YSkL}cY4w>vsrMLX&F8KfQZvjT+mCh&@{IQyR==GGn9WgD%
z{O2(O)Iac<qA?mjdX#37%2y#{grE(;K2`<7rC!S_yjhnor1Dhq;~f}!UwhrQV6Z9%
zq9xr6?vF=qdZsxtl8-eG3jKMP<wtRzU>AozdI_Fs$R+At=I<BleGzpg@WAn)(kIj8
zy1v?PG*XAP+`LKTDE3V7(*qd|JFUC^l=XAb`IjplIjxtV7~U;OX$z$-_(aU#@WlQR
z0mqwYc5ZrSvVyI#TzTOC_HM4m!XoZqCyd?-)KV<@TGa}B7sn&xtpuFFrX>Qn7tt&m
z!$z~^edZyzyz0jQ<7p;a;)pQ^?jj<)GnLo{kma}A5#S+;aXl_Bel3kF%T*g`HMC?%
z4NA7&Mw>;l+7n3{qiSXv`%zSIv#8DveK6)@mPCwfBSzG|b>Wf^r0~mLoe_Tn^mCgM
z;UZ@61fronz#uZ<?>H8le6|L3dow=7T#b~PFnF?$<zKPY0~J!{zA5Ugd4GB-B`um@
zDB9hBij#lUY=8g5kJ5LVTlKKn3ivBDrQYe21(aI|nE@mAqF7TN>AWn^X7>*MPhGba
z#s~z$##`ytrykiC>eO$xhd%d@!XW08(hz)SVJY!bwaiqW%3v8`hs<>-t*upMrVdFL
zNmn9vBfkMSbiI`f>WQX1iyqVGN5i{1-Ig>{$ckRx8_%zuwRY0l6VZ~;>O_#N=ym}$
zeSlZ?qgA{3HbdvV+3+sy8i!N_q$A02&0LjyWfjE~H~vY-*TGVu2(>Q;fWYl+TSt6Y
zH6PoHnEAwuF;yD0%IQ#}>b``^LHLHotb}^O&u)UTjvWSY&3_PlKW|x=2i(E$lJA_X
z^B?e?S}L>B(#~4hMxJRtP3VuJO9D$&vev_-^D=?b!9mcdd&KTWoRO7R$GCg__G_59
z@+pHrR1G9n$wXS8Kdw8el+yPDl)tLzzmTkd0CWHH6HF<9<J|vRa8>g^V8B7qSeYKo
z0~vcx7RSOJbX9BXfA)}WGAH7(lOXJLN73N%dR<QnGOo@F0Z5z*^aBn6aa~NS4)#3T
z7)pl^W$Y5@T5rG>b+g|-k{S6>rx1b3vGPHNZxAhy1MW~UpsYM)9t4Zo0$|fTYIh%~
z-mDGik}UT_)J$Ul)B%douVvq3K|MWXZRC2`-j^_%Z^7=)#IkJnYDpnP-E#7WqKW(S
z1`&;ND^VlgToZJ#_MHVX&V@oRW7t*zl*yqVjC4E~`D!wyjLX?I(?&ZogV9e)L_a-A
zMJJr@`EFfdl|ddH(^(Z&qUF6+8ONE^9k0K?%@gG_3OlHyRm@~v1>5n7nw%LKLgfil
z1BskH^uLsESXkJSw!wh|zDr{{Ph$qaC`SPx+V5(to+?*9>mKI-&j8Uen}dGZ7Q1f{
z7v2AdYT~0P{2>TG(XzJ0qo7vpUrf#Y)jb7ODz3l-iO1`o5|3{X*j)H_ygA}tAUD$!
zjRUNhLV5j=AYfkn&2p+_YD8%z6Y~m;l*HA7&=lVuji@%oU{RF37F$)AOeHIB`j`tA
zl(1@ZjdC4;iU$r^yYQ)HT_aeAk9=*RvWYO=&_cCDE5*tJ4@%+9p;ng;n*>@fxPigp
zS8aw;G-GrcmAvm@siU@U`+dMxhjrtP7|_PHNvJm;qXu#5MRkhyyV59rXTuR1Dy=F;
z$DK(*ifU|%ttB?yZaX3xd!^8+5rW~X)DF+2EVrlY9B6s~C!wFUjfqTCn;*bMnZjXv
zKw}79jqMamzR`E?-)!X>UB7hSuNQx9F}<d0YD$@}+bGDebXrAI0DA3T&G-KTIsb1d
z;tMiB&|Vhl<b>`vi&Vtoi(jK*Xo`Zm#-~k$0orzKg^V3KbV0*<%-(35o2+>An1ULw
zFD!*8QxfmiesQY+sp1od-3n#Q9LR3idl0C?T5nv2ktlBqSaLQ6jq&MA5NjHcv8#uH
zvC$xKts>uEsC8!Oi(^r3?}_$|i)S?x0*Fe)%=J1jOg!QbrU3mY2DSVWxf|?aov>Bo
zw3lpYplTKcF3?LYYPOSBZ8D(acA~QkI*wEf{<0v%v)vi-Qj>v04S$v*O(QHkF{i%1
zYtC#hK#TBmJKK9P5&|nK7paKv)CcGl&=)bTM0j2AQREw>vX=d<^yz6szhaViEeG0@
zDN#1GcaD{tD(!1l4b|JirN+`ffP}5x86fkREi_o0{rmv4gDo^dbo-@Yqdv84PgIey
z9X0-L*#8?B{`YH-7z{wTCbI47`ALu$aIq)Agai$b-j{I*>cG?pKi5wGa;|yZPrrdZ
zVQjRB>B>s=TBug-Sv`o6Y28t}q_{ccQn7Nlzid-@Tou|qaXc=lrKG-6JSu+8;j{_g
zY<R}+_0cj*yLR9Q&~In%FZkAYVVoOWy9Kng;BDO;Dz?$038XHxCn->p$?N=p)bn&|
z-7QLIc?UPP&2Y!=5){~=nn5;m9a3!iM>58B%Hjp$u1{5Oez^e+kZLWqoGjaA48Nj7
z<!Z_5Fei4l-<LLL!FVm3+QPq{0a~Wl^f8h`+C0cxTgM$04AQ>?aqezf5G68!b36*u
zw+rY%jA7atfaG`-2)fq0ntb?&;A+eXmh*ha&;eH0;di{XA+;95C(oNj@ZP=o-__}V
z1n)7C5db3Wb7w4o8U%EC02e&cehU>AB9S`Q?~m<905B5UKVT&L9RB83@W?9wUg$f&
zQe#h1AitfYzY6AL89>ka&E525QpsrAVTmPhRZiYLHIal^9)`657PBz;ag?q0LAi0C
z23&$e${Dtt%g6+p{n0F0YjuxX*bS@a<-@0{;~SIadH`ui%8i);vhOb{jI(MhR|$>V
zS7lnqfNAUS63N7Kq6Yu*0_`68fS-oh3aiR-U_Z=k5y8FE69Q_dY*4M*x!=O>8F;Xz
zrt<pW>TiFceP&4Wg}}J?JOT)Zi$9&XDt2?sev;WmC<BRnT?e$f6#*Q(ssn;g@O{Zx
zQ=`vYhNm&`+oFBtq$HL2oFH;i&Lph^5c6s19PFk6rt!VU_II?|*tOR}u?4wEm>+iV
zLivX|H-F>h7R}|U=7jx%_VZ6PzCr!I#gG2q)9XWcdiBXU<N5>mHq-}7Dqx12!n|e&
zu$$h#e=cdl=^Eg1Qsen=3F-u6T)NH0@`;=g5cOVZ4+5s%B>nX^P}g%<xE|oYeUs}^
zCyTLj|00xKC+00!QA@?4QR#H4wln$xZXk0%0+=WY9UGihF*LU-{ZK$ToXr~EdVvR0
z;ypiq|8A~GWN>vgM>8Z<-Rr4=blm=kMPWS!yQ6;Elx;P(?dm{E3J70sK#!gd)Gs7!
z${QTIhTd0{2y`SZ!k`>VopCI$9JlAAuv%qFzD~Y|USFUEc4R!LAec&P>uBAz{k1#=
zM^JEO;F+Cgd}rFFJMxDE=;yDzKG#9}xsNZm%Z;Xi9cLgNg`EvMTQzhlMGpl#zgM1S
z$1^S~ids1>Q<^^l5w80P2UZ<$3hWnM+E8&eg!O}%1wSGl1McI<dP?P2^}LY27{jGm
zjGM%FJ#lX%UWVW74y9+=t5ok6JZdZ7VqwbH*MIrP-0I)s)8G6=-~&8EkbLn{xu?Gb
zX%?xnJGDPL|4ImAmBzosDlKfZL)0flK~riRm7Z7VU|52fA)TNSIC~@y=MT{6_t%2h
zt5I!7F1`t9%xU0)cAkTcec!fn>&>6uKF7^yQyClu00wBqy-w!yl)wfw6RT)Wd(hu+
z1~at3VIQFVY!K|lZap8lXT+dWN4dSsFA>{`0ARa@@+^A*8ML;hi8u)-@wnPmhi&7(
zHfPnYcT=`1)eG@6Bmkfm-KCSjX;?lA0I)v;2!vkLtxgw@BAzgY`!U|cLbbh#0knX?
zg=eSz?EDbBH5x1U36<0iMf|;5nmvGz25%IB_@Gp%qfKSC;^C197tx^gzdBpUYBo2b
zP!}(G*X2^_aCN;J!?M{K{=!c4X6UNP5jcM)sC|fKG88k&jRgh*-#KiT20_bjx-)6(
z094!5M@J@==9;i5>~4(LDPur6i~(;!23ALZyx&WVqZ(jY11*xLnQN)dqR`ScwE%!%
z*Y^g&?zHLNtSfUrr1vwp-v-tz>Mub(&gybN;;NJ5ncUixJgryop6`7|PSdOZ=W5^%
zG9r9-E-1WRYyhxijTBJ+{y{ZxOQgef0)5BBfxjM7fZVi6q<D@;gLT5aVguZ>;-6rH
zHQ>~vd$*9ciKGPBH3AS|zbJqXnVKnix>&#Ez5!kfHKl&q^y#td*`BsWg(Z*>+5<eH
z1a^kv=kIVCpZRsj5{>v=VNe=%N1`{2^jjFiyLQXIqI#RFTrJw?CjoS_^g4CE07%y_
z(^O;jNSb%c{jB}VIQH$!`C8{N6<S@vTE9E}oae(Bxa3yzb?P-qDyzJq(yJ($j6>Z7
zCq}({lUK~L;MNN5RPcCS9;5or43wJm4+n<7AUsVVOkn6}O-(g<ULywuI8Vk<ddC~~
zT`^bQ@+Pgu+r36;UpCKQga7|KC`N(_Cg~3mMQ^tQcbi*<nz45k53NHn!Gy8&7TU3n
z1)umG{ndBVNUcn()u}eZY5^!A#LGKd?HPbhz#{<GoJYSJCDQE{*BV!R?zGZB`8mEk
z$))9T{)|_>eJaABCpraLb?{<m)$4Ne)uxV`5fQ%?LB^Xnq4!)KC0|0?0(YF^=^ofU
zXSbTQ>1=rp3{lbmQZ3ozxFeyCMBgz^4CvaTV5>YWm|K%&d8tOD(uyuYt<s9n&(AM+
zZRHi(;N%u5+IeJ@c$Bv`bt(Sf6!Z7#LcS@XcVJE6dsG`3Y~{YY=;HB$U6^RpIwj4S
ze;4*Qc|IFf<G2uwixuT3I^QNWb;A-Ye4(}>NSv@ouQ{+R6Kk50r_%^WF=LJPdw5na
z)xS@Ce~aBsx~6dSq$^|Wt&Hj-s0z#M*XbA2-0LOm&RIdfkvrsJZz?e3ax&IE3e2_R
znsFsSFP^sR7~*EJeEb9ZGtxg#PX49C`@6PJkmQcO0p_<$IU{(Vv7c?xEMzuc2YT&|
zmPDo~BoOB;J+F>am41wLCIPdDZ>cT*Pfa|cx2(OwqL9o?rb-ylQVq-($zuJ?RX0|;
zzM`vOg~s=NA@zCkwB+ZfxyPly-d5jb>n_ZyKOUA;=xoD%s?LZX^0T=Nl$H|g!xM$K
zq5<fH5jV%<(NVV5xe3~cF_?zNcV~PaKqO^orH)^He-kcL<Glte_G<x^$RN-S+LOgm
z2<gU?<1_BPSx>=u5Zb6q2qi6z<Ln;OfH!S@z+1y16d-@pq?q+&pZ7U0fm(tGeiU8s
zRPn{Ez#SH$SbTxlY}CI;AO7Z4|D*$j)La_M7WzL%Ohce71t)vl(uZ*<))IDou{n2n
zvf2-1cZP$olj#C45*DhIzyF?*ufTahM`3r}{_g7k?d<{F9^asF`^ewiixxkcbtLGz
zFn}D*ko66UI@5IEz-3@Ec(Ov0J08{l!CCp|s_-C5pm5%k%6^TO9toh$f;U$uj&H?<
z^pGRzG(SIMGq+Tms>olEi*>>O@bB*lvlh8kOy8i<>t<Du2n-Uw6Ivo;qsb8*GSE7Z
z1Lg$ChIw)S;f+vy0V5}B)dqwNnIwO&a~Suc6YSy74+3SRA1<E1N5|np{j*wP`uKB$
zX_?aV(t+Nv+IE@3adWnboDjvER1OevN3WN0{iEK`mjy-BX&O{v1i>#7=2zrjXVxo3
z(g$H$FjK-mZ(Rudy#nq_F!?9&JU=B3`ofBgeTz*2P)T_A+*czNS0V@JIVtmQA^pK~
zGDb{`XFRN4FOhHXxFBx>Y@}g7v~?eeGNm8Gk>JQowU1=o4g=*zpJ^g$c5xEJb}6MQ
zo5z)YVFa8~ss-1ZPLOx|$SSupWjBcuG4yl+&LBT+&F8c5g5*;Y@cjLB$A$Hc9PnF8
z0cZeu9)?jSNT(c1Rn`kcVNfQnfdx>-Du$<tQi*>~gp&?IA%IB8YZnRny`X#dED-|)
z;+Ppm?59c|69>R2iz$$688EfVw3sNk9Mvl}XxsF|)A<euOn~>(rn5Y(^>F!kyD-L+
z+B)+laf!$E(2qc88*=cA51@Y&7JM{M^FHgACjoREjCd36paV3JK>J^T(>TWi0$Pop
zyZj4~gR?6B#oo9Phr=ZXt6;TFh*Av<7?6AcIi0%W0{m_GgY9qldFLX9+nK04`39+_
zVKWFo)!*l8oj2doA9k);mwP6kxwcv7ub1-5p0)8VUqIJ4&WqC>mfIi26xT=|IKyxu
zKR`+JbzIvKeG_y$2NxPUa)TX@$fZ2a55hfuh~v~c-}2FEn!9s+8y+<oGH9dpta)gz
z=mi!N0%d|O_Ima)bl3S+J)mokxPa!NuqHrna28ab5)Qj8_b1Ib91e>f5}pV2@bL;B
z-d^oLC<EH6o-rXNSZ6kXI1_!S>s9^hP&7-(4^0u>c5Wb+=>_lOGag7_g={j1pjN*k
zs9GK<|4`^l_G=^cAZ`N_8*W??0g~y*fg2~arVl!Qw0NK2Sgf8^Dms%Hu`pll)7<Li
zFCabR=x-Fj4s|^_+-HT=w=Zsu(HQitm^>|1$jBK)ZpE=6g^VQg)*8h_i5+h{H`%SO
zMM1o_>5O1|&qb|sO&+(l3mZx$Ve=r9D|ttyA42l_h9+70eOTr|PF^p63JIxV2p|p`
ztPn_m;M3eHr_W@2m?jEZ35#c$vMKUBtRcjCTk;IQs~iE=7nozdLCU!*S?$vCZ$9a#
zrj{8?tH}jYNJodnv%R;%bF_VN3%g?Q98PnUn-<O(N3PSZB&xr0(yol^jpYk%z{9<l
zZVrz31B|B<Q>{KmI1TtL@t=bNdWJ|@Essf!`Ys80U5|VzWbpA)!A=G-{wxDZYSR@l
zD<H9iAaMf~i?j2ed|dsyUT=mnr8V97+?_r>XD_(d*?8;q28?FEkq6^(et-U6WbK-L
zOV;5njaoLNC$LRAzJ^X|*Yqy!^d+zj*Em{eo&G??eZgir`KInpxGeb;KQT&px5}c7
z-B?bP6;h_k^aQc*)brPYTJ>&GKqtk#sKYH{?2!9RZ}1!Gk=C!{3sR`*)v0v2c*Z}p
z0N(ejBQy|pZdVrG?DOk=!_;%bi`w$hZt!^ee!5CfHo}(X24nQ3BSVn_8%)Ke@7+g#
zj3K4a?Y;rV+#|9w7<o!#;k>ucS+BpCk7lRVET2Nh^JhkX7;?AVg!e6&UunTc*xo-}
zXTH5ZUE<0@r`s@UvqL?!b4~c#EhM!_W-J#%uf~`%S#DkQ5sN|x%+wnOmnFFYxAcYA
zx%HC*-CM~(?t$Tt7tjp3LCUZ~Xi5*z5dS3h8GlW#5A+9AS7>{F<=6Ga@><rjyk$z)
z)rE64PIlP|?A>VF+bLz1<Rd@<)RY6`yvYEJ4R#HL>LWVBQU(i>xJ}zWtsdR2Y#7i^
z)aC{@FF$4htB6~|TejoI<X7CKqM_6ZvHZ3(%m!U$UVwl<w-J&LgQ4R-*WC`?fn9a;
zt8F_s*d4vrwdA_>F#7268POql?7``N7Pv574@(>3g+XJ8{ZaS~w`J_+1zr^>R~+|7
zoAi@>byWZ!osc&$cauIF#Gi?Lyfqhdw9@rrqF1w=wSvnk#{k=}*Xve24nk2AL^c%r
zJMA5iNYRos1?20z1!J~WPJsGSOHj1pBmbEye<B*BGcsAvdjJ&x`|d>Y;FgzwgLYRu
za{8cxkwY69dn(FS=~2@bWOv$nP*bQVj!_@sg2aBbb5S10Te8vZY*QR8YEyW{PSq&4
z(v|$WcIJGNi8X1Uczf4}QuNb`RgXJ1g;?c9&-f=0nRgE6ns8&5I>KJzIpPF@4T4X^
zWu)dK2P`FPjrt~OZ^?p-Ty5Dv>vc-R?{dISE)h8>__79&<un?-@_EBPf#O9WF#EnD
zuyJ`e3}^&!jz}b>KAA)WYfv`@B2#<EfcaGes^Uj-sWL7v?r$dH&t6-+4M(*G9bi0=
z-rGtf|25-X=XEu5D*zheWBxA_DFTGCATcUdAFUcWf+C%_FP3lY{qM8sIT@Ry3h8@)
zJBsey-1<8xSEx*!mYz0u??6=0)O(YZw5}Y&sFOdZM_uIdPb%fjd5W>?r#<Uv)AdSy
z`;}r?7ox5D_EZ+cSv<xUQc92f{DNXGo3(Yf6tDYGvB4z+=*y0fgH_o60)W_;ZEi~y
z1F_fplG1CI53!p?!dyO9V4tOc4ob0&DI8*nC5E(gu6}XzJaA!wPkNNZ=o9MASrnvb
zd><i{jV%e{ZH%Y6RZ8|y@ht4q81M}-J1a;s|4JfNmX0j(k{SiO@Au&l^!_A~P76w~
z7wdxnDJhM`C#v`)BqRhUypDXyCodTj0hIIK>0J+@SUOg%)cAdl<~||SyI+U57g>EL
z%3$OTxZ~a;Lq9Rzu^`9jyXkEct)}o|hHZf=;WQ<G;-yUF<bhyzKTS?sAHAj8(+B+!
znqz_<6>Nks48K927NATiv2eX_QA0+1y0O^1sR&d-UhsC26D5KD?1mfPnXOs7hcWaz
z-@)d%1X>1|Zu>#opF2|8E{WLPf|-o($q#AzWo49brd#Eip_5YgFr7$#h}V=St`)6L
znOse`bTSX;n0ppq{pD7!f?kV3o8Y~xTD5J<p)_*kY&H4l#+O>U{=Es3aR2j}%X05I
zTgYJ>{${*_iBY*HE?ef40-7XYgu|=4iw-(?_h>iKQ11@*`5BT*)#od?yz1}qtb;mR
z#*!(_H53?V1)7CupKq<^wVoKZo~Ttrpp~~f{;zG9Zd-F_y>>OqS6lEumtw9@JBl-5
z)vDBc-8|cmZZf~U=XxXWS#qRaX3Au~kedDksT3)+$>%;t$VByCXYy_6bBKs??$m5&
ziKFcLKF!zyB$<cJL7Z^vI=^C}&J``^xSPf<)}%i%HA51&YnxaTfew1q10X4*Lj-$;
zYDniV?`DKwu6`n38cB^{kd%Rlg3UGhgKepm)O@an4zLqL)EN0}ms~C{21(1gf2F9<
zQk2Bn@8G2yr9=e5N^mq_Fj+u1lrpRUBG9&*rSwvXeDA4?XH1<Jn{M3cucO*TtRP3<
zQA$h+NKtz!y@;czpd~jN;BFc&EuVo(hcHJKBN`m_1usptf<lW@t=kD*cGJ~QM#sCA
zSFQV-txEZBj&8aAGm&z2FAo6rhRkQU(HgXjzWe+=IGZBm=Vn#65BUsb=~_i##c%O(
zvX@Ox&#b?BLEPihn`ZHpFZa=I^$He{B5Xl8Md+eq8&ggd5;Z@3E6KS+47v8slujaB
zW-;lD*1@@GD6ok6?Ehx;CVjf=Y#p1`njMpZnz`vB1k9~zpbQ*J@)k<uziWf1pf&(_
zx^KWI6GSLzOx9Qd;W5gE<(Ue$PZz!;e3MSVffRGbH|P>$`=&Wmu(OWycxrt&LsMK0
ztY?&tkIT-{=_=t-JPQxqyJ3I!mEX);WAZFZI`I}Zc$8Qv=p&|-ZY&*V7LFNM%*aIX
z!0Q8(e)G$#rQM%*JvRXv7G2ouWQ_V)e#Dr0_lsKD$x0dz^ID^@N&3|NU}6f{IO+>s
zJcJ_H&E+7F#v%|qbge~K0)|X+?P)E*bA)?GbsfxKft<}7$Th6C1?D`TFKgYPE}mH|
z*^ASRQ;6zqsymheDZ$C<*RE0UMyP1}0)}3Jt}OFSq7lgp60_asNi%>sOQ8_byy@<=
zp9z?coF*ve6<hqOmM1Ve%$tdPBy?i7NHC$?we3~8B;ME#>-c<G^mTprgSQW*CR>8V
z%&O4$`nOf`XY3*?*Vae!ETkm4WVIYXP`A;yEWD2&a~Fe{DT3LgpDe%ibbn%^ZPf;J
z|C=rC(l1lM1bWzfaaadKWvx&rOg@ngGLf$-yLSnvUo@W=i%lU!8;izvlFg#;^4o7n
zQj>Ck8iX<9ts%C#^VVe3Dog;6;&f}wN3Ci{Rt~IXv0J0CyX|U!0zgmPCtMne5j;9A
zfdvmJe*n+cc^nP}P&-co1OAuW?{dHN)6ejqe<K~sQ<mJ*t#x|jSD>>x*f4b8H%LtB
zV~YRPz%Q25Q6Z4y6MW^vJ+ITQ_V-N}ZvBZBz%XKkib#2!*l^@xeRKMg=N?MY)v?nq
zcjrU*vz^q!hIp!F#mxRM(IXehk^9o2A8Q~=SCg7=DhrZ!&Z_^@QH%q#9a<ndgh-4F
z7W@WMF!T)=vq)>rL3+uzxr(8T?fYi+J6e023Xqie1_7u#0+(nKm8jOc#_fdb{mf}-
z8UE<^F7XI0wQL*l^7b)8oc(v~B-V8o6h>V~iGf++xX;d|8|_U7u=wTN&kwAHFRxp;
zjJijk5LHaWFw4aU<{#5bvCcqVQ_|~7s%`5#19i0T;VNB|8W@_{2QM)Vf|)jfOnpM7
z6;^Gn$Hi)ik{pjIn78dXob|uI1mLV`-?U93MlV>d5Q*|b4$wBBkWCg+`$1OYyq{b&
z?JQj5#Nn{<YD_s`z_^behy^H&08XvxV)F(1mCFkV48cx|;MVpw4Bd*1LmDHTYNyog
z+J(UQa=;1`tRiO^7Ii@I$Pz%Nn5^U#owSqhQpgCTTYc9TuZ--mH<A$?<9m`=3Q!-J
z$~1f$XqJ9D29;vF)Tz~KXZTlz?^2|6QAC^`lgR~SF@89F6`fd}m{aSGV;8z<B5&PR
zqq?!Wq6;hKv}~6Sg=CZKnz7_RA}(>cMWF{mjlo==elkb3P|y$fL2W_;+d48N@oHDz
zrtsZ+jnzSAHCuIDSftU~{NBmY;t81{OylXTruA4xBB#AXt}z}1Oz4_0lGaS&@~u{`
z+K1C=i`N^gz;Ezmr>v;GQjTYGqEY<#!N&GD>QKA6_>jNB_g3P5>tu1ii^5BMLjGVJ
z8nE>06rsIPZ-Lhr2aW1sr2Yh)o{48>n;~@lVW2aZf&v)ZmqI$3T3d#Q+f7MLq)ff8
z!~`>(b*a{2rwWA`Am#U1jgCaFta5i}XzV^61V0AE^2i@11IekjhK)9lwYYGY%FP_F
z-O|-d`NY8{Tx4{X`gfLZ5Mn@R&rBw#JQUDwyf+46X%;CxOHnE0?|<Nn<n58qK#99(
zwNNe0?QEIF>+ZyDVqdGhpXB^QCaH48tHBzd>s`@IU9wYb(yj63LYcaKj@E_pRFb}M
z0A`AHgTDautXw+^lyWG38O@t4#uC9LJXS=F_P-YH`rMxxh5%GD{$(ES7OC8Niq5N!
ziw47=KbwX%UhwY_usJY-9;Ay?Q=sx5ozzNy{foTQ2K5dK%aofj+88L+WOM6L^Rxa}
z19^)cz<Rn2bdb2j{1vcwDzVw!&rw)huXomJO$z4;$Yu9_8u^<*j$P|rM<`MtEgO#K
z&rR-I7SrUO-y|}9?Ze_<C`{sqd>%&;%z&a{^q<(L^hDFhf+Yo))3jFIqf1v=wdy>L
zjQHLL_cMBfU=cA=ifb6N{mp9weTu%`OJQgjf2z^|twL!A931W|GJ|Q$0a>1E>w$UR
z<Ce39>J^p|FOvP+zFuO`LpUI-Oza=mTnA~YLk4GnPB(7gGG6w{bE4qJ#>RV`w~o=q
z%dk^j>yDihZsv>a8+Lox*6KZ5nCRNc%+7g!-Yp}4?&=s5qx}u?yQ>^xW4;sjvV6_T
z;btV#lKA3fitZTmN$k!KcW)l%s+>XKWcD+@iYtm6KUQ78AmfXtPTeADar@TwPjhe9
zkBpObFUX`;7Dzx|h?(OB@PXRELaMWNdtV~N`y961p5MzK<4r;;1_$fx(BYg5Tv}86
zRf2B#$met5TYT|P{Cb>BWNPWZd4qv9h-AXC=kkhP9BS%(BqLo#Z9-nL@+yJC9Pnjf
zpEl?1Mh0!K%~j>Ze5$@{yZcGFRw7CF_z`d1dW;`PQaz@VDjS9n4bT`|pYVpH%mwzv
zUu0lXY1<O<J$lL&lI%{OP!wsWT0`QgUS(~MzC&R--uo0xg98$syLQj`O$C6~fgPup
z+ZvEL7~~-}w?jAAZ`tu-s^_CYOK{_bwdWJ@k0r;!wsGGo@os$;%>Wp#LV^`PbhStP
z{WPf2y{R5Ti!v&Kl+)8sV9=HVyLVrL^t*og{h*y3$CW_+`|iE3L{BfQ9bu*TaRdD5
z*T3SlC)$JY29N@Wg!TFMUG-_qhF>z@s+JlL>m2@)#;9rI#0~!Z{LIhOIkPv8N-^`+
zH{<eN-B_;5P@81qBs8ZpXt{$>i&HbHQKfyMLHHH5PF>X#xx@Vwz>Cbb8oq6S#pfvH
zZ~YvO(@z%*{c&kg*u^ZiqhwU0oJurTJ5|^suMf-R6YG%0EsUg7m2tZ1-5l|^B6AFW
ze2b0CGc{I<3bxWRfHZPv-&}L^0s%WN43zycZ~eFx*SEvQPL=tOLAd6_U07#JWvUf6
zIs4Xxb*@g>IB$K!1yD7+=_>vD25!?o;{%{`s$5#1TrPXafp(vq$cnw}Rq362i<o}@
zg{xDk0kUiD;Vf&&W(BMZd-2pGgp++<Wvwv|25q?jbigk8heWJj=(TJdly`V!Jh=z2
zPij1a9;Dr%V87})X#{<_Tw(HDTd>FkVf>mq8tn6G5zvd%V1y)x<nn_OBBy1e^d#&3
ziljoFb<bL#KZ7)WRA~h6L;W=R5_=eIvEjaEY&IHHl@@PeHT3g@QSMpFvR|8N#lx;>
zfA_OJv%tnG7kLWXG!a0&e#GUv<f~7_D{q1eIOJA^f-Pc4JcC!MOSE!{Z0}1vy5uu9
zQ?6_CYiu<881^^3=fa@YuNpd5ih%6Jbdgt5vS_<u_dWy5gf1RF1y*kXf0^Y8Rg}Ba
zZ52>?+H9ZCzG%3)491JK>(bUmc3$cDOk~?>TyY~XcbkyJuL8NHgvS9TUSq!eJpSy{
z-hz}rT0)DHGv{w>jY}K*S!1x=(>$%l`~%h9Tv?WFXRYy_i`?l)qZfGU6V^1#l_jv2
z>%8c7u3jB}gdx60j!g@f^Nq)Ic<l&@J`L#K-2L#G>>||`dT8@tDXEJs{v3E;XSQJB
z(C<&kAh@ppilUJ>f*y6{`Itgu(PWZ}AGDQ_T;sgcg>L9Q>t+!))}az*3s-A5(A!pf
z?OlJ2nSwH4E<kz*yRQ{H?xYm^{Kh2`Nq^%K0R@@AS1p^3^})6c)!T@7%}au07mT0t
zsmT7AAGZ=AfX91<9hd*AE=hZ|U1gqLyXGaG>S|Alt_HE(aj0()L)`&c@fSwW9Wu{^
zK4;%l)mMKJS~T0CVl#R+xi9qnwUXN0f$_zM|3lkbM^)MNYoi7Vh)M}aHz+M3(nuqv
zA}t-#9a3wFfV6;0gGdNScf(RrKtQ@#(%rdObtXQK&%5`2_x{fQ#yID%HDIi`?|IMp
z%j<VtoMB3)nIo8k6i3v8AgD69q5yy*-U(Cjoz3@{ViPr8N32EA@cc9#`tfH`O3m6d
zq9XJ8r81LvxDjsz%hj8!JNq%BI>pnOXvyOcelBN=4Rej)Ji&-x={$z|6TBD!Ks#|Z
z7qYW8Me~G!dO$1D`sj3x?+2HC^Ifi608K7mqR_n5P1xl}%(lO`!7$wfGBDLq7ognb
zf-#Ig39uIlqZf6>>p;zUdSmiq06?$dLF7uH+k?A>P!3_{KIEl3+Sv2hq=dH+0|pD`
zQK$s<H1UTg+i(g3$)qJA>9Qm#si117sr>s(xy`qG2~9k_+Ul!lB}+nXQd&@qxXgiY
z^x8%wugLI<L)MGvZTF?_^kaMNm6Eu<0$jIgO7b+rTIYc7gc1`eikD?ag{8Fy>bfna
z13bp`V(!*X#?vE)YUkW$*QU2F4>7HOV~dcQthRB0y;1m#NCy>I(=?8x2PeF?5+@S2
zRgF8`hy+avh-xC=TL`(#MY6*y1BNa0^V1^5<P;)1*<C}6sm|nV`99+QKDO|>R7aQX
z9T<K00SFl(9)0AcThdW5>jAUjW?4mV!mkG}q_L2T8(B%=s3r(*IhNa?ItOsa^f(fp
ze2c3XIQ83tjci1_O`V}}cg#)I==aP5D}3EnTpMTV+;ljeXNOK#fr*?w?Y-w&_H;vq
zeNX|k)8FNQ<A`VqDWwJ9`s<W~Lt9f`p-^FaA|`_u-{>gt1fkK+*FCRhqL+IO9)H#`
zimj?>SoC&#F%|stb5EnHeJls4a_x)Rwe6a=ygn8Q1hXs%Q7Eknx<;$?u_+*ls(2o<
zn9zN8ytZZX<rJ105Oqa1QMd6_Wq<O!#0*>E0M|>aD21cvSP0%5&XsKmAN+y?#AmX7
zBMILJ(=ZqM!dWPXDHGOlXF(w`uVa1Vh1@k#?<gSN{mrbnJz-`cVfR#w>q}`4s<D(m
zYn1S%+UwvRKf=6_OINNvUEwj@;w{~++RscmB49Q(Q$0glE}s=t2$BLL@HO7Y=MZr9
z-!pzu@3FNxc%}Nbn8_~&Z>QE1Ge7RZz_{bfE?6f^j4m48N>f-2U*qa+D=IeD(~}}-
z+pE||j;-(PNCO3qPSv=wNoaBB`q9)isL;)$FUD9uk0tvh)RO0AZ_FBcr5;^}T|rsB
z9@#U{!_Hy!xt*5Ih(nKG{796?CuKdv2XbxxipG73%kL5-*j3Z+%jRtK>jGI$t}((H
z@Atnhtz-5m$~-+43gbW_UTvBg&AffZx64Bk*qQ>=^Q#LlUdQb?Id<D(izKCXSyU}J
zBT?lh>%-MTDEXF!9$^6K35bdNZGxsLIS=|x`Nl){&bxi7vcLiKnlbrmrveu0=OT)I
zf^r3al|{><07p((o{QJksBHb)g<~+>!p?p0r5d2?m?+RA)tD^3&ufI9<0H2Xjy30H
z$(Q%$IU6XJOP#-60>V{$AxZg)*vc~#wUQo#X<O{kJ{Mhz(1uEb^BZ`O9VgdZneX$P
z3qdO1nH6aa7uN|Ia)U>{gtcg;_!PV=`sKbeJ7ffDdC9oxT%LTo-LRuff%6;|TTr9X
z7I?PbPd7}h2YdY6y5t?yh++?e9~x8KPik;`tnCc!%DT2!YLUY3RP9U~qHFt`ckH{O
zCNOO>k|9!XpjcAql@9p;2Jp-->TGCp9~u%<MSnklucN$-bZI4QvjZ*138@50Mpf+|
zLAY*Pxs<v6lxOt~TB@CBaeW?s>+WYxd5^6{dh^XmO~SK4ZiyMqX}v`24`b;FJ4;kP
z);_7mtK_3AV_Xqo>4@^j9rW2T@%*gumw}KLelw30%eH%2iUR;~Vo`HIAbc?6J6?!W
zmS+y~d7jn*!!{q^m-Lhe>4xKi_QOj0y-R)YCSMJ_JIxtCe`+0<-PzFEd|J_)%e}Qm
zQ>H(gQGUT`H`7I9Z}5_V*rH37)7WUn6=qX90<IpNJn69@f<q_R4EsR}8JmwCJVU@N
zOR-;a-ttxB@uFfhoeHNKzzcpdhBn!25I$phys$IobYY2zX8@5Z;&Yg%i>IMR8Ep3h
zB(&Fb5?6xr(ClZP@L6e(DLV;_5$y5=HuM(T)w8qKF%C#fhLNjFb<D<1af5DjZ9BWG
zaKseyWXBv9VlnXI9BR}zBj$b>n)Uha%Gqy|Gq$6l_pI$iv@d`=e%~w84STs4UT5eu
z6=0oiEIzjbB{y~XMbXeaTdr&mW8flh=DH%{XA}|=GC;KlPx!TiSb3i77-qhmI#Fpi
zroO`UaN@1K={#WPSe=7Iso#PD3Oo1H-F_bA)oWg36UHwC#;LlWGjc2u=`=p;8}(C(
z<6tf6N$r4bDO|77E1Pp51Lj4+%an=0sUSRLjpno=g8Np%R~Xdyc%6AB%x&`2#oX}i
zMT6_ydga+%Esn{s)O)QwMvF%gZ)Hphxb9NnlbR3y4rbaXH*-ghaF1sCw<>gQc=YF<
zwQgTC_APod{TzTlij1nBZoNy_o*Ls6aQkCa{A=nVxzTXd>GiX~W{9~JT6L!)X(2a3
z$Hf?m&0omvM(nSlkW=fZlh0~i-j@cT1!GQG&4_MzU18FZ80QLa4gL26UjAaZcBhji
zIs~D|4FXKlDzr2nX;LeYKD}dvdRgh&ONB&xPW4Mt&^Z|0B7YrC=_5Ap3c{HgiIC8Q
zfzuOa*pG~6&L+?e*k6#;#n*<xijIwWot6;+?51Ww<2FxeAd{p&;4*H|SXLNMUg1Zm
zPq20~_D7#olYg7J<nJ>2ZB9e!Yo=tv_pgG9u#4oR=4&{iQSa%@&#?pndD7A|ujHN?
zD@4+8&jgeQf7+fACAj#_FeJyI%5h;J?%<~>bDKehUa)+WVhfp`a6=WLR+sM%RJzIz
z#v?4DC;t?I7+Mb$YT|KnDM0HGRET3{o9ZKQBZO&^{Tdu4e2`o9{M_zGw)zeCr%hoT
z{Q$py-OJgg*QUNSj6M}~;{x7qJv6@kyxRS)!))U~b2KwPDch~l4tu9f;2JyI_rvtZ
zLyLhi?bHadv@+G?Et$t~73K#=iM5D67Iwi%kZemHerk}hBwgmx9}FBpWQ|!`n#z`R
z+KMyvLkkX!jmHIjn3K7`MbZgq>knAi@oh;uExcwABqBZ{BM9d*v5K7qIGoibe#@<R
z*fG#7*UVLQz1tb_cCFo@j^h?F(+3jPN8fwFu<&_zJ_F3L0_t?J2IuLItGD)EfT{`1
zhtCz%TGq!i(l+J)E)voN*_UX4c|`9&{A~M0!ZIMbt2ueOUdg*9L-#@_jB68J+56%H
zy9QkneD!pklO#6uBUU*$xb0iuo2UA{`9<sf02F*)h<4S~s|G=cK6lCFwGMXZ&LK(W
zYl^lOQCwy_ErpiGk4<M!XB(>*K66DT6SJKSHg6^#cj_g6_MD+u*}CO|Nh2aRzf5`Q
z9;A946k(6)8rsJ`SgIua95Z&>OXPhlhOUF))?<n9s#+KYG-90n{nQig8ontGryxoV
ze%S~YVbS=QdUaoDaiT}cEhxsmhK+?<+#;`%!<6N^XE7(y0UVAwZ!w<wo4VolqfH~M
z?P<5xU>bK*O5@`g0(##ii#>sULWl|MRnvwZBYeYmBmnkmYjFB9<4Xh9wg=6PKR;hX
zx?#TXuWQ!)@&gnLR6?$`=U|2J<ZM1v3<N_6dHj`60DHT3b|3Cl_`EE&*cg_>-cvh*
z>|f<kEi`JnYU$5YAPyfR5bo)Vf8ybl>ql2eF)t`_{WhP{tog1-mZF!A&g$7&a4g@w
z95iPC<gWmu9<!?-l?+B$nI{ebjxYH1kRZe{l150sHundMalCoNr#{|gJqKf_A3xBr
zI0R`ZT<W~Qv6m8NU<iG@)LWds=6~M}b-2&5y|DwAMq#Q&v0CZ9epfTG+9hxW^l==_
zO%G%@+I_~3Qa@LW<&0rPZ{gi%ga;M+v+GB#wn(mIjXRArXCyqB{fM3jvgQv59~5V#
z%6)%<viabrhq8+*>fLUyLBCE5^6_lBN3sA8*G4)WAp%4}o5fqENFQ^;50fl8wfvSL
zd$nGi+FUZfapDM?=JKf-dnihbdoc|pGNMtT5#aROld+ML%r1NkhuQ_Tw;>MZx<%%#
z==3lB1(F%T8NQ(;_b~Cke~x?W=JvN9YNyc*FL)7egSo}MJ=i`h99Q_Qqh~FVl)Jep
zeh46Pet*0@!M*SibBZ+C%F5{t@`%OKIZ}<F+Y@64ePRwIfgvDdi<-XfVqjnPrs%%&
zc*P6CUW{!H$amL6j+hzkQNvwS<SSo5S<QB`u<l2*&4Pk{v)>mE4k<8~%H0-m!y*+~
zdd@=fa`%-iod&h7DKmd?Sgbe7{k|3X{UfmI{VnT&%Ivdz%t4DhoM<k8Ol0v^eCgS>
z2wfUa0<T=RWxu7E_I1<%r$9rg>C)-iR>4cTk67&$So4K;C$WwAZ47lkG=6-t2KhrC
z)r&Cl{>(3AhbiM~A<+Bs^z(=9wei=3G2bp<r>J^{UKikB1}O*<WwJfO(dHHzSiuJr
zjD_<szB?0!m_6^q1|kbKr5I_v>HSH=jEV;l!En&^ia)xIz9)u_THj|asw85lvOy;O
z@Bv6z(}`_{Cd^sN{&<BL9XV6Qm0m`f=WX$A0KBD^COV0e`uw}CxAB?veU0-H+<ARr
zo-2m-f%B_~JF`lO!k*J|cjuR0gZ?D6ZS-0%9;v?#+}qwh<8GL9K^q~}M^avc#;0}V
zGw+rF(&;m&@(O>W!|@qK=$;oTc^tv5(k8WT-h@)E5rBnyRP&1$f56O?(P;TA!HO|Z
zY~@n*ylI8pc^*A^ymCexiYf3!2xJC_0o$;;uq)Je^2RUv`?rbt+qnp4RY5Uq9c@Jh
zs9b!ul;**X9l@*t;r5^_k5ff~Y&F%p{Rx#8fgBCDB-rnE%0cUDbg;?_Nk12CZ(Qq_
zn-8L#wbCDXKW_18DE&aAB(g}j{CnJv#Hr6c+eJK4-{Z)Sta*Eh9I60hOi*b83C*B(
z1eFhk7CFpKHN=lcFvwTkRdLgn2NGR;bg{*$H^e@%u8*2TL9qGAE6twnTa(J1HWBL^
z6bdbEiMz-i%b&!FCLU<UCz);g?cAO^{qbiWd!_?sW?R`=4qI)j4N)OBRsOVbNk}N?
z0Xq>4iZOukldEqWz^&2h^suB_5I+=byzoiyrIBiC3`bT#vbuM3lfbE5fz39L)Fxqk
z?S`g~rt<vc_G?@*u5e}~N??9PBl)ky0s<0?bN}xT)x~8l0lk%$Hm}()8i3u9xrzNc
zwP@lyJUawHHNRJ*o{`d9df}n^+t*`Z2V>I*oUB}naFs`ir}GgaLF@@e`*l<$3u@{2
zN9HVT(~?HO>Ty1XLw(Xh17E3w;pH@iw)Qw4hHB8mH#0lO^4XL165<DNu7sxeSmXaj
z(=psXCn+Xwm#$;_6*3_ka^2HLyJp;~vUIJeQ6*TC1)S`ncJ`t?p!ZE@N5=ulP8ahX
zWsM%e_;U73J)IDu!ex#yv^72HOKTX;Xj02&5|Bb_f}!-YY)j5M%gWNPJgsL01;kzN
z*()f_O^3ARt{rs8Nv(xCOC7fo!lzC|6o*?BEUu9<ADpg<U#jBU=x@nSmhuADspsmp
z3_u&a@ZzP4L}W$7H(TDsE#%ge%oBTK4AQV?EjbnKl0qMWGOIKoe27nZA1oyIqM(w4
zK7#L2+*!XZNrSV+i4_=VDe9iz`|IH1&VQr1Y}yRyV~@WtCpwd!1~0Syyi+lOaC(-&
zYr|#hy@Nin98D5{ec1Ly+&J;v61}EUgKu#LP^nYgGNRGnexFCS{wXH{&Tk$L+OH=b
zt)A`~--et};UBDzLDTaIIC1P}ygClQJiWb8!Z$E>+!Pg6#B-BMTu%2xA6La&Dxufv
zA0Ny;{jqt}zkWLL?&mHs^XGy`o?^gcKH+JZ0{E?`Bl*=7vg29<*<lNpN1+MfAAvp)
zU|_)>LF6j=VyA8nA1Ts@@a_RJ!Y2vEGw0M_gJvR9q4T)Ue0CKR^AZ+nOAbJpLTU>2
zt6ut>O!@cOrUt`8xpnf+v0}0o><G55R%c6&94lR!ZdhyYIFTP`c)@>t_%7pjOftV^
zAD6r^P(z9%q^xn8VhdVl%vX+1Z~h4FivwL3)N7m&P<yWRpkH~;^LQ$jTQ&88Y2)c^
zox=l~=4R1!gH$kZw764uSJS?D^5sPd^Nz@8O0^_bUVWST(cG`q68T1#kge<J+*rOR
zXpA#mXi4!Lvwq_D`BX3-^@MzH|4M}ULR*yGjt~EyiA2atk%+*79pkLMDT0X5W{4?^
zY9u}kcDSeD4ubK^CpC3MmO4I5WD_1UPhW0mOyLdq=p}92<Lk18OPzO)EtfIyZWMmo
z4*f{;#F3bgXGOa9SV`j%eCjM|)=8jK1B8(4X9zH#_XI8pxW&gbDnMBM16q={&m1^`
zF{p!3d+;(L3J@<m(Q0wgg$Mni=~6cNSgYTGJkqABaUCXxnJuQ*o;nHf;M>nfDzbuZ
z!*J`H=onrhr<r=KYxDJ<9=xiR-Tmu{g%GI07OZA}wj&qti);I0P$EeZYRT@$33iCv
zT!*_2YE@3hs39ap-i}n0dfP*3b|TW?u>KeQJdiR{!^W3S=<_82v8WlP(_ov`#7y&o
z9!tX=?6WrBy1P56@E_HKSK6#hncNJh=^il>u_Y(T+`0TW?iO=?#4!niIx=WJ*OOKw
z<MHVHmNtG%qnt*>zAp|D9l7o4&#tLc32hEfAI=>I)3)^%o|9<q7iB#!miqeZ`t8fi
z4|3Gbu@I?Vu^<XpH8r!KlcEis2-a)5`4(AGn!g<FMyoLO1e6k&PAQ{?;J6#wlOXH&
z*Bck4%6g(dTG&7E)3kM~VO)QpG(&cCYL+SX9<(S@iimLe7HM-IIj43iz|G2Qv>9|a
zKJFnD60rErFk>D~Egb)rRwA>U8lrI6Vzf0D%(o|z!sjxW9d<Y*pi*OhF{)%Gj1;@V
zv<k{zE&7W%xCJWOJ=8L#fCsUOO3?mJyQ}@hl>$BEda@2`{DWHWYW-8d`su5I0zvXn
zbJIn_Sg)X}RpH<f>zgX%y!`GV_Qz-D9w;)vbV{CH`N4mRk&6`oa5xvv=poh*T!(Ml
zT-gFp&z70bTa3XUJMFPYqKCC5V>{AE#!h1VL1EJnhGMC+2Yz82E7<ei205?M>eC<L
ze6gGdmY4=Xs;@Xs<egfYvEPiVdeg0@cGwF|D|W-V?d&HjpXiDko0i1y;3h*+WvA*D
zO~a+`T_lr0uFoIV5LyCSh>~90;w{~Z8h2frfV7`G!HRlzZUTXYczJLbpaf>9-rfKx
z0yzw1d-_Y0$~o6g^em9+NWu(#3lvmtOw7dn?KT@lJ!W&BebMZ(ns1M=tI4Ax3l6g<
z+sR_<z2i_{DN5e@k}o*y%?(jjg%P;1`b^}m8s`S#^aPEF>tld<T9RP)9a$ZzXt>o5
zz32JbZ|)s;u-De0@^j|&+i!bqk@-&rPO#b#81DQ@v@Lw|ERCvRLZe_qXZEZgUhvUq
za|G$Id<q(5)9FXlT5qI!G3NpEk)&=|${MJP);xhSzk?-170}M=0`-`J{a6o-$jJcQ
zVFYU2O&N6_H`n~9V;5||caZn{*j4)+uX7gmuEciWFZU&J?`(+7tYW%2q>9IEOZU+Z
zRoK~XU+NSRHmW6aUhXE}qe|ZkeBD`-!jmhhR_>TJ?@LGM+_A6+c&j*OnV>}9*7ZTu
zgKE!gj-|EAR-;9(+0!56?K?NHe$``jH(i)HO^;#z5d~37a2TrP#p*g)C74vwRlVMp
zEkpY^WbxN|ac(c3_c3yWkl9OWGYbq2TqAH=IMJ>FMu1$QkY_U=11jsOkHS(G!R*{)
zFhm^08W8zG(1xVSpkA4Zd3sT#fnSS&I`*z=rPrWb8#NS~FId56_Y5XQPyp&!OM~w%
zRUB6qyGT9v-q{L2J_y-};2@y3qATR2!vHK5HsJX<s?iXa<4I<aKVD<$(Ng4^(Mm7}
z5#_;H_vz(56ZNPW1n4fqNivhYEcefg2YH}b_FW{snRej7I9xBBBEb-FcCiChR}WvW
z@pszi0CvOrLwEF~&?IQ7Mu<5TENw+yxzjT0Ke0}3;B21JJ1<XQGgV#WXy?WL!;J?}
z3=P1K)28lC7C&1fW4vk0=;bh78vrJjtUmNU10fL%8&G;nzsKsX`$r<ya_SdZpNusS
z7qMWlJgWQ(mzvYgd-C3yQR+yHVm#k~cZ^lBRG-JosnOuDP21G=Cw&>8N)^73>Hr22
z#jU9-kJ&8`vBU$o-2zi!4f2JTha3*n%fYRlcT236gUrzrFvcuAWi?Qz5p}Pvd^KNi
zh26Mcs;P`l0y)m@1{AguK|xCoPRqELct<sof>$z%S}Jy2t0<Ol`Y)FyrMt=I*ZskU
z|871$sb;p)-RB{MWd;f7vkbIip2OcVUjoEudxY10&UppG(axxJ7CMg4{1!cdqlQ;}
z$`eE3#%G0lQjVVJhgI29ztTl5`S&i@0){pYuY;z&>ADIn?N*I~Ew|5B+t?x$gz%5!
zl1+rL=o><JN1@PWEQmU@GR{EInNYKTUUeEnn%>`b!d`Yk-(R<r+t)eh-#jw@KRYXW
zaf`&6hG60C^AQ|gVV|CreuxJ)kAU>(9=Cq&D@prlIc*zvtVLY9l>gC(vCWg3^KftH
zOMjz=Va<fuJQ&%uI6hn(RE{`lG(F^h_v3K${H!B#$H@MZ@7grYg`iKeFJ1<^2V$m~
zB&;1|<QPPaWo_v)Md2s+i)Db}#eOWPi2S4Y@;S?B*qgt}OQogRKRHStR+@BxqXQ`w
zdHGX1A;+lT$$P5%l}V+?7WW1Wy%VnaEAbte^oH2psCY>YGiBs<Ig8Z$aOa84*%F{}
z6SRI+-AUg2p1tIBZ&J~*R7IPdYVF&4OR-S`-3qQ5fFEU#*$y*QH@29rsLy?L*rt(4
zsmy6}>^#kQoX|&0bG)Y@&-ml?G>Na(+EkYJ*G@~0(Ww3O`rgpgjb~W2p03sbICz?Z
zwu^jCVv_BbMWC78EeasBv{(DljT)o4I8*0(yd<st<!M~9xGz!XrT1XSSc!nC(L~5%
z_ktOx!mNzN4`a>+!nQyWW;Q_9LrmBh^61`I<~bRc?=cS#3j$Ky!L*7cM(l)B)E<Cv
zNUAWEMJS#{`N{L<`q`141Q<BG83ig8%M&$D^gw>Rl@D9FCh+;_J84VQzV)2?#GOQ&
zbnaL!NL6^@_E!u&pbETM|E!3h!d*C!hf<A2mlpe{erIqDU~1$cq8^*S7*Koz4khw_
zpm~*reey8T`uJ>ttWfi+A&_C~u^duLyghLM|NQ<czI|7TS9-H+v~UD*{!6(%oh=dQ
z*(AomY3wr)p6!}fNw{Vgni5sSSl)gI^0k}XdaBxHYt%JyJp{P2?*8o*y~lk4GqE=)
z#g(?gfA*UI2=|%ukkx&c!#778?U#d=ZkpQ;9lJH`a^EH=t-I$DjrsKreyBG!dULA)
z**{g|q^Wp0f}kWEDZ~1cpQMA+G_zcA<#FBkuet}GslAWPpOLaPGrd)-c+uIB=HU#P
z`1L-%Xt6XB0xjob03xq##npN*(E!eiiv#E!0h4<{w;;1A69g*q>)QC6k`2QAhyLdp
z*y-<B)K!5j&pXFW#q0FT`!b(7R<?)W$8~h)er{QV0fK#LfZeTzth`MxSzDj<T<J4h
z|A`SuFq`c&Ztvd&k>;nrs>RSzr)QLy%6+8R&jaI~gc27hl0Fo8JUG+2$FmxPGyT^*
zvE<C@_&iheK>3@3>Jo+V`cv;nz@BoO4u~#1k1)MwanCd^IdA~|UJH^>AAmVLLQdIY
zNA?7es7LsufFS`ChbE0omR7jI$Y&Ny|8?0PNocZjmU*Jsb=bs4w2{p}H6m%%TWtHM
zx?r+c{{GcDE_Fc?w)IRoa+ZCk9+Rt|3BVvHK*W$cZ8H8nEiElae4aOseDo=uQ%@X~
zuKiH>q#|eYEePx-RL$m8bKe#h7rr#zUm#EazK>$|E`QI-ndNeZH0jN|X*^VT3_VQb
z4f1HY{`7%`AOxKO2Nc~l6NBwH4J+zPHy$T_Q*dFtZ3D2z({7uqPtN8EQi$X%w}xuc
z-N`yLgZn3|UA#**|3+#7>YU=m!{FW$tKMutTApY1`q&0Ev}p-`pHo^<`yisXR-Zw&
zO18FiJ;SRr_a(!M#xuR~(BD0!n)=c%T);ZVHQeAOwN|Z);rl2a)(sF+08Sn2_N$W~
z`pHH!_hlO487fWEp9;N;_A=_ZZMl11@P#ta{h&O8{hc4Xjscjz&D?9EEPEasaB>^m
zxx(2OdlI50oyKC{v8r(R+Om9d7RIUK^IiTyNhSGX!~w8CyvThR=&%O%b1s6hcssne
z+8E58txtb0*qj9IJh_>J=k<tU-BO>08!4Q90GufgK$@Oi=B(ekPdy^+nrmIbKwG)<
zfUU1`%cJzBxTB*pTHq|NfFb^kXyM{MBx3fAc8+6I(<DI5fKP~oO(7V8?Grm{_h6<3
zV_ebNB}Qxf9{@Me1XK#p#stUn=q<kM6!~@y>d9<eZ7*_m&`l=lc^K+8BI$sflx&zT
zI_VQDSJ&Vbx_<jXsL{(gd9zr5Uq*~Gxv_{>_t-&n&)!QgMa08(kQ1lv*cnaDSu`p#
zMoB!iZiJbv+8Ay!c#)ob=!xwCn~U8waTj`Ad}%g(9!X#SupS2|R)OdWsl5EHC*Mvv
z!!sEkd3i~Q%4cs7UwRZW$Y9CLLHj7&y#|9y7f8@s-kzaus5qHDseN&}yS=&DmbBB?
zr|!3sYAQPi8uMfj1p9Q`IqyO1FUHoknt^;Hpx6*76TD3}f1T>V1<&n6Ys1)mA?xw+
z+qn8R<(m_nH$i_2cdX1o(0(^o)e04VSCc%s#`<otu+t<CDO;q#Hsath5?c$o?BWZw
zviW?ERiRI+TI@!A2tO7**IT^j)ko74cs;*Ewjk;VjA{_{4u0qwWK}WQo}QwX11P0n
z&@~Uc%;63XPXrAi88$zj@v}g#q)@!TtAu2eyd}?@FLh~V6D8-}q!q`L@Ns`XV2^#H
zFKM}Hfhrk-OebPji{TSjhd(grVyPn&^BN#I;R}n1FKeISeJGur4C6F}SM4N>!<Y|d
zh?rT06<N4m#y%dS_n0+)Co#E`P6qL8ao;GZz{t9;=ZtMhx%cEEtT<Q(LguaQYkWq!
zA7{Ry=?qU)3R|jO<%g&&)klt;DpSB>u6W$OH-2KE0})wqu7_I6t7hkG7aa39VmhcZ
zM=dfkDL9Hs%b#T+F<(mSkI<S27E;Wgn4EJ-NWZ+rd=IlSGs{*EV@X-O(k6N@R*<cu
zv$LW@&i2;k?TZSph)r;A2RJh`;4;kdC@#Z+eBK@1yqH=+r^Z~>Bog7GGrTCXTi?PH
z$BPXW?`StBDq#_kl%=*K*X9zSqVAiQ<in@gc>pUh&cRA=Tn!2{IiY)yq8uvhzN9mx
zk$(TiXrbPcR=GYFfRI}{ZfrDdZ}4mmwk4{{U=*#4JKr8pJbNZYhrvua@!5|PmF!Cu
z!-<5==!s21|NK=jfnx!4Zu?WFU?P{dG&Vfr;IQl(pr5cWq}+E50<6ad@@_(^?Z!3e
zI#yU(uvVCq4JFdOja^c|Vb;H<`lr6~CvI8IOaf<<V$qr7tmTm$2j4p&5XYkuwcxX#
zI&Sb0Gs7q~V@aU-sqc?V8cLOysvX8Ip355<jRQta)sKP?t?SoDo7gS7KPU&i&(R!w
zN%ehVMt3(MA?>(86DoXv`G?1yr`dPrCvK`4vxR_*mKozo`!(NAuxuSahW{CDa4kXl
za@V3e0Sj)7h`j3t>|s%(W@FX<Rgxy*<hvlmE?LRuAaU*0C!iK`yhJFmcyGy?F8y(H
z{Sx$e;<igU8e}CuD-?A~+Rga`CrH)QtmKEp-I<!TR8FdHtPiJ8p5|KT2zabNlQAFu
z_3*NvAi)=^tou&0*GW5~ZyY{&UPobzrM-#BQd1oUsN*)d<c(DWX{zB>L;mR8Ey+(t
zO$(2+bR|{Hn3k5TkX}sC=#NcpVyfl3O>jUSMw(o)3SlVv<er{-69f26FPtrRM>T?3
z31WrlYY>L7n&m5?PIIu_M7^Tp62qcQ0yrif9EL?4AhZWgn{HO)hXZ;fx>a~dw0`Pm
zso|4o5*S*Y`{i~W2UGe^GxBD~91WAcx+94`@hPh7mNm*3i?;mqWFhDEFN@DbG5goq
z@5P?gh~_z9$~x&t=M8MQo`r?jX_veK7;+yiEfV@W&bz-JN?J^?sinvQW&t^>!KaND
zT}&m1>;9Z(A9WTDC}Nq|-n|K57qSg~il((%{aGf^JR~ni1FQpZDwiY+R~Rh@Gd^+~
zK;FpW63z+V6A}+^+xn5T!=G=h1r@=-NSBS(&x|kAgwV|#;a2G;Z%7_&R@f31QvjN(
z2nwIzFBFdPJO9Bpe9;x%!(E5og_*R;d7wMG&XPDP-mm25BtXOtjFa9#JXYZ9lQ8|}
zVt6si@er=fFV+t4I!o(As+2b%F!EX0(IQyi8R1-Rict;rCwKZfk=jahVjhQF%)VY!
zy8GUHZ!z=;8nV${lH*klmEMPg3WJ%ylCA0oU8PJ0L+oxVA)nRZi~ab$0wji#GNZF-
zCq0=RNqLbhKrAUy>8O&4J-@BZI)+4<r;8v|%gju9Isrw9<^I~*qpF%s{_X9#IXJfp
zp%*T>ULXm`lp_W#mu!u?MajEE%QqZ?wiUPJv)i-x-TEJXdrddUBwxzJmd~d2eRzDi
zm)cY~`8iPFrTD;M_{ci&lbTTd7|fU^`5IF511t8~m;Fl?z42N`;l@;`8ILi;mdJjN
zA^g@G8)L0NLbYjr<N0cLNwQD2DCA_z>Vfm_g>0pdm%4TC@KzGP^UKvpCvFP?4NLE^
zf`-zmT4jNkV0KmhBN%560zNW83Ny}Ixp?cLns%j#qVBs2rZ<COZD3#ESCq*$pI#Mi
zt;xzs1WawRfC}Zh16`1JO)=ejA0~kasrGO(#ix&b%fcQ}-R=?(m<Zx<D8@um{hD^I
z@7IWH4MSPHeJ4orrP!=J7e_DX`xT330}sWU^a}eE4zBt2uiS~lo*DBZuffyPWC&LL
zYZ(>UAn#dK*h0kuuO2I^dKFAiTFs{>KYc3TO97}q-Fh}D)3#Z*_{U0&g)=v&%UVMo
zSWLUGh8-hIrZ659_ea{@eV|=5D6(NXdG#%WRYXUI@;uPmI+dT??zm)`Jq7Vt-|6T`
zrMw=8=UDZ`>1~OTVivk!iCqC!fBGod@&4QiJiWnhjh{=u^6SQNL|#-3dEoc3z0Pj3
zQu7s0rF0$%@wbzM-SONTbzVyxfN!=hq&CX{QZVWOs3x9fMgk_f7Jv<zJB34Kt2Za+
zYy=Nd1$1~^`qLE@T{IV>9ns1aWW>tf0aS>#%YNh6&pFwcYlLwhI8PWpG-?U+dnmIM
z7(-|B8H=2r&S0h-5L+aq9!tW^nM2rTzW7yKjoSm|(uk+&@L~r$)Ky~v3etTKKC{e}
zEqE9zU*Rbg_GhB`$;X+PTPxR>IK{8C4y3Y!vC+PWJpr3)yhZn2=#kd&O-#6=*n_x-
zJE};}qTu_7(w6xroAGd5A*+>UkKL8)eZ<!Grzh}EhAXz$IgJ`|%pQNcZOo%z`*X!4
z+!0AD;wqTk^m#2lv~<jAnr`RI5fk>|u+egLhi=t%S~I32e@-19iiyw4X$pr^?%&^Z
z^ev)@m$l58Y<io(C_|{z(F%_3fS_IDS^yPdpW+Tfvmsz{BJO%8P4YdI-0Rw0fYjg{
zwYN%c=8q$UY+%~7vD?)5ZMl|J1)<p(U&3lE;DQU^F`jD)mUrhLnQk(mpm#_jltP96
zbX0P)Plm<D`%vX-BJZC3lI=KoFSydyesl|dzsipjnjIP@DC{sWm__+sP?7{=0Kq8J
zKscXdvJ|T{M&f=J$MsZFFNpHE<}{LjqgdzzTS@fPSr6~y;{aT_TC#h4>d8=%HK_lE
z3d&Cnm`~)2at=)SJznvGZPiY2HWTcI6+*oOE4tMgg^1ohOACjQ!nV)iL_0moAvxWf
zi-@&8=*WKB57@{duwg(7*hvQ>eC8y)=T#2LJ;0F6IyOTGR$(5$<D1j9zvCNGxgi8I
z+q<V>K*X4Ulk2Hu!QOiw2)|P<tRC)Ui10WeyhKd8Q<ux|ld%l!zwo9)Kv{&;EgSI1
zKATSS!ww&AzQB3S=$uPR`UPX<YF1&zjl;$KbJCb}+UZ;bfTIi#(90d^DH%y~k&@y^
zw?{0u0?q_I^UTQy<NbJimm)7Pf5i(TxF~V~Uk9`7XLCtq`IGDN51VGz;+iakah-@Y
z2&a_twXgQ5@;P6$oi_-gLi|uyFYKMe6f0(Gvkr#;${C7HUwq6yrtLcLdP7by<0vrL
zMr$T`#&?ICOHf;xn^${D^R`3&QP{?o?B*w5kM&Vml4tV!`l6Ezw<Z1VY|6Ae=gW0G
z)N414(tl``SovDFy@E6ci5f27?3S|n@lq*_fH0$;TZx7ivBqvR0Qak4YkXXluak&q
zNmtefkxRTRRbc(6t0Mq(TJY@++}5<GcJ1eTqFHF#aY;p~GJ($4q}MGL?a5j?iFJWf
zN?|K4cHxpc_Q+}nK2XFzs!o6d+rc{O024h*@L;~=6tS!(Z}`!_nt#~mM1uE*aa;_8
zHWE$PhL%Rd>c5|yl$q!Cej-TDMJZ+zENKW%Lhrb;E<Py7;>!b$4h`9<`*cjNsf<T%
z=f6?GlCiM9W8<x$RIe{Fkc>S}5pueC$aCffXy^in)34()@w`zZ%R2bO1<<-SoWA&^
z>XCkzB2EFAfoK5^%+AAr^G6hBO6}ZK%)}U9%A3OeWOEqF=k4CaN&2GMc~d6kBeC@m
zX=LK+d5|Jy6UVGZC?DZdnW?9>0|sK+H3v2QDx*>s*5{40I_!2I9jz-=AI`c<n?=Uq
z^Dw`gcX=uqJ0^Kn8vsWn{P-vs^S(pr;6$|sJ&C{o*2fb*&mVX0zT1F_wzWyOoC>&U
z*u0K98SyI;)P7`^N!7oZTQ-v)$7u>WD7`gp9;KM*Ni0CSaj!&wc!<7wBLFWPLt}F}
zRp`Kt#nHz=V3$JbX`38}@!N}9U{^BfzncmUp@|?n(6zu5#OCQ8&}Qg?T=xePcT#b#
z>}w$9AfsmG6wz218s@&Bo^*afukcYpr*)x^BXoprJIvIRbsDw~Pf0?Ad%Q$3UXu`u
zsj(z%Z5d?ca(>hW5zMH_?JpG|5m{eEOdv2%^t3mGpI&7@a7xm~Ogdos)2LzUiwO?8
z+;Da578`~|wsfa%<Sc9GB%#~w03D%#RrC1y<vi$!D@yse|8q@h`cAq<X#D#HC};b{
z{QHjY`r)U_xKcAd4SVR(IO7*s2BLehrQSzE;+x0iE2Y#$(4)<P8)NsI;xtzqp&S_X
zW~i;tvB0HoM4?yAm`p#tBMl2xdb_+gz`*)+;vEH1L7SYnv<sttWXgRH4sfWSl$!q)
za+u(>M7^SU71Tf@gav6Z!91=_VoYEu2q80;gSTXS0oTPa@xV%7(q#|^Xuqd|h;Avf
zeN)m5T314Lo+o)jY<6moT+NDd@D~Z?RPjIXj7#M1_xJ&l;5Srk1$gh{T{VLRbz|Oq
z7cqv+jp4YK1{)4i4FTBElOKS$$aHpEq+DsC=8ofZ%(4*w#XD6uzNfHUPU?JKYZ4HB
zEJGOru?bkdQYhOINf~KE75Y9WZ=yECYSi6Ej^EoltFEJ<L<VRF4@7Ef4^PKVb9RI;
z^`ISpddpXOXCP4)E}lzR`(a(B_iR<FbcbW<-d}a{$6j5_qYV*^%J1L3O;R{oWVqm^
zIS_T6b<MEU<l#%&s=Vc%1bE1&)e`iVwXHMKZsblS8jM?Anf;=r@(kI-+x)5oW<<r0
zGq}jaI^JkQnp{q^@;?4-xp>Csc0W^$h>C|f<1plD4SIdp*wI$k;YX~^Ogy)^Mf>Bh
zFn{Dx$n!dJs&KYQdiF|O#04rAhQTeV&<FUK>P@H&@i09IzMnJUNT3fZjM!0OF)x7z
zScYY+Qk`~R)V{LVu5XppD_?>c0=;spd*LF0@`&caF1u<vIX%Bfmy&&JmL^p1dXfd}
zB}G6Ncm0N4HtPnTtp@6<(32#glWzBVnBx)LvCEi(P*2=tBSyaDqeR;Q!8660#aw=O
zB>klBr>L9!5$Y)og4(70*jss$%f8=2!*0Qgj(46xIIv4P`K_eUI=8GwENSsB+rk8Q
zPSGcDi&D6;A*#Zn>slHSbp5jRrb<pfyBf_-jrhTh+$B<xO7i4;+@Xus%7vMYVYijp
zKEf19doas}^;=_oCsNZnzh;=&NW2dKYfzpZ7H{+6jRk;!;+NuB5WOAyEj08a5W2Wz
z!>yAhWyaLye7xzMF$aJ%CEUtKwvuw;{?+?#Zzx^r6}Qrxp@PNNM==G>x;K=3t#VXr
zR^T5n<7Kcm<UtRw!SMX0GiGJgA2Ezs<BhEEOTfey-(qH~AIm{b6!j;|f>9>%4+upt
zLA8raxWs)cmBc1r9D8ZFkTNk*iFhXnkuZeOx$t?fGwKLePn>r6o!qlQK3k7O&5k%2
zNJiXIJK5-3A*_ozTHVa%MCUCGO-w4Q2g~G7D^5>ZszRbR{jhml&<$bt{w`F?;FmsS
zq|VUBY1;RaDQH8O)W{5Q{cSy6NY0`9BaD0jHpl0|@0=vA0GJ1cl}fC0fnW5kSS)8J
z7I)y0W<T9b6AnWJzQqmYdg%rB+|#Z`56H|ZNKtm&vC_w5mHlS-m$>e&%{H;$s$HRT
zv5}9=p;m`W#eUiE+&<Az?lw|jxO1sYMwNwuMdZm9*1=>F%fHQpO}F<Ps?NS!@BTH6
z<$tvi1t^;*Fb2my;|3ogmaUiC-Z5*f4F|K_jsTtYb)2CzJcX#$eJNM1LtGaNB>p}r
zFG=|crUq5?0YsUCjGiP5j@29NT+Z-a!5b<mZdTl!0T$oiv-2+YrsyQ@&eTBDO||bo
zP7ZR{I6=ra@Kh=rXDdBn>==N(ePiLnJ;@JOUSdB!hO$c#6sv49O79rc2|D-y9wb2<
z80Y+jm^C#fOL`GM-560O?pKcJp&S+VW_qAC8Fmd)|B}@c;jy8y)+IL!W+JcL?T<oj
zF3u?+y*Q*CI99;ewsqh!2*4jeW_Pj-Tht9xJGc$cAP?M@Rlf#`s~_BqfBQZ5%9DtB
zt<=CL*cUH0>9}@+AjTx5fP($10T~l*69E9+#r|yfl5cK&;FY}tk1{v_;+4GP-8y~H
zP+jCoIy6Wwk5|9)jyS@CHH${{xo-KhyDm+B6a0x1zBw+u&*_pIX5BO{rZ!jw04<BJ
z8M3&t?<5k%otlFuSNDF>);+#?a|Zu_Hy7>1#}zm;W(fUMO-(VT7!&cm&_CrqcOcoC
zhjEQx$qyPMxeD~Tqbi*&W{p@rOR|e|PK<R#dg&H&cD0N^8<<j~RNZHdYi42AM{u0?
z>S%|rG}U=!)6m+Bwt{<Z3&<i)7>yKZ{J=Qu(dJG%wL{E-QY~H^$-UT*uOF#LlHZM8
zjA?wO%gXkyqmAX%Y3_BMwTQ(vJJoE3e`T_G!snUnHW1YLtJw8-&Fh~R27Npwv&=fb
z!C82{mYW-&aYK-Fd$@*7T0On~GWlJzOv}0C0J(C<$x0Dh;$!OpjKwM6>CsqGa-HkG
zGvlXZe!~hMA=PwAq37~0&5_ctWnWD}U;DCf5rMGt@92}^QkjBkc8L0-oGW-VcOhAO
ziu;$$;u7x&vGK@g_JNS<g_)Tk6=OozU!NfI#ru9yX>%mi?#G|6`1_lFzYuZaxvx#$
zD7Wfe)|@$5>3bMWH{;hL@|6~c&Tp6T<w?_Id{U8q-Czl&OApSIYn!2L<3riX<{v(a
z>+ye&6<}vkOMVtaTvw&pd2EgUE15V%0-qoNj1tNgKd%d@^gmvokhShr)g>txjFdhl
z`gKe%X)p5PUyJAbR+@{1G%ah%=+W;QLgsMd11N?jk&3>*P3|O_e5LKrMV~54-;_pm
z{u28gga5}{_-AR_*e)%wgTBYBB3me8pDZ+;A0IGDDi%!9#9ts{IQY!1Urq9E6AmLh
zYdccE@U#ps63BgnOQKAzyY;V2DviECO1fpftZ)rnk%!s*B_=lYwC*-JVJfnfZ-1@^
zM;2Vo>-GiY|KVz=E`dl|&diLz#MZdp9bcVB>Lv&ug1{5<o>_<p3jSKrul?p4p%hcl
zWTngHLSw923rWmpQ=FF23pH52*FAayf8`tCUSE-4QdJ#(-S1-7MPOn!Pji21vzE+7
z=FdfcWdqyNOn_4H#UIP|ryBdu&iq}Q{qO#=XZ+eGXW(2%t_QXeDC?N;Jm(`UqE|JI
z3M;PS>I?l-#KC(7;whZamYV<lSO4=)2b{#jyc-!=*I9TOw8O$!RX)7J?!uW^*vjv|
zP*e*gz4zxvkBMV06Cv-4T>002|8Jl4fAdcwQLseUX*q?>9~ns(l8~x=xWn`7d8LUY
zpioH?VymC1eZc$AdeMXRn%|KO`PT}cCwBkMxBmM-9T~uS2|un(5BXgJciC&X!UyD-
z*w`kWWKv)MS*_A&uv+69U3dRkgFnChKR$>*?+o}!Y+`1%s#`~?37$w=Vl9!Hh(?NN
zTv(XneV)FEKfkaW0)FANp?~gw-huzq{k)>a<GVL-<JQ&+qxZ!!RaMnX$|m1XB1H7(
zhYqP0s`<|c|37*j;6SZ>1%--4kaI1}H~zWPi%?*iLSaanzW?3Q|HnJ64FF#{BRv42
z18KlUTN@(p-rfPFKw_db4BzG2pT+(vd44dYSabibME>8r$SA%F3(GKHvQh<hz|xFq
zuFizcPSw4_(8cJ_g-A=|EM8zSVQK!`*8cl$`SZ?y-(J>CU>~Vnpk+${PKS++Er11#
z@jVZXj(!mpc5{lD{hvg}o)Pp@s!3cd{@m36>kj(om;<|@3Y1?HRR&mj8REmjaF#NI
z4;Ufcx7gU~hl?Lj|M^A+hI6;ZM*_F_zqcQPV7F$ny}J2c<*#EGe}^%~fDd|8HSK)M
z{{M0(=O*OQEk)TrWfMta(uofhDn;QHrhhK|H3L|$hnag0f9~#ozh2S=7uncszpXqd
z181B6UhG$c2T(fIlnyFVT45IT?|*jb_(Nd)H?!wz|L3Rs&k6c3Z+T@1OrbT!J+FDN
zT%g9JY(C#|<-nx-LzjK`M4DB5-9H};0H!eJYuPE!|JE@5>z6)-fU|M5>z1tlmq{Nl
z>u8IlOsi&8@BHT$6u>RmvoGTO>r?;R&HL)c`7K=LqR9H&(8k}nh@FGU=iPHze+C?r
z+0cC9KPMb}e!{W0{X+hjt^a%im8S9BH;1nPsOXkv*uhG_Oii)j-_eKn;**!iG%s!e
zg9a-huCKipJpb)dV|Izp`(=WTgQ|EwK-uTEcpkKcLO+(Ttf%A|>l2^e)Bdy*dAW_f
z6^xXeciE%w?@i7(>HOnNITyjjRGcxU<(A>ommsB}zKZ4l<Adhpz|yqnU0vw~i#7L<
zK{H2nchx+))zHiG4L$Uf4os3!e0=>tM}grwo-^{s<-AnZe?6j8d6QqCGGe$5w9}D*
z%_eZPC>a^#_DT%zS>Y+m@E2r;rBzP?cOZz>^=B8P|JtDeL4nehD?0-`Qgh<?@j>S+
z6|l<mIM-1kPq!?S$gJyKJD<~b>gqL%io-S@SnoPp?Wz?DI#JJ>$<Kdp;Bw7hn>9wa
z(OI%h;NHE=9R`YyzaBJE>v`}e6Tsj!+mHcf+GSEfZ-Wr`CW=yffX*jR+~P-~@`pW8
z^$G;kM?qEMebbbeL|hkxo_>CWRBLpY+Hsz5bAg>?`7=M?7q%b9=}zF~&G!PamGxLP
z86fQxnjBFRTslCOVDkVV;^xV$FRv|q_m!^qxx3xFQ%=HH?4!f#&{n<4Hy**EQn$Et
z@c{2Rp6~JI>#eEkRxob25PZ=%2shvw8Qq&kFZhi^8bGpu(}|V5dOnJmD(b<XeW~Ze
zU4kpurZ0mv3)vVeX}zZkvs+Pr;B%;?w3hb47!Us5_u8%N$ylJC_6z(ZZd5Mm!x~Ka
zCYW&eCUJ6$B%xCS6}9vAzBlJ447ABIx-}LE&)!bCAdk0#WkYVBsbw-lW!9mfQF{^e
z28fTueGd6HXPc(V`vx4b!31zz!~sR=2eliGE(@ae)3pz8?C&X3LudBC%usx*({64!
z_(nz}0BC>dOWis>ANU>@Y8axgj61+A>F?m`@xRzhNYgn5)M_%@5ltj-UNVM-jg`QO
zLVPUBdq6t0sh8fPQUXWzd<d}DtMCn;sr9~mY~o93i6OQ{=3WA7Q3M9ns7)<E!FjT9
z!V#i#+wghg%ZoQ@C4=B!VgB1+E|OpYrEm*?+YB4Dq?2|!gW!q;1K8Pc#8;nzRP0VD
z8uFG#<QF~70V>LJXSRyqjv<52c}eJO?M2ibIi3ucTOw?1RHf6gbO_8(u?m;gGqLiw
z_;pW7pcRpaO;cs&xPUln(l4T9#~Fv@03|WFfxC}Z&O_^DkM-~D>a^zilwnYo=-#g=
z!V`56<i1^KN7u%?_WDiLj#5J3m}4C9;=fAFO-eaeOdirw^1I*O&b17JVi33ho<_8<
zpQ<Uc*(Y^5j`RlNau=!HN#SmP%w1VIQ{Yx`9shE@Hma#oJ1U8i{-SoOk*fyZgZ~Z~
z+qi(=diVIk%jKl*-EH3;d>8T`>4ad&8ZW}yX6SR^3B1HSramtQi{61g-f0yzy&Eks
zBKyfFN+-kThzcS=Dd2Mp^@{2;X+A*$s>!GG+e~d4*9>TVy9AmxG^+lDIl(ju0M#ic
z`8`QWNx{tWedNx~X+nm9U%fT9KqhN6DDCFf)RpN{jmWJ8a(p18iG$c*3CUJ|?{m?6
zYtm!9bdEX^fw*4cTo7Sh4dwJEQPB;1_xV>*&FpJG#6B`qb#Zg4r}+)53OQo>{Y5#2
zLd3Dy%L|!#*ZCn%49b=_lHaFBus5NJRXw_Oga;#KxW&(Vl*e0>y3+%MgGDgC*FZxd
z!YiO9w?iWUu-7GL)k3zcu(bK8nfepyOIFTLzW{=e=ENI4&6r0wNFcO`nRTdNkn3&d
zF+;D1Cv;7WnmLhX*CkvRb4!mXHr{W8EiVKwz5-;4@b!ldR(Pd*$kn(P<j?o}UH`y0
zH@K(xd(Y9nH-X%APx&_gPa7mHpK}arnfh`8MjgoRey?<@O=V#_r)!~E#s8c->*D|F
zKDKCjZRkbJbR9k5MdS#5t?eS?fc@av|54&6%$UB!-sf=j3WDI2eRR-k!EV!O6d_{5
zzQ?Wy5Qb}U!iM5+CdW4X56ke3kB`RUw_f3W7qV-1h`}FGb(}@v-Y>*nZAR@!yrLeq
zrQ+X0xuCByg@%Q3@XsA7nxpQ*(?PZ3;el0D6-OQ?%+ZH?F6)Etypxvr5qcPEKT|)#
zdvA(^Hbg|0fw2<SCJBu`JPYuHPOrjJtCGKdVXA`A>4vwtjCCO?Hu{Z6;c!w65GlFx
z&HuPCX?M(6(LZx7Qfej@iUfQ7a!VETmsORP+NxN!QwUJlsZVOsF;WLW|D;47rn|5&
zt8(6J+1TsPo^YZFW;aB3Y3`(@oPe14;d!7BQZFSgeLg}^t7`!XhB5!Yh5GbsyGmSz
zx9&c@C3*Vk=3;l+RDqAG>fvkVhlV&QiO~vXOiBFec|6beb&B+F7(HyU0)lI83d^rB
z{-hi@lCB=>(`45uc&=9_>0!<7h8!iso&z#=_!Xji1cT$lMZOx}V;Gy@*8_=3Nez&!
z4)TELWdF=FrsFf{fIS2p;@4?Li}fxK<+M|eX@9h?f^zDSsN9Y%74uxb1mLds<(k2f
z%6=3#7{MY6kW;$#?q$S^KKvHnLs{~TVpvtIh!26E`34BZ8MV5f#jrV0QQpA6H`=dJ
zgL)ixcaDi|eH4CSH9oidfEVxGHA7%ADb9|f1QcD+lf9U!w<t%4$kp#VR@jBnK*Va+
z*||#&+k~9X;ocTF6M*R{HlSge8-{t$5hAetE^16@*gyxU8x3lY<+%u;JmI7IN*3Fd
z<0q`j@8q=U2@$8zx1w7*j;d5wuI#ehH_I&S&IrUcZ41@ls)`Pt#N6d&Z<D**`ufVt
zJg1DE49PH<CTQ7KtpY{ChjO|5)~JsF)nBsL@592bo+PduPP&^A7ItwCf2!9yQi`?g
z+YPhmVpRQF>#<2oVp*G%E^&&m!)tufjw=xzCqhJ_p2!B$<(*g~shFK;YIK6a&|Zol
z$;JwVK*K^fwGsN;pax2;7w8mc9ydPR#kGC>EUoW!s0dNRp<%WcVu$_Odj>d!$dw{Q
z!E6>=>zUIiK5Po=zMLLl5%vKUV4<XXl6sgPu>K-gij?#+BYCs$?=(s7{!-++)5Jgd
zcB~ADb(pk_N?lu;O7~F*S{b18fX{Tf%N14Id8pNwTBmDnRvJRuj;v%%p;deH<!z;}
zxTl@0cm^qH>s_fdI@L6eswIWIa2=V028ps8pCKqr$m^%pE+6GzD{`~=#EAJE-YGPy
zB2oX;absj_ssR^}6J}gRoRVrHx28XHCKvH=tvjFoWCX>+_@9p-d7OKtPx@5}i~xlM
z=m5lpn#~aW>1W-qtSg~<o@Qu=v1aC5oZ70P8f{ViFH|XVTtPX7u%!9;>NB9-Ok^Kg
zI9{PBOz)6J4>=_k$Fz|$p-lz-DWeJUfb?}ptv2%NVEh9>@o$>^wEa<yAJcs+xuH0#
z1SW6SJk1kX)2kud{tey&k@QldG-^ow8chC$;pK(-vr9HVm>aL&pb530vLkJ_6{Urp
zMc$!L+e<M-bX~VwAFk;tcm^4v$e%TeRAlP=GBle*)K$3-phb7`o$L1-Ca_9L?vNcA
z?7E=ctW3;nn~G|k{%xZpp%vP#W9)WA)m+jG2`dZbhFpX%>k|4TJtclQFDnY>i11kV
z!y`-gd-}``-t5n3w|sp78_V_+6pgNvaY|kRyxe3bz9;JeR2Q%xVnU5)j(y?&@(l9b
zAB?=a3FhTTOW=5exf-}~x3P=wO?RhCVBJ&2*mY}F7XFnO1FDCE8I9S&@y%Gh3M(>K
zl4`&%cO0w7%J!D-h%#ov8oIq6*CTnV5*79glgs=jB3n7;R^sIqMKTU?`$Ksk!h+)i
z0kkH2-9|6W6Z!Lv{vXEPGOEh<?e?}2X%G<*kX8g~kdTFhfV4=LbO}g<z*^GXNOz}n
zBTJB!ZX~6<8&>QSz5n;~Jn!D`9(xSFFm#|p*L7a!F^@TalY)DEe9!bN1gvj*&TV<z
zPG@Rfq{`v+t9->SY1E>4yFh(?D2ekHJQV=skC^5*JOct$^1LC;WQ+1rA3l0bWP<bg
zVh=)nDjj|{e5O|QHk?}Y&LdTl4(lIE3*oe18Uf};t@dNnrO3z78y==LZ~-F}W!Le|
zb5!jh%x97N?&*cg3&T*A6uDWr8VpsATG^E-c$fbepgi@lla|NQbAf00W=Gn~Z<HnA
zVG22~iDe5|qe;5Nu=);e?2c>0H4s4hegry^?iOoS?OE7}<qFQ6=fcZr>EZALB7@o}
z)UfVL<UCMGVE#V5T7TpjNiw3v#YJ@kedk2-)qjNyXM8Zdd3#FKlBg`T#%){zY8EZK
z9^uuf66atT5`dXa?9Je39>WSAq+;{viRGGtsAM)?#_IH#?p;`(<n1ukiWLEc<?~hX
zR#HiPTK$FOEz_HZXL|&B6zqJFpZi6^cC>#3B(;t*2;!LKAyF7KTdH)*d5JI`f_)mY
z?Kx&q{d$IjAGx#;qO;W3H`D;`6_gqj>L{BIRq{nYQ<d{3Sl=Tb&bK^A4Yz#SoqhRx
z*Px?u2!3)wz6Yw~gV;C%&gl~tzJLXtk<JFIS-SaXJ<fer9j#l|Q`I<Ay``nhTVNIV
zB_2^_{*AHo$<kb<4K0X|rZnm~yoEA}IU!bj5e3!Xo7@-P&w*s#W(h5P3MnuAO0-sL
zyV^A@<>ToL<#4s`V<}hC1jU+7nqR27LgaO;l$R`GTXQ8PEHsvt`%amNf3#$um<cQG
zhO@Xw(34+36*gy1ZwZ0QI$sylAsq*BkoR`{luv+Lj5sS#U!h;$pOsRp3~FHwQ!{7~
z5OGk?H)@{hg!5JS<;|3f+okS%yph?OD0_)-^D8u}wG}vmL<?hj-6E?^2k-5$D!umZ
zj}yWHPU>Z12_Z->8Ifj<83q89-gk*qk*w%CshRymo&uY{4dC4i;%u;4t&)S{=U^uG
zd2{w7gB=y!dZ+NT!z#pKd0f_7b=Dgn@(?9Y!@lpu@8FZy;JD-Iar2V?R@ts3X~qmn
z-x9U+n)coas#eigj&fcHG9JN_p6zgeYP&eZQ$aJUmy0-+XGF4lIZu1t!Tk)jh7ZGZ
zoDgP)_T2_fC`-B2xDuivRC8g;H(XXYBJi^v?bq9~_l7mXKS17v?_7jkY=IB2hOz#s
zz&Zpu`ilw$ZVY~E&Od-4^j}J>r;A-&+{4+N_PT!s(V8pyVTw9p|K+}zc>26Y<?jg6
zJYXIBF<DjU)1G!ZTgc+A#zxhv$a26f0TRa8QdO}!p3`-Q8IX#B0bxS|4hms%b6`xX
zD7q{Afy1~FOWv!WlSgsNY3;s^eumPyQT7ugR$j4RkD^IelDa89t>w$CbQ=6u{#@;b
z-7z?Q$q)>~or8HlDi6Zi!Dv=pXs!MJ4aD)dZmH>hOB%T`fb@IkhI@-Lun*_<f7U3t
z_FT7#`K|ytZ;>Bxj4_EHUu28#HgL?`2BrwlE0gC;CKi8{{4vexa6jbw@^Zhpo&MKL
zM4p`7Qi<BW6mS6gF;nyT(k1?x%{eh5S28fDKHZg6k^@wZ@ZWZTJIx<FX?OAibU7g-
z_3bD7r*=m?llW}OGQeCb$^4#x+IeahPCh?mcdKeI;`IYw?aDdW%!%&TX)obKi6xaH
zt?N?zZLYsPY(MG}jEF_k+&;-<)Wd4x1%9t%k7C<pCWVcd{1CW}s2ebcxGxNJwK?ta
z(aR>>NBL<4`Pa(kSQTq=O_s<ZK~MLc`%Ld7O}Pc^*B%e>KGB}6EG52VqDgysszvO4
z79k-9t0t-1m+c5~KNiTaN@G<I&caEm)ZmjsrR^#vj<Ezk!AwVzx6p~mgQm!Im!KGt
zgAj6_?*NzMX1;&xB+Oy+Q%_4t>#4!YDrfKuaJ>We8z_T}+|EQ31vd>Y*N&7tFx2Cc
z@@r{X{VKox8hR1Xc)Na?oHSn0o^7ESgX(@dz)^VtfXOBPb6KfJ+8blKEL?zNJW!>H
zm+q1vd1t1<!52Jt`HC$IPK9VkX=npEE&svh31kIB#9Me{Q~Ec}v`-L;&pN2z<4MRo
z|E59`Wj2jJ-Vi%i>tXf65-qm`R15yS5v4EQFWeVC-TY>q&R?^SSEWS?Zj{k^`5%ws
zY(z4dM-w-!9l7w<esvQyIc%yt^w7Xk&K-u1y7fTGoa}c8rA;jwp~yQw$FRVZ{2_E@
zqiU*EjBtm0Wb$&Tn^OO>6?3r}A>@-7cQ&yoFZ}Hj6=o7R7;rdc?3h16v)tRBvMc7C
zN-)!MS^y|A;W7pX#&eqKi_GfH<?a|CK|jUA(oIHeNdq;?B*<##`e3X4BKOci#VyP)
zD>w005K=1=l<wHJOP$cov{uqVn9ggK*nUA|k$;oT;+?bgT&iBFHix1<_&a@35Mr||
zhOC9AIt&kcxvnNV?Z>a;&q>pugn~7UrDK?IZez{fG;BI}*jE^{a6x3Yh`W;H2KQVh
z-D(Pif%%6e6Ymk%!*Ty|+WZR+E{n-dj?m$gXPmSaBuBV|7jq%x<9hu&FH4QO`}1UZ
zefCjqm)pi?sLNeL!u>)4SWNu-&s{@gcgP9jveP0j*`ZVNF>OJG=BBP(3e}gACWzxD
z>l@Z&tIJ_+2qPcO49GUXCAZebF`-tCFsqla+|5(Mo4hITp6<R94H#?=Px;xmU*`Ug
zAp8`t1fwbeG*51gYw;y=P#w<Iy^)3HS)CuN`alvr2c{R6Vw@3xVc*(CdQFaWgivgc
zNA@kg@O!G;<cV)Nydt}|h&M;B?`we~4Mh0jug#y|{2e#`4M`3=<78K~bci_oE45;7
z|7+*dUrL~i{b#d?-+d*K(Xr<tg)DJ}=y^IvYy;B75=p}z^LZx$bA}~z6RJJ2Whpj6
z=RzuRsJ6`DJ!=91x4`5r?K=Is*qmrdA|i*S+zY{gV;HS4vMYE3*tsII>|3<lOMI#T
z6+g(w!H$lDhzC0T@NBzA7r4HT6Rk(R!REYq^*ldf9CnB!^XhHXuev%mg5rR>ox`ZO
z7ZJLnk~D`Aa51LrwxRc5O$RduN)?r~==PG#xjPtTt!W_?dQx)HM3R$nl~d4qhh1v_
z@Rb9Ec2xctpbVWgY(Ej4+=W|RG7dfe23s;+tOJ6cr>W7MALdFguB1SN+~?sumShC(
zEoU~Rq$JRHx#mf<<!b}!ULjL_cFW*cvnG-@vpGul`x$h3xY7rNGCVSyY?JZ6WF0Jp
z`fb%*RBu9!cezpby&KAtmFw71Ms%CN);7OxlCs}26ijXTMg_XVr^x+m%P?8FSOjEw
zxi99u2T<9;0sFB$(o`--iqsdN+k&N6tbmMGCH;;($1$@uaQ6&M2TR<PNmH5u#Q?sQ
zrhOyR=(QNuWd#_3<3ES?zZ5gz@RM74^+SAbxERh<Gbs<q?<9N2s?wuVdWQ|b20#y=
z2_c|3cetcF6wQCTd|U9*el>y2ts|adO?BvLh-8i65zG2?b|RZ5x*uYC;ug-yIm>_L
z7k2n)mj&AFG9G;Ubn^KoMx!io;%2^1LkK*<=?RqgCl#tISKkhB31DdkevZ!JYn7^l
zT-D(iUZCj~YdA-4zaE5ozHxA9k5~^VghxMdZaY|x@nevYs$~7~O6HxE<H{}`<|8Zp
zj5j^#1FWrB_{mPJLr3Zl1p_WKUpm<z$@~tbZg-6K(_}W@<^SHQt0;9Hf8PDVJS|Y2
z&OhLtPH)W|!LA3B-x1L(n~^;EHfjmd9Mn)_F-Jmi&JTeC+QUUIrwn$6IzGE5?~<73
zikWv|%>D2TKA61$f`vOq=M^DMgj)8A!ZG#mx3jY@9rBG0_jRWOWTaU#s^ILBHl~yR
zEord^&naoxMy2l0!(@%!8)hrAo_-teBsO7Ua?t=De+-#H1^pcUGPiyaOTI1N*8LSi
z-7`0OV&a7K-zaQ=3cI{;heoTYLVt?ZAlJX9Mqw}gJqnz&979vdf$5@O*94iuHsFG?
z-{W}aglxyD_569~T`mw-PBX#SX9HWoi3lDW6+$CU$b!j{HB9{yRHJ?pRIW0&eDuqN
zWj9+(o&kShwz>}EB}RS!9P>?WkQcf!S#7~;MIq$&5HH`cEbxx($KB%T;+wTmjI!Q1
z&}g~J-2u|eP8u4#@<$m=b$2@uobSN>!x{BB;x58M2XagzfdA)Sr19^)=*@kSYf(2c
zK~j)|oxQO)#O~kCy5QAuk+qjbWDt_b#r=R@s+(NaSkg`zG@W^$Tz?ug+G6N&<MbK<
zCh)$~XC%LL#SP6c4(Z9O3#<Iy+16(uITR>bOy0~zrN9tD$FT8Jo>4qN>#AB>5e@XV
z?_~xs%t%=j;x;w{5l`?13o9CU=g}UAtIxkv!FD?ApMK;}>*<V@Bz#%#boeW)>2$V5
z4QgVb<a^gV%Y6%?^{y}E%%nF#yi*+ZI_v@))G1>uCJ5FOxpH$d64`No12*hKrEYr~
zw6y8-`TShLoV!LkhWw#CT_V&BLx&cjE3;r=WQ>ejN&4XzmbOy(PQ;GTl0Onl;xgSf
zANeL0jAUMqUNf5ZTJf5rli2i<_$H1wLF}o1TUUGHf<!(AyfV-VQ?1Wy-Ini}hxOhb
z!I0#2Fc&P+Y<LaQ8V>9UJnxn5S_`TvK9wwfI^~jdh^{rOc#xO8f4v0ZscmmMhbx!#
z!b)uTkG~jekq(<B;n9na*Cg%y+(`TfzEN@S2n8m5^skgg8i0cL;5PNqk)@vaR4mU1
zMfSGgYzy9z9%okk^GwAb7q6)j!Y3i|(^7sp`J#hc8Si@cHgb45Y=31ELVWS4?!l=Q
zh55h4)m-O(E|;=YXcMszdS)MON|gS*s0*>qt8i{Ecu+{T`c=E(`D_gw#cv+EGFhd0
z3|12y14S-a`@QKW!{0Pj#|`ZxBS1Pq_IzgIA*M2P2GtQ<%#TWQ6)Rc~#vt!m>Fr%#
zt5+`MQ7EuCv$2?|cVHt9c<2aTmQFNiKPu?0Fvz|){uiF|HyL;I$cByjQ*f?EP%i7U
zds5ZLEtK>h$zcu7b&AkrekzeR#?<@bQFTke?o8GibwEscXUH*<TJ+O?@5Xoyp7{WZ
zHZLx{S{Fw8<%#+|&`nE^dwU?g{CTo~iy6~NtQ@c4qt@1PBPx7%+OBE<sf^=cnU$6~
zzQo5>>br8Q6d$&ImK358s5~WuM?9_vletWmi>nEwRjlNm-$w!|eVSr|qpeYC(;%9`
zHGE3<A43^D%Wmg~<eM0k46j;^$Zi&d@(gNJSs6TfpWbv3o_dV+OkcmKAKtTxchs~y
z)qoe7S$!HgftU5;CiPO$7?piTe?90P{8A|~4oZ<EZfpukCNPuUuPgC?F(5K;|D+PI
z+I9TOpJ+MAHR+mvVuS|3AtAYDHgat5zrWvq^cDEjLdZu?nO@f*BXjsa!RYdN2QCe&
zP`OjE^`G+V$zNf0gQ!MI-`*f^HdyR-n3z*J3Pdf_4iS>Z6$r-*);Az3V?W+6b!YwW
zQ58PTe^$4TS{H)N9J|h}{;|}@Gi86caUBN!<6R#L7)Pr<Qop*w1QwZR!-u&THlQ&3
zG1hOCw{-G$ch?3pJt@7@j{cra<AtZ}f+uH-3u7%lSOa9g+zL%aew=ksxwaFjOrAX@
zAYjD6e&i;Nb#7)lmGi|&$2@K4>TJrFNrBYDVMKS)o~IAqQaMZ@VLPWqPOVJT@;8`)
zWh2mwYq{|wO6zKKdHcU@F0YolE!v?yaM`I7&uil2bI{A;fgZ-)FCtMdDovjzkG5ph
zmx)G^4{b4a`HB5ZZ^PqYm9e_0G%GdkWr|Op)13(jnG0sI0@<k?#)FBoeFK~Y?BrHU
z?}R;$=^=04`?4ZdQ!AD<s?V9jO<ff?M;J{DWK#m^SYCi-2ip)Hm2WF<)L84dE*hdI
zk~pL(`+RdAv%SMA`F-UOG+m%9*EZXZgFW`o8)vf`QnM7R@e!Om1sYB&MQYb8jQiNq
z(!@Qg&!CYmA8DS3SJ!|ul<c%Ca|$}r!|$+j5A>Zpxb^jd3YIq;m<Nfxy5aD$e!zJ&
zFelBqrO7?_$}*=P3*pZuv!q|4Bt`#Eu#=XQI+HE?$z>l<O0kCR%{3hK)N$~Zc!Bb=
zFllxbV>lSjanB8<xTO~<m#QjK95pg)MjPR;mo=Elk#J7SYx?`zM4g@AUR3<K<MvAp
zPyZ2iw+VcLuP8;?);m*;VXrT9Lz-*mTrl!V7$sIFflQ8bXmjIv@`#Q&12;L(ndF@y
z-I*hu_&T>&K`4s7fg5H5l^mib;ytvU^ehD_B1CIfRI~8Tr=SV#d}X76@yGfs;K}>M
z<dAaa%(o*5?CiHKYBv7lY5f@n*OPxWxeH8#)LZyXS%VY-7;e>F<Wsp?7>K%Ax`_6E
zw?c2{Ai&F|eg>_eE3SdJOifbZs|7oY%9*aG8Y8L+n4T@xG%>)I%IdFl?p#~Q4k~q@
z;(@9Af1Ekl6@xmsy~(;uwi!oZ#++@Pp$@It=Zz)bnhZHu|BdO64)7Ka#dR#!D#I?p
zy1TtD_Avc4fhX?4JX#@X=CnU4x1ft5oB_v<e`eE^hzNeB&!Yu*>@6p|n!>@0tamkq
z?sbGpb(bU)ee8Yiun3+xKgv&%N8R^d+ciMl7dtnX?K@HflH>9cNVBX-%$~%Awu^zu
zil@`&hcE8F%bl#U<z`I{-A<Xq33dbQ1DaypN@34pI&F0VA_I3+b{`ceat$$9OTU8|
zf1ytXH|mK~6eKJ>#yBrpQ*}aY(R~AkWw)VffrY5~J7tMWAl$^#6r{e+qeg*E#A}7L
zIY7Q07TA|Y6#LT~PFBrIP?08B6kp)aoD`bN0+mLs7`=X?TYs?m6_(%MBXy|+$bjAF
zCCT<y{c}c_w4{0NzqDbMku!Z49^gH@>@)<rB_K1$cEoVWQ%E_IPa8)4%VA$>b9V_j
z?2g*FD2uu}WJ;uEqK<1Wp!n5Xz8hkJL{{oX>=x`JfGoc%0p(qpTM@je4Pu%VP_vls
zE)@95yxrj(MsFT+Imf-|aa?Sd)l#*zcF7AH8a&hQ9GG7i;H7A_oGGX)b7DMnFPoG$
z#o0o)F7wV6c{ywO;jVx+f#VV*pEK&?rP+&hh;{DCndf}!L_mPHqSUJhnzo)%-0ovg
zcADn2tMhe<1sphUWavTyr1s`oZrcqW%-tW0TYFQuAoCxWhsWcqJ5jjl*O{GhSQ;C~
z8=@#jOHFEz-;t`bRO8kU2cqq?QlZY~Pw}1`&k2X%TZV}1#do2<oj-V2e34O$okc9w
zo~xT25CX`lQ0?>OmTRMMr4Gm1GUu_vi4ATYpN&xq|I+irm1dBI{<hP7bbkV_tIHZS
z1}YyDO&34>8rM}UogWGKwWVJ1{`{aM#C0h>;B|X2Ww9%`9CGnc7}CuIeCzRpCd>4I
zycq&yF<FLL&bOI+BCC5ZcN*}XXE>%+pP^=i?I;SAWYfVOQ#m|l<g$KSqPIIFpg18_
z2}XCN<&-@Cpq^}+)0XPt<@>v9xWStzE=QK^;(H{8l$dsSxX3MI4LVA8{TG5-^8`QW
zeu7>(?9`A)^HHId(nj40y?0qd=%RtwC1BGCEPWSYXv^uS6tJk6HQAS%je<K~X*<g;
zXW*1e6F<z!aOQZb0));+{|{eMpm)s2p}NzIQ7eWzGWGqhL%96~jg<n#wk!uq%bej)
znnn*J&IhcsrXXgb>!X~w<xey$vjuhCkBNa4UtJrWz}?d-Hgi;7^bs-SluH|V@7}as
zSm*2;%`e34C88bAYd_kjO49O1CgT%{KAqFD=46+ig?nlwy<WJi!QyVOU!Tr{n0)}!
zvAS?so_zdE3x*=CI-2)_HCB`B@R^vokPrfat33xk>PSxYiSBi|h3mIC3HmqAv*c4L
zKPgbzZtnHdadlNHvUiOXIwcJReh|mzSzUd7S@R6taZLUj(PDs`vP50{GK*pxjz(fQ
zt#;!*eM?88e?fZ;MljN-_v2R4@^eqgTw_>uXLD-{C7lxmoa7`i>J9Y;wpDW?;01R~
zCfBG2;3bX3Cv)KFxv3oPzizM4vh_|s`aGpE$EG8R75*7)i@F{!f|DQ~eB8f0Q}qyZ
zIrKkuf104qWAPffws<FxeQFpo;0jP}`Zom*02E&-m_2XKbgpmwetkVuPh2MW_&k;$
zMi){98d~;SRJljZt59jL$0#5IQYB3=l~ySSC}E(~r-nJ!DwG_85PfBIkbP>!RxTMN
z775xBguiN0W(Y+LcP-qGz);Sef;OCfKh6FAa-o5I3yF!ruBZx~Ic6o6X55ySwH{B!
zU)e23Mr_HAQ5A1|FhL5Rp64G3ti$c6Qg<%uNa2zv5UV2i+5(uMx-N4s5k{YY(o)}#
zu3IfgYj1tWgbhXd;Zh#)#ijp*m<`>cwPezQbp>IFg4{jkj~iXUJ+M!4D)cB*0L68$
zaoGl#HTpOQs=gvN&c2(wvqc|kK2426-ke!w?T&$OXsm<Uc3f}{$J8*xM$b=!*N5L9
zn_IV0+q30KM$ph~gBqvzr(d;W&htF@59J#U4iWP_2XYtvQ~7{&2-KLt;5f7e1H(l}
z`wm4uyA45tEhtFk2X5;do%^K!aV;|56-$VFVSe;N&-d3{yEKrMeaCfSqVL+w^$r{_
zGHY#yyK;Y4uD|xuw(SU`^6O3HxoBm_m`I)&fue5;DnniEhLfnY@hC@hP4PJ9hQH`q
z$wV5na<~{fW|jF?@`O)Sni0t)vGqL*)KaVUXl=j4V5xS0KR=fVQwe+N%3`qBMpDsf
zQM;O261dcsu#jLFCt!k$IOu+`2xSY~Y1QeS>uOCJk~loCqlPD7Tpc4&e%s1{y9bO3
zYnvfCpL)OIo40Iul9hE@wuWFi><6^iPl0!E@^C<L-(i$dAw0qj?JxzeFRgMOq+ykH
zDwkuL&r~077h19oJY9;CZ^m%g2&Bt8W&+-f7C{O#g^iiQ2E2LAm0}dXJ9<R0(>fP~
zupmo5`)}lfgggy7iHLx&{EjtZ4o%8{UVF*!>)mtTG%)nRh$JmBAC1Xidv}w&Yg^SQ
zRqpm2Q;9;$PulDGdYSDs8=({eiWM`gdkaCV0VeXs%>n*0WL&Pab^ev`Bna%fM)e;4
zi>DD*7Yc^<-~~SONuf+%JR<3CIe?j*QnzUm9QtA-#loGR&Tl9eey$|ur)Kbd+f-+j
zrTrKuAv`O@v(b5Cp({6qgG)V<hmwQdY&q!!W;Ft5F@FbaV72%`xUoeYO4|UBNCkho
z{`)!|3(%oC_$JR%*r1Q_*?(;%{j~0r(3t`!Ot@~0G~DV#@I=I1FG`|VA`dz$6RW=X
za9Pg}aIBDiOohsg7dT{?y`SxOd)7JGKE8*g^TmD*y8kL<F(mOJSwnl83$xv22oDMz
zBZ-3!gIRWUnhA4xJ41s2)w&g5YBi%ldjDu#?oydE)0#d)%WUfvvh6bp`5ujOH;*p8
z*nOwJ04yEvCr6y6Ij6y3^h}?|U6gZnXsASpjfNkOO6VO<`H{p>bVc^HH)#bpW9F!5
z9atky!1erAYJI<8lSHMpRX`85tYk)h9a9hWq|Jc?71JuVQ9{O(XKmUY?eajJb7Olj
ziNEfOiP7awyIg#0|Jgns9d<F!;H!$;wNFhPud-$T4mTwYsO*LHED+~&Kn}*iyH8f_
zk%I+&j$?TCsj0wxu)TY7QFh#X`}oq}7^OB(lF!CFrfU!G9vgq|9`&22gHW&}WeQb+
zY6#F+j)0KuNqzAY%+<)3#Ht70>vE_5Dx!%TVvf~B*6`^HjBkAU3FL5_{-=A;shfDw
zUOBx9K{SqO?FY?)?Y8AQL$L3{dhPK=r1l$2WpYF^l(~oUKgYi!nhodAMcKR?cQJlI
z%7}=*StL4t1wnu@Zic>82u4nO2k<QJb7{v!|MiGIX1@Z+L=<?vqnA(oW%Iy1S2@H|
z1ps=71oHi60($+9h1#P$!Z4Vbo_~#H>oyI|dIl>!I-OR+@8lxmD<pEU)oV_D>f1r-
z`l$EZjd@7ZvM0Q&)GCjg#{I&c1{X=KKP<)N;{uG06TT}Qe*}`0Uzq}Bs)u&`>|ra1
zcA`*jyn`wAxG&qQH0Cmb`g+f~%!UjVD)Uxb^<PYeF*QW_yn0h|h!{D@{yT%Hl2rGQ
zT^hR2f~@tlW^HLL;(ir%Le<buXR#LNwe%^CC`svdARL#@oyon%Jli}%a+;W5J;QS$
zJ~olbd+zDx%68n1UwebBba<_`!E!^z#fR{9Rt(zpP?o@9y0%Ps#ZfBg^>7Z0!m#B%
z0_gDuw<v8^9d7-)XvCmY(#EKw^hcbqnBU!bmLDfdn?Y~XGyPd|>qg8ksf9PPW}JG~
z`awzcb9VNT1FzAL%I7CrqvYIgRtXi6$q$_-(d%OniO{5h8eN!PL1fPfC_Ve`=X?qL
zbU!%zopF7EONv;Q0vGhqD4n}=)Dz>Iqqk!a1&_ev=*<LY9xp~otdMMgQX}znheSvH
z#m`*Oqh|K6E{k2b?1NfXdE0YIeSO@PkM6T7zNP!s=#m*0BdNT2w$LVtNOhWO{l?6w
zan_&+g>wBu40ceF-&%X=dh(dsm42z`3zq4ykam4#OY~uVl|@7zC2J7&nMDoqXV2RE
zTNL4sYfy>S1BQKcF3)J-gA5E%4!4I;r{`*8UoKP+8^j6d*#n#GXeFRDLy=wSfOq=4
zrm>Q3HR+bD!0;uX+ZjGp2<@K-IpYyL{uyC`*%^@Xm9pQ2%;lL-^HMfFw*5fJrTbi)
zpG#C1AI~JBA_1*2s+*Io>ws(tjB{q}fsb5F9&dhy<Snm<rY2{_?o!3SwH~VVU<%!f
zav7-=a`%}_U2#bjBft(nQ;HD7rH$oMf4eWs2%&gL$@!`BEZd?2$Xt%IRDXn3>Ax?2
z`KuRy$!1tPLc1E0yBVh95HptwM_pjyS-46ztL#6KIXz$h2}BD+@Ty-$eGCw*CEsK%
zN6C$|j(*~IK~H}|p;B~9k6nRAu?{+cl+pQPa{<7*rmInYvPZsi-7VlAPS04<lMpMk
z<@0gig5c{H9tRUmk#54WZ6VmakZ*7o=MJbbg63xDaHL?RIq5{CZ;#Vn_<YO4jb59{
z8jBE&wEiH?(Sr21k-UO$q&g?td-_c}>8`_)`yk0b`wubt7e5Zc3h+4YBjV%oXddvv
z|7K;b6A<Of8R`G;>z6FHfn+rd>D??!M@AmtFToZMe1N4k0<7^Yyvg><crii~ExuZ6
z1L_aydesdN)DsRlZ@wZs2|hOX4+}sbhE?;<)fjyqQ;0<*$G9@+24#9Ix2$^j7|@*5
ze?fa()U+Aj>1XsERuq`f&7mckKd6rmGRe${WnN|#=gDhX7v{z24VuE!nYYyM1$kI8
z2X{B-r?M#JFi*Sge%r${C#NH9{(%R%0T#q0lZ1e^c?0<Tq6S%D4kV7uoH+Pu$KrGh
zs8qkW7y7M?rN=QjnnRJ&NEhG^l0^)NEOyHKxteJY$x;b(b<}iLz5#;%1H-yRUMcB0
zHF&G@Gkr>884WBDyfp88?-ys9>z4WXTFSVB=8<$Bcfuo<o}nAXzxcM%_M7s?2|`7u
z5%{a*Bhe2bM&;^UY2s6$`4N-F6u3jb`>a+A*(CkkjT$WetZ->vv!uHG(ZGQ2-TA2P
z%o=P2A+le%i@w^`9QNm4(gBCWTjTUfSgMFN_T3yCtp~(72%}#|o0W*Kc{qvws#(;r
zmHNHOhuIM<As8DY#X)mi{pr5yoF*-S#NEM{C_%YN>-m<`R}Ci=tvL@YWgIpq+iaVb
zN@RFj04M6oWD)MDD<DUhiLkuYgt|b#0{1yWbt~jD$wLnerFXdks7jg#-w?JAo%Z9}
z8F7Y^wi)}k>bxao8sRdedB|CeaC(ae)COsgc{+wWOscced55gvPO8g0MrBx6zi7g^
zzI+)A?(!QKcxEmi{1Qr|9;e51X*-zCjY&+^wrV*czZamxU52gM^uY%{`x&GwuL32$
zo^3aTGSuLOX0pSa4w11BC)CjyT>Sm=;2At&9F_=*V_<hW*lfQDDuO*()^vxA+RM#C
zYEt0vRf)w5;lSI5NMttN7_8vfX(9HQ@kYj{aDQg+N8(s-n%gVtku~bZ|DUP77&Vn-
zoi}cuciLt?DrPT$(Y=vYjS7?(dODQvw<%!1<*9<TLxceo@eNEvZo2!chA63X{)p67
zyqZ-1DAb|j#=xG5enz0$5+ai1duuD-ho5}5y`j?je^W314p%{>w=dS@ioCL&-s0sF
zkuw^t|D<AeFZIExD@}VYQ+Rwghh4E<HdW}Qp!cmdu;>B_O}>3PTU^ORo{&ZyF+x&r
z<AalUnfML4t&kf7L?Hn#YzXCZ&-0ncxxSX7=+sKBJ3}9&$^n|U`!Q=*eeEdp31lXq
zI9lqI_m2|iWT#gsHN2t#e(X&l4XsB4#`Xh_)I?&L|Genboep=US-*K^C5(&j0iIs?
z$m*c6VQ8+7L_HFVL;6>_h&RADW#&u``@YDMDm+4-ijEci`hAqIWEyGY6~<>hbM#v8
zxyzcSxJJ!dD-VICP%1kGSiUXtI>A~6?K}a8z_FV**1$o#Y#~Y#_d;R%;$pKz;qd#1
zLeo${%0sVc<~=>S9hNijRPqfSXP=7Pw)|A3)%tK~(a@TA{_^N$Y3N*03pJdaoHqUE
zZjHY44=FU!6G)*e6MF;?j{hSgM|uTvYBSw$_UnHZ=xzdQ4lkx)11;<#rTZ0dK^hM@
zy!@$P^nsaDws?>V4LL`J03fEMGE3R%Yia39#xRq5XL$H?d>n!T7t9CKl@z{1J2kLG
z4r89jttAQw0GNKi^dCYVfXtHlz*SejcIS-qVVQrAci1DoH-h!vudj0cv<bMoIPsjW
zlF?WB60l!(HM`#*NsmRSDyY#~>>nWN7xKAb=ci!+i?RkcF`1-+KJX6^4j~4+&MxKX
z7~VE~$+~ucF;tn|0L3pt-+f&)xDB^oW_0W1(?%a;ogf^BP$Nh6DAS&~88@^Ma=QrD
z#U=OmLMfjU_JCb>VRdOd<d{SqmOCe}Y{j^ns@Xp`cZkJ<4nIDP6;eb0Ds-ay!S5UB
z^92p&w&Ot!k|LDKd7d74ED}i0XX0RqhuHQYi+#1ld(Mcg**R1-0@geD0KZ&}<Hbn;
z5ysT$B??jbdLYMAz$TIF<aBpjqDbIm6Czx+40e2X>zy_?SnK3#qs|$P^i`oL5NFZd
zEc83OySHHs3<dt;eXM^{jdYbH&*S_s_Hs+xTRXX5J`eckdKq)&Y?9P_%s5tA_N&kY
zFI7La@IbH;c_KhFZSKLP_9+!x^zKLgGE8cV)F<@^VU(PdRfO5zUKqH-{V6l<2k_k{
znt?JU69PE~^#IeX`uA8^>4Ze1f?e|D`tpMNw**zQ?}e`r+k(%sOLf=m$}h=8!gz{I
z*>sQv3Ub~^Wekr~Jbl3a!`whJWYbXpYmU>xxI5H5-m1&mL{FtUbp{9m!1eIXMg#~d
zP<zH|YRpF>S$|e+bHzTzxv9`QvxUeeVZXZ!p!6AEW7V`7^xy6Hx`YVtiT~$ednO1P
z?t{r^Z9K7sR|Y?w?yQgBPe>2~2fcDm>jJCh$@RRsw1~3@LoI8Kb#{8|Lv7dF7>B8m
z7})o1nvf@&4<S~;MhL~s4$SQcVAlkewF~ujK)x}faV;1crh&6S(6=;ePzzBtZ+b2^
z3QOMi#qJOgIc%a~)=jsS3!9!8;`+p$0l5GK2ztNyQwb3}Qa>I+2|PMzC}SrqK%mlW
z0r#f6U$^#+%n^x%uO<Oe<_s$Pg9lV9N;kJpTP*rLnW~{sM2l{W2@0nQam6<w<JKYW
zGU*ku^zSaNqK<5TF!?z9hj<9tn8eU2WQFG2*X?RujyV}`TiYwmC6xEmr)84-ppW=O
zQkuUnshm3pby>9Ufz158a<Xqo!o${@kESwNElUrPKwccERdg>oSUx+v+S6pXD3!R{
zD`Ix|R9S~$75nc;s@WsXY}O{4E9&x$MJ#PP6~bcL!Q<#gnA(d`lM({i{@uI+uPk#t
zopHJupH91Q970ZMS4-#x0#Q^c&=pcZs`w)ueMqdwpv8PYvtJQ)6dC6XwkBKTkeINU
zv+SEfFF&0Sj$?u}BPnb&=>p^>yvM`}p@2s@y8}VBqcXpFBp%(;L`NZGhmUEs&$E+O
z<`l-^BldEWseqqF6>{E?xC<|WCm*xMw<E|m4uSGfgS@Q?!#+X9ZBleu{4@P+E+OqU
z&jqyM<L)SqZ-HJA_$Y!Alx;54|1d&t+asO=+X)!|jC9fwZ_bndthRa&_}1YLsqpA@
z`*o0DD;!&hWHvnBnr|SXU(`SnVzQg`Y3%{AQyA<}KDSdHygvoT)JCpz&1}^lAlmb^
znCRREm6q|97llg<9??$*l=;v8r2X}~2<d-A5H)uL0>Jz1ZE<M#KPgUsmp|__;Z7eZ
z7*Rul>D%(3hy7SK0BdB+8PEf(`Y_ld@nKRe?^5q2fgB@Bh&#UgK<e{#IR+k;b8o_&
zXXx**yc7lW9A7;uFM!vt*SMYA#=YFMV=eP!VZJpLxBs(eA%mIlbpp3F_0AUXwB5lw
z!GC2q(x+X2PsyfoZKhUHG&LkyRo9h52YOCS@G|ZxpM$=T9^%DBqe~Ps!v{E!kcoT#
zNXYHS>wc|+f*%pJ$L*h)Qoqdgo-7*b4ZLBPDgFD*hWHd~)!B)HPCvy>QGPu~=cQcQ
z-w_g2UiXNZ?mhvf@)8e^e|4sn7Hm5mttnoanJ{Dxh@0guNAuz2Sc@tLFtuF+XT*L-
zTQR5$|9)h)uQKS?LipzLlz`a-<35YV{RA${>sMCrNDYD~2<2B+AGW4y@Z?=C6Il9V
zSs_PT%b2<~RunQJsasKBh7Uj)BTlhK4Z%66VSjL#vJiE;X`S}8&zw>z2~ctW>S=?R
z0OM3(!*XA#56A+qh>BB03HdoNq{;sPK>x0}VJ}_)>1KJAHL2aVBt3sZIP~sLR`W<;
zTpa!++M?u}2l6$4t=l<APa<zeE|a{V;$R%4NUiLKac|N*QOBb+FGzeuu5A1wqulq<
z?WrDhKYI%Eb3@zH(QzFjmjZ^$9v@)OBf59L7Q^3gu1MV=mA#&?DfvYDczd*g)x5Kl
zrg9pWoL|hem~)jhz=AIZ;;_M0X|Xv-M_M%feo>c({*6-m4?i3quml}_*8TC%XoutF
zhfOs1y6}?&U|!rKu2=2k`e(Tp>xM(d!_)4elECbG66gieS?T%X<O8M65;|t<88Y$Z
z1C8R+1Whi(3~|8pApgkj^P518rVpe&DKCc~wSC#tsG9XMd8Ycnr8k+g<KVGZ!T!L;
zd#&!6Vjp9(pN8v%)56KFQ};i`FsrA#hUqMPzBf}t!!T=h$l8EZEj{h%yYSjM`z7@W
ztlL+o(%l8F;HNG)xz$DjD>xz8EnAr0Fs;<4_Vl4&6~@g6%et46U@3Z;5ksE<(}>8)
zFMYoWt3Nc+K6k&yej6MTZ!-nV069w=#<jBRF-bMr(RazZX$|D#oc&Yst-tdlSb8Hz
z1qkQ=(T|7!=*JG@yAG+4UR9-Rx#E`J<MIYS0G<BR44w+Cr1Jp@n3nBg{-X^cQEOKt
z<J-$!g;R(<I34B}FK}#TFZ^q-dTp828zpD&t&dwU3pwFNGppY#wk9Up9Mo>G_ciE1
z-Fr$EXlR0Z%IQD@kL?kJ4e&p_&jc(u(JVaW@IPFyRzmtftnVZ&ad`H3AyQpKM(Cg|
zT7N6Eve|1HK|-;AjP}A?G>_qs2$3|4@g0Ry1!~14m&KO=^IdB;Dq%X3c^4>dpz=wi
zY@to;qTi(FGwAWX3rA!oWT^*7WuLz=ySI`g^TBg@eYfc=!W^8qIn4>&g^hu4H-S_x
zHUWy{$C2RW-u&PW$T)cd5C3<V;fceRX{xNa^5Xn19C_!5FU~%bZgM!YR_!%qqki6<
z;e4Y%d|@qkllyz%sc(0$$OX2h`D5N${N{hw(TO0VSG)iQ_~}0v>(<oDV0ZonBC2BT
z-6l=)HPT2;-yAWL-vQL4>(x};B|Mf>qL_m5VpeP6&7fX>cVpZCoc0_gjmWo^n*;}h
zrsb5w=Y_VHL?t-D!Mh|yG|;GRy!H=f__thwoYbP(<J{-LZA|QCk`WmL)!G8->?bWg
zK?7CNjJ3}DB9AA6T>)H}{099EJhLn_kELrIxsrW5E7sOrN(sEyI$q%xV;U2AHbl;A
z)L~C04$r)Q4zr*u`rCyQD$VxZH{TXCnjP)#VUKU#3dmuo08RqA$QtwYrs`M87sIFL
zN?gP7{0>a%?B;uE*GsMEbUfQW7PRL9TJaC>eS;9!`2+7sn4c(=m*=&}m$`e8WR#zz
zOjccJ)9tKg&sq9I=gEQ|VLcGeOn+VG1_aYLtADY56&X%(Nu!rDIkEyz6w9+}sU)A}
z`G1Dl?}1dI-`UC=&*Lx%>TagQZ3zD3?i^i#<<(wS-oBEB$5N4Wo(jW^&-+$2#SP&6
z6AVv6xhk?_OqOegp>xpO2ZF#u9nlL=f*6Y*aS2#fdD!<+m)*jd?Xo`kg0R-akAQ>?
zEA*ONp>o|~zn=f4UF3^%t?{urh^H2iAZ!;CZ(!h2E{Voi{*$xFqGoB6j&Zh@EI2Lp
zchT{gsaNRI0@JKY35w}miK1xq#x9$vUug1vG84^$8UfMOYUZpo#V`CEl62Gh*8%4v
ze&@UJfc$wyIxA_;!DtU<<nkF>E)Kx`{<+s{(lcmKh?vi25J%c|`=2a^A(*Tds2Jy1
z<Hy#mA0tNVmiOWNzx5?_LwtdCv(2sj$gK3!@%C|{!Wi1{{2h$(&?J6#{W2E_%0j%v
zL8e78F#{B39+H5kd5lUKku}$M5xevEJ^@U9(miXuL&z}lRxxeF$c2Cl8a(^;&@Dsc
zZ0~A`K0yIQ4e7OfwNP5!ZAVNcnWS0#LOltM+6}u1!LfhA9FBdEqIrqI0at+K&xQM?
zuI*`nj#ZKJ(##dzyQkM0e(OB011SfQW>25i`bY@TvbjbD0HQ|?@qYo+@N6f@F>Eh@
z1deqNtph!{=*!7y1-p(!*{}u&1Vos-XyN`1;|t6DQIT)Vhw#pNlN2fwwGIAH<Zu9H
zV02p`@EIh~C>bR3T6@o!+D44D#Qtx%VPi&U;X9Y><;L9`#44Z(kB)!(cBNX~PkWJ%
zAPewusZ+1yjGv_bpfHCrKXlH$ffV<V;I*fbxt|Y+e_~mB(^17QQZM|-mX2*~#i=gE
z|DacD6J@;j+Y2vHP(DQv6aL}X4X$`P7Cv!>C}PV#f|#Wu|8#qrI;mmfmJiJN`{@67
z-thilrbMIu(8@-C-t|5funm02m((f0@&wajRJrIZI&Orh?sJb*;ZEoLkJ4Avxdmk0
ztTYiDn?}0xmlaB;^No1COP#IOAnJL`#$@0-%75L8Ti}OG(y#l`!S{=hoz6#>&l6s{
zuEhMR0M32P|A8Gg`)}Cc>XA0)|3B<-SG%v(KNlNgws$nOqp!d5HGQH8IVp)reTaP9
zeZ331d_X+mJqLsB9AtNwnhxG5nPSc0Y2j6PM$N~LQmeb+xHXNtKAi2>p{S|xtK8`2
z=~pcuT+@Of8IDmFxbkMTLczPIitYJIjC!D!S~&6huW}Q=+`%5ZKCQaemoPGlHrWtJ
z{qYs|KYcz#?6IBiCR`oE50}dGopWB6RvkwAQgMAmzBG+G@?uj3$ILxy<7CdN+uF%M
zOclyW!;h4&irstPu?c4HXx8KN?aAubmZsx9ZQgDa{~$%-1rgEhkgP$g{~`|uCy)zf
zUFD3f$iv2X|0nXWrRBi{3mnh9r_X)!cRy(o?ZCv|E<EfN=syon)40K&_db}Fghgx3
zj!nD<39<@gL$gEn(qa>vyjEeSJuj#Pod+C3%FIdm!A|K?<*U~7a_K1kkhPliaGa3j
zu5;QRz{(s-a6Md+C79dj#~jHp8&jhVP(0e!sIdx>jJXvl3|N#lJ0Mj;n<-4w8}f=}
zEDNdOAXaZZkyjSSIf#h3*nK&H8qSe@)&#pUVhwh^vpcoYcB?cJLhR8ByFckIGef=B
z*f2|y+s>W#!XusQ?>@5(4cdI#WNCh`f|4X4GP9b@FnUIP!_18iQG-B4y+EjBh)HS1
zI+NnPalzeEpaV-apBnSgJL6<;qQ*NcflBz~^7~Di=_|Rt7oK#aTfd3N^!p##Pr`OU
zpc=Ev6IFjqA{oi`R4_2Xx_d^0JiVz=UW@fbumLTsuj{m1S0~*Uqb1ef0}Qu3xJa2~
zGQ7>PPZtm4fqP7OQ^x&CF?w)5#@>u&481q7K{NgEUGfe>{f`)5_59!A$~Emo;uy0U
zngzUrmk9giaZ6bJ=Bjz3;+*(BCj&&uiuFlD87d<vl_@If6mb3uEk4MN?asKNm>#5G
zc#T5Tgsv`6D96>gl_SRz2RMX(GuBu=d5bFU@S`pA!}4mHO0kpp5V(`K_{;n9b-jKR
znJF4vkO;A++#zRq=hcX)2ivrse1sru@6-LzQ|qnYe;hl5BEYdjDb7E;wyv8j=<*1P
zc268o`9wG#Ib;8qjO3FSXEZsIF9Xm;Hvfe#`V0XRR_mO5%@4EvsGe8LJ@LaFo7<)+
zRV!SOn0p#g@THl92wUrYS)P;)@F?E0AA-D-FqV^g=9wrb0gV*Z)~bjMdLYP<fmuw&
zEK_(#Q|)dwoAd5BAD?!n{N=U+w|kkgRYEr3-2Ex+OTg+_(z8HPM_M9x@5*@F5Y9%@
zlTYrhVxyX=5>Coc{8(jw%X?i2QpMbG5Jt*L`8MZGzA?c7{B}SlEd<&6tS`}e%$uY@
z<@g?_u9}%w+6!RKVey+4<>!tE-dFC4z00YGTr@BC=)6yLbCH|OA7<?2Uzv_KWj-z&
z%9&hKOl|J3WiRBfbC%JYs<HF}Cg%K_ZwNUa9{VZaxiOmY|2_qVe#Kam)MD(aS@(YF
zAFA|p{-eN9U;|M=mpqR|yKg<T7pLJS$P#rJG)1TXj8RzZLNVSymrE7Gv7B=DziaNM
zY>-Fx9H|-}Et$~RWBg*h$?9Be(t51%_CUj0Kj4JlB60P*NkH;r-hM;=AWwt7cqvo%
z{C~$5TLsrr!*40npwne%3zT)Ee_>{bgTdOZM~RF;WbYO&K$)SEJLNT&*Ro)P8I;AQ
zD#{mtNkA<G4GgQcvD4B<fEXl>PQK1eXUuFOZl1d*u9^2jQndV1RhW>~ZzmLeH$Bc$
z7W)w5<<<772@Py{FM}yK-vlmQl;E<nhqIx2rj-)jFS>K<J`4H6#Qr9v@WSjv4QOqS
z<KDCb|JWFt=saW?74MiWN-`eA9q|3r*7^sp!__$<5(_ys+&5wSwBj;Z2g?r?zW6NB
zXVBMaJ9kFN{EWcjLO+hGsO(DNlQxcskr^MRZUzp|S67>mbs$~-gDi$GopptHS^noK
z_tUqcVdn*2hz0dTw3-<$cLy-(ajfc{@;^iYiloI&R_C!hxQpqpX&4ie<u0>#OU#LX
zB=HhZEX_ZLZNm5uO_=0?i*5{Vn4DY*i60A@1KOrn75x2Xm}5JhcZ3U4`f8&l&#_(!
z;T;1;VB3ft*iwzE6H*)lBH#NGmJAY1g0SRcSKd^3pm-kY{V^Ur)y#gbhVRUIO~P2d
z?&@VGu;$TQm!6BgIDt$8ZMP>C<dhbjlRKu-1Fv!cBcwT=Gq<>asl|RZH98;^QI4l{
zd+FQ@gp>sSgp|wx;8nHcdv2{f@^Tlz3_jvB{n0S9Zl+?b^fy<1cV=MVHx*6#0|&Y?
z%9LKwjVI*tB0%@mmgm_kGKR<nDLY#r35)h(P5GR7o<j0yTW-X+qz|VU5(aaL=Y>|n
zn6=Aq$(L(dytOsZ&x~0e0rXpSoza3(g&&5*Huc(81p}?2Tw;Ca2Uu{1a4#0-@Ub}1
zRv(}bhE{A40*VkPgNxfN`f`;-U<&6`i_OxJb_%Yv+{SXNB>DN`NSf$~q!brOl5C!4
zq9I)3z3n*M6*<zhkzJx#Gu%4v#6M#@WHWly740N!OCCOpVLfelwMsm=;sX*-ZNI*t
zD-;c=WfMj?Tn2PuE7x`Nb#5}HIX)WVDiHc%AX!Sof{EfGo-u_K4BW<gAZ9mhEdq*?
z+yO2d$X~NxA?b~1xhdH4Pvzgq8dYLd+X*)!7+9a|8;=~ZU+?NRmT<Qlw|W_DLeQC%
zU0+7v|2;P*{i^+dmE=p&gZ8dUtL_Js<@$N8t^dT0#gG4@jPo6E+Njn~r~+j$`9cB8
zIAZX>p^WqLd6OfE2?(VYpPQ-Ez5V*dF4JuY7ooF__j^|4R3xTIJy^dli4P0#mN18N
z+x%qYI0&cq)<$$6hyv;OdxU@!rRWbbvo0E(S956$Ocg6S@p7kNoj%2KzPUgh#AroP
z4w^aroS_~YYcYs-zE)^aay!Gx(4LIp1^y7?_Fxoq_}Q!7+q4XC?^spAau1ZwS>bOf
zQk)wz*b1LN6Mv|1ne8I+B&f0e%%m$4*mF=L7y}crGO6+jFLVNlj>gT-#c+#{tt_AX
z<rug4KfJO<oKea$vuf8*l)KHGSgc-BSt;#V5fBA5x**OlM~Yy#PSSk$xh+)G^(8!-
zc?d_n4HtqdV+z5FZ-nh23LAU`Nyxs&vR+O`zAMS0eoJchRRJ$f@iKRpD&(106}o^`
z<>ru124Te$B*?l1oUX>|R_C?dK9Y!xi=!5O?R;D{?qmEFl<PgT9n=$wbQx~P87Nn_
zAfWt-pam$dGo-Y~gL`rTT*@i1>*izFplQV4sRhw3g{JS22h@-BBFNn|YvdpWWJ;EG
z4nnpW{@OGlXt^tD96x}|=BrlOqm|x6ZC-YonS&QdX#8QB9R)TT^o)q6Hr;HU=l<yg
z5Fqah+Zwhik#AD~7vZMHV&=_G+wH(6nEf?p40GLL?MwGS-$c(m_Q9-ut?BO&xz&D-
zZ-7ry1e4<1s)oe({d>Ud!jt!J>KRs{vJb(HA+}#O7g<*Zm9rJAN88w4oi69tYvVhY
zt7C^w^-y_^hGWE2)`sV5NYP$-C&bh4G68hVx;^Z#23u@c-2i+4#V?snV>g{oXq$B4
zlQIbMZqc0vCi3piEQEVb-^>zybra+0FwmfBAQ`rCwTItj)UQET2Ep_h89rq$&l0Q4
zX1=T#*Kx<;K8h9Hgs7(3<%a%_SrPk76^#RtKmb*=s81sL57F#573ezHr=oRpGW{Qf
z<j5;RvW=(c&UcTS?RPwsr@bHMJcC$rtTbQDHQL;iWkSzq&eJ71$bDhr#tl8Bre@<r
z;PGb5rJJcuCUIJ*W76GZ*;wsOB<aP_@pHdCB{ep>nJp!GYM-iGxhax(Bp!I5SpN}n
z(^N8NJcH#h`5jc>8tpVx@w>j2^2QNr`PFa^39GhP)JX#kuJG6Cy0#m`1S4{yS)q~w
zGZ(qCv2tz@Q$1#~v-O296U*bpkZeXGaq!8+F?AdYu`N3In28kllFH+7u-ebaV_Kr!
z;Jdhr%;P(a{1T^!^9&G@K~*c!-edXNTaRrOUyWoq6R*BMLQRr3_(|tTE<XzhFnpj+
zKR3|8X3|FzK}cJ$Jh1ZE9c?w80MTi5ZjKSOMTxd%0NMmCorpW|#msjxJ|kTom~V;9
zeiLw&3~t`~#d#%t3``%VxZe9c&5fm1XL}o$g8yOUR`Ze~cb|{#$2BnGi&voUod`}h
zu?7U#`)5ln-l1_FYI(ieOgb{~4Vbg1-1CNaW2YSKB2&SO?-<^4O6-x9SA6ul*~{}j
zx`*@2pxAF$k!WFnvMB_2+P`nXmuI{Ocj>%WbB9rD$UzX-9Wkgv2e<_tvM8D$XNy;N
zpD8bi026*h)JQ$u%x;*&S4`d`K&<jz)pdS#w-$tk=(bxKwe(o%?4-f+P3<$eNVqoe
zc|3eHGFCj57PD{b{MeRT=Cw4p)r-FbUAK|AGf?yeZlIZpHkALt_zAOJY5Zz}P5%~a
z{L4Q4^IPatZqcz1GDFOEt$~%DFRnyeBu&4KF<ov3kHs$NKKo$#$6jF?bzaNKM^$%S
zD@|d*{eu7_Tdx+Mi-^c~phJf*NpF=;&@(WcT$CgJ{bTio({#}urbbV5OG^hDRQuB&
z&=6`Q6P6>&*kGkW0GHzhe+6DKo;u$ayx*ogU`e<wk1vA#7ev-vd5wFnqP-QL3|rz~
z;N-M0h}}$g1|9xSw&B0u5z^cMRdqzh;=Sd`5GPy!yE4XIv53XLLJlZA)3EHGRw>q6
z9}liI@_cgJQH*E{<n7tt$cN@^+y3?~=8~3J8k3`#%B25n@%qsT9Td<PAI_R|wzlpq
zbpIEx!I7Xd6@IPq!>9(GKwwPS9Xv`?-k`j8dC7y01w=C@&{l6fKAdOKsKi%c0l&C(
zh&w1~KV2K}5e$TRny2ommvT3NDGxwGr5<B4Yq60mTtQ7TqF%R}{m15iy#d(#{b%eS
zrT(8`j#u150Sb?OB8D6Bo;9|ythyd&PosW=g=J-ZuU^1Iz}ECVoo5Gm$}`)Y|NM7c
zqs4!D%Nd1Fb^??fy0`ira>>+lGw1L7Q?v&foLH%Ts~KeA(M?_lz)unvW{nqAs|QK|
zCLHp_<X>K;_h*2+6ulOZ`9D8D|Mi`)49&n-cL~7gJuJ8cLd@^h{YB6^_eM{pdy_$T
zn&2*om*d&4{JcG0q79e@7;^*;ZzR9eUKvnSwwKW+yMouU80uf3*1kC@1RmYY!WzoP
z%=mmeI_I(f-FuR|-<$}pi+{VpH1zc|mH)j5fq`j9vzs<YUYXsz)}iX<4ZmUxcX3at
z;9;^1oYuzB_~afPl#4u%8L~cg?R1WpF?%JQ<)4n}Yd0RhkGlqiIQu;h_X*HYT<B6_
zG+XfAzfbPki>Wo&gv=B1c~dD@6zk;$|HyAm_iFvdjZp*r__W6XEHrMUK0ZF6;MEX6
z9sBOzTF<jL!YsmWEPjap`uX6G_`iSs#_|v*X81%%4@hK@DQ@MDza1PrdzY?HPq4xl
z>WfP%!%m{_*1XA4GIaY^0b9gN2HPjAA0IH#L|1g%coO~d!{0x>UUjW(<Vmo{wSWF9
z|MZOhU%vf()1yN>?uFagT~KfxEn2dLM<L2(As%qTcO0e`eYW3GVYb>waY2fm#iT9#
z7>kHh)9~z`MlC)i5e_!>{p;89uU&o3VdmZT-=$Z)aZC8x|La#H<2Ahu3l(<uL6P9v
zAeG|a@*bs(0$K2n3mT0niD+q6{ugU+9aiPmtq*T&Qz}X$CEbm5C{n_rLqb5hMY>rA
zAyOjU5|T=X<WfLEx;vyh79A_TxkTTy&-t!%-o1b4{Nn`z&zjGiV~lx^dz6}j0*|yv
z;q&LJ=bv(8hZ(#e+={B?+P~Y+zwCBo9Z%m1@u0V|xYrtkatcqHsaY}kon;r1_juUm
zCUo~-wzhO8`caFs{Qes`%**ucvS9s#51GD!tz|-2{s7{X`SXNIA!;`yZlGmxB123}
zuopMFJczx1ZOvx^@DjWZ*nj^0t-Aa9+Vi_4Onf9Ch2fu{`w6&jkO@_M5PR=>;W-=R
zDlQx6MG@w#SFaX{NN&AW>mI(wseAF)!HirUyx8J)J>~a7{o2T%hxXrny?6PdVM5zw
zy%aF5(XrNR4-8=w91_>!=3qIOfPwb5r?`PUeW5pBa{QLO3mD1!Oa%G&0{1Uje5Q2q
z22-uf{0Jc!0pHdnbC^KZXvzwVB{nr7Qgr+=<u5^^CQ!ozOa1ji|J|bh`u|XZXFPrB
zu7(pjwa+lymYVm9n23PjqDkg@#tZ)6OQymsxtosTpC}9e1#H69L<X7H;E-#1Zf2zL
zTdBN)2Z{bV%Db4Q{`em^_pj>&U;n42k}{RGw)FO@c|u$zw4VO?>-|5_zazOltQWxe
zU;gxe`t~Uk&@KMx00nih1H?>mIJlWubFf#$9k(HnR~LeRulE^{bZqN?a%NIEcN11r
zYl|G%f678)cYEGb-0RnaT4hG=U$Ocv;i4C9FPNsv{!0q~r=|YhEh``mqWlkD5dpQ-
zGBH(Cvk4K=2yiwcBl*+BRQjsu;Dul6XnWxz!N0Mlzcm^2Yd=)MgHNN2>?VMi<u%C=
zw~O%kib#vpQ8Ni&`t`_R%(>ZpY`XQg&E_B2ql7@n(&VM7SPk#K!zCOuGv$LDo3}XQ
z;@~`QZ3(#LnTPfB0B@IoO;&iUd3XEX-!_d1<v*HapoGKK#XmJ%i<&S?hGkhcl;mDQ
zo)qK_?*HAgV_RExb}WG1zy+IpO?>ctM{bM)v%yfp`tIoOZ!`)caxk3riHAVsNSWkH
zcz8LkHpw7OUTFO~{*t(7`p<Ojh=>1);Y<4?AmmV-U`=85;%&&IAhm9sJ1c7Vzs?Cr
zufqREdR5F@aB;7J^ZLJ*UVsg}Z=*s9nq&f;RbJivm%`n>0R-*yZ;}5yYVn^81ToW}
zS7PIyX3{mWGBA))6B^<Z|I4zkV}o1Ejl=}!@7}-Q6jCtS+{r+z5yN%6H!y^qo}NYc
zSP7eu(6l$>`mfc21;6=!UNDdYa3SF}H{JffHEASFOj+hcHygvG@872dChgvT>@eru
zyZ;1*ARb^;t>4YT;HQAefdRk)JbedhU&wz;Z3ISYt!~Es6RAxEQrit7ppyk?#xQ}5
zOPt9cIrQ)b6I08(`&7Sl3Rv~qziryzQ8N?+P%x?0+NzJhC~!c`MQ^hI;O#qL`Hz(*
zU{-2Rvh+_@8Ua@7E=;g-_b2X32z#rJv0>M)1-7<artr$cKDS}-FgEP&{kzNmz=o-S
zjfK$<e>{J3+v7~SW>x`)%S|#<>Mvw|Z|?tg$=V6JOe_jz5!l9ZCMG6egGbx$%bxG%
z1!VxkFW$N+ivPE9+z$`TT|rg)<jT*xqUGJYe!4d<e7II7bkZX05jPoLoTHa#ix^nt
z+{}ahw;%lnSji10+s6z)iU4*f<B4*T4=R2ahzDG=3&GR{=Xed<99*0PZC86ee(lfS
zP&_o|9zus5*sA>mI{-nn{X{!qYTe#1FWdZ*tjBjSXlI;j<Da0NxX<%k5K2kk%dsr#
ziW7{v$V*s<eWRsjDg6foqtuSmOC#m8%1P(1Bl5+}bg6SXjCA2QQd7bhB*t%#FaHCB
z^ymh78S2iaK;w>p>r~_8=_SX&@L&9S%CD$jp)&(oTS|BWoU1%Nzfk_V1Xc)vi9(hu
zT=@qG(GFXDt4YR=MZD~y$s9ciY7+0if@oC0wTWMQ_YV7RLY~48!oU3<pVKejhE(L@
znPf`fL#ax6qN-z~W{GgY^~lrA^=sAV@Bu60@9Qe!K2Rv1q8m)(dpjdhyMIN?S8log
zQp~$b;FmbBZM^&!%>H*@9EW0VSaVuP#qw-1{UR?fo9UInfB<kYaQBwr{gQ8ejO^Mx
zruq9@V2s%U=3iUDiqRjd?hWp5|9YYd__?d}i_3ps(4~IL1{($rAl$M8LN<7L1q6tI
zukgQndklCxI{?$%`rl^(>RH`>;|_(9go!C|#PdO03s*qZBndhca26+0y~k@KdUt)V
z{qmK*OK{_s*A_RJlE@WUes5AE=5jY~zs>#Yi2n{UIad7PM9OrXM)HMX49jBG1lIM9
ztWvYq(M9z|l{C=@gv?>pA%s+cAsmX7;^r(8CoR$0R;}H6_*myY)3-`Kwv-nyU(WLO
z1(&}3@LSn2R+UWf*^6J_{}m4ZcVGXwf*~MmuLSEmW$GlXutk#UN?4wI4+U!7QFJkT
zO(i_ogc1>C=D&>+9!9~h<UIZ-*X<($&&j|LF0rMrI1;n7pmV9kchGcvOq|g+Fw`jF
zfGzZ=_pBc19C6h+Lao~<oXq^UEBpWUaX(#rCn9F&Hp^+<u(mVQ4aPFRpDqTS4+O%5
z3Jud$p{1qWNoad{k>c0E9VdhRJFcT1#roSO1>64Ob1uk2VKFhYt^7-vOvt0)^EdH=
zgb`$<kaFr@Hpz7VVe(sp5VGKMLRirJ*4w}18axANjZEq~<<}4t5u<bXxjO?CRvg1Y
z1xbUSU4{Raz2kVyD^!!{{)1O=1xhY?>w;oR8!M2z+|g0HNEQA1T!1#XAYqS9Om!0~
zn_B9<cKZ#e#5D3X?!|y^DCt~N4L(QKGmR2NY;#KKp_0p*dd7TMr+@4O67Qbhmb&tH
zr=TCo^BnWn47Sy)<=j~1bHYx^ffwU{`zi0CXcu}GRQ8GX;18P+{5|{fnG~#ae8AL+
z&JpZ{;@QZYY~&3lu5!T`m+=Z4o2Gye&}y05i#8lZNJyxBKj><XLG=^zJF`_O1VNYA
z{&<Rq#e8lq5prN@2%RtYo71^ZgPbkf7q)GIkxRjT^eX&4*XD%qd-@B1Z%MaJz~Lm6
z)N4Cnj-^)M`eLU6a4uF;c=QsTiK$tHEhP;qZI!!{tFz7IBl}w(%(HTFbu+tw9=W++
zUIuB*(#f*0vAu}nGMv-&a^%NsU>xD@`DLxEgxSE#HG57v=U9mS(2>D%w8Di8Qa5!)
zk#06M7NMj_txKK1pvk{8_nu0BH8>6)%8O!8AJc?WiG7Q?rmg#*?^>R|GPUj+=cP<A
zT1KN?E8lv5CCc@9hxY44ZcnCcXkS}Y*6Q?BodBr&e_eB99xVLl$p_usJvV*2s+fgW
z+dJL_7Z<g#A{jU~rmI$i7ylM&n#S0B3PrfrZODFFY;H=snW>hHaA3gYXhv#6FwI65
zWEN+E2D-fn)n#wnmlJza)0--H?1nNq4N&jK%B7r>N7^1RUd7R}D7b0Ka_-nZPJ331
zPN-g(z8Da)b@Jl_6kP2qG({!9J?j72V9NbO4fK90xE8=+QggFWO!&md_u|D%m;g6~
z!%*~9&{c9dFd-oO0`jbHkv(47a2d>(>5Iu9U~w3C6)<TM9<TF=Wc7&%yyW+X@a|{c
zpZ4Z%(+#yF8tBNM827okks44;2YI)z{Vlm82nLsTNVDO&o53nA!hIEwpBVy46R&wy
zD)AhbghK(0TF%JJ!&WM?-CN?!*Df4(oom6l1uD8QNe^+O7WB_0|KPZUbN~F+C2xYY
zq~nseT{X$PV9jEh1fHLBv+3VS)vxoG1K^`W?bIBD+4K@H&V<Y{A8;n_Fhf2V!!Ee3
z4JMkJX4?FC_uTcUn<_U{{ev!Vtp^&kzVjYjO(_h}%GVrNco5C{ut>b=<2-4_lPT4r
zveOjml}n$k9{=KJALCqbLzlKBP|ySR@cBzke|q2+&Ga_${H<H}7y_1<9;K%Nyb{1C
zVB9?cE(jR@DWRMyn966>E)AwtV<gD6_O8QtMHZ=%HPZk-<)}QEZ<CoNA1S;zpp>V7
zK)yCsE@T+mpoly>c>n2>aD%;M?iHZ3<Yc(Nwn7?+J_qm8H|&6rCqI6~%wPmfsDkI}
z-x7UE45qg-k0ZihdQzq!yvPtx)EDbyVhYN_@*hN#T5nHJ0eSMA3N3&9g)~OcLA2I;
zk<a3Ll5&vwbjhrcewjJ1VS~4Jb(o-2+nWrnT32%Y@+Ij0(8JJ*+^gHbyzpGTe&yT<
zLNG_JDOb+|j-2$(o3GA5OZ6j&{``d~|L2?OGY=5gYgzo-YCn&>?GJjLgq?&0&^bIw
z*ohCcZw~{hXVT0nDZLFWc%=TE1K<T9zzV*R{syuQ`n!^yh=_?9uLK`$O$~5%gn$rW
zcBvV2FBqj{z4PO_>){4@yjO$7O&|aUDsAV4{9{gx01OwD-@$OPx4)tRlH8Xv8~pzv
zn@IZS1dNIrkw-r5IqBkFZ^0Ox1x=yOxTAbN^FRN~&HfyH1H1^~vgvu0BU+vBH2?+~
z85!TinGV-S(%a*U71oE5GGD$Jf2x10m@t}g-yo6MBW-f9%E71LQT}W3h=_<B$3`O=
zgK7sin=H-TZY`MqrSV3jBL+Qo_)e!`?_c=A$-Hps=O+U$tQM_nH#Bw&LlnG~R$RK8
zpYL7c8*|6ZcD$B5>3Vu?98r>m9tA+rR~fH@i$E808}#1aw+~N>(e~V#*<Gf=nBq{o
zXCgOtXfA{qqe}xVZv62aEqI|b{lWUFyLTPlP?4d5pzTmWYz1bX$1UrsdevB3{{N~c
zh+rU_3BshB=O?(3_0vyp@h~wR<Ff#|N=roQ@e=f3S1K(nqWK_(OE|>Ht(kMRa(jn_
z_=mjN?_K~B>OXK2E0nPbmpe}qwx%1h%0?ymE!sIQhYYa#on962>c2c*=@Y-15|w(F
z<`21qU*WQ6UKiI;X47wd@TPGI@fO<ee#Ntl{uYr|quAQ>tyXAbe$4r+vql7m&DRE`
z@%X3a`c^ZVLRIInx<-u%w)k%P3Agzr!&|4{<!ZeqDo3oLuD4}ho9}Bq=ZIl8@K#LZ
zt1%>oZireHNC3nzyMK1?LTM0}URlhC<+iA1*Nsti*s$JvMeX(!k<btGUtU6Okf(0`
zAMwA1-)u`2!;j@O=(d<OtaI-_+3Vx#VLrrxR-zlWwl#+ev@MRFOuotjmL3})B}7<P
z7paUqMkT|vST(Y<!R4qiUGMc3DHNOfr7QWX_vbE8-;`EIkU^Y3IiRW;MW-49qxjkn
zW)fH*6-~LK{hNxQ8_%SIuq?ktR!<#_Al4m_A*tN?`!MORiZK!f?jiHLi%R=PGZP!V
z=AZ(ZO)HOOAc96}N!{AGc-kdK+zU5RifKuFbF!wndm4)T;glu?MwA6Dm#*?#zMdgW
z454SfMlSw}>(MKCZSqz-bL@8UNNTBYmNpVv>+98?NKZO-v&T{paaj2EBVs$5UFXB6
zR|xGkGx_bw8f6MW#8OPLN@}f&olGtyDF6&`dyQ?`dWZF}&T@ErvE$)8F!oIo%pP7j
z+?;SdoYWhy_TWyH^lNV<=<3rnO*QzWc2oH^ic4O70#x#$9%TO&s~m@eE5`r+`f$ll
zzzhOsZx#pvv)9zr<V(ubIPji*DBmCw03*64UinXfn~Di-fp3{rxx{G&vmYA!#qwEp
z%HT<&!~BtpR)#(pfTi<Mzhf_@r;`L&jjLiY=ez)q3NXlF20KOB)lDtlvFYywmFEJL
z)nSx5+k(36_P53k^xC;wB1h)8G-eWEo+HQTr$slnwQ?`k@Q-^7udh2)9IY@;l)^mN
zVmf7uhq>?7l;;k7v^}m5cSXH*%D5g7Qmc!MYqMK9q!Lv)yE!{cJ+dH2@mBKwpWf>q
zRRq;ZCr&`VXui_2ikxz03Jp$$^$B04bzi^5wY}x8_fmnapR;RE3Xx{tBC?p%Jo|??
zK^Np+&<@a{^?_He@`QT~Xbp981D&PEPf(G6j52sxmwDq>r9bjodo(j@@v?j&7*z3;
zoy?!Il{=JS+NW4dLa*c<qAs$k2LO^BP>v@n(|xR%{Gl#AVcxj<UdS73cZBDJIkXEl
zJ)Ayz@>UVeteVIcaJz;vVsvzUaJkvYU3!|&qC*43zZXyL6h0hy%NS~y$*x~Pc8yAK
z(jB!BLMY(8kYzRzg5FUv?M_dCZD8qu+S<H<iByZZw5htlOD|Xt$;Bya*weKdVbrxh
zst0rqpc|jyE!;5p<NzoFhgAyEUS<Avv>h(EnddbBjk?YQG}$>VIl^*3*<I{V1#_h<
zl=fUp%)eJxSRSBL$`bWp<z(=1L5Ht+Zx~ZIrfdA<<x~u~#8cNA9%mB25F;LDXlZHb
z{d@r_z&iR@K1cx@13fQWEQ?}*TVTk&d+%j$FPjr}H_6avq#zj~2t;VlN_;xhz0s8J
zN|THshr;EbcG@!x<K)7U!QBYMp(vmE<W1{cdZ-yAs_iW5I)|%lP%)H1d+GhC%i@pf
zLiL>eL!+dMoZFDWeudLB99js6dM1P0#%RdyQil~5pgzSYAFO>Ic=_E+I-xBiEP8FJ
z_z<MhgeBp9v0NL>4`{8r)Q<<%u=p`rM0-D2vlMi<KAQE}e=>56bsFJ?a0=Uo-O(B|
z`|&C&i&Zm6o|{Qn|BwOVJNb<}v_KM35;@f{U*(yQ%4dPA7)3YjLcy;KdqTzeh-~du
z^OkVwH<%$k0sQl8_`Jg&@($YD0BX9d#D*NfB~1JtZ|rZfT+>NvGS|TkQ{=wm_~d?v
z^jm+wvtBUa(ZL3NklK<Wb;%FqOliQ8w+QbrP*5mQYP}q>I9OV@`(W{`a6G9uUFQG|
zV}L-ywv8tMOfhMeqvnQ51%?0{L0M|QkjEP%;p3|n3ktQ`&SaAYZCDIX<+-bC^<noC
zR^a{gm;U2oVqn8u##pd(YVkW@N^d~11OeMklaYcR-(~JfJqq#s;XGoabvve<kbvPF
zbBPCGSlJonV4l92fba>`bV0`V%Be574C@>wUp;@@qwV!}+EWts@ra*S$Ql_(=sNql
z!K39Rb8+vK5BgRKwee+;)R4um)jQMFvYhUy$Z6~!*q{A?bApu0PsM-fdo(HdxnXGl
zYs-swk80*6IP-7W4dy+#V>|dJ_<>=<O3z{W(VGgJeo%)^N}SX>$InasVeZUvs@M89
zwOTbHeu0;m->Cp{e;(h}$n$mI6VM~@otVd#b#%%hO)k8HdVExq!f_*GbHb5S3IF|M
z@N!zAYFAQ&jLkq!)G{eIDrndrCbzYYj3%2mE~W~JwH!Kz=O9rj(1v`e(mjS)6u6r`
z>}OQU1*V<-ZUWdM^z21@OzC|J0t6%S)b6oYnd*lV{@!Ko&CeZ){P8<~3Wb0P1rJ7w
zzG}=!Hn>R?*>qSRNyMtM%@{i*6FScnpzbGFZxvKJqM3#qd+*-D!Mo<9zs<USv_176
zd3IEI|0MqaWNOHwbLVlQ_^TXe(sq}^p*B0wA~XZTAE9F#35GC_EyVSq586uOVqUwK
z1930Fqv+)qN{0nQCv%mPK{fSe`B0bGMyjMs9EZD&?;AD?#Z}JO=1+T7pypS<<cDTW
zB=oNgDFG&2fzzsQ5PdEh5=?S(AKq}YGO=qGHC^Jo?Rbcx^1zK0!!?P?*3oO>jd9r$
zugQ0qIMk}qAl73N71a;e(E}*0=J3{FK4>VhTXVr-233uioiF3#R=o^BJON?ZFUK2#
z0r7(C=GU8Km>Djl_ZFBq+3J3Lvruw;hO9spN5}C$=jn6Kesb;9AR*6>2Q%vg{&-Gl
z4eqZ>K8!<6IAxT?;GsdG!;z0ic<@7FYjb2hn%gFX*8cO+Og#I7<Tiz4#rtnPQr!H0
z2SaqM5Le?lxMau0cYue)+kV9wh<(f#eoG{*$QbryB;WfWElX%-jb)$;uP?Ul#$pIB
zYV%fd8&-&f|3yEPau~{P*_hgY!=VBS!*`gWHx39Xmr7Ftso`(ZUX1NM0TVTCqHhHF
zUcaaC!nYi#a=$dFvY&0(d+)iO3WjLD<A&+Jlh|~cQ8;NiMtN^2T(sorhhh_U8NR#j
z=uX7_Se!W=k|cbuv*B>=zQ-`2f*j_mk5WX+Q_G}I%<s+iJ*`OT=t-ASefj5Mbw^eM
zl<Wjq)IL-175XiLN_M$Bt+E{5URc~0%H7B?po2HNpm9@id?1caR&i~hnkJUZP~UQ@
z(k@>2sB8a0!bbk}l)o}pJD78yb}AE%KR@@xTZaG!oL~*KghaFIm6;2G#$uwh(*YwB
zF+8P(*kVKVUU;_s3s+9$*OG<i0kiUY_`?a!RGo)vaUO(Sx8&V1ufX$BKg5qOmsUYm
zDA%614_z<Tv+9&L_&@#b&-xft`cd1;E~2UBmg;gA+dVJVhgJJ?jmoa-p6zEA6RbCf
zh3-^3=quiOb-KvoS3R3o&KtEWvlXUQYW{>RhMRw}BR1;Ebgg`DrrGLBVqt~JnGIZC
z7I{P==k6D`yWD=aRA{Sr$16GSL3oqaQa)vj`k;@**7ekyr!P^}v)HM1WVr^8!K8|s
zaS$7GAJ|P((bkXV8TNw;0rE?m+YQTL)(rAa6TiitMkSvYYwilPo#^}O?oe{sl+csu
ztlHT0H;Y1{Wd?!Q*sJvy_cQ}F4%0efkS>|q9sZ(u*WIKhu<?UM%5t&_ORHJumhWq6
zKWgrmEz^81p12}6X(;M5TU&407r%dE6JABq)bb~OU<h85N58R8W@YZwmJ8X6+z_tD
zG$lEU-I8ll-GN^%3)z;G|Cq`TkU`r9ee-0Zit5UhD}9xty5zNX^WUyLSszLhFfg*~
znD9IFd;`*EYMl>oIgP8r3bYHk8oGBbJzp;!SphlWM3sDRGkd=J5bO^Z6`ug_MY%^@
zQ`!5AQkppV*Oo`w2kTI}L*d?x=H&iIGM=AwAIh&JE%ChRGV)dbFomZUK{?iPbkIl?
zN-5%-0FWRnwdYJfXDdDvXwAYlW3FFrS=q_|wD-+rQl?uDur;E1$Nud6tE@>927;@x
z8%<wBD?qh$^+npkBB+`gc>%kOFeL%I**A#ubub+$sQyn1|1<4+&x1(Yf+?$36-Uis
z4!u>-zNErhJz+{jl100qVuN%W%_weB!uc>c3M;zE{v_$i;i;3K+_-U_J5|9W5tOWO
zt6(}Y{upTaLeXkIWp;>AuTdms1Jef<d(zX7g*LtuG6x>LX>OVyEasvqNF<kXXn6#j
zO=<(5*F;{g`7F8_Bx1M5YX;(q+*NS6eLLd3{dw|sefAPZXQ1WtFpc-^TA=a8*ifa^
zhxZGnaDXEi*^Dv+c7|gVJF|EzlzkojQC<y%5unaQb1XQ6sVC&b4?b6%x?8f$)R<e^
zwrmXdz$JN7hYK3E%#T3OpiuXLs>A^iTpUxWFz2Hdw7<Ga!}}0^X+<vlmS*MJ(4w!q
zT7ax^g>}Z1U$*ywRsMS26hpZ-`@??Fuq@@+2~e`p*{w7r+=uHE6LHL}VbCG6ti5VB
z$FI3j@T@fpeEkh4UTC9l3pe)OxB5tG3F$%|xsa32X_qRtT%>>|OwV6#+1TN%Yb$vb
z)>j+L6Clf6L*sqdh^{`OpfaJlNyedZTjygYn|9$1p9V?x;bP#U2#$+KE)uw)mcHq^
zp^rw@Q?KfD8_SKTZeTxay@sAXRqX5mejMR!bccErUEr$aq_QacmfcLqft1hvy$ZdP
zGbNnqPu<_6nS{MU_XbJm7rT6+;V6GKB#$>z>!c+KM!XE5vH+x$P!5VtTC`d~nJgYf
z7Qc*wqjg$Uw5p#-c#*e8QYZ!E)4V;KM$CuvsI&V%D)+v_saH1IU6FX;Q|r2Feb}1*
z%0Kt^;i#~~IFZ<d?;B-AT$-d=9Au`-fuif=m_AoL0taDgw%8tP!MB&d>zDL!9baBd
z_^%8Gk1Alb_O6EOV)!DE?sc;#faZ6w^ioC&vFr5*Ez->mJ{|)BIP=<NQ_H#OobUEm
z`Fe-g<5`u4?RTHI2VH}Gr%^3Jc^2Q{F>h0Y>u8g+J~qd{q+<{G!4HqIDbD%9MnXUq
z%_yDfNV7xiXDS4S3Uu$jHmT4#zISR|mlY!GQ(r^C6vvVfJMFb-)1E>rnNm3X=k~U^
z=kq1bnId)-t)`a3k?r2CX41T%8*3s@Mgl)`*$+{V`}azIpk1aIX~?;unL|kT$w0t7
zqWslIz=#ayd--~nRVGLF?YebCk1g&^yYvvnWL|cd$~?>5<lT1-dBi8;J9SUL{N$5h
z=qhsL7Ev`0GgWvhaZ`(W`V)6Zm6#49p>H~iG{4}+L(wO|I==srH&wCMd!<g(t1LHn
zat>{4b{I?jnt?vB4Q^i1a75Q#y*<j9tJYn~PV_FWhnUc`U#mT4YB@^t;fj(vv~w|e
zK_y}IlM^8=m#rClhuvp@lRpt1jPglN@)}I{r3tl;WAOuqIu8GkvSaGgO?f=YWK}VD
zdk=9&^waH_6}s6f>{)W=7Tbu4WJh>&c<rw2?M;zG-D5DGO2duz`fOJ$PZUj9{i(j)
zDyO`G(WWs`Q*@7Hsw$Q&nR;tD4IQH7&__%aABPhnFyOzXO4WxRncPSBX561U^<$G!
z?9MbVA4y+#M4nRYBleV2ifGa`!5C76G_CaD!Y5V}VCCYoa~WFqDAQ^>#0)LUreCr;
z`19jiR=WF63HczkfU!cKt~;!pFe%62)TxpX?=|bF8h}n|s|{N;*w3FZO?}u{b?9y_
zcU$J=pSNmhQ`f-GH^>M5$7!!83#g;3KdHDEza=<3b96_PgPLDxJ#v3QRjb%Y;^f^>
z>7ICGcluF?q4V>Ls=YsGn^{1MSU%+5m2@0@Gm6dKdh|VRFhTS!#H@5BjC{a;d2gYM
zy+tZA;62Aip~m|HahU0ev#3+Q*T+)FZKFE1Zp+r<MAXs70j+kP+H=4{(2<$H8_cJf
zLPHU=Sl&hceqwPESM`VnO4RAcj3wN0wTy3?R&_StC<k>r)m_aGOb{*<U7a(CAJY?E
zaFpZM<Jnrh+oy8LRlAITHdK||b=sN){Hw;(YVt(rSQ@$iqv=jW$KuEFu>G0NgJt)^
zlgJSk1OaYn=XFY9mZcM?G6VfD8Fgn;#+TCYJk4kos7lioYF>@J0Ur7dZb@PE;oC%I
zRMxnoE7H^wHJ6i|D%JH!s&I*$e?3<{>zmpa=|C2hS2y$mJ}l{NS}eL`WPGVu?2)SY
zu5zY>M6rP|!zn%)%O-}=l#3u+(u%LUoV6J43$3BD^p|?-#Xl0+!MucUutc^yEO&88
zWgX!cHbUVIxB2)`VhvNWud?iv2+iaoGtF8f*j%Wk^vHBUe}%+t;I+8JzKBExz8%Qv
z$>z}GQ^KMFUB@%_ma{fDlJsD9fl*uaN!^M3k^NQ*+~dn9NAj%^jvYSuLc0~7QMR==
z#CA^!en(I-4%yu~5WwMe`UEmXL5Th33&qg8-QQX0OhrJj@@<A%x9@6ysL*n*O0r5K
zzeNV<@7Wi}2^BT$6Lc8w!{Zi+UInpmLdQYww@^x__Pl7d$~FGMaw|u8&ayWAZc*`Z
z^J}ZfyP}pUZ!dyi%7uFu&x0v1eg;z><^+TgN*btcH=b4~$9Qf@Q-U!*N}$<HHbK+G
zZ6AEC<TRer6~e@PpTgII>f?O_4+C>sK>42=E}OQnn8kN8ZXI){xfDh;i)NK7<A*wQ
zvD$^#XhXs@!m$ohHg!i{T2Dwk)B8>zoeI0b++_R3!3aGQ)BL8fJga2I7-`SM`EUvT
zvRwHF)Y<)nW9hCYX`<7BwFpEflla}T5ix+xAH8YNFlum0j!3OxDl*_>GvY}OpGi!h
z5ZDTx*=)&}GKkIH#g~nDzxLFH$9Gyz6uKI9M0pr9w%x^6<*obpmLL4j_bQ1gX>G~h
z1^ovPJeVPal4NsCCCv7R!*gWRZQ6UCaUK>UhPB>2&0bqGFlM8&8aeq0YLYaVW(d~O
zdlt~)w@erv<u}-NQ)MpuWRFyBP2lu}QL8ulcpm@M74@jj{Lph~9*J+CDR{X14S#Rc
zMf<zP`)n*{?YpW8x_N3QrnDv?+-hFc5ntT9s>#fnyfYauB^4Sw4<p?Wv6}qEYvjeH
zpkR_Yc37UvNJ5&w?h4qQRj*W8K|u4D!Ci>u1~(44^(zwcpn3aw-$<WHM3x+tVoBe4
zqq@@*MPFCzE8w`rtOCpGlpL)lClwptR+SEP7W6@OR-t8Ya)IvQ%N3RZy26F^)YI66
zC#MH%Q>{z@OVEIZteK#Dv_elYa1ElWki7n%jHqF@9WkuY%9P)v@mn2WJE)VB<#Z7y
z1OJpa7|>+QZg0X}dbEvJ!aCe0oDP}~I2x^YzOMGHsY!Zu`Cxr812HHW=6+TFQI;j=
zTK^(dVkB&2{#!&<$eJ+x68tFiH8Fep-ZZM2j&`%zq8x*ofDNDM#!ro;5|iTySbADg
zU#h!Sa-&@0%>Ekd_~Mxvu!atEr%Rmr8Xa-m9rZK5dzD0=IxYo6gRargiu02Y8zpS3
zA016sPTh}gIu;UxCfA@1c>Ry5rMx@ISWO>qAPBDb$SZNn;H$oV#ju9zvBM=%*}3Cd
zNnQg@ShR9SxebxhugaY|E}gni3?V!o`5s*l+17vg=e3qQwW{}nug2{K0N`YFi5Scm
z_Wr)!mql^M=JaCa6J%}6kDij<0;CQ$VR+|^<+3XONYCq&j*Zg?ID|u<Fz3aB8@FjP
z7n<<&L*^K>-@WRAD~W)nUzLPk3;EVG#ZV$$BQuWeD)C%~`Ep%JyF7e+(w=7c4|D5J
z1@w(3{2fPNmQbmL2LBKVs2B=08$WuTN?e9DuzHoxqFv)pT7~(pp>5-GMCYW`hhvlt
zR<=9hX|2#a%w^dl&+?;we`f%EKA^h4ti_D(VNr_frv8V0-7^^4kGY=Icu;3?$iHEE
zZ6MjPk#Wyic!3-Yq1Eo5IH=P}IG%8Xsqe(6uaBoA;g4#V_8B09LB=q*^{PkQ=^`%r
zBTNK;jd>9SVYr6ou~L%rLJ@vFa&j)Cw*s^fbNYjIp?4~&qM=f@GNHlgmsX2*j^{oR
zb7{zk*Q?N?Uu}AJ4>=VK=F55pf1hhLpvJw9dNKU*?7Oy3`Tz+19$&qB<($>vpnbO`
z6-VY`CWAvL<RGE&US`F38a3(`(HJ&q!LFTSeSPiZTNc)`cT>v<MeMs%V7wfqkWMLa
zh+~$09=r|j>OzjDvz&NnHkF_Uz2PV44$E|p7@nx3$h2Cvuc0G>!BW$>uWt0vVE5gg
znB|o5oSLZL`!M+soj}awPMF#G8o%N4lL?PB$;eSw>J6O0?9or?ZJ5!Qr3Za9O)^9H
zo6CdKZrMi<i~~c0RgIz$b24NO(+M-dFQ7TWX&lSGXOXERE!5HpdG+^f*FCDYSs)vy
z&LRbrMB4`;UxSV1HtDpbeEK)o#BB;rt+-Lia&C?+UDfvROwBupHx?@;HwB{-vVvK2
zFJ8y7><~-XTT?rGyaWm<_xt4e9h&eC^X@$Ue4E@THoPlIr1`sDW+GOyeK{y3)cE7;
z8SqNt(#XBitIOyZ4AL8sbNDSVuun&|FjeisZ$7K108N>D5m!Y8dT~h3?ljeN>VH!E
zPzjAW+d{z)zXXX<OsDZr_&a!!L~`ox<ZqsqGUseH5mE=YE{03sY>r#d(2Z;yKo5p=
z_yPnctWf1&kNch&PJ2Ck<!9TLy*={5376CU@JnMA*XGMRjx?RN9Ta0DyFy~954PwJ
zk&<!Kx%D@hY#SOs8rH>;K=)#=UGmXf<8Dm%lJ(T`SNJ|XO(~(8NF`O(-qQUhqd8x<
z)Kug1!IP2haZQ}s^q)p)Mm<5uVwXXzr=%Fxr{l@*XS8efg(tLws#?<TRDH~O(R}yY
zHHwu`ZW1++t!9(GBlmu(`^}rjrw8%ro3CvH{oI)+DTQ$f56VvY{JZvzE7KbaKom#;
zH)GU?+b4Aa-YreyUoxp9(_=ka5@o+O$Qmt66fWVM-rR{#CakcvJz9Eyk|tNoEqHsi
zSw4(FdS+0X$6p7#Xl_r;f(Qo?P+i?KmRso8FlxMqHWBl|_rH&jnhH+4hdvG4$WU;o
z_a_(d%u{~E=km>U9L(|(-Q2e^N8Rb@*+8rh;t=AT+a^t5n|51pR)-=+dN`O28Jo6?
zbQ>YKhNp*{+&+sS>%$g)G^j_@6~&#)0>?J?X%vE2S#*%VHCiZZ91o;`nZm)CsR+Ma
z3zUElvciob5!P9hUI8kKh6T^E^aSxO>OsTdTq)3Q<-VY%YC^FCj2H&<<WNZ!)SQ&!
z$Gy2==wwX363x;9@uHtG=7iG2Xet)NKR^k6P{T#WN82;p(D~^`Dzp$awbaWNCC82L
zu|f?quyGW{tkoeZg9;|s2p!**`vyBaqJlm9-bpERNY-Z8J|+EVr9;qqhX+*Fed1`M
zMhiK*`<FiKNvmG>011YN8zR|x$I_6iNYt67&9s5Z+~<4uzjmZB+AGg(OZnKK)(Qiq
zN4?wQBB=h7B>6l5<U5!)l@1SQpQnLGhRm|ZDPjc$NigvZE_{z37%e3X7<vAp!gZD4
z_3PKYWrFp9gi``UO63lR^9vA;r)v%;6I@c`0fg73>y+oQIEEV_s1EmV0~syby{tF8
zg{Y=#>Fe!ZskJE*<*jW`W`3AZ>%J6FU7x9H`CfN+^=SzU^k^DZkcas2@C3(pAUkFf
z?R_A5YLSejAp_hXc_=Cq*}B<WRU-d|<ly!9T{}VQ_dDsE&EFG=nXdcQ-6HOcfAIQd
zaM#q`_@b#QJ6IJOQ0T%Av&ODF0TM7BI*41dZJ>F29NP8GFbc&YZr-aY!Xm%q8R?&r
zVPBe}m0`}6coaMniPIAtDNf%m1Me~R$y#07^qi&7&0qI8+w!{w#_1YHR4yNBZ04?f
z6;=H{r#?6C=DSE<Q_KumAYA1)e`ggSv_W=Lw0lIV#X#Liusax9fp5vAobrPR^xU!6
zD_bzoFF%F44^!N+<q&7eDOGZDdpdXQ#BB1p<$<QTu-YLH&pRkhtv|BX5MH$1xGWg6
z_X$oIXw`ynJp-eyuCF=zu;hnT5E!{6;cko6*X+H1x4V~HjW1YX5w?}=06Mr$qG?}Z
z^)7bAZzlCid+yuPiu=Gx8cnZ!d_->JVHCS8LqB4C_830#HFWiC`{BgcGS<gLeyb>(
z($dm7(J{QbF3Hgm9m|C;AFAr3{K`jE4RW<Nk7N_xi7S7_-DX05J=%_F?(hKDRW^uA
zwpnsLB9mLEGRou^^RGY(ojumJ>*(~C_D6R`KtJ-R_Rw<%Hz)JC)$V70pI(skL`yIW
z)HpBZm`LAfxoAnU+C_4cu0TRFHO-HOWxCdl-H*?zN>k)8BAQ=b#lX8Jw_~D7vRJP?
zDYGZFJXKQ+`ub^-qHs|^rIa5z%<{B2z-gq&Fl)L&@=cd@?>pK`yP12F!B5nB@M}8+
zJ}y&Vw`p{k&@qUXN<7Qolnr>V6xX{pG&9y+T2ejXBazK4q%v41S=DLE%=-;Cb~4e4
zoOul&C^0c>H@*$q={<Yac=jYV8ha(RXeyw!!-{cfQF`St^+tWocvvUQ@+2`8YIyKf
zp*9MYT!WgFyMs<8Fe;M2N+So7dScVK#?}|xZZ<a%FzJxcCj0Dr8oTSA?KThE@CURm
zQT7{9hpr(@^A8PZA%n>@^@%X5v&9aC&Ecudx*#7k(NM}JFvPowcN1x{c{DRH_tn@g
zd85Md@F@AvsMKXyB}v3ANt0@epfg5j7pc82lm(;dG=jCH!L-pQNnk3{^w#_9Dg!}^
zBWK9Mc8Wz{Q@%K8B}Z+ivlUAEQK1cIHks}_74B|CB{UH3A&*0t@iaiYwMEv4++XvY
zBho=%Fxo?buAU!UINPhpQ@@pjuZyKWZA_-l)%<`?xxkQu=T4?m67nC?k8mQlNB>hq
zB@TmfIt+$#&dmvl`b~Bg28I?-7ON}3gxtPG*Ay^W>!v9#yeS`FJSugpc~Xz;jJuQU
zsm7yRKb0K81R=BXIh&r?P20s}K(%1~su4ll2f-7B88S+n5h4y^Fz<;?;zb6xS9<1V
zp8Cgx=GlZd4er)>n!HPEZ6Wtt(+G0Sf7OhodKIN<ptVK%Jw5SHx7Vau4&(ko(htA-
zbf}ZZmTX4csPf~nXi%*3iz7C|lk!}t?CZ;-x8h@mq)e6zS`br{a~sylzLc7NT=;O)
z`Yb&rFr?^ss7USExDY#MUAg-nuYTj!o3*3?D?3_K`yI8GPq%%Uk(JEjtdV9-AN&u@
z$*dmE=ce2cD;s$*Ex0YL)U_5HdsY+>vb$imAL(7<ERQ`=>*mv%zv#9;oK-FA{&uxU
zd{~%xm)2yfz9&1E;*jMtbpd6yC3mAtapP$cWOy&(I1gc??*GcniMH*#9Ej0YudG;)
zSM;5T&FQvHU{MrICOf)i+YZfr#b@h+yNnM$a0LyCTg~|<{29YcdW@QbM32xmv?Oat
z6B@nkZ{ZZHc)@C)EQ`^5JwoqCW<2kYFAH)28Xbl5N!FAyWK8fYDXz3z_`(sd+PQ8e
zdsZpvIYVmF)atVIAktJmlJX|^Y`D7sqjaw%BlV4lm{kgyPvzWHO{oBhjN^t&>fUid
zRvZ)}0}!ZWDzyIW*Y-RXTzuoAT9dOuZ|BvMd-%+7A*&CXxm<1=`&Asxw5jFh-#MD*
zb8bj4vkSO)DlmVk?)qfex^kpyCcX6&cFfqBm^LggP<{z_Az}i~eVCEmP&)}<0!-d2
z@HW48fmYLmD$W;PqnNH2swDn2qWf+1)n>5p2&lYRBV}?b%rCz~)2Q%UWL27er7cJ<
zsB2?TT_>eKNXGa$Lx)2fjX<YAYIZ>t6OP;2F#)Cq28p-`8lj;6_o|@TBU9D(PTZ>}
zgs^XC*255xkwr81;Ye!5f>3d9yp6`>j`rC{kjI}0s~q_ff1+v74W5VbbspjnZco+8
zZ@c-7uxj}L&)53L=PzY;sQr}u(F0QIC8hWXbi?V_WjyOFQkamI9!fxSy6tFWV;c*Y
z;R%lhKWNX4<w!BGJPlCmMDi1q4Zw%cY6B1WM0FBJ`^6?O81+HVK#Ce5=0~|N&$rJn
zAiP{cj3IE#d6>w~47KMOJeX!>y_od7pCbzHjx1t^q)5)wpAg`W><vUpDLMv&jHxjt
zM?fMkgeF~S>3Hk5Hq59pAKp+CK`x=VHBa;3!Uir#1w%~v#ffq&?wedix118PPSU%z
zzXwUyHB6-14i_*sg(7Ih34P7mg6gCJ|2tXwMdbWpXiTyodgz9u9u8rTY<liszD6%#
zPi!>WNOEl}sqqg2LTK<kRpP87L##|U8Y)Xm0VGj}zkp{vuHKMjmS)^8E4+_GSll}G
zzL6hVD%Oe>7$DS4+f+#F=)Ks5OPIS~a9@uvC&z_!&UzuYJL5?OQnkHF<{_dWzC%7W
zDLx8;poM6S%nThn)%*9100IiCoIpn5lj?o2K`Ua1&R5T3a`Vb9gzWA=Ha6&<@FP~-
z0-0U{Pd3PMP4y!kyqjcH7gMi#NB!7*dCj80CB8_j+)~*s?@UBR+<du2B_et3(1)!j
zjae>?lCf}TuPuwZle_^X;<7|=D6a{cHQF1RnP`S#2fCqr1vUvX_^a)mNPG)BEonB`
z#Sk_ay;JI3Z#^jNvOd%HI#><mxfh<UJIf1?QTYV6LUXh!`os*8C%Bi}hgE1<lwRdu
zd5-ms**jhKM{`dHY7Z#1v;x|eHqB<Q_4ToTY;VPnD#YG4vz>qXE!|Jl*z@$vkg)~{
z34`0^pn-=@j=cw(-sT$!`p6{A+9dHbdnW?jkuaFfNlb+`d~8kjm1|W^60iy6`FLTG
z(1bw`I|<^cr(y6Xtvx$k3ka0z!^rYyIHbz=iq~?9(*Y*0GP;9iH8I_q^s+_-glG^o
zJed+*O|3A7c{&Cc710zsdZxO7T;kcqieTlGZ<(_?9}PN~YLh5F+QNvzQ910pqjdb>
zi>TsuT{yt|8uK$lr!$&$F+99nTTBfzS;?C2*Hy)yATB3vweJ;c(!RtIcdx-TpTea@
zYp?B@sHSryayl-Yt%tyJXYkY7eJ<VRU3M&oLB$Vd2&Kx8@Hvg?XQUjw=+8JPIjM-y
zLQ$YWfv{{yulI&=jYhq2dDF>P@>cJ$4pdA&f55va`sc3{NSa)VxHFv{N47Dpw2__i
zHCZC;!!0T3G&3fRa#trIZzQtM?Az;CH@p_}zeh9oqx{Y&%V){{l7{^`5|e34|41k&
z_Gh{5&jO^u`c@gsR3&lWWN|OH_e73gK=4WfrR(H!?NJ&VNR|pG!iR57HLy?5ZE!au
zYdY<BWZvQb@p4q{>Up4<0pM<4n{Q@Lg@GZ|>_p`I0fC?nK00~4?z%<yo1|`|PxrDU
z-40FjIcGy?0z&llhqsgcc+9F~)2KJZuQ#<=rRB>pD#kg7((%zf65sf=6w|7SPQ?{w
z@MPOw{gOaD0xQ5a?52g4TSbyS6%&X8NrQ5frtqVg)a8qe5S~+@CGk;M<&PwJi_?iW
zN5+5n83*9lB810##Z(HKWcWu^i_@niN3|@v1_7DxL*J>nxxb%J?DW*gpGC}nQdjk>
z{c^ZJ+Wt@Ktz(RnIm2c`CzQNAw!6r#2AVLfrg<iGOBVv~1Ct+U?zsVmD-Wbi9dcI+
zAByn?T$%inf3Mn%rjwF_TuL>bTh-BhMPbav{7AQw-6WaKI@_PiE+~EM<YDF1Yt<~I
zkY;rf8qgaK`A?G&&i8lXjeDOxe`!waJra385;T1?2)f$vbe8U;!BN&n5s>+iNowSI
zj~cyqG{Yy;u$e6@R)CZn;kI1jerUL3fpWEI26*s9DIAS{!4oB`%q?KY)Q3Fn;3gv2
zeXmN^6$jATLCeg*HkRt5#07<olZlOO8dc;`OXNvH4b=MN7RIKZnaxDE`ZtJD2v{qC
zS?+Ig4>zZn>v>cLJC^vm0PU2<6BS-I(hSIo@eK-Mrn2V`Wh#P6We2gQ8&6KzPiKQG
zooUeL`Ag^jGF-*vJ_VJVah}(p^4+_)e-}YoYMSWQBoj1QplxS6UC&5GI6KOua!b|8
z$thxEiaM9n@d-Y)KnyM^tF*fMO^okXeG;B_b^pTS7>f4uY?cIiz%?y>@Z@r+<bm&2
zPE@#Ui&PWS2s;H<(Yz|{n17(VyyDc;H=n5&84?Z3e?K&tnSxN4fc=(ST^0OZmhF|*
z${<E_QE?{GSwMeNayMTiKS&U=-0)OP6^-TBO^w-{sP2&Jwo~=;F4+^tCagrl-DWh=
z5@UN>(*rMg%kh`A&Oo-Nf_A{&Qmy>{7$HaM_C$W6_p0eCsX28X+kIL$mpXW3^2e~w
zs&HE(fK&pf`cMLX^fl+)sTuDv;+pcRTJYbPfkmR6um>E5j!n)UEPg2fE>%sJrBM0&
zjG{@X;6Ce7Xfr-k6q?rRltISu?fA|Blsz!y_489-_}8VmjQzshrxR5UbeAiZSI9y{
zP~m{Z*har5g`SG~0}2w7B^Oy4XtYo=4`O&#d)T1;vO6u})zQTQW_x~3Sk(u0e@hUI
zrs&){YfoS2_dyOJazW`FY`~aP-<mLg#SnJuj-7fu*S6<|Xk>V!pSM@%vfZCUs8;O+
zYv3|?ktf0ikI~%NgsrLx3=LIfxwAO)ttT6wKigyI2UUaw(tk(GNKBIQD7p#Z;Er6&
zN2eXLGRbYz6o^BA3*7|DZe0iYqvFjE?$r_FRQf3EJ+UpHI)4vFh--zFT!Jo0Hdxzt
zx3Y0QSVQ;qGtP)6wVv0ToY!(Zqruev%YS+TIq&2_-gDl`qw1R(9R(y=kW={vtsEGe
z+#DQKoseLCi_e^As@AQe<eJA7z+iqdd+Bl>5Jq973ROruU6#cIZyD3Qg<hml84}Dp
zWvG1eNF!%G&^e7$S|s;o#ykA9PmlqUCvI%ptoLvT9VhFR{49mh7b;f>^{hV|!13h{
z#JSi^K<l^(fv1O#DnmoQqEZbf8gC#YcoyPwsaE-Sx30P_Z~5t=LAu`fnDs<9(a=Xk
z0OTc4-}P{DH4G+TJv1j-Loa2m2dj05Zr(1y;&%_>y1p-7l)u{=LG_+DOI{?_e(>1K
zb|B{?#DlbbOxuh3r4fVY+2dwBP3m&bH5l`yy(R8<0yY{0aI@BIA&*uBh?TzkazCiu
z{QCEHY5Gme!!Ieraqd#GuVb_dbvSJYKk=3_3r-(jAe6H1e-a(Qd^%a<63sq)mlOVY
zc{3Q_eLnz4-$0J~Cp`#as}*kgL;fKCV~g0Bfj(mjCEfC!`amhQ_M9P9cV_bznx|*v
zP&Z177KXNLh3T}+vk~P9LDGDRB;7psI1^)=)tt#17U&qb@N`-u$R9i`Haf6o;{65!
zpl3=637iIkv<VdQiF_8>V%6KdqorA^6)Fj?^6ws4AYAI|Q^C}k<x$cGvxYO6V0!U9
zX1eSkD7Ua_iuLHZb;njC-lMi%9LEd26Nj<6fTwFLM$|}_j~L^e0XmI@Lpf2@u*mM%
zB5t>doypOAWP7u^PVM7(<>CpL%N*4kFy;Vm&S;Yi5vP=6YHAVZmaY1+m)U$!yR+F2
z<jlswz_1;_0|yj_utK$NOkVQV_E%_6r30I8$(w}G);0!ckTciAEt}I4RbxGTA8Z;4
z+w3ZG>Z7i>W!x}d=n%qe|LA4ndOXpRWBK~Sa>S!+R~@%$fR(`TZ>UjjkhOjTay>dn
zVhSxXps6Y$3+8gYGynef`_mOrsB?2RW&31M0AK)0QNR8L*8an#u4J1pR(o#iiDKLQ
za0K_YO+u4|+*eOKZRfGA-PR?T@v9w>p{SE(N4NIFd}1clHWZy@p#*BBzkIp=mvq%X
zFedwtG8N);lMUJiyj9G`UaaTg=oB@fGw4cY=581&&Dy~wkO6tSgI~5qL(tYBVUij&
zAIWg(+mhg~shT^10ASD)@aEDvFrc|Sh-{^)suYanfv<#=$H;nKt>*~vd+8eB_wg1<
zZqN|!_e_9g)VC#-PMj^@ttbiEwA6=>v(=A3Y?A2~|B+?9x^^JuzF5)JWQ-DhU<`%L
zY$4u7Xy+?D=a`Eu#?Kq6I9Ooeuvb4~_0Aa9EbHv2x!xNIO)FtXe_1Ea0~{Nl!@;*K
zBKV%k#K}hDK<}IGAy&;(Exv0_G8DHax{s+VS*(UDc5C4WE|a#gJ*rejVWdH*<5nlz
zsfxFq{bgT6BlKuG%*ydCr@fX973qz};g%D19{899Sa&_E?j&UpopWM^_}mY`eu6;k
zm4&78IJFOwH;EZvXH7XN@lXZXFrS+Os>M8_RuON`=EurYc7>TR%37KdWmdkK&gYi2
z0_BQF7XNZb?Z-iiz3L1XYP=}XvKW@in~E9tqtRp3u$U-O=P^)W1IK@%HJs5L6uOi9
zb)h+zdTJ(1%wuD@C*IgA*2p`*rnB)l+0lA){7ymMK<?p}jb%K^Eahb1^q$l(Zv`Hp
zy-NV(ayJDy%`@Z9TKm5yfjz*&zm?|@@$gJ1B0YQe@tt$UB{xZ{{p_{3NXV^pJvWS;
zUx7QsMKVo!DE%X?bcz&xIpSc1B<busW$e^qt~;VTStz~=v5Lri)zOqh*cfKak35R!
zDgEV~jAa3`p)WHqBWb#3y3!Q!@PqDyMwyPvM=<|X_pQm<T50ZX&m>saG`doG#|=?o
zH}d?JfIW*ch7|yu*!$s>Nido#XaAJKvCU7yB)RHYm4D$DP1-S_#40zJ{rE>_6wqBp
zPze*dqxok1GmV<u^c)JIIhOlD`zhJ%5Urzhkfp3qoVGo%IdRDCE994v80Ox*NDsQu
zu<^a{FnrRutAq<soRx2)RF{#I!<5_-clkOqBV@t->Mh}C-RY6Tf*}PDp>eg16UsT{
zIK}o>on7}vJZ1>pwBto|KIp1|WUrd<o4)P#URBl$XLg6bmHZBrES&6dT>73ui7MO`
z-Mb{XiyVj(DnkQ5KjcK@WkRlFFYe8pPNzcc!m7=qqwz{R8@Q0Mh-InR7DK>NB@J%Z
zNU<?D^<3a+>e15Y_=7rvIBHQ>1y2#Gb#v5rX1x9tUid0#8Ok3R_~*oK45vZF>Ha2j
zBow5_36q+N<+>aBeI&kPM}n@-?2$6Q3x>(4<?i78rH1d#AHXMo{Lv<=4Vt5YGzV>#
z<+h#0;UMQ>lT?OikeR^nJ@kbf27ulD<7Z}qhc*sj^`@v|;GR|7P@v3aPM28Ec!5eR
zpGfIbo`+Sge9Ec`qcyU6-Z}P0vo`Y=x(sSxR?$@84^1weyw$q@YQWRr?9563q_Cm&
z+DD$KKszO<ILlrE)Vunl%==LD_+alQX>BPhT}Jz2#AXzdi1lsX4%g88r*C^yuT4k?
ztBm__6~J93z1QFK`6i)={f@1Sucn4I%Gqe-X4@|As#ig57DP~3K*w<>RMOpJ^UP<D
z*Y~=T{Py>THLG0e2VnP!*>rdcA$SHg!QL?9?NnLSgajsKeb$TYhP48qRx14X-e{y$
zQDyn^7C<x}RfehjXOF+d8afVuM7RgC0r8ioDbY{UMcr)4+1^O3!E=})lsu1lV!;fM
zH1ug<af&DYE%7kW4uPwum<S)Q`Ro1rs>$5=g5qPluG98sm5X2?1Ev<w`r-R3w6Xum
z6^CPx{AqW1icif42`KJR#TVXK&)qX;QFgdgL5=URHF^)En~tQB;D^&l^oA2<K3AZn
zR-^E_HXAI>kuvW9Iz77X{J7vYzFMwV9=`%6VMVV}2!VX)M%^DVt!tM#L3%(>!QmMl
zL=AC*I)ZORrqugaIHGfQ6tv|{4d|t#WM2uPDw4<GS(QV@=)1VMuSuWxBuIw4Z;t0n
zq&_~wIYB-|)VP575HJfD$DyBZ&-suz!a(-t73fI~c4TrmAR9Pk=To+n6(m0L(1H3C
zM#Y$HFkDt4@+HX5@82=G&mwqui+=x8A{F{)p9-3;46S^P_S$;5w52=haFmsX?^x7d
zzrr(7zrvo??kO>oQ}2(AIh3*V5}W}dzz5P3a~shhg_6?<1QZOW70{K7;Tv@XOt!{(
zYVK6UG(GAYdc2_jud9})w0Tc<M6!-<ncWCi60cu@8OcQHP5-si(kPJf=s@N9X&&6=
zr5_T_==b8s4x)kQ%zSZss4lW=K8GD%wpQLZWBlmJ_<o|s-41GJki)Ya8*JjxVA;+t
zCf5klN6Gn1S$CY(qLhKj7&|DeLdzWkhAhvnC;e9xP0EMfqBy%=1m(Y6;g9@NO)c>l
zrV7fwLt!C^&hNDpBRzW}K1ryDh_nT4TxJ!@k*;;FzW9T)Q76K@yU#CHkvda0P`hu#
zCAISjXn5}zL(_fv(g797+_*gw5I;EE)G<$NFwl?pWof0)j8#5@vL)idsqd&#BZq0n
zv%iMgF2FElxZAJX*w51{L2DiJIanKLvq(T-`mt5UaP9#IZ!gwef;vj;pJ?Fn)t^DM
zU~prvYa8T)#O|`%<m&CdQ%>fUwpF_rT0_Nx|Btn|4vVte+lCcHQB)8FloXMU0Z~B&
zMhTG?=^Q}ml5Pf&6a<uRq()jo8b(P8=}zhH7+{#;TZry`KhL}OyYGE`?>`=MpfcCB
z*019{Vd=L>otf2VE`v%`u6WfTr9;~O#@7I;a2_dVR@U16{@kNG=|q!XRd;x8x|I1}
zPj%7K3}q-sJ04G5DBfJ}DPI0ACdne|(-GM!H~Y59g{R7GUP$IL_D#FC|Fm97uIr{|
z@9GzX*kJuD+jT5*Cyp5j7S~#$ACUHCDtcTZuzXvUAOufnWZxfCmaXjBe)m=pOc|Je
zFo&Z(Z?M8{M+xltacxE%Hi*K)MwX@%Vo5JOAMRyYi2d0-nf+ztW>?6Sk&eL+*OALs
z4w>t1FtbGyL<NzGy$Q{+-|Fd<re7}$qNBg|k-;0kac*+&^)%$(pi9SV)?38I14-3N
z*z#p6YN*RQ)n4^<TN>8e!dBb%n@b$A8x6GA1=dKNa+sve_ELzRR#QNNrlePVbRQqr
z$ZBh*olStZMGkN;ayPHMxfw$0_<dv8G<VU*;K!>xkX=jYPU=opdsK7XGwbz#dp&@h
z!}>gEvI<`F+WFx}_w3=hl?)k5BP4!#xVR%PL?bT;|B8~Lug{cC7-MiM=m8CX0UKzH
z;UbQjy%tK@LLy)VBSLSMmRdjnySJQQuX`bPxUB?6$@&((kDimUUD@a6c2|(^Gt82-
z^d9XGB!@I#U|JEAs*I_|3XZQ!M6jtuGQQN)TUa+A5iP5)>rQnI0OOO3h*qh{_$P8V
zT4<h(A15QCk3Y2f@gniL*8vKOH>xD)WJb~nQ<n3fm!5XnJY6z^EG5}<%h_fha#e2S
zhVU*x{w`K>^e8d`X=m{&S2tEU7v``v4o1thZaN1wbWzo4R3`8{z3}g#2~hZg6RJv=
zrd~Y<pF$U@I8U;3o)e^+it?d7N`Ac*F5#6~-2^L|79T0uqaIHI8@{b~+`pE-Y_jKe
z7%$Nusx%A<d);l{{Zm#Ce$pT;0s<Qi*ml8TrSVN-e0f(#Yf*Qv`cRPAj58R+eDuw}
zubgDsa7XFhOW#!3$rFo|#mZ-99cx$i4Ixoll{Kb3=pVeW9zs)ODfRMdbOLhMj6!DH
z?r5Vr9p&ft%C6MsmVY&w)iW`&{0n#y*OuQ#)f-m*jO2NEX@qLz&*VV%>YMk=`5cyM
zU=i%;p4LT@gY<CY9zzL8UQ6Eeu1lUf?o#KZjFWTqhIB=zk72iQkHL#Qs-aouDwPhJ
zmiQjTwUfCcFm#!4EBYDNpYC1N)1fjedUJ9*rLchAnW9<^y>vfQg}qM?-A8ZmJ8gNl
z(okS9eaX7?CIflZ#c060*|`#8P?00D?me{ClJR~$e~-p;=1<)6D>-Q!hxUG%mpd(0
zPQ#Y3g~Fj5v2Mqnm~c&Ry}U!|`>fl~!yN&8!U1}FNeNAE`em2bq&IrF*qkZsD!`-F
z7NtZ8=2lwTW3XNu2K%uaCg0<Z&~=2S#vS8h;oKrmvskJGl|MbF!)lJoP~0=}=#gS{
zJKRGQ>bJHCkaN}(xi|$0IRpcYWwDL`t`4WIxrlj9r&r-jn}6^VPby9xzo7{%00jF<
z1OpHunI{KzLG2FUD^PRr{fTzSt^stTz_#*xsonwR7dX?etqVw%7d5$v*|L9D@joX8
zC4~rdlQ3FiReZ|wHj8|y1Ba=XeRSt8OR73Z;S;VC=<0$N-%3m78(Qzu27Ty|i-O|(
zxEa}<de=?uZ;G*d+wEiMd-Ef3qvOri;a8PzSJkv6@D~R~0IsIEF4-Zbd^zWO?-!Hn
z>)egBwe=wv1jI8H(m$I9R=$DnHFZ|$kC>}nN7fTFT8mUvAKp`9CtZ)|=;!)zm4Hk{
zWi5k4c%jVpaCr+P8SiO{ADAC{<=%lZQ{Ht9RdD3iIPXVYG)vv)WM{PZEl4Gztht^r
zSv=$>lef2%t<5UgB)qTg3W$%%osZvW1INoSw#C||bOXApqdB|1)2u67YCf{W5+^tR
zqd1AJTWGX9JDQfyee=L@2O(>u1ZJ`8xKL!e<Vs~?)rSvPj}Eq{zHO)?E<AFTrK|}I
zq2}Ea<}vNRJj`^?Cb8tt{8CwGE4oJx+NBa$yCZv3_C()F(Zkr&LCwrBjH7FoB(+@+
zY2mM;5O&MFpCo!R?2UsjIFI}Dg@8~bmq{gW^q#cibNvt&=eSfZF-S<hvBV_W(%>lW
z+8imTruX^FRP16ouKBUND3W1TZ>?dO02H5j=?33}v3E_}C;Hs;OP~9A$u{=ZcF*$q
z0U0}~aS|n(pLXqwou|%jgZ3qusG5UQY^urp!2-zrzA`#g1eUV6Zl-9H?M%^vt(2Ed
zrJ1s06@`ps7kAbt{MJUxr%Mdj<}6D|_g{B^-<KbFu5rbMcIG~pCAwbfQo3Y=i{hRE
zcEb+)#VaZ1KxM@8BydSYxve5!I>AEvj<QixPfAhFgSE{?T20F+i_$g4T=n~Ev#!_p
zwJqK1m_Y4L21Kgi2N}|dGuG6);V``)6QguR+X!#HF6h&FFm4S}lpqp1<oc!jS89dz
z;&QK7y7>#%G-h<i40liiU>Ya$RrCJDAn3Xz0fwidm%A1rKOzSxKw0?yHrjLffenV(
z1zVzrG4V|zMG@LzKpkAsiGDh%dbkMj^gcF%V|5<vNs8?k5;0j~h6SpiX8ZUffkw{b
zOw`-k1r_jxgdV9L4WzN4?{Y){NlJZ(=)E&!TKpDAI4?oY8ZgkER|1%NE*5OD>rLK%
z@IShF3@1ZCTgqQf!Ds)1;+jHnWB+t@`2<`Ts4TqyTS)|0fzpH}3rN>{^NfvI8H5?P
z<A$rWf~#fFKJ(v1nDU>a4K}qEZuirs^u+}?ZwDV&sb=FVU2TzavQCSlA?`b{sjZvL
zACc{r)7Ys_Gxo95&E9*Sx>PImvZn1p0ga2*k?ywDp+#yn;(<QQ?Ln6E^SAUohK_gc
z9;i6#2v{#&;=nAPp?*Y?U08vc*;-i*5j@)L--z*=k<*<5eRpQ9*!@mV3(CEXnf~go
zouRi0B{}Nu&NL+1=Vm`TXmc`c=a0V*zwQ3ejBU9rbvK$1K6Lfa1!=l28>~;M0ukNC
z%g(u}Hh2>rDX2;VwRxwU12rP}xC%DW2+#A~Q|Ql8ODnDB&?xCVa!TS;p4}QWbBgjE
zi{IGM@vWw*LTOh$e)$_EgSS5@0TiX9uDid!p|Tg>Gy-->jn)&#y3t(#^{V-v!^gqF
z5nLC|@9{&}Z!_gKhKrR-+1^YMSGs+tp~?b-uZxXm20`mj3$&z2Xc#G53lO3=sf6AN
zigIdH)a&EFV#|X|&>iV?m{MJhtX?+ewZQdjdK={bdQ1D$k0zW{#uP#@-&4p?r21A+
z#<g<alu0hCMEdHZqvV{~R*009UWwU5GhG>_k}sgr5$GeB%?rBCUz!H?;CE39l2M$w
ztZSQL^Jz{t^L(?W<0<LaJwGGlSMLk3ol}P9!^ENZa<`r1NT<b3OP{^JeVfX`bc!fG
z7)K1=1_evpmbOQ{W`ohgC4s2BMYhev>eYvjIAlxFtTWVx!*>K^+&Jr7gDE?HfLXvo
zEdqzh{o>lY)fc`7mmCcKvJ?z&JAnf*sv&e~3M8#2Wt5HP1Do$Zm?{qrygIy5<L{ic
z?Bfg!j%)_MG7*r4?+w{>)P5!^waW}sZkuR{jFF?CW>Uy#+u35vfANmuK8xLwI0UcY
z2AD`K?P|P&?DBIvY%y@+f$#Gl7wWR@-vsrGs(0G(+$;2$fk>1c><6+bgqDQn%hO@f
ze8tSdos1k}>incjb<G164*4jbrtCP@>@h??$&GxG+w^s-?b*0IN5n6&bM_z_P@2d+
zyvGl}sRd=xow`CNJ!5xef?#_dqO*L}<%NEJ0h_WTc1&*ur2+_$jN1mStbf=pcIz(<
zl$PdNSlWYG`<%K3)WE{}1tnzHa@62<snW6v&rwbp{L`||4jPP<2EjR-##dn`<6b6x
zIUIEqHWZdeUT0jGXD3!cdBtDOb`t_OJW$`TRM~4ELr(b7z_N4{mavnxISPg272!yp
z9~#9(<CBzwP7C@^rocQS*lHE737>woqKkt<*2Ph0E+~kl8)`>{%)bGv9o@Gln^h>M
z)DoJQ{#mH>@HjrH`okNY@1K+_2uSEvqfhX)Q^s#S`Gb9}dIFo8Q?hI%2TDKls^Kc4
z-a<7D^&V?g1X)MUNjH6(>Zb6DniUN7@)UL$(4DQ$`cysL2pNg=OM#ubRt^ivA`6C1
zRl!XMHu}j&4|%%HCmA+B6EQT7Rm?{>Af~~77KvVSZDE`BWPw%g#;E^~`=0DK6%;%*
zZ!Wf1qiq%aiPtCKI#ELjT=M!eL`s0s!k+Sh^lTp*tdDlgO@~G@NRhGL#+JdQ1a$Tq
zA0=uh@!58h;3b9vzP3k<!Z%=@t&y*K+DeiH`DVy5NHzg|Km%9L6ryGDF-;;&8NVel
z&1|T!3pw?%7w;OyUib#tH{FQpvHi13o;Y}~@Fzt42#0E0oHc|BwqwAI`k1@>_Y=az
zp`ac^+1Agm0>&~PXB}J79(&s6es}>>`^o)sPMR)Mf@N+5ea~bDzf|~jb%_Qye0fO5
z|DJ`*WUWtqHPfSphK8;Hk|q+(%Q|?_)a`uI0VrLb!i(HGR`+P+4=r8TfE)lext)S?
zu?>qTBIhr$S)3Bv6mEZ#)SqPbHEIHuj~w?+wCon`U*?Q2YfIh^8QS7!lwpX$V16#|
zD!e<%rcDB4<bH`<v~eZta_hc|{(jg14IY6I3tliNwi6?vgajQu17FlW90_$y9Bj`c
z2A2zpVU8MmcCB%cB-hNP-sZ3q$R$`HJ@l_a(*SB*#Wy}h&4qKGsRc%Cc4apD$sd2j
zbs{g)lv_GrD`es0v#$y5Y*o-2lsaBZ98dKMnn?-_$X=j@d{ll>X$00Z!qnrsX#Th|
z&tt~3<~J6>UUtupu>zPl63e%}`15dCZ<GJpQPtCkw7W|eNx(Kf36so60jI5J>#tun
z1x3<yyJk+9Il-2Mwg3F0KWI+)cTR9V+WUS3{~w${;ZhLegaiceT$X1$-4IGX31s0Y
zN`OgMi#whpY}_MoNk8hg*xi-{js*O7l(bRNA{rs_$N-Cpa!VMIxX?9F1z^(r{txJ`
zpW-+PmA2`z_f1<U<~rh}Ky}rR*7VI{+S4-w6QiVOp*Bav*|vHB&WMct6#)rc-SK?V
zT<VQcvx9oQVCTQC7@Q2^{j|EZ0RuC!v_it7{H*#5#8iBrL%_=X%TGC_KBs6U`d(fO
zp8F6<e3EM|LnHEUTz|vV>3jenkJ0z03-|yis{h<olUu@z^?^jI9YkYgPEj@L)lnsD
zg6oc#nuJaW5yW-AU;R_L{K<>+vgsWH2QM*sVZr8}W9MUJA8wsQ*qJ<J`7)0C+&+Wy
zV*PbSM&%^=KZuh5>`{9d;v6gKP63c!m$j-mDr){>JDdI^mVe;(U*u-J9WN~G1wcuU
zLcQ>Q-_eFNkQ0IVdr`RH;N9IuR5Gp;R?}zk4EWsIJWA(NKOT^%aNLcQY(!iHcNpv8
zm-729&)`H7Gb`utrOU)c=4n?;g6*Eqy$^yI+;GaUb9vYHW2U22(<j_331*w)qAVsV
z#CQy(rE(0C{}16f<9X-lPb8=Gj*`x&bMI;*w|5Hx+83~bDo>w2f4va}pr83YLjNFi
z2A!a}((Aji;OeG8ibDrjPhio+i0%J6Jo#@we-!{7q1Bth(MBD0FmW)$e%cKJc=&Kn
zU#;IK(g|)wUJ4g|d>{O3>_8s#;U7MNf4up>_^`ouQkB9k0nV9@>Eo4z3-P_8l#LUq
zsBy7tilHKS@++#>8hlq3MCGrs@1*REXZ!nmc{n?Gc;Pr)_;j6Av_4q%jM(#Q?6<0;
zaBH0AqwOBVaWubjAl$nMwFqkt=RKB)X%lc_QrBRYmL@*F+ifUsVgf*SyKvsQ{ubTG
zC&VqXxXTDi@RD++6b+mIl#SEo^1u2szU5?kCSMSr1mh%XDn-r+_GiF~u94@{n%{4k
z3|>qg;kny$f(V7scsJ$vZ_oEHpmehOIEX;5g7yZx%&y$h7hg=~p94ECnE3&0fOqF3
zEs{~>?8!<Kc{_LHA_BVcu5&0$<1zH+6EkK2R6R@Cq^p4Vpik&3*{`nKEsJxCxOaxn
zzk1akC3dtv6w}3d>EMk=2zVf&>#Bc{t^c>x`2&di>*t<jBz)A~0mqfcXDhNd$K>@N
z^76bHkJ&9T)CWHIHek>(XpC1o7ZQ+|p#1$5Uj58DVUp)pLOToEP_i+5WDzXty#n+z
zXTVa7*+^xSy3kf=oudCgboc+jx%(eN^7Fo@0$^`RBu-jAqSDvb@1ml!*4S%qDs~yL
zkmDkS$j9g9!l}nx)-mBsax~8FZAKjeOh665gM~2%+~qM)0M{+R=xp71o8<R<;)^`K
z{}_w{jcctJDDSlW7?58~5ewQDK7Wgd#dFmK)m7g>+oO_6a$CmB@qawazkgEs+pn_-
zNL+RnB$}JaI|1s05%#ED{-bRZwL{k%!UrGko4Tjz*7-WW@a@LC1HjUswEvJs^oCyt
z0K^ZoLofbzPTq9M6t{F!bb0^ctp1hg{Z%|~T;uEW2?%49`RIj5Adj{;H=55&c*?$0
zuYjmw;f=d*D#;)fo@NE9mIgRQ$%sUgOmUm)JlnGYtkO9V@$5tTX&ouW#rN<@w2~wM
zs?_QGUd8`(-v7-V|Gx(#disBYFUBtcpsB|T`#(kQe4aBMyZZiKik2jK=%?EHnVDF<
z+w*rM0q%T;b?`#`lRLk!f{PKnapO%o-2bZx{_%#Va*6*0IBlZW#aaNun@d1dU-vd7
zX3@rINzqYy=L}2XZ{hXa0P1<U1E2fv=-lbQX*<CqzA1uFLO*@om>mES^Sr#8o>t|V
z8BdSr_eT<RgaI@GiSx5RAld&}K!8y7C`Etr_I_{uxzV&gCleOh(m?@6!oQse!<J%u
z5CIKIAgRsk;ajY~FFyL(^D9I}nxPbbnb!M@iTIbVBz$5<6GN0d@BvIaQ|ZSqAHo*B
z_jy$urKP3n6x%Hx-lqQj+xcz-dq=P7|BnFR-^=yyxBL0w>mr!3y>z)w_Y&jd%Vad1
zNF6j78U(yujPk_#ui7$-dljW;sa8av@csT0M+u;0Rc$0rr^8x*71@9L*&_njC9J5|
zMWQ!8Xhg89)FKWs;La+Z)6Y-<Ci{I7pZ}lg9V4)7^>+x<{tAlrKg`zul$n#i@_c<_
zu$cg-(+&1fsNIYPkj-B-P0>R0)Bx0yLV)q9`_e7O-!D+c1VnSq=CR~|Bbq0;74WCu
z&iQ|<#VCl^079z(z-*yz!!!3>Qt~a2u3jFFK8xHzD~sGvE3?Y`mhf=ob@?@~_dO0I
z+k;Q|tsE~<Pn5<KVlf{IOI)8c5n`4ZnPM2b<jxHI3?(|9qwx1|#@^8Ps{hY|_m68O
z^8LDaTl%tn^pDv4S4vtRXkH{TcX<04ae&t<4vrW=eHpRNYaU1`)GYmAww(19l_-Bx
z@J?nw;H9nY_HF(`3s!1q)tFUGfIAM~dEaxV-<(MFyn|Nmt_b6Q^B~?|GdZPKdJqt$
ze0TTIR2$Aaml>orOV^k{DNd)eFn$GerbK_yM)mggZqSfyM<Ttp2G*WRI9+-;Nwr(X
zRCu*>a{Xy%7e~?~RyJ@h;-86bo}LR2&eFlOn(sec(7#lY|Mf#N{1clMC-ULR$8)~l
zx)&z3ou2k?_YMHjmiGxb)u1SDLuE%@y&6^rdF+hg6d;Amf8wU)C?`;5aGQFFPlfPG
zdEx@o<7a$>r?N?OA3O*NXjS}mI_*DMaeN#^HWzn1Q^WI!^>o8}o!L{@8uO#7d~v6d
z(()YY#03)cuEyDj1!Vd9@NIUscwTdnmEIwFtXp>)(mpo3_-S6wOiJtzN5((y|KEQI
zc>2?plyPpySrME&DI+7(K)6ykONMn~Y@`81x-9~EkF>%<GB~d0;b3z^4?pdG83Pan
zLDlOp$CRWqLPWnq2!EEdyGH@WADK^wfd7-JI=O{glK`dlMiMJvR{~$0l^M^|V|XE{
zrTnW8HOqR;yD0?`PAS2PMK}JPy1~zxB$#vf1o+oZuP;UTu^>F<!^6A(jq-;9<qzt}
zO#bEhUWEimOu-Bq%_JoxF78A}XFtBl>MEk%o>V*JjP++pKtY_sgK38i#->XX7MMI}
zFPoj(tok6JeDyhxub=yqc>MdL{jC<Ep(kG~_XRW~Qhqff%Jo?10RkT0C6aBW^02J|
z6UwMz7EK)jC3a-|Te6X7PFt&px(ia>iDP{W`MCp~?^7FUhix5q9r+8bw7)w79rX5o
zlW_Xm<>`|Xq4I2JZvK6G3=fZ6pw#Lri<?gHOi?#wD>^z+D6sp50<KSh4=44r@>VUH
z?O_&}Ged&fted1HKh5*Kf*hP;UCgl&3R{G`w|KUx#Qn*Inzif;csWdm7m3cCJA3*t
z+;re!xLGdy{9F6}e`vuSb`Wt-E9?SGyii+znT#<b9h?gR3`H@^syWmH&gE7>o?N?l
zU(5Xa18fCDU}WAyVKiYvDA*q~OIzwg1T3cFiUqU~kuhP*<`zQ}NkY~qq|s1|j~@oH
zjE5I>2=F|ApA^%{NkQ=O{)>mZ_v_&>lH_M}r`XY%@qzcG5orQG0@(@Y$>&n%*I1r5
z5X^41+MqnAZI{2A-(@dvTvjamp5%^ReSpQx6CYwaMpo>bKa;3kFq%kl@miaw{(pIU
zfa@`=qb*t_lZC|-1Q6pTokg*_@>5^^q@H&-Q<bj&*z;GdFe-Vr*|Mg=V!4K^h-klY
zjef*M?^A6E73-6UTnlp6ORH|{k)3GN%6l})?m7I67apDFL@7^!_fAnhbN8>PO#i{Z
zo;``n_T$f=gnSjn>dno<XC1xf087lOV!QT55~sttAuTB>xd07&>eL#`)r@ssgJyN)
zCrO$K=Sdt5=JNhD|8`%JCYzptiM`7=$!qIF9Y3FP)ZCIi$zo(1QdR%9FZMh~cOvGj
z>cGD#MMuYLDtINuy_aQSu@voiIkieYj~FK;i}LvrTNb8_aqrD<T#ipr@ttk0^fQ6&
zq)gQ4P^yVv>M4cVUM<n^6^Xt<OlW_)SX>|AVd7Dr>3IF`2Y{isewhHV6B9r{GOusY
zNoiR{1Dg5hkxM-y17sQIF2OwsBBee#tAQV28Ao^y-a&Pb94w?Vb}82hZW8{#I|;4m
z=-<YjQ@Sl7aA9!sYl~~)6S|6-_#?#{QO>OAcO7)jUEAtte`(v{zp7X=<6vw5rM$#S
z@n--@xzTDYS@H36JknQaz=Oj<cJB9y#GIVS(B<oYpO@-&EC^P)g-COL#YfU9cUqn$
ziDhPHuK5IrUAog%9GuP!8^0rYphKGuck&OWY0c|x%7;9Yd%!MP?rp?9YORmTy(`(*
zvMwL9H8Choo>C8e@F0a_WO;afKp5<_>gbT3roT-@AP=Q_Np$&drMkajMm~;{G$6@D
zsp1SiiD4JO)EpxqX(jt1W>XRMQGh9d4*LajLq@wQN|LNyW_6vN)fDx0lB9SB{ib*=
zpM4n8znlIVdnZeqh44yZbq9G{A_<$a<{EGAHnuuqu>)z5HipjHpYl=n<l??gy>g14
z?oWQU?@WNo0W<mE4)||z|MH*CpfU&orr){$ns)T}K9y{13lkd+`HC`iA(%N0`C*-=
zgeWCeNK)&CL(fE|*__i}17j9*hI2_{bCd(&Y`dFxVK5o7_6-8#g1US_yOMZK@3*^4
zJh|DLSK)v1!rwma|KjvQpZ${c6FN<hfycNuQi+5FIPYp{2|~V@D0;VNMys4R3}8v1
zr7cZ(VD|7~X%Wqk0VaN{oF(1Oc+pK>X4Q;@Bjpyz!D_vq{q`#-IU+YFS;ODYB<|e!
zWx6MSMfml1BvaaghQecGP3E}e^M&_5L=WfPNzh<{<c>RrtIG~%u3xPbN>`G|QeuGQ
z9xpQs?sd!Rbp%?F;ggI#7oqrNb3BbsDjG&nZ;t+Vz4PA(JH&Ayo!QKU15bNmtCQkl
zWPz<7zew`12jF_9#Tw3~AHb-S>55QR&+Db~(QiAccQ17f%ZM)qL?r}J><R<iWn&%c
zQ%OdgNOHU$;mUuq!v8dpe1g9u*;(mVh}ADC8~Kw5l)u!~V*zA%cnL%1)7h%<gM+ga
ziIdXNgP673z58#4cedwJclI5DTefjZK4rS}Gy>^psL^c5pMu%Hf8~G1*T2YplC}XY
z#c%s7Jrggw$S!UBC}R5{!dhXv_0o$P0c?b$o%LB(ZD#V^(bv(#(&MX0p0@s0IWk1W
z{0w63LU0el^y)!_&<C;bgV`sCi}^3zC+#UWqK(AybWf#Y^F%r}OK@lZeh3sl{!2zN
zr&XdDSA#>USpL5Brut2ez#fMAIYRX}l%)ppVcd_r)=EdXQ*BtXUbLs!_TF|c!g759
zd-f|J#Xf%}`}6@G`T`}Hx$#B^|99f}pCgQ~#(<=;eqS;Bv=}7FXkgIxF+7}iRAzSc
zXRWJk2Pqz|$;MI3!KdfgJL=V&%wOVvn(@!E<VwECWp!Ev=4Pj7j{d9@0`49vv`@!1
zN&yII*shtK9>L5xoUF4SNX$I1{AYFjqsa)!FNG;RO^F#TXSlgl`_hX!B<{1$r?+(w
zc5Vc@eM=egbwF0)->*p_!c-kF3kr?Le3I`VsufK*-+!tV)|Y@CYi8N|`iE@uKMSj8
zPuMRlQTY{*>gCS7;-|y@Af+Mc>DH8;rOH{-b}!`X6J&zAZLHEQ@z}_HHY%BXL&N^`
z3Mc1dHeRZX2Vr$`LuPRS_}*OHH*R{Lo<V)siRJ1!AO81=wO=3p@=10lK8aOYS~ib`
z(ONbo2pEpY*d+_rc^xIx(aVO#tk{Fad8p4oT~xf2ptLbl6-VOxDCHbM>5dFwI)k`t
zPftQt23&%*i8^8S-?taCq@Zrzh{ym<lJ`CV((c*@{OQgN(mATP$p!6fbSq{*cnNPm
ztEHpw!lf_mnxk$i&-pAh`=WedHBaBwnB3LPgAxAP13ONt=3IRS46XhDv>kW6xWHQ5
zi{3N|g)FrqM!=caoqyY5by&i5ATRwU&v+X3Bm4c;z`5TgO+m(t4ky11nK*+v?gGb;
zcbtz7g>5I4d{`_KS4>{Y-wq^+!oK!*mJTuFpVuWMPhEzv-@<zr9~qUZCR(Jjf(TE)
zV1zo`e!mc}w*EUG9oa8!I>~9zKl|@<T2Mk@21GHsifPZfLX|231nyE_ws>28z^Q=e
zg_hs6VP;@xsOBm#`gSMwz|5Fc?M_sV4#S<9cZ>sMk-GUD<KhZJ0=EX<V2qs<=uE6^
zu9dqq7Gkzk$obbs9pY(R-5;$A-iYD5R$H%=cI~v7O(X{{omh_Y`Gdc23Kr#l+LAMt
zSd2yHRc)~zu2m}S44Wz#&C9~`{Q=!f3K_stTOGDrDC$t|WXlf<kw`xcBi|vcITh}a
z{~+#x6d~%x*a*AR8ql-7tp{6oy4d6*lGP1oBS>2kNnq}9*w^BA0XLgvjlj+;<fNgS
z%EwmW>T<(k;)SxIu@n`$V_w}hQ*QLw^i?!SRhvn@g#VFegCyX;&a-75bf?Oq8Woy}
z(?5wc*%!Y=+mARylq&93^X)MVmz!SrVmZ+NAb7wN+{MBPO?q@}?9w>EK5M(lP*lx;
zE#EGK2}ZESi_+7g<>J3Tf*&k1V-7>2lhoMzSZ6+Nv+5I&JH?3wXel^!1!J&Nbvg$&
zu{s0-jOXd!ygqf-j>N!WISzXi{ujyz|J8N@GwwU}BpjJwpEFT;IGB25ad!ZL9}+m>
z6q^sMbrx5Fvi02rqT{=BZFd2YQP$19_<ir_jPmCDJ}k#@3Q^=8zYyXdsx?X4<UN8#
z2vG<KBC3=91x`=2>cm-T&j%j;(@*|KU;3Eobp<{NjOtOaWCUj_ZLHz)qY_IJ8uAgB
zNLoXHnRHTMyt+M?(F2l-YYW^3&+2R?TNM1K9Sg&+kCWu*#w0B%{*aoLeC47#TCvQR
zd$`KXq2Us3uU>U0_PX=!<uj`qwsPOui9v<sujwDCu>7~_-%s0Xpb2)Ek<(%DBi30x
zzpF*%AKt%TAtSoQ$wXZ}nX6#KE?+*cHbOABO;z9C_1Iwe*eWozfdSMKh_C+6vP9p3
zLW^kbnOA?mMtugy3pkRGa=7>;BHLD#Dl)V2F+wBmtn<QASJOskIUVBQnmyDbhj`Tc
z6_(E^!@2IrM`Y4X>YR>~JnqE@#k1Z^j~oBK)4X*HKi&d#{FJf=5^tQ84DF1;3cbWp
zYg@Do%de#TPlYG<Fvz6FPbCCFPdV?yPTwWx5&HU1ZfkO`cbmxs@7BwI25$e+YZ9FV
zFe~>!4s}=ded7xnlKHop@qmDUj9I!(Dfu#K4c$9t7Kb#axgbZT;4UmfNcX15i12W#
zH(fxM^p*by*PPX|W3r^5za?+420wjs&=Yn(WS5kZxpJNH?q?iw`?M;<2Ze>LT_fVW
z)pCCBHz@lXMWJVFafDAPQawL``f<{ySHaSMUq>JRyaU3NRXIHHN4X<umUqBS(A1SG
zB4?ayfyG|Z;`RBkb$u&q^wXRTkZbDS#Y(e>k~cnlYU%y#L3B!fc#HMq$XR3P75<AO
z=aaZ4?;YTFxDz2RU<AesDhSE0>ZZ^#cJSK%s&Hi0SIy=p<JgJK&hD@zG+b}@Q@)y(
zsv)G3;di7|O9X^cuU7W-`$9mSHl%6j_M`ve>o@2_nSrMf7C}t9Z(M!=LIfaf?9wv~
zCq1f+v_ThXMOPqgfm=+_Fq?(|;c!RCAEKaQn0NQ#iX|x3>Yk<h4JfO4BIt^D#WVhe
zpoik(?<@?(0XC)^I)KOYQKn_m_}NMP4d1V%Dw-06_uc9r6fw}cJ-eyLb%x-7`nbpK
zOwX&GubA|dRNu4h$&k6{+`AEPS!^(wX@Rt7Ml^u_jb)3o*-87$?K}zlq1fHQlUhG1
zBgjiKNTwz<yU4HEvKl5pTx8o|l^Vfu{V@njp`$T>e?f+<my)2)ZT0nE*SP~^lN~pw
zY-g2J6at7D7PBG9<SUf@O#H-D{}}pteEnh&)qUTVa2D$4we1O&3q$SHIJMV)UhzEK
z%}<|`EB^e$Y|;zwp3R&_37Y6M+YPnBuSa79$7ko`V?7v74vPqe^CQVfVt08U>S<dN
zG-R$VkreiZD$+e`WPRhcjjJs_37vFMlSGyPWBZS12oTT<gKIf|BAZ)EmQS77c!Q8A
zQ7}EWFehgFYD|&e-Ldj6_Y{obvV@|(NqsWWwO^^;SA~;KhH=LEm;|e*`dRYRt}%5d
zeg6rtwQ#F+LjqD=OhXE43Qq;BruaD2w&eFk{jb^J06cXB0cRPPQ8^U5k83_w!LZ;C
zl0`Pp;V;Y2BUlX;h6?o;Hzw<LP*8Y}oasP!65OKXX@h+@ezD0|BnXd~Y$lM$XY5wH
zW5BTfjr8uRD2_GQcoA}?uyrx0B_h*y@h;#J5E{OnH$m&Z?^$Aw=1r-U&WH2Psyv#f
z;;)qK`@Baj;OHTQHWM3kWV|LF0*lZBBh38h6%%Wl)_%CrZU{6>Oa6E_1w)pJ8O8ow
z9&9dj$3S+PXer+?au+0Zpa~!q{#nYoPr>?iy4|un@rp`M!ArF#t%3c)vG>C=^%^Aa
zqM^s5qF}|b$XtF?=(s}=CBVO&!&*|Z=m}PzGG<$$U2kyur+-Woy9%vm2Rh{Puq8=c
zsOLeIPPnIkF;(tqPk4kItb`Zc4@(GKev$bhUD2Kn4o033pGq3Sxi&W@>9<nx_1mzx
z7mVhDR?eO!&2WcgX~ngKb7nu7U4Ne{Zj`_`LGN_zA5LpnWjY|MUcN<%Eaa@(xZS1A
zF;Ct|37-8U^Z|x0(ewD+N)PV!<CDRSx1>o+l{3x<mq<S;Z{b<HO*c-6xHG?4_9FO{
zRkj|*rV?COFE~#tzt;i9h{kjFg1HZ+ib>x%S9w*<S`@c7=v?YP<WT9|ts7|Dl8a1;
zY>Eyel-w*G{@zh}-?YCon7X~`bB+^0wYnYp$bp7myedkO2!#bhW`{SAhYXW^U1>v5
zXqTK;l>s@~YIsA%@#y+136Cqi$MA@i42)qn_FW?y1s4x18j$tDins?0K<Dtd6P1Gs
z3kyFPhOAvfHI%1YcEj~Jcxd)C%)gdEfh8_N(*X{n<0}8XNMgqJ*0yBcaYw<sx+!;A
zRXhvB5l6G(h!y?t>}UFtEfD@HYjVZP)NPlQTM2wsZ-UoHq}7hyCDb%(lBfM{Q{or!
zJOiAa(#5H7xPF<%lcGaMlF{t?y$MQ7v&SI-%Op%c4bd}Nep9x{pV|Fmt<PdXQ!HAP
zJAPq*bGo-sY}>z^{)O4ado^eplhOUPWFOi1jZ1DU0(rV;LF-pFXmI9ZhVU6J`ddra
zxSwI(N6T82?056f;DnrcBfAY?SI#Tw(*-?mU67}5I5TAOB_<V4YjVh?lx6F?;_YI!
z5*=DHg(W2pNlj?}!kK)5)-|+UU^~admfb?D?5A5S6mIcVh*ZZJ6BnLOn8xC=;(m-l
z!It`WA69BL>Si=q0_0bZC$@8HLw4^YV}${WX~EM?*OAsejkG<~>HrL%t1eJ-_l+BR
zHKzC{2DNjm+(HjZ_@daPPyKF31X~nr-0v!NhMdqr^tiK41<dgtFW4x3f;l8inQ91Z
zez3E@3F*qRR2e3_xxS5T79muq^Sxqj-h&G$zeN)GOM2e8E^p3RstY0D8A@y;HZc>P
zWMJ*o5-C{cP<8m$81wGN!xm*#MAXNAgscpG;xMmzATc9gJ<)O}x+d}P&3QsPnxj$;
zu;WixpFnA3q8@ww(r`mSI4we})Pnj7?Spzq92Rq-TTRJ}!1SPev!-l<{mPbS!c<3z
zy;EKoY`n@UVncgus~PcX-wQQSDoCj6F`CvaBE<bMvAHW%ZKt^~WHG^EoQxJt)$M?%
zHJ_P~<a~Iu9BjrUM+;0$reT(pCYKI}DjjI;j3yeHH5AY?J(M?T5%q78TAQxx^XMi(
zyyA7KXtkTJjoLH*HCBsV=(^+2Z;XmHRhSFBW0iJSSjzsWKnOVs;$SGVpjfa3B{Xly
zEExE)>vza>a5i>iFG&JD(281Dn7)kZXi@lh{2b+7W3X#NA?Q2<zwmQ2R^nKKOF_>V
zI`VT4OVVb~JGsdTC61$$2IYqj+x5$QlD}%~bJ+Mab@Kj)lXi3uA3_1)B^Ni-0I}Ig
zx!1EN1O&G;;q-xGO_BgXd||UGPQm9bDds8|;e=8>G@&02JU9m?wlj4KJRURShy{|7
z+<xn+n58IjbG1Hzq}T;z(UJs#lCtkih|5R`9r|a;%3O&c-E(@JET1~E$Vtc79tFv#
z@~7o?{dA$ckufl_`mnQnK2b{G#_^8Ao&pK0)a&CHciP<5>W5PeEdf}C2P73Rl*(g|
z4xW)4|46(aIPT_<2nkl_uExr=h7`XPQm+;5nO33dv#iswh`3EUj-8Ey84Y%RGg0Yv
zuQo$IESSjlyhef^(ojdpCSZp1RyH~05=X;96N7eJRS22rx@BCkm6iQ!2<$gA$i#0H
zc3fSStm-(<AcP8Ep%^v0&!+Pznu~k<NT$`$(k^$Tm|WZ7cw7Cu-kNaAYFK#q%rsFB
zjm)y##c5YOAJvC_-T_O`v4dsr8{fHf^`lkOj`$$FwW9hWzR_MrdHcf?70g%*pMVvm
zG|LHhAv*r~j@2a1@()LA&{l6gZZSs+|5xBbh$Y9Hth(KIvuq(g)ERqm8K}1s?A!83
zbrI!LJ#xk^;S!T6y2!Jhj!Ezpt8z=^S;b<b_sQbdWTS7aqfn|*`FXVXBySS$BHFI<
z4!}|dkjChaG|X}z8pUGcW#XH73FFrxG~zQD$OsX@EEa}Dwb<n!NADzg7cwaCu~CkW
z!WGpa?$cWCcbd-V-Ujn6@l4uHy1IHF_M_el1-?*Fpp)LA;MzKE5u7>u2q%D1x@tD^
zsVzznB}s?7Jy^)#vXl*gslL8U8N2vFq}K6qNlx@#Y1m+8lM>T~de8`I))Bk`6g@F5
zJHPzt+W4J}8Yxn0W+e77d$fQ3$_j@Sz-F{IsnBtv8>PfK+BNk&!ZW+DRn0=jU(UBU
z_zlw<$G<R~dm#b%$Gbda7F7@3V&hp)RxNBhs!=_=1272Q19oMqPNbzrDPhktaJpm<
z$Ve1a)T02e`txlj_3y^79VZOglsjjd^VL&tTE@{JEzZD7fwVE~MK_^Z<>|#QalgY{
zuW{xNv%}E*IEXHuh#&6gc}~i_k>r@rYH4elddxrVLu5E&f1F9=WYPyfnXDAcqlYK5
z9cZ~%$II{L%fOGoMtplHjlqGcMcL%j3e4UkpLYkdSWu)Q9$zPWMNXBDB-c`m8+KS=
z7W*ck`snpzD02D>8Rh!+@q2NabV|#X#HW$fE*7LTDJzjL)x^yaslmMPo-MG4`(!u2
zTA5}GY?B%{YV_!%{RBO=?GI)Zkyty$ve$Iw@XoK;THK$O?vB#S>s8xX3gfN^M_Y=N
zIf1T+i~XSfq&r3URNHkE?+{zL-fPhTml0qrjNU#7qj_?Pz-5Sl0|rl*ii)(qJMvNF
zJl<dqVVkVutp1d7>Kl#=ge!zU^92~K4<PR-*}@nv%IiGbbhjPSk3z4BfnbLr4+&zS
zm8j}Wt^%u<ljYbovkrievXZ8@-j)V7I;E@R$dltJ?j={QnMohii{k*yAQIQ7U2@Re
zUA74eFt_}OwTsXOXg~|a|I~nTw;UHIz+~{rNM+!9hwt)?xSpAU!PE2l1{qD=Ro<*@
z<MR_TQ@HQ^8vH1#jsWq%&g6wa++mSrxSBY4u#0MtO?P;R{=w2AP_r2pE6EjG8w>;R
zjU~s@!$|EacoH#F#=G|qtB*fR#}wXsweY$nj+bzCs3<CNb(EWx=W5Je(qMALlY&AR
zWa0-#T+XtBW_^pk0ARR-&d@`-s^C-t5@2aSb9unyJ?-yIWboRvd%7tU(Yj=Sd*B@r
zW3{aLa7k28MJ-T|n;&fIc8m{hNw<~nhKI2$3_uCnE>rX-VGq!j(CxMAb@z(t;79s5
z<N{E^(Qioz@CUDPt)3`Au*n7&8MNviR)3P3GlU3gjsO5yUEkhZzz`Rk4|p#1=d#tQ
z+8!0mW}AmCPXumZf&|OIY2))l(NujoY6`wb`_mzMo%=qYY*%8bkbQf8v=)pF%v9LL
ztyxg$3(J)km{8ucY0OyVg{%xz<6Wh`8{MCO%rL_pH`syu87#hp%|ipd4pGZ8=)Ki#
zw)Mkh%Vcp{7foL`CQ+@5{jZRe3zV+od&^J{R+aX|;XQM@51O|!<Q*#Nw~j3L7N&(C
z+rPPIwg35Juy^t1+`8C-h~E_iK#`Gzbh)8-u0~t$XT(u-)`i>)bDir*61OqvxTKMw
z-AC&pTZ3M6dF2GM4#9VBlLw#m<3zcxF%DlOc}wukX~G>B>=K%Nv<EvXIC*kzIwj&E
z7WK9IOdx1j8~zf<?_fe3TKux9-Bx~e_^#_=apumXAMJjFJc_oIh9t=?j}0(YNzFBD
z)8#6ZK*7YQZEJ363ub%nNBYjgB1}u^2pDDzmfWe69?7?0-+3{pYl1X(=53-~zc;xL
zWAhFO;e`vw9`p<+8O?mx-F$FR%mE#rhk-HJ%t?;YXEi+y7qr=>>xp9@mn}2dE-kFT
zYX}nQg1#LL|2cOkwR6a8ejHN*&o%VzL0Os}DmXo2+NB-0S$DIYPjHZkZxw@eF3T?w
zyjX{5h8iD-XroR9vFBe4qIbYz?aQgS9)w8r!hM~YQ%>(QIQHkJ7^JJ_Vh_9Pa9zGl
z8z*Bi4v#>#_HpM%Z_ZF^cW;m_H+A3W*TqkcOmZUDXljS&4Q~zocRzHC;1c#@D|B%;
zJ%%Ui{8p|;?Kfno77$OFZal1c(rYp1(x@4|(C=>dJRYk&nd^s0<y0z6JIacw-u>+N
z_BnOX3O4}HzgujI;+$IKgdmSDNs{5p7$!QAt&UXsVGoxfv5z1;D;{dr)*KbGm%X;b
z%K%OWsdkqC9sq`~N?c8wO=3@7uhB@C-bK&Kt`j#%b(WZq0F2*zNVlqQu+?p=&8=Nt
zSZmdc?~f$Mn&?VFce@)aPIDimAPjqo3SgU<?(@UPaoE8-RRd<p`mK?8r0Ko6E*Cd{
zo`nRGK~gkvjvB}Z(zmk+<nB3bzg=E{sk4-EXjO=k&Z6C>0wT8#TZqS{8LRo}7NRx)
zBl4BLY=;<W)Z$w?bHw*xKTHj-Rr!n0I!`E2-L2Lw<$%hUAjF>@*P4|jFMYo0l}n0R
zxi!N(_+o<xpZ2-3YHZvCH}94Jm$}4hmw*e25OVEc6Rp>DO1aJts0Ch!V##pF*59IO
zUEW;&vZ1p<s-n%X#p?26;fsiDbpgzAv3%3lEaXLN6kHev$0&U=qgu~~9jjN&e2_Bl
z!ElJC@EF$USIXhVjw078mMuW;8oOh%2NK$Vq$fTEq$x^M+6_3pah4X(qF`1&RY{oJ
zRhu#-uDkQ!MPz6*wq{${6wYm%C>E>AFB+qoXx%q_vLk-f65zR9zf@AcjU{c%h^Nv%
zfxhc32)k!>z?9UvoG*8g3q@h&F1RU5aI;2rly(9n1d!mxT}$<v4x-je@Ecam3{l@Z
zK@p@UdS3hjJ|~BSrg<z4Qrjq9((pN8mPnsBCR^ND9ti~1?sV~hmI{?s-ux8@el9&d
zB<If<sGNV}++bj1_<qocUWecaw~^rI<ebbh1OpRO>-<Hz>Ky?4@TReJt@F`#`Pf~s
zY-1YkUow_>Y_S4g*_^W-vm21A^u0_Y>RK&U;rIjEZLK8Gv$cIu&WD6i_5+RnLD|86
zE&=kw<r~q|H70$m6iiiQz8a(bNr@1boP_~+@=pJEg)qXK0-+Bq$J4|&UB^syZ&Nzv
zZw$LMB@EG)R6WqQ{<`~$pNmp9+A+eYvefJ#?bR-@FK-{D96ySr7_<SKev7N#F`CSB
zMg7&{a%%3M7r)NRu7<d4Lo`3%GNXJhwd5Qj*!j8Xv*Z+}T=T$8?#LB+v|0)?t|3xX
zhdO>HtA7wzoHSMgjVXp#TOieAL<@5X9yz0yCO;j2>viwhadp+MhFfV{B*Nm`Uv(Wg
zfSlw(_WRVQfkG*T!iv>N!=<L?lufG#*>|UhIQJ>0ut<9Gt34G-16?f<6Zn=DPHyW-
zNp2-xHTzRG5u#Y<KKLsWWE_?j(hh~*@TIgEhfW`0+x<+{YlP=Auzb1h7`|$FX5qoW
z&JoWl)R0oo?U;KNt{c}k<(ou4kfgG^UUIBWjU?aA-?H8^9mevQAFG?&9b(O8)@?_2
z4qkS{Ex+{rz>LKDsf;XD{5*PknbzddhzI#JAtQ$AWAJ@q^zM#DBCYl)Jp78qIIN0!
zV&_O@PrL>4yXa|jUhS~c%SSH31fr_wDg%nX$wmcw8EOe17QuwJl<&ezfUv1hcuDu(
zFK7HU^BEW*(=$e=hHU=)X=m*r4T%yY+tO(y6{f0{;?liM$Ug3HjBDKj5v*1>w3H0f
zPI!j&H-45wK$yazUEJBBAerM6z__=)smT_6j3sL7=<%0H+{q%!H2*?V18W+Ny`P=_
zxtSsWaWPK7__o_|HRhfPp}?TGMfq&M$6?R5+TLbU`0Xlrb@IM~NqZgX4v02nj<Km@
zZ{U;s8}%<1Orl<5yLFqnMTpc*$h#s^rb45z)_I=`G)_z10Pqmqokd#t<Xg$qXuivf
zGuskd{04up02-I`yO@L@o0Qrvk4p`zYOU#YXeqxpu39NA>XT4ycpFh~OEN@rOW3XN
zq5IJ});k$IGnsmRgp^Zh{{B<3n#U$OhaN<9Teq^dv{T93&@U7wK9h!93)EOp_#2}D
zKxH~pSP#=yxe7v-`lgU+|D&Dp%5BV4w8a9AU5--$bL=Cu2uBufz=g(yaU=+6?}WU=
zQ}nq+x+kO7IP3P=k$dd*^gH)~54#jgfFkcYv0tIw1o_%gzyL<7bW>4%{#!R&Ue$}(
zDr^+Y3=z;P_|)~5fX9Ynhsm#8PsM%#83M(6J0=<u{BYvGpGb309S7PoJ+Rs@s8F-r
zKC**#SzoG5Em>1S|6oHWTn&mI>`3uH&pW|BBpV|TpzI%VeuZo-TdXus%WT9mK2Nt!
zqoL?09gGa%p^^zVwwJ74g{6hD8OF=UIPb2pA>OsOw4`*Uj>=4%TVpE=kmdV)sqUD=
zE#~uA7vzw~Yfz<vUA|rO{DWmD@xnE+gO@N@3HNyG9V4>cg>fa<XT@XrMiv@bgl{6*
z)r1v#UL5Ud@JcVqbu2F$s!O~l_5&O_p$2W=*Bl3?9jj@s=%#QM774)z-FrOM`mh9G
z9*BGnxm{8QL9WAL58RHOpE#Q7cZ9AOR~dG!l_<RscV$+(1$PHsOD4=wk6ek>&f^3%
zcEEO~9p)F?vi!JIB)91CW`v6N2ik{OT$q7kjM*0URX29G0+YoPU@Mro2cQI&4tbo8
zU*wDmAQjb1k^ILxwW4-Gnos9tsd0u=8RsGMLyFS0ZHZ1{_2LnSwHP?NY}HP;^WDL`
z<BlC{!_By1pxaG>+j8@>w$-jamlSJ`;I#b(WfBF6JT4C~1;#HQM?!P8mQiO-1tunj
z_<FV;5|-{Z8SgGP86V>!<{N&QjE<7p98CV!YhWCXQ(CNBI|7$G0uOl?k%s3PcROgc
z#Ve@D6v}9c+RyJa6k`mBv3=%~yG%*0v3XTXtT(BegYf!yWJ_g|po|!lvc}jBZEQcX
z@BDb48c$4x?JA>#`Eap>YufM#CxsI?RtFRcO~Y}~O3tMngpf6;*_#m*Ii!VG@Oa3b
z>4;b?`nzU4JAj4$I4h6`CXi#eHG<O9L6~mi{p{@T$?Eot_3F{zVL@MvN7@Hinzak}
z^?e0Z`uL7r7ptYHeYBchftof6!9{}W-yx~1qve6v>xuUzFLk)B;ECJWV>v`Q-}nr?
zd!0zg7p8iNL}qm!BIdHQA_JJ(LYt5-D4Ij`Ix_A1TuxEe{(iyN?-mr$zJl6-5bD;H
zvC6&9e55(i;?~=%McZx%h0jvp$eOcndgtS9@|clPa=rC9bbCVf!nUj`*N;FUk70ER
zN}}x)Q**c^HSr+daZ@k#uI;v7UUvoNzM#A8#1rXKWsnCN<GADv6&n|A2t>e~Ij5dL
zwY~b1#tW>Z9fbt!SIRaXY>=!%Uq5yv%zf;7^%DaJM?@s&!83D7LR!F8TReJo?uy?d
zPJpcD)*U!*zqF-k2y@mBKw#W`%LY4r9wy<3m|6}xYEGLqRqwpbNqSui`qQC{yZM9^
zRtEx)G1+{6))%czcDJ*no-p_oF_+7&YrDU>MAe?~Ou#&cxM=IlHtmx&WET<RI9&$1
zY^`D?^WG4Rw&RirnFRkeMr(cq3ev~jZd`5wKgKxdbx<#<zj}f?KWT-MoRs(=Ru>QV
zySnO@P~<wcg;C)EHLKkKN;M;MEqAhUQ-pNPt1ElvP1D%)OAx>)ydkT^mt!bHI&o+k
zJ06>)GUD8X8Z3CZ;Ic`jD8-(4{Ct+}QE&d5)f!+$uALq|V|C>y)7}NU+_wp{l{Yt;
z_?TK{z<aSH2XnZ$IjYQbliwWaWQ-)orGG!1FK37D*RX6MG+W`@C4<3KvhA-H?C02J
zBXEabvjRYq$<HKAvd<xOm*)+I%hGM;=NG&PAmLq+oLZ8`!uad9+=9nrgA*wYVYa*X
z2c9W7-OBFABmZt_4Z0^r9f{TT>sQt<zRy+q+;p*OZaqATe3sX8+-nKulFJ^8kdk$p
zzMr&_Hm)B<;_`}3z1UyC(Dw@UZ2`w)ieBlSLxr160~H?pc1!FdcaG%M*0lvO0;JiF
z+Q&~tqE!*?4O`>iOE?b}=r_N(WhD(AZqrdHJaky?7jaC0!kn$vx~erin1^;SQdgw6
zU0m{S)rul<gLUX5Yem=SZ*aX%<{Q|0*1AtG;O<LGJl@+Ou*?oSK8uq0{5odD<4|wd
z{ec_&t`i&uOp{H3?U)G^whr=jIVbPZWA!Pa=c=wmje%OnZ!$3%i$k0}C`h{q2MBLi
zb4Oqe(CDTf;i&|jdjGCM8qggQHCH!8k$>8f?ttxu*R3ZlrItNkPqN3rGf)r(^uy{A
zECd8HN`w~fBVX2;4F<{v<-6C$D!Th~HC&CSKw$GUI@0n5T(hRa-7z8QitHLJzVUZp
z(@VUJ4lzC^7%{IsF;T@>8T7i$GJLAOIUE8Pvb*GcgqaG2Ec6BB?>BJ&%Hl9V*C;_r
zL1X*!7xTj-?nPwja5@Z0!dOMTBVsF<V2oLI%G{0QNJ`1ht5LTwFfi~R`rh5giG=NO
zS@2_jMol)qdxn-<>9$r)+q2OOoA)C}(T4ptR|#7qB`+yo0&s#6-xX}Ik<+Ce$>$47
zLf^iE;lX0Qb8Nf_Z?=#C8=fAP`wU=kDgFib=Tp4fpF1bB9tHd@^A)yXIP9G3MIAz6
zi3f^9<o+xY<vlMr?5V>J133b-2aA%3X$zSHA3+_Rb+t2O5+rHec05}+7xEVaWjce*
z?W2eD5r&(?pn!Jh&2z+HY&sbbf*_yO4~iz<YNEv;ZuC7;c0ZUUcb1p#%cyz#3c?3K
zD^cmRXfGmr)hfnuhl%5v>%;NLgtFZ9eXq@|Fc{ac6OzlVVA8s8YOX;u-41Q)d{i+I
z2b8ues5ApDtt+oXZsoSIGs;e^V+r8YFv}wyZ2iIS-qZV{ozA;`mQa}du|*c+i<ipI
zsYF27xOuOEy+V(!ttjEqejYXHe96c<(Kz2R6E76&m}wM_Cb&9fj4bS0%}?O+!&4s3
zER>P<#DJ<%b51IYbZ<V47X@+C391%+=VFy3r}}kXX1-mk{+?#~td*)yCe?RXytcK(
zUU7kd%yu>j)8Tp80d_<l|6Fgf{5|i0Zmw3^*@os!uC7IllwDAfVQ`{gMeA8|>|uO$
z@YZgluq>Hxfq2Myy;!LB(|1%)!0=juYJBxjkqRw8YSbqE%)%l<eX#K&>5ULHIpJlY
z-eQ)`>O}IyJo9F8+854;W=WYXE~IjqLrXDCZj)7dvEvY)5Z<yLWaYk*XLZ7`j0pMa
zGF0=RzphWPXRC%@JXjJU(}R#B#odm}?Rr;Q&5u1Hw^QO~;D_;KtK?@8Ge|yv$bEk<
z4*=wm4@{)_jdegZbj>W&Zu0%pjDdRV{Y=wRGl)JrD<!&i`>g*COIBTgA0MZSpdxMg
zhV9PF#-OX;dnmpp+9w)yy*OXwP*CIMaxfgqe#m}D=<aZ(B_tQSDQ@}#Y2LFv@ebpR
z4i~$2)K<*7Qn2%7fbqiM`hB=*`D95oa}v~5SDq#Cv*RRTB^gBhR!R1=^~Ix=`Q_LP
z(Q|K)Kav5v<+PkgCG51Nyjgwtu9RzYwbZbCQpC@U&=8=`@6-`aTv$<9h3*aR`4UBJ
zeUNgbd1+Y_1>lFPAT~Ej-vJBQmhBGszM>Yt7AJ8t@#?WiznWZq$2)dMYR-_{g;|-P
zG@t^tFiX-@%{6!6@&8fw=HXEPZU29}qN0RSD1}1C7FkE7C|kCK5V9sq_HCw;BwM2F
zMq+H)_jSsWvQ3PAo2-K|#yW%9elOMMx~}`UfA{zMz5jDChv7Z%*ZDq|=lOWbi$8%T
zfy%1^m1jL;fg$Ck8fD;XXgeccpH~qpp>Ma$I|!9lLRqY(c=*qDiE^x#pC_%D$9Wv(
zK^ap-t*<-xbHEh<{g<^YVD&ZvXHx6`dVVX<UyGSccNk#U`7tERv1JUkLMd4sB6WPe
z#*g9ou1i?6OyhJO*}JwxuH*I=awDsNPi&x**8V3h)%NYgC3%MCwuR<ajy29gb^rk)
z3k~kP4Z;)FAl`PEj)}r*QH%<q=Hy9GXxU{y!Qi59GwS=qWN9JD4VUtB77YQ?j_WL|
z)-p?|g`rPL1hv5AuCNuR$6Iwg4vbJU6Cskj9|jlV9F#<fnx}+0Y$0(deV7G|7VP}A
zci_`y%`@a4A7SJ4SXb?yNUzsXC8MI5cj7p;?aYr$9bZf%5r%7i@H=t;OG^9W;`u<%
z%*@Pd@h3^)*Zv4^cC#%%1L9bpw}z_5hfgc(X$v(rW*3;rv+Vw=jPlS?8WWy2=n4us
z%$|BoB(!Vsyp?c?n6hqU+ccb2Q9XitOi=cQ?@j%ct%2#5TWFzop86ES)`NU-G_P69
zmq~4u)oE-X>lNpK%EKB6sgT*u_Vtm%9`|1W`AS2U&5D~1e&b<c8HYy&1%}bBq}{(A
zHmO<;#44LlaMfG2l+@D+W3>aab7}ku4TISMn**I;)v4p1HS;T_mF;U?3Q;6xqM}*z
z7F<;`?jvN|AVWV3dAs{<g9UN0h?4%^g02?nXYTjW+T|=^xS}TpFw>#uv-bS@0-TcH
z%%{<UYZb+f>is+uY@1(O?$$4E8G)gK+^Q^vI_AeeRbCxmd!&8mJC~Ma`cB>yK6GSs
z9v3ne`<k|WBu&^3ak=I7Sj_?LnQScFz2<McAr6&>$a~of;ghpY_-{tr!md}~U8<sa
z1J@<05m^Sf`IbdaSso2P<>Cf-v25(~y$AF!b>`)l;OfcapFp2JHmR-j74T6=G=I+#
zVF6oOXCsR#SNayO-Q(!QL*K1tS`PE&6{!*A&n}HjwMLbu<eId&t>If%N?Tu55QalU
zQ<+k2yL>=j&HRL9s*yrU8Mdwh8}|H|5D7(X%Tqr0(KGiRy=Wrg-jhd^7emA4te-o!
z5*t2`+pHIE?&42=`xe7_N$=(Mn$q-iE3^<r=f2E%lmHn4<8Y0_60gRGJJp(bGDDj%
zFamWt;9qY^v=@p*q_x?l-t=9w_17zf^?r0BC!*S9dn_PrxV4uErHus}orIjYz`F;>
zZPBS56HI3HFXJ{AE7DU#VkmLSDVJE+qfROtpoMesE1ZI_<gaof*Fui>-*jOZlXIRl
zEZNnsRV>e*n0wN=PHXpgXfl+|_@);>n0D<(uE#9_-+B~fiTdnXuMooTmQP26USjLO
z*V;AQJo23b1!PA*)@f$Ylm7}Ei_sf#7X4cSeZbBMgp2c_ni8ys(W-qJJp`O*78>%{
zFKgrt{N6oIH%7b(XpCP}WHS25%uy1&Evk(>1-Y-74ME~uQ1nS!>77SJ1W1q*hh2sl
zpGrO4>GSg`1*P6|l9}zB@60YL^XHgW7L1w~{R$jjMME0`9RcDDb#T+ikf4v!e))WX
zI#s5P#TxqdTL{f0^&^~7NgyU}*$u;;ZMfPgQCu_#lDa<S?M_SRN8JHM-*_3_rJ?%c
za(ui+E1L%`D&q8B<qq*DjCn8=-yg>Fbr{tz{ZHmI4C|-Z5ysI?8(4fr^*mHMA6_3|
zK0vtxXXBG;V4H2aMWc;$ZU&VHjC+CVOp6G*Shx`LhW`?2-U}P`Xhm-Ol?8|9n^wM;
zk_;q|39qc+Pe{N{U&ZKU2Z<V&oG54G+YgKn)vl6^uNBrwDjRqVP<Hfa!J&@AI1f%i
zD`C3<+_B?-mcyPsI}bF`lNY0}O&bYnzQc$!`LEQ`A{APUZj;-OFUkutG#FVYtL9HV
zJj7bF(tZG9TH*AO10lxx+WLs=w$<94byQekTPYLdvu_Te`_n58;x$K8TH<iw0l}eC
zE*)Q6vq9@4{z_9b04<q0fYe+KOP9YDdC+o7iqqx(nUxxRK~^iTix@`KhY{#UA)JEE
zyHsaJvq5B{EuEScjZ5c7T#U9`4wYMOTYbV2W?PamNxg{q6_hmW#rpS^q<DUpxA8TY
z8Uyy!Y(JJLgE~>Jy-bBD<rc`B@nQ*=r3X+QJK=QYU)Tn-)6f;-PG8%LpzuBW@yph?
z-HEMiB;Kn5&FXRyQvU1<4pN4ubp*Snv3^8~IBrV<a_5*3jxxc-$L24>BBbeIsvKwO
zN6ULI!F%6vL-Ut(%9Unm*jTd%tS(@q&&bO42cyN1hj>(CW7!?;`EF$$x=oXf7w?|l
z+$ia-iFv+1hGNvrGc|xci<YP$dK?$*XWx@?FMmXR5iln>QV9*2BhIx!Z@3_W`{Y}j
z%VHeX!3b)yLHfSm@sWCeR?p)WUb!vO^=(4jsDD&$#%sGw8Fbnn)fICyh8Iaqui*-h
zzrFB9<lE`zFQl4VIS0(WQ_wL2{!<e<7YLk{0|>5GEN}xZFfK((he5@R1?v{Tz~R7(
zridmNOZVh{tK}H32B;Qj6!|>F)KryY6QhQ`dSGjfFhenhpM>~iGyPVCa~6d`hGJts
zjYe*oCKG*I4C1NRcKbI^1-E=uT&@Lzv8N+>&{3Ib8GgvUDC;w`s_}CqD(>m1m<|+U
z;&)(roqG6;+|w$T+{T5z;MNtHCxN`Rf^X)FKjU2Lw)}OKS#LqlAw3HGd)!O9-WASQ
z+BMt+ReX2QlL0M!6xxupdUY*?$aVe|>nG4cANjx$@dfZZs@$fC(pN6`d2u^~+Nk!q
zgR_1KmlwYAI<DBd^?uOa3hPUnhcAvEPxB8d_h(%Blfsn2FNZ9&S;t;s%^H#W0h8U^
zgd|#M`}*=&tgya^kdGAKy?owUTSXePHt=J^`ae<=riEE529s1!OMsSs*vU#BS38dU
z%}Oe1Sx6ifPE#ZCiOtbuy#}JJIHN2eJBi7BD`9q9Dj$xaQ+#&h2w-*e*7}#Ap(!Dd
zrfjSY<WVY9voN0Z(3$c}F)i`>b1O2K6($8r@;c%^Mxh+LzV$JVI7|PORcXpfrl)7Q
z={Gn~+ApDUaR!*baRDHl)6X?lYe(}xC$?)Jbw<QTXBZXoPBzKgHGWfX-_dk(3QFd6
ztjj%pa3QBZ*i&1TndtF4ZcgaS{N0eN2X@3=S2=b_1)rUa3Z{L<{g>08?`~P(om!N?
z*O<xrUHrwaEQriy6Xly=_T%|I8DMKJX4#b8k}QWl*e*pE+)=#34e_#=&WYrx%?Y^L
zX=r428M)^B#wfV5S;dlH=TyIukC}*GMp1YZ+(#Y-Z!xGct#tm#*RpPH5x9}*g79ov
z2bl|+5LSJgmcWb3Mb(4(oo&**y!%WWVePuL5ga_+7bI>M`~G?^=+RY;YwL{r7O??H
zkiX_|t#_i-6gRF{7N9{vTWd2q;=+~wi&A>?>mp$xUpA}Vm8PRzgndFAI^@2DV(fN2
z+rV#2Ol23U6J`3=bclWI1NsaH>LD4LQa)D0eR3*?I$Yr^c$QfQE#;$LG4Ro)Ve6GS
zXX?OuOM$g6wh#*sI>fFOX#vs5S2%TFyc+J?Em7b!Yaz>{;OAFKhA6QL;YA&{uzOj*
zUx*Q`zoR%N=HG2UQ1EHlBgyC$pQ6uqTy&@K0~sx1^F1NA)3TiAFNj^F;~nN!7Cx3`
zgwlaLJl4@PW5yI?TsefF1R}VXYV*ub<5F5p#wSSIQc85tkjDJ9Y??73QWsAuIjTNe
zCPdptbw|kB!cR8p_eJ@y?8jTyR6x&uirF1qfvqdCs65}_s4A9(AXdsaW+WXea<2E<
z%U^XcTldoeCCUS%t%*JU)RX+fRX|&@+WsR{yc_ay@bx;i66s#j$wR&p^Z3UFk$a-7
z%g1y4&md%V0yZV=yi`allZA&RE-^$UY}R6QlxEmf3Qa4u1Kt+Lw;5%tDB9lzQVhBG
zYdr!Qsv%Cf!jkD0SsP@ZHKDoT$AvMz5Xz?Yo!h=j=}+t4oN%$6470XiBXlWMgfx+j
z@Z~MX3@K3v_o-IYMGT<X0Mfa(Vml-jBPSG^ld`paMuD`oD+&h=t`|YA4_3;no}u5=
zY7!q0h3{SouL%`?lM`foCg}naVx(ayaU{@i#qA`-i-_`SE$mr!sUnp+GHL@EQVxs-
zuhkj{N?)SIh2OEDwXgtMNwkO-e`9;51=0S{jRR8s6!#A8VUA;cC8QmH7VbMz6Q7FG
zF5s)BLot*%(3qh?<#m47EFNQdWF1ci17C=0ZtWT3yLq5gD+TUM;Ulbi>NPmf5{6y;
z=sD|Ox1-i^QDYm{t&n?`=If~JDQ^n3H>$6517}EM%0s!*$P1f6nNeP}kug-?Mpo&J
zXDtaKrs;v9mw%XOp;TT$-yK1s`5@cG_krePC_|Vwyc!xzNnD%$ao$#JL@Pz1JnAA#
z%nDQO9)1F&80l$^nqRw7`L&Z4f=Q}Ffi909U17$%<`8=VG>kn-+Cdn)ET)^DVJ=`f
z@E@yW;fWWcBmRVrr>Hx~&8s2;Ge-bVh}5C_-;0*`hWjBJe9^}~sB2p|iPbJX%{8A2
z&=8|1C7hbC2+~H9z)uUTo64+%quwdmt;C`o<)Mu8LRL{cEP$K_bTJ(@VVV|B>xai0
z;*)y$;#{6mbLs0-2P>BD#h(;~a*RLlY0rTZ%Ae|U$>usl_;P1m+snk}Pbd+S`wFYv
zuoLQ-n6fUk0dZ-a$MLFV`p9bat`^As)^zmivm(g7)?Peee!70Gw&IrQKUVNIIi7vR
zrwGrFK;*x@@1)`@tZ&aukm#8`3bZF4Nr00FF^#|KJQ`NEkdb9ddiIUHwr4**X);8C
zyA>tfkH)`q@XI3II*!PaaajF%Lr>Iu{i6T8|CMa<@jSdmW&7<dznX`5GP6s!_rb#M
zx+3x9{geGIgbh1CDhQtuY#hp$I=Alo+|lIVk?9Xs&<cq<DNvtAqY&?%3m{rWTz4k0
zexG}!lCd)Y9w01RJ-nbt*?3x=(u%20cJGpl6{t%oc|E_{UYG_b>~~y3t-mSiJif=s
z7LqU@C}gm5LXfi9WX`u)q2kd}VbfIBi@i<HTzOj!byt2Bw#`~p&XA9dR~h@X@ID<9
z>0dM^ZkEhMaVJ7oUS7>AfjTCv^qZF1ckjW{)$j4=qukL-Q8iw8F{bj(rg$K;8EJsr
z)I*M31yurRuDjD~yW?)_r(yWl1AB<IM7RggOneu;7f87r!OkZ*ztdnaqpWl(oYr4C
zF7QaAI{5o-UxV_~@%>M9@x><u%?)a0l!h1GgbizAg_Y-Aq=Q4RvGjQj)-!xp=ml@Y
zpP+IBlBu&7C}U?(HFRxHFe*B14WXC?3oTwaXKxDuR8P-C%Q6KE_v=x)gu5s&T;Uk)
z2Kok^QO15RVH~ANurt-#hOb+D?$iZZ1NDB4@IH!v(Uhm2GR{(Or!|UM)5&D*ho4y5
zKJ-nTbK>`bjA}Nor9`E6{XLRU=Yf!?qG^%P``h*ds4?2eZHf+;U=4^K8?E?%a{X;;
zsA~Ml+<-uY5!ppaM+i^VWjv|Gip5;rD(ZMd{o180OA|_tGNovx^3~9sm!L=@1UZwG
z%6QPg4$Jx^u3H$CT(iS~0}CWI&s&?VTAnV*G1vZCO4Givv&5KpLn^TNXxw<GTUB7O
zoBoF!+C)zXeo&lnU$^x^hWfD@gM%l~P?Vry_T5ylR-pzakOsA(H~Bv`OZ)cc?5p=F
z)(vi6YZ)c1<ZW9+Vm>NrtV+<SYdXp+Z{=+v@-pv&Thl;i^u2LOYw|?XtGj?bY(Kbs
z>}i@01_{l!z$)jeqp-;jQHX0tWnLU||7`q{UC?AoVdx(9g{SDNc2E{Nb+AljtA<WC
zHs#dYt0NrG0sUxlgf{u#4@$nIq(}j!z|TYry$-#sNa=|foAzd|xRJowBB6Y+X`nvN
zRN*orh<voA8nC~<y%J%hiJ{ocem&q%wkb5Fw#cwN8BbP@_#nD<(Z0*vf}!2c>KI=E
z#*>eOuVx1y_5}j(xs*yfNB_=yT2Y9svy(Vh2$kcK&XiN-93cmnN;u)lJCrGL2-E&}
zDBbtxXCNm1J)_`T|I!?(uvDe-dV48G_g=w+OR6nH<Gt52-D<#Ry{g6{8d)MXTJeyW
z2P9v>f78U&J7g?!c8jmV_1L)w6uJAn#lQGII~|S62;l9V8!RsEc$GC2NZ-=kZCrwD
z{u&gb2VnG<-m&igd`i^>K2}3s^*sQ`=gT^*qzCtZPHza5XJ&WDb=|Nw_lbVPdD&{@
zn^Yj91RNBRH(7`HpmdH?v6z>kJF;W_5Z3f}0;M;BkasEl%Hw+!-&i{r&W(k>7}5wx
zOh(YTG$M%xM6Y=R?1f1c7WrE@OHyJMz1^wcak=wkOMXc0Qwx1ik#hF#&?7(kt6KO=
z_Wt;t!(w!1l*Gthr{e!4y8avVQ+Z_a!&ZDo!26JqZ5A(Dc0g0-RqMZxu|_j!TbB>j
zubYt`i6yM*L!Chb&S-=0GrbX*?M$(LP<}vTJtN&LtMIC;(V13DY+#AMA~Z@<c(9WM
zGmuaFQ}zt5uyW1L(w~?xYP4>=IvQu*Iu!l&=eeL6ryJY!hj>9?<K|mKfVw>f+HTU;
z#}VQ>eX4~Lc6%$izl@gI78Q#vW^Xlk7f-$AFN}*n^O7kTP`Uur>9K$i=Fo~u0jSeI
zd^ivl%A2hJeb4Vzo?ZJIcQ#Rrjw!uKGym-S(EZml`tIuS(Pd7*xsOQ6(Sji92iwmM
zpFikIv0}g0zgt(6fDm^pah*wxlA+TTj-31nIm=k<%F|ZzBfXoj2w0J;mv?(%aRw8~
zf$Atb!pl}WoA`Kc_SKP4rNZSBr-b-a!V$*&&|uPW9ffZ}*U?@}X)|x@{UX?G72WjW
zEoH?sgj~U3GK>6Fsb|V)gS>{u+cz(ti_}`a9{)YK<Y08x;Z87*2OV^F|I50Kue`A-
zMBHsPS;?%y!jTj6@;YPUpqxEL1G9`zKVk%j1p{pwFU%_~Wg%ecU^p=J&F!@PP6=BK
zR$lb+_lEQf@D)X0J~N&@m;CN5Y_}Aj`=DBK#o)OpsLw9=%R}C)Nl9?vj|gR11&c?&
z{9<<||G`#7;}jWRX8i+FJox=K8It!zF0fWRC2SrH^xN&ud53o;C?x@Ty19C3eI0!)
z7M=RNpq75XVXDog0cn`maHPnHi&RG*_m{@=5MPEOTNx-O-V9Jx#>lAgYbtt)hRJ&_
z{t}`dy!w!J5C0R?%_e&CSxwN_$f&}xez3Zbn(Fp5ZTGb-E9tNKEbL7))<T-$<So7~
z+i`R%)sM7r`O~Yls`S+`4!B|JhHTF&(J?@FERd`uxfOn@@$}?%f0x&b#lcMKTT|)%
z`Kg@gMA3wAdD~O-Nyc}(+JQ-yaJ_qb#7RczEAi<1{mLYtimTi8-q=jz(s7c4@IR`A
zXcm2<4@fZ5W%3au5sP{_kjCz`8F7_SvIVG#TYl@^t&gfw#LbUrx(t;B`+1=0RkzVE
z(Ji>v@b}l`wBmj8vy)nN`a548!M7N!2YFy-{H|Jt{_c<6?#o|V(T2WuCE?w)MhgAR
zqYH3<A9|w=@SAOyOn|%jK>Y`2Y{LydEdz4k7$;_pjH0wcC+Xc<Xp@2vJVT!hsidhP
zNlYgLB+vHH`IPFD)^vbKcd3t(#cuhqXibMF47B?0Oo7AvZTs}!d^8vjW%j1sk5c$B
zVt$Za3skH4+3mGl`WOkD1R7q2?guNJ$@DcWZN!X%E~7mz?+XL!%+!w+Ky_fgfh~=2
zUcw?b3I`wfOx*0vSu1@SWA~l=C)8E+PD?q(Q-S_4&M1Qh^)u0@Y}ENE_25EMyXI-F
zVPvkDRk{56t-`p%LZ&J5N=c?)S$5%#`1pwX|Ewp+_z2_vkRF&Vt$GU;PyEBhc(H?#
zV1DISe5Aj4P*wBN(DDb<3^}hx)hqGM7`W%cpz;@|r9r>+n;NIOEU5L56552%K0gS~
zn01`a1xq9;>dX}rA0bf@<Y+Mz7WmTz(9=QBI|*i+;PrXa#<o;f?cl8)RXX{zaed;g
zs4mVIIob7o<Y@gCw=D0Z{`@^Jb;+atd}F|HQqr#~XL_A$?NW?T_ZtpGuGJ*z^wK61
z>nXvPN$>63IVq7_uCM(2idUAKI_HoFjy!TJwL_<yl#8*AL(p*;71I1z7@bamnCd@$
zL#z09lPz0bX2(phVfFBtc*V7jQu{Ao7MFn*{Y@O8ecm~LQPBPb25)gB+-*0=d@?~l
zaPxg8tN4&sVRsIu6f8~&`FS_6rFGF=gj@A8@93lGdo#ZTlL0GB!O}{*8tzt)ThF`|
z!QES7rY8KL>aBF2w#u=^lXX?}u@CUC`?>URc8D0{j_z~RRBum59T6tMfg=p*yJ;s#
zCfp0CQ9K)Y`x!`}c?b9t+I)dB*y>IHV$=mqr=xK)JtR}<Me^@tHOS4rd-YPy_Cnsw
zQq;~ajF#3B&c2JuBmLwzIaW6=x4hwa&#Osz87enHMUlrTErFlJ30M?jwj+VV_2R$-
zeJq(?WZ%u7xYED=>}vlmb~=!V#PS6@4b}8*^o~S-K<gKbxfAPqsCUQZw>S7y40DsU
zM4vvvHbfLgEZwB7tQ<WfZQwI|S)hKj;fsDGOQGk=eFIackqSa@xkiQ14_B|3{%|YZ
z^u#uwMHcHhAUj!W@9}teublDX5IZnrQ2B&_UsFC!h|KdwG#KO$%k?0^Qp8VS{YYK(
zM;e~40sEJa;!}j$ckgAwB-o{1Li#CP&rkL3fn0W3USH*r_j)%WqD+egqTds2t=wsq
z#$00eRd!^l5tBbEunOqU#ua>$bG%Ii<#4IrZK+@dM)E=b<fGxkhA%J_BkdAw=Sm(v
z%DBpxQDS|vz346#+*J#dY>(OSQ)R9bl-<aLRMd^&xJ+gak#{Nfi7YIjQ#A|(i|}1+
z8Y)%b_}Bb7{sm-&Ry^3b+nC`hDDmJweAtujHUWnFZTE#{@}$4Qn)(o+h{Yis7`{bQ
zkvFTj8dddS+io@0bWN~2veWL~3cLb;zDNF58h%uUx*XI3qiBu5kpv5<b@MAOBDP=g
z#*-vvc-;cZ?(_!5J7Z_ARye4*;UTgz?iW0oEM+ItiI6oSyqOy)yu9>~`c=#wWWq?&
z$k12IiBvv6AY$Qz+KOQ<G}~}xV76x7Fjn&(ySV;EnY-4*Jos9Cyp|q_2|&?!;V*O6
z+|2wt)8A+LU#NB6$ViqBG}k0QvE!%waw^0^S;GE`s$cKaL9fQ<0yF=gTUXF=^VnqN
z6y?o_(GQH^>z5p6L*p_%R(ei2yRBKVi=iJ<v<L$joh149%G+~$QR(YbaN5Rz{gzNW
zm6YW58SG%2RuKzTg(CT~j4V>v#Iv*g6{!;x;(RbyDp|w=ey*dVBdsIc0}G=&zPV{B
zIyz-D`19O)I|Ls<$rk~eu0mtp44UL7W~O}}OnXf~`7{vvR!ZXv<G$6O{B;EnmR<yG
zzqjv^cyIU0RiFT3?&)N}KJd`R?ec1g7r`Xgq&#u`_(`WXY&Jo;D4&tSMYnAQbxnPr
zZ>Q|kcMJMAmHJ(NJO<9Lp99Ijxt|h)DOsGv4-|rNhO)S=(DnJVNXO5YkxtV#6<WBK
zJ|l}8mrZP0FY<8>i2LuQT2Jw%FR}c5f88e?Sv|GRCisd|P<bHpv;a#Sqb}SRCQaL%
zVg(5bbfpS@)6rBrqLufW0<+s?9ks5oluemf0ur<~w;(9RXl72~i^`&d=Nlx6Q?i{B
zIziGZnpcc#JRIhKRJaQf>yIR!fkF`$$1xt97vEa=J>XGt+?Q{`2;*}en_76oA!6S)
zZA2rfS)c!pctRL7EHn=Sk~U$~Ahy&FvN1mvLs}ZM=DKn={HEq&bpc>oH1qaunv_&z
z?L8iR=;T%VqUG=Ywm)-{>lJ}?2tEFCi+i?ZX^TGUZg#2q-sNg&tkK<5*QgQ`7QpLf
zVZ`N`&O;iwCfzTMzU6&BzwN0<KV@gYNi+%q%!u2tpW=^}e?4;#9!c$Nk^AZf6f<f~
zAxBn9o66|CU>$WV!2L!74u^ni$22Rb)^QdFhwf}PnN&ImWwo&g)=BWh8xo*k_>ILT
zvbd}nnR&ifb;K3l<>G~b4GifgCW(BoE6bhFf$1GHTYJUd4HisM+~n38jp@P$ExLlw
zT0qljbd%RHfIQYiddMf`LG0Fefa$Y2qhOi-uMr#X;14L0U?fW}On!t)nlc*TJMXbZ
z&s_6fqxN8GjagePh^B+9QJbzMYH4aWFl$D3%7McM+sjRi?Lz)}hW^Z2aqT=*Z+?tq
z5l>>wc_K?)*XY@}8Cx^1iVJVVyUXa;&7cpMCSJb(9Wbh4sm<H;sbKN$SOkpfTmZ#v
z4^SAR>sWtdhJ2X%zy>KLiG*;V3^-=}jT3omQBzgE^f~n4UA~aul52!8BgQ$bY;UU$
zb;YF88GT#rR9k^MY%CHwI7297G&k?e!<<nVFoz>T1ZUh$fNtUvD!iHz!MaeP_L!%!
z*{S3YJqQqM05Q5-P4WmY`zOz@=Pdqm9DV{;(Q97L&J79?{>-_S=4HH(b$nT6?!ZKS
zczwKd)t2q0w|X<6aN5X0`s5aKh<w1Ht=bGzKahX~?d|wkpSuxcut|GglY^AhrcIY|
z@)3D2rauh%Y+m2~^5@5WZgw+FA0Ydn#uec}7(dO0ebm$o3(Qqh{st5z*HA9hl-1cE
z8XIDHLiNW=0u^~!S@=kV5u9CtL+hQS3c~z54Y6onI(PuB6WZQ4TUCJN@VlN9Ki)9m
z;sqdHjd$t%xld|Iu_8udml`(jAAVJ6PCL&5hQkFYx*tLo*j`uakYfELrIMgHgoXa$
zHt(3A?8WENS!(n(bSF&0*L5SQ5Vgu8H6*SC8~Ze4e(r(~{Hy;Y)l8)RVXDx9W@k42
zoSCi^Q)V0x;)q4g+d<vy7YFb1@2P*bF6XXVZ?kX>h6iI3XcPZv6@jEM2b*{w&gIK6
zu6y18*-YyuGuOww;K~f3pL;}9aD7`7mb1Xm;rm_n7!_!jH=avya>9h`dIE%yFSU*j
zVBTBFFVzSYYNh7-e*g8n%mKr<`<~|#HMz>j{3Kh~?z{%thlK|L#iLyFUrL_by0*tx
z-mt-FPJ^~RaJ!g2%-Uz$H*l!VfjuxiG*4^E!rUVqU!la0tZ!JEE*q%zBD@=q1{Noa
zVI^LjiMuB9T(a(mw$d~p41)(o7N<%HOeDTEot8D|U<n)xOH`0;a;e-|(179WYJcwM
zdT<tOrV%VmN**0rIqRALzzhc@I^6*rV7lQUuNm#=x0YA)E6|N~sh+0OT%DLxViccC
zv~x=mTP<n=o_O=?<=VWbvGDtkHpaa39^5~r2r~Q5$G_Fs!!81!;IFM@?>>qs1iP;x
zn?+L%i>wM)le3rz!!yPcM+k3uJG*Nf^#^@5r^D-ZB37aQg&7i;e;LJh3>~XcC)EpD
zsuObZrm^1}A<ocJyVbj4hZz1#$Hu=B+ek;dY?iNJ^6{mX?Y#sy6FS>OaqZ*}R=C$|
z?|rZea3f%2WnIkA-PPheEVibEz}ea!2smkN0-tKtNxLqjG*-e!T8?I<#%;T;Y=4V5
ztwcVV7iY<@Iqi>~Y+<qS+Rt(#mi&aS{(NMqZXbIGesAgG74ls7C&`8}M1Er!vd=og
zk>NJtIo}iYNODO9a_@7zk9V$MeYD%z$|FL|ko&+3IB@e*5}12__ZEb~rzvE4H#(QF
zfqDfTpdub52<h~V7P`0~Dm71Cq(6Xdaag%7oJvp@3B#hG0?xSQEq(GkjX(m9HaVo|
zv%G7|N#7xe_6=AW5s^F!o*!(BTGeJzt4W13tu8-)l&hkeQzmc3Bq~dR1hWp4L37&v
zt^Vd2{J{Yf2uc4=u8!3NGW0fn&2D7^Rq&A(MDTN9Iz|dykNNQ7jz-)gthIqJ5?2W8
z2w<I|L+MqSuIG~I(3S3m2P-SN4e=yC(9j2(1HQ1ob=Ix;lW4NHvN>i|3l9NM2ohMW
zNlb+!X*j1(ChL!*o9gTtd36L>{Ty6kCTnEo?^Mtqg14|cHV?)Szw0Z^Jm~P(V|H{(
zaWwME0<<pYYv=lMQ<S<#-o5;EH%P;;6Q9Bhx0%<QC%*C3%|RuKcSeMKc_2s{5g}~{
zvS!@ne}_p!Y+znT#1F{J(4qJpUjTrwvnp^s9P{qo9!o3D0_78Xe#^SwF7JSR@13n$
zi^<x1(W0U5NpxPzI?B=YC$P2)T`wd#NgaEBN+u=ojCb>Q-DZnzwVEQMD<t9B87nL3
z$Vb^F!s6uatbyheCKkh*omRuePrKxBccKg(xwUFn<-(czz}C?tkwr(ksz$B_3RaZy
zl(`y=XMgHkFXD3UR*+wugk7wAp;_s(zc`G`A)c$1@nx^pT>q_z>zod_i0AA+L&aZH
z>VU{;wls)|+t)9bN1=k!xOfj#OkNc?kN0Oj_MR6IzCXJ6dhGYqfX|ra{b5Au(dliY
zz1E^_^1=&wK>J<MGUD6ReSS68SW(@q#Nf8v_m1nwIpthNDzr3@t-cNCK4Ll992#@U
zf*w$F>D+)3^TgU_ocVf-#P8|el9cM_W%rl$k%0TA%1X*-Iz33b$tD8SL-RI>H~3uo
z`Qkv(73`g<b~^Wh7dyQzdl_+)LQwF?0He{|r0L2ApvvhUQn>dZjIkZ;UvBx7>J+qO
z*xx0{c|Wsmg&VX9?YwFu8td$LB-5DZ#~_PFyEd-X!0Gg)?bobwn|mYFx$tX<U`{1}
zkGS!5{>~<Dog*^)*aiK3!F~p!zO6Xx1^1Pb`gCIgjsVtEL+3&DRu^G9mADFYIsWqn
z-y#BsRy{FhK8T0W{ujcMR*maO)B5Or;QpT}VR}kB>7azr#G`+#F~T4XX+}Z~>6)w5
z0npEGi+_k2bx(9f`zu)}M7__YWwn+T05{#QlP%KL-;(;xo+^yeqR@;VG3Mog@ae;;
zFy#9a7l&=d_H6A%opPza^fHNFdTL)7pNJ)YT;cGun#)cQc*pm4oyqg9YiM+8^f?1c
zCpe<3^o(IXQGSr58dr)<yp-?@_%BBly-o|mf9+h;D1^%5CpMwWX>&<cS883XVm2>^
zxBTdDnWoO*3YA4(U2)-*&yLy~w82OK=W~#FlMy9v3#M~-@GXU>Ez@IgvLkad6a}1}
z2^h!)*TVR#8Hveo^L2!jnmJhC(nXuoca>X*c=fzWa&}Z<h4yryo3=M5_tx*M_byf9
z;j$A#Qc7E`U@~x%mh>mnVG+U$5}+7TVV`yuD2LXaE3{If<|J$>VZz5xiT>5b3qRft
zurKp{p#>D*&t!!9zt8PgYVRbN?Js>4W~F<s(HrMSW6|@PUGOYwTdYXa&2LU%SNn81
zfZWxHAJdl$gP0fpC7G&x26iy&pWCLMf=<7P0`FkcKL4&M8z9ncTx)ckum4rtn$#{{
zo1;E+bR`5un!faPQ2%8^5jn~mhvrIcUR1i|3sxfHa9(5iwA?z-isJ%Cl5K?}eQC_7
z!Qznb#>6@v59VoC9+AZ>poQ085)ZuGx|4@W4Wb*c+*ZF{WgYu<Y1jJ@w(^)KzvkVf
zq$Ky$aphj6wnOGB-&g}Ht!zj<Q}3XDuckzr?S{vE*dybK$fa6hb;v>=JAdB0%wSxk
zB1{7CPEL9}>w=^Q9f3qL3ch(`Y#J4g_;2@~qF>&3U@`OTV48W*fg?HdO{^M^wX$AZ
zoeFPz`c}m(Nb#cV)8?Yr>eKru=Ouduk0Yc+4^{y-&&#Z?#)gxk>QsH7(MOQSd2nhs
z7jFbd<p7HNq;-_^Vstn<_|E&T<%I944}r2)-F<eSd1Zt8@ST;(mf(<#y2hpjnN!1{
zqm*+yX6_ImHO?6BusCe5%^Bj?KL~<-iyZ3#i7tJ-*FyZ5F>itOgUTw$zFaH$EvC5+
zDKs<N#RIkQh50ErMo&AmuiucSX63yzbld=2-itg{L!Y8Ba(!JN^)fZKj@q<FrmTb1
zue&TK=U7-wKq$}W_%kTsS6Pp2cB_G<wE*7!&D65nK04I<KItWX%7*ir@Onp-uMLBJ
z@_g81ZP+6TR~5K1{9|Od2&FpwW78{rF!Hf+(-+ivH{O2z{gbg)9*ko7QJt`^l#zhK
zl&cdqkEPW{CSHanCm7*Srj%-`0?|=(;DMQic3#2Jx2Kl3+KD_+V3o~$bo+4|3h)+t
z^_Ow}yD9^H7uE(WlFpPV;*VC&lvXWI0766V^)va(n!oCdPgZ;4Ik&HC7E_mM*FLvw
zRcI}MPy!v+|LQNG`DkVK!)1mYQS?{-#c^f&vpe1zm$J`tv8fh+y&ek{?$1k0JAPnn
zZ0yn=W@fI#DwD^VU+=k-@cLTNJK-Ll^oF$#o1^Ze#her+H#yWylai^_T8Fotw-Aid
zVbNGhHy^IC35%cHkYW|V-zj>oN}~c#)MNfy16+m-40%O<#C7_+guLr7h)Ic$?$0R4
z`v%`qZ>+O+R8ie&aU&dG+u#w5z6&Jtboj}p3C8A>w=aXb+$5hD3abP%_>NR1CZ(-j
zOi!udtHVaVPLokvgR^~k_w?{GPiE+M7hJUQXzdZ5T>6Ag{K-3%u^5M9D?Pa9D)o&J
zCE-TZmJu0ongGcnLTKB;wY=eQFapY9Jp0-cq|~Zp+hIR(6H7MtGJ(l;)%mU+Bd@G5
zea|Jn!NRG#mv2o3ZnSV&Ok%zx#G|AB#IjoqR^0PA*LDlXi{5l#k)p6W-b{F+4kcHY
zMDUJ8O9w_aO>gh7g<lV(C&of$x6uhV$`DXz5-NUqsxD7pl!DI36U!K>1TXxy$N_Cw
zN<TvrkGf~t^aO6&q%h{SO?NA0q&|uAVw@wBT~8xgMXOM`W+V5skG%t80t}s9c2U+B
ze%~^fLUpU99e3VtgJsPinnIcin>_^#-|21zi%W2n{*F~U9z;SyP1aThOUf7ioo4L6
zz<IVxANBHNGSq)oQ+<48(P=t|HH`T=2LueW)(<)@c15%XB1vm!tu3P&C^UjgUzo8l
zHF4pcZ&$oT4BPYx_7`79*9%X^%3nl!&3={3i+iskQ<R+x;3rnwU);+Afv>z0E=MJ+
zwNFBJ6&+Lulu;kHhRKwMw@BqMp@R-%Ffn*=OE1uJq`uW}R7-kNMcxSv$81WGg&OW#
zBC3(NqGdMVv|UlO1bqzij5>vEG<rNbc;LCuc{V%+^|Q}NLsvw{xGO!<9)jFLzq^tb
z08f!~mls6q=$nIIkD<Ezr1H;wk3O##i@Oyt(L8Z$%i9skx^Mzwu6guls*?Y`UWE5S
z^ktzY3G93K_Bhn-!>ebGZk~%0IW(l&IGKLDF>LZw_kj_9Wz9obOI_X7ZZxNkH*I19
zn$r%^o-4pGw$!#W{LPVK?UzhU)pUQl6=kJ4bjmUzW1&z~bQ|nT-#FeICuWwId#@fH
za}@sIe#Ha1>iS13R*4c*H_*lE`K}`bpujoyWI)kld);BU-rq>Qf~iz!blcs;1u78*
z&_FNDSSzE{(rGj6v>C7Q<YqfPST%#Vefo~B-$cF#(3$F;07+V3wsXB-Ppk@H{Ny<>
zqC;uU>x}GxU$Wc#CMUKNVxbLiO$s`}FI^d)ZZR34FFlX)#&1(hIJS9(Hc&sUqZm?J
zSm+Akh6@YAzu>46_51m!xK*2W`^3%HGM6tq5A(H?)iQ=56XqH*t9;DRgX~T9{7cD&
zzfsVlBFSJ!nx1(OC^ZFZ^pR};kPr6>qzRwBrqg`r4@pr%;GwMe?1yWjlJ?_unaeLe
zECfGZ&yHT7io%b*;r$O!L6wd}7cJBK*hu5p3M~!1vs0~V+MV|xt{1(kD88u?Z=X~(
zq1}r(vK#sQSF{s6^ZBCMXtQf@=rP%YhyDc@{|W58n?-f@&m3mi;dsd3P^~+sfhV<|
zMyrqPwY17OG}5~B=L0ybB+D#1^G6IgBI$t=U;lBDbd7tK`>g7;h}9pwkZaO2)4kS;
z!FHf8t~6_Q2|0W5tbB5B*|_3WY^J-~#E<pQxHF&s_3qD9OoV>s`?JdBXJ6rKjpWTV
zulKv}Z9O8er*iaZ-trq#`V%L_WixJ9ZnqH?iNVlq_rqze*WNjoqbARaxH;^38S3V1
z{P4u@U2&B?>=(_c+>T?&{0l`o9pP7;2H#5GJfA;;Kt8N}1eR^Zo*$O_yVIbjcj~rN
zDj>-Y_vV1cp)t%={xAIHDnIxzBKMqU`|~?{4^~|fmvQS+Xx29#z6?+?$mvVO9&c>m
zWABrc|3cpdMnq}!WY@R{wuAX3BdZ>k)W?A8B-ME8-+WA0xg9jPjL{#QZ8oq+lJ%AW
zMs`}qRCE8lDpXy?Q02G;@w?Q{+h+*uIl?WS{vw#UySmiQ0qhz?Y7u`Hm$C_(PjJwu
zf5fa0&}r*Kb{g|PKL(k%7X7pH`uBHf?%KdL*KLD~bv(v=`2p78<DS0HTk(o+TP5iE
zyu$titS_bh^Is4<y~7Qk)dMSOU>ZGSZ6&|rV&3MIC~3p2DEJL|lHc$TQBU<exJ02J
zT&DjQE)z97q**bS_ldvZ$GX0n$q?jI7_pvwR?}erUew=f#CCg6?w;d6q}l#A&V|5b
zBT4d)ACmzf*mkAd)Q^b)08K54e_hpEJ6H8G_WOVLZ2fOmLjUBd9y^`~X5+$Fz!Hpy
zr4{oICn#84m*X%nr~Y$mTsV}?tbPHbGWzci_@8m#|NI?GE2p++J^NMSubM_RocxCc
zz@jhLiahwQ>w976`o?=t|8XSyzmlE73(orOTwmVDN&?`|1tt+|@o|zN@3J%{*5c!V
zon@{W#aCD#c^I%gO>s_ju=TlP!(|TaS_t}X9_4_+tI8bL(z$lE?Ed>XbPJ@7L%X#&
za{d=i8Qg&5Xzkwe$MMW2=G`20#ifBwkXvh}BfS|A{q!oFhR*v5=%gxM18ap|TFLQq
z`_HCxu|)p??Qib9B~0hbf4AHFpTFb!9Dtg|R6N*%f8SIRmvX{0WS}-;S_zUv)ve8f
zT8Z6&1b7p)K~l$k?T+)vO{N;%s1WyFQtU0VJfC~_BY(bG?JLkd!vA_oIdFS@&o7OA
z{(lZc`Zbk$czQHv&;J#n{I3_NKlpumhW}vIxjHmH{)oYPifNu%`*y!AMTE87sW15`
zpZtmFyaXW^b8e-DBl1tz#mnu-JKjqluisU*=UDWgd+((dc<;ueuXp{=chP@y4P!e1
zE`QUrnaP~rF!W~M9dj`KEP3E2n?!nEC%UnqM4X&iiD)BufcM%w{_T&|^mBVQuy1Rh
z5iI?map3>__3=1x)r+f1zkArt9<h;nvt8-a(~rQ%uYWlDkMpET`mwtlZ&ll6SO4GL
zjo8e<^}7{Uc}Hu0&sojnn}Gf6ZV^9N@kAk=@%mc?Jf<sI?o*WlJ-Ai1b&l<iiQ(DE
zgWwFFN!X|VfBu{Q^QU4ret%BsJ5dg}C^1Kc^3^dKY8#t@Z@n&KcTo2IZmY6DiVU~p
zqqoI7SpLD$i|T)DfWDZ4@HFZC`Sp>%lf3`@z5mnKbs&(;b)Gl*YZGakA}Mqo7!uC3
ztC`h!WKy?SYWTGQ^U<X8K+hj@q1P978}1H$#Qpm8|KeT1>DM~-NBN5U<RJ~QkpYmM
zTD*j=nVxJ*D4U>g?&cqtJN5Q`2Kz5u#_g{7e>Xa5-hs4QyGQ(EC_%5Qj#ad|^9U4W
z&rBx)N-aT<^UtH9OdCYn9zW%W|3W7JPXYE{-&YCv{ZJg(aga2Ozb|v?_6wZ^g)rm}
zmCefO%{jflf44Na_V4VsZo&TFIp66Tz#e68^<K`U-%qrdcWtjjlQG>7e(x3;iZ1_i
zb4KqZV9{Fpi~oNviOS+ZkENanW{#TS)@PtkbvJ5hEP!MkqOfnNYDznIEx>H#`v(Xm
zSx;|vkhkeCnfvb`XV>#h{=2yb4vxd0gQXqOsY=pLb7`BB;;*kbjM2{yX}E`g$5f|)
z{-0fkEnj!s&oYN&%Ye#tqAS<up|IV}J%1yzLjuUMGG-LNc(JJ)?2&Vy%}^lLBmq&q
z78bU4g)msGq^o-t>+p70n+tcHz4$*5jvn#n=WeLoZ3yrUd<v>cUB?k*CK|Tr8lv)E
z*f0kc^r|BIvT<F!ZO7(M(#d~}$ylG?uf$rXz^D%n-Tz$&6${)&T|1wvm-$B8YNBz!
zv>oa5AomH|1@KRZm!2jAVA;tejlT{8QK4(iYVY)snqJ;uiR-_eC^k@ce4D#-Bi{Zc
z>+?S!<m5~6uQi9t0mPxMu-W!4hps}@Qd)`vJS^Lxa@-{0>GbzYm`x%I?y$9Lb4-gh
zTH*ZNG?i<@Mg?`)FDUA&6qtC!P_5R1XZ1+3&OPDa2co6k3%w2tKN}+4cw~W6F+q6=
z?mlevz)ir+d(5+ua`#-#YFl0%|ASgD&o8U-AKG2U>$b9~TC%!3;O`wYswdudc)9(+
zHV(mJez@q^sXdirUJ4wSOky|XlNEj6kr-P{H0m1KWBJ$fx5qz&CyAMRXL&3X4wLs@
zIzv0x=rUdw3T9@f^?Zcp<4%x&ln=xn<YpvDWjPRruUtb*$$gb(2ov53X!Mj1e27h=
zFt+ta_oA|I9AkJ+ZSmyN9x#59eXg>Q6$s<??JjKWl&SeGa8Zw&1$tU0ph4&M=ZDLt
zPHSiIt6<<Sdv|4WU~m{oRD{#d<eQZ1VP{HtAJdWZ?$r>1VUtlHWm*rTlST^59HtJ)
zKb?N9W8N2;Ye?MiZOyaxLiMj&tjykt74qh-)ej^+87h&Rwky{8#pZR<a<bYTH>0K`
z{5=Pg<?wBtwHG-+)Z!4n+fcVvPfB4>6rXU+D8-W0vS$$NSN+xx=9`l1jZ9|Ru@}aT
z_ScbCzJ;>4I*?PxCV4iq&=P?mlW@}FDU(v$a+rDn*9p(6lG`)W+XZF{dtq}1pyU%i
zmrB{sd?Jk{y=yH?-M@Xdvw33AWq~`fX<!oi)15g?ql&kM<z*<ZXxz-38u(_aartU{
zyJXZ#@}(B6<9QTO#(7jdgq5#^w~=I{efDxC_R|<VZ3*EM2)kL!ph}{y1eAo};fF$F
zwh^~!vd0NTjp|Thxq1X&Rl;Lf)L}jez3{A=G!`zgyK!A9*O$WF9Ybz2La%h*A9N|-
zJ+fo>v_5+*|MH(4t28pcwHXlYj?vVlovBH?nZ94I{{@PPJIuI0c~i60P9Wzx&F7QG
z-Is5qlNclEE!K%Z96yFBdDM9aQg47gzc8sv2YhG8-XfT4&y5V*eU3^i7y5EHUSib+
z!}-*(2cw>^)Tp+B-G7R%u0+x250*DVUhjT&#8IjMj#p&t;ShVE>SYzqdxbw2V5Pm8
z$eq{imlxg3a~@vv|Ej%1RXjSF)w0^2@-pJI>_@AXF#YZI`Fa&l(?{MbpuSM1{t7Il
zd7Um61$%iJ?*nh!w08sbJm}<ckR=jYhBN?YFPH^KIis&|Km2}e*V^RX*FBDLIC33Z
zjwn0kb{D6GAB8<WF$1uweUFzL%ensA<+*rvTa3RbeirMfM;s5FssBRB64dz!#?+=d
zZh<46IPYu{d2UGKpm-1<Rd;~LdJrdMTNNuXptb0Y-<q<HZQ`kZI+G4)!+PL{k9hnR
z2W9PPtavBuFwd<*Gu-}M^ZJ_nC)-^h90PS|=Z0D8#{D%}EkqM)ysG$#@vO|xER7Gq
zJsqR8Whf%5NPs>}8$LWgU_u9aBuA0YrD5S&KPPem&zFNc9LSufnUp?eU@9%(TPw+9
z)c}vpIoZV{{ba%5(upz!q25)rWu^1jouC6G@*AX4p|Sy$o6%?ja}hm`PU3(m7wJ=n
z`hmFGzoqlE_aP!a!ra$z$)e6a8vFDv0PaP_-;J6kq98xpfS*8=a^j_Cy4}VN*nqDi
z&d9>wj5h=<E(s2>HmB2bmJk3bqu0)<6|o8+ZVo=@r>sxhU#ZkcMbN0!`zTnwg=K}=
z)kXJPXL;K!Ok7ZEwG5RpsIwv}`F-M-kLi7I-oZCzZoNNfA$XnDz0z45(3tJQBm%Ka
z_d3M*RL)9}#-;ee`P84X&Vwp|>Maq~t8*B1Bw*<$Qh6c1Pon^IDkugQ1szFQjPl(6
zIC$97>SF9D^xqHW?*|y4w!o5`K{q0%z-jBv^;;+D#|s`70SpqLO6S@MK6YH(N(XHJ
z{xL9P@o+ld?Iq~9`{&(%Tom8z>!k?2xqU!Wn43ogw7HOR76m%N1r5XPJMK2F&3(6u
zUTyj85UazdJVRq?R~&mYT7w@--FTHZtup)T+TKZy=TT;6HC|a@Un$i`e68Gwkma>@
zXu9#}C__x;gl<tQl2^%JpR_ncy>(JEKEA&V;xFPjRueH$8>A#=<~zgT(ZXTmb5+!$
zA{?ouL2??&Z_cHT486NYDn3~29_Jh@=Pnra!>%hiGyIg4PpGOLI`JkSyzYy8q{)v|
zr4TmVjgN}HPutCaWS<Y%R)tI2epgQ@eRMDD(6w;dhLjexH*!lIDB9PEyFJ`8x0|Ba
zSoM}mo{Y$FUrocdoR6lst!?o{(wvU~-WhRrtu<d{y-lPLlqq8ZpD43QF7_`r4-R6F
z<5w9}7S9}$@(^kQZiomvwL9Uww6aD}%k;H3S)edjbhe8>HBhlB++?xf{L4^P$A>0v
zC6uxH$6OJoq=o^?8ieF2Pkv1UQbxw>sO{M;Sg)P1=A%M>CBOCcgWYmU1*j|?L{}bt
zEt5@1JAqmtDfA0WU3agjE<O}pKrGPRZVXz3n{e~BS^U9UpEsE_tU4F^q#b%jzG^qQ
z?cGx>29LWzQ5vQ(ftOBg+1&M@9*DTbsKz#926qdQEz&LEn4KUykWcdF7D4um?gZH%
z=}$&T&F0d+6Z1MKs#Wj<Zwdfg+&*iXZi6cM`eRKk*mFv@e?H_L6R<h?I8B!WHAZ%0
zb4G?_v%XwbMh7R~h!CKo!j9bt|63dV(g68pKvc7>PKLrgURc!urIl%Yz3*S-Mo|o%
zgzgvnS-x6ZIf?nI=d3<+f=SrKHxzkC)ruW`-C7GU>!h`Tpae<V5}t#7zAYnuqTJuA
z7-J&)S(%@=vRt40+TIXInOj4D=&@*=dez{Bt$5#sfEE&0jde6;Dj!!aSq(4XZFotG
z<62U-nsK~$<XFjA#xBreIcd`ttILZ}rrnqbbS&0^^+n!~g}?VQp%H!-OO5$hFE9m*
zj&1@v|Fl6h;6Z%?1cFy!&ZK;)$g<c9(3}G5JY}3Vna2XrN|F@+=H9p;>3abq8~%P|
zyYzXzz|qq(2HILVrIK2R;0U?q-uL}8xgv!b+ef(D99%aChp#-gpKPxDoCPS^V8!!U
zdjJZy_qEcjMB&F9uMYl!WM2i4Y;HG2!Hr5+0?r{@(x&Eu`ONxbMZGCKyE?YXGm6tn
z9Q-=@ese#sDI1C*Nwr&4U6};xxQG6J$L^B%C-$#Be1aHPs$YE^q0m2ravtNFf6k<z
z6>URI?I*u4AtPAeBid>_J9q6sA@*&qLB4Qlbs)tnkv>6L-D*u$aRIWXi7S)lZHZUH
z6oDWJGO>GEHdxi~jxI0z(5Gf0nN*dn=^9VG-pA`Xe1Y|s>g<3If_Lgw=c<n<%-)|1
zvNN@?G@E{0c;%zhP|0zYZ)#Dzx1qGnPp~(6ctKuv;|@7$y4u^%jpn55?L-EcRopq9
zKzK$E3|#DEvTcp>kMS9{hqotSvg$V1eA}$~vl!pvbtUcP&oPUh9aaO`UM<epgHFXZ
z54d0(>dm{8z<NgC@l-rQed7UqbNN`}M)zT$6)sO#N(trtd@q6*{+ZK;jqeah3ZXC1
zcZchIV~n=FPO}LP>xNPr?)O5+P5=Ot3%ByB(RbR36Yv5)eCdft=v1@by!O}LP4%ni
z)wF%h?=W{J$qodbXZv)44ZrGLU55QM1QHm4hsV&h7N_YN>v$IvhExutrkk#vmnrjZ
zipg30M;rvTjD)@}s9Crp4^WZiPcUu7@biN60Dirxp<qJ7&np1^+Jx2sNa`<=K(@{-
zKt}8SDLVT0r_*B208$A?<4{zn_K$OC{xr7~cM5o);!8b1qAuRFMFVoLVDSmFok}LT
z{}?a(ROX47wjs)wE$Ud<2~T7D36<^oS1DHA;@@a|T^!5-&V*sK{zeGj2cde%J}Xhp
zx@0ciU8k-%hA&6@WU}q%`)ICI+YOq@^(6t=Kr$u_QZGuTT~y`R{)HF_wK~r^gLS-N
zGHkojblMslOJzN@`+n4t*?dQWl)15ef1Q9KFfmxN?w;WKP*~ANL+>pGDRDZKvDqX-
z1*n!AK)@Y8+Ny5_yMUZD3_CraSG8_Iy8aXSL;-Zc!bfQUr}6r!lq5e-t>D(cli3X}
z^K7A(i**fteZqdYl+Zfv?wdpC(D;7rXpse(^J*F#I@}Ow`h}V_NF=QZrF}eiX8P$!
zsga8?K$|Q2BiS4voS5v8TGdkOfd7ikxwEwviC67^Ju7-yRy<3*wY~Si(Rb<BNXJJ$
z`O6|Mh42Lwao69iOr0)uo!FCj9$97-wj|+}Vy_Uvqi~C7mC6ZBc|L@$&tq70H!XT|
zto_l&4@DNYD4{~Bv01crjE=P9^zy@N;gLzezv|^7x!_-QYG`G!Ta|ma)-&&e^2T1k
z(RRm0HaE_=atdfF`mLWVcNl9Fvd_EsWDW_$VRSM!=@tS`PZ*E`4nZEmxC(;&T@Z+D
zk{3C8<ZUSK=)R93e7>r@7DW%0J5!`aL;`D%fcMH)g;{`ygEO;&CPDTH-<HTUjQQ)P
z5l3Tl9A5VAAyD)rygGbpuHo2g-Q%x4w=~K~wWnLe25D2bxCPx*fmKX%g%1n<U$=2S
z!=(Lg6~X24W?3DN&J>f5@`kh$X>jT|PPm(E-TCGA3j<0pyCi|pT^LxlIDqk3rFJ(Z
z6|~CJ?k<J^*W)`&h);h;6M&qC3s42!Wb<`JLHYVvfP@qXasBg*SWyL!i1a5IC9**@
zFYh1=ug+f2Uti9dG*I2=C9=)yxiaN0xwm*2tOaI$nha7ra=TNFkHcK?&FhU(fY1)R
z2^%X8@=*a~$kGbq$yZvDXR4bAez_|KWdj{oDA@4Np$Y4sp&$EA(C&&+s9eAEZQO70
z#?7<O+5E%7+2rF<@{0ATX&-Sx1-)xlVQ0OVs_2%y6U`D)56yq>F3rd&@hD`QSdNVc
z9|0HOXKSa(3+z|Oy9c`sT9@Vt3mg9*dv6{Ob=&`cpQS=V5{j52WKWcBm<mZ*vSc?x
zNJ92~<}4veQ;~fs`w~O;b;^?LG4?fN8T-D>dLP4iUcdADKCa(=U*G@le|o5g#`w(f
zIX>^>{eHckuhzt|3fGww5O(nD__#jWno7@htM%T~@-~?$CyEt5iHV29IwDvJx%%06
zsDl%+_plc~Y`?!|c0?I_eVI)$b*lL=pr-{~BSBwhrI!Y4)Vw<fZ-5MqbPJu=>U-H6
zL<aqW>o-tB;H;IlDEH;Ab~=VgEV9Fx42o2*7OJt!L>rA$GNv)Q>83AfQQmv*xXeiS
zh_}qRS*X(`ekco&2YbKa`RFlOYg}km!CVUD1$q@>dX7Y)V-1<wl&`br$gZ0{E{R4)
ztLRmehB`-f$pNv#OBjJYBymkJ>tXZz?%Y8DLU=iT!?@_-r>#lj#>2%SJULor<1Qio
zNsg>zyJM_01iYUL<hn)q^_SOX%uYGZ`A6;sj;jGe)B3qrA?quW0*v|kS@+(Vls*;{
zvnX-puOTd7Og0<gOF}VnrfD%?^hY3oj9ojM0QM1VjLcZ1p4OKpv?Yfk+(+xANJV3n
z`|e8}*M9KWd9=utsu-e)-BAG=5N19=17@%AYI?IIZMAzD@-3bJWvV8YxDd)NZuSBY
z$M_Ysi*9Gyq4M293<fFk<>#s`qGv1lDeWzdMVSDykpvyX;XUKz$VinY?S!{_5_#~N
z7T>sW#~P{R1x6}-($DE5jaDm$m0;mpp)~5Z640GMCgD$wJAV>)+F-tF?vZ4VKl>uH
zZjE&;ipNH7JOQ~-xAf;&fbI_30+aNe4juHEUNt6*0mdO=q9SFdW%!MT>{^p*hgRw~
zodRe0Ajg15D`Sd>>SK7^O=Es+L;0(>mGDM61*AlE)@EN=EK}PtR)H~(9mSrkE|F91
zR9*Or>5vhTXt^Sy6%;C5op?Edb=tm9-eZ{;TNck`##2D-YTbI@7^du0Z<Ips5OEej
zu<KGtW*;Bq2qN;)Bx<|i9-VL=1Zu=*7r#=zAufFHJf)GDpQ&|rR%l{+{TTrgnTa+j
zc@OddOdal3BxWs1m=AR2Im{N|AwbxbF|k*tNbxs!X=nJc!_R<p22n1pQ6k#>cg*hE
zX(fMxsZ`BdcTtMfyr-B-WqpuG!=wgW5|QBe<fsj~;vO@{*CL_Po0+A$Ay7IiD~1ui
zlC<=E<-#&W0dz?mN56dN%Ok+Ou{AAjl+R!cP)o*(u&I#aN|WzD%-B}IQCw4rLWI%X
za8<%+8s+82q5&m3VxbAQu%lhxDZzwh$F2kKN{6QkVb2<na0k}VtO%zOq?0)^leF{d
z8CSnWBU=aBo&?B~4kcGdw#%;imk(#GKqAO@bMv&4#`|PPh75L&HpzJZ{9}0V7^n23
zi%mP?bk6h6n5$ze8uDIY*EFVE%G9w2Xk%)VucS#Mg3PLY@tVk|0W_`KI{E3;Uh0#l
z-3S-H0PH$?k@*AUMd&LdcWR6xRW|8g`;#8v`x`4RyR>mx3wh;3t$wA*ahGajPWAD(
z^JU=9984ez9u-`5;~!Fy_#^+i%Ef~%(~=cT1qx_5k9e=~^PH<TWO|G1DrmaN(^jth
zQrUY=P~-Qr#>`|N1FgOE5W|H<P25tMz|U)v;aMINH-4rki?6Lmo^rHI2_+>Y=kQWG
zkNkjX^IZe9zZbW05)Run@_nFBb6%k@PjF4zl65@kI*hcLy7hJhv0X7lRgLbN!AQR)
zFuOPP=f--yngRD<!u^2;>aqc&8+IXc{Z|8GlrQv^8tF?`q{7`mF<>>z_^ufjruBTW
zH1kVlS)udmLN>viV^C&|U{i$e<|2R4+tSdX#oyT`w2X_+ZVh|+`<q#^YL!1_t&XO1
zXVfeCw25)(0ON5EA>BxMFWfETFAt+Kwc~cL<*{(X@F{)?)`fE~S?Zx74D7-xM;YL!
zqFiU^^2!XNnr7RQG^=(N*AsFLt~n3=?mc8<g3w$aPqA^xF)B<seb1)(eXo?w*<t)(
zce*=;hS|HY_{#4a&5xNCFBaK0X-ykba;mLEwv%R`LL-qj)+WU1Z`}&Z)p~KY0mIjZ
z?Rh;=EXnlDNzmRR6L(9^kLXGezM^g1;GWSpi?YYJFp+kqqq$!0_~iVI$yA=j-QeS2
zm1@U0m5~#6=Tc*f=OR#B^(>~Kud)<HnxJB~o$<s%c;tL9gaxA3v$kk^$hWH0@yR$L
zDMCDdwJOb_jK_5d&%n`8Jgb}tXxh5u!~qM76K_C*v+7I=fc+M`&8BC+%JV69s%jtS
zL>4&8bVIJ<8RcX*cg8ug+%lOal~a`A&90+21I`rt@43cZ^LRBY%Mfpz(B2AiC~Ai8
zRikJtLl`0IppAWAoOQI)lLgMYv+?O;s{>jlikDw$4a<M`2`r9|Q$0pd<z`G)*y86E
z$hA)Q2iIaQ1I{*5S`Qk{;RB1-Tu9~%YI?MNqB$wJ${qLcZgtA;JpsM%uTzqVbdH17
zgWKl<GCM>$>r}MRo{6*50Uw7y^%;KzlngFVZkK3NraeusN;+OeR;NlpNwQ^$<!_o>
zKN~~31R)YV+V2)ZN64>i2wma$vPy~;0}F4M(TAOTB;Jj}-@lvTH1l|ulI7o|^g4M`
z?;e3wAP4Ho>1a~6nT?8zw0N_z$1#7(Z$?v4DF@53OtE%Jd8{`C6rM^LSw%fU;x@8E
zhwKiY$Zt|6m`flhwjnMEO#-tlQ)WM^K5nSfB_;}nCA*bAi+%(Hk`xQwJkO5Ka6)JJ
z0?5wmJfV>fLwcW`cU>m>$crT~&V}voGr7Zc3+U=~&QYI!b62lRQtU?cAytleGC<iD
z56wR$e%-{II{sR^V)H&LAmq(DRoK&@mNUAjm1=9XnAhFN{8SJ_V9MK^a!;|&%%41K
zeCPW&sgOA>aSgoolkigt$|V*-UU=%pQ-2LGM$6yT+V9yB>L+L|d0E5ADWDV+*N{$X
zsZfuwb<f;={tjZbQY{tw=A7K(d~aK#0y7X~-1cl+i#D739`3<U{!d$u{E4p?udh1x
zjbH()d#qftJ}LLkxOeKN(#Mq2g%}Wn;t(42BKC?+WG1(qYveY4Cuc>_tkU-LRCxu;
zN!~m}-NLQQowVoF0h9wsvZ7N&#aj~OBHAcGyp2P_5YfExla1)L)eV{Ota+n}uN0!&
zvp3v|S{QPv@{6iF(#M=P8(Mio;fj8{Cv+{mMz?rL`AIj<vS$_U6jD?&*L$BM$EtnO
z%!ziyav2<`=+>TWyy9ZyV*3;kTycD1vwsth!^sy?x|(=6QpS3+>F%3BJ<c(|4+74F
zg??R)9niHmIO`7ziAnOX2-LzRGAY9Q=ey|Jkr1uuR<y|%K#OMyDZJNP`GjQ*CaCE<
zTsge8^k@u}UVu!ASM&G51MbXmXV!RJ4-Q-B_vFH)-Jd2Pwk?CLH9A{!FW2kV#vh-R
zxC@sZLsk|L0e*fe9_Pw^!VKyZrrP0aM~CNn3In5MzZDbXep>*@ZM&%aaD|&-;VhGf
zM8QYDkk#_mrQ7UF>l=kOt?Wr1#sN9a%rN5h<0DJ!<3Ob|5xXXDwWb#F9qp6!X-%ID
z=shCUdNz#BMPcSVn)SntxbI3eQ+_>JESnK0k7ucJ%;cTs;Sj_uEV#Vu<lgu$Yb@}&
zPK8bT<M?%)X+4f-wj)VVaHVV<Ic}%eUgB7`j>KxRWvR9rtS8ndJ@eh3TaF9Y;yu2z
zx0FG0I`R6&V*mweYB4|~S0&l|+}VJ|DO08_cxvgI<B(3p`t&sDF&q5UztBMEB`HSH
zT67**Wve74`K4t;-`+RyJ~<<A4wC6W$|GyTQn2=mAAQ0DQ-6T^Dmt3$UtNlb861#J
zAe#7~+5W>z4LsrCBM}%krlH;B;3-Bj4z>}Nk$-|1E`A>+Z8ezH?$5V%0w2WGfUEf(
z<mjrJjp(BuMYfRBp@9*+7c@Q_t=aB9dFU1;VR{Rj!S83Bfr0Q!esBwUlNi*$$Cb{p
z-jOKp+dDpR5{u8|jG6KDGlbQtpihJpuxJA8EX(FHR_)cJL1{7_YTVNJ#ayY;+GG-$
zW;x=)#FhR-TS2sv!^MuXdw&Kcf2bmDS`5&$veuAnmXN;)0ff>e_w?0mxB-;*%PZ!a
z-h~Uu%XzT)V7n^!E*@uyqOS&>QJEfIB>$tXOyqk=@hXCRso1Y99}cluLj<_2le_B`
zj17q-A80%8&=GL*i0Geai!JIYZgzk-$3#(a-8-mLTgNJqi+GAgvPH(Wn|CJ3!YLAl
z4r7_Q1uY)Gzh{k2+=Rt#Lt@NerGt-=vY>2oHX#Fn-Qcm3gR-g4Gk(==iY!$_&LHh%
z^dswDghpPlK6d}eVKM@Y^)~xnxWH#)_BEgI?=Kl;hCtaw;}{QAdU%OEPu$K5NbG!$
zp!+tViKd1KIQ7ikuUuHJn*QXoq1ym1{E}7#&v%P}t0hX7Ti?-#3!b{JzP042c?(Ga
zh}$e>1X6hkw#IQI3%vP=oe-{0NW?bi7Q{zUp6+o&{eO<zg#93od!}uBUCcSJed9i8
znM}Wp)W4PT02SKY+}xokFw-0ng5QB$I(B-o=If<j85lwBq_>G>#Kr=yyD1!h$eiJ2
zIv9+v(r4{x?_Nj@demQ=diuJ{T!};folbw@3|Ff==a!50!_1q~#tNptGx}}oO)9fb
zKb@u3mS}7B!)A1Su}RLJBa-8;Jt5wD;`X%%p$H9Y643H*<x7~5aEYhW_J%5oOYk*B
zzQqtH6;<=c3ilh%Vi}M1EK~uMHB#Pv?l(Q`aoRq{TZyzuX%;G$LsWgY;afX8WzK<l
zP`rV#94eS_@10Du%-?^W#Ye%)77gJ~Z?Xu?!@a=&(W7?mcutQ9{e+JsLltGiP7e$Z
zgY+_JlTTwYaqgW5ZYYuJ?-TmvyVM(u|CE)lwn3H=qx8MWyAVk0;}aZ^zr9fxkE?$V
zVF)%hdt&ac(>#Aaw;{xgHR#NRkc2xriV6VlFPfQwt)J&^#gnfu7+9u^R!l@%L=Z&?
zgHmc>BA52yJx0k69bq=+18Q8$#je!2m>E<w2)qMg5w2-@ZK?53);ZDV**#u!%9$<q
zQ|9y<j&W6^RQG0|eUtBmX%j!s24y;!)-JlmDR`9%avc!4cef0o1fNFfYQu-(&QCLu
zf@@ue{S=DhgFCchnhxJx)>pigah(F1ecim7AUhjpT9k`C+tJjKOfmJf_oa~RtsWrI
zTkca}0~@dL(-yvvp)%`d3nna73#9P*jPFq2#jI7{&3K~hrpVfwZE@7o<Z-8=mG56~
zXKh!Jh!b{f`!sGN#ozcU#G+8yv)$X#9PDMlu-2;=^03Q}eeGQreV2CWjhEQNVj0up
zp(I}tz;K)O7Xl1-<anq7VRXh>Q)Zx)3%3y>NF>{_uuBjv`@6L{!j>G;cHG%tuLiW!
zXlyi6o<?aUR)uE!JHNd#V6A}s%H5LU=SufmoiDPyPEN3|t|3;+?kCV1I%+C;ubu}Z
zZf&Ke$jh&4zG$+i=)$`hI;|JmcR((}hfbTZCdaC0H2Afgek&7-G<VGQm6^#~;JGVW
z9q{X0Pj=MaXd}<7-a3yI@DqI-T=>*Z>{J|EES!!CgIjpV&6EjftiI%^prm{_IUwBi
zA@Q<g*D#nRy0k`#r7$Vh@!g!Ulk6V{!~Y8sp&(75(tzk-g7iEEA4Mi8`3-YR`9`V@
zv~QQ$W8ouVK6{r31I`FAn-Ql#K^EfmC4U#VV+W@kQw`y3-uWed!C=Q4b<iy!G*Poq
z_H4jlgA$EsPl$vm`j;={khrvD%Z68Sh=q)1wRKC#;v&TaG7UIu46pp&v)SLWJP=(7
za@P86F(t@RW;%0ryqRR@OWGn^3sN^OD!1E&g56k2Bj;Mc;9jXD$8f2ir8q)U8U>6?
zBi6u+0dBW)@Cj-6f!lkM!+RUZFfbM<g>1RV=39Wl^Bu%yJ7lud5!)^0nK?<aXjf}|
z@&J(UF}qer`NI%%5AJ4>1U=VYSi?eO0+4gpWPQjnr4|}kaEnc>6K1OJV!ani)gA+P
zu|CyZ45lVu)YUhWccZV^Ma5oz=ki6iu=Grf2<U#!i87DcxLgV%X2nEVMZ`os!EZAE
zmKON*f_^#ylw_YS*U2560++!l5VB)kigNk&@q(-TJ*OD=N8`8X=(Kzjcjq0#X|$$C
zwEg`7G10OsHUO@n+Bb$3`pmnBu}e<nyh;|7q481Go!vmI*WW@3Mjqh3XEAqYnXDeH
zy)^t%lH~pVaj);q<#+`<CNZPSoeSm1I~8ad&;63(ju(G2`6jS2Olj>nTIRK_MzYr3
zDA9HK4#t{ua=JCkiLx$rQga`*t~d^4dGGeC*PAh~JRAk3mwlxTQkJ`D(QyMLUwve)
zQ@H2nLP_Mndd!6>vCS9T>!m+ZhdG%bHp>&F+qPDn@(%VW-=?Thj`oo~DUcs&B@wsC
znBi0OT`6Xrfkj8=!fne#QeLM}XQf^_VV0OWBQK4EAj29t&)3?r+u|Q2oRvDs>o;HM
zg0#Ad8t*mUAqqgjTR)zTcdp&W`Rg|IILl7=U!>$%6RF|SIW}&wP;H^@o1?z)o7YA+
zShejtuwmKL?JmwfFQ9$dr;G;(zEc_N<jIYteAKHDWU4uNkn2wJ80ivfrq^I_qZtIZ
zeMZ^-(401|7uJwwM0dYxkidA!Gw6J~+7A~=E!!}#5p2UYN<Th77<ySUax-tQ^mtLv
z8g{alTVxs2UT6I|K8$P64#n6WS4Q`U9j0fiL3tY`PLlrR<HUVpc5kV4ztXbC#CJkw
zI(If5KRBn-Owt_5J=wX8f7luo?z<-Sd$I|(@=7Syz+Ugl7H(MESGAP&nCX;TDlx=?
zl8dep&%CKyTF}q4{bm~^!RvHcHR5t|^CLruq4?1m^dj9>fB5E}VxvcA%Lfs{MZa4I
zc<*jnbKhSMXt5iMLNThwAwfF}fFQ9DLdsv@N$~lIT>W?m(dj|B4&uC?t=HGNlke44
z&edI7kSuB6dSeV}Pg4%@uhER@gK5%cd<e%=v3wvJGP6$gcq@TqE!qC1S884aT`LZ?
z9T#e!BK(>PVsO{Xw(A`G^5$D-_#1Bj%$xlLiNzP8p=0FkVbtO~kKxihxc^qR$r2v2
z8KDVWGj$6)$%#*Oos(Z&;SVTZkx-;)^|4WaTI6N+X+z(XAAoSSdd{DbO*m4x$IeB*
z)BD@xjQ~k8jG|vCVK&YoJw|4L#7b|OLIrSI$ln#5)@Ft*`yP}^!=O|enwI;Y+fE)a
zWsm5RN@<KtPC^RqB;&RWClUeX2u=abQE{k%ZI9%x`FM>(bZ5xfj4haX%$$s+%U26h
zKj-&w&~oayKAf>-SA%%a4?A;*lJ}*vdG{H33Hw}&8uTV;@?`+nR<?2}#+N_<+gR6Z
zvY!Ie1ash>55oNQAfDxI>65W1T&P;91Tw4QIdq5v21iiV9&g@gDkfRQfzuyzw8cb9
zkVgbxEt92{u+@PsCc@}4GJp3E_b+a!P!@?omOJOW7_Pr4;59j@gw9h%06*;Wxp`#B
zj&h7em|#25ac8yQSLDMMfivD|L^9xbPg-*@SGrgSMw19T*tp(Y|Bk|Cx-!d+$-5GO
z<E;lc-Y(fomddp1|B>VE_{#>s<u*Ig%4)Q9xcO#-3f4TrWJHzL#{5=Nqv81y^`h|N
zm$n@V%WUL{5Qm>`B@V3t2ORGZNS{w4>!bQ&%haZ&G|P?&YabGr0-*x?>v1sw){EXa
zmftdxsumWK_t73gLQqQ&R-Qs{WBy~}04DanUnpZ*4b`SzpHLrf22%_u;b|v~7ZVq_
zO@Vo0XWiXP2xi_`46I=aVsSECEXWO?`?+IxCHkGu2Nv|_Cdj${z~Kf0b;p$y1CERf
zJCXWvz`goyVZRCr8IeSclfJwzbTqKE3g^6vi=_}?osmd?2<gI+Si{ilxpL)jMcuW!
zNl_l}!P<cMky64`F>$z&t);f*=AS*~>Uuu&-^1fy*i}L1kQ6_CxL*=`LeP)J8%5}o
z9ECg42XdP1!&*!aIh9UxB_`?pCHp(kad;3IGw?4bmtOb)zj+idoN0H@E}6wo#GO~;
z1b=|T*nqO0tz^(e=F_KHAg20Y5Q7rDyZyahPkl&CD;eqZ8&k8I)doSV*FmEFg=!yD
zw)(jz6W@PuVozywy;<GH!0b=$wiR9;tduPo=R^%LfvqT*By3Lhuzqmy9AVU-Jhw;Z
zk+=|SruMsW-sSa95TAy-30aOiliD?Umvl%D$}k6pPZt$u*FCd!>!!T1wmc|v)`m@^
zzI84KvQt`TU>9RUWXA__Uj(q01+Cy>rIgZuC@I(c0%?AFvMBv7E|7VQf%DDy2T|AQ
zN?Mr2F=o!&3Z74xIXm)L#SJYdfl$qUsORCZeL3hndD38sOzkdRcQFV@qdDl~9=d?&
zC10@XlpcGe;Ne{0xnyzQVpXuVcYjj>T8X>$Y}=2a#gGqOTJz%o1kjoL9gUe;i^`r9
z70b|Bxs;(dI}JJtY?HNx^Y_e%!sKVKCu%Q{e~PMVSlgOwv^vY~pv)=BxQ$jo+$T#U
zW=5=MhRB$sR0-xEV3{P8rw>ym1+;j8!{3A~z6BXZmVd+`7ndOlh_0d8Ta+*%m?Bzh
z83rnmAtYphI!F$@Tu5ap&+mq+Q^caJ%aX?NiY&{OW6A3sX`xnaLaW}x?J|ZbGh!w!
z53e0ZP1j4KrlEe#AHOO8mhOPY--s4Zym>_sYz_`DCWf5x<eykC>WFSQkJbS*XPJ-&
ze#G%;i_nET^8#xA)Y7D3zcf*~`e6gwbqq8Hg<piSU^d?Vtp%o|x<ACuw0wXv+wLq3
zHwhY#TF09=-6>dAVhJwb8wu8|zlH7|^&02CJOjf0e%PPQ6O08OY^b03M0S^VA%R!h
z<MV*#biE}tLsc@dGq+l}nje3h)u*L^r_Mp8^ojAb95EzFleR%W21zPOMzCN}0fZ%)
zB<nslY;ZVFGB(&p6rIckkanxSppwWTCY<D9-5Jv0h*Ki5@#vUdY(Y6yMFdNR$W$PF
z@sAbbb^t=CKgh=b6(9`jR5Asmb+T{8Uhr!0qpdr+9o8)0^UC1saSiY*V+e=m-cJ7M
zTJ*aMo8+QfoLYNVn=xG6Q%@8&0@7|VI$WzR%}aEG(@HqWicvgWg1(?s#V9+AMe99f
zjr#EiMDDR_Hk%($Ka3z}+Kf?Zw;gyi>O-tjBitVMo`OFI(gZ-{z6o-(Z3)XItTT#$
z#iqaXX})1BK=3tE@3?gxn?P_JqM*94zi})8e;m~v^gEked&Ub-lxhdGtfTf{zuxE;
z;nW_MdNTI_GT}JtE73*6oQ62_1wrza?47us`~<Mw1yjNlZU!K#Y%or0#X+G7rKX(_
zMaZYmRR7*k>B4zhrhzFnq)yXll^4qJ=hGLV@I#HavZlv5#S<Kt%OxW84UQQX*?vGp
z-yWUXeSY-jE^M~@^p0?%(V7<@Y0|1?#t<IR%lGG4rAO|`hZ5<){KUe{`LI1sRcpH1
zYR~n8zP5q-G2-;XcU~BKX5rTwJJfOmMC_>PZap3O`g5R#*nOU%;Ui;o(hvpc+Oobq
zx7WtxoZ<x$wI(ZKN;>qZyNWWNi;vD;<4#XKeDwHBFCQPdL^pZK5~=az)LV=@YqH=x
zQ_K}(uqESg>t-US(okIk5QBw!^#r<??Cw5qEX2Kt)-HL-hW#0R5@NSz)lV*I#T;+N
z_)>xrFR!^iLgMxqy+(^EH?+a*XYpcnCB<8K%U08(zx~|;RPiz3+x@PDb#5p<ODR`g
zo4sg!?)zQ5NO!B3JbHt+p7lE_8dL4~U)}EpE6Jc3HTVCVD15wB0ksnghv^YCTa%9i
z$Lt6s`q83SDn)gA+@6x2qz!5Z)Bf@CErvcMdVNKr8cr$jL(K1aeR0|$8tf!rRjR^M
zdEL5{l8lL4gkes*kB-<KAkIqf6$jfwpSSYp4Ec2af|<|she_pa>z)jcU$N5q)%C%s
z_fq0dxiYOoN+)UNtk>_g$JGfnOJ!@RdzXeY!@Mny((iITrl78#65Ix1OzvC>P^4_N
zI-yY-Osyc|z#+LM!d~M6DhGW_fVT4)8yTF@lT%yyQW32S8Ynxrc?Ay2hNpC(fg)?E
z(Q(z$h?Zfcq4X)&HL584gK&WL*R+}Rwi0f4fc7`qeZb9?!7Y+tzn##ir<98$em*~7
z-2?`eRL7eM^E-QR9QkQq4~^>YWF&0KdYgNk2<n#1Z9!dSs#@}96Noc|Rr%lA?_GRy
ze=<1T<&>=S@_W;usSX7Zu%uNoI!nEK+5f(KTRagR24Lo#U$rb>dA{L{C~rAwTj3It
zOzbwD1QR3ssbGs9Tq#CNA>#=jgQZ<Kh2C<Kl75`E>GfHFT=A{6VSYq}c1Gg5Ps2vK
zWVge0;P7a0S3j^C$kfj@F!z^(tG${AP>q_+nrXu`&Vp@IM+O}xz%d<aAHt_`LNGx4
z@F9bwQ)4MWw2<mE@y2-hV~IF;<Yw$qF&Zx}5!viJIO_DQ)+3t@un#kFVDnDrD5jw$
zpW^OZ3g~cojL}x%@Ops<18c-6lgzPOH%lzE`@?5ZJQkN0@T8SaktD$6cBD%uhFIld
z-JbiLGhF-r9CIfgnV2zd?p<#?!Nx$h&*X;qq)g+lla4VqD2Q#P2IC-z+sTN^0k@Iy
zmOy5MRF3(+h!7d)A<^o4Oq*UgcAx|pzfPqN2AV)G_X1_i@b-Jb>qiW%#55L1D)<V$
z#({X{^}5W--Ayb-?J6Wd|5gP#1oG(h?qyXAjr|8OO3@(9b*6<sqT=Sugh;jfAWdVG
zy@W^8auSHte}-+rGoU^jS-(l-Te_ey)>*n<U5b%rt%rN0Qf}}+{;Qo}Zw?0M^#iTe
zv=j6Si6^CtqBpg;hY8+XhHYRXvzP=Cb|Nzhe3lGA#13^{i`zuHc$dfuA%#D4VG18%
zs(dIS$0jx*PtQaw*nzgfp56q&p6RtE5-R~>cpY*F@42F_m=LjVWM9F%)F{2RKJ)>J
zoCs8eZ4niW%lr@_dK7F>sMb8jAb#`_(sb%X@!vC>>AsC&PUoy)qRtBCabIL+$cCkH
zz(gMAPH)bY1hNYlZjCm4J}UErc?!Rc(}X(Qz7z&##BchuNdha(iZHDtKvv_xZfdr|
zG9gU=cB}FFY5ZnZnoS3i$~G-P?w(^)OgnOb*7-s82brAE;OhHUr_dY%9*Ysh8cWRV
zN=8k=_D!!^+<=j9&fvnm>b37zfZF258o%qI7I5^D*AP8*Ryd=1*eSN9Cp<X(&P8^{
zjR(XJj-QAJ$MP1$w(Hp+Mf}4Un^s$txB7Hb-g^C-oPCUl!U!>Zh6Ku%(Zzws2kNfo
z!1tLDghSo#$LX6#U#kA~tQ2198&`t_n7w?Q6jjxqXDX-?kUjSL^DJ(-OPm7W+=VI9
zmebJ|$F<8spj0^by3D8wKz^nw1Lcg6u>oFV){%28BId5h;%Ib@(;COHXz?D9VLk%R
z5`^`RU|Z2Ky8AI_obY|_i={wIBiwL<ar%>Ln9?VdZAXDZdzTWHxN%wqOpULozC7i_
zX;-C+Oe%F49?Cp77$iBEnc1IZ8GzAItwZeJN8`@l8x9F}CSPA0<OZKG^wHPJOAGHW
zR<nHB>5UN7)(M-@{2UVKr1phKt7(>S@-ul+;?1Mgo#<;T%=`g7J&$^G!e0X-H*jcX
zX-6)~6<S~pQRT~Y=#X!UCtZ%rD}G<l6TsXBGM=O8V`lQ6^Yd$MBoJTzvs*j*2o!dT
zRzl5klFiUeo$uD0jK#qsdWr4Yx~E{&F#5F^;piQ=3Z`Ps=4%2}W<*Gge6<9CstKn+
zU4LJ494Y_Sn(Cbd^=bHOoWtRwU^)5no%JQd`~-j=#NzdBo<Ri!9uq{8hEVerjR9=v
znmCi$?$$4(_~}a;zx{=E{y@{N7uyUWPcH7UXc$@JiC0RJ_f{v1DI!<h=Rs<fHnVdj
zPuO-<{0^oCDNC{tevSR-?L$mBxP4YON!i0ozsYXEgkOdDHUtr-kn3pu5Zk!naj64B
zcM}A;xn{z#xX1mOOlvuro}J*Klf+GVKuCaMz*N9V4_Nxr`dyOj?XFW0>-C<ba*W3^
zALzmdLfd!<KoB57;HG8b6eX+!)wo#AGJ(N)6g)p0vPlWG*qsn3zw%Cq%#eft&dmsm
zkG=!bM^K16sN<(TSZGWqyfWT5tz|(4Iym&?02bB{SQw|5m3a?3X!P3Gf%NR?&8q;}
zT?9twO3h08B+DGVS)Yn=fb2H%PNq{Hm?*Ynz1gFb88ZY!)TvB-xJ0uwR1x93vy5Y<
zFv>)xbeLDRkf8h`4B;S9*;*BK*JAciq2F=^XaK+y2R4pNK(9B`fV}6iNbey@p3_u|
z7jV~%^SwCBD1KaO@mTQYA6lF<zTSch8U5PYSTO=P$KIc|YmLg2_P&Q4O?cZkDhivp
z)~0;r=Qs7PYKmqnCiJqlnj3}0e6NPX;(e9TgF5Wx3=X{^mk=QBS5(A0%vpY3*cWek
zrCN`){8<Jd@M6cR3F?x6XrubdoSiXxpKudX>BNO==^wUUu{me-!<~7@gGMCf?Y5ub
zcc+dXYM;$EJ;unx+i6_oDW>V~_k3w@>N`fPM$KtVv>M4+x<j767_hD4xe~C`D%~GI
z;Rd+PKy7^G<%I}srBB9?3PBC&b_zw2aIQCN4QB6lsjdM@uDG6OTC#ZxvHNf!i2IWg
zhR+fSrDIK0Le{CG8CU~@N>~NHR}yK9Vo^nc7;*EeX1zckGo3ZnFwC7!JlA79s^9l{
zlJ}(gS%19y1fxr6jf~3nKpjn*=zx9q?$rzU+6S85MdrHR7K=l9A)BR*TQ9*B=?FBL
zW_`0=^wR7!;H9!{g^#%^4k5wt@1gTEiJAoAH{{<_DEq$8vGBnwfT>w`$#%(kUi!Wo
z%xy;Ws^fZ`AwGxfL)>+F-20`XUvjKmyNAJ|+DM|9^?U9!9B6*%&1z)_hWTDJV-G>y
z-s(Q%T-T5@IaKYxHnh9J)B)j=_MN^T%U`uE$h-(pUy<IN^6c<rSh75KzSTYS*j=jR
z<cB68DW{ZS^apzsw}m{3T(2>Re0$QMy0-@<QPEEe%B9yD>cooth0XPXREQ*Hx|Xg3
za5s;<yOFPEvEOoh)cD;_6s&P0HT8{FJ}tm@cS>YZvE76-{w``+Bnz;({=*%;CDU_o
zPc!sU&McA(XB6Uwoi;Hs>(~vT0R^|T!V*TNhAdp&@ol`)oG{zHF>HJwm+JkycXc3_
zG6!<0jDCy3d$mN(o=Q#Aie{;YTg%f5?CBjP1REBsZ_k6~>Vg=0(%l3n@gevE!W4?b
z*Jr(q0lmUdLQ!J|J_a5RbO<<~)>An!sU)lSN+DOpD86`nB@AKVUvU#AHo0(8AcNNc
zO!(LYgsF1Uj+E@?W^gwXJCy%+Tc4+zjf)>-1?OSjG!9waX`W|>iMAI4>BqN=N#tCQ
zTy`Z}w<gcP;PBrF^5hC*tG<EKp#~;FMy@LFn}c?bDQ`d3zwoLf>dHQhMgoX;^Lu`2
zYdkI7HWqOugZFP1fahm#RRHwXp}S>L{DdF%WTfC(Fymde=UIAHAkrlB)s)ssh9)QB
z#3B?>el`cJQLWfOP5w-oHbG7Q_`c7^dGA99(6}uuqZ?2l%G(mQAeUaG2H8^(glC6F
zm8v{sTD8j=-4y&r1~~S6Q&nAs_vhwwv+qVPPv&-hb{(1k0;*3yf)wUdwRA0X14JOC
zyEwmLd}Sbk0m+f6&X_&<M`x;7>x6)Mlez(Pkb}eF>EPQ;c}z;5oUM@&8(fx74p`GA
z2b>7o;HJv6Y}-wBz*|d8_dI+YX?%}{Yq-pr!@`H4WeWdn<T5`h=s^J(U6ss+hsjw9
z85a3wK98}biLad-UrqBa3n{t4NUvjF71_?~CqxKnrd`c7+)J?jQh$+B*;H~b!*#66
z3mubkb&HRlH9jziachs8o-lgm41F&Gc`iW-No<^ThV|zqpVDhQW@7ZKW1r%^c8{Fw
zJAZa<<i{NV^+=I(v)y|*o#dC}J;a=hzzb<oRs)jVJ}YSKZb+{~FBMVHm`9+J|Ev>I
z%>5V-ogM<=QT$UUe&+#=<(PZ>)&5gqiy(n!UQew*JZJnP%YC4hS~jWmm(z@wSA{JW
zb?hx+z5ZN%`%cZbf?Lk2eA8ss&FZvgRwWVm&$5&W`r7Zmy=OF_*zEJYdw#G0l{d^+
z)n5K`?h76Ai_o)DwkekNYAs%==Czd`D>wM>!UY{U<sV*l94hW=t?lQM+3KNLf*Nlx
zV^QEr3IMjZcDMzyQAE`FZ$<158ld3?fTU#h+yayN>5{+bItxPiPcW-D6@3d#uAc1&
zNrq2g4}U814AHZKv@;RKyKWaD5~pdhiX=3Hk_5Hk^Mko4;`JaDn6F8cZ5x(%q95#N
zo3IG1Z!Pr{(on6q@GVhaV<tOaW$hy@aQX%e$PQ0J-Ld;?h*S8zn8<Vz9#u}V7mS-}
zcn%~{rOBF0JBO?WSw2(l!W8?KFh<4WG#_BLtQ{n@Q7{(yv2K^Z=t%;Sb1^EIlDy6x
z4zNA@`v~s$zqA9%!?|arY`Q@^e7168Hd$;--U&D*@+iJ%`L2!pds&?h!zgo8F4vG-
zf(<PkM2GUcezb!HfUP^a(fjEwqGo=w$WCYQ%XGt{sZ0xbjv6=)K@xd%q5khdd96nv
zo#j|0eF|aN*_&!?vm`WL3}A9FA#ZIi_2m(587z&YIp|pR><>5)dPXs_)HYXFHT^sG
z18c?PDPXO5#4<NlBlzJY{F-+mQ?=cXw>M6hY(?{I?SeE0kb2SKZXL_DR}fRV7Jy$Y
z(w?rwr)sMgU6+oUd38&#pi#YEz$k(ICVmJVf^;5|HYr_{LZ@vK!HG|y`0+FdB+*nb
z05V2_ksXc<iuX`|*>}PT;dvfrBpD~j2_g**@xFmi$Er`qMPKQ6OTffg>CiFEdY_g3
z2m=(UUbm4--J%)m%}uG!AEUX3c`06Fv5yoRw;U6}`Q~6(VMA_T+5R5Wr39~<?+bXh
z%enr=NP|C)*DQ7cqz!jXJ?^jN<LBpZHm9Z^f&$eTcCKU#=$Kx?>^jt`yGCw6h?aha
z#@S{sz$B608&&UKus|i%2m$MzEAo=wm3eOKP+<+x`#I7jD?e`_B>jlH^z&nR3}E(W
zcICvjAiM>6Sz!t%>z8KF-*5<;$SX0yMBZk@MgqY@1K*DlU$H0M#b-x-9p?4l^x^3<
z?c&Js&RQSajIV?-GrS2yw^jLRy0u}?Z?WrX&a}rHBGkt+N(f`eG}k*<W@Q?r6R9FI
zo>Y)ItpWBbYtbatoiio2?VNGaYhqL&6*w@zdGVJhi5nI%%N!On;Kq$%7zpGXzuSi|
zHjjI@O`VN-pBAwd(fIw;DGDjLT_ht?8{$(~g&8hcxDKqgEmO~`pSQ3!Kv>Cp8yx2m
zv%=4|KoN0ws_7`@{Ppy9%tV?6aK(4k&I{IXefgMy#2}Pbg!2i#95%cF9+8$Y*p0>Z
z$5Njw=_eN~x_BNi?^b!ObZf5}qk*J<^QUs}G#Oose>KML_|izsiGkI*GW+mV`yn%}
z53}0d*7BFRZi7a28NP0q2%Pc!?}mItdxAn*l_+K!deXfN7|z|9M4)5XVrjkRF!o;f
ze$K^uK==+~r~!oUDbG46x<TA&&MN;l)g0yf9$1%OX!MRZok*1TV%yOd@_7ULVZhh+
zDL7pBXsp>xe;y&pb7e?uEHrjb>%xcuR>kdz=bqsfrS%hO`u852_L7?5ma_+CZL5Sp
zmu-`K?Ph}MGiC-fY<tqs=N=J=l5{N-$;T$qWnw!NAtkfL#f7e)#l-oxailX9NSaR0
zy@#jh;}ejAOLlByIFj8ECEY?MQB@QVv+6=H>yu+N(||CrzY}!Osp{?gXbg~7j({Xy
zP?N0e?<KyJ!U(dT3>wqH+v8D#m`x+wnNUiGaDVm0?vr=V39dj$++1^01=p`-Sv!S8
zvUYEhre}lkyP+`n!a$+<ZK=h%wW3Utla=V(Xn^*kLIrFv?=eCxTLpbvPYK#oQvh<V
zG~}PP$i({HSfsuGy)s2zY9;die&ru@tag^dv$sc|y!@N9^cft@8!BPC!=2C#Q4-o#
z^Q_`N7@TRM=4DNczTe!1!RtEqU~4`AgM*-@E_TUj-l`x8!`g(+W8VTF`#<^l6=9WA
zFs|>uUgo={cFDQ68cq;4tktCBc4hH0K-lixd<ss`-D5R=)g3Z}mrE>?=ihDY_6}Vw
zcI(%woNvj^T6g@AE_1UKl{sZOQBSpSwOw5@vLE_<bkwy~>`Dg>Ez?itg+3M;fx)|4
zLjR5hH{M`(9WwHqq6D2eF@7G}NF69sjgKfQ6+G2%9#Fxr#KUC9jBdSrF5hxPfBWkX
zEbGc}S^t6tj~NN>{imCQWDTN{TWfI^cPX}{RzKSn{iLU;{LjplzUUgi?Voov6LS1|
zpch`~hp{7hmy<QS8D<%+uD{9Lt(kl!lJ?YY?(L1|ICe$(D`GI;haQc^cFbl8+lzn<
z-CflNj1thyCqw03YO*-Fxu^Vn)aJg-(m=OD(Jpx!_e+~$MW=eMlRarZH#z40?$>7+
z;(O041(sC7_sXrNa<*XcBV`L&B}r)KrWE1=F0;{N>x1Ml0^ehAA~r@LN9hS_cM<o5
z;2{*l4IL0V&Hr1q4;F>E!zJVR@riL!*Jz!o32@%)p%Rsp6C3nD7`)52#{<H5CIEdj
zOM`*z^+lW4w9huCJGFPh?2~{N{UT~_W9||&CsDF}fAX$aT}Tg2oQSsg{BhLJQ}5QA
zj(Yl?vU`JJK2zD^#t*juLyqzD7UN^k?i=3sr!1A7lJp_>`0M)*thvvJaG#TaZ738w
zi&TF~ED>N`_XHf!c&gy2QcX9XQlM5PW?FX7x63vQh$HLVlyfe<Q|xvj#VQujnrQ68
z_R?0F$lf_#PqhM9V&8BN9n;h+6CBwjFrWqvEr_eL1&{cij;;a)>&M*u$~$!W5k~@t
zp<Atc8#8<UF)5kthn3mEg9Nyx*DmP5NCivyfx;=FR#ojX(HDwdWZi&H&IbVGm+$ww
z7ke3$97WE!ZvHEkZLwEcXRje2)_d5&iS#pD&y2U@2s`7*){P}Hk-z$piDKU+%hQ-D
zgU?0+f$6F4k$h@QU7o^1HSgB6*xNNv!aolZN@@${YF#2SzO*+isUZ-~Y|}8R<b>n}
zDw<ZTPtFX8vfA@*tp>f_hF?7kSD<C%19uhsu@yx9%4vg6!bYUG%+5l;Y3=YPC<9Uf
z_^{MIx6d(+esS&H9-2T_*jqEz)iv&tSc}=cC%hHNt<(%i)r8?<dqF&B%SKM;7tq?w
znrxS8C4umd*6e@Z50B3HJt<i|j-SFqE}7#u-7{DHO>tJ^bg)*!&VsU^%IJ^r$={@D
ziTryzw3D56UvC74_$c9H<*&vXh-wFX&)U^&MJL%If?X*P<jDK0VVacW-A5j^AW+;w
zW4JS8JANC9^KsE7Z?0x6fSx9;Fft+eL7fVgs)5>XYDz7^`deQkB-Rl!^AulVpNGtT
zO7Jzg3W^3AGuAYdMj2~gKo`+@j20hkm}i~95J73=?;(PL;1q42Y{C<m(b5IqiJ;0W
zbNH<V`?k4vS}E@!&1-6}@mIV$&Ph5+YmZNtEZ?GphLSQs3sY)B2|4l@bBU`Cz#U?#
zvdlcn8m*0!KH`FgM&suL^WUkB7uHd~h4g+&N(y^HP8~p$ZhP;~5>JloHDeE*7B%{L
zt(nmZZ*f)j5pb_u#~b>UzI&M{1PI~&%fButhhjFFJtpk621TC7hlP@!gupAxioz72
zV=Q`)0<5J<a_pO0Jo?Qg6b*zVBs_5&N<8`t<7hOhAP|MaV%ADMCeW)OqUc6^&;#*-
z6fgIIL_)>t@%7q9k(Z-B6N^$c2w#(lA(&;IO3PcxKpxevTOK!M<+sDT;ImM|6GvY#
z|3e4#F)BEp^nU}&C+q~_EhY|h<>G6Hi<X@q{B(OB_`$oJqS=B`Z|VcYn2$`{3U^sV
zm~+A*I|2a`$85J$J$N>188O70^&!l?%zhx|ci^%ZIG`E&SRZoEjcT`n^ZeyHjSfK*
zUR+;njD|-w(I`^3wAO)dHn5W6!c~SeWpgVXvT}(Syi>0;`QD;}``pPA=V)P-pPl`R
z!SjS(y#0kc54GWa_Og5B_IS}D=dLeoYc+GugWv=<x5%w3YWBLp>OHblZAaMN4#M1`
z9ZO^i*y=T@s=q}T@kUhHBg<*{oCeT;#3>=Y-<I79r)1Bi{Y<$#tEGh1^VOoW<Of0I
z?dvNIh;8Afq~mv@wYFZ_MyDgmdm-;5GIzbX%90#fD8L7s(&W&)uF|@rDL4`E9M(-|
z<MLi9tRL>P<$+m}_#p0g-VXKd*_a)^_^aobg}xcyS#|{+;mC1gahJ82m**>iHtOvK
zaz@4M<!|!@-)c`D5f95qM1F0DM^$H(csdRX`|0J^7pO=nCu;i>#D=%|)YgX<!b54Z
zNMgii<D1N|lXaRagC~fI5HU;MO!WM}DB-qi@A$NZn(ltwrqz~f<?S2+xQGI%ha&Q#
z_v)`3Ip&#fPB?=lNE3aR(AvClw>R172v%2v)!F<xeZ=O*zRW0>fP%f+Go^ELn`!$L
z|J%51<JP>Kw@YI)p_NmueE8cgjF2$L<$bZl`2lJ->m8LPo<>|J7$&pTbILGq_cYxg
z15Nf&XF?K{Z;H%@D*S6)K`Vm%woG|C&)oK7h+^Xl4pnyX8ZF6OfcH-$K~*?<q3tPQ
z^q8K6OtOb71%O;N@hhX%WcjeCeVX&gj4g}Y#EDW&-bCV)_-d*Od+7<|cd1iT0EXeQ
zRh&EyhTKyKo`sDNnEO094}#Y95Aj@A@cM!R)bZcuYdIfsmR%MPDq@=<#0#`xq=bNe
zvDNTAMDT3MQJ@g$`AfVw$%myhVD@gtyv$BW^(0)la4-c_5d@^JuHSDZED%D(2h6Ov
z#^{-95CW+04IemP!%@BI8c-qeQ(u-?BIvjHK$``$MPW+t@_YWxPAlroU@DQ6g!RbW
z&fR?6lO+VzFo?D&%e}$ov`-I*v~MaLbuD<qw#|txcVUff13jfj9gD`o>YdK^l27ZC
z`n``|pT3~N{gBJsx6MaLNNJ3rSB}`qxT&VX1B9x}gY7hr7lj@NpSf4$Te+FAPY)MN
z@_#RE$R4Otv2nbU+t4?04fmcOK|5Eib;7NF6QBLNu7m>Ae>wn{s=xXXL(ZV}ukK@Y
zk6(RLpLA=>VK?NYQDO8EWZ)~ONXY2iDgHYzaplSBR*kO+bf-xl_T{T<t`r3^3RUbj
zYjJx^_w=&<`Nu5`wxzec@i7-0TKj^M+eiI2*UiGNV~yu&xSk#H_vOsk7bWU7<y$9Y
z_BoCU-~W6j=duf!|LbS{?7iX_Ay6w;LyPlav{4+IhMkU|+&i~Lq;I^1tW!bEd^tZy
zCO}Rn`4;)6SlyUZnsAA(5&d$h-w8Mox0%dV8l!QQ@B4L<s(ql%=al?kcrFve$Ks>T
zeUWWum3_??LCk$PpvTD|n_pX5&{WUq*KEan!-7s*-=MQbI01(??Q||%bpH8~WmGTy
zRU5muO>4iz&&eoKLNE|FD`faQ=1yWyR4A*+zidg2f7ZtAD;jh89pBSjqC!bB7P+`)
z;@&xW|9A1cuwL7rtrBGl2=bm_$?ytVhyrqIbUD5yCm%A~na=JU53oxa-~3FQkkL8$
zlViU2HvbD*6Z%|PC-z(Gr#mgegrZ<%?`K!#&`WheVYlC1D^oOj*i&on09o;c9};(Z
zu|Y;{>aRM{vl>@dASnl6Z(-<b3DfOZ^S<fY2Q;C+*OMk+*F-IZow|i1cqcl_y8e#Y
zd<w9}yrw!eJi)3qi*hQIudiES7)m+(>}O*Cu7#%63V-G0uzJc`)5<z|Zz9CQ*Y!~U
zKe66YhE%Ng;{U*U4?%#L?(_;Kx8cN5TALWqn7moyK+7($9txC42m1_>o>du#eEU&?
zESU!j;Q~Txvwlm|&k^=1yH6$qtg~Qf^fN)OmLxELZfju^_}Ucq7{9~3mPdM!UmxtP
zaW=sK{@cXaO+rBobIuL`(_RvGcWEB>dNr=V$bWdJuGZow!z9-1e{0A5Xi6wemJ^i_
z*skiLe0Y2`^sH6NFy&MC^f+kk1bzUy^+?$*+KyCnN_6v<R7tYqB-p?zx{w{$fGuRo
z7HmMUjw+M78p;R=P$sMlI+f*PtbYCO|EHU_8ta(3-yT*lt>=angz+T=jEvVi`twNr
zBIkHIng+3sER67~zG^|8?m2TFd0P76>UFf+XRZvApwoc!I=Ns*aAX!WycGQuYq$;W
zpL0s*5d8Tf+3#Ps01i%e%mK*s@yv_8x^FC~XXzrQwUbC4p=U1dZ>MnlDO+*kG7S~a
zc<RlczLW;usgZ1pn<qMw72O0bu6TQ1Tki=`Riz1uPE_#nJx2GR5aFCZ>qCe4I;n{8
zNVb0<!h@&3Ra}P~e7^QH6Y-8$wPEww>?6XPr6hZsyxGQuQruRUN3Hi;aPsNyejR{W
zVX&VsF&g%lOHb}=rA)hvy^U_*`?_OcDOrLGjSy^z+>TFW`nXR3--b^l2CH&+!8JCL
z`5g@Q$g*xT?i#zX>vtBm<7blVH%{LG(jj`;r8F+wK;!=f0bU`v)b@I=c759UR3J2j
z2JwSch{niF|E9MNlyB$(k;ss_%p(+^!iGL2uwMM5ayNJ-2#9@dwZ4wYs1FPzk`<7J
zB=5<FwSq;RB?vn^)g^v`e*SK>xF*m+&Z>vN#6?Z>6Gq@)yd~RX);`S|r5Thj`7V|8
zzbtj&kq^L210J5p#o@rgRKEm<>H1HgbHLU*Ygn)_vF!qiZj@2n)d2Hbo$v>{O0uF*
zcMz5$wrH1y-H9IdaXXc)zBf(AEI40M#RZiI{6{1>VXy%qgU9GAt#Sn%UVBQ?Xn~Bw
zK+{n}Q70MJCE-#l6t_8E<v|L_J05_Fz+21}Hc?_TR+4u+Ka~Y_DjJ6HAbzt{xb1zh
zk=FEAiH~BJSwc+{_;kTCL#M0nF$V#Y_5_^8tHTgX8aM>RW1??H2x1s4QxqDH|0^cr
z0kw496+L$VzWf(pmiooB;=9-BS@Yx`tdJasi;I`Pm)<>+0|wO@G!BorOp9NHmWFaI
zKYZu0F(VelF`+Lpl&Th<20@xRpAmW9#CizKfuMuYeU9{ofQ_}mK==!#d0y-!h@X2I
zW0U<c!Sa)H^4JZ#moLkp=^lisaJ#f6kmu3;VrlB&EqAc$$$`K@wmKDp)$^KzIp_Ib
z;(&DLB4f~S?C)90KS;=H${$U4cw9|%a#jCd2;c62@cpOG*r2h-w<OSv)y^?|mA!QQ
z<ss9nV%%Y-Rqo4|Y!AyW$kB?}Cj<WMyP9Ayn~9RJqCLO^KYL1lS^~jX;)FFgHY{lS
zo%7n0+vPe9o5W%#q{c+!B^SUirGf89GRC~=)@d0rj!Z}Ze6#<aFM9sWv(SjK3rWYv
zoa8*_rTMjeqN(75s``QGU@9tlFpSpH>fs)*=YFBG|E^wo?UQDY3z>s=T-4ycg{4wj
z|7$As5x$?FtnDsnRM#yO1GzxA1yDlUC5xqlOk`i~`tQ>>KHdntrC)IGg1pzZX!se)
z#q}Th=cXqC;3dnpy(vw#H9A1cBB12jo6mtle|=8-pUOLdKmHHbU0fqU1S)`7B@+Ou
zh=X<U?=|NI;MOmz3VE;npI_(S7UIEW|Mx#v!3(FzpdL8_+$t{vYph4hId6^E2C>TW
zfBpFDIfoCQ{^wiy|M(i<z`>{dKA%#405!l};%>his|l=kfRT#H`bD?jQ2&FjTn)_G
zN5WVn|9f8bpMOdKrfop1iZu$rqrY5!C)b%Q6Ai4NV6k%sG1>ox0S9Q(Kac$NQ~vs=
zzs0Km@vkcHsf#mh0p_%?XtNqjyGSo+vn(1XPaOh~!;ZiC`-T0ey}X(;EUf>FSKmGL
z=jE<wb?NPcyzqbH+0H&XEtmE;0A2-LX!ie)i~El|^!)$4&>D7QBXZJ?oKOM0gplk(
z7{(um#lhg>BuA=>{{P~Ye<}Y_rvkaCGx+ImQqP9&%+E-n2w;QNzr+2{)B5|>^MCv|
ztn-8KIiEr$o?n7v-hn|2SZ!ySpaL^LCd%Ia`uhVa*QBnBHymsKn^mC&-frTp&Axx<
zn6FZYH~`cSZ&to@@XOOvU;Gs3;VaDlVaNN=*XN`Qbv2(WbUb`;#sOG6E8bc6$oE&`
zGXw;!h3$rQpC|tHUw>VpZm4o5DzyLg%l~m0PUVx<v6L_#_%Q0>mz~A=0q(2BHRQzs
zo%&P)SkM<`k3EF^*J$bUb=2#8`2no!;5rXlPmahzy8KpZXi=ev7JARWn8|<UQWtdZ
zZI-kDiv?{&cRl9Op;PIa2k$sFDfvnW$R7q-Z;>tB@BixLJf(u4f1P<7@Lz95&*-Q~
z>AF8jD%9u-ag7H34msCdA>IMTzpf^*wy~YuvA*>;M)05a!vF2-r=j51jy6(p1AOvR
z<}p8bSR*1LCL|@}f|%_OR@g=AQ&8RP@DI8F`Vw5123Oz=V@s|5!7be?z~6<Ov}j2%
zJ}H1_XI?zG1b;mHaT3f7e>A)?`tRY_*Ux_dZ@5s19;~(>bt(dw2V}E2sLz%EHp=0=
z%fG<ag7pA8@`-1(YHzWL$%}5pr72N=cCQk^qb;`O(qG~t3jW7t*Z_M*jq=9Yilu$>
z+g|(xj5>{&uDBo&HX|lt@7mjf+)jwqX>W2?KzzXQ18?;=s`BE%TOA{a=grUr@b47i
zGk-D5|9EzrIy1eU@vI#D{=CZP!IaQ_*4#@k->d>q7-~VJVyT+Ig@)sYS<e5t&UGm3
z<*C2d_g9I35wPDt05W2z)E-v^Q5d;!Fa6GaFsc9K_z*B|GtNpW6)Oh+b@#0)pYL1R
zG0KF%3=c<9f3xdP=zE-hz66C9Z@5wU(?jjCiXx@Qf?|D5%3y7a-$!u<WY}j5j{98H
zu4Eoqa>5$=dUBod3S2<Syv3wq^^ZMc^5{)a)@QrpxYFe?<jO#BIu=XG0E0@KmUn!a
z8dDewIeoe{T2)$6W%>1WpvuoSt5`?SP}W;JH~TFJBp%e(v)hB?<?2#7W))xB#<KM?
zvy}<g+(84u$WEp`4Mi9y>YBSWesCZ4=%-&%4w`EbL9f4hx-`^#sMXp;97EMZQgxA3
z)ED5*{_M+(x38DrnoCBCdrN-3^^k7Fb9hNV?UByp!qfHN>cG$l*#uBSEHHcDyi;&9
z=oMA&pbJ0>xRDCC%@8__4_06Zh`w%5B&J#DjtKU{^>`l<!6%dfEbd1XJAWU+5_5||
zH(k9SZmR3FOj*!&VJ4<9sS<(87@&aNNP**16QW?snhGofdyH0ANT?#RB~m>l7cDNj
zQQ<t!GxWtK%rVK@oD5oc$Am$~i|O!Y;%sMf>it}U`6~ZD>-KT!0P&r471LY*?{_!p
zIg2DL84eY@&;UwEgCN>dAtCKwjO#i7|DSRFe`8!<cvrTxYu6d8m~;F5zn1btR4A?i
z<0DjL4`TaPW6tzeoeceJ!xP;HT>rrgy%#>;mn+z=9;*;N)2SW$^8aD$Eu*4t+x1}^
z6$J?a=>|nQ1!Ry$8l<I>l928h5D<nAk(N#gk<O70LAnK`yPK*1#r@pRe)rnz{pRxH
z@Vm}9&LgaKe^}%u7#8gjxH{5fF-T5+8yyJ!2Aw+Zjemu|tqzPp>yYgb*!9!Hfc_mU
zy%}9lK&GSh>wBhT`?a<^RZk`mu3usP_enYEMYv_6$O$y{9kC4oNDDeX4`3Aa=6gny
zalS?u-gTVq5z~tm<yIhVQ!QWYc<Ot3Y)A{t_GQ_$p|7s|-X@?85jtOBBHqKj%{f0-
z*6Y^3W?vy_iG7RPOkt!$twBe=k%d&xWr_{fJP)o*Sy%l!@-_^4^98=aXbGGt(f1UU
zh9_`_Md8!MltLf;gx#zxo!fm9tT81d$GfxIbGVH#n?qtf;Cy#NJW(_20}Zx;0Ww42
zHQw5SHv`+iZO-Z-OXb+WX|^3&^A#c{^Wskoum%8J8qSrzB+2p2u1Md2ajY>m*Sq)^
zY)6<=6{r^jR*%8?YqVa|dFIIU>I28adM$NUze}1CPv_8;04{Ge{UUpO^058r%<5L*
zhW0$Al-HtF4mnqrj~@Hcs0^0RE|;fUDx&8OHI#tM7b4=`T?o@*wW<jO!ntjb2yQ+2
z6Jt1Zyg3#eYP4je^J_0cdeO6@bpXdL6f!dnu&%ON&n1op-=-n9vR-r;Df<t0oaf@D
z1`Uz2iUqQV!0*Wl+=>TfY5Ivxu@#qeh%M2oqbmV$6maP!joZR8Rl~kH8-NqB6ut|~
zlkw!Kn&)ebIpDrud_Kc8FaU)@i;WO-Wn42Hl&3Ek9^tQWmi%kkP9yl$==W=-zp6u<
z5PVzdX`#(!Oxp>|#r5Qo%Xw^t`{R8r;(4rSeFOJ30!HFnE!T+SQ6?GZg5ohU;`J2N
zvriumGd+ApM`um{>?v)bocsMlh$V+}QiHq0_U}3G`K7N5Z4DI_M3&7WA|eNA&Mut@
z<===US==VhcLk^Ty9pV48vL1ib5*!^@Tm*Z3!^Aq##MaG;mOo{@15|gP|fBcDhqCx
zDzFpYHprP->CFMm@C(l<IGlrziIY|j4p%o@<l$QpbzW6uW){APbu<jW#_;nl*Nt#L
z&RfgZ+9%K-f`iRWn2efHs=$=9`^(D)*^|V?_3N^!^>_KWX~Np2c-~QJ8x$;;y{)_7
z=pWe6C{Gv`(RUq<?9{y5xV$-9$F|&`LTbfZVRF-X#NH52dH3(x{PjoNxWkE~CEhA>
zX~OXX4{j0=E$Jhf?4;TCs}IlJqC0b?;Di#bf%j&Gij8XUEcy~xn+1-fiqI)Nghs6)
zfwScrq;g+Hlk|aEk%Rbfj=ZQ`7B1;?KTgEk-AIO)pw+x0)O>E<9c_4Pw#l26!?5wL
zd>muY^3&K~R&pWSFlhY>P6HRsGt(@4^z60Sqc;UQ^3iYBov;}6AP7q~Bkn3o+eVah
z?~QhbM52^WA<8ckFHb01k2o7?e;@&K-T2SsfR6>$#;H+LXRs=u0j3}JP&9|YV>*p$
ze1^3qK-WXL%}?mbneP%$o^`ahcW*Ay(HyN6=r=QV*5Mv5!5!MAbmOySBY%Q4JH@J~
z+cTJ_oFeT~PupUdJPI5N&oaf}2m@1k>#Ftfl7^HJ<&~lHm#;pOMI8*tFtRA4eL{)5
z_Be@%(5*y2Qewzp!t&dL@kWBa-PDSAdB2?FJTu+;!p>zq94J0?-hAgqj6Dp$74`DZ
z7S16WP;6z|q8Q|N8eu~ilxr7Ec*!V#b>1=OLYI)?4HD-|;N3?cbh27pkFQ55?ec{!
z$}M1D1TAZcZcl%{5Idj#;9%ox8fL@@-M4RPngwZ>a926JkrkiF%Fhgb>1+5iDrTmp
z>&fJ6eODjS)%WyARvb@!H&|+%)W#GPwD`<TeFt3nn`6hz@(CN?ighc>JKMX(yb!q~
zpR6qSp5zG+?;f-^Jv^vYR(z0)a`EEQ9X8LS$b4q#*uQt&E|7S6fTVfwx~0SO@jYt(
z==E2-px=J1nlJX(C~%Z?#W}@Z2S)hn0gb4GLbTiN@Z)~1wa2bPZpW;BDT3NothvIC
zs6#f@+}^F|=ep{SAUg6zfv-)jw(mP}#%aWJk!DQw`*{Muu)aqpMj&W0ko;6}CGU0o
z{W&ir6{~(V5NbWrEw_xaH=GvU8ZW`meVstE5tX^|%evMN1aZJZ-&Z-%+QESr5n<j_
z&0?2dET(4Ud<NDoa3ZFU)2^HMd4&MrH(tW!xaeWVxAT7X^4ks7l)c#o&gf3j*7t)y
z{pIqw1sA^MjU0R%2ss>jg3ygm?^9(`a7%A|y`o+E<^p3XO6d4I^@J}-E>9D55J|P5
zk@)!@jBIbt5pq;RIs@=mJ`yXYRF%JM@E)B=bkCW=0=;;kwxMfM4Aain&b|20XTNt~
zO8siG<gnSp_Y<YK?+ks^-W>h(zscqP`}q(yhIue{KrBp;!SLhfry3#1CR6W>J3l1}
z2@k&MW0s=U0@~$cJ(izxhLBEuH!+g~Li|T2J|OsQf2Iu4I}?fBv{Gc`S&Q~2f2E$)
zm=pA+84IYP#7>0OAiVD|R(Cd$N@SInwqmIH&&hl3ru_tRqC%7!LvUCQx7_`{k4M?D
zOzEy?(lz#I++!5xa;sMMw7$Jva9*naMAIO7YXG>k;Wj7Y%=^|nTpQ{6JLa_VH)3Kw
zkkLc#@9#8`kOA6Bpz4&pupm`b<dbANHu+yqWIa9lh)E7*?NhAx6qFzS$ZxoRYZjOs
zyJKD()|=mZZcsnzNhc)hFP<|qAHV~{U%T}8fh8uAVU0{h_KYeau-Sw3-{%wX3wIy8
zs?0x-4>#g~f2Aat3+Nmdr9Ny7zq6Vx3Q`GU5MJ3RO+SAo^7at<3?lYvW&`3oHbRO~
zR6GvSv1$YLcNz{?2uT$3^|FG)E6-($e)R-ubSfs%&Ne;#h+DwDu${zfN_R-g_saSF
z`<m%n))etdK|fW~U!J`Gc~<8#;!v1R*WJA|RU)F5&Ie<g;OmnyZ6&rkwC3ezHjaQV
z_>R}-7Ft{^3Udz?mmU~ED};6LIXjtB*w&#iIAL%8dh8*LsGhwkW~Kiv@ezPLH0H7t
zv~9srQad5==vzM2UM_n#v`gO}6gW-&;FRo-dJq3@6!Rw29^)z19wt`_%Lc_Dxf?%Q
z2FAP(3A^>(-aw@7WNYGO(Z2P_s%o(gH-St}o5REW>J_94MMaa>i62ZkbzctaR^|S;
zYQm7z#GLR5m#>2@jcDap<EYWF#9)yt1*>X?-`zRj_g0-^LZ>@9R)~1Ud+~nsTrOIz
z8}aVQB2m<n-cxcj2lXao_q_k!g{GZ9_^LkL#5qL*#yd*+3<ACVaFMxcX7{C6t0aD%
z;>>T^*wfd1+4f^W6=>L-3KGI@LlXMay@?6J7=ht)5jE&M6iugJy)B_&TT^QA)5__5
zO#9a>pbI5DFV-oiB*~Qb-biINT77q_kc{}I<*V=qgn`Z*pMR&b7^1`-p<_-aAR1ou
za;n)aj}~hRE13Nu?Ob-?U(Y>LZstw9_~S7P98L;6c(vG5Jell<vL1_S=7ii$=XbtS
zY=DfArJTY}jwMdkD~YhaDTwZltCS#Dss<_@9My7lCPx@heSP;Bl88F&=SWPn`t*9e
zjh-9h5<8j6hOoaJgwU-i+zrHr$tf0VHbk;|?0s$G`d|!M3;IiW`>OB{3BcU5rfz$|
zQduQgqEyS$x4KCthNnHTS?G(cNUTd2qEo=!6=SDJlU}wojA_w#&<+3|{*piIo=kkq
z3$$XF`)yP}J9|QNG8L=<t?E19tr>w`7FBSfk`mW(%LhLx7+xbHA`Sfg*%=507C@3+
z(Dsz`trI?#)N=}w=ZTzsNw?y~8PqEUuRUBBdiw8pap%S%GCL-yBnQy$3COACaH*60
z!QJFJ7__vk9$c<xC({owg$+@T@i;iYaf$1Te&e~rkIGw<f_Y_T`ghaAs73EqX1X1%
zKGdkQG6igVVbO=p-A(Z6X36~TL_|BioNUq?Y?;;6JhEwYzFwK};gu)RpYFqM(G8Qu
z-NS$Pw$|f%_n(!D0WqB0j@cWar~9)daJB%Q^21+WI3L!UXni-P^SCE3WKPJdSu|RZ
zd;jm|*td`0D?CSJ&Vea}`kN>ty<_DB0jkuN09r8Qp4G~dy4a*|O7G^U!*2BcN(ftS
ze|vVJmbTq(l-C!g+IY^J7o92|+u!Kvtho2&ro6M-f#uih!o_ib=EZpaHo#0aD)Tfo
z;Jf3JOnMGk+Ue1&6Y^+&1+5xZ!1wbXwN}Sf$`yfOXQ?<|cB$dgSerWzOJAZV?681|
zhchioU*pwpBj?9SO;znBN@GL+I+YALH1eHlKII|BxOa<I>D$|^J_DnjkXkx1_g&jE
zAs44|VX^#M_XvN&3aUavX3RIo`=qnbo1@qW!6FGDsSDJq$d-+|<{O}%CwE=sdl~%=
zy^F)gf2Y>I5}~J{qn(08f~RA9A@%;vrY~XzNM>2=3eM#YaeSkuEA1DWACpca^b<YS
zpQ`7u@;MBt%Qb`jI}vz#YO}vK!|LQm{(6og_kpbTeO-x+16d_xFE)8ioSe=|4GIVx
zGmu}8bGjTh0AaXe<#cDp<hX#~kYxSK-tX?enE?bHVWgy)IQZ0lz){Vcfa9UOt-<EF
z5j&r3Wa?m*K7OWWvYha2gX<??c~hV!vFKieb$bo{M!_I_xOEEY#E}RT-`v6_d44y6
z!-ym=0q8_+!&i^=3>5PmCHD-=#g;A`Olr_GG1w)&s)gKy-usT1$Gf+Wn{RKWc0wkd
z-igj0#%1KSmM<~ijrj4#p$IWFB${Da%m(~2skjKMNM7gbH}`dICv;NHdbi)Vix6~}
zlbAAHI6pA6P@}?iPEM5j*c74XZR9;GZJRD?O;0w@G8-`^-ri37I{uT_$tG_2c&Pzy
z#RKQ(n=m<KsDWvgqJvCdjzmwN9&luox@hk64@>E#sWK?htK(UJ5gr@#j?+Y(yv^w^
z>V<+<0yC7nj7s>JrC3}d_uywh`L)=Kx-}!e=ej)eBCL+e$LZQ?zgE~d5zn$foY+0+
z<%X=8x+7J|5oi455Qx52*ut-0vYb6W{#&GteU$D=a?r%MxK~l|u3B}0h0cBV?FaO<
ztC0Uu5vL=1gUn_LZ+Y7XabpG8>4(COER+<p@hSPpCPH`^3NN4Wy`P@si<~`W<7IeH
zdW<)8IbWhLxDe$F`+2$p$rhMx-#xPg_C@>Xv-uvzMQwM?b6zmW{Ju;e+EMA<Yj<E=
z-4ouDePfwFj@TB3JTvlz6`vY?HWZ#c&2NAzI|VjihYVmblS5@xs8kPZsu#v>Vvp&L
zvM4MmA>Ih|>D}`Q)^B4MHQY^O?`QX-eqZLQX^Eg~xbgE#SG-?cJY1ij7@ZbR6FzCj
z%-N0RiJ72u(!aR8UZBjAg2zf!0ut%ZD2UG<i3S*c)8KFxvWqcuQP?%gBjFm@5-yCH
zxu}H02ik)hVqr?3sU+%u6=nI2J4QIFGXfIS=xLBw^E*>MZKr@BhEMm=g{pn+ki0fM
zJ4s7iUdM+x&YSj^aSYCsW}V@k{mmMS!o;wwrt5(>G=9es7~dkhE<?)&iX@Rxo-?-%
zR52xh6aJ8gUwc?bF6GGp-HX6fPE&fj=UQz6cgzoe^~DI}-dpNwf$}lfxK!S&w>Wu*
zuk>_*nR&BY<;0U<O9hABXDq#woron|kgBHp-Zi`D;6knNyqJQUp4SBYZ@@ehIp(48
z7J-~Ys+OBFm96E=%$@Jla6Oh+l3^hg*tQQZypXmrEk&ZtskXbzY#3uMx{c`LhfS?%
z6KME93EKQ2CcUSgB9nV?u&&0S)B_jZ$p`1uk9V#03gl^%Y<A|$qI#&1uVSEB*BMBR
z+Xk9JmSW)DuP=|K*cj+7Qd(a)i`@e3EPvvsv0>|R%*uWxwfot^noE>1(je+;yE%<t
zU!XhrM6CQXiEO%OUSKW4YC%HCYdb`w^mu!=qRZ_1>l#qK5V}WSR4c92US+(Fq0gN$
zf6{Z=pUl61$X4cIY~3C$!1ODgle5U;Q(AF_S5c#HL-j6Hh@%qr)XWE!+dsVa6=oO$
zHO4|Ucw>q>LmX5CSdzTHM6RCuUe@#dJQo=Qu|zs@{;P@+=qUROb-a@rtrFq$m+k}+
zJ(R*pI1eAUsMKJJ{@6ecI!KQew#u5{I0X0Yy}|B$MrjGkxGYcXz{2r!C4ydi2rb@p
z=PC&Xffv2U4SSI;1CsNxKtg-3;sgMUQ%A2(`#iQPVIqeUo&7O9?|MV@+E2GldW1tq
z&MCMby6i|@0DmLG6iF<`n*!iG!8q{WUc?G!xSm{A=*tr>v&%PUzAU}&mKOVbsGJzu
zr)vAa#ZnPpi7eL2=+no<g4pfwc^X0xVJ+~8Ta9TI#!Z7<DSL^0H+!(gHA<$mwUT39
ztC5eFH;}<vn#rP&O#ItO2p@U6%O8<_rzkNfAW?3m3H!?RfV#j*4njZ-Tq2n8Ui5OE
zB&^!44BGNj&8bl((d5?=MR519>+Ik5Ia#^SAG$Algkp<5l4a?fKSVctVw9pUe+`UZ
zB=dlMsPArhX6al4RAinrX?(XV6v1hlRm>1S1gz-F4hoc!xuV}D&L7F~Iy|5*(x58A
z61-6R{j`4^>w@HbrlJjP*fLVCggoZ_hN<O(Y0spmoyg9f+-&XJJ<6`EKh&VE-%)W#
zr<&7}?qX!!(H%@xzW-DV4~+2ES)f0N@e4?3sZXh~Z{dF<kRkj}>Clc3LY-_02Cf--
zyt;*BR{k?_ZnJ9l3@pOKtl!emH)q!zKKqyA60_d5o2eqLiKG(w6#S+kQ93}yaj#^u
z>1J)ZO45TAAJ#Oh`Apu^m<uUt^A}Q@PMH-@(`UqY?yw;g2aa&yfmoxZ%fhlr%+)f@
zIVwTH;dy=Nwc_)@;Htev#5*}fm(kC>)^k9a`yxj<?GC9Ns3@^PR^uD`wcckCgbE)s
zvp=m;qd^IIj!MF-L}9wP$2o9TVvcDFaaOJs(I?ks{6ICi!9a_E_?rn61t^E}UsM))
ztHo9}4w--A(_Vos-plkA|6*Rvb+MjZ=NA$PrntvLzta)dV3`&X#|3p!m4CZCeiO+J
zZ${_|-mn(SP;8Y~9F0#`4kfH(^*l7s!jN(r5(Yny{VRVYOYJ!tL1P!4m_!hd%l7&F
zciPN{gI1>Vqrq2-31ln*Dz!&Uu~HzKv{9gt#``(vm-(rtr;@j1hsE4TN#iRRFknl3
z<TR9CZYCB0v}`TDO4PIPrsSkFcwO>bq|w<$;k)S=EI(hu{;&dvMj#I-50z|+dCMcB
zjSGHRXNTC)*U8S{4-uJM7JI*6zH&p3gLo&nH}{myU~{x^cA1O5h<sLz(pe>$uZ3*;
z+*N2EHhWseVLRIrm+!ud3Z7;@Z5?|*vHw9+U<gOfFHa@?4#jv`T*9KZL3rLnoiWPt
zBD>(Zt+^(zdU@B+wbm6R1!)J?QK%aRz;Y4~<e_Xt=FLD|H#tc=<;nE;Uih4IMX%yr
za6HOH(%Ss-rRHCFWSwx?1%zC6q?Vc*aez2Wa?9PlgIFb@bXJvj$xM71v<~um<Y4V6
zhS$71WV%rOPVSU+Ve-tkl)1E+Hfq-e@ALi4eF`W}t_IvQMRjR$O{0;YL;X)oc4vqH
z!FFqMUpf>WU)IThD018dQ1hZM61j&6AEIn<E5fL})V!6<??Bi5BIii~a8Zuzv0`EP
zhOUV_6e;H>EJoF%qX_g}QLoNIbVi=w3y}4vP>c+@0^~1aKTai7pF+UaZ$qyA`=-kb
zg6iVG*hki|j27J}t)dxFIPkWBdES5Zp%GorxZGs+E#)PL$DAy^Wd;o#pFIzx)%cPW
zzFuCK3m)W1^;r7zk>@I>z4ocNJlP2#uf)29ZAe}0_7SVJNCaiR`=zz0dX4JY)^J^1
zaGohsQTCkbBcd=8U%lf9#`R0rE#uB`Yigcv^TDc#PWC{?XOjk#u%g?W%xvm9kGM5N
z1?!ElPOfo3eWiF@@Zk~Z0weP<`Ky6RolN#nsccD)<A)0V)1PSo4eIRjdWrla$D~fb
zqHLu~t&*8q{O_tpo}*otK~K23r`L=+PjI~E@wXw@;Hop;blW)Ui~f(CEdCvn7!zJk
zXK#T?livU28lzm|qr;b9RVb}8Kd4&_RVi3TN$L`p3WK7?-$aFIpHJu<Ar@jG<1+s4
zfd>M|{Foysyoj@Bpz<12O_12ptvxiiK6YdW;j)r{>^6Z&wSrOOw=GJ)O+@@UmCc&b
zg^e0O20fvS6>3m6G->XH9jtz9jWNJwVHf5yVI*h&&m82Ej@Z3y+C8EXw5Mm3PnHt6
zjzC<wfrirvb}~fno~yW{w&)%h3UOlvRyX$a&XCy^Q0vbMzA!Mq67AF8%AN4V$UIrE
zH*C7IFHxwzI6j=Kp!#dlw8BcF%_HDW=|P|x1wv80z32K(ocR$6C<!=LGC5qJfcUjt
z`%X)*%7!QAFA5U@K{-RdbWNDy%AaQjl%7OdF)hohUg6G;tUBNQ{7j#mzSGEu?uK_t
z(KA(d-A)FeFPuontP6Ta(Ed+!BF;$)m|3kx3+@ey`zZ(FlMQk*F1K4bTzmEML1g=X
zu*JVZU_@H-=oI6z9jR`j6(8CG!q9vDK0G!id~nIIFT+XfibX{F$$z3PAo602rqt}v
zXipO-Udui|*RAH5sSDIt+T?lP<npIdl#LgClv1kDoKk9LTy2CJ5p_}*lOVB@#O|LB
zYkF-1ovA3je3^_w0ncYVmcN5D3>xrukK2Oj%G)yd%k`?TM9h^>VHG{^UW&Gyw>A-l
zTTFAhu$;arb#Y@}<tdppdJIa<+GmtHt}<7<l;##lDg0)#o2qNiYNeLJ-kfeuoho-f
zXJ-ebf$k!ghwLCW7FY7b=|1?+vG1=8PPBB;3qD|ULO7bd|LcdLPBxkMMhM&Rmay(K
zv~tCSMJO}H+fFq;VOIIdiuWPrsq~clu(|D04TWfI5$-Q)LDX9^INU<5q|zwuQsF|L
zS2jPA>Xu2Ya(aSvN!;k1HA75@NzPC<IO0l-zPgF?^Xtoop!C)Fo#}?kTLgt>0O~Lt
zQ&VccGu;>^h0Kp=!N=3{O8c)DK#?}i=2lNkUG>S<c<W*Z?yPIf^tbLDi)@w6hPIyU
zlsN|8U{0$c#7$~FTDxEii}k(`PpR)Y(qp_<H_#1x)%W1rghV&v9g0i6cv69m`J`-c
znD71ggFlH7`|wiVoj2$Pw;jB?Ax7aQUhuDvAh7urNu{#m!s6{wdKbCW4_NydEj!PE
z{+~A3og9?1ZTKxV#0VPyL^J0^mD-8hru!raV%=M!QS-G{Y5CNCR=A-nTIy2KKRBGj
zsO~|7+wO6E&|R=gyDe*X<x7QTlt&K5bgEx6ldrgw!_4aZOVe1>@xBh8rOW9ouNzM!
zkFgzGs%5@RyUTEFIC5u%2URA_(yM(G2i1&=fGCmkG;1JYn3+KgBfkBmPJ)>8>H`!8
z>0qcC-_APRd-@{wbq|wxzgbTIS(4>f0yIz1(4SJH`MKqj5A{nbvk}(#Cc6fKafx#6
zGgpwUUY-M~HS3qiPAOnR<rcRD#J-Cs59G`g4!re@x)qPk9hd$rOY0%5{BP;Y*Yhwi
z%OFt-X^`ES8vL$7$yrA8%`j`!7iJ~$1G&C&n&pZtuo_jQ9Ur2z5AkWl0`qo*8{o5y
zFi_?X4Ep41)J8s?wQxBu&C&c%*$PjT%QM&-E881?`+hulz1m3gy?Vx3mn~YQ20I*Y
z<c?PGwQ!qGPo66>`VA||arVM+%+U0R@BG@l%ud?Y8pn4@Pk)9;!zk3C0VewGJg5O1
zvjdEJaeGR`()C~>d+EDJ+7nSb#q(QYFay(MP@_r^X$NJOsP4UX)J$SN;=k(~hX@j<
zeqf$eGL})^c<`^uBG*ibK6bI*#(PB4_j6<?spKa-(%|L|T6++<JL~PvGmq8ud|2X-
zPOn9gOr+;82)oddZePN6#k7|5k40g%QCVr2BdARR=Ocj3^3jugeGk?-H`7I@w>Ocf
zqo<eP!ZrV=!m@bMO25j6322=(QmLzsgslDj??{+e?;oxx3{nYRtTU#@fsxBEPRHrL
zC$yHUk*g(tFl?#}D{g}KnVA^`fJxkFc^vhCg3oq&;<NLf7<zwH9q(;lb5LIQbUkU%
zJ7(<JuD5F4A+|jiQX<DAhTc@P9rgKmu+_^+DpP<-6RvKH=s2S8Xx2Sp_c-b=qPIQB
zlK$><p&o_gd3pN^&}_@$4=QYD))UgXIMF8FcH3;Xo%>Vw-DYfJ*Lyh=E|bj1QR1Dz
zY2@Z0+$~p6<eh|%o=!^qwy|^Wnx3wgr*WvSo5*CB5(U8sy_MM!w>v;L1g#3c$xoI@
z<2I|OWiLE)ory|LAR^M|hcsY5G-K;`j0`4uM1~Z@AUAOyULVeqpEgd0PIu#yBr~|a
zlDJQhXdUCR+`X`G+q3qESq-QhEYEF^<;q-g44whBdv~8DCQuy!#g0u*D-$0M(_w$k
za@K-rn$PrnV$YV#;!nS6!0Nc5KtX9W)L6*+RWWqze4hcIUVkdV$Um7MLUPuV^CF2f
zZnuJaX;z9lyHJY$6#6lEY8_2)dFo>>c1*E*sxqx=>V5j@L8zAg(*bQG-`n7Jz`~Jh
z@sNRAO|a=X8!_T|b|WO`qpb4^;Z%zCHy(yn*Y(NUhbzu6IqPC<gA>UVFFL&_;JSwx
zejf+fCFELV{2i7}6&!wu-Lzt;&832GZ)2Uaaewky-dP%6<uD9r4~Qrjw3gj}U^Cam
z_gs1inHKn{#kmL%`o3xaeoh9?3EdeUR`FGwV#?z<#quUE+>&mKc4ITBawY8Bp`g|I
zz2BT~SO3aW4^K-@5A9;yNvXZg3FK0RVjhi<7S3CvA`)-ayJh)YDi2LofW~RqVIbQ&
z1C&5M)ay=JK2@rk0lap{`0Ml9O;qZz95@{FOt#%cnAODP8F#OTis4ADSqs=ux2Je{
zy3yZ6Fr%}HZn#+<V6uO%U3z1=J4v!}&nPSDUAD#O<wLPo5mTiY|G5B8?dRHzxBuK+
zf7(el>QL#hW_RDf0KxU&iW4g{jz(hle`@oO*;HdPWX7o=GxBB4FpGA1S14h)yw|sR
z&MJ%>iV%CnqIue(wEJ8=M=mlsfF{Ux>aCP7eSTaAE<HX-(?h%M`R@&6*R{I~4kC%}
zn`V`w>bH!Zefdw3fpGNAze6%i?G!_j$EJEO{dbQvRsbr!Q4N_rab|!nY{OD@U_%{O
zMdVE7?BW-grS@FY0g(P!)y!1=@tt%GIK6sM^$k*C3)`jAZ!bLryaF?Fmeu)AQMAEU
zWct{F|J0>1*H(?X*gplw=nFe+tZEocQB<J%K6gmM6dmp9@>>3!uKF4(xo)i5>~kTd
zr+%l}Vb5^HXH=YRi^WFxP(MC>4gZXwas)P~vU7O5H60F@X>WCA2OFNU;@i-?RNyvJ
z3S{<kFSV>pGW!{YBP7F?Eg}^sPJY%dgFvuP6zhWhS@4mlel=Vob}Jg857*?Q=E&s~
ziS9fh+j&SUmncO3FP`3Zw|g(DZR)bmzHjng>w}6ixMlo=VX)2E9Kl9E3G-e)7FW<-
z*fU--#h!1H$sG`;ChOl-Xj7W`jlq?`U1y>25SfzFiCXvC&%j7{M<0AGMLC&8^LfYg
z@Mbea@aI(d{{f*u#)mogsMVHRyV)59pr(VLqzR0?3ZMJD{Z=hkaky1xf<e_$Z?I_<
zhc9=WNt5+_|Il*dd?jIr+7V^2uDm_gxTDzj)R!?mo#^nJXY_n;>vqAAS&&S$q*YcK
zY4Rq2y=cL`Z@4z?^fgZeIRL?OnLxS*U63@DHn}MZsq)#tUqhD7V8((<R(^f)w5o3~
zO8;&3Wwxqzq}ZB>^H8wE`=BEsLu*Hv{+@Ny>lA?q;15Rr*{j3tjNa#0<CsyyUV1Xl
z#XlnuP7{~m>ANA>Xj>Um)0JM$ziGgvx~2!>6{So|$IG3Zm3^CkSWY@}HLdc%>F-ad
zquptjJyP%&TjF;@IdPlOT6jpk_Zju5?HMj=4+eg16^j;lh$1<kH(gywCE{(P$34C3
z4+KI_W9%=D%_}ML-O{{NfsaT`>fIkNy<E=dJ5mUaK0TnKlWY9^VMlQOnl)Rcq~e1-
zAG29GNew4HI(drQFAlzU09w!TxVikaNB8HPq>35r3pH$Yfm)sT^@Jo`;kOccnpo5k
zEmT9jb);5Covi2AvelCJaQi*+cJu5CHUu|~r(G`AO#-URffg?3HkF35AZe<oTQ03_
z<;<j<WFpLnErJrQYS0=l+zi@O$Z`AqK4bn&IfDZdEb~P|>CuX0#FCPj>-%l;;MMZ*
z9l@((nV6l-#H+a99lO@h?0N;+y<?Q8vvJ#}6Q1s+3Haf=Psb&Uv1}193lL<32pURJ
z5Aiv?i@ku?iomdsiz83vh^vjgWt0k*YzI;y`1)V6qkm9dGG!g@FG!BjYQTix@VpzW
z{zU>h6&GccoT~FfAOM{y_t&>lqeO6@47^Ct&Sk&V9(0jSJn{QnpOB~!VRI}mSyQc;
zWC`WVRvxeKMxQT5$?a0GJ9NN};0TC`m0bv4GJA{Ci|i3Qgw`BQ#R+5<qo56)J>h(;
zBC?~RRJIk>jxwl*G;Bp#xK{swW*|{6D`2-en~3Vi=O~z`sW|I;fcOyfq8yV2<`wOK
z=9LKpMAY%o1QnK>yPT&H`Sm?k$`bu$x?BTYbE&Lz@@?yB9E(!>OBO8BP6cA{AX(r&
zN9a@p`7azc@?Sk(^4RM)gK{-~SPT}%{SsE9O)4%<Cp-G_48h%Wki3R3BZV@;xvCeK
z1Kcr#e*k9F2kk#&J8+GsE3LiS+hds&Bu4VsRl^2#Qz@&Dz7;ZPm;R}}J|Zg$^g<#x
z?QWerReEw=6X`qN;B75XYjZ3=#4%E150>@5`TYSI%Rl(CAHj!P*DuhHj1{yzF-6PP
zybbQ06D`;HlZwjwZB3X|z4*(F(ON75u3P+mfF^s<-|W7pWAbH)OkNu!zG3}VGH<9m
zDXlvWm(3#2hqWJ<^RtAr*u(CyX~HHr+?=PF!X^R`19C$oVIh+)<Vq%Ag<T2VvM$Pj
z6XHv;VFMjE(opIKq9Zvm2+Oke5iKG<NOua#k=@z8#Jnm&#3;AUTosgsF8DE{OO|si
zJfOmEblG-+*{X)cCt8k9vTPjzOO7@(&!f;^Y6TC63gWdo83;Rh2mVYXOX=}2htmY3
zJKcFg=dYeUw+7pec0NY=d3fA*phIqNe8kv(tpG>8=buJ*aO+7~d8|kl^BS`^>n=Td
zkEruz(hL(jIiIC+EMxgy1Qh*ApCP9luYMySW=J^|un^c=G!67V$}6mYHwjQeG+DGa
zy3cu%_Qsd_kq~gS)t0B<GY!`?HT}MVQ$%5Hu>E8Pm;bdTk(zHBS<MV~V;p!k6c5%I
z!5nqs`c5BE^Zg9-KrYDAw6T@d;(gklEWfElg?Cg`ZE(@VQ&0NH_6j{Nq6A>R`jqks
z#OCG41HdVz(W|j$5x|pMlBJ<sqJ}{G7z!VoX30u4-mOMcjOf<oMFiZqjSFW4?pUY8
zgoQSgM$MFPY}jr}ZNiGweHcqG?3R+igu~!ZB|pIDfJ8?(-T7hh>(dvLXJL|Te0Y=J
zp)U!?@_XoCLeq*MRN)yn36}++NOr|E;g0N7RU@h7L?MtdYXa{o{yK^vpJxwcfvX*-
zQM~jDlzWZ44st1594_KoQ=K0qyXBoZpYPKdlFPburCU&pIH4?xWxwYwv?(bnCi6Xk
zW*Y`=dz^plF6Xv-B47X6>XVot^>2Dh0WAMFgrWjs^9qJJc$Ek%JgM58Fo3E48o3%P
zIOicexfts>l{b!o>3!M2P)z&W*ZS+(YvRspaL8l%WiF?Cgv^iTT@FY57aYyHLXGML
zz}@Km%KsoN69!oIgUS)i=y5$p?rNZ@Xuw!$Sze$o0AP0Ty*iB8mL#ebY%XB-*ip%=
zX@KtHCVU7KDaX)nIk=<MOY+ms1`5~qwk~e#Arel`;ti=_i6`kc=$-TaONR^0lOtY=
ztMNhvj22In`w$VHmkr}+%zCjA`HE8!z+Nb}`AhN#by(E0q&%Y0^p!Rn^Rb`$-1nmw
zS{HBhJ5JZUkHE>`4As{x%21DWfBRa#d%81qs=}NQfoLhklJS<aK?Z2v%1v)T#w;H_
z0PD*e0^D??!yAc-wbv$EEY=B#aPTO@!ydjcK3s;2si1mgQ`iIviOlv0h#Kg)5277R
z>2sfk>G5p>5)+Fu>fz3GRm_wXR>u40;GJmRe@n#oAU_ml^0h5P%x=4|suu;luE5IM
zAIlZdoLC}gm|nek`9@w`DawBsM{jb_KqvEc-0E|li|73pPyA^ksJ>~H2JSV_STx=S
zy9U4H|9<Un$?jX2XjRjgQCmzn#wQjWq53whT}>qOeP&N-`dYu}QuVivD)H5;OoxK=
z>pPM$zP??gWnbTGBp`$k;V!AWZCZvAKfNFI@|5h4j9q{fy~pX)8ZCfSCG-~uGbN4B
zO4E4iH_CQfBdznGH`uWFa5#32o*Cpk-f;Uf;-Wx4SO8J^vfT`)(X*nA2;Rp?MMMv8
z<Rx4PT`1&f&SC%FeDwu+W;8r3ILE?07oI5lW3Z)dYoe^7<A;P|rFwJ2HOSW*HT~oF
z1^mgB?0v&GN`|I(U@lumMQ^MbgC<B9eZrCn^OewlSjh*o?0~&%AW7v&zRE(YvwoS7
z+saw*x}o@YbdAR0Hz%Qg&{vx}<zt8qwB>y444cCL-uQGo$*{*I1pZl<YiItOD$dOt
z)|3g-(l=nb0_bUW1e;A8^WtOcZl)3)TvDHf-(Na!R&9;8I3#bWw*7hGY<#jAzl$vD
zvcKSoYV@QDcH0pNQDUD?+#Ih8+whU^#P4tbYXMLs;0*7+?~phBTo&=uW(<R0)OecQ
z?bOAI_$eovm<3KD`BR<8TV;rQ)+4z@9gI@3aiaw`)!Ze$^k{&oifQKD9Yqz8n0F_>
zBH23<{0zqFpl5=Mn<xc>p&t|Q6CB-w-Sa7BuM13vyJ^<z2Mp{{JE}x(4+xXx6}*B^
z?V2hh6#85z@cS<DlLXOs=*QPjjp`5M!iBf44!xi|=eaHl5+1p;%){XR@h3N5XCM8i
zIrI4Dgjf?giy)MX5#5(K8qHH@8cLRHXy?rfq!*O0baz#@+^-l>cI<zta<z0=pljj}
z(qAi9@?!XVxBm~Skbmi5*4$z^k~xRfETqrUf1#sAQFW34AnO?Amv2E@8)>E9zR+Mx
ztzr2~^fO$Ica;@TiH)7^fumq#H(++{<>TR9or6Py1~~sS-G`GCSq>z>OHY)eaT)gW
z*xi1@_iplrNDUSxCjG6wJu&eXmk$|F6R*WbadHwgiEZtZorgcK;TZA!hual+4|L{x
z8jcwv<#?axlwWQu+iri(WrJlL`;!Q`kZPHyY2?1XJwW^F0M2q>90W!jFglUQ#n9I^
zK9nMS5@>OVN2Zvxsk}XVJA;Lg=t%th+u`j)5vHpi`xIhbcbq>JYd&A&P?pljxV88O
znTc{?sa9v6o&RT}pYI7OQArU923*a$1%{)xrLKsFlN{zB<*vX(k#a7MEqj#jPL*Kv
z8x5sf4)e`a^1d8)GMyfquC+4|Uy4v-_GeO)m5vNH^)I(bg88gpUW{r)6Rg!(4y3+{
zd!EwR=ed>VPP!T$T#1YwXBRG4l1iDXuxJHVJ3gzsVTqQCkDhZ6*<5rw^_Bkm>`Bn`
z%C(~eP(1H9Cqf3ECzo)|UdG*{_ri87NvqQ*ISM%2z^3zD70TSqzsRsCvX>doPK#CC
z5Be7d90*-_D1wecp!#+}G5*0NvCNvy7BYQT9=RFMrk$xf(%Ct4y-acnbCV>J;6_Bc
z?+O7P$~RtVq2;qm$}@JoO2Vn=q**%2JD%_4lZm{~c5&|!F$Wss)ptMm_|&K~cm9-0
zxPjk!Ac>b^yx1^z4lfM*ijkRFG4bvvJc{dpi!8x@I@kW;pLbMw`Mq25e0|7FO7$%R
za~`<oDFvTN{F3D$Tmi;<#%H?*)Z`uD?&H_~IDy2G*K~2vgn`bWzA|r8Jy%mB6T`<W
zvxQ>g=%?8UN6<)_(pTxr-v=m@l79Ubj{jwpcsuz&gKcYYDwu7xZ6=KVXS$v3IWroc
z@4ZY=G&{T4=mlGp`K27e2qV-Dnx+GbIjKRS->g(0VP2e|d|x8OkMMP2MjJOz(#yMJ
zqQ|-4JnusxFqhvF#_Pq=?imL(L_~WjPFnJw7UwwkD@I@dwbRTK^F`v8EJ-nL&*aw#
zO_t7`t>p866tJ6t&*YRNU<fhO*>d2qY0ADgS)M)Eq_1t%)6}|Cnyz!TB!3+Qk7$hY
zV+$C0pP4QkDHw|L5fR<nVG85pXKp^x;`c!A*c6x;KUPe)xBn>RTdW0#f3CLZkIMA9
z2>pJyzu~#zw%ww1KST!xIFiPIS^F=M{Wm@MeSWWQiU__a&x`1v{Q9zy{!5uEf!KLQ
z{arzQ+J~R#*xG1sfamqGdzvk@6lK<>Bvm3M|F?UgZLq@9y$nSI6Qyz49@Pzulh>jr
zFI09nk?vPG8Tq8MF`S#}6LeoZS-acrPsr+&SbCNW(e&r;Z8E$2RrX_lmZ%Lr%b3cf
zdAC2Ph@j*5|6eyu;eQ_D6!dfldGpS(yY&O@clQBSgkD#+z1c&)jRvnUM@casz4hqm
zji@2?;_><2HQwbA<5*@Tn@rb85+CmlH}{kY)e$muj1@xo#NE{7PsnwHe3f)+!A5Uf
zo@+_6TVvnyRWz(@E^CJ|nn{ac2&<v|%mtQ+j+$r^8B+GQca5NRf6C6yg>$fe{`9}A
z?PiP@10C}Yy28_FD`j_Q8%Xcqty_|JDPQEkx0xy%#qE&;kd{a)gvUw=VMX)hCY#QF
zkaN4#>?L--Vei#SFP4Z0M^drTc}<|wcIZ#Q`GTei&W(>d2uV8FTUzGn9aynM836fn
z`2ku~kH(2j+KppIfXu~^0)M{JZd7X!;`zWih3$nyqweD(K(S;@7a^^pE9IH^BuB1q
z74R94l;3{zk^Fp3gtXUN9Q|fRsnry?s`Bn&CM3x1fhT7wB9oRmw)$t(`?~HSBi{?A
z=Q>>T*{|y<Dq_i26wK%!Gk2~3_vH4Ovnw6sz<ea>Px1Pb9ri<rBgfU=$)eq(j@uVN
zBkPkbRduZN^GHcMlWx_7FP*hAiarGCN+sR{oe6Fqgl$#Jpf}YhDlS;;w#9&ZrMSg<
zh==dimtT~n?SHeQ#6Be$c}l+poX~7v4AV?rQMrn#EW&?ZducN=eJ3YjZ$5%Tu-w6=
zib#`L`0q%zW%1q6UwNq!=il@c0Gpeok~#SVS-*1z#U9|F((Gui2SNrf)3*`Zr8FD8
zdrbRHe#R4s(c>#D%y5DRe$f!OhbTtGpKvC1o>Ocejl>((pl|EJ9voxHwy1u;XBjtg
zInda8|4(b2F+hOp9#2zf04HJ!wFbr7IiT`IKu6sCKOGU!q;`)IctkIjH3olZzIT)-
z`QdfCKNlA3*bjvVCi1@*sPzSMzRk(&Rwz1rH`v9>eS9U1#m3lo;|bU(pWE`<ML=lA
zS5vt00U$Q8tS;2YHu_mHGk1zVcy93H5fA}c7@3)NMW$sKx3qG3>|dkJgV9<BC+gf%
zp#*7})GE5Wfgn5S&NKP~<j~x;k2l~9-2Z8fLXlu175Z8p^<brae4=#`X{G){q9c^P
z>It`+Ju|Se`@){=883l5<GMLcw7`c)_Kxe_O8m8(+lsb*hxeEjwK4tyce34D`#uVp
zYr$Mc9DpSem&2|temUr?qCC8Htf7H1zzI4;q``fs^&m0qE`2so5ojicW=rpZgRQ6C
zc4JVmf*}n3kYG0b>5I?|W#DO@dJSw^F&%;1+JL0+@x|2xp91McbdG#DsiM}++!?)=
ztKfxC>XPxr$qPPD-9y+T!Lw!4KiwWI)X*Nij8;#iqJC+^D0+s%RsCTue|<#-g1&1e
zMnUyRs|pQB4R@fZ1*D&KAH9zCzfWEfQ-4A(UZ|eiUgEkn-qQEPAHP#=89ey@P2z;M
z!?gkYbOF2TPc`x$nI;pk`t)!L3gA%+`Q<k@^?!k&_8A6w#~(MFwB1P*+i@-{-u_}#
zyB~K&z>b;!^l*!Nuh7s_+Z#v8QOhxDF_q7n-gfrK6kDXSpE6oA;(be^lNb~wlx*cn
z6+0O7LUr00xu*)QHJx(b50R}c_Shvhh|vOHHIzcB<I-8`1Ixoai}v=~K@1?8QEdyV
zw~l?&KJYuZQC9Ss!=UpeOsC0<zb}pV7h5E^I1Y@5K_!KUMJ4UyY=awl1>UCc<YCY9
zw7vs^{qQ)yB-=ac>;4s4MeY=EyAH^+DT3}-`@EJtiP#w<<u^Bfq-P)ekcz%?{K?US
zt}4o3=`Wl~rmI}7V;{V+&p6<WA<TWcw9xjc)dAsID!paj_uBL`r>W_1PLDB&U0$5A
z(kcV4`>(!=M!{|H$c3(fz=a*P6%}%R$EchAe7dLMI}btHI9IY))9nbc!o8R;9HC$j
z>DR9$UeK?x^_P!h_UPcgQ;<`j$)?>3=)U1<ly#+QOAH=WZ(qbrwBE*5#OEm>$L|k;
z1HBVTa_-YOPVK*UHd~Q-gP`}{1*Fl?o6lV4!xPUl`VoNe=s%Z!E}@vSHk0WqBILTs
z=sBxw_e-mfqMr9|c^3_)33=>F^DIr!ougRqq$+{0ey4`hMmOss|A}?-ecVb+z6fkQ
zejfLcq<F>&C%;$D8Z0IefqV}OjEFxoGPQn(7SB64p;-UVRNyi(;5#Nlxd4Xh^~L=0
zk>ALCB+B&)J%{vb$1yA9wf-GZF>3>2n}gai5zGh`*6VHn>Hpbo)scI~XAnR`_?-Ew
zO-9JUSNUyhRw;;n@6msS_6qMH<?xdTx}SYg!qV>LGQp9y&<;lg^aj&U=|ajG5W#(-
zut7Zp9tjwz@1V(r$kl+nC@E3Sk3+wn3@EN`(i4R~{55{VmU5FcQLhaSQ@-UR=N1B=
zs(2UdAMhzexxzqX;*R9ck2j=3PVYRrM%~>1AF{wB`diCqEK*b6?`EpryLYFtMBNp%
zZ)A~=y(L(3c{jq8xFtMsveZD<BkLy-JsMby|4nhw!bPC6lXG+<<8nKMtnV*_B64G8
zW2+g^1um0#Eq>O!&U+B&jsqQV&v!r#k3!btvH=z&!BTO9`Kc>Pr%Xv&b7^4@fxZL$
zi4Rzf(xQRD<d#a#bGP|?jbBpt=@u#LpuWhT7&NSQkK(0fQ6t{ioTuz9hyR@Nt-=@2
zt3pAkaDEMC!>u5M4f6=tEZ^lUF`$9!Xjqjn{?*EQI>e+v;%Qtk10C&~uC$8^hTjj(
z0L<vN-)V?%HEpW^H0M0X@13&7DnGZavYWVmpO}?)f40(^$Vcp5?BM0Zl@2dOpyV!#
zQa**+QXwRtBV3w|n;VG!2CEH3_<WP@av0P<Flcc3_$z_)BB0-wv$PUcBYyBxlH6L4
z_Jv>H)7Xmoiy7Sh&p_NgqSVcA!*2U$S;J%XNy1avrSrhv5q50FK<BGN;+_NJ7ADbm
zb7O6N+)1xC;d#uw7JaPBu{Aaujn%KxE;T4<f-HpNm=vDz$vmXyyM{+Osq(!xt%%zO
zkd3&k7d_6JR6YNhDXz|IExit((v`82fZ6j_cK*h2hRj~9qo|!$9^(6?VUt?+WLsXl
z)ax~KWDNtvx+2RxF?9+#n+HS|It9_Sdn#-NA$~BI{ejdMxPyY)gvBt_fh?JbMP;9G
zff3uvTHnQ^-(_Bsii+X1qsJSwGh6!7OJ~!Q%&d`o6)P%_*j6;eXx^0hYgs-Ed46SR
zp6KTsBKIO64!<H<kqcTsQ(U>ApIf)@yJTQi$AWdTAF<zxdqbT!BIwz{huP^WF5qj0
zf4<TwcpEt8c85Jj{wtY@`BX_<rn68-S2!ogu<A+dwkN^l92A>)zMA6DlA`%7RNa@#
zVtufjw|V43ijvpV6f}TL`<JA2N08K;4)YjZ%9l>W2zbw5PeywM-l5O_y6Ba2ECA4^
zHV})$s3CxwH^Yv7`tj)a9ft1r)Jd-k*r2&t5TPmOUBAy1fW7z@KFrnL^N>cgc5+BR
zJJTMi$^9R#iZ=}XEb#=QD>gR&8>O39gT!o<!U_kJI_L?vX#TA#N(FFu{Q#h3{zK9(
ztwww}gD5{Das?xZ!y0<T7qfX;o_6BRl8y+K{tk8Zv9$cp0J8D#05XMPjZE8%x{Nq+
z7wSuYaQIaNiNk|1h85072dA&^>mg6=KK}Tgy_$}5cCF#BA#L4D?^E&JKc4ONv7AIJ
zHhS6fo0o8d3qV1FH>P3YoW6gA5D~rP#-E5^zAeSZT|U_4+XK|p8MjwAPT_DOW<_v1
zc?v9w>OIJ}yne2M5kxNkCW~TX_=QoM(_6iy8zjWE5@4ygw!d%p50{e6{}CNnD(HIW
z*k-O^UyOEc=-vE&is`#AL#D&z!sP1?S2}J<GXo+<QC?p6=p=A1Fri6)%UHD^l>YpA
z<*UIw@>yWZDwup<gt3AM@%Y)BkKsu?UV-tfYJ_mS4L=faxJiBV2Q1K(SGaET@1Rmt
zQK4+nlKV_`>jFbConuzJYL@xE%!ue^24_(zpIWDt(BN87d6dNL?p%o@Jim(hl0&DO
zsjPV9^_&hfnc1dO8J_nf5lC)G9p)>g+^Z<h>BQ>)c`zT8Yzm<L+kl7d`u>Qvuff$d
zX_P1_3FWy6zae+uhEqUI{w6~b3udcqiJIHm`NVSc+S=z4UuY4f+cJyu=fJAX-p`)$
ziktAa;;Rjs?x;!b$((2n&4}cL7`c;^-m-o46hq|)u}BIh^F=|E*1(UoyjI4rc9-<z
zv>C<JA>z;B=I=}{B>B8gdtX*q0*%z8>38;XjZZ5+zHD&!CSaKrwDY1zUxEI!LF}&F
zVRJ@2IIxFRvN0M+60hc_A;yD^k$fL|J4-XkEB5z1JjjuO>>0ry+stt?qoznHr1r0<
zC}`n|pE<(qgxt1e55ehv(yOUcZ42+(xuS;5y($S@Za+8cx0!6RB+Yr9bpLf`b!C=x
zSp6<wcu@_$$&E2D(uV?*<jfBXty$qf>eB{*3V#8A-gmzraAqg16;J(udpGk5ho+DN
z^lv_6fkmQ?0xrJ#KoHt+J(61FzWjlze7R{y=3rBOOrZk3F8Xo{@1b>5+~(=L@-GKh
zGbwE-1HCX>C4OSxSeAdH1+O>Z(nomG8;G0CxL+CJ&@&59VRo)K_qhl7)|E47U1D;6
z&YuXG(xv+!a;Vc==VTx7T3ej0x$MKX*hld&pA<xd;$Q74BHc=EektrVt3rttaEl<D
z0w8N2BE`+xVEeT0i|z23482F(tQ*uups|i_8Hef#T$Fr)ToK$ILH-hfiNjnyWR7>$
zce$IOi@&qz-TEV<!aaSEiP_EJ`C~b2K2K7B&y9I4jH}GPFLwM742#xo7eqSWud*WN
zAD1&F_H7Wb)nSS4$mq%BvmXBY=V{cSjEuijGDWanu{^SBGsI=Sz>$dCGV6ljWFBUW
zREePv0tV(F<v@x>qaO%(4u-#6Y*!3iKgs0l%DbSjF3finu1YuUNOy!m$`)(t-1ojN
z&g6Y@Sj8vhj#<rP*Q+L^kM5Lhg@IKS-sW%{m!#DdK5>xodFv;hG<c5c9)RQYp=3e+
z5Tu(RP&cI0p?ZNS;HsE&kpRd^?&w#y-@2o0S(<#Xa(G@{)frlYM((H^+(09BRB%x}
z*;GZa`3rd*8Du6TaJT|wFFq@eZEGPYIN2odo;=G;2j61Lr;}1Knboox=$Nnu&Fd|g
zOD)s8`*9}_(aQP<_+>@P?wDdWz|Tz3BmMut86#x&<t;tPFd%pOLhBE={^2oH^%v~X
z2Z?ZFw2uTY0Z0S*4Dmhx%wuEx0wP;y%3`p`VaDkCCCKbSnVRyqBL_3DZxi+NG-)Ra
z*~M<B_~D+Db<nD}o&{=4k})n<;v}bbE|IAaNhg;OHCJGh(CV9=YZDzj4?iJlI6OkN
zEUEeZ|5VJF@#|Iw@3;wwToqsFGc&LDK5SAIA*w62vR~gfQMnPId(+r7>&Y|9&VQ#Y
z8iMGX(I0x0!_v+1Xy1<)=SlBM93h;X2LX!=KC0oJmt_2xFiu)2RK)l%ZAKiXMVQC=
zwH`sLi|}C_<>q2?(%Z_v+)tFO(8i{En(ihm<z0vOBQ({2h3Q@p%cR)&dYv88yA3u0
zB{ki>q6eNzRB5dgVm_?f(yec4^Eq4+I}F0~URgY;{FvBLL70a`js7U^h1ma*l8fbo
zCkGi}-54Vysrg$OeuF3={P<_ur+0Y`6RiU>gz9%>*@NdKfgL$;LF1p?IjiDck2G#0
zBAtV!ot9O6kH=jT-I;bLX4IN~LjmN==T8JJG+9Wap4v|QPUAA~rah?+p8wtX$^Pm>
zQA|PLq0i^=Z1ZsQ+e$`fFpa0x`LnQF<;gS?glFgz>?ZvMghlzU=nvfF{Kg&s7{ryF
z7IxSk?EM3KPiDNrazJ86fP?-cxzQL|(I*8gKO<8tGiUY_<@z#xv6#~oeuwMF9G6aA
zQ8Zm0a|`0_9jZcUmvN#+TJpRXRvOUFwYUX9tW266zwexdbyL5RzbSWfULW0oS;f^j
ztzdh$Zw+MuTN1<7r?Uhf_iz1MWK{H4)^k8AC`XBvg=W3;8lGZ`z?i~JEq5sgM)O<q
zLx;wTJP~~_2jPs<d%`&c;T8XnxVM0cvTOUkMNmMHR1oPlfT5IT6p)az2ubOX?j9OO
zN(7}rPzeEPX-1Lm?vU=zfr)pcUe|p;_Y?2^to45DTkBejg)Xl-XP<i?`-uPXJDy5L
z53dRxH!PtP-zi>iQ84<5*h)y*&G*6rLXhV*px*>upFTYR1sHfGRAveKHJw`4nO?uG
zW*B>2<Dh?J^Q_XbIWcNkIL?@j{cs4iuXpQ5vYPa5$H?BJ9jK$D-%b)UyGtP?kxz5{
zijl{V<t?Py_cIq8gq*u|qft82_(^0k0*RlH%>Ksggm~qF7Qe1)2p;h2aJOLFe)6`m
zN*`%S+feN)SoUUB6*{ZGs)wRi_8=6F{h7+FsbxD+33s0u(E+`q5rcXG?hJO*v*PZf
z*0Q^H#H4p9L`IjL#vtA>wcKk>HSlF7QhcNqwm$*-)Lj(l<}vJRR$1uQQWcb}A%-Cv
zeSw8Tiv~(2+jIb#T*|r)ZT;AfN!EmN(zKkZ9;fvt52)!;I(J;rWgy$SgK{3)O7X(n
zqEbhR{_{Z=8y5X_kOiLO&d|I<N1Y{^m%0IorlhvZXdSlv{%OeJ#?Oh$5>vIS1}b@J
z%Po*oUbTCvP|a~f(V53H_>M{v0X!Z7zUUskDmU_u`1EwX-p@CeJ}SgWMQs+%DjY43
zURH&lN>+kED#_uU{5Isbmgt_>8LpxJc@$`CCz{2#0Ff7GXKM-+hI0q9PBBI#`9)1T
z5GfEOoh8xAcFp3|BYF$$u|wk}@m8BJ3axN>gjT99LKkV`4$|xQFUMSMSaGS$k)jmq
zBdh!whLluh!q?Jd&gTP@;i(#bbysuiFoii`7n>t!`)Xu4&V33dbB{4*+KX3=<J#%d
zyD`@TQSP~IKo2+{8zh;R@AO@{Ln<^7p2#y9P0XOR{N-dw`%wm-4aKMK&_po`_Xf>c
z%eUQ^MWaHgAfR~5)%6*b7C{r0_&ug|9tY-~fbTWe`S}q=+1%^Q#|Jd2_x!I~C~TMI
zEX$le4g%}|p~N{KY6hQUa)^IM!C_Wr`D)bdEyUy@81{7`Tkk_~_E)v1Onvhg*r#44
zN^&r}k1l81Zh|>`r_YZC%yMk3j#;;JOn^c*<)r-qdr6QzfBtxJP*~nIF1{jL1m-oj
zw#(yM1xikWjr*3m0XrepXnfYEI+3iWX)lcTA1Hm4j3c-YL7;9~t}3r|y&`~rw2v$0
zqPRKSA@W$#0w0rY%I(J0ZS<Pi=%Op%QdbH!KATxrJe8nGYs!efTo$JI8h`6UyhzZ1
zU2!Kb`W;sv**>>r2EXOz+Z88R$|@q|4T6NB_=fk^>jzfd3^=3}qU_L_>~U;Q6J5er
z){^DY3KgRudn0JShm0R6JXSv4nErx#hFP<%A^fEHmfUpEB#02#5+S&C3|cmg3%m7o
zQD-TO6f)Q<uKBuRW_OlS>T-$r+~w*8N|Dm0kUPvmZ$7XWz1rn4oX>g6IpZl<gj$Ge
zk7#t)9ltr<b_5;B{F%bSLE*kP-}*HBIaV0ucfASB-)SPcO+#kR`nc(XKEJ)JR=XNd
z7g%0HDg^H>K`vb$&Q<rZe)w6VpDZU_P$L_^BO48dKsUYh8-p!i)o}XsGAK%Jpy8CT
zu%o3o{ja%=$b*oW_;^w0>uzfsmQn&5Z`k0I4!s7FZ`|7#mCw?f<P04sRxqRN7_Asi
zb*U><@aipf|D)+6Ri%%ifSmH%cmTl5_dF=U`z>@YJycs6C=jl%y_Pjk3|nZ4?&qek
znAIuqxXPt9Uu!c9`uU8GPE9(%I0hyZDEg9mpOBD+4BwcJW|jL!65~2*0~*>u?2A|0
zB!~ZcVeG0mcKO`4%|M-2$zt=B%U<M^E2)!6flusNtO&|AeV&`=xElgp(bDe}5g^RM
zw}kmk!EVptfBrCf64wPXzG=oRS%1t-{Ulbn5|a_YIH)U{yOs8|dwTOkqIF|nFYek1
zvg}vN=DJClDE4k<xu^B--Vcu4K{RfOcwS(y2WjVyMYr!zF6iMlV6T*$NETtF2)Q!P
zz(jxPy72onIl8%^%@g<+lsIhLi$(oZHTPJ6ua|PmPFLYq#YVwswvRom0cSE^N|mbi
zB|Zw|Ez@a&e<gSY8TWHjxXx#Sj&Oofkm2Q26-(Dg)ZxtGQ!;~YHQsCXbid;(oF($t
z(~L`wB+0DYt4mFtNZR27{7>}VTyp&0$7CvYEdbX)QhWael@L$xN}Fm@xJV%eJ5?3L
z@fN$EJJYao!l|4{OlU&N%FHW)3Q2lm)+5Me-G%HgHjMS7IsgKJn<T+>!fxNJ)rYP@
zzUZw<BIJj|?yl@Dv_l$>*R~M;{IygT35*|i=R8kguTw7!v!9T?KZ4*V-mUdo;7=@_
zrgb@2Y|_mmKid3Q>~ged{f5(88jH!p9dv~cT1#fTzwvfmdx19Wp(@8K&;qbEy#A4L
zA%0;-=Cu4a)OuBXx8;Xnz+qDat+0<|Xrg05Je;PlkTcEel8}2BQlf?O7EY*6EN$5h
zy=IYX2Qc-f&Ga`nb&wAYSrQ(ow+ij^fWih;$55t}ZjA2Z)^xt-UNgwcJbxqC1q;=5
zTJA}^PrkYba=(x|%^_V9dLFK46@?XgWe)6se$(s?dB%`fz1Vheqf1xd8zA5PT<&GP
z-^w7*pf;z&iyy)eh}2*^Ex6bHW99TsynKkJr1dVmCAGA$*VB&Vj?>mOV%mYx^5}HI
zX>xr&tKY{04cVGQGT~U>mT;I4Wokt1J`@ooKaM7AWaN9?_8Fueqk($~c}|MC3_Wi@
zgIp<vdVp4?Zo&ie4Osp3Y>nc;bA;<E(o^xOS7^$P{&r<EI=*T;twLW~m2lc~3pZOc
z=M8}l!iL_GGHH>9IZ|JQ9jIQ`CCq>AJch2S95x73A{-u={<W#0eCqQ>+c||6Fj4CJ
z{!01^*9w~k5dH25PDqtX)IK^I4ciB`1Uj5(0fVy!YhUuha8OIoRB0jn_1hoG%Rhej
zx%vCDaa?a?-$3VU-x0dFS0+smdvlLv;LFot!E!rtN@b#9VzxKV{h6JQ!wMC{4nt>t
zJW{A9>C_Q%*OB@b9)B%vK5VO4lbxgK=%g6+7hLO}*S+`pSU+=<o4JLBJ-5Gd-oh2R
z!r0)_el2bxDi|4{c81olsWLc_*Sl9rK}nQ;r@8vrmc~*kSyJ~$tRs)0VqdNXqj;Ii
zMKF5PkA4Z}!)Scsw2}_`t*>!jG&J)33Ey$_nQLxf^95<{52J6Dddgm!HH*%J<|&{1
zOG$s8gIOBzW2Ds2nf(oF`onAb^F!vEAIO6fmSo8C@#s~Y1F}_tUn_70f+4nikZX}R
zF7$E;&qQ`Y(Eb{(SO($Yd}~a#qEcYyM)A+!d_hII`5`c&`~$l$?WXWL9818<$5-0@
z8V*lyjB_;mz5Xxo@>sT8Sfixc)$<<|BYOCUetyTzHzn^qwpYNICqqZh3c}IuCg2?d
zS{VrF?wP(I=6Vk5N2*B|zbcFL&(R9o@usSG-~jS;ARt|wdS`S?9El5>_mIssd~1Nu
z834Y3&s-e$DgQvewtl>}<?xq?=?ZllpmHkozuIi_`#J1L&V-OWa$WG>t@md=v;VRs
z{P1xBS(^hl!C%Nxqd+eJ^!k4T6&iDwq#v_<=arO*H+}%_mHE!X#Gjtqvkra-f^8JD
z@Onc0H98fQ=HC@Cip=&no?r{WGXf&cjGIAJ+30PqQrl^gFZzhhJ$H7+cR(y^OTy=h
zBO6JFBV=<dIV#V|icfrvV5Q$I@bQP>AE5g1Q$Rmg2;c%V8^h-Q;DCe!&gx<@v`h7W
zaku{C>jb}j3kbMZeMlc2AK&vq3UGb=z@)EwApp)QF|UMA285iU5SU(mwX&l;3JWHo
zNBvaet-s^(S)M%m$$~R;<B9Xjv!LRECJRsMKQE9O*-xajoiINipKx+=Bs&nmC@HZ;
zz{9A$aRkh|2KwXWNwYkUG+UB{AXXqh8GenA7<1Z<P*}Q08mlBAXgfs#W`U9bv6^qH
zM9Q5Vav*Id!+53r{s<;PAZ=GQcUaQ-$GZL(ujhB4^S`_^9BS}l!j%+X|0+FF?6$w-
z@&}5HRZ2?mT>kUlH30zXa-LQhg=u%HMN+c-$A;BGXdrl)?*MK3dVl1yN}A+?xgz}V
z;?EoL$uxib<DRnz>LC<n`ThGJV&1>?;{`4b2glgCPCvFc)MOhCGIB~H?Mpiiloxtp
z9p&U>Z$$Sb3%jhF`6%CMcUpxcc-RbN!+T=gK+aQeVS@B<bMk|%eFGy<3XzkEQ2x0s
z+s~x`3xUc1_M-gxcW36$7odB%eHUIl`_=TsVxg3L*E+GTNd{>Znmm&C+%X+QC_#>e
zfV6OYIBq+$sf*1_F*2n1rU<FUv(?DGxYBPzmPi5SF_2R{VQIa-arvGk1oP)i5kSuH
z6;n?t1^@AZ|LIiym#@vwT-x{S*w2DR%5P|px<FK~iz+wnJ#Pkw?+dr)InFhuNln$b
zH}*@o9uiw&O~g<qYXx?*4byfzvk%Bq?^<iMq)Omlx%mX|m4q%azi|g!Jt>{=IY8QQ
zneZxUK~1FrOL&WF{f`wQU_5)$I*LlR|NWE7{Cd(=@T8p$GEzRs;>K;{Qkqy6-(&A&
zaFhc<hFIe@>7bpy4+}SsCNHDU@eB}R(-B31J$3DMGWnnW4R%nPYJS2J`QMo0|8$c7
zX}4*fJpvVu<Bh7{3GNr)&!2DoWZvf91g=14jy5w8huOGYzr(T!RKxtHZFnn>p0ZRD
zWsB?pz*r#|m41BT&MgK>FL@3^q%BBvzsBvj@aOa5&(t%SLL#sK`LzFgYh*_NcDg9u
z$40B)w!1HOudk6PMQFil=eZ1<2l$*&->#rPYBylGc(43*JO0yG`=7ox_`7>I$X^&5
z-sn9@DgX7=qXjvdej+|8Qq>RSJeAJn>pe0Gok#(%I$Ana(e%uqGgSfCGHqGb?`8LY
zYb5`h&nL6Q0~9#Rz|OrmU`^OL9!9|1dt&!M&wE0=`IM4y>|bkSM};GD&i<}OSHxd`
z^6%~Xv!k#r!=!0A3&sY`fKYUMItBX^C~;Uo>~c;1H7^dEQal-!bGKupc`!Wy_DZbx
zVM|QmnU65b^qaj1ZpEesnNi;3xW7J{fc?C~If^!ZVcUQ2wf*y>GLi8`w}hT~*2WE3
zl>b%Am~#}I3M}%kFf9Chy+M&+&Bgfa3CSt5RDr|;5f{AmN1?%cUWJ(npGjq*8To&C
zga6f9n-Uzea$rukxGT_G2$tuw4GK)ks{^lD)E+WHMXF#MZE6)x$l~p%ni&o7$)lCA
zWdJ0VlKCZj_Ei?4)u*WY^{UUzp;VABop0bRSl8d{@z3Aye>Rv*cpwU6ze%2dM>;q>
zfyw)X*jMkVTyRQv8Wex2EA@WoD@-d~Ny+K{jo<ej+dH1;c>S3wCK2#2rr%+IT~>ZQ
zEMO_pxr6@U^8D*1_20djP#3(8P`Gg&a;TG*EFiDJYP3Z9b8L>k|4Q57?QMXol~<`D
zQh385aA&QfL54c^KUhm*INYjDBzrjQFWC(5`4fT`oKPQ?WZeJ#z4en82dEJv)`p{X
zjv0+*l;Je|#@i_)^Id>V_LIv}B^<7BuJsM)(W~#^LC)?rV7C1)5D_rF<9<#In*6)2
zQ`SyhA^CgtrF_p`4AaZ5H-Bx^zyIq0x;l2OFW5K$9+0+-eJZd49`o%(r2|rMdcEu0
zPv(*?ITFT;{1;N#ES?M`#<#Fuq@>ifJ3AtjlyMN<^Jy^2AUK@CmQerijmazpvRzWK
z5@zlHTZ{0GfB-MNp#kWA>QlzcnT>+OL0(2y`$meGCskLf7|@Bb`?D#$@t8kb6gsdd
z8x0MA>@t8rx+xy}|Mlew$j?q`#=401f4vu&W(j}<@j|gl`zCvHW7tx<_Arm$4Bb!S
z^JmVk*CVuaf5%XPHj$#8fG_=jdb<tYc)JVjq@Xy+fhXazevO!60J=$(FMn-%LF4o8
zJ-3Jk8H*<5j2wfXu|mw~=edX^p`RnYA2Jt{K^Wry?3eoDTEK~L9GBiXkS{ed%*Ypt
zp#1x+Q<1;MYL+GZ#R9-33u_e?1rO1HgV&d-Ow^5dbO`_?NTHZ*3D6D3L?YkF!h8NZ
z^S2El;bdW|e>|;l0GR70&HR+ZHlJvzTi<smKT+%{!P0Edy##)U)P|^YZT-y`gKckl
zZKvq^J?UEhlp9>hLibS;eGAPgoZsL4daGp5@hpdP@J-rc$))}z7|EXdalK=hUMSbp
z-B?b?V6MaA!v(t130qRB%?ts7gcM_Muw5|MpWOlYeAdKls?qhVq#PVoKVR3J<KW=&
z1ymYdzTP?R8KS@550eZyO!A?{<;m7v$)xu&DAiCW7{;B9gi+F1g!DFHs(U6L$h4}n
zRRT(nCc-D>?L3{35`l5+o2!?oefrES#9T2XSt=>}?$ACVDR$Tg;L(8j%Q6RF0CfX2
ziu;2`1G%cIolGwu>;a=%eIWcNpU#bzcigmW4`WAIe*nzIv31l=B^tny2~)jRZ?*s=
zs!p934d&PgvOZQxv^i0^;fJFic+n4_RD+U9CGhs?z!-w_oLCVYkeL@t7I75KKL4wM
zLNbvE5G{xSrY?{&-e)USVtZJ>IpCpfmY3F}_5<@xU!*?5=Q2=;Ugu3!!J9m3F9z8<
z+)9T9@;FXabimd(75Cfo2$lV5fc}^xJ&Dw|$0u120qnqIr3_Y>&MFKDP6$RzmdFlJ
zYXwGU9!I~ZTorn$^Hdn*LOx^`=lB`(o9`_uTfUBi_8qUiV}$QNNaMLk(`U9_-^cZ0
zx~}&AQKRV!ZjgfEY-dt=LplQu_LhxLN0OMfo(Jlz1;My2ew1~62vPo%)N1Q{2h`sh
z`|Mi~(UQUGVVXpn$8KxZw&&YM)^Hvk{W?6kDEda*pHRJ{fpc(d1nscF+7S0D_e}RI
zqYB_^5@DlRL(mLPx1Lq-&Num-&DXV~Z5GGA7zOyN3lEpN7rIhtfhJeY^~%^phW!;0
zuulx!nIv}6>8_@GnGvMM^m7iM*Z@Ig#k1V=$VNDXV{_yI_4yrl48!IDE)vr)h`Bwn
zw$yu&c~0hZFYZ7{@(63UH9ycABdjML`tqhwc=_b8=v?=s4#cE?qrEBseJAJL^_BzO
zqQR#Y7C-MMj&BSUN%y?8cUkCp4&{4CLx_yvmzfpifnh=8oyG;3C}^rG(Pz+#O|}w~
zCBG6)`VS*W4chB~)}HUb+szxd3t|IEp(pYmwZUvNF72-k4h-Mf<fHl7y-@bnLOEf5
zsH17vqXL_a7jGPsd0Dqj2g`qU3gw<~IZur6ZR1)Jhv)J<+igBvy-X^xUsydBfPcB+
za<J~^TE#l@y~kyMyUx;VxW?yYuK8f$Xqu)XO*Z3u^;RwE^O8hL7g5ks?)pPg@~gfU
zo7F%z-)j*#093l2bDwKc9w}YXju-HJCs#50fNdO+Ail$%_aeQ1d&+a`JBWy9+4-YO
zH1bi`!T97wXVr^jG&^Y0&vQ7TDA3^UNu+RVttWY2N_=G_?8WD&byd-eJOd4mC;JxW
z(_bQ5>CsG+C$#L#qa|@})Hl3NN^=Sget7)hfP+DRAh9C<jaccH+HElyM*Iw|VEKA`
ztp$MH=GbF9ea~<tM+~)0)?<Q(#DEZYV`Qh@rGJ8D5;Ki`fALxNqwmk|-r1gQRO~5!
z@bpg0MwB3?YC(=4?duny1b4QvyV@O2)9<Hr8r%jpc!GdgqhIQaww1wZ(w;>`f|%za
z9l+v~nJT66g!-G>gRLEV2>1-X81#voasLN7F7e%LTSIPdp}HoFX+RXN3kB>=nRU`T
z2KW9(qHOP4J<wI-wJ@yz1BG;~oh1W_jw7gD4B;Tb89VN-HHxb4*syN;vgMu22`)B0
z+mz%D4Kh~~dQMpRFtJ<R3+)>3-Ag#Mt_}dcc<sAw@`qeILbp?g5ZTy~BBKyh!>`Xp
zNlHTQ>6pWIy#MTQ;a=G2%R88-K`+r0h$}mDUs8@BV`)I6T)^qI)J1>aE=|al1cg4*
z*Xwm^N&`guTD-71ob)lMUGdmwj(wo{{0`DUDIHU+kdy<;sPNb@yS9QWw2y6duowY8
zKK@SW--^H%$n%Ell&t;dE1&(g%YNB1;4+_mxbUN>@C}%~nyr?5*SI}(^1~RoaD7=-
zbnz17qaJ`nDu3kJE(IBo3sd*%O+h)JQFhT6<2`o^PtU=5b>iyoVkc2)!f2sirG-#|
z3<=)$>DIZ>_zM;~t3$P%fWy{i77XemJNf80Uo${kyt|i}{M?fa8A4_QpyFf)S8)i(
zxlCk3kPU#=pI*HcIn74l(yXG(1aN6K3I+NI93T?iVS@AM6rQU?IaG>8?w`Tk6rL5m
zW|sCKcLI$d6>d8$Y|3x0bb7GG^}Z%E!l0bmN#Dg&{C@+jN6BZ!(Z*1i!4NwU@i*2S
z_FKrWi8uu292UJ8hc1|e#NRN{EXE@};69KX;M^%!RASq>K3V1LO4*wuejULnPd3Mg
z84aCp$VpR;o;^mJ7-s0ZNx6W5yQ&IScK#zD&Pc_tCF03UxpqjOH4FieK;K6~zl<I4
z%Xr|FfTXi$#W3mo>6{GqQ?HX3$K~de%I^BP(aXPy+t0E0qE1fA*0LpRdn96Vj*QmA
zp(%;5={OF|u~ZrCC)@da?eYtK87elb1KkFIc@#Lk0u^23#26FCp)ke-OSQ+_Xfs1Y
zVeJNV@$YmopZTii%9|iwaAb$#-4GUqQGfel^k=?U6-C|x-D=QVkPDI?ET5v1x%g)N
zAGCUzmr=L!iY%n>2qY3erMEb8o0$rB)8XU@e&Qo45zl48-yiYlYC*+fc?oZ}Ha;L;
zlGmhR)Y#kx?q%Rtf<_vmA)k_qD(Ov^2kGy{5dN=V^*pK9^=toqSUp!mL&JOIHf>Ld
zoDjr11<1rho_taa+i&jKUl7!}hXxaK8q3CnUVm)>b8`s$V{fTfEl?KmT~7QWSk(Zh
zxDVW}AR4-=a_cqqcwze*zQn^a8?+iucIVONB(=N|!^|D?pZD1M<CC`4`d5wz&18_v
z;nR6-s-~JT?A5AzpLTC+eD;FzF~Eh*x;zr4*!n-4b*H9h*Mmj|V=SohBfVF1SbFl@
ziSA#@>>L|Oos?L8*&)`qf&D@Hvi^2KRY%Jk7uC6=hi#rqhltF@Y}N>b4Ki9ql_UNv
z6g4<JZnU8VLllXD1`>}YJPKqMeNGQFqJ&lSmH~mjvqpN;0#5<H`-V#E1Y_0_|2Wj`
z=Qo_?@vOMGid%g4>+#*b9kQnmz!!XQIXpz%Mlk~Z43i!Gqp|iH+Xd6_$j7a3x~onz
zw97F;p!2Ur$zaWj_^E+y9XxR@w@Pq0P0W>n%8QS*?$n01D=X%E?n2vlTF@$~u>Ja+
zMHh|#ba$=ikz0$c3y1&&o=GuM!FRIQ?h4;u?>!sV@L!PV?<G*{Q-sjv%zsjR_pR?!
zSPHej;}rs#DzwCny(7CXj4emaaLny11^2UuyQP^OKkk<9VIKT)B7C5rIp|UpxC^e~
znt^6a@jmGgOaq^}YE*Ns0LIA>v%#z+UPZ8g@uTE5Zi}Tk+20@q15f<HOjGGKb#5;$
zy55@rk=dXz3T8ZLAfpMQNT-1STQ<Yw90;Gznz4{3!q|kn&bKIm#U=jR;+jkUvbeR<
zwS_F4P0yy&U>F*F`ls((vpNHx%MHa})6lwa=aBt}K`;A<L0?kBYt9ZUsX$?p(hVW&
z=%ZZepjTHP%s!VVV>O%&SU1NtKHiSbrspGn<J&DAwW<5F?d@#_H6HCllWe3tH~Hc1
zH@5~lp;4i3<nTk=SY}CGN~FQSayK5vEc)C~{!249CcUHVdLVU_2Fg2`YtbZ#JIQ13
zwxHa3N2`Ol7!mt=R`mGbl;5zPr*2@hLI<ShN`aF~EM)HqOo2!ZsQuo9nN}=rpu|36
z6C7l00N??iJLU_3ivPYWGxl9)k^$(cp1+(Ev-^~}YEB3M49YGXZuHXv#qw4;2IxX2
zvBy^hLz4z<s*jclNhRj_t;HA>#%}k9SE*5V9bzAMYE`%&7Lygh5OwcDOV0*}02@p?
zz$3rsI{4WZZjL}7(h@V?WqU-Ce<})gkD-(nTe9mK1JO!<b?6wkw&2lq#_WcMNcwSH
z^0<6q1*ICh8PGyL+Hu<=j4J<U4$A|X<Gcic7aL=?;<GK7<}XbRL)K&W)1`uBQa@hp
zGcQKh9!dJXdV33g3aW<zjbT(CvH!A9<7=VnFM(Li#v^yPDd^a58%7R?mst*zXKYTE
zfcCI;YU&0bCX-O7)3C3|YRZTkJ-~p|h`I-QpmpTFR=gYPI;Gy|hCV|7>S}0x^)PW@
z)}HiFLxs;iK%KeD9*L_jO*ifDAVqmL7;6q(?zo{3gz%D+?77V!h7S1~pQigefqo)0
zMjqrKKkLSyO_}-jPi5>X*9~9&VmBP6G)cf`j<yKax%E4syjOabftvZ^3g$5c2IKen
z%bC6h$$TOZR$aXwAbFCVNoLk+C@5FfF-~`NlI_mCnx5z7VzX{IW?xDgH~Ila+>H!)
zk|ZD~;?1W}wgTdlkgV_2l|qllU6-%87-j&0%cmRO>;ps6i`fDnRUxHsqQ5fqJ(`JP
zlDTdKfW3HN?94fS*E9X%{reN<9>+6sKid`*w}JQkqj*6P*CzfdmnMOp6a`5_gVNhu
zcPw+xS9lzJW?HwJDkb+pJBM5uoQtEX?f;~V4`!74B?x4BPJAE|EmJ*UIqL6*;w&t*
zKX5q1F=wl|%tM|oKDeQWqIoK>!qjRyRU?vl6z=!2GW%Gd`yL4Tm_dSGe!KD_7;7uN
zVSsNi*AyYCz$dz~6tH@S>E*jTo5v1IU941vp=33CN7IuteU5Zx+tIRAoVp*+0IB+U
zn)dHISsikR^Mdh?XC=^1d~W|HV!rhM8Dbvkpjm3}N5gf-%>ZF=^)k^oz|2Qd{{M@a
zzX(*S|1)NOmSy5odtA`UCvNS#v>%W)>ePD{6Ft=$dEFHln~^i(Ahtr?+HK`iu~f2T
zttU>c?RU|v9n!BlG^%G7A?|?p^pm~Z5kt{yev?b6#VLQuTBH97C7%Umf#}~*yAJS@
z5MHfn7w!)Jj-qTV^Tur#IGn#0Vn~zle66P_<_7fjb60XgZ1x5ibNKdtw}G*T7$OkI
zg1FUhZ;9)<ZsM^8+P4(-7et=;zlO+H3l;;l_J4%P_x$$|`R+IG`hGFw?=9X|{aLfB
zr~_lMp72Xf+0u9~jytKbV>^`xx7Y{$d2`nvo3g3t2bn6<CN&j}`<R#-Z}?9!YhkOM
z*Emo`Tcjg(XtROLq!Bd6YW(ZfI*`#wkU_0>rJ0yk?T$akI%J>~kSWIzfa_z14qaUz
zIEhPHl3U2#iW<a(^(khJV}J-jArkZ^RINcM#7@cr(kTCkWojF~!IvO=#k;vf)5Ay7
zgAZ*>ud_5qxiqKAKF{w$M6BfNt@*&5h9D8eV=I8_A?(aOeqllAJxu@UOI+vG0m@U)
z^2bRhfjdUtT75Tz9OEh2A71MHYBhNtq`+#ml|V@2%E6KPVqPO=WfME%jdez(S<<hU
zGG^5wzIUZ{r9yLGg&VEs&L(m}mMhTat#F;)D>o&IMVxv}BsjGQ-6@DcwN9Px5*3$k
zaI(=0pv)bOEwQ3P{hh!JJgYzuTHj2q97e_8#n-3cpdJ*Hd6dx^zVw<-stbsv?^5N~
z?tS4!e#(sV>B|%}KncGNP^D2p{0lnX*^PV+8<}<zLsJB&Y+_Ydx$@x1&f&Z)tzxz7
z76s871NpXpN1$>tFNqHrWH`rdkKXj$k_Ho=YEsj#yU&$R*FR&sLz5CiMCrnzF6+Lo
zvnC0Bo=J~Xi(untL@IuKqQ!N2{;W?i;<`}dgY&~V>PB9D`*%GC<exfZsGP10)rK%h
zU2orWR?gHqJzASv1G56;5r8?ECSSdeiT)6=1X7}xGTxFCmnhEwsgi$WO4YqrS6UzJ
z1Bu-?b)DnKDWB~lTQa0WNL;4761i!OJ3Z1gABKJC7Jn)=p<impOef*eK(FC(xH&pk
zbnep`yLmd#UGauiX*ScNPv0)U*(wM*CV|Z1TYEvxtluYc>9JTYjk+3n!{C$-#lc$x
zb-LQFP&#0QV)-O7eWojp-B5@Ov=D~KNsw1FY7ol)9-}0o7$@OLA}BQ1cW!R$*%4^}
zXTCsT9RB}=AWz-{%%I81q^n%jQo60e63=Ad=*f6_?>dsn)3nBU3~-uX&MnF(@SDhR
z0|uh+j}Qsvh3jiMdSVfXL|0y)$z9fzDSdicpFa85u{XMYL*kDWZI|?Jgu-vNb{(Uc
zX{42vp23m&9nC&S?5G&&@r_rINW?RyeLV69csTdZ-!k0Ny}xcqeL5X^;cbQ?&Xq^6
zbQ{jI`9{3)efTtQ<N_B{HWNW;Y!4wB#crCAL04sMZLydqd*$>lbGfzYl$Yz*j&<AV
zq*a*iU2hB>hq!Esnf#$3sz<uks;HcrvF%xbdc<9;iF;vGJf)Lz`Z)q&LA=rJ)w6B6
z^NLR<N$zx?Z;aFTx$iTdJ+y+DuoaUI%wLRh-G~2(a-4>z@ws1zVkAzs1C9=K=e_uk
z5VNDO{aK{8I~O+<iwsrKt*!Kv`-|2fTe<I<{>4^f&t_BqR{pqt3Jk!FKC{O4qU$`*
zr^+dhL6+PH2ZwuBveL+TeH!LqTq@7JA6D-```4)BY%LMvI}pei<M@`#!$3^+6lNkE
zni$E*D^}hd)t@-l?H>OX+P~xY)h|m^AEwl-e=E<WyE|;JJ8aID-=~{cDG~~Eqgg2}
z`55>rs07EmZ;f#s(_6XcK8seOP6%%vY>GIwC2k5^E4S&!Vq9<2drsIpsIid~?U&jt
zDsKqUAWFy97SVnyJLO~F+O5at`vN39+LVD~N6nZcX;@A>$v#!<JhF$g*&;Ok9^x;Y
zvOKzGU>}i3mTEswHrX1~dJNBhOtP-AqCAa_PsW}gm-aCU1V=E_<&W6?@p^1czJnG4
zWrEZ`Czyb2YQXZ8Cs{ChcMpseKH(-|_dWM(kgzY)dxm?47XlF1s`tLw)ZJG&+-*vs
zIn)_Ec^~lc2*)IB@|!VGN`(dmg5KYlYU`20X!T3o*AIf0BoF;#Sj0njN*{)no)8t#
z&WJN^*A-pi04t~es<<LsHe%JPYTNW{f_nam+$*cYX+%zxej#thXQLk$?QIV&`kOjS
z=L;HHbc2_P8Ro%MT8b#>q4_t(RVr?+SG$adwXp_%te%XwsRP<h2{0leqse8-dhST}
z6HsOx$UxoM7+FiGT!~*>ne0enfYvGr9j4u`XHWKWcyL4NEp<rbT%2(<0VVQylC{1T
zbc^qNy5>o&Rp%A7?WLydp)wm6DgNLC+OBfKXYg6Ii*=fCIO2VoN?71g_pm;rf$j#<
zfvX$Ve^@|j^%f3MZEtfSvZW-l(6%qyW*84WzWzS5rlxm)g|h@a${_xS{FzW^TQM)a
zqphPr)o0D{>Phc{?Jl=?eV-XBkAwC5przt)!*t9?d9~nT)95v-6mH$B*b&DNQEJVe
zT1~eJ33a!6gI*qe#;wXFo9Ul<43@k3<xL8H)dhxQ9jx9AS5s-Ud%oy?a%$cvKlzdl
zAHayrt0<Evic)m*XbpOmWUhGAxQl-vf~I=A+(2^$p114^a@Qw_3S*rn-mhpmmBiM!
z7b|N9!EdEKLZr8qXZA~UZHyE>O|`|MO8Tmj%-Zz^v9F~`K2>j3YD_s+pv4c(8N02V
zVxs%k%Hs|_cMRE{oGKSU)xVzX;oBM+bpDwAaq*>_<4aM!%_%gFrR(;0hyJWIpIdde
z7%a-QTbwgDrX$collxFnOd#b)T@*`h{x(xbx0C0_pzmGVDVEdAjF+M}P7W~otB&Uj
zkRgFaCB3C6x2*D<H#%>}ztT^->boKzpMyO+Z23WobiYONuFJ_=Fc7{m&d5;^VKvTK
zVhX>%(d%QndK6+F=&;#aQobz;BP(jjaxF;p>9(~BUD?Z`;BY{oXPD|`5SQc%$rKG(
zqR7R2%M13Y8Z&p~+`LHJDW+nR))5F>ly5VeW<^K0?@0s1pn4kXyM;?tr;edFM%Amt
z$FHLyYsa{0TQJNHI7+r#){V}-5}CWkLYNmPD67QOjlKt-H8u8g9Lz7!F;DvYvfpmc
z)-#rFH!ubry3ZRRqKfA)ZbT)W#=V;u%$sHGn6r4dOi6rQP?I5KW8AeT#dTs;Bhup3
zMAg{~bK|jX_Fl6Ms(b&$#1fk2Du!7AxdO3kB-9k?*e_#@Nt>pqUMJMI`QxHa_0tp`
zgmA6JsQ^9HjCSD4+FI1gG10hn{h5{8KTe9APGZ2${Luf<VVUrmFc5_Xa-fyL8OZ6z
zhgD#!zKgBtt>h*)%k-Z{wH|+(_9G)YL7ukVhJ>KW{QHv_V7ZrTy!JZFd+eJTAwpNF
zs6x$+W7b__7@BM=Kh3%u0x{1%%JIkfL!+7b_gVN`J5qWwq>?=nFBsQe$v3O!tqeGP
zJlw-%Zo!ngVa}K$Zk4SxxE<DY4Cc=p9p$wC$1Hg&&9}VzAR8fbV`)U_ek{THvw_yH
z!|?`i<?~iC-vT5)oqN@O3baC>%p}!Z#K<W^@VN(#g?MuiBQsr>JrAGGN>eRt|HKcW
zUbIm1k?c%7h;HLqF0g3kFmJj`tF$rPU*fh7=GGk$njI@nhy`-ijCqRBT)xW83_}k>
zWxh-mA*J0?JXD-W1~sDBFJ#F@>DBFblTg-^gbg<+@>D(x?pgdi>da$HrO(SyzC<J|
zwnd#u?@6DN6j_-%)mhUuU5a)$0nO62Otml>7NvpO#g2HsfGMAsd8D|cm&9*$sgjU(
zv0OMj{Ax3)HSLnhXASi*C6$;6(fVq2^MX$K)Dv<awP}W2q-H7>92?QXgZ=k@KB)!}
z#O$q^&V4I*<b@wxJYQ9+vW*Yp^!sRSYh-~2I6D2xU|EcqQ5x(pNB@cUi&0zY&<nY|
zy*3)08^a$lZ9YC0*hgD>Pk3AP(@KUFY_?D=(Lo05y>sCLU9p*xd;3ga9Nw#fyCNN4
zQK?t;{LdiI9xfxVeOH&64S&?uM9G~lQ3n8&`PH4WR8ErN!`8g02QB`DbyYXE)aah<
z9gbs`w7Uf|SJ3=>ZhrV^4|o*S@j{{QHBm7G1|lx^N6sk(ewa=neZ{beOO!v}+U9@3
zm<Ze6zB$TXD;Pna1kvj#DBQHESyw}!?z@MRkTLfnlM|pYNpR0ZU4PXRPb*}7MK2KZ
zM!y2aTEE?B>EMAr?89hYqO7gMY?r;NW%wMWlgHo?Ko32P^_)`{YVYK-f$jH(cz3_%
zI_aQbq_G~Y3R=XTye#CJ_vk;|YVtuNV;_*C@{CeOjBZX-<{x@?PHWjznDp<?rATU`
zomB6pi(B9+Zn=2Z1i`oJPDwT<ihc~CK>D>8ba&7dDieMfxjo(zZQHVuGixM%xaiqH
zF4wZgUoc-c>6>+e|53;rleb<kBhkS$T|FXQlz5zwt+5s2JzHTQ9fC)PdpP27%uoQK
z%R~;&{P3QAz<{XGAh3G7-1ghV)M6{lds%jfB?dU97GLr~5ra8T<rpZcckrF_j)(V=
zqsku67<=Tp^$~I@^}zj#@oBXy>``)<NKL}JBykMwA<Etn+t**6pn=*5WTzWDSj3{c
zmnw%guN#i}I2S0)bTR(&eByG@nREIle2)E?{e6`sHSDm0Xu;{$XLQl!iMr%S=-B9{
zG3wj?@ycO!rBA{y7brzPuK@ZPT}cl!7*|HF9Jo4S5*T3KsFBX&+LaxltC=|`<CD;M
zZm6_GLnP&)j7gCPpJ1)eT65G=?J`VzkGRar5&=xiAdk=%sZtbTFu0>b$-{J;m(NE>
zF;ZV*pgL<q&O13W4H8W3t?skm$v8VTjb@mx7JIuTlG1&(_Z!dKur&D2Qm-MM=)}Ae
zO0K&bj!ssA!X|65z5Uf9*g<6TSK(UN=QT)HgwyT`W~&s7XJGhIu5BD0%fplq1XsGk
zKzZcURBNr*avAU5xwHS)3A6FZPV=V<=y|s-Xh>qkI3yU>dGPSG(U&S0hQ_6X9X7G^
z=VoZ^_4(p;S;VEpmuau4C+K*LE)3-Ki#YJbYOs|-v58Jr`(7*wLS_2SN);H=gU$P3
z;>z~zLw_Pj1`$uiqc2H<_AJT?PnOGdKP|n*#TQ?o?n@kAsps&qziYi3QZpvB0&$sg
zKebMj^!{v1+ifRTpptT_z*GCH)lRL`Be4XRbu~%UTBgyLELQ<r57a(?ZSi#LH!ja{
z@$GN8L0JRbQh_59-#!E|Tzab;Ut+G1rZgUv8kgjEU!qoHuSguLJdThoG&y=8K#CDZ
zcaRxE64x(hj_a1=zZg>t4P_wrze2^k$Fu{A3W{=!&fyTYHc+UPhtwW>-4i|J8Dz@x
zvqgWG3hYal#;+8&9($$*6kc`KmW!Yh^YS&XC*uPJF^4ao!0zytxbK-(9i`e7yOG><
zIk=;X4z$Wj_PDO=x#8>}79zN`ZD{GSvY_ED#qcs)hU#$2<uqj%HH+SejA{#k8BJnF
zX&+8=o;>}!IH*3l2ZlTL9Uo0ahpo120jnlhd+YXfgxB;6x6B3Qq&qRA<L<e|l#2(e
zXo50J=l4n<^w_G&Ib@&Il})J|yc^Tw>KdnRM3z5t3qNq!&A_Y|&3v(O4G|10xVcq>
zrs_-<VV(EUvvzVoACCDz^umRUrrXy@_m&(_vRR`t%4Tu#a>=?kj|V=hg)uC>Y)OrR
zO<iG5s2h;tKiC-7_jvG?@}l<MUItpM4Es*omJ%KI%5K|=)RX?jmia<;y9I*d^r@_D
zm7qX;_Vi1PI>*dA<@P97kC$jC(k@g6tmj)+UbT$1$W(p9qpL;+qOcnVDNY8l&PiH}
zOOZQUwTcfOtPR|nE?C(!Goj{4wQqV}YCGq>fW-I_lvo{vpCGhtC>cs_e<7vh2+ty&
zN}Dxm763%eK(D5sYqH%866gEY=BQoj8;rMLE9hn%Rf(0O$5;0TrOU=5pxcs`{N6q;
zF?vw!dSHwPmhH{!eU&Z!&zm-|tJuE2C*%)zi1hD1my+)*wRmbdkS&$n&6r}>Ktx5l
z8e?(ly>4%hAs}sxPKNf90Z-pn6!WRX>9--F{N<mFpZO<Wx>TCLIZv}eB(25$a!<;4
z!xj#j!*-~j`gouxlVO?7`k!3Ie87J07T@EV;VVjvWL`#1x4*mK6`wwiT}&!C?Ng_m
zgG4ljq&G9d{2}LCw-8w7E_-a0ky0Ae`@&|zP6pPxQ(&Mt2Ys^VH+lSmZLYjc^0$4t
zrHx)S`h-C35?!Vh)wC`~51vjNHP81qGoFf(%#a3XfvFJvB-aIfskn8_lcMVSKq!?O
zxs)<ydxDXJ!VJ+E9`a4B%Bd<DhnBXL)w{PmOwWVh){c%jI;bQragN0W=2%B7E&7Kz
zIArH=$mBiFui~(&GwJ!51QP$CTW?fca_s(~$g{%ISwtI;f}kJn%r2&%D|t>=pK>`>
zy+BV{zZ1g`+@woc^hqxZs`b3oFw^bIFMVpnj}!d*JYPE}<)Bv^Sv(JCUz-iVC58%z
zFQx*uyRvP~CgUXy=kSMtg*$h{gt$~3fk>w15wSSvP<rNZG+FLGB$VRq!pW>xBgIp4
z8FZdz0j=Nh*N`MW5G^6ASK=K{+!&yc_2Ipr?wq(KkecIH`vkkgZ`cP^16RvbI)ga#
z<O1cmQtPfjc=o?@>Y0uC2$SBaq`5X<%F(R)HXqxxixRTNo_rgMZH+;TPv(fO_(xS&
zPtq`97SSrAE5=orU|JK3Ll3ob8+w{ln;*du0|i?~IR3V8%Q0(*sQ$ChJ#$aUNyF0|
zK3f@CC8@=a<UBQ7by)dS_ZsHKkWb;?K}`NC5`O>?Zplnagv0b}P{<|5<cN*=ujp}8
zs_$*ALFZNu#WrI-c{I0^wylKXx<r<A+}B08go&a@15BaJJce74q`TIcr<?g?b`C84
z`{eP<9&xlbH3=%>J2DBW7m9&})AYSDr4lb>yzKa-p`8$lS!Ok~4YCP@N5|Uc(|J;7
zGfT<uhWR(m8imEENRBSGzNy`@yP;6sx^d7Qb^^U2ehUE4WD^@1;|etf0m~=M^P#e+
zQYh6p;SRqlYWDPCSeA?^CO<~|G#{C5!Z~aUS=U(DEue<TCXZ|_9LN>Oecbbi=gDp6
z>-qub?X^CQ8c?rB+thB5?5z8gPL$S}OGu#i@2!Z$X_Q*Bi$_ko$8{SG+mSQ0kNM1X
zPM?KJ!%>9Ox1Z0qbu)O?UK6xC$E}CTs#AQnl>3?2ezf>gY?_dkPFx(`wtzRLl#*jt
zqO^+vg7)y^a`HJGO+UFcj?@fx_<HA_c8+I2*&6oq(uFz~aHV)_wY_@oeHQm<UOmyr
zdFxWhLVgm}rX$on{V={|ICtE(dT@#R>B6X1;Nz{E^*MX{psSR~emczZsTArKCOv$n
zh#Aw9cdsV4L?v@$xD{z6gfa6#^OsFKp%j-^GSMq5%1d*-FpZ7wjpGlxDJkKM@eI(X
zr^@5gu({?#MxNy(#_GN1Nd3GacRq|^n`%LB(w}Ii`SdvVWQ}fP(S1F%_Hlt`(S&Wu
z%E359py=lV?0BMCwh8#(G(qxR+?~;17uSrRGpf4J9Sk>!W%X>0lZfTvI#-`EJa0HZ
zQ{+{+Sd{!Bj+k!0lz6VAmzcpLn?+Pv*fTjiO>@t|5(`^Ot3Ha#TtbLqYbszKgFeX<
zuoQ8uJ(jRu=4Dt!XK~*Jwp?C5q4EfV`DB)pdz3e9_dygIsazs`^DKNhcfM8So`i41
zs{jY~Zb%78gVH|A+brs|dBLu8;!Dh`Ia6xn*xy+m3c-ycO>o3wyiGJ^*HkhOLlmd;
zMsXU_d)<mpSyY{^{DTaIH!J2I2&ZWqdsI^k(DAQ7p1G5uo}cKzi1|^US;lf@G4W3B
ziUzsQIv`;0S(kLhyR09eCS3An-BC4#`rQFbDNe*{r=u+59A63vsS^_uW%IQ)yo#<x
z9DV@C`o-)1BsyrV*B!?8JrKyO;cBZ#d4HCS({;H}W<L6ar;e$HS*y11Gg>py9=N-o
zAJ8N^H{||kbe^M~u6iV3(+z!@sxnrffUdoE&1^iuwpk@5Z*W`tD@hg7dZOefII;^@
zTScip0k_G-VVIm%kDa8vUBB05&81-5DT#R)kZ6A_k@sog_wPrKESshg@sR2HL-MvM
zI`pJMF4J0hZk16kI<Gj;q%hYI6uM5&6x6T<@u>vCqu()pu~~QCf!Cn}<yK@JhF|E1
zSJz?^h7blnYFBb_a80t?-n`MBoeR5<Q$PN)N>45;MSaJBAf(D2Q)z%R=<*VFPu5di
z21FHYK9eNC36QZw+#1eZi)w@PO%LU3gHcrbuOTEObImccG{Yyet>Bny*?ioXPV8#s
zCyE-I|N2$|AT`_1L87agcWyon+=k7<m^al#c4oKKkeP=`nHmQ_Nm-9^2~#Dp>jKyB
ztSXn?<Us6DaY!Dm^V(03T4`(4)oFEePdz65a4dN=8`j-gD(*W~XdrD5focXjs*tCr
zAW>e2qs%xAa^TY22!yX9JGG+arGGSQ#cSqkIon5xrW}$p>K6*%Wxq3M=Ald;j5)Vs
zPo?UD)~`M}r3j<>`yhLGr*tJnLYEg3B%##`1zk{*Pd>vb<tvLV?j%uT*w(ChFW&Aw
z9JpbH)XowMa^bFOjz!LHY8N1kY;SAmMI&mgQk2FEV*bueAXbj!y84w*`}>o+nm>Tl
zMB4a{T(xK}z_?&htdc`t$S#a;G_L_K0K^*`s%N)7L%1T>kS8A|V|B{~^`syRoa@{<
z#`WVMT7<>{={r3brm)&)^}to2V3m=JTh8<Nc@3_cs<2?8tmCX;=CJL{O1*tVzI(9N
z-Lh$8RG(#>2KckOXr4W{OVG8CSy^GEqe735PNn4f9wA8>cJsn3zIi97N^DXy-m`s^
zB<f0~qEPirn0>~a);5AR_e~(mS=1+k-_ZzGv8TEK_=Y+scK>?f@5f)uyZQiD3(k89
zZ}d&oo5?aCn3ckP0;CClpL3>fzY-PZfu6ji!$l-<Q_2#_E>@AEtLBy<h5GuzRVt-o
z?-gT9SjB$P@<`zl7YQ=29{K!!VRPh4e`c@Hw3qed{K~h$@kllCs5Fv>e6$CH_|`|G
z?6Igjq}2;DS2+^tpw%AW-i>Pf_D+|6V`v4^>n7%T+oKo;t=6?3Zv23j<u5dQnWwqZ
z_^qNXsh}i;VJuav)cpRZ`f;W(f=J1eYhy19YK`62)1^at{E>*ylh&|F;_z|PD>H2>
zO9Te9pRU$7ETzFB7dLjC+Vvce9(uJWFlHaO_h2Ay>cL)>aiXM@0R2W&I!!^v?!%k!
z#>>KL_iL{|yJpMTF;_qGat2KM_FfPr=McR)t#L0jAuOnT*)eF?Jk{;RJACu}nDMnV
z3$%z*zp@ZkHE}OtJ60GJi*hX*GNSwfQls^Hz~pS!i>ZvnBhC3}9GZ>i<iM!kK6MtW
zapR-NL3>o{>A?0;ED6Ki*eKJkkM?s-cx(dX91f<@rC47n2_5pTxr$r27*J}XsFzwk
zHT~sQ?o0>Eql$F{v(!(c4&58RB0dg}t|8rs&PdP->yyK+9|IqM*8{S_)=vY-2}hH6
zdy8G4mKsBDo*18?ERGCUYW8^ER~@Xj8ukUYz|%P09?BTZGKVlc9CoQqEp{ya6p@aR
zc^ZH1vrZZJ<5PX$b|UoZH1GWKt5aYg49iB0m_ni?0y)>OFq@mIYSem2Ui)dSL;tdW
z2e*1Hq%8^dBLbVChfvxuqg8GKIlRP)Qs~>EuxYpb=~{8@Rb0+F{p6<k<AgEWG0d|Q
zH^Tlaj^H!G5!oklPwFPoPgR!|QG2V$_+maN9fr0d-_NkZ{h2Rmz_;$mJt;Z&82dVu
zH8AfAd2GEzccLC5|E^~*_Uj^z<>-J<%#LENuAVL;A1Pba!FZ6`Us*CS*&1RZG+{@X
z;?}3YpMtUXE|`i6&Ax!&2K0Rg-u}Xt@@z3lJCt3+5$KsNgxz7VBI71XV<`=T%8aAw
zDhjPD(Aa2hMGv>`F$Tg<dS7kS{5~+y<7B}diR%KU#Nr%HUy<p8XYTSjKV$Z@qJtXN
zj&yNGbZDlpIwxd2G9sy1X@fLQQk^~t_~*UkQt#b*?ptR+{!rT(*K+yh?c88e!Z4Xs
za)aHxbR}i6!@Bbg;TrU}CA#hQW{yJ?3v7?td^qW)O`x8Y#0#TuHgrnO(^YFet{)Z~
zt((4hG&-|j`zxcrweW37cXBhGgkJRc(eBUL+#mXc<2=v&-AeUiPCWT|zpUDzC5|Tc
zg0dGWDm}WAMWhBaW;$D{((35e4!e(nrN_(TIJ|a{OZENM(cQ`DBio1gj1B|~^Mda)
zoY!RJ-$BmTyC-EHU0v)YCao_T=EfK%Nk5LF6$_R`8msqA1Q71!5dyNYDEG8h<m4`#
zGgU@t!YyV((0Mhae(#%@OLe7|nHIL4hdNbCOx^7gJ-ZB?u4&Y!uON$b0;YdYtXR>g
zSOv1Rm}Encs3y36G}|cu@en^he&pxk3FR$lwRIJ5wEp!%;Wp8QOSXaQ-XMWx?c`c6
zmY4K{N3H}N!mYDTwuuzcWGMQ{m}jMDtL2l|f3$v3*e!6RZ5#0+K_D~av);3>Y7Yzy
zwX{Sp(;w0ee$iEQD<ZuToFoYg_AH83E6LoRKQ0#6gL5e5=~hP)&`(9J4i}I;wgKfK
zDz5mgrN`o8V%h{6w`xMi2`NKJJX3+R;br@~+xa1vE-&!$JwMfl55S!EP`X!x;1f1)
zZ}=`ryN~hHLkV2b1b_U+H01WY3o4hzxlvzeLsivQlraiZ9k+z|jELERylvXp5hw!=
zOV0idMdnQ(8=u;1u*V0kp4fp67e|b{Gb(@{VTUGF!@gMgp$k1d^z5Uimo_sH!uG2|
zFSz9sX~3$z_MO3{A^}M~`a6>3n2S@dp3p%kM<Hx}#He15)oX5VZ(qsbJZ&c(KiK%b
z=pO#l58tz;^Q;@=GTrt^I#)VgyVrE>+I1*fkM&;3?{Dz)z)d&Xgt1%F_qBg_b*3*w
z4ErMm2Io<78iPsQFjK^R)tmAAbUaq&iNAq&{DDa+{BgB3-|q`W;g{ohDZqnwi8{$U
z%}xCMh(Nb!(wCauTa{BbzJh=J$FD||_lIz*<HxXV+rxnx8A@7Too-6(G#KF^8Qoso
zUPbr(aF7TwHc5|`bRRA1-CLkG<V?0ZpW;6BydibO?F8jWo@)IO=63fmv%#SG_)`yh
za;vxG^&TgIK~schAdL$ocpuM3bkV~@XfLx_71DqEG=;e1^I?g3@0OtX&zLF^@=niD
zp9x}OS>umCQViWONnc?F7r&}V90;y@Y&gHULZk%7H*?o^?fBXv>Y|YKF9W4$qRui!
zkc&+lZUY7S`Ze2|kj8U#4Eg#9PXA!3{(jDfr^D8tx%NPjN49**C8UOW_uFy<A?0!a
zX=b2cnsoV@!#=SD23uqf%MzDQViz=I<+q~2Am5K!_?HVOo0XA({r@pWRYYx3XsMae
ze5$4r$9=6n4>aGuZbB@j@b;Es;`CfZoL8M9OGPLQ44*&0IqAA3;Zq;wd&#qqrEksk
z?*k>haCkz=g?O>%Y+zXEJ>Vf`U|2JbDCQo3c<y>G&&bX5%!q%<_A+eLe`|)m!wnr;
z5%CfrYI6sb3ies|Il`B34U6e68?bm1)oh+zvfmG3^tw0Kj9Al%8{evE=ky8-ZkFLu
zlK22T;DF7VId#PD;NB9LGQBe834G_dpr;LvGi9EsL>qxS4>e0Y4lGwEb7vPaQVGjH
zF-zaB5#&hZ-C?u0`ZDck<?oJ9dSn=-zrI;M?bBeetm&rv<Ow;62H*17fvD&~Y5#mi
z3NPR2ss3kckC~muU%6y<rHLXV&Pn@I?$yFmA0%#CbK3IlI7*S&lD7y3mD+6c+Wo|q
zZrh>OQZ&XDeXOAa_0TGzo|8*&#ts~`ZyZPGpm8p4fxG%RE_Lc}H*j+SS+Kfgj8gnm
zgpu_?DQyT@!)BTof22T%JenOwe<y&vK>`TO-6@|tI!gl$i{K@duVDjoVTCmV9?oc&
zQ&i6GV+3&Z)byfJw@xRgU`imUJFKkq0W~R;AK&pArH-5t`aBMSd7KQSUeuos%T7(m
zXQw=cGC%^$Bij`+yF_|maD>lTqe|I?FpKMONdcEv`QdG!?^F6?*R%7V4MWP8fY%4n
z!9EaZ6li8p*+l%x_N@LN&fWql%5Lo+wgFLzk&slBkdTs2N$HmElJ1TX1StWL?w0Ou
z>F#dn2I(5$+koes=RA78bKd`2tXXg~bKiURzVde!Ke_d;AjTJf;=7q=OA%XVJtB0u
z3Y5QKySaY@l?+*5jYh6{^FE5?PG&)O$l?eBWU&3kqYJC)DjT@4PNYSKDa!(-ZdF*7
z8iF?37tT!6{=B?);;&ZU4mi#_)MlbhDPQ8`XVjecnVjsc>~)RL!8&&GHRnRNW84q8
zsLT)94%?FN?k@HJs72#KF50U1-$R)ZQ@oEPn>?F5x^a`z`c?T6D)Uz5?!u-?%|3c(
z7_|uD!=pi##he;?*Xk2}>+kF;IaF-U<!maWz>FNZXuZkBSWcOxVsxRwS<-Dh)qXIi
zqt??!)Ngf-4P)F^^gS5$03NXa&l7Q}Pq@z8?n^6Sn*NE2e$0Xiuo;i7m4#512R<?;
zH93_#G)@<jCF=bn8$XiHA_k^?T+CQbP0Ekana_{r7QV?B==6rcdaWz&W(oxz;H$~G
z=DeRQr<)wyP)V1k6;jYAj)Q-9myYTPn48`?mAC6d81(Wv*m_Ge&Oq>3&@Pexp4LJ!
z49pGwwt2|$boX?xUyNre@zzdtk`H|2Xc@udOXlahhR*`gi1wGL!Vag#mC^A9NS4sZ
z-gzQtq2UXJjo`d8N*dmJKeE;66YzEesi}5jpIFYhc4)U?zmY)NFxBhs=6dY_h`YdV
zT+I4Zc&_n@j1?PUgGtitail;_CgfaDX*NBuKh4U!c`7Fx_H&792PUbrA3;~BcAhho
z`CNhiWh|nnwtcqAw6hoj(v#7?_Kn<l?xf*zPtw(G(N%fp$#R0#ZM8-#3MG`87^r+u
zD%TSZ7DJLV*shqfJfGr~|Axh?6;{bGHn<kR?k~B!NRcGc&C2HKd}`zp>r^u7oU+B#
z(-pV?aXOU>Bog6C9Y!rbE50~RUU26|G7>wSaEMj97+fFSJ6U^v>mV<?hgYIMMI;e4
zFK93KA#RsdoeUP`n0pXD?6y5;#G%#0hBxMfX*2C~DAe5-)e5)egOLh3cW{Y_j^_4f
zo04^os~ZO{rcBnw!rlqmCd_O{WAK-xn4cTZ&_z-x(4p%-A*!NaK`>cvf7(VHe{=}l
zc{$CW3@~+ikyv)R?^yi@r$ImS8_vX7dS7FpgD`gCg`qz526DT%DTq038jr=sOj)wy
zogIpA_^-{)!({huXq@Bv?wmffxfT}R=9X$#aeelItsAz}zqYanqh&k)b}1=hPcsJ7
zWrwNnL@(*q`*TFBl&~qComm&lQvrNSXXO_HbREkce06q$yK;)uKbK=z3Sv3DHT#%l
zjApZU?4fO1MK2RnYjn2}=F*JDtqD$s-k7tNcRxq!PnWsi2}0VM*MR{qEWLaA;4E?F
z7}&WM<`)CwVwp`_(Fd_WRUf_nX~_>VYOH~17sg?;f6Yo{KUV(b$yGYd4fs3HfNkq)
zc;ILi%kJNMvoo^YF^h7FmX@|rD1$hepKYpEG;Ac1--J1}^9{{eX`bdvqQ6dy-9A5(
z04=X&2$7elRB5Y7Gm%nEZE@sSP6~cttXP4L)4Xhu$_4NiKUTwLEowHt;YLm&u@Ouh
zZV4^m9PAIu-cli5#Y2J~AM1k33QyHzdym}Q+z<B=iH?hRW!uT`tIyzw-Hx&U3fR<U
z+ImfRscWg1P`SKiu%HI^b;@>*ZtYbJ<r++6JXZFA<w=+fY_xp@v6}<qN6}h@K{g@#
zCsq+iJP%^S$1?WtVtlq7IJ|X%va&Ms!JcOySB6!gy$sEU>>*1vv)#cUuvmpTVxP-T
zso($2cmA{yL$#-cK^0?WW3@lgpY08>M}yZ!`&X9g=JZlu;@!q3+CS7#n`lb}Dg1kC
z{&)?;*`Q!lJeD6X0p#B*+7u{@1|66fD7j{9`M*BAZ+62&YQA-)ecJgfHUTu`I=xf&
zF2~(w!VUx1jE9$me{B~bR9E3#i1J|ymONd9$KA+A*+qbZ;8<XG5c8zAMn&Nq6WSe~
zRvyy7mxLP6QF>BEU*<O9CEnwp^*o2|A~nrMTKY?<I_;xXosVTy8}&wb?VaF0JgvI&
zN3CJP*&O5=8r@colxj%mj<4inQ#RTj6lH@}fpv*;5Jh!@l->NZioDn=`E90-z{%sY
z@3+}VN{kfC*n(um%RU}y)<JWsu-Y85QRP7Y-NU`M_8AU%aqZn4f#dDB&;=RUelTI2
zFym(@!*maPuZQPwk_ycz!jbFf<JIHC%Oo9^&2=K~g}aa`;DojegVL#z<2gST(Fl{J
zJaG)Xu9G88ELx)Oob=U3h8!FaQ@D}0{>$TOdA*(t+5n!ZzFh^(Zs+X2A>Y%e)ccr7
z#k7{!veq4=P4c5tM^DCK{cMyz;b9(x2oDNF;A&BP)-pkH^4($)_7+NcsyG43=+EOS
z&8p+ExM#gD+kGJuf3dK5g0>1%*AZ38jJU#>5Fs1vT;=?ZrDmx|A3mn2&B~TZT*jy+
z^(N0h&E_0ty}KY|S6ati?(Hc&TkUA}YfS;Tya|l->o$iB`|z~Lg?zG&!+E$LbfsBD
z7sY?uA9%;yMI1Vpa)UhjGc^1fH;!F7D${7H$*VrMy#|bHt^nh;xn|?0tt!@YW}ml9
z^@AKr?BBX$hhV<~(wSrUTXT!&iPM_X4u{GS%=;h38{H=s2TwnKaUU_9U;A`&<n_E^
zZ~d5)2gQ0XGs4H_gTJSZ3+rVLjpg^7oeQOsxyTFl3Tu`9+Yrd<{_b$+DLz|O<Sxg=
z@zVVH6aUki{&R?%*U%7Nq&AQi@6<IEw^j0$U}VVnl-yyMU{aUlbr_oS!)2z6xaB3r
z34C#KKh>$9K0S?f4k!-POmiKy+Hkz18pOf_+#(xeGNhIBP69qWExgu<)0;o6`>=Tg
z1@CVcyWBqU5m$$%t<P`C>slp6-D7fI^JCp1d1jf)4@zGH77%MG*)O6%al~dxO{*&a
zRZ{u0=NMF>yh5QA$)EQUdzrudqZhyf=AG2%$qZb@{`K3rKS7;!mh)nSwc%#vnlUr%
zXT5fe!EknRnZ+Wq4biBODA`P_w`v!)P|UhpJdAe-kXeYj=BV$5?yUBa<IKx%@3Isu
z+g_#|RoYSQ@}Ek(4Frad!kCuh=(!#b1RmKI!0|m2t2AG@U&97i!RAE5_QS3|4KQDD
zjn|h<gE|yqLC8jHG)>p+rpMM$3K&Pxj}gHrbC_Dj3!nB)^i({Gqeg%-3eFqD9A}n+
zf<olJO^ls=oLc$Y?k)_XF0A{48}mt;j=t~?)?+cby4VcHK~vh+n-gjI3DfB0@W`Sk
z^yN`rhsOYB5rHe-t0iZLGT}Ia9KXguXQP?9aaFe$Diziu;(f;V=mGqB1#_3w^|=4A
zrd-WBU2ETde_?+dY^Gwzq&DtTg4S<nc7X)OXO;UBiM{$c?&$ZEZ-m#Da9)5N+7a~z
z(K%AANPj3{&b_1%KxVRrWK*J5JgI^iEdzxxVDG#I!yE&(GZjlh*pKHSv!UM~9*p^j
zqN&Fm8V|fRMqKQbFn)ccsc@laTqR;}s|jI@npui<5`<D-M5cTB3o=_WMvZNzVSAKo
z1q_ODbkgS1Q>6hY&EPb;8k4$cTCidMr2klHTfLbO4d2?d+OczM`^Q-w_Sho>Y7|Nj
z2$B8h`Q%8B!;6I_{Db!;%ZI!{q%qI@Sy$iBl*Mxem4XDfV^~KF3YQ2GjI#W#EgVNp
z9SdV<?UHae-XV*9tEMD-=##ZQ%Ic&0+LuTo*GM$s1>060+ex9}C`~t8)9P^~NXQ&x
z05cTAm3>#~=B*+*@@I5)V_Xpyt$;S|oGda3otWP2#+u>nU(MqKu=v#eN=kuN{$s&-
zW`fyAHS3xtTC92RjZ1%ObWY{$d+{EYOq->w)0$lb<V@H29K;3(6K+AlgqENRi`2zt
zJf|1m6VH12@wpuzF0f-9PLBw&air*KX^DH(`~RHeDDiRtu@|uxhe(y`Nykh#uL*{#
z!|KhxI|oNCuqD{hN7xYsLrE59D5IDoiOhEGqb)6B;rac^3XZ2uSdSJ*Kj=+OlntEc
z*3Vyhhcc^B;G={Cko~(zZ0ux`>=OQX?b3+h4BB3boyAK+x?n%F7!#KDC)hIv$AM?3
zedgPSj}6T&F7AiOCarOA>#G0w{^p|-{@MJ3?>8}yw9=+jppSD@bgMt@9N|MJBx&1q
zU}BDi%<_(v>0;l`bV0PMxn{4tR1a!z-+z299J9qrx1R%)v42iizve3RK0N-}`PGg+
zWz5AsENl1Lt}-&e&fxjn2{L#>n^kpDRvb%DJldQ0j{75k;3}c3>ev2dO1%Ry^-Q}`
zdG@o<v@5F_IROGooss<A91I;I^mPaVjr^bOXF=w^_aUGA32BWTWfK^V&fs*RX@3ro
zkGe??tFZ0T3yWjX6A(@Rhkw;k$McO%d*=lfllcpP3}&yyzxag=5?vyLjUV7Rm~aL_
zmjENhc}J9U*(w|m!89kBB>QMYq@nH78Ar6mvb>_}S+nPFIZKtYj#k^=+TdKwjjvQt
z-~-1xh5W3rx&R?de=Ki?s$)G*(9SN8EOvNXsEGLV5E0q>XE6u{%X`L&&dZN`)zmqF
zcxa(G{9>KRi4S{)69>A=n<j-y*O84St>~5Q{&o-${5g{&p;IKx=JRFO!p(FK;NrXE
zOZn~DaemRv$5{ohM(jTRZ~}=pDvx44V1rtKk@p6xkJTveIkA+63ApV}C!Iw;Fr+iE
zz5$SFMQ^#|<S{bJ8XgXBjDnM-d;WHlFjXjU>tlKuPCF}}j8GZX5beuaY2MtbI<yS5
zVmjNSU0yXPKe0Pv=7n#_uG+LOV;k64#eZ>OGf2An+--pTi=U-8KL{ch^Gu2<LkaS7
zQd2$g9OJk=<F;}f9t;j=9BVui)Dlw}qKc}VEObQQn0D%}YFN_9)ob)d)5txP*O<|G
zO%!-iz*a6Rz;b$&3`-3#>A4I~l#ITQ#sKl_4Vx2<2E<b|&i*x|n)!`^6`bJc#|o?i
z6|$VRg42&sI#NR)TE|B*m4#lW{;tdTu_YH8E6<>HW(#U-YtNFcNZg!i$~ukM0V7p>
zR$z#)ermTbiBQfsxpMS*YSB<|;H^YYT!0cvMSH8G_JBCkB7ZL`YH63+x(SO2)9zFI
zYM8{}_nTs?8E-N8j*WWIk485ESh=!M(yV825&6*OZ0_J<%u^PG(xck5N+w0g#UIdb
z!#SJO(22q`oFzWFGtTj@j^~vs+wIlj+$!?IdA<0fmH_Uy?Z@dCwa;{q2_4SXPiQDq
zw~n6IUMBsa$*R2U2k@mGx6H~VXQwR@Q?eV<{zCa-5*@Feb$}XnKh~ik4(qA6S*N9C
zQ2AZcavZ-4?NFaQ7e6%3+wG0~zT~3CqC^{^TQ&C54-BTrEyeNS?qXliu5eh`5gmYV
zSn}%nx3jcD6<AZ^1zz@<JLDasowFL>&^F~I6LXAf^_^E@f&^b%@BMxLNe7W;RpBF<
zfy&t&VCG!aB5W;e56kl~<7b}-%xj*&(n4nnFS1gsSWL_>s6mxM0RyPm!rJ1nKd>Je
zhT?6nnhwvg4uN?w%LA8QT}^dMcDi{q#vCz-Syo?AGhM=!Gn=u@BeoM4GRFazPLFhh
z#%YG-%~n!jX?zlNZ%?yhJ3Hjx5q<fKdk+u3)*&5G1&~(1UeW{UA9cHRjw@9^%GXT3
ztZ}*5&E&8#y})$v?n!}ODD&c1UQ{1_otz5%ih+w=#agm!ydk>)s<Gs4!&rr!C$m-3
zO`HALc>JJSlX1_!)LR*j7<6ouOh5CnyEuFK8Z@1kN!ltYvNfxZ8D_i_w}YHOpZ^dC
zuOK(>>34_tF%M|j$0><{c+u#w>OmNnFB@;wbCpziHsurR{EnZThwd24Jp6bsRZs`J
zQDRv7&JMz;o$PxsES*`Hl>ma0&X{sgv$vBWoycbu%(`xp`}4z+s_8Ras{x6={#54&
zvIs6{4g&B8lD$3$iP%oxZ^C(+PJ~JX5}m@qKmJ(6!Bz!E{V-ij7GKbIG5TbepXkdQ
zrNnbew;+nbf`9I9mm^au5?9k7+U=Q5=fR_ON#c*d6aMILzv6u)I;yUCtF4L>u1w4{
zs%;R?PLoKykHia59xi*NzBQ~?$INl)3wpvG_SF-Jmv60`mt&{)o1V0km{+X(Lwnkd
zt~>{&?JDT<K?V$V66_9eoAw*~0||DBZC$MgXa&w^_Y}(aD6s-Lm^IA4Qs#Yp5_poK
z!T5p<k?~+uS2Y$+_26qGo+~>fCN(q0L58_sH79#oWfYot)H3VFhA+S8G;3xD;~MNG
zJ1u)~DG<WudaQBKqZ^rEnN+agP_A%%YehzN0^J`nr#1#0q0p&gj2?vMSd#km3_<GK
z#x)aLM+>2`gR5~h-(Up=7R%3SV{>l8*4yK|ryb{t;uho?!b0%<_e3`@dLP~03Z@F+
z-~-d<e1B%vxPn&iO}d>YE%vF7?K3JbPOKl(;>>=o3Rw$8<y%>^jR7?(>VbQvY))g+
ziV{^ZpLn&`nRqU~e;((UzBnqQQ99kS6xG$(A}pu!>CaKv_h*GJc10&*V3@Oq)HRG1
zt@ZF?s1mSQXzS=4t<U-&k1URYN~KH0G21`sLZZZ2+3cbn8Rh;^>ucTU$$;!qf<meQ
zo6P%Xlnld^`>@BtVVJE)AMaEx`LFC2^zW_0=5%on;5(i2oDPlFX}#FYx}vC~i9{dZ
zFl=uW>NahhwMX~|E||hVm9v-_JKbC7%BExX3z)_0?nNc*ac8FPsHl4lnvSrW`B)XR
zr})qtm7KP!RR?2hwhZ@)gy)UGjL)bLV#sL~=0$q0E00^)h#xf7{FniNET$Wj6USTg
z$1ZE{8P2uM0m7miX-lIARrwrS@bJ=KVmjBT^Iyv*N?D4PZJypZVjJHW+?IV11^bi%
zO|lDTho+lH9n@SNf5{;}2pqCRMptv>w%4~Z<895bv)9o6*iMJrtQi(CuW`a=m=beN
zikrH*!~aGM3F}9Rzg4XztbyzllqZ$4{X?j91EI3NW5=#^nMy;JH$qOP%$a{5B15uN
zCjdciW1<&%l>Cp<B>3s4mHdqcvmSl78`_U?$4mI<al5-jA32rAF8}yhXt^Rejd-iV
z31SwVcDC-KqbhNsOh`zOw1dizS0QXCo$*c?zAXa&jhfRKg^FMnBwqb^AqtYC&YC)1
zYNm<8Zc2Psb|j`MCoeUw5j?eb)Y#Ugw(wKv1h_2ion#mCPb8L$)a=x&EN%r?ow4Ll
zOMc*-MgFmC0uVG%7+m7{<p5FB7}H})OXA@EO!OyS+`Jg!wO9}vtArX(tKeWbf2$;|
zIQzE0w1+cm2`0%ss~5GG@KeT90fX2Mc7>ur<d8tMXLBTvo0WqSJ;tJBEd0r!6&${!
zr)_Hi`@9FM1l>~sTG=|DM?RT8CPzw`9Osisadnh%$LF&7DHo;MJ_Xx11~1grdsU$n
zUT?*x%dHHUSCXV09gpYgiZ{ku7cMglShgw`#?iB$Y*x@43`y@P7o?SzhMk`~$nz9?
z6!0H1Vzhd21MfXpc$kt<c-~)bvwW9+6lVkxI~H!u-D8vE{HVV72u}CM!8uwsMUzH_
z!0EzvO$c0Zg7i$5<!HWkpVY2iO7xpy%MDTyBtl_nE7}c?NC3PZg{H$fYl=NZ@rxBW
zo!f1;ghizhuk8~bP`t|J3EXzb@q@<6<S7Du^@K%eLx`s8Vq__z)Bt4K3o=(|^6UKo
z6+RNxN1nwrA}ZrKCmbE$J5TuocWY?OK&G6*h2G58xkP_4hDo42E=dfw$TzT1Wulyb
z{b`RCpc)&6=1;WH=3Co*H~^fVi8G?9;e8}4N9Drji*?uED_#8u#;+{!1Obq!#Z&NL
z{^3>O$yM^!uhfnkx3*uzxp}?A9&xw;;jz5zrhNW8z#n~4KGPIwXyFq~)mv;@A55OV
zIkbT{!&_SCb70Z^C^6PKLN|=;D>3R#;1m#y%8nYDkqT$7@4KJ<y07>X_y?Frg`W9^
zC7*M9a<(8`pATiVsm66RwM(XD14tP)hoNJYgBRRP@DNRlAJ^HZZJM)MC~bD2v;-*L
zZ=>;#e;Lfgz+nCweR~z@x8;jlA+Yu>Nj!NspinP@&CoaJ&!MmEtL+bu114qEk&P7<
zmpQ$*AaeRy`*_^Qt1!O=zE&lX?_sRK3PGVV_jcVo_he18HSQ`0@3%Kt98cB0?La<I
zQI|I(*EKBf@NWM4GCzX8pPw=$pO#Nk24+1D$h(K+Jf??kHd&KDjxTGAhk>Vep*MYY
zuut}+j)wzBLQ%Z@gBBVQsXu7T?VD2Bdznq6AjIAD>uzx<;z&=&NIP7ws}p~Fg};?k
zb$-u`#I{0jyjTN^ZB^t11SmG>HI)g8Zm4TmBH_7t^)C2Kyt&HozXVvGs@x&i;K1!k
zD2w$%COVn%9CHQH*9xk<5AI%<Mhst8@-xk=y}XIs0}m<!jL>xc_33}!=IWO_E_iGX
zi0T><_&&h!>x&r7xCCz{C3=}_jO0?W?ig2Y>x@-MJRd95gnNj~T&gck>Y{Jf67L}i
z;8p=2_V9gbr`^tB1T9?Q>&)THY>1o4rb18qF0mqGgvey6@*D7wW(VxHvNLtuRH<ga
zfl50>JGT&Wd0{C4?%P=`h2c{BOA$NV{)tJPfBWk5o?kwcU+|Q&SYQ8nebfK;DtqUt
zu%&w^W59JR`WZU9@Z(-2KD#;U?Y>u`y~h|z?;T8uFwlD(=BA4#(fxy4r*6#F;%Hx=
z4075jlH4yj{o5h^;X3DQ1kNx_k@DKzcUR|M+}W9IzHO3^Ok|JR7S2Wp$~|t9Qcxs&
zL7MxQR2_*{Vl8J|Ew>w$N!Zw;Kfz<byk?oGN3l77O5IkxhRp!qPC^sp@9o^X+Jpc0
zb+1nt9x~T|4-|xeZ0@o$qZdc5cLU!Kqy{YFfy^LhPjid$OK~Z(Rl_m5l^Wx)d2D&S
zAlu`5x2EsIO|fGmpJA?ih7Y!8{AHKa`epsjz!~u<Q{4G4+WmLY@yCn3gvcbq<mh)p
zq;}CMNGRw!WoEQ1+TXX%HWC=!A8cvcX`j0kUFP}scOE~uL=7JahB5N;$l)>Vh*+r4
zdZOe=`C`dmCUfZ3H$C(&fMu!Xu(Ms%2^BgyP*0k-cRG)c^lPN};ilQ`qMM(6CG^o-
zE!2}Z%nVz9_<ifC+RZDW_f+R{<vMp0p8lfy|Gs%HNiWpUKu^T#=(ctnslc<tl-0rX
z3XOctrAG?qhtok{zX}c-4E$`rUDt3Q=PH2Oz=hJr#6d~PUe_R0p~MGF=XllIGKhih
z8aq|nTj{*r(7>vjwvQe^xh5zc9&nrlV^3JF!>xZHq2I~ugU~Gis|vJ=l9Ev*N3G)k
z)7C6_?IeMKR6&(TZ)GJYT)vYM2_8abN}|k3g9wpw<L`78nA6)^?p>_oNr{gdm6|=9
z#E+Bg9U&IQ5sQUxhqKZUN88dUJDOn#V))v$^wdi1MqTY)`iHw$o8=OQB7PVfhUV#d
zO@{x=>({RzWWwa$y%Qv4v61BCBcd}J5`NnpC9<G#s4W!Qm#s_~B%g(qoSb~B4P@Be
zN6CmEsLWUwmX;zBA<_3AM&EyOrjQ4R2pEu+)06!AiAu=ghxix*0e60>vHxWq1VrEr
z&AHIJn21wuYU}FqM`3J%=_mH2qzby&P2nZnVJ(k60e6hLdj+~RH<)QQM<7C;qzCqN
zJm;$vrPJ5yot)fEdWg+nYCbJpqvB+L?jHL7^gyG0Atcgittv_Yv_~ftn!kIciIACY
zT3vXt-aWYUf8fuhJL_&<04=C9n0@r@m2f=Y={h$+Oub3wvc`-1YBJtQ*x8l+43Sf|
z6%s~#3kNm}^}4n_kOWyGh;2J8RRPOEbbTQ2c@aB_Y_>w7=}nPndWxqnXx+TLF`cjF
z`d6<H_BRB+F(+pKkw^b{F^^b{SXhgU@v+59wlY`L+aL;7;-Q>a+}D}39ws1Vmn{n;
z2GyM?ppTYDi{yR97-yK=8{U;$U**HX2o$8%YwuvOf%fTmko|k1u^ghWtT*g~tH&7p
z#k<%ahy5xdA-F6e@k;-k{-1Q;?>y1q!bzo05D9u}v&IGl2w3S4f6G*$b4uWzQmM4U
zHk!)k-E2Q~M<v{`27Lf-aWO3|76;%EVTdO5Ch|3^gtf$=ZEc<32o4G9<C!Vm-lb#@
zychjfx%&VY=ZBue=6o$a;RAtp+Uaoc0e7#v1|Z&AJ)a|Z`StfT{l_bu4R^Q@AWV=)
zYn2&EJhogDxHR2CLDFq49fc34Gl|`(@?1XwU6k=E%gC5FX#p_mOG--0gE}7e2cgzw
zpSx;)a8)^-ED~R<q<snpwm=}%3}RZ4u7w&6SQ2D(Y6S8Bz!4KD@WjH>Wg)@Af&sIe
z`IB5pEwzyXZg!&a1BKEr`GkdpWGg<w+^O<z`Cl%LDu9j1oMcIWT=+9TiSD4_sKuqM
zeaTP~tyH8|oAcUgtT5G1P<nyL;kG!=PsD3JP`q5%xTFNuuK@9X+@OC7IL>?&PwB8_
zGz=iR-jZI4u5g~2B(I=Yd}4nu`^2tpd}53W>ncH2+@fPGlN%DZeLi24HWw-oPG4Bm
zpa0L#x&e=g`hlt!Ij(&kh;4w&9)!usQ3U`q`AMvJ*Xqb%j%;iUbcV1DUOgefRrOj1
zroRO?vvgy5yyzd9<&PJ=xNp=o9N{4T;#V<vf3Kw&2X<xWW3&eKD7Xi<q(l@1K*I|^
zO+>za%8kp7%e_hVzlgS9@A=Ms3s@BJ{cqk~TK#nm#bssEug*o#@gTc9vya=#jH}8m
z`@D$z8!>F+_x3EYXe_BZBUzej)h%lb@)>R%&VNC@qMq+=z@iG9M-dp4<51(%fE@hQ
zT>JmmmY%pSRtCe3*;Eo=?eSwWU0Lt4j55tH7NfXCNu|cA-CFR)!>tnUx^G)L-RgdK
zZ|caVeq(X;032hC3lHD**7?Dwp86;9yt4j8)qD5#i~sfEE~GqHdn|luIk*rZLhK?W
z8NK+Lg~CcTo2?b{wWu$Jp-v2{jD^s_y*S2SKG4(ROLJf>nJWy_sICS7e`O!k$Qy26
z+f3~LAR9)#S%=r4v-Pr_@cP((`Vr0yRWe`%_>XXr*Tk7{sp1oYswfrVAx<Pzw|{e3
z{(}J}AaM1qtbb8XtkM;E-c{Eq)sa(C5q)vK%W>X#=jv`>ZrqWS(~RY6sF{Uohk>|i
zp^>ljmFfjbrLe-Vq_k@L?BQYQdwlHqzd20E6t~cv>H*se3JF0j`V(c4ckcdCbGZn<
zxmphqSdX>3#sD{ythK)vc^?Vo^h0V5$1bU$`<H78fP9&47;wWNNr(H=Lbhn!ZCb~J
z{(O`4Wm;)-8QHD0zf<+oc!Z>+BuPG<Z;xLR6~<FN`tvy?Tplrr%frB|D=!8JBtJYh
zEIi1@7$PESyA7g5LRepaf0|Bbg!FSVADRY7ef@N0)XZOw0*cGz>`7%tVNfv!Mn7l{
zo+{n38$^)Z4cmDsK@9TSj81`ww%H(!?^CWwLU{5dTsp<ts4ZP4(3bt-Vaa=ZtlxHx
z@Rs(3*yFS4*{t#RyCD?jF+PIbEnm)}Nzi-@|LjIRRljrvV!0Eq@MOctNU}s!3}GB3
z^#o;zbOO(#hYA2<JDxV?__gS_4{m{CK7#Y^7-NWhR4N{4f(S(zm4p{6(~gz3=<Re>
zj>wPdnz#OTRxYHxaY_R^^`G`ZDP8n3F;|pa@}pOze<V6&>YMP8=X?t*e%G{okNKaW
zsnsl@PbO2!MD;H8?|VMvyM^)yU$dx}Se%@#m{N(KDsvtqHN~@f<_x$m@B1&qR7Z<n
zqgh^r{=;@De)2m{%?hf4wpe>x=`#7TVe(nbb<EBC@8eAWWRAPYU3%R^4P<RnSDw=%
z(BV(-^O7vVDp|MOy_`;1NfDQab4(olOv5C(={`(y1+~OV4rj<B#h})kHt1a5^X=<f
z>vW)Q!k6Hi#r@>_W*P}1K(rcF0Aq`#*aV}bWHRVEE1?ds2*>aI{e*AaLU^NgcCs)1
zf|d9iAkcj*I@CHM%$tAa-n^&4f+Z(`3yHsu7Q{y(5{r0>k}Pq~dleDM-4>rh?FZxu
z*5al8I`dkvd3t^ajY8833tvC0B1%6M<3Xby0g(oBGBUI&)PESv4`w1Cju5>3cfH2B
zK=55XI+Q|Lu);c6T&GCC&OpO{A^k??pE>tt=%vq#&_xyg4`u$%6Y72!0$f0eDF@-#
ztn3nEc$qhYwx%em1O`EsoW1bp@@FL17{GUnTkF&TY{dBtpMwUZyLTB{#V4V{JDxAH
zfNd|CAK2z5M@!7&k#Av6(0c3i?@FFC_*rgss;Bo5hD5{>CKGLeLU0-e>8(F+Vmv%x
z5O2}F;+I$0XmE2wD?!jM=-mBGSXxBH-ORYKn_ZfMRw}EB@@hXg2?=sR7pimRBGPB|
zOqX;xR|p_g%q61JEwRB28Gq~T-$@YF`@3H>%lqSL=<_HGE?hLsKeL7rP^f&7xlZR-
z3YBMp+N>{WJ1903PCY@NsDd|DDCWSR&#e!&qdg=arRJJ9;t_%nwo1rCC_`D2iR3(A
z0l`v!Z&5L;u3@9Gk)YpPe=5Pfv?e(m;{(p$rC=N?3dy)KpAb4FI(mw@Z)T>T7L)LQ
zIL*V$)9mhgk$fcyFY%n?V`QTAraS5h1TI&WN@^u|%L`Ykyq#iIxkvxL*+19-(^u(w
z<NQ%dp~hY*H$G&dVw7086l6pQN}IgFNBD)z+VA9-n=UPR3w{BIL>P3f5gZFsr~h}t
z{6KsMxos5kx#f@US=?6?z|!n+59%7|Q61H5dD^fqMYs$tImQe}JMgbTm+mx`Dtmpp
zUmgo7ii<A*@V<#ek`NLGOG-*X+RQJdbz&wSL`cwDQeN-ng4U9_wWw&J5C3m)#24{9
zLl|fhy(a{MLSiW$9r_5`*q{GwQ@FgpT$zFv_tIsw538-r$QX3qfCjo#p~OcO6-%nT
z%3XhzXi5Ec6d>qEh`)d`QbZRpu1Ycuc_umO8-kgJAXj)65Yt9Mzj?ikB2Cwd`Y)=!
z^-Y|Tw8dy&a-o4Ng7&)%K0UpaRtd9#YfJ3k0XWX5D_6>cDDFzUbaZC@3}Y-)L-oaD
zyAPZzozyy}f@YqBC{Khd?FmAHYGPjN)Dk49FJ<5%5F<&Xr@h7Pq{8z%(u_+Wt`Za-
zjcWw?!tw8?cLV;#9hd#JVJQIYt;p2a`(h!eLq7l6>~oPr20Mlxbi4f$*u)?beMufC
zk;umtmdb##Ko?MDNO!3>^7HpP!{Dw|)LZdejg5_k#*@smYqkXTLRyBv?Hhv!nYX|E
z-WA^bUiMS*tcaonqkB8oANtp`T}n|$%8kg*D)fWbiFMv(ys9K5nu0SlyX#i>M?y}2
z4aj`X!WMwYz^!)&awH7q2oK5X%&l}RfnTXq^kx__AYcV8D%GD{?is4j4F|#b3$%m=
z=@o?MdE}Y7d;lIFr)N<o2yKmT7qr<xb@a@4UurnnFF+Y$8iTui{PCZT%hfLpQ8)hO
z5;v9@1jPir0hR=H$?dy;_G~#>FV7VJ<VyKAJdWof340y0v$OM5xX|E}U{uTaKMWdf
zTd@x0-L$kcYk}Nr^XMtx9c#qxqwGG(u~(HZjK_<81shq#Ue2CGef?TG{Qi<hgh6Oj
zDI1k|hqWdwL#l#adocawQokuwlRWHi!iV&k3(Y36w||~@iE(15VsVRI_B|f2;Gb%B
zT7Oc^H^qRMUPj<+4ku9t!eUPE3Yx!X@P;O{;Aad8N7kca$k6rPG{k-|z1ia0@Ywop
z*!MvD8(zg;@nBW-9#&H_k_5&kvv?lY1p60iPk(xI^SO?e4uPWu8f$SX>fcH9Qp0d+
z0r~d%bKtPUrKUiH5F_||fznohi<I7Ly2Xo5yu;!7xW2c}`f~lAC^ylcn?KcfDJX3C
zCV?OUk8{Ah(77G~B2%WVoh+GDdSxD)<<g$}|F#&?=Qq#QDBLCcC6h6!DJZIF-rb`A
z+p+)Bcpr4ZlJ*`XCw{)}yYnDZ4OE^p>obmAkr&u<;Y*M`kd;6HJB^C^Yh^CdpT60@
zlhm(!b1pmw)`g?rrTPZdxY5F(xHhh`lGRrDvluN;+O_g&<-3gMR7_o}Evnzx=WkZx
zKmT-TxC|dS`dzyD;MT2TucCNBH3CS~jMed!yymR0z5qA!vaSLV3wrh6&7|wc|NiPF
za^)`IUpi&#8sig62-RwRwr$<r9zX|lA}3!n#S84q`jQQM@WlT|Ck(i|6BG0VUo7s6
zpw=}|lM7GO=<V(t;oQIWM}A+}f4?F=ih$#2$|CO$Y6AO#{qYopvEUvb{Q2bncw~RQ
z2>6^teU_hAS6pRkc^+{AN9>3M`_Ep^-#GL4Khv>pK3eFIno06P!-I_DP2j~xWsFJi
zIsN|5|LF>lBV&t;l4VB>WoiVzPo8rzfpd7iLvru`b$L&39suO;9PP1i9QCDD@~&3%
zGwJ^U+WxnF>wr%c?~=MtEWz&PMLp;De?Xr9?aRjrqKe}|h(#RzLDoE+zn9DoNuuO`
zCxXAI>VLf%`S~pnkeqk*3JL|LpvLFYM9e?R$p3yZ_3ND=ssL^#|0lHf>KaJxf+Sx4
z_YeI`AO4eruLK;Su$DiF@-@LTd;i_QagjrLoAvIa^>FH(tdih1Iw|GL14WN(Q2#GC
z`Qx2`dUFE4CB?Y7Pvqx8)k~Jz0{3^qm=%a)Ws4?Bc{!+`OF5XT9J@-dKdamIZIJB!
z>EeE2)_b(z97VyG$;r;+d4Jr|-!2l}kqc|-2Yq%(C@GQRqeRpQDE=-f8zMO6<(~x0
z=I~b7JeJ}kl@P4gkp?|e^&J+qr4vQZzAPF}R|YJ0J9-r7VBBh?6H3!!kWkpi3M#k2
zPX6}IUD(I>Uq|}e0{-<c<j)`OFDQ|4F@Y*(^tuMMxLmxye}B|~?_GV9md>##(&Vg9
zyJ8q4uy8Fgix>|K`M;eX?^~YO^s+LiwfhDI$oqa{wIUvDd8~p#{XcQU2gF;XLAzSd
zggY)}X763@-vBX}Qj`(p;>gvaP0pf&saR_XX57hb4d!aQM}zHcaW&q>y$n#JxSbty
zj#EiV$>ovTt5O9~5ry%#7*1uSp4GARE`5@o#hFLZ#jt%^R-zM>`dfeB>R&48FMQb$
z%4u)U9Bn<OXStq7+~a&o7t#bK*L|%%KM{(cGe8Hhdebnc(8@YBH7_hu3E-!9AEE<I
zl6mJ~JO^Q8qAU>fJ<yzV(*_DK2M!q^>pTHBx_U|Kc!!=Mf4b3CL-nCyQCWK-XfS~-
z8frkfYPaYT6nw0Txp<sW+#?iAi9Xxl?dV1nP#!(uI`%q!quo|f;K{?NZI&ty4P+x#
zn$SKeUg7t`Prt<7F%@~+bNhC|zlnpt*c#W@6Zqns&kV~i&f(JZ`o9%xgF#}SKRvMf
zL~kf(Qo)8t2K>;M?t#l$B~z}=4YoLL??Xo`?Sz<5!Zh{3U>Q)$sL4jT`6<#k9)t!Z
zrj`Q=jmF<~@A7{-zcbr-dNe2Yb;Gl2qjG-;^TcM5<NT9)t0$+-0(Q=Uz9m(<+U)yj
zxb&y_A4p{eEkGgt*!`#)tk0MoO+E}znZboVGS8|dr{jgCLfDozb!t`t0qQZ#XV|QO
zuvC^--|0kqU}?-^c`_8P7c{{UyAAg!$)byifAf57J^8inF&`6@r~kyVKMyT>2#NjZ
zgZ<&A$WpWop0c?jl0D6qlfqG}t)P6tKrv?K9T!{3+j#@7%F#H-KZ~JM@;ebF$XK5e
z{eu_LvlRJhb%Y=4+t+_`=nvq><$j3uI*!?D^{t6oB)xHxJ0di(%mVtr6CLvUdHW|o
z6}<w)v0VGBgQ1Eek;4FhBX?*tk-)Es-JL@!eBWz=@+2_@F;s1T6{<JXOk2N!9=K6H
z888r9)kw$k<HlINHewY=@^{_2g-})AG`$O_(yei1jYW`Mu2<`-Dp2yQVbeSiV_l($
z-SZLCk$Adn4LfiuB+SgHvy=<?3fGwS4yT3c!;wQbh#V)eGVw!soI)3hjYa#YJ(}^i
zh<Ux%e1>|*K?EFBDo_@*81;u_m%{G1b?I@Ei#o!#*%9WLB<zIA!(O{I`QhGHPYC>|
zB7a~szKP6yx-Po&iPdnqKPJ-Y6nAp|E_A;pV|j2Ur$IUj41v2jkf1FDvLc8(W6sK!
ztSr8&XBv88Y*}<yd;z^4C;}X5)}9}KS#tBAtj^QWk+o(Wa!)sTebkibH$*cxsFG#<
z;?%rw>$X=D!$8^M&``R)-=|p=fWcrjQ%Ngx8~FrNY|loAhYQ$PRfrKB{WxnyK{9mH
zSlln>VZWHQnpnq7q1O{?wsHEfxhn24R%HClW~C?o_Sw;#zq#{b9o=g)l|~Oj<wpj>
zDJ4_wCEXKc77MU$pOBt*3;JH!<8JZMoxA3^=MAx(nc3XiIeJ>?FLvl^v+sFX!%#c%
zSajsz{vBJm7Nz1v2wI@jVA#OqvFmsH`~=Vg`Wy9eq9K`6M_zM3bu$is+8csOSg{(r
zNc2gy(U>^dI6O*sD{-u#Je|RbwZojRtQW{tqFI?cjCEob`n>OqAE0MnZi?_OTL}ei
z>D^3Q(RlVau7DFuw8g7!vx!pm+f~Pl@Twt)Q-^9j2ead?G`o!$vAu`WPTb`WLzHi!
zi;P;aAKucZaPzX3vO6}8V6wP(cG50p9XVIt<(8vZzd!dibt`{js8gVvwwpCFyXt@$
zqz8NAIhQgRO|EV+W`oqYz4^e~BrGf*J3D+n^sgrc4kX595g>?&a$$`0^mPrNGpka2
zQA#8_tB?}+GS|NZlToOM0XdKig<^_Ucn^P?z`))>;8FZir;0jZKfY0DljuY;G|S_R
z%(PhwNy6L#{fS3!d-jgWjiORcfo{=X{Ma^a$5bk#*-zIYq%TMHgz4XPe15o3@=<)>
z_nxYM2Ynln%En;JGHDp&*r5v#H~OlQg@J(#8$b89=h88@uO?=Cc6@PTTZrv;_JioM
zUlcKBxbac!+rg5u*rb>q-%_l7=8=N!GpnsB<<fP00vo7Jm*C0#q4)W~6F9mgp|LHp
z;azr+!w0#|X!O3XxnO0qJEV7_^|{_!&i2`IbGBb=`Kx!s@ojYs0XYcP4<H*ygb{4k
z9lzYvzlqv7eF)=1P=9Lu4F3t~6X7u1FUZlCS<iehb+J$FA?H^`S+Ac-8ruAPHc-0l
zOyh4-bM{FGdK^w!BTh>`!L(mUyZrq&8P3k~={sKa+1W;DPsE_Xp8iRv$!LDK^Vz;`
zjn%e7&$Mh9Jj9=QRZg(LR+u%;&O-mi9(jfJMgo5I#j7~)b~l?ksM}kql4lX?BTW!d
zR)MiRKHDtNZ7()ysrjD62CoP1kc<9cI>qw@(Wsv)b#|h!XRvRu*P)%53FxTL&iNlE
zqt}hEw^P=<RfV1fQ&egCv-yE;Wv>(}kHlu^wk5`$G^!*qh?-sm(fXh&#$4P>mdTh)
z&DLgN=#LFFab@g9De{iieD>CBSZI{TJ`Gh!akg=scNa1IMMwu17HXnz>pNBVqVz&p
znb@`?Y@bt30yBXj3ks~}rz%S(1i1BbW2i_|%N^mdOxujc*6)TnV21iO2Oyppk)uET
z<@{ugvaPc-xWaf+UeF&}`sF<A5I5^+!GJkyZF0|cNhv*C9;Hj8*7dIC2Y5Sboi6<+
zo5!ImCjCwLkU1gdigKdyayb=`uf9g)tC8=UDSOww8mT#-{L3u*i^b%{9S1-gR1a6}
z8BCvs5eE$_&{io_SwJLWT?|Ao5^ScP2r2Tms5q6wyfcy+%_hr>f*4LjoTPe=eO_%6
zG;xs;bdf6_U{I)5M~O1Vb3J_r8lwcj!(8jUx9^=f@xHKz+YNiKd+;(PMiiGB=goKt
zMn5PZQ7iFLS{nEi_r!hFbi<0lyJy~^cdW?Z{lo|>DH+*raw-UpWS5td$z;5Xc8*~1
zU>E%&KF)sINQYp-An<j9%=JP3Ev=|{ebuLDue;{wSHrcE3G;#t_B@r=I-VFJ3}J5(
zk|iSI{rGaYDACA^aDFKC;&SjUyH+%<zE1x+{}hkafst6``AJv^bc%BRe8?A6)}}O_
z(gm#QR;OhtSG*&QW-x?TG4{oxYj~K6uu*06JYA&<%LrwY5`zLJGVybL@?i1xd(O@X
zx=;)sI}2zKhUd4=h~DZ``jDBx3;8n1RM6YVTPMRwzih!JYu-I2#1u`5oVD+atd4+E
zekWy&94f;^Af?Dqg(C**Il!H-M&!jYJJ<h^B8MQUaV!}!xbCQQIBvob56>>nUg)?#
z7@A+bo*rtaNL)p6HMPPA4ud^AlEEZ@bF~C#bEGt{G3Q1oV%~fw(LDpGKHD_;bE6B<
z@G>@QP$L2{N<!Ee%zYLd9MbAB#_Qv}JE*<nhwH5RL2j*%;S8Mu>G6`z?QO!kY0x)-
z(wX0<+w75hNU+RD>);SUhF+n@Q05_eGyx}>(b_JPS0k-O0t-v?rAIPdbMA5_vXhQg
zXFu4*Me9GYXU&<>#ij~BXBytS&u{<80?SHNzFVSbYF??|?o$Pad^@5|bl=*VH7LQ(
z>DO$rGOrWU{c!4V_o0FArauRI?;E%URA_MXa0gg4iboy%(#z4-<0L=sQq8ynsf{W7
z^Rx|EM#;ywIs2ETWO6aYwT4+x9%6l)A#L+rYB;U_(XxjxS;zuIGReN#EM~@K?n5PN
zzu@idS03-x#hn+XO}bmQ&YVi^Mny;$8WD>q=0;R2EA$4OSv6G@&UmENdYczcb>^Av
zbksMc($DTGtkXw7;>=MkHL%UKtR2gYG)Pe4D?NVO{U+Eyuv}qOVM`W<X4<a<*OGa0
z<RtNZw}5o_$48`O;a(d>Rp}QE#XbxA!8W-DuEx4l#iY<PS+S*gxmCO6U1PskMQj45
z5aadUwZv|g4c!&J=$L7Hg^oXh7ShhQWR;z=28>NfB!?t&m+IB(8X_-jDt@YkzOh*9
zK$)r~Exf_(a^Qh0nu4(9vB1Sa4GYFdM&_S3W`GKWwkJQ*I#{PnTJ~v<?PASHoItDN
zVbRD_OsUC9Z3B7RLe7V5lf0!XuTS(3Liaiu3T{7*h1T*8<ZEZdE%9->GUk{*7q;9{
z5ir3f7q&coMb;Je*{2(1ckF`3E$LtEc*|8=gjpv>-ZA!)U|f8AESdlUXS^Ii7HjQ9
z;(We15vsNf!G>hssifg_7O5L|yZf^@cng;&g$M-eSwLT8<Y?!na7pTP;;||R2B*`F
z;k|vlXOY!eR%`T@V=KCMl4e4c$lpgWX-32<g!hxqOm{`Ic!|00QkH({>!;l_)Ei8P
z&KKXP{dz?3gWN1pldjNeHf#^{RN+qM`q>aj>S2;;UH3IJle~Q6z}S4cHITSB77D|Y
zU@i;fhidFg9<(I-#Y4ncM~7Cm>zrsU`crNz7JUQdFl0YU%@vQ1m+W4*^J#af8t|AK
zMvWzmYcu1MO&RLu9;6Jh=v|10l`&ZxZlUnwQPevYsL95H4)yNHm|ZEfU96EKi=irx
zLnZP#?Vyzimu`&wHgX$_Da-MD9rvZUll`@RdEMAK3#83<&W@kQZAkfGj8iP)^4ryn
zwnx^^ELHSruqYgiD!kq>e{BbugE{seXHHK8!uiaz&Bjgt!e1L@i+flpp%|;ojr0yo
zjjJ%<J<RlSriJDeQ>g47sq=o<L`QgkYSmGTdwtTXlz@O2{KsvkPBi=<a>NWvQc2C6
z!O3G)`!K2TNu^L}1xl!<Rm`0Nc?_bljsAQ?LR{H%;^dIf-cN<hdvEj|NC_{NUIcfM
zsV78g&h3SJ7`-!USScDYVs32hr1R|OYinGglNd$Y9A05+IcCbr=o;E|ZX6B--Tfp!
z&CFCYscL3IR8_NUW}xP=_zea7pgNeqM#64f8A70KK+&#umbtPK5{<{fK+nh&BD#^6
z0m-rG@0PSHW2%u+fc+7j2OPqhZQ3W0^7h$GgV&aqX<OFv7w)kNbk#JNTzl=7V{o>s
zz&6V)Fy%jh&J#S-U|ObK-7b!p2abK%1B9$7$v0snc`q99ffAEJC!$#&H?9$4<Vb(X
z<E4sVHj8l+Mp>DPNM|y|WxEH9oN_qK`mo_uTnBn>b~+GN8I{_F2EVVI7z<PtaQ6a;
zQ&8P4(At3Gq^`kw*opK>H?B?5^C1sqx_6rwYs*pug3XjNVrZ*JK|znrZjTX~=!}<`
zgswU`>$UWQ!h#p>pGfQL-4bHN!n|K6_Zg8oc<7Con#9H#wSH}smZN$zMJ~g<ui<85
z3&P3pTQuQ&-5g}ey5W4j2gwn2hy-GpW6?BaoP>dPD*gM+>7emhM^5Vd=)F66Hi>)<
zc<{Ef*h#3JY3A!H-+xwnJr&ks(b$#@sd}+kY(&;TI4U{Nx*qJ&N@p<CQ!;xio9KX`
zRaNk(*#gFz!4Qm$jeL^=k1PKGC-S)FoU1<tn);QInO@Xz8|}x8Fu83(S?yS?!dB85
ze_Kaqo~EK0a>8Jun{9B4w`O&OwGVxt=~k6He==6x^LCwdsT5Ihbq!$QzvL7Z5+Y`&
zJRYl!L9V&j#NL(>r33A`_Ny(Vi(aa9b3HQFWvv1obT0jBbM~(%q<+?c{rcHAZcq~n
z@Vt>;Dv2}*Z0l|{3uxjy249~{_V(e;t-GsUU9Z1dbapazYzRb44OvKM*;r(kl{Ka9
za4DyZOuZM*V}w3u`jl>Le3a*~`!=>JY9zsMXNLj3a#W>?w)xqEFp0dM<yATx`gYw0
zB$bbL;TR@Be<aJ0Bbt3URl3P2F;PDk(&ZX!{3A2J$hEI+3|KXJ%*NKmph(?3qC!kh
zG%KH0@276No}Pp|@cAkM#N|H(y_hb@n`ECEDr2HIj<FkgG{_gF;xqYej%HHnBV#n=
zRd4B|GA6jm0hzpqRyE~2>Dh(;N0{VtsnMGLEG~X*2ex)+t&n)zqq3-!i=BfSB1UyG
z+Ogeck+Z$M+Qn#`OSWMP5nV@kM_h77-qpQvjN5^p`S$?b6_%K)bZ2!agI~Eqg|az%
z$%n+MKgEdzx3v_FXy<4zSXP;viRt0{tRA@eCI7wKUn9r;n5|dIhs}~&Wj$)Zpa2Ta
zu++B=7qU=Qi9vTS3>8Z+WW3@eUjm%15o$ZGlH7Wm8;tpD+5{6!{2zNcMh-T<e4q`u
z51Fi#on2ius$Z$dywgA^($>}WjV!y=d#q58d!Oe>n;23OIqiJvJLT+vlckD}Nx>+2
zGck}x<Uppb;m}>>6-SLXJcQ|WkJa!rxw}11es~pT{;6tAX>ERaSbasl+P3d7zvq``
z#RZ{}HIq_-bK{B9fcuEV;sNl=%~A>qSkV?;c6~y3D7%qWAW*afKDsoF=an6l=7{%+
z`)caA3B(NB-7!?SPS+9EU`=cF$t2z-3&m_<%+{<Px@l^CcVct>Lj76Jd6*Z&=6H^l
zXzZTNj_jo4WRSQXF1?g+^D-35RB6L|t|E;~tRlBf?Pzr*q*OTF5TBb}<1)@A@&wOe
z)kEt2NBI2?sUrQsm36=9Bt#`=^(G9*LD48Y>@LbEib}D<Z*o7+p$@vYbY#p9j!PJF
zBX!nvJaqVnK9HOe&7#ivc}qYhI5j>;2-9?T?26#gb~jL}>JUw1LVQutf(bo^lu+nU
z2wk84xaXSbnr|}6+5fud;iS}s{+fc*X^cg8TD4P!$tfjX`Ragmy7T_KXa|$3B?`)8
z+U;dU%wv9M4xMaG52T{p>I8oyDSR$<wt>oRS0?ku;Nj(C|5FEfVIC~@xL5XbR{Q8&
z!RF6qfAD?A%zBJZy!;a@nehSPLqpg4H(pN`o7J7|cE9=No6ck~Pr<g=a%M2uYVu~5
z^XbD+Ot*69G{zKVooVKSyKna9$G&YZORIZqzQ!=Dw3Hhz)oU@(FjuX<7_o+>JKb#%
z&84{7MyPq7u;HxfX({XMSp8AON*5Z=-4?299Ke7<G2nex+ElR7mXY0i|M)21qq}QS
zPB-*;p5`9kX5vz8d$}9?V3E)etJfw!a%01yuC~BCzH%Hk2_jum(!>l;rQvtfz1oIK
z9J_J7e0<1{3eYP;ER;VgmBxu}5An<+tk!kC8Ll2PtcsCcieXS95{*iVJTI{;(5_*g
z8nu>6nR;auZ2ns1MDgc(<=d}m<0=rP(eeYzzOWlEwsT8kpK>+zBCvAUh*S$zBe&#>
z!l!#Te$XL&x$)Z%r#>o`x7^5ZEbXbD(>jf4DPnpUe6%m<1FHXA!f33pcR?Wy!eGiZ
zn*n-EkC#B@A3n&;7m;yj%8kN2JN+6R;O#~4d-8Dn6wOze8s$Xr(sG>Ia{W5GWH8*4
zr`cR6kzLE(<<-E!0#%87-nM2l&x8Ge<#0m1Jj<W$Bv;o$=^$7<oC3S_Q9-CX>|y7d
zm)kZqr&aTd^f@y9f`WdnInXl`x*!M`bihzP1&4QJl(i}*t)3Wm6v5nPS6k3c|H#Kn
zvsvUzz;k|s_WOwFFp-0F-v{Fh8E}KavZ6z6+!;Z4Uz0rX!%iX3^u<YT@3<I`!ippy
zLAqN~S?S0WM=!jX<_nqYXoAlMHH^5&<f~y7uGy1dvNX1pwc<^)4$NdnM*Gk2^zCQ2
z`I8F^2c*-oviG+*#3OastTW}BBTq-LsRC}1ayB+Zczf~HLhircU1WRCAKaI=5f^2<
zX4F66)}5vEhIV}<PIUMoUIknBjF#aCht^mx{_*-2j-69#3)~9Cpuzt5)p)pM6~|Nx
z(sXAn)}|BC&VK-3;p{O4$R`o`8e@tG`Fg9D%cRlF)*--m9e5jQUN0gU*O!;){qWuR
z@&2&s=a}higTOSTLnM}0){$!jQ4j1EES_$AdjU$P0hIn_lg6Vn$~z{J2yg#WxIwl-
zloLmd)%}e$#L&;jKGx0H+?SL-9CZJ*T}f}nEZO!*)<}M=YqZF~rp&nw$!ehQFtlZL
zknDM@`chy!CT5v`4D{8SWYUZk=G#kB=K`d@OrtVfBqMD31beufb@^ieid%hVWA=j5
z@KcOe%TkqeD0Z&pxfVS|IrNG-OK3rZn^9(=#ce0s%^7z&=&|60=A}%^lvQ8ZndCWY
z$Q#gEjT^X<DGr~9Ti@HB^NlsYuJcRQGpIZWbL@3Cs@5IUapo`iIQ)Y1*6%-Q{Bf~;
z4yEh)WR~^Qk|C%y;^>f>IufEf?+Jfr$Bb9H=bWwERW=yyi=Ega(scOtSUp=G-aM(a
z#c!vxZsdV|()qm3bBNCeufvW${#DCzN=pfl`NKEVdD)|Ak1eJ62DAI`g(e)&?qOo8
z)$7rw{cu$f=25NNB#Zw{f&I!sJ~i=K85jt|AC3N+Zz%IvSf|ro@`-GQ-hNL`Rn}l@
ze*ZU-&}V{PR*l{ZJIjd=b@Bec=Dstkscvi6j#5RMbOq^1?^UGt-U*T3d+#a=(ggyc
zqf(@X8hStty-E!ofzX?T-tX4;zTY|HyxueJxW8^j@*`^}Ywxx8v*&tdS#x&S3lb9z
zk4R>yiG^IAw|`8rt={q}u+RbPbQIok%a5KT-$I7PLGBST+Ap<*U!8xbtn)R}cM_0u
z-QCw#AGuFqJ3kjN7oyo6wpQu8D|uUQ?8k@Octj<xqTYcF#d@%j=Gb?;9n&4NFDt6}
ziQ8H&o!i@|bY8)`vk?A0j0a|mG0YoYVKY`xFar?Wi0as0I0n^~TZHoLPQDiNnonq(
zQod9XJ0+F7jGv23-53Y?ToB|L*KVJdra-~|gtdk994!m>Yg4t^Wo<IHn1G;XrJ5fj
zzle2UnTvVOBbDeOqK+#lFp}FpxDlqBFEK5-SvT&a<|$-|v9H?|E;l6j7$0tXLcwQS
zzE8{b-6KWNY5I`^DmZ^w`z;Fv0N^GON*DY9Zob_D!Cn&&(BkIVThQmGQyM-A!#%RC
z2*EJe`Eg*G@Z=%1UVXHOf2R=YXkJgNj!-pLpDq}CE9=rk%BK9J-$kN6`c?edDu1sP
zD3Y%-_C{9*lQ-E<q*jmAqSY!|bjx<-XBw0iO1}XuB&+AiSa&6-)MiYb>xg#znAl~2
zRHa1*N=QvDlty$Cjl9hag>97fjqUh(jgBV5ZwEAyoR5@r(9e81at^%W;N*ldW&5fG
zaYzy>^8SrxSqh>@_g&6SrtW*Qt7<R8JJ3;w4twG~(Q!TJvCdd!iZ5>|{Nt?^bxp0|
z3r;~f?&0X66J|)6Q%2;z9ycKq3fLtj+fDy+j?xvI20{!nvCvo9x6snlV~i6!mv3QL
zRINH<qj+up3A~as@pi&P7QvOz=Z7H<GLNn&*pDl3F{fJYDPFJE<80GPEPH%xMoeS@
zN4bFSoj6S>jF{?`ct2s=9w3mUD>Yu~8VGSKBPP)ktR|_(^E)}gd=95cM#@K`n*(<4
z8L_XOlv^L|%yE87seAGDHGtr|IKC$*PSrOa5nm4#(q87x<2#1QlTTsho9YK-VlVh9
z>FWkUuXe6ln`RJ47g`P?^2R^wcJpbKnY?<d+}hgYN4dWTECKl~hq^tN3&e7Ni`#sv
z^RN#<3BtZ{-*nd6*&<6R!_HRoAPicOQvXSGPSuOklXoHuCxxGzXK-<N1q#?rjp+nc
zUOY-|LZAm)bBxWFe#3XhtpoSfgtLL}E3YJjegmD|%9K_9j?D)D{Y?g&qct`Ipk#wB
z%fxz$?OCYnCt@NHDt|IMYGyztERm%wjFR~43DwWw;ArY%cHB6ME#cmpgHJl<>$Np0
z{b89%Yc<(2f?smh@FoZ)<k7O~of15nl-+w0CDHmz&K9H(_-GuDO@Nm_K;ChBR%B?d
z&mjV!VxQR)rZ_eOu|@Bgy6;qSOl$#<$HZQ1HEp&BjuC$nc*YyS-bKwOKjf~OkT}<X
zNl{@pWxP5{ZRyFfuu|)e;IOdhezJF#694q2Qagq7>BHr{dy}Ltsxnzz9KBSYAQ!wT
z-+|()fo&#z6F<1~<=#La6x8Uw{?n;;u5i|RAQ4C}*tJoH&?*h6SogNtm~64fi}WCL
zIkz7U;{sR(`TwvA>p+ubA5T$V)j!DIC-04JaWtc~USVj7>o4=wgv3e?(J?qVDYo5w
zc0)SUK2vh188iCSD`GO)3Hl}`>^P*oi4VMpoefaqBt*N$=;TskbMsep(=-R^A<}M#
z!LrgCD!53F-YmA$dkj-zR((W!3psImYdIMoO`__|kn){hUd;_RV3i-%e@9-^mnIji
zrY|u!9}i+M7BD%gq<ByU6#dy)R>?H7>g<O*MHF=$TuOE4eg4cQ?H0rUBF6+=@Owc#
zEHqV`Ha;KOGa!KA%}%VIS%PoRRZ<BgO*nca4JfK`iKol$u3@PL+cG2DCLa#o8>8iH
zlfk_K$qmCLFM<b_(seIPYWi)I3R)fsrt|J@YtKbS98{1~x@fmW7x#^_nfRaA^=6!u
zMhtUVgo-S}+cuhEyIsp$3?Zhw-Yre&zi{b=5>FT|Nj>hnB3v&xa<iYUXJ%YDb}{h&
z>eg3-%y&?{C$X8YxVPL#WX(P3dbd$v)Y@b-n1MCJ(T{)n9Q~-lC11s0tl+ai6S9PV
zcbn)?_<N}_!CF!8c!02h=jrLjmdM0U#oPJ84pAFahvqvZF1#`DI}};o5@qEVf!OYn
zW&S3MiQ*xHYAxI{4Q!GSJl>V}lBUM*nc_JnnzlGSu6zMTQtRy0yPZNC=j!++V?upR
z47SIz`Ovou5g*F6q1D^Z@Q7z((OOWr%r5Qx(ne4*?9_C3^~{)I<s12^X>$2qJI>->
z?`~UMkNC<_JZ9Ji9dd5fOq|rlrpr5H<*1TsDG`pa?Ag|&L%9xjl=GyodNKD>@j2C`
z`o0Ba>HAjLw5xBE_I~7dkVtCVIhSs!!+I-P2PEB;t#O>y*-EYeD(UjF8*9TR@x(Yb
zFa0bd$f^GZF$LLg5QpeLZMI33Xz1Np_5PXm2Z^ij$m_1>)+7kl7#w+u-~lDGAYyct
zLXh4ZkrCb}vqAmIY-LSyS2Xt7CUz?kWX_wB5mLnG3*1V24G8e=<(V=%XOu0-#YwF_
zTHqN;v4%#Qa3h}CI3R-I;4xDm6~E(jd9z$1XWftI<o?@SL1`N$Og7jM7s^VUZj=|e
ziw0UAV2Bq#HGM5I;%M%Qa%LYOz@;{1uSXUQg%t0NH?HHf$t-ai9XIr*@;15|s5C8&
zi9(VCjSX8aJ^ao}Wna0b@nnZI%Uzzt)tV>28rw#9p*Hxa2C<`TT`L6SJYOF$jfEvA
zm8e#JqqA7)2jvDF(VPNOR$7@Fr_T)t6W9(tHXs%M<&O4INq=SOr)rnxJX2{Hu3GOq
z#_DO^A$b7*3)~yl@Km_}Xm~T?=Ek>g()^e&j*d+gQXhSt3N_uH(yfQqLaF@Pre^jM
zLVjs`HnC~v<`*KR;|{gRH=IpB&B@*S>(wG7mT&T`Pd56*X=%)IfQxg+aR{ij4l*IT
z>*MwFz(>YVg^%hROchQ}hGfwU4(cqPZ(n(~kae@Lb;QNVEfZ<#(akoSC0Q}{49UB>
z$I^MR8GsTnq1_{MI;51&ZNx|$E&>FB&MYL=xM3fhl@0CX&HxAH#ZDdvjA~N;8-g7W
z^*(eLr)f<21PDykQp=2pA&tLX1lq(u8;ynwDym)XehboSSdGK<u#oj!WnCmVvYj8^
zo%ul05FNupbjV9EiDsbp4zMT%$gheq5;mW2VvrhB%Q$&~ON3vEpC%B#<#4|yzjV3k
zg!@45j3`c$HIWhYWCd4T9kH+dscct#%)4S;U<<cr41zNy*(kpIZMU71(CIEua(?FS
zqy<Ly41SVjb-K#ak~8(y;lZQp|9HO|dCX<i9pj%({j|N=z8YER$t4sTbQ+39u!^po
zH8JQbGWSefb)X`esc{m$aAz}h$J;1Kd6;Z4v(%y7dvtNG|9Y4MRRm3$)8ynn6ZS~!
zYz_*rx|~}+w!(899GK<3my@y@uvgHE!`UE1$r1XIXZ1##dwuu)p=ffSja;A0lbRCH
znPG_|9wSGA`KOKM1aS^CKo;XZDSj+Pj7^l((cpx*RaME8r=Bh0Zz^5rIhLp{fZx{I
zg)-$7_un5<vaZTbB_VR|(JQSk?0jG~U((cMqC!4}t>XFh-U|2;kV?x{%Q_NHND68R
z64!BRHTfW5`J?ywaIH&7J>XOHoCZAhhKnV;KxU^-fYlZbCl;m{WT#i`3h2TR-jSX=
zgWATKfojxv$#=;d95q~;YMw027UVShc1&KA320h~x6Xi`|5nh7%bNB454Ljzd9u?E
z^e?2ws&7h2d<UHMKmq2As5Y6Z!oyMhsU-9EJ?~MGz_mPR&&yY#5Asu18-59Ad(R?L
z!UG0?G(cibsO}1=FXDNyavvBQ1GWcL1}3uBuiXfs33ZQ-s&+u>u0eg^>IoOz`0Z{2
zE5x+V!HIK7YLu5HtM9!0%Qc@_-M&xc3!oLE?sj)miysU}fC^S}HpU2(SW(QK`P{?6
zb`i}-ojd!X$=d%(gTSk$f%EX(ol}!;R^BI1>DfGW|E35~#|dgR^xquefs1POlySOi
ziSTN}>>V?Q$;povO!X(rg{K%G)j0&X#|B0Pw0VfwrdZwD-zr%R7NC-WLDi4P4AN@a
z9pbvkwouCf$>g-q6Y3d!)5L#T8?N2U#lL>O96A^Lt<Gj;U{oo({F&hXw1=0b!2la8
zd$eIpeFwgk!ZMIbFe<f!Ga)h}*fSwp!08k;RB5GLS|H-nKb(d4#bvK{jvJJzG^sOI
zrhTVp_E6A(RL8A<mbZ|tO(vs%yzywF`BY^UHLzW;ZcGWPSh#6e5tzyp754r<r0joS
zcq4mN;EB>2mxB1<k=mhGBBP<wY=A>lg!0@KRO}Qgzi!H1v4a-^E!hk-yjl;^@)kQp
z(o@JJTA%RzT$fZniFiJ-f9^Hd#Se31=c$gKf5A<tN92fF*=(N7<y?p!$_7~vQkM0!
z$AHIWN8}uN5hp-aar!}QML_Zvk?4_C2voPnWitc&S`sg?4pHSpDL|smqv<mo#P^iN
z0>ER<S*~@h)_o~_J!L&)jqCEuCIjC$QP0(a#e~9?<Ke~~-R=-^%a$RTtBu|ch*w8~
zLgTs!m;HzVIj?tymINDA@@nlXMQxR!rK#W2PUTil=_uxl4m<lbDJiGncD%}YO5S?2
zjyp;14$5#!)WWA`-+-=q{ic~V15BLfZy}v75erWh_TLvG7q>2P&WbYsbi%dY#YEec
za6~#aGa}!)SV|RmKhlnSP~H?F)Bsa8J($2dq#zSjcR~Va7Z8-ddXSTn!m9GP>MyF1
zrfs@=I32-{GWi46;|6@b7jJKJdXSLVSZ-(7*c-f;*lC(~zid@(_>mq(Dks5N-^&E$
z{+SQ}^(yq=aR|}P-h0w;Abio$?UzWDn{tf4>Aw7>X4Uvsvo|?qqe^9SoL^V+%%BWx
z-kUZwSVGDe(Aa<wqPIxExOO0L*SN8Cx$p4e>`3wKklORXtb6-Z{~(9n49pR9MmEFP
zvhlYmZSrB6xGx8~n27msd%`KwwnbpBYIFCVXiG8wYqEbD9)K1W*=tHbdc;2Qsp--H
zpS6*~Djp#Z6$x;o-pUyeWd>|4bwDqz^f+~o<4yxf{@HgBXR-KGAtGMebmiUepc`(R
zoWu{ERt`kNGsAyd*a#>cUfXs>E-5{BkyU*w_K@xy;jB<MB|g)qg<O0|vcJ*aI!`ax
zb-cR*R7-uUl@EFZ1h$k6?whT@X}`CgD<{;{iwHV{icD)<-CEkHEPEp{wfMlBv-mMj
zI^_@M6`7^Nol6@V8)fx8^?b;j<!Cnv<~uEINkCic>w8DaJv3xWyIBL49qWc#!A+e|
zX}v13HIcxy>Q&EJs+nd3@8+wQF2PTpE4obXXDa}i`>WyAdF$7KT|GuYm;M8$2&+$%
z25mR*cRQ+!NocEOFpm<jQH7f5=9?t5`>AIynF0!HW+QPYkQ%+{X^EMeulJ?N*RTjT
z;Biq&+qH1A1qF8Hy~d)B&G%Pl5pp^<M@V3k5_~tazd6pH%h^&wn&t#v7nt>1QHKjJ
z^4jzlgm17;G<a1x@BN&o&&~0-rG%=qwN8=LR;39f30GyS6=~6(M(#E(r?Fa%s!NzY
z1v7^+sb@hJ7IG+VOT3xp#;g2p(w6<+swbH><^+BtSYv^T*E*x7;9W1E3^39LAHU)t
z^LEr=HZ}HayLYS&2DHm*w%Kia_7nLAT3%FzG(zxdHThk_c9wXf<w|U(mZsrj>QPGJ
znZ_dx57=|Iiw0&!Q|}Yqp)zm?%TsZf1iGn|IH}go@7o<#31;%89|nN@yEs@dXnTA<
ziPoh(ez?NV!6;4`9Mr{@eUmOC7(W+VyR&r8#N%JY=a&JS3>|!ka3F$}okR(o#XKGY
zo$Q|A`;TT`SmCn>DUrC4ZXchrUF6Rn-67Bfzh^2KK#{vY3%bk{bn(u;@!N*|TlJKs
z$o}vws6UYcv^p-|K8u-S00mu^#vpwXeXf4;+PRCI6ZS7Rb66~%reYoKClC(P99N8)
zqugN*?{Ubg#b?vriAjORg;yt0j~urI;;8uLfB;F_2$2t_v+06Ishx1@cYiG;6I&5v
zv4X)cr@Nv6w+Y_*O31A}+VkG`F;UCMAGUZ?^}z#0>lVj5e1`~f#(&bB>kn)LZ}nEd
zOj~ZNW){WTIiu8ksN}+GT;>?3YMgWfZlw<CZ=qrza%+*t+U2Wv2AXDO*>1SDo@FAx
ztB|zGtUh;~Z0h1`3=1(~@gXH6+weW}xoXgY6%W3=C0lJjY6R2o&Id~9eCH27St2#8
zTIRKS;*kAAVLX;v6vxwIvJl}{mnrJg2~-9sMh1txX6<JP1yLSoaRuA-^!7rA7CV6L
zRRmT*+J7TdJ`iexL3~}Yy-9tniYJ2QVJ(?wHC+~RkVy(D>uG*)Y8{6ILvC6<4w3fo
zXpxSL_&&<Yyh@j(gmT_X?!&ZPuDAfp5;xoD(*0)pWJ|tMBZb%4UsAQ(Di7dxTBiP7
z8idS53k4sm`bCsi!s#d=*k%#m>wf7+PtCK_l-Ej#Z<OgNIp^c@IcYNTRu$n2tmy^U
zJx}HYQ?P_SD~XA>Cm)e5iQy8%b!l`;o86ZUuC8cmQkjty)uO`L0(=0(^)>uC^zn1I
zKHQGQVlw$eqSah48@g9+Aic{aC@452U>havFkQ!?MEU|B<yyL6LPKtYo&p&Cm|RE2
ztSg5FQSQ?Q4DrPx!wR7B3R-kY4lQzfkc*DsM7<T_z}1t>p(c(;m4R0R*#qLT5c`x5
zZAGap?<n<;H-#c8#WezB^HNq(V98hxheU8t!^ibFR9(ux&d~{#uVGD5xTwi}zq>rM
zg<ps-ex^IXJjSCw>NoWbJHYBo+@!W`=0tUo!4|fs=x@McBfVohcgYhzkcsd=7>w{0
zX5!_QW_v<+gEN@j<hV%BfG-cU3|P63yAVAMmXmX<=gCfai{BN80($e{>ywANJDrDu
zD+N2MaBWw>+6@J)-6h%44<G)11`39)@SY2kaY&8Hj8M1M_ew#V0ZLU%#(7sQU4p)H
zIq-uivvIw9eI~<$!=kCTPg%Xzz`5MlZ%DNd<l%8xL@b}eZN7i_>fUt}@*w~SgH$}}
zp${n<lSb_r7PNW=>pNWI{HK8sXrUl^<r^7s;xuVXFAHS+j@+jdp)60ap~4+%%GsBY
z02|Mkn>Nh}tDNX)s_<<cU?lY-qconssR}t#=Wmm#rtOXpI^f~tq=jZ}|D2~QC38o2
znhl6CJ}y`=sT@DpngVlNd|guNI-HuD&#|IB;|mGd6)x>DKONM#_z(y>O!{sUVDfF-
zieJXs<0doXY{-?1=P<4BkJ>EIU9C8q`6mo$7ON?IYEfH;>BYP}Ob@t#z8foeC!@Qe
zSrS4dirc812B&3B74~bc6$KeR={O2uJ(EZyH((jmxw~OYFCU{vI^=K97Rh+oIghL~
z$wW5qrdtH4ik;&Z^%fNH7+k|I=23=n#B<g<S5$4dUR~Z?!h(W6mX=@aew7?ikiQjc
z)h_(gml+0!JpL%e?~b-z8*NmF3z+ZuY)uYSvnaC*)lkBEYqA6#>&7nS12r{2`t$x!
zHbmIx{SXosGUn!1IP?5Sd~q|z-5}~^n}|WT5a0wd{1#YZ<nms?e&nGO^`Pl=#YCkU
zlC08kt>sBtRnPb>J7suS-uJeb*F*P_gxHM)7rT=5PYLM2rkFUTg}=~m_$>V_Bd7)~
z-~eksf>4QgYDk>g!fWLGFHgu;>6@-Fozk7KOnq9_hTVYuRfa^4CWTFcub<Vk$2<-_
zPwdFK-62N2k?6J0SzNMo&H5pWGoqW5I#X^Dd_rwE1MziO81KY~e~`|^Rv9EKs}JLY
z3UBhuhn620-$cUPOt+r3P^9lsN)MyT&oyF!N29E}Ls?W~{B;0O_XuKc&Pgt2X^ZaR
zG98*Ii`Ba5keo~SCLLacZ5RSt)*k16#{}pg38Qc2NK`h)_4^yQIl7#8w+Ot<M0|~c
zOpP!<Lz418D}5v0>)qfHFq7Q-u?%yla1b6ggYw_C0@bw|5v}z58A%SS1e^y3ex9k@
z#mQvYq>}kq9uy<!VgWyx+;G;In+aGYJG2%T)<*m!GRD7H_co)<5Als4+%Uaw!yCsR
zd~lFS;&fzB5d5QYY0U1l_4+x@E2wZzX3r73c6iUZfYsU`6%sy)8_VOSoKX?0Zc(I9
ztv2g+PxJiGz0Ihi3Abhu$`Z#f3O8q}rex&LAGLTqs`9%>I?t4yLN1(2h&tHXoZDH1
zTfs%TDVQR@O)Moh)fxa*3h1e`l|s_^dy;S%LAk+E8-{(y4^Lkv;<@b$sv+M{-Et#>
zIDaWOqu;kH`t1Xax2)WNoeHR|T@Vv{7Uw(SSXdj^I%<lj_Mlhe>9d@i6z)l#eCp#k
zQ#!1x+qB|;qGzl83DBQ))j=2_WFH}sdHntB%>?M2UjF53JDQns%<8lGC?0Pa;J+P~
zXC$NMz~%GPWCTlnwZ5Tp`K{XsB*H8twMaRJ^WnRWfv>{c)J~SuRL$_%<ZIiPXQRUg
zL*<GiM%-dWd<)7+`A+QNSP$#0m~oyltQS0Y4SSxN?LnUY$Z5B6#fSST4KK7}Z^4!(
znkz=kW0~G`VxfI8lq=SmL!Xq0U~`Ukoq5mq;-JB=62(~NooghPeKUf#Lgz)K=~*9q
zvUgsFNEJ;1U9B1Q2?FHu<nnL1T$Z1mnORCKRBU?ug+NqeJ8s3~w;+Zitw5M!PLkoF
zp^>Si%>Lv(SSrWF(+lvmsO`Bmj5cO%GX!eUSc^LT$Ry%2?f|WjO0^88#hGFfZRw$S
zgW)jQ<R_e?bvd5z^VSYThWM{a7GG$r@L++?)~Cuv6g<tMtXnr|*(t}u>cxW(E;30j
zVn%70X_nDwU)Hcs8Bm;4akix8T759N`X6oHCO5bwMjE`bE-#kRT}190EcHLy{3Z3%
z=Y-GKt&A{tzZ{dr?zKm-Ep>lDUEVya&XUI%X&m{ye(*GS!)bD#J?~+F45e!ES>xCh
zHQ*QD)N9<dnpoQ4Jzoi@jUOw;pjTSz^dqrxGSd>E*_^=jn+XTzDr`3%(R>zJZ@549
z<MrzsaOaiIh5=OfTe1)^N4=~0qK-<5LrO{ZErkzegbzQliyv&E)MpKj)3iv%OiSGi
z&Ydp@pH7;O0a1?Vw=3DD$^AJ0G9)SJ-bk|PMsGVXbuH48DW%ig%v&jldcs?5H@&@i
zz8_@Q8~|6Loda)&oC~vXsK*(Hk*{Z8D|u)d)aUhz@&?-*skuk^CTl+Ii$0mcEjB?N
zx3Xp!{>0$^vR)|&z53-Zm5ZaHcNhy~tg;p_j6uDvzXz%QteVat9hO1QrpFGIr}YwS
zCs}Sb+k5U;9Z>6RpUtX0YqTFWy%z=U>f8%cnEdcnIw}5(h-9CzV?Zh}@|U-65UvhZ
zK~=H>5&Z!_zg#zL*aTw^^rzsrwG4WwM7^8#H%E<u=rYo^r5@;=B53Nr7S|6SiEQWC
zwJ#U9(>-~2(hrg$mhktRdRw`6YP?pdh=$kZhHHc@!ga>ovBXOLUBM^F0q2C8Qlrkz
zw>w=42ViCYhRS9I`CoXMyZ_^eJ@UpsVle*APBN19%+xgNeA}l5Iz7D%FDl7Jr<|Xn
zt{7!yW#L7iIj}$H<rQjIV3NL;*Vu=!N*k(}Fx9H2KMwNujIVwy9j@ChI$6U((I)cC
zgZN1EmRu|qy+ub%oDNnG7ob*;RJ>88a|4vZ_hevS4p_vF!u31<Hq=){oobR#Ye530
z&EqxNv!F&*9-fwq%|(=FQ_2{NpmMM`G7r<cvD2L#+Ho69vG(h)Ul_ma7z*Hp{n2Il
zzx)0Ya}7e|0_1^Rn`>zS7`2EFgM2JiG9INs=j+>hl(|}TB8jP~EFck|WGb)dy-P$u
zE~rC|XZ~DqsLDZJky0?&d?`Lh9`044A#P*+3!b*mZr#D7U|-4L)tM}$-*)ubG^hxK
z^_N|t7vpkEHX)g<T>qNpT(MWYpVbv*ts49v)3fP-_X%4*_vG@>D~Fij>ZYUuSKiEf
z>sWk4ly_v4`CotgXSB>4#%oBjQX_Z*{??Q-U@xjfBih{eMyB$VQLv##V;jZB^X_6c
zpPgCyrKP2hY&O4<ZfkohjnD4EAeUqj1g4%TGVwjF^YB0Wex^kD<ER8e!6A_RCqKmB
zzTkxC*TQ&#t#nW7`_j4wbHW*bg0k)EO$wEe1oJo!>L**LEP{G867DkiG-Aw?_HtTj
zZR!7cs((Y<e?OE<@hUnR7f2~wTCGP)^ef#Ip!Tv#X8A`|+szriAIo{h!l+h1pWjWy
zq}FNX#pva>%UxJdpa2i9MEubx@_*ClrE)DYyf1x)HLrCnVVGTBpajfx^A7HN2SzX(
z7IvJ1zkkF2=A`COdn~2?M4`v43}*4iSddW}W)>~sidgyZ(LXNo|9zmpjy}UCe5qyb
zeP}pTqiWpM-<3?%p`2S;sRcMO&xZ1pZ6**q?{o9=bPZKD0qw*J1)Is$-3VlP`cyZW
zDDGFFlW&O!Hl9$r(w`QFKSihf$7FcPKH}xocK1kEWHV6GQHrqBVhM*lZZ$)O_mrC<
zlk!^mCVYOD*QAUilmisg`RufoU_dr9<D>04W~Qw7iA?HBW@aBVB!Y|__{MZC3_1TB
zjQ`tgJVQRYhVxEC3D{PgxLH*R&y!(hpb>L@b_bV=c||>gnZ$;*`uRe0sO;p<XlY`u
zYPvwFJD_D(+6>Ux<*2ZGuWLO@B1zIJiuIK6-!FhbAhsJ3T=jp+zyBEW|JB#;b@!e<
zCX^RkSzcyki+BpxGWQ4K=r~!D7Z%LPxn6uwN#T-O>KciRDo?SEb>E(V=j8UKaOYHh
z`t<x)MXMwtb>_FNU!}v8!iL=6@R+adY6-()eZv5$ZJ7FqlluR8nilD<-9|F1rrE!3
zweE9&!XzqhEY;iF4dEOsO#;f_bp7}$4T+t<-=#2cpP7yIW~9i#rF8gh?3h#LmF#mg
zQ<6=8#voxh0d4ZuRILL;8;!WXk`&50Avp`yAF4Kt9Z~+t7ts0+T2#7wdf*JQkhhg|
zmpNL;)v)opH!+CE|K~OI4}PG(f2`ni<NFRWq|P&s?A=v)<hv_FL&KqJJ8j{Ol6>7U
zLS3W0Q)uB(WF&r9J07Lg@jF5u`+eKBp?Y3VLI%)iQek(daFE<dYGuHVl+*nR^`rg-
zZ(zr;T)%DD^T)(^z;@^2s~sS5KQ=aY^=orAH5l`S%+`m3yWy1dj%Ol|*W<c~NT}=i
z*4hQ{4Whioz8wZ3Fm&1Av`m^z&Ql7%`TGPNXCCJ<(GS5mawD`Ye3tycPup_JwtU~P
zgg_+e>DvW)%+G+Zb(^6Wmu@-m)b3sFOXd(cxo8*5*29aT_XD|<bC8(knnl9=bIr@>
z=!bKi@3zkJ9%m~GHnUI$Id#yhoaCI7lXEx66HXl|OG_j=2WktPPR7coVB}ADdCUXp
z>1%eNVS$V@$N7%?aOya&r8ta@W$Uq=oZ}oP-ib=XuIj|9gD8zzH|^3u=eymQ=<#MS
z1t!&VF}?Elm>`nf+3|#nl;jmbEqrKRU;tMCpAG<wgh(>8KbLk!!Kf>}HuT7a-68uM
zDD~5$9Zo~lv==|Bd2%#8-)PZ!5*$%84@sBAxz{{pq#L6e#l7A3?c4LbErZ;r%yiQq
zrLnpOT<GijJd&&}Ya}Qs<Rw0{B}OkZ7TmmX+Xe?8W^pf#+9o`nwm-HCsarUDmF9Wu
z+H_U>8iyu~;9L8Io41f{Ll@Q@B%DD0676Dn1M?!>4bP@yV!mkPc#Sa|M7I7a2e_S%
zsg+2hXCt(t{rFg_f+s)HF+b;-f5C$2J(g&+gAmZJpVzJ~c(U1`K|uBEzV$$;$8LPO
z9RK$-{JQ_CFU7{qOpw5t>sa}N8@g;zZ~cG#>dH8Ovz+w)K?iW5Qp2he$N6G`LceeH
zE%aCXMT)-$unQb%<QTar4|FxbV-*g6Ss>}1L5-j0jQJ|KG>_E$1xdz71l|u(u0T6X
zDJI()GvW1-=66@gETSd1WiBcfH(kGbCK5EW5YWc{#@=<ma%5dt70|A0f9{z$0K+->
z@~f*Fl?k(_kJjUWDGbd|5B#a>ckKEbWcNBlsoVK8fc9do#n0)1-k<`kUtLvMb>ll+
z*9_Sd5~bpsL5I3@Bg22qU$n|InoTa)JkV~EL?JnYuG)Am?&`%5lB%?#t{dCFCaSBG
z5nox!!@|N6FW%_WlLfFafL-&f288ATlxDKdOinIeOQ|=Z8=HZsTZ;}tHvhtI7ue{d
oq{*#)NUakY!CI=1ip5-ACv&H;Zl@LkUjtr>vT8E0=PzFWFMqPPvH$=8

literal 0
HcmV?d00001

diff --git a/test/integration/consul-container/test/util/test_debug_remote_configuration.png b/test/integration/consul-container/test/util/test_debug_remote_configuration.png
new file mode 100644
index 0000000000000000000000000000000000000000..01b14eada6d9a561bbb4a8b9243babd9463f136d
GIT binary patch
literal 285715
zcmb5V1z1$=);Ep_l7fhUG}4k%gLIcPQbS4%-8D1{(%s#i14Fk#4&Bm9H_{FN;W_8L
zkNUmO_nrS-*UY|W?|sK!Yu&4UYX>VSNIga;LPtPAcq}6=u7ZGo5{H0*oQ3)bekOX{
zM-~AAy}(>dOi4yej6%u5*2LTjgn%F&9G{4y6g!Roe*dnJTT7H)Mby^U2~iqN;CMlt
zhWf?Fr$!W<&Cmv4OA!gAXA&C7&vfD`EhU~|gc^QrqX>NuWx=;9Y9W8_+ibhwaWvSU
zd^B(|B(R>rcQ%+tju3(<#iS63htTr`B=f~f;CYq(0p=XVCq(v74>5$7?KnEihKGgU
z_k`Uvx3r^V$#~3qvQM@9+(B}BmQ5WVycfk$SOPh4JP{1uz^KrSK}N7(U7G6aeX8id
z_k|M;D)Mn(5&AAgik8PbWaJ$KE&Cj<0TF^Ldmt4Kg0KmNw<JL0{mP4GDyx@EXcDNQ
zI4%P{nqS1upMU9+#$2LOTr;KhN|gFppC$uMBZ(018f%q9TaZn9sj$9sli7XHPD7>3
z`}XS-WrvUsR+6eWJ<0Qm+D|ErlvV6{FfrWT9=uJXJPA!PuqiOT#yonh_W)YE`S}A!
z8q={s-=T38m1$DuCMnz37@8kYE%=frF&(L^o%79=*?rJ6nfo#`pAvF>o&K`%op4Yt
z6g4UQAnt-@)NcCrf>J+nx=9eaz`@?Wt<jTEKJX^^IQC>Pd0t4rBV{0&ka3nca(`8T
z7?&oLz|^hBB6v&;ba3sYpDe_|Ct3%<XpE}16a$$i!49y~4W6KSK6rTkfb~g)ruKWM
z%+8^K6sr!$;Ma<j&+?4fG<z_XIlfU=bm|1u=GQ((h~0O-<Za1UY!wUgww_F!^3z#<
zh4j?KD;gWYOkyjB!NjYpM>mHWaoC_c{tdLy>#Z%?!ysX@;rB$ti0+@BCq1-$hn@C;
z@8_di3M6sg*OjPtBIrE`Poo|t_;F=DdFIFb4uu{??VZqT%n0A*EW)%$1fM{5q;p8%
z&s4)0k3Px1LSOK+NA<OPf}A625d|<tNEVrVg6rVlk}XV665{vt#RF>JykQ43QdP`&
z;niWmqDPm=yvVxmD@5mq9~NN~1uO_>8a$H=Ft4PwLLKr;euaVcp6Z8xC4wIM`d8$i
zv<;XQ0g<2Ne<GjrdJ^pU>wht#e@~gcK~EaT6B2wV?w_@!+)IyUK~sXN7E&TPk*lRl
zS~OdvH;%f6OB7m=Lulq$!!d(R>c5tgn4^)yozpiGI3mB{a%}BH?*8oNvDjy`cm1yv
zo&#v{sXnc|LuboR@=KEJr|H-2M_3cU56w3Uuf)<6vLXTCHDfm8G!xIh7l_>LIyLIH
zd!0r!h`H{I@!8%E*dRK`GKVwAGsirKut$~gajHvu+3V+lD~>mF+cW)8q0n}J@{UN{
zXQ+>m=tNOJNcB)z(UMTqJhgf92z6OpA_r&0|GA7DO~s1@obBMmpvYib8R{68-soqN
zPh-?$Vba~w8q!{QipDh1m(#In!U-|l(b&;LvE)&UD)i69LilJhVkD-;i?em|`13vE
za$&%ps#RBq(iMi4logxa))=}T;-2aig5LGML|A52`wO8QVWn59KUKfem#G#hz0M!b
zeN`Z>R-=Nc+^;lOq*>~!W-pCaXk4^X-tm?}X$In?T$~w_v!yIhth2?t^<ax;3*oUW
zM^2S_agE`OvKE20Do|!xokxpDqfzuC%z>3uf;+EzbMtuMc=_1lc!(i|feEh-_9)&x
zUYmhjb-k#m^iVBSl~{GZ#9Q5{$gMQL*jmj}-6JPLom&n2?U3?fuD6VrF_v}25y@U!
z4o~+w|M+_@Ij%2U3FbRf8{^N%#z&7Qo>}gVwiNN?NK83Qy_uM)a8|d}OfA_hVIE(o
z@KU%!7EAtYn8yKoz8j`Y`j}LRw0KZ3oh98~mujAVzP9Oclj3oZyIiYr>#n=Cd+z1T
zrO0L9$@Vch(G$$1M=u}oJ?6y}d`?8z^}K@H3P8fH!evOjN<2X*04R9gOvuVr0cbPw
z<uXXgOWpxAnxm)ABo`#9CoR148`v56Xwp2;v~IY@JBT+>o-u2r05DB9O`S?U0}eAI
zGEZu8YPX~m3bA@GOuCUCwE<^<1=?hlp2qpctG2b1B@<iWwZ&XhO<yh}9(Q(io5ah9
z4p?e)Xt(W>&0e{vHd8d8xLCXB?~?A&oSvM1#k#}_#)`)hkR#%VYm9d5#97|>(EvNB
zS*D}&C}b*JR`B6T<tyZw;>8}|P8rJddFS08T7l6G%9MpLe&rf*hFC&UBZ#}pXLggD
zGx&yXvaTrlKE}g%zqqd&Y`!=!J3jxuxzhOMsD%L5H&xnG+Na&i2Wy_YDvqp({8Tt-
zIzBZBPTqGD3e$hTsNPOiN1NJLVGw!AcMkb!i%o$djueN&kHPsk4yo?ZXOUZxSzj^~
zVx&;tR54*xK4a~kSf$+I{OtAsgRi1r8NOr$YWuTd?+0Z`GDQ@HyOM9>H1ZrO$Jxhm
zmN07x^1f)Iy%Y=6kdu+K-D&xTS2eXfzWmXi`Jmx^<J|AS2&08yNAp$GyF{fVJKOA$
zFLVAH1jVdx^qowqt_=s5aD$UNk~(HOSks;;aG5d%r>iD&!cJE9R@zn?kLr#BE?BOg
z-oAs%I>;PGeUhk@f0eeBppwE)dHgH^L%;AcUp?Pj8bgLJ4iHTiyAbtZNV@+ujmp#f
z;F&}-=3d=VW&kchh({tX^L&+)>Qf4yBs369zg2I}3qR$;am`D=8rE5^X38rg1*gGa
zolYHP8`BK)g@BgNo|)H~iP?$viM7mAz%~=NMfAxKFUIV68OB-l&2k1!uF4tk$q%j$
zE^|w7ZOg_w<K1Rwwrwp8P7HN|<Gb%yV!GKn*?E<wtw)z7<Re1pK07n-stu+BY$aN9
zEISiA^E>qc4%~WIy<3IQOj-bq?beJ{yW0@{4*p1jhxU9O8H+MgFYD$aeoeVKpOMGN
zDVPs`zd_4FTdOv<;cZiOJyT^FDDk#}xw$Q_FmAE@XOUUac+s5Fg#owiS-HTT$5tt4
zX-KKyKHgqy`w&?FZLNXxruWY6&dm_EIQhnT@`dAo$cbMkN;}z8(k%fJ?}pZ{?1BRI
zTo*@D9lCO2!5F)hHDyRH^U2!D7174y&hAfan^gqu)VB`%uAdI-aQksj=pHMm15}7Z
zQ?d$L3P#rA))o>P687HS7S3p;YZLp_o}Ubxr;p*8#tm5s%JOU5xh(12HdY-i9Z?Y=
z5nRsV*9$Z~_c&1S(Dazfe=n=Sa;4Mu?eo@aaOWy)vs6JtQP)V%vdzY)wRo(e`hdH6
zk*Im6ImPDnoLS?hYjv%M_t~_zO+CxpX_MCl*45xi^Jj4LzQla<V(jpkM<&>3L*&wL
z3cH#-LP+c8`BB40@R!)pLL$XdAMT6R?5Vahxl9fH_39wg$jinX*1MkT<v!uhj<BOq
zk=@TJFSfJCz6yTj)@O2M`>As6;F<SRu~UdqpRk?xBJoN;J+~_NA%q4(w_xR2dU`s{
zHw(5l$~ID5G;JZjQ#w}OUH+liuSl9{B#0fc?)lm4<(0)@?TPlM`fgl8TwKG5j~ra+
zSx@|9V;{IWq9)@mA!IEey>EEuo{{m??2`Ol$S0qr&18=^I}eJa<Tl(8JaGh|L<qUP
z_V_<~qv=OUKLG&j>B(M&YsWGpqPMsXl?YqSH=6GdZeNaZT!XJ}3z4B^KGk=K6HgIW
z-g0Nb-BW}Rkfw}@ygUK}yp4*0^neHf8QyvT{|Y`J{-3tw1A2sqf1O7}KnOHPK>GJR
z3h?9oCkp<(@AI$Y!<YaB6!^cV@ULqY;(zW&iOYKUpEhz9{2GGDTQM0K`0=fg0|;c}
zXlCnFTmIlB`~;evG|&+N0iWjn`#?s8`X_w+Z|16+PMY#^yhgUxEC$B5h9DMKYrFe#
z5cpkr;Z19hlL3XRwUvz{ud4v%Uw81r+xMqgDJlNC#mQ2DQd3@uLd@0yL;+xV#qx?$
z5S@a8g5SZ|gjYpe^55Oz{{$$_oSf`<Sy{ngFbkN2#n!=;m5qmohxHXZD?2+g{0?SE
zHybAdS7sYWs(%ggpK-)Njz$jVc24HDHWc^c8W`F-I|)!y-cR&DpMR|r<ZAx+Og4`H
zek}L{vff`|Wn+28`afgCyYk<k<yA6w1z7>b&8^`ygU=zz#>x4L|E~`J$EClg{H3er
zFI{<l@A}K7Kf9_qf*izbt>Ke83I5Hnf6x2t#ea9?XT5*+Uuf|!LjQFZPH91Oe%Alt
znjre~k;`y6BT3A~6;<I!xR~945QpJE^#3}-+lbYl<oy-l!Y7O%BQB!q`d}v=#S>5M
zv|Ew>fhgLC;TPH9XU#djAn@*d?b(9!S-YA>eS^)S+7$Fu?>&--#!iUtlPJp8Gct+?
zF?RxIt$fMcZme$1EB>C4wSoS0?RJhIu~*(_X|WTnQbXuCNA1SRndm&W9fYF-^`V~p
zyKmiAXSwrC_x0G9KKbQIC}6x~WR7Llu7?FYCN{pgd<=E&!+$wjC-1WJ&A^9&fnjHa
zliIyPh#FNG0rAOu1SATC2mhC*bh@y*dcwI65tjvZI5Bqut$d2~+oQ1-35?zWYpO<T
zhkS{nwNdKk;5ZxRcr;wW_+*X(S%tpI(XP2Zo5?bVS0$Szsw9_1{Zk~dnRrj*xP+*0
z$+$M`fQ>f!OfxmAF632(H5L<Z;2+~vm>SgPhS#wT_(oPXzomsghmGa`zPkS`Kg$NK
zs3$Ew-P&m(VYJR#dvo}OzSdgNTC<Fv&#u}u6jX|npq+A6?j;K45XJ&s3<QK{>6k&(
zTo<5?;sGvX6c_V+GCzhFp!Q>uz&b1cGVOW=fX&<n@Wm7}qI=-~i%5Sh<HHte5lyug
zYdzpmhxO6SoAtr;@}BEnDe^vSp?*%X674ssb9IyGjZjj{5|TE|;QkjP(`mK<Lx)Ct
zU9T^Zk%<7^Bje3c5Ofl?w^Rd?usd77+}0FBY5M<W5`6xx#~%vhQ{Q-BoyN=pG@4v?
zDaQ)rV<GLAu%;fHu>xM@>82KzvTqhkl%>vxMSfB;2AK;`yU(J)W|#6RrG=GF@d|Fv
z=k)&%Y4|t2#h?7tW+XVKk4ok+?a|QpdRZ<n2YT#RHdw(JrfnIXN^<INy>05eHCHQo
z13KHDQaqjAM*udMMF%IgjGhlJh^85b24VkSr0zd_ML;~sd>;a1*5XXOzQ!7D_24$j
zzxMA>=9toCSx;{08wks@it&DqJvI5GmS>2awjWPxGw-cJygvp(ifivSXgT09G`FSY
z7T4g>e?>)#?>J`TMbS0pW0Hq*I;&&?O??<cLUglr)`_Q*#)B%1ptqx1F9Q{!DcrWo
z_Ao^shWva`*T4y{WqQlk4i#FF|7J_Q|5PC*%pA|>)RV|>lsq^0oLoplhkBRKDK0H7
zL0t}z0r^@18L;1|oM$-w=Ew@Hb`NLLgLV`R&AJFs_M`q6n-)$!enk0HK)j7^^BcWp
z{tKH?abSyUmA(Ibm5L02W<rH$JI!$j@(t=-%A{SVGYQc*MP&A{wnO~Cse-?m(oFGz
zDHp$Vc3XjzkC1WIM1|ia%xP<GB5nQKbb#1P*~v}Q4Baa8Wm=%|vvs%}@B7jxJ^k-Q
z3ki+Wd{n#%yiHrKRT~3ozf}Pc%{N%<H3u023)8*TI}h;~jZd~Fx_AkXR#16${wpQ+
zO#-bb-r?$WH$2`!YI(rD-1D%PZnRb#yu78g8++32nQ=Ha#<(`5PoZ6BRYmCeUk&<R
z_$$S5js(U_CZ;Fh#n(Fa(N5dS6w}iKExo3sjyq_082Bu4hldWVvAF+>q;Dm>XIXKU
zas>jDxuX=)d3)Qg_Nc5K9YL32gk7Z5+-2(mylRT~TGwO0H4&5KmGESlE~CEZL4MgQ
zy&360rCCWvcuGOQ{WwaUSsNBe-a;oIo|I-ZC;@kEsaDI#Z_ax{^7|6hCZ)el4+D6h
z8aA?ob4~uo{pKv`si0Z)L|f+AM(sM-xV-jCsxu8c=<6Eiae^!E^z`&-8IZ%=#(SLA
zHMT(BifXpry52rdcEHeUd$JrS^t8i6rcF`-vKBMe-dIC##xl@sB0JX7RZzt=UFXtl
zrK?4&y_N`DOV&0%nk(-Gi^~5-3kq{Y>zSJ9qd|f0(sui0Nw@1@y4G#E*F38$v3atI
zEDK74m*+;woSS_6?i&0fwR-TKm@mIQnbTZapO646kS7j*-=G4wY|5+!E!|{a^Ys_o
zVlo%?931+W=JN(pWmgvN=50GyLs?pc4-XGp8e5JJ``8`Vuot-KqLCh96H!Z%d&MO-
zT1+sw?HtgxSStK!Zz#mGWY-5{rdSjU6mAvNAwZ+aDcT5!p5<C&QqIHSkXn;O8{Sbn
zDoXN^;_~a)LK<4!=1h1q!Qp)*djmQqgfz`xJgsK*SoX_wSZ&KR>2RkK^K!3<W|eSw
z=;)-h>iTiiX3|Uc)G$kTQuJ-QbX8Og@%K{m$34-iI8^%DnDYh%%c;Tp>Z1+*Aw9JI
z?~`NEkNTma_7wwIC#2dgJpmBz-b+@%n_i}mpuUh_bn1sN>MWl?eWxE6qYd_ERHii|
z7N{AkT^4p1hpSN614AIx*u2J&FqYfyI|9#Xl2OY+nNH&<I*e<e_DdOuQ$;Gk`e`}G
z$(4Dn3A5Yhi*+Jps2_KiqTr1xt=xHk^Fq9W>brRlhydv4_s^388g@4M`P!hFW5UB9
zf#eg@T|d4j<>->Tt>Cab^+Yk$J6(h4y&%B;br=nSK8d~0Vcg5ZwNzV)6?<iw@6V}d
zvDtH=Li2Z@{Blx-|5xFj)NOJ~aC2PmDFasLiFFT}7&&fuPu@~tRY-S>ZpE?et{&U$
z=2Ot^C~9{CV?`gNPNdi2i0u|y^cS2-W+P&}c?0TSnqartv|!e=ELJO3A8m3j9Ztkp
z5S9bSYt`dfiY-6J{u(!1=amXHvw`ZLkI#IU`?@Q+_U1ObF=oElT$&f4&#9JFm^Z#-
zHxQ_|9goFB%@P_{P9Hn54@u-AFM|yH7y<mM<YH*E5^^;3ok5}}9J<&1JHukeLjq^V
zYj6ce?RJ%ZFv$QIX=KrC5Z3e9b*^5M-j|#Wprk+B9g~XSS=%TQg`U0tLRYF@9=D$1
zqYSY6_M}B^eab@DYo1GEo3aU}>6Clade=Nu0by<1K%`>Q(4ud@+_IEp%GAqO5bIH5
zeNZ0G)g-&T=%rDR8vgK>)3vfnNw8#86v#a;bhu%ZJuq|Yn<n<V#WMSj<m5GxD+LBN
zIR(pIo@#H-luJqHa`ugvwVnxNiGq6yV+Qv}L|8Vbl~YXo%e?0=HT;!^ppzLyY~vw0
zrvY4TYR)zNL50`@+ANW*I)qKpYl_ZNiK(+)A(b<kvIVndmd@3cVf`A6z9-w<<1>j^
z7g9Cx3f)B22a=cK$K7GW$Aon<b<3yK<AsIl3w2poldd+}2U`}vi#1+uu83b1U(a*I
zUQ`(Gd9Y-jS9efNa?+sSmE7iN<7oQvwr$Icw}sxBaam<YZxg$QBFGpw56SYa0Z1Z^
zikS-zqiA&EEZ?0DC#dmEGkty_R|_lHZWLNHg>9>!?ai--jVXrGU(JITd-L{bQ%^SB
zi4$aOU3O<APG@a}dI1OV1WY>gnLf7?e&N}k0}~oDM{5HDCJgjGSG(f-T8c#6HdaOo
z1WB6jh(a%`hlGY2Ov%~a{prh&<2<;zEzp2uKnJZlZq9SD^Q8<}ZK;7@&*lmZ;fhXA
zGKa3v#hPyFY|o;@*oedO<8TzJmQA_&K%jXAKU0ua{J0KZvMRDNm2e<Lwy$q>kVh6Y
z7jvw|PzrL;)6?dA#5kTprhE9&2+vHuAYzdQtQeWCYS1<ZOmvY2)ynNTShPvwPBk8)
zDcj%h8ZJ-_B#D*{kiOMqZey&|=z-doR;pqNF=PEg@?<fJl&rEZn_Cmv?KczoDsYpU
zi*??1MJ|1{_+6Rr4aHmJl5I$H*T)gGz+yIMa_<#o#z#`A+jZ8U$;$@iWyzRXT5c1?
zz69o2(+tvdfW4gtL0r1WK?1Y3nn9EIS9f5GSyipx?qs=TNA>8J?aAW!tz~l~T@Zqd
zF(xUmcm)3vDr7B!bapkvW53UgV1D7<_69YXNMl5RWc@Geyl-xiJ~&C6sJA75$!5^h
z)qa%l>~za$ElV(VV13VHN4LuB>NJlwpDosQXNq}eZRQQM&VX^KNjBA}%sPA{8N_7A
z7<RTD^{#|2n<KIMon!L#YG9{%XmOeTs~V2axv44XvjDdxJJ+P_IoOXayDz<Husy9v
zh87608eq*9?|2DFtS|*fnWRIlxf23He!3enMOBwkK<Y(biG2mXn;%iH1-(hMjm=kt
zP!vGLzTo`r*HKWRisJ$&I*-oA3fz{r;js)B?*_%@SaW@1AzejUNCOqNpfpi(u56~)
zX=7ZRYE!Tc+-ZI3SjlOl0+cN0=F+R84S$%&=Ax@o->vU+6OOsDsE>}0k>^owlVeGR
z*EHe(b7$I7XCx?BD=5QxEm?12vRr$0&ttE4ife!iZkL+C`?SrEiD?BqPLF5o=xp0>
z>T0E(r}n;8iJ=hI&A!@<%Cr@`uv%>UI%t_)rIgMOvOq%7pi9ZRUQN{R{W%ZjP_NLH
z5a5Z28|f0Y(lD-buv%H}*yp)$8lm>qowivU6R$}Hr}VmoN{!DN<-;DQOq_gK9*sGG
zh|^~rg(;)ASNn7*q^|G8*>tP%2qI%UWfNR4(s`X@VikEse7_tqLfW)C1sq~&<@0>n
zy<HxZdupxJL_tT{r{68@4kmMSCuo>_cKRNKGuk4NpTE-)9J}LCZ@bv0qN(&wv%XFb
zl92rT$GtaYYF)N_yuUcq@ND}<Iv+Ts(p>|hwn!wHGMVDM!QC~VRPYe%oBpwYgG_mn
zMupBQ%Pt#mq1EFo#1)@00rF~pDlVw*q*blYE>XQg^W~y^#tsV&QK-p4f8x_Fu0|~b
z)8vyqjkPnIuCQc1(s|XKx!HPK(<SfqR50~yMXN>%_${|qf7*qg#^jye9-C)FB7}~}
z&#QM->G}lj{LWaBXtG{jtCfMxW6{h{E(r7+WcM`*h8DKx(w?RG__;q9B<<gCav1gr
zRWH|KW|S*)_BuOGL;Br~&jO%*bB+e)CL}xWTSD3>TQ83}=KYU*%H{+1)vAmF50cZw
zFT-(S6?Y7ExU_M`fs+<u8S>>5l3czHRI%$r<^0&rJ9~olPT|+{L9k8fCi;nn-XD!K
zw0@#hU{V#!@}%v<<02V?78dgs^IBB}sV#RC6mzg$1*skl2i>zk@~FnrYt_3cR2cd=
zabn|m0}O6HQX(h&VoWW&og20TseUz^PhTj-_H50lWFMrILO6YVO6hWyRH}B$>ldqR
ztS5*@GBZd8B=K1*bok6}EV&+)vxYM>#2{nf&!n}UEy!XKa>1ILy>EDz*<GVCiFwES
zjxviVP8P1n&#QMX7Cd%e29h`gB?_7Dk+|(O66`p)II1b{#JyFB@g+mn<8#kJJV>gN
zz;W|P)*J{VbC(v+xD#d0l8Sr@HB1o_qNiu<6Qx>^tc?MLhOLJYZ}2#-xyu(Z{!mS}
zH2VC!P7h^Gyz@$JO-jNmacwA*RYLMv#Y^P%!qr9BBl%!j$<iX%Jswjj&dnvgX1Vlz
z!os_8)D%)3_4r&Hh2b*=U8Sp7tuk(Fq8a+K3w_Uv{2eyWvmkzrwmjq5FlM54;0C$Z
zcr*?%sSeMbvXPL`>3J-G(JcPz-jfPyEB+~X{qt*o1Ea(YoE%A2_*a3Hfn@A&PG>Ax
zS#3vhB-U<-w{=l~asb2X8`7h4U7_?>B7!$gzEvc))K@#L^<mGe+U@1%J1nVO*^SoZ
z+-^>|%X)}*!AzQZ5cpo9xiFYynl_63;c#vc=q7PYShD`mr=-*rVx)wDaB~xJvLBW3
zl6CRLe%o2wh9vSI0pEui$}G#84-Zi^AI@s%xr?};Ia@mCDr3!h4TU%?+whKX*2qW9
zvDLt{L8CogqIF*iw$d3~OSa5GN{-eYYf&47FfIwon1mX{VqKktzJlFVhp%yN_mN7F
zL$DqvM<^7Fl<ymI$yVhI#P-G_b<Ep3qm@t!yFjNA4l#Cy#LY*n9$T;=PdUZYGGmgP
z#*+}`<3)%Wy+z~Ue9cH3NWJ>R_J}k!K)Ft|g^am}>E&XR*xF*NDqv`ysQV-RuaWVG
z8M-I(2o4F|pBEslYYax|n&z849;a5g`=^~+IB|YnQqA6z4Oyq!%@)ba5qtnqgqxKy
zMbMXzLslo^YbA*1$m^M=^Xwj8ss5jIyJn_=pRvd|r6U9{>GxgA;HkSh&1}bk6fV7J
zGv87$2TTSCEatyh8H2j$nmx4UMFQ2LPc?j+2=@P+-9bfPZ!@pO(!MhqR5H?`=<}g^
zkpHWeNi+YQB!U;dkif|^BbvGC`3Sf1a8w2c+Zk1JQu1fYM(S9LKZn@TeH}_#EX9-}
zy1t;nJoc&rNnE~VkA$f9rh+<t5QIsS?1IbQ7{ua0vUC!M^t$1qC)E@6A|8KyWNqnC
zr_2RB@Qcy9_alXQ(ToX4oQAVL0Qko-hVY0*+}@8Umm|Ccih*ZyzvO+q;)6(`G&Y%<
z7NZhlzczSH{h@@b95+OaZYDck@+<iZjMb>&QtlnsnxczF@PdPz;b(Nm1W%PSV{1pT
z$@U+ODGH)S4qnrfwPNxw$g<f|Wcm8-yrt(RLX}i7Kyb}Nvq~OKm#%1LdNtxw;~}5@
z<GFXiTe=Ppzfk&oklY3Rbz*C!q<U*DV4NcJS9hVv2yp}{%gondIKBq!YBm@bbbSuq
zmQ%`LcP?o;=t{*wQtMF_8KZHo;vdqSum}NHRM>E`9aMFb*Y8<36V{KLrrD<e8U61z
zxZ}t3tF=I-{?$!`r;Bg<`U1(kJGAUAu7c5FT2i`?gf7O%+*8;c=chd{K#8jMT;<jp
zNt)8PRhAjD-c=K;$dRx$IjSdDW2Tv2wB$aA#X^jGj(D*c7#LKr?dM!8%6fXU3~Wgg
z^5?jUf~%eHB3{y?5X82Tk-7eSp<KUxwc88<R$^D~$N6yh<E!-<%lCzCo1c+&L6sCx
z_S0$Tw`nn*fj$Qk1k$s0ZY~j**)|!8M2QnbbtTnR3}<chug*9Nj(zr<x^0MrZfY{$
z;4aSyn#otBQpOb*a4)*g*3_0sVyrfKo?iA>v~7h1$#W9vdzV~*rS8I&`w;H<aB3da
z<E}pZ+nM=GE>cj75=x0@x$p?W6WVT2cz>us12BonMqlCX?CkqttVDTIeY3C*KeN0o
zwdygMApz4FXOe7D=gkKQsxdvDz{Dsj*g`3t?1QxHM|}^X47Idk3kT;H!-xbqTY^05
z!q!x=`WCS9&@)p!v}{VJZy;4^Dl!5ryOh?aR_5d%sR*ElfIK<!$)#`nuLZ!kl>z-f
zESW6>OQsUq0r@<X#I!as{@6^_>%V1wvMSKvZrCEno_66-l0jfX>a64=tmp5<Yem$f
zP9mq!hBhk`9yhg2daG74lAX2GqE51r9K@2RwnM~xG`4SOXz}+sy53CZ!!2_!UZVaQ
z%kJWqcj%ItqqAdCnW`JUQ)W3hBqS7cdyVX{!zM*6(#y2)MW)lZHcTy2Cgl<425UE|
zht;{w#?R3{R*wUdTr?P?JpW|9T-w@1=~PfxpPERsa&8xn^_=sWK!Q|BKNrjC#d<oy
z$m!Yu&E%5jG;~!`+KRE8*wQwfa9i;J6-ER;KVObG(ujrUYzMm9B6`A>Ma5`zJxBa;
zXq+D&yj2u3GJ0EzT&e{`>E6tURS%=3Z@(GjV|P1z)@!?{hs9=-gCWNR@;RKE@(e%n
zSizBUm3Sjt57Pw)8ajF;uTdvtrC}}9($KT&Hi-*f82jo<aa+%HSPd^2>k4f1Z2|C$
z-rtSNLR`rnTqY;M=t#&f!fsf0;$@;b&%ulFw(aQ~-D>4oI#WY}GhIP}<Zk1krVC?M
z4#TEPD)2;^7i%mVx}CM%$KUhuN~8}S=jIhRn1vm0a}QgzUvkNe`W}93y^<AC;865Y
zLsliml(^>N+YrFxW^zoq!UJw;@ljLE>QDu2nOr#tSjZZvfj_UQ@a&c*yL{^PE-Gc6
zpRkHGU)-vwz;MI_od<00_uyk`OjMb>>5sBHI2AfF6ff>$P&XUZCAYsQ*r{RDZ$JHV
zTJBK2Fl-DXlw@F%qK(BND}+ZiZMxp)%hx@WI=^Oyvm);O`(?rqt+^7s!hj7KwYl-z
z95mP<(YNsRwCbS{JCCx-2;N7DzM=(MC4#5txO*;N@L^t8$I-Zo{GUr9bgXU1P`Itf
zc9^f#ARZ}C2JeTmwnZt*%>jLQSB-H4r|DELml08rLE*L6a76)Ya*jXn@jC$3S`(!5
zs;!9yU;_3$BagACIs(Zom&92Q567#={Rz_a8(lcSOE__0Vt|}?&Qd#Tqx}_hi8q{f
z>#BUPHu_ZZ*`)pD7+iXo_kDhT7(hpdame>CChB>2GFB|z^wOoT=x)orT5v4!b>MZK
z3dkz6hpMGbIXh9xl!Liwo9ZjL<NZ=ORPf@qFQ?bn>$x+KC>KlNiAfl@zK`WnGiwbo
z(NhCS;BPrX1jOQ}cD{$Nsp!uhW58xi;Jm#;!HUNZ4=1uh>UTK8jS=_yQrMcS`w<CP
zikCXe5Rh`GcE>3dFLVOSt3)WrZ`2+bTu~-he7s6`F%3^`yd4WGfmRnW`!_#+EG;Yk
z5(3&O|0zIPdnX$;Jl`RRGC!hCWXky9?pprr#Vf$#K`(pqqu|EkIL2guiva3tJ4Tl$
zs~|k~-2k58$3dgNnGu@%gai?WCS0kPYgtRhmoyZIBO!yFBTMnKye-@Puz8j4GYF9%
zwMrJ?$*zTyB4sL2X6xB$1)X9trES|q0+`ggLIkIu(MsWT#!->ycv$Qjn4_L#@!4a(
zc1nDu+mX#<ki_lwg1~AdD~lhzr$cx)cZ4%gbW$GTa=TK-{}$w(lsuJT;?45X))`15
zXK^#z+FY?H`jSk9C&l@+57I)(VM5);b`hnVyVLyRQbTrncK;l*J~*?AqMJVSD(9fj
zVB|GDed%zSZ?!B#h=r$JJ6A&+_vLLvT*+U%`vtwv!D`}tny=AZooCBqveZ;@`-^V*
zr;~K6g_h)bxgP|vwT3^zFV#dED>7S~Vw*2Z7<U7b8Q#eS*q8y$K7vlxvh*;V93P|o
zVI{1e{=|TJT_!(=sV8$j1wmOLYDzX0?haIAs+x9cT$8=&09iGKeLXXG^>a=)yaJVk
zk4T$6P@qbaQDE35wX+D2uK3RK@Z<8&#x-Q-NNd8@?B4OCDKt>PVZZ5??_qjtp8Z>A
zW&+xRC+VA2E>;Zz-^|-0CMqY`S9$3iogQ+cR$H|yWq7N{?MCg}CT$1w|K{H~zoAI!
z(VBn%<_)0tYa~DI*1|--YNxz49X&lnzg>aMa|36}Utq7Xo6O;xL7=;vh{#1hheD#w
ze3RSRBD=j-dn*5Qa|B>23v~?-Kqp1!_7Rhmy(5z*lK(OZC&H!YJ~J9kKIGq}p)RW{
z5AQu|+a7<g-=>kDTw2j0>fqqeat#*|$ptQ!UO1c6>`eu-e0(6f;g3uAJpDGm8AVpH
z4C#9F`$7dDdg0%48hkPB^5r{t4*UFia%2HxmyX_(6`pPEieRo2Lq&%{T5p>??`}Bn
zewJnJL<XkXi13i!dxPFL;oNd^-}k9B8!((VJ&#AEQqG1x`h`#-`y|45F2|4Qv(2&D
zrqfefKv00_V&Brzy76w4^N39>%I{$(1v63rCYe>dY^{>I$n;k9WpY_o84CnMn-jx4
zYjWqCbh0GsW3<cykR#z!QR}*rjBG)9Af9mfYl{%G7gW(H<2_oB%-&+ihV^Yja2J6#
zsc1f$iBt0Mze>yT^-ek|oI;*9G`j6gWfyC0bo9-<Kith7-R5~_U7ix<7#Q+mc1mJ#
zu-&*<#njsJQ3#+ZGI}l!ejTLi@YxPwPd*7m&i3^b{U!aG6>)Fx+pqTc;IL+et`Ldy
zI1Wxl`h@5)4i){Cf2`S($*T+tc@Ufk6UY$sKsX$J5cEjbL@L!%3CS@&mDAjCjy{vF
zvC&#L;UczuPD{QNv=*<Sv$xuei#K~y4C+%q9bGNOTegI>8yxxi9>QV9m5C|6GYxM1
z>hP6-ZAf@!nwqkD=X8pzh1f(q&&DSl=-us=$4#-ccXv8itqRJ&Kj)Zd)E%MM=!&#D
zH>cBh93%Z%AO*Q@s)$E<`)Dwo&jWZwz!b&WcCO-mo%<DZHV-~Kgog+W;KjFGF7{FD
zX^oC6jq9S5-;*im3;n=KN_sVB(P3m9lSa98T=Bty{&lgYhGzP3m%zlHSPRE8Luj+9
zxsExGV|5yQpZ|O=IM+e9O?SC3TDF4y@JT7=#jgqwo_14tk>v|5SjriZR3bAQR1M>l
ztv5zqZO48Yr@TA+O>#bPf^)!M8!P2hU>*=xh~Ga6b}S0R6PJIX7A?<Yz!;X&hpi4t
z)K`?3f3kaz;&a*>q#k$SktNYROKr1qc<7wCHdA4)+r}5LZ#&&0p`M~?UYzIK$19sU
zudVg@8`fxQdu=IJE-Kin!&UKPJwB|$l)G|xWWe!jhdlJ>hjByxX0q46vYkQ=kt?{2
zN|J<v3hOmR4zcsWC5#c`?l$tVFH-PQQ;^%<Uw3P~I5y2=aC&c)>?Y^lx>eqou~b{8
zloF?*H+B>D>EK0On}5LJ>Bh&?&OTe`)*;tR`uGN^Jp1M(CmjV@srHHYaaA`J(){<d
znsfp^S7nod3{o{Fg^zCSZC<M%aU&w1&+sjG_rdd2EiJyjWDYaMg_8XoWFkP~hK(;6
zdAiLmdfM(eHlwD4*Doj)S+(kIm=kr~tAOi-1d2a6y)K>HRwt&YXRglR;u{&HPi)Qc
z+1M!gwxCLB>RDt^2@Aw>OccJo{R|J_saO|3zr_hS0-8zR>T!bg_8D5p;6dduOl__;
z)&Ek8+=sGyy+47=a&qPrH$3~gqUzIKm*&#d+gAz=A<(n=yZ6j7FNYSwx%v2Jt=u=L
zb$P+jf?W=cmQxjb31H8q-a_Nf5Ii`*_J?4M%1~?^@{ZSyu*BlU4Q-EzRBTP~tl01{
zK9iUR5UE?L@nX$RYxT`aN@lA~kI72j)MTW}OXe{#I1J5!4m-ZY>x~#I%+#1uS<kKo
zlr%-8FKzM7{IGaAfRUH=bEjgeT-(-&5IKa-DcMIn!$~l^wH!C4{czOawL^ApUsX;s
zp%G2#a9&xn<wN$4nU&<b#P%9^C`hRFo{p0q{Z|+y3m<iy8fww6ig$Hwn2NO=OqUUd
z$0)Y#YnD($q^;ViLGbY6n^8o<hlkE*R-iY9StQR2($2M~Q>En{t>+r5oHj=#T!;ax
zj{?Crm)lnoMtI$7Kb_4tM`^mWYNTC~o`|rRGa2Az>ZDxWr~(_=Yc9Cx=`E9o;NXSe
zE%ge%7W0cC!EL#bhT7ZX?_$_}mnYk~TC8+mbf%2qJP&R+--c;l>DO5$*D48|fA=f5
z+hu(Q$s(!gnE<G+_-t*OhEp_lS*modEJq3fd}9}!mRuGEy;eGK6@S9Ed(Req_JQu(
zCp~`HF<xi$8j7teaL|aK(!v@8w)x%b(}SzN4^)z_j^ns@`%2#49z1s~j#M8n;CmQ1
zLWspstg}RoakZ*D^Y}7?HVUQu#*YOuPx}CZ<M{Nt^#lXve6w?M)?8WniP%O)M&_f(
zPqV5oM%F1miGCpcVeQe8D4F7}h!Up^ZaB?F+{{u*8jZ{p%_qc{5iBj^6S~#6IJZjo
zZe8$ud0iNzOZqGs!z^Bw7g84W;Z8T?>Uaa(D&(dsfu+>x$FeVP4D+J9C?jIhUX!$}
z9?p+6latxFx%prCn)t^hB)HYb@bqp@=%82ZQHDGAW4VphIpf(79THnMM_W#nw9T^d
zn4E6x^KgE;hg5x=;ed6c_6;}BuZ2It={Q9)#uFcQ+wZ&`hCiT4hOupYdA&gd#IV#E
z$(K!(QRpLixuN{Bzaik-P_qOd)=lCShe^cQ!(}}$iehvsnOfSEJ1JkxKwC;j)81zV
zVRM9fUO2d2CYuUiEP0(yYfFZcY_d|qj7RhKjgJxrMyE6p_N&kIaF!Oj$$gkIy~v<5
z5w!G{MzV>_c+PZbQ-C3@y-PkNk<)hY{4yvXb{!Y17^Bzf?zY?M_!I*7y)!4?0L!QR
zWRSNdLh)rw)tU26hceV)McS5lgR-)+yN-=pu)b0&GbMY6TATvydJ7N$0dq_ubt=4x
z_HNM&yJu}6+u4#94zV?;x=G<`I#*Pi4AiBT1SW?+f!8_kW4Xta!R0Ps5_unm+{>7o
zxM;Y91?JbzC?W#nW-5x>i)m8JWHTx-H)@pQN<}>8(V(N>-Z$12yt+A?)wstrxII0_
z7k|8@U8}i`h<Jr~2S-BH+!kLo?SDWq9xI4}@elri$LB>0fAojq#Fa~$&nRjsO;+6$
z=yUTFSKG6hOinPk1aK<URz22c+IF8^nRTwWpV(QVo!zl>^B79wyP8{1tcY&EtJF+Y
z<XK%^O=f+fbuo1lZ|%N3QB`_w-9<oF$~W_+&B49ZewkKT!+uj*cW{SdSBi+y!uGa6
zO)V~cv(6Wt&IrjS#DDLlfwp8fKAFCMIUV#g_c3$@IH%8JL-OM9V!EviVa{kSdd$rL
zrSM?lXDD3WrReG@5wDl%*sV5(Khnl2h+K@yvV;VIujh`2W?v8AK9EQ)z4I<}#A}m`
zB&32Pzo#KZ-|`U+L`2lG=NMP`MgU}RKn-5a7CI14Lw{AG%Hwr3P;U&!()GMc`cE3+
zP!8c}n^zBC?35iB-2pmmrsLCxhbwShRa{V8Qm^VX{(5YzaOkJa>E67o0_R>MG1uth
zF|I<2LOGncx2xrobBX#c<^u?xG%<K_xxrIyCb=1p?&i-oiwmD)EPg2h{W}R<W`PVU
z*GwF01N9{YoYB~~gF^{e6HKKdgL(DYf1$uV@ACZKYtfgQ@KwO0^S#+cPII;1airBB
zjm)c(R19Z5=Ct8u$ks*5j4YOB3{<`*ZhJ{yW3Su*w3V!~iUd|H@$Jvq+?Fnncj_iO
zotj<TMr+L9D!P_Gd*^IbFjh%H{QS*oej~X9eLBr-oo#hhniGKsFT8AGAir-qJr797
z(PrmB1jVg&c1?lGNlJX1naK!5Hs<DC)o-#&WpZ=(kL&-!%Of7H_;<wlL5|{yyzygn
zG2TJAdhBk%7kq8lv$b}yX(~C(kJmiNb0ud!4OJ5-1ZO9F`s}g!G;V_Ew1g32r#rno
ze>P{yOmUMuvbNPuzN^C=tM7h+w{61fs&7<sdpsT+p1M;~rFsLJNU17n&`e+gZh=sc
zS057t#5En=k-yTx;jEbYMMCoEbOuLjIWZhkqq*oST}R8?d&IL8(w1OVZ8K|hZZ`mZ
zi6a7JyhlX650}Y1X<)??2cfL3Obq?VZ|`nzR?dwgAG1F512aMvJ@&mWE>mq8IQoGF
z@SR+w>Q>rk>Fh<y7@uGhUb&{At~BX<SzMULG~eVLIuqYU&IP1D+nN}&YI@CMapMZ-
z^nLQzNQT^@NBZdIqj&IAzRmr8cpPacz}~^qN%}YC{__5dae^4=OVcf(Y;p5;3cI6v
z75ihr6u=>?_jm$eV{c|$$$k<yMNFlL(3h)@naieTFRfLsi@AI*djC>-wFn>P=4M@v
z48@DAWh<O%3Me<zIq`T%w`IXrYpB=kl5Wpj+dJ{5uPVJtY0sf#x_nU_C11$om3yUO
z3lH0!Him`cQ|Qv9jo7-nKHv*<fZJd^0lz$ki@ahA@wb9kW6THh8*V3R8sezl3Ofhb
zDxG7pEN#-NEhmL2WS%`uvlINzgkBwr-iC%4;IJp}I5Q4B_S;#Bz~5{^aP(}*6|sM>
z`Ee}y-Fdg(*yp5jcQNLy35KcsiBgTe+(-cyugl|vSOxwOkTyiZ;xUQb$Qlv6Vy>g9
zLeqRntW<m99<OS@@LQd$t>dv+`P?;sDqIZ&%z|cfLu?imQ&}>T8ah7L!lq5rabAeG
z-+e}bHX2ulaawQk_R`?xPK2LIbxl+V305~}qB~9nkkyi&P)_tW$SqXb`;}={jcUC`
zG17;}^H;M$&J`>%XB@;&;a&vsfu8H?fV<6Ji`(Jk?EZ7eTjJK8@4;FFC08f#&;i9Z
zxDA8h{S|YA?hEJCwAisx-8VI7+RQ#`Szwt?5$B;Dl~;NdLX!~2-0rN@bqzf)t}in)
z@$&v>@GOQzyZFyL7ModhT5_-B;9g6E=W6JKpV#rQF}Nkemv3^(Nm*d?`{}~E3GHXM
zC=SQUQsS=2u0Q+<K$APu6-@#bm`gvJ_gMry@MjjWNlnLS<w0o&6tBR0{LMeU_fSRr
z+$!p>GHY*kzS!Y&*`W_4cPR=_u8_Ny;fD3I9l0+4l%861@wxi5p5-U*&*l~ve3-is
z2<}Vsw8PPdhQg|v$IamYEof1wi9iXxrJ8c-+LnJwew#70F4^PXg)5uQ(QRV@laUNd
zm(Eh{?Vx955&Ewu4Q8zLmGPXWAdBC<g7HQqiCB0^qUlH@*($!47m<*~nNMkfODoF|
zp%L8+=-S{^%k+qmAK~XZFZ%R>RHX}Yk&Jtsa>2B}8a1U-BvntF*}8IgS<tuJbiG+N
z2`MtqsH&`msnoIY;<u|O+zZDQ;I3eFc?+)+-!dBpX11luklfYPCVFWmb1MUD#VMlg
z@KqyzYid{vJWx0^qQbu%Tc>S1YPmRSWg_i{qfO*5XuaW~p!)d<I*nZp%SXPIb?qPO
zgj@jP%=ob-8d-jg?+2WP%cI{~R!z$Dt*u_AmEz_sn^)KMjX&DwKjJIEU)iGd97w5E
z<|fIr)Vs9Vp3#wb>%5pDXYp)dqr%elMuv7`wR-AcJ>{&zA7_{A<&iOvnghJ`M<u0_
z2(X=zo`s0H^{S}PGFCNKZbFo2Jf`Pmm&(O)#f8eS$~<>!f;BtF>)el8KgRU5&Bs}G
ztojXO3vDX8nSjj8{fgGK^B*8W)6*uNyi8-sV~OR+mBe|(?yj#upxJ(fyYMwS0h<P+
zfvWi;9dodB1?T=V=<7=L?z&1r8po%4n2aLwr)>t>bvbhC?d^J#p6@|W<gX~d;?EWz
zKA9J$Gaw6~w<IhQ3hB`*q^;;Ws>HuXpR|xCu5m~=VJew;sx@UgSTe59m*Nb$6I>rb
z`^3jf;P8j-6Q=M+#KDI#&<8q?)u6$6pM@8D8W+|b=3+IDme?;xVU=V`V%A0^hno@a
zX#i|k6T#{gvE1rqvfBMCDRxDrubqeTn<t6QJt?`Lm$C#}l)|Bn)vjX=Fw`=vJbhLD
zjS<88-k8?R&iosq^&+?WANfmQsv~6^$$SD{UdOqrX-#>bR%L)^RdiA>mw@ZuuR#t4
zGNJ{S>n@juL_@0gQZOCJ-ySGmlJO}B2c;+IAy!da)P6-13o8RzVvTb#r1+5=`u?Mf
zZ^@j$Qi=lMLk&*RQ?Y58*iER?X`~a}ho2q`>hqheiCSPzk?mfysAYm0ZUd65-AX;%
z?L$4Q+r$g3zU@Hj#s*Wl`VveAQc^Rmw%5vKjBs;%HfrESPuzT~^~4Vv`<vn!7#U~H
zjSj(aW2KEXJ5!=s$5ylhO-XEZ97`=YiS_04EZT`lRm}A9F@F`8uFSo^xLP9lEyyU!
z5bnkzU1>QQJV7__|IxhHM#sWEqL=^3ee|0Z=YmiBja>h{S9l<OwK+hYozH{L^R)5e
z0<)s(d1o~C{%Z>5KVlXHB*Ujawc+M*Y$)Na<Bu9G`tF@{;y>ctt(OnNi+K;f`?Zch
zwA=OW0e0|!%m5NEyx#l4&6R9hu<cx%mq&9n`0A7tYH?x#Y&6Vg(y5VFFVj?Z6pITA
zMQB<6BL3nJ!}<jENfBI<S`?}1QH1T$eowXilEwO^nU#$L*M904p!nGGsqGm%xB21k
z?D~I>`*&IQFAs8(eDAge>F983*}3UvW>Opd8Vmi7zx?g;Qbd^`;;=wGQlG<s*;saN
z=_bRRe<THeS>7+rtTvn=JGXLQhu1IY`JVpjMgOWQf0+p0<WxdbgJa=J0FgMHIN}YA
z&ozH;zh5T!yZIW?J8??D<E-`|?u5)2O4adOj`tT5{MHnHNb{X3F0?x$TF>iJ3mwS7
zh)oEXd(II1&+GeD^<`y0Mb)BbL_t~&xCFei{jXRchzNJ2-rsY;{gj;rQVo?uT}5Y#
z^9p<I|Bv+lg+jv=XsT680PhMl)vi@%KTp!6KlbkbE<qpOAc|msz$hZq(ce-3_gj8H
zoAu#o(6hL!=jg!fyFg50o3MD9-zfKwYaLcX6UU2tjL8&7yhZ%E<-cOyN3@3Luuh|H
z>7fO$aY3LTJr(^?z^{b<o6mooHQPW+%i@PeA<s@ZeW5t9jQu{E^xVhXeiy%L#eeGl
zIO9{)XFp~?cv@5Co2(Ii;8VEdeE$C@IRF;Ol@@x}4=#Mz<72OPGykH}hdflPxysLz
zmh%PjDksH%RBrvYo@AL%Xt2puc>m;!sONb9(!>;FXcY9Om$-(W|4j85s_z7G81AQa
zY;m<TI(l^7v0DG0{E-ZTNTZ0L3+?0Infmv<oCt_SVvS#}3-Mv7u*cs&a7g@1c!jN>
z2rE@QE~)uvO_a5VR+Lp%T-4K{1i**kt?|qHz(N0t^}ii)C8`HVt3)`;e^2)Z*WL@a
zQh(RcBOu0D6{VuLgpJ-kiQ8U1G9Lc-`gvcx&(fj$w)yNgwg0O|6E4SvYitd4m?r%c
zuPg7rFYUZRdJ+fDFYML%=l!etG{_{o3|ysDVcbFZAG61G|I`nj)c>=zj=x2;$ks8q
zB{qex`x!jFMI<~;jkNj%Mesj;g8UGC9Y~^nD=GS&{8?mh#M9y6+X!ud134o-u2>_P
zpmYG{ziuj$MMQ-;%Vf6wXS`n@_g}khob18+A+K@vTpudz1@5X=wNl%~n)Z&BP3wtb
zEjOc9MCzxW=-idcuULs>$jCACoO~7TsoaS@_uxP)xVw))-xEiJ6#XyE`cs8Gf{5Fc
zcUwQ!KM~oi0ZCO!J#+=WJ4SOWHNGv^_7bvNxk^~Sb35!cwW?mv@KCqrR7|yh+QZI=
z!qU3qz;m7zZ9f^Lw=;jRygJfN7U3PM^Osziy@E4_xIfn<=byw`_#xH3CYHy%mxw?w
zJt}(c$}@`W%{sGas;iyq$TY{n#+-HVyfaDy3=OBO@#o&xM^evHI4`b(Ebk=XFU92>
z1)h#JsWJ8r+E}z;8q2u3HCn*~di63bW@3QVF~R!14<THB&uF|dPW0b7^NXZr4WhZS
z#R-T^WA<(+!=>vYxA*!%QS**0YpYIyLOP|-)vP|d&!-c!kHM%g`4rCR7k-!BY4dY#
z7{*__<k|Ke?~7!Fc~S3i7)t9u1^;ig*~5=GC<-*9hllO*L=uD|(>dR21!rn4>EJa-
z3Gf7?^i17=teFG+b)0zfv4Y->k)fUxE=#NVv^0{&yW7A#c<rE$eJ2R5HqqjT(A~u(
zQL5{D`oST*!WRA#9WDknCH?k!GkBMB7HpLWg<7lVDZj9G)RwhL1-Mwy(4>MU)7(ze
z{(7;bRsyaq>Uu_5{<9nY4<3DJqWO-rx>RM9mqo`Gw|#0pZn)1tyXZ2jpRZOr`SJt`
zf3dD{vtZFZ$3eHVBSK1vg^@9qZ|@vpf6*eC&od>lDvrGR{rSZ1$$M|FJYcoeG`u`j
z?!sHL5_Rf+ve7pPB0S}<%`yK;6yFPXJ+Whfl>0k;z=@mSpQdJt6C-g+9xAP9lEixb
z?xS1^r!txM`3qn(z!*fbk92f6)7wd)PuaXLr~`kmMRl+B%treJp7F0^^MJpsQRbTZ
zMi!2>fp*PC!HY5@-*Re>8##z&#FcE|iT>d1G~2S6S!uXX?Hti_8M@=fLe4nV2>jek
z2SeN7-mz{Xg70C)l~wZp=#M`sHe88T<PQx_Vv>-^&Hsc7OHoyoR9fg<2)$cyu3xEz
z7ymEXm6riqd5foOEf@9nT9#RW%{JjW;9ah|a5;iF#;~h(6mm~#d?wAP@wDv{6-r-+
zeLa7;e9Q8U#|)(A*Ng}C(pET>Ch&~Hqx96sEFBHS81EOuc5u1lPBR^l`zI~(Awc3&
zV+$5M8H8Ef`{;r1A<HRQULTipWjcJ?Sg)}5tNDRmb$QuVc#5c2n2gu;{jMWiuGztQ
z`F48*DL8Rshni+^|G6jtuI;$&8j$~aBaz_-Il0YqaN-)}gk|YOl3UbdqxgR}11<Gp
z)cIwRVApo^buiMKnsUdBJiMI70@%z@JFW#Ft)`{nk9KRa7-gru_OO6&pk5qdC4~s$
z+JDyR#=H;c=m`kI+2Bs9VRqUkHq-P0vj4lO!2#|?%9|@}r$n6YWRAkV^7`ACl&s&d
zd>xQ7YINa~TL#`-ohINjr_8q1ThG$+xx~p<n@j@|pu|t`VG&4DsKQxwaEeah184r(
zJ5#Dhf;-do*I=!Ekr&^b!?Jdy#mTlq`z%SF@AZ;wVZ{H(*joTa-F^S#21u!ZNJ}Uw
zDIi^f0@5Je4bt7QiXzfTO1JbbT}vp^DIiOO(%nlh`@8r&&nLb!pa1-47={7e_wK#t
zp7T2Ayk6%5Q4%YWaD91PynXDbEkcgcb!NCt74bgPj%)Y&b?l#yK)lp_FF*2s&FJ5_
zZ$0{rRhEcH)&2WNxKZ@i6URnzV%Czip2|<SRa4nnX{AJ^7_muA%tRfN*<s-=d37^r
zauDJzwdsDjf`@M>uL7#DzBTdxK41n!1*TagH|6L*>_Zv9ZrdC<b84$#dz^+)zuTf^
zW|Di-ypP?p=bU{XgEm?acypc=ohSGHH{xBR2mRu5nS`t0(Ik^K6hoP`%t~+DRrZ^B
zZL_PI_&&XXSmz`IL71=m4WFmIyT-yu0~M(47@|B~DA0wCdlBHbq${_emT`L_@ZWCp
z|3t-TitAQc`aq|8$h>Jy*(=v3DLAzKF3>z1`8eajTkUDWI7g+sui3{WRiGAMpW=hU
zbsDhS$xp+y|J&Jx(-N3u>HioRXDRlt*z<`9a*-CvaDVpf>p!yqs_r}jjJVfW-#k2s
z@s_TfFZO+R`})+6nbUc$Ol#v={%t4kNMjixG=1|FSJ6NhfVq5PrilM!i~UE)0Y3uG
zladMtg>VDVaitm4F<bTV$n`!8lys_yxHY9J;SEw~m%VmU`YH2Q$iN#;uOdFnDGA)I
zS=o=Z=O6XK?kT*ND~3T^RtX-oV>f^Jzq2#r6#}Qgiij*bwm1Vx6%TrkPiA13N92Ng
zHw1wUk0zkS)j$Rd)0jUaIkNoyys>Y2&*;y9>|<fib=ou`kC#=+>@9xnaym7BdFEDD
zDH&f3Dc3DC^~N}WptPo6uiPb`&7h_gK8W+j>}Y}6QL0-L{cp3IAu0&JdNUd-h?8zh
zZ2*DLcEdt}llS9je0Hy&?&jbR3(Y1|;NgDdjrTk@!)gC^WE$_fm3#0xykN6!@%6&$
zP*ZVLudS_PsSaF;ghTgUDVg{G|CkcEUzg4G$3SB%KW3$JDKkaf3}Ikqnv^O_>*Z*X
zq^?6Zzetg-_fxqRSu4SGpGkLaG^{q`MK8l67A+=5&+VT>+9E4c+x!mGz<II1bYqUY
z%BZ97gA<)wruu)VQ2$}Z&pL?6xV_4#a@@UVa`FXX*gB7io(nEy7)ai{jr$Ep<B0ff
zjhQE{`sYMTru-L}Cj25yx33=Vy7jYzi(0i_h)YnsCCzPPc;c@8!7@9y@3!A#PEJ@v
z)-dDM%CmqIT1@-!{}6Wn<N04XB);k}lSbWvH}X}!iXccFgSRb|rnUi&u-^V;P3(qa
zohG8h(7>DSZKcQ7RBxK+G=uF}>8A~76XV<DHO}M$+D++S?|;A8fcrqxCWSPauGXU#
z43EGRZJ02cEzQg0wmlL7fnLV`POQgOI8wiILYO$@|J%!X;M|B0+$RIT_{mcyj3tBl
z32BA-qGIT$n|H|`f-Xv2FipTq1k`}Yx#de(W1|N+5{X^gaQwup2^Bz44gbPY?IW%#
zF@C25=X(gk6R9s;?H$he=bbr>zVbn`m6=xP(sSxJs@FKqZQm(x)s9Y#vpa$cz6DF8
zLJ1bl_8p7;f6_?)`<NE^f@6vx>zQfgigQ;7=nz#YyMcX$+G=Nxw5&&q+~u|$CaY8(
z8rEtnEEP=y-Q?1?-}gwo^|r$88v3$A8edElTMZ5Ew%4r<MT95vTkjvw3jU!~*j%L#
z_9}V*t)%|1$Ga;(Gh^2Jj1KMmz#bRjUhzejC=M{kNT$Alz}8KDI_{03t}eC^UTOX#
zQv%G(FqEW%>D6k20TPTkGUAoJA>Fu-MldX>Vnch96WEQcqsqky;><ohq`5&bo&-L-
zC!_t@|8})y2iRA6-|NjvP<T-Gh0;_rGW&`;-FSQZQFKV4%dOug%vU>WLl1VD?h)?)
zM!p4!7^%G*^W{0Lm`ju4S^AuhxmFF*0i@zUe@vnU`_Ox}59Ck!|91*sKzAcO$mJ7Z
zoZ@YZ6p%ZvTK{1G%b{nc-vbCgA0L{22d+GKiL`6GP5NKnXM7Z=FP+y_E923@yT8uE
zM-V~GO_?br>RX=-G56FpE-(EPWoR8hQs$hKZHx=vlG+;?jsFUGnVMJF09TXZ4>ovv
zn=bPzA8v7$R@t`1upo}*eaIXvu#59ILVET9yvD+t7oXyA1SFC;?OsXC-u$nl@GKNV
zJ0ll6di~FDRbbcx5+FbD<Xk1c7w7D4084-P?r#wCQxLcpAqd7D(`$YvBec{!vH!`P
ze%3_$^(@y=gz?s2kG6gUa&0}lrR@$$LA&hmAeZE8Be(xvt%o2Va==!u-(Kk=<#R{h
zCcFOEAO5yGf=6G^-t%Aovw#%$t`o;q_CeYKq}4mVv9O^F1Et64+3U-HCsQwzfCcwp
zThrdX;b%gGMIZX#CLkPiZ6h`<FiGhTj-!2!Er7RV3XZxkR~*k`;gj2c7a&CGfc*?o
zYl~8G7>)lN!RjpgPbgc4chA_r0#8i+%U>lGuB&A2dte0#2>gs34*xunAOgIVr!0$k
zDc6j~b5oeN{yXw^gBOWm6I}oE+h_jtAoG0A6&C?o7ZpFZkkKaJS=Sfdlkxns6v7$6
zI0vj|349mvQa+sgO#0Vfu6Bw$7JRNgKaOzRKg(nj{Dufr6hVamGpL4$EzUNWxAbp^
z;-Leq3BH-rUl6hvq$n+V_twq-K+kV)DZW9<z6-cepaw7W>>VB0HDMrsQ9^*=I1WlB
zw~mFLnEbs;HW<3K*0H)be|~tzi*eHWg+gHZzfZ0Q%XI{kFtO(gtA4$wiOv34R|7+=
z5hdPjP3oLi<o-!sTMI<V8W<ylP*2GL;NizLoPr;dIeJ>w6D%^xeAcEoc2ms;fEC-@
zDkYzrogL5vv&pi1pf9gF^m=V}W@Vp3qW*gGk^=c($1C~@#NNODs!12@z8X8V!+(2G
z;ZIk)k3BUOAKHDs1<8DBpS;zph+YG{wf$483|f|a8g_O`<3y$(4_lhtwuT?CizIUB
zJ!I8{hWc=h@TB!_u#oh$sSF&-be{a32msZxnt>sW$GFLGqc>jVO{ZAD-EUaDH#Wx0
zb2gif#cHN6P7llh$B!40^>u(QdXtoITeLuE7<Zz|I<_xWPz@0IHIW|4uG0b_rqB^F
zD!g>va34!e(W)Y}o34`};m~IW0`M@8ltx{8l^ItY4?Qr(;WENc{Ifyv7$Dn!YHdxg
zi5fHXt=2pbt=%*E?h)%cD5?b*y?~3^(GA~ergYTk`N#CY`qIP2tltz23oT`R{~*7@
zVPHO56whtHeqS|g-i@)^i~1=TthwSDZ6Tl76W2{NG9h9Q{xe+QZAS!UZ{}N6u5*qw
zH{{zRo!WqRY0eHQh~dhz;7uUj{W6%!J{8gK;x8|eIOcKDK_QGMQQs^o*Maw!eH94b
zNMd0YKj^C*?x_2X5Jzk`Y_#kT2=A!lS<m?&$Ll$qHnH;rTnM|IZ`Eq)rKbodKC3Vq
zuREqiyuQkdTvrC-AFF-oqI7KJkWXL>(RiBY#~-=VFCAorI@5Yw9WNU{(^y0q%MFNe
zutiXUfI-QQhhNgBugo{-)jFhs;?2aiOa220YGbbJ8y1b-xzN$LnTK2kue-}a1b_EO
zLOQ#0L08LO_b~%4HR6ADw0^w#vt(bphPjcSa_+`%TJ|q4;LjzN>ec4v^&8VQaG^3k
z1;5m>F7!LOo^t!0U)_gi_V-q2;I*sAPa6cA#J+6LG`#d(h=eSF6xM1s@Z)0;!dmxj
z7BnG4^Ld2F>)(U^KCGg+io1(Ww=FQ1&UR18{#LHi@?e`cWR}Ef!VKA4E|xg27?509
z51Bh(#1itypjsITP3*zk4VRTP&mPY?MY;3T83Bsy%uQpZ6h6hv{lqErt;uQ*+eFbw
z3SK#A-Mn07^YDqJnZ<OSv#>jK+dnLS1i3NRJ7JYUtUOc|-~B@3G!Ty?PEA>KbijGO
zEo2`)HxpNLia?%6*M$5a_{Senzcn9YGQ62eFZD}CT(Ae>yHYw9TSViS=XNwwZL2i_
z2rhYG*<(_sG!J)n0Gp==j6*RWT%aOaqTqWgdOWQ*AhN+`ZBnw@8BS$3mthd}64?3H
znRg57C>BV@r>qN^N~av){T-B%%d#xu;zma^p5l5Q9pP)-zDJvBp*bPtFEmLnE`JVt
z!PkFs%?02;@n2?JkjUzT=p|cN^}f0Ex0?kMee%p*7r%UFXLNv5w42+waKOU)&&QgA
zL$bm%QwyU)o&P=>+=<Wp3F6{s6O95MLoOC*Oaou2M20ZZInbX6MGzqpC_F9jMGrIi
z6T$4T1(#Zt2DdeqcUbr}4i3m=a5R>{j2(G6o-u!<friT6eK2{Z(2dI|^>BMs&rS8S
zJ&95>MJN*eNrw9In7(Ui+5uQz27rfb2R#wNzH@<t47%us^YawP<`9o!#6GvG3WAeM
z{i+fa(ug|JvqoyFjO{!x6@5wZ;V-=K)c8g>RGH#QMU{eRnxv!qO*t8H3e62Rx@**4
zza)mUrNUTd)+P^li0-Zppl5ZKsL2Vi@13A_(6r~9M7Se-W*xUrThQm;WiOkWn)f;=
zBWeq7(sk_ciFNMN^V<A;*x|I8Sfiw>`bp&S#EcMWd+<mYUU;}OHB~}IDYIqSJ-k%m
zGP+)HToeW?G2O?nT$Z!e$t9qw&JyY>0V%xM*Clr<5uAp<A;C|x8%QY?XhA_VkS4rH
zhg{YdR1wDIn09~eGjAz#ZcT2GZ`ki)%^r|hs5cBaT^fdazRq8rZx8E7TB!CirmS_8
z7vuJf?rBJz^0%Cp7IZawA6N?RG`dFkHXL>c$sg7K)NE=XA(%PWoN+BIt?wLhV8rd&
z3m2Z?c1MZP3p@N3Wx>)Bq&%zGh#hBlVWPgVM&RQqEq*l%ss)8~9In*jgbAaRvVYbM
zAtJ&r4@b3(x@j&6a9frJJ9{HCZmpc9wL5oGIZFIAe^OrgI&XohzrUZ?beCv2SC;7f
zoXdH>77V|+_xSMyy;(>2C++mybvYGHPIG@BV!7S~LBtIm{@3uT8SGZTW{$nnG2`xD
z=w6&KJW$uJ$!eA8cG;i8&!gE3ilUp|9Ktz~1CrkQLu6|RD!ip|AA#Gq{)%uaMt{7)
z4NV>*Gg;5O>vxUa%_#bbl^O&0uVXzh_EcI1(kIQt{*thwcvh_*_)aA048yuI>ijq{
zR!L~WvI&VusQ@F1;KJU&zP?46x-R#T@2}-&^nk%<_DMib5>_K_{PmjkTyqmUEKI&s
z&)}8qlxpw;(^3hz8z|(~IwmglCXlnjYb}aGCg7~OVE<%aXu~(4@H{QAZ|E*M{9e~V
zsX4#s+m8HqnV8XwOfp@7dTEj2TCd~Q$H%2N=e2MrNgNUo-?;>d5(8!R0>sGoVEjb7
zNP%I5#zxO;l6=5$;@TO*UYn>?+25bk85<e-;_o=aMH6uHyW)5@Yi0m~KA$TJf2jE(
zMN6?Y55kY!fk47S3NPH_8HtwGS6)rE7y*HO!EZ#bc2&w8jB3gv&siA>r0nXas9{Xx
z<v9&4V0!nInZPFm*LP|g)W#0?I%xoF-OqFoMH4bGW5hq{-3Sil4DFcr!E(0*78TpO
zTX$jrlc^VsKJ068AL(CCT`8U+Q$hOc(ak~7O{k_&24<{tP5!m~G>_!drcL|lo6D1T
zaMmMr7t(+@8uiE^spEV)?p=!`dM8QTXs+^w7yY@|3tx`Ke}Z$g4n~YYhB<<5eeU&o
zSmtJJ-OnF-u#^^~Ip1Rgc!w70c;^Gxl2r<YAS*@AmW!Ba2pUC*|6VbKP=MkhsF{^1
z<H1>gY>RLKNAA=>V0@(KVf6F6@kST(q#j*Ed|GY$^cq@$F6lZOq=&1P3nGIjCN<8g
z2I(ZzXK8u5qQ%GqfU(RY2*2>K7iOkfT(YuI*kf7{kMUX%J{KIJCSJJ8PeBT8&hZwM
zX*E_sCm?~CBrY45qUB7Zi#;;KMlrC0;|xf5Z6;>0J%?hp<<$9w2SpC5Jg3lD+dP9J
zW*9AWC2v-VpD=-0XrF+W-O<FjT;hZ<0C%}JSF>l@5k<r4IqmHGq8UC8Qfd1Va$=vr
z!p27ZSqR$ybP#e$)o1}ewXDaKJ-=#V-DFEBeNyUQF>ve0bNtv0^u-F_Y=0mo-Xh4@
zO9JV2W*r`|FvGaG-s6kxKAVbax#=H#7=}@ud(4FPz26%@0uHoQNzrqX@hH)w&-Y15
zPgA0EqQs=1Zbyg7EVc;RpFP!iy<GgL_KR7RXa@v7>B<jF2H9&$r0U2!d@))ehB18s
z?{-20uQSJ44Q)Og?k$O?;4*g2+AdHh8=IrCa`qpRB2ALIeEcnY7O72Sy9zo0yHF&3
zQoYPmf~7~ZEBEq>PU^*wKVz4}pfoxUMYT22{dETe!i%8LfIZ8-Gc~mAFU+}q{v}2K
zY2*<wMe~i*Iey68nd2JhwB`C9Z);3y9b17T(IlOTuImx)e|cDMO$C{|oa2E6WQ)Xj
z)3~wyt1-%*apeH}GIT7X%9^ozl*LiuGX#Z@<Mj`dVBm!Mbz##s?1hSBEkx|dbiM1+
zq%ACjIreTjN45mV6$N9>O9o{hPA#hI)=#Xw4;#7IsP$U^^2+jAix?ut>n)-GC`Elk
z?jz?gr&J5nfbsd!`U2fmK_&=urZn#;oMw4^=Vq}j#A?o!1T@=a0GlJI#+NuA$U=`|
zGsXW&zZg|$FqVui_euA6AZVEe_YF(gC@NvZN1-Sg6_~8b<sihNmc&k1HfR#C&vgh3
zGc&)s>g1h5E)PogLCa;l1_k+5<W%Au>n2g}gS1%#5*wzPf+d$6>4@;&l<3h_@RFO_
z2GctB$G~KQuY_oXW@13_uynTJxO=9Bw+Wo*XRoj9QVYD+DalpobL;9s58Nd-V|3?>
zq#PLYue_eRHXQ6yo^nR>(L}nBP41J=Y>rFo9jXAI>(f<N6#&%;t1Y60E9Lh7R^pxH
zLWduQetVciJEsrzq{T0GR7-+hxd-k8YhWfda4SC+E3nAlwnX&f+2FwNt{n&1Kmy(>
z!;0k{40&;S#Lp)NOP&<kqYg6A;bj#{3B?&<ln^0E%g+XNNXzuj?}Spl@Fld%`NjUh
zLDQY<S8U%DhlU|jq4k2Ck|!Clu?r~QO7oD04VLobQQNP!uqK;9B;7>4@0~V*kmLFn
z#oH_Evs(UEKYJRyD=qo>YR+q=*nd0LFD-wxj1<4bs6UwxYw~(EG+WC}MAYMqY;nA7
zM(PyBm*XC<V@i_#N)z&oA?bg<xAOD64WigspIMOF=Q@IOa(;wPKRqB?`m}mZa6Ja^
zpV9?)@|6{ar>l#S=>ymme3yy^^fc$#6_HAZV=b2qj9{YmX_F4*sQkvTMWTUCFT=tT
zqw0>xr0Nf%sLL5>ddSb5WT;hWSQs6`e(k7eF*xQUlK@0?MnKeUmEgcY&KEvA%6kMf
zPmd7#m;2=d@7V4k<L;Lj5y?}@WDoYu1<&QgK$Hr_az37Q2q!`zhj32!=cS1691I7M
z4Gr4`+i)y=>IWn6vAD--ivS6PcqyX}j;`#Tf2>(py6>@6R6xUBYCiK!)U4&?A&q&;
z-d!^GLe>qafpC~E&-q9LlF}T&dyj~XLC=--BcHC!%OjWdDso=jAJEwWAs><+O%*`f
z_>S|RY?x;e80+sc{qjQ6ib-tOEj6TW6Ej{O=8Ja&V86etm6qu@X`P=^2V0q_Xn3Mh
z+=xTOIBtttP;VD<FD>e(>Fq#cL1)i_c)RpkHmdknaW<3#SO3*-ttpRVUd_I)Pjp*b
zgW_lf(5u(f`boXhc+ldpR~XoPvbXcO2E8#O4s_p3t$3VIA*m}m8&(nBxlmKyLf=Jk
z)S9NUF#w|I&u0rw4M|=xAdL;dwdJ32i*?5<y$x--Y`{KV?cPV!ObZ<98^nkoPuF3~
zYg8|bEXAqWP16#~IM)5XMa2L56G_x#w~3VBQQCnO4Z#h^v*?Lq#daI_;4O%9r09{h
zAo>Dt(-Lbe-RPIAcX_0P;V9rXegH{qr|#+c^2Y-(@64gZ$)2&dx(3p+&ByV>_k%$u
zRtxqprwFw9jN;&Y6rr>L;&|C!+H~p#yd=YC{V}=dnT{vx{O8SSI*Je%!a>)NSN)cl
z^+m)-APd>5S63TbPc-x?oaxF&AAwkjCN;^s0KsI+s&r>cSo&GZ$j4@mHD8}u@0Cu!
zxj_F7Qpw|4U)Y^Hnf3)K{MGX+o_onZ(@sEe;_=-Ui}823Y(^QqJUOV2dg1*#&1(*e
zUH+e{NM-=ROAr57;+Bc^IVJdk70^BR=WvH<6wqxiEvG;d34Xk2nx<b!lfha<3v0ET
zAq$p|Un9YL>A~Y{H10H{G>otMZ7%Z7x(SSl>KzO?awVe3Pc+n&jb&0!n7cgU*Vs3+
zIMJbBc-(E&!k8fR!8|>w1t0Cx-v4;istSm}v|(05jdS*M&HWz_VZAr;-%nRCokccq
zokgAbe?HJ%x-wP!9V7IaRh#d6hNq%P6}W|<uKXmb3D@^?|7mHdyp6jel>%TKBs4eq
zCjIc8(Da%$ZAOp$Z1v;JMl-H1uP0S5OB2V#JvSb0DcUVXq{x{MOrL)HvT@PyN+o~<
z4^#{(ZvS1_Q&GnGNh+bUcZK*nwzl^Ysv2yYmXnJ`*TJr{P!xZxSfTdq(vyz%1-Wgb
zkI!(93_jiPjD>;5=@b(E7XErjav@o0F=ku?A?|?Q4Hlo2uhwn8*zYa*yt%#MygB{|
zF04J%bGd27?^WwYEkvWpqFy{TV?4}d<l4`B6ots7_3wF{ubVi=qcCk{@WjGL?g%gC
zMG!Aq*k#PXb3&lLhfxCnh{=Qw6J%IJa{d|+Z*rGcNp62ZSzPRVf?OvqB0dXeV9szI
z5OnDvx0;m9@aOxc{R2H=)Sr$9=e9b#0`6=_VPLqi98@_d*4Z&PdNhi<xWli%(;yd8
zoFU%;X?c27uRCFrY|dvoZEgy~8cFxvww@kCebb%4bsi=2OaYmO8`%ljn&merDe8Q;
z9@8KL*{U9Ed=vn+=?<82AJYucDuMpS7v6Nzlfg8ya`#_OvYK2e<rhO=xK`pUD;vVM
z7Y|32Yq!g0s?q)j$EAT)x~{KNPmNt9{mK+r2K(n~(Z_um8O-?n+g`I+S_%J}n1y_I
z<)qKJ;C)mUSGjTelzAcLlhNmsBg*2${6AkbPSbAyTU`LQ%3r-9ZG7i@m1Vz;D}V0?
zRUZ^`%(lNcCh{S<vXky$ONe@B<GA)v0vWz^P*9Me{yGq<inSgjBEsS?*kbnL7GXwI
z@>}8)R?9ozTMUQz)R2C}C9v7d1Wr9hMMaT0r~%x&0~;g&Z%?<^XkxmAix$EX4t;N+
zl-LqHIcK_xw_#@e!kWz+tOEI7qG$DI<&hK%UdHI=qoYm1gFfF{hV0i_A+TwLHlrgT
z<ScV))8|<#LS;9QPfe?Edu<9!jxS^l%#JsRCTY3MmhE8aEeZx1fZDabFJzYmWZ?|~
zY=@w8dsW*lFv3`m%`7qBsasH5o8mw0oC75(6E>!uim$~)akf5>SOje0>tfn7T1HOa
zPHRHZ`1;k?H06I8`+!bS32olCU%)|%5td^w>Uf58M&Y)qd&-8svGv318iaVX`<~lc
zUgCH_u{s|)zSv201Z17GAt%1~u<=i#tm{rvby=U`j?i&I=vYmabVleMKB_z!i(_%*
zj~pI;MfbyCMTcgp<2#K_H8i2IAv0OjH=#WGE)MMSn7Pi$4QYncbH%Q>(tc0P!1!lR
z^oCBVhlT;V<yh~~i8cBarisW{S<c(ZYGCk?HIP`__DBocZXL~?U(Se-_i~Tje8r-V
z(jP{hFL}rp8+%XLLrC09iP=#|7$nx@`-cg=1_>$1;L~<G+ArLmQ?k4?+rY!N!HL7`
zw^k_J5_edv!xxJc6ucD!5>NSO4u#ErL*CrM+l9}eI9l=E7Z-N|L1Jqd(+*_r!XJyD
z=49i%{R9jJ8SPL*oEM4!*!wrCo&LPwO{1^#uc4hk@vjOZ>z$k2o^hboa0SE{-xDeA
zKI7n-p9Zf<Z{xm(xINoX#<X{FXN^>o2w8OHWP>xQr$NQ!Ez5#yiXag(oWxAm(4!*#
z*Tvk->Mid(J9(7iyoK!tptm*gfoues|6yflN7qJ9f+WO84i^#C{;KoSCeOj~ZzI_2
zltM8&-e{F#M@1q=KO449^cJ~r!B`{6jAtDLRLb@FA8Z_}CC_`y*nhJTv$3H=G@32J
zp|33FCqq0ohwF3PHlrQ+3=_NTG8oD`6s}k=)e4b}xWZhzEp$m|P0rT#e5rLm;aXW$
zppB?mqR$|o7&L3;$*C5}!fd<WslsP;LhxKrjhbNL@6ORrtQ$y06>4ttkJT*dS@JVS
z7aK<C3N8Uu*gba|e^6zWX&1K}cR*BVk+N)svnEeZ*9>Pp#~KVO)}<(xH&VP5cN)c2
z2}&{c0a}{Ul!e#jFRM!$SP=sKV1Pu1<@CE-cPk#HbvQ-D-?~j^Y__x>__9=E!xlJE
zN~V%_R%RpLt!e~?fncF~E=Lb<Ue8p7+1`9R;@%7&#nJ*tW%PyxiAy;jBL-<CG(<aa
zf2(%xA?gfS=?tIoU0Xkif}m0erGr1bS8e&a!b!9>-OoBH3Yopi?Le)v@E(>3F|_*h
z9M~Ods^f0)+VL_#E)~!ocPPjp;VVs<U!=+tlr6S(TN)PA!?xL?szbhxjzM-VoIj%U
zQKsdrFqsz5AW-hp*=|9L`A+GOtwJwd2P05B5gl<O<1Wb;J1H$Y$8)~Qm!P~b!Tk;2
z-M`fJX9QkA@40$<%3o=`xGJ^7^j;%Alnu~y{t9dBSXY%%q?t#OaL?HzX4Y@=il515
zunQrT4Y?2BsOw+;4o>nYCGV$<V$~a&i!St984|mItgH)ZJQpi8URAz~NbUBLKBy%Y
zQAQA@eh7O7lSxho8eSH}+`9DXo14-f1C+B#s=o<hc4mzQkVtU8yxdpHy`8W(2CQ*P
zb}8xfd>5wm%3m57eIS=%U7wQc{^Cw}@$TGNzTF^-k{(nmnZWdckNvPUs?uSVxbWo3
zkGwnDr;}1e3fZ@L9?1upMYxx=?%t=ny<v%`SgO1HGGkWMq7ujK=$*4I6?-AEi;@yv
zlBiX)9XD4IueC7z4wZS(YT<~b&z4lNQKGk!3boc#=>`u@Y;ye1iYIL<(B6E>xxd<s
zZ+)aQn{j$V#~g!-!s^lIEg50Bu-fT;UwQH5OuyBv;O@fwbenbqD`)a8)%JUFD9G;l
z1_LWIfTnaFW2G&n>jR^Khq<vzCD51BbMpU~S}~praj#nzEN~oX(byB!z2VLn28mc%
zb4M#v=AH|Ty6j0nm}~9}ZwQJhrjb_(I2`KS{1AM4u#)n*MXP>ZBa(mCD<_=HIkW#5
z&rbvQ7WZ`H)9r&)LDxsyMbV{Pz3%0u!ryrVw4da)@=|jYUIr8r1dM8E-3s0^u)V#`
z3dNoo6X>Sk)KOCmGi8tMnXV3S?-ot;n)8L|?KzE-bwDo6y3(qRR00-1$=Ek;C)dq*
zEhsMgQ<}j4q*6u!rwnxJ!KQAfoht(w{vK7;ff-`{4G{|^r;*l*C>h@?REak1?D1Uq
zVa7%cRS?;E$J+Z3N&M}Z1nmS;7WLU+IkG|wr$<h;DHOFTBVLp8IEB}i<htgV?1+^@
zVtzk`X*NzJkpeI3PEx2R^;R$16Z!!;e5c}@dWvCupg$(e%sX&IyQPIcEBLAP>cg4$
zFp_VD^x|RWA`GV+ou-8g^8Yq32Zg0&;b@Q=MD2t8NJ^@({2MR3QS<b9dhQp`r#8>u
z_Wfg5enkp5o|m{xs9-KVe21k+A|=(aR89C7_2*yXGF0f^o-s3T<X)bQwNPkP!zWG)
z-Dg4hGU_oikcVdRk(77bcab$<S&Ql*eKjQAUI*0ZQrdx<$5>EXCY^5^Z?UL>-cz0V
zF0MD!9<A!BaJjD4a%eSLeDGJU?ph8FBuOaT_gMI0mB*27ng_WY(N4#wFgHV_J4?SF
za~IiBWs^9CfT`CVCkUxIP)4|4tan=JjK??KhCQ}OdSa@HJ?C@~%BX+!$}yklWF}%_
z^A!N@Ugp<GmJhNO(SL<P;riUdR{8~IeiBx{Lgd1$+-qyTB$Kr3GRD{2qSjvl)m4L!
z4<|LW9OLKt4&)iALok9_^wrQ4Gi07=RZUhmy7}}R;bnh3?dn;=sGv~mjMz%nrJi;h
ziKt06OYU<$INm}BGHNzMjLW_1xc@&~4<oa14467wV@rqp%;)s$8BiAI!5P+x*MP9p
zidePkOUpyGy@8yxbM!#Ol4>bm6N~q?KG{d<zpB!w1WH#}-WOq)q|`DgCNq!f_}iYo
z?jC$Zt}J_bR<3Q+QYgX$p}9oL6%BSp$nuYXS;0C(yKQ~NYg7?BL!LQb_)M?B7+)F-
z(cEr!`ux7G88hjJ@n8Ew>%x*()Sy2=iVORvmPCD7nabrp`s!XA^>&gD{OBJyvc~A$
za10vWU}A1&zN{7@Q1u~H@!=fyRV(?38}lPBGH5oAv56?p^9Bw<Of<h$tG*>aJf(le
zu0pnX@7QHUDFZ#dTX8<)I<U&sYT<tO^!odt%;o-+UISe{=E@~*c-wMYxw=+~HucIK
z)1@=!Lbf=jkNBw;?Ne_}OiXg$%hZ2WKl=_6TpU8gIKv4TlthO^E$H&z=lJqx<{FD*
z^<C8IlUrllEX%wt)-!-wq@z~rU{IbQ#*Oaf?0uoX39F(mpQy2)dIgFwOZ~@lgAA8%
zx@GGtmQPfvggu^^%6H3c1-q0ENZp}qhK>ph6!}j8KX-9qy}#JK-+M3MJbmGb{dn1|
z=`*c5p|fj+j9jeD2c$wvZ97_ZP7<RP7I?h+skYz>n6>ILQ|~*}B3)&zkvq@1@E3b#
z7ued0z7ExE^G3LC+}85Fv3}ybP?&lW6K-H%`<n24$2t|~#Wye;sKC5?T>I$k;LBi>
z>&jh1v|VoL_HcwS+;t_lbI@aH`mp|8`wl*u+POlDgOvtV*7>~JdD&aV-Wl^c!L>hM
zFUc|b0>os=;Rn+iU(~^Pte!auC%+}DbZ^aO`T=*Vwy@5b5<`*59mkhijR(7_0~cw<
z%fF5Wa^L$%^DN**j(xk~2FgAK+U2Is3GNFWcfj14v|VcC^Hd>UOd&j;^q9lTGb@~p
z)BA&MhXuJERq4I6O-S;>%NntfDaz;ZoyXxt9+A+!2$QJNCYN;it?r>lpEO>grU4<?
zJgw_#;mE`L0mtc5vDw!H;&`m?g0a(LsPj3&P=dL3r}=>P&|4}bCIv36hczW5!j|1J
zN#j&}OnQ5X$eQkWEe;sFDRWr+S4qKoC5(f>YuInV*E3xD=vSB)(*2rgTT`CV&f)^l
z$ckq*BysUw`JL6(VnrDN$(-%h22b1$v7qaYn!CfL;!FykpHcEVs65xzpP;%Qmcu5J
zzi1AEmQ@h1$J|q|T>{fuUAzANz1Y*G>+$+vOv1N?^0I~iREEv#g)@+~$&+etzVZjM
z`=`dw>^2`6Qg(h>YO|%_Wr22m(IeXkbOH01q!d;YE#^jT-?y*y)sbY_y+wlpNLxn>
zA-nrqWe>OA=UctA!Gi;7aO`hLUcpu{fT}>R7D|#+-#VJsVg%+*Cm5COnzm#di(+D7
z>XhisFo$WAY^FT*mM7NJW**D{*TkNqx(n3EwT_@2Wu6f``kTlF7puBSB9-&QHC8sx
z^w{rH3mv~PuYiSVr*E&vm0k5ac6qM;m|bo$pn*)k1C>vy38R&bp87S{4Wk<qtckJW
zXC_g>HaQU4Y?#*Q0`3jkYk$6?_pv{t{9^V!)^%8w?gUmm>S^8o%w=YwU0P7^@@zFH
z>SK$miY%Hk=J|%xM=H_6!AF+ByafK3ms7CS)5`Q;Znr>ho@Bd?755l^xwx@WtThB0
zH|=;u<t9FCEOyhYY<*sG!{-|r3?=!mMEX;cngoA-wj6wkZ1Fpd*|j;!LdH<d0{ar$
zyeQyq=GxqvG8DuwJ~B@T$#Ewo%`SsEdNep6kfe!vK2%cUgxyvzdg0s?_n7ZutVzbX
zTj%BSj?W4F-NK{hicok7{;wUakNb-QQl71?Ylle?Bui8mtAtL6$`PK|A=N7(>>f)c
zrZnufw1JIsN(Jf#6Z7{cgcg<phu8l)X>ad8r)9wFx$O<;bn3;L_IR_1z={g78jp7+
zLe;ioN{uEDC^G~KF_u_bMY%f9m&Vyw1~U@3OEemds-a*<)TU}^?x6|$ot?DlH9{~6
zB3IllPH=RqZSuekK*bZBcBzC2-Ky7*=ZX1wrz1gWC{66#E)Ek<%e&ZpH#1);Eru%y
zc`(mObRr_S{UjfZYySX-OFTNb09c-3{-!KrgD0B$4i)$NyEI~UKbycn+x_0)!?lrK
zZUYrd`3u=t#@<8*0geNJ+us-e(%!Ie=;M4)wwl6eBxWXJ@QVj`%lv2aCQeTy3>c<t
zR(kLWXw$u38}2-J2`bLPkG83|G#W2ZUz4?_>TNOF<VbD#h>e4z`n_l4e5aPHkz$i*
zFAEC?=ul4-eM!~?uWD(nkN6SEnxhA!@l6{G<2{|895rVJ+<y#qBKCWx#Ji9TsYqpU
zzmq5A_nt-cYt78?&TR~)i1Ck2_~2w$eB>H%ZmzKCWt=^0W?Eo!4R=z4rlyG1UNS^C
zxd{Hwp*iv@;2RLZFJg!OZL`;IJbw3PVvy;vnP)n@Cyti+VD8j=fAJH6U^+CX&9IPy
z&yGID@A7n|%4G>R$J<YG%8Rs#Mex8AD%`}9gv7AAR?(wgs;kjBe$Ju+Gc?eCXBk%w
zTDJK&v5xer!+nb@pDa9<-GM<8%F?^zc`EsXi>-1IZF9U&9T9y#-FJ5ue5I*80@TUp
z$c~QeVX49H@gYs_2P@N|OT7fX#=<U#7*f&`h|9*dV{CAJRjz*PD;;IKB){zosT5Q0
z+JpW5?0pL}GYuLcm+<WDY~*%#`U+VO*SvU*$`KI<Oow&_1JA-Lim~Zhf~dGfH|aB-
zgZtU3LDX2;%MT?vGjeuqNmsYy(abYxtdjbX&K~AfH~($Cd3Zgbg~|}ASBz%^OxIz_
zd-cb|$!7nQ@Lsj-7dS;)ux5f>TiNSD`0Rxk7U>(6gVH0h%3|F*4L(SgQr)J|qcE@R
zMp6<@L$BYMJuwVnC02>E4;JEyIvtZAvT0PB4?IE>qyw-_(1hp~Qbw5o_sURGK2?m|
zpn>aI$}ir)#3cYuOk<uuNJqr{?N6bkrT&Ei_W~}RRDEzm8Nmm998Uw{!T{7Q?pyq0
zl>&%7d8<)%Lk&BN=6ctaNUzJ9P;I>|^&<7hj}=(Bk~Z8Wl6H_QiQ*@_)PhHzh!UOl
zl<DiQ3YHV^Ha0EjhPyyyWVd?LGyD8cOPxu!1Sdk5>=Ldl*@b)Wdr4*=N+#kgT)T0x
zE#U?r0uXYP9*5w62zpOoq*hnpD;@C0G%Emf=G_ig2`3UDW#gx);{$p<kCZ0&4U#>_
z?{`d0nhly&GAWX0;OmY%MFT--(aAECcTJYk^=Gwj@lt=UzkD{Dp&_=z8%T+_%^(*S
zhi23$Q2F*bk>?IC>BiY~(U8a9&K97ZwUg`TfeRF5!;Uv6Dtp)6HxT#G=Xp$(D_;gn
zAvoqR{frSpe210IgUqN9kv|a-1i?2}L{H97+bTVmPK)JnK)*LmH>?fu{?zrw)}*^R
z7v!!*v2MIuR)0bw<yF{!0Q~ZX5=_og^xNL#%^NpzHMm=DJAlg;))ina)RYO#V#lLJ
zuz}X_eEO!AOC8Aw7!-QtkM%|A{1wGfhdF*Y2BlgC6Sk8ZF#fn&(35%EEFQW;u7RR5
zKyumX%uh|#g6Q9?!5E34Jb59z*BZchrmW30cVDw7@?J~k0JKD~T&wK_V?I^TukbY?
zWPXP%GEIQJ1?KuR;MG`pX5V9h*WVV%dgg&%yUq0Uo#GEOZmXQ&<DHn=CzmgGV&8F}
z$A8)9Y?0UTbJgLiX@Gm4lThg%(9N_s1yX+q9)1`6g1n8iZjG+BJ#mn{M0bG%<Jq;V
zuU8~*<2aak>^-V~g0l4~AMKnTUJu)w!>y^ovWi7MA5$(45fOzp+3xt<K$pvl)1YYH
zmu-*O3ptsT(xrB@o(Fe{8`tmWB^m<y7@Tqo_*^zNQ?qu<oFCu0EnCV|TXp@WOi0bx
z8vTJJ;}+9~n5FlDfDKh=6ip&cK>QC!Q7niT>f&HR^4XNBss`M{elM#4_V8>yUUj}y
zJ5q5vQ=$a#7qD+#?T4;Y>7u^4T(I=L`FFGE>H12y?P<a9uZ&1f4n1o2ZHyu@EVhr4
zV{=`k<N}VU#-ye7)tmH#-@Az=l8pGsSmyIdNjW3O<u{?BMu=bdvk2?9kDny3mD;F2
zpx3t=B;u&j;D&pS&dqA1g*EwXxS;ydu8eevlk!AoiB!vuA;2(-T9ie9q#d{SXj#l-
zldRm=&NqY|bt=z4!%kbv>+5jk)%1-L>8Oj+cn06ugt7k199RCB<ALY$1giot$4l=N
zv!%O~d~r~H!VXK#kmq$}C*6puP49efSNV+}Cymo}^J&3}^L=ym+lNKw2%-lqalM=t
z2P>gNIpVRi<8D=Fc>SBmuqH@*q8rIHU)B{21)pDQpl|j8H2qUE<E0(1X`7P}yQ$BH
z^#z@+7e@-eBM`c>$BpiZ=A4lo?Qavr8CaM)mg)~^c1pcSHNT|Z9S>1!oz(v59}=zY
z$6-+PKD@dQS~ZbZlh3fUKl$iGMcJzlnRW}gkFu$UDc`l^!fPFWAf$}c-g1u?{v3f#
zzP4^zZA;K_+iElPY4G;lANU-S5Vb9-!|gM%^M>LdJboQRL__6ruQTKQ*Ob_koBAL@
zm}dYpiIpFA@kVdi)fcd<ePMIon$!q=dl8&2$99dwu<>PGRDe<g>oR_*{Zs&L@kHKJ
zyrEQqS;7{3>oj0-EaJ~9<ZUi9t<x+AFZDarO^2dpOmvuPs!+e);paNF2iBwm#*oxh
zkW{YwwEi}a!?c%)wT?FKFTj<lvi?*Y6+i7=38MGPS05A`?OdI+TBxd>RJUd{P!d%-
zkgUw!cBFn$`fd=!2gSo}_>PXY^nnk!uuiekYOtcrc$8EHWL7>qO=#6D$)MX~lA9mW
zX0m6R{bfW}$~F6IFf6EL>aQ)hu5hwTwjVfOwBhXC+V?XdoY81_w&Kz7wevVKW>U+q
z#cDGEl@m4Don==a$^V`AaX^dqE@}>a$;2KLufgUR*wR=>%hsgx0AXgoQ6j)7+_Kfr
z)#T^rXC7ZlHg0(Y9W-Nw4YX^fxleo#o_8IfEO$7nQ(EaUy1z?$3-MU&db~ktt?gJk
zfPiLgUskwI=I8^mz77s5w;crpm8{fU#<WdM$v0p7jyPnQY4T0Hyq7>p#H6S$<qWkP
zP@Jp1+^IHnNWkL!F|qP+z*6Ne7!1Du`gE0H?RE9%W=iE@NF+HAq#WN|8c5TNv2ZlK
z(1{hL0Id{RPSuO!r@oYGhS>pV6o0bND7Qi+kD)`K&&uy09rRXzI@FGV#Hrs)x{^1+
z@Qd%T9O#o@DqH~GZCBO_4|$7zzu$zfR-RmZfk&FqFeN1f@oPu>XmcV**_H=ZsdDE;
z_=c4z!y1YTr$?k_g2(mg750FIG{K#<tNhO|2{}&^zSxWwQF6*19849e$(SVhs+qbh
zlWT}<8O%InKG279m)9D49OzegsqT@B7njio&<0tI^2w3qRgCU$37ZskE%W;F(d_L!
z=P(@`XDNr<*7)5e&G1xC$5m~ocCWV1x-BtrL@s*Ykz(<7iQLk9lT<$bc1|*kFE3wy
zF)LN4X{`_GH0iu-`GCkRpw5PLP^x|Z<VQdJQ`OQ>_sMEY!uS&H_#>FkOV5E#<)?TS
zHP?RebB2;~K4e!`$`E6i8z@H}#cokCI#`#RwioEv?|Wcbj6pghsp88=H~Azn|4RNs
zX@3<4R=|Iit9)~oJjJ)VL{GF_p2-I=yN&tbkSDU2o<_a8{MF_hkN-fxcx*DE6V$>)
z_ONQ>qDA)bQr_>^EccbCfv0kahoex(b8VbV0<i)E+;|?OoQ4Wj2Wm7m+RXOTCyG`H
zziarQF7BPJ+J~k3^`RH2c~`kE?>(RK)>LuI-JO&i*Q2&3cx!BFP)5L+^&0AJ#u$K#
z!WYNGh(vl3>C=7UMLaUAfz*V}G=tdUmE}zl9D5MNqklLLQU4vAp3$yhd(E%J=1%$V
z_s6}$u(&K4D^z3J<1ev?i3)wAlZpIDswzGj7VhWwmnGrYp|<Q5N-U<AG`dTe1Pmur
z1&w+V)vGN!x?MgNlJl^AUud&FEO=&R(xDbJD=sE6v6&>8{C$+i#ZvLY;2ZeYKh{T!
z*`IVAhwDDAabDn%n9yM4OR%|b(YMN88sZK{^t>|X&~H@Gf*Fi~$2K>57dT~gnv8|x
zelp?g1|cyE`!|kaULfZFP+qUrsC|W@y)JVY@i)ndf$|s9ozcqOaz6{cUt2$)CyL`;
zSm4LLYtZ<-k}vIEwu_zBo<E^`v0h9MNqEFgd){ySZ0pU2g(}m5*9}Z<=A49WQ={rI
zL(x6y0r);1iKqv4RId?ZWlEq?A{y{EIo#cgFpw*??@#QrPVRMHyO3$~F_*{mxE_M>
zPrjPVD<Qa)rn0Wh)m+8}iM+7rn3{L2%xj$)13c!1+ilrXhig2!^2eaiha*3azfdJ{
z9h)BWx{Of_ef!1doBwReHH=h-H-k(AF>=!$kEK+W4Ju!Dre~f6{dyqiLT32oK4E}_
z|JEdLm6J)yxv>V+C~eQ>dutLoOs;{6dgghQSWC}=RR{jPRdPk7yBjYkv2>cj^w@Q)
zqWALS`I&j~_1=S~-wxmRdxd-mt&PElILNp-f&`J;B%VscoNB51VyiY=o0+2OvX@Zl
z34ecff}r>ByHu1n#?aQP1N;LbInF}Xn1Jwh&;Metv!YG&wuP@9(#1DDSKlI=okuC5
zG>k_)G^&Kf|Gib|jnjjkIb=?!vK*eJM(3CUInOKOwU~<4{rKWmiqmvMcKx}z#Ow+d
zbFTVlmwtzXZ@(8Y>%i=?9?)It-EWM(xCo1mer6GvX}6+1e7cxD95Ffc3jtI8vFQx%
z+rgy}_F!uQR}WQmYUw?HJvgB~w>%oQoQ-cw8o$J<1<k!govQ(=SAlh>*x^JYv72A}
z*nJ|0S$rXMc7@*a%iy-z6apJcHa5q}su0V8)ZahkWUH0Kiz@>wlEZ?Q3f1y|DE)5c
zV5j$3`-Y%kQOpqQf6Sj!B>E@a`z4D(%j`RBojY6o3y;#(suyv%=^?82MWGGiST1aL
zIV{N#*#cq|mUZcX1>AEdVXsC5{Lkn(jQR5z`p08|^?%{RtM6Y4ultEPzv%RL9~>=}
zA#b-zVNc=vxKq#G{<$rg*L9igu+MdH<lRT?$to`B8%xXdH*c=3@g;v(2Nza;ihLl*
z(ioa1|3hWZyWV84qyo<{KGh&xxRIs&vvmj217G`6?edsIdSVh1j_)$%wtMdx^)jBH
z1YN64k4a4ve`xiklhv?_Sv#PnmOqNss%`e<MCX7wn>(1&6wikwE=?BTnSt=%P(J7r
z*{<XZ6s{`uZ^7Mxv?oGT`x#PWrcyVVgFzvLqZO7W3>nHEIFk<P*57sp_uLFFlBzt_
zR3S;ICWtFl-Wl>gyJ%lqi~67f#^I_zd~&3CBT}l<sL}asYn52HVkfYVzj$5-dGnxK
zq;>-C3G3StXEa^d!pSQ&ipUJs8tmfc5x;eZLZRAbv|=J2)7;k9!l8@gYm*PMYJ#a8
z&mO1e0cEt>*&(?dG|GRc5<lRmJ!4X>B>=USWR=cUBN%WY@c4`pv+J)K-XkFA#-!53
zHDtLutX_aQlQo<tPkFNpi!#!p_mS({8<^%I7Ep7oK0r!-H%9jEKDVsmR|Kh`Y}2hi
ztbeLh*KQ0Dd|e^3VrB?P!6jx@`z9ImUTdJ(ZSjYM$#pMrRi^H^$2{@Gzcu%li5)DZ
zx)R=D9Wkt*koEE4<h~z#NG0S(a4XF5<(rFafv}#J=`wF3#CsFG1G%wx+R&Gtkq$w#
z31Q|BlQ1njZ2b>U9-ETRAH{Gmx>70=#>Mw;w6{vuKVgg8qMBQ9$@rRIU^5c=bK}(X
zumi7pZFML|GILAniU1f9c$Aut>@-6q@iWI}Bx`c8_15<TK3f5pNm6wfRr=I@p{2@q
zXvOXL#3%|&`B`L8*KE_dwl-rWE7p-w3%He~fi`gHfKn8U^B0Q8VKd{}2bBCZz{aX(
zcI}L)&b$CEM(kU$OX?R1@=4ql1%^#$>iJ4k<Z6ng4+|0b%kofGjHSg#QQi{QFs3E0
z1y%?bm@3%bIBD%j{&;Y_X;=ypVD%hn#jqCmAtCTh;->soo1?dIFk-@<$(=l6svkEt
z{2Sh0yFT~`ILB^R>P^$5LS5z9T2JX(4qER0>s!<1@!NQ$RWA!O-Y`M#nkZLqKCCtQ
zE<LQlm(fvX^4xk1YEXzaezkg+s$I6(YYo?+-lu<iprqa0VO2J;qD<z?uT0D+_PF-5
zn10E6^+G1*G?i`T2jZ5b1*M@(a#*jz%X&n;_urSUzhLdvsi)TPD<v)$-tc5y$>*^e
zP!asipQ@();{F{y_c*1^^RNM`aV4a#d%g)QkuF2VIRT$WOrbrDG@s^JKf$5=7<Tqn
z@;J#gi3^-=7R{2+sfiG$%o7}<4m?lt#BlETBwkxSVs?rRpOjt!zUQEJR{*jdc!Jm2
znw9yv<h&w`jF2F?RO@I*CO(efpIHFtU~mtR#SmXJrA%POY^@ed`F)xGAhVE@af=(i
z!+nvS-AV12EB>Tx+AlkTEyI@Wr)q{lN2D}`2+I|+-`yiE*m=Jz`kQ<mHbe>ge2KZT
ztV_^oH*<VUj@&Ala{s}mZ$=PWzusj8NEBZ8CX`m0eD^VXpqKRC$@ie2Kj^bzf?OQ4
zL_k15hZB(IWbN)cg@%XccE_3-sXSqkV$3=pJAZ_Kb#%5FuYvgx@43W?zLN4m#j!SL
zlhNDrwOfKUgE#j)vCvJfo8!))5m358WQ;-J^yy7ThWIGV$SAVH_n1S-Z8bWKE?fAY
z-0vE8UGO!rjJn`ro}7vT{UUYp9){_j3Mpq(#u~5Y$J0aUBHs5+T}%U!yX7J}D%<S0
z@xUM(TLKaPv-|Elvom!v9S7LpCg{i;7r3#?H6@E%OAMrBkJ)0rf8QCNa3#&%wzM6s
zX)||NkqzXAS$%Ty-s03Z?4>_SwhP?<`t3V2_^gM$!wdihBgQe?4}e5Hf33eZx$Co2
zM#KXWWib8QRnz|yOY=VTL9XWB^r1`rMVzp$w2=Q62m7>ZWW}t&^Ik?|*4Fvmp>XFM
z<|;`u8{Jau_^yTLW8djs_y6v#;#vH%2{G>XYp7nS#o+vi-unf4q3*N$>n(xtxvZ*A
z{F>I?Y%!-_wBO?&jv=?Em<AGgE|yF;5a7xlvV--R2%tS&Sqr9F#(C==rn=0$0Lo7e
z@CpA~IXkM6dRHcQR#;=r@tosxP^>Ix*5bd2T3zgpef;8JX|B>rdCx-q=IDD+LS|)i
zZTJ)w6{Xri?g0}8*>87n>4ym)U1hc+AnlH{?E4HQr96G_LMh;s`B6fpbJa1;MB=ox
zmO}4-%0x^1wYop0Y<{9QnVXhh$qes-z4s#ccNF|nE)fX=Tj|v!YfMG^OX#{XNgTNT
zl_}zvS7Hgo?{q0~_}UMoff<JKBV%QSWnQ1qOnpPLv5t>u5or~uM)6%<hhg>f9G>io
zd$IN3D;UD8J0tBYVDNy|z=~2qIjM|%AuguJ{t8cL`hLl?j%a;h4)wqJtpW9o7jJbr
z-5t@sH(OaY+34+>GXoHtb>HWqj;7MvoqZ$i<3vnKWSaHU%~F7FHtV~iQ}?5W_paU#
zpsmx;#_SxN(2+>GSzY<7G^RSU&le<>y6tejnnr4Hw|bhGzwTWNc4k*mz0*lKJL_}}
z?KP*{5_%z0z^Oaf7utQ$lf<;BJg=?Bk9&JnS%YIgQ}H0x2`|1n971=1EaczF5Uf^A
zELb6WCjY)WH$vpU#)>kOk0DxvQ17>$aUGyU$K#@wPi0KGIfvCSEPBa$uA5qHUK1ua
zFywh)K<`1%B0Lq@sZer1BeU<o4bqGeKalo`(LqH1;n?>rC4Z+a$%cC0h#4PW;xo#}
z(;cJNHrXnalDOjqYSQH%ygS|f{rnM05WhyzVXhN8RbE53b`nhD&2o0+1Qs=&uWaPA
zUB41;a<nxg|L#^NZl4{ysQdcU9x&}jb<nvu>VY5|TPRP6z#Cq+7p9S?{2(AtAaqrh
zB|YZ)19{;6pgB{^^`)oGcwqax_bk9Trehc^Tf`d_7q1QUEfXj^g_%{e=`nBJk|SNU
zxd2&L7|_K@5E2qzNwj)QwT@sN?Zj7W6$6O2OSzfhg1bR?(*J2x{?)F$c3t@)h#%=L
z_q4J8O6Xn@s03C71#yS<EU{`v%7$W&r_hO&3pD%qE;Q(F196~eCBL`TOXaL%YL&z1
z=VbUOk{A4!hH1YT6z?ZgSls9(LrF(IkP!CVe!4BFR&L6$e++q$F_!&mI#tL$G?GS~
zBg_}M&S1LM-tl-LP%U36G;{m=3y~)6v1z**5#z7V@U+G^HGhv8K|Z0jP-P@>f&+UM
z7V;LZHMf>ez5xwhE{jHyiVq>bUS4Kq&{M}*5$`Eb&9V9Mt9)u5D2^1d`_wel9=icy
z#K1=>KlG(Pp?D@`IjsXbvk}}w5w{f#<c~*z1|&1MoZ=gGC>h{u-Qk{=s<NAi0qq~a
z7oT*Q)Nt4|Oqt_&6%yn`(uQ2@xkNfgV_mJB=hbO-XeG<Q0Vr1l>tBtIzkW!Uyq2LX
zvP55Y_fL3!n@bB0B<EejmqDnommB8k{1ccKhVMm(#tj9JojqNoRXi;35PCWc7b^Cy
zo{1;i$ma21={p@JP^tF^J>b=gQ&$oLCZ+q?u1THQl~Q?iI^g1%GP_G9lEKehBV}<G
zV*}t~nui`arA)T`Q&%D8;dAOvQN&bHV|8Xp50wF@QL_R~z&PSHx7q(=>?@$6-nzF9
zP!ScC5~U2JLAqPIhHj7;I;5oq0civVknZlz0i_wb8x*8Vy5T$HRo{Ex*Z*DLT6)*$
z6_`2aclO!)+0XOr<69J($)2?at2*TY`hCjMVAy2_v)T9qq&-{8jH?>1FhsNNR4JOl
zAgFJH`kwtsBL<P0>iZiNBN{cfOe<_9hJ8ASShf->UA}6`n1et^r7E_kWHrTZx=DX!
zkoWJtO^ikPK!=I~<-Gb|>q001lAKn2RGce+)rKf2qx?~E>esJR6W6~@F7hb;zP)<S
zgMM>Hm2;t(#p`ZcdkBZ=7;%W(OJU(Ki>h(?G9%J~r^3^4$;Xc(d(+&QG12^$8QRDB
z9U45hN-gJv{F8Dgl;!;%X+X}GGmgA#R#!&~20-Fej!-xo-P^XG>0(mnweI|Ct~i@x
zoRg1+4Rh!OC0pzr0`^pIVi&WJkdXeVa+xEtFgjf!|It=HKE8&AqZ3vSdjEDRiX8be
zV}*xwI;qtp<%xtW=DC(VQABR1GL;iSwg+a^WUD3&ja_(rDhW@MPAW!knE$9@x<EZt
zgZIKa5(S((LX_Y6+FvjJaO!9Z(!7d^-Umq1rU!1}^F=*gN-p*Y#n-Xo?UvXTjaevt
ztVU2BP7|Z*H!#v$(z?9VKekIuHMq=O{;*hW0X({o6m}LbUhXXRuxzk3(qxNA1eC4K
zpX90(%i3vabt9VAs}jl}`1kMg1IKEaE~<P!zRykh*=%E&ki9!-V7|kY=nm_!$v~?e
z>|!o>2DHz~Em7vjN(=_T_>sW;p=^beuZ_YF4jfOR3Wm~<a?Kb#^DW?xX`RW`Y_D(<
zTtEQSq$s?^bZEd5Od|S02jOLBZQbBoKxF^VfE|qt*i4o`tA-D;D6o!I!6&A9T5sQ1
z)ee7NO16^qZ?6rSjOy?ENV5sKc5l^wKRpaq=IYd_s-%?x=k#xX?;8KIF9c(a$+Ef@
zgpl3i)!TvlCkLCjSFGITrWIRMYw^KVvkv6<)z+GoFMR0r+K6l7c<h7NZPs3y+)ypn
zBQIilkpX5X$kx~qjhSZL%tM_A=^q{)%paRl2sC1t9~AGg6fAGnUnow^<pxe!0+_Zj
zvm)}V!$Rj#L!JkH&1bvtn7t_FR!Dg~a^G98&m*7uFTk=9HpPdntBSm?hF`w^k>LI3
zJbX|``F`}Qs!jK=4Bq`4@pom&`B71aNzvV4ONTrGZJDTn{q=|~mp$eUL}X`}*KzFy
zj-*O$ytC%n$KnN=FT3*h8lE_8j=Uq=Hvia{@hyjeO#Ixh1s-2zKYuAsbxM-9xNRg;
z=G`?6LjGm1%C6<4*Ku8z!73tU;h=jfG$2Sd3-X_i70@(-ggv*wleDFr1gR-rBP-R~
zmTHxDIE8}Yw>BA}gsayvAQ!G@0ZwXoCVWT1Jm+^K8p8t9LC8tDiB0j~KsX3LX&TPM
zw855AunyWIgMjqo?<mXyCYYxl?>%}Td4GUE>iW=#zPFmQNAVs$+Ejg!r5^Hd5Tk)R
zUFu5P#|EFITUh^DoWC&MFXSjvahx0E;-A@({}}xGWCorQli&)7-J{C}*Mt0?ZSMAc
zBRIUJU}8Q&QVLHBqB@DqCphm&9uG<Eyp7>{Q7h=Q8iO`R3K_GS510kmN84ee+ZmJ%
zgXPu1h%J!CkE^1Gfd?l=Hcbp~kLRM6*Dp=Ty=`}s=WV<zyJGL+HqXWByXVrbRCiX*
z6u7zhqBNvRUTn<IlhhQVZh$uaQpJp`oIo$240)|?gl=<-#eU9|NihU9l@OP~8w;lF
zk;F$V7X4s0f!?hJ0NYm&@kcG%hR2j8a)QC@UqhX+G0dJR?OWXPxP`oSp8=;igy<za
zIbKK$!*8Vf=W<vgk(J4iSA2ghlsWM$v!qVB)VYiB0%f+A+dFB8k4s>=Vnb@<6@=x}
zU*Iv3MhCc8$(}DH*@jytJeIpdv4y}wz;-M<=MGWkaWylA0Y*TtF0}Is<O=;z#?~FU
z3kU4<^fXf_Fj~IywYDxzxqdt#Nag``EtyGwDq5M@Ns^`8<}}wa@Q?^(1~ig%U|fV}
zUi9?oQ?Ih^8{;Jg!F{cY&%rvK+`^-W84u?g*;E9jP1XvcJJ#==2%UlU`qEC1!2l5G
zKvh6ZYy<`t1Nsq7%562i5~k7`YM93S{#Gm365tmy4#TC_jE)1Ax8t?$egT*7{H4Ro
z$csbtC2)?p@7}`r-%rfnSL{O*3e0PJ_KTPN=*&A^GEzF+lYw~(3ET18DYrDI_a_XQ
zF3eT=FU(Z(!<F@I>DXq6jRfR_q#+A3<K<@Jfsg8;m38I#WBUX(&4gUXC9L6E&UEij
z&(5e37E{$EdGE)d<?+nslf1x^q}ShcA?_aR>eZ{wjxCUMiKqa&x(int)a%zD9ca1i
zF=124w^bVO#h@ycn|4RiCN!Uq(O1c3C|8Vb;J_UC@?XzIUg19ahN-I+t4+BMU{IB&
z4CWd)e|O8P$d7A|tO~o{(*15S|HZfZ=YOAJUdDk9_+EIt6TAhjzts2z8wX)`=b1)2
zmHd}1@7*Sbf-xg)mD3)Kl;!;~%m}aGjojvM1165LV-;>8W!*OrlZBEo7@nDvqpu&G
z87{F#E-e|30|!tWe;2t*?{cX%#b^y(T(U2$%)4I&-W$%Q`pWi}5jGxA<AJ^2-I$75
z8Fraoa@|`|Aip_N@1_+|v;;EWnKvVLfV&pWYWZY+<|24463e4FXR_{WpW|tH*_FH4
z*n&jPz21XtQB(B~F_e&3q6l#4frWX{FZ{|&|Lem1@kjSm(nKm4E-D%yTVkd<Z?z4-
zj(3O2$@>r*=}QV`M|9Axs8-h$VJ40YHwlae^Hw7RafzUy8)-K;Ek2mVVZ*8{+3tx~
z0T85#&esJrvfTEbQc(pU8-Cy>NCs2DGj(D{fJcPb$nctnYK53S%NW(L)#NwOh#Olo
z$teVO9fR2lCMhcwwyTEGJ|U)Y;M71l^<CD{acNSCT;FgiA$uj@pUbC-DQxfUl|7i9
zK65Hns+`fReM1Lmj-8n$cH~@OcpS2tm(i-Sg5C=|Dk|Ft$I0;Y&=Ld>*V8TG#<+dJ
zVe))?F?v>RymXUg`lNNLM$YJQ^lDKmsl)^6TEg(oHLbn>%I<##%YWXsKmU?=8SMcM
zLKXs+i&UDJ07?c4pkP_2dO2Tv=fo6mBuFPYg=%~hGps5E<S|6GI?ZAYwq*$c_Rinh
z?g3T;Omkg6zWLkse1~|)*maC2g0-_;QYz0lm@54P=?%K6ymmMpwh@(sfMb;b@WHTR
zeLKrHk<~Q~)Zmhk&yppvG}p9Q=rlS8qtMLqo5Kz)tUr^XfL#Y}O=KBSDJ??(l_dQA
zv-Cf3Z}r%|Vw4mcbbx^lZI$Me*uA>aw<b95OczS?1~>hFnO5;5Ifunv!Uizf;z4i7
z$Id{pI(C6_uCnTwzUz2DAEoa$;1T0G^DN~4)3f!fE_xySr6}=~;pjRR-8J_PldFQ0
z5|@c+A5I++019vS{pyJ6$l`D0BAP1JA0q9A{O^3tIOuz)rlhChtWzu~Jc&e8!7tvM
ze*vmE5x*IHe-Bc>UZWAe!V`$n&_sU(RVL$j{*lB5tIT0th28m>>a6Obv{0%XD`b67
ze|3)Ph*GvGZ@|V;QhN4dyU5P~_~9Y)9=)C6!}asW{xdfGdN1l%#2}jZwI6Ptpx&TX
zVTV6gCToR4W$qJT^I_=rhgDQm2v()U=<K!1dIxZ0Z7&l0v<LAf-T86#5;xxidHrnA
zE%a-@R_ISBG~))0R!OQH{SFRI!I?iKpi);9&!brGu=mEV-0v+&3tOyzeegd<@T{=6
z#Sl%bU4|o6tne5;N+|Ho+^H?1{JCAPfnyTF{Ieh5zdS3v#A9dx-MDzl7ln(;$2Jyx
z4gKfab%%i>#0tSinTz%7E&b`F+~?;-LjbqQyT*p-KZ+Ibj$a`$TGTtg_V&+<oc;I{
z9Za{$4KdHuD!qV$KCgV|5bf7@_yQc!5K_GSnE&?ViMXRELl&^`OW%&p+Xl3iWZvS7
z$|6Q$AU}Sw3W9eb_whd~`lq)qi+>q#C%`e#01Qg<jb}x#e*Q!eA!K~L$DRJK+sJai
zupAN;M}dY4rKP1sgf_pYhaz6$(d#AJ@OKGa`Sk>dJaGT`@qu4ZP`Z!LjcR+^Sip|E
z&-~Uu?=e};jk{C-wm+W)(3WrzqHEji1V_imvctLDgnrjLetu_nnE02Csn^vmC*`A;
zgiBt#c_gm6wtT$&ZyOf+?vff=tIq`vD(y3#izoE1^aYK1bg;3TY)bi)Ffa=5+bF{V
z2sOyZz@3rr%jb7DsvUN&73~$*V4^_nF<XFT*{^N--xnV^QEu_EEg5X1lRcy)tKsl2
zF0i<x{G7DML09qTw-h2CmSr1UuklV?vupbJr%m}C%tF21S~<X#mC10WZlXhjqGDMr
z&h^Hqp8sTzyO)Z5884$W56%KVlbTy)l;P*r|KW7=suF(!6Ti2#UiV&E-i{t+S23M5
z10yR8dic1xePUv92x->t{aCk83^zRAzaNO>*eC;hnl(IwK!rbizh6(;TV5SZ2oAzO
z6g<ajq$T0>_kX<y-u}Bjetu8NW$g^Wwn$Y!c=WH^68x4>U`(qC644$<2SdjqdzPCx
zcH<%1udg8{ztPmx)H~mSJH?KT0<D;B{_?N;U<$Ij;((+zTw-U9nz4D?&mLZ3W+g_p
zvkxpY`<AKl8W@^h%CJ9v@$<Z--o6q^qw#uG2t1M4wAX%MH~+`kbJu&Chyq2A9Klzp
za&AVL%RG8aM%txP;^WNm{3*08DuI5!O_~iIyXYh9?lxPs+YY_pRJ8<KKiAtzQ@-mg
z$anqW7#W9M4EzXwpVmJtF)x7DeiZp`_a2k9f*FsZd^{lwUq(MxJk=!=*uA>F*Di)Z
zua|s%Y)5VkcP5>xt_r`~YIC2Oz1W-^daFhZFXicy;-QA$*7kF)f?Xfm^$++I$g@Ta
zMaJmjZuFerGK4?HXz9nFa1d+X*jWuPAE6fB%c<0@7%7D8!=C!N5wP%E44`v8@1L4r
zF<dOJf*tr$$QO50ZrKm2#!gm8o5xQ}OT&jEY8mvC152(!;_=x^aoYY80Ho@H$RfAB
ztiArP8|aKI;jjgwn)ReWAlj6;&&i-hCcKE2_^H~WH%j0F5~vj2J3z7x>CT<DS#V@s
zXSEK~$(<$H;Txfe_xGFMN{X?6YSfXnTI#f}Lm`uNli=Ki&f&eL4T8VQZhai|@18$0
z2}*jcy^e%9lnOM<WD+U`jR}&Hl1lA2r<({k@r310ipxB|e}7R8{HTBis9TW<F)4!7
zg-APr;%2<cI>WX|Z8PD`EE=#239~jGE&QBk&BpQO)hl9P4WSEIw&-~(B@sw}T2rM`
z@n_(JW1>Ct{z*yy6&?Sv_U?>Ayj8WDSfvnEvc`Gan=Y3cJPonKGj71A^NIFc0Duxr
z_pT^R0C%%DS2Dvh6JM=~_O{IrT1KaNDVp0|N!<~G3<a&gv;dZ#5b1?Zp}3SzFr$nN
zSOwX|yc81buPRwwI^4oU!eG@_^L|t1`SO{zv8<LJphdBXfDjHTt#|Y#(*P(CRQ#!^
z=&p8yw`_eyK1Er}3`_x_(Q$tz%{=Vec#?oqwoHn5>?+`dk+jEdN%n(QNVaNOw&^~A
zRr`Ps;M}Um@k>yYu!Xqmu>K#X>Bl07JVhZyNALinLoyw*j6v)ANSdeExf34ODqI6S
z^n+8dDHVH1i*$idM>9<A*x2O8I-8UDLJn@1Aki=l#m=9&3JyC@5U1bW<;d<o$<?TF
zjazVKi3}p-S{WQgGfEu}!9j&KFAuiMF`n%7_~w<$Ic2MqJcl1l*I32mC>2ED6o^(C
z?A5X{EXHy0LpGuYJ*=)jCR2*+*umnfQYlH_MNk&yAA+7FKWKd0T}zNN3q5goZ5%?_
zd&8snI{uZ2|GgRh_BZ4oKv=(xK9BY0&2gxO!;x&@uuGPSf>!ojWm&}{CUB+IK+h{u
zlnmSJ(CKG#{fLGzIt@x?Xp#?zI3!CBJo{&MT4cI2CyKf2h{Tk2JLVD-iBqb;Mf26F
z;>CPVLc-{o`GPP`&)2VC8Qso3UfN&I9S%`Ng__i9YEFlm@xJ9z$XAc5g~Lfs0EX2E
zpb3Lm0pl)CAeI{h?)Fu1Afxn(pw$XVRa5AR*{d2=eW|C11)A+`is2IocAM{<0N<Fa
zKVG4Pal2d_2WWe;Bc;g3;%Bq#QEgWRAX0jX5B|yq|Bu_P|Hfq#bm%m54P5BfJl6iD
z$u5n6c+<%sM=q^^={HH`rB^mcCfB5*8AUgq8TL4+x^Xf`SiYk_$}*a7D2|<wh@$sG
zL{N*1UyO>$v7C!vP@RPqPoIvEUlCKTd9(EdXt|p7iEv;u4vS_KvZ+3~2Dn{Uuiq&i
z8#YZ+6*k6(5p3nDABnE?7F~5f4~d%F0|YP&KOdhL{`7*o;^voSxGaLYN!a)tf&HTt
zVfz_prL~1G8#Bs$Q>t&#@5}iQFNoLgBJaX?xU$+8Prz&~*<kKu2wV2|6{n_++?l-C
zgzi{2fq6uD*aVutPqKDSP`|H>TVK`Hi7d^W4aT)St8Y7G-P>Oq-)Ftqn%$j?@93xA
z|2)JalkWdMjz8qCwi%%OW8J+=+<N<t=1b7@FJlAc65CQ%hB2bt^ea9#f#gWOCbnXr
znlGxZnrNN?8UmP=PyyO{ywyUdD0p0-1&vi34LoOe;~o}MBYJmm-Y-tup6qh6KUNyA
z|2a;OQp!}rsACp}YF&QwU}q-<pUruBe|^Gc`<v);P!*t*$`|Pfj=6!4vAxoXQC4v1
z*#RC_89;md_5r|SVRYent<q#laUGy7z6^fL!yTC@WRg=0efC3pMgcu~K75fvxsX^P
zOIBqt^221+nful2z9;NrwfO*$4ymsvng`6S6K%$+yBmEhX5;vawPR(L0AXw!Vc`Is
zD}?ruO1<5Bb?4@ISw|saWKm*idatg0yF1=LuWnc!h^%NU6*EH9#AE^WjU3eKfSD)&
zy4BW)I&b%Oa2`H9somNP2LoXoH^AE!tvEb&isEu&-r{d?VYm8L=wn~!yD<$nF*y=a
z;qMOQ03xe;14lL<O0=)q`wlOdLt5zX0!_QSZq2`5T_PYamm)m}#SI<o><XC%d$}|y
zp-At~JbU!Kq2P(an<Fzet-RT)<$0?ka{J)`o8xf})yhSDDBRLJLUKi5;(#C-Z%#<Y
z(5q#zRP`Q3NbCFj_rkr=jgdwMZIWXbU!qZA%ME-P!|`{u^X%4D2g}XWjy`BqzIOM%
zh4;|l4vq#ef+avi(hieUOuzN|3a+kxmKo<9+>Tn+>wrC<tB|8O^yZ_&TxKTOF_=K!
z)L18i-M$LEGzHhkU7qcLvBv2n;t|S&JCXqT`&P|b|7J@^74CT3AaM6|r)NOTg6TOC
z5mAZ+RJnBSthlX<{4t%`P#xe5&fM!<@n^C+K3eqJJ=v`9s6E#9&gq^X(TYUpJ5wRY
z%Aq@Q1Rb{H?T!MUF>oyg0faeSNlrrIR?(x4&6jJYYQA|n;HEO#sZDA2M*$ZQY>v`@
z6+B6O9klhPCS)q*R`V39)izmz@F=+2tygm`W7b7|3bj;QhYsND@U}Xxoz8mNvfFRq
zcg1l;^7GF+qQ5yms-AUl>R8ypIpMfVA!tk}=Qh1t<#x8Gq{A1Xg;FSme{htMuz-oa
zTQ1Ar6WH3jIPBK5yY0FCVuy1S%&;bZml&%k_3-3pRq*F~yNTpKP!oQvAhfbpO1;~h
zND>!jCaFkq%sJ%CCc3PfysUpsOEs#FUN9swFWts)y$7~+dO5~+*b5DN7$ER3fe~AH
zL?j@ll|9H83S1dXmwYs<oCC<@+qT+S(InzHh%nM%A9%E8#KqYGO>z0Q!s@HYp2>Jj
zwHq^FI<VC|f+Ux=q=O!Z)$L@R<=!Tn^7IadMsL3tO^SOP>wTD(bJ1lci|I*aA~n11
zY87=Ty3x6p&R2!zkYQAAmpf_>;83H?mz(i?Xm}R91scO@$|^DQ+14_v7`JbSOYGbf
zS0#xrA)((4IY8`n!g<}VfSO6DibVf>K2qy`LQK4Jr|H0gOA3L1i;@?KBarpXM{RwK
z1!2m#(j3qn^6xGrgcx*Mzn*1n0nYV#qb#PQ#2rWP$Ka2yj<&Np(Ue!Ost@fTR>3ik
z*84nL>^MAj-xUGN!f9kQgd_loopx!_Uag>z&_m0zy+z4{m>$2pfFr@%u9`%gZ+M;a
zR}O+l_JP=E)(4^A9mtZ{lXnrnJdZXX(!2Qiir&Lo_r%z17zAqnR@S<|Bz~n#CeDXP
zQ-FEdX#3VZ(C*J!Id?{*h~s!FIr%1nKmYxN#!`|kI{94HnceE1pXW^zaL91XlXBV~
z3k5tN*O1BC0%wtGj;iESneD0~xqcRV`K;-1Zq{qtHF47_gn1lj=O<@3pJ6q!Gqbac
zRYqwVXlEgY8w+Z;>7i|3NSdc)Qn*t9#@l{gotTEM(emYqt~5k{%dE-gtL%6EudpfY
zk{cPaa7S9ul##qe7u5k&s%0ghv1av*Z08|x*QCgEj?&nic1bPFX<_V8SZvTe+dG)q
zJ)7K|@3=(u-5$#_W=x|<jOsy&AT@fU`iy+6QrAN!J*FDgcsA<@V~T=WeK$9^s2R8u
zi_7^Dt`JvEnfX*UHWW8MkBwTRIzTaB-Dr^G5yQyZbfE8=UMw3fhX%E$g1PngFOQGE
zz9&k}>^Lw*>sFj_&UcPa5e|MnCFTGqA=|k}4s$bMRkITEvx}voVHIoK7Q+UJ*$dDx
zdI@^cAp(UTXTb2yWtw>O(YQl{gh0i{j+`;;fggv`DxNrrvog4(=W2yy2bzbKD!0oT
z!LJ(ePuWH%<{K(9+7CF0{%4Q}*Bbc8I0y8Wm;Z~F(D<Ncm2+3^E|l{mc*+s}B&lJX
zW3yHg_&G-kbjGkqx3tecqM2itqEdHdTNIBPaVzW{7V`-(tum&DWZS-W3Tn*uuQm<<
zerAzKb)7>_MIS1)#**yWp|LbDA3l^c9xY5VMM|fmnL1<{=ly^aPk1!5*^`Oy!A)2&
zwsPw^mKoTVy~Emv4|jEn)Jc>oSJX|>#@EC^c&_Ql8olrQ<rAN!&UyDoIt^7!wE}-#
z#R|hd_5FF=tIs8)b0bXEJ0fYN@gK1RCv!cndWI{>luj%-+N3G*EafQrGQ%<;dY2VO
zPa87!RTV?OfB*XQ7P`sMQX|HMEO51+r$(<stW?XS2<-yVXxp~i`O$m8M#`#wFal^5
z8r51#s6V909*q8nViJn$N7<flR+;}2b2_C*lEU7rmLT;+F%bpedfZ;t-Tb%f@m2gM
zUA`lOZ45G<TPS>Eydm`Tpsmoo_H28@jJ?7ITkvd^FmlAAw$Eq!%~Qp@YM}QDyoJSR
zas=Mr=?B`}+4UK>OGS^MYDT+DJ$kh&L9`sEqpwqZ?;nnu(W-G%uIhqFS2(ox{cB_D
z-a`Gwxi}!=hYtNXMUGld9#){~mI>lyf2d7^r*G4iiCG%p4T`gLt7o7)myfSNjkQ8#
zLTu)aZ>RWaJSpigvfIp47bvN0SNyd0T;<2su-@4QNpprbQ@-_r^JCPRxz^wTP*Me0
zh2t?9rv~&n9c@F&S#zw)&GR+k)d5AECc~yj9&fV;3gAv|V(#wl#XdbTJ#k?__9-%q
z^)RWsnGZ7s!M;%5Jrr?bx6wuydT~&H(M|`<>`7-`TdNH>`_mYT_L$XZq~kfgKp|t?
znPLFO9=~d;8BSnvF*ga(+AQ$j0yKumEm+lb_|M}4?l6dn9nx`NU>p1Y>$JS$i;^?F
z1+{aaHic;?nGzaW?dsjzca5KwPcsr87!aPpNHKA8&6sGl4};{y5(=Z44CAEkUo)Jl
z4#&D$6`%KXY=|xc5XWWOLrHuEWv0T*atB>uWHS8K<@!0jns9D9<3aXZFY%PmDV@DZ
z0%XL*yf=r}9!7`J7%uaVq|j{ZNJ9u24T(X?C((j^zB@4Oi0kjX$qgqjv@udiM|Z{v
zG@Z<J8OtmttA73U3Q`>+6{~|hFQW)MAf?8!-tLNJOAu$7E!R1-;;Okyt6o_cV2vaS
z(S(ZTbsXa>z^j=}h9#;g7Ed<oPNXW|Oh3<wy?1vAUq6Ao?3$XAEe-z80dTx5kA489
zYS|p$V|6X<R>1WSyz?YQ&Fx}qF`@L;`4tte*IzCz>&MO!0p@20@;wr5)rOaE)h=6a
zjuySEJ3oHp@4Dixp|wMJ)Qmc{tx3mZZGJp?ycwk#4<R&$BZbdqs&)Jjsg8_b_`Bb5
z+W)?I>+l~q{y|GnA%wYyQPipU<J!)Pfa>~#=Von+@6FRXBEB4LYTQinUv*1ga<aca
zsf1?IeG{?vB&wOdyikvCtvha%4Ty0BK(oo#(RJFsH7G7%-<TjMm!@iqG-3CN9cEWV
zC%D8y&TRR_ajOG93%0~3asrMSB94P4j>j$D`wl_6eNmhJ%AhZhyHa#?-as5|&SU@t
zQ8l2QzZ`T0O1I<ap%et%&ZEik7V2MDZsC@AY>!&%k{1*{FnH|T_94k~IPWIwwLL(6
zrnCUoA$%PXXHRyzZ}{Y|X><V<Zaj-Yf|CorL8W3Q#NBcCP}yz(b>7nBk=l4`Yo7I@
z)DuOANpR(#fU6=A029NJ`XLF-X4$14Jhm%Xfp`px!&O#)Ei&B7h3=QW{QrBI=R3l~
z;@-XU>M*%@(&TRI6-ci`79$*8$~EAnm7%>JEqhH{l+|fK6roxV-%@<bK&ef4bXvVh
zCUm1zUzXpi3?xEwb<Rg^;|;P^#rh-N1{Wn*Qf7JnsLMsVt#}H?1XR^l5~@yFZams(
z8rjdh-oN)htmo2WFhHSp^4JEpqM48+ejCZAhV_w(1h|nGldUwx!BS*bK%%L5rRhu^
z!BDP>T(^TnWo-Pb#`#i8^|-G(ijecQ5*hhKUU$}rj^RsM4)ahQN~n}S4s|k<$uOe!
zKOrWbMQw35F(%i_JBRD?9$iHa<Eu}XYUGL@bm_kC2Qg$L@DWQt2G6OXeSk`dzAR`@
zd$zt!dD61?Y;0reRH^ASn7TXfdXX(yV4z3vCF$Y<B*Cu%Du1Yhe_zDJW%ocqTtrjg
zk65=9QB)?&_z>284^s#}Z6YEUkxQDO#GRg7h0Y4!Cesc%o#{8ia=D1_BVCjeXs0wV
z?Nm+qF7te4n6A3ax>C@R-?OYGa3&R`Hi+{Kshc^iMMa9i>b-#13>bb`NJ(I|eQ;T4
z=|{5oM`b}V73MM)*Yh*N+cMGJsSw4i9m^nQr+A^io9!H~bzpD=bXX``jjKLxZ!C<`
zr2Gvb=bIZExDCa5sp>q|aWvn@jB_HhT$WcA_E6Druq=JAx3MDV=;(IA9Kzlp0uF_;
z+Uka(_)D46uM{DQt2&W=Q`NR3?@QY*Hr+OT-!$}e&<Ek=<`#m6|Buk(@1;D&%8r|p
zZfPF(6{H0l6BQU-TTPfvIIDnP<<C$~@qqKqUBFpC!Kgk*Mv;jM>6S@Fmt7N3as&DU
zU$IDVLf*${HW2M^AlTPaI{?taKK$`FLjHTv|Mo%_^RfnHAH!#e=#3iyUE9ccDsiP`
z?rHB9iZEsOuN9#i8btJ%=Qnoa7aFdJKo-15hFhwM6ysvChmjgPltLQVQ{g+HaTBo>
zrqU}bT2X$sl2c%`C?&2fUzQ`Ebw7^NLH1@(c0hqKL9BtcEf|*`TP6aiUzp~_93to&
zAnogK@-0$~tYya02h6cC8+2U_2vAr8wNFV8qHdpx+hoYmkNfnyK%<p9?xCLWb)LaG
zQ#8b+B(A!dib2hf6{Z~l^w|6<VR}2J;4-~-SpXG;bLWOA;S}Lt2mFX`p(+}(i{n+R
z<Gm5BK=yD;=%(>4r;)?%W=$R%d+@aL0n~C|zC`FYTP>G4zCo-mnUjM<`(O4d8w=O(
z;A1V?`*M^S?QnDLbTSmzcaI?NPrHo7+yW)@OFUqbDeN{@+aD16zXj`OZ{OaB0fYC;
zy_`ixZ|=BdPYycpv2E|$-c(@}H1&eVPDm}+mdJHSzatYUzm(#R$9DwYZP+jzoVD<|
zwW*p&{jO-UfOb5)>s{uK1Lz}Dk+fP7z<<OUI`q96_Ynk4_3)h|C1QQe>(`$xh34#h
z0Z`U^tyse+fS{^TS-ByFZ~sy5_4g;LHO#{<^fNv2T>kX>og#p<Q%vhWOu_V5_4Ih8
z1zMfBwy30BO{hQe$uzCj`N&EeUMplvg7Zmbcb>I_V);q}1+tJRCMDacLlzQVj)YIi
z$UXv2x52H&o4^h!k*>1sBQ~r9M*ei_?T!PIC##Bx=dhO|ijHP9;xB;jXH)5R=#@hh
zvj99Ho4R-cxDvgSRWmshb1R7HK)yA-Sq@x|DZL^F^>s9aH1|=eGu^u>5p}p@c)D}~
z->K<RmT)j(!<4N<iU_h+uX4|eBxY>^K*ZO%xu?`gtpRvXbv(5`%>9V>zSLwKJDd-A
z`(I!4uzJYtZ2GSifjaU3G+xOU7O4>u3Tg*P%8yju(ecL2atqJudihZEx23`o?@Uv`
z_xadXt?)VszYfM?p@|^z9ISQNey~%h%xS%l%lhO2%i*^$X`l$AFJ1?6)UeSzuqmR6
zswILPQv?XElEGMr4#%Lh4mw)}*((Xv29{P}(4Wn06WYyNRFZ&Tmh|?mvi2$9*)iHI
zz4+;x@%0da6ux=b^d&cYj%p0w4Xe_`g&k>D$m)*_DCMgssWt2|7lhAImO#3SlHf#f
zfi&MOf4gSPIIdFb^u>qeDR=8vjbmP#e;Mow_N>aOKokB<t$W8|$D!zTEEpg`-UON-
zlB%{P5FVp`JwV>TVhQ)vlKKcb0(u=Ak@oB3BvG4FHPXN>V?64YTZTsNW~mi}c~0<o
zE_>q;aOu!p?V(6GNDqubsSuD)6}flBAzN)@<WI5$3}GsaOAUH7k7{@D3h#E&w5Uid
zl!Cb<$LA*w*;%#GT;S?y0zx?#LMrCaYZidt@mZiX;@^70#P@C#{&1YQ3}}$dN>CX*
z4|+LKK5_~;t^<#ZzZe&RNgv)!e^35t=!Vw$h(3b}-O;dC3Yj#VtvC;We+#^-kJYeC
z9<3hj;EGVb%0sj*+-tCoq=`#=p^r7*Rw%*=X!rh>uut}2st5Tj#n-WF4mIkF-2rEE
z-W6MgZ26>pf^od$0?k&MYWuZOK4AV|N(BfzMPAtSxaDRimxuB-CSIH59T?CZ_NR3K
zZVyx?7v0&B1E4Fk!XESoj~MhB=Q|>$?|hCJF?G)iRmtB+;bo%H(zpk+1^~`1)Ski9
z)kQtrfG+A_r-Rl~Llt<7yhB8~nfi9PjM_5Scqq27O)I!Lfn;@mC9h+T0fad~VbCZo
z;jpls9=6`vLCn_Nk67<=S=hw`MD9vk`?+}PGlR~LqAV8Ej0jfU{Yj)BQx$jCFEfZ3
zMP%`|(ylx6Z^he}hkx+}RNlyWC9XXj(OY(*gkywTOu82@IGf%xwRmjcN+=*>-#9Bj
zaX(D=$tGkva<QX)*kc<86frdx`>b<?Z#xw`sDz5db;~^_fj%bIZWt9`7ui*jCEEoQ
zsLVR+lRN8UHSfWg5@CO<I+@j1N~2&hh(B<a3@QDfc-w)C>ciRLoHPzjZgzYD$Z}Fa
zS^(oGsKHuja#F5$<pO$s@sS~QeR0Tw6%Nblu#1%HsH2mUIQk+eukX#+vw;)oXFQnM
z-6aC99QSub##*>E>WPm9yvNPjH$DLzk$lymE5Ug?OHhqL-2o0dA0Os&m5V$gs85=8
zB<f`H8-O|;IaAtSjtA&?C_sr(Dgxjqkyu9@=P0(CYf6emlRknn<@yGe%E4uM7@y2r
z*wQUPTM*hFDyTT-=WeFIdCXb94XXShl}Ik<L&%L!Mfg=xi=ZP1;LY8lOZmqwq>05j
zdlA$#>7gXzcda2vAfErNmN4qgZ=^vCW?U6zZ&v5S`N{{hK2^G1)ajiAYmrRtIrXmC
zm^zCyhyISP?Jub8C!9@V5)Uarzt{WDgm2#Vg~8BWy0N1RlLCzz8cyuBWI)eFlSak<
zc5x8L<uvRoBMY2qMB*0xH2$yF^hZ*_C&lNuj{@C!8CGV%UM&>0)c!oqGc$JNtC&<L
zfds!<v7s)|7YXg7K>aV@KT223%Xn$}B~~YjibgX;%f>oD*FX+T-)f(kNid(elLm%5
zD>up8F$#f1ryck`ROZ)FXy|houbReL!8`elfV3fQeIddQspd~s-kq;dJ47gcLt~@W
z#8CUVBYw#g-hH-CB0X6HFJqVM9&P~X$5R~dBL^t%7HH&_O$@0*G>i3oOIh_z7Qn!x
z-m#KJl#?^N6E&quNAux1l3{pBkAO~Bq-=|O;#yr8g<N{Bb5h$353ghUmq<V0%t5Xd
z@U?P(En+527AOg2fh5{zB&#0;YjS{BJ@IT<ZKBn_{fJrO)aiS0wiJWX`NdLc_a}|_
zU5}}`&q^!sUFTW?k(O2Vl3rj;)}PU;`%!PrlWs+h_}*g4dS8Q!BSus!|BhMX4KHpj
zx}5Jg?O0%zv*TxFzq$kEH`dRd?{HgjW1A2-nJj)!osMYjX>G7g5xSiQC2Q3zm!hh^
zjYqHSmj>c`+WFaaWtPueH=dzgR`ak5l?V{!1nM5>0lol$4O3e$O?7y1V>;dZ@&N<<
z`Pu%Z50k!H{Mx~|fWz}ayoyGrC__3y^G*4ZApB%EshA&su~e^J=NPzyLAlG$GUYPv
zDCDV1*1g?XuZWm_@LVGH<MRj4TBDASj{G5bMUUlWcXq<@P3cH~kwX5KF@b!lGUmUz
zI6Y{QBOA{*y|);IJo|ftquWBRyVQ7?znM=BVB3*7?i}+hjP28Dk*GLN`}iHAf|Kyk
zwC^4Z4obZ9wy3t{WIQtC0d3EI0whB+kXg_VE6IM^AtoNQ=vC|hFnRC7AzLQ+){SQ*
zNCLI!#Lj|8V(g&-(h@&gtKNP0!>5KVAoff1zX0=K+P_~vwWyDbjEp@5P{m+{MM9I-
z%PYdB6Xn!QM*Z^pI&|S&*qOTx=zB;CXa7KBsgay-BXw#^)8cUAXa5Gj(};WB{Ob&P
zFCZt92%zCjO%42;Z2j*~0<k69ga1grL07cND^@;5(0eKor$;F%<w7&j<zgyXLd7{Y
zIyx^HZgox8W>lqmZ-flV?(4>U!20?UHm&C5(rdt?J%V!jcjB8w6vU2V?*Pk$C6Igw
zsp;_&lOvTDV&m~FxS*BE6$VD#BIVs_X%@=L4~jaLwA{)9n6$F`!v@o=4Ype1>ti{|
z$b1&MPPi>`LqGMwJ|dFsK^A&{l*5)$=@v-Rvvl9bSE1iP#5>R^WB+-FSp|@61}Z8T
zI;oeJmHQR1RFYr@e}NcJ%u4%%pw}A9l2P;qcGcEF*>LhWd&Qem40t-l1A~Mt-#&%`
z)GwJdA(zb4OIf_MwXBG(d|S2785L>!F|1H|-Tm29KrLv8I8D9;W!aPXO~H!%)$a8P
ztJAf*I`g<zxoZjZ(Cl6Adw6)FPlaw}0EfnLb=AIP!DTQ)AO%<ww|_(cu@kdY4bXAR
z?5!|;d&AAGvJ6%Q*}57?6OWuNo%is=rj+rzIZsYc?}tNuGre>6Vh3r{I;-5>*C%81
z<<sTy+M}Y1TN^u*);%E!2?=XzfW5k`pbK1L)k&yr!4WhIaFVWE&@5*xmtyX9#iCJH
zZZW4-%w-jP`LcIwuGOf~d#}OEM&ahITUh4sr@*pLIme((%4u#(8CZ#tY`yU-yl1im
zI$&1Mhosko@xZ7r>u<E4M*t1=yWr8t&-3w_OIOO0Rq%}XPJ)A=)vP6(3Q*h00l=eP
z=bRct<(sY0$@kF{)6ovIp0SY+rPrIIN{UC-DXJ|MAW}E%O-#`o%=hX{i@IrVTOEe>
z_NoETG$gk@W*Wue&!i0z%wG*oRbs$JEmE4S>YKNnu06Va5Nzb}f;me6MxoOxSV)<T
z$trR%WD*MxTQI31ZXt@{v1Q$;Gy|kiCin@Y@D*RSTt>P20O$cPH~C@`mT^<HxS%9A
z)e8fN)^Y|#=UeGBvXVDoSQ<~ebw>m>Bk;6(Zwhi^DO&h$u_*(<FUIRHh*HjgsaYxj
z--Dg=Jm265Randj0a^z0c(w%SWC~6$M9^RR4iI-yq}}L6eagy_qjKeFe0EjdLS;Kh
z9|mI{IN-dRC_53U#mD9_x3OV_A1yo*f+I@J&$yY)Cr7{6CLu8JN2MP>emt1j_Xx*4
zb?#9x>NK$F@6ZPD`%7T$LB5kcGgV`s#tMuRHy_X?fZp{>fC`7Li$&5%0v>nh6HE53
z>$&l)w*+6mF2tHta9HftSOR<&xeA<-r|&WRAN0fLpdWg7`VVH;R8**_u%{}YkdeY_
zf~b>vs1N36!kNvuiO(mbq))Bx@NAws1^i{3@;6q=Uum0>FOm}rlmA8S>#ov~62I;a
z|7pGo)Ukz?c8gM(HQteP=_Gu>7H^_Wxsi$nI9hp~pB-quHyx`kf+RH*ONzANX*WA*
zEr98hl0f~38!y<8+4@Sq<6GNxj7;9oS7zrqEXMR(gVq_12g&@m!bRGL`!HTQx%&F%
zS+Z$mLLLJnr!dnV4@Na%YvYl8c%gAVF;$v1;`Oab0BxU#*@8_@1NP7CSaLPCt5US}
z_>_JnU!3O=*xD-iPjv;YV+}Q(rfVHA6(9=^hi>@n9#e89ZFQRoE{rA%5{Ph0+@f&S
zo_5~}joLSSr-4zD!&&s@grHqjVY&m_7@#$_XGYIzy}&3L$3FD<D#IdlA@`e(+*b_X
zPlC5`Ga+g*Vua0c*YL=xVeWfLYY&UsH5@d&UtR!*JDU$PK%cx1nEL4v^86X(BBs9E
zt4ns`{{TT>#o$fvw%n$O_{Fsb@)Lo#d0}H>V{zovXb3QiFPtXT0-a?BfX+eWxm2n}
z3N$raw{PE01BRV9{J*VRQQ2)x*4Psv?F?!Ym`t7*i5rK*MA{Edi!Z6w75ke?Q9VRr
z%`jm3`Sm_W=y>_rr`IH1dqK0;b1YS2hp1s=;mqg*RPtJXRnhvDhxzJN^hJhBiM*Ey
zxn)qHguw>~$acS_^;Di3%j4Je4U$L&lE-HyoAXmPhn|RjWTxw&e>`Ro;ZcisO}|H+
zZoc{1Ztk~hvV9o(tOniqRVknaJph2TN1Gd+R*UXk+!bK_QPB5?-+7K2n!uzpqpev%
ztGLq|M7<i&-hQZ818P|;no*4An(K`JAiDkTqPq|B@~V&lt+ngrhLN%uAhl-Hn!$%L
zQRc$r8n1f(q^iGRcCWE-T;4Z3P$gw>2XR6A<BJeL0-~f2tFc)&UAeq8Rzf;dFvIJo
z2(m2_ySO~k^4d7i$i#|eld=T9M1jT{sp=pNyt`0Gx57GrR2pejW-Ku3cN&gY+varc
zU@+(y|8zSEQ5*!}m99yTiL54HKXTmEsB1VD42E+m7Rwt@O&mU9vvTNK$DvZ@MS3f)
z=%};dY~>WxJ)fPx!Hh^Qxt(J%^kuc6{;}PT8(_{9Ee0zT)kbT-+ONgB8qb<!04-XQ
zf2}J7VeW{tjB+stNhFCY%c^)^rCdf3PEqI4LFiOn$xscvayjcuW+CdIgRqYPAf5yE
zJX^Nakzcs(Y^hZ0l_2X#N+t8J4KIdCbf4Vz*Z%#~GF}1Hf*Y%Yk7P>+{iZ@C#XYux
zC@t%yZzyxKn88;mtl@T`#O_@l$jEX!FlVlD0fZ<=V6?gn)F^|sDhw%sG_w2mEZr~w
zVC^_N+5p09h#(-D#A$1{qv|&Seqn}8mTcM*An7&mmqc=hhbWodmxF+%1F?^hDmbux
zwjC&8`~lGSbou<G!3+IKiw%cAq5gx9T(nBv2%WyHFD(G(j^LP+?a|{;m_Rm2k)vUK
zt*N%5^;9W<r<Ue{`3dLuC;G>WPn@7CRaGTB!M!JIWong^cxrf4J8KPH9J*uhKK^Gt
z`zn$*7rJdGvsr%7NVOmZmH<!`vw-IseZFxFb5X=6oENc`M;kR&{nSiq&w(7gMIR%m
zU=k28R9cIo1^D^(G<{+FRBmIA_5hG6UO(8W%lMK=9JNRU7GSeJfpo6je7rOS%wDtz
zNHe&02md9~S6Ch$>U1)&h;*0C0tjEjyd58Cs6-Ynb<@mBJK;&*7l$xAY39d<7x~JE
z(mf@MneT4v<gPe9X`H@1+7O3XKl+KTkqs!>-(5EZty(M`oad|G|K@e|_jTyMdAS^-
zPdf6M550{x(Py+A$=KZ}g$#e)j&xNiK5VOWMyB;)t9xy~8%|BqZv`=MzC3yIWN8}y
zx}sI0TvJB%KFn!%N%ZzZ#t$@>Gmbe$OgA$&-g$U5i`%Mrv6gv*-mrEFM$cz!%URY>
z6fMP+Ptx%C9KJRXZ*OfSfuzOnuzkQRUqMBVG~KKCDIc5L`6=i%@EWn1!HIEB4lNK=
zD#Z{TG=zRnM|er`w31jo%a0G93qJTH3qZCS#H!GNfp6n1Dr$ZWFp~~IJp+yCE$ZLg
z@_&{Qsc2Ua^JRWXojUXx&oE&FC{WY;KdUTRHe{?=rSoH}qisF1g*{|)e5dKSOfsgo
zF}bOCIs|-}gOstLAs?G{)Rw{I6r3#|wf50wq>UqWa#h@qPj&>x35Vc(0#ia+ZWD2L
z4$B%1w#mp>iG`!6knw=QtDrF8VVi#T^@{V^F%Oix?#wa;?ACys^ib%!3M04Uu1_H$
z*R#nF2_MXxt^)(6wPW@o6llpJ_KYUJN?1o%S~8J7`12%Q%-Eu$aJPwm#|dft8;>hj
zulnkeSyuzg7Tcv>O;4=KEEeJ4)^mR^9)L?KH8=o{GQIpj^yEoXAV&>)xIb5*A0N2_
z1|1QBV8-U1`Oc`Ye64yKDm)Gj8}}TYDsOM^elQ}GG9eHQ1s4lh0adN+$Kt(DWPS1#
z$MbgiJ}`Zhd0$My+C_S(r?RtL3uC$6K@4aLM01^3&*sz(<4~*00*2lEuxYcSzWwyt
zaEu&3>bynWk)qEe>Jmun21^Vu*u2kmCo8w)L3ivWCafzylF}e;la%RO7qIQFVxTSQ
z$$L7C^fw>vVkgDP1x)<eOtzK3KidC!O+0iLFgh-%Q09|G@dVh0UNi~){GY^Km?GjH
z^h9>x>z4s@DSQz)0AB_)3kpD|BJZ~Dg*(}6$DI~a&6Jx_27=j}3p~e}1We}mt28Ho
zU6!ilcGjFst0n-t>q6crY_DJO>}}4>WZDa+GCn1%FddWi8?AkdY?67RMOebZYfSP-
zP?1Lc-p70X8V6vE>r3_V)_nL_+IR4&)8-it#4{652c&n>-oh>Ct`)_jae9Uz)4>!W
zm**OO6U7k4<S)Q-&?|9jaH$o~$rLOLd}}bZ5Tf|ZRIAHsu@4*vki;bSr(G57{N@%o
zqf}OXpG53N#b!~@7Le9?t*+9_WB<oI`yaU7hio*mNI=(@8fp#b`U&N{bwUFkdr=xQ
zz}Ynx6gJO4Yu4BWmYYxU1G`&X^Vb%lt8<I-P7z`eRM0^T;Qq?b&;N}JJ==6BhRewg
z_~l#%Hh4Z@fI5lBlGWNb;CS<Nu2M)ysNd&aqtWIxyqM_X^^e8ciPic`&gxUrpT?+m
zjVHiCB+ZNR)$|+?`;miG2nU!qgiu$pozriEgycLC$<heg0b}7p>+9?BgWaCVLkJo4
zsT6XRLk_D>zP1uAfq9G1aD2uBnRmzm+J-+7kvIv)MH^4-3#eQyCb;#20?9Y8^=NIa
zh{;KFza=cppU4RKxPn@7z9f-VS?g#%05Cq=XD*l2lX9km+|R855WQ&<mcM*?g|~PL
z(n&yVq=hsJ-OiGDg;%BSTI8Ws$opHt^pDiVy_EOUIDgbZr+ESB_)y1k@89^T2=aYN
zoQH-8$b0qKgHf*yf+Qac_?eb*IBY*dYMuo-?BXVp1cb>ctOVudu>^&M#dGxP3_|RN
zvcvgdWu+cAVEHJ?N``1#IrLcuhL_9l+F}r}lj(E~7u|(bX+-8XgsS<pmiL1>ZmF+Z
zZGkTZ7y~W&_+|wOkYBMe`nPumPlZ?mq7fkg8k^HQOoBAHbXz3IZ8}<JTixGX&vdJI
zwL^uP8!XhSvr(3n4_XarXtq|60z24S_DpqAi{%ng7bW(D-(}R5CU{ohSFSMmEe&A}
zaF{>9Ro7XxUaL&2<Zy@^S+@-)Xl2?EHEj(Xef8`U91?JOzzI`<Kl#Q7&xb2#HH$R%
zj5Xuob_Qh+!xy)Ax;x|4F02jU(FWaY@6w>fV3SSL)6-RJcV(!lrxj|zPyxbVo~=su
zreC(t|2gkJ0v$W&WoS|@EA(+Q$*yO|>K(UcI=-K2(f3R4-DG48LO3r9suom@@N%f$
zU~A&2A`383sFN3=mcW}7gOxNL(n<~Yw`c8-eO6Xi$yrz;Wo1LXhPE*Rv&ln3Q3rGK
zqbHU))!@%bGerEqN-wzZlef34;*pRoE-v~Xw$u-8J1n+5vPgbpUdiV-ZoQ~!WE+IR
zDzrUWrPK$M{Hah|ue)Z_@$8~N8H}@0zj#+oaaBVz=bEy7JhN@|^Do6^i<*zW<g1hj
zsXAD*!4oGZS><b#)GgC&Ogf8l6?DXxK(=sGW;y{Bl%`6Mg<_x=Pn<BX(NGmHfih_&
zs9C_%RIcS~(%R>TN6QJ16%QSPu)R5GQ+Kk#0cQQ2XNB8_*C@)YJy59t*;#tkY?>F}
zyXze%B4tXds$zf`lmQN!h-z7mv+18P$ix)PSA1jQr{bdb=wNf0qFf!GURJ{O+aHO3
zLOZ3z?%fn*tM{xX=Kzztok$MQa}z;_cSV||ibt>Q?#ckEs81CWve$z^u=nX5mD_ED
zDOBlz{2=!Dw0y$6jDr)$(%;|Ti^)2BYDb6x0J~x!&rS&qy+2+-t6)vJA>rif>+9h}
z<dDZcuxI5hsYW%>e;{hTYByS_-Jb_9NFXBMv6INxDEAirKaOU%5GW>S#c({VbZFUJ
zaKayx*_VgEJ^EGtK0>;zTrMDxKResJ;C<S|5v=JtKQF}3R`UT&&s53;giG1iPKRIL
zkADt$(bUa*X|<d|9oqSqGVY&uE^i{!4a1)r>57j|*HL6NAe9P_G@;G%S_=B%@2~!R
zK$i@`&$KV49DhM%NA1!|VBdy}M15dlnka}sp*WuhGI|ohAmND6(9my3v~|k-M9$y&
z1fXl~Z$(iG%_Xk{oBwgc*q^yy<8yE?g+zQld6l$wT9$vXN3zoI&tKCb15w5j+!ZO!
zR)@KGAbJ+$jHb!6dBQ|BpG-ggl|$Jug0?otICfcl518L74rn~XIw^xgL-#HgJL=zc
zrvXtwp8y6|=A9zc%L8byrlMWZUR?T9DdK*IKame|9((`3lW~bhhskZhMkzBh>Y?l2
zvKoSTM-G?{&AaJ|OUe%&`}VM~2!|lO-I_;Z{9+n)9}qiUg|T6x3brq~-TA(0sEAEZ
zbK4mcqyJ1@#=)dW#QLHt9>KDOtMyaK80Ns)+1Vxw+${l-XE@<t-U6VV*}_6YB?JWp
zg<^!c?tZ^<Iae+Cm0-$0?!sRnNnF5N+y7A8+_2?`2m8XMYlWc=vu~zCr88R-Wd`kM
zN%qk>+9W3mVNyhsq64nB97jjjds%vB1o+Nx4|Cnge*8<vIL-*(p4sts>CzW|0f8*H
zi}P=Da{_=)@FBlIt@JA6wJU_gZ*5mEXBz&>M*k7j5(j{D*7hvS3kx?P(}CX8t2mAX
zqNFAqa#dK)@E~4ZvX0SppNWwz3tjNqiHwjYxmhP!;_<O#PP8U}T*4@+pQAlml1H(z
zYD~Panyb15H-9B9x22CCgI&c(FDqaLZ#bAKGngSAT8htZ^(+ot^I~jlY>K+Zf$x9{
zH=5JI?`u8~!U?LVklq>*7W}cb?!zRP_^LqHo#jtE{i|d*q`o5X{#J-aTI!9+5i~B}
zAxKaPFqi&}otdAP@ulwRGJ=CJ={@a=^yl;28`*Nw*aI9U{a%@-SyZKZ)fSFg4=0~W
znB<jaM`$YB`P8{=3R3VCzjN-X3K+ckU=%nv;!M46w8#Vid^Eb)(5;$e&|<&ka@IAn
zJCCcCX&P(+Xl&xrTzjQoUAdzU(9)ifKFSaF`)kMZ#DQpgbz8{dj}O4lzwA{-T7D#d
z>mlbZid>5bG=5CRQGI2~ao`hreg>&|yg>Vfa|ke>P(u!EGz4Oo;+B(DdZUvq{wg=u
z0<z<&m*|5?6o=4dSEhQ_k8)|8gDAPa>m=gNX{}G~OHODC`HL4HHtJ5yqq$wYZ8*l{
zIjE=#R7$+3T~Da9Gcygd4gF)Sl_2rJ@}7j0)-<H(f!Q|@$8i;h!^&1b>U=Fvt6r0%
z<<5`5%X<|(X1A#d|7M!{zaNgk_pK&GiWM+6PKn7lDiPDZ0!G^w7m*tT1X7LH_QTVJ
zf(a#oU3}O{2gbMF&^Xfh^8%sf0o1ECMo_!8(Z>h&M4bE=lbSDAFHY!(2xmxl0-QO|
z4>1|F8&GN#RCxExb<doE`pEH%`$dsj1_{I1-agQakVNafJMeDO?GN^EZNC^x2c2*j
z4z*ZOm-*0~Frfo1UBc+~#2FA7iOJL{Tz3cY6oof24mf{JO3`3>|CYP|I-r05Tr~F~
z9)N$xfktC`X!FpaIdAt<z_iVLr!Nw8f85K>TTpkLZTi^33Fpk2Old=lmCQSz0FU&b
zsuRRgp?B9Y(rH~)g$oL}#W?EDeZ=<jEsKGf8I=tfPcNVt(Oy+mwcCin(+f=VkY<gH
z=98?^)?-jc!!N`+2ylm|gVBz?6a{5>z)<cH8(`0AG6j5qV>R8*Y}YHP*Lfl4;!0O_
zfs)g36@>SSJxb55|Epn&Bo4i$yMixJrFkkxQxMLUWrTwO6FNz0wVNFed-)>u2i-pL
zX5&WW8yUUV$X+!5nn@SgTPS``1pHBF0s@i(0&YFDqPc4;3cbyBc6OP))|w%1w8UNi
zY~R)KxcD)a6;1bcoy$q4bOQJ8^1kUZj#E#6PuA-RS*7>H9reIOWw6HHB5wl}rOQC1
zkvxzgZQ@`IW<j5e!W~uAEvz-Ar0z_)o|vta4lzG}E>!6d|D>a}rN!?}@1DG}vIqd&
zlYy_*barmYReLZj;1T*V=O!VSP8!sjkI((J06Yj>osrMqTMrE>$z8afk+HJ_pW~~U
zxw!%Rn={foi*Cc2(@1ErH}NwJ279@+wKaaUK2afOWJIo@q%^>DuI=E?%i&9aj5$l+
zkhkSF>f7bt5XJuzuWXdBP?1@SiE8q$ZC7iqm1LSmC!UUCO3Q&pmdjrAeK5&|AUJP~
z(Q;NV+G&qTUR_<n&1rvGzoSNuc;!^wXta5x<N5Pl-*j>BCWuWT4*{E;5PC&I;+NA~
z$J;~i4I8`V9aozdGYv<<w1|)Kut5^fZ86H_R+q6-@)F+RnHs97o8{+UwqFCX5=~y1
zLUVRD#l3{1dpa^>nhzQDZ*lF9&hd-vjYxrUn*y-t=xl<W?p&1;&%N)|gJmX4InK5p
z!ovkG&New!!Q>o-m4k^qWT9xvsv~bOO&qtzg^(?j=H;{-L|;FB=*Vaw-Pf@Ka<IXb
zyFK(7fW?OMhy)*9=A7M8-QYezR36k$p+-jl#7rT@Sr55byaqsYTg9N|()lk$sKlq3
zKwX|k1%uaiV#0vG;Y%eA>pZ=UfXv(`z5MU<q0K-c>=>*`3r{pHNO3JwVa(zVtX(z9
z`a~LAw?in(^v$Gz3=bQoq72`tUM*!F$x{<{yExeyFM`KizIsjBx9B|v(Q_O*1)Zb=
zkT{oGCFON5SC}T9v^*+6&v~UA8+Zf3ITB-jY*wPH+p&tQJAp{($@|WTIeY_lPEK_m
zFQF4tuQN~-B2DkVvE4uf-hKQ7`HDtfQYtUW{uDNThmiHqw|QR0(EHDCA~-L>MJ8dH
zYo=8Zwe($pTsU&Z5NgO<$^$PxW`!<<v#)X6I^3MMu$&4+#sq$lo(+uyhDoqdUozJE
z=n#P&$=SF`f!xcNo{HhRFE%G4#ehjKqfV0p7B+TToNfi^LY-}v>MGf(W5dQ&0S$2`
zv8_!c?@^E%-0gyUx!Q4Uw5VxL$q2Mjc0n*iG&*g-0o};u|FQPhQB`(ZA258YpaLRD
zHv%HH0V(N}P>}8xa08Ok(ukxeh|=BNv1w2Qkxe(7RBF>mH@s`3-p_NN$8)|jzV{u&
zKae4A)^*Lb)|~SfGgp9qRu<SqMPg!NnJ>OeZHXE;m|4S6c=qhs4pQ{|(RxoTmrQlt
zx*SliMzF!5SqGzlxjK(TszRak4d-X>%;dU1FKXa8!WnhxSEBxZHw^fW<KxS2So8P4
zZ|NA>C_rr1>n*Y~tAOyr=%v>ja#mhyUR_PM&7ftCA>DV2rMOWROeO9o1M_m5`T>$&
zVKPN3;(<nghr8vxQh@1Z|G>Z!fW$eE!MIS|^&<A(*BRN_ePEusJVkO0zAo?i^trI<
zJmxV_RHqj=oyq3Uu7>9OZY7_eh&qBh)uO9dt5olLXR&1)#Ifl|bBIpC?CaN<wZK?E
z<HbpT2z%eV)CZMiJwn^u)`&7GLEv%J1}&Habpn%LJ@X9hiiwiw*4K1S)AGEJ5<FPL
zzc81#0N=LhMC1QE2LA9xFW`>(+cz9kF@j=}VJBkqgR4PStJ3fTr#obV@R5<-!A36M
zvT{#yP+EKL3(JemH?CLD-UJ1W(a;)8@%27erB{nqPAU`-&<YVbJD`g_9oDtAjH+He
zJM<?$Q&^SOO}3h}vIPU+04D*%^H%nrKKQTPwpo`yMBEu?15kKWAB1dWpxDcaa?)+3
zP-hs7Jr@V^oe#7J8IQ0_-|erB%P=vuYowKFw0GY`g9<9WLr1k2ZUWB;=fAEZ{;;UO
zH$rbWhPki(7Lp)&w1bv0p7a4CD!cGSClYDk`4%!9A!s%3tTR&$gGJE>$Y&~Ro~P2s
zrRy8k%lPM7wvUguW$szAMxbWs-a2=wR40c)3lv^oX-GLim~Hd8jJUeGI(D$~juS->
zw*%kW(gj)pI=WY2-prKrd|bzKb*163!rIy~xUbgk{KkeNfI~F{BN7rGZ-ZjmVL?yY
zW!keUsz(qKgIrkXXZqeRNXPXG+#JLLFMgz`lREt+t{wjIqW+I#0Q=ijn(@NK?cXhT
zE&P`^N?Rol78G5LojG5Kt7Wd`>t9D5g-vPdsULECS=6vwd++Bp#+WAP%dvab$0!hK
z*4$w(&tJg6ziV;YoqSH(1xA_)E>JovPgWJTmPLoXdgaRm5lV1@&TQ$0nGme_&vbS^
zt_9$-8b`jhy*(x{YwHk_X)aes7ra(<9S$=oA4r%iNcPg9F_vhO2GSl{wypDCkWui^
zOu!`c^%I{HH->|}&zhN;xl90C9D#Z5=0z6t2$Wy(Ew4WOyY->I-)n<WlCnyFmU)N$
z9b2*gkGq8t<9;2M!s-n<6Jy4lVRQl?L(aT<u;*si<j?g!NPi+e=}Uc>OI_9A3470a
zx+Gld;^v)Kl$&|(ZYDCXiC}pqx=~cOp4P!urzcngkRF=bqIs0#<E4Z$$?oggW7T%)
z1p35mkAb>3B+_v>7~ioi(Ph-qHwtp-J4zNa0AQX)9PfjMNqc!{EiGgD?E-3YhmM{e
z+dNlS8<5d};X~)caFp<tt^S*Y?8C=*L`6ke4Vz4QX2zmOjTu*hji^zzT>;pru!Wa&
z|Eb7WWV}eyVar=OIB`-?1@ik^ZTmyfn}c4{Y~nk;teOKWavI7%R*#wZYCpA>g^S2-
zE2tv&i~FvO=u5JDl=+3uMG8)KqHH6A8IlMzx~9r*>LTnXOo&w0GJAWK+*Dg=LxY3E
zv-9)v7UL|7hF^OfEoBpslG2CC$;mCbG}R@_%F0%3*K+}Q+ieeltf&`u-|tNi6H22L
ztebtE(rLZi<~-A4SG(OUn7EdwTmz~qGF}@BY?6ELfTQuFQXo%&0^*S!${sK3nz;6Z
zmlqk1c@%J0HocYlPYmN<&g=@g%SR+|3^3H{u{BeGeSE5ps=U`!CBePb%VbWGD^WFj
z3#DhX$oAtFs=T~?8g}aAsPesKyQvQLhR3f0Z}cf3=jM9Bt;7!OxXYumokvf1Gah{y
zq(NYogY)<*P&O(Go*yEyGT!AwgA!$^PeqpmbmoC80{-bN^|?}@f-UOQ0=>oWwROc-
zP11U=zy%!&YDkMA>K^OWLldT^6tNbW?$p6SHD=sn;NYJIi~w&@3nXA-VM*!DyK3xO
zk$P>m;vInzR~4KvUto}Vc+(STmd9LIf3B4qRR(;#?EW7&K=^e=EGTI6i-eCAbgaNG
z3%~gBl+3{i3j==c8fD=SN)ksFl8Gbq!zXfl4GxzDUKCh%6m#WfA&ep-Nnb)KW$f(i
zbf~SmP=lI!`!hu?Tu1aAutBoBQ8Bx<Wq;J;eU=_sbGQ({G-m0YS<_lnR75lk_s#_A
zsijlGB%sJNt{<%|MaA3p#fgG0?&*r*`5+`11>=BrT8ybt7rLSQ8nue!*?!Y>W=Y9C
z?Pz3|U8MJ!Yo?HCzBN%k$h=FqffT!Hv5lI%`eaGbJ1c~(_F)t<EV0?`u&Zh+q7Cwm
z?q})n-#!s>1Tb5YQKu5{c<Lz=XCBf;4-=JdJT%%8A$AxwucN?uG2gNO&in0lQIYj=
zEnuW9<>eO*>luzGRk?K9lqP$h*}hdMJ&1ev?nz{iMnhv`W6MmwNTET)YXh%CsAtr`
zaS<kb;>YpEc^h1q2Wt$nxHSqUY@70&qlAw7F4_~uKznfNxY-(QZepT*2%zK^UspX3
z3Uu_V&ycG%N2Yye?B0hV8UZc`wRYsvGcvk7ei!Yq#V4rjz69&_(!a#}KmPiWABE>t
zC@Cy5WjvJw=27Osl8))4%H=uJ8Hi9>zR2WKS9Ivfy|9xLj|Aq8oZiB!sk@T%`5D#A
zIX93a!^8c+$|h6S%K4gg{AeL}-IrnA)v>7Wv!2a~J0P{8Mb~#n#&>YhG6ELwJ1V!u
z@1|{0$;pa9dX2d@)gX71PDJEolIsHLa$ma4htI|@j||U`h=GEkLb(R$qaKC`7b*-7
z4)$7CO)^hf<O^N&Q&Y<E&9QvTY)AU$k{yLzWp?P<n|^eAJ-X+OYc846cmx?D%v2o;
zf11ZXTbms#jZOP+FkG<|Roo|7P@}NNOzl{VBBj|e<$Mx1=Cg_$G*`vQ9M%#+3k~5Y
ze$C7>kNMe<?z!BhNcx+y)ltHdEh>#CTP)_CF&qSVc*g2A85w@SutN&vR0&$kI*H}N
zi$nR*j@H7U)Md$k3R{JiM$O(G|3U+^POmZ11-Q`T^8BR*6#(Qc)vgq!139qji|WdU
zN(Rabf_}$qts%q%poA=p15C9HU7MOn0A~*cVPky;BL*&#yw__QggulcjHe7nOG08n
zV^+7if(tLw37vA&t{RompD#IvmGPKCPx2Do88Pu?;MM!+a%7!hY94+^BIK>{zdH;P
zW5I1-Xv|n1(}_U@moLC%XE#!(;Pv^Ux9g7iI>;vN>8vWxP-MmI2V@Q(%L6TjV;;6|
zrrkj3?6<P~f^_2rnEf1)l(cRivO43o*qhqVS(TTk)50=kGfIn??~c#?c$otW32;Kf
zW*bT<6#7WH8hF&j#z|7x@-s0711uH=WtLH4t#@aj&Up@Fzi-QOq@*&7U{FlA+Jg(v
z$VG0nPNIkhW*(9TpX?F?c<*9fUdPK}7kosYZ{tu!I{5Eg#TL<k*VT$tI~FkXmQn~v
znV8EgE-p-~D~^@gu<l4N@(fVv_rq!*VNYon@Yp&C<spcw^!E~Vx+lCjB_W`@Hfcpk
z@C%@NxhDo1VD8njBy`vRe;p_C_~y6~qQt)T>@7+*WYP0h`?!W~XY1s1pH8Vy9@5h)
zm?%BHfsO_|-M<bu+pBBSM9!His~b_dMn4_s*q;!ar2V|~!PYxVJy!-Kj}0X7?l;8H
zUoFm$1E@!_Qu{bFXfw>+EzX=8P2k4MH2EIoXJ1?>O+{j^|G8FiynET`{&yo`VVC(W
zG9ozJyPI1@sk+F=nVvGC1Mo?iuWcjKxnmUWyljJE>os2YJx{u11rl_buV@IWlluSq
z@DyzPd%8*sXIG5dR7X?D+j%Yiay^!*Fw!9*yB_l(r6@1R0`sQw=F6U(t--qvS6>?Z
zvA+)fvx&RCV_@`!Kc}M4qyb%kJy&!YEbIO9a)W;8D?MFZIW<+OT@kP5I7C&f!E>_T
zUF&NvVYeB%a)-}ohD3^PO8<v07br$zb}2LfV4<M>&<;cR`&KO-<ZkD0|3aO3A8pa6
zgF;>FhHtO@D)j!GGW{U9RG##z>>^jp2qJ-R2FG19)nasCmQC0H^%ILeXq`ti=}K|H
zLiZZ%-|aKh_rEb+HWj|6jxzQ0Pe~Y+Q|RfCd)WCPFsxvI@M$00?-wW5M*CzKhg7O>
z^=yc*<Uc#f-MY8JpJSQ|K?k-ddxN`Dzx{K1Q!!$8A4rSy)OqvV{5QDNPt@h3Dq5%8
z&9U1TUJeFA;;6-O{?FoKE*5A0-!9G?1b(((OVZfRw=JDtc^PU4y<7k<<bm|tj{kN|
z|AQy2=61Ys{uM|mCV2N&0^g)Pb3V7A82yDk{W0J3$wozh8U{Q>l}JU;Bdzy+=76QI
ze_3`B_t<Zj$D0p77Ep6yW+G1W?VkK?GWvJT_rJbK0&m0t)a3zRnSS-=a}6j;GeB=%
zRg-M(*Y6>A?GEa_`S<^~Yeex$PxxCI_TCSepgdNSYWvNJe+9e1?MvleUl}7z_lv*0
zWc?i)e_HB`*FM@k;=8`~&HUoA$m{>_ekGLD60C{n?=>;pzF5=nf4L^cHl-rsb6_wS
znvA+nh;API?d|j2_hQracK+9!u9J!06)4eG+)8`WIMJY4zJF75zkzM(^)=@c%C`Ey
z+H=1ea=^cRS>k_!JLn>~wf@`SuB=pob>jGf7%Jyqb34X8JkZ(K*L|R-X_*-KyX3le
z5mOe`f4?{7X|F3jzYm^Y=jd;|Q-J5?PQ?SN*e28qB!YthPT_Kv3hBF6rt8#_B4;lp
z<o4*MeQxK!98`-^wU*}@(ok3OROfdcDz9?5^XvGzCyfeXi;BNL5Di-J8&CQNxdOC+
z&3!p_8An3ALsW=VJR}rJMPrKr5>S<1X~5p{&CS;6B?J=Mz<(J=@cs&8fv%7%7Dr94
z8iVBg%mjo6qKSuLRHLv6HxOw~)7HA@j-mXwiD&}N6IhC+^Lh6@2~yle2+AQe`|SBL
zgn~oyPsi%ZJ(-UKJyPJ<$-{uRC#!lGvxlU-A%U-1z8uE9Ro&)uOHEf_>M%Q0^@$c5
zx=d>|cW}QiMIMAHjjeR1@UpEfT%<nQBST<Kg^Te9s)J+w9t`4QKMW?eT5iGOBP1lW
zwtutcsbqTkPI=;YxV^lJ1-6(L_8$-E#J6HHguf=&@!uqZuQ_O!`<EG-`#D<bvrl0J
zy$R0DdE&jby_vR^r^C#cPb9rK9Bdty?t9AkbviK5pEl7@M@p(DdyX7^Xr5k8Rb!&S
z-(F2E12@s1r#vJV%nt!2uYSSMQ7auCy6X7o05U+CzU6pk2G4lUnjRe;y+7#tXU31y
z$<7<{na$0#VK)mak1d1StGP^VH`AmX)gmaQ?H*yMYhdP|X*{+N*1)vAT)+2DkM5q=
z#Ni+p$II@7_Vi@Ua|u&JMNR3Ab*)M5{h~JmR^lV8XZl9|Ww(3#FkT$tWQTU+Y+w0P
zbeK1x37zV-6d+R|j3H0zBHq`F)z%ZyrVSE+t241s-C2DNA5US@eK*}p|G`&HGkrZh
z?FXc;Pz^5GWxU6!mzw4GYSie+9tx_;B4h?~U=<ImyKSZ>cL}4rvOazk8}b_%f76*>
z;WU0TyCYuxdG~4v)15n`M*B`qPAa2<5m5@UGGQuoLsLfbJqaWtR@bq~_{8peE$=+j
zsk2Ep6A&1&u-qTP`(S6*dF$49$4&q8xqJ7mr)1kglg)!^_$LE&!T@%eEw2mX*T+F;
zMH}27YCOHh=rnza^VqG{UVnlzUvOnA(k>2l2mO7o`uKAW|LH{a5ku1VhND9p^FqFX
z)wA2&;^oiKrNDk1lv>c~2ygGs0t67%eUgxs6%%x*nw9|_11ag8jBvW|oR_o0P0G=x
zWWW?sC~Y|IPo3pgb6d!GlRZIki@ujzvwN=|0cP27soqtLuvI82@e~kja}L_l!g%4V
zIQEpP{cDExxXaiaY~83QDVW=9l?3t3@=Z2~1&lcPw>33R--~jP>jy(_ekrR0k6`PK
zi@vdCGd=lUsa&qEiLy#I7L#=f19sTu==$ZyE|0I8iKT4c`msZ;kQl~jda+ghHT-)G
zuD>{{2|^t}91-}EH=wb&4{919a+7?oni&OB*>^*KWDbcIM=$^)tNGYquDxhg#(Rat
z%Id|pZ?C7=&|Kp52F-Uh$Gw7yWDy4<DAAD8Sui*4_r2Ph78^BB53;&?Qx=78GZsW*
z-5$3^R&8z8&?NfGwLW@*IMc3#yXC{yqmm4YN&U&gdyziT(aDPOg%F7bMy<{UKpEkF
zA||@Ezg=EYX;9$=_tMo#Pnx(TJ&$2$*B@yc6{BixUC7{0r!l8n*%TEck8fgQqYpaO
z!B|fe$gf=6AzuF$sN&?r<GI_l->=?)7#SeMvk9vVcG`gR#j#j|yPAis{8)4LqB%+g
z*ZS9KNk5-eVl?V(03}iz1LoW7Y{ldA%=_43SwGf=bBmut8(cr@+)A(Z100i}X_9Y_
zWjVgxL455Awf;w{R@JTQP8Jr-l<i+rKx2$d(2kR`oh3VMpe+Z+XBfq^Ww$%Q@^xe+
zP$A)K8g@L4<XLmNQyl(Hb)>9PcbD*k{NVz1gobV?ov`H>Zuu5{b~KBOy+<h^3Sc?N
zyF`^#Myaa;U!SSo#bCd|G2<ULP+`;1N>~rp8L3?nT^h%_2yQl(5dx?<pdg{5fHIMK
z;g4u{uNOETE}|eZ#R@RKwWw$V>;-l6y}~C^7Xg4v51xB7v#?~Blqm6Ig@$=BX8Xx@
z6RET!JeK3$NnSCQsO0NtZKWrmppevV_Klr1CPqG0c2X`fx-5+jwY9Zf9<Ia!T#{RL
zIZ&+e@@BWA#Zr7VW#zuP7qys{-(zBIBuH>>u}i%OK8)_mRYmky7Uq3Tdo1BmU&3}X
z4a_Qmui|SnNKv=ipH~M3yTeAydPrqITFL?)GMCw7`t_!qMF^{|QRz*jhv$rCI4-qJ
zDvfVla&f%~<jCPXGLopn&eOGWqqANO@t3#v@<?&9kWhFeeOr2WZXuz`r}VP2*O;$g
zGXnCOtX$!&RlYzdEc9pqY4+6gwWTIgK}|YSmaZly4o>##Ell{WQ)nqqRnVz5_u=tz
zuqD-lK8ZmbjGI|1r3(&zST4>+RD`6D?CeU*mIghKE7^8TRNo}%6T{M|4C@vb8B0y;
z;JZ5N>QXgkTa0og#f60fM{0t5M;ge%s1eg-k%oDix&Wk8!F!!Bu)M}uW0U!~V&cvE
znvGcoh3hPOA(rmyJ&}cdyEH4oD;*Pbt+jc=#D+rKiyVRbMM>9+Kjh_ExZ=1F?{m2G
zeQj^gw6bGmLDy6Oy{JKT57CzEQy$60A;*ENo7>x1aS60x*6W1P?a_LpCe22-wi7<o
zji@?V>`W~jbx%#NhpPAJ6uR?xRr0v4)il<gJqz@A!3u9~@wAcVTnUUIb&yKF-8+17
zv%o~W-{AbpUH_5gq-^8;*m1Z8swn2@k&9#;Bpw=3#hhsK&amNAS`)t%3I-WU%2gTt
z2UosMx5dNrEEwfLpFu5J+4;x|PCT>p<I|N~fr4wT(rC&hP3-Czn<4tf#1ZNpN3Ass
zxwXAsdPZg?B)1|SNccW$t}azcDPK!h2vW^GzS;ZoRiKq(c=B^zVIy!)rpxS0Bl%vT
z7qaSBbvQIgzWHv4G`=y;Qm?F~N=>XW#LRT5m|y&`S)0r6I@Kdr*TV|?Au@G+8*LJD
z*Qw{S%LC)ghLnS#L1oI(2%%9}{=l-WvTG%kZ6a}dBpWE;+h6-X9B-L94b`t>qMOZG
zV+w3TMNu)n&Btrl%ZgT~mhoDUiE7t;Ts&6a)V0H`Q0*Xc(KFx^;$zL<7;xAuf9OgV
z(4oo{(lq#bu?_ZUrwbK1N3|YZZXvrZ>>Q(6AU7B*vEz!2h|)>yAJO#GCB(f3QRs;g
zkup6mv$>Kel2}Nnyb_K+uR_C(1Mbj9p;SU#K^~sU3ePr$O}sC5o-oy8>5*$8b+fI)
zB&-H#rScvdS(((S`tE!8-CV_bOd7uNSbcr6*(@HTj(<|tswi4~i!E=({7Xe{%QXIx
znxUbh``&u`tH7Hp<%N6vp(ho&AD&Kyb!gx=iG6-F-4wp^3`9?(enZnFWqxC0L#5fy
z*tXuz$oc261v?@%=%Y*2w|i?YLZ(}uxcrZu8}p8fWCS7}3#3==PO@8<Un@RMm$&mH
zfm^#WjZw!ND8V#oGa3`pRuE&QNqG$(Ol>T_%N6_A3M?yNDV?<aolC0ihFYWc#w*KU
zULOH)_AQ{K%h)AHZj5^?UGKmi&Pw1_uP$4o(L>l9bF4i!NUAt^yEOck?+X_L5kTHe
zS+qkl;cL!>#|eBQoVvaC0*;Jb@HB0V7xEZzNJKX-5qxSU>-&)k--kkNk-PFFGMmku
zvG^f|6B?00v+&_si$+K-tNz}H$iJ50^$=lgtf#QFa8{Ef2O}ez!|Nk+6j*U>J;DCR
zp2s*jcjG4n@N#z!t+c5~NFL5NGshmA(6H*1Xr5+Lx8q)3EV_GKD%?)HKG=?5=|nS5
zq%mwY*|9yxevgRuP{6@LLCM)!e-Ww9++s}hoj?ZGJLjzRbgsqtFs^cCzVWDcq^dzA
z?+w6Sjp0tC@I+Rp&&|z#yY4|&0V9ZEYr(lV&9(bgJhdV(6g)PzoaS5DuMrRssE9rJ
zOX@m{dLvQ7=vZ7^hN2sl6%#e?H}+P8B%JB}Ri2mlZ7-0{&8-yLH%#|Bb#~jgp*?@W
z2YecFrjVoU9@FL5&rfkWDh7_u-s&l)@88GyICMNdS-QM3UL>48l7#%Uwp=XwtET%1
zUUwiq<DYpcV!HI-mXNfjnD9<L9Y&xCTs{<qM2s)XI^HW<K!X-V-I-wtJaAQY^QtM)
zD{|_6kDCkVwdyQ7jEb?`FO5yyak28<_p<s^KNCe)2#GnT3W{r`0da;b@u(=9zBqJ#
z-hLI5qAzevThp@{$7?&8RYPWK6y|>uMo~m`c|A;`MBS!5J|vQboPZj<{8g`LeJvd7
z`)b#-E~z}6<?C481HP^JJ#STOz(iZa;b+6)5V4ySy<q{^l`Yk#y!ET0(I5I;dFaXH
zZ(X)p<!4z3)7%EAZVBqv#G8H(D>T;rW-9(;d?Q+R*#4fp2j8+{a?j8}KNlb>3XfG9
zVLc=As}XHnnD*FD-`0RjB-fh{-}r7Upn|zm=RcqC)lky06D-l9Y0SAlosiNA<>RSh
zvqHAgE`=u6@o3abyBb)Pwm)lytE=cmUYmJfIIS_L3Qf2bQ3KJ9*bc#S3pr}>dqL)Y
zX3k_$E_Qqx*3lwI)LqkbzgA?YdGYK@pt<d`2oK?sy*E7LDiuXtj0s782J(~Z3GD;s
zrq0_FDaY40FlWCcv2Spw8#F4F8P+S=uM6p#<B$qHOoHum2Igf8U4LqdX^TD%nZi6s
zus$!kh=zU3xie?80+>UkzPog>aFwO|DX&#YOZGY=Td`SJ9DU>TtCkK-sS03nlw|(_
z_)+#X>jtzAodGcdN^~zD)%FN?@hjS!lkbD-FP2DnZR%U>fr>&_(e^-ibV`dqE<{9B
zSorNtDxuM-tbolwHj20(eEjMVZW>o1U>%iG0LFvL8Zfd(ur54(?rQC1H}?4@*fPac
ztta);K`)wfdW<aO#cSeA1`|2DW@a=oWt%02@0b3?4>Geu*ee4*<4e}f2c>0vbtDTh
zu%nhJ7YeRJN9X(V#6f)d$c2f7=Q(45cBd;=CYFsyuD^^f7y7-{6UoN1`L3hPytAkp
z-~Wfl!|PwHYH}4JvW9kuOioz-RNByD{Z85k18!r>#U&)k_-hLbAy2pcwC%Px?*rqj
ztQ_Fbvh*`>azxe}&s#8^<u$(OF#h(#h=}79sotce9k9}YST7Ii@#SD}cBpp`!~J57
zhlPZ^&z-{%uTj#HEIxRqp6=S(*4m#D92NN8D!hX>Q`U{`XeGUSdstiCb!1&wL!#Cq
z-ByK~On6zybus4+b3ROZBycKnC;ZLhF_>qzh06HVkkR321N+o^VtfB;n1$0T#%!dK
zdnoyn{b3Ira0Jh0vUv5c8^tn-9Grb87T}B8I>L@ugTdxUKWXZD<({mUK#Mk}hb}IT
zm!vgKlcX&Bxy8lECp%*f@q0y0pjG=qC_$(89JmU7t=<5Vn(Vsu+JXK@_{m{HTa5Ct
z#)s#K4~in<<5j%%AA2Qv5-z{I`RL<UY6TPl{2H}~($>RAk5YjdR`q0=9XGMe;hJ+A
z3E!W3YGQPkrISLqEi!`NM0wpDlhoA6CPSO=@lTnM+kSZi3(E4?`uroQI0B(vk(DB(
zcA!U1Yb;P+w_MzKsGw6YMvg3q9mqh>HFyDy{_N1L4S;-Les=#EhE;K+NRPU>w&BQ>
zNZq0^V}aN1OlpHY%oQT5@A&EQQdTT$Ji?ltA${Ba4jDGNK+IJfGRD>(>L@m1wpWN<
z*V&dC^6b3jWoe0Lv;Cn`%%^;-HB3m@=={Os&G&yXgc`c5Ro`*B`<6uHv5s>&blaub
zv$Ra0s?Z%&${9gl4wG;r_Nn<83+((W3*@)<_tR@M_3k=YcP!Q{N(p=71GbWfXCuDG
z++IN#qHMoRjy;@RsD$U9E;?`Yn<5-f;k~~;u2-#PmNr{}Aw!|rVmtFA(~rU~)fXc_
zC1H%(Pu<sd-;Gpxv#|SVrR9Dpv2Rf`^Q6IvJzIQC%<b8LZ8;h%jGm%i_5OWZ_d>PU
ztfFjY6Wf)=sf9A>bz7IVyy9X*_an>2WtUftMYU(Bw#`UN=CSR@g_w2;Ak6RC)iN^f
z49v8K5Heedf1JJ8`Qa@ZG7feT8=F`&($@~y?5<Gd{ojr5D2sZd)tB=!lV1sp^R_90
ziBM3p;L1<-kf?(IDOE|UVj|K>#DGlhkyYcu`NWWPagw`#MJ<$fko>;&voZl)lJZuA
z%I972x#bHLg#-)`(FcB&bRim|U?MNGzT@}Dq_&Y^+E0b(B`a1F^x*AXLlbiOWfm)W
zDV@G{I%Bs${)o`$3gH%FBgBc(*C=1Ha1Wm4cWC<F+`!%QYWB0eCv*wIdM_FatJ9(V
zYduA<^lOf`;M23V`8=$uDpdX`h!?UuoNa}G6BTveft^8Fp6D9DoOWrm7|@_H+cS20
z4nu_fYZX&*N!z=6J84wOs_no8@3Dc%X}!hUyngczn<@mS!TEcMbcxy<=_?P0${QG*
z<U1w}gz^24mpSYWH?B^QQoYVh*BT$lR=69Q+f~}Dc{UM)p*vZ=E36A=CnlOd%Gj9x
zx~pbg<7Vq1thw>~r7e?@9oi^40bU;HK`!f5IG(TRD*+A5{Ym!?PrRP&WG~rd??$oI
zW+F5p1=NmQQ?`uor~2&$VC96?-={}0FKCg?IyYOF!K#P;=Kr=zQ-p8b+tO=^JgnSt
zP%=A)RVppGt?mI3s~eBIh9ab0oR-aAMFKK^D5c7CSj$5znwMHMbQs}$LZCi4NQxH;
z%)it<RL!md8&*S)-M1PEtqG;TP;`HtLnmpBUsvyOZnOV=tns6{yp)7^7QNlq2VeJ8
zo<8++ET$kJVJvj>)`Lj|O=apRi-<~S4V77H6Q<}1<^pcd!?&Fs;pUFt(Yc;Nma`U8
z$zKoDg&sLX6x+r~?ea(KOpw;mGP2OH$<%Xy<jAF@ch2szspNN+P#O-ghnXnR=468x
zxSlw~_vH=Mqeq@@a&k{#*KOEH^{Mlyn(9m4-p*QnvMV%uoXi}U>LS0<DWD8_3!G;^
z`LOz07o+2Ri9M@HAbVv^F1=xGGjNe!3FH+QrG{@@RoC=B?K-0Q{FuMe@f<gTRc{mH
zvh;P5!_T?GuM0y*`Qk#-J!IA@{5^oq;yd$`8~@rB`s?yquunLWwy3lCV&7B&s3M{4
z-3*>v^E{X)KPJoXZF?&W=2B0<!nG~io*nP50q3ca$yJQTWeTPG+L@LoFk-g+8eFT|
z<;PP4+2!$T1q#;}Aq$ARFnd!=Bcc$*k$Un?N`-X&x_t|6RwhP=^rPw;ih*d8WBb={
zf^bVi81Qwu@&QZw4n!s-N3uF`ffdW!O5TEnF@LKF_1IfBv+J%C4^VuLWtG%r=3nkn
zZfrD6_vLIGU#K2Or-(;<nNgc=#8c-lPRD>}w|JI0PhLHBEZk#wBWPIb#>UQ`ZR>Bj
zy70blH+7l6?54))9xl84<3!F!RA*(*4MES6==Kw}8Du+oXc+?o0^kQ-6S0kkh?;}v
zS>9~<Us8x8bZ4d(V2Pm40oT=RPGfC=bR)T%{^>67O5ly2a8<ee4KN*(nfbM8cfuoJ
zk&`+)s+E^pn5wtw+X?tGDi#*AF+ZYWc|5vf9Y}%6RYY2P-9wij{{H9{4oEiO;TI4s
zGb+61hk+k#=td&q;a7l?3BbEyC!#=HVrV`o(8m6fdnZ5`_uj?M>JBPgpL(F@ee{NO
zW?%Dt{WZjc&%yW%EuIyxU^dn#$11mg@gS{y9Jh9W_K$s>cTL~zTd~wxG|%odCsC-i
zRurb!j4q%?H<V3&dUaLVN{=EkI#OB3t+qbf!5(tnG)OkIR^4%FnqDAg^beTiOQO3^
z=4ygi9+)p7Q@Z!Me9NK_qTkb^x@H#A5hY5_Q7P^75+|NHwh}mSzC;-j4$rUS>>mqn
zp)d{W?pw02*QA$#JiTJfNeV$I?plxA<o22`dw!l!;^e5Wurwe3srjhVR>gMHkQy};
z3Ndki|5I)zIy5xet@61;XHoHP^9ZP(`+Uw$pC(_!$;7BaEUDd<6!DDXeCGQi1@SpG
zrGR~W;^Kg{Q&*1+Qax>Gd{nhZxr<~poQ_o%cU`S{Q9m>^M0<A~M@`q#+q3K)^*~|#
zY8fjgT(@eigxo=QgDOtSgeXisj_cU?u*@$#8b^(P_x;s2Lc_|jMrZ?bhc4=Po#h**
zNFG&Q20pZJsa%tUPA75Xatk``arnv=B4YBJig!-A=eKGNr|*#Q*!yYGMIEfdEL*{5
zX6LyI^o#xb_xA?|PuIG&YOG~;hj_TRCR3J|i!aikP*fTeMHB&YAVu$k&(y7QlERQH
z!=76LlQ3)YhMoQpXOqti^z?n_Cp}kyM2T9zFkljlfd=e45n3*rrc>wIg*Z!cg|Ss2
zkI4YuTF+_#7g!U;y0}hiC%cy%8=IT>`Q~*J`X_TZ47#PeAgzKePbInsk&_8JLniIo
z5}h|b#l>0B%$$jBH0&3tC)-KPH6YjB7wg063b%$Xor9C?QR?BgsH(R8iaFcS37B`%
zdx#8~{v_<KGc<pN=mTJMd-s7vo;=YZ@D)Ro92qtN>Hj@{ZudUIAaP}z!OR1R*s|3$
zT*6hk3{3fA{ZhCZOALs_XkBcY>=P;>90z_bsXwUJwHfkr2`Gq(VDqhNJ**+E-z@B<
zl&Cmg;9^s9K6Ea%YLzA3A2RS>g~1+cS(k*^dV;C2k?STQA#yti`(*U_zI2F0)Kp=a
zfs#R!9TyauXr&g-72z|IAUOJ$(MykcLWig1$2b&e4Y|j2jd**nyOT1Z9hz{V@h~}m
zxhW+MUfuBCi|hNrRUCphte^TvY)2(mIT80aDUNnZ3z8EOxFQUdp6F)um8PFj%&(B&
zV`kjn7>Sln;?=ufX)>}dU0QgErW;l!XfSU)5tL$OtIx;9zCNAwSNq|SQ!_is>eRp!
zo*pFs5^Fvs23*hPP*F6b`lD36Wn}Z`=Ea#1)Aky(pqM#`-p`z^p>pLu=H_w5WKje?
zi#yH1OulU;XZH^^2#^ObPu*`*Gc;)vuH`!2elkR|<69=Uf4^#J`6B8>Wp;N*dWSZy
zdg?n}+#(KhgZ-yf87Z9_pS_O;l6k@i=LzQ{SPe+NpH~5UBV0TqV0HsU6X#~J@794~
z-Bi{TvgIjJNtvG%H21*U7#O1l6>jo-0!s1@V5$eQHSDO=9?Zzi$zcM?%GN~t2Zmr)
z4t`)cuUBrK#0kX|Msd)SMYX;i{rHSiVY2GuqkLKV?0J7kA*6p99qO`?3J9}s_j^iy
zjNe<Dn95tvt4>Z%{Q~1(JlpI!v>YxVV%Ml|spABc%i=ztOHsIF0B7oti#5zJx}{aw
zdI*G>1(64+@buVI!>92o&nZ0!nyy&2ZW|fd;=I!|VFzM6C-rM#9fi=YzA?{3iht1P
zequ&q3=9`1-dCL?{+x18%U_CBvzp2p`$i*WRt83D!H2t%!%-DQk4Fi``T6)BR%bRm
z6!|LnA(|b+?EUNxSzC+a2Q~-oce08-y=dd0s>8z>a92qzSvBUURjUpkW^iT@G&<3W
zt#n;+7I52%nK0u`A=baAx?av=<s59y&QHf!?zE+4#M7ZMoN(V}Orou))k<Ty4dU!z
z1sxyEc4434f8LJ;mqyM%<i^Cr#G9%1w^Q!ZKGMEtDlU;6QAvX=)Msz`q`KEC?nx<g
z$`5$@Jj{&8hljGM$&*2v!Tcr14h{K^L}qv8DHx=nL&@d7_6{q}v95N>duR`NqVkLC
zAM13LOD*=#i(<&N$U4b>K_m${l~p(*JG0QBjUp>89hZ)XfuBz@pHYJ2r|#X6>-+r(
zBq*mixD+1-rPtSA7Wfd|rp*bGo+Gza&R7$j@gkN+_7~Q60`J2gofrqoqGA?sW@B3;
zqYar`>i}1{543gFs>X)Fky%3a%0THpNJ`yNmBbggC&+-B0*btN7gzFDlD%#8{rv+S
zstS{Ijsn%>FyU^u0w?9c0n}sZF&eoJ<hd+*YBKQp^D`GJR=sK^K~X^Aa|2dTa~yTU
zC})|BU0Sn}-8tZECj(gb3}*(eTkQ<y8wMR6%-t=*luQL|=SL%EJRED4BWL2kvgpGw
zud~=k#!GbGd`qnwy5b0Maw2~K)2v&%NP8fj5^gwJ&X42u0n($s)BW>Dm@N>ZY43AS
z;B%?xeOkN({$-RCfQlF2@){63@qRUN=Jz~aYx=;p%5MUE+IBj*6gwPFzM}${t&Kgr
ze!F|TOjIQ4o{=wZ_{KmZPPL*Jh9tcU-;1p}$+tLvW;W5%^+@S`AMWoFPh6`LS2DQG
z8j;DL_ksvabT-3)McQAYAxLDLU<nC9+6a7r1p;LfHZO{momld*d4@S#!l<y+Wy9+k
z4LRrrP7;;V>xqf^2sOEO+!t_Lt)5T}3j1)GjQTl64^RrKDy)+l6%tBJni!jZ^YKzq
zGVWVDrjC}w!ewJ=y=$brx`AY%zH8rU;`}+D4$MkY=eb@etHj2}b{8fDf<LqCvVJ|u
ztJjFmw0mugrX!gNJHr)13y*2ckr<!o839IEmF*bV<;%?gq*RUup^|hqhPH?BZA61v
z@>3!jKWZXUL|i<69s2oM8?<Hkei!{kh*y~bQP}+*y~DAsN_HkTdhb$$TBkKybX~7Q
zpF%NyeilaFDz=1J;(aqkpE(Z&=0=W<@?!@gro-<%x{P-*u<R<S4m?zSIg`ywUo_#$
zBASE!b6%bvx4)R!N_eYY6c&b~FM`Bd^U^xpCSzf71Sx@G7<xOvg8a1-*&D95V5M6A
zNV&A-Ws-Urn8}h;Rwgdy5|C}Y1S&?3&j`*q{I;=$m~mJ;2=7o-cn=qgYpz?{^nATI
zoqMvDSBg{fr?CMna7xU6_`WVZ^e$t$lCHTKc6<A>$bmo6Sr|T69WeKcJ_gz~?9+9Z
zrVqz;&g&U%RNjx*S42^YRiN_a-fVFD#j>v)XgXc%+5r@79V&LM5+7iNsJce6Q4+Zc
zRB##hT8AS~5}QF$8QY=nzE+&kVM&y4J-N5#dI$HO1gffYD^+J_taHcFcb(Te0yKBV
z>{7EHo9|SOpO_81-cI)QBnoO$f$8osB1el4jQbAW%b8-?@}~P`$3iQN{dYTF0&@bD
zoP}vW*l<heLRt@!q|^IsJ9+NBZHVv1as2d&^odJ)C)hgdOTc#|`gq;`$Bs)d#T}7<
zAWeU>YF?(C@YCPf8!X~RgJMewA~tukeS(Sz@F-`8eL655av?}RQ~GBa9Gd7*YHHg!
zKCgr~^b=~{kO`})+P8k}HmqF<9FeuoOKCvCfvB;>p;VBo5@;<di44k9up$^PY70wN
z3XJQpWK9pIgoT21;X@?3v9mv)$q@mjATo3iCJ>Tz@-2BX65Lg6W={>|gQX#A3Q2qh
z_!QP{&213B^2ldNxM+!wein-Zl;W}Dq<kr&*wptWUq>D}yC$1lLn4X4a(b*5fSzu=
z4smy9$ao2Zn7s%JfUSK#d_#UUDi$dcBZ^f<7l8ADzX?zi-Bv7jeXrD+n_Y@CtS*U`
z_0t`9YKA9_M988HH9vJOEx+4gH+`PfxBLCEFwqB~GsYkv+4^<5MzVOq{z7Vv@4e?b
zbr447p{v~uUDma3-gR6W>&3Z8-FgpXrm<m8V2lNo%gA>$C_fXi=#DREU4$ucT<|#@
zpH4~#7CvLvYa8C)F9UF@s&~wIs~}2tGu6eA`wqsXhv4QXMzO%Dcz3^pu>)%4eAg~Z
zV^n0MtgZ`ZEN^$%d!MdwRe+gZbpt9zh2`bt<iYiO%q8DWj#g}yh&Kgy-W;sitrS+7
zx9&8T8c>WNfzfglm<qL_Ls>acWou}JeVQdS7_Geh(IuGH|4)>;3i*p(5GOttYlLe;
z6bXEFONXQyjIN558wr444N!V&WeceO?p;ISLm}6!T}h9>))jpj%F~z!_fHKc7XB4K
ze|p{Zych5C`rf}+5lBd~;Wc2>b=X}Qml;+sT~!l?IZrj6KcS<MOCnx5sW<v8d7~bU
z^=gu}p00Ci*Kqe99u~xEsFMSNP~m1h4bsmyfE7@QI^O`+UPJJs2&twuLFY%xf(9)e
zvoESCh&AcywgKpzF2`0YcE8kUc0qdE^t+eX`B^{SeJw4`75pBf{V6pTaXs&;sYX;E
z*p2wx(ftYVyRs%dn9i6Ypf7Mhki`~Dg_d+e<(?A}Aj%Ryfb%4*i;C{-%%Os9$BD8l
z<hagaeSVJN%V(P?#AKPZv0WIeV0!B-bJ**J7MnhojYpAemfBWxPeJ9q8x!R$*&RL}
z^t!D2>-<*zT?FACj8d==vUW%@ZFpjTr47d{6-@lo#Bb_NQ3NpK$jWpv^)BJQQOWb-
zBD}CbLxs`1!~AuamGW*$&c*&YDSCd}r<Ep1oAJBmM}zGxY@3JlzUuiS7D!arqi_gu
zDrCsw{x_^xS`Fe+P{Y&Hz2L2Zdxsub5wIxAemF?kB@sIt4~%c%H9WiF@7~=uc=I|^
zY6qpatOt5aY`p1WbjJaCUVf_?;Fdx>+&lu`25OzSNS-+vYEQ_SXuo`ti86$h_3ce+
z5lF#%m;R$&Fr)xO9KlBP6o&WfI&ZkXf{N5~nJ{wOleaXNKL>`ri#k~~O)~5UGfpG+
z@6??mTd2%!YFcNg;=?Grq>`uAI=9%HPGrwuh>B<F&n?d(ypJrX4%ou^e*8&-XB~CX
zb9wy5O5D{BF7Y}<ac~D)i?PmrckHn?jRJ-;f0~Tq)@HeF!=iZ(<ZiOCU5o{@Y%6U^
zwUM*h@W5gCty=`RB)1D|Mz^Xe3I^fK2!nG-Z^`k3m~xoO3P2uQiY<#n;U@XYVBlK$
zP#^;y)_utBqu>=44THN7!)}40Xu)lJZX6;GeuL*eK@ap;C8dZ+tWBl`^2QCeBFUYI
zc%nTH-=-S5yXiltFn5mbw)qknqN8~YzWe!ebB;vy`-Nz{INhd`eklh}kkCPN%Ab=m
z8l>e!u=&PQhvjcOWeGLu-P5eDKyE(oG!30xZGQ^DVh-0C00tES9B9A2KBT+Gf8E@7
z3mEt=71fdHDG3@E6kI#3H&8kQf+y&kSzxQ)H|a7xpCh0TG>*+fmGdXaWcCzAQS0Z{
zUB<(dE)(LQ+hU_8YFK@02(yZ1JU7gD0CRPoe@ltP03EPL?68Xxf<}EB;jSHKvCyf#
zlW%w`Tkpd-RV%!Y7jsrW#!Jh%g3K9H)^+zSi@Vk+M?n843U!J#-bG(BHin)NhmuqB
zCKtUF7*4s!l!#H@PJss1EHcn#(lwN6aC1yGks6w##*_XOKKWHnXwH@`l6XGcR*Gi#
z_09BGGUYk7Q^q_9J>i6Fm$<H%1PK_ADt)Iq`YVxeGsPMoOPAP?Pp&q)o1HNwS)&NX
z>N|V$@ofdIAcZ7ugYF-7)KRjEmnmP=T3cA4I_J1Qfs&x;JIzvzX!~gMKw_CZnzsp*
zleD2L)Pv8-tq}r;U>igqQZzZ02F+T;+cX}UlHIqeKKK-MyDdw!2@J9|YCq6q1+trf
z%Yt`t?`;Kspc6+-x<4H1=@uz$<#M^&{)UumY07<LNC@#fF(HBC(9p{(>BJ_6`x)o%
z(m>lg|FZm_k1nCcjqwVKqxmm?7Jl}0`(PJ6T`JC}B@hcc*GakcZL9;_h(!9)066-=
zi@ubpO?yfAuz97oRmCN0H{WSIhiSAqRSv1Cs*CS7$3<H(KYO^r2Pk6cvj{WB;_CWG
zEN|{}LvLh$xOE*HBNdB1h6d7bnxRx}G+;`~u5I)KU?1Vgw<)0a4b{+b3wRzm;ZdNh
zPCdS-=%a6ovpAwzgcFJpI_P%63^pAFb#Fw<36Pc#;BM|2<X(6Bv0`Xg958O~zCY<Q
zkiZ|^egZ576M)l4U(Op56980lyYFQ>0*6n0ccE`Pi|JwgNy0??KX4;<D@vxvP`Jh1
zLnY^ZDwW+17Wk5Yk@cz-s^Bo6sJ1KPYZEyK2Jq&{?nI3t{$Y+bAscKgC=ZTDw3hzm
zKbD~JbQdM)ho4QiLgEN~z%1b$0TU!3pYE%5%aFt{v`8x3Y5U{)cj(#cQ!=(J8rV%P
zN;*?TY7D_rwT&2WKaqbj<7XFvOPviZJAMvm+jb#{NZydHgoBqXx(wyVP!!R)2OmYd
zkJFahpH}hRdW9pxIGel0C;HPQCZ9&vI&#-2@}L_um+}j{>F?f^&7T7;O|ALuPx>yC
z^3nRHx6+yp7cAYtLxYkwqzHMRdBlmHmrFZ^U%Cvq^`O@z<6Bm@|E}@OEZI{QiwI)Q
zy#~Avf{qvMW1Czy41hg3DUjuRKh@g-ib#|!tv~0cna3W&<CY?SnmQWvROpAk@xJ|S
z{6A2T#?UUIN*>Y|a-!FqV7By(bOB}MEn_cg+`jL{eJGT&claDts##MMlsuvKrg~xQ
zlPm5I?n?&Ap95~Do}IqW*llPyv$wZ@hAa|B@f;flz5)vEkH0P$=(zy$V5MgaBe6?*
zE_GUP(g^SFj<U(+;^G=Ancs`jwaHv5s#93sAc$%Y!@`0_p6yj3pB?=8u104(C3=1`
zZ4MkBmm?<1$X8d2&nqVk%bsF*9(=!MpKQ`}HqY)Iehl>M*}PLP^w-C|z?KWhQb?2q
z?p|5IHl%xxJ5>B5F6wgP$BUS32;AA#rZ`(MOil%38MV6Pw9oBPQyCcfT~n*gAj56w
zv>sn<z1=^kyNZC$;h7k)TBG0A{Vbs^8U{Pi@4t@A`G;&e<-^4pN2tbnN->CN<PQJ}
z|7<;j{BJd=mhNph&{xJt_)O}yg;ZzIG-Er9`846`TKLD$a>6@$s_b7`!@u=1U3ZkY
zj5?ZfbV2hHFT&NMM|hu?jNd+kf*DIkF8Yj7PiKRmG}7eR>Zlzz6i#r+sR?WtfY*l!
zu%z+gVXfW#62BNgZu72<LeOa_FZmfzL=P4lih{N!ntTFxu<zwpIYmXGNnS@xV~w75
z5OOjy*<=q+MGw)d55us*6DHJ%I0U8}S7j9yqoHm)i{iEor?7$^_9);-9^cQYx<Vm%
z`^h_>aM1(`47d=Q%R0^Y(cz5C<tCw0RlgS041l+!4kD#kt_t+@^v%oX3dXk%fvr%s
z99xa#LUvYGe*pH%d_y#_U@14%7Xt=!w*lqRwUGx6y8e~&X3_~;IPM=W{M)yG_Bd;Q
z_Bj7(y>df5Huv^V{VM1_@kw3K{GYQ<dV@X&7;KiAEh#iCA`xUCF*>vhfKh*}Nkwu(
z*Zs+TpwMkpZWJ+D>d)K(77EMde)J3FaY|VVcd(+zxBXVE6^IQzFeZV}beVuvyG%=q
z&pU_G<Qm!=@Tvn<RWCLo*DeC<W8KDCJeU=8jeiX|viG43Jd~A{ojKGrHAA9#WF@QL
z=4jZtcD;ITN@eO1J&Nx4_zz_N#SFAJLd16H>OVK%{MHy;Li<Go>Vy)H_?wD;8>MyG
zVVyh&h~Ztow1)z~kbcs0Uq6pLa2x>m4_joD*m_W&FD*oGj|lMbAMj2(eyDhO6ANoV
zp){y9stvMbGf}PFF|yHuVS58u+6v1j@I7*a_9l09b!CE)m!pJfSAgy7Y!Pti)XQ)4
z6xyFCF9QM<1CLF5BPL1)^wKtJ?>C{;qD8h;$G4vZp<-clR{*OzVRW9mE@_wn#Dq=Y
z%Jj*2yuZ{I2__cK2(SEVK$79&!67nI;}9g7S->_hnlH2_EG*2qC@1G(gyEfuR>kzQ
z(___NHb7&pD7?B@U8t)3X*==U#s)hiZ3IJezehLGIq+3>qg=t&px@?p|695Nta~n=
zq4v*bsEY-a69$7_w;u5S{lLX9luV5%B@=fQ^p?xqS7ic9N-2me%I3o+KEDl#klF>J
z&8L%~a9OI=*`TV+y${BmGEQ2Q_ja8w4*+o!ImWl6?a^zOG%;Rm;h+|rbgk|c@|Z?1
z2u{Il0(71#fL|U8nF%H5RTzeDz5pXD`h}fUorFBQL69G@ZSExWiTr_8QE}~Zk_TJ!
zHZPE>O-X>+&*PtETS$H@y09-4T@psW6<xTlM>q`k{yatcB~130a0E^S-<_FG10HY5
zy{can7cBpZ9<g?!H`e==X7paY(7&bL`>lVw&1i!ChbAttZ!x$`2^_x85@zt-wb7t0
zO6&Dllw7}giF811>DaYCeVuFY(#ufr>E3)!YBn*%e^{oE*fGNeQw>P`*ouj<u;%%+
z7^}|xUz7g&Tp!Ylq+-G1_fkJfkXrt3TKwbe1)SN%uK+<SkyChN0471;>oSCNfEhN4
zE`=rwzgGB-^U_b2KPd^bkJz=l-<CuZ1nvnu#{R<%2&};X|NAEi7i(VXx$9)NCSw53
zubk}e#T$q#`&$Nw^=}kJFT3SZ(lOz{qAt~KGYowm?bZYByZ_%jFd{f-fW1fB4=3#C
zku~p1<Ey{lBmCl-W&JJq`;X6T(YGwJ!}69CDMy6hhE7}OuNeCXy=;nAYr4O|c~9-H
zmp30@yu~MuF=T&yi-P~_EoS=LODNLN>*4{ja^n*Yk6-)ET>j!dbKw3RT~AWq@cf??
z7qx_5R}4orpa3^0|F9A<hYsvxRP~;qh^&b&seix9Cw@K%-y*~*xlw???Ox>za%?CZ
zd;5=0oaX1hl{zqv2r%&t4Qqa{$&}pm+uDP<+41L{?v*@}PL;#1e7}GC)x{GG0P?J#
zlF9%01ao}L>|GleT~jNR0)QQC*_RbW=Y(jG$H^7{s8yN9OX3<_`MD6{IQ#$6qK)V#
zw*59ps+Rcp|BvPf+jk2op|tJ~Bw%*I!&n^EQ@UEWu|iC2z39a-+b<CevnJL1$4sc@
z;iuW#*+k(+u>|{-=rK4#*{O~CAdr~I8aLHlyPLlvKL({UB=G#L>`3_}K??cD_WFCz
zrIh16R1};G&y5FC(VF@I|1udi%N1@N7Rhf^SEQA!oe1ZX1r%Ny-6EhMoK-<)qVub1
zt4Qh_yT6aF;)POA$%&{WI_HuS{5-9|RfiG+Kac+{O2myQz4~uH7;q9`L~sv(#1}%2
zi19uhGc0IR@AakOS_8etuQ6J$G4~imso9x}^D==EWto$C7coEcXqYd+&vh944>Q%(
zBHU#SPL{Xu@|aj`h9v;cKqaUf=%riLl(og_=`-1eEly{`!+mqDSC<?<=itqF+Sy@n
z9K+uG`d)t4^23PW+lFG@ewK=nQFvRx0$ssqdh2f3n>P`jz(-E04^ghBp|M^n()WBD
z?V$EYEjAW5y#dZVVWb*!QCDpJ$^A-=_~hVBNz0;VW^HphdhTQ_J)b5w-9m`N($drJ
zgc_HA0b&uLPBFK;ec?;<=cn)&nof|9b^s5+c2VsPIovO~$b~E7HU4Z?mOP(}@;oJ)
zbKQ%*28%7PA1)V!gs@mL(iL}FFh0`vW#SgAZWoERki7EDOqS``oNOqH2xA0c!IXpd
zwn|g)empQ1AWt^G%RslyXgvu_k5ySnP6DVsCI*Hx-@Dpc0VZZ@S-I@abeY_6i;a>j
zGld(}_x-M7Q`{yObvoiM)UPUS6*Mlj@5~8rVaFe>l{B+E1$54}aqo9q+gLjFw%m&`
zK4D?JyDRaMKxvfi<KrWZuDvJ<8D2{L{OoOa<@}prtpQe^^F3~jr1HAiw?WslL)a7O
zH?7C&BSR@gFNxP=65)>lo5TNo(f{-7YiOMW5e<HC5`NJr$ZnxQuMy{UnTAxi(@f5o
zKascrg=VRS;_h9=rg}VS0x2pEBaBcsa(zqT_4FO}?i<Ya#|VCY$0z4r%To=4t$XWo
zfuTsHrPvRgN%js7*2TV@STq+xG{v7nv~{(3{D|Gi(5FxPVQYfB+J%kN<z}>RsRgC?
zR)RNoR-z^80<h^}zShj8z1<MbFe=MDl5U;{9}!OQW|3kf)g<}EM0vHLzP|ifvyOgp
ze}8B%kV5QgTf0pUSk}@rOecMTZ`)YZcNc*4g|)`5m*`Ii@NY#PpUlU{;;}N-jM~@X
z!3}dyw3B^ORwtY+1v7pBp-h_v&9{_i01rN$crPp91XEdWlSWgj!VMvu1=jHy`Nn{1
zvH*cY@={Omn_nweH`uV1cBr|}(CQZ2iRiYkPgG_ra}5pg^b1?0;}=H!7N)uDRvF=g
zDZFr-9-zkR=*jNVg)PBfD3`>z0~>tvk3L>=8%VQfmJQ}B5vMT6NZ~4$H*ox!nIQc>
z(_sFg;bEATq1B;)@qtodL%IZHL1YUH(~kxE-X`i83kyLdTx$s(J}C<=bFi;8S*?}^
z4>7Nb8_J7xSKY^2=Wl5inGO`j#|P$hpZZ%l!hBl2yuPRC-@z$bB1-lK`%SSicvGN!
z4>)8VU`o9DbzA=V3W8kXLWe&4=@DSFCs8?cx$%1+!BhjoE@4ptudNn~F+sEvFzv>D
zAMlkX8IqU6MXSJ>ZIgONKyG8Fo){O$+>&_%laNERO(Eg2%oaR%afc(1wL2R6)<aKt
z9~1B>Qt=te%s*$bO2_>$r!;H9qXHv)9UOXk^LQ-RLWA{1d*V3c@$E*iUe=~(e*E}X
zoad(h9E0EXavT}cLn`8R>$Obave~;Bj%-)W%!KaDmJzCqR%jBr%HuzGPBZ}2d`xT%
znoyJD0r*fqCjvJA3k0z<JnCN>K<sqXV#B1K-?&V6$!wSkKt9CI|L(j&eLrRBdJOx8
z+d;GGBNDbx5;a3?9&%1|#E7@ewXOJd<)JwH456`bT0DmTTId#T*P#NqXS&1AD`QeE
z$hYr_imi;m_!(`0iK3~isc{GA<(CkJ1~1+9+r(X}Y5)$N3W@M6AllRsCKAJ&ne}(F
z!`)q<R9#5^D!_Ea7<CMJpTr7VbqL_{<&2K!H(|Crmy$AjhQJJQ;zO?B8;1BD@X?%L
zta~+X{Xe9AcTkhx)~;fsSm=m?Ac}-8C?Fjopn^i^y$FO}q)QhiqI4yIbV9G8_ofIU
z2}O|>ssf=G=>mdx2NBPAe&>F3?%Wywcn61<ckjK{+N(V4S=)uvox7SEI$SO5_@4S3
zt19qg{+{DLyW5!eRNC5(VzcoBI()QZ9GtmX$yqOe;=ep$<Z0P9{R-KgSs_+t8&GH`
z{+fN0(L0!yFKXx7dQ@f~dK7|wKO-lLzg6v$p7rr=AoX~bI9*umu<2k;?{*a&w8im9
zHbTW>jb$!^p@3@22GYXDXSHoE^KfOXw<c6?yFMNbOnSk#fVohXGkDxnvzNW)x_RGf
z{07slt9cQdt=^tYQz7ShhK)-&=Oc4_Z*mw5NU%+sVaqZyqKpv;54Ud~ah(ezaU9JH
z5_O)~ddJRq6vHXnxp`WXk6-;#;-jfQfH^WebJIH(tpe>KH6n(>$=4(pLe!I%W(RCj
zL~~X5_I$>6c%P><lkr@B_fCzY{+E+~q)5%`lqVMtk4BWzaD`!RCR4QW9A=<|2Dw#}
zmsJQWXS%j{@5XCw$+WgNoZE-Q1^?436AborJb^PqMCLIRka>{2qzwrvIHG4zQQ|U9
zM}Orw{+96Uw2>sh#!Br;jHqd--_~vv!DUtl7k}AQttVFsAp4f_FYRnSy%aS~JdoU|
z^&lrD6&KWQWn+gCA3z=YAOGU-V8SjUlA}yFUo8ZhnMEFbhow5%2#A7iHVt&tIzlUX
zsMw{ZZI;#ebeJfeiI$<<f<1L_cMC$jOumB@W3$y7g#mqRA^sw+!eT46-(s0_2Q&sR
zJY25P4(3&O!M8nusZ|r#^_zMVLgVnF&={_<alYg_rpV<6e`wC+L{y9K`Vcn#ZfBz?
z*(5_!MK<-NOLEbA&VF34qY|Y>T^EZvI#PZ;z7+7-;jQ3unWBOuv}R+zjPm)qlP;TH
z(76lUN&SIcf^f2<w&RoeYU=Q!4^yj)-8~id&LNH$(S>gCgks3!W_&beE`rB@ZvpyU
z=yh=0gHD%-M<kM7)8t#mfwR74kK7GlFvtmegFEIO6Q4VCeU&rw%eiEn7%UV4APZ?%
z<35^m&Ou+-_<>W6+$45ARzCDYPN$p8f?!V)07)hUGx^qgDa+xrxqXxHWYN1n`HyBI
zn+<bRU2)aL8*8g$ONAq2JL`i>KH&?uVZGNuD&&8$A3De<F;DrGnka7rub%889K?9j
zWwwzY0EVjW?Cn`Bdvzi=Y%Y5M8|_%jk`>BZp3pr2F52)LnM$m_mqQ)?r6o=CN*e3s
zKP_pruJJ-Hn5&j9tvfcCTWMQumM;SIA?=N*6L8unTuP+LQKuUHW(i=E+IrFPfZ)HR
z*uqr~W~S`)yb!iQD|DtW8k%L(zQSkOcq@=Dsx@Bg1$+~y-Uvl<TlaWr%jj3nvvII<
zm#I-Eq1zPHyU4`iY?_30KZs31A3m7Aq8H)BWpPQ8jdpQ!K{7cO2^A)rj4xm6mz}x8
zKT-er+@&jq*0gQHMc=V0CQlyaGG5NRfK!Q7m77!^sJ0ClnmV^T)c-Vw+X;(M=kN3z
z45aN-ZTD;WXrd0xLCzUnA9SAbV0C+un@fVhb?a*CDR;(Y7jp$=&DRS*;uGQ$ISua^
zbpCvL93;(~cp={vXsKGl(*6A(SM4?Ya)_yIux)AK^(cJPIunqNMPPlfb;(Pq>Aj_&
zw+2FS8~vZP*0<1LG_-_G7>@J3+U2H_G66PsCE~DS^9aAG)=es3rWLnKnV?-vvp3Pl
zAbqSR$T0TD_f+>{CSnZbvHuJsIFNzlW)eWGMc@(ol~lL-BrN5}*blNa>1jqv=#sj~
zT{>wB(ZKBrl<%u+{e`HMr*%*Fem&{`s`NlgHth;gmuF<?%~u9r?h<Wv#+igxVQuXS
z;7+afKOWVHisIYd%$EdLH|jJmSEuMF9RneN;n-WjX+>09ohHq4WNPEe=e?5FMlgm9
zB}LK*6&AS2jT|hulm!#6BZ^!rNQA0DD`o}u!=jEZ$((5Da+^l!>LhPU+Jvcl;`j&0
zpIV9x1?~&mXHweK-P>qi<yD$uAG$7!DnV=_IpH^!rK?`$QDYc_qV%<dvJ90VLRZp^
zk>gw?gVvFc?~4g4wnELy`_(Xl8b^9^v=e5@aupRlHx~$gP^-6nOFHM{_(*%3-Byj{
zc-Msyg+ZBl8~lY>nkq)o(nwNijnjJ~=JlrSa1+Gq0=z)(B5Pyy8nTdoopmPA(VVV*
zp0?IDuD8opc(VvviIs3|*Dse4lxT_S)UB{BF|;qQHfz4XDWF{>V!a_&6IsmbQpKw{
z(xI%~r?6o*Wf_Ty%+mgHF)jY5!^XU@aMB({(QEg`8ikS2_888F<Aw0Kjr-oSo9{q>
zBWR?nJIjKnOQg1ISkTxqKGHzGvh#XQqs@b9FZRnwXrHtN-6^@^*)6^Hh^o1ixH;{y
z;h;ECH|lRk1Mk6iH6Hd9__{g%c+xwDpiRF&8MsJ|$#J;h)Cp+$b^&rL+lGh~E=&2J
zp;iaZ{deA@xzw2T*?~3f<z-a_g?64AU(riuYRq0;{Zae&V5soTr0Y_2wAM4wZ&8tb
zWAkc|XxgZ1#=(k6uYUe0Zqo!RPBKw98(w%{{u9m*GGuTkCvC5u*|Hd}8#ri~$u%ZP
zho>EhqUM^(vC2`8Qsq%?QOyk2TC9R8J&`x_-VQ>BL`u^06SXY$6d?|rq|K|BP}f~0
zI^``j(h#Ja4_$j|ZMNjKhX);INH6Jcedztfh~|@c468gcYUFejjm_a??IYc64nQ{-
z<{K8A?EwuUwl96QT+pSi-E;26h8j(eZAZ}|d5&KTo|Qf{G23iAA^WpWx5niaZ8U?E
zTWc4-xK={2T;8Dcakg5@%x)iAT@~`f*3cpkskU6=osC`C;lJbk(B3t%IM{3VR&QDH
z_sQB^<B>$F)xAm>SIL~oI{z`y)e>Daqo+isFfke(SlPx?iz>MfcvvGe@LuP*bZTW>
zcq@JypX8Jf7S???=l#P(afjc4-H4WnaJGpZ!(7!7yrmGkyfkxool}?o%hf6=c4Q}6
z?zC(JH!8>&OF{~N33`+NqYM4}hhN=@G}w{C&-vNnuygW`NqxUiuqepWsrSK9+`L7x
zDoRi3{@ZGnj2kt%iNe<9r93XI=2MCb@HRdDWekr-jbRDQ3_l)Qb}@~$Fn8M{QCl`a
z1v2NNzhEeTH+i^mHkx})>|WlZ`mGGbE&*;`K_@R`#gR}2O}!b6P&&0)^Q{^x#rvjx
zQ!!L6<M<|?D)o5NaxYLQ;bb%adFzG~>p4ef;eKN==|@hHu|n3+NKPD4^{<~;8_VUK
zu=dC~C%b^*H*S=?mmZD1K?nH9IVsk6<G1VEl)c*$i-km$wB;0k63Le3sHe?Y;8liP
zKTO&s=s&clp>4u6CUtJ{3nt`pVoiF4?1i7(w_oTn?X5i##DE;kqlTyRdomkg9fxyt
zmfkZt4MZ=`jysguU(HQini+EG3By?TC)ckzzNOtNnc^w*G=fd_lv_u4tX%p!4vs*5
z$U66uX}4DXqG9X*PIPrV@QM0day3*qBjo|A&BPxn4AT@jvQWIjTl$EELuYUM#9De>
zP|G>xf##C4y`hPvZkq`e3c0$jx9hChtGRNE5q!E6887>DPnEzvYGlC@Q~cLCI4@6;
zf<~_4q4bF0lD3vSt*twicO@KFs1w9oFw&OknAP6A6h(HV_QP8H(W7-FGdeLevRu)D
z!&shNoJ(1*TC!Bye8r1LyzS!<fSgkUoDNff8S?W_L<26@;|7nuLptXuwMnRxi1`TA
zlgZ3=wkMyPdan%r8Rs-r6YOi9!N`+3@u>cJ$GUJ7PfItxsW;E2CnxNICheR{Y6_`*
zu49MEoO$`v$q5C0biu@iS!ho6Na6l@i5Jzlh34y`ZM0EY+`Qb+dfd$#OmU<;L3HvG
z_8&5wdZyxL6-H?}HPq_G-nmz^5tVl}q_*TY@t4r7TV*bhrAi=&5*^joYv~IlE@|%k
zRup~B-K<){d|j2&AA1gai{P*{e5J3zNZ|rJ|4-*6j{=NNe$~ZC?V=-FPsr#^<nZBV
z?rV|Ar^1pvPNzC^M7l<8Fm45?bQO4{t8K`jhSHtx&`<T}eX?o&`K3*JV=OPrcBGUf
zl3VvfVx}vPLG@LAixOj9B{Lcqd6d^I@=+bv*p(XjJjnQurV}hz($#r&4X<6jIuNwt
zUVhcIuccbl*wfEiv_t-~{fBf;wDSqW=(yu16y^fC4!5wWp*WQ{G%E4^tU|gkJmZiI
zdGm%G$XL0TCJnCC%LT&hnv-%SUj~h2y*G7hFkDv<#U0J}^?Amz4C*Eu&+BmRIbrYJ
zlcpGSfAwY=gvgVU*(uHw?S#?fPSo?7+;Dne%GM{*e<5k<ls8(Fay7TPY^zMKscn)D
zx@OuPP@(5dU%(Tc>wQH#WMy42coJ>!!QHUV*-@od>ise<gtErZ-0gcjQ94XxGgAE=
zztz0PX2Ha73h)1$XG$ddHpc}Pii*Fy#~$5xx$h(~8D2`?QnKP=Vpx_d-Xc3s?D4f%
zE72S6^1{2_mvdD3<vH%SG5(BGDe&MaWFv*+F(Ud}kdhRvzHuKmulA9m4Zf|nG0)#b
zL0x<SR})rFtl7X3quw2(3~`FHVg1<qG~T(dp*fJ2rYOiB+1s{~_T!fC9+5t|gB+Fr
zpyh~0zKZq-?cPY694>ot`si0<f#XUg{GZi->eTUS?xg!WR(uh_FP1O(cA<wo^=Poj
zmc>j&>am&ULeg4tPAZP^!k$sIzj($LE~Gh*;h(tL+7?CqBA1^ZhrYDEDOg8xB|RQE
z1>S~}Sr<x#=G!||6Z}3)a7GFHxWsg&r(0XPvUbq!)(5wr*3?go704k24D|5c#!;W>
zO`?Y2cMd)gswx&6@msE%b2*91Oe2o#@LKt6srj$+<hDFS<(xEm$7?%_ri8Dp35T-t
zjL}_W4b5*Ky%C=bi#q?GYq@`J4rztA@(BLhL1A&w`4y4d^Cc?ur0@*N<Ln$_lIlV1
zcYGNoZ*O7MP+kuyB<^{$3Lwz&Vp8hZ=#1S)d11bGr;uVcQhXG5tg=n>`EO5!5IzYv
zI@xgQ_@|93WjZ|={=~dMR;;ZPQ+yl8Y#Rqsn095@ZJ0;ja7pqzo$XMm?8bY{4UH6s
z0RV!26jwKT*@t_o!uCrbCYpE3sH}Ah{kq11o*hj+4hW_xGCe|bGtR8`(=6M9`$yj?
zGfgjw?~V3WlDe_={8=cj`6bP#ycd&c6L%>vw?iYXkvZzQ&<7WUUS~$e*`^lF*q&#{
zdx86#v#Ks8H3tpOp-t5_0X>va(j}6sranaVz}|u@=x6=fIT7#eU?r0q@71H(RJ4{y
zd+XwAm0Xu_oa3RJl?$|EJLa7uyJP8LwjK^u_5=-47q>^luYHT>4>lFR^yOY`*RKm+
z^;xwp`XD^HmWOj{4kAJ~<Zh+Y`n-BVMUCm8cKDC<R(}rVo$Ol<1SoAR7@@d=amlc=
zQCkt0hg8V4SLxXA$zrz567rsVEq*jenNS#8Ao^VV=5*pUCEy$<MUSsJ>J(ZO6%N!*
z7uRHEK`0u8*dtC{X)%Itev0N{HO<k?&w<?^F;cxh%M<P*JB;bEo>^)LgXduB&1f(b
z-@ZAwEDXahin=YJ7DR1G)!=8`zm3W26h11#O4!xm%{Z=pn6yF7w^s&JYr4#JQwGm{
z+|xws-1cSKVT<4rd(NS5vpO}=`o(!;NZ6BJJhT|iTu%4Nt;yN4FQcrqdeSD8tleZh
z4O`@ecx3N2^trBx>#78Dot+cy8@rX;CU_w(=e_Q4Wzh%9B4MV4i;Kw&xgbc+%dKX@
zcaQxg-Y+N&5SNqmwFpeaRISp<_s#F?jXB@I2*e;6q8WN?gRj99wb+RW@^3CK>~~X?
z^L~s4l<^|iNiUnLxytnhqZW&^@c2z!i2JzQ8PkmnZrvNr?o(9rtbW7KINf$eAjpvV
zEBYbWoKy78A7=L=|9A3EsbpfUva=X4gPENSKKLUUR_;KY()p>ec{dX#Q5(n4!{#aO
z0glJ!p}TcOTzcf#%nftPmxb{Ym7hE~R5MDQ{n|)B?C$(3=Cp|usPnsZa;}F{GmT$F
z8T8ap)dbn~6j!zB)c9NhQ@OPkoftGjr!X(|AC@TCXtoAJWAZuU$P}c@iziDx+C@Yh
zxy?$7CCuPLEgG(h>KvLZmyWUNqvjVX_1GU*E)bm{CB|2V@Nv#-FMres@lc71i=Scu
ztr|vE5}Z}Se7xl%X3?!4#<Y3N6Alhzb6X(vK<B#%_s2$!*Nb4^F=*2&p4t<+`;+Ae
zTWV2jM4v=3(h>M&8Qw9e+i%3-_GXDu5aoEg*=}jduUgeuO|+wBwodJ1K1+d1*U;ZU
zBsddoIE4|}KQP?O4b*6aO?HO{b_#)=M4aS_3)%i2mCHNc^Zc7*-(8JVuR4m<s@!OY
zk#l5Zk-T;OLDAAG&AV-=BWs06e^M&O^>U}FX!i)@!US(@>g}JFfJE+&rXztJm6_Pz
zUquT?%R(LW!?5%kf*SJR@<Z7tCyzTa_yv~+Azyg~qV@W3Ybxfamr_~3<nMBdk0&So
z52+ODqq)7(E@XhQRzvg3`3eeUwUm@c1@j2mqSZ%AOM`M-{ODWeaT35KXbUMOQfI%6
zlXuwJNa%tJvask?Tfwbm@V#ye)n}Zizf-U)+;=`<HJpPOnyRb?^OVvfG8I)(P-V69
z`}8^LCDp-(ZKSiptF-cD<~(h^9yZDhmuRn<{4CxXPD?XY-lR^?FwiXJK&+%IM8Dt;
zTW>;_YLifNo5J|wwApJdmMQ5|qp-8I{#>ils8143lfkg>wAAAvk&A`eB-neJ5KmDa
zP0~xa${(M`vsNCL+wDZW(f-UL3%Qo@)cITo97pp#-kpq}JqR1g%^9gWPZURG$fjXX
zWc;S**N~$6!*6YY5{h|T6SrDlHs<IlRWsxn4KGhAW<NILT%9JR$x^f}n&v{E<BXl^
zFuWR>q$inMl)Vu`5D;}+PtiM7^+22Z;}SB5t4CyHN$H|eR$OouOHXRce-fSKq%k?(
zhk>>-U9hTg1wnOm@4Na?a2xgn3`}+=g?TtPG+#zP*5Gw9?IAcMRZ&(9=yJK@3-~$P
z^8{m?>%A-bykY7`qGBcT?zgd;lF}Ex9iysZ=en`Xz_6K3CgwV5uQR9iYYjKN1|-TK
z=Z-gG$}?V6@A^|#*%;jMTRwH!FL;8=d8_j?w5XPYI6dIwzeiUm2Olc@;Q}~9<nBlC
z?`;S!%!9BbxzBt>U7q}_pbTvk=Ysl1tz1ei8wnYYn7B8kq}<h-%HNS)amGCdX2z;I
z2V!KdZ+Y9M>GK2Y7yWzQuB#-7l&7k&Dj0M=DyjgzNduf?baOAcEpe>ni5g^N4FDoH
zP=bWw5??i+)xA@oS0|^XYv4AB?TrTMi}XeWX;ofp;3bV(TFNOG1V7z|nI4*2EXPDc
zZ?wNUeVC>U(^sMCpDv_(CW#`d8BJNkVK<y3%${DH%O4+&jK4oWf>Xb5c*C)f-+lM_
z17|fS*~FfHz~Lz`Y&e@!4s_e>gH6*&n;4$%!jHX&oThFsr-VA4#N9;&Z|JT2bl0Pa
z%{bjcBifg%^waYQDqJz{!kUz5zHe*$2(~tO!@4I=`pj%!Sxs3lHbI1Ys4q#J%>Z3g
zB_fmy+M9;j#Wlx^XQkyraKFv1l)*J}<#iv@f?ZPsxhF+altkGz_37ACV~(vB*H8bW
z4Cyx{LvSc-pu%<>vYL6Ost~ec(h%e`2Ul4+<)W2Hc0-FdnqB6^_>P!{y)-XPZ>QDC
zY-kJuj)#HZFdfgsskM#_55McVx#UKF1sNIFldJy9McXfzt-KeEEUS2C+~p(TpQXIJ
zO?~m=mElE4i56%0+=Iw|8X;X#;ME^7%{423EAB9M71UgrBh-2OOt7<2?Qtpq)i!Zn
zT^CI7nE&uVH%&#f8tR_?!r;f?(rl^PfQJa0MV3^xBF_G`Z60M2$_2q?Ud)nj7ILBM
zb!BoPx|b^K;oJt}SyG4H+5u4TCg<0r`NcVy|Di|N>>W>Q%!yS#d9FJlvpw0dm3Aiz
zv~N0Tqu*oZ&pcItJ~g>-<84!|>ri)Y|2kdYs7pv4dfqqxpiR{-2@ZnX#9*a1QnT{w
zJyZ?TZ+pMC>^U%248(z?g?_tGov(L;S}Wxk;^hYa9Mk1<HCjUQi-eOE8W(u2jKA2L
zGvz7brarh>?j^Y@u3f9eXBpDA$x<U_UO>zs6k8|usEY<ut;bW46jznm_xos<i>iHD
z0sV2fCP^XO(ez8j%ItT(MZLSs@b|ifY8{9^n%jRsAb-x+&xp;aM<mP9UHrBdMDq#4
zu~6v>>L|H9J_T>g?yFUK=h;K}N^`0wyEv;dB-O_5jkwj@Fhmdyw>$;Zp_NAuw<5&H
z{`nmTPF*uk%d7&M_kH4V3PZ&kljhia2(m%y{=7=p&{3O=`WXJa9~{cHm5-z^@^C$l
zcrh#<H-n9Kpl@x)$c4VTaM`#ZgM`zvJk&K5Zlk7&ce<F@H1?)6k9bnBe{3M4NnTt-
zUY0a{2j8uh-6r_HDMErsy*Ex6Q~aZGWL^xu`Js7hJCKfxvN?#%i}$gkZ7rj2vR0gB
zA07JLErT2P)#&kKaZ6vAd=t})#Rp;&JT=4tTl61G6>(gqZ34>JfSs7!#<U6`xBE`Z
zOE&1%3P-(W`)u?{I9_V+E-AN0P-E_p!WOpFnLKLPkd4coh%b^c>+2zS<nZCG6_G~%
zvtp=r{}olQA?leG9f(+3BtI82KapZ&Ey*F0Ba-u80B@S|W3`7IT6s4S#OVn&NUv|F
z5gGBB@~os^7H|8i>O4<%Nv+ww^&6BGzI(j?Lfyk%kH&2;I(_P*&k0lwrJu_b%#9J>
zLEd1xqFEs!=*N0LaHj-_4=!l;S5jJ4g48(EH}5~Gy7?+aZz{Qbe1DX9!jy=j=Th=_
zojOLD`?w#1>5PUm;fF(X|FyVP_?lpV0UAR@&p_9GYxj$r%pQ4;zOas9`R@07@||=X
zT#;AOc1+E4$8$BiAmRcDet!Ypbi<75NKV*et@Dh+4zV42@*NZWeUg+ZG{0remmES(
zBdc#W3#q;2e{XXKkeWs=zg8do_U&PJrSk0@YF%Zs1**kqA={A@#Z#u%J<ozK1o!N6
z3KyR6tG&xy{H}yrV_9S86OLclayM=T)DN#C{N+CPAgLO=ZoD@*DO!~zRW>VtXWm>I
zjBq-|xo1F1LAycU$2CnR=-Kj4MR?((o;+?twj+}1^&y(}5D7RTOgOt)KBNhO`nF%b
z%HY`tt!0v8%Qs2<kc|5d)kq`@vhkj=LsOkg@de{Fn4D$~EH*Up*6o+sAC~Ra-47Z=
z@>oArtCI!3L>tjP)t_<tIdT2lM*Q$VNpTESjfDA}sVg_rM^nPmBK|II_QNk&eM-;5
zZ6$+M%Jd{0H1B@LUF^K{I|Fjjs#qx)1X-Z(NB(U)HWGtky{POL#e^%s_K@vB9GZ{p
z@cpM6_ist$*dOepbDsYlzN|;}UB%uF|3PcTL`XzcZLmJp1wk1*{)*-IR!rCs{nXcQ
zFwoCYuFF}I`6fRAMqGcM<Q|-EYz{&z?g(`Ln}ng_#t|!(FTAHo$QDzA*Gw^*$qf1r
zB<wm{6h~Od?~}qQqcF|_`dVM;lA-#(<%U@V&#>^j#Q*xeh~j5}Fg^$HYvpDh-~I!=
z+&tc2=i-bYrDh#6x+CMS>ak7p?WE|-j(G98uO|n+73w1k!S!~}*5#Kxm~g<%O9}Cs
zvsqS2fqm3hh@NyVS<qMQ%J#BZrS(fzfmlapJlfpq3*+ya=^7eDGnxD+u2QaRzilHo
zH`2ry!GVhcfyZNLvgd*EB)&!j%m_s8AQ`j5a`e=R_#;M|kSW>o=Svc#&@hOJ#9#s2
ze>fS(lLVg^_s2v8qR(?0y|~f@>!6PyQaKPtsX}tXf)0&39f=ewp01#JhwnCOK9NHH
zP-g!=Jjpzsr$a!Ss-K3_NYK$@5)Gu02m9wIcK<CnJjBqS>;Ecw9x47)vCw2Q7Qg&P
z(tV3Zd#d@IZ4u&&Qr`8Rlhl}u>nQU70LXc~?+D;mJUoVOTA~07^^(5e0pbl952O7(
z+5WpH5Tw(ldH{4w=l=I0?-)LjKR3@I(#encGT7#67sQGh3Wf$yNNIjU=4%IkcmlHj
zKH`78kDe4iB>w)NuOsFmC@`RwErgv#ZxLA@Kt7r8P!Kj#y71tJ+~3Ta0ugEq3^KJy
zANu*<O@Y)Sib5;KZX7fwyJ*n5iSV*xe_r-hh44{X(mOT3z*JjRQ`4h8weL5^n#r6e
zK2nG{Plw-@I4i|mK=}kJ>}I$Xp8>N2e0s<09mYRAd2+6Ii-G*S1@%ATAm$c|@0%i7
zxT73oc>3ipS<w4jdIoVP0vr#W<USHD;9p<;?)D2PC5lBhFl!QU(Pr0L^>D;qe^`rM
z{dnB37Rsze^9TjEZ{v*qnCUQi72%jaP?oJ*p*!&yxcPT#+!j_WZO|O2=Db`5Xea)C
z)klaYB#8D5P6;Typut=oGxVx`fnv~q1%>uY(9>efwonXz1mX#^5inm*mzMV0AxQO6
z!r1$Ykqa4TOI!v~w@(4Cn<TF%L1AI3^f$~*t$$6QKK@3kkmIW}!f}Vzg+0e8ZIH}k
zE$K_C?dC(zs<?rhY2UxYc8Y2eBFuR{J-6M_r{%o5Z9k~@)8X14a}6^5K0xw2Yb$oz
zj1-;}$kTnv^8UR=-(G`ddxkhN9GODLH^ggjGqBR<{?==?(!139m2d9uoJ&Yfw=Ng$
zZe=IM_xH;aChV!~{oG3T(nRZ_49z;y-UsZ?akFSmmAsb)*WzC-I-v7FvwmH2ft4hK
z3D#@3fMjaj(-;>xU0ExrK#o7mx;o}Vx4@V$lzlzDc|#+>zKorzwa7836A`fPjfdX0
z4NTK6G5ZW=<IUrXt*1c$56bUY(yL+6jqnPz?!4C5Ph}!6q$1Wh5s!xLO^zQ`%aKvu
zc@ykP%QGzVE9QEikH?B8FYFx=#fFKS=$zmZ%B>+jF}pvcefHD)P3PnlxWY##0K-b(
zE1>tybYAL4UaHMyq~THfgv#&kzNu5}cyV{rca>o!;oPM;+)I(sei+B=gic0rpXVO}
z`8b;06=9HQcGalG1)M5m={;l9g9i`N>Az%t0Te6@E8fDyy<79xH_Cs8kQ^>siup0I
zRyHgOaGVe<z`GkJ%<O+OmU&-ekMAuS0=`4tIRHG$v12F)6Q5Ah&rYh=du>hs+*)1x
z{{ENatt7@%Fo^jn_}aJ7-_o&C`k7b7Kccv+r!s*C6H)Iqf`pe?VYN|h8m&qapAZ9O
zId@QfT=rEq8l?CgJL}tZix$?tD7=;2N&PyH9@Ji7ndr=Tkz}?VV|k~f3tJi8Zgx{t
zeYENqM(T0%PQ#S2y`9ujk8&N9Ua19Nb%Q1^ht?-$cl3mkynITf<(KJ3#3~0i)3&g~
zJn3Wz=1}zxAEa-;9i2-yJ7wqQ&L||S15pS7hDI>x++T@!^8{q*1M3@hgi--rH(|7?
zRd?1a>hVZTgN%hiM*ZfMm!LaGHB&Jm%Ms6^R`2C5-|$*7Q!$Yx^jDQh%UNyBUs>8E
z*Fd+6IKTC~r&}OslCm8vPaR-!g>b56kXehRoVM!85dcjr$O|_uAlOA*2_TFw)Slrs
z+&cwEXG862cbLhq6TQoMqDqSApuv8cvftHRd5BnQgzKKxP7w1>JiF(O@u`>2*Ww_L
zDML8+ofU$W$o0Szgd6fx3)py(JGMBEt&vbQ^nC}=7at{edF%v@2G>P)q_t*H1_iGq
z7uJ+mcBK&>XYsD9-T9jerHhSz(&EgB+((m=v4rha{#X&~Dt(QSs#FE1S#Ik7`PUrm
zTm0>Y#jniTv{{Eu`?B;BFVRF{&&;YtxwtNg%JViz`sJxXR^3K+>n<gy$d;5}YIyYR
zDU3sjRfA_I_Nj}+j)>iV80$rRcHdfw&d!nIv#C}2dJWF-6f8gr4?9f1h7yiLp2v67
zUIR7M0Jz>qb_Ll#yx~io0bN1rEUmU6H#d`=xecpw#51e_!Ve-Ln|>)Ub@g(3T3Uan
z+w`Yb&rj2{glW4E<?9M@=v5Z(iq(AOQBFBN?9^GeAvTpzS!qca-W~(S|1H7ZKR@$w
z*v-lC)VWK}JfSA!-(M008wss)iaU98x^<BCS<I@&m(ArM?=h4nk8bsO?~O^SuD~s0
zDCHR+Cx(QYa7a+?`p;wCl?LinzFLrMwx(Z-$2{CJ$7IRqIgp0rz0Ef5ZI*jW7cJJB
zwj2$;oo)NxBzjbGB1qhR281T2y?bA;oH^mz?{x0dne|*s&eVpVi<&xILnfk`1#)W?
z4v`A?5UaP3NtWG5G0@V=i7(ZJ^$(ZDG}#qowzN=jPI}*aCz9k%e`EHa)S1W69rZ1E
z7Ry*=avJXH&TWHiCYysn;#gn&y`tQELE}AL$)KeoNT{SC$msgbZ-e$ki|=2}7x*M2
zRA0|DEmMJ6&a&z9k*{f=>OBU#f75x|TBmM~6s~dej+~tQiB?>Rxl9cCLlgrq7BJgA
z(BX2rZ>|W&d89VU#HCn$Yed{M@347@8;UY;$E&+1N`j%qceWR6>=#=4j~?|UCm2%|
zh~(otqO&gMqA!hy(oWp;T=wuadS!ch*88H1o%O2mb<I*yjnV>2PUKu~-rb;R`*glO
z>i46*f*)b1w#A}5zMsNK@6eFT&m5oK{R!zozISa3_f_5<h%~)alW$P<5P-%!c_pE6
z1-f*nDXQsa3d#P}^@MjyYsrc%_55sT5N!=O{%Stw8#TB_HCfA~mTRCIHQHbwHsrDL
z4t0F7c9kbE-}GVtt~%fxV@k{o-zc89?Y#~>ba|^dcZOU4>~{K?a6C@~()l7ujwXe3
zpidA5>quBVoq7<?`#srr70-Ma-Hj`Q?M-}9%682k=o(m>$=tb{j($Cp%iEBGQP25!
z+f{ORZ)Yi6wY%EI`oeXi<VV{2_a^}X8<j=ui=&u(6|l+ieBFvqKsOe;iu?6X<H3N(
zFQQAQqa6~f@;fDe1^etQ2#v@R9c`dE*yq*9Zq@g+HXJ>6O4v&+TMT_3sv1-l@2P3A
z(Q%PW(;*aQ-@QlcvN@d+uc^pr2#rrWGq^Fhg9Rnql5mG7;gMf3E}}E3d}x!aqYh4F
z9?;6N$+exp{F^FTES|3oW_-_;Sy`#FoTJ|p7az_|&r3`o#oJX3aSZ?TWU1h&vF_uE
zm9$5TtUbO6wr<=nh3KCbIgFCvSZNcl&-O;jj*la-b8oaL!owaIHvRHAb7572^6#%y
zvJ$)+$~Lf%%8<?3o}f$a6Uyw3;5G!aZ9O<0Oixd+C3&e_vd7iNJg=AN_EB88Y1!rf
z{ETPNO3>r%J7Jel0J)4&t%h!aj$B%ej%N&d#<|<IE}5`N{>_m=)#_R>yh7+fqS(ul
zaH+Qi$DgVn&7{WIpRP}e70lzw*9q|D3mGWO;>>%z1rH+!XkqGwp-mxf?F3<oYS9<f
z=}YmWy+Qr0efbd~vu5cqpK0_4;8?YV_wZ3ocGafG=?PNNQ^@_gxW!e3oeqI&?}na_
zz^UcRpYRy3GElp#C2a^?qcCwH{y}|%3hU9t*qfGC8m7^BLAxO-UoPFrmH3)AqlC`I
z4~W&nJMZwJ>e-WqKIwK92WNNNRR}Fnbf4MsUytwz6~V*)yy^A}obC3S<+gUEk~;fM
zUkIq!M{#JP@4L))E91JJ{)jd-8wkU-->iw7yp_IGFZxuYz`#~Aa|zIHo$5}OJ{BYJ
z=<5+nL>?!Sj$22@&}+HMp!wk_0M(#~fLnd!V9%23KgZ>$^YFHUf#|APFC^yynD}SF
z2NJ}0^scXHlA}9=e)(~4t^xSm1X(oYj5Y;Ut69-i`<sp#a2<|@4a*BvG)PA|o8J@P
z3wozk`iOdAXYLKk+S=~Lu*DQei07ztD4nrtQMp5*6l-$JDKM!l{@QLW*B}k1*ojOM
z+(^1FPV4`ZqTck%zLBKS*MzjFm9itNc({=5lro2%nSOe?FjqIr0=+7zLKN34blQ4x
zk{62}V9a{}{%UFflaH1pzHqc=ldAFQ4}+MNKobpSU>ifDe}aD7Tiu_}CBu3xjYc^R
zuJ;1Tc_p|!Zm9Fd`?Lvcm#hm4dLpe+-9g-EmZ5I>^HmX-jT8+3ki_Q1Lbo);T)2J9
zHla|_z(Pwy@>L{stISV4yZKCcWm8=eQ%w3(kF_1|Y_Awf=bsb8vpcgEbz}j%VF40y
z0yzU?g}GF%?4Z59N6=GmO39#JArYe(-6v1WSq?6Yd?SR!L8Nt<20L=RIO$0bDd?c=
z*s~73^d}JO+c#B5*W7-A#^166dq4)rLEStxGm#x}b1vG@0_1bIEvtSlRE*wJn0y~_
zP8Bqo@+WB0i+ik*gE6~Pz;S|7u_-#kAT2E|Uw$l0W{t&^11}Q#^fVdq@mwN+&DoI{
zdQe%(qe$@$RciI#F1E}fA;CB-F7~r`#V91-Ti9tUR&pkypum&6kgnU6BZ~JPQ{6}$
zsmybQxe00eV5-5Z`TomxKuo^zO2_~oCBu1{MWIuI>4FeTN3hq<s2Y1lFieCEwlsBz
zKFTE>W`@{iYHZ$|ez^)4hahX{SKgESBg#EW{?TsVSK*Xwfpw7o%4m6zZt)P+wj3e+
z4vPD5H0e;wt`QT$Jek#fJ(}<512k6!YC?{l)1RcPflqWharIrFVOT0D4F`GO(w8ar
zsV^HQ<%(vUa7Dlz$JqXc?-(gulyUwznIA|+)Qk@mJ3P41wZt<+DtehOW>0*AQ@$$R
zOlx5)b1`irf3|hC1mWm0MD5hus&|<avBJ5#gwl9mjdk52$sPCgUoTR=up{kDe`<Sa
z+}z^rry{xLEQLY2#@AK1XefI7Srw>JA_5%pvbQw*i+0Gp1sCZ&$~qquOK>62@Qoe+
zYgiAXE7Oa=^&_4J6F)YdL0(haLB5lx_8i37f1BIiu<V=Rj?rE4MX#>h$uexH&$;+z
zFic|m&1_&mUQ?6IY|os}dyn0n&CJDN`-mwpLEB}Z)Dl$wpO-#j$)x<aKnkCfn6ElD
z{d`*;&-!?3)w0xK$0s^E)zR5<TdML^Xz=$Tk(i5Z@~9ytEfu%9Znce_#gC75DqIQ_
z=x?q1UP&TUeY!4DtZt=mez+LrB=K(L+}<Xm8f$r;n1IO!sg+u4<xl_=7egERPsx{J
z-XZzn$=E$lymlVrN`?<7halUD{#t>fm@+<OojT+kJ--acb9cMor0WK?RdiF1u@Hqx
z0K}-CO00p?i$5=B<0$~cu<nC^-w}6?Uz$1m_{vl0*62BB)Fq*c@be8cv@O-THVF$s
z-is;a+_v`fdmMQY4a;vuVg_5m(iAF3e7>X47S}9ga;L<Q_0H-KZYq!|jPo(ArGhBz
z%Qm;CWmDGU9pM|IJ^uV#&-yMAMr#k$&ymYcDj<83VS=~M!T&~mhq}#Ncsx%9BB~1+
zlp{en8WjlY{K+!u$?a#EK9BD1SfPdrA6~g2;Z><N9e>LKI^S>`xW#H?m<5wCaYaD=
zku)^Q#T8))@>KC+$`H5N?ifJdbwb;o;Nm$>&^a3ZvKT032Q!sJH|B8)PLplDN?@%0
zPbhOg4F<Sg5e$@6s*ua<&8!i7VM9=TQNdSJ62Eks6b(znRjUYr&#3|lc?z2ZFTPhN
z>ntT)i><gg5sm>->oZjnZXZ+P%9)ZYB$IM-gl&GgxSgslXbIuB|5p59Eos?lVX8+<
zRYj#Fcus6`*GEmUvQfg9&rgv_l55U98d{~lv(cUQvYm2}r!qkFqL5v(WEA&mVO0KO
z5I7c`43a-o=EDc+JNtp-(P_e1N86|i1g4DNN^xu7Ad-Ar+VfV2l;~ZNt5pERX;CbR
zfT|dzY}oX4>}iW4v8t<++*u$Hq-Ggv)T{T3c@7}|HLeRtxVSQejzjImhp;4OYAuSc
zx{W{@>`YrsNvX#=$3TOxWF)6%XgxJwGMNl*a&YkJ3j$WufZI}P<Jmd#?{t1f>TeNI
zb+4?{c$AnLKI^7vRk-uk?W9{<k0=@V#^-2eOU-DaKSl6*&8X0ePR!KIe4uqP)otL>
zQy9IkKfyN!5aUDrLP@97RGNceDl71@TNpYXR`~3=Dqo_Nv7TmuLHfg_`x&-1wxr)Q
zgt}8SPmXY6?MED*jBK}+L1W48GpsYv1ae3*JQLm;BhhB70q@hU06ZxJWwy&H@Tp5)
z^8;l;lbtnana$)Jt_#4+`{Ixy_7BS<_2{>kNBXbzVtya~KH1aolH<yMdV!^m@D%8`
z`KhGKe=ZaXP>#$gugv8MB(JGX<TE)5$gn^A3{WBXH9e*hzBR^nnh9rLcuB=m&PJ>`
z2q-pEK>{P&W_!7Xehn~A;lhfJ5$!R9Eb1){h!ep|8e@k|AC~Rl`eR~@sU#nH>Uw-d
zZxqkJGRd5Y5vq^c**;bC(r2mX4unNaPiOrs!*&^}ti+(xeKY}DRq!I!3tM&zGw6CL
zO~}7dOG#<Smuh&V4B@5Stp0O?NrFkHIgpx?w>Yg!bF>pB*}I#q8NKr?X<9nL&IYpC
zXE$)0HKhyh<H~_t#bfWdjkwb_YvdsB)#ve_WfGCOVZO%|Iinqkoz*Msn9BR$?{p}c
zhYwW&Pw=Gp%50E=tumK*c=g~v!t;;kd4wxJ12;CfcT<d;13!OzACT?)%O~ezSOpw|
zL=l`8ovU;_di@4q%1S~gqv*BB`drO|@~PFcHJN~wOVf0uJ6qLatZ5Eo7Vxz1EX$QE
zFHHpd3PzuR+25u-6~e|%k2nl!Zvm>CJB=LGPYd-VZWlC2AaC*9q$K_k@jHaxifO6&
z@?gPc<Txd8;c1|)+f#|DYL&2~R%#Wb0=8NYI4lZ?gGOJCwxz(WT}>M|RT@0A9^8nN
zUEn3_{p9w=2dnns{&P`;qce`OE2Y}Vj~K_m86spi%1hm3saE50TEJfKnHD|v5=njH
zt)xjF-1Mh~@cPEU>Z<lY5m`uNpFNIk{Ho#oyBX7ttXcRo0_m)Rn#Lz~*i3v<PSps7
z+nQ!VV?-y;cZkbsJ>iFAFnhz^@nY`KT2@9SOH0eeKr?p<ttqFdXN~v%;T`zt{mv`B
zgGBe;@JBeF(1OG@KmQw7iyQ@5TjXg%7X11^v2lgN_{A)lmt)S~8c*m{*d+{Ih};xx
z0IY#3%Vi*i6tFSZlY1vV;5d=rzIXx;<(j?3U{LJMEVCB@k*#D=HYr6Blja<%bt=Lh
zOObaVVq$G<bEbCv3D6j9skK3LqEA|!^S$<#j+wwm*xm7X^_w$OZG8S$t~9=g9Mukq
z95hLvpGf+ZoHUuALGT4#Uk#JO7fX%aJ$3diIF)7bIYs4U>bX6GkT}7}*RT0&jtJ$L
zAen&fT8Mr8Q_uOk2_N+dWeYgM@x>21CLvicXf!CiYe7KIU<$p3_<Z0xNJ;IdzfZys
z>pQ=*rjv8Mzdq~wBkZ_2beha&I^Dsbogb}E)RNY$-1;R6CH(1Azr0VC*#ofKFMdNU
zwib8ugtjvf1b++9rR&b1GOhOE%z6$Xo0>+7mk&HY^Nl}FoQXlw+mDue_`W0==S*H#
z1Jg9L9U<U|Q)y-hOwY*poOrASV%O_9P(2qeW}Xg>IRVireFNjze2syhdRV|%NGWVL
zaC4cm-CZ+Nyn_rRQJ1BZ|2fEl8A1YJZ8==X%=dT~SjR=;GY1SD!cPfVE35B^RS$xh
z7Uo254HTWQXZ$7-OOwyu7_yeZcxt+lbu{1Lm@w~vVD6Q?)Z6KKQ#@Bay46E4c=mFr
zWgz*ugzMO8+r3qzjBO20q&Bmwr?-7)qH(++zKT-i11d=(0i=H#RKUIE8^W}3=%yV$
zfQlffr}XCPM)NmGYJiv~&-7W724?-j&5n<_kIamJ46&3VsN#TnX2ailCMZOpsWI-$
z+f^5xK%TiIxTq*{I#hHi4R{_3uW)6Xyf@4PwKfG6tlY-0djj1k!ToDEdHCi>RG<>0
zrVYWK$9$$C;VF3Lc}d#iKza)O_jjuBf9#Yr%EqpIk{ZFUpquMzJKMWJ%l-rWO^Z#m
z{^ZGT(%B%uy>yyF_MdLsQ;@u!OO{8?e_e@9<#-Pjeql}}^T)HX0o6dTz>NQ~K#>26
z%NM?fYNHgg?2;h`H6A&qW8Vwaz<!<!csX`xTMr+k<q0qvFj7+o($Yk#Ud%0xVo0MR
zF+PYSpU~_ZTa&WGIu!_M&XU5NN(3_5k?r>uya``F5_VqTKYabm-*_pm`B&@`cBHbJ
z!89M6D2ySezI6NL9ejY1IKh&1e>~`}n2;sJk<XyGAsYm=Doz-*RsK6MANWO_)WJ75
z!_46PY+4ZW_p*2B4&E59yC1Lo&^~~D1szX@bqs4VlEMj<ztb(#|L#6AR}#RSIeG?4
zVR6^Ek>6HCDksmR{h7heAWiTe1s)%Q7>-b5s&;a2qfR3n7ZbmoKNPq>?$dEPLMgR?
z6PZbhaAYME>MRcnb<F1bzE#M`Va*fvqZilMpq%AB9X+Y1`W8>+uK8tQtG`wEc#e7j
z`>9&r(Zu8nmG8+Y>1UiR7j30kCH?<7+~VW#L7DX-D!yilPVUbL)ua2_qYKDG2}%Cc
zzD!N2(Im0vf5J^!&VwJ%2@6GEW2%@kVY8<o1~|jAXeKC>42D8W4)UtW4amxCJx<y^
zFM230e;<ql2<uGXM#dbgsgpYm&ow_Rjr%e0$4gMtL(}-8dRY=#VBxa!DWb1dX2!gn
znAPba=5CGYpSnCg{O2pA11kcmAechLEm>@sl}opwJQjF#1F-A=+1kGkPkQ!OOpCcO
zmZ^+*qg7d3?!l7md!U5Ga{DD8jlW9x@nolpR<rKH?FL83GpzZ(s+USsgs<KVL}$b^
zV?Gu}zf)XfBc~>XKa62u87eE`k5PSRwglVb=U$*=`;E^){BOIUjbdQgYi<F<|31?+
zkAAU9B0vSEj{SiO_$BY}$J4+2LCo3roF(qG(|M2C#if~*z3j8@w~qM5-)Bx4I7V%d
zTk-4#`^C|W(s544l}CRd;(xdP2$2TmZxf^xMn#GbjJ!&u!SNnn7FlxC`#^7{!uRXT
z4~q}<mW_m%tP?<rQp1VhjL$oxFxkHC$!n`MFVWghM5x~$CDwW%Rat%ZH>haND5lLA
zel;oCpH=Baf^%-V%&&j_;|I^bky^u0Z4RI_13uD!iyTIY`$Z1uADxMm(!%vp<JR(P
zMZAJV=_v2wzSE{BXho9Ud4BmY>^MB!<2U{&&|Nb4%y%$H>77_4v*>~OHI>{q7<c~|
z3^);m`cmfi0i{X!@$;TMm&2>)bgR9Xd7^_)zW-P3(C_Du4+wHohlVA}^U;_r+yx&V
zO7vH{7xzua#Gg&;BPmRGlo|Gk88V!5;W_X7h}=l1FZvh58SKQ@O1*H(f3KOZTqS%t
zqY0!0YyB|wG#Oq@_!OVTflz*r-QN_Wzi{OjZ!izxy0E>jG2hRz&?>!HXk*}!GsF|O
zi0CcpWb-Ceo$-yAsvWKJVOI-e+a?&?BANe*e|Vxuu!ZTcL<-3e4jE1AYSWpuSR+)P
zA>;gEGSKuM!G^IO*nvZ!!#^MVqzE8`QiI`Y$GgkRjd+*)T<{lHG}v#W7_vA+T>qrZ
z=qL%9RaEJ3+4@iNc_1R>04)K)4`lcm2UYfJV^(3Ya+T+Vwzvxm2jv_oo~wjg3~Kq?
zR2&BM|9oJE5st2h1_LT17%@2r@|a8dXPyJ8n1JqUJn}%}|J}s@%iD<d`;gLMa;HK2
zk#;G-jqiWI`xC<Hkmmn3mH*tC!=L=#BBTk#{Dm(DFVLbynAdjkl-FT->dih7fwKL-
zZ6Y9rD=s^zzR))?f8njcaU0d97Jm5o_xF{U#QeY9900Uo<N{-cLHkHILayfE5W+9+
zJE~ebzc0jpD#hVXi1(52z@*!bKLe-KM}K%q=>1cA`d^>Y{xu5Iq&s{84}f((3vRUf
zFINI5!=GNZ_xO1;F!W{Qa)f&@fPMUbNZ<es=C=UGK>_vJF_)OXf}^-EII;h&-~gBr
zpff-pAvCWU97<1B96@>lbN*ZD`Hf{EKrv(cMYK;-@)Z342s0cd#z=UB<=<8L?60c$
zzg?C1b4RelTvWg}o8?c{Kd@MY8XpL>Z~nKPuONT^0k{(oFMSX`B%}ET{`gRO3IzLe
zqWh0ZRI<TpA3JbpS98&DtN639Tw!NnfofEHZSm_X-b0bm@pi?ivP}aN_Tt6czcbf<
zVz-YpFu6~vm?SeB1xm@?^$85Fi-elkWq2v`$!uL|ZgiE<9S+Ww(NvkX8dH{+tPWQ>
z+nF97%$YGDd->0LX7-&1QuwLpJ_dCHl9FDS@xsI*$>&G<{q?3+{IP3j68{OTQY43Z
zM!$R{L~JNS%2j{G!_I0JE&|9uKyywwKic@{cM<w|!Yw8>a{0+<Sglh&p9=YP1!hC7
z%YimOfrr(jc3uuIq|SXC5>b#iBE=pjnU-rwk};e7$Cyv39YDmopu*QQvR>PgkmBP-
zRGI&fI8I3IpC<L6(`3Hk2f}&Pc9Al6eyCQ+3*;N*-Au*!G$->;n4=?$etkU0>J^s8
zY$-nohe68KNFLqiDWr0(Kap7WQu8Su5%(1)_uzB;o8nh1P1x6Q5fdcyR}#M$14_z|
zBWn<>#lo_V8RZCL;q`)~=@qm?jN;{E2e;i*#BZ;@O%Xjlo&j@i*78$excuC)@czY*
zB!A+?X9Rt)TKn_GZ(k80u-WoGR{Rl5U+O$vzu-zT8Oi7wA|c9wR^55B2!yqbqAz2=
z($3}rA0)))_s0#%fRC%1u`=dj{(6pRE6XT1jNSL;_MSyBI(}I3UT(mPa(`<Z0{=7N
zA2I*IHgY`Y=Ok1ygg;&*Z~EgcbM70#5Alq<nprSEP-cXx=cv)xk5VKEJ4Kb-;O>KY
zB$~z(A8qSA*3)ty(%N;z<6P-4-n6(2X1Eg5aA}46{B$_UZBX0qb5@k_IcF~1%qYfV
zRpsPPF5t={LK%c7)Jp&eCMCA4S+{WPgXnUnWU1|-S;0VS4&~@*$OVCv>1hiNoznCA
zm5=;FnSKTA{TM%2m87m8f9$9|vGd|k49gX=%B)yv5)zV9^Uh0rr^0G(EhXiF+@Nw0
zEjQc*v=60#0>e(`!%`w5ALj5czLMR$p37q=0Q+<mlU#g7?Asezn|-27#n?Ltk&sN_
z>eU8JrI^XB+>`&Y%ja<Ix;*IH)KzJHoo?D0CuE-jsOqc28!NbWH@$xCd6xoK`q2wA
zw!im2nK_(sE*UKa5<p+ZGwu<(p<HE2+z;-QBShN!J^%^L$36GY-%$a3vV_E&*Vall
z4}Jp^$+<SwA!#`><X-ALLmA*CjQ@&{HbepR#61U(waRv$Uh9H0>4LTcAIFb1t~h;4
zmfmmzSP4TC2)4KsbV-2R8yL=8f7SKbaG|mZDH+*jZaV*H-#PI$^5MrOy5H<XOB|QF
z(iKWQdN?i!Tcz=irScG)vRrpxq2_RG-<J4t@6{^+69Ur$qrEIGM{28l4E+~Bp{|^v
zZ;aBG0W-aB`usfS$i&2KB;aTCV;8o$bWqgMxI$LFw|shbmlc~kPg=g+Z6DRzv1S{E
z;k{+PgZ~l0^nr@gOSnBzJWeibufTAi=i<AiD#c?vgl!3TBR=lPc#|`*j|QU(qE|{|
zi1`V!sl&@$Z@(UWk1A{L)M<vhLT*(t(A&4wHF+xXv=VPxQZ~O70-c=v04cKf*nSr1
z2elg@uwC1pyX_P^9p3Up3gA|<>_>gNjD;j5Le1LVJcM<{+Jw5}3LQ)=V`?4VizG$1
zT2bez*>#mxF>Gq^nR|z1>t(?%Z-3oAm*p7AkweA~GO^JJd=~deiAa&pu7}55{=?Z%
z_3bl#jXV%neu~2F0d|DiwRd`^pgi(aE|lS(ZiStLLvIZimy~DAnKB{;W-T8eb7Y8O
zx7ByUH?n$0J4Zq|JgursqQzBA?Rojl9MuO$x%_5@*WWrfw5Zk3WW-HZO(j+Y{oEY&
z{qjX=vxsTO`c%Wz9?Q#p6f%gtj{{UI;|cr<@bee%emhL0Ke@c0VwCcm{smr;8fQ0~
zQXQ^gT>GZMd*^ImAjjP@1lb6f(x+-;lgAa2n5YPH!D%yJ#ur>18$(|~V`$9sU>!-4
zNLn7fuWoY{@z*zoINozt3_*{blDHDk;$%15%`R+~b$M&$OUS~2s;SJ?1=`-7k?JbJ
z3*<EoX!T5<bUj5BjW1VfaIR)>V0F7Mn4#q#xffDQ7zbyGE+pF3uk?}h-o9BxHa}=L
zce(zU9gBvTQ>?%o9T-KJH>AlVyrl!7FLHVCcGfzRTICn9(Bi1qjSe2u<*{bjH&5jO
z)b2!%ZUy?Z!do_+j!)YgKA+X+ekUwM9p@*=iQcX4pcV}w$htVO#YE}+J)aFbHJmDz
zv1a}i%Z^7YoyLol>ZX@(gSU<iT7ICB*K?NCf1vPPSMvSyI@Vtr-4_`oelqHmn1v+b
zS0#Kpz2#o)Gkt;#-*IEc?$gA8&lCOLu7Kh;?zA}akmWIa{{sB6J1ogN7IuD_2N4jU
zYGuW-`*XDuK*}EXBzR+kMCLiF6JW^>UVWhIdEt6;gW6pjnRcy78mwH4%X#UTUwrK+
zooq+-9OV*P2ffy^T+Qw4^5Z$&I%O2-r$JpK;x#j$-W~gJVmLnLre*PqXgwsrEZ+g2
zeecv+Q@fzy#&h&5uOF2$UK>6qx!NWbpy9Mq_K2MNR1C3}_d**aZMG+uEiWc919W=d
z+uF4p_CGOwUzLcSmWnuI^xTcjg63P#sy%ZXlAc{K;GwEFT6Kf?&P3t(b2u}5VO`Zi
zyIpjWhCaLNx0Wd#sS_l969Z{DuMOhg%rSX=uQ%L=g?!!Ad-a>jV1;(SG@PEvg*0zc
zN+snh0+ljahQF0Ey?v+l_1n?i68@^9M>s6N@R{Gsz1|a@yHJzjm1>Po$UhIJ{oQjL
z^$yD`H+ttK^7uP*neAZcY<Ko;JSLJVup$VUU7qck%p?daYqR>Q-6~j@9DqEbfDu(*
z9%J=?I?uJcHI=kB9wzzv6;wOgdVRL%xrY64&8Xb^Twf|><M8#Ca0%Z%2HTNZ#AI8H
zErd?D-(|Z0RgOkBN8UU}L3ZbJ>K)m-2TkZ_CGvU|0O@JWrEWUB#yR6WJHZ|+>3eCR
zzvzmpx;I1O%6dAwg!!xqh>!b?cbk^S8@D}C3RUadXI)CZHuEs+mRWJrrU$A3HgPx=
zpbxz48i2LjT9LG94y17$%?aCJ6b+)|W3d?Dc5&XApLy~^IYoxusw=PRF>ainTerAB
zS7NrWfR}bn0_hTi+gWNb@9&7SKYOLVrJu$%NkXaBaYT<yX-d#-LhO#);?O-{G$hq2
zHo>&SYpkp<cdTwW1P}Wk@65A`ADrC&IjmOWYHLX&>b>n8u=IaOd+VquyY_9^MnObc
zq!g461?dt{kq+sUmK;L5L_|bD8l*+KyJHljX6S~YVL%vifFXu>H{5zZzxVyt_kGV=
z?^^Q*%5uE+wfA}MGmhgpuLihTI(!iVl1kH5Me*1fa%aq^*h}h#y3Cax4@Q3fzO$t_
z91n1+&%wOUD9)u#muu6A7agw(r}TxeF7X{DlpT3!5#^U)2BgMZJVLk3XK%6!U8h%(
zR++3%n|Ad#rERrut@9c~0&<$cI~Arjcd)lJ;Dv;%9#QW!6HE({Y^%})z!Y%0x7!D>
zKWZB5YPu&q1d9@%#q6#*G6ZexvZ37gN9qq67Ec-qme}fw+J2(3Kj(KAPI%_#;37@a
zk*kJjsyPv8zP%=YytlwRY1i-bZOPRjrZS-G=C-}$ZflqH5Pcic#}tDJ8%z1)i_^E#
zu#+#ZHHe((d;@@b6EctOv1<FYi4m09URl;uRkuRVo+^V^XWVHfzm$-F8^x`nCVidw
zz$H!vTJL>defE1;iYAtt%>w9W{}s=R7SlC-H)~~L7ct*%8y2iu0Yf7{8+2J3XW)I{
zuU%;^Z3>Txh9LuJPhxWxyS(`*kCRbJJImYU^#KB*DU=5rEdPXJzB3HxNcAV0|D!C1
zoc7ZNjdimd-~WZ|UpS-Z_F~I?oSlTsIyG~IMF4@hoZmSs+YmVjwBXZ8=||jFA0sYZ
zf@htEi`mberc>IemkKhfKMAEexVko3H*%mF(*_0~#^R9yY-hLX7t&&DudzxS9k)WM
zP{gX~+nTxgd5fcc+SMi3EU@`p>#-_E{D~wuh)SC@Fng{=K&RH(_~B(%c+x9(_jsje
zJ*1FTp;~-(q-zNhfN-nx;r6+I@VBXcb9%G^S)N`wc_xcCWoBI_a>g3Qji9LwW)yrl
zn@HF2*(+r-GXc5#i&(K2%x<(QLe)1vu4k0{`nm_e6kW2xl!9LzPH~hyB~LR!+wxTz
zSpk!@=1P%n30s(+asnmdmAK(<iT9f2L4;pc(pD4dY}&x-KA6o!+_2S(qT!icuGloQ
zEqi)M1%zLTDj?IoMn*<l9WdC3zO++TeHP8+<wWI=Q@pI9bxx=khkMuS4Ao)JAWPL#
zZD72PDQ!N}@GA$0(!`V_qH8*S<jgA1#MtMx&t|&pw2-F=Eo}Sp>54QsPkj-IELNaM
zW=a=yT9E@N%lgEk00P=fFe*Txd@&^Wu%gfB@_yYZ7(1EO+pBb_Q-6Ku?Q|CPp$g6!
ziekUOLzhNSN7s!$)N*7<J$5Jo`?P4ow$Sl(s*_dER<Utp*L})i8?!f#aIft=87Baa
zo2HC$uZZ=<l)jbs3+i5<cgGK3EL9Hl_y3yHuMdMn2qQzWag=Cvee;9C5^u$oX|ZH)
zu{_L9!IZQ5UY))|tT+S(RuS9tCUFno(ng!de>;_7$6jsd#Oj<G0gsvbYf*GN{jHu$
zD-+#%Ld&1_kCi#8c6(1Ul}wKs@Pisc=uiY)lhz1r!=2Y2gfUDEy2E2mPogu~WWOWp
z2IQ*3OT9=ksCm6DhOH%2JP(<N3e|KPUmvcP`GGM|>)$!_Y-5H1CYZh{yOYZrHn3rK
zJdSddaQX(-?erlIzVjF;A_}G}82?jmx}ARIsOHwnjY}YP7g1n}dj672VYP%1*Hn?|
zJKNuqmi>9ww|cS)m5t@tSuN}7$TaUcQDd@rk!M>v0mgfH3}!3SYh?l~5}orZVNKC#
zcn?R(*e(TY_Skn;F1q)ypce7UBjm3b0!ZV*#|ge|`!;HqelRhadF~!!?z4Rz6<!P}
zSAO|yfS~hOSIoP_ofcX>4vioJgBwBBuo1R7SKkOyyuhZr5yl?5UrWI_n8;7Z2O)Zc
zAdc^w`PoBMcWLR@aHMqxB^eEaQU41>TaERYO6t?YcKuM7Q5Js`ixxmwKc6Iy(8y8A
zSkSDV0NKZz-@PNQ8Vr9fo0Vy|PO7Dy!JNpZChpI$C}v~YZCanB@Q(QAnnEG{swww8
z-F8;Z;%~0RPqaVV0rZ*0#cmvH`~tQ%Fo;b<-%Tx$nf>lq>Ep1R7hQs?IS!_?9}hWa
zzqo7Mt0S_lunKC-{nU8tbEC8S&<NkOC#!+}Of2c#+}s;LfXYN{Eoi$6RcYPv`htev
zx4z$sE`4~{;|Y^aAsgu@wtL9M18&Q~mjg1U4K}tx8&{8}cmHYu=roS>B#Y3G<Avib
zIWBdRavW1{SSc=6PvNkB!6RY1XW%eP4jEOEVlEy7^MP<=qh1r>Eu~*2=&|4R`oU@D
z2>{~1_QGX=sL#Uq0hjZ`tiIt_{)6q|^!^#1PHvMPnEDf=z$&hlk=6sgr|cihO-$OS
zA9yb}36%JYLFHPcLvJh>2zRfc+G_KsCUD%3^A`p8me=Z4(1M}UlY6zwB8uzW5bvTI
z0|<&a?zjfOa+*MK!yqYon+hy>8%}d1K>}vQnrv_iXBitCul49B_TZ)gTocTpaiVA9
z9Vc4mqORxfz4Vjg`HsD^AT!gL|Jd0GkOQns5eZos-WG`tZ0p4B0RyJ`PbOAYAh^3i
z-AE4;P&>@+VuESplesMM?yhNv(V%qOO>4G-h~IR+e-OKr$X%2?Eg#6*#afbt+AcYv
z!|{0S1}0Lao2P<VV2URqWlktE_q7U?51hYhcG;!Odo5`R9d=)Gq3prlPuPOXG&SKS
zxm;44pYcDr>W|x-OM=;qM8iPs_MHEdTr8>erz&v4*Xlf|CI69f{5P|*cJKV!*M!_H
z%1vOa^25Q;OsI2?HWej>WSpMVb&(dGNQtJHup&;6mRNK4k;cv$dxNhOJN%!jlQitl
z;bj&?MN0&eACuoOoqL%orxHm1lg4Z3an28Ax5K$mj@a!vNsz98ATs=#-&#mKRzS^~
zD^TKeQ^&ZB>r?bl{)K5U0!Wz8axm6`(4RoPK%1HEsaS;$aTR1*|5pMHTU!U7r{6UZ
z$^4sY(gwoz&f=Yg)HpZqya^S<Ku_hrfyulbxrhAx&BTpBWy2wqN<gMoa?xrJ0SWpb
z0f`cPsCOB&KB?2Lr>o6WzdQVB*-U|SGbT1}^!;k)R+7s{1o<^!$lUj*A-Sk`)(N~;
z;w}DGJMxsneR15r_AUiiIJHViCVR^Tl89kF_$Zs8#g)V{cAe&Fx1}V^Tw4pAV3jwK
z9oD7om{3DD)onx8>Gq`*esFrS2kn=ClCl&lG@4rl9@3LZPing<BW_`Wm(vc!+aqzU
z>u@TUb>p#8Q<dee>5E5ASD`!KqUhPUS%b%3`3d$+w;fIXwCIW-nyWLf27;{y)ec_V
zBi*qjj<i}26-iY9aU(hvzq;$EA5I^*iA=YrVA%$gOVjVL8ygS3#jKNg_dV9Od#DSV
z55_}iL_X5d(X|T{mQ|rmT4Z9Q;co7<{3CqvsENv=Z5U$12~y*R^;okJF(dgzVhyED
zo`MQ;Ly9WA4N6Nxp{yDO+7A;JV?#74+V4y9gLwSQlsA^Wrf6h)$9wTweYA$N?IzH&
z>7EwTZRy-A6Ca54<_lSOapAJVnvuYCIfVYT5CbOchL03{+Vmvh{iFw~rwjmx!)TcI
zGag0nK$%sOp;i8M-S=>v3LXq&jo=HR9^@lsTx$deCy4^G$ek;-<uiw}I&pWo!ha?Q
zxUSp9bD4fV_J3~H$?0QvJ=%K?X}nt%J(bQk-E~+ovXQlv;^Qmmvd)&UWIh3mDfSi>
z|2LNauYc_19>YwJlak^iT@5D1a5C6^UBIDCzW3~3Q#s4HN!)xeJ-D}!bcZeE2I+cD
zEeUbyZLofFf*mom+w42ioci0@jLxRxHQVxBLDA1)FjXK#b_zxx_Crs0i#zo}%2|Hf
zks}TMYw7$t@!Il*+jnvn!lh}0I&af<1{m{}RXoz6EJFtrWMFre>4U5hm1@<^jkeTz
zE6cdTUs^C=gl@+xD&u(e0s$LB`v$;kP+dpS0x(>vVe?eP@F-w45OQQ<VFQQ!!bp^?
z-ue+>I^8b3ZL|JbOS#oH185OEdSo~A)FS*F>o3n)Q|Hv(DGv{s*pVZZcMd+wY$;-)
z(UdDd(d>p5=9v#~QceMr;l-(18;_Jpt8F-yCv|k}h4oJbb*{5E8&e`&3_NZ7JTmKr
z{+x~p*uf<xPP9Y5xduA>>S;cVKU5r&5dA(seZfOZv9Z(MR%$~M3Q?n7eX$E>z{Lbu
zR~&&Xfve*-IXS1Xpd<ggrDPBFnB8brzPa`B13_ozH)OQQEb04oA5G_WK#2^tAJEu-
zeyT5cE6*Yz&`26Og+zYaQ*ZTVxBc0GWnUbcsDN5V0)qu*o4WCpQZt^mkoC(AjeWXH
z-d;%>Q{F|`rmlo(E1JBj-D=x=D#gd%uI{HSW{tX5>UX!fpA!=<dHO2tvul^X<YBD>
z<w_EnADpK9q~6SyGe0hJO(U>ztXR6D)rlENC}R@Tr}}f<hPj`aY2`l`KzH=biLVs?
z4$fj8cRLD}JXj)6lFmY4!&y-}Vk42xiz%z&_+&7D2qEY0A|CufkYlS)GK-9S?sI-~
zAu7m(Pu#WOx|y&g^o-?Qz4(!4By(9Dm0)0V<R-V80U_`EhGM%p{#KU>Lo794yyKK7
zA8JIu0zOqaiXvmgd~Si6?9#<|{=zvAk)HMvpS%4>g#c@zBG;nnp$1?8X+LiL383D+
z6FQHeYL3RB4tiZO8A9vD4SI!#9hPwWw!^&*&LF!9<u76|=~Mb?03hRNwhzMweRWOz
zhrT7WR~Q&@%S(^RNk<krf+~V4So_YhgwTqK*FqN^&mFzCr_!##2|X)BpoHktbT*%*
z0T~gk3}Mg2l-rVxHq^U85Lv7?{HebBr@etdPHjHZYYl6FLUhhfyEWx=dU=+s&{ufD
zUq%1XP}?lCfx$}YZ59TKx*OgrIX(#T;HY{_A=?SQU-o6YSM_<!Ag%|cy}2g1zbcKF
z5=<wC9s&`~pw*{4spAX#g%h-GlgJZK>DBJY`SB90er5F_aZiU{ol9SOATf15T#dqI
zL_*ITvdFua+SBKS#Q<`ipW4VR9j`tg0A=P%E|t7Uj^mEV|7u5?HX19?t+(P;>@TbX
z6UqWyuyD@L#aVtJ*cv-{5<-es)@NiGBXSoceo?|3tQxkzCM&j`R^zVCMa||&tfU6e
zd=H>GjI}mB`mja9IZ=+KOY^o#^toJ3j8XX+qmsDqp`|5(e%wY|q?Q*`e>zI1uO)my
zM^I%I^;WB)hG6ILg<}#H<D{Q+nEd~7n1??0#gKLzcs^DU-7dL=+G?XMBi~*0UWEBZ
zXh0eDyiTjJ-jxKMEnog~Zp;7Yxg7vIDqf&n5pkbK-(yW}yu>&Fuarv4UD*E4T?LU+
z@l@U4!!>jMa$wF+>?J+;(b`(S>LZD9DGD;#+C*_ad?8a;{iOExYMC335VZgrh!dXi
z2}0V%Mz6-f)GZXv&30;wmTm3sNH|LbwsjYKr6y~gBIUQ?SC6>ppiuw{d0sNEyT0#8
zJxI)zue4|ql-kKr)B<_L79}G7sr27M`<bKz`egMqBUZn%PSa~XWTZoF_2p1e;~6;h
zL(A}Gt{~E;{5y;3r{R!vw&8*uv#$8(pt2wCRCcIjzr&xrKp#5F7OfXOGOxQ5Bvz|i
zNY>v7m`yBtwdK|k<ZW(*DdhB^0kYaJfd;t&z&TsVKHLJ%Jd9QO=C-PyvoTDa=tYjp
z2IKE34;$Oxng=a-{(n4g%+|c3XsTcZ>gC9^b%9Nk=2laX(Bb~zSFN0NW=;b#?GTe4
zDeq$DD~WBog}MUv8!q46cUL-UI=8yj=B)Pmq-f3EOPVGtlt#3mm|S@;l%?&qo7WeP
zgJYLNKpNb!#CTOcHNJ|YqfMzrK89z2=tCrnis-YEoX+U}$`a@fiCdmuN->9#69yZ#
zvyz9`N{nd~vL)16Ey0hw*6L(|YfW}rq_9Y8UqjD53b?lU{KfHj^&$T6!5r>}%_cmD
zJGD61D&L#nE%)|5n*C`UdvoAh>q?MtF2072o;u`zIM&?8tZ7uE!}iXe_G3(Ca_&Zt
z%^%mQ-l%UiqyQ>n88}3@BvrmYvj;t%ubyVFI0DD!n~g)qCWalUA?xOaOPp>s>>|s1
z>3JKpF4H~kI^9@zgx2JSyMP9lT^)!T#*SAl9#kc7<j4UA|J9*vWyue$_KAGm*3+j?
z>qoVwF-GPDOi@W&?Z(F&?e_DHnQ`3af>E!0pj*@GM?{n0A1&J@69^yM4i_E&gr1xe
zEO`Y)vBicEm>pA`p!l`_-ET%oxV<=fl6zZE*?oTg5Qy}Dpo9H|WzhW7uV3#u8QbNm
zYgkBU{itT}0zt0t+DB9OW%`8%S;Hai!3#Wfs?!}njS81fP-6lmvpufiF#yK)cXAY?
zFZq?QC7C0iz>BVL+@DwA(9bs^&pYC6a1`{wu(1OzVg`kyl;gpwX>Z1P7Fq#^XRTMu
zQXZA0t<+NDwb`K%BfP^oud+U!FbXo|gM0qV#h~P&3T20cJKx!wVmd)dHFiS7sR2j~
zO5|y2H87J~bI6w6HSYWV+|(0UX@lsfp4G*08p@-CBY6VrtWpch_|EU|-}ze5PqFf?
z4wY~)%TpCFsO=aYrofx%UO^DQr<Bo@6|;#&J@%sJnFJ6Lm<$J`rqtT3h&q-hGO=yF
z@Jkjhvon4-C#@c7Q11~DAuBs6j*C~$c5Sd(VaQ=pU-V6?tleY}YiKwzgWNYj#m;q0
zSt#L~Gm`qJ3<7yFQlrx{fN;xL@i=TKT&cNJ3uikPbhxPKQ>2zQHT-J#-*l}7He%KF
zc{W+Z1IC|!zlrD<)AC+E%lz_j=dNe8#_n3ZlZ#?4*4x=uQOtRylEo@Bk;1>U&*gL9
zc3PZw$Vw@QK|;_&u5MO?g(|OU1mAwTcC*+`ryrH$b%M>5PoP8^hFU8z;iSQ>P7vvu
zC36vkVti&yt|OJ8LQ2B<jwD(NuVq?=UMl1*%j|(mt@qk)YvJc5f50OJgG@Ux5oO-D
z&ih^$F8x&ek%Ib`+?%aYRmes|%c-m1_6s&G=*{9UF-H8E>0gXZ;yK2qP7DiOtE7>*
zZ~01_L;r}<3!`O5UXW|xm8bg-j7b07f~i}}0@0?3-rG{};>=e^i@=PLc#t5{F58Yh
zCyd*zR8rl(M8xQ|)fTL)y9B%lY2iD{cFot;rg@Aa&f9>E7WtV^V~clJun?oBH+iW~
zO#l$mWEB*seB3^MYPL3`dV%+*anO_^YNEcnNVn0UQMuLuiQBN#f7?xaX!m0*Ctkse
z(gS*^MH!iD{WIzDa>Jxzhmw|{ZK=A#ai+fsl90zo-h2a8?k5AZYhS2dL0fAp?p~wC
z&W4XrEw76U`=ArX%y#?2jsOVAbq{-d8o8)Oc9yxBxVThWd1(cAc$ytnK1@~ixkN@x
zCkS*Oe_d{-^e>HogZe|lnAOtSXiaE-L>6uisNTeke%9ZUN#%E?Pm8nScHJy{yWPbH
zH}nLJgB|QfkZJHRXd9>)8GZj$aCGJ2g9oDl%R$1J7rLvzOWhr5fA5AY3cBPi>^c8)
ztLC{+=}J+@j!j!N+}iNa>8YVM_~N&=*F1pLDA_`4yR42%|9Vct1YJ_|SnZBEO(BK)
zAJJWA#pYf|J<|Y1stxn?W^%Xa;KIuFb<o@BDI8aITOY@y>*^~rg@Vj$6niBgZFa*c
z?TOL;bxSrQSI7R-%ttI6R^GFP+@B=yYHTuX3LYI+SIGxjsk*lBExkEdf08yZvOPfj
zyZ=%GUpgvo5wo)?WoB7DZ-c4RO4**+06h%k^rxeKX$J=`ug#y>a>M3p+;pio|8Z%z
z3C}~pW_2<cZ|q34iP}k*@Bho$Te^x>PHRkme-%#!%#^Y_IH=c6f8|v(j;5onyM_$N
zhMu12XksuW<O8SeeA?~2Dz4*{_9feW0kq0`v+=Q}fEA3@jVd+`p%RDyFP(z`q&eIU
z0(|4?(!{ABYSgqlK-UaDP}F$H0@zV%wU-N7r&Q$>q%*M}c7qw0>1SoWqDtR?*C@i`
z=Q#vh>gUg<PlP8>1Q4D@fH!IJYEai}v{KPOE;sPQ->LvH@3YgGd3ERe>yUV-?1<tw
zVsAG&$Lq{v$=Saasic|N^l6axjfnS+C~T7!Mc0e7eJYK<&gh(!tOi7HiZuBf^vD2L
z^+{Lqab839Uq2|+xAZ%nC+}?1Gp2Eu+F7lGgH?c{g=HAN-8kj!=_wpSd+O&%n6g+s
zCR(q|goQ<$I=ZZR)<C&^--gcyN_>{QD7^W@uQWPI$fZB*J}1n}z~qVJ@z}8tR4G+A
zr!BC$3zYE!gWVdO*R%n7sfzl=Vvz7Hd;#kJaUhpb^(wm}$NB_Us`9;yk~RgY+;w_V
z2{~`QU*7WzSn4>=o8LrgqwK=~X-gh@A{fLAnabx=1WFD>J)T3lEKwp2DK&-$3r@E?
zmw!x(EU#n7as&b-U2O8205<3LbOvWfGYDTZfzDCRE6f_PqVRovq6%j61HK5T7=PR{
zy;4u|3ol9}0*Br?*hHl;{~%+u(JLi}llk}VU?Z;h&o&YF(d4$Fny1!j<H6rOTP))&
zYat`=cQnmMU`v0>S+CY~MW6{p8n?LAhHH915pJl=w}zPV2HY^hGt>x75mRGZ2^Bl}
z8pEMCm-|&xU;QjkpQdXhKFeyW2fU-lD{WX2uUmHWiW-ev^{54#{!#vU+WSvU%WoI}
z9!YI*O$!P9OBqR&$^M{l(ER7gy0g#TDH>j+1c-Mg+pHRe-_8nXPDlsrP^>}tXN?Rt
zb2ahfP*43&4jJW-wP%!Vs>fFz*S0F&QQR_0offcPogxrBQfjSTILl~+YDQJ=GcbGv
zH7Vpoe(}t@V%4OX&P$bbsQ{ojLOxo(368i0DALBQ4CQOR8bsaS21P3cJaUdOth-)X
ziJiD9bDEBC9VN~P_Z-N}ZTCRT8u8f0O)T$fDrnUcv--Z36$R5A(Ea4vfJMqiR>@d$
zJ%-VFYb5_Us|*q6wS3SC`G#iN%SMe9#+2lUtjQUCbx|i0s^WS3Tgh^Ae393Cf79g?
z`?i{c3;Pagb$Mb@bVmTj@#Vmj)Qg5$;4PfH%uxc|<8>Xe0_$v0pqtJV<%NWm*3>yS
ze$msTOe@gxC-H$af`Q$t0D@-3i9;n87cHIW8Q#~qyCnJ|<nD8|JoQM9%2>|R<`e3Z
zz)$y~CLJ5Pzmh$}+onDRQU8q!g%@l=y6x@-ni*cm#pR6(iB%gBwdoYZ>%-$2`-BFc
zB#Hxvg0>LsN1$u2n5CGK3FbF<)>ya+TlAYOD~v<~(bmlc??rTDJA5}JqRyj#a<5Fe
zE^(vKMlBYqBaqC_c%nf4m~I<Sr}nw6tvVCvh2L8lE=VwW?2^3s5j~^<*r>e*$w<#*
z2yR27*j}>{B(42$F}lt==jb)|y{b?vrXN+9mh;3^D?$LiVD&!Bn)bOxfVqe8P4(NM
z6x{0Wx7$}}kRLZ{Q5>^di_BvId9mprc68=h8Z*X+-d1_;N-_)ZOT0O%F*y7GAgtO+
zuN*bpvLySgayFt~3!nx6k~6{p)dR@d-1gb)`8-M>x*yim)MP?#9k`1;9TOsUO~}QB
zihWj6mS!GNT45)$__oZRI>pfS5dT9&#Nv~0Oi#XDjJ{8rVaJ*4<M)I>#<BlHf3}KD
z+M7A3Hwr_ATJ^vPU{}2=z4V~S`E?8Yp2Nb5J$-W#tlMxq;qXv)OdvZ$TDQPbV${`5
z#uT=w?QYqW{q`OD>8{IIZ(K!)@Lo08)&8RC=wSzIfW9!pU%Y6_mZRq~@)D(RViIY!
zIb+ooAKVojGz|^m@+z+1YNfR88x}DOxRpUxGmxcNWhKuCX$-1J)&-EFH4{d*k$T&2
z0bc|0HR<T9tsu1)TcjdU&M97)xR5L#1)+kVL_3L`hnU2w=@@SfOj&H{kmSJO7MQx{
z)(j&>#eeTEmJ1NFViKBoCrzI(fUA)?bKUgzdmVE*VPrF&6;l%(&1?r_$`dl_jF=qE
zhi#nQ)&N30GS3I0A~B~6UnA9KCXWf;uu@tpsZF`hJI%k}#{O7F2WsZ2+l<+S#-KqF
zupO^QBvP?ob>j4RV`i}7^R5cc&EF|~4wu)xw=P~~L(lSVejx5I*l?`yM|2-xY_6j)
z%2ej@zx{b`vMKXUxf-+1KaAC7)5LkKVYiKWRr-8+o=NN_g&_${xkjQ=*M_`eorzxO
z`uDIVN3y~bzVSEo38bQ%6vD1bEC?p9YZjCwS7H+m>jN@GOnieTZ6|9p7kZPJ&~Iqs
zDhu<glQ+C(GWSrZc0Nm}!@$zEZfFyGC-$xre!?w_d0Z<v_VO-)!>QRENk+lY;i!|x
zMoeFWhl{{UcG?=Vn7@PQ9yix#x+2yD7qJnMIMl&vSC2?{bQPt`c=@tQg{2xwFY8oI
zqXP_P53BWD2$vc&<(Nsmm`cYQMagT;q*;q2(=K+h-|S5y=wzA0!@Kf@fZhWmELAyb
zghw?#bCTKX=s#7MTi!UxzeAYwAj3xK_ff+^K}0kf6^v1_7!sS36$lk_TCuKYi$39X
zU$0p*0i(4VEq+j-)JL+Fo4p@=B6y~ruW2|R;KqyHb#pCRp7wdCHQ@FtVGl6P89>I9
zP^4S`^wI<HDRw4g+7W)!J8q1RR9j4`tuNexNN6+RJZyJ8`}O%JV({sUzBc6((7)qM
z5_IAkZiu#d4AeRZt2wcAK|KXcH?49dwt_n@T#@@R;Ry<}R>N!_`94S93n(Y+W0GXs
zL^-UT$XS5maRZjyW-iL1RM`}t4^lI;wfUrhh?+>Tu?0b7)GK6qq|9XAS+#x`cMX&y
zV?b&*C0ETC+psq#m8+3wt5+jVxHqf=8FSFpfPl7Sg-oY_<J99s=SNNxk~4+)7s+DG
zQ@qsU-%rU01@6aXazLOWZTax}inw-5)5*%88K7}t^meLVg|BUF#So9%=V<?hbe@~>
zoO!ICb4kE&`p_;{xy8oqFG+9x94@XYHMl!@P+N&Mzt{8AS@Luhx92x(5^*LX!A*|U
zk2jsr;ou?TEi(oDd|r=gTUrY?xn6}l^@37$X-mRFWLt?%wLJYn&n+PsC-jJ|r~&Oj
z_55XC113D4hwpJ=;Szi)#fzvm*kip$1Aqfe2h!Gh+xm)n#Q<9sg2f+K7h`i<$zeps
z==4YLiH|qgEO{RCUU9@`s{?RLY?tHW!|mBtB1gqF+le2vG48iSwtmSWhVSwrhP#9k
zBG_eU2~=L(@#k70^=IwJv8ZEmlA;)U&ysGpA%<PGlr_+#8_9XqR@?kby?JC&D>&4q
zSRt3P33eylMyVSJ^I0%_lgcPS#IH%l6r-!1(Cc-jD-~mI6F9bq)?U<ZQfnHvhn~qO
z!y11tg8=!gqxsQ7`3-^wpVVrvZl=)EtHG2dB)%VuZPv8ILAeLp>emU!Gz_(C-UGR@
z0%qKb6B~XXw)Ki>$wQ33s2ELGV9@TQc+E{TpbH_t^d${AI*sP-hx5A&=0a2cTzb(R
zFJFa|!m?8k&_}jM<MockynHbin!aBD?BYq4V@$WlceTHbl-JrVBp=$6Y;T$pvmqv{
zA3bdVWm(hh^_%S`lH9jhIKDHIKp-5tT4Qd}u-=HZjpMb+4Ix?_OI-7|L{t{o=#*2|
zCk9gs@!Bkt73m5yTqL@8kx0|y`me_XchfOSO!QGCibU1*`lgsv)l3Nr)jKcWUHRv8
ziSVW6y|ktlwUZmvg6+(VDTxjg1xUB5uWu=YoaI_O{H(>$JhWo|S^9g3CW*U+MXAD_
zB(DvHAyf5HMq^1w9S=voJ~qw(12kS$<~VYjcbCT?+%K(99U2UYA@${Z>U7$ln03C1
zdu;sCW1L0NA;Uk<ipg|VMpd%V{a!NdG?PVzr(8E?4bfAmmA%Ae^Y{P(Jym1IyYefr
z2^DX3Et6zNn`W4=p{-g>%8uR6UKk(;jinp4<3b$mKggg8II-(hP}Mwb`9+_7UuADE
z{a&M$1X?yB-Z5$QqY?>y_pPg16<j{7M5J#*MKF(Oc@u4-T;eupLjnrwYzsVSur=d!
zFNMrk5bcPywC$yyD%z46&&+qBH@?|@=ofrxx80p-64c-37e%O^O68x2?ig}bUMV!)
zw^6%~bkXZMJ>D}=H{@~O`CYygpijVR99G%KrTdV1_(S~>8s5)#@Pww)5NW@?369~%
z8iI+Pu|q*v$avBF^qw7>;Q!&huUidZ>3<*NDd@*m8Y1q}-Y}9T^L!h@{B*3!dJNKf
z*Ph$JpQ|4U>O<a|ZsEh6S85m?MN-lh3M@eA3K9CE{xB!Gjckv3;*i#LMjW%Vzcv57
zz}c^zc4Ty*$QrtBn{;H-&kyQQps6#<(!V?Y{kZ|``}3gA06Y)Gt91x&2yvTp0}Cbm
z1x~!FS8#<x{!h(^oF2J;`A4X#`XGym>cE>6T)({ET?l=ynfyTG-S@rkK{5^aKe=f1
zzdTvMT6Yg&fV4u{ltP%8=rigkZ^G<-MKpruW6sanYxak?M}*&SP_3W^yClZ$_$Z|&
z22mA7Ubqo<{z<?7fG14(;v5?-M|>#%+{?VEUmAyZA9a8ra<4UM(-T`!H8NDv>IXNJ
zyFf=mu2@o-yc=)pD8KopUQVYv2Q_sp2cFPA{_2>b*s)3UCna0}OT0fEzu!(D`qFe3
z#^Z*55XWy{5kVFXf<dc^MCW3ww%j^3`I}bVS;_7!@+EmAkG4j~s=XwW0IohKYmLk{
zKlQdZX3V_58+EZi*?lEvm`;lwYL6f3t~4&Gm1`AXdAEw@038yc4sRoitOIMWz}1&q
zsJ*!M2%&k)Ts!pERulStopAn0&31Q}%DUYo&xQK~_<T1@)~?HD05#2+66?1}wuKYm
zv)H>rD9r#Fb9WJi2KfN<v(fzF#ZtsN`_-5gM?l!Ob%6#ZvPX$6B@W2Wkl97b^Om^P
z#WhuM<|DJ@;^vYS5IsX=pQth+^hque#WK+_jPb=iEl}Zr!mZ5omJIoBNk;tmxpo?t
ze9`uWA=WjFD^t<uM=ePJ4?(_r{l(#u&Fj7$t7YAStZNRMh4Ip1m3TTX?9C7%`#CRW
zz9?I&dYu@K<38^@7kY@xPAeqd&b#h4xBspTnJ#+;_azmcNTQo*_TTPNG#D43U*-)K
zj^`cVUGbV3=Fu>aI#9-{jV`%s+8R!e7!H_Prb#5}=uFXi??D)D6}vY8mpZ`VZ)3$&
z2uj=!HH}H(HgA61AtC#MjU%Yt6y0`|4c$MO>Ul}5uAkmT@_r&xJh{hk+j*eEc2fH_
z>F3>?$Bj?l>1;{Sdi`?MIT#Ygx{o^+N{mHMZyYT1RfYm}!s_M8r8o~!gE;G}r^lBe
z5&={W+0<f2HK8e8{La2xy+HZx*t!0L!|mZH2?|p+n+ZMMH&KlX*SpENjt)9h4~(a%
zQ%hI-=GnG&N_P0vMQt<MLQ`Ig88u1ygEYRB#^K)6#vZe(wMo%g^=pMiv$a$gp>3eK
z=ap4wU#<8zTKVKi^Mvw7k-vil$iT}U&-0wQ=<^SOZ~8SZmezPCS{Q@o6-dR<Fb3xo
z^jTsKXNw#j)c6}&1NBj!;lXHR0;Dm##&L=4nW&~1pVjb0^|h(ag{n>#;=#$cm4{7w
z_u0fO?`Ck3=ofGPy7D6IT_Bu{-MPZlC}L-K#DKGm*FMZM;*;Z#i#GWa#dChqO?4ZM
z34OV}tU4t6Gr`hIn&KW})<CK!M`VMYbA5iTa{8xcF2sC-{=`D}T~8oTcjBr!;9w8V
zYr$W5Ri=K>6iQA~kNfpoK#-LuNwMn|UuI7?w@o!ukwa<4RW4W+#Dmnrt|ri<!D1k(
zKxYA%=C3JQw;L3X9Y#fIN=EZLwvqA7Wx6&2Pmm?+Q?*fi6nOU)RrbUOy-ATZG#_<F
z_nb!GPBm&|&sS_66K1R%j^CwaFSi_m)vgDi_bWz*C%!%ju2<f_XA`#MILP(wQ=3%$
z9Z6&17NwXUGe0xn^)r$^X`!OI)*tTlSXYmPlzJEJWO(ALO^C@(M@}0sSCDb2Ci}N%
z)r%zHDKjpLpKp~C|0OFUnkSLvh2ZwqH>dmM_-{NZaO2EN{fyu+K+XWa21pQQUD_|H
zjkhk#BCnd+%oVQ}%`Up*7)M{tIH)rF4lsR7`5fu*H%wL1)iznm+#e`?ys+WN^^)c2
zMxz*uCvn+(WblQUi_5P4(&!&M%jkYt&gk%4w4(s_*6)3%%5}>~U_N*N{wr|rmwTyw
z!VQ(2!<eh=W<%(Wg(`DJZnr|VH;tXae=hPlhOj|lCblSzIG<OtnJ<+at~no@3`TPl
z&D+{9{&NbSULyVUROK?o^RI6YSa7Pqx|XjD_TMzOPw_U<{l%$w*E(ccyTTIg<2?Ep
zDJa4LUw9h`A0Z^QK<0@s$#Y$CrG3yWvaE7&^0M}-=1Hx@h2eG0<THFI8k|<#2@m5M
z0(^u`RZ^mx8NobtMvlntVgf|w^h9GB$y2ST$U9;6<|kXUEISx-`#8G8s+drV<lO&1
z^#$&qAYO%uTrq}jdkd=f=$Ge_qQ8Uh-I%d|?uW1+wNLNm_y(8C*Lp_#=@8xXExl6A
zuy{+p^X{}--dGUa+kio~@wmJ8r#_HWI@)SW!FUekQoh_>p}aAn15q}Y9edLpvU))3
zlOJ}q^?1kSswQ_${#zvWCRkjZ7t>_?{U6xZU3MIy8Jow-G&=rVYR@k5O};JD8<#?z
z0W08&X2&K>aj3x@dQC-&i?VsTUb`2xiob2jhQ1lAsdSb{+JrvNRLUD6?1^SrJIwW2
z=uxD--eBgStuOq?&V4_etumLRD2oCQSzE58kiDzL_UHb~M_!4z+s;&(4%ZN<et40n
zUG7`IJ1U{#MpgJVGp{Cm-t2gRh^1A~s=9CBc~awfa$sI+i4;rDL$%%~wLrZPDvKGr
zu_@Z#o%P)SiB0=n^$4XwbKSbMgP}i9gVSQHG+Gt(5z}4*5k`NxWMOHb&*dLHGP2OI
zn`_NBq^-+<8k(A93nY>&sfRH|Xn3Dy=6`iOzxsKYIpB2vI4a-w#4jyr0NdX<l<i?l
zWIo(#o32tFR<6Y1O3W?!$DL(YpRc6v-<8N;KyBJIKBpc_H<QoNE{L!27S9D)q~r-u
zIQHf(Eb-Aq7aZ-+ht_cC%{>16c|{u3<gD4JJ-6}QKybzC8loja#3cJ}Ph5)uwL;M-
zHarw#-Y`OPvAW6@M81QC4gOmsWvNF8BL-%|m8y$92KN+&A3Mqi5>_Xwy@=B-_?fCw
zGbLU+^<wwgFyE9NOMynbceK6faSyImjdl1@!*6M=t(KcPCQ-1Pe+*rT@O-1lV6T?Z
zwRCUkhkgH;Sj7D>kWpGC{I#Bc9mD_m!)<ck^hNPWo+wltPn6BfU6?%&_cqwpvy<Ta
zS^DfG_sjh`$$u_^e{X~T{O~F0smk^@%T((TC5~K(uwO6IN!O;+Q~ICK{aX{!S>*mS
z@{c$A8_@q7+5h{)93Ais*(^~5y86ay$jmP7{Lgu%ow0uw_41q1c?v-C-+obTeI*&t
zjk%-dVDU{tpfJX)@$Y-Pc<vvgq+^R5>}3Ds;Q!~VIZw>(!T(4@0u<C7^i+hUKd<mT
z8se7Hl@us6`_Gp>KL4`#|MJUJ_4HA9VM+}2z5h3l1inR)J=usoY8fq9NcNv+@jZW*
z^#Af%-d0Gsl`1pwEu8K9qyOx?+}XZ!{q<n~fBU|IjwgfJSFrv2@15SA`|kht^fi#d
zvS}yu9r2OX+VKYw|3unPuRb_C!paPKjj*5Wf1J-B7yCCB|L2dtp5M!HQ>su(R_A)Y
zGHmrUcI5wJElNxpT&FTJop)i+cQaHTjxr8_U2^`<`@Mhue!u>g?^l&QDvONL-{JUU
zrMnW#0I&-7u79oK(z#VI{g;RN4NPK;<$Sj>rvDz})bppw{x6^AY_}sSlqzo(S)@{F
zaB~~{b%bBf9bwmBNBB3|`;UG9y%(y_+)b@^s<76|5F{*@Mo&LW$u8ipdENuQ1cZkg
z{m4A3i9g%;zi-u_{d=l=B_bY2-awLqqbMYVi#=-I(rods8Inex9iEK1|I&4-r3x3A
zd>&-ag}m(;Uat7RGOF@r1)(vP=%_ofBfEFoSsbrKa{*a_iYNabY}}V;hVlK(A<`Gx
zq`e4PD1x3ufYK9JA>CKb8(~ic=zm}v6M3$;-2Z<Xjjsa;49*X#wy+lPB;^lYXUO?G
z2>d1?`Rlfa$u3Fbn?xz5!Xe<sP|Z`<D^o<Apy55BHnaf)G>t^(#$KGET(wA$0qI~S
z92Ikv(>`{21H>(t>*nh?p}iyt^0p(~XWz8S7W;EvF^<_a<C_9yWOOHY4++zfNm-6w
zU1hmtMHZ>iY*VNy7*64KLshwE;p+XT3)Xwbpxen}GL8H0p*abrDDl%B-z!G+GmW%o
znvkFeRBl=jvWFaJa<s<Rc^90(Yr}$1X>080zFH!+4eRq^Ym_;Y>eecL?aKy~^@@bI
zLsmzswz~qhxQRdYi*YS!diN~4SHAH%-D(5#x-qK`8sWt@(IyS9r!jT5&wRlxfGhW{
zcl(=oiz6v)7w{nH*-2sIH@Im2TK~JVpmxWf0~EU$rMu#Jc(7aupfw2tJYmz}d@U~f
zxrS1}y5X|_p8R_tD-;ka8ZE}2271Am8MBh+#SiFuvlI;mY_XcDq6a3ai9oRsDf=U=
zzueaA-Ol<XB9nueIs683>r(Wq=g0{14;RAACihH!6NFhGjcwxI_$B{i<G7f2D%L8k
z)4mE4b;Mb>>M#a@9$S;GA!w5|)N5MjHYc_L(GTXa(ZCogCMwx@a)_!&6A+CRL2#tu
z{53b8Ez{OGavD5#5YZ`z`fQ$H9hOaFV>o9+o){unI^4HT*j*++T?)T&gXHVe)FpAh
z&sm@^m`W9OXCD0BKh_g<ezjj^etU2@ud&@z>1EzcwTvi&R5H04AWS0VgPYcAa&&7-
zL1;<KW!{YdjU)qjsVTH0iuo0~JM_jdl`n^0Ee!k?f|qD~_yT%qFQnSCAE>ii5fW%T
z2OLE%oAL7U@81<*`31WD_kMYXp&AWhDHc~!P+XK%I*W4)ts#!k`gTHd>bO12OWqp+
zXjg;9l?0^n;!yfXV?(hF)8Lbol6_DFX9a4?oYgqA(8dN##j}GbewkCI6drUe%ShRC
ztPm;e<mPrm6PC}wC>VtO#g+fm$q)b5$y*OQu7i*b`2+gz)qD{+pfKe=T)oDV>{Af3
zn@m&-mEZ9#wSlvv+Haj6gs$4;D}nm3WzkO=H}pbBj;pfEE&gvIx(*!=c@y}iTqUpF
z{7uUvn`t0<Wv28FE^>FIh)q%S;29ekx4kMdO!8K^enWSKmSQ4*-_DY>Ma#3KC@r0u
zbn#CI_eQ*+9Ne8lVk4%!wpE=i9U+uU-frRa-GW>jLsyQb2#{NiokM)^w9Y)~A}<eR
zl8@fTTV1?}&gwo}CLM^LhBFs&yr$8WS)g<u4X_UI?H)1nP`s_SA_zGhWRY-c#mUAb
z7B%+$80gJ6Rd8%fH<g$ufR!U7&yT_|5w7Wnh&gGXfu7eX8U<5j^25FS*D{{oJ98YW
z)e^BqVk^)iv@GbRm6d-jUju03Hxm>ooT!4TWY3*GDTi5q@^rmWhZzM|31xhLp366W
zN&i@Lv}cN%k81e7uvU3-1G}T{G-k4rvRpDUnTBr4sc$b?$9&+?*{-nYPxf-`!h}dL
zMU{oLloVP4C`h_;+M0Ds<KYUcqo>(VmKs0@d9UV<Z$^^glP~^w<fZZ<A`+};cJWw;
zKc+MA%FAz_MCa`g?OZtO37)C3r=-7w()(bkzfqWy;fPW<Z=k;!Ew@=d7~IeSD59Kt
zwTUq$j6Wj2?_R`tnPx-TG3-<obB5z+)T<xWED~kjNN_5hu=_<QrEL`?&o}ujp2y0T
z6F|_O&cFyRqJD`S{-$>}IK6jzrbxhxu(rzQkvlm(VwY{yq2o3e)o1XLFKfOf)c&}Q
z%8DSx)hH7H&LQaO({)B5j9VE)11PoZ#<SsyBIQ(2n_l#!Yf(K~h9WM^2k<}^05rbj
z`A@oifCn$d+G-DO0oGiZlQke9Syv3Hqv4#;cAy2g0Jegu?3#0Ge=V0($AEhKLD{4;
zqGQTq!+5+t)w)uP{Q%e`5^&p!ZF3P7R*W92ef_PCvma4Os&Ou}Cyqr87&53RD5eCR
zrQd-rDvPHl8~5v4U5E$FD+_frVgR+pv)(RM7&Dp%269hFGj|q1;VmJqqlN+SZXv#C
z?F!y1T1x;|4{e>q3h^rP>5F15j)x~`!AOkA=RsszeCXnnJv{&FqW74ZZ+l+1KV~a7
z9@D>U6yGSj*AvkIrU_t@#w++@L6XO!N$K4Y@etfAiU}SL-rA8@)>6b*iWv}33Wx{^
z-cOK=3%EV+$YR%R_1?gLJe`H(mh6hO3w4=v(m0qty;YgD8SK6J6K4{h<5m4>15~U~
z0#`QLx8^q#^qLh0F&Ga8Qnda{;!(#iMZ~?FDlgHaP08inR6lF0R+`tlb#5<=DX!)7
z1Yrm9mHX*vH?W3HAGUZs_zc97Ki$CyBoU;2+k1ICE)7%Q+4g|U?48)b=2K@|y|i{!
zOj4Pu=>E**I8iV6-%c9$Q&>hFLRtu27TR^>4W`NJ97gn9#!J_HmlU-P;Ex%k`sKXp
z!g{j5K?#J1+TFfF40><+)kB`x_Sy`dghLYCkhrh1%DFBFQ#b6XWR~;-3R=?PTJ*A8
z_OTu*%#{GNK-NnS78BqwpObL^6t*Wl8*NBn`9Qs4jb9#f!D~XEs-j?`{;gPtyJ@YD
z8pq^&jo#_L^@cObCSG#FRBxI2*(INuuX_-BlUi`lW9-Nqp@W%*R*0MenRb|CkBAP#
zEyc6D;i=LkY33*pO=qB0QmM)(?}Yx1%zoTHOTaeqfZN>f;t6zGN^+4&64cSEYBf(D
z(`%8o*&8(`sN-NK`8rkXfRx#$M+?*}XHve3<$xaHrtKU-Rz~am_M1NzoY(`Ma1WWi
zb#v{jIehD4X6V^2zUip@lD14~kDPp7OS*Z2T}_~c@~CM2=&BM5Oo51~P#mmYVV@4s
zP*E`&j;1kSXruqa-^4;{XLz)~#pPrf7&4#f@9$FQjHB&e$9I|O_#*+dMLP~vA(7!^
z`XwR@=FiU13TUcP!}{*W&2F@?SOd>+mDX~IPqjXJ(it@@|3w7DKaFZ>d9{%2u`ZpU
z+VbG>;WL2Og{Av(x$XQ`Mvq$+W#~DgHXOv$0RV&o?=(my@~6d(uAiW+$f}`hU$ghN
zdmd01#~Z_!Pq3gE9sJ$>BWO}(%83GNKrcIrZ(yx&RuCB;N`-m)O_<jtKXmE}z**W6
zmU4bf>uZ90rbD6yt^379xGt-AYe1~w7%#41nO9!zUXz08-g6}d7KN{scGy4zosnEM
z*52)B$oBH*4UpPpv$Lz((^T~2x4n9(T;IY6Vui2)1(Z<{2ybKyp(nMf^%CVSncg2R
z;o5ViU+F3)&a?>&L5NldJTlY+gABMH&RqVYoMub@XyEokcC_6<-NaG1Rn6!}H-!L0
zk{z0khmQ9T)kQaOVxy<M@6fcv3#>HbZV9bE;$~P*w3mAy%CPk_;foal=T2m`(@jA#
zsd(TaVb96+OvD}?GzI&)V}uc1u=M~6cx`YwgnW*I^hFE^itXsE4ceEyB2zV|Unygy
zNE8fFB#Uti7-HxiP%$`p(BQFGnP1LXGgA(gOsyZB;KQ!h6|MEyQUyoSc<-NfN)fx%
zWWB;FyFRzci@Keh^Z<pdlx0{v5bXid=0?%KG%ukh_c|ew@ByEM!6E|#+lF1<vemxB
zn5GcEDW)D#tlV9~5f)mg*p{!r`6c+_q0(=+-fs@oWU#kx)KPc;6ECHo*9;^`YCVs)
z668~FRt1WLI9%Z<GVt0ZrQo;w_Sv`!yH=Hw2msmddCG1VS0W-FPE+8`gmema>WshT
zKb;HW{Hz_3>;TJAR}R>nd3_MP32M|jc`~b#;=$5lS2Pj#PVsq1f6#CmluT%f`mj>k
zl!p%%>Iw1O*y<MAcnR2m)>OyyCqKZ{ZU1P(ND|rDlh@x>OJ&Buq`J}HhAXMaeH*`+
zjaK**!goi0a_h}3q`I#kUy!Y|RLj%O(=MmJlpkMIyCPE;DrQ@we13hrx+-+|J1s+}
zYT%U@&aUsJDnJPset(ge3LeWD3uyg_2Wyw*rfA%Mr>b9E8(DhPcQMac!<*^B;2i!i
z21VJTsAqgtxyFH1ha+mI!96L>2vLwQg?t}Wbr=5K=A?p6LhJ*PMO;Z{^W8v7NPUU?
z8U5?)ZfD!r@jajVW3pklunO2Uwcz~c%pW=HH|r068@*(KOH67U>?DATgZE?h)6tV~
zR)YoV1yT4en{UKzb>Zv#->${Xz4Rj>-Vq4g2G%L(6?Qw*#~rIdWMj!nv8DKrov8e=
z6M7#_HKcoTHkCI5Jb|?HguRqjg=MrCZ!=LlB`}O@^L?+)J=|x0Sao{rtJN7~V=x$c
zcIfTB_lwaMl)y+r5u!?SKUZ*RV}2geuBn;l392+`FV|h{X(puqm=y(6?stbf*VG);
zE>%n!rVJR~x!NFA+M%1>7~O*v*D^(XoSn6)dc;Ky#_>1+5N=i!V_fS4A5hM;OdJ>e
z@%2}Md00s`r4PVYwo0~PDxtJKo`(SrQ;lRMa_goGm|4RY%7d<Lt*Ob%hNkwYl`7gw
z&V}v9EmnkwsO9M=7_(ebz3DYtA(}81GHe5_&#9Li%NIm!R077Of!v-Z*&W~sEnD|1
z)~YF&HuXJ!r{cha0~<<l*5=!}Ep_e_K*LNL=3JBWT)2cc1f7K+7mPC|y^VM+S9CGi
z#kO{tL8KfZw0_52%<cs?@vTZ*xz%}b*Vpp~i95}cHwVQ^`lcuH>~VC@ckhnwMux`#
zkz*ng;lC-ruM<py!hp8<y9Q&|WBW%A3)knr92}G<Kl0qaj&dg>t_2;EsJMFS@Y<>F
z>WAy&6?yjD^>I$VBCntNpgyb6U(uTHNn-MqokJDYsYmL#XoG$rd;yvx;<C}O*A6lf
zm61u>QGNlJb)i-j$NZ;+zwwn<X1ioV|FMIE_ebyL*6C@YwyGwbtzgvL6DBSjQ<E&E
zy)R;Q9qeH;W9)n~+8T>YZW7m+CTyWzQO9>KMoQaltYLCMgI>o<M2&%79xKcMaoiOs
zI@(vdD7^LaaueVInMSoQWgaH(<$3Tmz%u}5?1kar^y1^`YN6IP(iJYs7~ab`x485#
ztXyZvNZkoQ?A<f`^(lN9O<`}|<E{1j;X4mfLs0CkLZ$dIcPF__)#SL7pc`RXJ>rF)
z<3CJ4l`9_x7$EK$;EQi?L(QcFZZXO%btl<4fBhhN`c=fEQsm<t9<9s|<h>@)h~UsL
z5c#o=N@22&uznRSHf=MCr6Xr-C#+<j@P6-kG=6vFeY>x#cPileIIQF(t(w-00i^h1
zdG<b&)nIm?%8)13f*yB;(%M=>o9er4aP%WBC@XEkVynEqeX0i2;gA5~Q~7*$K5?pn
zvw}m_{u10m_idj)Mmws!{fGR9!?q9vkH@D;I4kXuL`}`18E+ikP}M!D#toeG4wCPi
zcBs$w+tHw1EmROd6)c_1MVo@pN6Y-?hgW~iwnYxXgk7T-jWN+LjpwSBp+ba;lEBri
zIo#tHJw4hsN!9u&DLGn_4{u*XaO`=e05j;T-M7(;L%a2S^qSu9NL@<9gfb;I4KsIg
z-`I7+-uS}ZKs(8AYaroyWo=`$4gC_}^2%u5+XY`xya03!5_hM3L!~&YXD)4@=%~8)
z9fdTpTIytcXfKX5X()Y6fE9-R{vMP8Ala3fn_QSq?mYIeq8hVrtCa{_W?X&9js0wg
z(PGLqsRGB&0Egqk)!5H)>azoXUGkp2zr&UZbMADpYN~ZGWwz2S*2gU&f3*MxKFdk|
z$xcvAXC<!Bb-hSbsDWI>tW@1K&3Co9buF!P_UHv^G+>cikkqxrX9EgwF&4PS_fA4d
zWIw5%rjCK`hL!Ycg<Ut#Y~XIFA?f?gFIvPU5NM<G^sygp`7xHDIEFrm%*#R-k`i6J
zdh(;yM3`Ypbu8wyiSzg2<}Uaofp#M$=fDCU`X*Nm!PSRRAHTkKygWe<&_3PCO}~WL
z><K3v($ddjCPov%-N9E~v73yBfYfJNSu#guvNtJKh^LtdNoiZKDHL6T5d>A?aqv$U
zdZA)`&>f6$07o=Z{OLaTMQHt{p7TJR?jv#MxxfsAeZ}}E(qPt|5evTa3=1*pxuh??
z)tub%6Lw#LcNr~l=E)X{Q0%(yJO>sRLV{vB$xi!Hx|AiKz;H(3(L)p}?Wr{$UwgkW
zaE(JUJ)~dkX#CoN<#mS?Q;(RZ7QyCIwq{-vjGb+_r_32d2Y)`Z1!|0|0qpvCd&Snc
z2l+P#GGUzmn`J~46ez#AEpWSs^T*|;(GnNU9-?XQI{w|pfqh#apM~&%kc8ttjLLlk
z!XwmTOnKvK7vli0HR2v;mDeNZpHgPIa?Ws-3_nUn8EwcI2Opooo^byMF9j*X4-SsI
z@?vp#V^z2ZY=KS91y+q*H8HN6w=QsAoO<UXlx%u;eCaWR_+9EC95p86i4c3%CZOnG
zy4cya<{fo@(wq06&VxH2cPH2#B-@=hkJ9MiM%?XaMr(uX*v1aJ&n5M`HaQfTKF=(;
z+etGO3{#|;de#`dH>CK0^ADpD#|mLec#E)oOx^bry_^*VjyC&|))V~afs#tc(J6x(
z=gWmQVc0emRF;EJR`tFxNc0!|h76r)eHaw#d%QJ+2x@oIwvt<q8@)Xd8L}DzK!nid
z=*FI0Sj60%s`mPMrf}zye=-g}OS6IyPl@uMF5j)sAzS};Vsy{z2_Ge5H%|74xVUU)
z)rn*{H0(dR)`}8M>^X0EfAj=yFfJnDZH8^pYl>ACB?o!exd1lrULy(D%^C3*Klf!?
zkBaKn-7SXm;~G95Dc^dJy-fKzNyk>Y>ZCNhGbMYs*Rvk+4OzFvCEs{&`d%cqP{&?_
zET8;Z74o_!`99EGDaZbecZel+Q7#!3mp<}1rHE==A7<zz0n=w*>m|=?|MBt~-W%>2
zEN#vR8*}ytcB>$#aH)A+An3Ud1|ZYE_Q!{RVG`dUs8(!TjL-XDq`d`Hlw12gd{h(!
z6%YiGR8&S%X{01X3F%I0Y3T+50VP#Rx{+>%1_i01l$ZgAP+&k9Lb~DGGb*0nIqzD3
zzxQ419M>!s@jQFq``&k4*L9;n5ZV4Vu|_X|(xGYv?tqE$7kP+oCv!igxMmf3_!Yt3
zt|s<sj~Q7ezP5rixV9gy6`+M!bkTL1v(wZZD7JiK-Cr&>ZA-M-(B5+E1)i7H*UboR
zD;+$(@7jOi;?&I!q*1rcU!=51ZI+Uru=2OGSq1{E#FGu=Qqmp!h$1T@q*XGAlZU+4
zBW{tat$hEM9zL=WnVzu`y=Z5@=GaRg3RP+7os)62>oqof?oz#*mE6T>qqvM)8Md=v
zI`tLKHQ}r}(QuH@LshQV=yl*Rfh4&(YM6|ERgLw?h!Pih|I$5$_`Lj=?9q-Cu6wuZ
z^4?!0`*1|DQMrNh9US%{7X_md3i0hJ1bI_~P3g;v72e_~(kxlG@Icp_)dwG!55Bdo
zY~CmyI6MTv_P61Wd!@^SRN>!ye7M|7@;^5D)5a6}_EyHEeGeK@WsINT&T$i=5uO==
z>nG1{jq`u@N|+UjFQ!=oQ)rFvjDq+khtP7ldY0xEE9=HZr{?ow89+k<j_!*!b=pd#
z{chN?hN<#>!Nl?MHiuqq@(@aQqc#1m>*&=H^$v9=V@=2&@s#Uvgu;$#T4dAtv+8;8
zi|Q|^z$YK<1KcVLpwxSsQ>&_ryuTva{7Jt#LvrfoCN4cQ)4@sji;ugN+ixhy)UE()
zZPHN%M2^mk{`H#0k&1Z7@Bl+d=$#IqFNg1w?pBDmhSS>gx*v%b1o8+AUijsD3D~Qb
z8G}{MSYk3}irZhz-RHjs(njAglqwiK_P#iEJ2P6-!k`?v|Gk;8wPM3On3kz-ZMFv8
z{Q!qQ#!LK@P<RJY+mrRhKGD<%T-ws5?K;&hYquDJzERIDmtliomSPJ8+@F0KU_#hc
zJM7sthlXEh9DX}EabxAyyM%-rCc8Ht&DPWQ8@{wvOWtdMRZgUYfcT^Hw$xEOoLh5?
zZc77d`f|n(qhgimx;A6Ng04}_gPWM>ynkf1m$wxt<0-%#pMe}GaBkSsUkcVvsAHe*
zC$kpr7=-V@zD5zW;nKLIC<H~<7&!@gzK^3`*2*6~{8~qtxpgBZ;|+Ofef`#3GR1ax
zk+rV!?srzN#;uZPLk0(Kx0%DbX``bqPvrw;pIbKMzoYEe5=h30*>bHI4~nZ+g$;8I
zWw7{xy$=PTOxz$aS~IiP(^uhkM|NqzY-4+nDZUo&x+l<jz5PMkWMN-xe51PuKw)dj
zUFO9l@MOmIBQj=2v#)M`#bm2M#=^4mySqepJWnrcjsgAs$op$}rQMZm&s`^sBIrT1
z-Dkq6*5KIZF3`o%@zdK@vWb{1E*C#t`kX${83u0|3*#KuhFT4@GtzHN)k5mhpixX(
zSqB;Or#1H9T4)7&CZXG|Z?}`v6ocr-zIK6dob9`1fN2`5((`c5lJZMUk+)jlc|Nt%
z&+Fd{V=S5I&5sIxDz-a+7sB33|EnkT9ozY{`;n4bT_hlpd`e&cS%OkS`YV|Cgg;ty
zb<}M1i~blQ<wSH>8<o8Sqg&xwx$cQtZY4%PZ|CB|B@NR=tMD&z?vo!CotwObi|gkq
zsFqzD4Q&MXCr`5oKdb}pH1?)79TN17tl{P?j{V=>$+Iet&^fL|;FivRynK_ThwmMO
ztnoR|-SyX=o5KiQiywgjxwseU6^Yc4mvU9PqbBhHf3=jHDIIeK;Vt*J!M(`+F1le8
zX}M*Sb&gXfVM_(d9oBb70hC3cp?1l)ECe{d&KH4qfDbk%ZCMlK$jjC|s(0+1<?Zr(
zokwW4qYogg!k_p3V5uty(0SVrizMncdqald6_VOa;tA>`i#jjdKNL0a(t-r8$0`{J
z(Fw2l3|vm=xqS0c95a{s0FjE*eaYaHqw7oj{mTM<Pqa{b2@)g4A+NaACe|Y~P><#h
z{u(|IRj2WCbnIMlHyv|CjGeUT&=%NTpR;JazBk0YMiD_L0#Y|7CLyAafxb+kgPf#y
z<<DJvf~>YJTdXx4)((mEo8W*|$c8XVbH{FI4mA+Xc%~bhj4;L&AJ9w1=Lqb;B|Fcp
z$-oBX=#&b1M<!N8Q2yk)DT9zQYJn%k3w>$+@89fHO-W7oGrGsN3o(oe(Nq+81U*cY
z&DAA(A6~r*8x%h9dQiLc*|C~NM^;qWL8;SbKWuKaI)cjKlSpe?UAYcGg^Ez{SZ|cx
zyQMyg=_dLJ{7Bta9yyOls>XWDLl7Jm5aeG>SeyiY+}YnHk9;Jyp}T?U26)*&VoaFM
zC*EA|m!n|nQ$&1L-y?=QZ+|GXUQ&k3XnB0~n9HnJiUAJM{7^mOENj_*6JQ~j7TmI>
zw)iN^VbOAJ``|s4JW*IvcF2uaBXjW##=amCdtM}&BCu{At4M(pHXs{0*(p$EDs-@J
zZ6+}0Cvpl`lAuhMMN}xFvU*pWXh*>W;N<(R0u5vhCvNy4P`E6M-pe$VKH4q#Fx&ds
zbFnfOt~<yZ3yov#*@G2L+)IL35oLPgm?0rs6!T612)Gcp0veyqspr+pNRDDy4@AD_
zw*(R)t!u3$nD#L@vQmLXq!lP4u*$xox75O!W6<oSvwJdXi6mgFdpJ_Tq%(WiN@>H1
zz9eLb7_m0WFT->zF|f5o)iq#w)Em0;8XQ*5(DSQyNYmC33OfK0Ghu8>iofd^_eJ+P
zZWNfaD=vj*;m;P;z_>C8Qi)ewY7-88HI53d5pKdm0iE9&@Ch4hYFf7I%fK&Sx_|%v
zDkzT*W$KJ_E*%ceqzg{_yy|_6v*H)lLQJj?@+#xJ0_eq}!E&h1+Y(Dw33(zBh38*9
zC0MkeU15mt`F%w9$-0|uC^OlfB<+Bz^P?<Kbyj#ND}v52p4pQTJ+R-1ptCJ+oN}hm
z*F9+Zl-f$58gX-T3{f)mk~<DYlNJ8Jib<Gn!$WaHbjNEkt*%L^_v_r0_0(9NTgCip
zPXZsD9xrl$(z4iRhkE^)D_Lk6x_Zh`<9S|TO<$NXU9Z&IhfWMjs94biiwMfb!51XF
zqD%u&1QrnTLGqfq3sPafqeeySo%|Q}PM%SOAPRMm`L*tqj?_CCMhR`mE3<E}Qu{u7
zR0K+1KPV|GJu^HL_npdMb)sWByd#%HZsAM3F_2wD6*pg~L=@GPCf9)^)@foH7s`{K
zz43kKU7JX!%~(yv`jThPqs>oZgwYy#SIBD|(I)wWVP&>AWiGS5{YwH*F<?U6jLIy1
z`sHpm6B>wN^{Xdt6$kMqY@Ml6_d5;wn^l65O??(aR+VF2ACFSuBX}g7c%UBaUk4JJ
z(8=1tJ;R+Kl$~$M3!nuK++CDjvR{b82%Xf?i#;K+u>nE4&61G!^x*=`_FdN#C<khq
zE7tqa`oq`9vKYNnq1Bj+mF~e16mR$3JqnTOdv)3;$V~ij31zEISy@@hWU>H!U>8o`
z{@y2(<|b$Iw?*n@{s*XaWPlar^ei;ox#L8o0CVDB<U4qv-cml?cuP@pdMaASVEls%
zxha3R#fa*T(9hgGOHW66JY$^jm7vm#rskqTYd){#{HrD`pAx$?Q$VMz*5TVz-}viR
zn1WR)Xgne97m+bx5Bjee@!^58FPS=bmSJ0jr8TYB6YZ~Cx{LV2Fm-Nn`uspQ;6hD3
zBrxb_yKb(`&fF(l>FsH*+g9o8{xYsJZWBgQ>9c8@;Z?lGc@g7NJ3<liv)TvOA5twY
z$F|;sUBZ^3Vstgjze%HS5zJ!4MToH0!(8209Ys3j1<gXeuPg2LK&2w1Dnq@8_uw45
zWTCW^H42an-!spazD%Ug)~v{-UR$a`TW``Q6p^vKp_y@}!j^qWeX*A;3=C4^j6tZY
z#FD{8h<^hHFi4Ucdf!$z+H6?;S3%jEPTd{<ghhpZH}`XCwt8hu8)c04u0yr}xYL~`
z_TB;gQ{R_t2)7fqz#jsYHRRz#3GJdzxrF`{y~ko_T^CB)zL`zX4&~q-E&YfLH}`ys
z5RT|o|BLw6E%hHN+6&t8QJ^W)n}6P=xZp6PEp%hJz__6IaiZ_WJ|l&*7~YP|c#Y>0
zn2F94EwVK%urBwBn;>020L7L6#<Vx7pd}M(nmnd-LAcK0;@ucZwMWzAv|D353SYu{
zC_hz#FV_nmfTm#wP;$|~nKIQ_w10E<>I>wVr*ecm8`kY`%xydhd}azs3YgAY|1Hkj
zdaT$R;Ifftt7IZ_SmQl*P5Z3o3k-$Yuz{bv*ATQFepI)Ce=U$FbYcZ`F-^w4HhV7S
zYp`W4AydTy-#Vk$%sSGbTX9w7eK?y`&#fqprl5rC`sZbrhfc0&19C-78c1DqF3P7a
zKvjf#=O7_;79hkceTtrhQ6j3Ckb5UeP4N|6wg(4U+T^mp(szZ}Z&fNBxGYpnh1oTq
z=Na1QA-<D*=j`Mx2U+7PEYGN{o14UC|ARV}p~QKG)>4tnp_lK7Uf~+)sTp!gR%i}5
zAAu3tYAHrSN;8ZjztTzR;jJ}v(233~0}qKOy94j2Z(DP{nc63^D~Y+IUngtU8cv+Y
z^dYppb}l(32m{H6x&B#vcRu{0Y%3Hj#!MJwFl53r)>?aljjzU+ojD6Xtk#PKDiYXM
z-D+#o)MZnw5!wLcHxuDa9h>?MMOwS7gl91M$O|bfYz3tdgMf=xCu#J|Pdr!t4+KB*
zpFN0>mw7^J>m||cuhOerf*u!eKGzBD)XztqVaf%f0<fAgc*UqC&e|-<3c2AG@3bn1
zZ0c4dq$onsOV3SjwkWR6)B=}r%Ia`?1)qs!U){0U?49Fl5?M&al~_aOh&>7d<MSXW
z+^Dfmhl{PPSo=kXJM?EgBKH_OAMA6ereoZ=3*Rpe7^E;w&}R{QTKI!D`Q+wX>r!i}
z66-6G8A|V>H4W33ws})cd+m*aS)lJz&jY(P7!!n~6DN7BN>T{b4fu8^-S+l{YBb=Z
zKKK<yffhsuus9ZkF2DLywyF<_#h}MpvomreyJgqvxpnyLBng?QE@DkAAX0OO{*=zt
zr$^*~TFt{p$Y(dUH9SHG0`)bFSKS>#2azI(YMhr@A5c4%kM(BAUqA{+SSx9z5_va`
zlUMVKL>61UE;w?{yDWae=1QX>g5Y%iOYV^;>Fg2EIBs)y`sAwR(@|W%%05pM=9<&V
zOvWBT=)V-&@2sNWi!*>hOLMEB(o*d#8aAEu;7Vn|s_X9>kdAAFi}1ZonXB0Q90l%k
zfHuEzu&ZO%rWZ`k7M)i_^Eig}X@AX9p{)?cY;h@q#ZvuHI^VVLy$>`4F1~bcmjQTC
zJbLGZv|b4F?56@PwM$nkLa#|Pk|ZY<dtP1GYkhFe{VsTEOfO*6T_D-?A|q8s@^n!8
z0rd`xcGV}hdOL4^YXfH8739SrX`GP2JFF5fFf~t&6Q%o-Ae8I~uSUZ4lV;l~r<RE6
zB}OJDc_mzSP%&LLv3=p4wxj878m$`}#6yox@55ce*8vyN&vX%lJ*L|F-hgVnnVmF)
zWj&Q*AsO(dgy3R%?#*^ZEY!7`KZ$Sh3hctwrDH7LG!~P2nhAqFat345O}bkh(7xw+
zM&->1N4oO$DwNC<)gbr2OyWnFU%4Gy(#cvo)C|OC+6_5qBC1X5MIoS#4+X4L#UHd!
zO2bgY^VOu%FL<7Odi-Jf_Q{(<COsabRpm*BaO?3ApmW~geYB^?pY69=Vl&aeZZjUp
z&3XvpQQ7-Xoze!HJ8oL>B(FLa+&20S%IPDtXyJqPGRww;O{bHm_1rD8+wqMDK39n9
zfX0!B75tN~IXwA(a=uzogG!y@K{=yJuKIOg)uJD61I{Toq0Ebh^*-jZ=tV_C6bDk)
z^0ZZ%$0gXi1iReFEOs~pxNw2DPek^BM1}U|xG8O|1O=Rm@^(t&`wEX&U&d*x!td|_
zQXzloR2cu;4XQ1oDnapQrzeI@lZ_GDA4}p{!}ee{b~MJbHGq;W5_w2G>lsi}U0M&o
zY$kn2#>k$~F3l=Xyp8}jEz^en!<+tgk%zHH@lB`EciJM|0-yN{3K8L7#M=LTvtaFm
z-U2luzR~UBO*FiKsaR1JvGro_BMC>h_|l7zj<j+f_K-c@cF1}oL;5I#_1+VTs$P?B
zw~i3v=(nchOD1PSnlZib%~DV^&@`IKa=z5&HLD_2S>XFCq5$0h9aqHqo=B`~rGkr5
zUS4#>Vj^msNggI(-I}`nj2K>Xd1|R{ttT#YY=+~e$jQbMUZHRKO7FrR4^vojJwE3{
z$h>kVo97%2m9-4b^Ur`ic1ztF2mQvPeO*6Emw+iaYYQ2$NT5H#<7M}4C;NaN|6Q@8
z-SSFG@AUzmhr%6~9_-bwHU~C=Rpq4ZYp@ZnvqUW28wMr5MPm;<haNsbuG}$+ua_zc
z`fygLu4@!oc8x)Mwp<HUlnEK#1k48@uAm6J{^@Ys`BK+6CBT4^(m_z?9|-liBsIl#
zZF>f;oEKoYgDr@%VhW<&DoMI(F^HOgQn&VW|I&+-KPZ6!uTIB+g|@1vc5Z=ss2#hN
z_Z<rW4RQ_?SnJ|2i@Eb*pwdRT%xTogY_=X(z7PlmMdhoPTywk?V{n%E&TIHl?qO+x
zLi_gVD)7s%6e34oE#g8c3HN?9z1D7dgSHqq*?3H5WJVk=wAkGLB#?(8EPdA&PMcgh
za{f4=orCW*5wMk$sTN+-DKZqSxNl-r2<!!!1an^9#Bxvz;uzq}^|MK5eQtKXx`|<8
zhEQ<83z-5u8=py5yr$=1dc~f3*3LWS2z*@=3>kS1yY{dKf(>o|s$SZo^MqLb@WUzU
zRUi&4kXEE}KPB{B9lF3X?9kuc6?jg#9b7k?5_h6!zV4d7u?pIJfBp8!-4TFX($3QL
zVgMF8%$u5DY(<=LRPEStBao5@Aq0o`Gn~Tl&_219wDdsHdKa=7>H*53+8XtH`p7do
zRf`<nhaPJyU18%3N^Qknev{`TzTtu5QU7eZ{DnT%aZI)aEuE2rVxtP*a*^p!^g&9g
z`)|uUO}=tDS%l)vt&~NeL=vOOJj;Lc>|L@Wfad5@|IP;#avVm~N1|>mV4QN~6eB<&
z)nJIP0`sJzWIW+AdkVXvLtBq-@~vwR91=sj%lB_P;@gG0g9<&{4`bW|ib6O`H5=)M
z1>x5E6~Mq2XADy{++fz}m>Q^=ugiru`D)xVA|oTqzz7B2sj=~`zY<%#>eXf_NxrN|
z;yfWJgc6(wfXs?z-A6@8pxp47Z@F%5{gZl<90%FAJYh~boi7(KpgtEo(5D@Us9#R4
zsY^1i<7^U*Wi9elSULF%@%M}tYmopdoXoo-ls+`144}dW*G@zO74P+k$K4rwU7BTg
zZ^e^+rg|TgW`QVFmBhXOlG2NP&Xf|}D`WAM#^KXZ*WJKb<hSA{YlWG)JC9etfc8}d
zS%<mfbBk9i7KS+|?x)m-C1m+Yvp}4QUOBVoRTpo3TCGERV3V--BaZ>9P_}^Z9HM#~
ze?Lagi>ok6y0Ops63m*Skl#*?tnp<Z!0-%9bo572>=hRZew2Cq-i}b!{aY}Bj9vog
zoR?wAr_LG~u{sY18+{!=#}=pYY7LlYMxhS1xK|{f=k6)htQbM-iP3dd@(dBdyAIzT
zlk)9lz*<~!)VG8|hs#(f2vQ$+z_t|LlX#ahczP^TqC3v)wf>GzI7^Zz_kkFZIO9jp
zD4S%lYGB%y=U(fI4IL712(3Z$VCl%#(D;XJ96JFo6`65UPDG@G5Q*!+$r}y(+^h2B
z(_yS+SjLD$@yhj*;Faq>j)Jw$!ea83DOVRfUx!9SQ)jXGZVI!|zo5FpgV=m)7#7tp
zCp;#x2lzoKUjnI#a3JOlt(+m>s!u@~jRcrcPERHB7Aa<yK7MnBhM998#Q&>tv7cz1
zrfv%wR{{{*sY;uwUZE|Iti6k7%>wV5*+pIPhIdU^W1BZwc=Tcva>O&e4_dEdlpge5
zNkwl~c`p9q68p2ZR>=opu#%vdY#@xox7zN2D2kn*Oj@H17W1idm<xAWIN$kgxb>oN
z1c3$*+XBGzoY8+?r+*M`{DA2Dht{3hBGn7S5lO=OMk_|IS8o4kS3#cJvxE4g>6T?;
zlR(6%*W^}yCveLA(O#}AE#%YF5pt4c?;kYkRedKhJntR9Xn0{}z?xK70m*pdxhX@3
zTXh$QpfkwtDuSMJ2|fKn=gw<$C{R5;k?FU77pi{cFI^X+eIaJ?+Oen2M0@Udv?`lu
z1W)?A)A47IFi!cI7$&Tig=;vgF-0-}8ig33qxMbSKW+hpV9O1+G4ux`B+b)%lxRlE
zXaaS$9e{q^sK{uKmdmo(zB-cDQpoKMG1c`xaQwg>Mr0~z*AeX4eEaJPsLkLp*HXYP
z%EvfwXMX|VHY4TLFBIx?9~_B!+XiFm(%!>z0FoX`3($D%{Q5Jd{@)(OFJ5MqRY;DL
z$T{Z^19Rvh@{n143xEN*A)Q)?J4b6fVfyxcbDZZBa)`Q~`(gz<8FlqMCDglcj+>gx
zyj&$^>QpjE??O_ZCPmSMYBoDtMsY18(h+<17^<Xi#uoq>*@(Y7jKC{m!}ww>i2_KU
z-LFP;xv@?_R~Y?EaB!H5<G9C$8E=468wo%6r~NUj$Z~5Tg-u{HYsQh14aJ@u<`b~%
z(gXJXUx-!DtXFt$jj1uJ6<W4E0YdiOd(|}1h1+v)s5;$Hp+I=T^D1nwRf}z_is*oz
z8Qj14Ych6d?H31vn?ubt)vXW8cMhQhoq0r7QF%*}15EKUD3t4XxtY>oLpNN$PU0kB
ziek85SPqbJ+;fKG4x%r%$h~^w2Y=_I<X<GWsk_~p31yP4;k;fsG74{rDDD_!sH8m>
zT;}M3RD5G1dCkCh{lsSYDk4AP<|C*DykUN7rg&dcTj)m3A{4pUCJxX|l|imDg&Y|q
z?HQ!9;a|N;!KmNDI?-R?VJv6s`VUgupU{dv-v5g%@u`w7MpDL(da2&D$3sAc3O+Bi
z)<x5Lr65OeYbM@iq@r4hxJoJYY_WG_<BY!}8rY4&X-el=Uf1tFxUl3`DD^Y|9@JF(
zs;=b$B!Vj5G*v8q`QX=CGSKmo?EWpP8&-B)CLPBhcFc$3C9pg+7=BQc%<Gzss({rR
z<S7mNpQil+OCb$P_`!i8V(^K#uF-G;I9_F9^;$|asc47xJ6Y;lr#q}o_csRB2w$Bh
zAj_DvdpAk)_z0qB<pIhRQkB;42=dJVMNzSEtTCF+E)zW;21KE9!33I%R)8>Khl)Db
z)|MugoOqc=8uo@;2cPDcV}Ln*f1S-gds4F7Pc&7#W1s2P9ZbEiQaUrWp<G^<q@aiW
z=SHXaVzH&$KdHu(*NZ!D#y<qe#0=w3Rj0%z8Dmf2E1W_<13`zY{l-ao?{S8NVQNzt
zY??3EISf|4dISC%C0%95+6~ySbUHN-l9DgOO)=sjn3(~JvsDqYbU})|QX>wxT*UwH
zP8Z+&MSu(r6|MFX(;AeD3JIzPs*ZVZ@fM9Uzi!L-BXSt#&Kv0;R7Q0YoG(BQ90^sd
z-6Sjh96$+6_CB~Fd|36HmHFa5JM0cHM!Qj7QWheg-3@d+p{b^35rO>8UI5Jm;y=WY
z#hNQQ+1W|u7Kk3zBVZJ-090N0b`Zqu6nWE&|FhlqPM)R*)W%;VuA0Z^VIe;k@Uadc
zJ>HX`VE8kl+owT%lq9G!Tx5JmfU1g%J?6``U~@CGKjh0{eocpBk(ZzH#<$hG{=WRj
zk6VqUSXBR_j{iT%nooAGz`)Eb%gFzUQkIL4GP|LaVXfeqE)A6}^2g8#|0C-PL#Y1M
zMf>-MA2d|ZAL&rd$@o}RSBSW$8cUxYnIj*Tml+HASy;1HzK6j!kQ)CXO-+RWmD3WD
znGK9fQ2mw?V9rVZX3jmsHd<hR$ef#Jj6@&g$xBfGZx7_pjsP!YeEdTBr?5{k@`q0m
z#D!tr&#zuVGXM^1b>yj|<NO|n4r7Y<f1Z+mFYxhKeysE#sP+7G|36m#KmPlJzUk<i
zXaZy<F9N<D*YBMV!t(7(|CE5NOMvRzRRBB0|9gjCVb`YX57%a16M|uB7IYr7G%-wa
zx^(qFWNH3O)!?-Sq;0V8n8M6RhsBSv&#kIlu>MJp{*Nb&juqp3vq)iB(`#1zvFEYJ
zd#)^lG2%#*KQ-bQM1P3CosK4Wn!4Xl!;N_wDXu?!nx8j8l97%sL4L%e8yM>Gf6b}J
zTz!3DsUQ7b>PhTU8~x!@XV(VU36=$vp8wz2*esEY7_M(<kwr~iSYGJw1y;v;i6?)$
z!2Wh|ofi4IqvaaGDz+-ozufX)XO)?;J7w^vzX)4H);*Oj#d==(f3ck=Q3}~Y=^zG4
zg@ZF$ZZj`1hS>Fc>u+MWp5qU<KDX0CM~nhygo81l|Js}Z<142{DIcR&(l*%i`&n*d
z4+ZBRK1-o0M2;ID6@c0IGryVHud!U{tUu&J1O7aQ*&Th%r7pgJjbontsr4a5DK`9&
z7J!`j-`@whWUzjztcPQ6=fNHP-@gkfK1ymvPx7UPSao)TaxTuE5oVWqey{I!%=+U0
z@m~9{4j81%7fyUqC6qG8oQnVY?tG*H0RknM-ER2(G@RI{`BSHZ+3iv?82l^O|3nkV
zWRTMJyXO@L(>u|m_*fJqHX4}5MqenYKh(IGvw$?CDoPZx{Oz>6e=A%VV3QrrKQ$i4
zA7MXmJFLTZ>&gD7L&ZI2#-Nq?=Hk?9jqWK8<FFLPtp7<^0wY-<7oE0y-f9EOPyg>F
z3$pX%3%80yDI7EYrw6(O!<_X0`lLeO7^*`KaL&mg_Xtpm7xsTC4O}O}>Qr1}`9sGe
zni?VxIwN0J-J*sA6=U&@<@JvPB0O<Set}<k6E*>wzs76b7RYO}U9MVy0dBz}GzA3%
z_4;xLlQu^H6VwQ(SpralN2?5Mrvsq3r7Fw^IUZL3ANG9nMpI($Lji&Z{(Prze9G6b
zp92&0EUUf-ume>=*O^#TOU2E+6dc5ui<jreBDpA2MZii&#WENlgUo(Dnh)>U{Fknu
zWLEPqbX$~ERJME%PVnq;n$C{Bbo=sOt^%nrI(a%e0YEHb2c=C-k5(%*9QWb!c>Q9<
zn>QC@Z|m2MZSg1HiLmop{Yk+0%-jck7cj>|I0_?6P2=q$A$z0FMnZ#C`FfH@Zin<8
zVnD<%0z`Zv?kzbX4G16}CXJak2Ay>|4TBejZ*SzRYHw61%&c}rl>Q_8e047Y2mVpu
z$;}-MqtO;T_Q#;#kL`iYQfwz#8-bi1hSY3kiy^v8hSQj4g>fuy-=f^_F@>eqC3j}Z
zJE1USN@D<gU<Z7YrMdP!3(8)2fmSC#(Xm8zkth7*ytkiwE8=nz<eyQ1!!~Ym8$+x|
z6cvr>A$L_=PRdY3KhvXKK`ZHZzKmmS=Xh7wK~>Qs^GmPlIDfhndvA0t#cM&E0Qk<$
z^p99rE4D77fxV$p!83awo#-nymS*X(#=TG{q3gLZSZ=@MlU({?xh~$xYFN#G74S&u
zr&`BeUvvkJ@Q8r(lrXp!A}X<Km+>h>2&UNu`}R2<1*Qg<wfS$CL01H(Ux{U?71>)2
zGRP)CA{gWtan8&TzqtoYD__+0V1ua>;00cnreWTteV#)D=Oor{?n4+A`{;TTR&Uy8
z;B(yhl`dmFBZ$_OpPsbs_1pdG=fBFhW@Fw#dMg+4zA!nYN?U9={BrNHDB@2|f|q6c
zkGO}$Tf^$bKr@zp2S_0p^*`dNXzBSuX1seTwF@pc{KdIJ=8VOMvtXVGXiC}v<wE1g
zDgXv<jjIjhG%ruAr}<dJZzv(efZ$FNiR2ejLCtYJd~AhQvmiPjyc_d=r0>CYmwwDo
zm7?Qx&?o3VU61Q0%M3+))MSUEa-)8ZXsiXqRIJtFcyn|yv6ylgZ>R9eN0LmXcRkST
zqrJwX2r$c42~2D@jOqj$i$Ov1Cg^vT-}#qK{vwz-W{i7O0>=4{R<uW@IA~I8g8@&T
zJh=-s=)%>;BWlaudH_{g1^u`F!l@L1<4{bOc%)IiN=tFq;YlnS2trgYG<sXO)2JeP
z1-C3?d1Ga96d)Egujy@~0Qv|{Gwz5;1ZUf!J`#F=OpEsEGtLp{YfBx(z`=4O3fU4I
zy74W-cs}fTtV@jyMvnuaV;*Z#xIGI$?Y7R_S(6+fy#(0PaA~LbB4)Ffg1ArlYZ1Ec
z@q`z-UxUUxGLL|anJ6;&_D}Zsu;)R9obV@3kxDa14o^!^4k~@}`C2T;td;9jC{L+L
zM3FZCLa`r}eOC#$+<GsV2%@_=2Il`&*%}T%_B(I%!FOjB5ZmJyPg1@E6_6CUC4l3=
z@SKs`uWl(#Y|b12RJ0VBXD_2?as9~zfCY>Vn1$&y?_oqCl-PI<n2PG&lqU5K6xF@#
zzkKFf-uSwkcJ^V=ep-2`mUq;7BpHilJEoW|_aSHx%d2PQFF(HxMiA}|JNc{mg0V4K
zE+aU6hbi4#!=`#=ss}S!ddg8ibxb3gS>sx-z*>1%G8m+3ZnL8>LbEy>KVB4GWw&$Z
z5t`q1+*^bXwbpf((f-rc#VeiNBpyJmmjfvr$7yy=%c>#@G=<o*bY?qF5em>Tspdoa
z8w7sn?fob&{`mJ*?7f7wlvrtI!MtOcw4Q(<#Iax9$2ut2NoMb%P#&o%YD%q^nbYJ6
zY(V|7oC@fkLciTHl;{LKvwVXLtAoh%Ub9?xNa16($z}|r8wu7&U>1rim;hqj{)$qO
z<U3FyD3LPA?*JoVmtmJ;^a?*OLV+-+9caLG?4pZo!fiM=Trm=$liE(hsL~0qy<z+2
zzzKt>N;6`Q3#$qcFtAaTwdUKkyt)IxXAOC?x4>S#RMJM{<f#v#tkVaR$|XJ@B#b)r
zhnmH(uUHObzkcal29($|8rY@!XiPUAN~hy8Bs}#^aMC1q|5m|ENFO{CZ-y+;;^EsI
znqt=}oec_p*A9+RL`{;7@WUJDicf7V%4e8P?t_|Ghhcd4ZPgt^_8C$M*2>VO#v`xv
z1c4#Ops|zDY<kvvTtal;#`Y9JsXfbG1I#A4fkC^C+I4oD&GxS~^m<)Z0QJOjUfySR
zb_3bS&`B@V5iTB2P$iUkdwX1Wi@)e4!LTs?XT7Ux15jIZ(Z<Kk7xZDp2dDR@+QNB)
zCNC~zd3K#Z-5IICG`z1IzCYhE(MFZ?(BvIZEw_^e02lJ~svc6H)xuUb?(!1DRWOSg
z<8I>eASHn=re`@1SKC$3s%#f;=`|#*y3S0$;WM9z<6Y4;1MTQNpGdn;ETr8o%NThL
zH^z$k-Fb@)0J--yzVv-uOdAUjIt~-S2X(~Rk9>r2p)91ZsIEpJ=mAGn#7>u~0^V|B
z=#`@5Tkt1u`J+lh-Z!6(X+X(-QXma9AT;wXC-QGm&jEp(px4k1z_;ZO|5yy+KiVhA
zAG{eBQ>1R4Z{Jw41O+`mtIm%*K;`Da?xv2;(hu?Dc1=8|1($1S8BLN5iPr(R!F>KQ
z+zSW@D$QT!cOJddBfD-GIu#*1|JI2GDI$b#Jk8;;{dCy6cCmmRh~M=`<;g!uUsCTR
zIZ?{2v6`si?Mgpv*U4gBzX30s1)_cTtAS$0q7Z;44G^A4c~Li?%XAu!9DjPS!P5?y
zQI>MG76yS)Ef_%mx70vQX*+f6v;rbbm}Ef_;;H^v7^qhaogX8#oTT!ubM!mS#{53d
zQoaSU8Kjt?=knDx{XNB-Xsw~cIVdq{+hCqr46XORg4gy}T#LmbsfX&U>4_FV=)0)7
zML_*S5XA}FOF%S1{1Yx`l`FlRy4PegfjYElzNAOhF#{lAx$n;3HTd|QGqW^)T;*^l
z@qvVHfXH4hEWykjxIvBJh1&<0b}pq^jqcX6pHYDLaV_aUyaD$3!}TJgOT8Q>T~Etk
zRpH^nkGq4OaR+1ytXh0Z5t(;=hM_k{0{6=j6^N8jKnj_=#UwJtxYPK$?*Tagj1{@h
zP(2o!{$@4oX3Q!+;fssIOnHLI$;CKZwIX-ro&wKCozEbDQor@~viA`aXszC#C#}<b
zUwisk@#WVQosY(ujKl42QTb6%VO6e^{Z%6W@&FT)!bsG1iYK45pVsfokhGidBw0LM
ztPC%Og<%Bp3#s=(uWWd2iB>q%cfvKJez3}a+ytpu`RS>*2LOI%l|GN}x9^#Y(rn%V
zpu^X<l(L4<<T?%|U~U9_so8fc)>KuCPS3vk-Y~eu6n9(-{8HN~xECb&ON84XI(s_9
zY?pWtvH&3lz|&XMTK9%5fr^!YM%7dO+!tS)A6zzGb5f<)#$eN1CSD9wfG}ASpoSlf
z@sveRo;tH$X&plRA>8x_jW)9o_Ije5=baW*R8r7<;7N`-Ddo6hVl(W`Mcz)?R~s_T
zn|{nKS*!pl*q3iQ)=tx#bWr-<KxeEQc$`B!FtbtX1`U?9t2$TkvKfYg60f>}&@tbD
z+&G0gg;UZ0TA`T!x#0Wt<A673=vgDo+5v{PTmy{Ya?sc9-UGwhBLTf=tmaee2B44)
zX$mX@c@N%l>xvcq7iW0t^B%78hdbD=hlf$~!*bp^l^URsdatvItft@-_^Zpwboj>N
zEx6o(&fDD?G*B;>YAId|;LgbCknmGAj{IXaM{O^GI*?9bgWI$E0AXv&ue?&o2alFZ
z?NN5U=^?=XkjjcA@eLaRlMx;Jsxt+ct(QFYnnK;Smc|y>&d~Y*oud{rRoK&tu&o#`
z8O#VN4Yt$m!N2syj&CQp@k!fmzZrx1!c^_v{8Y<R`H^5ya0#QDfiA;wKy?CJ5m}#N
z^j`mV2ky^Es%1)1*-@M#&I`I@c3|qlh-XpL`y@{9{hQwodJIE{F&*%m-fj6iBb9o3
z-Ha9f22~)^g?nxQ1@9}dJ*5b3=|X^?ghS2-X7<S>xFoBHiVdgXYgEMtI5MA%bOb!J
zy0PS^y*N|Qtf3{`orogQYA^~`LPQT{HQoN&>Cux&Kl`eHzl`a%<K0e064twIl&X#t
zDt-=UAbkn^TuepK-X^l;7Bp@-=UoybHGh&3A+6^+ak@5*@fHTOY>J#wToRwd9fq}3
z0Ms^YeT>7Z+<77qXn>TA?8@~wjqNHtpf)D_#a<l?zZQd(ux=b=|0?A6{#oAQ)%<Ap
zbzY9lX*h37%Z*k|PqDnGHDJu(y2FU)8MLm)bDxd3^&(O4$9W4am+BXsg$fUSHj>)H
z>gnaZJpnb<c>UYw97eKS;8EVO^YDw1!nPr&XkUKOh?RTRcX?~m+Jt4Bp=-BGPH;n6
z)2?bE@FG+yicwWzEDyn#gSMu0MRHy0Simvc%bwG5D%4)ufnaQ+I*IQwiorg0mn^b<
z`(8_J7+<u=6C^aziq!)zP4~*e*|k{^o>j6Il>|T$sOr|Q$GE0nwP!dN)*dFa$zV?B
zQE9uad=xsmvj(l`<H(r?8##yY!fXa}qijD6Pmq0ew5kXCR&Oh`1Cd;A!aLI>{0fDo
z-{3aB<I4j1oT--s3=9DibQQ)_^hDJR36ucFtH!KNdPS;NhZ`-VfIAUKFKq#Jq;l2%
z7tb8ofTR*5C3(aOL$XKESes_OdKvlG0Lp-e0G5FQPJ<KHx^yeEy8i8y9B?Nfo8i0R
zmsbbpO8ClJ>AuC`VJwdr%`Rh%-ggmoD5o7EJ|Q!>O58SYaM@zB$>7rB3qYla7YP%t
zj^tO^6M;^0*;El8b3rfb6!?FQBeNi+e=>6Wpx=r<-|w8Xn2pP~)T1(5sXCC`W`PkG
zF~%V~Rq5^dp&^7<Kgn@bxq1VQHDAXbj?-$y`#%_*#J!J}8ISgR+J=R{m*Bw>_rEU}
zdB@(>eO0qeTqzIy04<<Cr^yFg8>(%n$O<p@zjmp21auBZg~)3h_*kM6|9)NQB5!pa
z#N?Lu%5r12xSc(wOJUi4S@E=HDA1~saf{n1BmUN>ne%T2)8VsVoI+gv$G*H=d0Bf`
ztLVBke>)<#kY6<R>yNRi=)P^F_grR7=IFw>ZJW9)xR1+uYX>)&Q>mVvT<{|ldRV)}
zBeLvFWBm@OvRIBmo7~`R4vQn*>Q+&O!skwhX|Ct2k^+}`b`vC`l$q%2lg20E1&af7
z%2W6*k&buH-M=;}K`#@lXjyR0G4x5J9Y<oXS}K;vXCXd)T3WGcL*nvX%eS0nqaPV7
zN`%Vwh5+>lpi1M+LiSy*h5sV=mD#f->u=x@%)z4a+Us1`^7B+!ID(kt9zd;FQL+PG
zuL>-?DWxWrWcm2C2G|jtEX-qTi^<lMj}kSnfe?@_;t0Hqk?^PX@@U3udGR}z_^8<s
z$HUugcPChI$k5-4o+j_Xn991{>iiar)wtDmW}St44sE~q;9fDd&Edb(p^5uT3&0u>
zHh$6|t5nKZ(al2q`}1>TMB=Fnh(c?j>dkl{JXWB9j;nCA7#xw|9yU_K&^Z_4kPiva
z8$j770oEENXb!wOZN~C9LDHE+X_b+M>CRgS4qVq-=CPV=%pMCHm!K2B{2-R9YK_-A
z&ItW8HGlQq{G@G{Ut!Ofx15fy76Hobd<bJTCqUr$hNvC;c>yd!=CW<1u<fKc`q~v^
z5A%GrdJCWT1{bW&0g!w0EQOFk)fht9i)7tv_G?nLY~tNXohkLTeyhFB#n3!-+2Ysf
zjtCsPYgJ3ij`gOF8@W>1;3|*h3fYPVw7|FxfBp^;Txz4yf#@1SjG~t@U^Q9liX2Vn
z$p>f|LWokH2l{Fi=v6F<bo$>|1Nv%K>3b^!br>>7p15<Af_lsbhX1FaZDE!0;#zQY
ztW~^pbvi0=5jbghoetBc<;s{v9CwIz^#~q{R5TSZYL84w6%DmZ`ZpPVZ~`Chy?8Ij
z-M9w3$}+`_YpvIPk;Tz$fBUQ=06%b|a*%pDonDVJ*jom<fxj)hsEER^X$ho#T04>A
zvvbFM)OhFg7L5c|WoR1Ib70;2K&N_iZA4aoNqB&V`JHwz6<enad)r`TF?0tMm`)Kt
z$2Si4@jhPRpC14~ly^qNp3MB(`@i*FW<oFsYLQQOu$Vqf`|}y5Pz)lnKx(Hd+vZ`V
zvfgTci!c3h%h6=Layeg|Y0&SQ*n2H}Vxx2To;kATM-mq|EOM6hu$*MRz04h*Jea3K
zp8w&T^drb^?xDx0((~QlLxS5f3sgJ?Rn(-w3+F4EWGZ~u1#!ShCX|OLaFw=GOOXZ8
z5h={n>pXdQY59_TLk`-kKH7|cX+fH8(TZ(nWxzrHt(a}tQxNsSK(WpcVPpkTKxRNg
zgT~hunv!aicUdB}Vbm<bmcs3-(3wQDM{|~QPapLMyk=6Pym|x_0ZqH!UIl6`Or@Qd
zvt$!*0<Ip3`iHGWWLxV>ME7!?9bUg02R@3=6$D(vdl%o;A6z<E58;qyE4xqtBUM9w
z%#j!R@{HTb%Aq{?OnznX5l~5@lW$l88lI&9{F8NSm>6M|o^3_TRiF19%)jfk;P<aS
zN_z_1=vpc5x^A!S8H{hdxbZLD*?UhxBefaZztRxKf9G%a9cn1^6GWgsi*<wF{aL*~
zrF`g1yH5~*0P=Gq7V`>bX96Z;b&_i!dr(gDKI8-1OI}i^8v%LY9GBkiqES==L(<UI
zsBmZ8AZth+ap6y{S`I|4%dMS1cH<Q&ZIRz%y%o(NE8JYz;W2C+qZu<=oE^|&4ORyA
z`T<R}j`P@~prD}Xy!*i!Z5o1#J2+z<4^q$ZbYS9^vcvCUQ_#vS^U8X$M`Q7CYsB>7
zfYc`vT)DFEVt!Md_6k}yFK=pc(x6|pdBLq7B!+Q1(&|$Nl=sPaXd4f-VTq#ary5JS
zmQhU6oo8FGaVDpjr9SVi^qw)NZ&$$cU;P=`cBvN}?avCEEY4^xa5+<(3J-(ZYfSh{
z4^VOVK(U7g-)26qX5Kxg%C3nl=iZvk<gN{*ag$%FO3#n+1qn1o@S!5l9?8v+7*Hgp
zoCtr-q*dtYI2i7t&O_6i$v5M7nJ4?5za<$An+M%KL5U;GiaB15kOVtHd*5~{gr}T;
z=_337@#XZZ&f@w*5433zwJ|Vx3ofeR83LO7k#xU_t`7mf>%Lz5YAPL#pj$|V5e8KW
zyi$MpTXrO%&X1^{bE=%J$3KfnZg$4&-L>xHuy;<wRSDFXDlxP`h-=vAekWwLy(!QZ
zRK7}ZpEvS}F4|0IZwDNLGFFq+Cytja%_wGg@p9$I^#iFxR`(c(Ez7!b;4SLH6fpYp
zF}iL!8bvh~g6oVkTo<5#w@C^~*9kTdPO`26jEslr5=aelWSL1lB#?G|T$jcKZtb;H
zZ910Sy2@9_Y(}v|RRv1~2<3@<w7Z^Wm*~1*`MJbXJj;7a@sOvXher#EXGb5k9JK|e
zl`pqUiMU@}<Ubp=nTUV&ezZLFd1QqstS>j21-(W$qRcq*B>Z`K_F<;y=WC28;pFND
z#Hf9xeeWt&?*;{%bC2L`SC{iRhv|~Qn&8AT@2L@~ZH!i*`FP!I7mL$~_TIaAZhX<y
zbL8^~y@{Kt-VYBfr5)ql?+*7R64rX(8~>cXtOQI~dcH_3@WN-dg1YM}L2X_mXBI>6
zoH)@t{obbof5+$4ncVa+p^;INa#7c=w-1zCf-b3Kl{l?V-!gIck-;}^v|8q=2P1ID
zWUGa|y?Bi&?LQUI?bfo`U+xvW1e+<D#Qo<zH!V)r?)XU?e>`74DeDqUrJ@<F4#eEa
zgX(_C!b9y&Dm*g6aesx<^K`Vg@}W?Iv8or}J5R~293&a^HOq0dYQ;oP6~dS5q1)(H
zU(Ggl(z9l*!kpSHpQ&=#gfbl`;KsGc2B#;V(=yG0*W;^D*Sfj&8AQSu-l6Smh`@Db
z?d`ZL0xrcKgZP!uk&TVhE6co>1zcWff;_f~k4JA55}EoXAbyG3dGxbUHK?Ro`S9Jo
zx|d#2ioeGswgk!)l+N(d#?nzdl;GwY|GclD42pzg+Okl~Nd^w7mN)lZD1D!4ou`Tz
zs*E)hF1>CXJ&Cg^0%R%jssZUmfXhI<%Usp^d>ZXT-JYQyO8mORgS{Kom&uu=GAg!W
zp#76K{Iz#~ZeZ-JQ2Ll|xU7Twd7D#$?&AidO+{LjJyp&aCA+8YBZm>PGsSzjMx`vi
znT>b#&VBH_xL<yL^(~)$^or(Rox{l8O|J2C*KHQMy+8$kBG@c}Kr@vY-X_blt>^`~
zCWD|9W!Ye&2$?z~{IBhl-*Pw@i{=Xf+8?462rz^qz0z=7UGQLCi74t{St!))q)4IP
z%t<9}Of#O`{CG<r()rv|CZQm{*1q~6<Z|i-f$ww?8(>nMNo0(oZ0_agN`@qtv}#W4
zQQm@tSpBemmQU~a!^NR_RuHNr&rOQOKDUx_t?D#rkD$n4p^lcm_ZtwlNiUy3YI$yd
z#aD_xxC#%oTLOZt@*vU5@KBK_8p5B!6pxv-i^BAJQTIq;?S_Z@-O&xj;^RQZD3t%{
z$BV^;45Y7z$OkFToWGJECb0U@eiy)h<>h)kHS3GEYQ{i~KeP)F+m$XcD&Izw*l=!!
zOSFINA59Skg;`q1qXWXrdG>rUQn5^kI@q;2j+P;`ThsHG5<a-bUoDF2bGHHxG_(R)
z6_dSob0n{b3qNG=OXL|jFBR7k9Fr|ZC@4<tzF<2Kkmh$JSA4~5ovgaO5N~1<xnmCJ
zvO;|oA!2Z#;hL+a=lMvh{xAh?pYKHMUFbS@3IRkhH4ge(9#X}<l7%|VzJ_!i`s|m)
z+)XlE@MisRt1=;G$O1_xsQn&H;T<#D0PYAKBdx1s0pHKPaQ7SCBH7WmDs~DUoC5i!
zp^^x5FbVONJLni>Eq=En*yJtJYxKE0mk}|EGF5`mlN4Fm;Cz2Q9t!3Y4J}4?uFVEU
z#NT01@~$+#uv-n7eB(ecdjN7^_t1Zl>1_e!_tBs>95c4o<2>`{hhnaacy`pB<X*A_
z#u@%mKqKBhwcY(EV(Kvy1JR(kL@}<)p?;u>8n~11;Ga{6HF;V?<r}>`2Q#I+CLI9H
zueFBEtPg7&oKGt~wI+}Qhnlf(Sl<tFk>);)jbn7E`g+E(XL$Clba8aRVEN*;E98$=
z&fjMdt?|_8ZegZPlkc&MA1VGy3nm=<INdmWJnD;#JtH+SUcdLm_|T_E`s_ri1Arzs
ztaz}ml#`4|y#{11Ij#KhgvT$<CeSKm{NXZfK-lXAlQl|cVNt+#5@(I;g%{n<T|*vM
zo1tP6!Szpm=1Zg1XFJ9+9t{eQl`9b8qky8hdCPX{S$3peN^u*(dHEp8hYVUZYY)kt
zj_y$mZPkMOh?mp7s(H{Um;7PZ`Q2u)dj~+#C%>&AUZvU&b-mUlq~Wj1@1_a1S$sTR
z`z~CD5>MSBw6-6K=V#*GuQ+e7h!&i3xvpNjNmu~{6wu^sUWzQ5oZ)&E$aWj#-lJvJ
z)P<}>MM2=9PpCuhw3(P8PMeLjFKl2oPzaqLkPGyXi9S5nC^N||F*Ibm*unQ7H_)7#
zQ_aaBRiMnJCRe!{A5;|ZUu_*X4YTWp#fF`54?ywHA`iZ&&9%I}LeiDSPd2E(NN}2U
z)In6iS6-QOtctMJwq^}e_E7<9HX-*{K^d8fKSwy#Xj@ZjTXgQpvM^Pne*Xz(eB5t>
za>PQ~JE`-~j{4QC&YSc7v#N$Wfo$?rLZIKbX^dzCz;bv{(%74&z>^?n^}Z9tUnS{3
zm_ivdQfvvz0Tv;pm+-Ii=WCQnu=J_c$vU?VyGYR#D_Tu7`0e1g7|iy>U%F%$PVN4>
zMK*cva$#Qy&m8fCfsoph&P#geN?IdET2~%K;aF<duxpIYMQi_f$GYO%-iN_wXHmiA
z)eGD}UNtw4^VW{>3ym@w4zlW}rWbnu>iLUc4UiGD0r^+40u1E!8qUFEQnS`NeSZLO
z)`=QtLHR=&j5H3o;<Qz~&BynUA>MP`%j<^D+k;capyZc14+L(xT0DV_+k7h}zw~D_
zLpCe=*g-%!<+2*-S};AwhKKi5?ELZ>K#i>RavF)Zhl&oHM1n$V8Z)iS>)A60*JSkd
zQ*GVZDw`Jt1%w82?Bj+B$LF%fG3H={m{_9U+)>u96Y|#O^DzY$5!zLK$U5vg;*sG=
zYzl4yiduBx)m8&qHj?$Ze*R2n0)And<Bi7TJ>b9h@OyMp{$OUK1S>1t9YRieg)QjI
zBLY-GDxxIp=dmXu^2xr*e$8tD6-*`4sxBi82Eq=~xGxl@sJnt*mkgB=g_fP}yJX$o
z0c!ZiVlurN2eVPe>I~EcB{KCuQ6Jn+i`j<H*`{v~{wjQ`aLB5eb1oAdbcyNB=Avxd
zU76~>sMz^BrCWG0UB%h?3R8GfP6uVZs<EaFDkCX9{+}^Dz%=l`xwuSbWY_iDWGLVE
z7r#rJ1{ke*ndB~I*-wa+CxTy}lXU4K<Y^i~!&7qn(gOPdw0>e8%B&k!FXUZqX9tV6
z>arcT@!smMT=1~tD^y6Ac)8W0Jv~+bPd6vuhm)p>dx-!=abGi4TYXTO(n3=i65~Ml
z*!AbP$_Jel=Xy<Sq!7bqcN<L0glL@1iS)g}B*L2sD)$ExCAHRLcL%c`p`X|1H{U8*
zN6l9*9%Qk3euVt1oB!&b5YY>BYRp)qR7+A!zlqTErQ<K0$VIGAWxV3Ja}C!J$j!XD
z@k&nW13*IP9)KHR9$+|BF;v(SXPs9-cY{$QJ2Qh56V7?w`XGMi-%!@okbBDLl=w?9
zrBMIU;oHGvFjsi3I#zEH{6)N2%>ACDirME7@WWEk_ZlFlzqW3t2GXd4W@PXw?OLaT
znhm(nJc#3ilBYhHob*DD+w69~`TpXUs`anpB}l=g!hZg>eq~e>;|e|i@lu^8JWkR}
ziC>ssqqn=S)6o9mEs&r$Iy)V#_<gmLG6(QBTE89u(v~?G$~d1HL-w(Eh3@sU3Fub5
zkir$Of1+tHIy`T#5)IycGD!n)?*&!>_pZ$z+N1cZ44{XH*)6ZX?bhkjQ7Ra<+f+dG
zgK9!8H9GK#<jws3{qb3g0H38OMaBzII0ga1;1o<yxNHTv>D52WpaKv2*K0nO23vGD
z8>HG~a%xfd_!X?fy!EQ(^5cE(=TJYN)Q9B-W@SZ)es1IMV*WpY^LW9SCF8mvJgS^i
zrCwWCsD0mRU;>LC%m0n)eHDn47T1mk%kCuSyZp}+{i_FsIo<cvk1e@hSwvq&=?7R|
z^*30)T?`wi8~@t#<K6k^2Ri1H3I%>6_$XLBDJ+}*5={SZWB`Hdn5$o2;^$WW%?AGQ
zYnrb8Sgh(mJ9U<0knv+CI?T_1`oo`xY|4*kAHD3fSipkEF5`L~W96%`zeqf|#^bf$
zzmMAAmgf0=x?D$jNF;Gka28`#-FSBRKPTI2W6iVamwEob-l?iiwpgB3DF7c;eC7AN
zB%zBK8)r^u)ti1S^Q#5;E0zAc-_Zwujd}p^HS%aNOZ$7=R~>d~AOGRfWLu@m#31x5
zSdXXU2>gi3{_y7kRGw$vn<MC5o-a(L>#!r6eoOws-=L<`S20(CFZ=xJ{R{t!F8=;r
zL}WhMaFHo|RGL|CO0l_2YL{SS^WO#v?MTw)z6|*k@`oE`>nf<E1yKV9bM@|Hv!QFm
zdg0t(=lbsr{r~gXrx;JX;sQRn<_?Ogp5)rP7CcVOXOhG$)NfkD|4$oMhxDd&qKo5>
zLFM-jNichD^rw40E>>MSE;fv_luD)gd+bxY9OgVeH~GW!7zEt7Sapj0UQHHwn31=?
z5bpQJv4(f=4<AOE6m}LgqVnuQ;~rR@`}=e^x<;(;4En=0W(2dN{OwSTno(2)%8<an
zq0(1hVO=1_AG*L|`G5%YWLgd|o}j{{!`A=NdRW{cVzC&cY4P8NnbBa^2=b?Eq^;Wv
ziL++LjQh&}J>2b88`c;1{mmCgUN{NlaurRJT%$(-&vOuyM~=Ip3;M3|W?l!u!kv>;
z3{vMD>*(0S)4!YmF&Npyl=3izOqC^;VgmW=7l#Zm=31kXD)5LYGS7|>#gg?vp6KUQ
z0lAO;dueZ28v$@87fcY%+KyrpRt8!HNqk_2hTk9n5HT3sXu;fUyWkFu=!uCYnVYAM
z+}}VW)POK;(Jlxb20%3J3ya<{qI=cb)xUx8@RsG^bk3<Km52x5rWcNAyK)m?RaC5y
zx<y_95UAJ*(K{^+VyuA^xKwW|+%U5hz>KMn6QMv(L>pvBtQMNp`XIfVKiG<CM`Ua#
z*!L*ZF4e^IHQG*jn**Ug$*qjLpHoCm=>(oyUq%Ye7j1aw6gBQ>vS^fwgAyI{;Nr|E
zXf(Y8+3lBd1gZ&S{y6}<8s=e4b^AmZ$%#{rugBo9eIRY2rjkpV3s6nc2VgeKJf)!Q
zm;3L4Xn1u>tJXuhBfRH#wg`L`B|{YS2kNg+U+`sH1J2;7TuKH)<UYHt>mvf=t4$!@
z_~Fp$Oflz8{L>rOBhV661Opy8T6$wSv_dI3TB-EFTh99uu#%R%nFP|C_XIZvA|z*}
zJ6}3%T#z~pq@_v!zR5|}S6H_ilu~LeM1eQWvF32VHIdwZu3N{P&Hu9rq2PKkBLwn-
zqZ(bvKM3%37msLWK7d&`8ErKuEA*SsICioKHZ$iA%zA<<e-1|vFTI5zMgngzqeEq7
z?*e~*%@uA-_5Ip-KTuWX(r?<%(Aok+<OfR(-)$4%Rec2*3MD||6zQwqe3>40SE}O4
zXGMMeA&SGpJsU2d-XQ4hqF$iaIPR)3OwcGvUO)l>Ch6wGrT&fqfg%@Q*d^eV(q!H$
zDhS;%dzY9M$8DC2&!{GAezWfODhMvKff$0fB*Mi2eY2RWi@xdY-suko*ITo1&+A^a
z3tUk?^Vvkdy+uIsu{520A38<R^qoI@PxB(zmOPm#CW8F2$fekG<{Ra(qkBmOAkP}z
zfONn3f+G35JZJe!9i}J~`4Hb8hUD0H=%QgVGpRlMD-N{77gq_=yFqAXru!G8UPIk3
zAhr*Hg;O_Bq2{xTEKxrInc@JD!P7QCMYsCaILxKZBWzx&tQV8QFrxeBV>O{8ph`qy
z)SmUDzVRuwIYip=ItVG#eM7$4fP&DA*^NGFf^|=^sR`6GeB-OcR#YfnVyo_SCQl0k
zFEF<#8)@CBqcY^R_O{si;BJM^&Z07?u}p;m#HI|F)56fUGY!a~ZinL;E|KF@zPX&<
zl<h9rPTd+oAs+94m3-~G4~x$|$s#|g#1>IklNAS*9J@<3b!4}Hugxg-(zqDyuro)h
z0&MKDZwuu#|6+L!K0zN|rj9~X;dqwa36JSAJC45uQjK2!I;>)I5Mt9Ss_`FI9e@hE
zG6v)I68<XKaLLvgJ@P0~w<t;Sw*Dl}##rS<mdrWSJ{Z+LiLfL<U7{_NmlHU2*^l%5
zi@-pEEc^-=O#KvW1E_Q41+z7Lg!tGl0r$WY^QGo)yl6EL_@4(0e`l-c|6}j1qoVBo
zzELGaK}DrO0R?1eC8ZSvMH(sT8jvn&7!(1OmhKMej)8$ukS^)&lJ245?BTxkzTfAZ
zvmW2)_s?1DynnbBDznx#*WUZPzwwFFC8phivZpWr7H@Ol2iVaQm2Z470GgkVc75Dc
z(n#sjG~jrZWPCu=C2km$*==xO?4@~)^Z_+24(A*Ama&&>?x)c==6W4$OznLUz0Uic
z^QxAaM>na(-opkRGml-HD0ZkH38rH)q<v&QG=5x#k9LfF{-$o*iN`cCij+uvtgE;#
zoZl~l{tGvrDEGVshCBge(M~Rtjj#o}gPhi@{$TSYDJpxCoF&xj2B?<)O0(bPpabSd
z9Xd@IpIBIveq&jc3}dJ{dvoJK&Zt!0YPj|Ngec40&c*Pq;@XI0&cIxa+qM(JK<FxI
z33$EVx_bN3<7xmy%)2#$J6FG6opCriOwXX%9$ng-_~gAGoetwb*G!}A1K<4T`|%z6
zpjSOC=EOEr3tr!=?%LskKxNi^4LEz!G4MdhMr+W;zL!*o6c>Ae)~Qx2zv>;pxt>>E
zIT$Tp&t=dwG-~x704FDzt^i;&Oh}Fh`T(9N8wM;c`rx+oy8xL%dzlN!Hee4NT()Y&
zFF(FYdjUgzS)g`(G@sLUTYazla5i+Fn<=-A!C~<(`c#UDGlv=x8hhF3D%p~=eU(pQ
z_WY-4FrY(c-dK3q$C9jY#kibY-@X2Dj7aK}{hq+31E=j?fH6$pldBmfv|LYO-Ws%K
zbw38})K=9yCskA0XwRa^YR^@~?EbVQt30{^d~n#(nvb<6K4Mv|`^s)9Gb78S52ZrH
zq}=N}w%iLqbH<}B9Z?+gtJCEW9<YlX`fA+x`%;Zx+CBBB=>=V+R2XQ=?gBHH?BwJ{
z3B2tKUBwG5CIe&kO2Q`_DdhGJTQyNZ3&(hRN18RjAld|Y40>?ft$93QyOdel2LLR0
zv}fytA^;4eif=ooxUHHExf2}C?_eQP*?lM$sXwtqVYy<a(VBe1xLkc~wFXSlm4T;$
z3cw`EH!wPz+Zy<kZxrr1(v7KX<lNPf-vu>xrbNhnI+lWHiX4383DK*$tyncNCgELi
zA-kpCuA{nmW9FL<!^ZR>TqvpU(_0?c+kHUZREH$OYK7ihL_BRrGSA!|3>!0N0)&O2
z=E##n3NF3bkD&vx^wn04r<O;mtRdM-x#^9iasFY;MRTpOVqf~SbCpw`(KC@&qj*#g
z*5G?uO9NcUtj(E5Cs;=aR{JIvVe%b*d&RzNs=UUXiQZ#uyxx^Y%GSu%cAh=X&MOv6
z1MBv?K;aXL&}OZahm5o=ouj<`=mhm3UJhO1UyF@8l?h7iIBUUG8l#j1)HSPON=D3z
z{XOj7>{*OSsU4*h6vzo~e0@LP8(i<Jv@TS=+R6}!bCvW<fY9M<+f^`*<7hF+z+i;d
zDmZp8uh&ZR*mZRd3oY$Uz*K-b;;>&nU^;Yfe>MTZ*ltPPd`if6UaIuX;t@k87MDzF
zn?PN2;=H?7<HzC-lP^nsfle5aM>{>v9qP()R<)az`Bcd|L}vhv{iS>yCP_p>1pVSw
zK2eewnc~k@y~ED2{+(mLd_3bAAOIDZl$ljtrb|gMIE3o!gUWtK8Bfzs1COL8{SrQ9
zEbUBMgjSYXX=Q(``;^zh?!K*Tw_w_V=fHx-k{`F_XhosL_6tKw>_B`{0-#p*lFMm}
zb{Ea($dxEeC~0bIEuJ@W#WkV)j8$9z36NB>F?TdhGN{}YK#~G4i_K2~G7!&74Vv|~
z*%f=z+uJ5u`4^qq0dg*Nfh{Fu5NFpxEzcH7U4i{j{9x7cb-KnfrROMQKvMe|U;d2g
z4Rh};vgbOc)HnM1UUS=9<3Us8Kss-RaE$w%reL49;9ii<?ftYae)Zk^-q7`e7tX*V
zX;)<A%KV!k+_`toh5KKmed~dII+t&}{g4ea-ta!GQ?QPMF^<-MWYDr2tzy!b`O+wb
zSwd+Z*mL?T=$stxN<@gkKe^o(2KH-qEesDGl2HEW#81Cu`3JaR$A!#^*QXlrd@APK
z^;=*^-oC7rO)Kv|*=7>rJPH)<T^`6!D6qWKp}#KK<S%B7#VnrUwsrTiEhJDSM>Q!x
zHpvQe8;8nOu07#QuZ8i**cP%8qtQpZR@3+DYcv<~3z*Lg2-tR*?yr?2U&O;%yQ$+6
zoN3%LWa4^(i3O3vO)uMy4Un0UI#hIQ!@Bvl8FMFW&5JvnHG(5VV(q+x7b}<bd{G^y
zD2Mz}z=*i0l=gy%KijX-%FTyFU}Z7`dEnHMwEu=8vEY50W#wCvLXfSs>_h!_bJa9M
zP;@k-mwj~*H$1Jf%h<is3SusJDS!cAd#;=}FH20)C?&srtUM`tDqy!h&e9ymOjrSi
zQwAbx2Pf?YNoGvNQ!UN_PRAg|%E$;T0Qn;$a${FlrF5A3K^v07u4>%DZg(j^wtTMM
zK^TcA*PYUt%qFra4=|Fn_ba$9Mk_+uX0RX1&=UQeetKhDSXlq*_B@N9-u2{ZI=%|E
z2E3acZx7bNMKLd6UgL6y>b(xg#r+k5$88(&rA$wCAfZS8a9S(nbxHma8O7(ogw4&j
znAacJ%FMn$7yxC5cb%t>iyB%NsCQ$kjvy~$o(&dn+e@+PZ{Ju(l!<Xl`Bjn*Eo0dY
z6*m4HHDJ`<xlj0A;NBI_R)Y696S}9DJUnVdyl^+ose^8_3B|(>7q85SWm$_L?Dr4&
zug%TzfmAzY;$e%WyJ+=Io7^gGxP1CRO+blO;{f&W)j5vy{<5E)9M32>Q)mV`9<*35
zYe3pKX~mmz{kI$MgY$~!G_mzV+NGQ?PovQ2XA``U{N4cPsXd+Q0kY8^iOUK}SDD(u
zksLR;wj8By0T=W6)ToLe=Q4RS>dYOs#R;<wz=17agBp}ujLrD+7bJQ>x6r;5#CE!i
zUKi$=Q69FJ4(bT-cIBpPJ<R*EI{ob0p5RcWGMZ_Bqm@Vlw}srrdd$!eAU4Ydb=@0t
z5JxGR#|Pp<70JWzsQx?v1Ccjpj2YL3kF8QxzH&hx@Yy5oN^H(#w0}MW6J|1PPY>vt
zigUg^v+_3)wRj|YysQ$`5pm-frP3=YlIP0_Tk>cBeA=&m)Nn*Wc<89iy;OrtDC;fT
zlR?W3mQ2qW-|SNvcD(Oo6=WI%a42?$vMyCi8{F@Vg!&@&CO+s3n|s5w<m7I2-s*2I
zI28TLv2YdeRurz?e)Iq~Z0R0SNJKWx`{5qRj4j+|gdFcFMCGP};6kyXV0eL}nT6E$
z#pNm3u+JmSf|09xI<e~@xp|RK5c~l+Tb-Sr_<30<nNRtXe4K2brdWk1JBnL(9O>{_
zxO%}3zQ7qS<)ygn{A3j~^s`lhh)RH@vpM_&#Ncq}-nL8B5;lhVM}QK~-0t9?h^>7z
z2vQkb_67Zoqbh1#3SCU>CL^^dRb{4U_<TPT_bth_TmfhDx<tIraR7mWMPA{=LBhnt
zT4jj7-&cVZ{naRg+*8dwRcqms7{oz+@FxO#a?6MIcTW5QVNrF?Yp9VU2C~KnHM&x4
zpe~4#Y>E}^8|~>F{CJ4ND>N)HSD}qOT>|hmF6|HaNcHM{y(N;P+0*V@M{XTcmk_cE
z>NDmwhVA6LrSVK_>Dsg&Mzm4F$yAfjyCWg*6G|qR7hY|12m#u`{vt)PoH*rvb!{u3
z9H$RE6`R>t#$(#mKD=!Tzq<okBaBnn97y+!Psb>M+ID4yCsx}W=<u#!`5oRr7B~v&
zl+}Lb{J+Ha9lkH>hM@h9Ziu(DNxw{538!BF-Om1zhwaWmXg{9%fZ3S#NrbT3;Mfun
z-R9`~8nX&u_kk*z7GpiT)8FU47O06@RIdX3C*nZ=wr@kOx^_gtWsJLd@boYbJSNXK
z{l4?b;LGoNGx1bxh`z<%tlqP*Z^sdPM0||uv(Qd@`c=zX^=-lXlMnR7Z*hK}u!Azv
z#a7avoXanbobd7GKmqoKio0CeJ0B*zd@c^(lGgYHF!fap$x?)oK$lLlsv*q%AWIII
z*aX^9j1fD${NToCiCjfh>~4Uw8)uNVlF>eeySn4ND@9PthvN&o^<%tzu}HW2!vnLy
z2QwIId5s-n+p)=JAcs0ct@8godD&T?WL>@F>V$=trWz?4xi@NiWi9d~m5Xe?`B@&G
zX=aw7U5jE5atspsel~s?W(7Nn5iFbb`g{@d(svT)&735p?oHBf2eCMr58mBM0tk0&
zy02T%R>i;=msFGJecq#2Uwwu4uUTJ$T%&^R-`x!!5BO?cu{VBG{M*MP@GrW%`!lv0
zbh}w{c>rL7dTy02awpz#`pV02b+4jO28>hS4?4eRyE1r|360hj!bT$T%4*SOuV-zP
zLwe2r6D3;J&e<T9>Y<iQBbBaakFdU{<jk{h+;Mgsa8t&MJ!i?hwWA}>lJkVb?qDgK
zO=+aeoFI#6cK@TFt*!-=W)f$Ox~0p#_*=34b^y%NH}l=2Vg=S9Zg6XMpOnO;=OW>p
z+tIk;{F4nr+j=7Zxbo29by&jocW!s>Yh>)Sr+W&yYR{rcJVDTNsKZgukc#2v>S&Qw
zGnig@g=gd1Vn=xsXL1UFC>*;|O$S&TVsNx-f&AmKv_tXfokmF+K(T$OZjyM}Y-|Tu
zm^MgmA2~!D%sQ-*5b~7khfbW{-xXgeUu&w%9jzEZZ*1fY)7In5S?zl8%@C|D-^V|e
z6D<~L*OIPA3=E3{$#09zO`%^k*hMhnx<|9~o|Wo_=1LNtm!3;?L_UNoO@MjBb83tH
zV8luPEI;!l51YqiW%cC%Y~hNYtBm`(dmnGo?7%8;$g&?o>U8alaYpPWQY8YHu;YzU
zbDqKiFZ))(j8$onjYKzZypA+)g?3-_%Z)uX$Lty)cq-9vVP7?yEked7Gl<uuV_GH2
z#LB7+FmWWa_fb9b($SoK{i4{053`=Hx9$VG6582ocv?eDw_UVEo%C>!Cw(1E17hT0
zhr&^MCZESiZu?y0*Abp`<6for7o=WwyKs_P+6q~1gqOX_I-D;mAg0~Z06y<19v6Ab
zM3{Wz;^~kwF>iwHivMLc0t*Z+pb|R~g~9B*yqJq!GvK4dgRA4RB3471GF5s3Z-i8M
zQu^ZEu;5mW=bP^$J`^<JEx%FC({!^dCUi&>qHEC%1(_>JDx%rmiG{cYWmyhkuVxHQ
zlXJ9tOEICCXEPVyO?-5sSwO_y5kd2{Ryh_pq6ieHiExX<{RoD(THcJUEyK_EB6oyh
z{H4SV*zD&s21M@%*Z^pVcxGYo3f-I0h-}^W77W=ex`%KZycqAUb1~rU$&XEuWGo5a
zb$EdPbAp}yj{-Lz;E=K#ymrmTf_zK5+8Hsq$NNls6b&H(4KrvN{^tmBPke+FmziVP
z0i%9_#&!s?)4o%`$L$20xM$B#s=p`8HB5}CaKT#)tN}na>eLdsqT_N(%4?JA3~+ce
z^#>>X((GIOdw4!EBk0^B#F+-A?l3#0Y%#i=kxx@Su}S1ajn!vZIJz%^aUe$h(@w7Z
z&C|aj4RWM=S4Hrk<ycNszhG;R#~IK_SYzfdHT`*<BPGUhy|p0y%Vw?SOdq`3EkcH^
zE8Eu*r|)8vw=bt|Za-pHdIc{7Kn2Mi1`2FE_zS7uPdK;2f~>qQsRVaiD0fr+{!F!E
zgUcK{_U9$V(~a-Rlc2tsmdcY6u8y}4B%hfoxxH5<_t3c8pja+i2Ch@?1YFGl8uDiZ
zp^Q{ku^Yw<dsW#CT&*4>{Qx(lTFGl;AF0y4k_m2EB@*5b5jY#SE{bFoouE`0aIDdp
z!}2wiDpg0(w=ueq-i3CT4%bf96uo&FVoYmqcp?ayP*Ua!FN=y(4zPWtiWlsX=c^CG
z<HUl7qu9;5mlsD_@9DUDkC-~XeEgP3Sj+k5Is{)}<L%J)phnw<?)tN1kMXn3co%P@
z3jWPt6|bV>25O#)T(2Xwa$KnD=eklzsI%8_t_G;#Kyn@Cr{j1tL-YgclgOow_I2AO
z9=A$HgCorwUe{3dHGo$VTxR@eF7%~e82gqxXb+Uo`_(M^_#|{fV>ez}3U3P|^*wXt
zU;q`-3-JG>`N-SPCmJ1A+$@l0WFQtE+v;iw=z9;{!bYY!Ms<+^+f++L+a$VwRnm7j
zzlv4XTi7+uPZ<krdK)}RT4U{Y4##BOcSE>i5JU0XQ5;55ByruPyoh^o?l7~M3#0Ez
zuF&pF_zD~gm_7-Rg?G@To@x!Z=Ze7PXBx7+#slxX!<{3wMxL;QORf~BE>yz~`Dm}3
zxb6-QnA;27f9FbfBTNMDjpFl?)5y`(Qpro^UeY&D0n@CDUcaGpU+<h(XPQ6eeDSI}
zcPT@7e!A($eJd-urk3PaMCtY>cvy2C^HO=ZD#TllA_?@W)w;-S9ZqWTI+w*Z+F8@u
zuL%hQpR8_uZOP9=#8>)tK*?0V8`gp$e!Afa<skNmyQmDclJ=jJT31OD5UZ-Gr|cYL
zQxA=_Kd_JakR-P@RuwoD*v8u9bk(639K^Eil7lraH|}}B3jC~<Xs+M#Jgs+kWF9o+
zv&;C9-yzRHJ7S<h-J0;S!vMgKwyN0^c4kgEQ(1kzXn6K|$o+blM)5q!E~veu#SZBt
ziRo8j%&5%{H$wV58aoRIPQBSd@Po20dX-Yc7b+jkmm?3{I?UJT+^*JRXdv$)fPkQc
za(mhC)Js{x%tXZwLY)I1!#0{tH%d!*nvu-WO<x5T6}-9YJfn%^y_Pxx4u0fZ-N)W=
zB?$lWd%i^cPbBXZDFtJVZBEwqcy~j_JJ&rRW}xuSAm^$S$Q-t+y51`5iB`8*hfdHh
zQZ9Vb2#o>xwN3STgewzq@*WRy1y0s7SF`jRWvqEN<yye#n!52BVJx0)rb{LKaXNe^
z{1JDVv28U9cBA-<H`jj9U5B)|BRVdH0Q%z{6=CDM=?M!0>M=&Olk_ZGVLMu<{a4Pf
z(YsQJ5(=Ug5lh<@d%xh*U<=pbSbbDVaQvRniq;{Y2|@4vQfa;seGC8d#2tdm&UboQ
zZWhYL%X3N-5h`;vxBQqZRd+@FwgJCzUj3XTwnhjicAsn-F_F~CLH1Uhe6uvG$};1t
z3+P!n3bmCcYRaSQ<#ca6T`3<A9`|RK@p{m0a8$?9ldNN`0!eTfKge?4T_WrHCjAKI
zEKP(+?`#;&72yq&>agwL26`Feda_msfzK=k3Wm=%V-HuCzp$a?EV@%amHEkPx>u~a
zf}Z^JQSPwcacb%Irt?ZEGD$$#*xX6dS@#+gr(STN{vq-NoOcV`iSB@9Xn~LvU3SId
z_fjzWi9VrzITo=NtK!AJRi}!>WO_x5s0Hn?>@r5x$?;0p^lHWP>+Jh(GS%sOM^!gc
zYsDQam2OYM@^{0F5a$bKLD+Inzw*(S&6@`cwHizD7OX+WYZYn!{#Mv-b73mc5zE|W
z`_DRksbr39URByR%^?y_m*{gR&euopul0#)2{P?)vJ9GenYVrUbF*X>XmsvyH(E48
z7TFdXGTM0!g&7x}@|)r{i)KlxKi~hd*=MTlK*O_s_g%Nl`4u8y21b|CxX{$JR?~l9
z9~X#P^tsm?=U1+4o$hCY%)&!b#uGGCo>tAQnlW=F$&G`Yt8Xd4Mq!}5di+)B`uf%f
z{YqiyVuo%yL1vZ-XQooR+{<v+1NPNvhj>>m>oQ>h4i?-)C5UXiK)tFYU~mU!L0coM
zxYZwx#Oad)kn<}#r&xcux|dC!c|i5L_qD2#3bJQz139l!fX3zLf^`&tUnNc6zoRRu
z1X)nCd`Y&9N$hPkcRd>p1TR!p;R{+>=(3%EGHo(||57#(F5!U5Tt7|?6L?{}0yVSi
zA6WHBjAOmL24@ZM5-c-x?szC3%0x1fF*qNzv=2sjSZlmAO1vnz6cP{RX2ZO)=?3N|
zCi87%HqA;a&yrS{zXpmN07DoKwpr><&{zbsNUoMBx6C8T@9QE#xD*$ELSutU;0;;}
z?y$y>)BrMKdSixWtJw?QD>ydF)k8YvaGemuduvj*A>DX<{L79KpqO0z`dQ`f$MaRi
znE&h4&AWrJy`}E$G!14wv6(G3`SMAzem_=8=}zdz_CsTB4>{-r*NKLzckFs=*Y_D|
zUlip_M)^r3mfZNLhDIGoO3Eh1{tdM#!2WCG>%pph`t}fcb|h?$-75n+31IHmLyV;o
zwXUlQp_wVvZ;bNdUBMhoYn9FdX}$9|>N3miQMhfN+n#?wD?#tO31>;?70XX2<2Ki}
zKG16%b6Jc+7!Iz`$0o8ATXHPKS)TZckohzNQ0V=%`uKrC9J0G%HVQ2br|s=A+Hr}4
zPoqJ|UUp-WZA?;r+}7*!v2ebk#Qk}751gzs^|i=Ybs3ns@^t$gg<qO58ZLEhB+Q!|
z3%^ruyHq-!UP~ra@N5a2L?f|-FFPqqwJ;gJ4Omc0Xi))g#X?C~w_&?09wI4~q`&*_
zM(y86x6_stnvsok8|P&m8K~v!*r}RiCSdzA3Ud+0jxYmI?CkOJM5S)Zst(SMb#NdD
zhcE8kMQk=uIA?pGc9^v}45@FToez=QHUucY23X}~V0-NC48&mP6a>nMT7bNVAGu)V
z4pZp+eUJ^bgIq9;wThYB$VapX2LSssK_k{o#%pS8n6-7eFybIVAVX_G`w2s6oE?f?
z=pKG~3;8IMoh%Q@BY+AmHQgT68tQo1(mD7#!hgo>+p99SGvJJpbT<Aou>}CMCcS<Z
zHX1G>F}L*NjRy!Cp9m}r4UfJ`KN*u%o26N-{&m}%U4m2MWXhoq9ip37eibu25pQNf
zdRwJIJp)14Gb#pq-2<P;*Y|w{Zg`j!t6Ch>zB|5m16{524T?IYoYDhuggZM1OQ`;B
zka7OKnI=8X;qWX!x1hpfZ`^mr9cTQP{5U!|>lc#cC^_bJxqw#DO@94Rz+1<Tu(}Lz
zvg|I;DQ%kWHkc#<2K7=MzKVg=`dspav+!2aSxML&%uu^pIXAEQ6&C1JT`6RnU+UAQ
zo7H9VB4JidWYN$+qMl9%u*K|?y$NkJ{x8e8=e`8)6zIH=sf1QI43`+=uBEJ6fvl^3
zZxJ2P`@nCKAT@xHvfY5DC?P8MDPU;?h&!2Ye?JxEn5)e+CyHO9yMR2gvt<cIVOWL0
z(mNkyjDnR}Hjju}BrSS;-;?O@)%tj@din@K-ho6+P#5tj-2k_wQk({Hzd~Ah=iJ}>
zOS(asjV)jlz#L4DR?Et>qfw4gD1nF2me7)cYK_+edDWCI4!!z^YSqG9ClaqF#h8Zn
zD18P%{}<ffyw<HO)xCfoZc+o>J|s<k{<v$?Y_|d&58Ix;LYVY1g0^*I>al5mPFgko
zcP&D+Z%VsRrVW9XR;{Ge<v||jrXT}e{x=m*;%qy3=i{GIlBF1S#+wI7Za=$$#7i!?
zh=UmP_Ojxi^oj$*ET%HmAW=OmKLOWC%M5knr%>!iGWTt)c+R%@#XZyH!n5YUj+AC?
zqnC>OQth&miJr(;`#)WQ$}*5_LL)TuSlsn(yPbwPIzHYkj1aVH2i>QgCw_r|C0(?Z
zt%(K*zh&NTn0cEi<rDb*bk+PcBDZ~0WV&=f%jgAw$7U{#RjFv)0zKDH2}UeUn+yX^
zPjA2d@E*iT*qIDL;YkOWdCuGWZH-K%j(<GqzvEO9MzMFexcq$G!Bvd%@{`h6%sjB*
z$FQ5{>BXHtz_DR#p8o9GBO~c)nt;pUrQOS02M?3J4_LQA+a(ii{xn+kx=V!X^$%*>
z*j3DM#goJOoalm1eK5l51@~KqhgDQqo*C#V?LNq<*U@~3&7Yy9RGv513+xQGlc<4k
z2oAy1&%y%M-SD3uY(+m@d)bGd9UwY$X`|~IeYC#o^Pxwu=}(Pz<M>lQuvD88E#&NJ
zzN%eS*0-<N50>n;iy=;!G_l&8u3z$H6H*y5-K(Qdcw;ll#nCO7goui@>MU&^DS>Ng
zI!<}rPkFPZ2JN&O4SkWcQjWC9^Xl$jh6{pS%K{AmIukq3cDN9T3-#W2RwC#DCI+*w
zc%gl>71rIr(ft0s#t5@g*m<GEKUz%%CO6`#z)vd+xS<8TK<x7(PtaQ#cdp{b#oK5h
zDZ?i_1)}&$$g|B4wZ2cljHx4X8&ob|7*$v~_a3<iT6dpnk_y8R(GOD|L1B<10G8!u
zyEFw~23jy4zH1uq)xEYN9|n@LVM0u2n{G-VKLGN9954{|V-QlR_VG0$-P@B3egZc`
z>UbSAg4sC44DSNlee>ZGZZ?}awFs8gQ)(EAnV0`|JxA{zFalTPGVSM7O5kEDWp8b!
zi?FVZ>Th*mJ1?xXy=;PJXd>rokJqX`WQ*=bdOR@hrakGNRJ3KLLTTuM?p0I-=bT!v
zJ`M9c2;YXqbGQaJN5Su#w8>|v<87<jH*bY(JAAj;28vq>NWY!Ox5L2v>w9N0@$7!+
zvcSFTU+bRSz=ckEPgftu-Pb#cJHoDSUnQL@M@m%RJj&(YvSQ*{3*&CxwG>DdyKLfm
z4fKZ;{?#8E1Q7GrUhJXG!`Ottk>cXkKP{p#2N#G##S`_@*gM6?ugYO@&YNB&C1M*d
zN<mjS8;Gqjs^+`^SPpM4#m@M0Qj(a0c&}2w>IZ(V1rE#_%6yo_NIYEJTQYUHSA08l
zv5>oExsSmp+2LhIn&bqJ4+liHKn1O-<sZg{^3p7MEib|~i!U3C#Z+;qiP#q`P8c=L
z=<{d8s0)Jvbv=Td65W$-Ff0oZCLSz=;6N`9=fF-bZIWOq=WFHWh78k&GHH9iW}2-t
z?G4Jm@^GuRma0|?=yDcs4$p%Dxe8Fg<2pzb)b1yC&PUcXK@JN)0J$LToa_9Y=~i{p
znc$=!nIdi-QV%TjnpUT^fj%bV%JRpzZdF~K0HZ@NHc&1PX1f-Le1tleJL=_xjitSv
zwmzH2*sTn9`O(?$f+3y0R_`~e8Oxg8bT^4_f_LNXt~{{;ZT%`rd|94Xb-V1$Ux0#7
zH6gTSgl%?z)snqTJXfxv4Ab$I2*&I;$E%kXJ<LD(PK4nLshYqzT0<GKW%w3pPY~a=
z*hMJEsvKT|E8MOn2e2d3^C}q)tM`F)+?S3x{tQH?&`{1$pUHZ)K3ib(0q|BDhqxDf
zJp@#?CS!ump8i0`i&z(3lC;wIc*Va8Ok<l1o&XZ)@<giUn~|Bl9OaeaO1p-+GeEdA
zt!Zrxx+~f~zO;V|lu9xWwijY5SF6@*4Dqh6DES6;U<_+8L#dt|vku}?K(-%tI)dA6
zXEf0-%gw~xt~cG9<R}2erQFi+OABCiL`B$ionCH>UxwCTenv9y?}Jg4u-V0CD`4a}
ze&f8Bpc|J1!`mpz_0~*+UCDqWAnpc7fgW!*V9(x1xZd0ygoHcXxG_>aS>N;K;>=v+
z!>P72V42czKpnr`;Gh3vq=%DdI;ow6#aWYOfRde2IVaVG(%LgCU65GU6jNh)0*Q16
zW270S%@E=!(Ed6OkllRo^S#ExO~C66d@l#V*>oVE?XX*0$jK(LfHgosc@-`^P<iy3
zVh$bYsX!T-)-ET6dByA+R<Z(wA7mdnnR4UghqsrX|DA)pJI5#!U9NOhy<5jM0Kg9{
zVzl4oF0|gW=k{X1RohKUOuvXh?6Y3uqS_5TzB^bjHMF@c7izyYDxuy1yD3aE`{c$h
znm{IBX%x&9)^}qqLRerRU)z$fg@3I=zr}1`a4(iTiKQm?o4wHz!h3y?iYyjwprIJi
z&Rf9&bfISa#Mp^b`tvliN$9mzgpW7gkMkV8u*D~8`LvHHgEPww!JkNAu3a8fA+#93
zslX8W{%8LEZD}gF5D3@)(*@5MiJy1xT7SlCF;t}=X}K?KOgG{B$<~--2(QC@EaEjA
zcJ<Ltzyu}j9*};MbIB&X?T|vnX3+B_>vSyx**r*IDl&8sbID5^C=>;c-Wm~@)WuLv
z8;p3Q`B(_ZOh^_8ycy?LJ4+XBejC){)8!;w6G$a|cg>%+&u#(!ndVs*a4h784VOvz
zB$Qn5H->J3lqo-~o=we2{{xyO07TAiY3bOGW6klRR6Z#1YI{sfV9O6a=Ka9i!&<cx
ze5)NpaGg9{Z+y-n_W7&G4<Q{!_3g)<oupGLNh?OKS3TglKV-Zpe8e2DeZ^C=|LANM
zx@8{KeMj`}IO3phku@S~8<t?JX#eBulclDVfELwtUgwy*X8O}tVcqxG@;jp^Hk<Q4
zL^yfI2}S4|vmIBv_1!Pua(sfvW-_&&%9QuotjM&tqR^xZ;l*ozN;z$C!#(3}g2p_o
zV&b}1#lf8v(2!O?)mU0nu?Sr*&8NxrvxF_gYyBS1qI;)pW@uSVdrAMj-$G}!=N)?y
zPx;e}!^uhJBlZm}3^^t@3o_VItloG_KnXC~)<WaH-jmxdPGJ0LZ34DB2WYNurUx!0
zBxLNljUqB)G_sR&p@l)LbE4n+K`CX!8~W&@GnmgdRMdE5_i>My5kzc*quxiXx!nf@
zEv6S%FpuzMRdvzb48w=jt_NH5+>mJ9=D21N3g6^Gm0RJ>w-U|1dK`WKL~tvIaMn4i
zLLu!1?i@fzEzAR@QJw+3`znz$xf17cCYb<m72}MCbBG`4);tnIl<;Z<rBoNV>i|05
zG;ghqS#vO*$u|#dwZ&l;{h=p2Dhz|Iwo7T_3gf`eJ(;y;KiKo3c-|AI3#JV~*ew%G
zhMN~10is7BMBq_VT05}m%Ctg`T*z)1u~?3=atRupTC0!<Ngs~0oujR{sWfUgbuVu0
zXUg~U*SD`96<V+-XKPd?^vpI=otT-s`Je`r>P3cL6T#`yF<C$+rLW>$I93xTr7-w=
zUZd}U4IhJ$#`?Bh1nTj-2&IAoCqVp-ezYjwcm;_I-Qigo!(G3PYNe5*6(#dKz(m=|
zkjPo8zSfT&0hr^N^4wS3zNhAgwH4NO&H|q%6kp&UpR#_ez4RiWE9F_#L?qx}H5gCU
z7dZ_F3-rN8D;Pdn-_wc=#LV9o&ez9kNCwv4q@Sj^VF-Jw1k(*Zp-c4$@B+^3n;Bn3
zr1yjZ!t+W*Q%A0h9P&$}IK#xXWmg3Vn6Y}1AhcpL1qoMI9Ia=;>b{f}IPi=<8PvBi
zRal{CVc*`$Ik=M$8@9n7Xf;1I?{eRZy$l*u-CE2LDz6MS?;QJ{q!LmC{ufq8Ay8xK
zH&%vhqMISqHp*pw*btKN4y)`EhHlRL%Bf3ubN+`De$$Iti8f)8t)_87E|99EMwj2*
zldI>X1>v@>B-QV=lsTI0ugZLw4{qVeTQYl7+4Xi^x-yC{ayQ=etJY_^@1jxolDg#=
zaXn4?vNG+K`za#A3wCx0`0SQa(dBk??Xq5W!j`0@8k_m`xm&|{<|mC*rqaUAN)or8
zy6@HvN>--{^imxOC!abVT<mWGqs63JJi;N5gp#4H`Q06?<arRc((;v>H8V3b$MvP`
zD=9keUnEv|sQfjT0TvR$azy>j&Ae<!UhBi?AS-4boP<?sy`MYIkCX;Yx!$%R)G}+`
zo7{DHLdY#Q%wzHf{tat+$io9;#u$t3VFj7GB>x1Y@#B}qMhx>YcOaMZ(;VxRoh`%s
z+N!47QTD*X=qqi<;vx65NYiZq9QQ+BT|%(+Ie=P3o3)d?F{7R3#?FLsjO}<);4!Kk
zVj3Z-9jG7^E{&m1@b1CD6Ao)XrcmE>hP9;FPlW#xM*Is$=!52SSi^386@dj(3ig7b
zu@R#qz##SEIcuB$R$Y9@^5HR~S9>_k9XbF48H~PS<vJX#o?wSoIeRyG1%TfHkHE+T
z2qTxsU9ZuNqWOD}gT4p>?`h;5Yaao_pb__zvdYAb7#oyS9}TEes03q)hL)V2fpD&0
z;Lqc`kG-T%OXy5RFb>4u&b+KCg)E<IT6BR<5MbTSu^(z%cPY+nsjV{^jA{XjTFJ?~
zw7)r3k23*X>8UvNIR~g>hai$;VbjwsVU=80wgCX~GU2uh!x>J$c|8T#Hxg?N@m^#3
z047XO@P)>VP*um^a|qX08Z;dSfPgP)YPp#4-v2%GmqV*0xSg{-B!%Bi)vb5o&J|rD
z`c_jj;l39ay}chBi-Jlvd20XO%p!C@vQ^ls1?y|hA@r0ydzVX@4bSxj;WsAtL-AO~
z|I*S9@<(&YP?RlUc-al#J;Tn)9c}kH^Z&&dJ12J>{wcYGxWy2E&O<~DO`Lh~55wp_
z`XvSZA;SnT<p?yi^i`m0fF9EOTY!Em5Zz3<`=|7f>8)W^2pGmFH5WbxoFJC=U)CVh
z_~)FU&_Dc2xOh<Wz#PB<%krpYtaLu4K+~Q6G4z<FM@J43jz6S3)z6i#BwdA~8%1>{
z#`C`<&7Gd3xlW1y8(gQ9*Oi562w;KQKa3vAbENq5KV+-CDHd^xR)(m|QMTxE{j*lC
z=W7-Dr)yP#0FwIubE4jtp1=GU&=jZtG3C(5YpV@}c7-{{H%@nyF@KxLG@UayJdOX5
zDFu8|#Lt-i;y7oqLv<3Q02yfbAEzd*^Um;tKYYE4zaiBx1tDQ*M$rG5o$0R*p+MU)
zeE63g!&Wr<G`#yo`~C0uq5x5ZCiGf60^)YTzuc!_=iiC*55Lp-mdVmkrPC4wb?iAa
z=`X_MWA1Z~Oy0jJPJgq<|3#?$hi)o8DoVzhU+NF!A^ro#pFE_KIX;h(h|ol{$l5vg
z^?$O3`X3!zy-b_dTivR(Au5%3fBzy1&@}(&OfdA~OTWbSQj-45jp2VDe@vJ{nJg6`
zDFOcxSuR;_9vt&h=HDSX_w6~^j^Yo=cK>~k`ws(PlAJh%H98BJF{B82{}(d`E5Nw@
z<aZf>pU$c5|J|OR-s1Zv0+%9V1e@sf?@)Sh9!d-TG?W5mu^brs)&AqVvK4%OwEpy>
zDf{baR{nEQ#iBp|?N5(p0h+4Z4vEhLw5o?k^eF+OqP+h>tU#w;nI5%S553s`!<%YX
z$~;Nq6EV0Q*nV%D<MZ3$%OBnjkiTd*$(apvr5<)gd9>&l_KywG|0dxRD3ZKq&95_2
z`)93X(Hkbn{|_m`F8FgT&iGJ*3P3IY#{`C2_&gto{=<BL@$VF8bvYXSF#5kA#z_+W
zFc<#xVdNq76^Mqs7A_OY(uX-M?ApJOaOk-b$d({~_>R9+Ah?Nvz~*Zu8)muxBm|xt
zPx=0TEYI;53<Wq(%UlUyj+4Xv+chev{5;M7@rU<K8u&2rKbBEM=RL8He|YIB{>AD=
z$psA2gXCXz^|yTxHQV{liTuNzW1<ekQ<S;--YZ18fPnL#oP)oVd3?}hcb0!1C-D4n
zQvdLA{wBLSMg#V#BDCeZVhbpx{^vw~P`QYIR)+Ytn&v8^7wi9IJHNy={!g~^`R1Qi
zTmS#dc2sW7sbnci+_7zYXaZ=Ba?l+!FhqeVONKKmQ@L)u`}nQG^D^M#OKJkUArqiK
zD+f>liflFe$qY_FJyZd>dnEH}!M8+r!N<abo(}mILIFiiwznmWshEEHj`5X2fz>jZ
z0iJHd5^N2KKYIjcnX9g%s_JXlvn-_%?UR!|?Ipk&RRp3oD%r}pjK--9ts{Wytr*8=
zw_~aC3N0*`siNgXH|J&{<J{aTNzPNWLHX;p`jw<L(PPjRUXS*PI9EC8_f1uVWF*(y
z{uVG{IFC)bwaiH1f06}ypeDd^SswHY!|q8R16EcR&^ygGniopZayEWa%LTg<_!#un
z`#_sj4_CEx=_MHN)7xs4uPtV|?5)jLR8*)+0~3+kmRG3Mi_Fw95;UOC8#y#5nz+t_
z5lGG!jbK+fWn-f^9lQ%)0PrZgdT(5v$+Vtf(9j1MPZT->1@OM(gTe@XZfyp5%5bS^
z_I$fK1R>zHfu@ymo2$9p`YNfV)$MpI;M4EE%HKaEh7w%1y~9aB4syp8EyhrehcjHi
zUkA=P&Qn}<&H*h_H&14i1q>FHeO{1>7793R87L`o3eMTZUk!iU8b0s^y!KIpO2<vT
zz6@DQ+gO=qQnSToI9mS;$cc48e0+R;d)uNoLM(h<l+ixfntjR_zj!FF*k|9vQ^pyU
zq8FAq+THduJ;p)-%oAmu?>4{EJ`NB-4Ki~9^|*yJIb<DUh21hYu3O(}?sl>qDmWs7
zGYLa?{`ac<0zG*VTsFPKsa|T1?(%ntpYx0V`nC$^1!AqIyin+cYvi$a#YhMG*OADl
zjjg?4(42^tAK(Kd4<#UH(I!a2Z6*hl+7vhp2^)JhsBdEc*M(|%h-Gnm8CtK@kM7Qk
z7a0aupZT=I<K0k0OWqWG(F8v+fl~aKt96gOViDbyV0!xQO{oE%<gBuon!>c^+eFz?
zbK%P3g3dc~8F9)yTBSf9Kzr(}J8eCCYpyjL2rNo5#Vlun?xt;LgFi(dX#5ijFo!;U
z>td=(2N;H3gnQr<6!koWt#HQB>e)FuX$dP`vj5vFpd+}ff2UX4O*aW4e-<Mzph={d
zr-zai=L2I8(ZIdm<t*vB8j|~uIjTJR=fGlu9q&|CCqdAq?A2_<7Oi(M=34l2FK@eQ
z2H?Ob+x`5Zg;uGu!JD~78wA$3?6O6uw|q0P{a8v1vSi~;4^OgQlT96+Tz3EGENvt#
zO9O7>jGRU8!q$s-B%cMQGnW8$$6^1o%z1KHXQlDLNw$i6*w#3;ENWf&>&l{^z}foQ
zsVwjrQa($!QwGg+mkwMgo0F3Sfx$@>$uD^OuPQuL9OFs;`%35y6$r_Bd8&^KT}xUa
zruv6sbm6?8CH!+MNlFN)xJjV^jM38>D9)yR3EiZ2JNq27<_<s_ec;6tBG-dNuggbh
z*km4@j@ou+fvL185bk`Y{)j3apeAt4y98)5P9h3_Xz%Ux^j$on(#dH_{C*0^BfZo0
z>zQD<%deHUePL1Oic0SA>HRTpcb+d)HD^x*fw2=%pn!Iav^!+1$b}|2o0!w^=PUzG
zaT?HWO$rcZ-y<PZR7Qho$}0I40h%#hyzqLIoF)IGZOuYGFQ5umIIKNjJfP{I<bHaP
zk=LoW+s0vgjg6lrV09-SdFmXSpiZZcQTKv~D5n*9gi<$O6<}k*%ecCKoum+mLlh00
zmuo5k27eoi&L$u%Ma=+#PO)m#u<86D!^liv=R@4orAjKrUYGE^9=lUurPl{$(`hw;
zBo%VM@0nZ?|F(G5lOzD3aakf^D0_(p&m96`_+Fr(kf@xev4{{%y7r?6HvB`<nO=5?
zjbC%3fGOy!oVsD9n|II$bs6~1wQ}}_t>a-Qk99z@wP=U~IQMKY50X7e4-02ffql_r
z7EbR6bJ&??XR`%!VRw5Gzl3WP@#Zq$e7}NyV5-gC2nLt&eA6GvO#%f`oXUkj88kWJ
zh;E+DYCJYi>IjkGOzAlJuF_n#YeruwS87c31XyTQ%ChmSEmLs5P6X%Mk)|8a3>OJm
zR`<ZLmqv*7kvoY3T_xZ|EhWCc&K?2Ki<u1pcVgbeL|6+j5G-R6RzACJ?Fk@%PD@~%
z&!d7ywi^MAsuT9B8YLDQWWqvy>-rlxx0}1qNmGiB#qYT7bS>o+lSeNh0ajZASzhr2
zfPw*@qv{J_JgQu~!`C}%>aL?fAbAMHB1BnKA57H5h6p_WX)xtw<Z<Cx<QLTLFJ-Bq
z#{j1L!?TUU^=8BXN2!+$of^c5x?b}4X*WK<hTeHFBZHOK1otOJ#lLNWg(LITXZAM4
zReehJKqs;Asc1AYOLU`UIgz#;C6C#l9NWs;ZRBYajlLiDo8zb6m=%M-_^3?$?kvK*
z&fC4@o?)Kz{#1L58GPY8fh?zsfyn3CtApj+aSr41qTZunsj5ZL1a_#;=Q}=n{5e3=
zH`Pm_%w><#Btp}^kd3Lr$_?;#dchS%Ae<1nZcrSg3C556cD!#Dw%_5bsQ`J&tXTHK
zILbU-v8c#3MBF}b1>rcllcBc>L^c+^cCbzMH>y@?jROJOH;uJ=r>JD0FarewVY{6=
zw<@E^b?XQVqYKb2fJsUmciomgD&f7ZVBdWEq+0ao`X<S}S;Y6V<Ly9eBtNvpfETJ)
zB~)<<>N&u@6C)HMG`UOG5*9L0qdOq>*2M|7ih8HSJi6zruHQ`Zkg%Obd^8)FM(H2D
zY0&3iSKPX{2|%Yh4UD(-Wp!Mb0Mq!<<FPj{Nlq}DPb*>x!&x=6EC9N{_TUY4c%izV
zz-JZcl=JCogx9LLR*1M|vN(w8I)G7abDEzu5VlnQA*3UqGAR~IVevC)YmSsZ1jye2
z{CEV5x^k{+jfUNN*H}#sV&}c*RRve$RPEUVv%W0Ph|h?>1HF$4ZR}QU^V%~l_l#8m
z1WHVicEFl)#PYF(M!FPP=?><}%8rz){ST67fi<$`z_HQ02b}fX`A+wT?}mU#LT|kC
zQlu>@{)SDMr^eh9z8Ep?c)*8O0f0A!3D<4^C`lbDy}##3zY`%TwD5Hs9i5h!2;A>f
zMT4`i0@3gOk(3EstunLUEr0Jtvh&f(XAfp7U-ae<X+8w-#$McZoYY9aO&}c72h`?`
z*Ng}9au30|Y%i=Xz?FPl(d-?(1_DC&Kr5+OD*zmG%=`PQuB?t8h=)*4=+@(958KSO
zX1)l+^~1Qmpba~qtA_AneYpQs;nt##ydPSmCT@+t8h<BXnB0!7__F^tNHpcEUG{2q
z1qO>mtu>NFu=U|MX$N31N1^idu`UK(6Q#>{<|81Yp^w4}V^8{WhwsftXMnkv8n>@0
z!1ClGCLAgFh@IlLH=?36SmOaF*}ctc^VCCONXC+>q&qGGmlv%yv|ib^UYfQafX@3q
zad^gBFyHLtUAUd{+9M6V^3KQYneL{~TQMiq+cbkkPvlv{2Vd8j@4(W+N{EKbM#4Gv
z^q$<o1>c0FYF5y7U$7zi>O_}Jf&DXz$3y-#j0-r|ZwDpLmMzbeUpq;67{Q6XIwmBl
z6U0QH?^c(G*Rp$fJiPk;^y9)EwuZ0H0IONXp}gs6cvD9Zt*J6U*#04|{H2yef<%&l
zbMI><^Rq~HGW{u&v4#Gn1pqG1GRcUuXMfcee-h~o{F7*_JQo^Sd&27_1wkIJ*O%2-
zx@kn^x1oTe<@c?XL$14d5J$Je0XQRUw-xVHj0`ocH?)c&l8vt;Q13a1paQE(NwJJC
z(YG`W)Md_Kk0u}4V^67dcyDR)cFO3fIM5fao9DTFvIk@hZrr|Kvy_#M7LAx*n6%Ra
zcBp6-bB_6&+qG9(s(?@14A7<4FK+r?3{bvVMxE-@b5qdlLj5z6vkuJPdFlBN?|QL3
zG;pLfMV5;HYNox!oPPD|SKh6ldnz9do`g>n&2cS(Ee8-{3OhicI8=|lA#S%O#3<e_
z9Nt)Vp@>A;dJ`}JUNcR9P|8z&MDr{_p<qQ+wd8e@2$|{^u}7;VJ$_IM!ncnGGG9I`
zKBLPUYN4pmu9*q=_Q)J#RKxzK)qDFPM9jhI&lG|_pghZ?DXr)+Jqyxdv(PFCCax+o
zR$XZt7DP{XjCSDLts*qYe0kW%<t?v0`@3xQ3U#j|Gb~7$&Z_H5VPo{V70p<hq*QYt
zf&Jl|7P=!u^HX;}(uWG)N?Ae&*bp0tyw>ONRF+2+Urh7h;>Ckw6<^W73cr!n{cB{`
zM^{2jTm5npzarObx;E|6lGr7;;Q9!bSY<ukrtykRqAaKFNG?Ibn-JTsWU=&gxh>JI
zOXY=^Evt9K$MI42wto0VZpS5ex3)vZElkx}j|5sa4zC_eg_=%SwXEzOl=3F7ZHT-*
zy}#Bw6;KJ_0`qAX1@Hk?&dxl|Y+*H&1bR31B_zSB_KKR5TMXPN%|0!Fgy-pf)pvD0
zm|Du;;_KvW+(G^|KaLKX*7~fw-yN?o>G?r7QZEdQq9Uz8yfn2WU}^W|6u*38T_fpL
zWS$h?y8bbA#;+QMX(VJ(b0q(hZ+j1&{VU|D$aKJF=NyKkp0T>g&+hScI4pK6_2p|%
z7+~U4u+>xyVGNCDkn`x|uK;k2#OHY)*TI6Sc1a@N($*EBa?~g7ZN|V5F}`>!fBb{l
zxp0>?G7Ev|@7QRSx?fr5`Jm?oS|dK4nYvx#SKC!5O(SJqo}wpp%J|owyLjvQxg4kG
z<sw&zgf7?nAHbP%H_6^<>Ar?_J<+hai4-r7-I5|&Z6%~lOI5SlxwK4enNS6*s+nX@
z!*NP1OFD*o9tH5518X`w>O0RVbJfe`(VVseKA<E6NEfQb4%;9NGwopMa=Ep))}w9_
z*ocPK0{!n1fBrVKc5~Hx3ksxR>l(s4W)gQBhzCR+>6W^l?3xEJDJv?Pp?th0$6_oh
zyGBhH@Wif%jwVZS^Ozk5)tfB{+B>T!g{=t`RZV)}mAVeZ#3qq`@U=908@%dGVevru
zQyIpnQ^K}O-V0Gxy$MHsqhi^@I2BMLDS|)knY^}!rrCuL=N~Z-C2@+!1$Mbu31x&C
z1KDT<OMpkVB1E?}jLAsrZ9#6jd4C70ki)vi8`e{`h^duux3?ZYL*vL>lVqiO4Q#Rz
z99(sTfk(upl^<!6B)Og@Ix<sU*9+6j*Cp&gde~|@5hIi2_wbfJorj>z3pKy$!B$c>
zjjtmf2+k0Y3%cg*n)T;ImCYks2u}`|eS5#Y!xZy#9Q`6slcE?-uu!E489~wj#Hs`w
zA3ht!g6hF9nu`M&uvZ?3FglREw>hyYI{G{?Vay+>addBXkE3HGyk>i$bAT=OnrQfa
zsc6n2#23#9`&lmrNa&O_<~P_Ui`ws3hV3*z^R7RmL|?5S9fDgs`IAV+sxy&3+5a!@
ztwHCG5~*z*u{VH72wKR?9`QV4fXr(1)~~JinDKlJ8BX0wGSFvr<^s~H=Qm&Juhb2J
zq|$a`WvIBcsy~wbhnA{WZO6FeBU4a1-<ZQPSeig;*TN#~DfL*cmX}#&GcP6<pfh0S
zlih*Uk(ow-UdzY=E~f|A(~?wWM~d{R3{>%X>tcBWDWIIpS6ontA*WY@se37`KaObh
zH!G!M`sXX-)<Joq7n&_`W%r89lOu4qvmY_c2=Q0v{&?X)X>1VqykgLN?2r$eXDrjB
z;uH&0{ay5u7H>p$_YD`338#fS!2*<Z&g8hNSV!>>pn)Xu(-(Ytfp(Ry#+ipoYdFia
z!%)siS<=Lg#o=24Jh+hPCa%$=rtb{rshR-_ln$#Q9bQMEG|Fzwi8S5S&}bia8rd5D
z2oO?*AGox1o_v*LEV$vlt5+8E*A7?#vg_EL7Ycr?^(_;Z0wi>(o*$L)H#7XVzUU25
zb#UjKt-q0w(p!rC7|S(X)`LZy%&iXlj%*Pgr5dfRt>8=0qp4rF85||nwC)f~Vlilu
z5;ty-dGSbM!r4^Y_9`?NQNRgot&|iAx5aG$=|mANDxq@WSiIFTh04i{Sj&k#>EORE
ze(>X<<wOR&=e7#xLZrL)uo5{LOuvlZ5`w|!nY{$a?4Je3%veNQ_T^Dc^srKoc^bCo
z_4iv8R^t@nP!n=qM%6C)k=2_3>gT*GE0xtVr$OBhWOUY`386tB_NG9}gG;N@s+}vh
z7qB=CSw*K<!m}(4K!G1He&jGxa#SFq>v`hX!w^dH+B8cyoGXllMnhXRioLI*u7u^X
zIo!-kxpKS7_Gf`^)}d}+dophhRgV`amU~wcqWz=dgjCXW@6W|;l(3}Mg=#Lz7aOwZ
z(_JdBb6F{@8lQ3EDFtOv<Jd_pMzxr4B(_lZ;J?<`vFl!h(ewT1u}puR{Lj4V+ETmd
zb<RT$QC>o8QSAN@#ec!Y(O^GbhOke5g9{zyuo!jhDYv?cEvyB3i}M~Zbu)Gp-yU^`
z87Fj>#)IKXJ|B<-4J)=x5#R^g95yxoaS)H^@Adw?wOTYgXkjaS@_4J2j<`Nm&~PDm
zyk-F18cUQCj$MJx?m7&2&<xaEJ~#>3wxYw20KiiW$}2Vd(|E=H7!A}bm_R1GeVTO~
zcpICqYSPX-!+;`8abu;e=@sFvL1x4j7Qt`S*IzmGzp|A76~tqrCGZO{LmTuLwTiB3
zYf6tekK?9UeL-j#>)J3N&LW2ZA+J7nZN;naO-sZZr<Q}W6U&?-U@|NaY#OB}u`tTf
z6?MtQtIV8Y<fZj+Nv276ssX5S4M?zmq6=q~fZcqYbkgy6f<RNTe$ftt&2`|L@RENW
zQEV@Gnl!XPMAH3G8XRFy?0_*WRd#J)+GSy(1Pk@<!0^n-mAn2D1$eeGf^|tdY$=*V
zX?QYeG3~>a6o=B5d(t33Ks;#MCA&qb#e1+waj!UHf#(iRCcfT^{CK{$yKNRNQHxwl
z-H9uxF{Fl2jo>cG0Y)Iaf|mqM5>PvBl9v{j7<|kj;~)uliU{Jg_uD)UeJR70fzCG@
zPG=&tq7NKWL7>h`Of1q2t;J&jDwcASKLC<=J~{yw6a;T&(;}+OEILmIAS3wnJe`tR
zheHdav!C<WhPOtX4EgL&#fL0T>f;b*yaghbV_lk-Q(aXKRI3W7vyNwc+ie`X+_wvJ
zA!eP7usQ3xdoRZv{eP*D{Vkcw@s1kc03$*jiHKXQY&11El>o81i)5Flq8i{3J|*t|
z{s6V$dBapbXbuhO9o96Ef}=?SU#99p#snnc_CRN;&Yyh}bcp+XJSC?iJXBSI7tBN4
z@RSL+J#$ytKF5n>*J(AmB{@{->soGJbYbi4b$LKj@mZ5F5paxc7dn*CI&+~BOZp9d
zQGj?>&f}7WS{rK}4VK9RrYg@>b#B4{zdh6E#UmW1d`iJe`dG=m`oQiVQ5hR0Kxn%e
zC|d2d#dl3IU377uJ_GBKn&|3v&;0CUPqt{f<kgY6D00!fzK|utO^bB?@aj82L53ZA
zH?7PaNH;ziCbPaj7w(p@Jt#dM#T-h9M5}1hl+0N|S8ut4`|fkkeHf5+?R|UkA(TfZ
zm5F1_iNE;Gt}6g#whK)S-kTgY)t^a-lL^4N4m9<;kNjvVlpyq{0f;Z|&(^|M*c<BW
zIs8P1>@n9fs0^5y+r{#6#}tR0&|Uh_Rbb%)3(bO|czK*smwn5QwcJxCyYypGZxwWp
za7~)0>l?OlLRaQmBUFlwgwxBX9BFkaKGnEcDqSPze9+nNKK$}=xrHWCPAJ`FS+=bT
z-Me#WCxd_2yG?QEunZ4nWzC1;Lmx{0zd1augI1r(Y?J)?`~uyOTN*C)mCuoQm8l1b
zt+Zb?8E;WXr*<`_1W1;TUVV2(y|aL_fJUx5QiiMYc*}8o=sN8fXw&x*sc_1;@S|W2
zls_()#aQwb`C{~Diwr5p@?m@Ot5tZ373^8b(5nF36=6k=oIJ8qAOJkfbwKopNOdEH
z^9}A@0drQ}W>!{(yO^kfbBzhT+>ZtCRV$!Ha%Ircp6Nkp^g(3`=-IvKL~P^cEr%l<
zd%Sb)^HA${OaSH*&D{_i$u$Y00nntkTc;eEaOj8~GHHt(gl(d#bJa?_+4{ea{*;Y;
zpq1p$?xi2VE3ST+kTU5_f&0J{tx3kBd04|MqmuAuK{{EQ3Y_J<oXuNuBV_|IBn&HW
zY?!r(H%?q5h+7H-C?D#1I+0yM(g2<f2kS?=PDN|9?wruq3ebhj&*WbtHM7|6!B+?i
zSp~d$i!4`kZ~Iycs;*gD_=S@2QEZGr_paD1!S_ePPuD-VR*d5xfK_-YRxh?xX`26X
z@co@5YaoxMVF@kBMj_Z`z?{O~5Fvc{Q@<q4^_|*DpURT+$<@JcfdUq)gV4?2ddPnt
zah`JzD21X51kf!QQ-$~@@H75Dn*C^=f=-GekimR7#CGn-^{A|XZH{-Q3(!<ehJ6UW
zm2K4TQ4=dyIjmc3J%NSL%PLqIEnfX_+vcN(((PKHbCEdT?jpnVkUJyhfwhOd#LHPJ
z!x~?@V3K7M`M1tW5Pey7$Yjz_yGs?*o`7}_ysm$qg|u7qr7w2S$ODY=&iJ66^x@wG
zKAnI#Dzsm*TA`lU3#Zt<76*0X*TBZ}rcrQvjjZGFi~a%wDo|W2f&bqHE*e?DX<|_C
zdmz1Ryk6*yD8R`Y`C;h{VM;1_`n+)nMr`Bc9h7l?;#q9-IxYFGe+l%IYGHxXEBO@~
z?r*rX(IGxQu$p|EI%1Zsl_3HzDEOgD$EH>SVE{3Db@vgm3;h3L?yaMuUc0w(#X?XN
zDN#c4AV?~RFmy-=2tzkW3`lpENQWRWL#K3imm)coO1A<-4Iv;MzV~nh&-wno>$iNL
z=bv}2S*($BnEBkb_rCYO_H{Mec_-xaE_9EQX5<*O2FJ^P^tsxVXPx*t;f4r}vv{Ev
zapM~^B4lL+xZ4xLo3I0k8RY?gB}?l9?@G<8n*!+FwN_Clo(=@&JwI1+u8z(|4z)nd
z%xnlPr<5|=lQ}i-REc+59F-5*&B&a!arVQey(uy-@Fr+*f5ebfHY#2M<+$e#+7gR1
zq7>{5sbv3?zQ5|2sv_?^hMufcuqxZmfgDh{*HE|ZpO(nvF(MX}HoHTu7`Y!=APK@M
zTnpq@Fam9hfZ8>b>UogxFdjK)Cg{~^bJ6;{vX|lI4D5QI0$ObO$oAEUeynNGdV%{-
zw`XRt&78R2(s3LzL<<!cmTi>feQ;G6s78~810%9QpYv?r)b@m&tJyL^!;*;I@oxCZ
z=WKvwF4upw=KJ;{f~Bd>=V|oDlUuil>Ykg6w?(C1$-+joNuHyllNGF+?GQeCAjC|R
zl`6<0f9pzgfSBL9R!{Xnc{lHVTuEz5506_%>-e-PT4l0qYZzUUaL9d4Nk6SKOD4rf
zzOC?f52*i$*~gKg;c^UBI`MPdKW{J@0|8bV(qbY=O^Lp6dcv*8FZs##;TkTO4iq2n
zB)5=$-qt}FuB{X<F~ju;e~4oLUfr5r@2VWPt+y4lm>#W5F$l=cKQ+JI2X!mHaX064
zRg}`no$L+^LIu0awD3&>52AUy#Jdq)xHQbVLXpD@8^#8;&2nazHPdONti@@FdulG*
z3*&04eA)Yu2xCAZmi8{7X8{K#;CWFFgcb8`q4%bQ;sw?ra=Q*W^i9PjB``8)UdkMv
zqHb#ngicvFqJk{@l}0@!r;V6fCade7rG(K@WvXuLr7R$}mrW~*1KV)c15EB;>i9zV
zcq}<QFHyXt$t&4CU~V`N1T0}sc#YOr@P0Tgt<cEMvq&F(HTvjdZn!dLKSdmy$&k}&
zwr&B@<QOIuRV-edTY}>oGgv{~4!Sp@^smu#D?!^2WPps!vNsw%+6Svb8LWYG7|byz
zOu@w<50h#MM|v`1zdG~#6*qtWK=V>rhg?;yk9V<#PUW@p{AZ3|cLMm82}r5Mu5YrN
zI7C8=%ThtdP`eSPxy@v41N8D;j?ATz=%7%%Nk}IzrfJ~agv-n=jme1WwC9C;_xlB<
zdwQI^gio&m0U0B6tGhpQ3KRn>yGZ<$Gb3-*1fiND>d84v+2NB;yo!3AvD*}`yC@~9
z`_`AMmx?>mE|9l!YwtR5Ej<JJdkEBbO0Hu13z;O|EQ8I&F5p{;a5m!KF-BsOjIrM~
znd?cUA#NA_ZpzXeMnB+)2tlY|@)+DRM{)Zr>Z)Z{Y4SIVSf)U~arm0V?#1AHT?4ar
zH|Xm?BAPMlh3<BfL?jdbBVTs{v((7XVCygkiv1OvExOi6gmhuV9=65p0$ssvyf4xO
zL3JV1Y#f~hsy9Be4?_i`VK$?_agpJp2X=%=_4*?Q4o9C_i*?Q?Hqr6i4R$SR+$iFW
zfJmP!q(IbMA*^C)v_hITCE`m0PlFuT1!+1#c@zp?h>%^e6-l5o2`QmgVV2e$Nb*dW
zcrHh?j<Y{oL#^c%Dk|S~f9vj%#y3LDPV10tJ!&$}n5bB~6$P8x`9`*WhqVOmlD>P6
z0QCA1;KK6jRZ3>5#`p<@KD4^Ft%g32bxQ||u5{y9OI{!5mUM@Gv0B>F{^;`ssQEca
z?!~<swY)Cl*X8Meqk(sMEv#^6mZPpS&^>bawn#2v0R!JgX7QL+F>A0qc~Q9?(vO|E
zYD|E)Hbv8ImxxZSJooNwrcBCwy!}xR$E<z)imkUhE-0rMst?+aAwi$t;Is`lpeLj}
z*;&W?OG*z*AlGx`n_)S0mfIxl3NDQ6hsCv%jrr=Y>jO_kzFo^c5_xl5ZbQGzOBT{9
ztI}^UQG5gR`HP6EjIO!bktlY-VnPB5A5bxz-T&k$I7~uc)IT}@x!?=tE;6P=Ls?U;
ze}S$BYapC_7=hK7C+G-D5P}cfk~K}6c<J?qi&ZNY13{&GBm2EhbHL>^M`mpqw|Y)k
z6%1vR$XmDY^@C@`V4f7FUJPB#LHBwEu2p#DSW5Zp$vF~Amk2_zhcU1Z9b;YrZ(I_^
zeo+&Z&~o>ml!C(w%Cv3nY0fK#F!jOF>9T8evlThe@(l)M9wAMRM-Q2GKL&Ry_7qI;
zaZ;w7YnGxyMYt6>HUP4KM&wURq0iY`20pp8_1}D))_?4*O+TwRAm`a*%M$C~h}xd(
zilwO&%-kp%Awbt6TSuQRFMUZ1+=)ufUt9A^u-}+{UaHa*nWs_`!M!Y>+!+m6sqlet
z0rxj&FQScM))Gb`f=cpBPHIalt#Vj{1@5|DB*9Bdq>TaGTfXdT$N=h)Snh0winyhq
zdkUhtdGRba-U#!#%~3A(`J3HXYlEzD1$`uq5)u!(%|20B`xD@0P+SAq8fK`XkFU|z
zoC&#lO_1wn&i;OJ;9ovph8N?PRt!xDWkZPTNBDH0pT4&sKiLp>VvbGCv$vZ{`RXc_
zz6T-l;)VS&;-bN1>G53lmn#y{-YmOiwA<~AymnWS;#^XIC?NeZ0TrTrk(WzNbIi2A
z7y(cFL~8I<Pg`jqmr%2G-W`8#_tgd%x1j1@^npgaJpq)8J|$nmb(3SjW+*8!zzJN&
zl8x>r_MUxgHA8FI)fEs8vbG%^v(2*yyBqD^u=rKr+Mgx*d#@xns`kX`w5KH+L{2X4
zjm9ZEIsritaTGJX_-3g=4~6Re+<-itti^4W<&shL;BP8rMr@oQkw3%e<f6h=Y<a&q
zoRQa-o~54HYYA|*zmpO?`@z!GmOX0;&!r`3p|Nbap9OC&n4HUt>$|hcmFU{7<iUd?
zhsC+P1on!aw`x*XI@*W)s7re1l;*CZRm4)qkP8b#?gdq|w{!w^gFkj@;&Bx1+m!o^
z)z~Lmkc`VDu+qbao2_-%iljhX{l-9eg7&Cz?iJXhBCccaDnt!Z6Su!eZGHc4p6sPN
zytBPzzou3wpnL-`COz|FoBvCLyCevZ)Wn5!6o3-ykGB>+Tccfy^#{48fUDW*=}@U5
z!K7LA*io<=G4Wig?7SI%zz@6SQQ@)n27w;n|7V&gqkjNdP-V5&2#BT%{srSpX6rA9
zHR@J>Sf++B*Nr{hcOunnc{e!eXs5vQ;ywR^mFi7&=4g?{mFj~!Cmw1Z=y%8wwrO`9
zWDn)%%Dz6&FtujGnLu^^<Jl7vaqPt6-eamVZ+sC%NXMpzTn2n0ND91&_zW(}q0i##
z>Hd0syuY5ZEb@UHxWDfGL}#<hhRY=`y9P3feBud76-y$KjOSGzeFzvVGaeLa7AX(&
zATc-Y+aZZ}wbRaO`Wlrm%h9N~d%$a;c)wUey__LOHjR#mSu+k$o8Buj5y${^&{D-O
zwyVjM908svI5$kUz18(2&XaN*ynuqq;*w%aQHX{@Eth+?@|%9nle#+1{ZGbj8pQ1T
zW{Gz*;yQ~RNpEMZAH<BxgDT?GP#)QSWNYns(~4P+LJm{n2fm{r=JAhcrtRejf*-EP
zWoGwRy-6RI6SAj6aFs*dyCK4QQ67L5xjn=wjxYviItjR&;JuM&`v=wRL>!K$fs+jz
zS#;87H>EX)@ACa?4tJj2Aw?%CuG8V77J9t|tK>-?aSPl9l1+qh=YGWkXU;QR_F@Z_
zX?(!X!*u2hE8(-J0`guO4PochoX_XN{kN>9^5yS-#h5v1BD}Zv><KCX(aeGwey^jx
zUAdoY{p0LMxp1;aQ`8IOFF;V$SHA2jv;Fn_zn<gou;j0Ber0qLh(+XSKcZ||_Q`BL
z{tj38N3LTVQ>C2o`SrC)lBKN=5UcAWzM2~uEVtVtxUdU_d42D3?9PPyPm`1wuQ+Z@
zuzJlYqpxv)l5&vBr0U62E)r}}WH)<{_rH9x7yq4H+fP7KtNn|h%EgA)-d5Q6&M3V8
z_2o?WF%Ic2ZjBrDrSdIo{^*w>a&(iZ;}OH2yk*?J?r^kAqDOm<dJTY={B*NQ!lK7l
zt+`=ROV#yS4fQMoMb#u~zir~FeZ=;}jJFl^7}1u<8>TE+IGQH?em;IGEbZrdaCPm$
zf|>UN6lZA(mMz6mHOB@btMg(piUJD=A>9WzM1RmOZw0uU64Sl{nQzwT(Jaxt2j7J{
z&>WYs?wt9buXf;HIbZ5sfdRf#6S#JATxY(h#;^bF?f&sv&ot(1wR`08V3CqW+kj+#
zN32rrP8_C`&3tb~oD>VQe~;j2&kB5beWs=&U#)_P=z%O;ifdDT5B*(xq;8*GwZZLN
zS0W!X<A|TgKV#0n-=|*kC>#(#0O<38JYBSm_<UGeuQ8Z)ry%-LtY0TLOz=*we~^*-
z&?Y^k@WMY_%IWm|dgGCV?Nx@Snq~zXPR(Wbw$54dn4Cy7SJp=ml9?b<buu!a^NlfW
zwD9BEBtEeYe}}vO{`r~;%ugopSG=Y;FgV@4*j7a(;FRd^r6u|GXJ3H)9|5U1%hDc#
zZ0Of6`A1y+d%XP6^Np&P`iYRyt%S%i5x}s#Xb8vswIGIKm;nls+8v7HnF##*8BWh0
z=FJ^iEbTl`I&T&o@DwGdPa$;%vp)z&3eiedFHS!6|GV7aHv;$orU=)ir6l?Z?=TKd
z?7U2jgphqd84myZiynpdS;R~K^pl8?amDG+@7p=L$}g43lH$P9U!OnOWiJAc?d_i~
zTeiBUs50$b`#ErlBY$J{YZ~s5A8$j3kC<)v?@P<?$vvL&^TOcdLQA}@r1q1bc-e_E
zOuvqIDm7+IIQoCMeX`XsCI?y<c=`xk$B&@=r;kt$<)u4%-V-BE8l46^&@;P-S*-tf
z%din5d()vJSu7A7SQ8jm?C){WV8#{j$KwKB7}trB)Y{2p^4ss!e;FY$^W&}4|K|&i
z@vw&BfWA=&t@l~1vKB8p<M$)oJ)UaVpH4LcJOeY=8o%fI@OZBE{&cQ+e5}&_k{Jjv
zQ`~iW9=-tYK|m_Z`iG}dff&i+V<qz78~PSgf#;&`?{g`EIhR<s{`g#4d4WTft)8a(
zCPjda7<Fn8Qb~@NO6O1KMO{+@7uESi5D^!S*~|a&1S5%&OEa9tBYK>3aql2qLRU~p
z)ubnn#qV?j<4Rxt?MnX_r*vvwu|X05omAanoCPID>H!VTKYApw=UCvroZ1~<Blhiy
z`LN`8wcYdQ0<IB@PfaU&Zpx7T_P(iCj-5aUdZ9O6R^$Nyz()g*a*}~y2R4f;<)$~r
z<By7AQA<Rmg6fbQki{}w_(EL@@)2#fEl#Ws9`@I|sWZf8Z>T<{w1&%PNRd0bfwalX
znYK`w?bK<1g0k_2p~#m6zrXw;=DS0Hat1cgu55y~Se!rcFcwmn<qvy|*+yA~02aXn
z!uB{IQ*|9?VBkw93xN0wVG>NCEK8FOi6a%}q96eq9F_%0L8s~^Qo3^p=oMY0K-Dgf
z)21v>HVsE1M^R%|qrr_Fq&On;kq~?qA_nERAh9O^oGYBq{mAcrPwaNW(nq}?Do>jY
z9iT-z)a}u+<v<u)wbmij1O^}vfX=km=KCjs7&hy4bH?ov1I>;7f$NbMK+q@M<UmJd
z{c{gpQ2OG-fnOLB{y+#Mt0LwArnUyYbEZXlww=Np-@=u<a9?vR1^I9?LwjKPQjI)=
z=cMU$OK^&yL7V`%Y$c0QE(-$P14&^SS44Y=oh}~AI5O$s?+x-@@;F9fD$q_|sv?j%
z@po~V$9{DJ<5z*mJth`5`LGF6#h=FQ*)J=keooOM5O2RC<O8ToeR%ig?@cQ&ml_WS
z1NAGu#fL^*Mt!tSbMZd|Iag<zz+a>R{+l)iAfWVaP|JP%*%ra9W;w0-KrSf}qiSDq
z7f6ytAP@C^M5moGv?&Hz44c(DQ@z0Y8<ZSBoU$Xw-1nCuaCURekrIQDn<ZVY#zlj?
z8!?j=K9vkF4|dqI#6rouS$^`Co4H;i=XUr+yBuSjpS&_o8Q!`v+m#Zjc}rUz*SPg~
z$^;&j>}x(6oCL6tHM7pQ0ZkM<2@kc(x$!n!Z|RRmJpA%C_2^2jMny!mJv!oIp7_{#
zzL7T&d7bXcbHAgDuxEd}Czgun6xw?}RxHkxr!g%P4JNGA#)OrkbS83!_!y9rtc-dR
z|Jgl|p!P$ADn1DP;-w*5Y%I=vIWXCO0l}yik>EJ1!U;s=btg;!4U%YLGa;Z;oDV$6
zN`gxD8MHe{c`m7HBzJBGk?)Imk@${fVt&opqZh(nXU4a^T(8t=8+>!^1|Sy>#-rqw
zv>*HY-eq{5qjTFZ%2usW%rjgl;kF=xPAP(sl+TU(d13<M|9@<-WbS*$bcoKUS5SIe
zkVUM&kC8{|UCiLlUimdRQ~Vf4ENQOg$ACIBQD+JQaI^OqqIX*WjMWF|j6K-kkcnx^
zJ|CD|)JDeF6VcukgHmof0@tR;T9xM~nA9Jk7XSkM?Z9gLJZs&A&6v4GD|z2meR;8A
zXPNzK#>^2A-F%=`@6ssfSfQ=3D!N~{6+L+1R{BALRNs4ju|P>KgeF)mJN=#D@bThm
z?$OC;a;*|slR{}@{o|Bd4<3C0X-#G~wT<3-*L^R0zX5y-oG%C;t>qRnIt@|mkqajQ
z&Rez1AlyXaptz^B6eIkS<7C9W&^r5iAc`5VJYRJZ!4P6Rth_G9rG?^*%FEH#z`j&j
zlT?56xvghM3m=!Yi6{V7*4K_a(T0F4`Y~V=6uq!BZV*h@<IP^;ye3NF_*DF;ou=dE
z*Y_S)eDubg@m9zOrMj(nM!mBW{A#mhJ+-sfN-fhHyKqoI)k4M>Z<*Slo{fkInSQ@b
zsG?I&yH=%)Mr97{3*v>oTtF<3XVbx0A^r`6JHEy305!r{ERlCByNv@&<ht1W>!t;c
z^()ciaP#y=IE<r6_YqariYILM%NlTmVq<QEL7v$^frMTPr)@rbO>bD|JE)VT2nP~h
z#_e*IFK}~JIrOD;;a{!a&%Z&f)4}8gfB<(9v@)-80Phaa|0Dr`se)3wW%gi%E&hd8
z2owia{(fPo=p38zL|nFFmbf=gJX5aKQ4+AhUrG(-3_<=*CXIXT={2A}$GR{WU-NRl
zFj;00-Ipa)fpb4D!hK7{t45i(l}UlQZi!{$jreH!k>E$sD<PbeXfL(2cEG0ftjr5$
z{aL4ZCNiwXZCn_agdwS<n^QvBxg6e~W^@I{*P;egzM38Ap8<3A1oU`KmO5{n?Ex6B
z;Z)P*AE2eHwUM!>29}Rw8=IK-5aMI^Y%R{B!BVHn9V7!lYn8xC4rgw;W|f9*zk+ON
zcPG4N6<o>Wcvk~SnBRfy@?^GZ&)g7JgHi!m&J4))_I^qh(u*dzFA1Nv1tzGk-nAxb
z(*f0Tp=Ozt8a{ZC9j9jk?n!`xO@sku*qi=Y&AjeGj<mgZ@!;BQS;!b~hS?-N8EcjD
z+LX@_tOHK8`a$pqD7Jr!F(0@&*WVq{r8bX>)ROhJ%9+R@v#zn86Ftsh18^=pI{E<*
z+rfH=VhpD(9mww7rJ|&Ca81mv9<S|4@v?M$J@-&^;(^p0Kc=99AXxR(vOg5ZsGNS6
zw<3ynS~M)R0!jPyU5UP0N8DXEK8+vK6_aMy4>zqEw_}W|r`lUVxh)kG$Fd|M)Yuye
zG^)AjTGStnRM=Ajme`K<I@vlWTOB-rK~6GloNf&wWqrB1s1RZ6)Mc)a*=y$<FSNGt
z!MeE^))Q_$>3QkeCy*r98wwvTF%VVp-XEUpgbZ7o(a&;RIystWu-flj@8f()HGCBp
zmIcLR8f$-N8sGn&2@=1)S@JFwa1mnsgu<IKARZyla54YB=3g^Sfu3OX5&L_IH7iC>
z0lX?~C1G>J$Q}IhvCB@N>~Kc+ZjnNuFKDGp1I;ioMuYj}3QI?a`wO7^Ed`TdQ<uXb
zQH-lFLZrC#n^%I`$HLJ*<=YH^UZ5d%5S@=)2=%3WM7WGk(sY(NwcOM>ao46(mpvdG
zh<wH=Lo(G@G8<JqzVFT@_JT!Yl1>Bm3hgjm)S??a9;imWBB%NF2;^Mfbdac9c*qB3
z5`aD#at)WY=5>qNPLt$MhXNWb<%#~+E-P2*AjW=>(nrUznTmJ=@PD@0!qzU3Vu2qT
z*m^3NUE@1=ScFP<?3}j+og|_^fFkXDhRbk)a#0wRYR;wdk@<wPtajst5OS{IfXmH$
zEpH|XIt&oCR&ucF1y)34h15nQoq~7|g?%E?!`y>S`m9Ozqh%hUAa=Xh&Z2P@nYIVx
zL`cn+*g@X!>v7et1wmwx0P#pBQ#Bh`hD^ytS7d`DpxI38VBn3K+Fk%|fR6Xcej@UI
zg;8zQuPu1*yrtvU+4y%#D1E%g4&QsN%$h0riXwfmF5ui0UiakzV`q%F`SPp<;#RP|
zJle_;TxJd6_2L)!v?hyTxMjwXtReok4WpBTGAWwWM{lMlnH2p%&*+0}oO&P-#}UJ|
z9iM5exe<$NGh$X?ovB)8<ZnN4Z~f!d5(bw}>p9SHDME`lT(oAN?h+S?J9iQwp79tH
zyyIsJ<uc{VhbAyE!Z$3^xeKA?AMv(NFQ;VpFz(Ox)#T;|6&Z8x1K2vqFQ<7o8)hVk
z6M5YT&O;~^%hHy3i%ixZX1@6Fdi{y!b$xF-=HOyjII<_un8%4M<XaZ<N3lZSr`)G7
z)HVQOdh0A+LMHO@Aqt=gQV$#g7$(F&pl#3AnvRyUY!xx_sa<3h&Ds00-?=YEq_Bye
z6ax~;Z<BA1)w{;dmvrg%8)T(Jw>T$2<aw7-qu*h)#Ne7KQQ)k><s66dU?rsNiYH)B
zCnatGhc+FfMHs}pVj0O4?+qKOh}h;>E&+|Py`bkumlk`7E-KGTCG>rde^@NhnGo)E
zizceaxL*;s>3tKNvMbi&O1}6pW(5Zr%&C8P!x*7(3$jj>d?qRf&vm$X@b%9l`_~K-
zl;OE?$W8`f<H5YNmGNrfeiR~BGpU!icVoT2_h5LK^&b4`?D~&s0JD)mdAfCX)bF|O
zgM)$c<p$kp@ugFMjx~p@cOf5Y$2C#=aIRJ}QLbW@=*YCat?glx0b0-Pnw1W90R-5!
z2@9@*{H*N<lqIc~y0?K%Z|A5zAWNW|Js-z0dmwbpHelzC>~t4^!*tcC<DkBUjM@ie
ze_19Idq7e}rue-?HUa@(6nb!U(~HNfu#9J$X1m>WyX@J{w`ZW$_GyBuY%RokA{~(b
z(aWTiYr1J61eJ-90c(_AosQl&YQasV#o^mE7^kh%!^LTaf?b6=BXsJx<{b2ZcNtL1
zepWgVxYZzyk&w(%o(pl{hz3$AKdMI8(mAyMk=3aReKm<rvLhu^q6JlL*;c-<-W|p@
z=PfBu?li9~Rx6Zb{a~=0kEt5apdstdAzJHan2tNpC}bI!_~3a7wZ=B6E`g!Xg+mnq
zx8vbnFJS(sTAgby(Qb4tEiPqMv$#Ua;>El3qNsK-gl`XvgIN#nCdYd}d{v<RnEc*N
zwz?Np-4f&&4@#ggd9eA$XvIdOxebd;d4V7cx6S-R3}=3Bbe_efEA!@JA6y6Oob9KT
zl_p4OgvQqFYxCZL*1B%!Eu{jt&>fC<HS-&d#okMTPDpsWm6ldp*{BO25fa=OQ;fZ3
zLkQG<78R>eQ{=er{a_>hIvf@`E{$%duLvfmOa;=iD#YzfVn8`BnS>efBe(Kv>5C&5
zQKr#*I04r02ii<5x3@-1(kjl?mjT5xdC<1BHydltz?f2J)!S^DeSP3~n}MKtHiURc
z=$!kHkCcpsX?I!;foo;ij*MMv*{%JnpeIXV+-!ngQ-`+X%E8^MY9F&dodufUcQ=U|
zWQ-<QO@<1w>0t${a?Gn%^!ifW!rj_S4RZ42p}WgH9(`Q?h<S|~Ub^UwR#(skS$4p`
z0zg&a4S^xNdzm(T-J3icoxP=c?Kc!``yxKx3?kj|xnf|k^Idx(^egCO52%)o|GvJT
zP4Bh)5dk0wmjma!ieFMNOY;tggZ6APM<8os-v0eww&sLWS3xAI6tkt4^7lbd6-iaN
z9ZRC+^5ME~Uit2Jd8LIw4<+aNC7lDyGc<gAW6KV#=bQeK2cHqdax3s05x!0;6s@6&
zdmE-qJKF5Kf0~4hI!>%iuI?dnB+K0#cfR?y)$R-dXyZrMVuYXy<9X{&JxvZ>`l~#k
zf+E!tgtE^41Z&RMde+~Cx=O+A2O`dCzjv!OtGrV;9pgB*SZf3n+tFB+bfS~hDm!xr
zz+M3t8(EaEvNkEx6g*L+>&tX;!8O7N2UalshNPp1XIq`qX8x^BXfAOf(V6nG`n4AK
zj*n>)kvKVDKUgIay<AdNNxMbTpA_g-#+m_`j-Tal**-UQOpcnqtwx>U3NqK$+WxV3
zNunSTdAkr@^f&taN<l?Ld^{su+x)3K8WEe%@wIZQ_I&}3=36Bfj;$)$zZSN=idGS^
zOeH5qiR>JLabW2$MUE&ws={#Q0iMO}=T)_UUf}bW8*YKnhZO`x+0y5|tr(sNBy8`+
zskYC~)=eoScTzrBxO+~SX`I|%QIWWAch*5joo%94mDburY7*shoymTzUQXWDh+@hH
zFBKlhonbtZo5he1f;|>HmKtL7FR4Y`KuL@MKOzM&MhVbuE?QaDU22CDAkT80K5d$s
zxuKw1aOl9}?BH;AKM%`&wpC{JN`6`mtr?Abj$P)2f7!*AkD|#yx8paPqg|A@Qk*N*
zWARa1G`eQhOq@}*^evTC)OW2l?NP$2Rnf#6a&u1RCC`%!{wsd7dtbLXGsm~+z1M?s
zv*cM);NMj6h>>=er+81&10JPvv;e#(qq<f+l?&^LyYR3s7I4aktkklKJ}^#$cE|8)
zR7dEuN7WYUOATr$DXBs>c0pu#nLff}R!yA}jcbh2*pP>i(Nv5+Vz1Vh&@90HDueJR
zFe5&yBFhNKUg$LtBbmk^BrZ`@@`)4H^}L4C0+wXmse7JeC<A#^t5l)vE5?bgcC<t6
zqkC#}3p#Ju%kip#P&2H|CBzJo-!TQRN{HO9n`Mt|rR4p7>3UqQj-4~A1?RG+&0LeZ
za#r1o4=#>zu|NNsO0VcLPIT-l=+LpBTrNp>n}iEi3Hb(N?oVykZVj!&`R>e5@Q4oU
zu}v%?Nmh9)iqSBi59$Sz3-y3>Je!w&m53P!rWmAJCk^TT&a+(_K^4;)bjutdYl{|x
zx0xz*W@q9C?E^+3Z#7UlDJ^dnD3aq)aIs`=lc9~Kfe&#lwU2!CyW$>fk01GO?`IP>
zVlp&fwQhXFibv-F`Jz(U*+Y<*!e%C`a~u@Y+_-(gpFCrEi_<se38RD)p*A~ese3eT
z$oQJt4ePy~>9nbP{&Ckv59X~arn?yK1^+HL+yRL;iDY$QucL2p1hu-RK}33rPU1AJ
zP;#gI+fxf*a-5Cx+Ne2t*7%&Y)p?quRy;XvaVpQuP&*B(Xr|##_-KaHzcOI9X{B`d
zDlJXJv==B?w0fd0Jhu)|su;XrVXfh^r2j2(1ELV~mrnk+%5@x60*`aMatMQSZj*Qp
zxU+CCT78;k%x=6%6UV|%GJXFi&?$bvFuR%*MlBIwup;>p!5!JP_6+oJ(C0j&H{MBA
zG6O)l@JDe9E>cX^JqhEb)^kjT-|E4wq`vj}Ea!okX63?W%>pam1{yXzZoi)kqSQ2K
zJ~SDtC|1c1QV$p;_LfSdy`6Vj({3tGcjddRtyt67Xr>SH_I8N3VAfJx<ajMn%B#JA
zltIJg@zyKC&)oWb4jb9fU<LbH`zj(<nz<Ww(gX+utvkc;A(Uycc#V};uMLX7!I}8u
z;pbXM)<dgK*NTP$@w+Zx-=8(=o6pZ&hwyG#_goE~YXEv)PK#NZ_}dO$1vu8dD^Fb`
zUgD*#mw2<d4;e@~Zp>0g1cvjjZl?4ojB9sRbuBkNI`Q~tu>T4?4hm3;#K_)^=gC2`
zFuf;u)E5Al>-9gtT+0mbI;K~?Rh8gBl-=O_tdlv|x)Y&h1|;X`ni+k@xvdxst#O=c
zqtSu3OA0cm$L^rZZehZC6#A_ZvKFt~-aOZZyu~|*xE=Z75j>X7SidQ1*4jzOev?cW
zz<42h3(#%gR=w><44gD4wqqvM6XJC%dSYb1KLC)e&8fhTSs(~vY2j&An7z3Xm)jCs
z`*kfuZFtk@<BR;kRh!9>xjuCoLgdpTc(J~sSujDD_6<bz>1^^0Wf6@3SdE>@0*<qd
z<$j$T->UPj>t^=#tr)Gc=I1p8n=0=haAbj=Uxl|Igo0fCcc^~W`Mj(^a-5@Na_0@9
zWRrqP3zC!Bdj&+npNf3gt~mlSxcF+BO8{D}TG4HplL@x<3LObCk~4bVl^yq|dVpM-
zziMX?EII7uqsOZ2Gx3+5YKKkz<z{EC;%DZfdQ8Zj22>2%b+(p<g}|lejbDw!*02FV
zP5X>q+Sd)_b7F=gi#R<y%8miuxdgSiZb$|;CYQ6wLeA@=+!B8TE?+>Xbb05)^T_dM
zi3_`ZAOJr2AaQiCtFTo$3i8Kafad-6Z3-HaJVK<CWG{H$Hsw6^^nM3xS*5qzoG^-1
z20P>y8q$xp+R*gyE|z+D<o0gc@L=qz|2mCC@<GdObLiUCoOs37;r@1bMA4ew_TK)Y
z!rdjd2BX+sJL~$BO&1x0>PX=!q8)bF?_xK8>fnE29ZpG!pINQj^%Iy=jr;$rTfhY+
zs&a`d+ovg{r^nXf{92704AoJD!Gn<|&rETGM7h+Ux^-SIZ-O9*<lWN&>ZNV}2cMF<
zrMHD`6aklXMc=1Y%bEhcpCA_}>@p-G)2t3;x%)t*;W(jQAzN8!RUjNVE8_?;d)!Jj
ztEcpB3Rsj5`|QUuxB*2`6#(#4O*dEUY2ny~s(zl`^ZJ&#9m)zhrk)>uU_ah3=92qa
zm3Yn5;_A=0-o`r)D|(O=C9`6yK)wsO#HpiZHE$LN8$!k5w0BpPi}fyJ!ZTufnr%4c
zn2mq@kLU#HWv;G*1UUrX#K6Hm;i@LrVBc!2S#l>%Dqy>p@xZzO(ii>md8%wG@bO7@
zuFXBy5V={m!PU~*I|*{^tB68Eq}gOfKy0jiRWC2gWI;l&@~Yg%;q3I&UEMB^11J-n
z%8#49ONQ?N+47=nXWrnXQrdN1oB8WN@6$k@r$0wauL&=BZhgemE&tQ=8i>|AUWv!P
zvbzn3TWX76(pX6h>32WRWv?htvkf?uP~S28m5c=!R}Vt!V;`<>bp@3&m1yPIwH6Nf
zAPDh2cXV2=8ah4@{<HRnKyZpdAx~9-n9qJiJ=wxRSV0)54dI&+B&L81phiN8EG-aW
zS8GJBk&V>Y7g%JB_O<2M-Fi|hQMp&AM8R}j@zzJ*hD;{MiEQDQOqt-uQ3~sr^<%M3
zd)Nx7DIU`#P)-7j2y?IFT)e3J&%=tsK4aoEvDHt>=ZZQMF#xZ-cHiP?t3YfB{^oMc
zyLcXFyRmGzTEBAOHUNdC-!{vn=@4V{2L9p=QOWlBpkjGELZ8QZwsMp0Tz_;38AP_)
z>B%I)s&Y?aW)FpHX^sse5(P8pNdf|7B1C!4ScS6R9Z|#z$qP+a*~jj*-c8i3F=Mn{
z9q6(VUB7ntHC<vkwdaS6(WK!K&}#|6Nl=HvLTWVb<qiS%cEVprF;44E3g$osWSFu|
z#Pt!))Ja8OdJq_2Or%vm*tOr6jRzK8j~-rEFI`vLkr!q8(qnHE-HQSHVz|ru8C$BJ
zT1P!yg`cc{w#av1>w~l887d|EU!orA_N7Is6#&1H+(}d@i$LT!O<hBbly%6Ms8xO4
zib+IU^_q3h+2XP3ciwLN*jj~24zGRF?mmd<cn&{y^^Bn=m3Y6iV_A~#S8bs+rZ8`o
z3{cJW*U+RS+Rv5u5sc2db9#7(0Q}*p$mKcv!>cQmo+A`;?+?Lg`~hUpK1=f*ie2!&
zJ*LWLOlsy-<pu)6LhYVjZxT(~=GceYuc7r)itmtl0i*4gbX)815*iKT57v>*2YymS
zF5VULl}!tP6uD(c#f$$uTvZdX-4mRNgP8Zue@=O0Y*Mzn-citYL5LUfg5P})ljK4d
z*^MzASgQcNo@B076WTzH@+Dn>3y0>?%{WHnfj&zs_s*!nW~_CFX*b2AjZG@yfHrGP
zlEb>T2+Is4)kQ`fMJdf!Yd72<gRF-idXZmAzDkCcYoP=HuSI|E_PFcyZ_L)w@aj7}
z^Vc@9t;!>G(X6^k$txIa;MTI6g0J~?F#Kq(8I+=)OLMPPx<TNse3c8YxfWP?5=XXU
zv=HGzrVQT2`D3zH%5T_h8JA4Wbh>kEc{3Di$7_{_n%$ZMh+vjNK39@~5{!w0O%r63
z_Yk16y?g`j;}7oKNg%lZZjTD=gVR4Wx*dOj=zI>hV<_XzwfjJfP{4I>#^KrLRk{5=
zvX(9`;ht4Jycu7s(9!pIC88+Z?=&Xxft<qIa<lR57!qsr=C*<ob}Zk}w0NT19_dHi
z*Zsconj1By>>abVcxf&BAU}Z;4Z|g2n$daFmuJkLt&tJTJv%uF3UrA5<Aj4gwlDcf
zK!5gnoA)s~JdnStHn<Sl9exQ1R&(Zex`BVM89K}BDy4i^DPOj^*jdScC}FAkZ8*?$
z1!cKLtg1J)ZZmD#do$tE3!oa91R{W5qDGzBS}W8{87Pmw0o5)#M$Vbblt*BLm>72E
zJ2mVrO32vrR_`qu2Q^FDWet@WNUPE?Fe~T;b^@@n*ZORi1c-w}ah{kNCkuLeu`O)+
zG%DJY=B%%80d1(T&H1_f+I2ck00M)>E%!u-wj{x}y*hj7`tfl?q`5zPuKW2vsPJTT
z?Hm{&v)%^8G2z3<$kx5>=T<-8e>nG}0f@SpsxiYFfH+?otSXzPpAg9q8M!t9u3w~s
zu^r#m%1wr8SVXk_Z%}8&6qYj6=XOWm(*lY#e6AqP;$keno(;A8VgPP9k)S<`4)(RE
zjo2EnElIkiS^z=j&&yYDL7Q={;e0M~3>Okf%+6iB@>g(PoBwp$hV}Y##iaiumm3P%
z@+!RawfsE~5~wsM-lp=oS;|duf~>3PB<7+|^uvt-1cw&uEw^>A!ftoq8`oZ7Oo?B&
zCa~_OVD8D%T19~5Hm?2qLGe(GO4GvB!KY+T@u!X^im$V_vu=aR!FE=5>;;=WCiYvl
zCK&)+ZiCLNAk83npi);aH`a~uL{|4en0NnZ&TCn@&WUJq{`1F|&b8#g7F7#I@yV-}
zn~)Z*^O{d^+rZ-Kvs#L_yS{z&^`^Eoe>AHo>^IHUFltwF9i$`nd?BE%Bix$Rj8ctp
z!<TF+Aa*XI6Sa_WN#com0j2ATU9IJz*l)}drnZ&_eWFG?_uW$vQW1Qw?dmV<m3#~U
zymedtaOwUoD8D0!+jHOQMrJ0utY2OptCCZuA7{*|kfq(YprMjB(^ru@=6tyMNLD5-
zal5*JIQbd{H!Vpr0$0hp3U{_A<J&!-Sm{9TK^lJ|;-VYOPp{p60tX~Jw`>CgbV+RQ
zw)i6&*J}(45+3E>*hCL%eQ)?{b`un~o~i6yRKzI?1bh~OsuMlPIdOy)Ly4SBa;Km(
zsk!Gxymx^{eT619oDj9js|HGaML_eJB@&(5(<fNWbWM$Yt)#^eG%4A9xIof&=zzmp
zF$REpENcRy+t|YIayx(cBDzfCK|c3MFTw)va4J33{)+)!Nd0Dv7BhX@p)w9Ezr=jf
z&1NAj@>YNAZS$7rcUNYJXE~`VFsn{f{)PPU%R>Bo!N@n;d3)-0(&M!7DoJKwUn)lJ
zA%g`sYE<;?JLrl8OTu@sI}So4s=L(+Rtedy?`)2?SXZaFHhMoc9g+9?`tt6a7SM2y
zpn7677PVq%8-mF?oCjz=>6IKlKny~qkO>u_D5hSDgIM>ad8tu*x}}V7hsk1Fj~O4)
zt^%RPPl1oNNCK-mppQaWXbN`gN=HK=eHhBQgR@$-dgWt^wRKxnv1`QAQvZn6J>+RH
z#hZ6_XwdxX81F}%f0~0(KE|wgU9LU?S3y}2X?Y>mLW+@~$4n;tK4gVi_W^vj1&A1T
zRMwfGGU0l)Z95=Pc~;S6r!LZgLw+C=_^I|xcYY#d_ED>={w`!~>ap79dYN(-LOHW;
zAw4$LwxHTKPaISQ!~i{sz9jA-NH<)sX(^ArQ8hkO%(2Bx?}S6bE1~LuhGB9mmDaoz
z?$vRH2WFG?o~1t85;vvD<f8KmfxeUU_E@iKLWvdI1Lo8=%8Kc{=dt^l356`oda6wm
z^{!l9yA6=X#<QK3jG)0pG4O{aD`m}mYR{0Bf2%6MYty<P9f+*uE-6=8QLi;xSLj*>
z&UL$rR;E!Hj_H<7`>26l#w-C(E~=Iwy4b{ia5?zgmnHWSsH`s9%&Rq2K^9nZTAV=v
zP5=5FT+k78=l3NG?fcPz$X3R|z+s5Pz@V0t-M27YElMrfaxZRgSF>toDliRYq_3|J
z*BQ?4+1$=Tbf7_k)tl39i8j^{k;q)>nz(3N;~GhS#C_=|EidO32l9Yv?%Fia9Zh9w
z9dmNc;D|rhEXTA$BtEO(3h!JaL=p*$g@6)j1V;C4q|TWg&>~Rj@8>c(?7Ax8Xdmr-
z2lcHmSFLwXFQ?o(x?>Ksf~c0fHfuU1+zOWU?;b`8jl2Im$6{w&q|>ZNnb~4KS^wr}
zyFnNbAe^@qH#?lSR!HhyOJDzYhMfNsI;kkC(0g5G&D?1~9@)mgI8C!r=a)<tc(eO-
zGyS@qJhMB@b$D^%e8xg=3BZP|S@8`d1_eoS{yea1%6C<fX%QdSyB|#6DXyZJzb;rj
zF0Ud<*bz|K1j?20e9~cAR`$OXmF4kQki+6_$S_X!Qh~_N3l6$D6C2$fmO1rqhn&+w
z*ma%qBXif79CFt<fZsp-!U9P^#c2%3Tj-K<tUx;6<B*h#Xo6<pFNq2@rqlaCn)2zz
zF<dOo%N&kUbpu5DZhRA<z>CTrU$S$U>n0E8d%LzL^=y`G9v{CvMe}g4xSi6EW0;J2
z^tsgrCQXE?rHZ^+3F|MW2?`3jvM}t!_bw2KZ-z}4*p+;8>r7ToR!<R;61$AI+ejfA
zh6sa9g!SL=JNG+A)W>Sqyri&s8wX`5N1GxaP3B$vo#m2uF_qUT4wGLHgKdDnXwOYV
zNCAqxn?%fR`MF2lBncVY!nK-zUB`ZXrX`ju`|E7*Z7UCcmdjru&+ji2q~u#pw{(0W
zSxT=4kd1l3S|q9ZF^{lOif%iMuhWjp@ZQQlVZPse`B?@9Z2iGzByAL|`ilW>`*`Tm
zNfEB_7^D}*oVn+FjZz>Z&MF{Vq<VGwW?eNG>JsIWSOY*mSzfc_f6sU}h~0kXeHS_V
z43>x9jrZ0uk|Q+w8sIYZ*VH)Q-P;W?H1VPvgPvgVO9vTj(E709JHDc~Cd~8OE1kh=
z#Wb-v)m}vNDAM9O>mg&Fs8rVyuN|f$SQy}Wj^7wglL{9wkUw#F(qbad{<7aqi)`Kr
ztDssSY4aJhCFLZx@M2fqf3-G?M_ySq?W2C@tt6I%RQR*ow%!8o^8}UK7ug!<F8vcK
z?(yT;C{kG=1syrnHE9IB(Wehqbd17SKd%6;%MC!_)KP)Ws^gKSy~(6h$z($OdXeG1
z^Q{6%g7*&AgTnt>4AVZMiynYxMb=B`fs`*E#k*Dt_s$}0%?+;n>!hbiKk&wi(IaU<
zfZ*(BU0Q>Hn@E<sK2}u!xKbnm{!^+HJ?vv-{ONQ3FK@0B9%KEyi-Q1OCgAHjXC}pO
zWOmCjf-Ln<k=e4eqLsC?nMj4~evVu6x~DMISNu-Lc?a4*g*GBlWu?$=21faI$YmT<
zlGCkIjO49je*^u~4>Cz+SPFdr0GCKw1=YvWWMGz{<3XoLVxD7k>*GH~x1!cno1ywJ
z78>RM20^UARFEMZOUDQYfcXD>vga+m*9nuMOrAH90=5s4zs{$J&2dM>qpN?q?j6RM
zvHZu-^*)p2&Sl+-L14(`rBhBp%tFT?X5=4&nB`Syd)i{esaYj3;A8UN%M*XRJd%I9
zJc_h)_&<w_0p2Z07EW_*l!oAt@64GqKYuDc^j|sA%3O-S^opo#pw+WZ=dAF8P73zB
z#5&Jqo|>WCRN{ztV&V63lwaaxzRG-c?SkFeBKxA(8bx=N6RsBN3Nh^LtoK+kRl!!`
zqdS+DG>-)AXS*fC!nIhUCA;Io>7K_t(aO7d+Bh!u{*s55`);#(8LU5>H$V6&EOjHK
z{;6c>znMk;CLcKY`Q`FoY}ZCAE$`iH%MByVR*ZMjZveUAY#buw0#TFJDbwP_`LJ7U
zeovpxF<V)jGRXYR82ay@miS^u6ofdiJYK~#kz{qHRm254_;j{m`pI7ji`~ic2uhOV
zbPx4Z`xh0)KWQ<*d%r+_*^MM)&?ygOcVuXL1tIxH`qjUl2pWfZAndNx4H8Ht^}i`K
z{`EN?mDpf})r!g7fLB+JU4dJbHUnzmdom|U*F91%vQQ~~*$pHc3;QSi+W&aZuYNu(
z=F)SmQ`w#AZ2i+QH9y0Q>C>N%=^ZpdgHx_QS3wjV)}bf^<e${px@>;&FePDwC3%Yv
z|HG*+eKy^aE|!)yg0fw%HYz*1fM6j)TJ}Hg{WU2bRDZqg;}?P6k8f!Ez<5IQ^*;u8
z{Ld!gJ6Vp<B4~mFi%@^ITo2(jMWj4!t3t12<geKZc*`$)j#MDp=7{Q2#p%}gU*23N
z@kpH&F!i=tW&?dQp+M)^C}!c;?DFH^5Hq@Sk2btpYvyaj$vT|u$KSj8)%hu^w|(3|
z%B;!<%umP3{JbE)gBj4LKOInRa;@r5g2+K-K2i^2B#dn5WHgxbf?0djKU{lnLDJ+>
zz3SH;=zb?kaTpz3z}w^G@!x|1gO5`G!;d1095f^bUJIy=C<(J_{5l1+B3RF^>UqKb
z@I$&vp-l9Yn8jv2UF>(qi~ZtH=VnwenyFwqTjO*i3rk@(@{8wxcsL88nt4CF=;E`C
z`tywkq(w-Nm+C*=%8%2aOwq|k{aH%s(Air^ONHO#nmQiW%Re2Lr6Z4;8tq^zI9UCs
z8z-sq_+VxK;lTp3g>-vbhV3>$w(tX|3P~7drv76y2FOAKF(06MI@Qh6n5lmIr&GOk
z3t6^#3wht-DylL&`t&ea9v`O1e|ngdX=B;o#{Hk`^MRaNKId<9T6%0wKmDOOrNcoz
z1}93P>RIn>&NLmv$^JWggO=%d59|El9tH=YMX<_FBTt+O@Syw`wnjVo3e8{|buXZD
z8AT9<7=zF1`fazuF?K8YkL_0Eph$8qq8+;w8l00J&GgG?65hp}@z*R12f}z}r=)rR
zG+4jh-vM*b<r&a{R-tB90KFfM<VuGur-$4KGePH#{&0dca-a#xM99rbU;~LdPi$aP
z)bUnM|HG|plh<La3TC9@_lzW9X5?(_A6jx&Mz{=b?z>L5|HhMpBT!?Lo~;s#S)7L7
zj}n7<6pxrce3WEp{=1)uh(*jcmQl!l&l^qr-&jD5yL(53v|Wsz63CK_9Q@Bc=O_4a
zl!CHV-~4TIGLP3O^N-g_&=F`-KEW$61df62w_}hxK2-YuH+#ltFe{dhLPPWasbJ?#
zudy)he-RA43~zb!JXBnwtOGq_+i!G;O9$NWe`l3*^n9`vG7=t8<ifN5o8vx$gBmd=
zMAF{-uc9v*T5Dk6jUrC$`+H9Q<7oL$y@axmW7!c6Q$dj%Mjy3<<2&<7#P{kNW)D3r
z{ilWZK#BvB^oxst8c<QoWlb2yh=uwe^mKPT-qC<449L)71M5npu30d!52ce!zCw59
zH14Yh5%ydBZ($&yqYW{|Q1jL~Z9Z27z;bA+ieiDL2B>Bn-R}zFI}&5mtmXLfBU<?(
z79bs#!$8+ZOiH@?;vgj$@dt7S53BkSg$a&PEr9IlzaMK7<Jo4k3D7oKpy@9Y;OseD
zcjxhjQEIh2=QaU?QZ&*5KXqorjgAhhW`bU)p}PHkY$kvbWC3KamT46#;^H)r;O;Bb
z{@6Ea&TP|Y6gh6Tq1hVG68ONXsJtV};?Xen<tE5PAXM_c@IQ1A-k!n4ugxgi7;h^C
zojfhgr;Ab4zh+Wi_1J(bV-6##Xt_6|fb+*Eq34P~MaU&pg~DwIKO5+c-0%AGMV8HW
z5iZtipz{Iy2Phqo+k6tZ{{^I4azVX|_;jd~Jlm2=AbGp_7gkQ^PmtMM1O)mD0N>)b
z2UI?|3$8j-b+3CPvZ$J^P5Fqj7|I!l>L&I#(HZ;Eo~EJw04$XYc*4d?b+z3b5aVcv
zDDJ6Xx!h$IGc(D_c>cI)9{YtTtdm^;0)754%tZzhJn8~f-!M}T$6r##{Au?vfi*uh
zxGBg`j203Efl6Ctkzmfd1~LXlMj6nF*L|ac<@vh7Wi78uBc)Yh@qpMdT@S<Jed}S8
zdp6u{k=51`vRsM0ZLm+D3N6QX-RNQm%zlr$2cqp_hC)hQq8$}lCU-}qg_)$2or|aj
z_Z8Jl)A-1$B}@xHTwDZWkq4iau3G(rzD%dt+-SBlx_hV&xnes8`FQh2CK%O4LdoK|
z%U<NGh?1zz;FIth+#c?n#W>v&Vx)~@JbyE*#7Rtj@z``~{JmONxjyU^xF1T`E_~_t
z<1ih0%%<D&gTa!%_b>N|@4^me@?R!HHQf)d_7O;PC+M@GGk800`{&eJmh;KbGOLwK
zj=Sxr62_R84~x{iEy%DND@r%Y9mIO=Z0V)teyD)y`N8O}%-R#WPcdi_u2aX0)Nh5C
zn(VGK+b}E6IPp#S5d(VpgmecWI~8+_dnemP_^L~H&XQ*9IRhvjKAmw5!==ZaRQg!j
zt<H}En`izRWzZe(NuaHx`ZHDm+#a(v26Gdykf{q*VLisdh+!YU5Z)MX`YjxIQ&C5g
zk5UhbWu5r9kdNE7D01noDBKoHsM=RW!3j&Gg*O0(Ss)748uzkL6XuIY4k+=sVmAN>
zR)53jT<w$24;&pNA`~tDKK#k$8lmX%2-lV%QlpX5pHI)hp3`Z<wmB&bXC;Hq(?L86
zr|ZNuO#-C<afZHnVy^EGysg@=DC9`hu>kxRbW29J*6U=^?tuHIM-cXPrK3v}4oNC%
z#ZH?>Mk#NeJVA@QZI9b8g7!dJ&?*(NBsV&4H~Ku@$%uYq9~^o)P}I)ioOvsxkRtM?
z507gp2>^pg$XCzV0yds((3EtKh}qg;F5X@deC}Hy36y}L!|Pv1@nwVVC9SS#R?!Rb
zFTA)0&f#%DP3txlvkiOo@8<vuLtD8i?C{Ndt{*fQzT9G^*#(A?SMEsU>g{ZD;{kbk
z_n#WBKh|0ofeMW*rmfdM9DOa9_Zr_6cK?fvi<}d|pp{BtF}9##K(Smp6VMO?W+3^o
z;u`~(SbC3u5tNL7+y{Hjwg@^D`-)*&X^YEgk(x+D#7M29we3>TPZpK;sylDkC&XZp
z(V|06($tmutx`%eII@Y+3+<~wI!6L%oE6Q^fr?DlCq-7Fx$gM>2sK58pZk-1MooVB
z(HXY;+)#46p>MN0Ag7+2;Ha;83;l3ir2nYctN+pgEu4Cy(vm$V-fpD*pmw91tJ9Tc
zZprkMU4ja4u8i5>g*_jP+PX^W*0-2S0CL4)LR+p%MYBL`rR-iK@2y#xT9?&zqSwa>
zw#r(`?Q2JLL+%@mn&xByWUVx4M73I0bxd9mT|(EcmxhRr7BDFV64#lJ{iJl93B`z3
zuuY9weB3NoPS|%_ZSHhpE^zCYvv8dPiZ3k0yP7>0a;c91`Eok7$5#J4VcbLYk!NZ@
z&~Ar`3X3)74RWBo@Uq*DJe0K~_(|ewC8TOr`qROZ^Me()t5k}8cG2w*HyH+O%XOM@
zHbF({*5GWRSP#kT^`03Zv@n?ilv|#DQ>pnZavS&(;v4`BM=#$9HwAUJE^9ro-IT!6
z$yHLYpqwb0qszPQv_&z?r5E-b(zZI=sZ{=RV?)QzPsLnfeEJ;lDGU%J*$k7_u}OM<
z8PPMBXF%41UqsKJ^Jk2zqm$vBM1O*+e-!-zcnBx*DcQW#YOdu{9!EThf_ov{NXgm^
zja2s+Q<j}kv3<baMmdUu-bBmA*SM<2u!#uJvl*mO?^31cN1@XlZ_&7>GN?!Ka<n|p
zsDH7v^JCT|H8pEL&=-Qajjjth)&bI`OyFG7^AY5<;WUyr3p5>3L=gB0l@uVw48r2E
zwdm>wE`~49!A0Z^1rOaaJl<T{%<!@*-%@EZH!pxt_YO54u7RVH1qh&{l{1xOoRr&N
zUg-1}N%qwRV64vp^I!S^KRqp~qL--Zb)SLw`=EHAtG7w1AHl;{Yxjezi_IrX=@<L5
zQq1aiiI<I>U9DaEGC_w#ZANc?5uXXaT1zWd{`$z;$MS~9ck?I(2$2AFE)TTH9wJA9
z{a3eL8EY5MG8rt3mvDXZ@)Q5$HTD=blSm_BY2RS-;`K%kpkE`T;h=rndIf-upa72(
zKOD)YJri14Rc@!@mm58Zs-dx9MB445cw~{goja?wDWekz<Ix1Agsrv0Z4&qh2s;Eu
z>X_FV_FjbU2@aOH=vlrFaU-%koB#~J+M~98o1+!0h^#q3i^7We4AEfq{k!d;?Xv)o
z=O&hD{RD8uK6F7tzR$IWyJ(>YHA{9}>zqt1UhM_k`)qB7k;znL655rZ*EPm~m{-5!
zN{-@T9^bsfQ((lJI^|~VZyr4fabBrv<u*>HE&m8wsh)Fv5Y-1ElOl)$%A|8ZCw~q=
znu(9w^u94{otC^!>P@;a%;H_(Ua>X-uvaNDY{uz)0c!e{IwtKWb{}K?3(c<kIZ^a6
zv(dtH=G{TK_NK#_$5JO3zOX*RETAcRVw{sOnbW<@4d2(7257LMuN&W8B5sD}>+lFe
z0L1X^<Fss^57-h(UF?(UAE=0ly<<&ki;C90y(zF5)GuAV^>Pc<^Nc1wmkBVG!>O)W
zCf7En(%;ulK63zOC8+G$)Q*hH!T#jWCjmE<rw6hXI`lTdQ<F+iAH1TvPTY!JegN8F
zOI|C?td7u;4m6|93q2BS#%1X1pFAGanJSiul<2BIfPk1vVS6Pq?WQ*Q2$)MnH7xV|
z@<}&m-FQFaME4^{nA+KqU7v6Fcjrb%3{&uA+;{GL#ZV1IDm@DL2FyHZv>-%$*K}Bz
zlpvMYdhM+)0nLQ|$hncBVS_|!->$7V>uwp~Bit5mGOUY+P{i-OiGLPu#!e}b6bwXl
zOsu;VG`ZZOwj%GpXbHK41A9u&svk7sIH%F+>b|$IK&kiib9WkV=%83$p?RgVP>Q5L
z;u$ou)8cTG{U!Y*Pv^J0LisX<IFZ*CDf|<SjR(CMb6idDdarkle5pB-f<;VJ&Lut6
zO5P{PRjF$xR*OoV?XFWQFm$aM-bVKFQp_H4qTq6+>)TWEKf`mhyx$r3K4)jM+F4Mt
zOrCW99Kk196P)5^=`Qqac~kw>>zm>%=aqF*w0sc{8j*a8iw2GCv%89*rFKKTaSb%1
zW`o95ZFZui;?d<cGzV4njFRS|YIK}vYQk-zEDgc(&L{VJ)~>RTK>1pY(^kAeXO<#8
zmG3=qIxm#@VAh!Q&Y2Zpo1kn)ePXViXC?H4Jj=(4CzK+LLoV<|8-$iJ2UUp#-85^t
zOeG&@crWCkF0Wep!_8IB2>=D!dH58ISJ6ZC>OVQ^J#0Ps`!<r?vILTY9)iT!A=R|)
z>3t&lxYj@>GwVJZZIA`99I>g%4zD&*uP@+snpeK^(!nz0!`F1(RIuIb_w3?58X^eV
zdGl-+a6>~-6t|edN6U;2;4y`Zi^CfMkLgk1`tVWt)d%spXL<AFtaewz9-T$T4&*UQ
zKH#zVR4{dJaKsoU75n6QSJWeN-(JD=1L$>rH`*k8JdUqt@}90_j~keqx&^|rcawjD
zzGOxEZ+42bqjJ(b7}+-ZjMB2L(8YIwOkXT39x)YOx>he<Gw#w6*VD;PTOofRsO|Iu
ztt9UeI`k8m+WOGokoYyODi<Ux7w^<l>V|l;bal7I-UvQxAh|#<4=z1j+R8zEhd)$t
zXN>bn-)&7eugb$E=`~zT9szd36ha3HdcI3n$X?{zA_jv)&U=<Oz~4jcUem$%w^z-_
zy8jP*Zy6Qk`t}XmC<v$sNUI2vLkUQSA|l;2l$6APfJ29Zh)4<p11KN}(nH6P64Ig6
z&>g}sbmw~x`@h}$e%AY}_kP#&<@s=bb1h?VuH!n-<M<uFV9Wrz&5W?(ESD>)MNSps
zIB|lVju63b`ty^f!E4j^(?hmoS<(G)6812}eM~=!NMGw<$aALw{D^51F=*gis>4P4
zn)GRdqImY%fU8v22!&nAOV3`F>1>0l487ntVzm2ureDA56RF<M+&Y7*Q7&*PU1?m`
zN3=XWxsXWFT1Judvnqzw=chBB>`}Cwp^h`u(&yIe+3To^WxYT<D20)`6|$FaQsM+H
z-|<<94?YH|7!9oqt(enJIEpj4)NJr^Xm%ifIym4=b1@L%T;w7vXm2zLp!){yHM_<;
z4?#I#dim%v0XZuQ^gs>vxf;_L<M}H<YLAs+@eYHh&O4q9X5aS&V36)M7TR~}`+l*=
zR}4H2OVi4qt%i^6!+DIpDM&3cm^;#~n6#V~&6;KWL1Rw~%dYq+aQ@$8(i+)&NBRes
zIX#GHhun$H$&6D+Qmi)mq=510pGw6-@Q|RiXzO9pgLhLd_Enur(|UWWfav&4zyk2@
zVzNhH))R-Qb(eG(-@lb4TKkxjnFV)7yPQ*>-il<@9h<|7H6CWW*&mQ6-G0?F9v<xw
zz}e)-B2LIE7XFP>qW?qnQo*vt=!+K8VW%!J?Gv8_p;zNxPQ|H<_X@-Kg+yNcHs0p>
zcy%W&_AIpG)xvX*p`|OPBI931csH64VQIwXv<N@md<bR;UwA@cF!9+~I*Dg{xL16$
z>*|Rmhp`7G@SaMyjiNdev&9Ijo@D{TyV-DdhBM!REuzlrz!NZ)k3uE3P#Hsgs)2(p
zpz0Wkj#A(53|z@nd7}U1)010*cAs_cQyi!kgL*T`@c?}xbx@am_1=&xtEAzLPKgsw
zn2dMmULYLS6vn`n_IXB*DZ;erwDh_?cP@-<f31;@5%(%DKUlVM)|j@V!ZtiY6SB*V
zL>jscHTjJh2~;2r^}f6#p^IZC@E%xhSUY%oi@a58xLDrfkuIUX^igw0TFJBGCjb5O
zUyjf3TQUWPDWl4*^VYK0Kp*&<iB$L-Dj(ZvCu`Vbu)*Ht-2r(dV~x!7gpF5MW%vQD
znSMo-k<AY_^7A{h_&CfxA&+fa5SJ8hG45Z}!B|Ll+d-#+l-{$rg+QwfSQU4<Qy>ut
z>MS=70!QHE6Kk_}zq6=5bk8={x8Fx&x~fM>WEAAm%ZkLx=cP<I{8=@EA@vK(mB&J)
z)EC14#^FOxey<B(mN5K#IePEQDPXue8!N%gU|(((>>x#q34skkS)QjTx?7aPql5CE
zI9gVT^ZDYE^MIVSafoP{p5W@OFUE48*cIa4ku5ayzWDkf2~QA{inEE=f}STb(`mmm
zfN72^e+e5#jWQA1I$m^$x=LiC+Bm#-X*Qaj^dKf)K%Ar*`sw;#l_C<4Kcc)5>%$8c
zt+Q$3ustW-$-G3*&7lpTB~1bz5$fkmaP7d?Ikt^Qij#rVI3AW=8Ukv)UK8Ly!3SG-
zjr-ydxI?Q)OBBA@9J>}v9K=Bnq{v&h1IS9cMKi(7k(f8<ugO)HXYxqh@cODpZ~8B5
z(1;60ABnj`QQ~_uWV8acGW2qc;Ghap(4E}})zWY8A94L`E0fL@k1eaYyGKpz$_K7L
z4{W}_e$!ZZu9A5Z>ylb0yos(uu&R@f2r_=Y_ElQwMMY?qx4%@9_XVv~mF~K78r(XV
zyCTx9hOwv$Lw?v$FYTk6&||t<lt=}g8=XrBsav#mjm2M$-240nAeGKB^uX~Ow-7$(
z3}zCV_&_H$^)AEy6G6Y!yC1d|_+GCgfME6M&r<uu_8#l0w}I|-B|~%5OrrYt8e&Uk
zCc)+gbZ{4QPRg1*49zDU{<ZdgGj&HLVdIMczbZ=_y0X8m<(Kr}w+64j|HPZh)5}oB
zVRpR8iqG`uEM*Q}onol&YEujv%G431`qsHRBK@FSR*~~11rOnG#`1Gsfl$)3{D2?l
zq}RV%ALmO6&2v7|6M<~wiZxCT7n1N2F{wo+3DhT%9r3E@^-ETEtg^wh8Pxo?W{BWC
z;Y~u7U=zg`IyH6f*J_ok4M!^1KTbOj6<S1Pf^2~1jNbn0MlJUg$WM_ygr&15mz~K>
zX-@~DP1$Q`eSV0Ni5UUQ`*wmCGs!!pgz$6!BKcv!jkxhrJ(SzYA~64(L4jGIudljq
zRwek$q0Q{t2V_*0C7?L)iu44+aC+!rT_2aU22Qk4T)*f=2C8g|Ffsr(Ng8%JFT8PR
z7N6?v5NQw5+h_uo=JD-b6%bzYD4UH@vNDVH8P;z#4dMuW2CvPJ4r?_pC-tp?e(K?8
z3j9>+QB0J3fCVZjwF+Q}tlQMLoYlkIF9GU+{qYWq`uhY>FoW{m&5>CKU`e5NEPZqt
zIt&6#xpQiw%eJ?ZgN8DDl-TucXc=(tElDeumz-zdBm5H08ix4WE7x5y*?{m7OJJAC
z3bZ1Qa9JLDu=kl=4Ygn5<|<~B8iHq&H}-j147rZ=f}FNoX`#g;7?p4E-qQM|)9P@J
z{jam;=f7r6d8i=`(d-bsm<`RLk_3HE`_H_Ya*Dp5P3~l9r7PR~(O^N2tNy`0qs}rM
zIq!UUa!_;9gM}c`g(c*zE@MK2*^Du0!yG!w1AGc60o|)`A=<}ls!ttWU%*{a<JxnG
zS0Eg=%bF}G1)1LuaqQnC_IlNoc`*Aem>~V6_QMq1d>l9%B-ZMi6S)i|wshZz;HWi6
zZnU}Q1c~baU$&);hKNPbi1*sK8hr@`al<%)%69Sv5VN@@9BvNj`iRV`+?yIUZ|OT;
z+CXpnu^}eo$Xjo-NGIt~5>-DOMsJ>VuJPp`21+sW4`%v-@>B*hA0Ifvj(TOPJ<eH4
z3!TSI0wQ)->p9#40E4u9z8&3%cd{$zPG`J#Z^9nmNEHx|2DY=E&WNHT;A^npy=Cmg
z@wDc{W&dRviFL+!C{7r)FXMgL-wb(3B!<kRfP>jsA&$>N0kfqyH#LGs;|w<Z&dm1Z
zx<%DW>TKK(bY{H@>mn;r*xP2Zi`n0<e>7AUBt2+jdqV)WdYNx-L)|cUA6Z>}Z63g2
zp78d6BHKZu@I&hMqMJ&MhVkDE${b-h{J{~CT`u}vfzjK_KN#leHaLv;gfaAmN&nuc
zS)}4UH~+1*)f0f58;_iSw3Y`h7IWPyv;w!%XV*`enpx3+d>`vT72hgqI&Ym5+<1>k
z`q~fKJ3r2LZ!k)rA_MjHlRSrEkvBQeV9+#JpW26>)yfAsrMzi}Ggy9}PwcRRn8czZ
zXr!{++<os`dmE_$@Pv_|xAUD>%wYLd3(TL`vcrVca=%{nuX{oROTq3M=5SPt!9vEs
z)*utW7u`jXCsr~xT?yJOI;`?9qXdmSTh0$dab4nxHWKO5d)vb+Dk4jHeyy9gu33r%
zB-0amyakyP8EzX10@z|fFy7<6cyrB%1#A?ZDcu|$B22v(?~aSzSuh?hhuahflpN>e
z7!1~lyrEm#nyOmg6t+v7hWmstNJ!PT(%5;`cClZj<JI6Fx8ZUU{@*;~eD89cZyCq-
zP)(lFyFRva{nPO|m|2-swhD{`<}lpSZOg{c{Poov5igK++!*(zyGV={{&bfRO$pJy
z=kGYclbE>f-sdwiEtb1K`@bCB*JeduTw|MB*XviIV5DV3_^HhN-5utIlHqwS17F*X
zM$GTRvMKi_{7BPFiwZhOp8v4YzcE$Wc47Ku6$EBl1;GKJ5!ETWaaE+E=!nO(@i#o!
zg{SF1_xKlvzurp1+3WSP>A(n|#vcQQSpPOp0*O6$#deC;2IV0<R1e~<OXU`;59TuE
zBK!45pX~!Xn7-&_bBF;DS|uAZG1V&5o6K|}QHlFE_ts&lqxi7u%#@<X299e?7FE6C
zUhY|VgtWqK{8??BH3(G_*r@{-9}H+y_h*rrkD5rV<SJS}aaG5wqP8tT_!-0Fq^sIX
zfZQD_XYuPUEMqjwlC9<8uuy+$qh1kEk|Zp9Q2gf4lJ9+gov|bCYi{NG2VGKrrsg<0
zN;lq~0-uU8GH1Q*V=(39M8%v4^pEepJUa;zTQz`CtHknTI?cd!)M%=8A8dZQDT?UY
z1Efks3%F3uYa-xbV~IwCyk}&E(L-S68gzJ#utglYgAIY#gpyKs3S-*~o(dg<m<nBh
zr>)JkgEYoofSX!vpRN=5C9da)?(^sJzP~!a{0rhg38v;uzM{0K+ow1C|MKi>in_`g
zJ){;tWB$z$(@;96+Ua-c&TUApWmNkEiq@$fz;wEO)9r7TRrd5LsbZUDBk{q4bMbVj
zNG5pBhQ(G+NoF5Qst%Stf|EI)`8%$RdG&$`$6`I!9ixF0|8|d4`SAOGz2L}8KV4<=
z8s*D*{b@N5%fM9LE4DKda<AJr@rv5xa5)qGB;fRJ&v`P*Ty>rCNji8AjZ2otgD&G<
z<cL?NQcy&qXBD%BdZ6pluAB!*CsNnxxptP}`c*pNd+hwfzWK?lh^j@ttZPCf-`zLc
z`P#(K?5@_6cDNVD_J1xIn+Dz^)+65^P2%r>3@|0dM?V+ucPOoSAmw<tngs@cTMu7`
z<I(k-*}uWcap>*avf;gfd{a%ZNuZ$|#wW)LAMcVW^fPWz&vuFODK|WY8T>T>Y$ZrW
z<XwHIxeliK0>|II8HEu2*mLV3ts7(0q8u!fG*WCMSVgg&&wL_F@AY`paic@G;Jfs7
ztacl+PikNDo>n?+zJklvBzajIS5&nP8=U+`y_|{rnWfF8&h>C^3tA_XZ|gr*t(m3n
z(0n1czymaP%IlnA-W^$2@18F)?8<pKoZ7LvT#?4gVHr;K(no%L9e6Ef-cN8Hfj(~{
z)*JVBeM*!2lyElBR9s?qD-++m#cp+s|C#>qr@QR!R=1zGU-h#gEMNFLis4qv!Tn78
z_HORq^gH-x{6eOd-u(Ev*XM;rt##lO77ui31;svJHCRqlz3|Pe@EQQm`mr3O0?Wlr
zMz$~)%r4#IwKx3dk{(F8P6giYjo}fD^*RUxPaet@Syv+M#)X4WU^`JY$NSa`-KmZ7
z#n~e4Zl8geoY1DOj&mEhZ(1PW59jY2<p%1?4clPv!y15gHZ;G^UlRkK4;2<FM`q(_
z=-9&a&F*FPT^7VqZ(4Jry?(Bt*t8ba7PHCmA!Q$kePx%}5-y`F#$w6TYx13N#r3@)
z7ojI~))Xf@=DCIob_AWhC(28L(43`zvfKr1`~>ABuM67_{4AQ8vYRitdsWLf{NnQV
za7h)5BFWz5-LRC&VmSK#JK_qh+@uj8k}hs7A|F|C&TA90?4*TV^a-$(m;i777U_#|
zu;J0tsha@6@PpQ3-NJr%%I^e_coCyaU^ZBRa0PYnn60<us5$JFV=?w2meP$vjYZI=
zB#oNa?EL~}EvY5^4u-{3=Xn4Tm+jZihhN*X8uf>G-CmcdL{Dfs=T4*c<f><Xfs0<s
z?7KjqvlU-MfCJE_!~1z})?;)M9zF4ZIg8l+JiYT>Wz<*#=r;CPbG46T`NtmZ2hh8x
z8@f+D+5)dkk}%c3nLz#5PtOJ^W(c0j@s|4UasX+)r%Tqi?|FTO9e)GeVNXANBV;Q3
zjbRfIMl<%EC7=yg<9L#x@<exHtOVSZ-*jTyy*Be@$(etf<PU(gNEOKfy_#7eaq{l>
z@(A^`F>}N>6^$ye%5x|F%@ATU3fhH%lzB_vo0P37c{wVL4lEzHN1T+GGQpIhBzD+b
zzlifE3Msfm*2hv0!dtC7O+ys3ivuT43nfxALBhNH$*WIC;K<Fy9?EP103gf2c~C|w
z<9rtM3b|C$QkuBTnDj6>OJzXju>^b&1e5duL08OvNO>W7JKhw~kaEYj*KM$+X($Zz
zdh+xG?)d4i-Ak3_(YD)0zutb`4K!#kGl7e*1^ZgwI~If`pda|tK7&o$&I7ov%J;zB
zgV-gPRPyncy!EG^xjAiO4r6ZfSx%j-PBbLZd8kH$%Vmjp9Gpb-_w7Pw!Tu?F(OtHS
z7bCTgJm^YiJ24UiUi;uaB%j#>O=2%Np}ujZV`IdxGoWqDCf_l)+&*Hvd((Ote}5RB
zHiQZOH(Sdre*ZK9S=Dm`{0SoTJzc4S<DT+;+32rBF5^eNcLHdiXICWUt&G>y>`(Z~
z%;_Dj;hTsChZfQ`riRhnS$4nXaE*#0s^l)eg0-Ad3Tv+W6;@0;;)JOA>l3Ug>S>`C
zIj$cELy7#0#{ZPm@X@1ie2X!c<x}B9%r`a+u7ci&I0us+MFIXcjqeryI&ty_j(-pW
z0Q9R=UP%5-KrGGLBTeOClBz)T|9<NPbeAY6RyWS(q}bahx$5Lk2^Mel55MqVB3%R%
zW13Qh5_cUj6ZFpWWNz)(#p56*4wN2&rYF>?BfR%<K}r~0Z>1Yja{aJ53~Q$L5Rg91
zbxw}YZ&G)OO!IcVmK)AOQKtYuCsL=7M9&Syc6W;u<y|?NHB!-4$$CS?Gv~Mo68`~J
zSvnXANOzSP)C%=pzs%^9^opo2&ETEq0n&LP`8WqtEF&5Jy{`fnLE8i(;vx#BJOQc_
zQb68>n_#m~+KoVJA4G1TOOjPO;ho|o)_vpUs6<s@llin*`9O3VRLs+Ht>2Q9z<)XM
zL695NG$3z%z-ng51${q!tRb*8cB{lGl@qusF7e>AtT%eHj;liDsRt;^Yalg;j;3<9
zKDX|!0rM52tyDv@!`J6Y9t8MqXT3+P7;Z93bgx<iP8iqv=2w-*CJJrh@@KddiOhAv
zm++9Vw-e6?N$_j%&@#y0pj*>l74T7`Vzd5QS23{WNXI+3Ht_39I5_o{GSGK7vPVb@
zEyZ*xyKVH<U|m;YOhYw+zlwa{C?LQTrv(&*ZK@HVAN{?j!9VGu(<gmSjsszd?9|}5
z!KAifZ?C%k-C~4GQsEKEI*G+Y8Ufps@)t}r{bz~|&er>HfT-r8pxXL&y~0@3i%Iuu
ztuNk2M8q~mr8Kh)dy)m0T|x;1pgfmaz&6Gr6|a$GRk#JVHS)Pv_PH*~^vK;$t+*2{
zT3M3k-asAbvGnV~Y(K`3Zy@aOsYmB$k3KLDm}R@d+B84={g{`bG%&k~Q7IojYp%1}
z?VAl(IGWLa|0zDK%04Y*ODbO}UHjqTYCSmzd;YtU>@-5md|v+%0OyKrMmm|Tzex{v
zGTK(nN3<vjBA5IZ`LyHEp|$5cn!|Z9oeUhul3UPe>d|V7<pGoUuro{z=SfA469o?N
zTg0k|cfWe#xa8CM3BD;-==)qKfcIOmg!>#ipz|x=Mh*C0+z4TU_4`v1Oj*x2&y`Jw
z^4Z1YldhZ{t;p4+p3p&Edy)WMFrz2(P`(`x&XdJ0bXPBf4J~5P{+^dBx9fV#{hpiQ
z&PT(zQSs$I$l)ewUh5(9_~kjrq?3K!9a;I!^2wgG@vo4oq96x4qP;p6#Kvh?3h+<R
zm3nOcYWlt1M>qJXn#YOQ+)4W6joQKCMwcK(3)ohq(h5L2Ox8leB9@99XV2kV6r`)k
zM&#~5<7h59+j+C6z`Vx<OQc6bRg$eoK9zEABzpS%YcM=1(G|MXt(LkC?BvFyiX6(m
z2Uz;HpINyIT%-FKTmeAmyc8o$XF1e-uRW$Kn$@;uhIi~yA|9So^m!LX104Ahd%iv)
zyzBDsJL|)T)0NDmB(Q)wVdw0#VZmfZ#)*9OFEH}`XH1o30$i_6huJVW&1^UU@|y~M
z&3Y@lZuF<Sk9zfWuF!d|)>``!3#foyhPr*tk#mY${r<IQ>N-T0C^)UAZs@~g{~_mL
zkWNU0Wvc-cgaoZb)mbVTVLTk8y5uLatMN{Sev67Jpq1Iax<I?gnLa=ivU5Qc0tCtJ
zn-^=2O6pizV5QA_1JM{E2X^AD4s|7=LDu22VQ1PcZ0UEE=lu57$P9T=L9ij}8%SUX
z&#2tkXiKU@1tl9iKlByQ)ntzXMk6jD6Dm0yo>$dch+0#&ZlC8Jv*}KeOQlM4E#{-Y
z|1U+!Wu@CFx1Z7x@BP=aZ{(<;)VrXeXc;yH(Z^}GKQP_RQ~tl?zZjYt9On*}3d4l;
zbLTx*J`1_yb}0+r`gPkb4LCe;+XF7KS@IC{Lo7A@?KkOH@(i9RA{IXWTbA*?{1MP&
z{LL!eD({)nQTxxwy+74quuA{?(`e7Fa=$UZEHLJ3x&>NEwz4drrF>cSbI+@Gws9gX
zI(v62fpNWs*G})nkvng0UCuLTJQF4N?|CNtyYOTDCl(XVE&x(CVN8#-8=bWq2it$P
zB9Bk0i0>2rMbsq^`u_WuU?u<}IhlIF=$M<AAcANIYeH@;>-0V7LnE&(<6^Uxh~8rG
znPvFTl=(w#{OkWJxdx_W`d1*5?HzETup@l%|H)Vd->W{XI10Gj1mUmc_P9-S3jUqy
z3#RJn14|Ml_CeT3$(aiS5JuV73;$+NJvENM1GtPY_NjrWJO_rbN~-KE5}`o+hmdp^
z{HElSx61!$AKrYBJF}dlUt*h)sXeX)s~)si%mq}*Hsnb<1(#tmz0YC(2i6CvZ0_f5
zkupX<IBx%Ie{|-`W1yvQQ&DB<f&hI)f96+sOXEUuvcKbuX8Yei))&`PxIg*7$q)V?
zt<Qh?g2Vsyy8I<x`X8;&zrK<`U(a9P&Hre9{yn(=`SpMFivL$>eG1<3LJb86O_kLv
z*`Sa94`h#Q6s?7pQR$5#pBAUAkQnU3$)^XfYGG8}A34hHH+Yqu<P(<vrnKrOLRwd!
zMG)}bbR-6|zbXKQmF7QsuievKM8tpdIMV<Gx?dEnA=H9B<z_i*jXrn<P~ShokT5)Q
za_7IR+A&GWrh{hbrt)b_GlP9SOC(;4*7uKO=Hcm48~5M;*^s&{f_<$sTQ7hXgXteF
zhSn*e*z#X@@1Ga#-@jmie?Lo*-Ug`{`LgS{fXtjH*S;oy0Z+XKny12N7U|Y~C4O!N
zti%R}vML!0zW=#|`pHlKdHd6UUW*nVprawn;1!Gq*?Ivj^$WhM`M^labm#95<$e5_
zrgQm>ov~-p^9^-=ps>kbOPVhyvK20oe_3Re_Pv0rEJzgIo$w2}04Vw4cpFqQ#5dOh
zC2M*F;p~*vBaSQoIacpI!7m|hmQ`*5r`bTj^o?!tUYjEQ3paHcg==s5oRo&Wk1F;8
zL2##RMYyMd#5ICaVA}o!^W%i7h+QjNg-*m-r47ktgi+N_U&jMnnNoi7M6H{EH<#(L
z5+4a4wMvUe2>>c+_Ov0vn9qsV*7h(_l~R@u;IUd~<&+4_Yv&#(#tAunn=jrD1ZxI0
z<kvStfTPlv=yRA+t+ySeSN1XqpS`)%*1f$mXvt6vzUOarZClfz2hqku*eLa=bsf-x
z@~2UQEBjc(Y0eB|mCDgeowNr{Z!eY|42lBZT1)RzdGpckw6Y3loPR|N_w|8}^;`5p
z{uyzLLqOt)$ha`~4F7e~uDGIpu!SA7q8yO{ODIpO#0$JvYztbLt=Hot`=T|oz&1uJ
zgI)|mdT6`p-qqS}V{l+Fw(+G-8*11it^58T$@H}td{JL7s@#w`SaRwG-iP)DH7nI<
zYtVaI)PP`)MZku=kzY_U-4vz`T-%NN*WgEzv?I()m5P9&%I?4Yjs~R-@G#Fs7pMq`
z14n0qgjYA+^7Yng2XpnC3w5|YFmY?<ae#?7NO)(&sT*Z8koS>V$kA*lUs~dsynG*U
zi79}9RN?Z)p<?~T^B172H77^Pz&}4w7c)c<Cuom?ROW@$rKno$f=&`7I&8cefB9)2
zn3eG=vwKLhU{l}|ApSxd&=OwIWsFpmjta<)Gw^qq9e}ljCYmVnj#wfQmE`l?mSg@)
z=`smsYNl`QHtFTLVsGr!lZYt9yDYn9YT<@-p{uF`reR{4%U~|cb`s6ABh%4NuvD#?
zmZ=5kd|G-Nr;EH>GsH~>9g;kjj0mub;(7y?V2TE>RP`ell1V8t48=SyQGCaWvA>j-
zp-8Hnm%3;a?a!<9q7?JWjq~k4!f=*T(fMVqu{{ss7erN}b;YF6L+%u^_kQ}H1Yp6A
zK7e<whF=($gAj~vzK{hBo`Y1pIPP<jqa?P4h;d{MHN!iM>wyJ?vB{JMi>X+eGj1r0
zn%_F5MfGV?CHRk}0}!4Xx%j>e5ZNyZ{TdSh3{DNb*GV_-{_O<-__@K=c8?cJmsFAt
zKP5|}v-wxiw_Ri=IS(*(!LBmGZ&Di1EvRLC)bx`tdo1M#lv}SF7cVf|Bp$Gz=wt|t
zy)Z2vbH}E#d3SyuTm-TYg`+u=E7|N_h3VsK$rD=iN9w(^(IVeO&5)JJBTrQARa@(e
zT9M!1Pcmu%YhlH2fWoT^w)o&XvpMGc^PMqpBK$A>Bj`>#Jt^O`iTLE6#eom`Y(Y-6
z2YB``FQ$^8BPY1@s6Vl+takksfO@q7t6Ntq!GUgqsL-cCEcbUt=!;)<k7K|hW2*yW
zG#`9*_7DL4-JOFJt-IZOZw^+JMYtr4r8rurfCCJb{2d_-*z>_#S<|SQxI?`TaHVrM
zq1u#cEITXXMs%(dQgi#MM&22AJ<-kJH7?(Sr5%9UXVGcuN|YG?94Qg=b_@)YvzFFG
zlw(M!XQ0ECcYeTBF#_PfPZvGS$8{+=5z~v~Y##cT86^%d+`YH%2j-v2U@wNeWDwhb
zQVdY!*u}=CAQfs;E8<{A?&H^6j^wcX^U6%CdiCb^u9lbIz-Qekwr;Vo**WYet0MJ>
zh)W#W?B>b)yfwBcqC^$a4lf()rUOU4EMkEH6?~4(kQ!Q1X~n?*-g=x5`_0^eF654A
z`s!P0-C@S8?uZ5JVe8@8e3H&z(z=%&{-Am)rz73<?8*&N-Y><Y`)WxX{93O1y6823
z^vls!ay&g4zvJ5z0w$naz%a8V!x!v#52Fq1J->fHtLu>0xd&uU!BHv@%rEei`6GGX
zzlZ;93Zcom?|DE)*$?2&8<f#c&lfqmtxf%~+H?7PGj?mlKswfd#n>yuq#mUStZ6FH
zH*Lg8sUL9n%DW_0MhMqH*bq+nsO%$sQ~_e1XFGRR?vooBRc9FU`n2>H%pWXwN6yfs
zGx!{;!dJ!=IgP4CIa_}w)!&S6lKdV)qvP)P=7OZLfp-Er_zfGMAktBLyW$%!M&H~r
zvFI>f7_J7`0>0PJGw2w3;PO=NUX1l2ijraq(E#VCZy-ghwC^96h&Mk^$uQp?W_=bj
za(dqkmAi_-tj-Ymt@!L3itRO!S%aNpzYU9#aX~3Yg~DwK7LIHJ9001e1|O}XuV7aq
zT-cc&AH9_5xR_yma<n5Tk?6C$m;CB0-CG(-V_1UM_Nex?R9MZibu2ZXv%(NhF2gCv
zkJ)))Dpro?>9*xvqGu*bbhAhRR?TVM$<GzjahxtKTi8BrJff5T(re{tryKPnEY%32
zDLDRFAALEi4`>f``f_U`ha8&ditjq4?oS1A1-C69ELU`?=U<i|w;tBimN?lgjN>&g
za9|86vc_&5g6j_Nl%<W=Kv}m$FzK#8b~{7(3#7_s0_Yse74D<Dk>K{EqiV;ni(`Lt
zA?rKM<YE><7Kj(<+Zbvm^S;?yQn#PqM9)WPDniHN4+6?F=Q`uFmb)psFAI*js!RE=
z3k=(S6;jp&hkW(A9zmv3ys-7*?iJ<^fBUM`ebV3d+Z#tzyk_Y`V3*X+1dKX;LU@Io
z9EFVzTVHl+u^2h)?)-%DFIAm;l1E*ux5K|B_O6=l>}PO`EB6*z^%UGZH+K%J>?T2(
zogF2Q{;2fxxTABJ2^Fst?u9wt!h@fjdeLrDt}~MXTTY&0cq_<74^P31_GiYucH-T)
zinX^eTTDVf7KeA975DY)XE0PB7>3YBRauDaW66{_^lgs%v<+3A=Gt4HH5GRj+{k`R
zP&Z<OG#Yy(p<b$8bG)8aJ{$e1W1|e1sP3b6jB=o8HLn~o-Sz}A{i==5VIjH4{1nZx
zt_gmsq2qN$RG1Qo43S5oY%LvpB(u-T;?Qq?2?)DVy>}-G09<sinBcK|{d!@ET*#YH
z(e<ZQpP!L3b{+0<Ey}Ii6q?!eWky*KZ$EcB%t%Y<H4UaIL}j#tA86XyO?4i`^L|5Z
z#953G=R#ZoZ~#<9VDp#(nCyeqqBi49-Z2MP&%MQcg(h0+`jfhT0Ys?GH}ofmt4E}Z
z0GsXW-w4R;5EzDXLU*J0ey;)Xj^IkA{%@BUQVD4CxTc-bG{cV#mB%FOp_CU(S@!QY
zFL#e!lX!}D5R<-H5CFqMylif6X+8Olv;SF;=mG9utHN*0>aLyT!1Au(!s{P65dV>!
z`P-aW>%_j;E%yXS4+~I4aV{3;P&iJ$sub_G3WjwC0oxbRn0y5^biB~l(FI2X+f%hP
zY2<OHmfD#Hl9+n|uq3FWJ_{DfLFP}<>fgL3`uD&t`QfzhxgB~45|d1s$CI9xoadkf
zZ#=&kYgM8UZK||ex)uw+(N~o?(LE(TE9-gAgXGP+75vgUbq0ZD+YtCI@3Lbz+V`u8
zHnOle=5_T<M8TD+&y?9h1As{d2S{rQbbF?J8?;n{kl@*ooYGKj(AGsIUMzhXcv(iz
z;^FG|^O}MNmsq|!`2*Hx6N|y501sbt5H+GHh=Nn?U`{0)gdR!bReT+vc3$bdVi7;O
zq%c?CjbWc)3@Ypr7lBjT5SGF`KBnEJ?f<UQeEVuIMPuHLZ5r-D&*nP;F>OgVTZ`=8
zIUaP1+^6wh13jSzSf&<26{X)C;B`$uqCD6W{R?v1J9kpya&j37*~9Ig*TS<paRo!I
zTljFST6e|9RQZ}BF4hlT$P%_Q(B&wy;`Nmgr%pxmP2>afgC6C!j+yKGyU;s<^S;fK
zYIZ5tzxhN~8cdaM@}Q1vu>F+O<`-K*WRvK$HwA;Q*`?l{iCS%QdI5&e@5T4TS*%CP
zml$~uk|RNMNOo<gDOz05A%{;Sx3z>}+ps?1;R`<3G0BBr>8f9|lcz^!S|Xji6)1n`
z+-85oK#)vb;}7FQ!RTaOp}P#wcx%~3VDQM@hM1{4YPp}7&SPrF`=POY1JXr~JihYG
zA9ylSJ8*Bi13OecnI6+*r%i(N`A^fpIvC+_5DQmj61%odkDN-bR$bAFW7d`gaVXCW
zftC-Nrs#2nMq<h9l2qNcDypmS^R;udmD@wuo8p~sBD{eTLXmUF_ugv$(sfx{6LAFM
z9$#Y6RP6nw4VCU60?i_ZH%Fic_nVi74E>^MFpOob%iaA3`~577Il+><H72cNDRN|D
z^p!&+jLmKlhTWGL;KL>{+oJjN)LmpNH9HB5qiLmHLrVcI!%Fu)Y+Ixud&S54)_4f(
zx>MyfLAKt;hpGJp@^=+B<17~)shXZro0K@T`|W@9BQ%#lxDx*<c|-gt_c$F0ZBhw1
zIAvlFI|Pkv<bQGX&FKjhWf`&)FXQe#2H9kNP$0fk=+3J~ueTPQEt~P@WUgrpsSuid
z&V{*G>g8oVO3FL<ns-XxBwHIspc9dsRztu2Rps3c=ZWu9bM7f;XF0O{w6Ua@oqt9L
zZ@ZV4j=2XVG<y%2!AIekw46`G{@fhn*SHrVsG>P^v++b~=UZ+&OM~qE8JDmcGgW|-
z_^IWU&ab<Y8NvL!yndCd(+{&nzBJ2F)7X{0$#3v;BtQG172G^2tgiFzXhE1-3-tFI
z0Y!thjr{XmV+<8ax5~X3f+5#k{=!sUMS{;3f@M2lt%&SdUgkA+^BxtuEM#}9*cc~*
z#7e!hy+dXfF~0y2Ey8xg4iEr&-gu6}2essy&F0!~sHYh+Tz`MNgq_=yn;Q_sF2)A&
zn3ZUbFoOQ#qpo%qXd9oL4Rf5g&U(1)n0wo6BsW>*?fe_At$j?4jz53R=1$D&YixIW
zm|%oEq%2y0Dqvw8I(@fVo?&{ZX6Tu~X2`C}%p+Wei9hN9FoUEp2ScRR%jH;zrW!BV
z-8A2}3+3|qidR(RT%gPRs{K!YB^~bOYB8hIBrXh?BMsENE{NMLcF%TmC__-DXIlh+
z3w&7nB>%|)hHVzHWjLz^88K0Od&QF~%lN9F!!UkJwr@e@q`k?bf)a4r>cgbt8JT=(
zPr~R^6TF3wzE(pW*y?$Z9<;N5G^=ONU;4Iq2v|32MhliJ{rjd;uD?Id^9-F8zudmr
zKXqe#R@`sN<bVY;PqprRCHa9A^)2L-A03O)<D{@K0b?rf*W2y>E>xm?T-9Z;#Ybw$
zd6RD=+XvD~vtN=Y=DH=MoRQlWNU^7Ari7p+6im#ioqpzs_k%mxC6f|}d8tJBlX0gX
z<YK*GXt!y22oy-08>slfCaBcO@lk>JE5{a^E3$oK!Qod<sJM+^FRPP0P!nDKeq=q>
z5SVZSU2W+<yF4VAEQy-FrOYC(^jM5^kx|}BE>0S~zn$@-NJS}Wg5=NJap&~yK&5Xm
z2st9G2lA5S=#3glsT@PhQZb%l(#m$(no2SmDvf4CGcD@vL81sM+>k*8f1u+p8Cb{x
z`(=a`=cgM5m!0b>Us+Ok?2Gk;FeNkiJI;3^7y0eO_~d5P=1ixEA~`NAiyoJy5#hLP
z9@l!&L+{@e1*XtL(vCUuk3A({2li7B<p|s?Qh8<4-9)lYB!O@O9^G<^XC~!snjz6$
zfPnI>P|aC&dw|!Nfh-sU<-5l(^?R$Yq@gg@8w^0-f*qAgRG3GchaYbNzH{pxqv20>
z)TRj1vRyz?QQsL)JcgsS@0tJ$m&LxGew-{jV)_jMJ$K82CX0N+-5xMt!WMVIkfpM+
zz%?GkIsn_MCza@h9b_WpWwPnSb~9^Pv6Jm3gd~t1Lg)_NuVnw)D>l3eYVzN`9HTmE
zC}uA+%7#9GEYErl=9?uDH3Lfc`<3n*bc4*8>Nbzm0Y(9=gkgm_qvb9&?IWe(8$cM0
zhiDq?*vb^XRP^gUd;hF#+A(*qH4ZPotdOORUhjV`o@@m8A0P(r-7{3!8OKRNUW#V&
z@veN9MtcaXu{ft<Y#x1UZ`O|8An5^p>S$Y#AVR_BE0}+OuYKpU8XWA3y4NIWCB489
zV@&_xH`@mE4KfC#Yw~SGJUbYkrI$_W!5+f+J$F}o50nZmJmSL6fJ2L>o<Lp|xCMxX
zM9F(153Wi-?vuUfm5_S&^4cQ=^KKp?A#ZT4F|q4_NkHsQkoZvR4F<k#;783N>&uaM
zh)>2ac64&1xA=esT@blo%@LWIi<Q0epg}7vZCcwIQ?lG$I<)>=BGbK10fQ~I84MWb
zhVu8XT)Ip|(JpBE5eTPiD;b`SKQM2-$uIA-`<V*55t><L-l{oPlmBV}2)L8-epGN)
z!o5JIN5b>6&YJ(!`vRQ8lXm*bkEX!%c_}Y5E65~utGC>m@Za0Pv&yHn{sr6wYAzMH
z5<UuR5MA)hD~fH;#FvExiFrD%M1u_g3A^Hf&)HkKg-DPUKW-(vE^Hsv5qodX+{*6d
zR)rB%UWL_IRB2`}%on5dV<_iNiJ}HBJX+}8_h*bmhijc<fv17bX2a0cgCeaMB{cvZ
zK4=2xeZ*WH6#*<&&dMqS<a>TVQ~2arP;(?5U0^B54}DdA20KMDbaAFsFJJHJ728sH
z$`zZ-IswlMvYc^xjn?E%POR=PN7#+&o>vak3ey=y8@-f@t&q#b;--^Fwy^7Z90=Tj
z8iE$o_+3(t7n4(bNE$`-w*nZh<O3<(c9y>NdBt{{ZPvpT$6RBB2Sx0jF{;U!_KwfJ
zui**ViebeslYW*yis-tCbo_c1a`Z_aIzwm9Kvv{a9A%3Z<&eDcz6Ii1`2ENkr~xHs
zG+xF^y5tlhu0_3Unl&tp;zx_K<zqKN|Iv)DHeoKfZThCYOv-z>tB8AA5Gi2lbfu@?
zU}XdP`OpzLf39DlQPyeo=W_zr<u?}}*5O&{Vj?Z#21$*QcW*TY*9U|><qSN>^bj%m
z;|6rufm^Z$#IS=V-3ppx30XVKrP@S)z~v|3s4F0X+=c8=nZ3^pBit7)Y-6x6LNL2p
ziqDTYDcqR<>=f$uWSBv8fZiL31hYWD&*PNSw!y7#h;*q;FWbW<-mZ}MC~R9+vlF4K
zDX1ucFMRsw@^eRC-*8D*(>`{={m7Y9q(6Wm(?EaP&$g0m%G92tr|9I^oB?SX%glj6
zu$RrzX?nCV>ATSv9^CM}9TKLsei5^ioi}1|@B|^Z9F;d6;|V2<4|1n3Qt@_7AT+=8
zkNcnGi_?0XNZ&~0w<*alIDA$y0@P6LIUi^I0cV&J%!+!kk5u(o7^Si&hpRjWsVjoS
ze`>uF!|460C3I|$$!{Fx=eRTZfn)I}AfV=Oj7!)TsF>l!4MMpNAzXn^*1B;!{xoiN
zV!Vc)*Cy;J3DfYj%0rU%`|U)9*~LUVPA?~8sU{%T3Dw^2Z5U}_3_mSDAM_5i>Raq>
z|7|gv3;24bq4Rq4eC*OfbgyMtM%3>}t`U`D@?s=k^FKrc>7yKW#Jmq(3&-+>bSJ{9
z=-1TU4IXCmEepQYWKsU)T&nu)4ntYdTO0WrLUWy_y4l+ZefVN;pW!tUWv|<3Qs+~V
z&fDzOD_H1CPu`lra3;1Yg7ha4l68Ao59(pj%aQjIiBPl7pm~^@o2HwC{ygr}DiGV9
zIB!9>*X}u+(BzQ42eBhw8#X^TTHG04V{_Rf@vafF%zviSB{#6Z0)VydM}vh0&@Kkx
z`_lM~$_>ANA1eI*MS3vfw&~e>6eUY2e1%RA^-q^|9XWEv^UK4^TfSK=`G+m?J^~|2
zvCJ&_+$w<2ic)p<3+|x0qS_CWcfDq#j)K?ES|ur?0aht0@%U8>m#u!3sKK<naO|+>
z&O;QQ=D8PheHsUaldOmWUm9OI3e3c#b0TF8F6ge?k2JhAe$IoudE59s&A87FbFqtc
z{giP_=_-(~U}{Vm%L|zrrC8X-=^G5YBfM+|wnNw7T|t@4CZxqXmzV!e4pP{bI4Xi_
z=9EY6=}<xT4>lJf*ApUG6K%#+i%S*Itp__`fFKubyFKFFgtK0*+L<G--4bKxaKThx
z_jjagnz^VxVFu*C7YpR$?UKcM?jWKSwEKdAvEsfqxeO9>iRk3dDrNU{D{mGg?Bnoj
zFT*gPB*@T7fNy}}t13I<BgW^LPZ9PNbKTG5HcRA}fhTxt1TC{fi|s`BMY$XneJu4L
zZSaILV6C;s>Fq`Mej36@#m+OK)|h^=7?vMZzhvyXL`)sCrD@K|LtEcA4Y<?x%;zZ~
zp6tbTyq#|T++6M5V|jLYy~Xk395DP2#EAtt`>}GhzJQ8sHFgqg3Hr&LaUGM;4+ZVm
zHmo2s?c|Lclj!*bkkD9?6G89(TS_cYu=>l3Ji@pK3){W>_Bu|&&F&4!P(te@Pb(y3
zu{m0n8oLhqTDIOuBY#JWB$Z1=jQQ`w>dD?<y{HAMZS>()+9gBQ>~MfMQTtaZT)pB`
zR)I3Asosmlihrz(bcH+}GdZ}7JnmpZ<%L+&oSvL7<uC8NjZLz_*s<>Hs%XfhsyOEq
zDhSmdl7KqpLYBP;10R`r2e2R5YEnsK%qV)DN^ZOt7~Un_9D37?<FzZq+=Z$JjR!^O
zo4l5h6^P+1dw<NwJC9ls%~2*-K|D19yj#wkqHooc+jEyV!PKH6{@tL9RTk(gm&8In
ziTd2`P(aq0>;~qo{;D|cEBf=OXJkmy?8nZ7<(1R^v&?R7{q`qsv8f%dTdENjNjdUp
zT+vZ0#1SACC{t(sx%9;jCBE@$n?WWR$7~UBRB2P5o_zuGw-;*(7!>H*MjSfyrz%SD
zMYkb1#|cE}R>8L?`fvar;f(Q0a-@v&iQJVM2BX@0U%4?uxYi3=^=nEAM9B#R9g&(t
z84rlezp6k)6#X5knUDYY#x~31_h8L8;m7`${QWN#-K8usF{D4(u2Q3OY`()x<#7W#
zvRG%1{UUX~!z?pi`{n^2!UVZ8s$(e=&Q#bN^Ms(lI=Dyfp=?2kwQcD<+8c4|>Wltn
zjxA|%7_1|n22CD9k5M~xc=)u!mR?nEv)7wtBA2AXN?DAf5bR<O;{i^<{zd@XFk9Y<
z)zR_i?XH)-omUinO)DvQ7xWMPHtr1e5pk%|v3f6SMD3P1G0iyKv31taD#IY(l-Rvj
zJxN8Cyw!iEaS!TsA+%!C9^&xPMdQwklSSE<Xk`K9l~>4;IOT7*=j+DOn(LWRZB-Oe
z1&wnzUvW&RIV1lw)l86Yoj!e$rN`M=ryq9gsDqam@eL3Sdx>V&alak6{l*s0^8rtT
zA-46aG~=MTtM*@{#mo@lpMCY_EEM(k^KZUc(g}@XhIBppXix%KaWz59jTLMSOH8_3
z@fms{QgmNn!F>p;DF_;IhUOkYVPdV-{F&|>5fU3^paR4W7zJn#as>o_$JGx=qMG{o
z?E_ba#%yC-Js24DP7aJt1O~-V4mTFThKvj7$^Lry7x}s=2XLds_K&?IO10xv0e@NR
zpBeqTu<UJXe>;`es`ExKRCHcQ+O#pu&8`8orVoYKk24eB|IL_#ShnMs|DrNx>_^<&
z%~hj8C+wV8$Xb5HJ;Hlu*K4w5x|VJ8J)<5=rQ~wnBVv%21uq7u+Be9XzFj!RAPab~
zMD_A`;BUSnL7m4n`_^`C_AS%E52goImKdIBfnBc)D+8mpiJrTm#F)2-35V92;hw+S
z-i_m@PU|x*Lpf6%xie1mE~+e+%)gUW#BoJE!RusJz^~=2^+=gRY>Rg5I0Qz1k;Eg{
zIHwULkfn}9)EkU~Xp-)J_HnQvAs=aD)X)H0Ch@wP&rTc`#_JkG3c@}f&>XD-tn%)U
z^^tP6K`8Uj`V!5qI*kZ2)Q+A;D>aRFO#W*+iRS9I-Hz0bvJyC}>A(SWYFNK!Bz45(
z{&Rx_cGYd=)k}V1(cDS_NHWjM0#0)ZG;*p-6=Tz{Rnj|&-Z%zwIn;|Qe_j0QE8a!O
z!}@AW(`ss6v>nkgOUK1#=M7*QFi&KKwQ?k4?2(ScR{K!~GbF<RuF?8;D^!spqLBNw
z(sE;Ny=N0g#vI&rkQ8n+c4NG_D)p_B@qDPrGBBrDGUh1HPa(fq=KuG@|Le_n#J~9z
z7D`{QaS1VOiKeIMzp&9~vDb%*Xo4)`{~c1fcxbM&3&2Dh`C6q2MQaZb$YewG)~S8v
zA=Hp@5^Tk6nNRXVjl<}XSrnXlzprc-z&`<_qwDZCPQkPp*2eh1?w9%L05}XJMm>hN
z^E71w#NiiozmAA29f0l-%c8%o7jN$VK_Y6X;VzTCgxiqO#y)y%D-I;aE9*}gnMbTe
z3L@V45g5S?UrZPh*#w^eM*EwFRR93da6toBfriUQ`?EP#-_qiqjWMTgLBmMBBR%$s
zX^!GsZ9_L*F);2rvK1GTw*pVO^zuCmHpE%kA)B8bvzt9#Dj-pd$FnM%h!Fh_`PWS%
z)dnN{Jg*GEdZku-=*Q7eY_ZXAanhk0P$FjM=ooH)2JS1m&r7ZQo^i>1^caP)y7a=M
znI2yhnQ#Y<&m5Q{d$E+!A#O`|1%MKxe0#{IBdH8(IK1aSNGjs(WCb9^(X7wjpeJ8D
z3aw2UG4#UX-E}UJaOks(Xfvo@Z<Lg!gCo3+$~0g_zn)l}I~wzt|Lt%XkIvKBH%09{
zJaaR1LpmHfB|nnq<#c+r=-y%W@2p@`geC;U7N9GqWqx$npIjI`y;fppH}-MhTv5cI
zD<;F`VBOLdbd<ix$!Cx|4!W9hyzN5ygl|7HQKhyW@C<A`xKOFOwa_Cn&#PHB@Yf*|
zJaOf)HegT8WBY+neFfmo(|O6MrjPi~jo<VBxs3-sUgA#|a_Xktb2ARAptqqPG^1;z
zZq3@N0WPpbXB(Z}_srN3g}2xKFtjASPrLBU^o^SNgoRAt9p+9vIuhB8G;od;UQGY0
zxDCvaBAG|O0acRtb&-`4U=eZ?+Ipuwmai$BzXHFy<T3?ldJYKbRvp`oI!Za}rhEIz
zz^;aC#F;kNOMya~`K?TxS1v!-vsg@kn@RQ2wn!2GCW!^EvjoP~s!%XtkEA>XBK}N8
zfw2^0`mzZz7@ZgJ)YvWW?~(zVIW2wLe00eTgCvY>H9tF{_?NQXDPD781WIre;nT6o
zp1YJr0zN#l6M*Ac7(42OD2t@?VDa?y5#k3(V+vgC&#}=e08WoR(M#qGbfSQbU_mT{
z{=HfsrUDk4yb}4&o2!$9j)v|T&g9!GyxJzE<Kl81@gmyE+KV~z`ZBfkW9$n@3rnBL
zj&k%%wJZ~KOD?%Vh-N`=ZqkM;&ELh1JEm&0*de?WK!2{;0#bWAtU;Hm2CjiH-4kML
z?{JcOno^@VM<{T2d1NAV`HBN3c1HbI32G;f#YP3<Y3v^;B{Fe7mxQjB`TkM4YOo`R
zaobdJV(0gh{~UU`1<h;HJ7}n-{gGp$@D@ajN>>ptoOB=jSP;gKd!;0Tdj;Fm7Z7ll
z_IN?X_if1!f^M8e-;g<ZHSvaEv1I5G@C&qflJb0=?QSp*=6*o3Bg&~Uzxy2vwtzf?
z)qn%-Zm{89a=DeMy3Om-o#fNAvir>2-O0=c4*!4P4A8r}_-{o5(TWq_4zKgltt#5V
zB)sn$k1j~brm@(|hwfGUXKegws>A#ntl(7fJngQ99bJjD41UvJU%o{<t@N$fl^z6s
zo4++OH(rNd^Qe|d<2$EmqVOge)h<7Gvq<<YLi4v^nVm`9uhK8S4y<#DW;rxO|F}_2
zoO=5;lfjR{PZI<@_^Rc^)ng062K9wat-c1p!aDY(31>@S!<kw+N_-fI4!038jX?Vn
z<^Fk_wya!8p=X0$UbrRDplTVSUJ<5h4|WF3S|EE?hy<sA3r{}_eDd2WNIh4LNiXq(
z1#aV&d(~bC18M39FSCY$rNo8@FvME~gcP~>jiHZ}T-hNZf!zv0eF@r|8U#722<czI
zAmMFMO0wsqvi!q|u$+>iR+dqkMdYec@zgAc8~()=;NtO(*QD-(W`#4IllX>seeHEd
z*-YRD7`uVzQRpa-u-{$@B(v`!T;yyII(dEe{7vX90%C7+{99|s(f`YkyCq!LGUn}o
z$4ZsrHo8?yPq?j2t?7a=qD>y@9eab^s}0bn*~*OH0mTV!I5vz}jZ$NZ4pTzCZD<AJ
zq=XkzBCiVNws>=}<^hINHhPW+XW?l}y>MFpoEKl>r_*Q0sxZIpT+}mxNs>JV*9q^@
zCItoZi_xE6knP^Od^Uk_B45(Cfp|DqUN{Pdbq7EnwdkWKAUp5fL^&3v4c<=vCa^)x
zX@3^<#pePQky#`0hRD)i#lQ7%*{NnkHiSBd+bxV6_+=hBG;Tgvavt{t)>$!O95^Cq
zBD=Gm)Q$<yc$zYUKhI^~@i1E7IrWbym#QXJii*y)q~~)wzfc=sjjqD((3E!PW#Ecq
zqSX8J{q!$gg%8f$@h)Rid`nY6vM<_x6Z5Aj0CVV40T?-ynsS%aEKQp3sBY(|_I>KO
zgP#R(!aiW7)ZwTN2Krw%XGsO05Ht_lSf#RTkn~8*P2ZRq0eEV*SRK?7vG{%mFfy{T
zP;46%Q&A)d{x1Yo8cqQDJ`>oCiE*O&dR}^U5w_vmL!qVZ8y2*YEq9w&0E%}s2dk+3
z2BZ(x|41Khhn(&(?=Bv4;gWOCpJ-apm92+G0i()<Zi?EVkgTtO%%lbE+ms9XDVm)6
zQsg4lYWQ4?c?N-<Tq7}8_Ge?5DSOyUvHtb9`oryKF6sj9V>d~?+I7Or=cH0-IBuvf
zTi?>D7TKUu_tmR%eUW{e^&;{yFkV%nqXCQfx_yDm05GlszCnU;1Fw`Gs1e}W4=5P7
zy){9#aLT1yb{V=8&oQ<umo@pC|48&f!7GBtV_RhpviiUtyRQhp_Z((n`||l6HXYCa
zyI7v(dv5@M;hsog$hyA-=j3aNiGA`9E?4sAus@Tk&ILegOX_6MU>#5A#HEo@kRUwq
z`uu|(UUS~5oy9)B6`}<Y+nNhfjN1zq06k1?w8Et;%6upvgb+!>N(}}B?l?XN=MO(w
zeT=8u{zBSJ-k^9A=hs!9v*-HdL=|(Lf?tbIvBIQ4uVarDPtHW;*26ulw4Ci`pY;{n
zP;P+-^=W+Fa(DH*MZDeNG4S2Qv(Xgxz^G+1GHgmGe}RkWg;T+eV+UB4$x0OH!!p@X
zWp&s5fMb^VNw+*v@VRR?2??I9teKO`<_x|Q$xw<`IdRImX#KeN@+WgQwAaJ%^D<ns
zpq8yrzjXQA$&V&F6^hA6<Yi*EgX_(`0hYiImESAgKnWvU*psPn04|Q4>{<d5*D;eD
zPE}i(>5oXnAM+b+d~OsT^1DRb-8E3!vsxB<vHOP8?sbd9xo!*Sa5>g%xsI+&O;r85
zR?fcuP6t;OSc2x#`@qt-F<MF@{4b0<0Sz&1C}fUYmq7<DuB|Y2=j44KUGfR&jLNGz
zcNDIeCVQ?BC0u78xPtMZ{qaWdn(IX=$#^cE)d+VZkJ>?prnt-ndXMz|A-)U!rVVHt
z6#7Xm^-mJWn!z$(^Td#>oDk^1?->r{WOX;py2Y?M{d5r(@xEmTIU-wkwz4l-GHJ!#
zt+3G#E3hY4w->1RasU=W<R>v?-<=5bFC4h}i_?vfi37FYgEi>-6KMeSJV=s0{5_EW
zRe16(nL5uA%X`o{Kyg+xqGSZqh3vVNyyP`ML$MxOI?E_8##ZyvAnxfHY1{SqFn9U~
zMuyvH4x(B9`&LP|>Qmx>mO}rmOrsc~9<b7QL(+S)ug~cq3;=)WJ&C-jPPXesmPo*W
ziG@>heFSK1Zm)yF3m3pU!q21`ravml-hRq9m_|0$m5!+$5o{_Ogu-EK1wmZa8y728
z>V$>VrC1zR`B(BxFx2w8LKgN;teG#X0ZdYk3M=O780s?5@ecx*LRag9?{C_-3C+Kg
zYi~9?>axkz)sgmF=tK^%-wt6_XSUS6XKv_ISZ%~}HZUC9Hqnk<)9?3dgF`U+AXqpP
z00JEF)?;cR_|GBTjHni{-pJCTkbu!~4(DiQl`MjIz@aAASW3X=)wam7V~Gl4di+ZZ
zv^%^e#)S<5=VOYVeAmP1Xq~x(@rv7Yx?_u0rN;w2ko8dB3pgW#DBJK+=hVb3ju_+m
z4H^oL*xJ-iUQnMk2KcR|q)-5lvS!ucQ`BlOy<kW?kDVhO(M&6Qdw%<T()gPG03LNT
zSaH%`E|C_Yv{(39$9Gx$ciUA}QElFy%>(`QZ6~ptQ#txZ6Z74KJ|S&l5PuqhS206{
zZccl#P9BMd%$M87W(Xl`^<$Rd^~GTk1sA*$<SO&@Gx#d`5(^uPMa3H$2x0*n_$T&9
zf>nh0bUR<4e-77!gV<@q)1{=;*xFK=Nf~-uxp_RbYH*!^vovc70yEebWKrr8udtQ7
zRl)I6aU5mf;lzR|8>|*ks2W_WUkYFq5r;5v8-LlmO}Fx;bi^^p`~K6D-$u(!%|*YD
zb~JOx%-e1a^1f>s4rS2vDD1gf9yTkJ*Z%&3XER2I#=wmFNwb^nj~>eHNmU$J!+l5P
zUi;ypb!%BI5#q&2_?tI$?PBwEGC2Rm3R;9eTO?gYVr<Tl{}&FL?<oh(*kNW|QvdO*
zrGb_*u6J;jbNw2PLqA?hc}@Dm+Ib`(lt~Zk^^A2~EI+|Y1hgob*W)CV#rNJCG6;An
zKKu;WzJaP`a>pvJo4-{{LUZYAbawn+ega^8-In*G|A)5sj;Ff+8^=RNMcPJ2<0?dU
zM%F18D(lG3&Q6i-m}yW64SOCbLL7UqC~_zydnJxNk9lyM-|KyjuB&nG`}4c+@8kZ@
z!{fYP<GEkY$zP-jHRgdjK(<X9eyOz(<bzv(j!Ob<GGrv<ocHL~ubnRf$*1~{F(4)I
zBR7k)!h2=O4z|0llR()emX3hh?2eAy#jpMD>dK%}aCgN#C+LBZ?mYJS^p(oZ8PVEl
z^V}U-31$rp3hc~`9NyXkuizcP4pj#&%HP#d=Nmp*^Dv7SGEeawjYc?0j1}e>*V6KT
zL^8jBRS)unZWc-k6z(lO6V^JAopqA$;|$||<fQ;%W*@2!r<L8@Qg8EHJ57Vn?1G%c
z2G%}ShSH;6wvki3ZDQ$#tfR*McGtO$vIj5$NA06(0(LzI{V6BiR-SCVd6g<T>zeo%
z-jGhyp6AU!;`x=If*ifwuARkAi7$=D0(aSn>$R~(G#n6YeHbb;TWWVBVmZ$6UZ!$<
z_k>o8Po$S>*g5#^KJP^d=VmCeIPJT<KjHq$5h35r%rx^AwL|6<QWe=7{KG|pw@yDU
zoOJ^EUKPL!0xzx*F>^Xx3$3|;_usoBKNcz@%8XxnW_8)F_eYlF4NX*bTSj{ISy4BO
zDcPy-GqCcOz=9sBZ)iEZVNe?02KKE_<eJ&62ptf&-4E!n(s{!Vx|>r)aSFWAmUyi9
zZp)D=taLsGBxzaK*ZRWkHI~#rcD}ASE_<=XN$I#(S0RXgMP8H~->_`)<UKjMB5u=t
z>jAek3p6NQc}Mx4Z@zaa4^fym8a4`3f07bO=I$}Din-uhdvXwtA7UKP5E}IX17TfC
z0uiTM;R2ejwG84>l20&=kr{jVB?cF-p$=-4TT^2=v<DvwKVYx-SeSQ~4ne@>a5Wdf
z*Z^^86oQWG(V@3ESS(0oS^C#ac8BPMpRbSh1Jgx=uQPQBm+(FPo5nsUaL1vSdd-Y>
z-QTHqcYK7}a)C7Qf~<^TzO#pdKgC9t3<mTnd0&D@Uj*@tV7qJ;-B&pDon1$`1BPbz
zt@Z%BI2O|(Y_j>P`GQ-yN3G22CT@UVpkm~2uU^n=^~v4coSA}aC-;pSzrzQw*WmHJ
z4!lkH!&;7sKqRV^JlG}@RFgq|ESRUB5zb2x%!>Fx{W4Lw<ZE=|67TnOW{^DmRvQP}
z2KOJ@(~(zjqx~wBUWkLIl_z|-ETWqJ=`Wwe&MzF&ZUZI$#{47di#g4uR|hW_6$#=3
zOX{65RCC9qX0%3oyg@0%l9FrUXlc`8l=3EWm1W~i?v2|B4o@A6Q<6hp2A=a>Zz)W8
z^%nG%wdgilR4c6*s+|B`7Ye`8F841V5K`iFev(!Sy0j<;GYg$?Ij6XgfI-XT&!4}J
z2r>U2NBgP%SmZ?(*{V12&q~2#|CHu_Ar{pfhsG=XGB4{Go4+AC<~EPe5lDUht$xQx
zYe^;g1nBUO;Sxk(59JxMl|Nx%6@^#eMq|UP;Ni%fphJF22{3D&PTBAr`Y{*o%rU5T
z_3nv3=GxTkN9LYp6R$e~#`<tlPA8)SMVvv|$s6gNG3R<UmuGrA>B^TfUZ;1)oVtHT
zeb*V(E3p1WQuT1O@hFy+uAmppozWdA{JUYh4ini2<(5CY`$x4AOoCFY<Nk1+9;jcz
z$b+lkZd>t_inJbpPZ+Q4!PL0c^8N#q-TR>CO4p%T1^>o1folb<0~(uY0<#$Ix3!Q8
zQn}oV|7H$?s%x&FsFpo*I$MP_bL^NPG~%JH1D;jsbH)DuX(-&MT(}|yG*9V&J)SNm
z1r7~?`(Mwh68(g6Etq-YDvZAL|1!b`uE(w0O1Pq&l5qpheX<4P%0j#K&uqPUVo>B#
z<WJ?lB>WJX2jZ(69NTHX`<WZ$S{USJwhnE`o@$I(xOLMTc2TzM@}-Xj6bC}?|F!Qx
zZW&CX#+I%d#{azEkM45EKA6>C^!NYb8xmgIIk<XjPvUdS#z=mHh%pnCV!PI=i~8!4
z%IefCuESf}s9$?IWG;gxd`i4ZcPHJxW3W3rC@8@n<6*G$4WzcFaU*>8>-?EW;(zH2
zVd;CKFP?M7D@c_e_~*Aj{eje^Oq;zIgDurOnQjQJb4>8w&Z|Zr54}&D66hHUCoTTd
z2heu$2QImCYQakW$KQMn>x^gBzz|R3&+^yP$%`q+)QtRE_o9Bj%0Ii2?ldeMW=<Oz
zP}7o&;Z>As*C%~WL3!^K^gUeVKYcG8CUx#5`V<jRBA1S}KTx?4SGx6*-FVl((EDf0
zV=X-XTB{e#VUmqXdovVu0;p?)az{pz%7dU~zHBc;#SLwZ{6E>ckp*3=AK>Ke>ttxb
z?SA7`xH1vLG;rd{qyN*%ss9(Z&7ef@VbU$-k}tVv_JD+Oo72z@ZFDEsgWNnwu=@=~
zu+*Jb`)QZyF>1kYoQR;TrU!I!TytM)R+UYlE|HjiQ0EW$x?DNd?gOXzpMTS0sT?_K
zbnRTOF#VXOaj4Z?;9VZn{~RIOEa-%!zO*52ej?K_-}KjF5`J*wKi%>$;Hih(Jk@jz
z`i9!^KYeqSHjIg0V7I)yJc3CT(VzBAXM0Z=@q5ev^nGwMoa0laPN?CbfV?|SM>IZ{
zaU=Ww=c`a)ir=#8vjhx_gefU4B6IIJr7B)4A>z_>2Q|d$VgHHK^QAEb5Sp{L(R^pm
ztJ0@DdYYXk`L(=6IQ~HI4~9AqSW|Yqm>$E<9tObu`_(o476!<FNTY2!u!%F8xuzZ9
z6o>V!KY=v7^n?6jb|0eXw>SBCh=F%fV8DwkQC1^&yKKnbZ2AE@6@<(i>u}%w&;kAT
z?jbGUQf%;;>vzh8j$ZwQ=?xQ{1FdDj-Mpqrwap1eFj$EzuNQgonYc4OrJTb!OyRk?
zgg&e!u?}uP<OP@$1qEhA9!c>V*O1m6e+Z-JX0$W`0wzQi!EV=Z7Y)QqO(vWqfukrX
z(f1^?JQcQO`>)_-L4V!`x+xm`Q1i4FY0+PQMY+@SDsqwqV(cF7Ul{usvQOos8(H>T
zO05P+>tfI}UL7;NagMmnrBla{aaW8h$Y10wOdAHIm32<I8c9rP!(a%wl1|l6s_CDD
zMNLow1;r?U&U=ykhzDi89-TxWQQ`q`kr&mu<cVVa(lM)TXax*0!$X32Q1xuy+Zeod
za39?MQ-d-2<B9vH^PnubS9|Ae1&Fs9X8?E^V5ZId=TJZYQSGwlkfyO8qCK)^NQvVG
z=1l#mMt$Q#?+@cHx+&5mkeLcn?+l}LHe7y87VMZi*!}u2Ni}zNCJM_j8WN^ja_`)6
zYSeQ3iyYO#Om;<KOHl#J<|N8-*iFa1I$CUVcpJ;V5<$utxCJ+gqlBBj-kKX6?`lMn
zwBnG|_C9yPK6@^?9VfdF=kAa2+1d+j7Q~CR*a4VVh@I$>|8)Zr;`}G}KLi=|oRX06
zIAXzqmQP5MmdU<CT3O^W!1C$f!b);XA^2h^;Gb8m9V8XdavVT>@4GV*WWn`_8qI>n
ziG*2lb8+l%KL{biU-r<xpU(OFRq~Gk0;YU!w0+J;02^E@Iphr${2BORxN&jum*6DJ
zM%^bm1NuK8qXJfurU+3bPd4Th&G6abcWo{tNby3D5<bv#fjp!R?}H~8tG^}*85SO}
z@X0`<RC3lu6a{5t1pg<mk{cG5%%4-sLk=1-QfnGF-+9-mK-@~u2yE4MDvgaqYrpNc
z6amu?$hGEP?f7QHKq6-*09;=do*A-~RXws30B6k7fwUSj1W*V2Ax`2!e<v=}9Xrt!
z7+~$xw6wqncmbPMf19KvZ4v>#D|*#Vo=|3YzqjTNwKB<2;@@2hC_jjMi~-<pR^m-C
z5#vh*;A<1c#5y8!f8Q3F1SDa-W&208AX{RR^!XUtaO$w5&%3v={uS^-=VK4`-vB|>
zGyd=PajPTF$|D5pv;>IM0P6(AP^Ol3ku3CF6if{Rup!qhx!oU_oFd5`K>#3HbGGHX
zWQntY64(ol=qdJ~J5I-c*upkv0R4r1+)JKvl>MWUq+@(C0fPdj76^nVlbG5Q;AzPm
zNlpH%`>={TSh&tJpk-}%Ul7ki|K`pe?47-D?a5(FaG3gMwS%ZjWZpr9K(z&g@nlOA
zvJhAb{YCA>CQye1+1Si{gNKNgOZ-66d((-M12zRE`~Ig%efxDDkc{_epcSO^>I@vn
zlDQ<Mb~BOh99htZck_}i4HE${u)0`Co(|-w>nyqJ?E%o_Xf-oPKsy6I(85lV)$}lH
z>U2s-YX)VKxK!{BV4ZvCbJxjf&1w~<H!)aG4~>L)HdSC0v^CS?Nebk}KES;@BaF!1
z<5-IlrI0*=dxL0q*57e51fPz6`yp&&0Absyt(^E>LP69CtJ<Zd3WyW9e$>54w{f5Y
za=lK%hWd9NAi_JvpgOFx?QA+p%Lq~dO1A!noDwGYW08wM{3_DtsgZE;88C@^hwcPf
z+PZYg6g~A15UKtGXoKBL+eXQ6RL{NZNh3U@H(>j%rM#j41N5RmB->vyry_Tno$J?N
z0snHi{{VpKY_Ma?Zn89}QUo(U6=46P7XUrCHSVJsVE=4W4~>X8=`h{n@`%#c;YviH
z(CC4S-l5g)BnkUpcaLhN6b`dqnxB#;{y&NXP|Jj)*6v?_wXNPgRgrN?(s6*q#<=Pg
z0-R96VJjpl!f^x~cj#TKDEZ@F04Lb(v3DB~b%4F%caa4&vx<NE9c;~qa5XeM3$C}V
zXkvEJaf=_!jsFeOq*LK}zOkV3lJ?hBiMRE<0xZqc0C{tAw>>6!3sMb=X~&4?6m*6N
zWVUNclH7Igoz1>E@umD8^ne}mMo+a)<KcpsWz*2I0g{%og>;sV+5>XJ1%|ZVnJyeA
zBVS@&ryx%ftR~<ZtL?XK`N-|I^BMr5eKa~`o6k=IL?{YZ;Blab=Mj+HaD)T2!yB-F
z(?M>xrz%J`xUpb4H$4Lb=9Un~HTSp%2#kWI#^t~|9d*;7s~IDxZq6)Q6ls=b2Lshc
z=a<^lJNspgI6p^=aBU9ERh)`*>#;Q(C`TZ2KqHIYoEu&BHLBwM5=QNR@mLSlJQxC<
zn;WN~B$FD@Y&P~4dm8UqsXh=$7=pS-^#8T|r%YPPfq4gDZB`0AM_vlXQHSL{bQ(BH
zfsy6VQY8tFe(2Jwn?WXqEThedgSW@POc0@)UD?MC-MTG@7841P*`V+?V56{XsAA5?
zL1M8fQiq-6UKh$|#x7lUs$Lw_N7#FeNexDe`+zk0p}fS3Y|b(vjF@wja1!O8ByfdN
z2+0<yeUi8KHaOV04TshdIREh<9C{j@CZQ{}tA`J1IL&0@P(BneUnz$$!6oyc=0F~{
z{?lb=GmulY3kpwy-mg=&Aomt@?(bo)TzV~_TC(|-n(kFd@Q%Q*)-TupkcIb7!4t68
z0<fmRnFA!Q$pQpXq-eA=473Yroew3fMWZh)M4tqyy1SIv5f&04)Kv?H9mO~V>7$uI
zrxMGmw5&K#aXrL7=b>cW1ZpD>$}S}_sug@pIB$H+^`?Zx(pTFwq2D>nzmkbLGO0XS
zNjPl7*T$8knOxKXpPZXIf!qYW<O7PzF{_gtOOJKSPizixR?1B0x2X+*M3}t<d=){X
zAK!zUxAq;iuIU|Ep~WQ$!P%)g?&U*wJso)Ae8%#&zhhfW0I)wbMxK$ER6|sl?}zjM
z^}}nXO6@6w^nSlzDIkd%SuyoF#fN9^_K1d3VC!^A9mwc%#|;;D8tme(uaUz~_|bvJ
zFn%7OyuJ45!2EjY@(iH5p*ZJehCp^ty)O4EpIT6+wXY-7=xF6~ro#gRhl+y9sKkwu
zL`LPjvAF4i&IB_Yc6gDPX|GpgZ&c~qc(&-iA7Rxm<NWCeKhOmDf&5-c(djY=ovjt7
zn)UjQKnLGNLNITY#5@S#?5<i1LVX_G8uRlNx!G4N6zAH}Jp|I6c7duZ13fShZEb5+
zfXA)bgsUwyoocGw_S93)Iu`4Z=BLKRw<VeqD(oIMhZ<M;`mD{mR~?)!cizNl%(iLk
z8lB6+=dgfyCLPKf(>!u^y`yML#1NDN;5>0%<2hEJV)}+bD;oyT@lo9a)G6hjpQAIu
zp><Dt8@q*Th#i4=6Lj-|%UU9uL{UaJ*teEVsv=f#T{qcQ`W>pWEf+^`H&?6%5Y|Hd
z7{Q=Ry_unbKRI*Xn*$G7(8=AMlh1;H6DY%`d|TFDJ3PL82fHyqND_1yD4#Dt8M0-S
zW3dsXu5~N|3@G&7WYBr$=2{mu=Z%RdE2#oj_*SaldTO>sgY3{VC5~NHi&738y3?SD
zip_U!b>KPeDLe7XDC%l~l9A{0k$yO)aMd~ARj*vwsDAir0k0!L-4}Z>JX9S_vYa0k
zC#dyfiyQ_yvcQDW`7yt(sygZmjs8u{(!Lm8ljt%g>U!JCs`Yl%5r<lf4GqcccUMZb
zK))o*=Ag>#+%aGMW6P_9>l;J&`PK{^x(ja^JgoO#2r_xoBdrnrAw+J~S&qqf)xBQ$
zGiWDY!*{##%%GO6nAN?iO$_Sey~PiXAMEHw37-ZxT@#)ed+U@ZfEMV8ZlN7UW#H$9
zeB7JC^NfV~iF8$rrvR8(*oQ;j+ne6QRr%=MNEKm&Ah0>EB*$9xiS~B}1d@2Szb6GI
z>1HxL=Hkcg2YQPZvXcr8Ds-*Z9_SLT4utC5MJotOa?G~}Rk3B2PCibd$((Mv0-nLj
z_zu2#melgCAx6}0Xyl}JD+v9#d2I9&xIqdh7eSh)yc6Ze*SKRq#%u55_s!zsA<)-_
zfiUHV*RO20GubGWe#4x1-+a{B@Ot)ntJ1ntG!KI&P+&S?T=`~qp7mI7;m!W%ma?cl
zplOSjUh!?Shs|CgjbMH(^T2B5>gd#mBBx`{QyrOzqvlAr+5oOxqW~;yO1yF**n8D&
zUE^!pc!8ncEf`LKfJI$wVh&NJFRiB^?5bn7Im<UZ#)%)N)~4uqgy!pM1^2n8R2x;m
zE>b%-U22zbmaSfrUnm1d#p&UvVX<}1E?=^dFGPPl&#HMh=;7mM`POg#-kdeXmK=)B
zz}~s3dH^)$ly{u|TsHljz03g=QtRWkgre|;MR;F~9yycj#<rQ?KY6rFi5qFii;*EI
z;1)Q9fSe)Bv4y`cV02dP9tyn+ctnW?vwlqzS~uF{@Mv$(apvjG-YUG7*az%t#+A+3
zDx4P7e^|ch(AH=7N_N@hG<EGlKtKYF4&K8@^U^X`Kc`l2wFJsWsRnt=TYBMG(20c2
zv04SD%(pjrb+%?52>fhL<4L$)P(3T{y*cc6?IxPOnGO(;LnC^SmoROzg>fEIHd()F
z=_UD;MXr1z<!Ih?w;!F5jeeQRYt918!*h+xkyPla^^B?`zKi01B7<jXT+GGh!*z|L
zt3ul@S52r^g{#l8%N2vM-?f2qn@QdVn;mbO(0jYD@B&w+AAKKT4z#Tew@n!q?FKS0
zcJYoITeExlu%C`4kKd%G-%-$_DZ4x!WZs<E{9v-FaEf=+Qou`p>+K9PedrjPb8Com
z#P6?t?)*iPm7(tldJdZ>?-s{_5#Bh^DBAG}hhw_So<EHoe@~!&rNewOS@k8wFs^+(
zd(Q0P?rg)dkbVl+MRHOCbbPw|;ZtGf%;sORe3a<q<YY6DR~mlOykicOSn|$wTIs(L
z>e`rb@GHaW8$N2jxYa+1@88Vh-26t1%Wu<`vT(Tm6no3T%OK&hVeC*JACe8UdNZh6
zHb6WRxAGrf#W!r+2x1gKG$_~5%B>}31AE3=zmm~P(;-xKna!P#R+tksY2j<bG4fKh
zI9<@3Q7U<h^(@(Pf=SW@CpRjqNegXSuRIyP*2&xy`mPuBgTcI;bE>mX7H(WFJOB@A
zQ?5rk(Az{t5*FmPlq3k7k%0aa35$N%G1hu<Il>|eogzhu-&_Q#6+Go*GII@`jf3Cw
zM^K*a8Q9QDKuLjw4L^dUi9nI0Ea!UY*7yuA?`30s<>)!oE)?RE-C}6vN&zaM*?Uw3
z^Qq$xGh-*67H}Qua=#_o7!;H<yO)$<k}D{Umg3g2nV7FqS->06tFr}(XnIH1;htlI
zoP>ok`8XO$wUc-tg54mU+Zd?bA-5Rq*Ob_9AQkTjoaYN~G0gK@UG=gts>?pwubZ&w
zdburYpkgsNC84!z7RMr~qJ?ZWI{omvnA$T_0B*05G2u>l%pIps_QL~pcNR?u%Yznv
zMv`%{l|u|D)O6dG=**pAjhat&cQ@;7HTvNMaEHbg^40(y0<DV{XENWPI<)msNtP|E
zWHe@TvB%+q=zt^Zj6{X2A^H{=XV_Sii0`hqV{FXpGmr2vWStS2J;u3x?Vn_D(<T3O
zYi<EUL!qZhhDq5MNd}PU!SU2PPSeV_<|TYr()pys`46fF#?J{pa8Ll4eqwj8U;$SL
z`YJg{e1CZIOmiIs8WXXZ<w2broA0^gSVCk*yXJveJ=VsoEB5s*8!+L(oD19#sDhzK
zdG$}7F^HuOlfyMs(bcm#Hx&<`p`O-53?Cgl<U0{rmvEW=UY$angXGf^&*k*nLl2lb
zIAW?2Z^%s^iSg0Ps?vZVfbCKX$}<vWlsu}kP2UZ4FFsh^4N@P{Egs4(ygxX!jN**t
zkm}e5;=Auo8z3uaWIl<}M}jauWkT>=TS_I!nh4aLpm}7n(bE~mXj^J*@0{#ue%u5<
z*_mt2Gk0}Wzh9L%=g$Xe^^^U;Vr28OM^CYcY@NSCgjk9KauD!m8wTm*-_l^}^fsA}
zTMqPs96IZOYtU*{z%ML=TDj)bX9GT~{g8YdR}%P0=_}Xdjsq6L7_bnYV`mR$)vJt}
z0HN|`x(!&_VT5WbMhpEshcq_bGHjmQMxOrB`oj9OlHtXu;j4Qs#CDI@;U9Z`_vBT+
zCCADxqJeK+21Z0=?FCx)Fm>92H&4`nrwbA1^5t^3NUYp*@l-ZA|C7__by=6qP6T3w
zG#R)-d$$$78K-D6oN``ZzDY#gwetB@25kyU7W65W3=-ME8Y%I>M;^~h8!pAJ60%$X
z_!>+(LlHb9!p}$OZ^qAgOKrBB1go;+fk6;0ohL@4HwRQ_@zniBkbPZSHn98|E&GWQ
zt$+&!-JMo82gG$lGK?N|HwY<9@-LKBEZ`~}ZO=W`|Jr6Rhec0%+i4NN`yx_K*Yk6n
zWO(v-k>Fv!qhiwgueYo;iI}kNm04<O0iwIcroXfxeC(Po>!8K!XYw;<l<0yJe_D6z
z^2lBa3~<^9GGV$KG|*w4c*jbcQ$#U4zRTa2fm^AZSu3OwD2#+EH>^Ph1qNhJSv7yb
zSK+>Pb{e@GtyR+wB#KWR^xJxLd-}_3v*Ehnp(=clNvw+|plX6Nub-{XR*GtD4GQ0b
z65}IeI{4VFOb-%b96;wy!e54d_+^}DhJRDqO0q^RYdgW8(OWPMv^m3>Ii@f8Z4{vb
zL6KTgdeoZq5O_kBtHE$_^FW>Q4z2=YWwLneT0Mh<XIpGdhKY<A^_sPum)XPakB+uq
z6TF8*9D;?zf^xcYU6t3u`SLu4m3f!zuqmwY1eMrnQkeJWcV9~t$@{d9ofLSG_gPka
z?jtC(_zT%rC7+HVVjH<ZiD!e)rsx1LB!`?ovxzYYu{>o0x(5vna}wIhqvt$3%W4{p
z-P9_#9;thu@Fr|Te!aEDlNxux9!y4(o;Msw(ud&yO;~g646gTHaZY5&P*g+*>UIQ8
zcdzk{=~k^X@g^3revG>zcjj=%ThVlaNFuI&6ZaJiSn=?vJ!)*?{I#oBz<VgDdogU4
zjS0>lsz9$;&-2kPGSqm!H5-hzUkpv<MH+GhfgdfJVbI|P?Ezhdgmn`?F~Vkqf&H$*
z^$x$$sbIDnd-lPz4lgA9;VMBUz=SZ%RldvL=R@2pxq$He+-<M_5Ydf2oV>huep?5_
zkUHR5sPk%TLx&O#QmWiN=DY@CtxwcnRaC4zB)eMDjG<15qCP7Jo}Gd5U<jZzu!V3g
z9UuqUMccA!eoxg?%cd=zhi#WloIjllH+AVt1E2wIQRyJF)p!d`-pySOy$`jb4JWL3
zRvq6&qc*Q>bu;K&VG}`s<inR6$DGsg+>>C$wU*yAAE<R|z~EYNPTG5*0db!k_5wB8
zm6u`%-2NLrxJITxFtPsJ`<p|IzTc>ZK%0~dwyi}uLi#)~*?JLTh|SxjlxR%OL;v|u
z?~&T!6iI>HDD#R1wnt-E3|S>djw%oC3{z&-`BRCq?uKGmGrT5y=hlZ;1Co-GynE~@
zFaZ`~+xn#dIFbrZEDthKU_iCW{W+gGFKwwAa00V;cPnah>iHQK$C{gqK71R6v}+9*
z_|CiGJ8kaAswOdXe-k7YP1X8&56b}$%K$S-Ha~QI9~MZ@Js`32Q&GM3(Ryn(CS{;?
z`{t54@p^hW*A;v((OUphjUW*FWj$cJ`_o1Mm{xEOyh`<P)Wg6gW`ZpB2U4@e72K5=
zn3c5Y8T=b9y}U2nPuFSv<^zYqQQnr7tC>XuF{%!}3dP?a^VUGFB`{SNGXz{gsGawx
zfWBIIq;56rbklbe)M3T4dm%hPp?EFmjkW*!ZE3YRO}@6n@DNOR{fPt-!U88DLABk-
zTw;AZxdu#eXEVk=j~r>Q<7pYhMhxx|GUbR=+>5LGB2Ixh5TN~sW6(c<QUQi*%&0sR
zk$C&N9!#>=09JB5nqgZ4X9B-)<|X{90<2`KV^STodx|D{Nap+Je2Z?>e*X}Z2b)bC
zY2L`}fiIq>QIlJH$9NyA>?+I$!n)aE%XFn_NIuWhF8P$2EBn26$1|f?KwKgmBH_Ma
zQ+z0KFobJ3q>*xQZm-Zr*}#E3(2S~w8B`d~Icgf$<C`UhpYR>s46S{upI67e1<EY%
zEA!)wJwEXIo*8rl`Z}OJBXx@&qo>DfzJH1UsajzE55CFId?s%h$j(b%Fw=cK$emJd
zEaRlX48q;kT=n>!VN<raCnRot!+Q*A7-`uT2p$Yfxk!xhuxu#j`)boBU!V1~)S7<x
zLH5e|4+8h2jvG2W@^6J+Ux<Jk^mij7Q*(z=<&$X8e0O#Z%{ewDx2!40KCrb?G&Z&U
z_z3pncj#ljR{>cj*e4@kFcD^>-XSL#Qcq$PSZjIjgxfPtAn$$5zjqD6C)FX;`o&(3
zHC#WdN?O~aj{qDW3=Uqsy)_`!IZA!PC~SW!Jpmi38<^MZt1p55c(N80tVF1?Y}H+N
z#w^D<f8GULbW>Psp)t*M3xn&5;Ak6F4?ycev2x(7`LqfWJGgGBYs>?>IV8I|6guKi
zwY7{IdpC65z&qG{A+~BER$mc&*=!)BY5BTWT!=KyO4Vw`q}+L%*8_TWADH}3fzFFk
z&Ba@7a_nAe?iz*UQe_^%o+TLqcM?N)ekUdR!PD*EAkzSCX}%1ZxjkDlhS9XFTKgV^
za}EcCrbpA?j-+X^QC0Hl#6?ANQlUT#OxHI)R*PC_0nXkAKsb*mdceH)bJL(3CSra~
zNp4-^p{8O{>3ifN=pw+z0gS+XdDUeF?^o(nCM4L`M?b~Zf@VLmAnmOGMv&*viis5P
zu!?|H&|~7=dh}rkt9Tkuk^)OP4I&KZ<dn$xZH~c^y42VI&8+GU>vW{4vg|e=wcuWz
zd}zx=(()I8+n0mwkSf`@O0_86*G9PSvH<?^9js{A8B*Y`i5YyuBJy?H-23&c)$|9s
zt+^SkS<pd81a?&|HCFK<rE5P^^^<)1ng@XA^g!ahKLsgRrX`QEfCA(ESw?^l=sOBb
z0=p2yN#gZoxIq~3-o2NXf3nv9wcn#?{GDKk2HA}VofWg<wZI*D8Y#_C_?YBo6j200
zg*y6z5VGO(+MVcTxa?TmVr}<W+(EYiTWfGPH;!>q`cTw!5El$vV^bkL1^(R<TG~J1
zFgI=3;F3Yr(Y+F;1i_dBHyfZO7uvTU4*UL7@Dj?hnlY}Jd^tZLhcm6LbZyk3z*MrS
z2A?Kg`Vk0!9DJ8SK9tXXgj+aFz*y$Mz+xriNI}2j#tbEz-A$Jio?+$&DDr1ji~kXU
z|K;Q`1tcA}-}3kNq5e4^KW3kW580r7GzI4I)59d`OCtOeQonrl!%{#BPy=cp8VGWO
z3$ycU!&9|@&p<wofRg5R0QLmf{_pwp9|5gj)`105e+TJNc_@_Cg%S6Pjf$bijRK6I
zX7j}zr@;Qhr06pZh|VC80h-poQrGqw;840mu{Y+s_RtIg9}oQhWrF3|K4o{D6h3Z8
zq*}CqeZupMo$U85k(3|8I*Bp#+MtWftmqA){F}JPt(DWy6t`K)hzSI$&X?>aPpF6e
zPsk&nFnalI$Jc5UnB5P4KrR}H43Xo#<UdP<Lfn)f2=#C~2z7N29d{}R1(}El02xvQ
zvPeZYgfXtx-r=OTmDPPfkWZMc;>o2Tn9}V2x`(?yl{*&eNs~ZdN}}2x5Ph=O{p?7V
zb;fT&IXi(&md{3*)sDbtXEfT*6KSBu9M~-f87~cqEEpG(;~W^Wq`Dlp7&|8#?DZbR
z(^m?hG>Z^`7mEwviDZ7LavPFo=?+n}flRXemi&aS*YgvP>TGuY>GPqW^f}uyvylx#
z59=<i9;7oIrBtZS?`0CMXx$ji{MOd@k%QbNRQN#tn|ZrP7!!Y%=+ywH2Q@!vKn2R;
z%yU~tyUG3+86`+R>Z|?MY~T&M3#1KJaXpV9p4$HqWg5T5)ujS3HZwnYl=%;%1Y7_O
za(P8`s6jGKWZ?Vrq#L!QLn**Iy^)@BvS~^%JelLJn}DRux_{nWZQ#x2r#3-BlEyL6
z=UJ||A0J+bK7p(yM@4jC*E)Jk(zG2hje`p92+Z}Udvm0%V0O^Kuh|)`SFF9_q&oX=
zq=lqLASpXXJUA&{u6}Zc6kxN3@{nIm%#7G!L=YlMzi{jit~(3h3?f_^_3xy%<pcwi
zU3p9NT*Gni=h+!yKSad8(y|)1>s4tpH&Pm&`s_1tQGZeBgkP52um#xY^5~P~81&7N
zORkBnVV&*6-`KYS8vsE@EGA}TpX}u>Z4xv5@~J5jWXKXRsr@5;nf8j_w*2r90mpbc
zp%<7^^35JsPQY`1H1K^#%^5w)!5#AFsdxB)rR*<l*6USg`RU#K0-Wl&$V9;D^GE|(
z0#?AJ$!qOs)k4hQGTOJKD9b*@A6@BpcYKI4D3WF3Fk02?Dt6SAQjiSzV|~**)TOS8
zIT3<1VR_yo*?@2KKuA_ujRWlt?2w<_&Jg+5(kyoc*yBJ%xU0ITB@W>=&9PT<ts0ul
ztvypQ>K|AGdNpe<>kCwNTQ|Hc*SG7;ocl0}xpn?~wtNjxg&ogUK*J5mKIg%hkg)BX
z$A4%6q)ueQie^PRI(X$vbl!WB&}#YxLec5|mcMCT8kJy@tvibJXE^i)aV_$DcS~9N
zwc_3faMhj+&Dx`UM1Ves=`20)z7B11$}uPSxS7YkcHhcoRx!@?;6s+r<}4@a-UBi(
zUXJPOPumh<;-Z8!SY@&E()<kP_$(YYy!c}H1ULqI`xqcw3E(_{VKRrIAG;quo8zB|
zlw2I05sHW|KN+>zQX8tXGT<<H%B;0!XdW~+2=JOCIChmIlr0TVZ^Q02D8zb7zA?;i
z{Ugs2nMj0x$0hKB{jcw=p4)@)dT)xQz=?JWiIlLZ@IO9(n}DymOYQYwrne}tY|iK)
zXwF@7T@%~s`EKN;#$EJ-`+r!M)k}L^rew`;HImZ4#TtJ}R{%t5+mU75J#dzj0%Odw
zP&dOZCxUy#m1~MUDc7LF&v`D)lAqJ%+m;zhW-QQJ+@5~5p8!KR=Po-5;_4Y?+4g?!
zVUEOl%F%`oFLgOC7>>lf6aP(EA?tTS)K=J=0BGy`c1T0e7UJ9&_BJo6N--yqaW;1h
z-WIZ{gaqE~1GG{#>hFDH%2Qz)yflZ3Un^PbqXhyC?8}k|_>J&y#iBMrgg@|LgutiX
z+ryuV9)K8J-T~9uPNY+boY4pEA1;D_qyUoI-@f1a?XAb)rS@=@B&e!iLFv#crAd$W
zjz@&vae7H%pVWiv7J0!aYjZPZia}lW@b%k>j<@;;X~Kt{0d0g8+4r-~mTy!ZxiQhl
zzkIhLr?6+o%_`b(yNxzUjZ=SEz^4UTGB=(SoHZzP;Y%}xWM!N>LMCQL_>c<1=)d8y
zIU6;}sLi$EqcydmSqz{Kez&71M)3k>h}tWVYGqJdU})<cV}NynkC^^g1fMbUioWp5
z%{Yky*CrMI2v3SGCpcoJw7#aao<qQG4%g|4pTH^F9V1Dxe;7c}oQRVn`Df(2MZ)Y5
z<v;Rk_X82rcBR+TERo3aH8#3M$7x<L0*2q0_{ebQiy#?R>hQ*QBY_;gqS84-4d0*s
zg;EZc6lV19q<LX(&Pr_>gv5d@keXZWeetjQXS90W$jyXd{!m~b_m)VOWz=DI3O{x~
z4Fvo}t1k?yF0dkRV0$v$zITIb_i3iUuQcJ{UES>+GgVx{1R&22ybrsM$9}L;7F%|k
z5!Tq@HXAoxoHSj0b~rTSY^v^n`qxBb+hn)jwTOr=k>MXS5_2E1Baezhc~Ew*f9%h?
z8{&s9Bu8&cR`bRn!T<JGje3`SaS-!XD*kpi)FnUU<-Ej)MIhC5%4a@K0ly+B-^-l1
z)ct}d|4h{8-(sJZPud;jFy4EHNox6uV2O=-a_5CT)qAh`u?ELB|E5j-w+`8?$_{IJ
z9R;b7q$EOmVEpsFjAP<KN^9%alPm#J;f%?{-sS!9giX5Di!g*R;PyZu`p^lQaYj$9
zmFZ>W5~!0l%vkbwOe2?5IX@r2^}Bg?jS1{!K6UQvpa@Oaa4ykQf=Uij@*3{~>9}0s
zy{*!|LKL8x$|Hl*DDqZ8#QUy|SvIT4y3~uj=#<;~+he5FRrRR0ua%P=^$YWQnzK8k
zZ1A?8*lz#dw9Gg!k>?b6prp+bo%$a#^%TVSXU}EPx=liC*YnPvE2{jq$AvDxDj#gX
zYNKeUC58ktw7KQ)iB#i$#6`ndL6(R)EzpfufB2LcAZ`}D2@kzR<mOWUL^(fWi4i1K
zZnST}#f<0%Jcmk151#o>yohzDcU<Ak?(?(vqu<B@LTa#bW@P|6Q+!t9&zMZ<aUvJ{
zq@m#<n#OZ_JHz(u+Ad#$X+l>~J=$?nim0VN-D&=6>hv{%dq=F5XiR76Qq)PvDN_>z
z=_TLM?sO{FW$WfOTB>fX(cZ#ady4uU-P?so88$z&XXz>8miR|Mr9IfW{-DuoP}NP_
z)nQN5RER@US*9)PISzv)q)3+VXv0h5yQ`1%dM&s%d{;0_JQajZX{QOFT27@qT~F1K
zWx&}XQ&`DV_WJik=xX|X;~hSA*U-e+Ki7W)*cg8l)BT%YpQqbqaUw*e7v8@JcAE)m
z=4x9to`i$k-fAa9^aV`M7EpgePuZx@M}AWVcVK6TD4a2A59_S$mI<HEad6xZ&kDzG
zdxC9<#a3qbJa5WFGN6s#`_{f(4c;Sr=h#;U9R|G@<*D|mgs|Hd%mu4l^)(iFV>laX
z>V$695dRs5z%qlY6M20Kya-6PY7P%-c&|Pjyc7Q`4X-9Lk2z+Md_;@-1?Oks7vf9q
zR!*(WCqpGfO)54LHiAOeCkw>huqD1=i;OBTeA}opn{m8d@7Eg&wh%41AW((zU+VTx
zJH+>ZFkkVp>8d$d#4rad($tA{W&%~frj>QpNbuhe|IuK_UK6dPl^jxy$A72AMNi6V
z!1M(rKSik&c6eT}d^gf?rYG@t?#w5xXKona)b}o|vq0qsBOQbc)#x{>75SM4vXp3B
z#R@uZbuBMB%hQ~WUB}H<``u&TNZoSi&9`+f9;-Zei*vAnsu9{n?Fw(~Z@bu##BHzc
zVR%H6VdL<RbcV;oM@mn}o(-4AG5j0>HqgI^f9;Zhi&tH~*~>fFl^KBmrH(A%u9j{W
z=U6ED2yENlXDjvtxu=$}ixK8<Nq)%6yhJ$shaDdEn0T?moEzw=q3Ny55%FwHn#P@1
z5Zg)RqK6>%$-W>{=&v5i@No2Z4FQaUad}V^$YLJw^OG_P>)G_qorG!RIf(Bw3;6NI
z-d{rfkC0o!9a<tIr92|3Z!Y!O3Q3axpFTVe!8zWvT_Qa<V64yyZ9S!M*KjHWP5a5b
z0_n6sSy!_SdTP>fe)|DpBM+JTM^#mw=o0^$K10TLA_#|GZXqCRI9*=e4DvN4Q=NJ%
zvi<U_hhA_lZ{^zz1ru#)wAp^+M__ySvjFCn1*t_W9=Q{wT<0iz=%{V|p=#mvshYXl
z6_>vpSkM`ISUvf-K80QY{rp9slM4%4WUQ}ElZX{TOK2TUdymN7-`Y;uw39&!vnhlW
zOK!&b%dhQ-J0K09cSdP@Ra!@_b^6_qZ6oNHXC3rdb_&4Wj!0rlOk`sM<ye=u$$+@y
zS#iOI5bpzwcP4++?$GV&?|>@ZCzNQa+t_hZam6Lb!a40)WssSuo^f@B<XrsawlL%~
z=p$_q=?voi^x~I10El$o8dc<0%uj@`*wFq7U<yh+ub{)$W|r81NLU#<Q<wyssBJd}
z{-yrflCoC;spjBU5cv-r9$)d%1LaaOO!*`~|57k)zu?Tu1C^>B3lovgzNnEd{*O?C
z{;1#u7#+@it?V2|Ojeb}EZeO3Le&uN&4<r!J5RZw>e8`etfCLqshBzcu#^G3TXKn)
zCe~|WJ-VNf1PM1Ji+Ii@rRw6Amga59QB>tV@KV<Ru0J)#V3N&K0f9KBNZa?zd0Dxf
zY{g%WyG^QI5FJNQq4xwZJpd82a;lVadj~dlQZ0eiD@Z)~z8h^5IQcsMSL6^E^VEfi
zVvQctI&HW7QNc`N54ZJx4BKT`$^YWcf2R4`BgUsMkxmV+Kf#2M#S35Ux%}rnknWK0
zh>vJsxi>TZfHv{|sTx;;hc#=m{}7PCAp-+sPh{hPR!<i6Er#TKM2fF&BFaXA9`AL_
zSNUXU1U3ik<7U0^B(~J@fgCz+rUTnW)&40EAH|5hRdV~*c9JTIg$&Tv^&p`ATrLx;
zer!9rng=r8UQI7rOpc1MoZTSj?SrdBpF`%!TYurOso>|$Brf$Yg|?m)OQDq;Y5Ol6
z^y|P4x9#!z;bzQhQ*tIUEbJOlRC@J$&Ujxd%H<-*Q_B#Tf&BT$j4)r!Mds3D)`v$(
z!Uu*7fk@`O>O@26+R{k2&7nV+@vj7iTcQRiorpipN(!EMYC;0n;l>k(!-)&0Wy!h9
zO`V9oG8uWq(Dy6JmOo`neS)N|sGTnA=2#o=$s~4iASco(D9U-(0-StaCu~X81DB3N
zGDyLsH|>SG)Qu2w+aie`O=7Jl;?mn~hRr0tjtYFzR)=4B?)*xoN()JVAocb~>CHLd
z(Ikw8aS#QKe-_aLc8xYwZ+{{W<@vbZYz1OK1M;JSYF>1uPVig$TEH4WcZW)@k%~>}
z@`+XI1s$&kgVfiBS}4hgBRoH}1TZau8y7G7#h3V#r-~4qV+PbJb!1<NJCk+(wnK0R
zjS)QA%D07b50EU!+Y~ilu+?zwD!W2XyhBYGAo1?XIzdmw_@$E&XjL7!On4I;VkODd
znfc#<w2&&oNM<joI)j4p79I5LOisJJcj(1^qt|3GNdpzq*8xmwxY}^jpEanw?t;AU
zy6xB-kAjFV#MLHd&#1^J<YO{Q1r!(o#DpbDQ>lv?k%BvIkeIM4-Dpk2uDM*%A=QZg
zDr2kwRc|~ILdIcE213I9?vR4M6BZuAFOL|F^YSE#mJ~oL7p>3?b5|+6OLu0nl0ga;
zL`^{JQ^=;dkg5b-lp%~1t&6vNuBm9ZEReY}fJw97&wjaX$!!ss5AB$Op*cP9O#M3r
zeA}q}$F%|385AU~fY_nNVMOvkrx8WWtb4}tqOCUCm)wS;5QFBNK|&!Fgm4(|A)Rdz
zV?~s11sS@9ixc6`TK1B;A|6tM$)HwqPBM8rS;rb;&?S1<i-37sN(+%cB?1MdDuk6o
zaQpM3ZrgtH7>G%T9=Xq{x{4R2NGJH^+a(l)6{xVZmB=Nyu+HS}jU-U_wIvgoPhu+<
zBM82oQax4=ynF6DGyk%{w%$KXG*O9_Kf)Y8u6h|F#pu5ezL-UG@l>J75&ivbqIX;$
zCvnmxaQBO+Z=noO@#<4LE5CalperCNp^reZG$0`}8yjv1BoAsT^o2TUegE@B87}&o
zOYVEyi`thOWU#YN<bdCGZl5Zw1f|9qOtMvNi8!8dohn$g?MEk&S%vN^6Tq?1&mIu=
zPmp(bxxOKl^m`aPq!3(VzP#XEm}oF-<tBq|AE@DhIRb6Rg7$Gm+mOnn#)%(RoD_6a
zUQ?Mi|HJ7E@zy5@;UL&ko}4Be78@EZvrS>_5CGOKcdRWnUa}>lgMe{Hq)l>_Dv%nu
zr58F~ovK80QG^`9<Pg~yisW4b2_1qMSI$IO3`wS5g=G5W?y-iipR9$it&p+#VIUt1
z;BJ``Ew4{y$=!MMRN{7Fmn#JBueVefeLtqs(ki?lw{<l1EvXB@i3XuKK4hPDYUn7b
zkTD;+^p};=<sMwVy`?%CIPaW<9x2RJX!-8W^k?DbAm3%w5(@79FVF?#Pvv=4QBp8_
zDFqUl17Dd3&&Up|djE)*Z!;nBBA}WY(q*0jP?4V^d9V3@;8D=Z=428NYGd{9FHXeU
zJ-rCA<>SgiO|C?@uWaNhtYP{@TjdTgFR)Mbet2a8_K&yS*tj}Z&$UeV=J&@uI5vy`
zK}zo&W_kXlw3Orxpvef$JTjyU86AW^FW9S=b3#^gr;7wRX>gomoDp;0Spq;q9DdN~
z!g+q%0cWEM9o#Ncxr!<Azo=_o2O@`PWPuvv4ck|w$Rp?;3*anT5$~PpecEA^jvS8D
zA)XM$xGqb0kjg;m@*x8yB{=1@<bCx6ZsBCiL1u19cu|MZPKthEA%XV)RL28MCQr7&
znXf_3Az-_vNZS5bix4C$*r!@VnVPI)E*#!I|IZIA5E2K7;g(0xB;4GNho=|-U^cm|
zCTn6ACc@s5+N}I)4K=Yr_xqzQ5gRCGX_8!BBE>mX0I57^3OhRRnsUu$*R^wG<Q)xU
zbStu;sl2aFuoBTe9syy*e%T>?c|JNFIZQ^vL%K8P=knQH=jWv3*+4t0G%~1^pG<sD
zh4dtYPO4*&BD{m$5hq<rQps1L{xO&P=X9pV+S0@DWTeDC8_*j{)?6C~8M%u;mjwL(
zHF6a}1BXFp#YW<7V9k&cn_#(fnqjDI=SM3tr`#Ds#0s*{#b$cja1bRj3G}*-S4Ta$
z|3~NmKzG~(!b;>>qnKn+8Nw2<$b(YKTa^dyGrSl7wsAdP3c)waJ^#~gT>h>x!GAaR
zIR^E!zTeu~n(ec(B5RX*dYiEEBx9S{>S2-R)eI4j$Ks)NTx1dqKY5?t?&%O!UJW_{
z*Mh8I(FrOrpbM96**Llh!X9fleM!gea)f3Vs3fbLJ?ej9|LqV)^retxkn1-3fSCST
zb#_Ch5HY=~SLEf<@-8so-d<S=P?9B%S}z$Z4B#|!Rqy~wW~KdMwwb8Syj<J1x_OXG
zsA7l1!}YqWs~+J6ulImgsed#uaUldZN!D-Ep$jp~q5iz+C+fv$EBFUUJyc8h=QT^p
zO@nUR!?F%5?`j!knC+`(BD{<GSG!Jv`Agln^-tmhpeWKSzk8_g;5aYEn1>02Zd+aD
z(zG*}QC9Xqi4*ZxpJ!vR>T2RF`(C;4Z*Gs91?nCyliYLD#Ibud11hTZ)wyWe5^9|#
z2A(LURz#C=FSh`*@u7f#0H@oa)y9)WH31?~RD&W=VA({}xhL(DHG=6tW%*Xc)gb38
zk~(Zm<=O=p;)}&z8x7Od{#81z1Q(~mRe14CL~Km}gL=M)#hBYv!43@pR#!E@b!9ac
zc!)T>S%#2`rJrCj?mEKZIsY!(aX1gxv{zla(sx~|7jwXC#`<+*e{+WU(~Cw#CqfJG
zdTu;f_~F#AxqSrw`2-r_OdV#xa&BW=W|Tl!_Z=Gh;d%fh*RAh{{VX*jokf+Jh|uAf
z*Q?sfx!uWL6xz#?D%2mL%5;=Tyt#g1&2%^A;@BLEnhd_F{Ql9bDlzGV_<L!Q#!~fO
zt=!AZswrDx6c~wqw@o~2B&~1x=|0!7wL#R231!qwubmt(k2muxxGvH5$UgzG<DZQ>
z{+n|$OZzVxZ?z#{h?yRx+Oy*Qf@ZY+(uq&&>n`tJx}Kfi`FX)uG-l+~iPkSadI1P>
z^~+eoN~GPy`)?b0Oy{^>KATd8HQvyVp4}?A%5hI8Y?`Pbc_2MZbaF_3_?WTXE(18$
z0GyJBf4~Xsp9ZRvy>8x$0)r*Y<|>%(gUrz}%@R;)5|AysC$1c%PBP?t*UI*qsc?^y
z^FwVGGnw=ys8g4%v?|psHiufuM=~ayv(u57N8Vcu<?tO(g4lFgV1UVzaF#wV?-rOe
zVBMAPXpVcji7<MRmOS}w*FaPMt)gs?1zEGAemBOl>0IZoQdc{W0ifw|v%jaDP!O16
z?{y0g&6w<RZmy^q*b`98(Jhh#hEbPzr%zaQzjJKDI)2W5JO<i^hR%U-Vy<<Ytd@Jz
z4R-Y0u;^#ym2R%syFT_^ggaDN)u~)Lo34D@oAjNs>o)e+WKU<QcT`HquDHLOui4Zu
z&EYgCvTw*s0yB!!u1BKncqv|j*%!x}qNT)qHixG=13^w}sgt*1w2F^5ZNxynxoEuk
zq1dZlv!d%IymLkT8<KDE`cEuBj1|rKRr@=h0}1o;LnYH=r};7F!_97GW7fuc@eUwA
z648w-vuXXlIp!|f7=^$#aMhF+*yRoK2z-@X=i*cyb?-3tnu(8hsAXuL0~7G1rSV$J
zC7qwU+I!BiCcb2PF(L2R^fxMV^R3E?bzxts*4Wj8w(`x@UXaLrFrhE|IH6xdEbW}l
z>frkywJ_B#5Nk_-cc+rI1-E+rn=|)_3aM!yq<`@>jj1MzSEK-+3wlt_(1baZ;Oer$
zVD&No(re+&re(Ogsai0X`G)udN$1f3Og)OuYqp@X_?8fz&zy{VASbE>b;F=tb%QTx
z{o~2d&y=3dyc>pI%Zz!|Edl5ax5+nbeWsSFH%sS}LuAF+ZhzB*zjZ5Oep-r2iLF^*
zZr6X9)@z(a2$;&+70Bl1@sI-5b4s>tc{J9ZenB5q&<F{$;SjmwjA0%2LFOypsO0v#
z54tMNqy)^Zc3W4Kmn%y3g~dw=!A$sOdggK)`G<-zT=yU7@5mWAKowgw=;_>^lH2)1
zTHe?&3*_9tS8DU)W?pK7r?8>l3@Bf)kXqJ0Z0sqbpFF{l+!b~vXqWG7`bviRk;cbk
zeGRDz9J;lxoyP2978lx!!$NPZZZ_??F`vl>AIP<ImJpR9m{(_)zlTlF6b&5c$ntr$
z>1gSbTc!RTx4-#?Vxx@v;NgxwKL<<aGIQO+GQ{15M~77l8N=&Tv#)CVeJU>65RuY|
zR?s|;;Q!#K8zF!q%xOxi&z9p0=P#`&iGH|h?@&fKeZ&$$dS0~g5VbwImTy2r+xBF0
zbc5Io{e3GS6M^}Ze-xY&;hZ3}?j142O7#)cUuz!uYd|VdR!X>T2WDA+M_&1K;l}Jx
zm}c|GyaU5y26=ZD^NuD$sS}??!p&J6OXdd3@(8mHox?>~)eSK05mR5kW44Zu7xa25
z9S-TO5s}JO?afTSs(&vW!xhII!Pm_-7-KDF?{T8}Qb;sPD1)D0sMr&Ok$bcIRjR#L
z$yQV_n}~wB&T?LN)Xeh&DH`j?I}GUQ2cz{PBBOY`(6*`8-CgEBeG!&V>lYGaygIX$
zBGL@mpn>QCQubx9y=`ijar$-h#{=17BKPNg96oR_Z^7_!V`yg|C%U_KrU&KG&|qd3
z(ZCVOO#j%=WuM45CX4QF=g}vY%!5vgs%A6EjAI+`9V}5jcd*9;IXFTjuy4Evqs%<<
zuDaF~Yl#+xg_<U>zsH0(FuPuVa@`qy<RHE;d^O`7Z)y9LecADgdE8a4cA(<{I%MP4
zXW=Pv%e>ux7xm||(0)JQm*P-?8BKRS?mO^#?u9~7<b6;jhZ@4MTVLl+sY*b1h4*u@
zCc3Tf+ZedX(`h0#JG0fKre)Qdpcb!Op!T8amegFivsiN7UG!Y(nv(kJp!mw1W=X}&
zW~|;)1L;)^1$~GSHd4b4;JTRL(8ds-mHsS1`CLpf@xc9f3e%_~`|mh~J-qO~Y_?ct
z&nx?8v+F7SkGSIF)VYqztqp}o21;n#<iurvKXshO;QF`a*|OOtVS~;?vDj}T3-yUn
zw70J#B2Cuu-seY)<#8!K-h|sa4owfw(k^}<bF?iA$w{8_3vIJYjH2cOh{)+QUaZ}B
zkJj-KMLV#OMA;BuTX7qlDE$`&Gb`RQzRLY8J?lX?ze~_KK59nDEWFahB0V;zX(PRh
z&M23#{S|y+i+NfgLL&Z_%cC~G`cqpJ?+$iz9>^~ZOBC{|UG5xhgLiWDX5stz+U8$d
zC&n@{rM6WrN5o<m`F;20ajDB<^1Vw}qMrGDu#6nlJX?Ru66N%C`kVaTj3<utZYGJA
z-4V@IZc{<7YWexszorSDF?cT~21#&TG2YdT@METZez{}TB_W<upgPn($WLou^F5~(
zueeIzZqQ>w?*1dco40YVBS$t4TdHDKFQ?XLO>^}2+IXjY39LyPuq)ZZLi~Jm%0|no
zWDB5_E6(GpEW77hFt2L%lT~AJ#?@Q&n~C0&w%v0L-8jwzM(g-F3}H6B_o#cqbk(Eq
z-K26}e_JSpGRGJu`I+IQJR*ixkCgvw`V{gSECul-Zuc>({<aHnc!>XZ$OKL3*425`
zwg>gmzN!8cjRS{|1>Z&<+fHt4kMPi7iYQGrsgsOfvPuY*x7Al}jueME^vErbycmkf
zK%L>#(NDa>9)5B1?R%sn{c}G3TnCSD^{cwn4a2iS_hu}|Dy98`DcYT^+$IYnr$VDY
z=o049j^;XhBkE=p+-`e+#$M)1j0uunGL7)}-dLj_G0IaJj7)G<OGw(Xh$!%xIVYEX
zQjd_VLuo(LQx6+j;8knlty~D0!j5@H8tl*8KP<a|C=@a%(?c68JmuSZSFNGM`C<;+
z)TVB&DMom6CW=iw-@rt}A-U5^F`g|s_ru?E?il>;Jdi8lCw5d7A=AB>R~X_s2Xd37
z^5lGZ2>X?D{JaYnbCg3H2P0N_iV(R~dDqS2Im&Xqk{6<HaPCg_L}At&hX-bxZ@x{|
zhz5WA#AG@1SRJdE6Mm%Z9kDu7q^<sdQ*Kb)%WXY(IHJCNb799+F3*?7nRtLI#Dz){
z%k2eDN22fGwwNY-g`ffQF=ks}yd+l%{Y#>$l{4~_spUq6F6d5wpyC}eT{1?{+A1tp
zUzqNWI_1%@TFI{HZt?L*{bAICWQLF_d~Z{PL(ib=7&`)9)K#^4KKwiyqv9q*16Pw8
zer*Q5PJ)|dk7ku(bFb`&)M%C4nT40nysR|g^)O$<@6NE{uyRM91nQ%yRF&UzCBj$r
zblfU)mS(yv8*8^VIG_4CHMm!u<L|oGQ*fg|zdG~A7>xsKcfEB|LcvLSNt#mgs_*&r
zpCWQ~>7RcZaCMVdk9v(W6Z(eeKPM!D*mO?m%|z*Y#jv<KJ=vC#ytGFeee6!rNdR;h
z`X(=*K(eLYubieG%s|WXhdk1pNnFl#UgSydlq=+aF9&<rsO6XF;yI0;4X(3J_u+mr
zSrIYiAUeAoVz(r6boJKjCbc+aOk%QxR9#1=!Q{CLtj9eGsSBGGdiD;u!7}W-;4M|Y
zIdhVq1$4^-PXrM5;JloF!vfP4)|q48P2k<dt-eaf8%i{J=(CCFIF9)h9hhqKOf(L)
zHsO73$SGpMu~GNF&q}{IqgWk%wqoP=Q$g}^=cQ!FmL5+d-aGOP=2ziTj$VwbDIO3G
zKR+3+JD1npE%MNOhnSi_Yp<mHY@B!L?3&6@@y(`$T|VuHm#NS^J;sH0qE^nM7VkRw
zkVhhW?JFduvGZMPhY~P3AKlY&g%*kU8tkz8N4d=S(Q>QK^rBCc_S#a`4yWz>dL{%I
z7Dt<#gC4aZP$mSuuBVoN)$dpwW!H@8?9f>8lx`FgNO;FarIO<yB-m|Zn_8)8c{ovA
zWO9T#{OsxT?inkMcju=%f(f{rB*X~Dj2D1TTj+0RLxS_pyzf4Y_S<*0tM1#7g`f2Y
zCn*^>?O6t20ks0g2kI4_>FY<IY*_eN8SvyC9J@Mnh|}^m&T<gd*<YF%-rGCA8BE);
zA)aIJFH7=Vw?WPb;4QReg?%8t%KW2=0SA+&UsV$JZx&mHXyDUMOO20~%PZ7=7uB#?
zF}G=5>4i(d|GljCI>c(`ad*9vRU3!E#}xk%7PsJtT~ug>yZkwC)e0)WOSU_|-MV7B
zyj+>MinV!!syxTNY{whjij4{SiZ~v9D}>>sszCpEu@yzp_hPphb3r@(2pRTNUX+p8
zt-dI^lgl}LCkx8MD$t4bH{aXryVn{V;WlZfrL%w#NmdKd=)V3ku}o(LkaO3Y5XCWT
zGf_zEhcv5JPSi~uo%L+WseeGVS6Z-HwrZqo@bhZyWU~d(2!~hGR+5hE6`H+V@5M*Q
zziE1THeMp~jGR(;^Q!BMsKTo7l{&Xh0JQN?QoeD^E=ZwgBqTwx6TANqJ86>k|E{>&
z!#A}W!Pj`}rR5p%=Ag8<MGk()!P^=Ccl$`MvA3hB7tLZYsLY1I_=xq;y^~z=PB+B*
zC#KQ%j_bq0&Gt>H{vpkurH^^-wM!V1&<Mcp1bwC<s47yFy-;sR;T-guoByiW?VRBU
zO4i%=|3%Ynk~^&5D8!s+b{A<!EofkS<aW@8+K0+Fb_>saYF;WR=T=UKTZc0x)_0z>
zn`K<>b5+75=jv_>(mWkr)E?&CFHP8V#yQu5Jm72HRRd^?$qaXITpmf9D<qpb+ys@g
zt|#d9+-~F>?+i0{TMzCu>9r}k-G@Dx%W`O?G3ER~jCwG;d)%*3PSU_@;-YT>eajA@
z{5UarZF6mn4W|>S({r@(%+~)$+E>R#xo!PRT9kqyji7)^C<sUoqN36wT}pR%BLXVY
zB^^qa4BaBq-O@SK(B1s@19<N7T<+)hzW4p(dXMAGv-h+1clFw9MKK=vOQ%`>I^q9Z
zDEu-3we7W$QYm14cbdLs1*u+8r}2L6cbx`SG|co%Nhb<IQ~tZwNVtn=T6o5AF3^zp
zd5F3%J{QkZn(34aV_o3c{vK}HI>Gy<TKGqNwJ>e;s@+@AG`fHIqcRBcz$f7M2aGF9
zvqGJYO0Yj{@{h)XTlSheo5B@GWd=td&@!J005&(RNclyy5u|F}49~``>$e{jIPVSy
zItCl>3iK3ATl1(E&2O}U=3U%I6$z^hvxRG{;{4>9MZ2kZNo_`&x-zOcEWbrCxREeB
z(rPo?XDe$|hDcnVp~3Y<_VD%P&eSe^COp_>=-m6jfaGP$=xU$YCzE|1g$s(h7n)G=
zN(fzhx6h;ZF4jpzozk}iptvVxzx<fK-o96#nKE7D7aE9m=5sg-SPClP9J8Zw>v#L;
ztPP5gHIEA{UB!-dAylvS&%WUY@eO}-GpoH9#m)!e^3K0E*}ft)<sz$Ms{39Fr&n>R
zDT*|@5sp4VP*vSAC%Tu?CD|ptly`wWI3`P>WF$;G3g2qLupl3;Axh8wu9Y{cl_!~<
z&BO7!FRPj09ygmj-Zv*LTmK=V7&d#L+N6a$mmN7rttK{lHCrEMMmup)JiN9CMf98(
z%^aBY7U0eyl1}p-6RW<BoemtUccQaNacv&j*Q_t}f!pVyR&!~LUp5_&r2&msKYL3!
z+uca>;k&E8q!>*;oL2Je3F`toe78ZrjPY%Qwd-=3%3yn2JnxBf+9q-Wj4KQc43c(P
z<ta)?;qx=KISjL_EZy1qnhuHmo@Vy?y`<gz!7+Wnhqq;z^Ol~sHyCgNTAB5y{Pppp
z3O1JHJOE(B^)<<oij%tg*Qv(^4Zz%q<h7zLDgOxCJ123)pO#*oH0-ay`*#>CTSwum
z<&T2cCqcB`YCXf{Wlw2=3HlOi_B@kFE>28ZN{7+fv2y#RmP*AkUH)J$T9Q8MJ)6!%
z@3DqPX7U1L`Q8F$2)VVxp{*gU#$0~EOJ{)ZOrZ5t?KX>cK36vlA~O#p`PemGZV7K<
zH;T*oJFf%GY7mzdgm8!#QY6)Yz*^3#<6`l|<}xf~N4X?d-&ur^VVM8&;ZJSTTG%+y
z@2MYsI$u&c|M;+@T`=gNF1I&Bvtvh-^|{$$ZdO~v`N22)@{xstp>PaJ%H*IvBgbG=
zlJp0Vnqz|}_jZ}LIzNeCA!p^usylprvz$;kl4bwv{B*I+rVZ#dxjS#$x5C+g;FtMe
zsNl5!5wF#=Feu3&W^O4^3k8wlqkMOQwVRJXU2Z8)@&Nc`gqB|)hBl~Qp?qVq(9KV_
zRgzh!=Ce?GSUitwK%vSUtArJPEWBqpPo1&9-=OPNME&Ci9psqD>GEb@j)}gG=?w*V
zKM~Bxz&OWiVig^FOq9ke9JdA?WkDObq#x;hIXSOE!Ca-o<IlkNb=Yg>7`on*5%sVx
zbV+V4V~9)dV~QOlBRs$O%7;5|K4Xts`XcY4=g^~t)${XH-a~RLtf1Ni;Pmn2;~N?i
ztbf?JCj13-7*J_p@OBNcUn=4TA*K1fOnE$`=kJOA?$dAmxIFL!5qd~vFt8a2Q<HT1
z(rYu=*y3m#y+f2#uVQ|5U^~ho#!YsVOvMC@_t{$Y*LRs#h}-V7E~n6OOoHaM_e$@P
z1$fKzEUB5Sz=fIXbH*pi@olR|7jGv;T~VV2-RZdwB_HR$7cSXAoEKltxb{WNyZtd?
zo+wka02#k;<=(>(Q<9Z3B8Ch1NlUkP-VaD&1gQ_*zhHCZxHZL}v^Le;>TETU)4FEZ
z_h2yF5TSX8KM-_X$&OC>q?|Uv8q62Os0Vmy1eo%YPO0W8JcKL0o{QycKJ#1qojXhK
zZuL=;{dB6n#izZuI&b}Sf2h4Kc1CzbVV@h^o5EW;F2#sC_PF$*taKEG7UH;S$F=gL
zrYrofnl3jwiNTpg3lFm(FM)*5*w@{R@fq*y*eh-_^r-1>BsvaO3~_xdo-3=N0?uJ1
z$@m&Cl5wD*!Vd$?-z-@u-wOg)sdRwg!p8{mgx}}B(KyNY)@Wmw(yhK=*v$MracrQn
zT5S1+E`r(`hK|~vjOG!s>cg*6VvRY&US`O$VcS|mTXu)+jIiE-dHL^+);yOVVpcla
zbYBaeW-gFYm0Wt9)%=Nz?P)VZgJE=p=$6wiF>~|Vg_0otmR?l{Q~SeO8X<B=gTupO
z2Az_)MsRkaQR1eU@A~>EuXHK0Yj?(vm>jUZSxXd^j!0T%?Rx>Uy`$bcw=I%@D}9~K
znB-Vq$vpuy4$gi*y~-wgL~kFm`-?K*0ZVe+rRs_t&=7&;xET6)<OP(OOnUn2bc6!t
zaSaoZ+V6@y*GhbPBZ~si#{s32Rdp9m7Du+8Ce69EAJdRnF?6dHy>u(OB$d7PQzH~g
zi1B$CBCEn~JWN2by%LU>B*w&yurn^bVc%mE_+69RG6<Pgz^C6c4-AH*n6f>WK=?z-
zhllf(k_i;#^Yn;^Ptud+?j3zjzF(94eEt@FNb>#7OgXisY}&Wjg<pu(m#*2%hAUse
zBM4Gi;%_BeVks%GAF#GEc4m$lTqrl3I%pZ(opRg^>-(XhB=cB9QIAS*E{Sqr=Z)pB
zLC{1-e)xev&Fd9q>w<k7!yXBke3l^EOQi8P|D6%cj`$~yqa7k4i+bD+ML0*L7P<$v
zAFH@&ZQAW~_~NTP^m}rc+66)_78)DEKU>L<XvOKV7nSJbZxF>e%VaSZsjTewYth~-
z9`hjW>pXa9oJoEtGxAj`n)mrt{;R}@c<+F0leA3L!Wmgk7-&F3Niob-x2{xVme9P|
zb1>urSA1H0(3v5)jwH7puEvqdjJXR&f<~<`sopXi$h*9hC>W0%tdVLOG4Z=bIb68;
zq&SAous=U|!TMKy^sV92(&GC=`Q{7b8{K)KuLo$lTZcw}*;EXzei>jIs_2VlP<4Dh
zpoX?qFqG4asrA6kGR9INi?VrS_tR`A_0*VA9aSOW!BCqs{?LJq_c_!HR4%Z5bO&DT
zo3W7@gp)kr@8H9rZ!TG+VQM#OljIaW+EGIvX-L65@p?W9kaJn25Yt-sb=27!<w(lp
zH@3M5M&vJi9Yk-koRPx*Tx1T{`qEO#30K}4EuB5=`5umGm)raRmRx18z1GjhdSByC
zLD#yQ+_Y$~if^aLqvpsigSlH?p<f?7uufGeVqo@{%p9O6z8qz&;AR?LS@t7Lm@`a$
zE!)@Wc6{Cri&qb0H(z99MZH6wGE>%#;)9NZ2<(=LG-h4JWGP$QqI4EjE;%*6=?TX%
zs^q&BS77H*(DCSRqNuhK6R#Hg*`ZhpK%c;3pJ6x*)e&4K;;Zg>*@X{%bo}|>{&4+q
zZFwUyTg3x@HH=x${Z1NY4<Qo~o8ZY;TpwLswxp4IhKb#c5#wR;%j1}q|Mo}yg>Ac*
zXC7uO8C85Iw54i`g@}uJR~kmTayzyr_Ri_&5S5RqfBXkQic8k?ClU$vow}D&yb4@0
z7VP!)TyfsdU(yN|J+r^s{q%Sr-`&8&h;c*1W&F3lR@Vsp?Fs*S7S-s<F5sOPN*|wY
ze;pmX|5w?8eM)!n!{*yp&ZIyM?I@D-OGKQ~8<rr;Lk;CR2_pmEPskGzQhB158)=x?
zJeTKX<C8~BYMi-t&{ya^K))Y&iD~=EH#B6w_j-$1Wl>veSJ7GLM-rd8_RA}P`uC~9
z;27c05m<<O7|f?fMCA|B@A1Z+poMLM7s3*_XPg}h`bV&c`O_&0reQw8=2IA4M^WWq
z!9eqirQW`IPL1{N<o*}2ZW4fX{aws{B)&O+`s8OfN0CoyCCe^pa`U-&T<t<TbHn4u
zaDh8Jd&z(UyEE_Cn>Xe7?D}f4&E8cup<}XBEkPt(b&As^d@mkuLiQg(^9F(|4NFj%
zAm<=O=_xQ>364)p;z?G?_(X8bkCS)$2WoW)P|KrPuSysZ40(E;{M+{|2q6`+Q4X`)
zH;t>K&pah6JVl6H9I=Dh@j34v-B1+pDD@c<OMh~Tmg~^I)m|k~$&N|+H9t!DcWwbB
zp}zy|+Y$$%ux6~ZaXsZ8iYC5fz7cwmSL&XG{0S}hFKrk5uh@6jhx&-G%FKWG1M`0!
zLN*4FNL?;)CbsS`36G{FGBff7G=YUN@FDMX`*?y7hCZbdOx|(01eZ@HIP)-{+=B4S
zJ;_Gg@T6Nanc?J1?lj;y6HU-bGB5IB?|r*=)@h=kU%d=C_d3YXU00>4^5vJ5$x>hh
zU04WNg76E7?N7J*T>*krb;r4F0%2iE@iUQl2|{8GmEg|UhY3Wwd5d-(^2Y*o7uNBz
zkdOglq>$R5t%|P0&HC)q@hgUyC_GL{|4<jU<5%Sqw7Qzukzg*%5+r5($missV=azF
zn%BespGdoZf!;Tbf~JzJf!BWXW~@@7vU~WAW9cJd1D*3FacV2?<qr!#6wZ7fyk{!V
z3%#z>=ZH<u)51Ya4*2k%a+vKgIZ%DYvvUbHPDRb1<c&2sIa{;3{j?Mc<<PkF$2W2k
z;d-wP$IK*IPZxv)HV2ElMw^84vhFia!~Z~)PY_i!=;=DS=G{(#gbm?K_uEU1+$%At
zdRVD%&jJ|C{}Obz_dU&$nBMTR1XU6I#bl2m0$lA*lgOWtqGuG~JsapM5YUmD^mlIv
zst_3q#ZR4Va2pSt<-~+S=WYBLi>`;5f4=z%E1{q(9dkEog9d$x=nwtVH-07q;TgWM
zRz}HJt_TM4{DZNN|4Q$4{8Nw8%o&56K<U66SzZ<5rWhxSPl`fM7-qUx^>(=)&#&st
zC%|A3V__luc4Q$L^&mF=vY<*Y=kjj_7=RDnAW&&xf63kVh&>kbOu`eCKy<J4>kXv+
z6j;fP?Z29c=&;Wj)}SY{_l!S0-HsHr9loslf$-(}$G+<SVLK2QuslkgY{qRk*V4^J
z&CK3oX%^o+<>s$I|2(D5Q`j9KrF7m5`gG=Dsvj!~u2`j>uOHIo%fhh`H67W7I46W%
zy#YOevNyz=Wx3vidipG~!eVnzw?U!GDwF@q%r9M~?8Q{mj;o8AuC-7m#R;c&9m`)C
zVQ2e^iPq?VGhaxD0g}I%#0?Xvwa=bBndTB>owo!-M#0?pN(9$$1y%ro%*<Z8kDHsX
zFK1HZOezPZLR1#;FnbuAZcZQJ?qZg*`8bpGWG@en_aZ6H>^VB&9`)$#y}W|<q6h1n
zq!AX~(3#a?2@*sPB9*QfS3B8Aofo7?OO=!eFICcAejkZ?7G7Pi5<&V93vqSHMv3p_
zT>2oK2YMGzPmpa-3Wl+q$s{_1(DKE^4OTdsEJ38!LKAbR%eq6$Dk%vwwR{j~dc{e1
zrsz(9L^llzqGL{5iSgtcoL8V_1HI}ipRd%T+(|lHzWju&*-v1s$lO&KTxl8XbnJ==
zjNePNxj<`UroNJhSiYS+70Yra=?M}b(l^B^1r52spgEC@a>tTU_=c0=@(1H8!v7!{
z#UL$;+EAZ|Ykwk9U0`U?4@r_=3K;%KiVb&b_)E$CeQAjxh*&b4OU7k-sY1f;<f{tj
zi*YUj>7vOI-*NKIZRqtUruC$luf=pVKRolaP|&F%D1WMx0CKtR=@|Lxi{GS!*r2F?
zXXG;Fks%EG%oC%xg2c;3z{Ra`r(8^MOfS^J^{=Te;x9$!-<`#Q=TNaB`*H>|h+D=Y
zM1o#JzuvDG`vGCZ=_*t&AyJ^gcxj8A&wYUXRP+4<Y_4h$8%qLR&vsNJ?dyLDUxNLL
zrtni(k(?dQsVa#*2f?1;djg#_hC_gw8r|8apaX+W0h=BP8P0bsa1i|pq_1dW2Vv^j
z7f)9OR2r&#+!JpyGA31MDA;^9JqRIs4Bg18mtYDRe)L<%-8;4-Yw!xVwtptPLHiA@
zKh5`>w*h?BL6f<>ja!18^&aXRr+dX)0qUM%^Z#ov05M3uYPawR#_2c8@%t1BAO`rR
zh5<+8!|1?!b+#Q!O$ZSZG{R`EFzr@<2b4r1nxy5)@(#!5mu+)Okhl09g?X>Dk2Cw2
zg|129gk1`VBTEaG^F00DeTZy7(?w7+e<qzHb-#0p@jss;p#fp}DVD8rd*9;#wn!0J
zQC%@^_lYU_zp+NK={=h&!sps81y%GnL?psMo?zkUZ=2-(v0#5HeaY+^A4VSon4NP5
z7+mA8o(Qk_Ioel*$KP=M0TEH^Gs%X&ySO8M&zbD#0@FKwhb9m>7cT73p!d9O<9hm*
zA0Q0gOqGo@s7;bkcx!j&10+hJ-}f|1$UO2WWg7N*eCmQML%Xi2%}bP`<(o}5#X1{2
zg~yAd2h~ehMZD`hl@osHkm%AtPTTW4I24>ioXDj=QAZ`Q|1a8W(WTJ>0pc7pe(6;3
zMjXp~<<}k<V}UoQJkNZBiwj`oWa5S!YgvhQxvz9!@<hPiFdzLbrT-U_#O+2FohTV|
zEe^Mep1!{3SiJlH#X|Un9@NT%R0@nFqZSNf`t3NRTm<&s^Nf(g&6?U6-dktBQkxuv
zXDl$Lk@i!lATIyQa5jC~C~iy89x2;`A@hWbTpcceC)L;HX@0?SfXCHwo-Gm#A&~%H
ztXA4LB|@+dbbp+0cl+<ngfSQR+wfSk|BHo?%@UM{eStnyPkgfY#143N>>H6tZ<t-+
zQ~7n9;7rbVdh8lu28r^)yI%Q*_*{zuwpU#-a2;O_d3l|B`2Pz-MFZ@>cj9yhb@33=
z7*rmKiMxx7*>ZB8iSt{48UBneFnutpeR3RbqVgk$#B5)R<6`Su@kQ_3C}+M!4bzF0
zP&1rU$af+DR;eIWhZ`CaOubxxiH7dvRel@ar>7eG^;k_FTM0&J|E&iQCRk*%hjr@P
z$G$#RPFS$FA4dbvy>I@zdjA)f`biu+gRwliKOPd7PT<{UW)2-LvuE`*`$4GwJKk{N
zGJxVm+1T%@qf(>Tk2lVSA}R#MyL(#&T!FMcp`gjOtX^{o9L@szpSNizQ=gC=<Ji}I
zeeUWj^cZxQ!Aa2QAH+E4`VNvBz-q;>?XByZR(XvizPgqL*NeprmH)jq^c~<C$)v-q
zz9+#*-s+t#_kJEf2?YT(k4B@bV&j~2nnnw*Ik;bKsv19cLX%15V^4+oK{M*gb9|qw
z-%I>?!c+_pI!GlJ<=W*R#rb966E}<{j{UaeZbH$wz+@G7IC;z?-HUU-rSl(Dhpj+<
zUa~oTZ@4pXo<ZMs+IWL2z`!w9{q3^-Z}x&2WSNpe!FVmI_<dJ+SfHpxn2TAV?th~g
ziUn0bGlbFu&+rq0H7X4#@~PKLEY8H?<##pNGgKKM&ilV?3aA`Ni#7Y|DaF(vA^1T$
z^pTRM_>KHamXH2<z|i+%3y-yWokY)#tX?McAhe54r_vJk2x7I1cV(!!N2RE+1=!9!
z5PCHTZ)}1^J^Q4xyiY+~>peG~^hsRndlKMx;+WpZ7k%4b<EzX6IEBBg13X~}`=Bd>
zUkVj*L$<;P%hT`S9s7z+4Fsbv94>v6Oul-ixOf5uBh`QU^#W0KQ@*Mm#Ff(bB$Q8R
z^}mWMoyHzGCi7%k(Sz$H{>w-gFbh+S9%-HkU3!t@kVT4Qh0Jyr#~bW3U*Q7e(1Ld$
zYltd-cURQI?DJcqQyTa^gP0=T?plMD!=;2<$>+~}K=obd_hnd`w>0XI;|tHa$W9<Y
z2{EUGl0KK_c%TnS?U}sk;&S}s$FMLg&4TBr!T)op^^i&UJm0B&tE$%evc##2_m2~-
zX8w!zhE{MrmPyN%t=pL=Fmo-1;8#C@p(TgMM~rIr@XVcGcn@5v@HjG-qhkjL@Y0()
zB-eST6KU@PGlSkBAT8>sY<Xn_v+FDbpL11%e9`-Ab)YK8tBh3A`Sk1|&AnotmlFC>
zd`^q(Oi^$S)gO{fVB;Fx%Q&Ze({b#_K9w#bd+SSNb?G$NdHRp1Ob{!15y%kG+)&bz
zhUqk-!w>CsU&(MTVLY&ySm<nO!;S;rShnPSIHkXH2LE%n9WoueC7wMBmPXSj4ZcV8
zJHEwv9H7a$+_3s#rJjX8>Ga9}*fTn$-EImNp>valo&-%``H<<ZvBza*$>(5ptI_t%
zkO4hVx`4-H4OaaVfc0mQK4TCNC`cHEh3J^ISGs+2u*8sdsxKV3<wD`JeVcgwOkqWm
zeG;4F7#FKfIB^sFm>~|?DJ~ajtfZ3?@Hr73|8~$|14CGdOM!9eYjns*9xRT(rCb0Z
zB=RjVc$eP$PGiQ}oV~6qv@Qs92uzP%JvqW<M#$#gvZPbw<Ewv>O?fsvf8s;XI!-qf
z+Wof%KZ~c?$|kX%&#}mZRYJJDecc89S|uF{Uc{Lchf&2Hhk0Pf(c!Erj{&>G)y79t
z5@Ns9=6{<FARoZNGIohz`?ABOQrBdPGvD9|uzNVwHIEKuv;!{E$5?I_z0@BL4h{x|
z@o)JAuboP%|9J}Jew{@0!}6!#vf6ds{@f213;o_8De_+#DQ+&Sg>&~`wx@Un&$WL!
zkAk3{VSROyadLeNMKz@Eox6DFtvD(b`<Vv33#6d{EL_ZLKek-G<ZhrW2>8NsTmP>x
z3`9lJuy@z)`jIc+_Vb7(`G@>E`76OOD7ie%GIq3CgG6C{kApI(!EP2sUXdSjkgLNn
zwzn)36)E^;8%)X0r1S-JNR;To<U>!K)86n>4SWz_Aj`!%O*kH(>i={<i$J3R$H)}-
zw|!&-d8iXB0aABJVuA{PotYj(L05xfE^^F*wuVD>5<czE(oeO%>n}(;sr4o<_l!%~
z7(VhoTbr{(6a_gZZp(`~S0r$xmVd{St{!_-ud*KX`H08mqHmlXF|~mt3<xBjq<VlT
zA79}At&Fmu4V0=_TymcXL?tXamGFO=0Vk-20e#s@td0>RnCPKFUu!@s^IH=zKxogN
zd-)!@eEX+NoY>h%849t@-(%3UAO^iQ42*)bJqgAC&M1g@U>XUoa~1)JeNBH(jDq;p
z{I7Te@Ry#_$|zql1wpJ|ce;K@lK!Bs>o^o|0Gx9g&t5aQS7g;pg4$5s?U;NT#dLxM
z@pjqVq;M^r?cL2YgP7-_LyTt4j1aU<H{dh@@#wr4Q~S$k|A!q>0GsX39j@NEus2x{
z_vm|h`SqWY+~rs@muGTxo2@*T{&eskB$WbWzP$$pl}uxL|1D&cI3_pxu`~mt(l4VR
z#utQ7G2>c#%y@h5iSkr@x<5>>pUrshPEe=G`aKUgty*<R6aBw%`|{W$czKI=@sqER
z!^bl{omhW}X|CU&%xj4g@i3#Al~lq!S;_V|v{ozJluYlyGCuM8Oyz=i@5F{+8^S$R
zxGcvy$+UXS0@Yy^UG)B$SbcD8IbWndTNhq*VBy8BJzMUbLj{!|&391+Ri=X@ew;u}
zClXcQ`-2gXb&MwlQAEd--;tSrm>~q2u=1EH$c`Xk^*xC&jIsPJ!{$o$I(&&V>=8>W
z)0w*lg(2z$RDwnK^Y8SYgnePr7#HZLi6h7V!2G{V4_BUxI)7yw<l6gg(s>%xYtT=p
zpwOQfPOddnV2;53T<YH6n(dz}cM*XV%P;Dmu0Zt!1-0S!+idQ$;XoyE6V(W`sIQmk
z*$K3~0qP=1{Pa#REdkmy1YM51mi!;$vs8YL;L&{?h)*Y52m-xk5CQsTOxOSQK7aqO
z7mulqZG-L9`agvwo`l%VpH^qX1s3}d<FjDV!vSxFlk=63fOeJ2nfxCDe^h>KU{~^A
zCLf>f3Ygf44nzCQQ#1dc%a9bnfWqHI)j!D@6!(<kf}8=zqSf^8TuUl=K)RV3%Rhg4
zN?;JQpoZ!UieC4-e>?$@#4E5zuhgR7+46rL5tUyqc;?rXU%yL6#xLSY_|R3^{ih`g
zF$RAt?s<&+la{6hck@omA+o?yYYn1r{%ws@9Wjg!qW6DP6KLW~v?$_B;GF=Xni=3}
zd%*ARnMw+nmTCZz$7=dz9Ebw+^vANGAmkL%f7|1q!TRd(Z@(?ff8v_n&h>R2a)nJ@
zvyQ2Rb<(oEfS%}NXD*;$VFN|m?f>-4IyabK9FOk!Lr&!U+8jLa)=j_%C^6J0D}XE^
zuuz4C&B*`Li+=?_-(UW@V%EbsJ#ZsyA-NZb?B>y4hTlJcseuiA@cwmX3IG6?{wYc`
zluCIJ>oB;Cp8#%u*Eh#0rM=N!<3G@*Q(>w}OKM5Dg~yVzH5Ehri<c+gUKhm#Dz1Pn
zq5~#xVSi}u6~g${da1l4PW`;@aOsn8Tz4x%nN?}moWq%89NDEq7?neU&CRZ&<2_?&
z`+A_&Vb+FmRd2X{@C*BM2iP6^uFQ~r#G1xz35~|aTjCV5`ZJ;euy-&#2}m>faP7*?
zg4s^*8XCrNZ8Kaa`}^6@{b{b-N?D+?CmV1T?=&B0^8Jbc_L{Isx!f=V3r611-DWoK
zX)_`=RxC1eFJ0M9Ll0&RnMA*Eld$czSsJ-9J9o&fVa_kSJ#_)SVzkMT{x{D5Q_xEE
zqXH|!2qynTtp&8>o9t(!{cI2dZm+)pgLe}&(_~&6sf32nKe&wQe&<`w`ap1+Ont{K
zVU3mXYIs9wPqmXh_2Uu7WR#~izk306S$$EtKqbKg&e(iF1}zoyMZw~b=5T2d3nI|>
z3G2t4BApuZiUyR96e;a6Ui}b<{r0^+9^UCk=UlI&BC*TFA2Al!{0cab&TE{ii=W16
zJ^a8)^KSw$=$#Ajp$SHT2}&zy`+0o^lxVTpvfAMws6MBY4&>=;AIV;Qq@?kMV0&je
z=E+eK@fLb8sV2U;<OM1}Z2+Dkj1kS=xQ=vNb6Z3LxRDD_;Jlsw#47~8##B=O5zz=f
zjA?vM90|h5Jr{F#nkQ&EImJ~C9;jw2ZT~dxz1DK~-x;0?!}UEDLfxVcsiO4&nT(~$
z-Lw(j&E7GXB1NaG2@jCRqqlOsMXP8F=H2VNHHcn6EdE6rv`gdSA`9&ZanzlKL=|Y|
z(L|NtRD#Qk`BLy|fbro$;M#FGGj)D}>SQ>teMss4YU8G5dSlyO6BzwAY_tpJfok;U
z>SkNr4YLfhdnIjn!;{?VbD4F_y*H&iTV$#P^j}*#wX*2e6r$XH7sB#Z^GBTQQ<Cqk
z@kJmGwnhS%DvtQ{r^TipuWwj%?UPM7Wr{|yOY?ynGW^%>C+yC105=K_m3!(t&u0sj
z5lh_r<2XQOhTC(s-I=!qqyzlmGgt@+L-9r(<&O3&fq}uA74dj&3<!+NgrBn{-if?@
z78sw*8VnhJmn6Y}8zaSA5w61?dg0z?#TK*F=P4b&fkE&s9dOM?yJ|+ILJ5@^9(kkU
zokY6<t07Ac&WTT~^Sj~UB*bib8fA_zbe|+rOh?;C&x65gA@g3$e4&Bjd__Uqmkt$j
zh$Z+OdP7#774!W<`IMQg`Ezbg<!Q6V@|aE1vp#lGhV8TqQ3ekfAIUbctmOriM>Eeh
zHP)}2Gp>=ObGx-VnfJ(RH~QTWG|&Vy%9bpH$FKeI;u5hy{jT~8VY5EJNgHeMROK?R
zEx86AGO|AW&5yS*b^Onq=7~{KoEoSNTwl2_L%)U10k)9h5JtQ=K(`CL&D?3$qiD>#
zGaY;s<jp?(P$_a)n2DoGr$DEjx>QWH^k8$qY^9p$N&4NdFu}*wX6ssDPG;~}m2bfo
zB^z5ei_`x0`v8^=FbeI<qzf9(w`qr?gDnKWgV#fT<NZq-cVqWUG9ns_&gWlNZAv+c
zW;Sk;BX*)Jt&@S-f+_8O6-NiTqq*^09kt}v2HTGLsyBDJ+gC4TWYI}Y8*mp*uPK)+
zhR*bcIb}YHVGi8l+rvgdh$#5{QO)w*(}h%muOG{HsOsk@OEH8ciYDtwNJ~um8m+zu
z%Vkt=Q5b6wn-nJj%gEQdULGrNY=2Ne=^8*p6&pFg<fj|U(buo3&;llr>a(a>!>bRL
zt8iDh@qHWDv_5M_sXg+n?6Y5TeC#GkV$*~07dpIaJ#3rgn8APPb{k&iD;(ARDUJ&N
zK(XBj#xXD^&hNhZQ=y=c6i>_*w%Eb1&!ud4XOl{Cg~?1!OZ^SdgL<>*1O4e_pQTM9
z%L!~dl-CeZ%w|Lq<umbKn&2vrw@&318m3^5VH+AX<@{lY9A>BF*!jujyR@p_eOoSc
zc3QzC+F*aP&-enp_7@D!KZ2E$Qs2o}cay*Lw!|6GO5&UkavRGmv0P$mj$mul9-_bO
zT6%#&HT#iPYk2jyUfcFWJajyr^kZQO55u$z%ur55@NAC?ZVJB#vm8Ucn2II9)ORnt
zCrG>|?MTzapwQ69P*tbf&U*vT#~gnX;pU~?pl~6al*_AKVVFS?;e85=B*Ox`8LAZJ
z<s3=Op;Ai+^4fP(3p8j1<tsEC0E&cxd|$}DUrFSnYKyqGGtHlsE~~{Z1Kzm)DRCd4
z=MvW*Q^gH&zTP<ta67Y0_|FPocluc3hH!r+P+{Q1W%s#R!sq&`UGtoD{%~23s%p4j
znf!ahXHhH!a)$8bioH!m`w*7E%Bm9`Rt$7lSMy6w>Q0z3TvPL9iwg>x2yFI_Vpm#L
z`5jpm+b4r+%%#iJeHNXf3lhI-DYzL*RV`x2Dvlg~Y4L0!2V{#Qu%;7)L+Z3+oS6WO
zlXWmHN)rS<ao}Kba^q7{Lx!Q|P-@w*y}ly;reL}lhex1uOyK*f{C>T=I~!SBxyWJr
zC0^UP6grxGWCXt0LjfQ?@9sWn)XywR9Nw&SI}e&W&Fl5*hfG~&=211Kw06f4DyhP8
zYo6g>_?oJBxkPt&eU?SLg=}vZOtU3qYwA*8Yvu^$-+$w54{kO%E2}uHVC?lDfc^va
zjV>s`9og#cQCnJ-Z+BL~J!d&}>x#!&L+~z>hM?PKZ35@(Ye<dNDm1?R%#Fe+Ie1sE
zpqi^A>6RoV-fXedmGTIrYmI~g!nmz7dA0^~Sik_D!dkr;5*{0&&PCD}o;c)BDt_J5
zY)G=AH*Nkjq7_k`-k+AatKDR-Q_*KxFr<MmHND6yQXvm~=%#2xcu7oVud!M*Rdp~x
zitk8H9$C3P(j;Y#D9fM5XkT)Q>C+Wac6&{l*!?8_gXdr-yNTiyn6Ina=d`zwpx>Lx
zUg$6r=lKrV(dKnQdu^-8W<_lW4ABrdvT4O}rzDG*ANjDjv{@0GRpLC*nJ60kJdhS6
z$!9x5V0FTW)W|csx1!RYX36_k^b2Q^gcgAtS15=#ODr12H`iE_bN0A{TNQbkcFhgD
zlKmHF)yk~~SR!INvv<8^zAI<NXsbGI1cN~`c(c7(F&4-kQ7|u;XiffsG_6=9J($?;
zC9kb4f5bXVw*!WYYW{e4F+c>yDLtUXSzQKW|GR?-dw#JHlvTiN9q~DOQWkqO>G36)
zQg9?c5(&eK2o$6ApPq9y08?#S@^vP6ST3$VjZPV}4h#B%JDOFpXh#~<e*O^5mUXIf
zul_ZMNwV&`$39>{Lu&9%pp2L8vqLR;K_eKnE^i!xS?Gby-NU!;J6s5+;@M6|Sx?TT
zWnDUtvb(vU?e;TH;u+uWHVx<Wd=3pxXT*e}aal7KsbPmev)PbkZ~a;;KT)<X>Gi_d
zL{h_ZENY&~972?ix$_lAlwW!>?G=@IWdP;N-+ve8qR7-174<H3jSyw;``O}FvQmSb
zDp8R|^Y`UrA)J1!P&n{KwL}w4barF^KAa|-H8W&jvb{NQbSu1_q-^Hf3|+KIJP5VC
zUZ>r20+W8@d*h~kRUX`P`t`;$?7MTsj3|rd9Kp_Jgz*nmvR~RUWypmuj-t~!J+CF#
z;WZ9B%kD%fe#oo}COfI8ORN{^jmw@F4f3SB1!a)VDzuOl!BnD)sg0uGS0u`N){n{^
zcl%%OftlshdkY0I`*X5K+Kpg35O>qPP2Zo4svI*CeI%vch*G`o7i&*EYDF<EhVE_G
zA4bjC4jmG$TP{oh9&>wO*#Al^+-1YG%C}P)$#|Z^CYH?fr@vKMgl?1=1TBTv`FqN#
zh@@RxUH?eRSu)DBj7X^(hp@EPSsP2!UjF6p2U@8fs(s9KPh`c=ns>wa)oVV@h{6HW
z_A#se+!g6yW(O_7tcGp1?UmA7zgifWBVH|y%l(mHxpf<lcha&ons@$!E)pbI@dbPD
zO<F$R^bIJ~0i`b=w5F)9z^G~=`F=U_c`Qe8IM8*xTl)i;A0L<~Dl0SM@@>QJR12ZI
zJ00#!n`otJePF*Y5Jy34pQYPbJm$C|a0sTAUN?1WZsA4*Nr}qn4?SQM4rOE`PBfoi
zE{)={gjX8zj=JIU`2hlQILw3Vq_;p_b8c9U^Wj>|59CI*>ftI8=cJ!t74m`b<}NY|
zx1yH_G{Ex3W@k_;Y@0utes7pPyuVpckyqI)lcCUOW*Gx4!eK4FIsNAM-3$gC$^Ox`
zMp`y2tm{GScu3HbsSF|0r(<|e9xac=M9~2Lo@3CYYMBhw!-@uhZdkPxF*BZuve-d7
zT2Y&5%?v$Q<(WgpFB%CM7jz#e?o34(rxLyD8I5teFF=GnuGf=Fk*0d5tw_vmBUG84
zdb|;xq>E>FM%}<8Z}AIp+irpz7(w*n$rE?OtpwrF7mXp72%+=F9$3U`d!iB^`4fXh
z{Lj*4GQhtvjjfdf+xRMTNuLZ;HRUX3&_FI$y<3u1P|Lzx`DARhSY+wrOsB%JrX>-y
z1|t_4);V$Rg(dc?!;g0}ztvDWZM)9!%&mmzXfK@KEl?g#AKW+G!s4!2@9>%urj!+i
zJJTsd4;;O9foI~Pj_!KTUS=+Ztv52Yd-<ft(lE@7w_uzgubrZA#yTY^W^r0`G<0!g
zrT@-D<I<6$?MNS4BI`1(HYDECZc#k(JYzUV0gcwoH>2WGpt<smi#CR>M@Aa&*OK8M
zQojU{yQbBjFj^tq9`k&*Uys~uY*K|Z>+jJ?Q1c#-)=<{7bSqCk5{gFOOUk$Mc8n!z
z@|P}FQnFPiko)%9wK?RXd&AA2-xj^IKNQiT<JGwV4LnG#O)?{zZxt5uC9D$IflF1@
z&Fq!b<mK`?+-&C}bxbM8k>w=YWefR=hTo(|mcCWt(7xa2V0~p_@2JmO^<bNX!N~7{
z-7iD({LP>E;+H7xf$3TQD_eabE-7jgmzc{U*)c;txs|to32moCSg0;m!0j#dBx&HR
z-H(g4o+J9_*8BCdaw@-ViGG{gCt%6JZ#EB4@w6``)fg};Sr9olNo|kK^)46lx!aAO
zY<JCnzHgkrS3|PgMm1PV=}cBWY{NVVx1c2F+EYE+4J`#TlsEl0dK6n*qRPPk4QvU(
zI?C_!<8aN0n{AI-3f|UVev)%YD;{mYp>LvqR>Q@R#bjKz5u#*PU%i=!>3X!0HDEX@
z>*gWOe-Lz0X2hUi*4J^fuU0DtvvRW7(x142W5^<hJX{8Cw3Tm9<mU?4t4&EEa?M@Q
z^AW-Jz(((jE2+ZJSf*Bi6$uZp^l5b_uGV}CUY&^Ft&&x>eWuu#k;?Qvv)Y+WJDAKC
z=^$SYKP)%eV8N!>*IHR}+TylvX#XPQS#dA^kYru8+@Xlfd4JhN)vU3n7fdtt(veUI
ztq)Yq={u}6sRYgGydoV|Z*O{`6)#Q(9uXdvh_746Pn++>4D=2;B^cUQVROtZjy<Wk
zXR^0o{mdNyW+d=L>ZAF3jLdz76ZkRd#1dPI=B?|GA!_11OF@~H@pi3dFUspgHtIWC
zXk0!pmR#lpW_iVZnm1TE2h#i;V*Ce`SL7QiL(|q-XNlKFk|UakblyHW^1$KWf4@wm
zWZ`H5<5X7Um1T-tFa0Z4bCL~oX7z+KfwJ&A$y&0z$O!*gYLC($jyzgndCyCoP1uC!
zBoQurJRO{?k2FQWr8n;dk|GM=VN>-&qVsO#iJS0+%(3pUWMqM~g}n>THt@==kyT5i
zz#Q$oK+TL@5$+0Gj<jc2caxGe=k}-@V$=;erRTUk_MDb`+o(i-`cluQd&+$G%r~N~
z4{bN|_5{(Yh?Fg|n@Irk88_qARxN0eTdmLMv}R|4j-0mmGsWx<ztC`bblloVsIcFD
zB$4R(q^9h{vr5l7>Vh_pl-%+TAPEeMnh&6#3H;#MQ^`Aw4WA_|<RZ#sGJ4&Xd5^zK
zaGJWurCiGkQ=sCtefo%z{O%E@1<r!p0vURH{8oExHl{9S7-vQdi@+FY=|>xXo!m|d
zEdYT)Y&KpLu-c9Dq__jbxaxd)Rt29tFiPR?C)T~Wzh;+PyK(f(`f@KmR5r}qxW!FY
z>^QOCW*24A@qCkS#hXKg17+(<OV7G$%_VyMdpk~nj)VEqVNH9Q-el%T@m04Sa)v#l
z&POerv4+bsGU-=|tp<Eq97Bku?^FhWD>gpdiv;8~N_$l%tPbm-PpQF&S_=Efd0=a7
z<_)wC&gs-lW!Ls#==1N+2(m`n4UI&U`0lv}txVK5mTeu@8i@foau*%6X1F=|kBuB1
z`ZnJKv%0LdS*huJ7x;bocKPv@%7=_z6!2qCi@usx+A4XB&|bAo>HS;}Ny~3uTiir3
zohx(WnY~nSr%HhexlyL1D68-t>JAF4U?<zBLcwj-<lW=m9K+w_m#o~@s-nD<WJ_Y6
zhy9u>G8_9kt@&r!+gmKe#fem)KabuBS>4rFyUKPq4b!7yyj*MHTW>gaN2W4&7oN@o
z)LlOX)}UtmM{A?@L*HDzr%;Q4cLt*Z{j7odj`D^Xv#>SEaB>BuwWOt1)#**el;}{I
z&gG`8j-ugqHLhDwj+dB+71tUU&nD8^=P{vm4+)|D*rif#b>2aQ)&u)!k%G|45fOa!
zplV&FZ;K>oU(axA{a}m#wWsdk=76zbNWx;QxtxkgrMs1CQ~}2Y4di|eS8Fzttg>a^
zD;b%OT5A;c^WRMTnvF!3X(Zd|@NpUYk5R{yPa@a*1PvMfCbjCCHoQ<12ruo;#&g*%
z)0iD#LbxRU_dVJ4p}CCCb0dIi8lK;JU{n4=6mPaTkM=JcOciTg1oJ03<IMwW6rTE!
z-Qt=rVlrB${d}b0c|gHFpJh70e7#3$PZ+PsM_TL-QVk<$>w23A6L&5XnrbVX?VK5>
zp~g_?9rpQGv|G_iHy9%_A|CF995DuYs>p}G$__&h8cN@siOb;V*P$6;-^G|@F5muv
zITC-DVBc{rRG6u3{i-c62ESNmFS*@lwbU6KZM^y6P;4Dma8%@|T%gNd-lIx%U~qwD
zWTUKQZ#YSuau3nb*@QQ&aHJ7pb8!D5yJVF4(9+dl%3Pu1n9wk?5eY>MrxhpdJ##J<
z<-v^=kK$g=0P%a~<;ZyR!J}#Zqx`H^?j?sc_sGgkuUFGC&Q61^J(6D*b7HjZ{Px0v
zK4fIL?D!idjh62JJ(uR%L3n{Bh|<<3KGLbC&+6w03;9kjsI@<8?_xmsT`Zn;yB@XV
zjR8t^+H42bUB7M`!vnp_*i!gWFKiP+5f8#TnOF`<#vEla(0fKBRM{#IrMKL1ub-hZ
z7AJhgextkhF^_>Y021zuoBG?4Kw4e{p;ptJCzii-83kL@<ULnHzW8t{9B$Y0_k%u?
zHi8fF*)MSEzJ8h0UVgZ%&t002sbz6ERE5L+fF~D@S!FS!u3Y1jk>7ib_g&7==TV{f
zSaDhkg<N|F3%`Y7d!ZN8Em4NpY;{Qjqr|LQpVKF|)U^od3WMImRqn|T_j1V(FJ_0|
z-)$58Vu)#9`e{5hl~KcsG5_A$+@_xoIrnGg-24JdY>$k?m0HT?dp({5ox>(o-ta!H
zhz}(#jLbHU2>xcGi<n)G{@<~OmCP6NI<k!U_uS7l*ZCCav`J2Dh;>zrlT+$Drn{I`
z+ucavtJ*)xm_oj-k@eYoLg8#2Ht6VZezr5s2*;FnB%(94F=gw}U{O;&s_d{>1hoN3
z&5#|%;p*sh;0XnIQaU}1cX?g@W<gjx#xcYJ#D1;}xK)T_U!^pwtGqIBwd^^NOtl<c
zy}$rY-k+d6`c_>iKNG&;1j4MpZ2OYLqVzl&eWXKQ?W&tN#B)s-kKDS$ujBjpfOB|S
zlNS6?##Oa+r0?+9l5;FQA~eitW}m7+3;mVKw^~P|wK&c_j~q1?m=5SYGWw|q+Jz3a
zeiborgTogHB11=hr!OFt2qNz!;EI7Ws9r5VL4XU5gg2>U)AcPVG^51j-5SCZL=wUE
zt4Os9JIBunM`@R7Ba9_J8%usWc4NPS%nzqyiH1*;RV;@}SP_HJ61k-lBFdUV4b5G_
zlUbB~bVOvCU2f2GyB($NHRS>M-PrW1eyfH4ykWB1Mblk{=`M1<QX`y65HD*)qm@!1
zvVJ!F`ufako2lDUNp-|YF-!teeZUyfnEK8ma=3JKC@#i{cxAu;^?BfAwEdjNNdDb`
zZU1A%M>x{9LUOY+E}E_6fn7V&el8{HQ}aQ4#CW-Nqur$cQTS*>l<5{Zuid9y-Oi`+
zZZ;&_onuv&d@2V=WGjRmHe~2E8<)?4_Og#k1w}Sji{KMJ+<gl``pj^c;(qFn4Qq1V
zu5yyp@3bccZ=v1qTtaA8bBOfFQ^_^(E?r+?>C=y}RGo{eu<<4{o$zI`eiP8HVLlAd
zv1=VK2pHbEpglq6)vI?$M`N9dONHh&bN5|yxKUj)#kC+jOq=YfrnmYW?N6(4x8@I6
zTc|98u=t2fCAlS4vJ}^ea6$8Zee}3OYQefbgp!xe!Gd?(Q3Z2De0uw_;Wg#+TaNks
zNfX_-hV2TNxG48;g(~UE7NH<wvu?pTw+7dmv^#t@x8-7<fAI0`Ww-lbz}@#^^^e@u
z3l%C*n#vh;_l`)wkA7_qFr(qlHT2+(JRIE~(1%!87arW$j0DxqW^+GYen!=A3cVo{
zZW|C9o<3RaMKthcAvf_xr}0HvBCQBXkeQ%of)WabSxT68L*dh3$gmlZ-#SSiDCOxT
z>~CZtJ&47oZj|?M$iQ|oOBVB8^`ZvkJfi_aTEVr3X5-CseK^eX=HkP0wtUELGb-lh
zn%~p+$iNf@p(w3}2%WdpTfd6p+;*%$m=3iM^d&c-5?*43tiyQuh7^VmZ~4M(ba(?e
z4?!rGLoiUbugH`Qtyg)x`Dk_#ztpPHZhxf~kw0LB&ECDoYcy!1+aB*8^<@Wy0P+T`
z2Mn#b#j`VU38PA09c_Vm)E_aa*{DiaYDk4NXh0`m^7ybsuE(qQYrFFFO-lFn;8#NH
zVXXW)kh+@TAo(V&RjA(lnt!c{bx<nlfJ+4?e{}RqRHz`(ki(0NiI4snYd|YW-f=)e
zF1TyS0<FP*A+LbApTp@JU-7b>;gyHA;k6HUw`aD1{;_Z_II6xxk0jz>zf4uE1ct}1
zg6Mi5XAwuA2L9d=b}m5EWa0p&A<C3cJlA=OqB(#M$nTRlvhWcH(&A0}iL?l{K@M?M
zU#1_iomTG1(H0M5(+?qkI>KAym{F<2>&cYO7ub=F-4gR36b{I6)8WwH4JJSA*SH%&
zl)zZqO;q4w`!dOO(gUvgaSt_x7l;%;Rp`_=T7+U{v#0{i@>wdmnqPJy!nC8aD<%%E
z^EnjSx*T$s>;Ow6REY8*#xbf%&|&C4K!F~sgVoXDfuYHaxHDH>G;<Fw_9tBzk<iOb
z4^=_1v~1Z(He$zb5Bv{UGDInvDIpaUYqIuB_8>#jf5U<8dS;(C7xVhj;nsVDylyJe
zho5(btjz|OCw@#n-+XeSay&JBap$;o+Nkg^>}AYIWRg7VMMRpnfC$y@y<fK$jSCp8
z=~rjaENt}16BR;%{O&0&A1=r7(COyjI?CHEKRVpAQe38~yKbE$;ue=~iGv(V#C~v&
zT)*8menS|mxUe!pU!-DId)FHiAMi4NHP-`e<Tyr9-uK0Y#>qn|?iWbHjfz}u)77g*
zyJJso_ud_HS=9_xW<ooUlZ%-BHnWTIQO@h|;QZPvRr6-HRWJqoo%Q8IzECE`JLkh0
z)?bA@cBZpqDmd!y>Z(hYq@nrPX4|si#jtxzhg`3$xL6^xXi7o1<Lie~5aX~?(cW^g
z*i$$0d2HEYSt0z&sf}Xy$$$kPGb<;bq#}j~FiqAV(_}ou8cDz$OV%ZxB+E4ui#8-k
ztug{4-|*SQvV~&D&6GXkfb#mEJ&aVzLgk0{Qz6a2?@S*j{Xsd*?ejrsnAi;Z67ok^
zlyF{cE4QJNJZ3+7fE@!f6DS}E7Ch%lO#qo5PaAKxMZ9Qcxm}C>y-;9W4iN)VDJ(W7
zLlQAGPnGV3UrZBb!CkSe043_IEf1?GvIc~PI9}+9e5dcZs?no+&g|&m2rt`93rS%i
zp)4VZrcJW{sU;t4s&*g5G!0x{qP;SD{b2mv#o<DM7*7hjx+cc`*FUd>+01+(;Zn)5
zv)`Dz6-X!ULoYP~oZE}=tzk<PpT||Q=g*gD&gN1>DX7Oa+TUU#ZqKQ#4Ox%S43$`i
zg3j;tz)Za|PqDIBd7ctpb*BUcQE{-K(P!SuyWr%@|Ays@aYhVrMqeVAr;*7KXc^kV
zvnImbS`baebzzRM9HdA=m|aRuC9p*GP8KQPW!uBo9_4(U#JdW;j(>UMEE~*QiTDyd
z=T^wA2X$E+NcBiFK>M==?WbhPq~uh)!WfGq(;&)5#g*=`4hIJu;Z)$Od;pA|Mj)az
zRp~&cC~ELf7M~_IeQ(fVtr=cV8_}<8tYV8mn8^2r+vcj;jM)y|D*ZY@>4twZ)jV@g
zIev9$^V#$oOW;JHZrb<zJxc~oVzp_)r5i?$0JcLrH4}Yvk@LXx500u(Y@KzY)l@_F
zFh__j+S;D9t~sqKOt^~&y1aJX!n$H!hg_CX`76*3hJk9Hr#a8edT~ARWt2z*l>7(+
z>CryIBy)a{qj+*3vMc4W<@7M;I}&IWSH4^JeXQsC*^3J7`+{F;!o>I0-Zek$qWXrJ
z$~J>!5+XDGdOM3recmxJ%%L1y&kM!o7;M9FOOyAiTm{jbhHJ7)S4!DjJI1tTkj3+J
zuMyw_rmV6}g=O~H5iX%LOfE|(9|xMP&#_p$;cJY?O~1F^M}(^0kd~IVx`dap2Ramz
z6X-gZxW2!LPy0E2-dV`NccX?;xS;mZqFxBHPdi54lc+bp_stK>MRn!3^AkI3(~WOD
z$@O}R_&u;mwWdagTQkkj8v3D3X&JT+lWO@O=AByaw2PFfuA?B=BgtjWZoZeUJUHsD
z)uZaLaw~tNDU!1jM>_+>)Vdv((o&FCg`d_PESrhMU35w*7bB49iOVwPNsTfnur;@z
zyO#FYV`%e>NK77Acl`X}EP4<wNRb3qDs0{IB2uvt$Sm6oFVsYuAh?q9T6{BzM|P`S
zG#f+u4u*gkDxzvPduzkvdPTp67m^;WxX_#g0?q*lYct2rZ|XNUb<ajT_;N7w#kWK1
zF~jU;?dZ)9bCF1=&}4@K-j1EprpaxM{yQe0Hn>4nWM%HEahYO_4GIE)T&#uv2sHwm
z-+t48wRN@Hs?KRk&bm-vdFdE7A^xItTcA7r-^$HhJFY#`#X)pvjyIf!6k~4y^?^OB
zQO+0$Grp6ct<VCxg)@_LTjf4!iQ?|Xlur`NXq=nx)_3GqoeWVlx((tKRx!W=S1>9y
zRmNir^W3(3oerX-)}B+{vE2Y@Z#;6HMw&7PmGg(Jxcfl*!!RTjlY&iH0ZCXkXooa}
zw?8Fymle`hL{>R*eBTG0R6piPNjS_OOvKfSNS55{yOGQGeFKP>&pWQpaKTk5Nd6q7
zKDX3{Vuc5nb5dfbQT0$QEp^R8&ngk~r~TF<qoP5!JJztN5O-)Uj$yhgmJJwljIR=+
zDD!P?vOcT+ZdR!t+-JHWRzNW#u4W5f`E=;8OG>=|Q~PUGj?Qhc>HA@wS$$lFYEy-v
z*%NLb0GENw(=BVXhTUOa86n9I{SMnu#XLPt__yAIauO_@-6+!1_6g>S{Y&jmDPEfc
zwG_@GeEXwlr0;q*hXDl>!0}s^v=n8S8*8gS2XJEHD!5pWaXv4YX(7BWN}MTRn*X`s
zutq^N0F$wq2co+i?*M_ewZFUj_A*n@Lcz#zX8G2zeKQ$i;zvoLbIh*w+AnqA@Hfr;
zeteGX95L7fpZQqo7Sk$cCVVNGb`hw`R}Z3Q_>7Lch$I#}61-;GrWbjJvdin@K#1^F
z>Vc%M_-XiWDPM>yCUlk}Mno~?ji7Ko->D5Nwu0JF?2D5$oTbWNQi3@jbMJ_;gZaKL
z=u{Dnb^YFVUg^g$d5*98q^2*|XcfiUrxB3(@mE!2P$CF0cNkb_k{s6%x~5+OnY26F
zWr3O`Ga1%D9^PeP6q+99J=~rE2}L8*7jgv(p16DypE`Rp?qvnozRx=U^K$Imaw(Cr
zjlY4xTfY@T@;L>!w_Ni^>4=|!VgV!Jw(l(4=U+6#yUvA{=n!i8t)y02>a$xEHztJo
zTsYtH)_i6^b1Upk3G0T=%r<CZ-`H|Q7DSBP0>^v1V9?AwU38<TNE4K~G^1bK>l&bw
zi>owa>!gzTrsIN0&uIz4A?HF*qju7V*{qB|0fj7{b|{)dD@)EtB^SG}u+K*gxmD~f
zD(<v2nU{gQ@WR}T3mlUKiYKtf%qA|r*-+7cy%O)mgrz;yGjOB&8n~<_#iQv~l0+i0
zI8YE1*1DmmpV~LT^~p9~bEYlMtY6nsehV7*(Y%f0^L%Q_ygOCe3?vKdCVcrR$h4fn
z^zwM_!UJYt%x;;ZS?;=j$Z6$kZ1K$;7`)Yam^}UBG=@gkNrCOCl4$P$H$>zMts@N_
zPZbI;2~d2?3ta1#1xDFNipd8Kb6qK8-_6#wUl!*Z9jsgCN5;1{+W)<ziC)yTA@9q_
zZg4yH68B`DSgmH_=Ztic&$~aB5_IdNPb)fCk1H22Sg_Y=6-x|2g7k+t&&o~iBa;%V
zg&%7@n3iofwAjpT=6_{ZrY<kt5cK#J8=sk+NulpqhHY%2BJ%lOJ5JbvLYGNbu@|N;
z4)3}|gnzo=5~dg5_ueLH>@E<~KvvG#RanyZgTjm)WRh6Koun-Cfc_y#PuA{F^2!gk
zH^88e!U!q5jJ^Oa?I{-&X{!q=ymCnEK24gNQn*{&#~v<j`sMhonf9tCB1gZdMg`A9
zOQPlu$Eh&wam=A1N4MT~l+VBgkFSc=4>9=$8qPl+et@#ApH;#xcWp%x?K54NOL@!E
zJPvoJpoD%R((gveFQ;q9pVgX84!n0*TvQ@(QV!SNVz3M~x%1ks3+9WbdNQ?Fk}4;;
z&Vy)81LhW+&H~frCR^GHKF+EACP=X`t-HXvOZR~Hqy@J(7M{B*1j25+oUxU4Ric~a
zd+t~Vdpv_!Uot8S*$oGtMv8kT_cGf<ZHuoUH$(-U>59wZ$}<Ptp5#ngUa(MJ_rgw!
ze90l={B7tUO4nKBl{Vwu&;zEhRn~)2k!hQP43gbQ>jCOrOTgnp#f35ci@P?K2K2G%
z8{IdOJh8cDKth_-|5{cI9X{=+0@WE{UX8qW%6>EANRuSlHqn{gJu!GoQEZX(-%Jnx
zxF)iOgn=uCW+&)jxdLp>4=Us8)_s=A5A=tXRBUH40?CUWtf1)5w}aNqeYT-P8t%k6
zy9q?d^A;Ts6R@%7Bz};@Mu6HjkuVl%t(JYJD5(U8Pndd`ID-vXl|up#sCGb|RNu($
z7<%9HSQI?JFh|+&+3hGsl%xe&XHrx1zlnJfGUf~9%L%&D-Qnko<<aYUM*1o}o$NJB
zPe}u)mw7Wl)oyE1g89;d;w5>$tXr*d`Ht3O36?PP$4mHF%;~BOzl<wJgp7S`DnR;4
z5f^)1M{5xz+k^7bH40+cEAGn|YHBW~4wkX^!k0f3H|-5x3)m0KGt8?fU=z?hh<Ejo
z!{eQ{EzLpfE!`wNxF5zf4ToY!ovn=`zP`OZ-fzmBiqt?1I{?&HHl)kvOjhCYi_ETJ
z4b-$<F2wvB<B@m*;aSt}qjY-LR|Tp%4{?Td!)ANRN}{~18t5n+R}qbHh1Y9Sj9+6e
z?pw}v$!kTNAEtC(camvsttY8~fnZvBrh=!!QBD}X9WcqYDCT65*V0hJKv_bymRn0S
zuj1iuuln4=gnG4|;8LK3SElXlVyiwf`Srmu+uL4`{#gqQi(R=`h=Kt3<g3111=k2C
z^z}0@oJjXbPypRRoWW}fDrPnI$gKiaSG719br22LR%?)14e*3MY`OnO*?T}WnY?eH
zOA$mVDkzIcQv{TzROuihy$A{-%|dTcIs^!af{Fstdr<-D5PAuS2tw#JK!DI&XoeDM
za)(v#y8Bzt|6b406Apg)X5N{3+r01d%$4*c*07U%ABhx=Fq|`WbQIcV6fowwpd3=7
zm`%weDTpij%E}Gu4Bh&Hwth6HKwGxAKYCbJYpa~}UJ_-9v@>t9<8EC%BJ6D{VDaxN
zRzLZZ$LG%>OJ^~MjaCo-YIH6L^m95Xe)&g>E<5H>Q3>WN%#0!S)F_3Y6<ab`Id{LF
z+mUOJ>6A@SyCRWLc+o|`jKtz1&^gTJprD7&t}{Vg+a+0-MhN>DEtvurkbJ!jQagOT
znc8%#*uCczQAV^?^4Hs?;)oXpIIH`!O!!M%=URH)l}~7N<nvkmyE`#;njAn*9ikCs
zbxB0p**P4xP`9`q`B8Q6zX6sy6Y}-#Q4tD~6p|T`t!n|7|D0e$CM9KxM9+bnzzd*8
zAv(s?>(YSb!1unw|JUmNWq(E3$7wx5XDykI{m+J|Z7}mGbm0+y-4pXe#W71j(p$P9
z58(icqO@_oLy|R{U1^HT#^ZTLrQxS}4UqdgaxEZJHv<YZ+Mqr>C;nRIfBXX~xHp9&
zQKo+~A>X7wulxx%1=<@V=$aY+Q6TY)Ti|ix#ecV7lOm~J4*n;?0eCBq+V@g!fQoYx
zR8%0jKKuj(0u_Wybu=GIesw+mc0$<0j{Ad1HtZ58$u+ii*7|<L&Srtrb#u7T_{@Jl
z6<H(yYm2pd?V~?_6ysk8V$|z?X!grd{q>N5hD?#v@9n)P8qd5t;tBxvDL9iR>qpz@
z7+6~<g!J-1m+SB0PT%mOo=Gfp(*6GZYU-dg)}~b4;5QgG=@(A?h2J)DoLf;sqyG4h
zQK@i(C3t%R{cDlHuRi}I!$$x)7XwPZ8;4^1zPo26W?*JMEqVg~EfMxGBY*Z(=~~O&
zjb$^N<Ht|xbnr`BeeYmMEdpoX(Vic<`S(Qr`N{RLynM<oJ6*eu04k_IP$55up*9Y0
z)eeWHau3Y1=l0Tze|5+G{E;Eb&ypwM1pIXl(<4%3lxw{?kZCqe)(<4Z|68W_N5fE{
z^?*D!;zwW1F)&y4w5ZCP|GkVnO8x+DCzQsDCx=YYH0B{>JpQ{VRrJ6}e-BxCl%YcY
zzz-fLKg0(*TxuqMHmN=b>rokYFQDq5Qu+H(4AI{OEn#;T&~-hDgKZz}A0o*ki>=z?
zesoG~fZ;Ox&^!D8{lu@Iblx2{0GY@Skw<9W0J`L*+fjiZ5NR%;k0JAY(|@;QfkNbo
z<KzJFqUnx$O6`HD0(f>poLTgHH(qKXc$QHgs>A%>LXu}U0#_FRnN=v?^7Y073PT>z
zx|G$T(-D1T?)$xKDmnOu82Jm%FMl2F-&<cNoKztYw;g}~5F1S$eu12Ew8oX&u-Gyx
z*SL!PZX@LTi%)^LK}+Qe?SFrXpZu+36@ayQ@6Iqs!RB=*0P~-QVz<#96S|aphxbg&
z(>ONH(t>KeoGrwMJ3%zd*`8*#XUF=g8Yp_8%~ZN$HF@5$JFIcU(dr3@^!@X<2X2V5
zc)xa8tt%I?GkI`HUm!_v^>&K6De56emvp5}eqtE6J!tFhWHmX{o+QwErk(%OJ>84s
zuZ+OXcv8;xqp9bY)AmDUP97RgS<oMg+&qVrViQ(~FJCxSAbS!ULliPH-RUGbi4FHG
z-f_%q-X)_esg{LKbxbJk(jEkDj7-vP9Xy3#qTHKO&W-6K1$UQx<2Qz#h)18!9G`3E
zB@*7>KU06|8%4s=kf*-AwR6$%P5<&CNi7(`YiBEf>WGQi<skX1K#BrQ`tLh_C&q^)
z0Qj`Lu0^LTIPOj*9H8}0Ht1n4r2FB9Q!TU8H?ES*m|i7CV(IqZ+t;Eo%L}s_(3`Tp
z`;%)~X#C*y>@C&@7;V@$%Q)eKp|!H6{dc)G!b6+e+@Oh6*bwpXC1Ryf&X<EXhCk9!
zFZqi9&bH;7A*BNTTPZv@6K<gT?xIBuNM>|5?Q;*FVUZd@nwGxj{*mDNW#A0ipxMC5
zR5+5c{Xio_+D9osz)rs)Qc2EtXk4~Ptm!xpwyQ(tGCmp(&k%wR_ljAcJ!e+bO)K=c
z&TbifN!x@21KYh@n01S|(&d~=ExD!-eN!y!V=U{lh<kx`Xy$wP_2xF$&!HVn=r+~O
zCq<?&4&B|OLPf;^<I%Q%?T6m{pVPr}+yAk=r*Y}V0=g66e_7_luT#&MS^8Xtypa*(
z763st&1wB?e-3<ArYy9yZGXOw=4w=*7%HR4yCwCish&_$xSx}d+ERc#Ai9kdUZ1l5
zpI3bE^h(t^av31s++j8lzKN5ZcFiD}IfHeLe)Wb@Jwd?dgGE9<ypK9mhKP1=3v2IG
zt?`4el-Ccy${3}snvTQo&r-VGoyt!DHR<=<!vzwS9m@|kHksk(1o5rSr7Z2%&SJUJ
zf{26e4>gsy?M3bmyDoF*NjjPfrNQ2Ul@yTkIf&*<#CwkP&Ob>K8&e&Qx9gd*Mde1O
zAGbudg|fZ9c)T{)GZCtJmfCc;72oqDU^!i}z`v(zDiH4dO&dO5jW-|Y<8I&459;jp
z>^1o?wQJOfSYfO4HJbI=$u4~(c09#=Ie5P8ZrK{;PD@#1amMSs^z{ta^}E{8iHx;0
zM?^r`QHb&0yV9%krH!l0Qiw8kqfr@sRKdNX!N{Uum%Feq5P9g!CU}=S7~#Dgs<)!@
z6X>GOI8>|m;-ca9-$LO_b8$k@MZG5bvTC~?pU-*9HFnKb2{(;z^f9x<OC<TOY|RXu
zW^Rq|=QaPPZ5C`<{B<!R|7BS_?&5m-dXtpeo@v01&eHp{P@&azgJn#Peo>8*RMy~Q
zsbU{>o1wBGK2ZlD{CW&vsKmUkB7Hd@?6uN33n`iN!>FPi57Irc$D}4d)d-qKvB^T~
z`<yMld~2bIj9BL0!MO-tmt&T6yrOciWI-SeF4SFD%vR^sKuD_E`*!yKi?LSpGzJ#M
zz)(EMi6=5hA`;Z&x(ktH`$7{hwGUu#Yg?_%3AQ-VTQ7*N{ZYL<#Eg9!x67rkV-t`^
z8`<tAlRoD8^mK1>wSMj1W8F2eiB+*AsQOHSVAw#CcwYHx{GHaBRuqxn3~``?aB!%$
z7dU|VB$uo(OkJZtm*7D9SuX{_b)F}e`$@q<FSlR}4aI@#fUxTeQ{UvBH1GW{jbcaB
z(Ys4-wu3xgW<JFB>h~5+>g7s_u-$c3YdM?7i$RkB;{#ud;m_n7?_${Myfx1du4sx4
z6L_jG-7>nthVhKxfH&3}4ELu<`@Uq!Fve7%qz|4mo4<FU4W2*FcChNre7n!5)u`mH
zY;}r&$=*^L1k0aez#p+7IKqR0?bof9neW}WA@gu>x>~b=@x+u895u~4+_ce%lo5PA
z6k~_V4ToS@c!f<XM`bwQIb=w$Yxjx;skLq)&Tko7)ZYKLvK`@I##(`K?Wxg>d9hqt
zYB!xw&KA~bir{^Sz{+ec@TOb!vwhGkuRXappD;7qdXY`WEp1;K8?h#aAG~{Tt=~6X
zP#fVlJKHL7rw(y<I8N~8mwUcf%tChNyVoB%JY*sDJPo2~1IJ_k4k3P;7aZ3K^2o2K
z*Zd*WGXe=Km&vwjznIU9ma6bZ?{lhaG<~q-DZAp&%Tf&8M5c2w!_!BTd0q^)n4f}N
znP<Nw9+!u8U49g5xY0lzv0U+~mN1KWqH6U=*{ZC3*?vQ5Psxzi)?ietZ*=2&Z6udw
zLaP_o{aojjMcgv<k;QIs`5<anv6zK2ekwk)9FEoJH?t1qg$!xkbGs`iO<QSc2D2x%
zSec|i>I;~#&+wyzMR&gO+Vtc`Q3*iK2pAMUk@K9?g?i9M3=OrLFEv%KNC+pFH<(q=
zh0=a;T|gvI4`L@N(ANWkG>uA1Ex2rt<Eu7YLGLOs>xK{-YC)qlgv4de6a-E%4&QGM
zt;!=jM!1MD6;@fNI;FLUp<d6Hjq)}uf2i*+zeyMI+}UdIAbgpgW@y`5&uHhGTsR_Q
zd~LqA=3%#VLTP~yJgUW;jzFk|*4-Rwb4K0Rd(u1Wpux3`=UU%}MqI7Cb#1NAg;1W6
zh14jl%pA=(BQ-3*&Q8>kIOMqJXonpsmZi;RIGJm@wa#bLonK9*Rse?)bD{;s%$f!V
zqcbVzF=Lc;DNMANt2bY*e650IA8?u_-z#^Zt<fCb9MLs<<$K9uA~6g8+1N~K-Lp6M
zj&e1jIL7g9fu>)|5t5Wc?|e~D?04R|)S>mxG$TG<g5RIh8Jp<3<!V?{T8is8dOy96
zTA{*P{{bf^&jkjkRdEclTZ+v_kM8;zwRItk;&kmSW`pPw<k2(}uP3);vdvpDW{(!j
zlBui(!che0RF-!J*m;WAwZcrFdNs=I3g=JM7%ln4i9pcp`MVn}t>y!f+)vw2Du|g#
zK#>u%+gJ@I^(EQU%#IMUwX@R$<7hiPD?^9w0Lv*8_Zs;`im&BzUrLmoGsUCHiM77H
zC5_WCw9uyVoTi%?6Dos$fFi=x1n!Www+Pxc4DovpcGtP&VF4^-Mi@%<@>;0c3`C$1
zVi3!bFSosFhzq7_T6otW2!S_TwLH2Ju)JrOB7Hd}KG(oq6?L<7qF8g(?uBpCeEidc
za>7)5&lojFzRxVSd?nP{h^46pQ_xXHV#0E7x1BOnsNp`$g3fg>IDdN!VH@`i=diV!
znzi#(v48A>h93-CT|nsa+t`S4q=8_}*UT&q@@V1cI&npWw&!g2T5b2-Kq{zGoSc);
zTavZVL^>d<HqpJcs5C4lVViDmSVl}THBnWrrPPXf{dw3jZDsk2SFP8mr70y09e)S0
zNkWACZ}juV#JXK;qE>Vy-Q+v!aSFt?RLKv27ss9Zp6*Do<iRf(T(Yp>FnZWQhKyIL
zS&EUMF->k45pCe2R1YOURpsbE^j(x3WLWA&U?3Vgo}+68EfiNHXsD0O+#n9LEo5U%
z91V!~;ZQlR5`nOVmGX%J*xNBht&$v<*ck|hjoYNXrkzY9OfyEJH#sVlt**J&4VG&)
zn?JfWPJBVpcBUiwJS2qa%-9kI@=QYRv^bk&_Sk+A!ktxsIX*4Ob!U8{_`Fa)y-7LL
zSNsI3*w$>pE|3LfF{@06o~T%6o>MNDC2~jAnYhcelqo%a1)3#;XEh?kzp~nqh1Wl+
zhtQmLAGN1jC|Ni`UvbWA&Xu-o0n$D@wiEkJ*HWn2Rb{Q*PV2FFCW}3OG~*=W$xW_X
zQ0$5%+vb_N>d&lMBohmQW9MAYtSgbzGXRxc%GG*};amCqR?K{DHh1@fl5%0QW8D^6
zag5$LpP)XwYLh@Y+d2JY$m}g&_emQ!vxA9bqq;9^9kElN>!;VWW|gk}xw16Hirso7
zBM{*mZl|53Sku`hyfkC;*hCILlAhF3vRXByBRsdkTn4LN|4<E#HUQTIDY76Ti{C|o
zJB(cb?SIO)>6)Tx!j)SV{hx-7Z(Geh;_6Ef7B!Vvsi~~e#>i-iuV<`Sk?Q13zu5~7
zYh14j@thA)4x#Eq$J?I}j{Bt3_IV(mdX{rQ9%aP!$a$is^U=x}T+^W1cc*8^a(npn
zMCI$vit_ft*1A}Uphx_7xYR3KEvtt#3q}x-Ys@H`NF_SCbBW4xiDNjt0lHk+v_`eo
zvw&+b(yi<ET;a-tr^w+m1sL~_EwA?lytVL+A<EL`fy-l`^3}@tpH4+k@xTrSd^Tr?
zX+pF&jL2T1*`$$u1u=X{#5Xl!*#brq*92~*JYF7UPe(I)m)PhK@7B?qM6mW+mFu<b
z4^s|LM444Nvq?Sk&UJQxHLFOOl{3F~*R1v3^A+CTPTHg$J%Dtg1(n+lmXvnZU~~QG
z+EKHWw_;qvux`5EnKwZpv=H}B8Dc{D%qUf6V0oqBh~GA2!2t}4Co!|SBj>xHfG}{s
z*^5ZCh`wlX`55Wb)MlMNw#&>GM`2M2C5A8#qd<8|eg>V4=CK@p{;pAx1+`(z)%{NV
zhq<j5O-HZZ>9K@qU)n9%Dd{=s&UN4954F1pjPpv=X*TH|u0NN3^vB%%2c)3d*O#-L
z;o9OI_eA9DnqTXjn8zo}yr3gL&jXS(Pq!0)7d{+K^K);;zKqBm6mE?D&=5u$=^E0j
z*@{`&7!X-^wQD(#xmwMJXOuF|?`YXAW2%zSiQ7HETC5E+l}Qe=TVC-`lb`E7sE+en
zmZz`iue^`(8sF}qb<mp|URXmw<Xj#mNUk=mjcSE`qb#TBl1*~16+{n!Oefu$>aDTd
zE(-|eQQ$FH+nr?>&>cKQye#n?istKeXO(S1r4W&Qt7dk|jrDHsg`J-_Pin~TU{Mg!
zxH0W&E|M4<u8(=^T^R|U-Vs6vu{xYTu>b;9oObW4itdesjff@$10>{SpQZVvwP9#L
z<Xhhil9L*ZAuForDlF<2xmc`cHQDK;1j&|bUYJoaE|TPSj=5S(fbuYz)Qg6OAYk61
zaZ_H5^g4tl@<`Z94sHvvI|YkND_O<$dm4yD5XXznikyS0mpmaxtHrpo-p%}4?zF8w
zyW!Q$P_$=`t4ZCbBF}bixW%%SZrNf3t#HZawPU1jPq3$+qjK%|iKzQatohezeP)^p
z2t*6XBU{yLBk9_88ci<kC2z$h6_?kTr`hZ!_-S&pdZkTk%XAD-GJm1wy27ybEaM@j
zmsJ!crdH);hDP%X;Ww~;nOzbuGg+PA=b7Oa+bv@ktd_m5_`^38-dm*Tu@!yA-<BUb
zQi%+1FOFr}Hq^K_?XG(zPxKS(Qt{)X3P&Q_y?gE2YI^<ELgIS8+6Z+*B*;s(RG+0J
z%ecvqK$I+_DQLzvXzgm&tO=_KQgmnnURk6?*uyt0J*lq=l{u+nx-~Eg$G!hbW{UQ=
zlD_cLhAh30I*vFb9J6#q(bEbOp#xo{u?;ht%k4m>46pdwmE}g=VUt_g^XXdo!;SsK
zO;8)~;LGgof6M2GN|XQdh$K>Hpf^Zbu`<Ws0P%4_&hr!Xb18+(;sQ~4HaQb_*Si_9
z5|Kf1m64_7e+jB@qNQwk<ZIiLL|OBi+Ya{xR%Nz&zwg%_t4C!L&GytRu-GN1={s)t
z&y4wDn`U*kr~s<*=jT&v@Tz#V*}@jxJ5|@mpc^8@)=h_19D>(k{#nDa8`z+tD~|FK
z+%R$GXQA3^m;sC6+cEiYMGBODuJCHNP`77g@i8}HMN_<SpwowxtaYq46A)f!3tgPM
zXQGJc0CM16r{rQrd#z=J=-y6o%&^Z7Are*&;FAYIXyYLFsnlY^g>NqxX6L3w4Yxnf
zBvC|GuO~kn?uBX}(SzL=ZWE>mg@`-Ir%KEqmJOBJ`+y&($ge^CodC_rMHDL=_r<LS
z^n@OSb3KX29{n1IlA_m1_S&Ek@@Vsa*I-fir1KU@<JSI!L%58$wh<dp`>~&NKGDa&
zvf+YygteS^%*_cSjvgSsi&3=C{$x^tm=2TZft8RKQP_TSkIT=<hP3kD)4#;H6bN^;
z{TN-ovga={V1UMcBM$C;B^D0VSJkx_Hz!<%5<a>%Po_i0Y~Xw;Ymm#&t5bNUXeBW#
z_>N4LHW|D3s+ii_xQvqcGYPL(`cpb0v*A%?a`>V-I*9lxl2zucPRNF^D}JC`C>B3r
z0`qZ=tMOdD%Hm4@*z8JY1~*`zJE9ZO9yUuETRB`>;h88^oxf58&MY-~lH*Oqt~TO>
zh>);~XSbd22G`&__1a=C>QmZ&_9eeA02Jx;7l2vx-}#XjFXWX;W@2Lp$KukY390Mm
z+bem_+=9EE{cg1Su+qr32k?S8XAv>k7X4DHhw&0Fc<FCi)fgCSznFiTfn((4^UfXj
z(S@xFra6@f);#Am0pA6$O9b3=x38Jz)KU93a)o=X`mpmBIdTk;YI*zz8smYS4!gbG
zB+S<4s9|aw3&Sfv-28#>rT1GlNf@`rYPx0|p3Nz9onLg_Ih1~-5TnzTG-j1{W{>C;
zBBLLG2yVYJMrceJtq~@f@zL_U+d~;DT0bdj={udW?G7ogv&iRYF>a+5j+FA?CLL1V
zjdSyOk9MP2PY#uvH(qz%dW4>wGPFwA@se9DY^8o=bf-)$KH;qQroV<aWo%UPQ68-E
z%&PSMl-Qix+@FtXJ+Ah6lPI=MI&|h0V;4K1r);$mLC+%XyD@e%*qC|C1R>j9?RG}Z
zdzrL@-B-pP&cglWkAjqL&>v9(zjH}V*~dY7h}V_|liU+{yUt3fGmjNDD>pP{-!JKS
zxoxk|jz`DNyEw#{(98?Dp<J2rPUbI5d>=nJe;gjqw5h-az>skF6=xIjQjJz7j$Un_
zyAP*MeW<c8^%k0w&dM3?%gAfp?@J0MIKQEKQD;4?%)+skxTXE_<s0z^i-Iuixn#(2
zRH=>li1~R?y?oNnkl4=)U&9y-yB^FhC66ei9p&N9m~HmWlzR|#+A+Hz{9?h_d2FrM
zP?E05U_~oFKfI6Rg7;oc=XG~h?*a8wF|oGARdV|%qUz>AY3-w+*Agmj5{tG|r>yYH
z8uCLHY$!+m=yEpOgY!>U$t^9uB+I=mqD*#hcV*BS>y|p%EZfuB2Mr})rK-4POpDDj
zQ*dEE+`K5*MYaw}y?ACU+C|iSsow4AmZdPCTgxQl46krZX|z1oSQF6J0|d$4^NPcM
zZ{a~qz^ZFI=JLn5vq>l|=7_s{nT&b@7o)QEtwC#85oO#bPlUJq?3;osb@&>kp!(#;
z^Ga?gabk75`9voiyDMDKFbxrP?uXp_R#yJ<gC(O%ev5s+NW*#oakkE3QKVW5g1e<_
zR8-p_*jOSFOGCa77JARW@OK7rgPw$j=W8s{vfcYS1?{;JFN29carekP>||3AicO*^
zr81VoSH<Jf(&-A9T?k_!zhx`LBNtIZ@}3ihdSqTmRqGKf{$j|mP@Sw^*!Lij>TyOK
z`=+JgUZZr@Rl_g~UQEO=^39k4Sw2+Q)~-BP)UcWkZP)szP`xpVnn~=NR9PPF#r+ON
zZZ$o{q|vRi-uoNbp{x<@N-1himibg%EY|RNn03IsrsdrQJlkGeUu4X7ep)fqi4qu&
zTpwt0q|v>2r8)onOM=l~rZt37o1Dyi1D+mJlM&159x2aP)?{0Evvm!t$C>E&d82Yi
zvMk4D8p@7DxSnvM_aox()cUzz!RI>Epvs>NF~c3dsdMq}lhNxi3wTz0WA-J6DKs|+
zLr9TQUfhz^Au6(Zh!lAXW&HH84ZHLFw&Jp7Y0Guf2esx!rQ64uKeFgllrx3wE1!ZS
z7e@m=^@NI)-VTkW`q}rH05zs<eONHLX!Uum9N95^<gH$qz{`bzr7ZpU+#L%psHwUY
zsy_+O*_XT<q9wVH-(uaE%W2;47%9P-?Cm*zdVy#Mcj*^pFDY)!t&*)*D+GN;Ni@)H
zH}YW!owKIa%8FfD8^_O5CK4h!<6c|wkEQUAx(y9i)o!%cC8W)#^xZi|ssJwdXkWby
z`1Pvu7q#mz%RMd>Y1Qcs2dKH+x5S<VU8-IgIQ6P}Cpr!-(qdkJ#ArVtO!79a<Pjvg
zMB$O-()Az=zsa`{!NMg6jG>OIR03|a)knb$wSyua1XFo;x+WwEOr6p-FMmYj8#+>b
zL|Ur=Qom2M3b?+KdVhGqxY3NbN-NBO_eQk|xVvb3>3k$b4&w*OeEFY4lOB?dRW0+M
z#-35%X)18&QpZD6o;zC6Ch<TMx82P?8R9G7Y30ZfVj%P2W{)=(I^Zh;S_qz$t2ycC
zW6Rog14e1?BslmelUT@96uZAG#=e*qc5sehv3GIPURm>qkdR%TXI|d#aWqp_r|A>)
zAZYjWjF{(02|rneg3V>N@#hsMwq6S?BdsyUvC^WQ8#h#3CvG<Uv8Y-S*f!vgZuAAG
z5F#ks7)7`$jIfU@Ka+RHK#nKVox5t{CcKK^br6ct+}e@Nlv&Ike%+M1x};!*nBOy`
z6=6UWT;)Bw4VGhz?7>gIs(-J_JU6K$tpyDaBQ-`$@`;LYB<w0WhNb+1B8@J>4T^sK
z$l-khKQI~IOxJA9q^9B6%rfsJJ|C<=1VUW*=JMWg=4o76XUC}0*8Vq{t+k7m9b=`I
zE2fa{CB#e1?ZNs-v?c4&wk8Gvm(RXnF6~_4YS@wrFX7kgNqU4G7Sw2(_7U3~Ty|D>
z5btRVikDh|iXHD;Mt!oK2`p#}`wWY6D&7zrgYGVt8hvOs*WZijAVtPIfV4KOR8um3
zZwL)jwj9<8QUN4hPMLJ)E<B-X;d&1ZNOCtQ*8j@l5zVmV_HG#?mzpb8yq<x4769Y5
z3HZ8AYAAVQ6NhIFrw}&(2KE`;0Zkt1zIM(bz=7=&SF2HwLg$}iEwsuji;HbxwU`>u
z%xUeN+UeLoj9nMhJn`LnCZ&*}A*rGZ2`Vyrm`2LG3rop0nv<u(m!yXjzp@Mn@R(Wo
z4!mNN!8oogvBX&uDN`H*CAC$e!Uc&J%xYco@R4plkagjBo8%&2j)?&7&b9tM%IBg|
z9?y2-R8=}~EWJ9_chuTkeb#49YJI9E5&0p$T2;VT?9nTb;gD$P=*+)xh4aJoyntEv
z(ziP)(nGVsT)QJ%lHXWW*@QYQ$6(ji#T_yz9xHldrTbE3ef)1bm@Z=>sQ39%98<Jq
z??t>H)NaGmJ^TwoPLsQVD`!vT>wW)IBlF`@-AC_}1y5((X5{n?o%oKg<R5NFg(IQi
zs=|vDA%kCOr?M5AUumkh8^5QKaXQwXeCO4x9*gDKP?}ltvr9dH#8Ondd|Z6>#;i1f
zx$?cQ$e)oCE^w-Nx<Z9i{)@-m7WY{;Szh`$&YSxP5D`;hele-e<+d3gJ4Wvz(s{<8
zNExNok0w5qS-SGcD<p4mxY6Ch3iEPoUn2mKnYcgN#>heuD`+F4-ac?%ss!GuHa29{
z)9*$gnGsEqb0F=#6n@pbhSQ2V;_`a&y`m>J2GtJE-tHiF@mkawh_mF`;S`p0QFM4-
ziJ5T-tb;gTuvDB=qunTujE{l@ZkWxr^5M%guQohD#XZ<Lm}}o+ZIC2o0Y_>@<+;!A
z{BjKAV-kyYoeps(WZu-*coo}^fi)|8<|F>}%~u*iLM6t<-!&{dn&8vX%YcU06{E){
zI+W+BTWS+mV>RoM&R$qd%5o&qy-aYJ!%w~wV9Km`>UsS)>@5koSAZWgZrGBCk-_me
z4<68tjs5Xw9xCjrN8*y_WYQ@sAsCidyd_2u!=9cqhJV7DNf-SsXn%m3O}1ghsC-+=
zaAQ)m)=U4y{2}mV{;Ma_q!ZvG;hZU?<2PKJN1v$!crI7-IYZ%;D@@4evn7_ik<L6p
z*rsdR^GDp|Rs@AUQA@0-xenQ82?Ip({R*3ao5Se?3&weDozlJ3Mb%?0$W#6Thw~C*
zqB(Ii2fVn@$@zDPo9y<aj(|Ba2u=}E3V>1uSrsrcx9q*&y-s<OJgp_63w%DQnzy*{
z=eYI+cVzVB5te~sdjI>Nc!rX<@yXE}H^KF=`G^GXZ?fShY)L>l#ZsL15cSN!V{l`j
zQ;p9dxO!mI=xJl7+l;|+jLc|~jEJf+EsMYJw2)1=+mCP(eoL>S(h>fEp0<=xr)p6#
zYfP7+GI*lxD0`O{c%RfMx8Ei14zAya%I~Ps>#zbk$%Dx(C;IQ(=$RpSF1B9cCjr^N
zpFhC`#tCRSACS(8e1Bp?83fn|-?E&vf3p$&Ucdt3@$-eKwzM|%&k`#IAa~mMS7g6)
z%4IJC^E}t)rG`6p3=jZo%g6});DItd4=Ph)q>l>xqYd#FgEIf%r=KU}%ri$96Z>bo
zHsIb3id*>3AK*{m2j2jbGh6w|C-BR|hu75a3=S1dvJEM+LHX`cn#%w|bfcDj<Odm!
z3Fw9%u@E}@Z^`^D67jkIDJIRH3<+@MxLMCKe)mS@A@txWbn;QuPeOoy3v1)`r!7Am
zy_n(<tp_NB>m2X-3wQ4i(rz$ciF?T+_}}=o-CTt-srw%os0BAhWfe{Lc<%my5b!@#
z5MysoZ2tRIKQkW~25YGxIIX9H6JV@bNuZ0!`QB#1t_vdm3l}^8n`=P+5C5)X6@Iux
zLv2-4!ee^%vH;WLOvp6XO!x0W?QRq}NxqxcDw+N}$d&)ZeZ>N2UM*`E4OTW)=U!WM
zU?dgK-i!Yq1AokfEVh!pw9}wGn9#)sC}w@uJ)Qc$PxQtOu!V07O8lr_`=8mLa3X=o
zSKc?0H`G=G(fG!XXxyK00c;DRwE7D9Z=&-xFm14<pm*;6pg`~!I8?!>82<;H^#9!p
zH|6Ja9Ip~9ISK#`Gru`cx#Zf<WmEvEbz0JwivQYtKY#R><w+&6;4ik6<p6aO!G<UR
zfopLm?dRGZ0ul#2oMiuvh*LYMDmV(z0HFN~7@@Ov`0*c0`}A;WUvy^u?%bU?wr#~z
zp8U$s>1fNs_k6EEf%{M}GI}fD>t_E~IyxkfKp{obb*&$x`=oWa^Dc><{jWmL!~cUY
z1-jd)4OVO=b8+X$b2oxH!g^L`WivG7_>W31Jdn<cOy^VHf8t^MlnyXBx}O+zl6O8#
z)3J4*J!DNx=FAZMu>tGA1|$$)S1SIubY5s3>e_P=X^C^~Is)geR$Y`-t@uZC;`d^e
zU&4j&b3Q%jiZbE*a=f#%T+uYxk~=}>DtTnyakl^2Vn5ga=P%^@j+IdH06o%IOF8lz
zo|PZ6J9Kusv_64aA%7|!^yhQP<;20CO7rK}{j4(l`;i+-@(B`=>p=-c`Q<d8G8U-O
zSVf6NQ%c9*z+(R`#}k7B<D}mY6R>Z>!A{hmD@!H!cPsbz5W0Cl+9X*Rd#Qz&M<i`}
z05Be&#ZavLhV|f=7p@((4usP>$=J=(1GU`M7t24ZvvsuS)&I`w@A>`p=|<Lf9|O!(
zG&c7+^$d>>M}@<GukkM{`04N{fJhH%309yq;=#`Y`1e%){pm*Kp)QW#N|k;p5&3@K
zXMF27$K{u!kOIaQPi?_Q#ryAX``0WEf4n@Nl9s#YGH5reqfd40H!i{7o9IL%seqzq
zM{Xu(L24LB!TW8K@qzzyME+u+)-mKNu|3{mR;Pna;Of=*6o8%2%qjNETKpoWUv|5{
zHN#&DHr@}nb~0K%0N65?HxM%XfAaYLW7#~&y_t|=scm5>*0cKm_YmjLJSLeL0*6-y
zKZd4-vCyjrI=R%H9{ER8)_=(FDEobKV|mXGdwQKQJ4o?Y@`!d3Fvxc7|A&)O>E}*6
zv$SNN100`Q1l`Ab|L1!79h$r1_2lT{4oUUN$;l6um4J%Ll<xoBdF;bSGBlFysb<@g
z_yN>!eo0BmU@B0Q%6kd*2fqt*ehx>z?|23EOr^7B%MnK7`!c6aodR?ryW(Vj{9mtq
z;Y9*8BYwkvXBh&s6OKF$PRd7^=pX;R)_-qde`^ph%vjBKyaj-K+9FbhK?qR$xeTGe
zhyG)Y|6ULBODE{*FT}+Sg(tt|c=__>DQ0G7b9LHa3jf(z%dCQe804#Cmjp4Bt@g)J
z2<%>5c(^U$gNk<z)4P6qy%Uc~&obEA+lK*2<n>I+{Z%V(_y-My$|S||#ZxJh0>Kwa
z(MQhOeX!|O)?IJp@9DW)?F0K01%Tzxtb_6aY#2&aRkf$Dudf`yWx%vH1Ov?1xw~(C
zp)WgNi>|1+rk*AK0ro&NwytoI`Rs>*{p($3$ErgAlUMw3dWGwx-@bhl;w%5OKjk#p
z;eNgK<H?UXIWevmmAL#+e?~(Gt|_=}{gI%_7)|dKF3aC_|DlReS>%ws;WbB20lVA}
zEABZe_PW=!zDn#?$vY?AuG^Ec8Lkppa(@TRxN}PKMbKoMwi^5hAq$Xf6(XaPIhdH@
z!sFws^d9&3_v_xeC2%L|^aEm3i<Zfi|K@%Ho|h?SDp4!J?8;|Gjr{y<q59Z%T>}I4
z>)L`|T5oF@G>@vQsfj6!o>SFSFOGSqFjK0ObDgk?+x4aW^GY+L#sD5bpTDP}+2oLO
z=WLg7UnAWO;pF60i}w`Yl<5cm9}d^#fGI!Juyop;5T@dyBvxG0J))sgiHl-;E~7UD
z+5?!7jAq_NEDH)SUoQuFLqP#yULz+biWjZ&0~1F9Td2dp6CabLgVxlntRe4!51Y(d
zPo8|69lX1z&e8qhKH7eE+8k4OCceJL(>X2@LPOMHt~vO*<NvkG<jqbu3la6Dtk+IJ
zcP!Eqmg<VP`k@n5ih`-ce7XDM?9g|b%;L@Z>kwQTUsjflCC?Tg^jLzi{v9S{Z?`)e
zql&tEx$0{#=9w9z^s1`MAKWA1du*Jt?l)CB73L1~Qj4Z(vUWDA3da&#b&|#1%Zy#R
zmBhf}T<PNlJ+rN5#Lkym8@Wn#jUN=okw}~X46O+fl9B19$Q;$-+s&gtQ0MEb<NUn)
zOoHh*D*VKGl6Ecd2X2^xRT~JL=W{`)kO$7pqV2nehb0rz&mp1A)=yFKKG|_C@waa(
z+*c;uO{Z+XJ;1l6yM8fFC;Ih;*_U6gS~>B&*>k{Xit2uwr2Fgz6;RxXt8|{m*AWq#
z!~M@Nrl)lVa;Fsn0%OM^Sn-#On(UP&E{{Tw_=@VtJRZNVIwJN}d1oLGZqpkWMrU<m
zfV;irH#WeZ^~|55Ub*eMmrae#mBW@MRu=Nvj?Eu^=ecu4Ox3;-*VREL>0+Hv;}sbd
zrRL*fBG)$^?RAg+>eUwN2-&Wtpn(Fxg@qOLM$D7xx^_4F1Rs0$6N&Q0w`<lA<Fw0Z
z@Bg|g%p{pn7pVL~7{%lOEWL?r=XG4W`1SB5x<cOzoD7P3)oCT0%<5I9R)HM?mrSwD
zV%0%43qLsA{zv=Gi<3TT3Mt3G^RJ(so%MA#8&R1jciGSZ*Bj9m>UFfEFEu(F0%wK@
zqE|k~xiEk<Q|dR4!(X~$U%9(@lrIX0co!Kh+ngIEJuP_dr2Zd_hj2E6)k{LmIs;iR
zp-RA6aY#xqxF1w8F!6CS$Y4%|)}mV?dQ*@|raZa$Lq#*N&04#^cBucYQ%T5o-}xQq
z36i`r$mmcp`-ybI3t}uU(dS?P$z4s;jNvE>swiJ6Sj&Q#i*I1jaZ@zygjwdd>kQm?
zDmV%d7M*<SA2Sc;2|HhkjAV$jpU5bbzI3Fyoj;6I7#~Ctg*ubRp(nwIOZ-j9vKua6
zK^oxG^2~0uNWNk$;qeg)cki#~x?{*cZ;k;6TOFdbT0Niw$TT=_9vUeaK$cqmNGCaY
z;|9pBsQB+cy)M;ON)ZtpjC$r%!JyRK%Ip|`l-%DOe%DX^vU|_hwBr2#EXZGW=0)n^
zn@`p#X|a&{KSqd89HS2Odm(Uv=R`gp^tX|-Imumf<s?NSGn{$s<cEMS?csQX3>iR4
z7uA-V>o8QGQym#+eD^Mou;n?v2yV^jL=p+HhRWPrjc7q50Z7e`+zzf)NuiGGRhqv8
z3!%yzt3Oon#HY(a;y=2+{u<HzDk&Jmmit%h>bma(x`|%LuHu>h8W0Q?aUBYqpyjCs
z&Sk3iOq9V*Sw#s^(e}24M2H|r`W~T_vU0lq@Ll45M8wQmLtXCz{qA%`=nP?RCF&LO
zl~$;8lw>CG*)Q7-xTt=+mzAIIbcgRZ9+3aXGe-^XU&(&EH_;x1MNk>sFJzN__pvq|
zjEg+-{jMl>t3606b!k?|*KMq~mZLzFL;O4w@@xr<>9rn9a>#JWtun`<a||D8wS6X@
zGq(0+^)7u=vKwe7j%}yp-Ye~)$Z!stK`KzP@qw<p&3>~dGbtZxYh^zYis8=YU8(hA
zj{xTRfNX$mv%>F`uiW7f3)$#z&g4D+Ylv4avptlnUHEH=d*9R<0*!)i%Nq(u7F5oj
zmAX^JvgL)$uP%Ky;fqc@k0y7djQ`}|V}f8fop;QuWAc5d>`mW|_YwAH06ve+6Tm2G
zpl8K=><V`Q`++#j*BW29yU2?JuuEkUTwQ@>{5*ehyi|RuYfCz6^px6#axwI`Rswe7
zaG-K`pU|O?fL;BJ_e#Y<$6YMl;ZZxvgAXdd=!8G9;s<BOc@c!2XK<~8p(E#jEcwq}
zRhyiesun46dB?Q43m~NhY-|?5#r1QisW;*-XJ5z?pJI@v&=vkonoXy%N-Om{cOEO=
ztxl@|UXI0P_UWYL3r+=eR=+#=pSe%uf4Xn5!XqfCy*2oV4$wZ79Jr5cVo@zU>FP58
zGGbXx{9tQPA%LP~V_|P_Z*MW@BHVrmUWl>#epI2Su5fU4H>s9%4iCqhvIKWkXgN8(
zLL30Zo`j;oh%;{&d5u>!MJOV<8Naj;=)=u7x;$Q9rK>1;XDDlGDo8XbnL7Dgo1p*d
z1LrIIEZesdt0=c!uSDO+uf8;vvEp2xMATH8e?4#?eju1j?JjQ^RC5?EBuE+MS1n#<
z)(KGwbn?2HLCqqmvADSS!MZ&=m8~7LS5ChR_JxGj0cdaYiO)xp%95@;c*lg^bAq;E
zR%;Z;V5_5Ap?Li>)NCB8mRc4Ea_mv3XT~o7E@1KhNPl=1{v1@Klew)WyTiaFWd34a
z<mFgTPtSQ?eZCmrIGdV!Ehs_m^yRU+bk!g7N}%_W0SwjtdJ0|8C_9h=P&G1C*L?Rm
zRaG5mdh$&XYGN@_TjqF~;g}|MF0J^7d&Wf%fxj_2{Qf{WyBO@@ZUAR-e@&G#1DV=(
z?J7pmS}(rMuK~j#-VBq?dYd^$b&kh(;gv%8+f%%a>6*9(IZ8rh#X*cA9ACi+4H@1&
zQ#n<6%yT#3(?MBftZd22mws@Zbs(<az|4V|+%FjQ%!hVnq=r;gQ#0xfvv{nTq|sAf
zb7dCSl0=stZTqHgOhkMzi!T{hy}5|oW1`~h^EYn~@&1!xzP?>^$TnnjeL#?kt7~b?
zJAq?WER^4y0RN5%e||c+#cu3h&oY$c(;<OdZm3&sU7~jJ*3*k<OCjctz=#L_v<vt>
zDjxipa$;m6A3e9$mdSk!i*!Dt-BL((c^<F<WArbh{cxpnEs+84np+msl)Am2aJl8#
z(`Ag3tcKTO{cx__R>(BHh~-OX&nmHcR9+|S)WyqZF7@txw^(vgt2UJY?cf3c%Jns}
z@0%}jn-7edHG0_IuBjmRW#mDn6Yf%GGdCOTJkjT%G<6t&xnI~K-fa^Wm$B+tN*$h8
zC@Oj))I%Ndu73V>Ys|_O4;GiN=YH2(xuM_>Ocw#fHoSl>ra~Js@%cHf5pdo-J#xIg
zPC`84k5Ntu>n7@TNY{IxuOmbNmOj`~S-Wg~k0W&in&Rf@SWC?$S<-&Qx6(RIB=(Xt
z^bz<4BJ&iW2uaXtk7TMYq42n4r+O=Z@9q%0S#EaB#`N7d;}e3=5Y6x!|0iek0+8CZ
zh8JN(_q|jcxG#?(u$zPoiTBf{=N(9Id8Lo6>$>7ubp;(+T7X<prr14FgS)_-5~dzh
zdg|)wU1+pJJ=^#;Z9dn$3?Q32(-b{xa7c9%Ni&d61u@NA*Ncsogc+nj>CA8F?BrAB
zsBQqP08gBG<<>Bkv-`D%p_!TB`fPiIGV6|2&=;#D*XVPe)3?g<Yif);WcT=nfWIB|
zb!#q(JQBLvn<Q<K&B^&Cp)vy7Hu5D;aVwgEu{Dqe>ouc94>rW3g;kOnrifEB@p|x!
zS50peKTjckyyqB?lFg4!I&%Rgc~x&q*qImmc(C7<->E6d0`9Gdp6&&AqE<fQnp(+k
zEsIkVjBZ%gnefAW@((Jj@L#+Pu#Z7iD6Iv5e3~~<ufx+unt##)8iVoF`fvwQgoUMm
zpH3&`+UP3lrOZU9Y{Wt<0h4Z7JKOIjGZ>mkLT2H&Q*6;{d1<ud>Y(Mhpnru5KY!ei
z@>ih*$)Ot1d2WcBOHL5Pk2q^*Hld82^OkD&R<>f5Sv_x9c6euxemg|)2ZRJ9Le^dK
z^dGgt^DIpV!BIup6(BAHwuU>^Q(r^b1Od2L&1k{8aDj29ZtZ3snMKbBRU!MqE8XLp
z24?(kE4eOIm5HrMCre03ICa%iwpt6TSvorAt6FD=zk7FnXQ^0w2G~AZchmCsn$<PN
zHum<Bo7jPtR>3+x0Q}$-v=a@QBp4937iDA=n_jb671;D=N6j8EpSQ8e0-+tZ`k8WA
z$jao@<fQrdr+T;IT>A(gLR_3-hC|gnL+Y-q{b-e8cH7zzAzjL$v;gcz5X5o?3N<HZ
z!{MJbIPT5B?qRmZITSU;Y+hG>z32R<Ui<kXmi-2ATiS?lAwDVYLiKBv!X$+Gta9x`
zOQlQ}3`{>n<C47$L5>a8e5ZJrm5nFWd-yej#FP}%!`fgDu4ukam<~TmW|ZKwx-soj
zC^SN10n({8nO3ds;u!nJjX9ZIfYNR(41@19{<)Zo0lAjSm0e~|;S1`~{6>d7DV{NA
zCu1~COe|(^30zuqg8ud{<v@u&oMfh^Mw(up5EPevMPE%_-Jz+dLjr9mvG$2<247d#
z$BH||GCOTxPZWQ+yt)K1aBR?|eS`xM5s~IYxC%3(SB++rxcnY~9vYq~7iC{E6Y26s
zJHR3Ul15XV+SV8p0`SFPkI1?RQE%SR;65KGMnhK*f?!cg;Pm1WFo{DCszE}-^I#J-
zGhjsQ$w<O`ZTh-!c0P{z?nrJuGkY+h(!zA*lU8Y^^#r4(Pbvcgb-4*_ee)E3?6Swa
zDMZJ;@+H(dOzgsi_oEkW?%%_LKi;mRHaSTi=z_aN8p!q-!Hu~mNCCZNIQ-q`FAs<7
zR)+_e<yRdH2Z1BA>l}!ietNBvxa2Q3<>72moahUUv*!_?(s9?NjSJ^7NJ`|VvfQw9
zaGowr7(O?8OMYh%5k9m3NQm=d_Xn{A-0)l}E{Ge6F2NQsA9}geGjqvFbAV(LT}Tmm
zT=}(7!!^!k&@;GP$eHF*k(HI@G?Wgz;>;czo{_;-IUAp2uTz;b*OR6fm|(WF3uDzU
zxYyl3d+v9cp$%q#5Nk-0O6{*T%sf5rYnPJ@BS=*4tyD`%^3D5{kL?<C+dtwz`?`PW
zemjo<AD>7AU3mvd_8!1oJG%o|A-oT~$V%exBt}PbogFl-^F?rSUsTPfx@{Mx*$NEh
z`4}?-x0#ViH#>f3&TL#Nh=NwM;Tp$P1so3N<ACv)g4O00h78|{9UpCa!^|lvstI@(
zChhQm!vU!&J~}UziT46mPIu2&P11Z`ys~r_+SOLqqUToHfOHgM!r75&FfP(8F79Qo
z+N!Gu)5zQL-M|EGZx8I)Ft=4SsMqZv8E>y>868<Ka|ifJt52t@^6Q_phi?fUX*jNF
z>1xO23`yXQ_k$CAfoGXTnbAC?T<Tjik*;kw^D6V{ahz9iB+SP>F3!$#uX>6Np!aR0
z%e6(e^$lPORt2&mFfuizSVpw6(G5_XbK#h@FeC)v?bnDjy}rdd;D>9z_2@>B{#~2e
z`ge8XURCB6RxKA9%`AzNsJb;ak8#=VI&b%kdDq3wMetYmccH%Z=@;hmfNusSz@7N`
zX?opUa`g;A%||bMU3<@VaMyRYH)VM1EcJlKB)}X-Iby?l>b4sNXTlU|i_m~_BF)&f
zKg!KSu7>2^=s???)arh99NsO!5qVPC+o0px6gBgFFU$b&QyoW}Upj<874q7!h8{w(
zUw{GdGjGL5ov~LHI{@?)T0h`9z>LagNRV(X9dSc13t4Jl>+T#z1WrIpqYrkU05+GF
zP8h*is{aGUdVUS=n6S&1RoNI60ko(2Nt2cqCidqSZVuaZ@lC#Z1^Tx>c0al(EUXuQ
zHlb~8#%xf&i1^$qpz2=cx?sUwf@Z=r0{CWo7s>M6NdVBCmJxAl%+IN+C5%<rGLiMX
zUGP9NSKWf5=+Sh;wzH50zThFZ6aI9h$Wi6Gr3x1b%aq&bZZbgw<UxU3;)7LK2D8?o
z^W<<q+PS>WJN>fU&O6A142f#L6qBQc3|ENDtDo+SMzzM_w~`<9`Y^J5jshX~rdx8H
zl(J*x%$dD)W^mnLy&kNjT{S}OlZr`PXc01>KT)|64yYsO&T7=I*20<r#ZF~!W*4>(
z+YkPx|DA>X=cn$=CxF|L9%E`bdzlcOUI+NW%v-`6r4IfSvCj3!$h7Sv1rht<z~kU`
z*gXr7RjCHY9w-m@rR8)=%-NeE#N~4o%xQLa=@19im;)^UY;^@a3$S*D6z|GGP@xjD
zcX#>=d@WFneB0LnuD_63o#V`FVc&}YXFqo|QP?U(8c_8(ZFGN)<$%K+@CX2Z%jLYo
z<z4~F!aH|J%nibzz%9kMeM~|PO0I66(%E{V<f8P5R#L<DJ=Hnb0@XRI1o`zB4*r&q
zPXo}RvDCsQewW&r-CeI$4mY1K&E2!dDTc(#CPEgpjF$V*W5iu9?KoRs(@B5>6MuS{
zpNUIFc9^`i6i_eskXN?W^q(~2P8~T=UMo+rYLTT6w^xplu2C8@?ja;C&GXH%#c^@B
zs}$dH9?Oq5nuVk^eL50}a&Qdi683T<d>Uxm!!24$OfHr+JaX@IhoKpPpWmvp;!ZN-
zPevI(p_ng1|A|fngUoshm`L1q0K{(fW(RPp&#=Au@7O<;jp~L_sy84>Y6YRx(pulw
zbIvX*cSOhc%j-rh1Lr{zD8G2iLME}zT^8au0Q0bM?*cHQm#pG;;!33tHhOVDIS#rq
zGN8;q0@g7#+1>dI)fi#}O=DhzHAHm1Z&A8S@^+b4yGIif(W;=O?u{eH9dqz*T>=^~
zK8C%RI`a0O2Y$gNRkEb?3^6Saq4)snylUNd8(65;=ytfR#aBJo#V*uTlXl^pA;K%l
zUVztu{=|x{(Q-4?kqB51|8k%El2=;=8Px)~oAZVS<D>Fc5wtJ!TE}i5<#8w4RHWr3
zXwoi_#FT~%oX{w!lNM1TtV-o6TGXxGDm50a_K^n#Sf--R+{CMDvs!L=wiZ8l$cMBG
z)blB_a?_<0zC?f#A15KmHEecUe8dC6baUEnuBKN#ux89g^6Y<yLh^F-huSP$-B(bO
zvm{#XU?CK@keRaeVkN&?D=JGbGkzy{T?4KgVs2s4I$j@e@#4kCEwg*~F3ar=Y5UCK
zD6A3n4>2T`7Qg@rHE5YxxVNXsnGwE)LYH>=%lDN4PnUJT7vP%0%T+V6FtLU=TJhIf
zEZ@0B-w=K9nOw>oPH|jYX7e`sFT>)FJQt0uR}37kgm0Q-ybq${_A0X5JrC_{J?dP7
zVQ#$v(MA!WFgjVP<i@%z#^NECp@kl`%q=i7csRQtVDnw#1BViacg#pXm^6oOO-`1=
zpEP(?uh4|YL`Ah68f(JXhJt+Mp7zv0Z?SpZOOTy6*tZL=*-!%4cZ_Ti0$*1#fbQje
zfkBH2afq-EN@_;?9rEp?BftEqDh3mIv_puwJUxLbr+d2`f-PuOp@<~zqUwe*7kAgs
z4fw$c*ZUw7^MWBEfe#1cf@Ca^43!%_a)TLwy6#2I_9V<LBf-tVC46Dx`GsZiI{kvh
z?F8B7vqirx%n2fWOU*;X#neRtp!Bh9+ol2v=W0D#fQBi>?fl?D+CdOb-pBQf4lP6K
zC_u?=uW2<v3m`~l07aHgU_4)kC`fU|SrNFpE}@s*mxu3=52nSnePzLu8L7)l{Gt2I
zO*{5lW82%&vmU*C=EQgYhBPC#m+lqcQ&UINE@NpH^Mx9eAq(c)^QsZ<QD450Kk*+~
zDe1?4E5p<A*d1(ti{QK{s$^?xJB=;47xbZ1sKGH*qyb`QShm3|EbaZ=WL1-mJhGZ7
zLfCF_k+5A2A!|t5B+R8)wv=;~*RI06yn}1t_o3{=%sTlWZK9dmrI8Uq+|4bN>8h_6
zZsSdMzUX_-VFNp~x*?0_PwMDPCn@d#FmZYst{@pj3Gs4y-CkV_6V)OnZ5VXd%RPDV
zB{$)&3xVp;tL?PM=OraAOY!rYfcpbg*E^*kA-rraUh=y>``sFOPBNr2%cc+gGnwAA
zwOhkEPT0J1ikYki?O-Z7dyqqv-5w`H&jNi?v`%BU)^R$C&X5=xm*y`zUQHxW0;K5o
z8uEgV1Dy=WkO0LqrTrQ3!;-B1qz5O5ZBjjUa5GZ&8HRZ=#!f{tA$~a8%Fk}{YHHc9
zQ?6W{U$-%yOaO(`5@XDLCXWK)19(xLIC!hb%h1qun!M4ZGA~-l9*9-~C}^VhpH6H!
zMe`AK7Z+_UraxZg!pgOBGKw`%3Nn&c^}SdD>f47vl;TtJ-B}(;%fT4m=8ciQ$9g+6
zG%4l6BPaR~X}8Rq*u+b0rbv;lT&CV%oo9sR4(=Jj(1LLD-R%MPjYXO_xG5tjDsjZY
z@g1f3`O`YSD?^@JtLW`*4=JbXAULOtH@iGEB(cSq6oSUk1HKilD8Ox`Vrb8mS_e`a
zUhmY=${}%~hI8fv9M{#_i4&>+w7P$1QNP>Y!Uql0Tj<rWzP{VS8jnkjJtkJ|$IFYY
z(o|LIcKZvKI96-cLsl^%hv2JmvOZO#L;zOa;@o)%>9&`vX;41uR{feuI768XDUR8<
zij($)_w@}lzvNErn)Oa{*dHoMFdx37ua8vaKBy>GME9T6aa2B4#NxTru>5$@i^NC_
zQdS=qBEU67UA_`%Z1(UWtE;PPZ9|R1=wbL-<=R*)xvFMwpSUFH8b4ZEX8q>ix{~{_
zt@79wsQDBf|FEuzWk{E7+sb&uY<?J&xLKhV5i2UWAU{yM`=#buC03klDXdR)li#VH
zEMX@24wu@9s>FgHgT(3{)9k?s!}3bikm@Xlnyw>}!RiUqL9j7XaZX|Vl^xBHY1$XX
zh&n`tmcXvno;^`ZYm__ZGmB30LqbP4Zb?|X6(CtZKsCrtm$vTqKcIVs$}eK<9t|xi
z5gB@fm$7IuP?t;+PR*I?He1^buI4Vzs`jG!eI!ER57gQw0Wd+T&wK(nMGQdnWmG53
z*us>GLq$(W*}7mKR|7thfEqx*wY3dG6f-AhXU#B&h(zDrPRXUIZ(oTP!n{x+#T@{w
zeuiev_Aq@t{gOMm5IYtMn1g~XAK4jJJWd1j#_C+??Nh?A4Fxw$3US|R2SYS1#}e28
z4t=?5)jfN%&ioKRc*Kh(-GJPPOpQ{ehB1ybsjBS0J`pBy-=}#vx-Y;>J!?JS=d5f2
z!hPK<HKIlyJMeUHJ3Pk4KGF}4&1$6-Kt#RzUgM@yMvKY-!F6o*^T`XY<p?dv{gIWW
zi$Fs`XB9l=ZV|?@k`l!Fj({3r!E@{llwZ*ia+b5&wY?xPU!ex+&nk$vW+c)5dUTR@
zWxCRhIkVcm#^rTE?A3$3XHtjBB~JBgs|!O;0EQUtn$&SE7u-P9vx3{fgROSt>DKhh
z$}9s}g9D1r=3DQV%dPbJ%xv>}+i;q{tJr#Xo4to*2B2d%10EmF-O%BCE=RFaD-|YU
z3HI6$CK2nf{T27Rh%5m`=jD4KA~zC_+PoIyle?_-|Fn0VQB9@YT0v2opr{CnqSO&F
zN^_8*4MjSP4FPG=2?@PdD=GpKN(j=Vm(U`i2T*zq2!tAtUP6)3q~^XjI^+FD*4*EB
zef&DClXcE}-n#dGp1mK5x!bn4N_}eCEb8;>3R-0cLid~DVu9#sZL3`R`&nQIWe}MO
zmjiSlW58AlK?%npKpA#@;3r({hi4VDa<umO?hwyyeL6%AFx<N7bZ-`v?pJ~ry%p`z
zkSQjP2G$2PH(z35Wi!F+mlat0zp#hzm{8s(;AHjZ(22%5qPN_lQTTfxn@Plk7GhA=
zR(q|a<1T(224W-8;bs$RV)iElH!jcMt;5+$Jky8Th^u}EWN<QDoUPu^a%}8b+=SBa
z(2-m(3|a#ot9L$A3>%m=CoLu0DvE00^3SIU)kYa-YR(w-%zz-8N6n-UMBN7ilQL_0
zS?)t1h&f(aYt~<hHQ3#_03hT5Duk~q-aZVK(OGv~YW}U!+!7IJUjLY!rRRZXS-h{D
zvR-q|?K884mx}V$B|cBfdkR00d;SI|AMzi6?j)nr07Oby)R@1BgiiOezv?NnPefU)
zp4Nd)gu>wPkVlWac7-xPe2OUbHY4L=F(@HF2CDn6O6GwhS~KX^k;A1pp!)0%rir|N
z^;sAO#RPnYUf?q-uq5U$o66{HmVzLqDcI6F?g$H-qRKvhSTZk~!vmSqMGT1Uqo6}o
zgz3)&i`ezkhPhiMq->;Bhpzt>f~U{$5Tu?p&KK^lMUYuJ?|)|GG_QMWv^cp<j;YV*
zFu&fj=f1B_iT9};jDqEiHYw2C<YM0ieB_+e5^gSyNFMTnJ;H>$5KnhvC7SC>5XXdJ
z7AO%hu@^xT8B3@5czOF~5=1jwB+AnJVOZ*gVrsDSvFJ_0g94!2>+LRs(6+h3y8uEO
zU=go7;I4W7iu%APB+D{loWyRrQp>9>RDq#aQzZ8cxG8JGy`{G%Z>$<LfJ4n=cCMls
zfve-`HRmx?cbNBn1M(0G_S@LTdAm#A+&{jKZ^p_QkQR=smoa+Eh)Z(adUk}v++UJk
z_g#jzRMn$lu31Puz=@QT*^WHgi?Aa9P6ohRnUojO8zIpS<ObfffvEH|Q>fdwZ`Xrz
z|3=ROeTrMo?<($bNJ;SVrMCDKzD0$zS2ne_PA~dl%ry;-C+uA0>`NUzkb!}L<Y3<c
zE}()@;a%#_z;*#liF0#ht>rNsXiLAXmjaiOeSNyX$||N#y0Y*xAYiG5=f2fogIQB~
z@9+t39-gLZ<t)d@i13K0^$&WZ{DblH6D?+lP+?9ZL%jl<kgm+TUxesOJML<Z?5-Jf
z-8k#<m*tbXy3KCY0VjRVtE=N2lXP*4RE-&Jj^kxq9b?thAGv+>QXJxAyKSuyo`&c!
zRw<&?jiR+4BamJeN0x4F4lx$b;@fnyiivjgos@%l;@gn~fJgxF9xzKmm>Gl=`r;_h
zfv2r^5d;T%Z9~G3=ZNZ5;-EH;F^QblAVXe>sd+7sf%0Vs`>elD@ZBqmD{rm$?PCv7
zmY2Q#7q>%3lWsY}4>Q<dx)e+VC3asm%n&<*o=xNMWU|9Lz%FOc)BthnrMv3{K8<MZ
z$!NzQhHFdB)|L1Z94a2I(Y@x`6Kq28fnR%bjUThAY)oeNwGN{l#i8xPY0meoDGA+9
zU3awmi9kNP@V)WERrWJG(^k^h?${92bQU69Ks#y)9|Fb*E4Jw@NBv2fvW|zHd`DA?
zQ+VvZP`;Kuu)bE|>3YZ+2V;L?#PugErqA;+KIe^UQR4Xw>XmCgAGqH*4|aB5qG$Co
zXIf&KsjaP60jPs;z7w>z{A{Puv*N)bWBpQNEEuazbu~4Fa%k#Q2KrvPT4R&Mk%8po
z<fb0`(K-7KgKXX6f$TLxFo=M%-6-$TqxIM-F;`Ow8(mcou}VC~!*jK^yFxhu`SB&M
zj_yZ(U+;p14x15H$T@CQdLE`AUs>aeV|oq~C43=rJq*$>7Kb57Zs{g(jV4=Dsy4P<
z05{;}YIB*m1733No-{`>*DPD3hxs<WEkF!z8frrn6f(Vr5P8~NHB20}#(kZ{F_LZh
zu^7(;35CbRg9o{|um19f$~BmXoI-w#Z=!^E$Dio~fA4<Zuck70c>yjpd;$WhwZZ3X
zF$|7#&m#j^eXTI!-3N$IX<Sn^<KX`Fgim>`P3S6h|HP@>fnD&xG%DT!Aap2_OCBTt
zA;)>J>f~t{>ht7Y&y+RNpS<+hjOS2?RCL{wKjHIemz_y66CLsmM8;B0&OcFINl8SS
z8oS@W0|XK&q$wMTs#jVP9?kbW>&fG)$sfGlCtll)F9W2~1ur4Zch}`~IHx=HND?MR
z!9ZV&?{wql<m=A)SUD`fZr#aa%By!p<ko>1i6tEc#RMV6yIxt+>>IUDE+h>aI5zGy
zyhw+<w3M8ZqI<b~?Dr1sx}jIJ6SC$gnKe$9DT1*&0d3HmCF6Q!a`e>CNgXorki!69
z?_s@ERQu^0*nVm&W^F5k<KWZBlB%wKG@eH!;Q#?#RXui{3f;<@Rb{X?aV&d{mmR3R
zt{1Oiq4ZyYX2PzW*Uw<a$V;+3d$d7|KyNRnN`izXBy{oW6_4h9T<MYF5f|^3uRE7J
z^r77Zh*Mav1AP49kp(B;2R9K78kh6ES8CrDN#NWr{yfsM?;$fCXzZyEdhw*ghrbO1
z)symDE`0n0F$LxHhjS6HUmH=?T>vsV2;<`7)ih@w9*mE-vfoLZg=^8^X{tutBx<cj
zfYudcP4j;v=8PE#?sjj(A*QnzQRerKwH!8pK5CQ@7T;W~i{l*H99$b)f|Orzlpiqm
zv3Hg<GvFd!*D2c>=`g+^2EU(!ys?*g#C&CU9zG&g>~eE<8{UxG5fg9c+UMeeXSeJ#
z>$XZ@dzCHHc`dTK0^)jcaCGBvx6u6sfLhu~w(q#d0(?z$w+;i4T3;FinsNob4Mzcy
zs4k<zM&xy7Me~d`DXGXUFlOz1bnt!O_VIB>WRj^PBd@A1bwAGg)HAycyUTkFJHVJ_
zlQxmx7(`s_P9-eI=Qa9U=fzu^4@$Yrx(%Hd6&1x;k2{=(F3!!?2>eOC7(vD}-PcV5
z`?WtA$VpfLjab^^-8M}gXJxg0)K~>`$)yQbReAYgwdF)$+T_H^9wP^6#4@|%e67^y
z4ZA&Ru=>e-Iq>1cDTW~q`xLwH1AE5&Ve3&A76CRkwt|w3j11MhSM&LdPLd^tEUPzf
z-sIsGQ)F*Z%Ew}{F&u-WnLp`I&cWrH`dUTQjqrLBYpf@s^({KD^SK3oDPKy+9EcE~
zzD=l{2fmVoXex#TiA-)qp(`#e4|ud9MlO^xqzKmS=>&4`az8{+idDF0f3AM^SRE0f
z$=6BMzI=CO3#WJ?{tVYuAxdvC8F(c<A<3TVGCJ;}x5UA@bi_AHP6HVM7g}Poon9PH
zb&i~CM%zfpmSvN!bo10eOP67>vA!HrN5Ai3|3U4Y!ckqmQuJW`W3HxNkLR5tOzQy=
zPv_lb`5G|d=4adB-NlukHdc5f&)%9^t!bCdIo|fAt?exUlSLY?hCTIj;CJ5i9SQ;V
z#mtt4F7+;`=t4L8oXLI8yK{s3H_J9=md`DiQW9xK-N-%hwzjrAQ~&e|aAR1M&Rzn%
zoq}Lsi<)($Fm4@u*O4Id^Q6ItmdtIH@id16x=#X{gtN$i&{~iBehxZuNJXX3e%XrW
z%#8^TWdkAKn1=kC3PaoSfN7{q!*I%SRBl7z$u2*V0xJn-9RFpibcjwwwT6C(o<vkf
z{idVa?8~mT1Jp9Dd=)+JJi}<qQCB>sValuegS2y<<sQLi{41k#Q=Ouz;o*_eqN34v
zQi*Ur`x<PZ&E%o=0`^_dcTo9126_1!pv4_UL`QR9cO{h|u-kL1MRClB8Jb#<z(W<z
zfybZ)bx%AJwpnoaR4L0F``YpWEf(YM*t<$cU<OiWp~97~BH!4g{N7bvtG+*I21R7M
z(JWlGoU*KDv3yLQ>O0F54?i+KIVsHr?CQ8}OpwO8flQ$=+=UI;1&%0P-!xHjmV*BW
zf--UCwB3q%n)SA<t+n+kqjpx6d0kCSU&XIZL8jX@w;dcXI33tfXQwGeh_*(nuTT2m
zUXv!6N@rroT9j5v6-8UloKFhYES{WKrs(_n(UPs($Fj3{jW2~MgmwxE>)nvbO5?v~
z=#|DWK0Q?$OrMmTtg5J(f(sy%v(9Tusr7C%9gCAl49>J)4`H^v<Su6|g}aPSb=l2F
z^;vGeQE0)xAmr@Ik_w|G)i{ltvftBC#pg;70NhdEYDS^}Fq~!$FNB|1t@S>E{*V6u
z``=kD8A{CEcVR^S*Im4~+(GzSj4Qvm*xi3lJf1>7W%)L05fu}|mCh@y6A&bo(cADg
zNOo#d+{n-T7d{&a+pLz9?xcLJxc=DJ!3L1{h3DpZP@vqFs_P`u|BVPe63Vmv8D-u{
zN-|ieKDc_};l%ZHukjmzi+;Kw;A329Lnv=AVCTuL1BI`A<%$yNl)^({IF$`nM9XzC
zRNadS$g?Na@)EZGO-2L;(`{)8<I2iSTc4wyQEKKb<`a}Qw-Y+wa>@QNDkYbh&z*x*
zInaB_j%TmQ1XvzxGa{EDE&vJvLlX=d%_-sO2T3~<5enGo0`c$11oawc>kEd9UKFA8
z5G6xd2g0i!63?|7KWgY&*wKh8c;>R>?t3w?N+bGL*^y?lIE&V<Fr5NrzI*#>sYZX|
zQ@>1Uw*LQZ2LEOH?xWhFib@Vcp#-Pd*bqg6!*!HX1&P`+CX6e*!<m?b-y53>pZvDe
zVW>N#sji}`tbA3LS$HzFH-+=l0TDf1Ufz4|3xpoiYCDS@Xo^E)X8<?6&EUdfbNXy7
zy=t(GNuUU9L&>_lhzE^on5XmFZ?<$W25GoeH~@T1u}JjF)ee`TOrHBg%nq#8$Nte(
z|3En7T@PD|k)JG%wy-*Yf?vs$9zTrFA4)g;p7(m=rv*0x&;NVUji1ai?NmM2Xl+pV
zmnUxSq`>ZRARW~!<xe)~ScA4N`}`jt;j}+dF)&OXl>hpY$TYq|$|<~cs7E|(jYz4C
zpc9VUzt?*FVNd7WI3Oe>lw|kC?nS@}opLYKeXqruld{4{lOw-PwSkJ!n5kRCL3@}%
zKlYYsrQd$QUeU6$PD4gSn2XQlcgVjB#a5qj`Epc{M9A@{{qfiT=+>`M1WvkxB9Um>
z@t0&lL>!V2NUJ^J=Ht_Q5y@5IYtsaTHbHufIGt6I*&fEk-=PRjkAn|POq%VwpCY0n
zE*kn`@A<fGEeZjc;YC2eJKqNyzb+<409^+a7!0<2(SCBzx%vHu%yGJ;q@?=#qg>pV
zr8EpY$9akY%*lf{{RJu`&daO#Kx1oBQ&-HUhch|Z%>1|62!8I7h=1+2hf^$Vev2}~
zox5ri>ifhM0R#CW&|eR!uB)@fYwffLYr@kr0N)1-P0q`^x)D}n^6#GxI??X_>o|xN
z5J=5Vsz2hq9kbwd19XSpyHK#7@TEo*K57kdf-wmd)GI(FpLq(QEBx2|t9G9F-iF@Z
z-rX@)R#JKmfYv+3pB~Yh4iwpo#iQj6`YXwQ+~DX!M8*Enb*BqcP;`%-ojpPIW$Di&
zL_f}k1T~q*_1Co>bagXshuMa_T6Pj2e!>E%6?dZEya8(DC9eR(^){ewMV$v$mYAG-
zM~XUwH-{O7zHkpIi0{J&a-6y1d+PxA8=R_VlvUKi)&{-xd{*DZ?W%cPdPFD$c~kCT
zCV(9}7NHPO9!49=s~X;La}eYHE=>D&PnzTMYx~r{pSH)9428AL7%eO;#NB@&R8+#f
z0U2Nl+$IMQ%~id56A{P)UB%FZv8d;YPXJbejr(*mQcWR%J2gew**VZM0{D8OvLLOr
z+|GZG7yM-~F!NAFxkn=q7XZA05E0IIcE0lz#V4*<zDZnAfy3cYMGQ(0xD*1a&430>
zBscKI)dTeyuE+iiq9GHf(lfF#RfgJ;YU3#>Dg48uV*frxcYXnf1>dxJ?AYw=8DUL_
zm(?l(VG(e|bVq8Ff#;kVRa0KMABGOhSiQr5*?aYmiEcw*{gXh+hWZer*oi!`H1yI%
zuqE`0hl?ho_KG?Eee`m+xgHQXiGDu}U~na1V>GB~g!V+96t-Sb>;*ZpyMgv)M%%20
zS`T#XGvep&t9YPoscK@9*dp%(P^hsbyfhMxzND<7jGTxtProW>WZPSE=c0hX+|>gS
zo2^an!+#F*{?)~PGEQ`soI3v5@D`O;M3`x4_!(9KQS(Sr7Vl1J)8*275G{NV+&*gx
zR6`bxV5th5&ruSt@PPTWoSZ@lshuw-I=My<(FV9$`J_}8eYwZ^k?Y}^K<*<WqwzpQ
z=4@U|OH2DNc>RCN(gV57w`HiSl$Bo~z=ldmN=fQ7vj6?}GA}?b9UC8S>`cEkcct5d
z-lL514D_>G|G8@e*xC@2SfFx$QeB@QeR;DeDM^0NXA|ZQ7ONR~tN{@&S=o8*%^&%C
z^3)BYqFBHJw4iF*NPS<>wW{0w02753dBd4c!q0!&3upb|<S<G-c)wCx!cM1Vk$37e
zbcdUlTPcAS?AJUXQ|x7Rb#2em)IfvYHDtp`O#qBp$G_<8b*D7ja#L0<jVp8d6(yaH
zRz|%vVb1kXNg3qE4eF|r`}vk3KxeF)CZg^Yo51?PgS<+YK8_({Y#wxp_1NI!V>}C-
z^#f=Uv0u8~*Pyt5g0tYf8^sI?Bc*0KZkF|zWY?^a3@3>TlC5Gw=fJJx%<kmxcRXWd
zNQ0v`TuZ|nWWy2<{gUg2_|hzrE>%oN>5ykM%v9>W;f|_yj;i+Ls(T@L&)RPf3Anmm
z#fhqw@d~Gv5+`SPoU2|p_Q3U2*NU}Y`|G`m%D0f&2FUEzxg|KM<m7@oRhDP)yTE3D
zQj_oWjPvx&fYd@kHk8&$W5H*^z93}X&U+oAkGrfN(?3ZBjUQY(pu2X~;xvk>8%g=t
zMf%uP>^%t6?>;saJ-Gd|ww6uO=FflqxNOLeAIH-sj@$fMTix(1mc*ZYoNBzI$J)=@
zx){sXR`QdNi;$UIp8r`}M<g}loqzUm4_l|d4aEO$Yt4TL;)hxG-+}n=iunJ&BAk6~
z)X=o2>KZ|6A9<zQuxWX^!wd*eyF@|*=}XUNVb380(fdu+PZ2z9KV3H;EOQrRcP8w^
zH1QLX&n8tFk#<f9+^xr$H5D*E#pwbBod+U4q|p;?lh8k5B#AV@?%)gZ`eT_~L*diu
z*3={W@(0g5InA#6EDvP8w_dQ{A<erLE)zW0rb`5(D{z_b98|qy7Ht>C2G18d8NjDk
zNgqo!yY+{+p$jwU0mNExoU{)mpCWEwAvf@GyR0a=KSy;zO5gSAko25>Ot>C-(|<^M
zYsZS>IO5}9l)UL~uUcq`9P}=kr>pSoE4?mIIJU-A;rnH~V`s8@`-r{j+R{h_yy7x$
z(}{QjJlWOxF1%skoDb#mX6iQn#U{r{#QbE9AkjzPW4DRm$zR*C`;Or?&CNKLHHm6L
zB0fN`WV>W}zQb7?JbAE7r<mvKJNkVoUmjIX9FibZTRV$PZ#=u6j!t_$GV)+EH8)oa
zC@b=s)CGlyaNUS9&JDGBkXQQ*Tf|^Gr`iwY)IoyG`qf`02C&nc6lxQ-#aza$=bZb%
OpR$66eD?1~kNyV;9wWK{

literal 0
HcmV?d00001

diff --git a/test/integration/consul-container/test/util/test_debug_remote_connected.png b/test/integration/consul-container/test/util/test_debug_remote_connected.png
new file mode 100644
index 0000000000000000000000000000000000000000..52fc905ef29af9bfead9efede531facd778c2446
GIT binary patch
literal 111968
zcma%i1yo#1mo6a?AV7dXa0^awcXtc!7J|ELBO$oEdvJGmx8UwU8*AJfd7Ya(^UKWt
z*7Q23Pj#L0s&Ch>Z|@FK_$-0^7WXX_6cn<Qq^J@U6r2?l6!aPV8%T_{Nq{~S)Y}4c
z5fKF`5fNeq2U`<!D`O}q$&iF3IEA<+%x|YJg&bPKR7%3O-<_Z(5%{jwMajuN`oA|M
zW^Ju$`fe#C27@7{4vV3aKw>F|ff)9+w}UwBTMa#?RZ$xe_V-rXb-?BL&y>rt`w2c^
zCeQ77IuTSTv;^(vpbt<(sK!z~UVPZq_UA~e#9h$LU9S-Zx9wQ^%O)oUzYT>ywYGJ_
zWlI58Jee0deO@Ym3~ie_y!s}L_Ib<Lfd!R6WFN6YBNi6Qf?;c6bojlz15XbtLXD9B
zseH|sR0#?$^U$d;pD37D(G75++?az%(VzrPh`q(x)xYh0Y$dg#-a-(A4?}Yq8`9_z
zxx?-mkVM)dmESX^@Jf<6YfP7_Nym>A9GGdBMOc?frv41vdCD3*?<6PH<yP)RRdfjL
zW5BPL9!go0*M3iIsHkK&goNm>e6E~MavhdxU{hfFh;+%R_o}A;pxc)vo%YIL^unl`
z)HFHkfPkqtmVC2D3)19yBuBDZ=X`TTW}mlNbfZ~W?{QdqmwNVp;f%|M!6!$Y$KR7r
z+buocljuh+weZ)hvoLoasShQVk4cAI#a)l5tO@A%rH-ZG(5&D^o$m7Cp_7MUnYs^I
zgv^K-pFcY3rwFj{2sf}JHb>W5iWr+FkDQ}q7@)#?zIuK4iUBoJL;IUkR{z9Us#Tw3
z2&X&=MxGIq#t`B*%OXidzfNF%emyc&+^O>ecU!)EyGXFN^?cHTpUyTT%zG2B7!)Wo
zvBTI;CSC(Wx<AOECk+M@q-zSjlx-1S2MZETe#4!F_UOV+er@>$CEb_j?9DSVjOcgH
zDtJ4gw?k0xqhBZbv1OxT_|biVqk>cYBEX3h`F%SZC;bgpm$4neDvWD4=_KNtE*ZwR
z>wfm|-|bLge+XMdvl~IB2+gCSI|Q`l2vXsP`n~`7itKydq=OlO3Q~gL?j(QFn+I5K
zSlw?G!fTVSi%@U_*9Ef-Fk}PGt0=7CC;U<v5#N0y-3+LL(t8W+g*~HaLaGRi>XJKy
zz2o-8ItkG4F{JuNlCw`m5YH7Fav>U!y`?xzg<wHm0<RicB0iU^rASb;QlvKve~6A7
zR`3JI%(0GT8HFHV??=)P^&cERMyG<N<n~>zteuEFFrJV_y3M})Wc-ZHPJv0<we#gI
zQ+~2vviMK(pSnMx_V_Tv@(m-Z-f0L};j@2eMQTNB#asEt7X=!)F&wnxOvfEZ0)9vA
zwzt!45?-ZWMO)=srCWtMA<gt(7|`DKIy-km^QP;-&<_&`>kJ_3i$ceMe*;4)4DTy3
zL~2EWPh9uj2K5d6wy4+-w5b4WDOvK0kBMkUAxXheA+}OvvGl_+7~=0^)#64Z2PM@d
zz4GLZ$ZM#V;?e~ZV>x0_VkY8<qBoSNFhoLm$TMTbmPCtlbn<xfJ>zpnG>58p-5g4H
zKJBFL*bKMFQV!t_)$U*o14olavZ6ab3j7dMU{pC%`9)QxQl!9{Kbgx|AgNlXgrxXW
zVYNu3)J@f15~0wjXs5hS`IEwOrITWDR_KpIMZRL4L+-;@hvbJ)$TBQHs?Ce*zAh_j
zVOgtaN-e2zX>qAH3*U!3Fc64w<kcP=T#a3AUjeQrKBa!5{m?P;Ccz^?`xB80u&AZ<
zLN!bUPvx}4Tg|Y@y)?hrTGdhw@FP-<Lls4NLUAM4TguDmopt0T{z>`|u0bI0>^C-9
zwjQ=b^W%m6S?rnF>8m*m%aiH0BCa1|3l0m?bITRZYL*&lC7=?z+4Tyq&tO=Ql<u#2
zEF;*Ua76-S0s(^JasCYY40~PDHLA7x7UUNBt6&e=cB6KXhqXuU!}5dB!|3(V6%j5f
zQt}(>H$2GPNc`BiI0M)f99Hc3%t~xu@pkd%aQN5@uv>8$*ecjN48OA(q~@g@vp1W+
zO<PVWNLEW;XY?C89`iS89cux8-QynrFjk(qV)&WeG{rP+A>~$ck`9_~UW-+`Ewxa9
z!Fzq)o#3)Vb6K-Mo3P5$DBoz;wtl{3?l7Xhm~Ek@=OGfge_+rgK`v~}QkzA)14Ot2
zc2Q|1ZoPJ~cF_kB9FyN%-}JtFco*_6;T@kWE=zoKjC()Y_Wowm$a&p1B_*Jcws8Bi
z4_6vbA=d&o${0uLM3&DN@6NCa#6jaMnM#^owkhXI%gVG!yutEiP)chi&%{$Un0VAb
zVT8NKW7pu|<GI<@-LHe4=AO$otdY@$(xK8(?O~pg)>UwER7F%*;kfDS!nkY7sk=b9
z{<jUaPQnI?w9yKKs0W_A$}?LOVmMKlcsO1}R^)h?hBw_p&q6ET3E}Wy!oH`82*UFi
zX%EFI<WA=2bOsvq3ip2M$qdpCU_dzy&K9SQEQ)X=IzVgYx=@U_k7q5R)8gm;*h29j
z60R;QC2M=!w)mlXVS9Gl-=6Ng>2Ckd@7xfv4eMBgG5SlALb9E0&Q#B8fI3z&gS5Vr
zN%iB`@h$X_<i6y-<vxaV)X!|Dv>_QPDXb&cJ109GJI$93mx1^6kMEzq)W|qUT|{?@
zRmm}?ZzU?FGLu|kBqHh;KIE(AdrKlp@x-&o5XP-X`%Xyy<Rn*mpC7WEWJWivJ59%q
zjui?>;-*`xc2apy%$1B_O#jnr_{T>-#ll&Q2fsRo6}DCqu;FK?@erMU9Yq_{O!M`?
zwr<a?$E>8BB>SX#x&_S+6Zeg`^PyfeISEoUD{2SjpETI2mR+wm+4|VbExolZn;VQk
zt<FqGT8ONOYFJk<zrZ58IXXFcRi^Ei4<$rX0&jhem%r2+ECkw$wf(T{Pwda{*JpR&
z&;t)27S?1@u#?*!E?afFPhcKnP9*}g*BS`v6={bV4mL3B%FTHU0aG`wJea3VS{B+`
z^>IzgEwzobRb|FW&lPm79r1<n8|7z3W<|3_s|xo99JaURd?$dzQr6PYQvTBqC+(dR
zuKLRL2F?fG$Ir)46DXoY`*$h#j$=aCe*JKrgzpIs`S87)+6Qt93e<9490_zN%klVQ
z?RNGQD|6|t_pZUX`^f!+T}%hnSe<0g4ySHi=MCsT(XT0yKdZ4T;f1AU7qk^j?Zxk{
zCpIOXC_fi2Yh`HT`PAQCPnu`Ud@zllu;Q2D)wXll(s^#KzTCPb#e%_lSix-MYrzJb
ze+Fm(7V^KzsMCXWIu^SRIbHjAM-ECqtIO*e>REQ!__P<#RMehxv~J+G9=E32aITs)
zAGp=l1H5mSv~3#cS8rOp?%#pOuUoraTTjK-S~ub*X8>8QKKnusehVnIM3DkoPuQ1D
z`yoAX(}lS5r9K?@?Kuk_x3XF4`oP*?)2N5$Cx(}y$L&$UZpV?!X(3Q|>c^v;nO^>0
z4t-iTrZc5S2hY4S`F;T!eVk72`y{Y_Ms9WP>q_!U%5^Kx(wmz}o)uSX!yH5T4bwKF
z7lkWD(DtVMPkDkYLw=M<pl7!iHQ3^!{#v`MaS$B`9sO&hKMUL2Y}A0bxL0nD@G0n9
zP}%D+-<rO7WM;lMdm#D}+U2u#kOGiCepMtPyYCL=iN;rh3za);kGVM<Lp4p%#m>&0
zk>XXjcO^9?{EY5U1$Ef^r11snnR<rh(G~n$2wPL;Q~Lrv_a1sjnIjvbo<fBhYe<>M
z$w7UBgyErJUg1K)LPD<~H~%ZV{|<}4qJnz;S3EQnRFF9o%-?A~L!Q4s(UALho<Gmm
zv4K!<kYDd1w_7&!f2D@A%6|P{Vdyi+J18M#5h*FiQ`ykL*x1I=%+|>&3ycJbK(Le4
zbcBM!B>#QCl2RgrB!9JFuA<?jAt%diXlqSxU}XE%nBL9W?sqv*yl&i(ptZ4+0kNC4
zm5n2}8z0GEDYzlw-_Z;t#D67mvg9MtkW(NQv2`#eW~XPQXC&c&OH546>tJNUtt2Y`
zcXr4xJ`yu0Cp&Hi23J>CdRG>DTL)7HCN3^621aHEW@b7_3OYx38z%!dIvYpQKZX2P
zIikjnh7RU-PUf~Y#J|fm_-gCy#79E%yQ2U8{As7LoB2O#vT^*oTaXSi{C>m0M9;|Z
z-(^Fx^8SwHRxo!nw$c<ew}y-vqz--#HfG+x(*KV)|ETewa%%h|ClePV<3DHpr&s@;
zRn^hhLB!S?Ql}IDKj!Q2%>VrI?~J?*zq|fVL-A*v|B8hSH2+&(hX0;4{<penJ#vtF
z#5Wg}SAjestL*pZl^f)X>d*6c_=Tc6A#@xHN)Sp)R7l0`)o})#Cx#e!FbfKS>}nl=
zLL!NVc%xVKD)eEQ2a|RY;G;@Qtnq5M@;j*hHdGfwMX&|qU|JZ3jO>2Gb_?GzZLM`>
zOn3Py5M`--sdytLV=cop(^RR&`Balw>Q{r+dYPqWty(!*5nZVyG@0P<i(I6OS6_yL
zV^8?+h(FQ)@~wb|Kvw!l&r(}zGmi1risoyhNrvP%nBP~n5xl||ZRYe8M1*Ll|NT-i
zf*$@<1xiezhCL*LZTQgaT5I!n@zGzPF%~JX8RIBly(j)(FJCg^=rU++i$w|{pvecR
zKa~<s!BADnu^JS}|Hn3e$P%o1YZa%~+py(oJ|F#8TmNMK&)*{`uijd<-qKPDjD2X!
zn}vEi9?A4~jsH2*??E6|go#!CA`>?ha;PYq^na>LlK9iBTstXW>sa$e3QIqUc2eyB
ze;xnzRyta+2GJ_c1x5R<mCPBvq1wO9)L&Ejzr_3!B3^=RU=2B*V%nGckAwCv8Kd2x
zhv}>G1Fg5f*pC1E<ou5rJ0p%hhSoM)Ecm6*abj>ZCH8-=j0&<4T;|NEtK?Kr3|s!C
zA^)jQg3y_eWsu)BU+Z`V{l720e_xV<UlA0($oN`+1z;=x$0hf#y*eX<bZNyVB_$PE
zjs)O>ruTmw3P}uKBdkRe6Qy2uMX#`f*#7{Ie`}%WM?qgY*apQGc!s$DTMn{NDA)#F
za@d#OAdjXRGNxWLvOTMr#iaeui2UbD$yy&HDPr7F{yFad6OPA)V8r}=^DH+J3x%&6
zs${vIm_=h5-GOt7^lsfqY+44*k|vMQ%rsqWQXEzkZStFcpBWW1=s7$S$)hK2$#!;U
zvT~DDEBz!oJWT6oasm3Jbh_pbEhlC8|B@>n7P2~&zG!1Ud>j>o_JyA{)6vCsDxryu
zRU-3#uJF`ku`EAcj91>l<@;MK{TEswKi?v-f|ev(@K+R-K4Cpo^n72$sT@m`8*M<v
z`j<+g1)&khTDuywO$soId{%qeeKW$P;sjBl6H4-=y%XxrikhYGQq`MUTD3r|=F_?M
zcg}+h@Yd?Gx^i;ba9Gb||GI7@-$7F+(8x$9SQsRXO{`JJcFKU~Y*b}DGUjxZK7IHw
zpDKyE{Mr46!(thinD<|nhafaWrlu7aD}71(Hr`Jr)y3f}ogm75C~4s#CsnQ`S2ADr
zA+c|~T${{QqJbIECWc!tpMXSO7qQ1)xk!SCX%mhazVPpYEBh<zx3hW^QYqU-CFVnp
z1a3L)fH}(<fl=c%`BRI|b>J~I>aw`wXhB&tY!+SQ|11Iey`+n;wTX$kRClM%8UPc<
zNTcEhIlwQebfDx{03DUW2q-~0pV&6ZY*ZVkK0oyREW6c)9HJ$us(^es{6<QxN*=Lx
z$$|o4zJxE~ZC*{Dx_pduLc-*NL#xYi>~3dSji;ORzl)|1eu8>>nHVaiAMbe@WJ(?|
zN>th#R4mt}S_qs2^A?m=2Hl!Y2|4BI;>$_kbQ+_UzYdT_?`CAwi+JPm&0TC#|I-u;
zijhv{N}zDPJR&;R4@42s%oNI3nyJ#xTuZs!6TmhYw*YGFKBRP2JVGBhOhOH>rO?Tk
zzI>d+V~_KoTkcoc9kHPJVKS3iW6-Z(<Mm`=zLa11epW4J*Rdn<u)cT9E95;A!@Z5W
z>;W_CKUMn|jN>VxdFI#|DOaD<tv1?(yxknjSWl)UxQ~5g`#uS3AgZ?;1YWh)srOaw
zeeJG*zJKT@`YBKN&vW>R*f&N#Jl5kHZ$H&qqw{m1u9qronekG&5@b7Q4zgYXrO|4_
zQbHlGSd8$hYeg)_QYPey1<_B}*aYSkswL9aOH5ysS&>^Jt9!~zNhumk=j%nVN?GgZ
zCfY30(_oFyBlfr&+s4<Gtc02^?(Oaj*JP=y*`<~d{%c<Zncojhj3#ks0HpSEC`W$?
zyhOK0;ZT7aOBtM*m5k3HtS>INXctaPY)=K$r!5MkUrNFK{&c1?k)AJo3`_yW#Q(I@
z`(8+WgI<}oZiI+RrQQZ7Fp;CY1GKv|ahg_Rh||fM{zGFWLvbS4cD=UiNIW@S4?Jk5
zAd|I7Q58IArlxx_w=OF{tHp3x@Ju{6%`T(mVWHvnxY%OST9($@5iGzboz-O!L_ne4
zU=^e9z1b&!(D+8?3p&-2S8Z7m3hk%}4u~D-ZUh~H%NCm>!hl7ap31l>rdemExC6iY
zXi;;$VPv@>>MZXdi=kP7hv>W723@@FEstY2Oy{tTMnFzl?m)F%rmAi9vk}q2O_GN#
zel!8DKB-%Ru*m1sQPXzVESm7`sdJ6T9&XChxM$_)6=c(qd=EW*lNnDoHe&G`^@71r
zawI_t@goQjG0x_CVvzRj<TmRiog94H*=ae##l>U1(qLWlrCa~ve2{4PaIRFh_ru_2
zILmna>vx=jlrd>(r0Tk2*H2q#vXZOe+|$`!1^7*-lquIoD9k?3o?MS-z4?ZNk=(5t
ziN?btay(b=wcK-g>R~;6$(Xds3>%ME5y$mD@(0VNKKI@ao=a7pnX@JBG;PTiYG3<p
zUnEZ&R_%O}^m8SmVnz~N<*k}vsJE^`jT=LGQgNYoNevQfEzY~oV4_L%qw$&@&@%ZE
zhn2$Z>L>T>IdyUxno*oQQEz?6F*fOJ$0j|{%ULhVu<M2wR--5Q21El#<QdFryRL&v
z^HF5ZV$Nu$K(59Hq;-D+KHY7<U60V#lch@Unvx)*3nK7HW;I(>uvmaF0V+PP!2yU^
zBaktotTh>X8>R5ZhrGsiAh*T1-LuGWlKCArqhKW84QIqb%_w~YTt%??qT#N#Z993E
z&$DLV*|4YmuP$GQb$8(Ccm~gIy5o4F$UCk)(UlPf@YYp+_S1qb&Zv@`DcEMMrJnXf
z<?QI!2W4;X4ju1%g^7#kTuNL$s#nm|b4SvJuds$erbINA0@u-=XWeiY8!yl55p#ow
zt647wA&(7Kx%{UyEfqRdww7KUgP8!SxD#aZ%e-+k8O>~%p3d+m-G<`+s;TrRPv^k3
zgftpWJdTlY9G0C?hR$GcV{nG6yLZFNHC2y7yT0vOgDPh6?NJo}gN9n!uN#5S;zB+W
zTPL!PW2tNozzkQ;cJvFtWOla)laY%{gAM@1hA>PzFB*5wN3F(=B=NUwJ^xEbOBIcj
zV7QQc4Lwa7#XGWnXk#n;JeJO-EFS4eQbA<p^4xsbd$toNznnomF#_WozZ{Xbn+YCS
zmn$7n&XqV|X0u#Yq3^hR@6}<qrj}Cc5yn4Zr6sdGS6MNU<#mIjneYFIGs1hJ+K7}?
zOyfFoks=^j&dv4Ea$oEH{AQ`fBkdmN{B9j^Dw8jrKoV%L_qd;nvRho3>EJ>6$l?FB
z9dMfnT4@~JjuOx#6EJfNCwdV^^C^VGl>W9`+4+3f7Js&ZQi70o0&rTmZ+p7YX0};v
zYT9wXSpp7)P-ar8ma1LL+HUrA?o<yF#&y0tudpC7_@f8U152oL?lN50K3L40Ee3Qt
zI5?<u;ulh)u2m#`=oGykbDOJ#h=%KMl>tewgP$xfq=i}DEqX&tU%JlEh4)e-`P76h
zuOc|s&ydoNv1~e@Tn-j&iSCaoJ9iFCgQTPy6ZD_^srB=oj~elJ$=hnZMrE31O46%u
zC>bJS2HImw{Duo@6Z+#r2JcWIELQok&nAI`Sfy5t1n`D?O0V5xxXyg$>K^F0Fr@8+
zVS~<MR=MY(0SsIwg4S;OEK#3;3E)@&jtjuv!!qCY!qyx{v5m`Abb^4Tmfw8%m{88f
zIO2?Fi+WDGBn=GPO@O+YSs)iak~sn-eJ^LF0IwkG111`^6SFv<=X(kIreBYeW9W^R
z$wXY6{^&-7kp#?UlU+^ucw{+los<bqcyPrm+kY#Af>OWte>z!`Ud3MaSMB4N$pf*x
z{*;q-VM(a{<5|!v8d}*qy?JaFbaLFc@m?#lF;eIQ!!6E7Mx9=_$OsRn<?FOz3m@L<
ztZ<ak>*6g;2RvTQ$nO+p`6LD+<Bn)1>5}+Z{Y+#FGm#Yc*ep3GNOK(-=*Kf2EU<fJ
zlZV?gYiN=1$v}vig(crT3=>*th9izLNVhlYz{2=$XILNWT)u8FL0ykrg1|YRoznB+
zKqS=2)W>W*g-0ThK^OC_G9908DyumO0k_j6ZqwaR=kvoRxy^cwey2CH-7jKa%n8Q{
zK0GWsaGFhv=ELo2<xy%<QXwp&hJA<g5&NsSleJcv>%#zHANbPB))TGrC!FuS=<?80
z536*It0Z8Mx|!mu(y_wNPpWcX%VIDOpARNG+Uu<5q)Upxh_}<|^1SpL-r#amy?n2a
zXkILt&YzBUMRZ9Mn3VKGRjJ-HWZr0KW>PwD_me7dYrw$hWqDqNgcCj)1z;|UA9luI
zCjc$SZ|EkRr9_tu3DVj)#c^-nE3QkLC+63PeljgvIGin~T$ybpE2Hk;Qc|AD^N7H$
zVWRO|Nzm9zyk?x^xsB6%&5&S;Vna%aUsL%rgGb$bOP2;BON!_pjylVuD}j}Bz#vz1
zvey9i8KC%=Frvvi>slX~VYB3%%FT&^&V>B<VV}{0{4^2osn5s2(kD74&2~g~t62qH
zY8hH&JodMAiBC_r8@o9{&!wG+Kk^AcEq{xzDx4A&&SK5l0&j{&>lHPh2_dl0)&A7Q
zl4+KBukuMn(pB>A@LIrX!C2aEKUOY7tV_t@N+~UZ)%H`S%Cz;d{{%2N4&LX_i71{O
zasq*z6E%qHU<-y|3JgDrcISC*4@6wQKxBDPN{()wnZc?o*2=x|m$WJqdbOUpROe`M
zP%FYug43nE!1=0yK^~pYdL6QQRciB<dLPqXH0iBxSGC`r%t}r_uK`^^%WTkbVk~Ob
zb0%>M^qF+6?6irGtDeKkFWZ~pP^hV8g_+!(gi-_K5oSbeH$i)V)AmBxALHTj-1kOY
z`YDb6YUh@f?Gy~{S3cv!yN9>FaD-I7LHd<PwTda4X^aNKXqN@3Dv&*~e!5(nL$}ek
z<6fN5eP`1_bz=IHRUUs3_$&ZRPr(pS!fxq3O2=_Dx8b50#kGgsyb~+ql$_=LAeD05
zG12k!l8gkkn4$j@MhF%?pp14RuH}4dGvRX*z3!aGeQ+j*_b*@Y?jVs**(9_!!@Cc2
z8|7X!7P@}(G>O&J?*}Ef^(L8NBh(W|-q*dO&=VJTUaEZYjcq5@E_iyVJszT874O$^
zB`nQXkK^~cL8H}sJO|q*<fkr{opH`kmv$aq@v5{C0TR1b&vE$hhPV2|V8i4$8%|cq
zUA<V<F(1#vYNW5?@IB^L9Tx0Ul%6)cY^-zWdJ5-c6F!-%l5y~;J2dh%qziqc8u#w-
z@Cw8C*w29;<wVA1oh<gc-%T2En1q<lBfXc#TX_XmKpt*PeeCbC^gXLH^}BCKdjnP5
z=(43feuf4BuJo{9ApQbh@J^Q@LThCg=-5}#?f93T>02ZGhxthF$}~fijTvhOX6CX{
zfoQ8Ib|68#2ZdfXGaEs_-UF>h8#+F~4MrJRxngd?d^i}?XnxU)BEac)xZ&~)0YsD<
zybCVXn5-G*=L~Muj^~F`lJn{X`O!qWdVw4LKE1345pENoRZnA*!!_3pG_!=IlWf0t
ziS)WHMRUE#bNqao7o+ji%U8$IA4RU#BjH=WbVJ`Cmj1Y3IZ)ZTv>4<5<ZHbtDlB8X
z-sIJb8=I-6S<|pPlvT<ua~K)Hd^$K`ymZLsaEul-5*etQXIZ<f#6T+70Hi{eHfDBr
zS8EWjGugCSs&)|4v4=%lWVc-xmV0xZ2wBZE*5gP^**9SsWp$3G6PX0nR;bwxN?z~4
z-Zo1$yBmB08z^C~L5lErJWl&mx~(pA%b}C(f!g&J&Stjr8Un1<wzg^P)>ni|s5M*!
z4|WrTe0e72sfXUfQ(lh?`aU5tx(`<exnta=)`7aPBUE8y?<pda=(G!N1fP_j@3v7)
z6?cazC620J;ikK;+P6O51GB_>x^e@jOWd6La<v?Bzu(nP@RtVLp>5i|^d7Sg;F;~3
z7+cRS&)NX0Qd@TRPNpe*(%391z$dL)>tW4;s;B@KLt9y3<~O139M6HJ@W(3-9zC*#
z>MO4Bq)CM!z;U$%-(Vg1v{j$GSd5!St!$D)RgT~|SGU6K+Ww;V(g32P#F&hw(v-(?
zd3Xj;3vwRE96O_AI?pe~#>CK%CRIkG2s{d|b)JLL3cS4!O}3f{)<#SpA8&*juht$J
zPax7uS&LfE{Ftv%RI|_Ra*RW`tcvmpqP5|NT8tQOY*b&77b?Jn(cUPkVR1Vj=V7@T
zC}Lr1HGu%9iKaz@hcJkUpZTs;K-ZALuq=hX(Fl=RixPO&s8T0Cd8w-_X{q#nJeR1r
zUow~AZd~D;ZZ|31G<_7}Rd$_u&fs=dy6x#GA*3@Jj_sTSOy3?hiJJN{*}Xi0kE9;M
z!;$!MUiz`Ju-t>Dd|#d%Pnv<$mjFMb+G#Sb?eLj;Tl?jayo@1JS^E)Fx8<jWc$`6E
z>rglE<+=Fox?)GqG*0`kF)p^1WjOc_Lpc^gMx@=X2kBh3yBV(QLi1=D+Tdlh@3RZ?
zx-m($9o762AcuhqLgR~b3++aGXm?I<Tt+3A>o)dilj+vBS#9JEQr&jHl53}N^$bHP
zkXm}CN`AvD&n1I9Hltk^!P-ah)G1&CcAQyVRh#4LU`Bp=uBlOq?l`Rkrp-;FRI=i8
zC21ab%5?t|Xr>_(KVeDIhlNh7QCAOa-E348P=3nm;rDnoNb7!)12&o=q#W*AFTYA;
zIcfyO%bUEADkmBZyP~A4ThZQJ&dDqW%c7oi!x5=$tD(2gA>Ir)twhaDv>O0Hw@ZXh
z;Z?r(UZyqM%Rq?E#ME{<-kN8-(cxiZ_^V6#m`oVxeTVaA?;icsHB=)DMQDIl;2Nph
zKD}>b4NdOFsRr?ac2wn3)@`rRVos~mkwNX$_659=<}pge5jQl>>(_?Zw@gtmP9YE0
zw0M;549PzcT3(F*s3*ZMu_YFJ@JG+;i~CLQn!o4DY#)wEq+{$S=kTR_MB&~iHcoYN
z8zPHcB0^pW?>*FR%l?`rTG)GN0PhYQOT%&*9w&lcIo}=}bq8h?QW(ti^a#PTe(fXG
z5;UP-^}6NL((v10oC&L0c~`0#^o{`c;(H<?Ma(8+cev_zzWD4>mq~hWh{#J=ntX~E
z%$bClv+aB;2#|4UGU9H8ZLqnn(618H!mx_Q7)~NkQr%OxC>d8;{VuJEx|r!OLd|S6
zbRc~fho&Z;T%5|hYnrd>=94VoEqE3s#c!6uL-5mY!)2vBr#)i|IC;C8?zPePki%v2
zQ~7%Us$)Fk{R3VF3VACqldq1Qtb%K;Lbq9~==`{Lf}7#KM5b<d!uK`Yh<PEhy>ZBg
zyT!|8&hU>Ax#RbY(2Xx!BIZD0>u;}33{hRb&@I|Gke+NF%oNhhIFR<pQm0*26;9rr
zZ}0pFqfeZjovk9F)$fo!oiIj3_8VY9fIF}aJ_@p?^%}=q{3>sH48rfbFOM2Kg&aLq
ztzERJR;Vp}kzlNo`+9<!lIGt$aG%KdcVkCZujYk?=rnq%Je{$?UTAZmPk{E-__u+L
zC@uM?SFKmmGQ0b^QB%u!H}&~4NhS8yp-6<hO+(&V1-$IN8V|7qC|d05I`+mfrtF!+
zjJfaV<X4vL*OrmPl&d6RZH}9&FCsk%R}6O{$BKdt2}W}(9$IK$Vu2z46`_aFjdM6-
zHfIU2d@8HrI2UkrlIKIkHUa$YUWqEr?f{<cbdTj7UJ&16rrQ=m3YTNx`CA_TyX<90
zos{^&>oi+>omImNQ9Q79X{`6a9bJ|#hpGPC>4I+ujk<C;lLa>0E0E5k&!0^2-KKlo
z=#U*qJ5IV(aWc6aYqb9wx@nwPTVBvXQPS^p7SnU_dg7HpTbKaE4-XQiMF-m3Y{OKD
zg#|I%;2YxHqGHhxIrhk}J;mo&iSBMQ&~kw0S}V2AG$aro3!b>e5Gs1utV`9(DcZp|
zGpF&8Ehc`W@aa>l%l!f_-I1u3Z@IQ6&rW&t)7$4*X;}AI)#gM`jpD-N*fY=<*){=z
z6f(_DFB9(v{^f}U$sTdCa9B7jJ-eLo?aK-NxR_k=z+K?&de!9(*ec4U5)gq_&?U5<
zBC7+Os*oTH#L{!iNq3qa=H_O#$}zX(>3l@;6KzwzbLYP!sC}HDF)_*-99fGr9JhAy
z&N7yKJs%v&wYNxex~kz6B-T4f;F=EP;aH{_YW<eQZa+Wco%p7>b%UM#eh@qalxz!O
z=KG_4Z2fg;VzUZc@gwPLge`#IBd_YO4<hv7G%CO_DStyF_io#!Y4c6~2SD`wfrn0~
zcl)aAM!Qz-2u#&wP!}x^4^N#>K7wJS<wAuj;86$tefS57FFY2rROPzn(+yF{tO1jQ
z@R`(AYvl%(jx`gv=E~}ah3YXxNmlW+#)+e&<+`leHR|!1fgtyhHb#Dok9XZLFVgv9
z$+^pTJ?>_#-9owGiq;b()mP9{aD;9OmUCNva9YcE8^Rzk0v$>dMA>8_+vkHE4--sg
zpS4H{p!H<gQv%*<xIt}_>d+FUPFnSRa`DXeyqc1*VD40i_JxIu;$<d@?<_`SMYlt~
z_QT_HFiIXa=yYZxa=r=5{H*Z=VPG$Jcj6E=w=y;BEfNI%P;{zH(N`HdA4zUk9UJ+B
z?4X57^PKxXBw<++9V5~=3Ceq9XQF-<al~1^lS^Yqjv)HteN^7)&*~_rYiH|+<zGJ<
z&uA$z{@Hx#hjG!<d5+h1M8J1r3|=$dKIG{Q)Cq<ajR*XP+c1XDliRoh)25m3T8J0X
z`epQzUPuDrr(dEv!ojAkhct^vh|ndF6Ti4+y%4c;H!Ki~dc4X&eH2XsKL`BoWXyb~
zAYhrC&<h>sO|f>&cP+w#b(j0_tPOrM@*|JXew846hv1Ha!S4w)AC7dj!f?KSg!en7
z8l#YX57BBF;{&OqbO#{#4+--BVh*(oLPZk6>wp}KK2`SEqiHQC={VR^38W`Cxn#OP
zHA<-g%KEVV9<vdmnBbPHnojKnNaZx9zx|?71K#S1v<M9l^|3(YfZ@-+J6M~lGv6Cu
zk@m^YjC{?W_YPj~BFt-pt@nPWNMi%y-W@%%m~W98o986Xmw2D|V_h4^QF`B*{}BO1
zJ!vgmV5MkwF%Kb#3h;6I&ZOs;W<t4a_tt$dEb?8HEBux16>OV&l=sE(WRGzCu!{{S
z>`3SkFRx-~bhiH#8*{=HCBD}>y=oMAjNW9DjyI?=z}JUzk$$Fqt1<fZP&qTw?fLew
zy>V7a&7y&tWw6sc2lQDNHhi}|zN(>xIjc=mQ|<v`D`@Ye98qr1Fpi+861yvXXG58B
zm_HnBn>ZYMy^=2F@BMOrU>VC+J{c-MG&30T<QYL`#VQp^!1LM1loKoFO*6-F+Y|rF
zn8uFtZ@?ExOuAC^cDdIbp@nQhxB+SiH&Ew|6}U^R0mniQFVIW8ev09ph2lL>Mtsd0
zo<6A2%(K1OI5s}P@p0?xN@njn9;CtmM}$aMn>Nc$uG8yrf*sv1+qC_jVu6Cp8?UdA
zkGz9Vb=AW>ijY10y;$OJD_^`iw1P0t%VQ6$^Y&oW+z8EXJ^gO=>K{`oG@zW0QH(tX
zrXfk+J^(+L)h*m_5|#$xR<!`tAhE$=cjV!{|EstJ_oaxDKE^t}oAp+G$uO9L7$VQJ
zS8@L9h_^$eQE#6H5GWX#s6(VQldYM)v+96<`Q0XDZ{nm&EBMmExB#<!d_TYTIs5Uh
zTS;yH&B1DOSXW*&h^i`rzN%a+Kh|O!W2yKie@s1YPp^U%wt=zpYSA$2z#CSmCz;7G
zK4tTur3iIV&+D3P`H_r5Z%U#%h;kLjG(G1ztN1T+&;8|TjUpNi2%&Nph&C2kP*bf2
z#8!a)&y&9?o&IDwaZjBU2%C~XvDDqtrg03VY{d8x5pJeoGTC2*>mv+1(K90lV3e-$
z5HQZweA-CAmplGEDU!)J%qpBhJHQuO!}oNhd~rD;upLVeCU9LXrd0VDkInzc-5!dM
z3t@M=gN_dhQKk(19=msdkR#fU%RuTQMT-Cd|6@BwRj<pj#vww$agI-~>;pt2&zq3b
zJ$o%2!(=FKiQaY>@$d~Nvgqh~L7(U=0ju8RGp0Y?Arw~mgu%-%KNNnAATfa;1;F8~
z{x0~`$Bxaq@bxp8(#$LUae%s9D!HYepe{q6_goYd03Iq%FsFb&x5DPWVkQ{R!;9*`
zsk3n*NC(>NvUtNE6{2v@H2CCJZa7Y~Yh}Zs_f0CXQgkyJgs=~yjayy}4Wk;6UX!;H
zCL8s$ELmwoy_y|6^deSHF%5LI7))!jaVOy&!IkR8G$7vh+1U&d+4E)E)AhdppmhhE
zbFQkcixcO*Lwu_>c@DSB?mWn~9(Bgs1BS(~i-(XpW?qp3livovzTt$Iw^iL%UU30k
zL1)K({?w*^)$jAt^$C7}(XKz)5))y`{oyY;kd5m-5_DEz<MLY@kfbqdO=TuVUY*(2
z8Q|bS8hHp=CNcQAKNb9A?VvELf)3@&)GOIbLxUeP?)A3O4{yq8MvNBvC$KRqT~T`b
ze@g<>TLg4C35G}t**trOea9Z#HACt!1ZBb~RTY8La{mSmo$mqK$_bO06)3Ehb3D6y
zV=r$l=fH+y&eiZ%mTEEyvm*&c$}W*R)H4TqHuJ#B(LjBHn-=`Jjc3dd2<#E~?(~g^
z4WdqJln{y`Of(6I;0m(aiwk>af=p;HS{B*|g16dOaNdmP>Y^|NCXaTJXlcN8yUuU{
z(+Q+0s04bU5c-cYesE3%Np4e)VAo{^AMJhJJi$cqX6F%@U_SPJ?s|=~?|S0%+|6^l
zodfck1b%e~ia&d=!-mdK{K3D%I{{~jJ2UHWM)J)&d}@S|pMDURm^M`G`#!2-^-f><
zlfdgEqs2M(gytU*_K!e%e40FGH&wu=qN_z!s`W3c7rQUtcvP25)w22tzVXc>XEINJ
zADC3yZCVwy{VFLTA>W^%x0gaD!Udy31o5N?kpbR(nEO({&MYR?sZFy}kc9W9u#b#P
zO|N%}h)W2zAy=HQxXyCr;EK5JTNf~lp<}Z194>CdL|*K%po_hw3p4$zeLi&+TaPL{
zU3NZjRp5j0iUg6DY-MOYn@DBHg9Uj!pRjzqzSlKlyJYw52dza)8gzqwQj_niI$<}8
zhCXJgoHi24ir&xnKw)8Q^f%wPAbdzrolS&5q<jf~<ggcffi*J6-}^n`G)HOJCW`Xz
zz$|A)w?Pgp3~ItB)!2#nC02O39JFvguN-5~CF3N_H%Mo<%a)aKA}D++KF80uohU6Q
zQOI&iW<^Wr(gpNG7v+uX(<U*X<0#H8NgQ^o<eM7UOQCI8kgd>Ss)y*2BYY6kZB_3(
z6uK&3A~nt2N(jv$J2qf_I+cB0eJ_{FDy8SXYixwG$B1*@hfZ3bm^Y*2(&_yK!{BB&
zndu4X%yqLA2cZ{>*_x9O?{iba#NEfxEdKqNfSUnmShK5KWTuLzXYi>(H;>D4QMsX@
z2n!mt_HjFxi<LoIa(MMVf+2O?8xVW1b8pv@4MoKYSt-O;P~>{QD^l<BBgBss(>uqu
zx1051MqZ$Ng7gW&p%RwBN8z2aYr1^;UFd@VTH$g|q&(ks-TXHR9$k+Easy|4PP^!J
zdT3wBQLKRkWChdlna-I<zS9~qe%Q04w)e7Y#~m1Xaxt!xE^NkvxO&@Z1aF{2j)G7m
z&KONGXR_(<Ci{4TL2b(%l3srEA9kycwoH-27FvT0w%9)}?$(0+L;P~FB+x0QSy=x8
zQN5_*V)N-zdHw4SU73dBfOmFt34(~|gp*}sV`J2ns$s>e5QrK|nE?}NHSa(?HQo=6
z)iAEeh64KS{t+&HM|1NOi(4=gTQi?&R&DwB|D3LE21qIaYnI_u<2-R=-TaM5=a9i1
z_D4V$PCCz+uQr5xA_#$Hw@c>f#t*d@y2p7VNvU^=(eKVLiYuTvkbNzx!(r+uA<zY=
zO6qNVy^b7FyL9iKn9@I(EYJesh3fi=;wU2BUIN6pX}c~wfa072r_lZ8=*se7ekO0K
zpsW^B&pLMT<XDH{XMAev@t;8updO=VcQsT+P*u@obV&PJLpSrl7R0bxf!Zw<@(MF?
zbI0mBuBJyn&Xno<Jk_rcj?y#Not?CvK1VM=cy6p|J*PdC^2R8Ecly*w*6omEllI^s
z;)SN^lY}Mun-7Z}7bBwOAwe)7japAyAb+swmAX9vSX?%svUii$c40Eysp2)nQs@HA
zG5en`CssF%22=At#<lm$p`7Qet#$hNK>mL)s|*LAK!})xkcj@EQy`M(%M;4JS46cP
zl$MqqBfwuuk@J}2YBPxF)5o2{2iH7-DSnG%lrhPJU${49eT11B2zbLnt>vZ@?X!gK
zBD2zadmaWbCs^B$^ZlN)OGF-$mVLRQ`P1SMabh4T`Ss$ATbOtuM+C0hdtP17JwUyx
z=$YbF^5BbY$#xV`c0dawPhbEU1dULDcP|igw1K<tnm@uzVZcua)A6zsfHiP*^cN-}
zq}gI>C<K)hIt5x^9Ltsg#jVp@75beW=kpR*)g0??x?No^LPv&|e%Z(X{#GtCxm=ye
zRPi(%IBQe0R1s~wTQZnuJBl^8tFdfn7Go!#mfwJEg8(wI<DBI-VWsw`zps?5*)c$l
zkPC-IFRufmoG@5GF$Gwj&sx;+bc2_V_QKd!$6~*BA^Jy|euOl*&PBw)V$&zf$GeO@
zDx9y(R&{SOx0(1hHDufMQAksE%|5at92gD?H@9mH;mySfJ|h(mS5TAfXvjT;MZwmu
zMgc?S8L!0zcrXt{oh&UE4$+_t@faXR?A&E>t_8=M6LoGEh5&ybrWL#^&&S^Rc^y?P
zltW0j4L$Qi-kdCf%J!SowyWuv09dBm=2|bg=BL?(zH@DLjG>A!ZGbzU#P;=xL3UFF
zy374Bzroh8{r)Nc5Y`h|ug`bo09s=vgON)nHssWXr#$ho9y->BPe(Kmt9i_7dT6O;
z*v)r^Vzs@FY0ED;_0h!E$*o?swD)^-ntV?@XxF+r_@)B-hG>g=08qWf)Q-Wjf9n!1
z^}hj>(NHkjm4ad1g|Dp#+eag`c{A{+w*&b7f(0qsrEQ%$^b%sS_x=$sbQIELGmdgw
zJ@U}cW7|m}JzxR^Y6b#XF@@<hsszW7bqJ&<_?fi!^-fpekAS+_oYr3t%{M3qP<GFh
zUHzlx2jG=s={2)R$%m8OV<3vN7c^^#PK$N?F)qYWF}>><h><M*eo@b1n4I}b7edbT
zuWhLBsH8jay1@?220dZY#Aku;jDfa@h9I(WHLdo-PawVR6J_wPo<|E*Ul7EI-ZKK;
zP13hOkEO77WJOQD%YZnNwyiFds7c*`rsNV;tf_g(#(p6<$tK~O*E$wIo()<p)vyTI
z2(M_sHf#@eW{+Ket$_iMw{jid!q2QXP;m4JT_S+tafA3ie&kH$12n9Y&dZT9ElWf^
z<siIbgy|kot<)2#9O6IgdY$hDezyz=WZv)`rP~w^{%y!Muf0*FXuv%ZL)XB6RnER`
z=d%p0eFrWMyDzF0xQZS?WN0h8)%E8xq3sIpUvpkq)4H55m#yyOFmM6312(=mj^SHd
zYt{<(&B7W)3OsY7vmW2wteozvPThoVXP<w+X<WMw%P21vt>ZWCS(4CT+TVDAvL4HZ
zn3W%<>FZA~AVgR%3?c+|cU<6T-8bnd_?!x-D8ZM537Y!hV|L=&%a*nVrY%Buu;pp=
z*@Hxl9(V$x=QD78HIwUZ&%*o95V42II=+@Z)pME3>%c6E8}pz<d(8;in@wi_4YUrM
zxUw6K`<oS8>e||E)Vg55B{$lpo*z)~6F-`Xy^LM)eYR0X-j|<1%qh1R8o1R2KlvfV
zAZU4%x+;L$?aDxdq+2-dMKg>}HZypC4%oI_!uWZZ*YJD%#O&CKOzX<v#$7W{W~YlY
z&FjOjJm_z{dlOvBmzKNU`8n1$9;)km6^|LG9mOoWx;7hDo}O?%ABJ8mI-eiP+e|3-
zMGUsWP5V0HQU0<WfvBf<y<%G$*d!NC>ghoLtd>C~O!NX?qB#2>1RF$jM=A+N;{>#E
zmdBKM$`*GvJ#wRaqpOWsvFYWlw*uE0!5_N4I|fLq`k{|A`2dG}I}9!R!Wl}FfZp+y
z(^?2$A1Uk}f!6PCT2mE}v3w2R`s>cO{N0&Nge%hu>@HS>P_%347B3M=JI9X>p(FF!
znhEQZJ3_XV?L~v1T$!ym-xYh`Ej;m#{shN5hB3sUM2eHnA7$VfJhmZX6w1l+flPm#
zi*P;85^UzyGxfyh$qWD`r7n#1{&>z#LEKzdR7Io@=GzNzDd?xT64Ox0mwq*LVSFP&
zu(Fm@H++jgWZiIMMH_8x5S$_44`TzUT`GWz=~zN%2=2oC&X#P!I=)Uhez$3+H)Nk#
z2EB4MBHikAdZI*4F6Mm?@XM<|LdN&i9sglo<C^AS!Q|%ac|R&UJdT*IqR|I|4@Anf
ztlzTI)(oPU;k?6f(AxiWL)Ze@O|QJi26!8rgT4IDUOmsL>*FwZh5w~hil>q>X?3=`
z?0$0G!m?mVVcbBf)w5n{KpsUWGD=I3;)1ufqz18bY!+p;Bu8<BMNn{X6ZH@Yd){83
zqBvF>_8k6XnSj^UJ;7Wbo!EH_U^aa2Lyu~G<0oYTAG}$GLU!U<*|LbxB*zLDVG3cB
zPn~UUA<Qj`cAU*`ytos<A>)?aVDalBdSlXnI%(#9;BU(||2&nHXyvay6VYO1h?ELR
zm0o#+=upK7ms&qr6@Vw;ozA|N?^7h8caZAvuxYxLTt^BqdyBmVs_}COnBv-aP2vnZ
zKOL4<9(b*j&S8OD2_1hj*)LQ%M<Tj3|72lZhh9<F&&ZQ4>$Eccz}@+`#bJvT5&!Kk
zP9_jxNCv62*)g~Wc<1NzquwWaSTzr@YClNBa+yS3`_yb9-yJ3b01w1c_B7S2nhO{z
z&~LAf1X<ef`qfcSGoL>;lxpKdXM$w0?>3iAZ_*ljf3415LI?t-?TwQFg_z}q_|~#3
zgV|n7q_E%M2)cYffIV+xs7w|aP%NGq&R!<BC@BH_&Em?n^m}EdIgM;FY07ENm!^`S
z=y|uOs9~mOKHM-2a~^M1i6u@gzwKGptmOaXZqJHCaMTz~ou=u@2$-jB-W<TIbN!#-
zU`9%pXeAVQzRP`lII@YmfhcnNL(<8PVeoOE6}+dgVcZKDjqgdics|!LjpkV&5*+N~
zi>&o5uabI6wDv~~yt7};G%k1-bEo67q;Re0@|%>MzPY4FmC3Z(Xb-r5l<-+tn&``R
zmhhNb#x{^1AwP1=%e!MH`oqpH!pG-5(l@+Mu%b#8{Y-32D$1nkhG5m|bWkE!gKIE%
zu{#<Mb)>|nh-9r|$bW}be~S5YK-|G`@8`U*g1`OVsfp6bZ^Ht_xq~S_Pcy*`(TeF+
zV3Pg{*X^p;PE63XUfLckzQGzR%ty{|OGe5IMjsaE<tj<Qx5uB9_h@525j;p)csS!#
zo?fmVm)BT!Pt?ep@Z3K~am6OIkGkU8pnd(Y7>UQBXZd4X1?<%EvJSA33V5tqxPW*G
z33rYm{CqO#92y_NXZ%USVZE%P-y_QP(|?JAKG$m&Vqj?=Bm_{6H3vEIFVegRKN`r(
zAA=Br0QTd@T+F)W#$#Cm@~0~nH@%MNi-(ej^0dz94@E4r-TUJ_r;JkKyua-_4$t>k
z`-~6=g@V*{?~h;Ij<bUMaqSq<%w@l&wlU4GI?CrL%%`BTMt%Ge)T$^)CB!pRO7Eh>
z!oC<L{e6IC_iANBmRG<^j^M{N7drj))G<>+TwE@z-UKoNmTdFmJSC=g0dM1)OB%%3
z)8R4I4WXGTZW)587wJY+NJhR|lDp+wjvNGKg={z46s+1vG+s2{b8WX=3z=er8<}3?
zA8;8rd6eHYQaZ>k|JjRrC>ea|F6_0JP>?mvMtX42U2ZfE>WAKLMl3Z+7966EbIzRn
zv7)$(Z(|xcd^kwun_FcK%iRsRv$0lPp1_VD<!rpzOx0fd{_hxCE5B(2Lx>~LXwD_a
ztRqvqR*T*j{{Zm;F$;a=lbY!u#XU2_<SbW|Jgg&5->Sg+m1N8i(ybmb+*_ohEndp6
z#Q*~-lB9lr>Zrj_#f$-Mjk79YZyQU!6bhfY#nf}<H@stW%KEI<+oVnnTV<^M6sB~*
z4+jptT$H2RFJP?_A{JTZL$=7~P@V*F(5azq+$yNGQQX|;XI$)hQL82HlBLN=Pn0V|
ziz9L#F9>MKnzQf<4nG@nYAw6-zVm($uiKSP=WiIUtsV_+OkgXfyHf1z?j3t@;(XoE
zN`?-EC2Je)39p#>q^#f_=)2+;<nZP<3eUl`qTVqB@;V&mSf)r~+yi1;Ha%_xxz!@P
zjixxXZLBt{q5^~GysnNWSw@wvHht%p^k14_&Cwe@TJE`yHq~7HL*@s@o!(#bq-2qX
zd>wK6<K6rn?YCQ*90}YJ2UEYpTiG?3hOxB9$)2L$&OFneA}Oqa=7yXAc@5yR7WcOY
zKdD7n#JwQ7rtMS~ANXA2_?oq$7*Y`vgO8GUoM#wbID4-QC?=aE2;D^yj40ExEKpjt
z6U2ACb2h}kSW>*$y;=@V(sePHq<STANfPGRB#FKm@bT0B#v^aOt~RkMZhahu?oFr+
zdD7E)MxK=(={>B4&o7@_czT<j>bF)zfMffE+2S}_%^J~)rmc%DlhSQ{yKY#Ai{XH$
zsSZjzh%P8sMwFWTi^XJc?8$(Cy$uE(V$-O+I-DC-?VT^(vT<g*{qD%zRi#sF67jw#
z6PQW{Gp1Uiq6odat3`v2_%Rc3;_kboOIwA_e*6h^imU0q41hu=@X(aB{JBFQ6?Wpm
zmg6)j1Q$?lb5jzQ(YXR=G3i#2?hQ^00S1*9i{$acfqK=-wMzKD*3SB`*rDeS+3!#0
zI2>0G9z6L}Q<?UM?sA7yCv80R^-N$u$N46!1OXln3a?AfxSbE1=*!Nf7vg771keX<
z*JPX5B5igZFC7P*kNn0NZ%!o$y+vC}+I^VNg26ChtX4tblN8g;gg3~z{%a`k=*7Gc
z4Cc8}*j}bPzqQKg_kwsH9DafLd;rYO6GL1NiwleS!YAehAaktY=_`i)8P2h=sIWW-
zgtYx=z04=6f6ntvd}_A(UABT`%{0sF^Qq<uYd)S#Cj9oiTK-eGP;<B=4N*n&ITD1T
z9PPVYsjx8?^k`r)_+`rQrluF)^X%iYD9Iz^N2JT_e_+z2(=d6ZRU#VVn}9bz?uw}s
z)`zyRNfH4Fbmq-Mw{d2mmD;IEX50k@yY}cwYiP?vEUYxx#%;t`VQx6vX^^eRAXt~0
zQstC;NI+UyxojcmUTWBPQPQ7LoNz%_@91;Dx47Xtl<u0D=v?b+X+x4F39YU3;@H#8
zDe6@19Y%~+`$B_R{I$}F7Q+|O!*<af?9~8AKpJ{Eo=0<ZF<23#{3YzyzzD)PC4^?s
z(qV@#{D>8=pLhN)1n%FEH)x3zF+kw%(QI~%IswvrLt~wc64qz>Gr2I&`Di}#bX9U?
zqV?M*CiTRTZU-PHN}F%(5p~|h#(D7C%-X6jrsy)yCz9+f?F{)}e^!AP{p}kyTZKGp
z{WWX{Bl&CAa=CV+8HmRWt-*Xo>mBbIar<qY)Kqc5L7Mb{#A=*8KhClbs(qk7ht50x
z9aQ7D9QqB^%C%AaH)dv8Xr|Ao*^&77{<0}bO<NBT_X#Ysy%aAlP?9I92IKAn#F`C5
zkpNkm`EpbE&a+b<0!of+@KzDuChkP`uOY-H6=*2HVJAl7x2Ye2B_pj4dd25eKD!mU
z+%|dD69|ubv0*AZYILd&cmrCQ(;M{To2jE5$n?6=gjgi(=(Ll+wO!AzT*1v(j-=0(
zR(AY9#@;fl>h0V6Rs<zP6a*ARL`u3rx=XsdyQLch36TcrM!IX!jV!uh5sOeM>F#<a
zy8q`q=j?so_r5M)c!_KAi#cMB@g1L8FeY%bmBlltT%?+z@@?ihAF?mEYr5Vxv$)H0
zj0)<xZpkR-+q0$UP1AEO7{-7EZJpv40XJV)+fV-?-W$mz#A1cql8xpV`g_OUKi*9E
zqU8n@FVwquj;8<{Wi*w|INtacgk|*en@an-iNzRDgl+75->~uP)NC+1&uhBcjpvnd
z`%AvY)d{((c<}4O3&^Ajw5%E8zLc3b&toap+vFWuO_peJYIzqK*C5SkJC-ljd#2wH
z#jR?YK04^YIr=od8i3xQ9`^Ppveum3XU=0OCyv>B@qQiawyQjY{2N$kybUjaxIdaq
zD)HAvvFpLgIp(o(=gZ>igLiDmE$NPxeT!VqRB1_ROsN`#4guxfaQB;fwUB2{6ZGr?
z+>_rMl`k4l*j^uHtFHebHLN_*cSL=r$9gE29W>e~jHaax#3zykf|c`<Pd7fSV?aZ&
zq~G%2cmQ#pz#<zLJq(D;lr*M>?_OVFWtC3ZUWV{?Gvd{}iY|<Q>apK5a{m0V7IIRV
zZ&JneWU#nc*QuU4jUne!d--FF#@y!d9+TJ1-ena?Q8z2#%iq`$3soo-4(Lxz8$?Ay
zB1(Frq{1pJKOmvFIJF5|=rqih!zRNPb4%XHP#-zscU(5RBR(g89YcpF`prN1KLwIM
z@pTUm-gx<hZj>e3`gK^m;X<La&Jnko=x#F)Xfk%3>=&s+5)T7%tV9CTr)uQ9CI#T9
zs*B=6DZV)g^UZOG>@@Yqh2p%N8-xkR{WRu8TFrZuc14<y>MG82+kEw0tzYVmh}A%!
z9w#x*#9FDrmU3LP;6;VOt7&@n;3fYK`k}CgVB6V$SvlJJt(7OW;-K|HL!N(4%U4bR
zz`cGe+j&Rvrp0v8_OH!gXj-1-uv-8hyL6_lGa|;t^H2hW2JXJiohcxDl$-ZB2rYBC
zEq_B^xyBzKxUE8k{}efIL#)4&z}5Rg&UPUS0~3zD>w&+k5ST3$cEjDLaB8TqLwBCW
z<Dfs;{un2-iEk#8x>IL@!Q$f<4$BcV^>Fwhh}f<oSz99;T`KY&Rc~DwSL@lkaT;$)
z)ndi=a`Uyd8NcG7U@_wx_2iv~on|*e8H2FrUhysgy0vyjkh_H)&wZ?bmK+kKX0Shn
zD5%Lvx0nXTLi6Qh)Q>lJdZF~6k7`c?F|zHvJjiuGhWqp5bHY-{m*>@+o0eywsW|?i
z2d)mU^uD<^*K6e~_6e>Ba&B_BA9n`_d=U>Z{BD+_!y(gprr%x^9{V$6JsaXWsJflK
z0L`fncgc})_*(h<HsLlcBd!Cf+!`0tARb?SaH_X8GgDGpupyZnUlOaacK_Amf;?Q(
z>=qA8XS$ftr&|LBPhpE#K@04a#37!I&4|_xin1dO+|qCkWaac?gdEkZ+mdx3xZ}c|
zE6}EpG;6~cPbMl7Nht5W_h_blN&_dF_x;q(Ng$!uaP-&)ta$AD>Vojqt>XL&-O&w*
zaUtRc1pHV0sZ)YzqFLeG89e8|h_CkCe`N$xZZ+Chu@XUj0$-k&N)y^Pt?Q3=j%?jy
zF>Or0qIsk7g;zf9BlO@N23Ot%Ce-$@My=AAif6%M0LPTXz~`=C_In*Fnh&BhG#}EB
zg8b74cNchp!YKQN=ivwu-6~Uu=I$Sdz+_~5TS^@mdOlf<!O`*7o41fzA~eE&Z8Uo(
z5$PDU>nA$b&U?D=>}xEpOJrrC<8k`=fk}@aFW<KaAuuK1)VK+)_<Wbi2I#%VuP|2b
zg@Vn)PrP{=GRgS#F0(@w%Y-|{@3~G?N;LERYH$-s4&%KRJWnj{wvOj3Oq|-A{8Aro
z#x%U-&l#yjO3>ui+F}oNXu_cu?!#KPvnU+(f~IRi>tZk_XV-B+V*}^hDB`x(Gg_H~
zVsKf;dwO8d1;%5>AUT6-H|!E_+e)ULh&wRVbbZaLV|4k2bVuO?Nv&DvLj~g+hW?$~
zp#NI_EYp_RD4cmaL(*uC029Yx7RpNJJ<c%7((&qvsE5YUT0{7_G7eKkB~j6pFn4%`
zR%Jm!k-%>yB2m>`tz3fSwVF4)?mlg4s$)`*7w#NsOkoyO@ncJir$nsRO|yxrhH8WT
zVrIlJth5z&jnkGX$`zi(Y*v8FrB~$B(Qq!sHuuaJ#s=!F-VcbZc!!SD4G{NH&IkQK
z{q(n6u-&z?1If`kBa0AV1N>nD{2FwQOux(w?c$%Okd1vcB%nw=dK$Fxr|P;Awqv<@
zv%S3A^l%$0Y!LX~dWeyF{3W+rh*w~z2R5@2L)wQOIb@5yqBdWww;&t$l)DN#x-G%}
zRF+}mRUor>DC8^=wlKireR3;Z;Eyr;GlBXv?sl4(MF15jmZCL(HlRpq`I^xo>ve?_
z;*xPO=sm!ASwv<xs3@SZ6E4#T1d!wL^fb7f-pC`cQk`7H#s+drsq?q>TO<BGpFv%0
zrcGe=be9X1Lj_wxTX9}KM%Lw(I*=zo&5~Yu<D;%+R6T)A8>OwQ!6InRY(ajc{uFiE
zQrT;etwfVr4edIj*Ot-Wa=&>kCkY8br4+>i>rodFWk~K=C6?gaYt^&8%TwELbE+q!
zx_S0V9ObR#dwzon<kPvI{RvFDpAyuN$@fOkuu`BuUe<#S%#qB6;F#tKN2c{-WN$E>
z#({in+O*q_CU}C+^K@_F&_vRWkACav)OoQ)7O;6yx&}+rPXx7m^j{L|-5<V(7vc~$
z#5ekrS&}?JC!roL!wrnz1%jWvhfSKx#m5&P?N>s3mVk&!fQHt!T?mD1<VBE=`0Pdp
ztC+W7BLB3=hP`Sw`j6N-k;jSr!$x$<J`f*#>so#p)_9Je&$2*`sq)}MetBR_f==bH
z6$1#LKIpeQJ@$M_G56}ycf43EgBs&@`>Q5*n6IK^7f|VKa2FBEUzuC&IUp&|F6Boo
znYAypE)n@Np|Q!&vi6Yzyo*rBl%>^=O>}c-y2eK5YD`KuxEyDu;{C8<o4Na#N=3{a
z-OU37$SaixvfkGRX*b;wM7bMjgFQ?x_t&U^z-S3OR3oBi0=PWUtq0Q@EB#7C=|4Im
zrQ(BQ$q^bLN@_09_|LV#TpNFzt9FFb5#_y6ra`~99l)BCNUF9vB5gdF*?Bo!TL)@8
z0%*yP->6@_mIR7{e5!p$$33dDql;~y#>+6Q$X;AD(Qm*^f4D`g3Ps$OV@t~i`UuTL
z>H{`{>|EI9N^kgm8Qc;vTerI(O%^$>XwVP{z&#J!=LlPFl$#c8?C(=dwkQ-7AoW~@
z#f4pkhvvT=({bZtrK1|JcNTe%YJux%7wSN;U-D>0MR!9IejR$^u1e_Z|2jlT8h2^F
ztmWe+4?NO4f&pRAx0#8kB&l-a2WgowmjVC%1!~n0^P-?1>W{rfpo_0|p1zS7UKOm`
zV>0D_GBhwfJ68htdggxr#^O2Z^~e-a$mGRa9MT(6nkvQx`O`4pj*B-h=DTzmI?e{o
z_Jy9c>>%*Nzb%>ZR?c0@lEGakxMNwX$AVVb(}?%7daA(8IwhtLFy=SYA{p|tr+WrS
zIH+sy!hmH0SVmEemRBdXUH?c|ZB97%Uiw6h)0TQ$;5f*xSMUa1US=rc2s}pJdduYV
z*}^5#UzzB5sok&$G_<f!iCVy<if8~OQAENp<8?H-j51-+(3IQ}`|&F1P;MBOHo2h;
z?g@P6=DAhvLw0_IyH)fFRUlRGb~M+6pcaqW?Fh52v7Dy1Umc7Vk0$FyHcEYD%>M&e
zFd8z;hQwHjCy7!5723~z=jEO#9iA9U*E;@8(U5y>nEg&&ugio5h6T9SzC~w!#r&2S
zPIbE2v3|1P9S!P{&E1BGRdq6owu}?nk<}t>WSU?=&BS#r`-TehftkSW9V}Te<T$yP
z&fvC^VDdc*hR`Wgl_ba;(2Ds3w-7};{+w04fb7z?i=Y(oiQpmP*S(IWfPFsXP;pJ<
zlyW-A*5!DoX|}H2k8fCL1EDi!di>u|-rbqXH^`-@eZ~gDu%PP}%L&81ll4}gkB7df
z2FI|hU^fHoLonnjaFLs6as1>WCDmnAT+j6*{ytRoUZ@V-2b-siVa=f(WxGA|=4ywA
zCO$Bz@HSBs#lRa{BFJhXvX-rmJby9j|NRj{5i}HELR}rNQQ*-PdLo35D!QVUa5j12
zTxdhk+Li126ic1y>6P{A?uNh$|5n+^D0=&l&D`ex+o8E$mD%Q{{*G((t+?p%tKmWw
zn<mwJTQzP+l#X<b#kf_vN{#mW-NhkJiQ1kNv2LyXL}X*Tn=cuDKH*gJ^a9!nl%l76
z!4Do8Ol(e99>z0>Y~3K4fF1af9`s%OLBI#hmB$0__qWaBiwN1QE#vPajq*J&yTN6C
zO3&^FVs|@dKhheNR~Mn-vrsmi(<<|ccix86#^0adItC1*46;7C_P#lZn#X-XcFhpE
z?a&F-L@v;$xgL=&_stZ_z#cuaS9hj8^+nV1jK!f>fQt<4qoIvybDI@8nJ~)zmrsg4
zrSSOIH)=|{sbY`q+{0d%fC8Fd-~p5Lt45VG{pC;0jZkjQk7)bJ$nwrh*!k4j21#+e
zqrnd7lUQqD>MggXvu9u+h$3lxoH@TF)dIhg_1n|tMx=N73-WF$te{{v9<F{!@ijnv
z5H=v(UWa0F;A9=eJ(y6`0s1$Pv{I-0E@{x8GSpcCA8>Y-Z|Cj^vbyUQ{&aHY47Z&_
z==XdZnG$Mml|-snZO&OqoNG(b%k5~W<ccQO><ZQ(K$Yowoe8^N-xjQqQ1?CfX2lF*
z#o;#GQe3MeE8C4Lms=h;M{defdyT0^$oC3q$qTIBCQ?Y)8MjfTE=QAl7q1TN&N{EC
zB|G0;dY&aUdoE_X@lpc+Yh%!Rk1!Hn$}xbKc(a2j!o%=xeZnTau$;fC2EF0DU|&1i
zPRZ+bAdW_bpgLtVxno@k*@zy6(|KF7cx^QoQ)|5U8`!4xRv7get@J;a`}#AxNg|H+
zoOF5~mrP#hOKIw8mOqMcE@%l)3S#wuTKq?Kl#35cVo_HmB=Uu+%v-Y(@;4LaA=rG)
znDs@e*TqYgJ@NugnK=apQsnbLhD9?50<kOn+kL0yE+{0Q)|ibcqt(Y!NzEoOnYf`=
zZ|>htBGDL{mim`W1+u3;5->DP=7&E-qr#!pe5SC^zwtBn?e-)PalX+r^(k1yJOjGF
zIp4Z-{tLv5KK|3&8FonA;p@rw+Ns_6RzXco#`)qlxw>#FZSf1B-+yBu3+8_6yspm0
zHL|ym_-UrPW}Ib9(vSFOqa658W8&&Ndq=3v+w?yX2}%dEsK3#q_M~_^wTg27{djAd
zfqQi;ORwOGf$DOv(wC#qe7%+DTkqd?eWR`lA81Y=+*omrXqHc09MbL$*#@2e++c4o
zB$1CK+LBc8?MM|Tm4Tn?R)M3!1)oUGBB1~7qJ@2^g=__?@kNM4EjZI-I6l5rKp_XM
zEUCAX1MA}inL`?J`IE~CwCUAQ&@0Dq#lPa5Fo<&wq{6R+DcP)vxgR`I5`edhvz8{e
zc>j7$(T%ns4V6$0X1+wWY}%&|^Nw)uSXy13w*L8DHJPDZ`oU_ar-@z8>WQ=M>Dd64
z`f2)5py?v{K8?gt2()d317|E_s67#V1yQ+FdkcG9sgNz!`L2mC2tx_dw%%Q%(9VI6
zdw&YDnLrf7%JEew;1>76MjHO%tN4=8aRtdce6qIl<2j9;(%^~klR4)!Ov)jYCvR7i
z?UBe*LzCX_VJEz`%{)s;?z-e!gF}iXwIEuI>#R}r18{LtQr+Mc*5Yf80&8uGCUv%m
z(%iwQlrxHv%w3M(c!>`f2=tC~qEdL=$EOCuI9$4RFY)>wtLnEDQI*z@iuOKKk44e+
z*dy&#Z$+ul>$nf$omVre%M;gPW%IG3=9_9Rm;L-Q;Kf%a{ZCQkvJr8_Di|CB%^ERO
zR0>Jr4W8kLvtv%Zd4(|nTRE~s#3&X|@~#+U*2~a%R}Od(2RMFkMk9U9B^7z~tAQ^F
zJK{NzBY<(7FA~2M2?MbJ0MsvOJ{4<?QKVbf@pJ=>*x(jmGh@Zk>Cob{S&t`r4Z~O-
z89UiDY$+Fe8ec~3sdBRjKY}+jl$?{d(0oaW86{z93Q&}r$)|W!Jl!~(64hW;xj9p=
zMY(JlO?*5r$XK8hvvv^M9R*1e$oUu*NxUI>JFdS+@}Wrt%#kvtkSHIw9KkfqOE>5s
zE4<9o_c3^sG}8D!&^4cOS?a91#C|l3;qo~c<kZnnQEhaI<hnW>Bh|UH@(jx-J-W(r
zA%0f`T_{ZM2?HO+V^hth&s_9X@4b)k(>x_$N(H2AM@eEaAv5c6N}3`eIL;LjJ3iV;
zXee0`dT=+PF!F9nJ~F1;m&ZQoI|!tTT*iX`!L&U7@H;8F|BE#QGw9B-@5kp!VvjD!
z!w4=K8*i>JB7I3aA>&^>)}}LJih5?KC18fwPew(2Wr=BokGElRUTHOA71e=Bho7H@
zPyQkIWMaMF77jPTy@tC#rIT~lTW~m#D#=m#y4v~}JP&@9_ff2G*rCKepCw*3jncB8
zOx-g)&NSMe2oZkQz^W;>p=575l*6`8%gII?C7h;7JXIMxNO-rI>1?rcc#o*n+2{1V
zA?06qDcM-S*?}v`@0Mzuq#_yR>tQOz0(O#+tz(XRI|_L($R@}E8f5e$K5>ISI>gg?
z!TW|gfzjymp7gna4`Xl$ep!^@S5~}uUj%G4TLsGeT5~#0jz6u%TFejmH(<9emdIj(
z6H9wc4g`j2%b{%A;k7l&swCHdBJ~OXu4TC`*!QgoKjlA;2-Dz?2izFGgx3)@7P(8f
zil`U&LzP=u1FuvlbCu#qb>>9$te91wlpLf`AiU6ihkUmgjRcVj>rW~7m5)4W#O6L{
zq7d!GcHE1E+lmgDxDF^%Ef)YXy{H#4#x#HIoAT*hYCb^GNGTZ`&6Y4)?v24N@G5%v
z-;|ecAMY$A{N#@``)>>spB-j;Yb;r0bmeL#?60Tyf5vj%{s-Cn;MoGw*7IKh)c+37
zMM8cH%yR1MSJW`Ud5-~K+Pp4e`R}Xx?~C~x7wZcxm<VTbyqD#$F<+VPkd$d?Cv$wC
z?s;#&|G#3f=@Ww|*U;Zz66NdtbP5X7d-nNXeNOC^*KYtBt5;JH#UGdPf4Ry(KRSJV
zOGpE3w892@`hRtI5qw;?Tq^MN7pIfrasJ(BKG6N<sWsLH7MEIgwEnAC2Heemqe1lX
z{^e(Ukio^_fJwqUJ^Z{2ddz>iz7IsQ+5B|k7S08V1#{Z+@)pl+{=+s(NA~fZ9f$%0
zAxqS5T293m#odl>e;ySH?w>*bl9xj>f2tGz<LLrQRu<%~K*2UU*If!G@jqtwSz32B
z<VjTJ<-uodDOmXL*Z2zIc43W@*!c~%N&Mqol|RX|-9?Lv8lkRkeJK2wa|3~Ui^^zY
z>42Ir_0O*-!T;-vDvn%W|AhI&<O4J#L_VXa+ussFatkSp3NU85wYxtTK~@}K<;U}X
zxC$N=MH~0z@ond%A=QV{e_h4vq?}oDIF7g2)4#6#6^q5hyLYJKg?dR}0O|c7C~<&e
zrf4-IWA4PRP%yql5;JN}PEStuhx#WwkFvCC8KtFmVAMCOVhCs`%S{~AyuV)>UotXD
zVJoW{i)A#VZPB5H{`v1``aiK|f2ZGlLc5zNH24MKh%WoqjoK2aL$Snx`7I7~{QNgY
zLGs+kFm8dgSlkdm9;Z_V*Z<*N|J~%pf3NQ?0dzRyG`HHDe|4pKQ;1Pox_#W1R8BX>
zTYo3T{lmYcOJe<LPsgoo_q6|;+lk=oB)c_n^C{)c>w%en_mPC(ANkEqtl8#9>vfRm
z%zxiA|J}B|+wdQ*>i<W#`|GE#Xu+*{iAHzZu8Bzc{Y&qK4D74H+!FNvM%|wQJ@ntd
z_V53auKL^MRjU$wiu@B#{+}Q7y?umMHT{z4;ds?;7mp48%?k#mj(AI61g;XlY>^)C
zFSqhEkT05Sz~OMBPz8tlITXY`F@1y=qEWSbYL5S~2J&=ouU32s6_%|=@W(^!^L_A*
z-5-8OO^ouz3VgKJ>7vZxpS{AZI=nFJyUy(^(eG0B5+nn(yM<VTp4%Hw*ME|po~;id
zw-7|g=KruLW+rQr`j6ie1ib2PV3rmt)ldBEe?0cTgG3{DXO9sCd_`~-nXmQl{KNIX
z^05>6fS>__I=NO%=O4mgo*3dA(|obwp85#Bwa4Gz%5%&nQ2mqF<-7a?yS#MAR`?4}
z=<^1AHVENU9Jqr_%<pe8v7g-gA5Qf@hV}*P7XJAcv-PBmhMXYw_pkS<kp2!Nr^CXH
zC-d&TZgLV3kEc~%D7}oO5wLyv)Sio;!}2LECQ50fM#r-CAO-TIq{6H#OT9mfHH_8+
z2KEo2G*K$DvPAKfnE(8&0RPe|=l(6C^Bh;<Hns7|BHkU9z;a9(;@AkuDr`tYjl<>-
zPGe-EMgfZ<(8<c-umy*PLYmQt%sLv1?x?1GQ&~OUt2nbLmNvt(+z%VbvK4`RdI;N^
zqKJ+yib(tNz4~<>s1=ya7bQ@ixr+-I;B5R8`!@SGI3ywAFScgF)4uuWrZ$OXT7w*L
z>C0h!P3K41Dnr_%UrjK~MynFW^R+bg4-Sk5W*`;XS83cPu|TYUQsH@V{MwO9%Ezjy
zN|F7m5>ro+lHhul5`{b~?@N4pr=HCL4Wpl<F%|q~pF8258pBbU%rlA1)+CM_<6vOD
zy?%9NJE|x&$?%BRBCA!n0Ud$dPjnVtEomu@#X_s2vtgTmv`{|#bFy9UEB5an?qx}*
z)N=%d;#V$#qHT1|yqf~p{A0%!E$r$=o)Hrvx;fBklD_p^+4RfOi3<8TZ#J7Js~dcg
zQ{`8^_fk~fC_WP*b*3oeq3N_DW&WPQa<yebg>g#1+~Pn$3cK5jd=(Zcj>0`7@6H0V
zBZrj3T&nBHxY**@OI0SyjvwZ*B2u;myTU5V5qZGIQdX-lv`wJ03V+GHba_BGzKqA~
zRV10l)6^dmiS+t!apes@BB0xm3kD<;0SF2DKob(p^Oa37!b)7)%pu2WIrZ3{v4^(h
zYb)zYN&AP}<s-X?GOpxXrf~mJ)NQIwsZ{W^yqz5&`wwJzdn`(&q6U)K0^4I_TXEWF
z0*^PTCkhoG#gM)vhdV9zgfgvkYMJ8O@Jo!5g=Wch+%Hkmu5?N%Qg0&L#Pe$i#rF?f
zsCNWR#d^*C{r&d#SbxIY6jmXiyGESM1l>mW0>WlIrvaPOvhK^s#|YTMx)x{_=y{`<
zGf?*z3`apuT$Qc{>?KB6(=l;$JJ(H`&01ICOAXYh{2Z!}M|DEk?!h5Zz3VRo;3)4*
zHIy|&dt;1jj7IC6o76|Shy`hm#U~tnzPpBwKD>79AUk8QsN7Txjt!~whxEnLMK^3W
zY5{gx|1zWfi$Akw?~@nGyiy*5k`SW;E6(3TK>Ft64`s)I)At3B#T*Ke)u^$K1VB7?
z;|!}m07=aTLM-B2gWH!#S1HxDTgw(C<>nT&pps5vRr0#AO1y;Z(oI*HMJGCxk{sbP
zN8k)3^<7_V(aoJ~62(jio#aU2F9W1b<Z~wDU%hd$t;e4q6&tnOcQhP<ZSD8;PE;tF
z#o=^K$f_5JvRS;|GB@lF-(c<i)pAWMZ72K_3YPvfBsz<dW*i9(mug_uGDSy3q~5`D
zLD??mcx{vYprdyfVlOJL;2T8hO{ah`<6$;YkucgX6_fH#tlYF`l#$%y+0l||HoB$^
z&>hjLm8F-_5^y?2ac<X2m_4zHC@g7wUF7A}5hzT1kN3SzTa54zS6MD>e%%eSA{MT9
zf~NR8w%^7{N6S@;*X^t(k9*eze7Ja>efpKvA?3Bw5R0B+>lDcFaZg?FyE!hqM9i0I
z!&%KQ;Eh3w!DYh_$UbRn)++MoBxM(_J%#a{wqAjf+qSSodD)wM`lnN|Pt8{TYv25z
zz0-11>u`ojck{(|E;Z8?5rA056j3`DPpPhYg7z^vuIBrUThffz`I@Nfdj1H*-FHAM
z$6{%)PWDjfHbKNrYK;_qNde~Bt6>Ex=Noj4YmlG{k%W=ZrFE*x9+zFGoq55e7LOnP
zd;37Q_^t?JTg>c19czv=TYjNmk<5?|iN<G&B9^mB#WgKheu`oKA#ECKpG(*BGaLTk
zIQsrR?;-B-ROENM42whT^;fTotl;(8m{Tfa2p63au|3C|0&O;$l$!lQjps^@m%(a{
zwIYFK)t(KodQTi0ZOXd35h=S#xpw;arunM6&Fv@a6S#}0bUs1T?K3TL#St)?q>b6l
zgD9L^qX|ONAz-1kmJ8<l(x^-+?xQGwMJx53UAk{bp@q2NUJ`3$+q*Fw_Ze*_&(tMX
z(`6Cq>{FEus_3&0PDl*Qod3}*7o=v}W&_rzlf>F5VuaAbcU7nXDX3CeIjX_V>Ym&{
z^B-LnR}FR>Az^$o{P)aEh*<Y2A>gWJTdKCqGu2LVC2JsB*0Jpek!xYo%(i!gBfv}W
z&`-*a)`@IE&7h`4p4^*Hrja8Wo=v7#$qMQ~W;$MH{_1tIwQdW~X@A*p?f?fY!E<w2
znJ&(tjYK*OnsDr=-vzVkMiVV(^CA_Cm8C2cN)#@>c;z0y@!V;0rZOF9DrC`Zy~BPy
zwRo6X9H+xG&Z&!3hcGas*HJP7an(wQx!V1T;W6>BNSgOba=_x-r@-X^eCyFY5Fa1v
ztUYDh{pRWRi{xdhQl6*U?4jf(e!b&puF2(#g{GUIG^Tr)0j_79NY!~Hi2lVIkcdQ<
zf{kO%dXH>8jNX8i_(?Rq#!D&pxZ@FIi?IpShjCy1M1x~5i&@f|dhfTnpIB>EJ)h(?
z88|{!Ucc7%EFVY15xkq+J`?(`aJ)o@0HRX(<a=z^FzfuH*uyuCAK(12nDF%wkK@YU
zB>E(*(*zXBZZdF&1DrmL-tqV1oX8eCa*J+r1^E?Z?zxik$|$e$9PKp}3c3g1`Oj=G
zOQ~)s6Q2M5MMZqTzgv37Vlt)Lk>KLhLH>JpEHxzly*v`rHx!^E$6q*Y&r&RSFsX@z
z;$gE`7Tw)!B$srNn|E0ZRsG7SiTU{L#isqzH!PVi1@D5t_0cG<ya(D&hO>*E)5MQQ
zy`|KrX|5~YU+(NX6c@7s_M=gT7z)+B<08*rKSZmZFR74A9nuuBAmP)0M`S-5CwfP0
zpJbS&GCBWr3XfyE%LPr{@<(LK*SMCXR@gU-k;eS-QWcejdxbGMM~RSmstw6xA;Ko@
z-Ji>8zxKPLnrVs#=F0`q1_}$gS)B8^{c)+JH0VNC-^IKt+bZZ7%4%iB8E<Z{MX`wd
za4=7ao?+G4^@NUo%Dq}<Zf3N>nr2P5vcB5*Ls=Qm?qsYLqZEpEuCdi9UL{3ui-=cA
z7R8U^Bu+82=|}SF)e119p6-^|dL;39!v0qabHyKFMOwA4g<QFkoi-{n?bc!K>THyU
zw}Ie){>l4<*tjy8>=??D9JI>j0b+(8=JPPT>YN9p-%Zh^R{K+k`{HQF>J*jT(SJh$
zSuEcGkq8iK+Wr7dzPMXmizT3`PGy%L<g`{#y`@q_V4HKOJlt8(nM83Xxd#5JLch~)
zVy7DAT<T<dF5B%$pbZW(g5~;+l8M9`Y*b%SqbPA*_ckP4GxQBJ1@9Pg5uR;+lGzK8
zkw$>L$Ird~GP4zi^m!Q@crOJP!;1a=aFR0NSrK%6WJIOmPZ~8|AB$u!5aMzU+}eWU
zyv<<fuAKf5G~BCVq_Sa`60O1<o*VZyyXnU4Uk!I>khf5xyXkGUlv7l6s0){c>l*za
zwJXYLf7}&+Q}QF<872*uXy}^RpoCt_P0wJYN^HrvuLiOe)4sDf#J91G{&a+dTg!TD
zLhE|ES+FF5p|tx*$nBx|44<^woTdeghr<BJ9}?s@Q1$oCR4@APMUJG8Zu0XCUFMbx
zpR+@<2_E)>`wqA3cAZJ^k|U4~p;i&#Gn=ND-ZJy{PZz_nQC25A29pppS`I0#PeEcN
z8-UTGO@}#^Cut`WPoMFrZWG7_yICeRsQ|in>{T<+g}Z`j1uEL7g~mOv%ZgP>Q}Ikh
z%=m{x+0eu5O^W%2e2R(W8VwqeXsp|bzYO>BCbr_(meZL_Kx9lvNgvN<BKk{wX{F~~
z(6V^+18c4E_sZ_B5S4&SsRsKqLm`TILq}hrOfUKsO^mFV;|?Pc;PfwSFGgyg;LtFS
zuIZ(z$MaXGOg0&zS!HBg4<$M}Rn?|;xxXk!3%u|W>m#%Cs1&$gSZ&mYaZ{vp(PSNk
z&S~#3?4~r9Rmu3EsYQKuq{^-S_(FFX&((3-yy-)$)L6CoG9{yans$Y~N@_COkql>_
zU+SbR*@EcSgi?W0J~i=8vW6v7w<vQF)k1!gmGhU;_;^`W$>hIngJ0z%y9|`F6Me%Q
z{C0rP^ZOVDOE+nR@ao}l3Ekk$C$~JYFVN7WZlFqyDci&=-up$Zey~E5C6hKkTB7Bi
zeK&y!pVcy=Cz`wubYN5X9TTB1m=LQ8y)Vmky$54yG~TJJE5%%+E}um5eH>i_Dp6v<
zzg5Pv{z+*Fy{^qobt?!v2Ib?vOyS^UaZ^1VkWgm>!maO>Tilz<dN7?4K<TYF12ECi
zaXMagVq7kKvd>6L2zhc|)b(a9fT_PMfc>i&;<*q5uw<i>(STIYsj-;uZCH(#35%_^
zf)_MBv0n<~w2tGwaY&;F{KEh)j-PU7^O^qJ(LjeCyD4kTVHMcy=jD5t9*M@^4uGqD
zMQW9sx*7K52Y{p312PzLkZX-cHyo@EO|~zJ;jNITcvMu$pTSDBG*BX|yW9QImcjTS
z#_|uYJq@TSf(EZ=zgld?;l*x8_!s*@c9k5-Gc}R$ur!L}(E{R=vVrkmxkC@Vaa>Sh
z^q)+<ZVL%<Fq_PYf!*;>(2idjIHD&??5;lfZN{(rUQ%qCwyR^|`U)aH{-IoQE($Aw
zTjeAoXb4g?clFZ}kg~8S&H6#Qdp73VS%|9!ly-P3S7|?}2xz`Wsy3-IFYt%Bt_$ya
z2gmlFygPkJW6c)GGo^Dh;?q0M&`&OC%4xes>62rXa`_@3z&a4%Tkmw;^-xePF^Y9W
zX*Z|TQIgsEOfklOlqd4@WO-S|DC0kG_-=FN=6Q;M%Et2#-t?7Eg=DLR*MQo}{|;dc
z%04uo@9>ZN<7(zf9Gsb?^>oV-cf51zrO3Ti=M<tGhR}PPa`FGN1G~$>Gq@`N*;?3v
zfdDg~G6H0QhFfkS&>EPyOE70B-7>WzOhUq#oMu&BSGQ_9e(JcbW!oK&bctaboliS~
zMzE4m%Il90FktO1{2%Yn#2vW~*Lt1Ba|j@x0Xj3~-9xjCiu4e$*_Zj{EX>YNSbKer
z@8AetH>Z^sr~KSQV!!9y=i)#_EhEr&J3!}uJa~;fPzDHWeP6@F-sp==XFXVX9Hrwh
z(&;9^^(Bu(t=S`CzHhn?`NxNQk0JmiM&{@T)akuv829h?87ciBYJ+kzqrU!3U10G7
z4~}v?<MBOp7`NLdsSGcRh}Y#>AfqzJO=m_cD+7W?m5@@l@T4*j=;vgkAj$^EQY$T<
zNZ*7ihCI`zbJ^Rc6B$7e4OLRL0Cc$YRA!4&)ueoAb9<rk%~!e@Y#%F#xsu~_MP&!>
zas0k0=KI%@Zf-0zkEz$1je1wPGPyFBqE++0uVlh<6F--d#A<WRjvj8rz44*xf29Mj
z3td{q?N+E<?YWdnGN4o^&yL|`uB=p4zM$k~wFzPk*JR<9F@L%_PhOqi7TDxk%DuEx
z3}0U1#Uk%_!Z|&cE;cH4b2J>)kysKX^>C_J^@rpQMTV~TtP#v~@8Glc5+B?+k##Qo
zL!m^r<hM_vdSdYwYslvGH%A0^n2h++D#MHfT|>dI+@K4ke`HV&uX1wXebZj-ZDa5i
zb^AAJzapv_C(E$Jw}An#nTdYnNT*Ob&pDdB2}@zCQp>oDGSCSeOFqhJ!DyA40uA*?
z-CLGvB>1|3pLlJFNyDf<V1Tr=!MYZpA&EF>v|uq*q;xiMFij~H_qeu)Hh@j3iB!$M
zc>jmNI<gO&U&v$HQngBvYAWR^n^VB|M%~MMLq446SN3Ad4FJB-5L5VPk#IF%k*7FR
zY=?vC&jKEZI!NB~FTPA)IL$Y@+TDV_%$D(1zK1s7-O4t4_o;>0Bo|Z|7{}u>GTeWI
zzP^-#>4$xQYcVfY|3a|kcSG~#n69en2iP}tl?kJD(tNGld9Y?suWNKT)PWH$yEP$c
zU3<+zda9-*BJte49MtKPTXBkIg%h51dKIvY+asQAHzEbU8|SK+MAL4(G}tlQLs?T%
zwXpL~SXb_qWSK|O&BUEadq3hANapoAT!h%MXQ9t<Y=uU+;<KX2<`_K3QKIS9t4O?j
zVN|7u;bKP=A{EV<WCFTq=+jT!okrYY%^A!VElNYqyxXlgQif%tRh_BT9VY!s0t+7b
zXf$wdEcPrl1@>$!iG)lXf)LHxS((vJ)Qi*9lx$lOmb#Og1al1dW?9uGvIUWcb=JI*
zjmpJtiK204;7~GQtg_nq$e)ug+WpgSDOAC0z4B+*X-x+o!oSv^AKTU}Q=ZHh8csu5
zA0zn5j+$j43ZO0f4<q>b;kaPA1>Ql)Ktz5lfF42jC4$dI;n!5H!Qy-aDO=Cn^>*F9
zmPq0B#P;B(xypg&&G6vh?0J7m!t(WMvY^hZJ9m-!?jV4+FyimOzT!nDQP&CHN$JCF
zX(`zOWVLr%YMXm`Xw|AyIm}YNM*E+0@{y}+=DZrdgfa*7i7avLG}>D&uKOMV?*s8I
ztY`27!fvDWaf;)3)ap2`V+9Hdit^x9Ffv&9q=cuctI=xX5jN3I{ed)<!<w_>jr)i&
zu11^09KDWRkBt6yWJ(zhow^yjR1hLOl327CklPJ4Y1wKV&8W3kU#j%wDW!Rt%Tq~|
z`dj4~F)c4b^E~B<E^G}bindem?dsPH3WaHuCSrCmyj|=>1eNv<!E9v3ft;2duP$}l
zk<neL^_<g03ojx!S{80VwS#UQ5pGpq2bo-d|JZ^JIh@EU3HII#w%E!YY@jNsZLiOP
z8RRD0eLmY!ocjW1)M^9J3{!4IU)cI#&)GB`;aId0h!8f}^Nz6_b0+6{zw|t0Fc?ub
z+-6#RhE|psJn1^KoHZv<Hc+BlxT{3+g2UxQ6?5#zAfdV}a*9^|laKV*542S;?m5tG
zWhQ)vlw?#}scY<MZcLl%qtR(sD2l{BtO;Dy(r;j_JKcmqf`iUxI$4+5crj6urHdwf
zsiZ=HGGuZov%v>0#+=%Uoh!%BiU_|7#a_>b;wc%x=2?y01lYQR>hn*6EJVVq7_4^K
zV7Y|&RO2v_B}+4Eg{H3U1a=uR>#5|t#Nm@0y-P7OJ#DVDGtsmj)&tB8iM7uV^%B=b
zGP|L>i-v`^8y-%N<~SO7a?f3FJTb(&q$f(o`zDKHB<LDQCNh^k{<Vt!v!HyCpNLg8
z<Ak>^2ZKGs$>~v}(AihoDSf>pQ)9o{1**iH*HhYhvl9hyb;u{~wJgG^)VKWakfb5$
zq2cTWnOoc^vs7T9JVu7+>>F|p+mzjWHKaM1wqEu&M=@|%xLm0Tk=1DW@U<k8(CrtI
z`z(ru_DHXWtgs4iTsI|*z~#G-GS^tMbRu()Mn9CYX)%nmI31sE%2=IMfyX*zrfoIV
zUHbYk*Tnn~LgZDqQPN=a?bDMA!ye4K@4g32ct4lpZX_RZZqhe=atA7+o{ODHr`!t=
zI>lE9Q!E-?(nDPnTK0RXU^EpqSPQ36w&hU?I!Hrf`=(Kxma)*ZO}8`_=K(m-A_km&
z0sWlsa_G4zeF@OXSdjIJr++ORoDIX5)_z2Q|2(F6?vWi=wKWe5dq37IRk1{DaMg0w
z*SV{SPSD1B;ai;AmjPIhlMpXoP1YgE1^=^~dvrxt)0+)7+v)nng%Wc|=9YR#59O2~
zolrcOJ8XQ7Nh{XvOtDSbUqfoo{+rDA!_N@P@d90qH$667b=&S>u>{{giN43_9Knmf
zG2@+UrnLd}{#0JU-KIL-+~U;4_0~C(8D6O|vo%ko!*;<kxK&V4Y<D(JH@@gFIEp1w
zW@Uy5@8eB=#ThbDnj`s5oo4mtt~HbImKt*PXFtUM>0It0AW6O&Iaj}okRMp>%}ye0
ztNvCLvl%IpZDe3qXZ&+eWsrAc(a&9YOc8u3UCZnzy}+b+GYzoqmo5w0ZoYW=oX4Y9
zGKqCUl}>xHZ!1>Anq}{eXy4`8L2-7G@qYDH+k+kaxQd!{z_s5YtSqr)+5QEA`WKUt
z7r6>k+58al-SRw{qXXGfb^G*?ms4Ghn5BjmJPePeAojof34sCwr@~2Vxes=0fI;Ie
z^1DZdb}+BYdBI?1vFt}w(W6j74>0tmCU+9TBpu!vd&D>yUkSvyB_j_UZ7#<ZWF$aY
za2bG1VtFrrptytMTrlF&uB+U5KyiEMo0ga0^<H?(<eQBv%)eH^%9cX2)dR<%B7Ljr
zJ<`!C;b=TTc%4<8r2E-Ha&R?r^)$BSQKDj8_ts1`gSCZoZ_%{9ZIGtHO75}IZtFFa
zlRq*vn8W7!^@W{+IjP0!Xngy<2Zs<kzO@mL$CePnAR)MmPh~`>I)TZhi-S&y0(kB2
zq8M@8#p>NOP{-ZghfQ=2Y_uOsS!h41SWlD1$s~|U4fG*CsInkkeMG3Ax)Zw8tcGUT
z9x!8FS=qC*U6C<b=~x&qu_W24zV+2UsHpuwCUiHs6eX_v%+2^0?w?rlUtZwybwoi~
zqB##+y~Dv|px5eoB1T%R&|sU|?(bm2w%`#A;4e^U0{4j~uJbyEvd2ViT99U(xuq&(
zR;|W5<?@%P$yB5(+zSi=g!C<Rd5U_#t!l*8rr%Jh7QD~z`D6BPBXtY)HFBj>mTrN#
zkmf@P%EtUVxHfu8X4B-U-67!6*24|=jGYFM5gT5f?kV#DYT+0o-XP)iZk7X>r%~=#
zwK39`07tjhv9IL7873P=U!HN>L{1$SmR@&4t3zvAujY1MMm2k0K=;k44IxjjXTP}v
z2($OMSyzhy`tx5Y7YT#qswM~T1?Qr}Up9qv9X32z{)l0rAwD^=%rANvJ$R4vUFRrj
z!pVq7lIO6>{dcxI`f8jlnk!9}c_owr++n&&+-=GRQW*4m!V?7w#k087ny;0fqp~NY
z9t!d9w$G%QwT#lRwW@ZqGW<M2z*<#GTkDb6APy_Uw&KX=(R%HEu|_`QhBPREYvEWl
zzvt4G+P7tiTs?@%GVl1FW6=&LZ_ua=TIy-Hz-Ts;RetH%gX-!vz3xzeM!JIy9XQ~D
z&K=m><M#3@$Mvx;!c-OD)muw==v~7N;h?i3WX+U;&1yAc8V;eiPG&K-^57`bP+@m{
z@10;c%e`PU%M<;-Gm1M1{(p=<{y#?V<R={HU!26Rc6#{x{Y!s2_kcdE+b;l(CvBG>
z!uWK|G23R;FfhE@V|-M7b$Kw9pqhD2>+OA1xM2hY&M_e4?EzFkt3D1rAf0rD%aBZg
znl0KWXlR_R^4?J3wZQ1iW@mRiRyiSvaLGR7-rN#~^P{HWll%({$B)GVZ6LALH#o`R
zB<s2WjP%Hh?F#@|$M#ox0XuA1xRM5wd*}@*s0Tv6#e;<hLoIxd-hRJhHj?RIJanbj
z0xEkdUIO!;Ct3|un>_XBn(jS3O_RD69!H*=pNN~yw71`meY?Esu4VInwY43>UM#8p
z^tp2pwnmm(-%9mmSTQ_1uQtZAaE2l}Eg{w^g&+0Rl(A@;)pUhFHo8*PT(wn0zfP@c
zwavoIB}F4e))9=xvSX9+d}`cLRmfGSYzb^2KgZ*VC8T99vp7sRy8fLL+<)c%^dsFJ
zLPSu9OoZ?GS{;alE(KlnF4;(^^i=jKFOOqaY)ogQaCF~1Tq6%3P<wMzWBqY1B}lap
ziH??lwu7UJ$&n_?d9v79Y8T~y`|ZbX#1MjDlRqCsoAap9&RxpkS_bKD7)#^uHf5S=
z`EG%N3bji7v+DY{0Ks{q0cI1V;g#SV3juJP4B1$YO!VaS`D9iTxU(e5<hLU$d)39h
z38*GsJ$2zJOeSHrobCw&KmAy)ewv`<<J6fa6t0zb5k|K(o)^qHZO5>r{-X0fYjM)K
zOamcWx_Lk5o;gZ&LhQhoaD0Q;avaSI=szxQwSS=U5k}CPc5`Xsy5GY~LI498U?MP6
zvz2%O&gY2mzS_76$#y#Oxcr7i$KD(T4pJKZTv&fYdGNFC;Q@kgj$%AHrll3qN_f2#
z>}^j+h=#Ev_B_bT-Az{q3CNtbmSHq5Q=Se-+3x7|JgbW)U}kba0vkiMrdmbo%3iIB
zvaWON6LFwev@w)%w~4gkt6f6~yJHqJWALt*cxir*cOvb8Moq-^gQHjia6THYchYJc
zOO+>b^$)aa%4Y@mhDY<VYHBf2N~Wgd%q5w>4W4lFg^u9s@7Pw0h17=S%3Y(fNN~$q
zA!~zeB0-IsFGH-#P??X(o;GG)8icd?O^r=C?bQkSs+_f+oOKRM@8vdrNRSPD8E{nX
zUA6qc{I`hwxI2O`^9XXf{>M6b*L`VdBj@^ie&(t$7fX~m?g=Zo)Pr#@{q~KflWX;W
zM+B5;xU^pYrSi@4yc=A(P13*ebiCQq-SzZ`Xoy5@^*%WJt7m|1!LTy<eS44{82*^C
z!q!&$aFj!M`Th1d1Ex*dQeF4S6z85#QJ9O;*3p_SKak3&vP&$%!5miZDV)wFq<=EB
z{7-=;3+T%VXT0aXc7!|YL3O%2J5KvGKx<3AZG>C5X!VN3PTOa%+8?b?{B&`rsaT{M
z#>IHVz7(Op`WAb|5v6+1Dg~6P_CYpa;@ko-?_~G4qccuMLfPjm=$lK=j<3K;Vlk!O
zSF#Cje<;-LczIixO|Fg_1d1n>2$RX?bRW}jX4jRM%qiCi;>f6yY=9#Vs2qR6w9mtK
z$Z6EsqPL*E)oO(~BIDT8wH}rI9-d)^lvHWpg`!rcaNtPnXiv}yDi$s1YWmaGFvwTh
z?aSve|2F5`VWbK}u~wNX8i#UaIcCMS<IJ|JrB(ne9y-A7Yf&lc|5Zdd`n4gMzO1zI
zcOu4iqj}$i5{AQKMahe=WUfC|9if6l6U|#Hc6mWT{Qjx$|4P2^B9Gtm5!$fW(-LP%
zql&Y>{=JE-Pl)aWhbShBl@TzTMqHjY5=w}h<!|+XX)?k(P;}65+DDZS=i2|&c&si(
z1qUO6y^u+5lg@G(-YcP0?`u~L7`(c^wP_EEum8HN@RDn68@zC<7M_ECLIb0g{g~2j
z$4MoP+YTvj=$+$icLPT$_o2BHvC{b_D|YbW0o1Qg%|xj|=^Erk!i#ZkW7%<<lnbXT
zY+EI#&wg9A4CT*^njLhbi!NRsoiL8|H=N08I{i@#T)Q7abzboDq~IsY6u-%pOweDM
zqO*);8sd_Wew#6~ew?4178R%MQ7$q9&L6<r*nk(~+mudJ8^80fOVhnLNW0Puc!W;|
zmRU5I<7*air@XcZQG-Z2m(+G_8|2s*iHIKTO4tVK*L5@+jua?Ga^1{U?n9GG$v2IN
zvE0jsPPa!r71^lT3sgCmk9sQXH3m+-q%@dgMnuEPGm9CjVqz3jdZJLMjD||)P&OU`
z{GFAHuT}WAR<=dl;Bgg@Dkv+%^gIcmXN84fzpYzG<>Cc~NGsJ0D`L5_8CV8R-dL+g
z@>n~L!pk^yR=tN+I^)9&4<|!jQgEx+L|sUEOomG(PkOxL|2A_V@-T*fYo<GMKxx15
zxxG;X&yv`GZRGze`9dI%F!iMIQq5nnUmhJGbZk?mvBY0%8LeQ5RJF|u$J)l0Qu;LE
z5}9~=oQ~)DVdVCld-ta&#Fn!vbEU8_Kxm68(mcyn`l#N<b2!`q>f@Z#6-L30d(e&j
z0$ctfoTvu`4iPV$XZK(TDt%zA%BIK0>i~c5sSW)6_K+v&`7T9LuKUThT|Yxtw{yz{
z_r|u}+5YnFS$^iMNmT=2S3Q1g0X9@n;e!?-t?y22qr%Nc#WwKfhDPl+<r8jwYNwR=
z2A4g3FrQLw+fXkG4*Q}L40u>htE!|KjBCk6lSGlG_)U-v8gQ6T>(A0$)chu0e6gh&
z2-;V;2Fed)P6!=_+ZbJTb*W(MTn#{#uWub1Qv+3p4S^DP_sxa3Hv@zDLKUngkiaRv
zyzx3R?^8W!oz^Xe!L8=PbSV3;5aBx4`zjRx2|Vp@ka7XG{%j-cg|LhTmc59%zDJ;j
z8_@`864f?(#|&faE6|joG(dS^iG{_%0qVH@KwMa3fO-F-Bg--Fb;7|;U4`)o-a>}s
z+N5y63r1DSNyVN+m6qKBtYc|J_;+6`@Z7R&cC=T{%}h!m*?r1luEJiQXo9@H`$Kp)
z&%`_-D0!xZX3LZ}7b07jXH6#E-|tp~aaP*AnlK<B7^`lwTizc&AO411;v9}gJEzVP
z7Z(z<<vm(eag|tJ!abroSu#_h<;CL|yV*-D$D~lMJooD6{qP+NHH~tsz)L%*rCLqX
zO5eMTlslAv_bW^Bze9#~R^m{M1e>?#FXxidv)v$xr5DNmE+fox(UjKtjz#Lj1@P%p
zhtnT{@c8s%bx1|vxV{rOLK4bYa^A45S?>^3{<(>E<tGe&45ojJ>5I;o2dxwqVN#2j
z<}($J!Cc1|T}2TV&YM^EK#HGq3YmzFpTDZV0yyhl;9V@7yFk!9)dJM>@~O=EikO%f
z0GUM8ajr|G8>>jz6&L0@JZ>VgDoihUou>|X%t>rEu?yG7Z2O>4HPP(^`fxq|xLR+D
z)xFpW9Urk-!1`Clp5@$Ju5#Le9CPAL9I8EUo3fT~;e>TC4vnR!*MZLJDYnWb7fgG~
zv)?eRlOuW+e}P$f2ef+vAo8iY+k!()yO!<o)fcJU>UeBc)L7cdZ{Ri7Cj@E-u>(ez
z7|@>Wl$GY=Z%-Gv^maVnYvw;?v!KKnNTo}1@~e!PhmAY84g1LJtv8tJJHA*cJ13|f
zj_RJF8@ZMv9>CWSiBI70%)vHEN?dLGaP66$mlyNv2=abJe%f+-@+=DTsuj(`yE!D<
zi|-Wyg5H9tCVVj%-nZOw-bZ^-F}K5WBVcSZ_3IJo)eCdK0W^sKajb*=t|lGoFDTd(
z+xyWty(4Xg`db-f)m9rK?uPTw0eL+y;thBaK_VL#wt1J+HVMcPAx(;XGYuwmZ=RJq
z0ilcC@$`+s#Vxi^&4z-#U5e>{`yW|8#FwW7Hrcg;qIHKAX<}#fjwtS_rUZkfd|hCp
zc75SRjJ?sf9F?ZI8J7*?L4-evMZu|t<cPR%Dn4`H@5wb+%JYp?Z!FQMfuUAW>Nf-9
zh3vaJzW}8jyG@3!-p9n+`QO*0)C;5&4-+l{g}RjJ*bVO0TH8dxW}Tc@Xh1$*(3(SQ
z40?AARGIbXjcGum;{(xG4Azx0zYCDlOaOwb9r1whGGz{zZfafHG06jvmwKnl7mJL_
zj%}BFv0;p=#lGPj>!vzr@K;7-%Lg5V*TeO{lx%;-8x+h5!0!q#g+nX35q;_^{=)(Q
z)1gZiIv0t6B2@^@Q_7oQKby55N?@<3f-;;e18RM&K|lLT4#Pa`bBC6}4ab$7Yk(Yl
z)(5{?t$^}?a+e|dR@GSX(bkCQMa#q8{k~FFz2hNouO3ZK8EEgz_pNtVxCp37$wVsD
zO&hY5SMj{h!o5A}p_h}3dM6BX>?`N0$Z6(g?$>7`er(&369ryBzo9U$RR-N+ZY%~$
zC(ClKhTvUZUb}~Z$4nz>rKz?bxDWTfMq?VGINo%UZU0n}n(aI@=D#XlrZTeU8>tR`
zV$m{J+3?U(frK#rZAc3``y+!X0f`{niRpeW+?9TS;!@I}*1*;Yd{$USu;SsxWAB7M
zpG_Q)uquX?P@@~UIa4Qbezav((y+23oK8@o`$K=)TqxM%-FDz2n6j~HVl`a|h<6{N
z^LB08!Dw+fSRGScLqn7&eSGZs4Zcm`>E0d5-Jp&(9T%Ft<ql=3=UKdpYQD6Uttqi<
zEH6?*o12U)jWxk7-R)DSyNC*cEc}wEHhHveK{E5rEZ8;m(&~)zY@^o^Y5D%y^~KAG
zu#|#1cwExWLhWIN1SUol@&8`BkJS*snKR`t-nXg@1UE+)D=W&$ZTG!aYOAiT{R+~?
zo9<sD220>D1NwOm?+p!|OKC(6MEEJY+~b7_RLA(B)qGgU1j72NyqsL5{K5pfeST03
zJWE`Gs@p}2j=WG8bOUQ%w}Pfkw2{Qx6gcg|OsHK@NVpAbdnvLRX%#4qKJMCX32iCR
zs9qdxm~>uFSDM_Gx)em{Jx-A=o;R5cS#Pkqj${f`#0`*q9bCA+dLVYNGEl5^24I6l
zr)fncWfxPjtMSk(?!nKef#Z)mW46M*FL_s9%91V)y`YgwWQ&zaO?$%`8q=a<Zaz5R
zMIIil1$XZABeyrugO8{R&N1}XTCl!0jL#qal%OJYCD0oh@!S|y!*mat61uax&SGKI
z*_)V(?{@r)Oe<tLo(*hal~(994G}N2=I30?Jx9gK@xw8$>0lr@>I_H-O_am6OvVOw
zdiPL#1YY01S<Yjqhzoa}j5F2Dx>u;#MYFBRRp&Xnd~@;n{K81%5<`)oJNs~L11uhr
zs95Cb)$?vTg>M#;V0S9&O{MAGAvK!oOsJ;MH8N`~z-2jenBDmv?Eqm)B^ch@Oy*=W
z8A~J7m1Uq~vwhar&t#*2CURzYMK*1zy-ii+r>kLV5^^o@pH%73rZ<le0VD-qKn-Z%
z*$*Z6c+^5%5ILg2`H&*LeOE}|Pn|Mpr(*F0S)^2_phFLvAH04K_BcH*1_SOpr8~u>
zm-)+ErQV)tj&Y5xpL}`imdIIVQ01#dggt!jATpAr(^5gho>P783W?q3c6;{#tMqgw
z$>u5cqC_|WnN>Yb&!%@md{^+~dG$!0jmh)#Bccjd$C&<832Xf+b5X@A?ra+w3bRRQ
zZRO=CnvV_n##G(>H}cEb+Aa^Lz5U@%bt?|b3}KqtdVI7Red1JRCRkgd6EI0s;*z4n
z@{qAh%6)J!l%?ci=eL65vU1^x0|6egBTC!Z|Btfwj;H$l|Hn&6X(-u=C@L#kL@Jd{
zwj(2Z9kR0{l#EE(dvhGyu}NiTWUqs=clJ0A-|KnwdcS(V)8}{lz5aQL>v@gG^|&67
z$MqQZ%ZgbIv3+K;7EgxS9aFuJ&8b*vibE=w6pzeIZiX7r;CbJppU1o&Dd`qo$(XFl
z<b;P@4N%80+f;vL=5H9#cCDF9jj~uKGYbhwyL|EURqOi#e*Q=QjVwV_7PTNsH-@Bo
zUv8wu0$XROU5o5z3Mk#~x?j<NN*95KZl9sx*tM`AC`-~rZ^4wXXxJ4%e~qIZ_D$I6
zyCpZjkh;@<es#8ZVg!W8sX1j|zL)8{d<KND63$NxSCy|(58g*v3^6J0^C{a~AgDM{
zCVr`0vqDM92Ib`Wwm&4*`8eH&bbU@T=ople!0_yYf2h;ne6Hhef-bv8%<HG5qS83D
zO<bVhkSIwd$G}yzX*9MwJ}Z)F5vW{3t2!i0SPX}cdCw8?R&5T+eBjE{O(HXOnDAAG
z-^T7?cbfAjnp>n;_p~nmSY4(4@5MvcGmjxs(cIdr){91(_^^uUAAS=;BYU#u$<&N0
z`-;W3>}*eRMYF3WP3Oq_7dqSM4Jy}jPah@nl8S#EQrA)cx(NNqj<mquGUN@)kBR-=
zItzc_5^Y&=nA_NndS1`s&Csakv@D)a3pe@;Snja#BOblORF|HIS>NG;Nk2T|!A%tt
zS)YITS&w<bM)5tNJ4265<L+<#9{&4v6y(G4Nz5OKGh$U?e08h{{@n}fq_NH1E(0cM
z{Q^bc&CRTD^FF6(#*^NPfcuuyH`r*8K*^?5P`=xG-dQ{nB3Yd;!S|Cj+xU817vIbv
zQe4|m3SAk3hEH7<l;=<lJ`+*N^$po|Ggae5yw)!6E6YOnq(oxLcJMtuF?@7Q&TXZr
z^#0>ED@xDlkv`{8A|`vAU*P<Ck8I8IrjH)S;BY?*j?js^tD2eD#ru^8>FMz4gQz{8
zj!<1`f$@DHSYiuq;#KZQmtdR`OboHTG$irnjmCgv<_%QSK<S+R`d7QUMEkdeiwakc
zotb4Ux1SG<$Z3;6CcGZMXYAYHYZy+_z;JYtQQb?b`+qeAh@FnVKLR;SYy`g>pE}s?
zczhCA_;JAN@_0j!JkKZJ{%>bEPRMNEJ5obl!>2vTfW-w~L7Ys~*tfmWFrB2~JTw@d
zRMBCBMT>S340gOb-><iK?la$%;#<PYQ2ds@35=QOvOy(;|LO8a*DDtTyYT+-;JpyV
z0^VcGV?J7g+M8k!{{KJlyLab0#P>gh2K0y6?5wxzbjdvzrcaajulVtQ%hF#_<ttZ6
z?67BQ_`Y|I{<*7veh~!6!}%AZ7N{O#4<W<<GOXx5sC{0pi~z5||Ae#u>>M=Ek2>PH
zK;#G9mHn|MU1$HK)E|@VVj!`rArEUPO2rrY)4%=46g{4tdtIi3U=QYf`ZNkb^+@QC
z7JrT@>JJ#n6K>9xd-Tsg{xPBPP>2&6%ET5OS6-FIm=qFvTp%)cTGhBd&Om$!!~H%1
zV*z}i!5;Qp<?@7oE`3eYAx>gW)6uWb`g@~aJNFx@lkd?3-yk_E<LmhqQTj*tp?BOx
z17V3&{~y~Qq>Vp-G7HnDZF+2(o7-~EIMPG(29Pd_31XN2?@y^2Jkn31f{StkW=~kY
zrr^*67txb`FKpo75Dp`sW(5ut5&!JBM;3`1$~F(lpSeTp30Fxa`+(E(q6~OMDBp%$
zx<4iJFQSX`oDkE@4akxjPrtGDt>P;cFOVj3V7{v}=Is=JpYXceks5n1;S&Lp&2{q`
z`<=nqO9BZ;K+rbJ1k!;o=#Dzj)m_b}qusds&m8~Q=GT`zfQzm~EO0p5=nJ$Nvmby1
zsq#mf)!)Z;d<5+Zd+@4-WXENw*=fMs@XsRE{%8Ka#xjTjKoEY>|MDFiv*0tl(4irs
z^TtV&L+8gM0G+Y!PpIHMMj!agsKHZ2pnp-V^P;&e&7Jqs{(dUDXpTa+I$^L9nY+|J
zfR#zuz%G0f9Puar`xG?+$<LY3MKWG|1u?$|$qD*CAEJ=VzmLOn1oTRTI;}&^jSmsR
z`~Hy{)U#GH;X^dZuO$W%LyMA<l4Lb}!Z4+a`bLPO29YOQ$e~2|bs8!l@`b+Fc{&$!
z*8D!yQZy7y&yeb7H|}45oL1<&Yd3MzBj7WbVTTs<iRp!oM&H!i;lF=Egp*Sy$@>sb
zouIK0>6!BKL@f+V=xt7uLVXa*eMG-<USAv>t#3N=_q`L1w*X_S_4No#H5>?+gma>~
zr%zucgLqNgR}^@g3_$+&^$8hf#iWM;VspbqW~zd<4a9&&=?(Du%iL3jJXj6J_ad(5
zDnY;eMIHHe+%6G2;dMIVNd6FzyuFnY3rK$QgD3zKOECiFb|n&e5#ZJ2gtJM?2!`uy
zEFtS;6ZuZvru`*W_ow0VmjOq};PqFzck?SR#;v;&8vk}Y>FEGv8Tuy2Dw5@(BSFmy
zxQWo&l!_96Hs%FP*X|m7=wyqA_=9c1eiU4zax+6jFh1dq)8-;0JAMO*2O3QJQzbY&
zAb6GkElF=3*bEQJIi6etU_1T`ddHxx6U4W++m}p}>u+era?>bfkp9b*@$HZ>U}L);
zEIdiaX-@3Q)aeebli(h`c@4_Zk6fWEQ&}=;Bv0=Zup3j~^AAQu^1yGv2MZ<ozNWTB
z8BioXx+iiGoPG~CEJg}crOqeN4i-0$OT;w-$NFwQU!Q9&tx(hG<@*oNa8m_`+U8L9
z4<A@UUx`enPKxju|0FRPNw}Y7LH4RUlHYVl@5qXA5`dBHD6=ygOv=o>(QlFMYpc+{
zGE?|qc!>1cjT>AX#XS6r9h>6;b}m7fu;EpoQ?yKTU;P+CaZ<BzJC6p~L#CVg|KT|g
zCx)Bx+HKTq9BLQ#_BDEq>3?XGm`lx{63q?R^8WY}Vyf{sqJ5rlZN_%n5tjBYUc#c1
zC~jwa&3<d^3XqM;rPDs@1$Py3EdwCv*S{~j+-|RYB*%E>LcdxB@nl<DJ$pwQp{$OW
zNk$=jke#n7Ly@VuhfPCwgl5MFmU^1*v2HDlOj;HB<a%=$M@Y=1!3T3Dvva-mYHN!I
z)z-Bq)hmpj@<k;tULdl)d2grvd-vk|$+jpKv)(L;gsw1k&(QsRCe$p0JYAcdL$%Un
z_Z1`3xmn$wx5q2pPg4qrm)S0uy1#VcG)pZRiBeyB{*kc6oe*FAUx^xI0M3Rw;YC$f
zpiuu~;rM!Odtm7Jv2={*aUx+n_C@*G%~>@6`?_=H_iHF6uik%kx_HspfyS@uM4a1s
z$rvR(4_hMJ`7Q~<Q<TQKD8As6q^fonu@&*bt(06Xh#mujq=!<?m6wi#?6&u0hygKd
z=LT;q{PE+W2UA1++TxCmj*0X0ZAU%gJ<ZxzZc*yKG)WYRjoZG`M_B2;KHsh36czSx
zjUa}+ZnY^J4XPctX7W=+wfesA_3N-35dLHDi5|Q1LMLi4<c*FW_#f3HGw9GT$kIo7
zE=+Z%sc**lk|505Z8h&PWwK1~F+G%5Q1u$_YE(mS%=b4h-Vh@m+);bBv7$$VCn-u%
z#T$y$T6!!AiVniujuG}<wj3&{DZARbzNMVSMte(vdSN0*#rd(&*;2#UtV-O(8+YpR
zBJpR(wj<;`;XxQxqt!u^_+_<x_@K(S5m^X;*P~9k9FzV1=E=)e`>b9CVs!rquGb9U
zXb;7%10DD!w`IX4i5EI+!OTH2H5&yd;+k6V0x_BF=P(;{MpHzd@No{ZBck+dc(N{!
zRT~tU<+yZfQH4#fK9s61iF6<wEH%)(r8fEt14U1jWrR)66Wu5wWQ#L&V2lx-^@OKx
z=GZ@srZpULTN<uxeqF@v{{a3W=Fy^vQmJFX*IgGMyO1YDq+i!HFiqG3l2%GruU|r)
z{v;52HqN0Si|xnxTg9sZJ&;Bcixm|)fhxP1s*>%zF(2wpOn&7y|LntRn<@5<t;lYK
zt6p<vt$A2B+Fz($g)=N3lyVkvb^&B3gMoCR6;UQnB+W}y(Wft&{&H*@sP~tgk@me*
z-^JLLb`_Ygy?dyEIXC4wB}C|C9a%zPH;0O@fk8@^R#8Weqe)LzM7ltGDqO<^or*j+
z?9ebN6J^ku8j$}K>omgkbn$C4_DpT9!jqwI_V+1#c`b}w6tZ1+HVRbY7@YOLee&id
z52U?cbOeU7^__mw=`>hmW=W-_tkS<4*>Eo%B<Xf^tErg6N_9)O2gTn2zsLsd01Zng
zQ+`UOWDin9gZZ;`oh1z#^9cRZexXOkwu;xRXK3x77$$2~Atxd;Q_^w+HW(4wTe}0E
z9PG`Mb5M%N%Ymt5qPGlsR+BHT@4%nd<vRCT%t_jO_E`rhx1Vxeqtkjr1J&6!*LOPi
zE<~-Stv;{cpiQ*V+BCvEc$X>@)zr6)84#H%Nt26tm)kaTae6SPIwmCB{|y7T(bs3%
zu6G8*=Ze3m^_$+%E|#5aZFC#@Dcz>6*87&@HIKca_5Qj_&Zb|hrl1sy-gom;Ul)eD
zF^{>qITU=K(iBz{b3~XQr*$ubJH`1)g|VVGZy=Ktr&>3L5ra;5>@VFKC|;tUwGjSh
z!xyqw?p%#Zx!$m<IJneP`RYOh<qFun{I*d5$=)|Y=d>@ghWYH9EGX;RnAE<gjePSa
zIk~V)WX{l?6VYR1(H?YpV>^EHned{FU=Mp8muj5w#9UL0WoUPv<LHWs^kS=Kxwx5)
zW`?sv%h;q>bI5#w{9;^V-AB&<DBvSU&w(S;iU$lVasf_r8=)oR(~wTnKQSJngIK)Z
zeL5~xo%>E$0L^ag*P8pUB<llX%&TS;(|XRwDMeH14=tGt@l+>sc7uwL>w|N-&zr?^
zX>XanCwr}YGny|2C7y&g`ud&1AR8Gm7C%cGbI1G(Q9;8{jU@>0-e~G=ycidrcq0f1
z@pnNZ)QrzL!taa}x8Afj9H@E|&G;w)rCYFZANhP}*B(1-IT=o>WS8f#SK+uAgzd7L
z`;_-4iY7py&t%E(=&-btc`JqXR@JrkZ?6kpzB*ITAI7T1S{Y!FRF)JVcVn1UtMH~<
zF*bH)OVi-Sg>-|GG6vcAp=_F_1SHjCcbm-mfqum(n>l8rIB7~u{d{rvrD^FkhY8y}
z_t?A(>oyB>WVe-~=ZBMCv5;eio_-;z+*7{YrecaN3kaY?tmkNy*R45NT$4FXD>Bqm
zF#MW~O@mDRvD+tRI%cE>`tjQlOZTWp1anlKsZ1?&YdS%z6m{#Qh5Hf1?waN7AR}~9
zL^-*0uIf=+tbOmUqm8R}@(I{*QP_-8`?66-c9j~BVO$<+I;*Xvz<tS2y0uC9Z2HG3
ztseRBGC6Qp$7y04HfP0D?Af_(_1@jy5yAqamX)Fsj&Y1C_iDbT$&5JWU3k^AsZFl%
zVZSvh#FX&|M|JaW!xXC(n^F$!>l4u&hHj1)8imH!lQ#S7X;E<>K18)(&0ztqja3&u
zVYvbFGU0Dln+&*@6mwt3-5YF#Mh;kJ{Di<=gz8dNLhiKLm&nD3h2PfHBiVzyo$gVv
z@?JepU{@o@)(ajBz5q8B6Vlx39*eY}@3VMN4$h-`GY_-wOo?*4ROsw|08O%g^w{wM
zZ+ZSyV3@sz?HDVlEN3KE-0O;Lj8YoEl;D@`Jhq*!t^JhEtSB}xMv(ekaY{?<^zQSy
zCVe4ejA@IYevVG&r(GVs{^_iU3f*l`rIi(biDTzhP0zY(RGzq|C3zqX&2quZykX_X
zY9X-n*=D@uMizmE{z?sdn&5}t%OHnD-HfFu+D5|L=egNL{8;ZwQr$c$saf}qamcwl
z@9)m>!TkyBgUyCZ5YdKWT`hS_W#<YjU|-hfm1#Hom9xkVozU>%ipDx_TMSm@gJu6T
zXCirKB+q0*S-W{haz>>a+AhX;?^ezI=0(2U?$dcEmtfg_731G$(G`tr1`p9c@_Irf
z6cFZQQ9K#XmW<$WSy~Qp);7Hp$~6hrHU>rO#iiPr4N74;2m?D=fo8n`y(r{`wOxWr
zH_t$p2CV9!3i0=j{Kt6~)9WcVNRxupjjN3O?z}JKbZ81)vc8|<_YA!A*$|#*g;_L;
zQw4@rfz}b*w5Z~;h04I_Ae#LjQbBvKmUorD<$tZ<8DHc!JzCNKJf%JC+1h4+loN+i
z^VZg!(B583TkiV9_dSlC88*ywY<K4xiZNk(BJC94-hAEdP2QX$YYx*OHZIp&q9f~H
zzcqjRX^G9OR&vKwf>S)@&1XTbhSQZz>g^kgoxLI&UCs5g%82Cs7asOi>6>`#x}!4Q
zPWx+t9`JwVmB$x+>N1@{cTx8O!fv(6G?Qzb?O7)lQJ07*n0&%&f`RUzJ+Dqmj-ryj
z^agj$5Z%GgzuuQQ*Yf=C*Y#%@)It@*4`W7Drg1X66thgUyxHA?5UZC0#trfsEge^-
z^tba<vL!JY?2j>PNb<Nbw!uucn~!SAg}d>3<Qi<rdS2<!81ADJHx@O^^*^P>l{~$Q
zT?=$vPJG~u-ch0W_CQbbz4CWCib&-kIa{|7zIWp~lnZBhdLm-VZHths+NiH@ItDg_
zABsPA@QduSe#G|tM~G@}_n4^!;!_-xrdRJWV(^iSo2OaDD34v!ICZF!7O_$hgQ6Li
z<w-#|yO&wS{gJz3EyI%o)1|#vi{rc<+E<42O5hGMX$*Z%+FR{=h?G!LUZpk4r&$GE
z)N&ys>p*th@F&Y0e)+_)a!=|}sH^%g>zYw>lZv-l(Mm6m(FVoCLXP6WjNNagnZ4On
z(&sqRjc)XrN;huQ)s|}IkSbPCBzN>~-M-tV-9E=$b!W!ytkZtCP4<*l$Vn9`a*j84
zceO*W(FhA}pyhH;!$edZeQ561$2~1TshOxpoU0i8Qj#&98v5M{JIk9__gqXZx0mtL
zwN-^z!_5?wEE7QCe~CO@upe>zPIvi>;W6IYk?OU*q_(r0ry}86eUCYNqAE6XtXC7;
zDsI{6ZgRNpO*bFe!H9=c`M>Ab<RDXA_hy#?*~Yv#qT4vhzmZuj&Y`!ugbQVuxV&Mq
zbC!Ir35KOss?}W;qlxT8-5<((GY4YMx-z9ZoFZFYug%|@dUko_4kF<v#lIIfdaa<-
zlKM3ar&W~&X5KZsnYx`V4zAu`kcklBETYJ+51?Tl*=coHp#F4h6D!zN!vL<BK7tA9
z2QJ)qqz$P$QCS8>?|%AKrY}E;X%=77jX{{bwtAIC>>SBc7X{0G9s)y=MQj;HcA=kD
z#7`r&(V3<f`^6erVl!A&$)aZ^?`kr<>US^x7!jz0=*cim$y`iimfOkddB&TK^sAXJ
z9({rkjTHK1tc`T-YHF-qQl`kA9q4O8D6<5x)Oqi5zN_>^j(C=+$}5D`nSP&;86I2i
z(Pke>=X_{>Qzgw5D|~&i-l2WjnZU2~;k7OS_vJ=)O$5op7wIr&V@K7uo7}WDJ#5oU
z11TKl(*C{^*&+c}0y^zF7`v)cx86F<>g)=`a4wT~MeTM5>zyp&h;W2ONI@_cnR!fK
zyhSONHJ+Qyyy(fRGqvgz=Cu33egeERU3$uCU-_;KQlGT)*|_W8)(O<zW>D7gvha@a
zPaWqtl?3Z-tL`QI#W!!P&4OpLBx8aQam&5p?W<D@?o4fR%sh)76s`Vt>CXN2-H6L{
zJZmqR?i8;r?tB|l{JN?tjQ?D*YNWa_XVF2C0hBEC$=%s&5MsqdeRiyq_k)q8t!t&X
zi3ezBOKA6fOTK(!EnK9YC&${lE$?2n`@qqa<Nq>1yo&!oy!c6(ToB63a>1036nvI_
zP-v%%B!52F!arWnW|}iW@RSng)V*tX)&O@0p@-vbGxcRk2^V>FU9h~2AhyN$(^yi>
zb;->7&t%lI+vs#%UHJL#Jf^$tQ~N}xT=CEJ!P4{QMM(YYF?&Y&qZMx*SwQLBWL4hL
zB5l)eT!!-kgAb|+ru1FqCe+jx5ThwS5KML~8Ge;zA9L`k%jEsF#T{I2Jdu|+ZFmtD
z2Hp9OIwe={ef;4~ynw=tkwsTz3!|;DYjrw3-e$#pS@oWQBZE~ZFA@jb)HL`Jni}aD
zx@pEtTVp@JwQQJIrG76g&J>-cTft-`ya4Y!amkleg10KU>|Bph@A?vwAH5)ruaVOi
zzmOqhO~zc2@p5J#WG8gm`$n_W@J(;8wpL4L({Uio&3o<kl^w7*_^vu#ZWQ9!#UG5H
zDBv`-jIj$CiQ-4YDaw0Gqa1AR3Y!4*#+IRK8jYMYP8@WVo0qbBek^ksTs7kd<XG9Y
zooe%KUUvOvHl(gISI~gnv)(?ry*E)e>c*eK*f(3Cj$9S8n>Ej&Q&r8E3#hOB^jyt~
z<0`Kg#wdT;`d2Uox?A~*cCneSKXHE0r=JMV-1ht$hx3x2;c~uq;EOULeMaol|N1F{
zQ^a90>$*V6nM`pqj)x_Bt>^^yFPR$p%-N0<<zwjevizM4KX=osndE|OFrHrFyw9_t
z@|rJAGo^B^h~Gx?hk3%)ux<J^{k7+mhzDgv$ZH3R1D)BTN!5dH<VY)qFF2zWP2Fu<
zO@?$erRCm7>mY0tr?gxYRNv~gNF9sZWwncGh_5GAf0p?{seEIB$FJzh>PghydP}5V
zK)F1{OSM7ynzE)ZH-{C9YKfManDQL^FF!sB8_pTF#n<3>BV#dYi&RDkE)gGdTWvdW
z$<%Rz0?|!VUy?mntukgZ|8p3jVC6gih0yisgH^=brkDg8VB9|n@QpA%HTVRaMcg4h
zS75twymY^Z*DdE2-klmg<89lzh-;QX%gmYFAFzu<<zZ~mFA%-=9c<dV%r?1g<Wz_a
z?Us=}X{MS~ai3=0gQkoUF{&=wW7QP1*k++Ko8{MmDEZKfi7)fNWUSjaTlviQM00M9
z*O~UN9Bp@@<6ZC-*lNd{-g3$NrS5`fT>cYJ_eci;CuHnVJKsDz+OuYt9%$y)e&WlD
z5EI5l8iLMyn4d(&MNp>AQgflZ5Ds)R-Q~q>lVp|A<!Zw5y8dstmNOdEMos(&RSdu7
zWCLSqjQmnjELiE&jXMpVHk$KmC2=~TlBN2N(K^AbZ-rD;F<Ms2&B^(%V~K&SII_g;
zzigHj;!y|B_4`0M(pq<#Mt`Q`>Iv_;_=&N>`?*LVA7nw9O3u+)Vfqj6LFom85@oT+
zRMs<lekjH`ZESNGqxk*Y!`S%Ek+QnDB~N(!^6^{8cfPW7b3_?;gc<ArSA^yjvx`3g
z^uIW`-Om&AQ?H0>*L@2k=W)y6_wL`PZ)+1<9T`-uUI08B=sPxg+V6Yos}a95rziGi
z>e`rb&ZPr8#~M6hV3AOITUMkj@)4<TzVAjaD{X5r_)e|Qhx=_h0ZzIpTnT#Xi99J|
zYJkZ2^raw5??->eM4Zj5ELRn&#;s%(a>jsiB|8m-$y^T`(?bKt(^A6#uAomK)amvJ
z{$MU<iCmx)WbWf1FKT*HWcoo@GQ4ZSNN~}fRAu}Yi6I6nll3v1$uM53=aaop9fK_E
z>j^&{n)lVPhzt#5yQ5FK${Ju%2)j}#L1vzZmM;Ec4!0p~<M!}zt}=@onFKGJdWD(_
zNH@@zX#1d*L!D!@H&j}8uk1no{DxW-9}<3B`%W)<*}FTSc$lIXK4_|ksiQkPS6=Q$
zdO~HJwa>?DA8ED={lK|Lzbd|TYix6H#Hpcu%2}JVO^cxKMBPH3(^dJS4&QejJDP}4
z=rV_#^-uDB*t09U(meZfKgPV8b~Z?Y76Iq7ZzgImk)yIN)n5iVI|)N~&|BO8xN#uA
zw=BJ+C-U8E3M0Fb;;L0mY>@uqJGc+Y9&q^rHuaJaBRgPIK@XP;=0%$+Oo7NU5haHP
zQ+Q`Wi5lVQOS;EV&uZ}0D@_fMcb&!*nP4|%>aS*MJn!=9D9TlKa0O1O%<g)9&b3dA
z?uNvz7;3AE3}52n*0MPy?+ex?%3@1_1!s!r;s~2>6%YJoDNzq!$BMvBzqZ)#J_E8P
z^m`l?@$y!3Vp^3z{B^~!hGjda>Q}sOmN6C@Q(>^|Vw1t1MM-`_tJH~3QgcLGHSB0x
z<aX(t(|m#Vt+%i^raQ!D#qHW7p0A4Imh(#VUiuC`OZ;p&_U6eFX-2YGUTCF(a)ZKU
z=}w>1bvLXGWe{SP!|{U_dxlPXvz?##{4qJC=A>3Cs@U1<_d?=QblO+$wrW$3o$aU!
zRVLObD%8AbneA&LDB8taU8VNJ%c62}y<~WVw+-MY>&p0`_rJ!*Vfw?G&&TYm8IhV_
zSiv@*Zp2zhs^%(FG-#ID27@vp*b>RkyVxrELL1AAmagBEeSOa&Ibx>WT&Z$g&;#KV
zVLs3HZBPBru9<owJAS@F1<JC2fx(GuP+}Y5?zpg<)lZt0G}4o{M`I4E97>r-7e7OK
z!BdrqJ@~`Dx3QJUawApb4Hcy}$$dm9S|K}>mALZ9bp(Ia*Rmorv!m-L@n+QeGHc)J
zDI*lx&QP#$1qXGcn5k0f{3tMa^A=8Jzt64yjGgLM2Ya}Rib~TdM)OHQ?{9931?h;;
z9@CaIl_Ks`nUGe)%O&Mjhzyf%kUUs6U}-L!+pS01vWq60>d>fdeb*6;N{<_ziP4TI
zu|2J~>o#VM>57?dc$_rftK==Fs&a?>dK@qtr(}@eGUPd%SP{!8<JN0gMRaMP+O-?j
z{yIfjS(yv{S~lYfZ5(Vevnb&tB8r7n<K^Ja*WI4*xW;!5t+RgYJD;Rb3hk>DYda^n
zvTrU{L(YLOGL|NlLeep}OH~}!E`fLKe{_vA_YtyLvb6q`qa16?ol)bY*w9&s?4FE8
zcN1Ap)+XF4U{f?m;?T{|LHLiMU%f)_OUK3;Ozw5xXv9kGyZ552d$P2Y=U}XBn6TIe
zU}G4h&UeVnPUubgb5tTP>|nXk%OU@Ubi_W0ULepA?$!Fnr>cuY(co+_LE?kV^&oCM
zS+B4BH9d2JHZggL@^e&VKhCSS-ndCN!DFA6`rzSvwFy0MA^mCj>x+FEf^DC?RVoU!
zUG{8ehi(~mm%H?Hsh8>J$z?~D?@;mw3Oj8S3XQS7uuUT!w{>nxZp%t}ZDDq@eBU%U
zORt>=-gKcqKc&fn88f!C<kgy)*+kuM_qf6+N6UT$*kGn=0^JSa-@|SW(D8inAAF68
zj84x~@i9nxH0bRHQsbjc2`J+#JdtrMgOI~R?F~#;`^szg>-6cP7i@R$`<&(uoq>P3
z*3H%Y#X+gJX?VQor^;h};Qt!_e7?{nplQQR;!!TGd238nc!CLPX5Wc4ts^QrJ_%#!
zYSH?=E^_K-9RAs<tD-q6CQN72VCb}W(J6hbtMA0QHqjYfDUME26xvRab1I4qOZXc)
zMDCuk)$zS@L6^O(_U-aKi|E`qwx^rV?{okg8(0C38dg5;pD5jZWa{6nFX~NZI##87
zSL_i!+q7(nSNS32UzD=gOF`X5R#HVdq0onI8{byf+jHlX>QPlHS?rfv!kT$lEmat<
z&r;XZe8RGj)}V5HC5F%?l`2Q=YgZ=t9_GDSkqQe}o2wgpkvd$7QClK$dctPj{QxD>
z%UhSXc}ulnvyD2$g99g3fnf*K-iZ_GI^|Y+DULOzlJ?<Y^A1aaUg)HWghXVjFDdgt
z+mqe9xyUmP-rjI_LmK#jp8RUcL*t2LM>$d`jaixb_iqu%SY9fAK7-~Td982e%4)>>
zwpa2#8)F!|rs*t4v7a+Fg(|v6@Uq-0Mtyq5Ev$<muFkD1c`W@J2Sw5CbtX-nthFy<
z-L+dC`CR4kSq8Q>>S#tjUJD=P24&U2$RBL?ZMFNbo3M)+YRNwmd#U9JnxEfQp%988
z2r5f@0)YF?hYK6o-vMRT`sPlVS~kOb_V=0P-)}0mZ&Wgr!}u~k<ZdV{29y=ks75{f
zva!;B8x%D(XUON+G(^j@q&p1Kkg7IkG@Fr;R9sIVRZ4nG^>eA${YAi1x@*TW;##?5
zr=i}AiS7V3e|b}V?eh)NQ=Xx!BBsi-GB-X>H<On&WLqRxN=(J63Ty^y=g?_J=kO43
zz>FyLtkSZ-@y;|K?@R;ELCu)O*vBL6!QdH&()7faFwfG`>7A%)#kLQ_baof-DgfLW
zeXl&CUNigpzy&@xc)qiB5USApKzelS1L;A{t)XXRHc)EwDnL6cv3z)cUGUkayYM0;
zJ#y9!BLQ!v!pp5=TCgUg!|lh*+U8O|s$0&vRfbIy%MD)ulGD-6NppG5F178fYlhfT
zDQ%0N?&4lb{o3|9cUOKdj4B9&6d3l5NHvGCec;rq_w}Ls>61t)U>sCb)??&Zbvv!P
zrE9%{zZDsE7C4q{u~WZ=YUyuzOtwTtjCAn!>b?sbH6}SoA)?XWkUz*W=wJ$xAs#Ff
zRDAj)xivyq=qVqW`_6*qZjW?XL&jpz*aJRG0xe?kCAVTEJGqd(WXmU&<~8n6I<)`9
zqr`C|@BU^r&vb$4YbN{3;%fyZ#0C4*$7J>JG9SFtmb{`i_uOu%@!d#C$b{UKTI#}_
zfZb#5+Ph?Rwt2-|ttnYyO9Mq_`oI+8Et|yGAk%eN8YU}fKn6FuNbv04#7~p1&jH~_
zbG!Z_)|y)mWAX_~+h6<~?lzZGMrX&AiC~|sIX%#;UKubd%C-wt9lpJN<+*Wn1w%+L
ztbK6G9FAD;7bhitqOJ1n{j}5BaxDE6hyNUN!}E&G<JC?Ij&1_YrqwI6J{5`}92FF&
zgE$Ud9QnIlpZeeFM(wU-I2>{P-gwpSYBoo#F|~PxUix&#_29ICo0zznRYd}4vf+>v
zv8k%dL)E}4;mCxKsH}REVi!_2Q@{m1oiJ9`a6kU?{RI)MtNvJTWLQlq<>SGtmj1e7
zkF?)}>$4IoxSp%){?KIPioT;bL*w{c3dff$3{P-i?LxAF-|Tuea<bUSvG(EW5A&9w
zyBU)&O?076wDOI9Zt)BsXZ_}j#)}YW*xB8-Y>oCxQXnQSDwLnQDZ?JC`3Z0G1$+LC
zX9BEXHZe}ByoF)Zbj(d&lO)sZi41Xo)IGGSYDaBvHq%DdNjg|HKbuyeyh^s(ceFvV
z^7CmuU9!w0lkeDXWEQ2KWL^&CWtZ#2s-9Cs&zsIyJpazuztvr--wVQb&gdRqR;F&4
zxp&@+jMp~n(>ruMMohqpTO%#a&DQej-9mLwJs9(v{gf}oS<|D&*UDoNay;_+XX;~J
zDF7q4>Bj><)6#s~`fg82q&JTv^7GKL(j9K9YJ>)|)M<mOXS@#9qA9c({w9W6=<)U!
zjpOCF?>4=qt<E9)s;Oz`%Jhagix^XhS>p^f>DEo^NpkJADe8N2$Moq`*zEb+1BINN
zuVtbQWf~`|wb2ptiotisVCAdvn-vpvZ_K5l5wp^>vMLV=f?_9Af>n@j%u&zHR`m@&
z3xv*W6VL55+Maqk<i36>DY0mCN6~C%#crY}sW$f<h`H}R$uz5e8QNw$4`cUVJ`UH`
zq%-T7N+}bz*NwIb%c}2cvi4oxBZ&j1ZfcvH@aBN_(yBHlb6B9u%o~Fy8`%ezoC3>O
z!u?m>Tj){Rv?{R_tBFd9w!tHMcQrt8vh}W=RhCNOL><DH-y~M{VWFjYHfMlM_GSn0
zFFr5u%GVs(Y?CLvd-XrsBmO9<{5h2B+w93=y>(auO=j6cEtIaEbfFBWc5F+#1Labw
z_3g9~Zycn4g%Xu`f6jfvV3ZMMqKd$iuwe|%oJRCe&X(~HN8VhJ<i6J4RXEbIrWbZD
z%Jy6bn@F#+a@CqP=CP6z+fKSTs<R}r)u71^18r+xCT}s5rfqL&;pf*SZYtmU$It2S
z+Ml7S(aJe$cM{2QVwzGx=5BM^fNZ`?Sy0aI`hd)p4knhkv-L_JDRr~zmGs+_H;=eB
zewKT7azI<SSMXK0aF*1KplQDorB(Jt*n7h6_KQ)D6yw_odc9#TYX%9@i!?wStj0AO
z0V6FLo!c}nwckDXvQD=<Ik9q&{CeU0W=z<M!V-zb222@~*FizOR<`1k__H~zvC5^~
z-H?m038y}B$yC=!rUz2gU=&5~GTE5cRJRF*#${;-r5+<@M~0VA?XD=Rz=ONZZu}@%
zLB9fdh8jh=a9k3S7y~Sy^kmn{tKaPF(=xd&!V)lZB7EQ|^0~=gCtr=v6Pg8kA=GS9
zP1*BwO`gp(=J-)EpXPwUZSU17ie&i<glA_#R)QyKLpPS?x!lX{k63QXJCgq<r93$|
z4PN3|mhMsuW!1bYv{`kbzpJ9JH_d^6gnerQgs6*IwaPm9?+BTJ^fTnfJ8vBg8?B#E
z<nsuAz8HvZN$F&u=t1HT`M3$oYgt6McAixPlD&t9s#gYth>0pkOdV4>{kzx8>yEQ4
zA;#Nla7jq7McEg%Jp?K5Jzb2uESh}sKVgfYV|b0gbw(0pT6NL3G(Ji+_dzb(^a<%H
z$ZdFm8l)}U6VhAbj{>Oy1rlLpv`6h6qSz=FZe%6TI-%EJ$w3`uoNt)KvUH2+v(Rm}
znFpt6{ik=5OCI{{!Ijy8iY*jcZPbP`xHL8!L+%?;6Gus~9yz&F=u8T{N~g^{PG^UO
zf$OVNEr>9Y_G|z84}MEJ6NTf+0PI~Y;WA0RvC^g}P!Y)3tdbQ9qGJ8%jLFrW8hc!Z
zEtL3n;R!=;EX_P9O#u01tRx_t4^Jucw_7rx=x_4+9&@~|dHoOjj{FBU8k;@v!ITPJ
zJ?SjF)2Wed6H^6z(3!h>6=a&llKtv33uKzLP{VFOd4C5s-+vD9KS^Xk2T5esKRQgH
z1$%=9qvYEzV*mb05G}~rVN4F*V_~ByU>174icn#`Pzdj3uNHi02@NCW^($S6ff3|y
z|MwbxpGFXrbW4tEoIGBS`!&5j==k!n6v6*&&L49okcCpWQ6JN8qM^)0c{MP5;yIUZ
z8h`(!AEf$$Y@CH#zp|M}FTc>4^Qd9^8%4mF;=kp2hx#2<QCNedaX#j7lLJ-w`!fES
zq-YJ;K(@T8lQk%vR90Fj@ln1HnjdEOoAcl2_mmW5D{Cll-J`~p1v`K8iF&(!D<K|U
zZol0pyaOHf_!`n@o8Pr6F??HjT%v#PiX<K6EP^y<bb;4J9NkHv)6p)kaPF^*^&q?p
zrLc0E(|qAEB!NCU`3j`4evf8xI{9zV`ky8KVk3GAC<hZ{;7}C!^Brs*$UWrq@jU&1
z%<U#1#iKq)(Nh}i$8pUXP8?<Kn@r}U#<Bn5gL!yfZbxaBd(N1J(}Kc{aGnfeoSc~j
zc~%<C3|xR?|H5FeuR!_B2jR@%=#5j<prPpE34t2E%(Ea{FYUqKr@AdeKRZ`PgxVIq
zGeZj~=RpY4e9sOOI^3fo`8y%O3lUWo{!-&FNMHZJ%_#^Z6yJH?ne@Qo??auA6Yc5^
z$jgOq*+id%G-U$|-edQlliiK+e-v~6y9p~V4!&x6DIrb)(I4{C(^Whc?DZ%68$Di#
z-oQ=J8-Am}>-I11fF^kVn8bs>&=7C~HIYYp4h^VB6J_H13>{_pYxs$KqipY2#qRu*
zI`-!Y2T6-yS?A1ccsq>`;zF#@P!WWGABbK)1o{R5E7^$rqfDeBva^n*IQ^Y~1Ym2R
zy&~W@n7Ik<)h8yB_2ZUL<Ak05URpr!g7;XPzwWB_mdzXLgW%H%XnrB_-~W#d7C--b
zr;L*v^&f7+o_oFXvUsndlk4wXv3rGN-A<3yeAPy)g9Tc~X;3>rS8;md3)juRuZjv9
zDi7Aj*WnJpxi<70a^v4Tz<N=1H6|7SHhy{Kqif0CSQSEo!%q$PExq2aCDtjv@;qQi
z+!DE;KKwsw22MvD>>JI>yrDVt)k+XFTgT^;(+8QDhn+VMr>oE!@duq^+<4AFV>>}C
z5-?14kVk)*tUQAMjub4>%0$AKK<w1u_^MYDZjvPDaV+^socHgXLVfBNOX{R@9fM?t
zJS8;VY3tC)LJJn8)7jwA%HtB9_OvM`k7+c}t(h(PHhQJznu2mD))>a}8~g+&KKXy|
z-dgg2qi)4m@EqjrfCFjBbu5zdDGD9_GI@RUTSxliq-14)P5kJ_lx%Q7$ViCh!-lJW
zFD+<rfHp&=2Bh!fbmoYh3MJNW=fv5Um+c^m65V@&dFHeR+n{2IIU^!T&2JW~QiB#k
zHJ9yIF=>Q-l|VeX5dl&guLDqn4@Zv?zB%~?p@Mv0YBSXY-rH5UE*p!-AP<Ax!0xOU
z3%jkh@SjYdvOQc9#0L?HxuPkF2k%89*Pte%$LOI0Bbb)E{?n?%YM)U$cwD8(cW#Jr
zg07nJLje<0>$|#O=oN9<TN6q%14RfPi=mQ-5@Z$>tl=Cv)q6g>V|4C0R{k8`QlpuO
z?9i8IMf%Q+HZWGJmK;l%I-Jgqza*@qu<*=9=+ye)B&<?fI;_Y3*1SLnT02W~rE7sV
zb9OZeVdk>G(tJsMb&<t`4bD-vrMq2sZX^h#KDntEwE--`^6{eHy&G?ZH^SQ<+o#+g
z4Z43O7@$UdEUR&wNuhwC;AGRDUvq>~hsFQB!Tguzup@!awkMpH)a&yBBeFw`sF;w!
zX;x0>tfj!;kU@-Mn7!mUp?#@EAay~`eMj-u?z5sbq-<xJTv&!;S_3Hi4Uif~bAj^U
zTcG?r1h^&3SXcVS-ZpA$x$<tr1gxEK!3>Us`f=>}vTc3kZfgK9w}!c0Jt{@t_g_iT
z{|b6QnfK6sl@umJe)cc9GA3m~CvYO(6NreH{A6ym+E`Q}6&I694~SwSjaQ=^6_#r>
zB<9wH)O6jh4Y{ncbyPUo^jEo-?@n;I2LnjaCJqF^{PA8vFR7Hbpi8Whp4fi#24&LU
zqrzhBpqOFQxm$;yS!zP)<RNqrCu&enzZyM+${FaFPKaS^G<r`c%ne*(exi>aWonKB
zc$=Jts=M1Yg-CPdEL!eV*ljoLdhhu6S9G#HY^4Cu$RN&jBhN9`ZO6oMxt79of`gqs
z^!{04rJYSWdSR!vpcrslkL)%ZUvhVsGW;6;m}S2`;r;|>M0K-WcWjLPNs0U!!D$^T
zPF*kCrD08_i+ex()K@a|ra`i_+4QH1Md~9*L|P@p?kY`adJin!uiCSt63~fXn>N|0
zv`Nc?l`0IoVc;Wf<<>juNm&5B#UO=MvrLIeF7^s3lk`tRGCS|x4>=d<X$1?z^79{W
z^nt@}(4DDlj{z`DEKAk<ZUJ1pvvLKNF9}b-J9cI(^A;Ue`i>BFaOD$FPix}{ie~YN
z2dTri|H%yhWjXy~x}d8#fe_XZu%>O&A1<t}8?D;?5bHH{p!Y?uoOnhj>o%ZqmX4Wr
zbN}IrG}R@x{VjM#G%x2w2PgpL!CPSLD6!Im(D{nO(O`o+R*uuT<dSXkbbj$Aolvdb
zF$mbjELB%WJ1;t_7$dDdx_sLzhD`!E*7VC2m#iClC*H7R=k~`rPQL9CE;w1aEa5!_
z+RK6GgA~W)+gD)y00td?Tb=CnSmz?Td_sGFCu|77=r6yT-vl6zs&2butFHAGHdALD
zS6iwZK`H8a7UzwAqh<gEMu)jnoxo7?<~uvV%picA(Y%FS<4y)hqS<AAX>X=XFS`Qx
z?S9usm(=0Hw9Ow6%6|UTETBRir&fZP&UfSfDrySJd8D607$ZnOtt9OJz?L+o5!MpI
zyHxSsx}Pyn;2wMVd>Y?Ajb#P<S>ZMLCIc*2=EO7rtujQj%q_EN6jKs+D?{}gGee~|
zUo)RKy}xd~P*nX|`8(N@ZZ73j#Ir2&G&YUGn?2dW$n-1%5zIXI_5{a1zlsV!@cW*F
zVbJ*oQW{G@_UN}nb}J}#!OH9xsLgN{+e23M3%mn?92&~X21x5DUP~shQ*S<C+uZly
zUb8~*eh3h6rNz>%xl8*>rPF#oCX_?l0%^VO2U~;Q6tH)9!OpBLOeeh!2B2AwB6&=7
z=M+*AsyU(HNh%2dtT?|d&)+wDMuXH7S^JUhQ0oC)A|XM>X<l$MBmF#1P@D&f_9Z`O
z#4IEFt*~5V(UO`f%0F<aPoAA+f5o`TpzZc5>#grzq~?3z$$D`uckKH6<{g9G1xq&;
z?D12%uewr};KgX_X8Vsvk5dv4`vuU9p0OXH+utgz_<65L$RKAl^LY2k&6?xxX0;En
zdq_*yLA8ZgGXmwJ4(xWDyUOP#kOTp6=|sEWxjldwRg7l=k`$j=ClChgMlp7wGY)xn
z!7kYKYA%aF=JL->OP2bhA3ZiOU^?`hLpE|>owgt_k0;iRDX5XzrtNo9ZVWfRmc5re
zHAwI34A4T5-8p5=ZuPG}Zr*uTZ3crNs{qg$odnR4x)>63y=#4cTBta+i?ep}a!)(n
zdkoq6M~SX5L%PsfkfBnx^a(XT0%e@VVp&%2u++!i99zjhp$qVsWWLfaf-SX);59RB
zG8p4FJq0V8?Bb~<itN>LfV+@Wft)9+1eeO9EeK@C>aI&w%NXD;JSFdz=e=K{2L~?N
z_kHKvUvk?l4=2c6BvRN*PYUE)^mjL(gLp*`%{#~ud*=qFw##yD55xM{+dEuVE|&R^
zx;@t`R$B`OJ5yyom}QsNDP}q;qVLn$eC6C|25_yc?pvQp^KJvwwYxhT03$_SR(PFf
zum`{Zn(w&iWoZ^$0XPVChsH%APb6c_Z@CY@i6+rL=#G%(iDc64^ARpc2i4?&bS{vD
zpChg<;8w1&Z&c*fT-w<F)*TDm<?kdjw=A7dp%Qi~H1_WSLZGR-<HDxkvMTZx_`Tsa
z;AI!7Vf(=a1r-&;x0)`?4-&0RDm@W#gHKzs^3*sgelln*0_=@o=Gf;$7ISg*6FFtG
zrjLt13)#=#RH@i!1Xyzc-5?_oAjpvhAQ0GYH#2KJ6*vCj=P#whZ`NpBK?&PV%a<eB
zWBI{*XM@^dIyA|ay;{yO>B<Eg3*aG?5TKdA46Iw+UhnGc5zb${pS%9<DGhE}|EuHZ
zrGJ^s;RU{BxIf0rLYJ`~f@{iQ4G~1BnKH4el_rE3dc$;QWWQ1tyb7YEx=DJe8nfuE
zzxDHbzMHFev^}iIAWeI+pjA)<ynXiEdAbVY#<o<kDto$ySIghd&Y$j%R(ACsA!Z!_
zyM+Mstv=e5N_*MmOQGjJKYCqf-Q8E_+mZY9v-!O0($-M8vX}6Bm*ROcnUZSu8b0w6
z@Thuk;ytSe54`gdWn4tSt8r(jZdoTUFnYp2Db^l-9q>4~ntH=Oo)9}Iy%K*5ne}$x
zX05;YcI5ZQm*q<^c`o!Atm?N2adfK}H^;O4cYnxZDpFI<<LO-68j}+*wm|DI|ER4y
zzv1cCeG$BWQb%UJzC0D@E*tAO8A0tiC&f{DMNW8KAGrbw8Ueyvy8T>~bgoQs#he3@
zkaS*NY6xIcsyTOk(9GBOee&#Xk@FOOt&2nN)xNSFS7OZk+Qxz}^Bz5L(<4`1c7IUx
zHUTZBtO25pXO-*^x2?TEQ8aY<OOR%~ao|H!!WknJX+59oCF-%&kAbMeA6$7m656Cr
zI+rzQur<6H$a7Dx==siK`Tl$7B^kCoWEnHxH*$Z>DDO%mb6npn01@BpC@_)(4=<GZ
z&N*e9f!7RRy_p}7OaW7wR+^RU0i9$|iel*}G^>^8qwly^sf6)>Iwz^@ij|X5^&d2g
zObuAwEIU3~9iKaIu8ECUTL54hAG9i+8sCtyWFe+XQuVZz@l`pWkb1&T5z`!QAYX=V
zN1W`z_haRij^lQ<5n5SPbf9=hB45XtmtXSZq=ym(sb)_Rd3wOoy4$Z@bjzf2_$9jB
zA?*02t$+(;WD?5CA9m-B!u()<Oj3{NT>a1Kw-u<1Y>gf(1vpOg8vuIsD)>)9UHv+9
z%-TyYWymaKy0ox4Z#Cs}>-A_R8Nqe;u$fJw&Lx1I+zhDmK6k|J_)vJUIhuhv_L--4
zXfkH@y!o;9g+QScP+Sw+3qU5ncwtKb^qWC@e9eY{C;XoD#lJ{jacJ|@`Us;%FC0`E
zuMt5@Jc;~~<EAliiYkQ1tju#^@>WR7kC(;odS)Dc{&T&!v@`m0GvJ6bLYuEV$Dlbh
zk>SS+k7Em)gO=4Y0A5VE+_jcWRqeY{_3iaF#gz^}jsfhldvtetoxkv6$<pBGyZEX|
zdhu<RoQjSw%feqa#<I&7-?{H&wC#oV+5os23%5~g;iqh&N!r!8y*2;aKnpF(&nu2K
zWL_;ug`VmdwA^R3|H{$_?1O@p`2zPhw4DL;uB&y-vbG{T>`Sx`LzjUMxL|>yujgai
z;dSevruyI_M#4<0jAL(6G|s$<k}vuI-_&ahscVU3{u&#oQ|?@Euf84js53v??li*K
z0khx$-lgeIj42b?Yq7i(^ybaUuv$0p2823$^{zD)uW2E+%DkUzd-*Mb4Q}^pu^O1$
z;F`#kZ`ysMz%_~WNlE*pox9sw68FRxQUp?%SuXNQFLudpL!P8YnT1Hf4VdP^b2-&D
z8yfY=i-AC}j+U9<0oN<FTi_8eF-=nNDAHYvawM#4BhV3WzBK@l>as@6XFV%Q1lJ3g
zmdmoY8v4~Gr|>+}y$I~y#-L?0c*%xBD3#{!4hmrSHQM!JbHFW9O(pw@$&Y<4?PjNe
zxijh@B~ba~mBY;%bDUX2j_MCr?mB?SJ%Kw9B+^43p{_pSVV?uJow1sXY3zNA!MsaV
z4B*!6Yj$}(2dF>KXz;E@T}OTfTcKeKH9#>8WYww=hureu)u4CasSXJcexJ9pb9R}E
zacKDB%R4p!0EpSR45f=Ea!-Z>zR=(@>Ch(~M7^3XUvh)qj!{=_hh7f?s6;BDcFSar
zn4!d!;BNDXbu*I7$+n0Dspr0GY1!0uT`?IH>8iX2(2e(@7l=?f)HbSmOJ(D<Hja*^
z6~O4@a$LDU#b=)Gds=At8I4&%X7dCwyFj%MN%rkHr&$vS^w{nyb`P`ESY|f?fx9+U
zIIfzP(z}-bg3Cu;BKtPNHFe*61%Ph)2AYgF1Y1yUfcy}`GgW`u)R0>9`gQPp1R~N;
z;xyqb&S!@9s`~oPX-i<HWdEGut7>D6L93XCbMo$(L$bAs%y*v0i~1P3-I}xGU5c{4
zrS&rJ9e^dW0>I~JdaEpZn-Wz@s&^)GblF493~mYmyyG{qv-kQ^aCNCbsPp2j*fE99
z(f3{*X#+1_HsrXiOZ5XweE#_jz2Q=uwA(8UpI3^jv1}@>@S*2pGMtZl7o5M9gt!fq
zeCWB5Y&jdKuE}VYrCXhh1u1SS(j^aa*OR`89L_E`aZZjJK7VyFTAY9l;=*0$35)oX
zU<3AoTj|M*!Pr?P{)V|d42-^cV9QBLQgR%!!$K3rlGD@E>%Irj@HYW=)*UO%^h1kD
z5Y%<b3bnwx!0S(Zp)$2K6QDNd@(M6{-YoQ<4oE=c+45#I>)6p=j4PCz{iNCnc*BrD
z9x4Ywrj?YawF=I$vc%d?%g<+`;^umD!p;J_=4CY&9)Ml+3*7eaY|9-2NF7u5gK~Dn
zNWArZ>_|E9MmYyHg__>?z>DfkpsEp7{-F&(`;O=1&uUb=VaEZcUC8&(ul!IG?*eCl
z6%`68nc}K-xSm9%Mxe;fHHUCq@aqs2<Arl_m580O6MRgCGkv=rK+e{(tu0zhg|3GK
z0k_0qXD`7u2{98^7*L(e_`xQvp{{Ys;6g!9H>iaK&-5ntM4-zzN$j+5+e}Us{fJ{?
z$*EU5Ld$JPH`ABbSLX%L-Q~<`eUOO29l^cz96D1Bk|DLOD25LXI}KG}D^S!QzxeD$
zA$KAiD5~##1u7Ru#0>1JL*ZTN!Rc2mT`p>>vUgTxT>a^B{E{(RD@QHw9`ydsY-+@x
zILbI3<MHH|8;9MH>Q}y!KV;}|l2DoRn4nc)>z5eVoX@^XT@aL1WE?jgP%l!qw_puJ
zN=-F}rr7AKPNbePO(XidH+SbUbR`8ryS9oXWr+2Hf$Q_QrM}$lV>lIdsQnf6%UdsV
zld})NNrA8WK{v-O?b8)l{yx+voKuz6oY-Np!v^|@Kmytz&)X)pP$=U!qy4uZMadzh
zqV^BOtaE<DEz8WnofB<Qq<0?yXHvuYQIU)NifteN?z-Q?dAZqxUDF7J4qW3JkXmXX
zSDpPkl!tseF1Dbfk<K0F21Syu$wQVi`Ls#W;NRv7g2fLH%s2HYn9?a6Vcejh*7ZIe
zeynj#9s^lrHwI9coOeLQ@C4#T9yDIVW$1j{ypBx$U#tFKH{S*P1HZ8bN#}c6DAoc&
z@$8Ml1&rPWA1*1O-x7fsJQT|K9P#KEtkZRz=k0;C{{OzW^6&1GQ2n>V_oR{VEc5M?
zQ{kLo+-(`)?RATzb2>2W4x<l!@2^-*w$a4}$T)Z{0IiSFZHG$a?<@oRwFzdDxe&Gn
zATW+)%=1(Jj|h}EP8$%Ryami=xIy0@csONnG)}M#^5y?azTbbOXMu)#0#jgc{(1+1
z#u+$0zK)yM7o4*p_V~!(8B8n&BB*k1x0ephI*Z3LZu`#Rw$CfV@c-C8oZBBEHU4lX
zr_lUstmiGWqk`1yq?eA+K7dB^f}H5rC^P<#0PRcM@dXGb+#jf*Q||Ez=lgydebwnt
z%>93k7`+3uR_RlNLoK|p12o?I;3R4>9sTQ00POEyVIQ;B<5dU7T`108F{n`bdsr%d
z6jEDi1R645a@k5Uq+UVGy1)dHhIlpWn;DVl=zf6%ot6UGT;fN+X#6kuk|f7`s0eTB
z$oAUwy6&%*Z_*0u3K%wqKlV-Zlzhiy=}xmbgl@6r?tGeBK38m1W4n1q8KcUpXx7cI
z4aWm-R?&;TICAvgAF!kiuETxr8nAO3+0xKoI*G<be#+ke!T4{R-@ejk3&K?7of^z4
zua06CeerRK7_@G!EIEJTe>;Xgy4i<U+D1d%cgB8SNeJ}kA1%6gY^i}aordARXK^rs
zXc*L7<9uoJnQ>ca`0yC0{e0m?ng5#eulaa<qX2VP^I4eQv~m!Cam2&pe1q#KZF-$N
z)uD4g1){;LbzJ7h<4H5|012$2<}DdWG|O-F_|-S~jUmIqQX|&R*F%dFZNs;wd+tm)
zbMN0azmb#joX5~qfI(lN_#=B7(1McOW9azsQxoR(D~GN1<C7EPB9^Q=LaM?tx1bK?
zPXbEL5+2$&efu?NE?0wTFfSdT7VSn*=OU|Rw-24Vk1YMBqu$ZMgt`11U{gK5lS71A
z>``<+lrU>rP;)7U%__N42B^crbD%x^z8=M)z2{%RksTh29+n}c7uDH==rSdz)p+RK
zDWwnSa>lS)i3RlSpM~QAzAPHX!{{RV3gUrBJ`0{()Ny^h{R!XYV?v!@o>kV%U_FY*
zczty9r#K%X>Tv$4|HVIJ*<)hRN~gu>H$93;xu*_ePEnor1lDo<<hisH!wbU@x4ytD
zJzH_C?@FfFq3q^J2Ce&}y;gbLC&2DOabO{qZfuKzhw^?qMAWh6yu9-b+~$Luq|Q*Q
z_(#wX!n(GHbEv=n0f#<HWhp-g7I5knM5||o?_lTu=h)&%t+R-aTR=>CRq7RJz1N_f
zu)~9X{Ik6=v~2=-DB>SxF1o$?j4j4h&6PEe3Y5`gNAW&i0ffC-6k2xZK=Jz!VViRo
z-02jdlS9-64P<sf>(JIOL@z_!`T|LJ44O%}BE+k=YE>u?<t87|175v6otz0B;>Wl{
zoPx6DICK@$-Vlk#^z=;fw^mLKYOOK#LQC}+gpSWJdBf2|ziN<%HiM|Ij!7p<z22c5
znidB%t!-;n_Cu#ds0@9fcHZ%>OMu*b<i)Osvj&ycmOr&%W#r%k!E-;IOGtVD!dSMy
z7z<ss&<ZhD5RS3>uibcXIAcLO)5mQ-mA8655{Tei&{`(@CKn@qm(>4R*aEccp-%_1
z9r_+Y{RsmxIJ$5vo%qn*&}o1s6Zisd9{W^ioK}4u@Zn8XXhNSmWM?G~olq&*14t>@
zba%eL54A`Ee3)Z#*m(ti3^-s8`25-7bC8^jBLK{S`8v1qpBexD1Lgmt?X9Dt-2R2}
zV`5_=(ke%g78MXlj{*t;D$*q&k^@phgNTZfq6kVW3P|VB41$ED^uQ3x2uRG(ImB=8
z2hY9ly*y{F?|Ikn{o|~47Cy7%)4eZ2d9cIMC#^2&EP&)wZNQ_B`P#~4bT)E@pYuKM
zp-K+=!gapMLZ03qp!<I=`d`#ua~o0<15Oj`Dgu;-*Ah@~-=n0QPXj@<`Kou%LfC{F
zh`m|8oeB|^1>wR@%&_uDg**#Dj5Tist|E|h0h0DFKvrIP=Y>q*y*K^hE<y%i^+I=I
z6!_xq2?!XPtXp?{H+>6#J%b4Ohh%ZAqzpLj2{}lh%)}lE)U(F|-8fSfdey2^Y#d5b
zuV|=>=b77fpu+L&PlzR;ik)fH+`-xRML^M#ksG#*N;R?lzeQ=kL_MS!>DbHgs#_|U
z;Jr8B_8KA|=B^-Mu;YF~EfY&1>_L_AWe0(U0icN8b?Fl~*!*q?6ee<?_<HxEa-s{A
zCN}p7{Lj*-p6k9U`GaNF;%DD??>@;<xrb%H_AW|@FJs0Jpx>HlgL=dx`UW%*jA_AZ
zSV+@vz5@75*|XnD*^s513~qV%8-lSC_qHHZjM*X9&_hg&YY&TKiV}FWAp91Wdb+M6
zy@1Y}=F9`9q+|28DunSV5OEU0q5QfpOV>v0?AKOejJNDP#(%>?EuBkWKmUOwjDU0Q
zP{%W+>6E<W*Db!7Y%!m#l$~^yo@Q8b5_@_04l30BKm3-3#zihqF)@V;b?K$iYAG6`
zamgSYTQEE2!&d)GgXYkQZ`xjRtnR!Lvy<$DGEI?7qU6<;*6Fz<G0HW8(pmE*m-Rk@
zmXTIY*V_-~ihlfjeq`jkS4no^ef;Q!WO;j=2SCr!+bf+$q49@h*M9RvQ*Ys(+WHU2
zw-Dc+5xvj9LoKzCU1F|2TPApK%e!sV7Hj<KrLf8-GtDuPo)`}7ICq`+d~481%@6Ov
zF^?T`$^HAc;_SNX(P`!nuPsLpX1Hfr(lOxNM<Z2l4)qjdk9=Qq$0!uokX)8Q?6RBH
zh|{a!s7CgEj0@#SSnVnNnR7~>T<4VKoQoDp=gfXQdct+ik~AzRyoK18=LD`aA)_0N
ziq;B<*8irsir$d($*VddPIMUo^<SDKmrU=!wm<5%<xmaZT``uThh%&1UU%V6yiZYb
zYBnkvO8*x-HA$qjJ|w?9t<W;WM;n?e<}t2O=&|ZjNR4*&^IZ7wv9c7@*PPS6=vn%1
zo<}Y1#zJr2$yA*JZa%%@GrFa2qPoRSCs*B;?-aVsnO9^^#TWR4d|AAMV{a6NdyP*k
zCtqW2K5Q1u=eiM9WZL{bXTH$^4B9SgsZ~vGsoYzc>nRzvwnAFaPSbVIxcm8${cxd!
zSwpy3>u9@0ZA#_L@cNAerRZzwX*!<{M9fpWa~<Q0D5VK*J0Iu_PY)^>KQ-ZH=^g1v
zZNAa{F2dESG<`_8&~`BWD1Wn(<IyIy0RQntqlZM}QrW2Yy=wFf*&vn8-~B_j@Mcc`
z*CW;O7$1#2&Z|%Nn{{Q;nUUfZjdPV^E@?*EWj94#a?TppZkWR?c*M_x_kv=$XU47Z
zAG1w7Bj&Sgl(pGh{-o=#b$z}pWPP6Rd}Fe948O<yq?q)#J1tFA)I!u(trA182I2}p
z2YGEw|JScy2TDB^!MrkVkNNb<ANz?n#@gyi2{*m?`+<<eejP^Ki%l{B`X@70TXF7`
z7S)^gaSXWqTi$}%QWzqua-Dk0n<R1qo99Kk8m;^Xw_L`jI9tKU$%Oe%{i|ieWu@+w
z=h73#*hF~e3KwRYTG)v=y31wl`>U@$oQ$KDy7o$hqcyupLVu_77|qqYBV*~MH>B1k
z-B(G|bJK%7wI+|!N@g0h=Vi(!iPoh`Qp~HAP<JqATZzbtjd%6^-fmBvB2~Bi@TMjZ
z+o!Yjj+60<Vpo4e_1Pu+c2Ymn$GE@5Nv>Qg%-$6)VvS$3<skRxiO75_an{Z>H0~}n
zGGX|I>7yr4wgyQZ#W;O1=zO}LHe~pMn}%z)^~CTX+txNo^Cer{eDhj*>Dv7%xov*6
zlC19Tg=EU9H|uTZi|Tay-KmPp6k>Y9fe6f78^hk;GDBorS*m3Ep0N)p7xR{T4{jlX
z=y$x2FD~E@3wJ-MgBRT<r7t;*UR@=HI;66-jg@NPv3cosY)(aUc9N*#URH6#9+X`8
z#eJq#u}nD2h@C31HGSAGrCXz7xhD9^ND%(KA}3bzbw_&t&A#hz->To!sS*v2VjQkK
z=2bx3=bEr<pDuTQwdb7loqI+6x`jFQvHtaSLNdaZbSEU&hhvOSa0LeKt5X1D%r&$9
z==+PYAxodBuC@Ne(ScyEB5DDBLM>h=glZD3$z*&ro?QN9Z`~F48c>D4j2jy<X_b%>
zwy`{v;k&OcQUBf=zkX@)%8K-q_;(e~ps;k4X?+2ItIh+xJ$A{iiFvo~weoA@QtBfE
zQ-&&Kh_aKoJ<~GZ=jz_;x8>D@^scV#m8qI*z!hp;T)P!nWIvK+FBfd49pySsP#&py
zw@oD>jVsG3&&oYfod4VhBfsIZ`b$)XIzS(i4HsGqj!?;B*pK^}D9X)weeT2LQ?C}M
z?|{w)Ba&FlHYSl!>we-)`ng}4<gpL+g>#l$aZw?3b15DocgTz}G9AlLPVq=~V~m3Z
z*|d){i)Y~9;q#I#od25Ams&P-AnUm`0lV_aI|~$jzoE8cL|ECF6kb(^nGohbsjFXp
zYqb@3E0-iA&6jl|UDrZ~RVehjN7AkbRmT)gcrJhSF_sqUlRIlw=S}+&6C}ZE?Pm$v
zorDgArIYY3-#Gi^s>T-jd-p}lN;|kw0}VBMs7C4q?cT|m>z`9;6XaNX)hJ@itBxZP
zhHr<=i3MXL_7m=7b<#HXzOT)an$6W2&h%uGKAlUnCsoZI{fyhCRf&6FbIN0>U8J@%
z^9%X&HfpWK7n<O&i{q5x*6>`5x*IKEKb7sa*3s(G-v;n{jJf7MX9`<gt!|O0NkhU(
zSqAKXuxX1M31{74Kg$Ll2cMT>%Ca2$JTb)Erco}kti%h(%MQ!zw7xgmk!KZSK>Xys
zTAW@gZmY1<aTed%=ajwgs+=@F`iZubqp;KwhcO_o#Q1ppfwG&rw08F7vJ0=i9wxJR
zY4J<oxz>wocYl;fScg?tuBkbsHj?G^Q__0<CV)j+a@Kx7x&`nO3ampJ0g7cf<r1KP
zuf_^Ra}v${R%6_!o7*TZ(nCF6*(0xl)+KV&*G@gkI&?t`zqWQRaSo*M+Z@9_M|buu
z$}LGevN;rzjB{Zy@k{AZwiv7y%=|FQlU{O*m9;5qb%8n&nm)E(qQ<LRlvA_pFRjA+
zib?yPyCk(|@8For!Tgo)6YHlA=2MsG>tbys2uzogSc;;#gSx4eCL=ed{Ck#<z4f-K
zPp`~&AWDekc_^j(cjsOaS<p$hm>F|nlDR)#4T@NTZ8ZB&J<!`RXyo~NiLt4`eW+`=
z_DawyXx(C6>)+Qsx?(I-1>WT;*1IpR+(}copMW)I8<y$!8}6!F{o>x92Q<$vc|d79
z*`(H5+bBwPDcVgJ?h?&3Z*`42UMXIiuKDp)%KTZAAu->~&c)W!b*a$fMsi`5*XpRB
z@oAS?eP9v<9oKz|Y7(%sLz95_IWy1r9zg2~o!;ljzRw1+>vJ9JH&|}d*4zj)xaja5
zqjyz$WQks%KSq&BfoYxUy}rM&qwd*wuf`D0*>y&0U74X?%x1;ulKlhy8OrR9;Hg5Z
zUfoZu^=^y7a;+6XmOR;8`uQnl(-W58hF-BJGJXE&azZrJz+-S?A92?SRs!CUn~Gan
z(JP7hbgKyaYbcu7D_0UQ%FsAx*Kw?lUT#thH+jindT2%|ZvT6|L*L!kdo>PF4OeqM
zbt(rce*hV-*Ax9~!=57dY#f;~qPRa)`eEmZtgi2C20RkQXG$FXP6zpY%umL=*ElDd
zg=atS(1bsgyr`8shU?dUt(g~XRyL1)lFQB0nCv0)rD?5bqFCs)gf{;Ey~A?fFNJ0V
zO6fh5GJKY*s%xZ=UpCY!Qr8AxO=s5iK?Q3Z5@Uk~v@Ko8a}&>K-q1x%Ze_MikjFZ?
zjq>zieW}20URt*zzH_?lPV`N99iYyptep#19&C3tv}k-8b)8{-DrlWM+b+RX(p+a|
z#89-)NzF>UfA&?7)%`8jF=wKsT-H~O50V!%jcf=xME9`?o-u|dvK!v1)GAkEy}ZtB
zE?j7ks4=uq|2C%8T1FPL{eeKoBW(Lr_EH~h+!;L4)yjc(PB@9iXso*P{5x8fo){%&
zyqRA6r>;B?t71L;53dWEMkY(Z+Aa<o)$A_WM`-L=3lvjJpx1Nxn4&JB;tHM&s<f>U
z$*xk464%`R34bQ&Ed}2dqM1ke^R8G#*88;fiKokKVmBOVi=tgPdhI6MKdsTwr;aiX
ztCLwTk1Khs#V21$m#PEeI5%Mo-Pt5SS9X3MQF7rs(3=hCftZRLNn-L!#RN$OQ@BIR
z0{lzWw22SNeW%X2EqBB|;M_tSj`sZI)@YgRa>0{T^QHAFeqC(NW_xLsUrLk4Xn}Ll
zgEhCQl-~4~CPjtQB5a*2r7^O%)bbX3boxi#i^_By>Zc7gN$PskplOW6T_6o)#EvQ`
z%Vkirm8H@S;0LMQr|O&+`V}-p1g`Y@J;Wr;-)bIZ9d&oCSfxFB`D?_Mp^@k!reTNM
z_j$(DV&p_K9d4^dLQ_tFlQl-fT3Nh60@Gbw;3hmpTwjT?bu79xmn<OMnH;eIWMVHt
zGz^`l5H}hEViW)({UK(%Uv$^1j#k#ak+!HW*-B08&ZRnAMY2wd&^3MLJwF>BeTB&X
zOGP*3)k92f+tl1xXN!PI<DD?`rPZo{ulAE=ecJQ=c^+2^7y9N#8XX)%-{#M43p`dQ
z;;F(*5`UH2FMG>Juh(v7wf;kZ)(*><UR_?%5-Z&+^L8_HB=_yhF>6%Kyea0vU&-wq
zm@*s_HL(Ir2x>J_7S~kcjDE-LMU0ZE8Yuz)>3iz(haUEzhMFv6wKib#@e&_TW2%S9
z)tyUyO;Q0t@x7-mvRodm3nO{-a|fBJCwR<Nn(=i0@Bt8E$r24fg$O$j6kgjcjb;E;
z9Hus)vML%QhhOJk1)5Vkda2N^vvs78+L5P!xWI=2N0NCsvKIe`N?viDFK>%t1nxtF
zHV(*&u#hm<1ShN+uaJ8Yyts!HMKq1bf0mwVWI>m~(yy0Ov5hul^<?x+w>eQGUs6<9
zkJ2}jo>wbv>R_3-g=jS%cK{fOiqOb>E6Tb`^@;0$JwfV9o2nmlnzx<lFngPtqV3K)
zh}BYy)CQDbLR&rDpiTEM;PhuHzOAE~xydR(tk{(lI>%7UhyhV{sQ%Vj-`~-TCa4o<
zdG2cOup4d4vn&O5!OjxEpR#S-ildcSF?IRbj4>9Hbn;a8HTF*+hNf!-uW@JX<mBXJ
z!d9P`H`4s6&?=seH45fi`AL|cUR<8W@259)X|;|!lLq8M(sUaU>s2rstG0!hN-Ob_
zwRc{_nJ^sV@zP_}VcBw+`-n)i^YXmZdQqX}QVDBDFLlYJa^|tJ$T+??!fHGj47$l}
zW;<m{{khmMpMK6NnUpjU71~u>*gkwqFTuF70LTTW-cdbJHS=1}ZK?g-U6!Ue2{%(u
z=04%O#Pm{)V?A-}Ab8^X<<~jXu*`9Wjo|xy0S~awJa$+nk9X~*Z%m-=BihyV_N<px
zT_|;zTXMGJ&@Ym{<M2)?^r{}t(wV{Em$$~wr0JNZ7hB)q5ZydVnk_@$uEW60q8%x+
z#`F8Rz28*@nnJiL?J(@m9G0d(CUFlgXmB`JHzw3}(#%gN0yol>Ak`b;!6fsxw`a!Q
zAx$#kI#cc*0zc2AJ^}o)tS@$vv;ed>!Q+lN&779Q$TW3%ZXw}$R8ehbwa2m`i>O<M
zfhX@0wOk=RB*xw0=Y!?Un(xsK9RcpDN+k_O3_mjhjqy^;3)J?L`}@WCvR^wSH^qHZ
zs`Isj=GF3zsT)J?u2R;EqR)qKDUTCg53Cs_3#j*|DgDR#J`*UWBA}Q?)XT6lp){=|
zW&hWXHUnR#?57tqXQ>mzwXq%BWWLV;>-6=OqKkLafc2}kU60gNkXcFFC8F=Cy1lFM
z<LS!7d1D>Dy7#_IYVkT2rS#xE`}^#d+ZxI&czc;IXAl~r#I*0<i58=3FYO}&cbgN#
zN8wC6q**XQaW1O=#z$*4qmK_rdM{QoJi0Pcnzy%JwK{JPp=ymYnprtQ*qVzrV3@&^
z+R!<&VAm`aO6OHJXMF#`_MPdvMd5wK86^-akay^sb{%&m2Y4QBx~6xV|Fs)9e%%Qd
z-X<dR3g+U}gh($zy%W6k!t2NEkch*6CMnff8uyOQBr5z(hAbec5P7}da{;qt2UZN9
zHW7)I(4|o4!e*Be*q{lIb?{wX{pDxVtA~L$tF1i?y3Ojl5xAt-DW^R;x4MTQ`)%fJ
zZxbk%qP&?`O4G-yZ5LXX=TT1$Zw0cu>y+5ptr=w8u5)acGSYv%Fu_XcZ+Dn5UrbqQ
z2$MVT`fWi&jPgQhzpN@CGdqWXp$Pz=$|*9)bNFHjn)m)x_red2Ra19$umT6Cemc_1
zbLF!1c8)Rad){jxkg^(Qrtb)BmAev?ZlH=aXE-XarJX0>^Wf;>ZxEbGZ_OI$8Fj1}
zDHmLJ6;F38BpYTPou!ZQe95nue>S&BH)<f(W47{Bx$ER95L~2r%zt@vFc<`AgJD!%
z0|e@dW)#wk)x@Q+s>`W0FQ_S@Cmo9n*~^w&>e65PkXPS3VNEmdnI~huzWiuL{Suf%
zNh?aoG9wXo%`%JH$JS@~8>>cy1q0K^x_BwZY--^2NHtqvJn%c*6zHNo?mPO{ch=;u
z01Jq5UJg4HO2ft-b}=w(lvwFUUu#iyuDF3%{>0Dsk~RPNeMZim%f~d|L+4&QXnCrA
z%!5(Y_{)OQM1e=ZGBD0__q@dIB~;~}a>{eA>lo+{J(XW%I65t2r6UlQBI)+)ZlV3i
zK-+L@iIY8%#1+~ZSl>e!(9G(0TOG9b>6_L}n4jC5s_Safy}IHzC^waTQ0fR7r&ODw
z-RU_r8l&8~6F8&}>Clwycz&e1g+REfm5n90VJfq}<0F>}oUF)R+F5U{)f4isrBes)
zRJ!~}ASUl}7~WN%s+TPc#^dE{;O1?8hr6p<K6__WX5VD@K09jn$%&sls1VQ;AC(qp
zBNcr8xTb&b4wtF&O6}0`C`vIlrs3l)&V`;dN-xFl550Saa$-6qF1hvj(U^6OOj~2E
zn|FTRZuZEQaO5ZRBp2{z(;Lf3yQ@xB?^pL7|DjRthO26K7x84vDSZRfRF7mIY6$;?
z<A!t|T08Q64Jfj+Ab&|)Y*(Lp5tVWF6+^}W`Rh`@q!S=^BC7ym*^W6{t-YuYdMuJT
z*<o2UaU~6j+-4tyxsV;Nub}G87f50)^lIb#h@$IY|9yclLGV52aX9Mgch7F*9$EZ7
z5|07hQv=g7A`wrqaj1&u&ASbzk2a9ALGpmJNE%1PH|;M}UTFpyXe6~iYwQTV@OlT&
z&f+V38y;=*f$EXv&sh#<WOE_OmD{!M-`i<Wz68IGy#-TyH5s}G^+`vHIGD_2XLKq1
zCBsuk(?HsuV+-EL=TmOmYgAKe6_y;pa)}8ec^E$Q3I|ZK4k%YZJr+#J!VL4A(SM#7
zxhu9k>JA;G26;#gac!ZLC#Xj$0U+sfa<fdiH~a7MpddZ=*1;)H0i1pb76wFFdk&(~
z=iP6=ah${YNfLnlxDCum9kSNTL-LOQ8xdZbAOmI1yoI=9N=P!(!nVWZiql^Ju#Xkv
zYeC-s&BOi*_KsL9bWc$CcN*bem41|AXQ}yOpuVC^8YFHe58N?I+=m)e-1$4nyye&9
zB#5<0m~yf+w^)!zrM|Z?LnSUL9LnJ*(3BB%-P#6O)*j>q%7{X-dp8px_{-fd5Lz(N
zx)sOXk=c6yoCIc(y&P{6WlB&<@vJ_yQ>$OrY~<vBx(Su*ghse}H+{^_0zWt#1whvN
zX%Rgcxr9LMZiIEe<1j$Q8+wQw=gaD6&>^4!!>UagEZ-YHnL}L4z|U`4sw|)vJ6OTX
zfF!fxgbk7)uZM{<$Bw&7n}X&L7-i3Xqn;pMf&C&@NCcU`vRGJ2bU<D#kp}%lGVnwS
zr)cGs@6ZDFxd&naWf9lU7b&9hQay432HbfH_W@W@<E00epD+I=gbrH3Juu%Hc-tBa
zD+!Koh4(#adP)_&948V&)AIUHQL+`1f&yRbfhQYLPtLfJH6{|+ieZM+OA^VvzU>@D
z6|86N;YsQ;SPJ=*%i&3^;7NX1N#ue8s?8fnPyAl}|6Rfxl)Th?d{TpF(S&CS#%PGh
zq8#N9uLJNbxIb-uSgOsy=O@0sh2qY{yb-njrtH@SN&dTp_vzsOhjkAi`~H(f1F3ni
zL~0&7^hSZ;+l*E(4}^jl{w|NfXVUywE)ZEfk>hm<)cWKBPIS)07onppdqcTdQ4S%B
zURocifbbm~fH2#H<l}!qwGS#FGFp?)fs;Jdgsk<3sML!}Ki_CKKBqP(>%4*|*8)(U
z#68aRM!Ck8t#2U?fb3Gk6`K(5FK_#fgSw;>u`I}`;;6i}ukg2JQR0)t26m8zbq$VR
z!dqbyd^5CSEjCV6MEQ#!`R8m{FBTQ>+6eUmFTCOEhyK>LLQV&^QefhB281Qb#PG}V
zs6Z|Ij^yGiu#?Ll7-99q2MAQTLYrRZ&DaBfxdhdrMj6gqiF6cR@|O;{L!O<e32J@A
z-3ySi0V6bckb%}eaW(@2XdCe?H##FYL)#rFTVBOu`k;<RndN3C*rNvIs=P$<=COEG
zMCT(V8c1}09xGAlfgI~O<RImPx{pz@$NuL=oVhr5ae4iZKmJ%>CrWj>{Qb)Pc<=5v
z_f*}_OnNrWj-RiudgwhKE1gH$SCsF?7`Ax$a3$ZFX7PQ`WnYNj+8%Roa?7JPXU=eN
z3ot%!%I7FukkNS`d&W1*f9tjy{<HfkEYDIev`$2qGZwnKB#$PICSAf4+3fiiqFpHy
zp38j`V(X&A_Vxl=EldoS%92x8N4QPMSqeMV$6&4JH@B^niU#^4Lg<3PY0u9->z;Op
zYxW=5b`z&8pEkl`9JlSZV9?DGGj(*W+q@h8sJET2q%!C+`B%3eqBQUNZ!M5=s;(J+
zfJ(YK0LH6TvILy&E9_-}1ydkh*@_!jSaMN|PozmZY$rsNb`x_L42X-kVSk84P%}hh
z9eUZZ85N7ifu-tUq;iV3^`aY6zm-d01I8b?-a3s+S+Tir2jOyDE-}3um{qZZ@YXn;
zvO8~3G461zrlen^9M`!2#uVKDn?5{^=l%&a(E+N0kh4&kAYXbt-SZPvv!B7eLJbMW
z?%2L@k{yglp-pTQauO9@UGzd5^OG-J@tKEkxu!C;$nv-Lg5_C+LRiq*8c;HX{QZ`1
zx*UK3!+}1hvCjT-SpxOs-$2dT0uz$~k(cil{Ne@pIc?vK^6_)1tDiOZ>Y)alwv_9=
zGY-lEw`|Ql2%*0BiZQxK0(S#YKW!_Pd%qJp49DQ-#H}Z9%b=3Yg*y<CyNOSQMK}>1
z4v0nz6+hc|&C&x55khKKi5tbYH$m|&Xr&!eMK8Y90>!r;M(mc_X<v~7H!V=$Mq_Ou
z_YVbbH-Vc*4G73cb&t4>6yNRxsU~m7<Ba;KNIjtdKX2Vd44iE(F}-emfbYb@!{LKQ
zo!1^p+wIM#6>)TH3q-w003<YUjQ}f~Mqs~t)$agwd7srIOnI|}2mg!!G&H04)AdE<
z-$%K?vGSsEwHzoK;h{7S<anLd$K-6Rr&{qU%fvHpT8eLDW20~P6=h{*I4NPOQo!vb
ztL~JkOto5;9c4@Um)cT5@rgd5ieKW+YxGjY4mxn^{G#OKqs4;h2H^dQw*1L*Kf}+D
zdaK(QL0t5ZNsPN1cnQ<_#^64O2b3*rwUy8sHVpxb#(juFcQ#TXrQ0;f5=y56tbIvA
z>#h0grPP7<L3#(7M66O0cif1PlxST3?qk@$I`3!gN$n?rc?9M%)j`<do^6s^oK%3D
zSUn&D=U%F!*N<wc04gAb|7l4-UU-7PbkV3;)a-VoV_$(ylZ2ysJL7?i-^(s8^vt|B
zA>uC1)Gt)mR;#P2Ha?&kWS#tB=>`!by9=Q6uP#w^cDe-FDd90jZh1s6=R;n1MijQ&
zl~ltX6d0rDsJlXv(!GTd{770`PVZw8aGCNWh2d9Zbg*5V)pt7X(hRdse!k%bbe)&%
z9<a-8VgdRtD{z+}=f~ueKK67LjcZMY4PA;;UJEgYEIQH{RN96c-!g@{jkmnH<e-(w
zL0R`TuCroOao$GTDDi!pL^06p(s4U_e3<wsZm7Z)ifd{>bx20kS%bgaezMb7fo@)1
zEj!^<32i^V)F%-gU)(1@(~v6IB*k#n{d#_e3dTQKC&MpuKLbRr3eK*+d-yCWi|2fT
z^2tb^P`Wah{tUn9_sVFnmd<8~rpX_pokwZAaX@^s?3eTCCy0COvQ;82hhj7{z31$J
zM#kNR#bM9Va~_Ko>x|}|zEVvR-|4(XAs+}Gd%%_^m^gqAt^o)xM@I)4>nW8fMjV(E
z6cnVpJVh|>7&lDqQa)<Y*q5QAvY0L9YEe9&yPi6`r0dvwNL|-Kwa2l)M2sv#paJs%
z?nGj{N2b2K8XH(ODHag6>bXd;qVo)OE#ui~2U**k_q(Ky(alO!0TEmIw}w-V%y1vm
z?mw39++g7+bl;k%BfRA9xBHU?O}d&|epubiH1fD1ru#zf6zI<Vvvj#V{Y#<4*iMP~
z2_KV~)pr+vzM$kUkFNWBu68Cbd#KKh^=#7<irfao^-cCI3qKeygCUb>rWocF<gW0;
z1?;QPd=Tq?1BUm=fssR%&CSiXw2XvPg~SN+9|hb&g(6o%By%;}I_Jmj)+Qz<mSCQ4
z=_=Ve>~N-pgoHPX)-rEuKtx9knM@7<;}y<_3V7bDahIdY06tHBwF+=>QvjUA<tsOO
zDlnA`o<wyw@qD9`C$FBHsTrm#r)vDBwy1$C7>yB%?ZPbd4tzP%f6Rvsdv#<LwCfM7
zyDcT<PsKC&aKF!ywbJ5o9BGLlwJ1ml|MZAkJ+<&KsN<^#lv-gxz?9s3jqXfz9EDPA
zK*%ztbG7*5jJFBBMXlAd^S-&pF>ce(PqIs$HPG(MEGiP~!?qBOnoK4%mw&~dGN67^
z)@224#(Wc5q=gjCqNC5dgQ{mo&JPR(=^fAO!;S?`BsmAWmL&_?!GMH07oY<LMPqb2
zn1ghX=Jc4XUpf=wG?H0e*;zW@Zm31_WW(*)_c}w7M)A$rlX`2@QqPVkT|9ZeF_JEZ
zx?)1A?$kSP>I{&QFjXZ|`f1j^+nQG!0NgJMn)f&N0)T6s;YN2p$m|f{@`QLyn+2hR
z$AG%TBgNFIXQ%k-+_rU21F@T5U<XQ08dUuq0g>UTVW(J0$VDQRAvK`8c)v}hiKOn0
z=f#+WGZBZKIS;b|{U7@g>Mor9<eg|#3UoM#fd3GVYo|%%)S5=|;<v>gwCg-;OEKxp
z=XkdzT<!ZGh<`)JqxNNeX<F6BDDx@#CQ*N-@@r+=*Ysx}6|DI?vQ`N<ivpHsfaEtn
zBL<8<FeHRh;qXWmG^C&iH7#gbkdhAL_R>=h(d*jV*xTEG@sV=FiZ6cm_I`?w%#aui
zc|}?zt^cVv6W%GiLHC&&>+?jLx%PDiNcpT0l3?^w35lJp;H-<QD=8(r(SNXxjls6R
z*#qETZtR{E*t$&t3<cE7szoi#m9{`M@>EF8;92}!sx{B)yJ37qeEh|ekEW|vJ=R-I
zr081{8lE{=bbc8ZwKJm5lWlq(q@IH=ZJtc4-a-%Rf%&2FY^kF@%q_a|<7;DhJs|@B
zzZ64h=8rMHOS2=bB%?47aqL?mF)*&_$W$Guul6FwtafRWa?@9>KL$+{js@nACM6Gm
zQ4B2k#Mp@-@#(~i<eXO0bI#66YLk<`Wlz4%w^i=dvkMQ^M~yw<?X|$|JKoo#+xZrI
zp*=FUi+FTC2WP2eg#90~pK-p|8viTuq96rq7*)zN>V5qcXLTi8$;D&5gc5}B^V9&*
zr@xM~g;FLJFng|TAo^CW2%y1MZOj}u-rPh495pxHJy#=azTcun9t?$1CIwi#shDAU
zz|!IJ1^;eo@%TfyPuH1kuc=46&#(J~!5oz|eV(!@Tph_Qb;5ZXWAiVAbQx6=lz2L-
zR`oM2yU0ddRtZLSw2Mk7B!M9>?F}{XK8igGu>woU7SX_w8H!U9<eY^nFuH_As)SOw
zSnXM8c;n>y7~aLP_*bO>f5(?qnM`5I|Bd}%CjZmc3B?eK(@)3g$S%8sIa5^y!_o8-
zL|o-tlTs-)$<nNeP9f(g*D{Moi3b6){V$ifJMD8ifKKX62nJp~#+cKaHFV|7kFPHD
z($l-oJ|cjLX)+DQ%d;ak9W+u$sgyi@Grpc24l4;9P-e6$#*mv21BoV|Gmb9F=b`bR
z&!KWE;r=;bd;;_5xAAEXjL%ys&t27k*)t^g`h45x0vfk7^fA!oy9MM!z)LJEnt0fi
z^Ay@8LQDn`<*O;ZF?80R)nWtRy^G#wXJ@}Z_N}$`h+~h9tJ~CG{bzFO;#$p_ug4>S
z>d(v)0ODr!BoO(us_@*Kt@c<4MC5nvBC45fEubk@9rzFpq-{DNUTRgxYjici_&@y#
zp@*s18<Z{9xlW(Jeq_$?l06=R4l<~ubKDQPNz`FyUN6(OOt9mv#zxRD<n?ZQkB`sG
zDN$7UI1P29M!9ekb|MKVl(SZdf4{%)IjSG{?E_Q>3It)ZiaUG&o;k@-cVGjO$50~=
z(z(Aau-Cs*474$OZINKn9S~LV&O5~`hN^E)Y=a;O$Y_WSE`n`?7hb_F?)yF|M0YhA
zpsN|0fqANycmTkq<{I?xWZz*wp#$kP1QM44G1#M!o^OQZwT9nBh-;a)xLcC)Lun>p
z<L6yIsEc&fZQ9QK3{a=QBNwu~;R~<p6%6%WAn!dGFW>a_uAisj=Z`UZ<lc5bAa{F^
zuU-GRvzb)jUlchuK7S>2t^Fhr6GhP7$1E%sN}{fQha2j4M|JhtV^SR%sX2p$7^r-c
z4nx13F5DaCKp>h?1@Qsgl<q$*iTS}rux;u;g0GUwDaQ{n6d47Vh?6Jg(yjnmoR>Zg
z>E-1^>g2V*N>PJ`(s~=zGSuFu%Lfiur3-K~kxwJN1O0UO;OE*ExUY;KMxkBNi`W&e
zZn`iEy7?#E&>1D{BFby~uR?0Qdjp}}$HRBgzTTAsvXT(>5yBP(oB;`Y9V}@oi^Qjn
zA8|mX-!dd}W-0%3%F-Q)neBrox_{g@3~A2(-)HhN*a$XZ2}3`S6l7v9q+KmnZuEww
zRQ?T=C+FRrgT9&HZiw>C2cOWL*iqzjuHdo0FOdihEyI8l+2V%~DtLBX1v=OAaVj3^
zKs8N-M|o-}#(?^<781$=VUpP3BpCPTz7E+)tg<C{Ghsv29D}H0GSK!@`>+o}`#5sb
zTUWZ!dw4(!59t5qUBulg^jC)|a&p6u;tb2{CE|=~i=RDj9VOn0?mk+gtyVohM=R4*
z%k<u)QoxWp^jbCMJg_kK4@-kR+O7c$L-vI)V2;gZrgQ|{K|JX(`7zgw(X^ei?{(Kw
z?)OFmi%&}zJ`v`>Ef|jJ>id$l)l_xDfU*&Mvkef`O(W<zd2^$OX!sz!r=F>tQtn>e
zA!t1Hwz*lf<kMfh#B4zvZ^=bm>Y}sETrKcL4Z2`!sKY_vi*8Fgg)TVDA;4%OGNOu`
zrUXBZrB{32A>Z7eavW1MIPdA7O6%sDD1luTUwAmNeE>G<UeExy{rp`CJ-5pN^`KJ?
zS8!`h_a~pI*5a?-wiVnjaS_&+JlohYcC=1!8?3=9{=hGqbOO(qq9Q#UiHcm7Bg6|?
zB(PDJ;v;rCCvt?u%k?>t#pH71F))Dh?LQ3QOvSQWCh%X9;2_WWq#pX*-)T#nC_NJ4
zIrIF`7|@t<+q1TTLySUa+2n2|s_2icgtA<T-BPSYdEx!(5-#kKcnafry?KEKDZ1&h
zr)oC>ihsy?vJyq4Bqt+0CcrhN_E`fwo&`CK3erPL$p7X@<l3f&P@_18A9kLW^kh~k
z>_5+cG6HB(-k#OMH@S7&nnj(jSaw|yiPp&T6rU#e8I9p|Wm8&1iIQ~MY>W5`N|<Yz
zPvz8Uuo&YBpn?Cmmw=}4A4>0qA@gFDa_sV<;p#8FfmTkt9Ai9H#&eq--^UqIm4-c%
zOw4=i7MP5BpSn9Pr%li(OU(Nb7L)CkJ#t!sLtlF287;WZx4VEWcY2GlpkocBQange
zhjHfvOU`lB6SCtCA_Q~U1INOdsS|yg+zWkl5;hHFZKH~z7T$V6*P(4wJ;QpcH!6zl
zvT!=VAvq;;^LR$=2lD)W+RCRE%KU8SeoX*x>WnWfAl+}$aBo8~(1nfyOhinOC~0Z8
zL$E0ZVl%4!zJZM+LVJ7Jc*B`Zimk%lNVxxnKi7%rVNDlZADO#fbYQt(&}gV)wUlkV
zp;nGIh|1<czN`OQa*W({d<?%(coMIy4?;)=Hf|u|=(Q6D+5YI_+AQoLSpI@MG;yIE
z+hKv%&Yt{ukGy0Zb%X^kVAK9eIVd(tYHZ{uS&+?*mqW4VxI*ZPduDZO9L7g%siVQp
za0HWZAWuOY_?)b3RL<x#?ot+E!JS`Na3}Pk`6jIjl}GYlb_Y=}-VO5I9;Cw4maP|R
z`WMSqT57uKEMk1^)|v_z=e9|FjGtX`zvNgP4amyg!4rE&F~yPkWwE`%gtjRCF*!rL
z6qZHgBN6<CKN2^~FZh>mkmvItg=CPgN%i`LhCI#hFn>(;6tkCKX%cDTe?rw=&*!iz
z@YKeC6X<fhJ(B(PRrIsUruBRHiKi~D*$%QjD-r90ZJi&RPFwm6BINoXDcnxXW3pL#
z)FIFL7KW+CBScb=fSXHd_dCP&l{Dq*5VK^TWtZw<3)TtWBDRYL)zr^=*9ZsV2hKww
z6$F*a(DQ$&N{SVQ{LE@sjy23=CaWk5C=vzUdoF>}&B<-?Unq7QU$Tdk#us##8saRX
zeLHoFxsTQBGEyn)<mqbfH3~WEV4anesIa9+M{IwXR7eJ&!Xivu4IPEagveXB-~fxw
z>d7BWf>^Cm<+L<8X3?hSuw48`{1bcWr1#uZDwA+EE+P8BPqDy=W1dS%nu71H4F%?~
z%zUnvFB;Dq_N+=P>c6;1k;$6>OtW@YE#;Es<OJ1?+ki+@0rmL>U_sFKaqN4}jcUB#
z)q(1tLK*e#8%O}rCi?pDgZ(St)0&s4pR<EfT(~6{RymC*{?Bc?*_ya_IFLg77Ms&W
zDs_WqzdRjq=*Lur1UgYzqo(ksnI6^EW*<PSTjyK^t8>LG*Q$!3V)2gDev@jCijo%@
zEK1dI^2l*dXugoxwg{mMBs(aOA`j!tk}n!W92o7hGhAt~FsXb;RaUZAAkLo>5PQcy
z5Ism7Sk>2|uj@Q;PT$sfcwnL2u=b}H^+xpU)f<udLM}K(0a>!rMD{|B0LTCdXTbuJ
zDxf-OCY-v(L{Ql!929kVkS?6I-H3-@*p9HQO{Csz&-JM^sYnJI-pD(ba0zc1msrA5
zeO=X7JOY0nk{7?b@O<h?>rj~NSZKmE)*mlU;zKi7URKeAyPEEScU3&J{WbbskHEX?
z0I$>6gi)1RsWM#U<$A-H$Vxaiu~HxITfVa7*bqQ*=cw!rvh>T-FXd>t)@v@jn`qv~
z44tGZ#P*8JIgg6kSRqKsX)gPTpUc6l>HAj9S)CsiJ@Gxq>1Q<~uo><&9`o;x+^=F|
z5tRsCwbEW$P*x8eCu@g3#^~=)hho(YikAq1Q|9OeK2u0y<vzQm%5nT;bb-yc=vM<$
z9;Jek%M)WfzT-6O_V-u5?v1aGqQ&?*y2+R0PKiVJDfS7HM7)`J2faXU{~=%}Tm(`}
zt(g%=Ga)Fr_A}8;upryhU$0F_=)Q8yL6P3<(`!R^W6PeR<weTtgX0&+A97_{k>(di
z$PrX>NiOGrlojEqqxiY$@O)XqeB2BSGb?gJ7j9(h`@hgQ@ZfQflcNSChaX;2nTTZZ
zVY_Ht^G#w>L%DcxLY;PL^{&3#pl7|GJC^Ci7D_fLz|s2of}6+BKQkU<*e(b_Xgx-t
zb@rcTzt|wqN;-t|%rLbrrtE0N?&<mLsuVb)a%liZgR2yiQUQ_W7|+h0UwtOGEqhv+
z9K~}S60-1fGm2B*{o^Z3Wh|#HX?&ePvdwD<x=ci!=9}ol6#VgsH~}(sPlS-=-+nY0
zR^vGt%Cdr*e*42K0df7!<$u0oRCZ?RX6q>ym0Yn_-j_>^jq&{1Q1pe3`BHAuoHg~B
z>A$0pcy>#vwfU~8@+<LQqG+xC9Ch@%LTdCcI#@B!j$fb3Hr5_+*JpMH;yXOxG5O{>
zN$6MD?Sg(q;F-i7=*%hynKj%$L-(S|Uy;+b3{#^O2{Lkrh<yWi5#4Dg@f;Uw;;EA1
z;@wm2wBv;&Lb7MBpyYygK&Bh{SKx%};oZbiMm<Q4OOP6c^{=+UbkJtXAn`zh`i(51
zF}m;2#6>HY$jNdB!A~<I(((5&^4)qf5e+sS_&_VIpMHIX3e0(?=3LDYfr><2^fT)f
z%PVd_!UHm`jJO@_BS1ky<TyzGdrd*)iRn=q(c?w;5keU~gv*Y1_<}F7_Nb2%eRq^-
z`$(w7xlX|(M6zg_I!2mV&&`~5Nn9_Pp=%}mRBz;UUwzGHeP)#s@rPcvhimZ?DS6<l
zVw^&^JmJ7;vK`a}U=$Ege9s<fZPq`~J#t3G#U+EHv6S6YbB2th3t987A{gH$56>%R
zdq`iSSZpe}?B2UhT>p3`As834*0>xMFQ?Rc0#6k>Pcm+b(dwSS(d1PYNfim>=4WM{
zeFxQ9gi|lH%s=*1uS%LbjBA)NiQ@nuP6UIEXsqXK15pd<q>*T-csy5djKso7b1rTA
z2)<*yn1RLSD>3GJcYOQ|Q4UvG5_D{anVz`TH0nP*K4t%xNQv^-Zdx}ROiJH3DK4=)
zOCxXI3A6uA`{7sMj&@fs^PwnTz`NqmN(<sL5Ysu{dX2cQcf)Zdl)mX1SJTh?RF*7b
z?Jw$S#DnWaZ-hkyQc^2947B&kz$$`R56JUloXPi4C<jEE;vpM~DLxnf+vxNg>M_hA
zE6~0@tS}#Ow5Y+^<toL<BCncn0prIeKs;=*(?5x&?zyY0aMkiei520LE$w2)MQDgg
zZvzoAribH4H<Kv%i|I+kU0^g2BN2Fv%Kas@&pd9r<3N4tV_1>PDK+!?L^@dM#GjHN
zWFUP726Jo4_s~~z`Fo|+XER0vR&pZl-*+Z|R|#4@CA>Bo`MI=vN|Umsf6EWZmsQt6
zOf~X*R46LzC?eq=#@}%(F1}M@&M{JfT)h)!Ef4nVr}E{wbK@i@J$-t)79P_2kq~P|
z8hDUfYLw91AC4V{9%KSnFz1b4q5H+-`ll{&;BFrGOPZIYWAd0C&UBw4Rdk5`yVZd5
z?QN4usQys0mhq(gcqZAg|9Jy`>B}<*kbq|2+T{iA<^WT+=Q9S--DE?=O%4YMXk(8X
zQu8y=<vv~B1zc`nJ!&JN)VTfGT*JRv3#5NvpTZgKC)%!Xkk=l)aUqB{ND0{r(oGLV
zGzMXKJoM6*Gw>if|DTfv4U2(xVE<3|z#uMN&)(we#8aAoJMl$2gNHmpHvf><I1CV8
z0wo}w3>ru!(Wa<{sUV~dA4NjEMtm?%<ycIYeJgu{*^4~h5~ntHi#qbTg@<8?hADH}
zolhGSRy>0qXBLIZ1{6_k)Syh<JSlI{t>i(uE@;-I9<XjoG`vH``IORYPb{}2cBHU4
zDT2^=tj_`@^&D82Q5l6Eo@(Gj;vejm)Th?vZ9AF^sLjm<-xJ@QwQKtI=A3}xKu&2<
z+uEE;#CylOQ9|k3yI-2lS7uWdWi0!PvqootSC{mI84eL+1jp~(bz2afNsd4;@W>Nz
zSL%U7FZSh|5D+5Wz@blNk@|<C+*Eku(2P_EzuT-((d+}Yi{6eJ%!ntqiGNO9fjblx
z6~50~WWeqxV$JD6a6HOzL<>Mb5xBb@{t;T}0SP34xe+fNYcCH$l*}qra`P3F=;`+D
zr~XgFSHx%jg=?AJvrLOWrDF?#tcVbkG)E8V$ifsEuL1Gbv0+%8Q3Jeu8tb7Sj!URe
zBY^mvhmi$=()OntLRoXrDbiNfHb%b)9fTMtgQL?<y@c3}NNDxJuRBqjzy+gg4u9K?
z_xBSEF9<w=gjXgF4e*UJlFdJora;b(I4rt=|DzL{RXdUR_1U~ubc1^2_kl(t68C`B
zV@nW2R{etRel*Krd(}p$luRJLI1JTJEGQsnE2g{Ig>Lt1!e}6f+wz7N_(6d`gIGY(
z*AjQ5t`1ciEE0=|V@ZOtIO`AqW`ts_E_(I8EG%RIiGVoEGgzctts5?%8u0!$x<*7Y
z=u8GgNle#kc=prCU9Y~l^KvsB!C&^nlnjV#?-UkJK=KUFz*W0ZKmA<}2MQKFT_=$!
z<|r?;%o~e+(IfJ8&`Sb<3ANamMcHu-8o%Am|1gWP4OkbjFt0n0>oh_GXQ7hzc{ha~
z9s;u{k)k$DVOM(SsZSk&)|tn2BYL<TIP%Cvhb+U)p)rS}gNMO+IT)bQd?Kg}g;+|q
zym$Zs`zVB?TEfs7bc-P!S`23YRg>jju~PpU)N`5qSqz|Bwg^H^K|w{?=rUCkA<xsc
z*|-~XP|rsowVkaQg}kVH-GQPK<a*i_tG(daZw5g7(7YbHmYXTg3;VmuG)g<q0^CIU
z2(o(li^Rj5KL&rP0(~nUFzWUaFJxJr%Ww&%@}?0QRsNvMh58#=&cAK#2oZt4>Chu2
z@G9GLQM;i)CASdQRNW#D(Dr^zf2lUiXl}GUPTc%wFR*HA{+freFn1uS#>SG-$1>%B
zCMzVqqLMZLXfMAn80g<FG&I&J#lW`wO;bprdx&+iaHql#0EgpGK=}F0i*fX>GJho6
z`?ub*K5gT<P}F~<nt7&Nqi{Aff4a7*I$S81X-CAUpd+RD;?hsYs)0&{f#osJW9m9n
zpX8H7ewG4NcI~)6WU9+RW9)x~WkkhK&NJl9K^Z0E)5?`SqB8>}2{DYx>ZwTz`NIt{
zY%wce1~c!IM=z4w7TSI?1NFf1Y!65@lpP0_V)et}o9L?|86^;D!q0vb2n(;c&KafA
zdH>cJRDJ(B1VS?!5;KeLfE_M?(tMEWd<J_QHkk|Hif<vn{yV<p!??6ux)60p#u--S
zuz*Jt80}JgE-B~k02YXOFEgxK)Pky4{x&kxcGHrkpqGIfpi(Z35xP#mg1VR;^d1-H
zyY15Rsg(Yz(_wD*_1Cp`6XzGN*wF!Oo`DjbPYlN3&`3@hDzM1-s}v-Bd6Z-*hu{DD
zTCYQ=E(sQ{>^(NF_v!=r<}ic1B6Z@eYZ=wT37)VDmdW<@FreFm^-!yHiW@{c(yjZD
z`WSP5eJPO%?9Po;eHXl8N0+#L$j{t>)o1rfwMDHQ$2$rGRo#f|;(E1N6&=7><Y&f@
zF?)g@W5|r3UV_!XDM67(<O)qgZ~Oz5(7!`0*+P~o2D$Pb@mc;EihG0sLUWM#==}2!
zJm^U)4B{p(h1BHU=!ie4K<J2n#{+k10L@q4d71;Utf+#}6bv(_23TAw$Hm35^XE^-
zWp+lpR`xos3-cHJjLS4@jTfxcD#zY%I{?BH(yd5jtMFkWdStr_^t%A>pTkmxw|}AZ
z{3#dqw8i>_>c|wu!RrK$9T3>vAV5H4O}*Lzwby3k#|m#i8$>(Gr+?7K9BFc=eD?Nm
z@6>htA}49P7TbTFaG-YJ3IqrkH%!|Xx<Aqv-An<n2IzJJkqeub87%TuF!xjg8f$5+
z^_sD{sK7Xmod0P+28-xX?+Js)<nR2Fpe{u^8Ih^&`Jd1ul%p^^Z&M*lP-Bt?LBK(T
zTmG}iGMW_G{{Mp%>0hNRd=acJJ{!tkavHp5G?RJ1VKiJg2s|@d`IQrY{+NK?;ZFVa
z?EC>=<@OINAd7kA>JxyGyZeCXGb*z~H&(iDLi{ErT#Xj7*3)_LSw_%qD5X%?Z*DBc
zpVs|XibhGH@a`XAvCg|(k%0E%KpK;E$4gyQ#(EL_x9n%Sew~<CJop9FrCu>?j4Tks
z2!q*&&%t9rmFlI_gW;zwRCWM!UeWsltOvdW3uShMUqM}TqbfmN;<Rlt?s?C)z9btJ
zkh|=b1MaK4;fOryZ*J~|EKq%+9CvJssXYS_*v)-N9laNT#WopO>bzM<Nh4wbl=?VQ
z9p?ZsndU=keCjQB5>1|M4@VMhV2h2)S>n&kr0a9G;7$kWU{8Y}G$6J#y+fr+Q^e;`
zeBSdkp!+nifMef6gIn0nvJHJG3<>G>cuaQ6xikz7R#2!R<#hf)i2~|H%3>j(C=d>G
z^SUAJ7;{M3hk*JZx;3K;tr?&=xSupK;!?XGwMPKp@NqyPQ(6A85cLL$MG)1pgpQKu
zqFW$*W)bVGv)lswKZ+c92E?F7d51poEo|tZvA&WSh2AX7cLFk>JOR5=Q=)xB&nV3h
zB%9C2ZUsx9l?6VT;MPl!8aHo+LF!}<;V>Psy0ED?92S*WXIIO?0_4qD|7Hpa<+LSJ
z??5DUbKgQG)*!yZkCe-7`iU5{k9iG>R9;OY7ioie4r>X_YgDD@r3Nin&=0}m;>QN6
zN({$TO~8?JVj*1}+xM0mUCO0F?EUsCyX%iCK~gn_{){mV9#suWe>a1-Xbq`h8A)($
ze%Z&&2#T(oPFAG_gZMQFs8~@J6VbE9jK3|@IPJ(8K!+#n;687C`v0NFoD=So`tR-!
zTopCT+)-fTdmTgEiSl<U4k(xdB^;nB31&DIK_q>wrT8e)dA1F5#(~*M^y1+HXjK4*
zrDuJsjub#QBjVqD?)itph<KzsXcsZw`aL%cJ<KD)eZ6LTq0N*8{&E~4^20bI>nj@r
z1oj{<g|x9c>iO>>T*?)kZ92pceYXbK9F*sL>K%;4ZYDm{0}z@48JIxqe@$heu@?5i
zqRWiqV6HdhxWKG;1Vl=hBg+f>%A;EkRK&@BjG^Wjt3!bliZodrzWfhU87@FY0Nf`g
z0wEHa%5Vz6-FzGB$&tP{==iOXKZ`+7B!Z?|+P+IO+~`>1gWg6aSMa~;vN~;P(H|dz
z$gc|MK(jopQb#=vYzc%te<oeyx)%TqR4D_doLKxSb{<VYY)8skpf{hbn*{yTZZ*im
z#GM^a&_faO8(2!s`f(8vS4q%o)s6~}L&NEbZ>0$L9>V=*#rgd+=hZ<sNKEh~ger;s
zyQH`zr4hZU63It^uCIpfbM1cMYYdpp?VYDsF`9+C*G*7WwOVx;rz*li10}n(5L64l
z`wce#q8l-V3OOtndL8i>XTMbp#Cjj_T`Hn5+TCyB&;6J?)=`;M%@!m!QGDL2bSWM_
z6Uf+61you^Y!pn{TmdSLb_>Y}o%sK*IOLiZ(yf>WZ*}>K6#r1neDH%c&Rnf7OzJRr
zqgb8vl*#IN`<hV~2t)@}HfBQF0bbw(zN4?v1JUy^)RYhMTJ*dGzCLIIdC{<Hn4e5m
zmtYm4V>b=s*Jb45DoQ)98G-AnyhaSE2UC}AnAQBtqC`A9TZSF`-5qsoDiaI`Ypdla
z#-{N9s+9QtZX$Ru{ZAz^a*3ct2S4-y7l%Yj4}m94F|+elY&bdx`y0=Uf+U3XJj-_r
zIyM$NfmbRAvg#xm9D6b?38bV|5T;ch8-hb(+T?-BqV}>Don2iayMko=Z@MwR68<vR
zB-&Zc9*eC~6zM%4vs9m8G&9sdM<)VGo1Hp~);JD`jZgj>8F}s}P@2epod|Ar>*hF=
zvzGv(I=83>qq2*s0VL>Z@p55BZ?`_@;V{__@YJn(br{}F)v{l5C9(TmcirRNN03$<
z&|qL8&yH!5ScnW)4g!T*K3NMeyuf%GR63n88%Dp21yXG{^q36l#PzkZg#%Jne{!xH
z)Z8P7aH$MT_`0{wI}S%3(Z*Ra<UINCf$Z8(&HEUPGgBna__|vZfGCWX7B^&oc5o5(
zxS`{y6qkcUa6r!(t3%r@o6%1RARdtH%M~nj5c;}VAK`0&Q^7$xH<#Dod%HcJ>+V-5
zVwmn6L;0TyhLoNqo29{+XG~W41~u+Huv_Rq?^W1nd{$PqAn1W-k0FiQ48D%>vq)QN
z&fqiXU-f-VUcxIAqE-I1oM5_S5V7YHB|i*U>FdV4`fJzRzHc+xr;R<W4?-dGDX^B^
z%LQWWit1Z*jOjv*K}Vd9)3T2JzIwWgxY9bYH7?I_(ZPa85jf{Jo++<Xa2ocl=o)=E
zRPg!&B=hI5-GRAqlNOjuE{WX8G=fb+Ar<Ca|GWK5`}%SHg~B5PbLmniOV?K?s_-jd
zPN{fK%VP}pWYhWzd8$^u^it_kgY_5ikX^u`Cc$tP5EnA_ABRN}E}+A&Q$@WC{Sp%J
z63I%0Xorrj=JvVb{Mi;iqmh=6?6RfdkI4g-ekA|%jsD<`P$B-pU*-Q7OY2qOiap3Q
zee0zfYrm!svFj_AV}E2Ht2)g_byDoign6NzwXg_0F&jvnC@(tnUfN?vpu_=5;h5F&
zVWaMx5t~{r&T8<axa>Yxq1{B_K3AGZxf<VEs~QlWV4h-*>pBT!SyhcBTsZ-(Ea8Bd
zgUzuAZvH(BU=#g%b--Pa(hJaf2++FFD<C-?yjPx+I_V>IbfMo<e`M~#`m4W7c}x|d
zVV24ul#5zYAPuq(6CzeXb*RMOc#aoaSh@Y@I;Ggo5KL!hmu(NJVLyyy*MK4h3T1F>
zd^swPpc)6UyPyn-v6Sq%<S}QPk&pD%Egu!e4#$IeWYr8NkqmkL9u}ZI@QIM994PbN
z{r)dNQ)hQVll;4A2w>UG3u9nmyiNOVVrL2EvD509@-y(#aM6^&`gCRCg#fAbnY?Nq
z{Us<^@rU}CJ4DQF0|E8^E9bRuVZov$O>fRAaxE`G&U#|rAfmcQ)Q%Ksx1L5wU~iOK
zpD+Xu!dFoGn*~owPSM6ZbDnVwXijq$v-HBR0}+jazfCvUz!{_ruC_28TQl%dtDKJW
z;P61Wg~tWUS^ddJMgt)#Ye`^3$%O(>-?8-dt_&)hV^7_{&sXc`KtJT4l9OKNpZ4ax
z6ac>OX|;J6h>!pw#IbitH#ThtK?$4h5QHe6lp0Np8)ySna<X-4zUP}(q(T3sSxx9!
zpbRd~l}rQ#_C2fPr{06z)iv%3iV?@?_1&)5M~O*+S7(pdRO}boS77}S)>6usjKc(s
z7EC^B-ErQGFYp&r45A}0lnXyu1J76nZKD-GYgIT>wFt!cNt`vChxyOoa70OzOso<w
zj%QSmC`A*2GmT;<AFgmOO9EN?*ckdcZJ-q>|3IQIdilX#XuZRZDJ}|#|Ec|{+7zUj
zjeQQDULReY4ogqEWESx<mos`1=QNkBe?(bw>1yykNlvvix0Lt>o`r{<M^y~KVH5uX
zd+fR3gJNO>&pH4)x1h*SI5z;O@(*tgFQxn%ALk9oS*<sblo$`G_RdYXU_4#aHz)Ej
zI2ZKufmTNPN)|_6Cd*DicVM|yKSnwR+F-tX=QH2Uc09Dan4n`QKExGVhdFr~qYUf?
zpwB?pb)dBeiOGhX+bL^3F{$#W<NvZ2K%Hn#6-MG^?x!>mqhJ<*{@q#Fs!lpRQH+im
zC5Rb|&<w>NimmK;YVQPBs#!!|I-va?`x(Vd`;iun(v@J1JS*Mhi}#zNSzu!$c$*-w
z;(!G2P(y$2tg}}3yf2TW>WtY7g(vH4o?zqjC!Juk<4{vf-E>q!CB+MfwiSAN*!iwg
z(52BtrwXRNJMy&$R;)4>xZYCd(mjQ&@_#)2T$(mw0+x(_11B>{(}BCF#)_iPPr>j)
z!JsHdIAF<1r4;EiYx&1Y{EGE91n;d^MH=42baxzM$EZuJIrTUXN7>j3Ze0K`?J_x;
z_V$4gcHw7kIHV))C<sWM4(Z*b+93Gg+=|sI2QWUQ9>cltPy`9Ec!>j+n|YR<j7pSc
zrjTI%yUILH#$s?4*uXs1aO96Egwg!7xMXxPNJS#HV<2L?=Qdy6SBdYrId|X-R7r<G
zRfBB9Kcu+zAxckM67w)c=K$<407s9uFMgk|JgP%-ml+-q6h2m04Yz?y)_`J48tXto
z#|Bh_ISwaW!0gcBAW)xXak>=AjfKOgZz{uwN2p-?#sQrekdoxs--Q(4s3Ivz`N%eO
zD<S|^i-0WSExrb4xL_=7;Zi@33Zp-~)_%t~eh)*CQgkh?llV?%P*s-!qbWc}BJXz2
zKTPzS`|ZCk=Lwp?)x9L4$3wm8ggTF6%T_QZ5jsd~`;b$;gC8^b{!=;5mJKxgs~(q)
z@d2QIL@S2_8Fo_k3~utfonbR@&;70TISe8+D;x_T+kv;uK$Y$w<sTSc4Ib;iV>|cv
z-{u>84SFrjKEY(;9pF&v1cV!H-U|F>!x>c|;H-&QW3ZJe@MS@fEW^>)Fmb#|SC?Ic
zt(lhli8hvQN-#kSC=JX2I&RmAo}m2!sa?1no8R$cBMMLe2{+uE`^Dz9!C#Pu84%Ws
zZ(zjn^}SGqA+}T`m9f$Lh$6pDLm&d<uUg$vutOR&&p^6uN6@+X0<lOfCa6NS{{6UF
z6g+>&TlFba&M+1Ijqran`$h4&4psOg>^wXOXARLzoV`$r3QXzH4IYXx&PHYx9hXAT
z%sEkyei%fqgJ4i278&+tstrHKFlo@E&$!}-LI6~3)IKF46EzY6o6}f3m<OUChKgVo
z1cPuGbvQ^Q9x0L!xqOQYRoMH-Z7>druo(IKkvk9;6&y-Kf8?&>ciF%XEgxhOQtS|9
z0*eDlurX^hT5~{P9kL}~-@^?eKtj#!10PG#zCM_kw?PDHj(b&*XJ}?&1cpfaPtTh@
z1N;(@F(-$R_<kfTebW*d9JGnzrT6|0lI^{48_pV(1_54B3!9)(cntOAZGS;w`d=}B
z?Y-ab3$O#d;_3z-9rK!}2cg#W<3)d={`L->v;l%(JZ5~*@B<kFq~BvBsJ)pTzukxQ
z19(@{8!HOnVv2<X(ZI?!2L<@%o5XEs1&qC)9c&4`#}7oX$joGs8|q=k|AeX+^oM@E
zS8qY!7oE*mtmrJ}nD1YIc-w2C&sEuNcr=+58e!eN+g)6$M&dikY@!F8;u_HB-AL$r
zGg?6g060z@?3VqDPem%HJf{=fbsdY><~>(j-N<A5y;B~=(Egm7ck}>f%BQvXr{JPG
z1hOEfCFovTSPeS=J|Te<xSZ+LL7ujluL~aqz@Yl||Btfw4r{90-bEEbKtvD(lqw=1
zAWi92LFv8sD$=`jLPVO1fb`xW^d3Sd6anc-3lNHQDFJDrguq>Vd*5^RJ=^d5o%=lN
zkM&2^%3O1fIm$c6c;}hmD}al^|9qF*F(n!XI2_K)$5)cN45X68=r@P{Xb=L|u7(Ii
zUH|SNn+V<j$QmNc%h$W$SfuXKB^K^{%&`=8@$1C<Aa#N4|BZF9tuz&aKrKP@Z2A><
zi51`jR0l8oQCJ^-y;6$w2L#CB0Q3Q`<IEvYGywm^Z;v>%*LGhYi0J3Ke0N2iq9VMS
ze)V2{XCM}UKlHu|pk1$$YxwU9{^*#zApgr-<^m|%j1B|<q1#)?DZUH1I6%nB66l%y
z$Km`7G`3Wk(h*_a_pb0s1zPP+z03uH1sGQb99k#ntv?5pidPEb-!R97{gh71`!c?E
z!!4aF%Y!PqVkXpL2P{uf(qFx`|0R$kf92Ayk{HD*Q;;Bz<fZx<e&;bCyQ(X2=l)-e
zB$j|vL?52<XCA_lfWN#1w&;H^l_jAwwJj#B!bh3*-S4pnKSg)z#arEvCS3am1&=s@
z6h1?kATR^p|5AgV*S*^RJRQKnh(I=**`a^P^lUUyky}+{<J-P0HXxO(;s3`AuE?!M
zyz+t_^X=#FJO!5mt%fIhSlX+wstUkBqO?c;#^L~`9uq+$(ILQ}sW91G=HU)FKDB7A
zt13ly3cy9w8o2o5xNV%T9=t+;ECG~bR!N2$prom2UUSq%94Ii%1z^g8%6$yy;W|L6
zs&^S}{FN}-0aZFB@$P>nV4V4@w=-1rlUU`02!VFd-}QD22#%lRtSVooYu3LVK6w79
zWgcp)S!xJWm^(}xIcm#_Iql5)R1LRcy87ayx;ja)PT#O4)8>8SMZA{X15?#L?haFx
zttpRgioZpt30L*d`*nSo^9&~>7qK|qUv*utM&6u5gbfq8_;q)bOi~mgK=mH4$N!wg
z^Z85Eoq&Fqnp9D1CnL|(0!7Z>d9f-Ea*Cz0ZGeJWnDV;BTJEo~Vav1Y>ICUI$)dfU
zHt}cpZWaYBOe_s90?Zg}woM?6rt2UHSnYh?gk505(qjGF6wJf$@X&!~tVl!ZM0i+S
zNT<}BFQDcSpoP$u@Lns`cOC!1{gkYhypN&FdAE^?9$=iJ+ijWBe~%nukti}TQ*qs$
zstf=*AYmR_AxbHH!fyxC9@ryF=_f8aQCd-$-!AJ1e@?a$@cm`UmQyORxsoCh^XF@I
zuTt)u=7e(rpH<}1c8t7i1DM9v<2Ey7vdTGSCOj#b9M*?Y>zD$Ye2<FjS0Sb-xx&d!
zDFB&jSrW#lyBAgF{nQDLLWq7wnLvdoxn`Mm8ZdRP3oTx|C(S8TM{-m2E<fEZ;aHN7
z022v?{7*xRWk^I-i<}LDsmOScUvP_eHiiFLnQq0#nDsXz)AP|Ot#jh}lm5(}HRaA>
zTpo{^aiOJ;RNuyJ$Cj)SSRsJliU$&2egyJXig&#_5%v$}{mWljv*l;Z``f}b%m1gk
zjxcm;En<wwPPm@=%u1p8B%eDxGBWaIY;F?@<|np$s;IyuuW8}d^?8-Jq5G}sRKnJA
z6F$Qi(On+meH$9Qx*rPD&W{7%4T~&&r+SrQ;itJr!s2wkN}LaV!8_$@YjDUEDI@|>
z&NN9`!|J~NAUH_RlTem$yjV5fS@oyU0$wuhm8!YwbF}Hipe|32Pi7Esk(s%kW>d}^
ztr!47%z4C^DwCS8ZXM)kJU1LAo`K!Ah?owum`1_bWad;NlWRQLB3O*;JeA?n8vDM9
z7Id@Fd|TOmP1-~+;E2C~d((^F7IQNe#mgD@>suX8v8@;sgYAMWeSi=>=rH<8HAl3}
z>7Ch8gQl9#jd`{zf{wHIRmJwcsc1eSp*0tEwXhywgH&e-fDB5(`@MR)<5tk#)Q#62
z)|=3cDov~cq6xxR>wZezXTJt{{G-{YiPA*8>u|KI_Ha6*98+pB_>)k25^Uzf)+<q0
zDL?kQg6)CibL}H&j+6V^P{cec1d*a$<<XxYVZC*^|DZ|#M~$OluUCDMmF9<1XtyhG
zbyeNTbiKKBZ#lRq2wqZ)Y-?l<D>L+Jo%Ee14v62wz=Zt8#;R^?#a}p$9<~A)WCUxb
z9@Q0K0~gT0NZsOu+*U=1OeH{4RWv^ps4uW()Sl7MZ5s{l>$`~p2c0US+${Hw!OPs>
zs<9MgFQ0Nt#*EpSA^f!4G+{^FvL)1DKCH)ps^^ahbD&uBN?jP$-Gz0A2r$3iX*td~
z8Jf@)ba>;~AW?h!q(dD2WoMm}TEN^;!uixo!IR!~oJfH%-yVDz6wnJSXN&ba4{mmp
zuRCwZesPa(0!jFT=Wn}txqam~u&M#)xpIVqfxYAV7&`nTpS?~7|B5(LPH-GrS#uk0
zEGxilGIp=;c>Z93uW$9)7&VOTWz*$#`~;bMiT(0pFD}m#Qkk&ywxYj&?o8S5w&2g9
z&N8ui(2TdI{v?v;YPNP8araaWMUICn;N^$DlUz;rc7~&Xs>%5I#LGIztw}xDHq7Gl
zFWG(u6psSo!Tda`YTaZwO|lHz1TFMacwg{sf~#p@-qlDUVZjySxc8lj1a(q+Zm|nO
zhu_E?Ti`-nj_d~LmUcCjnpX4BJ$Jq+cm2&cm!GHG@Z}Km=}|)xnHlmk?xKrf+3ct=
zdfMx9^xiyZIb#!mkz^He(=iuJfpk@c*>h$HeR;9W*3bfkwhFJZ{Jz$394WW6eK?pP
zdeU%y9~12Nc}tz!+k9gy6AMims*_6~nH`loE$WgRU6}W<=KcImdGJC8KcirJz90`}
z9>$=3E*(8xm3<P%Di|LFQ)S&9lXMa)m75%TauMB54rC*hfgbMPjvi2iZa?O?&9Lni
zkJf+touoD<SJrV$paXqnA^Hjt&wkn-PAf)&^fyEpynkNQAMZ5D7=`gOCz!Zx_bW0v
zYUUhN^<>C%L4Gu@;;sh0_VJo)a0oLO_DP8G7d$_=&L8g2%ztC2pq8&*OZ3?`38>yO
zRrn2w4h7Ua8#5``4?!nN_KD3$PsIqL?oKmV!5#5bdCLG&CPppP!j;JsA&_qL*k$xo
zbDxFT-P5?zkWGEEP6cR_g3SShn**FOQg=#CXD;U-si%>ZuO8&z{l=CY7h}I6B0xd7
z*%WS{q*I!G`hlvo{=PO+pE@ut#vaIM0hwB^ClhS(6N1ymT-*^4m6@JgC4yiSR=Wn<
znKCKpLkAAJOtK{o21E763@x2AE@p19=Ui=9VZZg{@wR=UjJ=Z{oDniCm-{~a$8cAI
z4F9pQs`uHK2d;-iCR*&y?&`zZU2^Ndh8K}-Y<1gKz$e**8`S6LkZkyxi1`h-C|Jw8
znqID)Y0QmDK9WQ2?=3M9JZ(AcrbFdTdIlMr<nJk2#cjotRTt4g?B&4-+j}+&kp-x#
zM+xxO)nwbrD4#_@yZ4Ss%G4icEF_@WF1c%a`9AYugF+6Y7&SyoCl+i@X$Q}n+(+|-
zn&oC7-+a#eFxt^jW#nDkH;z97#umKT^hG-)pBAoA+xsw-uQdM^N&UAOx@rOkViCZB
zaF?5cuwZ9{8n5;PTkQ_t3^()k==UkUzKUI&uGT?#$$h%U9{ORW*tAwf!kR?-<NYK)
zTQ^%o+$-f=m42jo7r{u}m(5fccGmKnEZ9DK;1t(mXGNyB{Z@Gkw$zJ!Gd$_LkrsTL
z(r`bQ9)usNMV0oQi*C_80(+7&%Ga>!o|nD@-<_|=)Oqbp!FNCYG`(0lQ&-&+HNu`{
z?6z9mLyNyAYu<(J2H?lZe1zo9a68wx#yN0;GbdM+G^vk|ei_aidp!-uXK02)F?kkt
zn^f?XdW}c?pb^2|)K<~8B&tNRaZp5`r|sp!`B_2$laHpx(P=n|vT4^a*weVw^zzMy
zN3k<?M3WP0=FwgBz)Ys5=2C-@tR0geb~BU?lX!=E32f=An5z^ec9!&VIV0wLgMlbd
zy{_)UcVleKhRUNbe~vWqUVQiS_^~<@&?Wt-m+kmT0EXeKNq1BQb}`bntlw3RslDQI
z<2hK@79JG-3Z3!#ktlPiGn)*opiBpxo8MvZ6TH#tK6O_%VTWX6J{HEO?duCPcA{Ly
zK)UWe09^3TbqheT2{m+wZ*UvnfTLpjp*ugCQW8~R^nhd*Y-$^9aC&g)S2y>0Wj;ol
zDWbl4hZPams<4#`2{usJR!$eFh0<I5Y%cT7984u*U$SMR!!s|Taj)d@<H>bF<Z&AZ
zi)4PohESo5T9+ujhW)Bhn?5Lb0oArntEE8A%?-g(kzd~z9<}M-`urmdgeXxy^4)N)
zc)~31+;oKKf;N&IbJ~4JbWT+Gw?ZL1s^LG%f*fu0oJG853U+l=gbE}#SK?rceH@5f
zXWG8icydp+0NZzNGkuuLop$`s8$r(8yN%0UKEdx6EbsX5wCBU3Wki7BX@N81gw6pq
z)rvU;8B1K6eL7hze;&Wr{95sIJvZ&MomJaJO^o8F-%w)Rw+&pmwHy>e-!9odSuglH
zPFFYB!~!vAtnIg*@XxROXGZ0IKq=qNj5gM>z0ADG?%*!xz6kxSj<i+W?a#H<Bn#-u
z?N`i1Y&t`=^uo`bM^}Ju(q9(X`GNv!)v>P&-pkwyTjGc_vMWSwM)PmdMjls+7=Xxf
zDbr+FA?gXX(4}(=g{7e(c~J!w%}TT}70ek2eYQ|B*LZn-n5~Q?6`d~P0UXb~ZQWCi
zbczULxG=WeTx1TTH%UnmWLEAs6wcO>??C^uG|{4dE$AY$=9YW|oH$%noTMOBRwv?O
z=r(mXe<MUw<2f_CY)yPDsFRr<U&U5buYqkk0rE^GS9|PTJ=@)MnHZ<1lS}8*9+F&i
z8s*@W9dFxAHn*|F)gMVwT&DDO7i$Rt1>P#rHp)F0z>+B1H$k|^#=C82ruIb&uy>x!
z=N%LjK`@h`oo0*1Ii^T1R3jwm&S`d7!0{n;KwF7hl(H^*DWjajctKNDoI>)fVmE%%
zP_ZdcC#Z!%S!~R8)i*zS+xE?2TbUSkuOi&G15<8oM4ul3{-H8<IAg1*smWjfUF73O
zM^&6IMyl^!`A2$nZv(i2)Wr|=t9bpt4Ii}bJ;3#wf6eQPxz#XS4ZNXf%0&^|ANM^d
z+2dX>axPpQ%I1>@`K633gR?<Wj4!@N&f&9&L<toG=2=gXuS^vvhd9)Oddu5FO{tG`
zO$7OsP17L1IGtC&X)_Zd6I+(F^M4e93Q(Mhf>XQML+bNh>b%6icV6c-P7)#m5n2+a
zXX%qeb4^LDJ}Omc8-+NM*_%M&sg8-Tc~kSpe#h7TXHG%P4yNeOx|E*jATOFjj|F~^
zCfPIQ<>NW$%Tb%5cQ2^((`3B4z$?*@82vA^tZt(hZOC9j#@6iidG!Tb3W!8lT)h$#
zI4m5L@0tH0?8KCLPwDk--HJo3x-6W>Gg(~pCW`|V<=9s*s<G$-{wVNSERYQD!gN)+
zM2Vl3A&t&*PE0v3Wcsc6G0vKg1pR^mu<pNY20)+(6hn4Q#(np2T39Wz!9+GH6)5%2
z#(gw4{$hkZ8a4dP7G<h#!1|22Uqn<?5s07<5AXHXTz<ARIUF4&7;W7ug**#YFd|Nz
z65Uy?cp9Hc*2z{SG%7GI+}Fb|Vvh8hn~ghB(ma72Spd2EuWNOjllLUNNAALcn4fVd
zizJZ4Y@vIToQD0lqF5mKw&cw@tHVmDGJ!Qac$j}*g8kO7(|1LqFie4JIM>O9311Bf
z2UYRHTyN4?rW&WU2|F|%x7ImJ?yft7j(2wE%qmbvOYg~tgnv53x(f)e-;Vhj{P+c#
z?-94U^q|dKzUL{A2jLFmbMafc6BFVdXKBTz@IYyAB2IOi3*VXDsiAL%aGeQN$bzGL
zo9Fy}_m4LOorg#amd6b<E~;z#tB0{D)x0Ae?qEN%DJgqO%qwZ37PqcvRt93KsfRL1
z-6H#>YjwsvJL;lv8}W+NYntDsp=hBUrlgoq8b0sBygbOJ4-RH3;bs=aPSIf1#m}Q}
zAs3Hd;QZ}HT7qi<niKlP63qZUKlXhpe!9Yt<EDgH(`k+){4!Z$sK11iy3yX{V2!gD
zww?Uk4sKAp0CD~FN#1UEpdXs$)V~&Ca4<Z1NXw^ZJIlUE&*xsXTY7hX=7YHE2M*^C
zE#{rF8{+JsIrmA;2N1eN%BedKAW+u$-{fz<WINv0gmu5vB!}cm=bMW<1X~mYmzAfa
zLi|mmM&3FkPMe6l@feq%EH`1Eo@Omp+9@+F*<>BtEl-(;sM&Z)_tT`*p4eO)GR$Zv
zn>s^gYEKX?X5hjIo>SNIc%-MMa)JOxA8`}Xo_e#{T$TzOaVb6V7liiN(ME+zpDNTl
z47PQN6ARIw>9c}iMQjQ-sfnxxHuiJQ6SkT>>x-M?LALVmapnI0$_aW=T0w(v+$kW^
zIN{FuVR}(UZ^H?!r5RMN5DqIFg$$}=63g{#JG{4Y@9MlvN{x%#ek0HT3X2>qa;IVz
z6VAnDmG|XVA-LtZE}!)l*U!&$H^x}B4k@4K7d1cHs7%B8#-zc&Nb~*x(ecih>O-~Q
z&?lSQMYm%|cnA{ZSE`oFN8f(c<!IM%a*8Ypm7sp!4FhHai=_}j|C%;Lan8!9qzQ3J
zmKme81h`V_Z1OiLSw~XDy~?F-)VcbG^65ZQqi7}al=div^B;)4tLJl=lAAq>)%-?8
z1u<<wVYgIb@AoRhGy4X$spI<Dt(^B^$Lx1lniTL%e*dnMj2<v-A>C0nOD#XMY|CO)
zkUlF-(_k>*)AUnmTK?q!v)C_6XN4>s%vg$&bg85ddj0zK2ftef5h$MH+rf~s87685
zh#7;uznF$G)qqcZqldXK*~9C9e+7Og|9IqKX*1Qm2scBS)0}c0nFN`6dTTOoZy=rD
zbGa<ci@W_A3A{Dd+=u^G_c^i-fk}MS5s5;+S(u*_DL;*!sETExT?1uL>uG2({<8m?
zz#<(M!KdDpE>p_d9)I_h4uPJIux&O3GO5dwAiL#HQYh|P=R8+>tQAs8i8BndbJiQT
zTKv#pP`FxjTeHfA$YIa~K2kXc-D5S@9mks)8hIrnD#cu>Tvjm^QD}zG$PqkahKG+b
z`GU8tZ%=eh8N_%VD!;XVu<mgl8bK|8c|EAsXOnmftbw60on6qAbvfuE&_<mrLyOOP
zcaE_bbkSaYm-_JlTEBR=X|vQ}tZjau&vIb$mY@gk2X~t)C#0|Iuobxz12KashTOIV
z*a7pv4q));%|E+An3j7<$(_P&J>Cl2G4j~`k(c-Q=<X|UQL36QsIqF5k@N_$U_4j6
z9Oin9GvJG~zg(s7>aF%LrX8akyUwha(##K}46Q!U;((v;%yk`iaVH&Aa<B5<A^dvn
z@2?l{t`=!IEA>_6&JJa*vsG*PBix(`4_5`DDNS2rn9X!w^aK!!ADTpwI++bC32~Nc
zrr4HCMcyQiQ}gr=QKRh8){Q{?u<W+0$&(9faZofue?5F$Z&x^gyrZ+`xcHUwZ4lK!
z<`yaC42}rFN1}<=_`>j_-5q05I=@O^c4_PKi(o@DB*YOigQ*MSq8Gb$YoDKq;BodT
zep$O3p@X^&=8nF?L4#C1;X%6@K1$l=Q3nNO#w6ATN=n0qGT6qurK_U@IliH+qN0w|
z`T3+!GB}T*q)%JcEW8;N(3A8;%(yVvrB|cEB!}xPi|l9T0MvE<OhOOG5R4)BH~^Hl
zE_3DU%WQ^4xA=#kBX;XSFFKb+)yf_9H|smC`xBQ^9v?j0lIVEtzTD$rMA<RF7uVb_
z)!#Bu(|8sP>wL^6te^1IAZwQwA#`Dc?@o^{FzROhhi!44?4t@!RjZRypd)Fw6^+&Y
zeZLqfQv5;wWiwBYiqYbbhXeC|lflbEcF<9@rWC1Rl4XbA;U-g=LG2_2Y+gP-QQN=$
z(74f)-0Q82VevaUQO`*qrn!A9#kfk5;b^=LM(BsEF(HD7Ub{2-n@z*sMV`h_mVe!y
zt_(=;Tu8%xT#1^{HGtVMi+VZ4w)myhM$)a)iL%oeDZNO2hOE`Zz}ZnN!NIu8`5{Zd
z$+%+%<*>F%!+<;4%Zr@`hKT575nd^AFM}M?5osF&^9<KtrZ%5C_@F;x1k6WT2m3bj
zjtTh#Nb@?Co+;_1ic2de735BX`PH1hBaGq8OgFy3I~Am7J+sZM*PVy38>)G(<NcjU
zv|_K4Q*=^tCCdz%cyxC*9UPYjQw0h=8Qw)Ky)#btyXTIBmXHBUcZ%$4l@B3J!3DSQ
zHgFio?`23B+cx|5(L+YFtpfVG?llyg%%59g+qWW!JO9BJ$UUSa{C3vJiwAp2do-d}
zwvZJF<0a0{p6=oM`1&NBf=^gcu|I9#5i<FOx3(^!1f!AXoaIC$Rm6IsUyJV%G$D&M
z7M5Kq2rbM`H-PZ@wU@JVPRGS*6(uGW;=Spz8&*@5I#-*VUWsUYJg%sA#5D<WK4<c|
ztqX<}fr7#cu|Ypfd8AErbg<(3Ew15FVGxi{{skJbVEBNa^XVi*Gk+Oe4<Kv!dpRQD
z57aXi+?mepXncBHNqi({dF42$zcd3>drU?~HeVWty^ic_Jj*OHz^{l1<a$f~Pv)_W
z`!AU!HiU-~F~wdZ9Djww^Kuqu3=!B!jsEd!7r(`!_mNfP3}(KJzp9KsdkA=G86oJK
zNX$Pe7omSo@*=I{({Nn5hmUZdA+6=txr{xgd0t1f*hkR|(?&N|s;Oga*X?f;k8<tY
zQ0Dqu=jSiKs7mqSBqD;bGNKbK?sv=)6=F`hMMqBr8W4zi&k-1Ew=g3UF;**s>Lu@)
z$Qa6=tDCI#HxVWODYiWjr29{=Cf&Mnt&*r=RRQ>w*sEWXzQqB)lK8n3rR?8(WWb!O
zUX6&YGUAM}@7C3Hyg)r7-6ENvnMidY{(H@PjZiD|$|2D-GsN<K186|5e3$cwz>_AD
zYP{_K^x!w#f3JO5T*+m9n4{8dFM*h=#~%ShVQ7xty*~N(ZV>RZobanZmNp}j4Rm}L
zp*R_O^{gFdpx#wr8)@~=8|TH9pxloA?s`&Ty&JH4{aLAcuSH9zy_R)VH85+nG1t}?
z4W`Q+?)}pj;41xV&WOE#@i6}N!xs;6EwJr01kWLie=qb8184qvup!LRk$%pB=IY5;
zj9259F;A>i_{Zf{|CfLxKi-j~RJmHuD%q>aszNL~@cz?Ky;(`Owz^5DI=X862R?ri
zcW5EO5B(>p|IZEa;)LLEXHJnyCeZODspj!NZRr2p>m#_dILM3^jCyB6(1(BWX@Pb7
zUss1*n>krB4w6U1TK%79;y=TSEP})BAJTmjVAp$7ZesuBDExoE%9~KFQ=qw7pZcFB
z?myoqM4;9=8Tf(q|8`uYCOG4j#N5saGXJ#m{_|~jfCoIXeiHuQjwm?s8XjzMb#U~5
z&ENlU)AsT`OEldRZz(`AMBpxw$FBOjrD#qpeZG}<ZWJBM!2Lfw53E!c3t3hhj0H`-
zrG!(P_QGeb@zH~14Y)jqywivtHOyvfe5u(IKVL{v_Et@l+-YwMnXbX+y&<CiS!@c~
zaBavMAcyz1<Z)`_Ug+y5$FWW%9$0^V%xLnsT;ES##hFdKBI#+bZA1&KQRp(x;p{@3
zZAkqCa@lWn)+bs-zLyLPQ(Icz@>cGD@jw6H$D6=(M}(S~(aAjwB~0TK=N1&Z$hpTB
zG2O)g=i+QUN{sBR*bo0cl)upT!*OdRM*dh%s^!(`5|}<=#aBTwG4g-Q?cdE?PTDno
zhur2MJ#n%^6z))BdZLUmz8rQ9mG^41Z)8uf_j~DW+qjsAe$_-)(-}r=+}vIrq*PR_
zouYgR=m$kHhFXupJ+1otoF!sJTp!`#*D1DV905Y|sQZ7K(2sOD9ut${mOYX2i=DFa
zsRCsloh0;Pj};TSVgP~=IomkLS^{FE&^e;UOVaw2-1gxELj^!A%yF2lR%1r1GG|>b
zFXJ!WUt7x;dHqP+gD~OkSKu|pjlgnZ6m&SEA~&AQ8S=S|H~uzCK0j?jJ;QXt<@R=J
zH3Utjbs$WEPZ&oa%7(&z=+ZPHS1|><Z+8E=m;TTD7bxbDde_GDHNi`^<m6;0ng-_u
ziBrtNC3{1Iuu~_~qI~T4=q&oBXEoI#y(8wGtLLW&`}0lCcrDPTf;m?CPoMU?w<;9O
z7dNujhi`XEKP*10vh~~WJ$>VI9%;XVUB7%(V?CT8d3ieQHpq{#xzEix&tZQjZFD{8
z8BITQks@|G(KLV!4jhEEdbU-On96X%eY#9jW3@F)!mNU_R-|geZS+KO-MD!trp9{c
zdk+JcRGpMb)+A@$(&iKVU?|n?@cZJ&$*>T>@AyAI?iwL(*b6&5P{W&n{Lw;n%k;(d
zOi<~h0@2)C`r`V*6#m3^=}`Gt7UjpBoXYm$tLY-lhILNSwf4HY)duS@HzzSa^d^&d
z<MCG+g`d%JagRd^RQt1~@vSC`DPqz=qspJZ`@Rf!8s)4bEZr~DZ&83bB9}Bnw%=(p
z3wdrA4xH{`igQAkXUprjQ6Zk@m^*ZNSy?aMg7=DYBkSfxUN3DKX{EX1dJCW0&KXQM
z`{Yh}{3bKT#|tt}ET79$-EFl~5=e-PyT``P9z)&}RpQzzgWg>*)TVeuW<u8*s57;b
z_&S{Odmt8rGgvHBa3hR0!&`&M-hDjnXvc52Z;dncU8?W9UADS8-_$&7zPkjDncho#
zg+HMAZ7>-U(c}1@8%M<@<&z{U1s8kp9VYG0<MuH63G(x*T-lY72bYi$81+-**tc&z
zzec8uu)Q49*KhU?w0BXf$Sq=6Mxx`QH7}*<AADtLY4jXN(ejwRFEwc~$OOZW>iwI`
zrAGLR!1fKz_L{P3wf2b3gCnG8|AGDfo8D5m!gS!^OcZ#QoM2tZ-85+A><+DvUbm5m
zj(zRLRzrcbp&mtpsTUR(=x-{C<o6mPIqT7&kZ-<;K(`*uc;Ebk1$_}m`m3Dsyyr`U
zl7@yR9e;}O0bXF`_(TZ%PURw#)l}tOJ42r1gf*DM{9{wFII>p6q=NBx8qeO_jgf2%
z&=9|yt80~ijzpwn@nlGD??j2ND!tF4Zll7%`k=b~XAV$tMtXTME~#FalyGse+gu3p
z2%X=eYwDhEMw`($7_V#M^CNnd8+?>W-xI|Y)8E?>a$vRk*~$XZ&a9B%zggXcZluXC
zA)9J+UtL{a#q7dkBWMELsA$#Uo4<*nOP+9lVT^mGqzM7E*+$u`i$b@T&TE!USa^EB
zX#uOFQWB-&pbHNGoh~z6KHk`Pu-{EnQNnvzMn_w9P)XoGu92b;{*pw_?%+a0ka^DD
zQZd{u@As5}aHCyl+`aVQ)QN#Rguw=8;oKcN;GZvT=X3JaY_?iSaE`jdCqLfJg_52F
z3x11_CUf+)rli0xahWq?aN_ydDB7*ls&hj3z2PbXeo^~O{<qg$!ZCt2rUA*Z7UVjY
z(mRMXumyhuj+QGJCzAC#UFqrC2iUr+(FeM#hutH$nm{<TUC|xFLyrO(Q*dF*sRFT!
zOfm|t>Qw`olDb3bqK2H0Yg=}U@xng+A;ft24Y%?;czVipw86crXWG-X90#e^^*VVj
z?l)?)q+)_Pe`Is6&MRtru1<IJ$)aP$JSfj&OQ6xNKao4OD|`((ap)^ycX<Cn4xi^D
znq#neP~jI5(c3bEx`b8`hK<oU$E42RebS!3_EQTbY0e8nxz+G%V_Kamb@qrm!T|#Z
zo;rAVr`4{@zOj5cvQ6`?P(*B-=l8FR8a=N&VbVGYP_?ZKW@hGUyVcJMsM!LjJ_*NS
zt#O!IwKSb<MC&WWa{Z{A3H*Y!jBPg0R&!$k{C>P*;e{bJ_9T}iM`a8q;?EIy`~x7t
z*Q1=0*!#wiXW65&e||7rgtbeo&lmJRA@KQ?E&B#hp03c3K6Y9TM%GwI(KmkoiZUlM
zcPyZJtC0SU4?d&gDPZauAQ2&D2rtxrb*HwCGXGU<CHJ*g>Zy-sJCbZRdb)2^#F*&L
zvG90_<(odA2HtX5&m){JVaTrPU#sm|YRHH$_%yyslOdM19K~2fg>IN@_Nh7BtO#mu
zSW6N}ZC*rrt&VU0I(fumfNxOWqhBxlDz;5v%CQ0kqH-`9i28#~{vdC*q#R2-QvjT|
z6@3H$&i6ufijK#+fsTbsIpTFnt;RDjM^+ynpZ$41=U!W@%}LL?dGvEmsJPF5@XX{6
zh3NM!VW<}4@97r50{^pKSru2L6)Z8;sqwY_n*a<7QO%|hoLHF0nYaJ?y)8ARjYzD7
zhAemsC2zJ>evxS6*>L+lkKE_*@RfyO$t|wW=!3dD^v{bQ{frddRcC>x_I)DnSw+>&
zf32>5CVOjJU1Zf-lbM%SKER+(Cg2NM>_p_PM&Z5qiqt#_pJ^;vKMoS;3Db{>)m*8P
zWk{ISY;c<9*IC=n^g)~YmM(ZLysLBVKs|6HM#2)sxQIoKxK6_my%+J%^Ycb9H(Lpd
zHb$L(^U2#!sP3cBpWsu9ZBUU<jXTdl$}Vm_W@LOh_nq~SieX;hj*5zk4oM|!wAqKq
zDppecR-EslfYrJrcSSWJkrs<Iig2VAl#oF?S=4fkhw%-}nfnUedHa!sK_oA4U-U4M
zE`xmm0G-8ujH@bZqbI{_9}tQWI9m6qCpYphUlW}LVTecMVeA;>Ny;rQS{%bTa(QzG
zy-q$G1%>LkxCA@*JAM<1Z%$8r3R7eemF7&gx!tm3ZwK>Ap-Pbql8`~1`;#XY19OQQ
z==zR}meWmU0?Tj4J}lf~V*YdtCw7F(SG#<(KWgZV2*RvLx#8KSh1acFX!IEK16s6~
zRg#a0k3CwgytCn^9rZRQBgf>9DrK*q{T&5`A^Ow9-AiUggky~L<^Dnp!v4doSY`Sf
zt2_nIMg7ya2fX^Nbrwr=Cv%vXrcL`;kJ?CD>x)IABhZpTDij(zDuWfW^;`^)@H{Vc
zSb%AZ5jq&}Dt`ebX|~T(t=bJcpMRfeaBs5bRY3$waBus}*3!3%Nq-QR#TB7CLk6&V
zH~(iK_3!&YYL%aB@^zd1D?ksY-F0>6+JZF--AF{48^u&8JJ&7XsEi;5x#WjHaf|wl
zC58P*ftdg-exF`Gp;7r{y!AOonDc98=Ulp_<ZPyDiy}VgWYMqM)ONeEkxdh#5S~!>
zW(-2Sj}kO(xGB3mL#d%|X4pVuSKLOq*2;kCs+f?)@p#j_^t#$%dPyOoX|em$XptsW
z%Mi)nu8mh9fdf`Q7q*K>;NZ1A#WL4;L~8R`+Qf5zMLw|MaMR%W7tf)Zw=HEQLLQs<
zDzuOIGZ0E2?%#I{bVT$r$V<6}I-G6u3hO4JG$*$5-^vZsWJbp<IZUH31|{-e=5ZM}
z_O33MkHol({_v?Kh5Mgs==;9B_BPA|HDlauB2lhEO@OQvK0RIlEgw$Y9HkEY1t=E0
zpo>r%)<R_%`L@IA_vlWM0qv|X{F(So#>fgOBRYo$a2|bVzQQ#^>%R7&i8&MKlo2Kn
zpJBpP^75Q~x*=C;L`_>H{h=JVgLB)y6qiHS#3Q1!G;Hp+OK1P+rgpqC|HJvLcIny%
zbAm=kuan;|r<-kKzi4_6{wOH-Gx5~Hs7BIwS>^M7aIFo%HY%hJ(p+48iE8f~|88UD
z_AMP*U=qp0CAHBp7gg?9g$FA)uiw$~l#_|ujXT+Y)>{_KV%mKitKqsM8_RVc$1w7_
z^w_bb&<=T%zzuxj=x8R{k_LniEv=aM3tOAr$>Z29tiwX8ssBZhkry^%lPUeNs3G=l
zx31~nB*U2yUSasA*p;A_hgA%JH5<AcI1~~HU5IC__=B;_Vj=%ERtFc5bhrm<CUlUd
zKu`sopuoM%iJKmdr5-6qZ}YkgZcV;Q;kRex7*9DB$xkK-b4-6Y71(LeC>l6q?6pvW
z_E$<oA?td#xg{oCa~GpH^K#l?Zc*b}ft&{WZ9!2_^2@ZCOO11aVMHAKP95LmW8x>&
z*(|mbN#?-?8s1Q!6Q)YyHxV<fRIQg6G#dr?E?k_EJF^Y$eOhNY`XzC9?MqU%gYaOk
zITu^gO{P9iL<$h;2k&6^3m3_z)5n?n36b!<BSnxxSYR0TMkTMWt?j3a9GuiFX%51U
zC-ua3%eDk&5nC0ld>zCZ(GabYiRG8U6`!)Wi0k~0xlXsoq7D&qEb00VVQO`GD`{uX
zvNLEU{N*IS89;6F`%0!9=uNp_JTar)KR+E8&3_rhmu~8bmhbHy((!ADk=ls1FJ2d3
z|FGH0)?@NZ&}Z>JF^=IllTnAnb~MjXWD{*EPZg~$wa4$Cyr6(!%+DaN)%P=&?Vjih
zB8rX3UY`l@V2YqFPU;)xyxv486smw@Xv4E?&$r^(7lgf7+YDh@m6CLxDQta$K`&8R
zK^D#*FpLzVe$*7SeYp{QDre7E9>pNZ)jx5AZJf&p`>UKzo6sS8txB;bPtjNW6nTE5
zTChnfb=KG<we|9an~upgiI;2hscV`~?y|&FqvKC(puA`NeD8j_fHrmlxSooYtuw3Q
z7@o@s=K__giApLek)tES(a=z0W~SUvt%$qmURH*_yZjY2x^wFx;!(10kp%C!ZbPx5
z3{n4yZ~XgSjfT*he5w&9sO4(h-##;m(hMj^2&)u&bm`ZaczhnsmF0c_KB}D|p`<ZQ
z+Dp@{FCa3!L4{*X;GfeqEyaGzf#X;~nQ}@c$-9Q^yJw7MUn$Daxix!ocUXv;AiOBn
zIX#D8R+o*r9PeOVq$B6(8(`|Q?8nh9*J>ue%2O0!&QCsB8bsnKhNww=Ggxi*agR&5
zD7JaMT1X{9)_{VsjkfrC+2#%0$1L+W0cG=#c3Uwp6MRqQAKYIhu3dXlB>(EA)>erb
zg5S8XT)Nzx=1w4|65qTJ;vHvO@P?($)An&r+M7>WtKUB`B5<>AJ<plHPj};}ys2R0
zy5HtF+v#>q)MLY<pw5XRP1*8>HQ&JQ`?FpO-<#A4{UV-+qw2fOE)Q#>RtrZ9L!^ya
zl<M^jOn9Qi4ptu+-2YffFYecWvWNJowR_zR*R7sDo3AUBm?nGRN#e#Qe1U0YVYHOw
z5;YYkAaSg;9TI*)u2XqE!8q+Kv?li<=i7H$!f=#whBC0p=$=d<A$aB9=dwCA=e?kr
z_Q%5yMHoxIj3W6~izhbH+_dHNr9{iI8i<HnzZzL(+`q%3R6z}{6{u4)2{1WMe&7yS
zARW%!3p|OQ&wNIU{pi^!Vu}kRjv;%Tt<t<gkr`WkkOAi|DsM|z9;o$dHVwl_w1-i6
z%?c|Iqmo#Uu%&A*LbJn&63m0OuElN40|dI|lMe+%D}ft+!iyVF`K4(|0Xtf)Yr7F}
zzK1Ud$t0funM@tj8%MePrNbtCOzhsDOaB310|2DL;L3}Y@LGo_oG*(CKh5-2sAdNE
zVp#R?&w=e7&s=S+a+qB!s9hE>HAbl*x7&IE0VFNlzM@IpnKR^Q3Sk18u4>(63lPFO
zGE(5d;(HNq0y$Si1ZTZtVKMlN$j~E6`M{ZSQUz7e8QT2>et=GuNWLgnVr`aaz2$Jj
z_{ttaZyRz3l$8=nZQ$K;i`#Ne%8FllI1<u4kS@>?Ns9-5Sc(M#sl0p6)LJD11*%lv
zfu?z+f)uic;j(4u7+@MvD?1O0uh$`Ph=5U0ep>(?bF!8_dEXHbh%l8@Cpyq6)q{jo
z<jO=uGfIbTa1&PQA5~e(a`1*!a*2yeN0w9yF8I&gb>fB%Cm#gO7mVL6RGESG#~C^`
zDEpbadolqjK`BD3u&5EK?nD!R6O^&xirh`&p`AHDy9w-v5B@0UzACCSI>K@JQbLCx
zp4+<9#a8zERTf1NQke_SPCac)I({TN>tj8VM{{;0&Aw8G!uQTfHX-i>28lVFnsys>
z;p0;{^h~e97E+yCS$wF1r66Vmj=RnFDU+i$wROsH#tg~j8+&Y(cp;k&o3|X)MS7BV
zL8LpFl~Ki>zW0GaNA!y|^WNHKMQxr(G<;v1;(h41d(9SxKUyxNdh54GQR)gBBok4W
z4%{@K?`owYy@kK*V?Mm>Dc&J`<xc4oV9Wh|l>a0lpWaJ;m{98qNmv{X2q+-e(PKyz
zU6-|L^e%~oH?*DcPqt*A;AAUn-?8V_iw!iS2ub+@`^v5s$T{is#qBEx2?4Z{$^|L}
zM$*^;p~Q5pV`@>{zSHCus2udZ_T`h`>0&+|{7={`KonCs`+=qENXy*9LN&rSrfNDC
zifMXKdxQzgoLdRnu-+`A)Tm*WO)Q0r-uKtt2jy?<B(YGHw?qE=Y~!mZ+TwbA=>m?8
zhuR(3e8t4?2g9<%pzU(TS}8O8@ug#q=k*Ni?)9xgvE8YT?v`5&<U=*X=bh$T3nmWW
zqxeL2Vlw~q!(Wzg4G918s;t%g{h2J66KY)cGZ)P9uC^cUQ-myPaV_e~RMq9a4sR3C
zFh~x?^Iq=4jirkm$>@6ZW_B>vDSlu8eP&;+DseI5ElM{?WdVDSpE9aXCtB3<rLI{1
zGN-#d{dbDJvznjiI|NIT`R4~ihcrXj2Miw><O3b^&hBzc5&K0XT#)bLeXwiFl<-kk
zaWu#i%&qWzt8<gqn)3D*-|TU(vf#oa6w<nPzD3~%I`<Z_UWv%rJ%a<|xDZ@SfXsW4
zvy>iDc3DX$$YlXbvUy6wa=6DU!;?XU7IQ){rMbUqb6><8dmbppZG5_)@`q5+jyzC}
z&>Y)KwUu2dW&;a<?!PB`QNj%$nPiDDeb`fO+(d*Mu(!82)A#ruB&&r+d5BU2kG=9}
zlHP_@;&@wgJ|~!eU;!O!V767ZSHA6gw8=E*cX*ie206)D9e@>)6^bikQE7gi!mioc
zZQk^}bb=aR(I=CQqc8(^hsA`C7JGN9vBX&$utrmD^tJBs9oeGC2Sr}Cj>xjl$GWBg
zJ6sA{C*lX&?xXeUjps{=QJbjOH;S};WkSynHmsSCwIapPznB8w+)dz1>hyb3GrYP9
zr)~-3gwj?WKg7)?{d%^fMC~`Mhj<5rJmo8!O>V~aEL<+7D49y0O;sFGF_h0}*3DhG
z+vX22(<EkQ7SO+weY4QoV!&fll9~D%<d?mW*U3wb3yUV*_xQf~#8||OV%COuj9Q`k
zS&$w4YyB;U-G+4u$D3~=s(U1yccKKOdK!L=!tlhr*lS8ghPq!xiF3{gCk2H}M{D+J
z?Q>K#7v?4fbcO(Va}6A%+#%D+dq<?qr~T9>mfq$wrd2H?kT?D|bt2XG{L}Ciuqj6F
z4pmx7!U$k7>YNCUK^9LL%)lWH^gGtMckLF2Z6ZL<t>>d~y0uMXLtj7$Y@gErAd4oZ
zY5<XP=-sWg{=av>7?p{4_s!7&U05^Af9K-@XI`~2wA&RfQD;mYkg-Hp4Vq?3fNJ^M
z&(Hm>qW6`B%ap#~T$*8HPNInyHqd+4nX-l1ZOI+@p`#ae`!QTCzbZs4@RkFk;Z#)(
zaJqNlbKKxC61v;kN7y06za)gDDVm8pI=eH}&*5Nmf&&jk5azjLiE9%i{hJ8ol=Ld}
zrttYqV){qo69RExiR+zWe^tFFz(3)rJo1W|p{F68l(N|xdVmL$wljhkNOXME5wxE~
zHri<x=sc0SX)tWIN^W!7n%61IJJ;k9TYplY!dVIW*)CiAdo*)!NI3;yX)OfZrfOWp
zGp7r_>oV0(YHHV(+~w(a-2`6`48)|@={nj0_-Tu<M<Iva*JpoF(6lc*2p{UDz52?)
zjK+zPL5Xz1W%-pOdTK2+;61Thw2*DqKz8FT2cR9}uDramwx2eac1I$fr$*1|*X+*t
z=`qDLzWsswuCMmpK7gKB4-~2uR1`0KjVRc=OBm=_kNMG^lyRRG?0e!_l)DqYPPH8u
z*T3sd){1m35$O?na=!Q4=Z%sz8yjcr<uP|{w0DT@MRANsh<lpwV&VRyS->$JM$U?R
zf9H81?)zm7`z18Vk9_^o|IC>l-uPU~{NV0aZmY9{W}YL0l?NK>!a0rZ*@9~sGbEGm
z{^W)l5(X;}Y^k>HOnGk3zIMDT^s=I6n)2aX*U?HC$klw~DI1%9s`AC}pyR_y^^7Ii
z(S?6016Je5$j{X%G?yBSqpr63=%n5!XndqtZM$w@jxj!X$_fCgJ^LQlvEp+S1CY~?
zcH_o(v0LSE^-S>5gu`^Bm1h2%w?sUpHG}>>p|W@p3WQ86iyR9t5QV6K(;Z}m)pGZd
zlc8@{{4(CbZ6$fYqH;JbzY1D^%76=N-Im@`l!$h6P8Zp;%luugq02@vX+w+@-D#F}
ze%4|;cJmaSTH(KBH#+4P)yVP<K?F2|j?VK`5xsn9<Uxt_xVcH9g~)D4HhR!l&DR9!
zNXp)CooxT6QHc8<LVMCQ)?qhZST*|`C4t+&o(X;g6xblvS<(f~-$&|2NCHYBqG^f!
z$U{%kc#BE)4#)K~`so5CMe9tlBHZWJ-?qg!*em%rv8jTN<2bHfgRSTL9C^<0>nb?(
z&t+iF3oINH^F8ylXM@}M8$_2jcc)}>7#t(%p2w`hcha7yg2hxdx+PiIHU?2<@L{5w
zD1{%os=XD?4N@29XFb)TO;fvKLPO`$lslL=n{-}^W01jdla;O2rrlOgL;ZsspxKd<
z`%wlO=KX8Yw2*;GzS?EcAGDh)aC6J&Zqb!Em_I~$AzvOo{)0L&kouQ8@RhQiRP!vX
z9pr938Q0{iyO=uOOX#h$C3-XBaDEs|vicK`nW>KO(Y7s7(fM8an<-o!gA*T4dII)n
z0#|#EB+KF%0#1hP<G)M{=gLNXM>@AG@|RcObh%VE`On51>=A!<`kGwteiV;`03C}1
z0pQ7nA**}e&XVlRux@K$xjGVSF)1)tJMD0N-4QA5wb6kR?8gsutXv9iax7nc`F1K_
z(c1AxmJE>t>pY*l$h%*KcyBA<0%Nu5XN~5$GGrC#xDXZ=0eu16X3$HQ-lYCFBUy|p
zQetm((z`tC;x#j{7?QaD?#QwBw-)Ue*AOONL1;fzZ6e3?ubs)VFe7)=k%(9tpsNW_
zzl^-uofo&;?K}2pLP;+7m~x2wqKos)iE8NRL_KssU;~rn(+`&17O|8p<U7swjn8tw
z?u;V@=km~f+h6nfGZy?Rq>kqE_B>06P6{K@X>}qEMB!SJA`|)0S7b~5kE;-?qu`Er
z1z9h+6PnSIWMG$|G!9+UoN@WzqBN1uFTaLhB$Bfva(Xow#=KLToLf-VXO{P!agf4&
zkH3ouvb;1Xin4Li+*oWqIoF)7vNRmYq>4^q!bvA8IcPp~=HnIkLpE;wDNZ(7hi^X>
z^=B;p?UAf3<K)<M6y*%SYMB4JU#HrXt@(xMq;8nFv~#k5(+eBJ;>n%XlO+JH_Dihj
zWg;7<)ad%qM)|cs8T^7;z@e}<!@6a!SawGbXfw^&P~Z?$7jV?N<-Fjl>wTb|b^nQb
z6om)*HTzVcM`Dlt_+=A)zzQ$(x5&hNMXLT$=J45-d*UXo`^4`eW_GAb?JYoK6E8<3
zvGe%2mdmU_!FbiJK)C&xiwVBsePHV^IwUq#k9ehvdI09MF?*~MC34CnFE{j6Ia8cv
z{nnhMm=T9AH@~#+{K=QNd)EE1V`op|@^{1s9Vat5cc@__&|11}bSExu+TG9@+sf0k
z$+A?`W4lVoEvL^bEB9O}NN+YyN%$V-$0R4S^+Ynn?!qzMMPl1Get*w}kCTV<&LK<n
z-2-LrrA;fUn-)s)lzrj0G)uwZ0we~X!B>m$ndo=kqt`=3&o7Ko5nCQN{7)?DrFPIc
zAwD+#{GsyQ+MSaE>1Il4GhM_C5(=SF_lsH_u19gcx;z|<dUIT!?)fZGAIJaG2fnG>
zpnkmA+kufJZzO;!;Rn2KaRCo}*D^0%*tw^uqBmu|P;wg*8aGvL$F!kWS@XBOLr&ei
zth85qTy-cI*MGY#u%3Lp$uQOi0y0{)$H$Zfx2FA~kjKv-B?DGt<YQ0&_UXa8>xPS<
ziW-CWJFU016Jg>N#h{|SY}v|8DhU02=|k`Fj$`x4wodU}c}-!rldrkPLWJ+QN>woF
z>}`L_z!zHKHWTU?r&5>JZ#;P5mZ%{S*m)5*RWLfS7<70Qb=jMB7;)h?!49CF?~jJ$
z>t@*pQ|r|1S*-StbWL>({HhK<CAdS^qh-PQCFC49hPj~6GTg>Fxbcb{MC{pxxD5nK
zZ#rMHTqm-dPXm<7i)23zB>#YeU+7U2iKI6IXpsgm$<-J|t_gX`(-Z0G8rDWhuHW&_
z0RG_#|4E;5)NOyKKPz;%EilMxAm8$66=6E)`JG?Mn~%<Vuvjhc02T&lnpcf;y}i8(
zytOTlClv|O+h8c>D8<e@iHaAC9@XGgB{sH!y_uch@pra@-YI#to2)*50dY5oG7hO3
z0!d9&QUl;Ka6V<=)L|`>hf{0a7T!8NDsDy8{zqGaBT|)#CTZD@JIfq6N#x~nnvVcB
z)CqwR^QCN$RG3>A#d2*oGfR-yd<Jt*B%Q}N(@2-6B^B*ais-TIbhS?`89M#0*bDrk
z)Ne{@nNP^c0ifTb`FI}x=%U2R%BqhNdutki*2@pfYO_82b;{^GZWXklow_*Lc-5x`
z!2Av!27KdFGu-U#S|o|iK(TDyd=MEosrQQqi?t<fl(tpE4TO^ZCt0*p;1@%QnTZLT
z95v{^#~uwLJ-R}$_XQST%#8TIKDYjC^&=-_lOyk_QE7$W;@gw5!0_|LrzVd9rpE3f
z=_mI-^4whZ=m`ECb#JoNge`UAK2US<rMe}v;NZ?$rrc33QUJRBlxg=wlB}ZJ--9-3
z_;jmNqhcJa`5j^eV7(o6mi4>j{<ChwP|T4mKWVWASJwqaQVF9?NCT<Z?9VH#<n2zk
z@ND1>%!I7if}E36d4}#)s;|*&x2SWQMEV2v$_?tGz5bj>b0SRQWQt(;<+iqYQ`>q+
zTSlViv>59jY~YN{Lp>=yT`uiaQIF!8XT|!@({F!%?1$b?m}~MXK3ZuUtu^#|@azrH
z^^vzpGP<Cfa06BAsA`X|cln-~-~TpAo!!JOE1yyeA_<f^wmqd=z1GSYDr6`Z!aw2I
zcN@y8TlmyvZGC;qOf+5cgNdq7*cbznSw%zY6bj`t-Yz#5jf1U-<iGLIvj0`<Fm3Qq
z+6FQ?v{-ou-HzG)<?amjr+5+?WK5p_^?mKrq|clhhH~X<NJ=LpOuPRvwV>0}mI?GH
zHJ0|N5T&2QwRqH%M7h(aeS#zWc1@;j*+9{Qz4q=xovyt;(A%IZQ^G%Taw6hp)Z0Ao
ze{f{e&0J$4XGSEfg@ied)5G?%$){NI_~KOr2jWCNQILmKw3z-Yy{WA5S>+@SS4t<z
z?^|n-3#p66b%t<E_sd!u_WABwoe!fl@h$^-?Ns=3nsrXEsl~h#xDDAA6Q1(PAMygy
zEOvXh(LSY>_v_tFJq<UNcvD8B_Y5qP!xGs01vAs8AMZ=Le?#zidv}Itn%Vb}99K!}
z$YNiUve*bIwes{|Z^xw_FqY=oRWTzPG)y`Qo~$n6;NsFSn5LOafji}PQz&sKNfiI8
zA?rzcX)>isWqOhn_A+bvhEKL5sZ9IfN7oZ}0#p16J49s>bX!tKB;vkl+1nlcy`b&W
zGh&Yge6EvKp#wNk2PpG}=DYI=gwUGZY+_Qy;Ou*!dmV;==?%g^R!kK@y|dhV8QRdZ
z7znCb(B-a7qWMC!cJL_9{Z)ktXr&J*=a}fme|hP<lL;X_yZ_7Rz6~b*);ivw%<(fE
zZ9*N?+Rf)qGO;WM8@cA4GLere1#lu1mb0=xv?vRfdQBD{LOn-h3E{sPo4L!OP_2y9
z^##x;>I9*3DR$?OavcC2wqD$R$FFP_ekN^0MD!J?O{hQo<>u~wc(z}p*+9RXbj=j+
z^P)wVBU6tlsEo2NMWiv(<H;iEaM8~<eg500$=nM6E6@(pRT}*P@BT!Yp)8S|D=~A`
zbd4lAfm`nM;QmW9%*iqwp$xD?OL{we=05dSqJ_LaJnSCTV7rwNpH7tCM(G$h0_%Ec
zMc(8CG(E)Z)cWMV7S`}~D5Evz@3b~A>m{9ukq#r)rH<7%*qS`a)R@s!jKjLwm^X+_
z?J=yy+!Pe!E2rd2V{P)>aZ%3UuPkp}6Df;79hbZ?V56nyalVb&@P1;k?7aMthgRfW
z{k$ecN_+R>O?`MkdZ}Kk)`D0!Lr=Rx8Te;b`&r2oqxF?HCEO6t-ad+cytj^v4uPC}
z--?SfRkUtgnpG@SB}QqYPq|ya{KUJyt)Qp?oZxF-yz3UnHkQa<d#Bm&@E3D>)4S-i
zBI0}NHNFf3+9f)6s5Rccf#Q<)_{lGVynuQZgH%e>t^4@q-xD}ft$uWzs({vrz^Z_}
zE%!6pSmqjyH)K6DHSyhBfJ_<qeX*a`zBzyX{&9ivwjr3>u=vb<zUGqgleH=)cEE8~
zkItIs?iUzliAQw?veF64Gy`wkRp_T%O<`a<v9ZX1b`YDHSYWzhv}<js_Wu-i=Fw2T
z?;mf`2Pu0gOCzHxDPt>ZBxPShM6x9`X{;a1NG4la7+H!jjEXE3A!N&7Ffx|x%vfg_
z*}{knW9Iw#o;v6IJwM;iZ~mHdp8GuKdhYvvuIIkr*Xz3OjqYciMC-d_bAU31qDfu&
zaAcf%tfsM|>LOMo)qlzI310*@Y}Q+yc(p?ySf-lV0V65yqFpI%>f5I-0>}abCI3qo
zwDY`(aSVe!x-N^TM`2#}U)4j27HHofggo?JFWUO{I<h2qxxt8h;y5a|Y%h|d{OYBU
zHFT~?f`IlV7!TQ)K`9F4;K}d_tU~xBg>7%Xhw*}@oz4fQ-{>LwSvu-!IOqG}H&#iC
z(#_FOUi$<WW5rX7%uR;J1qk;^jSqWyE$Ip6a3zVkhj~YuCpsiFlIJ}VCNtEhiVM4h
z$7P**)t+xVw4$H@;0yUSo@CkEa_&{p;{rLHl?~_XQo#i|+lYQZ9WZh{dqa7^2D!50
zrz=}@&<#91bx>)SX_|76=ykQqA+3=Q21yBB*K)(3aM^!qbvW9$8d)dcRC^J8V2|E>
zF4ykIDg&i3rGlmzVv77IJ^!Ff@bPdvir`z9`^>@OyBPQLLMKdQ+kgm-{pH~G*L<^i
zPzy6zt3BV9xSr`wy<&{m#wBR3PFY!WT`|R7eIYUvN~I*r*I0`jRduP7R{6<tiScwW
zHtuL84Y2L^^DgB7yhRZm$egnk^GHpCjHx$yT;AT=lPn)*NDlup)YB7!4XZjJ?}b;2
zfo=u+(P9K>q-|hKU6e+Fm}1_k;cPMVdShd2x#3P8^VMZ#{fm;%9(*Zg7vefnD&=pG
z7QM+wGItUM!MnL`6`hYbchpuu!<SM~E;Un7&}XNy^b(4f(%;qUDxVa0R?;|Gs-c*w
zzbYCyc~_X3xLmxuA6h)%7siq)_*;Z&`36duEwpgmtZ;8Xos3^ni21zQbH{T_sZ;A@
zoY-3;G>nlqdE0~Y+J*Vet<K!c7sFO+^uernj%58jA)VtgN}n<udq#@k#tVXjk3^5H
zd_-_;y!&WS6*vcR>R{dE4&uoWeJCP4*buY!>0>!FLvj4dRjy=NYj%v6s4TRw<0V8Q
z#Hhc>*HYzpacd3V2M5W6yamZKS=B@;wDu(9gvhyp_a@?#T<0F7>)0Q1r#uKya>7~w
zgo-E0pwa(iQQYMVQg-g9psa-3gpwVC!haa;2L18ZF~<@Br1bk1+5=FiWwke~)V18v
z+XD3h+5DxPgH)&XqN81Brlzid$feaaG}`Ex<@K=jA7cCO>F!1&^f-49-p^F^O)PAC
zLM6COykV4hFCHuCIuJJmM7529m7;nmx(b$3F>fa>QINM)b_aXoI&1nhIY1YLVZ^1I
z86-{WwM#3Uu!g<S;PL7_l#$qTlJ{$+)sP@^BbB*2L4FI%Qbs&jyNUh`%fuf>s^<Hq
zM<)e3yERqSy>wMB^2J}<K@Ivtluw*|j>XC$nbgeeu&uxPPBVYb>|u;7hP^KrYtOgQ
zdTnrEfpnm+gVv6bRWqnjT=|j#pkNQ(v0b{(-@gfjm~&cz2j>acL~d@8UqPzDKDfHV
zYAD3QR7>-(_=|p_`NIM2cZO;<AGX=y?9tfTL6uRXa0J<ARcLbJD|M<2N^3z0MVs9}
z8f+{!FOT}<EOgK-tXQsSpDC(q93?~h2bP>)eGflrG>|MjGy0`k`EKvv$B3dY-+==F
zCr5(DP)06iMI+%>09abkM#^n5bZe~vP+;M~jXq-RO)&S***^V^)j4Q;^3ZkiA>m2l
zql0s9?X%YBTEnVG9+CVUZ9;51QV5%0_|9@HS%#Rk&PjjgmP-WW7%9WC`$G=Zfhk0S
z!|OKH%oGvLdFzD>F(iRjg&P_h2?aZ_EPs}sd6gWLYkgw5DmLVR)5ckM<7tc)S_>4(
zFy4R9(<`Nf#uBWfP11~GYicwBlsFb=C$GhQ&F~@hgVE(!096*x68N#}u=x(ro!=wO
z|A|9TP%t~-y^T@zd22I~NyEs$R^8~6Uj+v~vtQA>ySr2O;UDeD?EYVh_xZ(B+`T}^
zHtjrID((e(Iy*b0#HT(Kt@WVl=S+`2MGtk%3Y+Ovx22&ww6_hjgQwX66PJW=U$iB^
z(%I|AU7j#n9k|)w-d$j?f>wql)}6jJTsB~SN*h7X7Cv;y;*MC7ZdBY3Qud$j{Lh}|
z+P9m_Gbu4K+pZ@kF+K5&$FpbBW^niWQ!lO?0cB`<5$TPlwE;$m*Mj}q+-O8k?%NL^
z&Ikv%VE^Ie_^(U+N*t$^J?A`?TKM~$Wp&_YYlgtq;PHWDnzj@wRhFY1U{S3RS<OfH
zyj}pZFQqj!?2B^Y0B6@$cT4vlT+DxUlH?JNSLc99>+rS3;5w=7YhqgB8;(!YQ;o~i
z?oS@(K!K-NX=!QIr%&gGEBz6l+}qz;W6CYVYHtF(-3h3+`TqT<OW`sV0l-nzJ1jkS
z7~@^s6(@G-oGraOHvrTF5<Q<hdHb#P`_enlo|zG6diHf!2YH|Ua7FWE_`>=!mB=Td
zp1rROi2tUj8<Fm_n1~leww@zc8~4Oc>;>aE`_F?jhW~qZ{_#26-O5kokW2<DxM2_X
zUc#K;CtB9Z@_j=mS4^CQ^}TzsJ-`0q70)~8eY_~T`%J0N@$oo})`Jj)qa${H^ou>f
zV?%)?%EW#+83u#ai58HRjPCH%pKUuq1+7&@JBy%)*taT`1_S^9w219V6i(9J)nLta
zd%_2W)cbbhqhrM3UI+vt11Cx63pwd0PhN{2NElAPH&hG99FS1IriT)jIeVk@8$uGA
zt%8^dT?7<aKQ5=`#g+uH-_P$BXDi?UI$8?rF|)LqGp;1<8c4G0>()6XKCRj?#3E56
zGOL3jaT0vfg}$a04@!wHj7jh2#0zq5!3tEo_=I;RdD*99c{<cwOlz%+cJEW^mT9Pv
z7i#Hq=R&aRNhCc;MXOD<USPtf(6wo8K%f_tl%m!!ruCURF?`M(NL60&o3FWt6dH@d
zfSC*a8pk^9v<SHBWtV1d6jzMDglstu^@^2R(<Z=LtK7B%k>;~`C&hKzZ4<K&8UAAc
zU5zyo$ERfGb6GWg&bD|ffMb;~>Gs=-p!S|9vVOI=29!M3s4_w0LT(PDV*ForE-!k8
zrus&J8zycNo-TX@=V?Qr{!zFGUIculCl)fSMVcB!46z`!+$#F(<mo`o^iQEEWDpe}
zD<m$!JFRYW4=JIurGP;HHr-)Gd19?gj?h6|Q&~2x`2C#eQ~u0qF_3%u_+uZ{f#O@6
zb6m6WUx~j>|B;r<{W(5REzq$X_r$xQ{r7X8$)t{rtjkk5^rP^Vs6%8Y{i{e5$3LbI
zX#RUFidRbhv$s7M;_M&IF-K3TN{M#_d>CY@M{Ky#6@QyvO@lQoWI3QRQWm@^7@yzI
ziGZI4MGOYNwZ8woE^M3m1%TL#i`U8TuS4OiBWb0N_g=A0$4}hg@ml=yYji*Nd%AK2
zd4B#Lph0c(y4&K0GQ8g;?L18CplG(?Ez3l3kLrmN{b)&jgXBKs!}(cF1|}F7$&~&^
z-wRd5o(xbog06xn38fQk$JgJ7E~edYT>bt7>o*<qH<oFNtzieVUCu1As9PSisCTFz
zG~uAI7D5tECUS*u8Wg*)LpvSWmVULbYb2f0!N&-utGM~FCYX`Mb&Qymc(l+v^(u_j
zFylDLoRxE6yRrOXRkjaH!T*xAevtoD4ed$l*RkY!pfO+bo@r2rw!2y0>~}9S-|3i8
zz*NQU#`U&b{Y<ORyrsALD)1m%NgH;?1%JIoQ=Yejk(_+{g>N0tTL88ix82-e3-*NI
zYcrCsqJhIl%M5RWi=vf95}avAc%yY5ZUaR!XU_EQ8IFk917v7)=OnlstIW>6OlT6A
zNwDGZv9KW4cTVzn-vrmrRVJJUw@p&z%o}w_`1#`G5tYxLDVl^%!djJmec|1h5VR*A
zpWXAM4|Eg!#X+lMna>4F!Tc;_q|u*ubP&o$Azx%b1CL$1G3P5~#~O7+lSUhrTp-Y!
z;5I8pv$hQpD7yyJ-uR0bW*Q<sp}DNG%ufh~h5N6&GV%3elkg4DmaB#aXdUATTzwH=
z<H8zt2s@L>R0vdM1+#rw`Ke?zwoMJY^1frLLWEjmXXevi`dUZ^D||D2(diIwpMv+p
zeXNPm$E&~0m%ibOp*6X#AL=GbB9c}XadaLWE+Fb@o(P2+<kqBQ^tPYv`W}3rm4Avt
z*~-KJtz(e8ajCDVk&v*+4rLR@DVy43?DlGjG2s5sJob*UD_J>CnsUtgRC#}nnznN&
zpHTMHCbW6?7#qB~$+_rPytc{Xf3=7Pnv7J4eE{<{v1}~>rfA~Jmym;E=X-Nd$MfKC
zlAV+k6{Qsvx|T8fm+Qyco>Z6_7<^lSFn!~SDu8qgC(PwXoDgdv=cr;mXIJ%Z<qoa1
zzn64#Xie>n3P~mTv1$z<!P|{0kxhl-rw_zr<%@Jnp=5+6^1w`!S{gx`lB$jdQ>fxD
z>oFBgO-+73hSjz@v%|Gpqm%-AL}vL~b&f5?=!!NrX(xSt66xdbHS1Amn%aKErG=0j
zpCtoAV3bu=R`F`xXrw`;e=iZ`-B6YbyutErl3J8?``Qd%1je&EbRF#Ne|ad7aY|^}
zS2+OiOz8E%kaawo&JSYW3vA|_@#T%l%4lv>32PaMl@WUMGbb!ZE~hYuZNh>aL@nuR
z`lIN+aW&)oUJWLUa?lUm*iP2gCV)yxJm*W#Pk8{RUsPq9ZcfA_b3&ug<!N+<Q4`En
z6(yF5XtoF7{o_^A$phj@5s`EC(Z4cRlv>+PIO7?)l&$C$@1{-8Ozlt>eJhKit5%C_
z`ms5kvsFEHXN?>7JpHucs-WyBzHfjO(8srxSYny~K1^hwsk&+-?)j_QSu=}Gu#0!L
z<)Of}VY^i=8-4E3&KY=IM<&#2k$DJbM@(Ki+~B}W)6A-6Hv1FWDyOeGdKh&YCeUMu
z(3X_!<lC^ME|ZY5nO9rutj;lQCV*EU*A_1T*8cl%a8NkDVtmnw#cE1-W&y=8n>L_7
z4i+MPw)QTLb(OI8qSJ9WoCVUm6RFAB_9Y&S<@9l9im6F9JQu-AaNz}99((83t2LN9
zs_Lt&M%9lkT|Oet1U|zMsMSlEy)LRMxN2WzKZB%?U-@9B44{!eytS_E38yv_U-p%l
m91Rw4u)xApNX{v2_U<~atNQ%1@H4xBpWzj=%Y~PmBmM>2_!9vD

literal 0
HcmV?d00001

diff --git a/test/integration/consul-container/test/util/test_debug_resume_program.png b/test/integration/consul-container/test/util/test_debug_resume_program.png
new file mode 100644
index 0000000000000000000000000000000000000000..99c2899019bb54c55fe29d26a4939dbaf2684f74
GIT binary patch
literal 51972
zcmeEtWmp|c)-LW&fB?Y*1b24}!Gl|{;O-VQxI^%bOR(VX?#>Pt+}+*bcFviZZ@!t_
zzxUVe=jq+OyL{EMs#S03M|nw9BmyJ|2nbZE58_G?5YY3$`v3wQ@Qb$wl7@gl$~PAi
z`zR$QM*7jg*2LV(7y{x$XhIVF$GACM-;<XDE-le_N}{%YPEa2Z1umDxDc_O>U>TCK
zH&-?IS&B%&ypm9def24U+*0Bda`@-&Hqvn4Dn?wZ!WNR(e$BSa9v5RHpo`JFae<u-
zzMHW$5{NJ;NqYHU9Ebr7W2r7Lf!CGxXDExL9Z;+t(8$6Yc5J;R6BEL|0})TnE$#4G
zQXUJQth4PtFXcG{8>SABzM`1&>&6aj7=od@$YmO_un-nZ>$AgySPBk&UF?WeA^|4~
zRr)ECR6OQkV0~ID)<tXs0th$OU<ynKVG~mC_nhj!n`F%tRy6B~5(wd#E~5h)U1GPd
zyZSz$tWzj#n^JitNuJiHNmZr2i4yLcY?Vb^mPw|O-`RZ1>_2O#q|o72?#57b2<u^b
zQz<<FT2j!)A~jT0vKv4_c2_=AP9whxPcg8`H+@98;MRq#s@?1S%9cidX)t_lR7qi)
zoViED(j7~=R;2}Wc?QMtZMAcrxgx6%QYOQ2W+oOsTlZYo?kfJ6Y&b%4<XQY3<xji0
z=R0z}=(#4rs%19T_5<~S#L`je(95{1G0>8bUQfy>2%m0&F#2RmfDoH99M9B!z#?=~
z%=qllNe?8%#wS|GiQE`dZ7F7Knmlxdo^F7F;0XzR3(15LrJ?QXl-WBznqt-C7|N|c
z{_49Ci^c%*2HP+4vffWYwRyFu5OF8Y_q;863aw%x-qtfov;Lnpm|?I?yuP7Bm`Uu%
z(wcbn4d~>&g_<zvPmr!E@KUx#gbooVp714@fcnz$IvLthA3g0W-znTPDU7%ucLjo-
z2+{xqRt$8aKSvhED}M%k_;>KC`a;|&QGOd)_-Sx>9maM<i!iR86cfmB9Wu;F%l`HV
zes&nJIieOZoJJ5Jkr@nZhrpI>;dgJs{ISR&-}-%@a4;iMK}itanh-36yNBh4)$uJ8
zU7CO{L?;MZ7S1$yB^zX3L1l$7?hj%{M)Rdu3#@?9McV0xJ*8?uDGQ43kUNFF<@Lln
z4%F*1eCJD^z59+Ro+m8yTs$yqU2*Uoq6Os-1l6z~@27LM6p0EK3U#Lt_OS`V^K<ac
z9BbI-(TM`LbCPn@bGUMb!NFj;U6)I1Cz3C(o>0X)&Gbi@<zI7B;Zk&L>Lan_CHp78
zAE6x48G+aqzzxqcjI2P@5VCs1iPMbIjM+@M;42V))OT&zZ^xZRFov?@humpzr`aI7
z$he5P$g{|>2ysl25ir}Qz2S9w=7#Cb(Dq6%TqwLfkfbLX`xOEl47Di2SIGeiE2=l7
zHCQ$na0naX5;>UQz}Hf;lx1Xzm<ORrA<?0>Qg34!2fw{~j}@yHH}s+ZgZc-r?+Qkg
zRWx&PX~K!IT;I^YjmMG1tSG&EB^Jg<nGq{7Ctj5O={tX(XMFCE=0N3^n?vy??PkiR
z&0uRR^#I{O^(Nln&T!IDW=uPoP>%3NW|dQw)psQ-g&(=|CUTkcKd9Cyp(u`gTrAWm
zc2l+gfLLHuxLMkxO#5-Z+)1%0Gc0FcQK0D4KJPx{KIJ|Hstj9BrFl`!=XpgfJZlwA
zsW~+sEgtno(Ypu-CL#&0@6~&Im!p>(mmZhnv?;XoIBi34311SlX-QOe3Y&`0Rl`*X
zRZf0*s~Hx$7v~jOt6Hjg<V2})siG^7E3V{vOL-ZgSw~&GIZn&r>EGd>^5u}_=;BB;
zKb+m2dObPy^K$x?<?+v!LY^FnS%+Ea>G?8eHA{`uA4fkJrk2aR<R4(gK%JkzvkkpI
ziclm%B@!Yk8WT)sOt;seSbDcq+l1Pra2fJNw$-Th=!^B2-23@^k^AARgG&+u43uOz
z8aO^wUKGLC1o(Zg%ebsK->@oid?wr?oW>X6%zxdC&%{y2*=Fd+VUY42bjaCgj+8nN
z%1>5HUS{?mJsb@%X&!Cb`Mk|LhBI24v0y0AX$mq;odw-!PB1_*%xJM|x1<yZF?lb~
zxD#EpY0hirYZF&^8s!;n+1AednBI@9E#jDM>bj3Y?d|I~NstR4wbW+QZaX4gcyLi^
zCT+fQv3AirB08kJzPj#4yGIK}OF$ElC18th{N~<^xv{&}FmzV4K~3#ZKwq#S@57VI
zSHLsNi$2PgGM?$9@7*3=hTLzQDN|0@%>i~Uw=7SMBJ3}nKLRyp@QpuZJ&+CuBn<I(
zec3YDBRey@yj|VfZ0x#d!5bQ$EgmQy)*j>=YF>OOiY|-pC>S%HnjLcmowy4{==rXw
zwG-D-r4E-FMBnq>mY>?9lfsL`#KZF=v!lkt)WLO%Jc}&&5yKP0g!`q62_x_sX%EDG
z%$>-~ZVxi(7VW0($_UmDWI{g)$$C#8RT$|;vWMBobFLU~AJ6`SK}(RAtcmJgEJ9sY
zO4jzU<rhxn?8ekafIY)m!|m>^|Cu3j3*MmybBun{$7DO(Y;f0NpgLX=leC_bN#*0`
zv32aw<euc7`5vY;40#Sy`p|S05c|;8=J96RX5&TOMbI7NBi6Him5hVbc}#~yg&cF*
zdZJPaEBWQCL}a~!`#iNg?+?gQeDR#$h~t)HzK(ww;igo=$_t%OGGiFj`N_bEjTh#T
z#LKW$>7;^1%9D&}%s65-m_z2TSTLn=?_a~Tz|l<pU?}f27W%38lcJ4jhWT<(OQ&b%
zV`frzl6_Jw!>neTiTeuDOqds4c7hb$g4$jwtp-QMyzA8(M-PX&rMI?aW1Z1avop(q
z7BV}s8s6p0>Vue0_NVOc6{f8h_diI$LP$P`^ZL~Wvq82JEjgCGiM@HfdYleix(|c<
z1yz|;oRqfv^H%Nd<G6>o;6xAYr8;6pMfyRey%pS=Qgc2-5Ad}sAMQzmmW8%fZCrzL
zQ*}LkMTv3Ja~VT(TYN$MO6h5#S>aUS;>SA!F58<@fn$&TV)o*&V!;!f<JR_ZS3Tug
z1Lr;O!{@`NaddH#-CNL|<EY4$e=mGHF&5Fjz#H#|*1qige6?H`N1{*ErG$d9cAMLZ
z<+%)3+gA?+yQsbW9V~m5c<pbW9ZuXj&g!s7u&=05<<&Tq2*Xpd@>}x3+wt4Wi4BRz
z%FhM!TIt$^KDD=36XxlYIHvLAR)RA8+IBAMpPm~lFV-(8@L=%n7jWwZnqGUH$$Myc
z%;x#Zs53r%YWvl>&+Xc~HMCbOudbkDsB76~<I`F+Syp|<)x1K`eAt{~!@X$MxaU?~
z>*0Mfr)^WuxOm;<b%*vacGcYJ+I%9h)VvZmG3k-%>a#0y?>~!PO%f%f_4N9pVK=lZ
z?q>mkLa`6mU2FDi+l_3dy53H8h-vhF;}g@%z~jcSaHr$Y#ZQr=&J?nP?8$DyZZ17~
zH<nYSM+eXErwYA7bb9#hymv_tdg-~9xzOd5<<!eop2gSK6MPG<)`r=J3M-~9BrhK?
z6^}O76h;(?G7SaMqjo$yy=WdR&TFr<JL>zf@v*T#M+LBPAZ1|$#>GLpIU<0t*CDc&
zVSF3(zhq=!ncb7<hjsX@?}0p|4<QRBWp~{nJTV2T2q1C??Qz!zzrFiO)WONgnhx?R
z*uInki#}sJR6y)EKWXSgJkw0FJ-R+T7r<7P_*B0@O=CfADsyE4?kPl=v4)h1oE!u#
z@Qwfh14#e@3%o%Bw;&|pzuw<NzJq}N>pK(#M6fvo%s=wT1JB=A3~>K0^Y;@vHV6V9
z_=g4DZdp+O%nd!C1^v%=hyfrCLPS|iN(y)?8#)*p+c=upI{AunD+3=8?LKHaLO|eB
z{=Olll-`~K_0O2AXgF!e$?_W7S~D6L*?u-=bhEbmT@M7m8!zx`ZR}(~>Sk?a<H+kK
zK>k+_Uf})rXC`vezp^-43Xp5aeIymLbucF7WMpP!CKp5^B_-u|Ff!p)5`X`X;=n%v
zax*6<J6<LxS65d?S2jjl2U8{%9v&VhW>zLvRt6vkgQL5RlYtw9jU&b1mHe|FabrhA
z2Xi|ob6XqI-}M@Nwsm$AASeIb(7&#~`)TZE{y#0*IR0Z;zyO(kr!cWFGBf?FZlEat
z@2|Wc&E1TxG{w!W0h$4A2(mIW^Z%9qzf%6E#eXZQ@joSbxH<p5<iDl-XGv8@V+S!?
zYoJLd!T*`Ae-!@r#D5gzXZk(zf1||TWd7?bKxaWDex`rTnIKZ$w+BmL8sC_UE2scZ
zfXV*4jDX*F!2SCP+)73ETI)bQVF)R45fwMcLmhZGoL*eP__qPeGP|u(-*VpZR|*lT
z3BQtf<&ld(OYS0U4h6*-#-Bh=dmW_HA*u+oM|nw`4Ue#u?$h;&Ds{=jl`C~KC~b|R
z+11tLI?cz#bSIO?kxHTay_^C@u$RZpI;jW-1`G_Oi12?sSbc?w$>#Be6=IQ~{Cr7C
z5fJ|4feZ5!^N3s`Tq|cl;Sc5is?;vr7sI;#gB1UtGjza0iPq@&zE%8V4`3kc5fH#G
z;qg7#f9~QZQd02+*bi6||JC{b-}wInvQsu;45SJLMeRh((Wwk!<`~kLmk%=iVWz7f
zA<5?FAe#7p!b7=VVByfqvz$r1qbh^w#i2=|itB#3Q5?!Pl9pPQbh6_DpKX{Q52OF7
z8YG|^&A=M|ehw&V`LrzTyU)8lmAUau=+tx?5$9~3jLOy7<a2AR(mb9aE+x;wQM6sH
z!BOd?L)~nv?oq_q{O&Ozm_Jm^iU(8-3NPP0hW?t{ukf+8?&#f?9c!uHIUWveoG>Nb
z^lAKLS)}D|#~6c3UMDD?Nl#Ggc^L0iT(oH~<$uZrAS^M10OO7s`BHkEAn3nu7A``1
zrQPtFD7QtWNKN3!rySDW{>|L)o3G}R<7Gn(;YQTd88H=lHw@qLY`rdBagO0E)$J<^
zjXGSC3XZEAj;KRSPDB0=>GKoLCnFW-o6JgxVDsx>q58=}Ii$R_ZCxlgs$_1G>v||8
z+fIEf9p_bSL0ROq)-X{^(H}K=IL&8%_c#|HTazF+(QCyIBag=2xSJDhw$kQx*-zrL
z31KeLvlt*;GdpUQgzij9J&>Hb@ATf8LA#EA$>#;yg4yHe_j<F@6b}4R)*q8Qb@!<Y
zLtNFgnXAc~1Mgki=0t038@JRfmYQlASS6$0<U_-wO$;Rz?+!DyXO(K#&-V=v^rqS#
z%f8%=`>5d39G2d%1(S?@aEaw)!_e<H&9mgpx*(X%_SqiG$Dvc3=*82Mt+kw0Q_!v;
z3*|iF`96jnhL>fMAYFKoK&L)Yzv3<Fyg!o-$DlRIgq$=vRx1;VR^iW{X>hsAGW578
zbDrt*9GWi+TBnps>|s#MfkA!EJmKQ<@(Y}Mc~YkHIA)z)q+Fl`T!{llULVFY1R5#4
zE333#^WRe5ZzbuKD0;rw%vDjQ`#i&{RDPDA?N9G+fPysxGS)cuqum?N(BE&yMSJZq
zAa+yO%^4?wCGd2`^M>QIKlg@#70YZpys!4BFZT*ECxl)eu?79#HKc-^*$}RBbOd*I
z)%#qI=D|4XpNjOGPTD;Ded(--O|<U-iu@b_tpr47rrIvsb)z~x9Jx-cbqDX&Ei_HQ
z;(dzAGv2~^h?t^mznU$M0KZz%YJ0djiKaTM(!tfqjH<?7h9_=VQ6%mJW2Q{rzpulv
z##oSHda@PQ2b(cz)r7o{dV^_Ju;S@0Esdn(x>Sp4{0%`fTsY&iagoD@<8BF(J-f^0
zyQ|XxB%Iyj<`c!8V%Ot>Jngw|?qE2aFr`SPz^S`~^7i-I@@Qj=FZ!<chQnm@r#EkS
zD@}u&PIktrGd-o<*RB@DZr8)d%@2Q75-Y)A;~3?;Uu-*_u8MrQ+e(@=4#S*A#HPw`
zwrTZ+WYp(zJ^pl1D*Ga^+lyBO#*dtGG#R;#>5C>I8DML6YK$yv+$IPM=QF<3A9cIh
zS7rCSwbQD%Nxw>bbP*<1N~i1a$5#-#kS&xws^W3jM3@~uyPPx4oLh=Yu>`4d`71Hc
zZ~14e8KI~r@w&DJ+BEG^aX`$LEvbr#Y$r$0seMj#xxd_tvUhxle13YEoHMP@Q7u+e
zj3!>9DIOl8d&d99^y%q}R#HCHmSH80+*NIGuTGF>?RDAGFfGxgV~!LqgR;EPdk*l-
zYR+Uhs5FbWU9^Uy3hWWVpq(%@Yc0K_LMN|G6<LtZ=lZj8Ck>k*>(2B*SF8ELS1HQ`
zB&yQ>Y2QUp&*ur}>3+dhCEp3ZsdD(}a-m6}#`#Xq$*9?99VV_J`SEVjcREW1`iDjl
z)>qQU%Z+IB<F)>-_LqDTpGUH#tC6<T2{H6ZpO*(cV;8SUx%8g`V~6~VI(6}!Wh)qA
z%A|rBLrF{uwHDJ#Y|F2A_a_Tn6H_5Gysqb*x>1i1bGL0<&c2YUF+>Y3C(YNG=Q;_v
z947B$*v!{_%e43PmCAh|S@<z~s*?bPmH+$$6UPDpl%)I{%n+5G47YVe-kU`g<ou(B
z`pFh|NArccBbCsVOf3#er7c?3cS7xYZb|PW+(6#Xcc%TO#y628g{dO@ua3?|X6;ym
zie+s0szuh!>k>q3x^u%iwO6mE)%C!;;PSK?alTJasL@Jet(E}oi>0<d9M@Spbg_JD
zPU6Ah+aZvv;+ENamOsOy+=IBGG-y4f>gnlG%I*p@cU79-Dzf>>+Z&3MgNm)~<PDyq
zRWD1s*Q>W#V&87EoGC#Y>Cq0UQ+5u?IDo~nP}E!=LpE899L7__MKvCZSB3igbQMkK
zI?=Ap1zxr$Ec&uhz5B>(OmqER{fvkYSPMQsFIVY-l5F*^(23@&Xg_YT+jo!H_eT*y
zjq*`|BrM*Jj%@(akP}jJ<vy$HO0?8z;+x!?$!Sf{`gHwLqUbPnaxumi{pIF3_j0b)
zgG(-johBXs9o*|L*M}0Qgq$i(PnVMl>_!8tZ}LoC5DCl1)&$bH?aAwpSS;@Pu@x@!
z#DbNQJk8vh+8-U7b}~Fv(f}q(NaAeCvK?eeBEu+SY&;r)g9Xj0A%R`q*Xp+3FRGy_
z`d0&LIg7_}8zAlie(2;yl+Im7M#}x{kley6w0^sz44<OMya+1IM{_$`)lR>_-9^qF
z#q(^V6rmd~-uSe-6MI^dea)}8P*XV)bY0&k(=>&ujm`FrGB`43R}@8Rnq6AuMm18p
z42g_q%XEsI_I_p$zozL8DdJEm)k;X=w3ePORxjuZ3@-!~!Xj@^9?n&lDo)$-<wW93
zI}ONO$i6c<-yThs6nZ@MYPwYaWDl!a_DNHx|6a7jm;?G8e9#_!!Kn%`J*EL}KZ^B2
zh612vb6H!|Sj=6qp3WXlhQ#ZY3*;@1$k)q0HO98R2tHkmddlxyKq1zG%(y<%cBQ(F
zvIZ)*Mv-ufhSwkFC5tti-=%?S3=UkH)?<<PK7zie2xY%cpnoj`AAK4@nVQ(m$J2E^
zEwekZov_beDC8aD(i@g=OKBs|VKKEiH|bXsJ}dSzP`xITNRLQ|8)A!7=BP1?1aDAe
zsU;*A2UlH78Vbl={{7WK@tnxWF@@D!6-UkWuS0%bOzZERO_vtaKfo*eZ0HU~sD<5f
zsqEQ+XMOtMAU=K8==g#lo`lPw_3pxzJF!2aPKUWNfaW#`mC!Bn<nukCiGND?Y$bqy
zSa(G1DJxtR^oHXVg!>~0y1#P#HDNHM1PT34r)e=I>J>ThvQP3(ZfhsKo6=7k<5vCp
zK8=IeSO*o*d+N7uCwO+!iak*~90fhm^^XdiM^jgvVie%9DVVNCW%1Coxt!6CDCtEp
zg3w8}f90dP89+R!7Rsb@S}WxjXu)5Y4dF<U(0Shq)>ur3VPVn!WUbp2ewZ)OWJ?h6
zgy3%VuV0=IM8b_Ih$Q3!?_~P)o!C}5D<AAgaHaPhn^9-BZP%jBZ`rz{9?8d1$rT}K
zQ@z>B(+IWtdj0$`DW=i6GsJh&f-U`Hi)F=@%Xx4f)Vr!dSLg6UxjBj;zF(goZs72-
z>6ZZ8TZ~M7;X=dysC~eQvL)aE>fO)G2e3H-waIQThK3s|I-`Xo_|=Qut(N&Ey7MI8
zCz}q=%asez+L3oEh!fti*c08vnVhjG3P4%wAIw-IJSF?VBLAGPwVc}-9C7k`jdQn|
zS*BxKaDB8ex!mfpx1DOMq|T<K#(OgI*k>dz7+Ij{Q#-<aPow<(La9s(PA7ln+WLHR
zaBrxUN*i6rt}~GTn`+_&mrj!tqSqx@(#`3YzIvMpl+gVbFwS_@{=qe$#n4_pNnYlL
zN}bCQOol<J!nWg8BT<yiyg)j!B=*6F6=Ak?!ll-s&)X!WJHH|eC5F{hO5E(F<pl?f
z9?*{`^Uk4)M^0xab9(1qjUO!&XT*T|dls9Tzi~t^tSHLVWD76US<eMjyPA2G=)M@z
z20JII>v?e)5M^<!Qb0PidET9~*O!QUbOj(D4s5tQyY=OV29G^VWQ)D31akovgJ*iM
z&o-IOFs1{=ZpPu|sUVF^Uk!!C2gV77S!*f)F$|wMRmiXpg|nPLiO&yle+D4oD;nmF
zt$fEgvxPmK{T{&|PM`6%vNxPU*3BfAkvtRo87)*WjsSMf;B{`2a@Lh4TjSrjS@GG>
zY=PW1c8-E1WFM<IuYjY^bvqyQCR>3mbeva=;V8RXPEPN)6ZaTNt_*-I$>T?u*Z~V>
z(-U&p<d~4yj}t@@%PFRVXY~{mqFQ&c_Hto^$+?z)4dM=;v^~h*IZae$qwY=aC|+R)
z?B^xvPSsmQ-_JFeb5+c?dBIPUNm5UtxCP@ee)`ZIgeqs~P<GKxe;k0gu~*i7oS&Th
znvEu|0hQfis*v4i+?F@JGV?yDMi*f09oZbzOxRPMRcg2C{vLF+V_ugQmdjr&?)um;
zdw@TvSZ!Cx#?;Qw@1&QRRkqRE(@$W{J@1gtB-r6{5YW0>kh!7Cl|J@wlF{mN(t7jL
zI7z3h1U%w#Fk8Oka^$){k?l`VVzKfZG-1sU9h#lmWRx%FE^xalw%0ayOJ!(>R{g_-
zd2&915Dtf>A%xlHk^4TRy&v#0mpvv`e7=8bJU6Mc5XOdP_I~_uTSTY3K!Q;0EP1B@
zVg;oqIHO(_*^zi#oZ0|RFo@XW(4J%0_kh=Gp)NAXDMH_e$LB!CJjx%gQUO)>i~oby
z!?o(oC7WWO?l5g}JB#iXn{)LHrI0aFM@wRHBBZg!Y@5K#qoeuIQzX~&s_nSWt8q4G
z6W_qu2K$XE;Y#-<{(3q+ua)RFUFY6vS+7=4$#0wkZNWNx21BNG<_$J*d~cR&Jb2NC
zRuGw*JibW`$74rT#0yrt%VZSNmU-fhW<KyKpyj2{MTOG|k7{R>-p6}fALa|~jH`}m
z`Tu145y~0wxtG^T<|r@w;=1}xnTXiyQZXaYrr2km_~q$F@5@@?&NNC;ls=X<M*8OF
z=ES`$ktB(01=qT6>z5z|x%VNQypzeJHORNWva8GBQ3A{|Q^0lI$g^6ibRv1{7n5l{
zOBO!X1#WyZ^x2zob6mNowk2k7!3O;$`z9H+d|g|SA~++Yq#b_iAkz%AA_#ImyH!$-
z@W?(wHOyPR(AnD0DmZJidOHCK_kjPC%YWAm1=I8R&ckU2TJ|+Fl({%FU$ne9Asgap
zNf_LII8)oIyoLq*D`*L^AQV&qy#v2*!i)ai2o#c0vW6)~s(4R|wGU=X_WeYMEzCGF
zEo|C#R*KE9Ad<)>!U}f`WhwxdK`lL3Idn|${L5)4JnQC8wsyUZ(^2g#jQ~p_gbbuc
zyNW)w*B37?=9Afz&<WXw8Q2rfQ>ek^j<=f_CuJWSm9{?K8FD^W_A9}|kT$G1eK;s+
zBTHAeTAJdSI;mey`99B4lULq){exWJEn{I-k|dI3-c>)kDdJ{_biAyK3o@j)xV$aj
z<eTu@Cg)~~bnd0*n=Bc|M)7H)meh-#ar6Wk3}<Zg%Uo?<kw|1MTV+A7QA;BBs#<|w
z(p%U=9RiVB*i<gI8Oelc2;R%x9=sh8Ow890;tO&*KfkQHR~&Zo!Hc3F#03N(J(f(l
zV5(u>EIM-K1p3Kau46R~Qo9hDRhRaZ@MpjeW7qH`d-Zul-{8A<IiLpgTA$vRk?9E?
zq5m{rQhYXJ1It5mX-s8%Vr1bBA+AINcI=0v#=G4?c<#KTg&TXE*?ZHWO&Y5?6%|dE
zma7@<{W@<dZ#SCalIK3R1oX37o0+D~0@-hwnGVye0hTLHZ#;`*=ZtVyBvHiIgzhm4
zR|=7L)uX+)5+(vLj9C43?$+B#yq<Q$OwDy#>I_7#1xWuEg;MN>0{_2^!S|bs^wS^B
z+L|?jJbNK0KGoZ%ii&ke0v+3{$gk!EOH_olmm{QH$T-<nhSi3UUk%D5s<akT&!h9-
zlIo06Z1ZMSqp%e?{xU+@ZoWI;Qm&r}efTzN=UPp}`CfgT_uz1%kU@3;9+jZ5`lDrQ
zsqXmMT4z5DiE?tZ8B~CHrq?x%D~6u(-V-1$rF_S`xUrB#*cg6qb?pEbTfmPe2|vJ0
zl4{=m?!p0oC%c=be~;VMB~8=?%R2eKBb;L&hu7DzFT%j_Fi;xM{KNuZXxRijnH41~
z-{Y(SMs@ooeVV7m$LD^JM%n&*r<&>QuD;wGlPIT<nzp_}e($HN+3%yn--vGrxNJt)
zxOV8=Sw3)>O^_N}gg-Dt_MuQhZNj+spCiH~Zwa1>3tf$A@)_$ogGp2mB$2mG#O7)U
zHAL&w^@wEJD>wLH2A-#s6^hZxc;i|<gmUN=nZ^7Sb)2pb)4Gd#7@t>jIowV$uB?(D
zqX{^aP@_m`WbYrYz5K?wH&7C=6XRMg#uoNJ9r%&#jzr<J@z&_zUqYI2i_Qvq-3L@$
zr;gcrUHF$O#k`0EEJNb+e794)Te$N&BALsU5!g&gT?vikC0xkW^D4QG+|iUyhDn8-
zfjt$C_PrV4Mdr0xbmQ<1u<d@jSt(fG^YkxF^>$YF<9@7+Q_vH`Vsf5X!`x@xzjquL
zC=YopTgyUMm?WRY7RK6-*@+5P!@N^yXfoP|To1Rc(p`pKpGbOuM*S5*)M*i!GpRK!
zC$TLQ!?75_xo+TVGO*f7#%59Dj?RCYMb1F_fG+eHQ##k=9VB?~KKocF<d#1}w6jaH
z<`M7=3snNOYODdTk*1G<1o^$5q+Vg#a_S>={j6^4ec5gUcNY@6^=mtc)M9woQPVGf
ziGeUY(>Yn&%xH;>_s}c%I|g+I=<^Off#rNJwhiH#ayOc}WN_{`@xaty{zCL#%o+id
zvdJH-;0n&Ka?AB}$l{8^lQ`)M+k*Rg%hH***bV~Z{d2LSc;y>h#!p<kijQrK!1fO7
zEJCvv+p={m??NDN+-2)9we+b{AL2c3GTzQD`k?TN3xJP14)SdbFYJgartx@X#Tq8H
zGiNc$^no?1B<HNj-W<YWf5~LJs|)g|bSm3?L%Yc+K`j~%6EoC|-ulMZZ)h-1`;}a8
z{q%AKET-uAQ+33)zK&7x?yq=1l-@@Q?bhsa_}?;!^Ra^A<ZXVlyIdG}uBRl~*^7DL
zy27A)+N_!fdm&d6ooX_v5Dl$PrgJqGt>Q~V)U0)G)NWK{8(vxG`!{iB2kb7A$*Jvk
z+l1L;)ltxXdIj=J6ZG|MQ5$rh`oT2azJ5Hpn|~>J@0!(;!<=wNrF35Uy$KoC8kE<h
zV*M<(%Pp6qTr2OY!tvcoH2X`Qz3_i|)T@_E?sg$Fsf>G{^@`LzlQ27m<7bcZSG(RU
zxzbeDFy5Y#o%He<bh$B<@#;DZ=1sMFxH{XQ72eA2)VJMrs?lK;jgb-0e>#jTgMV+2
z3N2Ac7mmlI^eg#@>zLy9x3@FKx#D#*MX)xNrp(t!@jgO@NbaBt$_@8;<%I?Zr#iv5
z?Jl2p_6|;w>uEoKtDbLuu%Mi*Es57Gsl6@eYu-$$b}_4X^EI$a*w^0IXm+tSjts&F
zkC4u5X!F{9vH<PE8&(il)0pgyuy%Vzeyv?}(rQMl0UZ4ZfsTib&zut|uPY>%-uoin
z0k*|rxlZ8bqU_GvhtwC~-Z<*^;TP%+71&*Fm&4+rb(k$Dz_0oa#%vbS*CY~sc~;1$
zGnJbvRU_MGYfV&D^ES*%QopOQG0{0!&UdR@0hBi>dcpN*guh6RV5<kkmy|4ck!<9V
zQ7}A<zw+HZc(%MOrhlqeh7ea}Ma=N?tbFo0$XT?Y6O1THM7_v0^*@}tk4fB{T5C4=
zbd)oM&2#A+eCBni2gNpLBM|2?EwmrXiF>v(cQh8G3#?`ow@Yl>pX3Juu7XLt5qLa)
zVzL}uLGk?pLuOcAS!E}f873k|$&dKXRaTGj%IH9`v;h`q>M&g|=jpgPZh8cd6^7?a
zKs`FE7_f_zfY1B^O4NpG-mGMONG1FHN;w?|#C^xJQfCE8G!M969gpAZWj1E;2~70Y
zZpS_W0$|(W`_*De5YCgC&JRK~G#Vc&Ez=9oW3t5UYVF-mh_m_>>2vNVN$AHSCMAl~
z&>!W`SW>5I_CPIgt=N1Ag@tf6r)|5d|KQdjG(-BiduaJ+ryVt+?mYzZz@wqn^0n+>
zVy7_NvnFqs2G0uJs~^SlG_1>kL`4P=9}oQC_2pWpH3=(H+4p=b>{k8J1@+OFu;b~y
zC+|vawS<^{Sxk^m^AMq<C6+ZjB3bmPVdqIF{7jn0bhf&`yg_)K+*vM2<xToQUR$h7
z8q%Rt8qzo)x&&E&4)Oq@CGK^h$izPw(zxb-F=YM<U9&AH%0G{(B4!XJ$GQMMgAX*C
z9DW|rJ1+FngZs|E_FdFgKE*HRtkF7$v9vj>E4v|D`GW4VQLcU(HiuiY-TvYC<gh{~
zDe@b&PhaUx?s6G7_zdA%1G=Ij_CVY{B)m@Vv{9e+skUktijL?WBluq)FS0%U;=gy;
z8*i)ISlj~s;z7c!;eN}9qDlAPs&muTVr7I|BR8^kaRvh399T?<difl>ytb#+W2ndT
zawaHm5;alAYd&|lkAj=NnP`}+#m@IMNuK~>w_S?;h&QNL55L_9LQSW%G|!08-jVA$
zm4*-dO5IOZN8CQoC-Dw%Z$Va(%2U|ZRu4bRmZr6Ir}sqQ)m-JpxX9CFKbL1u7AUA!
z%H~+dnz12sYfkEZuz!Np-9cqj6%r@RNR@MMceHEE<wJDSwV|9hD-6ROklA53{}5`Q
zFbCG8Up*yS-$PL4YsoNqsSUU$GI2F`KffItmfcM>JMhA0@qpKZaDhC)XPGqBk|!lL
zA*hg-hc9s#4<;dwT`QWmfn)yUAL%(VMiIh?(1I3-gkxg+t2X}TDTTwbXxOJ3#CI*i
z*{!Os(>qM3^`mz6w!`4#a1YK&fmF@6nQ+GYT#F|&xwP9vE%jYv<U-R7cQpps%DBNP
znxA(?rkPrJwsMAJ@&{i9N|D!fou?CK-tON-;FA<-sycpOw&iWVI*RvRuAdE4**T04
zn*Nx|`Jy-@Mk$l1q8L@B2g#k!&KKZ)1-{ihh*3=>1opsZ+R0i*w#Us<F>9RtCg<HP
z+q_RNic_&B)}qsw?+Ieviu}={KPH_Cbn6e6XjUWO61#|ue=&vwyZjVON}U!JG1O<^
zVyM@FpSPkj9l4zVui+=o>Sw+2=OGpN=9k&zKpR<q4PPbxQwQ6+nTSfC_+>NhDM4B-
zCz6t_u)E^18zP(MLw;sx0I)dYkel%|d>klnW;^&<bbdDDoguwb`sv8Xm(gUx-ma8u
z+{CaRwmEAS&FAIG)k5=Y6n2@X!r+nain4jj9+JDPPTGFllItsT|6LDK5}0NesM%V8
zuR5Fq?6~v$5ZaBXD1NWdn!ic(4-QI_&2#3Nj?s5}9`q6N{U~i2nX^bW+G7NzYs8u5
zI-1sB53qwoO}>mKk>sF?!o+bBjW~b2Cx~i_^SxM<uGzRavpUv{e8+^nE;MtL^NU~<
zGWf*KXw;LpSWBulz1P);K4;Ugty(&6f&rYtc_bhqKKa(=_N!*Ae7X(FQedX9$4RTg
z9mT}(>r1(kT4<U|8%Vs+%j9%PYEv_}pbX<+iUeR|Ng0IQH9|y{`)g(h<+kC_c#<&Y
zD2G4QNYbKpcl{FlQ-c>(1;o1N_*7<?mFu{ZN-;Ke;53u#eO=$OXxI~yR9Zi6n_TAq
zi$Xu0V%d>eN9B8*&mk{@_oO+`=wtfW=zadAd#BnCVbR#0o4ll3cJCLFsk2)Ch3g5a
zVzi!F2cA5R^3?l=PIU816lkIja{i{suPP{opQ#Ah<`I~$`s>Bu3p{JnbWbPEotD?4
z@@>}E=LSt(M^l1zh-&&+d=%1o<?dJz3z%k@45KfzLhE!))rRxivqi9vfB@I`xg1#`
z^!|cO?;x!@D=D=LbG9h=vSEQYE+(F72ka|ftbAfPmF^xW=hb!HahUoWqm#JuPL)8-
zVwST@{Mhz~L$uB9EHN_he0O%^XbL)lx`6w(=cGG4Ef2S83P%J#dwMkatTMvQJ^SVP
zdZB#rxfP>{sLZo=QTKA%yk#HhYYpStvR45oeMnm{TrWBpEjV|KYmrN3BYz`^PpchU
z*J<`HC=OtkB1sma`Vucuk(pw3Jy4lNY~{E5&aduNwCE;2wV*4KmNJ;_+BK+a6c~4j
ziF8|{m9fh{r+9z2FX9t#=gk@>d_kQ}`JZf0@(3Y&YE!?71*30oY0UzBBvXNRHY0a1
zc_M>N<5OBqL)8|8SiW-+zxm|kv}HT>Lj*PDYF6o5-h0ZC*adMB>*#EQx)8J?(Smk0
zsUTQ6OzVW&2D3W%i-6fO;wr{21)j~xtyw}CzCgWP*IX8of+N-@lrxQ}^>$rmpGN~Z
z)Y(d-I;^%B!3{5oQBxXuPRp=2Y|BEYO83NAvPPBsdE-4^LG+J4tk(ihPW$(o>E)AP
zC(+yIhZDzw&pFB}&O`^$ECWFh%DmRJMVXOx?>*SnzeNZo@AY>eK=Fqda!yI%QQ+Gi
z?eOOw)f#4RU23g3@d750=(h=ET2w3-^N$-?ustEze`V3wvcCc6$}k?MAXs#b)2EMl
z4H@KvmORq+mDmVUajKI>kD&nX(FrgY=9-65F6VPP)%mr>{xjU$z(FLUW4=85NU9uE
zqC=A&W{OCVIZX3WYZ_cXre12#XWQ!x0gqLsUs=OT3OZ-=&%!Yuwoa1FEG6Sy*zUe%
zAU3jhvcXGKJrF`SI#tA>-yAw!DCZBz6kKSPxv-K7vF&m<Tpw1CPb@Y%jxJ<h>^<s4
zFkzI#1=UjUFQTZoX&svtb;oci5pL(5e0^N3!wxB~tb5Q6?#497?D7)hn8Cl3ZvYFZ
z#-3K~a`T+M8=G)rvM7$jbeo3`Ed(|)3S|qb_qb#`Fh@AXXRbtOp<X)s9k+&X%z337
zOeyDG#+WN4zHw&4LN=`h9jMkZ=lby^pos-_&`d_(Q<sDH``Kc4g1jwrN(rqOg@e(e
zKqHv%pK|sC)_9qD$IRXNy(3Jk6+S*!aTI#CvOz1_ck8u(%xGPhW8*3J5o&}J%*Ah}
zobL{9FX11erlR_Bl*fAi>3cse{;zeUPEYDnKEQrG0Bl2G(z+<pPSVury8qE4*n2I6
z(}>wWo$+3$!n=k&@mKy{6rU2&WwQI)8)%qcLy+22S#q5aGlaG+Qp^f{4>PR~-Fx!{
zY|$c2=NT2I>`K;f{Bj$b2={YqCZ+e6?kY#MmRQKtIwPj@&KQsRlMY`>fsIN$t6H?R
z{Wm5LKU9iFEVGn})b`nDa+kZYjiWkMjv_w|Z>f@S-J0XCCJ?8S!Ejf19rD%*R1so0
z52+9D!3w4K729apH0P#!y3CfCAMIyxMBQogQS|D=EMvD^m~?pD%v+Yz?f7m#_;Rmp
zBC02K<xP&ytZ2rytPz(`HMt!9$Pu_wd6~#+ZtCz^^=gz!V%#qv0{3Ns8lN)c;j2IH
znrn&gddN%a9DDDF&0fQ^ig%4Nfq^wYSG)pR@nB`DDS4ERrtu9IoWq_zHOcYZ+8(gC
zk|e)V3)nGX@85Q8v}TumBMpe$TVNs1R^ag`e%QtMt&_k?!DQ95oFio?YX#{Y)f_W3
zg2=~#-IzC+U9}zr2c+%TE=>i}Sh~1G)CEMw9!!iZCEd&IKA9;;T_rlT7OK<FzivbJ
z^ock)<c3(PZ;(!)5!i5vzFZJz?f`fH+_yPM&OsthPYp9ZVmdI~8PVYK$Q7rQMs>lB
zz<X~K*jXacr#Eh<L7Mp2GcD&sbbIYDt@M$mI&w7}ER%b}YE<%Rg>U$DzU<{$VXe?a
zhT4}=&Qn8%8JL>k_>s>ed*@)oyIAf*^X#AZ)G-qAx!8?NT21KsJUK7t(;by?%5L3X
zc_?8v1979(CU(`Wz<cdrc+hGBelFO=*VM9P;j2XOw9^6LYb!Zp$fp7O*jj8LURRl#
zlg1t0>&OZDJn+Nkb|5ZkQLfeO3}P-KVBeLPUaP^fE^p%Ys%dg*P3IdasvbQ}Lq=~h
zVKyya@i-B<UwNS_TF7S{PGmAX+0C^|H(c`KdK9TqraD#Yf4^N#ZQnM@<HM#e3Ar16
zwZAPK5XWc&tl9iloV*WGi!$-7vLzdMO^=_M!|dxFcY|FaqT+`V=rYF?zUp}`u9_xx
zHrN+wyRUf_YgFbm1=jW#9+=n-&7ymIJF{(7W-R<=3dhROv^J94M{AE<ps|)nj^&e1
zT~Rv;!7euKi@R&$Q6sf|YM&918x0O?sy^pQOX~vh#ysi@qfV3z{0Wm!URTrmKlxhn
zGHu%JA*~r)_$!X1Rtw6K&0A`OVkod|yhAwaEWQANwtYgQd(Msv403`0u#ECt)t)Ui
znI^nUTNc#*iP|L2Zyw>uf++ZtaZ?Qt_!^4G6LTeh#UemU-MWy8)9NYP)ZeF=x9lRh
z*D$(><KAE%&NG*Lp$h>apQE>WZ{K{wCHv=ku_!hmNuuB0Vj-=JLZ`ul7jXRjj56n1
zD9aO=<af)*)jiBItCYIgHrA0oI$B+*R*)(T06X7v&^(Da@HjbL_*!p`PqX`)K2%Rm
zHrQi7p9&P1l*bU0h`I^Gn!lGU!t!CS^{0wiZ9Z;dyL?Rt?n7l~Pi>4-B^A^K-S5{l
z6wI1#ym@dnO#i{D-OthTNP4+F!_g3x70Ox1_m!rM6IG!#HD$&#u`OdEloN+hDj~HF
zF(JFJcijHyaGYl4Y*m+FU^UUqumXVyl+)sZKQ>VTI}(A<Hg#wLL=fGCcY-E}_kT?i
zK)*-$LW<~&eAa%yFJqh$iMdPXwv@ZfbX_~EyXCbkq-=f)9|g@~7wD@=<hIf)%lM{{
zEUOY)O7iw@C)3@I#+k(8F)A{0qe(B3;9R!`l`tcFpZiUXfd@;BX{!xk8`iSdjgIl)
z*A|1B<*gaU?5H0JW**bMd%1yVEboKA(!kAD)ZYRJp-PsYkeOOSO66@navR1#vI2n=
z$m$CXK2-E#1dSCzk87*xqK*=-vThc<mbeX_0C^yy{-L@SKLfF!oSWRoisTYFx>SgU
zQupL{A&%mkMdY@ZhbOk+!?TwI!*kbP=D*67zH+~fr(K9qHrCk%v0MPw%^{NXdf3UN
zj2Ne%#;vnnP(wvA7}pITaf1&v=nnef_;^+vP53B^zJ}fU6xL?)WU_l8e|O(GUT&j>
z`@b~t)y)BaT=C%Emt{*&z}gMr!NDz^wstpX4Yztd5Q+|V4`P=w2Fet$xspqE5Lm+x
zArcj4{z5|CZURm{C|;pIKpp5y*4U$ag-gXzVa}URsULQF_u{DkIB9FlBU%4k%yRop
zq~ChE#eMOaKXRD%wv^6$o`j$IFBvHjj47WKcKmKC%Gg{rbZm>V`Lk1AaIt!FQ~^ZJ
zG$kVh$OiN|n}1YpdFM-S>P8>to3t*a%NcE(ynNGqEmSS|af*a;VB>oq>8_ShH?(fH
zEjZJKJk9f)-IOtQ*^<93cq-WGw;+i1+ug9kf$YV7%6`W`BN(P)<3y@nR=q=7mDjoJ
zx-7u!R$=gSCjH$P+t2w8Iv5TT0$@1zATfeu8%?obG$J5=Fk-~l_l53~@H>RIA1HT-
z3JiC5ce9c%JEGuaCKh_vV}pt$m?f9W$&nj4CZanAtQ00}<!bELs)iX2<7RF4HweS*
z&W&iWv$3p}fAFO>W|;NkeD6Z!C^X7baWLu~J~~-SomKid)c#ISm}=v`5wP~_hN-Y6
zOM$NTFepd{`jRhw93}33DeqeYpir?*K3sJ~=%nPyxZBDu3oWCNCfwR}$1B3Oh<)MX
z0X765<RzVQgg0xuIZ8x=4B4OBzS^w|@x~$ShI|(8l&)#r$2!hMQt|+H--0Wk8Fwf8
zd(teR4`)96!))Xh-&DE&#HV<Et-%I=<+O;**bsAUTHd8G9;ENZ$qTvS1#fCj;e@q9
z6kzvycO-q_8xYFmfBFn8Sq!M4zxU8n#1Ns#ruaty=VtOHNxW1r9ZD&pyf5wjGw)EG
z_~Frsu?Xm&V&UuhB8aWuEAFhFU-@T}Ed4|@{!|e+ew^}6Je_x%(vtsz3$Abi%_0+X
zTfoy*gqbB~-S|D<Cmn~}U~C>gt1k}%%JN=OSH*T_K>!beXFj_SK*|g<%jCe%#5Hbk
zM%CX!LC&rvYTFp}Cvp{Ksy*3*0nc;tc~$e9-Gx|9Z8<?RL+9e(YZihwmKaok`98UJ
zO#;j(B($~v7W#Zrq`&h-e0jNQUWz(@_aem$eZ)m*Sk3W^KEWA90@L~}cs9DsEpeuo
z4tza-(^1`0hrPDx=uh!8*z(41W!$wZ8rWz4TN97l-Pj3LL*3`^)S1he<?gWA3&y9p
zP%YdqLY<K=luiX404HNEgx4W0U+J}12bu|;l6p|I9y(}$t=vYgHsf<SB=uZe_OMN{
z=Jz^_m0?tc!L3%j?+*6Z9WcN}x0ElDC#?a&t*^NQ8%=MP#?xJwF!m0Fo^L6l{n~>v
z&7o#81<nU3oVG!uQv@Gd9yJX81sniBAj;yq6I7hp2Ek0Ep68haf0wd)-cr3SlWlWF
z8gLl0<hm%}?yYDU^*luO2bv!r+hKbvG=nqk9(P%!A2%$AeCT@>&MVA?5ytq+OE*H=
zI9N=)%3HU!evHBpq_Y!EAU<4-!?xfZq-I}r+!L2jm#wk?+L^7%>IlXnjs^C>efEBm
zGVn$)b4h<FEc|H@q{epyy(SLd#h69xZ$>V7-P99{aIq22ewr2fRCQ)B0eM2O*|`cS
z*!G%!cgP!WWK{xB011WMW0a%F1Z1N7dY~yKR6Bj%`RA&i3$%RrYR?GcYHMIF+xOY+
zPF~_mIF@8qV`($5iZ)Z?%8Z*7%W}C3tJNUW+|o{zW_;gi27X81PT%5kd5&JLlZ{7U
z-%tgb_M}}XeR!L}dBK)9A^GLD$o9hl-h!Po+MS=>SGRaN^(Y4FpEh&B_d%dT*I$>o
zC;mF8KNP<68r`5AQip>yrka;qNf1GbDfSdw2k=7WO`vm)@uSUQGo32I?#D<_spXxQ
z*-S|zfsxpq^-`0B=32*Rcs35T9CPYiP=PYQ?eHbe%*i3PH^7mK5i20fWz<cJAj6L_
zp~j$j9&N$a7lB_~W}ahRm!NU&%dn@f_2U8Gt)OyB|MAv7+t{2I`WYI(q7JKCQ6u&m
z%A>j-PRO~}^1<KqeHS5g^{@9on?AvrXR{4J`8CF``@DE)-?erqy`vAU3W|tVRr54t
zCD-HTe~PE602X3vMia&cv6DcA`+UX`owk_4i)7`1lK(5meuCoOJ?6I|^_?|Iz4E4Y
zO`D<NW4^E&-FxDY=+(S*VNdG2#q|*Ww0VI=u~Q%tnah`fBad59H@e4rj_itl!^ZZC
zNl}S`L|%$#eV^r2RyU;GvN_JBG3<m&2{@I?<>wx$>_7YAa{y7gxhH=TgLdMWh|G8X
zgEOrJ0*)USy1j(v;GA{}3HAJ(Q>aK0$Pt1j#2EA_kiLZp>SRP|*7gW!lqw0jRMBD1
z)<svX=B;YsLd0kJG4dwZRc_bBdd5dk)S=90*2Hn^D%t2@-mp2gk>fm<^F;BI0_LqU
zwbCZ?cZBZS9^f2_sDK`otk1pDj|Qbh1FVlIF!;jHEZzQdL?|H==lA8AN9uU#%lzwJ
zr8>=ttm-=TjNfpXbgh=rJfgt5C7GfH?!93+=KS@+a&G5T8Ie`|_UjE*b(Lrz8U`uo
z)&cg48D^@p*?+@7YZ%UrVWodkcPz}<eotzx1}Aj8^=fHxy%3&)CB)c9dzZ5{wP}-+
z$&!Dn(;q%g$7^S_hM7f@Fp){myUr!G-ycbPbisU#1>x(Qck407sN6<yW>akX(KyJ;
z=JD}@=^g6*jZZ9m*b93N;xRj*0ljO_fVhQP%$5b#k;_q;(vPg;&q@~K8Lj->>|9GJ
z*5c>NZQhrtO6qx^0))KpiM<yP+qubgzPpV7rRvuHq3X&3RrlhAR)7kQx)$}@6CX}A
zEdsGeoEo-w84o80^|T$;mBA>x5v}eb%2PQw>!WWn9H<w#YojT3Vi^~S_Y%Y>g(?ET
zzysc}g=SESDubNR$U`t1$v8Gm=px?V_>NOwh(ws0Rs8WaCUga^kAd<y^f1Egr5?E+
zZUN$vqA)ek4LZ#(m9}BpxgSL_5fOf2T5}D2xN8!jad^|o!ur0EG6>^{p4L3MWZC=S
zD7(Ob3PT&?Xj|eYS<@esf~G<E0Bng)Sw*)c5=IApKA(^<<xu+JQ>)KGG)6f5V1Y+<
z7@XA4D&s}J#hmx%my9Gj(f1Zfv<XVnbP-tO9&p!IXncdALP~8`Bc=>k^Ec?^YZeCc
zO+<eQV;#C5mn{mpA#R~qa1=kEx`M#*f~{%(nKni|O02>)sU2{J`<-PzaF)IB=(I`_
z$=%{D%p;aH&B}*?re-GYrfwRp9;}@7z`PP7iU5zdGw@M_H~Hs<Zy0rL8t~$FxH(Ey
z1M8@d@_LS>_6D4}QIPt#v#SYa@`aMhv%mXyetCm_^Qn>gH%3R;Mz~|&5_X00k!yCf
z8*y^Oi=>`IaTN7+Xq2C@3)yOtnQ2nX`6rQ8Ckf#Y7u=-7-v>>u7lIriCXty;peoAV
zj7eO2FKg0ksR$m!q(*1z51wn8R8Sxy!>b0=xS!|SC*#nh|8vUhf*}&cJ89lti*iBF
ztaOX4U+$d*>hxRXe{%$Y76@pN^b&`^&fas}ZuLuw+Qoj5_Y*#T546jf=(Eu$=SG;{
zHRNbMG4`WMk-@#@Z;+8NqbLM)zukwhij147I>&2J_$r1f>^~t&fdHVW2;q-_BtKza
z0Cs_fAv-AjXFw1}4ukW51D*cD3L#(s5D-W|8coFi#990eeG;w7L;C~J<2Nb_k{rNc
z2s2aC{Q+6>yY7&>seg9<KXQ-?!vvVYBjg)V{uj9F?*W1ndH)-C^;Z&1h%d$wL}z@-
z{{=ZkHm?LvP9D?l#1>Wx{&tRAEam<=?0p0i<{$D8jQ&QejOLw)-u#kI`uJ&Mnensq
ztN-Zh-*f{2SK9j`8ZbziLf_6`$s!O++WZk6mL@73a!o_OIRXcel{0IA@(;Cjk;X)s
z1&7krJCH#I{?L=^9rI?zvtXqCFQkhv=_)!<&9mLGYSB7vnw-SGbN(ac{>SBCpBtrJ
z71jPQ+2sh|Ddr`@!qm;nNu@pi(D-jMPymCWAd~!aDk;S8xq-+rBKz~)m;uR_Z#Uol
zITgnD_w)$I)Bl0ozwvgF02fCFy!jVb|F1rLg}}hbA%X~r4g3S@4w(HcOpKh;Z!x)l
zPQ`!#Fm=!nidFv?Tpv4-%z@?b>Ti|%pP8V90pWxomB#(Eg!uxpTlZcx>d&dd5WnRQ
zLVQs4?<pbWh8apy_y__#Af5(UN@`$~1F8rg_+pF0wBvDLa<G6|Rn(*>kN;~Vjd+lI
zq&v%1c%!g@T8(je`|d3z2~gzpH-@l%K#KQoB7Kz=5#}8LK@}U(B5cyad?y-I?PVB3
zf>I0xNM1;fi}{!Ee_agsb&7GcoeSUg6aEOaiS;TrHX3N>7SMWidYf<4|E8XBJ}D{D
zrtDW$RvZ`y9H^gBn?KfZjbXnQiUV{|!3{_FOEiU#C4e>?>klOyMM&QPZ6YE`4N3xo
zd<0~Ffyp6O{;vT?BV3-m#7mz&UW~iTf|_$=;CWmV>doj7jNqWaKci~sbpys2R3nD^
z`;|dZ_VGdr#PeQn180s`6fRtj@>X0<at*2Fjo@Hn3xLiUu>liR-3YOH1`s>O1H<j%
zXi$1i+qRYG=G~Flq}d+n1BOm40#qADp=xf5biIXKPWdG`vCy-TRr-7Bf{RhA8GwJO
zd8Zb@t1g%20E-;Zs}CH)VyCpnei{mRa6)2XsZ{wtoV`_4T*0;l8WIA8;1XPd2Y1)d
zxVu|$4Fq=&?(XjH1b2eFH5ObOcYT|4&V4`c@BJ_a40`n5RcozUGUqI&ufAvt<e9P-
zA@qJelz>UQ`$>@i4k&0NmTgp`I9qPcVliF+DWNJ_us;klZ)-4W=7xZ0U+<;U=s<wg
za-Npk<xHQuxHisgu&+-(@WQx6zS|E2Jx(CQN|!!AAHU#3`Fdi-@;7qweknyYJO2~n
zy$ziFi=AP`kj?(@Ey6+htL|n;jSz<(6ZTIasPh;nwP`|dqi2vcuNu7ZFS4o!*NCj4
zO{tr3!8lPw45ZIkbVKJZ|5m@Lu_u^qwGYwP5;*W|HtJv4_C<a&F4ozBk55{T8iS2J
zxP|bTe{14sMIuswhz~WZmySTBEC))z=eQ(XFQhe2E#oy#+chDFZn}tsVia`9UF8iY
zP%FK@JOlV|>sg8Ad<pcHtw^2(ZFGw8yui;`q8Z^N^5bHFRg5zTPrXIM+IPNa{Zf<H
z9Q8$)<CanYy9x2JkMx_^ev_Vef%#0~B!CSUwyO&>^EX;3QOUU28NrGr4~_${98;kx
zmLDjWg`A_Ay5t+B&9xGmP8UmH5JuC8cXoygBLE2_C`s+km~8v{k8dkLWc`pCd67;J
zS|(d+Nv{pFf?bU?^CThQQKJ=8Q>B*^iy|nBTCmQ~YO=}OV)u9b3+u0I-Q4~sM-+2-
zaF2L7F4;;<ifVK{yl(NT-E}BeIR@4|Y;b@|hf%*e!*p}+1T1VHdoyi7Xf@wWwuHxS
zlWm%LA_vg-rke70Ie+z0QEN~)WUODG${wz5Z4}4IKy!HlA<FY1zQBwG2!JU8f^{Zi
z`)lr}MR#|84p;jMsRG`F&wup!D>U0fZ;qFGGYZ<2OC8Khm1{^E_?y_+ELK1<U_N)J
z8DNMZ3JjT>Vrg50of3vIU3c5f3bX6nCv-JC4V1E7VONE0<U5i2w<qLi)T)f7{Ef&h
zyZz3UTTL7#H!iem9Yk>Nj}|IqYF2WjwVQlHuI)+{xqMA~4EGtG=@-Z<qgrJ1)SlZ0
z<UYt^JWYNOo#Nczz{;HQHCv9ciV$;(hGZ|JR!B7)*5w8kt39V$?Kt?YX*b3up3yd@
z$p<a(J>t!)7(FH!Th^|I^Cn8X&h1D|VPcLb`96(*s8`o`nLoT{wHJ$3oRO@BMZ_0;
zyve||a`G2Z?MKbcP!Zod*#l12)g1=#n@>SQ)3;wK9<KZeOYP6(xJ6E7wq~|AwcoPM
z!AMJTK60W2s3f42PqOKpzFv15Jj3+4I-R=KBCNeb$G3#Rhl(fiFgSiE#5^(BMMn`6
z#Z@M$FS>2Y2}I&f*QE)r*#$nhW*TYDzDN{BXg9>yH)%<6ghD#EG-@XKABHM5@=B?*
z*en-XYYV%G(Gy{hm+;yx^)rU4Sr|vdd1YeTBVpG{Fa8nwxn|B8@$5VGA=>o2YK-&S
zpr@EB>2eFX{#om<WpX(_H+<sp;H>)Ydf3IXtX{Wjzj0w@AFWEwE^u9`lu`PHz8G3}
z+;R}>_$f*CJexYbIpd!<`Q~P^$yATSKM>)=#`<h`Ksu;4CpkGXs4D6g2R3wVf>{!k
zf*%Y5b}@gls$=9uOK1LS>zwqY^SY;$ghWZ6@w|(dciP0uSue8r?&!}a6Y>LDCFr+F
zHh>U=QrXrR{$)I(sO|gS;^r4+Rqu1)!auKzp~0e(-Ej*b<BqIs-jr;hxc7xUagKCJ
zUFnu~x;<%+XFrumlg#oyPoW(1nUmpgRCPfl;7$e*;dTl9Wf?iXoF*pkz9KS1uL?Pl
zFv%`dfbd#;|EW|chJ<3!=MURI4~(r4f(E4{-c}j8)`}%IiDKz|<qIkPhU{x<pX2a!
z*EhZ7U3Lp~xs+D=7t<7_daKS8Wz{A6<j+v$WbPajo2d^Ndkue6T};WBkXi`rpaShN
zC|2w!Bb9gw@;nH_#{r!HH1jtt0E5xLkL+B+6-$J59&}?SamVFI#7h%w<-H*8-;I=Y
zaqNxn-*-2De!Sc+>UC8zZMDZ8YMc?P{PaG>SFjNcQY)=XA)Sn^P}LiRJR>LYEDk`x
zLa`UDp)Z%>DB48;5RY@3^5)Ka=$8MZT5c(56;-E>{SHDVl0BNQun+wO);V3d|3VST
zQL>Z+l#$$!D;CV2)Z-)=WQE;Lr6TDY=~_o!2v|o37)Wj6Ony*i?1*lm1!?6OdLy*>
zTRA<9QF7}vk%GB(3PLf9m50y{34BN!AUrQ~O|_8yd@=cjIvJ*|Zi*pUeg|<xr>>fH
z1zncTMAOC$T7-+;k5iRZn+#~V*2K7@B?LpF<MS;^1phJ9PfX<%HVV1eYzzwV7MR~a
z<g(mp(m#U2%5Dg<@1>LXYJ^3sHa?1(2Sydi)5h7fP9~Z*EMJ!2obtq(ZI@m<DKJBD
zNBgs^)uqOas@7Vw*8Y*R!MZxF(ZdZj3X1?scz_y=o7?WNqzG>I@{eUCsw$xAC8QZi
z{3Z-E%MrN<A1)^Z4glgv{&U-{zNkM6B%H+Mq0sy3ykoXd2Csm4{#~VJLnym7`0w?}
zyPP$EDiREjDM>C3jHe642oDNOTIBRVvgV0t!A?y!&fmg*-(T)d2gfjEz5hCjb2C(_
zRHU1XUD6a_78FFak5t<*Q<Zh%z=uC2s>!MPp}WiKVBFhzs&H)SsO_&rRCc9hTkVk<
z`BK?Jxl$j_7nuIgFA94{iwdi2o(GRGRHX5g(u4kuZE$GFMYZr3I6`|npxSeM9?#m;
zw?k!d1J-Z#5B$#!Od?BX9tUf!3sg7fXA_ZTp~laI0+JtP^PS6s+Z!L*EJ4digt?jC
z49Eo&p>a2uk~7yTG^HuW2HvlvWIQy2Nv7#Ha3I8~m+d&YMf1s{gLj>0J)b|-g%vDK
zq4WTLE%ruz(c!Ja0#XhUTIW82)3(cE=Tm+QTT>1Oon%&X#TMg_J0nR&0KPy0VBTO-
z2|Qn+BjPY~s=bTX3U(TbCI6FwQ^0)|#ka<@nQEnT_m<V-@W8AJH6C3Fe=j<U31*-E
zvHH_kHz*Y1e#6x5FZRpoGLfMBZIMiaWFJzT$d(=aR8!~>Bx?hq-jCkL#X243A5wvM
z5b=GVebl^M_Qbllt&+pix=T({jPSmEU3OV68-*8YA}vgJIpwJ_JugF3WLoUeav9s@
z>rG-oI{O=;-xRoDn$|R<d_x`SOVpYIY4*4`H!Cx7xZ7uH@m%|H8I$6Mbh?>0US5Tt
z6`|cm+q=7&6#q@A^9&3TUYeyap;nLmL;MfQ7Xax`e$027%ob9v)OKy)um%|Ca|n4V
z6QP(i3SnQyN<<@4dAHP~0Rp+mTSJ&mBi2h#l4k1VVuaz-5pY&kj;@((alXo20W5YD
z6WWR#k+3hb05R8wYRJj<-BBmddoGS0OXrH4FV`>}`yNwIA(N_@K&=9IG=;wOboYE)
zRQFWkO2ldFv*x;&;c#FJ1wA3B$#7@JRlRTw@SjS63}?1fg$C&HijOQl=mY$=#@d~$
zu&OrZ)Kayo$~Jg`Yh`cEw#64=wPsrbTy_U+m2zc?xgmNTn*w30aWj}%@>%rlARJqV
zcYw3NJ^-P7)GWuIX7|&lPY&Z;dx{Wn!<^V#UoG@1sBXXcrsZf+_?I#DfIH9Wa#NIQ
zm99*d*Ms>!&OCY*vnUBz_b^!{(d@zVygzB$y2-I%-TO5{Gz!UPNYd#5ZZkRM>wZd4
zHqT$#46mXin_%{{fV~UcITtO$ll-1^9Ewp}q@=n3+C~F_b&nBmj5M_wY;+xA2X{xN
zIlL8Ia5szZkiINQWD^Vx#HAk+o|xBW^mt~GL-8nrUbvxGBlkV*+Wts>6sa{pdg)HR
zW(|Wy6wHLYKg|9Ui1qho`&ug=$Mt+mEWVdDLlzz4FI|5+`aRdvpk&j*6jI77U!5e%
zLtA5ON$(|8@*`c14Y%nR0gt2<&so8Bd>(PM7Rp~#5FTKuc9ibtBFXn-9IU@)#T_eO
zwY{IOXG>;eR?a1^V~eW{e?w*LKz)GOmpU{<gWRsAiCQl=s({wQ13X{(U!PcT1-#l^
zQ}|GV^oleqG}%tlqZG^sB8bF@#*$+wp4)HNq>^-;xOPm@U0KTYIx~%*Gq@f0v&FR@
zZ#a^h=KieL>z+?>`|<W1s0~JP{5J9p2WAu6`?m+b{J1BJCh{aR^t|px=#=1!(gxt{
zM5DX{J01?p<gacZJjLB#EIs?AM|%Q4n=e-99E^@RdUfIZ<2kQ7HXZ&AVBU!XC^b}i
zALqOCUZ3^^W*d$m+Cd{JQ*&JN(E|5IoeoGJSx88^G3MF8x<~5VLV5e|%W+d#x#DyQ
zcz*9bar1<dT~dakKw#jT1H-0~TDW7Nnm~9d1O5GqjugvwH8sN@*c)HD`*i*5m^lwn
zXRpg=MFd9ZhUU)!^ohi$osn<$Ugc@)J?>bfpwCnE^2D-3vFYhff~q5@%Bm0iylZ)@
zV}~sTSwH!{6FTu%z$BO7p7G@J+nNos&&s+i?i^fenxI-IhuxNHMMTzEp4Uhv&cMT(
z8mPL?ebGg9`OI*G$LQgj%S;+&_;Wi@E*&>r>L0(=I?F`1<0G=-dVlxHu71Mc(`u2d
z3U{56U1}|L%<kfG=|-ZFaF*0aVt$&1N}hl-r0^@vd`cA1Un5@l8f_TNE@`sTd=6c=
zTEHv3`o?_hX?eckfy?mlkQa*NxU{-LCH&SOPHaMm`o^f9;JtL9ijb&hau3H58^r)<
zeIi_4rSds`BwTmZo=@juPsesS^{FUJF^C{|v3ercd=7xH`jMJ}{AhQqP3}m6O$mR(
z(q6w(yUoQ;D;L61LF7>%iCz4Tt1r6?AjBRJ8wOrq0W}WdhFwd#J`B1)KGgy&kw;fk
zT%FBo%M>uiFFM?s%KN5W)L5&w(i^~Cu;9d?*O3ljR=y|H4agZHwJC5gYE}Ef>LC$u
zNhi>#Ak7(%1`FJ%ANstTRt4zeFi80MCN*DqhCjX1oLljf)1Y`gJIbbZ7lsd;RXlnf
zCZo|xz9JCv#*fhW5<)KFoEMuwCGjWyKzr2{gjW!qb(_-fw$bxM(B0bVv6D*6M(Rw$
zCZyx6H{%y_kYIFF)RRu+K9I-oPRV4nk%V(2d&an5Vd5R-#oDpca(G}I>d|D``OU8s
zz7P0hNE=t5F1R)>h7ocR2Tg_X7L+V&i!P;aCZ0TR(XPJe0txctsj>8Yl+veBi>%RY
zzW{g#&+FkU9^@|(+U-+P^Ejc8zqVSGEA^q=yt+wr^D>-{zB7>F`NJ6hVOY*uNcm}E
z|F9OOY9wAcDowlWZcNb<+ayXXh6)j4=n#(>|Cf|Bbg=5YUf|$ULd`4S-_^AO@L-wR
z$QQpmB7<7RqB3Uzy@<I399A=8^hmuqK42>N{_j?Fw?C#(_s?VrfwM0E&|-XEmuNz-
zyPRm8KNKL<T3-h^S<quR%Xl_G56qOAF;vl2x2zlsj)AE&<0R2nok^d%Nt<Wj*A)Bf
z2Niq{kk(o5X1I877PkUY43f3i9h4~bO8u^oOyuT@qtsg%L+Kb8|N6hPKk4wyB915T
znJrOrb?sU{#P=>wj>2I{Wvq*Qhki<#xnC4n?Ckk)r9ko2?0h-KarrvVS+JnzO&3wZ
zdH4$8Dav7_fX&aQrSOZMDu47kN=D<9d~G`);M}o(I%#b^50?VVip7WGtI`5;K2r5i
z{C{;aH0Mg*P0Vt|lvD@C`=-g}QxqTJpp4loc9Llcz%5r9On$iU;sQS);vIy;T+dpU
ziTKOLVGjN}{)ai<i*kGzq@-aU8{wekipbbFIQ*$wBC9-}k0tnKiT7wZ!_>Qm!hN!*
zKXP|d)-5+<Qp+V`dueUmb-oEDZst8Ny44z9qXXO6dfeKdETs;dcK(`v9E`yazuUdF
z1cO{J#9*t)@D6^sj#L@!u@(tiy?BXzN$s>uStS&U#1<i!DtPb)|F`BgXp$h$B>so%
zi!V}dF#q{dcT{lQ#Zasup8}1zFuA6&vgG3uA-feP<~PNFm%A-wik68|2Z||CuSIm1
zz43ZkE}-!2l&)6N<4ukRfHh^*6%-(fB}P<OjYbv%*r7MM9umH2Ox@WrpN3|Jc2;#%
zJ7D<zzdhzK9>#D3s6o;SawC^tg?}qPKU|vwDVYO+GI*G-0oX)vNKf({x*m2YW0@Ii
z$9EM?6yNr|c70F@O@2hSuNv^%{00b}@wW~qmGmhAEn-oG(uE8;d2Q_VVo@jY0Eb%g
zx9qE9+wqTXzmEYL4gthQtVbQ|++Wa`;pO~@!8L)GN;|5UCF1ualD(c<w^P5@7r`d4
zC9=}0CG;Sk%MkYATG<L*UO`gO^3V2hs-gJ_5gdI8FKrDHp|q;y!Ia5Ih?Jnf1Z3)J
z+M0aXsc)8SN#oCJy_RQBf87kF_S0x{5)SCmS5u|L@nG|cf5PN-+m2o9sJQ7YwcVa0
zLZcz_hf7&iZrjeneOto<Vp{_iZ{+QdsI42C4oCWKLQ2Ld`YurGLe(YJPW}fL0Wv(r
z1IJwr$mAFe$@ltp5{mO@;^@3!rz+j{<UZ{_OTX9>;l~@v^_=7AQefy>ZwBZ-Xe};$
z@dpm=3%3!9;cqx5g{acGe5T`8?Ck_*X*X{?k~qEcGRR<I2V5#jiczohF{oZF99!Z|
z$|YbAbq#Hpz6%;)Q4buL)IS$qhege!GXFp!;W);uVA5@MqT{=o^mpn<KL<}5XcHaH
z8y1O=yXt2=tEe?78R5&$#>U1fcTnuAD?J15R^UoF+C?ezkaZFK(hW;A*%yL7`y58!
zBJL_Qh|DSQ2y{0O(tdWx#?3#W285fe-f9g>r{qF-^9r|!mm+M;1n;*l3KSsw8;14!
z{^T06je%yS^i$($995|zbej2$X}5$0#x$xS2QI0przc_+xO0oR#o3y-VRUWP;R8Rr
zQtxr+%8Gq0w^0#6c)vJftZA6WhRE>TG_SiG%8^op>Vr5+#CEo}%-*G`|GYMb<Tssx
zQ$3R1=(I)eT~YSabI%>Hc#?ZNPDv9h3S8Z9jK66M<IUv+d_Vs>W7kQB_uX>l{CF{U
z^t0Iy?vsynAxBtmZl&j9;B(;>;W+EOnsA71-4hTJ%DUx$Y_u8DFoFH;70@AAinGNE
zOpvGt$QO(my)1}SZ5bREv+AfaD6-Hp!P2!kTU+~}dZAd!1ZokW9i~{9VS?)!X`LsS
zUd{scntAA_jE&S>n>n}}WtpI^IwkICT5}6yn4^&O2)p%Sh_jKYPf6io;nVN>oU?;~
zYv0#?SV}WSmUD^2!mnuARKc=lIM`9jyLc3=eiW7B$|;k^b(uC<3%i2+U9|4xvBFSu
z-i+5|7Dsa|tW5C$m;9T#AzH-?o#TRUYK4V-h$Ok$UaC(0!?L4BX(I|`loWhcAfK@?
z@#71oD!C;($D~jefo*3(Psl8^<7$<*?o4-yHa}s#`p8i-Y0NPRZ?Uh2CBs)9nL!yY
z$lpc{Rjv#pVKpTprQ34e3547VQ?Ck&dEKjNmJV<|?or*k#ZvIa-iTC|)#7(04(r=k
z9b!8fQ?qreb&;T@C%hc-nA};ck@-crQ5dHI?%<?sKsHEiwT}Cj64t$(<=Ra}9H;P%
z?O&!OQowT>DbS@Bac1)<GlXQ)Zgl^4E9cktX>I}h4&^DpO&kv~1}o|_y&iBZ0HrP<
z*^K~*<iZ7W0e{KxcIz^NZ-C@DUbxKG-Pcg(4ycAQBh4OVj<B-Cxl<o9>G#wre0JXN
z|8qR?sMAb4QQ?TV1ysePNJZPM((spEd}m3!N>;G+JSxXm^-n<c8&{`5n{x}&HLfuJ
zr2L!m^>{6#&txBc|M9d_P0cS+Vb7F*=3vDGHe(aidmV0bI(L;QilG)grWzOftx&LB
z@!QTMDz!RECK3^^q<4EAmDC(YZUz^?mdY2p5o|=hT>EpziDYV~L69yk1N1~Ri8v;D
zHLW<|{Mme$QRqN;7n(!t4njT>fA}ZNcQ++{<Gj-kGjS;EChXy-BFEx_DAMPGJ64(_
zD1L$y3n;c)5a>Dov@bL#gtU>X9cJ!(iL+n0R~zt^YPA)E*N)tm)}(}K2em`HUIBg6
z*Vp5a>#YA1poHka`e2C6du^xN>yr6H3khLhoQHSf^y4!fh1`#RvL8sFaBvPiKrltp
zNAe+gA4}HjN6c09>RDCTQs(YvVrpV)nzX7m>=39{RoZb<QCX!I_-nQ07A$+LTBRBI
zd9GAPtMbpC`ARbr-|dP(L9z3iYfz@!;ZQ(75<X}2ThESKuY)%NhvoOlpFNuxK&5K0
z7{DX4o;QVD(I1KLvfHePZw*ACqc$DiuD=rT-7Ff$Xq>j6@*l30u*hTq`r3cCf5dQ|
z_r>ksZAD?dehqrk)9yG~b)O_~Uio@H!TX5td|T1f_j)xmArCmL+0)%Qpo6tAxFg)>
zxS%7}db*ayZnY>VM#R?_H^ln0@NSXaX1yZ=iSG)fim+hGepW$j3da;7j-un`;ppn=
za(793cDM5x@)Hnjnu>ioEUTK{pVEu&e+2NP`C2xAxR{T=2H}5yORDmpw}{lH^CjZ?
zvfy`rwqNT3D15Z```xssrc0~z7q{!fsZ941iHy4x$jYBO-k&JoT4R<sMEILXpHX`x
z0I_*N98l?i7MZQm%OZ67_Z8e|jrY7&I$}NqXx&*Z>_j6e=P0_SUSIQq+nms^x$R5=
z?JI2~!Y7&Mi>meFUlG*t9NFa7Yt?~;UW_b?>{>B=PA9Q+Dlu+e&(@Mg9)&Rg>M^PO
z{{AzI3hLj5I(M~Ca><-r1up*rAA_7WyhQ#0(q8gu^K>QO1L5nPAl#{Jri8$tk4>`v
z@7A=nUdx5Znh&$4;0#4XvBZ{WOod+Cw%oAZlc^Cn5+!9HXT*55ZZ#_V<o5PhTBb}T
zXL&#_|LOXO#X@$*Vs0P2w#xM?+Tzf2svP$i9m!TYeWzl{GMyA5t>S9MS1m;FusyMp
z3m|yF4%ci8ie-rvW@}Hb4ug=Usl&P7l*&tu2^Kc%Xc|_J+zsY;;~D0?i4_i06G~<>
zOxGbX2{Ym%+1MylO?fB~SR#B0AoyVQF#hO+i(&-21|Mc?48>CU+}U+pHa>n6-Uq}D
z2v9Ps%K(KSKERli%T(ze0G`glyp~w--zhO7;i3$u)H|VMp>!P%hy5Cd;crFa@o#AQ
zN5aGD1{!D8vIF4A%-b1}2{O3^3K*4P%f)H~{HgIblgj`8VAU=)f_W!!Jv##(+wf~g
z5|{spM6<=gyk~dSZZBijbMNF=m90P$t;Y8+r+~E6Otpb2Xty6W4=B}nP6&(qT!jFI
zw0{7teE%<LRP6qOu6u;8%f@~A!c-&IYG=2tj+Ca$Vs)L_WVWZ-%3{`jcMLLFg>Dlm
zx5C)KTu5@9wPt4^wOW-p-hxfxAH%)L(0&^7pQ{v(#n+YA#gY+{_2#QzN|h@};<$2E
zJ}*qh-xgBN=`DiD!As;|#KVQWM7q==YmJT{<j5c_3bO6McIT39IgmvyW|ky@G6f5C
z?%$h8*;-#vt|<dcJoAVO2I$f6#@cM+x8uRJ!0vRi$UTmV)v1Zh!G4D342P83WFE_|
zQGOm3i?L*FnOeDc()GS*#JzA|n*Eo_qcF6ntkBw*QY};}3AlKd+|^1Q9`3zk`(n!`
z8^7fwJueBMxtJ7`BSn_!aUlVut=THAZ@PnkqRFR{`-38)g9J6*m^S*U-<a>`#VjF>
z!xOu|ka><7KXp7^Na?NtwNwV(!~n@N04Ha%`?GG61F%V_J#W{<=rkMSIg`wgahL;S
z1y-Z00QI0qn^uS_0}*d81Fq~Nq_eXxkPe)(JBE>^EUuS*Q9x!3w6SVGzRH`Aoho@3
z1rfOg?~aCeqi!zw;Fs&7Q%L_aJ;oif2b%*GBeda;*G50qeuF~Z`@hHaGqSwP8?vPe
zd7}D>&;g3wyrE`#UQ0W(HA<A4)%sAY9+xt{7iUv2b)t;u+jSHChBT1prx>bM$I&aC
z&&u`CFo$y$V$SD-HGr(x49)93$Mfm)E!upocHqUV#X{k1y%_q}3F0O6wa36lD+I6W
zD)j=AYu@~%XlrcAOK%<N%YogQn~G($!*NkRG{`Y3#6$*9X-gDwr;%2-HohWKs@5(H
zzJL_9WJuK`hq@@`GpLJvxxm*buRA2O{eAb}TtNjCh}ZSe^jV~}*%bKNVK88Q`lahP
zQ|}y~bD;@a>C|6yfacMuYE;u7sHTD)>*<sfIa}!@lUip&u*zu;V=c*uSA5o>j2PM#
z=`R@a6-+z{h{3fJ!=g<CO-BoGJ&xnSw8&o?G<}`6!%}Z~uZ~wtRMkBoI{H~$#@}A^
zM(hEw$EdZ<5^%LR5;mhxB)3JddRxqEUKD>mz@W$0{T0IAQ|5B`1i<`>nSoeW(2FdP
zj>LcWYNYuO=ujO1v^2kD&iH$vgDuhCXtmU%v?PXJ2oI!u!AP9{1WQ^I904qMrqSm=
z<Qw*T<HogY5k*BdMQv@oZ<<WfDj&bWqeG-GO+w|U^Cuc>Saq1L9}3fKC_Mi8YSsMU
z@&pRp@1f^UU%k3~e3@I{Gf4BAHeJS3^E~6Z2)vcjK))sJ0Mhg-b=vvbq23DMt4CP~
zWXYrTq$N6zDtSbj`WY}s^MY>>Iab60;iUvD{>*1UuEXbSv<KJyObFJMs02`Dv~znC
zH?UbMH!Pe;wsw~2xH(x(GiBGNR>8kMq>&h64{+kIMV~WM&M1sZ5%L}n$-G%AmLWZ?
zc6Qf%+~a<LRFrU;cc4Lf&>_G8Tj3~??(Vdx@u^}=uR8ceQ<oWLC`4SQant@HI`RCw
zVB?0<_QB=}-SK2c1$5Cw@{Z`<tR4oa^?m2<DP$@oRk=*Msz&8;gtY?fUc>f?-Dtv~
z+ZjUtdhHC>^!sa8NQO7lAN6xVm3C=_!=@0ALMG2R&5tO>-fgRaQ6wAstNf2(CuV6u
zN&Sf5{kSvsy*5Azn!r{y=d$`4pLP}?lKha0|3qrTU&Yk@V9JBJNDfvilt%rI%vHWs
z`FBRI`UJ`5`S<k|LRAHfg!Ag3y-cYf{2#PgHoQ-7(*;Q5vJDym1(?`EO~<jJ$!UJ9
z)d`}B%j0CVUH{{+aViJ8hvHXHn^mbeA`tdA=KP+K4WQj}^_LWR1}K{dP?k-zx*c9V
z?kP2tzFY>IVq2DNRPSB_-dO-Nz!;<dvt8_ovR#t81(KLkSl3TmIGvlJBkdQpI)l=g
zOjXR}D|G@B%s|GXWTe`qeiHO@dDw|wxwHle&s6UC;fl*+fo~12{#I+8P^Ma_6Lgbf
zt<|jOZu31~x{<Wi;Y2W@S&s(3DMf%?_MWd*X}yk5P&Uc-_kx+)_N~xz+q`nS8=GtA
zXeLY6ysfv6qIL^JO06TmUg;<YF5h3U@ex()rt<o5vLNHaj0R7FFpW2%u!7Yx$=WT~
zQj8*h&lv*3yvtjCRx+Jg+%eHmAi38bpd?*-1V$IQJB>4=DwbwkQ86Ru-i|bCBq+yg
zh<NfvEe-jl)kf<)*7HchwSX4a(Bnn=H%IT2Kc+@bKj@hjYKLLo_e<6bnPqyv1ajsJ
zf%FY@8?8!EETboo1rX3yZ7HnYIreRc$-`0*5D(9HGXp2-)|-49QnW+Uagd9fZ5F?$
z3wrG;pC96nfRg5k3lkG6f#D1wm;AvN@R1OS%<E!XA|RrM&~w(R@(Tqxy7%gWG?LQ~
zklZ9qbeUxm@QzX6Gzb*9n(QT^0|ySJ(ep1JBlaQZL(Y1~u3Y2wRPpC64fE>SZ@^)i
z^=7DM>~QRvA#d&Jr|?na{H1s7r#$JWc7sR+f!SXPC$4LaNACDLhZ0YkDvF)?PMWv&
z^W$W{Sl${0iFo(9Zbfhe%6GmzSORHYTT+wv>x)NLWOij6>^l>XdXNU;qTWAXl8C_j
zDn8*vFylF3Mc^DjL%Y0}IYK1og3D!66OPA`=tU?HX)>DrwGQ`;17YFxSZDhI61G0X
zHZ?(5bd{7(l=;9FBd)ro)np;$=qj&_Ve=80d2d`RT4ipDkl1<WTg2TYqvtNIX4ANp
zKJ@g8Zw2F>JfrJyz2I}J<3ZnP3_Pp-JU)0h?LmL0j#`EK5_V;b)$&Fg+~q$OyZxWc
zj=ZEo6HA0x1-f=Ms(B}KvIU1=x~)b%e_em%W}z*BY-%7R`I$Xi!VtG7(Mr8<U8_0Z
zh0i&rtWy1XNc_et;&93wqRG-Adp!Sh?K=^zw)E*X!*WhxSd_=v*V6Sa+7Az5_XB5P
z43aD2G78YlpltOJr{6$}7g2RxwoMmvURc<Ja?qMPQ5>qU%z3NfA11YOyl*{^2%iFB
z-|f+Y9L!I2%9m7W+JbtTs<zmn)ir2l=M}rb!uUb>g4ia;yTxC_V9YODZ!=l3WMGap
zG`?E$WAcwZR!T^<=OcTHE@8tOkBUyo-;MjR5lbmRX*y8@ADvP*K8k(l!lX5_;2Nhl
z6_U5THL~U#h0}GDZa==wuTKDR)08Wf|HJ!yH_Qp{sk6w{7U|&dj5-q5;;_!Enb;f1
zjd-ahmD{Ojam+nTkih5fli4cCQKyKJNrFJtwpMa$Pmp`l7l_<<rzno4vE_(bmDsI5
zT;uIWE!p1*OPwFnp3IXUi#^KgA?!0PI#(5XhH-@nC`ZNy$!<T}A24_K9)3zn(7@(t
zdfX|>6&~TZWx_0nPyCj4_xKFQ4{dULPcz|dIoM!9ZG<;LJ#Xbb;?Djwo<>T)Zuao<
z@MKr1w8}l(X(wzkZdrTo{3-T%xXlAR;2Qf!o9`8yX2szWZf&Ke;F#WPkDzJfWV7*!
z`e~!XyIpfOX`zs#QZsOpg7}Z005|<M^8MC}riehLx=z>0=7E6sQ1y^%DjLM<Yl&Oz
zSNX$Wr`mzU09Gqd1C7?i>7Go9?QHCk{(;v&Usz+!ds^AYM-gx5IAioO=}Q<4b3s&j
zXlBuDFMpWXR<)mpOJ$U7*7NCf{f>7aKP{sf-qy#v`l%W7gOz;(HM~X}aROM!Y&NO+
zsr=VnlL&U)&$WntDtT^>H;;8*%uqjAv>4|vf<B_mTE$t-4iXWY?zu1^*rwHrln^4j
zSuan)9Aih0jWQNH5N!LZc&_Q-^9;TAQ-bs%v?kmMpd{JHN!3v|yK_N&eq#MGF7_?>
zt(Y-(VU9z*o!A1AAyc%Z@^B;blz7YpN)4Q$>0Afn|Ic4AF|g*M$Y@A4G;?boW-DYU
z8_c`O;*)-JO|WI!9;n>GPN~N|U#tYOCUOYSNKAO^>T0cl9HHsdIRRoSgq{7OTy}Q0
zypOV%Q$te~9{Jl;$<|jvR&_EsswsLj^}K|ZJ<49q$hznnORmC<9%`>qCgGi9!|fM9
zNcg>_%jY<b7Ixe+II8zcqS@r9ylc76EZ}Mj(&vZns+iWuTh3xwl?t7}-KdeGk6V)C
zSKU^I3fP_sAGUk;muoJ5xacyXA|gwEhEFr-BzO@!;^4&8yN5Ur$2p!A2a%K7wD!D!
zegy}Wr*)W&X==d#+aex96<D$q04v2!Xa&_dBJ1^H!YwQhw{rixT{dKG{$;R~46O(6
z{JPv=jc$f~CAv!4M`;mMQPlqZ3zF&7#GN7gV{MQ(%L_^<``+G`f5x0;6+Y$xT2ZT`
z({nNsQct_(GxuzVDq`sf5wk&!?hw(X$yv+J`H0$-oOJb=X-nUOj3e;h#w}jkG*s#3
z&#u-N$z}}OQH9lgdmSD#HjinV_o|vzp@I@(f+0?kr+~h?t~e}#OSBqwq3$M8;i)=@
z`#f#S;bEE4LvuuL1EZ@B-=P{bhVL;63jf+?uu$V(_?CVBrJAIHW7>QUyC)cKC=rfO
zjy64dBEa1)hUk=h2O=n79Bbx}&HbguYOV5&m{-yH6ICYx`V2sFao<L~rY$}Z5Bjhn
zMHc2#KE?r(?c4GW&3+~Zn?-3cES##oKcCmQ2(=|~%}NGqhg5|)K>y00^jaq5$f|G_
zx?5%^FO|CM_0<wB^jeOh)vPBzlNLFY%6X2tR}2RF5rV38oqr!X-;LwSL;ni*L4)9b
zh}@LrJ|NQwieTx`3Chc@wgVP50v_LBcNl}Bs!Z%T)Q2RR54r_^+Sh`k>f3;iNGDwm
z_n4)^HOxy1tc}D`VntEHXEmj|47}dO*voI*Hae1}>qyZN<fZxZwbj?}Ya~rHkPe+;
zk17SI5@f|k)SjenFO%AcruI6m1YQrW5~$1Ij3R+Y8Lgplki};*iHhz?0dqcbs;DKm
zl_ci;dV2ue_ZdhQVhN?H`5Jl?ahEkCDpX<-t*qI<A$aoFZYm-}EjxH-2jRx`M#IdF
z`ahE{8<&yHM6@`5=6yRgzI7>|wb1!h5Q`iwWz#-Wsqvmh)hXBkzG3Pj#j-C>reENk
z`vD`fbXFwv?w+Qa=-cMSXXx)E3~Qa8?|(+aQ@sy-vxW^Op#1P5$p)N71C-qb_3O(B
z7*&~^(yK&c7wy1yOQ*BDe?Kxx%)&#nURxSH4xYzzv9E7%a4(9XcLFc#OV)bK{KW|V
z%f8r|G_7tM)dq&gZHnD<O;H>}NFv$(CDs51p}^~D6=TP?+n6U+xYt-290vJ&$@(xf
zow*9&Ti@1!{XGx+lq}=fXN{^@WI`qX(K&->Uz*uI+D2a&Q@*;0B(%@PhJuMK%?3xv
z+6^B4o!D6d%TdiBo-+?_Z`g;Y5u*Crw)e<k3HnNci^DLLf7OE@e~!qUrfR;XWy&U~
zLNmX;>h7YstjJrW#qcE&>_Uo`8pDO4_|l=&CbtpPYr5h!s^R^t7=ars3fv?)L>o8k
zy|EanF>r4<*X$5zjv5p_N7j$+-K&y_Gx^bvZ1p>__X4smX4lYJpYU^e>xRQi8%?i|
zPmZKQB2-WnRUUvwa;l{KXJJDH4Nw;iLYz`Rv~;~oFZz*od{BYo<k;+mASyy+Bf9tt
zt5v9y_eqqs;i95#h_sV%$aw}-a*57jYZop+zL0=?qH7H%1`Aum?V^67%R0^JpYY}V
zM<;bBc1>zr^6ZO8^f`a}#g_l6LWJ(oCp~TVA*|)~{Ak~Mo0&k@<8^1GR1WnoAF$^3
zQGXJP|GVb$7O1u`UODVAu(>&X>XU!<-+lHvM#g<^ON=HJrUf`U%85bg`JArge%|Fs
zG+V>uQvTXKSL&{s9e?z`Xx*+s2{Z>_e~C_Ht=dF(xw<z+Sc#(L>A6g5j=a;7$a{^W
z?0ONGGy33L_Wbx6WFd%3^#eNI42!9&RQGKIphU8-NKx2=S?tVO<&x>pR0-8$s{0nh
z8Og_o$%eP~>b94g&`8JTAP?55Jd8~(E6fpkif3^FR2KJ%*a7G0S0wyC>Rj3tb+^4}
zDE&l<%0lwQk^wkojhm<F*0=YlS5EtT6Q?|@k3`Q+n<Kfa8=XY1!MR@P{2bI8TNu7Q
z#Mz)$#(i_$|C$4o2(gdgk1+T?#=E+4q+n}K3*rz~1R`ttG)h`aGLKwHqT%&&cM0Nh
zS=oA+J<J~axNZgE>F}rNLo(Osg<&neo6?=f+l5}TPl;c|PKQ%4Ui&80gpv<0)f^_W
z9>X`wLY5g^&GC^bJ#j0aCJMjmDnevJhe!y=Z~Q4Rh#JpJw0m0=hw_+11%=)YIJmDe
zK=6h7&$D6s_8{~f6EmCShIP&4O;d%8Fq2^0YMPD=vJD5q7MXN~x;;*-W>rMRZGR5*
zFv-TlCkq0R74JM^|7jCEzs>sM`7*j*_wsyh_0fyg>UGQ6o?`xGY;o_ST=eqm(w*|w
z6Q#UosG!Z8y=t{Ju>Q|K6vKT8?*7PJZ3R5ENHDvAfTh(8tM3cOzxb`=GdUnyY`{fh
z2wR5|CXcC_p}2VXyZXqPC1~Vxkj|3BvrS6n`W!kv1HO~-%=O!;q$bzgX1kamvv8Vt
z@SwxDanWO-#;((;Re0ol9q|9>LyH$rFN3de#ydT(tBe=DiPnz|`kIVu`}P8|scjS;
z|MWV&>D5)qF?=1~-i!VRb=Cijz7ge}a6*h8ufiANwku-V6XL0ax(_^Qgrk@U_aEkF
zgKK$+9oaPaY_t{b8a%R~oA0P!I<BYt$(Ox6UnCbUO<!$j?VPi)ZgqQ!oEp6mi<VwE
zXsZlFvZ+wyb9FF^OaCvv)CRpnx5?T3hVaniFNg<YcJi*47$pxTJH{2w10gt`E>xUO
z;HIXKs!K+wXtU~0>`LkzFP8{?tcADf&M_vY{c~e(@Mj+K1p^RkIt}1Bd+_FTV*hm<
z{U9;oYpArJ&yB9MDUBb5@L;G+tgx*khUv__+Vh4Rtj}j+M;?EbJj5Q&T=bgaQV!Cn
z%zFOWe!%eVU%%1YO_6wMyPHtC@z{t8OSEde4)vC;Q|qu$gq{`xVkEa&iPbo2vE!K-
z7lYDgT2HuguUDVx1uAQWPr_YDoX>f`<%M|u#nJR|6*th$&<V7tS4Jo=qj)%H<4OgO
zn=q4$UoMyLz}5uAN}n(6MP<R8M4qgdyUK1Ov%JK_BpaD`o6_r6mDM(92{h5CJkm`e
zSyrDH>eVGLl_f+5hPe*}RYdAa5dg7DYL$*o2T?Isr{%=du0b@!$?j`sUJ@Q*e18+{
z2aO{?&>YTLZ8(E*L7k)V*sgbqsCj)ZYbO5z0%1E;Q{Pf;#<xUW-c4z*v_W0Kkt1y#
z9)W{HFH7M0am$OCJ%XnL`P@BD+0#JENtr)M+ueBJVcqr>KS2N+>uAs~1{YY5@5GU2
zMG0Dgn7$;U+4pwqn0B8^J7|fk&k|mYb5g(qXuj`YOplGiO@hmD&c03~OZ}}e(!e>>
zas1zTItAxqlo}_)f%n8|W?vvzZY|qR{eDRpSmm2)Wf>74AUPm;*MLx}oT~%#(=CQW
z<F|{iqG0023REVZ>9gtpqSOG%YYpuhiWiG?0ytm(m$Gizpb7E_F`=C*eL5kM7N5dG
zb$QvsaF8*|>2TmouR$5*A#S4MwdQ>_!luq2TQ^RtYmiQFZKW;^QKC>A4VEl&P(^03
zrTYAw<xVeiu=7sO!AA8Qx+CI9i(7?<I?Q>cHYXo`qg!sJfreUD0`OI937?CCdR66S
z*=Uar8!ilR`dWW&T-h!jhP3=P)@fJer#0NNcV~NMSm=K`y&i1rynfvK$DFk?uP8-B
z1J{QN(QL3xN@%p?!TfJL!+=7DLg;%EO2*3QGK5L>?Zyjs8kMwW5z0!au?wm6y)bOi
z))3%h7u*KTz8|kUsHPmamGQvcfrZ_PU45*1Xos6Hv_13tii|~6EJwwKAzdyta(n8C
zQs0*>Bnw#F1O(Y{LY6cBPGk7#l)>)RG)u<4VWMnSveZxUvn}d#ei~`%YXUz%N!EI2
z3+`+c90n2;IXJLa&YtEi6Ul~)SA;hD7uaY(hHZbMPkS6BKHD|EE3*f`T4@iP7u>WH
z0NZ82r51E5$D4g){IAaOZ27d3hfbbdU&g+m!K1^Up7_&KXeZP_H?<!zP6}N4)xDt^
z{&8Cot(v#Du5V^h_KSqYh=9$l>E;<;qhKq9(QBE(?ISng*Tu=6;fi&M$jeatALv)F
zb~voxQG*2mV}Yi^E%<Nv%7!BoCibc}fpMc3l4ak&ba3zMMj%1`IpE0L7B7@TnHD=p
z;L(Ef<6PD?mU^nN+$!44+ZG<e)P8(<Hhp2pf!*~1`^6OYf{;CS^Qq5>fY%U*0B1|(
zDFp-t|0?D)wZ|Yz-)>qCmnHDXn<mD5Lxary2w{uH#yWcttgO1d;<=q|&9dYA90_+j
zlIVaXYT8{;3epe(o>8Oy5^VFovjYygM>VcGSU|q7i}tw3zuC5hXA%M7_{WET;u+;+
z9b{%shMtN?317LtVo7~Q&|D=AEGP6%Eh-vAvN617F<QZ}wwL&%iUd_eN5NevGje;9
z>?u1+yiQVbx4b8C({~r3ktJ{`Bx<|J^zzcy(Q_l9yZ$c9IS3Uc2>US!C5-uev_(eG
zyyXkXFZcue`G{N_e;n>J-qYiyaoZllg`qD)5&v6TC*G_mG=BKo|GVpqKcx8OSw8TQ
zZavTuJNcOOIuV=p?&8u6A|-N7BYmkzkM9!LaEUZP)e>9yY5yzzeqDS>aH=U*t7PA8
zNtwk*glpqQ{nIRQ<&`?wW`&fpY_5v{k%wl-<|)6-%>kn~)WZ`FKCiOm-FnuQ<`d~^
zrtx1i97|tk;Z^Y}#~8va*q}?7VYKbA6Rk-Gkt?gr$YTC=Ddi}VXlTGdCAy}_{<plf
z5rWhoXr)5oNn-e8`Jw1JqsZ}jQCLY;>>Gw%eD;%wq-#k6TPcW|aaUyttPK>^pnE<T
z&_wU!&KK-pg&SbA45*$*br(+P<#yKZ-vyh7e56A}+>^kVK-Q;KV+`6^VxLFU>Re%h
z?h`o@ibb`16i9=O^1k9ew)M8`)lI>9T}=ibR*|5H0^5#_iuiwSqXC@@V+JHfLO+ge
zS&g%QxUO{PSM^e^QS~}vze}B7r1Td=_lFl`{&KNj9`P9zjHG56?oSNJF31cb>~H&E
z&~R73B)~Qbsi1u)<kV8*k-fQ0b$GPgY4Cs=TN!ybU*nDutn_q!zg+Y3Vnu1(%J#G>
zMTB|sF5j>kxfS>wcG=pNXvg>}m>rEgai)zQJQA~Fc)jGYQI@t`cyFis^GK{j4i)Ze
zHi!p080LS`Xc*-^p=-oXdl!A<9;VHMh)@1sF#oFW?Qwiy#=9|YoN2TsUTU^Upb^bs
zUyWAH8$&_RYohB#l0f}}V~z|9iuX?UEg`saGhbtzCu)Pq&8MqjZ6elc{x%yRpZT|M
zc>D8V6!*vUqQMcA5$w3y1J$IlpIaY>)5|lt>DE1%6oA(m*;vndZoPUzLPdSlLMZBw
zmG<t2da@o&KVS%t?RpLy^1)7`Q3GzY+VeiUoa3J0CLmo2ZUTXaK{~6I{RvIaj>?1)
zO3;dLPFN~llK#JXqeP6Dv$-};ly&*R^^S5&EK8pfrhj*1C4C49I^xL*+~SC5z1)%j
zVAy3<%2e{;F=<kMpwY}?{Kv+I>EDlrHrXsm<IPtUIUda`+{0rAIJ81*aJq(DwVu<P
zb$2Z0FLI6#k5B*n)T}WF@Q?$6v#kD~qQU=cblT5{yfXy6RoIJc3Tqg0(bsR!pR*j9
z@X^YR2Hgq)&2pi947!zsb<lVY?tdSlf^J4$tqoMI(irnR_);q0@t%9nCp+5eo;q}2
zKNVAYHfz~ss=LSLHLC5Twfk_oj0ENFOR1D&`wUtn0h)aYt`_k>hEF!YoiFv7oyP!I
zU}6TjDItK`oZvsX^r8VOm6`lbp_aF{p|KB^!S(K4#fqGoeymQB6G7&~-w&YwJGaeA
zt22^T%C#F5`L$KMl2^Vi(@QkI6u+k}5!GBIBCoOw732o;blDFT)GDQlVTl#n$V?Gd
zT<HBiKf9k?>+QCFrzezr{7+=5CjIK;#XOZwqoDbnIiq@`=G&HbVvYZ!-yJr*lyv(8
zVlhc!XqnP~v;Du=P}1ajHw(-sax^dq`qc)@OCVL(T>iDfWoO|w?Q*#$KQ|R<MG&yn
zp@Q9R84Ha%Jy4pV7NOb*8NJ6EEJ}@59M)j%!}zSu>c2;YAOBNZ%Rj-95izDfeX%ev
z#05iPRnGrWMaDDTS*gBGEBl5;)(Q+ymGeyKA|o@$u}6!({%<?_;H-++%G9O?WYS#V
z|1?-UKJ$jJ>~{o$@Z|DKZ98pxW25YwJ=>0gYHc}d-$l^Iy)DRjBZt9vO#o$rQ4pqP
z1&odAIYl<hL9H&Q35k`!5k?LTh2vwVW8|@muJ8Qrqc^ju@oE`O)E%9bXNg|tS2=>g
z7OVf;gg}vZNA<4{mL;QTwS9|o<|gq)PEScv)z*3^hl-sf(MUjws01p5$U;6SDJqVt
z(*8(J<vfbQ`Ib-t;vr8~76-CrNrLws{iLPl*!tZ|LTQL%LvD8IgNk-M>X*}t{vEC(
zyJNG>5-c2=Z_S{$21uZgPiF-EkRAw=MkN%#Z23i<Kj(qsq#3OuUB>qDm8vsgri>&S
z4v5Dg(VzO8EZ3PZlxqE1Or@nt{D7zNlL&k(Y*|U(F+;2}4b#jjuoJa|VD(h#Uo0YD
zLZieG#)sEL(>SatMxzyr{(GcH(?K_0N{@>um;5rm=d_?(G=QKntgE-*ZyTU~YW3_O
zUySh+!3eqDb$R{g0Po1d{`T5!-oOuN$^QS^wGe7G^s?&uZ@P`fbKf%I`G__Nk@}<P
z-`;7i1UYEdSUA`JiP7>d&=;3j@;k#Szzk?IGn_HW6lSebl&!Su(WKn?7ms%@%t@6D
z;Y`)zNQfUB<~(6IHK^Dzt#P(R25)UJFV(DjcR;}FmG0-SHYU0XGfTR3i|#+{m%j=e
zEf)$C^a5Fg-!(5(=|$Nwh^4Xre7jmO4h@1)qnw*TB2QiT_O@L}K7!l-hQiC+z*;!B
zhvcDyL`FgsU>uzMpX(hF>`YU@9eg77#RJs;J(G<B-UT}W>gKMmVHZrX2yExjII7lC
zxlA*~#tjw@^Rjd$)?)x)bd>FAKXHgfV<24~wS%H6{Z&?+9xDqzbIPg6$v42!!{M|^
zFX~etCPuMt9*iSoKI3q{f-;vTk)fzYz*A42U50_|J;0yL)p<Pr4j?_SWJVI7MY5t^
z6oG)+Y~pXmVL6}9?RYG1t=Uuvc07`&TXIY^yH1^}x9FElWpSpL$zYH8LP!0C^pD$-
zcaEp*mjU#}1$dgi^{P-dgImG>H)4rR1~*CVj~z+PMu%@Q8Qck8FRr{}nS3<qD!rkC
zC4z!5sw=UeS+2^MM593%+YN`ZpJ`|iMpj(ax41w|14nC;s}mE#F8c}XsKH>Sd^uWA
zs#*bipJN-zW*U%}SPGy9v{<{|FLO>@%~=MTh2akdhBP9Q@@XMm6R^4nyok#Sv5%$;
z{3NU}u&GYDy;5(ynurhejhwf>DAsvIT4{vW&6Eyyioj(vPvUQ_jr_%W-=yc7_s2N1
zWAiG$&kgEUmS9<Ffj(pBMZ+WBOp8ph?aOa7X9zd}=Clr(&1#XVU^?-FXl_r>Lnw|?
zPF8|nQar>7gBmvp!MDTnae7J&ncM?KvVX&W@~A2*7r4@n3DYh?0a_CO{fW;fFU~gB
z=Q|_IN*R05yivRd1^dkiw@xj+WxXqRie~)>s{c$!Fnqt0Mt8y~4Z23KN8W{Uos2JS
z3`SeyS!h&HXJjtKa?h50eZKi!vFrloRA`XIG(Rk5WBoBq<okku8fdn6w1eQ{3kt(T
z(TYR-*?P((n7=!oA~RDc`;AzP5l8jdX4OqTqs5Wj;4=|v2)BQ;>Gyie%lgZX*3+*o
zUiYr}bkFt@)m=Z}6YAZ%L)*2o)|hqhqnn#)rerU_4h5JkY?<Q$w-e<g(rHPWmo1WT
zI)YDGJs+esTdZ)rD>O;ZIoZn%fZ<M#FwYD1bc)3wZ7^`{PZ7tOi+^I3dZvkWh$QY5
zaG3$BFT1w$>b0*eCtq|j8OnSdNI4FTc(Pc*ko)!Na|r-}AUR*CEnv;0n+KpZ(My;#
z_kRM*dMC)mT>$P}35QnO5r-MoIg80?_8=i}e+lhZf*NJ&ZsbF+0UT4wL*VihQfq1A
z(y0Ozs4PKBn{@J(=<0kPT`-QeU2Yns<`?EgM~^afs(7=(ynLqrL`4i3C?3Z)57%fN
zU2;4zw`Z@%`nE6ia&a&L4NGxql{tGR6Gb#UjRga9rIX>&B6yA$>jb-7WeNl$rO(XM
z=3!FA-p|IobQ-ms8OO6F_8b=db;cWvztec{Ilu+CmC&E7fy^OWTB`Y$p08w8)|z}G
zmfU-K@w{`gi|<hh;BHBTIBCkG$@Po>TsY@l8`a;R%mHTnh??zgn4U~-ta44yfv@UK
z<aB?4TfTU$o3J1(W+>~$;Ch=?O<Xn$jIm4>O7jleT)?47$Z5je-Ou~6W`GL{4*-Pg
zx5i<|la)aF7PDqvOQ3@<^7A4ngUN6p|0?|i0G>Huc#D^+HFfZAA@i}udcE?sS5^P9
zx%&%Cbit4E&zSXTGwhenN4hF#l7Gm#D^M!T@2z2!D2O<M{ewTX5<?AEZnfd0YS#BM
znyde(>HMAaAG-B=E@HuN+ec{Zt2+z|useIPSl%vO?nL5Qy_w1Q?alrusFit4d(5)F
zD47lH<@LJyuY(~P$#hFzwcYL7n6y^2!D2`P-O`n`R^;>E$P2zG__d$=@WINgOtApB
zAsA<;+Wi6CFo4n&KKPABt^ACI?93O4VQcAya%qyEcPB7QUfhwS)6D#nIn2SV2A&sK
zbZEMpsvoQ?wW<i`Ds|KbV(+rU%}?)nk5JuXF}4q9OK7%gfh1w19b9eDu0E+&d9|D&
z(GE||fp<U*2Ch5K4e6B0O<^$&8UAql3Is0cE}0-e4kF9r;v2K^ha-)3mrEJ1#pz`x
z6dp<>J`*Y}oaLdL7l!t$ADTv5Ax;#|TpX@~wN)Lvnig}lm@->9NTi}Gv1xw71wKZv
z0D=@fG6q|~3!m@hF0bC#8T|iLb(T?a1Y5KQLVyH^;O@cQHNhPM1PJaB+?@%*-CY9&
z2@Zo>a0@c{;O_3u>*U`1)_eSzU#yv4-Bs09=j{D$g?<gd9|b@v;r5qWVieMv0G*H=
z7xZ&p*60$mcMXTuy7_QyBqI8UJmS7?l*M&3<5$h&U`I=wyr_}!^gVM+BQEZ;zpo=P
zBMhx-Q%u{fk_jzu)CeA8_l<h-l&YsajUrs;#j3dHca)Z<C;Q8B=^B*`xJQ^D!BJoh
zf0fpx#jl%II|}bwTu;_)KW-Np@=Wri^SYy9udOUu&X?#RK3kY$BVZZ(6HFFCfNfcR
zJe(scAs3btTKrc%S_vZQ=i|lvA`MLUC)chqu&HA^Ud$4t<z{zFQTqmKE`Vn&lRazu
z&vSRw^&`Ib@nRbt_ojA|s$J*zJ1(;c30b)YebxJL$_fHdqE>I;6!7Zu+#iOA^r;{I
z^`CS!m*qbkx6E4m7zveN*(%_P9+YwR#y<hNukjFoXPN8D_Di384$E(-q(~*9Pm!7+
z`3NB9({5R9%7OD$m~|JgW>?7Hz7>zuix;+k7HZzOUg#mzZA|}}1IU(uNE_U{`&&Q{
zI??g+RO1r9XU#zrp6Spf>+%~GQBKFM^(+`mFiN*5+QKPh*f{&P4r*S7Lj}Q&=i@k{
zsiLc&$?zR`{V|$Aac)tnC|W1;^4Gs7;f7(^Y{aejrRBpw6-^H*L<+O32(=_Rm-^mp
zWilU|J4%tHBh8(pVRSzpy*m4&0s1DJciqYH6VyRf_WquEajf!7-KS`x(!pfgQWKGw
z2frPwr5WyZc9G=G&PIe%w#B#lEY0+8nRsPgdrDLd&72hTbpT`}WtPXtcl(sKab_aY
zb*<&<XiTt8GoF(76h+bIIMVeT{~#TmR08xTbM(c0?kf;(D^$01tQU0AmBRWW&$N1V
zz`MFJ@+*AN9vcKGV&L>YWq7r<!i5j2?T5JmF5}%_r4>n6g_C#k<ID|<i8#e-H1if{
zf@(9S-GJ<%v=TSnly%#cu+-B8L94#n{2|REN47**kPxC&qT0)JIU)a&Oql6&{^pH!
zd}L(GyZES~6^{+(b6z<4>w!3QQ-vC4j9rxw^bQFofKdTR?Y8p+6=zE+RX$->;aUk|
za0Jk+>6Dd5yMKtN+jK^1*p#Lvjn!UaPk8&1bw+4gZJFUKxbA8l`QIZWEmES+Gad8N
zkhIg8N6+=n=a@H$qKV%*7eq*bd9L{DobZVIxnjf4Zy`r#X<N?-$$d=k-lG7sz-fj|
zq`K^LTXR_o0zt@w=i^*sR?iamJapcN2|LerAw$mB>v~`DRt095yRd95LvX>I&PR6_
zVuA-p(C>YcQP~GS3Rl@D{p*O|A$Gvz*CX{Zl-O&v%H+PH<tpLnSN$o$>Wbe}5-%fP
zl2=%~@gx1T1kof0;P&F!A63JAespG!YTQarWd8knDM3Ay#|^LF<wT=Ya{^F7j-qRL
zO**I|&c>t0KdmFPPT)RIICs9@Q9b(NYB^<{|7ku-H_YvWJJ-{tdZ-&^TD(L}b<6F_
ziyu2kShr8DzcSHveQ;dn`t0{eNc06j5#PR&McoCm%cqtG^c<!PY>*lQD0IRMGevLD
z5kEb{{Mmk^e-zBe0{HHY^LZ_k<8=Sr`uq26E80M2N;c56_BH<XzD|)gS<{u1<~UF&
z53#NBYnomml=4J;H}-WZQ`^>(T|Zb_O0%q$T*%IkBJ^z18UTs*m^1dS?^nOZ?ZH6n
zcX|@({ZjViE{{_`e#~!ZUwzK9lV8&pg_=F{=^cE{`!JrF<db=KcPq}qkQOpr>Uhw2
zA)v8I@n-j)A>%T+SI>|DOvpb;+uY(#;g=te#>Thp$#-Kr39qJwIDa?i{T|#OovE9`
zvelZZa(3$QYZ(RyV^Y}__C`!D)Ugr_lwceovo?ygTee*s3$|{%`f#|$S*cQcGb<B>
z94xi)lDO>}1?G2<dR{^X9_<Q%Gf33oEq0uxrgx%(EG4w~01zNEswDvlt5$@<_s9+R
zanHp(l5d?hb3Z(c1Iq6~yDcE1!;_LdN)z5GS}az#AMXS`FLoRK*E)@2B<smg9}-^#
z(%>~m#_bXL{2WR-uuT-UoXY>Vmf&J&^+>ch9TM9b4Q%&MGEL3b>}!=piG%!jb->k9
zL>WJpgrE&F;!|I$h0PADPZH||>rz~2kU$StDXp_n9ZK^_Cllp@b(Ti=&yXAt<-`2k
zWgdB~q%63)g7{#Vearh2F9&PcRu#>ZxWI?N8BgoHymTly4fYkHECv~=Uj`qA;aR=Y
znsp(c#@gPY?K~K*l#xxy`kGk#SR*%=O66<V^<EKrerLc<($cA2$J6KZgl(23G^x1d
z@1Z<1TA9w*&_JqIQhfgS7nppqW|=MGv`AAbbT_IF(_4o$xwB0*<u`G%1;}S|;DjFu
z+Fuv~IhoWZWZeF0Xnc-%_@CF-<yn;W_)#0^3A{X%$b42mKtG({A5{K?wq{FbQ35py
zLqz39siyA}H0V25&b6$#-z2@Uv5(AwH$d(*-@gg~htzK^@Ex%&X$U?Xs>V8}1c9$t
zq$SnNH6+=_WZxtISJGY#ck4l8t<=J2B<-lT`PgS3WG*}O6N(w!`L3-kw+$;kR=pb)
ziXQpZ$JJ4Nez(UNzn_KDum&1GW`^cb&kMSr(Af4hL6AMPttn?4Wlf;eEN?UXT22OA
zYG;$nJb2ebwK5T2tw#yh=jj&mO|Lm!uh=^z4iz|(fzJ8Mb?X>P6!@yuv5rilN##OF
z`~p!7kJ}HF(gnC1OAYV?6}nyn_F->yW9wz|Y?g;tZ7-dORye8{gY`pbBD>`K3k_sC
z6w;Hs?D@7Xo37Gy^Cj7(S;Nj?HHyp%1z9Snhf1`N6B3E*6vq8#Ld-7U%MJB$>x#3>
z=(18>Q&Zwkx?VVe@dD({yX6hbp;!<;NpcG$En{MhT$;(M&szLMcr>hzuvkZO1Rre?
z>~FaP*fm+(?-?O(>}nnV7F_5D7~CT{V@RK=<1xtB{1At{%_-8xJB}Tl2^i5MSpuZV
z)kd>jOYS$qrWci4Am*QE8+~3USd7+{u5&dlIyTL&9?dR=@Duyd&A2oW0K|#T{wSG5
zgo8MIgO}q=Ec5G+_g7aFMo>U-6x<n7nO?0FO7L3LDo5{|3{!McF1Cuy@022BPdH>6
z=FwjmWo8Of1oC_Vb=qVYT{iV39;wf%-~Cofj;&6u7jvj(j@N$46i+4d)4|G1-ri(U
zk*?b>YNEG-F1uoM*$$K=#*Ax##yl2`0@SM42H&&ebXl2=0?dRHq{{V0J)y;MAfqn0
z*=;Fp?6^Gw;PhZ9MWX<!o(1^Pk-1t6<>tq8(5XIL2Lx~}9n+Q=V7}*pXIfL#^<Qna
zmT%ABl*FUcia_#ducqcpA`V=Lbx&S%1}9lcQ~YxL&nX2BHcenuEwDFlBvQb}7dJkN
zvd84(46-&rMip}Px!>O%8CN)Zj44LSx9`6{Z1!>EaoZq$*tn5mTE}a#x>>HPEQs9U
zo(ENL%`_{#DHtJhWtIa{&;sq3nuEq#pE-ZsiV;WGXI|=Drq((p6iyYZV)s>5Xmu<_
zrsD8-^JA62cW@dW4(^b^IvQqa$!zGWR6-YW0DUn)LqMC07!`OR_8iag*?*H=bLPs!
z7Cxnl0jWQzCG*?F)NUm!p?;T!HYhcNfJ!*A!rIFA({)}BEN*B)k@|KG%t1cON7q6f
zXCr1fYhmEoYX*J~Qk5&7<M}BE&fvC{a$j*a2-7W!ih;4nbSwlv0D^DXI}>p^v66AL
zsBbju!SCp-!wD>D;x9H#xH4JUbIMGHX&@rEtFKDF9Hu5ZM0_sSR|K^E8w7@vU9yCu
z>~Mp}*oDlaX`CsdtBA9a+l}F0bP<ra>=siQG}-&#1=ZSb(Kkfg?iN;AcNOGgCG?u2
z^^<q5rwnwypA1~-#u-W}0?a7qD|d^(y$pE`%vegDcUXklZNwH*xmZTWQnY{giEhhb
zlPS(cGW10|zb%ZlfoTnXNV@X*qvpsrn}^C{E9(-e-ESU6HFLREA3byGYd<zRm0A=X
zV7Vf&g`Pp|?ph9&Ijnb9{yNjzRL1`N_0NvuIZvMC@XXXtYu-10+}jbqg9jx)kVnK@
zx^E~JRhzm2R_@EI6oWZh-1~6FjV~NZ<zE_-^Cxmo<@=^c-9NwM!)czNcuf;;X`;Ci
zO(Hm1rVXlkeORCPEK|)tce<7`gysjFScH5Z9UbI87B2;%;Yxrj+xHoMb&>3oxGxjj
zZpf-TGy?|ST(T`gUgyMwKlBi#U?p>_5)38A04zDeL8&aj_eXGN>~Rh4{&X)WPP$MC
zfcB#RB28d%0a{B8;Ek#+1CeC;)>G8Ua&EFYZU&$a-aEbvs}t*HZGRu~(^|Fn`!{y$
zo^Uj@szbwxFO?&aAFch-rg6PiwFb61F`p}=8pQcgc5QfMpc`%J-1b`*3?EmDHD7ww
z2(4+DDMUf+PmjZ_m*e8E?Q7E1<7mwz#Tag^I==^9ZYZ1lL?3G;A4ye%4@Th+-k+`{
z)26)-zwy{u?2Wj1wI_W(!Gf<5-$Vww&GviZUKR*VaKB!7fwAvqE;Tut=e~S?SvH9%
z?eOND*mqtck1?~W&}npl^}X$USay`Rn?DmOtpQ*@cIugA8P}tmCL(m_1OrVj5xB;)
zXL3$L?}qB098&Qg)>a>W+XeIZPJba}?-i9^unq9l4E4L{%H{DCR1JyF+H5=JR3>?e
zD2kPC(sSR4>bxzpDYNb~x2#}%3zx>6C%k5{jFYMC<V3>r&3d*yK*IOtNb`;8BOvmQ
zQs_HsflRCZ`1tx6LnCNLx~$)>Gx!&a&;yp;c|jQ1!CxEkc>SFQt0u_tPM#W4q1J$=
z2U=2`0vL(+PdD^7t}XIz=8Ev2Qdso%!iOspEBydVBW>ktU*R~*ne|#(Fee4nQbwC{
zUc1FnTix`H1;=njlI-V0u51KO;~wTgiEt)n?7S!fy0+U^iAJ*9*Doiajz6sN9auA}
zVQwESxqeVnV34nxza{^*gI0j0IZH8~EZdLNNV1sLYEEu}K(OGs+N`&1+cb~Dj00z}
zz-K$}(tLE?VhK>9c;qViKayuXTn@8hduUHw@&8K0Rl|pm$F$uIs=Lca5AePxcI;7|
zs#1MS*JvOO3w7&Qa!=W?rD%y(F7vO$oJ?8+DpykWL48AW3&rd?0VoZbD|<=MX1##f
znl8ocOCsNgBi?m)&?k!d&wfDq<7F=p;Q=nxX|mBfs@T{X%Ezn6wY?2s>5Jj#NOiNg
ziJr>y;!Ypkv5Y~o4K`mvHj0mKZ+n~23+sJE6)b8KD&)5q<7jI)Q9$5&0+nar$T@j9
zQTr~1oFbMS=nMwJ7bO4I==KGpJfXTfkv0<FV-ESpi8bqu@0>&`4nz1j^kRx8O@0Z9
zF#X9840%r7V=X=ULro}HWpZ?Vv*Jh6pe9(DaI@PKkr+cVcwtg2`u10f>HF;*ELpI>
zEU*@&*{qPy(E5~kulhf%ld2DFZPop>u4wvP<^<rD*ef;sNFkEPZz<<Xlt{)BP4oTD
ztoA+PR>o1@R#6KOK<aBb<4ahT^0Ee}9DQ7cc5`3y|N5$aeJ-aZSzoa4P$cs?72Tum
zww*5702DmB>ljFJHYEm3Ec?SP2A~|n1^*Pq+Pg&$B8w}k%;A!a<lk$>!yu8DymAJ6
zeD$#O3zjBNPtU0$WqVRX&3G`ofuAJc^@yP>%3dUo-4*e_1+UVV9L*m|v>Z-EjN^6t
z-mdj?o&S(_QsZZ)F@a~xfWKioY<55Sa3tvR&iK6JX8EU&1%W0|-@O$k5?)%|*B)-s
z36Ka`s_rLYo!JXQo}+yFQ7v<0>eN7FpND*NZ(TV7Ah>#fC|*4Q^WEz87tcpNAb+~d
z$8<4=c@bDTe`vIt8cmhH#JSw`W7%ffKmM$xXN{gK9}yJfwVBc?%*&7Qf4H-l5q2vp
z%^P^!dcIFcb|O2l4a8+E$vm~n@yI8;ep8G29f@ha(-|CqYu~V5pVQza;Cd{_tW$^E
zR(iX*BWgZMj-j$R+-D;Z_!_?kNOdo?Z@=dlP1TwR<=JnZ&Gp^V^VbH~T8zY3lexho
zItIVewi`^gXq<j*{gWyZm6L&E3}3EU39Hk(aB*QEIYGx!sgv2E@_1|2L+0Vthr-AB
znaSb_#HJ5=(@;9bDFBr1!$}uQD?138KRa&9|J09VRMIpK;}PqGd73|{pmTvS0o})u
zdfieShd!Fr#QH6v@~Qv_$z7dg!k0lh(wNNoPw!yxB*1D=lyWv|B3lOej2}3?!c1kO
zz~Rzp`2GH4noY3zL7<g6U8X~PrbbNT-eSqJ)372BwB>qgWL$`8O6@zwDjrYAPjMWM
z9s<@A7<zO1p3a~RGhedOE)1q!1!`-TJZ;332>jj72b&98k!8kywSM-a+ds9VuKQcw
zH_P7SdTx8Y9JyWdLkY_K0c^3FDT44!5GA)9H2zIPfs@7B-mmpeTMPonw+T*~ADHP&
zkqm!b$L7bZaTnuQiJa_wx0(-f-K|vGd6E|M=rEDLq^_6g_CL-3O@v^=dtBL0ypc6D
z=~k3w3E0vSwwPX?XNO50Po_#ZQ5UW42OqjF#(J|TY{IUwo;_|x1z&KQPSIz)$-L$;
zCq#TOZfA#Cr7rW=bc4`&zqEWWEL(VwpIaH@x>h!K+0D~+d9<4paPmqE>=^Bqx6!5|
ze$!_7gf-T9V~SkX5>TIkMi6@_+o4z>ngU;BL{(mZX*>0X4E+?+>)N4oo0i;@EV!zD
zu$-R~YpzLq*#9YTu%nliYPUOMpmRU#kK&VWjaIi_+V}mfA>5D-32a-KiFD3LzF-&_
zhS|RWO1$3&&Lgfh2%86$9qU&z$^&HY5$<MJ9H_W$#zT48?j@O)Q=MWNH8CJ8yB?KY
z@iyRECX$n+(uZ^<{-6Gq7EZ02`1ybNPu2aTtkzZeZaA|WZC#;OjXjhY<SXW@ILc)K
zbur32KGp0*Qv`TFk=6R;fm)ZZea8`Qb!r#rpxk|&cf}9U{<o1ykuM^8UcK#wNB&P*
zu<P(=eS_vek-JL(Y$kGNMJ66C@LgGOcW6@UU{DOlS`vsup=>)dcgS6Cdl+?@iVKl%
z0*s{CzPGB6%ZvcY=I1N)Ib~CkyG_pL-RHL3rB<K?Ltja+EB6ZVc<`aa1!H&sWmy5`
zD4h?25u4@qRo?p$k|S{5r&>H)V+L{*?3-LTX{EczdU}TtA|aqgF+bovChR^jy3`z=
zeqi4i))!4OrWWM;XZ(1&m0<d}|Eq$fX-~pKfa8oE0x&olI#3H+dCJWON&7wl6f(0W
z<+rUVK*+%lVS)xA23vKh*%kV+IX>m_X_T&__2bJ82oX{tBo24Htz(zK=*LmAA@Xpj
z`1Ek1gz9mq*(7K7rI!pZnMF@32lV_}an+*V)#ypm^<;?y`GAbgfwdZlk1Cs2CCdM)
z(+BA%X1t*mqFIVJi7Wx-aA;4}1FY0*f=6EH?}MLsIXB_=3w{r(q?P=A%}~(O0S)W2
zS6PLr1X0baCf_WN1nx#&eKN^mXtU1Lab+*ErOs>peAM8hTALW+maPz3wu$4lk#Rze
zlAeqo<@pPs8(#4Mo5mINehQRz=r31NoqC-xGh9!Mm^OaHrECt*_{fY!FD=p0gubQ;
z2WYlH^vFfu(`5iNL%H<>TGnm119BQ^Ok|bNSgOeMr2loD-Q?#&f6W~zent0rP*bZ9
zjM`Sd?%g>Kd?}Botr<fzW3AT}LmCdol`5Rm>*?X?B<l{E`Q6HP{0p3<gPFDz6ja0O
zklK)ton~V@Pk=R8R9eyerLe^B9!mEpeNU(ddQzOqEK)I=KhpF0d`(;bc5?zp0$lyD
z%x{r1!Wxit`FkMFxT)%D7-6u_@pTFc8OzR$@ZFT!Yqz1^I)eGt&WG{U&H&rV$!0$w
zCi@&KYAA76_bA>i+D&~){*x}LyCqP|rzP^&^BL^*-{B&<>T$kbeT6=R6${L<WCyMQ
z0m)n~Or+So;&lAddc`%zS1q^xNd#PuSRL$JKdm_D7*jU-yDePtMPI53@<u*K=~hCN
z%;_bsLJV9eNIX`bC*pSuJi_#Suei?^a$sLw=hlu21<X40)T=JzkfFEVZR<2YMYpu^
z9qdgsaq9V;1)ak#^)<~7suhl#r95><2%LU<@=TaSrg>a>X%|;M-;OeJ2h2pfk(0_v
zma#1<2G0$^bgArkrqwyPHnNs&6T1e=zT>aZqYIcb8pdf-bl)|o5+9$Xq>6xM+x&fa
zV(HO%KzY``B#2y>K^+}o=@vQO+2cwLOZFWXEFctU$k!RJ0~?Clt_api#>&X^@II7a
zP9@Q(6SGGFLyY4$*nUag1l*;tWD3!O$67OF#46%<Tp}|r&yTOUJaRsKn)!f8MyvT)
zpw{2o%Hsk{7SnVwy43nuVR5lNatRbAu;%TvN;`^=+n5=3G!+=hoGw+W?^#x(vPC>z
zKtZ3EI$lUyU%9zM0``WHJ>K%0LtIv^_Ny$ry`nuD)49L0fB4$Hw_x?Q5)Z-X>uBIx
zPPw&0r6)b6RV)X;Pc-vO-j|o=9lqyh(yh+V0B;-OfybOlcLcvC>1_kDd2mU5E6S@q
z(Z*V!<QmJGhP)k<9EfIvA7b{(Lw~kRo0(5q{sg~z`quP4d4RUEhj||HjB@^nj6sKy
zu&s>ajprikA?i1)?W+4qofa0mufFP@p}=c6?0lP{T>{INtKE9m&IP)qsbY3a44hi&
zCwq6!Fkd$;yCK`3SFvc`dThOu08?1bT6J^_%B~Od>GH_%TpFfab)yM0{mgG8H_(+J
zGDF|S^KCX2Bp3`<qL~+?5FD+T^t*-@SzYe3*5q>)n*Ak603->yO^Cj>Z7~C*FH$N*
zv+F}3mzL=tF=iN;ev@4zL?f99vdErL9`x3~eOrKGWO>qtAeSH&?L!TK3+y|5gKiDG
z$r`z>XF|;|rJVr6%5R0q&0E0bPGQ&^c$lCp#E`6fTU}wl)+KrVY&ZQ2;7Xusd!K+#
zCV{FoY#a;)BMPL?MWZaL$7^b9So4&i998%{EQ<K-LltQbG~A_35-2Q|pkSyXE;b<E
zy1;1->uKT>>k6wrtA|~0rRY(TVdQR{_2=ZdFZ;57gZ4!c^_~ZIJ~`PDA@tdwAw~dL
zCY^9$!<VOBz-)Xr|28xEl%SFOR^NCgmxiE2F<n7Z*D-0cTC|^pH&IDs5B|h2Ahg?9
zt@N|vU9NxYZLDf}y0$@Ps3o3yzci_z%1lAN?jo`e^~daFX5Ugmk>f?zo3=;QP3w|u
zd2qz~vJOg(?~?OxnEi=fAC=z~tEt91_#xbnh@>7>#M~PA!k}}`Gm4W=xW#T3jl3m`
zSv}8W1+u~CV?q1=qYBcQjHoL9Wn|o=b14$hgpV0dWR)>e1|!05xmtk=qNI^{vZLR2
zAkR_o9O=6L#XU8!?5K&b@N!HLgzGl1qb`GP)+AIhHpQ)E9s9f_A;l6tT?Pq&^bkzS
zsV;&dbiccy9w*qQrX(Dcewz2v+e*99i>F^uCzM2~7qaxk(zq&gH^;VLr^@A7lXjn=
zpzMfcJH<#+qlYmVEb?y%RRH>x%bN~^Kd;8kE@MEt^ak&1e-N}pt+)cg(z{>9&@T-4
z0BFOX;4jlZkWAme5`3hYGDDPV>=R6w9ry;L^=9M49NNSm71TZ2z9GsJHwBUv-I^K8
zfK!p{U77070lzc-`k?+<z*ig^eNV!iQL;&P8xy`+=o?lyimeoI-IuvX%65D1M&Ca1
zt87C!bxhO@KLm0od*x7&iHI+koGwrmz7Y)`f-xJGStfJ!y43OWqBz<&=(lc`L_f`B
zG+08uA2<a`uf|5Bzq(nz$xRVCj8rrG#W4Yl8|B$ECV^SA@PJaPI8lwfr*ZKcHN<5@
zq_K%RJl!77;BEL&o=aup_{U4mG0E(hW53(qQ;!*Tq-z>))au5BcbK5#Z{sRY%YyMd
z++Go9$I+33w0O!Tp$3tp*dA!nBKPkF)^0b1;-iGZ0GKh>^jV^sQr<?|c(?z6==~fv
z5HV>&9SMC0MAr+T5*rrIJ_GqrE+cikGU*SC<dh3H`fusKlWCnrudxH+(@BA*0XBFu
z{z%6AP8mF&Lgr=6`{@@K=piu*GecTGzv4g*@jw@M5xBDV2=yP0%LLM5&U$>Kok}ol
zr`AHL92E$1Mn>)peAaT75x%Gj)Z*-X0SBq}zjJnF3b+oBZ)AgP%YYYRt-xdlt-ygZ
zL1RLzFK?qX82tnxV`bo=l2RovjK@wnXW7?sT;yRqg0<~klfPJnoe?nLT=|{n(jK?!
zXp9V1OWj63CfN9RiXP9I0MX@2LPr)N!WTA=>do&_!ZR%Ml}cid)Ma>F=phJiq0WFz
z1i5YpcEMvAC{_<3ZklP~AEn-N`rOh8UF4yQK5*`ulS%+8LOBjNH!*6>ieg@ex2R=s
zwxOsZ<u<y6F?ID9nELpeAM9;h=rrNw2_eU`m8{qWCT7B{^BfWG$-*z+*G|KUh9<$v
zF^ZE2o=s*wM?8Zqe`%SmHv0+$vCZ&TWwoQLS2NO~iw8g=^O(p(YYHN1872@k>c<r~
zy8vt`@IIF5{vBAT!*^AjV{Z~etX5|AP0GMptX?zF9r?71@eKRcA=7HYr?Y;h=GCsl
z)zy9FP354!rR6~(Ts|pvLt$>7@&IS{;jytI<QG3#-4=3pp_LsqB@s;h`=bU~m)<1J
zh?OU3z^nwYQ5WrLTr>9Au9~zOh^3NrIh=EBH5eVS<2lRu(|pFHof2wES4uT-`9k7D
zZqG0skP|kx2WUDP_BZFVXK?@|sIY<p<HVxp#crlEORNXptA=GBXQSh`X;t-E;p@c&
z3x{K-eRf~s$${D<CVnNeD7O!0I(lI<mL~h2KsPdQS9}(Zw88K9%$Y79zjOvKh|z$;
z9FqJ|ue4reN6g^l22vQzGU#?-^M=>`Xt6;aZ)`AFx5eqY?K|J>$xv~J4TZ{jn44@9
zNeR}Gm+JvU+agPLx-`SeF{s)!z?976H*D+Z&z#J#TL9d3>QXhullcCP1ksJ%>1xm9
zfEo>yW{bdMcTKujf9bwv^7?XbQckXp<Cip*$oGxy4EwlzF_HUSaeg8qgKSPma_C&t
z<F{96n^7L0AyK@`zlkt`dXz@oPG|J4#p!671F)E&R7z*6Y?^(A6@-Jc`4QWhKr?{p
zTA$C@{{7<uYzoShSY8{`4Bk}G2fSz7Wib0rOSB0CJK$Tc5X#|1w*KNun`CY%YoopV
zhx60%84q5-VHB?}qbdGm`<Td%k3Lqsy#{>6*vo|#RDGC66gYOs&g$CE7z8{Twq3=D
zKEE5lLu(8yVUr*_C_8Dq$gcA8I$3H6lu$}L2Qs45s_R=mjtM_dD<9bR^)oY@4?k<`
ze=>47O{6~4%8T;86wQ{i*LzKys3pG?%p2BQXg9M~T(6q1pOPB^O=UNr)iv<jK%G5n
zJ7gSNUAkH99}aE@@59XkLWziGH}(uIV0*e{OhD#1tO!1+XfvDXLVb+mfo!|Kc-?uX
zeMbud3T8C|2n<-5FqojzXYXQCdws-%!!Wum+D|M9(Dob5>4C5B%#jVTIS<jIQ6W|A
zU+S}H`k~bGyVwp)39k5+#{6%RZRSK?KaDQD_^KsaYBlAx_UV8jctoY(y&t~DHV3;i
z{Zx~o5{P7LHXURsEA3>I=a%Zwzasna8(`T*b@goR>=~rXp=5Q@s%KyF#zwE0aGZN*
zIG`#WMnj}_t?#ubnJ#RhG{hkH79tgt5Adj@Y9P@jF~ZTn!Jo|o`6&E?$yVoXG^^!w
z>a4U^0A~1lBSv(e<jlzIZS(q1uVqiXP#PlEWgr|mz&$tXlS;j@JlUW%tD_XvqJa<E
zE`X|FsBgCH><#?JNnV4CsN0R!&BQx1G}oCb=)md4C&kg@bk;jeHW?G6%_rUB>Fj)M
z+4#pMgxQ}_hLxw9@M`|R@gQD0x>eb23*k*p&!j9i|DWj2FM5Zxev4;x-o~sQm&$1(
z;YeWLnKCGs^EO$l^<`!2*_Ng9sMo)hC2FK5+vD7-bf%^KVKif6#b|aPIL^#OG-Ma$
zc<Ii-?Oc4Sn^e9Db2D<Ry2sX2Yg5KYHr(L9q52-7o#&Rn7$S8JzCb(LI96>`;`?}5
z)r}Tssjw8RaR-r>!g90fSNMjlB*dNBi@X9_S!&&GtPRA*JTi5?d{=GJuyn5yL%Oup
zEiJsfL~Oxj!ce34s{N6*Vpz72rNl6Hug(2HUER+eo0Iq|NO8DkFZ?^OHR|Z~fu91P
zn*E%r&Nq;yFW})pbIal%%E_qgJi;6zZ*$#wD&Y*IoIE~^1z3*VJ&87YDD=HQHw8M`
zjewro4I;Cy9AYVsI&cjHX!h2iGOpm|OJmQxYufoPjT3@qn4;$e5eYyDtHWH_h#}-=
zV2(#^qY1Oj7h!?2FvR;#sfzE8@UDnCO0Ki%9Tn$CZ<{b8oMRGRz15JC1)TRV1J{yx
zs3{h<ci|ntKQ8C~Khn3USPJ8<e$MA{ajJy)!@PFUl0^)f`I209LNm7CZ_zUqbW?3w
zUX@75XiXgbybv2kS+j{G>FFJCXKHI4h4j&CIDaJj>b~ym0zmqEKnDwV)ZZ8O1odl)
z-B{aC%gXZ6`sv<om@NDVA=#n{V9FY7Nov^U&Nm8C9BRKc2A9#*Td^21pg@!odDUt(
zw1{mUu=ElzZGCcoH$mm^x>sM8AHIp)-zI!ZS7#Fs#xw9x;tA>&xZ@lXV9o7D1=f@*
zPNjrm;Jq1<Qu>r|h=|Q((4F`oalD;TQPl41p0Ft)AqZ)!7C;x+g%LOp?cNFqkv6r-
zb5@i9WABY!E(=QHrr~jt$E=-Ex*?2>8T4?nE)O;`X$=4vciyjy1z}n#Kahfn4BsGg
zMyG!-)%rnc)Ca!^?3OmeqtJFP5+4EJ$`B$!7|N5@M6}Qv)gXY?p-J|<r01JJ&OqIs
z(2fA2L0Po!&$V8o&|R;<uGdOHO9~cVTE=ps8Z=EECrNMssR$e}2+)4V@x=lpH(CWM
zvMvdD>-sf^%UN}iY@7Sbw8sfu+Li`NQfWu7P1ZUR0dT$&iQq7%erUh^5h|@ni4vYP
z=>c#+k!k~=RSsz8^&~QjanfjOY4CKWI<6(NAy%6}Ai<9^sFaD(9?8pvN80BoJo++q
zhq+Uv{yC$2*AqQ2?_{I0LBGRl>3AhPR{9(1qUhmrrb*FctrqfBKJoCQ)i;i?A#5?D
zT@b9!SM|9<!|5;Dk_zYs;lp_(uC23IvwGb-GAAsG3S3F|IYKn8^yqW!VmX`^b}-S!
zFiaJxcEoNLIoy%6KirJu{WzbCH5p@t>>kHlfcq?`%TU0cw9!_hSYHz)p1Y>>8xXW<
zgC4_*GT%L0j&i~zpLtNk$-m~@eA;pLVZD32sHzhwyXnD>&QI_N5ac7y3Z|OM_S}B+
zwX?qzC{KJ^UcHKRz-9Hh(Q6n^gN6<ST9Ub}!nPjYE1dk%-|ZaTo_kG1X1;wP{e9`-
zh_=5si8e3F?RdFEl+0@8mHz#1J~~p-VZp)Ivu%qIQnyBhH6`9kM)a;I`or6Aq;AQU
z(&fO;%HF-JTHgUMK@^OMJaJ{V$#lc!*`|UMcM|rs4E~UKrg|)dL!VcI^D71zD+9DT
za^$k#3lnPc01o1;b>GoIOP%StC?7Wa-I*#QDx##zW|zI3%R4-S0&t55r6f(9CEYJ;
zqYdV;08*OywEVE8ffy05;@CZP@VCH@QG;^ic|F||Wd_S%3J|JqA8><puL<>xW7%3b
z+LH*qx|}+z;<%eeR?+tGGmQvTD~h6}F>MuIx9=PadaCFv&Yz!l$3PH)wlq(wl*j-e
zwzg$+114JP#w)8dgsQa}SRZ`=@hseGQfSwBW`4g{<QTY7#L|9yk_Yt2L;>cUC-6uw
z#sotEe&`GJ^U8~7Qi{ft{9_5ms6u(Vq<_Eyn>;xGIDrvwOZn&0z|HEboAXcL=+>2C
zFOd%D3Ye*EQn>U12)<58Lvxe6EmX`ftrcqV_Tf9>R2Eg5TO(n?&huR;=e^)4(4&5t
ztKN7c-2v4*q=^R|9-sV-veYd7oK-&GKePg0sJ9_g=CZVMy%2ML?iP>k<-GH!u*rER
z6!iOdo7rH`=3s*5n}cBM-}1#`;b)jf8I>KT>)P30&h%mC%8B~}N7f$sUIY$-78)^Z
zD35yi*ZX%`+mK{kev0`dMtL2TLYhhaN><Fm7v4>sg4TV1w)`9(tMh}OO{B`Bn#Sj8
zaFXhmd`7$-_rtjVEE_990KF7R>y@DE;d`QtsS2HtuV-t=4nTxWp@xqQl=%5Ozw11>
zagUD&Brsd^5v+%W2uSUVE)pe%x3}uHwvgM*K;IBhi9YGon|7B23@VQ0BR4>t+lpc=
zM8?d?_{AT)^rjzHysbA_>_Y%)LD6~{ai1nnNEGsB%pUTv;XdDh9I)sYpZrWgq02-^
z<xN=;-O2R+aeEYFeT9}&X=~;{!snoz&UeO}&G6N{V~*<(Yw4G({7EP+QOp5Nt7zBr
z!;4~`*eRLUu4;8~7sFe`Jl7{w-msM?$MV7^%K4z)&T>$qD4xVavvp;m@XaA>?@NfN
zN-O?@7-mIGoln3w61Q6n+4l8wc~7Z%@-q|O(}!Cva8&^J{Rv1kXE2K5eHw;sOG$PM
zM7uFl)4)@E#yW)un1I&{S<GEaQIfYN%LVTw_(|N?Ws3$X?o#icwo)PbpXH;0c8l$p
z@SV*`#nR^77^v+ruc#X+;=YgIF$IK&y$1&mVSFNec)i<p^(<=#T|pO{;;%&rQ~Sq-
zB4VAp*QIxey+3z*9daJ_iBGlDF1mO&h_U&zXolPm)BbyOCs6WvdfX(O>KZX{H#ORC
zddTR|Mgk6v7pMj<pMjnd-t-&w1{)`SZ6HCw`vdog`g6Cct)ixx11+XNA>m*<s<-{#
zIQ{09VN5^gboVhuF4|c@w?VJ&;NH|$h>~@<9@S}v1tIry==t?dJ5Hv?Y&gd_CSPxl
z=<KE#(0W*Kt~ifnwR*c+KuZW){^p=Gd@k2z&w2!qe0VP{Cr>dcIYRW$4KEMPD9OAw
zbL9PDM)ueT!DzziN?WzbjuWuD6+rjNp~_X+ZR9niZ+?%cqC@JKrqFoB?Lp7c!geFI
zo+_G+$Zx%SFzKaH>Q|KF)N#`TTG~XL;|6V)qiyPEI}#BvIcqlE0SCqW%$KOTw*DN4
zaE&d!7r(VTm(xx}xkfH5TViI5vU!cU^VU=#OQ%DB0r@<4Md0Yt$O#0xUGo;<vHxz`
znSS&GXpNkiNP$M>@rvYq4rXjEK_c|<Kzps#=wv9#T-a5U7V6Cgl@c25=tIPt1&Yx|
zsG{j(2>o1cjX<bZs`*8=f0M&UuxC~a6b1E3;9h^SgNW4Tv7QBs;|))Ei){wF>IY9{
zB>EpdcIo#xuy}x3i-l135zxwgQ$vwerAC_uNDU~wRCzLOqL{gs>S5x)V=Z#D=qRCn
zy;L&X=-YvswXr{@s(iEznCL<<1GwiiB8+CwBqWIHoZr|_5$a-WXSKK{1sj&10`-`o
z2i`}ysN1;`(xsNkZ?N88f*(3AM!lB_H;lTK^7BJdqaal*x23EdK<n~J$*ui(+1Fyf
zWuc-*8@sCcYDTctr1y}^_FW?YlDc2(Co{_lb!+t`I@gYmy41zAO-!Ok8_<azehrZ#
zIX16Z^xd)hL_$n+O>mO(9i2c+uw$XZ_x3%c{UbTs!FpeY)IbQfj{EGdDDU8_&AFgf
zLRR75_eVoQW_SfC{py`&AHho;elNZZD-SulfE+9C$-3&pVTDgmYTL`tILlWJfK^8|
zCcABQ%bPQL=0g3Ys@vtT*!3ZV%#qsOV>UJU0%8F)T<BS`wfd!-uZqw}1jE8-4ZNop
za#3y$3KEoYge*ogKdksZpn_yd<Q`C#Q&RYO3IHP*1Q4NMv!siD%aj4q{}k>iU^2?k
z@EcP$CH0m)HtP6<B{A2qZ8Nh*sG)3D^g}m<=Qa;sDQr5?%$Kb&lt<f);q}F%69ItT
z^WDi$;KP5&UyBkeBrnNwXBFX{O5k!19L&TfR*)DmeRMI2DckY7d}abzt1RR2Ajybm
zXNeZxhchA7oFC|x5<sM;4LqK;`6~&Y-B-*G&Nup+BiUva_4_{`0R?p=S{HJuSv^of
z*-ri66X&~=yYVRms!G1?gKY1Un~7_vg?-v*yEhprze#QC5!SgaV+ndp@>#6470t?>
z3a!DaAziDh^%O%njKI0n{{p-Kwj$9$4SO}{x3hG!3$@6JNoe|8F0S-{MOp62$LPD(
z6{HaSAk(f8$`g8NmZHBtQiY@mBSE@}N#vaTIWLNeGlsxR*HFBX4NbJB_kK3DcV4k}
z#<J(fOQ-0Akuj;V_)BO}ev92{I|$fM&&$3Of$P$~lQ1jz2>!8COd)-dwr?KX4X80k
zywPYxNHNZ#4#}4CL_X$6S4%AXJcGB~PqjMjj5~eZ_7}1pW2~>eQHKG)N)@p6te1J`
zVB4bRUHOVZ3_O<rF&e!$k&?TzoCh}zZ0)cDh}OoS_&B~P#W1(CWr{Y@-iVImY<Soz
z(|$Q4M49XG%u_mN$X;guBiZm<lJ=xUw9P<E`-SYuk_|Uu#?e8MgTo$a0i%1~Lep-e
ztgAD+TMHwq3LxHr%Vy4MDq)NpVbGC;$w2g(i^pk+W#Fz_JjRG|slri^qMP!jcb7db
z5G^B*#Qjm_YuDEN2i8Jt&?SVf75n@vKL?7d1E7IUHyPp26i$|d8;!|Ij;24>G;nT9
zFmAmjwvFvGvdG3x$)-nh4F8B(vRtIX^QLgZj+aaXKhtR_%*UyR#b;d>mGuo7J1+B(
zg~E$?zBFjBH$>Qtv!!q(UBxWBFycYfWLp86Xm=}#SMz$hY|Isar??(Ym(l@TPN*?W
zKbPr&%IJcSiSd~5{czecP=VQ0Q%c!Xzr?#<UhvvnZ(gwT^(?Q2zGL~-N_OkBABGKz
zl3Txm_?jhf%BNC*4Lf}ZIlZ_*1zJP{0aWrgfZp^gWFj*%K;qIdf$m9a#TQR^--wgc
z{qfD?;#9oiXuR#*3@xj&3l*6gE9ff8<DhXmt(-BGCt9WyL+6Vz^ZYec$&tK`r`_Bq
zyMnaYK$WkIgzl31H%n{Csn09urIlq=fH}UGF82-gM7j^kZ1k!FSNHn6u#0FZusi%?
zT{NJyROtewEQbz9O#bx&bfUt1mNia(0zPYdn*&r3V@6EYlo+FhdSd(F;F{W_sy&Ui
z`zupIA-5b-(dU$JID)@g|8{#>MQ}0hPW`&#G{{?C^DAhNS!eVoPe|&Hj=c`s;S$Cs
zcKXr@_qJO)K*ZPW$2|avm!qu)v<BjvE}L*u@bO2NUa{BWXu=$^$#yVg@b@<-(%ha=
zXIT1b&&;fXNcQz96{9tj1~DgA7u&55g6;yKGc5m8&sig4@`Wl@s<iu@F``r>+27H-
zRR<oDwDY$EhBDw4P=-U5#u}ge00qt{*&nNqetsR9@A;z`7ykL0pEuBXD{Tc&4!pvl
zPAtLxt2QDX<4Ug>ih=zB@<*9T04I<OrZi;6V)5@=9qj3DHu-Wqq%A1TG&t}v5<8Og
ztVgCkiNk8a*#^Q=extaM<PDF2G8a%qumq@u<a2zlC3RnmElP`cuqr=P$jc``$`)nw
zFeyn<z4OnLFkFLMc5MykUzWeOdXWyl3ahUEk`Hp<AUEyWZJ?>$bOx3AtY#T1tZoMx
zJ=xJ-rC9xCTR1*ct4aXg^z~=9Nfp(CyxVRAHV~=pV&e~)Vb!gFqS?bxq`A(x5^o1K
zvq^_2r%o4M`&LOE1c$Po>A*+8M*ow!b(Blf8k|4>1F*a|BOTVw!srY7R@-<46TD%4
zIS~EWSe{*>*D|hck^Lb{FhjASN_$yD)4(F(>KD=`ynn7FktAV_O;hFNFpr_y5?jPV
zyAH!)K^PBO%L$@<v*gT!;|i*Nf!7cla2qFE@2YHg?G_W==gWXDlufr+TQ)C}b`7<t
znY>&2$Y;lYvUE2U_&h|B59>DR!Tt$?v2S_jHrWH%MWe1VUQAT0&pmpAUjl6b5AAMg
z!)e8a9N71As=<W(o5|{Y-NIlglN)n?v(=&gQn9Ld6Q$$yuW6S9TlayceW2d>&Yzgv
zFs!}|g3zB_p><8xpdanhogF)c)+(UT*FBBaLB#~EKf%@%VHj1^1VR6TS)h$$^K$?3
z%fll27k|K5FRKk;A?ib7;;~D3&-nE+6*fJNTfn9{N*tdk&q#A;n}6PQv9tyFt&f!7
zIBS3&HtbQ2JZl&27ge;3V}QO(ba_UXBSmAKNvTqR#Po$P2f!Kw(f0L{{tEpz3%gS!
z7T<sHDe*q}uq_YL)_ys9=+=L789YLq*4zd_S9;rIu&@8|?O-Kgx=YFVqx-3|)oW2W
z&Qh6Td2xTo4)g79gIcACb}UOJ7uNG;Nl;-GuvgqqMc~)<vc|^y;&g^RrEm8p3x_LK
z1;2QM+kYa$V%QQRYbo)F*B)^MYWtap(gsg<_Yi6Od?*#G*wd<cMZm4{|NpjsO#}=Q
zTV|czoC7r_`7kAsXz$`MqHlGau0ox3UxV#Zp@bloR+RcbBa8#m+(z4@Ucaxed3eL+
zGM3dXSh`7(SRZZzgt+0$+_w{NC+NC3v?`1dU2EmVoB_;6mW&%coqym!u{1IAudCRR
z^3(Ao$`z>JXgf&qp?qvkC<kS|MEXEy?nBmpr1sJ<)?h}B3QCDt?$5)&Y{DEu>y75)
zl8_RdkX}EyComJN@nHFR(w23YVFKGlv$G28jDLWT_a;d2gWR|F<LBS1T#sRf`tCHT
zc0wa69Ga!UG_a<bFMCstWVBcRNDr}+@P?2IVnOKzCD?{~s~@fGPEiqWGSpKf9%d}#
zkfuhJIZx23=iP%ca0d$fIbwj#495%7dzgPSG0_$N@k5e)V?Z%J0mW|Sw^%+lJJOQg
ztyk6c9PBxOxkc>1=9bTxY`8~5>g~FBbLUz3aZ>crk_)G{F?RAKHkp?vlo^d*S(=n2
zMXG5P>5>25D`a==g@3?5F#<_)sMvdj=pz^gtY4{b7U;%4&>LvlF!0BFUYf6?V$SOI
z2c%m4r6#=dx1k`%wH2{Ldun{#K*P@w9QOAZ?pOLTIWu?k?w~&(B(1NxjEUkArAsac
zH@M7yHbJO1|9AY&pH$T=|A$g0hGd`TkGWbcLBKI{(urI9MV`;FBsr7mME0C~WdH5H
zzY@mLh)-+EvB2@hPmzC<sK)=BUcMe_R#mLoO6(D~rCPkoL29IqTb_F$8QDWD;qXB_
zqYr^*{{653uwD$`W9J_I7n6tKL?T<GXJbsgFfaIB)`ou#sk>>!@Q?D2)-#AGl!q*2
zs!Us6RMz+3y#_E3QsmDbtUo5%k=_1`;rZYvsf1c0tJWJRid)%jC91So7I%>Ug%t+I
z7XFuRbJ&P9P&|ZEgMwP`hti0`Tn|rV!YDWzZp}s~CJ+}ny_JHgTwg8ajh&Of)aqHv
zcSZQ)uNMg*Tk^v#n_J>Az$fC5M*10eImlkf)QJ~wjjRT~k~4;Vs1RdIcX%+9*qUvu
z2@xZPuy|uwM*Lq?mU!#PD!oEHcD~7*dXhc@S@Bg{7Wrj%SD)cz=BWx_x{LzN|13ZL
zOyq3Ned@oosy}^$kxnpD)AISkC0h?q?CZ;?tgefjp2r}E3EVV!$jDUTzYEJnGDU=y
z&)ukN3SeI$OXNN4<P+a);D9Wb`1X6$5&pAM0hiAX7bih9A4pFW^F+Q+RMFN`u=U+=
z;aNzbKEZsdha(2K<O+=zH@V!zQmv>VO<OtjpDanGDnVqMtLjmSiN&%1F&6^g^a`F$
zCLR{+&oI8(8IBA7D4B#O`|{i$lnR^HxRlIj(w_Mb_+-h<9|w#OT|eRW+pp9o@st}#
zMwOPoBY0B%FCYaC4k#z*0@M|iyYsD|$}x03!RjF!8{NgqT(B{10tH=bKB3?f|6;De
z0?{BT!_LR1pc$Y*NPuzVr2gZx4ufWvtlM`)_7v3dnt$w!zk|I8NoxrC&9(OjlOJra
zD2ZbDXor#|yyZUpVfGJ(b93r^ccC@clWs5=!$ccnw76ikFvBbd*2@IYVShcu$rxI%
z^YrQ%5)RLOl6h{nsz*f>ygno|gB&MU-5;D8EjBQt_m3qrFwwy9&ALzi5~!w;Vtcgn
zkK`J~3sFNF6$$KO>8k&oGnfN7aOPD36UO<}1Q@-c-2H^<kp_|NWz$3=j3zXEil%IH
z9FCbE&Qq<KmJ7oKQbLLH+B`Q1zp8Jsj>5tIkDLM(gOO;d(E>9fL4uX`pg&8wpKK}D
ztv8OilPAAARE!U`xx-iU(0|H1+qaJ+SNRp@7W751nx;iN4yH)%e`C*ok^FZ6#c&e4
zp|O)qh;$z!A#rW!H@<}r8j%tiWse7D9D#%Ztm0jI-=lB|pg<ngcyiQ1vFa5!*mpR1
zkxN7V-y_RSr24kEo+_Z<<Ybm6V3$7J<`HT7pu2!!SCGN?I3K;Z8PBz_(?4Oe5^Z@Q
zcX~C4UdeLDL+0U2U{HJiHbSg~W?m~n??)#~WQ+)3kgp8af4o!SVig!{0q+TJb7kxc
zOo#ggM=*>E04=uX7zNp~M|GoCy7KS1ucoaZaFALeyA+fP<bfRU_W|xCE3Mi48cQ-;
z4Z8xixdlr97P~IWZ+5-_tELs$4cbT5S5EFQ$8wI+t?5Tzo|%76m@Qh6$dEr@K>y{J
zM*|Hzzl+~zWP<ydY^hlcO&*%I)YtO)-&Fyl+yq`M)HBdj0dqT?P$n@Ai!}ewpSmOR
zw_&Y)gjBUEB84M`&+K*acE*32Z3eqDa>9srLa?#gqv~y;5*kD0Mf+Qtw^wXf_kY>d
zf0qwhxLrGd=|e3|_j#2Qa4#+h6v#@GMN|c98Mjpk&q#}Z;_x8xCbw4z(*5q_7p@FG
mi<{oRn4H%1fOq4{dwPKrO2-?f&S!xE{$wSUBq}}{e*Zsafm<X1

literal 0
HcmV?d00001


From e4c9793ee2015bcda2af790d318b1b3f5b48a5bf Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Tue, 20 Jun 2023 11:26:28 -0400
Subject: [PATCH 072/359] Clarify limitations of Prop Override extension
 (#17801)

Explicitly document the limitations of the extension, particularly what
kind of fields it is capable of modifying.
---
 .../envoy-extensions/configuration/property-override.mdx   | 7 ++++---
 .../proxies/envoy-extensions/usage/property-override.mdx   | 7 +++++++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
index 28e54f27eec1..8ccb49a391fb 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
@@ -118,7 +118,7 @@ The following table describes how to configure a `ResourceFilter`:
 
 Specifies the JSON Patch operation to perform when the `ResourceFilter` matches a local Envoy proxy configuration. You can specify one of the following values for each patch:
 
-- `add`: Replaces a property or message specified by [`Path`](#patches-path) with the given value. The JSON patch format does not merge objects. To emulate merges, you must configure discrete `add` operations for each changed field. Consul returns an error if the target field does not exist in the corresponding schema.
+- `add`: Replaces a property or message specified by [`Path`](#patches-path) with the given value. The JSON Patch `add` operation does not merge objects. To emulate merges, you must configure discrete `add` operations for each changed field. Consul returns an error if the target field does not exist in the corresponding schema.
 - `remove`: Unsets the value of the field specified by [`Path`](#patches-path). If the field is not set, no changes are made. Consul returns an error if the target field does not exist in the corresponding schema.
 
 #### Values
@@ -135,7 +135,7 @@ Specifies where the extension performs the associated operation on the specified
 
 The `Path` field does not support addressing array elements or protobuf map field entries. Refer to [Constructing paths](/consul/docs/connect/proxies/envoy-extensions/usage/property-override#constructing-paths) for information about how to construct paths. 
 
-When setting fields, the extension sets any unset intermediate fields to their default values. A a single operation on a nested field can set multiple intermediate fields. Because Consul sets the intermediate fields to their default values, you may need to configure subsequent patches to satisfy Envoy or Consul validation. 
+When setting fields, the extension sets any unset intermediate fields to their default values. A single operation on a nested field can set multiple intermediate fields. Because Consul sets the intermediate fields to their default values, you may need to configure subsequent patches to satisfy Envoy or Consul validation. 
 
 #### Values
 
@@ -145,9 +145,10 @@ When setting fields, the extension sets any unset intermediate fields to their d
 
 ### `Patches[].Value{}`
 
-Defines a value to set at the specified [path](#patches-path) if the [operation](#patches-op) is set to `add`.  You can specify either a scalar or enum value or define a map that contains string keys and values corresponding to scalar or enum child fields. Refer to the [example configurations](#examples) for additional guidance and to the [Envoy API documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/api) for additional information about Envoy proxy interfaces.
+Defines a value to set at the specified [path](#patches-path) if the [operation](#patches-op) is set to `add`. You can specify either a scalar or enum value, an array of scalar or enum values (for repeated fields), or define a map that contains string keys and values corresponding to scalar or enum child fields. Single and repeated scalar and enum values are supported. Refer to the [example configurations](#examples) for additional guidance and to the [Envoy API documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/api) for additional information about Envoy proxy interfaces.
 
 If Envoy specifies a wrapper as the target field type, the extension automatically coerces simple values to the wrapped type when patching. For example, the value `32768` is allowed when targeting a cluster's `per_connection_buffer_limit_bytes`, which is a `UInt32Value` field. Refer to the [protobuf documentation](https://github.com/protocolbuffers/protobuf/blob/main/src/google/protobuf/wrappers.proto) for additional information about wrappers.
+
 #### Values
 
 - Default: None
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
index fbe0c357a309..84cf621930b0 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
@@ -8,6 +8,13 @@ description: Learn how to use the property-override extension for Envoy proxies
 
 This topic describes how to use the `property-override` extension to set and remove individual properties for the Envoy resources Consul generates. The extension uses the [protoreflect](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect), which enables Consul to dynamically manipulate messages.
 
+The extension currently supports setting scalar and enum fields, removing individual fields addressable by `Path`, and initializing unset intermediate message fields indicated in `Path`.
+
+It currently does _not_ support the following use cases:
+- Adding, updating, or removing repeated field members
+- Adding or updating [protobuf `map`](https://protobuf.dev/programming-guides/proto3/#maps) fields
+- Adding or updating [protobuf `Any`](https://protobuf.dev/programming-guides/proto3/#any) fields
+
 ## Workflow
 
 - Complete the following steps to use the `property-override` extension:

From 2a94ffa5715f8f01dffdc4dc912ba9f04b80f4a0 Mon Sep 17 00:00:00 2001
From: Steven Zamborsky <97125550+stevenzamborsky@users.noreply.github.com>
Date: Tue, 20 Jun 2023 14:33:10 -0400
Subject: [PATCH 073/359] Fix formatting for webhook-certs Consul tutorial
 (#17810)

* Fix formatting for webhook-certs Consul tutorial
* Make a small grammar change to also pick up whitespace changes necessary for formatting

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
---
 .../vault/data-integration/webhook-certs.mdx  | 71 ++++++++++---------
 1 file changed, 36 insertions(+), 35 deletions(-)

diff --git a/website/content/docs/k8s/deployment-configurations/vault/data-integration/webhook-certs.mdx b/website/content/docs/k8s/deployment-configurations/vault/data-integration/webhook-certs.mdx
index aec4fb1d69d3..b615d31fabd7 100644
--- a/website/content/docs/k8s/deployment-configurations/vault/data-integration/webhook-certs.mdx
+++ b/website/content/docs/k8s/deployment-configurations/vault/data-integration/webhook-certs.mdx
@@ -14,16 +14,16 @@ In a Consul Helm chart configuration that does not use Vault, `webhook-cert-mana
 
 When Vault is configured as the controller and connect inject Webhook Certificate Provider on Kubernetes:
   - `webhook-cert-manager` is no longer deployed to the cluster.
-  - controller and connect inject each get their webhook certificates from its own Vault PKI mount via the injected Vault Agent.
-  - controller and connect inject each need to be configured with its own Vault Role that has necessary permissions to receive certificates from its respective PKI mount.
-  - controller and connect inject each locally update its own `mutatingwebhookconfiguration` so that Kubernetes can relay events.
+  - Controller and connect inject each get their webhook certificates from its own Vault PKI mount via the injected Vault Agent.
+  - Controller and connect inject each need to be configured with its own Vault Role that has necessary permissions to receive certificates from its respective PKI mount.
+  - Controller and connect inject each locally update its own `mutatingwebhookconfiguration` so that Kubernetes can relay events.
   - Vault manages certificate rotation and rotates certificates to each webhook.
 
 To use Vault as the controller and connect inject Webhook Certificate Provider, we will need to modify the steps outlined in the [Data Integration](/consul/docs/k8s/deployment-configurations/vault/data-integration) section:
 
 These following steps will be repeated for each datacenter:
   1. Create a Vault policy that authorizes the desired level of access to the secret.
-  1. (Added) Create Vault PKI roles for controller and connect inject each that establish the domains that each is allowed to issue certificates for.
+  1. (Added) Create Vault PKI roles for controller and connect inject that each establish the domains that each is allowed to issue certificates for.
   1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access.
   1. Configure the Vault Kubernetes auth roles in the Consul on Kubernetes helm chart.
 
@@ -74,44 +74,45 @@ Issue the following commands to enable and configure the PKI Secrets Engine to s
 1. Create a policy that allows `["create", "update"]` access to the
 [certificate issuing URL](/vault/api-docs/secret/pki) so Consul controller and connect inject can fetch a new certificate/key pair and provide it to the Kubernetes `mutatingwebhookconfiguration`.
 
-    The path to the secret referenced in the `path` resource is the same value that you will configure in the  `global.secretsBackend.vault.controller.tlsCert.secretName` and `global.secretsBackend.vault.connectInject.tlsCert.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)).
+  The path to the secret referenced in the `path` resource is the same value that you will configure in the  `global.secretsBackend.vault.controller.tlsCert.secretName` and `global.secretsBackend.vault.connectInject.tlsCert.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)).
 
-    ```shell-session
-    $ vault policy write controller-tls-policy - <<EOF
-    path controller/issue/controller-role {
-      capabilities = ["create", "update"]
-    }
-    EOF
-    ```
+  ```shell-session
+  $ vault policy write controller-tls-policy - <<EOF
+  path controller/issue/controller-role {
+    capabilities = ["create", "update"]
+  }
+  EOF
+  ```
 
-    ```shell-session
-    $ vault policy write connect-inject-policy - <<EOF
-    path connect-inject/issue/connect-inject-role {
-      capabilities = ["create", "update"]
-    }
-    EOF
-    ```
+  ```shell-session
+  $ vault policy write connect-inject-policy - <<EOF
+  path connect-inject/issue/connect-inject-role {
+    capabilities = ["create", "update"]
+  }
+  EOF
+  ```
 
 1. Create a policy that allows `["read"]` access to the [CA URL](/vault/api-docs/secret/pki#read-certificate),
 this is required for the Consul components to communicate with the Consul servers in order to fetch their auto-encryption certificates.
 
-    The path to the secret referenced in the `path` resource is the same values that you will configure in the  `global.secretsBackend.vault.controller.caCert.secretName` and `global.secretsBackend.vault.connectInject.caCert.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)).
+  The path to the secret referenced in the `path` resource is the same values that you will configure in the  `global.secretsBackend.vault.controller.caCert.secretName` and `global.secretsBackend.vault.connectInject.caCert.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)).
 
-    ```shell-session
-    $ vault policy write controller-ca-policy - <<EOF
-    path controller/cert/ca {
-      capabilities = ["read"]
-    }
-    EOF
-    ```
+  ```shell-session
+  $ vault policy write controller-ca-policy - <<EOF
+  path controller/cert/ca {
+    capabilities = ["read"]
+  }
+  EOF
+  ```
+
+  ```shell-session
+  $ vault policy write connect-inject-ca-policy - <<EOF
+  path connect-inject/cert/ca {
+    capabilities = ["read"]
+  }
+  EOF
+  ```
 
-    ```shell-session
-    $ vault policy write connect-inject-ca-policy - <<EOF
-    path connect-inject/cert/ca {
-      capabilities = ["read"]
-    }
-    EOF
-    ```
 1. Configure allowed domains for PKI certificates.
 
     ```shell-session
@@ -153,10 +154,10 @@ this is required for the Consul components to communicate with the Consul server
 
 1. Finally, Kubernetes auth roles need to be created for controller and connect inject webhooks.
 
-
     The path to the secret referenced in the `path` resource is the same values that you will configure in the  `global.secretsBackend.vault.controllerRole` and `global.secretsBackend.vault.connectInjectRole` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)).
 
     Role for Consul controller webhooks:
+
     ```shell-session
     $ vault write auth/kubernetes/role/controller-role \
         bound_service_account_names=<Consul controller service account> \

From ee95bc72660b756454327da5a2f8e0dc2cb71288 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Tue, 20 Jun 2023 15:46:16 -0400
Subject: [PATCH 074/359] Add jwt-authn metrics to jwt-provider docs (#17816)

* [NET-3095] add jwt-authn metrics docs
---
 .../connect/config-entries/jwt-provider.mdx    | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/website/content/docs/connect/config-entries/jwt-provider.mdx b/website/content/docs/connect/config-entries/jwt-provider.mdx
index b31427af4fff..8867a3e4f972 100644
--- a/website/content/docs/connect/config-entries/jwt-provider.mdx
+++ b/website/content/docs/connect/config-entries/jwt-provider.mdx
@@ -952,6 +952,22 @@ Defines behavior for caching the validation result of previously encountered JWT
 </Tab>
 </Tabs>
 
+## Metrics
+
+Envoy proxies expose metrics that can track JWT authentication details. Use the following Envoy metrics:
+
+```yaml
+http.public_listener.jwt_authn.allowed
+http.public_listener.jwt_authn.cors_preflight_bypassed
+http.public_listener.jwt_authn.denied
+http.public_listener.jwt_authn.jwks_fetch_failed
+http.public_listener.jwt_authn.jwks_fetch_success
+http.public_listener.jwt_authn.jwt_cache_hit
+http.public_listener.jwt_authn.jwt_cache_miss
+```
+
+~> **Note:** Currently, Envoy does not reference these metrics in their documentation. Refer to [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/) for more information about exposed metrics.
+
 ## Examples
 
 The following examples demonstrate common JWT provider configuration patterns for specific use cases.
@@ -1023,4 +1039,4 @@ spec:
 ```
 
 </Tab>
-</Tabs>
\ No newline at end of file
+</Tabs>

From f17b7f32fc0ec835e99b526eb453eeddb35af179 Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Tue, 20 Jun 2023 13:17:46 -0700
Subject: [PATCH 075/359] Change URLs for redirects from RC to default latest
 (#17822)

---
 website/redirects.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/website/redirects.js b/website/redirects.js
index b9be8b5f2c61..517c73bbfa5a 100644
--- a/website/redirects.js
+++ b/website/redirects.js
@@ -38,19 +38,19 @@ module.exports = [
     permanent: true,
   },
   {
-    source: '/consul/docs/v1.16.x/connect/transparent-proxy',
-    destination: '/consul/docs/v1.16.x/k8s/connect/transparent-proxy',
+    source: '/consul/docs/connect/transparent-proxy',
+    destination: '/consul/docs/k8s/connect/transparent-proxy',
     permanent: true,
   },
   {
-    source: '/consul/docs/1.16.x/agent/limits/init-rate-limits',
-    destination: '/consul/docs/1.16.x/agent/limits/usage/init-rate-limits',
+    source: '/consul/docs/agent/limits/init-rate-limits',
+    destination: '/consul/docs/agent/limits/usage/init-rate-limits',
     permanent: true,
   },
   {
-    source: '/consul/docs/1.16.x/agent/limits/set-global-traffic-rate-limits',
+    source: '/consul/docs/agent/limits/set-global-traffic-rate-limits',
     destination:
-      '/consul/docs/1.16.x/agent/limits/usage/set-global-traffic-rate-limits',
+      '/consul/docs/agent/limits/usage/set-global-traffic-rate-limits',
     permanent: true,
   },
   {

From 500dcb1f214639441db41b53a8eb617fa34aac4a Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Wed, 21 Jun 2023 11:26:27 -0400
Subject: [PATCH 076/359] Set GOPRIVATE for all hashicorp repos in CI (#17817)

Consistently set GOPRIVATE to include all hashicorp repos, s.t. private
modules are successfully pulled in enterprise CI.
---
 .github/workflows/build-artifacts.yml      | 2 +-
 .github/workflows/build-distros.yml        | 1 +
 .github/workflows/build.yml                | 1 +
 .github/workflows/go-tests.yml             | 1 +
 .github/workflows/nightly-test-1.13.x.yaml | 5 +++--
 .github/workflows/nightly-test-1.14.x.yaml | 5 +++--
 .github/workflows/nightly-test-1.15.x.yaml | 5 +++--
 .github/workflows/nightly-test-1.16.x.yaml | 5 +++--
 .github/workflows/nightly-test-main.yaml   | 5 +++--
 .github/workflows/reusable-lint.yml        | 1 +
 .github/workflows/reusable-unit-split.yml  | 1 +
 .github/workflows/reusable-unit.yml        | 1 +
 .github/workflows/test-integrations.yml    | 1 +
 13 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/build-artifacts.yml b/.github/workflows/build-artifacts.yml
index 9d7a2583f945..57e2eba8e4ae 100644
--- a/.github/workflows/build-artifacts.yml
+++ b/.github/workflows/build-artifacts.yml
@@ -13,7 +13,7 @@ permissions:
   contents: read
 
 env:
-  GOPRIVATE: github.com/hashicorp
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   setup:
diff --git a/.github/workflows/build-distros.yml b/.github/workflows/build-distros.yml
index 166706493f24..8b88345d2ee2 100644
--- a/.github/workflows/build-distros.yml
+++ b/.github/workflows/build-distros.yml
@@ -15,6 +15,7 @@ permissions:
 
 env:
   GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   setup:
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index cfeab4a04c12..9186f12bfe25 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,6 +14,7 @@ on:
 env:
   PKG_NAME: consul
   METADATA: oss
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   set-product-version:
diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 0d3b6b0992fd..c8059b998eda 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -21,6 +21,7 @@ permissions:
 
 env:
   TEST_RESULTS: /tmp/test-results
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   setup:
diff --git a/.github/workflows/nightly-test-1.13.x.yaml b/.github/workflows/nightly-test-1.13.x.yaml
index 767072b6d247..de852c9114c5 100644
--- a/.github/workflows/nightly-test-1.13.x.yaml
+++ b/.github/workflows/nightly-test-1.13.x.yaml
@@ -8,9 +8,10 @@ on:
   workflow_dispatch: {}
 
 env:
-  EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
+  EMBER_PARTITION_TOTAL: 4        # Has to be changed in tandem with the matrix.partition
   BRANCH: "release/1.13.x"
-  BRANCH_NAME: "release-1.13.x" # Used for naming artifacts
+  BRANCH_NAME: "release-1.13.x"   # Used for naming artifacts
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   frontend-test-workspace-node:
diff --git a/.github/workflows/nightly-test-1.14.x.yaml b/.github/workflows/nightly-test-1.14.x.yaml
index fb34eb0d1bf3..1f319b4bd3ec 100644
--- a/.github/workflows/nightly-test-1.14.x.yaml
+++ b/.github/workflows/nightly-test-1.14.x.yaml
@@ -8,9 +8,10 @@ on:
   workflow_dispatch: {}
 
 env:
-  EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
+  EMBER_PARTITION_TOTAL: 4        # Has to be changed in tandem with the matrix.partition
   BRANCH: "release/1.14.x"
-  BRANCH_NAME: "release-1.14.x" # Used for naming artifacts
+  BRANCH_NAME: "release-1.14.x"   # Used for naming artifacts
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   frontend-test-workspace-node:
diff --git a/.github/workflows/nightly-test-1.15.x.yaml b/.github/workflows/nightly-test-1.15.x.yaml
index 99b8a2b18861..d41cf84a6247 100644
--- a/.github/workflows/nightly-test-1.15.x.yaml
+++ b/.github/workflows/nightly-test-1.15.x.yaml
@@ -8,9 +8,10 @@ on:
   workflow_dispatch: {}
 
 env:
-  EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
+  EMBER_PARTITION_TOTAL: 4        # Has to be changed in tandem with the matrix.partition
   BRANCH: "release/1.15.x"
-  BRANCH_NAME: "release-1.15.x" # Used for naming artifacts
+  BRANCH_NAME: "release-1.15.x"   # Used for naming artifacts
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   frontend-test-workspace-node:
diff --git a/.github/workflows/nightly-test-1.16.x.yaml b/.github/workflows/nightly-test-1.16.x.yaml
index db63ef83fecf..98a1f364b69e 100644
--- a/.github/workflows/nightly-test-1.16.x.yaml
+++ b/.github/workflows/nightly-test-1.16.x.yaml
@@ -8,9 +8,10 @@ on:
   workflow_dispatch: {}
 
 env:
-  EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
+  EMBER_PARTITION_TOTAL: 4        # Has to be changed in tandem with the matrix.partition
   BRANCH: "release/1.16.x"
-  BRANCH_NAME: "release-1.16.x" # Used for naming artifacts
+  BRANCH_NAME: "release-1.16.x"   # Used for naming artifacts
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   frontend-test-workspace-node:
diff --git a/.github/workflows/nightly-test-main.yaml b/.github/workflows/nightly-test-main.yaml
index f7958b53ce5e..13048656b6b0 100644
--- a/.github/workflows/nightly-test-main.yaml
+++ b/.github/workflows/nightly-test-main.yaml
@@ -8,9 +8,10 @@ on:
   workflow_dispatch: {}
 
 env:
-  EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
+  EMBER_PARTITION_TOTAL: 4        # Has to be changed in tandem with the matrix.partition
   BRANCH: "main"
-  BRANCH_NAME: "main"           # Used for naming artifacts
+  BRANCH_NAME: "main"             # Used for naming artifacts
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   frontend-test-workspace-node:
diff --git a/.github/workflows/reusable-lint.yml b/.github/workflows/reusable-lint.yml
index fd1e8b9a1538..9a9a26f0267e 100644
--- a/.github/workflows/reusable-lint.yml
+++ b/.github/workflows/reusable-lint.yml
@@ -20,6 +20,7 @@ on:
 env:
   GOTAGS: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
   GOARCH: ${{inputs.go-arch}}
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   lint:
diff --git a/.github/workflows/reusable-unit-split.yml b/.github/workflows/reusable-unit-split.yml
index 962467d833a4..e2da1920967e 100644
--- a/.github/workflows/reusable-unit-split.yml
+++ b/.github/workflows/reusable-unit-split.yml
@@ -51,6 +51,7 @@ env:
   TOTAL_RUNNERS: ${{inputs.runner-count}}
   CONSUL_LICENSE: ${{secrets.consul-license}}
   GOTAGS: ${{ inputs.go-tags}}
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
   DATADOG_API_KEY: ${{secrets.datadog-api-key}}
   
 jobs:
diff --git a/.github/workflows/reusable-unit.yml b/.github/workflows/reusable-unit.yml
index 6001cc8bcd11..3f7ffa277412 100644
--- a/.github/workflows/reusable-unit.yml
+++ b/.github/workflows/reusable-unit.yml
@@ -46,6 +46,7 @@ env:
   GOARCH: ${{inputs.go-arch}}
   CONSUL_LICENSE: ${{secrets.consul-license}}
   GOTAGS: ${{ inputs.go-tags}}
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
   DATADOG_API_KEY: ${{secrets.datadog-api-key}}
   
 jobs:
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 836ed56ee180..af00fe46a2f7 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -23,6 +23,7 @@ env:
   CONSUL_BINARY_UPLOAD_NAME: consul-bin
   # strip the hashicorp/ off the front of github.repository for consul
   CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'consul' }}
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   setup:

From a3ba5591499b9a75640e8b2b1e38df804d4559a3 Mon Sep 17 00:00:00 2001
From: Eric Haberkorn <erichaberkorn@gmail.com>
Date: Wed, 21 Jun 2023 12:39:53 -0400
Subject: [PATCH 077/359] Make locality aware routing xDS changes (#17826)

---
 agent/proxycfg/proxycfg.deepcopy.go           |  4 +
 agent/proxycfg/snapshot.go                    |  1 +
 agent/proxycfg/state.go                       |  3 +
 agent/structs/structs.go                      | 12 +++
 agent/xds/endpoints.go                        | 77 +++++++++++++------
 agent/xds/endpoints_test.go                   | 14 ++++
 agent/xds/failover_policy.go                  |  4 +-
 agent/xds/locality_policy.go                  | 21 +++++
 agent/xds/locality_policy_oss.go              | 15 ++++
 .../consul-container/libs/assert/service.go   | 14 ++++
 .../consul-container/libs/service/helpers.go  |  2 +
 11 files changed, 142 insertions(+), 25 deletions(-)
 create mode 100644 agent/xds/locality_policy.go
 create mode 100644 agent/xds/locality_policy_oss.go

diff --git a/agent/proxycfg/proxycfg.deepcopy.go b/agent/proxycfg/proxycfg.deepcopy.go
index 7c577e18aa95..350f76bf0800 100644
--- a/agent/proxycfg/proxycfg.deepcopy.go
+++ b/agent/proxycfg/proxycfg.deepcopy.go
@@ -13,6 +13,10 @@ import (
 // DeepCopy generates a deep copy of *ConfigSnapshot
 func (o *ConfigSnapshot) DeepCopy() *ConfigSnapshot {
 	var cp ConfigSnapshot = *o
+	if o.ServiceLocality != nil {
+		cp.ServiceLocality = new(structs.Locality)
+		*cp.ServiceLocality = *o.ServiceLocality
+	}
 	if o.ServiceMeta != nil {
 		cp.ServiceMeta = make(map[string]string, len(o.ServiceMeta))
 		for k2, v2 := range o.ServiceMeta {
diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go
index 1880dcd669f6..e8f95d9651be 100644
--- a/agent/proxycfg/snapshot.go
+++ b/agent/proxycfg/snapshot.go
@@ -901,6 +901,7 @@ func IngressListenerKeyFromListener(l structs.IngressListener) IngressListenerKe
 type ConfigSnapshot struct {
 	Kind                  structs.ServiceKind
 	Service               string
+	ServiceLocality       *structs.Locality
 	ProxyID               ProxyID
 	Address               string
 	Port                  int
diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go
index 911e4f316ed5..028a3fd59da8 100644
--- a/agent/proxycfg/state.go
+++ b/agent/proxycfg/state.go
@@ -124,6 +124,7 @@ type serviceInstance struct {
 	taggedAddresses map[string]structs.ServiceAddress
 	proxyCfg        structs.ConnectProxyConfig
 	token           string
+	locality        *structs.Locality
 }
 
 func copyProxyConfig(ns *structs.NodeService) (structs.ConnectProxyConfig, error) {
@@ -244,6 +245,7 @@ func newServiceInstanceFromNodeService(id ProxyID, ns *structs.NodeService, toke
 	return serviceInstance{
 		kind:            ns.Kind,
 		service:         ns.Service,
+		locality:        ns.Locality,
 		proxyID:         id,
 		address:         ns.Address,
 		port:            ns.Port,
@@ -303,6 +305,7 @@ func newConfigSnapshotFromServiceInstance(s serviceInstance, config stateConfig)
 	return ConfigSnapshot{
 		Kind:                  s.kind,
 		Service:               s.service,
+		ServiceLocality:       s.locality,
 		ProxyID:               s.proxyID,
 		Address:               s.address,
 		Port:                  s.port,
diff --git a/agent/structs/structs.go b/agent/structs/structs.go
index 1499c35eb80d..c1f6d07606eb 100644
--- a/agent/structs/structs.go
+++ b/agent/structs/structs.go
@@ -2095,6 +2095,18 @@ func (csn *CheckServiceNode) CanRead(authz acl.Authorizer) acl.EnforcementDecisi
 	return acl.Allow
 }
 
+func (csn *CheckServiceNode) Locality() *Locality {
+	if csn.Service != nil && csn.Service.Locality != nil {
+		return csn.Service.Locality
+	}
+
+	if csn.Node != nil && csn.Node.Locality != nil {
+		return csn.Node.Locality
+	}
+
+	return nil
+}
+
 type CheckServiceNodes []CheckServiceNode
 
 func (csns CheckServiceNodes) DeepCopy() CheckServiceNodes {
diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go
index ad0397133666..aef2dc31c9f0 100644
--- a/agent/xds/endpoints.go
+++ b/agent/xds/endpoints.go
@@ -135,7 +135,9 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg.
 		endpoints, ok := cfgSnap.ConnectProxy.PreparedQueryEndpoints[uid]
 		if ok {
 			la := makeLoadAssignment(
+				cfgSnap,
 				clusterName,
+				nil,
 				[]loadAssignmentEndpointGroup{
 					{Endpoints: endpoints},
 				},
@@ -158,7 +160,9 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg.
 			endpoints, ok := cfgSnap.ConnectProxy.DestinationGateways.Get(uid)
 			if ok {
 				la := makeLoadAssignment(
+					cfgSnap,
 					name,
+					nil,
 					[]loadAssignmentEndpointGroup{
 						{Endpoints: endpoints},
 					},
@@ -224,7 +228,9 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 			clusterName := connect.GatewaySNI(key.Datacenter, key.Partition, cfgSnap.Roots.TrustDomain)
 
 			la := makeLoadAssignment(
+				cfgSnap,
 				clusterName,
+				nil,
 				[]loadAssignmentEndpointGroup{
 					{Endpoints: endpoints},
 				},
@@ -239,7 +245,9 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 
 			clusterName := cfgSnap.ServerSNIFn(key.Datacenter, "")
 			la := makeLoadAssignment(
+				cfgSnap,
 				clusterName,
+				nil,
 				[]loadAssignmentEndpointGroup{
 					{Endpoints: endpoints},
 				},
@@ -409,7 +417,9 @@ func (s *ResourceGenerator) endpointsFromServicesAndResolvers(
 		for subsetName, groups := range clusterEndpoints {
 			clusterName := connect.ServiceSNI(svc.Name, subsetName, svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
 			la := makeLoadAssignment(
+				cfgSnap,
 				clusterName,
+				nil,
 				groups,
 				cfgSnap.Locality,
 			)
@@ -444,7 +454,9 @@ func (s *ResourceGenerator) makeEndpointsForOutgoingPeeredServices(
 			groups := []loadAssignmentEndpointGroup{{Endpoints: serviceGroup.Nodes, OnlyPassing: false}}
 
 			la := makeLoadAssignment(
+				cfgSnap,
 				clusterName,
+				nil,
 				groups,
 				// Use an empty key here so that it never matches. This will force the mesh gateway to always
 				// reference the remote mesh gateway's wan addr.
@@ -606,7 +618,9 @@ func (s *ResourceGenerator) makeUpstreamLoadAssignmentForPeerService(
 			return la, nil
 		}
 		la = makeLoadAssignment(
+			cfgSnap,
 			clusterName,
+			nil,
 			[]loadAssignmentEndpointGroup{
 				{Endpoints: localGw},
 			},
@@ -626,7 +640,9 @@ func (s *ResourceGenerator) makeUpstreamLoadAssignmentForPeerService(
 		return nil, nil
 	}
 	la = makeLoadAssignment(
+		cfgSnap,
 		clusterName,
+		nil,
 		[]loadAssignmentEndpointGroup{
 			{Endpoints: endpoints},
 		},
@@ -756,7 +772,9 @@ func (s *ResourceGenerator) endpointsFromDiscoveryChain(
 			}
 
 			la := makeLoadAssignment(
+				cfgSnap,
 				clusterName,
+				ti.PrioritizeByLocality,
 				[]loadAssignmentEndpointGroup{endpointGroup},
 				gatewayKey,
 			)
@@ -842,7 +860,7 @@ type loadAssignmentEndpointGroup struct {
 	OverrideHealth envoy_core_v3.HealthStatus
 }
 
-func makeLoadAssignment(clusterName string, endpointGroups []loadAssignmentEndpointGroup, localKey proxycfg.GatewayKey) *envoy_endpoint_v3.ClusterLoadAssignment {
+func makeLoadAssignment(cfgSnap *proxycfg.ConfigSnapshot, clusterName string, policy *structs.DiscoveryPrioritizeByLocality, endpointGroups []loadAssignmentEndpointGroup, localKey proxycfg.GatewayKey) *envoy_endpoint_v3.ClusterLoadAssignment {
 	cla := &envoy_endpoint_v3.ClusterLoadAssignment{
 		ClusterName: clusterName,
 		Endpoints:   make([]*envoy_endpoint_v3.LocalityLbEndpoints, 0, len(endpointGroups)),
@@ -856,35 +874,46 @@ func makeLoadAssignment(clusterName string, endpointGroups []loadAssignmentEndpo
 		}
 	}
 
-	for priority, endpointGroup := range endpointGroups {
-		endpoints := endpointGroup.Endpoints
-		es := make([]*envoy_endpoint_v3.LbEndpoint, 0, len(endpoints))
+	var priority uint32
 
-		for _, ep := range endpoints {
-			// TODO (mesh-gateway) - should we respect the translate_wan_addrs configuration here or just always use the wan for cross-dc?
-			_, addr, port := ep.BestAddress(!localKey.Matches(ep.Node.Datacenter, ep.Node.PartitionOrDefault()))
-			healthStatus, weight := calculateEndpointHealthAndWeight(ep, endpointGroup.OnlyPassing)
+	for _, endpointGroup := range endpointGroups {
+		endpointsByLocality, err := groupedEndpoints(cfgSnap.ServiceLocality, policy, endpointGroup.Endpoints)
 
-			if endpointGroup.OverrideHealth != envoy_core_v3.HealthStatus_UNKNOWN {
-				healthStatus = endpointGroup.OverrideHealth
-			}
+		if err != nil {
+			continue
+		}
 
-			endpoint := &envoy_endpoint_v3.Endpoint{
-				Address: makeAddress(addr, port),
+		for _, endpoints := range endpointsByLocality {
+			es := make([]*envoy_endpoint_v3.LbEndpoint, 0, len(endpointGroup.Endpoints))
+
+			for _, ep := range endpoints {
+				// TODO (mesh-gateway) - should we respect the translate_wan_addrs configuration here or just always use the wan for cross-dc?
+				_, addr, port := ep.BestAddress(!localKey.Matches(ep.Node.Datacenter, ep.Node.PartitionOrDefault()))
+				healthStatus, weight := calculateEndpointHealthAndWeight(ep, endpointGroup.OnlyPassing)
+
+				if endpointGroup.OverrideHealth != envoy_core_v3.HealthStatus_UNKNOWN {
+					healthStatus = endpointGroup.OverrideHealth
+				}
+
+				endpoint := &envoy_endpoint_v3.Endpoint{
+					Address: makeAddress(addr, port),
+				}
+				es = append(es, &envoy_endpoint_v3.LbEndpoint{
+					HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
+						Endpoint: endpoint,
+					},
+					HealthStatus:        healthStatus,
+					LoadBalancingWeight: makeUint32Value(weight),
+				})
 			}
-			es = append(es, &envoy_endpoint_v3.LbEndpoint{
-				HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
-					Endpoint: endpoint,
-				},
-				HealthStatus:        healthStatus,
-				LoadBalancingWeight: makeUint32Value(weight),
+
+			cla.Endpoints = append(cla.Endpoints, &envoy_endpoint_v3.LocalityLbEndpoints{
+				Priority:    priority,
+				LbEndpoints: es,
 			})
-		}
 
-		cla.Endpoints = append(cla.Endpoints, &envoy_endpoint_v3.LocalityLbEndpoints{
-			Priority:    uint32(priority),
-			LbEndpoints: es,
-		})
+			priority++
+		}
 	}
 
 	return cla
diff --git a/agent/xds/endpoints_test.go b/agent/xds/endpoints_test.go
index ebdd06aa41e2..eee35103aa61 100644
--- a/agent/xds/endpoints_test.go
+++ b/agent/xds/endpoints_test.go
@@ -101,6 +101,7 @@ func Test_makeLoadAssignment(t *testing.T) {
 	tests := []struct {
 		name        string
 		clusterName string
+		locality    *structs.Locality
 		endpoints   []loadAssignmentEndpointGroup
 		want        *envoy_endpoint_v3.ClusterLoadAssignment
 	}{
@@ -211,11 +212,24 @@ func Test_makeLoadAssignment(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := makeLoadAssignment(
+				&proxycfg.ConfigSnapshot{ServiceLocality: tt.locality},
 				tt.clusterName,
+				nil,
 				tt.endpoints,
 				proxycfg.GatewayKey{Datacenter: "dc1"},
 			)
 			require.Equal(t, tt.want, got)
+
+			if tt.locality == nil {
+				got := makeLoadAssignment(
+					&proxycfg.ConfigSnapshot{ServiceLocality: &structs.Locality{Region: "us-west-1", Zone: "us-west-1a"}},
+					tt.clusterName,
+					nil,
+					tt.endpoints,
+					proxycfg.GatewayKey{Datacenter: "dc1"},
+				)
+				require.Equal(t, tt.want, got)
+			}
 		})
 	}
 }
diff --git a/agent/xds/failover_policy.go b/agent/xds/failover_policy.go
index 5edcae914d52..77839a37cfeb 100644
--- a/agent/xds/failover_policy.go
+++ b/agent/xds/failover_policy.go
@@ -27,6 +27,8 @@ type targetInfo struct {
 	// Region is the region from the failover target's Locality. nil means the
 	// target is in the local Consul cluster.
 	Region *string
+
+	PrioritizeByLocality *structs.DiscoveryPrioritizeByLocality
 }
 
 type discoChainTargetGroup struct {
@@ -87,7 +89,7 @@ func (s *ResourceGenerator) mapDiscoChainTargets(cfgSnap *proxycfg.ConfigSnapsho
 		var sni, rootPEMs string
 		var spiffeIDs []string
 		targetUID := proxycfg.NewUpstreamIDFromTargetID(tid)
-		ti := targetInfo{TargetID: tid}
+		ti := targetInfo{TargetID: tid, PrioritizeByLocality: target.PrioritizeByLocality}
 
 		configureTLS := true
 		if forMeshGateway {
diff --git a/agent/xds/locality_policy.go b/agent/xds/locality_policy.go
new file mode 100644
index 000000000000..d2dd977f1ae7
--- /dev/null
+++ b/agent/xds/locality_policy.go
@@ -0,0 +1,21 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package xds
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+func groupedEndpoints(locality *structs.Locality, policy *structs.DiscoveryPrioritizeByLocality, csns structs.CheckServiceNodes) ([]structs.CheckServiceNodes, error) {
+	switch {
+	case policy == nil || policy.Mode == "" || policy.Mode == "none":
+		return []structs.CheckServiceNodes{csns}, nil
+	case policy.Mode == "failover":
+		return prioritizeByLocalityFailover(locality, csns), nil
+	default:
+		return nil, fmt.Errorf("unexpected priortize-by-locality mode %q", policy.Mode)
+	}
+}
diff --git a/agent/xds/locality_policy_oss.go b/agent/xds/locality_policy_oss.go
new file mode 100644
index 000000000000..16147aeb0c0d
--- /dev/null
+++ b/agent/xds/locality_policy_oss.go
@@ -0,0 +1,15 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+//go:build !consulent
+// +build !consulent
+
+package xds
+
+import (
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+func prioritizeByLocalityFailover(locality *structs.Locality, csns structs.CheckServiceNodes) []structs.CheckServiceNodes {
+	return nil
+}
diff --git a/test/integration/consul-container/libs/assert/service.go b/test/integration/consul-container/libs/assert/service.go
index 57e853e1e7b9..f8ff1d0ba9bb 100644
--- a/test/integration/consul-container/libs/assert/service.go
+++ b/test/integration/consul-container/libs/assert/service.go
@@ -40,6 +40,20 @@ func CatalogServiceExists(t *testing.T, c *api.Client, svc string, opts *api.Que
 	})
 }
 
+// CatalogServiceHasInstanceCount verifies the service name exists in the Consul catalog and has the specified
+// number of instances.
+func CatalogServiceHasInstanceCount(t *testing.T, c *api.Client, svc string, count int, opts *api.QueryOptions) {
+	retry.Run(t, func(r *retry.R) {
+		services, _, err := c.Catalog().Service(svc, "", opts)
+		if err != nil {
+			r.Fatal("error reading service data")
+		}
+		if len(services) != count {
+			r.Fatalf("did not find %d catalog entries for %s", count, svc)
+		}
+	})
+}
+
 // CatalogServiceExists verifies the node name exists in the Consul catalog
 func CatalogNodeExists(t *testing.T, c *api.Client, nodeName string) {
 	retry.Run(t, func(r *retry.R) {
diff --git a/test/integration/consul-container/libs/service/helpers.go b/test/integration/consul-container/libs/service/helpers.go
index ac254b846ae7..70624bf001d8 100644
--- a/test/integration/consul-container/libs/service/helpers.go
+++ b/test/integration/consul-container/libs/service/helpers.go
@@ -46,6 +46,7 @@ type ServiceOpts struct {
 	Checks       Checks
 	Connect      SidecarService
 	Namespace    string
+	Locality     *api.Locality
 }
 
 // createAndRegisterStaticServerAndSidecar register the services and launch static-server containers
@@ -119,6 +120,7 @@ func CreateAndRegisterStaticServerAndSidecar(node libcluster.Agent, serviceOpts
 		Namespace: serviceOpts.Namespace,
 		Meta:      serviceOpts.Meta,
 		Check:     &agentCheck,
+		Locality:  serviceOpts.Locality,
 	}
 	return createAndRegisterStaticServerAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req, containerArgs...)
 }

From d0797c4a0dad78ef5301977b71a8686b5be1b122 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Wed, 21 Jun 2023 13:52:00 -0400
Subject: [PATCH 078/359] Fixup consul-container/test/debugging.md (#17815)

Add missing `-t` flag and fix minor typo.
---
 test/integration/consul-container/test/debugging.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/integration/consul-container/test/debugging.md b/test/integration/consul-container/test/debugging.md
index 90f6974daa1d..2957b520ac07 100644
--- a/test/integration/consul-container/test/debugging.md
+++ b/test/integration/consul-container/test/debugging.md
@@ -19,7 +19,7 @@ The `dev-docker-dbg` Make target will build consul docker container that has the
 - a port exposed on the container that allows a debugger from your development environment to connect and attach to the consul process and debug it remotely.
 - logs out the host and port information so that you have the information needed to connect to the port.
 
-The integration tests have been modified to expose the `--debug` flag that will switch the test from using a `consul:local` image that can be built using `make dev-docker` to using the `consul-dbg:local` image that was build from `make dev-docker-dbg`.
+The integration tests have been modified to expose the `--debug` flag that will switch the test from using a `consul:local` image that can be built using `make dev-docker` to using the `consul-dbg:local` image that was built from `make dev-docker-dbg`.
 
 The test is run in debug mode with a breakpoint set to just after the cluster is created and you can retrieve the port information.  From there, you can set up a remote debugging session that connects to this port.
 
@@ -38,7 +38,7 @@ To run/debug integration tests locally, the following tools are required on your
   ```
 - Build a consul-envoy container image from the consul root directory that is required for testing but not for debugging. 
   ```
-  docker build consul-envoy:target-version --build-arg CONSUL_IMAGE=consul:local --build-arg ENVOY_VERSION=1.24.6 -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+  docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=consul:local --build-arg ENVOY_VERSION=1.24.6 -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
   ```
 
 #### Remote debugging using GoLand
@@ -75,4 +75,4 @@ To run/debug integration tests locally, the following tools are required on your
 #### Remote debugging using VSCode
 (For additional information, see [VSCode's documentation on remote debugging](https://github.com/golang/vscode-go/blob/master/docs/debugging.md#remote-debugging).)
 
-[comment]: <> (TODO: Openly looking for someone to add VSCode specific instructions.)
\ No newline at end of file
+[comment]: <> (TODO: Openly looking for someone to add VSCode specific instructions.)

From 82441a27fac20b5989de13dc5809f30973a50906 Mon Sep 17 00:00:00 2001
From: George Bolo <george.bolo@gmail.com>
Date: Wed, 21 Jun 2023 14:31:40 -0400
Subject: [PATCH 079/359] fixes #17732 - AccessorID in request body should be
 optional when updating ACL token (#17739)

* AccessorID in request body should be optional when updating ACL token

* add a test case

* fix test case

* add changelog entry for PR #17739
---
 .changelog/17739.txt       |  3 +++
 agent/acl_endpoint.go      | 12 +++++++++--
 agent/acl_endpoint_test.go | 42 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+), 2 deletions(-)
 create mode 100644 .changelog/17739.txt

diff --git a/.changelog/17739.txt b/.changelog/17739.txt
new file mode 100644
index 000000000000..14bbceeaa084
--- /dev/null
+++ b/.changelog/17739.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+http: fixed API endpoint `PUT /acl/token/:AccessorID` (update token), no longer requires `AccessorID` in the request body. Web UI can now update tokens.
+ ```
diff --git a/agent/acl_endpoint.go b/agent/acl_endpoint.go
index da838b1a646e..d6f230a8f64e 100644
--- a/agent/acl_endpoint.go
+++ b/agent/acl_endpoint.go
@@ -441,8 +441,16 @@ func (s *HTTPHandlers) aclTokenSetInternal(req *http.Request, tokenAccessorID st
 		return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: fmt.Sprintf("Token decoding failed: %v", err)}
 	}
 
-	if !create && args.ACLToken.AccessorID != tokenAccessorID {
-		return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Token Accessor ID in URL and payload do not match"}
+	if !create {
+		// NOTE: AccessorID in the request body is optional when not creating a new token.
+		// If not present in the body and only in the URL then it will be filled in by Consul.
+		if args.ACLToken.AccessorID == "" {
+			args.ACLToken.AccessorID = tokenAccessorID
+		}
+
+		if args.ACLToken.AccessorID != tokenAccessorID {
+			return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Token Accessor ID in URL and payload do not match"}
+		}
 	}
 
 	var out structs.ACLToken
diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go
index 20c982492a7c..0c948880e036 100644
--- a/agent/acl_endpoint_test.go
+++ b/agent/acl_endpoint_test.go
@@ -907,6 +907,48 @@ func TestACL_HTTP(t *testing.T) {
 			tokenMap[token.AccessorID] = token
 		})
 
+		t.Run("Update without AccessorID in request body", func(t *testing.T) {
+			originalToken := tokenMap[idMap["token-cloned"]]
+
+			// Secret will be filled in
+			tokenInput := &structs.ACLToken{
+				Description: "Even Better description for this cloned token",
+				Policies: []structs.ACLTokenPolicyLink{
+					{
+						ID:   idMap["policy-read-all-nodes"],
+						Name: policyMap[idMap["policy-read-all-nodes"]].Name,
+					},
+				},
+				NodeIdentities: []*structs.ACLNodeIdentity{
+					{
+						NodeName:   "foo",
+						Datacenter: "bar",
+					},
+				},
+			}
+
+			req, _ := http.NewRequest("PUT", "/v1/acl/token/"+originalToken.AccessorID, jsonBody(tokenInput))
+			req.Header.Add("X-Consul-Token", "root")
+			resp := httptest.NewRecorder()
+			obj, err := a.srv.ACLTokenCRUD(resp, req)
+			require.NoError(t, err)
+			token, ok := obj.(*structs.ACLToken)
+			require.True(t, ok)
+
+			require.Equal(t, originalToken.AccessorID, token.AccessorID)
+			require.Equal(t, originalToken.SecretID, token.SecretID)
+			require.Equal(t, tokenInput.Description, token.Description)
+			require.Equal(t, tokenInput.Policies, token.Policies)
+			require.Equal(t, tokenInput.NodeIdentities, token.NodeIdentities)
+			require.True(t, token.CreateIndex > 0)
+			require.True(t, token.CreateIndex < token.ModifyIndex)
+			require.NotNil(t, token.Hash)
+			require.NotEqual(t, token.Hash, []byte{})
+			require.NotEqual(t, token.Hash, originalToken.Hash)
+
+			tokenMap[token.AccessorID] = token
+		})
+
 		t.Run("CRUD Missing Token Accessor ID", func(t *testing.T) {
 			req, _ := http.NewRequest("GET", "/v1/acl/token/", nil)
 			req.Header.Add("X-Consul-Token", "root")

From a4653de8da15e16b8a2a8c5340dc62691861d2a2 Mon Sep 17 00:00:00 2001
From: "Chris S. Kim" <ckim@hashicorp.com>
Date: Wed, 21 Jun 2023 15:34:42 -0400
Subject: [PATCH 080/359] CA provider doc updates and Vault provider minor
 update (#17831)

Update CA provider docs

Clarify that providers can differ between
primary and secondary datacenters

Provide a comparison chart for consul vs
vault CA providers

Loosen Vault CA provider validation for RootPKIPath

Update Vault CA provider documentation
---
 .changelog/17831.txt                      |  3 ++
 agent/config/builder.go                   |  2 +-
 agent/connect/ca/provider_test.go         |  2 +-
 agent/connect/ca/provider_vault.go        | 14 +++++-----
 agent/connect/ca/provider_vault_test.go   | 18 ++++++++++--
 website/content/docs/connect/ca/index.mdx | 21 +++++++++++---
 website/content/docs/connect/ca/vault.mdx | 34 +++++++++++++----------
 7 files changed, 64 insertions(+), 30 deletions(-)
 create mode 100644 .changelog/17831.txt

diff --git a/.changelog/17831.txt b/.changelog/17831.txt
new file mode 100644
index 000000000000..2833bda1d576
--- /dev/null
+++ b/.changelog/17831.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ca: Vault CA provider config no longer requires root_pki_path for secondary datacenters
+```
diff --git a/agent/config/builder.go b/agent/config/builder.go
index 8e0bb37ef999..6acd1b0039ee 100644
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@@ -1473,7 +1473,7 @@ func (b *builder) validate(rt RuntimeConfig) error {
 				return err
 			}
 		case structs.VaultCAProvider:
-			if _, err := ca.ParseVaultCAConfig(rt.ConnectCAConfig); err != nil {
+			if _, err := ca.ParseVaultCAConfig(rt.ConnectCAConfig, rt.PrimaryDatacenter == rt.Datacenter); err != nil {
 				return err
 			}
 		case structs.AWSCAProvider:
diff --git a/agent/connect/ca/provider_test.go b/agent/connect/ca/provider_test.go
index b7ed9e29b412..1ff4af397767 100644
--- a/agent/connect/ca/provider_test.go
+++ b/agent/connect/ca/provider_test.go
@@ -113,7 +113,7 @@ func TestStructs_CAConfiguration_MsgpackEncodeDecode(t *testing.T) {
 				TLSSkipVerify:          true,
 			},
 			parseFunc: func(t *testing.T, raw map[string]interface{}) interface{} {
-				config, err := ParseVaultCAConfig(raw)
+				config, err := ParseVaultCAConfig(raw, true)
 				require.NoError(t, err)
 				return config
 			},
diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go
index 00a598d92dea..89350d87df3e 100644
--- a/agent/connect/ca/provider_vault.go
+++ b/agent/connect/ca/provider_vault.go
@@ -101,7 +101,7 @@ func vaultTLSConfig(config *structs.VaultCAProviderConfig) *vaultapi.TLSConfig {
 // Configure sets up the provider using the given configuration.
 // Configure supports being called multiple times to re-configure the provider.
 func (v *VaultProvider) Configure(cfg ProviderConfig) error {
-	config, err := ParseVaultCAConfig(cfg.RawConfig)
+	config, err := ParseVaultCAConfig(cfg.RawConfig, v.isPrimary)
 	if err != nil {
 		return err
 	}
@@ -192,11 +192,11 @@ func (v *VaultProvider) Configure(cfg ProviderConfig) error {
 }
 
 func (v *VaultProvider) ValidateConfigUpdate(prevRaw, nextRaw map[string]interface{}) error {
-	prev, err := ParseVaultCAConfig(prevRaw)
+	prev, err := ParseVaultCAConfig(prevRaw, v.isPrimary)
 	if err != nil {
 		return fmt.Errorf("failed to parse existing CA config: %w", err)
 	}
-	next, err := ParseVaultCAConfig(nextRaw)
+	next, err := ParseVaultCAConfig(nextRaw, v.isPrimary)
 	if err != nil {
 		return fmt.Errorf("failed to parse new CA config: %w", err)
 	}
@@ -800,7 +800,7 @@ func (v *VaultProvider) Cleanup(providerTypeChange bool, otherConfig map[string]
 	v.Stop()
 
 	if !providerTypeChange {
-		newConfig, err := ParseVaultCAConfig(otherConfig)
+		newConfig, err := ParseVaultCAConfig(otherConfig, v.isPrimary)
 		if err != nil {
 			return err
 		}
@@ -900,7 +900,7 @@ func (v *VaultProvider) autotidyIssuers(path string) (bool, string) {
 	return tidySet, errStr
 }
 
-func ParseVaultCAConfig(raw map[string]interface{}) (*structs.VaultCAProviderConfig, error) {
+func ParseVaultCAConfig(raw map[string]interface{}, isPrimary bool) (*structs.VaultCAProviderConfig, error) {
 	config := structs.VaultCAProviderConfig{
 		CommonCAProviderConfig: defaultCommonConfig(),
 	}
@@ -931,10 +931,10 @@ func ParseVaultCAConfig(raw map[string]interface{}) (*structs.VaultCAProviderCon
 		return nil, fmt.Errorf("only one of Vault token or Vault auth method can be provided, but not both")
 	}
 
-	if config.RootPKIPath == "" {
+	if isPrimary && config.RootPKIPath == "" {
 		return nil, fmt.Errorf("must provide a valid path to a root PKI backend")
 	}
-	if !strings.HasSuffix(config.RootPKIPath, "/") {
+	if config.RootPKIPath != "" && !strings.HasSuffix(config.RootPKIPath, "/") {
 		config.RootPKIPath += "/"
 	}
 
diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go
index b0e341fe91ee..87dc1a04fe7a 100644
--- a/agent/connect/ca/provider_vault_test.go
+++ b/agent/connect/ca/provider_vault_test.go
@@ -60,6 +60,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 	cases := map[string]struct {
 		rawConfig map[string]interface{}
 		expConfig *structs.VaultCAProviderConfig
+		isPrimary bool
 		expError  string
 	}{
 		"no token and no auth method provided": {
@@ -70,15 +71,26 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 			rawConfig: map[string]interface{}{"Token": "test", "AuthMethod": map[string]interface{}{"Type": "test"}},
 			expError:  "only one of Vault token or Vault auth method can be provided, but not both",
 		},
-		"no root PKI path": {
-			rawConfig: map[string]interface{}{"Token": "test"},
+		"primary no root PKI path": {
+			rawConfig: map[string]interface{}{"Token": "test", "IntermediatePKIPath": "test"},
+			isPrimary: true,
 			expError:  "must provide a valid path to a root PKI backend",
 		},
+		"secondary no root PKI path": {
+			rawConfig: map[string]interface{}{"Token": "test", "IntermediatePKIPath": "test"},
+			isPrimary: false,
+			expConfig: &structs.VaultCAProviderConfig{
+				CommonCAProviderConfig: defaultCommonConfig(),
+				Token:                  "test",
+				IntermediatePKIPath:    "test/",
+			},
+		},
 		"no root intermediate path": {
 			rawConfig: map[string]interface{}{"Token": "test", "RootPKIPath": "test"},
 			expError:  "must provide a valid path for the intermediate PKI backend",
 		},
 		"adds a slash to RootPKIPath and IntermediatePKIPath": {
+			isPrimary: true,
 			rawConfig: map[string]interface{}{"Token": "test", "RootPKIPath": "test", "IntermediatePKIPath": "test"},
 			expConfig: &structs.VaultCAProviderConfig{
 				CommonCAProviderConfig: defaultCommonConfig(),
@@ -91,7 +103,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 
 	for name, c := range cases {
 		t.Run(name, func(t *testing.T) {
-			config, err := ParseVaultCAConfig(c.rawConfig)
+			config, err := ParseVaultCAConfig(c.rawConfig, c.isPrimary)
 			if c.expError != "" {
 				require.EqualError(t, err, c.expError)
 			} else {
diff --git a/website/content/docs/connect/ca/index.mdx b/website/content/docs/connect/ca/index.mdx
index 13cc56c72d35..c49e07516fae 100644
--- a/website/content/docs/connect/ca/index.mdx
+++ b/website/content/docs/connect/ca/index.mdx
@@ -21,7 +21,7 @@ support for using
 [Vault as a CA](/consul/docs/connect/ca/vault). With Vault, the root certificate
 and private key material remain with the Vault cluster.
 
-### CA and Certificate relationship
+## CA and Certificate relationship
 
 This diagram shows the relationship between the CA certificates in a Consul primary datacenter and a
 secondary Consul datacenter.
@@ -34,9 +34,22 @@ services.
 - the Leaf Cert Client Agent is created by auto-encrypt and auto-config. It is used by
 client agents for HTTP API TLS, and for mTLS for RPC requests to servers.
 
-Any secondary datacenters receive an intermediate certificate, signed by the Primary Root
-CA, which is used as the CA certificate to sign leaf certificates in the secondary
-datacenter.
+Any secondary datacenters use their CA provider to generate an intermediate certificate
+signing request (CSR) to be signed by the primary root CA. They receive an intermediate
+CA certificate, which is used to sign leaf certificates in the secondary datacenter.
+
+You can use different providers across primary and secondary datacenters.
+For example, an operator may use a Vault CA provider for extra security in the primary
+datacenter but choose to use the built-in CA provider in the secondary datacenter, which
+may not have a reachable Vault cluster. The following table compares the built-in and Vault providers.
+
+## CA Provider Comparison
+
+|            | Consul built-in                    | Vault                                                                             |
+|------------|------------------------------------|-----------------------------------------------------------------------------------|
+| Security   | CA private keys are stored on disk | CA private keys are stored in Vault and are never exposed to Consul server agents |
+| Resiliency | No dependency on external systems. If Consul is available, it can sign certificates | Dependent on Vault availability  |
+| Latency    | Consul signs certificates locally  | A network call to Vault is required to sign certificates                          |
 
 ## CA Bootstrapping
 
diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx
index ce35744e9242..34ad19226847 100644
--- a/website/content/docs/connect/ca/vault.mdx
+++ b/website/content/docs/connect/ca/vault.mdx
@@ -7,19 +7,27 @@ description: >-
 
 # Vault as a Service Mesh Certificate Authority
 
-You can configure Consul to use [Vault](https://www.vaultproject.io/) as the certificate authority (CA) so that Vault can manage and sign certificates distributed to services in the mesh. 
-The Vault CA provider uses the [Vault PKI secrets engine](/vault/docs/secrets/pki) to generate and sign certificates. 
+You can configure Consul to use [Vault](/vault) as the certificate authority (CA) so that Vault can manage and sign certificates distributed to services in the mesh.
+The Vault CA provider uses the [Vault PKI secrets engine](/vault/docs/secrets/pki) to generate and sign certificates.
 This page describes how configure the Vault CA provider.
 
 > **Tutorial:** Complete the [Vault as Consul Service Mesh Certification Authority](/consul/tutorials/vault-secure/vault-pki-consul-connect-ca) tutorial for hands-on guidance on how to configure Vault as the Consul service mesh certification authority.
 
 ## Requirements
 
+- Vault 0.10.3 or higher
+
+~> **Compatibility note:** If you use Vault 1.11.0+ as Consul's service mesh CA, versions of Consul released before Dec 13, 2022 will develop an issue with Consul control plane or service mesh communication ([GH-15525](https://github.com/hashicorp/consul/pull/15525)). Use or upgrade to a [Consul version that includes the fix](https://support.hashicorp.com/hc/en-us/articles/11308460105491#01GMC24E6PPGXMRX8DMT4HZYTW) to avoid this problem.
+
+## Recommendations
+
 - Refer to [Service Mesh Certificate Authority Overview](/consul/docs/connect/ca) for important background information about how Consul manages certificates with configurable CA providers.
 
-- Vault 0.10.3 to 1.10.x.
+- For best performance and resiliency, every datacenter should have a Vault cluster local to its Consul cluster.
 
-~> **Compatibility note:** If you use Vault 1.11.0+ as Consul's service mesh CA, versions of Consul released before Dec 13, 2022 will develop an issue with Consul control plane or service mesh communication ([GH-15525](https://github.com/hashicorp/consul/pull/15525)). Use or upgrade to a [Consul version that includes the fix](https://support.hashicorp.com/hc/en-us/articles/11308460105491#01GMC24E6PPGXMRX8DMT4HZYTW) to avoid this problem.
+- If your Consul datacenters are WAN-federated and the secondary datacenter uses Vault Enterprise
+  [performance secondaries](/vault/docs/enterprise/replication#performance-replication), we recommend
+  configuring [`local`](/vault/docs/enterprise/replication#local) mounts for their [`intermediate_pki_path`](/consul/docs/connect/ca/vault#intermediatepkipath).
 
 ## Enable Vault as the CA
 
@@ -28,7 +36,7 @@ and including the required provider configuration options.
 You can provide the CA configuration in the server agents' configuration file
 or in the body of a `PUT` request to the
 [`/connect/ca/configuration`](/consul/api-docs/connect/ca#update-ca-configuration) API endpoint.
-Refer to the [Configuration Reference](#configuration-reference) for details about configuration options and for example use cases. 
+Refer to the [Configuration Reference](#configuration-reference) for details about configuration options and for example use cases.
 
 The following example shows the required configurations for a default implementation:
 
@@ -75,7 +83,7 @@ connect {
 You can specify the following configuration options.
 Note that a configuration option's name may differ between API calls and the agent configuration file.
 The first key refers to the option name for use in API calls.
-The key after the slash refers to the corresponding option name in the agent configuration file. 
+The key after the slash refers to the corresponding option name in the agent configuration file.
 
 - `Address` / `address` (`string: <required>`) - The address of the Vault
   server.
@@ -104,7 +112,8 @@ The key after the slash refers to the corresponding option name in the agent con
    Only the authentication related fields (for example, JWT's `path` and `role`) are supported. The optional management fields (for example: `remove_jwt_after_reading`) are not supported.
 
 - `RootPKIPath` / `root_pki_path` (`string: <required>`) - The path to
-  a PKI secrets engine for the root certificate.
+  a PKI secrets engine for the root certificate. Required for primary
+  datacenters. Secondary datacenters do not use this path.
 
   If the path does not
   exist, Consul will mount a new PKI secrets engine at the specified path with the
@@ -114,9 +123,6 @@ The key after the slash refers to the corresponding option name in the agent con
   the root certificate TTL was set to 8760 hour, or 1 year, and was not configurable.
   The root certificate will expire at the end of the specified period.
 
-  When WAN Federation is enabled, each secondary datacenter must use the same Vault cluster and share the same `root_pki_path`
-  with the primary datacenter.
-
   To use an intermediate certificate as the primary CA in Consul, initialize the
   `RootPKIPath` in Vault with a PEM bundle. The first certificate in the bundle
   must be the intermediate certificate that Consul will use as the primary CA.
@@ -242,7 +248,7 @@ Then, attach the following Vault ACL policy to the CA provider's
   path "/<root_pki_path>/" {
     capabilities = [ "read" ]
   }
-  
+
   path "/<root_pki_path>/root/sign-intermediate" {
     capabilities = [ "update" ]
   }
@@ -268,7 +274,7 @@ Then, attach the following Vault ACL policy to the CA provider's
     capabilities = [ "read" ]
   }
   ```
-  
+
   </CodeBlockConfig>
 
 #### Define a policy for Consul-managed PKI paths ((#consul-managed-pki-paths))
@@ -329,7 +335,7 @@ Then, attach the following Vault ACL policy to the CA provider's
     capabilities = [ "read" ]
   }
   ```
-  
+
   </CodeBlockConfig>
 
 #### Additional Vault ACL policies for sensitive operations
@@ -340,7 +346,7 @@ following CA provider configuration changes:
 - Changing the `RootPKIPath`
 
 Those configuration modifications trigger a root CA change that requires an
-extremely privileged root cross-sign operation. 
+extremely privileged root cross-sign operation.
 For that operation to succeed, the CA provider's [Vault token](#token) or
 [auth method](#authmethod) must contain the following rule:
 

From 366bd6f89f365c118c271c5aba1eb032adcc5faf Mon Sep 17 00:00:00 2001
From: Chris Thain <32781396+cthain@users.noreply.github.com>
Date: Wed, 21 Jun 2023 13:42:42 -0700
Subject: [PATCH 081/359] ext-authz Envoy extension: support `localhost` as a
 valid target URI. (#17821)

---
 .../builtin/ext-authz/ext_authz_test.go       | 31 +++++++++++-
 .../builtin/ext-authz/structs.go              | 49 ++++++++++++++-----
 agent/xds/delta_envoy_extender_oss_test.go    |  1 +
 agent/xds/delta_envoy_extender_test.go        |  7 +++
 ...uthz-http-local-http-service.latest.golden |  4 +-
 .../configuration/ext-authz.mdx               |  4 +-
 .../envoy-extensions/usage/ext-authz.mdx      |  2 +-
 7 files changed, 78 insertions(+), 20 deletions(-)

diff --git a/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go b/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go
index e0b4245edda2..88e87d7e9a8f 100644
--- a/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go
+++ b/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go
@@ -59,7 +59,7 @@ func TestConstructor(t *testing.T) {
 					},
 				},
 			},
-			errMsg: `invalid host for Target.URI "foo.bar.com:9191": expected 'localhost' or '127.0.0.1'`,
+			errMsg: `invalid host for Target.URI "foo.bar.com:9191": expected "localhost", "127.0.0.1", or "::1"`,
 		},
 		"non-loopback address": {
 			args: map[string]any{
@@ -72,7 +72,34 @@ func TestConstructor(t *testing.T) {
 					},
 				},
 			},
-			errMsg: `invalid host for Target.URI "10.0.0.1:9191": expected 'localhost' or '127.0.0.1'`,
+			errMsg: `invalid host for Target.URI "10.0.0.1:9191": expected "localhost", "127.0.0.1", or "::1"`,
+		},
+		"invalid target port": {
+			args: map[string]any{
+				"ProxyType": "connect-proxy",
+				"Config": map[string]any{
+					"GrpcService": map[string]any{
+						"Target": map[string]any{
+							"URI": "localhost:zero",
+						},
+					},
+				},
+			},
+			errMsg: `invalid format for Target.URI "localhost:zero": expected host:port`,
+		},
+		"invalid target timeout": {
+			args: map[string]any{
+				"ProxyType": "connect-proxy",
+				"Config": map[string]any{
+					"GrpcService": map[string]any{
+						"Target": map[string]any{
+							"URI":     "localhost:9191",
+							"Timeout": "one",
+						},
+					},
+				},
+			},
+			errMsg: `failed to parse Target.Timeout "one" as a duration`,
 		},
 		"no uri or service target": {
 			args: map[string]any{
diff --git a/agent/envoyextensions/builtin/ext-authz/structs.go b/agent/envoyextensions/builtin/ext-authz/structs.go
index b64011a991e2..a14cedd63a76 100644
--- a/agent/envoyextensions/builtin/ext-authz/structs.go
+++ b/agent/envoyextensions/builtin/ext-authz/structs.go
@@ -34,6 +34,9 @@ const (
 	defaultMetadataNS    = "consul"
 	defaultStatPrefix    = "response"
 	defaultStatusOnError = 403
+	localhost            = "localhost"
+	localhostIPv4        = "127.0.0.1"
+	localhostIPv6        = "::1"
 )
 
 type extAuthzConfig struct {
@@ -185,6 +188,12 @@ func (c *extAuthzConfig) toEnvoyCluster(_ *cmn.RuntimeConfig) (*envoy_cluster_v3
 		return nil, err
 	}
 
+	clusterType := &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STATIC}
+	if host == localhost {
+		// If the host is "localhost" use a STRICT_DNS cluster type to perform DNS lookup.
+		clusterType = &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STRICT_DNS}
+	}
+
 	var typedExtProtoOpts map[string]*anypb.Any
 	if c.isGRPC() {
 		// By default HTTP/1.1 is used for the transport protocol. gRPC requires that we explicitly configure HTTP/2
@@ -205,7 +214,7 @@ func (c *extAuthzConfig) toEnvoyCluster(_ *cmn.RuntimeConfig) (*envoy_cluster_v3
 
 	return &envoy_cluster_v3.Cluster{
 		Name:                 LocalExtAuthzClusterName,
-		ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STATIC},
+		ClusterDiscoveryType: clusterType,
 		ConnectTimeout:       target.timeoutDurationPB(),
 		LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{
 			ClusterName: LocalExtAuthzClusterName,
@@ -645,18 +654,13 @@ func (t *Target) validate() error {
 	}
 
 	if t.isURI() {
-		// Strip the protocol if one was provided
-		if _, addr, hasProto := strings.Cut(t.URI, "://"); hasProto {
-			t.URI = addr
-		}
-		addr := strings.Split(t.URI, ":")
-		if len(addr) == 2 {
-			t.host = addr[0]
-			if t.host != "localhost" && t.host != "127.0.0.1" {
-				resultErr = multierror.Append(resultErr, fmt.Errorf("invalid host for Target.URI %q: expected 'localhost' or '127.0.0.1'", t.URI))
-			}
-			if t.port, err = strconv.Atoi(addr[1]); err != nil {
-				resultErr = multierror.Append(resultErr, fmt.Errorf("invalid port for Target.URI %q", addr[1]))
+		t.host, t.port, err = parseAddr(t.URI)
+		if err == nil {
+			switch t.host {
+			case localhost, localhostIPv4, localhostIPv6:
+			default:
+				resultErr = multierror.Append(resultErr,
+					fmt.Errorf("invalid host for Target.URI %q: expected %q, %q, or %q", t.URI, localhost, localhostIPv4, localhostIPv6))
 			}
 		} else {
 			resultErr = multierror.Append(resultErr, fmt.Errorf("invalid format for Target.URI %q: expected host:port", t.URI))
@@ -672,3 +676,22 @@ func (t *Target) validate() error {
 	}
 	return resultErr
 }
+
+func parseAddr(s string) (host string, port int, err error) {
+	// Strip the protocol if one was provided
+	if _, addr, hasProto := strings.Cut(s, "://"); hasProto {
+		s = addr
+	}
+	idx := strings.LastIndex(s, ":")
+	switch idx {
+	case -1, len(s) - 1:
+		err = fmt.Errorf("invalid input format %q: expected host:port", s)
+	case 0:
+		host = localhost
+		port, err = strconv.Atoi(s[idx+1:])
+	default:
+		host = s[:idx]
+		port, err = strconv.Atoi(s[idx+1:])
+	}
+	return
+}
diff --git a/agent/xds/delta_envoy_extender_oss_test.go b/agent/xds/delta_envoy_extender_oss_test.go
index 3d92b6d25de0..2f18809b1936 100644
--- a/agent/xds/delta_envoy_extender_oss_test.go
+++ b/agent/xds/delta_envoy_extender_oss_test.go
@@ -676,6 +676,7 @@ end`,
 					ns.Proxy.EnvoyExtensions = makeExtAuthzEnvoyExtension(
 						"http",
 						"dest=local",
+						"target-uri=localhost:9191",
 						"insert=AfterLastMatch:envoy.filters.http.header_to_metadata",
 					)
 				}, nil)
diff --git a/agent/xds/delta_envoy_extender_test.go b/agent/xds/delta_envoy_extender_test.go
index 0a76d6221957..6cd57fa53a04 100644
--- a/agent/xds/delta_envoy_extender_test.go
+++ b/agent/xds/delta_envoy_extender_test.go
@@ -50,6 +50,13 @@ func makeExtAuthzEnvoyExtension(svc string, opts ...string) []structs.EnvoyExten
 						"FilterName": filterName,
 					}
 				}
+			case "target-uri":
+				target = map[string]any{"URI": v}
+				configMap = map[string]any{
+					serviceKey: map[string]any{
+						"Target": target,
+					},
+				}
 			case "config-type":
 				if v == "full" {
 					target["Timeout"] = "2s"
diff --git a/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-http-service.latest.golden b/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-http-service.latest.golden
index 3b0f2da69ce4..992da1ae684b 100644
--- a/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-http-service.latest.golden
+++ b/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-http-service.latest.golden
@@ -142,7 +142,7 @@
     {
       "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
       "name":  "local_ext_authz",
-      "type":  "STATIC",
+      "type":  "STRICT_DNS",
       "loadAssignment":  {
         "clusterName":  "local_ext_authz",
         "endpoints":  [
@@ -152,7 +152,7 @@
                 "endpoint":  {
                   "address":  {
                     "socketAddress":  {
-                      "address":  "127.0.0.1",
+                      "address":  "localhost",
                       "portValue":  9191
                     }
                   }
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
index 6b5d8cc272aa..2d3c48789a90 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
@@ -348,7 +348,7 @@ The following table describes how to configure parameters for the `Service` fiel
 
 ### `Arguments.Config.GrpcService.Target.Uri`
 
-Specifies the URI of the external authorization service. Configure this field when you must provide an explicit URI to the external authorization service, such as cases in which the authorization service is running on the same host or pod. If set, the value of this field must be either `localhost:<port>` or `127.0.0.1:<port>`
+Specifies the URI of the external authorization service. Configure this field when you must provide an explicit URI to the external authorization service, such as cases in which the authorization service is running on the same host or pod. If set, the value of this field must be one of `localhost:<port>`, `127.0.0.1:<port>`, or `::1:<port>`.
 
 Configure either the `Uri` field or the [`Service`](#arguments-config-grpcservice-target-service) field, but not both. 
  
@@ -434,7 +434,7 @@ The following table describes how to configure parameters for the `Service` fiel
 
 ### `Arguments{}.Config{}.HttpService{}.Target{}.Uri`
 
-Specifies the URI of the external authorization service. Configure this field when you must provide an explicit URI to the external authorization service, such as cases in which the authorization service is running on the same host or pod. 
+Specifies the URI of the external authorization service. Configure this field when you must provide an explicit URI to the external authorization service, such as cases in which the authorization service is running on the same host or pod. If set, the value of this field must be one of `localhost:<port>`, `127.0.0.1:<port>`, or `::1:<port>`.
 
 Configure either the `Uri` field or the [`Service`](#arguments-config-httpservice-target-service) field, but not both. 
  
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
index f3cc5432846b..3062879d472d 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
@@ -115,7 +115,7 @@ The following Envoy configurations are not supported:
 | `failure_mode_allow` | Set the `EnvoyExtension.Required` field to `true` in the [service defaults configuration entry](/consul/docs/connect/config-entries/service-defaults#envoyextensions) or [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions). |
 | `filter_enabled` | Set the `EnvoyExtension.Required` field to `true` in the [service defaults configuration entry](/consul/docs/connect/config-entries/service-defaults#envoyextensions) or [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions). |
 | `filter_enabled_metadata` | Set the `EnvoyExtension.Required` field to `true` in the [service defaults configuration entry](/consul/docs/connect/config-entries/service-defaults#envoyextensions) or [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions). |
-| `transport_api_version` | Consul only supports v3 of the transport API. As a result, there is no workaround for implement the behavior of this field. |
+| `transport_api_version` | Consul only supports v3 of the transport API. As a result, there is no workaround for implementing the behavior of this field. |
 
 ## Apply the configuration entry
 

From 18648747263b5c3356ce6ce0d25171d8ea11e847 Mon Sep 17 00:00:00 2001
From: Matt Keeler <mkeeler@users.noreply.github.com>
Date: Thu, 22 Jun 2023 10:56:45 -0400
Subject: [PATCH 082/359] CI Updates (#17834)

* Ensure that git access to private repos uses the ELEVATED_GITHUB_TOKEN

* Bump the runner size for the protobuf generation check

This has failed previously when the runner process that communicates with GitHub gets starved causing the job to fail.
---
 .github/workflows/go-tests.yml          | 2 +-
 .github/workflows/test-integrations.yml | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index c8059b998eda..831271f6f832 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -51,7 +51,7 @@ jobs:
   check-generated-protobuf:
     needs: 
     - setup   
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-medium) }}
     steps:
     - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index af00fe46a2f7..641533012db4 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -366,6 +366,10 @@ jobs:
       ENVOY_VERSION: "1.25.4"
     steps:
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
+      - name: Setup Git
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
@@ -477,6 +481,10 @@ jobs:
       ENVOY_VERSION: "1.24.6"
     steps:
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
+      - name: Setup Git
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'

From b782f2e39aa5d4c430e94a5b51080bfb0c6eef5b Mon Sep 17 00:00:00 2001
From: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com>
Date: Thu, 22 Jun 2023 10:50:46 -0700
Subject: [PATCH 083/359] counter part of ent pr (#17618)

---
 GNUmakefile                                   |   1 +
 .../test/ratelimit/ratelimit_test.go          | 107 ++++++++++--------
 2 files changed, 61 insertions(+), 47 deletions(-)

diff --git a/GNUmakefile b/GNUmakefile
index fe554b3c5432..36d45f90a158 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -194,6 +194,7 @@ dev-docker: linux dev-build
 		--label version=$(CONSUL_VERSION) \
        --load \
        -f $(CURDIR)/build-support/docker/Consul-Dev-Multiarch.dockerfile $(CURDIR)/pkg/bin/
+	docker tag 'consul:local'  '$(CONSUL_COMPAT_TEST_IMAGE):local'
 
 check-remote-dev-image-env:
 ifndef REMOTE_DEV_IMAGE
diff --git a/test/integration/consul-container/test/ratelimit/ratelimit_test.go b/test/integration/consul-container/test/ratelimit/ratelimit_test.go
index 18258c2ab8db..e3aa20e5ba84 100644
--- a/test/integration/consul-container/test/ratelimit/ratelimit_test.go
+++ b/test/integration/consul-container/test/ratelimit/ratelimit_test.go
@@ -32,8 +32,6 @@ const (
 //     - logs for exceeding
 
 func TestServerRequestRateLimit(t *testing.T) {
-	t.Parallel()
-
 	type action struct {
 		function           func(client *api.Client) error
 		rateLimitOperation string
@@ -52,6 +50,7 @@ func TestServerRequestRateLimit(t *testing.T) {
 		mode        string
 	}
 
+	// getKV and putKV are net/RPC calls
 	getKV := action{
 		function: func(client *api.Client) error {
 			_, _, err := client.KV().Get("foo", &api.QueryOptions{})
@@ -99,13 +98,13 @@ func TestServerRequestRateLimit(t *testing.T) {
 					action:            putKV,
 					expectedErrorMsg:  "",
 					expectExceededLog: true,
-					expectMetric:      false,
+					expectMetric:      true,
 				},
 				{
 					action:            getKV,
 					expectedErrorMsg:  "",
 					expectExceededLog: true,
-					expectMetric:      false,
+					expectMetric:      true,
 				},
 			},
 		},
@@ -127,10 +126,13 @@ func TestServerRequestRateLimit(t *testing.T) {
 					expectMetric:      true,
 				},
 			},
-		}}
+		},
+	}
 
 	for _, tc := range testCases {
+		tc := tc
 		t.Run(tc.description, func(t *testing.T) {
+			t.Parallel()
 			clusterConfig := &libtopology.ClusterConfig{
 				NumServers:  1,
 				NumClients:  0,
@@ -144,12 +146,9 @@ func TestServerRequestRateLimit(t *testing.T) {
 				ApplyDefaultProxySettings: false,
 			}
 
-			cluster, _, _ := libtopology.NewCluster(t, clusterConfig)
+			cluster, client := setupClusterAndClient(t, clusterConfig, true)
 			defer terminate(t, cluster)
 
-			client, err := cluster.GetClient(nil, true)
-			require.NoError(t, err)
-
 			// perform actions and validate returned errors to client
 			for _, op := range tc.operations {
 				err := op.action.function(client)
@@ -165,22 +164,14 @@ func TestServerRequestRateLimit(t *testing.T) {
 			// doing this in a separate loop so we can perform actions, allow metrics
 			// and logs to collect and then assert on each.
 			for _, op := range tc.operations {
-				timer := &retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}
+				timer := &retry.Timer{Timeout: 15 * time.Second, Wait: 500 * time.Millisecond}
 				retry.RunWith(timer, t, func(r *retry.R) {
-					// validate metrics
-					metricsInfo, err := client.Agent().Metrics()
-					// TODO(NET-1978): currently returns NaN error
-					//			require.NoError(t, err)
-					if metricsInfo != nil && err == nil {
-						if op.expectMetric {
-							checkForMetric(r, metricsInfo, op.action.rateLimitOperation, op.action.rateLimitType, tc.mode)
-						}
-					}
+					checkForMetric(t, cluster, op.action.rateLimitOperation, op.action.rateLimitType, tc.mode, op.expectMetric)
 
 					// validate logs
 					// putting this last as there are cases where logs
 					// were not present in consumer when assertion was made.
-					checkLogsForMessage(r, clusterConfig.LogConsumer.Msgs,
+					checkLogsForMessage(t, clusterConfig.LogConsumer.Msgs,
 						fmt.Sprintf("[DEBUG] agent.server.rpc-rate-limit: RPC exceeded allowed rate limit: rpc=%s", op.action.rateLimitOperation),
 						op.action.rateLimitOperation, "exceeded", op.expectExceededLog)
 
@@ -190,43 +181,65 @@ func TestServerRequestRateLimit(t *testing.T) {
 	}
 }
 
-func checkForMetric(t *retry.R, metricsInfo *api.MetricsInfo, operationName string, expectedLimitType string, expectedMode string) {
-	const counterName = "consul.rpc.rate_limit.exceeded"
+func setupClusterAndClient(t *testing.T, config *libtopology.ClusterConfig, isServer bool) (*libcluster.Cluster, *api.Client) {
+	cluster, _, _ := libtopology.NewCluster(t, config)
 
-	var counter api.SampledValue
-	for _, c := range metricsInfo.Counters {
-		if c.Name == counterName {
-			counter = c
-			break
-		}
-	}
-	require.NotEmptyf(t, counter.Name, "counter not found: %s", counterName)
+	client, err := cluster.GetClient(nil, isServer)
+	require.NoError(t, err)
+
+	return cluster, client
+}
+
+func checkForMetric(t *testing.T, cluster *libcluster.Cluster, operationName string, expectedLimitType string, expectedMode string, expectMetric bool) {
+	// validate metrics
+	server, err := cluster.GetClient(nil, true)
+	require.NoError(t, err)
+	metricsInfo, err := server.Agent().Metrics()
+	// TODO(NET-1978): currently returns NaN error
+	//			require.NoError(t, err)
+	if metricsInfo != nil && err == nil {
+		if expectMetric {
+			const counterName = "consul.rpc.rate_limit.exceeded"
+
+			var counter api.SampledValue
+			for _, c := range metricsInfo.Counters {
+				if c.Name == counterName {
+					counter = c
+					break
+				}
+			}
+			require.NotEmptyf(t, counter.Name, "counter not found: %s", counterName)
 
-	operation, ok := counter.Labels["op"]
-	require.True(t, ok)
+			operation, ok := counter.Labels["op"]
+			require.True(t, ok)
 
-	limitType, ok := counter.Labels["limit_type"]
-	require.True(t, ok)
+			limitType, ok := counter.Labels["limit_type"]
+			require.True(t, ok)
 
-	mode, ok := counter.Labels["mode"]
-	require.True(t, ok)
+			mode, ok := counter.Labels["mode"]
+			require.True(t, ok)
 
-	if operation == operationName {
-		require.GreaterOrEqual(t, counter.Count, 1)
-		require.Equal(t, expectedLimitType, limitType)
-		require.Equal(t, expectedMode, mode)
+			if operation == operationName {
+				require.GreaterOrEqual(t, counter.Count, 1)
+				require.Equal(t, expectedLimitType, limitType)
+				require.Equal(t, expectedMode, mode)
+			}
+		}
 	}
 }
 
-func checkLogsForMessage(t *retry.R, logs []string, msg string, operationName string, logType string, logShouldExist bool) {
-	found := false
-	for _, log := range logs {
-		if strings.Contains(log, msg) {
-			found = true
-			break
+func checkLogsForMessage(t *testing.T, logs []string, msg string, operationName string, logType string, logShouldExist bool) {
+	if logShouldExist {
+		found := false
+		for _, log := range logs {
+			if strings.Contains(log, msg) {
+				found = true
+				break
+			}
 		}
+		expectedLog := fmt.Sprintf("%s log check failed for: %s. Log expected: %t", logType, operationName, logShouldExist)
+		require.Equal(t, logShouldExist, found, expectedLog)
 	}
-	require.Equal(t, logShouldExist, found, fmt.Sprintf("%s log check failed for: %s. Log expected: %t", logType, operationName, logShouldExist))
 }
 
 func terminate(t *testing.T, cluster *libcluster.Cluster) {

From f16c5d87abc5a0c81e9cfc918e15c0b7b6da5f06 Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Fri, 23 Jun 2023 12:00:46 -0400
Subject: [PATCH 084/359] watch: support -filter for consul watch: checks,
 services, nodes, service (#17780)

* watch: support -filter for watch checks

* Add filter for watch nodes, services, and service
- unit test added
- Add changelog
- update doc
---
 .changelog/17780.txt                 |   3 +
 agent/consul/health_endpoint_test.go |   6 +
 api/watch/funcs.go                   |  29 +-
 api/watch/funcs_test.go              | 528 +++++++++++++++++++++++++++
 command/watch/watch.go               |   5 +
 website/content/commands/watch.mdx   |   5 +
 6 files changed, 575 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/17780.txt

diff --git a/.changelog/17780.txt b/.changelog/17780.txt
new file mode 100644
index 000000000000..b90925a8b9fd
--- /dev/null
+++ b/.changelog/17780.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+cli: `consul watch` command uses `-filter` expression to filter response from checks, services, nodes, and service.
+```
diff --git a/agent/consul/health_endpoint_test.go b/agent/consul/health_endpoint_test.go
index cd37b5ec4c9b..21a83ea90db2 100644
--- a/agent/consul/health_endpoint_test.go
+++ b/agent/consul/health_endpoint_test.go
@@ -1767,5 +1767,11 @@ func TestHealth_RPC_Filter(t *testing.T) {
 		out = new(structs.IndexedHealthChecks)
 		require.NoError(t, msgpackrpc.CallWithCodec(codec, "Health.ChecksInState", &args, out))
 		require.Len(t, out.HealthChecks, 1)
+
+		args.State = api.HealthAny
+		args.Filter = "connect in ServiceTags and v2 in ServiceTags"
+		out = new(structs.IndexedHealthChecks)
+		require.NoError(t, msgpackrpc.CallWithCodec(codec, "Health.ChecksInState", &args, out))
+		require.Len(t, out.HealthChecks, 1)
 	})
 }
diff --git a/api/watch/funcs.go b/api/watch/funcs.go
index 3c057aa66421..0d0f6e100c2b 100644
--- a/api/watch/funcs.go
+++ b/api/watch/funcs.go
@@ -92,13 +92,20 @@ func keyPrefixWatch(params map[string]interface{}) (WatcherFunc, error) {
 // servicesWatch is used to watch the list of available services
 func servicesWatch(params map[string]interface{}) (WatcherFunc, error) {
 	stale := false
+	filter := ""
 	if err := assignValueBool(params, "stale", &stale); err != nil {
 		return nil, err
 	}
+	if err := assignValue(params, "filter", &filter); err != nil {
+		return nil, err
+	}
 
 	fn := func(p *Plan) (BlockingParamVal, interface{}, error) {
 		catalog := p.client.Catalog()
 		opts := makeQueryOptionsWithContext(p, stale)
+		if filter != "" {
+			opts.Filter = filter
+		}
 		defer p.cancelFunc()
 		services, meta, err := catalog.Services(&opts)
 		if err != nil {
@@ -112,13 +119,20 @@ func servicesWatch(params map[string]interface{}) (WatcherFunc, error) {
 // nodesWatch is used to watch the list of available nodes
 func nodesWatch(params map[string]interface{}) (WatcherFunc, error) {
 	stale := false
+	filter := ""
 	if err := assignValueBool(params, "stale", &stale); err != nil {
 		return nil, err
 	}
+	if err := assignValue(params, "filter", &filter); err != nil {
+		return nil, err
+	}
 
 	fn := func(p *Plan) (BlockingParamVal, interface{}, error) {
 		catalog := p.client.Catalog()
 		opts := makeQueryOptionsWithContext(p, stale)
+		if filter != "" {
+			opts.Filter = filter
+		}
 		defer p.cancelFunc()
 		nodes, meta, err := catalog.Nodes(&opts)
 		if err != nil {
@@ -132,9 +146,13 @@ func nodesWatch(params map[string]interface{}) (WatcherFunc, error) {
 // serviceWatch is used to watch a specific service for changes
 func serviceWatch(params map[string]interface{}) (WatcherFunc, error) {
 	stale := false
+	filter := ""
 	if err := assignValueBool(params, "stale", &stale); err != nil {
 		return nil, err
 	}
+	if err := assignValue(params, "filter", &filter); err != nil {
+		return nil, err
+	}
 
 	var (
 		service string
@@ -158,6 +176,9 @@ func serviceWatch(params map[string]interface{}) (WatcherFunc, error) {
 	fn := func(p *Plan) (BlockingParamVal, interface{}, error) {
 		health := p.client.Health()
 		opts := makeQueryOptionsWithContext(p, stale)
+		if filter != "" {
+			opts.Filter = filter
+		}
 		defer p.cancelFunc()
 		nodes, meta, err := health.ServiceMultipleTags(service, tags, passingOnly, &opts)
 		if err != nil {
@@ -175,13 +196,16 @@ func checksWatch(params map[string]interface{}) (WatcherFunc, error) {
 		return nil, err
 	}
 
-	var service, state string
+	var service, state, filter string
 	if err := assignValue(params, "service", &service); err != nil {
 		return nil, err
 	}
 	if err := assignValue(params, "state", &state); err != nil {
 		return nil, err
 	}
+	if err := assignValue(params, "filter", &filter); err != nil {
+		return nil, err
+	}
 	if service != "" && state != "" {
 		return nil, fmt.Errorf("Cannot specify service and state")
 	}
@@ -196,6 +220,9 @@ func checksWatch(params map[string]interface{}) (WatcherFunc, error) {
 		var checks []*consulapi.HealthCheck
 		var meta *consulapi.QueryMeta
 		var err error
+		if filter != "" {
+			opts.Filter = filter
+		}
 		if state != "" {
 			checks, meta, err = health.State(state, &opts)
 		} else {
diff --git a/api/watch/funcs_test.go b/api/watch/funcs_test.go
index d972def6ac7d..4bd79a59c14f 100644
--- a/api/watch/funcs_test.go
+++ b/api/watch/funcs_test.go
@@ -378,6 +378,82 @@ func TestServicesWatch(t *testing.T) {
 
 }
 
+func TestServicesWatch_Filter(t *testing.T) {
+	t.Parallel()
+	c, s := makeClient(t)
+	defer s.Stop()
+
+	s.WaitForSerfCheck(t)
+
+	var (
+		wakeups  []map[string][]string
+		notifyCh = make(chan struct{})
+	)
+
+	plan := mustParse(t, `{"type":"services", "filter":"b in ServiceTags and a in ServiceTags"}`)
+	plan.Handler = func(idx uint64, raw interface{}) {
+		if raw == nil {
+			return // ignore
+		}
+		v, ok := raw.(map[string][]string)
+		if !ok {
+			return // ignore
+		}
+		wakeups = append(wakeups, v)
+		notifyCh <- struct{}{}
+	}
+
+	// Register some services
+	{
+		agent := c.Agent()
+
+		// we don't want to find this
+		reg := &api.AgentServiceRegistration{
+			ID:   "foo",
+			Name: "foo",
+			Tags: []string{"b"},
+		}
+		if err := agent.ServiceRegister(reg); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+
+		// // we want to find this
+		reg = &api.AgentServiceRegistration{
+			ID:   "bar",
+			Name: "bar",
+			Tags: []string{"a", "b"},
+		}
+		if err := agent.ServiceRegister(reg); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+	}
+
+	var wg sync.WaitGroup
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		if err := plan.Run(s.HTTPAddr); err != nil {
+			t.Errorf("err: %v", err)
+		}
+	}()
+	defer plan.Stop()
+
+	// Wait for second wakeup.
+	<-notifyCh
+
+	plan.Stop()
+	wg.Wait()
+
+	require.Len(t, wakeups, 1)
+
+	{
+		v := wakeups[0]
+		require.Len(t, v, 1)
+		_, ok := v["bar"]
+		require.True(t, ok)
+	}
+}
+
 func TestNodesWatch(t *testing.T) {
 	t.Parallel()
 	c, s := makeClient(t)
@@ -453,6 +529,82 @@ func TestNodesWatch(t *testing.T) {
 	}
 }
 
+func TestNodesWatch_Filter(t *testing.T) {
+	t.Parallel()
+	c, s := makeClient(t)
+	defer s.Stop()
+
+	s.WaitForSerfCheck(t) // wait for AE to sync
+
+	var (
+		wakeups  [][]*api.Node
+		notifyCh = make(chan struct{})
+	)
+
+	plan := mustParse(t, `{"type":"nodes", "filter":"Node == foo"}`)
+	plan.Handler = func(idx uint64, raw interface{}) {
+		if raw == nil {
+			return // ignore
+		}
+		v, ok := raw.([]*api.Node)
+		if !ok {
+			return // ignore
+		}
+		wakeups = append(wakeups, v)
+		notifyCh <- struct{}{}
+	}
+
+	// Register 2 nodes
+	{
+		catalog := c.Catalog()
+
+		// we want to find this node
+		reg := &api.CatalogRegistration{
+			Node:       "foo",
+			Address:    "1.1.1.1",
+			Datacenter: "dc1",
+		}
+		if _, err := catalog.Register(reg, nil); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+
+		// we don't want to find this node
+		reg = &api.CatalogRegistration{
+			Node:       "bar",
+			Address:    "2.2.2.2",
+			Datacenter: "dc1",
+		}
+		if _, err := catalog.Register(reg, nil); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+	}
+
+	var wg sync.WaitGroup
+	wg.Add(1)
+	// Start the watch nodes plan
+	go func() {
+		defer wg.Done()
+		if err := plan.Run(s.HTTPAddr); err != nil {
+			t.Errorf("err: %v", err)
+		}
+	}()
+	defer plan.Stop()
+
+	// Wait for first wakeup.
+	<-notifyCh
+
+	plan.Stop()
+	wg.Wait()
+
+	require.Len(t, wakeups, 1)
+
+	{
+		v := wakeups[0]
+		require.Len(t, v, 1)
+		require.Equal(t, "foo", v[0].Node)
+	}
+}
+
 func TestServiceWatch(t *testing.T) {
 	t.Parallel()
 	c, s := makeClient(t)
@@ -616,6 +768,94 @@ func TestServiceMultipleTagsWatch(t *testing.T) {
 	}
 }
 
+func TestServiceWatch_Filter(t *testing.T) {
+	t.Parallel()
+	c, s := makeClient(t)
+	defer s.Stop()
+
+	s.WaitForSerfCheck(t)
+
+	var (
+		wakeups  [][]*api.ServiceEntry
+		notifyCh = make(chan struct{})
+	)
+
+	plan := mustParse(t, `{"type":"service", "service":"foo", "filter":"bar in Service.Tags and buzz in Service.Tags"}`)
+	plan.Handler = func(idx uint64, raw interface{}) {
+		if raw == nil {
+			return // ignore
+		}
+		v, ok := raw.([]*api.ServiceEntry)
+		if !ok {
+			return // ignore
+		}
+
+		wakeups = append(wakeups, v)
+		notifyCh <- struct{}{}
+	}
+
+	// register some services
+	{
+		agent := c.Agent()
+
+		// we do not want to find this one.
+		reg := &api.AgentServiceRegistration{
+			ID:   "foobarbiff",
+			Name: "foo",
+			Tags: []string{"bar", "biff"},
+		}
+		if err := agent.ServiceRegister(reg); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+
+		// we do not want to find this one.
+		reg = &api.AgentServiceRegistration{
+			ID:   "foobuzzbiff",
+			Name: "foo",
+			Tags: []string{"buzz", "biff"},
+		}
+		if err := agent.ServiceRegister(reg); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+
+		// we want to find this one
+		reg = &api.AgentServiceRegistration{
+			ID:   "foobarbuzzbiff",
+			Name: "foo",
+			Tags: []string{"bar", "buzz", "biff"},
+		}
+		if err := agent.ServiceRegister(reg); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+	}
+
+	var wg sync.WaitGroup
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		if err := plan.Run(s.HTTPAddr); err != nil {
+			t.Errorf("err: %v", err)
+		}
+	}()
+	defer plan.Stop()
+
+	// Wait for second wakeup.
+	<-notifyCh
+
+	plan.Stop()
+	wg.Wait()
+
+	require.Len(t, wakeups, 1)
+
+	{
+		v := wakeups[0]
+		require.Len(t, v, 1)
+
+		require.Equal(t, "foobarbuzzbiff", v[0].Service.ID)
+		require.ElementsMatch(t, []string{"bar", "buzz", "biff"}, v[0].Service.Tags)
+	}
+}
+
 func TestChecksWatch_State(t *testing.T) {
 	t.Parallel()
 	c, s := makeClient(t)
@@ -772,6 +1012,294 @@ func TestChecksWatch_Service(t *testing.T) {
 	}
 }
 
+func TestChecksWatch_Service_Filter(t *testing.T) {
+	t.Parallel()
+	c, s := makeClient(t)
+	defer s.Stop()
+
+	s.WaitForSerfCheck(t)
+
+	var (
+		wakeups  [][]*api.HealthCheck
+		notifyCh = make(chan struct{})
+	)
+
+	plan := mustParse(t, `{"type":"checks", "filter":"b in ServiceTags and a in ServiceTags"}`)
+	plan.Handler = func(idx uint64, raw interface{}) {
+		if raw == nil {
+			return // ignore
+		}
+		v, ok := raw.([]*api.HealthCheck)
+		if !ok {
+			return // ignore
+		}
+		wakeups = append(wakeups, v)
+		notifyCh <- struct{}{}
+	}
+
+	var wg sync.WaitGroup
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		if err := plan.Run(s.HTTPAddr); err != nil {
+			t.Errorf("err: %v", err)
+		}
+	}()
+	defer plan.Stop()
+
+	// Wait for first wakeup.
+	<-notifyCh
+	{
+		catalog := c.Catalog()
+		reg := &api.CatalogRegistration{
+			Node:       "foobar",
+			Address:    "1.1.1.1",
+			Datacenter: "dc1",
+			Service: &api.AgentService{
+				ID:      "foobar",
+				Service: "foobar",
+				Tags:    []string{"a", "b"},
+			},
+			Check: &api.AgentCheck{
+				Node:      "foobar",
+				CheckID:   "foobar",
+				Name:      "foobar",
+				Status:    api.HealthPassing,
+				ServiceID: "foobar",
+			},
+		}
+		if _, err := catalog.Register(reg, nil); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+	}
+
+	// Wait for second wakeup.
+	<-notifyCh
+
+	plan.Stop()
+	wg.Wait()
+
+	require.Len(t, wakeups, 2)
+
+	{
+		v := wakeups[0]
+		require.Len(t, v, 0)
+	}
+	{
+		v := wakeups[1]
+		require.Len(t, v, 1)
+		require.Equal(t, "foobar", v[0].CheckID)
+	}
+}
+
+func TestChecksWatch_Filter(t *testing.T) {
+	t.Parallel()
+	c, s := makeClient(t)
+	defer s.Stop()
+
+	s.WaitForSerfCheck(t)
+
+	var (
+		wakeups  [][]*api.HealthCheck
+		notifyCh = make(chan struct{})
+	)
+
+	plan := mustParse(t, `{"type":"checks", "filter":"b in ServiceTags and a in ServiceTags"}`)
+	plan.Handler = func(idx uint64, raw interface{}) {
+		if raw == nil {
+			return // ignore
+		}
+		v, ok := raw.([]*api.HealthCheck)
+		if !ok {
+			return // ignore
+		}
+		wakeups = append(wakeups, v)
+		notifyCh <- struct{}{}
+	}
+
+	var wg sync.WaitGroup
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		if err := plan.Run(s.HTTPAddr); err != nil {
+			t.Errorf("err: %v", err)
+		}
+	}()
+	defer plan.Stop()
+
+	// Wait for first wakeup.
+	<-notifyCh
+	{
+		catalog := c.Catalog()
+
+		// we don't want to find this one
+		reg := &api.CatalogRegistration{
+			Node:       "foo",
+			Address:    "1.1.1.1",
+			Datacenter: "dc1",
+			Service: &api.AgentService{
+				ID:      "foo",
+				Service: "foo",
+				Tags:    []string{"a"},
+			},
+			Check: &api.AgentCheck{
+				Node:      "foo",
+				CheckID:   "foo",
+				Name:      "foo",
+				Status:    api.HealthPassing,
+				ServiceID: "foo",
+			},
+		}
+		if _, err := catalog.Register(reg, nil); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+
+		// we want to find this one
+		reg = &api.CatalogRegistration{
+			Node:       "bar",
+			Address:    "2.2.2.2",
+			Datacenter: "dc1",
+			Service: &api.AgentService{
+				ID:      "bar",
+				Service: "bar",
+				Tags:    []string{"a", "b"},
+			},
+			Check: &api.AgentCheck{
+				Node:      "bar",
+				CheckID:   "bar",
+				Name:      "bar",
+				Status:    api.HealthPassing,
+				ServiceID: "bar",
+			},
+		}
+		if _, err := catalog.Register(reg, nil); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+	}
+
+	// Wait for second wakeup.
+	<-notifyCh
+
+	plan.Stop()
+	wg.Wait()
+
+	require.Len(t, wakeups, 2)
+
+	{
+		v := wakeups[0]
+		require.Len(t, v, 0)
+	}
+	{
+		v := wakeups[1]
+		require.Len(t, v, 1)
+		require.Equal(t, "bar", v[0].CheckID)
+	}
+}
+
+func TestChecksWatch_Filter_by_ServiceNameStatus(t *testing.T) {
+	t.Parallel()
+	c, s := makeClient(t)
+	defer s.Stop()
+
+	s.WaitForSerfCheck(t)
+
+	var (
+		wakeups  [][]*api.HealthCheck
+		notifyCh = make(chan struct{})
+	)
+
+	plan := mustParse(t, `{"type":"checks", "filter":"ServiceName == bar and Status == critical"}`)
+	plan.Handler = func(idx uint64, raw interface{}) {
+		if raw == nil {
+			return // ignore
+		}
+		v, ok := raw.([]*api.HealthCheck)
+		if !ok {
+			return // ignore
+		}
+		wakeups = append(wakeups, v)
+		notifyCh <- struct{}{}
+	}
+
+	var wg sync.WaitGroup
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		if err := plan.Run(s.HTTPAddr); err != nil {
+			t.Errorf("err: %v", err)
+		}
+	}()
+	defer plan.Stop()
+
+	// Wait for first wakeup.
+	<-notifyCh
+	{
+		catalog := c.Catalog()
+
+		// we don't want to find this one
+		reg := &api.CatalogRegistration{
+			Node:       "foo",
+			Address:    "1.1.1.1",
+			Datacenter: "dc1",
+			Service: &api.AgentService{
+				ID:      "foo",
+				Service: "foo",
+				Tags:    []string{"a"},
+			},
+			Check: &api.AgentCheck{
+				Node:      "foo",
+				CheckID:   "foo",
+				Name:      "foo",
+				Status:    api.HealthPassing,
+				ServiceID: "foo",
+			},
+		}
+		if _, err := catalog.Register(reg, nil); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+
+		// we want to find this one
+		reg = &api.CatalogRegistration{
+			Node:       "bar",
+			Address:    "2.2.2.2",
+			Datacenter: "dc1",
+			Service: &api.AgentService{
+				ID:      "bar",
+				Service: "bar",
+				Tags:    []string{"a", "b"},
+			},
+			Check: &api.AgentCheck{
+				Node:      "bar",
+				CheckID:   "bar",
+				Name:      "bar",
+				Status:    api.HealthCritical,
+				ServiceID: "bar",
+			},
+		}
+		if _, err := catalog.Register(reg, nil); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+	}
+
+	// Wait for second wakeup.
+	<-notifyCh
+
+	plan.Stop()
+	wg.Wait()
+
+	require.Len(t, wakeups, 2)
+
+	{
+		v := wakeups[0]
+		require.Len(t, v, 0)
+	}
+	{
+		v := wakeups[1]
+		require.Len(t, v, 1)
+		require.Equal(t, "bar", v[0].CheckID)
+	}
+}
+
 func TestEventWatch(t *testing.T) {
 	t.Parallel()
 	c, s := makeClient(t)
diff --git a/command/watch/watch.go b/command/watch/watch.go
index 791f93a57cd4..b187fa369ab4 100644
--- a/command/watch/watch.go
+++ b/command/watch/watch.go
@@ -45,6 +45,7 @@ type cmd struct {
 	state       string
 	name        string
 	shell       bool
+	filter      string
 }
 
 func (c *cmd) init() {
@@ -71,6 +72,7 @@ func (c *cmd) init() {
 		"Specifies the states to watch. Optional for 'checks' type.")
 	c.flags.StringVar(&c.name, "name", "",
 		"Specifies an event name to watch. Only for 'event' type.")
+	c.flags.StringVar(&c.filter, "filter", "", "Filter to use with the request")
 
 	c.http = &flags.HTTPFlags{}
 	flags.Merge(c.flags, c.http.ClientFlags())
@@ -128,6 +130,9 @@ func (c *cmd) Run(args []string) int {
 	if c.service != "" {
 		params["service"] = c.service
 	}
+	if c.filter != "" {
+		params["filter"] = c.filter
+	}
 	if len(c.tag) > 0 {
 		params["tag"] = c.tag
 	}
diff --git a/website/content/commands/watch.mdx b/website/content/commands/watch.mdx
index da32cdefdc4d..806864dae953 100644
--- a/website/content/commands/watch.mdx
+++ b/website/content/commands/watch.mdx
@@ -53,6 +53,11 @@ or optionally provided. There is more documentation on watch
 - `-type` - Watch type. Required, one of "`key`, `keyprefix`, `services`,
   `nodes`, `service`, `checks`, or `event`.
 
+- `-filter=<filter>` - Expression to use for filtering the results. Optional for
+  `checks` `nodes`, `services`, and `service` type.
+  See the [`/catalog/nodes` API documentation](/consul/api-docs/catalog#filtering) for a
+  description of what is filterable.
+
 #### API Options
 
 @include 'http_api_options_client.mdx'

From 1f636715d0decea33af75aa7fc985f60f7c40314 Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Fri, 23 Jun 2023 14:14:55 -0400
Subject: [PATCH 085/359] Trigger OSS => ENT merge for all release branches
 (#17853)

Previously, this only triggered for release/*.*.x branches; however, our release process involves cutting a release/1.16.0 branch, for example, at time of code freeze these days. Any PRs to that branch after code freeze today do not make their way to consul-enterprise. This will make behavior for a .0 branch consistent with current behavior for a .x branch.
---
 .github/workflows/oss-merge-trigger.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/oss-merge-trigger.yml b/.github/workflows/oss-merge-trigger.yml
index 4a4fdaa208e3..9146f7bc2214 100644
--- a/.github/workflows/oss-merge-trigger.yml
+++ b/.github/workflows/oss-merge-trigger.yml
@@ -8,7 +8,7 @@ on:
       - closed
     branches:
       - main
-      - 'release/*.*.x'
+      - release/**
 
 jobs:
   trigger-oss-merge:
@@ -26,4 +26,4 @@ jobs:
           curl -H "Authorization: token $GH_PAT" \
             -H 'Accept: application/json' \
             -d "{\"event_type\": \"oss-merge\", \"client_payload\": {\"git-ref\": \"${GIT_REF}\", \"git-sha\": \"${GIT_SHA}\", \"git-actor\": \"${GIT_ACTOR}\" }}" \
-            "https://api.github.com/repos/hashicorp/consul-enterprise/dispatches"
\ No newline at end of file
+            "https://api.github.com/repos/hashicorp/consul-enterprise/dispatches"

From 2e2cbc16e125c417b44cd1b77e68ca84cd029500 Mon Sep 17 00:00:00 2001
From: "V. K" <cn007b@gmail.com>
Date: Fri, 23 Jun 2023 20:33:21 +0200
Subject: [PATCH 086/359] Update service-mesh.mdx (#17845)

Deleted two commas which looks quite like some leftovers.
---
 website/content/docs/concepts/service-mesh.mdx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/content/docs/concepts/service-mesh.mdx b/website/content/docs/concepts/service-mesh.mdx
index 334a6639f1ca..2e793f2441c8 100644
--- a/website/content/docs/concepts/service-mesh.mdx
+++ b/website/content/docs/concepts/service-mesh.mdx
@@ -21,8 +21,8 @@ Some of the benefits of a service mesh include;
 - automatic failover
 - traffic management
 - encryption
-- observability and traceability,
-- authentication and authorization,
+- observability and traceability
+- authentication and authorization
 - network automation
 
 A common use case for leveraging a service mesh is to achieve a [_zero trust_ model](https://www.consul.io/use-cases/zero-trust-networking).

From 94eb36b7750d1156d4203e34fb1c85872a3c8e6d Mon Sep 17 00:00:00 2001
From: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Date: Fri, 23 Jun 2023 13:57:21 -0500
Subject: [PATCH 087/359] Add docs for sameness groups with resolvers. (#17851)

---
 .../config-entries/service-resolver.mdx       | 56 +++++++++++++++++--
 1 file changed, 51 insertions(+), 5 deletions(-)

diff --git a/website/content/docs/connect/config-entries/service-resolver.mdx b/website/content/docs/connect/config-entries/service-resolver.mdx
index dcea59805499..b4218d6d0614 100644
--- a/website/content/docs/connect/config-entries/service-resolver.mdx
+++ b/website/content/docs/connect/config-entries/service-resolver.mdx
@@ -35,12 +35,14 @@ The following list outlines field hierarchy, language-specific data types, and r
   - [`ServiceSubset`](#redirect-servicesubset): string
   - [`Namespace`](#redirect-namespace): string <EnterpriseAlert inline />
   - [`Partition`](#redirect-partition): string | `default` <EnterpriseAlert inline />
+  - [`SamenessGroup`](#redirect-samenessgroup): string <EnterpriseAlert inline />
   - [`Datacenter`](#redirect-datacenter): list
   - [`Peer`](#redirect-peer): string
 - [`Failover`](#failover): map
   - [`Service`](#failover-service): string
   - [`ServiceSubset`](#failover-servicesubset): string
   - [`Namespace`](#failover-namespace): string <EnterpriseAlert inline />
+  - [`SamenessGroup`](#failover-samenessgroup): string <EnterpriseAlert inline />
   - [`Datacenters`](#failover-datacenters): list
   - [`Targets`](#failover-targets): list
     - [`Service`](#failover-targets-service): string
@@ -87,12 +89,14 @@ The following list outlines field hierarchy, language-specific data types, and r
     - [`serviceSubset`](#spec-redirect-servicesubset): string
     - [`namespace`](#spec-redirect-namespace): string <EnterpriseAlert inline />
     - [`partition`](#spec-redirect-partition): string <EnterpriseAlert inline />
+    - [`samenessGroup`](#spec-redirect-samenessgroup): string <EnterpriseAlert inline />
     - [`datacenter`](#spec-redirect-datacenter): string
     - [`peer`](#spec-redirect-peer): string
   - [`failover`](#spec-failover): map
     - [`service`](#spec-failover-service): string
     - [`serviceSubset`](#spec-failover-servicesubset): string
     - [`namespace`](#spec-failover-namespace): string <EnterpriseAlert inline />
+    - [`samenessGroup`](#spec-failover-samenessgroup): string <EnterpriseAlert inline />
     - [`datacenters`](#spec-failover-datacenters): string
     - [`targets`](#spec-failover-targets): list
       - [`service`](#spec-failover-targets-service): string
@@ -157,11 +161,12 @@ Redirect = {
  ServiceSubset = "<destination-subset>"
  Namespace     = "<destination-namespace>"
  Partition     = "<destination-partition>"
+ SamenessGroup = "<destination-sameness-group>"
  Datacenter    = "<destination-datacenter>"
  Peer          = "<destination-peer>"
 }
 
-Failover = {                   ## requires at least one of the following: Service, ServiceSubset, Namespace, Targets, Datacenters
+Failover = {                   ## requires at least one of the following: Service, ServiceSubset, Namespace, Targets, Datacenters, SamenessGroup
  <local-subset-name> = {
    Targets = [
      { Service = "<destination-service>" },
@@ -239,11 +244,12 @@ LoadBalancer = {
    "ServiceSubset":"<destination-subset>",
    "Namespace":"<destination-namespace>",
    "Partition":"<destination-partition>",
+   "SamenessGroup":"<destination-sameness-group>",
    "Datacenter":"<destination-datacenter>",
    "Peer":"<destination-peer>"
   },
 
-  "Failover":{                   // requires at least one of the following": Service, ServiceSubset, Namespace, Targets, Datacenters
+  "Failover":{                   // requires at least one of the following": Service, ServiceSubset, Namespace, Targets, Datacenters, SamenessGroup
    "<local=subset-name>":{
      "Targets":[
        {"Service":"<destination-service>"},
@@ -314,8 +320,9 @@ spec:
     servicesubset: <subsetName>
     namespace: <namespaceName>
     partition: <partitionName>
+    samenessGroup: <samenessGroupName>
     peer: <peerName>
-  failover:                         # requires at least one of the following: service, serviceSubset, namespace, targets, datacenters
+  failover:                         # requires at least one of the following: service, serviceSubset, namespace, targets, datacenters, samenessGroup
     <localSubsetName>: 
       targets:
       - service: <serviceName>
@@ -465,6 +472,7 @@ Specifies redirect instructions for local service traffic so that services deplo
   - [`ServiceSubset`](#redirect-servicesubset)
   - [`Namespace`](#redirect-namespace)
   - [`Partition`](#redirect-partition)
+  - [`SamenessGroup`](#redirect-samenessgroup)
   - [`Datacenter`](#redirect-datacenter)
   - [`Peer`](#redirect-peer)
 
@@ -504,6 +512,14 @@ Specifies the admin partition at the redirect’s destination that resolves loca
 - Default: None
 - Data type: String
 
+### `Redirect{}.SamenessGroup` <EnterpriseAlert inline />
+
+Specifies the sameness group at the redirect’s destination that resolves local upstream requests.
+
+#### Values
+
+- Default: None
+- Data type: String
 
 ### `Redirect{}.Datacenter`
 
@@ -529,7 +545,7 @@ Specifies controls for rerouting traffic to an alternate pool of service instanc
 
 This parameter is a map, and its key is the name of the local service subset that resolves to another location when it fails. You can specify a `"*"` wildcard to apply failovers to any subset.
 
-`Service`, `ServiceSubset`, `Namespace`, `Targets`, and `Datacenters` cannot all be empty at the same time.
+`Service`, `ServiceSubset`, `Namespace`, `Targets`, `SamenessGroup`, and `Datacenters` cannot all be empty at the same time.
 
 #### Values
 
@@ -538,6 +554,7 @@ This parameter is a map, and its key is the name of the local service subset tha
   - [`Service`](#failover-service)
   - [`ServiceSubset`](#failover-servicesubset)
   - [`Namespace`](#failover-namespace)
+  - [`SamenessGroup`](#failover-samenessgroup)
   - [`Datacenters`](#failover-datacenters)
   - [`Targets`](#failover-targets)
   
@@ -568,6 +585,15 @@ Specifies the namespace at the failover location where the failover services are
 - Default: None
 - Data type: String
 
+### `Failover{}.SamenessGroup` <EnterpriseAlert inline />
+
+Specifies the sameness group at the failover location where the failover services are deployed.
+
+#### Values
+
+- Default: None
+- Data type: String
+
 ### `Failover{}.Datacenters`
 
 Specifies an ordered list of datacenters at the failover location to attempt connections to during a failover scenario. When Consul cannot establish a connection with the first datacenter in the list, it proceeds sequentially until establishing a connection with another datacenter.
@@ -907,6 +933,7 @@ Specifies redirect instructions for local service traffic so that services deplo
   - [`serviceSubset`](#spec-redirect-servicesubset)
   - [`namespace`](#spec-redirect-namespace)
   - [`partition`](#spec-redirect-partition)
+  - [`samenessGroup`](#spec-redirect-samenessgroup)
   - [`datacenter`](#spec-redirect-datacenter)
   - [`peer`](#spec-redirect-peer)
 
@@ -946,6 +973,15 @@ Specifies the admin partition at the redirect’s destination that resolves loca
 - Default: None
 - Data type: String
 
+### `spec.redirect.samenessGroup` <EnterpriseAlert inline />
+
+Specifies the sameness group at the redirect’s destination that resolves local upstream requests.
+
+#### Values
+
+- Default: None
+- Data type: String
+
 
 ### `spec.redirect.datacenter`
 
@@ -971,7 +1007,7 @@ Specifies controls for rerouting traffic to an alternate pool of service instanc
 
 This parameter is a map, and its key is the name of the local service subset that resolves to another location when it fails. You can specify a `"*"` wildcard to apply failovers to any subset.
 
-`service`, `serviceSubset`, `namespace`, `targets`, and `datacenters` cannot all be empty at the same time.
+`service`, `serviceSubset`, `namespace`, `targets`, `samenessGroup`, and `datacenters` cannot all be empty at the same time.
 
 #### Values
 
@@ -980,6 +1016,7 @@ This parameter is a map, and its key is the name of the local service subset tha
   - [`service`](#spec-failover-service)
   - [`serviceSubset`](#spec-failover-servicesubset)
   - [`namespace`](#spec-failover-namespace)
+  - [`samenessGroup`](#spec-failover-samenessgroup)
   - [`datacenters`](#spec-failover-datacenters)
   - [`targets`](#spec-failover-targets)
   
@@ -1010,6 +1047,15 @@ Specifies the namespace at the failover location where the failover services are
 - Default: None
 - Data type: String
 
+### `spec.failover.samenessGroup` <EnterpriseAlert inline />
+
+Specifies the sameness group at the failover location where the failover services are deployed.
+
+#### Values
+
+- Default: None
+- Data type: String
+
 ### `spec.failover.datacenters`
 
 Specifies an ordered list of datacenters at the failover location to attempt connections to during a failover scenario. When Consul cannot establish a connection with the first datacenter in the list, it proceeds sequentially until establishing a connection with another datacenter.

From 5244ede957625584f7303e6e836918187a75748f Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Fri, 23 Jun 2023 18:07:53 -0400
Subject: [PATCH 088/359] docs: add note about path prefix matching behavior
 for HTTPRoute config (#17860)

* Add note about path prefix matching behavior for HTTPRoute config

* Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 .../gateways/api-gateway/configuration/http-route.mdx        | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx b/website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx
index 997e2bbf692e..02d2725ad698 100644
--- a/website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx
+++ b/website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx
@@ -533,6 +533,11 @@ Specifies the HTTP method to match.
 
 Specifies type of match for the path: `"exact"`, `"prefix"`, or `"regex"`.
 
+If set to `prefix`, Consul uses simple string matching to identify incoming request prefixes. For example, if the route is configured to match incoming requests to services prefixed with `/dev`, then the gateway would match requests to `/dev-` and `/deviate` and route to the upstream.  
+
+This deviates from the
+[Kubernetes Gateway API specification](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1beta1.PathMatchType), which matches on full path elements. In the previous example, _only_ requests to `/dev` or `/dev/` would match. 
+
 #### Values
 
 - Default: none

From d5d3a3ddb958080874ace17dc524bead85f2fa3a Mon Sep 17 00:00:00 2001
From: Iryna Shustava <ishustava@users.noreply.github.com>
Date: Fri, 23 Jun 2023 16:26:57 -0600
Subject: [PATCH 089/359] docs: update upgrade to consul-dataplane docs on k8s
 (#17852)

---
 website/content/docs/k8s/upgrade/index.mdx | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx
index 529815df9769..e92ec12be2aa 100644
--- a/website/content/docs/k8s/upgrade/index.mdx
+++ b/website/content/docs/k8s/upgrade/index.mdx
@@ -219,7 +219,7 @@ In earlier versions, Consul on Kubernetes used client agents in its deployments.
 
 If you upgrade Consul from a version that uses client agents to a version the uses dataplanes, complete the following steps to upgrade your deployment safely and without downtime.
 
-1. Before you upgrade, edit your Helm chart to enable Consul client agents by setting `client.enabled` and `client.updateStrategy`:
+1. Before you upgrade, edit your Helm chart configuration to enable Consul client agents by setting `client.enabled` and `client.updateStrategy`:
 
   ```yaml filename="values.yaml"
   client:
@@ -228,6 +228,18 @@ If you upgrade Consul from a version that uses client agents to a version the us
         type: OnDelete
   ```
 
+1. Update the `connect-injector` to not log out on restart
+to make sure that the ACL tokens used by existing services are still valid during the migration to `consul-dataplane`.
+Note that you must remove the token manually after completing the migration.
+
+  The following command triggers the deployment rollout. Wait for the rollout to complete before proceeding to next step.
+
+  ```bash
+  kubectl config set-context --current --namespace=<consul installation namespace>
+  INJECTOR_DEPLOYMENT=$(kg deploy -l "component=connect-injector" -o=jsonpath='{.items[0].metadata.name}')
+  kubectl patch deploy $INJECTOR_DEPLOYMENT --type='json' -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/lifecycle"}]'
+  ```
+
 1. Follow our [recommended procedures to upgrade servers](#upgrade-consul-servers) on Kubernetes deployments to upgrade Helm values for the new version of Consul.
 
 1. Run `kubectl rollout restart` to restart your service mesh applications. Restarting service mesh application causes Kubernetes to re-inject them with the webhook for dataplanes.

From 48445dfa55192ef0836ebaba3ed37bca33f03006 Mon Sep 17 00:00:00 2001
From: Dan Upton <daniel@floppy.co>
Date: Mon, 26 Jun 2023 13:23:05 +0100
Subject: [PATCH 090/359] resource: add `AuthorizerContext` helper method
 (#17393)

---
 internal/resource/authz_oss.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 internal/resource/authz_oss.go

diff --git a/internal/resource/authz_oss.go b/internal/resource/authz_oss.go
new file mode 100644
index 000000000000..014318f22897
--- /dev/null
+++ b/internal/resource/authz_oss.go
@@ -0,0 +1,17 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+//go:build !consulent
+// +build !consulent
+
+package resource
+
+import (
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+// AuthorizerContext builds an ACL AuthorizerContext for the given tenancy.
+func AuthorizerContext(t *pbresource.Tenancy) *acl.AuthorizerContext {
+	return &acl.AuthorizerContext{Peer: t.PeerName}
+}

From b117eb0126584d80e50bd7bf6ee22482a7648914 Mon Sep 17 00:00:00 2001
From: Dan Upton <daniel@floppy.co>
Date: Mon, 26 Jun 2023 13:25:14 +0100
Subject: [PATCH 091/359] resource: enforce consistent naming of resource types
 (#17611)

For consistency, resource type names must follow these rules:

- `Group` must be snake case, and in most cases a single word.
- `GroupVersion` must be lowercase, start with a "v" and end with a number.
- `Kind` must be pascal case.

These were chosen because they map to our protobuf type naming
conventions.
---
 .../services/resource/list_by_owner_test.go   |   6 +-
 .../services/resource/list_test.go            |   4 +-
 .../services/resource/read_test.go            |   2 +-
 .../services/resource/watch_test.go           |   6 +-
 .../services/resource/write_status_test.go    |   2 +-
 .../services/resource/write_test.go           |   2 +-
 internal/controller/api_test.go               |   4 +-
 internal/resource/demo/demo.go                |  16 +--
 internal/resource/registry.go                 |  22 +++-
 internal/resource/registry_test.go            | 117 +++++++++++++-----
 internal/resource/tombstone.go                |   2 +-
 11 files changed, 129 insertions(+), 54 deletions(-)

diff --git a/agent/grpc-external/services/resource/list_by_owner_test.go b/agent/grpc-external/services/resource/list_by_owner_test.go
index 19fe799caf08..218971a050da 100644
--- a/agent/grpc-external/services/resource/list_by_owner_test.go
+++ b/agent/grpc-external/services/resource/list_by_owner_test.go
@@ -74,7 +74,7 @@ func TestListByOwner_TypeNotRegistered(t *testing.T) {
 	})
 	require.Error(t, err)
 	require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
-	require.Contains(t, err.Error(), "resource type demo.v2.artist not registered")
+	require.Contains(t, err.Error(), "resource type demo.v2.Artist not registered")
 }
 
 func TestListByOwner_Empty(t *testing.T) {
@@ -126,7 +126,7 @@ func TestListByOwner_Many(t *testing.T) {
 }
 
 func TestListByOwner_ACL_PerTypeDenied(t *testing.T) {
-	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.album/" { policy = "deny" }`)
+	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.Album/" { policy = "deny" }`)
 	_, rsp, err := roundTripListByOwner(t, authz)
 
 	// verify resource filtered out, hence no results
@@ -135,7 +135,7 @@ func TestListByOwner_ACL_PerTypeDenied(t *testing.T) {
 }
 
 func TestListByOwner_ACL_PerTypeAllowed(t *testing.T) {
-	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.album/" { policy = "read" }`)
+	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.Album/" { policy = "read" }`)
 	album, rsp, err := roundTripListByOwner(t, authz)
 
 	// verify resource not filtered out
diff --git a/agent/grpc-external/services/resource/list_test.go b/agent/grpc-external/services/resource/list_test.go
index 7d102b090ce0..4d6b50951b75 100644
--- a/agent/grpc-external/services/resource/list_test.go
+++ b/agent/grpc-external/services/resource/list_test.go
@@ -58,7 +58,7 @@ func TestList_TypeNotFound(t *testing.T) {
 	})
 	require.Error(t, err)
 	require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
-	require.Contains(t, err.Error(), "resource type demo.v2.artist not registered")
+	require.Contains(t, err.Error(), "resource type demo.v2.Artist not registered")
 }
 
 func TestList_Empty(t *testing.T) {
@@ -178,7 +178,7 @@ func TestList_ACL_ListAllowed_ReadDenied(t *testing.T) {
 
 	// allow list, deny read
 	authz := AuthorizerFrom(t, demo.ArtistV2ListPolicy,
-		`key_prefix "resource/demo.v2.artist/" { policy = "deny" }`)
+		`key_prefix "resource/demo.v2.Artist/" { policy = "deny" }`)
 	_, rsp, err := roundTripList(t, authz)
 
 	// verify resource filtered out by key:read denied hence no results
diff --git a/agent/grpc-external/services/resource/read_test.go b/agent/grpc-external/services/resource/read_test.go
index 237895eacc55..cca911ec15b5 100644
--- a/agent/grpc-external/services/resource/read_test.go
+++ b/agent/grpc-external/services/resource/read_test.go
@@ -71,7 +71,7 @@ func TestRead_TypeNotFound(t *testing.T) {
 	_, err = client.Read(context.Background(), &pbresource.ReadRequest{Id: artist.Id})
 	require.Error(t, err)
 	require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
-	require.Contains(t, err.Error(), "resource type demo.v2.artist not registered")
+	require.Contains(t, err.Error(), "resource type demo.v2.Artist not registered")
 }
 
 func TestRead_ResourceNotFound(t *testing.T) {
diff --git a/agent/grpc-external/services/resource/watch_test.go b/agent/grpc-external/services/resource/watch_test.go
index 687fe0d0679f..95695f295ebd 100644
--- a/agent/grpc-external/services/resource/watch_test.go
+++ b/agent/grpc-external/services/resource/watch_test.go
@@ -66,7 +66,7 @@ func TestWatchList_TypeNotFound(t *testing.T) {
 
 	err = mustGetError(t, rspCh)
 	require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
-	require.Contains(t, err.Error(), "resource type demo.v2.artist not registered")
+	require.Contains(t, err.Error(), "resource type demo.v2.Artist not registered")
 }
 
 func TestWatchList_GroupVersionMatches(t *testing.T) {
@@ -172,7 +172,7 @@ func TestWatchList_ACL_ListAllowed_ReadDenied(t *testing.T) {
 	// allow list, deny read
 	authz := AuthorizerFrom(t, `
 		key_prefix "resource/" { policy = "list" }
-		key_prefix "resource/demo.v2.artist/" { policy = "deny" }
+		key_prefix "resource/demo.v2.Artist/" { policy = "deny" }
 		`)
 	rspCh, _ := roundTripACL(t, authz)
 
@@ -187,7 +187,7 @@ func TestWatchList_ACL_ListAllowed_ReadAllowed(t *testing.T) {
 	// allow list, allow read
 	authz := AuthorizerFrom(t, `
 		key_prefix "resource/" { policy = "list" }
-		key_prefix "resource/demo.v2.artist/" { policy = "read" }
+		key_prefix "resource/demo.v2.Artist/" { policy = "read" }
 	`)
 	rspCh, artist := roundTripACL(t, authz)
 
diff --git a/agent/grpc-external/services/resource/write_status_test.go b/agent/grpc-external/services/resource/write_status_test.go
index f65c7918ff79..aa26330176df 100644
--- a/agent/grpc-external/services/resource/write_status_test.go
+++ b/agent/grpc-external/services/resource/write_status_test.go
@@ -180,7 +180,7 @@ func TestWriteStatus_TypeNotFound(t *testing.T) {
 	_, err = client.WriteStatus(testContext(t), validWriteStatusRequest(t, res))
 	require.Error(t, err)
 	require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
-	require.Contains(t, err.Error(), "resource type demo.v2.artist not registered")
+	require.Contains(t, err.Error(), "resource type demo.v2.Artist not registered")
 }
 
 func TestWriteStatus_ResourceNotFound(t *testing.T) {
diff --git a/agent/grpc-external/services/resource/write_test.go b/agent/grpc-external/services/resource/write_test.go
index 3da4ec478a52..4ec25ee26c0c 100644
--- a/agent/grpc-external/services/resource/write_test.go
+++ b/agent/grpc-external/services/resource/write_test.go
@@ -151,7 +151,7 @@ func TestWrite_TypeNotFound(t *testing.T) {
 	_, err = client.Write(testContext(t), &pbresource.WriteRequest{Resource: res})
 	require.Error(t, err)
 	require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
-	require.Contains(t, err.Error(), "resource type demo.v2.artist not registered")
+	require.Contains(t, err.Error(), "resource type demo.v2.Artist not registered")
 }
 
 func TestWrite_ACLs(t *testing.T) {
diff --git a/internal/controller/api_test.go b/internal/controller/api_test.go
index 2006664b20fb..e80a2d7d7133 100644
--- a/internal/controller/api_test.go
+++ b/internal/controller/api_test.go
@@ -190,7 +190,7 @@ func TestController_String(t *testing.T) {
 		WithPlacement(controller.PlacementEachServer)
 
 	require.Equal(t,
-		`<Controller managed_type="demo.v2.artist", watched_types=["demo.v2.album"], backoff=<base="5s", max="1h0m0s">, placement="each-server">`,
+		`<Controller managed_type="demo.v2.Artist", watched_types=["demo.v2.Album"], backoff=<base="5s", max="1h0m0s">, placement="each-server">`,
 		ctrl.String(),
 	)
 }
@@ -201,7 +201,7 @@ func TestController_NoReconciler(t *testing.T) {
 
 	ctrl := controller.ForType(demo.TypeV2Artist)
 	require.PanicsWithValue(t,
-		`cannot register controller without a reconciler <Controller managed_type="demo.v2.artist", watched_types=[], backoff=<base="5ms", max="16m40s">, placement="singleton">`,
+		`cannot register controller without a reconciler <Controller managed_type="demo.v2.Artist", watched_types=[], backoff=<base="5ms", max="16m40s">, placement="singleton">`,
 		func() { mgr.Register(ctrl) })
 }
 
diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go
index 842b75739bc4..20ad89c962c4 100644
--- a/internal/resource/demo/demo.go
+++ b/internal/resource/demo/demo.go
@@ -33,36 +33,36 @@ var (
 	TypeV1Artist = &pbresource.Type{
 		Group:        "demo",
 		GroupVersion: "v1",
-		Kind:         "artist",
+		Kind:         "Artist",
 	}
 
 	// TypeV1Album represents a collection of an artist's songs.
 	TypeV1Album = &pbresource.Type{
 		Group:        "demo",
 		GroupVersion: "v1",
-		Kind:         "album",
+		Kind:         "Album",
 	}
 
 	// TypeV2Artist represents a musician or group of musicians.
 	TypeV2Artist = &pbresource.Type{
 		Group:        "demo",
 		GroupVersion: "v2",
-		Kind:         "artist",
+		Kind:         "Artist",
 	}
 
 	// TypeV2Album represents a collection of an artist's songs.
 	TypeV2Album = &pbresource.Type{
 		Group:        "demo",
 		GroupVersion: "v2",
-		Kind:         "album",
+		Kind:         "Album",
 	}
 )
 
 const (
-	ArtistV1ReadPolicy  = `key_prefix "resource/demo.v1.artist/" { policy = "read" }`
-	ArtistV1WritePolicy = `key_prefix "resource/demo.v1.artist/" { policy = "write" }`
-	ArtistV2ReadPolicy  = `key_prefix "resource/demo.v2.artist/" { policy = "read" }`
-	ArtistV2WritePolicy = `key_prefix "resource/demo.v2.artist/" { policy = "write" }`
+	ArtistV1ReadPolicy  = `key_prefix "resource/demo.v1.Artist/" { policy = "read" }`
+	ArtistV1WritePolicy = `key_prefix "resource/demo.v1.Artist/" { policy = "write" }`
+	ArtistV2ReadPolicy  = `key_prefix "resource/demo.v2.Artist/" { policy = "read" }`
+	ArtistV2WritePolicy = `key_prefix "resource/demo.v2.Artist/" { policy = "write" }`
 	ArtistV2ListPolicy  = `key_prefix "resource/" { policy = "list" }`
 )
 
diff --git a/internal/resource/registry.go b/internal/resource/registry.go
index 232e3998d4e2..0004acfff4c6 100644
--- a/internal/resource/registry.go
+++ b/internal/resource/registry.go
@@ -5,6 +5,7 @@ package resource
 
 import (
 	"fmt"
+	"regexp"
 	"sync"
 
 	"google.golang.org/protobuf/proto"
@@ -13,6 +14,12 @@ import (
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
+var (
+	groupRegexp        = regexp.MustCompile(`^[a-z][a-z\d_]+$`)
+	groupVersionRegexp = regexp.MustCompile(`^v([a-z\d]+)?\d$`)
+	kindRegexp         = regexp.MustCompile(`^[A-Z][A-Za-z\d]+$`)
+)
+
 type Registry interface {
 	// Register the given resource type and its hooks.
 	Register(reg Registration)
@@ -82,14 +89,23 @@ func NewRegistry() Registry {
 }
 
 func (r *TypeRegistry) Register(registration Registration) {
-	r.lock.Lock()
-	defer r.lock.Unlock()
-
 	typ := registration.Type
 	if typ.Group == "" || typ.GroupVersion == "" || typ.Kind == "" {
 		panic("type field(s) cannot be empty")
 	}
 
+	switch {
+	case !groupRegexp.MatchString(typ.Group):
+		panic(fmt.Sprintf("Type.Group must be in snake_case. Got: %q", typ.Group))
+	case !groupVersionRegexp.MatchString(typ.GroupVersion):
+		panic(fmt.Sprintf("Type.GroupVersion must be lowercase, start with `v`, and end with a number (e.g. `v2` or `v1alpha1`). Got: %q", typ.Group))
+	case !kindRegexp.MatchString(typ.Kind):
+		panic(fmt.Sprintf("Type.Kind must be in PascalCase. Got: %q", typ.Kind))
+	}
+
+	r.lock.Lock()
+	defer r.lock.Unlock()
+
 	key := ToGVK(registration.Type)
 	if _, ok := r.registrations[key]; ok {
 		panic(fmt.Sprintf("resource type %s already registered", key))
diff --git a/internal/resource/registry_test.go b/internal/resource/registry_test.go
index 7979d618c470..c9d1777159f8 100644
--- a/internal/resource/registry_test.go
+++ b/internal/resource/registry_test.go
@@ -28,36 +28,9 @@ func TestRegister(t *testing.T) {
 	require.True(t, proto.Equal(demo.TypeV2Artist, actual.Type))
 
 	// register existing should panic
-	require.PanicsWithValue(t, "resource type demo.v2.artist already registered", func() {
+	require.PanicsWithValue(t, "resource type demo.v2.Artist already registered", func() {
 		r.Register(reg)
 	})
-
-	// type missing required fields should panic
-	testcases := map[string]*pbresource.Type{
-		"empty group": {
-			Group:        "",
-			GroupVersion: "v2",
-			Kind:         "artist",
-		},
-		"empty group version": {
-			Group:        "",
-			GroupVersion: "v2",
-			Kind:         "artist",
-		},
-		"empty kind": {
-			Group:        "demo",
-			GroupVersion: "v2",
-			Kind:         "",
-		},
-	}
-
-	for desc, typ := range testcases {
-		t.Run(desc, func(t *testing.T) {
-			require.PanicsWithValue(t, "type field(s) cannot be empty", func() {
-				r.Register(resource.Registration{Type: typ})
-			})
-		})
-	}
 }
 
 func TestRegister_Defaults(t *testing.T) {
@@ -102,7 +75,7 @@ func TestResolve(t *testing.T) {
 	serviceType := &pbresource.Type{
 		Group:        "mesh",
 		GroupVersion: "v1",
-		Kind:         "service",
+		Kind:         "Service",
 	}
 
 	// not found
@@ -115,3 +88,89 @@ func TestResolve(t *testing.T) {
 	assert.True(t, ok)
 	assert.Equal(t, registration.Type, serviceType)
 }
+
+func TestRegister_TypeValidation(t *testing.T) {
+	registry := resource.NewRegistry()
+
+	testCases := map[string]struct {
+		fn    func(*pbresource.Type)
+		valid bool
+	}{
+		"Valid": {valid: true},
+		"Group empty": {
+			fn:    func(t *pbresource.Type) { t.Group = "" },
+			valid: false,
+		},
+		"Group PascalCase": {
+			fn:    func(t *pbresource.Type) { t.Group = "Foo" },
+			valid: false,
+		},
+		"Group kebab-case": {
+			fn:    func(t *pbresource.Type) { t.Group = "foo-bar" },
+			valid: false,
+		},
+		"Group snake_case": {
+			fn:    func(t *pbresource.Type) { t.Group = "foo_bar" },
+			valid: true,
+		},
+		"GroupVersion empty": {
+			fn:    func(t *pbresource.Type) { t.GroupVersion = "" },
+			valid: false,
+		},
+		"GroupVersion snake_case": {
+			fn:    func(t *pbresource.Type) { t.GroupVersion = "v_1" },
+			valid: false,
+		},
+		"GroupVersion kebab-case": {
+			fn:    func(t *pbresource.Type) { t.GroupVersion = "v-1" },
+			valid: false,
+		},
+		"GroupVersion no leading v": {
+			fn:    func(t *pbresource.Type) { t.GroupVersion = "1" },
+			valid: false,
+		},
+		"GroupVersion no trailing number": {
+			fn:    func(t *pbresource.Type) { t.GroupVersion = "OnePointOh" },
+			valid: false,
+		},
+		"Kind PascalCase with numbers": {
+			fn:    func(t *pbresource.Type) { t.Kind = "Number1" },
+			valid: true,
+		},
+		"Kind camelCase": {
+			fn:    func(t *pbresource.Type) { t.Kind = "barBaz" },
+			valid: false,
+		},
+		"Kind snake_case": {
+			fn:    func(t *pbresource.Type) { t.Kind = "bar_baz" },
+			valid: false,
+		},
+		"Kind empty": {
+			fn:    func(t *pbresource.Type) { t.Kind = "" },
+			valid: false,
+		},
+	}
+	for desc, tc := range testCases {
+		t.Run(desc, func(t *testing.T) {
+			reg := func() {
+				typ := &pbresource.Type{
+					Group:        "foo",
+					GroupVersion: "v1",
+					Kind:         "Bar",
+				}
+				if tc.fn != nil {
+					tc.fn(typ)
+				}
+				registry.Register(resource.Registration{
+					Type: typ,
+				})
+			}
+
+			if tc.valid {
+				require.NotPanics(t, reg)
+			} else {
+				require.Panics(t, reg)
+			}
+		})
+	}
+}
diff --git a/internal/resource/tombstone.go b/internal/resource/tombstone.go
index 289aec2d5161..6d0285c602de 100644
--- a/internal/resource/tombstone.go
+++ b/internal/resource/tombstone.go
@@ -6,6 +6,6 @@ var (
 	TypeV1Tombstone = &pbresource.Type{
 		Group:        "internal",
 		GroupVersion: "v1",
-		Kind:         "tombstone",
+		Kind:         "Tombstone",
 	}
 )

From ce24646d367e39a4b69011564b878fcfd8cbaa2f Mon Sep 17 00:00:00 2001
From: Dan Upton <daniel@floppy.co>
Date: Mon, 26 Jun 2023 13:53:55 +0100
Subject: [PATCH 092/359] tooling: generate protoset file (#17364)

Extends the `proto` make target to generate a protoset file for use with
grpcurl etc.
---
 build-support/scripts/protobuf.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/build-support/scripts/protobuf.sh b/build-support/scripts/protobuf.sh
index 420d66d6a11b..f7b8ce559487 100755
--- a/build-support/scripts/protobuf.sh
+++ b/build-support/scripts/protobuf.sh
@@ -72,6 +72,10 @@ function main {
 
     status "Generated gRPC rate limit mapping file"
 
+    generate_protoset_file
+
+    status "Generated protoset file"
+
     return 0
 }
 
@@ -152,5 +156,11 @@ function generate_rate_limit_mappings {
     }
 }
 
+function generate_protoset_file {
+  local pkg_dir="${SOURCE_DIR}/pkg"
+  mkdir -p "$pkg_dir"
+  print_run buf build -o "${pkg_dir}/consul.protoset"
+}
+
 main "$@"
 exit $?

From 33a2d90852227b3172198c78b6387f284bc2ff0f Mon Sep 17 00:00:00 2001
From: Alex Simenduev <shamil.si@gmail.com>
Date: Mon, 26 Jun 2023 17:57:11 +0300
Subject: [PATCH 093/359] Fix a bug that wrongly trims domains when there is an
 overlap with DC name (#17160)

* Fix a bug that wrongly trims domains when there is an overlap with DC name

Before this change, when DC name and domain/alt-domain overlap, the domain name incorrectly trimmed from the query.

Example:

Given: datacenter = dc-test, alt-domain = test.consul.
Querying for "test-node.node.dc-test.consul" will faile, because the
code was trimming "test.consul" instead of just ".consul"

This change, fixes the issue by adding dot (.) before trimming

* trimDomain: ensure domain trimmed without modyfing original domains

* update changelog

---------

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
---
 .changelog/17160.txt |  3 +++
 agent/dns.go         |  2 +-
 agent/dns_test.go    | 39 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/17160.txt

diff --git a/.changelog/17160.txt b/.changelog/17160.txt
new file mode 100644
index 000000000000..666a6e8f252c
--- /dev/null
+++ b/.changelog/17160.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+Fix a bug that wrongly trims domains when there is an overlap with DC name.
+```
diff --git a/agent/dns.go b/agent/dns.go
index cb1e3c310d0c..5804dc97dd8e 100644
--- a/agent/dns.go
+++ b/agent/dns.go
@@ -1055,7 +1055,7 @@ func (d *DNSServer) trimDomain(query string) string {
 		longer, shorter = shorter, longer
 	}
 
-	if strings.HasSuffix(query, longer) {
+	if strings.HasSuffix(query, "."+strings.TrimLeft(longer, ".")) {
 		return strings.TrimSuffix(query, longer)
 	}
 	return strings.TrimSuffix(query, shorter)
diff --git a/agent/dns_test.go b/agent/dns_test.go
index 46a7e758c7f1..ef5364964dd3 100644
--- a/agent/dns_test.go
+++ b/agent/dns_test.go
@@ -7071,6 +7071,45 @@ func TestDNS_AltDomains_Overlap(t *testing.T) {
 	}
 }
 
+func TestDNS_AltDomain_DCName_Overlap(t *testing.T) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	// this tests the DC name overlap with the consul domain/alt-domain
+	// we should get response when DC suffix is a prefix of consul alt-domain
+	t.Parallel()
+	a := NewTestAgent(t, `
+		datacenter = "dc-test"
+		node_name = "test-node"
+		alt_domain = "test.consul."
+	`)
+	defer a.Shutdown()
+	testrpc.WaitForLeader(t, a.RPC, "dc-test")
+
+	questions := []string{
+		"test-node.node.dc-test.consul.",
+		"test-node.node.dc-test.test.consul.",
+	}
+
+	for _, question := range questions {
+		m := new(dns.Msg)
+		m.SetQuestion(question, dns.TypeA)
+
+		c := new(dns.Client)
+		in, _, err := c.Exchange(m, a.DNSAddr())
+		if err != nil {
+			t.Fatalf("err: %v", err)
+		}
+
+		require.Len(t, in.Answer, 1)
+
+		aRec, ok := in.Answer[0].(*dns.A)
+		require.True(t, ok)
+		require.Equal(t, aRec.A.To4().String(), "127.0.0.1")
+	}
+}
+
 func TestDNS_PreparedQuery_AllowStale(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")

From 8e02a0e1ae3c5e8c48ee7a07017a8c57ba5faa21 Mon Sep 17 00:00:00 2001
From: Dan Bond <danbond@protonmail.com>
Date: Mon, 26 Jun 2023 10:07:26 -0700
Subject: [PATCH 094/359] deps: aws-sdk-go v1.44.289 (#17876)

Signed-off-by: Dan Bond <danbond@protonmail.com>
---
 go.mod |  2 +-
 go.sum | 16 +++++++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 81231ff9117f..f85e23b0b3c7 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e
 	github.com/armon/go-metrics v0.4.1
 	github.com/armon/go-radix v1.0.0
-	github.com/aws/aws-sdk-go v1.42.34
+	github.com/aws/aws-sdk-go v1.44.289
 	github.com/coredns/coredns v1.6.6
 	github.com/coreos/go-oidc v2.1.0+incompatible
 	github.com/docker/go-connections v0.4.0
diff --git a/go.sum b/go.sum
index 3fa9a355c100..9f38d4eb658e 100644
--- a/go.sum
+++ b/go.sum
@@ -161,8 +161,8 @@ github.com/aws/aws-sdk-go v1.23.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN
 github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.48/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
-github.com/aws/aws-sdk-go v1.42.34 h1:fqGAiKmCSRY1rEa4G9VqgkKKbNmLKYq5dKmLtQkvYi8=
-github.com/aws/aws-sdk-go v1.42.34/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc=
+github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0=
+github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
 github.com/benbjohnson/immutable v0.4.0 h1:CTqXbEerYso8YzVPxmWxh2gnoRQbbB9X1quUC8+vGZA=
 github.com/benbjohnson/immutable v0.4.0/go.mod h1:iAr8OjJGLnLmVUr9MZ/rz4PWUy6Ouc2JLYuMArmvAJM=
@@ -1098,6 +1098,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
 github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
@@ -1167,6 +1168,7 @@ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
@@ -1208,6 +1210,7 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
 golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1266,9 +1269,10 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1303,6 +1307,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
 golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1397,13 +1402,16 @@ golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1417,6 +1425,7 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20161028155119-f51c12702a4d/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1494,6 +1503,7 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
 golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From e552e3d27b61c36fcf64605b3a0295671271927a Mon Sep 17 00:00:00 2001
From: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:16:48 -0500
Subject: [PATCH 095/359] api-gateway: add operation cannot be fulfilled error
 to common errors (#17874)

* add error message

* Update website/content/docs/api-gateway/usage/errors.mdx

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* fix formating issues

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
---
 website/content/docs/api-gateway/usage/errors.mdx | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/website/content/docs/api-gateway/usage/errors.mdx b/website/content/docs/api-gateway/usage/errors.mdx
index c873c55812db..ba2c40f6f240 100644
--- a/website/content/docs/api-gateway/usage/errors.mdx
+++ b/website/content/docs/api-gateway/usage/errors.mdx
@@ -58,3 +58,18 @@ The installation process typically fails after this error message is generated.
 
 **Resolution:**
 Install the required CRDs. Refer to the [Consul API Gateway installation instructions](/consul/docs/api-gateway/install#installation) for instructions.
+
+## Operation cannot be fulfilled, the object has been modified
+
+```
+{"error": "Operation cannot be fulfilled on gatewayclassconfigs.consul.hashicorp.com \"consul-api-gateway\": the object has been modified; please apply your changes to the latest version and try again"}
+
+```
+**Conditions:**
+This error occurs when the gateway controller attempts to update an object that has been modified previously. It is a normal part of running the controller and will resolve itself by automatically retrying.
+
+**Impact:**
+Excessive error logs are produced, but there is no impact to the functionality of the controller.
+
+**Resolution:**
+No action needs to be taken to resolve this issue.

From 08c50481604d34679b94259ee785321ecaab9166 Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Mon, 26 Jun 2023 13:29:17 -0400
Subject: [PATCH 096/359] api-gateway: add step to upgrade instructions for
 creating intentions (#17875)

---
 website/content/docs/api-gateway/upgrades.mdx | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/website/content/docs/api-gateway/upgrades.mdx b/website/content/docs/api-gateway/upgrades.mdx
index 31bc1ec82374..2728db807f37 100644
--- a/website/content/docs/api-gateway/upgrades.mdx
+++ b/website/content/docs/api-gateway/upgrades.mdx
@@ -65,6 +65,8 @@ If you are able to tolerate downtime for your applications, you should delete pr
   $ kubectl apply -f apigw-installation.yaml
   ```
 
+1. Create `ServiceIntentions` allowing `Gateways` to communicate with any backend services that they route to. Refer to [Service intentions configuration entry reference](/consul/docs/connect/config-entries/service-intentions) for additional information.
+
 1. Change any existing `Gateways` to reference the new `GatewayClass` `consul`. Refer to [gatewayClass](/consul/docs/api-gateway/configuration/gateway#gatewayclassname) for additional information.
 
 1. After updating all of your `gateway` configurations to use the new controller, you can complete the upgrade again and completely remove the `apiGateway` block to remove the old controller. 
@@ -99,6 +101,8 @@ If you are unable to tolerate any downtime, you can complete the following steps
   $ kubectl apply -f apigw-installation.yaml
   ```
 
+1. Create `ServiceIntentions` allowing `Gateways` to communicate with any backend services that they route to. Refer to [Service intentions configuration entry reference](/consul/docs/connect/config-entries/service-intentions) for additional information.
+
 1. Change any existing `Gateways` to reference the new `GatewayClass` `consul`. Refer to [gatewayClass](/consul/docs/api-gateway/configuration/gateway#gatewayclassname) for additional information.
 
 1. After updating all of your `gateway` configurations to use the new controller, you can remove the `apiGateway` block from the Helm chart and rerun it. This completely removes the old gateway controller. 

From a96a9e794a9b41af462ece4e7b3f4374f1ee5dd5 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Mon, 26 Jun 2023 18:40:18 -0600
Subject: [PATCH 097/359] Changelog - add 1.13.9, 1.14.8, and 1.15.4 (#17889)

---
 CHANGELOG.md | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef4edc700404..dc70d8b08abf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,97 @@
+## 1.15.4 (June 26, 2023)
+FEATURES:
+
+* cli: `consul operator raft list-peers` command shows the number of commits each follower is trailing the leader by to aid in troubleshooting. [[GH-17582](https://github.com/hashicorp/consul/issues/17582)]
+* server: **(Enterprise Only)** allow automatic license utilization reporting. [[GH-5102](https://github.com/hashicorp/consul/issues/5102)]
+
+IMPROVEMENTS:
+
+* connect: update supported envoy versions to 1.22.11, 1.23.9, 1.24.7, 1.25.6 [[GH-17545](https://github.com/hashicorp/consul/issues/17545)]
+* debug: change default setting of consul debug command. now default duration is 5ms and default log level is 'TRACE' [[GH-17596](https://github.com/hashicorp/consul/issues/17596)]
+* fix metric names in /docs/agent/telemetry [[GH-17577](https://github.com/hashicorp/consul/issues/17577)]
+* gateway: Change status condition reason for invalid certificate on a listener from "Accepted" to "ResolvedRefs". [[GH-17115](https://github.com/hashicorp/consul/issues/17115)]
+* systemd: set service type to notify. [[GH-16845](https://github.com/hashicorp/consul/issues/16845)]
+
+BUG FIXES:
+
+* cache: fix a few minor goroutine leaks in leaf certs and the agent cache [[GH-17636](https://github.com/hashicorp/consul/issues/17636)]
+* docs: fix list of telemetry metrics [[GH-17593](https://github.com/hashicorp/consul/issues/17593)]
+* gateways: **(Enterprise only)** Fixed a bug in API gateways where gateway configuration objects in non-default partitions did not reconcile properly. [[GH-17581](https://github.com/hashicorp/consul/issues/17581)]
+* gateways: Fixed a bug in API gateways where binding a route that only targets a service imported from a peer results
+  in the programmed gateway having no routes. [[GH-17609](https://github.com/hashicorp/consul/issues/17609)]
+* gateways: Fixed a bug where API gateways were not being taken into account in determining xDS rate limits. [[GH-17631](https://github.com/hashicorp/consul/issues/17631)]
+* http: fixed API endpoint `PUT /acl/token/:AccessorID` (update token), no longer requires `AccessorID` in the request body. Web UI can now update tokens. [[GH-17739](https://github.com/hashicorp/consul/issues/17739)]
+* namespaces: **(Enterprise only)** fixes a bug where agent health checks stop syncing for all services on a node if the namespace of any service has been removed from the server.
+* namespaces: **(Enterprise only)** fixes a bug where namespaces are stuck in a deferred deletion state indefinitely under some conditions.
+  Also fixes the Consul query metadata present in the HTTP headers of the namespace read and list endpoints.
+* peering: Fix a bug that caused server agents to continue cleaning up peering resources even after loss of leadership. [[GH-17483](https://github.com/hashicorp/consul/issues/17483)]
+* xds: Fixed a bug where modifying ACLs on a token being actively used for an xDS connection caused all xDS updates to fail. [[GH-17566](https://github.com/hashicorp/consul/issues/17566)]
+
+## 1.14.8 (June 26, 2023)
+
+SECURITY:
+
+* Update to UBI base image to 9.2. [[GH-17513](https://github.com/hashicorp/consul/issues/17513)]
+
+FEATURES:
+
+* cli: `consul operator raft list-peers` command shows the number of commits each follower is trailing the leader by to aid in troubleshooting. [[GH-17582](https://github.com/hashicorp/consul/issues/17582)]
+* server: **(Enterprise Only)** allow automatic license utilization reporting. [[GH-5102](https://github.com/hashicorp/consul/issues/5102)]
+
+IMPROVEMENTS:
+
+* connect: update supported envoy versions to 1.21.6, 1.22.11, 1.23.9, 1.24.7 [[GH-17547](https://github.com/hashicorp/consul/issues/17547)]
+* debug: change default setting of consul debug command. now default duration is 5ms and default log level is 'TRACE' [[GH-17596](https://github.com/hashicorp/consul/issues/17596)]
+* fix metric names in /docs/agent/telemetry [[GH-17577](https://github.com/hashicorp/consul/issues/17577)]
+* peering: gRPC queries for TrustBundleList, TrustBundleRead, PeeringList, and PeeringRead now support blocking semantics,
+  reducing network and CPU demand.
+  The HTTP APIs for Peering List and Read have been updated to support blocking. [[GH-17426](https://github.com/hashicorp/consul/issues/17426)]
+* raft: Remove expensive reflection from raft/mesh hot path [[GH-16552](https://github.com/hashicorp/consul/issues/16552)]
+* systemd: set service type to notify. [[GH-16845](https://github.com/hashicorp/consul/issues/16845)]
+
+BUG FIXES:
+
+* cache: fix a few minor goroutine leaks in leaf certs and the agent cache [[GH-17636](https://github.com/hashicorp/consul/issues/17636)]
+* connect: reverts #17317 fix that caused a downstream error for Ingress/Mesh/Terminating GWs when their respective config entry does not already exist. [[GH-17541](https://github.com/hashicorp/consul/issues/17541)]
+* namespaces: **(Enterprise only)** fixes a bug where agent health checks stop syncing for all services on a node if the namespace of any service has been removed from the server.
+* namespaces: **(Enterprise only)** fixes a bug where namespaces are stuck in a deferred deletion state indefinitely under some conditions.
+  Also fixes the Consul query metadata present in the HTTP headers of the namespace read and list endpoints.
+* namespaces: adjusts the return type from HTTP list API to return the `api` module representation of a namespace.
+  This fixes an error with the `consul namespace list` command when a namespace has a deferred deletion timestamp.
+* peering: Fix a bug that caused server agents to continue cleaning up peering resources even after loss of leadership. [[GH-17483](https://github.com/hashicorp/consul/issues/17483)]
+* peering: Fix issue where modifying the list of exported services did not correctly replicate changes for services that exist in a non-default namespace. [[GH-17456](https://github.com/hashicorp/consul/issues/17456)]
+
+## 1.13.9 (June 26, 2023)
+BREAKING CHANGES:
+
+* connect: Disable peering by default in connect proxies for Consul 1.13. This change was made to prevent inefficient polling
+  queries from having a negative impact on server performance. Peering in Consul 1.13 is an experimental feature and is not
+  recommended for use in production environments. If you still wish to use the experimental peering feature, ensure
+  [`peering.enabled = true`](https://developer.hashicorp.com/consul/docs/v1.13.x/agent/config/config-files#peering_enabled)
+  is set on all clients and servers. [[GH-17731](https://github.com/hashicorp/consul/issues/17731)]
+
+SECURITY:
+
+* Update to UBI base image to 9.2. [[GH-17513](https://github.com/hashicorp/consul/issues/17513)]
+
+FEATURES:
+
+* server: **(Enterprise Only)** allow automatic license utilization reporting. [[GH-5102](https://github.com/hashicorp/consul/issues/5102)]
+
+IMPROVEMENTS:
+
+* debug: change default setting of consul debug command. now default duration is 5ms and default log level is 'TRACE' [[GH-17596](https://github.com/hashicorp/consul/issues/17596)]
+* systemd: set service type to notify. [[GH-16845](https://github.com/hashicorp/consul/issues/16845)]
+
+BUG FIXES:
+
+* cache: fix a few minor goroutine leaks in leaf certs and the agent cache [[GH-17636](https://github.com/hashicorp/consul/issues/17636)]
+* namespaces: **(Enterprise only)** fixes a bug where namespaces are stuck in a deferred deletion state indefinitely under some conditions.
+  Also fixes the Consul query metadata present in the HTTP headers of the namespace read and list endpoints.
+* namespaces: adjusts the return type from HTTP list API to return the `api` module representation of a namespace.
+  This fixes an error with the `consul namespace list` command when a namespace has a deferred deletion timestamp.
+* peering: Fix a bug that caused server agents to continue cleaning up peering resources even after loss of leadership. [[GH-17483](https://github.com/hashicorp/consul/issues/17483)]
+
 ## 1.16.0-rc1 (June 12, 2023)
 
 BREAKING CHANGES:

From 6bc222244f21501196595917f3555499bde08748 Mon Sep 17 00:00:00 2001
From: Gerard Nguyen <gerard@hashicorp.com>
Date: Tue, 27 Jun 2023 12:19:07 +1000
Subject: [PATCH 098/359] docs: update config enable_debug (#17866)

* update doc for config enable_debug

* Update website/content/docs/agent/config/config-files.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 website/content/commands/debug.mdx                 | 2 +-
 website/content/docs/agent/config/config-files.mdx | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/website/content/commands/debug.mdx b/website/content/commands/debug.mdx
index bebbe955a294..1514158ff907 100644
--- a/website/content/commands/debug.mdx
+++ b/website/content/commands/debug.mdx
@@ -80,7 +80,7 @@ information when `debug` is running. By default, it captures all information.
 | `members` | A list of all the WAN and LAN members in the cluster.                                                                                                                                                                                                                                                                                                                                                                     |
 | `metrics` | Metrics from the in-memory metrics endpoint in the target, captured at the interval.                                                                                                                                                                                                                                                                                                                                      |
 | `logs`    | `TRACE` level logs for the target agent, captured for the duration.                                                                                                                                                                                                                                                                                                                                                       |
-| `pprof`   | Golang heap, CPU, goroutine, and trace profiling. CPU and traces are captured for `duration` in a single file while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/consul/docs/agent/config/config-files#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. |
+| `pprof`   | Golang heap, CPU, goroutine, and trace profiling. CPU and traces are captured for `duration` in a single file while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/consul/docs/agent/config/config-files#enable_debug) is set to `true` on the target agent or ACLs are enabled and an ACL token with `operator:read` is provided. |
 
 ## Examples
 
diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx
index 4183a5a7d213..1b382341e467 100644
--- a/website/content/docs/agent/config/config-files.mdx
+++ b/website/content/docs/agent/config/config-files.mdx
@@ -472,8 +472,7 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
   that match a registering service instance. If it finds any, the agent will merge the centralized defaults with the service instance configuration. This allows for things like service protocol or proxy configuration to be defined centrally and inherited by any affected service registrations.
   This defaults to `false` in versions of Consul prior to 1.9.0, and defaults to `true` in Consul 1.9.0 and later.
 
-- `enable_debug` When set, enables some additional debugging features. Currently, this is only used to
-  access runtime profiling HTTP endpoints, which are available with an `operator:read` ACL regardless of the value of `enable_debug`.
+- `enable_debug` (boolean, default is `false`): When set to `true`, enables Consul to report additional debugging information, including runtime profiling (`pprof`) data. This setting is only required for clusters without ACL [enabled](#acl_enabled). If you change this setting, you must restart the agent for the change to take effect.
 
 - `enable_script_checks` Equivalent to the [`-enable-script-checks` command-line flag](/consul/docs/agent/config/cli-flags#_enable_script_checks).
 

From 601490b9abb0809915bddbd76787dc426fa3daab Mon Sep 17 00:00:00 2001
From: "Chris S. Kim" <ckim@hashicorp.com>
Date: Tue, 27 Jun 2023 11:22:10 -0400
Subject: [PATCH 099/359] Update wording on WAN fed and intermediate_pki_path
 (#17850)

---
 website/content/docs/connect/ca/vault.mdx | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx
index 34ad19226847..828a6937cae1 100644
--- a/website/content/docs/connect/ca/vault.mdx
+++ b/website/content/docs/connect/ca/vault.mdx
@@ -139,8 +139,10 @@ The key after the slash refers to the corresponding option name in the agent con
   path does not exist, Consul will attempt to mount and configure this
   automatically.
 
-  When WAN Federation is enabled, every secondary
-  datacenter must specify a unique `intermediate_pki_path`.
+  When WAN federation is enabled, every secondary datacenter that shares a common Vault cluster
+  must specify a unique `intermediate_pki_path`. If a Vault cluster is not used by more than one Consul datacenter,
+  then you do not need to specify a unique value for the `intermediate_pki_path`. We still recommend using a
+  unique `intermediate_pki_path` for each datacenter, however, to improve operational and diagnostic clarity.
 
 - `IntermediatePKINamespace` / `intermediate_pki_namespace` (`string: <optional>`) - The absolute namespace
   that the `IntermediatePKIPath` is in. Setting this parameter overrides the `Namespace` option for the `IntermediatePKIPath`. Introduced in 1.12.3.

From 767ef2dd4c80e0ec31181bf1a57bd473dbafb373 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Tue, 27 Jun 2023 12:03:43 -0400
Subject: [PATCH 100/359] Allow service identity tokens the ability to read
 jwt-providers (#17893)

* Allow service identity tokens the ability to read jwt-providers

* more tests

* service_prefix tests
---
 agent/structs/config_entry_jwt_provider.go     |  9 +++++++++
 .../structs/config_entry_jwt_provider_test.go  | 18 ++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/agent/structs/config_entry_jwt_provider.go b/agent/structs/config_entry_jwt_provider.go
index a1e9120ea08e..fc0c73950b76 100644
--- a/agent/structs/config_entry_jwt_provider.go
+++ b/agent/structs/config_entry_jwt_provider.go
@@ -316,6 +316,15 @@ func (e *JWTProviderConfigEntry) GetRaftIndex() *RaftIndex               { retur
 func (e *JWTProviderConfigEntry) CanRead(authz acl.Authorizer) error {
 	var authzContext acl.AuthorizerContext
 	e.FillAuthzContext(&authzContext)
+
+	// allow service-identity tokens the ability to read jwt-providers
+	// this is a workaround to allow sidecar proxies to read the jwt-providers
+	// see issue: https://github.com/hashicorp/consul/issues/17886 for more details
+	err := authz.ToAllowAuthorizer().ServiceWriteAnyAllowed(&authzContext)
+	if err == nil {
+		return err
+	}
+
 	return authz.ToAllowAuthorizer().MeshReadAllowed(&authzContext)
 }
 
diff --git a/agent/structs/config_entry_jwt_provider_test.go b/agent/structs/config_entry_jwt_provider_test.go
index 814a15257378..c02becc2a13d 100644
--- a/agent/structs/config_entry_jwt_provider_test.go
+++ b/agent/structs/config_entry_jwt_provider_test.go
@@ -338,6 +338,24 @@ func TestJWTProviderConfigEntry_ACLs(t *testing.T) {
 					canRead:    false,
 					canWrite:   false,
 				},
+				{
+					name:       "jwt-provider: any service write",
+					authorizer: newTestAuthz(t, `service "" { policy = "write" }`),
+					canRead:    true,
+					canWrite:   false,
+				},
+				{
+					name:       "jwt-provider: specific service write",
+					authorizer: newTestAuthz(t, `service "web" { policy = "write" }`),
+					canRead:    true,
+					canWrite:   false,
+				},
+				{
+					name:       "jwt-provider: any service prefix write",
+					authorizer: newTestAuthz(t, `service_prefix "" { policy = "write" }`),
+					canRead:    true,
+					canWrite:   false,
+				},
 				{
 					name:       "jwt-provider: mesh read",
 					authorizer: newTestAuthz(t, `mesh = "read"`),

From c8cfa605f857046f58c16c80a5a8448966928134 Mon Sep 17 00:00:00 2001
From: mr-miles <miles.waller@gmail.com>
Date: Tue, 27 Jun 2023 17:16:40 +0100
Subject: [PATCH 101/359] Update docs (#17476)

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 website/content/docs/connect/config-entries/service-defaults.mdx | 1 +
 1 file changed, 1 insertion(+)

diff --git a/website/content/docs/connect/config-entries/service-defaults.mdx b/website/content/docs/connect/config-entries/service-defaults.mdx
index 3b057377b918..9787d39b3749 100644
--- a/website/content/docs/connect/config-entries/service-defaults.mdx
+++ b/website/content/docs/connect/config-entries/service-defaults.mdx
@@ -1474,6 +1474,7 @@ represents a location outside the Consul cluster. Services can dial destinations
   metadata:
     name: test-destination
   spec:
+    protocol: tcp
     destination:
       addresses:
         - "test.com"

From 55056be09385bb7c84483a0f1588b3fe9e8fb9bf Mon Sep 17 00:00:00 2001
From: Joshua Timmons <josh.timmons@hashicorp.com>
Date: Tue, 27 Jun 2023 12:34:38 -0400
Subject: [PATCH 102/359] Add emit_tags_as_labels to envoy bootstrap config
 when using Consul Telemetry Collector (#17888)

---
 .changelog/17888.txt                                      | 3 +++
 command/connect/envoy/bootstrap_config.go                 | 3 ++-
 command/connect/envoy/bootstrap_config_test.go            | 6 ++++--
 command/connect/envoy/testdata/telemetry-collector.golden | 3 ++-
 4 files changed, 11 insertions(+), 4 deletions(-)
 create mode 100644 .changelog/17888.txt

diff --git a/.changelog/17888.txt b/.changelog/17888.txt
new file mode 100644
index 000000000000..f50fcae09b07
--- /dev/null
+++ b/.changelog/17888.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels
+```
\ No newline at end of file
diff --git a/command/connect/envoy/bootstrap_config.go b/command/connect/envoy/bootstrap_config.go
index a50eaf36fe06..2a0e21c4d25d 100644
--- a/command/connect/envoy/bootstrap_config.go
+++ b/command/connect/envoy/bootstrap_config.go
@@ -847,7 +847,8 @@ func appendTelemetryCollectorConfig(args *BootstrapTplArgs, telemetryCollectorBi
 			"envoy_grpc": {
 			  "cluster_name": "consul_telemetry_collector_loopback"
 			}
-		  }
+		  },
+		  "emit_tags_as_labels": true
 		}
 	  }`
 
diff --git a/command/connect/envoy/bootstrap_config_test.go b/command/connect/envoy/bootstrap_config_test.go
index 8de9ae007d6a..293aee660091 100644
--- a/command/connect/envoy/bootstrap_config_test.go
+++ b/command/connect/envoy/bootstrap_config_test.go
@@ -539,7 +539,8 @@ const (
 		"envoy_grpc": {
 		  "cluster_name": "consul_telemetry_collector_loopback"
 		}
-	  }
+	  },
+	  "emit_tags_as_labels": true
 	}
   }`
 
@@ -638,7 +639,8 @@ func TestBootstrapConfig_ConfigureArgs(t *testing.T) {
 						"envoy_grpc": {
 						  "cluster_name": "consul_telemetry_collector_loopback"
 						}
-					  }
+					  },
+					  "emit_tags_as_labels": true
 					}
 				  }`,
 				StaticClustersJSON: `{
diff --git a/command/connect/envoy/testdata/telemetry-collector.golden b/command/connect/envoy/testdata/telemetry-collector.golden
index 7c584864a0be..3977ce65bba3 100644
--- a/command/connect/envoy/testdata/telemetry-collector.golden
+++ b/command/connect/envoy/testdata/telemetry-collector.golden
@@ -89,7 +89,8 @@
           "envoy_grpc": {
             "cluster_name": "consul_telemetry_collector_loopback"
           }
-        }
+        },
+        "emit_tags_as_labels": true
       }
     }
   ],

From abeeea1621f08ee9d430fac1f3593810082e851c Mon Sep 17 00:00:00 2001
From: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Date: Tue, 27 Jun 2023 10:26:05 -0700
Subject: [PATCH 103/359] Fix command from kg to kubectl get (#17903)

---
 website/content/docs/k8s/upgrade/index.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx
index e92ec12be2aa..666b75bb3613 100644
--- a/website/content/docs/k8s/upgrade/index.mdx
+++ b/website/content/docs/k8s/upgrade/index.mdx
@@ -236,7 +236,7 @@ Note that you must remove the token manually after completing the migration.
 
   ```bash
   kubectl config set-context --current --namespace=<consul installation namespace>
-  INJECTOR_DEPLOYMENT=$(kg deploy -l "component=connect-injector" -o=jsonpath='{.items[0].metadata.name}')
+  INJECTOR_DEPLOYMENT=$(kubectl get deploy -l "component=connect-injector" -o=jsonpath='{.items[0].metadata.name}')
   kubectl patch deploy $INJECTOR_DEPLOYMENT --type='json' -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/lifecycle"}]'
   ```
 

From 1c819e6147c6d510b67046e51b6b59bdfeda63cb Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Tue, 27 Jun 2023 10:33:04 -0700
Subject: [PATCH 104/359] Create and update release notes for 1.16 and 1.2
 (#17895)

* update release notes for 1.16 and 1.2

* update latest consul core release
---
 .../docs/release-notes/consul-k8s/v1_2_x.mdx  | 84 +++++++++++++++++++
 .../docs/release-notes/consul/v1_16_x.mdx     | 14 +++-
 website/data/docs-nav-data.json               |  4 +
 3 files changed, 98 insertions(+), 4 deletions(-)
 create mode 100644 website/content/docs/release-notes/consul-k8s/v1_2_x.mdx

diff --git a/website/content/docs/release-notes/consul-k8s/v1_2_x.mdx b/website/content/docs/release-notes/consul-k8s/v1_2_x.mdx
new file mode 100644
index 000000000000..bd8d65b4803a
--- /dev/null
+++ b/website/content/docs/release-notes/consul-k8s/v1_2_x.mdx
@@ -0,0 +1,84 @@
+---
+layout: docs
+page_title: 1.2.x
+description: >-
+  Consul on Kubernetes release notes for version 1.2.x
+---
+
+# Consul on Kubernetes 1.2.0
+
+We are pleased to announce the following Consul updates. 
+
+## Release highlights
+
+- **Sameness groups (Enterprise):** Sameness groups are a user-defined set of partitions that Consul uses to identify services in different administrative partitions with the same name as being the same services. You can use sameness groups to create a blanket failover policy for deployments with cluster peering connections. Refer to the [Sameness groups overview](/consul/docs/connect/cluster-peering/usage/create-sameness-groups) for more information.
+
+   <Note> Sameness groups is currently a beta feature in Consul Enterprise v1.16.0. </Note>
+
+- **Permissive mTLS:** You can enable the `permissive` mTLS mode to enable sidecar proxies to accept both mTLS and non-mTLS traffic. Using this mode enables you to onboard services without downtime and without reconfiguring or redeploying your application. Refer to the [Onboard services while in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for more information on how to use permissive mTLS to onboard services to Consul.
+
+- **Transparent proxy enhancements for failover and virtual services:** We have made several internal improvements, such as ensuring that virtual IPs are always available, to reduce the friction associated with operating Consul in transparent proxy mode. Onboarding services, configuring failover redirects, and other operations require less administrative effort and ensure a smoother experience. Refer to the following documentation for additional information: 
+
+    - [Onboard services while in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode)
+    - [Route traffic to virtual services](/consul/docs/k8s/l7-traffic/route-to-virtual-services)
+    - [Configure failover services](/consul/docs/k8s/l7-traffic/failover-tproxy).
+
+- **Granular server-side rate limits (Enterprise):** You can now set limits per source IP address. The following steps describe the general process for setting global read and write rate limits:
+
+    1. Set arbitrary limits to begin understanding the upper boundary of RPC and gRPC loads in your network. Refer to [Initialize rate limit settings](/consul/docs/agent/limits/usage/init-rate-limits) for additional information.
+    1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits)
+    1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/agent/limits/usage/set-global-traffic-rate-limits) for additional information. For information about setting limits based on source IP, refer to [Limit traffic rates for a source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips).
+
+- **Consul Envoy Extensions:** Consul Envoy extension system enables you to modify Consul-generated Envoy resources. Refer to [Envoy extension overview](/consul/docs/connect/proxies/envoy-extensions) for more information on how to use these extensions for Consul service mesh.
+
+    - **Property Override:** The property override Envoy extension lets you set, remove, or modify individual properties for the Envoy resources Consul generates. Refer to the [Configure Envoy proxy properties](/consul/docs/connect/proxies/envoy-extensions/usage/property-override) for more information on how to use this extension. 
+
+    - **Wasm:** The Wasm Envoy extension lets you configure Wasm programs to be used as filters in the service's sidecar proxy. Refer to the [Run WebAssembly plug-ins in Envoy proxy](/consul/docs/connect/proxies/envoy-extensions/usage/wasm) for more information on how to use this extension. 
+
+    - **External Authorization:** The external authorization Envoy extension lets you delegate data plane authorization requests to external systems. Refer to the [Delegate authorization to an external service](/consul/docs/connect/proxies/envoy-extensions/usage/ext-authz) for more information on how to use this extension. 
+
+- **Simplified API Gateway installation for Consul on Kubernetes:** API Gateway is now built into Consul. This enables a simplified installation and configuration process for Consul on Kubernetes. Refer to the [API Gateway installation](/consul/docs/api-gateway/install) for more information on the simplified native installation method. 
+
+- **FIPS compliance (Enterprise):** HashiCorp now offers FIPS 140-2 compliant builds of Consul Enterprise that meet the security needs of federal agencies protecting sensitive, unclassified information with approved cryptographic measures. These builds use certified cryptographic modules and restrict configuration settings to comply with FIPS 140-2 Level 1 requirements, enabling compliant Consul deployments. Refer to the [Consul Enterprise FIPS](/consul/docs/enterprise/fips) for more information on FIPS compliance.
+
+- **JWT Authorization with service intentions:** Consul can now authorize connections based on claims present in JSON Web Token (JWT). You can configure Consul to use one or more JWT providers, which lets you control access to services and specific HTTP paths based on the validity of JWT claims embedded in the service traffic. This ensures a uniform and low latency mechanism to validate and authorize communication based on JWT claims across all services in a diverse service-oriented architecture. Refer to the [Use JWT authorization with service intentions](/consul/docs/connect/intentions/jwt-authorization) for more information.
+
+- **Automated license utilization reporting (Enterprise):** Consul Enterprise now provides automated license utilization reporting, which sends minimal product-license metering data to HashiCorp. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption. Refer to the [Automated license utilization reporting documentation](/consul/docs/enterprise/license/utilization-reporting) for more information. 
+
+## What's deprecated
+
+- **Ingress gateway:** Starting with this release, ingress gateway is deprecated and will not be enhanced beyond its current capabilities. Ingress gateway is fully supported in this version but may be removed in a future release of Consul. 
+
+  Consul's API gateway is the recommended alternative to ingress gateway. For ingress gateway features not currently supported by API gateway, equivalent functionality will be added to API gateway over the next several releases of Consul.
+
+- **Legacy API Gateway:** The Consul AP Gateway that was previously packaged (`consul-api-gateway`) and released separately from Consul K8s is now deprecated. This is referred to as the “legacy” API Gateway.
+
+  The legacy API Gateway (v0.5.4) is supported with this version of Consul on Kubernetes in order to simplify the process of migrating from legacy to native API gateways.
+
+## What's changed
+
+- The native API Gateway creates "API-gateway" configuration objects in Consul. This is a change from the legacy API Gateway, which creates "ingress-gateway" objects in Consul.
+
+- The native API Gateway in Consul on Kubernetes v1.2 does not create service intentions automatically. 
+
+## Supported software
+
+<Note> Consul 1.15.x and 1.14.x are not supported. Please refer to Supported Consul and Kubernetes versions for more detail on choosing the correct consul-k8s version. </Note>
+
+- Consul 1.16.x.
+- Consul Dataplane v1.2.x. Refer to Envoy and Consul Dataplane for details about Consul Dataplane versions and the available packaged Envoy version.
+- Kubernetes 1.24.x - 1.27.x
+- kubectl 1.24.x - 1.27.x
+- Helm 3.6+
+
+## Upgrading
+
+For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs.
+
+## Changelogs
+
+The changelogs for this major release version and any maintenance versions are listed below.
+
+<Note> These links take you to the changelogs on the GitHub website. </Note>
+
+- [1.2.0-rc1](https://github.com/hashicorp/consul-k8s/releases/tag/v1.2.0-rc1)
\ No newline at end of file
diff --git a/website/content/docs/release-notes/consul/v1_16_x.mdx b/website/content/docs/release-notes/consul/v1_16_x.mdx
index 0472de83f208..33241b6b8454 100644
--- a/website/content/docs/release-notes/consul/v1_16_x.mdx
+++ b/website/content/docs/release-notes/consul/v1_16_x.mdx
@@ -9,11 +9,11 @@ description: >-
 
 We are pleased to announce the following Consul updates. 
 
-## Release Highlights
+## Release highlights
 
 - **Sameness groups (Enterprise):** Sameness groups are a user-defined set of partitions that Consul uses to identify services in different administrative partitions with the same name as being the same services. You can use sameness groups to create a blanket failover policy for deployments with cluster peering connections. Refer to the [Sameness groups overview](/consul/docs/connect/cluster-peering/usage/create-sameness-groups) for more information.
 
-   <Note> Sameness groups is currently a _beta_ feature in Consul Enterprise v1.16.0. </Note>
+   <Note> Sameness groups is currently a beta feature in Consul Enterprise v1.16.0. </Note>
 
 - **Permissive mTLS:** You can enable the `permissive` mTLS mode to enable sidecar proxies to accept both mTLS and non-mTLS traffic. Using this mode enables you to onboard services without downtime and without reconfiguring or redeploying your application. Refer to the [Onboard services while in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for more information on how to use permissive mTLS to onboard services to Consul.
 
@@ -43,7 +43,13 @@ We are pleased to announce the following Consul updates.
 
 - **JWT Authorization with service intentions:** Consul can now authorize connections based on claims present in JSON Web Token (JWT). You can configure Consul to use one or more JWT providers, which lets you control access to services and specific HTTP paths based on the validity of JWT claims embedded in the service traffic. This ensures a uniform and low latency mechanism to validate and authorize communication based on JWT claims across all services in a diverse service-oriented architecture. Refer to the [Use JWT authorization with service intentions](/consul/docs/connect/intentions/jwt-authorization) for more information.
 
-- **Automated license utilization reporting (Enterprise):** Consul Enteprise now provides automated license utilization reporting, which sends minimal product-license metering data to HashiCorp. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption. Refer to the [Automated license utilization reporting documentation](/consul/docs/enterprise/license/utilization-reporting) for more information. 
+- **Automated license utilization reporting (Enterprise):** Consul Enterprise now provides automated license utilization reporting, which sends minimal product-license metering data to HashiCorp. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption. Refer to the [Automated license utilization reporting documentation](/consul/docs/enterprise/license/utilization-reporting) for more information. 
+
+## What's deprecated
+
+- **Ingress gateway:** Starting with this release, ingress gateway is deprecated and will not be enhanced beyond its current capabilities. Ingress gateway is fully supported in this version but may be removed in a future release of Consul. 
+
+  Consul's API gateway is the recommended alternative to ingress gateway. For ingress gateway features not currently supported by API gateway, equivalent functionality will be added to API gateway over the next several releases of Consul.
 
 ## Upgrading
 
@@ -55,4 +61,4 @@ The changelogs for this major release version and any maintenance versions are l
 
 <Note> These links take you to the changelogs on the GitHub website. </Note>
 
-- [1.16.0-rc1](https://github.com/hashicorp/consul/releases/tag/v1.16.0-rc1)
\ No newline at end of file
+- [1.16.0](https://github.com/hashicorp/consul/releases/tag/v1.16.0)
\ No newline at end of file
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index ed0d2ac2decd..6d92dab50299 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -182,6 +182,10 @@
       {
         "title": "Consul K8s",
         "routes": [
+          {
+            "title": "v1.2.x",
+            "path": "release-notes/consul-k8s/v1_2_x"
+          },
           {
             "title": "v1.1.x",
             "path": "release-notes/consul-k8s/v1_1_x"

From b76c4d7bd556a76d3e0c0847e2c91f734530411c Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Tue, 27 Jun 2023 12:35:58 -0700
Subject: [PATCH 105/359] Propose new changes to APIgw upgrade instructions
 (#17693)

* Propose new changes to APIgw upgrade instructions

* fix build error

* update callouts to render correctly

* Add hideClipboard to log messages

* Added clarification around consul k8s and crds
---
 website/content/docs/api-gateway/upgrades.mdx | 102 +++++++++++++-----
 .../ecs/terraform/secure-configuration.mdx    |   4 +-
 website/content/docs/enterprise/fips.mdx      |   6 +-
 3 files changed, 80 insertions(+), 32 deletions(-)

diff --git a/website/content/docs/api-gateway/upgrades.mdx b/website/content/docs/api-gateway/upgrades.mdx
index 2728db807f37..577920fd7d37 100644
--- a/website/content/docs/api-gateway/upgrades.mdx
+++ b/website/content/docs/api-gateway/upgrades.mdx
@@ -7,7 +7,7 @@ description: >-
 
 # Upgrade Consul API gateway for Kubernetes
 
-Since Consul v1.15, the Consul API gateway is a native feature within the Consul binary and is installed during the normal Consul installation process. Since Consul v1.16, the CRDs necessary for using the Consul API gateway for Kubernetes are also included. You can install Consul v1.16 using the Consul Helm chart v1.2 and later. Refer to [Install API gateway for Kubernetes](/consul/docs/api-gateway/install) for additional information.
+Since Consul v1.15, the Consul API gateway is a native feature within the Consul binary and is installed during the normal Consul installation process. Since Consul on Kubernetes v1.2 (Consul v1.16), the CRDs necessary for using the Consul API gateway for Kubernetes are also included. You can install Consul v1.16 using the Consul Helm chart v1.2 and later. Refer to [Install API gateway for Kubernetes](/consul/docs/api-gateway/install) for additional information.
 
 ## Introduction
 
@@ -47,66 +47,114 @@ To begin using the native API gateway, complete one of the following upgrade pat
 
 ## Upgrade to native Consul API gateway
 
-You must begin the upgrade procedure with Consul API gateway v1.1 installed. If you are currently using a version of Consul API gateway older than v1.1, complete the necessary stages of the upgrade path to v1.1 before you begin upgrading to the native API gateway. Refer to the [Introduction](#introduction) for an overview of the upgrade paths.
+You must begin the upgrade procedure with API gateway with Consul on Kubernetes v1.1 installed. If you are currently using a version of Consul on Kubernetes older than v1.1, complete the necessary stages of the upgrade path to v1.1 before you begin upgrading to the native API gateway. Refer to the [Introduction](#introduction) for an overview of the upgrade paths.
 
 ### Consul-managed CRDs
 
 If you are able to tolerate downtime for your applications, you should delete previously installed CRDs and allow Consul to install and manage them for future updates. The amount of downtime depends on how quickly you are able to install the new version of Consul. If you are unable to tolerate any downtime, refer to [Self-managed CRDs](#self-managed-crds) for instructions on how to upgrade without downtime.
 
-1. Run the `kubectl delete` command and reference the kustomize directory to delete the existing CRDs. The following example deletes the CRDs that were installed with API gateway v0.5.1: 
+1. Run the `kubectl delete` command and reference the `kustomize` directory to delete the existing CRDs. The following example deletes the CRDs that were installed with API gateway `v0.5.1`: 
 
   ```shell-session
   $ kubectl delete --kustomize="github.com/hashicorp/consul-api-gateway/config/crd?ref=v0.5.1"
   ``` 
 
-1. Issue the following command to apply the configuration and complete the installation:
+1. Issue the following command to use the API gateway packaged in Consul. Since Consul will not detected an external CRD, it will try to install the API gateway packaged with Consul.
 
   ```shell-session
-  $ kubectl apply -f apigw-installation.yaml
+  $ consul-k8s install -config-file values.yaml
   ```
 
 1. Create `ServiceIntentions` allowing `Gateways` to communicate with any backend services that they route to. Refer to [Service intentions configuration entry reference](/consul/docs/connect/config-entries/service-intentions) for additional information.
 
 1. Change any existing `Gateways` to reference the new `GatewayClass` `consul`. Refer to [gatewayClass](/consul/docs/api-gateway/configuration/gateway#gatewayclassname) for additional information.
 
-1. After updating all of your `gateway` configurations to use the new controller, you can complete the upgrade again and completely remove the `apiGateway` block to remove the old controller. 
+1. After updating all of your `gateway` configurations to use the new controller, you can remove the `apiGateway` block from the Helm chart and upgrade your Consul cluster. This completely removes the old gateway controller. 
+
+  <CodeBlockConfig filename="values.yaml">
+
+    ```diff
+    global:
+      image: hashicorp/consul:1.15
+      imageK8S: hashicorp/consul-k8s-control-plane:1.1
+    - apiGateway:
+    -  enabled: true
+    -  image: hashicorp/consul-api-gateway:0.5.4
+    -  managedGatewayClass:
+    -    enabled: true
+    ```
+
+  </CodeBlockConfig>
+
+  ```shell-session
+  $ consul-k8s install -config-file values.yaml
+  ```
 
 ### Self-managed CRDs
 
+<Note>
+
+  This upgrade method uses `connectInject.apiGateway.manageExternalCRDs`, which was introduced in Consul on Kubernetes v1.2. As a result, you must be on at least Consul on Kubernetes v1.2 for this upgrade method.
+
+</Note>
+
 If you are unable to tolerate any downtime, you can complete the following steps to upgrade to the native Consul API gateway. If you choose this upgrade option, you must continue to manually install the CRDs necessary for operating the API gateway. 
 
-1. Create a values file that installs the version of Consul API gateway that ships with Consul and disables externally-managed CRDs:
+1. Create a Helm chart that installs the version of Consul API gateway that ships with Consul and disables externally-managed CRDs:
 
-  <CodeBlock heading="apigw-installation.yaml">
+  <CodeBlockConfig filename="values.yaml" highlight="2-3,5-6">
 
-  ```yaml
-  global:
-    image: hashicorp/consul:1.16
-    imageK8S: hashicorp/consul-k8s-control-plane
-  connectInject:
+    ```yaml
+    global:
+      image: hashicorp/consul:1.16
+      imageK8S: hashicorp/consul-k8s-control-plane:1.2
+    connectInject:
+      apiGateway:
+        manageExternalCRDs: false
     apiGateway:
-      manageExternalCRDs: false
-  apiGateway:
-    enabled: true
-    image: hashicorp/consul-api-gateway:0.5.4
-    managedGatewayClass:
       enabled: true
-  ```
+      image: hashicorp/consul-api-gateway:0.5.4
+      managedGatewayClass:
+        enabled: true
+    ```
 
-  </CodeBlock>
+  </CodeBlockConfig>
+  
+  You must set `connectInject.apiGateway.manageExternalCRDs` to `false`. If you have external CRDs with legacy installation and you do not set this, you will get an error when you try to upgrade because Helm will try to install CRDs that already exist.
 
-1. Issue the following command to apply the configuration and complete the installation:
+1. Issue the following command to install the new version of API gateway and disables externally-managed CRDs:
 
   ```shell-session
-  $ kubectl apply -f apigw-installation.yaml
+  $ consul-k8s install -config-file values.yaml
   ```
 
 1. Create `ServiceIntentions` allowing `Gateways` to communicate with any backend services that they route to. Refer to [Service intentions configuration entry reference](/consul/docs/connect/config-entries/service-intentions) for additional information.
 
 1. Change any existing `Gateways` to reference the new `GatewayClass` `consul`. Refer to [gatewayClass](/consul/docs/api-gateway/configuration/gateway#gatewayclassname) for additional information.
 
-1. After updating all of your `gateway` configurations to use the new controller, you can remove the `apiGateway` block from the Helm chart and rerun it. This completely removes the old gateway controller. 
+1. After updating all of your `gateway` configurations to use the new controller, you can remove the `apiGateway` block from the Helm chart and upgrade your Consul cluster. This completely removes the old gateway controller. 
+
+  <CodeBlockConfig filename="values.yaml">
+
+    ```diff
+    global:
+      image: hashicorp/consul:1.16
+      imageK8S: hashicorp/consul-k8s-control-plane:1.2
+    connectInject:
+      apiGateway:
+        manageExternalCRDs: false
+    - apiGateway:
+    -  enabled: true
+    -  image: hashicorp/consul-api-gateway:0.5.4
+    -  managedGatewayClass:
+    -    enabled: true
+    ```
+
+  </CodeBlockConfig>
 
+  ```shell-session
+  $ consul-k8s install -config-file values.yaml
+  ```
 
 ## Upgrade to v0.4.0
 
@@ -157,7 +205,7 @@ Complete the following steps after performing standard upgrade procedure.
 
   You should receive a response similar to the following:
 
-  ```log
+  ```log hideClipboard
   "hashicorp/consul-api-gateway:0.4.0"
   ```
 
@@ -170,7 +218,7 @@ Complete the following steps after performing standard upgrade procedure.
   ```
 If you have any active `ReferencePolicy` resources, you will receive output similar to the response below.
 
-  ```log
+  ```log hideClipboard
   Warning: ReferencePolicy has been renamed to ReferenceGrant. ReferencePolicy will be removed in v0.6.0 in favor of the identical ReferenceGrant resource.
   NAMESPACE   NAME
   default     example-reference-policy
@@ -295,7 +343,7 @@ Ensure that the following requirements are met prior to upgrading:
 
   You should receive a response similar to the following:
 
-  ```log
+  ```log hideClipboard
   "hashicorp/consul-api-gateway:0.2.1"
   ```
 
@@ -449,7 +497,7 @@ Ensure that the following requirements are met prior to upgrading:
 
   You should receive the following response:
 
-  ```log
+  ```log hideClipboard
   "hashicorp/consul-api-gateway:0.1.0"
   ```
 
diff --git a/website/content/docs/ecs/terraform/secure-configuration.mdx b/website/content/docs/ecs/terraform/secure-configuration.mdx
index 07031f5490e3..4db6c13abbaa 100644
--- a/website/content/docs/ecs/terraform/secure-configuration.mdx
+++ b/website/content/docs/ecs/terraform/secure-configuration.mdx
@@ -121,7 +121,7 @@ Follow the instructions described in [Create a task definition](/consul/docs/ecs
 
 The secret stores the gossip encryption key that the Consul clients use.
 
-<CodeBlock>
+<CodeBlockConfig>
 
 ```hcl
 resource "aws_secretsmanager_secret" "gossip_key" {
@@ -134,7 +134,7 @@ resource "aws_secretsmanager_secret_version" "gossip_key" {
 }
 ```
 
-</CodeBlock>
+</CodeBlockConfig>
 
 ### Enable secure deployment
 
diff --git a/website/content/docs/enterprise/fips.mdx b/website/content/docs/enterprise/fips.mdx
index 6ad145886be2..5f5cf281967a 100644
--- a/website/content/docs/enterprise/fips.mdx
+++ b/website/content/docs/enterprise/fips.mdx
@@ -87,13 +87,13 @@ Consul's FIPS 140-2 products on Windows use the CNGCrypto integration in Microso
 
 To ensure your build of Consul Enterprise includes FIPS support, confirm that a line with `FIPS: Enabled` appears when you run a `version` command. For example, the following message appears for Linux users:
 
-```shell-session hideClipboard
+```log hideClipboard
 FIPS: FIPS 140-2 Enabled, crypto module boringcrypto
 ```
 
 The following message appears for Windows users:
 
-```shell-session hideClipboard
+```log hideClipboard
 FIPS: FIPS 140-2 Enabled, crypto module cngcrypto
 ```
 
@@ -121,7 +121,7 @@ Similarly, on a FIPS Windows binary, run `go tool nm` on the binary to get a sym
 
 On both Linux and Windows non-FIPS builds, the search output yields no results.
 
-### Compliance Validation
+### Compliance validation
 
 A Lab, authorized by the U.S. Government to certify FIPS 140-2 compliance, is in the process of verifying that Consul Enterprise and its related packages are compliant with the requirements of FIPS 140-2 Level 1.
 

From 3368f14fab500ebe9f6aeab5631dd1d5f5a453e5 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Tue, 27 Jun 2023 16:19:39 -0600
Subject: [PATCH 106/359] Add workflow to verify linux release packages
 (#17904)

* adding docker files to verify linux packages.

* add verifr-release-linux.yml

* updating name

* pass inputs directly into jobs

* add other linux package platforms

* remove on push

* fix TARGETARCH on debian and ubuntu so it can check arm64 and amd64

* fixing amazon to use the continue line

* add ubuntu i386

* fix comment lines

* working

* remove commented out workflow jobs

* Apply suggestions from code review

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* update fedora and ubuntu to use latest tag

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
---
 .github/workflows/verify-release-linux.yaml   | 78 +++++++++++++++++++
 .../docker/Verify-Release-Amazon.dockerfile   | 10 +++
 .../docker/Verify-Release-CentOS.dockerfile   | 10 +++
 .../docker/Verify-Release-Debian.dockerfile   | 12 +++
 .../docker/Verify-Release-Fedora.dockerfile   | 10 +++
 .../Verify-Release-Ubunt-i386.dockerfile      | 12 +++
 .../docker/Verify-Release-Ubuntu.dockerfile   | 12 +++
 7 files changed, 144 insertions(+)
 create mode 100644 .github/workflows/verify-release-linux.yaml
 create mode 100644 build-support/docker/Verify-Release-Amazon.dockerfile
 create mode 100644 build-support/docker/Verify-Release-CentOS.dockerfile
 create mode 100644 build-support/docker/Verify-Release-Debian.dockerfile
 create mode 100644 build-support/docker/Verify-Release-Fedora.dockerfile
 create mode 100644 build-support/docker/Verify-Release-Ubunt-i386.dockerfile
 create mode 100644 build-support/docker/Verify-Release-Ubuntu.dockerfile

diff --git a/.github/workflows/verify-release-linux.yaml b/.github/workflows/verify-release-linux.yaml
new file mode 100644
index 000000000000..a86da7f05fb3
--- /dev/null
+++ b/.github/workflows/verify-release-linux.yaml
@@ -0,0 +1,78 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+name: Verify Release - Linux
+
+on:
+  workflow_dispatch:
+    inputs:
+      packageName:
+        description: 'Name of consul release package (consul vs consul-enterprise)'
+        required: true
+        default: 'consul'
+        type: choice
+        options:
+        - consul
+        - consul-enterprise
+      version:
+        description: The x.y.z version (also need to specify applicable suffixes like +ent and -dev)'
+        required: true
+        type: string
+
+jobs:
+  verify-ubuntu-amd64:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - name: docker build with version
+        run: |
+          docker build \
+          --build-arg PACKAGE=${{ inputs.packageName }} \
+          --build-arg VERSION=${{ inputs.version }} \
+          --build-arg TARGETARCH=amd64 \
+          -f ./build-support/docker/Verify-Release-Ubuntu.dockerfile .
+
+  verify-debian-amd64:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - name: docker build with version
+        run: |
+          docker build \
+          --build-arg PACKAGE=${{ inputs.packageName }} \
+          --build-arg VERSION=${{ inputs.version }} \
+          --build-arg TARGETARCH=amd64 \
+          -f ./build-support/docker/Verify-Release-Debian.dockerfile .
+
+  verify-fedora:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - name: docker build with version
+        run: |
+          docker build \
+          --build-arg PACKAGE=${{ inputs.packageName }} \
+          --build-arg VERSION=${{ inputs.version }} \
+          -f ./build-support/docker/Verify-Release-Fedora.dockerfile .
+
+  verify-centos:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - name: docker build with version
+        run: |
+          docker build \
+          --build-arg PACKAGE=${{ inputs.packageName }} \
+          --build-arg VERSION=${{ inputs.version }} \
+          -f ./build-support/docker/Verify-Release-CentOS.dockerfile .
+
+  verify-amazon:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - name: docker build with version
+        run: |
+          docker build \
+          --build-arg PACKAGE=${{ inputs.packageName }} \
+          --build-arg VERSION=${{ inputs.version }} \
+          -f ./build-support/docker/Verify-Release-Amazon.dockerfile .
diff --git a/build-support/docker/Verify-Release-Amazon.dockerfile b/build-support/docker/Verify-Release-Amazon.dockerfile
new file mode 100644
index 000000000000..591b234c3b7c
--- /dev/null
+++ b/build-support/docker/Verify-Release-Amazon.dockerfile
@@ -0,0 +1,10 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+FROM amazonlinux:latest
+RUN yum install -y yum-utils shadow-utils
+RUN yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
+ARG PACKAGE=consul \
+ARG VERSION \
+ARG SUFFIX=1
+RUN yum install -y ${PACKAGE}-${VERSION}-${SUFFIX}
diff --git a/build-support/docker/Verify-Release-CentOS.dockerfile b/build-support/docker/Verify-Release-CentOS.dockerfile
new file mode 100644
index 000000000000..a2be67ac776f
--- /dev/null
+++ b/build-support/docker/Verify-Release-CentOS.dockerfile
@@ -0,0 +1,10 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+FROM centos:7
+RUN yum install -y yum-utils
+RUN yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
+ARG PACKAGE=consul \
+ARG VERSION \
+ARG SUFFIX=1
+RUN yum install -y ${PACKAGE}-${VERSION}-${SUFFIX}
\ No newline at end of file
diff --git a/build-support/docker/Verify-Release-Debian.dockerfile b/build-support/docker/Verify-Release-Debian.dockerfile
new file mode 100644
index 000000000000..533890bca43f
--- /dev/null
+++ b/build-support/docker/Verify-Release-Debian.dockerfile
@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+FROM debian:bullseye
+RUN apt update && apt install -y software-properties-common curl gnupg
+RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
+ARG TARGETARCH=amd64
+RUN apt-add-repository "deb [arch=${TARGETARCH}] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
+ARG PACKAGE=consul \
+ARG VERSION \
+ARG SUFFIX=1
+RUN apt-get update && apt-get install -y ${PACKAGE}=${VERSION}-${SUFFIX}
\ No newline at end of file
diff --git a/build-support/docker/Verify-Release-Fedora.dockerfile b/build-support/docker/Verify-Release-Fedora.dockerfile
new file mode 100644
index 000000000000..601751a91182
--- /dev/null
+++ b/build-support/docker/Verify-Release-Fedora.dockerfile
@@ -0,0 +1,10 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+FROM fedora:latest
+RUN dnf install -y dnf-plugins-core
+RUN dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
+ARG PACKAGE=consul \
+ARG VERSION \
+ARG SUFFIX=1
+RUN dnf install -y ${PACKAGE}-${VERSION}-${SUFFIX}
diff --git a/build-support/docker/Verify-Release-Ubunt-i386.dockerfile b/build-support/docker/Verify-Release-Ubunt-i386.dockerfile
new file mode 100644
index 000000000000..82913b4f7261
--- /dev/null
+++ b/build-support/docker/Verify-Release-Ubunt-i386.dockerfile
@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+FROM i386/ubuntu:latest
+RUN apt update && apt install -y software-properties-common curl
+RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
+ARG TARGETARCH=amd64
+RUN apt-add-repository "deb [arch=${TARGETARCH}] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
+ARG PACKAGE=consul \
+ARG VERSION \
+ARG SUFFIX=1
+RUN apt-get update && apt-get install -y ${PACKAGE}=${VERSION}-${SUFFIX}
diff --git a/build-support/docker/Verify-Release-Ubuntu.dockerfile b/build-support/docker/Verify-Release-Ubuntu.dockerfile
new file mode 100644
index 000000000000..ddeffc40c5f6
--- /dev/null
+++ b/build-support/docker/Verify-Release-Ubuntu.dockerfile
@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+FROM ubuntu:latest
+RUN apt update && apt install -y software-properties-common curl
+RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
+ARG TARGETARCH=amd64
+RUN apt-add-repository "deb [arch=${TARGETARCH}] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
+ARG PACKAGE=consul \
+ARG VERSION \
+ARG SUFFIX=1
+RUN apt-get update && apt-get install -y ${PACKAGE}=${VERSION}-${SUFFIX}

From f7870881e0e575ca92d9a9a35ee04da9bd464716 Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Tue, 27 Jun 2023 19:17:20 -0400
Subject: [PATCH 107/359] Reference hashicorp/consul instead of consul for
 Docker image (#17914)

* Reference hashicorp/consul instead of consul for Docker image

* Update Make targets that pull consul directly
---
 GNUmakefile                                          | 8 ++++----
 build-support/docker/Consul-Dev-Multiarch.dockerfile | 2 +-
 build-support/docker/Consul-Dev.dockerfile           | 2 +-
 website/content/docs/k8s/installation/install.mdx    | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/GNUmakefile b/GNUmakefile
index 36d45f90a158..79080311c48b 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -171,7 +171,7 @@ dev-build:
 
 dev-docker-dbg: dev-docker
 	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
-	@docker pull consul:$(CONSUL_IMAGE_VERSION) >/dev/null
+	@docker pull hashicorp/consul:$(CONSUL_IMAGE_VERSION) >/dev/null
 	@echo "Building Consul Development container - $(CONSUL_DEV_IMAGE)"
 	@#  'consul-dbg:local' tag is needed to run the integration tests
 	@#  'consul-dev:latest' is needed by older workflows
@@ -183,7 +183,7 @@ dev-docker-dbg: dev-docker
 
 dev-docker: linux dev-build
 	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
-	@docker pull consul:$(CONSUL_IMAGE_VERSION) >/dev/null
+	@docker pull hashicorp/consul:$(CONSUL_IMAGE_VERSION) >/dev/null
 	@echo "Building Consul Development container - $(CONSUL_DEV_IMAGE)"
 	@#  'consul:local' tag is needed to run the integration tests
 	@#  'consul-dev:latest' is needed by older workflows
@@ -205,7 +205,7 @@ remote-docker: check-remote-dev-image-env
 	$(MAKE) GOARCH=amd64 linux
 	$(MAKE) GOARCH=arm64 linux
 	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
-	@docker pull consul:$(CONSUL_IMAGE_VERSION) >/dev/null
+	@docker pull hashicorp/consul:$(CONSUL_IMAGE_VERSION) >/dev/null
 	@echo "Building and Pushing Consul Development container - $(REMOTE_DEV_IMAGE)"
 	@if ! docker buildx inspect consul-builder; then \
 		docker buildx create --name consul-builder --driver docker-container --bootstrap; \
@@ -222,7 +222,7 @@ remote-docker: check-remote-dev-image-env
 # should only run in CI and not locally.
 ci.dev-docker:
 	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
-	@docker pull consul:$(CONSUL_IMAGE_VERSION) >/dev/null
+	@docker pull hashicorp/consul:$(CONSUL_IMAGE_VERSION) >/dev/null
 	@echo "Building Consul Development container - $(CI_DEV_DOCKER_IMAGE_NAME)"
 	@docker build $(NOCACHE) $(QUIET) -t '$(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):$(GIT_COMMIT)' \
 	--build-arg CONSUL_IMAGE_VERSION=$(CONSUL_IMAGE_VERSION) \
diff --git a/build-support/docker/Consul-Dev-Multiarch.dockerfile b/build-support/docker/Consul-Dev-Multiarch.dockerfile
index 53c08879d9a5..265a1804cf11 100644
--- a/build-support/docker/Consul-Dev-Multiarch.dockerfile
+++ b/build-support/docker/Consul-Dev-Multiarch.dockerfile
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: MPL-2.0
 
 ARG CONSUL_IMAGE_VERSION=latest
-FROM consul:${CONSUL_IMAGE_VERSION}
+FROM hashicorp/consul:${CONSUL_IMAGE_VERSION}
 RUN apk update && apk add iptables
 ARG TARGETARCH
 COPY linux_${TARGETARCH}/consul /bin/consul
diff --git a/build-support/docker/Consul-Dev.dockerfile b/build-support/docker/Consul-Dev.dockerfile
index 57b3b37ea0f9..122bc3192a7f 100644
--- a/build-support/docker/Consul-Dev.dockerfile
+++ b/build-support/docker/Consul-Dev.dockerfile
@@ -2,6 +2,6 @@
 # SPDX-License-Identifier: MPL-2.0
 
 ARG CONSUL_IMAGE_VERSION=latest
-FROM consul:${CONSUL_IMAGE_VERSION}
+FROM hashicorp/consul:${CONSUL_IMAGE_VERSION}
 RUN apk update && apk add iptables
 COPY consul /bin/consul
diff --git a/website/content/docs/k8s/installation/install.mdx b/website/content/docs/k8s/installation/install.mdx
index 1d80696ba037..78f90f480797 100644
--- a/website/content/docs/k8s/installation/install.mdx
+++ b/website/content/docs/k8s/installation/install.mdx
@@ -308,7 +308,7 @@ metadata:
 spec:
   containers:
     - name: example
-      image: 'consul:latest'
+      image: 'hashicorp/consul:latest'
       env:
         - name: HOST_IP
           valueFrom:
@@ -345,7 +345,7 @@ spec:
     spec:
       containers:
         - name: example
-          image: 'consul:latest'
+          image: 'hashicorp/consul:latest'
           env:
             - name: HOST_IP
               valueFrom:

From 310bc68e65f784e30706e645bb55667aa6b9a764 Mon Sep 17 00:00:00 2001
From: natemollica-dev <57850649+natemollica-nm@users.noreply.github.com>
Date: Tue, 27 Jun 2023 16:41:53 -0700
Subject: [PATCH 108/359] Update Consul K8s Upgrade Doc Updates (#17921)

Updating upgrade procedures to encompass expected errors during upgrade process from v1.13.x to v1.14.x.
---
 website/content/docs/k8s/upgrade/index.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx
index 666b75bb3613..e41141c142a6 100644
--- a/website/content/docs/k8s/upgrade/index.mdx
+++ b/website/content/docs/k8s/upgrade/index.mdx
@@ -240,7 +240,7 @@ Note that you must remove the token manually after completing the migration.
   kubectl patch deploy $INJECTOR_DEPLOYMENT --type='json' -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/lifecycle"}]'
   ```
 
-1. Follow our [recommended procedures to upgrade servers](#upgrade-consul-servers) on Kubernetes deployments to upgrade Helm values for the new version of Consul.
+1. Follow our [recommended procedures to upgrade servers](#upgrade-consul-servers) on Kubernetes deployments to upgrade Helm values for the new version of Consul. The latest version of consul-k8s components may be in a CrashLoopBackoff state during the performance of the server upgrade from versions <1.14.x until all Consul servers are on versions >=1.14.x. Components in CrashLoopBackoff will not negatively affect the cluster because older versioned components will still be operating. Once all servers have been fully upgraded, the latest consul-k8s components will automatically restore from CrashLoopBackoff and older component versions will be spun down.
 
 1. Run `kubectl rollout restart` to restart your service mesh applications. Restarting service mesh application causes Kubernetes to re-inject them with the webhook for dataplanes.
 

From 6f5da97d663c50b194b9b4031738b3977963675c Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Tue, 27 Jun 2023 18:45:23 -0700
Subject: [PATCH 109/359] Update sameness-group.mdx (#17915)

---
 .../docs/connect/config-entries/sameness-group.mdx | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/website/content/docs/connect/config-entries/sameness-group.mdx b/website/content/docs/connect/config-entries/sameness-group.mdx
index 8d19b989ff3b..76752c2c54af 100644
--- a/website/content/docs/connect/config-entries/sameness-group.mdx
+++ b/website/content/docs/connect/config-entries/sameness-group.mdx
@@ -101,8 +101,8 @@ metadata:
 spec:
   defaultForFailover: false
   members:                                        # required
-    partition: <partitionWithServicesInGroup>
-    peer: <clusterPeerWithServicesInGroup>
+    - partition: <partitionWithServicesInGroup>
+    - peer: <clusterPeerWithServicesInGroup>
 ```
 
 </Tab>
@@ -365,11 +365,11 @@ metadata:
 spec:
   defaultForFailover: true
   members:                                   
-    partition: store-east
-    partition: inventory-east
-    peer: dc2-store-west
-    peer: dc2-inventory-west
+    - partition: store-east
+    - partition: inventory-east
+    - peer: dc2-store-west
+    - peer: dc2-inventory-west
 ```
 
 </Tab>
-</Tabs>
\ No newline at end of file
+</Tabs>

From b1681321766f84f75bd3e0ff9207ad492932b8ef Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Tue, 27 Jun 2023 20:23:03 -0700
Subject: [PATCH 110/359] Update create-sameness-groups.mdx (#17927)

---
 .../usage/create-sameness-groups.mdx          | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx
index 24e9e5874be1..8f6fd376a467 100644
--- a/website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx
+++ b/website/content/docs/k8s/connect/cluster-peering/usage/create-sameness-groups.mdx
@@ -89,9 +89,9 @@ metadata:
 spec:
   defaultForFailover: true
   members:                                   
-    partition: partition-1
-    partition: partition-2
-    peer: dc2-partition-1
+    - partition: partition-1
+    - partition: partition-2
+    - peer: dc2-partition-1
 ```
 
 </CodeBlockConfig>
@@ -106,9 +106,9 @@ metadata:
 spec:
   defaultForFailover: true
   members:                                   
-    partition: partition-2
-    partition: partition-1
-    peer: dc2-partition-1  
+    - partition: partition-2
+    - partition: partition-1
+    - peer: dc2-partition-1  
 ```
 
 </CodeBlockConfig>
@@ -123,9 +123,9 @@ metadata:
 spec:
   defaultForFailover: true
   members:                                   
-    partition: partition-1
-    peer: dc1-partition-1
-    peer: dc2-partition-2
+    - partition: partition-1
+    - peer: dc1-partition-1
+    - peer: dc2-partition-2
 ```
 
 </CodeBlockConfig>
@@ -287,4 +287,4 @@ $ kubectl apply --filename api.yaml
 
 It is possible to combine the service intentions configuration entry for creating sameness groups with the entry required to [authorize services for peers](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering#authorize-services-for-peers).
 
-In this workflow, configure the `sources` block with the `samenessGroup` field instead of the `peer` field. You should write the `sameness-group` configuration entry to Consul before referencing it in the `service-intentions` configuration entry.
\ No newline at end of file
+In this workflow, configure the `sources` block with the `samenessGroup` field instead of the `peer` field. You should write the `sameness-group` configuration entry to Consul before referencing it in the `service-intentions` configuration entry.

From 7dbba6c94d762445498a8a21935a979cbb8eb126 Mon Sep 17 00:00:00 2001
From: Dan Bond <danbond@protonmail.com>
Date: Wed, 28 Jun 2023 07:53:43 -0700
Subject: [PATCH 111/359] deps: coredns v1.10.1 (#17912)

---
 go.mod                                   |  22 +-
 go.sum                                   | 300 +++--------------------
 test/integration/consul-container/go.mod |   2 +-
 test/integration/consul-container/go.sum |  16 +-
 4 files changed, 54 insertions(+), 286 deletions(-)

diff --git a/go.mod b/go.mod
index f85e23b0b3c7..29b22f8f6d25 100644
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/armon/go-metrics v0.4.1
 	github.com/armon/go-radix v1.0.0
 	github.com/aws/aws-sdk-go v1.44.289
-	github.com/coredns/coredns v1.6.6
+	github.com/coredns/coredns v1.10.1
 	github.com/coreos/go-oidc v2.1.0+incompatible
 	github.com/docker/go-connections v0.4.0
 	github.com/envoyproxy/go-control-plane v0.11.0
@@ -77,7 +77,7 @@ require (
 	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87
 	github.com/imdario/mergo v0.3.15
 	github.com/kr/text v0.2.0
-	github.com/miekg/dns v1.1.41
+	github.com/miekg/dns v1.1.50
 	github.com/mitchellh/cli v1.1.0
 	github.com/mitchellh/copystructure v1.2.0
 	github.com/mitchellh/go-testing-interface v1.14.0
@@ -123,18 +123,18 @@ require (
 	cloud.google.com/go/compute v1.19.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v0.13.0 // indirect
-	github.com/Azure/azure-sdk-for-go v44.0.0+incompatible // indirect
+	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.18 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect
-	github.com/Azure/go-autorest/autorest/azure/auth v0.5.0 // indirect
-	github.com/Azure/go-autorest/autorest/azure/cli v0.4.0 // indirect
+	github.com/Azure/go-autorest/autorest v0.11.28 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
+	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
+	github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
 	github.com/Azure/go-autorest/autorest/validation v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/DataDog/datadog-go v3.2.0+incompatible // indirect
+	github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/benbjohnson/immutable v0.4.0 // indirect
@@ -153,10 +153,9 @@ require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661 // indirect
 	github.com/digitalocean/godo v1.10.0 // indirect
-	github.com/dimchansky/utfbom v1.1.0 // indirect
+	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
 	github.com/envoyproxy/protoc-gen-validate v0.10.0 // indirect
-	github.com/form3tech-oss/jwt-go v3.2.2+incompatible // indirect
 	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
@@ -170,6 +169,7 @@ require (
 	github.com/go-openapi/validate v0.22.1 // indirect
 	github.com/go-ozzo/ozzo-validation v3.6.0+incompatible // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
@@ -219,7 +219,7 @@ require (
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/common v0.39.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
diff --git a/go.sum b/go.sum
index 9f38d4eb658e..5bd76271a38a 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.41.0/go.mod h1:OauMR7DV8fzvZIl2qg6rkaIhD/vmgk4iwEw/h6ercmg=
 cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
 cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
 cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
@@ -51,98 +50,74 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go v32.6.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go v44.0.0+incompatible h1:e82Yv2HNpS0kuyeCrV29OPKvEiqfs2/uJHic3/3iKdg=
 github.com/Azure/azure-sdk-for-go v44.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/go-autorest v11.1.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
+github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
+github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.1.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg=
-github.com/Azure/go-autorest/autorest v0.5.0/go.mod h1:9HLKlQjVBH6U3oDfsXOeVc56THsLPw1L03yban4xThw=
 github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
-github.com/Azure/go-autorest/autorest v0.9.2/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
-github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0=
 github.com/Azure/go-autorest/autorest v0.11.0/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
-github.com/Azure/go-autorest/autorest v0.11.18 h1:90Y4srNYrwOtAgVo3ndrQkTYn6kf1Eg/AjTFJ8Is2aM=
 github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
-github.com/Azure/go-autorest/autorest/adal v0.1.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E=
-github.com/Azure/go-autorest/autorest/adal v0.2.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E=
+github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
+github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM=
+github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA=
 github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
-github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc=
 github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q=
 github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
-github.com/Azure/go-autorest/autorest/azure/auth v0.1.0/go.mod h1:Gf7/i2FUpyb/sGBLIFxTBzrNzBo7aPXXE3ZVeDRwdpM=
-github.com/Azure/go-autorest/autorest/azure/auth v0.4.1/go.mod h1:5TgH20II424SXIV9YDBsO4rBCKsh39Vbx9DvhJZZ8rU=
-github.com/Azure/go-autorest/autorest/azure/auth v0.5.0 h1:nSMjYIe24eBYasAIxt859TxyXef/IqoH+8/g4+LmcVs=
+github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ=
+github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.0/go.mod h1:QRTvSZQpxqm8mSErhnbI+tANIBAKP7B+UIE2z4ypUO0=
-github.com/Azure/go-autorest/autorest/azure/cli v0.1.0/go.mod h1:Dk8CUAt/b/PzkfeRsWzVG9Yj3ps8mS8ECztu43rdU8U=
-github.com/Azure/go-autorest/autorest/azure/cli v0.3.1/go.mod h1:ZG5p860J94/0kI9mNJVoIoLgXcirM2gF5i2kWloofxw=
-github.com/Azure/go-autorest/autorest/azure/cli v0.4.0 h1:Ml+UCrnlKD+cJmSzrZ/RDcDw86NjkRUpnFh7V5JUhzU=
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk=
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg=
 github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg=
 github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
-github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
 github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
-github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
 github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc=
+github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
+github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
 github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
 github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
-github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8=
 github.com/Azure/go-autorest/autorest/validation v0.3.0 h1:3I9AAI63HfcLtphd9g39ruUwRI+Ca+z/f36KHPFRUss=
 github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E=
 github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
 github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.1.0/go.mod h1:ROEEAFwXycQw7Sn3DXNtEedEvdeRAgDr0izn4z5Ij88=
 github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/DataDog/zstd v1.3.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
+github.com/DataDog/datadog-go v4.8.2+incompatible h1:qbcKSx29aBLD+5QLvlQZlGmRMF/FfGqFLFev/1TDzRo=
+github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/NYTimes/gziphandler v1.0.1 h1:iLrQrdwjDd52kHDA5op2UBJFjmOb9g+7scBan4RN8F0=
 github.com/NYTimes/gziphandler v1.0.1/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87/go.mod h1:iGLljf5n9GjT6kc0HBvyI1nOKnGQbNB66VzSNbK5iks=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
-github.com/Shopify/sarama v1.21.0/go.mod h1:yuqtN/pe8cXRWG5zPaO7hCfNJp5MwmkoJEoLjkm5tCQ=
-github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af h1:DBNMBMuMiWYu0b+8KMJuWmfCkcxl09JwdlqwDZZ6U14=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw=
-github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.0/go.mod h1:zpDJeKyp9ScW4NNrbdr+Eyxvry3ilGPewKoXw3XGN1k=
-github.com/alangpierce/go-forceexport v0.0.0-20160317203124-8f1d6941cd75/go.mod h1:uAXEEpARkRhCZfEvy/y0Jcc888f9tHCc1W7/UeEtreE=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190808125512-07798873deee/go.mod h1:myCDvQSzCW+wB1WAlocEru4wMGJxy+vlxHdhegi1CDQ=
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 h1:K4N91T1+RlSlx+t2dujeDviy4ehSGVjEltluDgmeHS4=
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.156/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs=
-github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190307165228-86c17b95fcd5/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
-github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e h1:QEF07wC0T1rKkctt1RINW/+RMTVmiwxETico2l3gxJA=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
@@ -157,13 +132,10 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.23.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go v1.25.48/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
 github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0=
 github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
 github.com/benbjohnson/immutable v0.4.0 h1:CTqXbEerYso8YzVPxmWxh2gnoRQbbB9X1quUC8+vGZA=
 github.com/benbjohnson/immutable v0.4.0/go.mod h1:iAr8OjJGLnLmVUr9MZ/rz4PWUy6Ouc2JLYuMArmvAJM=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -174,20 +146,15 @@ github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQ
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
 github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
-github.com/caddyserver/caddy v1.0.4/go.mod h1:uruyfVsyMcDb3IOzSKsi1x0wOjy1my/PxOSTcD+24jM=
 github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
-github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
 github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.0/go.mod h1:dgIUBU3pDso/gPgZ1osOZ0iQf77oPR28Tjxl5dIMyVM=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cheekybits/genny v1.0.0/go.mod h1:+tQajlRqAUrPI7DOSpB0XAqZYtQakVtB7wXkRAgjxjQ=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -196,7 +163,6 @@ github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6D
 github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.10.2/go.mod h1:qhVI5MKwBGhdNU89ZRz2plgYutcJ5PCekLxXn56w6SY=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -208,10 +174,8 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 h1:58f1tJ1ra+zFINPlwLWvQsR9CzAKt2e+EWV2yX9oXQ4=
 github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/coredns/coredns v1.6.6 h1:GFJXHHBiN2YGp4vS1tltNR0AhI1+TXhb79WT1VAS47I=
-github.com/coredns/coredns v1.6.6/go.mod h1:Bdcnka9HmKGYj12ZIDF3lpQSfDHSsMc85Wj9xEyZUts=
-github.com/coredns/federation v0.0.0-20190818181423-e032b096babe/go.mod h1:MoqTEFX8GlnKkyq8eBCF94VzkNAOgjdlCJ+Pz/oCLPk=
+github.com/coredns/coredns v1.10.1 h1:6OyL7tcvYxeNHONj5iQlVM2GXBzAOq57L3/LUKP1DbA=
+github.com/coredns/coredns v1.10.1/go.mod h1:oGgoY6cRrdJzKgNrsT30Hztu7/MutSHCYwqGDWngXCc=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.27+incompatible h1:QIudLb9KeBsE5zyYxd1mjzRSkzLg9Wf9QlRwFgd6oTA=
@@ -220,50 +184,36 @@ github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8Nz
 github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190212144455-93d5ec2c7f76/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf h1:GOPo6vn/vTN+3IwZBvXX0y5doJfSC7My0cdzelyOCsQ=
 github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpu/goacmedns v0.0.1/go.mod h1:sesf/pNnCYwUevQEQfEwY0Y3DydlQWSGZbaMElOWxok=
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/decker502/dnspod-go v0.2.0/go.mod h1:qsurYu1FgxcDwfSwXJdLt4kRsBLZeosEb9uq4Sy+08g=
 github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661 h1:lrWnAyy/F72MbxIxFUzKmcMCdt9Oi8RzpAxzTNQHD7o=
 github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
-github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/digitalocean/godo v1.7.5/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU=
 github.com/digitalocean/godo v1.10.0 h1:uW1/FcvZE/hoixnJcnlmIUvTVNdZCLjRLzmDtRi1xXY=
 github.com/digitalocean/godo v1.10.0/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU=
-github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TRo4=
 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
+github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
+github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/dnaeon/go-vcr v0.0.0-20180814043457-aafff18a5cc2/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/dnaeon/go-vcr v1.0.1 h1:r8L/HqC0Hje5AXMu1ooW8oyQyOFv4GxqpL0nRP7SLLY=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
-github.com/dnsimple/dnsimple-go v0.30.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c71tQlGr9SeGrg=
-github.com/dnstap/golang-dnstap v0.0.0-20170829151710-2cf77a2b5e11/go.mod h1:s1PfVYYVmTMgCSPtho4LKBDecEHJWtiVDPNv78Z985U=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
-github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
@@ -283,12 +233,8 @@ github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfb
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/envoyproxy/protoc-gen-validate v0.10.0 h1:oIfnZFdC0YhpNNEX+SuIqko4cqqVZeN9IGTrhZje83Y=
 github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
-github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch v4.1.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
-github.com/exoscale/egoscale v0.18.1/go.mod h1:Z7OOdzzTOz1Q1PjQXumlz9Wn/CddH0zSYdCF3rnBKXE=
-github.com/farsightsec/golang-framestream v0.0.0-20181102145529-8a0cb8ba8710/go.mod h1:eNde4IQyEiA5br02AouhEHCu3p3UzrCdFR4LuQHklMI=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
@@ -296,8 +242,6 @@ github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
 github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y=
 github.com/frankban/quicktest v1.13.0 h1:yNZif1OkDfNoDfb9zZa9aXIpejNR4F23Wely0c+Qdqk=
@@ -307,24 +251,15 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-acme/lego/v3 v3.1.0/go.mod h1:074uqt+JS6plx+c9Xaiz6+L+GBb+7itGtzfcDM2AhEE=
-github.com/go-acme/lego/v3 v3.2.0/go.mod h1:074uqt+JS6plx+c9Xaiz6+L+GBb+7itGtzfcDM2AhEE=
 github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s=
-github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-ini/ini v1.44.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -403,15 +338,15 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe
 github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
 github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
 github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
-github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
+github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
+github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
 github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
@@ -433,7 +368,6 @@ github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3K
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.0/go.mod h1:Qd/q+1AKNOZr9uGQzbzCmRO6sUih6GTPZv6a1/R87v0=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
@@ -452,12 +386,10 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/btree v0.0.0-20160524151835-7d79101e329e/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
@@ -482,7 +414,6 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
-github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
@@ -509,7 +440,6 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLe
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 h1:AtvtonGEH/fZK0XPNNBdB6swgy7Iudfx88wzyIpwqJ8=
 github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2/go.mod h1:DavVbd41y+b7ukKDmlnPR4nGYmkWXR6vHUkjQNiHPBs=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
@@ -524,32 +454,20 @@ github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38
 github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
-github.com/gophercloud/gophercloud v0.0.0-20190126172459-c818fa66e4c8/go.mod h1:3WdhXV3rUYy9p6AUW8d94kr+HS62Y4VL9mBnFxsD8q4=
 github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
 github.com/gophercloud/gophercloud v0.3.0 h1:6sjpKIpVwRIIwmcEGp+WwNovNsem+c+2vm6oxshRpL8=
 github.com/gophercloud/gophercloud v0.3.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 h1:lLT7ZLSzGLI08vc9cpd+tYmNWjdKDqyr/2L+f6U12Fk=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
-github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw=
-github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI=
 github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 h1:1ZEjnveDe20yFa6lSkfdQZm5BR/b271n0MsB5R2L3us=
 github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706/go.mod h1:1Cs8FlmD1BfSQXJGcFLSV5FuIx1AbJP+EJGdxosoS2g=
 github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 h1:wzWurXrxfSyG1PHskIZlfuXlTSCj1Tsyatp9DtaasuY=
@@ -630,7 +548,6 @@ github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pB
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
@@ -683,14 +600,11 @@ github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQg
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df/go.mod h1:QMZY7/J/KSQEhKWFeDesPjMj+wCHReeknARU3wqlyN4=
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
 github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/infobloxopen/go-trees v0.0.0-20190313150506-2af4e13f9062/go.mod h1:PcNJqIlcX/dj3DTG/+QQnRvSgTMG6CLpRMjWcv4+J6w=
 github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ=
 github.com/jackc/pgx v3.3.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I=
 github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da h1:FjHUJJ7oBW4G/9j1KzlHaXL09LyMVM9rupS39lncbXk=
@@ -698,7 +612,6 @@ github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9de
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
 github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
-github.com/jimstudt/http-authentication v0.0.0-20140401203705-3eca13d6893a/go.mod h1:wK6yTYYcgjHE1Z1QtXACPDjcFJyBskHEdagmnq3vsP8=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
@@ -712,22 +625,15 @@ github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFF
 github.com/joyent/triton-go v0.0.0-20180628001255-830d2b111e62/go.mod h1:U+RSyWxWd04xTqnuOQxnai7XGS2PrPY2cfGoDKtMHjA=
 github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f h1:ENpDacvnr8faw5ugQmEF1QYk+f/Y9lXFvuYmRxykago=
 github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f/go.mod h1:KDSfL7qe5ZfQqvlDMkVjCztbmcpp/c8M77vhQP8ZPvk=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
-github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
 github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
@@ -735,11 +641,8 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
-github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -750,15 +653,10 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
-github.com/labbsr0x/bindman-dns-webhook v1.0.2/go.mod h1:p6b+VCXIR8NYKpDr8/dg1HKfQoRHCdcsROXKvmoehKA=
-github.com/labbsr0x/goh v1.0.1/go.mod h1:8K2UhVoaWXcCU7Lxoa2omWnC8gyW8px7/lmO61c027w=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/linode/linodego v0.7.1/go.mod h1:ga11n3ivecUrPCHN0rANxKmfWBJVkOXfLMZinAbj2sY=
 github.com/linode/linodego v0.10.0 h1:AMdb82HVgY8o3mjBXJcUv9B+fnJjfDMn2rNRGbX+jvM=
 github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA=
-github.com/liquidweb/liquidweb-go v1.6.0/go.mod h1:UDcVnAMDkZxpw4Y7NOHkqoeiGacVLEIG/i5J9cyixzQ=
-github.com/lucas-clemente/quic-go v0.13.1/go.mod h1:Vn3/Fb0/77b02SGhQk36KzOUmXgVpFfizUfW5WMaqyU=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@@ -770,9 +668,6 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/marten-seemann/chacha20 v0.2.0/go.mod h1:HSdjFau7GzYRj+ahFNwsO3ouVJr1HFkWoEwNDb4TMtE=
-github.com/marten-seemann/qpack v0.1.0/go.mod h1:LFt1NU/Ptjip0C2CPkhimBz5CGE3WGDAUWqna+CNTrI=
-github.com/marten-seemann/qtls v0.4.1/go.mod h1:pxVXcHHw1pNIt8Qo0pwSYQEoZ8yYOOPXTCZLQQunvRc=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
@@ -781,7 +676,6 @@ github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
@@ -790,23 +684,18 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
 github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/mholt/certmagic v0.8.3/go.mod h1:91uJzK5K8IWtYQqTi5R2tsxV1pCde+wdGfaRaOZi6aQ=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/miekg/dns v1.1.15/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
-github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
 github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
+github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
+github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0 h1:tEElEatulEHDeedTxwckzyYMA5c86fbmNIUL1hBIiTg=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
@@ -821,7 +710,6 @@ github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-testing-interface v1.14.0 h1:/x0XQ6h+3U3nAyk1yx+bHPURrKa9sVVvYbuqZ7pIAtI=
 github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
-github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed/go.mod h1:3rdaFaCv4AyBgu5ALFM0+tSuHrBh6v692nyQe3ikrq0=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 h1:hOY53G+kBFhbYFpRVxHl5eS7laP6B1+Cq+Z9Dry1iMU=
 github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ=
@@ -850,48 +738,30 @@ github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8m
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
-github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0=
-github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E=
-github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
 github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2 h1:BQ1HW7hr4IVovMwWg0E0PYcyW8CzqDcVmaew9cujU4s=
 github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2/go.mod h1:TLb2Sg7HQcgGdloNxkrmtgDNR9uVYF3lfdFIN4Ro6Sk=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nrdcg/auroradns v1.0.0/go.mod h1:6JPXKzIRzZzMqtTDgueIhTi6rFf1QvYE/HzqidhOhjw=
-github.com/nrdcg/goinwx v0.6.1/go.mod h1:XPiut7enlbEdntAqalBIqcYcTEVhpv/dKWgDCX2SwKQ=
-github.com/nrdcg/namesilo v0.2.1/go.mod h1:lwMvfQTyYq+BbjJd30ylEG4GPSS6PII0Tia4rRpRiyw=
 github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
 github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/olekukonko/tablewriter v0.0.0-20180130162743-b8a9be070da4/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/olekukonko/tablewriter v0.0.4 h1:vHD/YYe1Wolo78koG299f7V/VAS08c6IpCLn+Ejf/w8=
 github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw=
 github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
-github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU=
-github.com/openzipkin-contrib/zipkin-go-opentracing v0.3.5/go.mod h1:uVHyebswE1cCXr2A73cRM2frx5ld1RJUCJkFNZ90ZiI=
-github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
-github.com/oracle/oci-go-sdk v7.0.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888=
-github.com/ovh/go-ovh v0.0.0-20181109152953-ba5adb4cf014/go.mod h1:joRatxRJaZBsY3JAOEMcoOp05CnZzsx4scTxi95DHyQ=
 github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c h1:vwpFWvAO8DeIZfFeqASzZfsxuWPno9ncAebBEP0N3uE=
 github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c/go.mod h1:otzZQXgoO96RTzDB/Hycg0qZcXZsWJGJRSXbmEIJ+4M=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -903,8 +773,6 @@ github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwp
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
-github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pierrec/lz4 v2.5.2+incompatible h1:WCjObylUIOlKy/+7Abdn34TLIkXiA4UWUMhxq9m9ZXI=
 github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -923,19 +791,12 @@ github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAm
 github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
-github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.2.1/go.mod h1:XMU6Z2MjaRKVu/dC1qupJI9SiNkDYzz3xecMgSW/F+U=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
 github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -943,35 +804,21 @@ github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvq
 github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
 github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
-github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
+github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI=
+github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rainycape/memcache v0.0.0-20150622160815-1031fa0ce2f2/go.mod h1:7tZKcyumwBO6qip7RNQ5r77yrssm9bfCowcLEBcU5IA=
 github.com/rboyer/safeio v0.2.1 h1:05xhhdRNAdS3apYm7JRjOqngf4xruaW959jmRxGDuSU=
 github.com/rboyer/safeio v0.2.1/go.mod h1:Cq/cEPK+YXFn622lsQ0K4KsPZSPtaptHHEldsy7Fmig=
-github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 h1:Wdi9nwnhFNAlseAOekn6B5G/+GMtks9UKbvRU/CMM/o=
 github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03/go.mod h1:gRAiPF5C5Nd0eyyRdqIu9qTiFSoZzpTq727b5B8fkkU=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
@@ -984,16 +831,13 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
-github.com/russross/blackfriday v0.0.0-20170610170232-067529f716f4/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.2+incompatible h1:C89EOx/XBWwIXl8wm8OPJBd7kPF25UfsK2X7Ph/zCAk=
 github.com/ryanuber/columnize v2.1.2+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/sacloud/libsacloud v1.26.1/go.mod h1:79ZwATmHLIFZIMd7sxA3LwzVy/B77uj3LDoToVTxDoQ=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sean-/conswriter v0.0.0-20180208195008-f5ae3917a627/go.mod h1:7zjs06qF79/FKAJpBvFx3P8Ww4UTIMAe+lpNXDHziac=
 github.com/sean-/pager v0.0.0-20180208200047-666be9bf53b5/go.mod h1:BeybITEsBEg6qbIiqJ6/Bqeq25bCLbL7YFmpaFfJDuM=
@@ -1004,20 +848,15 @@ github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KR
 github.com/shirou/gopsutil/v3 v3.22.8 h1:a4s3hXogo5mE2PfdfJIonDbstO/P+9JszdfhAHSzD9Y=
 github.com/shirou/gopsutil/v3 v3.22.8/go.mod h1:s648gW4IywYzUfE/KjXxUsqrqx/T2xO5VqOXxONeRfI=
 github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/softlayer/softlayer-go v0.0.0-20180806151055-260589d94c7d h1:bVQRCxQvfjNUeRqaY/uT0tFuvuFY0ulgnczuR684Xic=
 github.com/softlayer/softlayer-go v0.0.0-20180806151055-260589d94c7d/go.mod h1:Cw4GTlQccdRGSEf6KiMju767x0NEHE0YIVPJSaXjlsw=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
@@ -1030,7 +869,6 @@ github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -1059,37 +897,26 @@ github.com/tencentcloud/tencentcloud-sdk-go v1.0.162 h1:8fDzz4GuVg4skjY2B0nMN7h6
 github.com/tencentcloud/tencentcloud-sdk-go v1.0.162/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/timewasted/linode v0.0.0-20160829202747-37e84520dcf7/go.mod h1:imsgLplxEC/etjIhdr3dNzV3JeT27LbVu5pYWm0JCBY=
-github.com/tinylib/msgp v1.1.0/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
 github.com/tklauser/go-sysconf v0.3.10 h1:IJ1AZGZRWbY8T5Vfk04D9WOA5WSejdflXxP03OUqALw=
 github.com/tklauser/go-sysconf v0.3.10/go.mod h1:C8XykCvCb+Gn0oNCWPIlcb0RuglQTYaQ2hGm7jmxEFk=
 github.com/tklauser/numcpus v0.4.0 h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq//o=
 github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/transip/gotransip v0.0.0-20190812104329-6d8d9179b66f/go.mod h1:i0f4R4o2HM0m3DZYQWsj6/MEowD57VzoH0v3d7igeFY=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
-github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g=
 github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o=
 github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
 github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg=
 github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/vmware/govmomi v0.18.0 h1:f7QxSmP7meCtoAmiKZogvVbLInT+CZx6Px6K5rYsJZo=
 github.com/vmware/govmomi v0.18.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
-github.com/vultr/govultr v0.1.4/go.mod h1:9H008Uxr/C4vFNGLqKx232C206GL0PBHzOP0809bGNA=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
 github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
 github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
 github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v1.1.0/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
@@ -1102,18 +929,14 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
 github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
 github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
 go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20190917205325-a14579fbfb1a/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
 go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
 go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
 go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
 go.mongodb.org/mongo-driver v1.11.0 h1:FZKhBSTydeuffHj9CBjXlR8vQLee1cQyTWYPA6/tqiE=
 go.mongodb.org/mongo-driver v1.11.0/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8=
-go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
-go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -1136,40 +959,33 @@ go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLk
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw=
 go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277/go.mod h1:2X8KaoNd1J0lZV+PxJk/5+DGbO/tpwLR1m++a7FnB/Y=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-golang.org/x/crypto v0.0.0-20180621125126-a49355c7e3f8/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1224,10 +1040,7 @@ golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190228165749-92fc7df08ae7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -1238,9 +1051,7 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190930134127-c5a3c61f89f3/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -1267,17 +1078,14 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
 golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1292,7 +1100,6 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw=
 golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1311,7 +1118,6 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
 golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180622082034-63fc586f45fe/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1319,7 +1125,6 @@ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1337,21 +1142,15 @@ golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1366,8 +1165,6 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1376,7 +1173,6 @@ golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1387,7 +1183,6 @@ golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1396,8 +1191,6 @@ golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1418,7 +1211,6 @@ golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fq
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -1428,17 +1220,13 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/time v0.0.0-20161028155119-f51c12702a4d/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190921001708-c4c64cad1fd0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1447,7 +1235,6 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
@@ -1458,7 +1245,6 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624190245-7f2218787638/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -1503,6 +1289,7 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
 golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
@@ -1510,7 +1297,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1551,12 +1337,10 @@ google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190626174449-989357319d63/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
 google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
@@ -1613,14 +1397,11 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
@@ -1663,7 +1444,6 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/DataDog/dd-trace-go.v1 v1.19.0/go.mod h1:DVp8HmDh8PuTu2Z0fVVlBsyWaC++fzwVCaGWylTe3tg=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1671,25 +1451,16 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE=
-gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.44.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
 gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/mcuadros/go-syslog.v2 v2.2.1/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
-gopkg.in/ns1/ns1-go.v2 v2.0.0-20190730140822-b51389932cbc/go.mod h1:VV+3haRsgDiVLxyifmMBrBIuCWFBPYKbRssXB9z67Hw=
 gopkg.in/resty.v1 v1.9.1/go.mod h1:vo52Hzryw9PnPHcJfPsBiFW62XhNx5OczbV9y+IMpgc=
 gopkg.in/resty.v1 v1.12.0 h1:CuXP0Pjfw9rOuY6EP+UvtNvt5DSqHpIxILZKT/quCZI=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
 gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
@@ -1700,7 +1471,6 @@ gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -1711,7 +1481,6 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1719,33 +1488,24 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.0.0-20190620084959-7cf5895f2711/go.mod h1:TBhBqb1AWbBQbW3XRusr7n7E4v2+5ZY8r8sAMnyFC5A=
 k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78=
 k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ=
 k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU=
-k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719/go.mod h1:I4A+glKBHiTgiEjQiCCQfCAIcIMFGt291SmsvcrFzJA=
 k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA=
 k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
 k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
-k8s.io/client-go v0.0.0-20190620085101-78d2af792bab/go.mod h1:E95RaSlHr79aHaX0aGSwcPNfygDiPKOVXdmivCIZT0k=
 k8s.io/client-go v0.18.2/go.mod h1:Xcm5wVGXX9HAA2JJ2sSBUn3tCJ+4SVlCbl2MNNv+CIU=
 k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
 k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
-k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
-k8s.io/klog v0.4.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
 k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc=
-k8s.io/kube-openapi v0.0.0-20190306001800-15615b16d372/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc=
 k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
-k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3oVhZz7sSzSiPnVZayjIX0=
-k8s.io/utils v0.0.0-20190529001817-6999998975a7/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index b1d092af136b..46a4d21c9b9f 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -67,7 +67,7 @@ require (
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect
-	github.com/miekg/dns v1.1.41 // indirect
+	github.com/miekg/dns v1.1.50 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum
index c4bfd7944078..b7ae09743d5b 100644
--- a/test/integration/consul-container/go.sum
+++ b/test/integration/consul-container/go.sum
@@ -13,8 +13,8 @@ fortio.org/version v1.0.2/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
+github.com/DataDog/datadog-go v4.8.2+incompatible h1:qbcKSx29aBLD+5QLvlQZlGmRMF/FfGqFLFev/1TDzRo=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek=
@@ -31,7 +31,7 @@ github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0=
 github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
-github.com/aws/aws-sdk-go v1.42.34 h1:fqGAiKmCSRY1rEa4G9VqgkKKbNmLKYq5dKmLtQkvYi8=
+github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -199,8 +199,9 @@ github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
-github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
 github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
+github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
+github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
@@ -263,7 +264,7 @@ github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6T
 github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
-github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
+github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
@@ -299,6 +300,7 @@ github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
@@ -313,6 +315,7 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
 golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -327,7 +330,9 @@ golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
+golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -358,6 +363,8 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -384,6 +391,7 @@ golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
 golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From 67a239a8210e200c6bff5697d511830d606333b7 Mon Sep 17 00:00:00 2001
From: John Maguire <john.maguire@hashicorp.com>
Date: Wed, 28 Jun 2023 11:34:09 -0400
Subject: [PATCH 112/359] Ensure RSA keys are at least 2048 bits in length
 (#17911)

* Ensure RSA keys are at least 2048 bits in length

* Add changelog

* update key length check for FIPS compliance

* Fix no new variables error and failing to return when error exists from
validating

* clean up code for better readability

* actually return value
---
 .changelog/17911.txt                          |  4 ++
 .../config_entry_inline_certificate.go        | 53 +++++++++++++++++--
 .../config_entry_inline_certificate_test.go   | 24 +++++++++
 3 files changed, 78 insertions(+), 3 deletions(-)
 create mode 100644 .changelog/17911.txt

diff --git a/.changelog/17911.txt b/.changelog/17911.txt
new file mode 100644
index 000000000000..a17cd6d2bdf2
--- /dev/null
+++ b/.changelog/17911.txt
@@ -0,0 +1,4 @@
+```release-note:bug
+gateway: Fixes a bug where envoy would silently reject RSA keys that are smaller than 2048 bits,
+we now reject those earlier in the process when we validate the certificate.
+```
diff --git a/agent/structs/config_entry_inline_certificate.go b/agent/structs/config_entry_inline_certificate.go
index 7f2dc285e5ab..de11f2c95045 100644
--- a/agent/structs/config_entry_inline_certificate.go
+++ b/agent/structs/config_entry_inline_certificate.go
@@ -10,8 +10,10 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/hashicorp/consul/acl"
 	"github.com/miekg/dns"
+
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/version"
 )
 
 // InlineCertificateConfigEntry manages the configuration for an inline certificate
@@ -42,8 +44,13 @@ func (e *InlineCertificateConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta {
 }
 func (e *InlineCertificateConfigEntry) GetRaftIndex() *RaftIndex { return &e.RaftIndex }
 
+// Envoy will silently reject any RSA keys that are less than 2048 bytes long
+// https://github.com/envoyproxy/envoy/blob/main/source/extensions/transport_sockets/tls/context_impl.cc#L238
+const MinKeyLength = 2048
+
 func (e *InlineCertificateConfigEntry) Validate() error {
-	if err := validateConfigEntryMeta(e.Meta); err != nil {
+	err := validateConfigEntryMeta(e.Meta)
+	if err != nil {
 		return err
 	}
 
@@ -52,13 +59,18 @@ func (e *InlineCertificateConfigEntry) Validate() error {
 		return errors.New("failed to parse private key PEM")
 	}
 
+	err = validateKeyLength(privateKeyBlock)
+	if err != nil {
+		return err
+	}
+
 	certificateBlock, _ := pem.Decode([]byte(e.Certificate))
 	if certificateBlock == nil {
 		return errors.New("failed to parse certificate PEM")
 	}
 
 	// make sure we have a valid x509 certificate
-	_, err := x509.ParseCertificate(certificateBlock.Bytes)
+	_, err = x509.ParseCertificate(certificateBlock.Bytes)
 	if err != nil {
 		return fmt.Errorf("failed to parse certificate: %w", err)
 	}
@@ -84,6 +96,41 @@ func (e *InlineCertificateConfigEntry) Validate() error {
 	return nil
 }
 
+func validateKeyLength(privateKeyBlock *pem.Block) error {
+	if privateKeyBlock.Type != "RSA PRIVATE KEY" {
+		return nil
+	}
+
+	key, err := x509.ParsePKCS1PrivateKey(privateKeyBlock.Bytes)
+	if err != nil {
+		return err
+	}
+
+	keyBitLen := key.N.BitLen()
+
+	if version.IsFIPS() {
+		return fipsLenCheck(keyBitLen)
+	}
+
+	return nonFipsLenCheck(keyBitLen)
+}
+
+func nonFipsLenCheck(keyLen int) error {
+	// ensure private key is of the correct length
+	if keyLen < MinKeyLength {
+		return errors.New("key length must be at least 2048 bits")
+	}
+
+	return nil
+}
+
+func fipsLenCheck(keyLen int) error {
+	if keyLen != 2048 && keyLen != 3072 && keyLen != 4096 {
+		return errors.New("key length invalid: only RSA lengths of 2048, 3072, and 4096 are allowed in FIPS mode")
+	}
+	return nil
+}
+
 func (e *InlineCertificateConfigEntry) Hosts() ([]string, error) {
 	certificateBlock, _ := pem.Decode([]byte(e.Certificate))
 	if certificateBlock == nil {
diff --git a/agent/structs/config_entry_inline_certificate_test.go b/agent/structs/config_entry_inline_certificate_test.go
index 407fc102997b..8c7754013106 100644
--- a/agent/structs/config_entry_inline_certificate_test.go
+++ b/agent/structs/config_entry_inline_certificate_test.go
@@ -117,6 +117,21 @@ NtyHRuD+KYRmjXtyX1yHNqfGN3vOQmwavHq2R8wHYuBSc6LAHHV9vG+j0VsgMELO
 qwxn8SmLkSKbf2+MsQVzLCXXN5u+D8Yv+4py+oKP4EQ5aFZuDEx+r/G/31rTthww
 AAJAMaoXmoYVdgXV+CPuBb2M4XCpuzLu3bcA2PXm5ipSyIgntMKwXV7r
 -----END CERTIFICATE-----`
+	tooShortPrivateKey = `-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCtmK1VjmXJ7vm4CZkkOSjc+kjGNMlyce5rXxwlDRz9LcGGc3Tg
+kwUJesyBpDtxLLVHXQIPr5mWYbX/W/ezQ9sntxrATbDek8pBgoOlARebwkD2ivVW
+BWfVhlryVihWlXApKiJ2n3i0m+OVtdrceC9Bv2hEMhYVOwzxtb3O0YFkbwIDAQAB
+AoGAIxgnipFUEKPIRiVimUkY8ruCdNd9Fi7kNT6wEOl6v9A9PHIg4bm3Hfh+WYMb
+JUEVkMzDuuoUEavFQE+WXt5L8oE1lEBmN2++FQsvllN+MRBTRg2sfw4mUWDI6S4r
+h8+XNTzTIg2sUd2J3o2qNmQoOheYb+iuYDj76IFoEdwwZ0kCQQDYKKs5HAbnrLj1
+UrOp8TyHdFf0YNw5tGdbNTbffq4rlBD6SW70+Sj624i2UqdnYwRiWzdXv3zN08aI
+Vfoh2cGlAkEAzZe5B6BhiX/PcIYutMtuT3K+mysFNlowrutXWoQOpR7gGAkgEt6e
+oCDgx1QJRjsp6NFQxKc6l034Hzs17gqJgwJAcu9U873aUg9+HTuHOoKB28haCCAE
+mU46cr3d2oKCW7uUN3EaZXmid5iJneBfENMOfrnfuHGiC9NiShXlNWCS3QJAO5Ne
+w83+1ahaxUGs4SkeExmuECrcPM7P0rBRxOIFmGWlDHIAgFdQYhiE6l34vghA8b1O
+CV5oRRYL84jl7M/S3wJBALDfL5YXcc8P6scLJJ1biqhLYppvGN5CUwbsJsluvHCW
+XCTVIbPOaS42A0xUfpoiTcdbNSFRvdCzPR5nsGy8Y7g=
+-----END RSA PRIVATE KEY-----`
 )
 
 func TestInlineCertificate(t *testing.T) {
@@ -140,6 +155,15 @@ func TestInlineCertificate(t *testing.T) {
 			},
 			validateErr: "failed to parse certificate PEM",
 		},
+		"invalid private key length": {
+			entry: &InlineCertificateConfigEntry{
+				Kind:        InlineCertificate,
+				Name:        "cert-two",
+				PrivateKey:  tooShortPrivateKey,
+				Certificate: "foo",
+			},
+			validateErr: "key length must be at least 2048 bits",
+		},
 		"mismatched certificate": {
 			entry: &InlineCertificateConfigEntry{
 				Kind:        InlineCertificate,

From f019457815e308664e19855015e3628706dda885 Mon Sep 17 00:00:00 2001
From: Samantha <hello@entropy.cat>
Date: Wed, 28 Jun 2023 12:24:51 -0400
Subject: [PATCH 113/359] tlsutil: Fix check TLS configuration (#17481)

* tlsutil: Fix check TLS configuration
* Rewording docs.
* Update website/content/docs/services/configuration/checks-configuration-reference.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
* Fix typos and add changelog entry.
---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 .changelog/17481.txt                          |  3 +++
 tlsutil/config.go                             | 25 +++++++++++++------
 tlsutil/config_test.go                        |  8 +++---
 .../checks-configuration-reference.mdx        |  4 +--
 4 files changed, 26 insertions(+), 14 deletions(-)
 create mode 100644 .changelog/17481.txt

diff --git a/.changelog/17481.txt b/.changelog/17481.txt
new file mode 100644
index 000000000000..89ad16998e83
--- /dev/null
+++ b/.changelog/17481.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+tlsutil: Default setting of ServerName field in outgoing TLS configuration for checks now handled by crypto/tls.
+```
diff --git a/tlsutil/config.go b/tlsutil/config.go
index 5cdaf7633eca..a52d6b6ad829 100644
--- a/tlsutil/config.go
+++ b/tlsutil/config.go
@@ -857,10 +857,23 @@ func (c *Configurator) IncomingHTTPSConfig() *tls.Config {
 	return config
 }
 
-// OutgoingTLSConfigForCheck generates a *tls.Config for outgoing TLS connections
-// for checks. This function is separated because there is an extra flag to
-// consider for checks. EnableAgentTLSForChecks and InsecureSkipVerify has to
-// be checked for checks.
+// OutgoingTLSConfigForCheck creates a client *tls.Config for executing checks.
+// It is RECOMMENDED that the serverName be left unspecified. The crypto/tls
+// client will deduce the ServerName (for SNI) from the check address unless
+// it's an IP (RFC 6066, Section 3). However, there are two instances where
+// supplying a serverName is useful:
+//
+//  1. When the check address is an IP, a serverName can be supplied for SNI.
+//     Note: setting serverName will also override the hostname used to verify
+//     the certificate presented by the server being checked.
+//
+//  2. When the hostname in the check address won't be present in the SAN
+//     (Subject Alternative Name) field of the certificate presented by the
+//     server being checked. Note: setting serverName will also override the
+//     ServerName used for SNI.
+//
+// Setting skipVerify will disable verification of the server's certificate
+// chain and hostname, which is generally not suitable for production use.
 func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName string) *tls.Config {
 	c.log("OutgoingTLSConfigForCheck")
 
@@ -875,13 +888,9 @@ func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName str
 		}
 	}
 
-	if serverName == "" {
-		serverName = c.serverNameOrNodeName()
-	}
 	config := c.internalRPCTLSConfig(false)
 	config.InsecureSkipVerify = skipVerify
 	config.ServerName = serverName
-
 	return config
 }
 
diff --git a/tlsutil/config_test.go b/tlsutil/config_test.go
index 30ebd62c206b..721198afe83b 100644
--- a/tlsutil/config_test.go
+++ b/tlsutil/config_test.go
@@ -1376,7 +1376,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
 			},
 		},
 		{
-			name: "agent tls, default server name",
+			name: "agent tls, default consul server name, no override",
 			conf: func() (*Configurator, error) {
 				return NewConfigurator(Config{
 					InternalRPC: ProtocolConfig{
@@ -1389,11 +1389,11 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
 			},
 			expected: &tls.Config{
 				MinVersion: tls.VersionTLS12,
-				ServerName: "servername",
+				ServerName: "",
 			},
 		},
 		{
-			name: "agent tls, skip verify, node name for server name",
+			name: "agent tls, skip verify, consul node name for server name, no override",
 			conf: func() (*Configurator, error) {
 				return NewConfigurator(Config{
 					InternalRPC: ProtocolConfig{
@@ -1407,7 +1407,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
 			expected: &tls.Config{
 				InsecureSkipVerify: true,
 				MinVersion:         tls.VersionTLS12,
-				ServerName:         "nodename",
+				ServerName:         "",
 			},
 		},
 		{
diff --git a/website/content/docs/services/configuration/checks-configuration-reference.mdx b/website/content/docs/services/configuration/checks-configuration-reference.mdx
index fee071de51b0..c0d3e24cfde6 100644
--- a/website/content/docs/services/configuration/checks-configuration-reference.mdx
+++ b/website/content/docs/services/configuration/checks-configuration-reference.mdx
@@ -35,8 +35,8 @@ Specify health check options in the `check` block. To register two or more heath
 | `h2ping` | String value that specifies the HTTP2 endpoint, including port number, to send HTTP2 requests to. | <li>H2ping</li> |        
 | `h2ping_use_tls` | Boolean value that enables TLS for H2ping checks when set to `true`. | <li>H2ping</li> |
 | `http` | String value that specifies an HTTP endpoint to send requests to. | <li>HTTP</li> |
-| `tls_server_name` | String value that specifies the name of the TLS server that issues certificates. Defaults to the SNI determined by the address specified in the `http` field. Set the `tls_skip_verify` to `false` to disable this field. | <li>HTTP</li> |
-| `tls_skip_verify` | Boolean value that disbles TLS for HTTP checks when set to `true`. Default is `false`. | <li>HTTP</li> |
+| `tls_server_name` | String value that specifies the server name used to verify the hostname on the returned certificates unless `tls_skip_verify` is given. Also included in the client's handshake to support SNI. It is recommended that this field be left unspecified. The TLS client will deduce the server name for SNI from the check address unless it's an IP ([RFC 6066, Section 3](https://tools.ietf.org/html/rfc6066#section-3)). There are two common circumstances where supplying a `tls_server_name` can be beneficial: <li>When the check address is an IP, `tls_server_name` can be specified for SNI. Note: setting `tls_server_name` will also override the hostname used to verify the certificate presented by the server being checked.</li><li>When the hostname in the check address won't be present in the SAN (Subject Alternative Name) field of the certificate presented by the server being checked. Note: setting `tls_server_name` will also override the hostname used for SNI.</li> | <li>HTTP </li> <li>H2Ping </li> <li>gRPC </li> |
+| `tls_skip_verify` | Boolean value that determines if the check verifies the chain and hostname of the certificate that the server presents. Set to `true` to disable verification. We recommend setting to `false` for production use. Default is `false`. | <li>HTTP </li> <li>H2Ping </li> <li>gRPC </li> |
 | `method` | String value that specifies the request method to send during HTTP checks. Default is `GET`. | <li>HTTP</li> |
 | `header` | Object that specifies header fields to send in HTTP check requests. Each header specified in `header` object contains a list of string values. | <li>HTTP</li> |
 | `body` | String value that contains JSON attributes to send in HTTP check requests. You must escap the quotation marks around the keys and values for each attribute. | <li>HTTP</li> |

From 6f660e5e258157201fed2f118f5a845a1082cd55 Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Wed, 28 Jun 2023 12:45:46 -0700
Subject: [PATCH 114/359] docs: Deprecations for connect-native SDK and
 specific connect native APIs (#17937)

* Update v1_16_x.mdx
* Update connect native golang page

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 website/content/docs/connect/native/go.mdx        |  7 +++++++
 website/content/docs/connect/native/index.mdx     | 15 +++++++++++----
 .../content/docs/connect/proxies/integrate.mdx    | 11 +++++++++++
 .../content/docs/release-notes/consul/v1_16_x.mdx | 11 ++++++++++-
 4 files changed, 39 insertions(+), 5 deletions(-)

diff --git a/website/content/docs/connect/native/go.mdx b/website/content/docs/connect/native/go.mdx
index df9080f17f74..e3068058fd1e 100644
--- a/website/content/docs/connect/native/go.mdx
+++ b/website/content/docs/connect/native/go.mdx
@@ -7,6 +7,13 @@ description: >-
 
 # Service Mesh Native Integration for Go Applications
 
+<Note>
+
+The Connect Native golang SDK is currently deprecated and will be removed in a future Consul release.
+The SDK will be removed when the long term replacement to native application integration (such as a proxyless gRPC service mesh integration) is delivered. Refer to [GH-10339](https://github.com/hashicorp/consul/issues/10339) for additional information and to track progress toward one potential solution that is tracked as replacement functionality.
+
+</Note>
+
 We provide a library that makes it drop-in simple to integrate Consul service mesh
 with most [Go](https://golang.org/) applications. This page shows examples
 of integrating this library for accepting or establishing mesh-based
diff --git a/website/content/docs/connect/native/index.mdx b/website/content/docs/connect/native/index.mdx
index e8cc421af8ac..3cf64f346c2e 100644
--- a/website/content/docs/connect/native/index.mdx
+++ b/website/content/docs/connect/native/index.mdx
@@ -7,10 +7,17 @@ description: >-
 
 # Service Mesh Native App Integration Overview
 
-~> **Note:** The Native App Integration does not support many of the Consul's service
-mesh features, and is not under active development.
-The [Envoy proxy](/consul/docs/connect/proxies/envoy) should be used for most production
-environments.
+<Note>
+
+The Connect Native Golang SDK and `v1/agent/connect/authorize`, `v1/agent/connect/ca/leaf`, 
+and `v1/agent/connect/ca/roots` APIs are deprecated and will be removed in a future release. Although Connect Native 
+will still operate as designed, we do not recommend leveraging this feature because it is deprecated and will be removed 
+removed when the long term replacement to native application integration (such as a proxyless gRPC service mesh integration) is delivered. Refer to [GH-10339](https://github.com/hashicorp/consul/issues/10339) for additional information and to track progress toward one potential solution that is tracked as replacement functionality.
+
+The Native App Integration does not support many of the Consul's service mesh features, and is not under active development.
+The [Envoy proxy](/consul/docs/connect/proxies/envoy) should be used for most production environments. 
+
+</Note>
 
 Applications can natively integrate with Consul's service mesh API to support accepting
 and establishing connections to other mesh services without the overhead of a
diff --git a/website/content/docs/connect/proxies/integrate.mdx b/website/content/docs/connect/proxies/integrate.mdx
index 1ad9f4b91156..d00e01d1bd77 100644
--- a/website/content/docs/connect/proxies/integrate.mdx
+++ b/website/content/docs/connect/proxies/integrate.mdx
@@ -7,6 +7,17 @@ description: >-
 
 # Custom Proxy Configuration for Service Mesh
 
+<Note>
+
+ The Connect Native Golang SDK and `v1/agent/connect/authorize`, `v1/agent/connect/ca/leaf`, 
+ and `v1/agent/connect/ca/roots` APIs are deprecated and will be removed in a future release. Although Connect Native 
+ will still operate as designed, we do not recommend leveraging this feature because it is deprecated and will be removed when the long term replacement to native application integration (such as a proxyless gRPC service mesh integration) is delivered. Refer to [GH-10339](https://github.com/hashicorp/consul/issues/10339) for additional information and to track progress toward one potential solution that is tracked as replacement functionality.
+
+ The Native App Integration does not support many of the Consul's service mesh features, and is not under active development.
+ The [Envoy proxy](/consul/docs/connect/proxies/envoy) should be used for most production environments. 
+
+</Note>
+
 This topic describes the process and API endpoints you can use to extend proxies for integration with Consul.
 
 ## Overview
diff --git a/website/content/docs/release-notes/consul/v1_16_x.mdx b/website/content/docs/release-notes/consul/v1_16_x.mdx
index 33241b6b8454..616104a7094f 100644
--- a/website/content/docs/release-notes/consul/v1_16_x.mdx
+++ b/website/content/docs/release-notes/consul/v1_16_x.mdx
@@ -51,6 +51,15 @@ We are pleased to announce the following Consul updates.
 
   Consul's API gateway is the recommended alternative to ingress gateway. For ingress gateway features not currently supported by API gateway, equivalent functionality will be added to API gateway over the next several releases of Consul.
 
+- **Connect Native Golang SDK:** The Connect Native [Golang SDK](https://github.com/hashicorp/consul/tree/main/connect) is deprecated and will be removed in a future release. No further enhancements or maintenance is expected in the future releases. We will remove the SDK when the long term replacement to native application integration (such as a proxyless gRPC service mesh integration) is delivered. Refer to [GH-10339](https://github.com/hashicorp/consul/issues/10339) for additional information and to track progress toward one potential solution that is tracked as replacement functionality.
+
+- **Connect Native APIs:** The following APIs for Connect Native are deprecated: 
+  - `v1/agent/connect/authorize` - used by the SDK to perform intention based authorization checks
+  - `v1/agent/connect/ca/leaf` - used by the SDK to get a leaf cert for a locally registered service
+  - `v1/agent/connect/ca/roots` - use to retrieved cached CA roots form the local client agent
+  
+  The `v1/agent/connect/authorize` and `v1/agent/connect/ca/leaf` endpoints have corresponding gRPC APIs. We will remove these APIs when the gRPC API for `v1/agent/connect/ca/roots` and HTTP endpoints for all three APIs are available. 
+
 ## Upgrading
 
 For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs.
@@ -61,4 +70,4 @@ The changelogs for this major release version and any maintenance versions are l
 
 <Note> These links take you to the changelogs on the GitHub website. </Note>
 
-- [1.16.0](https://github.com/hashicorp/consul/releases/tag/v1.16.0)
\ No newline at end of file
+- [1.16.0](https://github.com/hashicorp/consul/releases/tag/v1.16.0)

From bdf4fad7c5a56a32d85aa9a1772e290b6a03e1e8 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Wed, 28 Jun 2023 14:18:53 -0600
Subject: [PATCH 115/359] Revert "Add workflow to verify linux release packages
 (#17904)" (#17942)

This reverts commit 3368f14fab500ebe9f6aeab5631dd1d5f5a453e5.
---
 .github/workflows/verify-release-linux.yaml   | 78 -------------------
 .../docker/Verify-Release-Amazon.dockerfile   | 10 ---
 .../docker/Verify-Release-CentOS.dockerfile   | 10 ---
 .../docker/Verify-Release-Debian.dockerfile   | 12 ---
 .../docker/Verify-Release-Fedora.dockerfile   | 10 ---
 .../Verify-Release-Ubunt-i386.dockerfile      | 12 ---
 .../docker/Verify-Release-Ubuntu.dockerfile   | 12 ---
 7 files changed, 144 deletions(-)
 delete mode 100644 .github/workflows/verify-release-linux.yaml
 delete mode 100644 build-support/docker/Verify-Release-Amazon.dockerfile
 delete mode 100644 build-support/docker/Verify-Release-CentOS.dockerfile
 delete mode 100644 build-support/docker/Verify-Release-Debian.dockerfile
 delete mode 100644 build-support/docker/Verify-Release-Fedora.dockerfile
 delete mode 100644 build-support/docker/Verify-Release-Ubunt-i386.dockerfile
 delete mode 100644 build-support/docker/Verify-Release-Ubuntu.dockerfile

diff --git a/.github/workflows/verify-release-linux.yaml b/.github/workflows/verify-release-linux.yaml
deleted file mode 100644
index a86da7f05fb3..000000000000
--- a/.github/workflows/verify-release-linux.yaml
+++ /dev/null
@@ -1,78 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-name: Verify Release - Linux
-
-on:
-  workflow_dispatch:
-    inputs:
-      packageName:
-        description: 'Name of consul release package (consul vs consul-enterprise)'
-        required: true
-        default: 'consul'
-        type: choice
-        options:
-        - consul
-        - consul-enterprise
-      version:
-        description: The x.y.z version (also need to specify applicable suffixes like +ent and -dev)'
-        required: true
-        type: string
-
-jobs:
-  verify-ubuntu-amd64:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-      - name: docker build with version
-        run: |
-          docker build \
-          --build-arg PACKAGE=${{ inputs.packageName }} \
-          --build-arg VERSION=${{ inputs.version }} \
-          --build-arg TARGETARCH=amd64 \
-          -f ./build-support/docker/Verify-Release-Ubuntu.dockerfile .
-
-  verify-debian-amd64:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-      - name: docker build with version
-        run: |
-          docker build \
-          --build-arg PACKAGE=${{ inputs.packageName }} \
-          --build-arg VERSION=${{ inputs.version }} \
-          --build-arg TARGETARCH=amd64 \
-          -f ./build-support/docker/Verify-Release-Debian.dockerfile .
-
-  verify-fedora:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-      - name: docker build with version
-        run: |
-          docker build \
-          --build-arg PACKAGE=${{ inputs.packageName }} \
-          --build-arg VERSION=${{ inputs.version }} \
-          -f ./build-support/docker/Verify-Release-Fedora.dockerfile .
-
-  verify-centos:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-      - name: docker build with version
-        run: |
-          docker build \
-          --build-arg PACKAGE=${{ inputs.packageName }} \
-          --build-arg VERSION=${{ inputs.version }} \
-          -f ./build-support/docker/Verify-Release-CentOS.dockerfile .
-
-  verify-amazon:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-      - name: docker build with version
-        run: |
-          docker build \
-          --build-arg PACKAGE=${{ inputs.packageName }} \
-          --build-arg VERSION=${{ inputs.version }} \
-          -f ./build-support/docker/Verify-Release-Amazon.dockerfile .
diff --git a/build-support/docker/Verify-Release-Amazon.dockerfile b/build-support/docker/Verify-Release-Amazon.dockerfile
deleted file mode 100644
index 591b234c3b7c..000000000000
--- a/build-support/docker/Verify-Release-Amazon.dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-FROM amazonlinux:latest
-RUN yum install -y yum-utils shadow-utils
-RUN yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
-ARG PACKAGE=consul \
-ARG VERSION \
-ARG SUFFIX=1
-RUN yum install -y ${PACKAGE}-${VERSION}-${SUFFIX}
diff --git a/build-support/docker/Verify-Release-CentOS.dockerfile b/build-support/docker/Verify-Release-CentOS.dockerfile
deleted file mode 100644
index a2be67ac776f..000000000000
--- a/build-support/docker/Verify-Release-CentOS.dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-FROM centos:7
-RUN yum install -y yum-utils
-RUN yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
-ARG PACKAGE=consul \
-ARG VERSION \
-ARG SUFFIX=1
-RUN yum install -y ${PACKAGE}-${VERSION}-${SUFFIX}
\ No newline at end of file
diff --git a/build-support/docker/Verify-Release-Debian.dockerfile b/build-support/docker/Verify-Release-Debian.dockerfile
deleted file mode 100644
index 533890bca43f..000000000000
--- a/build-support/docker/Verify-Release-Debian.dockerfile
+++ /dev/null
@@ -1,12 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-FROM debian:bullseye
-RUN apt update && apt install -y software-properties-common curl gnupg
-RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
-ARG TARGETARCH=amd64
-RUN apt-add-repository "deb [arch=${TARGETARCH}] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
-ARG PACKAGE=consul \
-ARG VERSION \
-ARG SUFFIX=1
-RUN apt-get update && apt-get install -y ${PACKAGE}=${VERSION}-${SUFFIX}
\ No newline at end of file
diff --git a/build-support/docker/Verify-Release-Fedora.dockerfile b/build-support/docker/Verify-Release-Fedora.dockerfile
deleted file mode 100644
index 601751a91182..000000000000
--- a/build-support/docker/Verify-Release-Fedora.dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-FROM fedora:latest
-RUN dnf install -y dnf-plugins-core
-RUN dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
-ARG PACKAGE=consul \
-ARG VERSION \
-ARG SUFFIX=1
-RUN dnf install -y ${PACKAGE}-${VERSION}-${SUFFIX}
diff --git a/build-support/docker/Verify-Release-Ubunt-i386.dockerfile b/build-support/docker/Verify-Release-Ubunt-i386.dockerfile
deleted file mode 100644
index 82913b4f7261..000000000000
--- a/build-support/docker/Verify-Release-Ubunt-i386.dockerfile
+++ /dev/null
@@ -1,12 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-FROM i386/ubuntu:latest
-RUN apt update && apt install -y software-properties-common curl
-RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
-ARG TARGETARCH=amd64
-RUN apt-add-repository "deb [arch=${TARGETARCH}] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
-ARG PACKAGE=consul \
-ARG VERSION \
-ARG SUFFIX=1
-RUN apt-get update && apt-get install -y ${PACKAGE}=${VERSION}-${SUFFIX}
diff --git a/build-support/docker/Verify-Release-Ubuntu.dockerfile b/build-support/docker/Verify-Release-Ubuntu.dockerfile
deleted file mode 100644
index ddeffc40c5f6..000000000000
--- a/build-support/docker/Verify-Release-Ubuntu.dockerfile
+++ /dev/null
@@ -1,12 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-FROM ubuntu:latest
-RUN apt update && apt install -y software-properties-common curl
-RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
-ARG TARGETARCH=amd64
-RUN apt-add-repository "deb [arch=${TARGETARCH}] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
-ARG PACKAGE=consul \
-ARG VERSION \
-ARG SUFFIX=1
-RUN apt-get update && apt-get install -y ${PACKAGE}=${VERSION}-${SUFFIX}

From 1b1f33f224b2aad34f2c68b451e0b65b88db4516 Mon Sep 17 00:00:00 2001
From: Ranjandas <thejranjan@gmail.com>
Date: Fri, 30 Jun 2023 00:24:24 +1000
Subject: [PATCH 116/359] Fixes Secondary ConnectCA update (#17846)

This fixes a bug that was identified which resulted in subsequent
ConnectCA configuration update not to persist in the cluster.
---
 .changelog/17846.txt              | 3 +++
 agent/consul/leader_connect_ca.go | 4 +++-
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/17846.txt

diff --git a/.changelog/17846.txt b/.changelog/17846.txt
new file mode 100644
index 000000000000..bd5a052f851f
--- /dev/null
+++ b/.changelog/17846.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters
+```
diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go
index 8c715588eece..c8c63c8874aa 100644
--- a/agent/consul/leader_connect_ca.go
+++ b/agent/consul/leader_connect_ca.go
@@ -735,7 +735,9 @@ func shouldPersistNewRootAndConfig(newActiveRoot *structs.CARoot, oldConfig, new
 	if newConfig == nil {
 		return false
 	}
-	return newConfig.Provider == oldConfig.Provider && reflect.DeepEqual(newConfig.Config, oldConfig.Config)
+
+	// Do not persist if the new provider and config are the same as the old
+	return !(newConfig.Provider == oldConfig.Provider && reflect.DeepEqual(newConfig.Config, oldConfig.Config))
 }
 
 func (c *CAManager) UpdateConfiguration(args *structs.CARequest) (reterr error) {

From a60b36394df4abf5d1826556f1321c5db0977cbb Mon Sep 17 00:00:00 2001
From: John Maguire <john.maguire@hashicorp.com>
Date: Thu, 29 Jun 2023 12:35:13 -0400
Subject: [PATCH 117/359] fixing typo in link to
 jwt-validations-with-intentions doc (#17955)

---
 website/content/docs/connect/intentions/jwt-authorization.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/connect/intentions/jwt-authorization.mdx b/website/content/docs/connect/intentions/jwt-authorization.mdx
index 9a8458054ea2..c49ac4fbc6e9 100644
--- a/website/content/docs/connect/intentions/jwt-authorization.mdx
+++ b/website/content/docs/connect/intentions/jwt-authorization.mdx
@@ -92,7 +92,7 @@ JWT = {
 }
 ```
 
-You can include additional configuration information to require the token to match specific claims. You can also configure the `JWT` field to apply only to requests that come from certain HTTP paths. Refer to [JWT validations with intentions](/consul/docs/conntect/config-entries/service-intentions#jwt-validations-with-intentions) for an example configuration.
+You can include additional configuration information to require the token to match specific claims. You can also configure the `JWT` field to apply only to requests that come from certain HTTP paths. Refer to [JWT validations with intentions](/consul/docs/connect/config-entries/service-intentions#jwt-validations-with-intentions) for an example configuration.
 
 After you update the service intention, write the configuration to Consul so that it takes effect:
 

From 85b78fe186bb4d6609dc3f76d854ec9aea264626 Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Thu, 29 Jun 2023 12:19:03 -0700
Subject: [PATCH 118/359] Fix streaming backend link (#17958)

* Fix streaming backend link
* Update health.mdx
---
 website/content/api-docs/health.mdx | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/website/content/api-docs/health.mdx b/website/content/api-docs/health.mdx
index cb8ef9f4eaf0..bd373c91b91e 100644
--- a/website/content/api-docs/health.mdx
+++ b/website/content/api-docs/health.mdx
@@ -222,8 +222,7 @@ The table below shows this endpoint's support for
 | `YES` <sup>1</sup>   | `all`             | `background refresh` | `node:read,service:read` |
 
 <p>
- <sup>1</sup>some query parameters will use the
- <a href="/api/features/blocking#streaming-backend">streaming backend</a>
+ <sup>1</sup>some query parameters will use the <a href="/consul/api-docs/features/blocking#streaming-backend">streaming backend</a> for blocking queries. 
 </p>
 
 ### Path Parameters

From 1512ea307e7824fc0e24d6eeb6e7fb3c731c3b53 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Thu, 29 Jun 2023 16:37:40 -0400
Subject: [PATCH 119/359] Dynamically create jwks clusters for jwt-providers
 (#17944)

---
 agent/xds/clusters.go                         |  94 +++++++++
 agent/xds/clusters_test.go                    | 179 ++++++++++++++++++
 agent/xds/jwt_authn.go                        |  15 +-
 agent/xds/jwt_authn_test.go                   |  19 +-
 .../jwt_authn/intention-with-path.golden      |   2 +-
 ...ltiple-providers-and-one-permission.golden |   6 +-
 .../testdata/jwt_authn/remote-provider.golden |   2 +-
 .../top-level-provider-with-permission.golden |   4 +-
 ...ttp-provider-with-hostname-and-port.golden |  23 +++
 ...http-provider-with-hostname-no-port.golden |  23 +++
 .../http-provider-with-ip-and-port.golden     |  23 +++
 .../http-provider-with-ip-no-port.golden      |  23 +++
 ...tps-provider-with-hostname-and-port.golden |  32 ++++
 ...ttps-provider-with-hostname-no-port.golden |  32 ++++
 .../https-provider-with-ip-and-port.golden    |  32 ++++
 .../https-provider-with-ip-no-port.golden     |  32 ++++
 16 files changed, 520 insertions(+), 21 deletions(-)
 create mode 100644 agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-and-port.golden
 create mode 100644 agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-no-port.golden
 create mode 100644 agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-and-port.golden
 create mode 100644 agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-no-port.golden
 create mode 100644 agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-and-port.golden
 create mode 100644 agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-no-port.golden
 create mode 100644 agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-and-port.golden
 create mode 100644 agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-no-port.golden

diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go
index a6f58a11f202..68ae4643b410 100644
--- a/agent/xds/clusters.go
+++ b/agent/xds/clusters.go
@@ -6,6 +6,8 @@ package xds
 import (
 	"errors"
 	"fmt"
+	"net/url"
+	"strconv"
 	"strings"
 	"time"
 
@@ -141,6 +143,22 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C
 		clusters = append(clusters, upstreamCluster)
 	}
 
+	// add clusters for jwt-providers
+	for _, prov := range cfgSnap.JWTProviders {
+		//skip cluster creation for local providers
+		if prov.JSONWebKeySet == nil || prov.JSONWebKeySet.Remote == nil {
+			continue
+		}
+
+		cluster, err := makeJWTProviderCluster(prov)
+		if err != nil {
+			s.Logger.Warn("failed to make jwt-provider cluster", "provider name", prov.Name, "error", err)
+			continue
+		}
+
+		clusters = append(clusters, cluster)
+	}
+
 	for _, u := range cfgSnap.Proxy.Upstreams {
 		if u.DestinationType != structs.UpstreamDestTypePreparedQuery {
 			continue
@@ -184,6 +202,82 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C
 	return clusters, nil
 }
 
+func makeJWTProviderCluster(p *structs.JWTProviderConfigEntry) (*envoy_cluster_v3.Cluster, error) {
+	if p.JSONWebKeySet == nil || p.JSONWebKeySet.Remote == nil {
+		return nil, fmt.Errorf("cannot create JWKS cluster for non-remote JWKS. Provider Name: %s", p.Name)
+	}
+	hostname, scheme, port, err := parseJWTRemoteURL(p.JSONWebKeySet.Remote.URI)
+	if err != nil {
+		return nil, err
+	}
+
+	// TODO: expose additional fields: eg. ConnectTimeout, through
+	// JWTProviderConfigEntry to allow user to configure cluster
+	cluster := &envoy_cluster_v3.Cluster{
+		Name: makeJWKSClusterName(p.Name),
+		ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{
+			Type: envoy_cluster_v3.Cluster_STRICT_DNS,
+		},
+		LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{
+			ClusterName: makeJWKSClusterName(p.Name),
+			Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{
+				{
+					LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{
+						makeEndpoint(hostname, port),
+					},
+				},
+			},
+		},
+	}
+
+	if scheme == "https" {
+		// TODO: expose this configuration through JWTProviderConfigEntry to allow
+		// user to configure certs
+		jwksTLSContext, err := makeUpstreamTLSTransportSocket(
+			&envoy_tls_v3.UpstreamTlsContext{
+				CommonTlsContext: &envoy_tls_v3.CommonTlsContext{
+					ValidationContextType: &envoy_tls_v3.CommonTlsContext_ValidationContext{
+						ValidationContext: &envoy_tls_v3.CertificateValidationContext{},
+					},
+				},
+			},
+		)
+		if err != nil {
+			return nil, err
+		}
+
+		cluster.TransportSocket = jwksTLSContext
+	}
+	return cluster, nil
+}
+
+// parseJWTRemoteURL splits the URI into domain, scheme and port.
+// It will default to port 80 for http and 443 for https for any
+// URI that does not specify a port.
+func parseJWTRemoteURL(uri string) (string, string, int, error) {
+	u, err := url.ParseRequestURI(uri)
+	if err != nil {
+		return "", "", 0, err
+	}
+
+	var port int
+	if u.Port() != "" {
+		port, err = strconv.Atoi(u.Port())
+		if err != nil {
+			return "", "", port, err
+		}
+	}
+
+	if port == 0 {
+		port = 80
+		if u.Scheme == "https" {
+			port = 443
+		}
+	}
+
+	return u.Hostname(), u.Scheme, port, nil
+}
+
 func makeExposeClusterName(destinationPort int) string {
 	return fmt.Sprintf("exposed_cluster_%d", destinationPort)
 }
diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
index ff72bd35c8c9..446f0ae24776 100644
--- a/agent/xds/clusters_test.go
+++ b/agent/xds/clusters_test.go
@@ -959,6 +959,185 @@ func TestEnvoyLBConfig_InjectToCluster(t *testing.T) {
 	}
 }
 
+func TestMakeJWTProviderCluster(t *testing.T) {
+	// All tests here depend on golden files located under: agent/xds/testdata/jwt_authn_cluster/*
+	tests := map[string]struct {
+		provider      *structs.JWTProviderConfigEntry
+		expectedError string
+	}{
+		"remote-jwks-not-configured": {
+			provider: &structs.JWTProviderConfigEntry{
+				Kind:          "jwt-provider",
+				Name:          "okta",
+				JSONWebKeySet: &structs.JSONWebKeySet{},
+			},
+			expectedError: "cannot create JWKS cluster for non remote JWKS. Provider Name: okta",
+		},
+		"local-jwks-configured": {
+			provider: &structs.JWTProviderConfigEntry{
+				Kind: "jwt-provider",
+				Name: "okta",
+				JSONWebKeySet: &structs.JSONWebKeySet{
+					Local: &structs.LocalJWKS{
+						Filename: "filename",
+					},
+				},
+			},
+			expectedError: "cannot create JWKS cluster for non remote JWKS. Provider Name: okta",
+		},
+		"https-provider-with-hostname-no-port": {
+			provider: makeTestProviderWithJWKS("https://example-okta.com/.well-known/jwks.json"),
+		},
+		"http-provider-with-hostname-no-port": {
+			provider: makeTestProviderWithJWKS("http://example-okta.com/.well-known/jwks.json"),
+		},
+		"https-provider-with-hostname-and-port": {
+			provider: makeTestProviderWithJWKS("https://example-okta.com:90/.well-known/jwks.json"),
+		},
+		"http-provider-with-hostname-and-port": {
+			provider: makeTestProviderWithJWKS("http://example-okta.com:90/.well-known/jwks.json"),
+		},
+		"https-provider-with-ip-no-port": {
+			provider: makeTestProviderWithJWKS("https://127.0.0.1"),
+		},
+		"http-provider-with-ip-no-port": {
+			provider: makeTestProviderWithJWKS("http://127.0.0.1"),
+		},
+		"https-provider-with-ip-and-port": {
+			provider: makeTestProviderWithJWKS("https://127.0.0.1:9091"),
+		},
+		"http-provider-with-ip-and-port": {
+			provider: makeTestProviderWithJWKS("http://127.0.0.1:9091"),
+		},
+	}
+
+	for name, tt := range tests {
+		tt := tt
+		t.Run(name, func(t *testing.T) {
+			cluster, err := makeJWTProviderCluster(tt.provider)
+			if tt.expectedError != "" {
+				require.Error(t, err, tt.expectedError)
+			} else {
+				require.NoError(t, err)
+				gotJSON := protoToJSON(t, cluster)
+				require.JSONEq(t, goldenSimple(t, filepath.Join("jwt_authn_clusters", name), gotJSON), gotJSON)
+			}
+
+		})
+	}
+}
+
+func makeTestProviderWithJWKS(uri string) *structs.JWTProviderConfigEntry {
+	return &structs.JWTProviderConfigEntry{
+		Kind:   "jwt-provider",
+		Name:   "okta",
+		Issuer: "test-issuer",
+		JSONWebKeySet: &structs.JSONWebKeySet{
+			Remote: &structs.RemoteJWKS{
+				RequestTimeoutMs:    1000,
+				FetchAsynchronously: true,
+				URI:                 uri,
+			},
+		},
+	}
+}
+
+func TestParseJWTRemoteURL(t *testing.T) {
+	tests := map[string]struct {
+		uri            string
+		expectedHost   string
+		expectedPort   int
+		expectedScheme string
+		expectError    bool
+	}{
+		"invalid-url": {
+			uri:         ".com",
+			expectError: true,
+		},
+		"https-hostname-no-port": {
+			uri:            "https://test.test.com",
+			expectedHost:   "test.test.com",
+			expectedPort:   443,
+			expectedScheme: "https",
+		},
+		"https-hostname-with-port": {
+			uri:            "https://test.test.com:4545",
+			expectedHost:   "test.test.com",
+			expectedPort:   4545,
+			expectedScheme: "https",
+		},
+		"https-hostname-with-port-and-path": {
+			uri:            "https://test.test.com:4545/test",
+			expectedHost:   "test.test.com",
+			expectedPort:   4545,
+			expectedScheme: "https",
+		},
+		"http-hostname-no-port": {
+			uri:            "http://test.test.com",
+			expectedHost:   "test.test.com",
+			expectedPort:   80,
+			expectedScheme: "http",
+		},
+		"http-hostname-with-port": {
+			uri:            "http://test.test.com:4636",
+			expectedHost:   "test.test.com",
+			expectedPort:   4636,
+			expectedScheme: "http",
+		},
+		"https-ip-no-port": {
+			uri:            "https://127.0.0.1",
+			expectedHost:   "127.0.0.1",
+			expectedPort:   443,
+			expectedScheme: "https",
+		},
+		"https-ip-with-port": {
+			uri:            "https://127.0.0.1:3434",
+			expectedHost:   "127.0.0.1",
+			expectedPort:   3434,
+			expectedScheme: "https",
+		},
+		"http-ip-no-port": {
+			uri:            "http://127.0.0.1",
+			expectedHost:   "127.0.0.1",
+			expectedPort:   80,
+			expectedScheme: "http",
+		},
+		"http-ip-with-port": {
+			uri:            "http://127.0.0.1:9190",
+			expectedHost:   "127.0.0.1",
+			expectedPort:   9190,
+			expectedScheme: "http",
+		},
+		"http-ip-with-port-and-path": {
+			uri:            "http://127.0.0.1:9190/some/where",
+			expectedHost:   "127.0.0.1",
+			expectedPort:   9190,
+			expectedScheme: "http",
+		},
+		"http-ip-no-port-with-path": {
+			uri:            "http://127.0.0.1/test/path",
+			expectedHost:   "127.0.0.1",
+			expectedPort:   80,
+			expectedScheme: "http",
+		},
+	}
+
+	for name, tt := range tests {
+		tt := tt
+		t.Run(name, func(t *testing.T) {
+			host, scheme, port, err := parseJWTRemoteURL(tt.uri)
+			if tt.expectError {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+				require.Equal(t, host, tt.expectedHost)
+				require.Equal(t, scheme, tt.expectedScheme)
+				require.Equal(t, port, tt.expectedPort)
+			}
+		})
+	}
+}
+
 // UID is just a convenience function to aid in writing tests less verbosely.
 func UID(input string) proxycfg.UpstreamID {
 	return proxycfg.UpstreamIDFromString(input)
diff --git a/agent/xds/jwt_authn.go b/agent/xds/jwt_authn.go
index 0dc95f5eecee..ba1c17bbc209 100644
--- a/agent/xds/jwt_authn.go
+++ b/agent/xds/jwt_authn.go
@@ -19,6 +19,7 @@ import (
 const (
 	jwtEnvoyFilter       = "envoy.filters.http.jwt_authn"
 	jwtMetadataKeyPrefix = "jwt_payload"
+	jwksClusterPrefix    = "jwks_cluster"
 )
 
 // This is an intermediate JWTProvider form used to associate
@@ -158,7 +159,7 @@ func buildJWTProviderConfig(p *structs.JWTProviderConfigEntry, metadataKeySuffix
 		}
 		envoyCfg.JwksSourceSpecifier = specifier
 	} else if remote := p.JSONWebKeySet.Remote; remote != nil && remote.URI != "" {
-		envoyCfg.JwksSourceSpecifier = makeRemoteJWKS(remote)
+		envoyCfg.JwksSourceSpecifier = makeRemoteJWKS(remote, p.Name)
 	} else {
 		return nil, fmt.Errorf("invalid jwt provider config; missing JSONWebKeySet for provider: %s", p.Name)
 	}
@@ -210,14 +211,12 @@ func makeLocalJWKS(l *structs.LocalJWKS, pName string) (*envoy_http_jwt_authn_v3
 	return specifier, nil
 }
 
-func makeRemoteJWKS(r *structs.RemoteJWKS) *envoy_http_jwt_authn_v3.JwtProvider_RemoteJwks {
+func makeRemoteJWKS(r *structs.RemoteJWKS, providerName string) *envoy_http_jwt_authn_v3.JwtProvider_RemoteJwks {
 	remote_specifier := envoy_http_jwt_authn_v3.JwtProvider_RemoteJwks{
 		RemoteJwks: &envoy_http_jwt_authn_v3.RemoteJwks{
 			HttpUri: &envoy_core_v3.HttpUri{
-				Uri: r.URI,
-				// TODO(roncodingenthusiast): An explicit cluster is required.
-				// Need to figure out replacing `jwks_cluster` will an actual cluster
-				HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{Cluster: "jwks_cluster"},
+				Uri:              r.URI,
+				HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{Cluster: makeJWKSClusterName(providerName)},
 			},
 			AsyncFetch: &envoy_http_jwt_authn_v3.JwksAsyncFetch{
 				FastListener: r.FetchAsynchronously,
@@ -239,6 +238,10 @@ func makeRemoteJWKS(r *structs.RemoteJWKS) *envoy_http_jwt_authn_v3.JwtProvider_
 	return &remote_specifier
 }
 
+func makeJWKSClusterName(providerName string) string {
+	return fmt.Sprintf("%s_%s", jwksClusterPrefix, providerName)
+}
+
 func buildJWTRetryPolicy(r *structs.JWKSRetryPolicy) *envoy_core_v3.RetryPolicy {
 	var pol envoy_core_v3.RetryPolicy
 	if r == nil {
diff --git a/agent/xds/jwt_authn_test.go b/agent/xds/jwt_authn_test.go
index 589421e8c087..b2a7d7ce54df 100644
--- a/agent/xds/jwt_authn_test.go
+++ b/agent/xds/jwt_authn_test.go
@@ -438,7 +438,7 @@ func TestBuildJWTProviderConfig(t *testing.T) {
 					RemoteJwks: &envoy_http_jwt_authn_v3.RemoteJwks{
 						HttpUri: &envoy_core_v3.HttpUri{
 							Uri:              oktaRemoteJWKS.URI,
-							HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{Cluster: "jwks_cluster"},
+							HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{Cluster: makeJWKSClusterName(ceRemoteJWKS.Name)},
 							Timeout:          &durationpb.Duration{Seconds: 1},
 						},
 						AsyncFetch: &envoy_http_jwt_authn_v3.JwksAsyncFetch{
@@ -520,16 +520,18 @@ func TestMakeLocalJWKS(t *testing.T) {
 
 func TestMakeRemoteJWKS(t *testing.T) {
 	tests := map[string]struct {
-		jwks     *structs.RemoteJWKS
-		expected *envoy_http_jwt_authn_v3.JwtProvider_RemoteJwks
+		jwks         *structs.RemoteJWKS
+		providerName string
+		expected     *envoy_http_jwt_authn_v3.JwtProvider_RemoteJwks
 	}{
 		"with-no-cache-duration": {
-			jwks: oktaRemoteJWKS,
+			jwks:         oktaRemoteJWKS,
+			providerName: "auth0",
 			expected: &envoy_http_jwt_authn_v3.JwtProvider_RemoteJwks{
 				RemoteJwks: &envoy_http_jwt_authn_v3.RemoteJwks{
 					HttpUri: &envoy_core_v3.HttpUri{
 						Uri:              oktaRemoteJWKS.URI,
-						HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{Cluster: "jwks_cluster"},
+						HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{Cluster: makeJWKSClusterName("auth0")},
 						Timeout:          &durationpb.Duration{Seconds: 1},
 					},
 					AsyncFetch: &envoy_http_jwt_authn_v3.JwksAsyncFetch{
@@ -539,12 +541,13 @@ func TestMakeRemoteJWKS(t *testing.T) {
 			},
 		},
 		"with-retry-policy": {
-			jwks: extendedRemoteJWKS,
+			jwks:         extendedRemoteJWKS,
+			providerName: "okta",
 			expected: &envoy_http_jwt_authn_v3.JwtProvider_RemoteJwks{
 				RemoteJwks: &envoy_http_jwt_authn_v3.RemoteJwks{
 					HttpUri: &envoy_core_v3.HttpUri{
 						Uri:              oktaRemoteJWKS.URI,
-						HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{Cluster: "jwks_cluster"},
+						HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{Cluster: makeJWKSClusterName("okta")},
 						Timeout:          &durationpb.Duration{Seconds: 1},
 					},
 					AsyncFetch: &envoy_http_jwt_authn_v3.JwksAsyncFetch{
@@ -560,7 +563,7 @@ func TestMakeRemoteJWKS(t *testing.T) {
 	for name, tt := range tests {
 		tt := tt
 		t.Run(name, func(t *testing.T) {
-			res := makeRemoteJWKS(tt.jwks)
+			res := makeRemoteJWKS(tt.jwks, tt.providerName)
 			require.Equal(t, res, tt.expected)
 		})
 	}
diff --git a/agent/xds/testdata/jwt_authn/intention-with-path.golden b/agent/xds/testdata/jwt_authn/intention-with-path.golden
index 306ecad5f617..6e925758ca36 100644
--- a/agent/xds/testdata/jwt_authn/intention-with-path.golden
+++ b/agent/xds/testdata/jwt_authn/intention-with-path.golden
@@ -9,7 +9,7 @@
         "remoteJwks": {
           "httpUri": {
             "uri": "https://example-okta.com/.well-known/jwks.json",
-            "cluster": "jwks_cluster",
+            "cluster": "jwks_cluster_okta",
             "timeout": "1s"
           },
           "asyncFetch": {
diff --git a/agent/xds/testdata/jwt_authn/multiple-providers-and-one-permission.golden b/agent/xds/testdata/jwt_authn/multiple-providers-and-one-permission.golden
index feb1d6012e7a..ca9a99265ee8 100644
--- a/agent/xds/testdata/jwt_authn/multiple-providers-and-one-permission.golden
+++ b/agent/xds/testdata/jwt_authn/multiple-providers-and-one-permission.golden
@@ -9,7 +9,7 @@
         "remoteJwks": {
           "httpUri": {
             "uri": "https://example-okta.com/.well-known/jwks.json",
-            "cluster": "jwks_cluster",
+            "cluster": "jwks_cluster_okta",
             "timeout": "1s"
           },
           "asyncFetch": {
@@ -23,7 +23,7 @@
         "remoteJwks": {
           "httpUri": {
             "uri": "https://example-okta.com/.well-known/jwks.json",
-            "cluster": "jwks_cluster",
+            "cluster": "jwks_cluster_okta",
             "timeout": "1s"
           },
           "asyncFetch": {
@@ -37,7 +37,7 @@
         "remoteJwks": {
           "httpUri": {
             "uri": "https://example-auth0.com/.well-known/jwks.json",
-            "cluster": "jwks_cluster",
+            "cluster": "jwks_cluster_auth0",
             "timeout": "1s"
           },
           "asyncFetch": {
diff --git a/agent/xds/testdata/jwt_authn/remote-provider.golden b/agent/xds/testdata/jwt_authn/remote-provider.golden
index b84e1ea102e5..6116a58cec00 100644
--- a/agent/xds/testdata/jwt_authn/remote-provider.golden
+++ b/agent/xds/testdata/jwt_authn/remote-provider.golden
@@ -9,7 +9,7 @@
         "remoteJwks": {
           "httpUri": {
             "uri": "https://example-okta.com/.well-known/jwks.json",
-            "cluster": "jwks_cluster",
+            "cluster": "jwks_cluster_okta",
             "timeout": "1s"
           },
           "asyncFetch": {
diff --git a/agent/xds/testdata/jwt_authn/top-level-provider-with-permission.golden b/agent/xds/testdata/jwt_authn/top-level-provider-with-permission.golden
index 42a609470dee..6eed6793df52 100644
--- a/agent/xds/testdata/jwt_authn/top-level-provider-with-permission.golden
+++ b/agent/xds/testdata/jwt_authn/top-level-provider-with-permission.golden
@@ -9,7 +9,7 @@
         "remoteJwks": {
           "httpUri": {
             "uri": "https://example-okta.com/.well-known/jwks.json",
-            "cluster": "jwks_cluster",
+            "cluster": "jwks_cluster_okta",
             "timeout": "1s"
           },
           "asyncFetch": {
@@ -23,7 +23,7 @@
         "remoteJwks": {
           "httpUri": {
             "uri": "https://example-okta.com/.well-known/jwks.json",
-            "cluster": "jwks_cluster",
+            "cluster": "jwks_cluster_okta",
             "timeout": "1s"
           },
           "asyncFetch": {
diff --git a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-and-port.golden b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-and-port.golden
new file mode 100644
index 000000000000..a8f9de349b77
--- /dev/null
+++ b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-and-port.golden
@@ -0,0 +1,23 @@
+{
+  "loadAssignment": {
+    "clusterName": "jwks_cluster_okta",
+    "endpoints": [
+      {
+        "lbEndpoints": [
+          {
+            "endpoint": {
+              "address": {
+                "socketAddress": {
+                  "address": "example-okta.com",
+                  "portValue": 90
+                }
+              }
+            }
+          }
+        ]
+      }
+    ]
+  },
+  "name": "jwks_cluster_okta",
+  "type": "STRICT_DNS"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-no-port.golden b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-no-port.golden
new file mode 100644
index 000000000000..977b8c70f130
--- /dev/null
+++ b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-no-port.golden
@@ -0,0 +1,23 @@
+{
+  "loadAssignment": {
+    "clusterName": "jwks_cluster_okta",
+    "endpoints": [
+      {
+        "lbEndpoints": [
+          {
+            "endpoint": {
+              "address": {
+                "socketAddress": {
+                  "address": "example-okta.com",
+                  "portValue": 80
+                }
+              }
+            }
+          }
+        ]
+      }
+    ]
+  },
+  "name": "jwks_cluster_okta",
+  "type": "STRICT_DNS"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-and-port.golden b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-and-port.golden
new file mode 100644
index 000000000000..f5dbc48409af
--- /dev/null
+++ b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-and-port.golden
@@ -0,0 +1,23 @@
+{
+  "loadAssignment": {
+    "clusterName": "jwks_cluster_okta",
+    "endpoints": [
+      {
+        "lbEndpoints": [
+          {
+            "endpoint": {
+              "address": {
+                "socketAddress": {
+                  "address": "127.0.0.1",
+                  "portValue": 9091
+                }
+              }
+            }
+          }
+        ]
+      }
+    ]
+  },
+  "name": "jwks_cluster_okta",
+  "type": "STRICT_DNS"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-no-port.golden b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-no-port.golden
new file mode 100644
index 000000000000..e47f1a6fbee0
--- /dev/null
+++ b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-no-port.golden
@@ -0,0 +1,23 @@
+{
+  "loadAssignment": {
+    "clusterName": "jwks_cluster_okta",
+    "endpoints": [
+      {
+        "lbEndpoints": [
+          {
+            "endpoint": {
+              "address": {
+                "socketAddress": {
+                  "address": "127.0.0.1",
+                  "portValue": 80
+                }
+              }
+            }
+          }
+        ]
+      }
+    ]
+  },
+  "name": "jwks_cluster_okta",
+  "type": "STRICT_DNS"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-and-port.golden b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-and-port.golden
new file mode 100644
index 000000000000..54af47ef8b8c
--- /dev/null
+++ b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-and-port.golden
@@ -0,0 +1,32 @@
+{
+  "loadAssignment": {
+    "clusterName": "jwks_cluster_okta",
+    "endpoints": [
+      {
+        "lbEndpoints": [
+          {
+            "endpoint": {
+              "address": {
+                "socketAddress": {
+                  "address": "example-okta.com",
+                  "portValue": 90
+                }
+              }
+            }
+          }
+        ]
+      }
+    ]
+  },
+  "name": "jwks_cluster_okta",
+  "transportSocket": {
+    "name": "tls",
+    "typedConfig": {
+      "@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+      "commonTlsContext": {
+        "validationContext": {}
+      }
+    }
+  },
+  "type": "STRICT_DNS"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-no-port.golden b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-no-port.golden
new file mode 100644
index 000000000000..7b266fa48468
--- /dev/null
+++ b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-no-port.golden
@@ -0,0 +1,32 @@
+{
+  "loadAssignment": {
+    "clusterName": "jwks_cluster_okta",
+    "endpoints": [
+      {
+        "lbEndpoints": [
+          {
+            "endpoint": {
+              "address": {
+                "socketAddress": {
+                  "address": "example-okta.com",
+                  "portValue": 443
+                }
+              }
+            }
+          }
+        ]
+      }
+    ]
+  },
+  "name": "jwks_cluster_okta",
+  "transportSocket": {
+    "name": "tls",
+    "typedConfig": {
+      "@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+      "commonTlsContext": {
+        "validationContext": {}
+      }
+    }
+  },
+  "type": "STRICT_DNS"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-and-port.golden b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-and-port.golden
new file mode 100644
index 000000000000..bdcbe0f3dcd4
--- /dev/null
+++ b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-and-port.golden
@@ -0,0 +1,32 @@
+{
+  "loadAssignment": {
+    "clusterName": "jwks_cluster_okta",
+    "endpoints": [
+      {
+        "lbEndpoints": [
+          {
+            "endpoint": {
+              "address": {
+                "socketAddress": {
+                  "address": "127.0.0.1",
+                  "portValue": 9091
+                }
+              }
+            }
+          }
+        ]
+      }
+    ]
+  },
+  "name": "jwks_cluster_okta",
+  "transportSocket": {
+    "name": "tls",
+    "typedConfig": {
+      "@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+      "commonTlsContext": {
+        "validationContext": {}
+      }
+    }
+  },
+  "type": "STRICT_DNS"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-no-port.golden b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-no-port.golden
new file mode 100644
index 000000000000..c72e0e93d9d8
--- /dev/null
+++ b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-no-port.golden
@@ -0,0 +1,32 @@
+{
+  "loadAssignment": {
+    "clusterName": "jwks_cluster_okta",
+    "endpoints": [
+      {
+        "lbEndpoints": [
+          {
+            "endpoint": {
+              "address": {
+                "socketAddress": {
+                  "address": "127.0.0.1",
+                  "portValue": 443
+                }
+              }
+            }
+          }
+        ]
+      }
+    ]
+  },
+  "name": "jwks_cluster_okta",
+  "transportSocket": {
+    "name": "tls",
+    "typedConfig": {
+      "@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+      "commonTlsContext": {
+        "validationContext": {}
+      }
+    }
+  },
+  "type": "STRICT_DNS"
+}
\ No newline at end of file

From f7305b279c2d9dc3e0a224c776d5ccafc4fd396c Mon Sep 17 00:00:00 2001
From: Dan Bond <danbond@protonmail.com>
Date: Thu, 29 Jun 2023 13:43:32 -0700
Subject: [PATCH 120/359] website: remove deprecated agent rpc docs (#17962)

---
 website/content/docs/agent/rpc.mdx | 260 -----------------------------
 website/data/docs-nav-data.json    |   5 -
 2 files changed, 265 deletions(-)
 delete mode 100644 website/content/docs/agent/rpc.mdx

diff --git a/website/content/docs/agent/rpc.mdx b/website/content/docs/agent/rpc.mdx
deleted file mode 100644
index bdff4a05fc5e..000000000000
--- a/website/content/docs/agent/rpc.mdx
+++ /dev/null
@@ -1,260 +0,0 @@
----
-layout: docs
-page_title: Legacy RPC Protocol
-description: >-
-  Consul agents originally could be controlled through the RPC protocol. This feature was deprecated in version 0.8 in favor of the HTTP API. Learn about agent RPC interactions and how they worked.
----
-
-# RPC Protocol
-
-~> The RPC Protocol is deprecated and support was removed in Consul
-0.8. Please use the [HTTP API](/consul/api-docs), which has
-support for all features of the RPC Protocol.
-
-The Consul agent provides a complete RPC mechanism that can
-be used to control the agent programmatically. This RPC
-mechanism is the same one used by the CLI but can be
-used by other applications to easily leverage the power
-of Consul without directly embedding.
-
-It is important to note that the RPC protocol does not support
-all the same operations as the [HTTP API](/consul/api-docs).
-
-## Implementation Details
-
-The RPC protocol is implemented using [MsgPack](http://msgpack.org/)
-over TCP. This choice was driven by the fact that all operating
-systems support TCP, and MsgPack provides a fast serialization format
-that is broadly available across languages.
-
-All RPC requests have a request header, and some requests have
-a request body. The request header looks like:
-
-```javascript
-{
-  "Command": "Handshake",
-  "Seq": 0
-}
-```
-
-All responses have a response header, and some may contain
-a response body. The response header looks like:
-
-```javascript
-{
-  "Seq": 0,
-  "Error": ""
-}
-```
-
-The `Command` in the request is used to specify what command the server should
-run, and the `Seq` is used to track the request. Responses are
-tagged with the same `Seq` as the request. This allows for some
-concurrency on the server side as requests are not purely FIFO.
-Thus, the `Seq` value should not be re-used between commands.
-All responses may be accompanied by an error.
-
-Possible commands include:
-
-- handshake - Initializes the connection and sets the version
-- force-leave - Removes a failed node from the cluster
-- join - Requests Consul join another node
-- members-lan - Returns the list of LAN members
-- members-wan - Returns the list of WAN members
-- monitor - Starts streaming logs over the connection
-- stop - Stops streaming logs
-- leave - Instructs the Consul agent to perform a graceful leave and shutdown
-- stats - Provides various debugging statistics
-- reload - Triggers a configuration reload
-
-Each command is documented below along with any request or
-response body that is applicable.
-
-### handshake
-
-This command is used to initialize an RPC connection. As it informs
-the server which version the client is using, handshake MUST be the
-first command sent.
-
-The request header must be followed by a handshake body, like:
-
-```javascript
-{
-  "Version": 1
-}
-```
-
-The body specifies the IPC version being used; however, only version
-1 is currently supported. This is to ensure backwards compatibility
-in the future.
-
-There is no special response body, but the client should wait for the
-response and check for an error.
-
-### force-leave
-
-This command is used to remove failed nodes from a cluster. It takes
-the following body:
-
-```javascript
-{
-  "Node": "failed-node-name"
-}
-```
-
-There is no special response body.
-
-### join
-
-This command is used to join an existing cluster using one or more known nodes.
-It takes the following body:
-
-```javascript
-{
-  "Existing": [
-    "192.168.0.1:6000",
-    "192.168.0.2:6000"
-  ],
-  "WAN": false
-}
-```
-
-The `Existing` nodes are each contacted, and `WAN` controls if we are adding a
-WAN member or LAN member. LAN members are expected to be in the same datacenter
-and should be accessible at relatively low latencies. WAN members are expected to
-be operating in different datacenters with relatively high access latencies. It is
-important that only agents running in "server" mode are able to join nodes over the
-WAN.
-
-The response contains both a header and body. The body looks like:
-
-```javascript
-{
-  "Num": 2
-}
-```
-
-'Num' indicates the number of nodes successfully joined.
-
-### members-lan
-
-This command is used to return all the known LAN members and associated
-information. All agents will respond to this command.
-
-There is no request body, but the response looks like:
-
-```javascript
-{
-  "Members": [
-    {
-      "Name": "TestNode"
-      "Addr": [127, 0, 0, 1],
-      "Port": 5000,
-      "Tags": {
-        "role": "test"
-      },
-      "Status": "alive",
-      "ProtocolMin": 0,
-      "ProtocolMax": 3,
-      "ProtocolCur": 2,
-      "DelegateMin": 0,
-      "DelegateMax": 1,
-      "DelegateCur": 1,
-    },
-  ...
-  ]
-}
-```
-
-### members-wan
-
-This command is used to return all the known WAN members and associated
-information. Only agents in server mode will respond to this command.
-
-There is no request body, and the response is the same as `members-lan`
-
-### monitor
-
-The monitor command subscribes the channel to log messages from the Agent.
-
-The request looks like:
-
-```javascript
-{
-  "LogLevel": "DEBUG"
-}
-```
-
-This subscribes the client to all messages of at least DEBUG level.
-
-The server will respond with a standard response header indicating if the monitor
-was successful. If so, any future logs will be sent and tagged with
-the same `Seq` as in the `monitor` request.
-
-Assume we issued the previous monitor command with `"Seq": 50`. We may start
-getting messages like:
-
-```javascript
-{
-  "Seq": 50,
-  "Error": ""
-}
-
-{
-  "Log": "2013/12/03 13:06:53 [INFO] agent: Received event: member-join"
-}
-```
-
-It is important to realize that these messages are sent asynchronously
-and not in response to any command. If a client is streaming
-commands, there may be logs streamed while a client is waiting for a
-response to a command. This is why the `Seq` must be used to pair requests
-with their corresponding responses.
-
-The client can only be subscribed to at most a single monitor instance.
-To stop streaming, the `stop` command is used.
-
-### stop
-
-This command stops a monitor.
-
-The request looks like:
-
-```javascript
-{
-  "Stop": 50
-}
-```
-
-This unsubscribes the client from the monitor with `Seq` value of 50.
-
-There is no response body.
-
-### leave
-
-This command is used to trigger a graceful leave and shutdown.
-There is no request body or response body.
-
-### stats
-
-This command provides debug information. There is no request body, and the
-response body looks like:
-
-```javascript
-{
-  "agent": {
-    "check_monitors": 0,
-    ...
-  },
-  "consul: {
-    "server": "true",
-    ...
-  },
-  ...
-}
-```
-
-### reload
-
-This command is used to trigger a reload of configurations.
-There is no request body or response body.
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 6d92dab50299..16feb0d11d97 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -1071,11 +1071,6 @@
         "title": "Sentinel",
         "path": "agent/sentinel"
       },
-      {
-        "title": "RPC",
-        "path": "agent/rpc",
-        "hidden": true
-      },
       {
         "title": "Experimental WAL LogStore",
         "routes": [

From 2736e645d4c0794c4736fd71177a0ee829f70199 Mon Sep 17 00:00:00 2001
From: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Date: Thu, 29 Jun 2023 16:04:21 -0500
Subject: [PATCH 121/359] Fix missing BalanceOutboundConnections in v2 catalog.
 (#17964)

---
 proto-public/pbmesh/v1alpha1/connection.pb.go | 110 ++++++++-------
 proto-public/pbmesh/v1alpha1/connection.proto |   8 +-
 proto-public/pbmesh/v1alpha1/upstreams.pb.go  | 126 +++++++++---------
 proto-public/pbmesh/v1alpha1/upstreams.proto  |   2 +-
 4 files changed, 122 insertions(+), 124 deletions(-)

diff --git a/proto-public/pbmesh/v1alpha1/connection.pb.go b/proto-public/pbmesh/v1alpha1/connection.pb.go
index 5edc0ee76d1d..65fa3ba329dd 100644
--- a/proto-public/pbmesh/v1alpha1/connection.pb.go
+++ b/proto-public/pbmesh/v1alpha1/connection.pb.go
@@ -23,50 +23,50 @@ const (
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )
 
-type BalanceInboundConnections int32
+type BalanceConnections int32
 
 const (
 	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	BalanceInboundConnections_BALANCE_INBOUND_CONNECTIONS_DEFAULT BalanceInboundConnections = 0
-	BalanceInboundConnections_BALANCE_INBOUND_CONNECTIONS_EXACT   BalanceInboundConnections = 1
+	BalanceConnections_BALANCE_CONNECTIONS_DEFAULT BalanceConnections = 0
+	BalanceConnections_BALANCE_CONNECTIONS_EXACT   BalanceConnections = 1
 )
 
-// Enum value maps for BalanceInboundConnections.
+// Enum value maps for BalanceConnections.
 var (
-	BalanceInboundConnections_name = map[int32]string{
-		0: "BALANCE_INBOUND_CONNECTIONS_DEFAULT",
-		1: "BALANCE_INBOUND_CONNECTIONS_EXACT",
+	BalanceConnections_name = map[int32]string{
+		0: "BALANCE_CONNECTIONS_DEFAULT",
+		1: "BALANCE_CONNECTIONS_EXACT",
 	}
-	BalanceInboundConnections_value = map[string]int32{
-		"BALANCE_INBOUND_CONNECTIONS_DEFAULT": 0,
-		"BALANCE_INBOUND_CONNECTIONS_EXACT":   1,
+	BalanceConnections_value = map[string]int32{
+		"BALANCE_CONNECTIONS_DEFAULT": 0,
+		"BALANCE_CONNECTIONS_EXACT":   1,
 	}
 )
 
-func (x BalanceInboundConnections) Enum() *BalanceInboundConnections {
-	p := new(BalanceInboundConnections)
+func (x BalanceConnections) Enum() *BalanceConnections {
+	p := new(BalanceConnections)
 	*p = x
 	return p
 }
 
-func (x BalanceInboundConnections) String() string {
+func (x BalanceConnections) String() string {
 	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 
-func (BalanceInboundConnections) Descriptor() protoreflect.EnumDescriptor {
+func (BalanceConnections) Descriptor() protoreflect.EnumDescriptor {
 	return file_pbmesh_v1alpha1_connection_proto_enumTypes[0].Descriptor()
 }
 
-func (BalanceInboundConnections) Type() protoreflect.EnumType {
+func (BalanceConnections) Type() protoreflect.EnumType {
 	return &file_pbmesh_v1alpha1_connection_proto_enumTypes[0]
 }
 
-func (x BalanceInboundConnections) Number() protoreflect.EnumNumber {
+func (x BalanceConnections) Number() protoreflect.EnumNumber {
 	return protoreflect.EnumNumber(x)
 }
 
-// Deprecated: Use BalanceInboundConnections.Descriptor instead.
-func (BalanceInboundConnections) EnumDescriptor() ([]byte, []int) {
+// Deprecated: Use BalanceConnections.Descriptor instead.
+func (BalanceConnections) EnumDescriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_connection_proto_rawDescGZIP(), []int{0}
 }
 
@@ -130,8 +130,8 @@ type InboundConnectionsConfig struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	MaxInboundConnections     uint64                    `protobuf:"varint,12,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
-	BalanceInboundConnections BalanceInboundConnections `protobuf:"varint,13,opt,name=balance_inbound_connections,json=balanceInboundConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections" json:"balance_inbound_connections,omitempty"`
+	MaxInboundConnections     uint64             `protobuf:"varint,12,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
+	BalanceInboundConnections BalanceConnections `protobuf:"varint,13,opt,name=balance_inbound_connections,json=balanceInboundConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceConnections" json:"balance_inbound_connections,omitempty"`
 }
 
 func (x *InboundConnectionsConfig) Reset() {
@@ -173,11 +173,11 @@ func (x *InboundConnectionsConfig) GetMaxInboundConnections() uint64 {
 	return 0
 }
 
-func (x *InboundConnectionsConfig) GetBalanceInboundConnections() BalanceInboundConnections {
+func (x *InboundConnectionsConfig) GetBalanceInboundConnections() BalanceConnections {
 	if x != nil {
 		return x.BalanceInboundConnections
 	}
-	return BalanceInboundConnections_BALANCE_INBOUND_CONNECTIONS_DEFAULT
+	return BalanceConnections_BALANCE_CONNECTIONS_DEFAULT
 }
 
 var File_pbmesh_v1alpha1_connection_proto protoreflect.FileDescriptor
@@ -194,45 +194,43 @@ var file_pbmesh_v1alpha1_connection_proto_rawDesc = []byte{
 	0x75, 0x74, 0x4d, 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f,
 	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04,
 	0x52, 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
-	0x4d, 0x73, 0x22, 0xcd, 0x01, 0x0a, 0x18, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f,
+	0x4d, 0x73, 0x22, 0xc6, 0x01, 0x0a, 0x18, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f,
 	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
 	0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63,
 	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04,
 	0x52, 0x15, 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x79, 0x0a, 0x1b, 0x62, 0x61, 0x6c, 0x61, 0x6e,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x72, 0x0a, 0x1b, 0x62, 0x61, 0x6c, 0x61, 0x6e,
 	0x63, 0x65, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x68,
 	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
 	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61,
-	0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65,
-	0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x2a, 0x6b, 0x0a, 0x19, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62,
-	0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
-	0x27, 0x0a, 0x23, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x49, 0x4e, 0x42, 0x4f, 0x55,
-	0x4e, 0x44, 0x5f, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x44,
-	0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x25, 0x0a, 0x21, 0x42, 0x41, 0x4c, 0x41,
-	0x4e, 0x43, 0x45, 0x5f, 0x49, 0x4e, 0x42, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x43, 0x4f, 0x4e, 0x4e,
-	0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x45, 0x58, 0x41, 0x43, 0x54, 0x10, 0x01, 0x42,
-	0x97, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75,
-	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62,
-	0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
-	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
-	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
-	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
+	0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x52, 0x19, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2a, 0x54, 0x0a, 0x12, 0x42,
+	0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x12, 0x1f, 0x0a, 0x1b, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x43, 0x4f, 0x4e,
+	0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54,
+	0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x43, 0x4f,
+	0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x45, 0x58, 0x41, 0x43, 0x54, 0x10,
+	0x01, 0x42, 0x97, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74,
+	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70,
+	0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68,
+	0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
+	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
+	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73,
+	0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
 }
 
 var (
@@ -250,12 +248,12 @@ func file_pbmesh_v1alpha1_connection_proto_rawDescGZIP() []byte {
 var file_pbmesh_v1alpha1_connection_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
 var file_pbmesh_v1alpha1_connection_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
 var file_pbmesh_v1alpha1_connection_proto_goTypes = []interface{}{
-	(BalanceInboundConnections)(0),   // 0: hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections
+	(BalanceConnections)(0),          // 0: hashicorp.consul.mesh.v1alpha1.BalanceConnections
 	(*ConnectionConfig)(nil),         // 1: hashicorp.consul.mesh.v1alpha1.ConnectionConfig
 	(*InboundConnectionsConfig)(nil), // 2: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig
 }
 var file_pbmesh_v1alpha1_connection_proto_depIdxs = []int32{
-	0, // 0: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig.balance_inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections
+	0, // 0: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig.balance_inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceConnections
 	1, // [1:1] is the sub-list for method output_type
 	1, // [1:1] is the sub-list for method input_type
 	1, // [1:1] is the sub-list for extension type_name
diff --git a/proto-public/pbmesh/v1alpha1/connection.proto b/proto-public/pbmesh/v1alpha1/connection.proto
index 8a1f4f0e7c57..1d054e503b30 100644
--- a/proto-public/pbmesh/v1alpha1/connection.proto
+++ b/proto-public/pbmesh/v1alpha1/connection.proto
@@ -12,11 +12,11 @@ message ConnectionConfig {
 
 message InboundConnectionsConfig {
   uint64 max_inbound_connections = 12;
-  BalanceInboundConnections balance_inbound_connections = 13;
+  BalanceConnections balance_inbound_connections = 13;
 }
 
-enum BalanceInboundConnections {
+enum BalanceConnections {
   // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  BALANCE_INBOUND_CONNECTIONS_DEFAULT = 0;
-  BALANCE_INBOUND_CONNECTIONS_EXACT = 1;
+  BALANCE_CONNECTIONS_DEFAULT = 0;
+  BALANCE_CONNECTIONS_EXACT = 1;
 }
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.pb.go b/proto-public/pbmesh/v1alpha1/upstreams.pb.go
index 575fe43006e4..93b151a3366d 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.pb.go
+++ b/proto-public/pbmesh/v1alpha1/upstreams.pb.go
@@ -432,11 +432,11 @@ type UpstreamConfig struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	ConnectTimeoutMs          uint64                    `protobuf:"varint,2,opt,name=connect_timeout_ms,json=connectTimeoutMs,proto3" json:"connect_timeout_ms,omitempty"`
-	Limits                    *UpstreamLimits           `protobuf:"bytes,3,opt,name=limits,proto3" json:"limits,omitempty"`
-	PassiveHealthCheck        *PassiveHealthCheck       `protobuf:"bytes,4,opt,name=passive_health_check,json=passiveHealthCheck,proto3" json:"passive_health_check,omitempty"`
-	BalanceInboundConnections BalanceInboundConnections `protobuf:"varint,5,opt,name=balance_inbound_connections,json=balanceInboundConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections" json:"balance_inbound_connections,omitempty"`
-	MeshGatewayMode           MeshGatewayMode           `protobuf:"varint,6,opt,name=mesh_gateway_mode,json=meshGatewayMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MeshGatewayMode" json:"mesh_gateway_mode,omitempty"`
+	ConnectTimeoutMs           uint64              `protobuf:"varint,2,opt,name=connect_timeout_ms,json=connectTimeoutMs,proto3" json:"connect_timeout_ms,omitempty"`
+	Limits                     *UpstreamLimits     `protobuf:"bytes,3,opt,name=limits,proto3" json:"limits,omitempty"`
+	PassiveHealthCheck         *PassiveHealthCheck `protobuf:"bytes,4,opt,name=passive_health_check,json=passiveHealthCheck,proto3" json:"passive_health_check,omitempty"`
+	BalanceOutboundConnections BalanceConnections  `protobuf:"varint,5,opt,name=balance_outbound_connections,json=balanceOutboundConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceConnections" json:"balance_outbound_connections,omitempty"`
+	MeshGatewayMode            MeshGatewayMode     `protobuf:"varint,6,opt,name=mesh_gateway_mode,json=meshGatewayMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MeshGatewayMode" json:"mesh_gateway_mode,omitempty"`
 }
 
 func (x *UpstreamConfig) Reset() {
@@ -492,11 +492,11 @@ func (x *UpstreamConfig) GetPassiveHealthCheck() *PassiveHealthCheck {
 	return nil
 }
 
-func (x *UpstreamConfig) GetBalanceInboundConnections() BalanceInboundConnections {
+func (x *UpstreamConfig) GetBalanceOutboundConnections() BalanceConnections {
 	if x != nil {
-		return x.BalanceInboundConnections
+		return x.BalanceOutboundConnections
 	}
-	return BalanceInboundConnections_BALANCE_INBOUND_CONNECTIONS_DEFAULT
+	return BalanceConnections_BALANCE_CONNECTIONS_DEFAULT
 }
 
 func (x *UpstreamConfig) GetMeshGatewayMode() MeshGatewayMode {
@@ -740,7 +740,7 @@ var file_pbmesh_v1alpha1_upstreams_proto_rawDesc = []byte{
 	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70,
 	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x75, 0x70,
 	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x0d, 0x0a, 0x0b,
-	0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x22, 0xc4, 0x03, 0x0a, 0x0e,
+	0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x22, 0xbf, 0x03, 0x0a, 0x0e,
 	0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2c,
 	0x0a, 0x12, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75,
 	0x74, 0x5f, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e,
@@ -755,60 +755,60 @@ var file_pbmesh_v1alpha1_upstreams_proto_rawDesc = []byte{
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
 	0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74,
 	0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x12, 0x70, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48,
-	0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x79, 0x0a, 0x1b, 0x62, 0x61,
-	0x6c, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32,
-	0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x62, 0x61, 0x6c, 0x61,
-	0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5b, 0x0a, 0x11, 0x6d, 0x65, 0x73, 0x68, 0x5f, 0x67, 0x61,
-	0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e,
-	0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x74, 0x0a, 0x1c, 0x62, 0x61,
+	0x6c, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e,
+	0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
 	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64,
-	0x65, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f,
-	0x64, 0x65, 0x22, 0xa3, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c,
-	0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e,
-	0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30,
-	0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12, 0x6d, 0x61,
-	0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73,
-	0x12, 0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65,
-	0x6e, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x05, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0xaa, 0x01, 0x0a, 0x12, 0x50, 0x61, 0x73,
-	0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12,
-	0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x78, 0x5f, 0x66, 0x61,
-	0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x61,
-	0x78, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x65, 0x6e, 0x66,
-	0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69,
-	0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x65, 0x6e,
-	0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69,
-	0x76, 0x65, 0x35, 0x78, 0x78, 0x42, 0x96, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61,
+	0x31, 0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x1a, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75, 0x74,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x12, 0x5b, 0x0a, 0x11, 0x6d, 0x65, 0x73, 0x68, 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
+	0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0e, 0x55, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45,
-	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d,
-	0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
-	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a,
-	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47,
-	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a,
-	0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73,
+	0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0f, 0x6d, 0x65,
+	0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0xa3, 0x01,
+	0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73,
+	0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x6d, 0x61, 0x78,
+	0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64,
+	0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x36, 0x0a, 0x17, 0x6d,
+	0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x6d, 0x61,
+	0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x73, 0x22, 0xaa, 0x01, 0x0a, 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48,
+	0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
+	0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x78, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65,
+	0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x61, 0x78, 0x46, 0x61, 0x69, 0x6c,
+	0x75, 0x72, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e,
+	0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78,
+	0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69,
+	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78,
+	0x42, 0x96, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
+	0x6d, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75,
+	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62,
+	0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
+	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
+	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
+	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
 }
 
 var (
@@ -835,7 +835,7 @@ var file_pbmesh_v1alpha1_upstreams_proto_goTypes = []interface{}{
 	(*PassiveHealthCheck)(nil),        // 7: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck
 	(*v1alpha1.WorkloadSelector)(nil), // 8: hashicorp.consul.catalog.v1alpha1.WorkloadSelector
 	(*pbresource.ID)(nil),             // 9: hashicorp.consul.resource.ID
-	(BalanceInboundConnections)(0),    // 10: hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections
+	(BalanceConnections)(0),           // 10: hashicorp.consul.mesh.v1alpha1.BalanceConnections
 	(MeshGatewayMode)(0),              // 11: hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
 	(*durationpb.Duration)(nil),       // 12: google.protobuf.Duration
 }
@@ -853,7 +853,7 @@ var file_pbmesh_v1alpha1_upstreams_proto_depIdxs = []int32{
 	5,  // 10: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.upstream_config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
 	6,  // 11: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.limits:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamLimits
 	7,  // 12: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.passive_health_check:type_name -> hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck
-	10, // 13: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.balance_inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections
+	10, // 13: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.balance_outbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceConnections
 	11, // 14: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
 	12, // 15: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck.interval:type_name -> google.protobuf.Duration
 	16, // [16:16] is the sub-list for method output_type
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.proto b/proto-public/pbmesh/v1alpha1/upstreams.proto
index 9239bac774b8..c1f444e9ccc2 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.proto
+++ b/proto-public/pbmesh/v1alpha1/upstreams.proto
@@ -61,7 +61,7 @@ message UpstreamConfig {
   uint64 connect_timeout_ms = 2;
   UpstreamLimits limits = 3;
   PassiveHealthCheck passive_health_check = 4;
-  BalanceInboundConnections balance_inbound_connections = 5;
+  BalanceConnections balance_outbound_connections = 5;
   MeshGatewayMode mesh_gateway_mode = 6;
 }
 

From 2af6bc434a578f1d39cee860c057665447393c6a Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Fri, 30 Jun 2023 03:00:29 +0000
Subject: [PATCH 122/359] feature - [NET - 4005]  - [Supportability] Reloadable
 Configuration - enable_debug (#17565)

* # This is a combination of 9 commits.
# This is the 1st commit message:

init without tests

# This is the commit message #2:

change log

# This is the commit message #3:

fix tests

# This is the commit message #4:

fix tests

# This is the commit message #5:

added tests

# This is the commit message #6:

change log breaking change

# This is the commit message #7:

removed breaking change

# This is the commit message #8:

fix test

# This is the commit message #9:

keeping the test behaviour same

* # This is a combination of 12 commits.
# This is the 1st commit message:

init without tests

# This is the commit message #2:

change log

# This is the commit message #3:

fix tests

# This is the commit message #4:

fix tests

# This is the commit message #5:

added tests

# This is the commit message #6:

change log breaking change

# This is the commit message #7:

removed breaking change

# This is the commit message #8:

fix test

# This is the commit message #9:

keeping the test behaviour same

# This is the commit message #10:

made enable debug atomic bool

# This is the commit message #11:

fix lint

# This is the commit message #12:

fix test true enable debug

* parent 10f500e895d92cc3691ade7b74a33db755d22039
author absolutelightning <ashesh.vidyut@hashicorp.com> 1687352587 +0530
committer absolutelightning <ashesh.vidyut@hashicorp.com> 1687352592 +0530

init without tests

change log

fix tests

fix tests

added tests

change log breaking change

removed breaking change

fix test

keeping the test behaviour same

made enable debug atomic bool

fix lint

fix test true enable debug

using enable debug in agent as atomic bool

test fixes

fix tests

fix tests

added update on correct locaiton

fix tests

fix reloadable config enable debug

fix tests

fix init and acl 403

* revert commit
---
 .changelog/17565.txt          |  3 +++
 agent/agent.go                | 12 ++++++++--
 agent/agent_endpoint_test.go  |  8 ++++---
 agent/agent_test.go           | 33 ++++++++++++++++++++++++++++
 agent/config/runtime_test.go  |  2 +-
 agent/http.go                 | 23 ++++++++++++--------
 agent/http_oss_test.go        |  7 ++++--
 agent/http_test.go            | 41 +++++++++++++++++++++++++----------
 agent/ui_endpoint_oss_test.go |  4 +++-
 agent/ui_endpoint_test.go     |  4 +++-
 10 files changed, 107 insertions(+), 30 deletions(-)
 create mode 100644 .changelog/17565.txt

diff --git a/.changelog/17565.txt b/.changelog/17565.txt
new file mode 100644
index 000000000000..f7cf46c38954
--- /dev/null
+++ b/.changelog/17565.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+reloadable config: Made enable_debug config reloadable and enable pprof command to work when config toggles to true
+```
\ No newline at end of file
diff --git a/agent/agent.go b/agent/agent.go
index 90bfffc1afe9..fa75a1cd1cf4 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -19,6 +19,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/armon/go-metrics"
@@ -415,6 +416,8 @@ type Agent struct {
 
 	// enterpriseAgent embeds fields that we only access in consul-enterprise builds
 	enterpriseAgent
+
+	enableDebug atomic.Bool
 }
 
 // New process the desired options and creates a new Agent.
@@ -597,6 +600,8 @@ func (a *Agent) Start(ctx context.Context) error {
 	// Overwrite the configuration.
 	a.config = c
 
+	a.enableDebug.Store(c.EnableDebug)
+
 	if err := a.tlsConfigurator.Update(a.config.TLS); err != nil {
 		return fmt.Errorf("Failed to load TLS configurations after applying auto-config settings: %w", err)
 	}
@@ -1126,13 +1131,13 @@ func (a *Agent) listenHTTP() ([]apiServer, error) {
 			httpServer := &http.Server{
 				Addr:           l.Addr().String(),
 				TLSConfig:      tlscfg,
-				Handler:        srv.handler(a.config.EnableDebug),
+				Handler:        srv.handler(),
 				MaxHeaderBytes: a.config.HTTPMaxHeaderBytes,
 			}
 
 			if scada.IsCapability(l.Addr()) {
 				// wrap in http2 server handler
-				httpServer.Handler = h2c.NewHandler(srv.handler(a.config.EnableDebug), &http2.Server{})
+				httpServer.Handler = h2c.NewHandler(srv.handler(), &http2.Server{})
 			}
 
 			// Load the connlimit helper into the server
@@ -4290,6 +4295,9 @@ func (a *Agent) reloadConfigInternal(newCfg *config.RuntimeConfig) error {
 
 	a.proxyConfig.SetUpdateRateLimit(newCfg.XDSUpdateRateLimit)
 
+	a.enableDebug.Store(newCfg.EnableDebug)
+	a.config.EnableDebug = newCfg.EnableDebug
+
 	return nil
 }
 
diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go
index 5194e2ae3489..c465b687a880 100644
--- a/agent/agent_endpoint_test.go
+++ b/agent/agent_endpoint_test.go
@@ -1623,7 +1623,7 @@ func TestHTTPHandlers_AgentMetricsStream_ACLDeny(t *testing.T) {
 	resp := httptest.NewRecorder()
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, "/v1/agent/metrics/stream", nil)
 	require.NoError(t, err)
-	handle := h.handler(false)
+	handle := h.handler()
 	handle.ServeHTTP(resp, req)
 	require.Equal(t, http.StatusForbidden, resp.Code)
 	require.Contains(t, resp.Body.String(), "Permission denied")
@@ -1660,7 +1660,7 @@ func TestHTTPHandlers_AgentMetricsStream(t *testing.T) {
 	resp := httptest.NewRecorder()
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, "/v1/agent/metrics/stream", nil)
 	require.NoError(t, err)
-	handle := h.handler(false)
+	handle := h.handler()
 	handle.ServeHTTP(resp, req)
 	require.Equal(t, http.StatusOK, resp.Code)
 
@@ -6008,8 +6008,10 @@ func TestAgent_Monitor(t *testing.T) {
 			cancelCtx, cancelFunc := context.WithCancel(context.Background())
 			req = req.WithContext(cancelCtx)
 
+			a.enableDebug.Store(true)
+
 			resp := httptest.NewRecorder()
-			handler := a.srv.handler(true)
+			handler := a.srv.handler()
 			go handler.ServeHTTP(resp, req)
 
 			args := &structs.ServiceDefinition{
diff --git a/agent/agent_test.go b/agent/agent_test.go
index b234573f3e57..a2e27feaf4fd 100644
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@@ -4193,6 +4193,39 @@ func TestAgent_ReloadConfig_XDSUpdateRateLimit(t *testing.T) {
 	require.Equal(t, rate.Limit(1000), a.proxyConfig.UpdateRateLimit())
 }
 
+func TestAgent_ReloadConfig_EnableDebug(t *testing.T) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	cfg := fmt.Sprintf(`data_dir = %q`, testutil.TempDir(t, "agent"))
+
+	a := NewTestAgent(t, cfg)
+	defer a.Shutdown()
+
+	c := TestConfig(
+		testutil.Logger(t),
+		config.FileSource{
+			Name:   t.Name(),
+			Format: "hcl",
+			Data:   cfg + ` enable_debug = true`,
+		},
+	)
+	require.NoError(t, a.reloadConfigInternal(c))
+	require.Equal(t, true, a.enableDebug.Load())
+
+	c = TestConfig(
+		testutil.Logger(t),
+		config.FileSource{
+			Name:   t.Name(),
+			Format: "hcl",
+			Data:   cfg + ` enable_debug = false`,
+		},
+	)
+	require.NoError(t, a.reloadConfigInternal(c))
+	require.Equal(t, false, a.enableDebug.Load())
+}
+
 func TestAgent_consulConfig_AutoEncryptAllowTLS(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go
index beaf214dba71..cc5451804dd7 100644
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@@ -324,8 +324,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.DevMode = true
 			rt.DisableAnonymousSignature = true
 			rt.DisableKeyringFile = true
-			rt.EnableDebug = true
 			rt.Experiments = []string{"resource-apis"}
+			rt.EnableDebug = true
 			rt.UIConfig.Enabled = true
 			rt.LeaveOnTerm = false
 			rt.Logging.LogLevel = "DEBUG"
diff --git a/agent/http.go b/agent/http.go
index 1706794adfe5..32010c343a6c 100644
--- a/agent/http.go
+++ b/agent/http.go
@@ -167,7 +167,7 @@ func (s *HTTPHandlers) ReloadConfig(newCfg *config.RuntimeConfig) error {
 //
 // The first call must not be concurrent with any other call. Subsequent calls
 // may be concurrent with HTTP requests since no state is modified.
-func (s *HTTPHandlers) handler(enableDebug bool) http.Handler {
+func (s *HTTPHandlers) handler() http.Handler {
 	// Memoize multiple calls.
 	if s.h != nil {
 		return s.h
@@ -210,7 +210,15 @@ func (s *HTTPHandlers) handler(enableDebug bool) http.Handler {
 	// handlePProf takes the given pattern and pprof handler
 	// and wraps it to add authorization and metrics
 	handlePProf := func(pattern string, handler http.HandlerFunc) {
+
 		wrapper := func(resp http.ResponseWriter, req *http.Request) {
+
+			// If enableDebug register wrapped pprof handlers
+			if !s.agent.enableDebug.Load() && s.checkACLDisabled() {
+				resp.WriteHeader(http.StatusNotFound)
+				return
+			}
+
 			var token string
 			s.parseToken(req, &token)
 
@@ -245,14 +253,11 @@ func (s *HTTPHandlers) handler(enableDebug bool) http.Handler {
 		handleFuncMetrics(pattern, s.wrap(bound, methods))
 	}
 
-	// If enableDebug or ACL enabled, register wrapped pprof handlers
-	if enableDebug || !s.checkACLDisabled() {
-		handlePProf("/debug/pprof/", pprof.Index)
-		handlePProf("/debug/pprof/cmdline", pprof.Cmdline)
-		handlePProf("/debug/pprof/profile", pprof.Profile)
-		handlePProf("/debug/pprof/symbol", pprof.Symbol)
-		handlePProf("/debug/pprof/trace", pprof.Trace)
-	}
+	handlePProf("/debug/pprof/", pprof.Index)
+	handlePProf("/debug/pprof/cmdline", pprof.Cmdline)
+	handlePProf("/debug/pprof/profile", pprof.Profile)
+	handlePProf("/debug/pprof/symbol", pprof.Symbol)
+	handlePProf("/debug/pprof/trace", pprof.Trace)
 
 	if s.IsUIEnabled() {
 		// Note that we _don't_ support reloading ui_config.{enabled, content_dir,
diff --git a/agent/http_oss_test.go b/agent/http_oss_test.go
index 60a956797925..5ba36320f628 100644
--- a/agent/http_oss_test.go
+++ b/agent/http_oss_test.go
@@ -144,7 +144,8 @@ func TestHTTPAPI_OptionMethod_OSS(t *testing.T) {
 			uri := fmt.Sprintf("http://%s%s", a.HTTPAddr(), path)
 			req, _ := http.NewRequest("OPTIONS", uri, nil)
 			resp := httptest.NewRecorder()
-			a.srv.handler(true).ServeHTTP(resp, req)
+			a.enableDebug.Store(true)
+			a.srv.handler().ServeHTTP(resp, req)
 			allMethods := append([]string{"OPTIONS"}, methods...)
 
 			if resp.Code != http.StatusOK {
@@ -190,7 +191,9 @@ func TestHTTPAPI_AllowedNets_OSS(t *testing.T) {
 			req, _ := http.NewRequest(method, uri, nil)
 			req.RemoteAddr = "192.168.1.2:5555"
 			resp := httptest.NewRecorder()
-			a.srv.handler(true).ServeHTTP(resp, req)
+			a.enableDebug.Store(true)
+
+			a.srv.handler().ServeHTTP(resp, req)
 
 			require.Equal(t, http.StatusForbidden, resp.Code, "%s %s", method, path)
 		})
diff --git a/agent/http_test.go b/agent/http_test.go
index 967b1b0b43b6..99100c5fbc8e 100644
--- a/agent/http_test.go
+++ b/agent/http_test.go
@@ -288,7 +288,9 @@ func TestSetupHTTPServer_HTTP2(t *testing.T) {
 	err = setupHTTPS(httpServer, noopConnState, time.Second)
 	require.NoError(t, err)
 
-	srvHandler := a.srv.handler(true)
+	a.enableDebug.Store(true)
+
+	srvHandler := a.srv.handler()
 	mux, ok := srvHandler.(*wrappedMux)
 	require.True(t, ok, "expected a *wrappedMux, got %T", handler)
 	mux.mux.HandleFunc("/echo", handler)
@@ -483,7 +485,9 @@ func TestHTTPAPI_Ban_Nonprintable_Characters(t *testing.T) {
 		t.Fatal(err)
 	}
 	resp := httptest.NewRecorder()
-	a.srv.handler(true).ServeHTTP(resp, req)
+	a.enableDebug.Store(true)
+
+	a.srv.handler().ServeHTTP(resp, req)
 	if got, want := resp.Code, http.StatusBadRequest; got != want {
 		t.Fatalf("bad response code got %d want %d", got, want)
 	}
@@ -506,7 +510,9 @@ func TestHTTPAPI_Allow_Nonprintable_Characters_With_Flag(t *testing.T) {
 		t.Fatal(err)
 	}
 	resp := httptest.NewRecorder()
-	a.srv.handler(true).ServeHTTP(resp, req)
+	a.enableDebug.Store(true)
+
+	a.srv.handler().ServeHTTP(resp, req)
 	// Key doesn't actually exist so we should get 404
 	if got, want := resp.Code, http.StatusNotFound; got != want {
 		t.Fatalf("bad response code got %d want %d", got, want)
@@ -645,7 +651,9 @@ func requireHasHeadersSet(t *testing.T, a *TestAgent, path string) {
 
 	resp := httptest.NewRecorder()
 	req, _ := http.NewRequest("GET", path, nil)
-	a.srv.handler(true).ServeHTTP(resp, req)
+	a.enableDebug.Store(true)
+
+	a.srv.handler().ServeHTTP(resp, req)
 
 	hdrs := resp.Header()
 	require.Equal(t, "*", hdrs.Get("Access-Control-Allow-Origin"),
@@ -706,14 +714,18 @@ func TestAcceptEncodingGzip(t *testing.T) {
 	// negotiation, but since this call doesn't go through a real
 	// transport, the header has to be set manually
 	req.Header["Accept-Encoding"] = []string{"gzip"}
-	a.srv.handler(true).ServeHTTP(resp, req)
+	a.enableDebug.Store(true)
+
+	a.srv.handler().ServeHTTP(resp, req)
 	require.Equal(t, 200, resp.Code)
 	require.Equal(t, "", resp.Header().Get("Content-Encoding"))
 
 	resp = httptest.NewRecorder()
 	req, _ = http.NewRequest("GET", "/v1/kv/long", nil)
 	req.Header["Accept-Encoding"] = []string{"gzip"}
-	a.srv.handler(true).ServeHTTP(resp, req)
+	a.enableDebug.Store(true)
+
+	a.srv.handler().ServeHTTP(resp, req)
 	require.Equal(t, 200, resp.Code)
 	require.Equal(t, "gzip", resp.Header().Get("Content-Encoding"))
 }
@@ -1068,8 +1080,9 @@ func TestHTTPServer_PProfHandlers_EnableDebug(t *testing.T) {
 	resp := httptest.NewRecorder()
 	req, _ := http.NewRequest("GET", "/debug/pprof/profile?seconds=1", nil)
 
+	a.enableDebug.Store(true)
 	httpServer := &HTTPHandlers{agent: a.Agent}
-	httpServer.handler(true).ServeHTTP(resp, req)
+	httpServer.handler().ServeHTTP(resp, req)
 
 	require.Equal(t, http.StatusOK, resp.Code)
 }
@@ -1087,7 +1100,7 @@ func TestHTTPServer_PProfHandlers_DisableDebugNoACLs(t *testing.T) {
 	req, _ := http.NewRequest("GET", "/debug/pprof/profile", nil)
 
 	httpServer := &HTTPHandlers{agent: a.Agent}
-	httpServer.handler(false).ServeHTTP(resp, req)
+	httpServer.handler().ServeHTTP(resp, req)
 
 	require.Equal(t, http.StatusNotFound, resp.Code)
 }
@@ -1168,7 +1181,9 @@ func TestHTTPServer_PProfHandlers_ACLs(t *testing.T) {
 		t.Run(fmt.Sprintf("case %d (%#v)", i, c), func(t *testing.T) {
 			req, _ := http.NewRequest("GET", fmt.Sprintf("%s?token=%s", c.endpoint, c.token), nil)
 			resp := httptest.NewRecorder()
-			a.srv.handler(true).ServeHTTP(resp, req)
+			a.enableDebug.Store(true)
+
+			a.srv.handler().ServeHTTP(resp, req)
 			assert.Equal(t, c.code, resp.Code)
 		})
 	}
@@ -1478,7 +1493,9 @@ func TestEnableWebUI(t *testing.T) {
 
 	req, _ := http.NewRequest("GET", "/ui/", nil)
 	resp := httptest.NewRecorder()
-	a.srv.handler(true).ServeHTTP(resp, req)
+	a.enableDebug.Store(true)
+
+	a.srv.handler().ServeHTTP(resp, req)
 	require.Equal(t, http.StatusOK, resp.Code)
 
 	// Validate that it actually sent the index page we expect since an error
@@ -1507,7 +1524,9 @@ func TestEnableWebUI(t *testing.T) {
 	{
 		req, _ := http.NewRequest("GET", "/ui/", nil)
 		resp := httptest.NewRecorder()
-		a.srv.handler(true).ServeHTTP(resp, req)
+		a.enableDebug.Store(true)
+
+		a.srv.handler().ServeHTTP(resp, req)
 		require.Equal(t, http.StatusOK, resp.Code)
 		require.Contains(t, resp.Body.String(), `<!-- CONSUL_VERSION:`)
 		require.Contains(t, resp.Body.String(), `valid-but-unlikely-metrics-provider-name`)
diff --git a/agent/ui_endpoint_oss_test.go b/agent/ui_endpoint_oss_test.go
index 847563032d9d..3e57fca667e8 100644
--- a/agent/ui_endpoint_oss_test.go
+++ b/agent/ui_endpoint_oss_test.go
@@ -58,7 +58,9 @@ func TestUIEndpoint_MetricsProxy_ACLDeny(t *testing.T) {
 	`, backendURL))
 	defer a.Shutdown()
 
-	h := a.srv.handler(true)
+	a.enableDebug.Store(true)
+
+	h := a.srv.handler()
 
 	testrpc.WaitForLeader(t, a.RPC, "dc1")
 
diff --git a/agent/ui_endpoint_test.go b/agent/ui_endpoint_test.go
index 494e395168fd..5fc2e06d3485 100644
--- a/agent/ui_endpoint_test.go
+++ b/agent/ui_endpoint_test.go
@@ -2620,7 +2620,9 @@ func TestUIEndpoint_MetricsProxy(t *testing.T) {
 			require.NoError(t, a.Agent.reloadConfigInternal(&cfg))
 
 			// Now fetch the API handler to run requests against
-			h := a.srv.handler(true)
+			a.enableDebug.Store(true)
+
+			h := a.srv.handler()
 
 			req := httptest.NewRequest("GET", tc.path, nil)
 			rec := httptest.NewRecorder()

From 5b7f360e770fec859e31fe8d000120faa0ffeb6c Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Thu, 29 Jun 2023 23:17:38 -0700
Subject: [PATCH 123/359] Fix formatting codeblocks on APIgw docs (#17970)

* fix formatting codeblocks

* remove unnecessary indents
---
 website/content/docs/api-gateway/usage/usage.mdx | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/website/content/docs/api-gateway/usage/usage.mdx b/website/content/docs/api-gateway/usage/usage.mdx
index b9b864ce234a..e815d21c5fda 100644
--- a/website/content/docs/api-gateway/usage/usage.mdx
+++ b/website/content/docs/api-gateway/usage/usage.mdx
@@ -22,11 +22,11 @@ Configure your [`Gateway`](/consul/docs/api-gateway/configuration/gateway) and [
 
   <CodeBlockConfig hideClipboard filename="values.yaml">
 
-    ```yaml
-      apiGateway:
-        enabled: true
-        managedGatewayClass:
-    ```
+  ```yaml
+    apiGateway:
+      enabled: true
+      managedGatewayClass:
+  ```
 
   </CodeBlockConfig>
 
@@ -34,9 +34,9 @@ Configure your [`Gateway`](/consul/docs/api-gateway/configuration/gateway) and [
 
 Issue the `kubectl apply` command to implement the configurations:
 
-  ```shell-session
-    $ kubectl apply -f gateway.yaml routes.yaml
-  ```
+```shell-session
+$ kubectl apply -f gateway.yaml routes.yaml
+```
 
 
 <!--- Commented out per https://github.com/hashicorp/consul/pull/11951/files#r791204596

From 50a9d1b696a5061593939d54a5bd950c8470aac8 Mon Sep 17 00:00:00 2001
From: "Chris S. Kim" <ckim@hashicorp.com>
Date: Fri, 30 Jun 2023 10:05:13 -0400
Subject: [PATCH 124/359] Remove POC code (#17974)

---
 .../builtin/http/localratelimit/ratelimit.go  | 199 --------------
 .../http/localratelimit/ratelimit_test.go     | 187 -------------
 .../envoyextensions/registered_extensions.go  |   2 -
 agent/xds/delta_envoy_extender_oss_test.go    |  24 +-
 ...cal-ratelimit-applyto-filter.latest.golden | 127 ---------
 ...cal-ratelimit-applyto-filter.latest.golden |  75 -----
 ...cal-ratelimit-applyto-filter.latest.golden | 256 ------------------
 ...cal-ratelimit-applyto-filter.latest.golden |   5 -
 api/config_entry.go                           |   1 -
 .../envoy/case-envoyext-ratelimit/capture.sh  |   7 -
 .../case-envoyext-ratelimit/service_s1.hcl    |  19 --
 .../case-envoyext-ratelimit/service_s2.hcl    |   8 -
 .../envoy/case-envoyext-ratelimit/setup.sh    |  49 ----
 .../envoy/case-envoyext-ratelimit/vars.sh     |   6 -
 .../envoy/case-envoyext-ratelimit/verify.bats |  57 ----
 15 files changed, 2 insertions(+), 1020 deletions(-)
 delete mode 100644 agent/envoyextensions/builtin/http/localratelimit/ratelimit.go
 delete mode 100644 agent/envoyextensions/builtin/http/localratelimit/ratelimit_test.go
 delete mode 100644 agent/xds/testdata/builtin_extension/clusters/http-local-ratelimit-applyto-filter.latest.golden
 delete mode 100644 agent/xds/testdata/builtin_extension/endpoints/http-local-ratelimit-applyto-filter.latest.golden
 delete mode 100644 agent/xds/testdata/builtin_extension/listeners/http-local-ratelimit-applyto-filter.latest.golden
 delete mode 100644 agent/xds/testdata/builtin_extension/routes/http-local-ratelimit-applyto-filter.latest.golden
 delete mode 100644 test/integration/connect/envoy/case-envoyext-ratelimit/capture.sh
 delete mode 100644 test/integration/connect/envoy/case-envoyext-ratelimit/service_s1.hcl
 delete mode 100644 test/integration/connect/envoy/case-envoyext-ratelimit/service_s2.hcl
 delete mode 100644 test/integration/connect/envoy/case-envoyext-ratelimit/setup.sh
 delete mode 100644 test/integration/connect/envoy/case-envoyext-ratelimit/vars.sh
 delete mode 100644 test/integration/connect/envoy/case-envoyext-ratelimit/verify.bats

diff --git a/agent/envoyextensions/builtin/http/localratelimit/ratelimit.go b/agent/envoyextensions/builtin/http/localratelimit/ratelimit.go
deleted file mode 100644
index 07e981ae2d4e..000000000000
--- a/agent/envoyextensions/builtin/http/localratelimit/ratelimit.go
+++ /dev/null
@@ -1,199 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package localratelimit
-
-import (
-	"errors"
-	"fmt"
-	"time"
-
-	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
-	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
-	envoy_ratelimit "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3"
-	envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
-	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
-	envoy_resource_v3 "github.com/envoyproxy/go-control-plane/pkg/resource/v3"
-	"github.com/hashicorp/go-multierror"
-	"github.com/mitchellh/mapstructure"
-	"google.golang.org/protobuf/types/known/durationpb"
-	"google.golang.org/protobuf/types/known/wrapperspb"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
-)
-
-type ratelimit struct {
-	extensioncommon.BasicExtensionAdapter
-
-	ProxyType string
-
-	// Token bucket of the rate limit
-	MaxTokens     *int
-	TokensPerFill *int
-	FillInterval  *int
-
-	// Percent of requests to be rate limited
-	FilterEnabled  *uint32
-	FilterEnforced *uint32
-}
-
-var _ extensioncommon.BasicExtension = (*ratelimit)(nil)
-
-// Constructor follows a specific function signature required for the extension registration.
-func Constructor(ext api.EnvoyExtension) (extensioncommon.EnvoyExtender, error) {
-	var r ratelimit
-	if name := ext.Name; name != api.BuiltinLocalRatelimitExtension {
-		return nil, fmt.Errorf("expected extension name 'ratelimit' but got %q", name)
-	}
-
-	if err := r.fromArguments(ext.Arguments); err != nil {
-		return nil, err
-	}
-
-	return &extensioncommon.BasicEnvoyExtender{
-		Extension: &r,
-	}, nil
-}
-
-func (r *ratelimit) fromArguments(args map[string]interface{}) error {
-	if err := mapstructure.Decode(args, r); err != nil {
-		return fmt.Errorf("error decoding extension arguments: %v", err)
-	}
-	if r.ProxyType == "" {
-		r.ProxyType = string(api.ServiceKindConnectProxy)
-	}
-	return r.validate()
-}
-
-func (r *ratelimit) validate() error {
-	var resultErr error
-
-	// NOTE: Envoy requires FillInterval value must be greater than 0.
-	// If unset, it is considered as 0.
-	if r.FillInterval == nil {
-		resultErr = multierror.Append(resultErr, fmt.Errorf("FillInterval(in second) is missing"))
-	} else if *r.FillInterval <= 0 {
-		resultErr = multierror.Append(resultErr, fmt.Errorf("FillInterval(in second) must be greater than 0, got %d", *r.FillInterval))
-	}
-
-	// NOTE: Envoy requires MaxToken value must be greater than 0.
-	// If unset, it is considered as 0.
-	if r.MaxTokens == nil {
-		resultErr = multierror.Append(resultErr, fmt.Errorf("MaxTokens is missing"))
-	} else if *r.MaxTokens <= 0 {
-		resultErr = multierror.Append(resultErr, fmt.Errorf("MaxTokens must be greater than 0, got %d", r.MaxTokens))
-	}
-
-	// TokensPerFill is allowed to unset. In this case, envoy
-	// uses its default value, which is 1.
-	if r.TokensPerFill != nil && *r.TokensPerFill <= 0 {
-		resultErr = multierror.Append(resultErr, fmt.Errorf("TokensPerFill must be greater than 0, got %d", *r.TokensPerFill))
-	}
-
-	if err := validateProxyType(r.ProxyType); err != nil {
-		resultErr = multierror.Append(resultErr, err)
-	}
-
-	return resultErr
-}
-
-// CanApply determines if the extension can apply to the given extension configuration.
-func (p *ratelimit) CanApply(config *extensioncommon.RuntimeConfig) bool {
-	return string(config.Kind) == p.ProxyType
-}
-
-// PatchFilter inserts a http local rate_limit filter at the head of
-// envoy.filters.network.http_connection_manager filters
-func (r ratelimit) PatchFilter(p extensioncommon.FilterPayload) (*envoy_listener_v3.Filter, bool, error) {
-	filter := p.Message
-	// rate limit is only applied to the inbound listener of the service itself
-	// since the limit is aggregated from all downstream connections.
-	if !p.IsInbound() {
-		return filter, false, nil
-	}
-
-	if filter.Name != "envoy.filters.network.http_connection_manager" {
-		return filter, false, nil
-	}
-	if typedConfig := filter.GetTypedConfig(); typedConfig == nil {
-		return filter, false, errors.New("error getting typed config for http filter")
-	}
-
-	config := envoy_resource_v3.GetHTTPConnectionManager(filter)
-	if config == nil {
-		return filter, false, errors.New("error unmarshalling filter")
-	}
-
-	tokenBucket := envoy_type_v3.TokenBucket{}
-
-	if r.TokensPerFill != nil {
-		tokenBucket.TokensPerFill = &wrapperspb.UInt32Value{
-			Value: uint32(*r.TokensPerFill),
-		}
-	}
-	if r.MaxTokens != nil {
-		tokenBucket.MaxTokens = uint32(*r.MaxTokens)
-	}
-
-	if r.FillInterval != nil {
-		tokenBucket.FillInterval = durationpb.New(time.Duration(*r.FillInterval) * time.Second)
-	}
-
-	var FilterEnabledDefault *envoy_core_v3.RuntimeFractionalPercent
-	if r.FilterEnabled != nil {
-		FilterEnabledDefault = &envoy_core_v3.RuntimeFractionalPercent{
-			DefaultValue: &envoy_type_v3.FractionalPercent{
-				Numerator:   *r.FilterEnabled,
-				Denominator: envoy_type_v3.FractionalPercent_HUNDRED,
-			},
-		}
-	}
-
-	var FilterEnforcedDefault *envoy_core_v3.RuntimeFractionalPercent
-	if r.FilterEnforced != nil {
-		FilterEnforcedDefault = &envoy_core_v3.RuntimeFractionalPercent{
-			DefaultValue: &envoy_type_v3.FractionalPercent{
-				Numerator:   *r.FilterEnforced,
-				Denominator: envoy_type_v3.FractionalPercent_HUNDRED,
-			},
-		}
-	}
-
-	ratelimitHttpFilter, err := extensioncommon.MakeEnvoyHTTPFilter(
-		"envoy.filters.http.local_ratelimit",
-		&envoy_ratelimit.LocalRateLimit{
-			TokenBucket:    &tokenBucket,
-			StatPrefix:     "local_ratelimit",
-			FilterEnabled:  FilterEnabledDefault,
-			FilterEnforced: FilterEnforcedDefault,
-		},
-	)
-
-	if err != nil {
-		return filter, false, err
-	}
-
-	changedFilters := make([]*envoy_http_v3.HttpFilter, 0, len(config.HttpFilters)+1)
-
-	// The ratelimitHttpFilter is inserted as the first element of the http
-	// filter chain.
-	changedFilters = append(changedFilters, ratelimitHttpFilter)
-	changedFilters = append(changedFilters, config.HttpFilters...)
-	config.HttpFilters = changedFilters
-
-	newFilter, err := extensioncommon.MakeFilter("envoy.filters.network.http_connection_manager", config)
-	if err != nil {
-		return filter, false, errors.New("error making new filter")
-	}
-
-	return newFilter, true, nil
-}
-
-func validateProxyType(t string) error {
-	if t != string(api.ServiceKindConnectProxy) {
-		return fmt.Errorf("unexpected ProxyType %q", t)
-	}
-
-	return nil
-}
diff --git a/agent/envoyextensions/builtin/http/localratelimit/ratelimit_test.go b/agent/envoyextensions/builtin/http/localratelimit/ratelimit_test.go
deleted file mode 100644
index 2b208bf3e7e8..000000000000
--- a/agent/envoyextensions/builtin/http/localratelimit/ratelimit_test.go
+++ /dev/null
@@ -1,187 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package localratelimit
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
-)
-
-func TestConstructor(t *testing.T) {
-	makeArguments := func(overrides map[string]interface{}) map[string]interface{} {
-		m := map[string]interface{}{
-			"ProxyType": "connect-proxy",
-		}
-
-		for k, v := range overrides {
-			m[k] = v
-		}
-
-		return m
-	}
-
-	cases := map[string]struct {
-		extensionName  string
-		arguments      map[string]interface{}
-		expected       ratelimit
-		ok             bool
-		expectedErrMsg string
-	}{
-		"with no arguments": {
-			arguments: nil,
-			ok:        false,
-		},
-		"with an invalid name": {
-			arguments:     makeArguments(map[string]interface{}{}),
-			extensionName: "bad",
-			ok:            false,
-		},
-		"MaxToken is missing": {
-			arguments: makeArguments(map[string]interface{}{
-				"ProxyType":     "connect-proxy",
-				"FillInterval":  30,
-				"TokensPerFill": 5,
-			}),
-			expectedErrMsg: "MaxTokens is missing",
-			ok:             false,
-		},
-		"MaxTokens <= 0": {
-			arguments: makeArguments(map[string]interface{}{
-				"ProxyType":     "connect-proxy",
-				"FillInterval":  30,
-				"TokensPerFill": 5,
-				"MaxTokens":     0,
-			}),
-			expectedErrMsg: "MaxTokens must be greater than 0",
-			ok:             false,
-		},
-		"FillInterval is missing": {
-			arguments: makeArguments(map[string]interface{}{
-				"ProxyType":     "connect-proxy",
-				"TokensPerFill": 5,
-				"MaxTokens":     10,
-			}),
-			expectedErrMsg: "FillInterval(in second) is missing",
-			ok:             false,
-		},
-		"FillInterval <= 0": {
-			arguments: makeArguments(map[string]interface{}{
-				"ProxyType":     "connect-proxy",
-				"FillInterval":  0,
-				"TokensPerFill": 5,
-				"MaxTokens":     10,
-			}),
-			expectedErrMsg: "FillInterval(in second) must be greater than 0",
-			ok:             false,
-		},
-		"TokensPerFill <= 0": {
-			arguments: makeArguments(map[string]interface{}{
-				"ProxyType":     "connect-proxy",
-				"FillInterval":  30,
-				"TokensPerFill": 0,
-				"MaxTokens":     10,
-			}),
-			expectedErrMsg: "TokensPerFill must be greater than 0",
-			ok:             false,
-		},
-		"FilterEnabled < 0": {
-			arguments: makeArguments(map[string]interface{}{
-				"ProxyType":     "connect-proxy",
-				"FillInterval":  30,
-				"TokensPerFill": 5,
-				"MaxTokens":     10,
-				"FilterEnabled": -1,
-			}),
-			expectedErrMsg: "cannot parse 'FilterEnabled', -1 overflows uint",
-			ok:             false,
-		},
-		"FilterEnforced < 0": {
-			arguments: makeArguments(map[string]interface{}{
-				"ProxyType":      "connect-proxy",
-				"FillInterval":   30,
-				"TokensPerFill":  5,
-				"MaxTokens":      10,
-				"FilterEnforced": -1,
-			}),
-			expectedErrMsg: "cannot parse 'FilterEnforced', -1 overflows uint",
-			ok:             false,
-		},
-		"invalid proxy type": {
-			arguments: makeArguments(map[string]interface{}{
-				"ProxyType":     "invalid",
-				"FillInterval":  30,
-				"MaxTokens":     20,
-				"TokensPerFill": 5,
-			}),
-			expectedErrMsg: `unexpected ProxyType "invalid"`,
-			ok:             false,
-		},
-		"default proxy type": {
-			arguments: makeArguments(map[string]interface{}{
-				"FillInterval":  30,
-				"MaxTokens":     20,
-				"TokensPerFill": 5,
-			}),
-			expected: ratelimit{
-				ProxyType:     "connect-proxy",
-				MaxTokens:     intPointer(20),
-				FillInterval:  intPointer(30),
-				TokensPerFill: intPointer(5),
-			},
-			ok: true,
-		},
-		"valid everything": {
-			arguments: makeArguments(map[string]interface{}{
-				"ProxyType":     "connect-proxy",
-				"FillInterval":  30,
-				"MaxTokens":     20,
-				"TokensPerFill": 5,
-			}),
-			expected: ratelimit{
-				ProxyType:     "connect-proxy",
-				MaxTokens:     intPointer(20),
-				FillInterval:  intPointer(30),
-				TokensPerFill: intPointer(5),
-			},
-			ok: true,
-		},
-	}
-
-	for n, tc := range cases {
-		t.Run(n, func(t *testing.T) {
-
-			extensionName := api.BuiltinLocalRatelimitExtension
-			if tc.extensionName != "" {
-				extensionName = tc.extensionName
-			}
-
-			svc := api.CompoundServiceName{Name: "svc"}
-			ext := extensioncommon.RuntimeConfig{
-				ServiceName: svc,
-				EnvoyExtension: api.EnvoyExtension{
-					Name:      extensionName,
-					Arguments: tc.arguments,
-				},
-			}
-
-			e, err := Constructor(ext.EnvoyExtension)
-
-			if tc.ok {
-				require.NoError(t, err)
-				require.Equal(t, &extensioncommon.BasicEnvoyExtender{Extension: &tc.expected}, e)
-			} else {
-				require.Error(t, err)
-				require.Contains(t, err.Error(), tc.expectedErrMsg)
-			}
-		})
-	}
-}
-
-func intPointer(i int) *int {
-	return &i
-}
diff --git a/agent/envoyextensions/registered_extensions.go b/agent/envoyextensions/registered_extensions.go
index 177ab9cb0342..7b0f2ae61da1 100644
--- a/agent/envoyextensions/registered_extensions.go
+++ b/agent/envoyextensions/registered_extensions.go
@@ -11,7 +11,6 @@ import (
 
 	awslambda "github.com/hashicorp/consul/agent/envoyextensions/builtin/aws-lambda"
 	extauthz "github.com/hashicorp/consul/agent/envoyextensions/builtin/ext-authz"
-	"github.com/hashicorp/consul/agent/envoyextensions/builtin/http/localratelimit"
 	"github.com/hashicorp/consul/agent/envoyextensions/builtin/lua"
 	propertyoverride "github.com/hashicorp/consul/agent/envoyextensions/builtin/property-override"
 	"github.com/hashicorp/consul/agent/envoyextensions/builtin/wasm"
@@ -24,7 +23,6 @@ type extensionConstructor func(api.EnvoyExtension) (extensioncommon.EnvoyExtende
 var extensionConstructors = map[string]extensionConstructor{
 	api.BuiltinLuaExtension:              lua.Constructor,
 	api.BuiltinAWSLambdaExtension:        awslambda.Constructor,
-	api.BuiltinLocalRatelimitExtension:   localratelimit.Constructor,
 	api.BuiltinPropertyOverrideExtension: propertyoverride.Constructor,
 	api.BuiltinWasmExtension:             wasm.Constructor,
 	api.BuiltinExtAuthzExtension:         extauthz.Constructor,
diff --git a/agent/xds/delta_envoy_extender_oss_test.go b/agent/xds/delta_envoy_extender_oss_test.go
index 2f18809b1936..4da20dfb3153 100644
--- a/agent/xds/delta_envoy_extender_oss_test.go
+++ b/agent/xds/delta_envoy_extender_oss_test.go
@@ -15,13 +15,14 @@ import (
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
-	"github.com/hashicorp/consul/agent/xds/testcommon"
 	"github.com/hashicorp/go-hclog"
 	goversion "github.com/hashicorp/go-version"
 	testinf "github.com/mitchellh/go-testing-interface"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/proto"
 
+	"github.com/hashicorp/consul/agent/xds/testcommon"
+
 	propertyoverride "github.com/hashicorp/consul/agent/envoyextensions/builtin/property-override"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
@@ -579,27 +580,6 @@ end`,
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", false, nsFunc, nil, makeLambdaServiceDefaults(true))
 			},
 		},
-		{
-			name: "http-local-ratelimit-applyto-filter",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) {
-					ns.Proxy.Config["protocol"] = "http"
-					ns.Proxy.EnvoyExtensions = []structs.EnvoyExtension{
-						{
-							Name: api.BuiltinLocalRatelimitExtension,
-							Arguments: map[string]interface{}{
-								"ProxyType":      "connect-proxy",
-								"MaxTokens":      3,
-								"TokensPerFill":  2,
-								"FillInterval":   10,
-								"FilterEnabled":  100,
-								"FilterEnforced": 100,
-							},
-						},
-					}
-				}, nil)
-			},
-		},
 		{
 			name: "wasm-http-local-file",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
diff --git a/agent/xds/testdata/builtin_extension/clusters/http-local-ratelimit-applyto-filter.latest.golden b/agent/xds/testdata/builtin_extension/clusters/http-local-ratelimit-applyto-filter.latest.golden
deleted file mode 100644
index 6f67c341ddf6..000000000000
--- a/agent/xds/testdata/builtin_extension/clusters/http-local-ratelimit-applyto-filter.latest.golden
+++ /dev/null
@@ -1,127 +0,0 @@
-{
-    "versionInfo": "00000001",
-    "resources": [
-        {
-            "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-            "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-            "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-            "type": "EDS",
-            "edsClusterConfig": {
-                "edsConfig": {
-                    "ads": {},
-                    "resourceApiVersion": "V3"
-                }
-            },
-            "connectTimeout": "5s",
-            "circuitBreakers": {},
-            "outlierDetection": {},
-            "commonLbConfig": {
-                "healthyPanicThreshold": {}
-            },
-            "transportSocket": {
-                "name": "tls",
-                "typedConfig": {
-                    "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-                    "commonTlsContext": {
-                        "tlsParams": {},
-                        "tlsCertificates": [
-                            {
-                                "certificateChain": {
-                                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                                },
-                                "privateKey": {
-                                    "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                                }
-                            }
-                        ],
-                        "validationContext": {
-                            "trustedCa": {
-                                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                            },
-                            "matchSubjectAltNames": [
-                                {
-                                    "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
-                                }
-                            ]
-                        }
-                    },
-                    "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-                }
-            }
-        },
-        {
-            "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-            "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
-            "type": "EDS",
-            "edsClusterConfig": {
-                "edsConfig": {
-                    "ads": {},
-                    "resourceApiVersion": "V3"
-                }
-            },
-            "connectTimeout": "5s",
-            "circuitBreakers": {},
-            "outlierDetection": {},
-            "transportSocket": {
-                "name": "tls",
-                "typedConfig": {
-                    "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-                    "commonTlsContext": {
-                        "tlsParams": {},
-                        "tlsCertificates": [
-                            {
-                                "certificateChain": {
-                                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                                },
-                                "privateKey": {
-                                    "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                                }
-                            }
-                        ],
-                        "validationContext": {
-                            "trustedCa": {
-                                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                            },
-                            "matchSubjectAltNames": [
-                                {
-                                    "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
-                                },
-                                {
-                                    "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
-                                }
-                            ]
-                        }
-                    },
-                    "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
-                }
-            }
-        },
-        {
-            "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-            "name": "local_app",
-            "type": "STATIC",
-            "connectTimeout": "5s",
-            "loadAssignment": {
-                "clusterName": "local_app",
-                "endpoints": [
-                    {
-                        "lbEndpoints": [
-                            {
-                                "endpoint": {
-                                    "address": {
-                                        "socketAddress": {
-                                            "address": "127.0.0.1",
-                                            "portValue": 8080
-                                        }
-                                    }
-                                }
-                            }
-                        ]
-                    }
-                ]
-            }
-        }
-    ],
-    "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-    "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/endpoints/http-local-ratelimit-applyto-filter.latest.golden b/agent/xds/testdata/builtin_extension/endpoints/http-local-ratelimit-applyto-filter.latest.golden
deleted file mode 100644
index e8e6b94a1a90..000000000000
--- a/agent/xds/testdata/builtin_extension/endpoints/http-local-ratelimit-applyto-filter.latest.golden
+++ /dev/null
@@ -1,75 +0,0 @@
-{
-    "versionInfo": "00000001",
-    "resources": [
-        {
-            "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-            "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-            "endpoints": [
-                {
-                    "lbEndpoints": [
-                        {
-                            "endpoint": {
-                                "address": {
-                                    "socketAddress": {
-                                        "address": "10.10.1.1",
-                                        "portValue": 8080
-                                    }
-                                }
-                            },
-                            "healthStatus": "HEALTHY",
-                            "loadBalancingWeight": 1
-                        },
-                        {
-                            "endpoint": {
-                                "address": {
-                                    "socketAddress": {
-                                        "address": "10.10.1.2",
-                                        "portValue": 8080
-                                    }
-                                }
-                            },
-                            "healthStatus": "HEALTHY",
-                            "loadBalancingWeight": 1
-                        }
-                    ]
-                }
-            ]
-        },
-        {
-            "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-            "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
-            "endpoints": [
-                {
-                    "lbEndpoints": [
-                        {
-                            "endpoint": {
-                                "address": {
-                                    "socketAddress": {
-                                        "address": "10.10.1.1",
-                                        "portValue": 8080
-                                    }
-                                }
-                            },
-                            "healthStatus": "HEALTHY",
-                            "loadBalancingWeight": 1
-                        },
-                        {
-                            "endpoint": {
-                                "address": {
-                                    "socketAddress": {
-                                        "address": "10.20.1.2",
-                                        "portValue": 8080
-                                    }
-                                }
-                            },
-                            "healthStatus": "HEALTHY",
-                            "loadBalancingWeight": 1
-                        }
-                    ]
-                }
-            ]
-        }
-    ],
-    "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-    "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/http-local-ratelimit-applyto-filter.latest.golden b/agent/xds/testdata/builtin_extension/listeners/http-local-ratelimit-applyto-filter.latest.golden
deleted file mode 100644
index 29c336296e40..000000000000
--- a/agent/xds/testdata/builtin_extension/listeners/http-local-ratelimit-applyto-filter.latest.golden
+++ /dev/null
@@ -1,256 +0,0 @@
-{
-    "versionInfo": "00000001",
-    "resources": [
-        {
-            "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-            "name": "db:127.0.0.1:9191",
-            "address": {
-                "socketAddress": {
-                    "address": "127.0.0.1",
-                    "portValue": 9191
-                }
-            },
-            "filterChains": [
-                {
-                    "filters": [
-                        {
-                            "name": "envoy.filters.network.tcp_proxy",
-                            "typedConfig": {
-                                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                                "statPrefix": "upstream.db.default.default.dc1",
-                                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-                            }
-                        }
-                    ]
-                }
-            ],
-            "trafficDirection": "OUTBOUND"
-        },
-        {
-            "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-            "name": "prepared_query:geo-cache:127.10.10.10:8181",
-            "address": {
-                "socketAddress": {
-                    "address": "127.10.10.10",
-                    "portValue": 8181
-                }
-            },
-            "filterChains": [
-                {
-                    "filters": [
-                        {
-                            "name": "envoy.filters.network.tcp_proxy",
-                            "typedConfig": {
-                                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                                "statPrefix": "upstream.prepared_query_geo-cache",
-                                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
-                            }
-                        }
-                    ]
-                }
-            ],
-            "trafficDirection": "OUTBOUND"
-        },
-        {
-            "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-            "name": "public_listener:0.0.0.0:9999",
-            "address": {
-                "socketAddress": {
-                    "address": "0.0.0.0",
-                    "portValue": 9999
-                }
-            },
-            "filterChains": [
-                {
-                    "filters": [
-                        {
-                            "name": "envoy.filters.network.http_connection_manager",
-                            "typedConfig": {
-                                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                                "statPrefix": "public_listener",
-                                "routeConfig": {
-                                    "name": "public_listener",
-                                    "virtualHosts": [
-                                        {
-                                            "name": "public_listener",
-                                            "domains": [
-                                                "*"
-                                            ],
-                                            "routes": [
-                                                {
-                                                    "match": {
-                                                        "prefix": "/"
-                                                    },
-                                                    "route": {
-                                                        "cluster": "local_app"
-                                                    }
-                                                }
-                                            ]
-                                        }
-                                    ]
-                                },
-                                "httpFilters": [
-                                    {
-                                        "name": "envoy.filters.http.local_ratelimit",
-                                        "typedConfig": {
-                                            "@type": "type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit",
-                                            "statPrefix": "local_ratelimit",
-                                            "tokenBucket": {
-                                                "maxTokens": 3,
-                                                "tokensPerFill": 2,
-                                                "fillInterval": "10s"
-                                            },
-                                            "filterEnabled": {
-                                                "defaultValue": {
-                                                    "numerator": 100
-                                                }
-                                            },
-                                            "filterEnforced": {
-                                                "defaultValue": {
-                                                    "numerator": 100
-                                                }
-                                            }
-                                        }
-                                    },
-                                    {
-                                        "name": "envoy.filters.http.rbac",
-                                        "typedConfig": {
-                                            "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                                            "rules": {}
-                                        }
-                                    },
-                                    {
-                                        "name": "envoy.filters.http.header_to_metadata",
-                                        "typedConfig": {
-                                            "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                                            "requestRules": [
-                                                {
-                                                    "header": "x-forwarded-client-cert",
-                                                    "onHeaderPresent": {
-                                                        "metadataNamespace": "consul",
-                                                        "key": "trust-domain",
-                                                        "regexValueRewrite": {
-                                                            "pattern": {
-                                                                "googleRe2": {},
-                                                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
-                                                            },
-                                                            "substitution": "\\1"
-                                                        }
-                                                    }
-                                                },
-                                                {
-                                                    "header": "x-forwarded-client-cert",
-                                                    "onHeaderPresent": {
-                                                        "metadataNamespace": "consul",
-                                                        "key": "partition",
-                                                        "regexValueRewrite": {
-                                                            "pattern": {
-                                                                "googleRe2": {},
-                                                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
-                                                            },
-                                                            "substitution": "\\2"
-                                                        }
-                                                    }
-                                                },
-                                                {
-                                                    "header": "x-forwarded-client-cert",
-                                                    "onHeaderPresent": {
-                                                        "metadataNamespace": "consul",
-                                                        "key": "namespace",
-                                                        "regexValueRewrite": {
-                                                            "pattern": {
-                                                                "googleRe2": {},
-                                                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
-                                                            },
-                                                            "substitution": "\\3"
-                                                        }
-                                                    }
-                                                },
-                                                {
-                                                    "header": "x-forwarded-client-cert",
-                                                    "onHeaderPresent": {
-                                                        "metadataNamespace": "consul",
-                                                        "key": "datacenter",
-                                                        "regexValueRewrite": {
-                                                            "pattern": {
-                                                                "googleRe2": {},
-                                                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
-                                                            },
-                                                            "substitution": "\\4"
-                                                        }
-                                                    }
-                                                },
-                                                {
-                                                    "header": "x-forwarded-client-cert",
-                                                    "onHeaderPresent": {
-                                                        "metadataNamespace": "consul",
-                                                        "key": "service",
-                                                        "regexValueRewrite": {
-                                                            "pattern": {
-                                                                "googleRe2": {},
-                                                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
-                                                            },
-                                                            "substitution": "\\5"
-                                                        }
-                                                    }
-                                                }
-                                            ]
-                                        }
-                                    },
-                                    {
-                                        "name": "envoy.filters.http.router",
-                                        "typedConfig": {
-                                            "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                                        }
-                                    }
-                                ],
-                                "tracing": {
-                                    "randomSampling": {}
-                                },
-                                "forwardClientCertDetails": "APPEND_FORWARD",
-                                "setCurrentClientCertDetails": {
-                                    "subject": true,
-                                    "cert": true,
-                                    "chain": true,
-                                    "dns": true,
-                                    "uri": true
-                                }
-                            }
-                        }
-                    ],
-                    "transportSocket": {
-                        "name": "tls",
-                        "typedConfig": {
-                            "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-                            "commonTlsContext": {
-                                "tlsParams": {},
-                                "tlsCertificates": [
-                                    {
-                                        "certificateChain": {
-                                            "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                                        },
-                                        "privateKey": {
-                                            "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                                        }
-                                    }
-                                ],
-                                "validationContext": {
-                                    "trustedCa": {
-                                        "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                                    }
-                                },
-                                "alpnProtocols": [
-                                    "http/1.1"
-                                ]
-                            },
-                            "requireClientCertificate": true
-                        }
-                    }
-                }
-            ],
-            "trafficDirection": "INBOUND"
-        }
-    ],
-    "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
-    "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/routes/http-local-ratelimit-applyto-filter.latest.golden b/agent/xds/testdata/builtin_extension/routes/http-local-ratelimit-applyto-filter.latest.golden
deleted file mode 100644
index d08109381030..000000000000
--- a/agent/xds/testdata/builtin_extension/routes/http-local-ratelimit-applyto-filter.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-    "versionInfo": "00000001",
-    "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-    "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/api/config_entry.go b/api/config_entry.go
index 125619b55d08..405e92ef2741 100644
--- a/api/config_entry.go
+++ b/api/config_entry.go
@@ -42,7 +42,6 @@ const (
 	BuiltinAWSLambdaExtension        string = "builtin/aws/lambda"
 	BuiltinExtAuthzExtension         string = "builtin/ext-authz"
 	BuiltinLuaExtension              string = "builtin/lua"
-	BuiltinLocalRatelimitExtension   string = "builtin/http/localratelimit"
 	BuiltinPropertyOverrideExtension string = "builtin/property-override"
 	BuiltinWasmExtension             string = "builtin/wasm"
 	// BuiltinValidateExtension should not be exposed directly or accepted as a valid configured
diff --git a/test/integration/connect/envoy/case-envoyext-ratelimit/capture.sh b/test/integration/connect/envoy/case-envoyext-ratelimit/capture.sh
deleted file mode 100644
index 5268305f8ff6..000000000000
--- a/test/integration/connect/envoy/case-envoyext-ratelimit/capture.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-
-snapshot_envoy_admin localhost:19000 s1 primary || true
-snapshot_envoy_admin localhost:19001 s2 primary || true
diff --git a/test/integration/connect/envoy/case-envoyext-ratelimit/service_s1.hcl b/test/integration/connect/envoy/case-envoyext-ratelimit/service_s1.hcl
deleted file mode 100644
index 6eaca129855b..000000000000
--- a/test/integration/connect/envoy/case-envoyext-ratelimit/service_s1.hcl
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-services {
-  name = "s1"
-  port = 8080
-  connect {
-    sidecar_service {
-      proxy {
-        upstreams = [
-          {
-            destination_name = "s2"
-            local_bind_port = 5000
-          }
-        ]
-      }
-    }
-  }
-}
diff --git a/test/integration/connect/envoy/case-envoyext-ratelimit/service_s2.hcl b/test/integration/connect/envoy/case-envoyext-ratelimit/service_s2.hcl
deleted file mode 100644
index c01f4b2fefe5..000000000000
--- a/test/integration/connect/envoy/case-envoyext-ratelimit/service_s2.hcl
+++ /dev/null
@@ -1,8 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-services {
-  name = "s2"
-  port = 8181
-  connect { sidecar_service {} }
-}
diff --git a/test/integration/connect/envoy/case-envoyext-ratelimit/setup.sh b/test/integration/connect/envoy/case-envoyext-ratelimit/setup.sh
deleted file mode 100644
index b096859a7046..000000000000
--- a/test/integration/connect/envoy/case-envoyext-ratelimit/setup.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-
-set -eEuo pipefail
-
-upsert_config_entry primary '
-Kind = "service-defaults"
-Name = "s2"
-Protocol = "http"
-EnvoyExtensions = [
-  {
-    Name = "builtin/http/localratelimit",
-    Arguments = {
-      ProxyType = "connect-proxy"
-      MaxTokens = 1,
-      TokensPerFill = 1,
-      FillInterval = 120,
-      FilterEnabled = 100,
-      FilterEnforced = 100,
-    }
-  }
-]
-'
-
-upsert_config_entry primary '
-Kind = "service-defaults"
-Name = "s1"
-Protocol = "tcp"
-EnvoyExtensions = [
-  {
-    Name = "builtin/http/localratelimit",
-    Arguments = {
-      ProxyType = "connect-proxy"
-      MaxTokens = 1,
-      TokensPerFill = 1,
-      FillInterval = 120,
-      FilterEnabled = 100,
-      FilterEnforced = 100,
-    }
-  }
-]
-'
-
-register_services primary
-
-gen_envoy_bootstrap s1 19000 primary
-gen_envoy_bootstrap s2 19001 primary
diff --git a/test/integration/connect/envoy/case-envoyext-ratelimit/vars.sh b/test/integration/connect/envoy/case-envoyext-ratelimit/vars.sh
deleted file mode 100644
index 091a358e13df..000000000000
--- a/test/integration/connect/envoy/case-envoyext-ratelimit/vars.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-
-export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy"
diff --git a/test/integration/connect/envoy/case-envoyext-ratelimit/verify.bats b/test/integration/connect/envoy/case-envoyext-ratelimit/verify.bats
deleted file mode 100644
index b8303348e135..000000000000
--- a/test/integration/connect/envoy/case-envoyext-ratelimit/verify.bats
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/usr/bin/env bats
-
-load helpers
-
-@test "s1 proxy admin is up on :19000" {
-  retry_default curl -f -s localhost:19000/stats -o /dev/null
-}
-
-@test "s2 proxy admin is up on :19001" {
-  retry_default curl -f -s localhost:19001/stats -o /dev/null
-}
-
-@test "s1 proxy listener should be up and have right cert" {
-  assert_proxy_presents_cert_uri localhost:21000 s1
-}
-
-@test "s2 proxy listener should be up and have right cert" {
-  assert_proxy_presents_cert_uri localhost:21001 s2
-}
-
-@test "s2 proxy should be healthy" {
-  assert_service_has_healthy_instances s2 1
-}
-
-@test "s1 upstream should have healthy endpoints for s2" {
-  assert_upstream_has_endpoints_in_status 127.0.0.1:19000 s2.default.primary HEALTHY 1
-}
-
-@test "s2 proxy should have been configured with http local ratelimit filters" {
-  HTTP_FILTERS=$(get_envoy_http_filters localhost:19001)
-  PUB=$(echo "$HTTP_FILTERS" | grep -E "^public_listener:" | cut -f 2 -d ' ')
-
-  echo "HTTP_FILTERS = $HTTP_FILTERS"
-  echo "PUB = $PUB"
-
-  [ "$PUB" = "envoy.filters.http.local_ratelimit,envoy.filters.http.rbac,envoy.filters.http.header_to_metadata,envoy.filters.http.router" ]
-}
-
-@test "s1(tcp) proxy should not be changed by http/localratelimit extension" {
-  TCP_FILTERS=$(get_envoy_listener_filters localhost:19000)
-  PUB=$(echo "$TCP_FILTERS" | grep -E "^public_listener:" | cut -f 2 -d ' ')
-
-  echo "TCP_FILTERS = $TCP_FILTERS"
-  echo "PUB = $PUB"
-
-  [ "$PUB" = "envoy.filters.network.rbac,envoy.filters.network.tcp_proxy" ]
-}
-
-@test "first connection to s2 - success" {
-  run retry_default curl -s -f -d hello localhost:5000
-  [ "$status" -eq 0 ]
-  [[ "$output" == *"hello"* ]]
-}
-
-@test "ratelimit to s2 is in effect - return code 429" {
-  retry_default must_fail_http_connection localhost:5000 429
-}

From 9ce89c497a58dcae74ffd9ed3ae0bfd9b932a938 Mon Sep 17 00:00:00 2001
From: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com>
Date: Fri, 30 Jun 2023 08:13:24 -0700
Subject: [PATCH 125/359] update doc (#17910)

* update doc

* update link
---
 website/content/commands/leave.mdx | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/website/content/commands/leave.mdx b/website/content/commands/leave.mdx
index 3dccedc7cc2b..8c3744cc287c 100644
--- a/website/content/commands/leave.mdx
+++ b/website/content/commands/leave.mdx
@@ -22,8 +22,13 @@ For nodes in server mode, the node is removed from the Raft peer set
 in a graceful manner. This is critical, as in certain situations a
 non-graceful leave can affect cluster availability.
 
-Running `consul leave` on a server explicitly will reduce the quorum size. Even if the cluster used `bootstrap_expect` to set a quorum size initially, issuing `consul leave` on a server will reconfigure the cluster to have fewer servers.
-This means you could end up with just one server that is still able to commit writes because quorum is only 1, but those writes might be lost if that server fails before more are added.
+Depending on how many Consul servers are running, running `consul leave` on a server explicitly can reduce the quorum
+size (which is derived from the number of Consul servers, see
+[deployment_table](/consul/docs/architecture/consensus#deployment_table)).
+Even if the cluster used `bootstrap_expect` to set a number of servers and thus quorum size initially,
+issuing `consul leave` on a server will reconfigure the cluster to have fewer servers.
+This means you could end up with just one server that is still able to commit writes because the quorum size for
+1-server setup is only 1, but those writes might be lost if that server fails before more are added.
 
 The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication). Configuration of
 [blocking queries](/consul/api-docs/features/blocking) and [agent caching](/consul/api-docs/features/caching)

From 0b1299c28d8127129d61310ee4280055298438e0 Mon Sep 17 00:00:00 2001
From: Chris Thain <32781396+cthain@users.noreply.github.com>
Date: Fri, 30 Jun 2023 09:39:54 -0700
Subject: [PATCH 126/359] Remove duplicate and unused newDecodeConfigEntry func
 (#17979)

---
 agent/structs/config_entry.go        |  2 +-
 command/config/write/config_write.go | 66 ----------------------------
 2 files changed, 1 insertion(+), 67 deletions(-)

diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go
index c18a8013b6d4..1b433502541e 100644
--- a/agent/structs/config_entry.go
+++ b/agent/structs/config_entry.go
@@ -574,7 +574,7 @@ func (e *ProxyConfigEntry) UnmarshalBinary(data []byte) error {
 // into a concrete type.
 //
 // There is an 'api' variation of this in
-// command/config/write/config_write.go:newDecodeConfigEntry
+// command/helpers/helpers.go:newDecodeConfigEntry
 func DecodeConfigEntry(raw map[string]interface{}) (ConfigEntry, error) {
 	var entry ConfigEntry
 
diff --git a/command/config/write/config_write.go b/command/config/write/config_write.go
index d6a0c188b8fa..d8e8aff20ad8 100644
--- a/command/config/write/config_write.go
+++ b/command/config/write/config_write.go
@@ -7,17 +7,12 @@ import (
 	"flag"
 	"fmt"
 	"io"
-	"time"
 
-	"github.com/hashicorp/go-multierror"
 	"github.com/mitchellh/cli"
-	"github.com/mitchellh/mapstructure"
 
-	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/command/config"
 	"github.com/hashicorp/consul/command/flags"
 	"github.com/hashicorp/consul/command/helpers"
-	"github.com/hashicorp/consul/lib/decode"
 )
 
 func New(ui cli.Ui) *cmd {
@@ -109,67 +104,6 @@ func (c *cmd) Run(args []string) int {
 	return 0
 }
 
-// There is a 'structs' variation of this in
-// agent/structs/config_entry.go:DecodeConfigEntry
-func newDecodeConfigEntry(raw map[string]interface{}) (api.ConfigEntry, error) {
-	var entry api.ConfigEntry
-
-	kindVal, ok := raw["Kind"]
-	if !ok {
-		kindVal, ok = raw["kind"]
-	}
-	if !ok {
-		return nil, fmt.Errorf("Payload does not contain a kind/Kind key at the top level")
-	}
-
-	if kindStr, ok := kindVal.(string); ok {
-		newEntry, err := api.MakeConfigEntry(kindStr, "")
-		if err != nil {
-			return nil, err
-		}
-		entry = newEntry
-	} else {
-		return nil, fmt.Errorf("Kind value in payload is not a string")
-	}
-
-	var md mapstructure.Metadata
-	decodeConf := &mapstructure.DecoderConfig{
-		DecodeHook: mapstructure.ComposeDecodeHookFunc(
-			decode.HookWeakDecodeFromSlice,
-			decode.HookTranslateKeys,
-			mapstructure.StringToTimeDurationHookFunc(),
-			mapstructure.StringToTimeHookFunc(time.RFC3339),
-		),
-		Metadata:         &md,
-		Result:           &entry,
-		WeaklyTypedInput: true,
-	}
-
-	decoder, err := mapstructure.NewDecoder(decodeConf)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := decoder.Decode(raw); err != nil {
-		return nil, err
-	}
-
-	for _, k := range md.Unused {
-		switch k {
-		case "kind", "Kind":
-			// The kind field is used to determine the target, but doesn't need
-			// to exist on the target.
-			continue
-		}
-		err = multierror.Append(err, fmt.Errorf("invalid config key %q", k))
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	return entry, nil
-}
-
 func (c *cmd) Synopsis() string {
 	return synopsis
 }

From f096fc53ca8843df234abffaefaa3cba9c20fbb1 Mon Sep 17 00:00:00 2001
From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Date: Fri, 30 Jun 2023 13:26:08 -0700
Subject: [PATCH 127/359] docs: samenessGroup YAML examples (#17984)

* configuration entry syntax

* Example config
---
 .../config-entries/exported-services.mdx      | 105 ++++++++++++++++++
 1 file changed, 105 insertions(+)

diff --git a/website/content/docs/connect/config-entries/exported-services.mdx b/website/content/docs/connect/config-entries/exported-services.mdx
index c7811d8d9b48..b9e89d9ad1c6 100644
--- a/website/content/docs/connect/config-entries/exported-services.mdx
+++ b/website/content/docs/connect/config-entries/exported-services.mdx
@@ -182,6 +182,60 @@ spec:
 ]
 ```
 
+</CodeTabs>
+</Tab>
+
+
+<Tab heading="Consul Enterprise (Sameness Group)">
+<CodeTabs heading="Exported services configuration syntax" tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
+
+```hcl
+Kind = "exported-services"
+Partition = "<partition containing services to export>"
+Name = "<partition containing services to export>"
+Services = [
+  {
+    Name = "<name of service to export>"
+    Namespace = "<namespace in the partition containing the service to export>"
+    Consumers = [
+      {
+        SamenessGroup = "<name of the sameness group that dials the exported service>"
+      }
+    ]
+  }
+]
+```
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ExportedServices
+metadata:
+  name: <partition containing services to export>
+spec:
+  services:
+    - name: <name of service to export>
+      namespace: <namespace in the partition containing the service to export>
+      consumers:
+        - samenessGroup: <name of the sameness group that dials the exported service>
+```
+
+```json
+"Kind": "exported-services",
+"Partition": "<partition containing services to export>",
+"Name": "<partition containing services to export>",
+"Services": [
+  {
+    "Name": "<name of service to export>",
+    "Namespace": "<namespace in the partition containing the service to export>"
+    "Consumers": [
+      {
+        "SamenessGroup": "<name of the sameness group that dials the exported service>"
+      }
+    ]
+  }
+]
+```
+
 </CodeTabs>
 </Tab>
 </Tabs>
@@ -456,6 +510,57 @@ spec:
 </Tab>
 </Tabs>
 
+### Exporting a service to a sameness group
+
+The following example configures Consul to export a service named `api` to a defined group of partitions that belong to a separately defined [sameness group](/consul/docs/connect/config-entries/sameness-group) named `monitoring`.
+
+<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
+
+```hcl
+Kind = "exported-services"
+Name = "default"
+
+Services = [
+  {
+    Name      = "api"
+    Consumers = [
+        {
+            SamenessGroup  = "monitoring"
+        }
+    ]
+  }
+]
+```
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+Kind: ExportedServices
+metadata:
+  name: default
+spec:
+  services:
+    - name: api
+      consumers:
+        - samenessGroup: monitoring
+```
+
+```json
+"Kind": "exported-services",
+  "Name": "default",
+  "Services": [
+    {
+      "Name": "api",
+      "Consumers": [
+        {
+          "SamenessGroup": "monitoring"
+        }
+      ]
+    }
+  ]
+```
+
+</CodeTabs>
+
 ### Exporting all services
 
 <Tabs>

From df85dd83a7a1f008ad3a100dbbcaae6709739975 Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Fri, 30 Jun 2023 16:29:47 -0400
Subject: [PATCH 128/359] Add changelog entry for 1.16.0 (#17987)

---
 CHANGELOG.md | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dc70d8b08abf..14435d09bb93 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,76 @@
+## 1.16.0 (June 26, 2023)
+
+BREAKING CHANGES:
+
+* api: The `/v1/health/connect/` and `/v1/health/ingress/` endpoints now immediately return 403 "Permission Denied" errors whenever a token with insufficient `service:read` permissions is provided. Prior to this change, the endpoints returned a success code with an empty result list when a token with insufficient permissions was provided. [[GH-17424](https://github.com/hashicorp/consul/issues/17424)]
+* peering: Removed deprecated backward-compatibility behavior.
+  Upstream overrides in service-defaults will now only apply to peer upstreams when the `peer` field is provided.
+  Visit the 1.16.x [upgrade instructions](https://developer.hashicorp.com/consul/docs/upgrading/upgrade-specific) for more information. [[GH-16957](https://github.com/hashicorp/consul/issues/16957)]
+
+SECURITY:
+
+* Bump Dockerfile base image to `alpine:3.18`. [[GH-17719](https://github.com/hashicorp/consul/issues/17719)]
+* audit-logging: **(Enterprise only)** limit `v1/operator/audit-hash` endpoint to ACL token with `operator:read` privileges.
+
+FEATURES:
+
+* api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt.
+* cli: (Enterprise only) Add a new `consul operator audit hash` command to retrieve and compare the hash of the data used by the audit log hash function and salt.
+* cli: Adds new command - `consul services export` - for exporting a service to a peer or partition [[GH-15654](https://github.com/hashicorp/consul/issues/15654)]
+* connect: **(Consul Enterprise only)** Implement order-by-locality failover.
+* mesh: Add new permissive mTLS mode that allows sidecar proxies to forward incoming traffic unmodified to the application. This adds `AllowEnablingPermissiveMutualTLS` setting to the mesh config entry and the `MutualTLSMode` setting to proxy-defaults and service-defaults. [[GH-17035](https://github.com/hashicorp/consul/issues/17035)]
+* mesh: Support configuring JWT authentication in Envoy. [[GH-17452](https://github.com/hashicorp/consul/issues/17452)]
+* server: **(Enterprise Only)** added server side RPC requests IP based read/write rate-limiter. [[GH-4633](https://github.com/hashicorp/consul/issues/4633)]
+* server: **(Enterprise Only)** allow automatic license utilization reporting. [[GH-5102](https://github.com/hashicorp/consul/issues/5102)]
+* server: added server side RPC requests global read/write rate-limiter. [[GH-16292](https://github.com/hashicorp/consul/issues/16292)]
+* xds: Add `property-override` built-in Envoy extension that directly patches Envoy resources. [[GH-17487](https://github.com/hashicorp/consul/issues/17487)]
+* xds: Add a built-in Envoy extension that inserts External Authorization (ext_authz) network and HTTP filters. [[GH-17495](https://github.com/hashicorp/consul/issues/17495)]
+* xds: Add a built-in Envoy extension that inserts Wasm HTTP filters. [[GH-16877](https://github.com/hashicorp/consul/issues/16877)]
+* xds: Add a built-in Envoy extension that inserts Wasm network filters. [[GH-17505](https://github.com/hashicorp/consul/issues/17505)]
+
+IMPROVEMENTS:
+
+* * api: Support filtering for config entries. [[GH-17183](https://github.com/hashicorp/consul/issues/17183)]
+* * cli: Add `-filter` option to `consul config list` for filtering config entries. [[GH-17183](https://github.com/hashicorp/consul/issues/17183)]
+* agent: remove agent cache dependency from service mesh leaf certificate management [[GH-17075](https://github.com/hashicorp/consul/issues/17075)]
+* api: Enable setting query options on agent force-leave endpoint. [[GH-15987](https://github.com/hashicorp/consul/issues/15987)]
+* audit-logging: **(Enterprise only)** enable error response and request body logging
+* ca: automatically set up Vault's auto-tidy setting for tidy_expired_issuers when using Vault as a CA provider. [[GH-17138](https://github.com/hashicorp/consul/issues/17138)]
+* ca: support Vault agent auto-auth config for Vault CA provider using AliCloud authentication. [[GH-16224](https://github.com/hashicorp/consul/issues/16224)]
+* ca: support Vault agent auto-auth config for Vault CA provider using AppRole authentication. [[GH-16259](https://github.com/hashicorp/consul/issues/16259)]
+* ca: support Vault agent auto-auth config for Vault CA provider using Azure MSI authentication. [[GH-16298](https://github.com/hashicorp/consul/issues/16298)]
+* ca: support Vault agent auto-auth config for Vault CA provider using JWT authentication. [[GH-16266](https://github.com/hashicorp/consul/issues/16266)]
+* ca: support Vault agent auto-auth config for Vault CA provider using Kubernetes authentication. [[GH-16262](https://github.com/hashicorp/consul/issues/16262)]
+* command: Adds ACL enabled to status output on agent startup. [[GH-17086](https://github.com/hashicorp/consul/issues/17086)]
+* command: Allow creating ACL Token TTL with greater than 24 hours with the -expires-ttl flag. [[GH-17066](https://github.com/hashicorp/consul/issues/17066)]
+* connect: **(Enterprise Only)** Add support for specifying "Partition" and "Namespace" in Prepared Queries failover rules.
+* connect: update supported envoy versions to 1.23.10, 1.24.8, 1.25.7, 1.26.2 [[GH-17546](https://github.com/hashicorp/consul/issues/17546)]
+* connect: update supported envoy versions to 1.23.8, 1.24.6, 1.25.4, 1.26.0 [[GH-5200](https://github.com/hashicorp/consul/issues/5200)]
+* fix metric names in /docs/agent/telemetry [[GH-17577](https://github.com/hashicorp/consul/issues/17577)]
+* gateway: Change status condition reason for invalid certificate on a listener from "Accepted" to "ResolvedRefs". [[GH-17115](https://github.com/hashicorp/consul/issues/17115)]
+* http: accept query parameters `datacenter`, `ap` (enterprise-only), and `namespace` (enterprise-only). Both short-hand and long-hand forms of these query params are now supported via the HTTP API (dc/datacenter, ap/partition, ns/namespace). [[GH-17525](https://github.com/hashicorp/consul/issues/17525)]
+* systemd: set service type to notify. [[GH-16845](https://github.com/hashicorp/consul/issues/16845)]
+* ui: Update alerts to Hds::Alert component [[GH-16412](https://github.com/hashicorp/consul/issues/16412)]
+* ui: Update to use Hds::Toast component to show notifications [[GH-16519](https://github.com/hashicorp/consul/issues/16519)]
+* ui: update from <button> and <a> to design-system-components button <Hds::Button> [[GH-16251](https://github.com/hashicorp/consul/issues/16251)]
+* ui: update typography to styles from hds [[GH-16577](https://github.com/hashicorp/consul/issues/16577)]
+
+BUG FIXES:
+
+* Fix a race condition where an event is published before the data associated is commited to memdb. [[GH-16871](https://github.com/hashicorp/consul/issues/16871)]
+* connect: Fix issue where changes to service exports were not reflected in proxies. [[GH-17775](https://github.com/hashicorp/consul/issues/17775)]
+* gateways: **(Enterprise only)** Fixed a bug in API gateways where gateway configuration objects in non-default partitions did not reconcile properly. [[GH-17581](https://github.com/hashicorp/consul/issues/17581)]
+* gateways: Fixed a bug in API gateways where binding a route that only targets a service imported from a peer results
+  in the programmed gateway having no routes. [[GH-17609](https://github.com/hashicorp/consul/issues/17609)]
+* gateways: Fixed a bug where API gateways were not being taken into account in determining xDS rate limits. [[GH-17631](https://github.com/hashicorp/consul/issues/17631)]
+* namespaces: **(Enterprise only)** fixes a bug where agent health checks stop syncing for all services on a node if the namespace of any service has been removed from the server.
+* namespaces: **(Enterprise only)** fixes a bug where namespaces are stuck in a deferred deletion state indefinitely under some conditions.
+  Also fixes the Consul query metadata present in the HTTP headers of the namespace read and list endpoints.
+* peering: Fix a bug that caused server agents to continue cleaning up peering resources even after loss of leadership. [[GH-17483](https://github.com/hashicorp/consul/issues/17483)]
+* peering: Fixes a bug where the importing partition was not added to peered failover targets, which causes issues when the importing partition is a non-default partition. [[GH-16673](https://github.com/hashicorp/consul/issues/16673)]
+* ui: fixes ui tests run on CI [[GH-16428](https://github.com/hashicorp/consul/issues/16428)]
+* xds: Fixed a bug where modifying ACLs on a token being actively used for an xDS connection caused all xDS updates to fail. [[GH-17566](https://github.com/hashicorp/consul/issues/17566)]
+
 ## 1.15.4 (June 26, 2023)
 FEATURES:
 

From dc6ea1b644a43fcd18dd437c35c19bf178b5fbeb Mon Sep 17 00:00:00 2001
From: Evan Phoenix <evan@phx.io>
Date: Sat, 1 Jul 2023 03:55:28 +0200
Subject: [PATCH 129/359] Fix typo (#17198)

servcies => services
---
 .../services/configuration/services-configuration-reference.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/services/configuration/services-configuration-reference.mdx b/website/content/docs/services/configuration/services-configuration-reference.mdx
index 95f01e16ff73..4614a4b26808 100644
--- a/website/content/docs/services/configuration/services-configuration-reference.mdx
+++ b/website/content/docs/services/configuration/services-configuration-reference.mdx
@@ -404,7 +404,7 @@ String value that specifies the namespace in which to register the service. Refe
 
 ## Multiple service definitions
 
-You can define multiple services in a single definition file in the `servcies` block.  This enables you register multiple services in a single command. Note that the HTTP API does not support the `services` block.
+You can define multiple services in a single definition file in the `services` block.  This enables you register multiple services in a single command. Note that the HTTP API does not support the `services` block.
 
 <CodeTabs tabs={[ "HCL", "JSON" ]}>
 

From 80394278b814893d4abc4f2d101a7f3cb88bbcc4 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Tue, 4 Jul 2023 09:12:06 -0400
Subject: [PATCH 130/359] Expose JWKS cluster config through
 JWTProviderConfigEntry (#17978)

* Expose JWKS cluster config through JWTProviderConfigEntry

* fix typos, rename trustedCa to trustedCA
---
 .changelog/17978.txt                          |   3 +
 agent/proxycfg/proxycfg.deepcopy.go           |  20 +
 agent/structs/config_entry_jwt_provider.go    | 137 ++-
 .../structs/config_entry_jwt_provider_test.go |  87 +-
 agent/xds/clusters.go                         |  89 +-
 agent/xds/clusters_test.go                    |  93 ++
 ...ttp-provider-with-hostname-and-port.golden |   3 +-
 ...http-provider-with-hostname-no-port.golden |   3 +-
 .../http-provider-with-ip-and-port.golden     |   3 +-
 .../http-provider-with-ip-no-port.golden      |   3 +-
 ...tps-provider-with-hostname-and-port.golden |   9 +-
 ...ttps-provider-with-hostname-no-port.golden |   9 +-
 .../https-provider-with-ip-and-port.golden    |   9 +-
 .../https-provider-with-ip-no-port.golden     |   9 +-
 api/config_entry_jwt_provider.go              |  73 ++
 api/config_entry_jwt_provider_test.go         |  16 +-
 .../private/pbconfigentry/config_entry.gen.go |  96 ++
 .../pbconfigentry/config_entry.pb.binary.go   |  40 +
 .../private/pbconfigentry/config_entry.pb.go  | 959 ++++++++++++------
 .../private/pbconfigentry/config_entry.proto  |  45 +
 20 files changed, 1384 insertions(+), 322 deletions(-)
 create mode 100644 .changelog/17978.txt

diff --git a/.changelog/17978.txt b/.changelog/17978.txt
new file mode 100644
index 000000000000..81d5a648da1f
--- /dev/null
+++ b/.changelog/17978.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+mesh: Expose remote jwks cluster configuration through jwt-provider config entry
+```
\ No newline at end of file
diff --git a/agent/proxycfg/proxycfg.deepcopy.go b/agent/proxycfg/proxycfg.deepcopy.go
index 350f76bf0800..d6f11319169a 100644
--- a/agent/proxycfg/proxycfg.deepcopy.go
+++ b/agent/proxycfg/proxycfg.deepcopy.go
@@ -58,6 +58,26 @@ func (o *ConfigSnapshot) DeepCopy() *ConfigSnapshot {
 								*cp_JWTProviders_v2.JSONWebKeySet.Remote.RetryPolicy.RetryPolicyBackOff = *v2.JSONWebKeySet.Remote.RetryPolicy.RetryPolicyBackOff
 							}
 						}
+						if v2.JSONWebKeySet.Remote.JWKSCluster != nil {
+							cp_JWTProviders_v2.JSONWebKeySet.Remote.JWKSCluster = new(structs.JWKSCluster)
+							*cp_JWTProviders_v2.JSONWebKeySet.Remote.JWKSCluster = *v2.JSONWebKeySet.Remote.JWKSCluster
+							if v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates != nil {
+								cp_JWTProviders_v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates = new(structs.JWKSTLSCertificate)
+								*cp_JWTProviders_v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates = *v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates
+								if v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.CaCertificateProviderInstance != nil {
+									cp_JWTProviders_v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.CaCertificateProviderInstance = new(structs.JWKSTLSCertProviderInstance)
+									*cp_JWTProviders_v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.CaCertificateProviderInstance = *v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.CaCertificateProviderInstance
+								}
+								if v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.TrustedCA != nil {
+									cp_JWTProviders_v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.TrustedCA = new(structs.JWKSTLSCertTrustedCA)
+									*cp_JWTProviders_v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.TrustedCA = *v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.TrustedCA
+									if v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.TrustedCA.InlineBytes != nil {
+										cp_JWTProviders_v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.TrustedCA.InlineBytes = make([]byte, len(v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.TrustedCA.InlineBytes))
+										copy(cp_JWTProviders_v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.TrustedCA.InlineBytes, v2.JSONWebKeySet.Remote.JWKSCluster.TLSCertificates.TrustedCA.InlineBytes)
+									}
+								}
+							}
+						}
 					}
 				}
 				if v2.Audiences != nil {
diff --git a/agent/structs/config_entry_jwt_provider.go b/agent/structs/config_entry_jwt_provider.go
index fc0c73950b76..cc9a37be0c48 100644
--- a/agent/structs/config_entry_jwt_provider.go
+++ b/agent/structs/config_entry_jwt_provider.go
@@ -15,6 +15,12 @@ import (
 
 const (
 	DefaultClockSkewSeconds = 30
+
+	DiscoveryTypeStrictDNS   ClusterDiscoveryType = "STRICT_DNS"
+	DiscoveryTypeStatic      ClusterDiscoveryType = "STATIC"
+	DiscoveryTypeLogicalDNS  ClusterDiscoveryType = "LOGICAL_DNS"
+	DiscoveryTypeEDS         ClusterDiscoveryType = "EDS"
+	DiscoveryTypeOriginalDST ClusterDiscoveryType = "ORIGINAL_DST"
 )
 
 type JWTProviderConfigEntry struct {
@@ -97,7 +103,7 @@ func (location *JWTLocation) Validate() error {
 	hasCookie := location.Cookie != nil
 
 	if countTrue(hasHeader, hasQueryParam, hasCookie) != 1 {
-		return fmt.Errorf("Must set exactly one of: JWT location header, query param or cookie")
+		return fmt.Errorf("must set exactly one of: JWT location header, query param or cookie")
 	}
 
 	if hasHeader {
@@ -205,7 +211,7 @@ func (ks *LocalJWKS) Validate() error {
 	hasJWKS := ks.JWKS != ""
 
 	if countTrue(hasFilename, hasJWKS) != 1 {
-		return fmt.Errorf("Must specify exactly one of String or filename for local keyset")
+		return fmt.Errorf("must specify exactly one of String or filename for local keyset")
 	}
 
 	if hasJWKS {
@@ -245,6 +251,9 @@ type RemoteJWKS struct {
 	//
 	// There is no retry by default.
 	RetryPolicy *JWKSRetryPolicy `json:",omitempty" alias:"retry_policy"`
+
+	// JWKSCluster defines how the specified Remote JWKS URI is to be fetched.
+	JWKSCluster *JWKSCluster `json:",omitempty" alias:"jwks_cluster"`
 }
 
 func (ks *RemoteJWKS) Validate() error {
@@ -257,9 +266,127 @@ func (ks *RemoteJWKS) Validate() error {
 	}
 
 	if ks.RetryPolicy != nil && ks.RetryPolicy.RetryPolicyBackOff != nil {
-		return ks.RetryPolicy.RetryPolicyBackOff.Validate()
+		err := ks.RetryPolicy.RetryPolicyBackOff.Validate()
+		if err != nil {
+			return err
+		}
 	}
 
+	if ks.JWKSCluster != nil {
+		return ks.JWKSCluster.Validate()
+	}
+
+	return nil
+}
+
+type JWKSCluster struct {
+	// DiscoveryType refers to the service discovery type to use for resolving the cluster.
+	//
+	// This defaults to STRICT_DNS.
+	// Other options include STATIC, LOGICAL_DNS, EDS or ORIGINAL_DST.
+	DiscoveryType ClusterDiscoveryType `json:",omitempty" alias:"discovery_type"`
+
+	// TLSCertificates refers to the data containing certificate authority certificates to use
+	// in verifying a presented peer certificate.
+	// If not specified and a peer certificate is presented it will not be verified.
+	//
+	// Must be either CaCertificateProviderInstance or TrustedCA.
+	TLSCertificates *JWKSTLSCertificate `json:",omitempty" alias:"tls_certificates"`
+
+	// The timeout for new network connections to hosts in the cluster.
+	// If not set, a default value of 5s will be used.
+	ConnectTimeout time.Duration `json:",omitempty" alias:"connect_timeout"`
+}
+
+type ClusterDiscoveryType string
+
+func (d ClusterDiscoveryType) Validate() error {
+	switch d {
+	case DiscoveryTypeStatic, DiscoveryTypeStrictDNS, DiscoveryTypeLogicalDNS, DiscoveryTypeEDS, DiscoveryTypeOriginalDST:
+		return nil
+	default:
+		return fmt.Errorf("unsupported jwks cluster discovery type: %q", d)
+	}
+}
+
+func (c *JWKSCluster) Validate() error {
+	if c.DiscoveryType != "" {
+		err := c.DiscoveryType.Validate()
+		if err != nil {
+			return err
+		}
+	}
+
+	if c.TLSCertificates != nil {
+		return c.TLSCertificates.Validate()
+	}
+	return nil
+}
+
+// JWKSTLSCertificate refers to the data containing certificate authority certificates to use
+// in verifying a presented peer certificate.
+// If not specified and a peer certificate is presented it will not be verified.
+//
+// Must be either CaCertificateProviderInstance or TrustedCA.
+type JWKSTLSCertificate struct {
+	// CaCertificateProviderInstance Certificate provider instance for fetching TLS certificates.
+	CaCertificateProviderInstance *JWKSTLSCertProviderInstance `json:",omitempty" alias:"ca_certificate_provider_instance"`
+
+	// TrustedCA defines TLS certificate data containing certificate authority certificates
+	// to use in verifying a presented peer certificate.
+	//
+	// Exactly one of Filename, EnvironmentVariable, InlineString or InlineBytes must be specified.
+	TrustedCA *JWKSTLSCertTrustedCA `json:",omitempty" alias:"trusted_ca"`
+}
+
+func (c *JWKSTLSCertificate) Validate() error {
+	hasProviderInstance := c.CaCertificateProviderInstance != nil
+	hasTrustedCA := c.TrustedCA != nil
+
+	if countTrue(hasProviderInstance, hasTrustedCA) != 1 {
+		return fmt.Errorf("must specify exactly one of: CaCertificateProviderInstance or TrustedCA for JKWS' TLSCertificates")
+	}
+
+	if c.TrustedCA != nil {
+		return c.TrustedCA.Validate()
+	}
+	return nil
+}
+
+type JWKSTLSCertProviderInstance struct {
+	// InstanceName refers to the certificate provider instance name
+	//
+	// The default value is "default".
+	InstanceName string `json:",omitempty" alias:"instance_name"`
+
+	// CertificateName is used to specify certificate instances or types. For example, "ROOTCA" to specify
+	// a root-certificate (validation context) or "example.com" to specify a certificate for a
+	// particular domain.
+	//
+	// The default value is the empty string.
+	CertificateName string `json:",omitempty" alias:"certificate_name"`
+}
+
+// JWKSTLSCertTrustedCA defines TLS certificate data containing certificate authority certificates
+// to use in verifying a presented peer certificate.
+//
+// Exactly one of Filename, EnvironmentVariable, InlineString or InlineBytes must be specified.
+type JWKSTLSCertTrustedCA struct {
+	Filename            string `json:",omitempty" alias:"filename"`
+	EnvironmentVariable string `json:",omitempty" alias:"environment_variable"`
+	InlineString        string `json:",omitempty" alias:"inline_string"`
+	InlineBytes         []byte `json:",omitempty" alias:"inline_bytes"`
+}
+
+func (c *JWKSTLSCertTrustedCA) Validate() error {
+	hasFilename := c.Filename != ""
+	hasEnv := c.EnvironmentVariable != ""
+	hasInlineBytes := len(c.InlineBytes) > 0
+	hasInlineString := c.InlineString != ""
+
+	if countTrue(hasFilename, hasEnv, hasInlineString, hasInlineBytes) != 1 {
+		return fmt.Errorf("must specify exactly one of: Filename, EnvironmentVariable, InlineString or InlineBytes for JWKS' TrustedCA")
+	}
 	return nil
 }
 
@@ -293,7 +420,7 @@ type RetryPolicyBackOff struct {
 func (r *RetryPolicyBackOff) Validate() error {
 
 	if (r.MaxInterval != 0) && (r.BaseInterval > r.MaxInterval) {
-		return fmt.Errorf("Retry policy backoff's MaxInterval should be greater or equal to BaseInterval")
+		return fmt.Errorf("retry policy backoff's MaxInterval should be greater or equal to BaseInterval")
 	}
 
 	return nil
@@ -339,7 +466,7 @@ func (jwks *JSONWebKeySet) Validate() error {
 	hasRemoteKeySet := jwks.Remote != nil
 
 	if countTrue(hasLocalKeySet, hasRemoteKeySet) != 1 {
-		return fmt.Errorf("Must specify exactly one of Local or Remote JSON Web key set")
+		return fmt.Errorf("must specify exactly one of Local or Remote JSON Web key set")
 	}
 
 	if hasRemoteKeySet {
diff --git a/agent/structs/config_entry_jwt_provider_test.go b/agent/structs/config_entry_jwt_provider_test.go
index c02becc2a13d..a63507663ce4 100644
--- a/agent/structs/config_entry_jwt_provider_test.go
+++ b/agent/structs/config_entry_jwt_provider_test.go
@@ -22,6 +22,7 @@ func newTestAuthz(t *testing.T, src string) acl.Authorizer {
 
 var tenSeconds time.Duration = 10 * time.Second
 var hundredSeconds time.Duration = 100 * time.Second
+var connectTimeout = time.Duration(5) * time.Second
 
 func TestJWTProviderConfigEntry_ValidateAndNormalize(t *testing.T) {
 	defaultMeta := DefaultEnterpriseMetaInDefaultPartition()
@@ -113,7 +114,7 @@ func TestJWTProviderConfigEntry_ValidateAndNormalize(t *testing.T) {
 				Name:          "okta",
 				JSONWebKeySet: &JSONWebKeySet{},
 			},
-			validateErr: "Must specify exactly one of Local or Remote JSON Web key set",
+			validateErr: "must specify exactly one of Local or Remote JSON Web key set",
 		},
 		"invalid jwt-provider - local jwks with non-encoded base64 jwks": {
 			entry: &JWTProviderConfigEntry{
@@ -138,7 +139,7 @@ func TestJWTProviderConfigEntry_ValidateAndNormalize(t *testing.T) {
 					Remote: &RemoteJWKS{},
 				},
 			},
-			validateErr: "Must specify exactly one of Local or Remote JSON Web key set",
+			validateErr: "must specify exactly one of Local or Remote JSON Web key set",
 		},
 		"invalid jwt-provider - local jwks string and filename both set": {
 			entry: &JWTProviderConfigEntry{
@@ -151,7 +152,7 @@ func TestJWTProviderConfigEntry_ValidateAndNormalize(t *testing.T) {
 					},
 				},
 			},
-			validateErr: "Must specify exactly one of String or filename for local keyset",
+			validateErr: "must specify exactly one of String or filename for local keyset",
 		},
 		"invalid jwt-provider - remote jwks missing uri": {
 			entry: &JWTProviderConfigEntry{
@@ -202,7 +203,7 @@ func TestJWTProviderConfigEntry_ValidateAndNormalize(t *testing.T) {
 					},
 				},
 			},
-			validateErr: "Must set exactly one of: JWT location header, query param or cookie",
+			validateErr: "must set exactly one of: JWT location header, query param or cookie",
 		},
 		"invalid jwt-provider - Remote JWKS retry policy maxinterval < baseInterval": {
 			entry: &JWTProviderConfigEntry{
@@ -221,7 +222,63 @@ func TestJWTProviderConfigEntry_ValidateAndNormalize(t *testing.T) {
 					},
 				},
 			},
-			validateErr: "Retry policy backoff's MaxInterval should be greater or equal to BaseInterval",
+			validateErr: "retry policy backoff's MaxInterval should be greater or equal to BaseInterval",
+		},
+		"invalid jwt-provider - Remote JWKS cluster wrong discovery type": {
+			entry: &JWTProviderConfigEntry{
+				Kind: JWTProvider,
+				Name: "okta",
+				JSONWebKeySet: &JSONWebKeySet{
+					Remote: &RemoteJWKS{
+						FetchAsynchronously: true,
+						URI:                 "https://example.com/.well-known/jwks.json",
+						JWKSCluster: &JWKSCluster{
+							DiscoveryType: "FAKE",
+						},
+					},
+				},
+			},
+			validateErr: "unsupported jwks cluster discovery type: \"FAKE\"",
+		},
+		"invalid jwt-provider - Remote JWKS cluster with both trustedCa and provider instance": {
+			entry: &JWTProviderConfigEntry{
+				Kind: JWTProvider,
+				Name: "okta",
+				JSONWebKeySet: &JSONWebKeySet{
+					Remote: &RemoteJWKS{
+						FetchAsynchronously: true,
+						URI:                 "https://example.com/.well-known/jwks.json",
+						JWKSCluster: &JWKSCluster{
+							TLSCertificates: &JWKSTLSCertificate{
+								TrustedCA:                     &JWKSTLSCertTrustedCA{},
+								CaCertificateProviderInstance: &JWKSTLSCertProviderInstance{},
+							},
+						},
+					},
+				},
+			},
+			validateErr: "must specify exactly one of: CaCertificateProviderInstance or TrustedCA for JKWS' TLSCertificates",
+		},
+		"invalid jwt-provider - Remote JWKS cluster with multiple trustedCa options": {
+			entry: &JWTProviderConfigEntry{
+				Kind: JWTProvider,
+				Name: "okta",
+				JSONWebKeySet: &JSONWebKeySet{
+					Remote: &RemoteJWKS{
+						FetchAsynchronously: true,
+						URI:                 "https://example.com/.well-known/jwks.json",
+						JWKSCluster: &JWKSCluster{
+							TLSCertificates: &JWKSTLSCertificate{
+								TrustedCA: &JWKSTLSCertTrustedCA{
+									Filename:     "myfile.cert",
+									InlineString: "*****",
+								},
+							},
+						},
+					},
+				},
+			},
+			validateErr: "must specify exactly one of: Filename, EnvironmentVariable, InlineString or InlineBytes for JWKS' TrustedCA",
 		},
 		"invalid jwt-provider - JWT location with 2 fields": {
 			entry: &JWTProviderConfigEntry{
@@ -244,7 +301,7 @@ func TestJWTProviderConfigEntry_ValidateAndNormalize(t *testing.T) {
 					},
 				},
 			},
-			validateErr: "Must set exactly one of: JWT location header, query param or cookie",
+			validateErr: "must set exactly one of: JWT location header, query param or cookie",
 		},
 		"valid jwt-provider - with all possible fields": {
 			entry: &JWTProviderConfigEntry{
@@ -265,6 +322,15 @@ func TestJWTProviderConfigEntry_ValidateAndNormalize(t *testing.T) {
 								MaxInterval:  hundredSeconds,
 							},
 						},
+						JWKSCluster: &JWKSCluster{
+							DiscoveryType:  "STATIC",
+							ConnectTimeout: connectTimeout,
+							TLSCertificates: &JWKSTLSCertificate{
+								TrustedCA: &JWKSTLSCertTrustedCA{
+									Filename: "myfile.cert",
+								},
+							},
+						},
 					},
 				},
 				Forwarding: &JWTForwardingConfig{
@@ -297,6 +363,15 @@ func TestJWTProviderConfigEntry_ValidateAndNormalize(t *testing.T) {
 								MaxInterval:  hundredSeconds,
 							},
 						},
+						JWKSCluster: &JWKSCluster{
+							DiscoveryType:  "STATIC",
+							ConnectTimeout: connectTimeout,
+							TLSCertificates: &JWKSTLSCertificate{
+								TrustedCA: &JWKSTLSCertTrustedCA{
+									Filename: "myfile.cert",
+								},
+							},
+						},
 					},
 				},
 				Forwarding: &JWTForwardingConfig{
diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go
index 68ae4643b410..dc8245627b0c 100644
--- a/agent/xds/clusters.go
+++ b/agent/xds/clusters.go
@@ -211,13 +211,9 @@ func makeJWTProviderCluster(p *structs.JWTProviderConfigEntry) (*envoy_cluster_v
 		return nil, err
 	}
 
-	// TODO: expose additional fields: eg. ConnectTimeout, through
-	// JWTProviderConfigEntry to allow user to configure cluster
 	cluster := &envoy_cluster_v3.Cluster{
-		Name: makeJWKSClusterName(p.Name),
-		ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{
-			Type: envoy_cluster_v3.Cluster_STRICT_DNS,
-		},
+		Name:                 makeJWKSClusterName(p.Name),
+		ClusterDiscoveryType: makeJWKSDiscoveryClusterType(p.JSONWebKeySet.Remote),
 		LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{
 			ClusterName: makeJWKSClusterName(p.Name),
 			Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{
@@ -230,14 +226,19 @@ func makeJWTProviderCluster(p *structs.JWTProviderConfigEntry) (*envoy_cluster_v
 		},
 	}
 
+	if c := p.JSONWebKeySet.Remote.JWKSCluster; c != nil {
+		connectTimeout := int64(c.ConnectTimeout / time.Second)
+		if connectTimeout > 0 {
+			cluster.ConnectTimeout = &durationpb.Duration{Seconds: connectTimeout}
+		}
+	}
+
 	if scheme == "https" {
-		// TODO: expose this configuration through JWTProviderConfigEntry to allow
-		// user to configure certs
 		jwksTLSContext, err := makeUpstreamTLSTransportSocket(
 			&envoy_tls_v3.UpstreamTlsContext{
 				CommonTlsContext: &envoy_tls_v3.CommonTlsContext{
 					ValidationContextType: &envoy_tls_v3.CommonTlsContext_ValidationContext{
-						ValidationContext: &envoy_tls_v3.CertificateValidationContext{},
+						ValidationContext: makeJWTCertValidationContext(p.JSONWebKeySet.Remote.JWKSCluster),
 					},
 				},
 			},
@@ -251,6 +252,76 @@ func makeJWTProviderCluster(p *structs.JWTProviderConfigEntry) (*envoy_cluster_v
 	return cluster, nil
 }
 
+func makeJWKSDiscoveryClusterType(r *structs.RemoteJWKS) *envoy_cluster_v3.Cluster_Type {
+	ct := &envoy_cluster_v3.Cluster_Type{}
+	if r == nil || r.JWKSCluster == nil {
+		return ct
+	}
+
+	switch r.JWKSCluster.DiscoveryType {
+	case structs.DiscoveryTypeStatic:
+		ct.Type = envoy_cluster_v3.Cluster_STATIC
+	case structs.DiscoveryTypeLogicalDNS:
+		ct.Type = envoy_cluster_v3.Cluster_LOGICAL_DNS
+	case structs.DiscoveryTypeEDS:
+		ct.Type = envoy_cluster_v3.Cluster_EDS
+	case structs.DiscoveryTypeOriginalDST:
+		ct.Type = envoy_cluster_v3.Cluster_ORIGINAL_DST
+	case structs.DiscoveryTypeStrictDNS:
+		fallthrough // default case so uses the default option
+	default:
+		ct.Type = envoy_cluster_v3.Cluster_STRICT_DNS
+	}
+	return ct
+}
+
+func makeJWTCertValidationContext(p *structs.JWKSCluster) *envoy_tls_v3.CertificateValidationContext {
+	vc := &envoy_tls_v3.CertificateValidationContext{}
+	if p == nil || p.TLSCertificates == nil {
+		return vc
+	}
+
+	if tc := p.TLSCertificates.TrustedCA; tc != nil {
+		vc.TrustedCa = &envoy_core_v3.DataSource{}
+		if tc.Filename != "" {
+			vc.TrustedCa.Specifier = &envoy_core_v3.DataSource_Filename{
+				Filename: tc.Filename,
+			}
+		}
+
+		if tc.EnvironmentVariable != "" {
+			vc.TrustedCa.Specifier = &envoy_core_v3.DataSource_EnvironmentVariable{
+				EnvironmentVariable: tc.EnvironmentVariable,
+			}
+		}
+
+		if tc.InlineString != "" {
+			vc.TrustedCa.Specifier = &envoy_core_v3.DataSource_InlineString{
+				InlineString: tc.InlineString,
+			}
+		}
+
+		if len(tc.InlineBytes) > 0 {
+			vc.TrustedCa.Specifier = &envoy_core_v3.DataSource_InlineBytes{
+				InlineBytes: tc.InlineBytes,
+			}
+		}
+	}
+
+	if pi := p.TLSCertificates.CaCertificateProviderInstance; pi != nil {
+		vc.CaCertificateProviderInstance = &envoy_tls_v3.CertificateProviderPluginInstance{}
+		if pi.InstanceName != "" {
+			vc.CaCertificateProviderInstance.InstanceName = pi.InstanceName
+		}
+
+		if pi.CertificateName != "" {
+			vc.CaCertificateProviderInstance.CertificateName = pi.CertificateName
+		}
+	}
+
+	return vc
+}
+
 // parseJWTRemoteURL splits the URI into domain, scheme and port.
 // It will default to port 80 for http and 443 for https for any
 // URI that does not specify a port.
diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
index 446f0ae24776..df1ce79bf8a5 100644
--- a/agent/xds/clusters_test.go
+++ b/agent/xds/clusters_test.go
@@ -1037,8 +1037,101 @@ func makeTestProviderWithJWKS(uri string) *structs.JWTProviderConfigEntry {
 				RequestTimeoutMs:    1000,
 				FetchAsynchronously: true,
 				URI:                 uri,
+				JWKSCluster: &structs.JWKSCluster{
+					DiscoveryType:  structs.DiscoveryTypeStatic,
+					ConnectTimeout: time.Duration(5) * time.Second,
+					TLSCertificates: &structs.JWKSTLSCertificate{
+						TrustedCA: &structs.JWKSTLSCertTrustedCA{
+							Filename: "mycert.crt",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func TestMakeJWKSDiscoveryClusterType(t *testing.T) {
+	tests := map[string]struct {
+		remoteJWKS          *structs.RemoteJWKS
+		expectedClusterType *envoy_cluster_v3.Cluster_Type
+	}{
+		"nil remote jwks": {
+			remoteJWKS:          nil,
+			expectedClusterType: &envoy_cluster_v3.Cluster_Type{},
+		},
+		"nil jwks cluster": {
+			remoteJWKS:          &structs.RemoteJWKS{},
+			expectedClusterType: &envoy_cluster_v3.Cluster_Type{},
+		},
+		"jwks cluster defaults to Strict DNS": {
+			remoteJWKS: &structs.RemoteJWKS{
+				JWKSCluster: &structs.JWKSCluster{},
+			},
+			expectedClusterType: &envoy_cluster_v3.Cluster_Type{
+				Type: envoy_cluster_v3.Cluster_STRICT_DNS,
+			},
+		},
+		"jwks with cluster EDS": {
+			remoteJWKS: &structs.RemoteJWKS{
+				JWKSCluster: &structs.JWKSCluster{
+					DiscoveryType: "EDS",
+				},
+			},
+			expectedClusterType: &envoy_cluster_v3.Cluster_Type{
+				Type: envoy_cluster_v3.Cluster_EDS,
+			},
+		},
+		"jwks with static dns": {
+			remoteJWKS: &structs.RemoteJWKS{
+				JWKSCluster: &structs.JWKSCluster{
+					DiscoveryType: "STATIC",
+				},
+			},
+			expectedClusterType: &envoy_cluster_v3.Cluster_Type{
+				Type: envoy_cluster_v3.Cluster_STATIC,
 			},
 		},
+
+		"jwks with original dst": {
+			remoteJWKS: &structs.RemoteJWKS{
+				JWKSCluster: &structs.JWKSCluster{
+					DiscoveryType: "ORIGINAL_DST",
+				},
+			},
+			expectedClusterType: &envoy_cluster_v3.Cluster_Type{
+				Type: envoy_cluster_v3.Cluster_ORIGINAL_DST,
+			},
+		},
+		"jwks with strict dns": {
+			remoteJWKS: &structs.RemoteJWKS{
+				JWKSCluster: &structs.JWKSCluster{
+					DiscoveryType: "STRICT_DNS",
+				},
+			},
+			expectedClusterType: &envoy_cluster_v3.Cluster_Type{
+				Type: envoy_cluster_v3.Cluster_STRICT_DNS,
+			},
+		},
+		"jwks with logical dns": {
+			remoteJWKS: &structs.RemoteJWKS{
+				JWKSCluster: &structs.JWKSCluster{
+					DiscoveryType: "LOGICAL_DNS",
+				},
+			},
+			expectedClusterType: &envoy_cluster_v3.Cluster_Type{
+				Type: envoy_cluster_v3.Cluster_LOGICAL_DNS,
+			},
+		},
+	}
+
+	for name, tt := range tests {
+		tt := tt
+		t.Run(name, func(t *testing.T) {
+			clusterType := makeJWKSDiscoveryClusterType(tt.remoteJWKS)
+
+			require.Equal(t, tt.expectedClusterType, clusterType)
+		})
 	}
 }
 
diff --git a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-and-port.golden b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-and-port.golden
index a8f9de349b77..b151d8accb21 100644
--- a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-and-port.golden
+++ b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-and-port.golden
@@ -19,5 +19,6 @@
     ]
   },
   "name": "jwks_cluster_okta",
-  "type": "STRICT_DNS"
+  "connectTimeout": "5s",
+  "type": "STATIC"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-no-port.golden b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-no-port.golden
index 977b8c70f130..10ac676c1dfd 100644
--- a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-no-port.golden
+++ b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-hostname-no-port.golden
@@ -19,5 +19,6 @@
     ]
   },
   "name": "jwks_cluster_okta",
-  "type": "STRICT_DNS"
+    "connectTimeout": "5s",
+  "type": "STATIC"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-and-port.golden b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-and-port.golden
index f5dbc48409af..87191735aa61 100644
--- a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-and-port.golden
+++ b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-and-port.golden
@@ -19,5 +19,6 @@
     ]
   },
   "name": "jwks_cluster_okta",
-  "type": "STRICT_DNS"
+  "connectTimeout": "5s",
+  "type": "STATIC"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-no-port.golden b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-no-port.golden
index e47f1a6fbee0..c71fded4e94d 100644
--- a/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-no-port.golden
+++ b/agent/xds/testdata/jwt_authn_clusters/http-provider-with-ip-no-port.golden
@@ -19,5 +19,6 @@
     ]
   },
   "name": "jwks_cluster_okta",
-  "type": "STRICT_DNS"
+  "connectTimeout": "5s",
+  "type": "STATIC"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-and-port.golden b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-and-port.golden
index 54af47ef8b8c..4aa4e9dab4d0 100644
--- a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-and-port.golden
+++ b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-and-port.golden
@@ -24,9 +24,14 @@
     "typedConfig": {
       "@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
       "commonTlsContext": {
-        "validationContext": {}
+        "validationContext": {
+          "trustedCa": {
+            "filename": "mycert.crt"
+          }
+        }
       }
     }
   },
-  "type": "STRICT_DNS"
+  "connectTimeout": "5s",
+  "type": "STATIC"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-no-port.golden b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-no-port.golden
index 7b266fa48468..57a6abf9d585 100644
--- a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-no-port.golden
+++ b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-hostname-no-port.golden
@@ -24,9 +24,14 @@
     "typedConfig": {
       "@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
       "commonTlsContext": {
-        "validationContext": {}
+        "validationContext": {
+          "trustedCa": {
+            "filename": "mycert.crt"
+          }
+        }
       }
     }
   },
-  "type": "STRICT_DNS"
+  "connectTimeout": "5s",
+  "type": "STATIC"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-and-port.golden b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-and-port.golden
index bdcbe0f3dcd4..6688e701fe3d 100644
--- a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-and-port.golden
+++ b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-and-port.golden
@@ -24,9 +24,14 @@
     "typedConfig": {
       "@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
       "commonTlsContext": {
-        "validationContext": {}
+        "validationContext":  {
+          "trustedCa": {
+            "filename": "mycert.crt"
+          }
+        }
       }
     }
   },
-  "type": "STRICT_DNS"
+  "connectTimeout": "5s",
+  "type": "STATIC"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-no-port.golden b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-no-port.golden
index c72e0e93d9d8..54dc704d6d29 100644
--- a/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-no-port.golden
+++ b/agent/xds/testdata/jwt_authn_clusters/https-provider-with-ip-no-port.golden
@@ -24,9 +24,14 @@
     "typedConfig": {
       "@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
       "commonTlsContext": {
-        "validationContext": {}
+        "validationContext": {
+          "trustedCa": {
+            "filename": "mycert.crt"
+          }
+        }
       }
     }
   },
-  "type": "STRICT_DNS"
+  "connectTimeout": "5s",
+  "type": "STATIC"
 }
\ No newline at end of file
diff --git a/api/config_entry_jwt_provider.go b/api/config_entry_jwt_provider.go
index e27974af3e30..270f0d564156 100644
--- a/api/config_entry_jwt_provider.go
+++ b/api/config_entry_jwt_provider.go
@@ -7,6 +7,14 @@ import (
 	"time"
 )
 
+const (
+	DiscoveryTypeStrictDNS   ClusterDiscoveryType = "STRICT_DNS"
+	DiscoveryTypeStatic      ClusterDiscoveryType = "STATIC"
+	DiscoveryTypeLogicalDNS  ClusterDiscoveryType = "LOGICAL_DNS"
+	DiscoveryTypeEDS         ClusterDiscoveryType = "EDS"
+	DiscoveryTypeOriginalDST ClusterDiscoveryType = "ORIGINAL_DST"
+)
+
 type JWTProviderConfigEntry struct {
 	// Kind is the kind of configuration entry and must be "jwt-provider".
 	Kind string `json:",omitempty"`
@@ -188,6 +196,71 @@ type RemoteJWKS struct {
 	//
 	// There is no retry by default.
 	RetryPolicy *JWKSRetryPolicy `json:",omitempty" alias:"retry_policy"`
+
+	// JWKSCluster defines how the specified Remote JWKS URI is to be fetched.
+	JWKSCluster *JWKSCluster `json:",omitempty" alias:"jwks_cluster"`
+}
+
+type JWKSCluster struct {
+	// DiscoveryType refers to the service discovery type to use for resolving the cluster.
+	//
+	// This defaults to STRICT_DNS.
+	// Other options include STATIC, LOGICAL_DNS, EDS or ORIGINAL_DST.
+	DiscoveryType ClusterDiscoveryType `json:",omitempty" alias:"discovery_type"`
+
+	// TLSCertificates refers to the data containing certificate authority certificates to use
+	// in verifying a presented peer certificate.
+	// If not specified and a peer certificate is presented it will not be verified.
+	//
+	// Must be either CaCertificateProviderInstance or TrustedCA.
+	TLSCertificates *JWKSTLSCertificate `json:",omitempty" alias:"tls_certificates"`
+
+	// The timeout for new network connections to hosts in the cluster.
+	// If not set, a default value of 5s will be used.
+	ConnectTimeout time.Duration `json:",omitempty" alias:"connect_timeout"`
+}
+
+type ClusterDiscoveryType string
+
+// JWKSTLSCertificate refers to the data containing certificate authority certificates to use
+// in verifying a presented peer certificate.
+// If not specified and a peer certificate is presented it will not be verified.
+//
+// Must be either CaCertificateProviderInstance or TrustedCA.
+type JWKSTLSCertificate struct {
+	// CaCertificateProviderInstance Certificate provider instance for fetching TLS certificates.
+	CaCertificateProviderInstance *JWKSTLSCertProviderInstance `json:",omitempty" alias:"ca_certificate_provider_instance"`
+
+	// TrustedCA defines TLS certificate data containing certificate authority certificates
+	// to use in verifying a presented peer certificate.
+	//
+	// Exactly one of Filename, EnvironmentVariable, InlineString or InlineBytes must be specified.
+	TrustedCA *JWKSTLSCertTrustedCA `json:",omitempty" alias:"trusted_ca"`
+}
+
+// JWKSTLSCertTrustedCA defines TLS certificate data containing certificate authority certificates
+// to use in verifying a presented peer certificate.
+//
+// Exactly one of Filename, EnvironmentVariable, InlineString or InlineBytes must be specified.
+type JWKSTLSCertTrustedCA struct {
+	Filename            string `json:",omitempty" alias:"filename"`
+	EnvironmentVariable string `json:",omitempty" alias:"environment_variable"`
+	InlineString        string `json:",omitempty" alias:"inline_string"`
+	InlineBytes         []byte `json:",omitempty" alias:"inline_bytes"`
+}
+
+type JWKSTLSCertProviderInstance struct {
+	// InstanceName refers to the certificate provider instance name
+	//
+	// The default value is "default".
+	InstanceName string `json:",omitempty" alias:"instance_name"`
+
+	// CertificateName is used to specify certificate instances or types. For example, "ROOTCA" to specify
+	// a root-certificate (validation context) or "example.com" to specify a certificate for a
+	// particular domain.
+	//
+	// The default value is the empty string.
+	CertificateName string `json:",omitempty" alias:"certificate_name"`
 }
 
 type JWKSRetryPolicy struct {
diff --git a/api/config_entry_jwt_provider_test.go b/api/config_entry_jwt_provider_test.go
index 69efa39c96a1..c24ca03825b5 100644
--- a/api/config_entry_jwt_provider_test.go
+++ b/api/config_entry_jwt_provider_test.go
@@ -4,6 +4,7 @@ package api
 
 import (
 	"testing"
+	"time"
 
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/stretchr/testify/require"
@@ -17,12 +18,23 @@ func TestAPI_ConfigEntries_JWTProvider(t *testing.T) {
 	entries := c.ConfigEntries()
 
 	testutil.RunStep(t, "set and get", func(t *testing.T) {
+		connectTimeout := time.Duration(5) * time.Second
 		jwtProvider := &JWTProviderConfigEntry{
 			Name: "okta",
 			Kind: JWTProvider,
 			JSONWebKeySet: &JSONWebKeySet{
-				Local: &LocalJWKS{
-					Filename: "test.txt",
+				Remote: &RemoteJWKS{
+					FetchAsynchronously: true,
+					URI:                 "https://example.com/.well-known/jwks.json",
+					JWKSCluster: &JWKSCluster{
+						DiscoveryType:  "STATIC",
+						ConnectTimeout: connectTimeout,
+						TLSCertificates: &JWKSTLSCertificate{
+							TrustedCA: &JWKSTLSCertTrustedCA{
+								Filename: "myfile.cert",
+							},
+						},
+					},
 				},
 			},
 			Meta: map[string]string{
diff --git a/proto/private/pbconfigentry/config_entry.gen.go b/proto/private/pbconfigentry/config_entry.gen.go
index 44c72e94c2e9..ca75146af425 100644
--- a/proto/private/pbconfigentry/config_entry.gen.go
+++ b/proto/private/pbconfigentry/config_entry.gen.go
@@ -1082,6 +1082,30 @@ func JSONWebKeySetFromStructs(t *structs.JSONWebKeySet, s *JSONWebKeySet) {
 		s.Remote = &x
 	}
 }
+func JWKSClusterToStructs(s *JWKSCluster, t *structs.JWKSCluster) {
+	if s == nil {
+		return
+	}
+	t.DiscoveryType = structs.ClusterDiscoveryType(s.DiscoveryType)
+	if s.TLSCertificates != nil {
+		var x structs.JWKSTLSCertificate
+		JWKSTLSCertificateToStructs(s.TLSCertificates, &x)
+		t.TLSCertificates = &x
+	}
+	t.ConnectTimeout = structs.DurationFromProto(s.ConnectTimeout)
+}
+func JWKSClusterFromStructs(t *structs.JWKSCluster, s *JWKSCluster) {
+	if s == nil {
+		return
+	}
+	s.DiscoveryType = string(t.DiscoveryType)
+	if t.TLSCertificates != nil {
+		var x JWKSTLSCertificate
+		JWKSTLSCertificateFromStructs(t.TLSCertificates, &x)
+		s.TLSCertificates = &x
+	}
+	s.ConnectTimeout = structs.DurationToProto(t.ConnectTimeout)
+}
 func JWKSRetryPolicyToStructs(s *JWKSRetryPolicy, t *structs.JWKSRetryPolicy) {
 	if s == nil {
 		return
@@ -1104,6 +1128,68 @@ func JWKSRetryPolicyFromStructs(t *structs.JWKSRetryPolicy, s *JWKSRetryPolicy)
 		s.RetryPolicyBackOff = &x
 	}
 }
+func JWKSTLSCertProviderInstanceToStructs(s *JWKSTLSCertProviderInstance, t *structs.JWKSTLSCertProviderInstance) {
+	if s == nil {
+		return
+	}
+	t.InstanceName = s.InstanceName
+	t.CertificateName = s.CertificateName
+}
+func JWKSTLSCertProviderInstanceFromStructs(t *structs.JWKSTLSCertProviderInstance, s *JWKSTLSCertProviderInstance) {
+	if s == nil {
+		return
+	}
+	s.InstanceName = t.InstanceName
+	s.CertificateName = t.CertificateName
+}
+func JWKSTLSCertTrustedCAToStructs(s *JWKSTLSCertTrustedCA, t *structs.JWKSTLSCertTrustedCA) {
+	if s == nil {
+		return
+	}
+	t.Filename = s.Filename
+	t.EnvironmentVariable = s.EnvironmentVariable
+	t.InlineString = s.InlineString
+	t.InlineBytes = s.InlineBytes
+}
+func JWKSTLSCertTrustedCAFromStructs(t *structs.JWKSTLSCertTrustedCA, s *JWKSTLSCertTrustedCA) {
+	if s == nil {
+		return
+	}
+	s.Filename = t.Filename
+	s.EnvironmentVariable = t.EnvironmentVariable
+	s.InlineString = t.InlineString
+	s.InlineBytes = t.InlineBytes
+}
+func JWKSTLSCertificateToStructs(s *JWKSTLSCertificate, t *structs.JWKSTLSCertificate) {
+	if s == nil {
+		return
+	}
+	if s.CaCertificateProviderInstance != nil {
+		var x structs.JWKSTLSCertProviderInstance
+		JWKSTLSCertProviderInstanceToStructs(s.CaCertificateProviderInstance, &x)
+		t.CaCertificateProviderInstance = &x
+	}
+	if s.TrustedCA != nil {
+		var x structs.JWKSTLSCertTrustedCA
+		JWKSTLSCertTrustedCAToStructs(s.TrustedCA, &x)
+		t.TrustedCA = &x
+	}
+}
+func JWKSTLSCertificateFromStructs(t *structs.JWKSTLSCertificate, s *JWKSTLSCertificate) {
+	if s == nil {
+		return
+	}
+	if t.CaCertificateProviderInstance != nil {
+		var x JWKSTLSCertProviderInstance
+		JWKSTLSCertProviderInstanceFromStructs(t.CaCertificateProviderInstance, &x)
+		s.CaCertificateProviderInstance = &x
+	}
+	if t.TrustedCA != nil {
+		var x JWKSTLSCertTrustedCA
+		JWKSTLSCertTrustedCAFromStructs(t.TrustedCA, &x)
+		s.TrustedCA = &x
+	}
+}
 func JWTCacheConfigToStructs(s *JWTCacheConfig, t *structs.JWTCacheConfig) {
 	if s == nil {
 		return
@@ -1521,6 +1607,11 @@ func RemoteJWKSToStructs(s *RemoteJWKS, t *structs.RemoteJWKS) {
 		JWKSRetryPolicyToStructs(s.RetryPolicy, &x)
 		t.RetryPolicy = &x
 	}
+	if s.JWKSCluster != nil {
+		var x structs.JWKSCluster
+		JWKSClusterToStructs(s.JWKSCluster, &x)
+		t.JWKSCluster = &x
+	}
 }
 func RemoteJWKSFromStructs(t *structs.RemoteJWKS, s *RemoteJWKS) {
 	if s == nil {
@@ -1535,6 +1626,11 @@ func RemoteJWKSFromStructs(t *structs.RemoteJWKS, s *RemoteJWKS) {
 		JWKSRetryPolicyFromStructs(t.RetryPolicy, &x)
 		s.RetryPolicy = &x
 	}
+	if t.JWKSCluster != nil {
+		var x JWKSCluster
+		JWKSClusterFromStructs(t.JWKSCluster, &x)
+		s.JWKSCluster = &x
+	}
 }
 func ResourceReferenceToStructs(s *ResourceReference, t *structs.ResourceReference) {
 	if s == nil {
diff --git a/proto/private/pbconfigentry/config_entry.pb.binary.go b/proto/private/pbconfigentry/config_entry.pb.binary.go
index 7aaa8446a978..bd9bac6c7e76 100644
--- a/proto/private/pbconfigentry/config_entry.pb.binary.go
+++ b/proto/private/pbconfigentry/config_entry.pb.binary.go
@@ -727,6 +727,46 @@ func (msg *RemoteJWKS) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
 
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *JWKSCluster) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *JWKSCluster) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *JWKSTLSCertificate) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *JWKSTLSCertificate) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *JWKSTLSCertProviderInstance) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *JWKSTLSCertProviderInstance) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *JWKSTLSCertTrustedCA) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *JWKSTLSCertTrustedCA) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
 // MarshalBinary implements encoding.BinaryMarshaler
 func (msg *JWKSRetryPolicy) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
diff --git a/proto/private/pbconfigentry/config_entry.pb.go b/proto/private/pbconfigentry/config_entry.pb.go
index 5dbb9737e4e6..2977d593f824 100644
--- a/proto/private/pbconfigentry/config_entry.pb.go
+++ b/proto/private/pbconfigentry/config_entry.pb.go
@@ -6173,6 +6173,7 @@ type RemoteJWKS struct {
 	CacheDuration       *durationpb.Duration `protobuf:"bytes,3,opt,name=CacheDuration,proto3" json:"CacheDuration,omitempty"`
 	FetchAsynchronously bool                 `protobuf:"varint,4,opt,name=FetchAsynchronously,proto3" json:"FetchAsynchronously,omitempty"`
 	RetryPolicy         *JWKSRetryPolicy     `protobuf:"bytes,5,opt,name=RetryPolicy,proto3" json:"RetryPolicy,omitempty"`
+	JWKSCluster         *JWKSCluster         `protobuf:"bytes,6,opt,name=JWKSCluster,proto3" json:"JWKSCluster,omitempty"`
 }
 
 func (x *RemoteJWKS) Reset() {
@@ -6242,6 +6243,278 @@ func (x *RemoteJWKS) GetRetryPolicy() *JWKSRetryPolicy {
 	return nil
 }
 
+func (x *RemoteJWKS) GetJWKSCluster() *JWKSCluster {
+	if x != nil {
+		return x.JWKSCluster
+	}
+	return nil
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.JWKSCluster
+// output=config_entry.gen.go
+// name=Structs
+type JWKSCluster struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	DiscoveryType   string              `protobuf:"bytes,1,opt,name=DiscoveryType,proto3" json:"DiscoveryType,omitempty"`
+	TLSCertificates *JWKSTLSCertificate `protobuf:"bytes,2,opt,name=TLSCertificates,proto3" json:"TLSCertificates,omitempty"`
+	// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
+	ConnectTimeout *durationpb.Duration `protobuf:"bytes,3,opt,name=ConnectTimeout,proto3" json:"ConnectTimeout,omitempty"`
+}
+
+func (x *JWKSCluster) Reset() {
+	*x = JWKSCluster{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *JWKSCluster) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*JWKSCluster) ProtoMessage() {}
+
+func (x *JWKSCluster) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use JWKSCluster.ProtoReflect.Descriptor instead.
+func (*JWKSCluster) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
+}
+
+func (x *JWKSCluster) GetDiscoveryType() string {
+	if x != nil {
+		return x.DiscoveryType
+	}
+	return ""
+}
+
+func (x *JWKSCluster) GetTLSCertificates() *JWKSTLSCertificate {
+	if x != nil {
+		return x.TLSCertificates
+	}
+	return nil
+}
+
+func (x *JWKSCluster) GetConnectTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.ConnectTimeout
+	}
+	return nil
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.JWKSTLSCertificate
+// output=config_entry.gen.go
+// name=Structs
+type JWKSTLSCertificate struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	CaCertificateProviderInstance *JWKSTLSCertProviderInstance `protobuf:"bytes,1,opt,name=CaCertificateProviderInstance,proto3" json:"CaCertificateProviderInstance,omitempty"`
+	TrustedCA                     *JWKSTLSCertTrustedCA        `protobuf:"bytes,2,opt,name=TrustedCA,proto3" json:"TrustedCA,omitempty"`
+}
+
+func (x *JWKSTLSCertificate) Reset() {
+	*x = JWKSTLSCertificate{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *JWKSTLSCertificate) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*JWKSTLSCertificate) ProtoMessage() {}
+
+func (x *JWKSTLSCertificate) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use JWKSTLSCertificate.ProtoReflect.Descriptor instead.
+func (*JWKSTLSCertificate) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
+}
+
+func (x *JWKSTLSCertificate) GetCaCertificateProviderInstance() *JWKSTLSCertProviderInstance {
+	if x != nil {
+		return x.CaCertificateProviderInstance
+	}
+	return nil
+}
+
+func (x *JWKSTLSCertificate) GetTrustedCA() *JWKSTLSCertTrustedCA {
+	if x != nil {
+		return x.TrustedCA
+	}
+	return nil
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.JWKSTLSCertProviderInstance
+// output=config_entry.gen.go
+// name=Structs
+type JWKSTLSCertProviderInstance struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	InstanceName    string `protobuf:"bytes,1,opt,name=InstanceName,proto3" json:"InstanceName,omitempty"`
+	CertificateName string `protobuf:"bytes,2,opt,name=CertificateName,proto3" json:"CertificateName,omitempty"`
+}
+
+func (x *JWKSTLSCertProviderInstance) Reset() {
+	*x = JWKSTLSCertProviderInstance{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *JWKSTLSCertProviderInstance) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*JWKSTLSCertProviderInstance) ProtoMessage() {}
+
+func (x *JWKSTLSCertProviderInstance) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use JWKSTLSCertProviderInstance.ProtoReflect.Descriptor instead.
+func (*JWKSTLSCertProviderInstance) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
+}
+
+func (x *JWKSTLSCertProviderInstance) GetInstanceName() string {
+	if x != nil {
+		return x.InstanceName
+	}
+	return ""
+}
+
+func (x *JWKSTLSCertProviderInstance) GetCertificateName() string {
+	if x != nil {
+		return x.CertificateName
+	}
+	return ""
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.JWKSTLSCertTrustedCA
+// output=config_entry.gen.go
+// name=Structs
+type JWKSTLSCertTrustedCA struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Filename            string `protobuf:"bytes,1,opt,name=Filename,proto3" json:"Filename,omitempty"`
+	EnvironmentVariable string `protobuf:"bytes,2,opt,name=EnvironmentVariable,proto3" json:"EnvironmentVariable,omitempty"`
+	InlineString        string `protobuf:"bytes,3,opt,name=InlineString,proto3" json:"InlineString,omitempty"`
+	InlineBytes         []byte `protobuf:"bytes,4,opt,name=InlineBytes,proto3" json:"InlineBytes,omitempty"`
+}
+
+func (x *JWKSTLSCertTrustedCA) Reset() {
+	*x = JWKSTLSCertTrustedCA{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *JWKSTLSCertTrustedCA) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*JWKSTLSCertTrustedCA) ProtoMessage() {}
+
+func (x *JWKSTLSCertTrustedCA) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use JWKSTLSCertTrustedCA.ProtoReflect.Descriptor instead.
+func (*JWKSTLSCertTrustedCA) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
+}
+
+func (x *JWKSTLSCertTrustedCA) GetFilename() string {
+	if x != nil {
+		return x.Filename
+	}
+	return ""
+}
+
+func (x *JWKSTLSCertTrustedCA) GetEnvironmentVariable() string {
+	if x != nil {
+		return x.EnvironmentVariable
+	}
+	return ""
+}
+
+func (x *JWKSTLSCertTrustedCA) GetInlineString() string {
+	if x != nil {
+		return x.InlineString
+	}
+	return ""
+}
+
+func (x *JWKSTLSCertTrustedCA) GetInlineBytes() []byte {
+	if x != nil {
+		return x.InlineBytes
+	}
+	return nil
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.JWKSRetryPolicy
@@ -6260,7 +6533,7 @@ type JWKSRetryPolicy struct {
 func (x *JWKSRetryPolicy) Reset() {
 	*x = JWKSRetryPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6273,7 +6546,7 @@ func (x *JWKSRetryPolicy) String() string {
 func (*JWKSRetryPolicy) ProtoMessage() {}
 
 func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6286,7 +6559,7 @@ func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSRetryPolicy.ProtoReflect.Descriptor instead.
 func (*JWKSRetryPolicy) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
 }
 
 func (x *JWKSRetryPolicy) GetNumRetries() int32 {
@@ -6322,7 +6595,7 @@ type RetryPolicyBackOff struct {
 func (x *RetryPolicyBackOff) Reset() {
 	*x = RetryPolicyBackOff{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6335,7 +6608,7 @@ func (x *RetryPolicyBackOff) String() string {
 func (*RetryPolicyBackOff) ProtoMessage() {}
 
 func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6348,7 +6621,7 @@ func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RetryPolicyBackOff.ProtoReflect.Descriptor instead.
 func (*RetryPolicyBackOff) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
 }
 
 func (x *RetryPolicyBackOff) GetBaseInterval() *durationpb.Duration {
@@ -6383,7 +6656,7 @@ type JWTLocation struct {
 func (x *JWTLocation) Reset() {
 	*x = JWTLocation{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6396,7 +6669,7 @@ func (x *JWTLocation) String() string {
 func (*JWTLocation) ProtoMessage() {}
 
 func (x *JWTLocation) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6409,7 +6682,7 @@ func (x *JWTLocation) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocation.ProtoReflect.Descriptor instead.
 func (*JWTLocation) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
 }
 
 func (x *JWTLocation) GetHeader() *JWTLocationHeader {
@@ -6451,7 +6724,7 @@ type JWTLocationHeader struct {
 func (x *JWTLocationHeader) Reset() {
 	*x = JWTLocationHeader{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6464,7 +6737,7 @@ func (x *JWTLocationHeader) String() string {
 func (*JWTLocationHeader) ProtoMessage() {}
 
 func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6477,7 +6750,7 @@ func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationHeader.ProtoReflect.Descriptor instead.
 func (*JWTLocationHeader) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
 }
 
 func (x *JWTLocationHeader) GetName() string {
@@ -6517,7 +6790,7 @@ type JWTLocationQueryParam struct {
 func (x *JWTLocationQueryParam) Reset() {
 	*x = JWTLocationQueryParam{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6530,7 +6803,7 @@ func (x *JWTLocationQueryParam) String() string {
 func (*JWTLocationQueryParam) ProtoMessage() {}
 
 func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6543,7 +6816,7 @@ func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationQueryParam.ProtoReflect.Descriptor instead.
 func (*JWTLocationQueryParam) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{80}
 }
 
 func (x *JWTLocationQueryParam) GetName() string {
@@ -6569,7 +6842,7 @@ type JWTLocationCookie struct {
 func (x *JWTLocationCookie) Reset() {
 	*x = JWTLocationCookie{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6582,7 +6855,7 @@ func (x *JWTLocationCookie) String() string {
 func (*JWTLocationCookie) ProtoMessage() {}
 
 func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6595,7 +6868,7 @@ func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationCookie.ProtoReflect.Descriptor instead.
 func (*JWTLocationCookie) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{81}
 }
 
 func (x *JWTLocationCookie) GetName() string {
@@ -6622,7 +6895,7 @@ type JWTForwardingConfig struct {
 func (x *JWTForwardingConfig) Reset() {
 	*x = JWTForwardingConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6635,7 +6908,7 @@ func (x *JWTForwardingConfig) String() string {
 func (*JWTForwardingConfig) ProtoMessage() {}
 
 func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6648,7 +6921,7 @@ func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTForwardingConfig.ProtoReflect.Descriptor instead.
 func (*JWTForwardingConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{82}
 }
 
 func (x *JWTForwardingConfig) GetHeaderName() string {
@@ -6682,7 +6955,7 @@ type JWTCacheConfig struct {
 func (x *JWTCacheConfig) Reset() {
 	*x = JWTCacheConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6695,7 +6968,7 @@ func (x *JWTCacheConfig) String() string {
 func (*JWTCacheConfig) ProtoMessage() {}
 
 func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6708,7 +6981,7 @@ func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTCacheConfig.ProtoReflect.Descriptor instead.
 func (*JWTCacheConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{83}
 }
 
 func (x *JWTCacheConfig) GetSize() int32 {
@@ -7943,7 +8216,7 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x18, 0x01,
 	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69,
 	0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69,
-	0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x97, 0x02, 0x0a, 0x0a, 0x52, 0x65, 0x6d, 0x6f, 0x74,
+	0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xed, 0x02, 0x0a, 0x0a, 0x52, 0x65, 0x6d, 0x6f, 0x74,
 	0x65, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x18, 0x01, 0x20, 0x01,
 	0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x2a, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65,
 	0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28,
@@ -7961,172 +8234,225 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
 	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
 	0x69, 0x63, 0x79, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x22, 0x9c, 0x01, 0x0a, 0x0f, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69,
-	0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74,
-	0x72, 0x69, 0x65, 0x73, 0x12, 0x69, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74,
-	0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22,
-	0x90, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42,
-	0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x12, 0x3d, 0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e,
-	0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74,
-	0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x3b, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65,
-	0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76,
-	0x61, 0x6c, 0x22, 0x8f, 0x02, 0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x12, 0x5c, 0x0a, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72,
-	0x61, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72,
-	0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x52, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72,
-	0x61, 0x6d, 0x12, 0x50, 0x0a, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f,
-	0x6f, 0x6b, 0x69, 0x65, 0x22, 0x63, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a,
-	0x0b, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0b, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12,
-	0x18, 0x0a, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54,
-	0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72,
-	0x61, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x27, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e,
-	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22,
-	0x6f, 0x0a, 0x13, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72,
-	0x77, 0x61, 0x72, 0x64, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77,
-	0x61, 0x72, 0x64, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x22, 0x24, 0x0a, 0x0e, 0x4a, 0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05,
-	0x52, 0x04, 0x53, 0x69, 0x7a, 0x65, 0x2a, 0xa9, 0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12,
-	0x0f, 0x0a, 0x0b, 0x4b, 0x69, 0x6e, 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00,
-	0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a,
-	0x12, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65,
-	0x77, 0x61, 0x79, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04,
-	0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44,
-	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x10, 0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e,
-	0x64, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x10, 0x06, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47,
-	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64,
-	0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10,
-	0x08, 0x12, 0x11, 0x0a, 0x0d, 0x4b, 0x69, 0x6e, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x10, 0x09, 0x12, 0x10, 0x0a, 0x0c, 0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52,
-	0x6f, 0x75, 0x74, 0x65, 0x10, 0x0a, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61,
-	0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a,
-	0x0f, 0x4b, 0x69, 0x6e, 0x64, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
-	0x10, 0x0c, 0x2a, 0x26, 0x0a, 0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12,
-	0x09, 0x0a, 0x05, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e,
-	0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70,
-	0x65, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a,
-	0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72,
-	0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00,
-	0x12, 0x18, 0x0a, 0x14, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61,
-	0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72,
-	0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a,
-	0x5f, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65,
-	0x12, 0x18, 0x0a, 0x14, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64,
-	0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75,
-	0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63,
-	0x74, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53,
-	0x4d, 0x6f, 0x64, 0x65, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02,
-	0x2a, 0x7b, 0x0a, 0x0f, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d,
-	0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77,
-	0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12,
-	0x17, 0x0a, 0x13, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f,
-	0x64, 0x65, 0x4e, 0x6f, 0x6e, 0x65, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68,
-	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c,
-	0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
-	0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a,
-	0x1a, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65,
-	0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48,
-	0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65,
-	0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92,
-	0x02, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68,
-	0x6f, 0x64, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d,
-	0x65, 0x74, 0x68, 0x6f, 0x64, 0x41, 0x6c, 0x6c, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54,
-	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10,
-	0x02, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x47, 0x65, 0x74, 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54,
-	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64,
-	0x10, 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d,
-	0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18,
-	0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f,
-	0x64, 0x50, 0x61, 0x74, 0x63, 0x68, 0x10, 0x06, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10,
-	0x07, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x50, 0x75, 0x74, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54,
-	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63,
-	0x65, 0x10, 0x09, 0x2a, 0xa7, 0x01, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48,
-	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78,
-	0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01,
-	0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20,
-	0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52,
+	0x12, 0x54, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57,
+	0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
+	0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x44,
+	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x63, 0x0a, 0x0f,
+	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57,
+	0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x52, 0x0f, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x73, 0x12, 0x41, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d,
+	0x65, 0x6f, 0x75, 0x74, 0x22, 0xfa, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x88, 0x01, 0x0a, 0x1d,
+	0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f,
+	0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53,
+	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49,
+	0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x1d, 0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e,
+	0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x59, 0x0a, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65,
+	0x64, 0x43, 0x41, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75,
+	0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x52, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43,
+	0x41, 0x22, 0x6b, 0x0a, 0x1b, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74,
+	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
+	0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
+	0x4e, 0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x43,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xaa,
+	0x01, 0x0a, 0x14, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72,
+	0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65,
+	0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72,
+	0x69, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x53,
+	0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x6c,
+	0x69, 0x6e, 0x65, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x49, 0x6e, 0x6c,
+	0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b,
+	0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x0f,
+	0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12,
+	0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x05, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12,
+	0x69, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61,
+	0x63, 0x6b, 0x4f, 0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42,
+	0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22, 0x90, 0x01, 0x0a, 0x12, 0x52,
+	0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66,
+	0x66, 0x12, 0x3d, 0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
+	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c,
+	0x12, 0x3b, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x22, 0x8f, 0x02,
+	0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a,
+	0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12,
+	0x5c, 0x0a, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c,
+	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61,
+	0x6d, 0x52, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x50, 0x0a,
+	0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22,
+	0x63, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x46, 0x6f,
+	0x72, 0x77, 0x61, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x46, 0x6f, 0x72,
+	0x77, 0x61, 0x72, 0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x12, 0x0a,
+	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d,
+	0x65, 0x22, 0x27, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x6f, 0x0a, 0x13, 0x4a, 0x57,
+	0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d,
+	0x65, 0x12, 0x38, 0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50,
+	0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61,
+	0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0e, 0x4a,
+	0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a,
+	0x04, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x53, 0x69, 0x7a,
+	0x65, 0x2a, 0xa9, 0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69,
+	0x6e, 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b,
+	0x69, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x01, 0x12,
+	0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65,
+	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64,
+	0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x03,
+	0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49,
+	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x4b,
+	0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c,
+	0x74, 0x73, 0x10, 0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x6c, 0x69,
+	0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x10, 0x06, 0x12,
+	0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
+	0x79, 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x42, 0x6f, 0x75, 0x6e, 0x64,
+	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d,
+	0x4b, 0x69, 0x6e, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x09, 0x12,
+	0x10, 0x0a, 0x0c, 0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10,
+	0x0a, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73,
+	0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x69, 0x6e, 0x64,
+	0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x10, 0x0c, 0x2a, 0x26, 0x0a,
+	0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x08, 0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x6c,
+	0x6c, 0x6f, 0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69,
+	0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78,
+	0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
+	0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x50,
+	0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72,
+	0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
+	0x64, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5f, 0x0a, 0x0d, 0x4d, 0x75,
+	0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4d,
+	0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61,
+	0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54,
+	0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x1b,
+	0x0a, 0x17, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x50,
+	0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02, 0x2a, 0x7b, 0x0a, 0x0f, 0x4d,
+	0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a,
+	0x0a, 0x16, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64,
+	0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x65,
+	0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4e, 0x6f, 0x6e,
+	0x65, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77,
+	0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x10, 0x02, 0x12, 0x19, 0x0a,
+	0x15, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65,
+	0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47,
+	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
+	0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00,
+	0x12, 0x17, 0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92, 0x02, 0x0a, 0x0f, 0x48, 0x54,
+	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x16, 0x0a,
+	0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x41, 0x6c, 0x6c, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10,
+	0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12,
+	0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x47,
+	0x65, 0x74, 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64, 0x10, 0x04, 0x12, 0x1a, 0x0a,
+	0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54,
+	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x61, 0x74, 0x63,
+	0x68, 0x10, 0x06, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10, 0x07, 0x12, 0x16, 0x0a, 0x12,
+	0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50,
+	0x75, 0x74, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63, 0x65, 0x10, 0x09, 0x2a, 0xa7,
+	0x01, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00,
+	0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x48,
+	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72,
+	0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20, 0x48, 0x54, 0x54, 0x50, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61,
+	0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x12, 0x19, 0x0a,
+	0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a, 0x11, 0x48, 0x54, 0x54, 0x50,
+	0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a,
+	0x12, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78,
+	0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74,
+	0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x22,
+	0x0a, 0x1e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52,
 	0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
-	0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a,
-	0x11, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79,
-	0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54,
-	0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69,
-	0x78, 0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65,
-	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x2a, 0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51,
-	0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a,
-	0x13, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45,
-	0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75,
-	0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10,
-	0x01, 0x12, 0x23, 0x0a, 0x1f, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73,
-	0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x42, 0xae, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x42, 0x10, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76,
-	0x61, 0x74, 0x65, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x10, 0x03, 0x2a, 0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50,
+	0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10,
+	0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f,
+	0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65,
+	0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10,
+	0x03, 0x42, 0xae, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42,
+	0x10, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x50, 0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70,
+	0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x04, 0x48,
+	0x43, 0x49, 0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, 0x25, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
+	0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -8142,7 +8468,7 @@ func file_private_pbconfigentry_config_entry_proto_rawDescGZIP() []byte {
 }
 
 var file_private_pbconfigentry_config_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 11)
-var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 100)
+var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 104)
 var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(Kind)(0),                                   // 0: hashicorp.consul.internal.configentry.Kind
 	(IntentionAction)(0),                        // 1: hashicorp.consul.internal.configentry.IntentionAction
@@ -8227,44 +8553,48 @@ var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(*JSONWebKeySet)(nil),                       // 80: hashicorp.consul.internal.configentry.JSONWebKeySet
 	(*LocalJWKS)(nil),                           // 81: hashicorp.consul.internal.configentry.LocalJWKS
 	(*RemoteJWKS)(nil),                          // 82: hashicorp.consul.internal.configentry.RemoteJWKS
-	(*JWKSRetryPolicy)(nil),                     // 83: hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	(*RetryPolicyBackOff)(nil),                  // 84: hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	(*JWTLocation)(nil),                         // 85: hashicorp.consul.internal.configentry.JWTLocation
-	(*JWTLocationHeader)(nil),                   // 86: hashicorp.consul.internal.configentry.JWTLocationHeader
-	(*JWTLocationQueryParam)(nil),               // 87: hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	(*JWTLocationCookie)(nil),                   // 88: hashicorp.consul.internal.configentry.JWTLocationCookie
-	(*JWTForwardingConfig)(nil),                 // 89: hashicorp.consul.internal.configentry.JWTForwardingConfig
-	(*JWTCacheConfig)(nil),                      // 90: hashicorp.consul.internal.configentry.JWTCacheConfig
-	nil,                                         // 91: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
-	nil,                                         // 92: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
-	nil,                                         // 93: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	nil,                                         // 94: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	nil,                                         // 95: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
-	nil,                                         // 96: hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	nil,                                         // 97: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	nil,                                         // 98: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
-	nil,                                         // 99: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
-	nil,                                         // 100: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	nil,                                         // 101: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	nil,                                         // 102: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
-	nil,                                         // 103: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
-	nil,                                         // 104: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	nil,                                         // 105: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
-	nil,                                         // 106: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	nil,                                         // 107: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
-	nil,                                         // 108: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
-	nil,                                         // 109: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	nil,                                         // 110: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
-	(*pbcommon.EnterpriseMeta)(nil),             // 111: hashicorp.consul.internal.common.EnterpriseMeta
-	(*pbcommon.RaftIndex)(nil),                  // 112: hashicorp.consul.internal.common.RaftIndex
-	(*durationpb.Duration)(nil),                 // 113: google.protobuf.Duration
-	(*timestamppb.Timestamp)(nil),               // 114: google.protobuf.Timestamp
-	(*pbcommon.EnvoyExtension)(nil),             // 115: hashicorp.consul.internal.common.EnvoyExtension
+	(*JWKSCluster)(nil),                         // 83: hashicorp.consul.internal.configentry.JWKSCluster
+	(*JWKSTLSCertificate)(nil),                  // 84: hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	(*JWKSTLSCertProviderInstance)(nil),         // 85: hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	(*JWKSTLSCertTrustedCA)(nil),                // 86: hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	(*JWKSRetryPolicy)(nil),                     // 87: hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	(*RetryPolicyBackOff)(nil),                  // 88: hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	(*JWTLocation)(nil),                         // 89: hashicorp.consul.internal.configentry.JWTLocation
+	(*JWTLocationHeader)(nil),                   // 90: hashicorp.consul.internal.configentry.JWTLocationHeader
+	(*JWTLocationQueryParam)(nil),               // 91: hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	(*JWTLocationCookie)(nil),                   // 92: hashicorp.consul.internal.configentry.JWTLocationCookie
+	(*JWTForwardingConfig)(nil),                 // 93: hashicorp.consul.internal.configentry.JWTForwardingConfig
+	(*JWTCacheConfig)(nil),                      // 94: hashicorp.consul.internal.configentry.JWTCacheConfig
+	nil,                                         // 95: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	nil,                                         // 96: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	nil,                                         // 97: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	nil,                                         // 98: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	nil,                                         // 99: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	nil,                                         // 100: hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	nil,                                         // 101: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	nil,                                         // 102: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	nil,                                         // 103: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	nil,                                         // 104: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	nil,                                         // 105: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	nil,                                         // 106: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	nil,                                         // 107: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	nil,                                         // 108: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	nil,                                         // 109: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	nil,                                         // 110: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	nil,                                         // 111: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	nil,                                         // 112: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	nil,                                         // 113: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	nil,                                         // 114: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	(*pbcommon.EnterpriseMeta)(nil),             // 115: hashicorp.consul.internal.common.EnterpriseMeta
+	(*pbcommon.RaftIndex)(nil),                  // 116: hashicorp.consul.internal.common.RaftIndex
+	(*durationpb.Duration)(nil),                 // 117: google.protobuf.Duration
+	(*timestamppb.Timestamp)(nil),               // 118: google.protobuf.Timestamp
+	(*pbcommon.EnvoyExtension)(nil),             // 119: hashicorp.consul.internal.common.EnvoyExtension
 }
 var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	0,   // 0: hashicorp.consul.internal.configentry.ConfigEntry.Kind:type_name -> hashicorp.consul.internal.configentry.Kind
-	111, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	112, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
+	115, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	116, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
 	12,  // 3: hashicorp.consul.internal.configentry.ConfigEntry.MeshConfig:type_name -> hashicorp.consul.internal.configentry.MeshConfig
 	18,  // 4: hashicorp.consul.internal.configentry.ConfigEntry.ServiceResolver:type_name -> hashicorp.consul.internal.configentry.ServiceResolver
 	30,  // 5: hashicorp.consul.internal.configentry.ConfigEntry.IngressGateway:type_name -> hashicorp.consul.internal.configentry.IngressGateway
@@ -8280,17 +8610,17 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	13,  // 15: hashicorp.consul.internal.configentry.MeshConfig.TransparentProxy:type_name -> hashicorp.consul.internal.configentry.TransparentProxyMeshConfig
 	14,  // 16: hashicorp.consul.internal.configentry.MeshConfig.TLS:type_name -> hashicorp.consul.internal.configentry.MeshTLSConfig
 	16,  // 17: hashicorp.consul.internal.configentry.MeshConfig.HTTP:type_name -> hashicorp.consul.internal.configentry.MeshHTTPConfig
-	91,  // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	95,  // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
 	17,  // 19: hashicorp.consul.internal.configentry.MeshConfig.Peering:type_name -> hashicorp.consul.internal.configentry.PeeringMeshConfig
 	15,  // 20: hashicorp.consul.internal.configentry.MeshTLSConfig.Incoming:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
 	15,  // 21: hashicorp.consul.internal.configentry.MeshTLSConfig.Outgoing:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
-	92,  // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	96,  // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
 	20,  // 23: hashicorp.consul.internal.configentry.ServiceResolver.Redirect:type_name -> hashicorp.consul.internal.configentry.ServiceResolverRedirect
-	93,  // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	113, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
+	97,  // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	117, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
 	25,  // 26: hashicorp.consul.internal.configentry.ServiceResolver.LoadBalancer:type_name -> hashicorp.consul.internal.configentry.LoadBalancer
-	94,  // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	113, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
+	98,  // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	117, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
 	23,  // 29: hashicorp.consul.internal.configentry.ServiceResolver.PrioritizeByLocality:type_name -> hashicorp.consul.internal.configentry.ServiceResolverPrioritizeByLocality
 	24,  // 30: hashicorp.consul.internal.configentry.ServiceResolverFailover.Targets:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverTarget
 	22,  // 31: hashicorp.consul.internal.configentry.ServiceResolverFailover.Policy:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverPolicy
@@ -8298,10 +8628,10 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	27,  // 33: hashicorp.consul.internal.configentry.LoadBalancer.LeastRequestConfig:type_name -> hashicorp.consul.internal.configentry.LeastRequestConfig
 	28,  // 34: hashicorp.consul.internal.configentry.LoadBalancer.HashPolicies:type_name -> hashicorp.consul.internal.configentry.HashPolicy
 	29,  // 35: hashicorp.consul.internal.configentry.HashPolicy.CookieConfig:type_name -> hashicorp.consul.internal.configentry.CookieConfig
-	113, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
+	117, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
 	32,  // 37: hashicorp.consul.internal.configentry.IngressGateway.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig
 	34,  // 38: hashicorp.consul.internal.configentry.IngressGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.IngressListener
-	95,  // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	99,  // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
 	31,  // 40: hashicorp.consul.internal.configentry.IngressGateway.Defaults:type_name -> hashicorp.consul.internal.configentry.IngressServiceConfig
 	54,  // 41: hashicorp.consul.internal.configentry.IngressServiceConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 42: hashicorp.consul.internal.configentry.GatewayTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
@@ -8310,24 +8640,24 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	36,  // 45: hashicorp.consul.internal.configentry.IngressService.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayServiceTLSConfig
 	37,  // 46: hashicorp.consul.internal.configentry.IngressService.RequestHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
 	37,  // 47: hashicorp.consul.internal.configentry.IngressService.ResponseHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
-	96,  // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	111, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	100, // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	115, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	54,  // 50: hashicorp.consul.internal.configentry.IngressService.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 51: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
-	97,  // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	98,  // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	101, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	102, // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
 	42,  // 54: hashicorp.consul.internal.configentry.ServiceIntentions.Sources:type_name -> hashicorp.consul.internal.configentry.SourceIntention
-	99,  // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	103, // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
 	39,  // 56: hashicorp.consul.internal.configentry.ServiceIntentions.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
 	40,  // 57: hashicorp.consul.internal.configentry.IntentionJWTRequirement.Providers:type_name -> hashicorp.consul.internal.configentry.IntentionJWTProvider
 	41,  // 58: hashicorp.consul.internal.configentry.IntentionJWTProvider.VerifyClaims:type_name -> hashicorp.consul.internal.configentry.IntentionJWTClaimVerification
 	1,   // 59: hashicorp.consul.internal.configentry.SourceIntention.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	43,  // 60: hashicorp.consul.internal.configentry.SourceIntention.Permissions:type_name -> hashicorp.consul.internal.configentry.IntentionPermission
 	2,   // 61: hashicorp.consul.internal.configentry.SourceIntention.Type:type_name -> hashicorp.consul.internal.configentry.IntentionSourceType
-	100, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	114, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
-	114, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
-	111, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	104, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	118, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
+	118, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
+	115, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	1,   // 66: hashicorp.consul.internal.configentry.IntentionPermission.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	44,  // 67: hashicorp.consul.internal.configentry.IntentionPermission.HTTP:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPPermission
 	39,  // 68: hashicorp.consul.internal.configentry.IntentionPermission.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
@@ -8338,35 +8668,35 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	49,  // 73: hashicorp.consul.internal.configentry.ServiceDefaults.Expose:type_name -> hashicorp.consul.internal.configentry.ExposeConfig
 	51,  // 74: hashicorp.consul.internal.configentry.ServiceDefaults.UpstreamConfig:type_name -> hashicorp.consul.internal.configentry.UpstreamConfiguration
 	55,  // 75: hashicorp.consul.internal.configentry.ServiceDefaults.Destination:type_name -> hashicorp.consul.internal.configentry.DestinationConfig
-	101, // 76: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	115, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
+	105, // 76: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	119, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
 	4,   // 78: hashicorp.consul.internal.configentry.ServiceDefaults.MutualTLSMode:type_name -> hashicorp.consul.internal.configentry.MutualTLSMode
 	5,   // 79: hashicorp.consul.internal.configentry.MeshGatewayConfig.Mode:type_name -> hashicorp.consul.internal.configentry.MeshGatewayMode
 	50,  // 80: hashicorp.consul.internal.configentry.ExposeConfig.Paths:type_name -> hashicorp.consul.internal.configentry.ExposePath
 	52,  // 81: hashicorp.consul.internal.configentry.UpstreamConfiguration.Overrides:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
 	52,  // 82: hashicorp.consul.internal.configentry.UpstreamConfiguration.Defaults:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
-	111, // 83: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	115, // 83: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	53,  // 84: hashicorp.consul.internal.configentry.UpstreamConfig.Limits:type_name -> hashicorp.consul.internal.configentry.UpstreamLimits
 	54,  // 85: hashicorp.consul.internal.configentry.UpstreamConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	48,  // 86: hashicorp.consul.internal.configentry.UpstreamConfig.MeshGateway:type_name -> hashicorp.consul.internal.configentry.MeshGatewayConfig
-	113, // 87: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
-	113, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
-	102, // 89: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	117, // 87: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
+	117, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
+	106, // 89: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
 	59,  // 90: hashicorp.consul.internal.configentry.APIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.APIGatewayListener
 	57,  // 91: hashicorp.consul.internal.configentry.APIGateway.Status:type_name -> hashicorp.consul.internal.configentry.Status
 	58,  // 92: hashicorp.consul.internal.configentry.Status.Conditions:type_name -> hashicorp.consul.internal.configentry.Condition
 	61,  // 93: hashicorp.consul.internal.configentry.Condition.Resource:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	114, // 94: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
+	118, // 94: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
 	6,   // 95: hashicorp.consul.internal.configentry.APIGatewayListener.Protocol:type_name -> hashicorp.consul.internal.configentry.APIGatewayListenerProtocol
 	60,  // 96: hashicorp.consul.internal.configentry.APIGatewayListener.TLS:type_name -> hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
 	61,  // 97: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	111, // 98: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	103, // 99: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	115, // 98: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	107, // 99: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
 	63,  // 100: hashicorp.consul.internal.configentry.BoundAPIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.BoundAPIGatewayListener
 	61,  // 101: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
 	61,  // 102: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Routes:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	104, // 103: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	105, // 104: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	108, // 103: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	109, // 104: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
 	61,  // 105: hashicorp.consul.internal.configentry.HTTPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
 	66,  // 106: hashicorp.consul.internal.configentry.HTTPRoute.Rules:type_name -> hashicorp.consul.internal.configentry.HTTPRouteRule
 	57,  // 107: hashicorp.consul.internal.configentry.HTTPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
@@ -8382,40 +8712,45 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	10,  // 117: hashicorp.consul.internal.configentry.HTTPQueryMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatchType
 	73,  // 118: hashicorp.consul.internal.configentry.HTTPFilters.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter
 	72,  // 119: hashicorp.consul.internal.configentry.HTTPFilters.URLRewrite:type_name -> hashicorp.consul.internal.configentry.URLRewrite
-	106, // 120: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	107, // 121: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	110, // 120: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	111, // 121: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
 	71,  // 122: hashicorp.consul.internal.configentry.HTTPService.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
-	111, // 123: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	108, // 124: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	115, // 123: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	112, // 124: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
 	61,  // 125: hashicorp.consul.internal.configentry.TCPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
 	76,  // 126: hashicorp.consul.internal.configentry.TCPRoute.Services:type_name -> hashicorp.consul.internal.configentry.TCPService
 	57,  // 127: hashicorp.consul.internal.configentry.TCPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
-	111, // 128: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	115, // 128: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	78,  // 129: hashicorp.consul.internal.configentry.SamenessGroup.Members:type_name -> hashicorp.consul.internal.configentry.SamenessGroupMember
-	109, // 130: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	111, // 131: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	113, // 130: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	115, // 131: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	80,  // 132: hashicorp.consul.internal.configentry.JWTProvider.JSONWebKeySet:type_name -> hashicorp.consul.internal.configentry.JSONWebKeySet
-	85,  // 133: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
-	89,  // 134: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
-	90,  // 135: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
-	110, // 136: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	89,  // 133: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
+	93,  // 134: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
+	94,  // 135: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
+	114, // 136: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
 	81,  // 137: hashicorp.consul.internal.configentry.JSONWebKeySet.Local:type_name -> hashicorp.consul.internal.configentry.LocalJWKS
 	82,  // 138: hashicorp.consul.internal.configentry.JSONWebKeySet.Remote:type_name -> hashicorp.consul.internal.configentry.RemoteJWKS
-	113, // 139: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
-	83,  // 140: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	84,  // 141: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	113, // 142: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
-	113, // 143: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
-	86,  // 144: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
-	87,  // 145: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	88,  // 146: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
-	19,  // 147: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
-	21,  // 148: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
-	149, // [149:149] is the sub-list for method output_type
-	149, // [149:149] is the sub-list for method input_type
-	149, // [149:149] is the sub-list for extension type_name
-	149, // [149:149] is the sub-list for extension extendee
-	0,   // [0:149] is the sub-list for field type_name
+	117, // 139: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
+	87,  // 140: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	83,  // 141: hashicorp.consul.internal.configentry.RemoteJWKS.JWKSCluster:type_name -> hashicorp.consul.internal.configentry.JWKSCluster
+	84,  // 142: hashicorp.consul.internal.configentry.JWKSCluster.TLSCertificates:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	117, // 143: hashicorp.consul.internal.configentry.JWKSCluster.ConnectTimeout:type_name -> google.protobuf.Duration
+	85,  // 144: hashicorp.consul.internal.configentry.JWKSTLSCertificate.CaCertificateProviderInstance:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	86,  // 145: hashicorp.consul.internal.configentry.JWKSTLSCertificate.TrustedCA:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	88,  // 146: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	117, // 147: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
+	117, // 148: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
+	90,  // 149: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
+	91,  // 150: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	92,  // 151: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
+	19,  // 152: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
+	21,  // 153: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
+	154, // [154:154] is the sub-list for method output_type
+	154, // [154:154] is the sub-list for method input_type
+	154, // [154:154] is the sub-list for extension type_name
+	154, // [154:154] is the sub-list for extension extendee
+	0,   // [0:154] is the sub-list for field type_name
 }
 
 func init() { file_private_pbconfigentry_config_entry_proto_init() }
@@ -9289,7 +9624,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[72].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSRetryPolicy); i {
+			switch v := v.(*JWKSCluster); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9301,7 +9636,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[73].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RetryPolicyBackOff); i {
+			switch v := v.(*JWKSTLSCertificate); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9313,7 +9648,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[74].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocation); i {
+			switch v := v.(*JWKSTLSCertProviderInstance); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9325,7 +9660,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[75].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationHeader); i {
+			switch v := v.(*JWKSTLSCertTrustedCA); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9337,7 +9672,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[76].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationQueryParam); i {
+			switch v := v.(*JWKSRetryPolicy); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9349,7 +9684,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[77].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationCookie); i {
+			switch v := v.(*RetryPolicyBackOff); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9361,7 +9696,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[78].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTForwardingConfig); i {
+			switch v := v.(*JWTLocation); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9373,6 +9708,54 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[79].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTLocationHeader); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[80].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTLocationQueryParam); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[81].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTLocationCookie); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[82].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTForwardingConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[83].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTCacheConfig); i {
 			case 0:
 				return &v.state
@@ -9405,7 +9788,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_private_pbconfigentry_config_entry_proto_rawDesc,
 			NumEnums:      11,
-			NumMessages:   100,
+			NumMessages:   104,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto/private/pbconfigentry/config_entry.proto b/proto/private/pbconfigentry/config_entry.proto
index 856e49eab5d5..5c675ec16c0c 100644
--- a/proto/private/pbconfigentry/config_entry.proto
+++ b/proto/private/pbconfigentry/config_entry.proto
@@ -1021,6 +1021,51 @@ message RemoteJWKS {
   google.protobuf.Duration CacheDuration = 3;
   bool FetchAsynchronously = 4;
   JWKSRetryPolicy RetryPolicy = 5;
+  JWKSCluster JWKSCluster = 6;
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.JWKSCluster
+// output=config_entry.gen.go
+// name=Structs
+message JWKSCluster {
+  string DiscoveryType = 1;
+  JWKSTLSCertificate TLSCertificates = 2;
+  // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
+  google.protobuf.Duration ConnectTimeout = 3;
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.JWKSTLSCertificate
+// output=config_entry.gen.go
+// name=Structs
+message JWKSTLSCertificate {
+  JWKSTLSCertProviderInstance CaCertificateProviderInstance = 1;
+  JWKSTLSCertTrustedCA TrustedCA = 2;
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.JWKSTLSCertProviderInstance
+// output=config_entry.gen.go
+// name=Structs
+message JWKSTLSCertProviderInstance {
+  string InstanceName = 1;
+  string CertificateName = 2;
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.JWKSTLSCertTrustedCA
+// output=config_entry.gen.go
+// name=Structs
+message JWKSTLSCertTrustedCA {
+  string Filename = 1;
+  string EnvironmentVariable = 2;
+  string InlineString = 3;
+  bytes InlineBytes = 4;
 }
 
 // mog annotation:

From 4f0bdd35e61c2af2a1478d358fae74930af89f24 Mon Sep 17 00:00:00 2001
From: Chris Thain <32781396+cthain@users.noreply.github.com>
Date: Tue, 4 Jul 2023 08:09:17 -0700
Subject: [PATCH 131/359] Integration test for ext-authz Envoy extension
 (#17980)

---
 .../consul-container/libs/cluster/agent.go    |   9 +-
 .../test/envoy_extensions/ext_authz_test.go   | 170 ++++++++++++++++++
 .../testdata/policies/policy.rego             |  12 ++
 3 files changed, 185 insertions(+), 6 deletions(-)
 create mode 100644 test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
 create mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/policies/policy.rego

diff --git a/test/integration/consul-container/libs/cluster/agent.go b/test/integration/consul-container/libs/cluster/agent.go
index c6e4a2a002ea..2de346406d9e 100644
--- a/test/integration/consul-container/libs/cluster/agent.go
+++ b/test/integration/consul-container/libs/cluster/agent.go
@@ -46,11 +46,11 @@ type Agent interface {
 type Config struct {
 	// NodeName is set for the consul agent name and container name
 	// Equivalent to the -node command-line flag.
-	// If empty, a randam name will be generated
+	// If empty, a random name will be generated
 	NodeName string
 	// NodeID is used to configure node_id in agent config file
 	// Equivalent to the -node-id command-line flag.
-	// If empty, a randam name will be generated
+	// If empty, a random name will be generated
 	NodeID string
 
 	// ExternalDataDir is data directory to copy consul data from, if set.
@@ -83,10 +83,7 @@ func (c *Config) DockerImage() string {
 func (c Config) Clone() Config {
 	c2 := c
 	if c.Cmd != nil {
-		c2.Cmd = make([]string, len(c.Cmd))
-		for i, v := range c.Cmd {
-			c2.Cmd[i] = v
-		}
+		copy(c2.Cmd, c.Cmd)
 	}
 	return c2
 }
diff --git a/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go b/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
new file mode 100644
index 000000000000..938981c60f51
--- /dev/null
+++ b/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
@@ -0,0 +1,170 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package envoyextensions
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+	"github.com/testcontainers/testcontainers-go"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
+	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
+	libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service"
+	"github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
+	"github.com/hashicorp/go-cleanhttp"
+)
+
+// TestExtAuthzLocal Summary
+// This test makes sure two services in the same datacenter have connectivity.
+// A simulated client (a direct HTTP call) talks to it's upstream proxy through the mesh.
+// The upstream (static-server) is configured with a `builtin/ext-authz` extension that
+// calls an OPA external authorization service to authorize incoming HTTP requests.
+// The external authorization service is deployed as a container on the local network.
+//
+// Steps:
+// - Create a single agent cluster.
+// - Create the example static-server and sidecar containers, then register them both with Consul
+// - Create an example static-client sidecar, then register both the service and sidecar with Consul
+// - Create an OPA external authorization container on the local network, this doesn't need to be registered with Consul.
+// - Configure the static-server service with a `builtin/ext-authz` EnvoyExtension targeting the OPA ext-authz service.
+// - Make sure a call to the client sidecar local bind port returns the expected response from the upstream static-server:
+//   - A call to `/allow` returns 200 OK.
+//   - A call to any other endpoint returns 403 Forbidden.
+func TestExtAuthzLocal(t *testing.T) {
+	t.Parallel()
+
+	cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{
+		NumServers:                1,
+		NumClients:                1,
+		ApplyDefaultProxySettings: true,
+		BuildOpts: &libcluster.BuildOptions{
+			Datacenter:             "dc1",
+			InjectAutoEncryption:   true,
+			InjectGossipEncryption: true,
+		},
+	})
+
+	createLocalAuthzService(t, cluster)
+
+	clientService := createServices(t, cluster)
+	_, port := clientService.GetAddr()
+	_, adminPort := clientService.GetAdminAddr()
+
+	libassert.AssertUpstreamEndpointStatus(t, adminPort, "static-server.default", "HEALTHY", 1)
+	libassert.GetEnvoyListenerTCPFilters(t, adminPort)
+
+	libassert.AssertContainerState(t, clientService, "running")
+	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", port), "static-server", "")
+
+	// Wire up the ext-authz envoy extension for the static-server
+	consul := cluster.APIClient(0)
+	defaults := api.ServiceConfigEntry{
+		Kind:     api.ServiceDefaults,
+		Name:     "static-server",
+		Protocol: "http",
+		EnvoyExtensions: []api.EnvoyExtension{{
+			Name: "builtin/ext-authz",
+			Arguments: map[string]any{
+				"Config": map[string]any{
+					"GrpcService": map[string]any{
+						"Target": map[string]any{"URI": "127.0.0.1:9191"},
+					},
+				},
+			},
+		}},
+	}
+	consul.ConfigEntries().Set(&defaults, nil)
+
+	// Make requests to the static-server. We expect that all requests are rejected with 403 Forbidden
+	// unless they are to the /allow path.
+	baseURL := fmt.Sprintf("http://localhost:%d", port)
+	doRequest(t, baseURL, http.StatusForbidden)
+	doRequest(t, baseURL+"/allow", http.StatusOK)
+}
+
+func createServices(t *testing.T, cluster *libcluster.Cluster) libservice.Service {
+	node := cluster.Agents[0]
+	client := node.GetClient()
+	// Create a service and proxy instance
+	serviceOpts := &libservice.ServiceOpts{
+		Name:     libservice.StaticServerServiceName,
+		ID:       "static-server",
+		HTTPPort: 8080,
+		GRPCPort: 8079,
+	}
+
+	// Create a service and proxy instance
+	_, _, err := libservice.CreateAndRegisterStaticServerAndSidecar(node, serviceOpts)
+	require.NoError(t, err)
+
+	libassert.CatalogServiceExists(t, client, "static-server-sidecar-proxy", nil)
+	libassert.CatalogServiceExists(t, client, libservice.StaticServerServiceName, nil)
+
+	// Create a client proxy instance with the server as an upstream
+	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false)
+	require.NoError(t, err)
+
+	libassert.CatalogServiceExists(t, client, "static-client-sidecar-proxy", nil)
+
+	return clientConnectProxy
+}
+
+func createLocalAuthzService(t *testing.T, cluster *libcluster.Cluster) {
+	node := cluster.Agents[0]
+
+	cwd, err := os.Getwd()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	req := testcontainers.ContainerRequest{
+		Image:      "openpolicyagent/opa:0.53.0-envoy-3",
+		AutoRemove: true,
+		Name:       "ext-authz",
+		Env:        make(map[string]string),
+		Cmd: []string{
+			"run",
+			"--server",
+			"--addr=localhost:8181",
+			"--diagnostic-addr=0.0.0.0:8282",
+			"--set=plugins.envoy_ext_authz_grpc.addr=:9191",
+			"--set=plugins.envoy_ext_authz_grpc.path=envoy/authz/allow",
+			"--set=decision_logs.console=true",
+			"--set=status.console=true",
+			"--ignore=.*",
+			"/testdata/policies/policy.rego",
+		},
+		Mounts: []testcontainers.ContainerMount{{
+			Source: testcontainers.DockerBindMountSource{
+				HostPath: fmt.Sprintf("%s/testdata", cwd),
+			},
+			Target:   "/testdata",
+			ReadOnly: true,
+		}},
+	}
+
+	ctx := context.Background()
+
+	exposedPorts := []string{}
+	_, err = libcluster.LaunchContainerOnNode(ctx, node, req, exposedPorts)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func doRequest(t *testing.T, url string, expStatus int) {
+	retry.RunWith(&retry.Timer{Timeout: 5 * time.Second, Wait: time.Second}, t, func(r *retry.R) {
+		resp, err := cleanhttp.DefaultClient().Get(url)
+		require.NoError(r, err)
+		require.Equal(r, expStatus, resp.StatusCode)
+	})
+}
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/policies/policy.rego b/test/integration/consul-container/test/envoy_extensions/testdata/policies/policy.rego
new file mode 100644
index 000000000000..2e5ead6cd29a
--- /dev/null
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/policies/policy.rego
@@ -0,0 +1,12 @@
+package envoy.authz
+
+import future.keywords
+
+import input.attributes.request.http as http_request
+
+default allow := false
+
+allow if {
+	http_request.method == "GET"
+	glob.match("/allow", ["/"], http_request.path)
+}

From 0094dbf312001ae3c7650964aa5fa0eb9976f8eb Mon Sep 17 00:00:00 2001
From: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Date: Wed, 5 Jul 2023 09:32:10 -0500
Subject: [PATCH 132/359] Fix incorrect protocol for transparent proxy
 upstreams. (#17894)

This PR fixes a bug that was introduced in:
https://github.com/hashicorp/consul/pull/16021

A user setting a protocol in proxy-defaults would cause tproxy implicit
upstreams to not honor the upstream service's protocol set in its
`ServiceDefaults.Protocol` field, and would instead always use the
proxy-defaults value.

Due to the fact that upstreams configured with "tcp" can successfully contact
upstream "http" services, this issue was not recognized until recently (a
proxy-defaults with "tcp" and a listening service with "http" would make
successful requests, but not the opposite).

As a temporary work-around, users experiencing this issue can explicitly set
the protocol on the `ServiceDefaults.UpstreamConfig.Overrides`, which should
take precedence.

The fix in this PR removes the proxy-defaults protocol from the wildcard
upstream that tproxy uses to configure implicit upstreams. When the protocol
was included, it would always overwrite the value during discovery chain
compilation, which was not correct. The discovery chain compiler also consumes
proxy defaults to determine the protocol, so simply excluding it from the
wildcard upstream config map resolves the issue.
---
 .changelog/17894.txt                 |  3 +++
 agent/configentry/resolve.go         | 30 ++++++++++++++++++++--
 agent/consul/config_endpoint_test.go | 37 ----------------------------
 3 files changed, 31 insertions(+), 39 deletions(-)
 create mode 100644 .changelog/17894.txt

diff --git a/.changelog/17894.txt b/.changelog/17894.txt
new file mode 100644
index 000000000000..5749f995f71a
--- /dev/null
+++ b/.changelog/17894.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect: Fix incorrect protocol config merging for transparent proxy implicit upstreams.
+```
diff --git a/agent/configentry/resolve.go b/agent/configentry/resolve.go
index de6165d5cc44..882f1d16b548 100644
--- a/agent/configentry/resolve.go
+++ b/agent/configentry/resolve.go
@@ -36,6 +36,7 @@ func ComputeResolvedServiceConfig(
 	// blocking query, this function will be rerun and these state store lookups will both be current.
 	// We use the default enterprise meta to look up the global proxy defaults because they are not namespaced.
 
+	var proxyConfGlobalProtocol string
 	proxyConf := entries.GetProxyDefaults(args.PartitionOrDefault())
 	if proxyConf != nil {
 		// Apply the proxy defaults to the sidecar's proxy config
@@ -63,9 +64,30 @@ func ComputeResolvedServiceConfig(
 		if !proxyConf.MeshGateway.IsZero() {
 			wildcardUpstreamDefaults["mesh_gateway"] = proxyConf.MeshGateway
 		}
-		if protocol, ok := thisReply.ProxyConfig["protocol"]; ok {
-			wildcardUpstreamDefaults["protocol"] = protocol
+
+		// We explicitly DO NOT merge the protocol from proxy-defaults into the wildcard upstream here.
+		// TProxy will try to use the data from the `wildcardUpstreamDefaults` as a source of truth, which is
+		// normally correct to inherit from proxy-defaults. However, it is NOT correct for protocol.
+		//
+		// This edge-case is different for `protocol` from other fields, since the protocol can be
+		// set on both the local `ServiceDefaults.UpstreamOverrides` and upstream `ServiceDefaults.Protocol`.
+		// This means that when proxy-defaults is set, it would always be treated as an explicit override,
+		// and take precedence over the protocol that is set on the discovery chain (which comes from the
+		// service's preference in its service-defaults), which is wrong.
+		//
+		// When the upstream is not explicitly defined, we should only get the protocol from one of these locations:
+		//   1. For tproxy non-peering services, it can be fetched via the discovery chain.
+		//      The chain compiler merges the proxy-defaults protocol with the upstream's preferred service-defaults protocol.
+		//   2. For tproxy non-peering services with default upstream overrides, it will come from the wildcard upstream overrides.
+		//   3. For tproxy non-peering services with specific upstream overrides, it will come from the specific upstream override defined.
+		//   4. For tproxy peering services, they do not honor the proxy-defaults, since they reside in a different cluster.
+		//      The data will come from a separate peerMeta field.
+		// In all of these cases, it is not necessary for the proxy-defaults to exist in the wildcard upstream.
+		parsed, err := structs.ParseUpstreamConfigNoDefaults(mapCopy.(map[string]interface{}))
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse upstream config map for proxy-defaults: %v", err)
 		}
+		proxyConfGlobalProtocol = parsed.Protocol
 	}
 
 	serviceConf := entries.GetServiceDefaults(
@@ -210,6 +232,10 @@ func ComputeResolvedServiceConfig(
 		// 2. Protocol for upstream service defined in its service-defaults (how the upstream wants to be addressed)
 		// 3. Protocol defined for the upstream in the service-defaults.(upstream_config.defaults|upstream_config.overrides) of the downstream
 		// 	  (how the downstream wants to address it)
+		if proxyConfGlobalProtocol != "" {
+			resolvedCfg["protocol"] = proxyConfGlobalProtocol
+		}
+
 		if err := mergo.MergeWithOverwrite(&resolvedCfg, wildcardUpstreamDefaults); err != nil {
 			return nil, fmt.Errorf("failed to merge wildcard defaults into upstream: %v", err)
 		}
diff --git a/agent/consul/config_endpoint_test.go b/agent/consul/config_endpoint_test.go
index ad6dac744cfc..7dc7632fade7 100644
--- a/agent/consul/config_endpoint_test.go
+++ b/agent/consul/config_endpoint_test.go
@@ -1444,16 +1444,6 @@ func TestConfigEntry_ResolveServiceConfig_Upstreams(t *testing.T) {
 					"protocol": "grpc",
 				},
 				UpstreamConfigs: structs.OpaqueUpstreamConfigs{
-					{
-						Upstream: structs.PeeredServiceName{
-							ServiceName: structs.NewServiceName(
-								structs.WildcardSpecifier,
-								acl.DefaultEnterpriseMeta().WithWildcardNamespace()),
-						},
-						Config: map[string]interface{}{
-							"protocol": "grpc",
-						},
-					},
 					{
 						Upstream: cache,
 						Config: map[string]interface{}{
@@ -1510,12 +1500,6 @@ func TestConfigEntry_ResolveServiceConfig_Upstreams(t *testing.T) {
 					"protocol": "grpc",
 				},
 				UpstreamConfigs: structs.OpaqueUpstreamConfigs{
-					{
-						Upstream: wildcard,
-						Config: map[string]interface{}{
-							"protocol": "grpc",
-						},
-					},
 					{
 						Upstream: cache,
 						Config: map[string]interface{}{
@@ -2267,17 +2251,6 @@ func TestConfigEntry_ResolveServiceConfig_UpstreamProxyDefaultsProtocol(t *testi
 	require.NoError(t, msgpackrpc.CallWithCodec(codec, "ConfigEntry.ResolveServiceConfig", &args, &out))
 
 	expected := structs.OpaqueUpstreamConfigs{
-		{
-			Upstream: structs.PeeredServiceName{
-				ServiceName: structs.NewServiceName(
-					structs.WildcardSpecifier,
-					acl.DefaultEnterpriseMeta().WithWildcardNamespace(),
-				),
-			},
-			Config: map[string]interface{}{
-				"protocol": "http",
-			},
-		},
 		{
 			Upstream: id("bar"),
 			Config: map[string]interface{}{
@@ -2346,16 +2319,6 @@ func TestConfigEntry_ResolveServiceConfig_ProxyDefaultsProtocol_UsedForAllUpstre
 			"protocol": "http",
 		},
 		UpstreamConfigs: structs.OpaqueUpstreamConfigs{
-			{
-				Upstream: structs.PeeredServiceName{
-					ServiceName: structs.NewServiceName(
-						structs.WildcardSpecifier,
-						acl.DefaultEnterpriseMeta().WithWildcardNamespace()),
-				},
-				Config: map[string]interface{}{
-					"protocol": "http",
-				},
-			},
 			{
 				Upstream: psn,
 				Config: map[string]interface{}{

From 8af4ad178c4562ee824685173f8929711ed52573 Mon Sep 17 00:00:00 2001
From: Poonam Jadhav <poonam.jadhav@hashicorp.com>
Date: Wed, 5 Jul 2023 11:23:29 -0400
Subject: [PATCH 133/359] feat: include nodes count in operator usage endpoint
 and cli command (#17939)

* feat: update operator usage api endpoint to include nodes count

* feat: update operator usange cli command to includes nodes count
---
 .changelog/17939.txt                          |  4 ++
 agent/consul/state/usage.go                   |  6 +++
 agent/operator_endpoint_oss_test.go           |  1 +
 agent/structs/structs.go                      |  1 +
 api/operator_usage.go                         |  1 +
 .../usage/instances/usage_instances.go        | 36 +++++++++++++
 .../instances/usage_instances_oss_test.go     | 51 +++++++++++++++++++
 website/content/api-docs/operator/usage.mdx   |  3 +-
 website/content/commands/operator/usage.mdx   | 13 +++++
 9 files changed, 115 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/17939.txt

diff --git a/.changelog/17939.txt b/.changelog/17939.txt
new file mode 100644
index 000000000000..069ac53ee7be
--- /dev/null
+++ b/.changelog/17939.txt
@@ -0,0 +1,4 @@
+```release-note:improvement
+http: GET API `operator/usage` endpoint now returns node count
+cli: `consul operator usage` command now returns node count
+```
\ No newline at end of file
diff --git a/agent/consul/state/usage.go b/agent/consul/state/usage.go
index b3794105508a..0893d25288b6 100644
--- a/agent/consul/state/usage.go
+++ b/agent/consul/state/usage.go
@@ -424,6 +424,11 @@ func (s *Store) ServiceUsage(ws memdb.WatchSet) (uint64, structs.ServiceUsage, e
 		return 0, structs.ServiceUsage{}, fmt.Errorf("failed services lookup: %s", err)
 	}
 
+	nodes, err := firstUsageEntry(ws, tx, tableNodes)
+	if err != nil {
+		return 0, structs.ServiceUsage{}, fmt.Errorf("failed nodes lookup: %s", err)
+	}
+
 	serviceKindInstances := make(map[string]int)
 	for _, kind := range allConnectKind {
 		usage, err := firstUsageEntry(ws, tx, connectUsageTableName(kind))
@@ -443,6 +448,7 @@ func (s *Store) ServiceUsage(ws memdb.WatchSet) (uint64, structs.ServiceUsage, e
 		Services:                 services.Count,
 		ConnectServiceInstances:  serviceKindInstances,
 		BillableServiceInstances: billableServiceInstances.Count,
+		Nodes:                    nodes.Count,
 	}
 	results, err := compileEnterpriseServiceUsage(ws, tx, usage)
 	if err != nil {
diff --git a/agent/operator_endpoint_oss_test.go b/agent/operator_endpoint_oss_test.go
index 90f0e7d0cd14..f4de46f9050c 100644
--- a/agent/operator_endpoint_oss_test.go
+++ b/agent/operator_endpoint_oss_test.go
@@ -65,6 +65,7 @@ func TestOperator_Usage(t *testing.T) {
 			},
 			// 4 = 6 total service instances - 1 connect proxy - 1 consul service
 			BillableServiceInstances: 4,
+			Nodes:                    2,
 		},
 	}
 	require.Equal(t, expected, raw.(structs.Usage).Usage)
diff --git a/agent/structs/structs.go b/agent/structs/structs.go
index c1f6d07606eb..59385fa5ba44 100644
--- a/agent/structs/structs.go
+++ b/agent/structs/structs.go
@@ -2324,6 +2324,7 @@ type ServiceUsage struct {
 	ServiceInstances         int
 	ConnectServiceInstances  map[string]int
 	BillableServiceInstances int
+	Nodes                    int
 	EnterpriseServiceUsage
 }
 
diff --git a/api/operator_usage.go b/api/operator_usage.go
index e47d4b53e037..8977449ddd36 100644
--- a/api/operator_usage.go
+++ b/api/operator_usage.go
@@ -10,6 +10,7 @@ type Usage struct {
 
 // ServiceUsage contains information about the number of services and service instances for a datacenter.
 type ServiceUsage struct {
+	Nodes                   int
 	Services                int
 	ServiceInstances        int
 	ConnectServiceInstances map[string]int
diff --git a/command/operator/usage/instances/usage_instances.go b/command/operator/usage/instances/usage_instances.go
index 5e8dba201ce8..1ac90dce8d36 100644
--- a/command/operator/usage/instances/usage_instances.go
+++ b/command/operator/usage/instances/usage_instances.go
@@ -99,6 +99,14 @@ func (c *cmd) Run(args []string) int {
 			return 1
 		}
 		c.UI.Output(billableOutput + "\n")
+
+		c.UI.Output("\nNodes")
+		nodesOutput, err := formatNodesCounts(usage.Usage)
+		if err != nil {
+			c.UI.Error(err.Error())
+			return 1
+		}
+		c.UI.Output(nodesOutput + "\n\n")
 	}
 
 	// Output Connect service counts
@@ -115,6 +123,34 @@ func (c *cmd) Run(args []string) int {
 	return 0
 }
 
+func formatNodesCounts(usageStats map[string]api.ServiceUsage) (string, error) {
+	var output bytes.Buffer
+	tw := tabwriter.NewWriter(&output, 0, 2, 6, ' ', 0)
+
+	nodesTotal := 0
+
+	fmt.Fprintf(tw, "Datacenter\t")
+
+	fmt.Fprintf(tw, "Count\t")
+
+	fmt.Fprint(tw, "\t\n")
+
+	for dc, usage := range usageStats {
+		nodesTotal += usage.Nodes
+		fmt.Fprintf(tw, "%s\t%d\n", dc, usage.Nodes)
+	}
+
+	fmt.Fprint(tw, "\t\n")
+	fmt.Fprintf(tw, "Total")
+
+	fmt.Fprintf(tw, "\t%d", nodesTotal)
+
+	if err := tw.Flush(); err != nil {
+		return "", fmt.Errorf("Error flushing tabwriter: %s", err)
+	}
+	return strings.TrimSpace(output.String()), nil
+}
+
 func formatServiceCounts(usageStats map[string]api.ServiceUsage, billable, showDatacenter bool) (string, error) {
 	var output bytes.Buffer
 	tw := tabwriter.NewWriter(&output, 0, 2, 6, ' ', 0)
diff --git a/command/operator/usage/instances/usage_instances_oss_test.go b/command/operator/usage/instances/usage_instances_oss_test.go
index 4f0686c47952..478b9f42118b 100644
--- a/command/operator/usage/instances/usage_instances_oss_test.go
+++ b/command/operator/usage/instances/usage_instances_oss_test.go
@@ -117,3 +117,54 @@ Total                                    45`,
 		})
 	}
 }
+
+func TestUsageInstances_formatNodesCounts(t *testing.T) {
+	usageBasic := map[string]api.ServiceUsage{
+		"dc1": {
+			Nodes: 10,
+		},
+	}
+
+	usageMultiDC := map[string]api.ServiceUsage{
+		"dc1": {
+			Nodes: 10,
+		},
+		"dc2": {
+			Nodes: 11,
+		},
+	}
+
+	cases := []struct {
+		name          string
+		usageStats    map[string]api.ServiceUsage
+		expectedNodes string
+	}{
+		{
+			name:       "basic",
+			usageStats: usageBasic,
+			expectedNodes: `
+Datacenter      Count            
+dc1             10
+                
+Total           10`,
+		},
+		{
+			name:       "multi-datacenter",
+			usageStats: usageMultiDC,
+			expectedNodes: `
+Datacenter      Count            
+dc1             10
+dc2             11
+                
+Total           21`,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			nodesOutput, err := formatNodesCounts(tc.usageStats)
+			require.NoError(t, err)
+			require.Equal(t, strings.TrimSpace(tc.expectedNodes), nodesOutput)
+		})
+	}
+}
diff --git a/website/content/api-docs/operator/usage.mdx b/website/content/api-docs/operator/usage.mdx
index b1dc75c39e08..093ccf7362cc 100644
--- a/website/content/api-docs/operator/usage.mdx
+++ b/website/content/api-docs/operator/usage.mdx
@@ -64,7 +64,8 @@ $ curl \
         "mesh-gateway": 0,
         "terminating-gateway": 0
       },
-      "BillableServiceInstances": 0
+      "BillableServiceInstances": 0,
+      "Nodes": 1
     }
   },
   "Index": 13,
diff --git a/website/content/commands/operator/usage.mdx b/website/content/commands/operator/usage.mdx
index 56d364862690..83ae028f6c95 100644
--- a/website/content/commands/operator/usage.mdx
+++ b/website/content/commands/operator/usage.mdx
@@ -50,6 +50,12 @@ Billable Services
 Services      Service instances
 2             3
 
+Nodes
+Datacenter      Count            
+dc1             1
+                
+Total           1
+
 Connect Services
 Type                     Service instances
 connect-native           0
@@ -74,6 +80,13 @@ dc2             1             1
 
 Total           3             4
 
+Nodes
+Datacenter      Count            
+dc1             1
+dc2             2
+                
+Total           3
+
 Connect Services
 Datacenter      Type                     Service instances
 dc1             connect-native           0

From b94095d92e3257a8b22a4a6610fd8c4c29d437f7 Mon Sep 17 00:00:00 2001
From: Dan Stough <dan.stough@hashicorp.com>
Date: Wed, 5 Jul 2023 11:30:48 -0400
Subject: [PATCH 134/359] [OSS] Improve Gateway Test Coverage of Catalog Health
 (#18011)

* fix(cli): remove failing check from 'connect envoy' registration for api gateway

* test(integration): add tests to check catalog statsus of gateways on startup

* remove extra sleep comment

* Update test/integration/consul-container/libs/assert/service.go

* changelog
---
 .changelog/18011.txt                          |   4 +
 command/connect/envoy/envoy.go                |  19 ++-
 .../consul-container/libs/assert/service.go   |  61 +++++++--
 .../libs/topology/peering_topology.go         |  10 +-
 .../test/basic/connect_service_test.go        |  32 +----
 .../test/gateways/gateway_endpoint_test.go    |  30 ++--
 .../test/gateways/http_route_test.go          |   6 +-
 .../test/gateways/ingress_gateway_test.go     | 129 ++++++++++++++++++
 8 files changed, 226 insertions(+), 65 deletions(-)
 create mode 100644 .changelog/18011.txt
 create mode 100644 test/integration/consul-container/test/gateways/ingress_gateway_test.go

diff --git a/.changelog/18011.txt b/.changelog/18011.txt
new file mode 100644
index 000000000000..d6c989f00e9f
--- /dev/null
+++ b/.changelog/18011.txt
@@ -0,0 +1,4 @@
+```release-note:bug
+connect: Removes the default health check from the `consul connect envoy` command when starting an API Gateway.
+This health check would always fail.
+```
diff --git a/command/connect/envoy/envoy.go b/command/connect/envoy/envoy.go
index 4c1ff6b80a19..a6212ae4ca42 100644
--- a/command/connect/envoy/envoy.go
+++ b/command/connect/envoy/envoy.go
@@ -440,6 +440,18 @@ func (c *cmd) run(args []string) int {
 			meta = map[string]string{structs.MetaWANFederationKey: "1"}
 		}
 
+		// API gateways do not have a default listener or ready endpoint,
+		// so adding any check to the registration will fail
+		var check *api.AgentServiceCheck
+		if c.gatewayKind != api.ServiceKindAPIGateway {
+			check = &api.AgentServiceCheck{
+				Name:                           fmt.Sprintf("%s listening", c.gatewayKind),
+				TCP:                            ipaddr.FormatAddressPort(tcpCheckAddr, lanAddr.Port),
+				Interval:                       "10s",
+				DeregisterCriticalServiceAfter: c.deregAfterCritical,
+			}
+		}
+
 		svc := api.AgentServiceRegistration{
 			Kind:            c.gatewayKind,
 			Name:            c.gatewaySvcName,
@@ -449,12 +461,7 @@ func (c *cmd) run(args []string) int {
 			Meta:            meta,
 			TaggedAddresses: taggedAddrs,
 			Proxy:           proxyConf,
-			Check: &api.AgentServiceCheck{
-				Name:                           fmt.Sprintf("%s listening", c.gatewayKind),
-				TCP:                            ipaddr.FormatAddressPort(tcpCheckAddr, lanAddr.Port),
-				Interval:                       "10s",
-				DeregisterCriticalServiceAfter: c.deregAfterCritical,
-			},
+			Check:           check,
 		}
 
 		if err := c.client.Agent().ServiceRegister(&svc); err != nil {
diff --git a/test/integration/consul-container/libs/assert/service.go b/test/integration/consul-container/libs/assert/service.go
index f8ff1d0ba9bb..370fbc857db8 100644
--- a/test/integration/consul-container/libs/assert/service.go
+++ b/test/integration/consul-container/libs/assert/service.go
@@ -13,12 +13,11 @@ import (
 	"time"
 
 	"github.com/hashicorp/go-cleanhttp"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
-	"github.com/stretchr/testify/assert"
-
 	libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service"
 )
 
@@ -54,7 +53,7 @@ func CatalogServiceHasInstanceCount(t *testing.T, c *api.Client, svc string, cou
 	})
 }
 
-// CatalogServiceExists verifies the node name exists in the Consul catalog
+// CatalogNodeExists verifies the node name exists in the Consul catalog
 func CatalogNodeExists(t *testing.T, c *api.Client, nodeName string) {
 	retry.Run(t, func(r *retry.R) {
 		node, _, err := c.Catalog().Node(nodeName, nil)
@@ -67,26 +66,55 @@ func CatalogNodeExists(t *testing.T, c *api.Client, nodeName string) {
 	})
 }
 
+// CatalogServiceIsHealthy verifies the service name exists and all instances pass healthchecks
+func CatalogServiceIsHealthy(t *testing.T, c *api.Client, svc string, opts *api.QueryOptions) {
+	CatalogServiceExists(t, c, svc, opts)
+
+	retry.Run(t, func(r *retry.R) {
+		services, _, err := c.Health().Service(svc, "", false, opts)
+		if err != nil {
+			r.Fatal("error reading service health data")
+		}
+		if len(services) == 0 {
+			r.Fatal("did not find catalog entry for ", svc)
+		}
+
+		for _, svc := range services {
+			for _, check := range svc.Checks {
+				if check.Status != api.HealthPassing {
+					r.Fatal("at least one check is not PASSING for service", svc.Service.Service)
+				}
+			}
+		}
+
+	})
+}
+
 func HTTPServiceEchoes(t *testing.T, ip string, port int, path string) {
-	doHTTPServiceEchoes(t, ip, port, path, nil)
+	doHTTPServiceEchoes(t, ip, port, path, nil, nil)
 }
+
+func HTTPServiceEchoesWithHeaders(t *testing.T, ip string, port int, path string, headers map[string]string) {
+	doHTTPServiceEchoes(t, ip, port, path, headers, nil)
+}
+
 func HTTPServiceEchoesWithClient(t *testing.T, client *http.Client, addr string, path string) {
-	doHTTPServiceEchoesWithClient(t, client, addr, path, nil)
+	doHTTPServiceEchoesWithClient(t, client, addr, path, nil, nil)
 }
 
 func HTTPServiceEchoesResHeader(t *testing.T, ip string, port int, path string, expectedResHeader map[string]string) {
-	doHTTPServiceEchoes(t, ip, port, path, expectedResHeader)
+	doHTTPServiceEchoes(t, ip, port, path, nil, expectedResHeader)
 }
 func HTTPServiceEchoesResHeaderWithClient(t *testing.T, client *http.Client, addr string, path string, expectedResHeader map[string]string) {
-	doHTTPServiceEchoesWithClient(t, client, addr, path, expectedResHeader)
+	doHTTPServiceEchoesWithClient(t, client, addr, path, nil, expectedResHeader)
 }
 
 // HTTPServiceEchoes verifies that a post to the given ip/port combination returns the data
 // in the response body. Optional path can be provided to differentiate requests.
-func doHTTPServiceEchoes(t *testing.T, ip string, port int, path string, expectedResHeader map[string]string) {
+func doHTTPServiceEchoes(t *testing.T, ip string, port int, path string, requestHeaders map[string]string, expectedResHeader map[string]string) {
 	client := cleanhttp.DefaultClient()
 	addr := fmt.Sprintf("%s:%d", ip, port)
-	doHTTPServiceEchoesWithClient(t, client, addr, path, expectedResHeader)
+	doHTTPServiceEchoesWithClient(t, client, addr, path, requestHeaders, expectedResHeader)
 }
 
 func doHTTPServiceEchoesWithClient(
@@ -94,6 +122,7 @@ func doHTTPServiceEchoesWithClient(
 	client *http.Client,
 	addr string,
 	path string,
+	requestHeaders map[string]string,
 	expectedResHeader map[string]string,
 ) {
 	const phrase = "hello"
@@ -110,8 +139,20 @@ func doHTTPServiceEchoesWithClient(
 
 	retry.RunWith(failer(), t, func(r *retry.R) {
 		t.Logf("making call to %s", url)
+
 		reader := strings.NewReader(phrase)
-		res, err := client.Post(url, "text/plain", reader)
+		req, err := http.NewRequest("POST", url, reader)
+		require.NoError(t, err, "could not construct request")
+
+		for k, v := range requestHeaders {
+			req.Header.Add(k, v)
+
+			if k == "Host" {
+				req.Host = v
+			}
+		}
+
+		res, err := client.Do(req)
 		if err != nil {
 			r.Fatal("could not make call to service ", url)
 		}
diff --git a/test/integration/consul-container/libs/topology/peering_topology.go b/test/integration/consul-container/libs/topology/peering_topology.go
index c684764d4851..f51b041a8bcd 100644
--- a/test/integration/consul-container/libs/topology/peering_topology.go
+++ b/test/integration/consul-container/libs/topology/peering_topology.go
@@ -187,7 +187,11 @@ type ClusterConfig struct {
 	BuildOpts                 *libcluster.BuildOptions
 	Cmd                       string
 	LogConsumer               *TestLogConsumer
-	Ports                     []int
+
+	// Exposed Ports are available on the cluster's pause container for the purposes
+	// of adding external communication to the cluster. An example would be a listener
+	// on a gateway.
+	ExposedPorts []int
 }
 
 // NewCluster creates a cluster with peering enabled. It also creates
@@ -234,8 +238,8 @@ func NewCluster(
 		serverConf.Cmd = append(serverConf.Cmd, config.Cmd)
 	}
 
-	if config.Ports != nil {
-		cluster, err = libcluster.New(t, []libcluster.Config{*serverConf}, config.Ports...)
+	if config.ExposedPorts != nil {
+		cluster, err = libcluster.New(t, []libcluster.Config{*serverConf}, config.ExposedPorts...)
 	} else {
 		cluster, err = libcluster.NewN(t, *serverConf, config.NumServers)
 	}
diff --git a/test/integration/consul-container/test/basic/connect_service_test.go b/test/integration/consul-container/test/basic/connect_service_test.go
index 3875ad3528a9..650db9fef079 100644
--- a/test/integration/consul-container/test/basic/connect_service_test.go
+++ b/test/integration/consul-container/test/basic/connect_service_test.go
@@ -7,11 +7,8 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/stretchr/testify/require"
-
 	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
 	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
-	libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service"
 	"github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
 )
 
@@ -40,7 +37,7 @@ func TestBasicConnectService(t *testing.T) {
 		},
 	})
 
-	clientService := createServices(t, cluster)
+	_, clientService := topology.CreateServices(t, cluster)
 	_, port := clientService.GetAddr()
 	_, adminPort := clientService.GetAdminAddr()
 
@@ -51,30 +48,3 @@ func TestBasicConnectService(t *testing.T) {
 	libassert.HTTPServiceEchoes(t, "localhost", port, "")
 	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", port), "static-server", "")
 }
-
-func createServices(t *testing.T, cluster *libcluster.Cluster) libservice.Service {
-	node := cluster.Agents[0]
-	client := node.GetClient()
-	// Create a service and proxy instance
-	serviceOpts := &libservice.ServiceOpts{
-		Name:     libservice.StaticServerServiceName,
-		ID:       "static-server",
-		HTTPPort: 8080,
-		GRPCPort: 8079,
-	}
-
-	// Create a service and proxy instance
-	_, _, err := libservice.CreateAndRegisterStaticServerAndSidecar(node, serviceOpts)
-	require.NoError(t, err)
-
-	libassert.CatalogServiceExists(t, client, "static-server-sidecar-proxy", nil)
-	libassert.CatalogServiceExists(t, client, libservice.StaticServerServiceName, nil)
-
-	// Create a client proxy instance with the server as an upstream
-	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false)
-	require.NoError(t, err)
-
-	libassert.CatalogServiceExists(t, client, "static-client-sidecar-proxy", nil)
-
-	return clientConnectProxy
-}
diff --git a/test/integration/consul-container/test/gateways/gateway_endpoint_test.go b/test/integration/consul-container/test/gateways/gateway_endpoint_test.go
index 1f7a00e6830e..659fc4e3fdfe 100644
--- a/test/integration/consul-container/test/gateways/gateway_endpoint_test.go
+++ b/test/integration/consul-container/test/gateways/gateway_endpoint_test.go
@@ -12,11 +12,10 @@ import (
 	"testing"
 	"time"
 
+	"github.com/hashicorp/go-cleanhttp"
 	"github.com/stretchr/testify/require"
 
 	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/go-cleanhttp"
-
 	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
 	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
 	libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service"
@@ -47,7 +46,7 @@ func TestAPIGatewayCreate(t *testing.T) {
 			InjectGossipEncryption: true,
 			AllowHTTPAnyway:        true,
 		},
-		Ports: []int{
+		ExposedPorts: []int{
 			listenerPortOne,
 			serviceHTTPPort,
 			serviceGRPCPort,
@@ -59,6 +58,21 @@ func TestAPIGatewayCreate(t *testing.T) {
 
 	namespace := getOrCreateNamespace(t, client)
 
+	// Create a gateway
+	// We intentionally do this before creating the config entries
+	gatewayService, err := libservice.NewGatewayService(context.Background(), libservice.GatewayConfig{
+		Kind:      "api",
+		Namespace: namespace,
+		Name:      gatewayName,
+	}, cluster.Agents[0], listenerPortOne)
+	require.NoError(t, err)
+
+	// We check this is healthy here because in the case of bringing up a new kube cluster,
+	// it is not possible to create the config entry in advance.
+	// The health checks must pass so the pod can start up.
+	// For API gateways, this should always pass, because there is no default listener for health in Envoy
+	libassert.CatalogServiceIsHealthy(t, client, gatewayName, &api.QueryOptions{Namespace: namespace})
+
 	// add api gateway config
 	apiGateway := &api.APIGatewayConfigEntry{
 		Kind:      api.APIGateway,
@@ -75,7 +89,7 @@ func TestAPIGatewayCreate(t *testing.T) {
 
 	require.NoError(t, cluster.ConfigEntryWrite(apiGateway))
 
-	_, _, err := libservice.CreateAndRegisterStaticServerAndSidecar(cluster.Agents[0], &libservice.ServiceOpts{
+	_, _, err = libservice.CreateAndRegisterStaticServerAndSidecar(cluster.Agents[0], &libservice.ServiceOpts{
 		ID:        serviceName,
 		Name:      serviceName,
 		Namespace: namespace,
@@ -105,14 +119,6 @@ func TestAPIGatewayCreate(t *testing.T) {
 
 	require.NoError(t, cluster.ConfigEntryWrite(tcpRoute))
 
-	// Create a gateway
-	gatewayService, err := libservice.NewGatewayService(context.Background(), libservice.GatewayConfig{
-		Kind:      "api",
-		Namespace: namespace,
-		Name:      gatewayName,
-	}, cluster.Agents[0], listenerPortOne)
-	require.NoError(t, err)
-
 	// make sure the gateway/route come online
 	// make sure config entries have been properly created
 	checkGatewayConfigEntry(t, client, gatewayName, &api.QueryOptions{Namespace: namespace})
diff --git a/test/integration/consul-container/test/gateways/http_route_test.go b/test/integration/consul-container/test/gateways/http_route_test.go
index 0a33ef2fae8b..fcdbb7ce1c96 100644
--- a/test/integration/consul-container/test/gateways/http_route_test.go
+++ b/test/integration/consul-container/test/gateways/http_route_test.go
@@ -70,7 +70,7 @@ func TestHTTPRouteFlattening(t *testing.T) {
 			InjectGossipEncryption: true,
 			AllowHTTPAnyway:        true,
 		},
-		Ports: []int{
+		ExposedPorts: []int{
 			listenerPort,
 			serviceOneHTTPPort,
 			serviceOneGRPCPort,
@@ -298,7 +298,7 @@ func TestHTTPRoutePathRewrite(t *testing.T) {
 			InjectGossipEncryption: true,
 			AllowHTTPAnyway:        true,
 		},
-		Ports: []int{
+		ExposedPorts: []int{
 			listenerPort,
 			fooHTTPPort,
 			fooGRPCPort,
@@ -525,7 +525,7 @@ func TestHTTPRouteParentRefChange(t *testing.T) {
 			InjectGossipEncryption: true,
 			AllowHTTPAnyway:        true,
 		},
-		Ports: []int{
+		ExposedPorts: []int{
 			listenerOnePort,
 			listenerTwoPort,
 			serviceHTTPPort,
diff --git a/test/integration/consul-container/test/gateways/ingress_gateway_test.go b/test/integration/consul-container/test/gateways/ingress_gateway_test.go
new file mode 100644
index 000000000000..1a8958741c8a
--- /dev/null
+++ b/test/integration/consul-container/test/gateways/ingress_gateway_test.go
@@ -0,0 +1,129 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package gateways
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/docker/go-connections/nat"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/api"
+	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
+	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
+	libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service"
+	"github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
+)
+
+// TestIngressGateway Summary
+// This test makes sure a cluster service can be reached via and ingress gateway.
+//
+// Steps:
+//   - Create a cluster (1 server and 1 client).
+//   - Create the example static-server and sidecar containers, then register them both with Consul
+//   - Create an ingress gateway and register it with Consul on the client agent
+//   - Create a config entry that binds static-server to a new listener on the ingress gateway
+//   - Verify that static-service is accessible through the ingress gateway port
+func TestIngressGateway(t *testing.T) {
+	t.Parallel()
+
+	// Ingress gateways must have a listener other than 8443, which is used for health checks.
+	// 9999 is already exposed from consul agents
+	gatewayListenerPort := 9999
+
+	cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{
+		NumServers:                1,
+		NumClients:                1,
+		ApplyDefaultProxySettings: true,
+		BuildOpts: &libcluster.BuildOptions{
+			Datacenter:             "dc1",
+			InjectAutoEncryption:   true,
+			InjectGossipEncryption: true,
+			// TODO(rb): fix the test to not need the service/envoy stack to use :8500
+			AllowHTTPAnyway: true,
+		},
+	})
+	apiClient := cluster.APIClient(0)
+	clientNode := cluster.Clients()[0]
+
+	// Set up the "static-server" backend
+	serverService, _ := topology.CreateServices(t, cluster)
+
+	// Create the ingress gateway service
+	// We expose this on the client node, which already has port 9999 exposed as part of it's pause "pod"
+	gwCfg := libservice.GatewayConfig{
+		Name: api.IngressGateway,
+		Kind: "ingress",
+	}
+	ingressService, err := libservice.NewGatewayService(context.Background(), gwCfg, clientNode)
+	require.NoError(t, err)
+
+	// this is deliberate
+	// internally, ingress gw have a 15s timeout before the /ready endpoint is available,
+	// then we need to wait for the health check to re-execute and propagate.
+	time.Sleep(45 * time.Second)
+
+	// We check this is healthy here because in the case of bringing up a new kube cluster,
+	// it is not possible to create the config entry in advance.
+	// The health checks must pass so the pod can start up.
+	libassert.CatalogServiceIsHealthy(t, apiClient, api.IngressGateway, nil)
+
+	// Register a service to the ingress gateway
+	// **NOTE**: We intentionally wait until after the gateway starts to create the config entry.
+	// This was a regression that can cause errors when starting up consul-k8s before you have the resource defined.
+	ingressGwConfig := &api.IngressGatewayConfigEntry{
+		Kind: api.IngressGateway,
+		Name: api.IngressGateway,
+		Listeners: []api.IngressListener{
+			{
+				Port:     gatewayListenerPort,
+				Protocol: "http",
+				Services: []api.IngressService{
+					{
+						Name: libservice.StaticServerServiceName,
+					},
+				},
+			},
+		},
+	}
+
+	require.NoError(t, cluster.ConfigEntryWrite(ingressGwConfig))
+
+	// Wait for the request to persist
+	checkIngressConfigEntry(t, apiClient, api.IngressGateway, nil)
+
+	_, adminPort := ingressService.GetAdminAddr()
+	libassert.AssertUpstreamEndpointStatus(t, adminPort, "static-server.default", "HEALTHY", 1)
+	//libassert.GetEnvoyListenerTCPFilters(t, adminPort) // This won't succeed because the dynamic listener is delayed
+
+	libassert.AssertContainerState(t, ingressService, "running")
+	libassert.AssertContainerState(t, serverService, "running")
+
+	mappedPort, err := clientNode.GetPod().MappedPort(context.Background(), nat.Port(fmt.Sprintf("%d/tcp", gatewayListenerPort)))
+	require.NoError(t, err)
+
+	// by default, ingress routes are set per <service>.ingress.*
+	headers := map[string]string{"Host": fmt.Sprintf("%s.ingress.com", libservice.StaticServerServiceName)}
+	libassert.HTTPServiceEchoesWithHeaders(t, "localhost", mappedPort.Int(), "", headers)
+}
+
+func checkIngressConfigEntry(t *testing.T, client *api.Client, gatewayName string, opts *api.QueryOptions) {
+	t.Helper()
+
+	require.Eventually(t, func() bool {
+		entry, _, err := client.ConfigEntries().Get(api.IngressGateway, gatewayName, opts)
+		if err != nil {
+			t.Log("error constructing request", err)
+			return false
+		}
+		if entry == nil {
+			t.Log("returned entry is nil")
+			return false
+		}
+		return true
+	}, time.Second*10, time.Second*1)
+}

From 7f3446ececa94e0ced687520c41181430dc1c74d Mon Sep 17 00:00:00 2001
From: Ranjandas <thejranjan@gmail.com>
Date: Thu, 6 Jul 2023 03:49:19 +1000
Subject: [PATCH 135/359] Fixes Traffic rate limitting docs (#17997)

---
 website/content/docs/agent/limits/index.mdx | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/website/content/docs/agent/limits/index.mdx b/website/content/docs/agent/limits/index.mdx
index 55fabc3de4bc..9a522dc3313a 100644
--- a/website/content/docs/agent/limits/index.mdx
+++ b/website/content/docs/agent/limits/index.mdx
@@ -19,9 +19,13 @@ You can set global limits on the rate of read and write requests that affect ind
 
 1. Set arbitrary limits to begin understanding the upper boundary of RPC and gRPC loads in your network. Refer to [Initialize rate limit settings](/consul/docs/agent/limits/usage/init-rate-limits) for additional information.    
 
-1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limit-data)  
+1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits)
 
-1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/agent/limits/usage/set-global-rate-limits) for additional information. For information about setting limits per source IP address, refer to [Limit traffic rates for a source IP](/consul/docs/agent/limits/usage/set-source-ip-rate-limits). Note that setting limits per source IP requires Consul Enterprise.
+1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/agent/limits/usage/set-global-traffic-rate-limits) for additional information. For information about setting limits per source IP address, refer to [Limit traffic rates for a source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips).
+
+<EnterpriseAlert>
+Setting limits per source IP requires Consul Enterprise.
+</EnterpriseAlert>
 
 ### Order of operations
 

From 2c2e62852d405048d69f97ca248a5273837bd794 Mon Sep 17 00:00:00 2001
From: Michael Hofer <karras@users.noreply.github.com>
Date: Wed, 5 Jul 2023 21:22:21 +0200
Subject: [PATCH 136/359] Fix removed service-to-service peering links (#17221)

* docs: fix removed service-to-service peering links

* docs: extend peering-via-mesh-gateways intro (thanks @trujillo-adam)

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 .../gateways/mesh-gateway/peering-via-mesh-gateways.mdx     | 6 +++---
 website/content/docs/lambda/invoke-from-lambda.mdx          | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx b/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx
index 97045649b2ff..3cf7eadc64bb 100644
--- a/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx
+++ b/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx
@@ -7,9 +7,7 @@ description: >-
 
 # Enabling Peering Control Plane Traffic
 
-In addition to [service-to-service traffic routing](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering),
-we recommend routing control plane traffic between cluster peers through mesh gateways
-to simplfy networking requirements.
+This topic describes how to configure a mesh gateway to route control plane traffic between Consul clusters that share a peer connection. For information about routing service traffic between cluster peers through a mesh gateway, refer to [Enabling Service-to-service Traffic Across Admin Partitions](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions).
 
 Control plane traffic between cluster peers includes
 the initial secret handshake and the bi-directional stream replicating peering data.
@@ -60,6 +58,7 @@ For Consul Enterprise clusters, mesh gateways must be registered in the "default
 <Tab heading="Consul OSS">
 
 In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings. 
+
 This access allows the mesh gateway to list all peerings in a Consul cluster and generate unique routing per peered datacenter.
 
 <CodeTabs heading="Example ACL rules for Mesh Gateway Peering Control Plane Traffic in Consul OSS">
@@ -81,6 +80,7 @@ peering = "read"
 <Tab heading="Consul Enterprise">
 
 In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings in all partitions. 
+
 This access allows the mesh gateway to list all peerings in a Consul cluster and generate unique routing per peered partition.
 
 <CodeTabs heading="Example ACL rules for Mesh Gateway Peering Control Plane Traffic in Consul Enterprise">
diff --git a/website/content/docs/lambda/invoke-from-lambda.mdx b/website/content/docs/lambda/invoke-from-lambda.mdx
index fd0da60776d5..9ce0d087792d 100644
--- a/website/content/docs/lambda/invoke-from-lambda.mdx
+++ b/website/content/docs/lambda/invoke-from-lambda.mdx
@@ -84,7 +84,7 @@ spec:
 
 ### Deploy the mesh gateway
 
-The mesh gateway must be running and registered to the Lambda function’s Consul datacenter.  Refer to the following documentation and tutorials for instructions:
+The mesh gateway must be running and registered to the Lambda function’s Consul datacenter. Refer to the following documentation and tutorials for instructions:
 
 - [Mesh Gateways between WAN-Federated Datacenters](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters)
 - [Mesh Gateways between Admin Partitions](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions)

From 7ef807df48c9a68343043c83fb378830d7bbc2c1 Mon Sep 17 00:00:00 2001
From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Date: Wed, 5 Jul 2023 12:56:25 -0700
Subject: [PATCH 137/359] docs: Sameness "beta" warning (#18017)

* Warning updates

* .x
---
 .../connect/cluster-peering/usage/create-sameness-groups.mdx    | 2 +-
 website/content/docs/connect/config-entries/sameness-group.mdx  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx b/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx
index 96047cc9c46e..4cc584b443c3 100644
--- a/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx
+++ b/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx
@@ -10,7 +10,7 @@ This topic describes how to designate groups of services as functionally identic
 
 <Warning>
 
-Sameness groups are a beta feature in this version of Consul. Functionality is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may experience performance issues, scaling issues, and limited support.
+Sameness groups are a beta feature for all Consul v1.16.x releases. Functionality is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may experience performance issues, scaling issues, and limited support.
 
 </Warning>
 
diff --git a/website/content/docs/connect/config-entries/sameness-group.mdx b/website/content/docs/connect/config-entries/sameness-group.mdx
index 76752c2c54af..93894358aee4 100644
--- a/website/content/docs/connect/config-entries/sameness-group.mdx
+++ b/website/content/docs/connect/config-entries/sameness-group.mdx
@@ -12,7 +12,7 @@ To learn more about creating a sameness group, refer to [Create sameness groups]
 
 <Warning>
 
-Sameness groups are a beta feature in this version of Consul. Functionality is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may experience performance issues, scaling issues, and limited support.
+Sameness groups are a beta feature for all Consul v1.16.x releases. Functionality is subject to change. You should never use the beta release in secure environments or production scenarios. Features in beta may experience performance issues, scaling issues, and limited support.
 
 </Warning>
 

From 548829a72bc9ec02e41f6211eff206d6857a5ac2 Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Wed, 5 Jul 2023 13:27:49 -0700
Subject: [PATCH 138/359] updated typo in tab heading (#18022)

* updated typo in tab heading

* updated tab group typo, too
---
 .../docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
index 3062879d472d..30615d3b054f 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
@@ -53,7 +53,7 @@ EnvoyExtensions = [
 ```
 </CodeBlockConfig>
 </Tab>
-<Tab heading="HCL" group="hcl">
+<Tab heading="JSON" group="json">
 <CodeBlockConfig filename="api-auth-service-defaults.json">
 
 ```json

From 7689a5ef2df8a92f476aabdb6ebd6e3696f8c39b Mon Sep 17 00:00:00 2001
From: "J.C. Jones" <james.jc.jones@gmail.com>
Date: Wed, 5 Jul 2023 15:03:42 -0700
Subject: [PATCH 139/359] Document that DNS lookups can target cluster peers
 (#17990)

Static DNS lookups, in addition to explicitly targeting a datacenter,
can target a cluster peer. This was added in 95dc0c7b301b70a6b955a8b7c9737c9b86f03df6 but didn't make the documentation.

The driving function for the change is `parseLocality` here: https://github.com/hashicorp/consul/blob/0b1299c28d8127129d61310ee4280055298438e0/agent/dns_oss.go#L25

The biggest change in this is to adjust the standard lookup syntax to tie
`.<datacenter>` to `.dc` as required-together, and to append in the similar `.<cluster-peer>.peer` optional argument, both to A record and SRV record lookups.

Co-authored-by: David Yu <dyu@hashicorp.com>
---
 .../services/discovery/dns-static-lookups.mdx | 38 ++++++++++++++++++-
 1 file changed, 36 insertions(+), 2 deletions(-)

diff --git a/website/content/docs/services/discovery/dns-static-lookups.mdx b/website/content/docs/services/discovery/dns-static-lookups.mdx
index 6f2db4108c37..353f4e2628e3 100644
--- a/website/content/docs/services/discovery/dns-static-lookups.mdx
+++ b/website/content/docs/services/discovery/dns-static-lookups.mdx
@@ -97,16 +97,18 @@ The DNS protocol limits the size of requests, even when performing DNS TCP queri
 Consul randomizes DNS SRV records and ignores weights specified in service configurations when printing responses. If records are truncated, each client using weighted SRV responses may have partial and inconsistent views of instance weights. As a result, the request distribution may be skewed from the intended weights. We recommend calling the [`/catalog/nodes` API endpoint](/consul/api-docs/catalog#list-nodes) to retrieve the complete list of nodes. You can apply query parameters to API calls to sort and filter the results.
 
 ### Standard lookups
-To perform standard service lookups, specify tags, the name of the service, datacenter, and domain using the following syntax to query for service providers:
+To perform standard service lookups, specify tags, the name of the service, datacenter, cluster peer, and domain using the following syntax to query for service providers:
 
 ```text
-[<tag>.]<service>.service[.<datacenter>].dc.<domain>
+[<tag>.]<service>.service[.<datacenter>.dc][.<cluster-peer>.peer].<domain>
 ```
 
 The `tag` subdomain is optional. It filters responses so that only service providers containing the tag appear.  
 
 The `datacenter` subdomain is optional. By default, Consul interrogates the querying agent's datacenter.
 
+The `cluster-peer` name is optional, and specifies the [cluster peer](/consul/docs/connect/cluster-peering) whose [exported services](/consul/docs/connect/config-entries/exported-services) should be the target of the query.
+
 By default, the lookups query in the `consul` domain. Refer to [Configure DNS Behaviors](/consul/docs/services/discovery/dns-configuration) for information about using alternate domains. 
 
 #### Standard lookup results
@@ -195,6 +197,38 @@ _rabbitmq._amqp.service.consul. 0 IN  SRV 1 1 5672 rabbitmq.node1.dc1.consul.
 ;; ADDITIONAL SECTION:
 rabbitmq.node1.dc1.consul.  0 IN  A 10.1.11.20
 ```
+
+You can also perform RFC 2782 lookups that target a specific [cluster peer](/consul/docs/connect/cluster-peering) or datacenter by including  `<datacenter>.dc` or `<cluster-peer>.peer` in the query labels:
+
+```text
+_<service>._<tag>[.service][.<datacenter>.dc][.<cluster-peer>.peer].<domain>
+```
+
+The following example queries the `redis` service tagged with `tcp` for the cluster peer `phx1`, which returns two instances, one at `10.1.11.83:29081` and one at `10.1.11.86:29142`:
+
+```shell-session
+dig @127.0.0.1 -p 8600 _redis._tcp.service.phx1.peer.consul SRV
+
+; <<>> DiG 9.18.15 <<>> @127.0.0.1 -p 8600 _redis._tcp.service.phx1.peer.consul SRV
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40572
+;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
+
+;; OPT PSEUDOSECTION:
+; EDNS: version: 0, flags:; udp: 1232
+;; QUESTION SECTION:
+;_redis._tcp.service.phx1.peer.consul.  IN SRV
+
+;; ANSWER SECTION:
+_redis._tcp.service.phx1.peer.consul. 0 IN SRV 1 1 29081 0a000d53.addr.consul.
+_redis._tcp.service.phx1.peer.consul. 0 IN SRV 1 1 29142 0a010d56.addr.consul.
+
+;; ADDITIONAL SECTION:
+0a000d53.addr.consul. 0 IN  A 10.1.11.83
+0a010d56.addr.consul. 0 IN  A 10.1.11.86
+```
+
 #### SRV responses for hosts in the .addr subdomain
 
 If a service registered with Consul is configured with an explicit IP address or addresses in the  [`address`](/consul/docs/services/configuration/services-configuration-reference#address) or [`tagged_address`](/consul/docs/services/configuration/services-configuration-reference#tagged_address) parameter, then Consul returns the hostname in the target field of the answer section for the DNS SRV query according to the following format: 

From ada3938115ac74afe1370287506a87ce2c00bc58 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Thu, 6 Jul 2023 07:27:30 -0400
Subject: [PATCH 140/359] Add first integration test for jwt auth with
 intention (#18005)

---
 agent/xds/listeners.go                        |   5 +-
 test/integration/consul-container/go.mod      |   2 +
 test/integration/consul-container/go.sum      |   6 +
 .../consul-container/libs/utils/helpers.go    | 104 +++++++++
 .../test/jwtauth/jwt_auth_test.go             | 215 ++++++++++++++++++
 5 files changed, 329 insertions(+), 3 deletions(-)
 create mode 100644 test/integration/consul-container/test/jwtauth/jwt_auth_test.go

diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go
index 4278c3a8b6cc..6e67cd1c564e 100644
--- a/agent/xds/listeners.go
+++ b/agent/xds/listeners.go
@@ -1381,12 +1381,11 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot
 		if err != nil {
 			return nil, err
 		}
-
-		filterOpts.httpAuthzFilters = []*envoy_http_v3.HttpFilter{rbacFilter}
-
+		filterOpts.httpAuthzFilters = []*envoy_http_v3.HttpFilter{}
 		if jwtFilter != nil {
 			filterOpts.httpAuthzFilters = append(filterOpts.httpAuthzFilters, jwtFilter)
 		}
+		filterOpts.httpAuthzFilters = append(filterOpts.httpAuthzFilters, rbacFilter)
 
 		meshConfig := cfgSnap.MeshConfig()
 		includeXFCC := meshConfig == nil || meshConfig.HTTP == nil || !meshConfig.HTTP.SanitizeXForwardedClientCert
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index 46a4d21c9b9f..9eba92ca55fb 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/avast/retry-go v3.0.0+incompatible
 	github.com/docker/docker v23.0.6+incompatible
 	github.com/docker/go-connections v0.4.0
+	github.com/go-jose/go-jose/v3 v3.0.0
 	github.com/hashicorp/consul v0.0.0-00010101000000-000000000000
 	github.com/hashicorp/consul/api v1.22.0-rc1
 	github.com/hashicorp/consul/envoyextensions v0.3.0-rc1
@@ -83,6 +84,7 @@ require (
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
+	golang.org/x/crypto v0.1.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/net v0.10.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum
index b7ae09743d5b..02a74ddbe68e 100644
--- a/test/integration/consul-container/go.sum
+++ b/test/integration/consul-container/go.sum
@@ -79,6 +79,8 @@ github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
 github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
+github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
+github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
@@ -101,6 +103,7 @@ github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -286,6 +289,7 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
@@ -303,10 +307,12 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
diff --git a/test/integration/consul-container/libs/utils/helpers.go b/test/integration/consul-container/libs/utils/helpers.go
index e18293a96ac0..5f75e3e4b3f7 100644
--- a/test/integration/consul-container/libs/utils/helpers.go
+++ b/test/integration/consul-container/libs/utils/helpers.go
@@ -4,6 +4,15 @@
 package utils
 
 import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+
+	"github.com/go-jose/go-jose/v3"
+	"github.com/go-jose/go-jose/v3/jwt"
 	"github.com/hashicorp/consul/api"
 )
 
@@ -18,3 +27,98 @@ func ApplyDefaultProxySettings(c *api.Client) (bool, error) {
 	ok, _, err := c.ConfigEntries().Set(req, &api.WriteOptions{})
 	return ok, err
 }
+
+// Generates a private and public key pair that is for signing
+// JWT.
+func GenerateKey() (pub, priv string, err error) {
+	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+
+	if err != nil {
+		return "", "", fmt.Errorf("error generating private key: %w", err)
+	}
+
+	{
+		derBytes, err := x509.MarshalECPrivateKey(privateKey)
+		if err != nil {
+			return "", "", fmt.Errorf("error marshaling private key: %w", err)
+		}
+		priv = string(pem.EncodeToMemory(&pem.Block{
+			Type:  "EC PRIVATE KEY",
+			Bytes: derBytes,
+		}))
+	}
+	{
+		derBytes, err := x509.MarshalPKIXPublicKey(privateKey.Public())
+		if err != nil {
+			return "", "", fmt.Errorf("error marshaling public key: %w", err)
+		}
+		pub = string(pem.EncodeToMemory(&pem.Block{
+			Type:  "PUBLIC KEY",
+			Bytes: derBytes,
+		}))
+	}
+
+	return pub, priv, nil
+}
+
+// SignJWT will bundle the provided claims into a signed JWT. The provided key
+// is assumed to be ECDSA.
+//
+// If no private key is provided, it will generate a private key. These can
+// be retrieved via the SigningKeys() method.
+func SignJWT(privKey string, claims jwt.Claims, privateClaims interface{}) (string, error) {
+	var err error
+	if privKey == "" {
+		_, privKey, err = GenerateKey()
+		if err != nil {
+			return "", err
+		}
+	}
+	var key *ecdsa.PrivateKey
+	block, _ := pem.Decode([]byte(privKey))
+	if block != nil {
+		key, err = x509.ParseECPrivateKey(block.Bytes)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	sig, err := jose.NewSigner(
+		jose.SigningKey{Algorithm: jose.ES256, Key: key},
+		(&jose.SignerOptions{}).WithType("JWT"),
+	)
+	if err != nil {
+		return "", err
+	}
+
+	raw, err := jwt.Signed(sig).
+		Claims(claims).
+		Claims(privateClaims).
+		CompactSerialize()
+	if err != nil {
+		return "", err
+	}
+
+	return raw, nil
+}
+
+// newJWKS converts a pem-encoded public key into JWKS data suitable for a
+// verification endpoint response
+func NewJWKS(pubKey string) (*jose.JSONWebKeySet, error) {
+	block, _ := pem.Decode([]byte(pubKey))
+	if block == nil || block.Type != "PUBLIC KEY" {
+		return nil, fmt.Errorf("unable to decode public key")
+	}
+
+	pub, err := x509.ParsePKIXPublicKey(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+	return &jose.JSONWebKeySet{
+		Keys: []jose.JSONWebKey{
+			{
+				Key: pub,
+			},
+		},
+	}, nil
+}
diff --git a/test/integration/consul-container/test/jwtauth/jwt_auth_test.go b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
new file mode 100644
index 000000000000..37c846d0a6d4
--- /dev/null
+++ b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
@@ -0,0 +1,215 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package jwtauth
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+	"github.com/stretchr/testify/require"
+
+	"github.com/go-jose/go-jose/v3/jwt"
+	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
+	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
+	libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service"
+	libtopology "github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
+	libutils "github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
+	"github.com/hashicorp/go-cleanhttp"
+	"testing"
+	"time"
+)
+
+// TestJWTAuthConnectService summary
+// This test ensures that when we have an intention referencing a JWT, requests
+// without JWT authorization headers are denied. And requests with the correct JWT
+// Authorization header are successful
+//
+// Steps:
+// - Creates a single agent cluster
+// - Creates a static-server and sidecar containers
+// - Registers the created static-server and sidecar with consul
+// - Create a static-client and sidecar containers
+// - Registers the static-client and sidecar with consul
+// - Ensure client sidecar is running as expected
+// - Make a request without the JWT Authorization header and expects 401 StatusUnauthorized
+// - Make a request with the JWT Authorization header and expects a 200
+func TestJWTAuthConnectService(t *testing.T) {
+	t.Parallel()
+
+	cluster, _, _ := libtopology.NewCluster(t, &libtopology.ClusterConfig{
+		NumServers:                1,
+		NumClients:                1,
+		ApplyDefaultProxySettings: true,
+		BuildOpts: &libcluster.BuildOptions{
+			Datacenter:             "dc1",
+			InjectAutoEncryption:   true,
+			InjectGossipEncryption: true,
+		},
+	})
+
+	clientService := createServices(t, cluster)
+	_, clientPort := clientService.GetAddr()
+	_, clientAdminPort := clientService.GetAdminAddr()
+
+	libassert.AssertUpstreamEndpointStatus(t, clientAdminPort, "static-server.default", "HEALTHY", 1)
+	libassert.AssertContainerState(t, clientService, "running")
+	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", clientPort), "static-server", "")
+
+	claims := jwt.Claims{
+		Subject:   "r3qXcK2bix9eFECzsU3Sbmh0K16fatW6@clients",
+		Audience:  jwt.Audience{"https://consul.test"},
+		Issuer:    "https://legit.issuer.internal/",
+		NotBefore: jwt.NewNumericDate(time.Now().Add(-5 * time.Second)),
+		Expiry:    jwt.NewNumericDate(time.Now().Add(60 * time.Minute)),
+	}
+
+	jwks, jwt := makeJWKSAndJWT(t, claims)
+
+	// configure proxy-defaults, jwt-provider and intention
+	configureProxyDefaults(t, cluster)
+	configureJWTProvider(t, cluster, jwks, claims)
+	configureIntentions(t, cluster)
+
+	baseURL := fmt.Sprintf("http://localhost:%d", clientPort)
+	// fails without jwt headers
+	doRequest(t, baseURL, http.StatusUnauthorized, "")
+	// succeeds with jwt
+	doRequest(t, baseURL, http.StatusOK, jwt)
+}
+
+func createServices(t *testing.T, cluster *libcluster.Cluster) libservice.Service {
+	node := cluster.Agents[0]
+	client := node.GetClient()
+	// Create a service and proxy instance
+	serviceOpts := &libservice.ServiceOpts{
+		Name:     libservice.StaticServerServiceName,
+		ID:       "static-server",
+		HTTPPort: 8080,
+		GRPCPort: 8079,
+	}
+
+	// Create a service and proxy instance
+	_, _, err := libservice.CreateAndRegisterStaticServerAndSidecar(node, serviceOpts)
+	require.NoError(t, err)
+
+	libassert.CatalogServiceExists(t, client, "static-server-sidecar-proxy", nil)
+	libassert.CatalogServiceExists(t, client, libservice.StaticServerServiceName, nil)
+
+	// Create a client proxy instance with the server as an upstream
+	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false)
+	require.NoError(t, err)
+
+	libassert.CatalogServiceExists(t, client, "static-client-sidecar-proxy", nil)
+
+	return clientConnectProxy
+}
+
+// creates a JWKS and JWT that will be used for validation
+func makeJWKSAndJWT(t *testing.T, claims jwt.Claims) (string, string) {
+	pub, priv, err := libutils.GenerateKey()
+	require.NoError(t, err)
+
+	jwks, err := libutils.NewJWKS(pub)
+	require.NoError(t, err)
+
+	jwksJson, err := json.Marshal(jwks)
+	require.NoError(t, err)
+
+	type orgs struct {
+		Primary string `json:"primary"`
+	}
+	privateCl := struct {
+		FirstName string   `json:"first_name"`
+		Org       orgs     `json:"org"`
+		Groups    []string `json:"groups"`
+	}{
+		FirstName: "jeff2",
+		Org:       orgs{"engineering"},
+		Groups:    []string{"foo", "bar"},
+	}
+
+	jwt, err := libutils.SignJWT(priv, claims, privateCl)
+	require.NoError(t, err)
+	return string(jwksJson), jwt
+}
+
+// configures the protocol to http as this is needed for jwt-auth
+func configureProxyDefaults(t *testing.T, cluster *libcluster.Cluster) {
+	client := cluster.Agents[0].GetClient()
+
+	ok, _, err := client.ConfigEntries().Set(&api.ProxyConfigEntry{
+		Kind: api.ProxyDefaults,
+		Name: api.ProxyConfigGlobal,
+		Config: map[string]interface{}{
+			"protocol": "http",
+		},
+	}, nil)
+	require.NoError(t, err)
+	require.True(t, ok)
+}
+
+// creates a JWT local provider
+func configureJWTProvider(t *testing.T, cluster *libcluster.Cluster, jwks string, claims jwt.Claims) {
+	client := cluster.Agents[0].GetClient()
+
+	ok, _, err := client.ConfigEntries().Set(&api.JWTProviderConfigEntry{
+		Kind: api.JWTProvider,
+		Name: "test-jwt",
+		JSONWebKeySet: &api.JSONWebKeySet{
+			Local: &api.LocalJWKS{
+				JWKS: base64.StdEncoding.EncodeToString([]byte(jwks)),
+			},
+		},
+		Issuer:    claims.Issuer,
+		Audiences: claims.Audience,
+	}, nil)
+	require.NoError(t, err)
+	require.True(t, ok)
+}
+
+// creates an intention referencing the jwt provider
+func configureIntentions(t *testing.T, cluster *libcluster.Cluster) {
+	client := cluster.Agents[0].GetClient()
+
+	ok, _, err := client.ConfigEntries().Set(&api.ServiceIntentionsConfigEntry{
+		Kind: "service-intentions",
+		Name: libservice.StaticServerServiceName,
+		Sources: []*api.SourceIntention{
+			{
+				Name:   libservice.StaticClientServiceName,
+				Action: api.IntentionActionAllow,
+			},
+		},
+		JWT: &api.IntentionJWTRequirement{
+			Providers: []*api.IntentionJWTProvider{
+				{
+					Name:         "test-jwt",
+					VerifyClaims: []*api.IntentionJWTClaimVerification{},
+				},
+			},
+		},
+	}, nil)
+	require.NoError(t, err)
+	require.True(t, ok)
+}
+
+func doRequest(t *testing.T, url string, expStatus int, jwt string) {
+	retry.RunWith(&retry.Timer{Timeout: 5 * time.Second, Wait: time.Second}, t, func(r *retry.R) {
+
+		client := cleanhttp.DefaultClient()
+
+		req, err := http.NewRequest("GET", url, nil)
+		require.NoError(r, err)
+		if jwt != "" {
+			req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", jwt))
+		}
+		resp, err := client.Do(req)
+		require.NoError(r, err)
+		require.Equal(r, expStatus, resp.StatusCode)
+	})
+}

From f7d399f7fc39283e75f885cb22772cbab25db3b2 Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Thu, 6 Jul 2023 09:31:45 -0700
Subject: [PATCH 141/359] fix stand-in text for name field (#18030)

---
 .../connect/config-entries/control-plane-request-limit.mdx  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/website/content/docs/connect/config-entries/control-plane-request-limit.mdx b/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
index c9d05e2da3b0..21b06f6533c1 100644
--- a/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
+++ b/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
@@ -42,7 +42,7 @@ When every field is defined, a control plane request limit configuration entry h
 ```hcl
 kind = "control-plane-request-limit"
 mode = "permissive"
-name = "<destination service>"
+name = "<name-for-the-entry>"
 read_rate =  100
 write_rate = 100
 kv = {
@@ -64,7 +64,7 @@ catalog = {
 {
   "kind": "control-plane-request-limit",
   "mode": "permissive",
-  "name": "<destination service>",
+  "name": "<name-for-the-entry>",
   "read_rate":  100,
   "write_rate": 100,
   "kv": {
@@ -85,7 +85,7 @@ catalog = {
 ```yaml
 kind: control-plane-request-limit
 mode: permissive
-name: <destination service>
+name: <name-for-the-entry>
 read_rate: 100
 write_rate: 100
 kv:

From 820cdbb226bd32f11b31524af1578939b4d01f12 Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Thu, 6 Jul 2023 10:37:38 -0700
Subject: [PATCH 142/359] removed sameness conf entry from failover nav
 (#18033)

---
 website/data/docs-nav-data.json | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 16feb0d11d97..7149dfebb299 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -780,10 +780,6 @@
           {
             "title": "Configuration",
             "routes": [
-              {
-                "title": "Sameness groups",
-                "href": "/consul/docs/connect/config-entries/service-resolver"
-              },
               {
                 "title": "Service resolver",
                 "href": "/consul/docs/connect/config-entries/service-resolver"

From 85f2ae024c66b67f9d8011e320fd9b3693df6b2f Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Thu, 6 Jul 2023 12:46:48 -0700
Subject: [PATCH 143/359] docs - add service sync annotations and k8s service
 weight annotation (#18032)

* Docs for https://github.com/hashicorp/consul-k8s/pull/2293
* remove versions for enterprise features since they are old

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
---
 .../docs/k8s/annotations-and-labels.mdx       | 63 ++++++++++++++++---
 website/content/docs/k8s/service-sync.mdx     |  8 +--
 2 files changed, 57 insertions(+), 14 deletions(-)

diff --git a/website/content/docs/k8s/annotations-and-labels.mdx b/website/content/docs/k8s/annotations-and-labels.mdx
index 547a82a6ccb3..56d0aa6006f1 100644
--- a/website/content/docs/k8s/annotations-and-labels.mdx
+++ b/website/content/docs/k8s/annotations-and-labels.mdx
@@ -9,16 +9,21 @@ description: >-
 
 ## Overview
 
-Consul on Kubernetes provides a few options for customizing how connect-inject behavior should be configured.
+Consul on Kubernetes provides a few options for customizing how connect-inject or service sync behavior should be configured.
 This allows the user to configure natively configure Consul on select Kubernetes resources (i.e. pods, services).
 
-- [Annotations](#annotations)
-- [Labels](#labels)
+- [Consul Service Mesh](#consul-service-mesh)
+  - [Annotations](#annotations)
+  - [Labels](#labels)
+- [Service Sync](#service-sync)
+  - [Annotations](#annotations-1)
 
 The noun _connect_ is used throughout this documentation to refer to the connect
 subsystem that provides Consul's service mesh capabilities.
 
-## Annotations
+## Consul Service Mesh
+
+### Annotations
 
 The following Kubernetes resource annotations could be used on a pod to control connect-inject behavior:
 
@@ -76,7 +81,7 @@ The following Kubernetes resource annotations could be used on a pod to control
   local port to listen for those connections. When transparent proxy is enabled,
   this annotation is optional. This annotation can be either _labeled_ or _unlabeled_. We recommend the labeled format because it has a more consistent syntax and can be used to reference cluster peers as upstreams.
 
- - **Labeled** (requires Consul on Kubernetes v0.45.0+):
+ - **Labeled**:
 
       The labeled annotation format allows you to reference any service as an upstream. You can specify a Consul Enterprise namespace. You can also specify an admin partition in the same datacenter, a cluster peer, or a WAN-federated datacenter.
 
@@ -133,7 +138,7 @@ The following Kubernetes resource annotations could be used on a pod to control
           "consul.hashicorp.com/connect-service-upstreams":"[service-name]:[port]:[optional datacenter]"
         ```
 
-      - Namespace (requires Consul Enterprise 1.7+): Upstream services may be running in a different namespace. Place
+      - Namespace: Upstream services may be running in a different namespace. Place
       the upstream namespace after the service name. For additional details about configuring the injector, refer to [Consul Enterprise namespaces](#consul-enterprise-namespaces) .
         
         ```yaml
@@ -144,7 +149,7 @@ The following Kubernetes resource annotations could be used on a pod to control
         If the namespace is not specified, the annotation defaults to the namespace of the source service.
         Consul Enterprise v1.7 and older interprets the value placed in the namespace position as part of the service name.
 
-      - Admin partitions (requires Consul Enterprise 1.11+): Upstream services may be running in a different
+      - Admin partitions: Upstream services may be running in a different
         partition. When specifying a partition, you must also specify a namespace. Place the partition name after the namespace. If you specify the name of the datacenter, it must be the local datacenter. Communicating across partitions using this method is only supported within a
         datacenter. For cross partition communication across datacenters, [establish a cluster
         peering connection](/consul/docs/k8s/connect/cluster-peering/usage/establish-peering) and set the upstream with a labeled annotation format.
@@ -265,7 +270,7 @@ The following Kubernetes resource annotations could be used on a pod to control
     "consul.hashicorp.com/consul-sidecar-user-volume-mount": "[{\"name\": \"secrets-store-mount\", \"mountPath\": \"/mnt/secrets-store\"}]"
   ```
 
-## Labels
+### Labels
 
 Resource labels could be used on a Kubernetes service to control connect-inject behavior.
 
@@ -276,3 +281,45 @@ Resource labels could be used on a Kubernetes service to control connect-inject
   registration to ignore all services except for the one which should be used for routing requests
   using Consul.
 
+## Service Sync 
+
+### Annotations
+
+The following Kubernetes resource annotations could be used on a pod to [Service Sync](https://developer.hashicorp.com/consul/docs/k8s/service-sync) behavior:
+
+- `consul.hashicorp.com/service-sync`: If this is set to `true`, then the Kubernetes service is explicitly configured to be synced to Consul.  
+
+  ```yaml
+  annotations:
+    'consul.hashicorp.com/service-sync': 'true'
+  ```
+
+- `consul.hashicorp.com/service-port`: Configures the port to register to the Consul Catalog for the Kubernetes service. The annotation value may be a name of a port (recommended) or an exact port value. Refer to [service ports](https://developer.hashicorp.com/consul/docs/k8s/service-sync#service-ports) for more information. 
+ 
+  ```yaml
+  annotations:
+    'consul.hashicorp.com/service-port': 'http'
+  ```
+
+- `consul.hashicorp.com/service-tags`: A comma separated list of strings (without whitespace) to use for registering tags to the service registered to Consul. These custom tags automatically include the `k8s` tag which can't be disabled.
+
+  ```yaml
+  annotations:
+    'consul.hashicorp.com/service-tags': 'primary,foo'
+  ```
+
+- `consul.hashicorp.com/service-meta-KEY`: A map for specifying service metadata for Consul services. The "KEY" below can be set to any key. This allows you to set multiple meta values.
+
+  ```yaml
+  annotations:
+    'consul.hashicorp.com/service-meta-KEY': 'value'
+  ```
+
+- `consul.hashicorp.com/service-weight:` - Configures ability to support weighted loadbalancing by service annotation for Catalog Sync. The integer provided will be applied as a weight for the `passing` state for the health of the service. Refer to [weights](/consul/docs/services/configuration/services-configuration-reference#weights) in service configuration for more information on how this is leveraged for services in the Consul catalog. 
+
+  ```yaml
+  annotations:
+    consul.hashicorp.com/service-weight: 10
+  ```
+
+
diff --git a/website/content/docs/k8s/service-sync.mdx b/website/content/docs/k8s/service-sync.mdx
index db3e2bc9d833..54ebbdd54d2c 100644
--- a/website/content/docs/k8s/service-sync.mdx
+++ b/website/content/docs/k8s/service-sync.mdx
@@ -12,7 +12,7 @@ services are available to Consul agents and services in Consul can be available
 as first-class Kubernetes services. This functionality is provided by the
 [consul-k8s project](https://github.com/hashicorp/consul-k8s) and can be
 automatically installed and configured using the
-[Consul Helm chart](/consul/docs/k8s/installation/install).
+[Consul K8s Helm chart](/consul/docs/k8s/installation/install).
 
 ![screenshot of a Kubernetes service in the UI](/img/k8s-service.png)
 
@@ -31,11 +31,7 @@ service discovery, including hosted services like databases.
 
 ~> Enabling both Service Mesh and Service Sync on the same Kubernetes services is not supported, as Service Mesh also registers Kubernetes service instances to Consul. Ensure that Service Sync is only enabled for namespaces and services that are not injected with the Consul sidecar for Service Mesh as described in [Sync Enable/Disable](/consul/docs/k8s/service-sync#sync-enable-disable).
 
-The service sync uses an external long-running process in the
-[consul-k8s project](https://github.com/hashicorp/consul-k8s). This process
-can run either inside or outside of a Kubernetes cluster. However, running this process within
-the Kubernetes cluster is generally easier since it is automated using the
-[Helm chart](/consul/docs/k8s/helm).
+The service sync feature deploys a long-running process which can run either inside or outside of a Kubernetes cluster. However, running this process within the Kubernetes cluster is generally easier since it is automated using the [Helm chart](/consul/docs/k8s/helm).
 
 The Consul server cluster can run either in or out of a Kubernetes cluster.
 The Consul server cluster does not need to be running on the same machine

From b9a6a744d5e309832d52ff38bc89c561f1aac201 Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Fri, 7 Jul 2023 09:22:03 -0700
Subject: [PATCH 144/359] docs - add jobs use case for service mesh k8s
 (#18037)

* docs - add jobs use case for service mesh k8s
* add code blocks
---
 website/content/docs/k8s/connect/index.mdx | 218 ++++++++++++++++++---
 1 file changed, 196 insertions(+), 22 deletions(-)

diff --git a/website/content/docs/k8s/connect/index.mdx b/website/content/docs/k8s/connect/index.mdx
index afa625a0ba8d..884119cd92a5 100644
--- a/website/content/docs/k8s/connect/index.mdx
+++ b/website/content/docs/k8s/connect/index.mdx
@@ -19,10 +19,33 @@ Consul service mesh is enabled by default when you install Consul on Kubernetes
 
 If `connectInject.default` is set to `false` or you want to explicitly enable service mesh sidecar proxy injection for a specific deployment, add the `consul.hashicorp.com/connect-inject` annotation to the pod specification template and set it to `true` when connecting services to the mesh. 
 
-### Example 
+### Service names
+
+When the service is onboarded, the name registered in Consul is set to the name of the Kubernetes Service associated with the Pod. You can specify a custom name for the service in the [`consul.hashicorp.com/connect-service` annotation](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service), but if ACLs are enabled, then the name of the service registered in Consul must match the Pod's `ServiceAccount` name.
+
+### Transparent proxy mode
+
+By default, the Consul service mesh runs in transparent proxy mode. This mode forces inbound and outbound traffic through the sidecar proxy even though the service binds to all interfaces. Transparent proxy infers the location of upstream services using Consul service intentions, and also allows you to use Kubernetes DNS as you normally would for your workloads. 
+
+When transparent proxy mode is enabled, all service-to-service traffic is required to use mTLS. While onboarding new services to service mesh, your network may have mixed mTLS and non-mTLS traffic, which can result in broken service-to-service communication. You can temporarily enable permissive mTLS mode during the onboarding process so that existing mesh services can accept traffic from services that are not yet fully onboarded. Permissive mTLS enables sidecar proxies to access both mTLS and non-mTLS traffic. Refer to [Onboard mesh services in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for additional information.
+
+### Kubernetes service mesh workload scenarios 
+
+-> **Note:** A Kubernetes Service is **required** to register services on the Consul Service Mesh as Consul monitors the lifecyle of a Kubernetes service and its service instances using the service object. In addition the Kubernetes service is used to register and de-register the service from the Catalog. 
+
+Below are multiple scenarios for registering workloads on Kubernetes onto Consul Service Mesh. Each scenario provides an example Kubernetes manifest to help quickly understand how to use Consul Service Mesh on a specific Kubernetes workload type.
+
+- [Kubernetes Pods running as a deployment](#kubernetes-pods-running-as-a-deployment)
+- [Connecting to mesh-enabled Services](#connecting-to-mesh-enabled-services)
+- [Kubernetes Jobs](#kubernetes-jobs)
+- [Kubernetes Pods with Multiple ports](#kubernetes-pods-with-multiple-ports)
+
+#### Kubernetes Pods running as a deployment
 
 The following example shows a Kubernetes configuration that specifically enables service mesh connections for the `static-server` service. Consul starts and registers a sidecar proxy that listens on port 20000 by default and proxies valid inbound connections to port 8080. 
 
+<CodeBlockConfig filename="static-server.yaml">
+
 ```yaml
 apiVersion: v1
 kind: Service
@@ -72,27 +95,18 @@ spec:
       serviceAccountName: static-server
 ```
 
-To establish a connection to the Pod using service mesh, a client must use another mesh proxy. The client mesh proxy will use Consul service discovery to find all available upstream proxies and their public ports.
-
-### Service names
-
-When the service is onboarded, the name registered in Consul is set to the name of the Kubernetes Service associated with the Pod. You can specify a custom name for the service in the [`consul.hashicorp.com/connect-service` annotation](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service), but if ACLs are enabled, then the name of the service registered in Consul must match the Pod's `ServiceAccount` name.
-
-### Transparent proxy mode
-
-By default, the Consul service mesh runs in transparent proxy mode. This mode forces inbound and outbound traffic through the sidecar proxy even though the service binds to all interfaces. Transparent proxy infers the location of upstream services using Consul service intentions, and also allows you to use Kubernetes DNS as you normally would for your workloads. 
+</CodeBlockConfig>
 
-When transparent proxy mode is enabled, all service-to-service traffic is required to use mTLS. While onboarding new services to service mesh, your network may have mixed mTLS and non-mTLS traffic, which can result in broken service-to-service communication. You can temporarily enable permissive mTLS mode during the onboarding process so that existing mesh services can accept traffic from services that are not yet fully onboarded. Permissive mTLS enables sidecar proxies to access both mTLS and non-mTLS traffic. Refer to [Onboard mesh services in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for additional information.
+To establish a connection to the Pod using service mesh, a client must use another mesh proxy. The client mesh proxy will use Consul service discovery to find all available upstream proxies and their public ports.
 
-### Connecting to Mesh-Enabled Services
+#### Connecting to Mesh-Enabled Services
 
 The example Deployment specification below configures a Deployment that is capable
 of establishing connections to our previous example "static-server" service. The
 connection to this static text service happens over an authorized and encrypted
 connection via service mesh.
 
--> **Note:** As of consul-k8s `v0.26.0` and Consul Helm `v0.32.0`, having a Kubernetes
-Service is **required** to run services on the Consul Service Mesh.
+<CodeBlockConfig filename="static-client.yaml">
 
 ```yaml
 apiVersion: v1
@@ -138,6 +152,8 @@ spec:
       serviceAccountName: static-client
 ```
 
+</CodeBlockConfig>
+
 By default when ACLs are enabled or when ACLs default policy is `allow`,
 Consul will automatically configure proxies with all upstreams from the same datacenter.
 When ACLs are enabled with default `deny` policy,
@@ -172,7 +188,95 @@ $ kubectl exec deploy/static-client -- curl --silent http://static-server/
 command terminated with exit code 52
 ```
 
-### Kubernetes Pods with Multiple ports
+#### Kubernetes Jobs
+
+Kubernetes Jobs run pods that successfully terminate and only make outbound requests to services on the mesh. In order to register a Kubernetes job on the mesh, you must provide an integer value for the `consul.hashicorp.com/sidecar-proxy-lifecycle-shutdown-grace-period-seconds` annotation, and issue a request the `http://127.0.0.1:20600/graceful_shutdown` API endpoint for `consul-dataplane` to gracefully shut down the `consul-dataplane` sidecar after the job is complete. ,
+
+Below is an example Kubernetes manifest that deploys a job correctly. 
+
+<CodeBlockConfig filename="test-job.yaml">
+
+```yaml
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: test-job
+  namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: test-job
+  namespace: default
+spec:
+  selector:
+    app: test-job
+  ports:
+    - port: 80
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+   name: test-job
+   namespace: default
+   labels:
+     app: test-job
+spec:
+  template:
+    metadata:
+      annotations:
+        'consul.hashicorp.com/connect-inject': 'true'
+        'consul.hashicorp.com/sidecar-proxy-lifecycle-shutdown-grace-period-seconds': '5'
+      labels:
+        app: test-job
+    spec:
+      containers:
+      - name: test-job
+        image: alpine/curl:3.14
+        ports:
+        - containerPort: 80
+        command:
+          - /bin/sh
+          - -c
+          - |
+            echo "Started test job"
+            sleep 10
+            echo "Killing proxy"
+            curl --max-time 2 -s -f -XPOST http://127.0.0.1:20600/graceful_shutdown
+            sleep 10
+            echo "Ended test job"
+      serviceAccountName: test-job
+      restartPolicy: Never
+```
+
+</CodeBlockConfig>
+
+Upon completing the job you should be able to verify that all containers are shut down within the pod.
+
+```shell-session
+$ kubectl get pods  
+NAME             READY   STATUS      RESTARTS   AGE
+test-job-49st7   0/2     Completed   0          3m55s
+```
+
+```shell-session 
+$ kubectl get job
+NAME       COMPLETIONS   DURATION   AGE
+test-job   1/1           30s        4m31s
+```
+
+In addition, based on the logs emitted by the pod you can verify that the proxy was indeed shut down prior to job completing. 
+
+```shell-session
+$ kubectl logs test-job-49st7 -c test-job
+Started test job
+Killing proxy
+Ended test job
+```
+
+#### Kubernetes Pods with Multiple ports
+
 To configure a pod with multiple ports to be a part of the service mesh and receive and send service mesh traffic, you
 will need to add configuration so that a Consul service can be registered per port. This is because services in Consul
 currently support a single port per service instance.
@@ -184,6 +288,9 @@ First, decide on the names for the two Consul services that will correspond to t
 chooses the names `web` for `8080` and `web-admin` for `9090`.
 
 Create two service accounts for `web` and `web-admin`:
+
+<CodeBlockConfig filename="multiport-web-sa.yaml">
+
 ```yaml
 apiVersion: v1
 kind: ServiceAccount
@@ -195,7 +302,14 @@ kind: ServiceAccount
 metadata:
   name: web-admin
 ```
+
+</CodeBlockConfig>
+
+
 Create two Service objects for `web` and `web-admin`:
+
+<CodeBlockConfig filename="multiport-web-svc.yaml">
+
 ```yaml
 apiVersion: v1
 kind: Service
@@ -221,12 +335,17 @@ spec:
       port: 80
       targetPort: 9090
 ```
+
+</CodeBlockConfig>
+
 `web` will target `containerPort` `8080` and select pods labeled `app: web`. `web-admin` will target `containerPort`
 `9090` and will also select the same pods.
 
 ~> Kubernetes 1.24+ only
 In Kubernetes 1.24+ you need to [create a Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets) for each multi-port service that references the ServiceAccount, and the Kubernetes secret must have the same name as the ServiceAccount:
 
+<CodeBlockConfig filename="multiport-web-secret.yaml">
+
 ```yaml
 apiVersion: v1
 kind: Secret
@@ -245,12 +364,15 @@ metadata:
   type: kubernetes.io/service-account-token
 ```
 
+</CodeBlockConfig>
+
 Create a Deployment with any chosen name, and use the following annotations:
 ```yaml
-consul.hashicorp.com/connect-inject: true
-consul.hashicorp.com/transparent-proxy: false
-consul.hashicorp.com/connect-service: web,web-admin
-consul.hashicorp.com/connect-service-port: 8080,9090
+annotations:
+  'consul.hashicorp.com/connect-inject': 'true'
+  'consul.hashicorp.com/transparent-proxy': 'false'
+  'consul.hashicorp.com/connect-service': 'web,web-admin'
+  'consul.hashicorp.com/connect-service-port': '8080,9090'
 ```
 Note that the order the ports are listed in the same order as the service names, i.e. the first service name `web`
 corresponds to the first port, `8080`, and the second service name `web-admin` corresponds to the second port, `9090`.
@@ -260,7 +382,11 @@ The service account on the pod spec for the deployment should be set to the firs
 serviceAccountName: web
 ```
 
-For reference, the full deployment example could look something like the following:
+For reference, a full deployment example is provided below with the correct annotations provided. In addition, the previous yaml manifests can also be combined into
+a single manifest for easier deployment. 
+
+<CodeBlockConfig filename="multiport-web.yaml">
+
 ```yaml
 apiVersion: apps/v1
 kind: Deployment
@@ -302,13 +428,61 @@ spec:
       serviceAccountName: web
 ```
 
+</CodeBlockConfig>
+
 After deploying the `web` application, you can test service mesh connections by deploying the `static-client`
 application with the configuration in the [previous section](#connecting-to-mesh-enabled-services) and add the
-following annotation to the pod template on `static-client`:
+`consul.hashicorp.com/connect-service-upstreams: 'web:1234,web-admin:2234'` annotation to the pod template on `static-client`:
+
+<CodeBlockConfig filename="multiport-static-client.yaml" lineNumbers highlight="33">
+
 ```yaml
-consul.hashicorp.com/connect-service-upstreams: "web:1234,web-admin:2234"
+apiVersion: v1
+kind: Service
+metadata:
+  # This name will be the service name in Consul.
+  name: static-client
+spec:
+  selector:
+    app: static-client
+  ports:
+    - port: 80
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: static-client
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: static-client
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: static-client
+  template:
+    metadata:
+      name: static-client
+      labels:
+        app: static-client
+      annotations:
+        'consul.hashicorp.com/connect-inject': 'true'
+        'consul.hashicorp.com/connect-service-upstreams': 'web:1234,web-admin:2234'
+    spec:
+      containers:
+        - name: static-client
+          image: curlimages/curl:latest
+          # Just spin & wait forever, we'll use `kubectl exec` to demo
+          command: ['/bin/sh', '-c', '--']
+          args: ['while true; do sleep 30; done;']
+      # If ACLs are enabled, the serviceAccountName must match the Consul service name.
+      serviceAccountName: static-client
 ```
 
+</CodeBlockConfig>
+
 If you exec on to a static-client pod, using a command like:
 ```shell-session
 $ kubectl exec -it static-client-5bd667fbd6-kk6xs -- /bin/sh

From b0a2e33e0a6c4ec411266dfcef38a3a648fefb50 Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Fri, 7 Jul 2023 10:03:28 -0700
Subject: [PATCH 145/359] address feedback (#18045)

---
 website/content/docs/k8s/connect/index.mdx | 23 +++++++++++-----------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/website/content/docs/k8s/connect/index.mdx b/website/content/docs/k8s/connect/index.mdx
index 884119cd92a5..57096a4a29a8 100644
--- a/website/content/docs/k8s/connect/index.mdx
+++ b/website/content/docs/k8s/connect/index.mdx
@@ -21,24 +21,24 @@ If `connectInject.default` is set to `false` or you want to explicitly enable se
 
 ### Service names
 
-When the service is onboarded, the name registered in Consul is set to the name of the Kubernetes Service associated with the Pod. You can specify a custom name for the service in the [`consul.hashicorp.com/connect-service` annotation](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service), but if ACLs are enabled, then the name of the service registered in Consul must match the Pod's `ServiceAccount` name.
+When the service is onboarded, the name registered in Consul is set to the name of the Kubernetes Service associated with the Pod. You can use the [`consul.hashicorp.com/connect-service` annotation](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service) to specify a custom name for the service, but if ACLs are enabled then the name of the service registered in Consul must match the Pod's `ServiceAccount` name.
 
 ### Transparent proxy mode
 
 By default, the Consul service mesh runs in transparent proxy mode. This mode forces inbound and outbound traffic through the sidecar proxy even though the service binds to all interfaces. Transparent proxy infers the location of upstream services using Consul service intentions, and also allows you to use Kubernetes DNS as you normally would for your workloads. 
 
-When transparent proxy mode is enabled, all service-to-service traffic is required to use mTLS. While onboarding new services to service mesh, your network may have mixed mTLS and non-mTLS traffic, which can result in broken service-to-service communication. You can temporarily enable permissive mTLS mode during the onboarding process so that existing mesh services can accept traffic from services that are not yet fully onboarded. Permissive mTLS enables sidecar proxies to access both mTLS and non-mTLS traffic. Refer to [Onboard mesh services in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for additional information.
+When transparent proxy mode is enabled, all service-to-service traffic is required to use mTLS. When onboarding new services to service mesh, your network may have mixed mTLS and non-mTLS traffic, which can result in broken service-to-service communication. You can temporarily enable permissive mTLS mode during the onboarding process so that existing mesh services can accept traffic from services that are not yet fully onboarded. Permissive mTLS enables sidecar proxies to access both mTLS and non-mTLS traffic. Refer to [Onboard mesh services in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for additional information.
 
 ### Kubernetes service mesh workload scenarios 
 
--> **Note:** A Kubernetes Service is **required** to register services on the Consul Service Mesh as Consul monitors the lifecyle of a Kubernetes service and its service instances using the service object. In addition the Kubernetes service is used to register and de-register the service from the Catalog. 
+-> **Note:** A Kubernetes Service is required in order to register services on the Consul service mesh. Consul monitors the lifecyle of the Kubernetes Service and its service instances using the service object. In addition, the Kubernetes service is used to register and de-register the service from Consul's catalog. 
 
-Below are multiple scenarios for registering workloads on Kubernetes onto Consul Service Mesh. Each scenario provides an example Kubernetes manifest to help quickly understand how to use Consul Service Mesh on a specific Kubernetes workload type.
+The following configurations are examples for registering workloads on Kubernetes into Consul's service mesh in different scenarios. Each scenario provides an example Kubernetes manifest to demonstrate how to use Consul's service mesh with a specific Kubernetes workload type.
 
 - [Kubernetes Pods running as a deployment](#kubernetes-pods-running-as-a-deployment)
 - [Connecting to mesh-enabled Services](#connecting-to-mesh-enabled-services)
 - [Kubernetes Jobs](#kubernetes-jobs)
-- [Kubernetes Pods with Multiple ports](#kubernetes-pods-with-multiple-ports)
+- [Kubernetes Pods with multiple ports](#kubernetes-pods-with-multiple-ports)
 
 #### Kubernetes Pods running as a deployment
 
@@ -97,9 +97,9 @@ spec:
 
 </CodeBlockConfig>
 
-To establish a connection to the Pod using service mesh, a client must use another mesh proxy. The client mesh proxy will use Consul service discovery to find all available upstream proxies and their public ports.
+To establish a connection to the upstream Pod using service mesh, a client must dial the upstream workload using a mesh proxy. The client mesh proxy will use Consul service discovery to find all available upstream proxies and their public ports.
 
-#### Connecting to Mesh-Enabled Services
+#### Connecting to mesh-enabled Services
 
 The example Deployment specification below configures a Deployment that is capable
 of establishing connections to our previous example "static-server" service. The
@@ -190,7 +190,7 @@ command terminated with exit code 52
 
 #### Kubernetes Jobs
 
-Kubernetes Jobs run pods that successfully terminate and only make outbound requests to services on the mesh. In order to register a Kubernetes job on the mesh, you must provide an integer value for the `consul.hashicorp.com/sidecar-proxy-lifecycle-shutdown-grace-period-seconds` annotation, and issue a request the `http://127.0.0.1:20600/graceful_shutdown` API endpoint for `consul-dataplane` to gracefully shut down the `consul-dataplane` sidecar after the job is complete. ,
+Kubernetes Jobs run pods that only make outbound requests to services on the mesh and successfully terminate when they are complete. In order to register a Kubernetes Job with the mesh, you must provide an integer value for the `consul.hashicorp.com/sidecar-proxy-lifecycle-shutdown-grace-period-seconds` annotation. Then, issue a request to the `http://127.0.0.1:20600/graceful_shutdown` API endpoint so that Kubernetes gracefully shuts down the `consul-dataplane` sidecar after the job is complete.
 
 Below is an example Kubernetes manifest that deploys a job correctly. 
 
@@ -266,7 +266,7 @@ NAME       COMPLETIONS   DURATION   AGE
 test-job   1/1           30s        4m31s
 ```
 
-In addition, based on the logs emitted by the pod you can verify that the proxy was indeed shut down prior to job completing. 
+In addition, based on the logs emitted by the pod you can verify that the proxy was shut down before the Job completed. 
 
 ```shell-session
 $ kubectl logs test-job-49st7 -c test-job
@@ -275,7 +275,7 @@ Killing proxy
 Ended test job
 ```
 
-#### Kubernetes Pods with Multiple ports
+#### Kubernetes Pods with multiple ports
 
 To configure a pod with multiple ports to be a part of the service mesh and receive and send service mesh traffic, you
 will need to add configuration so that a Consul service can be registered per port. This is because services in Consul
@@ -382,8 +382,7 @@ The service account on the pod spec for the deployment should be set to the firs
 serviceAccountName: web
 ```
 
-For reference, a full deployment example is provided below with the correct annotations provided. In addition, the previous yaml manifests can also be combined into
-a single manifest for easier deployment. 
+The following deployment example demonstrates the required annotations for the manifest. In addition, the previous YAML manifests can also be combined into a single manifest for easier deployment. 
 
 <CodeBlockConfig filename="multiport-web.yaml">
 

From f4b08040fd3d3ac73d7c73dd0f41b38eefb8c6f3 Mon Sep 17 00:00:00 2001
From: Fulvio <fulviodenza823@gmail.com>
Date: Mon, 10 Jul 2023 17:34:41 +0200
Subject: [PATCH 146/359] Add verify server hostname to tls default (#17155)

---
 .changelog/17155.txt                          |   3 +
 agent/config/builder.go                       |  11 +-
 agent/config/runtime_test.go                  | 111 +++++++++++++++++-
 .../docs/agent/config/config-files.mdx        |  15 +--
 website/content/docs/agent/index.mdx          |   3 -
 .../docs/security/security-models/core.mdx    |   6 -
 6 files changed, 126 insertions(+), 23 deletions(-)
 create mode 100644 .changelog/17155.txt

diff --git a/.changelog/17155.txt b/.changelog/17155.txt
new file mode 100644
index 000000000000..03cec33e991a
--- /dev/null
+++ b/.changelog/17155.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+config: Add new `tls.defaults.verify_server_hostname` configuration option. This specifies the default value for any interfaces that support the `verify_server_hostname` option.
+```
diff --git a/agent/config/builder.go b/agent/config/builder.go
index 6acd1b0039ee..98bac1711cac 100644
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@@ -2653,10 +2653,10 @@ func (b *builder) buildTLSConfig(rt RuntimeConfig, t TLS) (tlsutil.Config, error
 		return c, errors.New("verify_outgoing is not valid in the tls.grpc stanza")
 	}
 
-	// Similarly, only the internal RPC configuration honors VerifyServerHostname
+	// Similarly, only the internal RPC and defaults configuration honor VerifyServerHostname
 	// so we call it out here too.
-	if t.Defaults.VerifyServerHostname != nil || t.GRPC.VerifyServerHostname != nil || t.HTTPS.VerifyServerHostname != nil {
-		return c, errors.New("verify_server_hostname is only valid in the tls.internal_rpc stanza")
+	if t.GRPC.VerifyServerHostname != nil || t.HTTPS.VerifyServerHostname != nil {
+		return c, errors.New("verify_server_hostname is only valid in the tls.defaults and tls.internal_rpc stanzas")
 	}
 
 	// And UseAutoCert right now only applies to external gRPC interface.
@@ -2706,8 +2706,11 @@ func (b *builder) buildTLSConfig(rt RuntimeConfig, t TLS) (tlsutil.Config, error
 	}
 
 	mapCommon("internal_rpc", t.InternalRPC, &c.InternalRPC)
-	c.InternalRPC.VerifyServerHostname = boolVal(t.InternalRPC.VerifyServerHostname)
 
+	c.InternalRPC.VerifyServerHostname = boolVal(t.Defaults.VerifyServerHostname)
+	if t.InternalRPC.VerifyServerHostname != nil {
+		c.InternalRPC.VerifyServerHostname = boolVal(t.InternalRPC.VerifyServerHostname)
+	}
 	// Setting only verify_server_hostname is documented to imply verify_outgoing.
 	// If it doesn't then we risk sending communication over plain TCP when we
 	// documented it as forcing TLS for RPCs. Enforce this here rather than in
diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go
index cc5451804dd7..b18a63162484 100644
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@@ -2736,7 +2736,44 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 				}
 			}
 		`},
-		expectedErr: "verify_server_hostname is only valid in the tls.internal_rpc stanza",
+		expected: func(rt *RuntimeConfig) {
+			rt.DataDir = dataDir
+			rt.TLS.InternalRPC.VerifyServerHostname = true
+			rt.TLS.InternalRPC.VerifyOutgoing = true
+		},
+	})
+	run(t, testCase{
+		desc: "verify_server_hostname in the defaults stanza and internal_rpc",
+		args: []string{
+			`-data-dir=` + dataDir,
+		},
+		hcl: []string{`
+			tls {
+				defaults {
+					verify_server_hostname = false
+				},
+				internal_rpc {
+					verify_server_hostname = true
+				}
+			}
+		`},
+		json: []string{`
+			{
+				"tls": {
+					"defaults": {
+						"verify_server_hostname": false
+					},
+					"internal_rpc": {
+						"verify_server_hostname": true
+					}
+				}
+			}
+		`},
+		expected: func(rt *RuntimeConfig) {
+			rt.DataDir = dataDir
+			rt.TLS.InternalRPC.VerifyServerHostname = true
+			rt.TLS.InternalRPC.VerifyOutgoing = true
+		},
 	})
 	run(t, testCase{
 		desc: "verify_server_hostname in the grpc stanza",
@@ -2759,7 +2796,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 				}
 			}
 		`},
-		expectedErr: "verify_server_hostname is only valid in the tls.internal_rpc stanza",
+		expectedErr: "verify_server_hostname is only valid in the tls.defaults and tls.internal_rpc stanza",
 	})
 	run(t, testCase{
 		desc: "verify_server_hostname in the https stanza",
@@ -2782,7 +2819,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 				}
 			}
 		`},
-		expectedErr: "verify_server_hostname is only valid in the tls.internal_rpc stanza",
+		expectedErr: "verify_server_hostname is only valid in the tls.defaults and tls.internal_rpc stanza",
 	})
 	run(t, testCase{
 		desc: "translated keys",
@@ -5723,6 +5760,74 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.TLS.InternalRPC.VerifyOutgoing = true
 		},
 	})
+	run(t, testCase{
+		desc: "tls.defaults.verify_server_hostname implies tls.internal_rpc.verify_outgoing",
+		args: []string{
+			`-data-dir=` + dataDir,
+		},
+		json: []string{`
+			{
+				"tls": {
+					"defaults": {
+						"verify_server_hostname": true
+					}
+				}
+			}
+		`},
+		hcl: []string{`
+			tls {
+				defaults {
+					verify_server_hostname = true
+				}
+			}
+		`},
+		expected: func(rt *RuntimeConfig) {
+			rt.DataDir = dataDir
+
+			rt.TLS.Domain = "consul."
+			rt.TLS.NodeName = "thehostname"
+
+			rt.TLS.InternalRPC.VerifyServerHostname = true
+			rt.TLS.InternalRPC.VerifyOutgoing = true
+		},
+	})
+	run(t, testCase{
+		desc: "tls.internal_rpc.verify_server_hostname overwrites tls.defaults.verify_server_hostname",
+		args: []string{
+			`-data-dir=` + dataDir,
+		},
+		json: []string{`
+			{
+				"tls": {
+					"defaults": {
+						"verify_server_hostname": false
+					},
+					"internal_rpc": {
+						"verify_server_hostname": true
+					}
+				}
+			}
+		`},
+		hcl: []string{`
+			tls {
+				defaults {
+					verify_server_hostname = false
+				},
+				internal_rpc {
+					verify_server_hostname = true
+				}
+			}
+		`},
+		expected: func(rt *RuntimeConfig) {
+			rt.DataDir = dataDir
+
+			rt.TLS.Domain = "consul."
+			rt.TLS.NodeName = "thehostname"
+
+			rt.TLS.InternalRPC.VerifyServerHostname = true
+			rt.TLS.InternalRPC.VerifyOutgoing = true
+		},
+	})
 	run(t, testCase{
 		desc: "tls.grpc.use_auto_cert defaults to false",
 		args: []string{
diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx
index 1b382341e467..8d46b63bd0ce 100644
--- a/website/content/docs/agent/config/config-files.mdx
+++ b/website/content/docs/agent/config/config-files.mdx
@@ -2094,6 +2094,12 @@ specially crafted certificate signed by the CA can be used to gain full access t
       * `TLSv1_2` (default)
       * `TLSv1_3`
 
+    - `verify_server_hostname` ((#tls_internal_rpc_verify_server_hostname)) When 
+      set to true, Consul verifies the TLS certificate presented by the servers 
+      match the hostname `server.<datacenter>.<domain>`. By default this is false, 
+      and Consul does not verify the hostname of the certificate, only that it 
+      is signed by a trusted CA. 
+
       **WARNING: TLS 1.1 and lower are generally considered less secure and
       should not be used if possible.**
 
@@ -2201,7 +2207,7 @@ specially crafted certificate signed by the CA can be used to gain full access t
       only way to enforce that no client can communicate with a server unencrypted
       is to also enable `verify_incoming` which requires client certificates too.
 
-    - `verify_server_hostname` ((#tls_internal_rpc_verify_server_hostname)) When
+    - `verify_server_hostname` Overrides [tls.defaults.verify_server_hostname](#tls_defaults_verify_server_hostname). When
       set to true, Consul verifies the TLS certificate presented by the servers
       match the hostname `server.<datacenter>.<domain>`. By default this is false,
       and Consul does not verify the hostname of the certificate, only that it
@@ -2285,9 +2291,6 @@ tls {
     ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
     verify_incoming = true
     verify_outgoing = true
-  }
-
-  internal_rpc {
     verify_server_hostname = true
   }
 }
@@ -2316,9 +2319,7 @@ tls {
       "cert_file": "/etc/pki/tls/certs/my.crt",
       "ca_file": "/etc/pki/tls/certs/ca-bundle.crt",
       "verify_incoming": true,
-      "verify_outgoing": true
-    },
-    "internal_rpc": {
+      "verify_outgoing": true,
       "verify_server_hostname": true
     }
   }
diff --git a/website/content/docs/agent/index.mdx b/website/content/docs/agent/index.mdx
index ec68e0a1ce1f..b5a06b39e640 100644
--- a/website/content/docs/agent/index.mdx
+++ b/website/content/docs/agent/index.mdx
@@ -276,9 +276,6 @@ tls {
     ca_file = "/consul/config/certs/consul-agent-ca.pem"
     cert_file = "/consul/config/certs/dc1-server-consul-0.pem"
     key_file = "/consul/config/certs/dc1-server-consul-0-key.pem"
-  }
-
-  internal_rpc {
     verify_server_hostname = true
   }
 }
diff --git a/website/content/docs/security/security-models/core.mdx b/website/content/docs/security/security-models/core.mdx
index 92a5c1ac91c2..2b6bb0515d71 100644
--- a/website/content/docs/security/security-models/core.mdx
+++ b/website/content/docs/security/security-models/core.mdx
@@ -128,9 +128,6 @@ environment and adapt these configurations accordingly.
         ca_file = "consul-agent-ca.pem"
         cert_file = "dc1-server-consul-0.pem"
         key_file = "dc1-server-consul-0-key.pem"
-      }
-
-      internal_rpc {
         verify_server_hostname = true
       }
     }
@@ -148,9 +145,6 @@ environment and adapt these configurations accordingly.
           verify_incoming = false
           verify_outgoing = true
           ca_file = "consul-agent-ca.pem"
-        }
-
-        internal_rpc {
           verify_server_hostname = true
         }
       }

From 1b08626358a42815852ecc943d929714a346b75b Mon Sep 17 00:00:00 2001
From: Dan Stough <dan.stough@hashicorp.com>
Date: Mon, 10 Jul 2023 17:08:06 -0400
Subject: [PATCH 147/359] [OSS] Fix initial_fetch_timeout to wait for all xDS
 resources (#18024)

* fix(connect): set initial_fetch_time to wait indefinitely

* changelog

* PR feedback 1
---
 .changelog/18024.txt                          |  3 ++
 agent/proxycfg/api_gateway.go                 | 20 +++++++++---
 agent/proxycfg/ingress_gateway.go             |  6 +++-
 agent/proxycfg/snapshot.go                    | 31 ++++++++++++++++---
 agent/proxycfg/state.go                       |  2 ++
 agent/proxycfg/testing_api_gateway.go         | 11 ++++---
 command/connect/envoy/bootstrap_tpl.go        |  2 ++
 ..._ADDR-with-https-scheme-enables-tls.golden |  2 ++
 ...tps-scheme-does-not-affect-grpc-tls.golden |  2 ++
 .../envoy/testdata/access-log-path.golden     |  2 ++
 .../access-logs-enabled-custom.golden         |  2 ++
 .../envoy/testdata/access-logs-enabled.golden |  2 ++
 .../testdata/acl-enabled-and-token.golden     |  2 ++
 .../testdata/acl-enabled-but-no-token.golden  |  2 ++
 ...AIN-and-CONSUL_GRPC_ADDR-TLS-is-tls.golden |  2 ++
 ...and-CONSUL_GRPC_ADDR-PLAIN-is-plain.golden |  2 ++
 .../envoy/testdata/defaults-nodemeta.golden   |  2 ++
 .../connect/envoy/testdata/defaults.golden    |  2 ++
 .../deprecated-grpc-addr-config.golden        |  2 ++
 .../testdata/envoy-readiness-probe.golden     |  2 ++
 .../envoy/testdata/existing-ca-file.golden    |  2 ++
 .../envoy/testdata/existing-ca-path.golden    |  2 ++
 .../envoy/testdata/extra_-multiple.golden     |  2 ++
 .../envoy/testdata/extra_-single.golden       |  2 ++
 .../envoy/testdata/grpc-addr-env.golden       |  2 ++
 .../envoy/testdata/grpc-addr-flag.golden      |  2 ++
 .../testdata/grpc-addr-unix-with-tls.golden   |  2 ++
 .../envoy/testdata/grpc-addr-unix.golden      |  2 ++
 .../testdata/grpc-tls-addr-config.golden      |  2 ++
 .../ingress-gateway-address-specified.golden  |  2 ++
 .../ingress-gateway-no-auto-register.golden   |  2 ++
 .../testdata/ingress-gateway-nodemeta.golden  |  2 ++
 ...-register-with-service-and-proxy-id.golden |  2 ++
 ...ister-with-service-without-proxy-id.golden |  2 ++
 .../envoy/testdata/ingress-gateway.golden     |  2 ++
 .../prometheus-metrics-tls-ca-file.golden     |  2 ++
 .../prometheus-metrics-tls-ca-path.golden     |  2 ++
 .../envoy/testdata/prometheus-metrics.golden  |  2 ++
 .../testdata/stats-config-override.golden     |  2 ++
 .../envoy/testdata/telemetry-collector.golden |  2 ++
 .../connect/envoy/testdata/token-arg.golden   |  2 ++
 .../connect/envoy/testdata/token-env.golden   |  2 ++
 .../envoy/testdata/token-file-arg.golden      |  2 ++
 .../envoy/testdata/token-file-env.golden      |  2 ++
 .../envoy/testdata/xds-addr-config.golden     |  2 ++
 .../testdata/zipkin-tracing-config.golden     |  2 ++
 .../test/gateways/ingress_gateway_test.go     |  5 ---
 47 files changed, 137 insertions(+), 21 deletions(-)
 create mode 100644 .changelog/18024.txt

diff --git a/.changelog/18024.txt b/.changelog/18024.txt
new file mode 100644
index 000000000000..a661e7304c62
--- /dev/null
+++ b/.changelog/18024.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration.
+```
\ No newline at end of file
diff --git a/agent/proxycfg/api_gateway.go b/agent/proxycfg/api_gateway.go
index 7a4a48d0d251..41eb5921259e 100644
--- a/agent/proxycfg/api_gateway.go
+++ b/agent/proxycfg/api_gateway.go
@@ -6,6 +6,7 @@ package proxycfg
 import (
 	"context"
 	"fmt"
+
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/proxycfg/internal/watch"
@@ -48,13 +49,13 @@ func (h *handlerAPIGateway) initialize(ctx context.Context) (ConfigSnapshot, err
 	}
 
 	// Watch the api-gateway's config entry
-	err = h.subscribeToConfigEntry(ctx, structs.APIGateway, h.service, h.proxyID.EnterpriseMeta, gatewayConfigWatchID)
+	err = h.subscribeToConfigEntry(ctx, structs.APIGateway, h.service, h.proxyID.EnterpriseMeta, apiGatewayConfigWatchID)
 	if err != nil {
 		return snap, err
 	}
 
 	// Watch the bound-api-gateway's config entry
-	err = h.subscribeToConfigEntry(ctx, structs.BoundAPIGateway, h.service, h.proxyID.EnterpriseMeta, gatewayConfigWatchID)
+	err = h.subscribeToConfigEntry(ctx, structs.BoundAPIGateway, h.service, h.proxyID.EnterpriseMeta, boundGatewayConfigWatchID)
 	if err != nil {
 		return snap, err
 	}
@@ -108,9 +109,9 @@ func (h *handlerAPIGateway) handleUpdate(ctx context.Context, u UpdateEvent, sna
 		if err := h.handleRootCAUpdate(u, snap); err != nil {
 			return err
 		}
-	case u.CorrelationID == gatewayConfigWatchID:
+	case u.CorrelationID == apiGatewayConfigWatchID || u.CorrelationID == boundGatewayConfigWatchID:
 		// Handle change in the api-gateway or bound-api-gateway config entry
-		if err := h.handleGatewayConfigUpdate(ctx, u, snap); err != nil {
+		if err := h.handleGatewayConfigUpdate(ctx, u, snap, u.CorrelationID); err != nil {
 			return err
 		}
 	case u.CorrelationID == inlineCertificateConfigWatchID:
@@ -146,11 +147,20 @@ func (h *handlerAPIGateway) handleRootCAUpdate(u UpdateEvent, snap *ConfigSnapsh
 // In particular, we want to make sure that we're subscribing to any attached resources such
 // as routes and certificates. These additional subscriptions will enable us to update the
 // config snapshot appropriately for any route or certificate changes.
-func (h *handlerAPIGateway) handleGatewayConfigUpdate(ctx context.Context, u UpdateEvent, snap *ConfigSnapshot) error {
+func (h *handlerAPIGateway) handleGatewayConfigUpdate(ctx context.Context, u UpdateEvent, snap *ConfigSnapshot, correlationID string) error {
 	resp, ok := u.Result.(*structs.ConfigEntryResponse)
 	if !ok {
 		return fmt.Errorf("invalid type for response: %T", u.Result)
 	} else if resp.Entry == nil {
+		// A nil response indicates that we have the watch configured and that we are done with further changes
+		// until a new response comes in. By setting these earlier we allow a minimal xDS snapshot to configure the
+		// gateway.
+		if correlationID == apiGatewayConfigWatchID {
+			snap.APIGateway.GatewayConfigLoaded = true
+		}
+		if correlationID == boundGatewayConfigWatchID {
+			snap.APIGateway.BoundGatewayConfigLoaded = true
+		}
 		return nil
 	}
 
diff --git a/agent/proxycfg/ingress_gateway.go b/agent/proxycfg/ingress_gateway.go
index 22eb40505677..efb774c9b17c 100644
--- a/agent/proxycfg/ingress_gateway.go
+++ b/agent/proxycfg/ingress_gateway.go
@@ -95,6 +95,11 @@ func (s *handlerIngressGateway) handleUpdate(ctx context.Context, u UpdateEvent,
 		if !ok {
 			return fmt.Errorf("invalid type for response: %T", u.Result)
 		}
+
+		// We set this even if the response is empty so that we know the watch is set,
+		// but we don't block if the ingress config entry is unset for this gateway
+		snap.IngressGateway.GatewayConfigLoaded = true
+
 		if resp.Entry == nil {
 			return nil
 		}
@@ -103,7 +108,6 @@ func (s *handlerIngressGateway) handleUpdate(ctx context.Context, u UpdateEvent,
 			return fmt.Errorf("invalid type for config entry: %T", resp.Entry)
 		}
 
-		snap.IngressGateway.GatewayConfigLoaded = true
 		snap.IngressGateway.TLSConfig = gatewayConf.TLS
 		if gatewayConf.Defaults != nil {
 			snap.IngressGateway.Defaults = *gatewayConf.Defaults
diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go
index e8f95d9651be..1d06e5fd8c9c 100644
--- a/agent/proxycfg/snapshot.go
+++ b/agent/proxycfg/snapshot.go
@@ -824,6 +824,18 @@ DOMAIN_LOOP:
 	return services, upstreams, compiled, err
 }
 
+// valid tests for two valid api gateway snapshot states:
+//  1. waiting: the watch on api and bound gateway entries is set, but none were received
+//  2. loaded: both the valid config entries AND the leaf certs are set
+func (c *configSnapshotAPIGateway) valid() bool {
+	waiting := c.GatewayConfigLoaded && len(c.Upstreams) == 0 && c.BoundGatewayConfigLoaded && c.Leaf == nil
+
+	// If we have a leaf, it implies we successfully watched parent resources
+	loaded := c.GatewayConfigLoaded && c.BoundGatewayConfigLoaded && c.Leaf != nil
+
+	return waiting || loaded
+}
+
 type configSnapshotIngressGateway struct {
 	ConfigSnapshotUpstreams
 
@@ -872,6 +884,18 @@ func (c *configSnapshotIngressGateway) isEmpty() bool {
 		!c.MeshConfigSet
 }
 
+// valid tests for two valid ingress snapshot states:
+//  1. waiting: the watch on ingress config entries is set, but none were received
+//  2. loaded: both the ingress config entry AND the leaf cert are set
+func (c *configSnapshotIngressGateway) valid() bool {
+	waiting := c.GatewayConfigLoaded && len(c.Upstreams) == 0 && c.Leaf == nil
+
+	// If we have a leaf, it implies we successfully watched parent resources
+	loaded := c.GatewayConfigLoaded && c.Leaf != nil
+
+	return waiting || loaded
+}
+
 type APIGatewayListenerKey = IngressListenerKey
 
 func APIGatewayListenerKeyFromListener(l structs.APIGatewayListener) APIGatewayListenerKey {
@@ -965,17 +989,14 @@ func (s *ConfigSnapshot) Valid() bool {
 
 	case structs.ServiceKindIngressGateway:
 		return s.Roots != nil &&
-			s.IngressGateway.Leaf != nil &&
-			s.IngressGateway.GatewayConfigLoaded &&
+			s.IngressGateway.valid() &&
 			s.IngressGateway.HostsSet &&
 			s.IngressGateway.MeshConfigSet
 
 	case structs.ServiceKindAPIGateway:
 		// TODO Is this the proper set of things to validate?
 		return s.Roots != nil &&
-			s.APIGateway.Leaf != nil &&
-			s.APIGateway.GatewayConfigLoaded &&
-			s.APIGateway.BoundGatewayConfigLoaded &&
+			s.APIGateway.valid() &&
 			s.APIGateway.MeshConfigSet
 	default:
 		return false
diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go
index 028a3fd59da8..7bbb7f7b87c5 100644
--- a/agent/proxycfg/state.go
+++ b/agent/proxycfg/state.go
@@ -36,6 +36,8 @@ const (
 	serviceResolversWatchID            = "service-resolvers"
 	gatewayServicesWatchID             = "gateway-services"
 	gatewayConfigWatchID               = "gateway-config"
+	apiGatewayConfigWatchID            = "api-gateway-config"
+	boundGatewayConfigWatchID          = "bound-gateway-config"
 	inlineCertificateConfigWatchID     = "inline-certificate-config"
 	routeConfigWatchID                 = "route-config"
 	externalServiceIDPrefix            = "external-service:"
diff --git a/agent/proxycfg/testing_api_gateway.go b/agent/proxycfg/testing_api_gateway.go
index 75229ccfdd3b..87ff58fbf053 100644
--- a/agent/proxycfg/testing_api_gateway.go
+++ b/agent/proxycfg/testing_api_gateway.go
@@ -6,9 +6,10 @@ package proxycfg
 import (
 	"fmt"
 
+	"github.com/mitchellh/go-testing-interface"
+
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/consul/discoverychain"
-	"github.com/mitchellh/go-testing-interface"
 
 	"github.com/hashicorp/consul/agent/configentry"
 	"github.com/hashicorp/consul/agent/structs"
@@ -49,13 +50,13 @@ func TestConfigSnapshotAPIGateway(
 			Result:        placeholderLeaf,
 		},
 		{
-			CorrelationID: gatewayConfigWatchID,
+			CorrelationID: apiGatewayConfigWatchID,
 			Result: &structs.ConfigEntryResponse{
 				Entry: entry,
 			},
 		},
 		{
-			CorrelationID: gatewayConfigWatchID,
+			CorrelationID: boundGatewayConfigWatchID,
 			Result: &structs.ConfigEntryResponse{
 				Entry: boundEntry,
 			},
@@ -141,13 +142,13 @@ func TestConfigSnapshotAPIGateway_NilConfigEntry(
 			Result:        roots,
 		},
 		{
-			CorrelationID: gatewayConfigWatchID,
+			CorrelationID: apiGatewayConfigWatchID,
 			Result: &structs.ConfigEntryResponse{
 				Entry: nil, // The first watch on a config entry will return nil if the config entry doesn't exist.
 			},
 		},
 		{
-			CorrelationID: gatewayConfigWatchID,
+			CorrelationID: boundGatewayConfigWatchID,
 			Result: &structs.ConfigEntryResponse{
 				Entry: nil, // The first watch on a config entry will return nil if the config entry doesn't exist.
 			},
diff --git a/command/connect/envoy/bootstrap_tpl.go b/command/connect/envoy/bootstrap_tpl.go
index 78d88f9b1d11..26b8e2118b1e 100644
--- a/command/connect/envoy/bootstrap_tpl.go
+++ b/command/connect/envoy/bootstrap_tpl.go
@@ -281,10 +281,12 @@ const bootstrapTemplate = `{
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/CONSUL_GRPC_ADDR-with-https-scheme-enables-tls.golden b/command/connect/envoy/testdata/CONSUL_GRPC_ADDR-with-https-scheme-enables-tls.golden
index a8ba4704f5e3..c8144ac72fa2 100644
--- a/command/connect/envoy/testdata/CONSUL_GRPC_ADDR-with-https-scheme-enables-tls.golden
+++ b/command/connect/envoy/testdata/CONSUL_GRPC_ADDR-with-https-scheme-enables-tls.golden
@@ -197,10 +197,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-does-not-affect-grpc-tls.golden b/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-does-not-affect-grpc-tls.golden
index 5485256b4f99..a89575d2c167 100644
--- a/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-does-not-affect-grpc-tls.golden
+++ b/command/connect/envoy/testdata/CONSUL_HTTP_ADDR-with-https-scheme-does-not-affect-grpc-tls.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/access-log-path.golden b/command/connect/envoy/testdata/access-log-path.golden
index 18a28a491e86..184a290b245f 100644
--- a/command/connect/envoy/testdata/access-log-path.golden
+++ b/command/connect/envoy/testdata/access-log-path.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/access-logs-enabled-custom.golden b/command/connect/envoy/testdata/access-logs-enabled-custom.golden
index 6af720bdaccb..50531f89c257 100644
--- a/command/connect/envoy/testdata/access-logs-enabled-custom.golden
+++ b/command/connect/envoy/testdata/access-logs-enabled-custom.golden
@@ -197,10 +197,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/access-logs-enabled.golden b/command/connect/envoy/testdata/access-logs-enabled.golden
index 892cf46324b4..ea2e15060718 100644
--- a/command/connect/envoy/testdata/access-logs-enabled.golden
+++ b/command/connect/envoy/testdata/access-logs-enabled.golden
@@ -219,10 +219,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/acl-enabled-and-token.golden b/command/connect/envoy/testdata/acl-enabled-and-token.golden
index 3342f0390471..a5427c7f2454 100644
--- a/command/connect/envoy/testdata/acl-enabled-and-token.golden
+++ b/command/connect/envoy/testdata/acl-enabled-and-token.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/acl-enabled-but-no-token.golden b/command/connect/envoy/testdata/acl-enabled-but-no-token.golden
index 5485256b4f99..a89575d2c167 100644
--- a/command/connect/envoy/testdata/acl-enabled-but-no-token.golden
+++ b/command/connect/envoy/testdata/acl-enabled-but-no-token.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-PLAIN-and-CONSUL_GRPC_ADDR-TLS-is-tls.golden b/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-PLAIN-and-CONSUL_GRPC_ADDR-TLS-is-tls.golden
index a8ba4704f5e3..c8144ac72fa2 100644
--- a/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-PLAIN-and-CONSUL_GRPC_ADDR-TLS-is-tls.golden
+++ b/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-PLAIN-and-CONSUL_GRPC_ADDR-TLS-is-tls.golden
@@ -197,10 +197,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-TLS-and-CONSUL_GRPC_ADDR-PLAIN-is-plain.golden b/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-TLS-and-CONSUL_GRPC_ADDR-PLAIN-is-plain.golden
index 5485256b4f99..a89575d2c167 100644
--- a/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-TLS-and-CONSUL_GRPC_ADDR-PLAIN-is-plain.golden
+++ b/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-TLS-and-CONSUL_GRPC_ADDR-PLAIN-is-plain.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/defaults-nodemeta.golden b/command/connect/envoy/testdata/defaults-nodemeta.golden
index 41788c3c42e4..ea65421109f3 100644
--- a/command/connect/envoy/testdata/defaults-nodemeta.golden
+++ b/command/connect/envoy/testdata/defaults-nodemeta.golden
@@ -185,10 +185,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/defaults.golden b/command/connect/envoy/testdata/defaults.golden
index 5485256b4f99..a89575d2c167 100644
--- a/command/connect/envoy/testdata/defaults.golden
+++ b/command/connect/envoy/testdata/defaults.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden b/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden
index ab87aa9b438f..e604c61d5063 100644
--- a/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden
+++ b/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/envoy-readiness-probe.golden b/command/connect/envoy/testdata/envoy-readiness-probe.golden
index 444528e8808e..18680a3206b3 100644
--- a/command/connect/envoy/testdata/envoy-readiness-probe.golden
+++ b/command/connect/envoy/testdata/envoy-readiness-probe.golden
@@ -273,10 +273,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/existing-ca-file.golden b/command/connect/envoy/testdata/existing-ca-file.golden
index a8ba4704f5e3..c8144ac72fa2 100644
--- a/command/connect/envoy/testdata/existing-ca-file.golden
+++ b/command/connect/envoy/testdata/existing-ca-file.golden
@@ -197,10 +197,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/existing-ca-path.golden b/command/connect/envoy/testdata/existing-ca-path.golden
index e246dbb324eb..c0566ab351d7 100644
--- a/command/connect/envoy/testdata/existing-ca-path.golden
+++ b/command/connect/envoy/testdata/existing-ca-path.golden
@@ -197,10 +197,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/extra_-multiple.golden b/command/connect/envoy/testdata/extra_-multiple.golden
index 038e65d8d9fb..819994f0c0ff 100644
--- a/command/connect/envoy/testdata/extra_-multiple.golden
+++ b/command/connect/envoy/testdata/extra_-multiple.golden
@@ -206,10 +206,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/extra_-single.golden b/command/connect/envoy/testdata/extra_-single.golden
index 14b8f0820500..b1fb71997b3f 100644
--- a/command/connect/envoy/testdata/extra_-single.golden
+++ b/command/connect/envoy/testdata/extra_-single.golden
@@ -197,10 +197,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/grpc-addr-env.golden b/command/connect/envoy/testdata/grpc-addr-env.golden
index ab87aa9b438f..e604c61d5063 100644
--- a/command/connect/envoy/testdata/grpc-addr-env.golden
+++ b/command/connect/envoy/testdata/grpc-addr-env.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/grpc-addr-flag.golden b/command/connect/envoy/testdata/grpc-addr-flag.golden
index ab87aa9b438f..e604c61d5063 100644
--- a/command/connect/envoy/testdata/grpc-addr-flag.golden
+++ b/command/connect/envoy/testdata/grpc-addr-flag.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/grpc-addr-unix-with-tls.golden b/command/connect/envoy/testdata/grpc-addr-unix-with-tls.golden
index 89764c310a47..2b902d48d476 100644
--- a/command/connect/envoy/testdata/grpc-addr-unix-with-tls.golden
+++ b/command/connect/envoy/testdata/grpc-addr-unix-with-tls.golden
@@ -196,10 +196,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/grpc-addr-unix.golden b/command/connect/envoy/testdata/grpc-addr-unix.golden
index eb8841ae993f..88e6e46bfb95 100644
--- a/command/connect/envoy/testdata/grpc-addr-unix.golden
+++ b/command/connect/envoy/testdata/grpc-addr-unix.golden
@@ -183,10 +183,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/grpc-tls-addr-config.golden b/command/connect/envoy/testdata/grpc-tls-addr-config.golden
index e79cf0455d2b..e65fc5f09cd6 100644
--- a/command/connect/envoy/testdata/grpc-tls-addr-config.golden
+++ b/command/connect/envoy/testdata/grpc-tls-addr-config.golden
@@ -197,10 +197,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/ingress-gateway-address-specified.golden b/command/connect/envoy/testdata/ingress-gateway-address-specified.golden
index cc2e504eaf95..038c8fcc5dd2 100644
--- a/command/connect/envoy/testdata/ingress-gateway-address-specified.golden
+++ b/command/connect/envoy/testdata/ingress-gateway-address-specified.golden
@@ -273,10 +273,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden b/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden
index cddaa490dd2c..80f1f9a8b7c6 100644
--- a/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden
+++ b/command/connect/envoy/testdata/ingress-gateway-no-auto-register.golden
@@ -273,10 +273,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/ingress-gateway-nodemeta.golden b/command/connect/envoy/testdata/ingress-gateway-nodemeta.golden
index d79739ed7280..8a2d5f62768e 100644
--- a/command/connect/envoy/testdata/ingress-gateway-nodemeta.golden
+++ b/command/connect/envoy/testdata/ingress-gateway-nodemeta.golden
@@ -274,10 +274,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden b/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden
index 3149fc4b33a5..6192f674ac17 100644
--- a/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden
+++ b/command/connect/envoy/testdata/ingress-gateway-register-with-service-and-proxy-id.golden
@@ -273,10 +273,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden b/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden
index f8eb44754117..92d80e033e9b 100644
--- a/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden
+++ b/command/connect/envoy/testdata/ingress-gateway-register-with-service-without-proxy-id.golden
@@ -273,10 +273,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/ingress-gateway.golden b/command/connect/envoy/testdata/ingress-gateway.golden
index c4fba520ed99..40a5c74d1bc2 100644
--- a/command/connect/envoy/testdata/ingress-gateway.golden
+++ b/command/connect/envoy/testdata/ingress-gateway.golden
@@ -273,10 +273,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/prometheus-metrics-tls-ca-file.golden b/command/connect/envoy/testdata/prometheus-metrics-tls-ca-file.golden
index 71b82250e30d..c93286e64e81 100644
--- a/command/connect/envoy/testdata/prometheus-metrics-tls-ca-file.golden
+++ b/command/connect/envoy/testdata/prometheus-metrics-tls-ca-file.golden
@@ -310,10 +310,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/prometheus-metrics-tls-ca-path.golden b/command/connect/envoy/testdata/prometheus-metrics-tls-ca-path.golden
index 07e56ae878a7..272175f70733 100644
--- a/command/connect/envoy/testdata/prometheus-metrics-tls-ca-path.golden
+++ b/command/connect/envoy/testdata/prometheus-metrics-tls-ca-path.golden
@@ -310,10 +310,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/prometheus-metrics.golden b/command/connect/envoy/testdata/prometheus-metrics.golden
index 5adc8a9485ee..5806dd671f76 100644
--- a/command/connect/envoy/testdata/prometheus-metrics.golden
+++ b/command/connect/envoy/testdata/prometheus-metrics.golden
@@ -273,10 +273,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/stats-config-override.golden b/command/connect/envoy/testdata/stats-config-override.golden
index d2a2371f20ea..dd4ff53dd194 100644
--- a/command/connect/envoy/testdata/stats-config-override.golden
+++ b/command/connect/envoy/testdata/stats-config-override.golden
@@ -62,10 +62,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/telemetry-collector.golden b/command/connect/envoy/testdata/telemetry-collector.golden
index 3977ce65bba3..81ef48662298 100644
--- a/command/connect/envoy/testdata/telemetry-collector.golden
+++ b/command/connect/envoy/testdata/telemetry-collector.golden
@@ -222,10 +222,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/token-arg.golden b/command/connect/envoy/testdata/token-arg.golden
index ac057e9a60b1..816bf7487572 100644
--- a/command/connect/envoy/testdata/token-arg.golden
+++ b/command/connect/envoy/testdata/token-arg.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/token-env.golden b/command/connect/envoy/testdata/token-env.golden
index ac057e9a60b1..816bf7487572 100644
--- a/command/connect/envoy/testdata/token-env.golden
+++ b/command/connect/envoy/testdata/token-env.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/token-file-arg.golden b/command/connect/envoy/testdata/token-file-arg.golden
index ac057e9a60b1..816bf7487572 100644
--- a/command/connect/envoy/testdata/token-file-arg.golden
+++ b/command/connect/envoy/testdata/token-file-arg.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/token-file-env.golden b/command/connect/envoy/testdata/token-file-env.golden
index ac057e9a60b1..816bf7487572 100644
--- a/command/connect/envoy/testdata/token-file-env.golden
+++ b/command/connect/envoy/testdata/token-file-env.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/xds-addr-config.golden b/command/connect/envoy/testdata/xds-addr-config.golden
index ab87aa9b438f..e604c61d5063 100644
--- a/command/connect/envoy/testdata/xds-addr-config.golden
+++ b/command/connect/envoy/testdata/xds-addr-config.golden
@@ -184,10 +184,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/command/connect/envoy/testdata/zipkin-tracing-config.golden b/command/connect/envoy/testdata/zipkin-tracing-config.golden
index fd52f5ae3f57..dc4779a7753d 100644
--- a/command/connect/envoy/testdata/zipkin-tracing-config.golden
+++ b/command/connect/envoy/testdata/zipkin-tracing-config.golden
@@ -217,10 +217,12 @@
   "dynamic_resources": {
     "lds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "cds_config": {
       "ads": {},
+      "initial_fetch_timeout": "0s",
       "resource_api_version": "V3"
     },
     "ads_config": {
diff --git a/test/integration/consul-container/test/gateways/ingress_gateway_test.go b/test/integration/consul-container/test/gateways/ingress_gateway_test.go
index 1a8958741c8a..fcadd3a0fae6 100644
--- a/test/integration/consul-container/test/gateways/ingress_gateway_test.go
+++ b/test/integration/consul-container/test/gateways/ingress_gateway_test.go
@@ -62,11 +62,6 @@ func TestIngressGateway(t *testing.T) {
 	ingressService, err := libservice.NewGatewayService(context.Background(), gwCfg, clientNode)
 	require.NoError(t, err)
 
-	// this is deliberate
-	// internally, ingress gw have a 15s timeout before the /ready endpoint is available,
-	// then we need to wait for the health check to re-execute and propagate.
-	time.Sleep(45 * time.Second)
-
 	// We check this is healthy here because in the case of bringing up a new kube cluster,
 	// it is not possible to create the config entry in advance.
 	// The health checks must pass so the pod can start up.

From 7decc305b952c9df32a84a7750c3a87d46c18e68 Mon Sep 17 00:00:00 2001
From: Krastin Krastev <krastin@hashicorp.com>
Date: Tue, 11 Jul 2023 15:09:32 +0200
Subject: [PATCH 148/359] ui: fix typos for peer service imports (#17999)

---
 ui/packages/consul-ui/translations/routes/en-us.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ui/packages/consul-ui/translations/routes/en-us.yaml b/ui/packages/consul-ui/translations/routes/en-us.yaml
index da76128e88ea..129686384002 100644
--- a/ui/packages/consul-ui/translations/routes/en-us.yaml
+++ b/ui/packages/consul-ui/translations/routes/en-us.yaml
@@ -152,7 +152,7 @@ dc:
             <div>
             {items, select,
               0 {Services must be exported from one peer to another to enable service communication across two peers. There don't seem to be any services imported from {name} yet, or you may not have <code>services:read</code> permissions to access to this view.}
-              other {No services where found matching that search, or you may not have access to view the services you are searching for.}
+              other {No services were found matching that search, or you may not have access to view the services you are searching for.}
             }
             </div>
       exported:
@@ -162,7 +162,7 @@ dc:
             <div>
             {items, select,
               0 {Services must be exported from one peer to another to enable service communication across two peers. There don't seem to be any services exported to {name} yet, or you may not have <code>services:read</code> permissions to access to this view.}
-              other {No services where found matching that search, or you may not have access to view the services you are searching for.}
+              other {No services were found matching that search, or you may not have access to view the services you are searching for.}
             }
             </div>
 

From da79997f3dccade966455e2834e79bc9fd32d5e9 Mon Sep 17 00:00:00 2001
From: Dan Stough <dan.stough@hashicorp.com>
Date: Tue, 11 Jul 2023 11:28:27 -0400
Subject: [PATCH 149/359] test: fix FIPS inline cert test message (#18076)

---
 agent/structs/config_entry_inline_certificate_test.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/agent/structs/config_entry_inline_certificate_test.go b/agent/structs/config_entry_inline_certificate_test.go
index 8c7754013106..b95f3b0e9694 100644
--- a/agent/structs/config_entry_inline_certificate_test.go
+++ b/agent/structs/config_entry_inline_certificate_test.go
@@ -162,7 +162,9 @@ func TestInlineCertificate(t *testing.T) {
 				PrivateKey:  tooShortPrivateKey,
 				Certificate: "foo",
 			},
-			validateErr: "key length must be at least 2048 bits",
+			// non-FIPS: "key length must be at least 2048 bits"
+			// FIPS: "key length invalid: only RSA lengths of 2048, 3072, and 4096 are allowed in FIPS mode"
+			validateErr: "key length",
 		},
 		"mismatched certificate": {
 			entry: &InlineCertificateConfigEntry{

From a30ba335b6a6d4af2e6ccf3b47212a24655baffa Mon Sep 17 00:00:00 2001
From: Joshua Timmons <josh.timmons@hashicorp.com>
Date: Tue, 11 Jul 2023 16:13:30 -0400
Subject: [PATCH 150/359] Fix a couple typos in Agent Telemetry Metrics docs
 (#18080)

* Fix metrics docs

* Add changelog

Signed-off-by: josh <josh.timmons@hashicorp.com>

---------

Signed-off-by: josh <josh.timmons@hashicorp.com>
---
 .changelog/18080.txt                     |  3 +++
 website/content/docs/agent/telemetry.mdx | 10 +++++-----
 2 files changed, 8 insertions(+), 5 deletions(-)
 create mode 100644 .changelog/18080.txt

diff --git a/.changelog/18080.txt b/.changelog/18080.txt
new file mode 100644
index 000000000000..9826b249eb31
--- /dev/null
+++ b/.changelog/18080.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+Fix some typos in metrics docs
+```
\ No newline at end of file
diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx
index 326f5b42dbf5..eae1c1aa4239 100644
--- a/website/content/docs/agent/telemetry.mdx
+++ b/website/content/docs/agent/telemetry.mdx
@@ -487,8 +487,8 @@ These metrics are used to monitor the health of the Consul servers.
 | `consul.raft.leader.oldestLogAge`                   | The number of milliseconds since the _oldest_ log in the leader's log store was written. This can be important for replication health where write rate is high and the snapshot is large as followers may be unable to recover from a restart if restoring takes longer than the minimum value for the current leader. Compare this with `consul.raft.fsm.lastRestoreDuration` and `consul.raft.rpc.installSnapshot` to monitor. In normal usage this gauge value will grow linearly over time until a snapshot completes on the leader and the log is truncated. Note: this metric won't be emitted until the leader writes a snapshot. After an upgrade to Consul 1.10.0 it won't be emitted until the oldest log was written after the upgrade. | ms                                | gauge   |
 | `consul.raft.replication.heartbeat`                 | Measures the time taken to invoke appendEntries on a peer, so that it doesn't timeout on a periodic basis.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | ms                                | timer   |
 | `consul.raft.replication.appendEntries`             | Measures the time it takes to replicate log entries to followers. This is a general indicator of the load pressure on the Consul servers, as well as the performance of the communication between the servers.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | ms                                | timer   |
-| `consul.raft.replication.appendEntries.rpc`         | Measures the time taken by the append entries RFC, to replicate the log entries of a leader agent onto its follower agent(s)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | ms                                | timer   |
-| `consul.raft.replication.appendEntries.logs`        | Measures the number of logs replicated to an agent, to bring it up to speed with the leader's logs.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | logs appended/ interval           | counter |
+| `consul.raft.replication.appendEntries.rpc`         | Measures the time taken by the append entries RPC to replicate the log entries of a leader agent onto its follower agent(s).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | ms                                | timer   |
+| `consul.raft.replication.appendEntries.logs`        | Counts the number of logs replicated to an agent to bring it up to speed with the leader's logs.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | logs appended/ interval           | counter |
 | `consul.raft.restore`                               | Counts the number of times the restore operation has been performed by the agent. Here, restore refers to the action of raft consuming an external snapshot to restore its state.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | operation invoked / interval      | counter |
 | `consul.raft.restoreUserSnapshot`                   | Measures the time taken by the agent to restore the FSM state from a user's snapshot                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | ms                                | timer   |
 | `consul.raft.rpc.appendEntries`                     | Measures the time taken to process an append entries RPC call from an agent.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | ms                                | timer   |
@@ -560,12 +560,12 @@ These metrics are used to monitor the health of the Consul servers.
 | `consul.leader.replication.namespaces.status`       | <EnterpriseAlert inline /> This will only be emitted by the leader in a secondary datacenter. The value will be a 1 if the last round of namespace replication was successful or 0 if there was an error.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | healthy                           | gauge   |
 | `consul.leader.replication.namespaces.index`        | <EnterpriseAlert inline /> This will only be emitted by the leader in a secondary datacenter. Increments to the index of namespaces in the primary datacenter that have been successfully replicated.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | index                             | gauge   |
 | `consul.prepared-query.apply`                       | Measures the time it takes to apply a prepared query update.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | ms                                | timer   |
-| `consul.prepared-query.explain`                     | Measures the time it takes to process a prepared query explain request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | ms                                | timer   |
-| `consul.prepared-query.execute`                     | Measures the time it takes to process a prepared query execute request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | ms                                | timer   |
 | `consul.prepared-query.execute_remote`              | Measures the time it takes to process a prepared query execute request that was forwarded to another datacenter.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | ms                                | timer   |
+| `consul.prepared-query.execute`                     | Measures the time it takes to process a prepared query execute request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | ms                                | timer   |
+| `consul.prepared-query.explain`                     | Measures the time it takes to process a prepared query explain request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | ms                                | timer   |
 | `consul.rpc.raft_handoff`                           | Increments when a server accepts a Raft-related RPC connection.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | connections                       | counter |
-| `consul.rpc.request_error`                          | Increments when a server returns an error from an RPC request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | errors                            | counter |
 | `consul.rpc.request`                                | Increments when a server receives a Consul-related RPC request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | requests                          | counter |
+| `consul.rpc.request_error`                          | Increments when a server returns an error from an RPC request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | errors                            | counter |
 | `consul.rpc.query`                                  | Increments when a server receives a read RPC request, indicating the rate of new read queries. See consul.rpc.queries_blocking for the current number of in-flight blocking RPC calls. This metric changed in 1.7.0 to only increment on the the start of a query. The rate of queries will appear lower, but is more accurate.                                                                                                                                                                                                                                                                                                                                                                                                                    | queries                           | counter |
 | `consul.rpc.queries_blocking`                       | The current number of in-flight blocking queries the server is handling.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | queries                           | gauge   |
 | `consul.rpc.cross-dc`                               | Increments when a server sends a (potentially blocking) cross datacenter RPC query.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | queries                           | counter |

From bfb921229d77239db513bf4c74dbc572eaacfc46 Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Tue, 11 Jul 2023 15:37:53 -0700
Subject: [PATCH 151/359] docs updates - cluster peering and virtual services
 (#18069)

* Update route-to-virtual-services.mdx
* Update establish-peering.mdx
---
 .../docs/k8s/connect/cluster-peering/tech-specs.mdx    |  4 ++--
 .../cluster-peering/usage/establish-peering.mdx        | 10 ++++++----
 .../content/docs/k8s/l7-traffic/failover-tproxy.mdx    |  2 +-
 .../docs/k8s/l7-traffic/route-to-virtual-services.mdx  |  4 ++--
 4 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/website/content/docs/k8s/connect/cluster-peering/tech-specs.mdx b/website/content/docs/k8s/connect/cluster-peering/tech-specs.mdx
index cfe4ba7aebc5..2d27a4f369fc 100644
--- a/website/content/docs/k8s/connect/cluster-peering/tech-specs.mdx
+++ b/website/content/docs/k8s/connect/cluster-peering/tech-specs.mdx
@@ -41,7 +41,7 @@ Refer to the following example Helm configuration:
 ```yaml
 global:
   name: consul
-  image: "hashicorp/consul:1.14.1"
+  image: "hashicorp/consul:1.16.0"
   peering:
     enabled: true
   tls:
@@ -166,4 +166,4 @@ If ACLs are enabled, you must add tokens to grant the following permissions:
 
 - Grant `service:write` permissions to services that define mesh gateways in their server definition.
 - Grant `service:read` permissions for all services on the partition.
-- Grant `mesh:write` permissions to the mesh gateways that participate in cluster peering connections. This permission allows a leaf certificate to be issued for mesh gateways to terminate TLS sessions for HTTP requests.
\ No newline at end of file
+- Grant `mesh:write` permissions to the mesh gateways that participate in cluster peering connections. This permission allows a leaf certificate to be issued for mesh gateways to terminate TLS sessions for HTTP requests.
diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx
index 167d4fdceced..375886132e50 100644
--- a/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx
+++ b/website/content/docs/k8s/connect/cluster-peering/usage/establish-peering.mdx
@@ -48,7 +48,7 @@ After you provision a Kubernetes cluster and set up your kubeconfig file to mana
   $ export CLUSTER2_CONTEXT=<CONTEXT for second Kubernetes cluster>
   ```
 
-### Update the Helm chart
+### Install Consul using Helm and configure peering over mesh gateways 
 
 To use cluster peering with Consul on Kubernetes deployments, update the Helm chart with [the required values](/consul/docs/k8s/connect/cluster-peering/tech-specs#helm-requirements). After updating the Helm chart, you can use the `consul-k8s` CLI to apply `values.yaml` to each cluster.
 
@@ -59,7 +59,7 @@ To use cluster peering with Consul on Kubernetes deployments, update the Helm ch
   ```
 
   ```shell-session
-  $ helm install ${HELM_RELEASE_NAME1} hashicorp/consul --create-namespace --namespace consul --version "1.0.1" --values values.yaml --set global.datacenter=dc1 --kube-context $CLUSTER1_CONTEXT
+  $ helm install ${HELM_RELEASE_NAME1} hashicorp/consul --create-namespace --namespace consul --version "1.2.0" --values values.yaml --set global.datacenter=dc1 --kube-context $CLUSTER1_CONTEXT
   ```
 
 1. In `cluster-02`, run the following commands:
@@ -69,9 +69,11 @@ To use cluster peering with Consul on Kubernetes deployments, update the Helm ch
   ```
 
   ```shell-session
-  $ helm install ${HELM_RELEASE_NAME2} hashicorp/consul --create-namespace --namespace consul --version "1.0.1" --values values.yaml --set global.datacenter=dc2 --kube-context $CLUSTER2_CONTEXT
+  $ helm install ${HELM_RELEASE_NAME2} hashicorp/consul --create-namespace --namespace consul --version "1.2.0" --values values.yaml --set global.datacenter=dc2 --kube-context $CLUSTER2_CONTEXT
   ```
 
+1. For both clusters apply the `Mesh` configuration entry values provided in [Mesh Gateway Specifications](/consul/docs/k8s/connect/cluster-peering/tech-specs#mesh-gateway-specifications) to allow establishing peering connections over mesh gateways. 
+
 ### Configure the mesh gateway mode for traffic between services
 
 In Kubernetes deployments, you can configure mesh gateways to use `local` mode so that a service dialing a service in a remote peer dials the remote mesh gateway instead of the local mesh gateway. To configure the mesh gateway mode so that this traffic always leaves through the local mesh gateway, you can use the `ProxyDefaults` CRD.
@@ -452,4 +454,4 @@ For Consul Enterprise, the permissions apply to all imported services in the ser
 
 Refer to [Reading servers](/consul/docs/connect/config-entries/exported-services#reading-services) in the `exported-services` configuration entry documentation for example rules.
 
-For additional information about how to configure and use ACLs, refer to [ACLs system overview](/consul/docs/security/acl).
\ No newline at end of file
+For additional information about how to configure and use ACLs, refer to [ACLs system overview](/consul/docs/security/acl).
diff --git a/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx b/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx
index 81bdc5e8672d..c08d8c3ac5d8 100644
--- a/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx
+++ b/website/content/docs/k8s/l7-traffic/failover-tproxy.mdx
@@ -18,7 +18,7 @@ Complete the following steps to configure failover service instances in Consul o
 
 ## Requirements
  
-- `consul-k8s` v1.2.0-beta1 or newer.
+- `consul-k8s` v1.2.0 or newer.
 - Consul service mesh must be enabled. Refer to [How does Consul Service Mesh Work on Kubernetes](/consul/docs/k8s/connect).
 - Proxies must be configured to run in transparent proxy mode. 
 - To query virtual DNS names, you must use Consul DNS.
diff --git a/website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx b/website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx
index c8951d356cf6..0852f81196fe 100644
--- a/website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx
+++ b/website/content/docs/k8s/l7-traffic/route-to-virtual-services.mdx
@@ -20,7 +20,7 @@ Complete the following steps to configure failover service instances in Consul o
 
 ## Requirements
  
-- `consul-k8s` v1.2.0-beta1 or newer.
+- `consul-k8s` v1.2.0 or newer.
 - Consul service mesh must be enabled. Refer to [How does Consul service mesh work on Kubernetes](/consul/docs/k8s/connect).
 - Proxies must be configured to run in transparent proxy mode. 
 - To query virtual DNS names, you must use Consul DNS.
@@ -119,4 +119,4 @@ You can query the KubeDNS if the real and virtual services are in the same Kuber
 http://virtual-api.<namespace>.svc.cluster.local
 ```
 
-Note that you cannot use KubeDNS if a corresponding Kubernetes service and pod do not exist. 
\ No newline at end of file
+Note that you cannot use KubeDNS if a corresponding Kubernetes service and pod do not exist. 

From 0e58c899780f4ebd2b40ecade7c50a981a84592b Mon Sep 17 00:00:00 2001
From: david3a <49253132+david3a@users.noreply.github.com>
Date: Wed, 12 Jul 2023 00:05:13 +0100
Subject: [PATCH 152/359] Update service-mesh-compare.mdx (#17279)

grammar change
---
 website/content/docs/consul-vs-other/service-mesh-compare.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/consul-vs-other/service-mesh-compare.mdx b/website/content/docs/consul-vs-other/service-mesh-compare.mdx
index b0848d2b90bc..419f5679bae1 100644
--- a/website/content/docs/consul-vs-other/service-mesh-compare.mdx
+++ b/website/content/docs/consul-vs-other/service-mesh-compare.mdx
@@ -14,5 +14,5 @@ Consul’s service mesh allows organizations to securely connect and manage thei
 Consul is platform agnostic — it supports any runtime (Kubernetes, EKS, AKS, GKE, VMs, ECS, Lambda, Nomad) and any cloud provider (AWS, Microsoft Azure, GCP, private clouds). This makes it one of the most flexible service discovery and service mesh platforms. While other service mesh software provides support for multiple runtimes for the data plane, they require you to run the control plane solely on Kubernetes. With Consul, you can run both the control plane and data plane in different runtimes.
 
 Consul also has several unique integrations with Vault, an industry standard for secrets management. Operators have the option to use Consul’s built-in certificate authority, or leverage Vault’s PKI engine to generate and store TLS certificates for both the data plane and control plane. In addition, Consul can automatically rotate the TLS certificates on both the data plane and control plane without requiring any type of restarts. This lets you rotate the certificates more frequently without incurring additional management burden on operators.
-When deploying Consul on Kubernetes, you can store sensitive data including licenses, ACL tokens, and TLS certificates centrally Vault instead of Kubernetes secrets. Vault is much more secure than Kubernetes secrets because it automatically encrypts all data, provides advanced access controls to secrets, and provides centralized governance for all secrets.
+When deploying Consul on Kubernetes, you can store sensitive data including licenses, ACL tokens, and TLS certificates centrally in Vault instead of Kubernetes secrets. Vault is much more secure than Kubernetes secrets because it automatically encrypts all data, provides advanced access controls to secrets, and provides centralized governance for all secrets.
 

From bd5af7fe7da564502ba8c93b7ece551607186bb6 Mon Sep 17 00:00:00 2001
From: Curt Bushko <cbushko@gmail.com>
Date: Tue, 11 Jul 2023 19:59:44 -0400
Subject: [PATCH 153/359] Update helm docs on main (#18085)

---
 website/content/docs/k8s/helm.mdx | 365 +++++++++++++++++++++++-------
 1 file changed, 278 insertions(+), 87 deletions(-)

diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx
index c4f639b2792b..06f77f32a98b 100644
--- a/website/content/docs/k8s/helm.mdx
+++ b/website/content/docs/k8s/helm.mdx
@@ -20,27 +20,22 @@ with Consul.
 
 Use these links to navigate to a particular top-level stanza.
 
-- [Helm Chart Reference](#helm-chart-reference)
-  - [Top-Level Stanzas](#top-level-stanzas)
-  - [All Values](#all-values)
-    - [`global`](#h-global)
-    - [`server`](#h-server)
-    - [`externalServers`](#h-externalservers)
-    - [`client`](#h-client)
-    - [`dns`](#h-dns)
-    - [`ui`](#h-ui)
-    - [`syncCatalog`](#h-synccatalog)
-    - [`connectInject`](#h-connectinject)
-    - [`meshGateway`](#h-meshgateway)
-    - [`ingressGateways`](#h-ingressgateways)
-    - [`terminatingGateways`](#h-terminatinggateways)
-    - [`apiGateway`](#h-apigateway)
-    - [`webhookCertManager`](#h-webhookcertmanager)
-    - [`prometheus`](#h-prometheus)
-    - [`tests`](#h-tests)
-    - [`telemetryCollector`](#h-telemetrycollector)
-  - [Helm Chart Examples](#helm-chart-examples)
-  - [Customizing the Helm Chart](#customizing-the-helm-chart)
+- [`global`](#h-global)
+- [`server`](#h-server)
+- [`externalServers`](#h-externalservers)
+- [`client`](#h-client)
+- [`dns`](#h-dns)
+- [`ui`](#h-ui)
+- [`syncCatalog`](#h-synccatalog)
+- [`connectInject`](#h-connectinject)
+- [`meshGateway`](#h-meshgateway)
+- [`ingressGateways`](#h-ingressgateways)
+- [`terminatingGateways`](#h-terminatinggateways)
+- [`apiGateway`](#h-apigateway)
+- [`webhookCertManager`](#h-webhookcertmanager)
+- [`prometheus`](#h-prometheus)
+- [`tests`](#h-tests)
+- [`telemetryCollector`](#h-telemetrycollector)
 
 ## All Values
 
@@ -64,7 +59,7 @@ Use these links to navigate to a particular top-level stanza.
     the prefix will be `<helm release name>-consul`.
 
   - `domain` ((#v-global-domain)) (`string: consul`) - The domain Consul will answer DNS queries for
-    (Refer to [`-domain`](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_domain)) and the domain services synced from
+    (Refer to [`-domain`](/consul/docs/agent/config/cli-flags#_domain)) and the domain services synced from
     Consul into Kubernetes will have, e.g. `service-name.service.consul`.
 
   - `peering` ((#v-global-peering)) - Configures the Cluster Peering feature. Requires Consul v1.14+ and Consul-K8s v1.0.0+.
@@ -125,7 +120,7 @@ Use these links to navigate to a particular top-level stanza.
   - `secretsBackend` ((#v-global-secretsbackend)) - secretsBackend is used to configure Vault as the secrets backend for the Consul on Kubernetes installation.
     The Vault cluster needs to have the Kubernetes Auth Method, KV2 and PKI secrets engines enabled
     and have necessary secrets, policies and roles created prior to installing Consul.
-    Refer to [Vault as the Secrets Backend](https://developer.hashicorp.com/consul/docs/k8s/deployment-configurations/vault)
+    Refer to [Vault as the Secrets Backend](/consul/docs/k8s/deployment-configurations/vault)
     documentation for full instructions.
 
     The Vault cluster _must_ not have the Consul cluster installed by this Helm chart as its storage backend
@@ -212,11 +207,11 @@ Use these links to navigate to a particular top-level stanza.
 
         - `secretKey` ((#v-global-secretsbackend-vault-ca-secretkey)) (`string: ""`) - The key within the Kubernetes or Vault secret that holds the Vault CA certificate.
 
-      - `connectCA` ((#v-global-secretsbackend-vault-connectca)) - Configuration for the Vault service mesh CA provider.
+      - `connectCA` ((#v-global-secretsbackend-vault-connectca)) - Configuration for the Vault Connect CA provider.
         The provider will be configured to use the Vault Kubernetes auth method
         and therefore requires the role provided by `global.secretsBackend.vault.consulServerRole`
         to have permissions to the root and intermediate PKI paths.
-        Please refer to [Vault ACL policies](https://developer.hashicorp.com/consul/docs/connect/ca/vault#vault-acl-policies)
+        Please refer to [Vault ACL policies](/consul/docs/connect/ca/vault#vault-acl-policies)
         documentation for information on how to configure the Vault policies.
 
         - `address` ((#v-global-secretsbackend-vault-connectca-address)) (`string: ""`) - The address of the Vault server.
@@ -224,13 +219,13 @@ Use these links to navigate to a particular top-level stanza.
         - `authMethodPath` ((#v-global-secretsbackend-vault-connectca-authmethodpath)) (`string: kubernetes`) - The mount path of the Kubernetes auth method in Vault.
 
         - `rootPKIPath` ((#v-global-secretsbackend-vault-connectca-rootpkipath)) (`string: ""`) - The path to a PKI secrets engine for the root certificate.
-          For more details, please refer to [Vault service mesh CA configuration](https://developer.hashicorp.com/consul/docs/connect/ca/vault#rootpkipath).
+          For more details, please refer to [Vault Connect CA configuration](/consul/docs/connect/ca/vault#rootpkipath).
 
         - `intermediatePKIPath` ((#v-global-secretsbackend-vault-connectca-intermediatepkipath)) (`string: ""`) - The path to a PKI secrets engine for the generated intermediate certificate.
-          For more details, please refer to [Vault service mesh CA configuration](https://developer.hashicorp.com/consul/docs/connect/ca/vault#intermediatepkipath).
+          For more details, please refer to [Vault Connect CA configuration](/consul/docs/connect/ca/vault#intermediatepkipath).
 
-        - `additionalConfig` ((#v-global-secretsbackend-vault-connectca-additionalconfig)) (`string: {}`) - Additional service mesh CA configuration in JSON format.
-          Please refer to [Vault service mesh CA configuration](https://developer.hashicorp.com/consul/docs/connect/ca/vault#configuration)
+        - `additionalConfig` ((#v-global-secretsbackend-vault-connectca-additionalconfig)) (`string: {}`) - Additional Connect CA configuration in JSON format.
+          Please refer to [Vault Connect CA configuration](/consul/docs/connect/ca/vault#configuration)
           for all configuration options available for that provider.
 
           Example:
@@ -251,20 +246,20 @@ Use these links to navigate to a particular top-level stanza.
 
         - `caCert` ((#v-global-secretsbackend-vault-connectinject-cacert)) - Configuration to the Vault Secret that Kubernetes uses on
           Kubernetes pod creation, deletion, and update, to get CA certificates
-          used issued from vault to send webhooks to the connect inject.
+          used issued from vault to send webhooks to the ConnectInject.
 
           - `secretName` ((#v-global-secretsbackend-vault-connectinject-cacert-secretname)) (`string: null`) - The Vault secret path that contains the CA certificate for
-            connect inject webhooks.
+            Connect Inject webhooks.
 
         - `tlsCert` ((#v-global-secretsbackend-vault-connectinject-tlscert)) - Configuration to the Vault Secret that Kubernetes uses on
           Kubernetes pod creation, deletion, and update, to get TLS certificates
-          used issued from vault to send webhooks to the connect inject.
+          used issued from vault to send webhooks to the ConnectInject.
 
           - `secretName` ((#v-global-secretsbackend-vault-connectinject-tlscert-secretname)) (`string: null`) - The Vault secret path that issues TLS certificates for connect
             inject webhooks.
 
   - `gossipEncryption` ((#v-global-gossipencryption)) - Configures Consul's gossip encryption key.
-    (Refer to [`-encrypt`](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_encrypt)).
+    (Refer to [`-encrypt`](/consul/docs/agent/config/cli-flags#_encrypt)).
     By default, gossip encryption is not enabled. The gossip encryption key may be set automatically or manually.
     The recommended method is to automatically generate the key.
     To automatically generate and set a gossip encryption key, set autoGenerate to true.
@@ -295,17 +290,17 @@ Use these links to navigate to a particular top-level stanza.
 
   - `recursors` ((#v-global-recursors)) (`array<string>: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries.
     These values are given as `-recursor` flags to Consul servers and clients.
-    Refer to [`-recursor`](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_recursor) for more details.
+    Refer to [`-recursor`](/consul/docs/agent/config/cli-flags#_recursor) for more details.
     If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`).
 
-  - `tls` ((#v-global-tls)) - Enables [TLS](https://developer.hashicorp.com/consul/tutorials/security/tls-encryption-secure)
+  - `tls` ((#v-global-tls)) - Enables [TLS](/consul/tutorials/security/tls-encryption-secure)
     across the cluster to verify authenticity of the Consul servers and clients.
     Requires Consul v1.4.1+.
 
     - `enabled` ((#v-global-tls-enabled)) (`boolean: false`) - If true, the Helm chart will enable TLS for Consul
       servers and clients and all consul-k8s-control-plane components, as well as generate certificate
       authority (optional) and server and client certificates.
-      This setting is required for [Cluster Peering](https://developer.hashicorp.com/consul/docs/connect/cluster-peering/k8s).
+      This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
 
     - `enableAutoEncrypt` ((#v-global-tls-enableautoencrypt)) (`boolean: false`) - If true, turns on the auto-encrypt feature on clients and servers.
       It also switches consul-k8s-control-plane components to retrieve the CA from the servers
@@ -322,7 +317,7 @@ Use these links to navigate to a particular top-level stanza.
     - `verify` ((#v-global-tls-verify)) (`boolean: true`) - If true, `verify_outgoing`, `verify_server_hostname`,
       and `verify_incoming` for internal RPC communication will be set to `true` for Consul servers and clients.
       Set this to false to incrementally roll out TLS on an existing Consul cluster.
-      Please refer to [TLS on existing clusters](https://developer.hashicorp.com/consul/docs/k8s/operations/tls-on-existing-cluster)
+      Please refer to [TLS on existing clusters](/consul/docs/k8s/operations/tls-on-existing-cluster)
       for more details.
 
     - `httpsOnly` ((#v-global-tls-httpsonly)) (`boolean: true`) - If true, the Helm chart will configure Consul to disable the HTTP port on
@@ -366,6 +361,15 @@ Use these links to navigate to a particular top-level stanza.
 
       - `secretKey` ((#v-global-tls-cakey-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the CA key.
 
+    - `annotations` ((#v-global-tls-annotations)) (`string: null`) - This value defines additional annotations for
+      tls init jobs. This should be formatted as a multi-line string.
+
+      ```yaml
+      annotations: |
+        "sample/annotation1": "foo"
+        "sample/annotation2": "bar"
+      ```
+
   - `enableConsulNamespaces` ((#v-global-enableconsulnamespaces)) (`boolean: false`) - <EnterpriseAlert inline /> `enableConsulNamespaces` indicates that you are running
     Consul Enterprise v1.7+ with a valid Consul Enterprise license and would
     like to make use of configuration beyond registering everything into
@@ -410,6 +414,23 @@ Use these links to navigate to a particular top-level stanza.
 
       - `secretKey` ((#v-global-acls-replicationtoken-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the replication token.
 
+    - `resources` ((#v-global-acls-resources)) (`map`) - The resource requests (CPU, memory, etc.) for the server-acl-init and server-acl-init-cleanup pods. 
+      This should be a YAML map corresponding to a Kubernetes
+      [`ResourceRequirements``](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core)
+      object.
+
+      Example:
+
+      ```yaml
+      resources:
+        requests:
+          memory: '200Mi'
+          cpu: '100m'
+        limits:
+          memory: '200Mi'
+          cpu: '100m'
+      ```
+
     - `partitionToken` ((#v-global-acls-partitiontoken)) - partitionToken references a Vault secret containing the ACL token to be used in non-default partitions.
       This value should only be provided in the default partition and only when setting
       the `global.secretsBackend.vault.enabled` value to true.
@@ -435,6 +456,15 @@ Use these links to navigate to a particular top-level stanza.
         beta.kubernetes.io/arch: amd64
       ```
 
+    - `annotations` ((#v-global-acls-annotations)) (`string: null`) - This value defines additional annotations for
+      acl init jobs. This should be formatted as a multi-line string.
+
+      ```yaml
+      annotations: |
+        "sample/annotation1": "foo"
+        "sample/annotation2": "bar"
+      ```
+
   - `enterpriseLicense` ((#v-global-enterpriselicense)) - <EnterpriseAlert inline /> This value refers to a Kubernetes or Vault secret that you have created
     that contains your enterprise license. It is required if you are using an
     enterprise binary. Defining it here applies it to your cluster once a leader
@@ -475,7 +505,7 @@ Use these links to navigate to a particular top-level stanza.
       This address must be reachable from the Consul servers in the primary datacenter.
       This auth method will be used to provision ACL tokens for Consul components and is different
       from the one used by the Consul Service Mesh.
-      Please refer to the [Kubernetes Auth Method documentation](https://developer.hashicorp.com/consul/docs/security/acl/auth-methods/kubernetes).
+      Please refer to the [Kubernetes Auth Method documentation](/consul/docs/security/acl/auth-methods/kubernetes).
 
       You can retrieve this value from your `kubeconfig` by running:
 
@@ -602,7 +632,7 @@ Use these links to navigate to a particular top-level stanza.
     Consul server agents.
 
   - `replicas` ((#v-server-replicas)) (`integer: 1`) - The number of server agents to run. This determines the fault tolerance of
-    the cluster. Please refer to the [deployment table](https://developer.hashicorp.com/consul/docs/architecture/consensus#deployment-table)
+    the cluster. Please refer to the [deployment table](/consul/docs/architecture/consensus#deployment-table)
     for more information.
 
   - `bootstrapExpect` ((#v-server-bootstrapexpect)) (`int: null`) - The number of servers that are expected to be running.
@@ -641,7 +671,7 @@ Use these links to navigate to a particular top-level stanza.
     Vault Secrets backend:
     If you are using Vault as a secrets backend, a Vault Policy must be created which allows `["create", "update"]`
     capabilities on the PKI issuing endpoint, which is usually of the form `pki/issue/consul-server`.
-    Complete [this tutorial](https://developer.hashicorp.com/consul/tutorials/vault-secure/vault-pki-consul-secure-tls)
+    Complete [this tutorial](/consul/tutorials/vault-secure/vault-pki-consul-secure-tls)
     to learn how to generate a compatible certificate.
     Note: when using TLS, both the `server.serverCert` and `global.tls.caCert` which points to the CA endpoint of this PKI engine
     must be provided.
@@ -681,19 +711,19 @@ Use these links to navigate to a particular top-level stanza.
     storage classes, the PersistentVolumeClaims would need to be manually created.
     A `null` value will use the Kubernetes cluster's default StorageClass. If a default
     StorageClass does not exist, you will need to create one.
-    Refer to the [Read/Write Tuning](https://developer.hashicorp.com/consul/docs/install/performance#read-write-tuning)
+    Refer to the [Read/Write Tuning](/consul/docs/install/performance#read-write-tuning)
     section of the Server Performance Requirements documentation for considerations
     around choosing a performant storage class.
 
-    ~> **Note:** The [Reference Architecture](https://developer.hashicorp.com/consul/tutorials/production-deploy/reference-architecture#hardware-sizing-for-consul-servers)
+    ~> **Note:** The [Reference Architecture](/consul/tutorials/production-deploy/reference-architecture#hardware-sizing-for-consul-servers)
     contains best practices and recommendations for selecting suitable
     hardware sizes for your Consul servers.
 
-  - `connect` ((#v-server-connect)) (`boolean: true`) - This will enable/disable [service mesh](https://developer.hashicorp.com/consul/docs/connect). Setting this to true
+  - `connect` ((#v-server-connect)) (`boolean: true`) - This will enable/disable [service mesh](/consul/docs/connect). Setting this to true
     _will not_ automatically secure pod communication, this
     setting will only enable usage of the feature. Consul will automatically initialize
     a new CA and set of certificates. Additional service mesh settings can be configured
-    by setting the `server.extraConfig` value.
+    by setting the `server.extraConfig` value or by applying [configuration entries](/consul/docs/connect/config-entries).
 
   - `serviceAccount` ((#v-server-serviceaccount))
 
@@ -716,10 +746,10 @@ Use these links to navigate to a particular top-level stanza.
     ```yaml
     resources:
       requests:
-        memory: '100Mi'
+        memory: '200Mi'
         cpu: '100m'
       limits:
-        memory: '100Mi'
+        memory: '200Mi'
         cpu: '100m'
     ```
 
@@ -737,11 +767,15 @@ Use these links to navigate to a particular top-level stanza.
 
     - `server` ((#v-server-containersecuritycontext-server)) (`map`) - The consul server agent container
 
+    - `aclInit` ((#v-server-containersecuritycontext-aclinit)) (`map`) - The acl-init job
+
+    - `tlsInit` ((#v-server-containersecuritycontext-tlsinit)) (`map`) - The tls-init job
+
   - `updatePartition` ((#v-server-updatepartition)) (`integer: 0`) - This value is used to carefully
     control a rolling update of Consul server agents. This value specifies the
     [partition](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions)
     for performing a rolling update. Please read the linked Kubernetes
-    and [Upgrade Consul](https://developer.hashicorp.com/consul/docs/k8s/upgrade#upgrading-consul-servers)
+    and [Upgrade Consul](/consul/docs/k8s/upgrade#upgrading-consul-servers)
     documentation for more information.
 
   - `disruptionBudget` ((#v-server-disruptionbudget)) - This configures the [`PodDisruptionBudget`](https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
@@ -757,7 +791,7 @@ Use these links to navigate to a particular top-level stanza.
       --set 'server.disruptionBudget.maxUnavailable=0'` flag to the helm chart installation
       command because of a limitation in the Helm templating language.
 
-  - `extraConfig` ((#v-server-extraconfig)) (`string: {}`) - A raw string of extra [JSON configuration](https://developer.hashicorp.com/consul/docs/agent/config/config-files) for Consul
+  - `extraConfig` ((#v-server-extraconfig)) (`string: {}`) - A raw string of extra [JSON configuration](/consul/docs/agent/config/config-files) for Consul
     servers. This will be saved as-is into a ConfigMap that is read by the Consul
     server agents. This can be used to add additional configuration that
     isn't directly exposed by the chart.
@@ -934,18 +968,18 @@ Use these links to navigate to a particular top-level stanza.
     it could be used to configure custom consul parameters.
 
   - `snapshotAgent` ((#v-server-snapshotagent)) - <EnterpriseAlert inline /> Values for setting up and running
-    [snapshot agents](https://developer.hashicorp.com/consul/commands/snapshot/agent)
+    [snapshot agents](/consul/commands/snapshot/agent)
     within the Consul clusters. They run as a sidecar with Consul servers.
 
     - `enabled` ((#v-server-snapshotagent-enabled)) (`boolean: false`) - If true, the chart will install resources necessary to run the snapshot agent.
 
     - `interval` ((#v-server-snapshotagent-interval)) (`string: 1h`) - Interval at which to perform snapshots.
-      Refer to [`interval`](https://developer.hashicorp.com/consul/commands/snapshot/agent#interval)
+      Refer to [`interval`](/consul/commands/snapshot/agent#interval)
 
     - `configSecret` ((#v-server-snapshotagent-configsecret)) - A Kubernetes or Vault secret that should be manually created to contain the entire
       config to be used on the snapshot agent.
       This is the preferred method of configuration since there are usually storage
-      credentials present. Please refer to the [Snapshot agent config](https://developer.hashicorp.com/consul/commands/snapshot/agent#config-file-options)
+      credentials present. Please refer to the [Snapshot agent config](/consul/commands/snapshot/agent#config-file-options)
       for details.
 
       - `secretName` ((#v-server-snapshotagent-configsecret-secretname)) (`string: null`) - The name of the Kubernetes secret or Vault secret path that holds the snapshot agent config.
@@ -966,6 +1000,87 @@ Use these links to navigate to a particular top-level stanza.
         ...
       ```
 
+  - `auditLogs` ((#v-server-auditlogs)) - <EnterpriseAlert inline /> Added in Consul 1.8, the audit object allow users to enable auditing 
+    and configure a sink and filters for their audit logs. Please refer to
+    [audit logs](/consul/docs/enterprise/audit-logging) documentation
+    for further information.
+
+    - `enabled` ((#v-server-auditlogs-enabled)) (`boolean: false`) - Controls whether Consul logs out each time a user performs an operation.
+      global.acls.manageSystemACLs must be enabled to use this feature.
+
+    - `sinks` ((#v-server-auditlogs-sinks)) (`array<map>`) - A single entry of the sink object provides configuration for the destination to which Consul 
+      will log auditing events.
+
+      Example:
+
+      ```yaml
+      sinks:
+        - name: My Sink
+          type: file
+          format: json
+          path: /tmp/audit.json
+          delivery_guarantee: best-effort
+          rotate_duration: 24h
+          rotate_max_files: 15
+          rotate_bytes: 25165824
+          
+      ```
+
+      The sink object supports the following keys:
+
+      - `name` - Name of the sink.
+
+      - `type` - Type specifies what kind of sink this is. Currently only file sinks are available
+
+      - `format` - Format specifies what format the events will be emitted with. Currently only `json`
+        events are emitted.
+
+      - `path` - The directory and filename to write audit events to.
+
+      - `delivery_guarantee` - Specifies the rules governing how audit events are written. Consul
+        only supports `best-effort` event delivery.
+
+      - `mode` - The permissions to set on the audit log files.
+
+      - `rotate_duration` - Specifies the interval by which the system rotates to a new log file.
+         At least one of `rotate_duration` or `rotate_bytes` must be configured to enable audit logging.
+
+      - `rotate_bytes` -  Specifies how large an individual log file can grow before Consul rotates to a new file.
+         At least one of rotate_bytes or rotate_duration must be configured to enable audit logging.
+
+      - `rotate_max_files` - Defines the limit that Consul should follow before it deletes old log files.
+
+  - `limits` ((#v-server-limits)) - Settings for potentially limiting timeouts, rate limiting on clients as well
+    as servers, and other settings to limit exposure too many requests, requests
+    waiting for too long, and other runtime considerations.
+
+    - `requestLimits` ((#v-server-limits-requestlimits)) - This object specifies configurations that limit the rate of RPC and gRPC
+      requests on the Consul server. Limiting the rate of gRPC and RPC requests
+      also limits HTTP requests to the Consul server.
+      /consul/docs/agent/config/config-files#request_limits
+
+      - `mode` ((#v-server-limits-requestlimits-mode)) (`string: disabled`) - Setting for disabling or enabling rate limiting.  If not disabled, it
+        enforces the action that will occur when RequestLimitsReadRate
+        or RequestLimitsWriteRate is exceeded.  The default value of "disabled" will
+        prevent any rate limiting from occuring.  A value of "enforce" will block
+        the request from processings by returning an error.  A value of
+        "permissive" will not block the request and will allow the request to
+        continue processing.
+
+      - `readRate` ((#v-server-limits-requestlimits-readrate)) (`integer: -1`) - Setting that controls how frequently RPC, gRPC, and HTTP
+        queries are allowed to happen. In any large enough time interval, rate
+        limiter limits the rate to RequestLimitsReadRate tokens per second.
+
+        See https://en.wikipedia.org/wiki/Token_bucket for more about token
+        buckets.
+
+      - `writeRate` ((#v-server-limits-requestlimits-writerate)) (`integer: -1`) - Setting that controls how frequently RPC, gRPC, and HTTP
+        writes are allowed to happen. In any large enough time interval, rate
+        limiter limits the rate to RequestLimitsWriteRate tokens per second.
+
+        See https://en.wikipedia.org/wiki/Token_bucket for more about token
+        buckets.
+
 ### externalServers ((#h-externalservers))
 
 - `externalServers` ((#v-externalservers)) - Configuration for Consul servers when the servers are running outside of Kubernetes.
@@ -1003,7 +1118,7 @@ Use these links to navigate to a particular top-level stanza.
   - `k8sAuthMethodHost` ((#v-externalservers-k8sauthmethodhost)) (`string: null`) - If you are setting `global.acls.manageSystemACLs` and
     `connectInject.enabled` to true, set `k8sAuthMethodHost` to the address of the Kubernetes API server.
     This address must be reachable from the Consul servers.
-    Please refer to the [Kubernetes Auth Method documentation](https://developer.hashicorp.com/consul/docs/security/acl/auth-methods/kubernetes).
+    Please refer to the [Kubernetes Auth Method documentation](/consul/docs/security/acl/auth-methods/kubernetes).
 
     You could retrieve this value from your `kubeconfig` by running:
 
@@ -1026,7 +1141,7 @@ Use these links to navigate to a particular top-level stanza.
   - `image` ((#v-client-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers
     running Consul client agents.
 
-  - `join` ((#v-client-join)) (`array<string>: null`) - A list of valid [`-retry-join` values](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_retry_join).
+  - `join` ((#v-client-join)) (`array<string>: null`) - A list of valid [`-retry-join` values](/consul/docs/agent/config/cli-flags#_retry_join).
     If this is `null` (default), then the clients will attempt to automatically
     join the server cluster running within Kubernetes.
     This means that with `server.enabled` set to true, clients will automatically
@@ -1044,10 +1159,10 @@ Use these links to navigate to a particular top-level stanza.
 
   - `grpc` ((#v-client-grpc)) (`boolean: true`) - If true, agents will enable their GRPC listener on
     port 8502 and expose it to the host. This will use slightly more resources, but is
-    required for service mesh.
+    required for Connect.
 
   - `nodeMeta` ((#v-client-nodemeta)) - nodeMeta specifies an arbitrary metadata key/value pair to associate with the node
-    (refer to [`-node-meta`](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_node_meta))
+    (refer to [`-node-meta`](/consul/docs/agent/config/cli-flags#_node_meta))
 
     - `pod-name` ((#v-client-nodemeta-pod-name)) (`string: ${HOSTNAME}`)
 
@@ -1091,7 +1206,7 @@ Use these links to navigate to a particular top-level stanza.
 
     - `tlsInit` ((#v-client-containersecuritycontext-tlsinit)) (`map`) - The tls-init initContainer
 
-  - `extraConfig` ((#v-client-extraconfig)) (`string: {}`) - A raw string of extra [JSON configuration](https://developer.hashicorp.com/consul/docs/agent/config/config-files) for Consul
+  - `extraConfig` ((#v-client-extraconfig)) (`string: {}`) - A raw string of extra [JSON configuration](/consul/docs/agent/config/config-files) for Consul
     clients. This will be saved as-is into a ConfigMap that is read by the Consul
     client agents. This can be used to add additional configuration that
     isn't directly exposed by the chart.
@@ -1357,16 +1472,16 @@ Use these links to navigate to a particular top-level stanza.
       will inherit from `global.metrics.enabled` value.
 
     - `provider` ((#v-ui-metrics-provider)) (`string: prometheus`) - Provider for metrics. Refer to
-      [`metrics_provider`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#ui_config_metrics_provider)
+      [`metrics_provider`](/consul/docs/agent/config/config-files#ui_config_metrics_provider)
       This value is only used if `ui.enabled` is set to true.
 
     - `baseURL` ((#v-ui-metrics-baseurl)) (`string: http://prometheus-server`) - baseURL is the URL of the prometheus server, usually the service URL.
       This value is only used if `ui.enabled` is set to true.
 
-  - `dashboardURLTemplates` ((#v-ui-dashboardurltemplates)) - Corresponds to [`dashboard_url_templates`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#ui_config_dashboard_url_templates)
+  - `dashboardURLTemplates` ((#v-ui-dashboardurltemplates)) - Corresponds to [`dashboard_url_templates`](/consul/docs/agent/config/config-files#ui_config_dashboard_url_templates)
     configuration.
 
-    - `service` ((#v-ui-dashboardurltemplates-service)) (`string: ""`) - Sets [`dashboardURLTemplates.service`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#ui_config_dashboard_url_templates_service).
+    - `service` ((#v-ui-dashboardurltemplates-service)) (`string: ""`) - Sets [`dashboardURLTemplates.service`](/consul/docs/agent/config/config-files#ui_config_dashboard_url_templates_service).
 
 ### syncCatalog ((#h-synccatalog))
 
@@ -1386,7 +1501,7 @@ Use these links to navigate to a particular top-level stanza.
     to run the sync program.
 
   - `default` ((#v-synccatalog-default)) (`boolean: true`) - If true, all valid services in K8S are
-    synced by default. If false, the service must be [annotated](https://developer.hashicorp.com/consul/docs/k8s/service-sync#enable-and-disable-sync)
+    synced by default. If false, the service must be [annotated](/consul/docs/k8s/service-sync#enable-and-disable-sync)
     properly to sync.
     In either case an annotation can override the default.
 
@@ -1568,9 +1683,9 @@ Use these links to navigate to a particular top-level stanza.
 
 ### connectInject ((#h-connectinject))
 
-- `connectInject` ((#v-connectinject)) - Configures the automatic service mesh sidecar injector.
+- `connectInject` ((#v-connectinject)) - Configures the automatic Connect sidecar injector.
 
-  - `enabled` ((#v-connectinject-enabled)) (`boolean: true`) - True if you want to enable service mesh sidecar injection. Set to "-" to inherit from
+  - `enabled` ((#v-connectinject-enabled)) (`boolean: true`) - True if you want to enable connect injection. Set to "-" to inherit from
     global.enabled.
 
   - `replicas` ((#v-connectinject-replicas)) (`integer: 1`) - The number of deployment replicas.
@@ -1579,14 +1694,14 @@ Use these links to navigate to a particular top-level stanza.
 
   - `default` ((#v-connectinject-default)) (`boolean: false`) - If true, the injector will inject the
     Connect sidecar into all pods by default. Otherwise, pods must specify the
-    [injection annotation](https://developer.hashicorp.com/consul/docs/k8s/connect#consul-hashicorp-com-connect-inject)
-    to opt-in to service mesh sidecar injection. If this is true, pods can use the same annotation
+    [injection annotation](/consul/docs/k8s/connect#consul-hashicorp-com-connect-inject)
+    to opt-in to Connect injection. If this is true, pods can use the same annotation
     to explicitly opt-out of injection.
 
   - `transparentProxy` ((#v-connectinject-transparentproxy)) - Configures Transparent Proxy for Consul Service mesh services.
     Using this feature requires Consul 1.10.0-beta1+.
 
-    - `defaultEnabled` ((#v-connectinject-transparentproxy-defaultenabled)) (`boolean: true`) - If true, then all Consul service mesh will run with transparent proxy enabled by default,
+    - `defaultEnabled` ((#v-connectinject-transparentproxy-defaultenabled)) (`boolean: true`) - If true, then all Consul Service mesh will run with transparent proxy enabled by default,
       i.e. we enforce that all traffic within the pod will go through the proxy.
       This value is overridable via the "consul.hashicorp.com/transparent-proxy" pod annotation.
 
@@ -1613,6 +1728,64 @@ Use these links to navigate to a particular top-level stanza.
     - `minAvailable` ((#v-connectinject-disruptionbudget-minavailable)) (`integer: null`) - The minimum number of available pods.
       Takes precedence over maxUnavailable if set.
 
+  - `apiGateway` ((#v-connectinject-apigateway)) - Configuration settings for the Consul API Gateway integration.
+
+    - `manageExternalCRDs` ((#v-connectinject-apigateway-manageexternalcrds)) (`boolean: true`) - Enables Consul on Kubernetes to manage the CRDs used for Gateway API.
+      Setting this to true will install the CRDs used for the Gateway API when Consul on Kubernetes is installed.
+      These CRDs can clash with existing Gateway API CRDs if they are already installed in your cluster.
+      If this setting is false, you will need to install the Gateway API CRDs manually.
+
+    - `managedGatewayClass` ((#v-connectinject-apigateway-managedgatewayclass)) - Configuration settings for the GatewayClass installed by Consul on Kubernetes.
+
+      - `nodeSelector` ((#v-connectinject-apigateway-managedgatewayclass-nodeselector)) (`string: null`) - This value defines [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector)
+        labels for gateway pod assignment, formatted as a multi-line string.
+
+        Example:
+
+        ```yaml
+        nodeSelector: |
+          beta.kubernetes.io/arch: amd64
+        ```
+
+      - `tolerations` ((#v-connectinject-apigateway-managedgatewayclass-tolerations)) (`string: null`) - Toleration settings for gateway pods created with the managed gateway class.
+        This should be a multi-line string matching the
+        [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec.
+
+      - `serviceType` ((#v-connectinject-apigateway-managedgatewayclass-servicetype)) (`string: LoadBalancer`) - This value defines the type of Service created for gateways (e.g. LoadBalancer, ClusterIP)
+
+      - `copyAnnotations` ((#v-connectinject-apigateway-managedgatewayclass-copyannotations)) - Configuration settings for annotations to be copied from the Gateway to other child resources.
+
+        - `service` ((#v-connectinject-apigateway-managedgatewayclass-copyannotations-service)) (`string: null`) - This value defines a list of annotations to be copied from the Gateway to the Service created, formatted as a multi-line string.
+
+          Example:
+
+          ```yaml
+          service:
+            annotations: |
+              - external-dns.alpha.kubernetes.io/hostname
+          ```
+
+      - `deployment` ((#v-connectinject-apigateway-managedgatewayclass-deployment)) - This value defines the number of pods to deploy for each Gateway as well as a min and max number of pods for all Gateways
+
+        - `defaultInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-defaultinstances)) (`integer: 1`)
+
+        - `maxInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-maxinstances)) (`integer: 1`)
+
+        - `minInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-mininstances)) (`integer: 1`)
+
+    - `serviceAccount` ((#v-connectinject-apigateway-serviceaccount)) - Configuration for the ServiceAccount created for the api-gateway component
+
+      - `annotations` ((#v-connectinject-apigateway-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the client service account. This should be formatted as a multi-line
+        string.
+
+        ```yaml
+        annotations: |
+          "sample/annotation1": "foo"
+          "sample/annotation2": "bar"
+        ```
+
+    - `resources` ((#v-connectinject-apigateway-resources)) (`map`) - The resource settings for Pods handling traffic for Gateway API.
+
   - `cni` ((#v-connectinject-cni)) - Configures consul-cni plugin for Consul Service mesh services
 
     - `enabled` ((#v-connectinject-cni-enabled)) (`boolean: false`) - If true, then all traffic redirection setup uses the consul-cni plugin.
@@ -1681,7 +1854,7 @@ Use these links to navigate to a particular top-level stanza.
         persistent: true
       ```
 
-  - `metrics` ((#v-connectinject-metrics)) - Configures metrics for services in the Consul service mesh. All values are overridable
+  - `metrics` ((#v-connectinject-metrics)) - Configures metrics for Consul service mesh services. All values are overridable
     via annotations on a per-pod basis.
 
     - `defaultEnabled` ((#v-connectinject-metrics-defaultenabled)) (`string: -`) - If true, the connect-injector will automatically
@@ -1690,14 +1863,14 @@ Use these links to navigate to a particular top-level stanza.
       metrics will depend on whether metrics merging is enabled:
         - If metrics merging is enabled:
           the consul-dataplane will run a merged metrics server
-          combining Envoy sidecar and mesh service metrics,
+          combining Envoy sidecar and Connect service metrics,
           i.e. if your service exposes its own Prometheus metrics.
         - If metrics merging is disabled:
           the listener will just expose Envoy sidecar metrics.
       This will inherit from `global.metrics.enabled`.
 
     - `defaultEnableMerging` ((#v-connectinject-metrics-defaultenablemerging)) (`boolean: false`) - Configures the consul-dataplane to run a merged metrics server
-      to combine and serve both Envoy and mesh service metrics.
+      to combine and serve both Envoy and Connect service metrics.
       This feature is available only in Consul v1.10.0 or greater.
 
     - `defaultMergedMetricsPort` ((#v-connectinject-metrics-defaultmergedmetricsport)) (`integer: 20100`) - Configures the port at which the consul-dataplane will listen on to return
@@ -1763,13 +1936,13 @@ Use these links to navigate to a particular top-level stanza.
 
     - `requests` ((#v-connectinject-resources-requests))
 
-      - `memory` ((#v-connectinject-resources-requests-memory)) (`string: 50Mi`) - Recommended production default: 500Mi
+      - `memory` ((#v-connectinject-resources-requests-memory)) (`string: 200Mi`) - Recommended production default: 500Mi
 
       - `cpu` ((#v-connectinject-resources-requests-cpu)) (`string: 50m`) - Recommended production default: 250m
 
     - `limits` ((#v-connectinject-resources-limits))
 
-      - `memory` ((#v-connectinject-resources-limits-memory)) (`string: 50Mi`) - Recommended production default: 500Mi
+      - `memory` ((#v-connectinject-resources-limits-memory)) (`string: 200Mi`) - Recommended production default: 500Mi
 
       - `cpu` ((#v-connectinject-resources-limits-cpu)) (`string: 50m`) - Recommended production default: 250m
 
@@ -1798,13 +1971,13 @@ Use these links to navigate to a particular top-level stanza.
         namespace-label: label-value
     ```
 
-  - `k8sAllowNamespaces` ((#v-connectinject-k8sallownamespaces)) (`array<string>: ["*"]`) - List of k8s namespaces to allow service mesh sidecar
+  - `k8sAllowNamespaces` ((#v-connectinject-k8sallownamespaces)) (`array<string>: ["*"]`) - List of k8s namespaces to allow Connect sidecar
     injection in. If a k8s namespace is not included or is listed in `k8sDenyNamespaces`,
     pods in that k8s namespace will not be injected even if they are explicitly
     annotated. Use `["*"]` to automatically allow all k8s namespaces.
 
     For example, `["namespace1", "namespace2"]` will only allow pods in the k8s
-    namespaces `namespace1` and `namespace2` to have service mesh sidecars injected
+    namespaces `namespace1` and `namespace2` to have Consul service mesh sidecars injected
     and registered with Consul. All other k8s namespaces will be ignored.
 
     To deny all namespaces, set this to `[]`.
@@ -1813,7 +1986,7 @@ Use these links to navigate to a particular top-level stanza.
     `namespaceSelector` takes precedence over both since it is applied first.
     `kube-system` and `kube-public` are never injected, even if included here.
 
-  - `k8sDenyNamespaces` ((#v-connectinject-k8sdenynamespaces)) (`array<string>: []`) - List of k8s namespaces that should not allow service mesh
+  - `k8sDenyNamespaces` ((#v-connectinject-k8sdenynamespaces)) (`array<string>: []`) - List of k8s namespaces that should not allow Connect
     sidecar injection. This list takes precedence over `k8sAllowNamespaces`.
     `*` is not supported because then nothing would be allowed to be injected.
 
@@ -1869,8 +2042,8 @@ Use these links to navigate to a particular top-level stanza.
     If set to an empty string all service accounts can log in.
     This only has effect if ACLs are enabled.
 
-    Refer to Auth methods [Binding rules](https://developer.hashicorp.com/consul/docs/security/acl/auth-methods#binding-rules)
-    and [Trusted identiy attributes](https://developer.hashicorp.com/consul/docs/security/acl/auth-methods/kubernetes#trusted-identity-attributes)
+    Refer to Auth methods [Binding rules](/consul/docs/security/acl/auth-methods#binding-rules)
+    and [Trusted identiy attributes](/consul/docs/security/acl/auth-methods/kubernetes#trusted-identity-attributes)
     for more details.
     Requires Consul >= v1.5.
 
@@ -1878,7 +2051,7 @@ Use these links to navigate to a particular top-level stanza.
     auth method for Connect inject, set this to the name of your auth method.
 
   - `aclInjectToken` ((#v-connectinject-aclinjecttoken)) - Refers to a Kubernetes secret that you have created that contains
-    an ACL token for your Consul cluster which allows the connect injector the correct
+    an ACL token for your Consul cluster which allows the Connect injector the correct
     permissions. This is only needed if Consul namespaces <EnterpriseAlert inline /> and ACLs
     are enabled on the Consul cluster and you are not setting
     `global.acls.manageSystemACLs` to `true`.
@@ -1922,7 +2095,26 @@ Use these links to navigate to a particular top-level stanza.
 
         - `cpu` ((#v-connectinject-sidecarproxy-resources-limits-cpu)) (`string: null`) - Recommended production default: 100m
 
-  - `initContainer` ((#v-connectinject-initcontainer)) (`map`) - The resource settings for the connect injected init container. If null, the resources
+    - `lifecycle` ((#v-connectinject-sidecarproxy-lifecycle)) (`map`) - Set default lifecycle management configuration for sidecar proxy.
+      These settings can be overridden on a per-pod basis via these annotations:
+
+      - `consul.hashicorp.com/enable-sidecar-proxy-lifecycle`
+      - `consul.hashicorp.com/enable-sidecar-proxy-shutdown-drain-listeners`
+      - `consul.hashicorp.com/sidecar-proxy-lifecycle-shutdown-grace-period-seconds`
+      - `consul.hashicorp.com/sidecar-proxy-lifecycle-graceful-port`
+      - `consul.hashicorp.com/sidecar-proxy-lifecycle-graceful-shutdown-path`
+
+        - `defaultEnabled` ((#v-connectinject-sidecarproxy-lifecycle-defaultenabled)) (`boolean: true`)
+
+        - `defaultEnableShutdownDrainListeners` ((#v-connectinject-sidecarproxy-lifecycle-defaultenableshutdowndrainlisteners)) (`boolean: true`)
+
+        - `defaultShutdownGracePeriodSeconds` ((#v-connectinject-sidecarproxy-lifecycle-defaultshutdowngraceperiodseconds)) (`integer: 30`)
+
+        - `defaultGracefulPort` ((#v-connectinject-sidecarproxy-lifecycle-defaultgracefulport)) (`integer: 20600`)
+
+        - `defaultGracefulShutdownPath` ((#v-connectinject-sidecarproxy-lifecycle-defaultgracefulshutdownpath)) (`string: /graceful_shutdown`)
+
+  - `initContainer` ((#v-connectinject-initcontainer)) (`map`) - The resource settings for the Connect injected init container. If null, the resources
     won't be set for the initContainer. The defaults are optimized for developer instances of
     Kubernetes, however they should be tweaked with the recommended defaults as shown below to speed up service registration times.
 
@@ -1942,11 +2134,11 @@ Use these links to navigate to a particular top-level stanza.
 
 ### meshGateway ((#h-meshgateway))
 
-- `meshGateway` ((#v-meshgateway)) - [Mesh Gateways](https://developer.hashicorp.com/consul/docs/connect/gateways/mesh-gateway) enable Consul service mesh to work across Consul datacenters.
+- `meshGateway` ((#v-meshgateway)) - [Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway) enable Consul Connect to work across Consul datacenters.
 
-  - `enabled` ((#v-meshgateway-enabled)) (`boolean: false`) - If [mesh gateways](https://developer.hashicorp.com/consul/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs
+  - `enabled` ((#v-meshgateway-enabled)) (`boolean: false`) - If [mesh gateways](/consul/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs
     gateways and Consul service mesh will be configured to use gateways.
-    This setting is required for [cluster peering](https://developer.hashicorp.com/consul/docs/connect/cluster-peering/k8s).
+    This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
     Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``.
 
   - `replicas` ((#v-meshgateway-replicas)) (`integer: 1`) - Number of replicas for the Deployment.
@@ -2110,8 +2302,7 @@ Use these links to navigate to a particular top-level stanza.
   for a specific gateway.
   Requirements: consul >= 1.8.0
 
-  - `enabled` ((#v-ingressgateways-enabled)) (`boolean: false`) - Enable ingress gateway deployment. Requires `connectInject.enabled=true`
-    and `client.enabled=true`.
+  - `enabled` ((#v-ingressgateways-enabled)) (`boolean: false`) - Enable ingress gateway deployment. Requires `connectInject.enabled=true`.
 
   - `defaults` ((#v-ingressgateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
     of annotations, defining any of these values in the `gateways` list
@@ -2228,7 +2419,7 @@ Use these links to navigate to a particular top-level stanza.
     `defaults`. Values defined here override the defaults except in the
     case of annotations where both will be applied.
 
-  - `name` ((#v-ingressgateways-gateways-name)) (`string: ingress-gateway`)
+    - `name` ((#v-ingressgateways-gateways-name)) (`string: ingress-gateway`)
 
 ### terminatingGateways ((#h-terminatinggateways))
 
@@ -2240,8 +2431,7 @@ Use these links to navigate to a particular top-level stanza.
   for a specific gateway.
   Requirements: consul >= 1.8.0
 
-  - `enabled` ((#v-terminatinggateways-enabled)) (`boolean: false`) - Enable terminating gateway deployment. Requires `connectInject.enabled=true`
-    and `client.enabled=true`.
+  - `enabled` ((#v-terminatinggateways-enabled)) (`boolean: false`) - Enable terminating gateway deployment. Requires `connectInject.enabled=true`.
 
   - `defaults` ((#v-terminatinggateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
     of annotations, defining any of these values in the `gateways` list
@@ -2344,11 +2534,12 @@ Use these links to navigate to a particular top-level stanza.
     `defaults`. Values defined here override the defaults except in the
     case of annotations where both will be applied.
 
-  - `name` ((#v-terminatinggateways-gateways-name)) (`string: terminating-gateway`)
+    - `name` ((#v-terminatinggateways-gateways-name)) (`string: terminating-gateway`)
 
 ### apiGateway ((#h-apigateway))
 
-- `apiGateway` ((#v-apigateway)) - Configuration settings for the Consul API Gateway integration
+- `apiGateway` ((#v-apigateway)) - [DEPRECATED] Use connectInject.apiGateway instead. This stanza will be removed with the release of Consul 1.17
+  Configuration settings for the Consul API Gateway integration
 
   - `enabled` ((#v-apigateway-enabled)) (`boolean: false`) - When true the helm chart will install the Consul API Gateway controller
 

From 3dc6f8fc0642b779a207ce308b1bf91a5750ea11 Mon Sep 17 00:00:00 2001
From: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>
Date: Tue, 11 Jul 2023 17:13:54 -0700
Subject: [PATCH 154/359] ci: use gotestsum v1.10.1 [NET-4042] (#18088)

---
 .github/workflows/reusable-unit-split.yml | 2 +-
 .github/workflows/reusable-unit.yml       | 2 +-
 .github/workflows/test-integrations.yml   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/reusable-unit-split.yml b/.github/workflows/reusable-unit-split.yml
index e2da1920967e..7750627f4253 100644
--- a/.github/workflows/reusable-unit-split.yml
+++ b/.github/workflows/reusable-unit-split.yml
@@ -46,7 +46,7 @@ on:
         required: true
 env:
   TEST_RESULTS: /tmp/test-results
-  GOTESTSUM_VERSION: 1.8.2
+  GOTESTSUM_VERSION: "1.10.1"
   GOARCH: ${{inputs.go-arch}}
   TOTAL_RUNNERS: ${{inputs.runner-count}}
   CONSUL_LICENSE: ${{secrets.consul-license}}
diff --git a/.github/workflows/reusable-unit.yml b/.github/workflows/reusable-unit.yml
index 3f7ffa277412..c066cad3f48d 100644
--- a/.github/workflows/reusable-unit.yml
+++ b/.github/workflows/reusable-unit.yml
@@ -42,7 +42,7 @@ on:
         required: true
 env:
   TEST_RESULTS: /tmp/test-results
-  GOTESTSUM_VERSION: 1.8.2
+  GOTESTSUM_VERSION: "1.10.1"
   GOARCH: ${{inputs.go-arch}}
   CONSUL_LICENSE: ${{secrets.consul-license}}
   GOTAGS: ${{ inputs.go-tags}}
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 641533012db4..263a2e41e4ae 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -19,7 +19,7 @@ env:
   TEST_RESULTS_ARTIFACT_NAME: test-results
   CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
   GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
-  GOTESTSUM_VERSION: "1.9.0"
+  GOTESTSUM_VERSION: "1.10.1"
   CONSUL_BINARY_UPLOAD_NAME: consul-bin
   # strip the hashicorp/ off the front of github.repository for consul
   CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'consul' }}

From 51d8eb8e07f3ecf251380c90079ad7f984c734e3 Mon Sep 17 00:00:00 2001
From: Curt Bushko <cbushko@gmail.com>
Date: Tue, 11 Jul 2023 23:11:38 -0400
Subject: [PATCH 155/359] Docs: Update proxy lifecycle annotations and
 consul-dataplane flags (#18075)

* Update proxy lifecycle annotations and consul-dataplane flags
---
 .../connect/dataplane/consul-dataplane.mdx    |  4 ++
 .../docs/k8s/annotations-and-labels.mdx       | 42 +++++++++++--------
 2 files changed, 28 insertions(+), 18 deletions(-)

diff --git a/website/content/docs/connect/dataplane/consul-dataplane.mdx b/website/content/docs/connect/dataplane/consul-dataplane.mdx
index ab59a5ba60cc..cf0ae4332120 100644
--- a/website/content/docs/connect/dataplane/consul-dataplane.mdx
+++ b/website/content/docs/connect/dataplane/consul-dataplane.mdx
@@ -54,6 +54,8 @@ The following options are required when starting `consul-dataplane` with the CLI
 - `-envoy-concurrency` - The number of worker threads that Envoy uses. Default is `2`. Accepted environment variable is `DP_ENVOY_CONCURRENCY`.
 - `-envoy-ready-bind-address` - The address Envoy's readiness probe is available on. Accepted environment variable is `DP_ENVOY_READY_BIND_ADDRESS`.
 - `-envoy-ready-bind-port` - The port Envoy's readiness probe is available on. Accepted environment variable is `DP_ENVOY_READY_BIND_PORT`.
+- `-graceful-port` - The port to serve HTTP endpoints for graceful operations. Accepted environment variable is `DP_GRACEFUL_PORT`.
+- `-graceful-shutdown-path` - The HTTP path to serve the graceful shutdown endpoint. Accepted environment variable is `DP_GRACEFUL_SHUTDOWN_PATH`.
 - `-grpc-port` - The Consul server gRPC port to which `consul-dataplane` connects. Default is `8502`. Accepted environment variable is `DP_CONSUL_GRPC_PORT`.
 - `-log-json` - Enables log messages in JSON format. Default is `false`. Accepted environment variable is `DP_LOG_JSON`.
 - `-log-level` - Log level of the messages to print. Available log levels are `"trace"`, `"debug"`, `"info"`, `"warn"`, and `"error"`. Default is `"info"`. Accepted environment variable is `DP_LOG_LEVEL`.
@@ -71,6 +73,8 @@ The following options are required when starting `consul-dataplane` with the CLI
 - `-service-node-id` - The ID of the Consul node to which the proxy service instance is registered. Accepted environment variable is `DP_SERVICE_NODE_ID`.
 - `-service-node-name` - The name of the Consul node to which the proxy service instance is registered. Accepted environment variable is `DP_SERVICE_NODE_NAME`.
 - `-service-partition` <EnterpriseAlert inline /> - The Consul Enterprise partition in which the proxy service instance is registered. Accepted environment variable is `DP_SERVICE_PARTITION`.
+- `-shutdown-drain-listeners` - Wait for proxy listeners to drain before terminating the proxy container. Accepted environment variable is `DP_SHUTDOWN_DRAIN_LISTENERS`.
+- `-shutdown-grace-period-seconds` - Amount of time to wait after receiving a SIGTERM signal before terminating the proxy. Accepted environment variable is `DP_SHUTDOWN_GRACE_PERIOD_SECONDS`.
 - `-static-token` - The ACL token used to authenticate requests to Consul servers when `-credential-type` is set to `"static"`. Accepted environment variable is `DP_CREDENTIAL_STATIC_TOKEN`.
 - `-telemetry-prom-ca-certs-path` - The path to a file or directory containing CA certificates used to verify the Prometheus server's certificate. Accepted environment variable is `DP_TELEMETRY_PROM_CA_CERTS_PATH`.
 - `-telemetry-prom-cert-file` - The path to the client certificate used to serve Prometheus metrics. Accepted environment variable is `DP_TELEMETRY_PROM_CERT_FILE`.
diff --git a/website/content/docs/k8s/annotations-and-labels.mdx b/website/content/docs/k8s/annotations-and-labels.mdx
index 56d0aa6006f1..0735ede6cce1 100644
--- a/website/content/docs/k8s/annotations-and-labels.mdx
+++ b/website/content/docs/k8s/annotations-and-labels.mdx
@@ -91,38 +91,38 @@ The following Kubernetes resource annotations could be used on a pod to control
         annotations:
           "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc:[port]"
         ```
-      
+
       - Peer or datacenter: Place the peer or datacenter after `svc.` followed by either `peer` or `dc` and the port number.
-        
+
         ```yaml
         annotations:
           "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-peer].peer:[port]"
         ```
-        
+
         ```yaml
         annotations:
           "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-dc].dc:[port]"
         ```
-      
+
       - Namespace (requires Consul Enterprise): Place the namespace after `svc.` followed by `ns` and the port number.
-        
+
         ```yaml
         annotations:
           "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns:[port]"
         ```
-        
+
         When namespaces are enabled, you must include the namespace in the annotation before specifying a cluster peer, WAN-federated datacenter, or admin partition in the same datacenter.
-        
+
         ```yaml
         annotations:
           "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns.[service-peer].peer:[port]"
         ```
-        
+
         ```yaml
         annotations:
           "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns.[service-partition].ap:[port]"
         ```
-        
+
         ```yaml
         annotations:
           "consul.hashicorp.com/connect-service-upstreams":"[service-name].svc.[service-namespace].ns.[service-dc].dc:[port]"
@@ -132,7 +132,7 @@ The following Kubernetes resource annotations could be used on a pod to control
        The unlabeled annotation format allows you to reference any service not in a cluster peer as an upstream. You can specify a Consul Enterprise namespace. You can also specify an admin partition in the same datacenter or a WAN-federated datacenter. Unlike the labeled annotation, you can also reference a prepared query as an upstream.
 
       - Service name: Place the service name at the beginning of the annotation to specify the upstream service. You also have the option to append the WAN federated datacenter where the service is deployed.
-   
+
         ```yaml
         annotations:
           "consul.hashicorp.com/connect-service-upstreams":"[service-name]:[port]:[optional datacenter]"
@@ -140,7 +140,7 @@ The following Kubernetes resource annotations could be used on a pod to control
 
       - Namespace: Upstream services may be running in a different namespace. Place
       the upstream namespace after the service name. For additional details about configuring the injector, refer to [Consul Enterprise namespaces](#consul-enterprise-namespaces) .
-        
+
         ```yaml
         annotations:
           "consul.hashicorp.com/connect-service-upstreams":"[service-name].[service-namespace]:[port]:[optional datacenter]"
@@ -158,7 +158,7 @@ The following Kubernetes resource annotations could be used on a pod to control
         annotations:
           "consul.hashicorp.com/connect-service-upstreams":"[service-name].[service-namespace].[service-partition]:[port]:[optional datacenter]"
         ```
-        
+
       - Prepared queries: To reference a [prepared query](/consul/api-docs/query) in an upstream annotation, prepend the annotation
         with `prepared_query` and then invoke the name of the query.
 
@@ -166,7 +166,7 @@ The following Kubernetes resource annotations could be used on a pod to control
         annotations:
           'consul.hashicorp.com/connect-service-upstreams': 'prepared_query:[query name]:[port]'
         ```
-        
+
     - **Multiple upstreams**: Delimit multiple services or upstreams with commas. You can specify any of the unlabeled, labeled, or prepared query formats when using the supported versions for the formats.
 
       ```yaml
@@ -239,6 +239,12 @@ The following Kubernetes resource annotations could be used on a pod to control
   - `consul.hashicorp.com/consul-sidecar-memory-limit` - Override the default memory limit.
   - `consul.hashicorp.com/consul-sidecar-memory-request` - Override the default memory request.
 
+- `consul.hashicorp.com/enable-sidecar-proxy-lifecycle` - Override the default Helm value [`connectInject.sidecarProxy.lifecycle.defaultEnabled`](/consul/docs/k8s/helm#v-connectinject-sidecarproxy-lifecycle-defaultenabled)
+- `consul.hashicorp.com/enable-sidecar-proxy-shutdown-drain-listeners` - Override the default Helm value [`connectInject.sidecarProxy.lifecycle.defaultEnableShutdownDrainListeners`](/consul/docs/k8s/helm#v-connectinject-sidecarproxy-lifecycle-defaultenableshutdowndrainlisteners)
+- `consul.hashicorp.com/sidecar-proxy-lifecycle-shutdown-grace-period-seconds` - Override the default Helm value [`connectInject.sidecarProxy.lifecycle.defaultShutdownGracePeriodSeconds`](/consul/docs/k8s/helm#v-connectinject-sidecarproxy-lifecycle-defaultshutdowngraceperiodseconds)
+- `consul.hashicorp.com/sidecar-proxy-lifecycle-graceful-port` - Override the default Helm value [`connectInject.sidecarProxy.lifecycle.defaultGracefulPort`](/consul/docs/k8s/helm#v-connectinject-sidecarproxy-lifecycle-defaultgracefulport)
+- `consul.hashicorp.com/sidecar-proxy-lifecycle-graceful-shutdown-path` - Override the default Helm value [`connectInject.sidecarProxy.lifecycle.defaultGracefulShutdownPath`](/consul/docs/k8s/helm#v-connectinject-sidecarproxy-lifecycle-defaultgracefulshutdownpath)
+
 - `consul.hashicorp.com/enable-metrics` - Override the default Helm value [`connectInject.metrics.defaultEnabled`](/consul/docs/k8s/helm#v-connectinject-metrics-defaultenabled).
 - `consul.hashicorp.com/enable-metrics-merging` - Override the default Helm value [`connectInject.metrics.defaultEnableMerging`](/consul/docs/k8s/helm#v-connectinject-metrics-defaultenablemerging).
 - `consul.hashicorp.com/merged-metrics-port` - Override the default Helm value [`connectInject.metrics.defaultMergedMetricsPort`](/consul/docs/k8s/helm#v-connectinject-metrics-defaultmergedmetricsport).
@@ -281,21 +287,21 @@ Resource labels could be used on a Kubernetes service to control connect-inject
   registration to ignore all services except for the one which should be used for routing requests
   using Consul.
 
-## Service Sync 
+## Service Sync
 
 ### Annotations
 
 The following Kubernetes resource annotations could be used on a pod to [Service Sync](https://developer.hashicorp.com/consul/docs/k8s/service-sync) behavior:
 
-- `consul.hashicorp.com/service-sync`: If this is set to `true`, then the Kubernetes service is explicitly configured to be synced to Consul.  
+- `consul.hashicorp.com/service-sync`: If this is set to `true`, then the Kubernetes service is explicitly configured to be synced to Consul.
 
   ```yaml
   annotations:
     'consul.hashicorp.com/service-sync': 'true'
   ```
 
-- `consul.hashicorp.com/service-port`: Configures the port to register to the Consul Catalog for the Kubernetes service. The annotation value may be a name of a port (recommended) or an exact port value. Refer to [service ports](https://developer.hashicorp.com/consul/docs/k8s/service-sync#service-ports) for more information. 
- 
+- `consul.hashicorp.com/service-port`: Configures the port to register to the Consul Catalog for the Kubernetes service. The annotation value may be a name of a port (recommended) or an exact port value. Refer to [service ports](https://developer.hashicorp.com/consul/docs/k8s/service-sync#service-ports) for more information.
+
   ```yaml
   annotations:
     'consul.hashicorp.com/service-port': 'http'
@@ -315,7 +321,7 @@ The following Kubernetes resource annotations could be used on a pod to [Service
     'consul.hashicorp.com/service-meta-KEY': 'value'
   ```
 
-- `consul.hashicorp.com/service-weight:` - Configures ability to support weighted loadbalancing by service annotation for Catalog Sync. The integer provided will be applied as a weight for the `passing` state for the health of the service. Refer to [weights](/consul/docs/services/configuration/services-configuration-reference#weights) in service configuration for more information on how this is leveraged for services in the Consul catalog. 
+- `consul.hashicorp.com/service-weight:` - Configures ability to support weighted loadbalancing by service annotation for Catalog Sync. The integer provided will be applied as a weight for the `passing` state for the health of the service. Refer to [weights](/consul/docs/services/configuration/services-configuration-reference#weights) in service configuration for more information on how this is leveraged for services in the Consul catalog.
 
   ```yaml
   annotations:

From f472164f053aac8990edf1939adaad489539697f Mon Sep 17 00:00:00 2001
From: Tom Davies <tom@t-davies.com>
Date: Wed, 12 Jul 2023 16:24:12 +0100
Subject: [PATCH 156/359] Pass configured role name to Vault for AWS auth in
 Connect CA (#17885)

---
 .changelog/17885.txt                         |  2 ++
 agent/connect/ca/provider_vault_auth_aws.go  |  7 +++++++
 agent/connect/ca/provider_vault_auth_test.go | 17 ++++++++++++++---
 3 files changed, 23 insertions(+), 3 deletions(-)
 create mode 100644 .changelog/17885.txt

diff --git a/.changelog/17885.txt b/.changelog/17885.txt
new file mode 100644
index 000000000000..2cd690488d92
--- /dev/null
+++ b/.changelog/17885.txt
@@ -0,0 +1,2 @@
+```release-note:bug
+ca: Fixed a bug where the Vault provider was not passing the configured role param for AWS auth
diff --git a/agent/connect/ca/provider_vault_auth_aws.go b/agent/connect/ca/provider_vault_auth_aws.go
index 59f1c98035af..02abf39824cb 100644
--- a/agent/connect/ca/provider_vault_auth_aws.go
+++ b/agent/connect/ca/provider_vault_auth_aws.go
@@ -72,6 +72,13 @@ func (g *AWSLoginDataGenerator) GenerateLoginData(authMethod *structs.VaultAuthM
 	if err != nil {
 		return nil, fmt.Errorf("aws auth failed to generate login data: %w", err)
 	}
+
+	// If a Vault role name is specified, we need to manually add this
+	role, ok := authMethod.Params["role"]
+	if ok {
+		loginData["role"] = role
+	}
+
 	return loginData, nil
 }
 
diff --git a/agent/connect/ca/provider_vault_auth_test.go b/agent/connect/ca/provider_vault_auth_test.go
index c6979dbbe50a..74507acb39e7 100644
--- a/agent/connect/ca/provider_vault_auth_test.go
+++ b/agent/connect/ca/provider_vault_auth_test.go
@@ -278,15 +278,22 @@ func TestVaultCAProvider_AWSCredentialsConfig(t *testing.T) {
 
 func TestVaultCAProvider_AWSLoginDataGenerator(t *testing.T) {
 	cases := map[string]struct {
-		expErr error
+		expErr     error
+		authMethod structs.VaultAuthMethod
 	}{
-		"valid login data": {},
+		"valid login data": {
+			authMethod: structs.VaultAuthMethod{},
+		},
+		"with role": {
+			expErr:     nil,
+			authMethod: structs.VaultAuthMethod{Type: "aws", MountPath: "", Params: map[string]interface{}{"role": "test-role"}},
+		},
 	}
 
 	for name, c := range cases {
 		t.Run(name, func(t *testing.T) {
 			ldg := &AWSLoginDataGenerator{credentials: credentials.AnonymousCredentials}
-			loginData, err := ldg.GenerateLoginData(&structs.VaultAuthMethod{})
+			loginData, err := ldg.GenerateLoginData(&c.authMethod)
 			if c.expErr != nil {
 				require.Error(t, err)
 				require.Contains(t, err.Error(), c.expErr.Error())
@@ -307,6 +314,10 @@ func TestVaultCAProvider_AWSLoginDataGenerator(t *testing.T) {
 				require.True(t, exists, "missing expected key: %s", key)
 				require.NotEmpty(t, val, "expected non-empty value for key: %s", key)
 			}
+
+			if c.authMethod.Params["role"] != nil {
+				require.Equal(t, c.authMethod.Params["role"], loginData["role"])
+			}
 		})
 	}
 }

From ebfed566b28bd02aa461b360b90c37ef512d847c Mon Sep 17 00:00:00 2001
From: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Date: Wed, 12 Jul 2023 09:54:35 -0700
Subject: [PATCH 157/359] Docs for dataplane upgrade on k8s (#18051)

* Docs for dataplane upgrade on k8s

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 website/content/docs/k8s/upgrade/index.mdx | 35 ++++++++++++----------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx
index e41141c142a6..695e615b7bf9 100644
--- a/website/content/docs/k8s/upgrade/index.mdx
+++ b/website/content/docs/k8s/upgrade/index.mdx
@@ -219,25 +219,23 @@ In earlier versions, Consul on Kubernetes used client agents in its deployments.
 
 If you upgrade Consul from a version that uses client agents to a version the uses dataplanes, complete the following steps to upgrade your deployment safely and without downtime.
 
-1. Before you upgrade, edit your Helm chart configuration to enable Consul client agents by setting `client.enabled` and `client.updateStrategy`:
+1. If ACLs are enabled, you must first upgrade to consul-k8s 0.49.8 or above. These versions expose the setting `connectInject.prepareDataplanesUpgrade`
+   which is required for no-downtime upgrades when ACLs are enabled.
+
+   Set `connectInject.prepareDataplanesUpgrade` to `true` and then perform the upgrade to 0.49.8 or above (whichever is the latest in the 0.49.x series)
 
   ```yaml filename="values.yaml"
-  client:
-      enabled: true
-      updateStrategy: |
-        type: OnDelete
+  connectInject:
+    prepareDataplanesUpgrade: true
   ```
 
-1. Update the `connect-injector` to not log out on restart
-to make sure that the ACL tokens used by existing services are still valid during the migration to `consul-dataplane`.
-Note that you must remove the token manually after completing the migration.
+1. Consul dataplanes disables Consul clients by default, but during an upgrade you need to ensure Consul clients continue to run. Edit your Helm chart configuration and set the [`client.enabled`](/consul/docs/k8s/helm#v-client-enabled) field to `true` and specify an action for Consul to take during the upgrade process in the [`client.updateStrategy`](/consul/docs/k8s/helm#v-client-updatestrategy) field:
 
-  The following command triggers the deployment rollout. Wait for the rollout to complete before proceeding to next step.
-
-  ```bash
-  kubectl config set-context --current --namespace=<consul installation namespace>
-  INJECTOR_DEPLOYMENT=$(kubectl get deploy -l "component=connect-injector" -o=jsonpath='{.items[0].metadata.name}')
-  kubectl patch deploy $INJECTOR_DEPLOYMENT --type='json' -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/lifecycle"}]'
+  ```yaml filename="values.yaml"
+  client:
+    enabled: true
+    updateStrategy: |
+      type: OnDelete
   ```
 
 1. Follow our [recommended procedures to upgrade servers](#upgrade-consul-servers) on Kubernetes deployments to upgrade Helm values for the new version of Consul. The latest version of consul-k8s components may be in a CrashLoopBackoff state during the performance of the server upgrade from versions <1.14.x until all Consul servers are on versions >=1.14.x. Components in CrashLoopBackoff will not negatively affect the cluster because older versioned components will still be operating. Once all servers have been fully upgraded, the latest consul-k8s components will automatically restore from CrashLoopBackoff and older component versions will be spun down.
@@ -246,7 +244,14 @@ Note that you must remove the token manually after completing the migration.
 
 1. Restart all gateways in your service mesh.
 
-1. Disable client agents in your Helm chart by deleting the `client` stanza or setting `client.enabled` to `false` and running a `consul-k8s` or Helm upgrade.
+1. Now that all services and gateways are using Consul dataplanes, disable client agents in your Helm chart by deleting the `client` stanza or setting `client.enabled` to `false` and running a `consul-k8s` or Helm upgrade.
+
+1. If ACLs are enabled, outdated ACL tokens will persist a result of the upgrade. You can manually delete the tokens to declutter your Consul environment.
+
+   Outdated connect-injector tokens have the following description: `token created via login: {"component":"connect-injector"}`. Do not delete
+   the tokens that have a description where `pod` is a key, for example `token created via login: {"component":"connect-injector","pod":"default/consul-connect-injector-576b65747c-9547x"}`). The dataplane-enabled connect inject pods use these tokens.    
+
+   You can also review the creation date for the tokens and only delete the injector tokens created before your upgrade, but do not delete all old tokens without considering if they are still in use. Some tokens, such as the server tokens, are still necessary.
 
 ## Configuring TLS on an existing cluster
 

From f51a9d29aea20bd52d8d0bdba38cba9ea476e653 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Wed, 12 Jul 2023 10:56:38 -0600
Subject: [PATCH 158/359] docs - update upgrade index page to not recommend
 consul leave. (#18100)

---
 website/content/docs/upgrading/index.mdx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/website/content/docs/upgrading/index.mdx b/website/content/docs/upgrading/index.mdx
index 27500a4cb4ef..4b3ecad8d848 100644
--- a/website/content/docs/upgrading/index.mdx
+++ b/website/content/docs/upgrading/index.mdx
@@ -36,7 +36,8 @@ Consul is A, and version B is released.
 
 2. On each Consul server agent, install version B of Consul.
 
-3. One Consul server agent at a time, shut down version A via `consul leave` and restart with version B. Wait until
+3. One Consul server agent at a time,  use a service management system
+   (e.g., systemd, upstart, etc.) to restart the Consul service with version B. Wait until
    the server agent is healthy and has rejoined the cluster before moving on to the
    next server agent.
 

From 2f20c77e4df9d663ee5f06d811c23dd9ad14db88 Mon Sep 17 00:00:00 2001
From: Vijay <vijayraghav22@gmail.com>
Date: Thu, 13 Jul 2023 01:04:39 +0530
Subject: [PATCH 159/359] Displays Consul version of each nodes in UI nodes
 section (#17754)

* update UINodes and UINodeInfo response with consul-version info added as NodeMeta, fetched from serf members

* update test cases TestUINodes, TestUINodeInfo

* added nil check for map

* add consul-version in local agent node metadata

* get consul version from serf member and add this as node meta in catalog register request

* updated ui mock response to include consul versions as node meta

* updated ui trans and added version as query param to node list route

* updates in ui templates to display consul version with filter and sorts

* updates in ui - model class, serializers,comparators,predicates for consul version feature

* added change log for Consul Version Feature

* updated to get version from consul service, if for some reason not available from serf

* updated changelog text

* updated dependent testcases

* multiselection version filter

* Update agent/consul/state/catalog.go

comments updated

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

---------

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
---
 .changelog/17754.txt                          |  3 +
 agent/agent.go                                |  1 +
 agent/agent_endpoint_test.go                  |  3 +-
 agent/consul/leader.go                        | 10 ++
 agent/consul/state/catalog.go                 |  7 ++
 agent/consul/state/catalog_test.go            | 25 ++++-
 agent/consul/state/state_store_test.go        | 31 ++++++
 agent/local/state_test.go                     | 12 ++-
 agent/structs/structs.go                      |  3 +
 agent/ui_endpoint.go                          | 96 +++++++++++++++++++
 agent/ui_endpoint_test.go                     |  6 ++
 api/catalog_test.go                           |  1 +
 api/txn_test.go                               |  5 +-
 sdk/testutil/server.go                        |  2 +
 .../app/components/consul/node/list/index.hbs | 12 +++
 .../consul/node/search-bar/index.hbs          | 41 ++++++--
 .../consul-ui/app/filter/predicates/node.js   |  8 ++
 ui/packages/consul-ui/app/models/node.js      |  5 +
 .../consul-ui/app/serializers/application.js  | 45 +++++++++
 .../consul-ui/app/sort/comparators/node.js    | 37 +++++++
 .../app/templates/dc/nodes/index.hbs          |  8 +-
 .../consul-ui/mock-api/v1/internal/ui/node/_  |  1 +
 .../consul-ui/mock-api/v1/internal/ui/nodes   |  1 +
 .../tests/unit/sort/comparators/node-test.js  | 45 +++++++++
 .../consul-ui/translations/common/en-us.yaml  |  4 +
 .../consul-ui/vendor/consul-ui/routes.js      |  1 +
 26 files changed, 397 insertions(+), 16 deletions(-)
 create mode 100644 .changelog/17754.txt
 create mode 100644 ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js

diff --git a/.changelog/17754.txt b/.changelog/17754.txt
new file mode 100644
index 000000000000..32272ec1ae91
--- /dev/null
+++ b/.changelog/17754.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+ui: Display the Consul agent version in the nodes list, and allow filtering and sorting of nodes based on versions.
+```
\ No newline at end of file
diff --git a/agent/agent.go b/agent/agent.go
index fa75a1cd1cf4..881b94209d84 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -3999,6 +3999,7 @@ func (a *Agent) loadMetadata(conf *config.RuntimeConfig) error {
 		meta[k] = v
 	}
 	meta[structs.MetaSegmentKey] = conf.SegmentName
+	meta[structs.MetaConsulVersion] = conf.Version
 	return a.State.LoadMetadata(meta)
 }
 
diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go
index c465b687a880..1a275f61afb3 100644
--- a/agent/agent_endpoint_test.go
+++ b/agent/agent_endpoint_test.go
@@ -1506,7 +1506,8 @@ func TestAgent_Self(t *testing.T) {
 			require.NoError(t, err)
 			require.Equal(t, cs[a.config.SegmentName], val.Coord)
 
-			delete(val.Meta, structs.MetaSegmentKey) // Added later, not in config.
+			delete(val.Meta, structs.MetaSegmentKey)    // Added later, not in config.
+			delete(val.Meta, structs.MetaConsulVersion) // Added later, not in config.
 			require.Equal(t, a.config.NodeMeta, val.Meta)
 
 			if tc.expectXDS {
diff --git a/agent/consul/leader.go b/agent/consul/leader.go
index c91655c5c863..4bc1908d5fe8 100644
--- a/agent/consul/leader.go
+++ b/agent/consul/leader.go
@@ -1087,6 +1087,13 @@ AFTER_CHECK:
 		"partition", getSerfMemberEnterpriseMeta(member).PartitionOrDefault(),
 	)
 
+	// Get consul version from serf member
+	// add this as node meta in catalog register request
+	buildVersion, err := metadata.Build(&member)
+	if err != nil {
+		return err
+	}
+
 	// Register with the catalog.
 	req := structs.RegisterRequest{
 		Datacenter: s.config.Datacenter,
@@ -1102,6 +1109,9 @@ AFTER_CHECK:
 			Output:  structs.SerfCheckAliveOutput,
 		},
 		EnterpriseMeta: *nodeEntMeta,
+		NodeMeta: map[string]string{
+			structs.MetaConsulVersion: buildVersion.String(),
+		},
 	}
 	if node != nil {
 		req.TaggedAddresses = node.TaggedAddresses
diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go
index 74efc3229556..4e9fcf716c47 100644
--- a/agent/consul/state/catalog.go
+++ b/agent/consul/state/catalog.go
@@ -3450,6 +3450,13 @@ func parseNodes(tx ReadTxn, ws memdb.WatchSet, idx uint64,
 		ws.AddWithLimit(watchLimit, services.WatchCh(), allServicesCh)
 		for service := services.Next(); service != nil; service = services.Next() {
 			ns := service.(*structs.ServiceNode).ToNodeService()
+			// If version isn't defined in node meta, set it from the Consul service meta
+			if _, ok := dump.Meta[structs.MetaConsulVersion]; !ok && ns.ID == "consul" && ns.Meta["version"] != "" {
+				if dump.Meta == nil {
+					dump.Meta = make(map[string]string)
+				}
+				dump.Meta[structs.MetaConsulVersion] = ns.Meta["version"]
+			}
 			dump.Services = append(dump.Services, ns)
 		}
 
diff --git a/agent/consul/state/catalog_test.go b/agent/consul/state/catalog_test.go
index 0de535c3b4b3..e6b279580b03 100644
--- a/agent/consul/state/catalog_test.go
+++ b/agent/consul/state/catalog_test.go
@@ -4837,6 +4837,9 @@ func TestStateStore_NodeInfo_NodeDump(t *testing.T) {
 	}
 
 	// Register some nodes
+	// node1 is registered withOut any nodemeta, and a consul service with id
+	// 'consul' is added later with meta 'version'. The expected node must have
+	// meta 'consul-version' with same value
 	testRegisterNode(t, s, 0, "node1")
 	testRegisterNode(t, s, 1, "node2")
 
@@ -4845,6 +4848,8 @@ func TestStateStore_NodeInfo_NodeDump(t *testing.T) {
 	testRegisterService(t, s, 3, "node1", "service2")
 	testRegisterService(t, s, 4, "node2", "service1")
 	testRegisterService(t, s, 5, "node2", "service2")
+	// Register consul service with meta 'version' for node1
+	testRegisterServiceWithMeta(t, s, 10, "node1", "consul", map[string]string{"version": "1.17.0"})
 
 	// Register service-level checks
 	testRegisterCheck(t, s, 6, "node1", "service1", "check1", api.HealthPassing)
@@ -4894,6 +4899,19 @@ func TestStateStore_NodeInfo_NodeDump(t *testing.T) {
 				},
 			},
 			Services: []*structs.NodeService{
+				{
+					ID:      "consul",
+					Service: "consul",
+					Address: "1.1.1.1",
+					Meta:    map[string]string{"version": "1.17.0"},
+					Port:    1111,
+					Weights: &structs.Weights{Passing: 1, Warning: 1},
+					RaftIndex: structs.RaftIndex{
+						CreateIndex: 10,
+						ModifyIndex: 10,
+					},
+					EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
+				},
 				{
 					ID:      "service1",
 					Service: "service1",
@@ -4921,6 +4939,7 @@ func TestStateStore_NodeInfo_NodeDump(t *testing.T) {
 					EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
 				},
 			},
+			Meta: map[string]string{"consul-version": "1.17.0"},
 		},
 		&structs.NodeInfo{
 			Node:      "node2",
@@ -4988,7 +5007,7 @@ func TestStateStore_NodeInfo_NodeDump(t *testing.T) {
 	if err != nil {
 		t.Fatalf("err: %s", err)
 	}
-	if idx != 9 {
+	if idx != 10 {
 		t.Fatalf("bad index: %d", idx)
 	}
 	require.Len(t, dump, 1)
@@ -4999,8 +5018,8 @@ func TestStateStore_NodeInfo_NodeDump(t *testing.T) {
 	if err != nil {
 		t.Fatalf("err: %s", err)
 	}
-	if idx != 9 {
-		t.Fatalf("bad index: %d", 9)
+	if idx != 10 {
+		t.Fatalf("bad index: %d", idx)
 	}
 	if !reflect.DeepEqual(dump, expect) {
 		t.Fatalf("bad: %#v", dump[0].Services[0])
diff --git a/agent/consul/state/state_store_test.go b/agent/consul/state/state_store_test.go
index fef750253272..587f15c03d94 100644
--- a/agent/consul/state/state_store_test.go
+++ b/agent/consul/state/state_store_test.go
@@ -189,6 +189,37 @@ func testRegisterServiceWithChangeOpts(t *testing.T, s *Store, idx uint64, nodeI
 	return svc
 }
 
+// testRegisterServiceWithMeta registers service with Meta passed as arg.
+func testRegisterServiceWithMeta(t *testing.T, s *Store, idx uint64, nodeID, serviceID string, meta map[string]string, opts ...func(service *structs.NodeService)) *structs.NodeService {
+	svc := &structs.NodeService{
+		ID:      serviceID,
+		Service: serviceID,
+		Address: "1.1.1.1",
+		Port:    1111,
+		Meta:    meta,
+	}
+	for _, o := range opts {
+		o(svc)
+	}
+
+	if err := s.EnsureService(idx, nodeID, svc); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	tx := s.db.Txn(false)
+	defer tx.Abort()
+	service, err := tx.First(tableServices, indexID, NodeServiceQuery{Node: nodeID, Service: serviceID, PeerName: svc.PeerName})
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if result, ok := service.(*structs.ServiceNode); !ok ||
+		result.Node != nodeID ||
+		result.ServiceID != serviceID {
+		t.Fatalf("bad service: %#v", result)
+	}
+	return svc
+}
+
 // testRegisterService register a service with given transaction idx
 // If the service already exists, transaction number might not be increased
 // Use `testRegisterServiceWithChange()` if you want perform a registration that
diff --git a/agent/local/state_test.go b/agent/local/state_test.go
index 0a78f321f7a5..4751352ec1c8 100644
--- a/agent/local/state_test.go
+++ b/agent/local/state_test.go
@@ -189,7 +189,8 @@ func TestAgentAntiEntropy_Services(t *testing.T) {
 	id := services.NodeServices.Node.ID
 	addrs := services.NodeServices.Node.TaggedAddresses
 	meta := services.NodeServices.Node.Meta
-	delete(meta, structs.MetaSegmentKey) // Added later, not in config.
+	delete(meta, structs.MetaSegmentKey)    // Added later, not in config.
+	delete(meta, structs.MetaConsulVersion) // Added later, not in config.
 	assert.Equal(t, a.Config.NodeID, id)
 	assert.Equal(t, a.Config.TaggedAddresses, addrs)
 	assert.Equal(t, unNilMap(a.Config.NodeMeta), meta)
@@ -1355,7 +1356,8 @@ func TestAgentAntiEntropy_Checks(t *testing.T) {
 			id := services.NodeServices.Node.ID
 			addrs := services.NodeServices.Node.TaggedAddresses
 			meta := services.NodeServices.Node.Meta
-			delete(meta, structs.MetaSegmentKey) // Added later, not in config.
+			delete(meta, structs.MetaSegmentKey)    // Added later, not in config.
+			delete(meta, structs.MetaConsulVersion) // Added later, not in config.
 			assert.Equal(r, a.Config.NodeID, id)
 			assert.Equal(r, a.Config.TaggedAddresses, addrs)
 			assert.Equal(r, unNilMap(a.Config.NodeMeta), meta)
@@ -2016,7 +2018,8 @@ func TestAgentAntiEntropy_NodeInfo(t *testing.T) {
 	addrs := services.NodeServices.Node.TaggedAddresses
 	meta := services.NodeServices.Node.Meta
 	nodeLocality := services.NodeServices.Node.Locality
-	delete(meta, structs.MetaSegmentKey) // Added later, not in config.
+	delete(meta, structs.MetaSegmentKey)    // Added later, not in config.
+	delete(meta, structs.MetaConsulVersion) // Added later, not in config.
 	require.Equal(t, a.Config.NodeID, id)
 	require.Equal(t, a.Config.TaggedAddresses, addrs)
 	require.Equal(t, a.Config.StructLocality(), nodeLocality)
@@ -2041,7 +2044,8 @@ func TestAgentAntiEntropy_NodeInfo(t *testing.T) {
 		addrs := services.NodeServices.Node.TaggedAddresses
 		meta := services.NodeServices.Node.Meta
 		nodeLocality := services.NodeServices.Node.Locality
-		delete(meta, structs.MetaSegmentKey) // Added later, not in config.
+		delete(meta, structs.MetaSegmentKey)    // Added later, not in config.
+		delete(meta, structs.MetaConsulVersion) // Added later, not in config.
 		require.Equal(t, nodeID, id)
 		require.Equal(t, a.Config.TaggedAddresses, addrs)
 		require.Equal(t, a.Config.StructLocality(), nodeLocality)
diff --git a/agent/structs/structs.go b/agent/structs/structs.go
index 59385fa5ba44..096f767a4771 100644
--- a/agent/structs/structs.go
+++ b/agent/structs/structs.go
@@ -220,6 +220,9 @@ const (
 	// WildcardSpecifier is the string which should be used for specifying a wildcard
 	// The exact semantics of the wildcard is left up to the code where its used.
 	WildcardSpecifier = "*"
+
+	// MetaConsulVersion is the node metadata key used to store the node's consul version
+	MetaConsulVersion = "consul-version"
 )
 
 var allowedConsulMetaKeysForMeshGateway = map[string]struct{}{MetaWANFederationKey: {}}
diff --git a/agent/ui_endpoint.go b/agent/ui_endpoint.go
index 3de9eac15568..8f5184969693 100644
--- a/agent/ui_endpoint.go
+++ b/agent/ui_endpoint.go
@@ -13,9 +13,12 @@ import (
 	"strings"
 
 	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/serf/serf"
 
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/config"
+	"github.com/hashicorp/consul/agent/consul"
+	"github.com/hashicorp/consul/agent/metadata"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/logging"
@@ -110,7 +113,18 @@ RPC:
 		return nil, err
 	}
 
+	// Get version info for all serf members into a map of key-address,value-version.
+	// This logic of calling 'AgentMembersMapAddrVer()' and inserting version info in this func
+	// can be discarded in future releases ( may be after 3 or 4 minor releases),
+	// when all the nodes are registered with consul-version in nodemeta.
+	var err error
+	mapAddrVer, err := AgentMembersMapAddrVer(s, req)
+	if err != nil {
+		return nil, err
+	}
+
 	// Use empty list instead of nil
+	// Also check if consul-version exists in Meta, else add it
 	for _, info := range out.Dump {
 		if info.Services == nil {
 			info.Services = make([]*structs.NodeService, 0)
@@ -118,12 +132,24 @@ RPC:
 		if info.Checks == nil {
 			info.Checks = make([]*structs.HealthCheck, 0)
 		}
+		// Check if Node Meta - 'consul-version' already exists by virtue of adding
+		// 'consul-version' during node registration itself.
+		// If not, get it from mapAddrVer.
+		if _, ok := info.Meta[structs.MetaConsulVersion]; !ok {
+			if _, okver := mapAddrVer[info.Address]; okver {
+				if info.Meta == nil {
+					info.Meta = make(map[string]string)
+				}
+				info.Meta[structs.MetaConsulVersion] = mapAddrVer[info.Address]
+			}
+		}
 	}
 	if out.Dump == nil {
 		out.Dump = make(structs.NodeDump, 0)
 	}
 
 	// Use empty list instead of nil
+	// Also check if consul-version exists in Meta, else add it
 	for _, info := range out.ImportedDump {
 		if info.Services == nil {
 			info.Services = make([]*structs.NodeService, 0)
@@ -131,11 +157,60 @@ RPC:
 		if info.Checks == nil {
 			info.Checks = make([]*structs.HealthCheck, 0)
 		}
+		// Check if Node Meta - 'consul-version' already exists by virtue of adding
+		// 'consul-version' during node registration itself.
+		// If not, get it from mapAddrVer.
+		if _, ok := info.Meta[structs.MetaConsulVersion]; !ok {
+			if _, okver := mapAddrVer[info.Address]; okver {
+				if info.Meta == nil {
+					info.Meta = make(map[string]string)
+				}
+				info.Meta[structs.MetaConsulVersion] = mapAddrVer[info.Address]
+			}
+		}
 	}
 
 	return append(out.Dump, out.ImportedDump...), nil
 }
 
+// AgentMembersMapAddrVer is used to get version info from  all serf members into a
+// map of key-address,value-version.
+func AgentMembersMapAddrVer(s *HTTPHandlers, req *http.Request) (map[string]string, error) {
+	var members []serf.Member
+
+	//Get WAN Members
+	wanMembers := s.agent.WANMembers()
+
+	//Get LAN Members
+	//Get the request partition and default to that of the agent.
+	entMeta := s.agent.AgentEnterpriseMeta()
+	if err := s.parseEntMetaPartition(req, entMeta); err != nil {
+		return nil, err
+	}
+	filter := consul.LANMemberFilter{
+		Partition: entMeta.PartitionOrDefault(),
+	}
+	filter.AllSegments = true
+	lanMembers, err := s.agent.delegate.LANMembers(filter)
+	if err != nil {
+		return nil, err
+	}
+
+	//aggregate members
+	members = append(wanMembers, lanMembers...)
+
+	//create a map with key as IPv4 address and value as consul-version
+	mapAddrVer := make(map[string]string, len(members))
+	for i := range members {
+		buildVersion, err := metadata.Build(&members[i])
+		if err == nil {
+			mapAddrVer[members[i].Addr.String()] = buildVersion.String()
+		}
+	}
+
+	return mapAddrVer, nil
+}
+
 // UINodeInfo is used to get info on a single node in a given datacenter. We return a
 // NodeInfo which provides overview information for the node
 func (s *HTTPHandlers) UINodeInfo(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
@@ -172,6 +247,16 @@ RPC:
 		return nil, err
 	}
 
+	// Get version info for all serf members into a map of key-address,value-version.
+	// This logic of calling 'AgentMembersMapAddrVer()' and inserting version info in this func
+	// can be discarded in future releases ( may be after 3 or 4 minor releases),
+	// when all the nodes are registered with consul-version in nodemeta.
+	var err error
+	mapAddrVer, err := AgentMembersMapAddrVer(s, req)
+	if err != nil {
+		return nil, err
+	}
+
 	// Return only the first entry
 	if len(out.Dump) > 0 {
 		info := out.Dump[0]
@@ -181,6 +266,17 @@ RPC:
 		if info.Checks == nil {
 			info.Checks = make([]*structs.HealthCheck, 0)
 		}
+		// Check if Node Meta - 'consul-version' already exists by virtue of adding
+		// 'consul-version' during node registration itself.
+		// If not, get it from mapAddrVer.
+		if _, ok := info.Meta[structs.MetaConsulVersion]; !ok {
+			if _, okver := mapAddrVer[info.Address]; okver {
+				if info.Meta == nil {
+					info.Meta = make(map[string]string)
+				}
+				info.Meta[structs.MetaConsulVersion] = mapAddrVer[info.Address]
+			}
+		}
 		return info, nil
 	}
 
diff --git a/agent/ui_endpoint_test.go b/agent/ui_endpoint_test.go
index 5fc2e06d3485..f6810db801d6 100644
--- a/agent/ui_endpoint_test.go
+++ b/agent/ui_endpoint_test.go
@@ -162,6 +162,9 @@ func TestUINodes(t *testing.T) {
 	require.Len(t, nodes[2].Services, 0)
 	require.NotNil(t, nodes[1].Checks)
 	require.Len(t, nodes[2].Services, 0)
+
+	// check for consul-version in node meta
+	require.Equal(t, nodes[0].Meta[structs.MetaConsulVersion], a.Config.Version)
 }
 
 func TestUINodes_Filter(t *testing.T) {
@@ -260,6 +263,9 @@ func TestUINodeInfo(t *testing.T) {
 		node.Checks == nil || len(node.Checks) != 0 {
 		t.Fatalf("bad: %v", node)
 	}
+
+	// check for consul-version in node meta
+	require.Equal(t, node.Meta[structs.MetaConsulVersion], a.Config.Version)
 }
 
 func TestUIServices(t *testing.T) {
diff --git a/api/catalog_test.go b/api/catalog_test.go
index 6226691353f2..2b0a4097b332 100644
--- a/api/catalog_test.go
+++ b/api/catalog_test.go
@@ -65,6 +65,7 @@ func TestAPI_CatalogNodes(t *testing.T) {
 			},
 			Meta: map[string]string{
 				"consul-network-segment": "",
+				"consul-version":         s.Config.Version,
 			},
 		}
 		require.Equal(r, want, got)
diff --git a/api/txn_test.go b/api/txn_test.go
index 975f3e38163b..ea454976daea 100644
--- a/api/txn_test.go
+++ b/api/txn_test.go
@@ -361,7 +361,10 @@ func TestAPI_ClientTxn(t *testing.T) {
 						"wan":      s.Config.Bind,
 						"wan_ipv4": s.Config.Bind,
 					},
-					Meta:        map[string]string{"consul-network-segment": ""},
+					Meta: map[string]string{
+						"consul-network-segment": "",
+						"consul-version":         s.Config.Version,
+					},
 					CreateIndex: ret.Results[1].Node.CreateIndex,
 					ModifyIndex: ret.Results[1].Node.ModifyIndex,
 				},
diff --git a/sdk/testutil/server.go b/sdk/testutil/server.go
index d00850d5e17a..a20f95123aab 100644
--- a/sdk/testutil/server.go
+++ b/sdk/testutil/server.go
@@ -130,6 +130,7 @@ type TestServerConfig struct {
 	Args                []string               `json:"-"`
 	ReturnPorts         func()                 `json:"-"`
 	Audit               *TestAuditConfig       `json:"audit,omitempty"`
+	Version             string                 `json:"version,omitempty"`
 }
 
 type TestACLs struct {
@@ -212,6 +213,7 @@ func defaultServerConfig(t TestingTB, consulVersion *version.Version) *TestServe
 		Stdout:  logBuffer,
 		Stderr:  logBuffer,
 		Peering: &TestPeeringConfig{Enabled: true},
+		Version: consulVersion.String(),
 	}
 
 	// Add version-specific tweaks
diff --git a/ui/packages/consul-ui/app/components/consul/node/list/index.hbs b/ui/packages/consul-ui/app/components/consul/node/list/index.hbs
index c1392bd68682..f57d7d5ab052 100644
--- a/ui/packages/consul-ui/app/components/consul/node/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node/list/index.hbs
@@ -50,5 +50,17 @@ as |item index|>
         {{item.Address}}
       </dd>
     </dl>
+    <dl>
+      <dt>
+        <span>ConsulVersion</span>
+      </dt>
+      <dd>
+          {{!-- Displaying consul version from node meta data --}}
+          {{#if item.Meta.consul-version}}
+            <FlightIcon class='w-4 h-4' @size='24' @name='consul-color' @stretched={{true}} />
+            <span>v{{item.Meta.consul-version}}</span>
+          {{/if}}
+      </dd>
+    </dl>
   </BlockSlot>
 </ListCollection>
diff --git a/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs
index 3aa8681812c0..995f9e773bcb 100644
--- a/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs
@@ -19,12 +19,14 @@
       )
   )
 
-  (t (concat "components.consul.node.search-bar." search.status.value)
-      default=(array
-        (concat "common.search." search.status.value)
-        (concat "common.consul." search.status.value)
-        (concat "common.brand." search.status.value)
-      )
+  (if search.status.value 
+    search.status.value 
+    (t (concat "components.consul.node.search-bar." search.status.value)
+        default=(array
+          (concat "common.search." search.status.value)
+          (concat "common.consul." search.status.value)
+          (concat "common.brand." search.status.value)
+        ))
   )
 
 as |key value|}}
@@ -95,6 +97,27 @@ as |key value|}}
   {{/let}}
         </BlockSlot>
       </search.Select>
+      <search.Select
+        class="type-version"
+        @position="left"
+        @onchange={{action @filter.version.change}}
+        @multiple={{true}}
+      as |components|>
+        <BlockSlot @name="selected">
+          <span>
+            {{t "common.consul.version"}}
+          </span>
+        </BlockSlot>
+        <BlockSlot @name="options">
+        {{#let components.Optgroup components.Option as |Optgroup Option|}}
+        {{#each @versions as |version|}}
+          <Option @value={{version}} @selected={{includes version @filter.version.value}}>
+            {{concat version ".x" }}
+          </Option>
+        {{/each}}
+        {{/let}}
+        </BlockSlot>
+      </search.Select>
     </:filter>
     <:sort as |search|>
       <search.Select
@@ -112,6 +135,8 @@ as |key value|}}
                   (array "Node:desc" (t "common.sort.alpha.desc"))
                   (array "Status:asc" (t "common.sort.status.asc"))
                   (array "Status:desc" (t "common.sort.status.desc"))
+                  (array "Version:asc" (t "common.sort.version.asc"))
+                  (array "Version:desc" (t "common.sort.version.desc"))
                 ))
               as |selectable|
             }}
@@ -129,6 +154,10 @@ as |key value|}}
             <Option @value="Node:asc" @selected={{eq "Node:asc" @sort.value}}>{{t "common.sort.alpha.asc"}}</Option>
             <Option @value="Node:desc" @selected={{eq "Node:desc" @sort.value}}>{{t "common.sort.alpha.desc"}}</Option>
           </Optgroup>
+          <Optgroup @label={{t "common.consul.version"}}>
+            <Option @value="Version:asc" @selected={{eq "Version:asc" @sort.value}}>{{t "common.sort.version.asc"}}</Option>
+            <Option @value="Version:desc" @selected={{eq "Version:desc" @sort.value}}>{{t "common.sort.version.desc"}}</Option>
+          </Optgroup>
   {{/let}}
         </BlockSlot>
       </search.Select>
diff --git a/ui/packages/consul-ui/app/filter/predicates/node.js b/ui/packages/consul-ui/app/filter/predicates/node.js
index b5c752ab9bea..4927078bf988 100644
--- a/ui/packages/consul-ui/app/filter/predicates/node.js
+++ b/ui/packages/consul-ui/app/filter/predicates/node.js
@@ -9,4 +9,12 @@ export default {
     warning: (item, value) => item.Status === value,
     critical: (item, value) => item.Status === value,
   },
+  version: (item, value) => {
+    for (const element of value) {
+      if (item.Version.includes(element + '.')) {
+        return true;
+      }
+    }
+    return false;
+  },
 };
diff --git a/ui/packages/consul-ui/app/models/node.js b/ui/packages/consul-ui/app/models/node.js
index e56f3e1fff86..b95ec283050a 100644
--- a/ui/packages/consul-ui/app/models/node.js
+++ b/ui/packages/consul-ui/app/models/node.js
@@ -67,4 +67,9 @@ export default class Node extends Model {
   get ChecksWarning() {
     return this.NodeChecks.filter((item) => item.Status === 'warning').length;
   }
+
+  @computed('Meta')
+  get Version() {
+    return this.Meta?.['consul-version'] ?? '';
+  }
 }
diff --git a/ui/packages/consul-ui/app/serializers/application.js b/ui/packages/consul-ui/app/serializers/application.js
index 2e6bac137b27..d9e58b0ab0bb 100644
--- a/ui/packages/consul-ui/app/serializers/application.js
+++ b/ui/packages/consul-ui/app/serializers/application.js
@@ -156,6 +156,10 @@ export default class ApplicationSerializer extends Serializer {
     // ember-data methods so we have the opportunity to do this on a per-model
     // level
     const meta = this.normalizeMeta(store, modelClass, normalizedPayload, id, requestType);
+    // get distinct consul versions from list and add it as meta
+    if (modelClass.modelName === 'node' && requestType === 'query') {
+      meta.versions = this.getDistinctConsulVersions(normalizedPayload);
+    }
     if (requestType !== 'query') {
       normalizedPayload.meta = meta;
     }
@@ -215,4 +219,45 @@ export default class ApplicationSerializer extends Serializer {
   normalizePayload(payload, id, requestType) {
     return payload;
   }
+
+  // getDistinctConsulVersions will be called only for nodes and query request type
+  // the list of versions is to be added as meta to resp, without changing original response structure
+  // hence this function is added in application.js
+  getDistinctConsulVersions(payload) {
+    // create a Set and add version with only major.minor : ex-1.24.6 as 1.24
+    let versionSet = new Set();
+    payload.forEach(function (item) {
+      if (item.Meta && item.Meta['consul-version'] !== '') {
+        const split = item.Meta['consul-version'].split('.');
+        versionSet.add(split[0] + '.' + split[1]);
+      }
+    });
+
+    const versionArray = Array.from(versionSet);
+
+    // Sort the array in descending order using a custom comparison function
+    versionArray.sort((a, b) => {
+      // Split the versions into arrays of numbers
+      const versionA = a.split('.').map((part) => {
+        const number = Number(part);
+        return isNaN(number) ? 0 : number;
+      });
+      const versionB = b.split('.').map((part) => {
+        const number = Number(part);
+        return isNaN(number) ? 0 : number;
+      });
+
+      const minLength = Math.min(versionA.length, versionB.length);
+
+      // start with comparing major version num, if equal then compare minor
+      for (let i = 0; i < minLength; i++) {
+        if (versionA[i] !== versionB[i]) {
+          return versionB[i] - versionA[i];
+        }
+      }
+      return versionB.length - versionA.length;
+    });
+
+    return versionArray; //sorted array
+  }
 }
diff --git a/ui/packages/consul-ui/app/sort/comparators/node.js b/ui/packages/consul-ui/app/sort/comparators/node.js
index c584456e3e87..fb70550750ea 100644
--- a/ui/packages/consul-ui/app/sort/comparators/node.js
+++ b/ui/packages/consul-ui/app/sort/comparators/node.js
@@ -38,6 +38,43 @@ export default ({ properties }) =>
             return 0;
         }
       };
+    } else if (key.startsWith('Version:')) {
+      return function (itemA, itemB) {
+        const [, dir] = key.split(':');
+        let a, b;
+        if (dir === 'asc') {
+          a = itemA;
+          b = itemB;
+        } else {
+          b = itemA;
+          a = itemB;
+        }
+
+        // Split the versions into arrays of numbers
+        const versionA = a.Version.split('.').map((part) => {
+          const number = Number(part);
+          return isNaN(number) ? 0 : number;
+        });
+        const versionB = b.Version.split('.').map((part) => {
+          const number = Number(part);
+          return isNaN(number) ? 0 : number;
+        });
+
+        const minLength = Math.min(versionA.length, versionB.length);
+
+        for (let i = 0; i < minLength; i++) {
+          const diff = versionA[i] - versionB[i];
+          switch (true) {
+            case diff > 0:
+              return 1;
+            case diff < 0:
+              return -1;
+          }
+        }
+
+        return versionA.length - versionB.length;
+      };
     }
+
     return properties(['Node'])(key);
   };
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs
index 4d0eb2e3abea..56f7676c4924 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs
@@ -40,10 +40,15 @@
               change=(action (mut searchproperty) value='target.selectedItems')
               default=this._searchProperties
             )
+            version=(hash 
+              value=(if this.version (split this.version ',') undefined)
+              change=(action (mut this.version) value='target.selectedItems')
+            )
           )
           api.data
           leader.data
-          as |sort filters items leader|
+          api.data.meta.versions
+          as |sort filters items leader versions|
         }}
           {{#let (reject-by 'Meta.synthetic-node' items) as |filtered|}}
             <AppView>
@@ -61,6 +66,7 @@
                     @onsearch={{action (mut search) value='target.value'}}
                     @sort={{sort}}
                     @filter={{filters}}
+                    @versions={{versions}}
                   />
                 {{/if}}
               </BlockSlot>
diff --git a/ui/packages/consul-ui/mock-api/v1/internal/ui/node/_ b/ui/packages/consul-ui/mock-api/v1/internal/ui/node/_
index 27afd9c8ef4d..2adf163f7217 100644
--- a/ui/packages/consul-ui/mock-api/v1/internal/ui/node/_
+++ b/ui/packages/consul-ui/mock-api/v1/internal/ui/node/_
@@ -30,6 +30,7 @@ return `
   "TaggedAddresses":{"lan":"${ip}","wan":"${ip}"},
   "Meta":{
     "consul-network-segment":"",
+    "consul-version": "${env('CONSUL_VERSION') ? fake.helpers.randomize([env('CONSUL_VERSION'),"1.10.4","1.15.2", "1.17.8","1.7.2","1.12.4", "1.17.2","1.0.9","2.0.2"]) : fake.helpers.randomize(["1.10.4","1.15.2", "1.17.8","1.7.2","1.12.4", "1.17.2","1.0.9","2.0.2"])  }",
     "consul-dashboard-url": "${fake.internet.protocol()}://${fake.internet.domainName()}/?id={{Node}}"
   },
   "Services":[
diff --git a/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes b/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes
index 2740d824a4f6..de64b0bb8eb0 100644
--- a/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes
+++ b/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes
@@ -25,6 +25,7 @@
             },
             "Meta": {
               "consul-network-segment":"",
+              "consul-version": "${env('CONSUL_VERSION') ? fake.helpers.randomize([env('CONSUL_VERSION'),"1.10.4","1.15.2", "1.17.8","1.7.2","1.12.4", "1.17.2","1.0.9","2.0.2"]) : fake.helpers.randomize(["1.10.4","1.15.2", "1.17.8","1.7.2","1.12.4", "1.17.2","1.0.9","2.0.2"])  }",
               "synthetic-node": ${env('CONSUL_AGENTLESS_ENABLED') ? fake.helpers.randomize([true, false, false, false]) : false}
             },
             "Services":[
diff --git a/ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js b/ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js
new file mode 100644
index 000000000000..9b5c5ea75680
--- /dev/null
+++ b/ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js
@@ -0,0 +1,45 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: MPL-2.0
+ */
+
+import comparators from 'consul-ui/sort/comparators/node';
+import { properties } from 'consul-ui/services/sort';
+import { module, test } from 'qunit';
+
+module('Unit | Sort | Comparator | node', function () {
+  const comparator = comparators({ properties });
+  test('items are sorted by a fake Version', function (assert) {
+    const items = [
+      {
+        Version: '2.24.1',
+      },
+      {
+        Version: '1.12.6',
+      },
+      {
+        Version: '2.09.3',
+      },
+    ];
+    const comp = comparator('Version:asc');
+    assert.equal(typeof comp, 'function');
+
+    const expected = [
+      {
+        Version: '1.12.6',
+      },
+      {
+        Version: '2.09.3',
+      },
+      {
+        Version: '2.24.1',
+      },
+    ];
+    let actual = items.sort(comp);
+    assert.deepEqual(actual, expected);
+
+    expected.reverse();
+    actual = items.sort(comparator('Version:desc'));
+    assert.deepEqual(actual, expected);
+  });
+});
diff --git a/ui/packages/consul-ui/translations/common/en-us.yaml b/ui/packages/consul-ui/translations/common/en-us.yaml
index fc7f542fef39..b0dc3bffeeda 100644
--- a/ui/packages/consul-ui/translations/common/en-us.yaml
+++ b/ui/packages/consul-ui/translations/common/en-us.yaml
@@ -53,6 +53,7 @@ consul:
   redundancyzone: Redundancy zone
   peername: Peer
   partition: Admin Partitions
+  version: Version
 search:
   search: Search
   searchproperty: Search Across
@@ -77,6 +78,9 @@ sort:
   status:
     asc: Unhealthy to Healthy
     desc: Healthy to Unhealthy
+  version:
+    asc: Oldest to Latest
+    desc: Latest to Oldest
 validations:
   dns-hostname:
     help: |
diff --git a/ui/packages/consul-ui/vendor/consul-ui/routes.js b/ui/packages/consul-ui/vendor/consul-ui/routes.js
index 79aadcd6ad6a..ec25fb0a2428 100644
--- a/ui/packages/consul-ui/vendor/consul-ui/routes.js
+++ b/ui/packages/consul-ui/vendor/consul-ui/routes.js
@@ -218,6 +218,7 @@
             queryParams: {
               sortBy: 'sort',
               status: 'status',
+              version: 'version',
               searchproperty: {
                 as: 'searchproperty',
                 empty: [['Node', 'Address', 'Meta', 'PeerName']],

From d1f5d9b90535e9f348ba42c2e1bb8866667d15be Mon Sep 17 00:00:00 2001
From: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>
Date: Wed, 12 Jul 2023 16:43:22 -0500
Subject: [PATCH 160/359] api gw 1.16 updates (#18081)

* api gw 1.16 updates

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* update CodeBlockConfig filename

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* remove non-standard intentions page

* Update website/content/docs/api-gateway/configuration/index.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 .../docs/api-gateway/configuration/gateway.mdx  |  3 +--
 .../docs/api-gateway/configuration/index.mdx    |  3 ++-
 .../docs/api-gateway/configuration/routes.mdx   |  4 ++--
 website/content/docs/api-gateway/install.mdx    |  2 ++
 .../content/docs/api-gateway/usage/usage.mdx    | 17 ++++++-----------
 5 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/website/content/docs/api-gateway/configuration/gateway.mdx b/website/content/docs/api-gateway/configuration/gateway.mdx
index fdbe468ba826..3c2a1f6fd6a6 100644
--- a/website/content/docs/api-gateway/configuration/gateway.mdx
+++ b/website/content/docs/api-gateway/configuration/gateway.mdx
@@ -26,7 +26,6 @@ Specify the following parameters to declare a `Gateway`:
 | `fields`      | Specifies the configurations for the Gateway. The fields are listed in the [configuration model](#configuration-model). Details for each field are described in the [specification](#specification). | Required |
 
 
-
 ## Configuration model
 
 The following outline shows how to format the configurations in the `Gateway` object. Click on a property name to view details about the configuration.
@@ -196,7 +195,7 @@ The following example creates a `Gateway` named `example-gateway` in namespace `
     name: example-gateway
     namespace: gateway-namespace
   spec:
-    gatewayClassName: consul-api-gateway
+    gatewayClassName: consul
     listeners:
     - protocol: HTTPS
       port: 443
diff --git a/website/content/docs/api-gateway/configuration/index.mdx b/website/content/docs/api-gateway/configuration/index.mdx
index b2d0b19a52d3..06875ebd4b35 100644
--- a/website/content/docs/api-gateway/configuration/index.mdx
+++ b/website/content/docs/api-gateway/configuration/index.mdx
@@ -13,8 +13,9 @@ This topic provides an overview of the configuration items that enable Consul AP
 - [GatewayClass](/consul/docs/api-gateway/configuration/gatewayclass) defines a class of gateway resources that you can use as a template for creating gateways.
 - [GatewayClassConfig](/consul/docs/api-gateway/configuration/gatewayclassconfig) describes additional Consul API Gateway-related configuration parameters for the GatewayClass resource.
 - [Routes](/consul/docs/api-gateway/configuration/routes) specifies the path from the gateway to the backend service(s) client to the listener.
+- [Intentions](/consul/docs/connect/config-entries/service-intentions) specify traffic communication rules between services in the mesh. Intentions also enforce rules for service-to-service traffic routed through a Consul API gateway.
 
-You can create a basic Gateway object using the default [`gatewayClassName`](/consul/docs/api-gateway/configuration/gateway#gatewayclassname) (`consul-api-gateway`). If you want to create custom Gateways suitable for your environment, complete the following steps:
+You can create a basic Gateway object using the default [`gatewayClassName`](/consul/docs/api-gateway/configuration/gateway#gatewayclassname) (`consul`). If you want to create custom Gateways suitable for your environment, complete the following steps:
 
 1. Define a [GatewayClassConfig](/consul/docs/api-gateway/configuration/gatewayclassconfig) that contains your custom configurations.
 1. Define a [GatewayClass](/consul/docs/api-gateway/configuration/gatewayclass) and configure the [`parametersRef.name`](/consul/docs/api-gateway/configuration/gatewayclass#parametersref-name) to reference the name of your [GatewayClassConfig](/consul/docs/api-gateway/configuration/gatewayclassconfig).
diff --git a/website/content/docs/api-gateway/configuration/routes.mdx b/website/content/docs/api-gateway/configuration/routes.mdx
index 27b520340248..973ebed0251b 100644
--- a/website/content/docs/api-gateway/configuration/routes.mdx
+++ b/website/content/docs/api-gateway/configuration/routes.mdx
@@ -22,7 +22,7 @@ The following example creates a route named `example-route` associated with a li
 <CodeBlockConfig filename="routes.yaml">
 
   ```yaml
-  apiVersion: gateway.networking.k8s.io/v1alpha2
+  apiVersion: gateway.networking.k8s.io/v1beta1
   kind: HTTPRoute
   metadata:
     name: example-route
@@ -132,7 +132,7 @@ The following example creates a route named `example-route` in namespace `gatewa
 <CodeBlockConfig filename="route_with_referencegrant.yaml">
 
   ```yaml
-  apiVersion: gateway.networking.k8s.io/v1alpha2
+  apiVersion: gateway.networking.k8s.io/v1beta1
   kind: HTTPRoute
   metadata:
     name: example-route
diff --git a/website/content/docs/api-gateway/install.mdx b/website/content/docs/api-gateway/install.mdx
index dff25ee3350d..3dc4ca7289ab 100644
--- a/website/content/docs/api-gateway/install.mdx
+++ b/website/content/docs/api-gateway/install.mdx
@@ -18,6 +18,8 @@ The Consul API gateway ships with Consul and is automatically installed when you
       name: consul
     connectInject:
       enabled: true
+      apiGateway:
+        manageExternalCRDs: true
     ```
 
     </CodeBlockConfig>
diff --git a/website/content/docs/api-gateway/usage/usage.mdx b/website/content/docs/api-gateway/usage/usage.mdx
index e815d21c5fda..cee7b0a7205e 100644
--- a/website/content/docs/api-gateway/usage/usage.mdx
+++ b/website/content/docs/api-gateway/usage/usage.mdx
@@ -14,28 +14,23 @@ This topic describes how to use Consul API Gateway.
 Complete the following steps to use Consul API Gateway in your network.
 
 1. Verify that the [requirements](/consul/docs/api-gateway/tech-specs) have been met.
-1. Verify that the Consul API Gateway CRDs and controller have been installed and applied. Refer to [Installation](/consul/docs/api-gateway/install) for details.
+1. Verify that the Consul API Gateway CRDs were applied. Refer to [Installation](/consul/docs/api-gateway/install) for details.
 
 ## Configuration
 
-Configure your [`Gateway`](/consul/docs/api-gateway/configuration/gateway) and [`Routes`](/consul/docs/api-gateway/configuration/routes) as described in [Consul API Gateway Configuration](/consul/docs/api-gateway/configuration).
+Configure the following resources for your environment as described in [Consul API Gateway Configuration](/consul/docs/api-gateway/configuration).
 
-  <CodeBlockConfig hideClipboard filename="values.yaml">
+1. [`Gateway`](/consul/docs/api-gateway/configuration/gateway) 
+1. [`Routes`](/consul/docs/api-gateway/configuration/routes)
+1. [`Intentions`](/consul/docs/connect/config-entries/service-intentions)
 
-  ```yaml
-    apiGateway:
-      enabled: true
-      managedGatewayClass:
-  ```
-
-  </CodeBlockConfig>
 
 ## Apply configurations
 
 Issue the `kubectl apply` command to implement the configurations:
 
 ```shell-session
-$ kubectl apply -f gateway.yaml routes.yaml
+$ kubectl apply -f gateway.yaml routes.yaml intentions.yaml
 ```
 
 

From 3b3aa1f26064eb00cfee21340b0df54f860ab1d5 Mon Sep 17 00:00:00 2001
From: Dan Bond <danbond@protonmail.com>
Date: Wed, 12 Jul 2023 16:10:34 -0700
Subject: [PATCH 161/359] [NET-4103] ci: build s390x (#18067)

* ci: build s390x

* ci: test s390x

* ci: dev build s390x

* no GOOS

* ent only

* build: publish s390x

* fix syntax error

* fix syntax error again

* fix syntax error again x2

* test branch

* Move s390x conditionals to step level

* remove test branch

---------

Co-authored-by: emilymianeil <eneil@hashicorp.com>
---
 .github/workflows/build-distros.yml      |  48 +++++---
 .github/workflows/build.yml              |  59 ++++++++-
 .github/workflows/go-tests.yml           | 145 ++++++++++++++---------
 .github/workflows/reusable-dev-build.yml |   2 +-
 4 files changed, 182 insertions(+), 72 deletions(-)

diff --git a/.github/workflows/build-distros.yml b/.github/workflows/build-distros.yml
index 8b88345d2ee2..10c520893341 100644
--- a/.github/workflows/build-distros.yml
+++ b/.github/workflows/build-distros.yml
@@ -2,7 +2,7 @@
 # It is aimed at checking new commits don't introduce any breaking build changes.
 name: build-distros
 
-on: 
+on:
   pull_request:
   push:
     branches:
@@ -33,7 +33,7 @@ jobs:
       run: ./.github/scripts/get_runner_classes.sh
 
   check-go-mod:
-    needs: 
+    needs:
     - setup
     uses: ./.github/workflows/reusable-check-go-mod.yml
     with:
@@ -43,8 +43,8 @@ jobs:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
 
   build-386:
-    needs: 
-    - setup 
+    needs:
+    - setup
     - check-go-mod
     env:
       XC_OS: "freebsd linux windows"
@@ -56,7 +56,7 @@ jobs:
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-      
+
     - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
@@ -68,7 +68,7 @@ jobs:
 
   build-amd64:
     needs:
-    - setup 
+    - setup
     - check-go-mod
     env:
       XC_OS: "darwin freebsd linux solaris windows"
@@ -80,7 +80,7 @@ jobs:
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-      
+
     - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
@@ -92,7 +92,7 @@ jobs:
 
   build-arm:
     needs:
-    - setup 
+    - setup
     - check-go-mod
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     env:
@@ -105,7 +105,7 @@ jobs:
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-      
+
 
     - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
@@ -117,6 +117,26 @@ jobs:
     - run: CC=arm-linux-gnueabihf-gcc GOARCH=arm GOARM=6 go build -tags "${{ env.GOTAGS }}"
     - run: CC=aarch64-linux-gnu-gcc GOARCH=arm64 go build -tags "${{ env.GOTAGS }}"
 
+
+  build-s390x:
+    if: ${{ endsWith(github.repository, '-enterprise') }}
+    needs:
+    - setup
+    - check-go-mod
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    steps:
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+    # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
+    - name: Setup Git
+      run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
+
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+      with:
+        go-version-file: 'go.mod'
+    - name: Build
+      run: GOOS=linux GOARCH=s390x CGO_ENABLED=0 go build -tags "${{ env.GOTAGS }}"
+
   # This is job is required for branch protection as a required gihub check
   # because GitHub actions show up as checks at the job level and not the
   # workflow level.  This is currently a feature request:
@@ -126,18 +146,18 @@ jobs:
   # - be placed after the fanout of a workflow so that everything fans back in
   #   to this job.
   # - "need" any job that is part of the fan out / fan in
-  # - implement the if logic because we have conditional jobs 
-  #   (go-test-enteprise) that this job needs and this would potentially get 
-  #   skipped if a previous job got skipped.  So we use the if clause to make 
+  # - implement the if logic because we have conditional jobs
+  #   (go-test-enteprise) that this job needs and this would potentially get
+  #   skipped if a previous job got skipped.  So we use the if clause to make
   # sure it does not get skipped.
-
   build-distros-success:
-    needs: 
+    needs:
     - setup
     - check-go-mod
     - build-386
     - build-amd64
     - build-arm
+    - build-s390x
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     if: ${{ always() }}
     steps:
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9186f12bfe25..c788a1536c25 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -57,6 +57,7 @@ jobs:
           echo "Product Date: ${{ needs.set-product-version.outputs.product-date }}"
           echo "Prerelease Version: ${{ needs.set-product-version.outputs.pre-version }}"
           echo "Ldflags: ${{ needs.set-product-version.outputs.shared-ldflags }}"
+
   generate-metadata-file:
     needs: set-product-version
     runs-on: ubuntu-latest
@@ -173,6 +174,57 @@ jobs:
           name: ${{ env.DEB_PACKAGE }}
           path: out/${{ env.DEB_PACKAGE }}
 
+  build-s390x:
+    needs: set-product-version
+    if: ${{ endsWith(github.repository, '-enterprise') }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - {go: "1.20.4", goos: "linux", goarch: "s390x"}
+      fail-fast: true
+
+    name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+      - name: Setup with node and yarn
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        with:
+          node-version: '14'
+          cache: 'yarn'
+          cache-dependency-path: 'ui/yarn.lock'
+
+      - name: Build UI
+        run: |
+          CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }}
+          CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }}
+          CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE}
+          CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD)
+          echo "consul_version is ${CONSUL_VERSION}"
+          echo "consul_date is ${CONSUL_DATE}"
+          echo "consul binary type is ${CONSUL_BINARY_TYPE}"
+          echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}"
+          cd ui && make && cd ..
+          rm -rf agent/uiserver/dist
+          mv ui/packages/consul-ui/dist agent/uiserver/
+      - name: Go Build
+        env:
+          PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }}
+          PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }}
+          CGO_ENABLED: "0"
+          GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}"
+        uses: hashicorp/actions-go-build@v0.1.7
+        with:
+          product_name: ${{ env.PKG_NAME }}
+          product_version: ${{ needs.set-product-version.outputs.product-version }}
+          go_version: ${{ matrix.go }}
+          os: ${{ matrix.goos }}
+          arch: ${{ matrix.goarch }}
+          reproducible: report
+          instructions: |-
+            go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false
+
   build-darwin:
     needs: set-product-version
     runs-on: macos-latest
@@ -186,7 +238,7 @@ jobs:
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
     steps:
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-          
+
       - name: Setup with node and yarn
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
@@ -319,7 +371,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        arch: ["386", "amd64", "arm", "arm64"]
+        arch: ["386", "amd64", "arm", "arm64", "s390x"]
       fail-fast: true
     env:
       version: ${{ needs.set-product-version.outputs.product-version }}
@@ -328,8 +380,10 @@ jobs:
     name: Verify ${{ matrix.arch }} linux binary
     steps:
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
 
       - name: Download ${{ matrix.arch  }} zip
+        if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: ${{ env.zip_name }}
@@ -342,6 +396,7 @@ jobs:
           platforms: arm,arm64
 
       - name: Run verification for ${{ matrix.arch }} binary
+        if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
         run: .github/scripts/verify_artifact.sh ${{ env.zip_name }} v${{ env.version }}
 
   verify-darwin:
diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 831271f6f832..9baf90c505ed 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -1,6 +1,6 @@
 name: go-tests
 
-on: 
+on:
   pull_request:
     branches-ignore:
       - stable-website
@@ -15,7 +15,7 @@ on:
       # Push events on the main branch
       - main
       - release/**
-  
+
 permissions:
   contents: read
 
@@ -39,7 +39,7 @@ jobs:
       run: ./.github/scripts/get_runner_classes.sh
 
   check-go-mod:
-    needs: 
+    needs:
     - setup
     uses: ./.github/workflows/reusable-check-go-mod.yml
     with:
@@ -49,8 +49,8 @@ jobs:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
 
   check-generated-protobuf:
-    needs: 
-    - setup   
+    needs:
+    - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-medium) }}
     steps:
     - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
@@ -75,10 +75,10 @@ jobs:
       name: "Protobuf Lint"
     - name: Notify Slack
       if: ${{ failure() }}
-      run: .github/scripts/notify_slack.sh 
+      run: .github/scripts/notify_slack.sh
   check-generated-deep-copy:
-    needs: 
-    - setup   
+    needs:
+    - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     steps:
     - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
@@ -100,8 +100,8 @@ jobs:
       run: .github/scripts/notify_slack.sh
 
   lint-enums:
-    needs: 
-    - setup   
+    needs:
+    - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     steps:
     - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
@@ -112,7 +112,7 @@ jobs:
     - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version-file: 'go.mod'
-    - run: go install github.com/reillywatson/enumcover/cmd/enumcover@master && enumcover ./...   
+    - run: go install github.com/reillywatson/enumcover/cmd/enumcover@master && enumcover ./...
     - name: Notify Slack
       if: ${{ failure() }}
       run: .github/scripts/notify_slack.sh
@@ -135,8 +135,8 @@ jobs:
       run: .github/scripts/notify_slack.sh
 
   lint-consul-retry:
-    needs: 
-    - setup   
+    needs:
+    - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     steps:
     - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
@@ -153,8 +153,8 @@ jobs:
       run: .github/scripts/notify_slack.sh
 
   lint:
-    needs: 
-    - setup   
+    needs:
+    - setup
     uses: ./.github/workflows/reusable-lint.yml
     with:
       runs-on: ${{ needs.setup.outputs.compute-xl }}
@@ -163,8 +163,8 @@ jobs:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
 
   lint-32bit:
-    needs: 
-    - setup   
+    needs:
+    - setup
     uses: ./.github/workflows/reusable-lint.yml
     with:
       go-arch: "386"
@@ -175,20 +175,33 @@ jobs:
 
   # create a development build
   dev-build:
-    needs: 
-    - setup   
+    needs:
+    - setup
     uses: ./.github/workflows/reusable-dev-build.yml
-    with: 
+    with:
       runs-on: ${{ needs.setup.outputs.compute-xl }}
       repository-name: ${{ github.repository }}
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
 
+  dev-build-s390x:
+    if: ${{ endsWith(github.repository, '-enterprise') }}
+    needs:
+    - setup
+    uses: ./.github/workflows/reusable-dev-build.yml
+    with:
+      uploaded-binary-name: 'consul-bin-s390x'
+      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      go-arch: "s390x"
+      repository-name: ${{ github.repository }}
+    secrets:
+      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+
   # dev-build-arm64:
   #   # only run on enterprise because GHA does not have arm64 runners in OSS
   #   if: ${{ endsWith(github.repository, '-enterprise') }}
-  #   needs: 
-  #   - setup   
+  #   needs:
+  #   - setup
   #   uses: ./.github/workflows/reusable-dev-build.yml
   #   with:
   #     uploaded-binary-name: 'consul-bin-arm64'
@@ -201,8 +214,8 @@ jobs:
   # go-test-arm64:
   #   # only run on enterprise because GHA does not have arm64 runners in OSS
   #   if: ${{ endsWith(github.repository, '-enterprise') }}
-  #   needs: 
-  #   - setup   
+  #   needs:
+  #   - setup
   #   - dev-build-arm64
   #   uses: ./.github/workflows/reusable-unit-split.yml
   #   with:
@@ -218,8 +231,8 @@ jobs:
   #     datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
 
   go-test-oss:
-    needs: 
-    - setup   
+    needs:
+    - setup
     - dev-build
     uses: ./.github/workflows/reusable-unit-split.yml
     with:
@@ -230,7 +243,7 @@ jobs:
       go-tags: ""
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read    
+      contents: read
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       consul-license: ${{secrets.CONSUL_LICENSE}}
@@ -238,8 +251,8 @@ jobs:
 
   go-test-enterprise:
     if: ${{ endsWith(github.repository, '-enterprise') }}
-    needs: 
-    - setup   
+    needs:
+    - setup
     - dev-build
     uses: ./.github/workflows/reusable-unit-split.yml
     with:
@@ -250,15 +263,15 @@ jobs:
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read    
+      contents: read
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       consul-license: ${{secrets.CONSUL_LICENSE}}
       datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
 
   go-test-race:
-    needs: 
-    - setup   
+    needs:
+    - setup
     - dev-build
     uses: ./.github/workflows/reusable-unit.yml
     with:
@@ -270,15 +283,15 @@ jobs:
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read    
+      contents: read
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       consul-license: ${{secrets.CONSUL_LICENSE}}
       datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
 
   go-test-32bit:
-    needs: 
-    - setup   
+    needs:
+    - setup
     - dev-build
     uses: ./.github/workflows/reusable-unit.yml
     with:
@@ -290,7 +303,28 @@ jobs:
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read    
+      contents: read
+    secrets:
+      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+      consul-license: ${{secrets.CONSUL_LICENSE}}
+      datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
+
+  go-test-s390x:
+    if: ${{ endsWith(github.repository, '-enterprise') }}
+    needs:
+    - setup
+    - dev-build-s390x
+    uses: ./.github/workflows/reusable-unit.yml
+    with:
+      uploaded-binary-name: 'consul-bin-s390x'
+      directory: .
+      go-test-flags: 'export GO_TEST_FLAGS="-short"'
+      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      repository-name: ${{ github.repository }}
+      go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
+    permissions:
+      id-token: write # NOTE: this permission is explicitly required for Vault auth.
+      contents: read
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       consul-license: ${{secrets.CONSUL_LICENSE}}
@@ -308,7 +342,7 @@ jobs:
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read    
+      contents: read
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       consul-license: ${{secrets.CONSUL_LICENSE}}
@@ -326,15 +360,15 @@ jobs:
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read    
+      contents: read
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       consul-license: ${{secrets.CONSUL_LICENSE}}
       datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
 
   go-test-api-1-19:
-    needs: 
-    - setup   
+    needs:
+    - setup
     - dev-build
     uses: ./.github/workflows/reusable-unit.yml
     with:
@@ -344,15 +378,15 @@ jobs:
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read    
+      contents: read
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       consul-license: ${{secrets.CONSUL_LICENSE}}
       datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
 
   go-test-api-1-20:
-    needs: 
-    - setup   
+    needs:
+    - setup
     - dev-build
     uses: ./.github/workflows/reusable-unit.yml
     with:
@@ -362,15 +396,15 @@ jobs:
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read    
+      contents: read
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       consul-license: ${{secrets.CONSUL_LICENSE}}
       datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
 
   go-test-sdk-1-19:
-    needs: 
-    - setup   
+    needs:
+    - setup
     - dev-build
     uses: ./.github/workflows/reusable-unit.yml
     with:
@@ -380,15 +414,15 @@ jobs:
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read    
+      contents: read
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       consul-license: ${{secrets.CONSUL_LICENSE}}
       datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
 
   go-test-sdk-1-20:
-    needs: 
-    - setup   
+    needs:
+    - setup
     - dev-build
     uses: ./.github/workflows/reusable-unit.yml
     with:
@@ -398,7 +432,7 @@ jobs:
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read    
+      contents: read
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       consul-license: ${{secrets.CONSUL_LICENSE}}
@@ -418,13 +452,13 @@ jobs:
   # - be placed after the fanout of a workflow so that everything fans back in
   #   to this job.
   # - "need" any job that is part of the fan out / fan in
-  # - implement the if logic because we have conditional jobs 
-  #   (go-test-enteprise) that this job needs and this would potentially get 
-  #   skipped if a previous job got skipped.  So we use the if clause to make 
+  # - implement the if logic because we have conditional jobs
+  #   (go-test-enteprise) that this job needs and this would potentially get
+  #   skipped if a previous job got skipped.  So we use the if clause to make
   # sure it does not get skipped.
 
   go-tests-success:
-    needs: 
+    needs:
     - setup
     - check-generated-deep-copy
     - check-generated-protobuf
@@ -436,7 +470,7 @@ jobs:
     - lint-32bit
     # - go-test-arm64
     - go-test-enterprise
-    - go-test-oss 
+    - go-test-oss
     - go-test-race
     - go-test-envoyextensions
     - go-test-troubleshoot
@@ -445,6 +479,7 @@ jobs:
     - go-test-sdk-1-19
     - go-test-sdk-1-20
     - go-test-32bit
+    - go-test-s390x
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     if: ${{ always() }}
     steps:
diff --git a/.github/workflows/reusable-dev-build.yml b/.github/workflows/reusable-dev-build.yml
index 3ca661398506..2db9670655e4 100644
--- a/.github/workflows/reusable-dev-build.yml
+++ b/.github/workflows/reusable-dev-build.yml
@@ -1,4 +1,4 @@
-name: reusable-dev-build 
+name: reusable-dev-build
 
 on:
   workflow_call:

From efe981637b44d9e154474de2ba5ca6e6ecb4ca8d Mon Sep 17 00:00:00 2001
From: nv-hashi <80716011+nv-hashi@users.noreply.github.com>
Date: Wed, 12 Jul 2023 19:46:16 -0600
Subject: [PATCH 162/359] :ermahgerd "Sevice Mesh" -> "Service Mesh" (#18116)

Just a typo in the docs.
---
 website/content/docs/connect/nomad.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/connect/nomad.mdx b/website/content/docs/connect/nomad.mdx
index cc3a7c9034df..c65f07bc9162 100644
--- a/website/content/docs/connect/nomad.mdx
+++ b/website/content/docs/connect/nomad.mdx
@@ -1,6 +1,6 @@
 ---
 layout: docs
-page_title: Sevice Mesh - Nomad Integration
+page_title: Service Mesh - Nomad Integration
 description: >-
   Consul's service mesh can be applied to provide secure communication between services managed by Nomad's scheduler and orchestrator functions, including Nomad jobs and task groups. Use the guide and reference documentation to learn more.
 ---

From c328ba85bd2bfc934706a651c29e51907280d40a Mon Sep 17 00:00:00 2001
From: Iryna Shustava <ishustava@users.noreply.github.com>
Date: Thu, 13 Jul 2023 13:06:56 -0600
Subject: [PATCH 163/359] Split pbmesh.UpstreamsConfiguration as a resource out
 of pbmesh.Upstreams (#17991)

Configuration that previously was inlined into the Upstreams resource
applies to both explicit and implicit upstreams and so it makes sense to
split it out into its own resource.

It also has other minor changes:
- Renames `proxy.proto` proxy_configuration.proto`
- Changes the type of `Upstream.destination_ref` from `pbresource.ID` to
`pbresource.Reference`
- Adds comments to fields that didn't have them
---
 internal/mesh/exports.go                      |   5 +-
 .../internal/types/proxy_configuration.go     |   2 +-
 internal/mesh/internal/types/types.go         |   1 +
 internal/mesh/internal/types/upstreams.go     |   2 +-
 .../internal/types/upstreams_configuration.go |  32 +
 ...ry.go => proxy_configuration.pb.binary.go} |   2 +-
 ...{proxy.pb.go => proxy_configuration.pb.go} | 432 +++++------
 ...{proxy.proto => proxy_configuration.proto} |   0
 .../pbmesh/v1alpha1/upstreams.pb.binary.go    |  34 +-
 proto-public/pbmesh/v1alpha1/upstreams.pb.go  | 628 ++++------------
 proto-public/pbmesh/v1alpha1/upstreams.proto  |  82 +--
 .../upstreams_configuration.pb.binary.go      |  58 ++
 .../v1alpha1/upstreams_configuration.pb.go    | 682 ++++++++++++++++++
 .../v1alpha1/upstreams_configuration.proto    | 103 +++
 14 files changed, 1278 insertions(+), 785 deletions(-)
 create mode 100644 internal/mesh/internal/types/upstreams_configuration.go
 rename proto-public/pbmesh/v1alpha1/{proxy.pb.binary.go => proxy_configuration.pb.binary.go} (96%)
 rename proto-public/pbmesh/v1alpha1/{proxy.pb.go => proxy_configuration.pb.go} (51%)
 rename proto-public/pbmesh/v1alpha1/{proxy.proto => proxy_configuration.proto} (100%)
 create mode 100644 proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/upstreams_configuration.proto

diff --git a/internal/mesh/exports.go b/internal/mesh/exports.go
index 753c10a7ba93..c73ebdb097f5 100644
--- a/internal/mesh/exports.go
+++ b/internal/mesh/exports.go
@@ -22,8 +22,9 @@ var (
 
 	// Resource Types for the v1alpha1 version.
 
-	ProxyConfigurationV1Alpha1Type = types.ProxyConfigurationV1Alpha1Type
-	UpstreamsV1Alpha1Type          = types.UpstreamsV1Alpha1Type
+	ProxyConfigurationV1Alpha1Type     = types.ProxyConfigurationV1Alpha1Type
+	UpstreamsV1Alpha1Type              = types.UpstreamsV1Alpha1Type
+	UpstreamsConfigurationV1Alpha1Type = types.UpstreamsConfigurationV1Alpha1Type
 )
 
 // RegisterTypes adds all resource types within the "catalog" API group
diff --git a/internal/mesh/internal/types/proxy_configuration.go b/internal/mesh/internal/types/proxy_configuration.go
index 9205dc81b132..3349090b524a 100644
--- a/internal/mesh/internal/types/proxy_configuration.go
+++ b/internal/mesh/internal/types/proxy_configuration.go
@@ -16,7 +16,7 @@ const (
 var (
 	ProxyConfigurationV1Alpha1Type = &pbresource.Type{
 		Group:        GroupName,
-		GroupVersion: CurrentVersion,
+		GroupVersion: VersionV1Alpha1,
 		Kind:         ProxyConfigurationKind,
 	}
 
diff --git a/internal/mesh/internal/types/types.go b/internal/mesh/internal/types/types.go
index 3eeb69bd101c..3a7c6a329ac4 100644
--- a/internal/mesh/internal/types/types.go
+++ b/internal/mesh/internal/types/types.go
@@ -16,4 +16,5 @@ const (
 func Register(r resource.Registry) {
 	RegisterProxyConfiguration(r)
 	RegisterUpstreams(r)
+	RegisterUpstreamsConfiguration(r)
 }
diff --git a/internal/mesh/internal/types/upstreams.go b/internal/mesh/internal/types/upstreams.go
index 54fd14b098d5..8ccb1554593b 100644
--- a/internal/mesh/internal/types/upstreams.go
+++ b/internal/mesh/internal/types/upstreams.go
@@ -16,7 +16,7 @@ const (
 var (
 	UpstreamsV1Alpha1Type = &pbresource.Type{
 		Group:        GroupName,
-		GroupVersion: CurrentVersion,
+		GroupVersion: VersionV1Alpha1,
 		Kind:         UpstreamsKind,
 	}
 
diff --git a/internal/mesh/internal/types/upstreams_configuration.go b/internal/mesh/internal/types/upstreams_configuration.go
new file mode 100644
index 000000000000..0f4db27d96e7
--- /dev/null
+++ b/internal/mesh/internal/types/upstreams_configuration.go
@@ -0,0 +1,32 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package types
+
+import (
+	"github.com/hashicorp/consul/internal/resource"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const (
+	UpstreamsConfigurationKind = "UpstreamsConfiguration"
+)
+
+var (
+	UpstreamsConfigurationV1Alpha1Type = &pbresource.Type{
+		Group:        GroupName,
+		GroupVersion: VersionV1Alpha1,
+		Kind:         UpstreamsConfigurationKind,
+	}
+
+	UpstreamsConfigurationType = UpstreamsConfigurationV1Alpha1Type
+)
+
+func RegisterUpstreamsConfiguration(r resource.Registry) {
+	r.Register(resource.Registration{
+		Type:     UpstreamsConfigurationV1Alpha1Type,
+		Proto:    &pbmesh.UpstreamsConfiguration{},
+		Validate: nil,
+	})
+}
diff --git a/proto-public/pbmesh/v1alpha1/proxy.pb.binary.go b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.binary.go
similarity index 96%
rename from proto-public/pbmesh/v1alpha1/proxy.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/proxy_configuration.pb.binary.go
index f39ae6afec84..5238331fb7f9 100644
--- a/proto-public/pbmesh/v1alpha1/proxy.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.binary.go
@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/proxy.proto
+// source: pbmesh/v1alpha1/proxy_configuration.proto
 
 package meshv1alpha1
 
diff --git a/proto-public/pbmesh/v1alpha1/proxy.pb.go b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
similarity index 51%
rename from proto-public/pbmesh/v1alpha1/proxy.pb.go
rename to proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
index b6ef2edf873b..6ce928b15384 100644
--- a/proto-public/pbmesh/v1alpha1/proxy.pb.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
@@ -5,7 +5,7 @@
 // versions:
 // 	protoc-gen-go v1.30.0
 // 	protoc        (unknown)
-// source: pbmesh/v1alpha1/proxy.proto
+// source: pbmesh/v1alpha1/proxy_configuration.proto
 
 package meshv1alpha1
 
@@ -66,11 +66,11 @@ func (x ProxyMode) String() string {
 }
 
 func (ProxyMode) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_proxy_proto_enumTypes[0].Descriptor()
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[0].Descriptor()
 }
 
 func (ProxyMode) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_proxy_proto_enumTypes[0]
+	return &file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[0]
 }
 
 func (x ProxyMode) Number() protoreflect.EnumNumber {
@@ -79,7 +79,7 @@ func (x ProxyMode) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use ProxyMode.Descriptor instead.
 func (ProxyMode) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP(), []int{0}
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{0}
 }
 
 type ProxyConfiguration struct {
@@ -99,14 +99,14 @@ type ProxyConfiguration struct {
 	// deprecated: prevent usage when using v2 APIs directly.
 	// needed for backwards compatibility
 	//
-	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
 	OpaqueConfig *structpb.Struct `protobuf:"bytes,4,opt,name=opaque_config,json=opaqueConfig,proto3" json:"opaque_config,omitempty"`
 }
 
 func (x *ProxyConfiguration) Reset() {
 	*x = ProxyConfiguration{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[0]
+		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[0]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -119,7 +119,7 @@ func (x *ProxyConfiguration) String() string {
 func (*ProxyConfiguration) ProtoMessage() {}
 
 func (x *ProxyConfiguration) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[0]
+	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[0]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -132,7 +132,7 @@ func (x *ProxyConfiguration) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ProxyConfiguration.ProtoReflect.Descriptor instead.
 func (*ProxyConfiguration) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP(), []int{0}
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{0}
 }
 
 func (x *ProxyConfiguration) GetWorkloads() *v1alpha1.WorkloadSelector {
@@ -156,7 +156,7 @@ func (x *ProxyConfiguration) GetBootstrapConfig() *BootstrapConfig {
 	return nil
 }
 
-// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
 func (x *ProxyConfiguration) GetOpaqueConfig() *structpb.Struct {
 	if x != nil {
 		return x.OpaqueConfig
@@ -187,18 +187,18 @@ type DynamicConfig struct {
 	// local_workload_address, local_workload_port, and local_workload_socket_path
 	// are deprecated and are only needed for migration of existing resources.
 	//
-	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
 	LocalWorkloadAddress string `protobuf:"bytes,10,opt,name=local_workload_address,json=localWorkloadAddress,proto3" json:"local_workload_address,omitempty"`
-	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
 	LocalWorkloadPort uint32 `protobuf:"varint,11,opt,name=local_workload_port,json=localWorkloadPort,proto3" json:"local_workload_port,omitempty"`
-	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
 	LocalWorkloadSocketPath string `protobuf:"bytes,12,opt,name=local_workload_socket_path,json=localWorkloadSocketPath,proto3" json:"local_workload_socket_path,omitempty"`
 }
 
 func (x *DynamicConfig) Reset() {
 	*x = DynamicConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[1]
+		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[1]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -211,7 +211,7 @@ func (x *DynamicConfig) String() string {
 func (*DynamicConfig) ProtoMessage() {}
 
 func (x *DynamicConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[1]
+	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[1]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -224,7 +224,7 @@ func (x *DynamicConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DynamicConfig.ProtoReflect.Descriptor instead.
 func (*DynamicConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP(), []int{1}
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{1}
 }
 
 func (x *DynamicConfig) GetMode() ProxyMode {
@@ -290,7 +290,7 @@ func (x *DynamicConfig) GetLocalClusterJson() string {
 	return ""
 }
 
-// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
 func (x *DynamicConfig) GetLocalWorkloadAddress() string {
 	if x != nil {
 		return x.LocalWorkloadAddress
@@ -298,7 +298,7 @@ func (x *DynamicConfig) GetLocalWorkloadAddress() string {
 	return ""
 }
 
-// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
 func (x *DynamicConfig) GetLocalWorkloadPort() uint32 {
 	if x != nil {
 		return x.LocalWorkloadPort
@@ -306,7 +306,7 @@ func (x *DynamicConfig) GetLocalWorkloadPort() uint32 {
 	return 0
 }
 
-// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
 func (x *DynamicConfig) GetLocalWorkloadSocketPath() string {
 	if x != nil {
 		return x.LocalWorkloadSocketPath
@@ -330,7 +330,7 @@ type TransparentProxy struct {
 func (x *TransparentProxy) Reset() {
 	*x = TransparentProxy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[2]
+		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[2]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -343,7 +343,7 @@ func (x *TransparentProxy) String() string {
 func (*TransparentProxy) ProtoMessage() {}
 
 func (x *TransparentProxy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[2]
+	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[2]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -356,7 +356,7 @@ func (x *TransparentProxy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TransparentProxy.ProtoReflect.Descriptor instead.
 func (*TransparentProxy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP(), []int{2}
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{2}
 }
 
 func (x *TransparentProxy) GetOutboundListenerPort() uint32 {
@@ -398,7 +398,7 @@ type BootstrapConfig struct {
 func (x *BootstrapConfig) Reset() {
 	*x = BootstrapConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[3]
+		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[3]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -411,7 +411,7 @@ func (x *BootstrapConfig) String() string {
 func (*BootstrapConfig) ProtoMessage() {}
 
 func (x *BootstrapConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[3]
+	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[3]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -424,7 +424,7 @@ func (x *BootstrapConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use BootstrapConfig.ProtoReflect.Descriptor instead.
 func (*BootstrapConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP(), []int{3}
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{3}
 }
 
 func (x *BootstrapConfig) GetStatsdUrl() string {
@@ -518,192 +518,194 @@ func (x *BootstrapConfig) GetTracingConfigJson() string {
 	return ""
 }
 
-var File_pbmesh_v1alpha1_proxy_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_proxy_proto_rawDesc = []byte{
-	0x0a, 0x1b, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1c, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73,
-	0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x70, 0x62, 0x63,
-	0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
-	0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20,
-	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
-	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x1a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d,
+var File_pbmesh_v1alpha1_proxy_configuration_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc = []byte{
+	0x0a, 0x29, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1c, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72,
+	0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x70, 0x62, 0x63, 0x61, 0x74,
+	0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x65,
+	0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62,
+	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c,
 	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
-	0x72, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xdb, 0x02,
-	0x0a, 0x12, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x51, 0x0a, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64,
-	0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c,
-	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b,
-	0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x09, 0x77, 0x6f,
-	0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x12, 0x54, 0x0a, 0x0e, 0x64, 0x79, 0x6e, 0x61, 0x6d,
-	0x69, 0x63, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0d,
-	0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5a, 0x0a,
-	0x10, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72,
-	0x61, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0f, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74,
-	0x72, 0x61, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x40, 0x0a, 0x0d, 0x6f, 0x70, 0x61,
-	0x71, 0x75, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0c, 0x6f,
-	0x70, 0x61, 0x71, 0x75, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xf0, 0x07, 0x0a, 0x0d,
-	0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3d, 0x0a,
-	0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f,
-	0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x5d, 0x0a, 0x11,
-	0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61,
-	0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x10, 0x74, 0x72, 0x61, 0x6e, 0x73,
-	0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x6d, 0x0a, 0x10, 0x6c,
-	0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18,
-	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x62,
+	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x72, 0x6f,
+	0x75, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xdb, 0x02, 0x0a, 0x12,
+	0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x51, 0x0a, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f,
+	0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b,
+	0x6c, 0x6f, 0x61, 0x64, 0x73, 0x12, 0x54, 0x0a, 0x0e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63,
+	0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44,
+	0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0d, 0x64, 0x79,
+	0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5a, 0x0a, 0x10, 0x62,
+	0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
 	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
-	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x69, 0x0a, 0x13, 0x69, 0x6e,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0f, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61,
+	0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x40, 0x0a, 0x0d, 0x6f, 0x70, 0x61, 0x71, 0x75,
+	0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0c, 0x6f, 0x70, 0x61,
+	0x71, 0x75, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xf0, 0x07, 0x0a, 0x0d, 0x44, 0x79,
+	0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3d, 0x0a, 0x04, 0x6d,
+	0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79,
+	0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x5d, 0x0a, 0x11, 0x74, 0x72,
+	0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65,
+	0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x10, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61,
+	0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x6d, 0x0a, 0x10, 0x6c, 0x6f, 0x63,
+	0x61, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x69, 0x0a, 0x13, 0x69, 0x6e, 0x62, 0x6f,
+	0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
+	0x12, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x12, 0x5b, 0x0a, 0x11, 0x6d, 0x65, 0x73, 0x68, 0x5f, 0x67, 0x61, 0x74, 0x65,
+	0x77, 0x61, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52,
+	0x0f, 0x6d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65,
+	0x12, 0x51, 0x0a, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
 	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64,
-	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x52, 0x12, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5b, 0x0a, 0x11, 0x6d, 0x65, 0x73, 0x68, 0x5f, 0x67, 0x61,
-	0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e,
-	0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0c, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6c, 0x69,
+	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x12, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65,
+	0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65,
+	0x72, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x08,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x54, 0x72,
+	0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x6c, 0x6f, 0x63,
+	0x61, 0x6c, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18,
+	0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6c, 0x75, 0x73,
+	0x74, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x16, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
+	0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
+	0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x14, 0x6c, 0x6f, 0x63,
+	0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73,
+	0x73, 0x12, 0x32, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c,
+	0x6f, 0x61, 0x64, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02,
+	0x18, 0x01, 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61,
+	0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x3f, 0x0a, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77,
+	0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x70,
+	0x61, 0x74, 0x68, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x17, 0x6c,
+	0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x6f, 0x63, 0x6b,
+	0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x74, 0x0a, 0x14, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
+	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
+	0x12, 0x46, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x71, 0x0a, 0x10,
+	0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79,
+	0x12, 0x34, 0x0a, 0x16, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x73,
+	0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d,
+	0x52, 0x14, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
+	0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64,
+	0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x0e, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x22,
+	0xc0, 0x04, 0x0a, 0x0f, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72,
+	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55,
+	0x72, 0x6c, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f,
+	0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x6f, 0x67, 0x73, 0x74,
+	0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73,
+	0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61,
+	0x74, 0x73, 0x54, 0x61, 0x67, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74,
+	0x68, 0x65, 0x75, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
+	0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x73, 0x74, 0x61, 0x74,
+	0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0d, 0x73, 0x74, 0x61, 0x74, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72,
+	0x12, 0x26, 0x0a, 0x0f, 0x72, 0x65, 0x61, 0x64, 0x79, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61,
+	0x64, 0x64, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x72, 0x65, 0x61, 0x64, 0x79,
+	0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x76, 0x65, 0x72,
+	0x72, 0x69, 0x64, 0x65, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x74, 0x70, 0x6c, 0x18, 0x07, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x4a, 0x73, 0x6f,
+	0x6e, 0x54, 0x70, 0x6c, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x63,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65,
+	0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63,
+	0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18,
+	0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x4c, 0x69, 0x73,
+	0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x28, 0x0a, 0x10, 0x73, 0x74,
+	0x61, 0x74, 0x73, 0x5f, 0x73, 0x69, 0x6e, 0x6b, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0a,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x73, 0x53, 0x69, 0x6e, 0x6b, 0x73,
+	0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e,
+	0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x66, 0x6c, 0x75, 0x73, 0x68, 0x5f,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12,
+	0x73, 0x74, 0x61, 0x74, 0x73, 0x46, 0x6c, 0x75, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76,
+	0x61, 0x6c, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x11, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73,
+	0x6f, 0x6e, 0x2a, 0x56, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12,
+	0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x45,
+	0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x50, 0x52, 0x4f, 0x58, 0x59,
+	0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x50, 0x41, 0x52, 0x45, 0x4e,
+	0x54, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44,
+	0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x10, 0x02, 0x42, 0x9f, 0x02, 0x0a, 0x22, 0x63,
+	0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
 	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64,
-	0x65, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f,
-	0x64, 0x65, 0x12, 0x51, 0x0a, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x5f, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73,
-	0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0c, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f,
-	0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x07, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65,
-	0x6e, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65,
-	0x6e, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e,
-	0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
-	0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x6c,
-	0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f,
-	0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6c,
-	0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x16, 0x6c, 0x6f, 0x63,
-	0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72,
-	0x65, 0x73, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x14, 0x6c,
-	0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x41, 0x64, 0x64, 0x72,
-	0x65, 0x73, 0x73, 0x12, 0x32, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72,
-	0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d,
-	0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c,
-	0x6f, 0x61, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x3f, 0x0a, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
-	0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74,
-	0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52,
-	0x17, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x6f,
-	0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x74, 0x0a, 0x14, 0x4c, 0x6f, 0x63, 0x61,
-	0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79,
-	0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b,
-	0x65, 0x79, 0x12, 0x46, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x71,
-	0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f,
-	0x78, 0x79, 0x12, 0x34, 0x0a, 0x16, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0d, 0x52, 0x14, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74,
-	0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x61, 0x6c,
-	0x65, 0x64, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x0e, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c,
-	0x79, 0x22, 0xc0, 0x04, 0x0a, 0x0f, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f,
-	0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73,
-	0x64, 0x55, 0x72, 0x6c, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, 0x73,
-	0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x6f, 0x67,
-	0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61,
-	0x74, 0x73, 0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73,
-	0x74, 0x61, 0x74, 0x73, 0x54, 0x61, 0x67, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x72, 0x6f, 0x6d,
-	0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
-	0x75, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x73, 0x74,
-	0x61, 0x74, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x05, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x74, 0x61, 0x74, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64,
-	0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x72, 0x65, 0x61, 0x64, 0x79, 0x5f, 0x62, 0x69, 0x6e, 0x64,
-	0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x72, 0x65, 0x61,
-	0x64, 0x79, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x76,
-	0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x74, 0x70, 0x6c, 0x18,
-	0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x4a,
-	0x73, 0x6f, 0x6e, 0x54, 0x70, 0x6c, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63,
-	0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x08,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x43, 0x6c, 0x75, 0x73,
-	0x74, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x73, 0x74, 0x61, 0x74,
-	0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f,
-	0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x4c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x28, 0x0a, 0x10,
-	0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x73, 0x69, 0x6e, 0x6b, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e,
-	0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x73, 0x53, 0x69, 0x6e,
-	0x6b, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73,
-	0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x66, 0x6c, 0x75, 0x73,
-	0x68, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x73, 0x46, 0x6c, 0x75, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65,
-	0x72, 0x76, 0x61, 0x6c, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x11, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x4a, 0x73, 0x6f, 0x6e, 0x2a, 0x56, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64,
-	0x65, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f,
-	0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x50, 0x52, 0x4f,
-	0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x50, 0x41, 0x52,
-	0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d,
-	0x4f, 0x44, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x10, 0x02, 0x42, 0x92, 0x02, 0x0a,
-	0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x42, 0x0a, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
-	0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65,
-	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02,
-	0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca,
-	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21,
-	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x31, 0x42, 0x17, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69,
+	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
+	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73,
+	0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
+	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d,
+	0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42,
+	0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65,
+	0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
-	file_pbmesh_v1alpha1_proxy_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_proxy_proto_rawDescData = file_pbmesh_v1alpha1_proxy_proto_rawDesc
+	file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescData = file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc
 )
 
-func file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_proxy_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_proxy_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_proxy_proto_rawDescData)
+func file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescData)
 	})
-	return file_pbmesh_v1alpha1_proxy_proto_rawDescData
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescData
 }
 
-var file_pbmesh_v1alpha1_proxy_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbmesh_v1alpha1_proxy_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
-var file_pbmesh_v1alpha1_proxy_proto_goTypes = []interface{}{
+var file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
+var file_pbmesh_v1alpha1_proxy_configuration_proto_goTypes = []interface{}{
 	(ProxyMode)(0),                    // 0: hashicorp.consul.mesh.v1alpha1.ProxyMode
 	(*ProxyConfiguration)(nil),        // 1: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration
 	(*DynamicConfig)(nil),             // 2: hashicorp.consul.mesh.v1alpha1.DynamicConfig
@@ -717,7 +719,7 @@ var file_pbmesh_v1alpha1_proxy_proto_goTypes = []interface{}{
 	(*ExposeConfig)(nil),              // 10: hashicorp.consul.mesh.v1alpha1.ExposeConfig
 	(*ConnectionConfig)(nil),          // 11: hashicorp.consul.mesh.v1alpha1.ConnectionConfig
 }
-var file_pbmesh_v1alpha1_proxy_proto_depIdxs = []int32{
+var file_pbmesh_v1alpha1_proxy_configuration_proto_depIdxs = []int32{
 	6,  // 0: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
 	2,  // 1: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.dynamic_config:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicConfig
 	4,  // 2: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.bootstrap_config:type_name -> hashicorp.consul.mesh.v1alpha1.BootstrapConfig
@@ -736,16 +738,16 @@ var file_pbmesh_v1alpha1_proxy_proto_depIdxs = []int32{
 	0,  // [0:11] is the sub-list for field type_name
 }
 
-func init() { file_pbmesh_v1alpha1_proxy_proto_init() }
-func file_pbmesh_v1alpha1_proxy_proto_init() {
-	if File_pbmesh_v1alpha1_proxy_proto != nil {
+func init() { file_pbmesh_v1alpha1_proxy_configuration_proto_init() }
+func file_pbmesh_v1alpha1_proxy_configuration_proto_init() {
+	if File_pbmesh_v1alpha1_proxy_configuration_proto != nil {
 		return
 	}
 	file_pbmesh_v1alpha1_connection_proto_init()
 	file_pbmesh_v1alpha1_expose_proto_init()
 	file_pbmesh_v1alpha1_routing_proto_init()
 	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_proxy_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*ProxyConfiguration); i {
 			case 0:
 				return &v.state
@@ -757,7 +759,7 @@ func file_pbmesh_v1alpha1_proxy_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_proxy_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*DynamicConfig); i {
 			case 0:
 				return &v.state
@@ -769,7 +771,7 @@ func file_pbmesh_v1alpha1_proxy_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_proxy_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*TransparentProxy); i {
 			case 0:
 				return &v.state
@@ -781,7 +783,7 @@ func file_pbmesh_v1alpha1_proxy_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_proxy_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*BootstrapConfig); i {
 			case 0:
 				return &v.state
@@ -798,19 +800,19 @@ func file_pbmesh_v1alpha1_proxy_proto_init() {
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_proxy_proto_rawDesc,
+			RawDescriptor: file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc,
 			NumEnums:      1,
 			NumMessages:   5,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
-		GoTypes:           file_pbmesh_v1alpha1_proxy_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_proxy_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_proxy_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_proxy_proto_msgTypes,
+		GoTypes:           file_pbmesh_v1alpha1_proxy_configuration_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_proxy_configuration_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes,
 	}.Build()
-	File_pbmesh_v1alpha1_proxy_proto = out.File
-	file_pbmesh_v1alpha1_proxy_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_proxy_proto_goTypes = nil
-	file_pbmesh_v1alpha1_proxy_proto_depIdxs = nil
+	File_pbmesh_v1alpha1_proxy_configuration_proto = out.File
+	file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_proxy_configuration_proto_goTypes = nil
+	file_pbmesh_v1alpha1_proxy_configuration_proto_depIdxs = nil
 }
diff --git a/proto-public/pbmesh/v1alpha1/proxy.proto b/proto-public/pbmesh/v1alpha1/proxy_configuration.proto
similarity index 100%
rename from proto-public/pbmesh/v1alpha1/proxy.proto
rename to proto-public/pbmesh/v1alpha1/proxy_configuration.proto
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.pb.binary.go b/proto-public/pbmesh/v1alpha1/upstreams.pb.binary.go
index cc8214e75a68..d67b41e3a9d0 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/upstreams.pb.binary.go
@@ -28,12 +28,12 @@ func (msg *Upstream) UnmarshalBinary(b []byte) error {
 }
 
 // MarshalBinary implements encoding.BinaryMarshaler
-func (msg *TCPAddress) MarshalBinary() ([]byte, error) {
+func (msg *IPPortAddress) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
 }
 
 // UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *TCPAddress) UnmarshalBinary(b []byte) error {
+func (msg *IPPortAddress) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
 
@@ -56,33 +56,3 @@ func (msg *PreparedQueryUpstream) MarshalBinary() ([]byte, error) {
 func (msg *PreparedQueryUpstream) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *UpstreamConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *UpstreamConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *UpstreamLimits) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *UpstreamLimits) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *PassiveHealthCheck) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *PassiveHealthCheck) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.pb.go b/proto-public/pbmesh/v1alpha1/upstreams.pb.go
index 93b151a3366d..e8e9e4f9cf89 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.pb.go
+++ b/proto-public/pbmesh/v1alpha1/upstreams.pb.go
@@ -14,7 +14,6 @@ import (
 	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	durationpb "google.golang.org/protobuf/types/known/durationpb"
 	reflect "reflect"
 	sync "sync"
 )
@@ -33,10 +32,12 @@ type Upstreams struct {
 
 	// Selection of workloads these upstreams should apply to.
 	// These can be prefixes or specific workload names.
-	Workloads      *v1alpha1.WorkloadSelector `protobuf:"bytes,1,opt,name=workloads,proto3" json:"workloads,omitempty"`
-	Upstreams      []*Upstream                `protobuf:"bytes,2,rep,name=upstreams,proto3" json:"upstreams,omitempty"`
-	PqUpstreams    []*PreparedQueryUpstream   `protobuf:"bytes,3,rep,name=pq_upstreams,json=pqUpstreams,proto3" json:"pq_upstreams,omitempty"`
-	UpstreamConfig *UpstreamConfig            `protobuf:"bytes,4,opt,name=upstream_config,json=upstreamConfig,proto3" json:"upstream_config,omitempty"`
+	Workloads *v1alpha1.WorkloadSelector `protobuf:"bytes,1,opt,name=workloads,proto3" json:"workloads,omitempty"`
+	// upstreams is the list of explicit upstreams to define for the selected workloads.
+	Upstreams []*Upstream `protobuf:"bytes,2,rep,name=upstreams,proto3" json:"upstreams,omitempty"`
+	// pq_upstreams is the list of prepared query upstreams. This field is not supported directly in v2
+	// and should only be used for migration reasons.
+	PqUpstreams []*PreparedQueryUpstream `protobuf:"bytes,3,rep,name=pq_upstreams,json=pqUpstreams,proto3" json:"pq_upstreams,omitempty"`
 }
 
 func (x *Upstreams) Reset() {
@@ -92,27 +93,26 @@ func (x *Upstreams) GetPqUpstreams() []*PreparedQueryUpstream {
 	return nil
 }
 
-func (x *Upstreams) GetUpstreamConfig() *UpstreamConfig {
-	if x != nil {
-		return x.UpstreamConfig
-	}
-	return nil
-}
-
 type Upstream struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	DestinationRef  *pbresource.ID `protobuf:"bytes,1,opt,name=destination_ref,json=destinationRef,proto3" json:"destination_ref,omitempty"`
-	DestinationPort string         `protobuf:"bytes,2,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
-	Datacenter      string         `protobuf:"bytes,3,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
+	// destination_ref is the reference to an upstream service. This has to be pbcatalog.Service type.
+	DestinationRef *pbresource.Reference `protobuf:"bytes,1,opt,name=destination_ref,json=destinationRef,proto3" json:"destination_ref,omitempty"`
+	// destination_port is the port name of the upstream service. This should be the name
+	// of the service's target port.
+	DestinationPort string `protobuf:"bytes,2,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
+	// datacenter is the datacenter for where this upstream service lives.
+	Datacenter string `protobuf:"bytes,3,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
+	// listen_addr is the address where Envoy will listen for requests to this upstream.
+	// It can provided either as an ip:port or as a Unix domain socket.
+	//
 	// Types that are assignable to ListenAddr:
 	//
-	//	*Upstream_Tcp
+	//	*Upstream_IpPort
 	//	*Upstream_Unix
-	ListenAddr     isUpstream_ListenAddr `protobuf_oneof:"listen_addr"`
-	UpstreamConfig *UpstreamConfig       `protobuf:"bytes,7,opt,name=upstream_config,json=upstreamConfig,proto3" json:"upstream_config,omitempty"`
+	ListenAddr isUpstream_ListenAddr `protobuf_oneof:"listen_addr"`
 }
 
 func (x *Upstream) Reset() {
@@ -147,7 +147,7 @@ func (*Upstream) Descriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP(), []int{1}
 }
 
-func (x *Upstream) GetDestinationRef() *pbresource.ID {
+func (x *Upstream) GetDestinationRef() *pbresource.Reference {
 	if x != nil {
 		return x.DestinationRef
 	}
@@ -175,9 +175,9 @@ func (m *Upstream) GetListenAddr() isUpstream_ListenAddr {
 	return nil
 }
 
-func (x *Upstream) GetTcp() *TCPAddress {
-	if x, ok := x.GetListenAddr().(*Upstream_Tcp); ok {
-		return x.Tcp
+func (x *Upstream) GetIpPort() *IPPortAddress {
+	if x, ok := x.GetListenAddr().(*Upstream_IpPort); ok {
+		return x.IpPort
 	}
 	return nil
 }
@@ -189,40 +189,35 @@ func (x *Upstream) GetUnix() *UnixSocketAddress {
 	return nil
 }
 
-func (x *Upstream) GetUpstreamConfig() *UpstreamConfig {
-	if x != nil {
-		return x.UpstreamConfig
-	}
-	return nil
-}
-
 type isUpstream_ListenAddr interface {
 	isUpstream_ListenAddr()
 }
 
-type Upstream_Tcp struct {
-	Tcp *TCPAddress `protobuf:"bytes,4,opt,name=tcp,proto3,oneof"`
+type Upstream_IpPort struct {
+	IpPort *IPPortAddress `protobuf:"bytes,4,opt,name=ip_port,json=ipPort,proto3,oneof"`
 }
 
 type Upstream_Unix struct {
 	Unix *UnixSocketAddress `protobuf:"bytes,5,opt,name=unix,proto3,oneof"`
 }
 
-func (*Upstream_Tcp) isUpstream_ListenAddr() {}
+func (*Upstream_IpPort) isUpstream_ListenAddr() {}
 
 func (*Upstream_Unix) isUpstream_ListenAddr() {}
 
-type TCPAddress struct {
+type IPPortAddress struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Ip   string `protobuf:"bytes,1,opt,name=ip,proto3" json:"ip,omitempty"`
+	// ip is an IPv4 or an IPv6 address.
+	Ip string `protobuf:"bytes,1,opt,name=ip,proto3" json:"ip,omitempty"`
+	// port is the port number.
 	Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
 }
 
-func (x *TCPAddress) Reset() {
-	*x = TCPAddress{}
+func (x *IPPortAddress) Reset() {
+	*x = IPPortAddress{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[2]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -230,13 +225,13 @@ func (x *TCPAddress) Reset() {
 	}
 }
 
-func (x *TCPAddress) String() string {
+func (x *IPPortAddress) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*TCPAddress) ProtoMessage() {}
+func (*IPPortAddress) ProtoMessage() {}
 
-func (x *TCPAddress) ProtoReflect() protoreflect.Message {
+func (x *IPPortAddress) ProtoReflect() protoreflect.Message {
 	mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[2]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -248,19 +243,19 @@ func (x *TCPAddress) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use TCPAddress.ProtoReflect.Descriptor instead.
-func (*TCPAddress) Descriptor() ([]byte, []int) {
+// Deprecated: Use IPPortAddress.ProtoReflect.Descriptor instead.
+func (*IPPortAddress) Descriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP(), []int{2}
 }
 
-func (x *TCPAddress) GetIp() string {
+func (x *IPPortAddress) GetIp() string {
 	if x != nil {
 		return x.Ip
 	}
 	return ""
 }
 
-func (x *TCPAddress) GetPort() uint32 {
+func (x *IPPortAddress) GetPort() uint32 {
 	if x != nil {
 		return x.Port
 	}
@@ -272,7 +267,10 @@ type UnixSocketAddress struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
+	// path is the file system path at which to bind a Unix domain socket listener.
 	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
+	// mode is the Unix file mode for the socket file. It should be provided
+	// in the numeric notation, for example, "0600".
 	Mode string `protobuf:"bytes,2,opt,name=mode,proto3" json:"mode,omitempty"`
 }
 
@@ -327,8 +325,13 @@ type PreparedQueryUpstream struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Name       string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// name is the name of the prepared query to use as an upstream.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// datacenter is the datacenter for where this upstream service lives.
 	Datacenter string `protobuf:"bytes,2,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
+	// listen_addr is the address where Envoy will listen for requests to this upstream.
+	// It can provided either as an ip:port or as a Unix domain socket.
+	//
 	// Types that are assignable to ListenAddr:
 	//
 	//	*PreparedQueryUpstream_Tcp
@@ -390,7 +393,7 @@ func (m *PreparedQueryUpstream) GetListenAddr() isPreparedQueryUpstream_ListenAd
 	return nil
 }
 
-func (x *PreparedQueryUpstream) GetTcp() *TCPAddress {
+func (x *PreparedQueryUpstream) GetTcp() *IPPortAddress {
 	if x, ok := x.GetListenAddr().(*PreparedQueryUpstream_Tcp); ok {
 		return x.Tcp
 	}
@@ -416,7 +419,7 @@ type isPreparedQueryUpstream_ListenAddr interface {
 }
 
 type PreparedQueryUpstream_Tcp struct {
-	Tcp *TCPAddress `protobuf:"bytes,4,opt,name=tcp,proto3,oneof"`
+	Tcp *IPPortAddress `protobuf:"bytes,4,opt,name=tcp,proto3,oneof"`
 }
 
 type PreparedQueryUpstream_Unix struct {
@@ -427,229 +430,6 @@ func (*PreparedQueryUpstream_Tcp) isPreparedQueryUpstream_ListenAddr() {}
 
 func (*PreparedQueryUpstream_Unix) isPreparedQueryUpstream_ListenAddr() {}
 
-type UpstreamConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ConnectTimeoutMs           uint64              `protobuf:"varint,2,opt,name=connect_timeout_ms,json=connectTimeoutMs,proto3" json:"connect_timeout_ms,omitempty"`
-	Limits                     *UpstreamLimits     `protobuf:"bytes,3,opt,name=limits,proto3" json:"limits,omitempty"`
-	PassiveHealthCheck         *PassiveHealthCheck `protobuf:"bytes,4,opt,name=passive_health_check,json=passiveHealthCheck,proto3" json:"passive_health_check,omitempty"`
-	BalanceOutboundConnections BalanceConnections  `protobuf:"varint,5,opt,name=balance_outbound_connections,json=balanceOutboundConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceConnections" json:"balance_outbound_connections,omitempty"`
-	MeshGatewayMode            MeshGatewayMode     `protobuf:"varint,6,opt,name=mesh_gateway_mode,json=meshGatewayMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MeshGatewayMode" json:"mesh_gateway_mode,omitempty"`
-}
-
-func (x *UpstreamConfig) Reset() {
-	*x = UpstreamConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *UpstreamConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*UpstreamConfig) ProtoMessage() {}
-
-func (x *UpstreamConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use UpstreamConfig.ProtoReflect.Descriptor instead.
-func (*UpstreamConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *UpstreamConfig) GetConnectTimeoutMs() uint64 {
-	if x != nil {
-		return x.ConnectTimeoutMs
-	}
-	return 0
-}
-
-func (x *UpstreamConfig) GetLimits() *UpstreamLimits {
-	if x != nil {
-		return x.Limits
-	}
-	return nil
-}
-
-func (x *UpstreamConfig) GetPassiveHealthCheck() *PassiveHealthCheck {
-	if x != nil {
-		return x.PassiveHealthCheck
-	}
-	return nil
-}
-
-func (x *UpstreamConfig) GetBalanceOutboundConnections() BalanceConnections {
-	if x != nil {
-		return x.BalanceOutboundConnections
-	}
-	return BalanceConnections_BALANCE_CONNECTIONS_DEFAULT
-}
-
-func (x *UpstreamConfig) GetMeshGatewayMode() MeshGatewayMode {
-	if x != nil {
-		return x.MeshGatewayMode
-	}
-	return MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED
-}
-
-// UpstreamLimits describes the limits that are associated with a specific
-// upstream of a service instance.
-type UpstreamLimits struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// MaxConnections is the maximum number of connections the local proxy can
-	// make to the upstream service.
-	MaxConnections int32 `protobuf:"varint,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"`
-	// MaxPendingRequests is the maximum number of requests that will be queued
-	// waiting for an available connection. This is mostly applicable to HTTP/1.1
-	// clusters since all HTTP/2 requests are streamed over a single
-	// connection.
-	MaxPendingRequests int32 `protobuf:"varint,2,opt,name=max_pending_requests,json=maxPendingRequests,proto3" json:"max_pending_requests,omitempty"`
-	// MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed
-	// to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
-	// clusters since all HTTP/1.1 requests are limited by MaxConnections.
-	MaxConcurrentRequests int32 `protobuf:"varint,3,opt,name=max_concurrent_requests,json=maxConcurrentRequests,proto3" json:"max_concurrent_requests,omitempty"`
-}
-
-func (x *UpstreamLimits) Reset() {
-	*x = UpstreamLimits{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *UpstreamLimits) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*UpstreamLimits) ProtoMessage() {}
-
-func (x *UpstreamLimits) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use UpstreamLimits.ProtoReflect.Descriptor instead.
-func (*UpstreamLimits) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *UpstreamLimits) GetMaxConnections() int32 {
-	if x != nil {
-		return x.MaxConnections
-	}
-	return 0
-}
-
-func (x *UpstreamLimits) GetMaxPendingRequests() int32 {
-	if x != nil {
-		return x.MaxPendingRequests
-	}
-	return 0
-}
-
-func (x *UpstreamLimits) GetMaxConcurrentRequests() int32 {
-	if x != nil {
-		return x.MaxConcurrentRequests
-	}
-	return 0
-}
-
-type PassiveHealthCheck struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Interval between health check analysis sweeps. Each sweep may remove
-	// hosts or return hosts to the pool.
-	Interval *durationpb.Duration `protobuf:"bytes,1,opt,name=interval,proto3" json:"interval,omitempty"`
-	// MaxFailures is the count of consecutive failures that results in a host
-	// being removed from the pool.
-	MaxFailures uint32 `protobuf:"varint,2,opt,name=max_failures,json=maxFailures,proto3" json:"max_failures,omitempty"`
-	// EnforcingConsecutive5xx is the % chance that a host will be actually ejected
-	// when an outlier status is detected through consecutive 5xx.
-	// This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
-	EnforcingConsecutive_5Xx uint32 `protobuf:"varint,3,opt,name=enforcing_consecutive_5xx,json=enforcingConsecutive5xx,proto3" json:"enforcing_consecutive_5xx,omitempty"`
-}
-
-func (x *PassiveHealthCheck) Reset() {
-	*x = PassiveHealthCheck{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *PassiveHealthCheck) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*PassiveHealthCheck) ProtoMessage() {}
-
-func (x *PassiveHealthCheck) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use PassiveHealthCheck.ProtoReflect.Descriptor instead.
-func (*PassiveHealthCheck) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *PassiveHealthCheck) GetInterval() *durationpb.Duration {
-	if x != nil {
-		return x.Interval
-	}
-	return nil
-}
-
-func (x *PassiveHealthCheck) GetMaxFailures() uint32 {
-	if x != nil {
-		return x.MaxFailures
-	}
-	return 0
-}
-
-func (x *PassiveHealthCheck) GetEnforcingConsecutive_5Xx() uint32 {
-	if x != nil {
-		return x.EnforcingConsecutive_5Xx
-	}
-	return 0
-}
-
 var File_pbmesh_v1alpha1_upstreams_proto protoreflect.FileDescriptor
 
 var file_pbmesh_v1alpha1_upstreams_proto_rawDesc = []byte{
@@ -657,158 +437,95 @@ var file_pbmesh_v1alpha1_upstreams_proto_rawDesc = []byte{
 	0x31, 0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74,
 	0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
 	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x1a, 0x21, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61,
+	0x31, 0x1a, 0x21, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61,
 	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
-	0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x22, 0xd9, 0x02, 0x0a, 0x09, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x51,
-	0x0a, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65,
-	0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64,
-	0x73, 0x12, 0x46, 0x0a, 0x09, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x02,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x09,
-	0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x58, 0x0a, 0x0c, 0x70, 0x71, 0x5f,
-	0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x64, 0x51, 0x75, 0x65, 0x72, 0x79, 0x55, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x0b, 0x70, 0x71, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65,
-	0x61, 0x6d, 0x73, 0x12, 0x57, 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x75, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x8e, 0x03, 0x0a,
-	0x08, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x46, 0x0a, 0x0f, 0x64, 0x65, 0x73,
-	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x49,
-	0x44, 0x52, 0x0e, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
-	0x66, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x73,
-	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a,
-	0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x3e, 0x0a, 0x03,
-	0x74, 0x63, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x5f,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f,
+	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x80,
+	0x02, 0x0a, 0x09, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x51, 0x0a, 0x09,
+	0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65,
+	0x63, 0x74, 0x6f, 0x72, 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x12,
+	0x46, 0x0a, 0x09, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x09, 0x75, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x58, 0x0a, 0x0c, 0x70, 0x71, 0x5f, 0x75, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50,
+	0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x64, 0x51, 0x75, 0x65, 0x72, 0x79, 0x55, 0x70, 0x73, 0x74,
+	0x72, 0x65, 0x61, 0x6d, 0x52, 0x0b, 0x70, 0x71, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d,
+	0x73, 0x22, 0xc6, 0x02, 0x0a, 0x08, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x4d,
+	0x0a, 0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65,
+	0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75,
+	0x72, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0e, 0x64,
+	0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x66, 0x12, 0x29, 0x0a,
+	0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x72,
+	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61,
+	0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x61,
+	0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x48, 0x0a, 0x07, 0x69, 0x70, 0x5f, 0x70,
+	0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x43, 0x50, 0x41, 0x64,
-	0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x47, 0x0a, 0x04,
-	0x75, 0x6e, 0x69, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e, 0x69, 0x78,
-	0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52,
-	0x04, 0x75, 0x6e, 0x69, 0x78, 0x12, 0x57, 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
-	0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e,
-	0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x0d,
-	0x0a, 0x0b, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x22, 0x30, 0x0a,
-	0x0a, 0x54, 0x43, 0x50, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x69,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x50, 0x50, 0x6f, 0x72,
+	0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x06, 0x69, 0x70, 0x50, 0x6f,
+	0x72, 0x74, 0x12, 0x47, 0x0a, 0x04, 0x75, 0x6e, 0x69, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72,
+	0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x04, 0x75, 0x6e, 0x69, 0x78, 0x42, 0x0d, 0x0a, 0x0b, 0x6c,
+	0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x22, 0x33, 0x0a, 0x0d, 0x49, 0x50,
+	0x50, 0x6f, 0x72, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x69,
 	0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x70,
 	0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22,
 	0x3b, 0x0a, 0x11, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64,
 	0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01,
 	0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x22, 0xbc, 0x02, 0x0a,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x22, 0xbf, 0x02, 0x0a,
 	0x15, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x64, 0x51, 0x75, 0x65, 0x72, 0x79, 0x55, 0x70,
 	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
 	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61,
 	0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a,
-	0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x63,
-	0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x03, 0x74, 0x63,
+	0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
 	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x43, 0x50, 0x41, 0x64, 0x64, 0x72,
-	0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x47, 0x0a, 0x04, 0x75, 0x6e,
-	0x69, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f,
-	0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x04, 0x75,
-	0x6e, 0x69, 0x78, 0x12, 0x57, 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x75, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x0d, 0x0a, 0x0b,
-	0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x22, 0xbf, 0x03, 0x0a, 0x0e,
-	0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2c,
-	0x0a, 0x12, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75,
-	0x74, 0x5f, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x12, 0x46, 0x0a, 0x06,
-	0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x52, 0x06, 0x6c, 0x69,
-	0x6d, 0x69, 0x74, 0x73, 0x12, 0x64, 0x0a, 0x14, 0x70, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x5f,
-	0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74,
-	0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x12, 0x70, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48,
-	0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x74, 0x0a, 0x1c, 0x62, 0x61,
-	0x6c, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e,
-	0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x1a, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75, 0x74,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x12, 0x5b, 0x0a, 0x11, 0x6d, 0x65, 0x73, 0x68, 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
-	0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x50, 0x50, 0x6f, 0x72, 0x74, 0x41,
+	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x47, 0x0a,
+	0x04, 0x75, 0x6e, 0x69, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73,
-	0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0f, 0x6d, 0x65,
-	0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0xa3, 0x01,
-	0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73,
-	0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x6d, 0x61, 0x78,
-	0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64,
-	0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x36, 0x0a, 0x17, 0x6d,
-	0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x6d, 0x61,
-	0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x73, 0x22, 0xaa, 0x01, 0x0a, 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48,
-	0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
-	0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x78, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65,
-	0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x61, 0x78, 0x46, 0x61, 0x69, 0x6c,
-	0x75, 0x72, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e,
-	0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78,
-	0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69,
-	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78,
-	0x42, 0x96, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
-	0x6d, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75,
-	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62,
-	0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
-	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
-	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
-	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e, 0x69,
+	0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00,
+	0x52, 0x04, 0x75, 0x6e, 0x69, 0x78, 0x12, 0x57, 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65,
+	0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
+	0x0e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42,
+	0x0d, 0x0a, 0x0b, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x42, 0x96,
+	0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69,
+	0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02,
+	0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64,
+	0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a,
+	0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -823,44 +540,32 @@ func file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP() []byte {
 	return file_pbmesh_v1alpha1_upstreams_proto_rawDescData
 }
 
-var file_pbmesh_v1alpha1_upstreams_proto_msgTypes = make([]protoimpl.MessageInfo, 8)
+var file_pbmesh_v1alpha1_upstreams_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
 var file_pbmesh_v1alpha1_upstreams_proto_goTypes = []interface{}{
 	(*Upstreams)(nil),                 // 0: hashicorp.consul.mesh.v1alpha1.Upstreams
 	(*Upstream)(nil),                  // 1: hashicorp.consul.mesh.v1alpha1.Upstream
-	(*TCPAddress)(nil),                // 2: hashicorp.consul.mesh.v1alpha1.TCPAddress
+	(*IPPortAddress)(nil),             // 2: hashicorp.consul.mesh.v1alpha1.IPPortAddress
 	(*UnixSocketAddress)(nil),         // 3: hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
 	(*PreparedQueryUpstream)(nil),     // 4: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream
-	(*UpstreamConfig)(nil),            // 5: hashicorp.consul.mesh.v1alpha1.UpstreamConfig
-	(*UpstreamLimits)(nil),            // 6: hashicorp.consul.mesh.v1alpha1.UpstreamLimits
-	(*PassiveHealthCheck)(nil),        // 7: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck
-	(*v1alpha1.WorkloadSelector)(nil), // 8: hashicorp.consul.catalog.v1alpha1.WorkloadSelector
-	(*pbresource.ID)(nil),             // 9: hashicorp.consul.resource.ID
-	(BalanceConnections)(0),           // 10: hashicorp.consul.mesh.v1alpha1.BalanceConnections
-	(MeshGatewayMode)(0),              // 11: hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
-	(*durationpb.Duration)(nil),       // 12: google.protobuf.Duration
+	(*v1alpha1.WorkloadSelector)(nil), // 5: hashicorp.consul.catalog.v1alpha1.WorkloadSelector
+	(*pbresource.Reference)(nil),      // 6: hashicorp.consul.resource.Reference
+	(*UpstreamConfig)(nil),            // 7: hashicorp.consul.mesh.v1alpha1.UpstreamConfig
 }
 var file_pbmesh_v1alpha1_upstreams_proto_depIdxs = []int32{
-	8,  // 0: hashicorp.consul.mesh.v1alpha1.Upstreams.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
-	1,  // 1: hashicorp.consul.mesh.v1alpha1.Upstreams.upstreams:type_name -> hashicorp.consul.mesh.v1alpha1.Upstream
-	4,  // 2: hashicorp.consul.mesh.v1alpha1.Upstreams.pq_upstreams:type_name -> hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream
-	5,  // 3: hashicorp.consul.mesh.v1alpha1.Upstreams.upstream_config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
-	9,  // 4: hashicorp.consul.mesh.v1alpha1.Upstream.destination_ref:type_name -> hashicorp.consul.resource.ID
-	2,  // 5: hashicorp.consul.mesh.v1alpha1.Upstream.tcp:type_name -> hashicorp.consul.mesh.v1alpha1.TCPAddress
-	3,  // 6: hashicorp.consul.mesh.v1alpha1.Upstream.unix:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
-	5,  // 7: hashicorp.consul.mesh.v1alpha1.Upstream.upstream_config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
-	2,  // 8: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.tcp:type_name -> hashicorp.consul.mesh.v1alpha1.TCPAddress
-	3,  // 9: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.unix:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
-	5,  // 10: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.upstream_config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
-	6,  // 11: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.limits:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamLimits
-	7,  // 12: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.passive_health_check:type_name -> hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck
-	10, // 13: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.balance_outbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceConnections
-	11, // 14: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
-	12, // 15: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck.interval:type_name -> google.protobuf.Duration
-	16, // [16:16] is the sub-list for method output_type
-	16, // [16:16] is the sub-list for method input_type
-	16, // [16:16] is the sub-list for extension type_name
-	16, // [16:16] is the sub-list for extension extendee
-	0,  // [0:16] is the sub-list for field type_name
+	5, // 0: hashicorp.consul.mesh.v1alpha1.Upstreams.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
+	1, // 1: hashicorp.consul.mesh.v1alpha1.Upstreams.upstreams:type_name -> hashicorp.consul.mesh.v1alpha1.Upstream
+	4, // 2: hashicorp.consul.mesh.v1alpha1.Upstreams.pq_upstreams:type_name -> hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream
+	6, // 3: hashicorp.consul.mesh.v1alpha1.Upstream.destination_ref:type_name -> hashicorp.consul.resource.Reference
+	2, // 4: hashicorp.consul.mesh.v1alpha1.Upstream.ip_port:type_name -> hashicorp.consul.mesh.v1alpha1.IPPortAddress
+	3, // 5: hashicorp.consul.mesh.v1alpha1.Upstream.unix:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
+	2, // 6: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.tcp:type_name -> hashicorp.consul.mesh.v1alpha1.IPPortAddress
+	3, // 7: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.unix:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
+	7, // 8: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.upstream_config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
+	9, // [9:9] is the sub-list for method output_type
+	9, // [9:9] is the sub-list for method input_type
+	9, // [9:9] is the sub-list for extension type_name
+	9, // [9:9] is the sub-list for extension extendee
+	0, // [0:9] is the sub-list for field type_name
 }
 
 func init() { file_pbmesh_v1alpha1_upstreams_proto_init() }
@@ -868,8 +573,7 @@ func file_pbmesh_v1alpha1_upstreams_proto_init() {
 	if File_pbmesh_v1alpha1_upstreams_proto != nil {
 		return
 	}
-	file_pbmesh_v1alpha1_connection_proto_init()
-	file_pbmesh_v1alpha1_routing_proto_init()
+	file_pbmesh_v1alpha1_upstreams_configuration_proto_init()
 	if !protoimpl.UnsafeEnabled {
 		file_pbmesh_v1alpha1_upstreams_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Upstreams); i {
@@ -896,7 +600,7 @@ func file_pbmesh_v1alpha1_upstreams_proto_init() {
 			}
 		}
 		file_pbmesh_v1alpha1_upstreams_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPAddress); i {
+			switch v := v.(*IPPortAddress); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -931,45 +635,9 @@ func file_pbmesh_v1alpha1_upstreams_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_upstreams_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpstreamConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_upstreams_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpstreamLimits); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_upstreams_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PassiveHealthCheck); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
 	}
 	file_pbmesh_v1alpha1_upstreams_proto_msgTypes[1].OneofWrappers = []interface{}{
-		(*Upstream_Tcp)(nil),
+		(*Upstream_IpPort)(nil),
 		(*Upstream_Unix)(nil),
 	}
 	file_pbmesh_v1alpha1_upstreams_proto_msgTypes[4].OneofWrappers = []interface{}{
@@ -982,7 +650,7 @@ func file_pbmesh_v1alpha1_upstreams_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_pbmesh_v1alpha1_upstreams_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   8,
+			NumMessages:   5,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.proto b/proto-public/pbmesh/v1alpha1/upstreams.proto
index c1f444e9ccc2..a78d8c3f9792 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.proto
+++ b/proto-public/pbmesh/v1alpha1/upstreams.proto
@@ -5,10 +5,8 @@ syntax = "proto3";
 
 package hashicorp.consul.mesh.v1alpha1;
 
-import "google/protobuf/duration.proto";
 import "pbcatalog/v1alpha1/selector.proto";
-import "pbmesh/v1alpha1/connection.proto";
-import "pbmesh/v1alpha1/routing.proto";
+import "pbmesh/v1alpha1/upstreams_configuration.proto";
 import "pbresource/resource.proto";
 
 message Upstreams {
@@ -16,85 +14,63 @@ message Upstreams {
   // These can be prefixes or specific workload names.
   hashicorp.consul.catalog.v1alpha1.WorkloadSelector workloads = 1;
 
+  // upstreams is the list of explicit upstreams to define for the selected workloads.
   repeated Upstream upstreams = 2;
-  repeated PreparedQueryUpstream pq_upstreams = 3;
 
-  UpstreamConfig upstream_config = 4;
+  // pq_upstreams is the list of prepared query upstreams. This field is not supported directly in v2
+  // and should only be used for migration reasons.
+  repeated PreparedQueryUpstream pq_upstreams = 3;
 }
 
 message Upstream {
-  hashicorp.consul.resource.ID destination_ref = 1;
+  // destination_ref is the reference to an upstream service. This has to be pbcatalog.Service type.
+  hashicorp.consul.resource.Reference destination_ref = 1;
+
+  // destination_port is the port name of the upstream service. This should be the name
+  // of the service's target port.
   string destination_port = 2;
+
+  // datacenter is the datacenter for where this upstream service lives.
   string datacenter = 3;
 
+  // listen_addr is the address where Envoy will listen for requests to this upstream.
+  // It can provided either as an ip:port or as a Unix domain socket.
   oneof listen_addr {
-    TCPAddress tcp = 4;
+    IPPortAddress ip_port = 4;
     UnixSocketAddress unix = 5;
   }
-
-  UpstreamConfig upstream_config = 7;
 }
 
-message TCPAddress {
+message IPPortAddress {
+  // ip is an IPv4 or an IPv6 address.
   string ip = 1;
+
+  // port is the port number.
   uint32 port = 2;
 }
 
 message UnixSocketAddress {
+  // path is the file system path at which to bind a Unix domain socket listener.
   string path = 1;
+
+  // mode is the Unix file mode for the socket file. It should be provided
+  // in the numeric notation, for example, "0600".
   string mode = 2;
 }
 
 message PreparedQueryUpstream {
+  // name is the name of the prepared query to use as an upstream.
   string name = 1;
+
+  // datacenter is the datacenter for where this upstream service lives.
   string datacenter = 2;
 
+  // listen_addr is the address where Envoy will listen for requests to this upstream.
+  // It can provided either as an ip:port or as a Unix domain socket.
   oneof listen_addr {
-    TCPAddress tcp = 4;
+    IPPortAddress tcp = 4;
     UnixSocketAddress unix = 5;
   }
 
   UpstreamConfig upstream_config = 6;
 }
-
-message UpstreamConfig {
-  uint64 connect_timeout_ms = 2;
-  UpstreamLimits limits = 3;
-  PassiveHealthCheck passive_health_check = 4;
-  BalanceConnections balance_outbound_connections = 5;
-  MeshGatewayMode mesh_gateway_mode = 6;
-}
-
-// UpstreamLimits describes the limits that are associated with a specific
-// upstream of a service instance.
-message UpstreamLimits {
-  // MaxConnections is the maximum number of connections the local proxy can
-  // make to the upstream service.
-  int32 max_connections = 1;
-
-  // MaxPendingRequests is the maximum number of requests that will be queued
-  // waiting for an available connection. This is mostly applicable to HTTP/1.1
-  // clusters since all HTTP/2 requests are streamed over a single
-  // connection.
-  int32 max_pending_requests = 2;
-
-  // MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed
-  // to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
-  // clusters since all HTTP/1.1 requests are limited by MaxConnections.
-  int32 max_concurrent_requests = 3;
-}
-
-message PassiveHealthCheck {
-  // Interval between health check analysis sweeps. Each sweep may remove
-  // hosts or return hosts to the pool.
-  google.protobuf.Duration interval = 1;
-
-  // MaxFailures is the count of consecutive failures that results in a host
-  // being removed from the pool.
-  uint32 max_failures = 2;
-
-  // EnforcingConsecutive5xx is the % chance that a host will be actually ejected
-  // when an outlier status is detected through consecutive 5xx.
-  // This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
-  uint32 enforcing_consecutive_5xx = 3;
-}
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.binary.go b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.binary.go
new file mode 100644
index 000000000000..f4a5db281324
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.binary.go
@@ -0,0 +1,58 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/upstreams_configuration.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *UpstreamsConfiguration) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *UpstreamsConfiguration) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *UpstreamConfigOverrides) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *UpstreamConfigOverrides) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *UpstreamConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *UpstreamConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *UpstreamLimits) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *UpstreamLimits) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *PassiveHealthCheck) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *PassiveHealthCheck) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
new file mode 100644
index 000000000000..a4e2cc66c82e
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
@@ -0,0 +1,682 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/upstreams_configuration.proto
+
+package meshv1alpha1
+
+import (
+	v1alpha1 "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type UpstreamsConfiguration struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Selection of workloads these upstreams should apply to.
+	// These can be prefixes or specific workload names.
+	Workloads *v1alpha1.WorkloadSelector `protobuf:"bytes,1,opt,name=workloads,proto3" json:"workloads,omitempty"`
+	// default_config applies to all upstreams for the workloads selected by this resource.
+	DefaultConfig *UpstreamConfig `protobuf:"bytes,2,opt,name=default_config,json=defaultConfig,proto3" json:"default_config,omitempty"`
+	// config_overrides provides per-upstream or per-upstream-port config overrides.
+	ConfigOverrides []*UpstreamConfigOverrides `protobuf:"bytes,3,rep,name=config_overrides,json=configOverrides,proto3" json:"config_overrides,omitempty"`
+}
+
+func (x *UpstreamsConfiguration) Reset() {
+	*x = UpstreamsConfiguration{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UpstreamsConfiguration) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpstreamsConfiguration) ProtoMessage() {}
+
+func (x *UpstreamsConfiguration) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpstreamsConfiguration.ProtoReflect.Descriptor instead.
+func (*UpstreamsConfiguration) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *UpstreamsConfiguration) GetWorkloads() *v1alpha1.WorkloadSelector {
+	if x != nil {
+		return x.Workloads
+	}
+	return nil
+}
+
+func (x *UpstreamsConfiguration) GetDefaultConfig() *UpstreamConfig {
+	if x != nil {
+		return x.DefaultConfig
+	}
+	return nil
+}
+
+func (x *UpstreamsConfiguration) GetConfigOverrides() []*UpstreamConfigOverrides {
+	if x != nil {
+		return x.ConfigOverrides
+	}
+	return nil
+}
+
+// UpstreamConfigOverrides allow to override upstream configuration per destination_ref/port/datacenter.
+// In that sense, those three fields (destination_ref, destination_port and datacenter) are treated
+// sort of like map keys and config is a like a map value for that key.
+type UpstreamConfigOverrides struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// destination_ref is the reference to an upstream service that this configuration applies to.
+	// This has to be pbcatalog.Service type.
+	DestinationRef *pbresource.Reference `protobuf:"bytes,1,opt,name=destination_ref,json=destinationRef,proto3" json:"destination_ref,omitempty"`
+	// destination_port is the port name of the upstream service. This should be the name
+	// of the service's target port. If not provided, this configuration will apply to all ports of an upstream.
+	DestinationPort string `protobuf:"bytes,2,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
+	// datacenter is the datacenter for where this upstream service lives.
+	Datacenter string `protobuf:"bytes,3,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
+	// config is the configuration that should apply to this upstream.
+	Config *UpstreamConfig `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"`
+}
+
+func (x *UpstreamConfigOverrides) Reset() {
+	*x = UpstreamConfigOverrides{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UpstreamConfigOverrides) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpstreamConfigOverrides) ProtoMessage() {}
+
+func (x *UpstreamConfigOverrides) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpstreamConfigOverrides.ProtoReflect.Descriptor instead.
+func (*UpstreamConfigOverrides) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *UpstreamConfigOverrides) GetDestinationRef() *pbresource.Reference {
+	if x != nil {
+		return x.DestinationRef
+	}
+	return nil
+}
+
+func (x *UpstreamConfigOverrides) GetDestinationPort() string {
+	if x != nil {
+		return x.DestinationPort
+	}
+	return ""
+}
+
+func (x *UpstreamConfigOverrides) GetDatacenter() string {
+	if x != nil {
+		return x.Datacenter
+	}
+	return ""
+}
+
+func (x *UpstreamConfigOverrides) GetConfig() *UpstreamConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+type UpstreamConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// protocol overrides upstream's port protocol. If no port for an upstream is specified
+	// or if used in the default configuration, this protocol will be used for all ports
+	// or for all ports of all upstreams respectively.
+	Protocol v1alpha1.Protocol `protobuf:"varint,1,opt,name=protocol,proto3,enum=hashicorp.consul.catalog.v1alpha1.Protocol" json:"protocol,omitempty"`
+	// connect_timeout is the timeout used when making a new
+	// connection to this upstream. Defaults to 5 seconds if not set.
+	ConnectTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
+	// limits are the set of limits that are applied to the proxy for a specific upstream.
+	Limits *UpstreamLimits `protobuf:"bytes,3,opt,name=limits,proto3" json:"limits,omitempty"`
+	// passive_health_check configuration determines how upstream proxy instances will
+	// be monitored for removal from the load balancing pool.
+	PassiveHealthCheck *PassiveHealthCheck `protobuf:"bytes,4,opt,name=passive_health_check,json=passiveHealthCheck,proto3" json:"passive_health_check,omitempty"`
+	// balance_outbound_connections indicates how the proxy should attempt to distribute
+	// connections across worker threads.
+	BalanceOutboundConnections BalanceConnections `protobuf:"varint,5,opt,name=balance_outbound_connections,json=balanceOutboundConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceConnections" json:"balance_outbound_connections,omitempty"`
+	// MeshGatewayMode is the Mesh Gateway routing mode.
+	MeshGatewayMode MeshGatewayMode `protobuf:"varint,6,opt,name=mesh_gateway_mode,json=meshGatewayMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MeshGatewayMode" json:"mesh_gateway_mode,omitempty"`
+}
+
+func (x *UpstreamConfig) Reset() {
+	*x = UpstreamConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UpstreamConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpstreamConfig) ProtoMessage() {}
+
+func (x *UpstreamConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpstreamConfig.ProtoReflect.Descriptor instead.
+func (*UpstreamConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *UpstreamConfig) GetProtocol() v1alpha1.Protocol {
+	if x != nil {
+		return x.Protocol
+	}
+	return v1alpha1.Protocol(0)
+}
+
+func (x *UpstreamConfig) GetConnectTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.ConnectTimeout
+	}
+	return nil
+}
+
+func (x *UpstreamConfig) GetLimits() *UpstreamLimits {
+	if x != nil {
+		return x.Limits
+	}
+	return nil
+}
+
+func (x *UpstreamConfig) GetPassiveHealthCheck() *PassiveHealthCheck {
+	if x != nil {
+		return x.PassiveHealthCheck
+	}
+	return nil
+}
+
+func (x *UpstreamConfig) GetBalanceOutboundConnections() BalanceConnections {
+	if x != nil {
+		return x.BalanceOutboundConnections
+	}
+	return BalanceConnections_BALANCE_CONNECTIONS_DEFAULT
+}
+
+func (x *UpstreamConfig) GetMeshGatewayMode() MeshGatewayMode {
+	if x != nil {
+		return x.MeshGatewayMode
+	}
+	return MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED
+}
+
+// UpstreamLimits describes the limits that are associated with a specific
+// upstream of a service instance.
+type UpstreamLimits struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// max_connections is the maximum number of connections the local proxy can
+	// make to the upstream service.
+	MaxConnections int32 `protobuf:"varint,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"`
+	// max_pending_requests is the maximum number of requests that will be queued
+	// waiting for an available connection. This is mostly applicable to HTTP/1.1
+	// clusters since all HTTP/2 requests are streamed over a single
+	// connection.
+	MaxPendingRequests int32 `protobuf:"varint,2,opt,name=max_pending_requests,json=maxPendingRequests,proto3" json:"max_pending_requests,omitempty"`
+	// max_concurrent_requests is the maximum number of in-flight requests that will be allowed
+	// to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
+	// clusters since all HTTP/1.1 requests are limited by MaxConnections.
+	MaxConcurrentRequests int32 `protobuf:"varint,3,opt,name=max_concurrent_requests,json=maxConcurrentRequests,proto3" json:"max_concurrent_requests,omitempty"`
+}
+
+func (x *UpstreamLimits) Reset() {
+	*x = UpstreamLimits{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UpstreamLimits) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpstreamLimits) ProtoMessage() {}
+
+func (x *UpstreamLimits) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpstreamLimits.ProtoReflect.Descriptor instead.
+func (*UpstreamLimits) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *UpstreamLimits) GetMaxConnections() int32 {
+	if x != nil {
+		return x.MaxConnections
+	}
+	return 0
+}
+
+func (x *UpstreamLimits) GetMaxPendingRequests() int32 {
+	if x != nil {
+		return x.MaxPendingRequests
+	}
+	return 0
+}
+
+func (x *UpstreamLimits) GetMaxConcurrentRequests() int32 {
+	if x != nil {
+		return x.MaxConcurrentRequests
+	}
+	return 0
+}
+
+type PassiveHealthCheck struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// interval between health check analysis sweeps. Each sweep may remove
+	// hosts or return hosts to the pool.
+	Interval *durationpb.Duration `protobuf:"bytes,1,opt,name=interval,proto3" json:"interval,omitempty"`
+	// max_failures is the count of consecutive failures that results in a host
+	// being removed from the pool.
+	MaxFailures uint32 `protobuf:"varint,2,opt,name=max_failures,json=maxFailures,proto3" json:"max_failures,omitempty"`
+	// enforcing_consecutive_5xx is the % chance that a host will be actually ejected
+	// when an outlier status is detected through consecutive 5xx.
+	// This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
+	EnforcingConsecutive_5Xx uint32 `protobuf:"varint,3,opt,name=enforcing_consecutive_5xx,json=enforcingConsecutive5xx,proto3" json:"enforcing_consecutive_5xx,omitempty"`
+}
+
+func (x *PassiveHealthCheck) Reset() {
+	*x = PassiveHealthCheck{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *PassiveHealthCheck) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PassiveHealthCheck) ProtoMessage() {}
+
+func (x *PassiveHealthCheck) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use PassiveHealthCheck.ProtoReflect.Descriptor instead.
+func (*PassiveHealthCheck) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *PassiveHealthCheck) GetInterval() *durationpb.Duration {
+	if x != nil {
+		return x.Interval
+	}
+	return nil
+}
+
+func (x *PassiveHealthCheck) GetMaxFailures() uint32 {
+	if x != nil {
+		return x.MaxFailures
+	}
+	return 0
+}
+
+func (x *PassiveHealthCheck) GetEnforcingConsecutive_5Xx() uint32 {
+	if x != nil {
+		return x.EnforcingConsecutive_5Xx
+	}
+	return 0
+}
+
+var File_pbmesh_v1alpha1_upstreams_configuration_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDesc = []byte{
+	0x0a, 0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a,
+	0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
+	0x21, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x1a, 0x21, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x22, 0xa6, 0x02, 0x0a, 0x16, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x51, 0x0a, 0x09,
+	0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65,
+	0x63, 0x74, 0x6f, 0x72, 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x12,
+	0x55, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
+	0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x62, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x5f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x52, 0x0f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x22, 0xfb, 0x01, 0x0a, 0x17, 0x55,
+	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4f, 0x76, 0x65,
+	0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x12, 0x4d, 0x0a, 0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x24, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x66, 0x65,
+	0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0e, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x66, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74,
+	0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72,
+	0x12, 0x46, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x9e, 0x04, 0x0a, 0x0e, 0x55, 0x70, 0x73,
+	0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x47, 0x0a, 0x08, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f,
+	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x46, 0x0a, 0x06, 0x6c, 0x69, 0x6d, 0x69,
+	0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65,
+	0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x52, 0x06, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73,
+	0x12, 0x64, 0x0a, 0x14, 0x70, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x6c,
+	0x74, 0x68, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65,
+	0x63, 0x6b, 0x52, 0x12, 0x70, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74,
+	0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x74, 0x0a, 0x1c, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63,
+	0x65, 0x5f, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61,
+	0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x52, 0x1a, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e,
+	0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5b, 0x0a, 0x11,
+	0x6d, 0x65, 0x73, 0x68, 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x6d, 0x6f, 0x64,
+	0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74,
+	0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x68, 0x47, 0x61,
+	0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0xa3, 0x01, 0x0a, 0x0e, 0x55, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x27, 0x0a, 0x0f,
+	0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e,
+	0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x05, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63,
+	0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e,
+	0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22,
+	0xaa, 0x01, 0x0a, 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74,
+	0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76,
+	0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x21, 0x0a,
+	0x0c, 0x6d, 0x61, 0x78, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x61, 0x78, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73,
+	0x12, 0x3a, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f,
+	0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x0d, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f,
+	0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x42, 0xa3, 0x02, 0x0a,
+	0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x42, 0x1b, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d,
+	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73,
+	0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa,
+	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02,
+	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescData = file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
+var file_pbmesh_v1alpha1_upstreams_configuration_proto_goTypes = []interface{}{
+	(*UpstreamsConfiguration)(nil),    // 0: hashicorp.consul.mesh.v1alpha1.UpstreamsConfiguration
+	(*UpstreamConfigOverrides)(nil),   // 1: hashicorp.consul.mesh.v1alpha1.UpstreamConfigOverrides
+	(*UpstreamConfig)(nil),            // 2: hashicorp.consul.mesh.v1alpha1.UpstreamConfig
+	(*UpstreamLimits)(nil),            // 3: hashicorp.consul.mesh.v1alpha1.UpstreamLimits
+	(*PassiveHealthCheck)(nil),        // 4: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck
+	(*v1alpha1.WorkloadSelector)(nil), // 5: hashicorp.consul.catalog.v1alpha1.WorkloadSelector
+	(*pbresource.Reference)(nil),      // 6: hashicorp.consul.resource.Reference
+	(v1alpha1.Protocol)(0),            // 7: hashicorp.consul.catalog.v1alpha1.Protocol
+	(*durationpb.Duration)(nil),       // 8: google.protobuf.Duration
+	(BalanceConnections)(0),           // 9: hashicorp.consul.mesh.v1alpha1.BalanceConnections
+	(MeshGatewayMode)(0),              // 10: hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
+}
+var file_pbmesh_v1alpha1_upstreams_configuration_proto_depIdxs = []int32{
+	5,  // 0: hashicorp.consul.mesh.v1alpha1.UpstreamsConfiguration.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
+	2,  // 1: hashicorp.consul.mesh.v1alpha1.UpstreamsConfiguration.default_config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
+	1,  // 2: hashicorp.consul.mesh.v1alpha1.UpstreamsConfiguration.config_overrides:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfigOverrides
+	6,  // 3: hashicorp.consul.mesh.v1alpha1.UpstreamConfigOverrides.destination_ref:type_name -> hashicorp.consul.resource.Reference
+	2,  // 4: hashicorp.consul.mesh.v1alpha1.UpstreamConfigOverrides.config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
+	7,  // 5: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.protocol:type_name -> hashicorp.consul.catalog.v1alpha1.Protocol
+	8,  // 6: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.connect_timeout:type_name -> google.protobuf.Duration
+	3,  // 7: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.limits:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamLimits
+	4,  // 8: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.passive_health_check:type_name -> hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck
+	9,  // 9: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.balance_outbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceConnections
+	10, // 10: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
+	8,  // 11: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck.interval:type_name -> google.protobuf.Duration
+	12, // [12:12] is the sub-list for method output_type
+	12, // [12:12] is the sub-list for method input_type
+	12, // [12:12] is the sub-list for extension type_name
+	12, // [12:12] is the sub-list for extension extendee
+	0,  // [0:12] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_upstreams_configuration_proto_init() }
+func file_pbmesh_v1alpha1_upstreams_configuration_proto_init() {
+	if File_pbmesh_v1alpha1_upstreams_configuration_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_connection_proto_init()
+	file_pbmesh_v1alpha1_routing_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UpstreamsConfiguration); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UpstreamConfigOverrides); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UpstreamConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UpstreamLimits); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PassiveHealthCheck); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   5,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_upstreams_configuration_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_upstreams_configuration_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_upstreams_configuration_proto = out.File
+	file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_upstreams_configuration_proto_goTypes = nil
+	file_pbmesh_v1alpha1_upstreams_configuration_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto b/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
new file mode 100644
index 000000000000..9124528e2d90
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
@@ -0,0 +1,103 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "google/protobuf/duration.proto";
+import "pbcatalog/v1alpha1/protocol.proto";
+import "pbcatalog/v1alpha1/selector.proto";
+import "pbmesh/v1alpha1/connection.proto";
+import "pbmesh/v1alpha1/routing.proto";
+import "pbresource/resource.proto";
+
+message UpstreamsConfiguration {
+  // Selection of workloads these upstreams should apply to.
+  // These can be prefixes or specific workload names.
+  hashicorp.consul.catalog.v1alpha1.WorkloadSelector workloads = 1;
+
+  // default_config applies to all upstreams for the workloads selected by this resource.
+  UpstreamConfig default_config = 2;
+
+  // config_overrides provides per-upstream or per-upstream-port config overrides.
+  repeated UpstreamConfigOverrides config_overrides = 3;
+}
+
+// UpstreamConfigOverrides allow to override upstream configuration per destination_ref/port/datacenter.
+// In that sense, those three fields (destination_ref, destination_port and datacenter) are treated
+// sort of like map keys and config is a like a map value for that key.
+message UpstreamConfigOverrides {
+  // destination_ref is the reference to an upstream service that this configuration applies to.
+  // This has to be pbcatalog.Service type.
+  hashicorp.consul.resource.Reference destination_ref = 1;
+
+  // destination_port is the port name of the upstream service. This should be the name
+  // of the service's target port. If not provided, this configuration will apply to all ports of an upstream.
+  string destination_port = 2;
+
+  // datacenter is the datacenter for where this upstream service lives.
+  string datacenter = 3;
+
+  // config is the configuration that should apply to this upstream.
+  UpstreamConfig config = 4;
+}
+
+message UpstreamConfig {
+  // protocol overrides upstream's port protocol. If no port for an upstream is specified
+  // or if used in the default configuration, this protocol will be used for all ports
+  // or for all ports of all upstreams respectively.
+  hashicorp.consul.catalog.v1alpha1.Protocol protocol = 1;
+
+  // connect_timeout is the timeout used when making a new
+  // connection to this upstream. Defaults to 5 seconds if not set.
+  google.protobuf.Duration connect_timeout = 2;
+
+  // limits are the set of limits that are applied to the proxy for a specific upstream.
+  UpstreamLimits limits = 3;
+
+  // passive_health_check configuration determines how upstream proxy instances will
+  // be monitored for removal from the load balancing pool.
+  PassiveHealthCheck passive_health_check = 4;
+
+  // balance_outbound_connections indicates how the proxy should attempt to distribute
+  // connections across worker threads.
+  BalanceConnections balance_outbound_connections = 5;
+
+  // MeshGatewayMode is the Mesh Gateway routing mode.
+  MeshGatewayMode mesh_gateway_mode = 6;
+}
+
+// UpstreamLimits describes the limits that are associated with a specific
+// upstream of a service instance.
+message UpstreamLimits {
+  // max_connections is the maximum number of connections the local proxy can
+  // make to the upstream service.
+  int32 max_connections = 1;
+
+  // max_pending_requests is the maximum number of requests that will be queued
+  // waiting for an available connection. This is mostly applicable to HTTP/1.1
+  // clusters since all HTTP/2 requests are streamed over a single
+  // connection.
+  int32 max_pending_requests = 2;
+
+  // max_concurrent_requests is the maximum number of in-flight requests that will be allowed
+  // to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
+  // clusters since all HTTP/1.1 requests are limited by MaxConnections.
+  int32 max_concurrent_requests = 3;
+}
+
+message PassiveHealthCheck {
+  // interval between health check analysis sweeps. Each sweep may remove
+  // hosts or return hosts to the pool.
+  google.protobuf.Duration interval = 1;
+
+  // max_failures is the count of consecutive failures that results in a host
+  // being removed from the pool.
+  uint32 max_failures = 2;
+
+  // enforcing_consecutive_5xx is the % chance that a host will be actually ejected
+  // when an outlier status is detected through consecutive 5xx.
+  // This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
+  uint32 enforcing_consecutive_5xx = 3;
+}

From a2c6953d0d9ff5b988550e6c0d8f005e80b5f28d Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Thu, 13 Jul 2023 13:26:35 -0600
Subject: [PATCH 164/359] [NET-4895] ci - api tests and consul container tests
 error because of dependency bugs with go 1.20.6.  Pin go to 1.20.5. (#18124)

### Description
The following jobs started failing when go 1.20.6 was released:
- `go-test-api-1-19`
- `go-test-api-1-20`
- `compatibility-integration-tests`
- `upgrade-integration-tests`

`compatibility-integration-tests` and `compatibility-integration-tests`
to this testcontainers issue:
https://github.com/testcontainers/testcontainers-go/issues/1359. This
issue calls for testcontainers to release a new version when one of
their dependencies is fixed. When that is done, we will unpin the go
versions in `compatibility-integration-tests` and
`compatibility-integration-tests`.

### Testing & Reproduction steps

See these jobs broken in CI and then see them work with this PR.

---------

Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
---
 .github/workflows/go-tests.yml          |  8 ++++++++
 .github/workflows/reusable-unit.yml     | 10 ++++++++++
 .github/workflows/test-integrations.yml | 12 ++++++++++--
 3 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 9baf90c505ed..be773c2b0e06 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -376,6 +376,7 @@ jobs:
       runs-on: ${{ needs.setup.outputs.compute-xl }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
+      go-version: "1.19.10"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
       contents: read
@@ -394,6 +395,12 @@ jobs:
       runs-on: ${{ needs.setup.outputs.compute-xl }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
+      # pinning this to 1.20.5 because this issue in go-testcontainers occurs
+      # in 1.20.6 with the error "http: invalid Host header, host port waiting failed"
+      # https://github.com/testcontainers/testcontainers-go/issues/1359
+      # remove setting this when the above issue is fixed so that the reusable
+      # job will just get the go version from go.mod.
+      go-version: "1.20.5"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
       contents: read
@@ -412,6 +419,7 @@ jobs:
       runs-on: ${{ needs.setup.outputs.compute-xl }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
+      go-version: "1.19"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
       contents: read
diff --git a/.github/workflows/reusable-unit.yml b/.github/workflows/reusable-unit.yml
index c066cad3f48d..7442b06c33b5 100644
--- a/.github/workflows/reusable-unit.yml
+++ b/.github/workflows/reusable-unit.yml
@@ -33,6 +33,10 @@ on:
         required: false
         type: string
         default: ""
+      go-version:
+        required: false
+        type: string
+        default: ""
     secrets:
       elevated-github-token:
         required: true
@@ -59,6 +63,12 @@ jobs:
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
         run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        if: ${{ inputs.go-version != '' }}
+        with:
+          go-version: ${{ inputs.go-version }}
+          cache: true
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        if: ${{ inputs.go-version == '' }}
         with:
           go-version-file: 'go.mod'
           cache: true
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 263a2e41e4ae..1a3876855d5e 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -372,7 +372,11 @@ jobs:
         run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
-          go-version-file: 'go.mod'
+          # pinning this to 1.20.5 because this issue in go-testcontainers occurs
+          # in 1.20.6 with the error "http: invalid Host header, host port waiting failed"
+          # https://github.com/testcontainers/testcontainers-go/issues/1359
+          # go-version-file: 'go.mod'
+          go-version: '1.20.5'
       - run: go env
       - name: docker env
         run: |
@@ -487,7 +491,11 @@ jobs:
         run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
-          go-version-file: 'go.mod'
+          # pinning this to 1.20.5 because this issue in go-testcontainers occurs
+          # in 1.20.6 with the error "http: invalid Host header, host port waiting failed"
+          # https://github.com/testcontainers/testcontainers-go/issues/1359
+          # go-version-file: 'go.mod'
+          go-version: '1.20.5'
       - run: go env
 
       # Get go binary from workspace

From 68863b42f845849500662e499334bf381f4fcb60 Mon Sep 17 00:00:00 2001
From: Jeff Apple <79924108+Jeff-Apple@users.noreply.github.com>
Date: Thu, 13 Jul 2023 15:17:32 -0700
Subject: [PATCH 165/359] Add ingress gateway deprecation notices to docs
 (#18102)

### Description

This adds notices, that ingress gateway is deprecated, to several places
in the product docs where ingress gateway is the topic.

### Testing & Reproduction steps

Tested with a local copy of the website.

### Links

Deprecation of ingress gateway was announced in the Release Notes for
Consul 1.16 and Consul-K8s 1.2. See:

[https://developer.hashicorp.com/consul/docs/release-notes/consul/v1_16_x#what-s-deprecated](https://developer.hashicorp.com/consul/docs/release-notes/consul/v1_16_x#what-s-deprecated
)

[https://developer.hashicorp.com/consul/docs/release-notes/consul-k8s/v1_2_x#what-s-deprecated](https://developer.hashicorp.com/consul/docs/release-notes/consul-k8s/v1_2_x#what-s-deprecated)

### PR Checklist

* [N/A] updated test coverage
* [X] external facing docs updated
* [X] appropriate backport labels added
* [X] not a security concern

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 .../content/docs/concepts/service-mesh.mdx    |  4 +--
 .../config-entries/ingress-gateway.mdx        |  8 +++++
 .../content/docs/connect/gateways/index.mdx   | 34 ++++++++++++++++---
 .../gateways/ingress-gateway/index.mdx        |  9 +++++
 .../docs/k8s/connect/ingress-gateways.mdx     |  9 ++++-
 5 files changed, 56 insertions(+), 8 deletions(-)

diff --git a/website/content/docs/concepts/service-mesh.mdx b/website/content/docs/concepts/service-mesh.mdx
index 2e793f2441c8..947984484e45 100644
--- a/website/content/docs/concepts/service-mesh.mdx
+++ b/website/content/docs/concepts/service-mesh.mdx
@@ -53,13 +53,13 @@ The API gateway will route the incoming requests to the respective service. The
 
 A service mesh specializes in the network management of services and the communication between services.
 The mesh is responsible for keeping track of services and their health status, IP address, and traffic routing and ensuring all traffic between services is authenticated and encrypted.
-Unlike API gateways, a service mesh will track all registered services' lifecycle and ensure requests are routed to healthy instances of the service.
+Unlike some API gateways, a service mesh will track all registered services' lifecycle and ensure requests are routed to healthy instances of the service.
 API gateways are frequently deployed alongside a load balancer to ensure traffic is directed to healthy and available instances of the service.
 The mesh reduces the load balancer footprint as routing responsibilities are handled in a decentralized manner.
 
 API gateways can be used with a service mesh to bridge external networks (non-mesh) with a service mesh.
 
--> **API gateways and traffic direction:** API gateways are often used to accept north-south traffic. North-south traffic is networking traffic that either enters or exits a data center or a virtual private network (VPC).
+-> **API gateways and traffic direction:** API gateways are often used to accept north-south traffic. North-south traffic is networking traffic that either enters or exits a datacenter or a virtual private network (VPC). You can connect API gateways to a service mesh and provide access to it from outside the mesh.
 A service mesh is primarily used for handling east-west traffic. East-west traffic traditionally remains inside a data center or a VPC.
 A service mesh can be connected to another service mesh in another data center or VPC to form a federated mesh.
 
diff --git a/website/content/docs/connect/config-entries/ingress-gateway.mdx b/website/content/docs/connect/config-entries/ingress-gateway.mdx
index dc36c9fb0b38..63d990f9d864 100644
--- a/website/content/docs/connect/config-entries/ingress-gateway.mdx
+++ b/website/content/docs/connect/config-entries/ingress-gateway.mdx
@@ -7,6 +7,14 @@ description: >-
 
 # Ingress gateway configuration entry reference
 
+<Note>
+
+Ingress gateway is deprecated and will not be enhanced beyond its current capabilities. Ingress gateway is fully supported in this version but will be removed in a future release of Consul.
+
+Consul's API gateway is the recommended alternative to ingress gateway.
+
+</Note>
+
 This topic provides configuration reference information for the ingress gateway configuration entry. An ingress gateway is a type of proxy you register as a service in Consul to enable network connectivity from external services to services inside of the service mesh. Refer to [Ingress gateways overview](/consul/docs/connect/gateways/ingress-gateway) for additional information. 
 
 ## Configuration model
diff --git a/website/content/docs/connect/gateways/index.mdx b/website/content/docs/connect/gateways/index.mdx
index b333615c4ed0..0a002523af14 100644
--- a/website/content/docs/connect/gateways/index.mdx
+++ b/website/content/docs/connect/gateways/index.mdx
@@ -17,8 +17,6 @@ This topic provides an overview of the gateway features shipped with Consul. Gat
 
 ## Mesh Gateways
 
--> **1.6.0+:** This feature is available in Consul versions 1.6.0 and newer.
-
 Mesh gateways enable service mesh traffic to be routed between different Consul datacenters and admin partitions. The datacenters or partitions can reside
 in different clouds or runtime environments where general interconnectivity between all services in all datacenters
 isn't feasible.
@@ -35,9 +33,37 @@ Mesh gateways enable the following scenarios:
 
 -> **Mesh gateway tutorial**: Follow the [mesh gateway tutorial](/consul/tutorials/developer-mesh/service-mesh-gateways) to learn concepts associated with mesh gateways.
 
+## API Gateways
+
+API gateways enable network access, from outside a service mesh, to services running in a Consul service mesh. The
+systems accessing the services in the mesh, may be within your organizational network or external to it. This type of
+network traffic is commonly called _north-south_ network traffic because it refers to the flow of data into and out of
+a specific environment.
+
+API gateways solve the following primary use cases:
+
+- **Control access at the point of entry**: Set the protocols of external connection
+  requests and secure inbound connections with TLS certificates from trusted
+  providers, such as Verisign and Let's Encrypt.
+- **Simplify traffic management**: Load balance requests across services and route
+  traffic to the appropriate service by matching one or more criteria, such as
+  hostname, path, header presence or value, and HTTP method.
+
+Refer to the following documentation for information on how to configure and deploy API gateways:
+- [API Gateways on VMs](/consul/docs/connect/gateways/api-gateway/usage)
+- [API Gateways for Kubernetes](/consul/docs/api-gateway).
+
+
 ## Ingress Gateways
 
--> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.
+<Note>
+
+Ingress gateway is deprecated and will not be enhanced beyond its current capabilities. Ingress gateway is fully supported
+in this version but will be removed in a future release of Consul.
+
+Consul's API gateway is the recommended alternative to ingress gateway.
+
+</Note>
 
 Ingress gateways enable connectivity within your organizational network from services outside the Consul service mesh
 to services in the mesh. To accept ingress traffic from the public internet, use Consul's
@@ -56,8 +82,6 @@ and the [ingress gateway tutorial](/consul/tutorials/developer-mesh/service-mesh
 
 ## Terminating Gateways
 
--> **1.8.0+:** This feature is available in Consul versions 1.8.0 and newer.
-
 Terminating gateways enable connectivity within your organizational network from services in the Consul service mesh
 to services outside the mesh.
 Services outside the mesh do not have sidecar proxies or are not [integrated natively](/consul/docs/connect/native).
diff --git a/website/content/docs/connect/gateways/ingress-gateway/index.mdx b/website/content/docs/connect/gateways/ingress-gateway/index.mdx
index 6d686c2c737b..3f0b4ea836f9 100644
--- a/website/content/docs/connect/gateways/ingress-gateway/index.mdx
+++ b/website/content/docs/connect/gateways/ingress-gateway/index.mdx
@@ -11,6 +11,15 @@ An ingress gateway is a type of proxy that enables network connectivity from ext
 
 ![Ingress Gateway Architecture](/img/ingress-gateways.png)
 
+<Note>
+
+Ingress gateway is deprecated and will not be enhanced beyond its current capabilities. Ingress gateway is fully supported
+in this version but will be removed in a future release of Consul.
+
+Consul's API gateway is the recommended alternative to ingress gateway.
+
+</Note>
+
 ## Workflow
 
 The following stages describe how to add an ingress gateway to your service mesh: 
diff --git a/website/content/docs/k8s/connect/ingress-gateways.mdx b/website/content/docs/k8s/connect/ingress-gateways.mdx
index 8deab0e03750..be1d8e297d2e 100644
--- a/website/content/docs/k8s/connect/ingress-gateways.mdx
+++ b/website/content/docs/k8s/connect/ingress-gateways.mdx
@@ -7,7 +7,14 @@ description: >-
 
 # Configure Ingress Gateways for Consul on Kubernetes
 
--> 1.9.0+: This feature is available in Consul versions 1.9.0 and higher
+<Note>
+
+Ingress gateway is deprecated and will not be enhanced beyond its current capabilities. Ingress gateway is fully supported
+in this version but will be removed in a future release of Consul.
+
+Consul's API gateway is the recommended alternative to ingress gateway.
+
+</Note>
 
 ~> This topic requires familiarity with [Ingress Gateways](/consul/docs/connect/gateways/ingress-gateway).
 

From 2229206bbe7f863bf2603d45e87a3a19bff7e3f2 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Fri, 14 Jul 2023 07:10:42 -0400
Subject: [PATCH 166/359] Add docs for jwt cluster configuration (#18004)

### Description

<!-- Please describe why you're making this change, in plain English.
-->

- Add jwt-provider docs for jwks cluster configuration. The
configuration was added here:
https://github.com/hashicorp/consul/pull/17978
---
 .../connect/config-entries/jwt-provider.mdx   | 255 ++++++++++++++++++
 1 file changed, 255 insertions(+)

diff --git a/website/content/docs/connect/config-entries/jwt-provider.mdx b/website/content/docs/connect/config-entries/jwt-provider.mdx
index 8867a3e4f972..8716dde8c23f 100644
--- a/website/content/docs/connect/config-entries/jwt-provider.mdx
+++ b/website/content/docs/connect/config-entries/jwt-provider.mdx
@@ -28,6 +28,18 @@ The following list outlines field hierarchy, language-specific data types, and r
     - [`RequestTimeoutMs`](#jsonwebkeyset-remote-requesttimeoutms): integer
     - [`CacheDuration`](#jsonwebkeyset-remote-cacheduration): string | `5m`
     - [`FetchAsynchronously`](#jsonwebkeyset-remote-fetchasynchronously): boolean | `false`
+    - [`JWKSCluster`](#jsonwebkeyset-remote-jwkscluster): map
+      - [`DiscoveryType`](#jsonwebkeyset-remote-jwkscluster-discoverytype): string | `STRICT_DNS`
+      - [`ConnectTimeout`](#jsonwebkeyset-remote-jwkscluster-connecttimeout): string | `5s`
+      - [`TLSCertificates`](#jsonwebkeyset-remote-jwkscluster-tlscertificates): map
+        - [`CaCertificateProviderInstance`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-cacertificateproviderinstance): map
+          - [`InstanceName`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-cacertificateproviderinstance): string | `default`
+          - [`CertificateName`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-cacertificateproviderinstance): string
+        - [`TrustedCA`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca): map
+          - [`Filename`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca): string
+          - [`EnvironmentVariable`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca): string
+          - [`InlineString`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca): string
+          - [`InlineBytes`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca): string
     - [`RetryPolicy`](#jsonwebkeyset-remote-retrypolicy): map
       - [`NumRetries`](#jsonwebkeyset-remote-retrypolicy-numretries): integer | `0`
       - [`RetryPolicyBackoff`](#jsonwebkeyset-remote-retrypolicy-retry-policy-backoff): map
@@ -75,6 +87,18 @@ The following list outlines field hierarchy, language-specific data types, and r
         - [`retryPolicyBackoff`](#spec-jsonwebkeyset-remote-retrypolicy-retry-policy-backoff): map
           - [`baseInterval`](#spec-jsonwebkeyset-remote-retrypolicy-retry-policy-backoff): string
           - [`maxInterval`](#spec-jsonwebkeyset-remote-retrypolicy-retry-policy-backoff): string
+      - [`jwksCluster`](#spec-jsonwebkeyset-remote-jwkscluster): map
+        - [`discoveryType`](#spec-jsonwebkeyset-remote-jwkscluster-discoverytype): string | `STRICT_DNS`
+        - [`connectTimeout`](#spec-jsonwebkeyset-remote-jwkscluster-connecttimeout): string | `5s`
+        - [`tlsCertificates`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates): map
+          - [`caCertificateProviderInstance`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-cacertificateproviderinstance): map
+            - [`instanceName`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-cacertificateproviderinstance): string | `default`
+            - [`certificateName`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-cacertificateproviderinstance): string
+          - [`trustedCA`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca): map
+            - [`filename`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca): string
+            - [`environmentVariable`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca): string
+            - [`inlineString`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca): string
+            - [`inlineBytes`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca): string
   - [`audiences`](#spec-audiences): list of strings
   - [`locations`](#spec-locations): list of maps
     - [`header`](#spec-locations-header): map
@@ -126,8 +150,29 @@ JSONWebKeySet = {
               MaxInterval = "10s"
             }
           }
+          JWKSCluster = {
+            DiscoveryType = "STATIC"
+            ConnectTimeout = "10s"
+            # specify only one child: TrustedCA or CaCertificateProviderInstance
+            TLSCertificates = {
+              # specify only one child: Filename, EnvironmentVariable, InlineString or InlineBytes
+              TrustedCA = {                                
+                Filename = "<path/to/cert/file>"
+                EnvironmentVariable = "<env-variable>"
+                InlineString = "<inline-string>"
+                InlineBytes = "\302\000\302\302\302\302"
+              }
+            }
+            TLSCertificates = {
+              CaCertificateProviderInstance = {
+                InstanceName = "<instance-name>"
+                CertificateName = "<certificate-name>"
+              }
+            }
+          }
         }
       }
+
 Audiences = ["<aud-claims>"]
 Locations = [
     {
@@ -185,6 +230,25 @@ CacheConfig = {
               "BaseInterval": "1s",
               "MaxInterval": "10s"
             }
+          },
+          "JWKSCluster": {
+            "DiscoveryType": "STATIC",
+            "ConnectTimeout": "10s",
+            // specify only one child: TrustedCA or CaCertificateProviderInstance
+            "TLSCertificates": {
+              // specify only one child: Filename, EnvironmentVariable, InlineString or InlineBytes
+              "TrustedCA": {
+                "Filename": "<path/to/cert/file>",
+                "EnvironmentVariable": "<env-variable>",
+                "InlineString": "<inline-string>",      
+                "InlineBytes": "\302\000\302\302\302\302"
+            },
+            "TLSCertificates": {
+              "CaCertificateProviderInstance": {
+                "InstanceName": "<instance-name>",
+                "CertificateName": "<certificate-name>"
+              }
+            }
           }
         }
 },
@@ -246,6 +310,21 @@ spec:                                             # required
         retryPolicyBackoff:
           baseInterval: 1s
           maxInterval: 10s
+      jwksCluster:
+        discoveryType: STATIC
+        connectTimeout: 10s
+        # specify only one child: trustedCA or caCertificateProviderInstance
+        tlsCertificates:
+          # specify only one child: filename, environmentVariable, inlineString or inlineBytes
+          trustedCA:
+            filename: <path/to/cert/file>           
+            environmentVariable: <env-variable>
+            inlineString: <inline-string>
+            inlineBytes: \302\000\302\302\302\302   
+        tlsCertificates:
+          caCertificateProviderInstance:
+            instanceName: <instance-name>
+            certificateName: <certificate-name>
   audiences: [<aud-claims>]
   locations: 
     header: 
@@ -360,6 +439,7 @@ Specifies a remote source for the JSON Web Key Set and configures behavior when
   - [`CacheDuration`](#jsonwebkeyset-remote-cacheduration) 
   - [`FetchAsynchronously`](#jsonwebkeyset-remote-fetchasynchronously)
   - [`RetryPolicy`](#jsonwebkeyset-remote-retrypolicy)
+  - [`JWKSCluster`](#jsonwebkeyset-remote-jwkscluster)
 
 ### `JSONWebKeySet{}.Remote{}.URI`
 
@@ -436,6 +516,93 @@ Specifies a jittered exponential backoff strategy. When this field is empty, Env
 | `BaseInterval`| Specifies the base interval to use for the next back off computation. | String | `1s` |
 | `MaxInterval` | Specifies the maximum interval between retries. By default, this value is 10 times `BaseInterval`. | String | `10s` |
 
+### `JSONWebKeySet{}.Remote{}.JWKSCluster`
+
+Defines how Envoy fetches the remote JSON Web Key Set URI.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+  - [`DiscoveryType`](#jsonwebkeyset-remote-jwkscluster-discoverytype)
+  - [`ConnectTimeout`](#jsonwebkeyset-remote-jwkscluster-connecttimeout)
+  - [`TLSCertificates`](#jsonwebkeyset-remote-jwkscluster-tlscertificates)
+
+
+### `JSONWebKeySet{}.Remote{}.JWKSCluster{}.DiscoveryType`
+
+Specifies the service discovery type to use for resolving the cluster.
+You can specify the following discovery types:
+- `STRICT_DNS` 
+- `STATIC` 
+- `LOGICAL_DNS` 
+- `EDS` 
+- `ORIGINAL_DST`
+
+#### Values
+
+- Default: `STRICT_DNS`
+- Data type: String
+
+### `JSONWebKeySet{}.Remote{}.JWKSCluster{}.ConnectTimeout`
+
+Specifies the duration of time new network connections attempt to connect to hosts in the cluster before they timeout.
+
+#### Values
+
+- Default: `5s`
+- Data type: String
+
+### `JSONWebKeySet{}.Remote{}.JWKSCluster{}.TLSCertificates`
+
+Specifies the data containing certificate authority certificates to use for verifying a presented peer certificate.
+Envoy does not verify certificates that peers present if this field is not configured.
+
+You cannot specify [`TLSCertificates{}.CaCertificateProviderInstance`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-cacertificateproviderinstance) and [`TLSCertificates{}.TrustedCA`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca) in the same map.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+  - [`CaCertificateProviderInstance`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-cacertificateproviderinstance)
+  - [`TrustedCA`](#jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca)
+
+### `JSONWebKeySet{}.Remote{}.JWKSCluster{}.TLSCertificates{}.CaCertificateProviderInstance`
+
+Speficies the certificate provider instance for fetching TLS certificates.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+| Parameter | Description                                        | Data type | Default value |
+| :-------- | :------------------------------------------------- | :-------- | :------------ |
+| `InstanceName`| Refers to the certificate provider instance name. | String | `default` |
+| `CertificateName` | Specifies the certificate instances or types. For example, use `ROOTCA` to specify a root-certificate. | String | None |
+ 
+### `JSONWebKeySet{}.Remote{}.JWKSCluster{}.TLSCertificates{}.TrustedCA`
+
+Specifies TLS certificate data containing certificate authority certificates. Specify exactly one of the following data holders:
+- `Filename` 
+- `EnvironmentVariable` 
+- `InlineString` 
+- `InlineBytes`
+
+#### Values
+
+- Default: None
+- Data type: Map containing one of the following parameters:
+
+| Parameter | Description                                        | Data type | Default value |
+| :-------- | :------------------------------------------------- | :-------- | :------------ |
+| `Filename`| The name of the file on the local system to use a data source for trusted CA certificates. | String | None |
+| `EnvironmentVariable` | The environment variable on the local system to use a data source for trusted CA certificates. | String | None |
+| `InlineString` | A string to inline in the configuration for use as a data source for trusted CA certificates. | String    | None |
+| `InlineBytes` | A sequence of bytes to inline in the configuration for use as a data source for trusted CA certificates. | String | None |
+
 ### `Audiences`
 
 Specifies a set of audiences that the JWT is allowed to access, formatted as a list of `aud` (audience) claims. When this field is specified, all JWTs verified with the provider must address at least one of the audiences in order to be considered valid.
@@ -794,6 +961,94 @@ Specifies a jittered exponential backoff strategy. When this field is empty, Env
 | `baseInterval`| Specifies the base interval to use for the next back off computation. | String | `1s` |
 | `maxInterval` | Specifies the maximum interval between retries. By default, this value is 10 times `BaseInterval`. | String | `10s` |
 
+### `spec.jsonWebKeySet.remote.jwksCluster`
+
+Defines how Envoy fetches the remote JSON Web Key Set URI.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+  - [`discoveryType`](#spec-jsonwebkeyset-remote-jwkscluster-discoverytype)
+  - [`connectTimeout`](#spec-jsonwebkeyset-remote-jwkscluster-connecttimeout)
+  - [`tlsCertificates`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates)
+
+### `spec.jsonWebKeySet.remote.jwksCluster.discoveryType`
+
+Specifies the service discovery type to use for resolving the cluster.
+You can specify the following discovery types: 
+- `STRICT_DNS` 
+- `STATIC` 
+- `LOGICAL_DNS` 
+- `EDS` 
+- `ORIGINAL_DST`
+
+String values must be a valid [Cluster DiscoveryType](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-enum-config-cluster-v3-cluster-discoverytype).
+
+#### Values
+
+- Default: `STRICT_DNS`
+- Data type: String
+
+### `spec.jsonWebKeySet.remote.jwksCluster.connectTimeout`
+
+Specifies the timeout for new network connections to hosts in the cluster.
+
+#### Values
+
+- Default: `5s`
+- Data type: String
+
+### `spec.jsonWebKeySet.remote.jwksCluster.tlsCertificates`
+
+Specifies the data containing certificate authority certificates to use for verifying a presented peer certificate.
+Envoy does not verify certificates that peers present if this field is not configured.
+
+You cannot specify [`spec.tlsCertificates.caCertificateProviderInstance`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-cacertificateproviderinstance) and [`spec.tlsCertificates.trustedCA`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca) in the same map.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+  - [`caCertificateProviderInstance`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-cacertificateproviderinstance)
+  - [`trustedCA`](#spec-jsonwebkeyset-remote-jwkscluster-tlscertificates-trustedca)
+
+### `spec.jsonWebKeySet.remote.jwksCluster.tlsCertificates.caCertificateProviderInstance`
+
+Speficies the certificate provider instance for fetching TLS certificates.
+
+#### Values
+
+- Default: None
+- Data type: Map that can contain the following parameters:
+
+| Parameter | Description                                        | Data type | Default value |
+| :-------- | :------------------------------------------------- | :-------- | :------------ |
+| `instanceName`| Refers to the certificate provider instance name. | String | `default` |
+| `certificateName` | Specifies the certificate instances or types. For example, use `ROOTCA` to specify a root-certificate. | String | None |
+ 
+### `spec.jsonWebKeySet.remote.jwksCluster.tlsCertificates.trustedCA`
+
+Specifies TLS certificate data containing certificate authority certificates. Specify exactly one of the following data holders:
+- `Filename` 
+- `EnvironmentVariable` 
+- `InlineString` 
+- `InlineBytes`
+
+#### Values
+
+- Default: None
+- Data type: Map containing one of the following parameters:
+
+| Parameter | Description                                        | Data type | Default value |
+| :-------- | :------------------------------------------------- | :-------- | :------------ |
+| `filename`| The name of the file on the local system to use a data source for trusted CA certificates. | String | None  |
+| `environmentVariable` | The environment variable on the local system to use a data source for trusted CA certificates. | String | None |
+| `inlineString` | A string to inline in the configuration for use as a data source for trusted CA certificates. | String | None |
+| `inlineBytes` | A sequence of bytes to inline in the configuration for use as a data source for trusted CA certificates. | String | None |
+
 ### `spec.audiences`
 
 Specifies a set of audiences that the JWT is allowed to access, formatted as a list of `aud` (audience) claims. When this field is specified, all JWTs verified with the provider must address at least one of the audiences in order to be considered valid.

From ad6364af9ed80ba7a41c569011c4505ae5298819 Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Fri, 14 Jul 2023 09:44:21 -0400
Subject: [PATCH 167/359] Docs: fix unmatched bracket for health checks page
 (#18134)

---
 website/content/docs/services/usage/checks.mdx | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/website/content/docs/services/usage/checks.mdx b/website/content/docs/services/usage/checks.mdx
index afbf53dcc99b..e72b219dd0bd 100644
--- a/website/content/docs/services/usage/checks.mdx
+++ b/website/content/docs/services/usage/checks.mdx
@@ -170,7 +170,7 @@ To enable script checks, you must first enable the agent to send external reques
    ```
    </CodeTabs>
 
-Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations. 
+Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations.
 
 ### Script check exit codes
 The following exit codes returned by the script check determine the health check status:
@@ -185,7 +185,7 @@ Any output of the script is captured and made available in the `Output` field of
 _HTTP_ checks send an HTTP request to the specified URL and report the service health based on the [HTTP response code](#http-check-response-codes). We recommend using HTTP checks over [script checks](#script-checks) that use cURL or another external process to check an HTTP operation. 
 
 ### HTTP check configuration
-Add an `http` field to the `check` block in your service definition file and specify the HTTP address, including port number, for the check to call. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations. 
+Add an `http` field to the `check` block in your service definition file and specify the HTTP address, including port number, for the check to call. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations.
 
 In the following example, an HTTP check named `HTTP API on port 5000` sends a `POST` request to the `health` endpoint every 10 seconds:
 
@@ -245,7 +245,7 @@ Responses larger than 4KB are truncated. The HTTP response determines the status
 TCP checks establish connections to the specified IPs or hosts. If the check successfully establishes a connection, the service status is reported as `success`. If the IP or host does not accept the connection, the service status is reported as `critical`. We recommend TCP checks over [script checks](#script-checks)  that use netcat or another external process to check a socket operation. 
 
 ### TCP check configuration
-Add a `tcp` field to the `check` block in your service definition file and specify the address, including port number, for the check to call. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations. 
+Add a `tcp` field to the `check` block in your service definition file and specify the address, including port number, for the check to call. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations.
 
 In the following example, a TCP check named `SSH TCP on port 22` attempts to connect to `localhost:22` every 10 seconds:
 
@@ -320,7 +320,7 @@ By default, UDP checks timeout at 10 seconds, but you can specify a custom timeo
 OSService checks if an OS service is running on the host. OSService checks support Windows services on Windows hosts or SystemD services on Unix hosts. The check logs the service as `healthy` if it is running. If the service is not running, the status is logged as `critical`. All other results are logged with `warning`. A `warning` status indicates that the check is not reliable because an issue is preventing it from determining the health of the service.
 
 ### OSService check configurations
-Add an `os_service` field to the `check` block in your service definition file and specify the name of the service to check. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference] for information about all health check configurations. 
+Add an `os_service` field to the `check` block in your service definition file and specify the name of the service to check. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations. 
 
 In the following example, an OSService check named `svcname-001 Windows Service Health` verifies that the `myco-svctype-svcname-001` service is running every 10 seconds:
 
@@ -363,7 +363,7 @@ TTL checks also persist their last known status to disk so that the Consul agent
 You can manually mark a service as unhealthy using the [`consul maint` CLI command](/consul/commands/maint) or [`agent/maintenance` HTTP API endpoint](/consul/api-docs/agent#enable-maintenance-mode), rather than waiting for a TTL health check if the `ttl` duration is high.
 
 ### TTL check configuration
-Add a `ttl` field to the `check` block in your service definition file and specify how long to wait for an update from the external process. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference] for information about all health check configurations. 
+Add a `ttl` field to the `check` block in your service definition file and specify how long to wait for an update from the external process. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations. 
 
 In the following example, a TTL check named `Web App Status` logs the application as `critical` if a status update is not received every 30 seconds:
 
@@ -450,7 +450,7 @@ check = {
 gRPC checks send a request to the specified endpoint. These checks are intended for applications that support the standard [gRPC health checking protocol](https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 
 
 ### gRPC check configuration
-Add a `grpc` field to the `check` block in your service definition file and specify the endpoint, including port number, for sending requests. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference] for information about all health check configurations. 
+Add a `grpc` field to the `check` block in your service definition file and specify the endpoint, including port number, for sending requests. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations. 
 
 In the following example, a gRPC check named `Service health status` probes the entire application by sending requests to `127.0.0.1:12345` every 10 seconds:
 
@@ -564,7 +564,7 @@ For aliased services on the same agent, the check monitors the local state witho
 For the blocking query, the alias check presents the ACL token set on the actual service or the token configured in the check definition. If neither are available, the alias check falls back to the default ACL token set for the agent. Refer to [`acl.tokens.default`](/consul/docs/agent/config/config-files#acl_tokens_default) for additional information about the default ACL token.
 
 ### Alias checks configuration
-Add an `alias_service` field to the `check` block in your service definition file and specify the name of the service or node to alias. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference] for information about all health check configurations.
+Add an `alias_service` field to the `check` block in your service definition file and specify the name of the service or node to alias. All other fields are optional. Refer to [Health Checks Configuration Reference](/consul/docs/services/configuration/checks-configuration-reference) for information about all health check configurations.
 
 In the following example, an alias check with the ID `web-alias` reports the health state of the `web` service:
 

From 5208ea90e41c8ee91b4b47d42ef9381b6c55f253 Mon Sep 17 00:00:00 2001
From: Poonam Jadhav <poonam.jadhav@hashicorp.com>
Date: Fri, 14 Jul 2023 14:09:02 -0400
Subject: [PATCH 168/359] NET-4657/add resource service client (#18053)

### Description

<!-- Please describe why you're making this change, in plain English.
-->
Dan had already started on this
[task](https://github.com/hashicorp/consul/pull/17849) which is needed
to start building the HTTP APIs. This just needed some cleanup to get it
ready for review.

Overview:

- Rename `internalResourceServiceClient` to
`insecureResourceServiceClient` for name consistency
- Configure a `secureResourceServiceClient` with auth enabled

### PR Checklist

* [ ] ~updated test coverage~
* [ ] ~external facing docs updated~
* [x] appropriate backport labels added
* [ ] ~not a security concern~
---
 agent/acl_test.go      |  4 +++
 agent/agent.go         |  4 +++
 agent/consul/client.go | 15 ++++++++
 agent/consul/server.go | 78 +++++++++++++++++++++++++++++++++---------
 4 files changed, 85 insertions(+), 16 deletions(-)

diff --git a/agent/acl_test.go b/agent/acl_test.go
index 40662231ac36..5e5969dd6472 100644
--- a/agent/acl_test.go
+++ b/agent/acl_test.go
@@ -22,6 +22,7 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/lib"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/types"
 
@@ -163,6 +164,9 @@ func (a *TestACLAgent) Stats() map[string]map[string]string {
 func (a *TestACLAgent) ReloadConfig(_ consul.ReloadableConfig) error {
 	return fmt.Errorf("Unimplemented")
 }
+func (a *TestACLAgent) ResourceServiceClient() pbresource.ResourceServiceClient {
+	return nil
+}
 
 func TestACL_Version8EnabledByDefault(t *testing.T) {
 	t.Parallel()
diff --git a/agent/agent.go b/agent/agent.go
index 881b94209d84..ef6559235205 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -71,6 +71,7 @@ import (
 	"github.com/hashicorp/consul/lib/mutex"
 	"github.com/hashicorp/consul/lib/routine"
 	"github.com/hashicorp/consul/logging"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/pboperator"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 	"github.com/hashicorp/consul/tlsutil"
@@ -198,6 +199,9 @@ type delegate interface {
 
 	RPC(ctx context.Context, method string, args interface{}, reply interface{}) error
 
+	// ResourceServiceClient is a client for the gRPC Resource Service.
+	ResourceServiceClient() pbresource.ResourceServiceClient
+
 	SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, replyFn structs.SnapshotReplyFn) error
 	Shutdown() error
 	Stats() map[string]map[string]string
diff --git a/agent/consul/client.go b/agent/consul/client.go
index e4a3f83324a1..256e0e58e379 100644
--- a/agent/consul/client.go
+++ b/agent/consul/client.go
@@ -25,6 +25,7 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/logging"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/tlsutil"
 	"github.com/hashicorp/consul/types"
 )
@@ -93,6 +94,9 @@ type Client struct {
 	EnterpriseClient
 
 	tlsConfigurator *tlsutil.Configurator
+
+	// resourceServiceClient is a client for the gRPC Resource Service.
+	resourceServiceClient pbresource.ResourceServiceClient
 }
 
 // NewClient creates and returns a Client
@@ -151,6 +155,13 @@ func NewClient(config *Config, deps Deps) (*Client, error) {
 	}
 	c.router = deps.Router
 
+	conn, err := deps.GRPCConnPool.ClientConn(deps.ConnPool.Datacenter)
+	if err != nil {
+		c.Shutdown()
+		return nil, fmt.Errorf("Failed to get gRPC client connection: %w", err)
+	}
+	c.resourceServiceClient = pbresource.NewResourceServiceClient(conn)
+
 	// Start LAN event handlers after the router is complete since the event
 	// handlers depend on the router and the router depends on Serf.
 	go c.lanEventHandler()
@@ -451,3 +462,7 @@ func (c *Client) AgentEnterpriseMeta() *acl.EnterpriseMeta {
 func (c *Client) agentSegmentName() string {
 	return c.config.Segment
 }
+
+func (c *Client) ResourceServiceClient() pbresource.ResourceServiceClient {
+	return c.resourceServiceClient
+}
diff --git a/agent/consul/server.go b/agent/consul/server.go
index 6bb424c67535..2cfe9cb0aae8 100644
--- a/agent/consul/server.go
+++ b/agent/consul/server.go
@@ -442,10 +442,20 @@ type Server struct {
 	// typeRegistry contains Consul's registered resource types.
 	typeRegistry resource.Registry
 
-	// internalResourceServiceClient is a client that can be used to communicate
-	// with the Resource Service in-process (i.e. not via the network) without auth.
-	// It should only be used for purely-internal workloads, such as controllers.
-	internalResourceServiceClient pbresource.ResourceServiceClient
+	// resourceServiceServer implements the Resource Service.
+	resourceServiceServer *resourcegrpc.Server
+
+	// insecureResourceServiceClient is a client that can be used to communicate
+	// with the Resource Service in-process (i.e. not via the network) *without*
+	// auth. It should only be used for purely-internal workloads, such as
+	// controllers.
+	insecureResourceServiceClient pbresource.ResourceServiceClient
+
+	// secureResourceServiceClient is a client that can be used to communicate
+	// with the Resource Service in-process (i.e. not via the network) *with* auth.
+	// It can be used to make requests to the Resource Service on behalf of the user
+	// (e.g. from the HTTP API).
+	secureResourceServiceClient pbresource.ResourceServiceClient
 
 	// controllerManager schedules the execution of controllers.
 	controllerManager *controller.Manager
@@ -803,11 +813,16 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 	s.grpcHandler = newGRPCHandlerFromConfig(flat, config, s)
 	s.grpcLeaderForwarder = flat.LeaderForwarder
 
-	if err := s.setupInternalResourceService(logger); err != nil {
+	if err := s.setupSecureResourceServiceClient(); err != nil {
+		return nil, err
+	}
+
+	if err := s.setupInsecureResourceServiceClient(logger); err != nil {
 		return nil, err
 	}
+
 	s.controllerManager = controller.NewManager(
-		s.internalResourceServiceClient,
+		s.insecureResourceServiceClient,
 		logger.Named(logging.ControllerRuntime),
 	)
 	s.registerResources(flat)
@@ -929,6 +944,7 @@ func newGRPCHandlerFromConfig(deps Deps, config *Config, s *Server) connHandler
 		s.peerStreamServer.Register(srv)
 		s.externalACLServer.Register(srv)
 		s.externalConnectCAServer.Register(srv)
+		s.resourceServiceServer.Register(srv)
 	}
 
 	return agentgrpc.NewHandler(deps.Logger, config.RPCAddr, register, nil, s.incomingRPCLimiter)
@@ -1334,23 +1350,50 @@ func (s *Server) setupExternalGRPC(config *Config, logger hclog.Logger) {
 	})
 	s.peerStreamServer.Register(s.externalGRPCServer)
 
-	resourcegrpc.NewServer(resourcegrpc.Config{
+	s.resourceServiceServer = resourcegrpc.NewServer(resourcegrpc.Config{
 		Registry:    s.typeRegistry,
 		Backend:     s.raftStorageBackend,
 		ACLResolver: s.ACLResolver,
 		Logger:      logger.Named("grpc-api.resource"),
-	}).Register(s.externalGRPCServer)
+	})
+	s.resourceServiceServer.Register(s.externalGRPCServer)
 }
 
-func (s *Server) setupInternalResourceService(logger hclog.Logger) error {
-	server := grpc.NewServer()
-
-	resourcegrpc.NewServer(resourcegrpc.Config{
+func (s *Server) setupInsecureResourceServiceClient(logger hclog.Logger) error {
+	server := resourcegrpc.NewServer(resourcegrpc.Config{
 		Registry:    s.typeRegistry,
 		Backend:     s.raftStorageBackend,
 		ACLResolver: resolver.DANGER_NO_AUTH{},
 		Logger:      logger.Named("grpc-api.resource"),
-	}).Register(server)
+	})
+
+	conn, err := s.runInProcessGRPCServer(server.Register)
+	if err != nil {
+		return err
+	}
+	s.insecureResourceServiceClient = pbresource.NewResourceServiceClient(conn)
+
+	return nil
+}
+
+func (s *Server) setupSecureResourceServiceClient() error {
+	conn, err := s.runInProcessGRPCServer(s.resourceServiceServer.Register)
+	if err != nil {
+		return err
+	}
+	s.secureResourceServiceClient = pbresource.NewResourceServiceClient(conn)
+
+	return nil
+}
+
+// runInProcessGRPCServer runs a gRPC server that can only be accessed in the
+// same process, rather than over the network, using a pipe listener.
+func (s *Server) runInProcessGRPCServer(registerFn ...func(*grpc.Server)) (*grpc.ClientConn, error) {
+	server := grpc.NewServer()
+
+	for _, fn := range registerFn {
+		fn(server)
+	}
 
 	pipe := agentgrpc.NewPipeListener()
 	go server.Serve(pipe)
@@ -1367,15 +1410,14 @@ func (s *Server) setupInternalResourceService(logger hclog.Logger) error {
 	)
 	if err != nil {
 		server.Stop()
-		return err
+		return nil, err
 	}
 	go func() {
 		<-s.shutdownCh
 		conn.Close()
 	}()
-	s.internalResourceServiceClient = pbresource.NewResourceServiceClient(conn)
 
-	return nil
+	return conn, nil
 }
 
 // Shutdown is used to shutdown the server
@@ -2095,6 +2137,10 @@ func (s *Server) hcpServerStatus(deps Deps) hcp.StatusCallback {
 	}
 }
 
+func (s *Server) ResourceServiceClient() pbresource.ResourceServiceClient {
+	return s.secureResourceServiceClient
+}
+
 func fileExists(name string) (bool, error) {
 	_, err := os.Stat(name)
 	if err == nil {

From 747a4c73c1eea8da2181b2cbb1ffa5721efb1325 Mon Sep 17 00:00:00 2001
From: "Chris S. Kim" <ckim@hashicorp.com>
Date: Fri, 14 Jul 2023 15:58:33 -0400
Subject: [PATCH 169/359] Fix bug with Vault CA provider (#18112)

Updating RootPKIPath but not IntermediatePKIPath would not update
leaf signing certs with the new root. Unsure if this happens in practice
but manual testing showed it is a bug that would break mesh and agent
connections once the old root is pruned.
---
 .changelog/18112.txt                     |   3 +
 agent/connect/ca/mock_Provider.go        |  48 +++++------
 agent/connect/ca/provider.go             |   9 +-
 agent/connect/ca/provider_aws.go         |  10 +--
 agent/connect/ca/provider_aws_test.go    |  18 ++--
 agent/connect/ca/provider_consul.go      |  18 ++--
 agent/connect/ca/provider_consul_test.go |  16 ++--
 agent/connect/ca/provider_vault.go       |  31 +++----
 agent/connect/ca/provider_vault_test.go  |  25 +++---
 agent/consul/leader_connect_ca.go        |  70 +++++++++++----
 agent/consul/leader_connect_ca_test.go   | 105 +++++++++++++++++++----
 agent/consul/leader_connect_test.go      |  10 ++-
 12 files changed, 227 insertions(+), 136 deletions(-)
 create mode 100644 .changelog/18112.txt

diff --git a/.changelog/18112.txt b/.changelog/18112.txt
new file mode 100644
index 000000000000..ddd37786f552
--- /dev/null
+++ b/.changelog/18112.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ca: Fixes a Vault CA provider bug where updating RootPKIPath but not IntermediatePKIPath would not renew leaf signing certificates
+```
diff --git a/agent/connect/ca/mock_Provider.go b/agent/connect/ca/mock_Provider.go
index 0c9725f5ee08..0a745ad9bb3f 100644
--- a/agent/connect/ca/mock_Provider.go
+++ b/agent/connect/ca/mock_Provider.go
@@ -89,14 +89,13 @@ func (_m *MockProvider) CrossSignCA(_a0 *x509.Certificate) (string, error) {
 	return r0, r1
 }
 
-// GenerateIntermediateCSR provides a mock function with given fields:
-func (_m *MockProvider) GenerateIntermediateCSR() (string, string, error) {
+// GenerateCAChain provides a mock function with given fields:
+func (_m *MockProvider) GenerateCAChain() (string, error) {
 	ret := _m.Called()
 
 	var r0 string
-	var r1 string
-	var r2 error
-	if rf, ok := ret.Get(0).(func() (string, string, error)); ok {
+	var r1 error
+	if rf, ok := ret.Get(0).(func() (string, error)); ok {
 		return rf()
 	}
 	if rf, ok := ret.Get(0).(func() string); ok {
@@ -105,43 +104,44 @@ func (_m *MockProvider) GenerateIntermediateCSR() (string, string, error) {
 		r0 = ret.Get(0).(string)
 	}
 
-	if rf, ok := ret.Get(1).(func() string); ok {
+	if rf, ok := ret.Get(1).(func() error); ok {
 		r1 = rf()
 	} else {
-		r1 = ret.Get(1).(string)
-	}
-
-	if rf, ok := ret.Get(2).(func() error); ok {
-		r2 = rf()
-	} else {
-		r2 = ret.Error(2)
+		r1 = ret.Error(1)
 	}
 
-	return r0, r1, r2
+	return r0, r1
 }
 
-// GenerateCAChain provides a mock function with given fields:
-func (_m *MockProvider) GenerateCAChain() (CAChainResult, error) {
+// GenerateIntermediateCSR provides a mock function with given fields:
+func (_m *MockProvider) GenerateIntermediateCSR() (string, string, error) {
 	ret := _m.Called()
 
-	var r0 CAChainResult
-	var r1 error
-	if rf, ok := ret.Get(0).(func() (CAChainResult, error)); ok {
+	var r0 string
+	var r1 string
+	var r2 error
+	if rf, ok := ret.Get(0).(func() (string, string, error)); ok {
 		return rf()
 	}
-	if rf, ok := ret.Get(0).(func() CAChainResult); ok {
+	if rf, ok := ret.Get(0).(func() string); ok {
 		r0 = rf()
 	} else {
-		r0 = ret.Get(0).(CAChainResult)
+		r0 = ret.Get(0).(string)
 	}
 
-	if rf, ok := ret.Get(1).(func() error); ok {
+	if rf, ok := ret.Get(1).(func() string); ok {
 		r1 = rf()
 	} else {
-		r1 = ret.Error(1)
+		r1 = ret.Get(1).(string)
 	}
 
-	return r0, r1
+	if rf, ok := ret.Get(2).(func() error); ok {
+		r2 = rf()
+	} else {
+		r2 = ret.Error(2)
+	}
+
+	return r0, r1, r2
 }
 
 // SetIntermediate provides a mock function with given fields: intermediatePEM, rootPEM, opaque
diff --git a/agent/connect/ca/provider.go b/agent/connect/ca/provider.go
index 25d0deae3595..2ef34228bc48 100644
--- a/agent/connect/ca/provider.go
+++ b/agent/connect/ca/provider.go
@@ -135,9 +135,12 @@ type PrimaryProvider interface {
 	// provider.
 	//
 	// Depending on the provider and its configuration, GenerateCAChain may return
-	// a single root certificate or a chain of certs. The provider should return an
-	// existing CA chain if one exists or generate a new one and return it.
-	GenerateCAChain() (CAChainResult, error)
+	// a single root certificate or a chain of certs.
+	// The first certificate must be the primary CA used to sign intermediates for
+	// secondary datacenters, and the last certificate must be the trusted CA.
+	// The provider should return an existing CA chain if one exists or generate a
+	// new one and return it.
+	GenerateCAChain() (string, error)
 
 	// SignIntermediate will validate the CSR to ensure the trust domain in the
 	// URI SAN matches the local one and that basic constraints for a CA
diff --git a/agent/connect/ca/provider_aws.go b/agent/connect/ca/provider_aws.go
index b7808edf9480..d45f3295a8e7 100644
--- a/agent/connect/ca/provider_aws.go
+++ b/agent/connect/ca/provider_aws.go
@@ -140,19 +140,19 @@ func (a *AWSProvider) State() (map[string]string, error) {
 }
 
 // GenerateCAChain implements Provider
-func (a *AWSProvider) GenerateCAChain() (CAChainResult, error) {
+func (a *AWSProvider) GenerateCAChain() (string, error) {
 	if !a.isPrimary {
-		return CAChainResult{}, fmt.Errorf("provider is not the root certificate authority")
+		return "", fmt.Errorf("provider is not the root certificate authority")
 	}
 
 	if err := a.ensureCA(); err != nil {
-		return CAChainResult{}, err
+		return "", err
 	}
 
 	if a.rootPEM == "" {
-		return CAChainResult{}, fmt.Errorf("AWS CA provider not fully Initialized")
+		return "", fmt.Errorf("AWS CA provider not fully Initialized")
 	}
-	return CAChainResult{PEM: a.rootPEM}, nil
+	return a.rootPEM, nil
 }
 
 // ensureCA loads the CA resource to check it exists if configured by User or in
diff --git a/agent/connect/ca/provider_aws_test.go b/agent/connect/ca/provider_aws_test.go
index 8c6a1f679f3e..cba2897fa26a 100644
--- a/agent/connect/ca/provider_aws_test.go
+++ b/agent/connect/ca/provider_aws_test.go
@@ -49,9 +49,8 @@ func TestAWSBootstrapAndSignPrimary(t *testing.T) {
 			provider := testAWSProvider(t, testProviderConfigPrimary(t, cfg))
 			defer provider.Cleanup(true, nil)
 
-			root, err := provider.GenerateCAChain()
+			rootPEM, err := provider.GenerateCAChain()
 			require.NoError(t, err)
-			rootPEM := root.PEM
 
 			// Ensure they use the right key type
 			rootCert, err := connect.ParseCert(rootPEM)
@@ -76,9 +75,8 @@ func TestAWSBootstrapAndSignPrimary(t *testing.T) {
 		provider := testAWSProvider(t, testProviderConfigPrimary(t, nil))
 		defer provider.Cleanup(true, nil)
 
-		root, err := provider.GenerateCAChain()
+		rootPEM, err := provider.GenerateCAChain()
 		require.NoError(t, err)
-		rootPEM := root.PEM
 
 		// Ensure they use the right key type
 		rootCert, err := connect.ParseCert(rootPEM)
@@ -111,9 +109,8 @@ func TestAWSBootstrapAndSignSecondary(t *testing.T) {
 
 	p1 := testAWSProvider(t, testProviderConfigPrimary(t, nil))
 	defer p1.Cleanup(true, nil)
-	root, err := p1.GenerateCAChain()
+	rootPEM, err := p1.GenerateCAChain()
 	require.NoError(t, err)
-	rootPEM := root.PEM
 
 	p2 := testAWSProvider(t, testProviderConfigSecondary(t, nil))
 	defer p2.Cleanup(true, nil)
@@ -140,9 +137,8 @@ func TestAWSBootstrapAndSignSecondary(t *testing.T) {
 		cfg1 := testProviderConfigPrimary(t, nil)
 		cfg1.State = p1State
 		p1 = testAWSProvider(t, cfg1)
-		root, err := p1.GenerateCAChain()
+		newRootPEM, err := p1.GenerateCAChain()
 		require.NoError(t, err)
-		newRootPEM := root.PEM
 
 		cfg2 := testProviderConfigPrimary(t, nil)
 		cfg2.State = p2State
@@ -174,9 +170,8 @@ func TestAWSBootstrapAndSignSecondary(t *testing.T) {
 			"ExistingARN": p1State[AWSStateCAARNKey],
 		})
 		p1 = testAWSProvider(t, cfg1)
-		root, err := p1.GenerateCAChain()
+		newRootPEM, err := p1.GenerateCAChain()
 		require.NoError(t, err)
-		newRootPEM := root.PEM
 
 		cfg2 := testProviderConfigPrimary(t, map[string]interface{}{
 			"ExistingARN": p2State[AWSStateCAARNKey],
@@ -213,9 +208,8 @@ func TestAWSBootstrapAndSignSecondary(t *testing.T) {
 		p2 = testAWSProvider(t, cfg2)
 		require.NoError(t, p2.SetIntermediate(newIntPEM, newRootPEM, ""))
 
-		root, err = p1.GenerateCAChain()
+		newRootPEM, err = p1.GenerateCAChain()
 		require.NoError(t, err)
-		newRootPEM = root.PEM
 		newIntPEM, err = p2.ActiveLeafSigningCert()
 		require.NoError(t, err)
 
diff --git a/agent/connect/ca/provider_consul.go b/agent/connect/ca/provider_consul.go
index b35800c6da4c..01c4987e07d8 100644
--- a/agent/connect/ca/provider_consul.go
+++ b/agent/connect/ca/provider_consul.go
@@ -155,17 +155,17 @@ func (c *ConsulProvider) State() (map[string]string, error) {
 }
 
 // GenerateCAChain initializes a new root certificate and private key if needed.
-func (c *ConsulProvider) GenerateCAChain() (CAChainResult, error) {
+func (c *ConsulProvider) GenerateCAChain() (string, error) {
 	providerState, err := c.getState()
 	if err != nil {
-		return CAChainResult{}, err
+		return "", err
 	}
 
 	if !c.isPrimary {
-		return CAChainResult{}, fmt.Errorf("provider is not the root certificate authority")
+		return "", fmt.Errorf("provider is not the root certificate authority")
 	}
 	if providerState.RootCert != "" {
-		return CAChainResult{PEM: providerState.RootCert}, nil
+		return providerState.RootCert, nil
 	}
 
 	// Generate a private key if needed
@@ -173,7 +173,7 @@ func (c *ConsulProvider) GenerateCAChain() (CAChainResult, error) {
 	if c.config.PrivateKey == "" {
 		_, pk, err := connect.GeneratePrivateKeyWithConfig(c.config.PrivateKeyType, c.config.PrivateKeyBits)
 		if err != nil {
-			return CAChainResult{}, err
+			return "", err
 		}
 		newState.PrivateKey = pk
 	} else {
@@ -184,12 +184,12 @@ func (c *ConsulProvider) GenerateCAChain() (CAChainResult, error) {
 	if c.config.RootCert == "" {
 		nextSerial, err := c.incrementAndGetNextSerialNumber()
 		if err != nil {
-			return CAChainResult{}, fmt.Errorf("error computing next serial number: %v", err)
+			return "", fmt.Errorf("error computing next serial number: %v", err)
 		}
 
 		ca, err := c.generateCA(newState.PrivateKey, nextSerial, c.config.RootCertTTL)
 		if err != nil {
-			return CAChainResult{}, fmt.Errorf("error generating CA: %v", err)
+			return "", fmt.Errorf("error generating CA: %v", err)
 		}
 		newState.RootCert = ca
 	} else {
@@ -202,10 +202,10 @@ func (c *ConsulProvider) GenerateCAChain() (CAChainResult, error) {
 		ProviderState: &newState,
 	}
 	if _, err := c.Delegate.ApplyCARequest(args); err != nil {
-		return CAChainResult{}, err
+		return "", err
 	}
 
-	return CAChainResult{PEM: newState.RootCert}, nil
+	return newState.RootCert, nil
 }
 
 // GenerateIntermediateCSR creates a private key and generates a CSR
diff --git a/agent/connect/ca/provider_consul_test.go b/agent/connect/ca/provider_consul_test.go
index fd521a5bbe40..0c6959c7f5d4 100644
--- a/agent/connect/ca/provider_consul_test.go
+++ b/agent/connect/ca/provider_consul_test.go
@@ -93,10 +93,10 @@ func TestConsulCAProvider_Bootstrap(t *testing.T) {
 	// Intermediate should be the same cert.
 	inter, err := provider.ActiveLeafSigningCert()
 	require.NoError(t, err)
-	require.Equal(t, root.PEM, inter)
+	require.Equal(t, root, inter)
 
 	// Should be a valid cert
-	parsed, err := connect.ParseCert(root.PEM)
+	parsed, err := connect.ParseCert(root)
 	require.NoError(t, err)
 	require.Equal(t, parsed.URIs[0].String(), fmt.Sprintf("spiffe://%s.consul", conf.ClusterID))
 	requireNotEncoded(t, parsed.SubjectKeyId)
@@ -128,10 +128,10 @@ func TestConsulCAProvider_Bootstrap_WithCert(t *testing.T) {
 
 	root, err := provider.GenerateCAChain()
 	require.NoError(t, err)
-	require.Equal(t, root.PEM, rootCA.RootCert)
+	require.Equal(t, root, rootCA.RootCert)
 
 	// Should be a valid cert
-	parsed, err := connect.ParseCert(root.PEM)
+	parsed, err := connect.ParseCert(root)
 	require.NoError(t, err)
 
 	// test that the default root cert ttl was not applied to the provided cert
@@ -298,7 +298,7 @@ func testCrossSignProviders(t *testing.T, provider1, provider2 Provider) {
 	root, err := provider2.GenerateCAChain()
 	require.NoError(t, err)
 
-	newRoot, err := connect.ParseCert(root.PEM)
+	newRoot, err := connect.ParseCert(root)
 	require.NoError(t, err)
 	oldSubject := newRoot.Subject.CommonName
 	requireNotEncoded(t, newRoot.SubjectKeyId)
@@ -321,7 +321,7 @@ func testCrossSignProviders(t *testing.T, provider1, provider2 Provider) {
 
 	p1Root, err := provider1.GenerateCAChain()
 	require.NoError(t, err)
-	oldRoot, err := connect.ParseCert(p1Root.PEM)
+	oldRoot, err := connect.ParseCert(p1Root)
 	require.NoError(t, err)
 	requireNotEncoded(t, oldRoot.SubjectKeyId)
 	requireNotEncoded(t, oldRoot.AuthorityKeyId)
@@ -385,7 +385,7 @@ func testCrossSignProvidersShouldFail(t *testing.T, provider1, provider2 Provide
 	root, err := provider2.GenerateCAChain()
 	require.NoError(t, err)
 
-	newRoot, err := connect.ParseCert(root.PEM)
+	newRoot, err := connect.ParseCert(root)
 	require.NoError(t, err)
 	requireNotEncoded(t, newRoot.SubjectKeyId)
 	requireNotEncoded(t, newRoot.AuthorityKeyId)
@@ -454,7 +454,7 @@ func testSignIntermediateCrossDC(t *testing.T, provider1, provider2 Provider) {
 	require.NoError(t, err)
 	root, err := provider1.GenerateCAChain()
 	require.NoError(t, err)
-	rootPEM := root.PEM
+	rootPEM := root
 
 	// Give the new intermediate to provider2 to use.
 	require.NoError(t, provider2.SetIntermediate(intermediatePEM, rootPEM, opaque))
diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go
index 89350d87df3e..59b983dbecc4 100644
--- a/agent/connect/ca/provider_vault.go
+++ b/agent/connect/ca/provider_vault.go
@@ -280,9 +280,9 @@ func (v *VaultProvider) State() (map[string]string, error) {
 }
 
 // GenerateCAChain mounts and initializes a new root PKI backend if needed.
-func (v *VaultProvider) GenerateCAChain() (CAChainResult, error) {
+func (v *VaultProvider) GenerateCAChain() (string, error) {
 	if !v.isPrimary {
-		return CAChainResult{}, fmt.Errorf("provider is not the root certificate authority")
+		return "", fmt.Errorf("provider is not the root certificate authority")
 	}
 
 	// Set up the root PKI backend if necessary.
@@ -302,7 +302,7 @@ func (v *VaultProvider) GenerateCAChain() (CAChainResult, error) {
 			},
 		})
 		if err != nil {
-			return CAChainResult{}, fmt.Errorf("failed to mount root CA backend: %w", err)
+			return "", fmt.Errorf("failed to mount root CA backend: %w", err)
 		}
 
 		// We want to initialize afterwards
@@ -310,7 +310,7 @@ func (v *VaultProvider) GenerateCAChain() (CAChainResult, error) {
 	case ErrBackendNotInitialized:
 		uid, err := connect.CompactUID()
 		if err != nil {
-			return CAChainResult{}, err
+			return "", err
 		}
 		resp, err := v.writeNamespaced(v.config.RootPKINamespace, v.config.RootPKIPath+"root/generate/internal", map[string]interface{}{
 			"common_name": connect.CACN("vault", uid, v.clusterID, v.isPrimary),
@@ -319,23 +319,23 @@ func (v *VaultProvider) GenerateCAChain() (CAChainResult, error) {
 			"key_bits":    v.config.PrivateKeyBits,
 		})
 		if err != nil {
-			return CAChainResult{}, fmt.Errorf("failed to initialize root CA: %w", err)
+			return "", fmt.Errorf("failed to initialize root CA: %w", err)
 		}
 		var ok bool
 		rootPEM, ok = resp.Data["certificate"].(string)
 		if !ok {
-			return CAChainResult{}, fmt.Errorf("unexpected response from Vault: %v", resp.Data["certificate"])
+			return "", fmt.Errorf("unexpected response from Vault: %v", resp.Data["certificate"])
 		}
 
 	default:
 		if err != nil {
-			return CAChainResult{}, fmt.Errorf("unexpected error while setting root PKI backend: %w", err)
+			return "", fmt.Errorf("unexpected error while setting root PKI backend: %w", err)
 		}
 	}
 
 	rootChain, err := v.getCAChain(v.config.RootPKINamespace, v.config.RootPKIPath)
 	if err != nil {
-		return CAChainResult{}, err
+		return "", err
 	}
 
 	// Workaround for a bug in the Vault PKI API.
@@ -344,18 +344,7 @@ func (v *VaultProvider) GenerateCAChain() (CAChainResult, error) {
 		rootChain = rootPEM
 	}
 
-	intermediate, err := v.ActiveLeafSigningCert()
-	if err != nil {
-		return CAChainResult{}, fmt.Errorf("error fetching active intermediate: %w", err)
-	}
-	if intermediate == "" {
-		intermediate, err = v.GenerateLeafSigningCert()
-		if err != nil {
-			return CAChainResult{}, fmt.Errorf("error generating intermediate: %w", err)
-		}
-	}
-
-	return CAChainResult{PEM: rootChain, IntermediatePEM: intermediate}, nil
+	return rootChain, nil
 }
 
 // GenerateIntermediateCSR creates a private key and generates a CSR
@@ -582,7 +571,7 @@ func (v *VaultProvider) getCAChain(namespace, path string) (string, error) {
 	return root, nil
 }
 
-// GenerateIntermediate mounts the configured intermediate PKI backend if
+// GenerateLeafSigningCert mounts the configured intermediate PKI backend if
 // necessary, then generates and signs a new CA CSR using the root PKI backend
 // and updates the intermediate backend to use that new certificate.
 func (v *VaultProvider) GenerateLeafSigningCert() (string, error) {
diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go
index 87dc1a04fe7a..008afa6081aa 100644
--- a/agent/connect/ca/provider_vault_test.go
+++ b/agent/connect/ca/provider_vault_test.go
@@ -420,7 +420,7 @@ func TestVaultCAProvider_Bootstrap(t *testing.T) {
 			},
 			certFunc: func(provider *VaultProvider) (string, error) {
 				root, err := provider.GenerateCAChain()
-				return root.PEM, err
+				return root, err
 			},
 			backendPath:         "pki-root/",
 			rootCaCreation:      true,
@@ -497,9 +497,8 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) {
 			Service:    "foo",
 		}
 
-		root, err := provider.GenerateCAChain()
+		rootPEM, err := provider.GenerateCAChain()
 		require.NoError(t, err)
-		rootPEM := root.PEM
 		assertCorrectKeyType(t, tc.KeyType, rootPEM)
 
 		intPEM, err := provider.ActiveLeafSigningCert()
@@ -600,9 +599,9 @@ func TestVaultCAProvider_CrossSignCA(t *testing.T) {
 		})
 
 		testutil.RunStep(t, "init", func(t *testing.T) {
-			root, err := provider1.GenerateCAChain()
+			rootPEM, err := provider1.GenerateCAChain()
 			require.NoError(t, err)
-			assertCorrectKeyType(t, tc.SigningKeyType, root.PEM)
+			assertCorrectKeyType(t, tc.SigningKeyType, rootPEM)
 
 			intPEM, err := provider1.ActiveLeafSigningCert()
 			require.NoError(t, err)
@@ -628,9 +627,9 @@ func TestVaultCAProvider_CrossSignCA(t *testing.T) {
 		})
 
 		testutil.RunStep(t, "swap", func(t *testing.T) {
-			root, err := provider2.GenerateCAChain()
+			rootPEM, err := provider2.GenerateCAChain()
 			require.NoError(t, err)
-			assertCorrectKeyType(t, tc.CSRKeyType, root.PEM)
+			assertCorrectKeyType(t, tc.CSRKeyType, rootPEM)
 
 			intPEM, err := provider2.ActiveLeafSigningCert()
 			require.NoError(t, err)
@@ -1147,14 +1146,14 @@ func TestVaultCAProvider_GenerateIntermediate(t *testing.T) {
 	// This test was created to ensure that our calls to Vault
 	// returns a new Intermediate certificate and further calls
 	// to ActiveLeafSigningCert return the same new cert.
-	new, err := provider.GenerateLeafSigningCert()
+	newLeaf, err := provider.GenerateLeafSigningCert()
 	require.NoError(t, err)
 
 	newActive, err := provider.ActiveLeafSigningCert()
 	require.NoError(t, err)
 
-	require.Equal(t, new, newActive)
-	require.NotEqual(t, orig, new)
+	require.Equal(t, newLeaf, newActive)
+	require.NotEqual(t, orig, newLeaf)
 }
 
 func TestVaultCAProvider_AutoTidyExpiredIssuers(t *testing.T) {
@@ -1240,9 +1239,8 @@ func TestVaultCAProvider_GenerateIntermediate_inSecondary(t *testing.T) {
 		// Sign the CSR with primaryProvider.
 		intermediatePEM, err := primaryProvider.SignIntermediate(csr)
 		require.NoError(t, err)
-		root, err := primaryProvider.GenerateCAChain()
+		rootPEM, err := primaryProvider.GenerateCAChain()
 		require.NoError(t, err)
-		rootPEM := root.PEM
 
 		// Give the new intermediate to provider to use.
 		require.NoError(t, provider.SetIntermediate(intermediatePEM, rootPEM, issuerID))
@@ -1261,9 +1259,8 @@ func TestVaultCAProvider_GenerateIntermediate_inSecondary(t *testing.T) {
 		// Sign the CSR with primaryProvider.
 		intermediatePEM, err := primaryProvider.SignIntermediate(csr)
 		require.NoError(t, err)
-		root, err := primaryProvider.GenerateCAChain()
+		rootPEM, err := primaryProvider.GenerateCAChain()
 		require.NoError(t, err)
-		rootPEM := root.PEM
 
 		// Give the new intermediate to provider to use.
 		require.NoError(t, provider.SetIntermediate(intermediatePEM, rootPEM, issuerID))
diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go
index c8c63c8874aa..717c9ff0b254 100644
--- a/agent/consul/leader_connect_ca.go
+++ b/agent/consul/leader_connect_ca.go
@@ -258,8 +258,8 @@ func (c *CAManager) initializeCAConfig() (*structs.CAConfiguration, error) {
 }
 
 // newCARoot returns a filled-in structs.CARoot from a raw PEM value.
-func newCARoot(rootResult ca.CAChainResult, provider, clusterID string) (*structs.CARoot, error) {
-	primaryCert, err := connect.ParseCert(rootResult.PEM)
+func newCARoot(caPem, provider, clusterID string) (*structs.CARoot, error) {
+	primaryCert, err := connect.ParseCert(caPem)
 	if err != nil {
 		return nil, err
 	}
@@ -275,17 +275,12 @@ func newCARoot(rootResult ca.CAChainResult, provider, clusterID string) (*struct
 		ExternalTrustDomain: clusterID,
 		NotBefore:           primaryCert.NotBefore,
 		NotAfter:            primaryCert.NotAfter,
-		RootCert:            lib.EnsureTrailingNewline(rootResult.PEM),
+		RootCert:            lib.EnsureTrailingNewline(caPem),
 		PrivateKeyType:      keyType,
 		PrivateKeyBits:      keyBits,
 		Active:              true,
 	}
-	if rootResult.IntermediatePEM == "" {
-		return caRoot, nil
-	}
-	if err := setLeafSigningCert(caRoot, rootResult.IntermediatePEM); err != nil {
-		return nil, fmt.Errorf("error setting leaf signing cert: %w", err)
-	}
+
 	return caRoot, nil
 }
 
@@ -518,6 +513,19 @@ func (c *CAManager) primaryInitialize(provider ca.Provider, conf *structs.CAConf
 		return err
 	}
 
+	// provider may use intermediates for leaf signing in which case
+	// we need to generate a leaf signing CA.
+	if usesIntermediate, ok := provider.(ca.PrimaryUsesIntermediate); ok {
+		leafPem, err := usesIntermediate.GenerateLeafSigningCert()
+		if err != nil {
+			return fmt.Errorf("error generating new leaf signing cert: %w", err)
+		}
+
+		if err := setLeafSigningCert(rootCA, leafPem); err != nil {
+			return fmt.Errorf("error setting leaf signing cert: %w", err)
+		}
+	}
+
 	var rootUpdateRequired bool
 	if len(rootCA.IntermediateCerts) > 0 {
 		rootUpdateRequired = true
@@ -764,7 +772,6 @@ func (c *CAManager) UpdateConfiguration(args *structs.CARequest) (reterr error)
 		return err
 	}
 
-	// Exit early if it's a no-op change
 	state := c.delegate.State()
 	_, config, err := state.CAConfig(nil)
 	if err != nil {
@@ -780,6 +787,8 @@ func (c *CAManager) UpdateConfiguration(args *structs.CARequest) (reterr error)
 
 	// Don't allow users to change the ClusterID.
 	args.Config.ClusterID = config.ClusterID
+
+	// Exit early if it's a no-op change
 	if args.Config.Provider == config.Provider && reflect.DeepEqual(args.Config.Config, config.Config) {
 		return nil
 	}
@@ -866,26 +875,53 @@ func (c *CAManager) primaryUpdateRootCA(newProvider ca.Provider, args *structs.C
 	}
 	args.Config.State = pState
 
-	providerRoot, err := newProvider.GenerateCAChain()
+	caPEM, err := newProvider.GenerateCAChain()
 	if err != nil {
 		return fmt.Errorf("error generating CA root certificate: %v", err)
 	}
 
-	newRootPEM := providerRoot.PEM
-	newActiveRoot, err := newCARoot(providerRoot, args.Config.Provider, args.Config.ClusterID)
+	newActiveRoot, err := newCARoot(caPEM, args.Config.Provider, args.Config.ClusterID)
 	if err != nil {
 		return err
 	}
 
+	// Fetch the existing root CA to compare with the current one.
 	state := c.delegate.State()
-	// Compare the new provider's root CA ID to the current one. If they
-	// match, just update the existing provider with the new config.
-	// If they don't match, begin the root rotation process.
 	_, root, err := state.CARootActive(nil)
 	if err != nil {
 		return err
 	}
 
+	// provider may use intermediates for leaf signing in which case
+	// we may need to generate a leaf signing CA if the root has changed.
+	if usesIntermediate, ok := newProvider.(ca.PrimaryUsesIntermediate); ok {
+		var leafPemFunc func() (string, error)
+		if root != nil && root.ID == newActiveRoot.ID {
+			// If Root ID is the same, we can reuse the existing leaf signing cert
+			leafPemFunc = newProvider.ActiveLeafSigningCert
+		} else {
+			// If Root ID is different, we need to generate a new leaf signing cert
+			// else the trust chain will break when the old root expires.
+			leafPemFunc = usesIntermediate.GenerateLeafSigningCert
+		}
+		leafPem, err := leafPemFunc()
+		if err != nil {
+			return fmt.Errorf("error fetching leaf signing cert: %w", err)
+		}
+		// newProvider.ActiveLeafSigningCert may return a blank leafPem so we
+		// fall back to generating a new one just in case.
+		if leafPem == "" {
+			leafPem, err = usesIntermediate.GenerateLeafSigningCert()
+			if err != nil {
+				return fmt.Errorf("error generating new leaf signing cert: %w", err)
+			}
+		}
+
+		if err := setLeafSigningCert(newActiveRoot, leafPem); err != nil {
+			return fmt.Errorf("error setting leaf signing cert: %w", err)
+		}
+	}
+
 	// If the root didn't change, just update the config and return.
 	if root != nil && root.ID == newActiveRoot.ID {
 		args.Op = structs.CAOpSetConfig
@@ -919,7 +955,7 @@ func (c *CAManager) primaryUpdateRootCA(newProvider ca.Provider, args *structs.C
 		// 3. Take the active root for the new provider and append the intermediate from step 2
 		// to its list of intermediates.
 		// TODO: this cert is already parsed once in newCARoot, could we remove the second parse?
-		newRoot, err := connect.ParseCert(newRootPEM)
+		newRoot, err := connect.ParseCert(caPEM)
 		if err != nil {
 			return err
 		}
diff --git a/agent/consul/leader_connect_ca_test.go b/agent/consul/leader_connect_ca_test.go
index a8ca93101e44..e1c2cf8506c2 100644
--- a/agent/consul/leader_connect_ca_test.go
+++ b/agent/consul/leader_connect_ca_test.go
@@ -259,8 +259,8 @@ type mockCAProvider struct {
 
 func (m *mockCAProvider) Configure(cfg ca.ProviderConfig) error { return nil }
 func (m *mockCAProvider) State() (map[string]string, error)     { return nil, nil }
-func (m *mockCAProvider) GenerateCAChain() (ca.CAChainResult, error) {
-	return ca.CAChainResult{PEM: m.rootPEM}, nil
+func (m *mockCAProvider) GenerateCAChain() (string, error) {
+	return m.rootPEM, nil
 }
 func (m *mockCAProvider) GenerateIntermediateCSR() (string, string, error) {
 	m.callbackCh <- "provider/GenerateIntermediateCSR"
@@ -624,7 +624,7 @@ func TestCAManager_UpdateConfiguration_Vault_Primary(t *testing.T) {
 	require.Equal(t, connect.HexString(cert.SubjectKeyId), origRoot.SigningKeyID)
 
 	t.Run("update config without changing root", func(t *testing.T) {
-		err = s1.caManager.UpdateConfiguration(&structs.CARequest{
+		require.NoError(t, s1.caManager.UpdateConfiguration(&structs.CARequest{
 			Config: &structs.CAConfiguration{
 				Provider: "vault",
 				Config: map[string]interface{}{
@@ -635,50 +635,117 @@ func TestCAManager_UpdateConfiguration_Vault_Primary(t *testing.T) {
 					"CSRMaxPerSecond":     100,
 				},
 			},
-		})
-		require.NoError(t, err)
-		_, sameRoot, err := s1.fsm.State().CARootActive(nil)
+		}))
+
+		_, newRoot, err := s1.fsm.State().CARootActive(nil)
 		require.NoError(t, err)
-		require.Len(t, sameRoot.IntermediateCerts, 1)
-		sameRoot.CreateIndex = s1.caManager.providerRoot.CreateIndex
-		sameRoot.ModifyIndex = s1.caManager.providerRoot.ModifyIndex
+		require.Len(t, newRoot.IntermediateCerts, 1)
+		newRoot.CreateIndex = s1.caManager.providerRoot.CreateIndex
+		newRoot.ModifyIndex = s1.caManager.providerRoot.ModifyIndex
 
-		cert, err := connect.ParseCert(s1.caManager.getLeafSigningCertFromRoot(sameRoot))
+		orig, err := connect.ParseCert(s1.caManager.getLeafSigningCertFromRoot(newRoot))
 		require.NoError(t, err)
-		require.Equal(t, connect.HexString(cert.SubjectKeyId), sameRoot.SigningKeyID)
+		require.Equal(t, connect.HexString(orig.SubjectKeyId), newRoot.SigningKeyID)
 
-		require.Equal(t, origRoot, sameRoot)
-		require.Equal(t, sameRoot, s1.caManager.providerRoot)
+		require.Equal(t, origRoot, newRoot)
+		require.Equal(t, newRoot, s1.caManager.providerRoot)
 	})
 
-	t.Run("update config and change root", func(t *testing.T) {
+	t.Run("update config and change root only", func(t *testing.T) {
+		// Read the active leaf CA
+		provider, _ := s1.caManager.getCAProvider()
+
+		before, err := provider.ActiveLeafSigningCert()
+		require.NoError(t, err)
+
 		vaultToken2 := ca.CreateVaultTokenWithAttrs(t, vault.Client(), &ca.VaultTokenAttributes{
 			RootPath:         "pki-root-2",
-			IntermediatePath: "pki-intermediate-2",
+			IntermediatePath: "pki-intermediate",
 			ConsulManaged:    true,
+			WithSudo:         true,
 		})
 
-		err = s1.caManager.UpdateConfiguration(&structs.CARequest{
+		require.NoError(t, s1.caManager.UpdateConfiguration(&structs.CARequest{
 			Config: &structs.CAConfiguration{
 				Provider: "vault",
 				Config: map[string]interface{}{
 					"Address":             vault.Addr,
 					"Token":               vaultToken2,
 					"RootPKIPath":         "pki-root-2/",
-					"IntermediatePKIPath": "pki-intermediate-2/",
+					"IntermediatePKIPath": "pki-intermediate/",
+				},
+			},
+		}))
+
+		// fetch the new root from the state store to check that
+		// raft apply has occurred.
+		_, newRoot, err := s1.fsm.State().CARootActive(nil)
+		require.NoError(t, err)
+		require.Len(t, newRoot.IntermediateCerts, 2,
+			"expected one cross-sign cert and one local leaf sign cert")
+
+		// Refresh provider
+		provider, _ = s1.caManager.getCAProvider()
+
+		// Leaf signing cert should have been updated
+		after, err := provider.ActiveLeafSigningCert()
+		require.NoError(t, err)
+
+		require.NotEqual(t, before, after,
+			"expected leaf signing cert to be changed after RootPKIPath was changed")
+
+		cert, err = connect.ParseCert(after)
+		require.NoError(t, err)
+
+		require.Equal(t, connect.HexString(cert.SubjectKeyId), newRoot.SigningKeyID)
+	})
+
+	t.Run("update config, change root and intermediate", func(t *testing.T) {
+		// Read the active leaf CA
+		provider, _ := s1.caManager.getCAProvider()
+
+		before, err := provider.ActiveLeafSigningCert()
+		require.NoError(t, err)
+
+		vaultToken3 := ca.CreateVaultTokenWithAttrs(t, vault.Client(), &ca.VaultTokenAttributes{
+			RootPath:         "pki-root-3",
+			IntermediatePath: "pki-intermediate-3",
+			ConsulManaged:    true,
+		})
+
+		err = s1.caManager.UpdateConfiguration(&structs.CARequest{
+			Config: &structs.CAConfiguration{
+				Provider: "vault",
+				Config: map[string]interface{}{
+					"Address":             vault.Addr,
+					"Token":               vaultToken3,
+					"RootPKIPath":         "pki-root-3/",
+					"IntermediatePKIPath": "pki-intermediate-3/",
 				},
 			},
 		})
 		require.NoError(t, err)
 
+		// fetch the new root from the state store to check that
+		// raft apply has occurred.
 		_, newRoot, err := s1.fsm.State().CARootActive(nil)
 		require.NoError(t, err)
 		require.Len(t, newRoot.IntermediateCerts, 2,
 			"expected one cross-sign cert and one local leaf sign cert")
-		require.NotEqual(t, origRoot.ID, newRoot.ID)
 
-		cert, err = connect.ParseCert(s1.caManager.getLeafSigningCertFromRoot(newRoot))
+		// Refresh provider
+		provider, _ = s1.caManager.getCAProvider()
+
+		// Leaf signing cert should have been updated
+		after, err := provider.ActiveLeafSigningCert()
 		require.NoError(t, err)
+
+		require.NotEqual(t, before, after,
+			"expected leaf signing cert to be changed after RootPKIPath and IntermediatePKIPath were changed")
+
+		cert, err = connect.ParseCert(after)
+		require.NoError(t, err)
+
 		require.Equal(t, connect.HexString(cert.SubjectKeyId), newRoot.SigningKeyID)
 	})
 }
diff --git a/agent/consul/leader_connect_test.go b/agent/consul/leader_connect_test.go
index 105bf317bdfd..539226b297d3 100644
--- a/agent/consul/leader_connect_test.go
+++ b/agent/consul/leader_connect_test.go
@@ -1362,10 +1362,12 @@ func TestNewCARoot(t *testing.T) {
 	}
 
 	run := func(t *testing.T, tc testCase) {
-		root, err := newCARoot(ca.CAChainResult{
-			PEM:             tc.pem,
-			IntermediatePEM: tc.intermediatePem,
-		}, "provider-name", "cluster-id")
+		root, err := newCARoot(
+			tc.pem,
+			"provider-name", "cluster-id")
+		if tc.intermediatePem != "" {
+			setLeafSigningCert(root, tc.intermediatePem)
+		}
 		if tc.expectedErr != "" {
 			testutil.RequireErrorContains(t, err, tc.expectedErr)
 			return

From 5af73901a2887e11824d8b4dc872c89a5ce8662e Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Fri, 14 Jul 2023 14:53:27 -0600
Subject: [PATCH 170/359] [NET-4897] net/http host header is now verified and
 request.host that contains socked now error (#18129)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### Description

This is related to https://github.com/hashicorp/consul/pull/18124 where
we pinned the go versions in CI to 1.20.5 and 1.19.10.

go 1.20.6 and 1.19.11 now validate request host headers for validity,
including the hostname cannot be prefixed with slashes.

For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname. Prior versions go Go would
clean the host header, and strip slashes in the process, but go1.20.6
and go1.19.11 no longer do, and reject the host header. Around the
community we are seeing that others are intercepting the req.host and if
it starts with a slash or ends with .sock, they changing the host to
localhost or another dummy value.

[client: define a "dummy" hostname to use for local connections by
thaJeztah · Pull Request #45942 ·
moby/moby](https://github.com/moby/moby/pull/45942)

### Testing & Reproduction steps

Check CI tests.

### Links
* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern
---
 .github/workflows/go-tests.yml | 10 +++-------
 api/api.go                     | 11 +++++++++++
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index be773c2b0e06..744a398b5aa4 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -376,7 +376,7 @@ jobs:
       runs-on: ${{ needs.setup.outputs.compute-xl }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
-      go-version: "1.19.10"
+      go-version: "1.19"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
       contents: read
@@ -395,12 +395,7 @@ jobs:
       runs-on: ${{ needs.setup.outputs.compute-xl }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
-      # pinning this to 1.20.5 because this issue in go-testcontainers occurs
-      # in 1.20.6 with the error "http: invalid Host header, host port waiting failed"
-      # https://github.com/testcontainers/testcontainers-go/issues/1359
-      # remove setting this when the above issue is fixed so that the reusable
-      # job will just get the go version from go.mod.
-      go-version: "1.20.5"
+      go-version: "1.20"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
       contents: read
@@ -438,6 +433,7 @@ jobs:
       runs-on: ${{ needs.setup.outputs.compute-xl }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
+      go-version: "1.20"
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
       contents: read
diff --git a/api/api.go b/api/api.go
index 1fe0c71b61e5..18bb3479c9be 100644
--- a/api/api.go
+++ b/api/api.go
@@ -1000,6 +1000,17 @@ func (r *request) toHTTP() (*http.Request, error) {
 		return nil, err
 	}
 
+	// validate that socket communications that do not use the host, detect
+	// slashes in the host name and replace it with local host.
+	// this is required since go started validating req.host in 1.20.6 and 1.19.11.
+	// prior to that they would strip out the slashes for you.  They removed that
+	// behavior and added more strict validation as part of a CVE.
+	// https://github.com/golang/go/issues/60374
+	// the hope is that
+	if strings.HasPrefix(r.url.Host, "/") {
+		r.url.Host = "localhost"
+	}
+
 	req.URL.Host = r.url.Host
 	req.URL.Scheme = r.url.Scheme
 	req.Host = r.url.Host

From 691bc9673a24a53dfa62cfcc77cd99234f2183a1 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Fri, 14 Jul 2023 14:53:44 -0600
Subject: [PATCH 171/359] add a conditional around setting
 LANFilter.AllSegments to make sure it is valid (#18139)

### Description

This is to correct a code problem because this assumes all segments, but
when you get to Enterprise, you can be in partition that is not the
default partition, in which case specifying all segments does not
validate and fails. This is to correct the setting of this filter with
`AllSegments` to `true` to only occur when in the the `default`
partition.

### Testing & Reproduction steps

<!--

* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions
to replicate
* Call out any important/ relevant unit tests, e2e tests or integration
tests you have added or are adding

-->

### Links

<!--

Include any links here that might be helpful for people reviewing your
PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc).
If there are none, feel free to delete this section.

Please be mindful not to leak any customer or confidential information.
HashiCorp employees may want to use our internal URL shortener to
obfuscate links.

-->

### PR Checklist

* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern
---
 agent/ui_endpoint.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/agent/ui_endpoint.go b/agent/ui_endpoint.go
index 8f5184969693..5924e23f6f79 100644
--- a/agent/ui_endpoint.go
+++ b/agent/ui_endpoint.go
@@ -190,7 +190,10 @@ func AgentMembersMapAddrVer(s *HTTPHandlers, req *http.Request) (map[string]stri
 	filter := consul.LANMemberFilter{
 		Partition: entMeta.PartitionOrDefault(),
 	}
-	filter.AllSegments = true
+	if acl.IsDefaultPartition(filter.Partition) {
+		filter.AllSegments = true
+	}
+
 	lanMembers, err := s.agent.delegate.LANMembers(filter)
 	if err != nil {
 		return nil, err

From 05b665e856a5b731422b54557f2f8ff83c977471 Mon Sep 17 00:00:00 2001
From: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>
Date: Fri, 14 Jul 2023 14:13:41 -0700
Subject: [PATCH 172/359] chore: bump upgrade integrations tests to 1.15, 116
 [NET-4743] (#18130)

---
 .github/workflows/test-integrations.yml                 | 4 ++--
 test/integration/consul-container/libs/utils/version.go | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 1a3876855d5e..37a53a85cb7d 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -22,7 +22,7 @@ env:
   GOTESTSUM_VERSION: "1.10.1"
   CONSUL_BINARY_UPLOAD_NAME: consul-bin
   # strip the hashicorp/ off the front of github.repository for consul
-  CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'consul' }}
+  CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }}
   GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
@@ -479,7 +479,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        consul-version: [ "1.14", "1.15"]
+        consul-version: [ "1.15", "1.16"]
     env:
       CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
       ENVOY_VERSION: "1.24.6"
diff --git a/test/integration/consul-container/libs/utils/version.go b/test/integration/consul-container/libs/utils/version.go
index 394cae35b116..91c4da5e3126 100644
--- a/test/integration/consul-container/libs/utils/version.go
+++ b/test/integration/consul-container/libs/utils/version.go
@@ -24,7 +24,7 @@ var (
 )
 
 const (
-	DefaultImageNameOSS   = "consul"
+	DefaultImageNameOSS   = "hashicorp/consul"
 	DefaultImageNameENT   = "hashicorp/consul-enterprise"
 	ImageVersionSuffixENT = "-ent"
 )

From e7194787a7ec5ba4ec1b809d3635d8aab49985ea Mon Sep 17 00:00:00 2001
From: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com>
Date: Fri, 14 Jul 2023 18:00:17 -0700
Subject: [PATCH 173/359] re org resource type registry (#18133)

---
 agent/consul/client_test.go       |  3 +++
 agent/consul/options.go           |  2 ++
 agent/consul/server.go            | 28 ++++++++++------------------
 agent/consul/type_registry.go     | 25 +++++++++++++++++++++++++
 agent/rpc/peering/service_test.go |  3 +++
 agent/setup.go                    |  2 ++
 docs/resources/guide.md           | 18 ++++++++++--------
 7 files changed, 55 insertions(+), 26 deletions(-)
 create mode 100644 agent/consul/type_registry.go

diff --git a/agent/consul/client_test.go b/agent/consul/client_test.go
index 4b8f5c433d8e..174820c0673a 100644
--- a/agent/consul/client_test.go
+++ b/agent/consul/client_test.go
@@ -14,6 +14,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/hashicorp/consul/internal/resource"
+
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/serf/serf"
 	"github.com/stretchr/testify/require"
@@ -576,6 +578,7 @@ func newDefaultDeps(t *testing.T, c *Config) Deps {
 		GetNetRPCInterceptorFunc: middleware.GetNetRPCInterceptor,
 		EnterpriseDeps:           newDefaultDepsEnterprise(t, logger, c),
 		XDSStreamLimiter:         limiter.NewSessionLimiter(),
+		Registry:                 resource.NewRegistry(),
 	}
 }
 
diff --git a/agent/consul/options.go b/agent/consul/options.go
index 26cb2471a89b..4b1d088249cc 100644
--- a/agent/consul/options.go
+++ b/agent/consul/options.go
@@ -16,6 +16,7 @@ import (
 	"github.com/hashicorp/consul/agent/router"
 	"github.com/hashicorp/consul/agent/rpc/middleware"
 	"github.com/hashicorp/consul/agent/token"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/tlsutil"
 )
 
@@ -29,6 +30,7 @@ type Deps struct {
 	GRPCConnPool     GRPCClientConner
 	LeaderForwarder  LeaderForwarder
 	XDSStreamLimiter *limiter.SessionLimiter
+	Registry         resource.Registry
 	// GetNetRPCInterceptorFunc, if not nil, sets the net/rpc rpc.ServerServiceCallInterceptor on
 	// the server side to record metrics around the RPC requests. If nil, no interceptor is added to
 	// the rpc server.
diff --git a/agent/consul/server.go b/agent/consul/server.go
index 2cfe9cb0aae8..6e5ea29da082 100644
--- a/agent/consul/server.go
+++ b/agent/consul/server.go
@@ -19,6 +19,8 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/hashicorp/consul/internal/resource"
+
 	"github.com/armon/go-metrics"
 	"github.com/hashicorp/go-connlimit"
 	"github.com/hashicorp/go-hclog"
@@ -72,8 +74,6 @@ import (
 	"github.com/hashicorp/consul/agent/token"
 	"github.com/hashicorp/consul/internal/catalog"
 	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/mesh"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/internal/resource/reaper"
 	raftstorage "github.com/hashicorp/consul/internal/storage/raft"
@@ -439,9 +439,6 @@ type Server struct {
 	// run by the Server
 	routineManager *routine.Manager
 
-	// typeRegistry contains Consul's registered resource types.
-	typeRegistry resource.Registry
-
 	// resourceServiceServer implements the Resource Service.
 	resourceServiceServer *resourcegrpc.Server
 
@@ -536,7 +533,6 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 		publisher:               flat.EventPublisher,
 		incomingRPCLimiter:      incomingRPCLimiter,
 		routineManager:          routine.NewManager(logger.Named(logging.ConsulServer)),
-		typeRegistry:            resource.NewRegistry(),
 	}
 	incomingRPCLimiter.Register(s)
 
@@ -804,7 +800,7 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 	go s.reportingManager.Run(&lib.StopChannelContext{StopCh: s.shutdownCh})
 
 	// Initialize external gRPC server
-	s.setupExternalGRPC(config, logger)
+	s.setupExternalGRPC(config, flat.Registry, logger)
 
 	// Initialize internal gRPC server.
 	//
@@ -817,7 +813,7 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 		return nil, err
 	}
 
-	if err := s.setupInsecureResourceServiceClient(logger); err != nil {
+	if err := s.setupInsecureResourceServiceClient(flat.Registry, logger); err != nil {
 		return nil, err
 	}
 
@@ -825,7 +821,7 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 		s.insecureResourceServiceClient,
 		logger.Named(logging.ControllerRuntime),
 	)
-	s.registerResources(flat)
+	s.registerControllers(flat)
 	go s.controllerManager.Run(&lib.StopChannelContext{StopCh: shutdownCh})
 
 	go s.trackLeaderChanges()
@@ -876,18 +872,14 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 	return s, nil
 }
 
-func (s *Server) registerResources(deps Deps) {
+func (s *Server) registerControllers(deps Deps) {
 	if stringslice.Contains(deps.Experiments, catalogResourceExperimentName) {
-		catalog.RegisterTypes(s.typeRegistry)
 		catalog.RegisterControllers(s.controllerManager, catalog.DefaultControllerDependencies())
-
-		mesh.RegisterTypes(s.typeRegistry)
 	}
 
 	reaper.RegisterControllers(s.controllerManager)
 
 	if s.config.DevMode {
-		demo.RegisterTypes(s.typeRegistry)
 		demo.RegisterControllers(s.controllerManager)
 	}
 }
@@ -1285,7 +1277,7 @@ func (s *Server) setupRPC() error {
 }
 
 // Initialize and register services on external gRPC server.
-func (s *Server) setupExternalGRPC(config *Config, logger hclog.Logger) {
+func (s *Server) setupExternalGRPC(config *Config, typeRegistry resource.Registry, logger hclog.Logger) {
 	s.externalACLServer = aclgrpc.NewServer(aclgrpc.Config{
 		ACLsEnabled: s.config.ACLsEnabled,
 		ForwardRPC: func(info structs.RPCInfo, fn func(*grpc.ClientConn) error) (bool, error) {
@@ -1351,7 +1343,7 @@ func (s *Server) setupExternalGRPC(config *Config, logger hclog.Logger) {
 	s.peerStreamServer.Register(s.externalGRPCServer)
 
 	s.resourceServiceServer = resourcegrpc.NewServer(resourcegrpc.Config{
-		Registry:    s.typeRegistry,
+		Registry:    typeRegistry,
 		Backend:     s.raftStorageBackend,
 		ACLResolver: s.ACLResolver,
 		Logger:      logger.Named("grpc-api.resource"),
@@ -1359,9 +1351,9 @@ func (s *Server) setupExternalGRPC(config *Config, logger hclog.Logger) {
 	s.resourceServiceServer.Register(s.externalGRPCServer)
 }
 
-func (s *Server) setupInsecureResourceServiceClient(logger hclog.Logger) error {
+func (s *Server) setupInsecureResourceServiceClient(typeRegistry resource.Registry, logger hclog.Logger) error {
 	server := resourcegrpc.NewServer(resourcegrpc.Config{
-		Registry:    s.typeRegistry,
+		Registry:    typeRegistry,
 		Backend:     s.raftStorageBackend,
 		ACLResolver: resolver.DANGER_NO_AUTH{},
 		Logger:      logger.Named("grpc-api.resource"),
diff --git a/agent/consul/type_registry.go b/agent/consul/type_registry.go
new file mode 100644
index 000000000000..1e5ba55a0ce9
--- /dev/null
+++ b/agent/consul/type_registry.go
@@ -0,0 +1,25 @@
+package consul
+
+import (
+	"github.com/hashicorp/consul/internal/catalog"
+	"github.com/hashicorp/consul/internal/mesh"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/resource/demo"
+)
+
+// NewTypeRegistry returns a registry populated with all supported resource
+// types.
+//
+// Note: the registry includes resource types that may not be suitable for
+// production use (e.g. experimental or development resource types) because
+// it is used in the CLI, where feature flags and other runtime configuration
+// may not be available.
+func NewTypeRegistry() resource.Registry {
+	registry := resource.NewRegistry()
+
+	demo.RegisterTypes(registry)
+	mesh.RegisterTypes(registry)
+	catalog.RegisterTypes(registry)
+
+	return registry
+}
diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go
index 9ae1f6597700..0af92f531629 100644
--- a/agent/rpc/peering/service_test.go
+++ b/agent/rpc/peering/service_test.go
@@ -15,6 +15,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/hashicorp/consul/internal/resource"
+
 	"github.com/google/tcpproxy"
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-uuid"
@@ -1950,6 +1952,7 @@ func newDefaultDeps(t *testing.T, c *consul.Config) consul.Deps {
 		NewRequestRecorderFunc:   middleware.NewRequestRecorder,
 		GetNetRPCInterceptorFunc: middleware.GetNetRPCInterceptor,
 		XDSStreamLimiter:         limiter.NewSessionLimiter(),
+		Registry:                 resource.NewRegistry(),
 	}
 }
 
diff --git a/agent/setup.go b/agent/setup.go
index 4d5d0feed7a1..7599668e33ed 100644
--- a/agent/setup.go
+++ b/agent/setup.go
@@ -260,6 +260,8 @@ func NewBaseDeps(configLoader ConfigLoader, logOut io.Writer, providedLogger hcl
 
 	d.XDSStreamLimiter = limiter.NewSessionLimiter()
 
+	d.Registry = consul.NewTypeRegistry()
+
 	return d, nil
 }
 
diff --git a/docs/resources/guide.md b/docs/resources/guide.md
index b3f389c006a6..c19566577b72 100644
--- a/docs/resources/guide.md
+++ b/docs/resources/guide.md
@@ -61,8 +61,10 @@ func RegisterTypes(r resource.Registry) {
 }
 ```
 
-Update the `registerResources` method in [`server.go`] to call your package's
-type registration method:
+Update the `NewTypeRegistry` method in [`type_registry.go`] to call your
+package's type registration method:
+
+[`type_registry.go`]: ../../agent/consul/type_registry.go
 
 ```Go
 import (
@@ -71,15 +73,13 @@ import (
 	// …
 )
 
-func (s *Server) registerResources() {
+func NewTypeRegistry() resource.Registry {
 	// …
-	foo.RegisterTypes(s.typeRegistry)
+    foo.RegisterTypes(registry)
 	// …
 }
 ```
 
-[`server.go`]: ../../agent/consul/server.go
-
 That should be all you need to start using your new resource type. Test it out
 by starting an agent in dev mode:
 
@@ -277,7 +277,9 @@ func (barReconciler) Reconcile(ctx context.Context, rt controller.Runtime, req c
 
 Next, register your controller with the controller manager. Another common
 pattern is to have your package expose a method for registering controllers,
-which is also called from `registerResources` in [`server.go`].
+which is called from `registerControllers` in [`server.go`].
+
+[`server.go`]: ../../agent/consul/server.go
 
 ```Go
 package foo
@@ -290,7 +292,7 @@ func RegisterControllers(mgr *controller.Manager) {
 ```Go
 package consul
 
-func (s *Server) registerResources() {
+func (s *Server) registerControllers() {
 	// …
 	foo.RegisterControllers(s.controllerManager)
 	// …

From 593051848969fe7a69aa5e0815b0fc0b61a33268 Mon Sep 17 00:00:00 2001
From: Poonam Jadhav <poonam.jadhav@hashicorp.com>
Date: Mon, 17 Jul 2023 09:44:49 -0400
Subject: [PATCH 174/359] fix: update delegateMock used in ENT (#18149)

### Description

<!-- Please describe why you're making this change, in plain English.
-->
The mock is used in `http_ent_test` file which caused lint failures. For
OSS->ENT parity adding the same change here.

### Links

<!--

Include any links here that might be helpful for people reviewing your
PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc).
If there are none, feel free to delete this section.

Please be mindful not to leak any customer or confidential information.
HashiCorp employees may want to use our internal URL shortener to
obfuscate links.

-->

Identified in OSS->ENT [merge
PR](https://github.com/hashicorp/consul-enterprise/pull/6328)

### PR Checklist

* [ ] ~updated test coverage~
* [ ] ~external facing docs updated~
* [x] appropriate backport labels added
* [ ] ~not a security concern~
---
 agent/delegate_mock_test.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/agent/delegate_mock_test.go b/agent/delegate_mock_test.go
index 9f91a6a0d919..7f0593473e74 100644
--- a/agent/delegate_mock_test.go
+++ b/agent/delegate_mock_test.go
@@ -15,6 +15,7 @@ import (
 	"github.com/hashicorp/consul/agent/consul"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/lib"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 type delegateMock struct {
@@ -76,3 +77,7 @@ func (m *delegateMock) Stats() map[string]map[string]string {
 func (m *delegateMock) ReloadConfig(config consul.ReloadableConfig) error {
 	return m.Called(config).Error(0)
 }
+
+func (m *delegateMock) ResourceServiceClient() pbresource.ResourceServiceClient {
+	return nil
+}

From bcc6a9d7523f0a411ed73b9d21e062aaa1f20daa Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Mon, 17 Jul 2023 11:32:49 -0400
Subject: [PATCH 175/359] Use JWT-auth filter in metadata mode & Delegate
 validation to RBAC filter (#18062)

### Description

<!-- Please describe why you're making this change, in plain English.
-->

- Currently the jwt-auth filter doesn't take into account the service
identity when validating jwt-auth, it only takes into account the path
and jwt provider during validation. This causes issues when multiple
source intentions restrict access to an endpoint with different JWT
providers.
- To fix these issues, rather than use the JWT auth filter for
validation, we use it in metadata mode and allow it to forward the
successful validated JWT token payload to the RBAC filter which will
make the decisions.

This PR ensures requests with and without JWT tokens successfully go
through the jwt-authn filter. The filter however only forwards the data
for successful/valid tokens. On the RBAC filter level, we check the
payload for claims and token issuer + existing rbac rules.

### Testing & Reproduction steps

<!--

* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions
to replicate
* Call out any important/ relevant unit tests, e2e tests or integration
tests you have added or are adding

-->

- This test covers a multi level jwt requirements (requirements at top
level and permissions level). It also assumes you have envoy running,
you have a redis and a sidecar proxy service registered, and have a way
to generate jwks with jwt. I mostly use:
https://www.scottbrady91.com/tools/jwt for this.

- first write your proxy defaults
```
Kind = "proxy-defaults"
name = "global"
config {
  protocol = "http"
}
```
- Create two providers
```
Kind = "jwt-provider"
Name = "auth0"
Issuer = "https://ronald.local"

JSONWebKeySet = {
    Local = {
     JWKS = "eyJrZXlzIjog....."
    }
}
```

```
Kind = "jwt-provider"
Name = "okta"
Issuer = "https://ronald.local"

JSONWebKeySet = {
   Local = {
     JWKS = "eyJrZXlzIjogW3...."
    }
}
```

- add a service intention
```
Kind = "service-intentions"
Name = "redis"

JWT = {
  Providers = [
    {
      Name = "okta"
    },
  ]
}

Sources = [
  {
    Name = "*"
    Permissions = [{
      Action = "allow"
      HTTP = {
        PathPrefix = "/workspace"
      }
      JWT = {
        Providers = [
          {
            Name = "okta"
            VerifyClaims = [
              {
                  Path = ["aud"]
                  Value = "my_client_app"
              },
              {
                Path = ["sub"]
                Value = "5be86359073c434bad2da3932222dabe"
              }
            ]
          },
        ]
      }

    },
    {
      Action = "allow"
      HTTP = {
        PathPrefix = "/"
      }
      JWT = {
        Providers = [
          {
            Name = "auth0"
          },
        ]
      }

    }]
  }
]
```
- generate 3 jwt tokens: 1 from auth0 jwks, 1 from okta jwks with
different claims than `/workspace` expects and 1 with correct claims
- connect to your envoy (change service and address as needed) to view
logs and potential errors. You can add: `-- --log-level debug` to see
what data is being forwarded
```
consul connect envoy -sidecar-for redis1 -grpc-addr 127.0.0.1:8502
```
- Make the following requests:
```
curl -s -H "Authorization: Bearer $Auth0_TOKEN" --insecure --cert leaf.cert --key leaf.key --cacert connect-ca.pem https://localhost:20000/workspace -v

RBAC filter denied

curl -s -H "Authorization: Bearer $Okta_TOKEN_with_wrong_claims" --insecure --cert leaf.cert --key leaf.key --cacert connect-ca.pem https://localhost:20000/workspace -v

RBAC filter denied

curl -s -H "Authorization: Bearer $Okta_TOKEN_with_correct_claims" --insecure --cert leaf.cert --key leaf.key --cacert connect-ca.pem https://localhost:20000/workspace -v

Successful request
```


### TODO

* [x] Update test coverage
* [ ] update integration tests (follow-up PR)
* [x] appropriate backport labels added
---
 agent/xds/jwt_authn.go                        | 210 ++++++-----
 agent/xds/jwt_authn_test.go                   | 235 ++-----------
 agent/xds/listeners.go                        |   9 +-
 agent/xds/rbac.go                             | 328 ++++++++++++------
 agent/xds/rbac_test.go                        |  56 ++-
 .../jwt_authn/intention-with-path.golden      |  13 +-
 .../testdata/jwt_authn/local-provider.golden  |   7 +-
 ...ltiple-providers-and-one-permission.golden |  52 ++-
 .../xds/testdata/jwt_authn/no-provider.golden |   1 +
 .../testdata/jwt_authn/remote-provider.golden |   7 +-
 .../top-level-provider-with-permission.golden |  30 +-
 ...jwt-with-one-permission--httpfilter.golden |  58 ++--
 ...evel-jwt-no-permissions--httpfilter.golden |  16 +-
 ...th-multiple-permissions--httpfilter.golden | 136 ++++++--
 ...jwt-with-one-permission--httpfilter.golden |  62 +++-
 .../test/jwtauth/jwt_auth_test.go             |   4 +-
 16 files changed, 634 insertions(+), 590 deletions(-)
 create mode 100644 agent/xds/testdata/jwt_authn/no-provider.golden

diff --git a/agent/xds/jwt_authn.go b/agent/xds/jwt_authn.go
index ba1c17bbc209..17b34e5cd6ce 100644
--- a/agent/xds/jwt_authn.go
+++ b/agent/xds/jwt_authn.go
@@ -13,6 +13,7 @@ import (
 	envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
 	"github.com/hashicorp/consul/agent/structs"
 	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/emptypb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
 )
 
@@ -22,129 +23,149 @@ const (
 	jwksClusterPrefix    = "jwks_cluster"
 )
 
-// This is an intermediate JWTProvider form used to associate
-// unique payload keys to providers
-type jwtAuthnProvider struct {
-	ComputedName string
-	Provider     *structs.IntentionJWTProvider
-}
-
-func makeJWTAuthFilter(pCE map[string]*structs.JWTProviderConfigEntry, intentions structs.SimplifiedIntentions) (*envoy_http_v3.HttpFilter, error) {
+// makeJWTAuthFilter builds jwt filter for envoy. It limits its use to referenced provider rather than every provider.
+//
+// Eg. If you have three providers: okta, auth0 and fusionAuth and only okta is referenced in your intentions, then this
+// will create a jwt-auth filter containing just okta in the list of providers.
+func makeJWTAuthFilter(providerMap map[string]*structs.JWTProviderConfigEntry, intentions structs.SimplifiedIntentions) (*envoy_http_v3.HttpFilter, error) {
 	providers := map[string]*envoy_http_jwt_authn_v3.JwtProvider{}
-	var rules []*envoy_http_jwt_authn_v3.RequirementRule
+	var jwtRequirements []*envoy_http_jwt_authn_v3.JwtRequirement
 
 	for _, intention := range intentions {
 		if intention.JWT == nil && !hasJWTconfig(intention.Permissions) {
 			continue
 		}
-		for _, jwtReq := range collectJWTAuthnProviders(intention) {
-			if _, ok := providers[jwtReq.ComputedName]; ok {
+		for _, p := range collectJWTProviders(intention) {
+			providerName := p.Name
+			if _, ok := providers[providerName]; ok {
 				continue
 			}
 
-			jwtProvider, ok := pCE[jwtReq.Provider.Name]
-
+			providerCE, ok := providerMap[providerName]
 			if !ok {
-				return nil, fmt.Errorf("provider specified in intention does not exist. Provider name: %s", jwtReq.Provider.Name)
+				return nil, fmt.Errorf("provider specified in intention does not exist. Provider name: %s", providerName)
 			}
-			// If intention permissions use HTTP-match criteria with
-			// VerifyClaims, then generate a clone of the jwt provider with a
-			// unique key for payload_in_metadata. The RBAC filter relies on
-			// the key to check the correct claims for the matched request.
-			envoyCfg, err := buildJWTProviderConfig(jwtProvider, jwtReq.ComputedName)
+
+			envoyCfg, err := buildJWTProviderConfig(providerCE)
 			if err != nil {
 				return nil, err
 			}
-			providers[jwtReq.ComputedName] = envoyCfg
-		}
-
-		for k, perm := range intention.Permissions {
-			if perm.JWT == nil {
-				continue
-			}
-			for _, prov := range perm.JWT.Providers {
-				rule := buildRouteRule(prov, perm, "/", k)
-				rules = append(rules, rule)
-			}
-		}
-
-		if intention.JWT != nil {
-			for _, provider := range intention.JWT.Providers {
-				// The top-level provider applies to all requests.
-				rule := buildRouteRule(provider, nil, "/", 0)
-				rules = append(rules, rule)
-			}
+			providers[providerName] = envoyCfg
+			reqs := providerToJWTRequirement(providerCE)
+			jwtRequirements = append(jwtRequirements, reqs)
 		}
 	}
 
-	if len(intentions) == 0 && len(providers) == 0 {
-		//do not add jwt_authn filter when intentions don't have JWT
+	if len(jwtRequirements) == 0 {
+		//do not add jwt_authn filter when intentions don't have JWTs
 		return nil, nil
 	}
 
 	cfg := &envoy_http_jwt_authn_v3.JwtAuthentication{
 		Providers: providers,
-		Rules:     rules,
+		Rules: []*envoy_http_jwt_authn_v3.RequirementRule{
+			{
+				Match: &envoy_route_v3.RouteMatch{
+					PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{Prefix: "/"},
+				},
+				RequirementType: makeJWTRequirementRule(andJWTRequirements(jwtRequirements)),
+			},
+		},
 	}
 	return makeEnvoyHTTPFilter(jwtEnvoyFilter, cfg)
 }
 
-func collectJWTAuthnProviders(i *structs.Intention) []*jwtAuthnProvider {
-	var reqs []*jwtAuthnProvider
+func makeJWTRequirementRule(r *envoy_http_jwt_authn_v3.JwtRequirement) *envoy_http_jwt_authn_v3.RequirementRule_Requires {
+	return &envoy_http_jwt_authn_v3.RequirementRule_Requires{
+		Requires: r,
+	}
+}
 
-	if i.JWT != nil {
-		for _, prov := range i.JWT.Providers {
-			reqs = append(reqs, &jwtAuthnProvider{Provider: prov, ComputedName: makeComputedProviderName(prov.Name, nil, 0)})
+// andJWTRequirements combines list of jwt requirements into a single jwt requirement.
+func andJWTRequirements(reqs []*envoy_http_jwt_authn_v3.JwtRequirement) *envoy_http_jwt_authn_v3.JwtRequirement {
+	switch len(reqs) {
+	case 0:
+		return nil
+	case 1:
+		return reqs[0]
+	default:
+		return &envoy_http_jwt_authn_v3.JwtRequirement{
+			RequiresType: &envoy_http_jwt_authn_v3.JwtRequirement_RequiresAll{
+				RequiresAll: &envoy_http_jwt_authn_v3.JwtRequirementAndList{
+					Requirements: reqs,
+				},
+			},
 		}
 	}
+}
 
-	reqs = append(reqs, getPermissionsProviders(i.Permissions)...)
+// providerToJWTRequirement builds the envoy jwtRequirement.
+//
+// Note: since the rbac filter is in charge of making decisions of allow/denied, this
+// requirement uses `allow_missing_or_failed` to ensure it is always satisfied.
+func providerToJWTRequirement(provider *structs.JWTProviderConfigEntry) *envoy_http_jwt_authn_v3.JwtRequirement {
+	return &envoy_http_jwt_authn_v3.JwtRequirement{
+		RequiresType: &envoy_http_jwt_authn_v3.JwtRequirement_RequiresAny{
+			RequiresAny: &envoy_http_jwt_authn_v3.JwtRequirementOrList{
+				Requirements: []*envoy_http_jwt_authn_v3.JwtRequirement{
+					{
+						RequiresType: &envoy_http_jwt_authn_v3.JwtRequirement_ProviderName{
+							ProviderName: provider.Name,
+						},
+					},
+					// We use allowMissingOrFailed to allow rbac filter to do the validation
+					{
+						RequiresType: &envoy_http_jwt_authn_v3.JwtRequirement_AllowMissingOrFailed{
+							AllowMissingOrFailed: &emptypb.Empty{},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+// collectJWTProviders returns a list of all top level and permission level referenced providers.
+func collectJWTProviders(i *structs.Intention) []*structs.IntentionJWTProvider {
+	// get permission level providers
+	reqs := getPermissionsProviders(i.Permissions)
+
+	if i.JWT != nil {
+		// get top level providers
+		reqs = append(reqs, i.JWT.Providers...)
+	}
 
 	return reqs
 }
 
-func getPermissionsProviders(p []*structs.IntentionPermission) []*jwtAuthnProvider {
-	var reqs []*jwtAuthnProvider
-	for k, perm := range p {
-		if perm.JWT == nil {
+func getPermissionsProviders(perms []*structs.IntentionPermission) []*structs.IntentionJWTProvider {
+	var reqs []*structs.IntentionJWTProvider
+	for _, p := range perms {
+		if p.JWT == nil {
 			continue
 		}
-		for _, prov := range perm.JWT.Providers {
-			reqs = append(reqs, &jwtAuthnProvider{Provider: prov, ComputedName: makeComputedProviderName(prov.Name, perm, k)})
-		}
+
+		reqs = append(reqs, p.JWT.Providers...)
 	}
 
 	return reqs
 }
 
-// makeComputedProviderName is used to create names for unique provider per permission
-// This is to stop jwt claims cross validation across permissions/providers.
-//
-// eg. If Permission x is the 3rd permission and has a provider of original name okta
-// this function will return okta_3 as the computed provider name
-func makeComputedProviderName(name string, perm *structs.IntentionPermission, idx int) string {
-	if perm == nil {
-		return name
-	}
-	return fmt.Sprintf("%s_%d", name, idx)
-}
-
-// buildPayloadInMetadataKey is used to create a unique payload key per provider/permissions.
-// This is to ensure claims are validated/forwarded specifically under the right permission/path
-// and ensure we don't accidentally validate claims from different permissions/providers.
+// buildPayloadInMetadataKey is used to create a unique payload key per provider.
+// This is to ensure claims are validated/forwarded specifically under the right provider.
+// The forwarded payload is used with other data (eg. service identity) by the RBAC filter
+// to validate access to resource.
 //
-// eg. With a provider named okta, the second permission in permission list will have a provider of:
-// okta_2 and a payload key of: jwt_payload_okta_2. Whereas an okta provider with no specific permission
-// will have a payload key of: jwt_payload_okta
-func buildPayloadInMetadataKey(providerName string, perm *structs.IntentionPermission, idx int) string {
-	return fmt.Sprintf("%s_%s", jwtMetadataKeyPrefix, makeComputedProviderName(providerName, perm, idx))
+// eg. With a provider named okta will have a payload key of: jwt_payload_okta
+func buildPayloadInMetadataKey(providerName string) string {
+	return jwtMetadataKeyPrefix + "_" + providerName
 }
 
-func buildJWTProviderConfig(p *structs.JWTProviderConfigEntry, metadataKeySuffix string) (*envoy_http_jwt_authn_v3.JwtProvider, error) {
+func buildJWTProviderConfig(p *structs.JWTProviderConfigEntry) (*envoy_http_jwt_authn_v3.JwtProvider, error) {
 	envoyCfg := envoy_http_jwt_authn_v3.JwtProvider{
 		Issuer:            p.Issuer,
 		Audiences:         p.Audiences,
-		PayloadInMetadata: buildPayloadInMetadataKey(metadataKeySuffix, nil, 0),
+		PayloadInMetadata: buildPayloadInMetadataKey(p.Name),
 	}
 
 	if p.Forwarding != nil {
@@ -262,43 +283,6 @@ func buildJWTRetryPolicy(r *structs.JWKSRetryPolicy) *envoy_core_v3.RetryPolicy
 	return &pol
 }
 
-func buildRouteRule(provider *structs.IntentionJWTProvider, perm *structs.IntentionPermission, defaultPrefix string, permIdx int) *envoy_http_jwt_authn_v3.RequirementRule {
-	rule := &envoy_http_jwt_authn_v3.RequirementRule{
-		Match: &envoy_route_v3.RouteMatch{
-			PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{Prefix: defaultPrefix},
-		},
-		RequirementType: &envoy_http_jwt_authn_v3.RequirementRule_Requires{
-			Requires: &envoy_http_jwt_authn_v3.JwtRequirement{
-				RequiresType: &envoy_http_jwt_authn_v3.JwtRequirement_ProviderName{
-					ProviderName: makeComputedProviderName(provider.Name, perm, permIdx),
-				},
-			},
-		},
-	}
-
-	if perm != nil && perm.HTTP != nil {
-		if perm.HTTP.PathPrefix != "" {
-			rule.Match.PathSpecifier = &envoy_route_v3.RouteMatch_Prefix{
-				Prefix: perm.HTTP.PathPrefix,
-			}
-		}
-
-		if perm.HTTP.PathExact != "" {
-			rule.Match.PathSpecifier = &envoy_route_v3.RouteMatch_Path{
-				Path: perm.HTTP.PathExact,
-			}
-		}
-
-		if perm.HTTP.PathRegex != "" {
-			rule.Match.PathSpecifier = &envoy_route_v3.RouteMatch_SafeRegex{
-				SafeRegex: makeEnvoyRegexMatch(perm.HTTP.PathRegex),
-			}
-		}
-	}
-
-	return rule
-}
-
 func hasJWTconfig(p []*structs.IntentionPermission) bool {
 	for _, perm := range p {
 		if perm.JWT != nil {
diff --git a/agent/xds/jwt_authn_test.go b/agent/xds/jwt_authn_test.go
index b2a7d7ce54df..ab8665b1dc3a 100644
--- a/agent/xds/jwt_authn_test.go
+++ b/agent/xds/jwt_authn_test.go
@@ -9,7 +9,6 @@ import (
 	"testing"
 
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
-	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
 	envoy_http_jwt_authn_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/stretchr/testify/require"
@@ -173,6 +172,10 @@ func TestMakeJWTAUTHFilters(t *testing.T) {
 		intentions structs.SimplifiedIntentions
 		provider   map[string]*structs.JWTProviderConfigEntry
 	}{
+		"no-provider": {
+			intentions: simplified(makeTestIntention(t, ixnOpts{src: "web", action: structs.IntentionActionAllow})),
+			provider:   nil,
+		},
 		"remote-provider": {
 			intentions: simplified(makeTestIntention(t, ixnOpts{src: "web", action: structs.IntentionActionAllow, jwt: oktaIntention})),
 			provider:   remoteCE,
@@ -206,123 +209,45 @@ func TestMakeJWTAUTHFilters(t *testing.T) {
 	}
 }
 
-func TestMakeComputedProviderName(t *testing.T) {
-	tests := map[string]struct {
-		name     string
-		perm     *structs.IntentionPermission
-		idx      int
-		expected string
-	}{
-		"no-permissions": {
-			name:     "okta",
-			idx:      0,
-			expected: "okta",
-		},
-		"exact-path-permission": {
-			name: "auth0",
-			perm: &structs.IntentionPermission{
-				HTTP: &structs.IntentionHTTPPermission{
-					PathExact: "admin",
-				},
-			},
-			idx:      5,
-			expected: "auth0_5",
-		},
-	}
-
-	for name, tt := range tests {
-		tt := tt
-		t.Run(name, func(t *testing.T) {
-			reqs := makeComputedProviderName(tt.name, tt.perm, tt.idx)
-			require.Equal(t, reqs, tt.expected)
-		})
-	}
-}
-
-func TestBuildPayloadInMetadataKey(t *testing.T) {
-	tests := map[string]struct {
-		name     string
-		perm     *structs.IntentionPermission
-		permIdx  int
-		expected string
-	}{
-		"no-permissions": {
-			name:     "okta",
-			expected: "jwt_payload_okta",
-		},
-		"path-prefix-permission": {
-			name: "auth0",
-			perm: &structs.IntentionPermission{
-				HTTP: &structs.IntentionHTTPPermission{
-					PathPrefix: "admin",
-				},
-			},
-			permIdx:  4,
-			expected: "jwt_payload_auth0_4",
-		},
-	}
-
-	for name, tt := range tests {
-		tt := tt
-		t.Run(name, func(t *testing.T) {
-			reqs := buildPayloadInMetadataKey(tt.name, tt.perm, tt.permIdx)
-			require.Equal(t, reqs, tt.expected)
-		})
-	}
-}
-
-func TestCollectJWTAuthnProviders(t *testing.T) {
+func TestCollectJWTProviders(t *testing.T) {
 	tests := map[string]struct {
 		intention *structs.Intention
-		expected  []*jwtAuthnProvider
+		expected  []*structs.IntentionJWTProvider
 	}{
 		"empty-top-level-jwt-and-empty-permissions": {
 			intention: makeTestIntention(t, ixnOpts{src: "web"}),
-			expected:  []*jwtAuthnProvider{},
+			expected:  []*structs.IntentionJWTProvider{},
 		},
 		"top-level-jwt-and-empty-permissions": {
 			intention: makeTestIntention(t, ixnOpts{src: "web", jwt: oktaIntention}),
-			expected:  []*jwtAuthnProvider{{Provider: &oktaProvider, ComputedName: oktaProvider.Name}},
+			expected:  []*structs.IntentionJWTProvider{&oktaProvider},
 		},
 		"multi-top-level-jwt-and-empty-permissions": {
 			intention: makeTestIntention(t, ixnOpts{src: "web", jwt: multiProviderIntentions}),
-			expected: []*jwtAuthnProvider{
-				{Provider: &oktaProvider, ComputedName: oktaProvider.Name},
-				{Provider: &auth0Provider, ComputedName: auth0Provider.Name},
-			},
+			expected:  []*structs.IntentionJWTProvider{&oktaProvider, &auth0Provider},
 		},
 		"top-level-jwt-and-one-jwt-permission": {
 			intention: makeTestIntention(t, ixnOpts{src: "web", jwt: auth0Intention, perms: pWithOktaProvider}),
-			expected: []*jwtAuthnProvider{
-				{Provider: &auth0Provider, ComputedName: auth0Provider.Name},
-				{Provider: &oktaProvider, ComputedName: "okta_0"},
-			},
+			expected:  []*structs.IntentionJWTProvider{&auth0Provider, &oktaProvider},
 		},
 		"top-level-jwt-and-multi-jwt-permissions": {
 			intention: makeTestIntention(t, ixnOpts{src: "web", jwt: fakeIntention, perms: pWithMultiProviders}),
-			expected: []*jwtAuthnProvider{
-				{Provider: &fakeProvider, ComputedName: fakeProvider.Name},
-				{Provider: &oktaProvider, ComputedName: "okta_0"},
-				{Provider: &auth0Provider, ComputedName: "auth0_0"},
-			},
+			expected:  []*structs.IntentionJWTProvider{&fakeProvider, &oktaProvider, &auth0Provider},
 		},
 		"empty-top-level-jwt-and-one-jwt-permission": {
 			intention: makeTestIntention(t, ixnOpts{src: "web", perms: pWithOktaProvider}),
-			expected:  []*jwtAuthnProvider{{Provider: &oktaProvider, ComputedName: "okta_0"}},
+			expected:  []*structs.IntentionJWTProvider{&oktaProvider},
 		},
 		"empty-top-level-jwt-and-multi-jwt-permission": {
 			intention: makeTestIntention(t, ixnOpts{src: "web", perms: pWithMultiProviders}),
-			expected: []*jwtAuthnProvider{
-				{Provider: &oktaProvider, ComputedName: "okta_0"},
-				{Provider: &auth0Provider, ComputedName: "auth0_0"},
-			},
+			expected:  []*structs.IntentionJWTProvider{&oktaProvider, &auth0Provider},
 		},
 	}
 
 	for name, tt := range tests {
 		tt := tt
 		t.Run(name, func(t *testing.T) {
-			reqs := collectJWTAuthnProviders(tt.intention)
+			reqs := collectJWTProviders(tt.intention)
 			require.ElementsMatch(t, reqs, tt.expected)
 		})
 	}
@@ -331,43 +256,35 @@ func TestCollectJWTAuthnProviders(t *testing.T) {
 func TestGetPermissionsProviders(t *testing.T) {
 	tests := map[string]struct {
 		perms    []*structs.IntentionPermission
-		expected []*jwtAuthnProvider
+		expected []*structs.IntentionJWTProvider
 	}{
 		"empty-permissions": {
 			perms:    []*structs.IntentionPermission{},
-			expected: []*jwtAuthnProvider{},
+			expected: []*structs.IntentionJWTProvider{},
 		},
 		"nil-permissions": {
 			perms:    nil,
-			expected: []*jwtAuthnProvider{},
+			expected: []*structs.IntentionJWTProvider{},
 		},
 		"permissions-with-no-jwt": {
 			perms:    []*structs.IntentionPermission{pWithNoJWT},
-			expected: []*jwtAuthnProvider{},
+			expected: []*structs.IntentionJWTProvider{},
 		},
 		"permissions-with-one-jwt": {
-			perms: []*structs.IntentionPermission{pWithOktaProvider, pWithNoJWT},
-			expected: []*jwtAuthnProvider{
-				{Provider: &oktaProvider, ComputedName: "okta_0"},
-			},
+			perms:    []*structs.IntentionPermission{pWithOktaProvider, pWithNoJWT},
+			expected: []*structs.IntentionJWTProvider{&oktaProvider},
 		},
 		"permissions-with-multiple-jwt": {
-			perms: []*structs.IntentionPermission{pWithMultiProviders, pWithNoJWT},
-			expected: []*jwtAuthnProvider{
-				{Provider: &auth0Provider, ComputedName: "auth0_0"},
-				{Provider: &oktaProvider, ComputedName: "okta_0"},
-			},
+			perms:    []*structs.IntentionPermission{pWithMultiProviders, pWithNoJWT},
+			expected: []*structs.IntentionJWTProvider{&auth0Provider, &oktaProvider},
 		},
 	}
 
 	for name, tt := range tests {
 		tt := tt
 		t.Run(name, func(t *testing.T) {
-			t.Run("getPermissionsProviders", func(t *testing.T) {
-				p := getPermissionsProviders(tt.perms)
-
-				require.ElementsMatch(t, p, tt.expected)
-			})
+			p := getPermissionsProviders(tt.perms)
+			require.ElementsMatch(t, p, tt.expected)
 		})
 	}
 }
@@ -415,7 +332,7 @@ func TestBuildJWTProviderConfig(t *testing.T) {
 				Issuer:                  fullCE.Issuer,
 				Audiences:               fullCE.Audiences,
 				ForwardPayloadHeader:    "user-token",
-				PayloadInMetadata:       buildPayloadInMetadataKey(ceRemoteJWKS.Name, nil, 0),
+				PayloadInMetadata:       buildPayloadInMetadataKey(ceRemoteJWKS.Name),
 				PadForwardPayloadHeader: false,
 				Forward:                 true,
 				JwksSourceSpecifier: &envoy_http_jwt_authn_v3.JwtProvider_LocalJwks{
@@ -433,7 +350,7 @@ func TestBuildJWTProviderConfig(t *testing.T) {
 			expected: &envoy_http_jwt_authn_v3.JwtProvider{
 				Issuer:            fullCE.Issuer,
 				Audiences:         fullCE.Audiences,
-				PayloadInMetadata: buildPayloadInMetadataKey(ceRemoteJWKS.Name, nil, 0),
+				PayloadInMetadata: buildPayloadInMetadataKey(ceRemoteJWKS.Name),
 				JwksSourceSpecifier: &envoy_http_jwt_authn_v3.JwtProvider_RemoteJwks{
 					RemoteJwks: &envoy_http_jwt_authn_v3.RemoteJwks{
 						HttpUri: &envoy_core_v3.HttpUri{
@@ -453,7 +370,7 @@ func TestBuildJWTProviderConfig(t *testing.T) {
 	for name, tt := range tests {
 		tt := tt
 		t.Run(name, func(t *testing.T) {
-			res, err := buildJWTProviderConfig(tt.ce, tt.ce.GetName())
+			res, err := buildJWTProviderConfig(tt.ce)
 
 			if tt.expectedError != "" {
 				require.Error(t, err)
@@ -620,104 +537,6 @@ func TestBuildJWTRetryPolicy(t *testing.T) {
 	}
 }
 
-func TestBuildRouteRule(t *testing.T) {
-	var (
-		pWithExactPath = &structs.IntentionPermission{
-			Action: structs.IntentionActionAllow,
-			HTTP: &structs.IntentionHTTPPermission{
-				PathExact: "/exact-match",
-			},
-		}
-		pWithRegex = &structs.IntentionPermission{
-			Action: structs.IntentionActionAllow,
-			HTTP: &structs.IntentionHTTPPermission{
-				PathRegex: "p([a-z]+)ch",
-			},
-		}
-	)
-	tests := map[string]struct {
-		provider *structs.IntentionJWTProvider
-		perm     *structs.IntentionPermission
-		route    string
-		expected *envoy_http_jwt_authn_v3.RequirementRule
-	}{
-		"permission-nil": {
-			provider: &oktaProvider,
-			perm:     nil,
-			route:    "/my-route",
-			expected: &envoy_http_jwt_authn_v3.RequirementRule{
-				Match: &envoy_route_v3.RouteMatch{PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{Prefix: "/my-route"}},
-				RequirementType: &envoy_http_jwt_authn_v3.RequirementRule_Requires{
-					Requires: &envoy_http_jwt_authn_v3.JwtRequirement{
-						RequiresType: &envoy_http_jwt_authn_v3.JwtRequirement_ProviderName{
-							ProviderName: oktaProvider.Name,
-						},
-					},
-				},
-			},
-		},
-		"permission-with-path-prefix": {
-			provider: &oktaProvider,
-			perm:     pWithOktaProvider,
-			route:    "/my-route",
-			expected: &envoy_http_jwt_authn_v3.RequirementRule{
-				Match: &envoy_route_v3.RouteMatch{PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{
-					Prefix: pWithMultiProviders.HTTP.PathPrefix,
-				}},
-				RequirementType: &envoy_http_jwt_authn_v3.RequirementRule_Requires{
-					Requires: &envoy_http_jwt_authn_v3.JwtRequirement{
-						RequiresType: &envoy_http_jwt_authn_v3.JwtRequirement_ProviderName{
-							ProviderName: makeComputedProviderName(oktaProvider.Name, pWithMultiProviders, 0),
-						},
-					},
-				},
-			},
-		},
-		"permission-with-exact-path": {
-			provider: &oktaProvider,
-			perm:     pWithExactPath,
-			route:    "/",
-			expected: &envoy_http_jwt_authn_v3.RequirementRule{
-				Match: &envoy_route_v3.RouteMatch{PathSpecifier: &envoy_route_v3.RouteMatch_Path{
-					Path: pWithExactPath.HTTP.PathExact,
-				}},
-				RequirementType: &envoy_http_jwt_authn_v3.RequirementRule_Requires{
-					Requires: &envoy_http_jwt_authn_v3.JwtRequirement{
-						RequiresType: &envoy_http_jwt_authn_v3.JwtRequirement_ProviderName{
-							ProviderName: makeComputedProviderName(oktaProvider.Name, pWithExactPath, 0),
-						},
-					},
-				},
-			},
-		},
-		"permission-with-regex": {
-			provider: &oktaProvider,
-			perm:     pWithRegex,
-			route:    "/",
-			expected: &envoy_http_jwt_authn_v3.RequirementRule{
-				Match: &envoy_route_v3.RouteMatch{PathSpecifier: &envoy_route_v3.RouteMatch_SafeRegex{
-					SafeRegex: makeEnvoyRegexMatch(pWithRegex.HTTP.PathRegex),
-				}},
-				RequirementType: &envoy_http_jwt_authn_v3.RequirementRule_Requires{
-					Requires: &envoy_http_jwt_authn_v3.JwtRequirement{
-						RequiresType: &envoy_http_jwt_authn_v3.JwtRequirement_ProviderName{
-							ProviderName: makeComputedProviderName(oktaProvider.Name, pWithRegex, 0),
-						},
-					},
-				},
-			},
-		},
-	}
-
-	for name, tt := range tests {
-		tt := tt
-		t.Run(name, func(t *testing.T) {
-			res := buildRouteRule(tt.provider, tt.perm, tt.route, 0)
-			require.Equal(t, res, tt.expected)
-		})
-	}
-}
-
 func TestHasJWTconfig(t *testing.T) {
 	tests := map[string]struct {
 		perms    []*structs.IntentionPermission
diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go
index 6e67cd1c564e..71e5b285e146 100644
--- a/agent/xds/listeners.go
+++ b/agent/xds/listeners.go
@@ -1291,6 +1291,7 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot
 					partition:   cfgSnap.ProxyID.PartitionOrDefault(),
 				},
 				cfgSnap.ConnectProxy.InboundPeerTrustBundles,
+				cfgSnap.JWTProviders,
 			)
 			if err != nil {
 				return nil, err
@@ -1364,9 +1365,9 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot
 		logger:           s.Logger,
 	}
 	if useHTTPFilter {
-		jwtFilter, jwtFilterErr := makeJWTAuthFilter(cfgSnap.JWTProviders, cfgSnap.ConnectProxy.Intentions)
-		if jwtFilterErr != nil {
-			return nil, jwtFilterErr
+		jwtFilter, err := makeJWTAuthFilter(cfgSnap.JWTProviders, cfgSnap.ConnectProxy.Intentions)
+		if err != nil {
+			return nil, err
 		}
 		rbacFilter, err := makeRBACHTTPFilter(
 			cfgSnap.ConnectProxy.Intentions,
@@ -1377,6 +1378,7 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot
 				partition:   cfgSnap.ProxyID.PartitionOrDefault(),
 			},
 			cfgSnap.ConnectProxy.InboundPeerTrustBundles,
+			cfgSnap.JWTProviders,
 		)
 		if err != nil {
 			return nil, err
@@ -1844,6 +1846,7 @@ func (s *ResourceGenerator) makeFilterChainTerminatingGateway(cfgSnap *proxycfg.
 				partition:   cfgSnap.ProxyID.PartitionOrDefault(),
 			},
 			nil, // TODO(peering): verify intentions w peers don't apply to terminatingGateway
+			cfgSnap.JWTProviders,
 		)
 		if err != nil {
 			return nil, err
diff --git a/agent/xds/rbac.go b/agent/xds/rbac.go
index 4cb77ad7f028..f38525abb78d 100644
--- a/agent/xds/rbac.go
+++ b/agent/xds/rbac.go
@@ -28,7 +28,10 @@ func makeRBACNetworkFilter(
 	localInfo rbacLocalInfo,
 	peerTrustBundles []*pbpeering.PeeringTrustBundle,
 ) (*envoy_listener_v3.Filter, error) {
-	rules := makeRBACRules(intentions, intentionDefaultAllow, localInfo, false, peerTrustBundles)
+	rules, err := makeRBACRules(intentions, intentionDefaultAllow, localInfo, false, peerTrustBundles, nil)
+	if err != nil {
+		return nil, err
+	}
 
 	cfg := &envoy_network_rbac_v3.RBAC{
 		StatPrefix: "connect_authz",
@@ -42,8 +45,12 @@ func makeRBACHTTPFilter(
 	intentionDefaultAllow bool,
 	localInfo rbacLocalInfo,
 	peerTrustBundles []*pbpeering.PeeringTrustBundle,
+	providerMap map[string]*structs.JWTProviderConfigEntry,
 ) (*envoy_http_v3.HttpFilter, error) {
-	rules := makeRBACRules(intentions, intentionDefaultAllow, localInfo, true, peerTrustBundles)
+	rules, err := makeRBACRules(intentions, intentionDefaultAllow, localInfo, true, peerTrustBundles, providerMap)
+	if err != nil {
+		return nil, err
+	}
 
 	cfg := &envoy_http_rbac_v3.RBAC{
 		Rules: rules,
@@ -56,7 +63,8 @@ func intentionListToIntermediateRBACForm(
 	localInfo rbacLocalInfo,
 	isHTTP bool,
 	trustBundlesByPeer map[string]*pbpeering.PeeringTrustBundle,
-) []*rbacIntention {
+	providerMap map[string]*structs.JWTProviderConfigEntry,
+) ([]*rbacIntention, error) {
 	sort.Sort(structs.IntentionPrecedenceSorter(intentions))
 
 	// Omit any lower-precedence intentions that share the same source.
@@ -73,10 +81,13 @@ func intentionListToIntermediateRBACForm(
 			continue
 		}
 
-		rixn := intentionToIntermediateRBACForm(ixn, localInfo, isHTTP, trustBundle)
+		rixn, err := intentionToIntermediateRBACForm(ixn, localInfo, isHTTP, trustBundle, providerMap)
+		if err != nil {
+			return nil, err
+		}
 		rbacIxns = append(rbacIxns, rixn)
 	}
-	return rbacIxns
+	return rbacIxns, nil
 }
 
 func removeSourcePrecedence(rbacIxns []*rbacIntention, intentionDefaultAction intentionAction, localInfo rbacLocalInfo) []*rbacIntention {
@@ -216,7 +227,8 @@ func intentionToIntermediateRBACForm(
 	localInfo rbacLocalInfo,
 	isHTTP bool,
 	bundle *pbpeering.PeeringTrustBundle,
-) *rbacIntention {
+	providerMap map[string]*structs.JWTProviderConfigEntry,
+) (*rbacIntention, error) {
 	rixn := &rbacIntention{
 		Source: rbacService{
 			ServiceName: ixn.SourceServiceName(),
@@ -233,36 +245,41 @@ func intentionToIntermediateRBACForm(
 	}
 
 	if isHTTP && ixn.JWT != nil {
-		var c []*JWTInfo
+		var jwts []*JWTInfo
 		for _, prov := range ixn.JWT.Providers {
-			if len(prov.VerifyClaims) > 0 {
-				c = append(c, makeJWTInfos(prov, nil, 0))
+			jwtProvider, ok := providerMap[prov.Name]
+
+			if !ok {
+				return nil, fmt.Errorf("provider specified in intention does not exist. Provider name: %s", prov.Name)
 			}
+			jwts = append(jwts, newJWTInfo(prov, jwtProvider))
 		}
-		if len(c) > 0 {
-			rixn.jwtInfos = c
-		}
+
+		rixn.jwtInfos = jwts
 	}
 
 	if len(ixn.Permissions) > 0 {
 		if isHTTP {
 			rixn.Action = intentionActionLayer7
 			rixn.Permissions = make([]*rbacPermission, 0, len(ixn.Permissions))
-			for k, perm := range ixn.Permissions {
+			for _, perm := range ixn.Permissions {
 				rbacPerm := rbacPermission{
 					Definition: perm,
 					Action:     intentionActionFromString(perm.Action),
 					Perm:       convertPermission(perm),
 				}
+
 				if perm.JWT != nil {
-					var c []*JWTInfo
+					var jwts []*JWTInfo
 					for _, prov := range perm.JWT.Providers {
-						if len(prov.VerifyClaims) > 0 {
-							c = append(c, makeJWTInfos(prov, perm, k))
+						jwtProvider, ok := providerMap[prov.Name]
+						if !ok {
+							return nil, fmt.Errorf("provider specified in intention does not exist. Provider name: %s", prov.Name)
 						}
+						jwts = append(jwts, newJWTInfo(prov, jwtProvider))
 					}
-					if len(c) > 0 {
-						rbacPerm.jwtInfos = c
+					if len(jwts) > 0 {
+						rbacPerm.jwtInfos = jwts
 					}
 				}
 				rixn.Permissions = append(rixn.Permissions, &rbacPerm)
@@ -275,18 +292,24 @@ func intentionToIntermediateRBACForm(
 		rixn.Action = intentionActionFromString(ixn.Action)
 	}
 
-	return rixn
+	return rixn, nil
 }
 
-func makeJWTInfos(p *structs.IntentionJWTProvider, perm *structs.IntentionPermission, permKey int) *JWTInfo {
-	return &JWTInfo{Claims: p.VerifyClaims, MetadataPayloadKey: buildPayloadInMetadataKey(p.Name, perm, permKey)}
+func newJWTInfo(p *structs.IntentionJWTProvider, ce *structs.JWTProviderConfigEntry) *JWTInfo {
+	return &JWTInfo{
+		Provider: p,
+		Issuer:   ce.Issuer,
+	}
 }
 
 type intentionAction int
 
 type JWTInfo struct {
-	Claims             []*structs.IntentionJWTClaimVerification
-	MetadataPayloadKey string
+	// Provider issuer
+	// this information is coming from the config entry
+	Issuer string
+	// Provider is the intention provider
+	Provider *structs.IntentionJWTProvider
 }
 
 const (
@@ -341,26 +364,32 @@ type rbacIntention struct {
 }
 
 func (r *rbacIntention) FlattenPrincipal(localInfo rbacLocalInfo) *envoy_rbac_v3.Principal {
+	var principal *envoy_rbac_v3.Principal
 	if !localInfo.expectXFCC {
-		return r.flattenPrincipalFromCert()
-
+		principal = r.flattenPrincipalFromCert()
 	} else if r.Source.Peer == "" {
 		// NOTE: ixnSourceMatches should enforce that all of Source and NotSources
 		// are peered or not-peered, so we only need to look at the Source element.
-		return r.flattenPrincipalFromCert() // intention is not relevant to peering
-	}
+		principal = r.flattenPrincipalFromCert() // intention is not relevant to peering
+	} else {
+		// If this intention is an L7 peered one, then it is exclusively resolvable
+		// using XFCC, rather than the TLS SAN field.
+		fromXFCC := r.flattenPrincipalFromXFCC()
+
+		// Use of the XFCC one is gated on coming directly from our own gateways.
+		gwIDPattern := makeSpiffeMeshGatewayPattern(localInfo.trustDomain, localInfo.partition)
 
-	// If this intention is an L7 peered one, then it is exclusively resolvable
-	// using XFCC, rather than the TLS SAN field.
-	fromXFCC := r.flattenPrincipalFromXFCC()
+		principal = andPrincipals([]*envoy_rbac_v3.Principal{
+			authenticatedPatternPrincipal(gwIDPattern),
+			fromXFCC,
+		})
+	}
 
-	// Use of the XFCC one is gated on coming directly from our own gateways.
-	gwIDPattern := makeSpiffeMeshGatewayPattern(localInfo.trustDomain, localInfo.partition)
+	if len(r.jwtInfos) == 0 {
+		return principal
+	}
 
-	return andPrincipals([]*envoy_rbac_v3.Principal{
-		authenticatedPatternPrincipal(gwIDPattern),
-		fromXFCC,
-	})
+	return addJWTPrincipal(principal, r.jwtInfos)
 }
 
 func (r *rbacIntention) flattenPrincipalFromCert() *envoy_rbac_v3.Principal {
@@ -417,17 +446,47 @@ type rbacPermission struct {
 	ComputedPermission *envoy_rbac_v3.Permission
 }
 
+// Flatten ensure the permission rules, not-rules, and jwt validation rules are merged into a single computed permission.
+//
+// Details on JWTInfo section:
+// For each JWTInfo (AKA provider required), this builds 1 single permission that validates that the jwt has
+// the right issuer (`iss`) field and validates the claims (if any).
+//
+// After generating a single permission per info, it combines all the info permissions into a single OrPermission.
+// This orPermission is then attached to initial computed permission for jwt payload and claims validation.
 func (p *rbacPermission) Flatten() *envoy_rbac_v3.Permission {
-	if len(p.NotPerms) == 0 {
-		return p.Perm
+	computedPermission := p.Perm
+	if len(p.NotPerms) == 0 && len(p.jwtInfos) == 0 {
+		return computedPermission
 	}
 
-	parts := make([]*envoy_rbac_v3.Permission, 0, len(p.NotPerms)+1)
-	parts = append(parts, p.Perm)
-	for _, notPerm := range p.NotPerms {
-		parts = append(parts, notPermission(notPerm))
+	if len(p.NotPerms) != 0 {
+		parts := make([]*envoy_rbac_v3.Permission, 0, len(p.NotPerms)+1)
+		parts = append(parts, p.Perm)
+		for _, notPerm := range p.NotPerms {
+			parts = append(parts, notPermission(notPerm))
+		}
+		computedPermission = andPermissions(parts)
 	}
-	return andPermissions(parts)
+
+	if len(p.jwtInfos) == 0 {
+		return computedPermission
+	}
+
+	var jwtPerms []*envoy_rbac_v3.Permission
+	for _, info := range p.jwtInfos {
+		payloadKey := buildPayloadInMetadataKey(info.Provider.Name)
+		claimsPermission := jwtInfosToPermission(info.Provider.VerifyClaims, payloadKey)
+		issuerPermission := segmentToPermission(pathToSegments([]string{"iss"}, payloadKey), info.Issuer)
+
+		perm := andPermissions([]*envoy_rbac_v3.Permission{
+			issuerPermission, claimsPermission,
+		})
+		jwtPerms = append(jwtPerms, perm)
+	}
+
+	jwtPerm := orPermissions(jwtPerms)
+	return andPermissions([]*envoy_rbac_v3.Permission{computedPermission, jwtPerm})
 }
 
 // simplifyNotSourceSlice will collapse NotSources elements together if any element is
@@ -526,7 +585,8 @@ func makeRBACRules(
 	localInfo rbacLocalInfo,
 	isHTTP bool,
 	peerTrustBundles []*pbpeering.PeeringTrustBundle,
-) *envoy_rbac_v3.RBAC {
+	providerMap map[string]*structs.JWTProviderConfigEntry,
+) (*envoy_rbac_v3.RBAC, error) {
 	// TODO(banks,rb): Implement revocation list checking?
 
 	// TODO(peering): mkeeler asked that these maps come from proxycfg instead of
@@ -546,7 +606,10 @@ func makeRBACRules(
 	}
 
 	// First build up just the basic principal matches.
-	rbacIxns := intentionListToIntermediateRBACForm(intentions, localInfo, isHTTP, trustBundlesByPeer)
+	rbacIxns, err := intentionListToIntermediateRBACForm(intentions, localInfo, isHTTP, trustBundlesByPeer, providerMap)
+	if err != nil {
+		return nil, err
+	}
 
 	// Normalize: if we are in default-deny then all intentions must be allows and vice versa
 	intentionDefaultAction := intentionActionFromBool(intentionDefaultAllow)
@@ -574,10 +637,6 @@ func makeRBACRules(
 
 	var principalsL4 []*envoy_rbac_v3.Principal
 	for i, rbacIxn := range rbacIxns {
-		var infos []*JWTInfo
-		if isHTTP {
-			infos = collectJWTInfos(rbacIxn)
-		}
 		if rbacIxn.Action == intentionActionLayer7 {
 			if len(rbacIxn.Permissions) == 0 {
 				panic("invalid state: L7 intention has no permissions")
@@ -587,10 +646,6 @@ func makeRBACRules(
 			}
 
 			rbacPrincipals := optimizePrincipals([]*envoy_rbac_v3.Principal{rbacIxn.ComputedPrincipal})
-			if len(infos) > 0 {
-				claimsPrincipal := jwtInfosToPrincipals(infos)
-				rbacPrincipals = combineBasePrincipalWithJWTPrincipals(rbacPrincipals, claimsPrincipal)
-			}
 			// For L7: we should generate one Policy per Principal and list all of the Permissions
 			policy := &envoy_rbac_v3.Policy{
 				Principals:  rbacPrincipals,
@@ -603,11 +658,6 @@ func makeRBACRules(
 		} else {
 			// For L4: we should generate one big Policy listing all Principals
 			principalsL4 = append(principalsL4, rbacIxn.ComputedPrincipal)
-			// Append JWT principals to list of principals
-			if len(infos) > 0 {
-				claimsPrincipal := jwtInfosToPrincipals(infos)
-				principalsL4 = combineBasePrincipalWithJWTPrincipals(principalsL4, claimsPrincipal)
-			}
 		}
 	}
 	if len(principalsL4) > 0 {
@@ -620,59 +670,74 @@ func makeRBACRules(
 	if len(rbac.Policies) == 0 {
 		rbac.Policies = nil
 	}
-	return rbac
+	return rbac, nil
 }
 
-// combineBasePrincipalWithJWTPrincipals ensure each RBAC/Network principal is associated with
-// the JWT principal
-func combineBasePrincipalWithJWTPrincipals(p []*envoy_rbac_v3.Principal, cp *envoy_rbac_v3.Principal) []*envoy_rbac_v3.Principal {
-	res := make([]*envoy_rbac_v3.Principal, 0)
-
-	for _, principal := range p {
-		if principal != nil && cp != nil {
-			p := andPrincipals([]*envoy_rbac_v3.Principal{principal, cp})
-			res = append(res, p)
+// addJWTPrincipal ensure the passed RBAC/Network principal is associated with
+// a JWT principal when JWTs validation is required.
+//
+// For each jwtInfo, this builds a first principal that validates that the jwt has the right issuer (`iss`).
+// It collects all the claims principal and combines them into a single principal using jwtClaimsToPrincipals.
+// It then combines the issuer principal and the claims principal into a single principal.
+//
+// After generating a single principal per info, it combines all the info principals into a single jwt OrPrincipal.
+// This orPrincipal is then attached to the RBAC/NETWORK principal for jwt payload validation.
+func addJWTPrincipal(principal *envoy_rbac_v3.Principal, infos []*JWTInfo) *envoy_rbac_v3.Principal {
+	if len(infos) == 0 {
+		return principal
+	}
+	jwtPrincipals := make([]*envoy_rbac_v3.Principal, 0, len(infos))
+	for _, info := range infos {
+		payloadKey := buildPayloadInMetadataKey(info.Provider.Name)
+
+		// build jwt provider issuer principal
+		segments := pathToSegments([]string{"iss"}, payloadKey)
+		p := segmentToPrincipal(segments, info.Issuer)
+
+		// add jwt provider claims principal if any
+		if cp := jwtClaimsToPrincipals(info.Provider.VerifyClaims, payloadKey); cp != nil {
+			p = andPrincipals([]*envoy_rbac_v3.Principal{p, cp})
 		}
+		jwtPrincipals = append(jwtPrincipals, p)
 	}
-	return res
-}
 
-// collectJWTInfos extracts all the collected JWTInfos top level infos
-// and permission level infos and returns them as a single array
-func collectJWTInfos(rbacIxn *rbacIntention) []*JWTInfo {
-	infos := make([]*JWTInfo, 0, len(rbacIxn.jwtInfos))
+	// make jwt principals into 1 single principal
+	jwtFinalPrincipal := orPrincipals(jwtPrincipals)
 
-	if len(rbacIxn.jwtInfos) > 0 {
-		infos = append(infos, rbacIxn.jwtInfos...)
-	}
-	for _, perm := range rbacIxn.Permissions {
-		infos = append(infos, perm.jwtInfos...)
+	if principal == nil {
+		return jwtFinalPrincipal
 	}
 
-	return infos
+	return andPrincipals([]*envoy_rbac_v3.Principal{principal, jwtFinalPrincipal})
 }
 
-func jwtInfosToPrincipals(c []*JWTInfo) *envoy_rbac_v3.Principal {
+func jwtClaimsToPrincipals(claims []*structs.IntentionJWTClaimVerification, payloadkey string) *envoy_rbac_v3.Principal {
 	ps := make([]*envoy_rbac_v3.Principal, 0)
 
-	for _, jwtInfo := range c {
-		if jwtInfo != nil {
-			for _, claim := range jwtInfo.Claims {
-				ps = append(ps, jwtClaimToPrincipal(claim, jwtInfo.MetadataPayloadKey))
-			}
-		}
+	for _, claim := range claims {
+		ps = append(ps, jwtClaimToPrincipal(claim, payloadkey))
+	}
+	switch len(ps) {
+	case 0:
+		return nil
+	case 1:
+		return ps[0]
+	default:
+		return andPrincipals(ps)
 	}
-	return orPrincipals(ps)
 }
 
-// jwtClaimToPrincipal takes in a payloadkey which is the metadata key. This key is generated by using provider name,
-// permission index with a jwt_payload prefix. See buildPayloadInMetadataKey in agent/xds/jwt_authn.go
+// jwtClaimToPrincipal takes in a payloadkey which is the metadata key. This key is generated by using provider name
+// and a jwt_payload prefix. See buildPayloadInMetadataKey in agent/xds/jwt_authn.go
 //
 // This uniquely generated payloadKey is the first segment in the path to validate the JWT claims. The subsequent segments
 // come from the Path included in the IntentionJWTClaimVerification param.
 func jwtClaimToPrincipal(c *structs.IntentionJWTClaimVerification, payloadKey string) *envoy_rbac_v3.Principal {
 	segments := pathToSegments(c.Path, payloadKey)
+	return segmentToPrincipal(segments, c.Value)
+}
 
+func segmentToPrincipal(segments []*envoy_matcher_v3.MetadataMatcher_PathSegment, v string) *envoy_rbac_v3.Principal {
 	return &envoy_rbac_v3.Principal{
 		Identifier: &envoy_rbac_v3.Principal_Metadata{
 			Metadata: &envoy_matcher_v3.MetadataMatcher{
@@ -682,7 +747,41 @@ func jwtClaimToPrincipal(c *structs.IntentionJWTClaimVerification, payloadKey st
 					MatchPattern: &envoy_matcher_v3.ValueMatcher_StringMatch{
 						StringMatch: &envoy_matcher_v3.StringMatcher{
 							MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{
-								Exact: c.Value,
+								Exact: v,
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func jwtInfosToPermission(claims []*structs.IntentionJWTClaimVerification, payloadkey string) *envoy_rbac_v3.Permission {
+	ps := make([]*envoy_rbac_v3.Permission, 0, len(claims))
+
+	for _, claim := range claims {
+		ps = append(ps, jwtClaimToPermission(claim, payloadkey))
+	}
+	return andPermissions(ps)
+}
+
+func jwtClaimToPermission(c *structs.IntentionJWTClaimVerification, payloadKey string) *envoy_rbac_v3.Permission {
+	segments := pathToSegments(c.Path, payloadKey)
+	return segmentToPermission(segments, c.Value)
+}
+
+func segmentToPermission(segments []*envoy_matcher_v3.MetadataMatcher_PathSegment, v string) *envoy_rbac_v3.Permission {
+	return &envoy_rbac_v3.Permission{
+		Rule: &envoy_rbac_v3.Permission_Metadata{
+			Metadata: &envoy_matcher_v3.MetadataMatcher{
+				Filter: jwtEnvoyFilter,
+				Path:   segments,
+				Value: &envoy_matcher_v3.ValueMatcher{
+					MatchPattern: &envoy_matcher_v3.ValueMatcher_StringMatch{
+						StringMatch: &envoy_matcher_v3.StringMatcher{
+							MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{
+								Exact: v,
 							},
 						},
 					},
@@ -837,22 +936,32 @@ func countWild(src rbacService) int {
 }
 
 func andPrincipals(ids []*envoy_rbac_v3.Principal) *envoy_rbac_v3.Principal {
-	return &envoy_rbac_v3.Principal{
-		Identifier: &envoy_rbac_v3.Principal_AndIds{
-			AndIds: &envoy_rbac_v3.Principal_Set{
-				Ids: ids,
+	switch len(ids) {
+	case 1:
+		return ids[0]
+	default:
+		return &envoy_rbac_v3.Principal{
+			Identifier: &envoy_rbac_v3.Principal_AndIds{
+				AndIds: &envoy_rbac_v3.Principal_Set{
+					Ids: ids,
+				},
 			},
-		},
+		}
 	}
 }
 
 func orPrincipals(ids []*envoy_rbac_v3.Principal) *envoy_rbac_v3.Principal {
-	return &envoy_rbac_v3.Principal{
-		Identifier: &envoy_rbac_v3.Principal_OrIds{
-			OrIds: &envoy_rbac_v3.Principal_Set{
-				Ids: ids,
+	switch len(ids) {
+	case 1:
+		return ids[0]
+	default:
+		return &envoy_rbac_v3.Principal{
+			Identifier: &envoy_rbac_v3.Principal_OrIds{
+				OrIds: &envoy_rbac_v3.Principal_Set{
+					Ids: ids,
+				},
 			},
-		},
+		}
 	}
 }
 
@@ -1206,3 +1315,20 @@ func andPermissions(perms []*envoy_rbac_v3.Permission) *envoy_rbac_v3.Permission
 		}
 	}
 }
+
+func orPermissions(perms []*envoy_rbac_v3.Permission) *envoy_rbac_v3.Permission {
+	switch len(perms) {
+	case 0:
+		return anyPermission()
+	case 1:
+		return perms[0]
+	default:
+		return &envoy_rbac_v3.Permission{
+			Rule: &envoy_rbac_v3.Permission_OrRules{
+				OrRules: &envoy_rbac_v3.Permission_Set{
+					Rules: perms,
+				},
+			},
+		}
+	}
+}
diff --git a/agent/xds/rbac_test.go b/agent/xds/rbac_test.go
index 76f4467bffa6..6bc36028707a 100644
--- a/agent/xds/rbac_test.go
+++ b/agent/xds/rbac_test.go
@@ -451,10 +451,11 @@ func TestRemoveIntentionPrecedence(t *testing.T) {
 
 	for name, tt := range tests {
 		t.Run(name, func(t *testing.T) {
-			rbacIxns := intentionListToIntermediateRBACForm(tt.intentions, testLocalInfo, tt.http, testPeerTrustBundle)
+			rbacIxns, err := intentionListToIntermediateRBACForm(tt.intentions, testLocalInfo, tt.http, testPeerTrustBundle, nil)
 			intentionDefaultAction := intentionActionFromBool(tt.intentionDefaultAllow)
 			rbacIxns = removeIntentionPrecedence(rbacIxns, intentionDefaultAction, testLocalInfo)
 
+			require.NoError(t, err)
 			require.Equal(t, tt.expect, rbacIxns)
 		})
 	}
@@ -529,6 +530,10 @@ func TestMakeRBACNetworkAndHTTPFilters(t *testing.T) {
 				{Path: []string{"perms", "role"}, Value: "admin"},
 			},
 		}
+		testJWTProviderConfigEntry = map[string]*structs.JWTProviderConfigEntry{
+			"okta":  {Name: "okta", Issuer: "mytest.okta-issuer"},
+			"auth0": {Name: "auth0", Issuer: "mytest.auth0-issuer"},
+		}
 		jwtRequirement = &structs.IntentionJWTRequirement{
 			Providers: []*structs.IntentionJWTProvider{
 				&oktaWithClaims,
@@ -922,7 +927,7 @@ func TestMakeRBACNetworkAndHTTPFilters(t *testing.T) {
 				})
 			})
 			t.Run("http filter", func(t *testing.T) {
-				filter, err := makeRBACHTTPFilter(tt.intentions, tt.intentionDefaultAllow, testLocalInfo, testPeerTrustBundle)
+				filter, err := makeRBACHTTPFilter(tt.intentions, tt.intentionDefaultAllow, testLocalInfo, testPeerTrustBundle, testJWTProviderConfigEntry)
 				require.NoError(t, err)
 
 				t.Run("current", func(t *testing.T) {
@@ -1202,7 +1207,7 @@ func TestPathToSegments(t *testing.T) {
 	}
 }
 
-func TestJwtClaimToPrincipal(t *testing.T) {
+func TestJWTClaimsToPrincipals(t *testing.T) {
 	var (
 		firstClaim = structs.IntentionJWTClaimVerification{
 			Path:  []string{"perms"},
@@ -1234,7 +1239,7 @@ func TestJwtClaimToPrincipal(t *testing.T) {
 			Identifier: &envoy_rbac_v3.Principal_Metadata{
 				Metadata: &envoy_matcher_v3.MetadataMatcher{
 					Filter: jwtEnvoyFilter,
-					Path:   pathToSegments(secondClaim.Path, "second-key"),
+					Path:   pathToSegments(secondClaim.Path, payloadKey),
 					Value: &envoy_matcher_v3.ValueMatcher{
 						MatchPattern: &envoy_matcher_v3.ValueMatcher_StringMatch{
 							StringMatch: &envoy_matcher_v3.StringMatcher{
@@ -1249,38 +1254,21 @@ func TestJwtClaimToPrincipal(t *testing.T) {
 		}
 	)
 	tests := map[string]struct {
-		jwtInfos []*JWTInfo
-		expected *envoy_rbac_v3.Principal
+		claims             []*structs.IntentionJWTClaimVerification
+		metadataPayloadKey string
+		expected           *envoy_rbac_v3.Principal
 	}{
-		"single-jwt-info": {
-			jwtInfos: []*JWTInfo{
-				{
-					Claims:             []*structs.IntentionJWTClaimVerification{&firstClaim},
-					MetadataPayloadKey: payloadKey,
-				},
-			},
-			expected: &envoy_rbac_v3.Principal{
-				Identifier: &envoy_rbac_v3.Principal_OrIds{
-					OrIds: &envoy_rbac_v3.Principal_Set{
-						Ids: []*envoy_rbac_v3.Principal{&firstPrincipal},
-					},
-				},
-			},
+		"single-claim": {
+			claims:             []*structs.IntentionJWTClaimVerification{&firstClaim},
+			metadataPayloadKey: payloadKey,
+			expected:           &firstPrincipal,
 		},
-		"multiple-jwt-info": {
-			jwtInfos: []*JWTInfo{
-				{
-					Claims:             []*structs.IntentionJWTClaimVerification{&firstClaim},
-					MetadataPayloadKey: payloadKey,
-				},
-				{
-					Claims:             []*structs.IntentionJWTClaimVerification{&secondClaim},
-					MetadataPayloadKey: "second-key",
-				},
-			},
+		"multiple-claims": {
+			claims:             []*structs.IntentionJWTClaimVerification{&firstClaim, &secondClaim},
+			metadataPayloadKey: payloadKey,
 			expected: &envoy_rbac_v3.Principal{
-				Identifier: &envoy_rbac_v3.Principal_OrIds{
-					OrIds: &envoy_rbac_v3.Principal_Set{
+				Identifier: &envoy_rbac_v3.Principal_AndIds{
+					AndIds: &envoy_rbac_v3.Principal_Set{
 						Ids: []*envoy_rbac_v3.Principal{&firstPrincipal, &secondPrincipal},
 					},
 				},
@@ -1291,7 +1279,7 @@ func TestJwtClaimToPrincipal(t *testing.T) {
 	for name, tt := range tests {
 		tt := tt
 		t.Run(name, func(t *testing.T) {
-			principal := jwtInfosToPrincipals(tt.jwtInfos)
+			principal := jwtClaimsToPrincipals(tt.claims, tt.metadataPayloadKey)
 			require.Equal(t, principal, tt.expected)
 		})
 	}
diff --git a/agent/xds/testdata/jwt_authn/intention-with-path.golden b/agent/xds/testdata/jwt_authn/intention-with-path.golden
index 6e925758ca36..3a66e2dcf362 100644
--- a/agent/xds/testdata/jwt_authn/intention-with-path.golden
+++ b/agent/xds/testdata/jwt_authn/intention-with-path.golden
@@ -3,9 +3,9 @@
   "typedConfig": {
     "@type": "type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication",
     "providers": {
-      "okta_0": {
+      "okta": {
         "issuer": "test-issuer",
-        "payloadInMetadata": "jwt_payload_okta_0",
+        "payloadInMetadata": "jwt_payload_okta",
         "remoteJwks": {
           "httpUri": {
             "uri": "https://example-okta.com/.well-known/jwks.json",
@@ -21,10 +21,15 @@
     "rules": [
       {
         "match": {
-          "prefix": "some-special-path"
+          "prefix": "/"
         },
         "requires": {
-          "providerName": "okta_0"
+          "requiresAny": {
+            "requirements": [
+              {"providerName": "okta"}, 
+              {"allowMissingOrFailed": {}}
+            ]
+          }
         }
       }
     ]
diff --git a/agent/xds/testdata/jwt_authn/local-provider.golden b/agent/xds/testdata/jwt_authn/local-provider.golden
index 9efda0042bfd..528c0556a94b 100644
--- a/agent/xds/testdata/jwt_authn/local-provider.golden
+++ b/agent/xds/testdata/jwt_authn/local-provider.golden
@@ -17,7 +17,12 @@
           "prefix": "/"
         },
         "requires": {
-          "providerName": "okta"
+          "requiresAny": {
+            "requirements": [
+              {"providerName": "okta"}, 
+              {"allowMissingOrFailed": {}}
+            ]
+          }
         }
       }
     ]
diff --git a/agent/xds/testdata/jwt_authn/multiple-providers-and-one-permission.golden b/agent/xds/testdata/jwt_authn/multiple-providers-and-one-permission.golden
index ca9a99265ee8..7c970bde424d 100644
--- a/agent/xds/testdata/jwt_authn/multiple-providers-and-one-permission.golden
+++ b/agent/xds/testdata/jwt_authn/multiple-providers-and-one-permission.golden
@@ -17,20 +17,6 @@
           }
         }
       },
-      "okta_0": {
-        "issuer": "test-issuer",
-        "payloadInMetadata": "jwt_payload_okta_0",
-        "remoteJwks": {
-          "httpUri": {
-            "uri": "https://example-okta.com/.well-known/jwks.json",
-            "cluster": "jwks_cluster_okta",
-            "timeout": "1s"
-          },
-          "asyncFetch": {
-            "fastListener": true
-          }
-        }
-      },
       "auth0": {
         "issuer": "another-issuer",
         "payloadInMetadata": "jwt_payload_auth0",
@@ -47,28 +33,32 @@
       }
     },
     "rules": [
-      {
-        "match": {
-          "prefix": "some-special-path"
-        },
-        "requires": {
-          "providerName": "okta_0"
-        }
-      },
       {
         "match": {
           "prefix": "/"
         },
         "requires": {
-          "providerName": "okta"
-        }
-      },
-      {
-        "match": {
-          "prefix": "/"
-        },
-        "requires": {
-          "providerName": "auth0"
+          "requiresAll": {
+            "requirements": [
+              {
+                "requiresAny": {
+                  "requirements": [
+                    {"providerName": "okta"}, 
+                    {"allowMissingOrFailed": {}}
+                  ]
+                }
+              },
+              {
+                "requiresAny": {
+                  "requirements": [
+                    {"providerName": "auth0"}, 
+                    {"allowMissingOrFailed": {}}
+                  ]
+                }
+              }
+            ]
+          }
+          
         }
       }
     ]
diff --git a/agent/xds/testdata/jwt_authn/no-provider.golden b/agent/xds/testdata/jwt_authn/no-provider.golden
new file mode 100644
index 000000000000..9e26dfeeb6e6
--- /dev/null
+++ b/agent/xds/testdata/jwt_authn/no-provider.golden
@@ -0,0 +1 @@
+{}
\ No newline at end of file
diff --git a/agent/xds/testdata/jwt_authn/remote-provider.golden b/agent/xds/testdata/jwt_authn/remote-provider.golden
index 6116a58cec00..3a66e2dcf362 100644
--- a/agent/xds/testdata/jwt_authn/remote-provider.golden
+++ b/agent/xds/testdata/jwt_authn/remote-provider.golden
@@ -24,7 +24,12 @@
           "prefix": "/"
         },
         "requires": {
-          "providerName": "okta"
+          "requiresAny": {
+            "requirements": [
+              {"providerName": "okta"}, 
+              {"allowMissingOrFailed": {}}
+            ]
+          }
         }
       }
     ]
diff --git a/agent/xds/testdata/jwt_authn/top-level-provider-with-permission.golden b/agent/xds/testdata/jwt_authn/top-level-provider-with-permission.golden
index 6eed6793df52..1b0ded7fcb4d 100644
--- a/agent/xds/testdata/jwt_authn/top-level-provider-with-permission.golden
+++ b/agent/xds/testdata/jwt_authn/top-level-provider-with-permission.golden
@@ -16,37 +16,21 @@
             "fastListener": true
           }
         }
-      },
-      "okta_0": {
-        "issuer": "test-issuer",
-        "payloadInMetadata": "jwt_payload_okta_0",
-        "remoteJwks": {
-          "httpUri": {
-            "uri": "https://example-okta.com/.well-known/jwks.json",
-            "cluster": "jwks_cluster_okta",
-            "timeout": "1s"
-          },
-          "asyncFetch": {
-            "fastListener": true
-          }
-        }
       }
     },
     "rules": [
-      {
-        "match": {
-          "prefix": "some-special-path"
-        },
-        "requires": {
-          "providerName": "okta_0"
-        }
-      },
       {
         "match": {
           "prefix": "/"
         },
         "requires": {
-          "providerName": "okta"
+          "requiresAny": {
+            "requirements": [
+              {"providerName": "okta"}, 
+              {"allowMissingOrFailed": {}}
+            ]
+          }
+          
         }
       }
     ]
diff --git a/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission--httpfilter.golden b/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission--httpfilter.golden
index cd5c35bab27e..f5eb4bdbcb6e 100644
--- a/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission--httpfilter.golden
+++ b/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission--httpfilter.golden
@@ -7,35 +7,37 @@
         "consul-intentions-layer7-0": {
           "permissions": [
             {
-              "urlPath": {
-                "path": {
-                  "prefix": "some-path"
-                }
-              }
-            }
-          ],
-          "principals": [
-            {
-              "andIds": {
-                "ids": [
+              "andRules": {
+                "rules": [
                   {
-                    "authenticated": {
-                      "principalName": {
-                        "safeRegex": {
-                          "googleRe2": {},
-                          "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$"
-                        }
+                    "urlPath": {
+                      "path": {
+                        "prefix": "some-path"
                       }
                     }
                   },
                   {
-                    "orIds": {
-                      "ids": [
-                        { 
+                    "andRules": {
+                      "rules": [
+                        {
+                          "metadata": {
+                            "filter": "envoy.filters.http.jwt_authn",
+                            "path": [
+                              {"key": "jwt_payload_okta"},
+                              {"key": "iss"}
+                            ],
+                            "value": {
+                              "stringMatch": {
+                                "exact": "mytest.okta-issuer"
+                              }
+                            }
+                          }
+                        },
+                        {
                           "metadata": {
-                            "filter":"envoy.filters.http.jwt_authn",
+                            "filter": "envoy.filters.http.jwt_authn",
                             "path": [
-                              {"key": "jwt_payload_okta_0"},
+                              {"key": "jwt_payload_okta"},
                               {"key": "roles"}
                             ],
                             "value": {
@@ -51,6 +53,18 @@
                 ]
               }
             }
+          ],
+          "principals": [
+            {
+              "authenticated": {
+                "principalName": {
+                  "safeRegex": {
+                    "googleRe2": {},
+                    "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$"
+                  }
+                }
+              }
+            }
           ]
         }
       }
diff --git a/agent/xds/testdata/rbac/top-level-jwt-no-permissions--httpfilter.golden b/agent/xds/testdata/rbac/top-level-jwt-no-permissions--httpfilter.golden
index 35b3792e6658..efa9293f3c16 100644
--- a/agent/xds/testdata/rbac/top-level-jwt-no-permissions--httpfilter.golden
+++ b/agent/xds/testdata/rbac/top-level-jwt-no-permissions--httpfilter.golden
@@ -27,8 +27,22 @@
                     }
                   },
                   {
-                    "orIds": {
+                    "andIds": {
                       "ids": [
+                        { 
+                          "metadata": {
+                            "filter":"envoy.filters.http.jwt_authn",
+                            "path": [
+                              {"key": "jwt_payload_okta"},
+                              {"key": "iss"}
+                            ],
+                            "value": {
+                              "stringMatch": {
+                                "exact": "mytest.okta-issuer"
+                              }
+                            }
+                          }
+                        },
                         { 
                           "metadata": {
                             "filter":"envoy.filters.http.jwt_authn",
diff --git a/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions--httpfilter.golden b/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions--httpfilter.golden
index 409a3a4bd6b4..6ce0662e3b09 100644
--- a/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions--httpfilter.golden
+++ b/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions--httpfilter.golden
@@ -6,31 +6,113 @@
       "policies": {
         "consul-intentions-layer7-0": {
           "permissions": [
-            {
-              "urlPath": {
-                "path": {
-                  "exact": "/v1/secret"
-                }
-              }
-            },
             {
               "andRules": {
                 "rules": [
                   {
                     "urlPath": {
                       "path": {
-                        "exact": "/v1/admin"
+                        "exact": "/v1/secret"
                       }
                     }
                   },
                   {
-                    "notRule": {
-                      "urlPath": {
-                        "path": {
-                          "exact": "/v1/secret"
+                    "andRules": {
+                      "rules": [
+                        {
+                          "metadata": {
+                            "filter": "envoy.filters.http.jwt_authn",
+                            "path": [
+                              {"key": "jwt_payload_auth0"},
+                              {"key": "iss"}
+                            ],
+                            "value": {
+                              "stringMatch": {
+                                "exact": "mytest.auth0-issuer"
+                              }
+                            }
+                          }
+                        },
+                        {
+                          "metadata": {
+                            "filter": "envoy.filters.http.jwt_authn",
+                            "path": [
+                              {"key": "jwt_payload_auth0"},
+                              {"key": "perms"},
+                              {"key": "role"}
+                            ],
+                            "value": {
+                              "stringMatch": {
+                                "exact": "admin"
+                              }
+                            }
+                          }
                         }
-                      }
+                      ]
+                    }
+                  }
+                ]
+              }
+            },
+            {
+              "andRules": {
+                "rules": [
+                  {
+                    "andRules": {
+                      "rules": [
+                        {
+                          "urlPath": {
+                            "path": {
+                              "exact": "/v1/admin"
+                            }
+                          }
+                        },
+                        {
+                          "notRule": {
+                            "urlPath": {
+                              "path": {
+                                "exact": "/v1/secret"
+                              }
+                            }
+                          }
+                        }
+                      ]
                     }
+                  },
+                  {
+                     "andRules": {
+                        "rules": [
+                          {
+                            "metadata": {
+                              "filter": "envoy.filters.http.jwt_authn",
+                              "path": [
+                                {"key": "jwt_payload_auth0"},
+                                {"key": "iss"}
+                              ],
+                              "value": {
+                                "stringMatch": {
+                                  "exact": "mytest.auth0-issuer"
+                                }
+                              }
+                            }
+                          },
+                          {
+                            "metadata": {
+                              "filter": "envoy.filters.http.jwt_authn",
+                              "path": [
+                                {"key": "jwt_payload_auth0"},
+                                {"key": "perms"},
+                                {"key": "role"}
+                              ],
+                              "value": {
+                                "stringMatch": {
+                                  "exact": "admin"
+                                }
+                              }
+                            }
+                          }
+                        ]
+                     }
                   }
                 ]
               }
@@ -53,33 +135,18 @@
                     }
                   },
                   {
-                    "orIds": {
+                    "andIds": {
                       "ids": [
                         { 
                           "metadata": {
                             "filter":"envoy.filters.http.jwt_authn",
                             "path": [
                               {"key": "jwt_payload_okta"},
-                              {"key": "roles"}
-                            ],
-                            "value": {
-                              "stringMatch": {
-                                "exact": "testing"
-                              }
-                            }
-                          }
-                        },
-                        { 
-                          "metadata": {
-                            "filter":"envoy.filters.http.jwt_authn",
-                            "path": [
-                              {"key": "jwt_payload_auth0_0"},
-                              {"key": "perms"},
-                              {"key": "role"}
+                              {"key": "iss"}
                             ],
                             "value": {
                               "stringMatch": {
-                                "exact": "admin"
+                                "exact": "mytest.okta-issuer"
                               }
                             }
                           }
@@ -88,13 +155,12 @@
                           "metadata": {
                             "filter":"envoy.filters.http.jwt_authn",
                             "path": [
-                              {"key": "jwt_payload_auth0_1"},
-                              {"key": "perms"},
-                              {"key": "role"}
+                              {"key": "jwt_payload_okta"},
+                              {"key": "roles"}
                             ],
                             "value": {
                               "stringMatch": {
-                                "exact": "admin"
+                                "exact": "testing"
                               }
                             }
                           }
diff --git a/agent/xds/testdata/rbac/top-level-jwt-with-one-permission--httpfilter.golden b/agent/xds/testdata/rbac/top-level-jwt-with-one-permission--httpfilter.golden
index edf027f3e0cb..36ba23c29314 100644
--- a/agent/xds/testdata/rbac/top-level-jwt-with-one-permission--httpfilter.golden
+++ b/agent/xds/testdata/rbac/top-level-jwt-with-one-permission--httpfilter.golden
@@ -7,10 +7,51 @@
         "consul-intentions-layer7-0": {
           "permissions": [
             {
-              "urlPath": {
-                "path": {
-                  "exact": "/v1/secret"
-                }
+              "andRules": {
+                "rules": [
+                  {
+                    "urlPath": {
+                      "path": {
+                        "exact": "/v1/secret"
+                      }
+                    }
+                  },
+                  {
+                    "andRules": {
+                      "rules": [
+                        {
+                          "metadata": {
+                            "filter": "envoy.filters.http.jwt_authn",
+                            "path": [
+                              {"key": "jwt_payload_auth0"},
+                              {"key": "iss"}
+                            ],
+                            "value": {
+                              "stringMatch": {
+                                "exact": "mytest.auth0-issuer"
+                              }
+                            }
+                          }
+                        },
+                        {
+                          "metadata": {
+                            "filter": "envoy.filters.http.jwt_authn",
+                            "path": [
+                              {"key": "jwt_payload_auth0"},
+                              {"key": "perms"},
+                              {"key": "role"}
+                            ],
+                            "value": {
+                              "stringMatch": {
+                                "exact": "admin"
+                              }
+                            }
+                          }
+                        }
+                      ]
+                    }
+                  }
+                ]
               }
             },
             {
@@ -53,18 +94,18 @@
                     }
                   },
                   {
-                    "orIds": {
+                    "andIds": {
                       "ids": [
                         { 
                           "metadata": {
                             "filter":"envoy.filters.http.jwt_authn",
                             "path": [
                               {"key": "jwt_payload_okta"},
-                              {"key": "roles"}
+                              {"key": "iss"}
                             ],
                             "value": {
                               "stringMatch": {
-                                "exact": "testing"
+                                "exact": "mytest.okta-issuer"
                               }
                             }
                           }
@@ -73,13 +114,12 @@
                           "metadata": {
                             "filter":"envoy.filters.http.jwt_authn",
                             "path": [
-                              {"key": "jwt_payload_auth0_0"},
-                              {"key": "perms"},
-                              {"key": "role"}
+                              {"key": "jwt_payload_okta"},
+                              {"key": "roles"}
                             ],
                             "value": {
                               "stringMatch": {
-                                "exact": "admin"
+                                "exact": "testing"
                               }
                             }
                           }
diff --git a/test/integration/consul-container/test/jwtauth/jwt_auth_test.go b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
index 37c846d0a6d4..498bdcedf181 100644
--- a/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
+++ b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
@@ -76,8 +76,8 @@ func TestJWTAuthConnectService(t *testing.T) {
 	configureIntentions(t, cluster)
 
 	baseURL := fmt.Sprintf("http://localhost:%d", clientPort)
-	// fails without jwt headers
-	doRequest(t, baseURL, http.StatusUnauthorized, "")
+	// TODO(roncodingenthusiast): update test to reflect jwt-auth filter in metadata mode
+	doRequest(t, baseURL, http.StatusOK, "")
 	// succeeds with jwt
 	doRequest(t, baseURL, http.StatusOK, jwt)
 }

From f7c5ba5f90b9c060cad1f6c80dc4b3eef7fd81d7 Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Mon, 17 Jul 2023 21:40:07 +0530
Subject: [PATCH 176/359] Support Consul Connect Envoy Command on Windows
 (#17694)

### Description

Add support for consul connect envoy command on windows. This PR fixes
the comments of PR - https://github.com/hashicorp/consul/pull/15114

### Testing
* Built consul.exe from this branch on windows and hosted here - [AWS
S3](https://asheshvidyut-bucket.s3.ap-southeast-2.amazonaws.com/consul.zip)
* Updated the
[tutorial](https://developer.hashicorp.com/consul/tutorials/developer-mesh/consul-windows-workloads)
and changed the `consul_url.default` value to [AWS
S3](https://asheshvidyut-bucket.s3.ap-southeast-2.amazonaws.com/consul.zip)
* Followed the steps in the tutorial and verified that everything is
working as described.

### PR Checklist

* [x] updated test coverage
* [ ] external facing docs updated
* [x] appropriate backport labels added
* [x] not a security concern

---------

Co-authored-by: Franco Bruno Lavayen <cocolavayen@gmail.com>
Co-authored-by: Jose Ignacio Lorenzo <74208929+joselo85@users.noreply.github.com>
Co-authored-by: Jose Ignacio Lorenzo <joseignaciolorenzo85@gmail.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
---
 .changelog/17694.txt                      |   3 +
 command/connect/envoy/envoy.go            |   2 +-
 command/connect/envoy/exec_supported.go   |  55 +++++++++++
 command/connect/envoy/exec_unix.go        |  51 ----------
 command/connect/envoy/exec_unsupported.go |   4 +-
 command/connect/envoy/exec_windows.go     | 110 ++++++++++++++++++++++
 go.mod                                    |   2 +
 go.sum                                    |   4 +
 8 files changed, 177 insertions(+), 54 deletions(-)
 create mode 100644 .changelog/17694.txt
 create mode 100644 command/connect/envoy/exec_supported.go
 create mode 100644 command/connect/envoy/exec_windows.go

diff --git a/.changelog/17694.txt b/.changelog/17694.txt
new file mode 100644
index 000000000000..703b100d1d3a
--- /dev/null
+++ b/.changelog/17694.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+Windows: support consul connect envoy command on Windows
+```
diff --git a/command/connect/envoy/envoy.go b/command/connect/envoy/envoy.go
index a6212ae4ca42..48ee199c1a5e 100644
--- a/command/connect/envoy/envoy.go
+++ b/command/connect/envoy/envoy.go
@@ -38,7 +38,7 @@ func New(ui cli.Ui) *cmd {
 	return c
 }
 
-const DefaultAdminAccessLogPath = "/dev/null"
+const DefaultAdminAccessLogPath = os.DevNull
 
 type cmd struct {
 	UI     cli.Ui
diff --git a/command/connect/envoy/exec_supported.go b/command/connect/envoy/exec_supported.go
new file mode 100644
index 000000000000..09dbf895bb12
--- /dev/null
+++ b/command/connect/envoy/exec_supported.go
@@ -0,0 +1,55 @@
+//go:build linux || darwin || windows
+// +build linux darwin windows
+
+package envoy
+
+import (
+	"fmt"
+	"os"
+	"strings"
+)
+
+func isHotRestartOption(s string) bool {
+	restartOpts := []string{
+		"--restart-epoch",
+		"--hot-restart-version",
+		"--drain-time-s",
+		"--parent-shutdown-time-s",
+	}
+	for _, opt := range restartOpts {
+		if s == opt {
+			return true
+		}
+		if strings.HasPrefix(s, opt+"=") {
+			return true
+		}
+	}
+	return false
+}
+
+func hasHotRestartOption(argSets ...[]string) bool {
+	for _, args := range argSets {
+		for _, opt := range args {
+			if isHotRestartOption(opt) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+// execArgs returns the command and args used to execute a binary. By default it
+// will return a command of os.Executable with the args unmodified. This is a shim
+// for testing, and can be overridden to execute using 'go run' instead.
+var execArgs = func(args ...string) (string, []string, error) {
+	execPath, err := os.Executable()
+	if err != nil {
+		return "", nil, err
+	}
+
+	if strings.HasSuffix(execPath, "/envoy.test") {
+		return "", nil, fmt.Errorf("set execArgs to use 'go run' instead of doing a self-exec")
+	}
+
+	return execPath, args, nil
+}
diff --git a/command/connect/envoy/exec_unix.go b/command/connect/envoy/exec_unix.go
index d3eb0765a9f9..e3d07e2af36d 100644
--- a/command/connect/envoy/exec_unix.go
+++ b/command/connect/envoy/exec_unix.go
@@ -12,63 +12,12 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
-	"strings"
 	"syscall"
 	"time"
 
 	"golang.org/x/sys/unix"
 )
 
-// testSelfExecOverride is a way for the tests to no fork-bomb themselves by
-// self-executing the whole test suite for each case recursively. It's gross but
-// the least gross option I could think of.
-var testSelfExecOverride string
-
-func isHotRestartOption(s string) bool {
-	restartOpts := []string{
-		"--restart-epoch",
-		"--hot-restart-version",
-		"--drain-time-s",
-		"--parent-shutdown-time-s",
-	}
-	for _, opt := range restartOpts {
-		if s == opt {
-			return true
-		}
-		if strings.HasPrefix(s, opt+"=") {
-			return true
-		}
-	}
-	return false
-}
-
-func hasHotRestartOption(argSets ...[]string) bool {
-	for _, args := range argSets {
-		for _, opt := range args {
-			if isHotRestartOption(opt) {
-				return true
-			}
-		}
-	}
-	return false
-}
-
-// execArgs returns the command and args used to execute a binary. By default it
-// will return a command of os.Executable with the args unmodified. This is a shim
-// for testing, and can be overridden to execute using 'go run' instead.
-var execArgs = func(args ...string) (string, []string, error) {
-	execPath, err := os.Executable()
-	if err != nil {
-		return "", nil, err
-	}
-
-	if strings.HasSuffix(execPath, "/envoy.test") {
-		return "", nil, fmt.Errorf("set execArgs to use 'go run' instead of doing a self-exec")
-	}
-
-	return execPath, args, nil
-}
-
 func makeBootstrapPipe(bootstrapJSON []byte) (string, error) {
 	pipeFile := filepath.Join(os.TempDir(),
 		fmt.Sprintf("envoy-%x-bootstrap.json", time.Now().UnixNano()+int64(os.Getpid())))
diff --git a/command/connect/envoy/exec_unsupported.go b/command/connect/envoy/exec_unsupported.go
index c9686098983e..ebbce2dfa25f 100644
--- a/command/connect/envoy/exec_unsupported.go
+++ b/command/connect/envoy/exec_unsupported.go
@@ -1,8 +1,8 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 
-//go:build !linux && !darwin
-// +build !linux,!darwin
+//go:build !linux && !darwin && !windows
+// +build !linux,!darwin,!windows
 
 package envoy
 
diff --git a/command/connect/envoy/exec_windows.go b/command/connect/envoy/exec_windows.go
new file mode 100644
index 000000000000..e70108794ca0
--- /dev/null
+++ b/command/connect/envoy/exec_windows.go
@@ -0,0 +1,110 @@
+//go:build windows
+// +build windows
+
+package envoy
+
+import (
+	"errors"
+	"fmt"
+	"github.com/natefinch/npipe"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"time"
+)
+
+func makeBootstrapPipe(bootstrapJSON []byte) (string, error) {
+	pipeFile := filepath.Join(os.TempDir(),
+		fmt.Sprintf("envoy-%x-bootstrap.json", time.Now().UnixNano()+int64(os.Getpid())))
+
+	binary, args, err := execArgs("connect", "envoy", "pipe-bootstrap", pipeFile)
+	if err != nil {
+		return pipeFile, err
+	}
+
+	// Dial the named pipe
+	pipeConn, err := npipe.Dial(pipeFile)
+	if err != nil {
+		return pipeFile, err
+	}
+	defer pipeConn.Close()
+
+	// Start the command to connect to the named pipe
+	cmd := exec.Command(binary, args...)
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	cmd.Stdin = pipeConn
+
+	// Start the command
+	err = cmd.Start()
+	if err != nil {
+		return pipeFile, err
+	}
+
+	// Write the config
+	n, err := pipeConn.Write(bootstrapJSON)
+	if err != nil {
+		return pipeFile, err
+	}
+
+	if n < len(bootstrapJSON) {
+		return pipeFile, fmt.Errorf("failed writing boostrap to child STDIN: %s", err)
+	}
+
+	// We can't wait for the process since we need to exec into Envoy before it
+	// will be able to complete so it will be remain as a zombie until Envoy is
+	// killed then will be reaped by the init process (pid 0). This is all a bit
+	// gross but the cleanest workaround I can think of for Envoy 1.10 not
+	// supporting /dev/fd/<fd> config paths any more. So we are done and leaving
+	// the child to run it's course without reaping it.
+	return pipeFile, nil
+}
+
+func startProc(binary string, args []string) (p *os.Process, err error) {
+	if binary, err = exec.LookPath(binary); err == nil {
+		var procAttr os.ProcAttr
+		procAttr.Files = []*os.File{os.Stdin,
+			os.Stdout, os.Stderr}
+		p, err := os.StartProcess(binary, args, &procAttr)
+		if err == nil {
+			return p, nil
+		}
+	}
+	return nil, err
+}
+
+func execEnvoy(binary string, prefixArgs, suffixArgs []string, bootstrapJSON []byte) error {
+	tempFile, err := makeBootstrapPipe(bootstrapJSON)
+	if err != nil {
+		os.RemoveAll(tempFile)
+		return err
+	}
+	// We don't defer a cleanup since we are about to Exec into Envoy which means
+	// defer will never fire. The child process cleans up for us in the happy
+	// path.
+
+	// We default to disabling hot restart because it makes it easier to run
+	// multiple envoys locally for testing without them trying to share memory and
+	// unix sockets and complain about being different IDs. But if user is
+	// actually configuring hot-restart explicitly with the --restart-epoch option
+	// then don't disable it!
+	disableHotRestart := !hasHotRestartOption(prefixArgs, suffixArgs)
+
+	// First argument needs to be the executable name.
+	envoyArgs := []string{}
+	envoyArgs = append(envoyArgs, prefixArgs...)
+	if disableHotRestart {
+		envoyArgs = append(envoyArgs, "--disable-hot-restart")
+	}
+	envoyArgs = append(envoyArgs, suffixArgs...)
+	envoyArgs = append(envoyArgs, "--config-path", tempFile)
+
+	// Exec
+	if proc, err := startProc(binary, envoyArgs); err == nil {
+		proc.Wait()
+	} else if err != nil {
+		return errors.New("Failed to exec envoy: " + err.Error())
+	}
+
+	return nil
+}
diff --git a/go.mod b/go.mod
index 29b22f8f6d25..c4fc7a5c847d 100644
--- a/go.mod
+++ b/go.mod
@@ -86,6 +86,7 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/mitchellh/pointerstructure v1.2.1
 	github.com/mitchellh/reflectwalk v1.0.2
+	github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce
 	github.com/oklog/ulid/v2 v2.1.0
 	github.com/olekukonko/tablewriter v0.0.4
 	github.com/patrickmn/go-cache v2.1.0+incompatible
@@ -250,6 +251,7 @@ require (
 	google.golang.org/appengine v1.6.7 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.66.2 // indirect
+	gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect
 	gopkg.in/resty.v1 v1.12.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 5bd76271a38a..8d340dcdb30d 100644
--- a/go.sum
+++ b/go.sum
@@ -739,6 +739,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce h1:TqjP/BTDrwN7zP9xyXVuLsMBXYMt6LLYi55PlrIcq8U=
+github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:ifHPsLndGGzvgzcaXUvzmt6LxKT4pJ+uzEhtnMt+f7A=
 github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2 h1:BQ1HW7hr4IVovMwWg0E0PYcyW8CzqDcVmaew9cujU4s=
 github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2/go.mod h1:TLb2Sg7HQcgGdloNxkrmtgDNR9uVYF3lfdFIN4Ro6Sk=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
@@ -1458,6 +1460,8 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
 gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce h1:+JknDZhAj8YMt7GC73Ei8pv4MzjDUNPHgQWJdtMAaDU=
+gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:5AcXVHNjg+BDxry382+8OKon8SEWiKktQR07RKPsv1c=
 gopkg.in/resty.v1 v1.9.1/go.mod h1:vo52Hzryw9PnPHcJfPsBiFW62XhNx5OczbV9y+IMpgc=
 gopkg.in/resty.v1 v1.12.0 h1:CuXP0Pjfw9rOuY6EP+UvtNvt5DSqHpIxILZKT/quCZI=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=

From e52ea0ee7abbd1f3a820dd955799e782ef72aa4c Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Mon, 17 Jul 2023 09:53:36 -0700
Subject: [PATCH 177/359] Change docs to say 168h instead of 7d for
 server_rejoin_age_max (#18154)

### Description

Addresses
https://github.com/hashicorp/consul/pull/17171#issuecomment-1636930705
---
 website/content/docs/agent/config/config-files.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx
index 8d46b63bd0ce..f314acd38ca9 100644
--- a/website/content/docs/agent/config/config-files.mdx
+++ b/website/content/docs/agent/config/config-files.mdx
@@ -742,7 +742,7 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
 - `server_rejoin_age_max` - controls the allowed maximum age of a stale server attempting to rejoin a cluster.
   If a server is not running for this period, then it will refuse to start up again until an operator intervenes. This is to protect
   clusters from instability caused by decommissioned servers accidentally being started again.
-  Note: the default value is 7d and the minimum value is 6h.
+  Note: the default value is 168h (equal to 7d) and the minimum value is 6h.
 
 - `non_voting_server` - **This field is deprecated in Consul 1.9.1. See the [`read_replica`](#read_replica) field instead.**
 

From 33d898b857de912da508dc7f062b4909a23ac6e4 Mon Sep 17 00:00:00 2001
From: Dan Stough <dan.stough@hashicorp.com>
Date: Mon, 17 Jul 2023 13:49:40 -0400
Subject: [PATCH 178/359] [OSS] test: improve xDS listener code coverage
 (#18138)

test: improve xDS listener code coverage
---
 agent/proxycfg/testing_connect_proxy.go       |  40 +++
 agent/proxycfg/testing_ingress_gateway.go     | 211 ++++++++++++++-
 agent/proxycfg/testing_mesh_gateway.go        |  71 ++++-
 agent/proxycfg/testing_peering.go             |  76 ++++++
 agent/xds/listeners_apigateway.go             |  29 +--
 agent/xds/listeners_test.go                   |  80 +++++-
 agent/xds/resources_test.go                   | 139 +++++++++-
 ...api-gateway-with-http-route.latest.golden} |   0
 ...multiple-inline-certificates.latest.golden |  55 ++++
 ...-upstreams-listener-override.latest.golden | 147 +++++++++++
 ...api-gateway-with-http-route.latest.golden} |   0
 ...multiple-inline-certificates.latest.golden |   5 +
 ...-upstreams-listener-override.latest.golden |  29 +++
 ...route-and-inline-certificate.latest.golden |  49 ----
 .../api-gateway-with-http-route.latest.golden |  80 ++++++
 ...multiple-inline-certificates.latest.golden | 102 ++++++++
 ...-upstreams-listener-override.latest.golden | 114 ++++++++
 ...h-tproxy-and-permissive-mtls.latest.golden |   6 +-
 ...upstream-with-prepared-query.latest.golden | 114 ++++++++
 ...olden => expose-checks-grpc.latest.golden} |  33 +--
 ...ecks-http-with-bind-override.latest.golden | 137 ++++++++++
 .../expose-checks-http.latest.golden          | 137 ++++++++++
 ...ixed-cipher-suites-listeners.latest.golden | 156 +++++++++++
 ...-mixed-max-version-listeners.latest.golden | 223 ++++++++++++++++
 ...ing-federation-control-plane.latest.golden | 181 +++++++++++++
 ...ateway-custom-trace-listener.latest.golden | 246 ++++++++++++++++++
 ...route-and-inline-certificate.latest.golden |  50 ----
 .../api-gateway-with-http-route.latest.golden |  50 ++++
 ...multiple-inline-certificates.latest.golden |   5 +
 ...-upstreams-listener-override.latest.golden |   5 +
 .../api-gateway-with-http-route.latest.golden |   5 +
 ...multiple-inline-certificates.latest.golden |   5 +
 ...-upstreams-listener-override.latest.golden |   5 +
 33 files changed, 2425 insertions(+), 160 deletions(-)
 rename agent/xds/testdata/clusters/{api-gateway-with-http-route-and-inline-certificate.latest.golden => api-gateway-with-http-route.latest.golden} (100%)
 create mode 100644 agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden
 create mode 100644 agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-listener-override.latest.golden
 rename agent/xds/testdata/endpoints/{api-gateway-with-http-route-and-inline-certificate.latest.golden => api-gateway-with-http-route.latest.golden} (100%)
 create mode 100644 agent/xds/testdata/endpoints/api-gateway-with-multiple-inline-certificates.latest.golden
 create mode 100644 agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-listener-override.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/api-gateway-with-http-route-and-inline-certificate.latest.golden
 create mode 100644 agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden
 create mode 100644 agent/xds/testdata/listeners/api-gateway-with-multiple-inline-certificates.latest.golden
 create mode 100644 agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-listener-override.latest.golden
 create mode 100644 agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden
 rename agent/xds/testdata/listeners/{expose-checks.latest.golden => expose-checks-grpc.latest.golden} (89%)
 create mode 100644 agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden
 create mode 100644 agent/xds/testdata/listeners/expose-checks-http.latest.golden
 create mode 100644 agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
 create mode 100644 agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
 create mode 100644 agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
 create mode 100644 agent/xds/testdata/listeners/terminating-gateway-custom-trace-listener.latest.golden
 delete mode 100644 agent/xds/testdata/routes/api-gateway-with-http-route-and-inline-certificate.latest.golden
 create mode 100644 agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden
 create mode 100644 agent/xds/testdata/routes/api-gateway-with-multiple-inline-certificates.latest.golden
 create mode 100644 agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-listener-override.latest.golden
 create mode 100644 agent/xds/testdata/secrets/api-gateway-with-http-route.latest.golden
 create mode 100644 agent/xds/testdata/secrets/api-gateway-with-multiple-inline-certificates.latest.golden
 create mode 100644 agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-listener-override.latest.golden

diff --git a/agent/proxycfg/testing_connect_proxy.go b/agent/proxycfg/testing_connect_proxy.go
index a929aa52f167..8a1583edd0f0 100644
--- a/agent/proxycfg/testing_connect_proxy.go
+++ b/agent/proxycfg/testing_connect_proxy.go
@@ -227,6 +227,14 @@ func TestConfigSnapshotExposeConfig(t testing.T, nsFn func(ns *structs.NodeServi
 }
 
 func TestConfigSnapshotExposeChecks(t testing.T) *ConfigSnapshot {
+	return testConfigSnapshotExposedChecks(t, false)
+}
+
+func TestConfigSnapshotExposeChecksWithBindOverride(t testing.T) *ConfigSnapshot {
+	return testConfigSnapshotExposedChecks(t, true)
+}
+
+func testConfigSnapshotExposedChecks(t testing.T, overrideBind bool) *ConfigSnapshot {
 	return TestConfigSnapshot(t,
 		func(ns *structs.NodeService) {
 			ns.Address = "1.2.3.4"
@@ -235,6 +243,12 @@ func TestConfigSnapshotExposeChecks(t testing.T) *ConfigSnapshot {
 			ns.Proxy.Expose = structs.ExposeConfig{
 				Checks: true,
 			}
+			if overrideBind {
+				if ns.Proxy.Config == nil {
+					ns.Proxy.Config = map[string]any{}
+				}
+				ns.Proxy.Config["bind_address"] = "6.7.8.9"
+			}
 		},
 		[]UpdateEvent{
 			{
@@ -253,6 +267,32 @@ func TestConfigSnapshotExposeChecks(t testing.T) *ConfigSnapshot {
 	)
 }
 
+func TestConfigSnapshotExposeChecksGRPC(t testing.T) *ConfigSnapshot {
+	return TestConfigSnapshot(t,
+		func(ns *structs.NodeService) {
+			ns.Address = "1.2.3.4"
+			ns.Port = 9090
+			ns.Proxy.Upstreams = nil
+			ns.Proxy.Expose = structs.ExposeConfig{
+				Checks: true,
+			}
+		},
+		[]UpdateEvent{
+			{
+				CorrelationID: svcChecksWatchIDPrefix + structs.ServiceIDString("web", nil),
+				Result: []structs.CheckType{{
+					CheckID:   types.CheckID("grpc"),
+					Name:      "grpc",
+					GRPC:      "localhost:9090/v1.Health",
+					ProxyGRPC: "localhost:21501/myservice",
+					Interval:  10 * time.Second,
+					Timeout:   1 * time.Second,
+				}},
+			},
+		},
+	)
+}
+
 func TestConfigSnapshotGRPCExposeHTTP1(t testing.T) *ConfigSnapshot {
 	roots, leaf := TestCerts(t)
 
diff --git a/agent/proxycfg/testing_ingress_gateway.go b/agent/proxycfg/testing_ingress_gateway.go
index d6b2c3ad2eb8..7c3599af203a 100644
--- a/agent/proxycfg/testing_ingress_gateway.go
+++ b/agent/proxycfg/testing_ingress_gateway.go
@@ -1888,8 +1888,8 @@ func TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners(t testing.T) *
 			entry.TLS.Enabled = true
 			entry.TLS.TLSMinVersion = types.TLSv1_2
 
-			// One listener disables TLS, one inherits TLS minimum version from the gateway
-			// config, two others set different versions
+			// One listener should inherit TLS minimum version from the gateway config,
+			// two others each set explicit TLS minimum versions
 			entry.Listeners = []structs.IngressListener{
 				{
 					Port:     8080,
@@ -1925,8 +1925,6 @@ func TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners(t testing.T) *
 			{
 				CorrelationID: gatewayServicesWatchID,
 				Result: &structs.IndexedGatewayServices{
-					// One listener should inherit TLS minimum version from the gateway config,
-					// two others each set explicit TLS minimum versions
 					Services: []*structs.GatewayService{
 						{
 							Service:  s1,
@@ -1984,3 +1982,208 @@ func TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners(t testing.T) *
 			},
 		})
 }
+
+func TestConfigSnapshotIngressGateway_TLSMixedMaxVersionListeners(t testing.T) *ConfigSnapshot {
+	var (
+		s1      = structs.NewServiceName("s1", nil)
+		s1UID   = NewUpstreamIDFromServiceName(s1)
+		s1Chain = discoverychain.TestCompileConfigEntries(t, "s1", "default", "default", "dc1", connect.TestClusterID+".consul", nil, nil)
+
+		s2      = structs.NewServiceName("s2", nil)
+		s2UID   = NewUpstreamIDFromServiceName(s2)
+		s2Chain = discoverychain.TestCompileConfigEntries(t, "s2", "default", "default", "dc1", connect.TestClusterID+".consul", nil, nil)
+
+		s3      = structs.NewServiceName("s3", nil)
+		s3UID   = NewUpstreamIDFromServiceName(s3)
+		s3Chain = discoverychain.TestCompileConfigEntries(t, "s3", "default", "default", "dc1", connect.TestClusterID+".consul", nil, nil)
+	)
+
+	return TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil,
+		func(entry *structs.IngressGatewayConfigEntry) {
+			entry.TLS.Enabled = true
+			entry.TLS.TLSMaxVersion = types.TLSv1_2
+
+			// One listener should inherit TLS maximum version from the gateway config,
+			// two others each set explicit TLS maximum versions
+			entry.Listeners = []structs.IngressListener{
+				{
+					Port:     8080,
+					Protocol: "http",
+					Services: []structs.IngressService{
+						{Name: "s1"},
+					},
+				},
+				{
+					Port:     8081,
+					Protocol: "http",
+					Services: []structs.IngressService{
+						{Name: "s2"},
+					},
+					TLS: &structs.GatewayTLSConfig{
+						Enabled:       true,
+						TLSMaxVersion: types.TLSv1_0,
+					},
+				},
+				{
+					Port:     8082,
+					Protocol: "http",
+					Services: []structs.IngressService{
+						{Name: "s3"},
+					},
+					TLS: &structs.GatewayTLSConfig{
+						Enabled:       true,
+						TLSMaxVersion: types.TLSv1_3,
+					},
+				},
+			}
+		}, []UpdateEvent{
+			{
+				CorrelationID: gatewayServicesWatchID,
+				Result: &structs.IndexedGatewayServices{
+					Services: []*structs.GatewayService{
+						{
+							Service:  s1,
+							Port:     8080,
+							Protocol: "http",
+						},
+						{
+							Service:  s2,
+							Port:     8081,
+							Protocol: "http",
+						},
+						{
+							Service:  s3,
+							Port:     8082,
+							Protocol: "http",
+						},
+					},
+				},
+			},
+			{
+				CorrelationID: "discovery-chain:" + s1UID.String(),
+				Result: &structs.DiscoveryChainResponse{
+					Chain: s1Chain,
+				},
+			},
+			{
+				CorrelationID: "discovery-chain:" + s2UID.String(),
+				Result: &structs.DiscoveryChainResponse{
+					Chain: s2Chain,
+				},
+			},
+			{
+				CorrelationID: "discovery-chain:" + s3UID.String(),
+				Result: &structs.DiscoveryChainResponse{
+					Chain: s3Chain,
+				},
+			},
+			{
+				CorrelationID: "upstream-target:" + s1Chain.ID() + ":" + s1UID.String(),
+				Result: &structs.IndexedCheckServiceNodes{
+					Nodes: TestUpstreamNodes(t, "s1"),
+				},
+			},
+			{
+				CorrelationID: "upstream-target:" + s2Chain.ID() + ":" + s2UID.String(),
+				Result: &structs.IndexedCheckServiceNodes{
+					Nodes: TestUpstreamNodes(t, "s2"),
+				},
+			},
+			{
+				CorrelationID: "upstream-target:" + s3Chain.ID() + ":" + s3UID.String(),
+				Result: &structs.IndexedCheckServiceNodes{
+					Nodes: TestUpstreamNodes(t, "s3"),
+				},
+			},
+		})
+}
+
+func TestConfigSnapshotIngressGateway_TLSMixedCipherVersionListeners(t testing.T) *ConfigSnapshot {
+	var (
+		s1      = structs.NewServiceName("s1", nil)
+		s1UID   = NewUpstreamIDFromServiceName(s1)
+		s1Chain = discoverychain.TestCompileConfigEntries(t, "s1", "default", "default", "dc1", connect.TestClusterID+".consul", nil, nil)
+
+		s2      = structs.NewServiceName("s2", nil)
+		s2UID   = NewUpstreamIDFromServiceName(s2)
+		s2Chain = discoverychain.TestCompileConfigEntries(t, "s2", "default", "default", "dc1", connect.TestClusterID+".consul", nil, nil)
+	)
+
+	return TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil,
+		func(entry *structs.IngressGatewayConfigEntry) {
+			entry.TLS.Enabled = true
+			entry.TLS.CipherSuites = []types.TLSCipherSuite{
+				types.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			}
+
+			// One listener should inherit TLS Ciphers from the gateway config,
+			// the other should be set explicitly from the listener config
+			entry.Listeners = []structs.IngressListener{
+				{
+					Port:     8080,
+					Protocol: "http",
+					Services: []structs.IngressService{
+						{Name: "s1"},
+					},
+				},
+				{
+					Port:     8081,
+					Protocol: "http",
+					Services: []structs.IngressService{
+						{Name: "s2"},
+					},
+					TLS: &structs.GatewayTLSConfig{
+						Enabled: true,
+						CipherSuites: []types.TLSCipherSuite{
+							types.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+							types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+						},
+					},
+				},
+			}
+		}, []UpdateEvent{
+			{
+				CorrelationID: gatewayServicesWatchID,
+				Result: &structs.IndexedGatewayServices{
+					// One listener should inherit TLS minimum version from the gateway config,
+					// two others each set explicit TLS minimum versions
+					Services: []*structs.GatewayService{
+						{
+							Service:  s1,
+							Port:     8080,
+							Protocol: "http",
+						},
+						{
+							Service:  s2,
+							Port:     8081,
+							Protocol: "http",
+						},
+					},
+				},
+			},
+			{
+				CorrelationID: "discovery-chain:" + s1UID.String(),
+				Result: &structs.DiscoveryChainResponse{
+					Chain: s1Chain,
+				},
+			},
+			{
+				CorrelationID: "discovery-chain:" + s2UID.String(),
+				Result: &structs.DiscoveryChainResponse{
+					Chain: s2Chain,
+				},
+			},
+			{
+				CorrelationID: "upstream-target:" + s1Chain.ID() + ":" + s1UID.String(),
+				Result: &structs.IndexedCheckServiceNodes{
+					Nodes: TestUpstreamNodes(t, "s1"),
+				},
+			},
+			{
+				CorrelationID: "upstream-target:" + s2Chain.ID() + ":" + s2UID.String(),
+				Result: &structs.IndexedCheckServiceNodes{
+					Nodes: TestUpstreamNodes(t, "s2"),
+				},
+			},
+		})
+}
diff --git a/agent/proxycfg/testing_mesh_gateway.go b/agent/proxycfg/testing_mesh_gateway.go
index 0ad9d4524afe..b45595502ec2 100644
--- a/agent/proxycfg/testing_mesh_gateway.go
+++ b/agent/proxycfg/testing_mesh_gateway.go
@@ -23,9 +23,10 @@ func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *st
 	roots, _ := TestCertsForMeshGateway(t)
 
 	var (
-		populateServices    = true
-		useFederationStates = false
-		deleteCrossDCEntry  = false
+		populateServices      = true
+		useFederationStates   = false
+		deleteCrossDCEntry    = false
+		meshGatewayFederation = false
 	)
 
 	switch variant {
@@ -34,6 +35,11 @@ func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *st
 		populateServices = true
 		useFederationStates = true
 		deleteCrossDCEntry = true
+	case "mesh-gateway-federation":
+		populateServices = true
+		useFederationStates = true
+		deleteCrossDCEntry = true
+		meshGatewayFederation = true
 	case "newer-info-in-federation-states":
 		populateServices = true
 		useFederationStates = true
@@ -447,6 +453,63 @@ func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *st
 		})
 	}
 
+	var serverSNIFn ServerSNIFunc
+	if meshGatewayFederation {
+
+		// reproduced from tlsutil/config.go
+		serverSNIFn = func(dc, nodeName string) string {
+			// Strip the trailing '.' from the domain if any
+			domain := "consul"
+
+			if nodeName == "" || nodeName == "*" {
+				return "server." + dc + "." + domain
+			}
+
+			return nodeName + ".server." + dc + "." + domain
+		}
+
+		baseEvents = testSpliceEvents(baseEvents, []UpdateEvent{
+			{
+				CorrelationID: consulServerListWatchID,
+				Result: &structs.IndexedCheckServiceNodes{
+					Nodes: structs.CheckServiceNodes{
+						{
+							Node: &structs.Node{
+								Datacenter: "dc1",
+								Node:       "node1",
+								Address:    "127.0.0.1",
+							},
+							Service: &structs.NodeService{
+								ID:      structs.ConsulServiceID,
+								Service: structs.ConsulServiceName,
+								Meta: map[string]string{
+									"grpc_port":     "8502",
+									"grpc_tls_port": "8503",
+								},
+							},
+						},
+						{
+							Node: &structs.Node{
+								Datacenter: "dc1",
+								Node:       "node2",
+								Address:    "127.0.0.2",
+							},
+							Service: &structs.NodeService{
+								ID:      structs.ConsulServiceID,
+								Service: structs.ConsulServiceName,
+								Meta: map[string]string{
+									"grpc_port":     "8502",
+									"grpc_tls_port": "8503",
+								},
+							},
+						},
+					},
+				},
+			},
+		})
+
+	}
+
 	return testConfigSnapshotFixture(t, &structs.NodeService{
 		Kind:    structs.ServiceKindMeshGateway,
 		Service: "mesh-gateway",
@@ -466,7 +529,7 @@ func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *st
 				Port:    443,
 			},
 		},
-	}, nsFn, nil, testSpliceEvents(baseEvents, extraUpdates))
+	}, nsFn, serverSNIFn, testSpliceEvents(baseEvents, extraUpdates))
 }
 
 func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(ns *structs.NodeService), extraUpdates []UpdateEvent) *ConfigSnapshot {
diff --git a/agent/proxycfg/testing_peering.go b/agent/proxycfg/testing_peering.go
index 9b754c977f2f..afa7503923e7 100644
--- a/agent/proxycfg/testing_peering.go
+++ b/agent/proxycfg/testing_peering.go
@@ -4,13 +4,25 @@
 package proxycfg
 
 import (
+	"bytes"
+	"text/template"
+
 	"github.com/mitchellh/go-testing-interface"
+	"github.com/stretchr/testify/require"
 
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 )
 
 func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot {
+	return testConfigSnapshot(t, false)
+}
+
+func TestConfigSnapshotPeeringWithListenerOverride(t testing.T) *ConfigSnapshot {
+	return testConfigSnapshot(t, true)
+}
+
+func testConfigSnapshot(t testing.T, listenerOverride bool) *ConfigSnapshot {
 	var (
 		paymentsUpstream = structs.Upstream{
 			DestinationName: "payments",
@@ -34,6 +46,20 @@ func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot {
 			paymentsUpstream,
 			refundsUpstream,
 		}
+
+		if listenerOverride {
+			if ns.Proxy.Upstreams[0].Config == nil {
+				ns.Proxy.Upstreams[0].Config = map[string]interface{}{}
+			}
+
+			uid := NewUpstreamID(&ns.Proxy.Upstreams[0])
+
+			ns.Proxy.Upstreams[0].Config["envoy_listener_json"] =
+				customListenerJSON(t, customListenerJSONOptions{
+					Name: uid.EnvoyID() + ":custom-upstream",
+				})
+		}
+
 	}, []UpdateEvent{
 		{
 			CorrelationID: peerTrustBundleIDPrefix + "cloud",
@@ -380,3 +406,53 @@ func TestConfigSnapshotPeeringLocalMeshGateway(t testing.T) *ConfigSnapshot {
 		},
 	})
 }
+
+var (
+	customListenerJSONTemplate = template.Must(template.New("").Parse(customListenerJSONTpl))
+)
+
+func customListenerJSON(t testing.T, opts customListenerJSONOptions) string {
+	t.Helper()
+	var buf bytes.Buffer
+	require.NoError(t, customListenerJSONTemplate.Execute(&buf, opts))
+	return buf.String()
+}
+
+type customListenerJSONOptions struct {
+	Name       string
+	TLSContext string
+}
+
+const customListenerJSONTpl = `{
+	"@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+	"name": "{{ .Name }}",
+	"address": {
+		"socketAddress": {
+			"address": "11.11.11.11",
+			"portValue": 11111
+		}
+	},
+	"filterChains": [
+		{
+			{{ if .TLSContext -}}
+			"transport_socket": {
+				"name": "tls",
+				"typed_config": {
+					"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+					{{ .TLSContext }}
+				}
+			},
+			{{- end }}
+			"filters": [
+				{
+					"name": "envoy.filters.network.tcp_proxy",
+					"typedConfig": {
+						"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+							"cluster": "random-cluster",
+							"statPrefix": "foo-stats"
+						}
+				}
+			]
+		}
+	]
+}`
diff --git a/agent/xds/listeners_apigateway.go b/agent/xds/listeners_apigateway.go
index 633c04f0524b..fcb1ee0829a3 100644
--- a/agent/xds/listeners_apigateway.go
+++ b/agent/xds/listeners_apigateway.go
@@ -5,6 +5,7 @@ package xds
 
 import (
 	"fmt"
+
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
@@ -284,10 +285,7 @@ func makeCommonTLSContextFromSnapshotAPIGatewayListenerConfig(cfgSnap *proxycfg.
 
 	connectTLSEnabled := (!listenerCfg.TLS.IsEmpty())
 
-	if tlsCfg.SDS != nil {
-		// Set up listener TLS from SDS
-		tlsContext = makeCommonTLSContextFromGatewayTLSConfig(*tlsCfg)
-	} else if connectTLSEnabled {
+	if connectTLSEnabled {
 		tlsContext = makeCommonTLSContext(cfgSnap.Leaf(), cfgSnap.RootPEMs(), makeTLSParametersFromGatewayTLSConfig(*tlsCfg))
 	}
 
@@ -316,29 +314,6 @@ func resolveAPIListenerTLSConfig(listenerTLSCfg structs.APIGatewayTLSConfigurati
 	return &mergedCfg, nil
 }
 
-func routeNameForAPIGatewayUpstream(l structs.IngressListener, s structs.IngressService) string {
-	key := proxycfg.IngressListenerKeyFromListener(l)
-
-	// If the upstream service doesn't have any TLS overrides then it can just use
-	// the combined filterchain with all the merged routes.
-	if !ingressServiceHasSDSOverrides(s) {
-		return key.RouteName()
-	}
-
-	// Return a specific route for this service as it needs a custom FilterChain
-	// to serve its custom cert so we should attach its routes to a separate Route
-	// too. We need this to be consistent between OSS and Enterprise to avoid xDS
-	// config golden files in tests conflicting so we can't use ServiceID.String()
-	// which normalizes to included all identifiers in Enterprise.
-	sn := s.ToServiceName()
-	svcIdentifier := sn.Name
-	if !sn.InDefaultPartition() || !sn.InDefaultNamespace() {
-		// Non-default partition/namespace, use a full identifier
-		svcIdentifier = sn.String()
-	}
-	return fmt.Sprintf("%s_%s", key.RouteName(), svcIdentifier)
-}
-
 // when we have multiple certificates on a single listener, we need
 // to duplicate the filter chains with multiple TLS contexts
 func makeInlineOverrideFilterChains(cfgSnap *proxycfg.ConfigSnapshot,
diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go
index 10b358bdad15..1d00217f6ec0 100644
--- a/agent/xds/listeners_test.go
+++ b/agent/xds/listeners_test.go
@@ -10,9 +10,10 @@ import (
 	"testing"
 	"text/template"
 
-	"github.com/hashicorp/consul/agent/xds/testcommon"
 	"github.com/stretchr/testify/assert"
 
+	"github.com/hashicorp/consul/agent/xds/testcommon"
+
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	testinf "github.com/mitchellh/go-testing-interface"
 	"github.com/stretchr/testify/require"
@@ -435,6 +436,31 @@ func TestListenersFromSnapshot(t *testing.T) {
 				}, nil)
 			},
 		},
+		{
+			name: "custom-upstream-with-prepared-query",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) {
+					for i := range ns.Proxy.Upstreams {
+						if ns.Proxy.Upstreams[i].DestinationName != "db" {
+							continue // only tweak the db upstream
+						}
+						if ns.Proxy.Upstreams[i].Config == nil {
+							ns.Proxy.Upstreams[i].Config = map[string]interface{}{}
+						}
+
+						uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i])
+
+						// Triggers an override with the presence of the escape hatch listener
+						ns.Proxy.Upstreams[i].DestinationType = structs.UpstreamDestTypePreparedQuery
+
+						ns.Proxy.Upstreams[i].Config["envoy_listener_json"] =
+							customListenerJSON(t, customListenerJSONOptions{
+								Name: uid.EnvoyID() + ":custom-upstream",
+							})
+					}
+				}, nil)
+			},
+		},
 		{
 			name: "connect-proxy-upstream-defaults",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -476,7 +502,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 			// NOTE: if IPv6 is not supported in the kernel per
 			// kernelSupportsIPv6() then this test will fail because the golden
 			// files were generated assuming ipv6 support was present
-			name:   "expose-checks",
+			name:   "expose-checks-http",
 			create: proxycfg.TestConfigSnapshotExposeChecks,
 			generatorSetup: func(s *ResourceGenerator) {
 				s.CfgFetcher = configFetcherFunc(func() string {
@@ -484,6 +510,30 @@ func TestListenersFromSnapshot(t *testing.T) {
 				})
 			},
 		},
+		{
+			// NOTE: if IPv6 is not supported in the kernel per
+			// kernelSupportsIPv6() then this test will fail because the golden
+			// files were generated assuming ipv6 support was present
+			name:   "expose-checks-http-with-bind-override",
+			create: proxycfg.TestConfigSnapshotExposeChecksWithBindOverride,
+			generatorSetup: func(s *ResourceGenerator) {
+				s.CfgFetcher = configFetcherFunc(func() string {
+					return "192.0.2.1"
+				})
+			},
+		},
+		{
+			// NOTE: if IPv6 is not supported in the kernel per
+			// kernelSupportsIPv6() then this test will fail because the golden
+			// files were generated assuming ipv6 support was present
+			name:   "expose-checks-grpc",
+			create: proxycfg.TestConfigSnapshotExposeChecksGRPC,
+			generatorSetup: func(s *ResourceGenerator) {
+				s.CfgFetcher = configFetcherFunc(func() string {
+					return "192.0.2.1"
+				})
+			},
+		},
 		{
 			name: "mesh-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -496,6 +546,12 @@ func TestListenersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil)
 			},
 		},
+		{
+			name: "mesh-gateway-using-federation-control-plane",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil)
+			},
+		},
 		{
 			name: "mesh-gateway-no-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -812,6 +868,16 @@ func TestListenersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, nil)
 			},
 		},
+		{
+			name: "terminating-gateway-custom-trace-listener",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, func(ns *structs.NodeService) {
+					ns.Proxy.Config = map[string]interface{}{}
+					ns.Proxy.Config["protocol"] = "http"
+					ns.Proxy.Config["envoy_listener_tracing_json"] = customTraceJSON(t)
+				}, nil)
+			},
+		},
 		{
 			name: "terminating-gateway-with-tls-incoming-min-version",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -982,6 +1048,14 @@ func TestListenersFromSnapshot(t *testing.T) {
 			name:   "ingress-with-tls-mixed-min-version-listeners",
 			create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners,
 		},
+		{
+			name:   "ingress-with-tls-mixed-max-version-listeners",
+			create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedMaxVersionListeners,
+		},
+		{
+			name:   "ingress-with-tls-mixed-cipher-suites-listeners",
+			create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedCipherVersionListeners,
+		},
 		{
 			name:   "ingress-with-sds-listener-gw-level",
 			create: proxycfg.TestConfigSnapshotIngressGatewaySDS_GatewayLevel,
@@ -1105,6 +1179,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) {
 					ns.Proxy.MutualTLSMode = structs.MutualTLSModePermissive
 					ns.Proxy.Mode = structs.ProxyModeTransparent
+					ns.Proxy.TransparentProxy.OutboundListenerPort = 1234
 				},
 					nil)
 			},
@@ -1129,6 +1204,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 		t.Run("envoy-"+envoyVersion, func(t *testing.T) {
 			for _, tt := range tests {
 				t.Run(tt.name, func(t *testing.T) {
+
 					// Sanity check default with no overrides first
 					snap := tt.create(t)
 
diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go
index 29743c060bfd..1a0d9b826a78 100644
--- a/agent/xds/resources_test.go
+++ b/agent/xds/resources_test.go
@@ -18,6 +18,7 @@ import (
 	"github.com/hashicorp/consul/agent/consul/discoverychain"
 	"github.com/hashicorp/consul/agent/xds/testcommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/types"
 
 	testinf "github.com/mitchellh/go-testing-interface"
 	"github.com/stretchr/testify/require"
@@ -163,6 +164,10 @@ func TestAllResourcesFromSnapshot(t *testing.T) {
 			name:   "connect-proxy-with-peered-upstreams",
 			create: proxycfg.TestConfigSnapshotPeering,
 		},
+		{
+			name:   "connect-proxy-with-peered-upstreams-listener-override",
+			create: proxycfg.TestConfigSnapshotPeeringWithListenerOverride,
+		},
 		{
 			name:   "transparent-proxy-with-peered-upstreams",
 			create: proxycfg.TestConfigSnapshotPeeringTProxy,
@@ -326,6 +331,54 @@ RahYIzNLRBTLrwadLAZkApUpZvB8qDK4knsTWFYujNsylCww2A6ajzIMFNU4GkUK
 NtyHRuD+KYRmjXtyX1yHNqfGN3vOQmwavHq2R8wHYuBSc6LAHHV9vG+j0VsgMELO
 qwxn8SmLkSKbf2+MsQVzLCXXN5u+D8Yv+4py+oKP4EQ5aFZuDEx+r/G/31rTthww
 AAJAMaoXmoYVdgXV+CPuBb2M4XCpuzLu3bcA2PXm5ipSyIgntMKwXV7r
+-----END CERTIFICATE-----`
+	// openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -sha256 -days 3650 \
+	// -nodes -subj "/C=XX/CN=secondcert.com" -addext "subjectAltName = DNS:secondcert.com"
+	gatewayTestPrivateKeyTwo = `-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCiPr2HCbVzbZ1M
+IW89rfLLrciPTWWl48DF9CmYHS0C2gSD1W6bxzO7zdA+ced0ajI+YsQ9aBAXRhKl
+EHgnhBJ6sGsz1XBQ9+lNDHrg9AjugIiHoscYOeCcxMeXhp97ti+vpVsc2/AvEf2K
+GIUuOjcufXuRXkWQ2aB4RGyodkgRF6n8YrLJb7pWIjoCNwDAWtZX4wIVFgGq1ew0
+E/E9EyStMYTb5h1lvCpXYRN9AeSFKUQI/y0xsT3+nZ/gyzx3CrgzuSYRgptbuVwm
+5F2Q16sLR/EtCBIhA8npKagx/4U7KOilF31I2locH4Aq5l9VJd/6pTA5F4KCAW/E
+ybXz6DojAgMBAAECggEAPcOuuRqsFf4ztIjB5XQ0Cu/kexFW0flLKNDTiNIKkZxX
+vaxhyDHkculeDnekSkAnUnKdDFdyULnfXTFQ3JI9yrEgjoIBmQFXsno+ySZ9w/Xw
+g9om+wUFigirhva7/geUTcSgU/Myk2jA4XKGONv2p98jTGrcBtGickZyKwukUcTa
+M18phLdjejg09d45QV5pEtU5m0HuydvtMNCxL2UeWMxyIVezAH2S48m7IAn7Xs4p
+J9bwjboDWQYs+zLPfEZyosiJiKugpEKvApIKsJXf4JqRXHN+vvKKDeXkKrrGR+pg
+3e5foPjFrLcDltZMkrfnlm8fa0yLnoxdiyd1pDcJaQKBgQDSnJbM6CDb0b3bUyiz
+LpfJSBzEPqABM8mNeVHfEjHcBJ7YBOceBxDNasmAPvFbhoDrlHiEYW2QnDLRXKeF
+XVdXjSsUV30SPMeg6yeSd8L+LKXLjrGMNGDcJfnjLavv7Glu1xDnYyFSmeVIhWoo
+cOhfaFQ69vnHiU1idrOlz6zhPwKBgQDFNcY0S59f3tht7kgnItg8PSfJqJQrIdLt
+x6MC2Nc7Eui7/LTuO2rMG6HRA/8zQa/TfnfG7CsUwLB1NiC2R1TtM9YBYPxhMl1o
+JeGTfM+tD0lBwPhYpgnOCppuayRCfAsPYA6NcvXcGZbxOigxliOuvgVBH47EAApA
+zJ+8b6nKHQKBgQCZ0GDV/4XX5KNq5Z3o1tNl3jOcIzyKBD9kAkGHz+r4C6vSiioc
+pP5hd2b4MX/l3yKSapll3R2+qkT24Fs8LEJYn7Hhpk+inR8SaAs7jhmrtgHT2z/R
+7IL85QNOJhHXJGqP16PxyVUR1XE9eKpiJKug2joB4lPjpWQN0DE9nKFe0wKBgEo3
+qpgTva7+1sTIYC8aVfaVrVufLePtnswNzbNMl/OLcjsNJ6pgghi+bW+T6X8IwXr+
+pWUfjDcLLV1vOXBf9/4s++UY8uJBahW/69zto9qlXhR44v25vwbjxqq3d7XtqNvo
+cpGZKh3jI4M1N9sxfcxNhvyzO69XtIQefh8UhvmhAoGBAKzSA51l50ocOnWSNAXs
+QQoU+dYQjLDMtzc5N68EUf1GSjtgkpa3PYjVo09OMeb7+W9LhwHQDNMqgeeEDCsm
+B6NDnI4VyjVae7Hqz48WBERJBFMFWiLxEa1m2UwaV2jAubN8FKgH4KzDzOKtJEUy
+Rz9IUct6HXsDSs+Q3/zdFmPo
+-----END PRIVATE KEY-----`
+	gatewayTestCertificateTwo = `-----BEGIN CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIJAMHpuSA3ioNPMA0GCSqGSIb3DQEBCwUAMCYxCzAJBgNV
+BAYTAlhYMRcwFQYDVQQDDA5zZWNvbmRjZXJ0LmNvbTAeFw0yMzA3MTExNTE1MjBa
+Fw0zMzA3MDgxNTE1MjBaMCYxCzAJBgNVBAYTAlhYMRcwFQYDVQQDDA5zZWNvbmRj
+ZXJ0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKI+vYcJtXNt
+nUwhbz2t8sutyI9NZaXjwMX0KZgdLQLaBIPVbpvHM7vN0D5x53RqMj5ixD1oEBdG
+EqUQeCeEEnqwazPVcFD36U0MeuD0CO6AiIeixxg54JzEx5eGn3u2L6+lWxzb8C8R
+/YoYhS46Ny59e5FeRZDZoHhEbKh2SBEXqfxisslvulYiOgI3AMBa1lfjAhUWAarV
+7DQT8T0TJK0xhNvmHWW8KldhE30B5IUpRAj/LTGxPf6dn+DLPHcKuDO5JhGCm1u5
+XCbkXZDXqwtH8S0IEiEDyekpqDH/hTso6KUXfUjaWhwfgCrmX1Ul3/qlMDkXgoIB
+b8TJtfPoOiMCAwEAAaMdMBswGQYDVR0RBBIwEIIOc2Vjb25kY2VydC5jb20wDQYJ
+KoZIhvcNAQELBQADggEBAJvP3deuEpJZktAny6/az09GLSUYddiNCE4sG/2ASj7C
+mwRTh2HM4BDnkhW9PNjfHoaWa2TDIhOyHQ5hLYz2tnaeU1sOrADCuFSxGiQqgr8J
+prahKh6AzNsXba4rumoO08QTTtJzoa8L6TV4PTQ6gi+OMdbyBe3CQ7DSRzLseHNH
+KG5tqRRu+Jm7dUuOXDV4MDHoloyZlksOvIYSC+gaS+ke3XlR+GzOW7hpgn5SIDlv
+aR/zlIKXUCvVux3/pNFgW6rduFE0f5Hbc1+J4ghTl8EQu1dwDTax7blXQwE+VDgJ
+u4fZGRmoUvvO/bjVCbehBxfJn0rHsxpuD5b4Jg2OZNc=
 -----END CERTIFICATE-----`
 )
 
@@ -391,7 +444,80 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
 			},
 		},
 		{
-			name: "api-gateway-with-http-route-and-inline-certificate",
+			name: "api-gateway-with-multiple-inline-certificates",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) {
+					entry.Listeners = []structs.APIGatewayListener{
+						{
+							Name:     "listener",
+							Protocol: structs.ListenerProtocolTCP,
+							Port:     8080,
+							TLS: structs.APIGatewayTLSConfiguration{
+								Certificates: []structs.ResourceReference{{
+									Kind: structs.InlineCertificate,
+									Name: "certificate",
+								}},
+								MinVersion: types.TLSv1_2,
+								MaxVersion: types.TLSv1_3,
+								CipherSuites: []types.TLSCipherSuite{
+									types.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+									types.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+								},
+							},
+						},
+					}
+					bound.Listeners = []structs.BoundAPIGatewayListener{
+						{
+							Name: "listener",
+							Certificates: []structs.ResourceReference{
+								{
+									Kind: structs.InlineCertificate,
+									Name: "certificate",
+								},
+								{
+									Kind: structs.InlineCertificate,
+									Name: "certificate-too",
+								},
+							},
+							Routes: []structs.ResourceReference{{
+								Kind: structs.TCPRoute,
+								Name: "route",
+							}},
+						},
+					}
+				},
+					[]structs.BoundRoute{
+						&structs.TCPRouteConfigEntry{
+							Kind: structs.TCPRoute,
+							Name: "route",
+							Services: []structs.TCPService{{
+								Name: "service",
+							}},
+							Parents: []structs.ResourceReference{
+								{
+									Kind: structs.APIGateway,
+									Name: "api-gateway",
+								},
+							},
+						},
+					}, []structs.InlineCertificateConfigEntry{
+						{
+							Kind:        structs.InlineCertificate,
+							Name:        "certificate",
+							PrivateKey:  gatewayTestPrivateKey,
+							Certificate: gatewayTestCertificate,
+						},
+						{
+							Kind:        structs.InlineCertificate,
+							Name:        "certificate-too",
+							PrivateKey:  gatewayTestPrivateKeyTwo,
+							Certificate: gatewayTestCertificateTwo,
+						},
+					}, nil)
+			},
+		},
+		{
+			name: "api-gateway-with-http-route",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) {
 					entry.Listeners = []structs.APIGatewayListener{
@@ -404,6 +530,10 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
 					bound.Listeners = []structs.BoundAPIGatewayListener{
 						{
 							Name: "listener",
+							Certificates: []structs.ResourceReference{{
+								Kind: structs.InlineCertificate,
+								Name: "certificate",
+							}},
 							Routes: []structs.ResourceReference{{
 								Kind: structs.HTTPRoute,
 								Name: "route",
@@ -439,7 +569,12 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
 							},
 						},
 					},
-				}, nil, []proxycfg.UpdateEvent{{
+				}, []structs.InlineCertificateConfigEntry{{
+					Kind:        structs.InlineCertificate,
+					Name:        "certificate",
+					PrivateKey:  gatewayTestPrivateKey,
+					Certificate: gatewayTestCertificate,
+				}}, []proxycfg.UpdateEvent{{
 					CorrelationID: "discovery-chain:" + serviceUID.String(),
 					Result: &structs.DiscoveryChainResponse{
 						Chain: serviceChain,
diff --git a/agent/xds/testdata/clusters/api-gateway-with-http-route-and-inline-certificate.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-http-route.latest.golden
similarity index 100%
rename from agent/xds/testdata/clusters/api-gateway-with-http-route-and-inline-certificate.latest.golden
rename to agent/xds/testdata/clusters/api-gateway-with-http-route.latest.golden
diff --git a/agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden
new file mode 100644
index 000000000000..e20479dfd1cf
--- /dev/null
+++ b/agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden
@@ -0,0 +1,55 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "circuitBreakers":  {},
+      "outlierDetection":  {},
+      "commonLbConfig":  {
+        "healthyPanicThreshold":  {}
+      },
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service"
+                }
+              ]
+            }
+          },
+          "sni":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-listener-override.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-listener-override.latest.golden
new file mode 100644
index 000000000000..8ae9b0853749
--- /dev/null
+++ b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-listener-override.latest.golden
@@ -0,0 +1,147 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "local_app",
+      "type": "STATIC",
+      "connectTimeout": "5s",
+      "loadAssignment": {
+        "clusterName": "local_app",
+        "endpoints": [
+          {
+            "lbEndpoints": [
+              {
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "127.0.0.1",
+                      "portValue": 8080
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "payments.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+      "type": "LOGICAL_DNS",
+      "connectTimeout": "5s",
+      "loadAssignment": {
+        "clusterName": "payments.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+        "endpoints": [
+          {
+            "lbEndpoints": [
+              {
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "123.us-east-1.elb.notaws.com",
+                      "portValue": 8443
+                    }
+                  }
+                },
+                "healthStatus": "HEALTHY",
+                "loadBalancingWeight": 1
+              }
+            ]
+          }
+        ]
+      },
+      "circuitBreakers": {},
+      "dnsRefreshRate": "10s",
+      "dnsLookupFamily": "V4_ONLY",
+      "outlierDetection": {
+        "maxEjectionPercent": 100
+      },
+      "commonLbConfig": {
+        "healthyPanicThreshold": {}
+      },
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "tlsParams": {},
+            "tlsCertificates": [
+              {
+                "certificateChain": {
+                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey": {
+                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext": {
+              "trustedCa": {
+                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames": [
+                {
+                  "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments"
+                }
+              ]
+            }
+          },
+          "sni": "payments.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
+        }
+      }
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
+        }
+      },
+      "connectTimeout": "5s",
+      "circuitBreakers": {},
+      "outlierDetection": {
+        "maxEjectionPercent": 100
+      },
+      "commonLbConfig": {
+        "healthyPanicThreshold": {}
+      },
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "tlsParams": {},
+            "tlsCertificates": [
+              {
+                "certificateChain": {
+                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey": {
+                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext": {
+              "trustedCa": {
+                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames": [
+                {
+                  "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds"
+                }
+              ]
+            }
+          },
+          "sni": "refunds.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
+        }
+      }
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/api-gateway-with-http-route-and-inline-certificate.latest.golden b/agent/xds/testdata/endpoints/api-gateway-with-http-route.latest.golden
similarity index 100%
rename from agent/xds/testdata/endpoints/api-gateway-with-http-route-and-inline-certificate.latest.golden
rename to agent/xds/testdata/endpoints/api-gateway-with-http-route.latest.golden
diff --git a/agent/xds/testdata/endpoints/api-gateway-with-multiple-inline-certificates.latest.golden b/agent/xds/testdata/endpoints/api-gateway-with-multiple-inline-certificates.latest.golden
new file mode 100644
index 000000000000..47b46bca225b
--- /dev/null
+++ b/agent/xds/testdata/endpoints/api-gateway-with-multiple-inline-certificates.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo":  "00000001",
+  "typeUrl":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-listener-override.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-listener-override.latest.golden
new file mode 100644
index 000000000000..9dc909faf7c0
--- /dev/null
+++ b/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-listener-override.latest.golden
@@ -0,0 +1,29 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName": "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+      "endpoints": [
+        {
+          "lbEndpoints": [
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "106.96.90.233",
+                    "portValue": 443
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/api-gateway-with-http-route-and-inline-certificate.latest.golden b/agent/xds/testdata/listeners/api-gateway-with-http-route-and-inline-certificate.latest.golden
deleted file mode 100644
index e9bee988de93..000000000000
--- a/agent/xds/testdata/listeners/api-gateway-with-http-route-and-inline-certificate.latest.golden
+++ /dev/null
@@ -1,49 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "http:1.2.3.4:8080",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8080
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "ingress_upstream_8080",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
-                  },
-                  "routeConfigName":  "8080"
-                },
-                "httpFilters":  [
-                  {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing":  {
-                  "randomSampling":  {}
-                }
-              }
-            }
-          ]
-        }
-      ],
-      "trafficDirection":  "OUTBOUND"
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden
new file mode 100644
index 000000000000..670911b8f97a
--- /dev/null
+++ b/agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden
@@ -0,0 +1,80 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "http:1.2.3.4:8080",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8080
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "ingress_upstream_certificate",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
+                  },
+                  "routeConfigName": "8080"
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                }
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICljCCAX4CCQCQMDsYO8FrPjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJV\nUzAeFw0yMjEyMjAxNzUwMjVaFw0yNzEyMTkxNzUwMjVaMA0xCzAJBgNVBAYTAlVT\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx95Opa6t4lGEpiTUogEB\nptqOdam2ch4BHQGhNhX/MrDwwuZQhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2\njQlhqTodElkbsd5vWY8R/bxJWQSoNvVE12TlzECxGpJEiHt4W0r8pGffk+rvplji\nUyCfnT1kGF3znOSjK1hRMTn6RKWCyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409\ng9X5VU88/Bmmrz4cMyxce86Kc2ug5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftr\nXOvuCbO5IBRHMOBHiHTZ4rtGuhMaIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+W\nmQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfCqoUIdPf/HGSbOorPyZWbyizNtHJ\nGL7x9cAeIYxpI5Y/WcO1o5v94lvrgm3FNfJoGKbV66+JxOge731FrfMpHplhar1Z\nRahYIzNLRBTLrwadLAZkApUpZvB8qDK4knsTWFYujNsylCww2A6ajzIMFNU4GkUK\nNtyHRuD+KYRmjXtyX1yHNqfGN3vOQmwavHq2R8wHYuBSc6LAHHV9vG+j0VsgMELO\nqwxn8SmLkSKbf2+MsQVzLCXXN5u+D8Yv+4py+oKP4EQ5aFZuDEx+r/G/31rTthww\nAAJAMaoXmoYVdgXV+CPuBb2M4XCpuzLu3bcA2PXm5ipSyIgntMKwXV7r\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAx95Opa6t4lGEpiTUogEBptqOdam2ch4BHQGhNhX/MrDwwuZQ\nhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2jQlhqTodElkbsd5vWY8R/bxJWQSo\nNvVE12TlzECxGpJEiHt4W0r8pGffk+rvpljiUyCfnT1kGF3znOSjK1hRMTn6RKWC\nyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409g9X5VU88/Bmmrz4cMyxce86Kc2ug\n5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftrXOvuCbO5IBRHMOBHiHTZ4rtGuhMa\nIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+WmQIDAQABAoIBACYvceUzp2MK4gYA\nGWPOP2uKbBdM0l+hHeNV0WAM+dHMfmMuL4pkT36ucqt0ySOLjw6rQyOZG5nmA6t9\nsv0g4ae2eCMlyDIeNi1Yavu4Wt6YX4cTXbQKThm83C6W2X9THKbauBbxD621bsDK\n7PhiGPN60yPue7YwFQAPqqD4YaK+s22HFIzk9gwM/rkvAUNwRv7SyHMiFe4Igc1C\nEev7iHWzvj5Heoz6XfF+XNF9DU+TieSUAdjd56VyUb8XL4+uBTOhHwLiXvAmfaMR\nHvpcxeKnYZusS6NaOxcUHiJnsLNWrxmJj9WEGgQzuLxcLjTe4vVmELVZD8t3QUKj\nPAxu8tUCgYEA7KIWVn9dfVpokReorFym+J8FzLwSktP9RZYEMonJo00i8aii3K9s\nu/aSwRWQSCzmON1ZcxZzWhwQF9usz6kGCk//9+4hlVW90GtNK0RD+j7sp4aT2JI8\n9eLEjTG+xSXa7XWe98QncjjL9lu/yrRncSTxHs13q/XP198nn2aYuQ8CgYEA2Dnt\nsRBzv0fFEvzzFv7G/5f85mouN38TUYvxNRTjBLCXl9DeKjDkOVZ2b6qlfQnYXIru\nH+W+v+AZEb6fySXc8FRab7lkgTMrwE+aeI4rkW7asVwtclv01QJ5wMnyT84AgDD/\nDgt/RThFaHgtU9TW5GOZveL+l9fVPn7vKFdTJdcCgYEArJ99zjHxwJ1whNAOk1av\n09UmRPm6TvRo4heTDk8oEoIWCNatoHI0z1YMLuENNSnT9Q280FFDayvnrY/qnD7A\nkktT/sjwJOG8q8trKzIMqQS4XWm2dxoPcIyyOBJfCbEY6XuRsUuePxwh5qF942EB\nyS9a2s6nC4Ix0lgPrqAIr48CgYBgS/Q6riwOXSU8nqCYdiEkBYlhCJrKpnJxF9T1\nofa0yPzKZP/8ZEfP7VzTwHjxJehQ1qLUW9pG08P2biH1UEKEWdzo8vT6wVJT1F/k\nHtTycR8+a+Hlk2SHVRHqNUYQGpuIe8mrdJ1as4Pd0d/F/P0zO9Rlh+mAsGPM8HUM\nT0+9gwKBgHDoerX7NTskg0H0t8O+iSMevdxpEWp34ZYa9gHiftTQGyrRgERCa7Gj\nnZPAxKb2JoWyfnu3v7G5gZ8fhDFsiOxLbZv6UZJBbUIh1MjJISpXrForDrC2QNLX\nkHrHfwBFDB3KMudhQknsJzEJKCL/KmFH6o0MvsoaT9yzEl3K+ah/\n-----END RSA PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "alpnProtocols": [
+                  "http/1.1"
+                ]
+              },
+              "requireClientCertificate": false
+            }
+          }
+        }
+      ],
+      "listenerFilters": [
+        {
+          "name": "envoy.filters.listener.tls_inspector",
+          "typedConfig": {
+            "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
+          }
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/api-gateway-with-multiple-inline-certificates.latest.golden b/agent/xds/testdata/listeners/api-gateway-with-multiple-inline-certificates.latest.golden
new file mode 100644
index 000000000000..272946812374
--- /dev/null
+++ b/agent/xds/testdata/listeners/api-gateway-with-multiple-inline-certificates.latest.golden
@@ -0,0 +1,102 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "service:1.2.3.4:8080",
+      "address":  {
+        "socketAddress":  {
+          "address":  "1.2.3.4",
+          "portValue":  8080
+        }
+      },
+      "filterChains":  [
+        {
+          "filterChainMatch":  {
+            "serverNames":  [
+              ""
+            ]
+          },
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "ingress_upstream_certificate",
+                "cluster":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ],
+          "transportSocket":  {
+            "name":  "tls",
+            "typedConfig":  {
+              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext":  {
+                "tlsParams":  {},
+                "tlsCertificates":  [
+                  {
+                    "certificateChain":  {
+                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICljCCAX4CCQCQMDsYO8FrPjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJV\nUzAeFw0yMjEyMjAxNzUwMjVaFw0yNzEyMTkxNzUwMjVaMA0xCzAJBgNVBAYTAlVT\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx95Opa6t4lGEpiTUogEB\nptqOdam2ch4BHQGhNhX/MrDwwuZQhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2\njQlhqTodElkbsd5vWY8R/bxJWQSoNvVE12TlzECxGpJEiHt4W0r8pGffk+rvplji\nUyCfnT1kGF3znOSjK1hRMTn6RKWCyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409\ng9X5VU88/Bmmrz4cMyxce86Kc2ug5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftr\nXOvuCbO5IBRHMOBHiHTZ4rtGuhMaIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+W\nmQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfCqoUIdPf/HGSbOorPyZWbyizNtHJ\nGL7x9cAeIYxpI5Y/WcO1o5v94lvrgm3FNfJoGKbV66+JxOge731FrfMpHplhar1Z\nRahYIzNLRBTLrwadLAZkApUpZvB8qDK4knsTWFYujNsylCww2A6ajzIMFNU4GkUK\nNtyHRuD+KYRmjXtyX1yHNqfGN3vOQmwavHq2R8wHYuBSc6LAHHV9vG+j0VsgMELO\nqwxn8SmLkSKbf2+MsQVzLCXXN5u+D8Yv+4py+oKP4EQ5aFZuDEx+r/G/31rTthww\nAAJAMaoXmoYVdgXV+CPuBb2M4XCpuzLu3bcA2PXm5ipSyIgntMKwXV7r\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey":  {
+                      "inlineString":  "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAx95Opa6t4lGEpiTUogEBptqOdam2ch4BHQGhNhX/MrDwwuZQ\nhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2jQlhqTodElkbsd5vWY8R/bxJWQSo\nNvVE12TlzECxGpJEiHt4W0r8pGffk+rvpljiUyCfnT1kGF3znOSjK1hRMTn6RKWC\nyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409g9X5VU88/Bmmrz4cMyxce86Kc2ug\n5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftrXOvuCbO5IBRHMOBHiHTZ4rtGuhMa\nIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+WmQIDAQABAoIBACYvceUzp2MK4gYA\nGWPOP2uKbBdM0l+hHeNV0WAM+dHMfmMuL4pkT36ucqt0ySOLjw6rQyOZG5nmA6t9\nsv0g4ae2eCMlyDIeNi1Yavu4Wt6YX4cTXbQKThm83C6W2X9THKbauBbxD621bsDK\n7PhiGPN60yPue7YwFQAPqqD4YaK+s22HFIzk9gwM/rkvAUNwRv7SyHMiFe4Igc1C\nEev7iHWzvj5Heoz6XfF+XNF9DU+TieSUAdjd56VyUb8XL4+uBTOhHwLiXvAmfaMR\nHvpcxeKnYZusS6NaOxcUHiJnsLNWrxmJj9WEGgQzuLxcLjTe4vVmELVZD8t3QUKj\nPAxu8tUCgYEA7KIWVn9dfVpokReorFym+J8FzLwSktP9RZYEMonJo00i8aii3K9s\nu/aSwRWQSCzmON1ZcxZzWhwQF9usz6kGCk//9+4hlVW90GtNK0RD+j7sp4aT2JI8\n9eLEjTG+xSXa7XWe98QncjjL9lu/yrRncSTxHs13q/XP198nn2aYuQ8CgYEA2Dnt\nsRBzv0fFEvzzFv7G/5f85mouN38TUYvxNRTjBLCXl9DeKjDkOVZ2b6qlfQnYXIru\nH+W+v+AZEb6fySXc8FRab7lkgTMrwE+aeI4rkW7asVwtclv01QJ5wMnyT84AgDD/\nDgt/RThFaHgtU9TW5GOZveL+l9fVPn7vKFdTJdcCgYEArJ99zjHxwJ1whNAOk1av\n09UmRPm6TvRo4heTDk8oEoIWCNatoHI0z1YMLuENNSnT9Q280FFDayvnrY/qnD7A\nkktT/sjwJOG8q8trKzIMqQS4XWm2dxoPcIyyOBJfCbEY6XuRsUuePxwh5qF942EB\nyS9a2s6nC4Ix0lgPrqAIr48CgYBgS/Q6riwOXSU8nqCYdiEkBYlhCJrKpnJxF9T1\nofa0yPzKZP/8ZEfP7VzTwHjxJehQ1qLUW9pG08P2biH1UEKEWdzo8vT6wVJT1F/k\nHtTycR8+a+Hlk2SHVRHqNUYQGpuIe8mrdJ1as4Pd0d/F/P0zO9Rlh+mAsGPM8HUM\nT0+9gwKBgHDoerX7NTskg0H0t8O+iSMevdxpEWp34ZYa9gHiftTQGyrRgERCa7Gj\nnZPAxKb2JoWyfnu3v7G5gZ8fhDFsiOxLbZv6UZJBbUIh1MjJISpXrForDrC2QNLX\nkHrHfwBFDB3KMudhQknsJzEJKCL/KmFH6o0MvsoaT9yzEl3K+ah/\n-----END RSA PRIVATE KEY-----\n"
+                    }
+                  }
+                ]
+              },
+              "requireClientCertificate":  false
+            }
+          }
+        },
+        {
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "ingress_upstream_default",
+                "cluster":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ],
+          "transportSocket":  {
+            "name":  "tls",
+            "typedConfig":  {
+              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext":  {
+                "tlsParams":  {},
+                "tlsCertificates":  [
+                  {
+                    "certificateChain":  {
+                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey":  {
+                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext":  {
+                  "trustedCa":  {
+                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                }
+              },
+              "requireClientCertificate":  false
+            }
+          }
+        }
+      ],
+      "listenerFilters":  [
+        {
+          "name":  "envoy.filters.listener.tls_inspector",
+          "typedConfig":  {
+            "@type":  "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
+          }
+        }
+      ],
+      "trafficDirection":  "OUTBOUND"
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-listener-override.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-listener-override.latest.golden
new file mode 100644
index 000000000000..76c41c8b7c97
--- /dev/null
+++ b/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-listener-override.latest.golden
@@ -0,0 +1,114 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "payments?peer=cloud:custom-upstream",
+      "address": {
+        "socketAddress": {
+          "address": "11.11.11.11",
+          "portValue": 11111
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "foo-stats",
+                "cluster": "random-cluster"
+              }
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
+              }
+            },
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "public_listener",
+                "cluster": "local_app"
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                }
+              },
+              "requireClientCertificate": true
+            }
+          }
+        }
+      ],
+      "trafficDirection": "INBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "refunds?peer=cloud:127.0.0.1:9090",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9090
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream_peered.refunds.default.cloud",
+                "cluster": "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden
index 549af29cb445..f091cd40b552 100644
--- a/agent/xds/testdata/listeners/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden
+++ b/agent/xds/testdata/listeners/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden
@@ -28,11 +28,11 @@
     },
     {
       "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "outbound_listener:127.0.0.1:15001",
+      "name": "outbound_listener:127.0.0.1:1234",
       "address": {
         "socketAddress": {
           "address": "127.0.0.1",
-          "portValue": 15001
+          "portValue": 1234
         }
       },
       "defaultFilterChain": {
@@ -166,4 +166,4 @@
   ],
   "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
   "nonce": "00000001"
-}
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden b/agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden
new file mode 100644
index 000000000000..636fb2f606b8
--- /dev/null
+++ b/agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden
@@ -0,0 +1,114 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "db:custom-upstream",
+      "address":  {
+        "socketAddress":  {
+          "address":  "11.11.11.11",
+          "portValue":  11111
+        }
+      },
+      "filterChains":  [
+        {
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "foo-stats",
+                "cluster":  "random-cluster"
+              }
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
+      "address":  {
+        "socketAddress":  {
+          "address":  "127.10.10.10",
+          "portValue":  8181
+        }
+      },
+      "filterChains":  [
+        {
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "upstream.prepared_query_geo-cache",
+                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection":  "OUTBOUND"
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "public_listener:0.0.0.0:9999",
+      "address":  {
+        "socketAddress":  {
+          "address":  "0.0.0.0",
+          "portValue":  9999
+        }
+      },
+      "filterChains":  [
+        {
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.rbac",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules":  {},
+                "statPrefix":  "connect_authz"
+              }
+            },
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "public_listener",
+                "cluster":  "local_app"
+              }
+            }
+          ],
+          "transportSocket":  {
+            "name":  "tls",
+            "typedConfig":  {
+              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext":  {
+                "tlsParams":  {},
+                "tlsCertificates":  [
+                  {
+                    "certificateChain":  {
+                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey":  {
+                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext":  {
+                  "trustedCa":  {
+                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                }
+              },
+              "requireClientCertificate":  true
+            }
+          }
+        }
+      ],
+      "trafficDirection":  "INBOUND"
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/expose-checks.latest.golden b/agent/xds/testdata/listeners/expose-checks-grpc.latest.golden
similarity index 89%
rename from agent/xds/testdata/listeners/expose-checks.latest.golden
rename to agent/xds/testdata/listeners/expose-checks-grpc.latest.golden
index 518285040d05..a73fdd5a7994 100644
--- a/agent/xds/testdata/listeners/expose-checks.latest.golden
+++ b/agent/xds/testdata/listeners/expose-checks-grpc.latest.golden
@@ -3,11 +3,11 @@
   "resources": [
     {
       "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "exposed_path_debug:1.2.3.4:21500",
+      "name": "exposed_path_grpchealthv1HealthCheck:1.2.3.4:21501",
       "address": {
         "socketAddress": {
           "address": "1.2.3.4",
-          "portValue": 21500
+          "portValue": 21501
         }
       },
       "filterChains": [
@@ -33,22 +33,22 @@
               "name": "envoy.filters.network.http_connection_manager",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix": "exposed_path_filter_debug_21500",
+                "statPrefix": "exposed_path_filter_grpchealthv1HealthCheck_21501",
                 "routeConfig": {
-                  "name": "exposed_path_filter_debug_21500",
+                  "name": "exposed_path_filter_grpchealthv1HealthCheck_21501",
                   "virtualHosts": [
                     {
-                      "name": "exposed_path_filter_debug_21500",
+                      "name": "exposed_path_filter_grpchealthv1HealthCheck_21501",
                       "domains": [
                         "*"
                       ],
                       "routes": [
                         {
                           "match": {
-                            "path": "/debug"
+                            "path": "/grpc.health.v1.Health/Check"
                           },
                           "route": {
-                            "cluster": "exposed_cluster_8181"
+                            "cluster": "exposed_cluster_9090"
                           }
                         }
                       ]
@@ -64,10 +64,9 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
-                }
+                  "randomSampling": {}
+                },
+                "http2ProtocolOptions": {}
               }
             }
           ]
@@ -77,11 +76,11 @@
     },
     {
       "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "public_listener:1.2.3.4:8080",
+      "name": "public_listener:1.2.3.4:9090",
       "address": {
         "socketAddress": {
           "address": "1.2.3.4",
-          "portValue": 8080
+          "portValue": 9090
         }
       },
       "filterChains": [
@@ -91,9 +90,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -111,9 +108,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden b/agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden
new file mode 100644
index 000000000000..fc97741bb875
--- /dev/null
+++ b/agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden
@@ -0,0 +1,137 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "exposed_path_debug:6.7.8.9:21500",
+      "address":  {
+        "socketAddress":  {
+          "address":  "6.7.8.9",
+          "portValue":  21500
+        }
+      },
+      "filterChains":  [
+        {
+          "filterChainMatch":  {
+            "sourcePrefixRanges":  [
+              {
+                "addressPrefix":  "127.0.0.1",
+                "prefixLen":  8
+              },
+              {
+                "addressPrefix":  "192.0.2.1",
+                "prefixLen":  32
+              },
+              {
+                "addressPrefix":  "::1",
+                "prefixLen":  128
+              }
+            ]
+          },
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.http_connection_manager",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix":  "exposed_path_filter_debug_21500",
+                "routeConfig":  {
+                  "name":  "exposed_path_filter_debug_21500",
+                  "virtualHosts":  [
+                    {
+                      "name":  "exposed_path_filter_debug_21500",
+                      "domains":  [
+                        "*"
+                      ],
+                      "routes":  [
+                        {
+                          "match":  {
+                            "path":  "/debug"
+                          },
+                          "route":  {
+                            "cluster":  "exposed_cluster_8181"
+                          }
+                        }
+                      ]
+                    }
+                  ]
+                },
+                "httpFilters":  [
+                  {
+                    "name":  "envoy.filters.http.router",
+                    "typedConfig":  {
+                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing":  {
+                  "randomSampling":  {}
+                }
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection":  "INBOUND"
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "public_listener:6.7.8.9:8080",
+      "address":  {
+        "socketAddress":  {
+          "address":  "6.7.8.9",
+          "portValue":  8080
+        }
+      },
+      "filterChains":  [
+        {
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.rbac",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules":  {},
+                "statPrefix":  "connect_authz"
+              }
+            },
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "public_listener",
+                "cluster":  "local_app"
+              }
+            }
+          ],
+          "transportSocket":  {
+            "name":  "tls",
+            "typedConfig":  {
+              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext":  {
+                "tlsParams":  {},
+                "tlsCertificates":  [
+                  {
+                    "certificateChain":  {
+                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey":  {
+                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext":  {
+                  "trustedCa":  {
+                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                }
+              },
+              "requireClientCertificate":  true
+            }
+          }
+        }
+      ],
+      "trafficDirection":  "INBOUND"
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/expose-checks-http.latest.golden b/agent/xds/testdata/listeners/expose-checks-http.latest.golden
new file mode 100644
index 000000000000..a5e582d5ee72
--- /dev/null
+++ b/agent/xds/testdata/listeners/expose-checks-http.latest.golden
@@ -0,0 +1,137 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "exposed_path_debug:1.2.3.4:21500",
+      "address":  {
+        "socketAddress":  {
+          "address":  "1.2.3.4",
+          "portValue":  21500
+        }
+      },
+      "filterChains":  [
+        {
+          "filterChainMatch":  {
+            "sourcePrefixRanges":  [
+              {
+                "addressPrefix":  "127.0.0.1",
+                "prefixLen":  8
+              },
+              {
+                "addressPrefix":  "192.0.2.1",
+                "prefixLen":  32
+              },
+              {
+                "addressPrefix":  "::1",
+                "prefixLen":  128
+              }
+            ]
+          },
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.http_connection_manager",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix":  "exposed_path_filter_debug_21500",
+                "routeConfig":  {
+                  "name":  "exposed_path_filter_debug_21500",
+                  "virtualHosts":  [
+                    {
+                      "name":  "exposed_path_filter_debug_21500",
+                      "domains":  [
+                        "*"
+                      ],
+                      "routes":  [
+                        {
+                          "match":  {
+                            "path":  "/debug"
+                          },
+                          "route":  {
+                            "cluster":  "exposed_cluster_8181"
+                          }
+                        }
+                      ]
+                    }
+                  ]
+                },
+                "httpFilters":  [
+                  {
+                    "name":  "envoy.filters.http.router",
+                    "typedConfig":  {
+                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing":  {
+                  "randomSampling":  {}
+                }
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection":  "INBOUND"
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "public_listener:1.2.3.4:8080",
+      "address":  {
+        "socketAddress":  {
+          "address":  "1.2.3.4",
+          "portValue":  8080
+        }
+      },
+      "filterChains":  [
+        {
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.rbac",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules":  {},
+                "statPrefix":  "connect_authz"
+              }
+            },
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "public_listener",
+                "cluster":  "local_app"
+              }
+            }
+          ],
+          "transportSocket":  {
+            "name":  "tls",
+            "typedConfig":  {
+              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext":  {
+                "tlsParams":  {},
+                "tlsCertificates":  [
+                  {
+                    "certificateChain":  {
+                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey":  {
+                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext":  {
+                  "trustedCa":  {
+                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                }
+              },
+              "requireClientCertificate":  true
+            }
+          }
+        }
+      ],
+      "trafficDirection":  "INBOUND"
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
new file mode 100644
index 000000000000..e480318be9e9
--- /dev/null
+++ b/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
@@ -0,0 +1,156 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "http:1.2.3.4:8080",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8080
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "ingress_upstream_8080",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
+                  },
+                  "routeConfigName": "8080"
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                }
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {
+                  "cipherSuites": [
+                    "ECDHE-RSA-AES256-SHA"
+                  ]
+                },
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                },
+                "alpnProtocols": [
+                  "http/1.1"
+                ]
+              },
+              "requireClientCertificate": false
+            }
+          }
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "http:1.2.3.4:8081",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8081
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "ingress_upstream_8081",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
+                  },
+                  "routeConfigName": "8081"
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                }
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {
+                  "cipherSuites": [
+                    "ECDHE-RSA-CHACHA20-POLY1305",
+                    "ECDHE-ECDSA-CHACHA20-POLY1305"
+                  ]
+                },
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                },
+                "alpnProtocols": [
+                  "http/1.1"
+                ]
+              },
+              "requireClientCertificate": false
+            }
+          }
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
new file mode 100644
index 000000000000..ecc1963a1bb3
--- /dev/null
+++ b/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
@@ -0,0 +1,223 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "http:1.2.3.4:8080",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8080
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "ingress_upstream_8080",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
+                  },
+                  "routeConfigName": "8080"
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                }
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {
+                  "tlsMaximumProtocolVersion": "TLSv1_2"
+                },
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                },
+                "alpnProtocols": [
+                  "http/1.1"
+                ]
+              },
+              "requireClientCertificate": false
+            }
+          }
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "http:1.2.3.4:8081",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8081
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "ingress_upstream_8081",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
+                  },
+                  "routeConfigName": "8081"
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                }
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {
+                  "tlsMaximumProtocolVersion": "TLSv1_0"
+                },
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                },
+                "alpnProtocols": [
+                  "http/1.1"
+                ]
+              },
+              "requireClientCertificate": false
+            }
+          }
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "http:1.2.3.4:8082",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8082
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "ingress_upstream_8082",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
+                  },
+                  "routeConfigName": "8082"
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                }
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {
+                  "tlsMaximumProtocolVersion": "TLSv1_3"
+                },
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                },
+                "alpnProtocols": [
+                  "http/1.1"
+                ]
+              },
+              "requireClientCertificate": false
+            }
+          }
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
new file mode 100644
index 000000000000..7221eaf00fd6
--- /dev/null
+++ b/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
@@ -0,0 +1,181 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "default:1.2.3.4:8443",
+      "address":  {
+        "socketAddress":  {
+          "address":  "1.2.3.4",
+          "portValue":  8443
+        }
+      },
+      "filterChains":  [
+        {
+          "filterChainMatch":  {
+            "serverNames":  [
+              "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul"
+            ]
+          },
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "mesh_gateway_remote.default.dc2",
+                "cluster":  "dc2.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        },
+        {
+          "filterChainMatch":  {
+            "serverNames":  [
+              "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul"
+            ]
+          },
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "mesh_gateway_remote.default.dc4",
+                "cluster":  "dc4.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        },
+        {
+          "filterChainMatch":  {
+            "serverNames":  [
+              "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul"
+            ]
+          },
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "mesh_gateway_remote.default.dc6",
+                "cluster":  "dc6.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        },
+        {
+          "filterChainMatch":  {
+            "serverNames":  [
+              "*.server.dc2.consul"
+            ]
+          },
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "mesh_gateway_remote.default.dc2",
+                "cluster":  "server.dc2.consul"
+              }
+            }
+          ]
+        },
+        {
+          "filterChainMatch":  {
+            "serverNames":  [
+              "*.server.dc4.consul"
+            ]
+          },
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "mesh_gateway_remote.default.dc4",
+                "cluster":  "server.dc4.consul"
+              }
+            }
+          ]
+        },
+        {
+          "filterChainMatch":  {
+            "serverNames":  [
+              "*.server.dc6.consul"
+            ]
+          },
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "mesh_gateway_remote.default.dc6",
+                "cluster":  "server.dc6.consul"
+              }
+            }
+          ]
+        },
+        {
+          "filterChainMatch":  {
+            "serverNames":  [
+              "node1.server.dc1.consul"
+            ]
+          },
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "mesh_gateway_local_server.default.dc1",
+                "cluster":  "node1.server.dc1.consul"
+              }
+            }
+          ]
+        },
+        {
+          "filterChainMatch":  {
+            "serverNames":  [
+              "node2.server.dc1.consul"
+            ]
+          },
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "mesh_gateway_local_server.default.dc1",
+                "cluster":  "node2.server.dc1.consul"
+              }
+            }
+          ]
+        },
+        {
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.sni_cluster",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
+              }
+            },
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "mesh_gateway_local.default",
+                "cluster":  ""
+              }
+            }
+          ]
+        }
+      ],
+      "listenerFilters":  [
+        {
+          "name":  "envoy.filters.listener.tls_inspector",
+          "typedConfig":  {
+            "@type":  "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
+          }
+        }
+      ]
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/terminating-gateway-custom-trace-listener.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-custom-trace-listener.latest.golden
new file mode 100644
index 000000000000..e85075430303
--- /dev/null
+++ b/agent/xds/testdata/listeners/terminating-gateway-custom-trace-listener.latest.golden
@@ -0,0 +1,246 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "default:1.2.3.4:8443",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8443
+        }
+      },
+      "filterChains": [
+        {
+          "filterChainMatch": {
+            "serverNames": [
+              "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+            ]
+          },
+          "filters": [
+            {
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
+              }
+            },
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.api.default.default.dc1",
+                "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                }
+              },
+              "requireClientCertificate": true
+            }
+          }
+        },
+        {
+          "filterChainMatch": {
+            "serverNames": [
+              "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+            ]
+          },
+          "filters": [
+            {
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
+              }
+            },
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.cache.default.default.dc1",
+                "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                }
+              },
+              "requireClientCertificate": true
+            }
+          }
+        },
+        {
+          "filterChainMatch": {
+            "serverNames": [
+              "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+            ]
+          },
+          "filters": [
+            {
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
+              }
+            },
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                }
+              },
+              "requireClientCertificate": true
+            }
+          }
+        },
+        {
+          "filterChainMatch": {
+            "serverNames": [
+              "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+            ]
+          },
+          "filters": [
+            {
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
+              }
+            },
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.web.default.default.dc1",
+                "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                }
+              },
+              "requireClientCertificate": true
+            }
+          }
+        },
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.sni_cluster",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
+              }
+            },
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "terminating_gateway.default",
+                "cluster": ""
+              }
+            }
+          ]
+        }
+      ],
+      "listenerFilters": [
+        {
+          "name": "envoy.filters.listener.tls_inspector",
+          "typedConfig": {
+            "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
+          }
+        }
+      ],
+      "trafficDirection": "INBOUND"
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/api-gateway-with-http-route-and-inline-certificate.latest.golden b/agent/xds/testdata/routes/api-gateway-with-http-route-and-inline-certificate.latest.golden
deleted file mode 100644
index a1669268ec4e..000000000000
--- a/agent/xds/testdata/routes/api-gateway-with-http-route-and-inline-certificate.latest.golden
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name": "8080",
-      "virtualHosts": [
-        {
-          "name": "api-gateway-listener-9b9265b",
-          "domains": [
-            "*",
-            "*:8080"
-          ],
-          "routes": [
-            {
-              "match": {
-                "prefix": "/"
-              },
-              "route": {
-                "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-              },
-              "requestHeadersToAdd": [
-                {
-                  "header": {
-                    "key": "X-Header-Add",
-                    "value": "added"
-                  },
-                  "append": true
-                },
-                {
-                  "header": {
-                    "key": "X-Header-Set",
-                    "value": "set"
-                  },
-                  "append": false
-                }
-              ],
-              "requestHeadersToRemove": [
-                "X-Header-Remove"
-              ]
-            }
-          ]
-        }
-      ],
-      "validateClusters": true
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden
new file mode 100644
index 000000000000..e921201831a7
--- /dev/null
+++ b/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden
@@ -0,0 +1,50 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name":  "8080",
+      "virtualHosts":  [
+        {
+          "name":  "api-gateway-listener-9b9265b",
+          "domains":  [
+            "*",
+            "*:8080"
+          ],
+          "routes":  [
+            {
+              "match":  {
+                "prefix":  "/"
+              },
+              "route":  {
+                "cluster":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              },
+              "requestHeadersToAdd":  [
+                {
+                  "header":  {
+                    "key":  "X-Header-Add",
+                    "value":  "added"
+                  },
+                  "append":  true
+                },
+                {
+                  "header":  {
+                    "key":  "X-Header-Set",
+                    "value":  "set"
+                  },
+                  "append":  false
+                }
+              ],
+              "requestHeadersToRemove":  [
+                "X-Header-Remove"
+              ]
+            }
+          ]
+        }
+      ],
+      "validateClusters":  true
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/api-gateway-with-multiple-inline-certificates.latest.golden b/agent/xds/testdata/routes/api-gateway-with-multiple-inline-certificates.latest.golden
new file mode 100644
index 000000000000..306f5220e7b9
--- /dev/null
+++ b/agent/xds/testdata/routes/api-gateway-with-multiple-inline-certificates.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo":  "00000001",
+  "typeUrl":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-listener-override.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-listener-override.latest.golden
new file mode 100644
index 000000000000..9c050cbe6b4d
--- /dev/null
+++ b/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-listener-override.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo": "00000001",
+  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/secrets/api-gateway-with-http-route.latest.golden
new file mode 100644
index 000000000000..e6c25e165c65
--- /dev/null
+++ b/agent/xds/testdata/secrets/api-gateway-with-http-route.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo":  "00000001",
+  "typeUrl":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/api-gateway-with-multiple-inline-certificates.latest.golden b/agent/xds/testdata/secrets/api-gateway-with-multiple-inline-certificates.latest.golden
new file mode 100644
index 000000000000..e6c25e165c65
--- /dev/null
+++ b/agent/xds/testdata/secrets/api-gateway-with-multiple-inline-certificates.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo":  "00000001",
+  "typeUrl":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-listener-override.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-listener-override.latest.golden
new file mode 100644
index 000000000000..95612291de70
--- /dev/null
+++ b/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-listener-override.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo": "00000001",
+  "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
+  "nonce": "00000001"
+}
\ No newline at end of file

From 03cf37e7b8e403cc32a61ece6a3c16863b82da97 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Mon, 17 Jul 2023 14:11:19 -0400
Subject: [PATCH 179/359] Re-order expected/actual for assertContainerState in
 consul container tests (#18157)

Re-order expected/actual, consul container tests
---
 GNUmakefile                                              | 2 +-
 test/integration/consul-container/libs/assert/service.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/GNUmakefile b/GNUmakefile
index 79080311c48b..a7c304c5a1aa 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -54,7 +54,7 @@ QUIET=
 endif
 
 ifeq ("$(GOTAGS)","")
-CONSUL_COMPAT_TEST_IMAGE=consul
+CONSUL_COMPAT_TEST_IMAGE=hashicorp/consul
 else
 CONSUL_COMPAT_TEST_IMAGE=hashicorp/consul-enterprise
 endif
diff --git a/test/integration/consul-container/libs/assert/service.go b/test/integration/consul-container/libs/assert/service.go
index 370fbc857db8..c0a8197ff37b 100644
--- a/test/integration/consul-container/libs/assert/service.go
+++ b/test/integration/consul-container/libs/assert/service.go
@@ -252,5 +252,5 @@ func AssertFortioNameWithClient(t *testing.T, urlbase string, name string, reqHo
 func AssertContainerState(t *testing.T, service libservice.Service, state string) {
 	containerStatus, err := service.GetStatus()
 	require.NoError(t, err)
-	require.Equal(t, containerStatus, state, fmt.Sprintf("Expected: %s. Got %s", containerStatus, state))
+	require.Equal(t, containerStatus, state, fmt.Sprintf("Expected: %s. Got %s", state, containerStatus))
 }

From 07fce869af2c5c79ef81409e82dfa9347c0201da Mon Sep 17 00:00:00 2001
From: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com>
Date: Mon, 17 Jul 2023 12:27:24 -0700
Subject: [PATCH 180/359] group and document make file (#17943)

* group and document make file
---
 GNUmakefile => Makefile                       | 422 +++++++++---------
 .../scripts/envoy-library-references.sh       |   2 +-
 docs/README.md                                |   4 +-
 3 files changed, 203 insertions(+), 225 deletions(-)
 rename GNUmakefile => Makefile (76%)

diff --git a/GNUmakefile b/Makefile
similarity index 76%
rename from GNUmakefile
rename to Makefile
index a7c304c5a1aa..4f9cedddea3c 100644
--- a/GNUmakefile
+++ b/Makefile
@@ -66,13 +66,6 @@ BUILD_CONTAINER_NAME?=consul-builder
 CONSUL_IMAGE_VERSION?=latest
 ENVOY_VERSION?='1.25.4'
 
-################
-# CI Variables #
-################
-CI_DEV_DOCKER_NAMESPACE?=hashicorpdev
-CI_DEV_DOCKER_IMAGE_NAME?=consul
-CI_DEV_DOCKER_WORKDIR?=bin/
-################
 CONSUL_VERSION?=$(shell cat version/VERSION)
 
 TEST_MODCACHE?=1
@@ -153,23 +146,27 @@ ifdef SKIP_DOCKER_BUILD
 ENVOY_INTEG_DEPS=noop
 endif
 
-all: dev-build
+##@ Build
+
+.PHONY: all
+all: dev-build ## Command running by default
 
 # used to make integration dependencies conditional
 noop: ;
 
-# dev creates binaries for testing locally - these are put into ./bin
-dev: dev-build
+.PHONY: dev
+dev: dev-build ## Dev creates binaries for testing locally - these are put into ./bin
 
-dev-build:
+.PHONY: dev-build
+dev-build: ## Same as dev
 	mkdir -p bin
 	CGO_ENABLED=0 go install -ldflags "$(GOLDFLAGS)" -tags "$(GOTAGS)"
 	# rm needed due to signature caching (https://apple.stackexchange.com/a/428388)
 	rm -f ./bin/consul
 	cp ${MAIN_GOPATH}/bin/consul ./bin/consul
 
-
-dev-docker-dbg: dev-docker
+.PHONY: dev-docker-dbg
+dev-docker-dbg: dev-docker ## Build containers for debug mode
 	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
 	@docker pull hashicorp/consul:$(CONSUL_IMAGE_VERSION) >/dev/null
 	@echo "Building Consul Development container - $(CONSUL_DEV_IMAGE)"
@@ -181,7 +178,8 @@ dev-docker-dbg: dev-docker
        --load \
        -f $(CURDIR)/build-support/docker/Consul-Dev-Dbg.dockerfile $(CURDIR)/pkg/bin/
 
-dev-docker: linux dev-build
+.PHONY: dev-docker
+dev-docker: linux dev-build ## Build and tag docker images in dev env
 	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
 	@docker pull hashicorp/consul:$(CONSUL_IMAGE_VERSION) >/dev/null
 	@echo "Building Consul Development container - $(CONSUL_DEV_IMAGE)"
@@ -196,12 +194,14 @@ dev-docker: linux dev-build
        -f $(CURDIR)/build-support/docker/Consul-Dev-Multiarch.dockerfile $(CURDIR)/pkg/bin/
 	docker tag 'consul:local'  '$(CONSUL_COMPAT_TEST_IMAGE):local'
 
-check-remote-dev-image-env:
+.PHONY: check-remote-dev-image-env
+check-remote-dev-image-env: ## Check remote dev image env
 ifndef REMOTE_DEV_IMAGE
 	$(error REMOTE_DEV_IMAGE is undefined: set this image to <your_docker_repo>/<your_docker_image>:<image_tag>, e.g. hashicorp/consul-k8s-dev:latest)
 endif
 
-remote-docker: check-remote-dev-image-env
+.PHONY: remote-docker
+remote-docker: check-remote-dev-image-env ## Remote docker
 	$(MAKE) GOARCH=amd64 linux
 	$(MAKE) GOARCH=arm64 linux
 	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
@@ -218,36 +218,58 @@ remote-docker: check-remote-dev-image-env
        --push \
        -f $(CURDIR)/build-support/docker/Consul-Dev-Multiarch.dockerfile $(CURDIR)/pkg/bin/
 
-# In CI, the linux binary will be attached from a previous step at bin/. This make target
-# should only run in CI and not locally.
-ci.dev-docker:
-	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
-	@docker pull hashicorp/consul:$(CONSUL_IMAGE_VERSION) >/dev/null
-	@echo "Building Consul Development container - $(CI_DEV_DOCKER_IMAGE_NAME)"
-	@docker build $(NOCACHE) $(QUIET) -t '$(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):$(GIT_COMMIT)' \
-	--build-arg CONSUL_IMAGE_VERSION=$(CONSUL_IMAGE_VERSION) \
-	--label COMMIT_SHA=$(CIRCLE_SHA1) \
-	--label PULL_REQUEST=$(CIRCLE_PULL_REQUEST) \
-	--label CIRCLE_BUILD_URL=$(CIRCLE_BUILD_URL) \
-	$(CI_DEV_DOCKER_WORKDIR) -f $(CURDIR)/build-support/docker/Consul-Dev.dockerfile
-	@echo $(DOCKER_PASS) | docker login -u="$(DOCKER_USER)" --password-stdin
-	@echo "Pushing dev image to: https://cloud.docker.com/u/hashicorpdev/repository/docker/hashicorpdev/consul"
-	@docker push $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):$(GIT_COMMIT)
-ifeq ($(CIRCLE_BRANCH), main)
-	@docker tag $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):$(GIT_COMMIT) $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):latest
-	@docker push $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):latest
-endif
-
-# linux builds a linux binary compatible with the source platform
-linux:
+linux:  ## Linux builds a linux binary compatible with the source platform
 	@mkdir -p ./pkg/bin/linux_$(GOARCH)
 	CGO_ENABLED=0 GOOS=linux GOARCH=$(GOARCH) go build -o ./pkg/bin/linux_$(GOARCH) -ldflags "$(GOLDFLAGS)" -tags "$(GOTAGS)"
 
-# dist builds binaries for all platforms and packages them for distribution
-dist:
-	@$(SHELL) $(CURDIR)/build-support/scripts/release.sh -t '$(DIST_TAG)' -b '$(DIST_BUILD)' -S '$(DIST_SIGN)' $(DIST_VERSION_ARG) $(DIST_DATE_ARG) $(DIST_REL_ARG)
+.PHONY: go-mod-tidy
+go-mod-tidy: $(foreach mod,$(GO_MODULES),go-mod-tidy/$(mod)) ## Run go mod tidy in every module
+
+.PHONY: mod-tidy/%
+go-mod-tidy/%:
+	@echo "--> Running go mod tidy ($*)"
+	@cd $* && go mod tidy
+
+##@ Checks
+
+.PHONY: fmt
+fmt: $(foreach mod,$(GO_MODULES),fmt/$(mod)) ## Format go modules
+
+.PHONY: fmt/%
+fmt/%:
+	@echo "--> Running go fmt ($*)"
+	@cd $* && gofmt -s -l -w .
+
+.PHONY: lint
+lint: $(foreach mod,$(GO_MODULES),lint/$(mod)) lint-container-test-deps ## Lint go modules and test deps
+
+.PHONY: lint/%
+lint/%:
+	@echo "--> Running golangci-lint ($*)"
+	@cd $* && GOWORK=off golangci-lint run --build-tags '$(GOTAGS)'
+	@echo "--> Running lint-consul-retry ($*)"
+	@cd $* && GOWORK=off lint-consul-retry
+	@echo "--> Running enumcover ($*)"
+	@cd $* && GOWORK=off enumcover ./...
+
+# check that the test-container module only imports allowlisted packages
+# from the root consul module. Generally we don't want to allow these imports.
+# In a few specific instances though it is okay to import test definitions and
+# helpers from some of the packages in the root module.
+.PHONY: lint-container-test-deps
+lint-container-test-deps: ## Check that the test-container module only imports allowlisted packages from the root consul module.
+	@echo "--> Checking container tests for bad dependencies"
+	@cd test/integration/consul-container && \
+		$(CURDIR)/build-support/scripts/check-allowed-imports.sh \
+			github.com/hashicorp/consul \
+			internal/catalog/catalogtest
+
+##@ Testing
 
-cover: cov
+.PHONY: cover
+cover: cov ## Run tests and generate coverage report
+
+.PHONY: cov
 cov: other-consul dev-build
 	go test -tags '$(GOTAGS)' ./... -coverprofile=coverage.out
 	cd sdk && go test -tags '$(GOTAGS)' ./... -coverprofile=../coverage.sdk.part
@@ -256,17 +278,11 @@ cov: other-consul dev-build
 	rm -f coverage.{sdk,api}.part
 	go tool cover -html=coverage.out
 
+.PHONY: test
 test: other-consul dev-build lint test-internal
 
-.PHONY: go-mod-tidy
-go-mod-tidy: $(foreach mod,$(GO_MODULES),go-mod-tidy/$(mod))
-
-.PHONY: mod-tidy/%
-go-mod-tidy/%:
-	@echo "--> Running go mod tidy ($*)"
-	@cd $* && go mod tidy
-
-test-internal:
+.PHONY: test-internal
+test-internal: ## Test internal
 	@echo "--> Running go test"
 	@rm -f test.log exit-code
 	@# Dump verbose output to test.log so we can surface test names on failure but
@@ -295,113 +311,141 @@ test-internal:
 	@grep '^FAIL' test.log || true
 	@if [ "$$(cat exit-code)" == "0" ] ; then echo "PASS" ; exit 0 ; else exit 1 ; fi
 
-test-all: other-consul dev-build lint $(foreach mod,$(GO_MODULES),test-module/$(mod))
+.PHONY: test-all
+test-all: other-consul dev-build lint $(foreach mod,$(GO_MODULES),test-module/$(mod)) ## Test all
 
+.PHONY: test-module/%
 test-module/%:
 	@echo "--> Running go test ($*)"
 	cd $* && go test $(GOTEST_FLAGS) -tags '$(GOTAGS)' ./...
 
-test-race:
+.PHONY: test-race
+test-race: ## Test race
 	$(MAKE) GOTEST_FLAGS=-race
 
-test-docker: linux go-build-image
-	@# -ti run in the foreground showing stdout
-	@# --rm removes the container once its finished running
-	@# GO_MODCACHE_VOL - args for mapping in the go module cache
-	@# GO_BUILD_CACHE_VOL - args for mapping in the go build cache
-	@# All the env vars are so we pass through all the relevant bits of information
-	@# Needed for running the tests
-	@# We map in our local linux_amd64 bin directory as thats where the linux dep
-	@#   target dropped the binary. We could build the binary in the container too
-	@#   but that might take longer as caching gets weird
-	@# Lastly we map the source dir here to the /consul workdir
-	@echo "Running tests within a docker container"
-	@docker run -ti --rm \
-		-e 'GOTEST_FLAGS=$(GOTEST_FLAGS)' \
-		-e 'GOTAGS=$(GOTAGS)' \
-		-e 'GIT_COMMIT=$(GIT_COMMIT)' \
-		-e 'GIT_COMMIT_YEAR=$(GIT_COMMIT_YEAR)' \
-		-e 'GIT_DIRTY=$(GIT_DIRTY)' \
-		$(TEST_PARALLELIZATION) \
-		$(TEST_DOCKER_RESOURCE_CONSTRAINTS) \
-		$(TEST_MODCACHE_VOL) \
-		$(TEST_BUILDCACHE_VOL) \
-		-v $(MAIN_GOPATH)/bin/linux_amd64/:/go/bin \
-		-v $(shell pwd):/consul \
-		$(GO_BUILD_TAG) \
-		make test-internal
-
-other-consul:
+.PHONY: other-consul
+other-consul: ## Checking for other consul instances
 	@echo "--> Checking for other consul instances"
 	@if ps -ef | grep 'consul agent' | grep -v grep ; then \
 		echo "Found other running consul agents. This may affect your tests." ; \
 		exit 1 ; \
 	fi
-	
-.PHONY: fmt
-fmt: $(foreach mod,$(GO_MODULES),fmt/$(mod)) 
 
-.PHONY: fmt/%
-fmt/%:
-	@echo "--> Running go fmt ($*)"
-	@cd $* && gofmt -s -l -w .
+# Use GO_TEST_FLAGS to run specific tests:
+#      make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/case-basic"
+# NOTE: Always uses amd64 images, even when running on M1 macs, to match CI/CD environment.
+.PHONY: test-envoy-integ
+test-envoy-integ: $(ENVOY_INTEG_DEPS) ## Run integration tests.
+	@go test -v -timeout=30m -tags integration $(GO_TEST_FLAGS) ./test/integration/connect/envoy
 
-.PHONY: lint
-lint: $(foreach mod,$(GO_MODULES),lint/$(mod)) lint-container-test-deps
+# NOTE: Use DOCKER_BUILDKIT=0, if docker build fails to resolve consul:local base image
+.PHONY: test-compat-integ-setup
+test-compat-integ-setup: dev-docker
+	@docker tag consul-dev:latest $(CONSUL_COMPAT_TEST_IMAGE):local
+	@docker run --rm -t $(CONSUL_COMPAT_TEST_IMAGE):local consul version
+	@#  'consul-envoy:target-version' is needed by compatibility integ test
+	@docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=$(CONSUL_COMPAT_TEST_IMAGE):local --build-arg ENVOY_VERSION=${ENVOY_VERSION} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
 
-.PHONY: lint/%
-lint/%:
-	@echo "--> Running golangci-lint ($*)"
-	@cd $* && GOWORK=off golangci-lint run --build-tags '$(GOTAGS)'
-	@echo "--> Running lint-consul-retry ($*)"
-	@cd $* && GOWORK=off lint-consul-retry
-	@echo "--> Running enumcover ($*)"
-	@cd $* && GOWORK=off enumcover ./...
+.PHONY: test-compat-integ
+test-compat-integ: test-compat-integ-setup ## Test compat integ
+ifeq ("$(GOTESTSUM_PATH)","")
+	@cd ./test/integration/consul-container && \
+	go test \
+		-v \
+		-timeout=30m \
+		./... \
+		--tags $(GOTAGS) \
+		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--target-version local \
+		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--latest-version latest
+else
+	@cd ./test/integration/consul-container && \
+	gotestsum \
+		--format=short-verbose \
+		--debug \
+		--rerun-fails=3 \
+		--packages="./..." \
+		-- \
+		--tags $(GOTAGS) \
+		-timeout=30m \
+		./... \
+		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--target-version local \
+		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--latest-version latest
+endif
 
-# check that the test-container module only imports allowlisted packages
-# from the root consul module. Generally we don't want to allow these imports.
-# In a few specific instances though it is okay to import test definitions and
-# helpers from some of the packages in the root module.
-.PHONY: lint-container-test-deps
-lint-container-test-deps:
-	@echo "--> Checking container tests for bad dependencies"
-	@cd test/integration/consul-container && \
-		$(CURDIR)/build-support/scripts/check-allowed-imports.sh \
-			github.com/hashicorp/consul \
-			internal/catalog/catalogtest
+.PHONY: test-metrics-integ
+test-metrics-integ: test-compat-integ-setup ## Test metrics integ
+	@cd ./test/integration/consul-container && \
+		go test -v -timeout=7m ./test/metrics \
+		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--target-version local \
+		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--latest-version latest
 
-# Build the static web ui inside a Docker container. For local testing only; do not commit these assets.
-ui: ui-docker
+.PHONY: test-connect-ca-providers
+test-connect-ca-providers: ## Running /agent/connect/ca tests in verbose mode
+	@echo "Running /agent/connect/ca tests in verbose mode"
+	@go test -v ./agent/connect/ca
+	@go test -v ./agent/consul -run Vault
+	@go test -v ./agent -run Vault
+
+##@ UI
+
+.PHONY: ui
+ui: ui-docker ## Build the static web ui inside a Docker container. For local testing only; do not commit these assets.
 
-# Build the static web ui with yarn. This is the version to commit.
 .PHONY: ui-regen
-ui-regen:
+ui-regen: ## Build the static web ui with yarn. This is the version to commit.
 	cd $(CURDIR)/ui && make && cd ..
 	rm -rf $(CURDIR)/agent/uiserver/dist
 	mv $(CURDIR)/ui/packages/consul-ui/dist $(CURDIR)/agent/uiserver/
 
-tools:
+.PHONY: ui-build-image
+ui-build-image: ## Building UI build container
+	@echo "Building UI build container"
+	@docker build $(NOCACHE) $(QUIET) -t $(UI_BUILD_TAG) - < build-support/docker/Build-UI.dockerfile
+
+.PHONY: ui-docker
+ui-docker: ui-build-image ## Builds ui within docker container and copy all the relevant artifacts out of the containers back to the source
+	@$(SHELL) $(CURDIR)/build-support/scripts/build-docker.sh ui
+
+##@ Tools
+
+.PHONY: tools
+tools: ## Installs various supporting Go tools.
 	@$(SHELL) $(CURDIR)/build-support/scripts/devtools.sh
 
 .PHONY: lint-tools
-lint-tools:
+lint-tools: ## Install tools for linting
 	@$(SHELL) $(CURDIR)/build-support/scripts/devtools.sh -lint
 
-.PHONY: proto-tools
-proto-tools:
-	@$(SHELL) $(CURDIR)/build-support/scripts/devtools.sh -protobuf
-
 .PHONY: codegen-tools
-codegen-tools:
+codegen-tools: ## Install tools for codegen
 	@$(SHELL) $(CURDIR)/build-support/scripts/devtools.sh -codegen
 
 .PHONY: deep-copy
-deep-copy: codegen-tools
+deep-copy: codegen-tools ## Deep copy
 	@$(SHELL) $(CURDIR)/agent/structs/deep-copy.sh
 	@$(SHELL) $(CURDIR)/agent/proxycfg/deep-copy.sh
 	@$(SHELL) $(CURDIR)/agent/consul/state/deep-copy.sh
 
-version:
+print-%  : ; @echo $($*) ## utility to echo a makefile variable (i.e. 'make print-GOPATH')
+
+.PHONY: module-versions
+module-versions: ## Print a list of modules which can be updated. Columns are: module current_version date_of_current_version latest_version
+	@go list -m -u -f '{{if .Update}} {{printf "%-50v %-40s" .Path .Version}} {{with .Time}} {{ .Format "2006-01-02" -}} {{else}} {{printf "%9s" ""}} {{end}}   {{ .Update.Version}} {{end}}' all
+
+.PHONY: docs
+docs: ## Point your web browser to http://localhost:3000/consul to live render docs from ./website/
+	make -C website
+
+##@ Release
+
+.PHONY: version
+version:  ## Current Consul version
 	@echo -n "Version:                    "
 	@$(SHELL) $(CURDIR)/build-support/scripts/version.sh
 	@echo -n "Version + release:          "
@@ -411,26 +455,20 @@ version:
 	@echo -n "Version + release + git:    "
 	@$(SHELL) $(CURDIR)/build-support/scripts/version.sh -r -g
 
-
+.PHONY: docker-images
 docker-images: go-build-image ui-build-image
 
-go-build-image:
+.PHONY: go-build-image
+go-build-image: ## Building Golang build container
 	@echo "Building Golang build container"
 	@docker build $(NOCACHE) $(QUIET) -t $(GO_BUILD_TAG) - < build-support/docker/Build-Go.dockerfile
 
-ui-build-image:
-	@echo "Building UI build container"
-	@docker build $(NOCACHE) $(QUIET) -t $(UI_BUILD_TAG) - < build-support/docker/Build-UI.dockerfile
-
-# Builds consul in a docker container and then dumps executable into ./pkg/bin/...
-consul-docker: go-build-image
+.PHONY: consul-docker
+consul-docker: go-build-image ## Builds consul in a docker container and then dumps executable into ./pkg/bin/...
 	@$(SHELL) $(CURDIR)/build-support/scripts/build-docker.sh consul
 
-ui-docker: ui-build-image
-	@$(SHELL) $(CURDIR)/build-support/scripts/build-docker.sh ui
-
-# Build image used to run integration tests locally.
-docker-envoy-integ:
+.PHONY: docker-envoy-integ
+docker-envoy-integ: ## Build image used to run integration tests locally.
 	$(MAKE) GOARCH=amd64 linux
 	docker build \
       --platform linux/amd64 $(NOCACHE) $(QUIET) \
@@ -439,75 +477,21 @@ docker-envoy-integ:
       $(CURDIR)/pkg/bin/linux_amd64 \
       -f $(CURDIR)/build-support/docker/Consul-Dev.dockerfile
 
-# Run integration tests.
-# Use GO_TEST_FLAGS to run specific tests:
-#      make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/case-basic"
-# NOTE: Always uses amd64 images, even when running on M1 macs, to match CI/CD environment.
-test-envoy-integ: $(ENVOY_INTEG_DEPS)
-	@go test -v -timeout=30m -tags integration $(GO_TEST_FLAGS) ./test/integration/connect/envoy
-
-.PHONY: test-compat-integ
-test-compat-integ: test-compat-integ-setup
-ifeq ("$(GOTESTSUM_PATH)","")
-	@cd ./test/integration/consul-container && \
-	go test \
-		-v \
-		-timeout=30m \
-		./... \
-		--tags $(GOTAGS) \
-		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--target-version local \
-		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--latest-version latest
-else
-	@cd ./test/integration/consul-container && \
-	gotestsum \
-		--format=short-verbose \
-		--debug \
-		--rerun-fails=3 \
-		--packages="./..." \
-		-- \
-		--tags $(GOTAGS) \
-		-timeout=30m \
-		./... \
-		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--target-version local \
-		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--latest-version latest
-endif
-
-# NOTE: Use DOCKER_BUILDKIT=0, if docker build fails to resolve consul:local base image
-.PHONY: test-compat-integ-setup
-test-compat-integ-setup: dev-docker
-	@docker tag consul-dev:latest $(CONSUL_COMPAT_TEST_IMAGE):local
-	@docker run --rm -t $(CONSUL_COMPAT_TEST_IMAGE):local consul version
-	@#  'consul-envoy:target-version' is needed by compatibility integ test
-	@docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=$(CONSUL_COMPAT_TEST_IMAGE):local --build-arg ENVOY_VERSION=${ENVOY_VERSION} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-
-.PHONY: test-metrics-integ
-test-metrics-integ: test-compat-integ-setup
-	@cd ./test/integration/consul-container && \
-		go test -v -timeout=7m ./test/metrics \
-		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--target-version local \
-		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--latest-version latest
-
-test-connect-ca-providers:
-	@echo "Running /agent/connect/ca tests in verbose mode"
-	@go test -v ./agent/connect/ca
-	@go test -v ./agent/consul -run Vault
-	@go test -v ./agent -run Vault
+##@ Proto
 
 .PHONY: proto
-proto: proto-tools proto-gen proto-mocks
+proto: proto-tools proto-gen proto-mocks ## Protobuf setup command
+
+.PHONY: proto-tools
+proto-tools: ## Install tools for protobuf
+	@$(SHELL) $(CURDIR)/build-support/scripts/devtools.sh -protobuf
 
 .PHONY: proto-gen
-proto-gen: proto-tools
+proto-gen: proto-tools ## Regenerates all Go files from protobuf definitions
 	@$(SHELL) $(CURDIR)/build-support/scripts/protobuf.sh
 
 .PHONY: proto-mocks
-proto-mocks:
+proto-mocks: ## Proto mocks
 	for dir in $(MOCKED_PB_DIRS) ; do \
 		cd proto-public && \
 		rm -f $$dir/mock*.go && \
@@ -515,11 +499,11 @@ proto-mocks:
 	done
 
 .PHONY: proto-format
-proto-format: proto-tools
+proto-format: proto-tools ## Proto format
 	@buf format -w
 
 .PHONY: proto-lint
-proto-lint: proto-tools
+proto-lint: proto-tools ## Proto lint
 	@buf lint 
 	@for fn in $$(find proto -name '*.proto'); do \
 		if [[ "$$fn" = "proto/private/pbsubscribe/subscribe.proto" ]]; then \
@@ -534,21 +518,14 @@ proto-lint: proto-tools
 		fi \
 	done
 
-# utility to echo a makefile variable (i.e. 'make print-PROTOC_VERSION')
-print-%  : ; @echo $($*)
-
-.PHONY: module-versions
-# Print a list of modules which can be updated.
-# Columns are: module current_version date_of_current_version latest_version
-module-versions:
-	@go list -m -u -f '{{if .Update}} {{printf "%-50v %-40s" .Path .Version}} {{with .Time}} {{ .Format "2006-01-02" -}} {{else}} {{printf "%9s" ""}} {{end}}   {{ .Update.Version}} {{end}}' all
+##@ Envoy
 
 .PHONY: envoy-library
-envoy-library:
+envoy-library: ## Ensures that all of the protobuf packages present in the github.com/envoyproxy/go-control-plane library are referenced in the consul codebase
 	@$(SHELL) $(CURDIR)/build-support/scripts/envoy-library-references.sh
 
 .PHONY: envoy-regen
-envoy-regen:
+envoy-regen: ## Regenerating envoy golden files
 	$(info regenerating envoy golden files)
 	@for d in endpoints listeners routes clusters rbac; do \
 		if [[ -d "agent/xds/testdata/$${d}" ]]; then \
@@ -559,17 +536,18 @@ envoy-regen:
 	@find "command/connect/envoy/testdata" -name '*.golden' -delete
 	@go test -tags '$(GOTAGS)' ./command/connect/envoy -update
 
-# Point your web browser to http://localhost:3000/consul to live render docs from ./website/
-.PHONY: docs
-docs:
-	make -C website
-
+##@ Help
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
 .PHONY: help
-help:
-	$(info available make targets)
-	$(info ----------------------)
-	@grep "^[a-z0-9-][a-z0-9.-]*:" GNUmakefile  | cut -d':' -f1 | sort
-
-.PHONY: all bin dev dist cov test test-internal cover lint ui tools
-.PHONY: docker-images go-build-image ui-build-image consul-docker ui-docker
-.PHONY: version test-envoy-integ
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
diff --git a/build-support/scripts/envoy-library-references.sh b/build-support/scripts/envoy-library-references.sh
index 7f5413bbf78f..bca15806c7e4 100644
--- a/build-support/scripts/envoy-library-references.sh
+++ b/build-support/scripts/envoy-library-references.sh
@@ -23,7 +23,7 @@ unset CDPATH
 cd "$(dirname "$0")" # build-support/scripts
 cd ../..             # <ROOT>
 
-if [[ ! -f GNUmakefile ]] || [[ ! -f go.mod ]]; then
+if [[ ! -f Makefile ]] || [[ ! -f go.mod ]]; then
     echo "not in root consul checkout: ${PWD}" >&2
     exit 1
 fi
diff --git a/docs/README.md b/docs/README.md
index 8bebb848c9b1..91d7b6d7d927 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -55,7 +55,7 @@ contain other important source related to Consul.
 * [.changelog] contains markdown files that are used by [hashicorp/go-changelog] to produce the
   [CHANGELOG.md].
 * [build-support] contains bash functions and scripts used to automate.
-  development tasks. Generally these scripts are called from the [GNUmakefile].
+  development tasks. Generally these scripts are called from the [Makefile].
 * [grafana] contains the source for a [Grafana dashboard] that can be used to
   monitor Consul.
 
@@ -66,7 +66,7 @@ contain other important source related to Consul.
 [hashicorp/go-changelog]: https://github.com/hashicorp/go-changelog
 [CHANGELOG.md]: https://github.com/hashicorp/consul/blob/main/CHANGELOG.md
 [build-support]: https://github.com/hashicorp/consul/tree/main/build-support
-[GNUmakefile]: https://github.com/hashicorp/consul/tree/main/GNUmakefile
+[Makefile]: https://github.com/hashicorp/consul/tree/main/Makefile
 [Grafana dashboard]: https://grafana.com/grafana/dashboards
 [grafana]: https://github.com/hashicorp/consul/tree/main/grafana
 

From 62005369b54c63ccd7842c001de740ff3795d02c Mon Sep 17 00:00:00 2001
From: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>
Date: Mon, 17 Jul 2023 15:15:22 -0700
Subject: [PATCH 181/359] =?UTF-8?q?Add=20`testing/deployer`=20(ne=C3=A9=20?=
 =?UTF-8?q?`consul-topology`)=20[NET-4610]=20(#17823)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
---
 .github/workflows/reusable-lint.yml           |   1 +
 testing/deployer/.gitignore                   |   4 +
 testing/deployer/README.md                    | 179 ++++
 testing/deployer/TODO.md                      |   9 +
 testing/deployer/go.mod                       |  44 +
 testing/deployer/go.sum                       | 241 ++++++
 testing/deployer/sprawl/acl.go                | 332 ++++++++
 testing/deployer/sprawl/acl_rules.go          | 160 ++++
 testing/deployer/sprawl/boot.go               | 520 ++++++++++++
 testing/deployer/sprawl/catalog.go            | 425 ++++++++++
 testing/deployer/sprawl/configentries.go      |  58 ++
 testing/deployer/sprawl/consul.go             |  98 +++
 testing/deployer/sprawl/debug.go              |   8 +
 testing/deployer/sprawl/details.go            | 170 ++++
 testing/deployer/sprawl/ent.go                | 174 ++++
 testing/deployer/sprawl/helpers.go            |  11 +
 .../deployer/sprawl/internal/build/docker.go  |  83 ++
 .../deployer/sprawl/internal/runner/exec.go   | 120 +++
 .../deployer/sprawl/internal/secrets/store.go |  70 ++
 .../deployer/sprawl/internal/tfgen/agent.go   | 215 +++++
 .../deployer/sprawl/internal/tfgen/digest.go  |  45 +
 testing/deployer/sprawl/internal/tfgen/dns.go | 180 ++++
 .../deployer/sprawl/internal/tfgen/docker.go  |  39 +
 .../sprawl/internal/tfgen/docker_test.go      |  15 +
 testing/deployer/sprawl/internal/tfgen/gen.go | 475 +++++++++++
 testing/deployer/sprawl/internal/tfgen/io.go  |  70 ++
 .../deployer/sprawl/internal/tfgen/nodes.go   | 249 ++++++
 .../deployer/sprawl/internal/tfgen/prelude.go |  16 +
 .../deployer/sprawl/internal/tfgen/proxy.go   |  87 ++
 testing/deployer/sprawl/internal/tfgen/res.go |  95 +++
 .../templates/container-app-dataplane.tf.tmpl |  29 +
 .../templates/container-app-sidecar.tf.tmpl   |  31 +
 .../tfgen/templates/container-app.tf.tmpl     |  25 +
 .../tfgen/templates/container-consul.tf.tmpl  |  40 +
 .../tfgen/templates/container-coredns.tf.tmpl |  28 +
 .../tfgen/templates/container-mgw.tf.tmpl     |  25 +
 .../tfgen/templates/container-pause.tf.tmpl   |  38 +
 .../tfgen/templates/container-proxy.tf.tmpl   |  33 +
 .../deployer/sprawl/internal/tfgen/tfgen.go   |  15 +
 testing/deployer/sprawl/peering.go            | 165 ++++
 testing/deployer/sprawl/sprawl.go             | 464 +++++++++++
 .../deployer/sprawl/sprawltest/sprawltest.go  | 202 +++++
 .../deployer/sprawl/sprawltest/test_test.go   | 180 ++++
 testing/deployer/sprawl/tls.go                | 114 +++
 testing/deployer/topology/compile.go          | 671 +++++++++++++++
 testing/deployer/topology/default_cdp.go      |   3 +
 testing/deployer/topology/default_consul.go   |   4 +
 testing/deployer/topology/default_envoy.go    |   3 +
 testing/deployer/topology/ids.go              | 142 ++++
 testing/deployer/topology/images.go           | 123 +++
 testing/deployer/topology/images_test.go      |  98 +++
 testing/deployer/topology/topology.go         | 787 ++++++++++++++++++
 testing/deployer/topology/util.go             |  17 +
 testing/deployer/topology/util_test.go        |  11 +
 testing/deployer/util/consul.go               |  63 ++
 testing/deployer/util/files.go                |  57 ++
 .../deployer/util/internal/ipamutils/doc.go   |  21 +
 .../deployer/util/internal/ipamutils/utils.go | 117 +++
 .../util/internal/ipamutils/utils_test.go     | 102 +++
 testing/deployer/util/net.go                  |  17 +
 60 files changed, 7818 insertions(+)
 create mode 100644 testing/deployer/.gitignore
 create mode 100644 testing/deployer/README.md
 create mode 100644 testing/deployer/TODO.md
 create mode 100644 testing/deployer/go.mod
 create mode 100644 testing/deployer/go.sum
 create mode 100644 testing/deployer/sprawl/acl.go
 create mode 100644 testing/deployer/sprawl/acl_rules.go
 create mode 100644 testing/deployer/sprawl/boot.go
 create mode 100644 testing/deployer/sprawl/catalog.go
 create mode 100644 testing/deployer/sprawl/configentries.go
 create mode 100644 testing/deployer/sprawl/consul.go
 create mode 100644 testing/deployer/sprawl/debug.go
 create mode 100644 testing/deployer/sprawl/details.go
 create mode 100644 testing/deployer/sprawl/ent.go
 create mode 100644 testing/deployer/sprawl/helpers.go
 create mode 100644 testing/deployer/sprawl/internal/build/docker.go
 create mode 100644 testing/deployer/sprawl/internal/runner/exec.go
 create mode 100644 testing/deployer/sprawl/internal/secrets/store.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/agent.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/digest.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/dns.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/docker.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/docker_test.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/gen.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/io.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/nodes.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/prelude.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/proxy.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/res.go
 create mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl
 create mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl
 create mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl
 create mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl
 create mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl
 create mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl
 create mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl
 create mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl
 create mode 100644 testing/deployer/sprawl/internal/tfgen/tfgen.go
 create mode 100644 testing/deployer/sprawl/peering.go
 create mode 100644 testing/deployer/sprawl/sprawl.go
 create mode 100644 testing/deployer/sprawl/sprawltest/sprawltest.go
 create mode 100644 testing/deployer/sprawl/sprawltest/test_test.go
 create mode 100644 testing/deployer/sprawl/tls.go
 create mode 100644 testing/deployer/topology/compile.go
 create mode 100644 testing/deployer/topology/default_cdp.go
 create mode 100644 testing/deployer/topology/default_consul.go
 create mode 100644 testing/deployer/topology/default_envoy.go
 create mode 100644 testing/deployer/topology/ids.go
 create mode 100644 testing/deployer/topology/images.go
 create mode 100644 testing/deployer/topology/images_test.go
 create mode 100644 testing/deployer/topology/topology.go
 create mode 100644 testing/deployer/topology/util.go
 create mode 100644 testing/deployer/topology/util_test.go
 create mode 100644 testing/deployer/util/consul.go
 create mode 100644 testing/deployer/util/files.go
 create mode 100644 testing/deployer/util/internal/ipamutils/doc.go
 create mode 100644 testing/deployer/util/internal/ipamutils/utils.go
 create mode 100644 testing/deployer/util/internal/ipamutils/utils_test.go
 create mode 100644 testing/deployer/util/net.go

diff --git a/.github/workflows/reusable-lint.yml b/.github/workflows/reusable-lint.yml
index 9a9a26f0267e..0c87e3f03612 100644
--- a/.github/workflows/reusable-lint.yml
+++ b/.github/workflows/reusable-lint.yml
@@ -34,6 +34,7 @@ jobs:
         - "envoyextensions"
         - "troubleshoot"
         - "test/integration/consul-container"
+        - "testing/deployer"
       fail-fast: true
     name: lint ${{ matrix.directory }}
     steps:
diff --git a/testing/deployer/.gitignore b/testing/deployer/.gitignore
new file mode 100644
index 000000000000..5d18603464e6
--- /dev/null
+++ b/testing/deployer/.gitignore
@@ -0,0 +1,4 @@
+/terraform
+/workdir
+/sample-cli
+workdir
diff --git a/testing/deployer/README.md b/testing/deployer/README.md
new file mode 100644
index 000000000000..604bbdb08781
--- /dev/null
+++ b/testing/deployer/README.md
@@ -0,0 +1,179 @@
+[![GoDoc](https://pkg.go.dev/badge/github.com/hashicorp/consul/testing/deployer)](https://pkg.go.dev/github.com/hashicorp/consul/testing/deployer)
+
+## Summary
+
+This is a Go library used to launch one or more Consul clusters that can be
+peered using the cluster peering feature. Under the covers `terraform` is used
+in conjunction with the
+[`kreuzwerker/docker`](https://registry.terraform.io/providers/kreuzwerker/docker/latest)
+provider to manage a fleet of local docker containers and networks.
+
+### Configuration
+
+The complete topology of Consul clusters is defined using a topology.Config
+which allows you to define a set of networks and reference those networks when
+assigning nodes and services to clusters. Both Consul clients and
+`consul-dataplane` instances are supported.
+
+Here is an example configuration with two peered clusters:
+
+```
+cfg := &topology.Config{
+    Networks: []*topology.Network{
+        {Name: "dc1"},
+        {Name: "dc2"},
+        {Name: "wan", Type: "wan"},
+    },
+    Clusters: []*topology.Cluster{
+        {
+            Name: "dc1",
+            Nodes: []*topology.Node{
+                {
+                    Kind: topology.NodeKindServer,
+                    Name: "dc1-server1",
+                    Addresses: []*topology.Address{
+                        {Network: "dc1"},
+                        {Network: "wan"},
+                    },
+                },
+                {
+                    Kind: topology.NodeKindClient,
+                    Name: "dc1-client1",
+                    Services: []*topology.Service{
+                        {
+                            ID:             topology.ServiceID{Name: "mesh-gateway"},
+                            Port:           8443,
+                            EnvoyAdminPort: 19000,
+                            IsMeshGateway:  true,
+                        },
+                    },
+                },
+                {
+                    Kind: topology.NodeKindClient,
+                    Name: "dc1-client2",
+                    Services: []*topology.Service{
+                        {
+                            ID:             topology.ServiceID{Name: "ping"},
+                            Image:          "rboyer/pingpong:latest",
+                            Port:           8080,
+                            EnvoyAdminPort: 19000,
+                            Command: []string{
+                                "-bind", "0.0.0.0:8080",
+                                "-dial", "127.0.0.1:9090",
+                                "-pong-chaos",
+                                "-dialfreq", "250ms",
+                                "-name", "ping",
+                            },
+                            Upstreams: []*topology.Upstream{{
+                                ID:        topology.ServiceID{Name: "pong"},
+                                LocalPort: 9090,
+                                Peer:      "peer-dc2-default",
+                            }},
+                        },
+                    },
+                },
+            },
+            InitialConfigEntries: []api.ConfigEntry{
+                &api.ExportedServicesConfigEntry{
+                    Name: "default",
+                    Services: []api.ExportedService{{
+                        Name: "ping",
+                        Consumers: []api.ServiceConsumer{{
+                            Peer: "peer-dc2-default",
+                        }},
+                    }},
+                },
+            },
+        },
+        {
+            Name: "dc2",
+            Nodes: []*topology.Node{
+                {
+                    Kind: topology.NodeKindServer,
+                    Name: "dc2-server1",
+                    Addresses: []*topology.Address{
+                        {Network: "dc2"},
+                        {Network: "wan"},
+                    },
+                },
+                {
+                    Kind: topology.NodeKindClient,
+                    Name: "dc2-client1",
+                    Services: []*topology.Service{
+                        {
+                            ID:             topology.ServiceID{Name: "mesh-gateway"},
+                            Port:           8443,
+                            EnvoyAdminPort: 19000,
+                            IsMeshGateway:  true,
+                        },
+                    },
+                },
+                {
+                    Kind: topology.NodeKindDataplane,
+                    Name: "dc2-client2",
+                    Services: []*topology.Service{
+                        {
+                            ID:             topology.ServiceID{Name: "pong"},
+                            Image:          "rboyer/pingpong:latest",
+                            Port:           8080,
+                            EnvoyAdminPort: 19000,
+                            Command: []string{
+                                "-bind", "0.0.0.0:8080",
+                                "-dial", "127.0.0.1:9090",
+                                "-pong-chaos",
+                                "-dialfreq", "250ms",
+                                "-name", "pong",
+                            },
+                            Upstreams: []*topology.Upstream{{
+                                ID:        topology.ServiceID{Name: "ping"},
+                                LocalPort: 9090,
+                                Peer:      "peer-dc1-default",
+                            }},
+                        },
+                    },
+                },
+            },
+            InitialConfigEntries: []api.ConfigEntry{
+                &api.ExportedServicesConfigEntry{
+                    Name: "default",
+                    Services: []api.ExportedService{{
+                        Name: "ping",
+                        Consumers: []api.ServiceConsumer{{
+                            Peer: "peer-dc2-default",
+                        }},
+                    }},
+                },
+            },
+        },
+    },
+    Peerings: []*topology.Peering{{
+        Dialing: topology.PeerCluster{
+            Name: "dc1",
+        },
+        Accepting: topology.PeerCluster{
+            Name: "dc2",
+        },
+    }},
+}
+```
+
+Once you have a topology configuration, you simply call the appropriate
+`Launch` function to validate and boot the cluster.
+
+You may also modify your original configuration (in some allowed ways) and call
+`Relaunch` on an existing topology which will differentially adjust the running
+infrastructure. This can be useful to do things like upgrade instances in place
+or subly reconfigure them.
+
+### For Testing
+
+It is meant to be consumed primarily by unit tests desiring a complex
+reasonably realistic Consul setup. For that use case use the `sprawl/sprawltest` wrapper:
+
+```
+func TestSomething(t *testing.T) {
+    cfg := &topology.Config{...}
+    sp := sprawltest.Launch(t, cfg)
+    // do stuff with 'sp'
+}
+```
\ No newline at end of file
diff --git a/testing/deployer/TODO.md b/testing/deployer/TODO.md
new file mode 100644
index 000000000000..2d651cd16295
--- /dev/null
+++ b/testing/deployer/TODO.md
@@ -0,0 +1,9 @@
+Missing things that should probably be added;
+
+- consul-dataplane support for running mesh gateways
+- consul-dataplane health check updates (automatic; manual)
+- ServerExternalAddresses in a peering; possibly rig up a DNS name for this.
+- after creating a token, verify it exists on all servers before proceding (rather than sleep looping on not-founds)
+- investigate strange gRPC bug that is currently papered over
+- allow services to override their mesh gateway modes
+- remove some of the debug prints of various things
diff --git a/testing/deployer/go.mod b/testing/deployer/go.mod
new file mode 100644
index 000000000000..1f9fa9ffce66
--- /dev/null
+++ b/testing/deployer/go.mod
@@ -0,0 +1,44 @@
+module github.com/hashicorp/consul/testing/deployer
+
+go 1.20
+
+require (
+	github.com/google/go-cmp v0.5.9
+	github.com/hashicorp/consul/api v1.20.0
+	github.com/hashicorp/consul/sdk v0.13.1
+	github.com/hashicorp/go-cleanhttp v0.5.2
+	github.com/hashicorp/go-hclog v1.5.0
+	github.com/hashicorp/go-multierror v1.1.1
+	github.com/hashicorp/hcl/v2 v2.16.2
+	github.com/mitchellh/copystructure v1.2.0
+	github.com/rboyer/safeio v0.2.2
+	github.com/stretchr/testify v1.8.2
+	golang.org/x/crypto v0.7.0
+)
+
+require (
+	github.com/agext/levenshtein v1.2.1 // indirect
+	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/armon/go-metrics v0.3.10 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/fatih/color v1.13.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/hashicorp/go-version v1.2.1 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/serf v0.10.1 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/zclconf/go-cty v1.12.1 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/testing/deployer/go.sum b/testing/deployer/go.sum
new file mode 100644
index 000000000000..f0997b372682
--- /dev/null
+++ b/testing/deployer/go.sum
@@ -0,0 +1,241 @@
+github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
+github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
+github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
+github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
+github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
+github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo=
+github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
+github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
+github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c h1:964Od4U6p2jUkFxvCydnIczKteheJEzHRToSGK3Bnlw=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/hashicorp/consul/api v1.20.0 h1:9IHTjNVSZ7MIwjlW3N3a7iGiykCMDpxZu8jsxFJh0yc=
+github.com/hashicorp/consul/api v1.20.0/go.mod h1:nR64eD44KQ59Of/ECwt2vUmIK2DKsDzAwTmwmLl8Wpo=
+github.com/hashicorp/consul/sdk v0.13.1 h1:EygWVWWMczTzXGpO93awkHFzfUka6hLYJ0qhETd+6lY=
+github.com/hashicorp/consul/sdk v0.13.1/go.mod h1:SW/mM4LbKfqmMvcFu8v+eiQQ7oitXEFeiBe9StxERb0=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
+github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
+github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-msgpack v0.5.3 h1:zKjpN5BK/P5lMYrLmBHdBULWbJ0XpYR+7NGzqkZzoD4=
+github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
+github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
+github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
+github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
+github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
+github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
+github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
+github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
+github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
+github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/hcl/v2 v2.16.2 h1:mpkHZh/Tv+xet3sy3F9Ld4FyI2tUpWe9x3XtPx9f1a0=
+github.com/hashicorp/hcl/v2 v2.16.2/go.mod h1:JRmR89jycNkrrqnMmvPDMd56n1rQJ2Q6KocSLCMCXng=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
+github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM=
+github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0=
+github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
+github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
+github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
+github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
+github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
+github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
+github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
+github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
+github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
+github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
+github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
+github.com/rboyer/safeio v0.2.2 h1:XhtqyUTRleMYGyBt3ni4j2BtEh669U2ry2INnnd+B4k=
+github.com/rboyer/safeio v0.2.2/go.mod h1:pSnr2LFXyn/c/fotxotyOdYy7pP/XSh6MpBmzXPjiNc=
+github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
+github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
+github.com/zclconf/go-cty v1.12.1 h1:PcupnljUm9EIvbgSHQnHhUr3fO6oFmkOrvs2BAFNXXY=
+github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/testing/deployer/sprawl/acl.go b/testing/deployer/sprawl/acl.go
new file mode 100644
index 000000000000..54f9c9a98a01
--- /dev/null
+++ b/testing/deployer/sprawl/acl.go
@@ -0,0 +1,332 @@
+package sprawl
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/consul/api"
+
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+// TODO: fix this by checking that a token/policy works on ALL servers before
+// returning from create.
+func isACLNotFound(err error) bool {
+	if err == nil {
+		return false
+	}
+	return strings.Contains(err.Error(), `ACL not found`)
+}
+
+func (s *Sprawl) bootstrapACLs(cluster string) error {
+	var (
+		client    = s.clients[cluster]
+		logger    = s.logger.With("cluster", cluster)
+		mgmtToken = s.secrets.ReadGeneric(cluster, secrets.BootstrapToken)
+	)
+
+	ac := client.ACL()
+
+	if mgmtToken != "" {
+	NOT_BOOTED:
+		ready, err := s.isACLBootstrapped(cluster, client)
+		if err != nil {
+			return fmt.Errorf("error checking if the acl system is bootstrapped: %w", err)
+		} else if !ready {
+			logger.Warn("ACL system is not ready yet")
+			time.Sleep(250 * time.Millisecond)
+			goto NOT_BOOTED
+		}
+
+	TRYAGAIN:
+		// check to see if it works
+		_, _, err = ac.TokenReadSelf(&api.QueryOptions{Token: mgmtToken})
+		if err != nil {
+			if isACLNotBootstrapped(err) {
+				logger.Warn("system is rebooting", "error", err)
+				time.Sleep(250 * time.Millisecond)
+				goto TRYAGAIN
+			}
+
+			return fmt.Errorf("management token no longer works: %w", err)
+		}
+
+		logger.Info("current management token", "token", mgmtToken)
+		return nil
+	}
+
+TRYAGAIN2:
+	logger.Info("bootstrapping ACLs")
+	tok, _, err := ac.Bootstrap()
+	if err != nil {
+		if isACLNotBootstrapped(err) {
+			logger.Warn("system is rebooting", "error", err)
+			time.Sleep(250 * time.Millisecond)
+			goto TRYAGAIN2
+		}
+		return err
+	}
+	mgmtToken = tok.SecretID
+	s.secrets.SaveGeneric(cluster, secrets.BootstrapToken, mgmtToken)
+
+	logger.Info("current management token", "token", mgmtToken)
+
+	return nil
+
+}
+
+func isACLNotBootstrapped(err error) bool {
+	switch {
+	case strings.Contains(err.Error(), "ACL system must be bootstrapped before making any requests that require authorization"):
+		return true
+	case strings.Contains(err.Error(), "The ACL system is currently in legacy mode"):
+		return true
+	}
+	return false
+}
+
+func (s *Sprawl) isACLBootstrapped(cluster string, client *api.Client) (bool, error) {
+	policy, _, err := client.ACL().PolicyReadByName("global-management", &api.QueryOptions{
+		Token: s.secrets.ReadGeneric(cluster, secrets.BootstrapToken),
+	})
+	if err != nil {
+		if strings.Contains(err.Error(), "Unexpected response code: 403 (ACL not found)") {
+			return false, nil
+		} else if isACLNotBootstrapped(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	return policy != nil, nil
+}
+
+func (s *Sprawl) createAnonymousToken(cluster *topology.Cluster) error {
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	if err := s.createAnonymousPolicy(cluster); err != nil {
+		return err
+	}
+
+	token, err := CreateOrUpdateToken(client, anonymousToken())
+	if err != nil {
+		return err
+	}
+
+	logger.Info("created anonymous token",
+		"token", token.SecretID,
+	)
+
+	return nil
+}
+
+func (s *Sprawl) createAnonymousPolicy(cluster *topology.Cluster) error {
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	op, err := CreateOrUpdatePolicy(client, anonymousPolicy(cluster.Enterprise))
+	if err != nil {
+		return err
+	}
+
+	logger.Info("created anonymous policy",
+		"policy-name", op.Name,
+		"policy-id", op.ID,
+	)
+
+	return nil
+}
+
+func (s *Sprawl) createAgentTokens(cluster *topology.Cluster) error {
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	for _, node := range cluster.Nodes {
+		// NOTE: always create tokens even for disabled nodes.
+		if !node.IsAgent() {
+			continue
+		}
+
+		if tok := s.secrets.ReadAgentToken(cluster.Name, node.ID()); tok == "" {
+			token, err := CreateOrUpdateToken(client, tokenForNode(node, cluster.Enterprise))
+			if err != nil {
+				return err
+			}
+
+			logger.Info("created agent token",
+				"node", node.ID(),
+				"token", token.SecretID,
+			)
+
+			s.secrets.SaveAgentToken(cluster.Name, node.ID(), token.SecretID)
+		}
+	}
+
+	return nil
+}
+
+// Create a policy to allow super permissive catalog reads across namespace
+// boundaries.
+func (s *Sprawl) createCrossNamespaceCatalogReadPolicies(cluster *topology.Cluster, partition string) error {
+	if !cluster.Enterprise {
+		return nil
+	}
+
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	op, err := CreateOrUpdatePolicy(client, policyForCrossNamespaceRead(partition))
+	if err != nil {
+		return err
+	}
+
+	logger.Info("created cross-ns-catalog-read policy",
+		"policy-name", op.Name,
+		"policy-id", op.ID,
+		"partition", partition,
+	)
+
+	return nil
+}
+
+func (s *Sprawl) createAllServiceTokens() error {
+	for _, cluster := range s.topology.Clusters {
+		if err := s.createServiceTokens(cluster); err != nil {
+			return fmt.Errorf("createServiceTokens[%s]: %w", cluster.Name, err)
+		}
+	}
+	return nil
+}
+
+func (s *Sprawl) createServiceTokens(cluster *topology.Cluster) error {
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	sids := make(map[topology.ServiceID]struct{})
+	for _, node := range cluster.Nodes {
+		if !node.RunsWorkloads() || len(node.Services) == 0 || node.Disabled {
+			continue
+		}
+
+		for _, svc := range node.Services {
+			sid := svc.ID
+
+			if _, done := sids[sid]; done {
+				continue
+			}
+
+			var overridePolicy *api.ACLPolicy
+			if svc.IsMeshGateway {
+				var err error
+				overridePolicy, err = CreateOrUpdatePolicy(client, policyForMeshGateway(svc, cluster.Enterprise))
+				if err != nil {
+					return fmt.Errorf("could not create policy: %w", err)
+				}
+			}
+
+			token, err := CreateOrUpdateToken(client, tokenForService(svc, overridePolicy, cluster.Enterprise))
+			if err != nil {
+				return fmt.Errorf("could not create token: %w", err)
+			}
+
+			logger.Info("created service token",
+				"service", svc.ID.Name,
+				"namespace", svc.ID.Namespace,
+				"partition", svc.ID.Partition,
+				"token", token.SecretID,
+			)
+
+			s.secrets.SaveServiceToken(cluster.Name, sid, token.SecretID)
+
+			sids[sid] = struct{}{}
+		}
+	}
+
+	return nil
+}
+
+func CreateOrUpdateToken(client *api.Client, t *api.ACLToken) (*api.ACLToken, error) {
+	ac := client.ACL()
+
+	currentToken, err := getTokenByDescription(client, t.Description, &api.QueryOptions{
+		Partition: t.Partition,
+		Namespace: t.Namespace,
+	})
+	if err != nil {
+		return nil, err
+	} else if currentToken != nil {
+		t.AccessorID = currentToken.AccessorID
+		t.SecretID = currentToken.SecretID
+	}
+
+	if t.AccessorID != "" {
+		t, _, err = ac.TokenUpdate(t, nil)
+	} else {
+		t, _, err = ac.TokenCreate(t, nil)
+	}
+	if err != nil {
+		return nil, err
+	}
+	return t, nil
+}
+
+func getTokenByDescription(client *api.Client, description string, opts *api.QueryOptions) (*api.ACLToken, error) {
+	ac := client.ACL()
+	tokens, _, err := ac.TokenList(opts)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, tokenEntry := range tokens {
+		if tokenEntry.Description == description {
+			token, _, err := ac.TokenRead(tokenEntry.AccessorID, opts)
+			if err != nil {
+				return nil, err
+			}
+
+			return token, nil
+		}
+	}
+	return nil, nil
+}
+
+func CreateOrUpdatePolicy(client *api.Client, p *api.ACLPolicy) (*api.ACLPolicy, error) {
+	ac := client.ACL()
+
+	currentPolicy, _, err := ac.PolicyReadByName(p.Name, &api.QueryOptions{
+		Partition: p.Partition,
+		Namespace: p.Namespace,
+	})
+
+	// There is a quirk about Consul 1.14.x, where: if reading a policy yields
+	// an empty result, we return "ACL not found". It's safe to ignore this here,
+	// because if the Client's ACL token truly doesn't exist, then the create fails below.
+	if err != nil && !strings.Contains(err.Error(), "ACL not found") {
+		return nil, err
+	} else if currentPolicy != nil {
+		p.ID = currentPolicy.ID
+	}
+
+	if p.ID != "" {
+		p, _, err = ac.PolicyUpdate(p, nil)
+	} else {
+		p, _, err = ac.PolicyCreate(p, nil)
+	}
+
+	if err != nil {
+		return nil, err
+	}
+	return p, nil
+}
diff --git a/testing/deployer/sprawl/acl_rules.go b/testing/deployer/sprawl/acl_rules.go
new file mode 100644
index 000000000000..b024ceab539e
--- /dev/null
+++ b/testing/deployer/sprawl/acl_rules.go
@@ -0,0 +1,160 @@
+package sprawl
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/consul/api"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+func policyForCrossNamespaceRead(partition string) *api.ACLPolicy {
+	return &api.ACLPolicy{
+		Name:        "cross-ns-catalog-read",
+		Description: "cross-ns-catalog-read",
+		Partition:   partition,
+		Rules: fmt.Sprintf(`
+partition %[1]q {
+  namespace_prefix "" {
+    node_prefix ""    { policy = "read" }
+    service_prefix "" { policy = "read" }
+  }
+}
+`, partition),
+	}
+}
+
+const anonymousTokenAccessorID = "00000000-0000-0000-0000-000000000002"
+
+func anonymousToken() *api.ACLToken {
+	return &api.ACLToken{
+		AccessorID: anonymousTokenAccessorID,
+		// SecretID: "anonymous",
+		Description: "anonymous",
+		Local:       false,
+		Policies: []*api.ACLTokenPolicyLink{
+			{
+				Name: "anonymous",
+			},
+		},
+	}
+}
+
+func anonymousPolicy(enterprise bool) *api.ACLPolicy {
+	p := &api.ACLPolicy{
+		Name:        "anonymous",
+		Description: "anonymous",
+	}
+	if enterprise {
+		p.Rules = `
+partition_prefix "" {
+  namespace_prefix "" {
+    node_prefix "" { policy = "read" }
+    service_prefix "" { policy = "read" }
+  }
+}
+`
+	} else {
+		p.Rules = `
+node_prefix "" { policy = "read" }
+service_prefix "" { policy = "read" }
+`
+	}
+	return p
+}
+
+func tokenForNode(node *topology.Node, enterprise bool) *api.ACLToken {
+	nid := node.ID()
+
+	tokenName := "agent--" + nid.ACLString()
+
+	token := &api.ACLToken{
+		Description: tokenName,
+		Local:       false,
+		NodeIdentities: []*api.ACLNodeIdentity{{
+			NodeName:   node.PodName(),
+			Datacenter: node.Datacenter,
+		}},
+	}
+	if enterprise {
+		token.Partition = node.Partition
+		token.Namespace = "default"
+	}
+	return token
+}
+
+func tokenForService(svc *topology.Service, overridePolicy *api.ACLPolicy, enterprise bool) *api.ACLToken {
+	token := &api.ACLToken{
+		Description: "service--" + svc.ID.ACLString(),
+		Local:       false,
+	}
+	if overridePolicy != nil {
+		token.Policies = []*api.ACLTokenPolicyLink{{ID: overridePolicy.ID}}
+	} else {
+		token.ServiceIdentities = []*api.ACLServiceIdentity{{
+			ServiceName: svc.ID.Name,
+		}}
+	}
+
+	if enterprise {
+		token.Namespace = svc.ID.Namespace
+		token.Partition = svc.ID.Partition
+	}
+
+	return token
+}
+
+func policyForMeshGateway(svc *topology.Service, enterprise bool) *api.ACLPolicy {
+	policyName := "mesh-gateway--" + svc.ID.ACLString()
+
+	policy := &api.ACLPolicy{
+		Name:        policyName,
+		Description: policyName,
+	}
+	if enterprise {
+		policy.Partition = svc.ID.Partition
+		policy.Namespace = "default"
+	}
+
+	if enterprise {
+		policy.Rules = `
+namespace_prefix "" {
+  service "mesh-gateway" {
+    policy = "write"
+  }
+  service_prefix "" {
+    policy = "read"
+  }
+  node_prefix "" {
+    policy = "read"
+  }
+}
+agent_prefix "" {
+  policy = "read"
+}
+# for peering
+mesh = "write"
+peering = "read"
+`
+	} else {
+		policy.Rules = `
+service "mesh-gateway" {
+  policy = "write"
+}
+service_prefix "" {
+  policy = "read"
+}
+node_prefix "" {
+  policy = "read"
+}
+agent_prefix "" {
+  policy = "read"
+}
+# for peering
+mesh = "write"
+peering = "read"
+`
+	}
+
+	return policy
+}
diff --git a/testing/deployer/sprawl/boot.go b/testing/deployer/sprawl/boot.go
new file mode 100644
index 000000000000..415788726307
--- /dev/null
+++ b/testing/deployer/sprawl/boot.go
@@ -0,0 +1,520 @@
+package sprawl
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/go-multierror"
+
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/build"
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/tfgen"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/hashicorp/consul/testing/deployer/util"
+)
+
+const (
+	sharedBootstrapToken = "root"
+	// sharedBootstrapToken = "ec59aa56-1996-4ff1-911a-f5d782552a13"
+
+	sharedAgentRecoveryToken = "22082b05-05c9-4a0a-b3da-b9685ac1d688"
+)
+
+func (s *Sprawl) launch() error {
+	return s.launchType(true)
+}
+func (s *Sprawl) relaunch() error {
+	return s.launchType(false)
+}
+func (s *Sprawl) launchType(firstTime bool) (launchErr error) {
+	if err := build.DockerImages(s.logger, s.runner, s.topology); err != nil {
+		return fmt.Errorf("build.DockerImages: %w", err)
+	}
+
+	if firstTime {
+		// Initialize secrets the easy way for now (same in all clusters).
+		gossipKey, err := newGossipKey()
+		if err != nil {
+			return fmt.Errorf("newGossipKey: %w", err)
+		}
+		for _, cluster := range s.topology.Clusters {
+			s.secrets.SaveGeneric(cluster.Name, secrets.BootstrapToken, sharedBootstrapToken)
+			s.secrets.SaveGeneric(cluster.Name, secrets.AgentRecovery, sharedAgentRecoveryToken)
+			s.secrets.SaveGeneric(cluster.Name, secrets.GossipKey, gossipKey)
+
+			// Give servers a copy of the bootstrap token for use as their agent tokens
+			// to avoid complicating the chicken/egg situation for startup.
+			for _, node := range cluster.Nodes {
+				if node.IsServer() { // include disabled
+					s.secrets.SaveAgentToken(cluster.Name, node.ID(), sharedBootstrapToken)
+				}
+			}
+		}
+	}
+
+	var cleanupFuncs []func()
+	defer func() {
+		for i := len(cleanupFuncs) - 1; i >= 0; i-- {
+			cleanupFuncs[i]()
+		}
+	}()
+
+	if firstTime {
+		var err error
+		s.generator, err = tfgen.NewGenerator(
+			s.logger.Named("tfgen"),
+			s.runner,
+			s.topology,
+			&s.secrets,
+			s.workdir,
+			s.license,
+		)
+		if err != nil {
+			return err
+		}
+	} else {
+		s.generator.SetTopology(s.topology)
+	}
+	cleanupFuncs = append(cleanupFuncs, func() {
+		// Log the error before the cleanup so you don't have to wait to see
+		// the cause.
+		if launchErr != nil {
+			s.logger.Error("fatal error during launch", "error", launchErr)
+		}
+
+		_ = s.generator.DestroyAllQuietly()
+	})
+
+	if firstTime {
+		// The networking phase is special. We have to pick a random subnet and
+		// hope. Once we have this established once it is immutable for future
+		// runs.
+		if err := s.initNetworkingAndVolumes(); err != nil {
+			return fmt.Errorf("initNetworkingAndVolumes: %w", err)
+		}
+	}
+
+	if err := s.assignIPAddresses(); err != nil {
+		return fmt.Errorf("assignIPAddresses: %w", err)
+	}
+
+	// The previous terraform run should have made the special volume for us.
+	if err := s.initTLS(context.TODO()); err != nil {
+		return fmt.Errorf("initTLS: %w", err)
+	}
+
+	if firstTime {
+		if err := s.createFirstTime(); err != nil {
+			return err
+		}
+
+		s.generator.MarkLaunched()
+	} else {
+		if err := s.updateExisting(); err != nil {
+			return err
+		}
+	}
+
+	if err := s.waitForPeeringEstablishment(); err != nil {
+		return fmt.Errorf("waitForPeeringEstablishment: %w", err)
+	}
+
+	cleanupFuncs = nil // reset
+
+	return nil
+}
+
+func (s *Sprawl) Stop() error {
+	var merr error
+	if s.generator != nil {
+		if err := s.generator.DestroyAllQuietly(); err != nil {
+			merr = multierror.Append(merr, err)
+		}
+	}
+	return merr
+}
+
+const dockerOutOfNetworksErrorMessage = `Unable to create network: Error response from daemon: Pool overlaps with other one on this address space`
+
+var ErrDockerNetworkCollision = errors.New("could not create one or more docker networks for use due to subnet collision")
+
+func (s *Sprawl) initNetworkingAndVolumes() error {
+	var lastErr error
+	for attempts := 0; attempts < 5; attempts++ {
+		err := s.generator.Generate(tfgen.StepNetworks)
+		if err != nil && strings.Contains(err.Error(), dockerOutOfNetworksErrorMessage) {
+			lastErr = ErrDockerNetworkCollision
+			s.logger.Warn(ErrDockerNetworkCollision.Error()+"; retrying", "attempt", attempts+1)
+			time.Sleep(1 * time.Second)
+			continue
+		} else if err != nil {
+			return fmt.Errorf("generator[networks]: %w", err)
+		}
+		return nil
+	}
+
+	return lastErr
+}
+
+func (s *Sprawl) assignIPAddresses() error {
+	// assign ips now that we have network ips known to us
+	for _, net := range s.topology.Networks {
+		if len(net.IPPool) == 0 {
+			return fmt.Errorf("network %q does not have any ip assignments", net.Name)
+		}
+	}
+	for _, cluster := range s.topology.Clusters {
+		for _, node := range cluster.Nodes {
+			for _, addr := range node.Addresses {
+				net, ok := s.topology.Networks[addr.Network]
+				if !ok {
+					return fmt.Errorf("unknown network %q", addr.Network)
+				}
+				addr.IPAddress = net.IPByIndex(node.Index)
+			}
+		}
+	}
+
+	return nil
+}
+
+func (s *Sprawl) initConsulServers() error {
+	if err := s.generator.Generate(tfgen.StepServers); err != nil {
+		return fmt.Errorf("generator[servers]: %w", err)
+	}
+
+	// s.logger.Info("ALL", "t", jd(s.topology)) // TODO
+
+	// Create token-less api clients first.
+	for _, cluster := range s.topology.Clusters {
+		node := cluster.FirstServer()
+
+		var err error
+		s.clients[cluster.Name], err = util.ProxyAPIClient(
+			node.LocalProxyPort(),
+			node.LocalAddress(),
+			8500,
+			"", /*no token yet*/
+		)
+		if err != nil {
+			return fmt.Errorf("error creating initial bootstrap client for cluster=%s: %w", cluster.Name, err)
+		}
+	}
+
+	if err := s.rejoinAllConsulServers(); err != nil {
+		return err
+	}
+
+	for _, cluster := range s.topology.Clusters {
+		err := s.bootstrapACLs(cluster.Name)
+		if err != nil {
+			return fmt.Errorf("bootstrap[%s]: %w", cluster.Name, err)
+		}
+
+		mgmtToken := s.secrets.ReadGeneric(cluster.Name, secrets.BootstrapToken)
+
+		// Reconfigure the clients to use a management token.
+		node := cluster.FirstServer()
+		s.clients[cluster.Name], err = util.ProxyAPIClient(
+			node.LocalProxyPort(),
+			node.LocalAddress(),
+			8500,
+			mgmtToken,
+		)
+		if err != nil {
+			return fmt.Errorf("error creating final client for cluster=%s: %v", cluster.Name, err)
+		}
+
+		// For some reason the grpc resolver stuff for partitions takes some
+		// time to get ready.
+		s.waitForLocalWrites(cluster, mgmtToken)
+
+		// Create tenancies so that the ACL tokens and clients have somewhere to go.
+		if cluster.Enterprise {
+			if err := s.initTenancies(cluster); err != nil {
+				return fmt.Errorf("initTenancies[%s]: %w", cluster.Name, err)
+			}
+		}
+
+		if err := s.populateInitialConfigEntries(cluster); err != nil {
+			return fmt.Errorf("populateInitialConfigEntries[%s]: %w", cluster.Name, err)
+		}
+
+		if err := s.createAnonymousToken(cluster); err != nil {
+			return fmt.Errorf("createAnonymousToken[%s]: %w", cluster.Name, err)
+		}
+
+		// Create tokens for all of the agents to use for anti-entropy.
+		//
+		// NOTE: this will cause the servers to roll to pick up the change to
+		// the acl{tokens{agent=XXX}}} section.
+		if err := s.createAgentTokens(cluster); err != nil {
+			return fmt.Errorf("createAgentTokens[%s]: %w", cluster.Name, err)
+		}
+	}
+
+	return nil
+}
+
+func (s *Sprawl) createFirstTime() error {
+	if err := s.initConsulServers(); err != nil {
+		return fmt.Errorf("initConsulServers: %w", err)
+	}
+
+	if err := s.generator.Generate(tfgen.StepAgents); err != nil {
+		return fmt.Errorf("generator[agents]: %w", err)
+	}
+	for _, cluster := range s.topology.Clusters {
+		if err := s.waitForClientAntiEntropyOnce(cluster); err != nil {
+			return fmt.Errorf("waitForClientAntiEntropyOnce[%s]: %w", cluster.Name, err)
+		}
+	}
+
+	// Ideally we start services WITH a token initially, so we pre-create them
+	// before running terraform for them.
+	if err := s.createAllServiceTokens(); err != nil {
+		return fmt.Errorf("createAllServiceTokens: %w", err)
+	}
+
+	if err := s.registerAllServicesForDataplaneInstances(); err != nil {
+		return fmt.Errorf("registerAllServicesForDataplaneInstances: %w", err)
+	}
+
+	// We can do this ahead, because we've incrementally run terraform as
+	// we went.
+	if err := s.registerAllServicesToAgents(); err != nil {
+		return fmt.Errorf("registerAllServicesToAgents: %w", err)
+	}
+
+	// NOTE: start services WITH token initially
+	if err := s.generator.Generate(tfgen.StepServices); err != nil {
+		return fmt.Errorf("generator[services]: %w", err)
+	}
+
+	if err := s.initPeerings(); err != nil {
+		return fmt.Errorf("initPeerings: %w", err)
+	}
+	return nil
+}
+
+func (s *Sprawl) updateExisting() error {
+	if err := s.preRegenTasks(); err != nil {
+		return fmt.Errorf("preRegenTasks: %w", err)
+	}
+
+	// We save all of the terraform to the end. Some of the containers will
+	// be a little broken until we can do stuff like register services to
+	// new agents, which we cannot do until they come up.
+	if err := s.generator.Generate(tfgen.StepRelaunch); err != nil {
+		return fmt.Errorf("generator[relaunch]: %w", err)
+	}
+
+	if err := s.postRegenTasks(); err != nil {
+		return fmt.Errorf("postRegenTasks: %w", err)
+	}
+
+	// TODO: enforce that peering relationships cannot change
+	// TODO: include a fixup version of new peerings?
+
+	return nil
+}
+
+func (s *Sprawl) preRegenTasks() error {
+	for _, cluster := range s.topology.Clusters {
+		// Create tenancies so that the ACL tokens and clients have somewhere to go.
+		if cluster.Enterprise {
+			if err := s.initTenancies(cluster); err != nil {
+				return fmt.Errorf("initTenancies[%s]: %w", cluster.Name, err)
+			}
+		}
+
+		if err := s.populateInitialConfigEntries(cluster); err != nil {
+			return fmt.Errorf("populateInitialConfigEntries[%s]: %w", cluster.Name, err)
+		}
+
+		// Create tokens for all of the agents to use for anti-entropy.
+		if err := s.createAgentTokens(cluster); err != nil {
+			return fmt.Errorf("createAgentTokens[%s]: %w", cluster.Name, err)
+		}
+	}
+
+	// Ideally we start services WITH a token initially, so we pre-create them
+	// before running terraform for them.
+	if err := s.createAllServiceTokens(); err != nil {
+		return fmt.Errorf("createAllServiceTokens: %w", err)
+	}
+
+	if err := s.registerAllServicesForDataplaneInstances(); err != nil {
+		return fmt.Errorf("registerAllServicesForDataplaneInstances: %w", err)
+	}
+
+	return nil
+}
+
+func (s *Sprawl) postRegenTasks() error {
+	if err := s.rejoinAllConsulServers(); err != nil {
+		return err
+	}
+
+	for _, cluster := range s.topology.Clusters {
+		var err error
+
+		mgmtToken := s.secrets.ReadGeneric(cluster.Name, secrets.BootstrapToken)
+
+		// Reconfigure the clients to use a management token.
+		node := cluster.FirstServer()
+		s.clients[cluster.Name], err = util.ProxyAPIClient(
+			node.LocalProxyPort(),
+			node.LocalAddress(),
+			8500,
+			mgmtToken,
+		)
+		if err != nil {
+			return fmt.Errorf("error creating final client for cluster=%s: %v", cluster.Name, err)
+		}
+
+		s.waitForLeader(cluster)
+
+		// For some reason the grpc resolver stuff for partitions takes some
+		// time to get ready.
+		s.waitForLocalWrites(cluster, mgmtToken)
+	}
+
+	for _, cluster := range s.topology.Clusters {
+		if err := s.waitForClientAntiEntropyOnce(cluster); err != nil {
+			return fmt.Errorf("waitForClientAntiEntropyOnce[%s]: %w", cluster.Name, err)
+		}
+	}
+
+	if err := s.registerAllServicesToAgents(); err != nil {
+		return fmt.Errorf("registerAllServicesToAgents: %w", err)
+	}
+
+	return nil
+}
+
+func (s *Sprawl) waitForLocalWrites(cluster *topology.Cluster, token string) {
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+	tryKV := func() error {
+		_, err := client.KV().Put(&api.KVPair{
+			Key:   "local-test",
+			Value: []byte("payload-for-local-test-in-" + cluster.Name),
+		}, nil)
+		return err
+	}
+	tryAP := func() error {
+		if !cluster.Enterprise {
+			return nil
+		}
+		_, _, err := client.Partitions().Create(context.Background(), &api.Partition{
+			Name: "placeholder",
+		}, &api.WriteOptions{Token: token})
+		return err
+	}
+
+	start := time.Now()
+	for attempts := 0; ; attempts++ {
+		if err := tryKV(); err != nil {
+			logger.Warn("local kv write failed; something is not ready yet", "error", err)
+			time.Sleep(500 * time.Millisecond)
+			continue
+		} else {
+			dur := time.Since(start)
+			logger.Info("local kv write success", "elapsed", dur, "retries", attempts)
+		}
+
+		break
+	}
+
+	if cluster.Enterprise {
+		start = time.Now()
+		for attempts := 0; ; attempts++ {
+			if err := tryAP(); err != nil {
+				logger.Warn("local partition write failed; something is not ready yet", "error", err)
+				time.Sleep(500 * time.Millisecond)
+				continue
+			} else {
+				dur := time.Since(start)
+				logger.Info("local partition write success", "elapsed", dur, "retries", attempts)
+			}
+
+			break
+		}
+	}
+}
+
+func (s *Sprawl) waitForClientAntiEntropyOnce(cluster *topology.Cluster) error {
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	var (
+		queryOptionList = cluster.PartitionQueryOptionsList()
+		start           = time.Now()
+		cc              = client.Catalog()
+	)
+	for {
+		// Enumerate all of the nodes that are currently in the catalog. This
+		// will overmatch including things like fake nodes for agentless but
+		// that's ok.
+		current := make(map[topology.NodeID]*api.Node)
+		for _, queryOpts := range queryOptionList {
+			nodes, _, err := cc.Nodes(queryOpts)
+			if err != nil {
+				return err
+			}
+			for _, node := range nodes {
+				nid := topology.NewNodeID(node.Node, node.Partition)
+				current[nid] = node
+			}
+		}
+
+		// See if we have them all.
+		var stragglers []topology.NodeID
+		for _, node := range cluster.Nodes {
+			if !node.IsAgent() || node.Disabled {
+				continue
+			}
+			nid := node.CatalogID()
+
+			got, ok := current[nid]
+			if ok && len(got.TaggedAddresses) > 0 {
+				// this is a field that is not updated just due to serf reconcile
+				continue
+			}
+
+			stragglers = append(stragglers, nid)
+		}
+
+		if len(stragglers) == 0 {
+			dur := time.Since(start)
+			logger.Info("all nodes have posted node updates, so first anti-entropy has happened", "elapsed", dur)
+			return nil
+		}
+		logger.Info("not all client nodes have posted node updates yet", "nodes", stragglers)
+
+		time.Sleep(1 * time.Second)
+	}
+}
+
+func newGossipKey() (string, error) {
+	key := make([]byte, 16)
+	n, err := rand.Reader.Read(key)
+	if err != nil {
+		return "", fmt.Errorf("Error reading random data: %s", err)
+	}
+	if n != 16 {
+		return "", fmt.Errorf("Couldn't read enough entropy. Generate more entropy!")
+	}
+	return base64.StdEncoding.EncodeToString(key), nil
+}
diff --git a/testing/deployer/sprawl/catalog.go b/testing/deployer/sprawl/catalog.go
new file mode 100644
index 000000000000..5da32cc51318
--- /dev/null
+++ b/testing/deployer/sprawl/catalog.go
@@ -0,0 +1,425 @@
+package sprawl
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/hashicorp/consul/api"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/hashicorp/consul/testing/deployer/util"
+)
+
+func (s *Sprawl) registerAllServicesToAgents() error {
+	for _, cluster := range s.topology.Clusters {
+		if err := s.registerServicesToAgents(cluster); err != nil {
+			return fmt.Errorf("registerServicesToAgents[%s]: %w", cluster.Name, err)
+		}
+	}
+	return nil
+}
+
+func (s *Sprawl) registerAllServicesForDataplaneInstances() error {
+	for _, cluster := range s.topology.Clusters {
+		if err := s.registerServicesForDataplaneInstances(cluster); err != nil {
+			return fmt.Errorf("registerServicesForDataplaneInstances[%s]: %w", cluster.Name, err)
+		}
+	}
+	return nil
+}
+
+func (s *Sprawl) registerServicesToAgents(cluster *topology.Cluster) error {
+	for _, node := range cluster.Nodes {
+		if !node.RunsWorkloads() || len(node.Services) == 0 || node.Disabled {
+			continue
+		}
+
+		if !node.IsAgent() {
+			continue
+		}
+
+		agentClient, err := util.ProxyAPIClient(
+			node.LocalProxyPort(),
+			node.LocalAddress(),
+			8500,
+			"", /*token will be in request*/
+		)
+		if err != nil {
+			return err
+		}
+
+		for _, svc := range node.Services {
+			if err := s.registerAgentService(agentClient, cluster, node, svc); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func (s *Sprawl) registerAgentService(
+	agentClient *api.Client,
+	cluster *topology.Cluster,
+	node *topology.Node,
+	svc *topology.Service,
+) error {
+	if !node.IsAgent() {
+		panic("called wrong method type")
+	}
+
+	if svc.IsMeshGateway {
+		return nil // handled at startup time for agent-full, but won't be for agent-less
+	}
+
+	var (
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	reg := &api.AgentServiceRegistration{
+		ID:   svc.ID.Name,
+		Name: svc.ID.Name,
+		Port: svc.Port,
+		Meta: svc.Meta,
+	}
+	if cluster.Enterprise {
+		reg.Namespace = svc.ID.Namespace
+		reg.Partition = svc.ID.Partition
+	}
+
+	if !svc.DisableServiceMesh {
+		var upstreams []api.Upstream
+		for _, u := range svc.Upstreams {
+			uAPI := api.Upstream{
+				DestinationPeer:  u.Peer,
+				DestinationName:  u.ID.Name,
+				LocalBindAddress: u.LocalAddress,
+				LocalBindPort:    u.LocalPort,
+				// Config               map[string]interface{} `json:",omitempty" bexpr:"-"`
+				// MeshGateway          MeshGatewayConfig      `json:",omitempty"`
+			}
+			if cluster.Enterprise {
+				uAPI.DestinationNamespace = u.ID.Namespace
+				if u.Peer == "" {
+					uAPI.DestinationPartition = u.ID.Partition
+				}
+			}
+			upstreams = append(upstreams, uAPI)
+		}
+		reg.Connect = &api.AgentServiceConnect{
+			SidecarService: &api.AgentServiceRegistration{
+				Proxy: &api.AgentServiceConnectProxyConfig{
+					Upstreams: upstreams,
+				},
+			},
+		}
+	}
+
+	switch {
+	case svc.CheckTCP != "":
+		chk := &api.AgentServiceCheck{
+			Name:     "up",
+			TCP:      svc.CheckTCP,
+			Interval: "5s",
+			Timeout:  "1s",
+		}
+		reg.Checks = append(reg.Checks, chk)
+	case svc.CheckHTTP != "":
+		chk := &api.AgentServiceCheck{
+			Name:     "up",
+			HTTP:     svc.CheckHTTP,
+			Method:   "GET",
+			Interval: "5s",
+			Timeout:  "1s",
+		}
+		reg.Checks = append(reg.Checks, chk)
+	}
+
+	// Switch token for every request.
+	hdr := make(http.Header)
+	hdr.Set("X-Consul-Token", s.secrets.ReadServiceToken(cluster.Name, svc.ID))
+	agentClient.SetHeaders(hdr)
+
+RETRY:
+	if err := agentClient.Agent().ServiceRegister(reg); err != nil {
+		if isACLNotFound(err) {
+			time.Sleep(50 * time.Millisecond)
+			goto RETRY
+		}
+		return fmt.Errorf("failed to register service %q to node %q: %w", svc.ID, node.ID(), err)
+	}
+
+	logger.Info("registered service to client agent",
+		"service", svc.ID.Name,
+		"node", node.Name,
+		"namespace", svc.ID.Namespace,
+		"partition", svc.ID.Partition,
+	)
+
+	return nil
+}
+
+func (s *Sprawl) registerServicesForDataplaneInstances(cluster *topology.Cluster) error {
+	for _, node := range cluster.Nodes {
+		if !node.RunsWorkloads() || len(node.Services) == 0 || node.Disabled {
+			continue
+		}
+
+		if !node.IsDataplane() {
+			continue
+		}
+
+		if err := s.registerCatalogNode(cluster, node); err != nil {
+			return fmt.Errorf("error registering virtual node: %w", err)
+		}
+
+		for _, svc := range node.Services {
+			if err := s.registerCatalogService(cluster, node, svc); err != nil {
+				return fmt.Errorf("error registering service: %w", err)
+			}
+			if !svc.DisableServiceMesh {
+				if err := s.registerCatalogSidecarService(cluster, node, svc); err != nil {
+					return fmt.Errorf("error registering sidecar service: %w", err)
+				}
+			}
+		}
+	}
+
+	return nil
+}
+
+func (s *Sprawl) registerCatalogNode(
+	cluster *topology.Cluster,
+	node *topology.Node,
+) error {
+	if !node.IsDataplane() {
+		panic("called wrong method type")
+	}
+
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	reg := &api.CatalogRegistration{
+		Node:    node.PodName(),
+		Address: node.LocalAddress(),
+		NodeMeta: map[string]string{
+			"dataplane-faux": "1",
+		},
+	}
+	if cluster.Enterprise {
+		reg.Partition = node.Partition
+	}
+
+	// register synthetic node
+RETRY:
+	if _, err := client.Catalog().Register(reg, nil); err != nil {
+		if isACLNotFound(err) {
+			time.Sleep(50 * time.Millisecond)
+			goto RETRY
+		}
+		return fmt.Errorf("error registering virtual node %s: %w", node.ID(), err)
+	}
+
+	logger.Info("virtual node created",
+		"node", node.ID(),
+	)
+
+	return nil
+}
+
+func (s *Sprawl) registerCatalogService(
+	cluster *topology.Cluster,
+	node *topology.Node,
+	svc *topology.Service,
+) error {
+	if !node.IsDataplane() {
+		panic("called wrong method type")
+	}
+
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	reg := serviceToCatalogRegistration(cluster, node, svc)
+
+RETRY:
+	if _, err := client.Catalog().Register(reg, nil); err != nil {
+		if isACLNotFound(err) {
+			time.Sleep(50 * time.Millisecond)
+			goto RETRY
+		}
+		return fmt.Errorf("error registering service %s to node %s: %w", svc.ID, node.ID(), err)
+	}
+
+	logger.Info("dataplane service created",
+		"service", svc.ID,
+		"node", node.ID(),
+	)
+
+	return nil
+}
+
+func (s *Sprawl) registerCatalogSidecarService(
+	cluster *topology.Cluster,
+	node *topology.Node,
+	svc *topology.Service,
+) error {
+	if !node.IsDataplane() {
+		panic("called wrong method type")
+	}
+	if svc.DisableServiceMesh {
+		panic("not valid")
+	}
+
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	pid, reg := serviceToSidecarCatalogRegistration(cluster, node, svc)
+RETRY:
+	if _, err := client.Catalog().Register(reg, nil); err != nil {
+		if isACLNotFound(err) {
+			time.Sleep(50 * time.Millisecond)
+			goto RETRY
+		}
+		return fmt.Errorf("error registering service %s to node %s: %w", svc.ID, node.ID(), err)
+	}
+
+	logger.Info("dataplane sidecar service created",
+		"service", pid,
+		"node", node.ID(),
+	)
+
+	return nil
+}
+
+func serviceToCatalogRegistration(
+	cluster *topology.Cluster,
+	node *topology.Node,
+	svc *topology.Service,
+) *api.CatalogRegistration {
+	reg := &api.CatalogRegistration{
+		Node:           node.PodName(),
+		SkipNodeUpdate: true,
+		Service: &api.AgentService{
+			Kind:    api.ServiceKindTypical,
+			ID:      svc.ID.Name,
+			Service: svc.ID.Name,
+			Meta:    svc.Meta,
+			Port:    svc.Port,
+			Address: node.LocalAddress(),
+		},
+	}
+	if node.HasPublicAddress() {
+		reg.TaggedAddresses = map[string]string{
+			"lan":      node.LocalAddress(),
+			"lan_ipv4": node.LocalAddress(),
+			"wan":      node.PublicAddress(),
+			"wan_ipv4": node.PublicAddress(),
+		}
+	}
+	if cluster.Enterprise {
+		reg.Partition = svc.ID.Partition
+		reg.Service.Namespace = svc.ID.Namespace
+		reg.Service.Partition = svc.ID.Partition
+	}
+
+	if svc.HasCheck() {
+		chk := &api.HealthCheck{
+			Name: "external sync",
+			// Type:      "external-sync",
+			Status:      "passing", //  TODO
+			ServiceID:   svc.ID.Name,
+			ServiceName: svc.ID.Name,
+			Output:      "",
+		}
+		if cluster.Enterprise {
+			chk.Namespace = svc.ID.Namespace
+			chk.Partition = svc.ID.Partition
+		}
+		switch {
+		case svc.CheckTCP != "":
+			chk.Definition.TCP = svc.CheckTCP
+		case svc.CheckHTTP != "":
+			chk.Definition.HTTP = svc.CheckHTTP
+			chk.Definition.Method = "GET"
+		}
+		reg.Checks = append(reg.Checks, chk)
+	}
+	return reg
+}
+
+func serviceToSidecarCatalogRegistration(
+	cluster *topology.Cluster,
+	node *topology.Node,
+	svc *topology.Service,
+) (topology.ServiceID, *api.CatalogRegistration) {
+	pid := svc.ID
+	pid.Name += "-sidecar-proxy"
+	reg := &api.CatalogRegistration{
+		Node:           node.PodName(),
+		SkipNodeUpdate: true,
+		Service: &api.AgentService{
+			Kind:    api.ServiceKindConnectProxy,
+			ID:      pid.Name,
+			Service: pid.Name,
+			Meta:    svc.Meta,
+			Port:    svc.EnvoyPublicListenerPort,
+			Address: node.LocalAddress(),
+			Proxy: &api.AgentServiceConnectProxyConfig{
+				DestinationServiceName: svc.ID.Name,
+				DestinationServiceID:   svc.ID.Name,
+				LocalServicePort:       svc.Port,
+			},
+		},
+		Checks: []*api.HealthCheck{{
+			Name: "external sync",
+			// Type:      "external-sync",
+			Status:      "passing", //  TODO
+			ServiceID:   pid.Name,
+			ServiceName: pid.Name,
+			Definition: api.HealthCheckDefinition{
+				TCP: fmt.Sprintf("%s:%d", node.LocalAddress(), svc.EnvoyPublicListenerPort),
+			},
+			Output: "",
+		}},
+	}
+	if node.HasPublicAddress() {
+		reg.TaggedAddresses = map[string]string{
+			"lan":      node.LocalAddress(),
+			"lan_ipv4": node.LocalAddress(),
+			"wan":      node.PublicAddress(),
+			"wan_ipv4": node.PublicAddress(),
+		}
+	}
+	if cluster.Enterprise {
+		reg.Partition = pid.Partition
+		reg.Service.Namespace = pid.Namespace
+		reg.Service.Partition = pid.Partition
+		reg.Checks[0].Namespace = pid.Namespace
+		reg.Checks[0].Partition = pid.Partition
+	}
+
+	for _, u := range svc.Upstreams {
+		pu := api.Upstream{
+			DestinationName:  u.ID.Name,
+			DestinationPeer:  u.Peer,
+			LocalBindAddress: u.LocalAddress,
+			LocalBindPort:    u.LocalPort,
+		}
+		if cluster.Enterprise {
+			pu.DestinationNamespace = u.ID.Namespace
+			if u.Peer == "" {
+				pu.DestinationPartition = u.ID.Partition
+			}
+		}
+		reg.Service.Proxy.Upstreams = append(reg.Service.Proxy.Upstreams, pu)
+	}
+
+	return pid, reg
+}
diff --git a/testing/deployer/sprawl/configentries.go b/testing/deployer/sprawl/configentries.go
new file mode 100644
index 000000000000..ff84f0eb1a45
--- /dev/null
+++ b/testing/deployer/sprawl/configentries.go
@@ -0,0 +1,58 @@
+package sprawl
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/consul/api"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+func (s *Sprawl) populateInitialConfigEntries(cluster *topology.Cluster) error {
+	if len(cluster.InitialConfigEntries) == 0 {
+		return nil
+	}
+
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	for _, ce := range cluster.InitialConfigEntries {
+		_, _, err := client.ConfigEntries().Set(ce, nil)
+		if err != nil {
+			if ce.GetKind() == api.ServiceIntentions && strings.Contains(err.Error(), intentionsMigrationError) {
+				logger.Warn("known error writing initial config entry; trying again",
+					"kind", ce.GetKind(),
+					"name", ce.GetName(),
+					"namespace", ce.GetNamespace(),
+					"partition", ce.GetPartition(),
+					"error", err,
+				)
+
+				time.Sleep(500 * time.Millisecond)
+				continue
+			}
+			return fmt.Errorf(
+				"error persisting config entry kind=%q name=%q namespace=%q partition=%q: %w",
+				ce.GetKind(),
+				ce.GetName(),
+				ce.GetNamespace(),
+				ce.GetPartition(),
+				err,
+			)
+		}
+		logger.Info("wrote initial config entry",
+			"kind", ce.GetKind(),
+			"name", ce.GetName(),
+			"namespace", ce.GetNamespace(),
+			"partition", ce.GetPartition(),
+		)
+	}
+
+	return nil
+}
+
+const intentionsMigrationError = `Intentions are read only while being upgraded to config entries`
diff --git a/testing/deployer/sprawl/consul.go b/testing/deployer/sprawl/consul.go
new file mode 100644
index 000000000000..5abb68ac8cc1
--- /dev/null
+++ b/testing/deployer/sprawl/consul.go
@@ -0,0 +1,98 @@
+package sprawl
+
+import (
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/consul/api"
+
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/hashicorp/consul/testing/deployer/util"
+)
+
+func getLeader(client *api.Client) (string, error) {
+	leaderAdd, err := client.Status().Leader()
+	if err != nil {
+		return "", fmt.Errorf("could not query leader: %w", err)
+	}
+	if leaderAdd == "" {
+		return "", errors.New("no leader available")
+	}
+	return leaderAdd, nil
+}
+
+func (s *Sprawl) waitForLeader(cluster *topology.Cluster) {
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+	for {
+		leader, err := client.Status().Leader()
+		if leader != "" && err == nil {
+			logger.Info("cluster has leader", "leader_addr", leader)
+			return
+		}
+		logger.Info("cluster has no leader yet", "error", err)
+		time.Sleep(500 * time.Millisecond)
+	}
+}
+
+func (s *Sprawl) rejoinAllConsulServers() error {
+	// Join the servers together.
+	for _, cluster := range s.topology.Clusters {
+		if err := s.rejoinServers(cluster); err != nil {
+			return fmt.Errorf("rejoinServers[%s]: %w", cluster.Name, err)
+		}
+		s.waitForLeader(cluster)
+	}
+	return nil
+}
+
+func (s *Sprawl) rejoinServers(cluster *topology.Cluster) error {
+	var (
+		// client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	servers := cluster.ServerNodes()
+
+	recoveryToken := s.secrets.ReadGeneric(cluster.Name, secrets.AgentRecovery)
+
+	node0, rest := servers[0], servers[1:]
+	client, err := util.ProxyNotPooledAPIClient(
+		node0.LocalProxyPort(),
+		node0.LocalAddress(),
+		8500,
+		recoveryToken,
+	)
+	if err != nil {
+		return fmt.Errorf("could not get client for %q: %w", node0.ID(), err)
+	}
+
+	logger.Info("joining servers together",
+		"from", node0.ID(),
+		"rest", nodeSliceToNodeIDSlice(rest),
+	)
+	for _, node := range rest {
+		for {
+			err = client.Agent().Join(node.LocalAddress(), false)
+			if err == nil {
+				break
+			}
+			logger.Warn("could not join", "from", node0.ID(), "to", node.ID(), "error", err)
+			time.Sleep(500 * time.Millisecond)
+		}
+	}
+
+	return nil
+}
+
+func nodeSliceToNodeIDSlice(nodes []*topology.Node) []topology.NodeID {
+	var out []topology.NodeID
+	for _, node := range nodes {
+		out = append(out, node.ID())
+	}
+	return out
+}
diff --git a/testing/deployer/sprawl/debug.go b/testing/deployer/sprawl/debug.go
new file mode 100644
index 000000000000..e02c3eefc95f
--- /dev/null
+++ b/testing/deployer/sprawl/debug.go
@@ -0,0 +1,8 @@
+package sprawl
+
+import "encoding/json"
+
+func jd(v any) string {
+	b, _ := json.MarshalIndent(v, "", "  ")
+	return string(b)
+}
diff --git a/testing/deployer/sprawl/details.go b/testing/deployer/sprawl/details.go
new file mode 100644
index 000000000000..401cc3b9d75c
--- /dev/null
+++ b/testing/deployer/sprawl/details.go
@@ -0,0 +1,170 @@
+package sprawl
+
+import (
+	"bytes"
+	"fmt"
+	"sort"
+	"strconv"
+	"strings"
+	"text/tabwriter"
+)
+
+// PrintDetails will dump relevant addressing and naming data to the logger for
+// human interaction purposes.
+func (s *Sprawl) PrintDetails() error {
+	det := logDetails{
+		TopologyID: s.topology.ID,
+	}
+
+	for _, cluster := range s.topology.Clusters {
+		client := s.clients[cluster.Name]
+
+		cfg, err := client.Operator().RaftGetConfiguration(nil)
+		if err != nil {
+			return fmt.Errorf("could not get raft config for cluster %q: %w", cluster.Name, err)
+		}
+
+		var leaderNode string
+		for _, svr := range cfg.Servers {
+			if svr.Leader {
+				leaderNode = strings.TrimSuffix(svr.Node, "-pod")
+			}
+		}
+
+		cd := clusterDetails{
+			Name:   cluster.Name,
+			Leader: leaderNode,
+		}
+
+		for _, node := range cluster.Nodes {
+			if node.Disabled {
+				continue
+			}
+
+			var addrs []string
+			for _, addr := range node.Addresses {
+				addrs = append(addrs, addr.Network+"="+addr.IPAddress)
+			}
+			sort.Strings(addrs)
+
+			if node.IsServer() {
+				cd.Apps = append(cd.Apps, appDetail{
+					Type:        "server",
+					Container:   node.DockerName(),
+					Addresses:   addrs,
+					ExposedPort: node.ExposedPort(8500),
+				})
+			}
+
+			for _, svc := range node.Services {
+				if svc.IsMeshGateway {
+					cd.Apps = append(cd.Apps, appDetail{
+						Type:                  "mesh-gateway",
+						Container:             node.DockerName(),
+						ExposedPort:           node.ExposedPort(svc.Port),
+						ExposedEnvoyAdminPort: node.ExposedPort(svc.EnvoyAdminPort),
+						Addresses:             addrs,
+						Service:               svc.ID.String(),
+					})
+				} else {
+					cd.Apps = append(cd.Apps, appDetail{
+						Type:                  "app",
+						Container:             node.DockerName(),
+						ExposedPort:           node.ExposedPort(svc.Port),
+						ExposedEnvoyAdminPort: node.ExposedPort(svc.EnvoyAdminPort),
+						Addresses:             addrs,
+						Service:               svc.ID.String(),
+					})
+				}
+			}
+		}
+
+		det.Clusters = append(det.Clusters, cd)
+	}
+
+	var buf bytes.Buffer
+	w := tabwriter.NewWriter(&buf, 0, 0, 3, ' ', tabwriter.Debug)
+
+	score := map[string]int{
+		"server":       0,
+		"mesh-gateway": 1,
+		"app":          2,
+	}
+
+	for _, cluster := range det.Clusters {
+		fmt.Fprintf(w, "CLUSTER\tTYPE\tCONTAINER\tNAME\tADDRS\tPORTS\t\n")
+		sort.Slice(cluster.Apps, func(i, j int) bool {
+			a := cluster.Apps[i]
+			b := cluster.Apps[j]
+
+			asc := score[a.Type]
+			bsc := score[b.Type]
+
+			if asc < bsc {
+				return true
+			} else if asc > bsc {
+				return false
+			}
+
+			if a.Container < b.Container {
+				return true
+			} else if a.Container > b.Container {
+				return false
+			}
+
+			if a.Service < b.Service {
+				return true
+			} else if a.Service > b.Service {
+				return false
+			}
+
+			return a.ExposedPort < b.ExposedPort
+		})
+		for _, d := range cluster.Apps {
+			if d.Type == "server" && d.Container == cluster.Leader {
+				d.Type = "leader"
+			}
+			portStr := "app=" + strconv.Itoa(d.ExposedPort)
+			if d.ExposedEnvoyAdminPort > 0 {
+				portStr += " envoy=" + strconv.Itoa(d.ExposedEnvoyAdminPort)
+			}
+			fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\t\n",
+				cluster.Name,
+				d.Type,
+				d.Container,
+				d.Service,
+				strings.Join(d.Addresses, ", "),
+				portStr,
+			)
+		}
+		fmt.Fprintf(w, "\t\t\t\t\t\n")
+	}
+
+	w.Flush()
+
+	s.logger.Info("CURRENT SPRAWL DETAILS", "details", buf.String())
+
+	return nil
+}
+
+type logDetails struct {
+	TopologyID string
+	Clusters   []clusterDetails
+}
+
+type clusterDetails struct {
+	Name string
+
+	Leader string
+	Apps   []appDetail
+}
+
+type appDetail struct {
+	Type                  string // server|mesh-gateway|app
+	Container             string
+	Addresses             []string
+	ExposedPort           int `json:",omitempty"`
+	ExposedEnvoyAdminPort int `json:",omitempty"`
+	// just services
+	Service string `json:",omitempty"`
+}
diff --git a/testing/deployer/sprawl/ent.go b/testing/deployer/sprawl/ent.go
new file mode 100644
index 000000000000..f6d73e0e0eae
--- /dev/null
+++ b/testing/deployer/sprawl/ent.go
@@ -0,0 +1,174 @@
+package sprawl
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/consul/api"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+func (s *Sprawl) ensureLicense() error {
+	if s.license != "" {
+		return nil
+	}
+	v, err := readLicense()
+	if err != nil {
+		return err
+	}
+	s.license = v
+	return nil
+}
+
+func readLicense() (string, error) {
+	if license := os.Getenv("CONSUL_LICENSE"); license != "" {
+		return license, nil
+	}
+
+	licensePath := os.Getenv("CONSUL_LICENSE_PATH")
+	if licensePath == "" {
+		return "", nil
+	}
+
+	licenseBytes, err := os.ReadFile(licensePath)
+	if err != nil {
+		return "", err
+	}
+	return strings.TrimSpace(string(licenseBytes)), nil
+}
+
+func (s *Sprawl) initTenancies(cluster *topology.Cluster) error {
+	var (
+		client = s.clients[cluster.Name]
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	// TODO: change this to UPSERT
+
+	var (
+		partClient = client.Partitions()
+		nsClient   = client.Namespaces()
+
+		partitionNameList []string
+	)
+	for _, ap := range cluster.Partitions {
+		if ap.Name != "default" {
+			old, _, err := partClient.Read(context.Background(), ap.Name, nil)
+			if err != nil {
+				return fmt.Errorf("error reading partition %q: %w", ap.Name, err)
+			}
+			if old == nil {
+				obj := &api.Partition{
+					Name: ap.Name,
+				}
+
+				_, _, err := partClient.Create(context.Background(), obj, nil)
+				if err != nil {
+					return fmt.Errorf("error creating partition %q: %w", ap.Name, err)
+				}
+				logger.Info("created partition", "partition", ap.Name)
+			}
+
+			partitionNameList = append(partitionNameList, ap.Name)
+		}
+
+		if err := s.createCrossNamespaceCatalogReadPolicies(cluster, ap.Name); err != nil {
+			return fmt.Errorf("createCrossNamespaceCatalogReadPolicies[%s]: %w", ap.Name, err)
+		}
+
+		for _, ns := range ap.Namespaces {
+			old, _, err := nsClient.Read(ns, &api.QueryOptions{Partition: ap.Name})
+			if err != nil {
+				return err
+			}
+
+			if old == nil {
+				obj := &api.Namespace{
+					Partition: ap.Name,
+					Name:      ns,
+					ACLs: &api.NamespaceACLConfig{
+						PolicyDefaults: []api.ACLLink{
+							{Name: "cross-ns-catalog-read"},
+						},
+					},
+				}
+				if ns == "default" {
+					_, _, err := nsClient.Update(obj, nil)
+					if err != nil {
+						return err
+					}
+					logger.Info("updated namespace", "namespace", ns, "partition", ap.Name)
+				} else {
+					_, _, err := nsClient.Create(obj, nil)
+					if err != nil {
+						return err
+					}
+					logger.Info("created namespace", "namespace", ns, "partition", ap.Name)
+				}
+			}
+		}
+	}
+
+	if err := s.waitUntilPartitionedSerfIsReady(context.TODO(), cluster, partitionNameList); err != nil {
+		return fmt.Errorf("waitUntilPartitionedSerfIsReady: %w", err)
+	}
+
+	return nil
+}
+
+func (s *Sprawl) waitUntilPartitionedSerfIsReady(ctx context.Context, cluster *topology.Cluster, partitions []string) error {
+	var (
+		logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	readyLogs := make(map[string]string)
+	for _, partition := range partitions {
+		readyLogs[partition] = `agent.server: Added serf partition to gossip network: partition=` + partition
+	}
+
+	start := time.Now()
+	logger.Info("waiting for partitioned serf to be ready on all servers", "partitions", partitions)
+	for _, node := range cluster.Nodes {
+		if !node.IsServer() || node.Disabled {
+			continue
+		}
+
+		var buf bytes.Buffer
+		for {
+			buf.Reset()
+
+			err := s.runner.DockerExec(ctx, []string{
+				"logs", node.DockerName(),
+			}, &buf, nil)
+			if err != nil {
+				return fmt.Errorf("could not fetch docker logs from node %q: %w", node.ID(), err)
+			}
+
+			var (
+				body  = buf.String()
+				found []string
+			)
+
+			for partition, readyLog := range readyLogs {
+				if strings.Contains(body, readyLog) {
+					found = append(found, partition)
+				}
+			}
+
+			if len(found) == len(readyLogs) {
+				break
+			}
+		}
+
+		time.Sleep(500 * time.Millisecond)
+	}
+
+	logger.Info("partitioned serf is ready on all servers", "partitions", partitions, "elapsed", time.Since(start))
+
+	return nil
+}
diff --git a/testing/deployer/sprawl/helpers.go b/testing/deployer/sprawl/helpers.go
new file mode 100644
index 000000000000..ce546afed623
--- /dev/null
+++ b/testing/deployer/sprawl/helpers.go
@@ -0,0 +1,11 @@
+package sprawl
+
+// Deprecated: remove
+func TruncateSquidError(err error) error {
+	return err
+}
+
+// Deprecated: remove
+func IsSquid503(err error) bool {
+	return false
+}
diff --git a/testing/deployer/sprawl/internal/build/docker.go b/testing/deployer/sprawl/internal/build/docker.go
new file mode 100644
index 000000000000..88e763061e93
--- /dev/null
+++ b/testing/deployer/sprawl/internal/build/docker.go
@@ -0,0 +1,83 @@
+package build
+
+import (
+	"context"
+	"strings"
+
+	"github.com/hashicorp/go-hclog"
+
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/runner"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+const dockerfileEnvoy = `
+ARG CONSUL_IMAGE
+ARG ENVOY_IMAGE
+FROM ${CONSUL_IMAGE}
+FROM ${ENVOY_IMAGE}
+COPY --from=0 /bin/consul /bin/consul
+`
+
+// FROM hashicorp/consul-dataplane:latest
+// COPY --from=busybox:uclibc /bin/sh /bin/sh
+const dockerfileDataplane = `
+ARG DATAPLANE_IMAGE
+FROM busybox:latest
+FROM ${DATAPLANE_IMAGE}
+COPY --from=0 /bin/busybox /bin/busybox
+USER 0:0
+RUN ["busybox", "--install", "/bin", "-s"]
+USER 100:0
+ENTRYPOINT []
+`
+
+func DockerImages(
+	logger hclog.Logger,
+	run *runner.Runner,
+	t *topology.Topology,
+) error {
+	logw := logger.Named("docker").StandardWriter(&hclog.StandardLoggerOptions{ForceLevel: hclog.Info})
+
+	built := make(map[string]struct{})
+	for _, c := range t.Clusters {
+		for _, n := range c.Nodes {
+			joint := n.Images.EnvoyConsulImage()
+			if _, ok := built[joint]; joint != "" && !ok {
+				logger.Info("building image", "image", joint)
+				err := run.DockerExec(context.TODO(), []string{
+					"build",
+					"--build-arg",
+					"CONSUL_IMAGE=" + n.Images.Consul,
+					"--build-arg",
+					"ENVOY_IMAGE=" + n.Images.Envoy,
+					"-t", joint,
+					"-",
+				}, logw, strings.NewReader(dockerfileEnvoy))
+				if err != nil {
+					return err
+				}
+
+				built[joint] = struct{}{}
+			}
+
+			cdp := n.Images.LocalDataplaneImage()
+			if _, ok := built[cdp]; cdp != "" && !ok {
+				logger.Info("building image", "image", cdp)
+				err := run.DockerExec(context.TODO(), []string{
+					"build",
+					"--build-arg",
+					"DATAPLANE_IMAGE=" + n.Images.Dataplane,
+					"-t", cdp,
+					"-",
+				}, logw, strings.NewReader(dockerfileDataplane))
+				if err != nil {
+					return err
+				}
+
+				built[cdp] = struct{}{}
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/testing/deployer/sprawl/internal/runner/exec.go b/testing/deployer/sprawl/internal/runner/exec.go
new file mode 100644
index 000000000000..896d8f0d79b5
--- /dev/null
+++ b/testing/deployer/sprawl/internal/runner/exec.go
@@ -0,0 +1,120 @@
+package runner
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+
+	"github.com/hashicorp/go-hclog"
+)
+
+type Runner struct {
+	logger hclog.Logger
+
+	tfBin     string
+	dockerBin string
+}
+
+func Load(logger hclog.Logger) (*Runner, error) {
+	r := &Runner{
+		logger: logger,
+	}
+
+	type item struct {
+		name string
+		dest *string
+		warn string // optional
+	}
+	lookup := []item{
+		{"docker", &r.dockerBin, ""},
+		{"terraform", &r.tfBin, ""},
+	}
+
+	var (
+		bins []string
+		err  error
+	)
+	for _, i := range lookup {
+		*i.dest, err = exec.LookPath(i.name)
+		if err != nil {
+			if errors.Is(err, exec.ErrNotFound) {
+				if i.warn != "" {
+					return nil, fmt.Errorf("Could not find %q on path (%s): %w", i.name, i.warn, err)
+				} else {
+					return nil, fmt.Errorf("Could not find %q on path: %w", i.name, err)
+				}
+			}
+			return nil, fmt.Errorf("Unexpected failure looking for %q on path: %w", i.name, err)
+		}
+		bins = append(bins, *i.dest)
+	}
+	r.logger.Trace("using binaries", "paths", bins)
+
+	return r, nil
+}
+
+func (r *Runner) DockerExec(ctx context.Context, args []string, stdout io.Writer, stdin io.Reader) error {
+	return cmdExec(ctx, "docker", r.dockerBin, args, stdout, nil, stdin, "")
+}
+
+func (r *Runner) DockerExecWithStderr(ctx context.Context, args []string, stdout, stderr io.Writer, stdin io.Reader) error {
+	return cmdExec(ctx, "docker", r.dockerBin, args, stdout, stderr, stdin, "")
+}
+
+func (r *Runner) TerraformExec(ctx context.Context, args []string, stdout io.Writer, workdir string) error {
+	return cmdExec(ctx, "terraform", r.tfBin, args, stdout, nil, nil, workdir)
+}
+
+func cmdExec(ctx context.Context, name, binary string, args []string, stdout, stderr io.Writer, stdin io.Reader, dir string) error {
+	if binary == "" {
+		panic("binary named " + name + " was not detected")
+	}
+	var errWriter bytes.Buffer
+
+	if stdout == nil {
+		stdout = os.Stdout // TODO: wrap logs
+	}
+
+	cmd := exec.CommandContext(ctx, binary, args...)
+	if dir != "" {
+		cmd.Dir = dir
+	}
+	cmd.Stdout = stdout
+	cmd.Stderr = &errWriter
+	if stderr != nil {
+		cmd.Stderr = io.MultiWriter(stderr, cmd.Stderr)
+	}
+	cmd.Stdin = stdin
+	if err := cmd.Run(); err != nil {
+		return &ExecError{
+			BinaryName:  name,
+			Err:         err,
+			ErrorOutput: errWriter.String(),
+		}
+	}
+
+	return nil
+}
+
+type ExecError struct {
+	BinaryName  string
+	ErrorOutput string
+	Err         error
+}
+
+func (e *ExecError) Unwrap() error {
+	return e.Err
+}
+
+func (e *ExecError) Error() string {
+	return fmt.Sprintf(
+		"could not invoke %q: %v : %s",
+		e.BinaryName,
+		e.Err,
+		e.ErrorOutput,
+	)
+}
diff --git a/testing/deployer/sprawl/internal/secrets/store.go b/testing/deployer/sprawl/internal/secrets/store.go
new file mode 100644
index 000000000000..4430686cb28a
--- /dev/null
+++ b/testing/deployer/sprawl/internal/secrets/store.go
@@ -0,0 +1,70 @@
+package secrets
+
+import (
+	"net/url"
+	"strings"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+type Store struct {
+	m map[string]string
+}
+
+const (
+	GossipKey      = "gossip"
+	BootstrapToken = "bootstrap-token"
+	AgentRecovery  = "agent-recovery"
+)
+
+func (s *Store) SaveGeneric(cluster, name, value string) {
+	s.save(encode(cluster, "generic", name), value)
+}
+
+func (s *Store) ReadGeneric(cluster, name string) string {
+	return s.read(encode(cluster, "generic", name))
+}
+
+func (s *Store) SaveAgentToken(cluster string, nid topology.NodeID, value string) {
+	s.save(encode(cluster, "agent", nid.String()), value)
+}
+
+func (s *Store) ReadAgentToken(cluster string, nid topology.NodeID) string {
+	return s.read(encode(cluster, "agent", nid.String()))
+}
+
+func (s *Store) SaveServiceToken(cluster string, sid topology.ServiceID, value string) {
+	s.save(encode(cluster, "service", sid.String()), value)
+}
+
+func (s *Store) ReadServiceToken(cluster string, sid topology.ServiceID) string {
+	return s.read(encode(cluster, "service", sid.String()))
+}
+
+func (s *Store) save(key, value string) {
+	if s.m == nil {
+		s.m = make(map[string]string)
+	}
+
+	s.m[key] = value
+}
+
+func (s *Store) read(key string) string {
+	if s.m == nil {
+		return ""
+	}
+
+	v, ok := s.m[key]
+	if !ok {
+		return ""
+	}
+	return v
+}
+
+func encode(parts ...string) string {
+	var out []string
+	for _, p := range parts {
+		out = append(out, url.QueryEscape(p))
+	}
+	return strings.Join(out, "/")
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/agent.go b/testing/deployer/sprawl/internal/tfgen/agent.go
new file mode 100644
index 000000000000..43e1fe1db17d
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/agent.go
@@ -0,0 +1,215 @@
+package tfgen
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/hcl/v2/hclwrite"
+
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+func (g *Generator) generateAgentHCL(node *topology.Node) (string, error) {
+	if !node.IsAgent() {
+		return "", fmt.Errorf("not an agent")
+	}
+
+	cluster, ok := g.topology.Clusters[node.Cluster]
+	if !ok {
+		return "", fmt.Errorf("no such cluster: %s", node.Cluster)
+	}
+
+	var b HCLBuilder
+
+	b.add("server", node.IsServer())
+	b.add("bind_addr", "0.0.0.0")
+	b.add("client_addr", "0.0.0.0")
+	b.add("advertise_addr", `{{ GetInterfaceIP "eth0" }}`)
+	b.add("datacenter", node.Datacenter)
+	b.add("disable_update_check", true)
+	b.add("log_level", "trace")
+	b.add("enable_debug", true)
+	b.add("use_streaming_backend", true)
+
+	// speed up leaves
+	b.addBlock("performance", func() {
+		b.add("leave_drain_time", "50ms")
+	})
+
+	b.add("primary_datacenter", node.Datacenter)
+
+	// Using retry_join here is bad because changing server membership will
+	// destroy and recreate all of the servers
+	// if !node.IsServer() {
+	b.addSlice("retry_join", []string{"server." + node.Cluster + "-consulcluster.lan"})
+	b.add("retry_interval", "1s")
+	// }
+
+	if node.IsServer() {
+		b.addBlock("peering", func() {
+			b.add("enabled", true)
+		})
+	}
+
+	b.addBlock("ui_config", func() {
+		b.add("enabled", true)
+	})
+
+	b.addBlock("telemetry", func() {
+		b.add("disable_hostname", true)
+		b.add("prometheus_retention_time", "168h")
+	})
+
+	b.add("encrypt", g.sec.ReadGeneric(node.Cluster, secrets.GossipKey))
+
+	{
+		var (
+			root     = "/consul/config/certs"
+			caFile   = root + "/consul-agent-ca.pem"
+			certFile = root + "/" + node.TLSCertPrefix + ".pem"
+			certKey  = root + "/" + node.TLSCertPrefix + "-key.pem"
+		)
+
+		b.addBlock("tls", func() {
+			b.addBlock("internal_rpc", func() {
+				b.add("ca_file", caFile)
+				b.add("cert_file", certFile)
+				b.add("key_file", certKey)
+				b.add("verify_incoming", true)
+				b.add("verify_server_hostname", true)
+				b.add("verify_outgoing", true)
+			})
+			// if cfg.EncryptionTLSAPI {
+			// 	b.addBlock("https", func() {
+			// 		b.add("ca_file", caFile)
+			// 		b.add("cert_file", certFile)
+			// 		b.add("key_file", certKey)
+			// 		// b.add("verify_incoming", true)
+			// 	})
+			// }
+			if node.IsServer() {
+				b.addBlock("grpc", func() {
+					b.add("ca_file", caFile)
+					b.add("cert_file", certFile)
+					b.add("key_file", certKey)
+					// b.add("verify_incoming", true)
+				})
+			}
+		})
+	}
+
+	b.addBlock("ports", func() {
+		if node.IsServer() {
+			b.add("grpc_tls", 8503)
+			b.add("grpc", -1)
+		} else {
+			b.add("grpc", 8502)
+			b.add("grpc_tls", -1)
+		}
+		b.add("http", 8500)
+		b.add("dns", 8600)
+	})
+
+	b.addSlice("recursors", []string{"8.8.8.8"})
+
+	b.addBlock("acl", func() {
+		b.add("enabled", true)
+		b.add("default_policy", "deny")
+		b.add("down_policy", "extend-cache")
+		b.add("enable_token_persistence", true)
+		b.addBlock("tokens", func() {
+			if node.IsServer() {
+				b.add("initial_management", g.sec.ReadGeneric(node.Cluster, secrets.BootstrapToken))
+			}
+			b.add("agent_recovery", g.sec.ReadGeneric(node.Cluster, secrets.AgentRecovery))
+			b.add("agent", g.sec.ReadAgentToken(node.Cluster, node.ID()))
+		})
+	})
+
+	if node.IsServer() {
+		b.add("bootstrap_expect", len(cluster.ServerNodes()))
+		// b.add("translate_wan_addrs", true)
+		b.addBlock("rpc", func() {
+			b.add("enable_streaming", true)
+		})
+		if node.HasPublicAddress() {
+			b.add("advertise_addr_wan", `{{ GetInterfaceIP "eth1" }}`) // note: can't use 'node.PublicAddress()' b/c we don't know that yet
+		}
+
+		// Exercise config entry bootstrap
+		// b.addBlock("config_entries", func() {
+		// 	b.addBlock("bootstrap", func() {
+		// 		b.add("kind", "service-defaults")
+		// 		b.add("name", "placeholder")
+		// 		b.add("protocol", "grpc")
+		// 	})
+		// 	b.addBlock("bootstrap", func() {
+		// 		b.add("kind", "service-intentions")
+		// 		b.add("name", "placeholder")
+		// 		b.addBlock("sources", func() {
+		// 			b.add("name", "placeholder-client")
+		// 			b.add("action", "allow")
+		// 		})
+		// 	})
+		// })
+
+		b.addBlock("connect", func() {
+			b.add("enabled", true)
+		})
+
+	} else {
+		if cluster.Enterprise {
+			b.add("partition", node.Partition)
+		}
+	}
+
+	return b.String(), nil
+}
+
+type HCLBuilder struct {
+	parts []string
+}
+
+func (b *HCLBuilder) format(s string, a ...any) {
+	if len(a) == 0 {
+		b.parts = append(b.parts, s)
+	} else {
+		b.parts = append(b.parts, fmt.Sprintf(s, a...))
+	}
+}
+
+func (b *HCLBuilder) add(k string, v any) {
+	switch x := v.(type) {
+	case string:
+		if x != "" {
+			b.format("%s = %q", k, x)
+		}
+	case int:
+		b.format("%s = %d", k, x)
+	case bool:
+		b.format("%s = %v", k, x)
+	default:
+		panic(fmt.Sprintf("unexpected type %T", v))
+	}
+}
+
+func (b *HCLBuilder) addBlock(block string, fn func()) {
+	b.format(block + "{")
+	fn()
+	b.format("}")
+}
+
+func (b *HCLBuilder) addSlice(name string, vals []string) {
+	b.format(name + " = [")
+	for _, v := range vals {
+		b.format("%q,", v)
+	}
+	b.format("]")
+}
+
+func (b *HCLBuilder) String() string {
+	joined := strings.Join(b.parts, "\n")
+	// Ensure it looks tidy
+	return string(hclwrite.Format([]byte(joined)))
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/digest.go b/testing/deployer/sprawl/internal/tfgen/digest.go
new file mode 100644
index 000000000000..28e364417bce
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/digest.go
@@ -0,0 +1,45 @@
+package tfgen
+
+import (
+	"fmt"
+)
+
+// digestOutputs takes the data extracted from terraform output variables and
+// updates various fields on the topology.Topology with that data.
+func (g *Generator) digestOutputs(out *Outputs) error {
+	for clusterName, nodeMap := range out.Nodes {
+		cluster, ok := g.topology.Clusters[clusterName]
+		if !ok {
+			return fmt.Errorf("found output cluster that does not exist: %s", clusterName)
+		}
+		for nid, nodeOut := range nodeMap {
+			node := cluster.NodeByID(nid)
+			if node == nil {
+				return fmt.Errorf("found output node that does not exist in cluster %q: %s", nid, clusterName)
+			}
+
+			if node.DigestExposedPorts(nodeOut.Ports) {
+				g.logger.Info("discovered exposed port mappings",
+					"cluster", clusterName,
+					"node", nid.String(),
+					"ports", nodeOut.Ports,
+				)
+			}
+		}
+	}
+
+	for netName, proxyPort := range out.ProxyPorts {
+		changed, err := g.topology.DigestExposedProxyPort(netName, proxyPort)
+		if err != nil {
+			return err
+		}
+		if changed {
+			g.logger.Info("discovered exposed forward proxy port",
+				"network", netName,
+				"port", proxyPort,
+			)
+		}
+	}
+
+	return nil
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/dns.go b/testing/deployer/sprawl/internal/tfgen/dns.go
new file mode 100644
index 000000000000..c60a19bb0c28
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/dns.go
@@ -0,0 +1,180 @@
+package tfgen
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"text/template"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/hashicorp/consul/testing/deployer/util"
+)
+
+func (g *Generator) getCoreDNSContainer(
+	net *topology.Network,
+	ipAddress string,
+	hashes []string,
+) Resource {
+	var env []string
+	for i, hv := range hashes {
+		env = append(env, fmt.Sprintf("HASH_FILE_%d_VALUE=%s", i, hv))
+	}
+	coredns := struct {
+		Name              string
+		DockerNetworkName string
+		IPAddress         string
+		HashValues        string
+		Env               []string
+	}{
+		Name:              net.Name,
+		DockerNetworkName: net.DockerName,
+		IPAddress:         ipAddress,
+		Env:               env,
+	}
+	return Eval(tfCorednsT, &coredns)
+}
+
+func (g *Generator) writeCoreDNSFiles(net *topology.Network, dnsIPAddress string) (bool, []string, error) {
+	if net.IsPublic() {
+		return false, nil, fmt.Errorf("coredns only runs on local networks")
+	}
+
+	rootdir := filepath.Join(g.workdir, "terraform", "coredns-config-"+net.Name)
+	if err := os.MkdirAll(rootdir, 0755); err != nil {
+		return false, nil, err
+	}
+
+	for _, cluster := range g.topology.Clusters {
+		if cluster.NetworkName != net.Name {
+			continue
+		}
+		var addrs []string
+		for _, node := range cluster.SortedNodes() {
+			if node.Kind != topology.NodeKindServer || node.Disabled {
+				continue
+			}
+			addr := node.AddressByNetwork(net.Name)
+			if addr.IPAddress != "" {
+				addrs = append(addrs, addr.IPAddress)
+			}
+		}
+
+		var (
+			clusterDNSName = cluster.Name + "-consulcluster.lan"
+		)
+
+		corefilePath := filepath.Join(rootdir, "Corefile")
+		zonefilePath := filepath.Join(rootdir, "servers")
+
+		_, err := UpdateFileIfDifferent(
+			g.logger,
+			generateCoreDNSConfigFile(
+				clusterDNSName,
+				addrs,
+			),
+			corefilePath,
+			0644,
+		)
+		if err != nil {
+			return false, nil, fmt.Errorf("error writing %q: %w", corefilePath, err)
+		}
+		corefileHash, err := util.HashFile(corefilePath)
+		if err != nil {
+			return false, nil, fmt.Errorf("error hashing %q: %w", corefilePath, err)
+		}
+
+		_, err = UpdateFileIfDifferent(
+			g.logger,
+			generateCoreDNSZoneFile(
+				dnsIPAddress,
+				clusterDNSName,
+				addrs,
+			),
+			zonefilePath,
+			0644,
+		)
+		if err != nil {
+			return false, nil, fmt.Errorf("error writing %q: %w", zonefilePath, err)
+		}
+		zonefileHash, err := util.HashFile(zonefilePath)
+		if err != nil {
+			return false, nil, fmt.Errorf("error hashing %q: %w", zonefilePath, err)
+		}
+
+		return true, []string{corefileHash, zonefileHash}, nil
+	}
+
+	return false, nil, nil
+}
+
+func generateCoreDNSConfigFile(
+	clusterDNSName string,
+	addrs []string,
+) []byte {
+	serverPart := ""
+	if len(addrs) > 0 {
+		var servers []string
+		for _, addr := range addrs {
+			servers = append(servers, addr+":8600")
+		}
+		serverPart = fmt.Sprintf(`
+consul:53 {
+  forward . %s
+  log
+  errors
+  whoami
+}
+`, strings.Join(servers, " "))
+	}
+
+	return []byte(fmt.Sprintf(`
+%[1]s:53 {
+  file /config/servers %[1]s
+  log
+  errors
+  whoami
+}
+
+%[2]s
+
+.:53 {
+  forward . 8.8.8.8:53
+  log
+  errors
+  whoami
+}
+`, clusterDNSName, serverPart))
+}
+
+func generateCoreDNSZoneFile(
+	dnsIPAddress string,
+	clusterDNSName string,
+	addrs []string,
+) []byte {
+	var buf bytes.Buffer
+	buf.WriteString(fmt.Sprintf(`
+$TTL 60
+$ORIGIN %[1]s.
+@                   IN	SOA ns.%[1]s. webmaster.%[1]s. (
+          2017042745 ; serial
+          7200       ; refresh (2 hours)				
+          3600       ; retry (1 hour)			
+          1209600    ; expire (2 weeks)				
+          3600       ; minimum (1 hour)				
+          )
+@  IN NS ns.%[1]s. ; Name server
+ns IN A  %[2]s     ; self
+`, clusterDNSName, dnsIPAddress))
+
+	for _, addr := range addrs {
+		buf.WriteString(fmt.Sprintf(`
+server IN A %s ; Consul server
+`, addr))
+	}
+
+	return buf.Bytes()
+}
+
+var tfCorednsT = template.Must(template.ParseFS(content, "templates/container-coredns.tf.tmpl"))
diff --git a/testing/deployer/sprawl/internal/tfgen/docker.go b/testing/deployer/sprawl/internal/tfgen/docker.go
new file mode 100644
index 000000000000..f2a655feccd0
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/docker.go
@@ -0,0 +1,39 @@
+package tfgen
+
+import (
+	"fmt"
+	"regexp"
+)
+
+var invalidResourceName = regexp.MustCompile(`[^a-z0-9-]+`)
+
+func DockerImageResourceName(image string) string {
+	return invalidResourceName.ReplaceAllLiteralString(image, "-")
+}
+
+func DockerNetwork(name, subnet string) Resource {
+	return Text(fmt.Sprintf(`
+resource "docker_network" %[1]q {
+  name       = %[1]q
+  attachable = true
+  ipam_config {
+    subnet = %[2]q
+  }
+}
+`, name, subnet))
+}
+
+func DockerVolume(name string) Resource {
+	return Text(fmt.Sprintf(`
+resource "docker_volume" %[1]q {
+  name       = %[1]q
+}`, name))
+}
+
+func DockerImage(name, image string) Resource {
+	return Text(fmt.Sprintf(`
+resource "docker_image" %[1]q {
+  name = %[2]q
+  keep_locally = true
+}`, name, image))
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/docker_test.go b/testing/deployer/sprawl/internal/tfgen/docker_test.go
new file mode 100644
index 000000000000..97f38bc530cd
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/docker_test.go
@@ -0,0 +1,15 @@
+package tfgen
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDockerImageResourceName(t *testing.T) {
+	fn := DockerImageResourceName
+
+	assert.Equal(t, "", fn(""))
+	assert.Equal(t, "abcdefghijklmnopqrstuvwxyz0123456789-", fn("abcdefghijklmnopqrstuvwxyz0123456789-"))
+	assert.Equal(t, "hashicorp-consul-1-15-0", fn("hashicorp/consul:1.15.0"))
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/gen.go b/testing/deployer/sprawl/internal/tfgen/gen.go
new file mode 100644
index 000000000000..9e34edacdd1c
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/gen.go
@@ -0,0 +1,475 @@
+package tfgen
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/hashicorp/go-hclog"
+
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/runner"
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/hashicorp/consul/testing/deployer/util"
+)
+
+type Generator struct {
+	logger   hclog.Logger
+	runner   *runner.Runner
+	topology *topology.Topology
+	sec      *secrets.Store
+	workdir  string
+	license  string
+
+	tfLogger io.Writer
+
+	// set during network phase
+	remainingSubnets map[string]struct{}
+
+	launched bool
+}
+
+func NewGenerator(
+	logger hclog.Logger,
+	runner *runner.Runner,
+	topo *topology.Topology,
+	sec *secrets.Store,
+	workdir string,
+	license string,
+) (*Generator, error) {
+	if logger == nil {
+		panic("logger is required")
+	}
+	if runner == nil {
+		panic("runner is required")
+	}
+	if topo == nil {
+		panic("topology is required")
+	}
+	if sec == nil {
+		panic("secrets store is required")
+	}
+	if workdir == "" {
+		panic("workdir is required")
+	}
+
+	g := &Generator{
+		logger:  logger,
+		runner:  runner,
+		sec:     sec,
+		workdir: workdir,
+		license: license,
+
+		tfLogger: logger.Named("terraform").StandardWriter(&hclog.StandardLoggerOptions{
+			ForceLevel: hclog.Info,
+		}),
+	}
+	g.SetTopology(topo)
+
+	_ = g.terraformDestroy(context.Background(), true) // cleanup prior run
+
+	return g, nil
+}
+
+func (g *Generator) MarkLaunched() {
+	g.launched = true
+}
+
+func (g *Generator) SetTopology(topo *topology.Topology) {
+	if topo == nil {
+		panic("topology is required")
+	}
+	g.topology = topo
+}
+
+type Step int
+
+const (
+	StepAll      Step = 0
+	StepNetworks Step = 1
+	StepServers  Step = 2
+	StepAgents   Step = 3
+	StepServices Step = 4
+	// StepPeering  Step = XXX5
+	StepRelaunch Step = 5
+)
+
+func (s Step) String() string {
+	switch s {
+	case StepAll:
+		return "all"
+	case StepNetworks:
+		return "networks"
+	case StepServers:
+		return "servers"
+	case StepAgents:
+		return "agents"
+	case StepServices:
+		return "services"
+	case StepRelaunch:
+		return "relaunch"
+	// case StepPeering:
+	// 	return "peering"
+	default:
+		return "UNKNOWN--" + strconv.Itoa(int(s))
+	}
+}
+
+func (s Step) StartServers() bool  { return s >= StepServers }
+func (s Step) StartAgents() bool   { return s >= StepAgents }
+func (s Step) StartServices() bool { return s >= StepServices }
+
+// func (s Step) InitiatePeering() bool { return s >= StepPeering }
+
+func (g *Generator) Regenerate() error {
+	return g.Generate(StepRelaunch)
+}
+
+func (g *Generator) Generate(step Step) error {
+	if g.launched && step != StepRelaunch {
+		return fmt.Errorf("cannot use step %q after successful launch; see Regenerate()", step)
+	}
+
+	g.logger.Info("generating and creating resources", "step", step.String())
+	var (
+		networks   []Resource
+		volumes    []Resource
+		images     []Resource
+		containers []Resource
+
+		imageNames = make(map[string]string)
+	)
+
+	addVolume := func(name string) {
+		volumes = append(volumes, DockerVolume(name))
+	}
+	addImage := func(name, image string) {
+		if image == "" {
+			return
+		}
+		if _, ok := imageNames[image]; ok {
+			return
+		}
+
+		if name == "" {
+			name = DockerImageResourceName(image)
+		}
+
+		imageNames[image] = name
+
+		g.logger.Info("registering image", "resource", name, "image", image)
+
+		images = append(images, DockerImage(name, image))
+	}
+
+	if g.remainingSubnets == nil {
+		g.remainingSubnets = util.GetPossibleDockerNetworkSubnets()
+	}
+	if len(g.remainingSubnets) == 0 {
+		return fmt.Errorf("exhausted all docker networks")
+	}
+
+	addImage("nginx", "nginx:latest")
+	addImage("coredns", "coredns/coredns:latest")
+	for _, net := range g.topology.SortedNetworks() {
+		if net.Subnet == "" {
+			// Because this harness runs on a linux or macos host, we can't
+			// directly invoke the moby libnetwork calls to check for free
+			// subnets as it would have to cross into the docker desktop vm on
+			// mac.
+			//
+			// Instead rely on map iteration order being random to avoid
+			// collisions, but detect the terraform failure and retry until
+			// success.
+
+			var ipnet string
+			for ipnet = range g.remainingSubnets {
+			}
+			if ipnet == "" {
+				return fmt.Errorf("could not get a free docker network")
+			}
+			delete(g.remainingSubnets, ipnet)
+
+			if _, err := net.SetSubnet(ipnet); err != nil {
+				return fmt.Errorf("assigned subnet is invalid %q: %w", ipnet, err)
+			}
+		}
+		networks = append(networks, DockerNetwork(net.DockerName, net.Subnet))
+
+		var (
+			// We always ask for a /24, so just blindly pick x.x.x.252 as our
+			// proxy address. There's an offset of 2 in the list of available
+			// addresses here because we removed x.x.x.0 and x.x.x.1 from the
+			// pool.
+			proxyIPAddress = net.IPByIndex(250)
+			// Grab x.x.x.253 for the dns server
+			dnsIPAddress = net.IPByIndex(251)
+		)
+
+		{
+			// wrote, hashes, err := g.write
+		}
+
+		{ // nginx forward proxy
+			_, hash, err := g.writeNginxConfig(net)
+			if err != nil {
+				return fmt.Errorf("writeNginxConfig[%s]: %w", net.Name, err)
+			}
+
+			containers = append(containers, g.getForwardProxyContainer(net, proxyIPAddress, hash))
+
+		}
+
+		net.ProxyAddress = proxyIPAddress
+		net.DNSAddress = ""
+
+		if net.IsLocal() {
+			wrote, hashes, err := g.writeCoreDNSFiles(net, dnsIPAddress)
+			if err != nil {
+				return fmt.Errorf("writeCoreDNSFiles[%s]: %w", net.Name, err)
+			}
+			if wrote {
+				net.DNSAddress = dnsIPAddress
+				containers = append(containers, g.getCoreDNSContainer(net, dnsIPAddress, hashes))
+			}
+		}
+	}
+
+	for _, c := range g.topology.SortedClusters() {
+		if c.TLSVolumeName == "" {
+			c.TLSVolumeName = c.Name + "-tls-material-" + g.topology.ID
+		}
+		addVolume(c.TLSVolumeName)
+	}
+
+	addImage("pause", "registry.k8s.io/pause:3.3")
+
+	if step.StartServers() {
+		for _, c := range g.topology.SortedClusters() {
+			for _, node := range c.SortedNodes() {
+				if node.Disabled {
+					continue
+				}
+				addImage("", node.Images.Consul)
+				addImage("", node.Images.EnvoyConsulImage())
+				addImage("", node.Images.LocalDataplaneImage())
+
+				if node.IsAgent() {
+					addVolume(node.DockerName())
+				}
+
+				for _, svc := range node.Services {
+					addImage("", svc.Image)
+				}
+
+				myContainers, err := g.generateNodeContainers(step, c, node)
+				if err != nil {
+					return err
+				}
+
+				containers = append(containers, myContainers...)
+			}
+		}
+	}
+
+	tfpath := func(p string) string {
+		return filepath.Join(g.workdir, "terraform", p)
+	}
+
+	if _, err := WriteHCLResourceFile(g.logger, []Resource{Text(terraformPrelude)}, tfpath("init.tf"), 0644); err != nil {
+		return err
+	}
+	if netResult, err := WriteHCLResourceFile(g.logger, networks, tfpath("networks.tf"), 0644); err != nil {
+		return err
+	} else if netResult == UpdateResultModified {
+		if step != StepNetworks {
+			return fmt.Errorf("cannot change networking details after they are established")
+		}
+	}
+	if _, err := WriteHCLResourceFile(g.logger, volumes, tfpath("volumes.tf"), 0644); err != nil {
+		return err
+	}
+	if _, err := WriteHCLResourceFile(g.logger, images, tfpath("images.tf"), 0644); err != nil {
+		return err
+	}
+	if _, err := WriteHCLResourceFile(g.logger, containers, tfpath("containers.tf"), 0644); err != nil {
+		return err
+	}
+
+	if err := g.terraformApply(context.TODO()); err != nil {
+		return err
+	}
+
+	out, err := g.terraformOutputs(context.TODO())
+	if err != nil {
+		return err
+	}
+
+	return g.digestOutputs(out)
+}
+
+func (g *Generator) DestroyAll() error {
+	return g.terraformDestroy(context.TODO(), false)
+}
+
+func (g *Generator) DestroyAllQuietly() error {
+	return g.terraformDestroy(context.TODO(), true)
+}
+
+func (g *Generator) terraformApply(ctx context.Context) error {
+	tfdir := filepath.Join(g.workdir, "terraform")
+
+	if _, err := os.Stat(filepath.Join(tfdir, ".terraform")); err != nil {
+		if !os.IsNotExist(err) {
+			return err
+		}
+
+		// On the fly init
+		g.logger.Info("Running 'terraform init'...")
+		if err := g.runner.TerraformExec(ctx, []string{"init", "-input=false"}, g.tfLogger, tfdir); err != nil {
+			return err
+		}
+	}
+
+	g.logger.Info("Running 'terraform apply'...")
+	return g.runner.TerraformExec(ctx, []string{"apply", "-input=false", "-auto-approve"}, g.tfLogger, tfdir)
+}
+
+func (g *Generator) terraformDestroy(ctx context.Context, quiet bool) error {
+	g.logger.Info("Running 'terraform destroy'...")
+
+	var out io.Writer
+	if quiet {
+		out = io.Discard
+	} else {
+		out = g.tfLogger
+	}
+
+	tfdir := filepath.Join(g.workdir, "terraform")
+	return g.runner.TerraformExec(ctx, []string{
+		"destroy", "-input=false", "-auto-approve", "-refresh=false",
+	}, out, tfdir)
+}
+
+func (g *Generator) terraformOutputs(ctx context.Context) (*Outputs, error) {
+	tfdir := filepath.Join(g.workdir, "terraform")
+
+	var buf bytes.Buffer
+	err := g.runner.TerraformExec(ctx, []string{
+		"output", "-json",
+	}, &buf, tfdir)
+	if err != nil {
+		return nil, err
+	}
+
+	type outputVar struct {
+		// may be map[string]any
+		Value any `json:"value"`
+	}
+
+	raw := make(map[string]*outputVar)
+	dec := json.NewDecoder(&buf)
+	if err := dec.Decode(&raw); err != nil {
+		return nil, err
+	}
+
+	out := &Outputs{}
+
+	for key, rv := range raw {
+		switch {
+		case strings.HasPrefix(key, "ports_"):
+			cluster, nid, ok := extractNodeOutputKey("ports_", key)
+			if !ok {
+				return nil, fmt.Errorf("unexpected output var: %s", key)
+			}
+
+			ports := make(map[int]int)
+			for k, v := range rv.Value.(map[string]any) {
+				ki, err := strconv.Atoi(k)
+				if err != nil {
+					return nil, fmt.Errorf("unexpected port value %q: %w", k, err)
+				}
+				ports[ki] = int(v.(float64))
+			}
+			out.SetNodePorts(cluster, nid, ports)
+		case strings.HasPrefix(key, "forwardproxyport_"):
+			netname := strings.TrimPrefix(key, "forwardproxyport_")
+
+			found := rv.Value.(map[string]any)
+			if len(found) != 1 {
+				return nil, fmt.Errorf("found unexpected ports: %v", found)
+			}
+			got, ok := found[strconv.Itoa(proxyInternalPort)]
+			if !ok {
+				return nil, fmt.Errorf("found unexpected ports: %v", found)
+			}
+
+			out.SetProxyPort(netname, int(got.(float64)))
+		}
+	}
+
+	return out, nil
+}
+
+func extractNodeOutputKey(prefix, key string) (string, topology.NodeID, bool) {
+	clusterNode := strings.TrimPrefix(key, prefix)
+
+	cluster, nodeid, ok := strings.Cut(clusterNode, "_")
+	if !ok {
+		return "", topology.NodeID{}, false
+	}
+
+	partition, node, ok := strings.Cut(nodeid, "_")
+	if !ok {
+		return "", topology.NodeID{}, false
+	}
+
+	nid := topology.NewNodeID(node, partition)
+	return cluster, nid, true
+}
+
+type Outputs struct {
+	ProxyPorts map[string]int                             // net -> exposed port
+	Nodes      map[string]map[topology.NodeID]*NodeOutput // clusterID -> node -> stuff
+}
+
+func (o *Outputs) SetNodePorts(cluster string, nid topology.NodeID, ports map[int]int) {
+	nodeOut := o.getNode(cluster, nid)
+	nodeOut.Ports = ports
+}
+
+func (o *Outputs) SetProxyPort(net string, port int) {
+	if o.ProxyPorts == nil {
+		o.ProxyPorts = make(map[string]int)
+	}
+	o.ProxyPorts[net] = port
+}
+
+func (o *Outputs) getNode(cluster string, nid topology.NodeID) *NodeOutput {
+	if o.Nodes == nil {
+		o.Nodes = make(map[string]map[topology.NodeID]*NodeOutput)
+	}
+	cnodes, ok := o.Nodes[cluster]
+	if !ok {
+		cnodes = make(map[topology.NodeID]*NodeOutput)
+		o.Nodes[cluster] = cnodes
+	}
+
+	nodeOut, ok := cnodes[nid]
+	if !ok {
+		nodeOut = &NodeOutput{}
+		cnodes[nid] = nodeOut
+	}
+
+	return nodeOut
+}
+
+type NodeOutput struct {
+	Ports map[int]int `json:",omitempty"`
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/io.go b/testing/deployer/sprawl/internal/tfgen/io.go
new file mode 100644
index 000000000000..cd622536455b
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/io.go
@@ -0,0 +1,70 @@
+package tfgen
+
+import (
+	"bytes"
+	"os"
+	"strings"
+
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/hcl/v2/hclwrite"
+	"github.com/rboyer/safeio"
+)
+
+func WriteHCLResourceFile(
+	logger hclog.Logger,
+	res []Resource,
+	path string,
+	perm os.FileMode,
+) (UpdateResult, error) {
+	var text []string
+	for _, r := range res {
+		val, err := r.Render()
+		if err != nil {
+			return UpdateResultNone, err
+		}
+		text = append(text, strings.TrimSpace(val))
+	}
+
+	body := strings.Join(text, "\n\n")
+
+	// Ensure it looks tidy
+	out := hclwrite.Format(bytes.TrimSpace([]byte(body)))
+
+	return UpdateFileIfDifferent(logger, out, path, perm)
+}
+
+type UpdateResult int
+
+const (
+	UpdateResultNone UpdateResult = iota
+	UpdateResultCreated
+	UpdateResultModified
+)
+
+func UpdateFileIfDifferent(
+	logger hclog.Logger,
+	body []byte,
+	path string,
+	perm os.FileMode,
+) (UpdateResult, error) {
+	prev, err := os.ReadFile(path)
+
+	result := UpdateResultNone
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return result, err
+		}
+		logger.Info("writing new file", "path", path)
+		result = UpdateResultCreated
+	} else {
+		// loaded
+		if bytes.Equal(body, prev) {
+			return result, nil
+		}
+		logger.Info("file has changed", "path", path)
+		result = UpdateResultModified
+	}
+
+	_, err = safeio.WriteToFile(bytes.NewReader(body), path, perm)
+	return result, err
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/nodes.go b/testing/deployer/sprawl/internal/tfgen/nodes.go
new file mode 100644
index 000000000000..1c521f21c25b
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/nodes.go
@@ -0,0 +1,249 @@
+package tfgen
+
+import (
+	"fmt"
+	"sort"
+	"strconv"
+	"text/template"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+type terraformPod struct {
+	PodName           string
+	Node              *topology.Node
+	Ports             []int
+	Labels            map[string]string
+	TLSVolumeName     string
+	DNSAddress        string
+	DockerNetworkName string
+}
+
+type terraformConsulAgent struct {
+	terraformPod
+	ImageResource     string
+	HCL               string
+	EnterpriseLicense string
+	Env               []string
+}
+
+type terraformMeshGatewayService struct {
+	terraformPod
+	EnvoyImageResource string
+	Service            *topology.Service
+	Command            []string
+}
+
+type terraformService struct {
+	terraformPod
+	AppImageResource       string
+	EnvoyImageResource     string // agentful
+	DataplaneImageResource string // agentless
+	Service                *topology.Service
+	Env                    []string
+	Command                []string
+	EnvoyCommand           []string // agentful
+}
+
+func (g *Generator) generateNodeContainers(
+	step Step,
+	cluster *topology.Cluster,
+	node *topology.Node,
+) ([]Resource, error) {
+	if node.Disabled {
+		return nil, fmt.Errorf("cannot generate containers for a disabled node")
+	}
+
+	pod := terraformPod{
+		PodName: node.PodName(),
+		Node:    node,
+		Labels: map[string]string{
+			"consulcluster-topology-id":  g.topology.ID,
+			"consulcluster-cluster-name": node.Cluster,
+		},
+		TLSVolumeName: cluster.TLSVolumeName,
+		DNSAddress:    "8.8.8.8",
+	}
+
+	cluster, ok := g.topology.Clusters[node.Cluster]
+	if !ok {
+		return nil, fmt.Errorf("no such cluster: %s", node.Cluster)
+	}
+
+	net, ok := g.topology.Networks[cluster.NetworkName]
+	if !ok {
+		return nil, fmt.Errorf("no local network: %s", cluster.NetworkName)
+	}
+	if net.DNSAddress != "" {
+		pod.DNSAddress = net.DNSAddress
+	}
+	pod.DockerNetworkName = net.DockerName
+
+	var (
+		containers []Resource
+	)
+
+	if node.IsAgent() {
+		agentHCL, err := g.generateAgentHCL(node)
+		if err != nil {
+			return nil, err
+		}
+
+		agent := terraformConsulAgent{
+			terraformPod:      pod,
+			ImageResource:     DockerImageResourceName(node.Images.Consul),
+			HCL:               agentHCL,
+			EnterpriseLicense: g.license,
+			Env:               node.AgentEnv,
+		}
+
+		switch {
+		case node.IsServer() && step.StartServers(),
+			!node.IsServer() && step.StartAgents():
+			containers = append(containers, Eval(tfConsulT, &agent))
+		}
+	}
+
+	for _, svc := range node.SortedServices() {
+		if svc.IsMeshGateway {
+			if node.Kind == topology.NodeKindDataplane {
+				panic("NOT READY YET")
+			}
+			gw := terraformMeshGatewayService{
+				terraformPod:       pod,
+				EnvoyImageResource: DockerImageResourceName(node.Images.EnvoyConsulImage()),
+				Service:            svc,
+				Command: []string{
+					"consul", "connect", "envoy",
+					"-register",
+					"-mesh-gateway",
+				},
+			}
+			if token := g.sec.ReadServiceToken(node.Cluster, svc.ID); token != "" {
+				gw.Command = append(gw.Command, "-token", token)
+			}
+			if cluster.Enterprise {
+				gw.Command = append(gw.Command,
+					"-partition",
+					svc.ID.Partition,
+				)
+			}
+			gw.Command = append(gw.Command,
+				"-address",
+				`{{ GetInterfaceIP \"eth0\" }}:`+strconv.Itoa(svc.Port),
+				"-wan-address",
+				`{{ GetInterfaceIP \"eth1\" }}:`+strconv.Itoa(svc.Port),
+			)
+			gw.Command = append(gw.Command,
+				"-grpc-addr", "http://127.0.0.1:8502",
+				"-admin-bind",
+				// for demo purposes
+				"0.0.0.0:"+strconv.Itoa(svc.EnvoyAdminPort),
+				"--",
+				"-l",
+				"trace",
+			)
+			if step.StartServices() {
+				containers = append(containers, Eval(tfMeshGatewayT, &gw))
+			}
+		} else {
+			tfsvc := terraformService{
+				terraformPod:     pod,
+				AppImageResource: DockerImageResourceName(svc.Image),
+				Service:          svc,
+				Command:          svc.Command,
+			}
+			tfsvc.Env = append(tfsvc.Env, svc.Env...)
+			if step.StartServices() {
+				containers = append(containers, Eval(tfAppT, &tfsvc))
+			}
+
+			setenv := func(k, v string) {
+				tfsvc.Env = append(tfsvc.Env, k+"="+v)
+			}
+
+			if !svc.DisableServiceMesh {
+				if node.IsDataplane() {
+					tfsvc.DataplaneImageResource = DockerImageResourceName(node.Images.LocalDataplaneImage())
+					tfsvc.EnvoyImageResource = ""
+					tfsvc.EnvoyCommand = nil
+					// --- REQUIRED ---
+					setenv("DP_CONSUL_ADDRESSES", "server."+node.Cluster+"-consulcluster.lan")
+					setenv("DP_SERVICE_NODE_NAME", node.PodName())
+					setenv("DP_PROXY_SERVICE_ID", svc.ID.Name+"-sidecar-proxy")
+				} else {
+					tfsvc.DataplaneImageResource = ""
+					tfsvc.EnvoyImageResource = DockerImageResourceName(node.Images.EnvoyConsulImage())
+					tfsvc.EnvoyCommand = []string{
+						"consul", "connect", "envoy",
+						"-sidecar-for", svc.ID.Name,
+					}
+				}
+				if cluster.Enterprise {
+					if node.IsDataplane() {
+						setenv("DP_SERVICE_NAMESPACE", svc.ID.Namespace)
+						setenv("DP_SERVICE_PARTITION", svc.ID.Partition)
+					} else {
+						tfsvc.EnvoyCommand = append(tfsvc.EnvoyCommand,
+							"-partition",
+							svc.ID.Partition,
+							"-namespace",
+							svc.ID.Namespace,
+						)
+					}
+				}
+				if token := g.sec.ReadServiceToken(node.Cluster, svc.ID); token != "" {
+					if node.IsDataplane() {
+						setenv("DP_CREDENTIAL_TYPE", "static")
+						setenv("DP_CREDENTIAL_STATIC_TOKEN", token)
+					} else {
+						tfsvc.EnvoyCommand = append(tfsvc.EnvoyCommand, "-token", token)
+					}
+				}
+				if node.IsDataplane() {
+					setenv("DP_ENVOY_ADMIN_BIND_ADDRESS", "0.0.0.0") // for demo purposes
+					setenv("DP_ENVOY_ADMIN_BIND_PORT", "19000")
+					setenv("DP_LOG_LEVEL", "trace")
+
+					setenv("DP_CA_CERTS", "/consul/config/certs/consul-agent-ca.pem")
+					setenv("DP_CONSUL_GRPC_PORT", "8503")
+					setenv("DP_TLS_SERVER_NAME", "server."+node.Datacenter+".consul")
+				} else {
+					tfsvc.EnvoyCommand = append(tfsvc.EnvoyCommand,
+						"-grpc-addr", "http://127.0.0.1:8502",
+						"-admin-bind",
+						// for demo purposes
+						"0.0.0.0:"+strconv.Itoa(svc.EnvoyAdminPort),
+						"--",
+						"-l",
+						"trace",
+					)
+				}
+				if step.StartServices() {
+					sort.Strings(tfsvc.Env)
+
+					if node.IsDataplane() {
+						containers = append(containers, Eval(tfAppDataplaneT, &tfsvc))
+					} else {
+						containers = append(containers, Eval(tfAppSidecarT, &tfsvc))
+					}
+				}
+			}
+		}
+	}
+
+	// Wait until the very end to render the pod so we know all of the ports.
+	pod.Ports = node.SortedPorts()
+
+	// pod placeholder container
+	containers = append(containers, Eval(tfPauseT, &pod))
+
+	return containers, nil
+}
+
+var tfPauseT = template.Must(template.ParseFS(content, "templates/container-pause.tf.tmpl"))
+var tfConsulT = template.Must(template.ParseFS(content, "templates/container-consul.tf.tmpl"))
+var tfMeshGatewayT = template.Must(template.ParseFS(content, "templates/container-mgw.tf.tmpl"))
+var tfAppT = template.Must(template.ParseFS(content, "templates/container-app.tf.tmpl"))
+var tfAppSidecarT = template.Must(template.ParseFS(content, "templates/container-app-sidecar.tf.tmpl"))
+var tfAppDataplaneT = template.Must(template.ParseFS(content, "templates/container-app-dataplane.tf.tmpl"))
diff --git a/testing/deployer/sprawl/internal/tfgen/prelude.go b/testing/deployer/sprawl/internal/tfgen/prelude.go
new file mode 100644
index 000000000000..7a10c8c5da25
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/prelude.go
@@ -0,0 +1,16 @@
+package tfgen
+
+const terraformPrelude = `provider "docker" {
+  host = "unix:///var/run/docker.sock"
+}
+
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "~> 2.0"
+    }
+  }
+  required_version = ">= 0.13"
+}
+`
diff --git a/testing/deployer/sprawl/internal/tfgen/proxy.go b/testing/deployer/sprawl/internal/tfgen/proxy.go
new file mode 100644
index 000000000000..9c4c6bb4575a
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/proxy.go
@@ -0,0 +1,87 @@
+package tfgen
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"text/template"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/hashicorp/consul/testing/deployer/util"
+)
+
+const proxyInternalPort = 80
+
+func (g *Generator) writeNginxConfig(net *topology.Network) (bool, string, error) {
+	rootdir := filepath.Join(g.workdir, "terraform", "nginx-config-"+net.Name)
+	if err := os.MkdirAll(rootdir, 0755); err != nil {
+		return false, "", err
+	}
+
+	configFile := filepath.Join(rootdir, "nginx.conf")
+
+	body := fmt.Sprintf(`
+server {
+    listen       %d;
+
+    location / {
+        resolver 8.8.8.8;
+        ##############
+        # Relevant config knobs are here: https://nginx.org/en/docs/http/ngx_http_proxy_module.html
+        ##############
+        proxy_pass http://$http_host$uri$is_args$args;
+        proxy_cache off;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_connect_timeout 5s;
+        proxy_read_timeout 5s;
+        proxy_send_timeout 5s;
+        proxy_request_buffering off;
+        proxy_buffering off;
+    }
+}
+`, proxyInternalPort)
+
+	_, err := UpdateFileIfDifferent(
+		g.logger,
+		[]byte(body),
+		configFile,
+		0644,
+	)
+	if err != nil {
+		return false, "", fmt.Errorf("error writing %q: %w", configFile, err)
+	}
+
+	hash, err := util.HashFile(configFile)
+	if err != nil {
+		return false, "", fmt.Errorf("error hashing %q: %w", configFile, err)
+	}
+
+	return true, hash, err
+}
+
+func (g *Generator) getForwardProxyContainer(
+	net *topology.Network,
+	ipAddress string,
+	hash string,
+) Resource {
+	env := []string{"HASH_FILE_VALUE=" + hash}
+	proxy := struct {
+		Name              string
+		DockerNetworkName string
+		InternalPort      int
+		IPAddress         string
+		Env               []string
+	}{
+		Name:              net.Name,
+		DockerNetworkName: net.DockerName,
+		InternalPort:      proxyInternalPort,
+		IPAddress:         ipAddress,
+		Env:               env,
+	}
+
+	return Eval(tfForwardProxyT, &proxy)
+}
+
+var tfForwardProxyT = template.Must(template.ParseFS(content, "templates/container-proxy.tf.tmpl"))
diff --git a/testing/deployer/sprawl/internal/tfgen/res.go b/testing/deployer/sprawl/internal/tfgen/res.go
new file mode 100644
index 000000000000..c48cd7d8f216
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/res.go
@@ -0,0 +1,95 @@
+package tfgen
+
+import (
+	"bytes"
+	"text/template"
+
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/hcl/v2/hclwrite"
+)
+
+type FileResource struct {
+	name string
+	res  Resource
+}
+
+func (r *FileResource) Name() string { return r.name }
+
+func (r *FileResource) Commit(logger hclog.Logger) error {
+	val, err := r.res.Render()
+	if err != nil {
+		return err
+	}
+	_, err = UpdateFileIfDifferent(logger, []byte(val), r.name, 0644)
+	return err
+}
+
+func File(name string, res Resource) *FileResource {
+	return &FileResource{name: name, res: res}
+}
+
+func Text(s string) Resource {
+	return &textResource{text: s}
+}
+
+func Embed(name string) Resource {
+	return &embedResource{name: name}
+}
+
+func Eval(t *template.Template, data any) Resource {
+	return &evalResource{template: t, data: data, hcl: false}
+}
+
+func HCL(t *template.Template, data any) Resource {
+	return &evalResource{template: t, data: data, hcl: true}
+}
+
+type Resource interface {
+	Render() (string, error)
+}
+
+type embedResource struct {
+	name string
+}
+
+func (r *embedResource) Render() (string, error) {
+	val, err := content.ReadFile(r.name)
+	if err != nil {
+		return "", err
+	}
+	return string(val), nil
+}
+
+type textResource struct {
+	text string
+}
+
+func (r *textResource) Render() (string, error) {
+	return r.text, nil
+}
+
+type evalResource struct {
+	template *template.Template
+	data     any
+	hcl      bool
+}
+
+func (r *evalResource) Render() (string, error) {
+	out, err := StringTemplate(r.template, r.data)
+	if err != nil {
+		return "", err
+	}
+
+	if r.hcl {
+		return string(hclwrite.Format([]byte(out))), nil
+	}
+	return out, nil
+}
+
+func StringTemplate(t *template.Template, data any) (string, error) {
+	var res bytes.Buffer
+	if err := t.Execute(&res, data); err != nil {
+		return "", err
+	}
+	return res.String(), nil
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl
new file mode 100644
index 000000000000..bfb0705e6df8
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl
@@ -0,0 +1,29 @@
+resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar" {
+	name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar"
+    network_mode = "container:${docker_container.{{.PodName}}.id}"
+    image        = docker_image.{{.DataplaneImageResource}}.latest
+    restart  = "on-failure"
+
+{{- range $k, $v := .Labels }}
+  labels {
+    label = "{{ $k }}"
+    value = "{{ $v }}"
+  }
+{{- end }}
+
+  volumes {
+    volume_name    = "{{.TLSVolumeName}}"
+    container_path = "/consul/config/certs"
+    read_only      = true
+  }
+
+  env = [
+{{- range .Env }}
+      "{{.}}",
+{{- end}}
+  ]
+
+  command = [
+    "/usr/local/bin/consul-dataplane",
+  ]
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl
new file mode 100644
index 000000000000..6abb397c2534
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl
@@ -0,0 +1,31 @@
+resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar" {
+	name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar"
+    network_mode = "container:${docker_container.{{.PodName}}.id}"
+    image        = docker_image.{{.EnvoyImageResource}}.latest
+    restart  = "on-failure"
+
+{{- range $k, $v := .Labels }}
+  labels {
+    label = "{{ $k }}"
+    value = "{{ $v }}"
+  }
+{{- end }}
+
+  volumes {
+    volume_name    = "{{.TLSVolumeName}}"
+    container_path = "/consul/config/certs"
+    read_only      = true
+  }
+
+  env = [
+{{- range .Env }}
+      "{{.}}",
+{{- end}}
+  ]
+
+  command = [
+{{- range .EnvoyCommand }}
+    "{{.}}",
+{{- end }}
+  ]
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl
new file mode 100644
index 000000000000..b1b390f0f16c
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl
@@ -0,0 +1,25 @@
+resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}" {
+	name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}"
+    network_mode = "container:${docker_container.{{.PodName}}.id}"
+    image        = docker_image.{{.AppImageResource}}.latest
+    restart  = "on-failure"
+
+{{- range $k, $v := .Labels }}
+  labels {
+    label = "{{ $k }}"
+    value = "{{ $v }}"
+  }
+{{- end }}
+
+  env = [
+{{- range .Env }}
+      "{{.}}",
+{{- end}}
+  ]
+
+  command = [
+{{- range .Command }}
+    "{{.}}",
+{{- end }}
+  ]
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl
new file mode 100644
index 000000000000..01f7f3fb4d7d
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl
@@ -0,0 +1,40 @@
+resource "docker_container" "{{.Node.DockerName}}" {
+  name         = "{{.Node.DockerName}}"
+  network_mode = "container:${docker_container.{{.PodName}}.id}"
+  image        = docker_image.{{.ImageResource}}.latest
+  restart      = "always"
+
+  env = [
+      "CONSUL_UID=0",
+      "CONSUL_GID=0",
+      "CONSUL_LICENSE={{.EnterpriseLicense}}",
+{{- range .Env }}
+      "{{.}}",
+{{- end}}
+  ]
+
+{{- range $k, $v := .Labels }}
+  labels {
+    label = "{{ $k }}"
+    value = "{{ $v }}"
+  }
+{{- end }}
+
+  command = [
+    "agent",
+    "-hcl",
+	<<-EOT
+{{ .HCL }}
+EOT
+  ]
+
+  volumes {
+    volume_name    = "{{.Node.DockerName}}"
+    container_path = "/consul/data"
+  }
+
+  volumes {
+    volume_name = "{{.TLSVolumeName}}"
+    container_path = "/consul/config/certs"
+  }
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl
new file mode 100644
index 000000000000..7789376a98f1
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl
@@ -0,0 +1,28 @@
+resource "docker_container" "{{.DockerNetworkName}}-coredns" {
+  name     = "{{.DockerNetworkName}}-coredns"
+  image = docker_image.coredns.latest
+  restart  = "always"
+  dns      = ["8.8.8.8"]
+
+  networks_advanced {
+    name         = docker_network.{{.DockerNetworkName}}.name
+    ipv4_address = "{{.IPAddress}}"
+  }
+
+  env = [
+{{- range .Env }}
+      "{{.}}",
+{{- end}}
+  ]
+
+  volumes {
+    host_path      = abspath("coredns-config-{{.Name}}")
+    container_path = "/config"
+    read_only      = true
+  }
+
+  command = [
+    "-conf",
+    "/config/Corefile",
+  ]
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl
new file mode 100644
index 000000000000..ec25665f3ed8
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl
@@ -0,0 +1,25 @@
+resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}" {
+    name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}"
+    network_mode = "container:${docker_container.{{.PodName}}.id}"
+    image        = docker_image.{{.EnvoyImageResource}}.latest
+    restart  = "on-failure"
+
+{{- range $k, $v := .Labels }}
+  labels {
+    label = "{{ $k }}"
+    value = "{{ $v }}"
+  }
+{{- end }}
+
+  volumes {
+    volume_name    = "{{.TLSVolumeName}}"
+    container_path = "/consul/config/certs"
+    read_only      = true
+  }
+
+  command = [
+{{- range .Command }}
+    "{{.}}",
+{{- end }}
+  ]
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl
new file mode 100644
index 000000000000..1f1627b0719b
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl
@@ -0,0 +1,38 @@
+resource "docker_container" "{{.PodName}}" {
+  name     = "{{.PodName}}"
+  image = docker_image.pause.latest
+  hostname = "{{.PodName}}"
+  restart  = "always"
+  dns      = ["{{.DNSAddress}}"]
+
+{{- range $k, $v := .Labels }}
+  labels {
+    label = "{{ $k }}"
+    value = "{{ $v }}"
+  }
+{{- end }}
+
+depends_on = [
+  docker_container.{{.DockerNetworkName}}-coredns,
+  docker_container.{{.DockerNetworkName}}-forwardproxy,
+]
+
+{{- range .Ports }}
+ports {
+  internal = {{.}}
+}
+{{- end }}
+
+{{- range .Node.Addresses }}
+networks_advanced {
+  name         = docker_network.{{.DockerNetworkName}}.name
+  ipv4_address = "{{.IPAddress}}"
+}
+{{- end }}
+}
+
+output "ports_{{.Node.Cluster}}_{{.Node.Partition}}_{{.Node.Name}}" {
+  value = {
+    for port in docker_container.{{.PodName}}.ports : port.internal => port.external
+  }
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl
new file mode 100644
index 000000000000..ed44d8343fe8
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl
@@ -0,0 +1,33 @@
+resource "docker_container" "{{.DockerNetworkName}}-forwardproxy" {
+  name     = "{{.DockerNetworkName}}-forwardproxy"
+  image = docker_image.nginx.latest
+  restart  = "always"
+  dns      = ["8.8.8.8"]
+
+  ports {
+    internal = {{.InternalPort}}
+  }
+
+  networks_advanced {
+    name         = docker_network.{{.DockerNetworkName}}.name
+    ipv4_address = "{{.IPAddress}}"
+  }
+
+  env = [
+{{- range .Env }}
+      "{{.}}",
+{{- end}}
+  ]
+
+  volumes {
+    host_path      = abspath("nginx-config-{{.Name}}/nginx.conf")
+    container_path = "/etc/nginx/conf.d/default.conf"
+    read_only      = true
+  }
+}
+
+output "forwardproxyport_{{.Name}}" {
+  value = {
+    for port in docker_container.{{.DockerNetworkName}}-forwardproxy.ports : port.internal => port.external
+  }
+}
diff --git a/testing/deployer/sprawl/internal/tfgen/tfgen.go b/testing/deployer/sprawl/internal/tfgen/tfgen.go
new file mode 100644
index 000000000000..7eeb84b16789
--- /dev/null
+++ b/testing/deployer/sprawl/internal/tfgen/tfgen.go
@@ -0,0 +1,15 @@
+package tfgen
+
+import (
+	"embed"
+)
+
+//go:embed templates/container-app-dataplane.tf.tmpl
+//go:embed templates/container-app-sidecar.tf.tmpl
+//go:embed templates/container-app.tf.tmpl
+//go:embed templates/container-consul.tf.tmpl
+//go:embed templates/container-mgw.tf.tmpl
+//go:embed templates/container-pause.tf.tmpl
+//go:embed templates/container-proxy.tf.tmpl
+//go:embed templates/container-coredns.tf.tmpl
+var content embed.FS
diff --git a/testing/deployer/sprawl/peering.go b/testing/deployer/sprawl/peering.go
new file mode 100644
index 000000000000..e88786a1b0d4
--- /dev/null
+++ b/testing/deployer/sprawl/peering.go
@@ -0,0 +1,165 @@
+package sprawl
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/go-hclog"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+// TODO: this is definitely a grpc resolver/balancer issue to look into
+const grpcWeirdError = `transport: Error while dialing failed to find Consul server for global address`
+
+func isWeirdGRPCError(err error) bool {
+	if err == nil {
+		return false
+	}
+	return strings.Contains(err.Error(), grpcWeirdError)
+}
+
+func (s *Sprawl) initPeerings() error {
+	// TODO: wait until services are healthy? wait until mesh gateways work?
+	// if err := s.generator.Generate(tfgen.StepPeering); err != nil {
+	// 	return fmt.Errorf("generator[peering]: %w", err)
+	// }
+
+	var (
+		logger = s.logger.Named("peering")
+		_      = logger
+	)
+
+	for _, peering := range s.topology.Peerings {
+		dialingCluster, ok := s.topology.Clusters[peering.Dialing.Name]
+		if !ok {
+			return fmt.Errorf("peering references dialing cluster that does not exist: %s", peering.String())
+		}
+		acceptingCluster, ok := s.topology.Clusters[peering.Accepting.Name]
+		if !ok {
+			return fmt.Errorf("peering references accepting cluster that does not exist: %s", peering.String())
+		}
+
+		var (
+			dialingClient   = s.clients[dialingCluster.Name]
+			acceptingClient = s.clients[acceptingCluster.Name]
+		)
+
+		// TODO: allow for use of ServerExternalAddresses
+
+		req1 := api.PeeringGenerateTokenRequest{
+			PeerName: peering.Accepting.PeerName,
+		}
+		if acceptingCluster.Enterprise {
+			req1.Partition = peering.Accepting.Partition
+		}
+
+	GENTOKEN:
+		resp, _, err := acceptingClient.Peerings().GenerateToken(context.Background(), req1, nil)
+		if err != nil {
+			if isWeirdGRPCError(err) {
+				time.Sleep(50 * time.Millisecond)
+				goto GENTOKEN
+			}
+			return fmt.Errorf("error generating peering token for %q: %w", peering.String(), err)
+		}
+
+		peeringToken := resp.PeeringToken
+		logger.Info("generated peering token", "peering", peering.String())
+
+		req2 := api.PeeringEstablishRequest{
+			PeerName:     peering.Dialing.PeerName,
+			PeeringToken: peeringToken,
+		}
+		if dialingCluster.Enterprise {
+			req2.Partition = peering.Dialing.Partition
+		}
+
+		logger.Info("establishing peering with token", "peering", peering.String())
+	ESTABLISH:
+		_, _, err = dialingClient.Peerings().Establish(context.Background(), req2, nil)
+		if err != nil {
+			if isWeirdGRPCError(err) {
+				time.Sleep(50 * time.Millisecond)
+				goto ESTABLISH
+			}
+			return fmt.Errorf("error establishing peering with token for %q: %w", peering.String(), err)
+		}
+
+		logger.Info("peering established", "peering", peering.String())
+	}
+
+	return nil
+}
+
+func (s *Sprawl) waitForPeeringEstablishment() error {
+	var (
+		logger = s.logger.Named("peering")
+	)
+
+	for _, peering := range s.topology.Peerings {
+		dialingCluster, ok := s.topology.Clusters[peering.Dialing.Name]
+		if !ok {
+			return fmt.Errorf("peering references dialing cluster that does not exist: %s", peering.String())
+		}
+		acceptingCluster, ok := s.topology.Clusters[peering.Accepting.Name]
+		if !ok {
+			return fmt.Errorf("peering references accepting cluster that does not exist: %s", peering.String())
+		}
+
+		var (
+			dialingClient   = s.clients[dialingCluster.Name]
+			acceptingClient = s.clients[acceptingCluster.Name]
+
+			dialingLogger = logger.With(
+				"cluster", dialingCluster.Name,
+				"peering", peering.String(),
+			)
+			acceptingLogger = logger.With(
+				"cluster", acceptingCluster.Name,
+				"peering", peering.String(),
+			)
+		)
+
+		s.checkPeeringDirection(dialingLogger, dialingClient, peering.Dialing, dialingCluster.Enterprise)
+		s.checkPeeringDirection(acceptingLogger, acceptingClient, peering.Accepting, acceptingCluster.Enterprise)
+	}
+	return nil
+}
+
+func (s *Sprawl) checkPeeringDirection(logger hclog.Logger, client *api.Client, pc topology.PeerCluster, enterprise bool) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	for {
+		opts := &api.QueryOptions{}
+		if enterprise {
+			opts.Partition = pc.Partition
+		}
+		res, _, err := client.Peerings().Read(ctx, pc.PeerName, opts)
+		if isWeirdGRPCError(err) {
+			time.Sleep(50 * time.Millisecond)
+			continue
+		}
+		if err != nil {
+			logger.Info("error looking up peering", "error", err)
+			time.Sleep(100 * time.Millisecond)
+			continue
+		}
+		if res == nil {
+			logger.Info("peering not found")
+			time.Sleep(100 * time.Millisecond)
+			continue
+		}
+
+		if res.State == api.PeeringStateActive {
+			logger.Info("peering is active")
+			return
+		}
+		logger.Info("peering not active yet", "state", res.State)
+		time.Sleep(500 * time.Millisecond)
+	}
+}
diff --git a/testing/deployer/sprawl/sprawl.go b/testing/deployer/sprawl/sprawl.go
new file mode 100644
index 000000000000..7a3335bc0a1f
--- /dev/null
+++ b/testing/deployer/sprawl/sprawl.go
@@ -0,0 +1,464 @@
+package sprawl
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/go-multierror"
+	"github.com/mitchellh/copystructure"
+
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/runner"
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/tfgen"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/hashicorp/consul/testing/deployer/util"
+)
+
+// TODO: manage workdir externally without chdir
+
+// Sprawl is the definition of a complete running Consul deployment topology.
+type Sprawl struct {
+	logger  hclog.Logger
+	runner  *runner.Runner
+	license string
+	secrets secrets.Store
+
+	workdir string
+
+	// set during Run
+	config    *topology.Config
+	topology  *topology.Topology
+	generator *tfgen.Generator
+
+	clients map[string]*api.Client // one per cluster
+}
+
+// Topology allows access to the topology that defines the resources. Do not
+// write to any of these fields.
+func (s *Sprawl) Topology() *topology.Topology {
+	return s.topology
+}
+
+func (s *Sprawl) Config() *topology.Config {
+	c2, err := copyConfig(s.config)
+	if err != nil {
+		panic(err)
+	}
+	return c2
+}
+
+func (s *Sprawl) HTTPClientForCluster(clusterName string) (*http.Client, error) {
+	cluster, ok := s.topology.Clusters[clusterName]
+	if !ok {
+		return nil, fmt.Errorf("no such cluster: %s", clusterName)
+	}
+
+	// grab the local network for the cluster
+	network, ok := s.topology.Networks[cluster.NetworkName]
+	if !ok {
+		return nil, fmt.Errorf("no such network: %s", cluster.NetworkName)
+	}
+
+	transport, err := util.ProxyHTTPTransport(network.ProxyPort)
+	if err != nil {
+		return nil, err
+	}
+
+	return &http.Client{Transport: transport}, nil
+}
+
+// APIClientForNode gets a pooled api.Client connected to the agent running on
+// the provided node.
+//
+// Passing an empty token will assume the bootstrap token. If you want to
+// actually use the anonymous token say "-".
+func (s *Sprawl) APIClientForNode(clusterName string, nid topology.NodeID, token string) (*api.Client, error) {
+	cluster, ok := s.topology.Clusters[clusterName]
+	if !ok {
+		return nil, fmt.Errorf("no such cluster: %s", clusterName)
+	}
+
+	nid.Normalize()
+
+	node := cluster.NodeByID(nid)
+	if !node.IsAgent() {
+		return nil, fmt.Errorf("node is not an agent")
+	}
+
+	switch token {
+	case "":
+		token = s.secrets.ReadGeneric(clusterName, secrets.BootstrapToken)
+	case "-":
+		token = ""
+	}
+
+	return util.ProxyAPIClient(
+		node.LocalProxyPort(),
+		node.LocalAddress(),
+		8500,
+		token,
+	)
+}
+
+func copyConfig(cfg *topology.Config) (*topology.Config, error) {
+	dup, err := copystructure.Copy(cfg)
+	if err != nil {
+		return nil, err
+	}
+	return dup.(*topology.Config), nil
+}
+
+// Launch will create the topology defined by the provided configuration and
+// bring up all of the relevant clusters. Once created the Stop method must be
+// called to destroy everything.
+func Launch(
+	logger hclog.Logger,
+	workdir string,
+	cfg *topology.Config,
+) (*Sprawl, error) {
+	if logger == nil {
+		panic("logger is required")
+	}
+	if workdir == "" {
+		panic("workdir is required")
+	}
+
+	if err := os.MkdirAll(filepath.Join(workdir, "terraform"), 0755); err != nil {
+		return nil, err
+	}
+
+	runner, err := runner.Load(logger)
+	if err != nil {
+		return nil, err
+	}
+
+	// Copy this to avoid leakage.
+	cfg, err = copyConfig(cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	s := &Sprawl{
+		logger:  logger,
+		runner:  runner,
+		workdir: workdir,
+		clients: make(map[string]*api.Client),
+	}
+
+	if err := s.ensureLicense(); err != nil {
+		return nil, err
+	}
+
+	// Copy this AGAIN, BEFORE compiling so we capture the original definition, without denorms.
+	s.config, err = copyConfig(cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	s.topology, err = topology.Compile(logger.Named("compile"), cfg)
+	if err != nil {
+		return nil, fmt.Errorf("topology.Compile: %w", err)
+	}
+
+	s.logger.Info("compiled topology", "ct", jd(s.topology)) // TODO
+
+	start := time.Now()
+	if err := s.launch(); err != nil {
+		return nil, err
+	}
+	s.logger.Info("topology is ready for use", "elapsed", time.Since(start))
+
+	if err := s.PrintDetails(); err != nil {
+		return nil, fmt.Errorf("error gathering diagnostic details: %w", err)
+	}
+
+	return s, nil
+}
+
+func (s *Sprawl) Relaunch(
+	cfg *topology.Config,
+) error {
+	// Copy this BEFORE compiling so we capture the original definition, without denorms.
+	var err error
+	s.config, err = copyConfig(cfg)
+	if err != nil {
+		return err
+	}
+
+	newTopology, err := topology.Recompile(s.logger.Named("recompile"), cfg, s.topology)
+	if err != nil {
+		return fmt.Errorf("topology.Compile: %w", err)
+	}
+
+	s.topology = newTopology
+
+	s.logger.Info("compiled replacement topology", "ct", jd(s.topology)) // TODO
+
+	start := time.Now()
+	if err := s.relaunch(); err != nil {
+		return err
+	}
+	s.logger.Info("topology is ready for use", "elapsed", time.Since(start))
+
+	if err := s.PrintDetails(); err != nil {
+		return fmt.Errorf("error gathering diagnostic details: %w", err)
+	}
+
+	return nil
+}
+
+// Leader returns the cluster leader agent, or an error if no leader is
+// available.
+func (s *Sprawl) Leader(clusterName string) (*topology.Node, error) {
+	cluster, ok := s.topology.Clusters[clusterName]
+	if !ok {
+		return nil, fmt.Errorf("no such cluster: %s", clusterName)
+	}
+
+	var (
+		client = s.clients[cluster.Name]
+		// logger = s.logger.With("cluster", cluster.Name)
+	)
+
+	leaderAddr, err := getLeader(client)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, node := range cluster.Nodes {
+		if !node.IsServer() || node.Disabled {
+			continue
+		}
+		if strings.HasPrefix(leaderAddr, node.LocalAddress()+":") {
+			return node, nil
+		}
+	}
+
+	return nil, fmt.Errorf("leader not found")
+}
+
+// Followers returns the cluster following servers.
+func (s *Sprawl) Followers(clusterName string) ([]*topology.Node, error) {
+	cluster, ok := s.topology.Clusters[clusterName]
+	if !ok {
+		return nil, fmt.Errorf("no such cluster: %s", clusterName)
+	}
+
+	leaderNode, err := s.Leader(clusterName)
+	if err != nil {
+		return nil, fmt.Errorf("could not determine leader: %w", err)
+	}
+
+	var followers []*topology.Node
+
+	for _, node := range cluster.Nodes {
+		if !node.IsServer() || node.Disabled {
+			continue
+		}
+		if node.ID() != leaderNode.ID() {
+			followers = append(followers, node)
+		}
+	}
+
+	return followers, nil
+}
+
+func (s *Sprawl) DisabledServers(clusterName string) ([]*topology.Node, error) {
+	cluster, ok := s.topology.Clusters[clusterName]
+	if !ok {
+		return nil, fmt.Errorf("no such cluster: %s", clusterName)
+	}
+
+	var servers []*topology.Node
+
+	for _, node := range cluster.Nodes {
+		if !node.IsServer() || !node.Disabled {
+			continue
+		}
+		servers = append(servers, node)
+	}
+
+	return servers, nil
+}
+
+func (s *Sprawl) StopContainer(ctx context.Context, containerName string) error {
+	return s.runner.DockerExec(ctx, []string{"stop", containerName}, nil, nil)
+}
+
+func (s *Sprawl) SnapshotEnvoy(ctx context.Context) error {
+	snapDir := filepath.Join(s.workdir, "envoy-snapshots")
+	if err := os.MkdirAll(snapDir, 0755); err != nil {
+		return fmt.Errorf("could not create envoy snapshot output dir %s: %w", snapDir, err)
+	}
+
+	targets := map[string]string{
+		"config_dump.json":     "config_dump",
+		"clusters.json":        "clusters?format=json",
+		"stats.txt":            "stats",
+		"stats_prometheus.txt": "stats/prometheus",
+	}
+
+	var merr error
+	for _, c := range s.topology.Clusters {
+		client, err := s.HTTPClientForCluster(c.Name)
+		if err != nil {
+			return fmt.Errorf("could not get http client for cluster %q: %w", c.Name, err)
+		}
+
+		for _, n := range c.Nodes {
+			if n.Disabled {
+				continue
+			}
+			for _, s := range n.Services {
+				if s.Disabled || s.EnvoyAdminPort <= 0 {
+					continue
+				}
+				prefix := fmt.Sprintf("http://%s:%d", n.LocalAddress(), s.EnvoyAdminPort)
+
+				for fn, target := range targets {
+					u := prefix + "/" + target
+
+					body, err := scrapeURL(client, u)
+					if err != nil {
+						merr = multierror.Append(merr, fmt.Errorf("could not scrape %q for %s on %s: %w",
+							target, s.ID.String(), n.ID().String(), err,
+						))
+						continue
+					}
+
+					outFn := filepath.Join(snapDir, n.DockerName()+"--"+s.ID.TFString()+"."+fn)
+
+					if err := os.WriteFile(outFn+".tmp", body, 0644); err != nil {
+						merr = multierror.Append(merr, fmt.Errorf("could not write output %q for %s on %s: %w",
+							target, s.ID.String(), n.ID().String(), err,
+						))
+						continue
+					}
+
+					if err := os.Rename(outFn+".tmp", outFn); err != nil {
+						merr = multierror.Append(merr, fmt.Errorf("could not write output %q for %s on %s: %w",
+							target, s.ID.String(), n.ID().String(), err,
+						))
+						continue
+					}
+				}
+			}
+		}
+	}
+	return merr
+}
+
+func scrapeURL(client *http.Client, url string) ([]byte, error) {
+	res, err := client.Get(url)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+
+	body, err := io.ReadAll(res.Body)
+	if err != nil {
+		return nil, err
+	}
+	return body, nil
+}
+
+func (s *Sprawl) CaptureLogs(ctx context.Context) error {
+	logDir := filepath.Join(s.workdir, "logs")
+	if err := os.MkdirAll(logDir, 0755); err != nil {
+		return fmt.Errorf("could not create log output dir %s: %w", logDir, err)
+	}
+
+	containers, err := s.listContainers(ctx)
+	if err != nil {
+		return err
+	}
+
+	s.logger.Info("Capturing logs")
+
+	var merr error
+	for _, container := range containers {
+		if err := s.dumpContainerLogs(ctx, container, logDir); err != nil {
+			merr = multierror.Append(merr, fmt.Errorf("could not dump logs for container %s: %w", container, err))
+		}
+	}
+
+	return merr
+}
+
+// Dump known containers out of terraform state file.
+func (s *Sprawl) listContainers(ctx context.Context) ([]string, error) {
+	tfdir := filepath.Join(s.workdir, "terraform")
+
+	var buf bytes.Buffer
+	if err := s.runner.TerraformExec(ctx, []string{"state", "list"}, &buf, tfdir); err != nil {
+		return nil, fmt.Errorf("error listing containers in terraform state file: %w", err)
+	}
+
+	var (
+		scan       = bufio.NewScanner(&buf)
+		containers []string
+	)
+	for scan.Scan() {
+		line := strings.TrimSpace(scan.Text())
+
+		name := strings.TrimPrefix(line, "docker_container.")
+		if name != line {
+			containers = append(containers, name)
+			continue
+		}
+	}
+	if err := scan.Err(); err != nil {
+		return nil, err
+	}
+
+	return containers, nil
+}
+
+func (s *Sprawl) dumpContainerLogs(ctx context.Context, containerName, outputRoot string) error {
+	path := filepath.Join(outputRoot, containerName+".log")
+
+	f, err := os.Create(path + ".tmp")
+	if err != nil {
+		return err
+	}
+	keep := false
+	defer func() {
+		_ = f.Close()
+		if !keep {
+			_ = os.Remove(path + ".tmp")
+			_ = os.Remove(path)
+		}
+	}()
+
+	err = s.runner.DockerExecWithStderr(
+		ctx,
+		[]string{"logs", containerName},
+		f,
+		f,
+		nil,
+	)
+	if err != nil {
+		return err
+	}
+
+	if err := f.Close(); err != nil {
+		return err
+	}
+
+	if err := os.Rename(path+".tmp", path); err != nil {
+		return err
+	}
+
+	keep = true
+	return nil
+}
diff --git a/testing/deployer/sprawl/sprawltest/sprawltest.go b/testing/deployer/sprawl/sprawltest/sprawltest.go
new file mode 100644
index 000000000000..23ff44779b2c
--- /dev/null
+++ b/testing/deployer/sprawl/sprawltest/sprawltest.go
@@ -0,0 +1,202 @@
+package sprawltest
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"sync"
+	"testing"
+
+	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/go-multierror"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/testing/deployer/sprawl"
+	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/runner"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+// TODO(rb): move comments to doc.go
+
+var (
+	// set SPRAWL_WORKDIR_ROOT in the environment to have the test output
+	// coalesced in here. By default it uses a directory called "workdir" in
+	// each package.
+	workdirRoot string
+
+	// set SPRAWL_KEEP_WORKDIR=1 in the environment to keep the workdir output
+	// intact. Files are all destroyed by default.
+	keepWorkdirOnFail bool
+
+	// set SPRAWL_KEEP_RUNNING=1 in the environment to keep the workdir output
+	// intact and also refrain from tearing anything down. Things are all
+	// destroyed by default.
+	//
+	// SPRAWL_KEEP_RUNNING=1 implies SPRAWL_KEEP_WORKDIR=1
+	keepRunningOnFail bool
+
+	// set SPRAWL_SKIP_OLD_CLEANUP to prevent the library from tearing down and
+	// removing anything found in the working directory at init time. The
+	// default behavior is to do this.
+	skipOldCleanup bool
+)
+
+var cleanupPriorRunOnce sync.Once
+
+func init() {
+	if root := os.Getenv("SPRAWL_WORKDIR_ROOT"); root != "" {
+		fmt.Fprintf(os.Stdout, "INFO: sprawltest: SPRAWL_WORKDIR_ROOT set; using %q as output root\n", root)
+		workdirRoot = root
+	} else {
+		workdirRoot = "workdir"
+	}
+
+	if os.Getenv("SPRAWL_KEEP_WORKDIR") == "1" {
+		keepWorkdirOnFail = true
+		fmt.Fprintf(os.Stdout, "INFO: sprawltest: SPRAWL_KEEP_WORKDIR set; not destroying workdir on failure\n")
+	}
+
+	if os.Getenv("SPRAWL_KEEP_RUNNING") == "1" {
+		keepRunningOnFail = true
+		keepWorkdirOnFail = true
+		fmt.Fprintf(os.Stdout, "INFO: sprawltest: SPRAWL_KEEP_RUNNING set; not tearing down resources on failure\n")
+	}
+
+	if os.Getenv("SPRAWL_SKIP_OLD_CLEANUP") == "1" {
+		skipOldCleanup = true
+		fmt.Fprintf(os.Stdout, "INFO: sprawltest: SPRAWL_SKIP_OLD_CLEANUP set; not cleaning up anything found in %q\n", workdirRoot)
+	}
+
+	if !skipOldCleanup {
+		cleanupPriorRunOnce.Do(func() {
+			fmt.Fprintf(os.Stdout, "INFO: sprawltest: triggering cleanup of any prior test runs\n")
+			CleanupWorkingDirectories()
+		})
+	}
+}
+
+// Launch will create the topology defined by the provided configuration and
+// bring up all of the relevant clusters.
+//
+// - Logs will be routed to (*testing.T).Logf.
+//
+//   - By default everything will be stopped and removed via
+//     (*testing.T).Cleanup. For failed tests, this can be skipped by setting the
+//     environment variable SKIP_TEARDOWN=1.
+func Launch(t *testing.T, cfg *topology.Config) *sprawl.Sprawl {
+	SkipIfTerraformNotPresent(t)
+	sp, err := sprawl.Launch(
+		testutil.Logger(t),
+		initWorkingDirectory(t),
+		cfg,
+	)
+	require.NoError(t, err)
+	stopOnCleanup(t, sp)
+	return sp
+}
+
+func initWorkingDirectory(t *testing.T) string {
+	// TODO(rb): figure out how to get the calling package which we can put in
+	// the middle here, which is likely 2 call frames away so maybe
+	// runtime.Callers can help
+	scratchDir := filepath.Join(workdirRoot, t.Name())
+	_ = os.RemoveAll(scratchDir) // cleanup prior runs
+	if err := os.MkdirAll(scratchDir, 0755); err != nil {
+		t.Fatalf("error: %v", err)
+	}
+
+	t.Cleanup(func() {
+		if t.Failed() && keepWorkdirOnFail {
+			t.Logf("test failed; leaving sprawl terraform definitions in: %s", scratchDir)
+		} else {
+			_ = os.RemoveAll(scratchDir)
+		}
+	})
+
+	return scratchDir
+}
+
+func stopOnCleanup(t *testing.T, sp *sprawl.Sprawl) {
+	t.Cleanup(func() {
+		if t.Failed() && keepWorkdirOnFail {
+			// It's only worth it to capture the logs if we aren't going to
+			// immediately discard them.
+			if err := sp.CaptureLogs(context.Background()); err != nil {
+				t.Logf("log capture encountered failures: %v", err)
+			}
+			if err := sp.SnapshotEnvoy(context.Background()); err != nil {
+				t.Logf("envoy snapshot capture encountered failures: %v", err)
+			}
+		}
+
+		if t.Failed() && keepRunningOnFail {
+			t.Log("test failed; leaving sprawl running")
+		} else {
+			//nolint:errcheck
+			sp.Stop()
+		}
+	})
+}
+
+// CleanupWorkingDirectories is meant to run in an init() once at the start of
+// any tests.
+func CleanupWorkingDirectories() {
+	fi, err := os.ReadDir(workdirRoot)
+	if os.IsNotExist(err) {
+		return
+	} else if err != nil {
+		fmt.Fprintf(os.Stderr, "WARN: sprawltest: unable to scan 'workdir' for prior runs to cleanup\n")
+		return
+	} else if len(fi) == 0 {
+		fmt.Fprintf(os.Stdout, "INFO: sprawltest: no prior tests to clean up\n")
+		return
+	}
+
+	r, err := runner.Load(hclog.NewNullLogger())
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "WARN: sprawltest: unable to look for 'terraform' and 'docker' binaries\n")
+		return
+	}
+
+	ctx := context.Background()
+
+	for _, d := range fi {
+		if !d.IsDir() {
+			continue
+		}
+		path := filepath.Join(workdirRoot, d.Name(), "terraform")
+
+		fmt.Fprintf(os.Stdout, "INFO: sprawltest: cleaning up failed prior run in: %s\n", path)
+
+		err := r.TerraformExec(ctx, []string{
+			"init", "-input=false",
+		}, io.Discard, path)
+
+		err2 := r.TerraformExec(ctx, []string{
+			"destroy", "-input=false", "-auto-approve", "-refresh=false",
+		}, io.Discard, path)
+
+		if err2 != nil {
+			err = multierror.Append(err, err2)
+		}
+
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "WARN: sprawltest: could not clean up failed prior run in: %s: %v\n", path, err)
+		} else {
+			_ = os.RemoveAll(path)
+		}
+	}
+}
+
+func SkipIfTerraformNotPresent(t *testing.T) {
+	const terraformBinaryName = "terraform"
+
+	path, err := exec.LookPath(terraformBinaryName)
+	if err != nil || path == "" {
+		t.Skipf("%q not found on $PATH - download and install to run this test", terraformBinaryName)
+	}
+}
diff --git a/testing/deployer/sprawl/sprawltest/test_test.go b/testing/deployer/sprawl/sprawltest/test_test.go
new file mode 100644
index 000000000000..cdbeb4be52e5
--- /dev/null
+++ b/testing/deployer/sprawl/sprawltest/test_test.go
@@ -0,0 +1,180 @@
+package sprawltest_test
+
+import (
+	"strconv"
+	"testing"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+func TestSprawl(t *testing.T) {
+	serversDC1 := newTopologyServerSet("dc1-server", 3, []string{"dc1", "wan"}, nil)
+	serversDC2 := newTopologyServerSet("dc2-server", 3, []string{"dc2", "wan"}, nil)
+
+	cfg := &topology.Config{
+		Networks: []*topology.Network{
+			{Name: "dc1"},
+			{Name: "dc2"},
+			{Name: "wan", Type: "wan"},
+		},
+		Clusters: []*topology.Cluster{
+			{
+				Name: "dc1",
+				Nodes: topology.MergeSlices(serversDC1, []*topology.Node{
+					{
+						Kind: topology.NodeKindClient,
+						Name: "dc1-client1",
+						Services: []*topology.Service{
+							{
+								ID:             topology.ServiceID{Name: "mesh-gateway"},
+								Port:           8443,
+								EnvoyAdminPort: 19000,
+								IsMeshGateway:  true,
+							},
+						},
+					},
+					{
+						Kind: topology.NodeKindClient,
+						Name: "dc1-client2",
+						Services: []*topology.Service{
+							{
+								ID:             topology.ServiceID{Name: "ping"},
+								Image:          "rboyer/pingpong:latest",
+								Port:           8080,
+								EnvoyAdminPort: 19000,
+								Command: []string{
+									"-bind", "0.0.0.0:8080",
+									"-dial", "127.0.0.1:9090",
+									"-pong-chaos",
+									"-dialfreq", "250ms",
+									"-name", "ping",
+								},
+								Upstreams: []*topology.Upstream{{
+									ID:        topology.ServiceID{Name: "pong"},
+									LocalPort: 9090,
+									Peer:      "peer-dc2-default",
+								}},
+							},
+						},
+					},
+				}),
+				InitialConfigEntries: []api.ConfigEntry{
+					&api.ExportedServicesConfigEntry{
+						Name: "default",
+						Services: []api.ExportedService{{
+							Name: "ping",
+							Consumers: []api.ServiceConsumer{{
+								Peer: "peer-dc2-default",
+							}},
+						}},
+					},
+				},
+			},
+			{
+				Name: "dc2",
+				Nodes: topology.MergeSlices(serversDC2, []*topology.Node{
+					{
+						Kind: topology.NodeKindClient,
+						Name: "dc2-client1",
+						Services: []*topology.Service{
+							{
+								ID:             topology.ServiceID{Name: "mesh-gateway"},
+								Port:           8443,
+								EnvoyAdminPort: 19000,
+								IsMeshGateway:  true,
+							},
+						},
+					},
+					{
+						Kind: topology.NodeKindDataplane,
+						Name: "dc2-client2",
+						Services: []*topology.Service{
+							{
+								ID:             topology.ServiceID{Name: "pong"},
+								Image:          "rboyer/pingpong:latest",
+								Port:           8080,
+								EnvoyAdminPort: 19000,
+								Command: []string{
+									"-bind", "0.0.0.0:8080",
+									"-dial", "127.0.0.1:9090",
+									"-pong-chaos",
+									"-dialfreq", "250ms",
+									"-name", "pong",
+								},
+								Upstreams: []*topology.Upstream{{
+									ID:        topology.ServiceID{Name: "ping"},
+									LocalPort: 9090,
+									Peer:      "peer-dc1-default",
+								}},
+							},
+						},
+					},
+				}),
+				InitialConfigEntries: []api.ConfigEntry{
+					&api.ExportedServicesConfigEntry{
+						Name: "default",
+						Services: []api.ExportedService{{
+							Name: "ping",
+							Consumers: []api.ServiceConsumer{{
+								Peer: "peer-dc2-default",
+							}},
+						}},
+					},
+				},
+			},
+		},
+		Peerings: []*topology.Peering{{
+			Dialing: topology.PeerCluster{
+				Name: "dc1",
+			},
+			Accepting: topology.PeerCluster{
+				Name: "dc2",
+			},
+		}},
+	}
+
+	sp := sprawltest.Launch(t, cfg)
+
+	for _, cluster := range sp.Topology().Clusters {
+		leader, err := sp.Leader(cluster.Name)
+		require.NoError(t, err)
+		t.Logf("%s: leader = %s", cluster.Name, leader.ID())
+
+		followers, err := sp.Followers(cluster.Name)
+		require.NoError(t, err)
+		for _, f := range followers {
+			t.Logf("%s: follower = %s", cluster.Name, f.ID())
+		}
+	}
+}
+
+func newTopologyServerSet(
+	namePrefix string,
+	num int,
+	networks []string,
+	mutateFn func(i int, node *topology.Node),
+) []*topology.Node {
+	var out []*topology.Node
+	for i := 1; i <= num; i++ {
+		name := namePrefix + strconv.Itoa(i)
+
+		node := &topology.Node{
+			Kind: topology.NodeKindServer,
+			Name: name,
+		}
+		for _, net := range networks {
+			node.Addresses = append(node.Addresses, &topology.Address{Network: net})
+		}
+
+		if mutateFn != nil {
+			mutateFn(i, node)
+		}
+
+		out = append(out, node)
+	}
+	return out
+}
diff --git a/testing/deployer/sprawl/tls.go b/testing/deployer/sprawl/tls.go
new file mode 100644
index 000000000000..748e85dd6b6f
--- /dev/null
+++ b/testing/deployer/sprawl/tls.go
@@ -0,0 +1,114 @@
+package sprawl
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+)
+
+const (
+	consulUID     = "100"
+	consulGID     = "1000"
+	consulUserArg = consulUID + ":" + consulGID
+)
+
+func tlsPrefixFromNode(node *topology.Node) string {
+	switch node.Kind {
+	case topology.NodeKindServer:
+		return node.Partition + "." + node.Name + ".server"
+	case topology.NodeKindClient:
+		return node.Partition + "." + node.Name + ".client"
+	default:
+		return ""
+	}
+}
+
+func tlsCertCreateCommand(node *topology.Node) string {
+	if node.IsServer() {
+		return fmt.Sprintf(`consul tls cert create -server -dc=%s -node=%s`, node.Datacenter, node.PodName())
+	} else {
+		return fmt.Sprintf(`consul tls cert create -client -dc=%s`, node.Datacenter)
+	}
+}
+
+func (s *Sprawl) initTLS(ctx context.Context) error {
+	for _, cluster := range s.topology.Clusters {
+
+		var buf bytes.Buffer
+
+		// Create the CA if not already done, and proceed to do all of the
+		// consul CLI calls inside of a throwaway temp directory.
+		buf.WriteString(`
+if [[ ! -f consul-agent-ca-key.pem || ! -f consul-agent-ca.pem ]]; then
+	consul tls ca create
+fi
+rm -rf tmp
+mkdir -p tmp
+cp -a consul-agent-ca-key.pem consul-agent-ca.pem tmp
+cd tmp
+`)
+
+		for _, node := range cluster.Nodes {
+			if !node.IsAgent() || node.Disabled {
+				continue
+			}
+
+			node.TLSCertPrefix = tlsPrefixFromNode(node)
+			if node.TLSCertPrefix == "" {
+				continue
+			}
+
+			expectPrefix := cluster.Datacenter + "-" + string(node.Kind) + "-consul-0"
+
+			// Conditionally generate these in isolation and rename them to
+			// not rely upon the numerical indexing.
+			buf.WriteString(fmt.Sprintf(`
+if [[ ! -f %[1]s || ! -f %[2]s ]]; then
+	rm -f %[3]s %[4]s
+	%[5]s
+	mv -f %[3]s %[1]s
+	mv -f %[4]s %[2]s
+fi
+`,
+				"../"+node.TLSCertPrefix+"-key.pem", "../"+node.TLSCertPrefix+".pem",
+				expectPrefix+"-key.pem", expectPrefix+".pem",
+				tlsCertCreateCommand(node),
+			))
+		}
+
+		err := s.runner.DockerExec(ctx, []string{
+			"run",
+			"--rm",
+			"-i",
+			"--net=none",
+			"-v", cluster.TLSVolumeName + ":/data",
+			"busybox:latest",
+			"sh", "-c",
+			// Need this so the permissions stick; docker seems to treat unused volumes differently.
+			`touch /data/VOLUME_PLACEHOLDER && chown -R ` + consulUserArg + ` /data`,
+		}, io.Discard, nil)
+		if err != nil {
+			return fmt.Errorf("could not initialize docker volume for cert data %q: %w", cluster.TLSVolumeName, err)
+		}
+
+		err = s.runner.DockerExec(ctx, []string{"run",
+			"--rm",
+			"-i",
+			"--net=none",
+			"-u", consulUserArg,
+			"-v", cluster.TLSVolumeName + ":/data",
+			"-w", "/data",
+			"--entrypoint", "",
+			cluster.Images.Consul,
+			"/bin/sh", "-ec", buf.String(),
+		}, io.Discard, nil)
+		if err != nil {
+			return fmt.Errorf("could not create all necessary TLS certificates in docker volume: %v", err)
+		}
+	}
+
+	return nil
+}
diff --git a/testing/deployer/topology/compile.go b/testing/deployer/topology/compile.go
new file mode 100644
index 000000000000..2bdf9ad2c2bc
--- /dev/null
+++ b/testing/deployer/topology/compile.go
@@ -0,0 +1,671 @@
+package topology
+
+import (
+	crand "crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"reflect"
+	"regexp"
+	"sort"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/go-hclog"
+)
+
+const DockerPrefix = "consulcluster"
+
+func Compile(logger hclog.Logger, raw *Config) (*Topology, error) {
+	return compile(logger, raw, nil)
+}
+
+func Recompile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error) {
+	if prev == nil {
+		return nil, errors.New("missing previous topology")
+	}
+	return compile(logger, raw, prev)
+}
+
+func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error) {
+	var id string
+	if prev == nil {
+		var err error
+		id, err = newTopologyID()
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		id = prev.ID
+	}
+
+	images := DefaultImages().OverrideWith(raw.Images)
+	if images.Consul != "" {
+		return nil, fmt.Errorf("topology.images.consul cannot be set at this level")
+	}
+
+	if len(raw.Networks) == 0 {
+		return nil, fmt.Errorf("topology.networks is empty")
+	}
+
+	networks := make(map[string]*Network)
+	for _, net := range raw.Networks {
+		if net.DockerName != "" {
+			return nil, fmt.Errorf("network %q should not specify DockerName", net.Name)
+		}
+		if !IsValidLabel(net.Name) {
+			return nil, fmt.Errorf("network name is not valid: %s", net.Name)
+		}
+		if _, exists := networks[net.Name]; exists {
+			return nil, fmt.Errorf("cannot have two networks with the same name %q", net.Name)
+		}
+
+		switch net.Type {
+		case "":
+			net.Type = "lan"
+		case "wan", "lan":
+		default:
+			return nil, fmt.Errorf("network %q has unknown type %q", net.Name, net.Type)
+		}
+
+		networks[net.Name] = net
+		net.DockerName = DockerPrefix + "-" + net.Name + "-" + id
+	}
+
+	if len(raw.Clusters) == 0 {
+		return nil, fmt.Errorf("topology.clusters is empty")
+	}
+
+	var (
+		clusters  = make(map[string]*Cluster)
+		nextIndex int // use a global index so any shared networks work properly with assignments
+	)
+
+	foundPeerNames := make(map[string]map[string]struct{})
+	for _, c := range raw.Clusters {
+		if c.Name == "" {
+			return nil, fmt.Errorf("cluster has no name")
+		}
+
+		foundPeerNames[c.Name] = make(map[string]struct{})
+
+		if !IsValidLabel(c.Name) {
+			return nil, fmt.Errorf("cluster name is not valid: %s", c.Name)
+		}
+
+		if _, exists := clusters[c.Name]; exists {
+			return nil, fmt.Errorf("cannot have two clusters with the same name %q; use unique names and override the Datacenter field if that's what you want", c.Name)
+		}
+
+		if c.Datacenter == "" {
+			c.Datacenter = c.Name
+		} else {
+			if !IsValidLabel(c.Datacenter) {
+				return nil, fmt.Errorf("datacenter name is not valid: %s", c.Datacenter)
+			}
+		}
+
+		clusters[c.Name] = c
+		if c.NetworkName == "" {
+			c.NetworkName = c.Name
+		}
+
+		c.Images = images.OverrideWith(c.Images).ChooseConsul(c.Enterprise)
+
+		if _, ok := networks[c.NetworkName]; !ok {
+			return nil, fmt.Errorf("cluster %q uses network name %q that does not exist", c.Name, c.NetworkName)
+		}
+
+		if len(c.Nodes) == 0 {
+			return nil, fmt.Errorf("cluster %q has no nodes", c.Name)
+		}
+
+		if c.TLSVolumeName != "" {
+			return nil, fmt.Errorf("user cannot specify the TLSVolumeName field")
+		}
+
+		tenancies := make(map[string]map[string]struct{})
+		addTenancy := func(partition, namespace string) {
+			partition = PartitionOrDefault(partition)
+			namespace = NamespaceOrDefault(namespace)
+			m, ok := tenancies[partition]
+			if !ok {
+				m = make(map[string]struct{})
+				tenancies[partition] = m
+			}
+			m[namespace] = struct{}{}
+		}
+
+		for _, ap := range c.Partitions {
+			addTenancy(ap.Name, "default")
+			for _, ns := range ap.Namespaces {
+				addTenancy(ap.Name, ns)
+			}
+		}
+
+		for _, ce := range c.InitialConfigEntries {
+			addTenancy(ce.GetPartition(), ce.GetNamespace())
+		}
+
+		seenNodes := make(map[NodeID]struct{})
+		for _, n := range c.Nodes {
+			if n.Name == "" {
+				return nil, fmt.Errorf("cluster %q node has no name", c.Name)
+			}
+			if !IsValidLabel(n.Name) {
+				return nil, fmt.Errorf("node name is not valid: %s", n.Name)
+			}
+
+			switch n.Kind {
+			case NodeKindServer, NodeKindClient, NodeKindDataplane:
+			default:
+				return nil, fmt.Errorf("cluster %q node %q has invalid kind: %s", c.Name, n.Name, n.Kind)
+			}
+
+			n.Partition = PartitionOrDefault(n.Partition)
+			if !IsValidLabel(n.Partition) {
+				return nil, fmt.Errorf("node partition is not valid: %s", n.Partition)
+			}
+			addTenancy(n.Partition, "default")
+
+			if _, exists := seenNodes[n.ID()]; exists {
+				return nil, fmt.Errorf("cannot have two nodes in the same cluster %q with the same name %q", c.Name, n.ID())
+			}
+			seenNodes[n.ID()] = struct{}{}
+
+			if len(n.usedPorts) != 0 {
+				return nil, fmt.Errorf("user cannot specify the usedPorts field")
+			}
+			n.usedPorts = make(map[int]int)
+			exposePort := func(v int) bool {
+				if _, ok := n.usedPorts[v]; ok {
+					return false
+				}
+				n.usedPorts[v] = 0
+				return true
+			}
+
+			if n.IsAgent() {
+				// TODO: the ux  here is awful; we should be able to examine the topology to guess properly
+				exposePort(8500)
+				if n.IsServer() {
+					exposePort(8503)
+				} else {
+					exposePort(8502)
+				}
+			}
+
+			if n.Index != 0 {
+				return nil, fmt.Errorf("user cannot specify the node index")
+			}
+			n.Index = nextIndex
+			nextIndex++
+
+			n.Images = c.Images.OverrideWith(n.Images).ChooseNode(n.Kind)
+
+			n.Cluster = c.Name
+			n.Datacenter = c.Datacenter
+			n.dockerName = DockerPrefix + "-" + n.Name + "-" + id
+
+			if len(n.Addresses) == 0 {
+				n.Addresses = append(n.Addresses, &Address{Network: c.NetworkName})
+			}
+			var (
+				numPublic int
+				numLocal  int
+			)
+			for _, addr := range n.Addresses {
+				if addr.Network == "" {
+					return nil, fmt.Errorf("cluster %q node %q has invalid address", c.Name, n.Name)
+				}
+
+				if addr.Type != "" {
+					return nil, fmt.Errorf("user cannot specify the address type directly")
+				}
+
+				net, ok := networks[addr.Network]
+				if !ok {
+					return nil, fmt.Errorf("cluster %q node %q uses network name %q that does not exist", c.Name, n.Name, addr.Network)
+				}
+
+				if net.IsPublic() {
+					numPublic++
+				} else if net.IsLocal() {
+					numLocal++
+				}
+				addr.Type = net.Type
+
+				addr.DockerNetworkName = net.DockerName
+			}
+
+			if numLocal == 0 {
+				return nil, fmt.Errorf("cluster %q node %q has no local addresses", c.Name, n.Name)
+			}
+			if numPublic > 1 {
+				return nil, fmt.Errorf("cluster %q node %q has more than one public address", c.Name, n.Name)
+			}
+
+			seenServices := make(map[ServiceID]struct{})
+			for _, svc := range n.Services {
+				if n.IsAgent() {
+					// Default to that of the enclosing node.
+					svc.ID.Partition = n.Partition
+				}
+				svc.ID.Normalize()
+
+				// Denormalize
+				svc.Node = n
+
+				if !IsValidLabel(svc.ID.Partition) {
+					return nil, fmt.Errorf("service partition is not valid: %s", svc.ID.Partition)
+				}
+				if !IsValidLabel(svc.ID.Namespace) {
+					return nil, fmt.Errorf("service namespace is not valid: %s", svc.ID.Namespace)
+				}
+				if !IsValidLabel(svc.ID.Name) {
+					return nil, fmt.Errorf("service name is not valid: %s", svc.ID.Name)
+				}
+				addTenancy(svc.ID.Partition, svc.ID.Namespace)
+
+				if _, exists := seenServices[svc.ID]; exists {
+					return nil, fmt.Errorf("cannot have two services on the same node %q in the same cluster %q with the same name %q", n.ID(), c.Name, svc.ID)
+				}
+				seenServices[svc.ID] = struct{}{}
+
+				if !svc.DisableServiceMesh && n.IsDataplane() {
+					if svc.EnvoyPublicListenerPort <= 0 {
+						if _, ok := n.usedPorts[20000]; !ok {
+							// For convenience the FIRST service on a node can get 20000 for free.
+							svc.EnvoyPublicListenerPort = 20000
+						} else {
+							return nil, fmt.Errorf("envoy public listener port is required")
+						}
+					}
+				}
+
+				// add all of the service ports
+				for _, port := range svc.ports() {
+					if ok := exposePort(port); !ok {
+						return nil, fmt.Errorf("port used more than once on cluster %q node %q: %d", c.Name, n.ID(), port)
+					}
+				}
+
+				// TODO(rb): re-expose?
+				// switch svc.Protocol {
+				// case "":
+				// 	svc.Protocol = "tcp"
+				// 	fallthrough
+				// case "tcp":
+				// 	if svc.CheckHTTP != "" {
+				// 		return nil, fmt.Errorf("cannot set CheckHTTP for tcp service")
+				// 	}
+				// case "http":
+				// 	if svc.CheckTCP != "" {
+				// 		return nil, fmt.Errorf("cannot set CheckTCP for tcp service")
+				// 	}
+				// default:
+				// 	return nil, fmt.Errorf("service has invalid protocol: %s", svc.Protocol)
+				// }
+
+				for _, u := range svc.Upstreams {
+					// Default to that of the enclosing service.
+					if u.Peer == "" {
+						if u.ID.Partition == "" {
+							u.ID.Partition = svc.ID.Partition
+						}
+						if u.ID.Namespace == "" {
+							u.ID.Namespace = svc.ID.Namespace
+						}
+					} else {
+						if u.ID.Partition != "" {
+							u.ID.Partition = "" // irrelevant here; we'll set it to the value of the OTHER side for plumbing purposes in tests
+						}
+						u.ID.Namespace = NamespaceOrDefault(u.ID.Namespace)
+						foundPeerNames[c.Name][u.Peer] = struct{}{}
+					}
+
+					if u.ID.Name == "" {
+						return nil, fmt.Errorf("upstream service name is required")
+					}
+					addTenancy(u.ID.Partition, u.ID.Namespace)
+				}
+
+				if err := svc.Validate(); err != nil {
+					return nil, fmt.Errorf("cluster %q node %q service %q is not valid: %w", c.Name, n.Name, svc.ID.String(), err)
+				}
+			}
+		}
+
+		// Explode this into the explicit list based on stray references made.
+		c.Partitions = nil
+		for ap, nsMap := range tenancies {
+			p := &Partition{
+				Name: ap,
+			}
+			for ns := range nsMap {
+				p.Namespaces = append(p.Namespaces, ns)
+			}
+			sort.Strings(p.Namespaces)
+			c.Partitions = append(c.Partitions, p)
+		}
+		sort.Slice(c.Partitions, func(i, j int) bool {
+			return c.Partitions[i].Name < c.Partitions[j].Name
+		})
+
+		if !c.Enterprise {
+			expect := []*Partition{{Name: "default", Namespaces: []string{"default"}}}
+			if !reflect.DeepEqual(c.Partitions, expect) {
+				return nil, fmt.Errorf("cluster %q references non-default partitions or namespaces but is OSS", c.Name)
+			}
+		}
+	}
+
+	clusteredPeerings := make(map[string]map[string]*PeerCluster) // local-cluster -> local-peer -> info
+	addPeerMapEntry := func(pc PeerCluster) {
+		pm, ok := clusteredPeerings[pc.Name]
+		if !ok {
+			pm = make(map[string]*PeerCluster)
+			clusteredPeerings[pc.Name] = pm
+		}
+		pm[pc.PeerName] = &pc
+	}
+	for _, p := range raw.Peerings {
+		dialingCluster, ok := clusters[p.Dialing.Name]
+		if !ok {
+			return nil, fmt.Errorf("peering references a dialing cluster that does not exist: %s", p.Dialing.Name)
+		}
+		acceptingCluster, ok := clusters[p.Accepting.Name]
+		if !ok {
+			return nil, fmt.Errorf("peering references an accepting cluster that does not exist: %s", p.Accepting.Name)
+		}
+		if p.Dialing.Name == p.Accepting.Name {
+			return nil, fmt.Errorf("self peerings are not allowed: %s", p.Dialing.Name)
+		}
+
+		p.Dialing.Partition = PartitionOrDefault(p.Dialing.Partition)
+		p.Accepting.Partition = PartitionOrDefault(p.Accepting.Partition)
+
+		if dialingCluster.Enterprise {
+			if !dialingCluster.hasPartition(p.Dialing.Partition) {
+				return nil, fmt.Errorf("dialing side of peering cannot reference a partition that does not exist: %s", p.Dialing.Partition)
+			}
+		} else {
+			if p.Dialing.Partition != "default" {
+				return nil, fmt.Errorf("dialing side of peering cannot reference a partition when OSS")
+			}
+		}
+		if acceptingCluster.Enterprise {
+			if !acceptingCluster.hasPartition(p.Accepting.Partition) {
+				return nil, fmt.Errorf("accepting side of peering cannot reference a partition that does not exist: %s", p.Accepting.Partition)
+			}
+		} else {
+			if p.Accepting.Partition != "default" {
+				return nil, fmt.Errorf("accepting side of peering cannot reference a partition when OSS")
+			}
+		}
+
+		if p.Dialing.PeerName == "" {
+			p.Dialing.PeerName = "peer-" + p.Accepting.Name + "-" + p.Accepting.Partition
+		}
+		if p.Accepting.PeerName == "" {
+			p.Accepting.PeerName = "peer-" + p.Dialing.Name + "-" + p.Dialing.Partition
+		}
+
+		{ // Ensure the link fields do not have recursive links.
+			p.Dialing.Link = nil
+			p.Accepting.Link = nil
+
+			// Copy the un-linked data before setting the link
+			pa := p.Accepting
+			pd := p.Dialing
+
+			p.Accepting.Link = &pd
+			p.Dialing.Link = &pa
+		}
+
+		addPeerMapEntry(p.Accepting)
+		addPeerMapEntry(p.Dialing)
+
+		delete(foundPeerNames[p.Accepting.Name], p.Accepting.PeerName)
+		delete(foundPeerNames[p.Dialing.Name], p.Dialing.PeerName)
+	}
+
+	for cluster, peers := range foundPeerNames {
+		if len(peers) > 0 {
+			var pretty []string
+			for name := range peers {
+				pretty = append(pretty, name)
+			}
+			sort.Strings(pretty)
+			return nil, fmt.Errorf("cluster[%s] found topology references to peerings that do not exist: %v", cluster, pretty)
+		}
+	}
+
+	// after we decoded the peering stuff, we can fill in some computed data in the upstreams
+	for _, c := range clusters {
+		c.Peerings = clusteredPeerings[c.Name]
+		for _, n := range c.Nodes {
+			for _, svc := range n.Services {
+				for _, u := range svc.Upstreams {
+					if u.Peer == "" {
+						u.Cluster = c.Name
+						u.Peering = nil
+						continue
+					}
+					remotePeer, ok := c.Peerings[u.Peer]
+					if !ok {
+						return nil, fmt.Errorf("not possible")
+					}
+					u.Cluster = remotePeer.Link.Name
+					u.Peering = remotePeer.Link
+					// this helps in generating fortio assertions; otherwise field is ignored
+					u.ID.Partition = remotePeer.Link.Partition
+				}
+			}
+		}
+	}
+
+	t := &Topology{
+		ID:       id,
+		Networks: networks,
+		Clusters: clusters,
+		Images:   images,
+		Peerings: raw.Peerings,
+	}
+
+	if prev != nil {
+		// networks cannot change
+		if !sameKeys(prev.Networks, t.Networks) {
+			return nil, fmt.Errorf("cannot create or destroy networks")
+		}
+
+		for _, newNetwork := range t.Networks {
+			oldNetwork := prev.Networks[newNetwork.Name]
+
+			// Carryover
+			newNetwork.inheritFromExisting(oldNetwork)
+
+			if err := isSame(oldNetwork, newNetwork); err != nil {
+				return nil, fmt.Errorf("networks cannot change: %w", err)
+			}
+
+		}
+
+		// cannot add or remove an entire cluster
+		if !sameKeys(prev.Clusters, t.Clusters) {
+			return nil, fmt.Errorf("cannot create or destroy clusters")
+		}
+
+		for _, newCluster := range t.Clusters {
+			oldCluster := prev.Clusters[newCluster.Name]
+
+			// Carryover
+			newCluster.inheritFromExisting(oldCluster)
+
+			if newCluster.Name != oldCluster.Name ||
+				newCluster.NetworkName != oldCluster.NetworkName ||
+				newCluster.Datacenter != oldCluster.Datacenter ||
+				newCluster.Enterprise != oldCluster.Enterprise {
+				return nil, fmt.Errorf("cannot edit some cluster fields for %q", newCluster.Name)
+			}
+
+			// WARN on presence of some things.
+			if len(newCluster.InitialConfigEntries) > 0 {
+				logger.Warn("initial config entries were provided, but are skipped on recompile")
+			}
+
+			// Check NODES
+			if err := inheritAndValidateNodes(oldCluster.Nodes, newCluster.Nodes); err != nil {
+				return nil, fmt.Errorf("some immutable aspects of nodes were changed in cluster %q: %w", newCluster.Name, err)
+			}
+		}
+	}
+
+	return t, nil
+}
+
+const permutedWarning = "use the disabled node kind if you want to ignore a node"
+
+func inheritAndValidateNodes(
+	prev, curr []*Node,
+) error {
+	nodeMap := mapifyNodes(curr)
+
+	for prevIdx, node := range prev {
+		currNode, ok := nodeMap[node.ID()]
+		if !ok {
+			return fmt.Errorf("node %q has vanished; "+permutedWarning, node.ID())
+		}
+		// Ensure it hasn't been permuted.
+		if currNode.Pos != prevIdx {
+			return fmt.Errorf(
+				"node %q has been shuffled %d -> %d; "+permutedWarning,
+				node.ID(),
+				prevIdx,
+				currNode.Pos,
+			)
+		}
+
+		if currNode.Node.Kind != node.Kind ||
+			currNode.Node.Partition != node.Partition ||
+			currNode.Node.Name != node.Name ||
+			currNode.Node.Index != node.Index ||
+			len(currNode.Node.Addresses) != len(node.Addresses) ||
+			!sameKeys(currNode.Node.usedPorts, node.usedPorts) {
+			return fmt.Errorf("cannot edit some node fields for %q", node.ID())
+		}
+
+		currNode.Node.inheritFromExisting(node)
+
+		for i := 0; i < len(currNode.Node.Addresses); i++ {
+			prevAddr := node.Addresses[i]
+			currAddr := currNode.Node.Addresses[i]
+
+			if prevAddr.Network != currAddr.Network {
+				return fmt.Errorf("addresses were shuffled for node %q", node.ID())
+			}
+
+			if prevAddr.Type != currAddr.Type {
+				return fmt.Errorf("cannot edit some address fields for %q", node.ID())
+			}
+
+			currAddr.inheritFromExisting(prevAddr)
+		}
+
+		svcMap := mapifyServices(currNode.Node.Services)
+
+		for _, svc := range node.Services {
+			currSvc, ok := svcMap[svc.ID]
+			if !ok {
+				continue // service has vanished, this is ok
+			}
+			// don't care about index permutation
+
+			if currSvc.ID != svc.ID ||
+				currSvc.Port != svc.Port ||
+				currSvc.EnvoyAdminPort != svc.EnvoyAdminPort ||
+				currSvc.EnvoyPublicListenerPort != svc.EnvoyPublicListenerPort ||
+				isSame(currSvc.Command, svc.Command) != nil ||
+				isSame(currSvc.Env, svc.Env) != nil {
+				return fmt.Errorf("cannot edit some address fields for %q", svc.ID)
+			}
+
+			currSvc.inheritFromExisting(svc)
+		}
+	}
+	return nil
+}
+
+func newTopologyID() (string, error) {
+	const n = 16
+	id := make([]byte, n)
+	if _, err := crand.Read(id[:]); err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(id)[:n], nil
+}
+
+// matches valid DNS labels according to RFC 1123, should be at most 63
+// characters according to the RFC
+var validLabel = regexp.MustCompile(`^[a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?$`)
+
+// IsValidLabel returns true if the string given is a valid DNS label (RFC 1123).
+// Note: the only difference between RFC 1035 and RFC 1123 labels is that in
+// RFC 1123 labels can begin with a number.
+func IsValidLabel(name string) bool {
+	return validLabel.MatchString(name)
+}
+
+// ValidateLabel is similar to IsValidLabel except it returns an error
+// instead of false when name is not a valid DNS label. The error will contain
+// reference to what constitutes a valid DNS label.
+func ValidateLabel(name string) error {
+	if !IsValidLabel(name) {
+		return errors.New("a valid DNS label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character")
+	}
+	return nil
+}
+
+func isSame(x, y any) error {
+	diff := cmp.Diff(x, y)
+	if diff != "" {
+		return fmt.Errorf("values are not equal\n--- expected\n+++ actual\n%v", diff)
+	}
+	return nil
+}
+
+func sameKeys[K comparable, V any](x, y map[K]V) bool {
+	if len(x) != len(y) {
+		return false
+	}
+
+	for kx := range x {
+		if _, ok := y[kx]; !ok {
+			return false
+		}
+	}
+	return true
+}
+
+func mapifyNodes(nodes []*Node) map[NodeID]nodeWithPosition {
+	m := make(map[NodeID]nodeWithPosition)
+	for i, node := range nodes {
+		m[node.ID()] = nodeWithPosition{
+			Pos:  i,
+			Node: node,
+		}
+	}
+	return m
+}
+
+type nodeWithPosition struct {
+	Pos  int
+	Node *Node
+}
+
+func mapifyServices(services []*Service) map[ServiceID]*Service {
+	m := make(map[ServiceID]*Service)
+	for _, svc := range services {
+		m[svc.ID] = svc
+	}
+	return m
+}
diff --git a/testing/deployer/topology/default_cdp.go b/testing/deployer/topology/default_cdp.go
new file mode 100644
index 000000000000..eb3aa5bd20be
--- /dev/null
+++ b/testing/deployer/topology/default_cdp.go
@@ -0,0 +1,3 @@
+package topology
+
+const DefaultDataplaneImage = "hashicorp/consul-dataplane:1.1.0"
diff --git a/testing/deployer/topology/default_consul.go b/testing/deployer/topology/default_consul.go
new file mode 100644
index 000000000000..e65b42cfd8b1
--- /dev/null
+++ b/testing/deployer/topology/default_consul.go
@@ -0,0 +1,4 @@
+package topology
+
+const DefaultConsulImage = "hashicorp/consul:1.15.2"
+const DefaultConsulEnterpriseImage = "hashicorp/consul-enterprise:1.15.2-ent"
diff --git a/testing/deployer/topology/default_envoy.go b/testing/deployer/topology/default_envoy.go
new file mode 100644
index 000000000000..05ee5d5e5ad1
--- /dev/null
+++ b/testing/deployer/topology/default_envoy.go
@@ -0,0 +1,3 @@
+package topology
+
+const DefaultEnvoyImage = "envoyproxy/envoy:v1.25.1"
diff --git a/testing/deployer/topology/ids.go b/testing/deployer/topology/ids.go
new file mode 100644
index 000000000000..372bccec36a3
--- /dev/null
+++ b/testing/deployer/topology/ids.go
@@ -0,0 +1,142 @@
+package topology
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/consul/api"
+)
+
+type NodeServiceID struct {
+	Node      string
+	Service   string `json:",omitempty"`
+	Namespace string `json:",omitempty"`
+	Partition string `json:",omitempty"`
+}
+
+func NewNodeServiceID(node, service, namespace, partition string) NodeServiceID {
+	id := NodeServiceID{
+		Node:      node,
+		Service:   service,
+		Namespace: namespace,
+		Partition: partition,
+	}
+	id.Normalize()
+	return id
+}
+
+func (id NodeServiceID) NodeID() NodeID {
+	return NewNodeID(id.Node, id.Partition)
+}
+
+func (id NodeServiceID) ServiceID() ServiceID {
+	return NewServiceID(id.Service, id.Namespace, id.Partition)
+}
+
+func (id *NodeServiceID) Normalize() {
+	id.Namespace = NamespaceOrDefault(id.Namespace)
+	id.Partition = PartitionOrDefault(id.Partition)
+}
+
+func (id NodeServiceID) String() string {
+	return fmt.Sprintf("%s/%s/%s/%s", id.Partition, id.Node, id.Namespace, id.Service)
+}
+
+type NodeID struct {
+	Name      string `json:",omitempty"`
+	Partition string `json:",omitempty"`
+}
+
+func NewNodeID(name, partition string) NodeID {
+	id := NodeID{
+		Name:      name,
+		Partition: partition,
+	}
+	id.Normalize()
+	return id
+}
+
+func (id *NodeID) Normalize() {
+	id.Partition = PartitionOrDefault(id.Partition)
+}
+
+func (id NodeID) String() string {
+	return fmt.Sprintf("%s/%s", id.Partition, id.Name)
+}
+
+func (id NodeID) ACLString() string {
+	return fmt.Sprintf("%s--%s", id.Partition, id.Name)
+}
+func (id NodeID) TFString() string {
+	return id.ACLString()
+}
+
+type ServiceID struct {
+	Name      string `json:",omitempty"`
+	Namespace string `json:",omitempty"`
+	Partition string `json:",omitempty"`
+}
+
+func NewServiceID(name, namespace, partition string) ServiceID {
+	id := ServiceID{
+		Name:      name,
+		Namespace: namespace,
+		Partition: partition,
+	}
+	id.Normalize()
+	return id
+}
+
+func (id ServiceID) Less(other ServiceID) bool {
+	if id.Partition != other.Partition {
+		return id.Partition < other.Partition
+	}
+	if id.Namespace != other.Namespace {
+		return id.Namespace < other.Namespace
+	}
+	return id.Name < other.Name
+}
+
+func (id *ServiceID) Normalize() {
+	id.Namespace = NamespaceOrDefault(id.Namespace)
+	id.Partition = PartitionOrDefault(id.Partition)
+}
+
+func (id ServiceID) String() string {
+	return fmt.Sprintf("%s/%s/%s", id.Partition, id.Namespace, id.Name)
+}
+
+func (id ServiceID) ACLString() string {
+	return fmt.Sprintf("%s--%s--%s", id.Partition, id.Namespace, id.Name)
+}
+func (id ServiceID) TFString() string {
+	return id.ACLString()
+}
+
+func PartitionOrDefault(name string) string {
+	if name == "" {
+		return "default"
+	}
+	return name
+}
+func NamespaceOrDefault(name string) string {
+	if name == "" {
+		return "default"
+	}
+	return name
+}
+
+func DefaultToEmpty(name string) string {
+	if name == "default" {
+		return ""
+	}
+	return name
+}
+
+// PartitionQueryOptions returns an *api.QueryOptions with the given partition
+// field set only if the partition is non-default. This helps when writing
+// tests for joint use in OSS and ENT.
+func PartitionQueryOptions(partition string) *api.QueryOptions {
+	return &api.QueryOptions{
+		Partition: DefaultToEmpty(partition),
+	}
+}
diff --git a/testing/deployer/topology/images.go b/testing/deployer/topology/images.go
new file mode 100644
index 000000000000..25901de66f02
--- /dev/null
+++ b/testing/deployer/topology/images.go
@@ -0,0 +1,123 @@
+package topology
+
+import (
+	"strings"
+)
+
+type Images struct {
+	Consul           string `json:",omitempty"`
+	ConsulOSS        string `json:",omitempty"`
+	ConsulEnterprise string `json:",omitempty"`
+	Envoy            string
+	Dataplane        string
+}
+
+func (i Images) LocalDataplaneImage() string {
+	if i.Dataplane == "" {
+		return ""
+	}
+
+	img, tag, ok := strings.Cut(i.Dataplane, ":")
+	if !ok {
+		tag = "latest"
+	}
+
+	repo, name, ok := strings.Cut(img, "/")
+	if ok {
+		name = repo + "-" + name
+	}
+
+	// ex: local/hashicorp-consul-dataplane:1.1.0
+	return "local/" + name + ":" + tag
+}
+
+func (i Images) EnvoyConsulImage() string {
+	if i.Consul == "" || i.Envoy == "" {
+		return ""
+	}
+
+	img1, tag1, ok1 := strings.Cut(i.Consul, ":")
+	img2, tag2, ok2 := strings.Cut(i.Envoy, ":")
+	if !ok1 {
+		tag1 = "latest"
+	}
+	if !ok2 {
+		tag2 = "latest"
+	}
+
+	repo1, name1, ok1 := strings.Cut(img1, "/")
+	repo2, name2, ok2 := strings.Cut(img2, "/")
+
+	if ok1 {
+		name1 = repo1 + "-" + name1
+	} else {
+		name1 = repo1
+	}
+	if ok2 {
+		name2 = repo2 + "-" + name2
+	} else {
+		name2 = repo2
+	}
+
+	// ex: local/hashicorp-consul-and-envoyproxy-envoy:1.15.0-with-v1.26.2
+	return "local/" + name1 + "-and-" + name2 + ":" + tag1 + "-with-" + tag2
+}
+
+func (i Images) ChooseNode(kind NodeKind) Images {
+	switch kind {
+	case NodeKindServer:
+		i.Envoy = ""
+		i.Dataplane = ""
+	case NodeKindClient:
+		i.Dataplane = ""
+	case NodeKindDataplane:
+		i.Envoy = ""
+	default:
+		// do nothing
+	}
+	return i
+}
+
+func (i Images) ChooseConsul(enterprise bool) Images {
+	if enterprise {
+		i.Consul = i.ConsulEnterprise
+	} else {
+		i.Consul = i.ConsulOSS
+	}
+	i.ConsulEnterprise = ""
+	i.ConsulOSS = ""
+	return i
+}
+
+func (i Images) OverrideWith(i2 Images) Images {
+	if i2.Consul != "" {
+		i.Consul = i2.Consul
+	}
+	if i2.ConsulOSS != "" {
+		i.ConsulOSS = i2.ConsulOSS
+	}
+	if i2.ConsulEnterprise != "" {
+		i.ConsulEnterprise = i2.ConsulEnterprise
+	}
+	if i2.Envoy != "" {
+		i.Envoy = i2.Envoy
+	}
+	if i2.Dataplane != "" {
+		i.Dataplane = i2.Dataplane
+	}
+	return i
+}
+
+// DefaultImages controls which specific docker images are used as default
+// values for topology components that do not specify values.
+//
+// These can be bulk-updated using the make target 'make update-defaults'
+func DefaultImages() Images {
+	return Images{
+		Consul:           "",
+		ConsulOSS:        DefaultConsulImage,
+		ConsulEnterprise: DefaultConsulEnterpriseImage,
+		Envoy:            DefaultEnvoyImage,
+		Dataplane:        DefaultDataplaneImage,
+	}
+}
diff --git a/testing/deployer/topology/images_test.go b/testing/deployer/topology/images_test.go
new file mode 100644
index 000000000000..a8af9029d1a9
--- /dev/null
+++ b/testing/deployer/topology/images_test.go
@@ -0,0 +1,98 @@
+package topology
+
+import (
+	"strconv"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestImages_EnvoyConsulImage(t *testing.T) {
+	type testcase struct {
+		consul, envoy string
+		expect        string
+	}
+
+	run := func(t *testing.T, tc testcase) {
+		i := Images{Consul: tc.consul, Envoy: tc.envoy}
+		j := i.EnvoyConsulImage()
+		require.Equal(t, tc.expect, j)
+	}
+
+	cases := []testcase{
+		{
+			consul: "",
+			envoy:  "",
+			expect: "",
+		},
+		{
+			consul: "consul",
+			envoy:  "",
+			expect: "",
+		},
+		{
+			consul: "",
+			envoy:  "envoy",
+			expect: "",
+		},
+		{
+			consul: "consul",
+			envoy:  "envoy",
+			expect: "local/consul-and-envoy:latest-with-latest",
+		},
+		// repos
+		{
+			consul: "hashicorp/consul",
+			envoy:  "envoy",
+			expect: "local/hashicorp-consul-and-envoy:latest-with-latest",
+		},
+		{
+			consul: "consul",
+			envoy:  "envoyproxy/envoy",
+			expect: "local/consul-and-envoyproxy-envoy:latest-with-latest",
+		},
+		{
+			consul: "hashicorp/consul",
+			envoy:  "envoyproxy/envoy",
+			expect: "local/hashicorp-consul-and-envoyproxy-envoy:latest-with-latest",
+		},
+		// tags
+		{
+			consul: "consul:1.15.0",
+			envoy:  "envoy",
+			expect: "local/consul-and-envoy:1.15.0-with-latest",
+		},
+		{
+			consul: "consul",
+			envoy:  "envoy:v1.26.1",
+			expect: "local/consul-and-envoy:latest-with-v1.26.1",
+		},
+		{
+			consul: "consul:1.15.0",
+			envoy:  "envoy:v1.26.1",
+			expect: "local/consul-and-envoy:1.15.0-with-v1.26.1",
+		},
+		// repos+tags
+		{
+			consul: "hashicorp/consul:1.15.0",
+			envoy:  "envoy:v1.26.1",
+			expect: "local/hashicorp-consul-and-envoy:1.15.0-with-v1.26.1",
+		},
+		{
+			consul: "consul:1.15.0",
+			envoy:  "envoyproxy/envoy:v1.26.1",
+			expect: "local/consul-and-envoyproxy-envoy:1.15.0-with-v1.26.1",
+		},
+		{
+			consul: "hashicorp/consul:1.15.0",
+			envoy:  "envoyproxy/envoy:v1.26.1",
+			expect: "local/hashicorp-consul-and-envoyproxy-envoy:1.15.0-with-v1.26.1",
+		},
+	}
+
+	for i, tc := range cases {
+		t.Run(strconv.Itoa(i), func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
diff --git a/testing/deployer/topology/topology.go b/testing/deployer/topology/topology.go
new file mode 100644
index 000000000000..fbdf2605d53f
--- /dev/null
+++ b/testing/deployer/topology/topology.go
@@ -0,0 +1,787 @@
+package topology
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"net/netip"
+	"reflect"
+	"sort"
+
+	"github.com/hashicorp/consul/api"
+)
+
+type Topology struct {
+	ID string
+
+	// Images controls which specific docker images are used when running this
+	// node. Non-empty fields here override non-empty fields inherited from the
+	// general default values from DefaultImages().
+	Images Images
+
+	// Networks is the list of networks to create for this set of clusters.
+	Networks map[string]*Network
+
+	// Clusters defines the list of Consul clusters that should be created, and
+	// their associated workloads.
+	Clusters map[string]*Cluster
+
+	// Peerings defines the list of pairwise peerings that should be established
+	// between clusters.
+	Peerings []*Peering `json:",omitempty"`
+}
+
+func (t *Topology) DigestExposedProxyPort(netName string, proxyPort int) (bool, error) {
+	net, ok := t.Networks[netName]
+	if !ok {
+		return false, fmt.Errorf("found output network that does not exist: %s", netName)
+	}
+	if net.ProxyPort == proxyPort {
+		return false, nil
+	}
+
+	net.ProxyPort = proxyPort
+
+	// Denormalize for UX.
+	for _, cluster := range t.Clusters {
+		for _, node := range cluster.Nodes {
+			for _, addr := range node.Addresses {
+				if addr.Network == netName {
+					addr.ProxyPort = proxyPort
+				}
+			}
+		}
+	}
+
+	return true, nil
+}
+
+func (t *Topology) SortedNetworks() []*Network {
+	var out []*Network
+	for _, n := range t.Networks {
+		out = append(out, n)
+	}
+	sort.Slice(out, func(i, j int) bool {
+		return out[i].Name < out[j].Name
+	})
+	return out
+}
+
+func (t *Topology) SortedClusters() []*Cluster {
+	var out []*Cluster
+	for _, c := range t.Clusters {
+		out = append(out, c)
+	}
+	sort.Slice(out, func(i, j int) bool {
+		return out[i].Name < out[j].Name
+	})
+	return out
+}
+
+type Config struct {
+	// Images controls which specific docker images are used when running this
+	// node. Non-empty fields here override non-empty fields inherited from the
+	// general default values from DefaultImages().
+	Images Images
+
+	// Networks is the list of networks to create for this set of clusters.
+	Networks []*Network
+
+	// Clusters defines the list of Consul clusters that should be created, and
+	// their associated workloads.
+	Clusters []*Cluster
+
+	// Peerings defines the list of pairwise peerings that should be established
+	// between clusters.
+	Peerings []*Peering
+}
+
+func (c *Config) Cluster(name string) *Cluster {
+	for _, cluster := range c.Clusters {
+		if cluster.Name == name {
+			return cluster
+		}
+	}
+	return nil
+}
+
+type Network struct {
+	Type string // lan/wan ; empty means lan
+	Name string // logical name
+
+	// computed at topology compile
+	DockerName string
+	// generated during network-and-tls
+	Subnet string
+	IPPool []string `json:"-"`
+	// generated during network-and-tls
+	ProxyAddress string `json:",omitempty"`
+	DNSAddress   string `json:",omitempty"`
+	// filled in from terraform outputs after network-and-tls
+	ProxyPort int `json:",omitempty"`
+}
+
+func (n *Network) IsLocal() bool {
+	return n.Type == "" || n.Type == "lan"
+}
+
+func (n *Network) IsPublic() bool {
+	return n.Type == "wan"
+}
+
+func (n *Network) inheritFromExisting(existing *Network) {
+	n.Subnet = existing.Subnet
+	n.IPPool = existing.IPPool
+	n.ProxyAddress = existing.ProxyAddress
+	n.DNSAddress = existing.DNSAddress
+	n.ProxyPort = existing.ProxyPort
+}
+
+func (n *Network) IPByIndex(index int) string {
+	if index >= len(n.IPPool) {
+		panic(fmt.Sprintf(
+			"not enough ips on this network to assign index %d: %d",
+			len(n.IPPool), index,
+		))
+	}
+	return n.IPPool[index]
+}
+
+func (n *Network) SetSubnet(subnet string) (bool, error) {
+	if n.Subnet == subnet {
+		return false, nil
+	}
+
+	p, err := netip.ParsePrefix(subnet)
+	if err != nil {
+		return false, err
+	}
+	if !p.IsValid() {
+		return false, errors.New("not valid")
+	}
+	p = p.Masked()
+
+	var ipPool []string
+
+	addr := p.Addr()
+	for {
+		if !p.Contains(addr) {
+			break
+		}
+		ipPool = append(ipPool, addr.String())
+		addr = addr.Next()
+	}
+
+	ipPool = ipPool[2:] // skip the x.x.x.{0,1}
+
+	n.Subnet = subnet
+	n.IPPool = ipPool
+	return true, nil
+}
+
+// Cluster represents a single standalone install of Consul. This is the unit
+// of what is peered when using cluster peering. Older consul installs would
+// call this a datacenter.
+type Cluster struct {
+	Name        string
+	NetworkName string // empty assumes same as Name
+
+	// Images controls which specific docker images are used when running this
+	// cluster. Non-empty fields here override non-empty fields inherited from
+	// the enclosing Topology.
+	Images Images
+
+	// Enterprise marks this cluster as desiring to run Consul Enterprise
+	// components.
+	Enterprise bool `json:",omitempty"`
+
+	// Nodes is the definition of the nodes (agent-less and agent-ful).
+	Nodes []*Node
+
+	// Partitions is a list of tenancy configurations that should be created
+	// after the servers come up but before the clients and the rest of the
+	// topology starts.
+	//
+	// Enterprise Only.
+	Partitions []*Partition `json:",omitempty"`
+
+	// Datacenter defaults to "Name" if left unspecified. It lets you possibly
+	// create multiple peer clusters with identical datacenter names.
+	Datacenter string
+
+	// InitialConfigEntries is a convenience function to have some config
+	// entries created after the servers start up but before the rest of the
+	// topology comes up.
+	InitialConfigEntries []api.ConfigEntry `json:",omitempty"`
+
+	// TLSVolumeName is the docker volume name containing the various certs
+	// generated by 'consul tls cert create'
+	//
+	// This is generated during the networking phase and is not user specified.
+	TLSVolumeName string `json:",omitempty"`
+
+	// Peerings is a map of peering names to information about that peering in this cluster
+	//
+	// Denormalized during compile.
+	Peerings map[string]*PeerCluster `json:",omitempty"`
+}
+
+func (c *Cluster) inheritFromExisting(existing *Cluster) {
+	c.TLSVolumeName = existing.TLSVolumeName
+}
+
+type Partition struct {
+	Name       string
+	Namespaces []string
+}
+
+func (c *Cluster) hasPartition(p string) bool {
+	for _, partition := range c.Partitions {
+		if partition.Name == p {
+			return true
+		}
+	}
+	return false
+}
+
+func (c *Cluster) PartitionQueryOptionsList() []*api.QueryOptions {
+	if !c.Enterprise {
+		return []*api.QueryOptions{{}}
+	}
+
+	var out []*api.QueryOptions
+	for _, p := range c.Partitions {
+		out = append(out, &api.QueryOptions{Partition: p.Name})
+	}
+	return out
+}
+
+func (c *Cluster) ServerNodes() []*Node {
+	var out []*Node
+	for _, node := range c.SortedNodes() {
+		if node.Kind != NodeKindServer || node.Disabled {
+			continue
+		}
+		out = append(out, node)
+	}
+	return out
+}
+
+func (c *Cluster) ServerByAddr(addr string) *Node {
+	expect, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil
+	}
+
+	for _, node := range c.Nodes {
+		if node.Kind != NodeKindServer || node.Disabled {
+			continue
+		}
+		if node.LocalAddress() == expect {
+			return node
+		}
+	}
+
+	return nil
+}
+
+func (c *Cluster) FirstServer() *Node {
+	for _, node := range c.Nodes {
+		if node.IsServer() && !node.Disabled && node.ExposedPort(8500) > 0 {
+			return node
+		}
+	}
+	return nil
+}
+
+func (c *Cluster) FirstClient() *Node {
+	for _, node := range c.Nodes {
+		if node.Kind != NodeKindClient || node.Disabled {
+			continue
+		}
+		return node
+	}
+	return nil
+}
+
+func (c *Cluster) ActiveNodes() []*Node {
+	var out []*Node
+	for _, node := range c.Nodes {
+		if !node.Disabled {
+			out = append(out, node)
+		}
+	}
+	return out
+}
+
+func (c *Cluster) SortedNodes() []*Node {
+	var out []*Node
+	out = append(out, c.Nodes...)
+
+	kindOrder := map[NodeKind]int{
+		NodeKindServer:    1,
+		NodeKindClient:    2,
+		NodeKindDataplane: 2,
+	}
+	sort.Slice(out, func(i, j int) bool {
+		ni, nj := out[i], out[j]
+
+		// servers before clients/dataplanes
+		ki, kj := kindOrder[ni.Kind], kindOrder[nj.Kind]
+		if ki < kj {
+			return true
+		} else if ki > kj {
+			return false
+		}
+
+		// lex sort by partition
+		if ni.Partition < nj.Partition {
+			return true
+		} else if ni.Partition > nj.Partition {
+			return false
+		}
+
+		// lex sort by name
+		return ni.Name < nj.Name
+	})
+	return out
+}
+
+func (c *Cluster) FindService(id NodeServiceID) *Service {
+	id.Normalize()
+
+	nid := id.NodeID()
+	sid := id.ServiceID()
+	return c.ServiceByID(nid, sid)
+}
+
+func (c *Cluster) ServiceByID(nid NodeID, sid ServiceID) *Service {
+	return c.NodeByID(nid).ServiceByID(sid)
+}
+
+func (c *Cluster) ServicesByID(sid ServiceID) []*Service {
+	sid.Normalize()
+
+	var out []*Service
+	for _, n := range c.Nodes {
+		for _, svc := range n.Services {
+			if svc.ID == sid {
+				out = append(out, svc)
+			}
+		}
+	}
+	return out
+}
+
+func (c *Cluster) NodeByID(nid NodeID) *Node {
+	nid.Normalize()
+	for _, n := range c.Nodes {
+		if n.ID() == nid {
+			return n
+		}
+	}
+	panic("node not found: " + nid.String())
+}
+
+type Address struct {
+	Network string
+
+	// denormalized at topology compile
+	Type string
+	// denormalized at topology compile
+	DockerNetworkName string
+	// generated after network-and-tls
+	IPAddress string
+	// denormalized from terraform outputs stored in the Network
+	ProxyPort int `json:",omitempty"`
+}
+
+func (a *Address) inheritFromExisting(existing *Address) {
+	a.IPAddress = existing.IPAddress
+	a.ProxyPort = existing.ProxyPort
+}
+
+func (a Address) IsLocal() bool {
+	return a.Type == "" || a.Type == "lan"
+}
+
+func (a Address) IsPublic() bool {
+	return a.Type == "wan"
+}
+
+type NodeKind string
+
+const (
+	NodeKindUnknown   NodeKind = ""
+	NodeKindServer    NodeKind = "server"
+	NodeKindClient    NodeKind = "client"
+	NodeKindDataplane NodeKind = "dataplane"
+)
+
+// TODO: rename pod
+type Node struct {
+	Kind      NodeKind
+	Partition string // will be not empty
+	Name      string // logical name
+
+	// Images controls which specific docker images are used when running this
+	// node. Non-empty fields here override non-empty fields inherited from
+	// the enclosing Cluster.
+	Images Images
+
+	// AgentEnv contains optional environment variables to attach to Consul agents.
+	AgentEnv []string
+
+	Disabled bool `json:",omitempty"`
+
+	Addresses []*Address
+	Services  []*Service
+
+	// denormalized at topology compile
+	Cluster    string
+	Datacenter string
+
+	// computed at topology compile
+	Index int
+
+	// generated during network-and-tls
+	TLSCertPrefix string `json:",omitempty"`
+
+	// dockerName is computed at topology compile
+	dockerName string
+
+	// usedPorts has keys that are computed at topology compile (internal
+	// ports) and values initialized to zero until terraform creates the pods
+	// and extracts the exposed port values from output variables.
+	usedPorts map[int]int // keys are from compile / values are from terraform output vars
+}
+
+func (n *Node) DockerName() string {
+	return n.dockerName
+}
+
+func (n *Node) ExposedPort(internalPort int) int {
+	return n.usedPorts[internalPort]
+}
+
+func (n *Node) SortedPorts() []int {
+	var out []int
+	for internalPort := range n.usedPorts {
+		out = append(out, internalPort)
+	}
+	sort.Ints(out)
+	return out
+}
+
+func (n *Node) inheritFromExisting(existing *Node) {
+	n.TLSCertPrefix = existing.TLSCertPrefix
+
+	merged := existing.usedPorts
+	for k, vNew := range n.usedPorts {
+		if _, present := merged[k]; !present {
+			merged[k] = vNew
+		}
+	}
+	n.usedPorts = merged
+}
+
+func (n *Node) String() string {
+	return n.ID().String()
+}
+
+func (n *Node) ID() NodeID {
+	return NewNodeID(n.Name, n.Partition)
+}
+
+func (n *Node) CatalogID() NodeID {
+	return NewNodeID(n.PodName(), n.Partition)
+}
+
+func (n *Node) PodName() string {
+	return n.dockerName + "-pod"
+}
+
+func (n *Node) AddressByNetwork(name string) *Address {
+	for _, a := range n.Addresses {
+		if a.Network == name {
+			return a
+		}
+	}
+	return nil
+}
+
+func (n *Node) LocalAddress() string {
+	for _, a := range n.Addresses {
+		if a.IsLocal() {
+			if a.IPAddress == "" {
+				panic("node has no assigned local address")
+			}
+			return a.IPAddress
+		}
+	}
+	panic("node has no local network")
+}
+
+func (n *Node) HasPublicAddress() bool {
+	for _, a := range n.Addresses {
+		if a.IsPublic() {
+			return true
+		}
+	}
+	return false
+}
+
+func (n *Node) LocalProxyPort() int {
+	for _, a := range n.Addresses {
+		if a.IsLocal() {
+			if a.ProxyPort > 0 {
+				return a.ProxyPort
+			}
+			panic("node has no assigned local address")
+		}
+	}
+	panic("node has no local network")
+}
+
+func (n *Node) PublicAddress() string {
+	for _, a := range n.Addresses {
+		if a.IsPublic() {
+			if a.IPAddress == "" {
+				panic("node has no assigned public address")
+			}
+			return a.IPAddress
+		}
+	}
+	panic("node has no public network")
+}
+
+func (n *Node) PublicProxyPort() int {
+	for _, a := range n.Addresses {
+		if a.IsPublic() {
+			if a.ProxyPort > 0 {
+				return a.ProxyPort
+			}
+			panic("node has no assigned public address")
+		}
+	}
+	panic("node has no public network")
+}
+
+func (n *Node) IsServer() bool {
+	return n.Kind == NodeKindServer
+}
+
+func (n *Node) IsAgent() bool {
+	return n.Kind == NodeKindServer || n.Kind == NodeKindClient
+}
+
+func (n *Node) RunsWorkloads() bool {
+	return n.IsAgent() || n.IsDataplane()
+}
+
+func (n *Node) IsDataplane() bool {
+	return n.Kind == NodeKindDataplane
+}
+
+func (n *Node) SortedServices() []*Service {
+	var out []*Service
+	out = append(out, n.Services...)
+	sort.Slice(out, func(i, j int) bool {
+		mi := out[i].IsMeshGateway
+		mj := out[j].IsMeshGateway
+		if mi && !mi {
+			return false
+		} else if !mi && mj {
+			return true
+		}
+		return out[i].ID.Less(out[j].ID)
+	})
+	return out
+}
+
+// DigestExposedPorts returns true if it was changed.
+func (n *Node) DigestExposedPorts(ports map[int]int) bool {
+	if reflect.DeepEqual(n.usedPorts, ports) {
+		return false
+	}
+	for internalPort := range n.usedPorts {
+		if v, ok := ports[internalPort]; ok {
+			n.usedPorts[internalPort] = v
+		} else {
+			panic(fmt.Sprintf(
+				"cluster %q node %q port %d not found in exposed list",
+				n.Cluster,
+				n.ID(),
+				internalPort,
+			))
+		}
+	}
+	for _, svc := range n.Services {
+		svc.DigestExposedPorts(ports)
+	}
+
+	return true
+}
+
+func (n *Node) ServiceByID(sid ServiceID) *Service {
+	sid.Normalize()
+	for _, svc := range n.Services {
+		if svc.ID == sid {
+			return svc
+		}
+	}
+	panic("service not found: " + sid.String())
+}
+
+type ServiceAndNode struct {
+	Service *Service
+	Node    *Node
+}
+
+type Service struct {
+	ID          ServiceID
+	Image       string
+	Port        int
+	ExposedPort int `json:",omitempty"`
+
+	Disabled bool `json:",omitempty"` // TODO
+
+	// TODO: expose extra port here?
+
+	Meta map[string]string `json:",omitempty"`
+
+	// TODO(rb): re-expose this perhaps? Protocol  string `json:",omitempty"` // tcp|http (empty == tcp)
+	CheckHTTP string `json:",omitempty"` // url; will do a GET
+	CheckTCP  string `json:",omitempty"` // addr; will do a socket open/close
+
+	EnvoyAdminPort          int
+	ExposedEnvoyAdminPort   int `json:",omitempty"`
+	EnvoyPublicListenerPort int `json:",omitempty"` // agentless
+
+	Command []string `json:",omitempty"` // optional
+	Env     []string `json:",omitempty"` // optional
+
+	DisableServiceMesh bool `json:",omitempty"`
+	IsMeshGateway      bool `json:",omitempty"`
+	Upstreams          []*Upstream
+
+	// denormalized at topology compile
+	Node *Node `json:"-"`
+}
+
+func (s *Service) inheritFromExisting(existing *Service) {
+	s.ExposedPort = existing.ExposedPort
+	s.ExposedEnvoyAdminPort = existing.ExposedEnvoyAdminPort
+}
+
+func (s *Service) ports() []int {
+	var out []int
+	if s.Port > 0 {
+		out = append(out, s.Port)
+	}
+	if s.EnvoyAdminPort > 0 {
+		out = append(out, s.EnvoyAdminPort)
+	}
+	if s.EnvoyPublicListenerPort > 0 {
+		out = append(out, s.EnvoyPublicListenerPort)
+	}
+	for _, u := range s.Upstreams {
+		if u.LocalPort > 0 {
+			out = append(out, u.LocalPort)
+		}
+	}
+	return out
+}
+
+func (s *Service) HasCheck() bool {
+	return s.CheckTCP != "" || s.CheckHTTP != ""
+}
+
+func (s *Service) DigestExposedPorts(ports map[int]int) {
+	s.ExposedPort = ports[s.Port]
+	if s.EnvoyAdminPort > 0 {
+		s.ExposedEnvoyAdminPort = ports[s.EnvoyAdminPort]
+	} else {
+		s.ExposedEnvoyAdminPort = 0
+	}
+}
+
+func (s *Service) Validate() error {
+	if s.ID.Name == "" {
+		return fmt.Errorf("service name is required")
+	}
+	if s.Image == "" && !s.IsMeshGateway {
+		return fmt.Errorf("service image is required")
+	}
+	if s.Port <= 0 {
+		return fmt.Errorf("service has invalid port")
+	}
+	if s.DisableServiceMesh && s.IsMeshGateway {
+		return fmt.Errorf("cannot disable service mesh and still run a mesh gateway")
+	}
+	if s.DisableServiceMesh && len(s.Upstreams) > 0 {
+		return fmt.Errorf("cannot disable service mesh and configure upstreams")
+	}
+
+	if s.DisableServiceMesh {
+		if s.EnvoyAdminPort != 0 {
+			return fmt.Errorf("cannot use envoy admin port without a service mesh")
+		}
+	} else {
+		if s.EnvoyAdminPort <= 0 {
+			return fmt.Errorf("envoy admin port is required")
+		}
+	}
+
+	for _, u := range s.Upstreams {
+		if u.ID.Name == "" {
+			return fmt.Errorf("upstream service name is required")
+		}
+		if u.LocalPort <= 0 {
+			return fmt.Errorf("upstream local port is required")
+		}
+
+		if u.LocalAddress != "" {
+			ip := net.ParseIP(u.LocalAddress)
+			if ip == nil {
+				return fmt.Errorf("upstream local address is invalid: %s", u.LocalAddress)
+			}
+		}
+	}
+
+	return nil
+}
+
+type Upstream struct {
+	ID           ServiceID
+	LocalAddress string `json:",omitempty"` // defaults to 127.0.0.1
+	LocalPort    int
+	Peer         string `json:",omitempty"`
+	// TODO: what about mesh gateway mode overrides?
+
+	// computed at topology compile
+	Cluster string       `json:",omitempty"`
+	Peering *PeerCluster `json:",omitempty"` // this will have Link!=nil
+}
+
+type Peering struct {
+	Dialing   PeerCluster
+	Accepting PeerCluster
+}
+
+type PeerCluster struct {
+	Name      string
+	Partition string
+	PeerName  string // name to call it on this side; defaults if not specified
+
+	// computed at topology compile (pointer so it can be empty in json)
+	Link *PeerCluster `json:",omitempty"`
+}
+
+func (c PeerCluster) String() string {
+	return c.Name + ":" + c.Partition
+}
+
+func (p *Peering) String() string {
+	return "(" + p.Dialing.String() + ")->(" + p.Accepting.String() + ")"
+}
diff --git a/testing/deployer/topology/util.go b/testing/deployer/topology/util.go
new file mode 100644
index 000000000000..c09021763368
--- /dev/null
+++ b/testing/deployer/topology/util.go
@@ -0,0 +1,17 @@
+package topology
+
+func MergeSlices[V any](x, y []V) []V {
+	switch {
+	case len(x) == 0 && len(y) == 0:
+		return nil
+	case len(x) == 0:
+		return y
+	case len(y) == 0:
+		return x
+	}
+
+	out := make([]V, 0, len(x)+len(y))
+	out = append(out, x...)
+	out = append(out, y...)
+	return out
+}
diff --git a/testing/deployer/topology/util_test.go b/testing/deployer/topology/util_test.go
new file mode 100644
index 000000000000..fa0b6670f369
--- /dev/null
+++ b/testing/deployer/topology/util_test.go
@@ -0,0 +1,11 @@
+package topology
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestMergeSlices(t *testing.T) {
+	require.Nil(t, MergeSlices[int](nil, nil))
+}
diff --git a/testing/deployer/util/consul.go b/testing/deployer/util/consul.go
new file mode 100644
index 000000000000..5fe7a460e408
--- /dev/null
+++ b/testing/deployer/util/consul.go
@@ -0,0 +1,63 @@
+package util
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/go-cleanhttp"
+)
+
+func ProxyNotPooledAPIClient(proxyPort int, containerIP string, containerPort int, token string) (*api.Client, error) {
+	return proxyAPIClient(cleanhttp.DefaultTransport(), proxyPort, containerIP, containerPort, token)
+}
+
+func ProxyAPIClient(proxyPort int, containerIP string, containerPort int, token string) (*api.Client, error) {
+	return proxyAPIClient(cleanhttp.DefaultPooledTransport(), proxyPort, containerIP, containerPort, token)
+}
+
+func proxyAPIClient(baseTransport *http.Transport, proxyPort int, containerIP string, containerPort int, token string) (*api.Client, error) {
+	if proxyPort <= 0 {
+		return nil, fmt.Errorf("cannot use an http proxy on port %d", proxyPort)
+	}
+	if containerIP == "" {
+		return nil, fmt.Errorf("container IP is required")
+	}
+	if containerPort <= 0 {
+		return nil, fmt.Errorf("cannot dial api client on port %d", containerPort)
+	}
+
+	proxyURL, err := url.Parse("http://127.0.0.1:" + strconv.Itoa(proxyPort))
+	if err != nil {
+		return nil, err
+	}
+
+	cfg := api.DefaultConfig()
+	cfg.Transport = baseTransport
+	cfg.Transport.Proxy = http.ProxyURL(proxyURL)
+	cfg.Address = fmt.Sprintf("http://%s:%d", containerIP, containerPort)
+	cfg.Token = token
+	return api.NewClient(cfg)
+}
+
+func ProxyNotPooledHTTPTransport(proxyPort int) (*http.Transport, error) {
+	return proxyHTTPTransport(cleanhttp.DefaultTransport(), proxyPort)
+}
+
+func ProxyHTTPTransport(proxyPort int) (*http.Transport, error) {
+	return proxyHTTPTransport(cleanhttp.DefaultPooledTransport(), proxyPort)
+}
+
+func proxyHTTPTransport(baseTransport *http.Transport, proxyPort int) (*http.Transport, error) {
+	if proxyPort <= 0 {
+		return nil, fmt.Errorf("cannot use an http proxy on port %d", proxyPort)
+	}
+	proxyURL, err := url.Parse("http://127.0.0.1:" + strconv.Itoa(proxyPort))
+	if err != nil {
+		return nil, err
+	}
+	baseTransport.Proxy = http.ProxyURL(proxyURL)
+	return baseTransport, nil
+}
diff --git a/testing/deployer/util/files.go b/testing/deployer/util/files.go
new file mode 100644
index 000000000000..fad1109d3207
--- /dev/null
+++ b/testing/deployer/util/files.go
@@ -0,0 +1,57 @@
+package util
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"golang.org/x/crypto/blake2b"
+)
+
+func FilesExist(parent string, paths ...string) (bool, error) {
+	for _, p := range paths {
+		ok, err := FileExists(filepath.Join(parent, p))
+		if err != nil {
+			return false, err
+		}
+		if !ok {
+			return false, nil
+		}
+	}
+	return true, nil
+}
+
+func FileExists(path string) (bool, error) {
+	_, err := os.Stat(path)
+	if os.IsNotExist(err) {
+		return false, nil
+	} else if err != nil {
+		return false, err
+	} else {
+		return true, nil
+	}
+}
+
+func HashFile(path string) (string, error) {
+	hash, err := blake2b.New256(nil)
+	if err != nil {
+		return "", err
+	}
+
+	if err := AddFileToHash(path, hash); err != nil {
+		return "", err
+	}
+
+	return fmt.Sprintf("%x", hash.Sum(nil)), nil
+}
+
+func AddFileToHash(path string, w io.Writer) error {
+	f, err := os.Open(path)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	_, err = io.Copy(w, f)
+	return err
+}
diff --git a/testing/deployer/util/internal/ipamutils/doc.go b/testing/deployer/util/internal/ipamutils/doc.go
new file mode 100644
index 000000000000..7820e3776201
--- /dev/null
+++ b/testing/deployer/util/internal/ipamutils/doc.go
@@ -0,0 +1,21 @@
+// Copyright 2015 Docker Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Originally from:
+// https://github.com/moby/moby/blob/7489b51f610104ab5acc43f4e77142927e7b522e/libnetwork/ipamutils
+//
+// The only changes were to remove dead code from the package that we did not
+// need, and to edit the tests to use github.com/stretchr/testify to avoid an
+// extra dependency.
+package ipamutils
diff --git a/testing/deployer/util/internal/ipamutils/utils.go b/testing/deployer/util/internal/ipamutils/utils.go
new file mode 100644
index 000000000000..a0bf403c0f4e
--- /dev/null
+++ b/testing/deployer/util/internal/ipamutils/utils.go
@@ -0,0 +1,117 @@
+// Package ipamutils provides utility functions for ipam management
+package ipamutils
+
+import (
+	"fmt"
+	"net"
+	"sync"
+)
+
+var (
+	// predefinedLocalScopeDefaultNetworks contains a list of 31 IPv4 private networks with host size 16 and 12
+	// (172.17-31.x.x/16, 192.168.x.x/20) which do not overlap with the networks in `PredefinedGlobalScopeDefaultNetworks`
+	predefinedLocalScopeDefaultNetworks []*net.IPNet
+	// predefinedGlobalScopeDefaultNetworks contains a list of 64K IPv4 private networks with host size 8
+	// (10.x.x.x/24) which do not overlap with the networks in `PredefinedLocalScopeDefaultNetworks`
+	predefinedGlobalScopeDefaultNetworks []*net.IPNet
+	mutex                                sync.Mutex
+	localScopeDefaultNetworks            = []*NetworkToSplit{{"172.17.0.0/16", 16}, {"172.18.0.0/16", 16}, {"172.19.0.0/16", 16},
+		{"172.20.0.0/14", 16}, {"172.24.0.0/14", 16}, {"172.28.0.0/14", 16},
+		{"192.168.0.0/16", 20}}
+	globalScopeDefaultNetworks = []*NetworkToSplit{{"10.0.0.0/8", 24}}
+)
+
+// NetworkToSplit represent a network that has to be split in chunks with mask length Size.
+// Each subnet in the set is derived from the Base pool. Base is to be passed
+// in CIDR format.
+// Example: a Base "10.10.0.0/16 with Size 24 will define the set of 256
+// 10.10.[0-255].0/24 address pools
+type NetworkToSplit struct {
+	Base string `json:"base"`
+	Size int    `json:"size"`
+}
+
+func init() {
+	var err error
+	if predefinedGlobalScopeDefaultNetworks, err = SplitNetworks(globalScopeDefaultNetworks); err != nil {
+		panic("failed to initialize the global scope default address pool: " + err.Error())
+	}
+
+	if predefinedLocalScopeDefaultNetworks, err = SplitNetworks(localScopeDefaultNetworks); err != nil {
+		panic("failed to initialize the local scope default address pool: " + err.Error())
+	}
+}
+
+// ConfigGlobalScopeDefaultNetworks configures global default pool.
+// Ideally this will be called from SwarmKit as part of swarm init
+func ConfigGlobalScopeDefaultNetworks(defaultAddressPool []*NetworkToSplit) error {
+	if defaultAddressPool == nil {
+		return nil
+	}
+	mutex.Lock()
+	defer mutex.Unlock()
+	defaultNetworks, err := SplitNetworks(defaultAddressPool)
+	if err != nil {
+		return err
+	}
+	predefinedGlobalScopeDefaultNetworks = defaultNetworks
+	return nil
+}
+
+// GetGlobalScopeDefaultNetworks returns a copy of the global-sopce network list.
+func GetGlobalScopeDefaultNetworks() []*net.IPNet {
+	mutex.Lock()
+	defer mutex.Unlock()
+	return append([]*net.IPNet(nil), predefinedGlobalScopeDefaultNetworks...)
+}
+
+// GetLocalScopeDefaultNetworks returns a copy of the default local-scope network list.
+func GetLocalScopeDefaultNetworks() []*net.IPNet {
+	return append([]*net.IPNet(nil), predefinedLocalScopeDefaultNetworks...)
+}
+
+// SplitNetworks takes a slice of networks, split them accordingly and returns them
+func SplitNetworks(list []*NetworkToSplit) ([]*net.IPNet, error) {
+	localPools := make([]*net.IPNet, 0, len(list))
+
+	for _, p := range list {
+		_, b, err := net.ParseCIDR(p.Base)
+		if err != nil {
+			return nil, fmt.Errorf("invalid base pool %q: %v", p.Base, err)
+		}
+		ones, _ := b.Mask.Size()
+		if p.Size <= 0 || p.Size < ones {
+			return nil, fmt.Errorf("invalid pools size: %d", p.Size)
+		}
+		localPools = append(localPools, splitNetwork(p.Size, b)...)
+	}
+	return localPools, nil
+}
+
+func splitNetwork(size int, base *net.IPNet) []*net.IPNet {
+	one, bits := base.Mask.Size()
+	mask := net.CIDRMask(size, bits)
+	n := 1 << uint(size-one)
+	s := uint(bits - size)
+	list := make([]*net.IPNet, 0, n)
+
+	for i := 0; i < n; i++ {
+		ip := copyIP(base.IP)
+		addIntToIP(ip, uint(i<<s))
+		list = append(list, &net.IPNet{IP: ip, Mask: mask})
+	}
+	return list
+}
+
+func copyIP(from net.IP) net.IP {
+	ip := make([]byte, len(from))
+	copy(ip, from)
+	return ip
+}
+
+func addIntToIP(array net.IP, ordinal uint) {
+	for i := len(array) - 1; i >= 0; i-- {
+		array[i] |= (byte)(ordinal & 0xff)
+		ordinal >>= 8
+	}
+}
diff --git a/testing/deployer/util/internal/ipamutils/utils_test.go b/testing/deployer/util/internal/ipamutils/utils_test.go
new file mode 100644
index 000000000000..dd3c0e701504
--- /dev/null
+++ b/testing/deployer/util/internal/ipamutils/utils_test.go
@@ -0,0 +1,102 @@
+package ipamutils
+
+import (
+	"net"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func initBroadPredefinedNetworks() []*net.IPNet {
+	pl := make([]*net.IPNet, 0, 31)
+	mask := []byte{255, 255, 0, 0}
+	for i := 17; i < 32; i++ {
+		pl = append(pl, &net.IPNet{IP: []byte{172, byte(i), 0, 0}, Mask: mask})
+	}
+	mask20 := []byte{255, 255, 240, 0}
+	for i := 0; i < 16; i++ {
+		pl = append(pl, &net.IPNet{IP: []byte{192, 168, byte(i << 4), 0}, Mask: mask20})
+	}
+	return pl
+}
+
+func initGranularPredefinedNetworks() []*net.IPNet {
+	pl := make([]*net.IPNet, 0, 256*256)
+	mask := []byte{255, 255, 255, 0}
+	for i := 0; i < 256; i++ {
+		for j := 0; j < 256; j++ {
+			pl = append(pl, &net.IPNet{IP: []byte{10, byte(i), byte(j), 0}, Mask: mask})
+		}
+	}
+	return pl
+}
+
+func initGlobalScopeNetworks() []*net.IPNet {
+	pl := make([]*net.IPNet, 0, 256*256)
+	mask := []byte{255, 255, 255, 0}
+	for i := 0; i < 256; i++ {
+		for j := 0; j < 256; j++ {
+			pl = append(pl, &net.IPNet{IP: []byte{30, byte(i), byte(j), 0}, Mask: mask})
+		}
+	}
+	return pl
+}
+
+func TestDefaultNetwork(t *testing.T) {
+	for _, nw := range GetGlobalScopeDefaultNetworks() {
+		if ones, bits := nw.Mask.Size(); bits != 32 || ones != 24 {
+			t.Fatalf("Unexpected size for network in granular list: %v", nw)
+		}
+	}
+
+	for _, nw := range GetLocalScopeDefaultNetworks() {
+		if ones, bits := nw.Mask.Size(); bits != 32 || (ones != 20 && ones != 16) {
+			t.Fatalf("Unexpected size for network in broad list: %v", nw)
+		}
+	}
+
+	originalBroadNets := initBroadPredefinedNetworks()
+	m := make(map[string]bool)
+	for _, v := range originalBroadNets {
+		m[v.String()] = true
+	}
+	for _, nw := range GetLocalScopeDefaultNetworks() {
+		_, ok := m[nw.String()]
+		assert.True(t, ok)
+		delete(m, nw.String())
+	}
+
+	assert.Empty(t, m)
+
+	originalGranularNets := initGranularPredefinedNetworks()
+
+	m = make(map[string]bool)
+	for _, v := range originalGranularNets {
+		m[v.String()] = true
+	}
+	for _, nw := range GetGlobalScopeDefaultNetworks() {
+		_, ok := m[nw.String()]
+		assert.True(t, ok)
+		delete(m, nw.String())
+	}
+
+	assert.Empty(t, m)
+}
+
+func TestConfigGlobalScopeDefaultNetworks(t *testing.T) {
+	err := ConfigGlobalScopeDefaultNetworks([]*NetworkToSplit{{"30.0.0.0/8", 24}})
+	assert.NoError(t, err)
+
+	originalGlobalScopeNetworks := initGlobalScopeNetworks()
+	m := make(map[string]bool)
+	for _, v := range originalGlobalScopeNetworks {
+		m[v.String()] = true
+	}
+	for _, nw := range GetGlobalScopeDefaultNetworks() {
+		_, ok := m[nw.String()]
+		assert.True(t, ok)
+		delete(m, nw.String())
+	}
+
+	assert.Empty(t, m)
+}
diff --git a/testing/deployer/util/net.go b/testing/deployer/util/net.go
new file mode 100644
index 000000000000..0ca297d2051a
--- /dev/null
+++ b/testing/deployer/util/net.go
@@ -0,0 +1,17 @@
+package util
+
+import (
+	"github.com/hashicorp/consul/testing/deployer/util/internal/ipamutils"
+)
+
+// GetPossibleDockerNetworkSubnets returns a copy of the global-scope network list.
+func GetPossibleDockerNetworkSubnets() map[string]struct{} {
+	list := ipamutils.GetGlobalScopeDefaultNetworks()
+
+	out := make(map[string]struct{})
+	for _, ipnet := range list {
+		subnet := ipnet.String()
+		out[subnet] = struct{}{}
+	}
+	return out
+}

From 921445712eea2e949afb1888d2c81a245fdcec93 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Tue, 18 Jul 2023 14:59:01 -0400
Subject: [PATCH 182/359] [NET-4792] Add integrations tests for jwt-auth
 (#18169)

---
 .../consul-container/libs/cluster/cluster.go  |   2 +-
 .../consul-container/libs/service/connect.go  |  20 +-
 .../test/jwtauth/jwt_auth_test.go             | 229 ++++++++++++------
 3 files changed, 168 insertions(+), 83 deletions(-)

diff --git a/test/integration/consul-container/libs/cluster/cluster.go b/test/integration/consul-container/libs/cluster/cluster.go
index e5f6537c166e..aedf0ac9267a 100644
--- a/test/integration/consul-container/libs/cluster/cluster.go
+++ b/test/integration/consul-container/libs/cluster/cluster.go
@@ -8,7 +8,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -18,6 +17,7 @@ import (
 
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
+	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
 	"github.com/hashicorp/serf/serf"
 
 	goretry "github.com/avast/retry-go"
diff --git a/test/integration/consul-container/libs/service/connect.go b/test/integration/consul-container/libs/service/connect.go
index 006ca804a988..4251a6d3c89a 100644
--- a/test/integration/consul-container/libs/service/connect.go
+++ b/test/integration/consul-container/libs/service/connect.go
@@ -167,14 +167,13 @@ func NewConnectService(ctx context.Context, sidecarCfg SidecarConfig, serviceBin
 	namePrefix := fmt.Sprintf("%s-service-connect-%s", node.GetDatacenter(), sidecarCfg.Name)
 	containerName := utils.RandName(namePrefix)
 
-	agentConfig := node.GetConfig()
 	internalAdminPort, err := node.ClaimAdminPort()
 	if err != nil {
 		return nil, err
 	}
 
-	fmt.Println("agent image name", agentConfig.DockerImage())
-	imageVersion := utils.SideCarVersion(agentConfig.DockerImage())
+	fmt.Println("agent image name", nodeConfig.DockerImage())
+	imageVersion := utils.SideCarVersion(nodeConfig.DockerImage())
 	req := testcontainers.ContainerRequest{
 		Image:      fmt.Sprintf("consul-envoy:%s", imageVersion),
 		WaitingFor: wait.ForLog("").WithStartupTimeout(100 * time.Second),
@@ -238,6 +237,21 @@ func NewConnectService(ctx context.Context, sidecarCfg SidecarConfig, serviceBin
 		req.Env["CONSUL_GRPC_ADDR"] = fmt.Sprintf("http://127.0.0.1:%d", 8502)
 	}
 
+	if nodeConfig.ACLEnabled {
+		client := node.GetClient()
+		token, _, err := client.ACL().TokenCreate(&api.ACLToken{
+			ServiceIdentities: []*api.ACLServiceIdentity{
+				{ServiceName: sidecarCfg.ServiceID},
+			},
+		}, nil)
+
+		if err != nil {
+			return nil, err
+		}
+
+		req.Env["CONSUL_HTTP_TOKEN"] = token.SecretID
+	}
+
 	var (
 		appPortStrs  []string
 		adminPortStr = strconv.Itoa(internalAdminPort)
diff --git a/test/integration/consul-container/test/jwtauth/jwt_auth_test.go b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
index 498bdcedf181..2ff3938f92d6 100644
--- a/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
+++ b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
@@ -24,20 +24,22 @@ import (
 	"time"
 )
 
-// TestJWTAuthConnectService summary
+// TestJWTAuthConnectService summary:
 // This test ensures that when we have an intention referencing a JWT, requests
-// without JWT authorization headers are denied. And requests with the correct JWT
-// Authorization header are successful
+// without JWT authorization headers are denied and requests with the correct JWT
+// Authorization header are successful.
 //
 // Steps:
 // - Creates a single agent cluster
+// - Generates a JWKS and 2 JWTs with different claims
+// - Generates another JWKS with a single JWT
+// - Configures proxy defaults, providers and intentions
 // - Creates a static-server and sidecar containers
 // - Registers the created static-server and sidecar with consul
 // - Create a static-client and sidecar containers
 // - Registers the static-client and sidecar with consul
 // - Ensure client sidecar is running as expected
-// - Make a request without the JWT Authorization header and expects 401 StatusUnauthorized
-// - Make a request with the JWT Authorization header and expects a 200
+// - Runs a couple of scenarios to ensure jwt validation works as expected
 func TestJWTAuthConnectService(t *testing.T) {
 	t.Parallel()
 
@@ -47,39 +49,65 @@ func TestJWTAuthConnectService(t *testing.T) {
 		ApplyDefaultProxySettings: true,
 		BuildOpts: &libcluster.BuildOptions{
 			Datacenter:             "dc1",
-			InjectAutoEncryption:   true,
-			InjectGossipEncryption: true,
+			InjectCerts:            true,
+			InjectGossipEncryption: false,
+			AllowHTTPAnyway:        true,
+			ACLEnabled:             true,
 		},
 	})
 
+	// generate jwks and 2 jwts with different claims for provider 1
+	jwksOne, privOne := makeJWKS(t)
+	claimsOne := makeTestClaims("https://legit.issuer.internal/", "https://consul.test")
+	jwtOne := makeJWT(t, privOne, claimsOne, testClaimPayload{UserType: "admin", FirstName: "admin"})
+	jwtOneAdmin := makeJWT(t, privOne, claimsOne, testClaimPayload{UserType: "client", FirstName: "non-admin"})
+	provider1 := makeTestJWTProvider("okta", jwksOne, claimsOne)
+
+	// generate another jwks and jwt for provider 2
+	jwksTwo, privTwo := makeJWKS(t)
+	claimsTwo := makeTestClaims("https://another.issuer.internal/", "https://consul.test")
+	jwtTwo := makeJWT(t, privTwo, claimsTwo, testClaimPayload{})
+	provider2 := makeTestJWTProvider("auth0", jwksTwo, claimsTwo)
+
+	// configure proxy-defaults, jwt providers and intentions
+	configureProxyDefaults(t, cluster)
+	configureJWTProviders(t, cluster, provider1, provider2)
+	configureIntentions(t, cluster, provider1, provider2)
+
 	clientService := createServices(t, cluster)
 	_, clientPort := clientService.GetAddr()
-	_, clientAdminPort := clientService.GetAdminAddr()
+	_, adminPort := clientService.GetAdminAddr()
 
-	libassert.AssertUpstreamEndpointStatus(t, clientAdminPort, "static-server.default", "HEALTHY", 1)
 	libassert.AssertContainerState(t, clientService, "running")
-	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", clientPort), "static-server", "")
+	libassert.AssertUpstreamEndpointStatus(t, adminPort, "static-server.default", "HEALTHY", 1)
 
-	claims := jwt.Claims{
-		Subject:   "r3qXcK2bix9eFECzsU3Sbmh0K16fatW6@clients",
-		Audience:  jwt.Audience{"https://consul.test"},
-		Issuer:    "https://legit.issuer.internal/",
-		NotBefore: jwt.NewNumericDate(time.Now().Add(-5 * time.Second)),
-		Expiry:    jwt.NewNumericDate(time.Now().Add(60 * time.Minute)),
-	}
+	// request to restricted endpoint with no jwt should be denied
+	doRequest(t, fmt.Sprintf("http://localhost:%d/restricted/foo", clientPort), http.StatusForbidden, "")
 
-	jwks, jwt := makeJWKSAndJWT(t, claims)
+	// request with jwt 1 /restricted/foo should be disallowed
+	doRequest(t, fmt.Sprintf("http://localhost:%d/restricted/foo", clientPort), http.StatusForbidden, jwtOne)
 
-	// configure proxy-defaults, jwt-provider and intention
-	configureProxyDefaults(t, cluster)
-	configureJWTProvider(t, cluster, jwks, claims)
-	configureIntentions(t, cluster)
-
-	baseURL := fmt.Sprintf("http://localhost:%d", clientPort)
-	// TODO(roncodingenthusiast): update test to reflect jwt-auth filter in metadata mode
-	doRequest(t, baseURL, http.StatusOK, "")
-	// succeeds with jwt
-	doRequest(t, baseURL, http.StatusOK, jwt)
+	// request with jwt 1 /other/foo should be allowed
+	libassert.HTTPServiceEchoesWithHeaders(t, "localhost", clientPort, "other/foo", makeAuthHeaders(jwtOne))
+
+	// request with jwt 1 /other/foo with mismatched claims should be disallowed
+	doRequest(t, fmt.Sprintf("http://localhost:%d/other/foo", clientPort), http.StatusForbidden, jwtOneAdmin)
+
+	// request with provider 1 /foo should be allowed
+	libassert.HTTPServiceEchoesWithHeaders(t, "localhost", clientPort, "foo", makeAuthHeaders(jwtOne))
+
+	// request with jwt 2 to /foo should be denied
+	doRequest(t, fmt.Sprintf("http://localhost:%d/foo", clientPort), http.StatusForbidden, jwtTwo)
+
+	// request with jwt 2 to /restricted/foo should be allowed
+	libassert.HTTPServiceEchoesWithHeaders(t, "localhost", clientPort, "restricted/foo", makeAuthHeaders(jwtTwo))
+
+	// request with jwt 2 to /other/foo should be denied
+	doRequest(t, fmt.Sprintf("http://localhost:%d/other/foo", clientPort), http.StatusForbidden, jwtTwo)
+}
+
+func makeAuthHeaders(jwt string) map[string]string {
+	return map[string]string{"Authorization": fmt.Sprintf("Bearer %s", jwt)}
 }
 
 func createServices(t *testing.T, cluster *libcluster.Cluster) libservice.Service {
@@ -92,25 +120,25 @@ func createServices(t *testing.T, cluster *libcluster.Cluster) libservice.Servic
 		HTTPPort: 8080,
 		GRPCPort: 8079,
 	}
+	apiOpts := &api.QueryOptions{Token: cluster.TokenBootstrap}
 
 	// Create a service and proxy instance
 	_, _, err := libservice.CreateAndRegisterStaticServerAndSidecar(node, serviceOpts)
 	require.NoError(t, err)
 
-	libassert.CatalogServiceExists(t, client, "static-server-sidecar-proxy", nil)
-	libassert.CatalogServiceExists(t, client, libservice.StaticServerServiceName, nil)
+	libassert.CatalogServiceExists(t, client, "static-server-sidecar-proxy", apiOpts)
+	libassert.CatalogServiceExists(t, client, libservice.StaticServerServiceName, apiOpts)
 
 	// Create a client proxy instance with the server as an upstream
 	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false)
 	require.NoError(t, err)
 
-	libassert.CatalogServiceExists(t, client, "static-client-sidecar-proxy", nil)
+	libassert.CatalogServiceExists(t, client, "static-client-sidecar-proxy", apiOpts)
 
 	return clientConnectProxy
 }
 
-// creates a JWKS and JWT that will be used for validation
-func makeJWKSAndJWT(t *testing.T, claims jwt.Claims) (string, string) {
+func makeJWKS(t *testing.T) (string, string) {
 	pub, priv, err := libutils.GenerateKey()
 	require.NoError(t, err)
 
@@ -120,46 +148,36 @@ func makeJWKSAndJWT(t *testing.T, claims jwt.Claims) (string, string) {
 	jwksJson, err := json.Marshal(jwks)
 	require.NoError(t, err)
 
-	type orgs struct {
-		Primary string `json:"primary"`
-	}
-	privateCl := struct {
-		FirstName string   `json:"first_name"`
-		Org       orgs     `json:"org"`
-		Groups    []string `json:"groups"`
-	}{
-		FirstName: "jeff2",
-		Org:       orgs{"engineering"},
-		Groups:    []string{"foo", "bar"},
-	}
+	return string(jwksJson), priv
+}
+
+type testClaimPayload struct {
+	UserType  string
+	FirstName string
+}
 
-	jwt, err := libutils.SignJWT(priv, claims, privateCl)
+func makeJWT(t *testing.T, priv string, claims jwt.Claims, payload testClaimPayload) string {
+	jwt, err := libutils.SignJWT(priv, claims, payload)
 	require.NoError(t, err)
-	return string(jwksJson), jwt
+
+	return jwt
 }
 
 // configures the protocol to http as this is needed for jwt-auth
 func configureProxyDefaults(t *testing.T, cluster *libcluster.Cluster) {
-	client := cluster.Agents[0].GetClient()
-
-	ok, _, err := client.ConfigEntries().Set(&api.ProxyConfigEntry{
+	require.NoError(t, cluster.ConfigEntryWrite(&api.ProxyConfigEntry{
 		Kind: api.ProxyDefaults,
 		Name: api.ProxyConfigGlobal,
 		Config: map[string]interface{}{
 			"protocol": "http",
 		},
-	}, nil)
-	require.NoError(t, err)
-	require.True(t, ok)
+	}))
 }
 
-// creates a JWT local provider
-func configureJWTProvider(t *testing.T, cluster *libcluster.Cluster, jwks string, claims jwt.Claims) {
-	client := cluster.Agents[0].GetClient()
-
-	ok, _, err := client.ConfigEntries().Set(&api.JWTProviderConfigEntry{
+func makeTestJWTProvider(name string, jwks string, claims jwt.Claims) *api.JWTProviderConfigEntry {
+	return &api.JWTProviderConfigEntry{
 		Kind: api.JWTProvider,
-		Name: "test-jwt",
+		Name: name,
 		JSONWebKeySet: &api.JSONWebKeySet{
 			Local: &api.LocalJWKS{
 				JWKS: base64.StdEncoding.EncodeToString([]byte(jwks)),
@@ -167,42 +185,85 @@ func configureJWTProvider(t *testing.T, cluster *libcluster.Cluster, jwks string
 		},
 		Issuer:    claims.Issuer,
 		Audiences: claims.Audience,
-	}, nil)
-	require.NoError(t, err)
-	require.True(t, ok)
+	}
 }
 
-// creates an intention referencing the jwt provider
-func configureIntentions(t *testing.T, cluster *libcluster.Cluster) {
-	client := cluster.Agents[0].GetClient()
+// creates a JWT local provider
+func configureJWTProviders(t *testing.T, cluster *libcluster.Cluster, providers ...*api.JWTProviderConfigEntry) {
+	for _, prov := range providers {
+		require.NoError(t, cluster.ConfigEntryWrite(prov))
+	}
+}
 
-	ok, _, err := client.ConfigEntries().Set(&api.ServiceIntentionsConfigEntry{
+// creates an intention referencing the jwt provider
+func configureIntentions(t *testing.T, cluster *libcluster.Cluster, provider1, provider2 *api.JWTProviderConfigEntry) {
+	intention := api.ServiceIntentionsConfigEntry{
 		Kind: "service-intentions",
 		Name: libservice.StaticServerServiceName,
 		Sources: []*api.SourceIntention{
 			{
-				Name:   libservice.StaticClientServiceName,
-				Action: api.IntentionActionAllow,
+				Name: libservice.StaticClientServiceName,
+				Permissions: []*api.IntentionPermission{
+					{
+						Action: api.IntentionActionAllow,
+						HTTP: &api.IntentionHTTPPermission{
+							PathPrefix: "/restricted/",
+						},
+						JWT: &api.IntentionJWTRequirement{
+							Providers: []*api.IntentionJWTProvider{
+								{
+									Name: provider2.Name,
+								},
+							},
+						},
+					},
+					{
+						Action: api.IntentionActionAllow,
+						HTTP: &api.IntentionHTTPPermission{
+							PathPrefix: "/",
+						},
+						JWT: &api.IntentionJWTRequirement{
+							Providers: []*api.IntentionJWTProvider{
+								{
+									Name: provider1.Name,
+									VerifyClaims: []*api.IntentionJWTClaimVerification{
+										{
+											Path:  []string{"UserType"},
+											Value: "admin",
+										},
+									},
+								},
+							},
+						},
+					},
+				},
 			},
-		},
-		JWT: &api.IntentionJWTRequirement{
-			Providers: []*api.IntentionJWTProvider{
-				{
-					Name:         "test-jwt",
-					VerifyClaims: []*api.IntentionJWTClaimVerification{},
+			{
+				Name: "other-client",
+				Permissions: []*api.IntentionPermission{
+					{
+						Action: api.IntentionActionAllow,
+						HTTP: &api.IntentionHTTPPermission{
+							PathPrefix: "/other/",
+						},
+						JWT: &api.IntentionJWTRequirement{
+							Providers: []*api.IntentionJWTProvider{
+								{
+									Name: provider2.Name,
+								},
+							},
+						},
+					},
 				},
 			},
 		},
-	}, nil)
-	require.NoError(t, err)
-	require.True(t, ok)
+	}
+	require.NoError(t, cluster.ConfigEntryWrite(&intention))
 }
 
 func doRequest(t *testing.T, url string, expStatus int, jwt string) {
 	retry.RunWith(&retry.Timer{Timeout: 5 * time.Second, Wait: time.Second}, t, func(r *retry.R) {
-
 		client := cleanhttp.DefaultClient()
-
 		req, err := http.NewRequest("GET", url, nil)
 		require.NoError(r, err)
 		if jwt != "" {
@@ -213,3 +274,13 @@ func doRequest(t *testing.T, url string, expStatus int, jwt string) {
 		require.Equal(r, expStatus, resp.StatusCode)
 	})
 }
+
+func makeTestClaims(issuer, audience string) jwt.Claims {
+	return jwt.Claims{
+		Subject:   "r3qXcK2bix9eFECzsU3Sbmh0K16fatW6@clients",
+		Audience:  jwt.Audience{audience},
+		Issuer:    issuer,
+		NotBefore: jwt.NewNumericDate(time.Now().Add(-5 * time.Second)),
+		Expiry:    jwt.NewNumericDate(time.Now().Add(60 * time.Minute)),
+	}
+}

From 548a5ca3857673bdc818e1ebec0a8178dccbc617 Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Tue, 18 Jul 2023 13:35:27 -0700
Subject: [PATCH 183/359] Add FIPS reference to consul enterprise docs (#18028)

* Add FIPS reference to consul enterprise docs

* Update website/content/docs/enterprise/index.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* remove support for ecs client (fips)

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
---
 website/content/docs/enterprise/index.mdx | 28 +++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx
index 273be253a0d2..ac7a1c62d52e 100644
--- a/website/content/docs/enterprise/index.mdx
+++ b/website/content/docs/enterprise/index.mdx
@@ -12,35 +12,51 @@ features address the organizational complexities of collaboration, operations, s
 If you have purchased or wish to try out Consul Enterprise,
 refer to [how to access Consul Enterprise](#access-consul-enterprise).
 
-## Enterprise Features
+## Enterprise features
 
 The following features are [available in several forms of Consul Enterprise](#consul-enterprise-feature-availability).
 
 ### Multi-Tenancy
+
 - [Admin Partitions](/consul/docs/enterprise/admin-partitions): Define administrative boundaries between tenants within a single Consul datacenter
 - [Namespaces](/consul/docs/enterprise/namespaces): Define resource boundaries within a single admin partition for further organizational flexibility
 - [Sameness Groups](/consul/docs/connect/config-entries/samenes-group): Define partitions and cluster peers as members of a group with identical services
 
 ### Resiliency
+
 - [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state
 - [Redundancy Zones](/consul/docs/enterprise/redundancy): Deploy backup voting Consul servers to efficiently improve Consul fault tolerance
 
 ### Scalability
+
 - [Read Replicas](/consul/docs/enterprise/read-scale): Deploy non-voting Consul servers to enhance the scalability of read requests
 
-### Operational Simplification
+### Operational simplification
+
 - [Automated Upgrades](/consul/docs/enterprise/upgrades): Ease upgrades by automating the transition from existing to newly deployed Consul servers
 - [Consul-Terraform-Sync Enterprise](/consul/docs/nia/enterprise): Leverage the enhanced network infrastructure automation capabilities of the enterprise version of Consul-Terraform-Sync
 
-### Complex Network Topology Support
+### Complex network topology support
+
 - [Network Areas](/consul/docs/enterprise/federation): Support complex network topologies between federated Consul datacenters with pairwise federation rather than full mesh federation
 - [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview): Support complex network topologies within a Consul datacenter by enforcing boundaries in Consul client gossip traffic
 
 ### Governance
+
 - [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc): Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly
 - [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API 
 - [Sentinel for KV](/consul/docs/enterprise/sentinel): Policy-as-code framework for defining advanced key-value storage access control policies
 
+### Regulatory compliance
+
+- [FIPS 140-2 Compliance](/consul/docs/enterprise/fips): Leverage FIPS builds of Consul Enterprise to ensure your Consul deployments are secured with BoringCrypto and CNGCrypto, and compliant with FIPS 140-2.
+
+  <Note>
+
+  FIPS 140-2 builds of Consul Enterprise support all runtimes (VMs, Kubernetes) except for Lambda and ECS. In addition, HCP does not currently support FIPS builds of Consul Enterprise.
+
+  </Note>
+
 ## Access Consul Enterprise
 
 The method of accessing Consul Enterprise and its features depends on the whether using
@@ -62,7 +78,7 @@ to the Consul Enterprise binary that grants access to the desired features.
 
 Contact your [HashiCorp Support contact](https://support.hashicorp.com/) for a development license.
 
-## Consul Enterprise Feature Availability
+## Consul Enterprise feature availability
 
 The Consul Enterprise features that are available depend on your license and the runtimes you use in your deployment.
 
@@ -79,6 +95,7 @@ Available Enterprise features per Consul form and license include:
 | [Automated Server Upgrades](/consul/docs/enterprise/upgrades)   | All tiers                               | Yes                 | Yes                                               |
 | [Consul-Terraform-Sync Enterprise](/consul/docs/nia/enterprise) | All tiers                               | Yes                 | Yes                                               |
 | [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | No                                      | Yes                 | With Global Visibility, Routing, and Scale module |
+| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | No                                      | Yes                 | No |
 | [Namespaces](/consul/docs/enterprise/namespaces)                | All tiers                               | Yes                 | With Governance and Policy module                 |
 | [Network Areas](/consul/docs/enterprise/federation)             | No                                      | Yes                 | With Global Visibility, Routing, and Scale module |
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)    | No                                      | Yes                 | With Global Visibility, Routing, and Scale module |
@@ -107,6 +124,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Automated Server Backups](/consul/docs/enterprise/backups)             |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Automated Server Upgrades](/consul/docs/enterprise/upgrades)           |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Enhanced Read Scalability](/consul/docs/enterprise/read-scale)         |  &#9989;  |  &#9989;   |   &#9989;  |
+| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips)                   |  &#9989;  |  &#9989;   |   &#10060;  |
 | [Namespaces](/consul/docs/enterprise/namespaces)                        |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Network Areas](/consul/docs/enterprise/federation)                     |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#9989;  |  &#10060;  |  &#10060;  |
@@ -127,6 +145,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Automated Server Backups](/consul/docs/enterprise/backups)             |  &#9989;  |  &#9989;   |  &#9989;  |
 | [Automated Server Upgrades](/consul/docs/enterprise/upgrades)           |  &#10060; |  &#10060;  |  &#10060;  |
 | [Enhanced Read Scalability](/consul/docs/enterprise/read-scale)         |  &#10060; |  &#10060;  |  &#10060;  |
+| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips)                   |  &#9989;  |  &#9989;   |   &#10060;  |
 | [Namespaces](/consul/docs/enterprise/namespaces)                        |  &#9989;  |  &#9989;   |  &#9989;  |
 | [Network Areas](/consul/docs/enterprise/federation)                     |  &#9989;  |  &#9989;   |  &#9989;  |
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#10060; |  &#10060;  |  &#10060;  |
@@ -147,6 +166,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Automated Server Backups](/consul/docs/enterprise/backups)             |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Automated Server Upgrades](/consul/docs/enterprise/upgrades)           |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Enhanced Read Scalability](/consul/docs/enterprise/read-scale)         |  &#10060; |  &#10060;  |  &#10060;  |
+| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips)                   |  &#10060; |  &#10060;  |  &#10060;  |
 | [Namespaces](/consul/docs/enterprise/namespaces)                        |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Network Areas](/consul/docs/enterprise/federation)                     |  &#10060; |  &#10060;  |  &#10060;  |
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#10060; |  &#10060;  |  &#10060;  |

From cd3fc9e1d0782dc5eb9de2bd39e64b6b787af9bf Mon Sep 17 00:00:00 2001
From: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>
Date: Tue, 18 Jul 2023 16:41:30 -0700
Subject: [PATCH 184/359] add peering_commontopo tests [NET-3700] (#17951)

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: NiniOak <anita.akaeze@hashicorp.com>
---
 .github/workflows/test-integrations.yml       |  95 ++-
 .gitignore                                    |   2 +
 api/prepared_query.go                         |   4 +-
 test-integ/README.md                          |   3 +
 test-integ/go.mod                             | 105 +++
 test-integ/go.sum                             | 377 +++++++++++
 test-integ/peering_commontopo/README.md       |  12 +
 .../peering_commontopo/ac1_basic_test.go      | 272 ++++++++
 .../ac2_disco_chain_test.go                   | 203 ++++++
 .../ac3_service_defaults_upstream_test.go     | 264 ++++++++
 .../ac4_proxy_defaults_test.go                | 213 ++++++
 .../ac5_1_no_svc_mesh_test.go                 | 129 ++++
 .../ac5_2_pq_failover_test.go                 | 398 ++++++++++++
 .../peering_commontopo/ac6_failovers_test.go  | 429 ++++++++++++
 .../ac7_1_rotate_gw_test.go                   | 188 ++++++
 .../ac7_2_rotate_leader_test.go               | 214 ++++++
 test-integ/peering_commontopo/asserter.go     | 298 +++++++++
 test-integ/peering_commontopo/commontopo.go   | 610 ++++++++++++++++++
 .../peering_commontopo/sharedtopology_test.go |  82 +++
 test/integration/consul-container/go.mod      |   4 +-
 test/integration/consul-container/go.sum      |   4 +-
 .../consul-container/libs/assert/envoy.go     |   5 +-
 .../consul-container/libs/assert/peering.go   |  14 +-
 .../consul-container/libs/assert/service.go   |   2 +-
 .../consul-container/libs/utils/tenancy.go    |  14 +-
 .../consul-container/libs/utils/version.go    |  15 +
 .../resolver_default_subset_test.go           |   4 +-
 27 files changed, 3933 insertions(+), 27 deletions(-)
 create mode 100644 test-integ/README.md
 create mode 100644 test-integ/go.mod
 create mode 100644 test-integ/go.sum
 create mode 100644 test-integ/peering_commontopo/README.md
 create mode 100644 test-integ/peering_commontopo/ac1_basic_test.go
 create mode 100644 test-integ/peering_commontopo/ac2_disco_chain_test.go
 create mode 100644 test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go
 create mode 100644 test-integ/peering_commontopo/ac4_proxy_defaults_test.go
 create mode 100644 test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go
 create mode 100644 test-integ/peering_commontopo/ac5_2_pq_failover_test.go
 create mode 100644 test-integ/peering_commontopo/ac6_failovers_test.go
 create mode 100644 test-integ/peering_commontopo/ac7_1_rotate_gw_test.go
 create mode 100644 test-integ/peering_commontopo/ac7_2_rotate_leader_test.go
 create mode 100644 test-integ/peering_commontopo/asserter.go
 create mode 100644 test-integ/peering_commontopo/commontopo.go
 create mode 100644 test-integ/peering_commontopo/sharedtopology_test.go

diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 37a53a85cb7d..c11552d8d3d1 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -422,7 +422,7 @@ jobs:
               -tags "${{ env.GOTAGS }}" \
               -timeout=30m \
               -json \
-              `go list ./... | grep -v upgrade` \
+              `go list -tags "${{ env.GOTAGS }}" ./... | grep -v upgrade | grep -v peering_commontopo` \
               --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
               --target-version local \
               --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
@@ -591,6 +591,98 @@ jobs:
           DD_ENV: ci
         run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
 
+  peering_commontopo-integration-test:
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    needs:
+      - setup
+      - dev-build
+    permissions:
+      id-token: write # NOTE: this permission is explicitly required for Vault auth.
+      contents: read
+    strategy:
+      fail-fast: false
+    env:
+      ENVOY_VERSION: "1.24.6"
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
+      - name: Setup Git
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        with:
+          go-version-file: 'go.mod'
+      - run: go env
+
+      # Get go binary from workspace
+      - name: fetch binary
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
+          path: .
+      - name: restore mode+x
+        run: chmod +x consul
+      - name: Build consul:local image
+        run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
+      - name: Peering commonTopo Integration Tests
+        run: |
+          mkdir -p "${{ env.TEST_RESULTS_DIR }}"
+          cd ./test-integ/peering_commontopo
+          docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version
+          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
+            --raw-command \
+            --format=short-verbose \
+            --debug \
+            --packages="./..." \
+            -- \
+            go test \
+            -tags "${{ env.GOTAGS }}" \
+            -timeout=30m \
+            -json . \
+            --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
+            --target-version local \
+            --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
+            --latest-version latest
+          ls -lrt
+        env:
+          # this is needed because of incompatibility between RYUK container and GHA
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          # tput complains if this isn't set to something.
+          TERM: ansi
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Authenticate to Vault
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: vault-auth
+        run: vault-auth
+
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Fetch Secrets
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: secrets
+        uses: hashicorp/vault-action@v2.5.0
+        with:
+          url: ${{ steps.vault-auth.outputs.addr }}
+          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
+          token: ${{ steps.vault-auth.outputs.token }}
+          secrets: |
+              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
+
+      - name: prepare datadog-ci
+        if: ${{ !endsWith(github.repository, '-enterprise') }}
+        run: |
+          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
+          chmod +x /usr/local/bin/datadog-ci
+
+      - name: upload coverage
+        # do not run on forks
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        env:
+          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
+          DD_ENV: ci
+        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
+
   test-integrations-success:
     needs: 
     - setup
@@ -600,6 +692,7 @@ jobs:
     - generate-envoy-job-matrices
     - envoy-integration-test
     - compatibility-integration-test
+    - peering_commontopo-integration-test
     - upgrade-integration-test
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     if: ${{ always() }}
diff --git a/.gitignore b/.gitignore
index a48d19b74cc2..793354db02d5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@
 .vagrant/
 /pkg
 bin/
+workdir/
 changelog.tmp
 exit-code
 Thumbs.db
@@ -68,3 +69,4 @@ override.tf.json
 terraform.rc
 /go.work
 /go.work.sum
+.docker
diff --git a/api/prepared_query.go b/api/prepared_query.go
index bb40e6a7fddd..8ebc852f3ac5 100644
--- a/api/prepared_query.go
+++ b/api/prepared_query.go
@@ -32,11 +32,11 @@ type QueryFailoverTarget struct {
 
 	// Partition specifies a partition to try during failover
 	// Note: Partition are available only in Consul Enterprise
-	Partition string
+	Partition string `json:",omitempty"`
 
 	// Namespace specifies a namespace to try during failover
 	// Note: Namespaces are available only in Consul Enterprise
-	Namespace string
+	Namespace string `json:",omitempty"`
 }
 
 // QueryDNSOptions controls settings when query results are served over DNS.
diff --git a/test-integ/README.md b/test-integ/README.md
new file mode 100644
index 000000000000..ebc611efa2bc
--- /dev/null
+++ b/test-integ/README.md
@@ -0,0 +1,3 @@
+# test-integ
+
+Go integration tests for consul. `/test/integration` also holds integration tests; they need migrating.
\ No newline at end of file
diff --git a/test-integ/go.mod b/test-integ/go.mod
new file mode 100644
index 000000000000..af6f6612392b
--- /dev/null
+++ b/test-integ/go.mod
@@ -0,0 +1,105 @@
+module github.com/hashicorp/consul/test-integ
+
+go 1.20
+
+require (
+	github.com/hashicorp/consul/api v1.22.0
+	github.com/hashicorp/consul/sdk v0.14.0
+	github.com/hashicorp/consul/test/integration/consul-container v0.0.0-20230628201853-bdf4fad7c5a5
+	github.com/hashicorp/consul/testing/deployer v0.0.0-00010101000000-000000000000
+	github.com/hashicorp/go-cleanhttp v0.5.2
+	github.com/itchyny/gojq v0.12.13
+	github.com/mitchellh/copystructure v1.2.0
+	github.com/stretchr/testify v1.8.4
+)
+
+require (
+	fortio.org/dflag v1.5.2 // indirect
+	fortio.org/fortio v1.54.0 // indirect
+	fortio.org/log v1.3.0 // indirect
+	fortio.org/sets v1.0.2 // indirect
+	fortio.org/version v1.0.2 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/agext/levenshtein v1.2.1 // indirect
+	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/armon/go-metrics v0.4.1 // indirect
+	github.com/avast/retry-go v3.0.0+incompatible // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/containerd/containerd v1.7.1 // indirect
+	github.com/cpuguy83/dockercfg v0.3.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/docker/distribution v2.8.1+incompatible // indirect
+	github.com/docker/docker v23.0.6+incompatible // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/fatih/color v1.14.1 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/btree v1.0.1 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-hclog v1.5.0 // indirect
+	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
+	github.com/hashicorp/go-msgpack v0.5.5 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/hashicorp/go-version v1.2.1 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/hcl/v2 v2.16.2 // indirect
+	github.com/hashicorp/memberlist v0.5.0 // indirect
+	github.com/hashicorp/serf v0.10.1 // indirect
+	github.com/imdario/mergo v0.3.15 // indirect
+	github.com/itchyny/timefmt-go v0.1.5 // indirect
+	github.com/klauspost/compress v1.16.5 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/miekg/dns v1.1.50 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/moby/patternmatcher v0.5.0 // indirect
+	github.com/moby/sys/sequential v0.5.0 // indirect
+	github.com/moby/term v0.5.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
+	github.com/opencontainers/runc v1.1.7 // indirect
+	github.com/otiai10/copy v1.10.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/rboyer/safeio v0.2.2 // indirect
+	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 // indirect
+	github.com/testcontainers/testcontainers-go v0.20.1 // indirect
+	github.com/zclconf/go-cty v1.12.1 // indirect
+	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
+	golang.org/x/mod v0.10.0 // indirect
+	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/tools v0.9.1 // indirect
+	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
+	google.golang.org/grpc v1.55.0 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	gotest.tools/v3 v3.4.0 // indirect
+)
+
+replace (
+	github.com/hashicorp/consul => ../
+	github.com/hashicorp/consul/api => ../api
+	github.com/hashicorp/consul/envoyextensions => ../envoyextensions
+	github.com/hashicorp/consul/proto-public => ../proto-public
+	github.com/hashicorp/consul/sdk => ../sdk
+	github.com/hashicorp/consul/test/integration/consul-container => ../test/integration/consul-container
+	github.com/hashicorp/consul/testing/deployer => ../testing/deployer
+)
\ No newline at end of file
diff --git a/test-integ/go.sum b/test-integ/go.sum
new file mode 100644
index 000000000000..960e4556762c
--- /dev/null
+++ b/test-integ/go.sum
@@ -0,0 +1,377 @@
+fortio.org/assert v1.1.4 h1:Za1RaG+OjsTMpQS3J3UCvTF6wc4+IOHCz+jAOU37Y4o=
+fortio.org/dflag v1.5.2 h1:F9XVRj4Qr2IbJP7BMj7XZc9wB0Q/RZ61Ool+4YPVad8=
+fortio.org/dflag v1.5.2/go.mod h1:ppb/A8u+KKg+qUUYZNYuvRnXuVb8IsdHb/XGzsmjkN8=
+fortio.org/fortio v1.54.0 h1:2jn8yTd6hcIEoKY4CjI0lI6XxTWVxsMYF2bMiWOmv+Y=
+fortio.org/fortio v1.54.0/go.mod h1:SRaZbikL31UoAkw0On2hwpvHrQ0rRVnsAz3UGVNvMRw=
+fortio.org/log v1.3.0 h1:bESPvuQGKejw7rrx41Sg3GoF+tsrB7oC08PxBs5/AM0=
+fortio.org/log v1.3.0/go.mod h1:u/8/2lyczXq52aT5Nw6reD+3cR6m/EbS2jBiIYhgiTU=
+fortio.org/sets v1.0.2 h1:gSWZFg9rgzl1zJfI/93lDJKBFw8WZ3Uxe3oQ5uDM4T4=
+fortio.org/sets v1.0.2/go.mod h1:xVjulHr0FhlmReSymI+AhDtQ4FgjiazQ3JmuNpYFMs8=
+fortio.org/version v1.0.2 h1:8NwxdX58aoeKx7T5xAPO0xlUu1Hpk42nRz5s6e6eKZ0=
+fortio.org/version v1.0.2/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0=
+github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
+github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
+github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
+github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek=
+github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
+github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
+github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
+github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
+github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
+github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0=
+github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
+github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
+github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
+github.com/containerd/containerd v1.7.1 h1:k8DbDkSOwt5rgxQ3uCI4WMKIJxIndSCBUaGm5oRn+Go=
+github.com/containerd/containerd v1.7.1/go.mod h1:gA+nJUADRBm98QS5j5RPROnt0POQSMK+r7P7EGMC/Qc=
+github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
+github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E=
+github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
+github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
+github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v23.0.6+incompatible h1:aBD4np894vatVX99UTx/GyOUOK4uEcROwA3+bQhEcoU=
+github.com/docker/docker v23.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
+github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
+github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
+github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
+github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
+github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
+github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
+github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI=
+github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
+github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
+github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
+github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
+github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
+github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
+github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
+github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
+github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
+github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
+github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/hcl/v2 v2.16.2 h1:mpkHZh/Tv+xet3sy3F9Ld4FyI2tUpWe9x3XtPx9f1a0=
+github.com/hashicorp/hcl/v2 v2.16.2/go.mod h1:JRmR89jycNkrrqnMmvPDMd56n1rQJ2Q6KocSLCMCXng=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
+github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM=
+github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0=
+github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
+github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
+github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
+github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU=
+github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4=
+github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE=
+github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
+github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
+github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
+github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
+github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
+github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
+github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
+github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
+github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
+github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
+github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
+github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
+github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
+github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
+github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
+github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
+github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
+github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
+github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/runc v1.1.7 h1:y2EZDS8sNng4Ksf0GUYNhKbTShZJPJg1FiXJNH/uoCk=
+github.com/opencontainers/runc v1.1.7/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
+github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
+github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
+github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
+github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
+github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
+github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
+github.com/rboyer/safeio v0.2.2 h1:XhtqyUTRleMYGyBt3ni4j2BtEh669U2ry2INnnd+B4k=
+github.com/rboyer/safeio v0.2.2/go.mod h1:pSnr2LFXyn/c/fotxotyOdYy7pP/XSh6MpBmzXPjiNc=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
+github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 h1:xzABM9let0HLLqFypcxvLmlvEciCHL7+Lv+4vwZqecI=
+github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569/go.mod h1:2Ly+NIftZN4de9zRmENdYbvPQeaVIYKWpLFStLFEBgI=
+github.com/testcontainers/testcontainers-go v0.20.1 h1:mK15UPJ8c5P+NsQKmkqzs/jMdJt6JMs5vlw2y4j92c0=
+github.com/testcontainers/testcontainers-go v0.20.1/go.mod h1:zb+NOlCQBkZ7RQp4QI+YMIHyO2CQ/qsXzNF5eLJ24SY=
+github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/zclconf/go-cty v1.12.1 h1:PcupnljUm9EIvbgSHQnHhUr3fO6oFmkOrvs2BAFNXXY=
+github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
+golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
+golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
+google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
+gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
\ No newline at end of file
diff --git a/test-integ/peering_commontopo/README.md b/test-integ/peering_commontopo/README.md
new file mode 100644
index 000000000000..c5f78a7ce6ba
--- /dev/null
+++ b/test-integ/peering_commontopo/README.md
@@ -0,0 +1,12 @@
+# peering_commontopo
+
+These peering tests all use a `commonTopo` (read: "common topology") to enable sharing a deployment of a Consul. Sharing a deployment of Consul cuts down on setup time.
+
+This is only possible if two constraints are followed:
+
+- `setup()` phase must ensure that any resources added to the topology cannot interfere with other tests. Principally by prefixing.
+- `test()` phase must be "passive" and not mutate the topology in any way that would interfere with other tests.
+
+Some of these tests *do* mutate in their `test()` phase, and while they use `commonTopo` for the purpose of code sharing, they are not included in the "shared topo" tests in `all_sharedtopo_test.go`.
+
+Tests that are "shared topo" can also be run in an independent manner, gated behind the `-no-reuse-common-topo` flag. The same flag also prevents the shared topo suite from running. So `go test .` (without the flag) runs all shared topo-capable tests in *shared topo mode*, as well as shared topo-incapable tests; and `go test -no-reuse-common-topo` runs all shared topo-capable tests *individidually*, as well as the shared topo-incapable tests. Mostly this is so that when working on a single test, you don't also need to run other tests, but by default when running `go test .` the usual way, you run all tests in the fastest way.
\ No newline at end of file
diff --git a/test-integ/peering_commontopo/ac1_basic_test.go b/test-integ/peering_commontopo/ac1_basic_test.go
new file mode 100644
index 000000000000..a8fed4f6575b
--- /dev/null
+++ b/test-integ/peering_commontopo/ac1_basic_test.go
@@ -0,0 +1,272 @@
+package peering
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+
+	"github.com/hashicorp/consul/api"
+)
+
+type ac1BasicSuite struct {
+	// inputs
+	DC   string
+	Peer string
+
+	// test points
+	sidServerHTTP  topology.ServiceID
+	sidServerTCP   topology.ServiceID
+	nodeServerHTTP topology.NodeID
+	nodeServerTCP  topology.NodeID
+
+	// 1.1
+	sidClientTCP  topology.ServiceID
+	nodeClientTCP topology.NodeID
+
+	// 1.2
+	sidClientHTTP  topology.ServiceID
+	nodeClientHTTP topology.NodeID
+
+	upstreamHTTP *topology.Upstream
+	upstreamTCP  *topology.Upstream
+}
+
+var ac1BasicSuites []sharedTopoSuite = []sharedTopoSuite{
+	&ac1BasicSuite{DC: "dc1", Peer: "dc2"},
+	&ac1BasicSuite{DC: "dc2", Peer: "dc1"},
+}
+
+func TestAC1Basic(t *testing.T) {
+	runShareableSuites(t, ac1BasicSuites)
+}
+
+func (s *ac1BasicSuite) testName() string {
+	return fmt.Sprintf("ac1 basic %s->%s", s.DC, s.Peer)
+}
+
+// creates clients in s.DC and servers in s.Peer
+func (s *ac1BasicSuite) setup(t *testing.T, ct *commonTopo) {
+	clu := ct.ClusterByDatacenter(t, s.DC)
+	peerClu := ct.ClusterByDatacenter(t, s.Peer)
+
+	partition := "default"
+	peer := LocalPeerName(peerClu, "default")
+	cluPeerName := LocalPeerName(clu, "default")
+	const prefix = "ac1-"
+
+	tcpServerSID := topology.ServiceID{
+		Name:      prefix + "server-tcp",
+		Partition: partition,
+	}
+	httpServerSID := topology.ServiceID{
+		Name:      prefix + "server-http",
+		Partition: partition,
+	}
+	upstreamHTTP := &topology.Upstream{
+		ID: topology.ServiceID{
+			Name:      httpServerSID.Name,
+			Partition: partition,
+		},
+		LocalPort: 5001,
+		Peer:      peer,
+	}
+	upstreamTCP := &topology.Upstream{
+		ID: topology.ServiceID{
+			Name:      tcpServerSID.Name,
+			Partition: partition,
+		},
+		LocalPort: 5000,
+		Peer:      peer,
+	}
+
+	// Make clients which have server upstreams
+	setupClientServiceAndConfigs := func(protocol string) (serviceExt, *topology.Node) {
+		sid := topology.ServiceID{
+			Name:      prefix + "client-" + protocol,
+			Partition: partition,
+		}
+		svc := serviceExt{
+			Service: NewFortioServiceWithDefaults(
+				clu.Datacenter,
+				sid,
+				func(s *topology.Service) {
+					s.Upstreams = []*topology.Upstream{
+						upstreamTCP,
+						upstreamHTTP,
+					}
+				},
+			),
+			Config: &api.ServiceConfigEntry{
+				Kind:      api.ServiceDefaults,
+				Name:      sid.Name,
+				Partition: ConfigEntryPartition(sid.Partition),
+				Protocol:  protocol,
+				UpstreamConfig: &api.UpstreamConfiguration{
+					Defaults: &api.UpstreamConfig{
+						MeshGateway: api.MeshGatewayConfig{
+							Mode: api.MeshGatewayModeLocal,
+						},
+					},
+				},
+			},
+		}
+
+		node := ct.AddServiceNode(clu, svc)
+
+		return svc, node
+	}
+	tcpClient, tcpClientNode := setupClientServiceAndConfigs("tcp")
+	httpClient, httpClientNode := setupClientServiceAndConfigs("http")
+
+	httpServer := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			peerClu.Datacenter,
+			httpServerSID,
+			nil,
+		),
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      httpServerSID.Name,
+			Partition: ConfigEntryPartition(httpServerSID.Partition),
+			Protocol:  "http",
+		},
+		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
+		Intentions: &api.ServiceIntentionsConfigEntry{
+			Kind:      api.ServiceIntentions,
+			Name:      httpServerSID.Name,
+			Partition: ConfigEntryPartition(httpServerSID.Partition),
+			Sources: []*api.SourceIntention{
+				{
+					Name:   tcpClient.ID.Name,
+					Peer:   cluPeerName,
+					Action: api.IntentionActionAllow,
+				},
+				{
+					Name:   httpClient.ID.Name,
+					Peer:   cluPeerName,
+					Action: api.IntentionActionAllow,
+				},
+			},
+		},
+	}
+	tcpServer := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			peerClu.Datacenter,
+			tcpServerSID,
+			nil,
+		),
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      tcpServerSID.Name,
+			Partition: ConfigEntryPartition(tcpServerSID.Partition),
+			Protocol:  "tcp",
+		},
+		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
+		Intentions: &api.ServiceIntentionsConfigEntry{
+			Kind:      api.ServiceIntentions,
+			Name:      tcpServerSID.Name,
+			Partition: ConfigEntryPartition(tcpServerSID.Partition),
+			Sources: []*api.SourceIntention{
+				{
+					Name:   tcpClient.ID.Name,
+					Peer:   cluPeerName,
+					Action: api.IntentionActionAllow,
+				},
+				{
+					Name:   httpClient.ID.Name,
+					Peer:   cluPeerName,
+					Action: api.IntentionActionAllow,
+				},
+			},
+		},
+	}
+
+	httpServerNode := ct.AddServiceNode(peerClu, httpServer)
+	tcpServerNode := ct.AddServiceNode(peerClu, tcpServer)
+
+	s.sidClientHTTP = httpClient.ID
+	s.nodeClientHTTP = httpClientNode.ID()
+	s.sidClientTCP = tcpClient.ID
+	s.nodeClientTCP = tcpClientNode.ID()
+	s.upstreamHTTP = upstreamHTTP
+	s.upstreamTCP = upstreamTCP
+
+	// these are references in Peer
+	s.sidServerHTTP = httpServerSID
+	s.nodeServerHTTP = httpServerNode.ID()
+	s.sidServerTCP = tcpServerSID
+	s.nodeServerTCP = tcpServerNode.ID()
+}
+
+// implements https://docs.google.com/document/d/1Fs3gNMhCqE4zVNMFcbzf02ZrB0kxxtJpI2h905oKhrs/edit#heading=h.wtzvyryyb56v
+func (s *ac1BasicSuite) test(t *testing.T, ct *commonTopo) {
+	dc := ct.Sprawl.Topology().Clusters[s.DC]
+	peer := ct.Sprawl.Topology().Clusters[s.Peer]
+	ac := s
+
+	// refresh this from Topology
+	svcClientTCP := dc.ServiceByID(
+		ac.nodeClientTCP,
+		ac.sidClientTCP,
+	)
+	svcClientHTTP := dc.ServiceByID(
+		ac.nodeClientHTTP,
+		ac.sidClientHTTP,
+	)
+	// our ac has the node/sid for server in the peer DC
+	svcServerHTTP := peer.ServiceByID(
+		ac.nodeServerHTTP,
+		ac.sidServerHTTP,
+	)
+	svcServerTCP := peer.ServiceByID(
+		ac.nodeServerTCP,
+		ac.sidServerTCP,
+	)
+
+	// preconditions
+	// these could be done parallel with each other, but complexity
+	// probably not worth the speed boost
+	ct.Assert.HealthyWithPeer(t, dc.Name, svcServerHTTP.ID, LocalPeerName(peer, "default"))
+	ct.Assert.HealthyWithPeer(t, dc.Name, svcServerTCP.ID, LocalPeerName(peer, "default"))
+	ct.Assert.UpstreamEndpointHealthy(t, svcClientTCP, ac.upstreamTCP)
+	ct.Assert.UpstreamEndpointHealthy(t, svcClientTCP, ac.upstreamHTTP)
+
+	tcs := []struct {
+		acSub int
+		proto string
+		svc   *topology.Service
+	}{
+		{1, "tcp", svcClientTCP},
+		{2, "http", svcClientHTTP},
+	}
+	for _, tc := range tcs {
+		tc := tc
+		t.Run(fmt.Sprintf("1.%d. %s in A can call HTTP upstream", tc.acSub, tc.proto), func(t *testing.T) {
+			t.Parallel()
+			ct.Assert.FortioFetch2HeaderEcho(t, tc.svc, ac.upstreamHTTP)
+		})
+		t.Run(fmt.Sprintf("1.%d. %s in A can call TCP upstream", tc.acSub, tc.proto), func(t *testing.T) {
+			t.Parallel()
+			ct.Assert.FortioFetch2HeaderEcho(t, tc.svc, ac.upstreamTCP)
+		})
+		t.Run(fmt.Sprintf("1.%d. via %s in A, FORTIO_NAME of HTTP upstream", tc.acSub, tc.proto), func(t *testing.T) {
+			t.Parallel()
+			ct.Assert.FortioFetch2FortioName(t,
+				tc.svc,
+				ac.upstreamHTTP,
+				peer.Name,
+				svcServerHTTP.ID,
+			)
+		})
+		t.Run(fmt.Sprintf("1.%d. via %s in A, FORTIO_NAME of TCP upstream", tc.acSub, tc.proto), func(t *testing.T) {
+			t.Parallel()
+			ct.Assert.FortioFetch2FortioName(t,
+				tc.svc,
+				ac.upstreamTCP,
+				peer.Name,
+				svcServerTCP.ID,
+			)
+		})
+	}
+}
diff --git a/test-integ/peering_commontopo/ac2_disco_chain_test.go b/test-integ/peering_commontopo/ac2_disco_chain_test.go
new file mode 100644
index 000000000000..c8081015c5f6
--- /dev/null
+++ b/test-integ/peering_commontopo/ac2_disco_chain_test.go
@@ -0,0 +1,203 @@
+package peering
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/api"
+)
+
+type ac2DiscoChainSuite struct {
+	DC   string
+	Peer string
+
+	clientSID topology.ServiceID
+}
+
+var ac2DiscoChainSuites []sharedTopoSuite = []sharedTopoSuite{
+	&ac2DiscoChainSuite{DC: "dc1", Peer: "dc2"},
+	&ac2DiscoChainSuite{DC: "dc2", Peer: "dc1"},
+}
+
+func TestAC2DiscoChain(t *testing.T) {
+	runShareableSuites(t, ac2DiscoChainSuites)
+}
+
+func (s *ac2DiscoChainSuite) testName() string {
+	return fmt.Sprintf("ac2 disco chain %s->%s", s.DC, s.Peer)
+}
+
+func (s *ac2DiscoChainSuite) setup(t *testing.T, ct *commonTopo) {
+	clu := ct.ClusterByDatacenter(t, s.DC)
+	peerClu := ct.ClusterByDatacenter(t, s.Peer)
+	partition := "default"
+	peer := LocalPeerName(peerClu, "default")
+
+	// Make an HTTP server with discovery chain config entries
+	server := NewFortioServiceWithDefaults(
+		clu.Datacenter,
+		topology.ServiceID{
+			Name:      "ac2-disco-chain-svc",
+			Partition: partition,
+		},
+		nil,
+	)
+	ct.ExportService(clu, partition,
+		api.ExportedService{
+			Name: server.ID.Name,
+			Consumers: []api.ServiceConsumer{
+				{
+					Peer: peer,
+				},
+			},
+		},
+	)
+
+	clu.InitialConfigEntries = append(clu.InitialConfigEntries,
+		&api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      server.ID.Name,
+			Partition: ConfigEntryPartition(partition),
+			Protocol:  "http",
+		},
+		&api.ServiceSplitterConfigEntry{
+			Kind:      api.ServiceSplitter,
+			Name:      server.ID.Name,
+			Partition: ConfigEntryPartition(partition),
+			Splits: []api.ServiceSplit{
+				{
+					Weight: 100.0,
+					ResponseHeaders: &api.HTTPHeaderModifiers{
+						Add: map[string]string{
+							"X-Split": "test",
+						},
+					},
+				},
+			},
+		},
+	)
+	ct.AddServiceNode(clu, serviceExt{Service: server})
+
+	// Define server as upstream for client
+	upstream := &topology.Upstream{
+		ID: topology.ServiceID{
+			Name:      server.ID.Name,
+			Partition: partition, // TODO: iterate over all possible partitions
+		},
+		// TODO: we need to expose this on 0.0.0.0 so we can check it
+		// through our forward proxy. not realistic IMO
+		LocalAddress: "0.0.0.0",
+		LocalPort:    5000,
+		Peer:         peer,
+	}
+
+	// Make client which will dial server
+	clientSID := topology.ServiceID{
+		Name:      "ac2-client",
+		Partition: partition,
+	}
+	client := NewFortioServiceWithDefaults(
+		clu.Datacenter,
+		clientSID,
+		func(s *topology.Service) {
+			s.Upstreams = []*topology.Upstream{
+				upstream,
+			}
+		},
+	)
+	ct.ExportService(clu, partition,
+		api.ExportedService{
+			Name: client.ID.Name,
+			Consumers: []api.ServiceConsumer{
+				{
+					Peer: peer,
+				},
+			},
+		},
+	)
+	ct.AddServiceNode(clu, serviceExt{Service: client})
+
+	clu.InitialConfigEntries = append(clu.InitialConfigEntries,
+		&api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      client.ID.Name,
+			Partition: ConfigEntryPartition(partition),
+			Protocol:  "http",
+			UpstreamConfig: &api.UpstreamConfiguration{
+				Defaults: &api.UpstreamConfig{
+					MeshGateway: api.MeshGatewayConfig{
+						Mode: api.MeshGatewayModeLocal,
+					},
+				},
+			},
+		},
+	)
+
+	// Add intention allowing client to call server
+	clu.InitialConfigEntries = append(clu.InitialConfigEntries,
+		&api.ServiceIntentionsConfigEntry{
+			Kind:      api.ServiceIntentions,
+			Name:      server.ID.Name,
+			Partition: ConfigEntryPartition(partition),
+			Sources: []*api.SourceIntention{
+				{
+					Name:   client.ID.Name,
+					Peer:   peer,
+					Action: api.IntentionActionAllow,
+				},
+			},
+		},
+	)
+
+	s.clientSID = clientSID
+}
+
+func (s *ac2DiscoChainSuite) test(t *testing.T, ct *commonTopo) {
+	dc := ct.Sprawl.Topology().Clusters[s.DC]
+
+	svcs := dc.ServicesByID(s.clientSID)
+	require.Len(t, svcs, 1, "expected exactly one client in datacenter")
+
+	client := svcs[0]
+	require.Len(t, client.Upstreams, 1, "expected exactly one upstream for client")
+	u := client.Upstreams[0]
+
+	t.Run("peered upstream exists in catalog", func(t *testing.T) {
+		t.Parallel()
+		ct.Assert.CatalogServiceExists(t, s.DC, u.ID.Name, &api.QueryOptions{
+			Peer: u.Peer,
+		})
+	})
+
+	t.Run("peered upstream endpoint status is healthy", func(t *testing.T) {
+		t.Parallel()
+		ct.Assert.UpstreamEndpointStatus(t, client, peerClusterPrefix(u), "HEALTHY", 1)
+	})
+
+	t.Run("response contains header injected by splitter", func(t *testing.T) {
+		t.Parallel()
+		// TODO: not sure we should call u.LocalPort? it's not realistic from a security
+		// standpoint. prefer the fortio fetch2 stuff myself
+		ct.Assert.HTTPServiceEchoesResHeader(t, client, u.LocalPort, "",
+			map[string]string{
+				"X-Split": "test",
+			},
+		)
+	})
+}
+
+// For reference see consul/xds/clusters.go:
+//
+//	func (s *ResourceGenerator) getTargetClusterName
+//
+// and connect/sni.go
+func peerClusterPrefix(u *topology.Upstream) string {
+	if u.Peer == "" {
+		panic("upstream is not from a peer")
+	}
+	u.ID.Normalize()
+	return u.ID.Name + "." + u.ID.Namespace + "." + u.Peer + ".external"
+}
diff --git a/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go b/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go
new file mode 100644
index 000000000000..c61070e63a54
--- /dev/null
+++ b/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go
@@ -0,0 +1,264 @@
+package peering
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/hashicorp/go-cleanhttp"
+	"github.com/itchyny/gojq"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
+)
+
+var ac3SvcDefaultsSuites []sharedTopoSuite = []sharedTopoSuite{
+	&ac3SvcDefaultsSuite{DC: "dc1", Peer: "dc2"},
+	&ac3SvcDefaultsSuite{DC: "dc2", Peer: "dc1"},
+}
+
+func TestAC3SvcDefaults(t *testing.T) {
+	runShareableSuites(t, ac3SvcDefaultsSuites)
+}
+
+type ac3SvcDefaultsSuite struct {
+	// inputs
+	DC   string
+	Peer string
+
+	// test points
+	sidServer  topology.ServiceID
+	nodeServer topology.NodeID
+	sidClient  topology.ServiceID
+	nodeClient topology.NodeID
+
+	upstream *topology.Upstream
+}
+
+func (s *ac3SvcDefaultsSuite) testName() string {
+	return fmt.Sprintf("ac3 service defaults upstreams %s->%s", s.DC, s.Peer)
+}
+
+// creates clients in s.DC and servers in s.Peer
+func (s *ac3SvcDefaultsSuite) setup(t *testing.T, ct *commonTopo) {
+	clu := ct.ClusterByDatacenter(t, s.DC)
+	peerClu := ct.ClusterByDatacenter(t, s.Peer)
+
+	partition := "default"
+	peer := LocalPeerName(peerClu, "default")
+	cluPeerName := LocalPeerName(clu, "default")
+
+	serverSID := topology.ServiceID{
+		Name:      "ac3-server",
+		Partition: partition,
+	}
+	upstream := &topology.Upstream{
+		ID: topology.ServiceID{
+			Name:      serverSID.Name,
+			Partition: partition,
+		},
+		LocalPort: 5001,
+		Peer:      peer,
+	}
+
+	sid := topology.ServiceID{
+		Name:      "ac3-client",
+		Partition: partition,
+	}
+	client := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			clu.Datacenter,
+			sid,
+			func(s *topology.Service) {
+				s.Upstreams = []*topology.Upstream{
+					upstream,
+				}
+			},
+		),
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      sid.Name,
+			Partition: ConfigEntryPartition(sid.Partition),
+			Protocol:  "http",
+			UpstreamConfig: &api.UpstreamConfiguration{
+				Overrides: []*api.UpstreamConfig{
+					{
+						Name:      upstream.ID.Name,
+						Namespace: upstream.ID.Namespace,
+						Peer:      peer,
+						PassiveHealthCheck: &api.PassiveHealthCheck{
+							MaxFailures: 1,
+							Interval:    10 * time.Minute,
+						},
+					},
+				},
+				Defaults: &api.UpstreamConfig{
+					MeshGateway: api.MeshGatewayConfig{
+						Mode: api.MeshGatewayModeLocal,
+					},
+				},
+			},
+		},
+	}
+
+	clientNode := ct.AddServiceNode(clu, client)
+
+	server := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			peerClu.Datacenter,
+			serverSID,
+			nil,
+		),
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      serverSID.Name,
+			Partition: ConfigEntryPartition(serverSID.Partition),
+			Protocol:  "http",
+		},
+		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
+		Intentions: &api.ServiceIntentionsConfigEntry{
+			Kind:      api.ServiceIntentions,
+			Name:      serverSID.Name,
+			Partition: ConfigEntryPartition(serverSID.Partition),
+			Sources: []*api.SourceIntention{
+				{
+					Name:   client.ID.Name,
+					Peer:   cluPeerName,
+					Action: api.IntentionActionAllow,
+				},
+			},
+		},
+	}
+
+	serverNode := ct.AddServiceNode(peerClu, server)
+
+	s.sidClient = client.ID
+	s.nodeClient = clientNode.ID()
+	s.upstream = upstream
+
+	// these are references in Peer
+	s.sidServer = serverSID
+	s.nodeServer = serverNode.ID()
+}
+
+// make two requests to upstream via client's fetch2 with status=<nonceStatus>
+// the first time, it should return nonceStatus
+// the second time, we expect the upstream to have been removed from the envoy cluster,
+// and thereby get some other 5xx
+func (s *ac3SvcDefaultsSuite) test(t *testing.T, ct *commonTopo) {
+	dc := ct.Sprawl.Topology().Clusters[s.DC]
+	peer := ct.Sprawl.Topology().Clusters[s.Peer]
+
+	// refresh this from Topology
+	svcClient := dc.ServiceByID(
+		s.nodeClient,
+		s.sidClient,
+	)
+	// our ac has the node/sid for server in the peer DC
+	svcServer := peer.ServiceByID(
+		s.nodeServer,
+		s.sidServer,
+	)
+
+	// preconditions
+	// these could be done parallel with each other, but complexity
+	// probably not worth the speed boost
+	ct.Assert.HealthyWithPeer(t, dc.Name, svcServer.ID, LocalPeerName(peer, "default"))
+	ct.Assert.UpstreamEndpointHealthy(t, svcClient, s.upstream)
+	// TODO: we need to let the upstream start serving properly before we do this. if it
+	// isn't ready and returns a 5xx (which it will do if it's not up yet!), it will stick
+	// in a down state for PassiveHealthCheck.Interval
+	time.Sleep(30 * time.Second)
+	ct.Assert.FortioFetch2HeaderEcho(t, svcClient, s.upstream)
+
+	// TODO: use proxied HTTP client
+	client := cleanhttp.DefaultClient()
+	// TODO: what is default? namespace? partition?
+	clusterName := fmt.Sprintf("%s.default.%s.external", s.upstream.ID.Name, s.upstream.Peer)
+	nonceStatus := http.StatusInsufficientStorage
+	url507 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", svcClient.ExposedPort,
+		url.QueryEscape(fmt.Sprintf("http://localhost:%d/?status=%d", s.upstream.LocalPort, nonceStatus)),
+	)
+
+	// we only make this call once
+	req, err := http.NewRequest(http.MethodGet, url507, nil)
+	require.NoError(t, err)
+	res, err := client.Do(req)
+	require.NoError(t, err)
+	defer res.Body.Close()
+	require.Equal(t, nonceStatus, res.StatusCode)
+
+	// this is a modified version of assertEnvoyUpstreamHealthy
+	envoyAddr := fmt.Sprintf("localhost:%d", svcClient.ExposedEnvoyAdminPort)
+	retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
+		// BOOKMARK: avoid libassert, but we need to resurrect this method in asserter first
+		clusters, statusCode, err := libassert.GetEnvoyOutputWithClient(client, envoyAddr, "clusters", map[string]string{"format": "json"})
+		if err != nil {
+			r.Fatal("could not fetch envoy clusters")
+		}
+		require.Equal(r, 200, statusCode)
+
+		filter := fmt.Sprintf(
+			`.cluster_statuses[]
+			| select(.name|contains("%s"))
+			| [.host_statuses[].health_status.failed_outlier_check]
+			|.[0]`,
+			clusterName)
+		result, err := jqOne(clusters, filter)
+		require.NoErrorf(r, err, "could not found cluster name %q: %v \n%s", clusterName, err, clusters)
+
+		resultAsBool, ok := result.(bool)
+		require.True(r, ok)
+		require.True(r, resultAsBool)
+	})
+
+	url200 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", svcClient.ExposedPort,
+		url.QueryEscape(fmt.Sprintf("http://localhost:%d/", s.upstream.LocalPort)),
+	)
+	retry.RunWith(&retry.Timer{Timeout: time.Minute * 1, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
+		req, err := http.NewRequest(http.MethodGet, url200, nil)
+		require.NoError(r, err)
+		res, err := client.Do(req)
+		require.NoError(r, err)
+		defer res.Body.Close()
+		require.True(r, res.StatusCode >= 500 && res.StatusCode < 600 && res.StatusCode != nonceStatus)
+	})
+}
+
+// Executes the JQ filter against the given JSON string.
+// Iff there is one result, return that.
+func jqOne(config, filter string) (interface{}, error) {
+	query, err := gojq.Parse(filter)
+	if err != nil {
+		return nil, err
+	}
+
+	var m interface{}
+	err = json.Unmarshal([]byte(config), &m)
+	if err != nil {
+		return nil, err
+	}
+
+	iter := query.Run(m)
+	result := []interface{}{}
+	for {
+		v, ok := iter.Next()
+		if !ok {
+			break
+		}
+		if err, ok := v.(error); ok {
+			return nil, err
+		}
+		result = append(result, v)
+	}
+	if len(result) != 1 {
+		return nil, fmt.Errorf("required result of len 1, but is %d: %v", len(result), result)
+	}
+	return result[0], nil
+}
diff --git a/test-integ/peering_commontopo/ac4_proxy_defaults_test.go b/test-integ/peering_commontopo/ac4_proxy_defaults_test.go
new file mode 100644
index 000000000000..b20986eebae0
--- /dev/null
+++ b/test-integ/peering_commontopo/ac4_proxy_defaults_test.go
@@ -0,0 +1,213 @@
+package peering
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/hashicorp/go-cleanhttp"
+	"github.com/stretchr/testify/require"
+)
+
+type ac4ProxyDefaultsSuite struct {
+	DC   string
+	Peer string
+
+	nodeClient topology.NodeID
+	nodeServer topology.NodeID
+
+	serverSID topology.ServiceID
+	clientSID topology.ServiceID
+	upstream  *topology.Upstream
+}
+
+var ac4ProxyDefaultsSuites []sharedTopoSuite = []sharedTopoSuite{
+	&ac4ProxyDefaultsSuite{DC: "dc1", Peer: "dc2"},
+	&ac4ProxyDefaultsSuite{DC: "dc2", Peer: "dc1"},
+}
+
+func TestAC4ProxyDefaults(t *testing.T) {
+	runShareableSuites(t, ac4ProxyDefaultsSuites)
+}
+
+func (s *ac4ProxyDefaultsSuite) testName() string {
+	return fmt.Sprintf("ac4 proxy defaults %s->%s", s.DC, s.Peer)
+}
+
+// creates clients in s.DC and servers in s.Peer
+func (s *ac4ProxyDefaultsSuite) setup(t *testing.T, ct *commonTopo) {
+	clu := ct.ClusterByDatacenter(t, s.DC)
+	peerClu := ct.ClusterByDatacenter(t, s.Peer)
+
+	partition := "default"
+	peer := LocalPeerName(peerClu, "default")
+	cluPeerName := LocalPeerName(clu, "default")
+
+	serverSID := topology.ServiceID{
+		Name:      "ac4-server-http",
+		Partition: partition,
+	}
+	// Define server as upstream for client
+	upstream := &topology.Upstream{
+		ID:        serverSID,
+		LocalPort: 5000,
+		Peer:      peer,
+	}
+
+	// Make client which will dial server
+	clientSID := topology.ServiceID{
+		Name:      "ac4-http-client",
+		Partition: partition,
+	}
+	client := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			clu.Datacenter,
+			clientSID,
+			func(s *topology.Service) {
+				s.Upstreams = []*topology.Upstream{
+					upstream,
+				}
+			},
+		),
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      clientSID.Name,
+			Partition: ConfigEntryPartition(clientSID.Partition),
+			Protocol:  "http",
+			UpstreamConfig: &api.UpstreamConfiguration{
+				Defaults: &api.UpstreamConfig{
+					MeshGateway: api.MeshGatewayConfig{
+						Mode: api.MeshGatewayModeLocal,
+					},
+				},
+			},
+		},
+	}
+	clientNode := ct.AddServiceNode(clu, client)
+
+	server := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			peerClu.Datacenter,
+			serverSID,
+			nil,
+		),
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      serverSID.Name,
+			Partition: ConfigEntryPartition(serverSID.Partition),
+			Protocol:  "http",
+		},
+		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
+		Intentions: &api.ServiceIntentionsConfigEntry{
+			Kind:      api.ServiceIntentions,
+			Name:      serverSID.Name,
+			Partition: ConfigEntryPartition(serverSID.Partition),
+			Sources: []*api.SourceIntention{
+				{
+					Name:   client.ID.Name,
+					Peer:   cluPeerName,
+					Action: api.IntentionActionAllow,
+				},
+			},
+		},
+	}
+
+	peerClu.InitialConfigEntries = append(peerClu.InitialConfigEntries,
+		&api.ProxyConfigEntry{
+			Kind:      api.ProxyDefaults,
+			Name:      api.ProxyConfigGlobal,
+			Partition: ConfigEntryPartition(server.ID.Partition),
+			Config: map[string]interface{}{
+				"protocol":                 "http",
+				"local_request_timeout_ms": 500,
+			},
+			MeshGateway: api.MeshGatewayConfig{
+				Mode: api.MeshGatewayModeLocal,
+			},
+		},
+	)
+
+	serverNode := ct.AddServiceNode(peerClu, server)
+
+	s.clientSID = clientSID
+	s.serverSID = serverSID
+	s.nodeServer = serverNode.ID()
+	s.nodeClient = clientNode.ID()
+	s.upstream = upstream
+}
+
+func (s *ac4ProxyDefaultsSuite) test(t *testing.T, ct *commonTopo) {
+	var client *topology.Service
+
+	dc := ct.Sprawl.Topology().Clusters[s.DC]
+	peer := ct.Sprawl.Topology().Clusters[s.Peer]
+
+	clientSVC := dc.ServiceByID(
+		s.nodeClient,
+		s.clientSID,
+	)
+	serverSVC := peer.ServiceByID(
+		s.nodeServer,
+		s.serverSID,
+	)
+
+	// preconditions check
+	ct.Assert.HealthyWithPeer(t, dc.Name, serverSVC.ID, LocalPeerName(peer, "default"))
+	ct.Assert.UpstreamEndpointHealthy(t, clientSVC, s.upstream)
+	ct.Assert.FortioFetch2HeaderEcho(t, clientSVC, s.upstream)
+
+	t.Run("Validate services exist in catalog", func(t *testing.T) {
+		dcSvcs := dc.ServicesByID(s.clientSID)
+		require.Len(t, dcSvcs, 1, "expected exactly one client")
+		client = dcSvcs[0]
+		require.Len(t, client.Upstreams, 1, "expected exactly one upstream for client")
+
+		server := dc.ServicesByID(s.serverSID)
+		require.Len(t, server, 1, "expected exactly one server")
+		require.Len(t, server[0].Upstreams, 0, "expected no upstream for server")
+	})
+
+	t.Run("peered upstream exists in catalog", func(t *testing.T) {
+		ct.Assert.CatalogServiceExists(t, s.DC, s.upstream.ID.Name, &api.QueryOptions{
+			Peer: s.upstream.Peer,
+		})
+	})
+
+	t.Run("HTTP service fails due to connection timeout", func(t *testing.T) {
+		url504 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", client.ExposedPort,
+			url.QueryEscape(fmt.Sprintf("http://localhost:%d/?delay=1000ms", s.upstream.LocalPort)),
+		)
+
+		url200 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", client.ExposedPort,
+			url.QueryEscape(fmt.Sprintf("http://localhost:%d/", s.upstream.LocalPort)),
+		)
+
+		// validate request timeout error where service has 1000ms response delay and
+		// proxy default is set to local_request_timeout_ms: 500ms
+		// return 504
+		httpClient := cleanhttp.DefaultClient()
+		req, err := http.NewRequest(http.MethodGet, url504, nil)
+		require.NoError(t, err)
+
+		res, err := httpClient.Do(req)
+		require.NoError(t, err)
+
+		defer res.Body.Close()
+		require.Equal(t, http.StatusGatewayTimeout, res.StatusCode)
+
+		// validate successful GET request where service has no response delay and
+		// proxy default is set to local_request_timeout_ms: 500ms
+		// return 200
+		req, err = http.NewRequest(http.MethodGet, url200, nil)
+		require.NoError(t, err)
+
+		res, err = httpClient.Do(req)
+		require.NoError(t, err)
+
+		defer res.Body.Close()
+		require.Equal(t, http.StatusOK, res.StatusCode)
+	})
+}
diff --git a/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go b/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go
new file mode 100644
index 000000000000..d22118e2d8de
--- /dev/null
+++ b/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go
@@ -0,0 +1,129 @@
+package peering
+
+import (
+	"fmt"
+
+	"testing"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/stretchr/testify/require"
+)
+
+type ac5_1NoSvcMeshSuite struct {
+	DC   string
+	Peer string
+
+	serverSID topology.ServiceID
+	clientSID topology.ServiceID
+}
+
+var (
+	ac5_1NoSvcMeshSuites []sharedTopoSuite = []sharedTopoSuite{
+		&ac5_1NoSvcMeshSuite{DC: "dc1", Peer: "dc2"},
+		&ac5_1NoSvcMeshSuite{DC: "dc2", Peer: "dc1"},
+	}
+)
+
+func TestAC5ServiceMeshDisabledSuite(t *testing.T) {
+	runShareableSuites(t, ac5_1NoSvcMeshSuites)
+}
+
+func (s *ac5_1NoSvcMeshSuite) testName() string {
+	return fmt.Sprintf("ac5.1 no service mesh %s->%s", s.DC, s.Peer)
+}
+
+// creates clients in s.DC and servers in s.Peer
+func (s *ac5_1NoSvcMeshSuite) setup(t *testing.T, ct *commonTopo) {
+	clu := ct.ClusterByDatacenter(t, s.DC)
+	peerClu := ct.ClusterByDatacenter(t, s.Peer)
+
+	// TODO: handle all partitions
+	partition := "default"
+	peer := LocalPeerName(peerClu, partition)
+
+	serverSID := topology.ServiceID{
+		Name:      "ac5-server-http",
+		Partition: partition,
+	}
+
+	// Make client which will dial server
+	clientSID := topology.ServiceID{
+		Name:      "ac5-http-client",
+		Partition: partition,
+	}
+
+	// disable service mesh for client in s.DC
+	client := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			clu.Datacenter,
+			clientSID,
+			func(s *topology.Service) {
+				s.EnvoyAdminPort = 0
+				s.DisableServiceMesh = true
+			},
+		),
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      clientSID.Name,
+			Partition: ConfigEntryPartition(clientSID.Partition),
+			Protocol:  "http",
+		},
+		Exports: []api.ServiceConsumer{{Peer: peer}},
+	}
+	ct.AddServiceNode(clu, client)
+
+	server := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			clu.Datacenter,
+			serverSID,
+			nil,
+		),
+		Exports: []api.ServiceConsumer{{Peer: peer}},
+	}
+
+	ct.AddServiceNode(clu, server)
+
+	s.clientSID = clientSID
+	s.serverSID = serverSID
+}
+
+func (s *ac5_1NoSvcMeshSuite) test(t *testing.T, ct *commonTopo) {
+	dc := ct.Sprawl.Topology().Clusters[s.DC]
+	peer := ct.Sprawl.Topology().Clusters[s.Peer]
+	cl := ct.APIClientForCluster(t, dc)
+	peerName := LocalPeerName(peer, "default")
+
+	s.testServiceHealthInCatalog(t, ct, cl, peerName)
+	s.testProxyDisabledInDC2(t, cl, peerName)
+}
+
+func (s *ac5_1NoSvcMeshSuite) testServiceHealthInCatalog(t *testing.T, ct *commonTopo, cl *api.Client, peer string) {
+	t.Run("validate service health in catalog", func(t *testing.T) {
+		libassert.CatalogServiceExists(t, cl, s.clientSID.Name, &api.QueryOptions{
+			Peer: peer,
+		})
+		require.NotEqual(t, s.serverSID.Name, s.Peer)
+		assertServiceHealth(t, cl, s.serverSID.Name, 1)
+	})
+}
+
+func (s *ac5_1NoSvcMeshSuite) testProxyDisabledInDC2(t *testing.T, cl *api.Client, peer string) {
+	t.Run("service mesh is disabled", func(t *testing.T) {
+		var (
+			services map[string][]string
+			err      error
+			expected = fmt.Sprintf("%s-sidecar-proxy", s.clientSID.Name)
+		)
+		retry.Run(t, func(r *retry.R) {
+			services, _, err = cl.Catalog().Services(&api.QueryOptions{
+				Peer: peer,
+			})
+			require.NoError(r, err, "error reading service data")
+			require.Greater(r, len(services), 0, "did not find service(s) in catalog")
+		})
+		require.NotContains(t, services, expected, fmt.Sprintf("error: should not create proxy for service: %s", services))
+	})
+}
diff --git a/test-integ/peering_commontopo/ac5_2_pq_failover_test.go b/test-integ/peering_commontopo/ac5_2_pq_failover_test.go
new file mode 100644
index 000000000000..4833173e82a8
--- /dev/null
+++ b/test-integ/peering_commontopo/ac5_2_pq_failover_test.go
@@ -0,0 +1,398 @@
+package peering
+
+import (
+	"fmt"
+	"time"
+
+	"testing"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/stretchr/testify/require"
+)
+
+// 1. Setup: put health service instances in each of the 3 clusters and create the PQ in one of them
+// 2. Execute the PQ: Validate that failover count == 0 and that the pq results come from the local cluster
+// 3. Register a failing TTL health check with the agent managing the service instance in the local cluster
+// 4. Execute the PQ: Validate that failover count == 1 and that the pq results come from the first failover target peer
+// 5. Register a failing TTL health check with the agent managing the service instance in the first failover peer
+// 6. Execute the PQ: Validate that failover count == 2 and that the pq results come from the second failover target
+// 7. Delete failing health check from step 5
+// 8. Repeat step 4
+// 9. Delete failing health check from step 3
+// 10. Repeat step 2
+type ac5_2PQFailoverSuite struct {
+	clientSID  topology.ServiceID
+	serverSID  topology.ServiceID
+	nodeServer topology.NodeID
+}
+
+var ac5_2Context = make(map[nodeKey]ac5_2PQFailoverSuite)
+
+func TestAC5PreparedQueryFailover(t *testing.T) {
+	ct := NewCommonTopo(t)
+	s := &ac5_2PQFailoverSuite{}
+	s.setup(t, ct)
+	ct.Launch(t)
+	s.test(t, ct)
+}
+
+func (s *ac5_2PQFailoverSuite) setup(t *testing.T, ct *commonTopo) {
+	s.setupDC(ct, ct.DC1, ct.DC2)
+	s.setupDC(ct, ct.DC2, ct.DC1)
+	s.setupDC3(ct, ct.DC3, ct.DC1, ct.DC2)
+}
+
+func (s *ac5_2PQFailoverSuite) setupDC(ct *commonTopo, clu, peerClu *topology.Cluster) {
+	// TODO: handle all partitions
+	partition := "default"
+	peer := LocalPeerName(peerClu, partition)
+
+	serverSID := topology.ServiceID{
+		Name:      "ac5-server-http",
+		Partition: partition,
+	}
+
+	clientSID := topology.ServiceID{
+		Name:      "ac5-client-http",
+		Partition: partition,
+	}
+
+	client := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			clu.Datacenter,
+			clientSID,
+			func(s *topology.Service) {
+				s.EnvoyAdminPort = 0
+				s.DisableServiceMesh = true
+			},
+		),
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      clientSID.Name,
+			Partition: ConfigEntryPartition(clientSID.Partition),
+			Protocol:  "http",
+		},
+		Exports: []api.ServiceConsumer{{Peer: peer}},
+	}
+
+	ct.AddServiceNode(clu, client)
+
+	server := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			clu.Datacenter,
+			serverSID,
+			nil,
+		),
+		Exports: []api.ServiceConsumer{{Peer: peer}},
+	}
+	serverNode := ct.AddServiceNode(clu, server)
+
+	ac5_2Context[nodeKey{clu.Datacenter, partition}] = ac5_2PQFailoverSuite{
+		clientSID:  clientSID,
+		serverSID:  serverSID,
+		nodeServer: serverNode.ID(),
+	}
+}
+
+func (s *ac5_2PQFailoverSuite) setupDC3(ct *commonTopo, clu, peer1, peer2 *topology.Cluster) {
+	var (
+		peers     []string
+		partition = "default"
+	)
+	peers = append(peers, LocalPeerName(peer1, partition), LocalPeerName(peer2, partition))
+
+	serverSID := topology.ServiceID{
+		Name:      "ac5-server-http",
+		Partition: partition,
+	}
+
+	clientSID := topology.ServiceID{
+		Name:      "ac5-client-http",
+		Partition: partition,
+	}
+
+	// disable service mesh for client in DC3
+	client := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			clu.Datacenter,
+			clientSID,
+			func(s *topology.Service) {
+				s.EnvoyAdminPort = 0
+				s.DisableServiceMesh = true
+			},
+		),
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      clientSID.Name,
+			Partition: ConfigEntryPartition(clientSID.Partition),
+			Protocol:  "http",
+		},
+		Exports: func() []api.ServiceConsumer {
+			var consumers []api.ServiceConsumer
+			for _, peer := range peers {
+				consumers = append(consumers, api.ServiceConsumer{
+					Peer: peer,
+				})
+			}
+			return consumers
+		}(),
+	}
+
+	ct.AddServiceNode(clu, client)
+
+	server := serviceExt{
+		Service: NewFortioServiceWithDefaults(
+			clu.Datacenter,
+			serverSID,
+			nil,
+		),
+		Exports: func() []api.ServiceConsumer {
+			var consumers []api.ServiceConsumer
+			for _, peer := range peers {
+				consumers = append(consumers, api.ServiceConsumer{
+					Peer: peer,
+				})
+			}
+			return consumers
+		}(),
+	}
+
+	serverNode := ct.AddServiceNode(clu, server)
+
+	ac5_2Context[nodeKey{clu.Datacenter, partition}] = ac5_2PQFailoverSuite{
+		clientSID:  clientSID,
+		serverSID:  serverSID,
+		nodeServer: serverNode.ID(),
+	}
+}
+
+func (s *ac5_2PQFailoverSuite) createPreparedQuery(t *testing.T, ct *commonTopo, c *api.Client, serviceName, partition string) (*api.PreparedQueryDefinition, *api.PreparedQuery) {
+	var (
+		peers []string
+		err   error
+	)
+	peers = append(peers, LocalPeerName(ct.DC2, partition), LocalPeerName(ct.DC3, partition))
+
+	def := &api.PreparedQueryDefinition{
+		Name: "ac5-prepared-query",
+		Service: api.ServiceQuery{
+			Service:     serviceName,
+			Partition:   ConfigEntryPartition(partition),
+			OnlyPassing: true,
+			Failover: api.QueryFailoverOptions{
+				Targets: func() []api.QueryFailoverTarget {
+					var queryFailoverTargets []api.QueryFailoverTarget
+					for _, peer := range peers {
+						queryFailoverTargets = append(queryFailoverTargets, api.QueryFailoverTarget{
+							Peer: peer,
+						})
+					}
+					return queryFailoverTargets
+				}(),
+			},
+		},
+	}
+
+	query := c.PreparedQuery()
+	def.ID, _, err = query.Create(def, nil)
+	require.NoError(t, err, "error creating prepared query in cluster")
+
+	return def, query
+}
+
+func (s *ac5_2PQFailoverSuite) test(t *testing.T, ct *commonTopo) {
+	partition := "default"
+	dc1 := ct.Sprawl.Topology().Clusters[ct.DC1.Name]
+	dc2 := ct.Sprawl.Topology().Clusters[ct.DC2.Name]
+	dc3 := ct.Sprawl.Topology().Clusters[ct.DC3.Name]
+
+	type testcase struct {
+		cluster       *topology.Cluster
+		peer          *topology.Cluster
+		targetCluster *topology.Cluster
+	}
+	tcs := []testcase{
+		{
+			cluster:       dc1,
+			peer:          dc2,
+			targetCluster: dc3,
+		},
+	}
+	for _, tc := range tcs {
+		client := ct.APIClientForCluster(t, tc.cluster)
+
+		t.Run(fmt.Sprintf("%#v", tc), func(t *testing.T) {
+			svc := ac5_2Context[nodeKey{tc.cluster.Name, partition}]
+			require.NotNil(t, svc.serverSID.Name, "expected service name to not be nil")
+			require.NotNil(t, svc.nodeServer, "expected node server to not be nil")
+
+			assertServiceHealth(t, client, svc.serverSID.Name, 1)
+			def, _ := s.createPreparedQuery(t, ct, client, svc.serverSID.Name, partition)
+			s.testPreparedQueryZeroFailover(t, client, def, tc.cluster)
+			s.testPreparedQuerySingleFailover(t, ct, client, def, tc.cluster, tc.peer, partition)
+			s.testPreparedQueryTwoFailovers(t, ct, client, def, tc.cluster, tc.peer, tc.targetCluster, partition)
+
+			// delete failing health check in peer cluster & validate single failover
+			s.testPQSingleFailover(t, ct, client, def, tc.cluster, tc.peer, partition)
+			// delete failing health check in cluster & validate zero failover
+			s.testPQZeroFailover(t, ct, client, def, tc.cluster, tc.peer, partition)
+		})
+	}
+}
+
+func (s *ac5_2PQFailoverSuite) testPreparedQueryZeroFailover(t *testing.T, cl *api.Client, def *api.PreparedQueryDefinition, cluster *topology.Cluster) {
+	t.Run(fmt.Sprintf("prepared query should not failover %s", cluster.Name), func(t *testing.T) {
+
+		// Validate prepared query exists in cluster
+		queryDef, _, err := cl.PreparedQuery().Get(def.ID, nil)
+		require.NoError(t, err)
+		require.Len(t, queryDef, 1, "expected 1 prepared query")
+		require.Equal(t, 2, len(queryDef[0].Service.Failover.Targets), "expected 2 prepared query failover targets to dc2 and dc3")
+
+		retry.RunWith(&retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
+			queryResult, _, err := cl.PreparedQuery().Execute(def.ID, nil)
+			require.NoError(r, err)
+
+			// expected outcome should show 0 failover
+			require.Equal(r, 0, queryResult.Failovers, "expected 0 prepared query failover")
+			require.Equal(r, cluster.Name, queryResult.Nodes[0].Node.Datacenter, "pq results should come from the local cluster")
+		})
+	})
+}
+
+func (s *ac5_2PQFailoverSuite) testPreparedQuerySingleFailover(t *testing.T, ct *commonTopo, cl *api.Client, def *api.PreparedQueryDefinition, cluster, peerClu *topology.Cluster, partition string) {
+	t.Run(fmt.Sprintf("prepared query with single failover %s", cluster.Name), func(t *testing.T) {
+		cfg := ct.Sprawl.Config()
+		svc := ac5_2Context[nodeKey{cluster.Name, partition}]
+
+		nodeCfg := DisableNode(t, cfg, cluster.Name, svc.nodeServer)
+		require.NoError(t, ct.Sprawl.Relaunch(nodeCfg))
+
+		// assert server health status
+		assertServiceHealth(t, cl, svc.serverSID.Name, 0)
+
+		// Validate prepared query exists in cluster
+		queryDef, _, err := cl.PreparedQuery().Get(def.ID, nil)
+		require.NoError(t, err)
+		require.Len(t, queryDef, 1, "expected 1 prepared query")
+
+		pqFailoverTargets := queryDef[0].Service.Failover.Targets
+		require.Len(t, pqFailoverTargets, 2, "expected 2 prepared query failover targets to dc2 and dc3")
+
+		retry.RunWith(&retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
+			queryResult, _, err := cl.PreparedQuery().Execute(def.ID, nil)
+			require.NoError(r, err)
+
+			require.Equal(r, 1, queryResult.Failovers, "expected 1 prepared query failover")
+			require.Equal(r, peerClu.Name, queryResult.Nodes[0].Node.Datacenter, fmt.Sprintf("the pq results should originate from peer clu %s", peerClu.Name))
+			require.Equal(r, pqFailoverTargets[0].Peer, queryResult.Nodes[0].Checks[0].PeerName,
+				fmt.Sprintf("pq results should come from the first failover target peer %s", pqFailoverTargets[0].Peer))
+		})
+	})
+}
+
+func (s *ac5_2PQFailoverSuite) testPreparedQueryTwoFailovers(t *testing.T, ct *commonTopo, cl *api.Client, def *api.PreparedQueryDefinition, cluster, peerClu, targetCluster *topology.Cluster, partition string) {
+	t.Run(fmt.Sprintf("prepared query with two failovers %s", cluster.Name), func(t *testing.T) {
+		cfg := ct.Sprawl.Config()
+
+		svc := ac5_2Context[nodeKey{peerClu.Name, partition}]
+
+		cfg = DisableNode(t, cfg, peerClu.Name, svc.nodeServer)
+		require.NoError(t, ct.Sprawl.Relaunch(cfg))
+
+		// assert server health status
+		assertServiceHealth(t, cl, ac5_2Context[nodeKey{cluster.Name, partition}].serverSID.Name, 0) // cluster: failing
+		assertServiceHealth(t, cl, svc.serverSID.Name, 0)                                            // peer cluster: failing
+
+		queryDef, _, err := cl.PreparedQuery().Get(def.ID, nil)
+		require.NoError(t, err)
+		require.Len(t, queryDef, 1, "expected 1 prepared query")
+
+		pqFailoverTargets := queryDef[0].Service.Failover.Targets
+		require.Len(t, pqFailoverTargets, 2, "expected 2 prepared query failover targets to dc2 and dc3")
+
+		retry.RunWith(&retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
+			queryResult, _, err := cl.PreparedQuery().Execute(def.ID, nil)
+			require.NoError(r, err)
+			require.Equal(r, 2, queryResult.Failovers, "expected 2 prepared query failover")
+
+			require.Equal(r, targetCluster.Name, queryResult.Nodes[0].Node.Datacenter, fmt.Sprintf("the pq results should originate from cluster %s", targetCluster.Name))
+			require.Equal(r, pqFailoverTargets[1].Peer, queryResult.Nodes[0].Checks[0].PeerName,
+				fmt.Sprintf("pq results should come from the second failover target peer %s", pqFailoverTargets[1].Peer))
+		})
+	})
+}
+
+func (s *ac5_2PQFailoverSuite) testPQSingleFailover(t *testing.T, ct *commonTopo, cl *api.Client, def *api.PreparedQueryDefinition, cluster, peerClu *topology.Cluster, partition string) {
+	t.Run(fmt.Sprintf("delete failing health check in %s and validate single failover %s", peerClu.Name, cluster.Name), func(t *testing.T) {
+		cfg := ct.Sprawl.Config()
+
+		svc := ac5_2Context[nodeKey{peerClu.Name, partition}]
+
+		cfg = EnableNode(t, cfg, peerClu.Name, svc.nodeServer)
+		require.NoError(t, ct.Sprawl.Relaunch(cfg))
+
+		queryDef, _, err := cl.PreparedQuery().Get(def.ID, nil)
+		require.NoError(t, err)
+
+		pqFailoverTargets := queryDef[0].Service.Failover.Targets
+		require.Len(t, pqFailoverTargets, 2, "expected 2 prepared query failover targets to dc2 and dc3")
+
+		retry.RunWith(&retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
+			queryResult, _, err := cl.PreparedQuery().Execute(def.ID, nil)
+			require.NoError(r, err)
+			require.Equal(r, 1, queryResult.Failovers, "expected 1 prepared query failover")
+
+			require.Equal(r, peerClu.Name, queryResult.Nodes[0].Node.Datacenter, fmt.Sprintf("the pq results should originate from cluster %s", peerClu.Name))
+			require.Equal(r, pqFailoverTargets[0].Peer, queryResult.Nodes[0].Checks[0].PeerName,
+				fmt.Sprintf("pq results should come from the second failover target peer %s", pqFailoverTargets[0].Peer))
+		})
+	})
+}
+
+func (s *ac5_2PQFailoverSuite) testPQZeroFailover(t *testing.T, ct *commonTopo, cl *api.Client, def *api.PreparedQueryDefinition, cluster, peerClu *topology.Cluster, partition string) {
+	t.Run(fmt.Sprintf("delete failing health check in %s and validate zero failover %s", cluster.Name, cluster.Name), func(t *testing.T) {
+		cfg := ct.Sprawl.Config()
+
+		svc := ac5_2Context[nodeKey{cluster.Name, partition}]
+
+		cfg = EnableNode(t, cfg, cluster.Name, svc.nodeServer)
+		require.NoError(t, ct.Sprawl.Relaunch(cfg))
+
+		// assert server health status
+		assertServiceHealth(t, cl, ac5_2Context[nodeKey{cluster.Name, partition}].serverSID.Name, 1) // cluster: passing
+		assertServiceHealth(t, cl, svc.serverSID.Name, 1)                                            // peer cluster: passing
+
+		queryDef, _, err := cl.PreparedQuery().Get(def.ID, nil)
+		require.NoError(t, err)
+
+		pqFailoverTargets := queryDef[0].Service.Failover.Targets
+		require.Len(t, pqFailoverTargets, 2, "expected 2 prepared query failover targets to dc2 and dc3")
+
+		retry.RunWith(&retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
+			queryResult, _, err := cl.PreparedQuery().Execute(def.ID, nil)
+			require.NoError(r, err)
+			// expected outcome should show 0 failover
+			require.Equal(r, 0, queryResult.Failovers, "expected 0 prepared query failover")
+			require.Equal(r, cluster.Name, queryResult.Nodes[0].Node.Datacenter, "pq results should come from the local cluster")
+		})
+	})
+}
+
+// assertServiceHealth checks that a service health status before running tests
+func assertServiceHealth(t *testing.T, cl *api.Client, serverSVC string, count int) {
+	t.Helper()
+	t.Log("validate service health in catalog")
+	retry.RunWith(&retry.Timer{Timeout: time.Second * 20, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
+		svcs, _, err := cl.Health().Service(
+			serverSVC,
+			"",
+			true,
+			nil,
+		)
+		require.NoError(r, err)
+		require.Equal(r, count, len(svcs))
+	})
+}
diff --git a/test-integ/peering_commontopo/ac6_failovers_test.go b/test-integ/peering_commontopo/ac6_failovers_test.go
new file mode 100644
index 000000000000..cdee093ec591
--- /dev/null
+++ b/test-integ/peering_commontopo/ac6_failovers_test.go
@@ -0,0 +1,429 @@
+package peering
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
+)
+
+// note: unlike other *Suite structs that are per-peering direction,
+// this one is special and does all directions itself, because the
+// setup is not exactly symmetrical
+type ac6FailoversSuite struct {
+	ac6 map[nodeKey]ac6FailoversContext
+}
+type ac6FailoversContext struct {
+	clientSID topology.ServiceID
+	serverSID topology.ServiceID
+
+	// used to remove the node and trigger failover
+	serverNode topology.NodeID
+}
+type nodeKey struct {
+	dc        string
+	partition string
+}
+
+// Note: this test cannot share topo
+func TestAC6Failovers(t *testing.T) {
+	ct := NewCommonTopo(t)
+	s := &ac6FailoversSuite{}
+	s.setup(t, ct)
+	ct.Launch(t)
+	s.test(t, ct)
+}
+
+func (s *ac6FailoversSuite) setup(t *testing.T, ct *commonTopo) {
+	// TODO: update setups to loop through a cluster's partitions+namespaces internally
+	s.setupAC6Failovers(ct, ct.DC1, ct.DC2)
+	s.setupAC6Failovers(ct, ct.DC2, ct.DC1)
+	s.setupAC6FailoversDC3(ct, ct.DC3, ct.DC1, ct.DC2)
+}
+
+// dc1 is peered with dc2 and dc3.
+// dc1 has an ac6-client in "default" and "part1" partitions (only default in OSS).
+// ac6-client has a single upstream ac6-failover-svc in its respective partition^.
+//
+// ac6-failover-svc has the following failovers:
+//   - peer-dc2-default
+//   - peer-dc2-part1 (not in OSS)
+//   - peer-dc3-default
+//
+// This setup is mirrored from dc2->dc1 as well
+// (both dcs have dc3 as the last failover target)
+//
+// ^NOTE: There are no cross-partition upstreams because MeshGatewayMode = local
+// and failover information gets stripped out by the mesh gateways so we
+// can't test failovers.
+func (s *ac6FailoversSuite) setupAC6Failovers(ct *commonTopo, clu, peerClu *topology.Cluster) {
+	for _, part := range clu.Partitions {
+		partition := part.Name
+
+		// There is a peering per partition in the peered cluster
+		var peers []string
+		for _, peerPart := range peerClu.Partitions {
+			peers = append(peers, LocalPeerName(peerClu, peerPart.Name))
+		}
+
+		// Make an HTTP server with various failover targets
+		serverSID := topology.ServiceID{
+			Name:      "ac6-failover-svc",
+			Partition: partition,
+		}
+		server := NewFortioServiceWithDefaults(
+			clu.Datacenter,
+			serverSID,
+			nil,
+		)
+		// Export to all known peers
+		ct.ExportService(clu, partition,
+			api.ExportedService{
+				Name: server.ID.Name,
+				Consumers: func() []api.ServiceConsumer {
+					var consumers []api.ServiceConsumer
+					for _, peer := range peers {
+						consumers = append(consumers, api.ServiceConsumer{
+							Peer: peer,
+						})
+					}
+					return consumers
+				}(),
+			},
+		)
+		serverNode := ct.AddServiceNode(clu, serviceExt{Service: server})
+
+		clu.InitialConfigEntries = append(clu.InitialConfigEntries,
+			&api.ServiceConfigEntry{
+				Kind:      api.ServiceDefaults,
+				Name:      server.ID.Name,
+				Partition: ConfigEntryPartition(partition),
+				Protocol:  "http",
+			},
+			&api.ServiceResolverConfigEntry{
+				Kind:      api.ServiceResolver,
+				Name:      server.ID.Name,
+				Partition: ConfigEntryPartition(partition),
+				Failover: map[string]api.ServiceResolverFailover{
+					"*": {
+						Targets: func() []api.ServiceResolverFailoverTarget {
+							// Make a failover target for every partition in the peer cluster
+							var targets []api.ServiceResolverFailoverTarget
+							for _, peer := range peers {
+								targets = append(targets, api.ServiceResolverFailoverTarget{
+									Peer: peer,
+								})
+							}
+							// Just hard code default partition for dc3, since the exhaustive
+							// testing will be done against dc2.
+							targets = append(targets, api.ServiceResolverFailoverTarget{
+								Peer: "peer-dc3-default",
+							})
+							return targets
+						}(),
+					},
+				},
+			},
+		)
+
+		// Make client which will dial server
+		clientSID := topology.ServiceID{
+			Name:      "ac6-client",
+			Partition: partition,
+		}
+		client := NewFortioServiceWithDefaults(
+			clu.Datacenter,
+			clientSID,
+			func(s *topology.Service) {
+				// Upstream per partition
+				s.Upstreams = []*topology.Upstream{
+					{
+						ID: topology.ServiceID{
+							Name:      server.ID.Name,
+							Partition: part.Name,
+						},
+						LocalPort: 5000,
+						// exposed so we can hit it directly
+						// TODO: we shouldn't do this; it's not realistic
+						LocalAddress: "0.0.0.0",
+					},
+				}
+			},
+		)
+		ct.ExportService(clu, partition,
+			api.ExportedService{
+				Name: client.ID.Name,
+				Consumers: func() []api.ServiceConsumer {
+					var consumers []api.ServiceConsumer
+					// Export to each peer
+					for _, peer := range peers {
+						consumers = append(consumers, api.ServiceConsumer{
+							Peer: peer,
+						})
+					}
+					return consumers
+				}(),
+			},
+		)
+		ct.AddServiceNode(clu, serviceExt{Service: client})
+
+		clu.InitialConfigEntries = append(clu.InitialConfigEntries,
+			&api.ServiceConfigEntry{
+				Kind:      api.ServiceDefaults,
+				Name:      client.ID.Name,
+				Partition: ConfigEntryPartition(partition),
+				Protocol:  "http",
+			},
+		)
+
+		// Add intention allowing local and peered clients to call server
+		clu.InitialConfigEntries = append(clu.InitialConfigEntries,
+			&api.ServiceIntentionsConfigEntry{
+				Kind:      api.ServiceIntentions,
+				Name:      server.ID.Name,
+				Partition: ConfigEntryPartition(partition),
+				// SourceIntention for local client and peered clients
+				Sources: func() []*api.SourceIntention {
+					ixns := []*api.SourceIntention{
+						{
+							Name:      client.ID.Name,
+							Partition: ConfigEntryPartition(part.Name),
+							Action:    api.IntentionActionAllow,
+						},
+					}
+					for _, peer := range peers {
+						ixns = append(ixns, &api.SourceIntention{
+							Name:   client.ID.Name,
+							Peer:   peer,
+							Action: api.IntentionActionAllow,
+						})
+					}
+					return ixns
+				}(),
+			},
+		)
+		if s.ac6 == nil {
+			s.ac6 = map[nodeKey]ac6FailoversContext{}
+		}
+		s.ac6[nodeKey{clu.Datacenter, partition}] = struct {
+			clientSID  topology.ServiceID
+			serverSID  topology.ServiceID
+			serverNode topology.NodeID
+		}{
+			clientSID:  clientSID,
+			serverSID:  serverSID,
+			serverNode: serverNode.ID(),
+		}
+	}
+}
+
+func (s *ac6FailoversSuite) setupAC6FailoversDC3(ct *commonTopo, clu, peer1, peer2 *topology.Cluster) {
+	var peers []string
+	for _, part := range peer1.Partitions {
+		peers = append(peers, LocalPeerName(peer1, part.Name))
+	}
+	for _, part := range peer2.Partitions {
+		peers = append(peers, LocalPeerName(peer2, part.Name))
+	}
+
+	partition := "default"
+
+	// Make an HTTP server
+	server := NewFortioServiceWithDefaults(
+		clu.Datacenter,
+		topology.ServiceID{
+			Name:      "ac6-failover-svc",
+			Partition: partition,
+		},
+		nil,
+	)
+
+	ct.AddServiceNode(clu, serviceExt{
+		Service: server,
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      server.ID.Name,
+			Partition: ConfigEntryPartition(partition),
+			Protocol:  "http",
+		},
+		Intentions: &api.ServiceIntentionsConfigEntry{
+			Kind:      api.ServiceIntentions,
+			Name:      server.ID.Name,
+			Partition: ConfigEntryPartition(partition),
+			Sources: func() []*api.SourceIntention {
+				var ixns []*api.SourceIntention
+				for _, peer := range peers {
+					ixns = append(ixns, &api.SourceIntention{
+						Name:   "ac6-client",
+						Peer:   peer,
+						Action: api.IntentionActionAllow,
+					})
+				}
+				return ixns
+			}(),
+		},
+		Exports: func() []api.ServiceConsumer {
+			var consumers []api.ServiceConsumer
+			for _, peer := range peers {
+				consumers = append(consumers, api.ServiceConsumer{
+					Peer: peer,
+				})
+			}
+			return consumers
+		}(),
+	})
+}
+
+func (s *ac6FailoversSuite) test(t *testing.T, ct *commonTopo) {
+	dc1 := ct.Sprawl.Topology().Clusters["dc1"]
+	dc2 := ct.Sprawl.Topology().Clusters["dc2"]
+
+	type testcase struct {
+		name      string
+		cluster   *topology.Cluster
+		peer      *topology.Cluster
+		partition string
+	}
+	tcs := []testcase{
+		{
+			name:      "dc1 default partition failovers",
+			cluster:   dc1,
+			peer:      dc2, // dc3 is hardcoded
+			partition: "default",
+		},
+		{
+			name:      "dc1 part1 partition failovers",
+			cluster:   dc1,
+			peer:      dc2, // dc3 is hardcoded
+			partition: "part1",
+		},
+		{
+			name:      "dc2 default partition failovers",
+			cluster:   dc2,
+			peer:      dc1, // dc3 is hardcoded
+			partition: "default",
+		},
+		{
+			name:      "dc2 part1 partition failovers",
+			cluster:   dc2,
+			peer:      dc1, // dc3 is hardcoded
+			partition: "part1",
+		},
+	}
+	for _, tc := range tcs {
+		t.Run(tc.name, func(t *testing.T) {
+			// NOTE: *not parallel* because we mutate resources that are shared
+			// between test cases (disable/enable nodes)
+			if !utils.IsEnterprise() && tc.partition != "default" {
+				t.Skip("skipping enterprise test")
+			}
+			partition := tc.partition
+			clu := tc.cluster
+			peerClu := tc.peer
+
+			svcs := clu.ServicesByID(s.ac6[nodeKey{clu.Datacenter, partition}].clientSID)
+			require.Len(t, svcs, 1, "expected exactly one client in datacenter")
+
+			serverSID := s.ac6[nodeKey{clu.Datacenter, partition}].serverSID
+			serverSID.Normalize()
+
+			client := svcs[0]
+			require.Len(t, client.Upstreams, 1, "expected one upstream for client")
+
+			u := client.Upstreams[0]
+			ct.Assert.CatalogServiceExists(t, clu.Name, u.ID.Name, utils.CompatQueryOpts(&api.QueryOptions{
+				Partition: u.ID.Partition,
+			}))
+
+			t.Cleanup(func() {
+				cfg := ct.Sprawl.Config()
+				for _, part := range clu.Partitions {
+					EnableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, part.Name}].serverNode)
+				}
+				for _, part := range peerClu.Partitions {
+					EnableNode(t, cfg, peerClu.Name, s.ac6[nodeKey{peerClu.Datacenter, part.Name}].serverNode)
+				}
+				require.NoError(t, ct.Sprawl.Relaunch(cfg))
+			})
+
+			fmt.Println("### preconditions")
+			// TODO: deduce this number, instead of hard-coding
+			nFailoverTargets := 4
+			// in OSS, we don't have failover targets for non-default partitions
+			if !utils.IsEnterprise() {
+				nFailoverTargets = 3
+			}
+			for i := 0; i < nFailoverTargets; i++ {
+				ct.Assert.UpstreamEndpointStatus(t, client, fmt.Sprintf("failover-target~%d~%s", i, clusterPrefix(u, clu.Datacenter)), "HEALTHY", 1)
+			}
+
+			ct.Assert.FortioFetch2FortioName(t, client, u, clu.Name, serverSID)
+
+			if t.Failed() {
+				t.Fatalf("failed preconditions")
+			}
+
+			fmt.Println("### Failover to peer target")
+			cfg := ct.Sprawl.Config()
+			DisableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, partition}].serverNode)
+			require.NoError(t, ct.Sprawl.Relaunch(cfg))
+			// Clusters for imported services rely on outlier detection for
+			// failovers, NOT eds_health_status. This means that killing the
+			// node above does not actually make the envoy cluster UNHEALTHY
+			// so we do not assert for it.
+			expectUID := topology.ServiceID{
+				Name:      u.ID.Name,
+				Partition: "default",
+			}
+			expectUID.Normalize()
+			ct.Assert.FortioFetch2FortioName(t, client, u, peerClu.Name, expectUID)
+
+			if utils.IsEnterprise() {
+				fmt.Println("### Failover to peer target in non-default partition")
+				cfg = ct.Sprawl.Config()
+				DisableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, partition}].serverNode)
+				DisableNode(t, cfg, peerClu.Name, s.ac6[nodeKey{peerClu.Datacenter, "default"}].serverNode)
+				require.NoError(t, ct.Sprawl.Relaunch(cfg))
+				// Retry until outlier_detection deems the cluster
+				// unhealthy and fails over to peer part1.
+				expectUID = topology.ServiceID{
+					Name:      u.ID.Name,
+					Partition: "part1",
+				}
+				expectUID.Normalize()
+				ct.Assert.FortioFetch2FortioName(t, client, u, peerClu.Name, expectUID)
+			}
+
+			fmt.Println("### Failover to dc3 peer target")
+			cfg = ct.Sprawl.Config()
+			DisableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, partition}].serverNode)
+			// Disable all partitions for peer
+			for _, part := range peerClu.Partitions {
+				DisableNode(t, cfg, peerClu.Name, s.ac6[nodeKey{peerClu.Datacenter, part.Name}].serverNode)
+			}
+			require.NoError(t, ct.Sprawl.Relaunch(cfg))
+			// This will retry until outlier_detection deems the cluster
+			// unhealthy and fails over to dc3.
+			expectUID = topology.ServiceID{
+				Name:      u.ID.Name,
+				Partition: "default",
+			}
+			expectUID.Normalize()
+			ct.Assert.FortioFetch2FortioName(t, client, u, "dc3", expectUID)
+		})
+	}
+}
+
+func clusterPrefix(u *topology.Upstream, dc string) string {
+	u.ID.Normalize()
+	switch u.ID.Partition {
+	case "default":
+		return fmt.Sprintf("%s.%s.%s.internal", u.ID.Name, u.ID.Namespace, dc)
+	default:
+		return fmt.Sprintf("%s.%s.%s.%s.internal-v1", u.ID.Name, u.ID.Namespace, u.ID.Partition, dc)
+	}
+}
diff --git a/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go b/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go
new file mode 100644
index 000000000000..275310968776
--- /dev/null
+++ b/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go
@@ -0,0 +1,188 @@
+package peering
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/api"
+)
+
+// TestRotateGW ensures that peered services continue to be able to talk to their
+// upstreams during a mesh gateway rotation
+// NOTE: because suiteRotateGW needs to mutate the topo, we actually *DO NOT* share a topo
+
+type suiteRotateGW struct {
+	DC   string
+	Peer string
+
+	sidServer  topology.ServiceID
+	nodeServer topology.NodeID
+
+	sidClient  topology.ServiceID
+	nodeClient topology.NodeID
+
+	upstream *topology.Upstream
+
+	newMGWNodeName string
+}
+
+func TestRotateGW(t *testing.T) {
+	suites := []*suiteRotateGW{
+		{DC: "dc1", Peer: "dc2"},
+		{DC: "dc2", Peer: "dc1"},
+	}
+	ct := NewCommonTopo(t)
+	for _, s := range suites {
+		s.setup(t, ct)
+	}
+	ct.Launch(t)
+	for _, s := range suites {
+		s := s
+		t.Run(fmt.Sprintf("%s->%s", s.DC, s.Peer), func(t *testing.T) {
+			// no t.Parallel() due to Relaunch
+			s.test(t, ct)
+		})
+	}
+}
+
+func (s *suiteRotateGW) setup(t *testing.T, ct *commonTopo) {
+	const prefix = "ac7-1-"
+
+	clu := ct.ClusterByDatacenter(t, s.DC)
+	peerClu := ct.ClusterByDatacenter(t, s.Peer)
+	partition := "default"
+	peer := LocalPeerName(peerClu, "default")
+	cluPeerName := LocalPeerName(clu, "default")
+
+	server := NewFortioServiceWithDefaults(
+		peerClu.Datacenter,
+		topology.ServiceID{
+			Name:      prefix + "server-http",
+			Partition: partition,
+		},
+		nil,
+	)
+
+	// Make clients which have server upstreams
+	upstream := &topology.Upstream{
+		ID: topology.ServiceID{
+			Name:      server.ID.Name,
+			Partition: partition,
+		},
+		// TODO: we shouldn't need this, need to investigate
+		LocalAddress: "0.0.0.0",
+		LocalPort:    5001,
+		Peer:         peer,
+	}
+	// create client in us
+	client := NewFortioServiceWithDefaults(
+		clu.Datacenter,
+		topology.ServiceID{
+			Name:      prefix + "client",
+			Partition: partition,
+		},
+		func(s *topology.Service) {
+			s.Upstreams = []*topology.Upstream{
+				upstream,
+			}
+		},
+	)
+	clientNode := ct.AddServiceNode(clu, serviceExt{Service: client,
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      client.ID.Name,
+			Partition: ConfigEntryPartition(client.ID.Partition),
+			Protocol:  "http",
+			UpstreamConfig: &api.UpstreamConfiguration{
+				Defaults: &api.UpstreamConfig{
+					MeshGateway: api.MeshGatewayConfig{
+						Mode: api.MeshGatewayModeLocal,
+					},
+				},
+			},
+		},
+	})
+	// actually to be used by the other pairing
+	serverNode := ct.AddServiceNode(peerClu, serviceExt{
+		Service: server,
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      server.ID.Name,
+			Partition: ConfigEntryPartition(partition),
+			Protocol:  "http",
+		},
+		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
+		Intentions: &api.ServiceIntentionsConfigEntry{
+			Kind:      api.ServiceIntentions,
+			Name:      server.ID.Name,
+			Partition: ConfigEntryPartition(partition),
+			Sources: []*api.SourceIntention{
+				{
+					Name:   client.ID.Name,
+					Peer:   cluPeerName,
+					Action: api.IntentionActionAllow,
+				},
+			},
+		},
+	})
+
+	s.sidClient = client.ID
+	s.nodeClient = clientNode.ID()
+	s.upstream = upstream
+	s.sidServer = server.ID
+	s.nodeServer = serverNode.ID()
+
+	// add a second mesh gateway "new"
+	s.newMGWNodeName = fmt.Sprintf("new-%s-default-mgw", clu.Name)
+	clu.Nodes = append(clu.Nodes, newTopologyMeshGatewaySet(
+		topology.NodeKindClient,
+		"default",
+		s.newMGWNodeName,
+		1,
+		[]string{clu.Datacenter, "wan"},
+		func(i int, node *topology.Node) {
+			node.Disabled = true
+		},
+	)...)
+}
+
+func (s *suiteRotateGW) test(t *testing.T, ct *commonTopo) {
+	dc := ct.Sprawl.Topology().Clusters[s.DC]
+	peer := ct.Sprawl.Topology().Clusters[s.Peer]
+
+	svcHTTPServer := peer.ServiceByID(
+		s.nodeServer,
+		s.sidServer,
+	)
+	svcHTTPClient := dc.ServiceByID(
+		s.nodeClient,
+		s.sidClient,
+	)
+	ct.Assert.HealthyWithPeer(t, dc.Name, svcHTTPServer.ID, LocalPeerName(peer, "default"))
+
+	ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)
+
+	t.Log("relaunching with new gateways")
+	cfg := ct.Sprawl.Config()
+	for _, n := range dc.Nodes {
+		if strings.HasPrefix(n.Name, s.newMGWNodeName) {
+			n.Disabled = false
+		}
+	}
+	require.NoError(t, ct.Sprawl.Relaunch(cfg))
+	ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)
+
+	t.Log("relaunching without old gateways")
+	cfg = ct.Sprawl.Config()
+	for _, n := range dc.Nodes {
+		if strings.HasPrefix(n.Name, fmt.Sprintf("%s-default-mgw", dc.Name)) {
+			n.Disabled = true
+		}
+	}
+	require.NoError(t, ct.Sprawl.Relaunch(cfg))
+	ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)
+}
diff --git a/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go b/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go
new file mode 100644
index 000000000000..dd0bf04c2f5f
--- /dev/null
+++ b/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go
@@ -0,0 +1,214 @@
+package peering
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/mitchellh/copystructure"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+)
+
+// TestAC7_2RotateLeader ensures that after a leader rotation, information continues to replicate to peers
+// NOTE: because suiteRotateLeader needs to mutate the topo, we actually *DO NOT* share a topo
+type ac7_2RotateLeaderSuite struct {
+	DC   string
+	Peer string
+
+	sidServer  topology.ServiceID
+	nodeServer topology.NodeID
+
+	sidClient  topology.ServiceID
+	nodeClient topology.NodeID
+
+	upstream *topology.Upstream
+}
+
+func TestAC7_2RotateLeader(t *testing.T) {
+	suites := []*ac7_2RotateLeaderSuite{
+		{DC: "dc1", Peer: "dc2"},
+		{DC: "dc2", Peer: "dc1"},
+	}
+	ct := NewCommonTopo(t)
+	for _, s := range suites {
+		s.setup(t, ct)
+	}
+	ct.Launch(t)
+	for _, s := range suites {
+		s := s
+		t.Run(fmt.Sprintf("%s->%s", s.DC, s.Peer), func(t *testing.T) {
+			// no t.Parallel() due to Relaunch
+			s.test(t, ct)
+		})
+	}
+}
+
+// makes client in clu, server in peerClu
+func (s *ac7_2RotateLeaderSuite) setup(t *testing.T, ct *commonTopo) {
+	const prefix = "ac7-2-"
+
+	clu := ct.ClusterByDatacenter(t, s.DC)
+	peerClu := ct.ClusterByDatacenter(t, s.Peer)
+	partition := "default"
+	peer := LocalPeerName(peerClu, "default")
+	cluPeerName := LocalPeerName(clu, "default")
+
+	server := NewFortioServiceWithDefaults(
+		peerClu.Datacenter,
+		topology.ServiceID{
+			Name:      prefix + "server-http",
+			Partition: partition,
+		},
+		nil,
+	)
+
+	// Make clients which have server upstreams
+	upstream := &topology.Upstream{
+		ID: topology.ServiceID{
+			Name:      server.ID.Name,
+			Partition: partition,
+		},
+		LocalPort: 5001,
+		Peer:      peer,
+	}
+	// create client in us
+	client := NewFortioServiceWithDefaults(
+		clu.Datacenter,
+		topology.ServiceID{
+			Name:      prefix + "client",
+			Partition: partition,
+		},
+		func(s *topology.Service) {
+			s.Upstreams = []*topology.Upstream{
+				upstream,
+			}
+		},
+	)
+	clientNode := ct.AddServiceNode(clu, serviceExt{Service: client,
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      client.ID.Name,
+			Partition: ConfigEntryPartition(client.ID.Partition),
+			Protocol:  "http",
+			UpstreamConfig: &api.UpstreamConfiguration{
+				Defaults: &api.UpstreamConfig{
+					MeshGateway: api.MeshGatewayConfig{
+						Mode: api.MeshGatewayModeLocal,
+					},
+				},
+			},
+		},
+	})
+	// actually to be used by the other pairing
+	serverNode := ct.AddServiceNode(peerClu, serviceExt{
+		Service: server,
+		Config: &api.ServiceConfigEntry{
+			Kind:      api.ServiceDefaults,
+			Name:      server.ID.Name,
+			Partition: ConfigEntryPartition(partition),
+			Protocol:  "http",
+		},
+		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
+		Intentions: &api.ServiceIntentionsConfigEntry{
+			Kind:      api.ServiceIntentions,
+			Name:      server.ID.Name,
+			Partition: ConfigEntryPartition(partition),
+			Sources: []*api.SourceIntention{
+				{
+					Name:   client.ID.Name,
+					Peer:   cluPeerName,
+					Action: api.IntentionActionAllow,
+				},
+			},
+		},
+	})
+
+	s.sidClient = client.ID
+	s.nodeClient = clientNode.ID()
+	s.upstream = upstream
+	s.sidServer = server.ID
+	s.nodeServer = serverNode.ID()
+}
+
+func (s *ac7_2RotateLeaderSuite) test(t *testing.T, ct *commonTopo) {
+	dc := ct.Sprawl.Topology().Clusters[s.DC]
+	peer := ct.Sprawl.Topology().Clusters[s.Peer]
+	clDC := ct.APIClientForCluster(t, dc)
+	clPeer := ct.APIClientForCluster(t, peer)
+
+	svcServer := peer.ServiceByID(s.nodeServer, s.sidServer)
+	svcClient := dc.ServiceByID(s.nodeClient, s.sidClient)
+	ct.Assert.HealthyWithPeer(t, dc.Name, svcServer.ID, LocalPeerName(peer, "default"))
+
+	ct.Assert.FortioFetch2HeaderEcho(t, svcClient, s.upstream)
+
+	// force leader election
+	rotateLeader(t, clDC)
+	rotateLeader(t, clPeer)
+
+	// unexport httpServer
+	ce, _, err := clPeer.ConfigEntries().Get(api.ExportedServices, s.sidServer.Partition, nil)
+	require.NoError(t, err)
+	// ceAsES = config entry as ExportedServicesConfigEntry
+	ceAsES := ce.(*api.ExportedServicesConfigEntry)
+	origCE, err := copystructure.Copy(ceAsES)
+	require.NoError(t, err)
+	found := 0
+	foundI := 0
+	for i, svc := range ceAsES.Services {
+		if svc.Name == s.sidServer.Name && svc.Namespace == utils.DefaultToEmpty(s.sidServer.Namespace) {
+			found += 1
+			foundI = i
+		}
+	}
+	require.Equal(t, found, 1)
+	// remove found entry
+	ceAsES.Services = append(ceAsES.Services[:foundI], ceAsES.Services[foundI+1:]...)
+	_, _, err = clPeer.ConfigEntries().Set(ceAsES, nil)
+	require.NoError(t, err)
+	t.Cleanup(func() {
+		//restore for next pairing
+		_, _, err = clPeer.ConfigEntries().Set(origCE.(*api.ExportedServicesConfigEntry), nil)
+		require.NoError(t, err)
+	})
+
+	// expect health entry in for peer to disappear
+	retry.RunWith(&retry.Timer{Timeout: time.Minute, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
+		svcs, _, err := clDC.Health().Service(s.sidServer.Name, "", true, utils.CompatQueryOpts(&api.QueryOptions{
+			Partition: s.sidServer.Partition,
+			Namespace: s.sidServer.Namespace,
+			Peer:      LocalPeerName(peer, "default"),
+		}))
+		require.NoError(r, err)
+		assert.Equal(r, len(svcs), 0, "health entry for imported service gone")
+	})
+}
+
+func rotateLeader(t *testing.T, cl *api.Client) {
+	t.Helper()
+	oldLeader := findLeader(t, cl)
+	cl.Operator().RaftLeaderTransfer(nil)
+	retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: time.Second}, t, func(r *retry.R) {
+		newLeader := findLeader(r, cl)
+		require.NotEqual(r, oldLeader.ID, newLeader.ID)
+	})
+}
+
+func findLeader(t require.TestingT, cl *api.Client) *api.RaftServer {
+	raftConfig, err := cl.Operator().RaftGetConfiguration(nil)
+	require.NoError(t, err)
+	var leader *api.RaftServer
+	for _, svr := range raftConfig.Servers {
+		if svr.Leader {
+			leader = svr
+		}
+	}
+	require.NotNil(t, leader)
+	return leader
+}
diff --git a/test-integ/peering_commontopo/asserter.go b/test-integ/peering_commontopo/asserter.go
new file mode 100644
index 000000000000..77404a222a37
--- /dev/null
+++ b/test-integ/peering_commontopo/asserter.go
@@ -0,0 +1,298 @@
+package peering
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"regexp"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/testing/deployer/topology"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
+	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
+)
+
+// asserter is a utility to help in reducing boilerplate in invoking test
+// assertions against consul-topology Sprawl components.
+//
+// The methods should largely take in *topology.Service instances in lieu of
+// ip/ports if there is only one port that makes sense for the assertion (such
+// as use of the envoy admin port 19000).
+//
+// If it's up to the test (like picking an upstream) leave port as an argument
+// but still take the service and use that to grab the local ip from the
+// topology.Node.
+type asserter struct {
+	sp sprawlLite
+}
+
+// *sprawl.Sprawl satisfies this. We don't need anything else.
+type sprawlLite interface {
+	HTTPClientForCluster(clusterName string) (*http.Client, error)
+	APIClientForNode(clusterName string, nid topology.NodeID, token string) (*api.Client, error)
+	Topology() *topology.Topology
+}
+
+// newAsserter creates a new assertion helper for the provided sprawl.
+func newAsserter(sp sprawlLite) *asserter {
+	return &asserter{
+		sp: sp,
+	}
+}
+
+func (a *asserter) mustGetHTTPClient(t *testing.T, cluster string) *http.Client {
+	client, err := a.httpClientFor(cluster)
+	require.NoError(t, err)
+	return client
+}
+
+func (a *asserter) mustGetAPIClient(t *testing.T, cluster string) *api.Client {
+	cl, err := a.apiClientFor(cluster)
+	require.NoError(t, err)
+	return cl
+}
+
+func (a *asserter) apiClientFor(cluster string) (*api.Client, error) {
+	clu := a.sp.Topology().Clusters[cluster]
+	// TODO: this always goes to the first client, but we might want to balance this
+	cl, err := a.sp.APIClientForNode(cluster, clu.FirstClient().ID(), "")
+	return cl, err
+}
+
+// httpClientFor returns a pre-configured http.Client that proxies requests
+// through the embedded squid instance in each LAN.
+//
+// Use this in methods below to magically pick the right proxied http client
+// given the home of each node being checked.
+func (a *asserter) httpClientFor(cluster string) (*http.Client, error) {
+	client, err := a.sp.HTTPClientForCluster(cluster)
+	if err != nil {
+		return nil, err
+	}
+	return client, nil
+}
+
+// UpstreamEndpointStatus validates that proxy was configured with provided clusterName in the healthStatus
+//
+// Exposes libassert.UpstreamEndpointStatus for use against a Sprawl.
+//
+// NOTE: this doesn't take a port b/c you always want to use the envoy admin port.
+func (a *asserter) UpstreamEndpointStatus(
+	t *testing.T,
+	service *topology.Service,
+	clusterName string,
+	healthStatus string,
+	count int,
+) {
+	t.Helper()
+	node := service.Node
+	ip := node.LocalAddress()
+	port := service.EnvoyAdminPort
+	addr := fmt.Sprintf("%s:%d", ip, port)
+
+	client := a.mustGetHTTPClient(t, node.Cluster)
+	libassert.AssertUpstreamEndpointStatusWithClient(t, client, addr, clusterName, healthStatus, count)
+}
+
+// HTTPServiceEchoes verifies that a post to the given ip/port combination
+// returns the data in the response body. Optional path can be provided to
+// differentiate requests.
+//
+// Exposes libassert.HTTPServiceEchoes for use against a Sprawl.
+//
+// NOTE: this takes a port b/c you may want to reach this via your choice of upstream.
+func (a *asserter) HTTPServiceEchoes(
+	t *testing.T,
+	service *topology.Service,
+	port int,
+	path string,
+) {
+	t.Helper()
+	require.True(t, port > 0)
+
+	node := service.Node
+	ip := node.LocalAddress()
+	addr := fmt.Sprintf("%s:%d", ip, port)
+
+	client := a.mustGetHTTPClient(t, node.Cluster)
+	libassert.HTTPServiceEchoesWithClient(t, client, addr, path)
+}
+
+// HTTPServiceEchoesResHeader verifies that a post to the given ip/port combination
+// returns the data in the response body with expected response headers.
+// Optional path can be provided to differentiate requests.
+//
+// Exposes libassert.HTTPServiceEchoes for use against a Sprawl.
+//
+// NOTE: this takes a port b/c you may want to reach this via your choice of upstream.
+func (a *asserter) HTTPServiceEchoesResHeader(
+	t *testing.T,
+	service *topology.Service,
+	port int,
+	path string,
+	expectedResHeader map[string]string,
+) {
+	t.Helper()
+	require.True(t, port > 0)
+
+	node := service.Node
+	ip := node.LocalAddress()
+	addr := fmt.Sprintf("%s:%d", ip, port)
+
+	client := a.mustGetHTTPClient(t, node.Cluster)
+	libassert.HTTPServiceEchoesResHeaderWithClient(t, client, addr, path, expectedResHeader)
+}
+
+func (a *asserter) HTTPStatus(
+	t *testing.T,
+	service *topology.Service,
+	port int,
+	status int,
+) {
+	t.Helper()
+	require.True(t, port > 0)
+
+	node := service.Node
+	ip := node.LocalAddress()
+	addr := fmt.Sprintf("%s:%d", ip, port)
+
+	client := a.mustGetHTTPClient(t, node.Cluster)
+
+	url := "http://" + addr
+
+	retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
+		resp, err := client.Get(url)
+		if err != nil {
+			r.Fatalf("could not make request to %q: %v", url, err)
+		}
+		defer resp.Body.Close()
+		if resp.StatusCode != status {
+			r.Fatalf("expected status %d, got %d", status, resp.StatusCode)
+		}
+	})
+}
+
+// asserts that the service sid in cluster and exported by peer localPeerName is passing health checks,
+func (a *asserter) HealthyWithPeer(t *testing.T, cluster string, sid topology.ServiceID, peerName string) {
+	t.Helper()
+	cl := a.mustGetAPIClient(t, cluster)
+	retry.RunWith(&retry.Timer{Timeout: time.Minute * 1, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
+		svcs, _, err := cl.Health().Service(
+			sid.Name,
+			"",
+			true,
+			utils.CompatQueryOpts(&api.QueryOptions{
+				Partition: sid.Partition,
+				Namespace: sid.Namespace,
+				Peer:      peerName,
+			}),
+		)
+		require.NoError(r, err)
+		assert.GreaterOrEqual(r, len(svcs), 1)
+	})
+}
+
+func (a *asserter) UpstreamEndpointHealthy(t *testing.T, svc *topology.Service, upstream *topology.Upstream) {
+	t.Helper()
+	node := svc.Node
+	ip := node.LocalAddress()
+	port := svc.EnvoyAdminPort
+	addr := fmt.Sprintf("%s:%d", ip, port)
+
+	client := a.mustGetHTTPClient(t, node.Cluster)
+	libassert.AssertUpstreamEndpointStatusWithClient(t,
+		client,
+		addr,
+		// TODO: what is default? namespace? partition?
+		fmt.Sprintf("%s.default.%s.external", upstream.ID.Name, upstream.Peer),
+		"HEALTHY",
+		1,
+	)
+}
+
+// does a fortio /fetch2 to the given fortio service, targetting the given upstream. Returns
+// the body, and response with response.Body already Closed.
+//
+// We treat 400, 503, and 504s as retryable errors
+func (a *asserter) fortioFetch2Upstream(t *testing.T, fortioSvc *topology.Service, upstream *topology.Upstream, path string) (body []byte, res *http.Response) {
+	t.Helper()
+
+	// TODO: fortioSvc.ID.Normalize()? or should that be up to the caller?
+
+	node := fortioSvc.Node
+	client := a.mustGetHTTPClient(t, node.Cluster)
+	urlbase := fmt.Sprintf("%s:%d", node.LocalAddress(), fortioSvc.Port)
+
+	url := fmt.Sprintf("http://%s/fortio/fetch2?url=%s", urlbase,
+		url.QueryEscape(fmt.Sprintf("http://localhost:%d/%s", upstream.LocalPort, path)),
+	)
+
+	req, err := http.NewRequest(http.MethodPost, url, nil)
+	require.NoError(t, err)
+	retry.RunWith(&retry.Timer{Timeout: 60 * time.Second, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
+		res, err = client.Do(req)
+		require.NoError(r, err)
+		defer res.Body.Close()
+		// not sure when these happen, suspect it's when the mesh gateway in the peer is not yet ready
+		require.NotEqual(r, http.StatusServiceUnavailable, res.StatusCode)
+		require.NotEqual(r, http.StatusGatewayTimeout, res.StatusCode)
+		// not sure when this happens, suspect it's when envoy hasn't configured the local upstream yet
+		require.NotEqual(r, http.StatusBadRequest, res.StatusCode)
+		body, err = io.ReadAll(res.Body)
+		require.NoError(r, err)
+	})
+
+	return body, res
+}
+
+// uses the /fortio/fetch2 endpoint to do a header echo check against an
+// upstream fortio
+func (a *asserter) FortioFetch2HeaderEcho(t *testing.T, fortioSvc *topology.Service, upstream *topology.Upstream) {
+	const kPassphrase = "x-passphrase"
+	const passphrase = "hello"
+	path := (fmt.Sprintf("/?header=%s:%s", kPassphrase, passphrase))
+
+	retry.RunWith(&retry.Timer{Timeout: 60 * time.Second, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
+		_, res := a.fortioFetch2Upstream(t, fortioSvc, upstream, path)
+		require.Equal(t, http.StatusOK, res.StatusCode)
+		v := res.Header.Get(kPassphrase)
+		require.Equal(t, passphrase, v)
+	})
+}
+
+// similar to libassert.AssertFortioName,
+// uses the /fortio/fetch2 endpoint to hit the debug endpoint on the upstream,
+// and assert that the FORTIO_NAME == name
+func (a *asserter) FortioFetch2FortioName(t *testing.T, fortioSvc *topology.Service, upstream *topology.Upstream, clusterName string, sid topology.ServiceID) {
+	t.Helper()
+
+	var fortioNameRE = regexp.MustCompile(("\nFORTIO_NAME=(.+)\n"))
+	path := "/debug?env=dump"
+
+	retry.RunWith(&retry.Timer{Timeout: 60 * time.Second, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
+		body, res := a.fortioFetch2Upstream(t, fortioSvc, upstream, path)
+		require.Equal(t, http.StatusOK, res.StatusCode)
+
+		// TODO: not sure we should retry these?
+		m := fortioNameRE.FindStringSubmatch(string(body))
+		require.GreaterOrEqual(r, len(m), 2)
+		// TODO: dedupe from NewFortioService
+		require.Equal(r, fmt.Sprintf("%s::%s", clusterName, sid.String()), m[1])
+	})
+}
+
+// CatalogServiceExists is the same as libassert.CatalogServiceExists, except that it uses
+// a proxied API client
+func (a *asserter) CatalogServiceExists(t *testing.T, cluster string, svc string, opts *api.QueryOptions) {
+	t.Helper()
+	cl := a.mustGetAPIClient(t, cluster)
+	libassert.CatalogServiceExists(t, cl, svc, opts)
+}
diff --git a/test-integ/peering_commontopo/commontopo.go b/test-integ/peering_commontopo/commontopo.go
new file mode 100644
index 000000000000..09eebafffb85
--- /dev/null
+++ b/test-integ/peering_commontopo/commontopo.go
@@ -0,0 +1,610 @@
+package peering
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"strconv"
+	"testing"
+	"text/tabwriter"
+	"time"
+
+	"github.com/hashicorp/consul/testing/deployer/sprawl"
+	"github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest"
+	"github.com/hashicorp/consul/testing/deployer/topology"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
+)
+
+// commonTopo helps create a shareable topology configured to represent
+// the common denominator between tests.
+//
+// Use NewCommonTopo to create.
+//
+// Compatible suites should implement sharedTopoSuite.
+//
+// Style:
+//   - avoid referencing components using strings, prefer IDs like Service ID, etc.
+//   - avoid passing addresses and ports, etc. Instead, look up components in sprawl.Topology
+//     by ID to find a concrete type, then pass that to helper functions that know which port to use
+//   - minimize the surface area of information passed between setup and test code (via members)
+//     to those that are strictly necessary
+type commonTopo struct {
+	//
+	Cfg *topology.Config
+	// shortcuts to corresponding entry in Cfg
+	DC1 *topology.Cluster
+	DC2 *topology.Cluster
+	DC3 *topology.Cluster
+
+	// set after Launch. Should be considered read-only
+	Sprawl *sprawl.Sprawl
+	Assert *asserter
+
+	// track per-DC services to prevent duplicates
+	services map[string]map[topology.ServiceID]struct{}
+}
+
+func NewCommonTopo(t *testing.T) *commonTopo {
+	t.Helper()
+
+	ct := commonTopo{}
+
+	// Make 3-server clusters in dc1 and dc2
+	// For simplicity, the Name and Datacenter of the clusters are the same.
+	// dc1 and dc2 should be symmetric.
+	dc1 := clusterWithJustServers("dc1", 3)
+	ct.DC1 = dc1
+	dc2 := clusterWithJustServers("dc2", 3)
+	ct.DC2 = dc2
+	// dc3 is a failover cluster for both dc1 and dc2
+	dc3 := clusterWithJustServers("dc3", 1)
+	// dc3 is only used for certain failover scenarios and does not need tenancies
+	dc3.Partitions = []*topology.Partition{{Name: "default"}}
+	ct.DC3 = dc3
+
+	injectTenancies(dc1)
+	injectTenancies(dc2)
+	// dc3 is only used for certain failover scenarios and does not need tenancies
+	dc3.Partitions = []*topology.Partition{{Name: "default"}}
+
+	ct.services = map[string]map[topology.ServiceID]struct{}{}
+	for _, dc := range []*topology.Cluster{dc1, dc2, dc3} {
+		ct.services[dc.Datacenter] = map[topology.ServiceID]struct{}{}
+	}
+
+	peerings := addPeerings(dc1, dc2)
+	peerings = append(peerings, addPeerings(dc1, dc3)...)
+	peerings = append(peerings, addPeerings(dc2, dc3)...)
+
+	addMeshGateways(dc1, topology.NodeKindClient)
+	addMeshGateways(dc2, topology.NodeKindClient)
+	addMeshGateways(dc3, topology.NodeKindClient)
+	// TODO: consul-topology doesn't support this yet
+	// addMeshGateways(dc2, topology.NodeKindDataplane)
+
+	setupGlobals(dc1)
+	setupGlobals(dc2)
+	setupGlobals(dc3)
+
+	// Build final configuration
+	ct.Cfg = &topology.Config{
+		Images: utils.TargetImages(),
+		Networks: []*topology.Network{
+			{Name: dc1.Datacenter}, // "dc1" LAN
+			{Name: dc2.Datacenter}, // "dc2" LAN
+			{Name: dc3.Datacenter}, // "dc3" LAN
+			{Name: "wan", Type: "wan"},
+		},
+		Clusters: []*topology.Cluster{
+			dc1,
+			dc2,
+			dc3,
+		},
+		Peerings: peerings,
+	}
+	return &ct
+}
+
+// calls sprawltest.Launch followed by s.postLaunchChecks
+func (ct *commonTopo) Launch(t *testing.T) {
+	if ct.Sprawl != nil {
+		t.Fatalf("Launch must only be called once")
+	}
+	ct.Sprawl = sprawltest.Launch(t, ct.Cfg)
+
+	ct.Assert = newAsserter(ct.Sprawl)
+	ct.postLaunchChecks(t)
+}
+
+// tests that use Relaunch might want to call this again afterwards
+func (ct *commonTopo) postLaunchChecks(t *testing.T) {
+	t.Logf("TESTING RELATIONSHIPS: \n%s",
+		renderRelationships(computeRelationships(ct.Sprawl.Topology())),
+	)
+
+	// check that exports line up as expected
+	for _, clu := range ct.Sprawl.Config().Clusters {
+		// expected exports per peer
+		type key struct {
+			peer      string
+			partition string
+			namespace string
+		}
+		eepp := map[key]int{}
+		for _, e := range clu.InitialConfigEntries {
+			if e.GetKind() == api.ExportedServices {
+				asExport := e.(*api.ExportedServicesConfigEntry)
+				// do we care about the partition?
+				for _, svc := range asExport.Services {
+					for _, con := range svc.Consumers {
+						// do we care about con.Partition?
+						// TODO: surely there is code to normalize this
+						partition := asExport.Partition
+						if partition == "" {
+							partition = "default"
+						}
+						namespace := svc.Namespace
+						if namespace == "" {
+							namespace = "default"
+						}
+						eepp[key{peer: con.Peer, partition: partition, namespace: namespace}] += 1
+					}
+				}
+			}
+		}
+		cl := ct.APIClientForCluster(t, clu)
+		// TODO: these could probably be done in parallel
+		for k, v := range eepp {
+			retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
+				peering, _, err := cl.Peerings().Read(context.Background(), k.peer, utils.CompatQueryOpts(&api.QueryOptions{
+					Partition: k.partition,
+					Namespace: k.namespace,
+				}))
+				require.Nil(r, err, "reading peering data")
+				require.NotNilf(r, peering, "peering not found %q", k.peer)
+				assert.Len(r, peering.StreamStatus.ExportedServices, v, "peering exported services")
+			})
+		}
+	}
+
+	if t.Failed() {
+		t.Fatal("failing fast: post-Launch assertions failed")
+	}
+}
+
+// PeerName is how you'd address a remote dc+partition locally
+// as your peer name.
+func LocalPeerName(clu *topology.Cluster, partition string) string {
+	return fmt.Sprintf("peer-%s-%s", clu.Datacenter, partition)
+}
+
+// TODO: move these to topology
+// TODO: alternatively, delete it: we only use it in one place, to bundle up args
+type serviceExt struct {
+	*topology.Service
+
+	// default NodeKindClient
+	NodeKind topology.NodeKind
+
+	Exports    []api.ServiceConsumer
+	Config     *api.ServiceConfigEntry
+	Intentions *api.ServiceIntentionsConfigEntry
+}
+
+func (ct *commonTopo) AddServiceNode(clu *topology.Cluster, svc serviceExt) *topology.Node {
+	clusterName := clu.Name
+	if _, ok := ct.services[clusterName][svc.ID]; ok {
+		panic(fmt.Sprintf("duplicate service %q in cluster %q", svc.ID, clusterName))
+	}
+	ct.services[clusterName][svc.ID] = struct{}{}
+
+	// TODO: inline
+	serviceHostnameString := func(dc string, id topology.ServiceID) string {
+		n := id.Name
+		// prepend <namespace>- and <partition>- if they are not default/empty
+		// avoids hostname limit of 63 chars in most cases
+		// TODO: this obviously isn't scalable
+		if id.Namespace != "default" && id.Namespace != "" {
+			n = id.Namespace + "-" + n
+		}
+		if id.Partition != "default" && id.Partition != "" {
+			n = id.Partition + "-" + n
+		}
+		n = dc + "-" + n
+		// TODO: experimentally, when this is larger than 63, docker can't start
+		// the host. confirmed by internet rumor https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27763
+		if len(n) > 63 {
+			panic(fmt.Sprintf("docker hostname must not be longer than 63 chars: %q", n))
+		}
+		return n
+	}
+
+	node := &topology.Node{
+		Kind:      topology.NodeKindClient,
+		Name:      serviceHostnameString(clu.Datacenter, svc.ID),
+		Partition: svc.ID.Partition,
+		Addresses: []*topology.Address{
+			{Network: clu.Datacenter},
+		},
+		Services: []*topology.Service{
+			svc.Service,
+		},
+		Cluster: clusterName,
+	}
+	if svc.NodeKind != "" {
+		node.Kind = svc.NodeKind
+	}
+	clu.Nodes = append(clu.Nodes, node)
+
+	// Export if necessary
+	if len(svc.Exports) > 0 {
+		ct.ExportService(clu, svc.ID.Partition, api.ExportedService{
+			Name:      svc.ID.Name,
+			Namespace: svc.ID.Namespace,
+			Consumers: svc.Exports,
+		})
+	}
+
+	// Add any config entries
+	if svc.Config != nil {
+		clu.InitialConfigEntries = append(clu.InitialConfigEntries, svc.Config)
+	}
+	if svc.Intentions != nil {
+		clu.InitialConfigEntries = append(clu.InitialConfigEntries, svc.Intentions)
+	}
+
+	return node
+}
+
+func (ct *commonTopo) APIClientForCluster(t *testing.T, clu *topology.Cluster) *api.Client {
+	cl, err := ct.Sprawl.APIClientForNode(clu.Name, clu.FirstClient().ID(), "")
+	require.NoError(t, err)
+	return cl
+}
+
+// ExportService looks for an existing ExportedServicesConfigEntry for the given partition
+// and inserts svcs. If none is found, it inserts a new ExportedServicesConfigEntry.
+func (ct *commonTopo) ExportService(clu *topology.Cluster, partition string, svcs ...api.ExportedService) {
+	var found bool
+	for _, ce := range clu.InitialConfigEntries {
+		// We check Name because it must be "default" in OSS whereas Partition will be "".
+		if ce.GetKind() == api.ExportedServices && ce.GetName() == partition {
+			found = true
+			e := ce.(*api.ExportedServicesConfigEntry)
+			e.Services = append(e.Services, svcs...)
+		}
+	}
+	if !found {
+		clu.InitialConfigEntries = append(clu.InitialConfigEntries,
+			&api.ExportedServicesConfigEntry{
+				Name:      partition, // this NEEDs to be "default" in OSS
+				Partition: ConfigEntryPartition(partition),
+				Services:  svcs,
+			},
+		)
+	}
+}
+
+func (ct *commonTopo) ClusterByDatacenter(t *testing.T, name string) *topology.Cluster {
+	t.Helper()
+
+	for _, clu := range ct.Cfg.Clusters {
+		if clu.Datacenter == name {
+			return clu
+		}
+	}
+	t.Fatalf("cluster %q not found", name)
+	return nil
+}
+
+// Since OSS config entries do not contain the partition field,
+// this func converts default partition to empty string.
+func ConfigEntryPartition(p string) string {
+	if p == "default" {
+		return "" // make this OSS friendly
+	}
+	return p
+}
+
+// disableNode is a no-op if the node is already disabled.
+func DisableNode(t *testing.T, cfg *topology.Config, clusterName string, nid topology.NodeID) *topology.Config {
+	nodes := cfg.Cluster(clusterName).Nodes
+	var found bool
+	for _, n := range nodes {
+		if n.ID() == nid {
+			found = true
+			if n.Disabled {
+				return cfg
+			}
+			t.Logf("disabling node %s in cluster %s", nid.String(), clusterName)
+			n.Disabled = true
+			break
+		}
+	}
+	require.True(t, found, "expected to find nodeID %q in cluster %q", nid.String(), clusterName)
+	return cfg
+}
+
+// enableNode is a no-op if the node is already enabled.
+func EnableNode(t *testing.T, cfg *topology.Config, clusterName string, nid topology.NodeID) *topology.Config {
+	nodes := cfg.Cluster(clusterName).Nodes
+	var found bool
+	for _, n := range nodes {
+		if n.ID() == nid {
+			found = true
+			if !n.Disabled {
+				return cfg
+			}
+			t.Logf("enabling node %s in cluster %s", nid.String(), clusterName)
+			n.Disabled = false
+			break
+		}
+	}
+	require.True(t, found, "expected to find nodeID %q in cluster %q", nid.String(), clusterName)
+	return cfg
+}
+
+func setupGlobals(clu *topology.Cluster) {
+	for _, part := range clu.Partitions {
+		clu.InitialConfigEntries = append(clu.InitialConfigEntries,
+			&api.ProxyConfigEntry{
+				Name:      api.ProxyConfigGlobal,
+				Kind:      api.ProxyDefaults,
+				Partition: ConfigEntryPartition(part.Name),
+				MeshGateway: api.MeshGatewayConfig{
+					// Although we define service-defaults for most upstreams in
+					// this test suite, failover tests require a global mode
+					// because the default for peered targets is MeshGatewayModeRemote.
+					Mode: api.MeshGatewayModeLocal,
+				},
+			},
+		)
+	}
+}
+
+// addMeshGateways adds a mesh gateway for every partition in the cluster.
+// Assumes that the LAN network name is equal to datacenter name.
+func addMeshGateways(c *topology.Cluster, kind topology.NodeKind) {
+	for _, p := range c.Partitions {
+		c.Nodes = topology.MergeSlices(c.Nodes, newTopologyMeshGatewaySet(
+			kind,
+			p.Name,
+			fmt.Sprintf("%s-%s-mgw", c.Name, p.Name),
+			1,
+			[]string{c.Datacenter, "wan"},
+			nil,
+		))
+	}
+}
+
+func clusterWithJustServers(name string, numServers int) *topology.Cluster {
+	return &topology.Cluster{
+		Enterprise: utils.IsEnterprise(),
+		Name:       name,
+		Datacenter: name,
+		Nodes: newTopologyServerSet(
+			name+"-server",
+			numServers,
+			[]string{name, "wan"},
+			nil,
+		),
+	}
+}
+
+func addPeerings(acc *topology.Cluster, dial *topology.Cluster) []*topology.Peering {
+	peerings := []*topology.Peering{}
+	for _, accPart := range acc.Partitions {
+		for _, dialPart := range dial.Partitions {
+			peerings = append(peerings, &topology.Peering{
+				Accepting: topology.PeerCluster{
+					Name:      acc.Datacenter,
+					Partition: accPart.Name,
+					PeerName:  LocalPeerName(dial, dialPart.Name),
+				},
+				Dialing: topology.PeerCluster{
+					Name:      dial.Datacenter,
+					Partition: dialPart.Name,
+					PeerName:  LocalPeerName(acc, accPart.Name),
+				},
+			})
+		}
+	}
+	return peerings
+}
+
+func injectTenancies(clu *topology.Cluster) {
+	if !utils.IsEnterprise() {
+		clu.Partitions = []*topology.Partition{
+			{
+				Name: "default",
+				Namespaces: []string{
+					"default",
+				},
+			},
+		}
+		return
+	}
+
+	for _, part := range []string{"default", "part1"} {
+		clu.Partitions = append(clu.Partitions,
+			&topology.Partition{
+				Name: part,
+				Namespaces: []string{
+					"default",
+					"ns1",
+				},
+			},
+		)
+	}
+}
+
+func newTopologyServerSet(
+	namePrefix string,
+	num int,
+	networks []string,
+	mutateFn func(i int, node *topology.Node),
+) []*topology.Node {
+	var out []*topology.Node
+	for i := 1; i <= num; i++ {
+		name := namePrefix + strconv.Itoa(i)
+
+		node := &topology.Node{
+			Kind: topology.NodeKindServer,
+			Name: name,
+		}
+		for _, net := range networks {
+			node.Addresses = append(node.Addresses, &topology.Address{Network: net})
+		}
+
+		if mutateFn != nil {
+			mutateFn(i, node)
+		}
+
+		out = append(out, node)
+	}
+	return out
+}
+
+func newTopologyMeshGatewaySet(
+	nodeKind topology.NodeKind,
+	partition string,
+	namePrefix string,
+	num int,
+	networks []string,
+	mutateFn func(i int, node *topology.Node),
+) []*topology.Node {
+	var out []*topology.Node
+	for i := 1; i <= num; i++ {
+		name := namePrefix + strconv.Itoa(i)
+
+		node := &topology.Node{
+			Kind:      nodeKind,
+			Partition: partition,
+			Name:      name,
+			Services: []*topology.Service{{
+				ID:             topology.ServiceID{Name: "mesh-gateway"},
+				Port:           8443,
+				EnvoyAdminPort: 19000,
+				IsMeshGateway:  true,
+			}},
+		}
+		for _, net := range networks {
+			node.Addresses = append(node.Addresses, &topology.Address{Network: net})
+		}
+
+		if mutateFn != nil {
+			mutateFn(i, node)
+		}
+
+		out = append(out, node)
+	}
+	return out
+}
+
+const HashicorpDockerProxy = "docker.mirror.hashicorp.services"
+
+func NewFortioServiceWithDefaults(
+	cluster string,
+	sid topology.ServiceID,
+	mut func(s *topology.Service),
+) *topology.Service {
+	const (
+		httpPort  = 8080
+		grpcPort  = 8079
+		adminPort = 19000
+	)
+	sid.Normalize()
+
+	svc := &topology.Service{
+		ID:             sid,
+		Image:          HashicorpDockerProxy + "/fortio/fortio",
+		Port:           httpPort,
+		EnvoyAdminPort: adminPort,
+		CheckTCP:       "127.0.0.1:" + strconv.Itoa(httpPort),
+		Env: []string{
+			"FORTIO_NAME=" + cluster + "::" + sid.String(),
+		},
+		Command: []string{
+			"server",
+			"-http-port", strconv.Itoa(httpPort),
+			"-grpc-port", strconv.Itoa(grpcPort),
+			"-redirect-port", "-disabled",
+		},
+	}
+	if mut != nil {
+		mut(svc)
+	}
+	return svc
+}
+
+// computeRelationships will analyze a full topology and generate all of the
+// downstream/upstream information for all of them.
+func computeRelationships(topo *topology.Topology) []Relationship {
+	var out []Relationship
+	for _, cluster := range topo.Clusters {
+		for _, n := range cluster.Nodes {
+			for _, s := range n.Services {
+				for _, u := range s.Upstreams {
+					out = append(out, Relationship{
+						Caller:   s,
+						Upstream: u,
+					})
+				}
+			}
+		}
+	}
+	return out
+}
+
+// renderRelationships will take the output of ComputeRelationships and display
+// it in tabular form.
+func renderRelationships(ships []Relationship) string {
+	var buf bytes.Buffer
+	w := tabwriter.NewWriter(&buf, 0, 0, 3, ' ', tabwriter.Debug)
+	fmt.Fprintf(w, "DOWN\tnode\tservice\tport\tUP\tservice\t\n")
+	for _, r := range ships {
+		fmt.Fprintf(w,
+			"%s\t%s\t%s\t%d\t%s\t%s\t\n",
+			r.downCluster(),
+			r.Caller.Node.ID().String(),
+			r.Caller.ID.String(),
+			r.Upstream.LocalPort,
+			r.upCluster(),
+			r.Upstream.ID.String(),
+		)
+	}
+	fmt.Fprintf(w, "\t\t\t\t\t\t\n")
+
+	w.Flush()
+	return buf.String()
+}
+
+type Relationship struct {
+	Caller   *topology.Service
+	Upstream *topology.Upstream
+}
+
+func (r Relationship) String() string {
+	return fmt.Sprintf(
+		"%s on %s in %s via :%d => %s in %s",
+		r.Caller.ID.String(),
+		r.Caller.Node.ID().String(),
+		r.downCluster(),
+		r.Upstream.LocalPort,
+		r.Upstream.ID.String(),
+		r.upCluster(),
+	)
+}
+
+func (r Relationship) downCluster() string {
+	return r.Caller.Node.Cluster
+}
+
+func (r Relationship) upCluster() string {
+	return r.Upstream.Cluster
+}
diff --git a/test-integ/peering_commontopo/sharedtopology_test.go b/test-integ/peering_commontopo/sharedtopology_test.go
new file mode 100644
index 000000000000..75532e5d56a0
--- /dev/null
+++ b/test-integ/peering_commontopo/sharedtopology_test.go
@@ -0,0 +1,82 @@
+package peering
+
+import (
+	"flag"
+	"testing"
+)
+
+// Tests that use commonTopo should implement sharedTopoSuite.
+//
+// Tests that use commonTopo are either cooperative or non-cooperative. Non-cooperative
+// uses of commonTopo include is anything that may interfere with other tests, namely
+// mutations, such as:
+// - any calls to commonTopo.Relaunch; this is generally disruptive to other tests
+// - stopping or disabling nodes
+// - ...
+//
+// Cooperative tests should just call testFuncMayReuseCommonTopo() to ensure they
+// are run in the correct `sharetopo` mode. They should also ensure they are included
+// in the commonTopoSuites slice in TestSuitesOnSharedTopo.
+type sharedTopoSuite interface {
+	testName() string
+	setup(*testing.T, *commonTopo)
+	test(*testing.T, *commonTopo)
+}
+
+var flagNoShareTopo = flag.Bool("no-share-topo", false, "do not share topology; run each test in its own isolated topology")
+
+func runShareableSuites(t *testing.T, suites []sharedTopoSuite) {
+	t.Helper()
+	if !*flagNoShareTopo {
+		names := []string{}
+		for _, s := range suites {
+			names = append(names, s.testName())
+		}
+		t.Skipf(`Will run as part of "TestSuitesOnSharedTopo": %v`, names)
+	}
+	ct := NewCommonTopo(t)
+	for _, s := range suites {
+		s.setup(t, ct)
+	}
+	ct.Launch(t)
+	for _, s := range suites {
+		s := s
+		t.Run(s.testName(), func(t *testing.T) {
+			t.Parallel()
+			s.test(t, ct)
+		})
+	}
+}
+
+// Tests that can share topo must implement sharedTopoSuite and be appended to the sharedTopoSuites
+// slice inside
+func TestSuitesOnSharedTopo(t *testing.T) {
+	if *flagNoShareTopo {
+		t.Skip(`shared topo suites disabled by -no-share-topo`)
+	}
+	ct := NewCommonTopo(t)
+
+	sharedTopoSuites := []sharedTopoSuite{}
+	sharedTopoSuites = append(sharedTopoSuites, ac1BasicSuites...)
+	sharedTopoSuites = append(sharedTopoSuites, ac2DiscoChainSuites...)
+	sharedTopoSuites = append(sharedTopoSuites, ac3SvcDefaultsSuites...)
+	sharedTopoSuites = append(sharedTopoSuites, ac4ProxyDefaultsSuites...)
+	sharedTopoSuites = append(sharedTopoSuites, ac5_1NoSvcMeshSuites...)
+
+	for _, s := range sharedTopoSuites {
+		s.setup(t, ct)
+	}
+	ct.Launch(t)
+	for _, s := range sharedTopoSuites {
+		s := s
+		t.Run(s.testName(), func(t *testing.T) {
+			t.Parallel()
+			s.test(t, ct)
+		})
+	}
+}
+
+func TestCommonTopologySetup(t *testing.T) {
+	ct := NewCommonTopo(t)
+	ct.Launch(t)
+}
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index 9eba92ca55fb..aa3083128e3c 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -13,6 +13,7 @@ require (
 	github.com/hashicorp/consul/envoyextensions v0.3.0-rc1
 	github.com/hashicorp/consul/proto-public v0.4.0-rc1
 	github.com/hashicorp/consul/sdk v0.14.0-rc1
+	github.com/hashicorp/consul/testing/deployer v0.0.0-00010101000000-000000000000
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-uuid v1.0.3
@@ -84,7 +85,7 @@ require (
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
-	golang.org/x/crypto v0.1.0 // indirect
+	golang.org/x/crypto v0.7.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/net v0.10.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
@@ -102,4 +103,5 @@ replace (
 	github.com/hashicorp/consul/envoyextensions => ../../../envoyextensions
 	github.com/hashicorp/consul/proto-public => ../../../proto-public
 	github.com/hashicorp/consul/sdk => ../../../sdk
+	github.com/hashicorp/consul/testing/deployer => ../../../testing/deployer
 )
diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum
index 02a74ddbe68e..af2071a42588 100644
--- a/test/integration/consul-container/go.sum
+++ b/test/integration/consul-container/go.sum
@@ -311,8 +311,8 @@ golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
diff --git a/test/integration/consul-container/libs/assert/envoy.go b/test/integration/consul-container/libs/assert/envoy.go
index eef407c25021..13632aaf4af2 100644
--- a/test/integration/consul-container/libs/assert/envoy.go
+++ b/test/integration/consul-container/libs/assert/envoy.go
@@ -14,11 +14,12 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/hashicorp/go-cleanhttp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+
 	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
 	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
 )
@@ -113,7 +114,7 @@ func AssertUpstreamEndpointStatusWithClient(
 			| length`,
 			clusterName, healthStatus)
 		results, err := utils.JQFilter(clusters, filter)
-		require.NoErrorf(r, err, "could not found cluster name %s in \n%s", clusterName, clusters)
+		require.NoErrorf(r, err, "could not found cluster name %q: %v \n%s", clusterName, err, clusters)
 		require.Len(r, results, 1) // the final part of the pipeline is "length" which only ever returns 1 result
 
 		result, err := strconv.Atoi(results[0])
diff --git a/test/integration/consul-container/libs/assert/peering.go b/test/integration/consul-container/libs/assert/peering.go
index 2cf842a4aed2..5b9d4ee4b43a 100644
--- a/test/integration/consul-container/libs/assert/peering.go
+++ b/test/integration/consul-container/libs/assert/peering.go
@@ -10,6 +10,8 @@ import (
 
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 // PeeringStatus verifies the peering connection is the specified state with a default retry.
@@ -52,14 +54,8 @@ func PeeringExportsOpts(t *testing.T, client *api.Client, peerName string, expor
 
 	retry.RunWith(failer(), t, func(r *retry.R) {
 		peering, _, err := client.Peerings().Read(context.Background(), peerName, opts)
-		if err != nil {
-			r.Fatal("error reading peering data")
-		}
-		if peering == nil {
-			r.Fatal("peering not found")
-		}
-		if exports != len(peering.StreamStatus.ExportedServices) {
-			r.Fatal("peering exported services did not match: got ", len(peering.StreamStatus.ExportedServices), " want ", exports)
-		}
+		require.Nil(r, err, "reading peering data")
+		require.NotNilf(r, peering, "peering not found %q", peerName)
+		assert.Len(r, peering.StreamStatus.ExportedServices, exports, "peering exported services")
 	})
 }
diff --git a/test/integration/consul-container/libs/assert/service.go b/test/integration/consul-container/libs/assert/service.go
index c0a8197ff37b..f325c8e37280 100644
--- a/test/integration/consul-container/libs/assert/service.go
+++ b/test/integration/consul-container/libs/assert/service.go
@@ -34,7 +34,7 @@ func CatalogServiceExists(t *testing.T, c *api.Client, svc string, opts *api.Que
 			r.Fatal("error reading service data")
 		}
 		if len(services) == 0 {
-			r.Fatal("did not find catalog entry for ", svc)
+			r.Fatalf("did not find catalog entry for %q with opts %#v", svc, opts)
 		}
 	})
 }
diff --git a/test/integration/consul-container/libs/utils/tenancy.go b/test/integration/consul-container/libs/utils/tenancy.go
index c116a55a4c27..2254341ab59d 100644
--- a/test/integration/consul-container/libs/utils/tenancy.go
+++ b/test/integration/consul-container/libs/utils/tenancy.go
@@ -22,11 +22,11 @@ func DefaultToEmpty(name string) string {
 	return name
 }
 
-// PartitionQueryOptions returns an *api.QueryOptions with the given partition
-// field set only if the partition is non-default. This helps when writing
-// tests for joint use in OSS and ENT.
-func PartitionQueryOptions(partition string) *api.QueryOptions {
-	return &api.QueryOptions{
-		Partition: DefaultToEmpty(partition),
-	}
+// CompatQueryOpts cleans a QueryOptions so that Partition and Namespace fields
+// are compatible with OSS or ENT
+// TODO: not sure why we can't do this server-side
+func CompatQueryOpts(opts *api.QueryOptions) *api.QueryOptions {
+	opts.Partition = DefaultToEmpty(opts.Partition)
+	opts.Namespace = DefaultToEmpty(opts.Namespace)
+	return opts
 }
diff --git a/test/integration/consul-container/libs/utils/version.go b/test/integration/consul-container/libs/utils/version.go
index 91c4da5e3126..b906f9167826 100644
--- a/test/integration/consul-container/libs/utils/version.go
+++ b/test/integration/consul-container/libs/utils/version.go
@@ -7,6 +7,7 @@ import (
 	"flag"
 	"strings"
 
+	"github.com/hashicorp/consul/testing/deployer/topology"
 	"github.com/hashicorp/go-version"
 )
 
@@ -55,6 +56,20 @@ func GetLatestImageName() string {
 	return LatestImageName
 }
 
+func TargetImages() topology.Images {
+	img := DockerImage(targetImageName, TargetVersion)
+
+	if IsEnterprise() {
+		return topology.Images{
+			ConsulEnterprise: img,
+		}
+	} else {
+		return topology.Images{
+			ConsulOSS: img,
+		}
+	}
+}
+
 func IsEnterprise() bool { return isInEnterpriseRepo }
 
 func DockerImage(image, version string) string {
diff --git a/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go b/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
index 9a25cccfd282..70b81e964a99 100644
--- a/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
+++ b/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
@@ -73,8 +73,8 @@ func TestTrafficManagement_ResolverDefaultSubset(t *testing.T) {
 	assertionFn := func() {
 		_, serverAdminPortV1 := serverConnectProxyV1.GetAdminAddr()
 		_, serverAdminPortV2 := serverConnectProxyV2.GetAdminAddr()
-		_, adminPort := staticClientProxy.GetAdminAddr()
-		_, port := staticClientProxy.GetAddr()
+		_, adminPort := staticClientProxy.GetAdminAddr() // httpPort
+		_, port := staticClientProxy.GetAddr()           // EnvoyAdminPort
 
 		libassert.AssertEnvoyRunning(t, serverAdminPortV1)
 		libassert.AssertEnvoyRunning(t, serverAdminPortV2)

From 2e326e2e5fc5e8ec8546411a9605bc8d2cf18247 Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Tue, 18 Jul 2023 17:30:01 -0700
Subject: [PATCH 185/359] docs - remove Sentinel from enterprise features list
 (#18176)

* Update index.mdx
* Update kv.mdx
* Update docs-nav-data.json
* delete sentinel.mdx
* Update redirects.js

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
---
 .../content/docs/dynamic-app-config/kv.mdx    | 18 ++++++++++++++
 website/content/docs/enterprise/index.mdx     | 10 +++-----
 website/content/docs/enterprise/sentinel.mdx  | 24 -------------------
 website/data/docs-nav-data.json               |  4 ----
 website/redirects.js                          |  7 ++++++
 5 files changed, 28 insertions(+), 35 deletions(-)
 delete mode 100644 website/content/docs/enterprise/sentinel.mdx

diff --git a/website/content/docs/dynamic-app-config/kv.mdx b/website/content/docs/dynamic-app-config/kv.mdx
index 62406e019dfa..5986cb0741a9 100644
--- a/website/content/docs/dynamic-app-config/kv.mdx
+++ b/website/content/docs/dynamic-app-config/kv.mdx
@@ -61,6 +61,24 @@ and when recursively searching within the data store. We also recommend that
 you avoid the use of `*`, `?`, `'`, and `%` because they can cause issues when
 using the API and in shell scripts.
 
+## Using Sentinel to apply policies for Consul KV 
+
+<EnterpriseAlert>
+
+This feature requires
+HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise.
+
+</EnterpriseAlert>
+
+You can also use Sentinel as a Policy-as-code framework for defining advanced key-value storage access control policies. Sentinel policies extend the ACL system in Consul beyond static "read", "write",
+and "deny" policies to support full conditional logic and integration with
+external systems. Reference the [Sentinel documentation](https://docs.hashicorp.com/sentinel/concepts) for high-level Sentinel concepts.
+
+To get started with Sentinel in Consul,
+refer to the [Sentinel documentation](https://docs.hashicorp.com/sentinel/consul) or
+[Consul documentation](/consul/docs/agent/sentinel).
+
+
 ## Extending Consul KV
 
 ### Consul Template
diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx
index ac7a1c62d52e..00829e9ef69a 100644
--- a/website/content/docs/enterprise/index.mdx
+++ b/website/content/docs/enterprise/index.mdx
@@ -20,12 +20,13 @@ The following features are [available in several forms of Consul Enterprise](#co
 
 - [Admin Partitions](/consul/docs/enterprise/admin-partitions): Define administrative boundaries between tenants within a single Consul datacenter
 - [Namespaces](/consul/docs/enterprise/namespaces): Define resource boundaries within a single admin partition for further organizational flexibility
-- [Sameness Groups](/consul/docs/connect/config-entries/samenes-group): Define partitions and cluster peers as members of a group with identical services
+- [Sameness Groups](/consul/docs/connect/config-entries/sameness-group): Define partitions and cluster peers as members of a group with identical services
 
 ### Resiliency
 
 - [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state
 - [Redundancy Zones](/consul/docs/enterprise/redundancy): Deploy backup voting Consul servers to efficiently improve Consul fault tolerance
+- [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips): Limit gRPC and RPC traffic to servers for source IP addresses.
 
 ### Scalability
 
@@ -45,7 +46,6 @@ The following features are [available in several forms of Consul Enterprise](#co
 
 - [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc): Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly
 - [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API 
-- [Sentinel for KV](/consul/docs/enterprise/sentinel): Policy-as-code framework for defining advanced key-value storage access control policies
 
 ### Regulatory compliance
 
@@ -102,7 +102,6 @@ Available Enterprise features per Consul form and license include:
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | No                                      | Yes                 | Yes                                               |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)          | Not applicable                          | Yes                 | With Global Visibility, Routing, and Scale module |
 | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | No | Yes | N/A |
-| [Sentinel for KV](/consul/docs/enterprise/sentinel)             | All tiers                               | Yes                 | With Governance and Policy module                 |
 | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | All tiers | Yes | With Governance and Policy module |
 
 
@@ -131,7 +130,6 @@ Consul Enterprise feature availability can change depending on your server and c
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Sentinel ](/consul/docs/enterprise/sentinel)                           |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
 
 </Tab>
@@ -152,7 +150,6 @@ Consul Enterprise feature availability can change depending on your server and c
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#9989;  |  &#9989;   |  &#9989;  |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  &#10060; |  &#10060;  |  &#10060;  |
 | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Sentinel ](/consul/docs/enterprise/sentinel)                           |  &#9989;  |  &#9989;   |  &#9989;  |
 | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
 
 </Tab>
@@ -173,8 +170,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#10060; |  &#10060;  |  &#10060;  |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  n/a      |  n/a       |  n/a       |
 | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Sentinel ](/consul/docs/enterprise/sentinel)                           |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
 
 </Tab>
-</Tabs>
\ No newline at end of file
+</Tabs>
diff --git a/website/content/docs/enterprise/sentinel.mdx b/website/content/docs/enterprise/sentinel.mdx
deleted file mode 100644
index 3fea0c8a9d50..000000000000
--- a/website/content/docs/enterprise/sentinel.mdx
+++ /dev/null
@@ -1,24 +0,0 @@
----
-layout: docs
-page_title: Sentinel in Consul (Enterprise)
-description: >-
-  Sentinel is an access-control-policy-as-code framework and language. Learn how Consul can use Sentinel policies to extend the ACL system's capabilities and further secure your clusters by controlling key-value (KV) store write access.
----
-
-# Sentinel in Consul
-
-<EnterpriseAlert>
-
-This feature requires
-HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise.
-Refer to the [enterprise feature matrix](/consul/docs/enterprise#consul-enterprise-feature-availability) for additional information.
-
-</EnterpriseAlert>
-
-Sentinel policies extend the ACL system in Consul beyond static "read", "write",
-and "deny" policies to support full conditional logic and integration with
-external systems. Reference the [Sentinel documentation](https://docs.hashicorp.com/sentinel/concepts) for high-level Sentinel concepts.
-
-To get started with Sentinel in Consul,
-[read the general documentation](https://docs.hashicorp.com/sentinel/consul) or
-[Consul documentation](/consul/docs/agent/sentinel).
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 7149dfebb299..90ddb493ef56 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -1678,10 +1678,6 @@
         "title": "NIA with TFE",
         "href": "/docs/nia/enterprise"
       },
-      {
-        "title": "Sentinel",
-        "path": "enterprise/sentinel"
-      },
       {
         "title": "License",
         "routes": [
diff --git a/website/redirects.js b/website/redirects.js
index 517c73bbfa5a..bdad1457b68c 100644
--- a/website/redirects.js
+++ b/website/redirects.js
@@ -60,4 +60,11 @@ module.exports = [
       '/consul/docs/connect/cluster-peering/usage/establish-cluster-peering',
     permanent: true,
   },
+  {
+    source:
+      '/consul/docs/enterprise/sentinel',
+    destination:
+      '/consul/docs/dynamic-app-config/kv#using-sentinel-to-apply-policies-for-consul-kv',
+    permanent: true,
+  },
 ]

From 29cdb75d05d2e7b1681bcdf3fbb9ffb40f232527 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Wed, 19 Jul 2023 11:37:58 -0400
Subject: [PATCH 186/359] [NET-4865] Bump golang.org/x/net to 0.12.0 (#18186)

Bump golang.org/x/net to 0.12.0

While not necessary to directly address CVE-2023-29406 (which should be
handled by using a patched version of Go when building), an
accompanying change to HTTP/2 error handling does impact agent code.

See https://go-review.googlesource.com/c/net/+/506995 for the HTTP/2
change.

Bump this dependency across our submodules as well for the sake of
potential indirect consumers of `x/net/http`.
---
 .changelog/18186.txt                     |  3 +++
 api/go.mod                               |  4 ++--
 api/go.sum                               |  8 ++++----
 envoyextensions/go.mod                   |  2 +-
 envoyextensions/go.sum                   |  6 +++---
 go.mod                                   | 10 +++++-----
 go.sum                                   | 20 ++++++++++----------
 proto-public/go.mod                      |  6 +++---
 proto-public/go.sum                      | 12 ++++++------
 test-integ/go.mod                        | 10 +++++-----
 test-integ/go.sum                        | 18 +++++++++---------
 test/integration/consul-container/go.mod |  8 ++++----
 test/integration/consul-container/go.sum | 16 ++++++++--------
 troubleshoot/go.mod                      |  6 +++---
 troubleshoot/go.sum                      | 12 ++++++------
 15 files changed, 72 insertions(+), 69 deletions(-)
 create mode 100644 .changelog/18186.txt

diff --git a/.changelog/18186.txt b/.changelog/18186.txt
new file mode 100644
index 000000000000..dcc75b57653b
--- /dev/null
+++ b/.changelog/18186.txt
@@ -0,0 +1,3 @@
+```release-note:security
+Upgrade golang.org/x/net to address [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406)
+```
diff --git a/api/go.mod b/api/go.mod
index 335a6df7ce13..5d47d45045b7 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -39,8 +39,8 @@ require (
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/net v0.12.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/api/go.sum b/api/go.sum
index fd85203e346f..0151f6b644eb 100644
--- a/api/go.sum
+++ b/api/go.sum
@@ -182,8 +182,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -211,8 +211,8 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
diff --git a/envoyextensions/go.mod b/envoyextensions/go.mod
index 6a6128fa6cee..07c0f6a0c9c7 100644
--- a/envoyextensions/go.mod
+++ b/envoyextensions/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/envoyextensions/go.sum b/envoyextensions/go.sum
index 52d5f9ed00c2..1081ce26f451 100644
--- a/envoyextensions/go.sum
+++ b/envoyextensions/go.sum
@@ -206,7 +206,7 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -235,8 +235,8 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
diff --git a/go.mod b/go.mod
index c4fc7a5c847d..4a154c4d931a 100644
--- a/go.mod
+++ b/go.mod
@@ -103,12 +103,12 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v0.39.0
 	go.opentelemetry.io/proto/otlp v0.19.0
 	go.uber.org/goleak v1.1.10
-	golang.org/x/crypto v0.1.0
+	golang.org/x/crypto v0.11.0
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29
-	golang.org/x/net v0.10.0
+	golang.org/x/net v0.12.0
 	golang.org/x/oauth2 v0.6.0
 	golang.org/x/sync v0.2.0
-	golang.org/x/sys v0.8.0
+	golang.org/x/sys v0.10.0
 	golang.org/x/time v0.3.0
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1
 	google.golang.org/grpc v1.55.0
@@ -244,8 +244,8 @@ require (
 	go.uber.org/atomic v1.9.0 // indirect
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
 	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/term v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/term v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
 	golang.org/x/tools v0.9.1 // indirect
 	google.golang.org/api v0.114.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
index 8d340dcdb30d..0eae0ab4af9f 100644
--- a/go.sum
+++ b/go.sum
@@ -988,8 +988,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1084,8 +1084,8 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1202,13 +1202,13 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1220,8 +1220,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff --git a/proto-public/go.mod b/proto-public/go.mod
index d4da0094c11c..ba1268d698f2 100644
--- a/proto-public/go.mod
+++ b/proto-public/go.mod
@@ -15,9 +15,9 @@ require (
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/rogpeppe/go-internal v1.10.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/proto-public/go.sum b/proto-public/go.sum
index 324f50988038..9d540aba9999 100644
--- a/proto-public/go.sum
+++ b/proto-public/go.sum
@@ -30,12 +30,12 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
 github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
diff --git a/test-integ/go.mod b/test-integ/go.mod
index af6f6612392b..a70dd75b41ad 100644
--- a/test-integ/go.mod
+++ b/test-integ/go.mod
@@ -80,12 +80,12 @@ require (
 	github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 // indirect
 	github.com/testcontainers/testcontainers-go v0.20.1 // indirect
 	github.com/zclconf/go-cty v1.12.1 // indirect
-	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/crypto v0.11.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
 	golang.org/x/tools v0.9.1 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.55.0 // indirect
@@ -102,4 +102,4 @@ replace (
 	github.com/hashicorp/consul/sdk => ../sdk
 	github.com/hashicorp/consul/test/integration/consul-container => ../test/integration/consul-container
 	github.com/hashicorp/consul/testing/deployer => ../testing/deployer
-)
\ No newline at end of file
+)
diff --git a/test-integ/go.sum b/test-integ/go.sum
index 960e4556762c..7cde2437aafd 100644
--- a/test-integ/go.sum
+++ b/test-integ/go.sum
@@ -274,8 +274,8 @@ golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -294,8 +294,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -331,15 +331,15 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -374,4 +374,4 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
-gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
\ No newline at end of file
+gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index aa3083128e3c..36dc46aaeeaf 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -85,12 +85,12 @@ require (
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
-	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/crypto v0.11.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/net v0.12.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
 	golang.org/x/tools v0.9.1 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum
index af2071a42588..b1346cfba064 100644
--- a/test/integration/consul-container/go.sum
+++ b/test/integration/consul-container/go.sum
@@ -311,8 +311,8 @@ golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
@@ -339,8 +339,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -378,15 +378,15 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/troubleshoot/go.mod b/troubleshoot/go.mod
index 1a6ca3559a63..a0b316aa5476 100644
--- a/troubleshoot/go.mod
+++ b/troubleshoot/go.mod
@@ -46,9 +46,9 @@ require (
 	github.com/rogpeppe/go-internal v1.10.0 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.55.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/troubleshoot/go.sum b/troubleshoot/go.sum
index dc482f3d5ecc..eaa1d8db6595 100644
--- a/troubleshoot/go.sum
+++ b/troubleshoot/go.sum
@@ -373,8 +373,8 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -433,8 +433,8 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -443,8 +443,8 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From 003370ded024096cd89fb2aa2bc15293c23b9707 Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Wed, 19 Jul 2023 13:10:57 -0500
Subject: [PATCH 187/359] Call resource mutate hook before validate hook
 (NET-4907) (#18178)

---
 agent/grpc-external/services/resource/write.go | 8 ++++----
 internal/resource/registry.go                  | 6 ++----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/agent/grpc-external/services/resource/write.go b/agent/grpc-external/services/resource/write.go
index 34799ae8d82e..831998c33bcf 100644
--- a/agent/grpc-external/services/resource/write.go
+++ b/agent/grpc-external/services/resource/write.go
@@ -72,14 +72,14 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre
 		)
 	}
 
-	if err = reg.Validate(req.Resource); err != nil {
-		return nil, status.Error(codes.InvalidArgument, err.Error())
-	}
-
 	if err = reg.Mutate(req.Resource); err != nil {
 		return nil, status.Errorf(codes.Internal, "failed mutate hook: %v", err.Error())
 	}
 
+	if err = reg.Validate(req.Resource); err != nil {
+		return nil, status.Error(codes.InvalidArgument, err.Error())
+	}
+
 	// At the storage backend layer, all writes are CAS operations.
 	//
 	// This makes it possible to *safely* do things like keeping the Uid stable
diff --git a/internal/resource/registry.go b/internal/resource/registry.go
index 0004acfff4c6..1baaf0bdd1bb 100644
--- a/internal/resource/registry.go
+++ b/internal/resource/registry.go
@@ -42,11 +42,9 @@ type Registration struct {
 	// check for required fields).
 	Validate func(*pbresource.Resource) error
 
-	// Mutate is called to fill out any autogenerated fields (e.g. UUIDs).
+	// Mutate is called to fill out any autogenerated fields (e.g. UUIDs) or
+	// apply defaults before validation.
 	Mutate func(*pbresource.Resource) error
-
-	// In the future, we'll add hooks, the controller etc. here.
-	// TODO: https://github.com/hashicorp/consul/pull/16622#discussion_r1134515909
 }
 
 type ACLHooks struct {

From e8dd04d6629da10f7b324124e0692d90355de486 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Wed, 19 Jul 2023 17:02:18 -0400
Subject: [PATCH 188/359] [NET-4865] security: Update Go version to 1.20.6
 (#18190)

Update Go version to 1.20.6

This resolves [CVE-2023-29406]
(https://nvd.nist.gov/vuln/detail/CVE-2023-29406) for uses of the
`net/http` standard library.

Note that until the follow-up to #18124 is done, the version of Go used
in those impacted tests will need to remain on 1.20.5.
---
 .changelog/18190.txt                     |  5 +++++
 .github/workflows/build.yml              | 22 +++++++++++-----------
 build-support/docker/Build-Go.dockerfile |  2 +-
 3 files changed, 17 insertions(+), 12 deletions(-)
 create mode 100644 .changelog/18190.txt

diff --git a/.changelog/18190.txt b/.changelog/18190.txt
new file mode 100644
index 000000000000..3468442e2161
--- /dev/null
+++ b/.changelog/18190.txt
@@ -0,0 +1,5 @@
+```release-note:security
+Upgrade to use Go 1.20.6.
+This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`) for uses of the standard library. 
+A separate change updates dependencies on `golang.org/x/net` to use `0.12.0`.
+```
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c788a1536c25..51d1ecb965fe 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -84,15 +84,15 @@ jobs:
     strategy:
       matrix:
         include:
-          - {go: "1.20.4", goos: "linux", goarch: "386"}
-          - {go: "1.20.4", goos: "linux", goarch: "amd64"}
-          - {go: "1.20.4", goos: "linux", goarch: "arm"}
-          - {go: "1.20.4", goos: "linux", goarch: "arm64"}
-          - {go: "1.20.4", goos: "freebsd", goarch: "386"}
-          - {go: "1.20.4", goos: "freebsd", goarch: "amd64"}
-          - {go: "1.20.4", goos: "windows", goarch: "386"}
-          - {go: "1.20.4", goos: "windows", goarch: "amd64"}
-          - {go: "1.20.4", goos: "solaris", goarch: "amd64"}
+          - {go: "1.20.6", goos: "linux", goarch: "386"}
+          - {go: "1.20.6", goos: "linux", goarch: "amd64"}
+          - {go: "1.20.6", goos: "linux", goarch: "arm"}
+          - {go: "1.20.6", goos: "linux", goarch: "arm64"}
+          - {go: "1.20.6", goos: "freebsd", goarch: "386"}
+          - {go: "1.20.6", goos: "freebsd", goarch: "amd64"}
+          - {go: "1.20.6", goos: "windows", goarch: "386"}
+          - {go: "1.20.6", goos: "windows", goarch: "amd64"}
+          - {go: "1.20.6", goos: "solaris", goarch: "amd64"}
       fail-fast: true
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
@@ -181,7 +181,7 @@ jobs:
     strategy:
       matrix:
         include:
-          - {go: "1.20.4", goos: "linux", goarch: "s390x"}
+          - {go: "1.20.6", goos: "linux", goarch: "s390x"}
       fail-fast: true
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
@@ -232,7 +232,7 @@ jobs:
       matrix:
         goos: [ darwin ]
         goarch: [ "amd64", "arm64" ]
-        go: [ "1.20.4" ]
+        go: [ "1.20.6" ]
       fail-fast: true
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile
index 8ab8e8cb9a99..5f0732cf252e 100644
--- a/build-support/docker/Build-Go.dockerfile
+++ b/build-support/docker/Build-Go.dockerfile
@@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-ARG GOLANG_VERSION=1.20.4
+ARG GOLANG_VERSION=1.20.6
 FROM golang:${GOLANG_VERSION}
 
 WORKDIR /consul

From 18bc04165cd577d82d347908b86bb3f429827e04 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Wed, 19 Jul 2023 17:19:00 -0400
Subject: [PATCH 189/359] Improve XDS test coverage: JWT auth edition (#18183)

* Improve XDS test coverage: JWT auth edition

more tests

* test: xds coverage for jwt listeners

---------

Co-authored-by: DanStough <dan.stough@hashicorp.com>
---
 agent/xds/clusters_test.go                    | 162 ++++++++++-
 agent/xds/listeners_test.go                   |  59 ++++
 ...-jwt-config-entry-with-local.latest.golden | 145 ++++++++++
 ...onfig-entry-with-remote-jwks.latest.golden | 183 ++++++++++++
 ...-jwt-config-entry-with-local.latest.golden | 273 ++++++++++++++++++
 5 files changed, 820 insertions(+), 2 deletions(-)
 create mode 100644 agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-local.latest.golden
 create mode 100644 agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden
 create mode 100644 agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden

diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
index df1ce79bf8a5..954aad7756f0 100644
--- a/agent/xds/clusters_test.go
+++ b/agent/xds/clusters_test.go
@@ -12,14 +12,15 @@ import (
 	"time"
 
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
-	"github.com/hashicorp/consul/agent/xds/testcommon"
-
+	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
 	testinf "github.com/mitchellh/go-testing-interface"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/wrapperspb"
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/testcommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/types"
@@ -219,6 +220,63 @@ func TestClustersFromSnapshot(t *testing.T) {
 				})
 			},
 		},
+		{
+			name: "connect-proxy-with-jwt-config-entry-with-local",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{
+					{
+						CorrelationID: "jwt-provider",
+						Result: &structs.IndexedConfigEntries{
+							Kind: "jwt-provider",
+							Entries: []structs.ConfigEntry{
+								&structs.JWTProviderConfigEntry{
+									Name: "okta",
+									JSONWebKeySet: &structs.JSONWebKeySet{
+										Local: &structs.LocalJWKS{
+											JWKS: "xxx",
+										},
+									},
+								},
+							},
+						},
+					},
+				})
+			},
+		},
+		{
+			name: "connect-proxy-with-jwt-config-entry-with-remote-jwks",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{
+					{
+						CorrelationID: "jwt-provider",
+						Result: &structs.IndexedConfigEntries{
+							Kind: "jwt-provider",
+							Entries: []structs.ConfigEntry{
+								&structs.JWTProviderConfigEntry{
+									Name: "okta",
+									JSONWebKeySet: &structs.JSONWebKeySet{
+										Remote: &structs.RemoteJWKS{
+											RequestTimeoutMs:    1000,
+											FetchAsynchronously: true,
+											URI:                 "https://test.test.com",
+											JWKSCluster: &structs.JWKSCluster{
+												DiscoveryType:  structs.DiscoveryTypeStatic,
+												ConnectTimeout: time.Duration(5) * time.Second,
+												TLSCertificates: &structs.JWKSTLSCertificate{
+													TrustedCA: &structs.JWKSTLSCertTrustedCA{
+														Filename: "mycert.crt",
+													},
+												},
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+				})
+			},
+		},
 		{
 			name: "custom-local-app",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -1235,3 +1293,103 @@ func TestParseJWTRemoteURL(t *testing.T) {
 func UID(input string) proxycfg.UpstreamID {
 	return proxycfg.UpstreamIDFromString(input)
 }
+
+func TestMakeJWTCertValidationContext(t *testing.T) {
+	tests := map[string]struct {
+		jwksCluster *structs.JWKSCluster
+		expected    *envoy_tls_v3.CertificateValidationContext
+	}{
+		"when nil": {
+			jwksCluster: nil,
+			expected:    &envoy_tls_v3.CertificateValidationContext{},
+		},
+		"when trustedCA with filename": {
+			jwksCluster: &structs.JWKSCluster{
+				TLSCertificates: &structs.JWKSTLSCertificate{
+					TrustedCA: &structs.JWKSTLSCertTrustedCA{
+						Filename: "file.crt",
+					},
+				},
+			},
+			expected: &envoy_tls_v3.CertificateValidationContext{
+				TrustedCa: &envoy_core_v3.DataSource{
+					Specifier: &envoy_core_v3.DataSource_Filename{
+						Filename: "file.crt",
+					},
+				},
+			},
+		},
+		"when trustedCA with environment variable": {
+			jwksCluster: &structs.JWKSCluster{
+				TLSCertificates: &structs.JWKSTLSCertificate{
+					TrustedCA: &structs.JWKSTLSCertTrustedCA{
+						EnvironmentVariable: "MY_ENV",
+					},
+				},
+			},
+			expected: &envoy_tls_v3.CertificateValidationContext{
+				TrustedCa: &envoy_core_v3.DataSource{
+					Specifier: &envoy_core_v3.DataSource_EnvironmentVariable{
+						EnvironmentVariable: "MY_ENV",
+					},
+				},
+			},
+		},
+		"when trustedCA with inline string": {
+			jwksCluster: &structs.JWKSCluster{
+				TLSCertificates: &structs.JWKSTLSCertificate{
+					TrustedCA: &structs.JWKSTLSCertTrustedCA{
+						InlineString: "<my ca cert>",
+					},
+				},
+			},
+			expected: &envoy_tls_v3.CertificateValidationContext{
+				TrustedCa: &envoy_core_v3.DataSource{
+					Specifier: &envoy_core_v3.DataSource_InlineString{
+						InlineString: "<my ca cert>",
+					},
+				},
+			},
+		},
+		"when trustedCA with inline bytes": {
+			jwksCluster: &structs.JWKSCluster{
+				TLSCertificates: &structs.JWKSTLSCertificate{
+					TrustedCA: &structs.JWKSTLSCertTrustedCA{
+						InlineBytes: []byte{1, 2, 3},
+					},
+				},
+			},
+			expected: &envoy_tls_v3.CertificateValidationContext{
+				TrustedCa: &envoy_core_v3.DataSource{
+					Specifier: &envoy_core_v3.DataSource_InlineBytes{
+						InlineBytes: []byte{1, 2, 3},
+					},
+				},
+			},
+		},
+		"when caCertificateProviderInstance": {
+			jwksCluster: &structs.JWKSCluster{
+				TLSCertificates: &structs.JWKSTLSCertificate{
+					CaCertificateProviderInstance: &structs.JWKSTLSCertProviderInstance{
+						InstanceName:    "<my-instance-name>",
+						CertificateName: "<my-cert>.crt",
+					},
+				},
+			},
+			expected: &envoy_tls_v3.CertificateValidationContext{
+				CaCertificateProviderInstance: &envoy_tls_v3.CertificateProviderPluginInstance{
+					InstanceName:    "<my-instance-name>",
+					CertificateName: "<my-cert>.crt",
+				},
+			},
+		},
+	}
+	for name, tt := range tests {
+		tt := tt
+		t.Run(name, func(t *testing.T) {
+			vc := makeJWTCertValidationContext(tt.jwksCluster)
+
+			require.Equal(t, tt.expected, vc)
+		})
+	}
+}
diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go
index 1d00217f6ec0..499461bb3653 100644
--- a/agent/xds/listeners_test.go
+++ b/agent/xds/listeners_test.go
@@ -137,6 +137,65 @@ func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil)
 			},
 		},
+		{
+			name: "connect-proxy-with-jwt-config-entry-with-local",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, func(ns *structs.NodeService) {
+					ns.Proxy.Config["protocol"] = "http"
+				},
+					[]proxycfg.UpdateEvent{
+						{
+							CorrelationID: "jwt-provider",
+							Result: &structs.IndexedConfigEntries{
+								Kind: "jwt-provider",
+								Entries: []structs.ConfigEntry{
+									&structs.JWTProviderConfigEntry{
+										Name: "okta",
+										JSONWebKeySet: &structs.JSONWebKeySet{
+											Local: &structs.LocalJWKS{
+												JWKS: "aGVsbG8gd29ybGQK",
+											},
+										},
+										Locations: []*structs.JWTLocation{
+											{
+												QueryParam: &structs.JWTLocationQueryParam{
+													Name: "token",
+												},
+											},
+											{
+												Cookie: &structs.JWTLocationCookie{
+													Name: "token",
+												},
+											},
+										},
+									},
+								},
+							},
+						},
+						{
+							CorrelationID: "intentions",
+							Result: structs.SimplifiedIntentions{
+								{
+									SourceName:      "*",
+									DestinationName: "db",
+									Permissions: []*structs.IntentionPermission{
+										{
+											JWT: &structs.IntentionJWTRequirement{
+												Providers: []*structs.IntentionJWTProvider{
+													{
+														Name: "okta",
+													},
+												},
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+				)
+			},
+		},
 	}
 }
 
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-local.latest.golden
new file mode 100644
index 000000000000..2e3c9ea20e8f
--- /dev/null
+++ b/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-local.latest.golden
@@ -0,0 +1,145 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {
+
+          },
+          "resourceApiVersion": "V3"
+        }
+      },
+      "connectTimeout": "5s",
+      "circuitBreakers": {
+
+      },
+      "outlierDetection": {
+
+      },
+      "commonLbConfig": {
+        "healthyPanicThreshold": {
+
+        }
+      },
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "tlsParams": {
+
+            },
+            "tlsCertificates": [
+              {
+                "certificateChain": {
+                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey": {
+                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext": {
+              "trustedCa": {
+                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames": [
+                {
+                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
+                }
+              ]
+            }
+          },
+          "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {
+
+          },
+          "resourceApiVersion": "V3"
+        }
+      },
+      "connectTimeout": "5s",
+      "circuitBreakers": {
+
+      },
+      "outlierDetection": {
+
+      },
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "tlsParams": {
+
+            },
+            "tlsCertificates": [
+              {
+                "certificateChain": {
+                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey": {
+                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext": {
+              "trustedCa": {
+                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames": [
+                {
+                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
+                },
+                {
+                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
+                }
+              ]
+            }
+          },
+          "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "local_app",
+      "type": "STATIC",
+      "connectTimeout": "5s",
+      "loadAssignment": {
+        "clusterName": "local_app",
+        "endpoints": [
+          {
+            "lbEndpoints": [
+              {
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "127.0.0.1",
+                      "portValue": 8080
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden
new file mode 100644
index 000000000000..9b8a8b373551
--- /dev/null
+++ b/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden
@@ -0,0 +1,183 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {
+
+          },
+          "resourceApiVersion": "V3"
+        }
+      },
+      "connectTimeout": "5s",
+      "circuitBreakers": {
+
+      },
+      "outlierDetection": {
+
+      },
+      "commonLbConfig": {
+        "healthyPanicThreshold": {
+
+        }
+      },
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "tlsParams": {
+
+            },
+            "tlsCertificates": [
+              {
+                "certificateChain": {
+                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey": {
+                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext": {
+              "trustedCa": {
+                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames": [
+                {
+                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
+                }
+              ]
+            }
+          },
+          "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {
+
+          },
+          "resourceApiVersion": "V3"
+        }
+      },
+      "connectTimeout": "5s",
+      "circuitBreakers": {
+
+      },
+      "outlierDetection": {
+
+      },
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "tlsParams": {
+
+            },
+            "tlsCertificates": [
+              {
+                "certificateChain": {
+                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey": {
+                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext": {
+              "trustedCa": {
+                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames": [
+                {
+                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
+                },
+                {
+                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
+                }
+              ]
+            }
+          },
+          "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "jwks_cluster_okta",
+      "type": "STATIC",
+      "connectTimeout": "5s",
+      "loadAssignment": {
+        "clusterName": "jwks_cluster_okta",
+        "endpoints": [
+          {
+            "lbEndpoints": [
+              {
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "test.test.com",
+                      "portValue": 443
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      },
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "validationContext": {
+              "trustedCa": {
+                "filename": "mycert.crt"
+              }
+            }
+          }
+        }
+      }
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "local_app",
+      "type": "STATIC",
+      "connectTimeout": "5s",
+      "loadAssignment": {
+        "clusterName": "local_app",
+        "endpoints": [
+          {
+            "lbEndpoints": [
+              {
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "127.0.0.1",
+                      "portValue": 8080
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden
new file mode 100644
index 000000000000..6cddcbff96bc
--- /dev/null
+++ b/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden
@@ -0,0 +1,273 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
+                    {
+                      "name": "public_listener",
+                      "domains": [
+                        "*"
+                      ],
+                      "routes": [
+                        {
+                          "match": {
+                            "prefix": "/"
+                          },
+                          "route": {
+                            "cluster": "local_app"
+                          }
+                        }
+                      ]
+                    }
+                  ]
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.jwt_authn",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication",
+                      "providers": {
+                        "okta": {
+                          "localJwks": {
+                            "inlineString": "hello world\n"
+                          },
+                          "fromParams": [
+                            "token"
+                          ],
+                          "fromCookies": [
+                            "token"
+                          ],
+                          "payloadInMetadata": "jwt_payload_okta"
+                        }
+                      },
+                      "rules": [
+                        {
+                          "match": {
+                            "prefix": "/"
+                          },
+                          "requires": {
+                            "requiresAny": {
+                              "requirements": [
+                                {
+                                  "providerName": "okta"
+                                },
+                                {
+                                  "allowMissingOrFailed": {}
+                                }
+                              ]
+                            }
+                          }
+                        }
+                      ]
+                    }
+                  },
+                  {
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
+                    }
+                  },
+                  {
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\1"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\2"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\3"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\4"
+                            }
+                          }
+                        },
+                        {
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                              },
+                              "substitution": "\\5"
+                            }
+                          }
+                        }
+                      ]
+                    }
+                  },
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                }
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                },
+                "alpnProtocols": [
+                  "http/1.1"
+                ]
+              },
+              "requireClientCertificate": true
+            }
+          }
+        }
+      ],
+      "trafficDirection": "INBOUND"
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}
\ No newline at end of file

From 271e5af1550d18e7dc0d180931e030e86465472d Mon Sep 17 00:00:00 2001
From: Anita Akaeze <anita.akaeze@hashicorp.com>
Date: Wed, 19 Jul 2023 18:24:55 -0400
Subject: [PATCH 190/359] update readme.md (#18191)

u[date readme.md
---
 docs/README.md                          |  1 +
 test-integ/peering_commontopo/README.md | 62 +++++++++++++++++++++++--
 2 files changed, 59 insertions(+), 4 deletions(-)

diff --git a/docs/README.md b/docs/README.md
index 91d7b6d7d927..0d61b30fa577 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -41,6 +41,7 @@ Also see the [FAQ](./faq.md).
 1. [Integration Tests](../test/integration/connect/envoy/README.md)
 1. [Upgrade Tests](../test/integration/consul-container/test/upgrade/README.md)
 1. [Remote Debugging Integration Tests](../test/integration/consul-container/test/debugging.md)
+1. [Peering Common Topology Tests](../test-integ/peering_commontopo/README.md)
 
 ## Important Directories
 
diff --git a/test-integ/peering_commontopo/README.md b/test-integ/peering_commontopo/README.md
index c5f78a7ce6ba..96466bb29b86 100644
--- a/test-integ/peering_commontopo/README.md
+++ b/test-integ/peering_commontopo/README.md
@@ -1,12 +1,66 @@
-# peering_commontopo
+# CONSUL PEERING COMMON TOPOLOGY TESTS
 
 These peering tests all use a `commonTopo` (read: "common topology") to enable sharing a deployment of a Consul. Sharing a deployment of Consul cuts down on setup time.
 
-This is only possible if two constraints are followed:
+To run these tests, you will need to have docker installed. Next, make sure that you have all the required consul containers built:
 
+```
+make test-compat-integ-setup
+```
+
+## Non-Shared CommonTopo Tests
+
+The tests in question are designed in a manner that modifies the topology. As a result, it is not possible to share the testing environment across these tests.
+
+## Shared CommonTopo Tests
+
+The tests in question are designed in a manner that does not modify the topology in any way that would interfere with other tests. As a result, it is possible to share the testing environment across these tests.
+
+To run all consul peering tests with no shared topology, run the following command:
+
+```
+cd /path/to/peering_commontopo
+go test -timeout=10m -v -no-share-topo . 
+```
+
+To run all peering tests with shared topology only:
+
+```
+cd /path/to/peering_commontopo
+go test -timeout=10m -run '^TestSuitesOnSharedTopo' -v . 
+```
+
+To run individual peering topology tests:
+
+```
+cd /path/to/peering_commontopo
+go test -timeout=10m -run '^TestSuiteExample' -v -no-share-topo .    
+```
+
+## Local Development and Testing
+
+If writing tests for peering with no shared topology, this recommendation does not apply. The following methods below not necessarily need to be implmented. For shared topology tests, all the methods in the `sharedTopoSuite` interface must be implemented.
+
+- `testName()` prepends the test suite name to each test in the test suite.
 - `setup()` phase must ensure that any resources added to the topology cannot interfere with other tests. Principally by prefixing.
 - `test()` phase must be "passive" and not mutate the topology in any way that would interfere with other tests.
 
-Some of these tests *do* mutate in their `test()` phase, and while they use `commonTopo` for the purpose of code sharing, they are not included in the "shared topo" tests in `all_sharedtopo_test.go`.
+Common topology peering tests are defined in the [test-integ/peering_commontopo/](/test-integ/peering_commontopo/) directory and new peering integration tests should always be added to this location. Adding integration tests that does not modify the topology should always start by invoking
+
+```go
+runShareableSuites(t, testSuiteExample)
+```
+
+else
+
+```go
+func TestSuiteExample(t *testing.T) {
+ ct := NewCommonTopo(t)
+ s := &testSuiteExample{}
+ s.setup(t, ct)
+ ct.Launch(t)
+ s.test(t, ct)
+}
+```
 
-Tests that are "shared topo" can also be run in an independent manner, gated behind the `-no-reuse-common-topo` flag. The same flag also prevents the shared topo suite from running. So `go test .` (without the flag) runs all shared topo-capable tests in *shared topo mode*, as well as shared topo-incapable tests; and `go test -no-reuse-common-topo` runs all shared topo-capable tests *individidually*, as well as the shared topo-incapable tests. Mostly this is so that when working on a single test, you don't also need to run other tests, but by default when running `go test .` the usual way, you run all tests in the fastest way.
\ No newline at end of file
+Some of these tests *do* mutate in their `test()` phase, and while they use `commonTopo` for the purpose of code sharing, they are not included in the "shared topo" tests in `sharedtopology_test.go`.

From 72999bb735f173149f6f75db9dff9ba19701d4e8 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Wed, 19 Jul 2023 18:57:34 -0400
Subject: [PATCH 191/359] Update submodules to latest following 1.16.0 (#18197)

Align all our internal use of submodules on the latest versions.
---
 api/go.mod                               |  2 +-
 envoyextensions/go.mod                   |  6 +--
 envoyextensions/go.sum                   | 14 ++----
 go.mod                                   | 10 ++---
 test/integration/consul-container/go.mod |  8 ++--
 testing/deployer/go.mod                  | 21 ++++-----
 testing/deployer/go.sum                  | 55 +++++++++++++-----------
 troubleshoot/go.mod                      |  5 +--
 troubleshoot/go.sum                      |  8 ++--
 9 files changed, 61 insertions(+), 68 deletions(-)

diff --git a/api/go.mod b/api/go.mod
index 5d47d45045b7..deff04e5fdb7 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -6,7 +6,7 @@ replace github.com/hashicorp/consul/sdk => ../sdk
 
 require (
 	github.com/google/go-cmp v0.5.9
-	github.com/hashicorp/consul/sdk v0.13.1
+	github.com/hashicorp/consul/sdk v0.14.0
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hashicorp/go-rootcerts v1.0.2
diff --git a/envoyextensions/go.mod b/envoyextensions/go.mod
index 07c0f6a0c9c7..2f28501f0a97 100644
--- a/envoyextensions/go.mod
+++ b/envoyextensions/go.mod
@@ -6,8 +6,8 @@ replace github.com/hashicorp/consul/api => ../api
 
 require (
 	github.com/envoyproxy/go-control-plane v0.11.0
-	github.com/hashicorp/consul/api v1.20.0
-	github.com/hashicorp/consul/sdk v0.13.1
+	github.com/hashicorp/consul/api v1.22.0
+	github.com/hashicorp/consul/sdk v0.14.0
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-version v1.2.1
@@ -30,7 +30,6 @@ require (
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/serf v0.10.1 // indirect
-	github.com/kr/pretty v0.3.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -40,6 +39,5 @@ require (
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/sys v0.10.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/envoyextensions/go.sum b/envoyextensions/go.sum
index 1081ce26f451..d299b764a08b 100644
--- a/envoyextensions/go.sum
+++ b/envoyextensions/go.sum
@@ -24,7 +24,6 @@ github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 h1:58f1tJ1ra+zFINPlwLWvQsR9CzAKt2e+EWV2yX9oXQ4=
 github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -62,8 +61,8 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/hashicorp/consul/sdk v0.13.1 h1:EygWVWWMczTzXGpO93awkHFzfUka6hLYJ0qhETd+6lY=
-github.com/hashicorp/consul/sdk v0.13.1/go.mod h1:SW/mM4LbKfqmMvcFu8v+eiQQ7oitXEFeiBe9StxERb0=
+github.com/hashicorp/consul/sdk v0.14.0 h1:Hly+BMNMssVzoWddbBnBFi3W+Fzytvm0haSkihhj3GU=
+github.com/hashicorp/consul/sdk v0.14.0/go.mod h1:gHYeuDa0+0qRAD6Wwr6yznMBvBwHKoxSBoW5l73+saE=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -108,13 +107,10 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
@@ -169,8 +165,7 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
@@ -265,11 +260,8 @@ google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cn
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/go.mod b/go.mod
index 4a154c4d931a..ed8caab6ee01 100644
--- a/go.mod
+++ b/go.mod
@@ -38,11 +38,11 @@ require (
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
 	github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706
 	github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69
-	github.com/hashicorp/consul/api v1.22.0-rc1
-	github.com/hashicorp/consul/envoyextensions v0.3.0-rc1
-	github.com/hashicorp/consul/proto-public v0.4.0-rc1
-	github.com/hashicorp/consul/sdk v0.14.0-rc1
-	github.com/hashicorp/consul/troubleshoot v0.3.0-rc1
+	github.com/hashicorp/consul/api v1.22.0
+	github.com/hashicorp/consul/envoyextensions v0.3.0
+	github.com/hashicorp/consul/proto-public v0.4.0
+	github.com/hashicorp/consul/sdk v0.14.0
+	github.com/hashicorp/consul/troubleshoot v0.3.0
 	github.com/hashicorp/go-bexpr v0.1.2
 	github.com/hashicorp/go-checkpoint v0.5.0
 	github.com/hashicorp/go-cleanhttp v0.5.2
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index 36dc46aaeeaf..dd86d232a595 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -9,10 +9,10 @@ require (
 	github.com/docker/go-connections v0.4.0
 	github.com/go-jose/go-jose/v3 v3.0.0
 	github.com/hashicorp/consul v0.0.0-00010101000000-000000000000
-	github.com/hashicorp/consul/api v1.22.0-rc1
-	github.com/hashicorp/consul/envoyextensions v0.3.0-rc1
-	github.com/hashicorp/consul/proto-public v0.4.0-rc1
-	github.com/hashicorp/consul/sdk v0.14.0-rc1
+	github.com/hashicorp/consul/api v1.22.0
+	github.com/hashicorp/consul/envoyextensions v0.3.0
+	github.com/hashicorp/consul/proto-public v0.4.0
+	github.com/hashicorp/consul/sdk v0.14.0
 	github.com/hashicorp/consul/testing/deployer v0.0.0-00010101000000-000000000000
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-multierror v1.1.1
diff --git a/testing/deployer/go.mod b/testing/deployer/go.mod
index 1f9fa9ffce66..7a2a1102c24d 100644
--- a/testing/deployer/go.mod
+++ b/testing/deployer/go.mod
@@ -4,24 +4,24 @@ go 1.20
 
 require (
 	github.com/google/go-cmp v0.5.9
-	github.com/hashicorp/consul/api v1.20.0
-	github.com/hashicorp/consul/sdk v0.13.1
+	github.com/hashicorp/consul/api v1.22.0
+	github.com/hashicorp/consul/sdk v0.14.0
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/hcl/v2 v2.16.2
 	github.com/mitchellh/copystructure v1.2.0
 	github.com/rboyer/safeio v0.2.2
-	github.com/stretchr/testify v1.8.2
+	github.com/stretchr/testify v1.8.3
 	golang.org/x/crypto v0.7.0
 )
 
 require (
 	github.com/agext/levenshtein v1.2.1 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
-	github.com/armon/go-metrics v0.3.10 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/fatih/color v1.13.0 // indirect
+	github.com/armon/go-metrics v0.4.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/fatih/color v1.14.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
@@ -29,16 +29,17 @@ require (
 	github.com/hashicorp/go-version v1.2.1 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/serf v0.10.1 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/zclconf/go-cty v1.12.1 // indirect
-	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
+	golang.org/x/sys v0.8.0 // indirect
 	golang.org/x/text v0.8.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/testing/deployer/go.sum b/testing/deployer/go.sum
index f0997b372682..9c55f3bd270a 100644
--- a/testing/deployer/go.sum
+++ b/testing/deployer/go.sum
@@ -9,8 +9,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo=
-github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
+github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
+github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -21,12 +21,14 @@ github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
-github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
+github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
@@ -37,17 +39,17 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c h1:964Od4U6p2jUkFxvCydnIczKteheJEzHRToSGK3Bnlw=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/hashicorp/consul/api v1.20.0 h1:9IHTjNVSZ7MIwjlW3N3a7iGiykCMDpxZu8jsxFJh0yc=
-github.com/hashicorp/consul/api v1.20.0/go.mod h1:nR64eD44KQ59Of/ECwt2vUmIK2DKsDzAwTmwmLl8Wpo=
-github.com/hashicorp/consul/sdk v0.13.1 h1:EygWVWWMczTzXGpO93awkHFzfUka6hLYJ0qhETd+6lY=
-github.com/hashicorp/consul/sdk v0.13.1/go.mod h1:SW/mM4LbKfqmMvcFu8v+eiQQ7oitXEFeiBe9StxERb0=
+github.com/hashicorp/consul/api v1.22.0 h1:ydEvDooB/A0c/xpsBd8GSt7P2/zYPBui4KrNip0xGjE=
+github.com/hashicorp/consul/api v1.22.0/go.mod h1:zHpYgZ7TeYqS6zaszjwSt128OwESRpnhU9aGa6ue3Eg=
+github.com/hashicorp/consul/sdk v0.14.0 h1:Hly+BMNMssVzoWddbBnBFi3W+Fzytvm0haSkihhj3GU=
+github.com/hashicorp/consul/sdk v0.14.0/go.mod h1:gHYeuDa0+0qRAD6Wwr6yznMBvBwHKoxSBoW5l73+saE=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -59,8 +61,8 @@ github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVH
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-msgpack v0.5.3 h1:zKjpN5BK/P5lMYrLmBHdBULWbJ0XpYR+7NGzqkZzoD4=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
@@ -94,7 +96,7 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -103,14 +105,17 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
+github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
@@ -139,8 +144,9 @@ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@@ -156,6 +162,7 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/rboyer/safeio v0.2.2 h1:XhtqyUTRleMYGyBt3ni4j2BtEh669U2ry2INnnd+B4k=
 github.com/rboyer/safeio v0.2.2/go.mod h1:pSnr2LFXyn/c/fotxotyOdYy7pP/XSh6MpBmzXPjiNc=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
@@ -164,17 +171,13 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
+github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/zclconf/go-cty v1.12.1 h1:PcupnljUm9EIvbgSHQnHhUr3fO6oFmkOrvs2BAFNXXY=
 github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA=
@@ -183,6 +186,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -190,7 +195,7 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -215,8 +220,9 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@@ -230,12 +236,11 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/troubleshoot/go.mod b/troubleshoot/go.mod
index a0b316aa5476..cd97de4e17c5 100644
--- a/troubleshoot/go.mod
+++ b/troubleshoot/go.mod
@@ -14,8 +14,8 @@ exclude (
 require (
 	github.com/envoyproxy/go-control-plane v0.11.0
 	github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfbe53e
-	github.com/hashicorp/consul/api v1.20.0
-	github.com/hashicorp/consul/envoyextensions v0.1.2
+	github.com/hashicorp/consul/api v1.22.0
+	github.com/hashicorp/consul/envoyextensions v0.3.0
 	github.com/stretchr/testify v1.8.3
 	google.golang.org/protobuf v1.30.0
 )
@@ -43,7 +43,6 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/rogpeppe/go-internal v1.10.0 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/net v0.12.0 // indirect
diff --git a/troubleshoot/go.sum b/troubleshoot/go.sum
index eaa1d8db6595..490e0f892cc8 100644
--- a/troubleshoot/go.sum
+++ b/troubleshoot/go.sum
@@ -161,7 +161,7 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
-github.com/hashicorp/consul/sdk v0.13.1 h1:EygWVWWMczTzXGpO93awkHFzfUka6hLYJ0qhETd+6lY=
+github.com/hashicorp/consul/sdk v0.14.0 h1:Hly+BMNMssVzoWddbBnBFi3W+Fzytvm0haSkihhj3GU=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -209,8 +209,8 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -271,8 +271,6 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
@@ -584,8 +582,8 @@ google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

From 1ef5dfcfc6be68e24dbac0bb0e78fbee64c55d25 Mon Sep 17 00:00:00 2001
From: "hashicorp-tsccr[bot]"
 <129506189+hashicorp-tsccr[bot]@users.noreply.github.com>
Date: Wed, 19 Jul 2023 16:56:50 -0700
Subject: [PATCH 192/359] SEC-090: Automated trusted workflow pinning
 (2023-07-18) (#18174)

Result of tsccr-helper -log-level=info -pin-all-workflows .

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
---
 .github/workflows/bot-auto-approve.yaml       |  2 +-
 .github/workflows/broken-link-check.yml       |  6 ++--
 .github/workflows/build-artifacts.yml         | 10 +++---
 .github/workflows/build-distros.yml           | 10 +++---
 .github/workflows/build.yml                   | 36 +++++++++----------
 .github/workflows/changelog-checker.yml       |  2 +-
 .github/workflows/embedded-asset-checker.yml  |  2 +-
 .github/workflows/frontend.yml                | 14 ++++----
 .github/workflows/go-tests.yml                | 12 +++----
 .github/workflows/issue-comment-created.yml   |  2 +-
 .github/workflows/jira-issues.yaml            |  4 +--
 .github/workflows/jira-pr.yaml                |  4 +--
 .github/workflows/nightly-test-1.13.x.yaml    | 24 ++++++-------
 .github/workflows/nightly-test-1.14.x.yaml    | 24 ++++++-------
 .github/workflows/nightly-test-1.15.x.yaml    | 24 ++++++-------
 .github/workflows/nightly-test-1.16.x.yaml    | 24 ++++++-------
 .github/workflows/nightly-test-main.yaml      | 24 ++++++-------
 .github/workflows/pr-labeler.yml              |  2 +-
 .github/workflows/pr-metrics-test-checker.yml |  2 +-
 .github/workflows/reusable-check-go-mod.yml   |  2 +-
 .github/workflows/reusable-dev-build.yml      |  2 +-
 .github/workflows/reusable-lint.yml           |  4 +--
 .github/workflows/reusable-unit-split.yml     |  4 +--
 .github/workflows/reusable-unit.yml           |  2 +-
 .github/workflows/test-integrations.yml       | 16 ++++-----
 .github/workflows/verify-envoy-version.yml    |  2 +-
 26 files changed, 130 insertions(+), 130 deletions(-)

diff --git a/.github/workflows/bot-auto-approve.yaml b/.github/workflows/bot-auto-approve.yaml
index 66bbba45287e..911fc27f4696 100644
--- a/.github/workflows/bot-auto-approve.yaml
+++ b/.github/workflows/bot-auto-approve.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.actor == 'hc-github-team-consul-core'
     steps:
-      - uses: hmarr/auto-approve-action@v3 # TSCCR: no entry for repository "hmarr/auto-approve-action"
+      - uses: hmarr/auto-approve-action@44888193675f29a83e04faf4002fa8c0b537b1e4 # v3.2.1
         with:
           review-message: "Auto approved Consul Bot automated PR"
           github-token: ${{ secrets.MERGE_APPROVE_TOKEN }}
diff --git a/.github/workflows/broken-link-check.yml b/.github/workflows/broken-link-check.yml
index a1ca4731d72e..2a8d77c5880f 100644
--- a/.github/workflows/broken-link-check.yml
+++ b/.github/workflows/broken-link-check.yml
@@ -12,11 +12,11 @@ jobs:
   linkChecker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       - name: Run lychee link checker
         id: lychee
-        uses: lycheeverse/lychee-action@v1.6.1 # TSCCR: no entry for repository "lycheeverse/lychee-action"
+        uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0
         with:
           args: ./website/content/docs/ --base https://developer.hashicorp.com/ --exclude-all-private --exclude '\.(svg|gif|jpg|png)' --exclude 'manage\.auth0\.com' --accept 403 --max-concurrency=24 --no-progress --verbose
           # Fail GitHub action when broken links are found?
@@ -26,7 +26,7 @@ jobs:
 
       - name: Create GitHub Issue From lychee output file
         if: env.lychee_exit_code != 0
-        uses: peter-evans/create-issue-from-file@v4 # TSCCR: no entry for repository "peter-evans/create-issue-from-file"
+        uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f # v4.0.1
         with:
           title: Link Checker Report
           content-filepath: ./lychee/out.md
diff --git a/.github/workflows/build-artifacts.yml b/.github/workflows/build-artifacts.yml
index 57e2eba8e4ae..9e09bcecc662 100644
--- a/.github/workflows/build-artifacts.yml
+++ b/.github/workflows/build-artifacts.yml
@@ -25,7 +25,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -56,7 +56,7 @@ jobs:
             kv/data/github/${{ github.repository }}/dockerhub username | DOCKERHUB_USERNAME;
             kv/data/github/${{ github.repository }}/dockerhub token | DOCKERHUB_TOKEN;
 
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
     # NOTE: ENT specific step as we need to set elevated GitHub permissions.
     - name: Setup Git
@@ -78,17 +78,17 @@ jobs:
         echo "GITHUB_BUILD_URL=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
+      uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
 
     # NOTE: conditional specific logic as we store secrets in Vault in ENT and use GHA secrets in OSS.
     - name: Login to Docker Hub
-      uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+      uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
       with:
         username: ${{ endsWith(github.repository, '-enterprise') && steps.secrets.outputs.DOCKERHUB_USERNAME || secrets.DOCKERHUB_USERNAME }}
         password: ${{ endsWith(github.repository, '-enterprise') && steps.secrets.outputs.DOCKERHUB_TOKEN || secrets.DOCKERHUB_TOKEN }}
 
     - name: Docker build and push
-      uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
+      uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
       with:
         context: ./bin
         file: ./build-support/docker/Consul-Dev.dockerfile
diff --git a/.github/workflows/build-distros.yml b/.github/workflows/build-distros.yml
index 10c520893341..602acb18c1a9 100644
--- a/.github/workflows/build-distros.yml
+++ b/.github/workflows/build-distros.yml
@@ -27,7 +27,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -50,7 +50,7 @@ jobs:
       XC_OS: "freebsd linux windows"
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
@@ -74,7 +74,7 @@ jobs:
       XC_OS: "darwin freebsd linux solaris windows"
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
@@ -99,7 +99,7 @@ jobs:
       CGO_ENABLED: 1
       GOOS: linux
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
@@ -125,7 +125,7 @@ jobs:
     - check-go-mod
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 51d1ecb965fe..40275b36ce7b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -26,7 +26,7 @@ jobs:
       pre-version: ${{ steps.set-product-version.outputs.prerelease-product-version }}
       shared-ldflags: ${{ steps.shared-ldflags.outputs.shared-ldflags }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: set product version
         id: set-product-version
         uses: hashicorp/actions-set-product-version@v1
@@ -65,7 +65,7 @@ jobs:
       filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
     steps:
       - name: 'Checkout directory'
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: Generate metadata file
         id: generate-metadata-file
         uses: hashicorp/actions-generate-metadata@v1
@@ -97,10 +97,10 @@ jobs:
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       - name: Setup with node and yarn
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: '14'
           cache: 'yarn'
@@ -186,10 +186,10 @@ jobs:
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       - name: Setup with node and yarn
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: '14'
           cache: 'yarn'
@@ -237,10 +237,10 @@ jobs:
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       - name: Setup with node and yarn
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: '14'
           cache: 'yarn'
@@ -288,7 +288,7 @@ jobs:
       version: ${{needs.set-product-version.outputs.product-version}}
 
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
       # This naming convention will be used ONLY for per-commit dev images
@@ -322,7 +322,7 @@ jobs:
       version: ${{needs.set-product-version.outputs.product-version}}
 
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - uses: hashicorp/actions-docker-build@v1
         with:
           version: ${{env.version}}
@@ -342,7 +342,7 @@ jobs:
       version: ${{needs.set-product-version.outputs.product-version}}
 
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
       # This naming convention will be used ONLY for per-commit dev images
@@ -379,7 +379,7 @@ jobs:
 
     name: Verify ${{ matrix.arch }} linux binary
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
 
       - name: Download ${{ matrix.arch  }} zip
@@ -389,7 +389,7 @@ jobs:
           name: ${{ env.zip_name }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
         if: ${{ matrix.arch == 'arm' || matrix.arch == 'arm64' }}
         with:
           # this should be a comma-separated string as opposed to an array
@@ -412,7 +412,7 @@ jobs:
 
     name: Verify amd64 darwin binary
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       - name: Download amd64 darwin zip
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
@@ -439,7 +439,7 @@ jobs:
 
     name: Verify ${{ matrix.arch }} debian package
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       - name: Set package version
         run: |
@@ -455,7 +455,7 @@ jobs:
           name: ${{ env.pkg_name }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
         with:
           platforms: all
 
@@ -476,7 +476,7 @@ jobs:
 
     name: Verify ${{ matrix.arch }} rpm
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       - name: Set package version
         run: |
@@ -492,7 +492,7 @@ jobs:
           name: ${{ env.pkg_name }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
         with:
           platforms: all
 
diff --git a/.github/workflows/changelog-checker.yml b/.github/workflows/changelog-checker.yml
index e6147e787aa3..62b906eda3e6 100644
--- a/.github/workflows/changelog-checker.yml
+++ b/.github/workflows/changelog-checker.yml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0 # by default the checkout action doesn't checkout all branches
diff --git a/.github/workflows/embedded-asset-checker.yml b/.github/workflows/embedded-asset-checker.yml
index ed2dc4eb950d..38879945e209 100644
--- a/.github/workflows/embedded-asset-checker.yml
+++ b/.github/workflows/embedded-asset-checker.yml
@@ -20,7 +20,7 @@ jobs:
     if: "! ( contains(github.event.pull_request.labels.*.name, 'pr/update-ui-assets') || github.event.pull_request.user.login == 'hc-github-team-consul-core' )"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0 # by default the checkout action doesn't checkout all branches
diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml
index 460709b37df6..1fc107844b81 100644
--- a/.github/workflows/frontend.yml
+++ b/.github/workflows/frontend.yml
@@ -23,7 +23,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -35,9 +35,9 @@ jobs:
       run:
         working-directory: ui
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
-    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+    - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
       with:
         node-version: '16'
 
@@ -55,9 +55,9 @@ jobs:
     needs: setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
-    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+    - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
       with:
         node-version: '16'
 
@@ -84,9 +84,9 @@ jobs:
       CONSUL_NSPACES_ENABLED: ${{ endsWith(github.repository, '-enterprise') && 1 || 0 }} # NOTE: this should be 1 in ENT.
       JOBS: 2 # limit parallelism for broccoli-babel-transpiler
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
-    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+    - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
       with:
         node-version: '16'
 
diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 744a398b5aa4..60e7d10d261c 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -33,7 +33,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -53,7 +53,7 @@ jobs:
     - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-medium) }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
@@ -81,7 +81,7 @@ jobs:
     - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
@@ -104,7 +104,7 @@ jobs:
     - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
@@ -122,7 +122,7 @@ jobs:
     - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
@@ -139,7 +139,7 @@ jobs:
     - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
diff --git a/.github/workflows/issue-comment-created.yml b/.github/workflows/issue-comment-created.yml
index 228ac41aa76d..42483d92b164 100644
--- a/.github/workflows/issue-comment-created.yml
+++ b/.github/workflows/issue-comment-created.yml
@@ -11,7 +11,7 @@ jobs:
   triage:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
         with:
           labels: |
diff --git a/.github/workflows/jira-issues.yaml b/.github/workflows/jira-issues.yaml
index 6e9b2b9e959b..c136dfd69a78 100644
--- a/.github/workflows/jira-issues.yaml
+++ b/.github/workflows/jira-issues.yaml
@@ -91,14 +91,14 @@ jobs:
 
       - name: Close ticket
         if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3
+        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "Closed"
 
       - name: Reopen ticket
         if: github.event.action == 'reopened' && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3
+        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "To Do"
diff --git a/.github/workflows/jira-pr.yaml b/.github/workflows/jira-pr.yaml
index e18559a022b3..f63f7af53162 100644
--- a/.github/workflows/jira-pr.yaml
+++ b/.github/workflows/jira-pr.yaml
@@ -105,14 +105,14 @@ jobs:
 
       - name: Close ticket
         if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3
+        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "Closed"
 
       - name: Reopen ticket
         if: github.event.action == 'reopened' && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3
+        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "To Do"
diff --git a/.github/workflows/nightly-test-1.13.x.yaml b/.github/workflows/nightly-test-1.13.x.yaml
index de852c9114c5..3e95095b5e09 100644
--- a/.github/workflows/nightly-test-1.13.x.yaml
+++ b/.github/workflows/nightly-test-1.13.x.yaml
@@ -17,12 +17,12 @@ jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -49,12 +49,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -88,12 +88,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -121,12 +121,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -160,12 +160,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -191,12 +191,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
diff --git a/.github/workflows/nightly-test-1.14.x.yaml b/.github/workflows/nightly-test-1.14.x.yaml
index 1f319b4bd3ec..dcbbb51f51e9 100644
--- a/.github/workflows/nightly-test-1.14.x.yaml
+++ b/.github/workflows/nightly-test-1.14.x.yaml
@@ -17,12 +17,12 @@ jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -49,12 +49,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -88,12 +88,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -121,12 +121,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -160,12 +160,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -191,12 +191,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
diff --git a/.github/workflows/nightly-test-1.15.x.yaml b/.github/workflows/nightly-test-1.15.x.yaml
index d41cf84a6247..0a44186387ce 100644
--- a/.github/workflows/nightly-test-1.15.x.yaml
+++ b/.github/workflows/nightly-test-1.15.x.yaml
@@ -17,12 +17,12 @@ jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -49,12 +49,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -88,12 +88,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -121,12 +121,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -160,12 +160,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -191,12 +191,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
diff --git a/.github/workflows/nightly-test-1.16.x.yaml b/.github/workflows/nightly-test-1.16.x.yaml
index 98a1f364b69e..8cbcad21a46d 100644
--- a/.github/workflows/nightly-test-1.16.x.yaml
+++ b/.github/workflows/nightly-test-1.16.x.yaml
@@ -17,12 +17,12 @@ jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -49,12 +49,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -88,12 +88,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -121,12 +121,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -160,12 +160,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -191,12 +191,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
diff --git a/.github/workflows/nightly-test-main.yaml b/.github/workflows/nightly-test-main.yaml
index 13048656b6b0..b5a0ae691a2c 100644
--- a/.github/workflows/nightly-test-main.yaml
+++ b/.github/workflows/nightly-test-main.yaml
@@ -17,12 +17,12 @@ jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -49,12 +49,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -88,12 +88,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -121,12 +121,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -160,12 +160,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
@@ -191,12 +191,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: 14
           cache: 'yarn'
diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index b14b27183fb7..0d6b71c9f061 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -10,7 +10,7 @@ jobs:
   triage:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@0776a679364a9a16110aac8d0f40f5e11009e327 # v4.0.4
+    - uses: actions/labeler@0967ca812e7fdc8f5f71402a1b486d5bd061fe20 # v4.2.0
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
         configuration-path: .github/pr-labeler.yml
diff --git a/.github/workflows/pr-metrics-test-checker.yml b/.github/workflows/pr-metrics-test-checker.yml
index 0d79aa39714b..d0bdac04f7e3 100644
--- a/.github/workflows/pr-metrics-test-checker.yml
+++ b/.github/workflows/pr-metrics-test-checker.yml
@@ -14,7 +14,7 @@ jobs:
     if: "! ( contains(github.event.pull_request.labels.*.name, 'pr/no-metrics-test') || github.event.pull_request.user.login == 'hc-github-team-consul-core' )" 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         name: "checkout repo"
         with:
           ref: ${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/reusable-check-go-mod.yml b/.github/workflows/reusable-check-go-mod.yml
index 868594168662..7fffb616879e 100644
--- a/.github/workflows/reusable-check-go-mod.yml
+++ b/.github/workflows/reusable-check-go-mod.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ${{ fromJSON(inputs.runs-on) }}
 
     steps:
-    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
diff --git a/.github/workflows/reusable-dev-build.yml b/.github/workflows/reusable-dev-build.yml
index 2db9670655e4..1aa28794cc7c 100644
--- a/.github/workflows/reusable-dev-build.yml
+++ b/.github/workflows/reusable-dev-build.yml
@@ -25,7 +25,7 @@ jobs:
   build:
     runs-on: ${{ fromJSON(inputs.runs-on) }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
diff --git a/.github/workflows/reusable-lint.yml b/.github/workflows/reusable-lint.yml
index 0c87e3f03612..903855d99c85 100644
--- a/.github/workflows/reusable-lint.yml
+++ b/.github/workflows/reusable-lint.yml
@@ -38,7 +38,7 @@ jobs:
       fail-fast: true
     name: lint ${{ matrix.directory }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
@@ -48,7 +48,7 @@ jobs:
           go-version-file: 'go.mod'
       - run: go env
       - name: lint-${{ matrix.directory }}
-        uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0
+        uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0
         with:
           working-directory: ${{ matrix.directory }}
           version: v1.51.1
diff --git a/.github/workflows/reusable-unit-split.yml b/.github/workflows/reusable-unit-split.yml
index 7750627f4253..0ec639c28ff2 100644
--- a/.github/workflows/reusable-unit-split.yml
+++ b/.github/workflows/reusable-unit-split.yml
@@ -60,7 +60,7 @@ jobs:
     outputs:
       package-matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
@@ -83,7 +83,7 @@ jobs:
           ulimit -Sa
           echo "Hard limits"
           ulimit -Ha   
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
diff --git a/.github/workflows/reusable-unit.yml b/.github/workflows/reusable-unit.yml
index 7442b06c33b5..42943954475d 100644
--- a/.github/workflows/reusable-unit.yml
+++ b/.github/workflows/reusable-unit.yml
@@ -57,7 +57,7 @@ jobs:
   go-test:
     runs-on: ${{ fromJSON(inputs.runs-on) }}
     steps:      
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index c11552d8d3d1..6c96b5da1d2c 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -36,7 +36,7 @@ jobs:
       compute-xl: ${{ steps.runners.outputs.compute-xl }}
       enterprise: ${{ steps.runners.outputs.enterprise }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - id: runners
         run: .github/scripts/get_runner_classes.sh
 
@@ -63,7 +63,7 @@ jobs:
         nomad-version: ['v1.3.3', 'v1.2.10', 'v1.1.16']
     steps:
       - name: Checkout Nomad
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           repository: hashicorp/nomad
           ref: ${{ matrix.nomad-version }}
@@ -143,7 +143,7 @@ jobs:
     env:
       VAULT_BINARY_VERSION: ${{ matrix.vault-version }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
@@ -233,7 +233,7 @@ jobs:
     outputs:
       envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: Generate Envoy Job Matrix
         id: set-matrix
         env:
@@ -282,7 +282,7 @@ jobs:
       XDS_TARGET: ${{ matrix.xds-target }}
       AWS_LAMBDA_REGION: us-west-2
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
@@ -296,7 +296,7 @@ jobs:
         run: chmod +x ./bin/consul
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
+        uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
 
       - name: Docker build
         run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
@@ -365,7 +365,7 @@ jobs:
     env:
       ENVOY_VERSION: "1.25.4"
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(github.repository, '-enterprise') }}
@@ -484,7 +484,7 @@ jobs:
       CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
       ENVOY_VERSION: "1.24.6"
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(github.repository, '-enterprise') }}
diff --git a/.github/workflows/verify-envoy-version.yml b/.github/workflows/verify-envoy-version.yml
index 069a281763f2..9e8b7e7e89b3 100644
--- a/.github/workflows/verify-envoy-version.yml
+++ b/.github/workflows/verify-envoy-version.yml
@@ -18,7 +18,7 @@ jobs:
   verify-envoy-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0 # by default the checkout action doesn't checkout all branches

From 1c7fcdf1888fce00242f425ea0ae72c9545acb01 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Thu, 20 Jul 2023 11:39:01 -0400
Subject: [PATCH 193/359] Fix Backport Assistant PR commenting (#18200)

* Fix Backport Assistant failure PR commenting

For general comments on a PR, it looks like you have to use the `/issue`
endpoint rather than `/pulls`, which requires commit/other
review-specific target details.

This matches the endpoint used in `backport-reminder.yml`.

* Remove Backport Reminder workflow

This is noisy (even when adding multiple labels, individual comments per
label are generated), and likely no longer needed: we haven't had this
work in a long time due to an expired GH token, and we now have better
automation for backport PR assignment.
---
 .github/workflows/backport-assistant.yml |  2 +-
 .github/workflows/backport-reminder.yml  | 29 ------------------------
 2 files changed, 1 insertion(+), 30 deletions(-)
 delete mode 100644 .github/workflows/backport-reminder.yml

diff --git a/.github/workflows/backport-assistant.yml b/.github/workflows/backport-assistant.yml
index fffa774d32a5..17462f811261 100644
--- a/.github/workflows/backport-assistant.yml
+++ b/.github/workflows/backport-assistant.yml
@@ -40,4 +40,4 @@ jobs:
           curl -s -H "Authorization: token ${{ secrets.PR_COMMENT_TOKEN }}" \
             -X POST \
             -d "{ \"body\": \"${github_message}\"}" \
-            "https://api.github.com/repos/${GITHUB_REPOSITORY}/pull/${{ github.event.pull_request.number }}/comments"
+            "https://api.github.com/repos/${GITHUB_REPOSITORY}/issues/${{ github.event.pull_request.number }}/comments"
diff --git a/.github/workflows/backport-reminder.yml b/.github/workflows/backport-reminder.yml
deleted file mode 100644
index b358122dbf0c..000000000000
--- a/.github/workflows/backport-reminder.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-# This workflow sends a reminder comment to PRs that have labels starting with
-# `backport/` to check that the backport has run successfully.
-
-name: Backport Assistant Reminder
-
-on:
-  pull_request:
-    types: [ labeled ]
-    # Runs on PRs to main and all release branches
-    branches:
-      - main
-      - release/*
-
-jobs:
-  backport-label-check:
-    if: "startsWith(github.event.label.name, 'backport/')"
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Comment on PR
-        run: |
-          github_message="After merging, confirm that you see linked PRs AND check them for CI errors."
-          curl -s -H "Authorization: token ${{ secrets.PR_COMMENT_TOKEN }}" \
-            -X POST \
-            -d "{ \"body\": \"${github_message}\"}" \
-            "https://api.github.com/repos/${GITHUB_REPOSITORY}/issues/${{ github.event.pull_request.number }}/comments"

From ada767fc9f3b8fe135bd0c416e3fa81d003fb10c Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Thu, 20 Jul 2023 12:06:29 -0500
Subject: [PATCH 194/359] resource: Pass resource to Write ACL hook instead of
 just resource Id [NET-4908] (#18192)

---
 .../grpc-external/services/resource/delete.go | 38 +++++++++----------
 .../grpc-external/services/resource/write.go  |  2 +-
 internal/resource/demo/demo.go                |  4 +-
 internal/resource/registry.go                 |  4 +-
 internal/resource/registry_test.go            |  4 +-
 5 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/agent/grpc-external/services/resource/delete.go b/agent/grpc-external/services/resource/delete.go
index b3045b3d6d29..88987b6a69ff 100644
--- a/agent/grpc-external/services/resource/delete.go
+++ b/agent/grpc-external/services/resource/delete.go
@@ -41,7 +41,23 @@ func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pb
 		return nil, err
 	}
 
-	err = reg.ACLs.Write(authz, req.Id)
+	// Retrieve resource since ACL hook requires it. Furthermore, we'll need the
+	// read to be strongly consistent if the passed in Version or Uid are empty.
+	consistency := storage.EventualConsistency
+	if req.Version == "" || req.Id.Uid == "" {
+		consistency = storage.StrongConsistency
+	}
+	existing, err := s.Backend.Read(ctx, consistency, req.Id)
+	switch {
+	case errors.Is(err, storage.ErrNotFound):
+		// Deletes are idempotent so no-op when not found
+		return &pbresource.DeleteResponse{}, nil
+	case err != nil:
+		return nil, status.Errorf(codes.Internal, "failed read: %v", err)
+	}
+
+	// Check ACLs
+	err = reg.ACLs.Write(authz, existing)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return nil, status.Error(codes.PermissionDenied, err.Error())
@@ -49,27 +65,11 @@ func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pb
 		return nil, status.Errorf(codes.Internal, "failed write acl: %v", err)
 	}
 
-	// The storage backend requires a Version and Uid to delete a resource based
-	// on CAS semantics. When either are not provided, the resource must be read
-	// with a strongly consistent read to retrieve either or both.
-	//
-	// n.b.: There is a chance DeleteCAS may fail with a storage.ErrCASFailure
-	// if an update occurs between the Read and DeleteCAS. Consider refactoring
-	// to use retryCAS() similar to the Write endpoint to close this gap.
 	deleteVersion := req.Version
 	deleteId := req.Id
 	if deleteVersion == "" || deleteId.Uid == "" {
-		existing, err := s.Backend.Read(ctx, storage.StrongConsistency, req.Id)
-		switch {
-		case err == nil:
-			deleteVersion = existing.Version
-			deleteId = existing.Id
-		case errors.Is(err, storage.ErrNotFound):
-			// Deletes are idempotent so no-op when not found
-			return &pbresource.DeleteResponse{}, nil
-		default:
-			return nil, status.Errorf(codes.Internal, "failed read: %v", err)
-		}
+		deleteVersion = existing.Version
+		deleteId = existing.Id
 	}
 
 	if err := s.maybeCreateTombstone(ctx, deleteId); err != nil {
diff --git a/agent/grpc-external/services/resource/write.go b/agent/grpc-external/services/resource/write.go
index 831998c33bcf..3900612f07e1 100644
--- a/agent/grpc-external/services/resource/write.go
+++ b/agent/grpc-external/services/resource/write.go
@@ -52,7 +52,7 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre
 	}
 
 	// check acls
-	err = reg.ACLs.Write(authz, req.Resource.Id)
+	err = reg.ACLs.Write(authz, req.Resource)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return nil, status.Error(codes.PermissionDenied, err.Error())
diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go
index 20ad89c962c4..e055e165c09c 100644
--- a/internal/resource/demo/demo.go
+++ b/internal/resource/demo/demo.go
@@ -77,8 +77,8 @@ func RegisterTypes(r resource.Registry) {
 		return authz.ToAllowAuthorizer().KeyReadAllowed(key, &acl.AuthorizerContext{})
 	}
 
-	writeACL := func(authz acl.Authorizer, id *pbresource.ID) error {
-		key := fmt.Sprintf("resource/%s/%s", resource.ToGVK(id.Type), id.Name)
+	writeACL := func(authz acl.Authorizer, res *pbresource.Resource) error {
+		key := fmt.Sprintf("resource/%s/%s", resource.ToGVK(res.Id.Type), res.Id.Name)
 		return authz.ToAllowAuthorizer().KeyWriteAllowed(key, &acl.AuthorizerContext{})
 	}
 
diff --git a/internal/resource/registry.go b/internal/resource/registry.go
index 1baaf0bdd1bb..9d278a31cf36 100644
--- a/internal/resource/registry.go
+++ b/internal/resource/registry.go
@@ -57,7 +57,7 @@ type ACLHooks struct {
 	// Write is used to authorize Write and Delete RPCs.
 	//
 	// If it is omitted, `operator:write` permission is assumed.
-	Write func(acl.Authorizer, *pbresource.ID) error
+	Write func(acl.Authorizer, *pbresource.Resource) error
 
 	// List is used to authorize List RPCs.
 	//
@@ -119,7 +119,7 @@ func (r *TypeRegistry) Register(registration Registration) {
 		}
 	}
 	if registration.ACLs.Write == nil {
-		registration.ACLs.Write = func(authz acl.Authorizer, id *pbresource.ID) error {
+		registration.ACLs.Write = func(authz acl.Authorizer, id *pbresource.Resource) error {
 			return authz.ToAllowAuthorizer().OperatorWriteAllowed(&acl.AuthorizerContext{})
 		}
 	}
diff --git a/internal/resource/registry_test.go b/internal/resource/registry_test.go
index c9d1777159f8..7d8bb2433921 100644
--- a/internal/resource/registry_test.go
+++ b/internal/resource/registry_test.go
@@ -47,8 +47,8 @@ func TestRegister_Defaults(t *testing.T) {
 	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Read(testutils.ACLNoPermissions(t), artist.Id)))
 
 	// verify default write hook requires operator:write
-	require.NoError(t, reg.ACLs.Write(testutils.ACLOperatorWrite(t), artist.Id))
-	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Write(testutils.ACLNoPermissions(t), artist.Id)))
+	require.NoError(t, reg.ACLs.Write(testutils.ACLOperatorWrite(t), artist))
+	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Write(testutils.ACLNoPermissions(t), artist)))
 
 	// verify default list hook requires operator:read
 	require.NoError(t, reg.ACLs.List(testutils.ACLOperatorRead(t), artist.Id.Tenancy))

From 2c5a09bb0aa1326fbdfe910126f8e7c04d7af5cc Mon Sep 17 00:00:00 2001
From: Blake Covarrubias <blake@covarrubi.as>
Date: Thu, 20 Jul 2023 13:24:43 -0700
Subject: [PATCH 195/359] Explicitly enable WebSocket upgrades (#18150)

This PR explicitly enables WebSocket upgrades in Envoy's UpgradeConfig for all
proxy types. (API Gateway, Ingress, and Sidecar.)

Fixes #8283
---
 .changelog/18150.txt                          |   3 +
 agent/xds/listeners.go                        |   4 +
 ...uthz-http-local-grpc-service.latest.golden |   9 +-
 ...uthz-http-local-http-service.latest.golden |   9 +-
 ...z-http-upstream-grpc-service.latest.golden |   9 +-
 ...z-http-upstream-http-service.latest.golden |   9 +-
 ...lambda-and-lua-connect-proxy.latest.golden | 336 +++++------
 ...-connect-proxy-opposite-meta.latest.golden | 179 +++---
 .../lambda-connect-proxy-tproxy.latest.golden | 241 ++++----
 ...terminating-gateway-upstream.latest.golden | 169 +++---
 .../lambda-connect-proxy.latest.golden        | 179 +++---
 ...teway-with-service-resolvers.latest.golden | 533 +++++++++---------
 .../lambda-terminating-gateway.latest.golden  | 323 +++++------
 ...terminating-gateway-upstream.latest.golden | 169 +++---
 ...a-inbound-applies-to-inbound.latest.golden | 289 +++++-----
 ...snt-apply-to-local-upstreams.latest.golden |  14 +-
 ...es-to-local-upstreams-tproxy.latest.golden |  21 +-
 ...d-applies-to-local-upstreams.latest.golden |  14 +-
 ...ound-doesnt-apply-to-inbound.latest.golden | 281 ++++-----
 ...-consul-constraint-violation.latest.golden |  14 +-
 ...h-envoy-constraint-violation.latest.golden |  14 +-
 ...opertyoverride-add-keepalive.latest.golden | 281 ++++-----
 ...d-outlier-detection-multiple.latest.golden | 281 ++++-----
 ...erride-add-outlier-detection.latest.golden | 281 ++++-----
 ...de-add-round-robin-lb-config.latest.golden | 281 ++++-----
 ...-load-assignment-inbound-add.latest.golden |   7 +-
 ...load-assignment-outbound-add.latest.golden |   7 +-
 ...und-doesnt-apply-to-outbound.latest.golden | 287 +++++-----
 ...verride-listener-inbound-add.latest.golden | 283 +++++-----
 ...erride-listener-outbound-add.latest.golden | 285 +++++-----
 ...ound-doesnt-apply-to-inbound.latest.golden | 287 +++++-----
 ...ic-upstream-service-failover.latest.golden | 283 +++++-----
 ...ic-upstream-service-splitter.latest.golden | 310 +++++-----
 ...ide-remove-outlier-detection.latest.golden | 281 ++++-----
 .../wasm-http-local-file.latest.golden        |  39 +-
 .../wasm-http-remote-file.latest.golden       |  39 +-
 ...ttp-listener-with-http-route.latest.golden |  63 ++-
 ...ener-with-tcp-and-http-route.latest.golden |  91 +--
 .../api-gateway-with-http-route.latest.golden |   7 +-
 ...oxy-with-chain-and-overrides.latest.golden |  25 +-
 ...onnect-proxy-with-grpc-chain.latest.golden |  25 +-
 ...onnect-proxy-with-http-chain.latest.golden |  21 +-
 ...nnect-proxy-with-http2-chain.latest.golden |  25 +-
 ...-jwt-config-entry-with-local.latest.golden |   7 +-
 .../custom-trace-listener.latest.golden       |  35 +-
 .../expose-checks-grpc.latest.golden          |   7 +-
 ...ecks-http-with-bind-override.latest.golden | 157 +++---
 .../expose-checks-http.latest.golden          | 157 +++---
 ...expose-paths-local-app-paths.latest.golden |  26 +-
 ...pose-paths-new-cluster-http2.latest.golden |  30 +-
 .../grpc-public-listener.latest.golden        |  21 +-
 .../http-listener-with-timeouts.latest.golden |  39 +-
 ...http-public-listener-no-xfcc.latest.golden |  17 +-
 .../http-public-listener.latest.golden        |  39 +-
 .../listeners/http-upstream.latest.golden     |  17 +-
 .../http2-public-listener.latest.golden       |  43 +-
 ...gress-grpc-multiple-services.latest.golden |  17 +-
 ...gress-http-multiple-services.latest.golden |  26 +-
 ...itter-with-resolver-redirect.latest.golden |  13 +-
 ...ith-grpc-single-tls-listener.latest.golden |  34 +-
 ...d-grpc-multiple-tls-listener.latest.golden |  34 +-
 ...th-http2-single-tls-listener.latest.golden |  34 +-
 ...h-sds-listener+service-level.latest.golden |  34 +-
 ...h-sds-listener-gw-level-http.latest.golden |  17 +-
 ...s-service-level-mixed-no-tls.latest.golden |  30 +-
 ...gress-with-sds-service-level.latest.golden |  34 +-
 ...ess-with-single-tls-listener.latest.golden |  26 +-
 ...n-listeners-gateway-defaults.latest.golden |  69 +--
 ...ixed-cipher-suites-listeners.latest.golden |  14 +-
 ...ess-with-tls-mixed-listeners.latest.golden |  30 +-
 ...-mixed-max-version-listeners.latest.golden |  21 +-
 ...-mixed-min-version-listeners.latest.golden |  39 +-
 ...ed-services-http-with-router.latest.golden |  19 +-
 ...xported-peered-services-http.latest.golden |  57 +-
 ...itter-with-resolver-redirect.latest.golden |  21 +-
 .../telemetry-collector.latest.golden         | 209 +++----
 ...ting-gateway-service-subsets.latest.golden |  93 ++-
 ...arent-proxy-destination-http.latest.golden |  34 +-
 ...nsparent-proxy-http-upstream.latest.golden |  17 +-
 ...ng-gateway-destinations-only.latest.golden |  94 ++-
 agent/xds/xds_protocol_helpers_test.go        |   9 +
 81 files changed, 4035 insertions(+), 3893 deletions(-)
 create mode 100644 .changelog/18150.txt

diff --git a/.changelog/18150.txt b/.changelog/18150.txt
new file mode 100644
index 000000000000..492e7ad1b9ff
--- /dev/null
+++ b/.changelog/18150.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+xds: Explicitly enable WebSocket connection upgrades in HTTP connection manager
+```
diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go
index 71e5b285e146..520b58e0a613 100644
--- a/agent/xds/listeners.go
+++ b/agent/xds/listeners.go
@@ -2470,6 +2470,10 @@ func makeHTTPFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error)
 			// sampled.
 			RandomSampling: &envoy_type_v3.Percent{Value: 0.0},
 		},
+		// Explicitly enable WebSocket upgrades for all HTTP listeners
+		UpgradeConfigs: []*envoy_http_v3.HttpConnectionManager_UpgradeConfig{
+			{UpgradeType: "websocket"},
+		},
 	}
 
 	if opts.tracing != nil {
diff --git a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-grpc-service.latest.golden b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-grpc-service.latest.golden
index 0448214fe781..370a98fbe6f0 100644
--- a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-grpc-service.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-grpc-service.latest.golden
@@ -209,7 +209,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -248,4 +253,4 @@
   ],
   "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
   "nonce": "00000001"
-}
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-http-service.latest.golden b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-http-service.latest.golden
index 9e3390355805..7f7bffd9a4d4 100644
--- a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-http-service.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-local-http-service.latest.golden
@@ -210,7 +210,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -249,4 +254,4 @@
   ],
   "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
   "nonce": "00000001"
-}
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-grpc-service.latest.golden b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-grpc-service.latest.golden
index 203929ea6688..489708b8364a 100644
--- a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-grpc-service.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-grpc-service.latest.golden
@@ -233,7 +233,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -272,4 +277,4 @@
   ],
   "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
   "nonce": "00000001"
-}
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-http-service.latest.golden b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-http-service.latest.golden
index e2bf641ee52a..dc6cf35f49da 100644
--- a/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-http-service.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/ext-authz-http-upstream-http-service.latest.golden
@@ -309,7 +309,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -348,4 +353,4 @@
   ],
   "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
   "nonce": "00000001"
-}
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lambda-and-lua-connect-proxy.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lambda-and-lua-connect-proxy.latest.golden
index 8c6624c9477c..945be5c4032f 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lambda-and-lua-connect-proxy.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lambda-and-lua-connect-proxy.latest.golden
@@ -1,214 +1,219 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "routeConfig":  {
-                  "name":  "db",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "routeConfig": {
+                  "name": "db",
+                  "virtualHosts": [
                     {
-                      "name":  "db.default.default.dc1",
-                      "domains":  [
+                      "name": "db.default.default.dc1",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                          "route": {
+                            "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.aws_lambda",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
-                      "arn":  "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
-                      "invocationMode":  "ASYNCHRONOUS"
+                    "name": "envoy.filters.http.aws_lambda",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
+                      "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
+                      "invocationMode": "ASYNCHRONOUS"
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "stripAnyHostPort":  true
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ],
+                "stripAnyHostPort": true
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -216,66 +221,71 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.lua",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua",
-                      "inlineCode":  "\nfunction envoy_on_request(request_handle)\n  request_handle:headers():add(\"test\", \"test\")\nend"
+                    "name": "envoy.filters.http.lua",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua",
+                      "inlineCode": "\nfunction envoy_on_request(request_handle)\n  request_handle:headers():add(\"test\", \"test\")\nend"
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-opposite-meta.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-opposite-meta.latest.golden
index 0d26159f7f67..59b2bd7719b2 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-opposite-meta.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-opposite-meta.latest.golden
@@ -1,155 +1,160 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "routeConfig":  {
-                  "name":  "db",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "routeConfig": {
+                  "name": "db",
+                  "virtualHosts": [
                     {
-                      "name":  "db.default.default.dc1",
-                      "domains":  [
+                      "name": "db.default.default.dc1",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                          "route": {
+                            "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.aws_lambda",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
-                      "arn":  "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
-                      "invocationMode":  "ASYNCHRONOUS"
+                    "name": "envoy.filters.http.aws_lambda",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
+                      "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
+                      "invocationMode": "ASYNCHRONOUS"
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "stripAnyHostPort":  true
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ],
+                "stripAnyHostPort": true
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "public_listener",
-                "cluster":  "local_app"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "public_listener",
+                "cluster": "local_app"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-tproxy.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-tproxy.latest.golden
index b6e60032f199..647c3898ca33 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-tproxy.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-tproxy.latest.golden
@@ -1,212 +1,217 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "outbound_listener:127.0.0.1:15001",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  15001
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "outbound_listener:127.0.0.1:15001",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 15001
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filterChainMatch":  {
-            "prefixRanges":  [
+          "filterChainMatch": {
+            "prefixRanges": [
               {
-                "addressPrefix":  "10.0.0.1",
-                "prefixLen":  32
+                "addressPrefix": "10.0.0.1",
+                "prefixLen": 32
               },
               {
-                "addressPrefix":  "240.0.0.1",
-                "prefixLen":  32
+                "addressPrefix": "240.0.0.1",
+                "prefixLen": 32
               }
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.google.default.default.dc1",
-                "routeConfig":  {
-                  "name":  "google",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.google.default.default.dc1",
+                "routeConfig": {
+                  "name": "google",
+                  "virtualHosts": [
                     {
-                      "name":  "google.default.default.dc1",
-                      "domains":  [
+                      "name": "google.default.default.dc1",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                          "route": {
+                            "cluster": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.aws_lambda",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
-                      "arn":  "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
-                      "payloadPassthrough":  true
+                    "name": "envoy.filters.http.aws_lambda",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
+                      "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
+                      "payloadPassthrough": true
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "stripAnyHostPort":  true
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ],
+                "stripAnyHostPort": true
               }
             }
           ]
         }
       ],
-      "defaultFilterChain":  {
-        "filters":  [
+      "defaultFilterChain": {
+        "filters": [
           {
-            "name":  "envoy.filters.network.tcp_proxy",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-              "statPrefix":  "upstream.original-destination",
-              "cluster":  "original-destination"
+            "name": "envoy.filters.network.tcp_proxy",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+              "statPrefix": "upstream.original-destination",
+              "cluster": "original-destination"
             }
           }
         ]
       },
-      "listenerFilters":  [
+      "listenerFilters": [
         {
-          "name":  "envoy.filters.listener.original_dst",
-          "typedConfig":  {
-            "@type":  "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst"
+          "name": "envoy.filters.listener.original_dst",
+          "typedConfig": {
+            "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst"
           }
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "public_listener",
-                "cluster":  "local_app"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "public_listener",
+                "cluster": "local_app"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-with-terminating-gateway-upstream.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-with-terminating-gateway-upstream.latest.golden
index f8ad4a4b4067..0814b07f46df 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-with-terminating-gateway-upstream.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy-with-terminating-gateway-upstream.latest.golden
@@ -1,146 +1,151 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "routeConfig":  {
-                  "name":  "db",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "routeConfig": {
+                  "name": "db",
+                  "virtualHosts": [
                     {
-                      "name":  "db.default.default.dc1",
-                      "domains":  [
+                      "name": "db.default.default.dc1",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                          "route": {
+                            "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
-                }
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "public_listener",
-                "cluster":  "local_app"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "public_listener",
+                "cluster": "local_app"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy.latest.golden
index fb62cd7ed952..172f32d6506f 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lambda-connect-proxy.latest.golden
@@ -1,155 +1,160 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "routeConfig":  {
-                  "name":  "db",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "routeConfig": {
+                  "name": "db",
+                  "virtualHosts": [
                     {
-                      "name":  "db.default.default.dc1",
-                      "domains":  [
+                      "name": "db.default.default.dc1",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                          "route": {
+                            "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.aws_lambda",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
-                      "arn":  "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
-                      "payloadPassthrough":  true
+                    "name": "envoy.filters.http.aws_lambda",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
+                      "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
+                      "payloadPassthrough": true
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "stripAnyHostPort":  true
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ],
+                "stripAnyHostPort": true
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "public_listener",
-                "cluster":  "local_app"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "public_listener",
+                "cluster": "local_app"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lambda-terminating-gateway-with-service-resolvers.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lambda-terminating-gateway-with-service-resolvers.latest.golden
index 09a053a8fd70..0b77bf2a2f6b 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lambda-terminating-gateway-with-service-resolvers.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lambda-terminating-gateway-with-service-resolvers.latest.golden
@@ -1,445 +1,460 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "default:1.2.3.4:8443",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8443
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "default:1.2.3.4:8443",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8443
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.api.default.default.dc1",
-                "cluster":  "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.api.default.default.dc1",
+                "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.cache.default.default.dc1",
-                "cluster":  "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.cache.default.default.dc1",
+                "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.web.default.default.dc1",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.web.default.default.dc1",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
                   },
-                  "routeConfigName":  "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                  "routeConfigName": "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.aws_lambda",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
-                      "arn":  "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
-                      "payloadPassthrough":  true
+                    "name": "envoy.filters.http.aws_lambda",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
+                      "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
+                      "payloadPassthrough": true
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
                 },
-                "stripAnyHostPort":  true
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ],
+                "stripAnyHostPort": true
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.web.default.default.dc1",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.web.default.default.dc1",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
                   },
-                  "routeConfigName":  "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                  "routeConfigName": "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.aws_lambda",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
-                      "arn":  "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
-                      "payloadPassthrough":  true
+                    "name": "envoy.filters.http.aws_lambda",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
+                      "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
+                      "payloadPassthrough": true
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
                 },
-                "stripAnyHostPort":  true
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ],
+                "stripAnyHostPort": true
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.web.default.default.dc1",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.web.default.default.dc1",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
                   },
-                  "routeConfigName":  "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                  "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.aws_lambda",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
-                      "arn":  "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
-                      "payloadPassthrough":  true
+                    "name": "envoy.filters.http.aws_lambda",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
+                      "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
+                      "payloadPassthrough": true
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
                 },
-                "stripAnyHostPort":  true
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ],
+                "stripAnyHostPort": true
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         },
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.sni_cluster",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
+              "name": "envoy.filters.network.sni_cluster",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "terminating_gateway.default",
-                "cluster":  ""
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "terminating_gateway.default",
+                "cluster": ""
               }
             }
           ]
         }
       ],
-      "listenerFilters":  [
+      "listenerFilters": [
         {
-          "name":  "envoy.filters.listener.tls_inspector",
-          "typedConfig":  {
-            "@type":  "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
+          "name": "envoy.filters.listener.tls_inspector",
+          "typedConfig": {
+            "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lambda-terminating-gateway.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lambda-terminating-gateway.latest.golden
index 211c49081f1f..fe380613af02 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lambda-terminating-gateway.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lambda-terminating-gateway.latest.golden
@@ -1,279 +1,284 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "default:1.2.3.4:8443",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8443
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "default:1.2.3.4:8443",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8443
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.api.default.default.dc1",
-                "cluster":  "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.api.default.default.dc1",
+                "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.cache.default.default.dc1",
-                "cluster":  "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.cache.default.default.dc1",
+                "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.web.default.default.dc1",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.web.default.default.dc1",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
                   },
-                  "routeConfigName":  "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                  "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.aws_lambda",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
-                      "arn":  "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
-                      "payloadPassthrough":  true
+                    "name": "envoy.filters.http.aws_lambda",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
+                      "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
+                      "payloadPassthrough": true
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
                 },
-                "stripAnyHostPort":  true
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ],
+                "stripAnyHostPort": true
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         },
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.sni_cluster",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
+              "name": "envoy.filters.network.sni_cluster",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "terminating_gateway.default",
-                "cluster":  ""
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "terminating_gateway.default",
+                "cluster": ""
               }
             }
           ]
         }
       ],
-      "listenerFilters":  [
+      "listenerFilters": [
         {
-          "name":  "envoy.filters.listener.tls_inspector",
-          "typedConfig":  {
-            "@type":  "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
+          "name": "envoy.filters.listener.tls_inspector",
+          "typedConfig": {
+            "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lua-connect-proxy-with-terminating-gateway-upstream.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lua-connect-proxy-with-terminating-gateway-upstream.latest.golden
index f8ad4a4b4067..0814b07f46df 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lua-connect-proxy-with-terminating-gateway-upstream.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lua-connect-proxy-with-terminating-gateway-upstream.latest.golden
@@ -1,146 +1,151 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "routeConfig":  {
-                  "name":  "db",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "routeConfig": {
+                  "name": "db",
+                  "virtualHosts": [
                     {
-                      "name":  "db.default.default.dc1",
-                      "domains":  [
+                      "name": "db.default.default.dc1",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                          "route": {
+                            "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
-                }
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "public_listener",
-                "cluster":  "local_app"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "public_listener",
+                "cluster": "local_app"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lua-inbound-applies-to-inbound.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lua-inbound-applies-to-inbound.latest.golden
index 36afd3aa3be9..be339e7a190e 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lua-inbound-applies-to-inbound.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lua-inbound-applies-to-inbound.latest.golden
@@ -1,174 +1,174 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -176,66 +176,71 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.lua",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua",
-                      "inlineCode":  "\nfunction envoy_on_request(request_handle)\n  request_handle:headers():add(\"test\", \"test\")\nend"
+                    "name": "envoy.filters.http.lua",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua",
+                      "inlineCode": "\nfunction envoy_on_request(request_handle)\n  request_handle:headers():add(\"test\", \"test\")\nend"
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lua-inbound-doesnt-apply-to-local-upstreams.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lua-inbound-doesnt-apply-to-local-upstreams.latest.golden
index 01dd7bfa512b..7f91026f6cf9 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lua-inbound-doesnt-apply-to-local-upstreams.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lua-inbound-doesnt-apply-to-local-upstreams.latest.golden
@@ -49,7 +49,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -230,7 +235,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-applies-to-local-upstreams-tproxy.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-applies-to-local-upstreams-tproxy.latest.golden
index 9cf14135f195..20bb59055ada 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-applies-to-local-upstreams-tproxy.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-applies-to-local-upstreams-tproxy.latest.golden
@@ -70,7 +70,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -109,7 +114,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -297,7 +307,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-applies-to-local-upstreams.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-applies-to-local-upstreams.latest.golden
index 5ebbbafde856..e6859902f5a6 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-applies-to-local-upstreams.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-applies-to-local-upstreams.latest.golden
@@ -56,7 +56,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -230,7 +235,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-inbound.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-inbound.latest.golden
index 7a4514f1d783..461b8379f7d5 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-inbound.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-inbound.latest.golden
@@ -1,174 +1,174 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -176,59 +176,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
index 8024198d7c4d..36c29ce4c004 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden
@@ -49,7 +49,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -223,7 +228,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
index 8024198d7c4d..36c29ce4c004 100644
--- a/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden
@@ -49,7 +49,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -223,7 +228,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-keepalive.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-keepalive.latest.golden
index 7a4514f1d783..461b8379f7d5 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-keepalive.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-keepalive.latest.golden
@@ -1,174 +1,174 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -176,59 +176,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-outlier-detection-multiple.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-outlier-detection-multiple.latest.golden
index 7a4514f1d783..461b8379f7d5 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-outlier-detection-multiple.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-outlier-detection-multiple.latest.golden
@@ -1,174 +1,174 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -176,59 +176,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-outlier-detection.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-outlier-detection.latest.golden
index 7a4514f1d783..461b8379f7d5 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-outlier-detection.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-outlier-detection.latest.golden
@@ -1,174 +1,174 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -176,59 +176,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-round-robin-lb-config.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-round-robin-lb-config.latest.golden
index 7a4514f1d783..461b8379f7d5 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-round-robin-lb-config.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-add-round-robin-lb-config.latest.golden
@@ -1,174 +1,174 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -176,59 +176,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-cluster-load-assignment-inbound-add.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-cluster-load-assignment-inbound-add.latest.golden
index 689ccb1d7b04..461b8379f7d5 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-cluster-load-assignment-inbound-add.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-cluster-load-assignment-inbound-add.latest.golden
@@ -192,7 +192,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-cluster-load-assignment-outbound-add.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-cluster-load-assignment-outbound-add.latest.golden
index 689ccb1d7b04..461b8379f7d5 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-cluster-load-assignment-outbound-add.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-cluster-load-assignment-outbound-add.latest.golden
@@ -192,7 +192,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-inbound-doesnt-apply-to-outbound.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-inbound-doesnt-apply-to-outbound.latest.golden
index 4e727c476e69..a0e8a85b6080 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-inbound-doesnt-apply-to-outbound.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-inbound-doesnt-apply-to-outbound.latest.golden
@@ -1,177 +1,177 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "statPrefix":  "custom.stats.outbound.only",
-      "filterChains":  [
+      "statPrefix": "custom.stats.outbound.only",
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "statPrefix":  "custom.stats.outbound.only",
-      "filterChains":  [
+      "statPrefix": "custom.stats.outbound.only",
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "statPrefix":  "custom.stats.inbound.only",
-      "filterChains":  [
+      "statPrefix": "custom.stats.inbound.only",
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -179,59 +179,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-listener-inbound-add.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-listener-inbound-add.latest.golden
index d2235a3813b6..84589156e704 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-listener-inbound-add.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-listener-inbound-add.latest.golden
@@ -1,175 +1,175 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "statPrefix":  "custom.stats",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "statPrefix": "custom.stats",
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -177,59 +177,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-listener-outbound-add.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-listener-outbound-add.latest.golden
index c771ea766d82..696de54e635f 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-listener-outbound-add.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-listener-outbound-add.latest.golden
@@ -1,176 +1,176 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "statPrefix":  "custom.stats",
-      "filterChains":  [
+      "statPrefix": "custom.stats",
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "statPrefix":  "custom.stats",
-      "filterChains":  [
+      "statPrefix": "custom.stats",
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -178,59 +178,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-outbound-doesnt-apply-to-inbound.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-outbound-doesnt-apply-to-inbound.latest.golden
index 4e727c476e69..a0e8a85b6080 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-outbound-doesnt-apply-to-inbound.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-outbound-doesnt-apply-to-inbound.latest.golden
@@ -1,177 +1,177 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "statPrefix":  "custom.stats.outbound.only",
-      "filterChains":  [
+      "statPrefix": "custom.stats.outbound.only",
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "statPrefix":  "custom.stats.outbound.only",
-      "filterChains":  [
+      "statPrefix": "custom.stats.outbound.only",
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "statPrefix":  "custom.stats.inbound.only",
-      "filterChains":  [
+      "statPrefix": "custom.stats.inbound.only",
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -179,59 +179,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-patch-specific-upstream-service-failover.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-patch-specific-upstream-service-failover.latest.golden
index e8fc107d199e..979ffd3ba98d 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-patch-specific-upstream-service-failover.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-patch-specific-upstream-service-failover.latest.golden
@@ -1,175 +1,175 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "statPrefix":  "custom.stats.outbound.only",
-      "filterChains":  [
+      "statPrefix": "custom.stats.outbound.only",
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -177,59 +177,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-patch-specific-upstream-service-splitter.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-patch-specific-upstream-service-splitter.latest.golden
index b17de217f364..36efed784d0e 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-patch-specific-upstream-service-splitter.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-patch-specific-upstream-service-splitter.latest.golden
@@ -1,192 +1,197 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "statPrefix":  "custom.stats.outbound.only",
-      "filterChains":  [
+      "statPrefix": "custom.stats.outbound.only",
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
                   },
-                  "routeConfigName":  "db"
+                  "routeConfigName": "db"
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
-                }
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -194,59 +199,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-remove-outlier-detection.latest.golden b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-remove-outlier-detection.latest.golden
index 7a4514f1d783..461b8379f7d5 100644
--- a/agent/xds/testdata/builtin_extension/listeners/propertyoverride-remove-outlier-detection.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/propertyoverride-remove-outlier-detection.latest.golden
@@ -1,174 +1,174 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "public_listener",
-                "routeConfig":  {
-                  "name":  "public_listener",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "public_listener",
+                "routeConfig": {
+                  "name": "public_listener",
+                  "virtualHosts": [
                     {
-                      "name":  "public_listener",
-                      "domains":  [
+                      "name": "public_listener",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "local_app"
+                          "route": {
+                            "cluster": "local_app"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.rbac",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules":  {}
+                    "name": "envoy.filters.http.rbac",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
+                      "rules": {}
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.header_to_metadata",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
-                      "requestRules":  [
+                    "name": "envoy.filters.http.header_to_metadata",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
+                      "requestRules": [
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "trust-domain",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "trust-domain",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\1"
+                              "substitution": "\\1"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "partition",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "partition",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\2"
+                              "substitution": "\\2"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "namespace",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "namespace",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\3"
+                              "substitution": "\\3"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "datacenter",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "datacenter",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\4"
+                              "substitution": "\\4"
                             }
                           }
                         },
                         {
-                          "header":  "x-forwarded-client-cert",
-                          "onHeaderPresent":  {
-                            "metadataNamespace":  "consul",
-                            "key":  "service",
-                            "regexValueRewrite":  {
-                              "pattern":  {
-                                "googleRe2":  {},
-                                "regex":  ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
+                          "header": "x-forwarded-client-cert",
+                          "onHeaderPresent": {
+                            "metadataNamespace": "consul",
+                            "key": "service",
+                            "regexValueRewrite": {
+                              "pattern": {
+                                "googleRe2": {},
+                                "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
-                              "substitution":  "\\5"
+                              "substitution": "\\5"
                             }
                           }
                         }
@@ -176,59 +176,64 @@
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "forwardClientCertDetails":  "APPEND_FORWARD",
-                "setCurrentClientCertDetails":  {
-                  "subject":  true,
-                  "cert":  true,
-                  "chain":  true,
-                  "dns":  true,
-                  "uri":  true
-                }
+                "forwardClientCertDetails": "APPEND_FORWARD",
+                "setCurrentClientCertDetails": {
+                  "subject": true,
+                  "cert": true,
+                  "chain": true,
+                  "dns": true,
+                  "uri": true
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols":  [
+                "alpnProtocols": [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/builtin_extension/listeners/wasm-http-local-file.latest.golden b/agent/xds/testdata/builtin_extension/listeners/wasm-http-local-file.latest.golden
index a709a6a13abf..9a80ae3050b7 100644
--- a/agent/xds/testdata/builtin_extension/listeners/wasm-http-local-file.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/wasm-http-local-file.latest.golden
@@ -94,9 +94,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -111,9 +109,7 @@
                             "key": "trust-domain",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\1"
@@ -127,9 +123,7 @@
                             "key": "partition",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\2"
@@ -143,9 +137,7 @@
                             "key": "namespace",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\3"
@@ -159,9 +151,7 @@
                             "key": "datacenter",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\4"
@@ -175,9 +165,7 @@
                             "key": "service",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\5"
@@ -216,9 +204,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "APPEND_FORWARD",
                 "setCurrentClientCertDetails": {
@@ -227,7 +213,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -236,9 +227,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/builtin_extension/listeners/wasm-http-remote-file.latest.golden b/agent/xds/testdata/builtin_extension/listeners/wasm-http-remote-file.latest.golden
index e757392cfea1..220c7ce18c35 100644
--- a/agent/xds/testdata/builtin_extension/listeners/wasm-http-remote-file.latest.golden
+++ b/agent/xds/testdata/builtin_extension/listeners/wasm-http-remote-file.latest.golden
@@ -94,9 +94,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -111,9 +109,7 @@
                             "key": "trust-domain",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\1"
@@ -127,9 +123,7 @@
                             "key": "partition",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\2"
@@ -143,9 +137,7 @@
                             "key": "namespace",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\3"
@@ -159,9 +151,7 @@
                             "key": "datacenter",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\4"
@@ -175,9 +165,7 @@
                             "key": "service",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\5"
@@ -221,9 +209,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "APPEND_FORWARD",
                 "setCurrentClientCertDetails": {
@@ -232,7 +218,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -241,9 +232,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/api-gateway-http-listener-with-http-route.latest.golden b/agent/xds/testdata/listeners/api-gateway-http-listener-with-http-route.latest.golden
index e9bee988de93..97fe8332eecf 100644
--- a/agent/xds/testdata/listeners/api-gateway-http-listener-with-http-route.latest.golden
+++ b/agent/xds/testdata/listeners/api-gateway-http-listener-with-http-route.latest.golden
@@ -1,49 +1,54 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "http:1.2.3.4:8080",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8080
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "http:1.2.3.4:8080",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8080
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "ingress_upstream_8080",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "ingress_upstream_8080",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
                   },
-                  "routeConfigName":  "8080"
+                  "routeConfigName": "8080"
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
-                }
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden b/agent/xds/testdata/listeners/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden
index 9e136780767a..f754b2636bdc 100644
--- a/agent/xds/testdata/listeners/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden
+++ b/agent/xds/testdata/listeners/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden
@@ -1,74 +1,79 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "http:1.2.3.4:8081",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8081
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "http:1.2.3.4:8081",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8081
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "ingress_upstream_8081",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "ingress_upstream_8081",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
                   },
-                  "routeConfigName":  "8081"
+                  "routeConfigName": "8081"
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
-                }
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "tcp-service:1.2.3.4:8080",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8080
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "tcp-service:1.2.3.4:8080",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8080
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.tcp-service.default.default.dc1",
-                "cluster":  "tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.tcp-service.default.default.dc1",
+                "cluster": "tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden
index 670911b8f97a..935e330a5983 100644
--- a/agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden
+++ b/agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden
@@ -35,7 +35,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden
index 4e524021f8b2..03e15abeaa72 100644
--- a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden
+++ b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "upstream.db.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "db"
@@ -49,13 +47,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -104,9 +103,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -124,9 +121,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.latest.golden
index 4e524021f8b2..03e15abeaa72 100644
--- a/agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.latest.golden
+++ b/agent/xds/testdata/listeners/connect-proxy-with-grpc-chain.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "upstream.db.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "db"
@@ -49,13 +47,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -104,9 +103,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -124,9 +121,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-http-chain.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-http-chain.latest.golden
index 0eed52477d62..7f85cbeb7257 100644
--- a/agent/xds/testdata/listeners/connect-proxy-with-http-chain.latest.golden
+++ b/agent/xds/testdata/listeners/connect-proxy-with-http-chain.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "upstream.db.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "db"
@@ -36,10 +34,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
@@ -88,9 +89,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -108,9 +107,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-http2-chain.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-http2-chain.latest.golden
index 56d9ffd88151..98b090c7839b 100644
--- a/agent/xds/testdata/listeners/connect-proxy-with-http2-chain.latest.golden
+++ b/agent/xds/testdata/listeners/connect-proxy-with-http2-chain.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "upstream.db.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "db"
@@ -36,13 +34,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -91,9 +90,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -111,9 +108,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden
index 6cddcbff96bc..44ac849aa4cb 100644
--- a/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden
+++ b/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden
@@ -231,7 +231,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/listeners/custom-trace-listener.latest.golden b/agent/xds/testdata/listeners/custom-trace-listener.latest.golden
index fb23d2644d42..90d89e1de9e7 100644
--- a/agent/xds/testdata/listeners/custom-trace-listener.latest.golden
+++ b/agent/xds/testdata/listeners/custom-trace-listener.latest.golden
@@ -94,9 +94,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -111,9 +109,7 @@
                             "key": "trust-domain",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\1"
@@ -127,9 +123,7 @@
                             "key": "partition",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\2"
@@ -143,9 +137,7 @@
                             "key": "namespace",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\3"
@@ -159,9 +151,7 @@
                             "key": "datacenter",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\4"
@@ -175,9 +165,7 @@
                             "key": "service",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\5"
@@ -227,7 +215,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -236,9 +229,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/expose-checks-grpc.latest.golden b/agent/xds/testdata/listeners/expose-checks-grpc.latest.golden
index a73fdd5a7994..6551d151fc66 100644
--- a/agent/xds/testdata/listeners/expose-checks-grpc.latest.golden
+++ b/agent/xds/testdata/listeners/expose-checks-grpc.latest.golden
@@ -66,7 +66,12 @@
                 "tracing": {
                   "randomSampling": {}
                 },
-                "http2ProtocolOptions": {}
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
diff --git a/agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden b/agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden
index fc97741bb875..79f3555eb278 100644
--- a/agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden
+++ b/agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden
@@ -1,137 +1,142 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "exposed_path_debug:6.7.8.9:21500",
-      "address":  {
-        "socketAddress":  {
-          "address":  "6.7.8.9",
-          "portValue":  21500
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "exposed_path_debug:6.7.8.9:21500",
+      "address": {
+        "socketAddress": {
+          "address": "6.7.8.9",
+          "portValue": 21500
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filterChainMatch":  {
-            "sourcePrefixRanges":  [
+          "filterChainMatch": {
+            "sourcePrefixRanges": [
               {
-                "addressPrefix":  "127.0.0.1",
-                "prefixLen":  8
+                "addressPrefix": "127.0.0.1",
+                "prefixLen": 8
               },
               {
-                "addressPrefix":  "192.0.2.1",
-                "prefixLen":  32
+                "addressPrefix": "192.0.2.1",
+                "prefixLen": 32
               },
               {
-                "addressPrefix":  "::1",
-                "prefixLen":  128
+                "addressPrefix": "::1",
+                "prefixLen": 128
               }
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "exposed_path_filter_debug_21500",
-                "routeConfig":  {
-                  "name":  "exposed_path_filter_debug_21500",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "exposed_path_filter_debug_21500",
+                "routeConfig": {
+                  "name": "exposed_path_filter_debug_21500",
+                  "virtualHosts": [
                     {
-                      "name":  "exposed_path_filter_debug_21500",
-                      "domains":  [
+                      "name": "exposed_path_filter_debug_21500",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "path":  "/debug"
+                          "match": {
+                            "path": "/debug"
                           },
-                          "route":  {
-                            "cluster":  "exposed_cluster_8181"
+                          "route": {
+                            "cluster": "exposed_cluster_8181"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
-                }
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:6.7.8.9:8080",
-      "address":  {
-        "socketAddress":  {
-          "address":  "6.7.8.9",
-          "portValue":  8080
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:6.7.8.9:8080",
+      "address": {
+        "socketAddress": {
+          "address": "6.7.8.9",
+          "portValue": 8080
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "public_listener",
-                "cluster":  "local_app"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "public_listener",
+                "cluster": "local_app"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/expose-checks-http.latest.golden b/agent/xds/testdata/listeners/expose-checks-http.latest.golden
index a5e582d5ee72..50f3c5778a76 100644
--- a/agent/xds/testdata/listeners/expose-checks-http.latest.golden
+++ b/agent/xds/testdata/listeners/expose-checks-http.latest.golden
@@ -1,137 +1,142 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "exposed_path_debug:1.2.3.4:21500",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  21500
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "exposed_path_debug:1.2.3.4:21500",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 21500
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filterChainMatch":  {
-            "sourcePrefixRanges":  [
+          "filterChainMatch": {
+            "sourcePrefixRanges": [
               {
-                "addressPrefix":  "127.0.0.1",
-                "prefixLen":  8
+                "addressPrefix": "127.0.0.1",
+                "prefixLen": 8
               },
               {
-                "addressPrefix":  "192.0.2.1",
-                "prefixLen":  32
+                "addressPrefix": "192.0.2.1",
+                "prefixLen": 32
               },
               {
-                "addressPrefix":  "::1",
-                "prefixLen":  128
+                "addressPrefix": "::1",
+                "prefixLen": 128
               }
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "exposed_path_filter_debug_21500",
-                "routeConfig":  {
-                  "name":  "exposed_path_filter_debug_21500",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "exposed_path_filter_debug_21500",
+                "routeConfig": {
+                  "name": "exposed_path_filter_debug_21500",
+                  "virtualHosts": [
                     {
-                      "name":  "exposed_path_filter_debug_21500",
-                      "domains":  [
+                      "name": "exposed_path_filter_debug_21500",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "path":  "/debug"
+                          "match": {
+                            "path": "/debug"
                           },
-                          "route":  {
-                            "cluster":  "exposed_cluster_8181"
+                          "route": {
+                            "cluster": "exposed_cluster_8181"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
-                }
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:1.2.3.4:8080",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8080
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:1.2.3.4:8080",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8080
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "public_listener",
-                "cluster":  "local_app"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "public_listener",
+                "cluster": "local_app"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/expose-paths-local-app-paths.latest.golden b/agent/xds/testdata/listeners/expose-paths-local-app-paths.latest.golden
index cb7b0d46e7db..6d0f665a45aa 100644
--- a/agent/xds/testdata/listeners/expose-paths-local-app-paths.latest.golden
+++ b/agent/xds/testdata/listeners/expose-paths-local-app-paths.latest.golden
@@ -48,10 +48,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
@@ -106,10 +109,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
@@ -133,9 +139,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -153,9 +157,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/expose-paths-new-cluster-http2.latest.golden b/agent/xds/testdata/listeners/expose-paths-new-cluster-http2.latest.golden
index 84ef190ad931..e29af617f699 100644
--- a/agent/xds/testdata/listeners/expose-paths-new-cluster-http2.latest.golden
+++ b/agent/xds/testdata/listeners/expose-paths-new-cluster-http2.latest.golden
@@ -48,13 +48,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -109,10 +110,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
@@ -136,9 +140,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -156,9 +158,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/grpc-public-listener.latest.golden b/agent/xds/testdata/listeners/grpc-public-listener.latest.golden
index 22bf9854c762..eea407e422d1 100644
--- a/agent/xds/testdata/listeners/grpc-public-listener.latest.golden
+++ b/agent/xds/testdata/listeners/grpc-public-listener.latest.golden
@@ -107,9 +107,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -120,13 +118,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -135,9 +134,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/http-listener-with-timeouts.latest.golden b/agent/xds/testdata/listeners/http-listener-with-timeouts.latest.golden
index f4431491146c..9637b76bfb2d 100644
--- a/agent/xds/testdata/listeners/http-listener-with-timeouts.latest.golden
+++ b/agent/xds/testdata/listeners/http-listener-with-timeouts.latest.golden
@@ -96,9 +96,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -113,9 +111,7 @@
                             "key": "trust-domain",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\1"
@@ -129,9 +125,7 @@
                             "key": "partition",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\2"
@@ -145,9 +139,7 @@
                             "key": "namespace",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\3"
@@ -161,9 +153,7 @@
                             "key": "datacenter",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\4"
@@ -177,9 +167,7 @@
                             "key": "service",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\5"
@@ -197,9 +185,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "APPEND_FORWARD",
                 "setCurrentClientCertDetails": {
@@ -208,7 +194,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -217,9 +208,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/http-public-listener-no-xfcc.latest.golden b/agent/xds/testdata/listeners/http-public-listener-no-xfcc.latest.golden
index 2ba00f2cecd0..5b65b60e3a43 100644
--- a/agent/xds/testdata/listeners/http-public-listener-no-xfcc.latest.golden
+++ b/agent/xds/testdata/listeners/http-public-listener-no-xfcc.latest.golden
@@ -94,9 +94,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -107,10 +105,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -119,9 +120,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/http-public-listener.latest.golden b/agent/xds/testdata/listeners/http-public-listener.latest.golden
index 28fe00ff24f8..461b8379f7d5 100644
--- a/agent/xds/testdata/listeners/http-public-listener.latest.golden
+++ b/agent/xds/testdata/listeners/http-public-listener.latest.golden
@@ -94,9 +94,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -111,9 +109,7 @@
                             "key": "trust-domain",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\1"
@@ -127,9 +123,7 @@
                             "key": "partition",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\2"
@@ -143,9 +137,7 @@
                             "key": "namespace",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\3"
@@ -159,9 +151,7 @@
                             "key": "datacenter",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\4"
@@ -175,9 +165,7 @@
                             "key": "service",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\5"
@@ -195,9 +183,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "APPEND_FORWARD",
                 "setCurrentClientCertDetails": {
@@ -206,7 +192,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -215,9 +206,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/http-upstream.latest.golden b/agent/xds/testdata/listeners/http-upstream.latest.golden
index 717877fcd732..0814b07f46df 100644
--- a/agent/xds/testdata/listeners/http-upstream.latest.golden
+++ b/agent/xds/testdata/listeners/http-upstream.latest.golden
@@ -48,10 +48,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
@@ -100,9 +103,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -120,9 +121,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/http2-public-listener.latest.golden b/agent/xds/testdata/listeners/http2-public-listener.latest.golden
index cf4e8c776e51..bb0d81ac3607 100644
--- a/agent/xds/testdata/listeners/http2-public-listener.latest.golden
+++ b/agent/xds/testdata/listeners/http2-public-listener.latest.golden
@@ -94,9 +94,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -111,9 +109,7 @@
                             "key": "trust-domain",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\1"
@@ -127,9 +123,7 @@
                             "key": "partition",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\2"
@@ -143,9 +137,7 @@
                             "key": "namespace",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\3"
@@ -159,9 +151,7 @@
                             "key": "datacenter",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\4"
@@ -175,9 +165,7 @@
                             "key": "service",
                             "regexValueRewrite": {
                               "pattern": {
-                                "googleRe2": {
-
-                                },
+                                "googleRe2": {},
                                 "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
                               },
                               "substitution": "\\5"
@@ -195,13 +183,9 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
-                },
-                "http2ProtocolOptions": {
-
+                  "randomSampling": {}
                 },
+                "http2ProtocolOptions": {},
                 "forwardClientCertDetails": "APPEND_FORWARD",
                 "setCurrentClientCertDetails": {
                   "subject": true,
@@ -209,7 +193,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -218,9 +207,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/ingress-grpc-multiple-services.latest.golden b/agent/xds/testdata/listeners/ingress-grpc-multiple-services.latest.golden
index abad991957b5..26fa9469ca35 100644
--- a/agent/xds/testdata/listeners/ingress-grpc-multiple-services.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-grpc-multiple-services.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -49,13 +47,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
diff --git a/agent/xds/testdata/listeners/ingress-http-multiple-services.latest.golden b/agent/xds/testdata/listeners/ingress-http-multiple-services.latest.golden
index bcdf29c64326..4b94e26d2a70 100644
--- a/agent/xds/testdata/listeners/ingress-http-multiple-services.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-http-multiple-services.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "ingress_upstream_443",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "443"
@@ -36,10 +34,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
@@ -66,9 +67,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -82,10 +81,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
diff --git a/agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.latest.golden b/agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.latest.golden
index ae2f68556e15..97fe8332eecf 100644
--- a/agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-splitter-with-resolver-redirect.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -36,10 +34,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
diff --git a/agent/xds/testdata/listeners/ingress-with-grpc-single-tls-listener.latest.golden b/agent/xds/testdata/listeners/ingress-with-grpc-single-tls-listener.latest.golden
index e4a769066ad7..d4e98ecafe95 100644
--- a/agent/xds/testdata/listeners/ingress-with-grpc-single-tls-listener.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-grpc-single-tls-listener.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -49,13 +47,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -82,9 +81,7 @@
                 "statPrefix": "ingress_upstream_8081",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8081"
@@ -111,13 +108,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/listeners/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden b/agent/xds/testdata/listeners/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden
index 774d0defabb4..74ec514a35b2 100644
--- a/agent/xds/testdata/listeners/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -49,13 +47,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -113,9 +112,7 @@
                 "statPrefix": "ingress_upstream_8081",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8081"
@@ -129,13 +126,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/listeners/ingress-with-http2-single-tls-listener.latest.golden b/agent/xds/testdata/listeners/ingress-with-http2-single-tls-listener.latest.golden
index 03bc6bc63399..a8767e662d76 100644
--- a/agent/xds/testdata/listeners/ingress-with-http2-single-tls-listener.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-http2-single-tls-listener.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -36,13 +34,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
@@ -69,9 +68,7 @@
                 "statPrefix": "ingress_upstream_8081",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8081"
@@ -85,13 +82,14 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions": {
-
-                }
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.latest.golden
index 7aa0d5d210a9..6be862ddbe72 100644
--- a/agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-sds-listener+service-level.latest.golden
@@ -25,9 +25,7 @@
                 "statPrefix": "ingress_upstream_8080_s1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080_s1"
@@ -41,10 +39,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -53,9 +54,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificateSdsSecretConfigs": [
                   {
                     "name": "s1.example.com-cert",
@@ -93,9 +92,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -109,10 +106,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -121,9 +121,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificateSdsSecretConfigs": [
                   {
                     "name": "*.example.com-cert",
diff --git a/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.latest.golden
index de06deebade4..21c9c2cecd13 100644
--- a/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-sds-listener-gw-level-http.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -36,10 +34,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -48,9 +49,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificateSdsSecretConfigs": [
                   {
                     "name": "listener-cert",
diff --git a/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.latest.golden
index 3faaddb8a2cc..6e3114fe3ac6 100644
--- a/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-no-tls.latest.golden
@@ -25,9 +25,7 @@
                 "statPrefix": "ingress_upstream_8080_s1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080_s1"
@@ -41,10 +39,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -53,9 +54,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificateSdsSecretConfigs": [
                   {
                     "name": "s1.example.com-cert",
@@ -93,9 +92,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -109,10 +106,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
diff --git a/agent/xds/testdata/listeners/ingress-with-sds-service-level.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-service-level.latest.golden
index c2ee37ccb197..2933c09318b3 100644
--- a/agent/xds/testdata/listeners/ingress-with-sds-service-level.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-sds-service-level.latest.golden
@@ -25,9 +25,7 @@
                 "statPrefix": "ingress_upstream_8080_s1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080_s1"
@@ -41,10 +39,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -53,9 +54,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificateSdsSecretConfigs": [
                   {
                     "name": "s1.example.com-cert",
@@ -98,9 +97,7 @@
                 "statPrefix": "ingress_upstream_8080_s2",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080_s2"
@@ -114,10 +111,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -126,9 +126,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificateSdsSecretConfigs": [
                   {
                     "name": "s2.example.com-cert",
diff --git a/agent/xds/testdata/listeners/ingress-with-single-tls-listener.latest.golden b/agent/xds/testdata/listeners/ingress-with-single-tls-listener.latest.golden
index 22edaf577d14..fb88e51fc0c9 100644
--- a/agent/xds/testdata/listeners/ingress-with-single-tls-listener.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-single-tls-listener.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -36,10 +34,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
@@ -66,9 +67,7 @@
                 "statPrefix": "ingress_upstream_8081",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8081"
@@ -82,10 +81,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden
index 7eac1ef3d6a7..00791b14f233 100644
--- a/agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -36,10 +34,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -96,9 +97,7 @@
                 "statPrefix": "ingress_upstream_8081",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8081"
@@ -112,10 +111,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -172,9 +174,7 @@
                 "statPrefix": "ingress_upstream_8082",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8082"
@@ -188,10 +188,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -248,9 +251,7 @@
                 "statPrefix": "ingress_upstream_8083",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8083"
@@ -264,10 +265,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -276,9 +280,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -324,9 +326,7 @@
                 "statPrefix": "ingress_upstream_8084",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8084"
@@ -340,10 +340,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
index e480318be9e9..ff9c69156331 100644
--- a/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
@@ -35,7 +35,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -109,7 +114,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.latest.golden
index 8e7894f8d3a5..da77ddc399f9 100644
--- a/agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-tls-mixed-listeners.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -36,10 +34,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -48,9 +49,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -96,9 +95,7 @@
                 "statPrefix": "ingress_upstream_9090",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "9090"
@@ -112,10 +109,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
index ecc1963a1bb3..77debfa56722 100644
--- a/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
@@ -35,7 +35,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -107,7 +112,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -179,7 +189,12 @@
                 ],
                 "tracing": {
                   "randomSampling": {}
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.latest.golden
index 802f47f4df36..1033abd06248 100644
--- a/agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-tls-mixed-min-version-listeners.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "ingress_upstream_8080",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8080"
@@ -36,10 +34,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -96,9 +97,7 @@
                 "statPrefix": "ingress_upstream_8081",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8081"
@@ -112,10 +111,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
@@ -172,9 +174,7 @@
                 "statPrefix": "ingress_upstream_8082",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "8082"
@@ -188,10 +188,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ],
diff --git a/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
index 1ed34afb91e5..5e2ff2a897dc 100644
--- a/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
+++ b/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
@@ -25,9 +25,7 @@
                 "statPrefix": "mesh_gateway_local_peered.db.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "db"
@@ -41,9 +39,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "SANITIZE_SET",
                 "setCurrentClientCertDetails": {
@@ -52,7 +48,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -61,9 +62,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http.latest.golden
index acb312116d12..acb9d896f69d 100644
--- a/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http.latest.golden
+++ b/agent/xds/testdata/listeners/mesh-gateway-with-exported-peered-services-http.latest.golden
@@ -25,9 +25,7 @@
                 "statPrefix": "mesh_gateway_local_peered.bar.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "bar"
@@ -41,9 +39,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "SANITIZE_SET",
                 "setCurrentClientCertDetails": {
@@ -52,7 +48,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -61,9 +62,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -115,9 +114,7 @@
                 "statPrefix": "mesh_gateway_local_peered.foo.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "foo"
@@ -131,9 +128,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "SANITIZE_SET",
                 "setCurrentClientCertDetails": {
@@ -142,7 +137,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -151,9 +151,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -205,9 +203,7 @@
                 "statPrefix": "mesh_gateway_local_peered.gir.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "gir"
@@ -221,9 +217,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "SANITIZE_SET",
                 "setCurrentClientCertDetails": {
@@ -232,7 +226,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -241,9 +240,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/splitter-with-resolver-redirect.latest.golden b/agent/xds/testdata/listeners/splitter-with-resolver-redirect.latest.golden
index 0eed52477d62..7f85cbeb7257 100644
--- a/agent/xds/testdata/listeners/splitter-with-resolver-redirect.latest.golden
+++ b/agent/xds/testdata/listeners/splitter-with-resolver-redirect.latest.golden
@@ -20,9 +20,7 @@
                 "statPrefix": "upstream.db.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "db"
@@ -36,10 +34,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
@@ -88,9 +89,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -108,9 +107,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/telemetry-collector.latest.golden b/agent/xds/testdata/listeners/telemetry-collector.latest.golden
index b97f7e043854..1c850d70c38c 100644
--- a/agent/xds/testdata/listeners/telemetry-collector.latest.golden
+++ b/agent/xds/testdata/listeners/telemetry-collector.latest.golden
@@ -1,184 +1,189 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "consul-telemetry-collector:/tmp/consul/telemetry-collector/gqmuzdHCUPAEY5mbF8vgkZCNI14.sock",
-      "address":  {
-        "pipe":  {
-          "path":  "/tmp/consul/telemetry-collector/gqmuzdHCUPAEY5mbF8vgkZCNI14.sock"
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "consul-telemetry-collector:/tmp/consul/telemetry-collector/gqmuzdHCUPAEY5mbF8vgkZCNI14.sock",
+      "address": {
+        "pipe": {
+          "path": "/tmp/consul/telemetry-collector/gqmuzdHCUPAEY5mbF8vgkZCNI14.sock"
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream.consul-telemetry-collector.default.default.dc1",
-                "routeConfig":  {
-                  "name":  "consul-telemetry-collector",
-                  "virtualHosts":  [
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "upstream.consul-telemetry-collector.default.default.dc1",
+                "routeConfig": {
+                  "name": "consul-telemetry-collector",
+                  "virtualHosts": [
                     {
-                      "name":  "consul-telemetry-collector.default.default.dc1",
-                      "domains":  [
+                      "name": "consul-telemetry-collector.default.default.dc1",
+                      "domains": [
                         "*"
                       ],
-                      "routes":  [
+                      "routes": [
                         {
-                          "match":  {
-                            "prefix":  "/"
+                          "match": {
+                            "prefix": "/"
                           },
-                          "route":  {
-                            "cluster":  "consul-telemetry-collector.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+                          "route": {
+                            "cluster": "consul-telemetry-collector.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
                           }
                         }
                       ]
                     }
                   ]
                 },
-                "httpFilters":  [
+                "httpFilters": [
                   {
-                    "name":  "envoy.filters.http.grpc_stats",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.grpc_stats.v3.FilterConfig",
-                      "statsForAllMethods":  true
+                    "name": "envoy.filters.http.grpc_stats",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_stats.v3.FilterConfig",
+                      "statsForAllMethods": true
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.grpc_http1_bridge",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config"
+                    "name": "envoy.filters.http.grpc_http1_bridge",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config"
                     }
                   },
                   {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing":  {
-                  "randomSampling":  {}
+                "tracing": {
+                  "randomSampling": {}
                 },
-                "http2ProtocolOptions":  {}
+                "http2ProtocolOptions": {},
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:127.0.0.1:9191",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9191
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "db:127.0.0.1:9191",
+      "address": {
+        "socketAddress": {
+          "address": "127.0.0.1",
+          "portValue": 9191
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.db.default.default.dc1",
-                "cluster":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.db.default.default.dc1",
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "prepared_query:geo-cache:127.10.10.10:8181",
+      "address": {
+        "socketAddress": {
+          "address": "127.10.10.10",
+          "portValue": 8181
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "upstream.prepared_query_geo-cache",
+                "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         }
       ],
-      "trafficDirection":  "OUTBOUND"
+      "trafficDirection": "OUTBOUND"
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "public_listener:0.0.0.0:9999",
+      "address": {
+        "socketAddress": {
+          "address": "0.0.0.0",
+          "portValue": 9999
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
+              "name": "envoy.filters.network.rbac",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules": {},
+                "statPrefix": "connect_authz"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "public_listener",
-                "cluster":  "local_app"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "public_listener",
+                "cluster": "local_app"
               }
             }
           ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
                   {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey": {
+                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext": {
+                  "trustedCa": {
+                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 }
               },
-              "requireClientCertificate":  true
+              "requireClientCertificate": true
             }
           }
         }
       ],
-      "trafficDirection":  "INBOUND"
+      "trafficDirection": "INBOUND"
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden
index 003860ddcd76..e4b6373c8766 100644
--- a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden
+++ b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden
@@ -22,9 +22,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -42,9 +40,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -76,9 +72,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -96,9 +90,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -130,9 +122,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -150,9 +140,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -187,9 +175,7 @@
                 "statPrefix": "upstream.web.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@@ -199,9 +185,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -212,9 +196,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "APPEND_FORWARD",
                 "setCurrentClientCertDetails": {
@@ -223,7 +205,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -232,9 +219,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -269,9 +254,7 @@
                 "statPrefix": "upstream.web.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@@ -281,9 +264,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -294,9 +275,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "APPEND_FORWARD",
                 "setCurrentClientCertDetails": {
@@ -305,7 +284,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -314,9 +298,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -351,9 +333,7 @@
                 "statPrefix": "upstream.web.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@@ -363,9 +343,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -376,9 +354,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "APPEND_FORWARD",
                 "setCurrentClientCertDetails": {
@@ -387,7 +363,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -396,9 +377,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/transparent-proxy-destination-http.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-destination-http.latest.golden
index b621f19ddc80..6af38eb77979 100644
--- a/agent/xds/testdata/listeners/transparent-proxy-destination-http.latest.golden
+++ b/agent/xds/testdata/listeners/transparent-proxy-destination-http.latest.golden
@@ -48,9 +48,7 @@
                 "statPrefix": "upstream.destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@@ -64,10 +62,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
@@ -84,9 +85,7 @@
                 "statPrefix": "upstream.destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@@ -100,10 +99,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
@@ -166,9 +168,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -186,9 +186,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden
index 7c4a0a622101..fa56fb8d3f02 100644
--- a/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden
+++ b/agent/xds/testdata/listeners/transparent-proxy-http-upstream.latest.golden
@@ -85,10 +85,13 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
                   }
-                }
+                ]
               }
             }
           ]
@@ -157,9 +160,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -177,9 +178,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway-destinations-only.latest.golden b/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway-destinations-only.latest.golden
index a56501250ef3..769b3bb49790 100644
--- a/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway-destinations-only.latest.golden
+++ b/agent/xds/testdata/listeners/transparent-proxy-terminating-gateway-destinations-only.latest.golden
@@ -22,9 +22,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -42,9 +40,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -79,9 +75,7 @@
                 "statPrefix": "upstream.external-IP-HTTP.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "destination.192-168-0-2.external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@@ -91,9 +85,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -104,9 +96,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "APPEND_FORWARD",
                 "setCurrentClientCertDetails": {
@@ -115,7 +105,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -124,9 +119,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -158,9 +151,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -178,9 +169,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -212,9 +201,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -232,9 +219,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -266,9 +251,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -286,9 +269,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -320,9 +301,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -340,9 +319,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -377,9 +354,7 @@
                 "statPrefix": "upstream.external-hostname-HTTP.default.default.dc1",
                 "rds": {
                   "configSource": {
-                    "ads": {
-
-                    },
+                    "ads": {},
                     "resourceApiVersion": "V3"
                   },
                   "routeConfigName": "destination.httpbin-org.external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@@ -389,9 +364,7 @@
                     "name": "envoy.filters.http.rbac",
                     "typedConfig": {
                       "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
-                      "rules": {
-
-                      }
+                      "rules": {}
                     }
                   },
                   {
@@ -402,9 +375,7 @@
                   }
                 ],
                 "tracing": {
-                  "randomSampling": {
-
-                  }
+                  "randomSampling": {}
                 },
                 "forwardClientCertDetails": "APPEND_FORWARD",
                 "setCurrentClientCertDetails": {
@@ -413,7 +384,12 @@
                   "chain": true,
                   "dns": true,
                   "uri": true
-                }
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
               }
             }
           ],
@@ -422,9 +398,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
@@ -456,9 +430,7 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {
-
-                },
+                "rules": {},
                 "statPrefix": "connect_authz"
               }
             },
@@ -476,9 +448,7 @@
             "typedConfig": {
               "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
               "commonTlsContext": {
-                "tlsParams": {
-
-                },
+                "tlsParams": {},
                 "tlsCertificates": [
                   {
                     "certificateChain": {
diff --git a/agent/xds/xds_protocol_helpers_test.go b/agent/xds/xds_protocol_helpers_test.go
index cfd91cb187b3..958a27474c44 100644
--- a/agent/xds/xds_protocol_helpers_test.go
+++ b/agent/xds/xds_protocol_helpers_test.go
@@ -677,6 +677,9 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 							Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{
 								RandomSampling: &envoy_type_v3.Percent{Value: 0},
 							},
+							UpgradeConfigs: []*envoy_http_v3.HttpConnectionManager_UpgradeConfig{
+								{UpgradeType: "websocket"},
+							},
 							Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{},
 						}),
 					},
@@ -705,6 +708,9 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 							Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{
 								RandomSampling: &envoy_type_v3.Percent{Value: 0},
 							},
+							UpgradeConfigs: []*envoy_http_v3.HttpConnectionManager_UpgradeConfig{
+								{UpgradeType: "websocket"},
+							},
 							Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{},
 						}),
 					},
@@ -733,6 +739,9 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 							Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{
 								RandomSampling: &envoy_type_v3.Percent{Value: 0},
 							},
+							UpgradeConfigs: []*envoy_http_v3.HttpConnectionManager_UpgradeConfig{
+								{UpgradeType: "websocket"},
+							},
 							// HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{},
 						}),
 					},

From 5cd287660a2a2f93a49bf4b7b7306b6823232780 Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Thu, 20 Jul 2023 16:34:36 -0400
Subject: [PATCH 196/359] docs: fix the description of client rpc (#18206)

---
 agent/consul/client.go                   |  6 +++---
 website/content/docs/agent/telemetry.mdx | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/agent/consul/client.go b/agent/consul/client.go
index 256e0e58e379..690797bb082c 100644
--- a/agent/consul/client.go
+++ b/agent/consul/client.go
@@ -33,15 +33,15 @@ import (
 var ClientCounters = []prometheus.CounterDefinition{
 	{
 		Name: []string{"client", "rpc"},
-		Help: "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server.",
+		Help: "Increments whenever a Consul agent makes an RPC request to a Consul server.",
 	},
 	{
 		Name: []string{"client", "rpc", "exceeded"},
-		Help: "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's limits configuration.",
+		Help: "Increments whenever a Consul agent makes an RPC request to a Consul server gets rate limited by that agent's limits configuration.",
 	},
 	{
 		Name: []string{"client", "rpc", "failed"},
-		Help: "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails.",
+		Help: "Increments whenever a Consul agent makes an RPC request to a Consul server and fails.",
 	},
 }
 
diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx
index eae1c1aa4239..a1ab4969ceed 100644
--- a/website/content/docs/agent/telemetry.mdx
+++ b/website/content/docs/agent/telemetry.mdx
@@ -163,9 +163,9 @@ you will need to apply a function such as InfluxDB's [`non_negative_difference()
 
 | Metric Name                  | Description                                                                                                                                                                       | Unit     | Type    |
 | :--------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- | :------ |
-| `consul.client.rpc`          | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server                                                                                         | requests | counter |
-| `consul.client.rpc.exceeded` | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/consul/docs/agent/config/config-files#limits) configuration. | requests | counter |
-| `consul.client.rpc.failed`   | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails.                                                                              | requests | counter |
+| `consul.client.rpc`          | Increments whenever a Consul agent makes an RPC request to a Consul server                                                                                         | requests | counter |
+| `consul.client.rpc.exceeded` | Increments whenever a Consul agent makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/consul/docs/agent/config/config-files#limits) configuration. | requests | counter |
+| `consul.client.rpc.failed`   | Increments whenever a Consul agent makes an RPC request to a Consul server and fails.                                                                              | requests | counter |
 
 **Why they're important:** These measurements indicate the current load created from a Consul agent, including when the load becomes high enough to be rate limited. A high RPC count, especially from `consul.client.rpcexceeded` meaning that the requests are being rate-limited, could imply a misconfigured Consul agent.
 
@@ -378,9 +378,9 @@ This is a full list of metrics emitted by Consul.
 | `consul.acl.blocked.{check,service}.deregistration`    | Increments whenever a deregistration fails for an entity (check or service) is blocked by an ACL.                                                                                                                                                                                                                                                                                                                          | requests             | counter |
 | `consul.acl.blocked.{check,node,service}.registration` | Increments whenever a registration fails for an entity (check, node or service) is blocked by an ACL.                                                                                                                                                                                                                                                                                                                      | requests             | counter |
 | `consul.api.http`                                      | This samples how long it takes to service the given HTTP request for the given verb and path. Includes labels for `path` and `method`. `path` does not include details like service or key names, for these an underscore will be present as a placeholder (eg. path=`v1.kv._`)                                                                                                                                            | ms                   | timer   |
-| `consul.client.rpc`                                    | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server. This gives a measure of how much a given agent is loading the Consul servers. Currently, this is only generated by agents in client mode, not Consul servers.                                                                                                                                                                   | requests             | counter |
-| `consul.client.rpc.exceeded`                           | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/consul/docs/agent/config/config-files#limits) configuration. This gives an indication that there's an abusive application making too many requests on the agent, or that the rate limit needs to be increased. Currently, this only applies to agents in client mode, not Consul servers. | rejected requests    | counter |
-| `consul.client.rpc.failed`                             | Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails.                                                                                                                                                                                                                                                                                                                       | requests             | counter |
+| `consul.client.rpc`                                    | Increments whenever a Consul agent makes an RPC request to a Consul server. This gives a measure of how much a given agent is loading the Consul servers. Currently, this is only generated by agents in client mode, not Consul servers.                                                                                                                                                                   | requests             | counter |
+| `consul.client.rpc.exceeded`                           | Increments whenever a Consul agent makes an RPC request to a Consul server gets rate limited by that agent's [`limits`](/consul/docs/agent/config/config-files#limits) configuration. This gives an indication that there's an abusive application making too many requests on the agent, or that the rate limit needs to be increased. Currently, this only applies to agents in client mode, not Consul servers. | rejected requests    | counter |
+| `consul.client.rpc.failed`                             | Increments whenever a Consul agent makes an RPC request to a Consul server and fails.                                                                                                                                                                                                                                                                                                                       | requests             | counter |
 | `consul.client.api.catalog_register`                   | Increments whenever a Consul agent receives a catalog register request.                                                                                                                                                                                                                                                                                                                                                    | requests             | counter |
 | `consul.client.api.success.catalog_register`           | Increments whenever a Consul agent successfully responds to a catalog register request.                                                                                                                                                                                                                                                                                                                                    | requests             | counter |
 | `consul.client.rpc.error.catalog_register`             | Increments whenever a Consul agent receives an RPC error for a catalog register request.                                                                                                                                                                                                                                                                                                                                   | errors               | counter |

From 7e6ce76fcd22fac03036a9d8b500437a4e90927a Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Thu, 20 Jul 2023 16:35:23 -0400
Subject: [PATCH 197/359] NET-4804: Add dashboard for monitoring consul-k8s
 (#18208)

---
 grafana/README.md                             |    4 +
 .../consul-k8s-control-plane-monitoring.json  | 3111 +++++++++++++++++
 2 files changed, 3115 insertions(+)
 create mode 100644 grafana/consul-k8s-control-plane-monitoring.json

diff --git a/grafana/README.md b/grafana/README.md
index b3dec68183a9..2e8b2b588b75 100644
--- a/grafana/README.md
+++ b/grafana/README.md
@@ -9,3 +9,7 @@ The page for publishing this dashboard is https://grafana.com/grafana/dashboards
     - Click "share" and export for external publishing
     - Login to Grafana via the team account (message a manager)
     - Publish as a new version, including change notes.
+
+### Grafana dashboard for consul-k8s (control plane)
+
+A grafana dashboard for monitoring consul-k8s (control plane) can also be found in this directory: `consul-k8s-control-plane-monitoring.json`. This dashboard has not been published to https://grafana.com.
diff --git a/grafana/consul-k8s-control-plane-monitoring.json b/grafana/consul-k8s-control-plane-monitoring.json
new file mode 100644
index 000000000000..a00f80b083dd
--- /dev/null
+++ b/grafana/consul-k8s-control-plane-monitoring.json
@@ -0,0 +1,3111 @@
+{
+      "annotations": {
+        "list": [
+          {
+            "builtIn": 1,
+            "datasource": {
+              "type": "grafana",
+              "uid": "-- Grafana --"
+            },
+            "enable": true,
+            "hide": true,
+            "iconColor": "rgba(0, 211, 255, 1)",
+            "name": "Annotations & Alerts",
+            "target": {
+              "limit": 100,
+              "matchAny": false,
+              "tags": [],
+              "type": "dashboard"
+            },
+            "type": "dashboard"
+          }
+        ]
+      },
+      "editable": true,
+      "fiscalYearStartMonth": 0,
+      "graphTooltip": 0,
+      "id": 8,
+      "links": [],
+      "liveNow": false,
+      "panels": [
+        {
+          "collapsed": false,
+          "gridPos": {
+            "h": 1,
+            "w": 24,
+            "x": 0,
+            "y": 0
+          },
+          "id": 16,
+          "panels": [],
+          "title": "Cluster Status",
+          "type": "row"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "PBFA97CFB590B2093"
+          },
+          "fieldConfig": {
+            "defaults": {
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "short"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 6,
+            "x": 0,
+            "y": 1
+          },
+          "id": 10,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "last"
+              ],
+              "fields": "",
+              "limit": 1,
+              "values": true
+            },
+            "textMode": "auto"
+          },
+          "pluginVersion": "9.5.5",
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "consul_consul_server_0_members_servers{pod=\"consul-server-0\"}",
+              "hide": false,
+              "instant": true,
+              "legendFormat": "__auto",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Number of Consul Servers",
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "PBFA97CFB590B2093"
+          },
+          "description": "No data in agentless mode",
+          "fieldConfig": {
+            "defaults": {
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "short"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 8,
+            "x": 6,
+            "y": 1
+          },
+          "id": 29,
+          "options": {
+            "colorMode": "value",
+            "graphMode": "none",
+            "justifyMode": "auto",
+            "orientation": "auto",
+            "reduceOptions": {
+              "calcs": [
+                "last"
+              ],
+              "fields": "",
+              "values": false
+            },
+            "textMode": "auto"
+          },
+          "pluginVersion": "9.5.5",
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "count(kube_pod_container_resource_limits{pod=~\"consul-client-.*\", container=\"consul\", resource=\"memory\"})",
+              "hide": false,
+              "instant": true,
+              "legendFormat": "__auto",
+              "range": false,
+              "refId": "A"
+            }
+          ],
+          "title": "Number of Consul Clients (No data in agentless mode)",
+          "type": "stat"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "PBFA97CFB590B2093"
+          },
+          "description": "Must be 1",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "auto",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "mappings": [],
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 1
+                  }
+                ]
+              }
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 10,
+            "x": 14,
+            "y": 1
+          },
+          "id": 12,
+          "options": {
+            "legend": {
+              "calcs": [],
+              "displayMode": "list",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "single",
+              "sort": "none"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "editorMode": "code",
+              "exemplar": false,
+              "expr": "sum({__name__=~\".+server_isLeader\"})",
+              "instant": false,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Number of Leader (1: Healthy)",
+          "type": "timeseries"
+        },
+        {
+          "collapsed": true,
+          "gridPos": {
+            "h": 1,
+            "w": 24,
+            "x": 0,
+            "y": 9
+          },
+          "id": 40,
+          "panels": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 0,
+                "y": 10
+              },
+              "id": 22,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "builder",
+                  "expr": "consul_raft_leader_lastContact{quantile=\"0.5\"}",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                },
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "consul_raft_leader_lastContact{quantile=\"0.99\"}",
+                  "hide": false,
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "B"
+                }
+              ],
+              "title": "Raft Leader LastContact 99th and 50th (ms)",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "Use consul.raft.rpc.appendEntries to understand how long it takes a follower node to process newly received Raft logs from the leader. Like consul.raft.commitTime, increases in this metric can indicate higher load on your Consul servers, and come with a risk of stale data. Since this metric is exposed within each follower, you should aggregate it as both an average (to track overall load on your Raft servers) and a percentile (to watch for outlier nodes).",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 12,
+                "y": 10
+              },
+              "id": 18,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "consul_raft_rpc_appendEntries{quantile=\"0.99\"}",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                },
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "consul_raft_rpc_appendEntries{quantile=\"0.5\"}",
+                  "hide": false,
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "B"
+                }
+              ],
+              "title": "Follower Append Entries Latency 99th and 50th (ms)",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 0,
+                "y": 18
+              },
+              "id": 20,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "consul_raft_commitTime{quantile=\"0.99\"}",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                },
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "consul_raft_commitTime{quantile=\"0.5\"}",
+                  "hide": false,
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "B"
+                }
+              ],
+              "title": "Leader Raft Commit Latency 99th and 50th (ms)",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 12,
+                "y": 18
+              },
+              "id": 46,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_raft_fsm_apply_sum[5m])\n/\nrate(consul_raft_fsm_apply_count[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Average Raft FSM Apply Latency per 5 minutes (ms)",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 0,
+                "y": 26
+              },
+              "id": 47,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "sum(rate(consul_raft_apply[5m]))",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Raft Apply Rate per 5 minutes",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "An approximate measurement of the proportion of time the main Raft goroutine is busy and unavailable to accept new work.",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 12,
+                "y": 26
+              },
+              "id": 41,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "builder",
+                  "expr": "consul_raft_thread_main_saturation{pod=~\"consul-server-.*\",quantile=\"0.9\"}",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Raft thread main saturation (percentage)",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "An approximate measurement of the proportion of time the FSM Raft goroutine is busy and unavailable to accept new work.",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 0,
+                "y": 34
+              },
+              "id": 42,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "builder",
+                  "expr": "consul_raft_thread_fsm_saturation{pod=~\"consul-server-.*\", quantile=\"0.9\"}",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Raft thread FSM saturation (percentage)",
+              "type": "timeseries"
+            }
+          ],
+          "title": "Raft",
+          "type": "row"
+        },
+        {
+          "collapsed": true,
+          "gridPos": {
+            "h": 1,
+            "w": 24,
+            "x": 0,
+            "y": 10
+          },
+          "id": 43,
+          "panels": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "Measures the time spent updating the raft store from the serf member information.",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 0,
+                "y": 11
+              },
+              "id": 44,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_leader_reconcile_sum{pod=~\"consul-server-.*\"}[5m])\n/ \nrate(consul_leader_reconcile_count{pod=~\"consul-server-.*\"}[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Average latency of leader reconcile per 5 minutes (ms)",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "Increments whenever a Consul server becomes a leader.",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 12,
+                "y": 11
+              },
+              "id": 45,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "sum(consul_raft_state_leader{pod=~\"consul-server-.*\"})",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Count of a new leader elected [so far] (increasing only)",
+              "type": "timeseries"
+            }
+          ],
+          "title": "Leadership Changes",
+          "type": "row"
+        },
+        {
+          "collapsed": true,
+          "gridPos": {
+            "h": 1,
+            "w": 24,
+            "x": 0,
+            "y": 11
+          },
+          "id": 14,
+          "panels": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 15,
+                "x": 0,
+                "y": 12
+              },
+              "id": 6,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "builder",
+                  "expr": "rate(container_cpu_usage_seconds_total{container=\"consul\", pod=~\"consul-server-.*\"}[5m])",
+                  "hide": false,
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                },
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "builder",
+                  "expr": "kube_pod_container_resource_limits{resource=\"cpu\", container=\"consul\"}",
+                  "hide": true,
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "B"
+                }
+              ],
+              "title": "CPU Usage in Seconds (Consul servers)",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "All consul servers have the same limit",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "thresholds"
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 9,
+                "x": 15,
+                "y": 12
+              },
+              "id": 4,
+              "options": {
+                "orientation": "auto",
+                "reduceOptions": {
+                  "calcs": [
+                    "lastNotNull"
+                  ],
+                  "fields": "",
+                  "values": false
+                },
+                "showThresholdLabels": false,
+                "showThresholdMarkers": true
+              },
+              "pluginVersion": "9.5.5",
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "builder",
+                  "exemplar": false,
+                  "expr": "kube_pod_container_resource_limits{resource=\"cpu\", pod=\"consul-server-0\"}",
+                  "instant": true,
+                  "legendFormat": "__auto",
+                  "range": false,
+                  "refId": "A"
+                }
+              ],
+              "title": "CPU Limit in Seconds (Consul Servers)",
+              "type": "gauge"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  },
+                  "unit": "bytes"
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 15,
+                "x": 0,
+                "y": 20
+              },
+              "id": 2,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "builder",
+                  "expr": "container_memory_working_set_bytes{container=\"consul\", pod=~\"consul-server-.*\"}",
+                  "hide": false,
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Memory Usage (Consul servers)",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "All consul servers have the same limit",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "continuous-BlYlRd"
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  },
+                  "unit": "bytes"
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 9,
+                "x": 15,
+                "y": 20
+              },
+              "id": 8,
+              "options": {
+                "orientation": "auto",
+                "reduceOptions": {
+                  "calcs": [
+                    "lastNotNull"
+                  ],
+                  "fields": "",
+                  "values": false
+                },
+                "showThresholdLabels": false,
+                "showThresholdMarkers": true
+              },
+              "pluginVersion": "9.5.5",
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "exemplar": false,
+                  "expr": "kube_pod_container_resource_limits{resource=\"memory\", pod=\"consul-server-0\"}",
+                  "instant": true,
+                  "legendFormat": "__auto",
+                  "range": false,
+                  "refId": "A"
+                }
+              ],
+              "title": "Memory Limit (Consul Servers)",
+              "type": "gauge"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  },
+                  "unit": "bytes"
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 15,
+                "x": 0,
+                "y": 28
+              },
+              "id": 48,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "sum(rate(container_network_receive_bytes_total{pod=~\"consul-server-.*\"}[5m])) by (pod)",
+                  "hide": false,
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Received bytes total per 5 minutes (Consul servers)",
+              "type": "timeseries"
+            }
+          ],
+          "title": "Resource Utilization (Consul Servers)",
+          "type": "row"
+        },
+        {
+          "collapsed": true,
+          "gridPos": {
+            "h": 1,
+            "w": 24,
+            "x": 0,
+            "y": 12
+          },
+          "id": 24,
+          "panels": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green",
+                        "value": null
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 15,
+                "x": 0,
+                "y": 13
+              },
+              "id": 26,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(container_cpu_usage_seconds_total{container=\"consul\", pod=~\"consul-client-.*\"}[5m])",
+                  "hide": false,
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                },
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "builder",
+                  "expr": "kube_pod_container_resource_limits{resource=\"cpu\", container=\"consul\"}",
+                  "hide": true,
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "B"
+                }
+              ],
+              "title": "CPU Usage in Seconds (Consul Clients)",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "All consul clients have the same limit",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "thresholds"
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green",
+                        "value": null
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 9,
+                "x": 15,
+                "y": 13
+              },
+              "id": 28,
+              "options": {
+                "orientation": "auto",
+                "reduceOptions": {
+                  "calcs": [
+                    "lastNotNull"
+                  ],
+                  "fields": "",
+                  "values": false
+                },
+                "showThresholdLabels": false,
+                "showThresholdMarkers": true
+              },
+              "pluginVersion": "9.5.5",
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "exemplar": false,
+                  "expr": "max(kube_pod_container_resource_limits{resource=\"cpu\", pod=~\"consul-client-.*\"})",
+                  "instant": true,
+                  "legendFormat": "__auto",
+                  "range": false,
+                  "refId": "A"
+                }
+              ],
+              "title": "CPU Limit in Seconds (Consul Clients)",
+              "type": "gauge"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green",
+                        "value": null
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  },
+                  "unit": "bytes"
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 15,
+                "x": 0,
+                "y": 21
+              },
+              "id": 23,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "container_memory_working_set_bytes{container=\"consul\", pod=~\"consul-client-.*\"}",
+                  "hide": false,
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Memory Usage (Consul clients)",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "All consul servers have the same limit",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "continuous-BlYlRd"
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green",
+                        "value": null
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  },
+                  "unit": "bytes"
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 9,
+                "x": 15,
+                "y": 21
+              },
+              "id": 25,
+              "options": {
+                "orientation": "auto",
+                "reduceOptions": {
+                  "calcs": [
+                    "lastNotNull"
+                  ],
+                  "fields": "",
+                  "values": false
+                },
+                "showThresholdLabels": false,
+                "showThresholdMarkers": true
+              },
+              "pluginVersion": "9.5.5",
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "exemplar": false,
+                  "expr": "max(kube_pod_container_resource_limits{resource=\"memory\", pod=~\"consul-client-.*\"})",
+                  "instant": true,
+                  "legendFormat": "__auto",
+                  "range": false,
+                  "refId": "A"
+                }
+              ],
+              "title": "Memory Limit (Consul Clients)",
+              "type": "gauge"
+            }
+          ],
+          "title": "Resource Utilization (Consul Clients) - N/A in agentless mode",
+          "type": "row"
+        },
+        {
+          "collapsed": true,
+          "gridPos": {
+            "h": 1,
+            "w": 24,
+            "x": 0,
+            "y": 13
+          },
+          "id": 33,
+          "panels": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 0,
+                "y": 14
+              },
+              "id": 37,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_client_rpc{namespace=\"consul\"}[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Rate of RPC requests per 5 minutes - client side ",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "Increments when a server accepts an RPC connection.",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 12,
+                "y": 14
+              },
+              "id": 36,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_rpc_accept_conn{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "RPC Accept Connection Count Rate per 5 minutes - server side",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails.",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 0,
+                "y": 22
+              },
+              "id": 39,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_client_rpc_failed{namespace=\"consul\"}[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Rate of Failed RPC requests per 5 minutes - client side ",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "Increments when a server receives a Consul-related RPC request.",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 12,
+                "y": 22
+              },
+              "id": 32,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_rpc_request{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Rate of RPC requests per 5 minutes - server side",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's limits configuration.",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 0,
+                "y": 30
+              },
+              "id": 38,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_client_rpc_exceeded{namespace=\"consul\"}[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Rate of Exceeded RPC requests per 5 minutes - client side ",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "Increments when a server returns an error from an RPC request.",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green"
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 12,
+                "y": 30
+              },
+              "id": 35,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_rpc_request_error{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Error rate of RPC requests per 5 minutes - server side",
+              "type": "timeseries"
+            }
+          ],
+          "title": "RPC",
+          "type": "row"
+        },
+        {
+          "collapsed": true,
+          "gridPos": {
+            "h": 1,
+            "w": 24,
+            "x": 0,
+            "y": 14
+          },
+          "id": 30,
+          "panels": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green",
+                        "value": null
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 0,
+                "y": 15
+              },
+              "id": 31,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "sum(rate(consul_catalog_register_count{pod=~\"consul-server-.*\"}[5m]))",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Catalog Register Count per 5 minutes",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green",
+                        "value": null
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 12,
+                "y": 15
+              },
+              "id": 34,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_catalog_register_sum{pod=~\"consul-server-.*\"}[5m])\n/\nrate(consul_catalog_register_count{pod=~\"consul-server-.*\"}[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Average latency of catalog register per 5 minutes (ms)",
+              "type": "timeseries"
+            }
+          ],
+          "title": "Feature: Catalog",
+          "type": "row"
+        },
+        {
+          "collapsed": true,
+          "gridPos": {
+            "h": 1,
+            "w": 24,
+            "x": 0,
+            "y": 15
+          },
+          "id": 49,
+          "panels": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green",
+                        "value": null
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 0,
+                "y": 16
+              },
+              "id": 50,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "sum(rate(consul_acl_ResolveToken_count{pod=~\"consul-server-.*\"}[5m]))",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "ACL Token Resolve Count per 5 minutes",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green",
+                        "value": null
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 12,
+                "y": 16
+              },
+              "id": 51,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_acl_ResolveToken_sum{pod=~\"consul-server-.*\"}[5m])/rate(consul_acl_ResolveToken_count{pod=~\"consul-server-.*\"}[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Average latency of resolving ACL token per 5 minutes (ms)",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green",
+                        "value": null
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 0,
+                "y": 24
+              },
+              "id": 52,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_acl_token_cache_hit{pod=~\"consul-server-.*\"}[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Rate of ACL token cache hit per 5 minutes",
+              "type": "timeseries"
+            },
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "PBFA97CFB590B2093"
+              },
+              "description": "",
+              "fieldConfig": {
+                "defaults": {
+                  "color": {
+                    "mode": "palette-classic"
+                  },
+                  "custom": {
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                      "legend": false,
+                      "tooltip": false,
+                      "viz": false
+                    },
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                      "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                      "group": "A",
+                      "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                      "mode": "off"
+                    }
+                  },
+                  "mappings": [],
+                  "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                      {
+                        "color": "green",
+                        "value": null
+                      },
+                      {
+                        "color": "red",
+                        "value": 80
+                      }
+                    ]
+                  }
+                },
+                "overrides": []
+              },
+              "gridPos": {
+                "h": 8,
+                "w": 12,
+                "x": 12,
+                "y": 24
+              },
+              "id": 53,
+              "options": {
+                "legend": {
+                  "calcs": [],
+                  "displayMode": "list",
+                  "placement": "bottom",
+                  "showLegend": true
+                },
+                "tooltip": {
+                  "mode": "single",
+                  "sort": "none"
+                }
+              },
+              "targets": [
+                {
+                  "datasource": {
+                    "type": "prometheus",
+                    "uid": "PBFA97CFB590B2093"
+                  },
+                  "editorMode": "code",
+                  "expr": "rate(consul_acl_token_cache_miss{pod=~\"consul-server-.*\"}[5m])",
+                  "legendFormat": "__auto",
+                  "range": true,
+                  "refId": "A"
+                }
+              ],
+              "title": "Rate of ACL token cache miss per 5 minutes",
+              "type": "timeseries"
+            }
+          ],
+          "title": "ACL",
+          "type": "row"
+        }
+      ],
+      "refresh": "5s",
+      "revision": 1,
+      "schemaVersion": 38,
+      "style": "dark",
+      "tags": [],
+      "templating": {
+        "list": []
+      },
+      "time": {
+        "from": "now-30m",
+        "to": "now"
+      },
+      "timepicker": {},
+      "timezone": "",
+      "title": "Consul K8s monitoring (control plane)",
+      "weekStart": ""
+    }
\ No newline at end of file

From 279376170201a363425285302796a6079c1b52bd Mon Sep 17 00:00:00 2001
From: Dan Stough <dan.stough@hashicorp.com>
Date: Thu, 20 Jul 2023 18:02:21 -0400
Subject: [PATCH 198/359] [OSS] Improve xDS Code Coverage - Clusters  (#18165)

test: improve xDS cluster code coverage
---
 agent/proxycfg/testing_peering.go             |  67 +++++-
 agent/xds/clusters.go                         |  43 +---
 agent/xds/clusters_test.go                    | 101 ++++++++-
 agent/xds/failover_policy.go                  |   2 +-
 agent/xds/listeners.go                        |   2 +-
 agent/xds/resources_test.go                   |  14 +-
 agent/xds/routes.go                           |   4 +-
 ...nnect-proxy-with-chain-http2.latest.golden | 135 ++++++++++++
 ...-upstreams-escape-overrides.latest.golden} |  22 +-
 ...-with-peered-upstreams-http2.latest.golden | 163 ++++++++++++++
 ...upstream-with-prepared-query.latest.golden | 136 ++++++++++++
 ...nnect-proxy-with-chain-http2.latest.golden | 135 ++++++++++++
 .../clusters/expose-checks.latest.golden      |  57 +++++
 ...efaults-passive-health-check.latest.golden |  13 +-
 ...efaults-passive-health-check.latest.golden |  13 +-
 ...service-passive-health-check.latest.golden |  83 ++++---
 ...ing-federation-control-plane.latest.golden | 205 ++++++++++++++++++
 ...ith-imported-peered-services.latest.golden |  68 +++---
 ...-upstreams-escape-overrides.latest.golden} |   0
 ...-with-peered-upstreams-http2.latest.golden |  29 +++
 ...-upstreams-escape-overrides.latest.golden} |   0
 ...-with-peered-upstreams-http2.latest.golden | 189 ++++++++++++++++
 ...ing-federation-control-plane.latest.golden |   2 +-
 ...-upstreams-escape-overrides.latest.golden} |   0
 ...-with-peered-upstreams-http2.latest.golden |   5 +
 ...d-upstreams-escape-overrides.latest.golden |   5 +
 ...-with-peered-upstreams-http2.latest.golden |   5 +
 27 files changed, 1324 insertions(+), 174 deletions(-)
 create mode 100644 agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden
 rename agent/xds/testdata/clusters/{connect-proxy-with-peered-upstreams-listener-override.latest.golden => connect-proxy-with-peered-upstreams-escape-overrides.latest.golden} (92%)
 create mode 100644 agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden
 create mode 100644 agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden
 create mode 100644 agent/xds/testdata/clusters/enterprise-connect-proxy-with-chain-http2.latest.golden
 create mode 100644 agent/xds/testdata/clusters/expose-checks.latest.golden
 create mode 100644 agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden
 rename agent/xds/testdata/endpoints/{connect-proxy-with-peered-upstreams-listener-override.latest.golden => connect-proxy-with-peered-upstreams-escape-overrides.latest.golden} (100%)
 create mode 100644 agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-http2.latest.golden
 rename agent/xds/testdata/listeners/{connect-proxy-with-peered-upstreams-listener-override.latest.golden => connect-proxy-with-peered-upstreams-escape-overrides.latest.golden} (100%)
 create mode 100644 agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-http2.latest.golden
 rename agent/xds/testdata/routes/{connect-proxy-with-peered-upstreams-listener-override.latest.golden => connect-proxy-with-peered-upstreams-escape-overrides.latest.golden} (100%)
 create mode 100644 agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-http2.latest.golden
 create mode 100644 agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
 create mode 100644 agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-http2.latest.golden

diff --git a/agent/proxycfg/testing_peering.go b/agent/proxycfg/testing_peering.go
index afa7503923e7..39d7363606fd 100644
--- a/agent/proxycfg/testing_peering.go
+++ b/agent/proxycfg/testing_peering.go
@@ -15,14 +15,18 @@ import (
 )
 
 func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot {
-	return testConfigSnapshot(t, false)
+	return testConfigSnapshot(t, false, false)
 }
 
-func TestConfigSnapshotPeeringWithListenerOverride(t testing.T) *ConfigSnapshot {
-	return testConfigSnapshot(t, true)
+func TestConfigSnapshotPeeringWithEscapeOverrides(t testing.T) *ConfigSnapshot {
+	return testConfigSnapshot(t, true, false)
 }
 
-func testConfigSnapshot(t testing.T, listenerOverride bool) *ConfigSnapshot {
+func TestConfigSnapshotPeeringWithHTTP2(t testing.T) *ConfigSnapshot {
+	return testConfigSnapshot(t, false, true)
+}
+
+func testConfigSnapshot(t testing.T, escapeOverride bool, useHTTP2 bool) *ConfigSnapshot {
 	var (
 		paymentsUpstream = structs.Upstream{
 			DestinationName: "payments",
@@ -39,6 +43,11 @@ func testConfigSnapshot(t testing.T, listenerOverride bool) *ConfigSnapshot {
 		refundsUID = NewUpstreamID(&refundsUpstream)
 	)
 
+	protocol := "tcp"
+	if useHTTP2 {
+		protocol = "http2"
+	}
+
 	const peerTrustDomain = "1c053652-8512-4373-90cf-5a7f6263a994.consul"
 
 	return TestConfigSnapshot(t, func(ns *structs.NodeService) {
@@ -47,7 +56,7 @@ func testConfigSnapshot(t testing.T, listenerOverride bool) *ConfigSnapshot {
 			refundsUpstream,
 		}
 
-		if listenerOverride {
+		if escapeOverride {
 			if ns.Proxy.Upstreams[0].Config == nil {
 				ns.Proxy.Upstreams[0].Config = map[string]interface{}{}
 			}
@@ -58,6 +67,10 @@ func testConfigSnapshot(t testing.T, listenerOverride bool) *ConfigSnapshot {
 				customListenerJSON(t, customListenerJSONOptions{
 					Name: uid.EnvoyID() + ":custom-upstream",
 				})
+			ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] =
+				customClusterJSON(t, customClusterJSONOptions{
+					Name: uid.EnvoyID() + ":custom-upstream",
+				})
 		}
 
 	}, []UpdateEvent{
@@ -98,7 +111,7 @@ func testConfigSnapshot(t testing.T, listenerOverride bool) *ConfigSnapshot {
 									SpiffeID: []string{
 										"spiffe://" + peerTrustDomain + "/ns/default/dc/cloud-dc/svc/payments",
 									},
-									Protocol: "tcp",
+									Protocol: protocol,
 								},
 							},
 						},
@@ -127,7 +140,7 @@ func testConfigSnapshot(t testing.T, listenerOverride bool) *ConfigSnapshot {
 									SpiffeID: []string{
 										"spiffe://" + peerTrustDomain + "/ns/default/dc/cloud-dc/svc/refunds",
 									},
-									Protocol: "tcp",
+									Protocol: protocol,
 								},
 							},
 						},
@@ -456,3 +469,43 @@ const customListenerJSONTpl = `{
 		}
 	]
 }`
+
+type customClusterJSONOptions struct {
+	Name       string
+	TLSContext string
+}
+
+var customClusterJSONTpl = `{
+	"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+	"name": "{{ .Name }}",
+	"connectTimeout": "15s",
+	"loadAssignment": {
+		"clusterName": "{{ .Name }}",
+		"endpoints": [
+			{
+				"lbEndpoints": [
+					{
+						"endpoint": {
+							"address": {
+								"socketAddress": {
+									"address": "1.2.3.4",
+									"portValue": 8443
+								}
+							}
+						}
+					}
+				]
+			}
+		]
+	}
+}`
+
+var customClusterJSONTemplate = template.Must(template.New("").Parse(customClusterJSONTpl))
+
+func customClusterJSON(t testing.T, opts customClusterJSONOptions) string {
+	t.Helper()
+	var buf bytes.Buffer
+	err := customClusterJSONTemplate.Execute(&buf, opts)
+	require.NoError(t, err)
+	return buf.String()
+}
diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go
index dc8245627b0c..d4016eabb2b4 100644
--- a/agent/xds/clusters.go
+++ b/agent/xds/clusters.go
@@ -808,27 +808,6 @@ func (s *ResourceGenerator) makeGatewayOutgoingClusterPeeringServiceClusters(cfg
 			}
 			cluster := s.makeGatewayCluster(cfgSnap, opts)
 
-			if serviceGroup.UseCDS {
-				configureClusterWithHostnames(
-					s.Logger,
-					cluster,
-					"", /*TODO:make configurable?*/
-					serviceGroup.Nodes,
-					true,  /*isRemote*/
-					false, /*onlyPassing*/
-				)
-			} else {
-				cluster.ClusterDiscoveryType = &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_EDS}
-				cluster.EdsClusterConfig = &envoy_cluster_v3.Cluster_EdsClusterConfig{
-					EdsConfig: &envoy_core_v3.ConfigSource{
-						ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
-						ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{
-							Ads: &envoy_core_v3.AggregatedConfigSource{},
-						},
-					},
-				}
-			}
-
 			clusters = append(clusters, cluster)
 		}
 	}
@@ -1062,11 +1041,6 @@ func (s *ResourceGenerator) configIngressUpstreamCluster(c *envoy_cluster_v3.Clu
 	}
 	outlierDetection := ToOutlierDetection(cfgSnap.IngressGateway.Defaults.PassiveHealthCheck, override, false)
 
-	// Specail handling for failover peering service, which has set MaxEjectionPercent
-	if c.OutlierDetection != nil && c.OutlierDetection.MaxEjectionPercent != nil {
-		outlierDetection.MaxEjectionPercent = &wrapperspb.UInt32Value{Value: c.OutlierDetection.MaxEjectionPercent.Value}
-	}
-
 	c.OutlierDetection = outlierDetection
 }
 
@@ -1445,7 +1419,7 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain(
 		// These variables are prefixed with primary to avoid shaddowing bugs.
 		primaryTargetID := node.Resolver.Target
 		primaryTarget := chain.Targets[primaryTargetID]
-		primaryTargetClusterName := s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway, false)
+		primaryTargetClusterName := s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway)
 		if primaryTargetClusterName == "" {
 			continue
 		}
@@ -1677,11 +1651,6 @@ func makeClusterFromUserConfig(configJSON string) (*envoy_cluster_v3.Cluster, er
 	return &c, err
 }
 
-type addressPair struct {
-	host string
-	port int
-}
-
 type clusterOpts struct {
 	// name for the cluster
 	name string
@@ -2054,12 +2023,7 @@ func generatePeeredClusterName(uid proxycfg.UpstreamID, tb *pbpeering.PeeringTru
 	}, ".")
 }
 
-type targetClusterData struct {
-	targetID    string
-	clusterName string
-}
-
-func (s *ResourceGenerator) getTargetClusterName(upstreamsSnapshot *proxycfg.ConfigSnapshotUpstreams, chain *structs.CompiledDiscoveryChain, tid string, forMeshGateway bool, failover bool) string {
+func (s *ResourceGenerator) getTargetClusterName(upstreamsSnapshot *proxycfg.ConfigSnapshotUpstreams, chain *structs.CompiledDiscoveryChain, tid string, forMeshGateway bool) string {
 	target := chain.Targets[tid]
 	clusterName := target.Name
 	targetUID := proxycfg.NewUpstreamIDFromTargetID(tid)
@@ -2078,9 +2042,6 @@ func (s *ResourceGenerator) getTargetClusterName(upstreamsSnapshot *proxycfg.Con
 		clusterName = generatePeeredClusterName(targetUID, tbs)
 	}
 	clusterName = CustomizeClusterName(clusterName, chain)
-	if failover {
-		clusterName = xdscommon.FailoverClusterNamePrefix + clusterName
-	}
 	if forMeshGateway {
 		clusterName = meshGatewayExportedClusterNamePrefix + clusterName
 	}
diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
index 954aad7756f0..0db68eab26ce 100644
--- a/agent/xds/clusters_test.go
+++ b/agent/xds/clusters_test.go
@@ -32,6 +32,10 @@ type clusterTestCase struct {
 	overrideGoldenName string
 }
 
+func uint32ptr(i uint32) *uint32 {
+	return &i
+}
+
 func makeClusterDiscoChainTests(enterprise bool) []clusterTestCase {
 	return []clusterTestCase{
 		{
@@ -51,6 +55,14 @@ func makeClusterDiscoChainTests(enterprise bool) []clusterTestCase {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
 			},
 		},
+		{
+			name: "connect-proxy-with-chain-http2",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, func(ns *structs.NodeService) {
+					ns.Proxy.Upstreams[0].Config["protocol"] = "http2"
+				}, nil)
+			},
+		},
 		{
 			name: "connect-proxy-with-chain-external-sni",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -313,6 +325,42 @@ func TestClustersFromSnapshot(t *testing.T) {
 				}, nil)
 			},
 		},
+		{
+			name: "custom-upstream-with-prepared-query",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) {
+					for i := range ns.Proxy.Upstreams {
+
+						switch ns.Proxy.Upstreams[i].DestinationName {
+						case "db":
+							if ns.Proxy.Upstreams[i].Config == nil {
+								ns.Proxy.Upstreams[i].Config = map[string]interface{}{}
+							}
+
+							uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i])
+
+							// Triggers an override with the presence of the escape hatch listener
+							ns.Proxy.Upstreams[i].DestinationType = structs.UpstreamDestTypePreparedQuery
+
+							ns.Proxy.Upstreams[i].Config["envoy_cluster_json"] =
+								customClusterJSON(t, customClusterJSONOptions{
+									Name: uid.EnvoyID() + ":custom-upstream",
+								})
+
+						// Also test that http2 options are triggered.
+						// A separate upstream without an override is required to test
+						case "geo-cache":
+							if ns.Proxy.Upstreams[i].Config == nil {
+								ns.Proxy.Upstreams[i].Config = map[string]interface{}{}
+							}
+							ns.Proxy.Upstreams[i].Config["protocol"] = "http2"
+						default:
+							continue
+						}
+					}
+				}, nil)
+			},
+		},
 		{
 			name: "custom-timeouts",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -431,6 +479,10 @@ func TestClustersFromSnapshot(t *testing.T) {
 				})
 			},
 		},
+		{
+			name:   "expose-checks",
+			create: proxycfg.TestConfigSnapshotExposeChecks,
+		},
 		{
 			name:   "expose-paths-grpc-new-cluster-http1",
 			create: proxycfg.TestConfigSnapshotGRPCExposeHTTP1,
@@ -447,6 +499,12 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil)
 			},
 		},
+		{
+			name: "mesh-gateway-using-federation-control-plane",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil)
+			},
+		},
 		{
 			name: "mesh-gateway-no-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -628,8 +686,9 @@ func TestClustersFromSnapshot(t *testing.T) {
 					func(entry *structs.IngressGatewayConfigEntry) {
 						entry.Listeners[0].Services[0].MaxConnections = 4096
 						entry.Listeners[0].Services[0].PassiveHealthCheck = &structs.PassiveHealthCheck{
-							Interval:    5000000000,
-							MaxFailures: 10,
+							Interval:           5000000000,
+							MaxFailures:        10,
+							MaxEjectionPercent: uint32ptr(90),
 						}
 					}, nil)
 			},
@@ -649,6 +708,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 								Interval:                5000000000,
 								MaxFailures:             10,
 								EnforcingConsecutive5xx: &enforcingConsecutive5xx,
+								MaxEjectionPercent:      uint32ptr(90),
 							},
 						}
 					}, nil)
@@ -667,6 +727,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 							PassiveHealthCheck: &structs.PassiveHealthCheck{
 								Interval:                5000000000,
 								EnforcingConsecutive5xx: &defaultEnforcingConsecutive5xx,
+								MaxEjectionPercent:      uint32ptr(80),
 							},
 						}
 						enforcingConsecutive5xx := uint32(50)
@@ -675,6 +736,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 						entry.Listeners[0].Services[0].PassiveHealthCheck = &structs.PassiveHealthCheck{
 							Interval:                8000000000,
 							EnforcingConsecutive5xx: &enforcingConsecutive5xx,
+							MaxEjectionPercent:      uint32ptr(90),
 						}
 					}, nil)
 			},
@@ -934,6 +996,41 @@ func customAppClusterJSON(t testinf.T, opts customClusterJSONOptions) string {
 	return buf.String()
 }
 
+var customClusterJSONTpl = `{
+	"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+	"name": "{{ .Name }}",
+	"connectTimeout": "15s",
+	"loadAssignment": {
+		"clusterName": "{{ .Name }}",
+		"endpoints": [
+			{
+				"lbEndpoints": [
+					{
+						"endpoint": {
+							"address": {
+								"socketAddress": {
+									"address": "1.2.3.4",
+									"portValue": 8443
+								}
+							}
+						}
+					}
+				]
+			}
+		]
+	}
+}`
+
+var customClusterJSONTemplate = template.Must(template.New("").Parse(customClusterJSONTpl))
+
+func customClusterJSON(t testinf.T, opts customClusterJSONOptions) string {
+	t.Helper()
+	var buf bytes.Buffer
+	err := customClusterJSONTemplate.Execute(&buf, opts)
+	require.NoError(t, err)
+	return buf.String()
+}
+
 func TestEnvoyLBConfig_InjectToCluster(t *testing.T) {
 	var tests = []struct {
 		name     string
diff --git a/agent/xds/failover_policy.go b/agent/xds/failover_policy.go
index 77839a37cfeb..562b43dad728 100644
--- a/agent/xds/failover_policy.go
+++ b/agent/xds/failover_policy.go
@@ -70,7 +70,7 @@ func (s *ResourceGenerator) mapDiscoChainTargets(cfgSnap *proxycfg.ConfigSnapsho
 		return discoChainTargets{}, err
 	}
 
-	failoverTargets.baseClusterName = s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway, false)
+	failoverTargets.baseClusterName = s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway)
 
 	tids := []string{primaryTargetID}
 	failover := node.Resolver.Failover
diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go
index 520b58e0a613..386fd00f17ba 100644
--- a/agent/xds/listeners.go
+++ b/agent/xds/listeners.go
@@ -167,7 +167,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
 				return nil, err
 			}
 
-			clusterName = s.getTargetClusterName(upstreamsSnapshot, chain, target.ID, false, false)
+			clusterName = s.getTargetClusterName(upstreamsSnapshot, chain, target.ID, false)
 			if clusterName == "" {
 				continue
 			}
diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go
index 1a0d9b826a78..87ccf5e4788e 100644
--- a/agent/xds/resources_test.go
+++ b/agent/xds/resources_test.go
@@ -165,8 +165,12 @@ func TestAllResourcesFromSnapshot(t *testing.T) {
 			create: proxycfg.TestConfigSnapshotPeering,
 		},
 		{
-			name:   "connect-proxy-with-peered-upstreams-listener-override",
-			create: proxycfg.TestConfigSnapshotPeeringWithListenerOverride,
+			name:   "connect-proxy-with-peered-upstreams-escape-overrides",
+			create: proxycfg.TestConfigSnapshotPeeringWithEscapeOverrides,
+		},
+		{
+			name:   "connect-proxy-with-peered-upstreams-http2",
+			create: proxycfg.TestConfigSnapshotPeeringWithHTTP2,
 		},
 		{
 			name:   "transparent-proxy-with-peered-upstreams",
@@ -251,7 +255,11 @@ func getMeshGatewayPeeringGoldenTestCases() []goldenTestCase {
 		{
 			name: "mesh-gateway-with-imported-peered-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "imported-services", nil, nil)
+				return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "imported-services", func(ns *structs.NodeService) {
+					ns.Proxy.Config = map[string]interface{}{
+						"envoy_dns_discovery_type": "STRICT_DNS",
+					}
+				}, nil)
 			},
 		},
 		{
diff --git a/agent/xds/routes.go b/agent/xds/routes.go
index a86747a9c080..7ecfc5255b11 100644
--- a/agent/xds/routes.go
+++ b/agent/xds/routes.go
@@ -918,7 +918,7 @@ func (s *ResourceGenerator) makeRouteActionForChainCluster(
 	chain *structs.CompiledDiscoveryChain,
 	forMeshGateway bool,
 ) (*envoy_route_v3.Route_Route, bool) {
-	clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway, false)
+	clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway)
 	if clusterName == "" {
 		return nil, false
 	}
@@ -951,7 +951,7 @@ func (s *ResourceGenerator) makeRouteActionForSplitter(
 		}
 		targetID := nextNode.Resolver.Target
 
-		clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway, false)
+		clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway)
 		if clusterName == "" {
 			continue
 		}
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden
new file mode 100644
index 000000000000..4e3181dcffc9
--- /dev/null
+++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden
@@ -0,0 +1,135 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "33s",
+      "circuitBreakers":  {},
+      "typedExtensionProtocolOptions":  {
+        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions":  {
+          "@type":  "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+          "explicitHttpConfig":  {
+            "http2ProtocolOptions":  {}
+          }
+        }
+      },
+      "outlierDetection":  {},
+      "commonLbConfig":  {
+        "healthyPanicThreshold":  {}
+      },
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
+                }
+              ]
+            }
+          },
+          "sni":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "circuitBreakers":  {},
+      "outlierDetection":  {},
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
+                },
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
+                }
+              ]
+            }
+          },
+          "sni":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "local_app",
+      "type":  "STATIC",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "local_app",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "127.0.0.1",
+                      "portValue":  8080
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-listener-override.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
similarity index 92%
rename from agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-listener-override.latest.golden
rename to agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
index 8ae9b0853749..23c82215d715 100644
--- a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-listener-override.latest.golden
+++ b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
@@ -28,11 +28,10 @@
     },
     {
       "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "payments.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-      "type": "LOGICAL_DNS",
-      "connectTimeout": "5s",
+      "name": "payments?peer=cloud:custom-upstream",
+      "connectTimeout": "15s",
       "loadAssignment": {
-        "clusterName": "payments.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+        "clusterName": "payments?peer=cloud:custom-upstream",
         "endpoints": [
           {
             "lbEndpoints": [
@@ -40,27 +39,16 @@
                 "endpoint": {
                   "address": {
                     "socketAddress": {
-                      "address": "123.us-east-1.elb.notaws.com",
+                      "address": "1.2.3.4",
                       "portValue": 8443
                     }
                   }
-                },
-                "healthStatus": "HEALTHY",
-                "loadBalancingWeight": 1
+                }
               }
             ]
           }
         ]
       },
-      "circuitBreakers": {},
-      "dnsRefreshRate": "10s",
-      "dnsLookupFamily": "V4_ONLY",
-      "outlierDetection": {
-        "maxEjectionPercent": 100
-      },
-      "commonLbConfig": {
-        "healthyPanicThreshold": {}
-      },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden
new file mode 100644
index 000000000000..8f3b49b0a2e7
--- /dev/null
+++ b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden
@@ -0,0 +1,163 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "local_app",
+      "type":  "STATIC",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "local_app",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "127.0.0.1",
+                      "portValue":  8080
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "payments.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+      "type":  "LOGICAL_DNS",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "payments.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "123.us-east-1.elb.notaws.com",
+                      "portValue":  8443
+                    }
+                  }
+                },
+                "healthStatus":  "HEALTHY",
+                "loadBalancingWeight":  1
+              }
+            ]
+          }
+        ]
+      },
+      "circuitBreakers":  {},
+      "typedExtensionProtocolOptions":  {
+        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions":  {
+          "@type":  "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+          "explicitHttpConfig":  {
+            "http2ProtocolOptions":  {}
+          }
+        }
+      },
+      "dnsRefreshRate":  "10s",
+      "dnsLookupFamily":  "V4_ONLY",
+      "outlierDetection":  {
+        "maxEjectionPercent":  100
+      },
+      "commonLbConfig":  {
+        "healthyPanicThreshold":  {}
+      },
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments"
+                }
+              ]
+            }
+          },
+          "sni":  "payments.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
+        }
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "circuitBreakers":  {},
+      "typedExtensionProtocolOptions":  {
+        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions":  {
+          "@type":  "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+          "explicitHttpConfig":  {
+            "http2ProtocolOptions":  {}
+          }
+        }
+      },
+      "outlierDetection":  {
+        "maxEjectionPercent":  100
+      },
+      "commonLbConfig":  {
+        "healthyPanicThreshold":  {}
+      },
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds"
+                }
+              ]
+            }
+          },
+          "sni":  "refunds.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
+        }
+      }
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden b/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden
new file mode 100644
index 000000000000..31e9a4ab7cf3
--- /dev/null
+++ b/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden
@@ -0,0 +1,136 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "db:custom-upstream",
+      "connectTimeout": "15s",
+      "loadAssignment": {
+        "clusterName": "db:custom-upstream",
+        "endpoints": [
+          {
+            "lbEndpoints": [
+              {
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "1.2.3.4",
+                      "portValue": 8443
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      },
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "tlsParams": {},
+            "tlsCertificates": [
+              {
+                "certificateChain": {
+                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey": {
+                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext": {
+              "trustedCa": {
+                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              }
+            }
+          },
+          "sni": "db.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
+        }
+      },
+      "connectTimeout": "5s",
+      "circuitBreakers": {},
+      "typedExtensionProtocolOptions": {
+        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+          "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+          "explicitHttpConfig": {
+            "http2ProtocolOptions": {}
+          }
+        }
+      },
+      "outlierDetection": {},
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "tlsParams": {},
+            "tlsCertificates": [
+              {
+                "certificateChain": {
+                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey": {
+                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext": {
+              "trustedCa": {
+                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames": [
+                {
+                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
+                },
+                {
+                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
+                }
+              ]
+            }
+          },
+          "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "local_app",
+      "type": "STATIC",
+      "connectTimeout": "5s",
+      "loadAssignment": {
+        "clusterName": "local_app",
+        "endpoints": [
+          {
+            "lbEndpoints": [
+              {
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "127.0.0.1",
+                      "portValue": 8080
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/enterprise-connect-proxy-with-chain-http2.latest.golden b/agent/xds/testdata/clusters/enterprise-connect-proxy-with-chain-http2.latest.golden
new file mode 100644
index 000000000000..322c36c0b0fb
--- /dev/null
+++ b/agent/xds/testdata/clusters/enterprise-connect-proxy-with-chain-http2.latest.golden
@@ -0,0 +1,135 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "db.foo.bar.dc1.internal-v1.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName":  "db.foo.bar.dc1.internal-v1.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "33s",
+      "circuitBreakers":  {},
+      "typedExtensionProtocolOptions":  {
+        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions":  {
+          "@type":  "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+          "explicitHttpConfig":  {
+            "http2ProtocolOptions":  {}
+          }
+        }
+      },
+      "outlierDetection":  {},
+      "commonLbConfig":  {
+        "healthyPanicThreshold":  {}
+      },
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ap/bar/ns/foo/dc/dc1/svc/db"
+                }
+              ]
+            }
+          },
+          "sni":  "db.foo.bar.dc1.internal-v1.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "circuitBreakers":  {},
+      "outlierDetection":  {},
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
+                },
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
+                }
+              ]
+            }
+          },
+          "sni":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "local_app",
+      "type":  "STATIC",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "local_app",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "127.0.0.1",
+                      "portValue":  8080
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/expose-checks.latest.golden b/agent/xds/testdata/clusters/expose-checks.latest.golden
new file mode 100644
index 000000000000..4079d6267ed3
--- /dev/null
+++ b/agent/xds/testdata/clusters/expose-checks.latest.golden
@@ -0,0 +1,57 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "exposed_cluster_8181",
+      "type":  "STATIC",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "exposed_cluster_8181",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "127.0.0.1",
+                      "portValue":  8181
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "local_app",
+      "type":  "STATIC",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "local_app",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "127.0.0.1",
+                      "portValue":  8080
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden b/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden
index fbbcc9856c65..71ec2c92ac2e 100644
--- a/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden
+++ b/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden
@@ -8,9 +8,7 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {
-
-          },
+          "ads": {},
           "resourceApiVersion": "V3"
         }
       },
@@ -27,21 +25,18 @@
       "outlierDetection": {
         "consecutive5xx": 10,
         "interval": "5s",
+        "maxEjectionPercent": 90,
         "enforcingConsecutive5xx": 80
       },
       "commonLbConfig": {
-        "healthyPanicThreshold": {
-
-        }
+        "healthyPanicThreshold": {}
       },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {
-
-            },
+            "tlsParams": {},
             "tlsCertificates": [
               {
                 "certificateChain": {
diff --git a/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden b/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden
index 6c9e0802a3dc..def339441530 100644
--- a/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden
+++ b/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden
@@ -8,9 +8,7 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {
-
-          },
+          "ads": {},
           "resourceApiVersion": "V3"
         }
       },
@@ -25,21 +23,18 @@
       },
       "outlierDetection": {
         "interval": "8s",
+        "maxEjectionPercent": 90,
         "enforcingConsecutive5xx": 50
       },
       "commonLbConfig": {
-        "healthyPanicThreshold": {
-
-        }
+        "healthyPanicThreshold": {}
       },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {
-
-            },
+            "tlsParams": {},
             "tlsCertificates": [
               {
                 "certificateChain": {
diff --git a/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden b/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden
index 892846151b9a..2122e1f3a75e 100644
--- a/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden
+++ b/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden
@@ -1,70 +1,65 @@
 {
-  "versionInfo": "00000001",
-  "resources": [
+  "versionInfo":  "00000001",
+  "resources":  [
     {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {
-
-          },
-          "resourceApiVersion": "V3"
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
         }
       },
-      "connectTimeout": "33s",
-      "circuitBreakers": {
-        "thresholds": [
+      "connectTimeout":  "33s",
+      "circuitBreakers":  {
+        "thresholds":  [
           {
-            "maxConnections": 4096
+            "maxConnections":  4096
           }
         ]
       },
-      "outlierDetection": {
-        "consecutive5xx": 10,
-        "interval": "5s"
+      "outlierDetection":  {
+        "consecutive5xx":  10,
+        "interval":  "5s",
+        "maxEjectionPercent":  90
       },
-      "commonLbConfig": {
-        "healthyPanicThreshold": {
-
-        }
+      "commonLbConfig":  {
+        "healthyPanicThreshold":  {}
       },
-      "transportSocket": {
-        "name": "tls",
-        "typedConfig": {
-          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext": {
-            "tlsParams": {
-
-            },
-            "tlsCertificates": [
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
               {
-                "certificateChain": {
-                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                 },
-                "privateKey": {
-                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                 }
               }
             ],
-            "validationContext": {
-              "trustedCa": {
-                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
               },
-              "matchSubjectAltNames": [
+              "matchSubjectAltNames":  [
                 {
-                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
                 }
               ]
             }
           },
-          "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+          "sni":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
         }
       }
     }
   ],
-  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce": "00000001"
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden
new file mode 100644
index 000000000000..3383f4bbf74b
--- /dev/null
+++ b/agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden
@@ -0,0 +1,205 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "outlierDetection":  {}
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "dc2.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "outlierDetection":  {}
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "dc4.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "LOGICAL_DNS",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "dc4.internal.11111111-2222-3333-4444-555555555555.consul",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "123.us-west-2.elb.notaws.com",
+                      "portValue":  443
+                    }
+                  }
+                },
+                "healthStatus":  "HEALTHY",
+                "loadBalancingWeight":  1
+              }
+            ]
+          }
+        ]
+      },
+      "dnsRefreshRate":  "10s",
+      "dnsLookupFamily":  "V4_ONLY",
+      "outlierDetection":  {}
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "dc6.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "LOGICAL_DNS",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "dc6.internal.11111111-2222-3333-4444-555555555555.consul",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "123.us-east-1.elb.notaws.com",
+                      "portValue":  443
+                    }
+                  }
+                },
+                "healthStatus":  "UNHEALTHY",
+                "loadBalancingWeight":  1
+              }
+            ]
+          }
+        ]
+      },
+      "dnsRefreshRate":  "10s",
+      "dnsLookupFamily":  "V4_ONLY",
+      "outlierDetection":  {}
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "outlierDetection":  {}
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "node1.server.dc1.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "outlierDetection":  {}
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "node2.server.dc1.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "outlierDetection":  {}
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "server.dc2.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "outlierDetection":  {}
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "server.dc4.consul",
+      "type":  "LOGICAL_DNS",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "server.dc4.consul",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "123.us-west-2.elb.notaws.com",
+                      "portValue":  443
+                    }
+                  }
+                },
+                "healthStatus":  "HEALTHY",
+                "loadBalancingWeight":  1
+              }
+            ]
+          }
+        ]
+      },
+      "dnsRefreshRate":  "10s",
+      "dnsLookupFamily":  "V4_ONLY",
+      "outlierDetection":  {}
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "server.dc6.consul",
+      "type":  "LOGICAL_DNS",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "server.dc6.consul",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "123.us-east-1.elb.notaws.com",
+                      "portValue":  443
+                    }
+                  }
+                },
+                "healthStatus":  "UNHEALTHY",
+                "loadBalancingWeight":  1
+              }
+            ]
+          }
+        ]
+      },
+      "dnsRefreshRate":  "10s",
+      "dnsLookupFamily":  "V4_ONLY",
+      "outlierDetection":  {}
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-imported-peered-services.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-imported-peered-services.latest.golden
index 88f75c886890..f69ce54c6cb3 100644
--- a/agent/xds/testdata/clusters/mesh-gateway-with-imported-peered-services.latest.golden
+++ b/agent/xds/testdata/clusters/mesh-gateway-with-imported-peered-services.latest.golden
@@ -1,56 +1,50 @@
 {
-  "versionInfo": "00000001",
-  "resources": [
+  "versionInfo":  "00000001",
+  "resources":  [
     {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "alt.default.default.peer-b.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-      "type": "LOGICAL_DNS",
-      "connectTimeout": "5s",
-      "loadAssignment": {
-        "clusterName": "alt.default.default.peer-b.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-        "endpoints": [
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "alt.default.default.peer-b.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+      "type":  "STRICT_DNS",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "alt.default.default.peer-b.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+        "endpoints":  [
           {
-            "lbEndpoints": [
+            "lbEndpoints":  [
               {
-                "endpoint": {
-                  "address": {
-                    "socketAddress": {
-                      "address": "alt.us-east-1.elb.notaws.com",
-                      "portValue": 8443
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "alt.us-east-1.elb.notaws.com",
+                      "portValue":  8443
                     }
                   }
                 },
-                "healthStatus": "HEALTHY",
-                "loadBalancingWeight": 1
+                "healthStatus":  "HEALTHY",
+                "loadBalancingWeight":  1
               }
             ]
           }
         ]
       },
-      "dnsRefreshRate": "10s",
-      "dnsLookupFamily": "V4_ONLY",
-      "outlierDetection": {
-
-      }
+      "dnsRefreshRate":  "10s",
+      "dnsLookupFamily":  "V4_ONLY",
+      "outlierDetection":  {}
     },
     {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "db.default.default.peer-a.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {
-
-          },
-          "resourceApiVersion": "V3"
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "db.default.default.peer-a.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
         }
       },
-      "connectTimeout": "5s",
-      "outlierDetection": {
-
-      }
+      "connectTimeout":  "5s",
+      "outlierDetection":  {}
     }
   ],
-  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce": "00000001"
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-listener-override.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
similarity index 100%
rename from agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-listener-override.latest.golden
rename to agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-http2.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-http2.latest.golden
new file mode 100644
index 000000000000..edcc68b8acda
--- /dev/null
+++ b/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-http2.latest.golden
@@ -0,0 +1,29 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "106.96.90.233",
+                    "portValue":  443
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-listener-override.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
similarity index 100%
rename from agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-listener-override.latest.golden
rename to agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-http2.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-http2.latest.golden
new file mode 100644
index 000000000000..a18dfc148402
--- /dev/null
+++ b/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-http2.latest.golden
@@ -0,0 +1,189 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "payments?peer=cloud:127.0.0.1:9090",
+      "address":  {
+        "socketAddress":  {
+          "address":  "127.0.0.1",
+          "portValue":  9090
+        }
+      },
+      "filterChains":  [
+        {
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.http_connection_manager",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix":  "upstream_peered.payments.default.cloud",
+                "routeConfig":  {
+                  "name":  "payments?peer=cloud",
+                  "virtualHosts":  [
+                    {
+                      "name":  "payments.default.cloud",
+                      "domains":  [
+                        "*"
+                      ],
+                      "routes":  [
+                        {
+                          "match":  {
+                            "prefix":  "/"
+                          },
+                          "route":  {
+                            "cluster":  "payments.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
+                          }
+                        }
+                      ]
+                    }
+                  ]
+                },
+                "httpFilters":  [
+                  {
+                    "name":  "envoy.filters.http.router",
+                    "typedConfig":  {
+                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing":  {
+                  "randomSampling":  {}
+                },
+                "http2ProtocolOptions":  {},
+                "upgradeConfigs":  [
+                  {
+                    "upgradeType":  "websocket"
+                  }
+                ]
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection":  "OUTBOUND"
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "public_listener:0.0.0.0:9999",
+      "address":  {
+        "socketAddress":  {
+          "address":  "0.0.0.0",
+          "portValue":  9999
+        }
+      },
+      "filterChains":  [
+        {
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.rbac",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
+                "rules":  {},
+                "statPrefix":  "connect_authz"
+              }
+            },
+            {
+              "name":  "envoy.filters.network.tcp_proxy",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix":  "public_listener",
+                "cluster":  "local_app"
+              }
+            }
+          ],
+          "transportSocket":  {
+            "name":  "tls",
+            "typedConfig":  {
+              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext":  {
+                "tlsParams":  {},
+                "tlsCertificates":  [
+                  {
+                    "certificateChain":  {
+                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey":  {
+                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "validationContext":  {
+                  "trustedCa":  {
+                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                  }
+                }
+              },
+              "requireClientCertificate":  true
+            }
+          }
+        }
+      ],
+      "trafficDirection":  "INBOUND"
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "refunds?peer=cloud:127.0.0.1:9090",
+      "address":  {
+        "socketAddress":  {
+          "address":  "127.0.0.1",
+          "portValue":  9090
+        }
+      },
+      "filterChains":  [
+        {
+          "filters":  [
+            {
+              "name":  "envoy.filters.network.http_connection_manager",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix":  "upstream_peered.refunds.default.cloud",
+                "routeConfig":  {
+                  "name":  "refunds?peer=cloud",
+                  "virtualHosts":  [
+                    {
+                      "name":  "refunds.default.cloud",
+                      "domains":  [
+                        "*"
+                      ],
+                      "routes":  [
+                        {
+                          "match":  {
+                            "prefix":  "/"
+                          },
+                          "route":  {
+                            "cluster":  "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
+                          }
+                        }
+                      ]
+                    }
+                  ]
+                },
+                "httpFilters":  [
+                  {
+                    "name":  "envoy.filters.http.router",
+                    "typedConfig":  {
+                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing":  {
+                  "randomSampling":  {}
+                },
+                "http2ProtocolOptions":  {},
+                "upgradeConfigs":  [
+                  {
+                    "upgradeType":  "websocket"
+                  }
+                ]
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection":  "OUTBOUND"
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
index 7221eaf00fd6..599f1058e276 100644
--- a/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
+++ b/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
@@ -178,4 +178,4 @@
   ],
   "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
   "nonce":  "00000001"
-}
\ No newline at end of file
+}
diff --git a/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-listener-override.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
similarity index 100%
rename from agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-listener-override.latest.golden
rename to agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
diff --git a/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-http2.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-http2.latest.golden
new file mode 100644
index 000000000000..306f5220e7b9
--- /dev/null
+++ b/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-http2.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo":  "00000001",
+  "typeUrl":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
new file mode 100644
index 000000000000..95612291de70
--- /dev/null
+++ b/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo": "00000001",
+  "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-http2.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-http2.latest.golden
new file mode 100644
index 000000000000..e6c25e165c65
--- /dev/null
+++ b/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-http2.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo":  "00000001",
+  "typeUrl":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
+  "nonce":  "00000001"
+}
\ No newline at end of file

From c2066b9b22a1ae714eb6d2d73a10ccaaf2e5ad24 Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Thu, 20 Jul 2023 21:30:22 -0400
Subject: [PATCH 199/359] NET-4222 take config file consul container (#18218)

Net 4222 take config file consul container
---
 test-integ/go.mod                             | 140 ++-
 test-integ/go.sum                             | 955 +++++++++++++++++-
 test/integration/consul-container/go.mod      | 132 ++-
 test/integration/consul-container/go.sum      | 877 +++++++++++++++-
 .../consul-container/libs/assert/grpc.go      |   1 +
 .../consul-container/libs/cluster/agent.go    |  67 ++
 .../libs/topology/peering_topology.go         |  18 +-
 .../libs/topology/service_topology.go         |   9 +-
 .../test/basic/connect_service_test.go        |  55 +-
 .../test/gateways/ingress_gateway_test.go     |   2 +-
 .../test/observability/access_logs_test.go    |   2 +-
 .../test/troubleshoot/troubleshoot_test.go    |   2 +-
 12 files changed, 2243 insertions(+), 17 deletions(-)

diff --git a/test-integ/go.mod b/test-integ/go.mod
index a70dd75b41ad..c8ec1d6bb305 100644
--- a/test-integ/go.mod
+++ b/test-integ/go.mod
@@ -14,84 +14,220 @@ require (
 )
 
 require (
+	cloud.google.com/go/compute v1.19.0 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v0.13.0 // indirect
 	fortio.org/dflag v1.5.2 // indirect
 	fortio.org/fortio v1.54.0 // indirect
 	fortio.org/log v1.3.0 // indirect
 	fortio.org/sets v1.0.2 // indirect
 	fortio.org/version v1.0.2 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/agext/levenshtein v1.2.1 // indirect
+	github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
+	github.com/armon/go-radix v1.0.0 // indirect
+	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/avast/retry-go v3.0.0+incompatible // indirect
+	github.com/aws/aws-sdk-go v1.44.289 // indirect
+	github.com/benbjohnson/immutable v0.4.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/boltdb/bolt v1.3.1 // indirect
+	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect
+	github.com/circonus-labs/circonusllhist v0.1.3 // indirect
+	github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 // indirect
 	github.com/containerd/containerd v1.7.1 // indirect
+	github.com/coreos/etcd v3.3.27+incompatible // indirect
+	github.com/coreos/go-oidc v2.1.0+incompatible // indirect
+	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
+	github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/docker/distribution v2.8.1+incompatible // indirect
 	github.com/docker/docker v23.0.6+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
+	github.com/envoyproxy/go-control-plane v0.11.0 // indirect
+	github.com/envoyproxy/protoc-gen-validate v0.10.0 // indirect
+	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 	github.com/fatih/color v1.14.1 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/analysis v0.21.4 // indirect
+	github.com/go-openapi/errors v0.20.3 // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.20.0 // indirect
+	github.com/go-openapi/loads v0.21.2 // indirect
+	github.com/go-openapi/runtime v0.25.0 // indirect
+	github.com/go-openapi/spec v0.20.8 // indirect
+	github.com/go-openapi/strfmt v0.21.3 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-openapi/validate v0.22.1 // indirect
+	github.com/go-ozzo/ozzo-validation v3.6.0+incompatible // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.0.1 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
+	github.com/googleapis/gax-go/v2 v2.7.1 // indirect
+	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
+	github.com/hashicorp/consul v0.0.0-00010101000000-000000000000 // indirect
+	github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 // indirect
+	github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 // indirect
+	github.com/hashicorp/consul/envoyextensions v0.3.0 // indirect
+	github.com/hashicorp/consul/proto-public v0.4.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-bexpr v0.1.2 // indirect
+	github.com/hashicorp/go-connlimit v0.3.0 // indirect
 	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
-	github.com/hashicorp/go-msgpack v0.5.5 // indirect
+	github.com/hashicorp/go-memdb v1.3.4 // indirect
+	github.com/hashicorp/go-msgpack v1.1.5 // indirect
+	github.com/hashicorp/go-msgpack/v2 v2.0.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-plugin v1.4.5 // indirect
+	github.com/hashicorp/go-raftchunking v0.7.0 // indirect
+	github.com/hashicorp/go-retryablehttp v0.6.7 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 // indirect
+	github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
+	github.com/hashicorp/go-syslog v1.0.0 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.2.1 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/hcl/v2 v2.16.2 // indirect
+	github.com/hashicorp/hcp-scada-provider v0.2.3 // indirect
+	github.com/hashicorp/hcp-sdk-go v0.48.0 // indirect
+	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 // indirect
 	github.com/hashicorp/memberlist v0.5.0 // indirect
+	github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 // indirect
+	github.com/hashicorp/raft v1.5.0 // indirect
+	github.com/hashicorp/raft-autopilot v0.1.6 // indirect
+	github.com/hashicorp/raft-boltdb/v2 v2.2.2 // indirect
+	github.com/hashicorp/raft-wal v0.3.0 // indirect
 	github.com/hashicorp/serf v0.10.1 // indirect
+	github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 // indirect
+	github.com/hashicorp/vault/api v1.8.3 // indirect
+	github.com/hashicorp/vault/api/auth/gcp v0.3.0 // indirect
+	github.com/hashicorp/vault/sdk v0.7.0 // indirect
+	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
 	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/itchyny/timefmt-go v0.1.5 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.16.5 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/miekg/dns v1.1.50 // indirect
+	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
+	github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 // indirect
+	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mitchellh/pointerstructure v1.2.1 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/patternmatcher v0.5.0 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/oklog/run v1.0.0 // indirect
+	github.com/oklog/ulid v1.3.1 // indirect
+	github.com/oklog/ulid/v2 v2.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
 	github.com/opencontainers/runc v1.1.7 // indirect
+	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
 	github.com/otiai10/copy v1.10.0 // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
+	github.com/pierrec/lz4 v2.5.2+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
+	github.com/prometheus/client_golang v1.14.0 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/common v0.39.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/rboyer/safeio v0.2.2 // indirect
+	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
+	github.com/segmentio/fasthash v1.0.3 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 // indirect
 	github.com/testcontainers/testcontainers-go v0.20.1 // indirect
+	github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect
 	github.com/zclconf/go-cty v1.12.1 // indirect
+	go.etcd.io/bbolt v1.3.7 // indirect
+	go.mongodb.org/mongo-driver v1.11.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/otel v1.16.0 // indirect
+	go.opentelemetry.io/otel/metric v1.16.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.16.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v0.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.16.0 // indirect
+	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
 	golang.org/x/crypto v0.11.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/oauth2 v0.6.0 // indirect
+	golang.org/x/sync v0.2.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/term v0.10.0 // indirect
 	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.9.1 // indirect
+	google.golang.org/api v0.114.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.55.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/ini.v1 v1.66.2 // indirect
+	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gotest.tools/v3 v3.4.0 // indirect
+	k8s.io/api v0.26.2 // indirect
+	k8s.io/apimachinery v0.26.2 // indirect
+	k8s.io/client-go v0.26.2 // indirect
+	k8s.io/klog/v2 v2.90.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
+	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
+	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
 )
 
 replace (
diff --git a/test-integ/go.sum b/test-integ/go.sum
index 7cde2437aafd..09d3a07243e7 100644
--- a/test-integ/go.sum
+++ b/test-integ/go.sum
@@ -1,3 +1,56 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
+cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
+cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
+cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
+cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
+cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
+cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
+cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
+cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
+cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
+cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ=
+cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k=
+cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
+cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 fortio.org/assert v1.1.4 h1:Za1RaG+OjsTMpQS3J3UCvTF6wc4+IOHCz+jAOU37Y4o=
 fortio.org/dflag v1.5.2 h1:F9XVRj4Qr2IbJP7BMj7XZc9wB0Q/RZ61Ool+4YPVad8=
 fortio.org/dflag v1.5.2/go.mod h1:ppb/A8u+KKg+qUUYZNYuvRnXuVb8IsdHb/XGzsmjkN8=
@@ -11,40 +64,99 @@ fortio.org/version v1.0.2 h1:8NwxdX58aoeKx7T5xAPO0xlUu1Hpk42nRz5s6e6eKZ0=
 fortio.org/version v1.0.2/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
+github.com/DataDog/datadog-go v4.8.2+incompatible h1:qbcKSx29aBLD+5QLvlQZlGmRMF/FfGqFLFev/1TDzRo=
+github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
 github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 h1:K4N91T1+RlSlx+t2dujeDviy4ehSGVjEltluDgmeHS4=
+github.com/aliyun/alibaba-cloud-sdk-go v1.62.156/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
+github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e h1:QEF07wC0T1rKkctt1RINW/+RMTVmiwxETico2l3gxJA=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-metrics v0.0.0-20190430140413-ec5e00d3c878/go.mod h1:3AMJUQhVx52RsWOnlkpikZr01T/yAVN2gn0861vByNg=
+github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
 github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0=
 github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
+github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
+github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0=
+github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/benbjohnson/immutable v0.4.0 h1:CTqXbEerYso8YzVPxmWxh2gnoRQbbB9X1quUC8+vGZA=
+github.com/benbjohnson/immutable v0.4.0/go.mod h1:iAr8OjJGLnLmVUr9MZ/rz4PWUy6Ouc2JLYuMArmvAJM=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
+github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
+github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
+github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
+github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible h1:C29Ae4G5GtYyYMm1aztcyj/J5ckgJm2zwdDajFbx1NY=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
+github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
+github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 h1:58f1tJ1ra+zFINPlwLWvQsR9CzAKt2e+EWV2yX9oXQ4=
+github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/containerd v1.7.1 h1:k8DbDkSOwt5rgxQ3uCI4WMKIJxIndSCBUaGm5oRn+Go=
 github.com/containerd/containerd v1.7.1/go.mod h1:gA+nJUADRBm98QS5j5RPROnt0POQSMK+r7P7EGMC/Qc=
 github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
+github.com/coreos/etcd v3.3.27+incompatible h1:QIudLb9KeBsE5zyYxd1mjzRSkzLg9Wf9QlRwFgd6oTA=
+github.com/coreos/etcd v3.3.27+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM=
+github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
+github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
+github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf h1:GOPo6vn/vTN+3IwZBvXX0y5doJfSC7My0cdzelyOCsQ=
+github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E=
 github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -58,105 +170,406 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
+github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
+github.com/envoyproxy/go-control-plane v0.11.0 h1:jtLewhRR2vMRNnq2ZZUoCjUlgut+Y0+sDDWPOfwOi1o=
+github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/envoyproxy/protoc-gen-validate v0.10.0 h1:oIfnZFdC0YhpNNEX+SuIqko4cqqVZeN9IGTrhZje83Y=
+github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
+github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
+github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
 github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
+github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
+github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y=
+github.com/frankban/quicktest v1.13.0 h1:yNZif1OkDfNoDfb9zZa9aXIpejNR4F23Wely0c+Qdqk=
+github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
 github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
+github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc=
+github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo=
+github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
+github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
+github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
+github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc=
+github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
+github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
+github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
+github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
+github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
+github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
+github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
+github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
+github.com/go-openapi/runtime v0.25.0 h1:7yQTCdRbWhX8vnIjdzU8S00tBYf7Sg71EBeorlPHvhc=
+github.com/go-openapi/runtime v0.25.0/go.mod h1:Ux6fikcHXyyob6LNWxtE96hWwjBPYF0DXgVFuMTneOs=
+github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
+github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
+github.com/go-openapi/spec v0.20.8 h1:ubHmXNY3FCIOinT8RNrrPfGc9t7I1qhPtdOGoG2AxRU=
+github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
+github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
+github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
+github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o=
+github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
+github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU=
+github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
+github.com/go-ozzo/ozzo-validation v3.6.0+incompatible h1:msy24VGS42fKO9K1vLz82/GeYW1cILu7Nuuj1N3BBkE=
+github.com/go-ozzo/ozzo-validation v3.6.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU=
+github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
+github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
+github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
+github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
+github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
+github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
+github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
+github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
+github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
+github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs=
+github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
+github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
+github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk=
+github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28=
+github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo=
+github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk=
+github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw=
+github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360=
+github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg=
+github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE=
+github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8=
+github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
+github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
+github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
+github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
+github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
+github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
+github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
+github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
+github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
+github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 h1:AtvtonGEH/fZK0XPNNBdB6swgy7Iudfx88wzyIpwqJ8=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
+github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
+github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A=
+github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
+github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
+github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 h1:lLT7ZLSzGLI08vc9cpd+tYmNWjdKDqyr/2L+f6U12Fk=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
+github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 h1:1ZEjnveDe20yFa6lSkfdQZm5BR/b271n0MsB5R2L3us=
+github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706/go.mod h1:1Cs8FlmD1BfSQXJGcFLSV5FuIx1AbJP+EJGdxosoS2g=
+github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 h1:wzWurXrxfSyG1PHskIZlfuXlTSCj1Tsyatp9DtaasuY=
+github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69/go.mod h1:svUZZDvotY8zTODknUePc6mZ9pX8nN0ViGwWcUSOBEA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-bexpr v0.1.2 h1:ijMXI4qERbzxbCnkxmfUtwMyjrrk3y+Vt0MxojNCbBs=
+github.com/hashicorp/go-bexpr v0.1.2/go.mod h1:ANbpTX1oAql27TZkKVeW8p1w8NTdnyzPe/0qqPCKohU=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-connlimit v0.3.0 h1:oAojHGjFxUTTTA8c5XXnDqWJ2HLuWbDiBPTpWvNzvqM=
+github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0=
+github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
 github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0/go.mod h1:xvb32K2keAc+R8DSFG2IwDcydK9DBQE+fGA5fsw6hSk=
+github.com/hashicorp/go-memdb v1.3.4 h1:XSL3NR682X/cVk2IeV0d70N4DZ9ljI885xAEU8IoK3c=
+github.com/hashicorp/go-memdb v1.3.4/go.mod h1:uBTr1oQbtuMgd1SSGoR8YV27eT3sBHbYiNm53bMpgSg=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI=
 github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-msgpack v1.1.5 h1:9byZdVjKTe5mce63pRVNP1L7UAmdHOTEMGehn6KvJWs=
+github.com/hashicorp/go-msgpack v1.1.5/go.mod h1:gWVc3sv/wbDmR3rQsj1CAktEZzoz1YNK9NfGLXJ69/4=
+github.com/hashicorp/go-msgpack/v2 v2.0.0 h1:c1fiLq1LNghmLOry1ipGhvLDi+/zEoaEP2JrE1oFJ9s=
+github.com/hashicorp/go-msgpack/v2 v2.0.0/go.mod h1:JIxYkkFJRDDRSoWQBSh7s9QAVThq+82iWmUpmE4jKak=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
+github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo=
+github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
+github.com/hashicorp/go-raftchunking v0.7.0 h1:APNMnCXmTOhumkFv/GpJIbq7HteWF7EnGZ3875lRN0Y=
+github.com/hashicorp/go-raftchunking v0.7.0/go.mod h1:Dg/eBOaJzE0jYKNwNLs5IA5j0OSmL5HoCUiMy3mDmrI=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
+github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/go-retryablehttp v0.6.7 h1:8/CAEZt/+F7kR7GevNHulKkUjLht3CPmn7egmhieNKo=
+github.com/hashicorp/go-retryablehttp v0.6.7/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
+github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA=
+github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg=
+github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
+github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 h1:cCRo8gK7oq6A2L6LICkUZ+/a5rLiRXFMf1Qd4xSwxTc=
+github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
+github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo=
+github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
+github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
+github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
+github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
+github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/hcl/v2 v2.16.2 h1:mpkHZh/Tv+xet3sy3F9Ld4FyI2tUpWe9x3XtPx9f1a0=
 github.com/hashicorp/hcl/v2 v2.16.2/go.mod h1:JRmR89jycNkrrqnMmvPDMd56n1rQJ2Q6KocSLCMCXng=
+github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
+github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
+github.com/hashicorp/hcp-sdk-go v0.48.0 h1:LWpFR7YVDz4uG4C/ixcy2tRbg7/BgjMcTh1bRkKaeBQ=
+github.com/hashicorp/hcp-sdk-go v0.48.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
+github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
+github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
 github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM=
 github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0=
+github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 h1:kBpVVl1sl3MaSrs97e0+pDQhSrqJv9gVbSUrPpVfl1w=
+github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0/go.mod h1:6pdNz0vo0mF0GvhwDG56O3N18qBrAz/XRIcfINfTbwo=
+github.com/hashicorp/raft v1.1.0/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM=
+github.com/hashicorp/raft v1.2.0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8=
+github.com/hashicorp/raft v1.3.11/go.mod h1:J8naEwc6XaaCfts7+28whSeRvCqTd6e20BlCU3LtEO4=
+github.com/hashicorp/raft v1.5.0 h1:uNs9EfJ4FwiArZRxxfd/dQ5d33nV31/CdCHArH89hT8=
+github.com/hashicorp/raft v1.5.0/go.mod h1:pKHB2mf/Y25u3AHNSXVRv+yT+WAnmeTX0BwVppVQV+M=
+github.com/hashicorp/raft-autopilot v0.1.6 h1:C1q3RNF2FfXNZfHWbvVAu0QixaQK8K5pX4O5lh+9z4I=
+github.com/hashicorp/raft-autopilot v0.1.6/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw=
+github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk=
+github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I=
+github.com/hashicorp/raft-boltdb v0.0.0-20220329195025-15018e9b97e0 h1:CO8dBMLH6dvE1jTn/30ZZw3iuPsNfajshWoJTnVc5cc=
+github.com/hashicorp/raft-boltdb/v2 v2.2.2 h1:rlkPtOllgIcKLxVT4nutqlTH2NRFn+tO1wwZk/4Dxqw=
+github.com/hashicorp/raft-boltdb/v2 v2.2.2/go.mod h1:N8YgaZgNJLpZC+h+by7vDu5rzsRgONThTEeUS3zWbfY=
+github.com/hashicorp/raft-wal v0.3.0 h1:Mi6RPoRbsxIIYZryI+bSTXHD97Ua6rIYO51ibYV9bkY=
+github.com/hashicorp/raft-wal v0.3.0/go.mod h1:A6vP5o8hGOs1LHfC1Okh9xPwWDcmb6Vvuz/QyqUXlOE=
 github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
 github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
+github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 h1:O6tNk0s/arubLUbLeCyaRs5xGo9VwmbQazISY/BfPK4=
+github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0/go.mod h1:We3fJplmALwK1VpjwrLuXr/4QCQHYMdnXLHmLUU6Ntg=
+github.com/hashicorp/vault/api v1.8.0/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
+github.com/hashicorp/vault/api v1.8.3 h1:cHQOLcMhBR+aVI0HzhPxO62w2+gJhIrKguQNONPzu6o=
+github.com/hashicorp/vault/api v1.8.3/go.mod h1:4g/9lj9lmuJQMtT6CmVMHC5FW1yENaVv+Nv4ZfG8fAg=
+github.com/hashicorp/vault/api/auth/gcp v0.3.0 h1:taum+3pCmOXnNgEKHlQbmgXmKw5daWHk7YJrLPP/w8g=
+github.com/hashicorp/vault/api/auth/gcp v0.3.0/go.mod h1:gnNBFOASYUaFunedTHOzdir7vKcHL3skWBUzEn263bo=
+github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
+github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg=
+github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
+github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 h1:xixZ2bWeofWV68J+x6AzmKuVM/JWCQwkWm6GW/MUR6I=
+github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
 github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU=
 github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4=
 github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE=
 github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
+github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
+github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
 github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
+github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
@@ -166,6 +579,7 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
@@ -173,21 +587,40 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
+github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
 github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
 github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
+github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=
+github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw=
+github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/go-testing-interface v1.14.0 h1:/x0XQ6h+3U3nAyk1yx+bHPURrKa9sVVvYbuqZ7pIAtI=
+github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
 github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 h1:hOY53G+kBFhbYFpRVxHl5eS7laP6B1+Cq+Z9Dry1iMU=
+github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ=
+github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
+github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/pointerstructure v1.2.1 h1:ZhBBeX8tSlRpu/FFhXH4RC4OJzFlqsQhoHZAz4x7TIw=
+github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4=
+github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
@@ -197,24 +630,48 @@ github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWK
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
 github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
+github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
+github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
+github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
+github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs=
+github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
 github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v1.1.7 h1:y2EZDS8sNng4Ksf0GUYNhKbTShZJPJg1FiXJNH/uoCk=
 github.com/opencontainers/runc v1.1.7/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
+github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
+github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A=
+github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU=
 github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
 github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
+github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
+github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
+github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
+github.com/pierrec/lz4 v2.5.2+incompatible h1:WCjObylUIOlKy/+7Abdn34TLIkXiA4UWUMhxq9m9ZXI=
+github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -224,154 +681,644 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
+github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
+github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
+github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
+github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
+github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI=
+github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
+github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
+github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/rboyer/safeio v0.2.2 h1:XhtqyUTRleMYGyBt3ni4j2BtEh669U2ry2INnnd+B4k=
 github.com/rboyer/safeio v0.2.2/go.mod h1:pSnr2LFXyn/c/fotxotyOdYy7pP/XSh6MpBmzXPjiNc=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
+github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
+github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM=
+github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY=
 github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
+github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 h1:xzABM9let0HLLqFypcxvLmlvEciCHL7+Lv+4vwZqecI=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569/go.mod h1:2Ly+NIftZN4de9zRmENdYbvPQeaVIYKWpLFStLFEBgI=
 github.com/testcontainers/testcontainers-go v0.20.1 h1:mK15UPJ8c5P+NsQKmkqzs/jMdJt6JMs5vlw2y4j92c0=
 github.com/testcontainers/testcontainers-go v0.20.1/go.mod h1:zb+NOlCQBkZ7RQp4QI+YMIHyO2CQ/qsXzNF5eLJ24SY=
+github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
+github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
+github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
+github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o=
+github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
+github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg=
+github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
+github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
+github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
+github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
+github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
+github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
+github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/zclconf/go-cty v1.12.1 h1:PcupnljUm9EIvbgSHQnHhUr3fO6oFmkOrvs2BAFNXXY=
 github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA=
+go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
+go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
+go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
+go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
+go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
+go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
+go.mongodb.org/mongo-driver v1.11.0 h1:FZKhBSTydeuffHj9CBjXlR8vQLee1cQyTWYPA6/tqiE=
+go.mongodb.org/mongo-driver v1.11.0/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
+go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
+go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
+go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
+go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE=
+go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4=
+go.opentelemetry.io/otel/sdk/metric v0.39.0 h1:Kun8i1eYf48kHH83RucG93ffz0zGV1sh46FAScOTuDI=
+go.opentelemetry.io/otel/sdk/metric v0.39.0/go.mod h1:piDIRgjcK7u0HCL5pCA4e74qpK/jk3NiUoAHATVAmiI=
+go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
+go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw=
+go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
+go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
+go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
 golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
 golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
+golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
+golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
 golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw=
+golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
 golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190424220101-1e8e1cfdf96b/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
 golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
+google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
+google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
+google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
+google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
+google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
+google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
+google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
+google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
+google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE=
+google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
+google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
+google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
+google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
+google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
+google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
 google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
+google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
+gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
+gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
-gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ=
+k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU=
+k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
+k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
+k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
+k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
+k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
+k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
+k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
+k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
+k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
+sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index dd86d232a595..ed5584d9b59a 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/avast/retry-go v3.0.0+incompatible
 	github.com/docker/docker v23.0.6+incompatible
 	github.com/docker/go-connections v0.4.0
+	github.com/evanphx/json-patch v4.12.0+incompatible
 	github.com/go-jose/go-jose/v3 v3.0.0
 	github.com/hashicorp/consul v0.0.0-00010101000000-000000000000
 	github.com/hashicorp/consul/api v1.22.0
@@ -18,9 +19,11 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-uuid v1.0.3
 	github.com/hashicorp/go-version v1.2.1
+	github.com/hashicorp/hcl v1.0.0
 	github.com/hashicorp/serf v0.10.1
 	github.com/itchyny/gojq v0.12.9
 	github.com/mitchellh/copystructure v1.2.0
+	github.com/mitchellh/mapstructure v1.5.0
 	github.com/otiai10/copy v1.10.0
 	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.8.3
@@ -31,70 +34,193 @@ require (
 )
 
 require (
+	cloud.google.com/go/compute v1.19.0 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v0.13.0 // indirect
 	fortio.org/dflag v1.5.2 // indirect
 	fortio.org/log v1.3.0 // indirect
 	fortio.org/sets v1.0.2 // indirect
 	fortio.org/version v1.0.2 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 // indirect
+	github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
+	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
+	github.com/aws/aws-sdk-go v1.44.289 // indirect
+	github.com/benbjohnson/immutable v0.4.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/boltdb/bolt v1.3.1 // indirect
+	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect
+	github.com/circonus-labs/circonusllhist v0.1.3 // indirect
 	github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 // indirect
 	github.com/containerd/containerd v1.7.1 // indirect
+	github.com/coreos/etcd v3.3.27+incompatible // indirect
+	github.com/coreos/go-oidc v2.1.0+incompatible // indirect
+	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
+	github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/docker/distribution v2.8.1+incompatible // indirect
 	github.com/docker/go-units v0.5.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
 	github.com/envoyproxy/go-control-plane v0.11.0 // indirect
 	github.com/envoyproxy/protoc-gen-validate v0.10.0 // indirect
 	github.com/fatih/color v1.14.1 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/analysis v0.21.4 // indirect
+	github.com/go-openapi/errors v0.20.3 // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.20.0 // indirect
+	github.com/go-openapi/loads v0.21.2 // indirect
+	github.com/go-openapi/runtime v0.25.0 // indirect
+	github.com/go-openapi/spec v0.20.8 // indirect
+	github.com/go-openapi/strfmt v0.21.3 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-openapi/validate v0.22.1 // indirect
+	github.com/go-ozzo/ozzo-validation v3.6.0+incompatible // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.0.1 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
+	github.com/googleapis/gax-go/v2 v2.7.1 // indirect
+	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
+	github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 // indirect
+	github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-bexpr v0.1.2 // indirect
+	github.com/hashicorp/go-connlimit v0.3.0 // indirect
 	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
-	github.com/hashicorp/go-msgpack v0.5.5 // indirect
+	github.com/hashicorp/go-memdb v1.3.4 // indirect
+	github.com/hashicorp/go-msgpack v1.1.5 // indirect
+	github.com/hashicorp/go-msgpack/v2 v2.0.0 // indirect
+	github.com/hashicorp/go-plugin v1.4.5 // indirect
+	github.com/hashicorp/go-raftchunking v0.7.0 // indirect
+	github.com/hashicorp/go-retryablehttp v0.6.7 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 // indirect
+	github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
+	github.com/hashicorp/go-syslog v1.0.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/hcp-scada-provider v0.2.3 // indirect
+	github.com/hashicorp/hcp-sdk-go v0.48.0 // indirect
+	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 // indirect
 	github.com/hashicorp/memberlist v0.5.0 // indirect
+	github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 // indirect
+	github.com/hashicorp/raft v1.5.0 // indirect
+	github.com/hashicorp/raft-autopilot v0.1.6 // indirect
+	github.com/hashicorp/raft-boltdb/v2 v2.2.2 // indirect
+	github.com/hashicorp/raft-wal v0.3.0 // indirect
+	github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 // indirect
+	github.com/hashicorp/vault/api v1.8.3 // indirect
+	github.com/hashicorp/vault/api/auth/gcp v0.3.0 // indirect
+	github.com/hashicorp/vault/sdk v0.7.0 // indirect
+	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
 	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/itchyny/timefmt-go v0.1.4 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.16.5 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/miekg/dns v1.1.50 // indirect
+	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.0 // indirect
+	github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 // indirect
+	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
+	github.com/mitchellh/pointerstructure v1.2.1 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/patternmatcher v0.5.0 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/oklog/run v1.0.0 // indirect
+	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/oklog/ulid/v2 v2.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
 	github.com/opencontainers/runc v1.1.7 // indirect
+	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
+	github.com/pierrec/lz4 v2.5.2+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
+	github.com/prometheus/client_golang v1.14.0 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/common v0.39.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
+	github.com/segmentio/fasthash v1.0.3 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect
+	go.etcd.io/bbolt v1.3.7 // indirect
+	go.mongodb.org/mongo-driver v1.11.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/otel v1.16.0 // indirect
+	go.opentelemetry.io/otel/metric v1.16.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.16.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v0.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.16.0 // indirect
+	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
 	golang.org/x/crypto v0.11.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/oauth2 v0.6.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/term v0.10.0 // indirect
 	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.9.1 // indirect
+	google.golang.org/api v0.114.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/ini.v1 v1.66.2 // indirect
+	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/api v0.26.2 // indirect
+	k8s.io/apimachinery v0.26.2 // indirect
+	k8s.io/client-go v0.26.2 // indirect
+	k8s.io/klog/v2 v2.90.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
+	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
+	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
 )
 
 replace (
diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum
index b1346cfba064..7fb07a8b4b3c 100644
--- a/test/integration/consul-container/go.sum
+++ b/test/integration/consul-container/go.sum
@@ -1,4 +1,56 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
+cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
+cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
+cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
+cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
+cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
+cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
+cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
+cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
+cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
+cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ=
+cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k=
+cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
+cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 fortio.org/assert v1.1.4 h1:Za1RaG+OjsTMpQS3J3UCvTF6wc4+IOHCz+jAOU37Y4o=
 fortio.org/dflag v1.5.2 h1:F9XVRj4Qr2IbJP7BMj7XZc9wB0Q/RZ61Ool+4YPVad8=
 fortio.org/dflag v1.5.2/go.mod h1:ppb/A8u+KKg+qUUYZNYuvRnXuVb8IsdHb/XGzsmjkN8=
@@ -13,48 +65,94 @@ fortio.org/version v1.0.2/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/DataDog/datadog-go v4.8.2+incompatible h1:qbcKSx29aBLD+5QLvlQZlGmRMF/FfGqFLFev/1TDzRo=
+github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 h1:K4N91T1+RlSlx+t2dujeDviy4ehSGVjEltluDgmeHS4=
+github.com/aliyun/alibaba-cloud-sdk-go v1.62.156/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e h1:QEF07wC0T1rKkctt1RINW/+RMTVmiwxETico2l3gxJA=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-metrics v0.0.0-20190430140413-ec5e00d3c878/go.mod h1:3AMJUQhVx52RsWOnlkpikZr01T/yAVN2gn0861vByNg=
+github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
 github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0=
 github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
+github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
 github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0=
+github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/benbjohnson/immutable v0.4.0 h1:CTqXbEerYso8YzVPxmWxh2gnoRQbbB9X1quUC8+vGZA=
+github.com/benbjohnson/immutable v0.4.0/go.mod h1:iAr8OjJGLnLmVUr9MZ/rz4PWUy6Ouc2JLYuMArmvAJM=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
+github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
+github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
+github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
+github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible h1:C29Ae4G5GtYyYMm1aztcyj/J5ckgJm2zwdDajFbx1NY=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
+github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 h1:58f1tJ1ra+zFINPlwLWvQsR9CzAKt2e+EWV2yX9oXQ4=
 github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/containerd v1.7.1 h1:k8DbDkSOwt5rgxQ3uCI4WMKIJxIndSCBUaGm5oRn+Go=
 github.com/containerd/containerd v1.7.1/go.mod h1:gA+nJUADRBm98QS5j5RPROnt0POQSMK+r7P7EGMC/Qc=
 github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
+github.com/coreos/etcd v3.3.27+incompatible h1:QIudLb9KeBsE5zyYxd1mjzRSkzLg9Wf9QlRwFgd6oTA=
+github.com/coreos/etcd v3.3.27+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM=
+github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
+github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
+github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf h1:GOPo6vn/vTN+3IwZBvXX0y5doJfSC7My0cdzelyOCsQ=
+github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E=
 github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -68,74 +166,286 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
+github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/go-control-plane v0.11.0 h1:jtLewhRR2vMRNnq2ZZUoCjUlgut+Y0+sDDWPOfwOi1o=
 github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/envoyproxy/protoc-gen-validate v0.10.0 h1:oIfnZFdC0YhpNNEX+SuIqko4cqqVZeN9IGTrhZje83Y=
 github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
+github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
+github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
 github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
+github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
+github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y=
+github.com/frankban/quicktest v1.13.0 h1:yNZif1OkDfNoDfb9zZa9aXIpejNR4F23Wely0c+Qdqk=
+github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
 github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
+github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc=
+github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo=
+github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
+github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
+github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
+github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc=
+github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
+github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
+github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
+github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
+github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
+github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
+github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
+github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
+github.com/go-openapi/runtime v0.25.0 h1:7yQTCdRbWhX8vnIjdzU8S00tBYf7Sg71EBeorlPHvhc=
+github.com/go-openapi/runtime v0.25.0/go.mod h1:Ux6fikcHXyyob6LNWxtE96hWwjBPYF0DXgVFuMTneOs=
+github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
+github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
+github.com/go-openapi/spec v0.20.8 h1:ubHmXNY3FCIOinT8RNrrPfGc9t7I1qhPtdOGoG2AxRU=
+github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
+github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
+github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
+github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o=
+github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
+github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU=
+github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
+github.com/go-ozzo/ozzo-validation v3.6.0+incompatible h1:msy24VGS42fKO9K1vLz82/GeYW1cILu7Nuuj1N3BBkE=
+github.com/go-ozzo/ozzo-validation v3.6.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU=
+github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
+github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
+github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
+github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
+github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
+github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
+github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
+github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
+github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs=
+github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
+github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
+github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk=
+github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28=
+github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo=
+github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk=
+github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw=
+github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360=
+github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg=
+github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE=
+github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8=
+github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
+github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
+github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
+github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
+github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
+github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
+github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
+github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
+github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
+github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 h1:AtvtonGEH/fZK0XPNNBdB6swgy7Iudfx88wzyIpwqJ8=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
+github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
+github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A=
+github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
+github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 h1:lLT7ZLSzGLI08vc9cpd+tYmNWjdKDqyr/2L+f6U12Fk=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
+github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 h1:1ZEjnveDe20yFa6lSkfdQZm5BR/b271n0MsB5R2L3us=
+github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706/go.mod h1:1Cs8FlmD1BfSQXJGcFLSV5FuIx1AbJP+EJGdxosoS2g=
 github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 h1:wzWurXrxfSyG1PHskIZlfuXlTSCj1Tsyatp9DtaasuY=
+github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69/go.mod h1:svUZZDvotY8zTODknUePc6mZ9pX8nN0ViGwWcUSOBEA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-bexpr v0.1.2 h1:ijMXI4qERbzxbCnkxmfUtwMyjrrk3y+Vt0MxojNCbBs=
+github.com/hashicorp/go-bexpr v0.1.2/go.mod h1:ANbpTX1oAql27TZkKVeW8p1w8NTdnyzPe/0qqPCKohU=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-connlimit v0.3.0 h1:oAojHGjFxUTTTA8c5XXnDqWJ2HLuWbDiBPTpWvNzvqM=
+github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0=
+github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
 github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0/go.mod h1:xvb32K2keAc+R8DSFG2IwDcydK9DBQE+fGA5fsw6hSk=
 github.com/hashicorp/go-memdb v1.3.4 h1:XSL3NR682X/cVk2IeV0d70N4DZ9ljI885xAEU8IoK3c=
+github.com/hashicorp/go-memdb v1.3.4/go.mod h1:uBTr1oQbtuMgd1SSGoR8YV27eT3sBHbYiNm53bMpgSg=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI=
 github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-msgpack v1.1.5 h1:9byZdVjKTe5mce63pRVNP1L7UAmdHOTEMGehn6KvJWs=
+github.com/hashicorp/go-msgpack v1.1.5/go.mod h1:gWVc3sv/wbDmR3rQsj1CAktEZzoz1YNK9NfGLXJ69/4=
+github.com/hashicorp/go-msgpack/v2 v2.0.0 h1:c1fiLq1LNghmLOry1ipGhvLDi+/zEoaEP2JrE1oFJ9s=
+github.com/hashicorp/go-msgpack/v2 v2.0.0/go.mod h1:JIxYkkFJRDDRSoWQBSh7s9QAVThq+82iWmUpmE4jKak=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
+github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo=
+github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
+github.com/hashicorp/go-raftchunking v0.7.0 h1:APNMnCXmTOhumkFv/GpJIbq7HteWF7EnGZ3875lRN0Y=
+github.com/hashicorp/go-raftchunking v0.7.0/go.mod h1:Dg/eBOaJzE0jYKNwNLs5IA5j0OSmL5HoCUiMy3mDmrI=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
+github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-retryablehttp v0.6.7 h1:8/CAEZt/+F7kR7GevNHulKkUjLht3CPmn7egmhieNKo=
+github.com/hashicorp/go-retryablehttp v0.6.7/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
+github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA=
+github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg=
+github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
+github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 h1:cCRo8gK7oq6A2L6LICkUZ+/a5rLiRXFMf1Qd4xSwxTc=
+github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
+github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo=
+github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
+github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
+github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
+github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
@@ -143,47 +453,116 @@ github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwM
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
+github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
+github.com/hashicorp/hcp-sdk-go v0.48.0 h1:LWpFR7YVDz4uG4C/ixcy2tRbg7/BgjMcTh1bRkKaeBQ=
+github.com/hashicorp/hcp-sdk-go v0.48.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
+github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
 github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM=
 github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0=
+github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 h1:kBpVVl1sl3MaSrs97e0+pDQhSrqJv9gVbSUrPpVfl1w=
+github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0/go.mod h1:6pdNz0vo0mF0GvhwDG56O3N18qBrAz/XRIcfINfTbwo=
+github.com/hashicorp/raft v1.1.0/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM=
+github.com/hashicorp/raft v1.2.0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8=
+github.com/hashicorp/raft v1.3.11/go.mod h1:J8naEwc6XaaCfts7+28whSeRvCqTd6e20BlCU3LtEO4=
 github.com/hashicorp/raft v1.5.0 h1:uNs9EfJ4FwiArZRxxfd/dQ5d33nV31/CdCHArH89hT8=
+github.com/hashicorp/raft v1.5.0/go.mod h1:pKHB2mf/Y25u3AHNSXVRv+yT+WAnmeTX0BwVppVQV+M=
 github.com/hashicorp/raft-autopilot v0.1.6 h1:C1q3RNF2FfXNZfHWbvVAu0QixaQK8K5pX4O5lh+9z4I=
+github.com/hashicorp/raft-autopilot v0.1.6/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw=
+github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk=
+github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I=
+github.com/hashicorp/raft-boltdb v0.0.0-20220329195025-15018e9b97e0 h1:CO8dBMLH6dvE1jTn/30ZZw3iuPsNfajshWoJTnVc5cc=
+github.com/hashicorp/raft-boltdb/v2 v2.2.2 h1:rlkPtOllgIcKLxVT4nutqlTH2NRFn+tO1wwZk/4Dxqw=
+github.com/hashicorp/raft-boltdb/v2 v2.2.2/go.mod h1:N8YgaZgNJLpZC+h+by7vDu5rzsRgONThTEeUS3zWbfY=
+github.com/hashicorp/raft-wal v0.3.0 h1:Mi6RPoRbsxIIYZryI+bSTXHD97Ua6rIYO51ibYV9bkY=
+github.com/hashicorp/raft-wal v0.3.0/go.mod h1:A6vP5o8hGOs1LHfC1Okh9xPwWDcmb6Vvuz/QyqUXlOE=
 github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
 github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
+github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 h1:O6tNk0s/arubLUbLeCyaRs5xGo9VwmbQazISY/BfPK4=
+github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0/go.mod h1:We3fJplmALwK1VpjwrLuXr/4QCQHYMdnXLHmLUU6Ntg=
+github.com/hashicorp/vault/api v1.8.0/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
+github.com/hashicorp/vault/api v1.8.3 h1:cHQOLcMhBR+aVI0HzhPxO62w2+gJhIrKguQNONPzu6o=
+github.com/hashicorp/vault/api v1.8.3/go.mod h1:4g/9lj9lmuJQMtT6CmVMHC5FW1yENaVv+Nv4ZfG8fAg=
+github.com/hashicorp/vault/api/auth/gcp v0.3.0 h1:taum+3pCmOXnNgEKHlQbmgXmKw5daWHk7YJrLPP/w8g=
+github.com/hashicorp/vault/api/auth/gcp v0.3.0/go.mod h1:gnNBFOASYUaFunedTHOzdir7vKcHL3skWBUzEn263bo=
+github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
+github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg=
+github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
+github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
 github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 h1:xixZ2bWeofWV68J+x6AzmKuVM/JWCQwkWm6GW/MUR6I=
+github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
 github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/itchyny/gojq v0.12.9 h1:biKpbKwMxVYhCU1d6mR7qMr3f0Hn9F5k5YykCVb3gmM=
 github.com/itchyny/gojq v0.12.9/go.mod h1:T4Ip7AETUXeGpD+436m+UEl3m3tokRgajd5pRfsR5oE=
 github.com/itchyny/timefmt-go v0.1.4 h1:hFEfWVdwsEi+CY8xY2FtgWHGQaBaC3JeHd+cve0ynVM=
 github.com/itchyny/timefmt-go v0.1.4/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
+github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
+github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
 github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
+github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
@@ -193,6 +572,7 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
@@ -201,22 +581,38 @@ github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPn
 github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
+github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
 github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
 github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
+github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=
+github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw=
+github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-testing-interface v1.14.0 h1:/x0XQ6h+3U3nAyk1yx+bHPURrKa9sVVvYbuqZ7pIAtI=
+github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 h1:hOY53G+kBFhbYFpRVxHl5eS7laP6B1+Cq+Z9Dry1iMU=
+github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ=
+github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
+github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/pointerstructure v1.2.1 h1:ZhBBeX8tSlRpu/FFhXH4RC4OJzFlqsQhoHZAz4x7TIw=
+github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4=
+github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
@@ -226,27 +622,48 @@ github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWK
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
 github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
+github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
+github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
 github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
+github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs=
+github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
 github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v1.1.7 h1:y2EZDS8sNng4Ksf0GUYNhKbTShZJPJg1FiXJNH/uoCk=
 github.com/opencontainers/runc v1.1.7/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
+github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
+github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A=
+github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU=
 github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
 github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
+github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
+github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
+github.com/pierrec/lz4 v2.5.2+incompatible h1:WCjObylUIOlKy/+7Abdn34TLIkXiA4UWUMhxq9m9ZXI=
+github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -256,31 +673,58 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
+github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
+github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
+github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI=
+github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
+github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
+github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
+github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM=
+github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
+github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@@ -289,66 +733,212 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
 github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 h1:xzABM9let0HLLqFypcxvLmlvEciCHL7+Lv+4vwZqecI=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569/go.mod h1:2Ly+NIftZN4de9zRmENdYbvPQeaVIYKWpLFStLFEBgI=
 github.com/testcontainers/testcontainers-go v0.20.1 h1:mK15UPJ8c5P+NsQKmkqzs/jMdJt6JMs5vlw2y4j92c0=
 github.com/testcontainers/testcontainers-go v0.20.1/go.mod h1:zb+NOlCQBkZ7RQp4QI+YMIHyO2CQ/qsXzNF5eLJ24SY=
+github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
+github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
+github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o=
+github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
+github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg=
+github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
+github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
+github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
+github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
+github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
+github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
+github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
+go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
+go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
+go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
+go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
+go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
+go.mongodb.org/mongo-driver v1.11.0 h1:FZKhBSTydeuffHj9CBjXlR8vQLee1cQyTWYPA6/tqiE=
+go.mongodb.org/mongo-driver v1.11.0/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
+go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
+go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
+go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
+go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE=
+go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4=
+go.opentelemetry.io/otel/sdk/metric v0.39.0 h1:Kun8i1eYf48kHH83RucG93ffz0zGV1sh46FAScOTuDI=
+go.opentelemetry.io/otel/sdk/metric v0.39.0/go.mod h1:piDIRgjcK7u0HCL5pCA4e74qpK/jk3NiUoAHATVAmiI=
+go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
+go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw=
+go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
+go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
+go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
 golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
 golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
+golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
+golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
 golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw=
+golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
 golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -357,79 +947,364 @@ golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
 golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190424220101-1e8e1cfdf96b/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
 golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
+google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
+google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
+google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
+google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
+google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
+google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
+google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
+google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
+google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE=
+google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
+google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
+google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
+google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
+google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
+google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
 google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
+google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
+gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
+gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ=
+k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU=
+k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
+k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
+k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
+k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
+k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
+k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
+k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
+k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
+k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
+sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
diff --git a/test/integration/consul-container/libs/assert/grpc.go b/test/integration/consul-container/libs/assert/grpc.go
index ec72f0a651fd..27b8ff989b2b 100644
--- a/test/integration/consul-container/libs/assert/grpc.go
+++ b/test/integration/consul-container/libs/assert/grpc.go
@@ -26,6 +26,7 @@ func GRPCPing(t *testing.T, addr string) {
 	var msg *fgrpc.PingMessage
 	retries := 0
 	retry.RunWith(&retry.Timer{Timeout: time.Minute, Wait: 25 * time.Millisecond}, t, func(r *retry.R) {
+		t.Logf("making grpc call to %s", addr)
 		retries += 1
 		msg, err = pingCl.Ping(context.Background(), &fgrpc.PingMessage{
 			// use addr as payload so we have something variable to check against
diff --git a/test/integration/consul-container/libs/cluster/agent.go b/test/integration/consul-container/libs/cluster/agent.go
index 2de346406d9e..653ef89eb066 100644
--- a/test/integration/consul-container/libs/cluster/agent.go
+++ b/test/integration/consul-container/libs/cluster/agent.go
@@ -5,12 +5,19 @@ package cluster
 
 import (
 	"context"
+	"encoding/json"
+	"fmt"
 	"io"
 
+	jsonpatch "github.com/evanphx/json-patch"
+	"github.com/hashicorp/hcl"
+	"github.com/mitchellh/mapstructure"
 	"github.com/testcontainers/testcontainers-go"
 	"google.golang.org/grpc"
 
+	agentconfig "github.com/hashicorp/consul/agent/config"
 	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/lib/decode"
 
 	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
 )
@@ -88,6 +95,30 @@ func (c Config) Clone() Config {
 	return c2
 }
 
+type decodeTarget struct {
+	agentconfig.Config `mapstructure:",squash"`
+}
+
+// MutatebyAgentConfig mutates config by applying the fields in the input hclConfig
+// Note that the precedence order is config > hclConfig, because user provider hclConfig
+// may not work with the testing environment, e.g., data dir, agent name, etc.
+// Currently only hcl config is allowed
+func (c *Config) MutatebyAgentConfig(hclConfig string) error {
+	rawConfigJson, err := convertHcl2Json(hclConfig)
+	if err != nil {
+		return fmt.Errorf("error converting to Json: %s", err)
+	}
+
+	// Merge 2 json
+	mergedConfigJosn, err := jsonpatch.MergePatch([]byte(rawConfigJson), []byte(c.JSON))
+	if err != nil {
+		return fmt.Errorf("error merging configurations: %w", err)
+	}
+
+	c.JSON = string(mergedConfigJosn)
+	return nil
+}
+
 // TODO: refactor away
 type AgentInfo struct {
 	CACertFile    string
@@ -95,3 +126,39 @@ type AgentInfo struct {
 	UseTLSForGRPC bool
 	DebugURI      string
 }
+
+func convertHcl2Json(in string) (string, error) {
+	var raw map[string]interface{}
+	err := hcl.Decode(&raw, in)
+	if err != nil {
+		return "", err
+	}
+
+	var target decodeTarget
+	var md mapstructure.Metadata
+	d, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
+		DecodeHook: mapstructure.ComposeDecodeHookFunc(
+			// decode.HookWeakDecodeFromSlice is only necessary when reading from
+			// an HCL config file. In the future we could omit it when reading from
+			// JSON configs. It is left here for now to maintain backwards compat
+			// for the unlikely scenario that someone is using malformed JSON configs
+			// and expecting this behaviour to correct their config.
+			decode.HookWeakDecodeFromSlice,
+			decode.HookTranslateKeys,
+		),
+		Metadata: &md,
+		Result:   &target,
+	})
+	if err != nil {
+		return "", err
+	}
+	if err := d.Decode(raw); err != nil {
+		return "", err
+	}
+
+	rawjson, err := json.MarshalIndent(target, "", "  ")
+	if err != nil {
+		return "", err
+	}
+	return string(rawjson), nil
+}
diff --git a/test/integration/consul-container/libs/topology/peering_topology.go b/test/integration/consul-container/libs/topology/peering_topology.go
index f51b041a8bcd..3d7fa7870eea 100644
--- a/test/integration/consul-container/libs/topology/peering_topology.go
+++ b/test/integration/consul-container/libs/topology/peering_topology.go
@@ -194,13 +194,22 @@ type ClusterConfig struct {
 	ExposedPorts []int
 }
 
+func NewCluster(
+	t *testing.T,
+	config *ClusterConfig,
+) (*libcluster.Cluster, *libcluster.BuildContext, *api.Client) {
+	return NewClusterWithConfig(t, config, "", "")
+}
+
 // NewCluster creates a cluster with peering enabled. It also creates
 // and registers a mesh-gateway at the client agent. The API client returned is
 // pointed at the client agent.
 // - proxy-defaults.protocol = tcp
-func NewCluster(
+func NewClusterWithConfig(
 	t *testing.T,
 	config *ClusterConfig,
+	serverHclConfig string,
+	clientHclConfig string,
 ) (*libcluster.Cluster, *libcluster.BuildContext, *api.Client) {
 	var (
 		cluster *libcluster.Cluster
@@ -238,6 +247,10 @@ func NewCluster(
 		serverConf.Cmd = append(serverConf.Cmd, config.Cmd)
 	}
 
+	if serverHclConfig != "" {
+		serverConf.MutatebyAgentConfig(serverHclConfig)
+	}
+
 	if config.ExposedPorts != nil {
 		cluster, err = libcluster.New(t, []libcluster.Config{*serverConf}, config.ExposedPorts...)
 	} else {
@@ -261,6 +274,9 @@ func NewCluster(
 		RetryJoin(retryJoin...)
 	clientConf := configbuiilder.ToAgentConfig(t)
 	t.Logf("%s client config: \n%s", opts.Datacenter, clientConf.JSON)
+	if clientHclConfig != "" {
+		clientConf.MutatebyAgentConfig(clientHclConfig)
+	}
 
 	require.NoError(t, cluster.AddN(*clientConf, config.NumClients, true))
 
diff --git a/test/integration/consul-container/libs/topology/service_topology.go b/test/integration/consul-container/libs/topology/service_topology.go
index 52bf217e73df..2a69ddc7cd62 100644
--- a/test/integration/consul-container/libs/topology/service_topology.go
+++ b/test/integration/consul-container/libs/topology/service_topology.go
@@ -14,7 +14,8 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func CreateServices(t *testing.T, cluster *libcluster.Cluster) (libservice.Service, libservice.Service) {
+// CreateServices
+func CreateServices(t *testing.T, cluster *libcluster.Cluster, protocol string) (libservice.Service, libservice.Service) {
 	node := cluster.Agents[0]
 	client := node.GetClient()
 
@@ -22,7 +23,7 @@ func CreateServices(t *testing.T, cluster *libcluster.Cluster) (libservice.Servi
 	serviceDefault := &api.ServiceConfigEntry{
 		Kind:     api.ServiceDefaults,
 		Name:     libservice.StaticServerServiceName,
-		Protocol: "http",
+		Protocol: protocol,
 	}
 
 	ok, _, err := client.ConfigEntries().Set(serviceDefault, nil)
@@ -37,6 +38,10 @@ func CreateServices(t *testing.T, cluster *libcluster.Cluster) (libservice.Servi
 		GRPCPort: 8079,
 	}
 
+	if protocol == "grpc" {
+		serviceOpts.RegisterGRPC = true
+	}
+
 	// Create a service and proxy instance
 	_, serverConnectProxy, err := libservice.CreateAndRegisterStaticServerAndSidecar(node, serviceOpts)
 	require.NoError(t, err)
diff --git a/test/integration/consul-container/test/basic/connect_service_test.go b/test/integration/consul-container/test/basic/connect_service_test.go
index 650db9fef079..7ad6f4f9cce7 100644
--- a/test/integration/consul-container/test/basic/connect_service_test.go
+++ b/test/integration/consul-container/test/basic/connect_service_test.go
@@ -7,6 +7,8 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/stretchr/testify/require"
+
 	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
 	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
 	"github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
@@ -37,7 +39,7 @@ func TestBasicConnectService(t *testing.T) {
 		},
 	})
 
-	_, clientService := topology.CreateServices(t, cluster)
+	_, clientService := topology.CreateServices(t, cluster, "http")
 	_, port := clientService.GetAddr()
 	_, adminPort := clientService.GetAdminAddr()
 
@@ -48,3 +50,54 @@ func TestBasicConnectService(t *testing.T) {
 	libassert.HTTPServiceEchoes(t, "localhost", port, "")
 	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", port), "static-server", "")
 }
+
+func TestConnectGRPCService_WithInputConfig(t *testing.T) {
+	serverHclConfig := `
+datacenter = "dc2"
+data_dir = "/non-existent/conssul-data-dir"
+node_name = "server-1"
+
+bind_addr = "0.0.0.0"
+max_query_time = "800s"
+	`
+
+	clientHclConfig := `
+datacenter = "dc2"
+data_dir = "/non-existent/conssul-data-dir"
+node_name = "client-1"
+
+bind_addr = "0.0.0.0"
+max_query_time = "900s"
+	`
+
+	cluster, _, _ := topology.NewClusterWithConfig(t, &topology.ClusterConfig{
+		NumServers:                1,
+		NumClients:                1,
+		ApplyDefaultProxySettings: true,
+		BuildOpts: &libcluster.BuildOptions{
+			Datacenter:             "dc1",
+			InjectAutoEncryption:   true,
+			InjectGossipEncryption: true,
+			AllowHTTPAnyway:        true,
+		},
+	},
+		serverHclConfig,
+		clientHclConfig,
+	)
+
+	// Verify the provided server config is merged to agent config
+	serverConfig := cluster.Agents[0].GetConfig()
+	require.Contains(t, serverConfig.JSON, "\"max_query_time\":\"800s\"")
+
+	clientConfig := cluster.Agents[1].GetConfig()
+	require.Contains(t, clientConfig.JSON, "\"max_query_time\":\"900s\"")
+
+	_, clientService := topology.CreateServices(t, cluster, "grpc")
+	_, port := clientService.GetAddr()
+	_, adminPort := clientService.GetAdminAddr()
+
+	libassert.AssertUpstreamEndpointStatus(t, adminPort, "static-server.default", "HEALTHY", 1)
+	libassert.GRPCPing(t, fmt.Sprintf("localhost:%d", port))
+
+	// time.Sleep(9999 * time.Second)
+}
diff --git a/test/integration/consul-container/test/gateways/ingress_gateway_test.go b/test/integration/consul-container/test/gateways/ingress_gateway_test.go
index fcadd3a0fae6..2757e5d1eef9 100644
--- a/test/integration/consul-container/test/gateways/ingress_gateway_test.go
+++ b/test/integration/consul-container/test/gateways/ingress_gateway_test.go
@@ -51,7 +51,7 @@ func TestIngressGateway(t *testing.T) {
 	clientNode := cluster.Clients()[0]
 
 	// Set up the "static-server" backend
-	serverService, _ := topology.CreateServices(t, cluster)
+	serverService, _ := topology.CreateServices(t, cluster, "http")
 
 	// Create the ingress gateway service
 	// We expose this on the client node, which already has port 9999 exposed as part of it's pause "pod"
diff --git a/test/integration/consul-container/test/observability/access_logs_test.go b/test/integration/consul-container/test/observability/access_logs_test.go
index 43931cf4ea2a..66747e6322aa 100644
--- a/test/integration/consul-container/test/observability/access_logs_test.go
+++ b/test/integration/consul-container/test/observability/access_logs_test.go
@@ -72,7 +72,7 @@ func TestAccessLogs(t *testing.T) {
 	require.NoError(t, err)
 	require.True(t, set)
 
-	serverService, clientService := topology.CreateServices(t, cluster)
+	serverService, clientService := topology.CreateServices(t, cluster, "http")
 	_, port := clientService.GetAddr()
 
 	// Validate Custom JSON
diff --git a/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go b/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go
index d0152611c878..cb9c9125b543 100644
--- a/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go
+++ b/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go
@@ -31,7 +31,7 @@ func TestTroubleshootProxy(t *testing.T) {
 		ApplyDefaultProxySettings: true,
 	})
 
-	serverService, clientService := topology.CreateServices(t, cluster)
+	serverService, clientService := topology.CreateServices(t, cluster, "http")
 
 	clientSidecar, ok := clientService.(*libservice.ConnectContainer)
 	require.True(t, ok)

From 47d445d680b6a6a2670b70dde74e9868caa35da5 Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Fri, 21 Jul 2023 20:26:00 +0530
Subject: [PATCH 200/359] Envoy Integration Test Windows (#18007)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [CONSUL-395] Update check_hostport and Usage (#40)

* [CONSUL-397] Copy envoy binary from Image (#41)

* [CONSUL-382] Support openssl in unique test dockerfile (#43)

* [CONSUL-405] Add bats to single container (#44)

* [CONSUL-414] Run Prometheus Test Cases and Validate Changes (#46)

* [CONSUL-410] Run Jaeger in Single container (#45)

* [CONSUL-412] Run test-sds-server in single container (#48)

* [CONSUL-408] Clean containers (#47)

* [CONSUL-384] Rebase and sync fork (#50)

* [CONSUL-415] Create Scenarios Troubleshooting Docs (#49)

* [CONSUL-417] Update Docs Single Container (#51)

* [CONSUL-428] Add Socat to single container (#54)

* [CONSUL-424] Replace pkill in kill_envoy function (#52)

* [CONSUL-434] Modify Docker run functions in Helper script (#53)

* [CONSUL-435] Replace docker run in set_ttl_check_state & wait_for_agent_service_register functions (#55)

* [CONSUL-438] Add netcat (nc) in the Single container Dockerfile (#56)

* [CONSUL-429] Replace Docker run with Docker exec (#57)

* [CONSUL-436] Curl timeout and run tests (#58)

* [CONSUL-443] Create dogstatsd Function (#59)

* [CONSUL-431] Update Docs Netcat (#60)

* [CONSUL-439] Parse nc Command in function (#61)

* [CONSUL-463] Review curl Exec and get_ca_root Func (#63)

* [CONSUL-453] Docker hostname in Helper functions (#64)

* [CONSUL-461] Test wipe volumes without extra cont (#66)

* [CONSUL-454] Check ports in the Server and Agent containers (#65)

* [CONSUL-441] Update windows dockerfile with version (#62)

* [CONSUL-466] Review case-grpc Failing Test (#67)

* [CONSUL-494] Review case-cfg-resolver-svc-failover (#68)

* [CONSUL-496] Replace docker_wget & docker_curl (#69)

* [CONSUL-499] Cleanup Scripts - Remove nanoserver (#70)

* [CONSUL-500] Update Troubleshooting Docs (#72)

* [CONSUL-502] Pull & Tag Envoy Windows Image (#73)

* [CONSUL-504] Replace docker run in docker_consul (#76)

* [CONSUL-505] Change admin_bind

* [CONSUL-399] Update envoy to 1.23.1 (#78)

* [CONSUL-510] Support case-wanfed-gw on Windows (#79)

* [CONSUL-506] Update troubleshooting Documentation (#80)

* [CONSUL-512] Review debug_dump_volumes Function (#81)

* [CONSUL-514] Add zipkin to Docker Image (#82)

* [CONSUL-515] Update Documentation (#83)

* [CONSUL-529] Support case-consul-exec (#86)

* [CONSUL-530] Update Documentation (#87)

* [CONSUL-530] Update default consul version 1.13.3

* [CONSUL-539] Cleanup (#91)

* [CONSUL-546] Scripts Clean-up (#92)

* [CONSUL-491] Support admin_access_log_path value for Windows (#71)

* [CONSUL-519] Implement mkfifo Alternative (#84)

* [CONSUL-542] Create OS Specific Files for Envoy Package (#88)

* [CONSUL-543] Create exec_supported.go (#89)

* [CONSUL-544] Test and Build Changes (#90)

* Implement os.DevNull

* using mmap instead of disk files

* fix import in exec-unix

* fix nmap open too many arguemtn

* go fmt on file

* changelog file

* fix go mod

* Update .changelog/17694.txt

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>

* different mmap library

* fix bootstrap json

* some fixes

* chocolatey version fix and image fix

* using different library

* fix Map funciton call

* fix mmap call

* fix tcp dump

* fix tcp dump

* windows tcp dump

* Fix docker run

* fix tests

* fix go mod

* fix version 16.0

* fix version

* fix version dev

* sleep to debug

* fix sleep

* fix permission issue

* fix permission issue

* fix permission issue

* fix command

* fix command

* fix funciton

* fix assert config entry status command not found

* fix command not found assert_cert_has_cn

* fix command not found assert_upstream_missing

* fix command not found assert_upstream_missing_once

* fix command not found get_upstream_endpoint

* fix command not found get_envoy_public_listener_once

* fix command not found

* fix test cases

* windows integration test workflow github

* made code similar to unix using npipe

* fix go.mod

* fix dialing of npipe

* dont wait

* check size of written json

* fix undefined n

* running

* fix dep

* fix syntax error

* fix workflow file

* windows runner

* fix runner

* fix from json

* fix runs on

* merge connect envoy

* fix cin path

* build

* fix file name

* fix file name

* fix dev build

* remove unwanted code

* fix upload

* fix bin name

* fix path

* checkout current branch

* fix path

* fix tests

* fix shell bash for windows sh files

* fix permission of run-test.sh

* removed docker dev

* added shell bash for tests

* fix tag

* fix win=true

* fix cd

* added dev

* fix variable undefined

* removed failing tests

* fix tcp dump image

* fix curl

* fix curl

* tcp dump path

* fix tcpdump path

* fix curl

* fix curl install

* stop removing intermediate containers

* fix tcpdump docker image

* revert -rm

* --rm=false

* makeing docker image before

* fix tcpdump

* removed case consul exec

* removed terminating gateway simple

* comment case wasm

* removed data dog

* comment out upload coverage

* uncomment case-consul-exec

* comment case consul exec

* if always

* logs

* using consul 1.17.0

* fix quotes

* revert quotes

* redirect to dev null

* Revert version

* revert consul connect

* fix version

* removed envoy connect

* not using function

* change log

* docker logs

* fix logs

* restructure bad authz

* rmeoved dev null

* output

* fix file descriptor

* fix cacert

* fix cacert

* fix ca cert

* cacert does not work in windows curl

* fix func

* removed docker logs

* added sleep

* fix tls

* commented case-consul-exec

* removed echo

* retry docker consul

* fix upload bin

* uncomment consul exec

* copying consul.exe to docker image

* copy fix

* fix paths

* fix path

* github workspace path

* latest version

* Revert "latest version"

This reverts commit 5a7d7b82d9e7553bcb01b02557ec8969f9deba1d.

* commented consul exec

* added ssl revoke best effort

* revert best effort

* removed unused files

* rename var name and change dir

* windows runner

* permission

* needs setup fix

* swtich to github runner

* fix file path

* fix path

* fix path

* fix path

* fix path

* fix path

* fix build paths

* fix tag

* nightly runs

* added matrix in github workflow, renamed files

* fix job

* fix matrix

* removed brackes

* from json

* without using job matrix

* fix quotes

* revert job matrix

* fix workflow

* fix comment

* added comment

* nightly runs

* removed datadog ci as it is already measured in linux one

* running test

* Revert "running test"

This reverts commit 7013d15a23732179d18ec5d17336e16b26fab5d4.

* pr comment fixes

* running test now

* running subset of test

* running subset of test

* job matrix

* shell bash

* removed bash shell

* linux machine for job matrix

* fix output

* added cat to debug

* using ubuntu latest

* fix job matrix

* fix win true

* fix go test

* revert job matrix

---------

Co-authored-by: Jose Ignacio Lorenzo <74208929+joselo85@users.noreply.github.com>
Co-authored-by: Franco Bruno Lavayen <cocolavayen@gmail.com>
Co-authored-by: Ivan K Berlot <ivanberlot@gmail.com>
Co-authored-by: Ezequiel Fernández Ponce <20102608+ezfepo@users.noreply.github.com>
Co-authored-by: joselo85 <joseignaciolorenzo85@gmail.com>
Co-authored-by: Ezequiel Fernández Ponce <ezequiel.fernandez@southworks.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
---
 .changelog/18007.txt                          |    3 +
 .github/scripts/get_runner_classes_windows.sh |   26 +
 .../workflows/reusable-dev-build-windows.yml  |   47 +
 .../workflows/test-integrations-windows.yml   | 1210 +++++++++++++++++
 .release/docker/docker-entrypoint-windows.sh  |   82 ++
 Dockerfile-windows                            |   51 +
 .../windows/Dockerfile-consul-dev-windows     |    4 +
 .../windows/Dockerfile-consul-local-windows   |   52 +
 .../windows/Dockerfile-openzipkin-windows     |   12 +
 .../windows/build-consul-dev-image.sh         |   14 +
 .../windows/build-consul-local-images.sh      |   92 ++
 .../windows/build-test-sds-server-image.sh    |    5 +
 build-support/windows/windows-test.md         |  119 ++
 .../envoy/Dockerfile-consul-envoy-windows     |   12 +
 .../connect/envoy/Dockerfile-tcpdump-windows  |    7 +
 .../envoy/Dockerfile-test-sds-server-windows  |    8 +
 .../integration/connect/envoy/WINDOWS-TEST.md |   40 +
 .../envoy/case-dogstatsd-udp/verify.bats      |    9 +-
 .../case-gateways-local/secondary/setup.sh    |    2 +-
 .../connect/envoy/case-grpc/service_s1.hcl    |    2 +-
 .../connect/envoy/case-grpc/verify.bats       |    2 +-
 .../connect/envoy/case-http-badauthz/setup.sh |    4 +-
 .../case-ingress-gateway-tls/verify.bats      |   10 +-
 .../case-wanfed-gw/global-setup-windows.sh    |   44 +
 .../connect/envoy/case-zipkin/verify.bats     |    7 +-
 .../connect/envoy/docker-windows.md           |   42 +
 .../connect/envoy/docs/img/linux-arch.png     |  Bin 0 -> 63964 bytes
 .../docs/img/windows-arch-singlecontainer.png |  Bin 0 -> 114040 bytes
 .../envoy/docs/img/windows-linux-arch.png     |  Bin 0 -> 61475 bytes
 .../docs/windows-testing-architecture.md      |  106 ++
 .../connect/envoy/helpers.windows.bash        | 1192 ++++++++++++++++
 test/integration/connect/envoy/main_test.go   |  100 +-
 .../connect/envoy/run-tests.windows.sh        |  908 +++++++++++++
 .../connect/envoy/windows-troubleshooting.md  |   90 ++
 34 files changed, 4283 insertions(+), 19 deletions(-)
 create mode 100644 .changelog/18007.txt
 create mode 100755 .github/scripts/get_runner_classes_windows.sh
 create mode 100644 .github/workflows/reusable-dev-build-windows.yml
 create mode 100644 .github/workflows/test-integrations-windows.yml
 create mode 100644 .release/docker/docker-entrypoint-windows.sh
 create mode 100644 Dockerfile-windows
 create mode 100644 build-support/windows/Dockerfile-consul-dev-windows
 create mode 100644 build-support/windows/Dockerfile-consul-local-windows
 create mode 100644 build-support/windows/Dockerfile-openzipkin-windows
 create mode 100644 build-support/windows/build-consul-dev-image.sh
 create mode 100644 build-support/windows/build-consul-local-images.sh
 create mode 100644 build-support/windows/build-test-sds-server-image.sh
 create mode 100644 build-support/windows/windows-test.md
 create mode 100644 test/integration/connect/envoy/Dockerfile-consul-envoy-windows
 create mode 100644 test/integration/connect/envoy/Dockerfile-tcpdump-windows
 create mode 100644 test/integration/connect/envoy/Dockerfile-test-sds-server-windows
 create mode 100644 test/integration/connect/envoy/WINDOWS-TEST.md
 create mode 100644 test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh
 create mode 100644 test/integration/connect/envoy/docker-windows.md
 create mode 100644 test/integration/connect/envoy/docs/img/linux-arch.png
 create mode 100644 test/integration/connect/envoy/docs/img/windows-arch-singlecontainer.png
 create mode 100644 test/integration/connect/envoy/docs/img/windows-linux-arch.png
 create mode 100644 test/integration/connect/envoy/docs/windows-testing-architecture.md
 create mode 100644 test/integration/connect/envoy/helpers.windows.bash
 create mode 100644 test/integration/connect/envoy/run-tests.windows.sh
 create mode 100644 test/integration/connect/envoy/windows-troubleshooting.md

diff --git a/.changelog/18007.txt b/.changelog/18007.txt
new file mode 100644
index 000000000000..b963d2f77fcd
--- /dev/null
+++ b/.changelog/18007.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+Windows: Integration tests for Consul Windows VMs
+```
diff --git a/.github/scripts/get_runner_classes_windows.sh b/.github/scripts/get_runner_classes_windows.sh
new file mode 100755
index 000000000000..c2e424d1703c
--- /dev/null
+++ b/.github/scripts/get_runner_classes_windows.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+#
+# This script generates tag-sets that can be used as runs-on: values to select runners.
+
+set -euo pipefail
+
+case "$GITHUB_REPOSITORY" in
+    *-enterprise)
+        # shellcheck disable=SC2129
+        echo "compute-small=['self-hosted', 'windows', 'small']" >> "$GITHUB_OUTPUT"
+        echo "compute-medium=['self-hosted', 'windows', 'medium']" >> "$GITHUB_OUTPUT"
+        echo "compute-large=['self-hosted', 'windows', 'large']" >> "$GITHUB_OUTPUT"
+        # m5d.8xlarge is equivalent to our xl custom runner in OSS
+        echo "compute-xl=['self-hosted', 'ondemand', 'windows', 'type=m5d.8xlarge']" >> "$GITHUB_OUTPUT"
+        ;;
+    *)
+        # shellcheck disable=SC2129
+        echo "compute-small=['windows-2019']" >> "$GITHUB_OUTPUT"
+        echo "compute-medium=['windows-2019']" >> "$GITHUB_OUTPUT"
+        echo "compute-large=['windows-2019']" >> "$GITHUB_OUTPUT"
+        echo "compute-xl=['windows-2019']" >> "$GITHUB_OUTPUT"
+        ;;
+esac
diff --git a/.github/workflows/reusable-dev-build-windows.yml b/.github/workflows/reusable-dev-build-windows.yml
new file mode 100644
index 000000000000..446fbb713663
--- /dev/null
+++ b/.github/workflows/reusable-dev-build-windows.yml
@@ -0,0 +1,47 @@
+name: reusable-dev-build-windows
+
+on:
+  workflow_call:
+    inputs:
+      uploaded-binary-name:
+        required: false
+        type: string
+        default: "consul.exe"
+      runs-on:
+        description: An expression indicating which kind of runners to use.
+        required: true
+        type: string
+      repository-name:
+        required: true
+        type: string
+      go-arch:
+        required: false
+        type: string
+        default: ""
+    secrets:
+      elevated-github-token:
+        required: true
+jobs:
+  build:
+    runs-on: 'windows-2019'
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
+      - name: Setup Git
+        if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
+        run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        with:
+          go-version-file: 'go.mod'
+      - name: Build
+        env:
+          GOARCH: ${{ inputs.goarch }}
+        run: go build .
+      # save dev build to pass to downstream jobs
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        with:
+          name: ${{inputs.uploaded-binary-name}}
+          path: consul.exe
+      - name: Notify Slack
+        if: ${{ failure() }}
+        run: .github/scripts/notify_slack.sh
diff --git a/.github/workflows/test-integrations-windows.yml b/.github/workflows/test-integrations-windows.yml
new file mode 100644
index 000000000000..d71892c78403
--- /dev/null
+++ b/.github/workflows/test-integrations-windows.yml
@@ -0,0 +1,1210 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+name: test-integrations-windows
+
+on:
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    # Run nightly at 12AM UTC/8PM EST/5PM PST.
+    - cron: '0 0 * * *'
+
+env:
+  TEST_RESULTS_DIR: /tmp/test-results
+  TEST_RESULTS_ARTIFACT_NAME: test-results
+  CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
+  GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
+  GOTESTSUM_VERSION: "1.9.0"
+  CONSUL_BINARY_UPLOAD_NAME: consul.exe
+  # strip the hashicorp/ off the front of github.repository for consul
+  CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'consul' }}
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    name: Setup
+    outputs:
+      compute-small: ${{ steps.runners.outputs.compute-small }}
+      compute-medium: ${{ steps.runners.outputs.compute-medium }}
+      compute-large: ${{ steps.runners.outputs.compute-large }}
+      compute-xl: ${{ steps.runners.outputs.compute-xl }}
+      enterprise: ${{ steps.runners.outputs.enterprise }}
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - id: runners
+        run: .github/scripts/get_runner_classes_windows.sh
+
+  dev-build:
+    uses: ./.github/workflows/reusable-dev-build-windows.yml
+    with:
+      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      repository-name: ${{ github.repository }}
+      uploaded-binary-name: 'consul.exe'
+    secrets:
+      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+
+  # NOTE: Jobs needs to be added here manually. Jobs when run together on windows fails intermittently.
+  # So they are run independently of each other.
+  envoy-integration-test:
+    needs:
+      - setup
+      - dev-build
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
+    permissions:
+      id-token: write # NOTE: this permission is explicitly required for Vault auth.
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        envoy-version: [ "1.23.10", "1.24.8", "1.25.7", "1.26.2" ]
+        xds-target: [ "server", "client" ]
+    env:
+      ENVOY_VERSION: ${{ matrix.envoy-version }}
+      XDS_TARGET: ${{ matrix.xds-target }}
+      AWS_LAMBDA_REGION: us-west-2
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Fetch binary
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
+          path: ${{ github.workspace }}
+
+      - name: Restore mode+x
+        run: chmod +x ${{ github.workspace }}\consul.exe
+
+      - name: Setup TcpDump Docker Image
+        shell: bash
+        run: |
+          cd test/integration/connect/envoy
+          curl -sSL "https://asheshvidyut-bucket.s3.ap-southeast-2.amazonaws.com/tcpdump.exe" -o tcpdump.exe
+          docker build -t envoy-tcpdump -f Dockerfile-tcpdump-windows .
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
+
+      - name: Docker build consul
+        run: docker build -t windows/consul -f Dockerfile-windows .
+
+      - name: Docker build consul local
+        shell: bash
+        run: cd build-support/windows && ./build-consul-local-images.sh
+
+      - name: Docker build consul dev
+        shell: bash
+        run: cd build-support/windows && ./build-consul-dev-image.sh
+
+      # https://hashicorp.atlassian.net/browse/NET-4973
+      # ^ Ticket to figure out why grouping test case is failing on Windows Machine
+
+      - name: Envoy Integration Tests for windows case-api-gateway-http-hostnames
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-api-gateway-http-hostnames"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-http-hostnames" -win=true
+
+      - name: Envoy Integration Tests for windows case-api-gateway-http-simple
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-api-gateway-http-simple"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-http-simple" -win=true
+
+      - name: Envoy Integration Tests for windows case-api-gateway-http-splitter-targets
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-api-gateway-http-splitter-targets"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-http-splitter-targets" -win=true
+
+      - name: Envoy Integration Tests for windows case-api-gateway-http-tls-overlapping-hosts
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-api-gateway-http-tls-overlapping-hosts"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-http-tls-overlapping-hosts" -win=true
+
+      - name: Envoy Integration Tests for windows case-api-gateway-tcp-conflicted
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-api-gateway-tcp-conflicted"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-tcp-conflicted" -win=true
+
+      - name: Envoy Integration Tests for windows case-api-gateway-tcp-simple
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-api-gateway-tcp-simple"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-tcp-simple" -win=true
+
+      - name: Envoy Integration Tests for windows case-api-gateway-tcp-tls-overlapping-hosts
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-api-gateway-tcp-tls-overlapping-hosts"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-tcp-tls-overlapping-hosts" -win=true
+
+      - name: Envoy Integration Tests for windows case-badauthz
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-badauthz"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-badauthz" -win=true
+
+      - name: Envoy Integration Tests for windows case-basic
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-basic"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-basic" -win=true
+
+      - name: Envoy Integration Tests for windows case-centralconf
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-centralconf"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-centralconf" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-resolver-cluster-peering-failover
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-resolver-cluster-peering-failover"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-cluster-peering-failover" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-resolver-dc-failover-gateways-none
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-resolver-dc-failover-gateways-none"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-dc-failover-gateways-none" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-resolver-dc-failover-gateways-remote
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-resolver-dc-failover-gateways-remote"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-dc-failover-gateways-remote" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-resolver-defaultsubset
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-resolver-defaultsubset"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-defaultsubset" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-resolver-features
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-resolver-features"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-features" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-resolver-subset-onlypassing
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-resolver-subset-onlypassing"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-subset-onlypassing" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-resolver-subset-redirect
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-resolver-subset-redirect"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-subset-redirect" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-resolver-svc-failover
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-resolver-svc-failover"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-svc-failover" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-resolver-svc-redirect-http
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-resolver-svc-redirect-http"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-svc-redirect-http" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-resolver-svc-redirect-tcp
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-resolver-svc-redirect-tcp"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-svc-redirect-tcp" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-router-features
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-router-features"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-router-features" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-splitter-cluster-peering
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-splitter-cluster-peering"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-splitter-cluster-peering" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-splitter-features
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-splitter-features"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-splitter-features" -win=true
+
+      - name: Envoy Integration Tests for windows case-cfg-splitter-peering-ingress-gateways
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cfg-splitter-peering-ingress-gateways"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-splitter-peering-ingress-gateways" -win=true
+
+      # This test runs fine on windows machine but fails on CI
+      # Task to be picked later on - https://hashicorp.atlassian.net/browse/NET-4972
+      # - name: Envoy Integration Tests for windows case-consul-exec
+      #     if: always()
+      #     shell: bash
+      #     env:
+      #       GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+      #       GOTESTSUM_FORMAT: standard-verbose
+      #       COMPOSE_INTERACTIVE_NO_CLI: 1
+      #       LAMBDA_TESTS_ENABLED: "true"
+      #       # tput complains if this isn't set to something.
+      #       TERM: ansi
+      #      run: |
+      #        #shellcheck disable=SC2001
+      #        echo "Running Integration Test case-consul-exec"
+      #        # shellcheck disable=SC2001
+      #        go test -v -timeout=30m -tags integration \
+      #            ./test/integration/connect/envoy -run="TestEnvoy/case-consul-exec" -win=true
+
+      - name: Envoy Integration Tests for windows case-cross-peer-control-plane-mgw
+        if: always()
+        shell: bash
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cross-peer-control-plane-mgw"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cross-peer-control-plane-mgw" -win=true
+
+      - name: Envoy Integration Tests for windows case-cross-peers
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cross-peers"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cross-peers" -win=true
+
+      - name: Envoy Integration Tests for windows case-cross-peers-http
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cross-peers-http"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cross-peers-http" -win=true
+
+      - name: Envoy Integration Tests for windows case-cross-peers-http-router
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cross-peers-http-router"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cross-peers-http-router" -win=true
+
+      - name: Envoy Integration Tests for windows case-cross-peers-resolver-redirect-tcp
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-cross-peers-resolver-redirect-tcp"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-cross-peers-resolver-redirect-tcp" -win=true
+
+      - name: Envoy Integration Tests for windows case-dogstatsd-udp
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-dogstatsd-udp"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-dogstatsd-udp" -win=true
+
+      - name: Envoy Integration Tests for windows case-envoyext-ratelimit
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-envoyext-ratelimit"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-envoyext-ratelimit" -win=true
+
+      - name: Envoy Integration Tests for windows case-expose-checks
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-expose-checks"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-expose-checks" -win=true
+
+      - name: Envoy Integration Tests for windows case-gateway-without-services
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-gateway-without-services"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-gateway-without-services" -win=true
+
+      - name: Envoy Integration Tests for windows case-gateways-local
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-gateways-local"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-gateways-local" -win=true
+
+      - name: Envoy Integration Tests for windows case-gateways-remote
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-gateways-remote"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-gateways-remote" -win=true
+
+      - name: Envoy Integration Tests for windows case-grpc
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-grpc"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-grpc" -win=true
+
+      - name: Envoy Integration Tests for windows case-http
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-http"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-http" -win=true
+
+      - name: Envoy Integration Tests for windows case-http-badauthz
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-http-badauthz"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-http-badauthz" -win=true
+
+      - name: Envoy Integration Tests for windows case-ingress-gateway-grpc
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-ingress-gateway-grpc"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-grpc" -win=true
+
+      - name: Envoy Integration Tests for windows case-ingress-gateway-http
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-ingress-gateway-http"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-http" -win=true
+
+      - name: Envoy Integration Tests for windows case-ingress-gateway-multiple-services
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-ingress-gateway-multiple-services"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-multiple-services" -win=true
+
+      - name: Envoy Integration Tests for windows case-ingress-gateway-peering-failover
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-ingress-gateway-peering-failover"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-peering-failover" -win=true
+
+      - name: Envoy Integration Tests for windows case-ingress-gateway-simple
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-ingress-gateway-simple"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-simple" -win=true
+
+      - name: Envoy Integration Tests for windows case-ingress-mesh-gateways-resolver
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-ingress-mesh-gateways-resolver"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-mesh-gateways-resolver" -win=true
+
+      - name: Envoy Integration Tests for windows case-l7-intentions
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-l7-intentions"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-l7-intentions" -win=true
+
+      - name: Envoy Integration Tests for windows case-multidc-rsa-ca
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-multidc-rsa-ca"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-multidc-rsa-ca" -win=true
+
+      - name: Envoy Integration Tests for windows case-prometheus
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-prometheus"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-prometheus" -win=true
+
+      - name: Envoy Integration Tests for windows case-property-override
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-property-override"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-property-override" -win=true
+
+      - name: Envoy Integration Tests for windows case-stats-proxy
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-stats-proxy"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-stats-proxy" -win=true
+
+      - name: Envoy Integration Tests for windows case-statsd-udp
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-statsd-udp"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-statsd-udp" -win=true
+
+      - name: Envoy Integration Tests for windows case-terminating-gateway-hostnames
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-terminating-gateway-hostnames"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-terminating-gateway-hostnames" -win=true
+
+      - name: Envoy Integration Tests for windows case-terminating-gateway-simple
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-terminating-gateway-simple"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-terminating-gateway-simple" -win=true
+
+      - name: Envoy Integration Tests for windows case-terminating-gateway-without-services
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-terminating-gateway-without-services"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-terminating-gateway-without-services" -win=true
+
+      - name: Envoy Integration Tests for windows case-upstream-config
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-upstream-config"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-upstream-config" -win=true
+
+      - name: Envoy Integration Tests for windows case-wanfed-gw
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-wanfed-gw"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-wanfed-gw" -win=true
+
+      - name: Envoy Integration Tests for windows case-ingress-gateway-sds
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-ingress-gateway-sds"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-sds" -win=true
+
+      - name: Envoy Integration Tests for windows case-lua
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-lua"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-lua" -win=true
+
+      - name: Envoy Integration Tests for windows case-terminating-gateway-subsets
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-terminating-gateway-subsets"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-terminating-gateway-subsets" -win=true
+
+      #      Skipping this because - https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/wasm_filter
+      #      - name: Envoy Integration Tests for windows case-wasm
+      #        shell: bash
+      #        env:
+      #          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+      #          GOTESTSUM_FORMAT: standard-verbose
+      #          COMPOSE_INTERACTIVE_NO_CLI: 1
+      #          LAMBDA_TESTS_ENABLED: "true"
+      #          # tput complains if this isn't set to something.
+      #          TERM: ansi
+      #        run: |
+      #          # shellcheck disable=SC2001
+      #          echo "Running Integration Test case-wasm"
+      #          # shellcheck disable=SC2001
+      #          go test -v -timeout=30m -tags integration \
+      #            ./test/integration/connect/envoy -run="TestEnvoy/case-wasm" -win=true
+
+      #     Skipping because of - cacert is not available in curl windows
+      #     https://www.phillipsj.net/posts/windows-curl-and-self-signed-certs/
+      #      - name: Envoy Integration Tests for windows case-ingress-gateway-tls
+      #        shell: bash
+      #        if: always()
+      #        env:
+      #          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+      #          GOTESTSUM_FORMAT: standard-verbose
+      #          COMPOSE_INTERACTIVE_NO_CLI: 1
+      #          LAMBDA_TESTS_ENABLED: "true"
+      #          # tput complains if this isn't set to something.
+      #          TERM: ansi
+      #        run: |
+      #          # shellcheck disable=SC2001
+      #          echo "Running Integration Test case-ingress-gateway-tls"
+      #          # shellcheck disable=SC2001
+      #          go test -v -timeout=30m -tags integration \
+      #            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-tls" -win=true
+
+      - name: Envoy Integration Tests for windows case-mesh-to-lambda
+        shell: bash
+        if: always()
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running Integration Test case-mesh-to-lambda"
+          # shellcheck disable=SC2001
+          go test -v -timeout=30m -tags integration \
+            ./test/integration/connect/envoy -run="TestEnvoy/case-mesh-to-lambda" -win=true
+
+
+        # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Authenticate to Vault
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: vault-auth
+        run: vault-auth
+
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Fetch Secrets
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: secrets
+        uses: hashicorp/vault-action@v2.5.0
+        with:
+          url: ${{ steps.vault-auth.outputs.addr }}
+          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
+          token: ${{ steps.vault-auth.outputs.token }}
+          secrets: |
+            kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
+
+      - name: Prepare datadog-ci
+        shell: bash
+        if: ${{ !endsWith(github.repository, '-enterprise') }}
+        run: |
+          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/download/v2.17.2/datadog-ci_win-x64.exe" --output "C:/datadog-ci"
+          chmod +x C:/datadog-ci
+
+      - name: Upload coverage
+        # do not run on forks
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        env:
+          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
+          DD_ENV: ci
+        run: C:/datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
+
+  test-integrations-success:
+    needs:
+      - envoy-integration-test
+      - upgrade-integration-test
+    runs-on: 'ubuntu-latest'
+    if: ${{ always() }}
+    steps:
+      - name: evaluate upstream job results
+        run: |
+          # exit 1 if failure or cancelled result for any upstream job
+          if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then
+            printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
+            exit 1
+          fi
\ No newline at end of file
diff --git a/.release/docker/docker-entrypoint-windows.sh b/.release/docker/docker-entrypoint-windows.sh
new file mode 100644
index 000000000000..776b8113ced3
--- /dev/null
+++ b/.release/docker/docker-entrypoint-windows.sh
@@ -0,0 +1,82 @@
+#!/usr/bin/dumb-init /bin/sh
+set -e
+
+# Note above that we run dumb-init as PID 1 in order to reap zombie processes
+# as well as forward signals to all processes in its session. Normally, sh
+# wouldn't do either of these functions so we'd leak zombies as well as do
+# unclean termination of all our sub-processes.
+# As of docker 1.13, using docker run --init achieves the same outcome.
+
+# You can set CONSUL_BIND_INTERFACE to the name of the interface you'd like to
+# bind to and this will look up the IP and pass the proper -bind= option along
+# to Consul.
+CONSUL_BIND=
+if [ -n "$CONSUL_BIND_INTERFACE" ]; then
+  CONSUL_BIND_ADDRESS=$(ip -o -4 addr list $CONSUL_BIND_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
+  if [ -z "$CONSUL_BIND_ADDRESS" ]; then
+    echo "Could not find IP for interface '$CONSUL_BIND_INTERFACE', exiting"
+    exit 1
+  fi
+
+  CONSUL_BIND="-bind=$CONSUL_BIND_ADDRESS"
+  echo "==> Found address '$CONSUL_BIND_ADDRESS' for interface '$CONSUL_BIND_INTERFACE', setting bind option..."
+fi
+
+# You can set CONSUL_CLIENT_INTERFACE to the name of the interface you'd like to
+# bind client intefaces (HTTP, DNS, and RPC) to and this will look up the IP and
+# pass the proper -client= option along to Consul.
+CONSUL_CLIENT=
+if [ -n "$CONSUL_CLIENT_INTERFACE" ]; then
+  CONSUL_CLIENT_ADDRESS=$(ip -o -4 addr list $CONSUL_CLIENT_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
+  if [ -z "$CONSUL_CLIENT_ADDRESS" ]; then
+    echo "Could not find IP for interface '$CONSUL_CLIENT_INTERFACE', exiting"
+    exit 1
+  fi
+
+  CONSUL_CLIENT="-client=$CONSUL_CLIENT_ADDRESS"
+  echo "==> Found address '$CONSUL_CLIENT_ADDRESS' for interface '$CONSUL_CLIENT_INTERFACE', setting client option..."
+fi
+
+# CONSUL_DATA_DIR is exposed as a volume for possible persistent storage. The
+# CONSUL_CONFIG_DIR isn't exposed as a volume but you can compose additional
+# config files in there if you use this image as a base, or use CONSUL_LOCAL_CONFIG
+# below.
+CONSUL_DATA_DIR=C:\\consul\\data
+CONSUL_CONFIG_DIR=C:\\consul\\config
+
+# You can also set the CONSUL_LOCAL_CONFIG environemnt variable to pass some
+# Consul configuration JSON without having to bind any volumes.
+if [ -n "$CONSUL_LOCAL_CONFIG" ]; then
+	echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json"
+fi
+
+# If the user is trying to run Consul directly with some arguments, then
+# pass them to Consul.
+if [ "${1:0:1}" = '-' ]; then
+    set -- consul "$@"
+fi
+
+# Look for Consul subcommands.
+if [ "$1" = 'agent' ]; then
+    shift
+    set -- consul agent \
+        -data-dir="$CONSUL_DATA_DIR" \
+        -config-dir="$CONSUL_CONFIG_DIR" \
+        $CONSUL_BIND \
+        $CONSUL_CLIENT \
+        "$@"
+elif [ "$1" = 'version' ]; then
+    # This needs a special case because there's no help output.
+    set -- consul "$@"
+elif consul --help "$1" 2>&1 | grep -q "consul $1"; then
+    # We can't use the return code to check for the existence of a subcommand, so
+    # we have to use grep to look for a pattern in the help output.
+    set -- consul "$@"
+fi
+
+# NOTE: Unlike in the regular Consul Docker image, we don't have code here
+# for changing data-dir directory ownership or using su-exec because OpenShift
+# won't run this container as root and so we can't change data dir ownership,
+# and there's no need to use su-exec.
+
+exec "$@"
\ No newline at end of file
diff --git a/Dockerfile-windows b/Dockerfile-windows
new file mode 100644
index 000000000000..14582908db55
--- /dev/null
+++ b/Dockerfile-windows
@@ -0,0 +1,51 @@
+FROM mcr.microsoft.com/windows/servercore:ltsc2019
+ARG VERSION=1.16.0
+
+ENV chocolateyVersion=1.4.0
+
+LABEL org.opencontainers.image.authors="Consul Team <consul@hashicorp.com>" \
+      org.opencontainers.image.url="https://www.consul.io/" \
+      org.opencontainers.image.documentation="https://www.consul.io/docs" \
+      org.opencontainers.image.source="https://github.com/hashicorp/consul" \
+      org.opencontainers.image.version=$VERSION \
+      org.opencontainers.image.vendor="HashiCorp" \
+      org.opencontainers.image.title="consul" \
+      org.opencontainers.image.description="Consul is a datacenter runtime that provides service discovery, configuration, and orchestration." \
+      version=${VERSION}
+
+RUN ["powershell", "Set-ExecutionPolicy", "Bypass", "-Scope", "Process", "-Force;"]
+RUN ["powershell", "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))"]
+
+RUN choco install git.install -yf
+RUN SETX /M path "%PATH%;C:\Program Files\Git\bin"
+
+RUN mkdir C:\\consul
+RUN mkdir C:\\consul\\data
+RUN mkdir C:\\consul\\config
+
+# Server RPC is used for communication between Consul clients and servers for internal
+# request forwarding.
+EXPOSE 8300
+
+# Serf LAN and WAN (WAN is used only by Consul servers) are used for gossip between
+# Consul agents. LAN is within the datacenter and WAN is between just the Consul
+# servers in all datacenters.
+EXPOSE 8301 8301/udp 8302 8302/udp
+
+# HTTP and DNS (both TCP and UDP) are the primary interfaces that applications
+# use to interact with Consul.
+EXPOSE 8500 8600 8600/udp
+
+#ENV CONSUL_URL=https://releases.hashicorp.com/consul/${VERSION}/consul_${VERSION}_windows_amd64.zip
+#RUN curl %CONSUL_URL% -L -o consul.zip
+#RUN tar -xf consul.zip -C consul
+
+COPY consul.exe C:\\consul
+
+COPY .release/docker/docker-entrypoint-windows.sh C:\\docker-entrypoint-windows.sh
+ENTRYPOINT ["bash.exe", "docker-entrypoint-windows.sh"]
+
+# By default you'll get an insecure single-node development server that stores
+# everything in RAM, exposes a web UI and HTTP endpoints, and bootstraps itself.
+# Don't use this configuration for production.
+CMD ["agent", "-dev", "-client", "0.0.0.0"]
diff --git a/build-support/windows/Dockerfile-consul-dev-windows b/build-support/windows/Dockerfile-consul-dev-windows
new file mode 100644
index 000000000000..4e35ccb6e5eb
--- /dev/null
+++ b/build-support/windows/Dockerfile-consul-dev-windows
@@ -0,0 +1,4 @@
+ARG VERSION=1.16.0
+
+FROM windows/consul:${VERSION}-local
+COPY dist/ C:\\consul
diff --git a/build-support/windows/Dockerfile-consul-local-windows b/build-support/windows/Dockerfile-consul-local-windows
new file mode 100644
index 000000000000..992c48c286a2
--- /dev/null
+++ b/build-support/windows/Dockerfile-consul-local-windows
@@ -0,0 +1,52 @@
+ARG VERSION=1.13.3
+
+FROM windows/test-sds-server as test-sds-server
+FROM docker.mirror.hashicorp.services/windows/openzipkin as openzipkin
+FROM windows/consul:${VERSION}
+
+# Fortio binary downloaded
+RUN mkdir fortio
+ENV FORTIO_URL=https://github.com/fortio/fortio/releases/download/v1.33.0/fortio_win_1.33.0.zip
+RUN curl %FORTIO_URL% -L -o fortio.zip
+RUN tar -xf fortio.zip -C fortio
+
+RUN choco install openssl -yf
+RUN choco install jq -yf
+RUN choco install netcat -yf
+RUN choco install openjdk -yf
+
+# Install Bats
+ENV BATS_URL=https://github.com/bats-core/bats-core/archive/refs/tags/v1.7.0.zip
+RUN curl %BATS_URL% -L -o bats.zip
+RUN mkdir bats-core
+RUN tar -xf bats.zip -C bats-core --strip-components=1
+RUN cd "C:\\Program Files\\Git\\bin" && bash.exe -c "/c/bats-core/install.sh /c/bats"
+
+# Install Jaeger
+ENV JAEGER_URL=https://github.com/jaegertracing/jaeger/releases/download/v1.11.0/jaeger-1.11.0-windows-amd64.tar.gz
+RUN curl %JAEGER_URL% -L -o jaeger.tar.gz
+RUN mkdir jaeger
+RUN tar -xf jaeger.tar.gz -C jaeger --strip-components=1
+
+# Install Socat
+ENV SOCAT_URL=https://github.com/tech128/socat-1.7.3.0-windows/archive/refs/heads/master.zip
+RUN curl %SOCAT_URL% -L -o socat.zip
+RUN mkdir socat
+RUN tar -xf socat.zip -C socat --strip-components=1
+
+# Copy test-sds-server binary and certs
+COPY --from=test-sds-server ["C:/go/src/", "C:/test-sds-server/"]
+
+# Copy openzipkin .jar file
+COPY --from=openzipkin ["C:/zipkin", "C:/zipkin"]
+
+EXPOSE 8300
+EXPOSE 8301 8301/udp 8302 8302/udp
+EXPOSE 8500 8600 8600/udp
+EXPOSE 8502 
+
+EXPOSE 19000 19001 19002 19003 19004
+EXPOSE 21000 21001 21002 21003 21004
+EXPOSE 5000 1234 2345
+
+RUN SETX /M path "%PATH%;C:\consul;C:\fortio;C:\jaeger;C:\Program Files\Git\bin;C:\Program Files\Git\usr\bin;C:\Program Files\OpenSSL-Win64\bin;C:\bats\bin\;C:\ProgramData\chocolatey\lib\jq\tools;C:\socat"
diff --git a/build-support/windows/Dockerfile-openzipkin-windows b/build-support/windows/Dockerfile-openzipkin-windows
new file mode 100644
index 000000000000..b23867f0b22c
--- /dev/null
+++ b/build-support/windows/Dockerfile-openzipkin-windows
@@ -0,0 +1,12 @@
+FROM docker.mirror.hashicorp.services/windows/openjdk:1809
+
+RUN mkdir zipkin
+RUN curl.exe -sSL 'https://search.maven.org/remote_content?g=io.zipkin&a=zipkin-server&v=LATEST&c=exec' -o zipkin/zipkin.jar
+
+EXPOSE 9410/tcp
+
+EXPOSE 9411/tcp
+
+WORKDIR /zipkin
+
+ENTRYPOINT ["java", "-jar", "zipkin.jar"]
\ No newline at end of file
diff --git a/build-support/windows/build-consul-dev-image.sh b/build-support/windows/build-consul-dev-image.sh
new file mode 100644
index 000000000000..4c03f2f9b007
--- /dev/null
+++ b/build-support/windows/build-consul-dev-image.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+cd ../../
+rm -rf dist
+
+export GOOS=windows GOARCH=amd64
+VERSION=1.16.0
+CONSUL_BUILDDATE=$(date +"%Y-%m-%dT%H:%M:%SZ")
+GIT_IMPORT=github.com/hashicorp/consul/version
+GOLDFLAGS=" -X $GIT_IMPORT.Version=$VERSION -X $GIT_IMPORT.VersionPrerelease=dev -X $GIT_IMPORT.BuildDate=$CONSUL_BUILDDATE "
+
+go build -ldflags "$GOLDFLAGS" -o ./dist/ .
+
+docker build -t windows/consul:${VERSION}-dev -f build-support/windows/Dockerfile-consul-dev-windows . --build-arg VERSION=${VERSION}
diff --git a/build-support/windows/build-consul-local-images.sh b/build-support/windows/build-consul-local-images.sh
new file mode 100644
index 000000000000..eaa7cc10562c
--- /dev/null
+++ b/build-support/windows/build-consul-local-images.sh
@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+
+readonly HASHICORP_DOCKER_PROXY="docker.mirror.hashicorp.services"
+
+# Build Consul Version 1.13.3 / 1.12.6 / 1.11.11
+VERSION=${VERSION:-"1.16.0"}
+export VERSION
+
+# Build Windows Envoy Version 1.23.1 / 1.21.5 / 1.20.7
+ENVOY_VERSION=${ENVOY_VERSION:-"1.23.1"}
+export ENVOY_VERSION
+
+echo "Building Images"
+
+
+# Pull Windows Servercore image
+echo " "
+echo "Pull Windows Servercore image"
+docker pull mcr.microsoft.com/windows/servercore:1809
+# Tag Windows Servercore image
+echo " "
+echo "Tag Windows Servercore image"
+docker tag mcr.microsoft.com/windows/servercore:1809 "${HASHICORP_DOCKER_PROXY}/windows/servercore:1809"
+
+
+# Pull Windows Nanoserver image
+echo " "
+echo "Pull Windows Nanoserver image"
+docker pull mcr.microsoft.com/windows/nanoserver:1809
+# Tag Windows Nanoserver image
+echo " "
+echo "Tag Windows Nanoserver image"
+docker tag mcr.microsoft.com/windows/nanoserver:1809 "${HASHICORP_DOCKER_PROXY}/windows/nanoserver:1809"
+
+
+# Pull Windows OpenJDK image
+echo " "
+echo "Pull Windows OpenJDK image"
+docker pull openjdk:windowsservercore-1809
+# Tag Windows OpenJDK image
+echo " "
+echo "Tag Windows OpenJDK image"
+docker tag openjdk:windowsservercore-1809 "${HASHICORP_DOCKER_PROXY}/windows/openjdk:1809"
+
+# Pull Windows Golang image
+echo " "
+echo "Pull Windows Golang image"
+docker pull golang:1.18.1-nanoserver-1809
+# Tag Windows Golang image
+echo " "
+echo "Tag Windows Golang image"
+docker tag golang:1.18.1-nanoserver-1809 "${HASHICORP_DOCKER_PROXY}/windows/golang:1809"
+
+
+# Pull Kubernetes/pause image
+echo " "
+echo "Pull Kubernetes/pause image"
+docker pull mcr.microsoft.com/oss/kubernetes/pause:3.6
+# Tag Kubernetes/pause image
+echo " "
+echo "Tag Kubernetes/pause image"
+docker tag mcr.microsoft.com/oss/kubernetes/pause:3.6 "${HASHICORP_DOCKER_PROXY}/windows/kubernetes/pause"
+
+# Pull envoy-windows image
+echo " "
+echo "Pull envoyproxy/envoy-windows image"
+docker pull envoyproxy/envoy-windows:v${ENVOY_VERSION}
+# Tag envoy-windows image
+echo " "
+echo "Tag envoyproxy/envoy-windows image"
+docker tag envoyproxy/envoy-windows:v${ENVOY_VERSION} "${HASHICORP_DOCKER_PROXY}/windows/envoy-windows:v${ENVOY_VERSION}"
+
+# Build Windows Openzipkin Image
+docker build -t "${HASHICORP_DOCKER_PROXY}/windows/openzipkin" -f Dockerfile-openzipkin-windows .
+
+
+# Build Windows Test sds server Image
+./build-test-sds-server-image.sh
+
+
+# Build windows/consul:${VERSION} Image
+echo " "
+echo "Build windows/consul:${VERSION} Image"
+docker build -t "windows/consul:${VERSION}" -f ../../Dockerfile-windows ../../ --build-arg VERSION=${VERSION}
+
+
+# Build windows/consul:${VERSION}-local Image
+echo " "
+echo "Build windows/consul:${VERSION}-local Image"
+docker build -t windows/consul:${VERSION}-local -f ./Dockerfile-consul-local-windows . --build-arg VERSION=${VERSION}
+
+echo "Building Complete!"
diff --git a/build-support/windows/build-test-sds-server-image.sh b/build-support/windows/build-test-sds-server-image.sh
new file mode 100644
index 000000000000..25de3dadbec7
--- /dev/null
+++ b/build-support/windows/build-test-sds-server-image.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+cd ../../test/integration/connect/envoy
+
+docker build -t windows/test-sds-server -f ./Dockerfile-test-sds-server-windows test-sds-server
diff --git a/build-support/windows/windows-test.md b/build-support/windows/windows-test.md
new file mode 100644
index 000000000000..5295e40757ef
--- /dev/null
+++ b/build-support/windows/windows-test.md
@@ -0,0 +1,119 @@
+# Dockerfiles for Windows Integration Tests
+
+## Index
+
+- [About](#about-this-file)
+- [Consul Windows](#consul-windows)
+- [Consul Windows Local](#consul-windows-local)
+- [Consul Windows Dev](#consul-windows-dev)
+- [Dockerfile-openzipkin-windows](#dockerfile-openzipkin-windows)
+
+## About this File
+
+In this file you will find which Docker images that need to be pre-built to run the Envoy integration tests on Windows, as well as information on how to run each of these files individually for testing purposes.
+
+## Consul Windows
+
+The Windows/Consul:_{VERSION}_ image is built from the "Dockerfile-windows" file located at the root of the project.
+To do this, the official [windows/servercore image](https://hub.docker.com/_/microsoft-windows-servercore) is used as base image.
+To build the image, use the following command:
+
+```shell
+docker build -t windows/consul -f Dockerfile-windows . --build-arg VERSION=${VERSION}
+```
+
+You can test the built file by running the following command:
+
+```shell
+docker run --rm -p 8300:8300 -p 8301:8301 -p 8302:8302 -p 8500:8500 -p 8600:8600 --name consul --hostname "consul-primary-server" --network-alias "consul-primary-server" windows/consul agent -dev -datacenter "primary" -grpc-port -1 -client "0.0.0.0" -bind "0.0.0.0"
+```
+
+If everything works properly you should openning the browser and check the Consul UI running on: `http://localhost:8500`
+
+## Consul Windows Local
+
+The Windows/Consul:_{VERSION}_-local custom image deployed in the "Dockerfile-consul-local-windows" DockerFile is built from the selected by the shell script _build-consul-local-images.sh_.
+When executing it, all the tools required to run the Windows Connect Envoy Integration Tests will be added to the image.
+It is necessary that the _"windows/consul"_ image has been built first. This script also takes care of that.  
+
+To build this image you need to run the following command on your terminal:
+
+```shell
+./build-consul-local-images.sh
+```
+
+> [!NOTE]
+> Shell script execution may vary depending on your terminal, we recommend using **Git Bash** for Windows.  
+
+```shell
+docker run --rm -p 8300:8300 -p 8301:8301 -p 8302:8302 -p 8500:8500 -p 8600:8600 --name consul-local --hostname "consul-primary-server" --network-alias "consul-primary-server" windows/consul:_{VERSION}_-local agent -dev -datacenter "primary" -grpc-port -1 -client "0.0.0.0" -bind "0.0.0.0"
+```
+
+If everything works properly you can use your browser and check the Consul UI running on: `http://localhost:8500`
+
+## Consul Windows Dev
+
+The Windows/Consul:_{VERSION}_-dev custom image deployed in the "Dockerfile-consul-dev-windows" DockerFile is generated by the shell script named _build-consul-dev-image.sh_.
+When executing it, the compilation of Consul is carried out and it is saved in the _"dist"_ directory, this file is then copied to the _"windows/consul:_{VERSION}_-dev"_ image.
+It is necessary that the _"windows/consul_{VERSION}_-local"_ image has been built first.
+
+To build this image you need to run the following command on your terminal:
+
+```shell
+./build-consul-dev-image.sh
+```
+
+> [!NOTE]
+> Shell script execution may vary depending on your terminal, we recommend using **Git Bash** for Windows.  
+
+You can test the built file by running the following command:
+
+```shell
+docker run --rm -p 8300:8300 -p 8301:8301 -p 8302:8302 -p 8500:8500 -p 8600:8600 --name consul-local --hostname "consul-primary-server" --network-alias "consul-primary-server" windows/consul:_{VERSION}_-dev agent -dev -datacenter "primary" -grpc-port -1 -client "0.0.0.0" -bind "0.0.0.0"
+```
+
+If everything works properly you can use your browser and check the Consul UI running on: `http://localhost:8500`
+
+## Dockerfile-openzipkin-windows
+
+Due to the unavailability of an official Openzipkin Docker image for Windows, the [openjdk Windows image](https://hub.docker.com/layers/openjdk/library/openjdk/jdk-windowsservercore-1809/images/sha256-b0cc238d2ec5fb58109a0006ff9e1bcaf66a5301f49bcb8dece9599ac5be6331) was used, where the latest self-contained executable Openzipkin .jar file is downloaded.
+
+To build this image you need to run the following command on your terminal:
+
+```shell
+docker build -t openzipkin -f Dockerfile-openzipkin-windows .
+```
+
+You can test the built file by running the following command:
+
+```shell
+docker run --rm --name openzipkin
+```
+
+If everything works as it should, you will see the zipkin logo being displayed, along with the current version and port configuration:
+
+```shell
+:: version 2.23.18 :: commit 4b71677 ::
+
+20XX-XX-XX XX:XX:XX.XXX  INFO [/] 1252 --- [oss-http-*:9411] c.l.a.s.Server                           : Serving HTTP at /[0:0:0:0:0:0:0:0]:9411 - http://127.0.0.1:9411/
+```
+
+# Testing
+
+During development, it may be more convenient to check your work-in-progress by running only the tests which you expect to be affected by your changes, as the full test suite can take several minutes to execute. [Go's built-in test tool](https://golang.org/pkg/cmd/go/internal/test/) allows specifying a list of packages to test and the `-run` option to only include test names matching a regular expression.
+The `go test -short` flag can also be used to skip slower tests.
+
+Examples (run from the repository root):
+
+- `go test -v ./connect` will run all tests in the connect package (see `./connect` folder)
+- `go test -v -run TestRetryJoin ./command/agent` will run all tests in the agent package (see `./command/agent` folder) with name substring `TestRetryJoin`
+
+When a pull request is opened CI will run all tests and lint to verify the change.
+
+If you want to run the tests on Windows images you must attach the win=true flag.
+
+Example:
+
+```shell
+go test -v -timeout=30m -tags integration ./test/integration/connect/envoy -run="TestEnvoy/case-badauthz" -win=true
+```
diff --git a/test/integration/connect/envoy/Dockerfile-consul-envoy-windows b/test/integration/connect/envoy/Dockerfile-consul-envoy-windows
new file mode 100644
index 000000000000..b760fd5754f7
--- /dev/null
+++ b/test/integration/connect/envoy/Dockerfile-consul-envoy-windows
@@ -0,0 +1,12 @@
+# From Consul Version 1.13.3 / 1.12.6 / 1.11.11
+ARG VERSION=1.16.0-dev
+# From Envoy version 1.23.1 / 1.21.5 / 1.20.7
+ARG ENVOY_VERSION
+
+FROM docker.mirror.hashicorp.services/windows/envoy-windows:v${ENVOY_VERSION} as envoy
+FROM windows/consul:${VERSION}
+
+# Copy envoy.exe from FROM windows/envoy-windows:${ENVOY_VERSION}
+COPY --from=envoy ["C:/Program Files/envoy/", "C:/envoy/"]
+
+RUN SETX /M path "%PATH%;C:\envoy;"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/Dockerfile-tcpdump-windows b/test/integration/connect/envoy/Dockerfile-tcpdump-windows
new file mode 100644
index 000000000000..cbf5041630b9
--- /dev/null
+++ b/test/integration/connect/envoy/Dockerfile-tcpdump-windows
@@ -0,0 +1,7 @@
+FROM mcr.microsoft.com/windows/servercore:ltsc2019
+
+COPY ["tcpdump.exe", "C:/Program Files/"]
+
+ENTRYPOINT ["C:/Program Files/tcpdump.exe"]
+
+# docker.exe build -t envoy-tcpdump -f Dockerfile-tcpdump-windows .
diff --git a/test/integration/connect/envoy/Dockerfile-test-sds-server-windows b/test/integration/connect/envoy/Dockerfile-test-sds-server-windows
new file mode 100644
index 000000000000..fc5e45b88d35
--- /dev/null
+++ b/test/integration/connect/envoy/Dockerfile-test-sds-server-windows
@@ -0,0 +1,8 @@
+FROM docker.mirror.hashicorp.services/windows/golang:1809
+
+WORKDIR /go/src
+COPY ./ .
+
+RUN go build -v -o test-sds-server.exe sds.go
+
+CMD ["test-sds-server.exe"]
diff --git a/test/integration/connect/envoy/WINDOWS-TEST.md b/test/integration/connect/envoy/WINDOWS-TEST.md
new file mode 100644
index 000000000000..d9217f7a385a
--- /dev/null
+++ b/test/integration/connect/envoy/WINDOWS-TEST.md
@@ -0,0 +1,40 @@
+# Envoy Integration Tests on Windows
+
+## Index
+
+- [About](#about)
+- [Pre-built core images](#pre-built-core-images)
+- [Test images](#integration-test-images)
+- [Run Tests](#run-tests)
+
+## About
+
+This file is the entrypoint to understand how to execute Envoy integration tests on Windows as well as to understand the differences between Linux tests and Windows tests. Below you can find a list of relevant documentation that has been written while working on supporting the Envoy integration tests on Windows.
+
+- [Windows Testing Architecture](test/integration/connect/envoy/docs/windows-testing-architecture.md): On this file you will find why the testing architecture on Windows differs from Linux's.
+- [Build Images](build-support-windows/BUILD-IMAGES.md): Here you will find how to build the images required for executing the tests.
+- [Windows Troubleshooting](test/integration/connect/envoy/WindowsTroubleshooting.md): This file lists, among other things everything we needed to change/adapt for the existing tests to run in Windows containers.
+
+## Pre-built core images
+
+Before running the integration tests, you must pre-build the core images that the tests require to be ran on the Windows environment. Make sure to check out the `BUILD-IMAGES` file [here](build-support-windows/BUILD-IMAGES.md) for this purpose.
+
+## Integration test images
+
+During the execution of the integration tests, several images are built based-on the pre-built core images. To get more information about these and how to run them independently, please check out the `docker.windows` file [here](test/integration/connect/envoy/docker.windows.md).
+
+## Run tests
+
+To run all the integration tests, you need to execute next command
+
+```shell
+go test -v -timeout=30s -tags integration ./test/integration/connect/envoy -run="TestEnvoy" -win=true
+```
+
+To run a single test case, the name should be specified. For instance, to run the `case-badauthz` test, you need to execute next command
+
+```shell
+go test -v -timeout=30m -tags integration ./test/integration/connect/envoy -run="TestEnvoy/case-badauthz" -win=true
+```
+
+> :warning: Note that the flag `-win=true` must be specified as shown in the above commands. This flag is very important because the same allows to indicate that the tests will be executed on the Windows environment. When executing the Envoy integration tests the **End of Line Sequence** of every related file and or script will be automatically changed from **LF to CRLF**.  
diff --git a/test/integration/connect/envoy/case-dogstatsd-udp/verify.bats b/test/integration/connect/envoy/case-dogstatsd-udp/verify.bats
index 55b0ad76849c..dfc238ad6d9d 100644
--- a/test/integration/connect/envoy/case-dogstatsd-udp/verify.bats
+++ b/test/integration/connect/envoy/case-dogstatsd-udp/verify.bats
@@ -24,14 +24,11 @@ load helpers
 }
 
 @test "s1 proxy should be sending metrics to statsd" {
-  run retry_default cat /workdir/primary/statsd/statsd.log
+  run retry_default must_match_in_statsd_logs '^envoy\.' primary  
 
-  echo "METRICS:"
-  echo "$output"
-  echo "COUNT: $(echo "$output" | grep -Ec '^envoy\.')"
+  echo "METRICS: $output"
 
-  [ "$status" == 0 ]
-  [ $(echo $output | grep -Ec '^envoy\.') -gt "0" ]
+  [ "$status" == 0 ]  
 }
 
 @test "s1 proxy should be sending dogstatsd tagged metrics" {
diff --git a/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh b/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh
index 938135c9f4ff..68fd765ad029 100644
--- a/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh
@@ -9,4 +9,4 @@ register_services secondary
 
 gen_envoy_bootstrap s2 19001 secondary
 gen_envoy_bootstrap mesh-gateway 19003 secondary true
-retry_default docker_consul secondary curl -s  "http://localhost:8500/v1/catalog/service/consul?dc=primary" >/dev/null
+retry_default docker_consul secondary curl -s  "http://localhost:8500/v1/catalog/service/consul?dc=primary" > /dev/null
diff --git a/test/integration/connect/envoy/case-grpc/service_s1.hcl b/test/integration/connect/envoy/case-grpc/service_s1.hcl
index b22ba221fa1d..1a7295424011 100644
--- a/test/integration/connect/envoy/case-grpc/service_s1.hcl
+++ b/test/integration/connect/envoy/case-grpc/service_s1.hcl
@@ -20,7 +20,7 @@ services {
           protocol = "grpc"
           envoy_dogstatsd_url = "udp://127.0.0.1:8125"
           envoy_stats_tags = ["foo=bar"]
-          envoy_stats_flush_interval = "1s"
+          envoy_stats_flush_interval = "5s"
         }
       }
     }
diff --git a/test/integration/connect/envoy/case-grpc/verify.bats b/test/integration/connect/envoy/case-grpc/verify.bats
index 422258a0c0ef..fc7ca15b5b94 100644
--- a/test/integration/connect/envoy/case-grpc/verify.bats
+++ b/test/integration/connect/envoy/case-grpc/verify.bats
@@ -43,7 +43,7 @@ load helpers
     metrics_query='envoy.cluster.grpc.PingServer.total.*[#,]local_cluster:s1(,|$)'
   fi
 
-  run retry_default must_match_in_statsd_logs "${metrics_query}"
+  run retry_long must_match_in_statsd_logs "${metrics_query}"
   echo "OUTPUT: $output"
 
   [ "$status" == 0 ]
diff --git a/test/integration/connect/envoy/case-http-badauthz/setup.sh b/test/integration/connect/envoy/case-http-badauthz/setup.sh
index 6bd91b1f4e66..66a58741297d 100644
--- a/test/integration/connect/envoy/case-http-badauthz/setup.sh
+++ b/test/integration/connect/envoy/case-http-badauthz/setup.sh
@@ -5,10 +5,10 @@
 
 set -eEuo pipefail
 
+register_services primary
+
 # Setup deny intention
 setup_upsert_l4_intention s1 s2 deny
 
-register_services primary
-
 gen_envoy_bootstrap s1 19000 primary
 gen_envoy_bootstrap s2 19001 primary
diff --git a/test/integration/connect/envoy/case-ingress-gateway-tls/verify.bats b/test/integration/connect/envoy/case-ingress-gateway-tls/verify.bats
index 61eaaf97ccdf..92a158e51b6a 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-tls/verify.bats
+++ b/test/integration/connect/envoy/case-ingress-gateway-tls/verify.bats
@@ -19,7 +19,7 @@ load helpers
 }
 
 @test "ingress-gateway should have healthy endpoints for s1" {
-  assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1
+   assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1
 }
 
 @test "should be able to connect to s1 through the TLS-enabled ingress port" {
@@ -29,8 +29,8 @@ load helpers
   run retry_default curl --cacert <(get_ca_root) -s -f -d hello \
     --resolve s1.ingress.consul:9998:127.0.0.1 \
     https://s1.ingress.consul:9998
-  [ "$status" -eq 0 ]
-  [[ "$output" == *"hello"* ]]
+    [ "$status" -eq 0 ]
+    [[ "$output" == *"hello"* ]]
 }
 
 @test "should be able to connect to s1 through the TLS-enabled ingress port using the custom host" {
@@ -38,6 +38,6 @@ load helpers
   run retry_default curl --cacert <(get_ca_root) -s -f -d hello \
     --resolve test.example.com:9999:127.0.0.1 \
     https://test.example.com:9999
-  [ "$status" -eq 0 ]
-  [[ "$output" == *"hello"* ]]
+    [ "$status" -eq 0 ]
+    [[ "$output" == *"hello"* ]]
 }
diff --git a/test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh b/test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh
new file mode 100644
index 000000000000..c63b12a12fe6
--- /dev/null
+++ b/test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# initialize the outputs for each dc
+for dc in primary secondary; do
+    rm -rf "workdir/${dc}/tls"
+    mkdir -p "workdir/${dc}/tls"
+done
+
+container="consul-envoy-integ-tls-init--${CASE_NAME}"
+
+scriptlet="
+mkdir /out ;
+cd /out ;
+consul tls ca create ;
+consul tls cert create -dc=primary -server -node=pri ;
+consul tls cert create -dc=secondary -server -node=sec ;
+"
+
+docker.exe rm -f "$container" &>/dev/null || true
+docker.exe run -i --net=none --name="$container" windows/consul:local bash -c "${scriptlet}"
+
+# primary
+for f in \
+    consul-agent-ca.pem \
+    primary-server-consul-0-key.pem \
+    primary-server-consul-0.pem \
+    ; do
+    docker.exe cp "${container}:C:\\Program Files\\Git\\out\\$f" workdir/primary/tls
+done
+
+# secondary
+for f in \
+    consul-agent-ca.pem \
+    secondary-server-consul-0-key.pem \
+    secondary-server-consul-0.pem \
+    ; do
+    docker.exe cp "${container}:C:\\Program Files\\Git\\out\\$f" workdir/secondary/tls
+done
+
+# Private keys have 600 perms but tests are run as another user
+chmod 666 workdir/primary/tls/primary-server-consul-0-key.pem
+chmod 666 workdir/secondary/tls/secondary-server-consul-0-key.pem
+
+docker.exe rm -f "$container" >/dev/null || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-zipkin/verify.bats b/test/integration/connect/envoy/case-zipkin/verify.bats
index d771d523639a..509345689069 100644
--- a/test/integration/connect/envoy/case-zipkin/verify.bats
+++ b/test/integration/connect/envoy/case-zipkin/verify.bats
@@ -35,14 +35,17 @@ load helpers
   # Send traced request through upstream. Debug echoes headers back which we can
   # use to get the traceID generated (no way to force one I can find with Envoy
   # currently?)
-  run curl -s -f -H 'x-client-trace-id:test-sentinel' localhost:5000/Debug
+  # Fixed from /Debug -> /debug. Reason: /Debug return null
+  run curl -s -f -H 'x-client-trace-id:test-sentinel' localhost:5000/debug -m 5
 
   echo "OUTPUT $output"
 
   [ "$status" == "0" ]
 
   # Get the traceID from the output
-  TRACEID=$(echo $output | grep 'X-B3-Traceid:' | cut -c 15-)
+  # Replaced grep by jq to filter the TraceId.
+  # Reason: Grep did not filter and return the entire raw string and the test was failing
+  TRACEID=$(echo $output | jq -rR 'split("X-B3-Traceid: ") | last' | cut -c -16)
 
   # Get the trace from Jaeger. Won't bother parsing it just seeing it show up
   # there is enough to know that the tracing config worked.
diff --git a/test/integration/connect/envoy/docker-windows.md b/test/integration/connect/envoy/docker-windows.md
new file mode 100644
index 000000000000..a9f2bbcaca1c
--- /dev/null
+++ b/test/integration/connect/envoy/docker-windows.md
@@ -0,0 +1,42 @@
+# Docker Files for Windows Integration Tests
+
+## Index
+
+- [About](#about-this-file)
+- [Pre-requisites](#pre-requisites)
+- [Dockerfile-test-sds-server-windows](#dockerfile-test-sds-server-windows)
+
+## About this File
+
+In this file you will find which Dockerfiles are needed to run the Envoy integration tests on Windows, as well as information on how to run each of these files individually for testing purposes.
+
+## Pre-requisites
+
+After building and running the images and containers, you need to have pre-built the base images used by these Dockerfiles. See [pre-built images required in Windows](../../../../build-support-windows/BUILD-IMAGES.md)
+
+## Dockerfile-test-sds-server-windows
+
+This file sole purpose is to build the test-sds-server executable using Go. To do so, we use an official [golang image](https://hub.docker.com/_/golang/) provided in docker hub with Windows nano server.
+To build this image you need to run the following command on your terminal:
+
+```shell
+docker build -t test-sds-server -f Dockerfile-test-sds-server-windows test-sds-server
+```
+
+This is the same command used in run-tests.sh
+
+You can test the built file by running the following command:
+
+```shell
+docker run --rm -p 1234:1234 --name test-sds-server test-sds-server
+```
+
+If everything works properly you should get the following output:
+
+```shell
+20XX-XX-XXTXX:XX:XX.XXX-XXX [INFO]  Loaded cert from file: name=ca-root
+20XX-XX-XXTXX:XX:XX.XXX-XXX [INFO]  Loaded cert from file: name=foo.example.com
+20XX-XX-XXTXX:XX:XX.XXX-XXX [INFO]  Loaded cert from file: name=wildcard.ingress.consul
+20XX-XX-XXTXX:XX:XX.XXX-XXX [INFO]  Loaded cert from file: name=www.example.com
+20XX-XX-XXTXX:XX:XX.XXX-XXX [INFO]  ==> SDS listening: addr=0.0.0.0:1234
+```
diff --git a/test/integration/connect/envoy/docs/img/linux-arch.png b/test/integration/connect/envoy/docs/img/linux-arch.png
new file mode 100644
index 0000000000000000000000000000000000000000..710b83b24570baad3e673b71d2c59c8e8018edd5
GIT binary patch
literal 63964
zcmeGEcQl+)+cykLFCuygL5SW-5Is?YD8r22Ym82GLPYPKM2kU;nbD125~4>pdWqf%
zqPO=P$#vb|{j6uL_xt->-&nJpCo_BRqaXWs9QzDaRhGlMPkA2)2M167wX_-z&aKBd
zIM-M1UI+e?m{XVs{JQ3>CMStg*z<T5xVdThO6e62PDwQGnei>){+`2YZD$;uht1gc
zwKjXW84k{|qrCJhu)D#=`F0V**r%D$eP5oMqCZVR($zTiIvgKbd`v02eCV!`lTG4U
zSG$gxhEbsIy$$~n7r?;PH$u_HU`xO_KyuR|g#GU1hoC3c!%tHATA+pFieEa^@GvGt
zKFIdlkp+e3hgDsJ9N=ojLH!mB{?z&H?(J$72^V@kd$Z~G_K5c0J0I$LJ$jtq%gCm^
zn2D&1RXNA582duqgi-#zGLj*{{Jp|q_lMv9d#Obz&Hwl6Ti6rCwZE4dH$ixRuZrnI
zpntFYNMC`u=b8d>RmAp(rl+SjCo03O&-JREWFo_wo15pxDTf#jH`g%8mcKI>H@_po
z#3dwi>6bQ<5Pc%&Hb^*NAEPqy^_@AtHzeh<F^;xooSRJW%=ARG3HL7SE_T`d`St5d
z)op3}a$S2L-*m>IjybGsaBxPAd&n@3&ZQkOYGv}P(o{b8F4U$xWreq+{#eMMDP7hJ
zN{{DS!aK(&Cgzp@lH>P63LFeeiV_wUu5sJWNUOA;NqSP}Fx!+A0(Fz}39m)171Vkv
z>!oV7y<QGowk7+=niy>cM09j?LD3Jg=}#PDUTQmJnksx%LxKMo<|jZFx>mL0^|hwf
zX|b~<oc!?M;IZ#)Qy{>DHG`f0e$W|t`2$A9)(5u~TV(v8s!lso7II<FWY8OHzD<du
z;^JImd3yDp{K8-SCMxYG$Uv!SlsXq~c6g$`a|D^v?S^{K>YV=|D4n_=ZO3yUAgPUx
zoI`JEzz>+SQ{w8`!ev|@6Y(w_NmkiV-!8FS7~!FQYC_^sX<g@fg8O^N#~qJz+7oZA
zC(`@JU%3^h$iRf9of!StCAlGHAIMEOh>1Y=*}8^a_S~wexhbZt;wZKcW~ouNBOR`c
zBFtLxr)Y2>J|6aw3Hj+k->01A=dlll3A;VH3#uUmP5s1Ep?Edi8cSuL)J{t~O8gNz
zoQeBaN;dbLWn3CkYqWY_gB6coC+NJ&H-f(sTD*t%h+dlrECU-SP#&1RPe9kCo15<F
z=O9)Me*Y&q0g?0BfHR9UDb@K64Jy$#w`3~dHY_WDSGA&)`U}$rC`Sz1LSvd20up4*
zz1P@BqdqgVe6%1b8>;vtWb$~A0D|5+wy<*#m=Sk*QSSJMxyj@RR(;2$^7Lu6hY0Z%
z6O0s7*b!2_AshiU1Zsl=?1=k>srOz{)qr28@~4wNeCzZTCqAc$KKGn0`fgrI<sDdN
zQ-+6dpE4nYA3JAj;mKwMK2wgs<~@@axCaoop+_TRr9y)MFEma|)|(y~d#F@weK_jz
zk4hQ_{0jCp(X1ow62hohL=YgUkdNTJsl`|=rJDHe#&QL{F_~a|>W@CjE*ag#xN>!l
z(Ho2=crZ@`JVqadNiu`Jj;)^)q+dTxP&OLjFDq9>J@33NM1D1@5pqQiZ1_nG&M~A<
zAgSnIU1h<-cX3ZB0V8Uccj?`eurVZdZ?&pdd-b`?lT!bdIF(V>rlOw5G&Hi_t=Gcd
zmB#tIhQSdKwJ?wOA~N#5Z|mEpbB?#i_Qc<XWVLuDTP;<z3c5)KEQ*QR=MdT~QD4o9
zgF|Im2q%*nOuMlDBg*zYtwT~V5sa9q5l(=xciW5HVVsjsCo^OsACAQM%2|>riW}z@
z8<GlOtbWleiCJxs^#2f*7wWaoV_6+b?#-6K-TE2s7`nFhLfiZ3ug9^80hIL8&DxPa
zM!-43Om}a|Sv`eSJfoU%lR@R?a$dO0_gv{=E10{=c@}eYRMZ)FCoY2_##kf}8J1xk
z{9{wyD<HnRGcujtQ$$6rXK#X4L0E>%{bQ2(bRkdo<nYlguNOhwI&zeU)ANyojzpKb
z53eXIhHwyJj%l{*s8Z=NOBo)P46*$Ta1PvnzoMM3rgmhFb<t^1x1F*U(VR~3-Z4WD
z=h@y9B<$p|76s-zR=@2fUB=eW#@Zs<nBF8G*;A@sl=Zt;C8A`%-WtovLkDk~EPdnX
z1LMiqsN%J0uhD|^zXXrI2$x2Oq+;R(2S&-_;~Yv889$Kh%3tpoQ0`H{WtII75+$)<
z870tkyrUJXX(>^QeyLO)a`zLWw12kGO8I{9Dms5r@*b}5*o!Ws+0rn#fqFIPSwd#g
zZg^0pL@GhQ?xTYvWz_FcNaw{$Mv3~1M|>{dxpY22BS^9ApwM|hcaRrNj3+S7N@&dM
zI^z|c<C-7#;%`te@&cTvVn+ZJN}rpPf{J>h4i@<YdNX<6bI8D63P!RJ+QJpHzRz*J
zYwZq9BJSpC32;CYMbQ>@O84qV-({tEj^v};j=V$F;(Qp8E?FU~NrZ>`scA7iQ9!pa
z>2CO$rk@0}=CA>O**O-}JmkzAC>N`^c=DGs6#>tr(barjRc`H6@~;?u<TPI&zor(_
zEb6=;YlGo53pi2Rsd`Gy!m3SmGPy5JTu>h7fga#s6eHV(TpMUjs`BI{d`ACfzbe?#
zm){dv+F$s9)G;FL#kck`oy0hgU*n*yP}RCiR<SLcW&0uA#Kb{7G!z`aZunui_enra
z-ek=8Ehtj%NBU)5Fs6h8<(fXj6y5YR^6TEWdCuS8{w*?0`9Dz==kxz-*u3%Aicoj|
z^PT_KNc@KhA#s#>W-9PMuZqM<dd`|1l9w|Hrq=Q&B$$@JURNuQRNAEk=LF|p$bNbo
zgqM2j|GOLWW$Aq&jsqd=`9^kj_MCsL!~Pni-f`~esHzIPXrtv<;ARW$<B&B&uwk9M
z<JXkwWgrCrf_jbX=I0xpuh7-IUCG?!Ba|^FZtRI?xQ%~|9Sc4k5xfFi4%zmD{qBpB
zx8Qp7Er-V7o7e#(D5dvbm%RA=t-B{N8h#<O|NZ;-P$Q_6=jn94*FzEJ=8!dyUGB5`
zavFsD_YV~F`~#zmPt9FM;KR$FA_|^b1egrB6Uv6@OmxOw?07edKf=blc1tFyQiGEZ
ziM65%y`>94U=h|rgZi4rM*HPl#pJL<?|?YH^;AKXi@?U@;o1mB6E3}~FC%qSPmya2
z*B=+TA##Gvrwyj4>+S$!<NFyrlmUkJ!z=v=J26udy?~UER{}#rNm_K`=%mqAKt6%_
zva%RYfqSoHSg^M(82<3j@52Gl<dOx7`mN2)7O~5Agm5)Z+f#&K;NeTd=EG}!U0K-m
z7QZ6EJZ%Y|xW^&KA7;YY@e-y3WKb;^XWZX~{kRP3C@wisrT5uAo-t7G9|SznEatBc
z3<we29>`TZkjCo_6ItMM>fVYNhuCg8th;6Tc!#XL#P==dvYTlr5SP}(z?}9*ro=|u
z_b*L@nN^D(XNK-{Is|90rkO{pF7C*}75n3l?0>)62$*~)s?2dYQ+1f<pROlrwm4oC
zbv)&G9(J!WF3b(xWN57!9!BCJO=_pZ%a*G-=AnrUmgFt*nr{cC#PJ5aq&ZeJaSf0z
z+I>iJP>cL<2mPg)=|G-I+(K<<rI-pm!@{wAl6lKy`Oc2YO*WcpHZ2zlfO?~em*8lU
zq5vd%ouZ#549(CSx)wv6Wr?y$HN#LhF*!I=dnliDha+ISE3!<`11fG*r!>h=X)Tv8
z!4eOt?`6Q*vM)rQ2&ctLn5lj7)MFrSF(1`PF*oROa(Kr*pYf9zLsnm*FYj(PO1%BW
z&Ge9NndcZ;Pl?ykW3x4VUyyT%xW%1TwpMcc>z|zK97@zrM4S>MV(;TC87tQ)a<O|8
ztYJhZPkG9bj?RoF1dx@7aMF=&sLun<$W}rmO^@u^MU2l6M1mJG2iH^YK5m{3gev$B
zK-f1|f4Chi5Ju*u(<P)9{>{RnAw8*IxL7)EI-}o2?R`C>XDvz*WidY;*F4v%_6uRb
znT8U;(DE~g2nwn_2Q)$6{?6Pdn9gVs&RAC8pNwN_%qd}TxENjHx$FIU2v?zzWrt}f
zqllRb$sb+zyue_G?)USN{)-(%?Cr({RqtmrkW}KG7=?{HBlfXRO^Vkx<vW<$OjP1S
z9M20U`8Bl>GxF5y(^Pah)ZA%*GM+mc)=<X&9%F>jY$KlqKc*%gzuc`d+JM|*8K}7N
z^OG9_6XUd}yVTHvGZn9w*Xupw;+CDIDZ{m8*H&VtHz_&p^<r9lmcF{F#T|d4Kc6!a
zjt0^4Y?YlF&JH6#%55ue(P7zg@DW~k_fxic0hyPl3m;j16H@vZO$K?x(T}EyDrRd9
zf5W)vq(hU%^ar6}Vr<CCTE9yIi7-GeuKd*xDq_s|s<K7;uR~p}dTEHZRf@Zai`h|M
zhyRaTi*9Ptb=FbC<c)`f0{G;;>5i{rTMFW;Tc9sM-mfg_Wn~$}zOk`WmQp-BsA7)&
zLq#~cIw;GW65qP4oA$mmyZ@F{R0<+%B`X)zzIOPg{17aC4nF^Y4C^_<DYiY!|8Q6g
z?PJ-UrJI;1%1~fCUZW<uu~Qgg)h@G(DyP`K=2DxZQk&-~`Z(T;h&siM3w$TqODhuV
zlZ{eefi>NgQZ?V{5JNF+CQ2;2yd?ztl7e>vn2|TS3hNXkR@)wQG0s*jbWj)XhGA;i
z4olU+UH!Z;5Q(*X5HTjJ>TIcHIvSvw=58Zn#a=44bk2-b?2L?;j$?{JdYaqKR1f1>
zH(R=g?0BYmr$w`Jnt?&I!SDIkH0YT;=WggMOC^$?Hp*{wuvzVj%n^3XYfSPU&g7{k
z)AdqmZq$#`@xr;J(Mm(cZSKsY0$ikGB?d0F!$@BKDjRW*$h53xF}%Q_k(cyH-02%0
zLnSJof7E?l+5l-fk3rwce%$rS)5P>W#->o;Dn7t_+#@O1C%&y~amtyCeAU4$2NwRW
z5lc$=FcOwkZZ6oY2SGin-xwMg>G-z33>6ZV#VUM<159{J(#x$f=-7uSszjffk%>O{
zx%bPEn0)1mxf?S3B4eI6@9Z@-ZNKlqEqiuSB&AW`JupsPC_AO_Lz;MJM=g<5q(VL|
zURgs#VEV};ve9u(@mOzN_atrbyJR}KSg0Oo*s`imWK@5@dVEb89V-7_<a-6EP_&<z
znO}H}4C(m0YQqG?Df!wum<1`M!uieXr4P%hdi04iUj%c97>IeEz-c+qBmw1Gs`{!v
zktQna2M#v+R}f3Pw604PESj0s)x>8}6x~>KB%Dw59$Izhq}CTL4hrKL6S5*<$}@20
z)5v;7Dq!#*12+K`?EAbnWT)NsjJ0>M(9g>Wh>uqaoWJoJo>6>`F`xC<z7COI$2h9<
za&w&VB}6=Y{rknsw<)dy__YM_5JzU+(3DBy?E!eVc2WpEi3RZ;a9*Zs>G@i*d8%0o
zX?6&ddeXdoua(qG<(l!bC)vCPqDS-S2}kIotv6et2N^+DQlqS*co4T=X!eDlnIxXU
zEN?z0mKfO!?!eFAKcYRxM12mPW~H4S?&!{fRP9cB0Oa~{-UOwGx;U{r%C)T@XoW+w
zv^*r!(L{&(X(-P*@gKrv3b*&pvZb<FhU5OYKH(z35Yf;@ONnUTyK8>TncODlXHWn;
zKe)R}=EZ=I!h==K)WvugO5E>sc*URfw3nXkPC3o@?{&p`jd6|}YnWIlSCCC~O+iD;
z>-5DrGMgqz-l&Z?BpqTUT5(T)Y7^#@O{LZ3z20Z;TslWlY||6^kWFiLvaLR%`&siq
z$aBv4HpU=QEz8s#J`S%A4c1#kB($;Dgg|MZZM|ve-KbwXr0@H-2-c8i{#5Y3)owLJ
z;!Z~-VtE&iaOZv#)ls!44u&!JK<5M<$CR<g{NMphc-|a}j<K7g64jA~`oN8f;tN6}
z$XoY@F&|7m8$)Q9T&yyD-@V0V2mE1cObs6%9o>CPG$3R0gv8VcZ5qjNwzT-#ob}Vb
zv4w_X!TJ(bxQ;7Yq5PqAx`~j0_k}@LmQ1a>`wZj}C=U@=gO^8~2XCx<%MhZ@?fuK6
zieJZ(!vXXR=FW#2(%n!+-X?pujb1L;xbScQrC_1b>2RVKb6b`Fi`HGcRsUer4#Ekt
zK5Ra*dJj|t)s!cXmFpH#lp)E_DGO*?02ThWB;H+#R4;b8oPUOkmG34X-+ne_?QX`m
zt++azxTY;!wK|_YjlGvVF)hf9DtyoG4vS<&@y?ZZ@)RMMfBY69SC1awFK7#!)?XC<
z$@k=4Y;32Rwsp{Bf-n}l#r*fdtg`Z?L#LF9ikk3@K4rSQ$R##OGY#X}UP&41cGHpB
zRA<b)^_LMFD+mdGxT>EsG6Nn8e<sWP{AH#@kD9Z`rS-D3CfXAA<-rIOY_Fs!!MvX;
zO~~vNIZ@D^PJ22SOOx<c%p#%_VbuapFhE{IFgqpvc(5pY{=qG_GwBbjxI0Ql#@UXK
z<~2rD4%{eGq+wD7{k2mFkwca4euAOS3|L0$AxVc)8;`U6kA1LqJ*rHAc~mfykV~qM
zzTT_VT~P@B*gPiq7~RgXDwOtTo&&VWWi_^%13IjG6ZwxDC*&9$5&yuNKeqDNB>$Vx
zOR(lqp}dQr%y&nX_AU@3`Q7bXf;Bmnim+6;277}o@hvIP^1m+wXdFB2o-#9y;0Nsd
zp2n6k=y$8%<B!(E+VUDnI5*tXinzGEp9*Iep9RVh8j?U>jm(=}G<_8dmqCXh7>@L#
z*WS?*V8s03LFrAjLy(#G*m3+4$6kS`D?QlfW*BlKb7OqEbXW}T3tR>p9Tg-6is|HA
z=x?4*I0<VS%gM<dUsR;RFEB%wIokQ={FGA~=}?*6&&H<GSaSw8HX7g6wfNmwJosvV
zT3&a?f`Z>ZkG=x=D05^Xw_Oz3Do<wLXo$o90gJ^R1eh+9oyjx%A0F?u9{k(x$UcC1
zYR|R3<x0Qk+nC+3)Lu-;yZOrU-*<RS2r%rb=Vj#)A3uI<ktn^jr*#}63BKAheOtnA
zKVJR23HkrueEa_e9th>ZHFgXt)TlRT{(;LByj}OhzQQlIFD2~Lou!60`2PEk5a=k!
z|NW+x34ys}*DOr<QLI<%s#Gx3;8UApeEUC2_wyheYGuU#ne`ES*4#2VreOEzO?L#`
z&U{gj<lpW%)sh2N!*DUj&1KktTIg&#5;cED&ZVcSqF~Yr>>D3Ge5e4!lXhXp5Mt7^
zWYA5cqocAViScBB6&MjD>AwdPy>4L-tZS;M!cT;g4PzKf7}!R`;Tp6#NJW#NxNvJ(
zaAoO<uJ%PnYSi*e?lxg6s)?FP^P($6ec5bmQI7G0Cn06{X&(t@Ab0n5wy;&CEwHsV
z%VV9+%LuFOEamjkmp@_*wfvxBo^O+G<NMqa71O+$V@rq*Wow1i)D&=v9QMV^?(lwt
zzANydp<eSXNxBK@ZfzYd<@AEw@cUkMQR`JQC43^i=y5pv(a`&xC$7k69d~=uhck}*
z{l<;3%j0ATq71`}-&FVp4P+hjmf|@$^+9sgVWA7X;+N&u!7A?4@Atpzgfi$4$R?L7
z6)AT5yOeG0X2-p(zZ==&^EM1h7mY5tm6tB*%Azu+{Y<yJ<_js>+QBZN(`f|34|Z(v
zSDSTP)|YYvQ5)}ex!O{niV8o6n{eKPeU6MQFxNdm+{XF%eU8S+{l#{W@&7QzNMDC2
zFQD$Hu=?xI3bvhZIT;tqAL8fR6j<w;ts)VU>jI$_0bx~C-LBbjTQFf+hNqti2rIty
zW@nG<PidEE#s42X=b_jZ_g3Y=p}0RI5d6PL=mgJ{CB`LC2ZjDph`Qa$59*X*s|i_K
z35qecEYoK-o>6nv;)Z#?%9IQCG(a)_U&n4dIx#N6!TH)!+7+#EeV_h0+2Qx=r3@CY
zwSweiU#n(uAp0y>=a2NHl75f^?z`AX;Nba0q(Uh?X<77Y=(f%qtF~v<y&nvsTm%Fv
zT<p6HFgQj$N0e;eemhL#HUH1JS#kMliQ29T-Aj67+UY@@LQsAx^Tm7hpPxRn41*pj
zy<Q|6K~*T2)~<3O%4VK+PDS;1yd}lZlRx68eEomuM@s9QL3mkxy%?t<fSBm$;phU+
zn&L{g;pAB*Rrtf1pW+<Dax6OB)hrcC$+jPNu+<|<E2u4+Jifxo!g^~o7hD4q%i3W&
z(v_Bn)!gU<hYxTvE<0Fnwp2PdHinFij_Ookm7a$JGj{>NJO)2fxR8aB4m)!)F55>(
zTCVGJPP`hwxE}I|hO8NDxgKX(WobPF41?o?>!-DlwVs<Y`)-$*%(rf51$h#B$8ELe
z^AbnRG;)8cxzC6(Uq?E7TayF}S#Wf_tY=OnODvA;q+}+wQiA!R@((1*Fk5>U7Y!R#
zDy1p$AhF|gSwFg0V0?g|_)54fpZml6jP8|pf#tw%6_Vh~iPWO*!o<Lt<MhTqwZ6-y
z1FaCPw$0A6US!<mZ;6xCL|?ShewCs`)rGp3-lgS330mIu=^>5vkOh){Ui&pf+L*d+
zp>6v`S)}89*!5y`o%12ur28(26N_&R7wR|Auh3J?uB^N+;NCxf=|%xyb^du<|Fasl
z=Sfpq*EjjFE~kJ1lax<N6uhe$t6%Y61}*YbGSChH&2&|KwJyASk2BBr>^sViG6Z0s
z3%XiKZy8zVZ>6Ba)~eKf+}+)0n{M6N*xo*sEs1aKJOJu)4<{xjtVtJo)XtTKwdAvy
zyk~Tk^Ud$Ti98Y#)T?)oXb*;TEpPcA1vAgI-v3Z=pR`C#`S!yKxGUshTl|qir?1t4
z_mf13ub%Wr7qdl8;)f3>PwGl=?q<|TJm}(*cvnGYEsN~aay9)AI~Bnq$5X!h%$L)R
zm$WR$nip$^;VE0X+c2G71F`<~#`@#Wq7zRM=V*sb<nObsnd21ExZznVyAWsv7nLT7
zUx9fB{GsHRusPwDnJTW(M-P+ecv-92(X86y>?b$1k&38JS4g5T>HFVWxoL|f4YpxW
zjD@Yu_aY`Uq|VqU?G0j>=e0rv^mUbex40McPbyr$U+Xi?#T&a)%T^^8aCdIq{D-d5
zSPc^hgWB!{{yrkAlKzrVknX#_ir?mzLHdiTf~fxT*mnnip#wHvs;*rM$-8dWm5rFY
zT_p20PNT=Q^()70ie95k{u+3_P`$mUNq47Tutjm*^KRUCUM{>Jya&iH=g0B4?mU-q
z*~lHGg0cjCS<?I1&hN#s)wnrIN)vKQrrnPRVaYQ!$r%SbKWFgWcX?M4Yo`aosYn8<
zh9R}3K$>=uXU=YH>{}6N6AHaI?v-~4D}Y6I>a6S7Bb~+&+TZ!WeM;@bykzA>$S}ur
zI)roK#_O71yAi~Tr+I*BQfl$ng7#ls*OFg%4mZ9P%;t)QzOD$b?G4k^e#Ex!`PuXu
z!9Ua6E7!vDDc&VS=fZSSpXZ1s`K#qUyqmMLkX%^y29IQW9IQ9jM?c8c@8<ZdA=`SN
zqCLLSp@xoCcElb;DTZJA+raNf-g?nV(X>v2POZgfV3hp|NJ-FB-R1|iP5fSUTfP<O
zZdj+d+wk>C_!`HmIzzEO)dXBnn*ZByDIlNj9J2+$Ud383Y{HM&(BRxZIiea_vP7Dn
z0rpE(b%s>%X@hlte7*(K5!R5$*qb9yHhbH-^+Yun#ib!VPPJ<l!t-`ir$~_ju394w
zoa-R52iPQnofcG29kNc0ag-P~QDN)xSC?0mTU8SxU203M7LXS?mIBqr#h{1+6m-UP
z#1KL)Z{wNmJBj$b2X&RI-s6HWOpS`w%8G_<aG^(?Xs3fI{a|g6noB#K4%K$9jJ8Fd
z7O?Kc?W*Q8`49Hgweg7WB7^eLl~&gAoI{>w`84~lPW!Z@-btMAe2~~Krhd9FZb`Kt
z1iwvzn{_+2;|#JkEP_!h8z?ylL24H1_$U2|*9t!oKw~UIjAy30IT#Uv{B`@jT%>;~
z-H`<-#Us0<$riD14E`0%Htp6z9&zg>SY;}h{{uXzyL6WjGx1@x2%aQbCKuLIt*xd*
z-)U$iX`l7Fpq}$LEc6W-2Ete(G*Gc#PUKogT9laMD1j803x2BD?m9?HhsdsKrvD`9
z@~wF&DlV)0B0g;3;-_hvrL_p_UJksl)JCN1e5a3%07E<q<ng*)y^UwFfS)5xFKI7_
z7do)wDjP%cb8@~u&jaT=ya{Be48M!9$&;~R>RRH6rvBtSB_GdjpNQ^p+R;l4riBP~
zZMIU}I5j__ZDQ9Gm}kO~-XHSOBK{}02^Iunhj%u_1R~!dv#hhhDmYZSJ;=tfwZg_k
zV%5OBp#WA5(hV(8i^hEAFcyIhBj<gbwWeaG>eOv@Q^Tt+dx%P>d>0XWQGb>wA{F09
zcNq&Y2`ryPmDq?B>`lpIex2vjuzhN?o}lFdp9%$AIVag#R!j8Pl#Mc#(IKu?B&}J)
zFFM~nVPsvUILw?!_5j@se|(HibHf-j62X4{QYvgr7x>ko=7{^U=MDEZ5O0#Y$x4{m
zXNNDfTo>u0*(U?G*_ILBcf=KrqbeJ}7vhZMk1VA_g&+#<`0Wz*960_(zW6s_lmcCy
zazn16YY{gcCV!W+bZhm?bLkk}L3E;pzTGN#keXPIXoEVNF=P|9>8e>w+HFZCI5`8<
zrJj@Toq=@Gi@uo$ZjERU)khFG^l8_5C8Fr<6lYKACQ5YRXWjeKNNXwZ4I55%{YhQ?
zHnHFQvqc`;+uMpfxVSb}t8sWdcck}uo*<0NP~OtEf$*f!K^*_aUCqnSKcEe{C>#&e
zvwgOS6II>G;iQ>E#j-CDMy}jqy-+I%z<77t*of1GhIQl#XUgKA`Z*4MDT9;Dn5i_V
zLtR<IJ3E5+Gq%G>^RjK`O1mw!tvrFqcK#|9+k-|?UIRB>bF{OKNa=lN;tC%X@ssSW
zV@{rsH7lEtwa6zzCGL*gVh&lGkCfTJ1l1supNS0L+V@6ZYG8iM`LBK4@ZNj&^aDvH
zyQWk#_`JbuH9b40tRhUFYim1w+CJLrm$hVDC{^cA5jf8E|3#jKsp&)o9;lv>028h)
zdcXzqbfkSQ3sEC_R^eRjx?EjEW-a;Pm{=pOPnc*ZE#?C(h^y|X1fK+V_}*Vhk^IeI
zrNH(#tu#BD#?%_U?`hoclV9&3z{L3yT2aH@nG4=$v)#Kri$YPP@(27ZZf(!~O#Q60
zR9y>&Ad;)el*AKynL$uqrcBD1&EfUf!uOquQkBs=6>SrZKlfr$?JGGqV9IVxPAcPe
z8^oj~a@wV0Zy3|pIc9T2=ApsM-@8;;d~y6b00iKl$%nu#Oj8Gf;L~@BoQAFFGIDPe
zoS<$rb7S&y9<a+la(v_v3-8QO&G-N%;DZG{`5dLz9R*?eb`C0BgtH~bvTNdJH^Jq2
z!+v5qRh@=wb%fd|Y{6oheAi(iAV_B-;l;2IeO@!kHmIuUwXD5!ZFBR8>b0Oe&oyz>
zJ!yWMB%rD{{ZLw(pK2mOKzd)c*rLofHea)QyVa@ZBE};sw((}SszzaFH5Ub#e{_CM
zc}cCh0zpGgNQZ!^2E~;bkd&mCMUbKlW%A8~;<~SOswRo`xDX%QO}t-#^wTcb)@0Yc
zfU`w&r7$BFGck_-sj7perf+Y21UxBCPp$FGzvW6va9K$S`bvH1G_5q{t2m_1CyIF3
zg+pI<)hW;}AtE4e<)1@Uy9?zO5PFC)-g%BkplYWn0D?IT-~xMaaLtW7t;=>-TM)Xm
z=JxDVGfUbAw#kTcF+x%?PGED`gzV14@Zl*FlA@54J3%dCS2;S?fN`&Mq8F=H3=3?V
zY~5dvr&u)QPf3}Y->(ZV3bQVBKuEXqC7>}(fa=F4^m9O5ezJ7&I#q;0A64sE-f{~1
znmEgomGjxzk<dlB3tl1mGSq<3wps`CD+gN4ra`zo&h3;87HyiWxo#n}y^R;$RWX-d
z%XE?I3*>qk3%M#j#acK#BtSg>$Bebjm(l<~l&k<n71DOzVxse7{yB5zb$POVVR&h{
zm&1?qpo81@DAMG+@Lz}pVBUT;9ilRgnjBL(__3QQLK<DEpmVvgr$Ua46NJrJ{}-)z
z#g39-&4JHFS=S%nFHc>$kgLT1Wbz$C1J@JS&)AMOoN!;<Av?rrZuStoipU{Q;P2vB
z`{6#3#I%c3-`|7wm%n>-qo>Us@p(kk+?ug^?GI?Q>AEx4aix7ttGK*SX|TLe5otYA
zNKH$d{DU>wQi3`!a2#k!!yq-o-H74#@xFC4CokSFNwxU9@LdCK8iugkqoDdb9X8Ks
zwd%C`2%lEY(L_@s$;^)Lj2;{wavRiX@d<qJ;uF*NdH1fovNA6#@p;6jO>&H*+8w8p
zKZhM?6uhT#m*p%zW_kHwLy((Xbnp*Q4BzQWAb6WcYAp{yql6e68})G@B2wkC=HVGi
zO({o3N24j@YuHyGU2ML~Z-|>_(a7lbTAi0E{q8kNvhDdxd7tM2E8=qFqNqGk+ERyq
zPe{h)EF*AT`%6IWN4P;`?sV-Ndtw4Wt!x!^*B_l<`uvtSn{7PymdE)P1k_XSDvEQX
zvkY^{&Ujx<uCPB^|FCCA5k!J1s=GM25;E<Dri7t_PG<h6-lvGbfWoE7IKS`MlD_SA
zz)be5u$w6<>OpMIt9j9qItN*+y<Agia$X!;c8)7J)kyD;8_Ybtkdrvy{MdVj`~C^J
zQFCz>En&#oewI&dW8*f}_IO9r1^;(Itj*z2`>9+Pq{V^lERfI;btq5<lG?+FFv7)w
z5mnX&BX?DYQD2D@7**`XSw^)9O_x!9#E?Z14B-=)0I8epf!x@=Y-2Kjm#KaP7#lIW
zOrf*7sMUX4ubr>%iE%NmYONhNe-Eh>ejD})e<r+8ekIc5vE@6$ctr;Fl(;Vna?5vX
z-L?%nMD#oK>)b)g-1ncNq|+4AmxR@F7ouHKp)W*5-{DCruvRW6ny;Jm2(mdBk?|mF
z)h)~WB6?T^i!=h0+XtL<-qzeONbwAome?B~VL1{t6%rO!^D~%|YC|H{Y8MSII`e5f
zN&3^`OYYFC(cmk<CzA53N$a0tlnI1I%bg#8(Y&R3s?puSEoHxj+KS(=cME^ec9SNZ
zUa{szwPM+tm+oMNKb$5=DRgaXV4PW5K5cGrrp@eOp9dkck@c%s8Fb#=%qQKel6ld^
z=}#BIQe*Za*N3D@9yqb0i7HM%wGo*+kAg$%D>>N7tN}AwcU+eN`yLvehsHJTiTJW!
zAFZ($hOi4o!f%hVmOBlQAQ%%gOeISd<m-dh_6C$P+DqvqDXmz)n&qAVShrpxgWla|
zEwv%4w*5&rI1a9d3I`|t(dNKB!ZXYsM#dYYP>v9v%2CJ2z27F7<=MP>tUt*c_hq+8
zlx$y)H_H@~HD?}zl5tLPuuta?_qm+^Xb~vz2XXQCt?M{Jb#GQYX$)?wF4N;*)VYNx
zTBYs>h3)Pf(8`?Tg`8YSauc=3Z>RH;>!^>;VQan@Gj$rP3#1i*KTysu#9ROQvaK;~
zPuk^0WSj>duQ>6?ki!I`ObA3i>#NKAj&{yY)4Z6$?&^CYABX2!Es+syiaRvh0ajb^
zD3lfoK$;5L3dlj-t{I!Y2bn&Faf8zw2>i>%;Ih5Ov&KvAMenUe->n6Sqn^vAR*6f&
zOY&oh)APppoJ#JCO6F%rmz#~J%*q#;8K*O=`_C@tBpO@}gU&A7ke9lr_4*g~mv#>?
z&XJc?^|HS&XALikHV&75Nt_8@S~4sCcFTBw-mOU^_P(oQwBgT3m4#ovFV<V1&77+^
z{q{ZPzA#-DKFU1rka)NI+wdaKGx3hm)4D(T_+-|$?)zU`)Q4Z|D0i$TCOJgJB!oe}
zXc{%$N=KE$(&><>uV9bzT!`t5O~*lu?HdvH*g8M1^!}K{p94L7B3&|VAuAc7)M^9I
z9zQ;nLy0D7d05}gvNsKGQxgeZtW+7LP49^1Dm;qmqjV~Voj+BfDQeA~1NoBtluCg(
z`wMI9<&8@%G>qkwDSCS7S<0h=u^=JfQJs`Q^(5UQ7~f0$_nzMCuR1b5s?@~2XlW}}
zDZCq!Ef%kGCtF=UPeq<VH1}vSBF8pcUCk1<3D=fQo3E~ZG1Ht~DxSZXFC0?_{-K<u
z0BgyQYpW&sj|KxV%6spT&++As8|PC~-2>(QL&J+~ayv0yBH}scnaj5&IJYhRin4U1
zA#UpRFC);&n(o~^;p|0g3~7&v*Cl5=>x<R3$Fxg7!$p~q=9vl|pR5huwDkmhdx&!1
zQvi1;q=h4TTfa|JSuB>gE1~=`4QeV2`26cUkWrM<d%|?9f<EiFq`mgY)5*t9t>{I3
z+ys<p>nX!Q-tWzIj`3vkVX(dRxW>`RA&-p$*e!Ojb@{b?8f;KWIa5#QNg8fnwYt*X
z)@A*)c8FTQA5y-6&pi-U@yxePiB*cAIw5)p%%B5ax&Y3POJTtjuJnYp01agI=K%0@
z4nQEIhQ~->CHv4L0OY9}aPLgK#5&`J!;k34WW9r>8DK4voh9yPmg&d67sr*bAS_S?
zMw<s7M_>NJZ=T<DHaue9y<EO*k$|5Sq_Tk>80~x=&hzYeMbPJ7mlwWIeE+<vl`QyC
zs9G4rWckBdy>K0r(>yu*6+Uc4%9^KxAFWF=uD`1Z8$SmVD?|78ddu&WKbtB^>q@Hh
zmbJ91_lFN_5UCq`KJ|Cx{WfPXnB8}h-}JuC-I1*0OI)l*0o}3Wm`;1OGWP}>>RC1o
z=dRPhOtOKi$4KrogtNf#;ZBHI6*%#Mj@xUr;7_P2D7?V<piMlDoN0l)-_ANm4kW}$
zAuV6o&#^*}84XNc6&lFIeg3renKh!4-<BOnYA6iAZpnjRSzon?f(qtEY1ax?-fYk#
z0-In0%dOh;IZM|t7SS<s>8wE2J8vBf;kB<q*&fdDVvHcipPC<uc+@GDoP5yw03T+`
zx0q#)WY&gjGMAO2f0vbO6vjpMBNt&Vs5sD%RCCJ^<B=x}91!`pBX7Irv=t^gMmeN&
zU$gtJGvSFM_wzY|IF)3Ee<uz^>1S!W^k$Pm#Wc<H+F%@!lBY@+3Sc=~Ug0};6L&*M
zex(!C?`DuF%d&0~->NkgO6Iihel|YfsSP@xL-ty;hvxq(3Q4~C?bib)gl_DxOT>sn
zQ^!k1E+NzWWq$3+g?D@!_8Qe5q!i%&qfGbgFAo@z`*WW-wjyMfL?y#&O}oV_w_>0q
z7CTxA;QWa5Edz#+of6z{+PPuR3Swzw%8pQP&kbm4X{{^aG_#-ue=fC1{U4T(4A5SQ
zGi+=%^Y;}^#GW96jbDS#hqK+1;|5#zWPxDRJSyi!`Xyen<BL17u#a#UbXMVwi_`I7
z&EujR=A_Bs6zD>PcKbO#EDp-C26c8yp};cNq=YF1YD;FNU8I8t#btc7tEMoZT(3hG
zWK{72^{yx#0W@}-A;&qa3t)jQ)sVt=`ii&)eSt$xUoHaA>FcAZi4~=3@A4_K1^B6z
zy~@*v_@0gwafYvbg+*lr%JCNJrLiIc{rBvQt?l-DR_xCu8r4u!OCo~PmyNIdK6spB
zQd@MWGT0PN9vb}SZ?5wU$7GOzFYL-7@6HBGKcZEg`P4D<{D!YRM^;6CPH9g*a*^s7
z?lD{1uXYIrXY+)&%_TavzIRh06@CQ1@GzdsDIEGV{5l$@?XB_WJWF0#@RZf*l^3Ff
zirv9iIZJb_+dh=L1(p9SYSfu;RQ=E`jZTLDW&FQ=5c*yEbkI_|v0`70FMznDkmmE}
z2+Sn(%nbsiagqEv1q-G1?!@4k4wNQmopZOPT{rz&kaf~?yu9F5{OgkwXCVK|ubnP@
z;z}W$(k|X}F><q$P+GQu@zXb;0v_M3Zxu#B0YxDC6n`dVT4}22Y~@+Y_0gMd8K=;a
z;UMPTD(!v+WDrRl#L0q{^nPb0i`1L@>opp$%=158mW>z^CEX_DV+d7j<x3m;RORvv
zA7Ax5(1gDJ&}s{>tVwGr-+bmU%IC%ZR;5Qe-U3;ab5E?u(h}d2V`$Kge82Q#XI4m4
z_%Rco$pnBlS1gVJw!cFU6Mpw4q7Hq3>a}OtnR-$@ox;;ECtH;^{oo+7Zy=Ri3|jk3
z(8fmTafQQ*$027cY3Z2%u>4}DUE&t-lOA7EeS5zmAC9hG?R<0r@AiU7`ysnU0&J&;
zli}DHoH-=MC=TSMt3G+uvOjPPrO-WAYpoG72|yzc19IV~8XHMMqkIYkDb`&iUbBmG
z545*JRK*Y)n&^eyN_R}6j7)7UaQEv@AFPr3?A46oA+t8xL?XNzOds=?E0{lR4CyJC
z^(5(@D}$N8E#OsJMoHJg$&wbiFrqj~|003G+320HTkF7)nN;(|r-;fMgdp4R0{9&O
zK6u3X;y$$Otjnb6<aSlOMt>5zN!tUt7W=~`2Ulaa>U3!sQ)sj9%5T=(IjkS1+qP$y
zV~u=Qw2>CkEi!mtuWEG^p|Esp{!`&8LUZhd2ot~XX*=T#rX`Q_pa%yw?yp|T%ua75
z)KN@epCko%j8cUj1qJO_+Q>=^dEFq5h$1r0Cdf4>wrP%}23*xKk95b{>SvO?$I7L5
zwDy(Cw_=9t=`<+9`HNM1=P!!Wt8aU;wOCu^&TPK{JaIpVIJ-{J5`{~%eAaNig!6ap
z(4-Qo86$h2Y)zwoK``@wZ!&d@(QF-c+D8!MBwy`~YJr&zv{~e~jv(5^rrYzZz(&!t
z>(`Q7LGPq@=49e)o>Q_KuSJ>~i#u<vsj~$w1Ft0Radh8xP;K8)QBN1rA=-Et6ygUL
z5VhH>Xpr7#*aqVQAVZ8X*<r&+HU_Vp1ddNX`d9aAP^f_T5B`g&9B^Slm2#+O&I4yD
zHZ^*p3+@$<YHIDiN2?w#&DCoW4r)b=FlG>E5;Z{d$p%-x1-n|T{X6_82*#|b@+NTT
zLP<?I3O-!u>Zf%UeS1%J5ZY6f5%=Q7i{<1FU7&3A52O35+g-nIr3M-@zTmtp9o^G6
z?;1f_)w8me_WZGMOuZZ%jecJC<WMsoS=*prF)8N4x|Y0oI!%+X9c;Z<_!hF=aQxUO
zhV%383#6f&2!3bx&i*#q&L?zD{vsy{z`=`O*-`tzw5(;-lumvS=Y!*=jmYdVgB91U
zTL2j&?%m6pQ+Rz{UQ37lKL2N`&i3sTWS$DS?uVB2{;Hu*eaL|@qDbw1?RY`26>7D6
zF5BNUA}cqvByS)q2o}~1&`5n-r0U@p6OJe_M48fhs*`o$=QjE<ZiWwnY&f3w;?m+D
z`EiX>Ql49WBY<fy;mqUZf2k*d)l_n3v`-Dyc$EDXQ3qR>rGU}LwKLNjpYqts&W0_h
z*O^csG)E;LET8yLP4c%zzO!A^vepHrngyw~)6&>$pF@AyiH+~)J-{rJujxh%(Fiir
z-v&+jNP)S3Sxa2ll;9X?aU8SF3aceiD~7Da(MV{tbVoB+#9zy(!N303)b4|(mMsd{
zOOjpCIr@8C*5shgiJqk40_}kq?I;~+r*{6y(QUK=(zVupxOdBY(z3$6qO6A7)+g01
zP=WvSOHO<CZ;gCIUn9E7cksod%stg1dT2NgGnx)jYYzwl@Tq+oK-QVc?US#C^RcYU
z?WcEg)&9f16)jf|Vq#1~NuyiTWh8CNNW*^MKkNk9S4)BqtIe&L7r%DP*ULsQz6F+L
z@0aQ!m>URovtuE#x7mH6wlFcJXgl0XAI%7KnF`)4n8S$qK7WFk=yDBu5LJ->em?se
z@?E%h)@S`{gUjKKYgQp^23H19?Q+=q=RNZS*&jV&&@LX3Pxh!`iNTw_)1Rs4(^_Oa
zyr9iq5=2pco8TV#;EBtLOY=x$@U{Q)YmX_NwSHN*R8m0&%A=@_{JustK3uO<!W?}z
zkXvBLs>w*Ffq_9Y@;*(`-qO6-N)<Mm%Gj>4cE*SJx_S<N8DdN(3bT3t{8toz?WXPy
zTShvK%_LE>q^l!8U7qKP8XcnG*m>rx|0RS|cOCH2Nf&9;jkJ3Se4`v9wN=rXS!}E7
ztt^P;Nb_q2m)FG%4lKaCKn?UC&L6UtKI)BInQt{Vx@3#B1bWbU^|o(01J3Q>{|&L(
zZY@z&?Af`Mm7wiH)^61~tZUn8G~dSdIG9}fruyJu=$!fvK=mz9w}9Ioc@J`1wC$3L
z`|C07H~=&6Ga~X%;&lwqzPE+n;(76((*3Rfpt_zX6WeD!h64iIuS~*Ufwwn;;0E6q
zB$)gNzhlA9U;tntz!Ym=^*!0x*l_9^!cJN=Gc%_@b{hEZCCXnYQ$*bQzaU+J2Lm7X
zL}r^@d+;#a%WrnJj_Nkx&d30?lu9=fJIY0~;8!>GWM2UG+8wWKxawB;hgtu_(|{;Y
z)Og%kP%Efl!sdN4acA&UStKIFZL2{8+uDFF#{O-Yxx&`4KGS2VmUf95ZS>Kh?SYZI
z``QHn&&dT(`vU-4;*X<OSfq5n8eob2R6TFK2nH}NDj=3!!EeRqu#?V2_U7knK|jBL
zKPVI)5|c*1{EMvu^2xtY-tQI}!Saw}>py&10?sN_Cjy5;y3~mjOYQn=w@&U@ED8d<
zZ){fz9fJIKcX9)m!%ykkzm|_{AkG{R<_B;NMe)QNrTeF__Tq!~aktEWr;&@E`MjVa
zoQ*V|0330j+LIM){@XY~*s^&H%o9z^@`)L-$AC(i^V!v%#GX)ff`)Oe=4C*q{gW)e
zAJ+R2Pmqilo&_QxQl98b;GC(GPTHNVM3Xe@g-QljNAnKi0=YoG4PMv#(GNkK0POTv
zq@Hn;b<XGg^OXwMjU3)zEJl;CXYs3|e%7(+WEN_i<C1xY_jmrp74dWYu6}rxJD;Q$
zVI^XCx?`CfH=Gp9=ot3(M+zyYxmdrpXfQO=|9($rg=F<!!v?4Co2)W{Ow~p^7PprH
zGg?B)(w#1cFv+a;m7s`8jZr?tNn2EqI*Rd1JZKxAQ0Qv!>iG$Y3hT%2ffIgkfz2-c
zn=XGX(EdXhr7J<hh1fsr4c%fX|FbxxJJYl^0A-})>8fKS^5z<@ML$aeg;EQsI)Wq7
z84p@s3$IXjS7nTCT>&lJM=p$ZWE+HG@PFLD0`9LoO+V)F)Asu+!1gRzLHeA2yTbB2
zvNUwf@3Y1?NLpMJdcyY8lHRr?jyny?CNAgvM)Y*On16V~h8ftSjV8bkhGld#=hPQG
zFmGE2!K}^NpU=&_GSU_^37qqtpMmN~llk_f(NKa4QnJC)6&A$a!ecnnLt3^&?{c)?
z0XQ4-7ZA9rWf*+Jt<1pWRsw5Tegoosnsh6vv}A6_v%R9ZuEr_FyuiRTYd9=y;g+ER
z>(YLb$?iZm+@jKiL^Kye@rDAhpEPx_@8zOIspvtkN9zsMjkC^Z@u#}lHBnt5zo5=r
zqHH^?yLFZ(lCBytrf)JNZV2{2Ak!x53aPG%>pTwog4lho+x;_EH?m8NJ2ZfstlA!O
zZkp#Zq_0(?Mf^V;%e>%hIQke(j%(zwC3=W4VJuf3Q2W--HC-m{5*5Ke=D(i?(t_};
zF97uwp`YOIP!{fOpvX@yaqt0%9za)|K^RaI%(p}C+yc)HzO@Kn?HNQ_>UZ1I+3A98
z*>s8SVUl!1J$KXc{XrVC&p(SiF<aKw+?QspoNHgIO0Y@KgoxfwoJhZoQC{g;yJK?e
z3NxkxnjmJX9kCYo``2R9V)(GE!J?K-n*zKRo<yBnS3^|5&L-siO3nh7plL(TP@`ew
z;lccvAY2q@)LeiOQQK}sJeVC?jm)t$i?tei<jx25lkbUtA0pAGACSw<XpXcPf2$u9
z-_tpWI!hdsr;84&s-#K2aXt9c%13T?S@Y~5t1qtrc>Mpvu<+S*H|1X7oXq_!^7XoB
zuIoN!I)TeKfh&#P>15^ZiD+_qRRI6Y`)M-M<2!<9<X*9Dxws3hr=>e+N?*Ci@9S8~
zCmH_rgOIPo(Cfh%pkGwy{3QzOmz1p56~QW`*jTW7^rckG$f|@?d$%ntOJ};nuCRk-
zvhG$E4@R4)%+skf)IMl5qjFcB5ypU1fe%1$Skye4rV%YJWQ*`Xe};RRO%L7g0xIc&
z*b0R8RRUg@-z5Q*m{#c#=D|_>Q&xkE%ILF)WP2J`J&{aKgeAXDBQJuoRJ*H9L8RDI
zK{P>hGW$I4Vb44|H_4@43|DN~{@W7;IOlcyhSII*55dcWmSU77Mg>>MA5dYzHZ2Si
zV|ch)84zP%E6-If%Pwnni<OMnnK_>yO&&_H>FW~#$H{J-?FP@VkfGwulW9YsE6M#K
z&=dyWz3uaLlWU?KfN#!o%hLf0x*yN}m2P1B`KNs%e<Q>w1MulK24A&xz{%N7R~r!F
zd~`l{JFJ_!>^Ll!88A5oYDqkz_Klu<J<f)a3kBIK3v=VsK1aXE4J9HLfL^O65jVr|
z9D$b0vo6}u9B6!bNKRu&p=+~La(O?aZTv=DT(KQCQUY&4{5;X}VQcmce{xNLHszPT
z*g7-tjtAZ}0NeRHGT&W{M@#5(0PU44*jgeG7g4eE^YdQMfc{MH{WZ*-67bo)U$ry9
zC)R=Uj@V<4)(gLW{Q@2(pf-f{{FN%ccF%#bmuQZJq4)lAT*`gX+y_9nCiTC`BK7Lr
zcUD&3`uZAH+^RUg2KdhVp=*{6r?YXun0^`9iWyJ>qZASsPbxehZ^XyPPb`<f4hR6a
zNG;+yAj~gY08bcrx&3d%&FA*2cdq#OU-Jh>^2Da7SF1ZZIs(?^<>fVi@jj<YGKqto
zhzLf7VV{w3j&0QNhX?V`ZNJx5eu^+=Wjg*+3S^z`0AQ?uJ$&%rVHm>K&d+@=@+ghs
zW~_h{XV{)t>|5*U&c1!Uf)TkrFyS8dds`CT*$iKsmK!en|FStk25eaKPF^V$drot^
z!fA7yf4}S)GHBla8locqCL!@o2s}u6ver!{&t#7V4Nx!2fXF*kT2=8q{S~O&n}j{L
z`R50V^nM^N`NN0PmxKgknuU6-p#^5<AWqVBxiGi^4vdm4OGt8Ar3D+s4_JZ4v5Fs_
zNAJe#0AH>zJBR788;7pNr3h2nkYQ?pj}KpmQTAXJ6v#S2M8v@Aad7%XCb$u~a5M#1
z=<QBO@|(#=QB*Aly77uA;YV)OB0*Nvg=UcIO~t&Q3Zjh77l;sqlV1p={x(D}ujj2!
z)ibUaxDs^aKvQTO?|s6}sOv6OT8aRBX|UpBI*!-5QZg0n^FIW-faYK{#Yu%^=d<$M
z{k;7g(yuQ0F`Rm#%^W5oL6G}nxi-4Wx_cr&TbyGNGBY6>gvmq*hLb0j4eFbv6^W!3
zG1R8XoRiX|73ZkQiRs&+@C*jwSnr1Jo+!z*RzR(mc;!LoSBVZV-AeRM*c!)+$ejE{
zgbUC(7IXCAoYll?ikE}kY*wv;G?U-q-4k-q%fbrz+_dFT=pzpa7Czs{1lpJ{6`2&j
zO0P;7o^dOWSDYySV=eW0zTrjZM`hSkz<wE{??KcGXh}XkaPGZhoqJux1)?GFq$xIp
z?rBjEJ5#Z92|P+X#KUt!sSP`1%YTQI9=JC@G6%f@!V_r;FA_JrGQMb_=t)$V=q{iQ
z`5ZGdTyKe3j51E#{JYYXWd-muRLOPe0|yx<D=m=Tv~qz%dVk;vg1KXMHmfJ5zP=vN
z)pYRJ<7OSeFoORq17cP*Vf&rH2Q1YE$SHN;pn_mUldrD}=oX7|@>|U0(38Ax-a67~
z@8V84X;52-txfXQ3yW*AsDM*)OC7W)!tiz5U3Du6G02bb47RvFwIQG>PMEa2-s@0d
z`bymx5ShnY!HQQ_V?qMcc@0Ha5t|HL=ex_8-{P#S5EbN4+NtIj5oO#I+gfoRCZP_-
z6|$63ad3Xf)8mp;JUAd64mCcuHDSKXcs0$mIo4wVxhLCjfcp++xmx>5MNJ7YJdpqT
zGx2j>??t&xR%}c7pC2)>lX{8s$ci|e6u`8V0NwNWePscCu|O2Ce}8f`bG|6y^~cMe
zzJLzUN=l&=F{0l<Yi8+wO=YDU&<|_*NSgoW{8IY*pqJ`ccAI_u#S%Ls_E3iyZyo#~
zsQmUvth-o#tXJhQd$2+GVWd!hVrHhd7e@}<T*%w8T@D<Zut`!1h34>60N#@jcXi3S
zLl)fZjop_3o`oee|2K9=r3DPxN4rddX*`khHNY0y+%8rpa)n350McX&fiua*2iBP2
z;NXj`N`t-T9e`;3(6v<`^^?IF@n6_Sti0T|0ctbNjXsxC>y2Dv#aK69|5|besJj9!
zy+O|_E*pgb5|wv==@K%B0J*HB1M6CNj$PNSRZHYbSEzUNI98nnxAhub4rS%v+{HeM
z=H>PSZba;04B&`#fB}R)EvP`Je2-cgBv^q(k8((bt<8wL;|t-D0`3ntt`A^ASvgms
zz`yviJ^6y|N*Zmz-hjWHO(PpPVV=@Zog~6t>)spu!yn2Xx>L5R1<-l7n?x7_RQ`eI
zN#qn>sS?(6rL+Njw_*>yxAR}~4J`o>h!mHXii>e6AHx9NXE6u_5C2{(Fi7999-%`h
z+1KKL#N>fe|2fKj6?)Gm-Zu+NSsqqz!mnICuP~?}a0fV4pkVS)mmY!4kYdMrZ{d5#
zCxWP;|HDLhxIhJqB{m*uBm<+n6kZI~ik?BDM5B(*wL~@Auw{P_>MeSv&q-O(r$|Wi
zsj|zukIRg$fFrxE@}Zpa|3lYT2SnL*-&%-(qJX3d0uqt}A`MDPJ1}%gcQ+D>w4$`c
z0MZQI9g0W~5<_=4N;mgB;QM~x@BZ%nSAm)5Jm>7a_S$Q&Q_B#O?P$r4q!cZ;w=q8%
zcc&Gvwe5=m6PM?mCb|xAW<o+j90b3lH-McXM+y6w2W%e}5#S*oN=rz-daZ#o-%>PP
z${a!X8b2JInQ-K<*j`V*Vzbh<v<k7TnYB-5N@YsvNK@ZH6WE~Xh{Dj$2*u9q{QF~6
z+gLbVRqph6ar2Yq+^c0li_3o_&G*HdLlYB;2r{~TnHK1!haV>{$2sRwLzY8s#+uGZ
zU!qnyb^D)GJkqZSTa$Tlq#4b!6%VMH+Q?{_eHbZ`28u)2JR-VWwu#i^9tF%14g_wU
zV?^EYul|r|!D*;f4Cm4L!$b~tia%7N44d?1fizKE;*DTo-1(=yIV|4?pkMJkz6Ev%
zF5l@A7WW<KVo=CZT#<<^MLOhdBWbc%atc_K3?vh$sg&|l)w}w#gUTxqN?X@J=eZ<I
zA|ftoiqcrl><#_^YoDb1F<#@dBovs~Rc7kH1`~J<Ru$|f<K8AL{*!xE9FnlklzQ-V
z{oh=~N<S*wexb<>MMjYHXV0Zs>pT|E$F)I}aRfPp1|d~~cogB;JSsFIO=}(W<;!I@
z&30T2u(2F7?UT32HpB!I<6dg{We{OIK!lY`@XqiOaRz`*uog2?!0osnA_Fc0pF^_x
zFn2`8%?Yl&%%B@f3a%xYWp+`>j-4B<mC{sf@?Ofa^f_vpvhOP#F-P6d4oOn6o)|ch
zA3xo;>#bxsP!gH55DN{y>X+)c=k)q~5v#!zm(xe6|9Y`>V3#B*_((;4pez2a)006y
z5><hpC`XnxtrjT!Ct-QH;X5~@MmGb}H<*O@X@Bcm4EyX%Cl&iSrQYr}&9c(durJ+i
z{$A9X9AH|KFqrcNT>i_<j6Q-y&)QnvSndxkbc_ck-pm0e1R^-rk0_Wgjx)&EU!Fl{
z252w&d3nQZH^v2)mgoH?&%u}2PDZ`Qlh%xUu;37Iya10r+uIu!0G$m!h6=N-3p4^k
z=mqNX>i8U0=eDyvK29!w=C>}h`NHro4*3hNSo_i7!z{+riOxR*0A=v4ph)^Z!D1!*
zk?UbP1To3O@1jAiwHW|~>_y_gUjq-|HsyJMu}dO<yx;%d5H}cnNUa-s_w-Z{to41*
zRN&Y3AH@1nOa}z}$;szI>UYmkUWMzzA(X1|72jq=fDg*K`uB69-S^fd)j^vtdK-$y
z8J{!7RX{%21`Gj^rI9@Ys>OM>*0ZcS*9Bf^N-D`21i}AcbCAn^CqXHC{6YlQNDE;>
z+Q-QHgP!RB0a#0IY;2PB8SR1V)x4K70IuZa>*L^Sxq%S=G5b8X{3G2BFyoGE=P-ca
zWwLtyF7z%q_m!Cc>r=>hxVZx+(os%8>*ZPl^4&0a@BCY1w}H~^(xpRyOfG;l;BAhM
zj@$(J`A5%Pz8oZiAiC@?3kFrV_)t<K02ne~vocxy<La~kg}Q!rS(qxJ3VzOLxi+so
zEo59`GbJo(LBROw0qho{0=Sr<3W4<ru;L<C0dJqLiP-D6t)~L`>?G$hO}M#04$%x>
zoJZ++bS7@hvS(g;cGs%R_|>t{AR?N#5b|{!zE451a?CcG<+lz9Bag7#3_z*|mL2sk
z99Z<TR*e1;1@t_CzXI(}2{$~n26!X=0jM4@dV`4fgAOzVQNxcVY{A-m<Vejt?UbiD
ztFAvb{^YsQx!$9$r@(CXTC)dhVv_SK&s<-dnx2AOt#Z{sX=`RlRZx82W}hN^kU6c?
z+TGlVd$|nG)n$Y_QmCre88+2#gBMU0{^C1;r9s%-+pW;A%q})N73PfIUP?la&r`J(
z^^T!Fmf_au^hp&)8T=DG&w!pz8Vta3cIbyCySY(=5Hon)j~G2(C2cNQ7gOgx-Hvt|
zF1t~3TwIS|j%}mhX>9l)TdCYI<5iwUC?5V(OyeRM#}D`HQo1#oR7>Ykv%JN*lk_B_
zk5f`_RNnI-LaV;F40UJp8eCUe|7xR*t3lB{`ft8yL1nxE<O<UyI5<I^ly$o^T}051
zaMM!+<D{k_o64-02Fueh;}knQ#g8cjGlf#UMqlHy;-#LI<_(7l(T~RnMdSvsWce+|
zjg&qKLEXT3O5<(Uwfdp8QAMB<*<yyP_IlkWGLo-MP}wTEJb@C#S77Mo_#UHE5o``V
z3?T&o`3i7RkC9$GpH4?N_W{%ql=R$ud*UQ`JhErVxPtIHEc<XH@7aRWi(KjZ!<hv_
z*-`|+9%|Ue$oAf#T6bSzB{S&(k?mvqpvIDf=(RGq@-9<Ne;&5r<8b~W;^1X97s{%q
zy?wwqjodDh(6X|zY@oSKcDtWLbcY25Dp!bt1T`lsz->#`6f&E;d|(3CXlV6<CklCa
zBzbw*1gRP7Yo+^@zI&wzNbP|1McG))s{OE6Y_`i8dA0c(r8y(aGSxrDZf+h$AJa^J
zBs$B&OoXl!_AMRHa`Ly#{}dUwm}?xcjAg$uUYn9a{osTaRRs!cK3`Ez`LlC$05obL
zcIs}d*HSqXXcCXVl5?m(<2s?6wsYF6P->Qv_q(oa%N32-${Y@&s!Swp%DzVv3Wm<G
zLvZQ2vKNgMzLlX97sG~w$VAt3k6&xNtQHpKl(~ht4q{*56pOyK^{2$Xck817=xtjq
zk5{>aa}QO7jls)?8*<rA4;htKW*gpB;#d8ge!|!x)r@S(38B+77%>gvf|btkj@>FJ
zG3eIN1Y##dVfrm28o5`t?o1wyPbzaq(=t1KkZy7A_@$LER}BU%+&yweMXd!y;PNC7
zPIyDM%v-rZslN4PwznSRHUl`iiwFp=Q`D44#3ztM8%2oD$ZevaLS2v2<6v_R#A{&k
zb6}qXQX^F7eM|-`q>2fE=>v)OqY6Xjhz>G$V-P$c8ljGBW^pld2QwQ$=uaBX*5HNK
zKBE2c2ou0UDENvb*Am;r4V$O{9B~Kz>nao=)AwEipGohJe>2s2A@To>jB$Xh-};<f
zclP@upgR&zcfUDX-H$vk+JW;U6!`mF{`~m^Huh~fSdl?Icn-ugqtM|^p)Bwf{^5dD
zsTKOpU7fJ&6>p7If)w-U>;!aX{`)8J(Yd!zaL;k}X=?wYGZ?VX)SUsD2BL93YSz7R
z1vxz5Zvq5D83nk!wJ12PBcRs5_zsbbDnSVepe{;t+1}69lMVP!^$K7<#JaeJey(#`
zQ{Tcf1Qu3&7|swh><6{<#qWb)1bnJM{4S}l&mTCag2-9x4v#O2ONe(5uQ>shB<C3o
z%4*`cxVY0V48cI}B<OxLhi1+%LBvt*KlwjQZ0Gd!wA6e6LI_`)PyDTAHqzGtmO39y
z|M$nJ#5_Qr1LO$>Ie8oXI9OAVL_zWWFOenxcLi#pDdgnC#l=N1>emzr9tujHuG?JT
z#6qPI^oZ)*fLIFZ&lYw3)rW>Y6?|O!UJ^T7>x=&eF2GDu<gr;T`6HKCqz(U;<^OPE
zcoX@!BjR9<wkkk35KxE;{|gF)f?0a=4Eba5$OU)zDC)lEK1zQly7RwwhVR`{-26#E
zP#w#2GClW~SP>eR4}?S{qdCy2e*lmLQ1sJ_a>jo=E3SGp{2cD{`>BKJ&u=ff<3ZV$
zI9pF~f#5HiZMUG!DBSxClo$XBTaNIwCiYc99m~32=*`&v#T(*~ITsLE`^dCRE=~Mu
zn`@7DbXhbBeW2L$NNfji{TGlA6TEt$Be@HhqIrOSq*^~QRs#c1h+_H)3bi{2SWc&1
zpfIC?8ZPH$mcT!ZnjVh_sHP>&6Hae!{d$@zG6%X?MTP;=(JVaXdNLd1P!xT3Aub2?
zG-jlv^aeQ5LPm^t&<~&98msfrzznpkuiIbVf}V0t-XD-*-e+0=tjReu3AV)6wl#OS
zGEAU7h72DKK>vSXDsiw=XE(M{AdU%R2HxF)oI-)fyaOPB%9NwUKN>W845R;sx$4Kr
zQiG~D2X>MT;^%>bpFcu%)2kI5Jb>0OTRRYzB_Xb1D~*-#A_+2`cjnA^71@=Obzq32
zbVv6;dAG8C!bpUMO`Fv5&tKVB-p>jQq!|y9FBZ8gUH&A~_Jb8@dcppm(xgJvQL^Jy
zQK7YIVny@$r(|{W0;E2p5T|k@tXWD=Fu)9)mf~(nLZK9zd$3!%Ci4Qkyggr&N%_+U
zKrk~Y7NAMr+XhuTfGi3y<{U8hE(to6pe9$Oh^_aiCVL>Z^8@VtDzNXzCnlm*H!aN&
zT5im)(07_OHJN*C%5-j@=Vn}!tgfJ(p!!HdKW<sOu)il#D0sPTqlL-pHZJbnRVK$2
z7vs#ycX2=494)D0gRMqbb6V{SY;4HkFZV_>-3%YEe;KVE6)myKa5f^Jxek*DEhI4S
z7qFZ)?Ufmo*N;U#&EEw+)Z|%>+Ya)kY$zKC$TBlKTsnmUq%KmV&><zs2UGn1>`a1d
zcZ>8-axfGI)m1d!x0@oeTJFU2u;ZwZcE4(>@vZtS)Ne%8W7SdyFpDC=Yn&#D2|LyG
zxOiln&n8RJE|3}Mv^brub>&*z-^oyw?iqO-keTp=cYS6iQyFY9z!M0>EOX9xo{P5R
zd8Of77q~mdFB7-%Ww1Jzy2vwPbeob4%iPNmDq_u~_yt2Xp5|eh_xO25n-vCK;nh4j
z_-INX7z@JN4W<ukE~WWV@o&{@9D?iom0<Gs?*bP9!!rXOJBGbkYfhZI;H^KXz|9f&
z$=GiaeCz-0WRxm4M;uhrEXL6HzG(ijF`i!OcMp480$w3!jahOe@HGhWB;&JBQG??&
zRTyDZyqu)6VsW;Z$rSpxej|CX$Ghl=T6FaCI{N~WcyYkvB>-6ljNGOEeYL~ov6k&O
zT$zNwp?W{}C+GE6hB#RHM$Lh`I*(Eje5_POTicp)GH-dD|AZKvk+#ifRI|A8-lLzT
z7uxoOCxQfzG7L3zM<^a5zfz^A0+kF@_onY5oc``UOEKn*aP?;knnRSFG<=cf8UU((
z6|?`Q$x!?pjx#r(uH@r0ciY#3a&4RifFI=O)@V??)NleFQcFpZznbT0EWDrcw&VwM
zwZHZJ`dIZsqEuLJak49T66gD}>4a=FvI_8eo0Xxz+`2T}SnB6vZJZb>dZLZ^46kh6
z%n5uh5l=otraNfi$}|}U8o1>j+7s)?BMeBfyP<0@Q^uFkY+9nFnY&;3yfdvXU+_k0
znL9`y!AX$v{tM?aC6lFNgY^9!6#aKgwQu8tAic`nTfGOx(p&%J-F;7Rg6oigEdXo|
zKVSv&K&<}`s^NyS^D^Xb_1E75crY+m>m{=SDk-U-LhgWwTfO_g!d7ZBn4wsv=neA#
zje`0p3xNI?E>sD7;H;cmvHVj|_5-1xvQe1)8PR!v5#-i?+ctQnOE|<VFJI!2g1Vmd
zOoQ_RDg7lx{^oSQncWXz5L4<30-=b8q)Y&@jz`^p%15Z!-vciJ1TNg7nV~N8rP9Cf
z1(XE;7e?Z=Tk1&z$n}h(ROdW9fX3Da90*Uq=5T!C1k2?tj%uSRd<J!rrdlbc)fj;x
zbib!n-dR@{Kqhee9gM+qRv>KdX);;V^!X=jTL+%^t1ilY5-<>Hr(7)?@0+<EBIYP*
zfyuZB(w^~*gxAVyt;-+16`l_ewgU1cCa!Fd&d+JBxM?C-?IrZ9TAg7PGHLKj;Hg-7
zZ#n#;c<^A(-}4-LfDA9xYU~CkO~Ef=!p3|}1I%bJ2UXeuR&%5zM4X|gK>m_D9Xipe
z-8>u_e}n|HWZl&v*Y1QLOXh+&%<p!rED6^Cxx9=Bygfez3-X`l6AO?e<w;ixZ&wRK
zoE{a9>^NtLDgBVc<J2IOs6lj^Elf>E{h)1b))nK7nnpA&Jb{&dVN@~rV|B$b>AZ6y
z27IcOnxjx7P)RTidRV+7Z^(eRvou%vjK*zEqUS(&Gqe<F<|z+ylJ0|e;1PN@Ryzpk
z);4R7et%=F^CW47#8E(<LevWS+?UTgg`oo3t2ddffJI7Vs^Qnt%+#FX@2tYoDrfNc
z8Cgf?flP89k#F;{)ZFD(d`0iu#JjQupJoLu6s-qZQjXM`tvO})?sL2g8>HWIbD=$#
z2_!rMWyCgRU41=k_2K%S&~d(}_G2?wDe{KYgMay!KyBcYiu&d%>R4x;quH*-oMCU!
zU&vlFsQplMN4<vw>6AS(_M*f}DW1`kme^z%>0-Vh>yT4A;uQ5GJQKch$In>%cGpF9
z94=~{)#d+$y)zCyn(n7H`EN_l))RKplOd>@WB&`NpDfj~RUAvdv%y6D3OMwc8K}z5
zxQI)pZ;iU81<j!B)2lO`yey3CTimLL)-($O#b@`!#_upXCzX3rBk2O=HbEZ+@)I4p
z)7;!lbJTkNVYCn;8IMkb#<2iVmi7p|_ar(LE7E-`TIg83kf=usE^VnC`j*C=MpFak
zZ5~I5%vD#4JP9%-L{E2=u>%M36~yufz0r@FHsoY2H4iv%8t>WwD;{p*10&Aztk)8s
z|AET(;Ax7xgtT((fpkFbU2zs=8kUAwspC>j^*3xq0plP^j0!*GSWLPg9=Z-@0kg!2
z)97MQXATPE4hHl2YkthhO)?H67-O}rnJ#-Fxjy{yX#fql{^>NcQWRnQ3rxQQ2z%~F
zzlhihUd}yCG#jF1XO_L%uB*>B8j&I_*Bnf*P|E0K&}#EL(8N=r#~8*OvGP)}#u5Zs
zssREKleMydNv7Ov0mYhodULqj{nny8sOj_7QifQScV5}&H7xL)u3NOjA@+OyF8Q#(
zo6h06J73q;KeZ>IiSF`yv-Bmo&=w`eA}2pcy^l_S1qVSwxlV1CGL>X>iCFaMq}N&E
zaHDol*@@Qj94YyOnAFVq?(<%>E|=I&8r_C<<Mo)NO!9q`>)wvPffxvcwUkG+*MyYL
z%P8PMwCA;1tB1Hckw|j$quzMEMq>lWkV%Yn1GgBr03-x&mK6&Mqk+tL=mJnxf&UXp
z&;;b#mvMwyf&zF5z(#;Ktu}k}O$J$+KUUB(<=Gm6ZU%`0TnG@s+X<)4u+DlVXHiTI
z3;yos_s%_ga;v4=hSifBhg}#;*W{wB3TTq6qNQ{{$h?AIZHS#zu$8L=3}1!X7#{93
z@2R29tq{}KT%j$j{lXAlr=>@pP?7>VYb1Z1ssGS*s=qk=O*(OM6?Mn#rN)`+0FCx2
z=iB|F5;1O`u(5VWOjvC(_{;WBujT}v3nOzAp<E5hGz!o{hj!~E({%!LE!a`!O=MV@
zn3$mMWWeIa3|OWdjDz8CRocx3jei0~cGS~`D7M+wo$tBE8Fa`4f!y`q4mY7MID$XQ
zIV21H5lv^$gGTGS=8sB(%%sBri5LCU0kmSS4YzAKZG*Cc(CKu-CYnh_0JIBfZv7%)
zGC|$G&9L(Fz6I!Q6_ajz<Z0bI6!cD4EN!Ptc;Z_2CTxMMB+els3%sn_`?@RKQZ#M@
z&K#t$G2%{YB=ra*vi!Hod`Wcm>S7&GFTD~#=B8eDdxz1<bAY-fxV$WN-y-1`J0LCU
zXpOy@joay5^IlX-HnYNkfICGA-iZD5Q)b9RWb~u~Dd@WY;g}WCJLmCPrM*A_3xs`A
zk`2NPu-YN4Tc8B~4w~+ulyVR>LJ0}&GkQW%VC*gEuNnpezbAgCW-4Uv=cd-eBS8I0
zK>=UW78o19(&ShGRjt7f0Rz|M>pYQ!iF^z1rfR^d9v>t}nZJrcR1#veFHynTxS15$
zox&ph>uZzUzIEpWsy2UIcp;l4r7TxVPEJ0&aaBxmPP{)SRzXy*5X^b%%VEZZC1~$3
zXowk20sC?)B_BJ-`|fg|e3Ty8M7>hBqCwqqo&oJlIkM(`GJ+JFx#h6qpuL#%!x^`v
zFWe_ZLhr7Yj}Hr6QuT&trS+HmW`go2q(^bZF&4582|s=95pWu|xXw6ut<|rhMoIk)
zDnsW)xRRtySldTl!b$O~pF$)FpP{O6Q`|LYwB37yYxL$ivoA`MkSQ=ybSGzSF9TPV
z!Y9y7%NgjelsFeGhZ6hx)Au>f*hZwCDN14&44cuE$HLKAV#85*Wi7;ab=)l4vr;Wd
zVWOT*`>LgD?J<FVc6f<~bvLu5i>RfY92Cmj!)Ba`*4|#U&%mIrfa!HXT0K01{R&gm
z@OOf|+pK6>ktUBXZlMNzZEZwDdA~~%{=8l9WlHgz-K*bi3SFBneDicYP-1{L=!5u_
z0*yydoVk-oCdzfp$Fz8Ib{X-XZik6zz;cL*p?)KQ`Xp)55^+K&f7cOvKB-2TF<tAV
zTHle&pD9A|j`!M0aK@`$2Ub-_sl%&Z7tFXqVJ9-kf?F@2oUaR#rr&H^$%j|5r{EcH
zo&X3K{x8h;D?Vds;nnC3G_|PE%$SE;5(Y-r2aq}J5AE90^C6Mq(HdDra7_&AhJB{3
zv{$F2Y|ZU99}vR3A&I!?kTqyb4Gbrh#&(;`Fh}zes^n`&N;C(3x<}`0LBXhy%MMp=
z{v0Maxy=CViI2agU)8K^$2Ru0l(aD5>&VT<dXOT8Bo}i#$xs<;Q}_^OhQeXpk@DPo
zMr8A1-Ha1^Acd-EEJn5b@e*RvF!S@;w4m!7at4{*n)Sz61V%4m0)R-sKh|)RnAY8T
zPvqivv)+hK_J!;6uFPCuH%Fuqb5qA=``z41RN_lFy$|wq0!N&5N*61HOmI>D@T8nY
zM3OY2%U&f0{<`=kPiww+^@9DYLDIz^-R~!R)$)1cW^JSRdA;<7xgWm?>N4-56BO}H
zzl&(W{fu||!5%U9SeUaq0;Pj~n87!5@Zz;wq^0q0wcqc1&DmYM*>bE6PM?8w8a&7M
z103GI8#E>X^VNro4iX7s7-R;pJpInuvUF8}T*vTA=`>jcA)1Wh_<JM?*K4hZUU|&C
zGt#OhB!BpVcb^wVrIueUbcP9RWQ=&cnVnJHzk%`(4HFh8Or#cIMqQD=^5*72(stoo
z(R8W-l0$y3NF&asr&P)1?Hp6*0B^cwhgAKitD|TnmT{?*!XH~KHoL?3tre^9*1x@f
z0Z$|#KN&+v!QF-1XNP1uXupQ5NpBSoB(XEe8p1igwloPuo5}6QY6Jt$*wro%*|x(i
z%`F{XY=70iQsu3`vKSey63G{kMH`HjOa1V)4}-%Jrh0jPSH{a5ASzL9PtosASQOAh
zKin#Y?7c#aUMNu3XQa#6w_<)96mwL>!epS5((|Ko<X%#eNDoN0k84u{<4KWexS4ho
z@q!7y;exA5Pt1tAN#_`71B&>9orM2gk54WeCwb=YdSTQ0?U-rta%L}RN17Gy?<KH#
zh>{U@!wBWNS`xUlK7GNcs~^s`Au!W27n~X%O}6YRBh1shyqr<3K9x|Rf~Jq36PRS8
z<Xeu&HPqba6faLs)z;s~slp^MYT4-rK*Vlk9q_1kSV!H;R0}>w0s|&2sr<Uznw@8{
zbNsn#rEWdFaQ?Wp@iVX0=edjx1g6cBXl6G`s*!dN|5m3JVJ$~{=qQ3JTLY`vj^+KI
z9L*StoR=OyhdA2#DHB@+H3SyG<a_7i#nfX{Jb65Z%zk~mIjTC$8AXjsb*sv&>MU&=
zF+Z9jX+{*^GQhsv>?9-)oe}uDM#g8Cp>FMP|2m-(-s?}SY{Gv02lPrxn}fSl6PRI^
zM<17MQ$LCLA21a&dp&)0chyBnX~(QN%gMqS_!77iqj3`MB<*Qm#dU}<0f$+3(x(Tk
zAB$jLe43<eOMiAeQ4jBTIc%ZU91{U&%-q~+vGRn#1eXL(!5l{Zj(!+-`+&EJa9LL&
z_JP3iJYCB9lC>wkE<S-cdmzqG#r%`$+NDm~rR(~P09Ev0#S{-G!brfiKgeA(Hymj!
z-0Z#^TvU0Fjje5WGgJ6-h-uIQ{k_@s%QqX(UE9j=omu6G_&&-j<i7z%yk%MZ2cmgJ
zv7Gn(D_;`MFpZ!#mvVOEj7XLUFmD`XbAAyTHb-Fzx1-d+S8eWc`^kb7bDRoTf$gUx
z-Trjr^Vif*;)+U!u1uhJJLP6j;Tf&4r!H3dYAAeIzV*T2ixSKWf~Yol8Dk-V_Hnx|
zrHCXCxcR3s%ZE0^f<oSQ-%Y*5vp;)5RQ3&Tf#xS|4~t6tp*93zF5Th>b!R2F9pNWN
zGBo-Kx@0=xkHbT5`)=G&C^N2%5R&;QCyofRt+rcsC|XsyMSE=*96&hfCh0Q>yeFK_
zJ~m{WyoUm76>I;Us7U`A0h^e+ClUM8c30tEbD1$(qSD-OvpR`B4+W*iTp3yH{;u<V
zE3FZ+QHo%5*^XBpsTYFv>RL!D=-t2DA81WFX%PRR_&4438mwU9GQvvg@aE3y6oF!;
zAY*NMTYQ8N^E8cKd^<1#VoF45n`BuR31km$%q3>v<X@kIPpobSIK>18F1IG>^XX(n
z^mS|C^R=E&@J)XP)o>H>CE1fI3zMk5NZ{6OOu9Miw!P16NyA3?2zgMx9CDLCT;ulb
zf``A=briE{m8Q~ah=;(HG3_d^))VCJBRIdyQSX?;VojAQf3A?eR+{91akiJ;L}kt&
zlg8UBv-Awd7mo%Fz+*<;im{G3tgHqWT~w)%nBvXF^nq$U&0DAoH>-fmaidrQx0N&u
zr)zR~_M1ST^P>}d`kR6S&;3hhJ)@fW!DE{AjYLIr;WgDN9yE_WPv~Ib^>k3$`XXr9
zW<U*1G^LE8z4jv}v*>G;QifTX(9ASy)Aa!}Z@bfJLOWoV$39=-Ur>Gj17SuZR+2dv
zRkbkOVTB^Rt-b!#Omye>4^yh^`*64RZaH9&YmuMn2~C^6vkzy5>5YT0^`3G-14NG9
z^Nt<X+syTrhTx+bL2X7fgDbfAN@wTV;B|3IWQKoV!2C5?jGm5DcAUdUTkRB{DXKVt
z_l0iS7}kb)K;A<*m)s0nj0a^l=}G}a)Mnxi&dN);To!XK7q_HQL=edd>bm1ke7oNJ
z#{<Z}{{C*K!cAS-n+G@JfMkPD03=TL4fA&romU$|Y&Zo{ZSwz+h=B@>{=#E-^?tnO
zf<I=Yqd^P!5$^-w1*(vfYtUYeX%2efDbST7THtNRj;GW&ap@c?6izaIX}#=c+}_2P
z?mISXoaj|`@x4LWQ|GuHsCW5!{>{oHsC~43di4Nk#V(|*MBkT5bzMN`Nc(R^aamW^
z;()`Vj3Ur1;dBg7x$9CRAexy|XNIrBYD<B_>RbKw1^<zeAsnPK;W(h<cVj*2H5}(B
z7Bm{JiE-MqG+g_S*!7+Gd$7`<KgD8R>itt5{0u{AqbSZna}dm85-g4H2Uf5JnQ_7J
z!2(}>uHyIRWe1QvOUu~3TG2g!YS-VJtz)UVh8IsQV3z7QBey{>>bTWk68lPohK&NK
z(i{w1!p*~yV<o(t{bTOyx|AK)=&KLP^44txEU!Ic><I<dgG}dq`K86S&vXMIk+1_s
zrxs!gzX^Y7E%yi74AZG;rS>b3Axvropo=6MZ~U#bE@qZnR7Fb(V_#vu{}A?v*z2ol
zzZ_l_s;WExyG~lvZ+iuH^y{B;p>u{MH2mS&cG41jGb=;jAC8C~+$mb?c!2u$R=Q~}
z1s~mg8AixDUP3{%dVe6FY%>Xo%_)8)wykq_V2PYDkQC;#oZ|#zWKhVV8PbNGtT$pd
zUGdg_{lZ=jD2HeI$L`Tw#+lOPyRFXVayc{_mvM$uN;|o9x~Vhf^)Eia#_{p<uNp1@
z%?HlXe!xe(Kr>EDHIuI<ubKEF;xZKFC(Ed%%WUw>`#$FsiCCIFE1-3-<-6LoOi8BX
z+Ch#Ne-w2@aME#E7-b@0b6a}4HT6hWqb20DB?Jl2B?}T4TmN7=*OpMO@7pFmx9$_%
zPI~&hI+^SxXOOEypeZElawA4x%xfiqSLxRY%F2ukAy+9iXH|iG@kPcN$3`B=rA5hj
z{N3*Kb(p}D;Wc$u)c6{?)9D`$3Wk2=O^BXh8l>UX#ua~r+{zk8iuqO<%YJc8$#h66
z;_qVQHpsZ~U~xJGt546|Mr=EGxfrJGr0f{$T8qyfQNo<OUxPA8wixG8qD$H8#NMii
z^-u<d&#07SM~1WvBjBTYsxyrqUoW7Aw%Uc3FzX@gB$C1-{n4evd7zG5xvDil;|<zD
zhH#v$(rH5p`zef-MvA1>wY42bpz+3uDa%CR%lWwxK6OlaW&2u#zJ2SBQa|@k&H(z%
zNhaC{x+C~cZ6=W7ANgq(BhsHMSq{bQ<lfvH6;)Px#BINjDU{1sruMZ+kDD!MQN~k3
zW?Tqo5x=+XTmX3a=M}mEo`ZR5ooORS3BNae#|FQ6pC2wmGSpJ0mhAVJe-}~bo9d34
z_=6jNy3e-9+ffsnd}yJg<KCusT6z+qjzsaoPKsREgv4dOV8Ob2lSwhEnQP0;#*oZS
z+;w2R`eW?nI5XoTrY^@WDk%Mcqv+%KG#%~6LkQXO8rbsau&?K8nf1`5N1iLdu72>P
zl+Oe4>Ij%2ME`jI9PXSN?Xw0JDolh|F`Bn_Iq04_Mhav0F}p+ScCMDcWE%H#VinNh
zL+#(|KB!`RoLx417b#js%=_~c={Q9d_3Z(ypqioYtg&(LY({b>*Dc|wfP}EGp*H`0
zQ1&xpSAnmZbh05TTz6-hK4M1&km4#fNTzXM46cUh)x_I<Fl*t{98=Zwv71x*B2_7*
zq{3L!MaXJ_v(}S_L|^_qfnnGbmrZ4deCb(j*iLOw4QIs^*{*b4$Zv?sPg0#+qb&~+
zgn?2(3%<fxHLEtj@wIFH3maT>kf?2wKgpY({dO0ceN?$`MpDLa#8Ja)z@vE0@BMTf
zO8Gtk!ug~Otv4uKHiEQRqafTUvWLH32_Xy${5H>aJ+HY8Tf6`!K)$J$>}Lr15RZ#F
zHZPD~YA6C>7gEZ~ZtB0|v_19dB$jI>X_eE$%T<ktn175{ES>Z_O)FYPOKL4t+s>PH
zmSM#}_XXi$Gv|#1r9h-zkBY}sf7*}ur}*Kx;V@0(*KGNRXtvvC<B{X~YBi%+eV6yt
zuEI)(^~qjtE0Y^$3Dfybm(tDkWgnN-%G-T$DlOIoYS<5BRPacgDu$8o0t4huMZ<-z
znw#we*2&b;+V^<IKZ=*C{X%6w<7Jw~BahIY`L#KMxP8yPgy6g2*|*Psf_@3`-wrS%
zVbv!_ml^jqw05MJW@O#-EqZVHHRsE1LJmePn=f=W1Q>JhlhDYclrJ_xi*c-3wCWBM
z?{1)4DD3MP3z^|(IipyW7UVDYsZ|9m#&|XvjfmWZ*WZ*H>ly!?WsUU-8cRcd*Y*wq
za*Hw*cs*p#3ni_C&ITx9*6Jiy0UaC2bErzUvSk9>wYzok3&HEFRj$JH@xR{otJu<@
z6q@CHc}%A=3^c=h(fKx*qa{DS*ndQ*xgi3N`o)}GPeQ9pF6}*=*hZOXC6Crj)GYVd
zB-4dteINDDf!Df=-L+6o6QIr5i$kJM3oUbAZpqm*CbuU`h}JM<Rei;X3fI#vJ>4*L
z<aSGwLQZe)BQ{U>@R{w7cuCl;s5Xw#Ab%6}{PCa&&K$q~v~+&SD%V7NnVZL&nHT<4
zEc(YAFqaA*jbq_TLqCL(;7qD5h=n@!oX7&H9INZtUQ7?{UOI7fTzM=w6}1mz*LkJo
znuE`@MI~6kP%H#jR-|yMgkuH~Q(_QL_VWdqIVyY`6WfubGt&9UvP7!%#V*nUDY~Kk
zN&PBM)?({e5lMD)&P#zFsT7umKT6HXbZnWfXrt2ma0d1LhkuID5?Tg3j!z6~G&bE!
z$V3D`+F`7p&ANj~as@WV7n_GkfR63IZf^d-#fdr47x+$sE{IbI<px}SqkH0t*cif|
zWj!|_b)v+f1->cnBuD1knx#UQ8&Y(=xFh6V0i9Awt1$6RgrccqHg_N+>8``KnVyvx
zhQ3hrulXr4K!SMG>DGwoJ;b$Q30wVCKu<$G6Ve($HMUa#!-L^xP&@i+eId5?Y8mb?
zaMdSPZsHkl4!m8tf8*!2-4g>OqMlvk)M^?VwEqZ19XCuiNfj26xsgI_qukmrBYp^9
zTz$aT3{pOniS`VksTo~2p}JaHlxu++UMKasIPc>Z)2ZEail~YJsXE?{cg?M;A^V;=
zHtdQ^_r0X~vCVwH8l;t?L~}KeSm+wvm}!Amw`3&`IAA_PSMG#40isf^#ND5Mu+{Z2
zceA>WKW99<>%sh2RAwUbSA|~~m&D0(XP6Md-jpHNjM$v@EsbBVotc{5{R7g~*XMLw
zI@}eb3;`5p`t1}RvcdPSrb2gNa+a44>i<<!FYpiM1f)Kda>ETW_2Wc`nirpz<Y4;}
zeQ#}*QCxT_+Nv+PaWC%R>|=FG!uyhhj34TI-c1^`w-tw#N+mD1<qzyHe&c&|z2|;(
z)^X?9U@EdQu(VJwHX?v$c_7ilAUU$%1$Lm(NaQf6#xveF^aFMCke8&RhRaaxFXIZj
zMK218K)VZau`I0x>eT)ppK)RVH6{l7g1%r1Ll`6lVwfdq&84OQDc5J{(9+EM%T}Cm
zoIR3+mS+nVzz2zI-B@!;=^OhaP3fP&i;buuw{e?1(+`-1%J!%m&Ip>NJ<6S+;>vVD
zNHf<REmPstovy)5D4sdHNOr*LalR05I6sT9G#`A2t3h&vTl34R#9|j^L9}$D`--M;
zO9cpSG+J2e#!oB!!I<p1)8!f=TIg(30*GU4*=IQ{pk9Msn2$OptH-iWlR6e-6bGlD
z-ur8kl3fL49cFDs5-*3BN_)cl<zx-bm53OmMQyXUo8A@Ubmm>RswGo*hAR&`F&1*@
zThHbP;AA)7*z!;}6>A#leY8%eqJ)8B4pd~wkQlBaP`7<^S|IY&y+?hm2G{(<sW<fx
zul^1};my#8hXN!(fN`Fzho#DD+zV)VJ-_^2SjZ8$I&<Df#+#E3`no{cd#<YNmk9tq
zSuY!2E=2su;s=HfI1~QcogEDA&Z%ixb^`ryS;-}`oT4bDnjn=wpDmF?-#3n(k%aM>
zh5|Wqyh{(lFya^o%s-%ls<5}7L`FKltBSzL%?_i}+a5RFaQ#xukho9u{3*Q0zHj5o
zeb!`sx1FOnKB4?!ZhT>t><XWh3Jm+2qb)%l?yhgIzD`$Oy`%_LAG&kY*sxnGO^g}+
zO?vev%=p1@)edmb9@U>RS168!ZcT)3-g-{SMqNl5-w}jLkm^zuQ8r^RBS33O;YCW*
zwkih~?F`3j<TQxA>|a+!295@;em29mrkjb!tCV9&kY>JHo079Fde=0_Z0FHW`ua7D
z*Siv_+R~yaNRu(^Aii{uv^L+HzG}Wz6|WxCL~8UHPq}c-il<yXIEhus-7TB()w@r-
zd2gz1OVC+WaQBBR?)4PxF@OI1id0dvO`klHR5e<8>KlrR7hATQ-!M{;yfqS1N=8;C
z+Ae^;@juUJ_(g3baXtSHnFWV>p6i@Sk4HnRBLv3v!xHc2_-NxkLrf|>P`k2J)8dT7
z+*K5TAH|EFB~UOMN5a#D?;wYPq=&P#{BtkcfuE~0Kh;2zGF*~eE}(=qctJra`O?O%
zue8%T!M;MTeg#Om`8la?i(W0iUY2R^-R%O{Hs#bq%{9_yxOI53UGv?^TI8i6+&gv*
z&VMqllM<@bAkic<%)P2eZRSkn+8+ANB)CQmo+oka(YLD|m~rvN*vkAQqN^peG<uR3
zNBIgb*Nkc|Zo6T3;RFBC>Bnh0+DHAwL8W*89+`36ALC*>P(ETJ;V4{xytI?F^HIHZ
zr5I~cEaRtPQ2A{?&0mm?+O1x&NwKYpV+viYk{0>i=NrlVbWf-yAFy5^nEAbZ_R1oM
z3Auqd{nQ9l4MMW_HgCEuteZEf|8*bg+XcO`#I$QG`q}*g)YG8$*G@AXSW=4kAV{)L
z$p&Ttm2&=t<+_xLS^`IT8*S1W+(IMvwnN{2fG~s2!CUgGH2#shD<g#k%X;z8>|n~S
zq<>>5_yn{0QB&_s?OSW*C%qD+rkHte{2F=pQ6H(Tl$~dRPpL|d>D0z+WgUiHDn~Yg
zBjL{LLkYp{MC3QYOl>jP9S7A53%D*^W@qNs&3n7P^`ET?kxcb3a2fG3i2LWGao(Ku
zpJ7tM8{eJb{jPqK^{2(z%U$jp&DdqM+R2{iDY4ID7mrx!&wC<H3tNI}TmU>_0Go3H
zVst{P-m^YUQiAY5UK*zJVG|r#je0B^{QC2*vI%Cw9nq>?r)V*i{ra+~6N#KrjgN9`
z^Ei#u=H9S8)`jJ;D|gdVm$SY<%`|y=xrn;q)XdARoIX31FW<d}Vtcu~qZ)>Y$Pn##
z6?JSTHs<t!f75(F#QDoBZ$@~OG?t^dVPu>}_wQ`j4MK-5Uu3RRQry<K%@?FXr$AkM
zr8EPhRPycEu7ZO#pFK|?t3FmqeDkX3<PYfbm4f*Q7vNUGLd0YcmOM<Lm0<HBpE$T%
z6P7&n#zikb53jKpfhp4Lr9F0c;rL9jey8p!PX6m{vS?GS=WBsX_o!HY)M=|Ue=@WA
zlHC)x;`mORaDz&?RLtAnIBh~Aw`JlaIe+-+eZuZvPpJsu1i8&+{^<!3+dQvCkW%?H
zwVr^Xzy>Kjoe8P`Z2J)*6@xjsd}u<FfGMwdepFUMeT2iCSDjy?Y=nE083LCyIQbfi
z7_wz&T8^1wI0DPy&v@^1ti}vn($BzL7aU0`zz@wMB1?BpqMCEa3x?a3@Qm@TcBqYn
zSMSQ-q}zR6$5dIiShnYVY^B02^OW(!SaR)Jc69tR(GSuUreX}wxu1)-T4@$Urs?vy
zzlr8JU%1UyL!OiV(=o5T=(E-Cjas#u6E@HraXTM0GwyD0PPtTYSHp80k>Ot0(IQQj
zkFA%6Cw)aHcI`uHI1X=Cb}>Mzws?D`8j%tj>ZE?X<oQ&{m1=~mRv`&1`KFmMIoolV
zAf`4gqLP0lG~{;Lf0!kYQytBM`)wQujEsPTZZ;}f*;==sABNUCNEO3#mf`GPIhlc7
za-H2$hvVr1>AnbT#wA=)fxP~f5YxhT&gUJ=+?0o_2x|Ec@PWwqoZorD?UAN(d$@e|
z{kyX)edr3@gH76}*W5Rc3_sacC#NRn{Awx{5f(O2?GEyfVT4<a*9JLc(c^c{xrx^B
zExd_l1g4bRZ;79V^==&ZmNRG6<^u1?E`-@fuAA1OC4a^fPsQWH@g8=8xl7d%rdd`C
zNJ|eC{QdI=*BB4>D|JkRQ?-2&NU1W7(66I9XMd<Ii$8~x)FP9{?^+@?CCk@G!}IZv
zQ-qv5Ssd|?kG%3a4O4{LPSA7|CiVqp_66fQmMr(aF`WLko*0PoiQL(psL1I2X2+}Q
z*p{U)z8iS9ccz)&7A6tbE?%&Fyj6eNel~HoSTBTy;e9!#Aaj?7Psi0azqslLAL+m%
zLx=gLd<};fCmE(E?-}>5G(>x9Rc~Q{67m-7vrYW(7%3cDHZ<YH=m&p!Lg4DWss&m)
z@@9W*^^*eSPe02LnJRrL)$CA<osZCbqJK#JbN>DU7UQuMV>Tyo&i0gEETYw+=K2k~
zt&B_G`RI&Pon2nSa<$ZVMkz2wg|y=0<*s*LE>m7~E>rl<GLplgxE5rRS80FW73Ey1
z*AGt|_}~Q|f>A+GO%5n9#0*Z1OdowSs-*cO8li32u8+=8S>eKz_KBR77kp(&q_wFU
zw}d|I{FWz0uYh`GLOGkWBK3PorI&d*9v<Zzj|}tdo!7lB>Y|C%bh@^J{zfj`XJJUf
zDUq1C_;cyE&cVGi1kzDKEvgh-xp$Z;j(QMv!>JluS!4MA>ipfDlcY{bjOsBdcy(p?
zWXu(3_Svds72AQyRBghXCzg3n-t8bSHQ!hm4(RtCL1*)`&=-B}WTU#rJ7{sWL03i<
ze)KL=`i<{Nh$#!!2i9M0jy?FiL?o2OwH7vr+ySdxs)#waY5Ofz3l~KCw4Bqo2g)>P
zWKJM8CunkFl20m}@Y9_mzyB+*@ld>4Z57@M`S2kFPKuiymL6LyoW=W?U;n3ZP~M{z
z`k8m%Tcxsb7=M15sGcmF$I`kbT4}6(_5Eu6Qx<afM#-g~e)1|hrKm8wc{bjh;YQg}
zWfqgwPk5c#oohj135u_a-KnftqaE($F%MflBi`O*QR#?XUV{@_pX?j=*nLgYFD8mK
zEAlK(D$*suH|??hdLrDSR<EYx`z-wHrCLFt5lL}RV~8yBv@g){MGVK^td}w^7REuO
zYg)_s>G*Nc4YUn-9s|-+?dEZ&>!myAOh)c3|JW8rVWetCXSKLH7GAWzPW}wFBb|Qj
z>(((%>i{IV&YV78rc!v=!F3nn<Ads7^d&X%Dx)IVQEb^TW{c}dGyXuZ{m&g7pyguk
ziCS*eBS#~;%;Zc_Y6(;#ZOR-*X(}9G0Q?VSCXRZ07Q=#*!3&M#BhKeea<TI_SFn8#
zvk*}mhsuOxG;<x*dBcrWnyul56S5NQnaAvQmTyN0X#_I98|`)En0T<zt44l7jv3j%
zVBN6uWn>Bz{LNvJDwGx<mt3V|HCAi8h1&T$EwSzS=H4aUqb0i+@y;K2(=;pPmfhAk
zBl8EefB%rO9(NOg@2GyvuCSPpRXZLlcg?(~P7UU9J9V;f_)F&5jWC`*RYLPNK$mX7
zz_lp=VpkxN4?9|u9eXTLYI&WBI?s${XvAdlNsS|aEbV18FP&r=jIOV@<kan!iSC&<
z<iu7b^dr*0eC{W6TwF#9r=-Ta4k&4DF5r<KjXAKGFnB3xOgf24c4ZX|32-nTda7wX
z^iawUaEj|RM4dtJ-^|*a6B&L!izHTBPkYOl3f3ua<~VyS-+am2kY@qgY%D&*z3!p<
z^)CH!&SB{rb5Rae+DBJywGO3!E-@tUY_1Us2aNAO(ej%%bh%tWhWt@$cEasB4xWy`
zVg8+&2hf_{1*Q3p(?hF_%(9!>&$C~eqtxmq7Kh4s^sB<=Rf?GFx9;bXxH7ezczo@b
zry_om&)j=L_E2M1I#~5dquK3>#zJWg_nuKlT=QIxnRNRXGqn$>V^!iVUYe^)idwfq
zKijZYSpOfacjm$Wc{pfu=h8)|?(m+wr6fb*RzRv!BKeBufQOc3(cHqAYt=%wnLX*}
z81Mq|g)3<gc>`$YdS3xq!+XK+L5te`Hp4U@W-zB0F+7ky@V$mLi@tJ_`ryrmbJKfp
zzv(~DjiB@HfzsjH5zSI#b$~JEQsp|LHu>|+;yBWU6fLk_<W*0_U+LPe(5eghX?E0<
z$?TbXhY6pCB^0{&<vK~zIDfS6nAaMp@{g-9-KlY_uPNtbp<6)D*9C?N<`%dSWK&)%
zPEO0gQI>_HjO+=aBxWSL<Ae+XeIp>{WM*rnn9v52Q12-yKk!Nrt7*LsHg|GXAzoBv
z=zz{%C=Rwxe(g{5&YmDfWuV<`){cS)U(4q~pf&a51A}I<Q_8~RTud0BcBeuQ=o6hd
zSi1!Xqw_o5*Pf3)gE8}0&kemY5o}`^;IQD#C_$-31t&OVGfjjN9qg7ah{8I%`;&9S
z?TAOYLbH`LD6ROkuNpb_d1M=@Dy79*;_UHnztJ3=-on5PsPR(YvmxMOF7Zzh=0l5q
zFx0jz)Q~zXvDlI0$*~K9UMa?wKgRIe@$7D^;>sZVx^}|ibT>Ywrq5jkKs|Q~NN5J4
zc;LIH>q5(f^zEmtV_F7x4p$KyQT6L?<#lTd!x<AbHEa?1J0`b2-wX16^>gJK-f$gX
zUAI<g*b2<Mh-x4-UDQEjC0k*2vO)UphDd0%fO+!FQOE_Aa8dCJp3zX2eEuCV1&X^L
z?8)jJ-I8J)u^j1<Uw&`TW=TDz7I_=|rn;KX_VTY$GM}Jvr<&`7YFg_2L4)`5cs{)(
z-<be&XHy?8?J@IG8?@V}7dZ4HANkE-i;eqlnFYh5w|PVzYhI8AGyDmtxt9W>4&j1V
zG&<_gR8wB^{{0^sPq6>BU%+B(9obl!TvM?I4L-l=G5@*fE9K!^&hj`{wQhOX_7%N|
z<zOYO(G9Opl`nM4RTi{;Va>w)o~1(lx{D!IpNYMeagF+&193SCxM*&3k;F+y`BPDc
zB+0-<aqW1xi3yE~<$oR4ubD)#s+^ro{4}Nx`?I$RUGO`czxdK2=8vaIH5D~hK4g*p
z+A7sIP$6)hJk8{wspXID6=BYP_K^xFmu2A69%VFs-93r{!VQ6elmR5+S8tM{!x?jL
z3!VoL@4s4`qBVoRUPi{YI4U3g+EB6Qu6t+pipIl@T3}B!b2DABCF^q3k5&A*qa@^;
z?vJpiapra?XCB^P2IID9gtlCsmQmOleI4z&R~9hsJDy%KuU~N?2c$*z6k&w&W13sH
z{sMAZ7SPIDNlRxRH57(NZ|@JyJG-`ouK=G6NB|9z)o(1^hTj$ku3W9A-x5<3&lESX
z?2kMA|5J8CObyh)h$X6Pt#s}u=yUoA`rXW4(U{u5AoX-1G#&*;fB%Ge`vTpiA13G=
zo!V(`9huuDw8rSn@ez1^vSaJqShQsRo5+9`Fe9kGLDS<!%LI#H`0~hrqMlx|Tl<8e
z0}7}C&uhT<KDVH@=T(l4YSX$LRwHLoPUnkIY6*JBONtas{Ut#2h(#w_Dm3??n=UJO
zXcIh{@gO9umOMS|12*wCg+Q4gXhwdi<3c78#=JqE6Bt5~4h;Z6_w?jv&Yxayh$Y#i
zWP@S|G(KJy1Ni~|KRUTkosdEI0y5oU;>Izu`&aI{v|k5$dKZ#Y&=X!b_u$l}yl-)-
zv3PFbLGO2~O`rh&Bo37WpxJxg_Xd4KQo9$BaJAR{kSnN)FDC(7IEW>KE)%(kt3YWB
z%%i|S*LK_I+kudM<s+{QH#Z-30_dj~E@%=g@b>|u{r8U>p)gbl_#e&3zl4L4{RgC*
zuq_~bErs^=e@SA`JIi{)50QNAvnlhJ8;*eo)#HBUqPa1j^JMIudEGnjrmLMSXrN!K
zN1{VrF-L&^hQk<kp4Q6trF)kazyIyloNtW(<_$C?66wJg#!fzr|D9B{4phdNm~&QV
zU{2r{`jP-3)BZq&8v6^-9yiy6-WHfz2U=#}V>Ep(1jhmPU`@a+2@D%(;$N~61Wj*W
z2TgbAg#l$OM9e#}qvf&tztu=|vfe>gC1_RJHSGfRL1bUH1x99o_8eZN%PD)M593|U
zqTVKjv=1ljvkt)rWtE5Xr`(J-dDg`vL=2e*<`kE%r_5LrTVi{T8*(jG6#OmL&M$m{
zx@r{o_5kPr`K>bOXv_<kfop)_g^qSNU_-!r&q7*<a)fu3w;!e4_sU9|YN%|kgwa;S
zO66O(6g=VT`}X0y<8GpcbeG?DM?#7<dl~hQ`^94h1RxiNbDjYjuQKy4eDb?>2ke2S
zSZsVWWT`2Ag@}Dax0s&utKCO_FyIq%bIE)xZiCs_?pCOS4UPAVRi(Ph2Oy7ORQg@x
zHeL3t;ks#p^M>}>&WP8{c*=x(aVi%!PR&^Azfs&5++V@NU5RQ1R{=oOioy7|DBnyL
zU7|ekR+eOSvE&HH(w3bsEp0#rJVb;RW?L7*&13jP!u3^d*oLLydg}sWZoB@d-76ia
zYVXZL!PlJfKgW2&V?Rmt(l1647L!yVx`P$Pt~Yy)P3m+#pZmjS(t<O05mO|lbweXC
zI3_mkYYV$ugq63cg3VO&tVDyA3bISbiC9(?b}w1nNpx0&Y`kVV+<%DwH4}wsC~)g4
zxRD3^eZfYfFrh5Y!RBjxz_4DN%np9q5+?M>mKc`neP{MX9zV75y3gtzblpOZcN;+@
zBct=rO^wTx#h0J8bk?5<<<B};Y&P$L>OZnv=xn84)75>;>y7lg`fWldzyBE!E+}3R
zJ#AouwltOntg?STIiqJmM2VFe#ub$GW`_$8%MX(K=4D^Y<+C2)diybLRS)*yD)H{q
zKrOmte2gvv^mnn%(=I;#y&omKm!CC3?nMw&^LSaJelPvFuomnGHP<6R;-D%cL%yTH
zFeQY4|9Mqi=W>z$KvDGo-p9|S1<mD1@!z6Kqk?CZ*}!q-3Lf{(X$8*(dh$gu$ra{<
z!#!}_tV5x0G^9>>ey-HuuY_1oH~F*EHsIWn!x=8-*x#YtZR_7(Zp>VUC>2<3kxAId
z1lIyB*Wj3Tp1~WhS3)9`e*m4C`+qe@LFDl(`wRJ>2-P9PN+XKvcbGp#+Gl$zcPNjs
zj)kJ_cVz9nJA2&5CDqRkKT$;ffMzkT{FSUsK%%QlNh;HEZwtV*XX9~dltD4A^Xn4}
zjs5!cEg(vGRyu?{N`u1MUxCbjb}(pZ#PSg9UI7yU(8%HAK&--B^@<Oik*qp(t8s%G
z=M6gG-x@@jC|-Hxd`#dQ3sh44jba&YVB^q0Z&S}Q#K-5V>`C&D`=rMADAx7Mw5^}(
z<0`HMERO*o`<GQNu!ka_0^AGC{h_m)q4TM8&~048LwY813YfOFJ^Nv#?pcTGHAXH>
zzCAGDW%nC2uspizv7I{cEJ`W9fswAho65?#{pRKcBLW<%WdV3|y5D5L9j$;}Vq;#V
zeJ}yC8Dz6^E{>7DBIB0-DBZU-t>BrHf?eMXI{SnubLB>Y?>51zQ}(2ViM_8h#(!s=
zbFbcias=r2T*HaA$G?J)`kONgd;uQt|4ZkB3t-PL7(DOPTIT@~-6!iS@_v>sQbVdP
zP#Pt=bhGJv|CIfY^a!Hu)(cv2WBI1>poI{0jkGs3e{!+EKtKtk*u&78jJn(K`}|@z
zbH*tgrfOi5A`T|hE>*G5w$hv|EeJPSegCiLhOSR;Qf~o+c}Y5Lg{6-G4%mR)KB4c%
zgv@Z(iRMF(z23PAF0(Zo6h4>g5%p9jT_W)V7(_%+8VgKoY~HJcM%TB=;Y30*7{=%7
zsGp3`X3(@E?5wbxlWHZwS}yi`h5!4}gWJ-goFDGio!%<2hhPEg>Ez5X6K=izOp7NU
zq6VC7@Zt<b3%pz_uy+MUZYURVk~l>j2_0wy4{dsIce7DpSs2DxI9099)Vnoc`ukB%
zg&Ii=&MUYB3&hntt;58Za^~(p(MNN_uv*eXMD(+*^P5vp+B>?RDxTXh0A4|eC}Tz_
z-zo^>Y$E#H#-zewNkOuq1ssqPpsP9;lD$vtTgJt_cMinLliY!u=kWpUZ$)_l$F<?s
zGc4^&J25r4NQv3$pmIfS?is$RbmUOx&U7qKN+6ir;8WW)I&rvF8IH?=7mujkb$!w7
z-vgp)Dv;UD6BC0C!n+Xv5Lw;$?fMh`-aBZbLP|g405B@#O=whTc7Rklilb-8(NCf3
zmWtZmTo|7HL}V}0Ey<VSIV5Y$N%aIIt;gV90p(eez3vn4!ApL|eaY%Y9Q5O);67#q
z)vQ&TZruB0+`CN1lKg7+N|76O8ZWa|)OxDJ-8z+G?mt%7r|mf3h0NDpT&6a37u)%K
zn;u-ORCY}I><JB|i(3FQMM0&JOpDt6G3-UxZq=HlnretS66N)SF{N-A0@p^t5YfRc
zEuPkuBE(L`7+-ns?bDi-n|F0KoxDR5cK|>*e_9C6U2NHZCfiRanaOy2oqclSeV-zC
zkbyZE$-J)+XxXI?MWdO>*bF<gC=GJ#GoPBKe9*FyQm)6y0|1>Z@1U#2-Y{c3k;<`<
z+)M~z0~avYNx0>x4LqdO_o&4voC`mGx2~iPXN*!US!@Yp;&D87AVzPhu9V@65xvo`
zS#q|y-$N_vs1)hG-Z(xs{^H_~VstsYNT3>cpFY+z=q>LJ7wHVXwMrJSY!8X2!FKuZ
zM|W$sMi;9NuSQ(w$y-)N#p+MCL$Sm*$wF@U=;h;gwNqnCV+<Y9V@#imgmB0S%Q*(Z
zRd7a}K3@aDg?TZ-$#i^#sKbp5v28`X$=G2XrGNk7bVI?!)7yj;lrR1~I~LURU47F*
zqQvOs*zp4vdOMOn4xwj$`>W&cf3=h^mloI`y9r@lKXp`;w|AWmiE(&fLWPRHRm$1%
z1L;SUBdja&9Pp<=e~9RQV4*#4mM~h@ly{hd#jlgW@PF8P>wu`bFI*T!L_t9sl@O3l
z6{JC0x@PDSRAc~=mR1m@m6YxnhDL@?rBlSAOS;n`q`p04yuW+D`>zh?oW1tmtJm{*
zQg8;EESEgJD%CFJljNPCG^6<aO=0n%aSJ+AtV{QJt*@Np{jV=NG3UV&>TE%~_m?+-
zzbeP@C+3_5tVlB>oRPg$v)<cJYHq)kQx4T*ZtN|c?<*bwMTQCCvy~CDr^zWEvfAmK
zMJ%2@k>IlUdUfz^=so1BYvs>t*KfbPr?)w>=bs(%5s|hMV*mJ)MgN;)&G(5VQ$`5{
zBG+sB?*P)@j~DTW<8s}pxr1ihcTSUM*149QMAfcdzFv4w#46`<PJnNfHy&I4ZMFS!
zF*>W%;x%C_Atb3s>1Y;5dS*hf*Zd?$E|;Js<dNEQ(0Vg0jcI5E-@j=}(x<q&*x2a!
z+~{u7cmI1lttjX{p2qs6>eO7GMi$e8P+0rNJ%T6E5us?=wsJ-x{Nc$_3Y^A(mtZ^$
zRJ4W8G8SY$qa|GDt4bIb4t2(v)j!8Wyh^s36GYj4RL~?W<k_9Hn@Uj>TII;)C73pw
zeDIEFHp=A$TAKvpIsfwpo?mSS1U8v!<R?GJ5;fmnRcT9MZ!c==q1(<hM*E`pq_Dio
zFe;?v5|kq84o9pw-BZQPWVTjSY81N<U1<QFJbQ*no_xg{S9%Gy|DpmbZBtR*r%LIg
zANwl3R|(>a#_g?KV~b56+1nTJe52?L?c{V|uDYp=oHygukTs!!SiGKiQ*(ij8cV36
zBd0xXvt#%X9+rETY}b?1Z4m95H^jHrM^@Bc)vLwa|K`g3Ld5N_-??o#Z~aPKA2;84
z#FIz;WF##1*#y7nHGxGI*`GRSS!4lQ_en@E1e%Mxp@LjwGVy+tlUqHJIl|eJ*WW0x
z=*2v4juKDHOzh<@EN3ZygLNPcJ1}E*0DdI9hioWhm+z`3?ZJ+n6JC$*^O5>F4{?(4
z>PikPL){V2i2{x1Cj1wm{*3V^hyo5h`3t&W85cCY)auW6=qU($XO8g`Ecw#n3Mzjw
zarBicHH-0zW!w<uyw1{KPLr)G3Uy?zh`KpYx}y87JfL*<jXCtbIf62ycU(sG$UgL0
zXzq<3+c-An3}+1l>yVid$BU%?IQRg(a=##?*3NP2G5n#E*<?KdL>)DzQWm=({lQc`
zzj{&dVee9d=2gP@;ai3h9gbH=Rl`yaHLzVD;X9`Svxz^wiLfxm*4I4o&?~YZyFCS<
zcTKBim1uPJkMgXGdCHWYs!v<HDBd=Dl>b52sQ4qyTIz)W<*=&W*ThK7EUexO$_$}l
zF~x-{L2&3wuLQe^UOCFs7Xh5XP^$A4@FA|P5HSwJABe|gYUrwWFy<SuQ2QE}Afuc>
zt*XiZDL2^`(J%U%>cjnU2*mJ@N3j9K<Ywxqb(S6zyebc9@Fe#ge$k8yXhzS5?PYLL
zcz<7(Z@nGEedkQ?&Ju8l7M7yq_<0&p>1hUx)W**fsGKS6<bx2>X*18=N6HuQ6#R?3
zic?=VQMWWLT)w~HLjulGyj4OZ>=UU!`;berhq$Efr|S4F)KduG${hm7{ix`?&=~}b
zHr=3%sMEsUwsgMRL*^9jIQTJgrb;c1kuKcN_-iyIDewk)ZtpN)@le#ndp!4^A#Y+S
z(6Ay&0bw?_QC{<Xw2m9lKp0*E`G?V3A4O5tx)fY&o63y~rtDq}R6Tk5pVsz~4b`dD
z7sp;R&UPmCqYR>&Z3L!8C}_NgiUz-IOvZ2oqFymF>GcM5*fyy($(Z+c{BaO$b~6^l
zQ*QQ^rDv*dcN?X}-TR0f_*7Oz{u);{`K5&esGhu`*O#(J5(N8xT2XHw!kcdmAg4i<
zx6WC=djVy>lTkg>e!nWpBE;inP5aP|q3cP2QC($irPeNkmHA}Oadh3@-#wITr1$RL
zk=ApEKDn^In(E5rkUn&?+T{J;Ee6pxZu@4cPRD!z&53FLM0r$r`Gki0z)!_=dKR|g
ztYXCLER|&ZK%Hmu^N@F2GqYsOr9J#!TT*8Nlz#0ef3@vwBCfF*T$Kxi0_4HC*WH}Y
z*WeNd3bP((4u)mKInu(E$k2m9{M1yN<6Z@zdjIb}8g*1~fu=>A8eGs>i=kWKp-gPK
zO<e9AuyVZ2+9(X#ybJd?mOa<@e{LVXJo+h0HU4_ZAKOSE5Bx|>Czfwh>|9ehk!DhZ
z{Dl{4puK!`xbE0rqU6Dd+5^ZUFP%=${K+&=-0^$T(~D0uY6)FOx5Qo^2A*-o0hAp1
zP7q~+No9R5oFxibfh!j=P8jGuHN34Wz5Q*?bm|l03K%;;`Dl`=o6FJCqZH+Wv)9GV
z#)3v&phhlhB51K7yF@I#A0`cgeVk~Y7ZMY+V)8H;^bqbpd0H&n5%6)6DN9oeJ|JwO
z1Hj5rA5iJ<tdRLeN1t96y7;?4^FeYZ+DycK8Q69Jj%Ii%2!FDu!K^XE9X@I?kjsjZ
zHs}{L;Jzd`9*sOmloOZAx=m}xLCd*4@^g&o^9VVrKTZjy;LrHI=u$&SB6(qxDtuJ`
zK#@Kjy`?)#ieTNOsfhi;QDWS&g8^-@8n`Q1a1jWS>xDy7BtR9VBJ9P?JY4C+`fIk#
zgw>WL)NfI#QJMbcb2^Wq*9pekiAoUepLP5T#e9vcQ27)^Vx`89bZTRejJmPV!t)&K
z+~n7rKC4y=XJlTsr2BYTlRMFRjRXc7lZr`_g>?G>5fJuuWZqhNqJPq46TTaYYzAaX
zB5yAw<@S?}Nq_HEp-j0e9Yug*V&Gs}opXEhxTi_ePji1f4lhWz2pSWhSvE6Do~rvJ
zn~I;|JK22o!%J4o6*>?s(=H}QLCwzXH~<5haa`n=EGGQ?D!h0>bApzr+$uxPXYl5t
zlu{!stxd!=W;+N*i>s4tFE%`=$skjtf9E0~EW2^Hl#+0#F_h;TY9-kN?u&Yjs25g-
zM{z=8#WjlqkFNQeK2mx+rAC%+U^{P|#;032v^E8hM@c})5fyXzL_i21r}cA;<d>&M
zn89yg*{L(&d$3{7A=^~;i?teIE$%HHonF18b*}N%=1(#&)b{n6F8Yd_MVljN;f$&|
z?(=4vM)!hNJI;!YH4YmAJjK}7;nGPiZiaK4d*4{0OMTGMi%t<?cp`(oXwb^D@3PyC
z=q0ENxecR_#D{dWk<mf3tCl?7)9=$0Pja5QIQU@_X>4YhKV7oX-b5kx>@gjVQy-q4
z?*Rb$RwmLoIKKTL&$U~=z|XB-Vfl3TbM<WzKEvvYq6v?jHcqv*-QA%oGvemtvf*Ob
z4tjKb1$9n3T2{T3n`wnubT!4s?oC*OaTz=1acyv)#P!K{(sT{_<+M6KaK_w4KT}pg
zyk{T713jrL<?zSKO_N`)`V+`A2VEA`r8xLnsvWL6zc#C?I#(J5`Bo07wRaTMOHJ7(
z#qEO&WG01ZsrE1%s%(@)b?=;J!Ls7L@RByi$eh|I_WG*v%wCkqCcDktI?s%^q0EcT
zv<ZUOkQ9#lpczL=#pwQE=;+F~3fjlmkvmU7W&sK(Er;|1n^`OI*+jf1assw14#j4B
z8pW*gvtcc0>7tV19_<uyH~oB;bPf+$N1~$hA!5lfj_QvW3H7<Mm47LoOKqq2rnC8e
zZQ>bie6G7Fr>nF}b!tf)#f|yV-1v#BL+oScs_cG{Yw`^h#V2??p!+c$a=w-r7kLvE
zL^CbH$^LkleZ2Y#a(*Gipu6KWaDRu8ZSs0w>xTQ7CqiFRg}Bs5u+U4UzZ|H#^(A@a
zkrt73L)S`(joZ$)=g$3<m>z}F7q#uQ0Zbge(RrB(0pp%FgrchU0@>`$%JMhDUi7dW
z2?F#Q;O{K1yHVG`2W!bbMK1`c%Osz(=rknwxbFRE>o#0sj<AuSfU`c{r7uvF5;ylE
z)VY#ky_;HYvTs%1Sp1V+O~-J<#Zr3=Fh1}P7A1%IEtZTZO#=4<SSuo4M(7z<%<#CK
zqjij5JRVm(^kOG*ThWf?aINLk)KQ7($u>M<f1fjBGzc$vrptDVBgCw(`ev!I&lT3U
z*U<d$DB;O4qjHM11EVTm+FN~!U#$dfI47%if3c`v7~2%TCVx#_us<#Ye?H!?_Flp{
zB@W%@4{|^Ge%XD0{WQZ56M)TZ9EOGoo@bG1`$7urR+g7|$$6kss}JU_w+^?_mDS&P
z8>tp*pIzfL(nYL#Z9@FC4Bf8Vv#glV-LiSZZEDvPC3M!5ttcP)cF8#X<)Cd+7Uye7
zKS$l?;;HB{O5q`Wx1FdT{ZLR3=U{s8QRt2c9tunqLqncqq^&41j3MQajGg6sowDLk
zf6e=@*@}h2dxy349RU+Oj3xrj$^5}L1vn-{I#l@;){Vkzs2=sxlhwF0*&N>XdAeV#
zd++9W+*c}WKO1I(?O|@w0O!Dw@D^sU=*9(OBLVBhuAK0Jk9xc$$1obRpjC4J!-(mu
zSM7LtT@CiHl$K$%y6yk~s9)}hPSfQP0Mc!F>RGp6sp9CgqDZ8p0$CM#()?iO+8ZY5
zxbnL-qX%@xEV{}2>h|JpQqXS`WRn(E0V}R#Bb%DB;~g{ZrQTrpsXXcaxofD!xnRkI
zmzY+5pW>Fe;;_g&97PK}s+S5ry-SKWL|Dn*AsWa_Lg+s#4|SL?TNfSxzAi$tPp&nI
zD^T0P7WS}%joL9a;M_$b?K8)Hb6I9K21|i5mG4YU`(i<GRyXha1j#7l7d;#s?QUL?
zBr=q4v4yM=!g&+|Q3;pQx%+955uFrO`TND6)6e8-+eIInff?0D5l)`Xz*NaAc_o>|
zP4>OU`t~wuU2`2zs?uV-0?{DY%Bt3DMQh0$H84#MSrp+I-Pge-i3}wCRBF>6$K)7H
z)JxkHD$k0_D>g1zZ`^*ajAj#x7t)XDzBnH{epu}98ZTb8NI^ta_$lzbdFJaGi_r8i
zIelG<tI#f{CsmRT)s^qAp}UAO^cy<m8zCdu+}LrZj;nl$`<{NvA`p@OE$G}~=RmN@
zm*R$aMTf#p#9OhP%fNqLP#G3s@0bnb3AnC~lJD7N;oncY{VgCK6$E=02hTz9jrJtn
z>2<KJS{Pp3{YClKs$K!nd9FwP9>;vWKyJK--dgAq45|Fvg}&PH|C`7H`30@fB2Lb)
zN5aLqS+P7Zj69*GUV%NUIBCI8jL`G%SDzaxc%3V6s2=Rp(Nj!}Sk*0@T}1LQvh2$?
z<C)Bb1;V*A%v|+~0D{Yb@qJ=hh_k%Crd)ZtgaX-hRHSQoJ1$9;-QArB4mDMfp9Q0G
zPfbn`tgr+Q!_zAX>x&q|BR#&$V(%biHr+O={LU|{uiZ%z<kZwtu_j>=`!W}({4zcW
zb}u<fX(q~OP&Ng9!}c<Cj7C}DT<2b9{Lyuw5a!&;$*$&-zMs&}>*~~bKo=Gfe)A+{
zNDzN)SqZ^2-!4Wl5)LVHn5WS6%O!YQkUarSW9(mF(z4#iaiIa2s0lHv`!E%GNU*0>
z)DLAF=g_EoJl*!H(C5u#d+7?g=76X3K7N(=n0HS>-+4m&*F}R5`tP`=envhq-%it|
z(6ohd3Vy_AEaf&|%kH$zLf({yvMUSa!mx=afC^ERJQi>&J7pdchlln!`0T9qUUOXR
zja6~a`}n@d2P*7<{<E9)dLK9QOh@iF$CuMMB-$D(I?~ZEt0{RVMHZVw9vekpIW+E+
zCHoQ5D{8eC!s#DQ>+t{`^>skR@ZD1f@v3`nw@Qi_wW{`pU-ZCMyX)noerUNZ%4YPF
z>B8f8AKcwN?oT(UV0C40s|bT6y0IH^8hYpa!VZ%bD}x-^XcVgPFfIbVCpSuEbG^Ru
zX->QDN#zoO>1Ti5>iYbZ^n{|C0tniJ<d(Yis&rMMHg{*a_FR}8KIOFc3Mva?ghKQ#
z0YD@83M7}hbm?2VxfopM`}3c-FKYGYH#Oa%6wR=6x79(Wo<2a%_p4r%MGL!OAW56_
zRd&n<zL%Jh8pgFaGCgnwZul&KgTcC9nBfGBA6q@Ud*zpOUYt3zF{^pBcE{+4$CM5(
zPfIDGFL=h3pbf#ndKS4=*ZPQD=2b;SeA2rjCzIb<mj~(8s8vgQq<e?g+$Q(ThU=(=
zC^rR_Oaz@Dx2#AQBQQ8|fL(H{?XN&^9D+G8@+u*-%;HpG)+x_rW#Dyzk+|khu8KH`
z#K1A5!Z>FjnT!oX{8A|*DEV8{yV#anB6Y<Wh~`812wQFuR%ygmdG{NAfT9T%n>ieG
z%03{iogNrRNbZ|54(MmUOlfY(V4&y=M?FaAZsQ!D6%f7)Z#AjCEJ#9b_r-36_pzX>
znWO7`z1x0#fK`FyMYi;oz>@i?D{t7rSaZPBgyXndjersoJBb9!jt{{wsd$X=5Uk+#
zXxSYcm5|?F_{{Ix@0FGq$<Q54Lo^t?{GCHwobQZ0i_d#JIE;e{O8Yv@By-VuK0g=F
zHh9lQDl62F8@kLu0=xX!m5c<1Ny=wmO|Qm3Zkc^G_Puz%EZL~RYin|L(Hlxy{DDCZ
zSsp>n$`s#mj^#^CimM7C0NvRK7|u)}6fAaxuzs8?iyAXLa-~0+OlZL)bi=gEBA)`F
z*W&Yk${Cvyo*Ma}^pDNJUVJ4$LKy#H;53^j-F*yHqZ+{k&?CabmLcL`<h2WUSn>az
z`~Zb<>*z#z2yY93SEaD-QF#Dqz!11&`a7_P`gf!#+eWO7QEvyo1RHy|yB1GZmDJi;
zN(yim>rVtXI=na4eRg{{Q<kbROdMg`4JKzRk;F8|i#{hGNsbdzB+4)4`^prG9{iZ9
z=dHPZyn#05yx!y@U;OzoyxrG~H5!VSR~gX@tuXWx=pHmf>&q{Is!kB{>35$^Mo{<A
z1oPFu6aJnK{!yXa7dS2yq`UL6+(J|_<MD~{davQOj4B<R?|P02r~u2#c~qafEiu4m
z5)q<a67EpeJgGh?3|BAYDj-3r-bN(U%wx^#VD|-CfqTN(q<>pkaYF500WbOQ$mMTk
zB=p>w7&_Zq1q@J+)<BAwCpeV@Ve5u?30B7@298n|R-y2XOOm-L+P`Dqb4fKt6#t$<
zU+Y<*XE6<k-yW5-c(G-(B4%?M1bGm=eZ>VOHjCaSF>X`sXdiYN|Fag6T`aqaHJH`G
z;RKN<m?+1z0%0z$ySXDzdbQ|{F!D`MX|IriSQ^1@2<D|Rfpe5hZ&6MHM6rpPOgsN7
z?ImWc|Ihf$@8jwZ&|Z~K4=?7LtVh|F-YqNbd^6zC1^Ws|B$C^YY2O`A&VN@>x2~JC
zBdhh;U;i+J^vJlJ@%h;T<rnsJyA4M=E4Gd`C(jFuIAe%o70o2kYoJ?h=L6^WYUMyS
z_$VmwuTfPkPAW4qg|CK?;O#1fhH?A6?b*Y0SF{-11Enjy*I{S1)$Fb4Gq10p?g6Us
zE50bmpqbL!_Oi)x?uO`Ox%heDiqhcW<^i4(<_ziUX=3xb;tY%VGhjB8sjH_-`lyc_
z1!Fe<F22tvYW)7B-2an9Y>3#ka8Z_V!7;aI1#{CZorqBa^Gl4b>g7uFnsasJa*qke
zUR(S$_;!^)rsd0ZLb9V9?bTM3x!B&V!T7jW@C7qm>SS)o%~(n>U`D_6r({ESKt*-C
zLOS*`dkKftRh_^GBb1SQhVPL|Mfq}hN)Gz|{##^-93>_GPQCFlo$s<vje0WGXDs|L
zqA9*m!P>npA*RKu;V<ZjdcE4&@>U!<G5NO=Nym`(q$^?{+_<YRHmF*>!&7xVP%Lo#
zjHwBM*b1AELl)}Am89TCt3b5~5Yneyw?1{2J|t{mHg?sz<pyzsgI?$tj{_cLJnoQa
z@hy)CL-4uQQ$!b(<+YKDlb4VsQfx<G2sII|x^)1K91X8nSx92ZKs-dWtrsCTGMR!p
zG7M$g(vwBmwzW~W5fR33lm)F|fh+$zb#sfRrw@N;Hov8F>SXLYnoZ&c4aqWBFLZpr
zX3PSKk<+DwOFMU386y295_6W`eC9f@`s_1-@TZkkHU#HugTO~5K~AsLh{$O|dkHrf
z5xCKai=2Ic@g64ghV!XOaH+8+GT1;NO7q3{&1pCB>r7&|pR&gj%Pq1ZtM6^85aG=H
zu0{QCO6*B^p<WPhIbTb*NB!(f??RO3X3SYZ0|$+x;l0vo@;V^|g%>h&KR>R3Nebo+
z6=yIA+|ZB9e@!u~!yofvfx(pog<x>;=eT?s(SE6yRM0h*V!j&v01ZjLRRL!)FeEP(
z|F*D{{*Y7it3}FCX!zf92Y`H22DNOfPY-puTAF2%mzJM!T&B`<GjPuhusI49mqv8c
zDGU6_yi5z1kbR|DdZFi1+D&hY@OvVgZyCAB#QT_{ZF4RyFO?`T(-|M&E)w9!UZRYK
z6N$EG1dG!galrQi+r{mf_dw4Aqwea=9=`A`j&Mz*99hXWLeo0KAkeVzv_$R4>eR&b
zgJo)*TYqK_F`mYEkhB0^xhSK5j6gz!e(LA*w-pStB(4w>#+UG&)9k^Vt3L*!;rIto
zr(lc;tNh0fSF-^!d~;$=(bu`1kcd~RUwlELY_V0dWDvl@<LChF48wN6kD?R$n5ak!
z!mD~(&kw*AL$*G|Zj?!!9R1eLSQGR=l^0I{B5lTVtcDi;0lJ>P>|(;G|3eYsh~l&A
zx&r-6%y9&G01fg5KrZ1AV947UK+MPWKh+Lwffv-dFJrVTt<B`II)3=~J@8BeLxmlr
zo!1YbXyvpLW_$p<sjSwo<EE}5#^uEzO!n#BA~4rE+!3dNHvayLpk)RT@$eh7t&`%|
z?V8N-0%nm8(JWin>baqNnDqhczwStf<F24vX)cBDy*tp>BH}NK0y~f4>BAID1#t2&
z%R0MyA5GVRQHzWSYT)bQ;H;5fBEXhqMZJ|T;Ka-u(~&w#y!`bSGX3EXAIvncDUjKd
zXPpM#Ie(c^GC@V!g-ES%<2S#SA2?p&074SeB~(4YfxvM8nHK;qEzBD*ITv7xrZAOo
zkU+bJQr-r}lWLV5%kqIGTESFZ>vzX>0f>0rZ{A%!0Ji=IxBVeFIXI$ifa;JFq+9?k
zz<!?kAhGfy_}4$n!#Wu+976H_dm(6yO7e?bO~fL0Tlav^#WBkP?h-~)UaL!F7|;zV
zh-(gdc?vs<CIGey=T#C&Fa8l$;BQ(`{Vl8%{a&ZO3jaI==!6!&{YowE^E%7;Z542a
z*)dK9I7Xsv*kosu(r=Mq<^JcxxLaz5e2nw8>oM%4|NAk2D)$rES*(+`_e$n3z>{!_
zwg31*-usVEd_r)(5@Kq*XFqQKAMXS+=4Y4|4X~2KdEy35uB8XsgWmsc0FDcolKs=S
z08-TkAP_%L<OZHd6GjYw-wZHGK_`Ug?@RONPh<redz(6t<PC?*v*t;k)nNb@7ejJ`
zy?EI63#{-`06WOvEdo+K>75wD4B|Rq`abb2x5w}|PgWw)yd)UL1wE{8#t{WwS@Hy?
zfYD+YBeFjW#h#@N;J<;r)df<*(A{92!~gw%aMm!l7DGnz|N6hb+w|Mlz_hafU!#DS
z!vj+d7>ozY#c5Q-Y$EVPeqpTxIEr)_&!(94I1?}&VJQOs95rnFq!j*S-RY`%(oPG#
zXYK#-{l6;)E4`SbxGL!lA@%$3@ch~Fq(}_e+rRhz{;I!?m;~wW?30Hl27}(1G~)mD
zqj*d9bNPWOUZ=~LwpuJ>683hLqD;^B_5gMYJoE8`mzWX$QAR8O)Z(pLFn$h-1p*OZ
zR3w}et6eYvEw@d<*e9m@<u;Q26tm#l&;(iU+shGx)tR=L#=c<~s|i@8^8fFX-*|ru
zc)L7<?0?0g(TF)MI9#C6fk7F@B!4m2X<_I04ike=920E(JJ)}HZv!Sy0AUULHFE6r
zzzIG8y=p<uzsFnt>IRJV0Y7_H^>?LUhcHmIv4A!Myo~SfA3IukX^dc-ak1JR98?el
zkc0Er=<xTtfu0Z`e4OHdw!RaDUJjNP@Skk|KDG<&*$_DjNECb9|NadP2Kn>f9r*ib
z#{b7A{e2K2mc4_I`riWnZ*l&8bin@UPeGuJu@roI_<w&t4}u!Zt@`^eBdlWf+L2OB
z#5QsK-vZ*stPR{B-}9J?6^<DR@S06Z)UfEv|F-bYJNc-7Yu5jyhuJ@zD;NL%F%Kzf
z^Vpl)+U<{`|8Iw@35R@KdCNfqE?f*mWLv>S^z#1<)edMDez1)RyFOzevt}{Y$_?Ch
z^3<U%Hr+en$0Lg=I<HnP_W`6@2xoYv^5{}T`LeU3zM&f34Lf-G#IhFE-wh3Zc|2YO
zP6M`nSrAteyn^A4e=*rKEcNGWy5}p1Cjk>>6E(nU4<*8(CY_QTchEQ$ZO7`_q<^9i
z#x(bv7sP1>gM$R{{Y4+{3)21*zbTL@kke_G4+NNM*l%=bOsAjb5>ysV1cI#&%<YW@
z8;ZPJ@<v2V%yUJt(70wHzexz-7}Wq^Yc8u-f#7%RpuH~=v{&QsebmwHNm}7)CS94H
zZZr^~Hh}<CbNzJ$EAv%8P5Ct4DK9;r6MU9FtRDIALrFGImhFO^34k-;uLMyZ6saNs
zy^TyE(!ce%Z_<yZE@Me$x&Pe`kk}n)71OlEa6$1JRo=1yApZcE$9n{zfde!s$5;$z
zt6C61>&2jSsST02HWZ`){;iqJj&y_YQox@J^}B-18h<MI#yq`h?frCP!7B98p6ou(
z+sEXBuNBgc(@d)ymj52hs^h&T5A4~%w5VeRhVgAii<hqE+a!4ZICCo>L~_K0MRR9y
z)EqX9XqE49YL#~pbWJFIy)TD8pN@!-XqnLHVNTLWQf-($hkXeNN)%KzS%@*`R{1&-
z9>)CLT+<8S#e)?X1LC!+9m{YV1}`V4%vgQzDpoGMnu?0W%u<`K;!DI(8h$xsP-VVc
zWl;OxZnyLmPAmHjn7<8`ZpD+DJc7ve!WF0s<fdT7xwntV-6=Hd{DA4)!RRN-e!y^u
z<+w4pr%j5AK&oBbGrUbWA}vqZ5tDtF>xs;VU?U?^-SXywXj}AzT|YTW6I$4&|5=}d
z!gTSz!~M;NHTkQ#z*shhNEg*(!fH;ElzcpiPrZImNi|7nx7uJm>hsgbG?Ke%=Kt+7
z4=7i6g3)+?xl)Q!s!E0@w7ey-AGW9!(GIO?6B%XDr5B+m1v%m=126DC@`^NK%N?TD
z{W+reDwL1lw;7GzQj8DmNMnj=c0+9E8j#Yqli}I?Q+Y<$P@Imyhq<3`aL<I(Qh+n@
ziRjd)pt0T__nlF}=j?_Tb;0{N=UkyHKNNq+MqPCPyPbw+*(&cx9QW})Gxjr4c6aNY
z!jHuV-3VA=VZ55V$)|PX^*<6ze0yLz?Y;X^$1QelGv%MITz=}d_AzPm;k%1r1osXN
zlXMzNp2yr%It+7i`XZR(Z_YJ3AL6s917H@*Lyn#8pNtUmQ5Oilt_aPNMfNJCWJ(YC
z(m%RIQ<T||KJ$3`-e~!3-euX{Z!<+@m&Sse*eP_8JMB6d+ioc#LffBA#a&;d{+b`6
zA!X8P8f3S2cRC~b@2X!z8B-rv!?&+)MVQ>w88zs%X6K?Ppp5>`QS}(tCQ8%u#N#!*
zxBYs`qbK<Wc?b98oKG9OmW*6<zLKK|HQH!&*exGbZFDeLXc`|v`*>7tfj}Mvt~jsc
zjzPmQ#cC9Wdk5oXt!y0p!8CketvX&ik5^2>!h-NJF-;Utl#HOPV|W!kZ{)#c6dED@
z_AEmdHn@XQw0x4T#!5TuF<W23^~783i~e(6MpL@$N(OxIGIh1y-iR)^@wmpy)lgCQ
zX2ldMh*ExE2_8%$4dWnU{D_S(J4-jK8W50sI%~JnrE0zk1Nxyt>#_luOWek@x=u0>
z^;PwKgmkNKe#jRNP1_nolm14mQ|Zz5Vbh6l7yTja62kOfO<nV<Vq|}fivtD-{kIFF
zygkz<p^?wMfc1e$qf-S=?Sg}IToFv{HCk1l>3nj>wv`C3>ptx>3J^u9weDB=A&6Q1
z`$$psgtV@iC(Mq)u#wYZb-1p*p`oI{kGYNC9e<V>-wI>7^_q($4pa4VFs-s!rM%)w
zKX`N%=K<HjFIQ%Smv!~$2qbuuJ4&dv{0jT<*9s{fYlMVQw+kxqlQcxPo%b>S8ABG5
zmD%pw7TWIj?qJ*l&fVam-QXS^nE`jQmt)URx(drACvkbpX}<s}T!U7Xv^&&YPc2vH
zOuIE-Lw{+(XB^NrO7l=dyj~RBTFS8#T2!QSv7*EU8RWPdY6^7GO0pv>rVrno41i?S
zKfQi(^6?C=XZ`ehdVG-&XkcLLtuc<J@f<t;wx(P8234QP?6D72!W`BklCG}S%K@Ke
z42(JUr`V>Affm7UoSyg|f``B!@(k+#b(mssH77uX0y;xxYFAHhEp201g)n?T4eE=$
zg<s77nnp)VG!PG5SHLC?d|i2N1jdyEuC+}6$@Q+AZ`8+KK5X=5Dg5)ZGAMtiqH*}h
zGb%5Kz$c~tN2AOA9vorEcCuohrZ0&7SW%XDwErv`@EEM0=n2{pWB5MqA4yF_B>VaB
zKP+Ot%Ji6gaY8xemsyFK<==&O<7w924OpT0@GCkSU9=ehCT)xW#d&W;9f$X|5(M|M
zun?EGD%C|9yX_x89(~+jQW4rT6UCw|iV*%iltyZFkiic~0DnZtwW0ff!=MvpXQw^`
z!%)M2uvar)H~fmRz01P45Q3ipp89cpFkmOZf;@9)9~E&nJzhFpQu_Ne2cY&<9~yx{
zo~+xaGrW%tt*<gUk)XcJ-uw<MrPo9*9iHb*x!=DN_2<5mgKzLp@i}AyAfhj}XIh%d
zDAV0vmVH4}9;HlrxMe8V=iK-on}YRu>pV_|nC}Pysn_Kv0Ki&i;k~`ROu?V-z@n{K
z83I{+Fl`01O2=MS?^^b=vb5&9D||v5NRsg8fDtb+^XCZXPSW0aI-|g!f}UsOF#JZV
z@xl{ncp@n##&z9RZ^@<K;6~}i4X=5|QIFmoTDy4>t6DoIJwICtRN?*l6r**@4C?64
zsYkt{MpwBDrK)x~RkFs<5P1|E<uh_uq-x3#_rtDEU7)Pe6~Wo5Nu`|afg&9cHW;wH
zSps9kM?Z#NTry8;YWst)`<uu?HvcKXdBA5TUozMo77SCC>Yxr}w7Snp$(-e;)SO#e
z!V$?I!BV2&-f@mH=zqcM6xkX-JbGT|ez&|i^NaMCl)#qS72P&5wh`u{s}*BwKK>%p
z64tj6Ivy&xfs>sX`CP+XKV*>uKM~WU{E;6=e>hYd)QQBQa^qd3p5y}LItNXU;SN~a
z({pP?%?V5G5kvA}t{IxPlx2HDD$X3OGQmWI(G*ztI@pGbhmqg<F8!6bB+}p94o$r;
zFv0zQr;L#fQ*jWP_c!dLwC-6eg~!|tZznnQPJQA+Nq3LJ@eisT$Hprz=QT)dB&D~~
z(=1Cg=lD56?mG)c7K?E~g0uC`L&jl6KMl$DT_#mGv*G0g(bG;^CnXx>`jET;G5uWk
z{UB;-_~6#F_Z`b8*`tt8wzF?{0ID40uTQZ7y39~PejZkT3)$044-Q(9A~bbc%usu`
z+C{I2dfW2PP4Q)b1~U71{eQ3`brvvnn?WT#=KC#~D6@8kksdz6%xmxJx#OavIf*Y@
z#(iwbEP44GElwxi_6`;;E+d;Fkz!4ZW<(QW*pO?$>L+HxaFYL6o7sKe{rgI+O}J~9
z`MA4I=JSegaKaa!sFEecaa)(tD)mwWqM4Jc4aB5`R`kx{6itg_)ORPjx9JMH!Td7y
zkjq_ydE%3AC#ru{PInd*;<MO#z2fST`FAj+7wkdEx-4i_tHNyecrjBmHqqVr+X|aC
zU)NgYIS(zl1TLqhufowf6+x@%FYnQPH0gt+p}6;3^di_n>Y?f7yXFUpA${b&um(By
z>(_~;-kOg;cNMpR$VSP^bf<LGzC4l{OfKsex<CG-axt-lqZjo{Xq!QIz0ic{ZHQ<#
zL)1^iF<=m38>I9Dx(}pd+%UO?;17k^AXbN}x9WNMgLnmJ!BSGS2oZ<3)8U@Zv3Tzz
z8S*?Ob%f$_ox&QJ>F}5*qimE0THwyg0%`G!6T=W)TAhh!(2o!fGJyjo90sc#Ei4Y4
z5Ua)6h3KgcH@!OD6wz*(Buz<Zn*CK~yRe6YbVAon7+w6=p4P&TS#9~lLh)!_+8mG)
zII`N@`xrbsKielDKKNgUSQxl8OL7q1Ab6m8{3BK8xzT({?mX!<{}&E-2fho}TUlYC
z-;AF#32LfK8wf`0v8_Cf`Gfr?=jmfuwB7IL`tV9-m5<7N3RR3ffE9dZn;#1Rp~4>S
zS<=Tn%Mvhwoa(3TSui0wg*bJs=WWa_FM82l$#yF)Xl47k@_X#-Ki!TAyN&?HN>nrZ
z->7)>?#pvQB$h!iYfT^Aad!dh%t(&W)4q`%Q6D=aEhD-*4!yT;tUL5BJCB{Oypi2j
z=zYKDJ6?1|na)*vdZbo_+I<QS<kW)y6D~XyD&qNc$sf=+s*c^?pl|DnH$yEfq~39d
zc;TBo6EwK*VR=9Jr#Bxw;^ljtr+|Ra<pb~{bicX%wWZ}zn!zg{CD2Xg1#c(-`=896
zbW*iwA@Ue;>2GR9Y4<~s+S-kVwf>!?n&TW^CDUutpYj-f=xBd`%|TK=p|sY$lGi2Q
zqaP)2NyAc5naXM}DeN;QHai|6l;zM%*0KBIH@@4<V`rQ0)#BDAVj<~c%bqo++w_;y
zr~J}*HN}Gx8W$63%tFAF)cSi(8{dEK4;a*|1nCD1Q=oNEhyf%e@|t9HMEI-lUiLuY
z&$+pfv$ORH$q*XL<jL(WTH(=dy$6lVL{V%y4zCm0glNo!Z-rcqYCo^@nz#6pkRIo)
z3-r`N*D9M>D4j-MZJm1?gU|J1i-1sSQ1NxlwWbFw&BC$66b$B;c8c80?wiLdlAFgr
zXAMtss&lHVCs#J{{aOv}>d=FRs0k=q1^qK%Q%0w%-&4ULj$?mT1r-{#(Zrr-uqh8K
zYGEqRwOsttzAMTKLq`fCf_f$yNQN07v?fDBE0i51Csjf@-YXb}<J!uOKg(ED6Zg1B
zWh{Ya$Fa+ZS~iwJHaGrUS`;kT9M3+YY2jpWKvKG<lvLt6iXG*7H@pa^l93BuJlB1*
zV&MHX`m@$G5-<tGe3~`b%j4bFEr=ucNdA$GSR7fBH9~CmioSo@k}9GmiZqFnC3mem
zx9w76(`6&Z(!E7EiyJqGC_-4LWn9S<;l_?Hx5>sT9++?94-2eIE6}JTFc@r5Xg^ZL
z-Mck!bIqzRiZVBp4s~mAgS7>Bz~FlUJoTwsnu$?a6w9vrkfTRYJ7?&*xkY7xZ#~tc
zW6yaF2I~~XNM?F1@PiWOhmwuvTFh3yTC^uvWVOUdxE~&6@jrUA!Xyj-y@0H&v|p=s
zKBh_@gHCX|xoZ8uhq+7&w_0L7E52^$2i1p(KpzIPAvp@4<z9NTvKOsuvi#I8&~OPL
z#raG!?x!N*k;91r<H}YqpO;68*gtl*C}4c|LgAUMW}JzJ->?aC$i)o@<*i*u8Ip_)
zXazuV6}ibQeVw@4xSLP`jghOe(eVjnYwiX{>nK}SGNoX=qA~=3sFGp0pi*56*^eQ0
zw1}qUWaF{9_I$b@t?3m~(Sp3PVJ$MZXbrD7mr$|d(x5Kjv?uo@Nw2HIXaCOZ>Qnr*
zEUT+b0UE~H#4s4|Tb4;z;>}4eW}48*Rb3@3vh#R1<iKS2`ZdH+tTlYkcxvT7ODlhp
zhIkW|4B2Llhu|a!_-)(1`hUN5raL=$#GZ82@lKK>OWaxnB6)C7rxj1-^R)6;e(CvS
zj-f94m#uOttPu6BmaomK)7O1Mp3t}hO3aoe&G{8|vvM%NCa|vqh+5Ag)lwg1TmpRq
zy^+NA>{<OJh@4g*=X^G3b{`3%ZLXoo<V<0KDRv<^?d+Wmae#&wiT6ntAtBEy1=6sv
z{?kDit}A1f3-O<&+iWfM(I0PkGz`9H_1WF*J@wXlG!|VSUGQ_&r+&V58~xPuY`Vhz
zc(0Wn(du*j?kwl?7s(@z8!0Czd&KIFvkH<21qKqQed+?ICyx7$v*7L{Z|0?TJj;LD
zuP1=mystyN!g?d`EGtwXd0a1}CzSRGX<SwEV&Y0jQQ$r;{=49p%UK^MRi^TCxYiT8
zJ6j8vHz!=D(52f6sdp{@edS_CjU;cDxVDM&V_TA;p2matms4Ke>nN?y*N(l=qO#`m
zTZ_GCj;GJXe-53c)RC}#Wdr-FLY{V`Q73H6YagX+S{HG;I;PB92RU(c@G&vyzjG#2
zbL`q)ub%fb`3fxcmnZ&#rR0(R&n;dmpYFt=`Cl8lO&;OsGgy5(fL{(W95BA&XBe|Q
zS?$M5hA;PL50V-VQ4f8(N1WiNYoS!immBrsD=&+g?dTr-#E%91HlgUHj^lOv(}YI~
z);*}qv8DcV!)cJn=k#DOKmXSO>)eJ^vd4z7GwB_P!Fg(<6J*2Z;)DXl7K(Rnp$d6>
z@>a&%oUeGMayP<!ID_wO+<{EhyXQvTXV6I1d;`N7COQK&@h<nx;4Wspg0E>mF-zx<
z1$@ipM8nPU<1clqwWE3->x%TiVmepuPfdjO8H*-z8t3IFiw_y))*5Gf4Da=pkJ%xE
zc+j_=m=ph!T)sfSAEa>=XN&=|zujTo7eo50gnxT`GwtHCX!Qi&vSFt^?nqiSY#~2S
zKl!Js759>&{bDC7+3AJXr``AC<5jECsOV~eILUJxcouwKPCnYj@}7I5IVZH0k#|e*
z-@v-*(f~HZ?sUJMl2u<k5lYo)9QU3hByH4(u;3CxI>xUM61l*I&`)-HqjP&N6OwYG
zqhIaAyPkmRf4}RQuYAWa^03^E-oQwiz0a<@W5RGlRGU?cW$%?n=m-;Nl92^U)g~)&
ze<D)B@{DL}hDJg+u)%hN43YKgLM3ZbI&D?Ur&0vHkCNDi-I4dp`g4<!n|3vvw(SU&
zjVq>J)1HDR#&N@byi-0o|4F%5UE)}ief>J-Fk#N!_MV(wUc8KRbWDx=TiE^rsPNG~
zLWQ<Ojv!tX(m`DAZ=4PF$GL|+D+qUTbiTb(@Z7Ixh9WvpT&NDUKk!$^WGE-N_sjjK
z?B}SvGz4Go!{Bo%7F##OWzb2Yu8>*vS4W?w?28Qf*(VNG-urN##4P`;vKP={@X7SV
zzY#4tZETxeVVnf;q7&UQvOP(0`m2~cPu4e;vEto-UJF&iX}$Yhb-L~b2ju9};LS7h
zDoZ$Jo33+$<dJRRviDT1Xy5jjYZc0SvCmt#TE@8#mj$Nz?tf(Ja<I245r06<!FNx!
zcJm@l=BGkm>t599v{T$L3*@N$QwI8*erJh6F(hd!Y9rfyf4XFTPdxX_aiDz>^XEee
zQY2iRoy_CGAB!RSW<}x>3VVZ-j2g6*sItv+UoJm@Q*$MMx3DTvh3~O8+M-mgG@tfz
zuDms5eW6*%108$OXP{$kf49$C-^pk}2Vpz@aJ?&HF+qpL<mIE`W}cM#Q%`nV>3_HK
zbgl>-FrX#Nzcn9iY@bAG-SCar;w-A2*<x3!{m5(Dn=(FVgj!U87A&2?5lz?iQy2v|
zVQ^Vi=tKo>N(T?ZlXrup-#CV5LTtYnlBXHZ)7Tp~K<Xu@6g)``hKK}*-~D+RpQh@&
zmA;}n1B{%fRi{sc-%eEu|KbT9ZwnOtZC-2^7wU+ApLd*A!8O%s@i;H|UW&M@oge+D
zQ+1Ko=R+C6*>#bqKHAk9{gf>uK!0|zb*TC1`5r#L4`to2JexC$eR-;5iv|0^Qe0_)
zr|-cXB?CsNm_i!ebXbIp&I1dOcK%NSwDs_OVrc<BiAmSk>;XfshQp8tujMfwhv>0#
zfkb5`e(QdJ*A#Eo<r*)v7W<E9o`<KRS!I|1e##}3mzbLqSks5Cn-xsWZ4GxkF#4v~
zPoaSwYruTA_jY`~uAE)JNpvu!@%qqehJ`Qf*Ci4J_J^_XY#B5{nazLYK>gln+r2rM
z8Jp@HR2ogf2(j417_X!h&w~uG*pYWIw}m*%NzdJ$yXU6O<J<GFXIAJ&O5L{kzxD8G
zDo`Lc$EzYY4UXu)fL!?6+U|_c4l75c$@gf^EQq+R6)qH(b*Bq=>xRIU3KCU!F*?I7
zBkt%k>#)u0kC&$(#9u<4G+er&5CFt*)djE71E(>3+759fROOu&m7M*MCe5G<BK2L^
z#S5+@Y-z`=7mXf1u`G_$i5j8^g<em3DQ99=Z%dc7C=i5ChQ4EljvJ78aqXnR;_y}c
z!&7RVv&}5lKT5e*XzH{;c7L_&?CW#5x93@ARPurbOqjHY7!@AMoL=NxIQmR#NO$~E
zch8CLIX!f5H*{;y0D&x8VdZ#@8$YT#%}Vd7t#lcP6YcZuGWj!L#c;}H;2RlzZ4DH%
zOi>HP9M;m#&BpeHG4RV9Y2U7XNjF~CptX1*^&SD~8rS3RTCa1V+Tp$QN+!<0#OuJ)
z^yIYaXzKXq>fO2ra0%&uYIrE+7|On`O@R=|JqEbr+R5Y}nWE^7QZ&{JUbsYyc`KNI
z++~cAK?>t~^u3`8;mngpRyqa>=vcc}+)?8lqa}TDjqD1l;b^i59hre<EfQZnABLZH
z<CCBZd@zB-TcTkP2Hl<OU#7A%4eJ2T6Wx?#pyHW$E5H~{U+CJO60Spc#UB4eFQOj2
z*UYGbkwu<vNTJCDfV=hGz`S&sA@};Lk#?{%y>UH(YIs>fZE^x#kpm?wsgNg-P{|!z
z9_xE`Sz6qs{7ne^eJX;gFDl}5?gGIY1->k(TQHhU3oSy#>#p?hXIfXY%g^i+vt907
zORK(FU=MM!H&jZvhUkZv$e{h+PjNC|0d_BB0qbUXX+gjvLZ~n=)!*Q9O7`&_eI)v>
z&TsWPqK<(_wB8^^6oqiLSZ=j(oIwstt~4F>K<MN2$17F1o)vOtjdo1#y1i^XH*q3(
z#{F*C>eLfmbatAecBUsEGW()*CXch`5(@09I}6Z*&z?^nrAF;3{@|X<by?AV;|R}7
zPs;5<*aV(v!h7Rr9>6ysXR|5ZhX-xMXZsB&x=-$h$)9yWqy=sWxWHMC))mjrpg5_Q
zgL=-EO^+2$gd}-4B9gb?CGOT~PjMkD)4X0(6q#^j>F<(hvb>VnrB6~-cmr#*no3>J
z+WLE6hkJ!gAuK+6Cq9T-HFSbqy>QQ1rh-FRk%S@<&EWS*R|1r<+Rcx?3ISL<+t(aE
zPJTYyEYT;I*;*P|nrNrWdqQ(S{-O-ORS>y9Q6YHx^<>xTlyvLTp|$JLEl7r@#XFeK
z2wKBQs$=L2^-xjcv+Qe#ocDgDeD%P+egn&wg3D*L5}|G$?ggK5eVrnxS@3X`zl3rV
z({4p`^2Ou7_twUS81=5R1zP9%Vg?Mg57p7uFIpVl0Jr50j32h9QMWC5st`ayG3Zko
zu0bm#caG`k*Vxn%D@(?Q)dEDfzmc8hvIebV#$==pbV0hX0&$nhp$-~d1^(A?q`5_$
z@1AM>nHsw)wJsNSp$X$t5QP9}Vi^Cb;o#|AIv*6GivwOq6&_Hpnc-{weGJ$WQm>W%
zli0C<n*j|kS$>hYLQif&QI&$Ct1}Pch2Edv-7-DfkX+I{w}U=Ar24hJALHeHrhBSu
z=(C$=UATXB9is-v^&ACqW1tponu3GAg~va6&pt{!^A83M^1JlWPn=ZAN8HTgg3dP7
zp{E3{hYAP^?opmhO`WEUA5f*75u@PKt!MLgXD9jtyU7_P@m0yIPt81mr4|yRVF0$m
z4$J|^>Ac^LE(crHrB>csXQG3rD?%sAeH1xI;s<qk=u$_i`{{XBr@?JXr@Eo^_}VB-
z+6#jIuMVw#%}yB!;?7#ncnPizt)^ZEnqyKH=!4Fn&j^-}Z(;aW+rEWPA1GUlSxv;<
z3x#ghs75)OQASUEszE;#yYkV3`uTLtAbvC0LP=mh41ajNvvS{ADg(Y1_Drn2bG3{4
zM$iin%MU|-lLS>@s)nx?lxd@Q%Wq-at2G009xfF`-|9t^tf)7dh^PyMfk+3O;FAYe
zZ{S=UYF0HPB2riiuHgOnjpgqdI5J~u7HM+vbK=RHUg9+Q8coza(yFm8y}vsq3|SOK
zMK9&3ybsg3+O0kS^lHpZ&^%VnqMm&pPII44;CQD;A?tsv&|4UyvF^}Ywjt$jV*zYJ
z#pT{TI(0hv0J-!OzXPDNfU|GJPm4JGq-f?zUw3?>70>s_zOm3EytGG`htOIRxjN0z
zeB<uJ=Z5L>wFmk}ljMjeC9*%Z)-KNMnRt8!4D(C4IB)x%;0x7mG$MkBKlwqvaPY9-
zhfcsO1pvllA|!0At;z$j5FF3FxbRLxJnUdTSA~1$urKV`V=k*aDEE}RxV%E82np?5
zwaSw5U$IPfd)hO(wXx!zsuHb(pj1K)q}<(A_-11zDZW3M#=l)Zc7PU%P5B+q{?;U?
z$D?^!Z=|-z2+X`Mp=LF*9p)UXO(I8Hb8h93$7`F;&)jj22H$2v%K#C*Xl**rm)|k$
zVc;B9XOZXNeQvIluI{q?ZHVc3Ytc~Cu~@y2)?fW9u=nP-w0||VZAO1nBljjZV?2LV
zS=`W>Q>(1?c@~?FTMSi*SoRGC0jS8UdBdcBmH8zdl3wK&BmHU<=d4yWSK+P}j>L--
z?{BtUf^PYe*7Orr=ePC-Ep&3Z$7J1P=BT-=6MhtOCoi84qUWUVq6;yAC~;ArSeL~+
zjnq~^;d_QiR*(WA^|-r<za0zx>RZAvlNJ+L_A)LxljZq&$KPrML_a`{^n^R950^9^
z)7Zj$NqR@D9t7*{8*}9g!D0fNtGWn9jH=>fY`A8^6@s)!&h-UbHwD-V4;3g`-}(Mr
z<L8Zuz%i#Thr#NB$>`B<Y<WJsu}KA@=xl|dytSsKetq5VT32st!C~n%!FhK(-RzMe
zt%&``@7@0S?!M-HQYUjako!8ZLxptas2K{Yv%DwI6BXF<lCu?;&ltvVSA1I1Pl~+g
zlx&%1qOULjU+SVq1sQ^P^`}nN_&L6tz!eRqS*La2Vueew3Cw3kK^Zvm%=I#Pxk;@w
z(kFL}P@)X790QpZg)6t=CA*d;M~H9;34aWQz*i1PyRG?py0j}!zau%9e1gYP=WIyR
zTw$VS#)mJ6F^@76zI@Z%XEu|1j*D?3-4>D559pHfVLI8Yxq*541=7x93GT46GvnvJ
z@{@zF_Je?-xVbi=2A9ak22(iQE&Xp{+ju{}!QJdPYO5!m-vqbM5t?g1i7w(FT2}TK
zdkB@k_@Oq6Dehybo{nv`R7p+#*iwl>#?j9MV|ES&8skxxBK{)IW-WK4YEAbL=mmj6
z4z6F25pF8u81d=QZyAJzWz-4yTz9_5B9$l*pY$w{btb_pyIZm+b5BdK8(moX%cm}E
z&qpj_@@(QGP5f6(ssPc?CXH4pws?Igyr3a|z9r{jP8ig>a43(Oa+%Y&M6PbWisPA%
ziSnBZ;?*qL9w^HV80sOy8xlsrZJVLSn55%nz(s)<9NH<ar<PXLN3F8KaTi8z#Ot;-
z^QcD3HH#vY+gy+N?Z<t;W{urlX1B6$w2K#d*32LDDPz9F`_bITH*-`8ra0~p+z#H0
zNc$)Jy+4gS3T68YY9U!enYxSm2H`BwEv~>JMJWBrB9eFgtQ~wcd~<T0>ie$v)?B|8
zd%?9fso>dBiG#+EeW~jpn!spDY)Zlk;W=O6TjVvA@_f9NYDvQNfIvv(j_GP!OG&4J
z2A=pYC4=={W@KkXWWqdD@5;AN>4wpDmAZA$JXm-OFHYPyC=v~)HqqgxsLNf$6A+Bi
z(!aVhsll+&Iup#()#@(u6JC0w%@@TJfyhe1)AmY^LP%}tG_x$?Aw@p!#<*wk7}B*q
z7TA{5`DI$ttj*;9bk_feB}a1b@p+wlJv(GcDH>?9q7t48F0#e4hmZvUgk!X$U3|z#
zo&5G5quh^PAsSbk{j*N`z5%BZB-DVig3?R541#sHjD1wL!lS?HrPqIsjY#ka<Py&W
z@JHTWLx6BZ1fm|($2C}RXUMW1HWXcQ^B`Ui0#{?KkGOAYd1N%p>7gm<wk^i#R6~LM
z>03g8)C{$NMH4{6p7;5#;YlN%1Uo%DW1d|X)fVW_VG)m&`=~69Z1ydQat)hLt8S%5
zOnc2ZEc~KQn+x|?r<94vGK}Zsej7?_LxJd`^Z8}9!zrAMCoZ*J+J7(E5D}N6(2!^}
zGEa1pPOx&%1UFr=0e<ZMBFidt`)z2J!zXI_a>SYb%2_5E*w^T`kG5z}VjEBG!{bHV
zEFvxY5XTY9t9@Y_A~;p~zFiVr3;Ku6`n3IGU2Rh0O8Ii!88rC%0xwjZHY}XB`uTLL
zM=oXiXkTh92MLyx+C3Zg9$z&A`#Jg#)wH`RuScwB1lJ7xVW#?rD?EiWVk4}OJc*c~
zu21lene%rk_a84bIZc({p`$X2OUO;t=fQ{SjGu8~0z1E?uKgPb=cw)1tqPp<n~(qt
zI04V9rZ_y+A`X6S9p&etJ%Z3EC>=`oZJv3as%Dg-07Ycs&vw?DK;5~6rLOvrT%3Lg
zY-U1b<)(Vuo)=A@^V99?1k}w&GRUPQ(oHGT2HTs69xA&-Sn-Ut7)5nge9_O&W??~-
z+O)1w$9ojj#sw=rF(7qWr}z#=F~ephd~vagqcXou&&X4DH*MfuzmSOXM$f9V7mq?;
z)5%imvM+G}jO;|#1F7jp-ED$CGmyh6xCK#vM}$UInO(CdJ$JDm#M!e$s~75)XG(j9
zY_`2MM?M+R+o>DBmCL6<>Dt|?Fm<%042Gv<Z2}Z7;wLkS7iT#e16Hf_H<ZwHhlo?l
z+%w7CKmH8XqT=C?PAk!$^P9~hu;<fidV+5}pe14x9q4H9MCrOZS!*)1SX%8Yyw4@^
z*rSj;UJ`0yO*D=hKZ54OVSwNcD}f|(sA&<IlWH{Yn3Ed|k7#Lp;a5)*Hdrw~B(J{A
zWG^A#vnrNKx9U63K@d;Q{Iqf>^;<}fIZjp2w^PgIpM#z6FG4_s0rAop*6-VIoIPUA
zD)S{4K|N}T<~WGWQjB(n1mSA)1mhMHK_${#?5=WFRp`k<bt-t;I1s%xGR~jE?N10W
z4$`k56A4)t%(zbM&eLB5ZZRCBpZ|F3QxKvus8;BMRT{$<vor7htH(=a`Qtb7pf0u)
zh>R><sx*<8+{rZ@t((L-Y-ZlzEdI$xeLG{>I%f|oE@mI^OC#-w5^e~M%V)7rJfqE-
z#T85L?%`^i02W2|87hFOj9`P$(yGTnSrZo(@+v{P@faMSs^{4JNSNOjY(jyB3UPDh
z)_N&Z1)aEXeW*`9QK~S;-L#tVYNO~P`GxV;u&P52J_)+Gj<Vf(=r4dE<oFumj%weP
zpGB{Z-R`7_n7;hsFF2s9^+*tS&-cCSh{8b1FZ6~eq%WlKqV%cR;X$Q0-a^i@#>pX4
zSJ`TZX1&{I^d8;~MS<AkZ8%TQjdgzhCXJ+;l^s)O{alfu0wc8h)@cPyx29Bu20|wI
zy2@NwdOWvvEtD2vXIckQq9*?%nX8&J4)PB1BGdFck0&(hlI7LlE?`<(U@vo!kw^5l
zb<T3XKz0YUViZd8XG&L|h;Y<@PRnn<7vr@2f7M-QSQA^jjRhMjDj<juk8)H9iIqqP
zL5hYB3C&Q%gGf|b=txmi#0aP%sPq;}LV|z+LO|s}K#C$Is0dMM!5|<dAVs)4;Q7A$
zJ@@{*zixiynVDy1&+I*W?{~dxt(lRjR9v5t2bdR;_!*QoO7UUD9da5ixo-ty83{4g
zgIpPsmIKd(r$o2}Gb%^rIKhTcfz_CGmdg`^kCO&5`SrmkR2?*a+TXes{naX2&t+`?
zownZR56<|H9rL;=mGEK98~@mf`VoJ10o0<^^9zcAQp6NQNKR@?A(UX?SxioT`H5nS
z!LO7X(K$Dxc_>S_v_f^Yj6?L23JFai^T2iCK>#(sb>#9H|F>s*v3|PlmV$53k`&<x
z$7~o<`skB&$x*HVUX8R7VHzR9K8XBt?30`U>7ng{;d3K#)~Tvr5V78r7(wL?jh0wO
zPy+J)ursN6bDKHC!~Q$@!x2)oB;B@^YhtNeirz;hU_y5ur8g<?*x;!w3z6|Pf+4-v
zj_jO`MD~&x=WU@(&^pXr)3OiiL970uhs=#x0WKiz)`kbbg;~qDp)ApRE?wl)44e(A
zuQTQ(hE%fxrKlUPS+0Ni+M_q;FvfP*#UD#P)7zN24ySA+L@aBRVm%Rwj_NQ%c<1Ri
zSjFP2fkF1uDMarvRPzwRpR6BB)7t&KhXeDp-c|@c3e7pLGOiwjU{Hwb`dm*>Zyj>y
z^>v=Ff=#1d7X?rIg<Kh2lc~2l@K#2Vv;@!6B|PpFnm~6YS@~A&d7x2b^#E^~bHY)D
z6`NmzN=q7{&cLDyPB?q>$SK2B3G5P#%SlE{?7`WgHWWO+1m@UvGi`4VyhtI$I#XGl
zC$LFQG|<8AkVC<<%qr(>N_$>bJe`d>PdOCe_!nBzm1rv9wn&#9#@kZ!sf*w33Y#gk
z83*)hmRaW^9SzLkjnk`q;-{}8{)>y3dh<@8Ti>z^%7ZZQFv)F4Uf!M(ZACwICg<K@
zR-?Vvzr4@-b^jaSfE3B5V5;hL;YFs6-&lHC@V5;hMTBEKT~i%FE@+Z!+HMf%Zu~7o
zIZs2_#rDAYh*pel>7+x7xXoZOMX8|v52r4vcTC<`Nh0yWbk}GX#k4tVAM*7Y`L5)R
z7b)@FEcfv>@j8K$3pw3t%xVv5&v&VqwkKL;D8@aUSDghF5v%2bIc(?kNon`!;uw)C
zql0v$IL~9p;V(l3ojlvWJ-c3F8I?gh=gH&-O+`)_?{WE^ybVVP{OYse?6{)UIdOx=
z#_8)~4}Q(uk`rB-I#<$Cw1JcFvGc@+x@*^ukBYiF4;db|aa_}IyAT>iDxC3Q!ePzr
zkc=jZw)*C|c5G?Yk%?oK=Mz2+a9vaEL4TgkZm_fDA{>q-3adPH*{4--zzK`wR`*S?
z3hRqAwzSa(6N>|UT8k}VMm$nal%JHJJ;CUt7o*w6-}kiXVmygPx2rS{dEJW6ota45
zqYsU8dO&qD{xxVDZi@_O+?OhAatIAfA8>r=92-uvDdI={AxtYYHtwK^U71(84Y^AF
zW})>lyP6*3ALh|3gAdCcvCPv@xl6@KQmE&h*-1sNVFr62v*)s~w>6ar{!c4+A*l9F
zO;z`>-<140q3zfLc6QkGA?O9~<gwh_J?2mo?hb|zS*D_%xa;Ao5y1zvI06rQz}9nj
z)ePp<p|Y*qW@Y#G%|D|o6+WI~oZotG5~X#?p3|7A>_g&2Jm4tRh1xA(TW{m0hxH5)
z_^>L8gD>?3ClnY;Y47sUUK8EcUO4fn7?qm?wq{k#Ka0)|YAQk>*<_Y{3f=0&YGNui
z_a8SkEX7Tk%HgWr`gRE8P)*#@Eq-m%lIecPrvm^V(2ZD+%cOYCBPZ5i?La_Y0s(nW
zt%Mv!ox0FM8$cJ3v%Z%npDAqKPN(=7VxoP!{B~md5k<bY>@Xm?;vdZG!FmBgMVY3D
zbaOqv%M|7JXmDaZC+Oh^u8Dx_5k2{F@6p76Sc_jPTH6M;mr~^1{*|*ocItI{a3tcf
z)0%ZG5XRmwkN8VS$cYHX2w2MX;Ymt)e4=mlnIa|AU#h2!k};DdxIOz%h3s&@D3;5&
zASDfcDAa?y_F6c$Idq<un=kH619c9}M;-m}rqx&}4@`1~AP5y7zJ*(f%!l6>CA7nb
zL(sNVH&@kdj^DC2uTa|nvk#l*`6bEcH>XjzGN(ty=gJn!V(npQ-S@JnC?)(|OjK1y
zw|@Rx0W{COF{^akQ-g=#Ta|8V_q5-}*uwD?XX%NU)>9BFs&|(@8=C`x2C#g;be3+=
ze#3MfAyWXUZ?9Xn`-nhm98{mCWSo<#JfNoGRM~!Dmr*j@cE}BXHx>%tVB<gh6;o_~
zttY-bKj}*FMH=6JGAM`jG^y}_U-_lKfC2`x1IA*|^Qg4(H6@?ZTE6G*fPhQ@4`@lD
znnJZ0Rmhhvuv2JCX(Cz%l%mWsal753&5x3r$E-zYM`S_~M|e9}Ff^-nQ!Q>EVZES#
ziBaEU2cn2|&6_&Jd%(~}#<yT&>wKeDM#(15$r{uBLcU~0XQD5^A5k!Y)g{JoB~+;v
zGAUW6sgJu8=*`my8u)Dp{9Q*$%E3VC(bOP>7s2{@kdJvtVo)N6+MHEewL50Nnu|NL
z{P>E3!hh=0uy*PU5O_#))#C|!B}JOoCkcLxy|L=PwR-FJU0-xkykLQS`Fl5W=ZF^x
zhpv7qdfylrIr=R9ulnut%cKJUzZ^ifu3#N7rQSd$5c<R^QkmY8>5+02^Y45A4e5UV
zoHdzVb{2s+05<A{P!uvX5i~?wT{5v+l5hQavQ29u-FZkyy|+nJ)Xi0#b{Uu1ef0i`
ziRXMVYd|ei+CRTTc^3H=m_`^XX^is(Nfp*_$Y1`^dw@!Ii{GFV{&O@|Cn4sq5~Bs=
zM~|Bl99fA}I$rNeQW=?MA$O$_y=RR^(^!Liqg%wCxx#N9gBOrKB=*0Gks?nGr-gs6
zA~kX));=peq$k)H9yHGy|25y1u9Kf7#64SxD7jzb*JsL=H59iS;H<v**ppzPe?D4w
z4UI}!JLw!=SwB)@r)jJ1DRS6-WXPR{rYeZ@5@&33)0f=!9I!;n^oF4&Oo3Z3rT~?y
z-~569!S<>8EWa~erjG0FW+1=~mB>_(^~nhow{;dZ$Rx=qA7ho*@-3mr-3eBV5BrNV
zJm^;z2Zk88aDmL~Eri}5y@x`}sTt7DdQw(>u&;tC)@|Z(q|xxym7>-0&u2~5hzJut
z!KlQX{u6V{jbDkLPoF@;$3Yx9li97K=HNV#F;L+ewJ(SYmp~WvSG8)yS*efLL8hez
z_s%_hBP)k_Et+&CW!F>>4C}_XkxPt;BZ~$oVZ>AGu<<&4hDY({B=RNLfR?p?Rzua@
zras@hsM&sB?q+*5<>`Wy*ohgdKu9qexBHW%kd`X0*tkQK!d=&qExO<9#XwDkY?f}J
zSye^1t$9{g->+O|uuk2kXoGyi5n<?lBueQ0-mmqANNm<N{w6y_d?1<?lA3=#30=cG
zi=h}2aT!K!Pfbd%Yg?0d>x?L;Dq?;V*jBaoFwGOwBnfqu&s{tVn=TiHlv`FqF<g-1
zAJcKqoR7{k*Zz5_Nk`~E*-61a7c&1Pdp;4)<kx)-QDEXHEY<n`g>f=+17RsDZ|<GE
z4K*GOw(|{x(pp8`4v1V55Ls_J4;_8vVV~{{!+3G;op@NEabu9(+j2g01Jn+F-rtpC
zS>0^B7e3SV@hpYOf4T6dp%?S~gqc%!#O{l4Kap7NSTSHNFbD<Tc-KEg@9a#LDh%+b
zI_7$H_qzPD=eSb|9p^vOTuUkdtp7dv%q_NAx6YnkUjBJhTWzr9?FH@4%s;fR)HgP|
zt7`E(CEZm?oR)acLZfDPeGavF3vOtsm)nf9A`$M~UYM}L^xNGQbs&Ut_nBF~TD(5h
zQ6y<`cxfs=V%|-XBFLWac)9TGYQ32soU=wVj=ZjYe+VX^oj(bW)orSCrN3RPU7A1<
zk^34J@B=<EcQ!t4D_sha)kr?iJ3fFX2DMP%$}?5UTd+ktZNfr6Kubg8w6gU$cDqxx
z$StZ;ENXYH%;~E^7VD7s{a%mv9+itsp$SqJT0W6cvx-S0+idsi!~|cZI8UPwQ7;tr
zU6R3r_b9#ScA~N6+j^waE`RK~s_>r*%BSl~!v(xh7pi=Lxf!z%Z<k_(*&(T1Kum1K
zXxFlX--^7MRKsWuXuEmXhgC)dj_H}q*LfuQrDHDA%Aeb%xL(v;=%@>pc(phXAE9BU
zGxudL$9$&pW5bUV4}ZR+oeBBtm}C|_34G8yXW^9-PUAx3HgtA}t~T4R;0!}i+`PH=
zN8}VN(bsFFoNfXS3Zlg8)|VJ-d{n*j!I9I)f602<cAi5EoNQk+&?^}>G}`1CJmOnZ
zxuAP7Ad0LsdhZfuVOVV@ifvKtK~K=^UW0sSyP3114GC-J@j25WPa!qYPj8Zma+^{_
zk+jw35_adANGUfPf3u{NIw&G!7SzvOdw$k$OwZ|YG7}$bLB#Y+M`DNz@9GY}fV7z3
z;@|D)!sZ9OjyYQ>BR85|xGoe<t_@E~_G=l3eq}i#$Yy|~4(k5M#QAhjhJ>}-9}VdU
zs_YFgH-V<X!X|fZLzY?I9<CF`X%=&g*-!8~C4MJ4uR;w8b+0DP#<u@)hyO6tlS?1A
zR(_xD-~Yi7N#9`2xbHYx6Li96KP>d*!8`lg@J{boe-BoXaZeXyEyRQUser=Q1i5jj
z@ez1HX`ThG^x+`>$<IF#+SWL_Ia%A7&1?d9u1~ufF(jcq7qcZz$x}9!^@W)vNvOcb
z>i1*2RlDngX7XaD6e8y=^XYxhO*PT(>UT!YLf!Ys)rY;aiOv6h$>H6$KVkhppm`fC
z#ps1y<i_hx_{8R>`<>Sc6)Lzk0-#)IN^d(lztus1TT@*}-s>Lx)rwE&1AlNGVFTg%
zh>Owdk#^m*D>)jFz$*@xfh_dCFr4T8V@IXs8#TI+eGe<n=w!;=X>!1|{kUJ=Hu(oW
z%yXZRs#Av_*>KF%9GdzYfIX`X0W?W1OU3xx4!<Qr>Gu|IsEGHDWxx3btB`J+&l$%}
z-S-?nc+h2D=<Wg^KPVHdkdHz(5{R%bUeDGz^(6CViM(iF%%}zQ>%uF*JN)MJiq9a8
z+O_6ZBqPWnmkkl8&gC28e_JWBTcARbPH5<mh8l(bhj8baIe(k|{thXIkvlcZd8xS!
zWe~oYAtTRyt=uE+3_xiu;3&5D4a}4N1q*b5<gPesw4F1ud^6-yX3~f)g!s4a=Kr?0
z&<pbqh$!FX(IEoJ8~H5;g9@x0%YxgQ_@$S*jJsD-Qu@=~^RMotAdO?QH}bswN6sNT
zu#D-PCIY#+&r<OS%N#Mr4DqX3u9pv_o{LAtbMFzp%uBw?(G)rxfk6A81V#J4Wg9F1
zZa-ZnTBNl-2VWrCM5f!;2zCWhvNIa)7MZd8W?&Uur03908$Q$W2Ym2?tzmlK28z$U
zuAnNM7(9>~Qr?)|y(dorLe$F#?9cL<vW<11k%fj5hb<hKLXvtDjFr~=!|`3uCQe-4
z5u?Pe68e3+k&?t%kzP_kt(8L$?rpJJH14sZx7QHkvf`WAiOU9<^5a!K%WuuRNX{yd
zR}%mBC9bM&T4;@mp-|?Fn!Oh|2li5T2-MK5FK$vNjiuw#vNsl3d2W^8(#Ouu@I=}Y
zVN^o`@0_G81z&#riFB>Oilt^fMEsTi$rY7*VJSq;#9}#O#t<a(KqEA;@0|6Q)L@qf
zOIowtEKd$vJ(jP#r&owevDH#J?2fd)C^?<a#*0zz`>P>BrFW$^^c@Lu%u1xR_4QiN
z8hU6-7@NIflLr7Pbxct<A#!5k#hI0W{2_C`F}uSGXXGCpEEJ)iB(!paiW4CB$uY^V
zu*I^OpKOnk{*`(NdvbvspvxeUy8lg1=kHrKGzTjGF~t=Md5yHOxUK#F=&iSKCgQ;G
zVU(X1v*b+O1d;!8Sxji`bR;+zMTzp4&2d7604_+_Nh_Z%Vz|-%yti^<xialf<OhWP
z#oJ=75S-K5V9pUq<*F~FtA_pdWe9mozY86kIXA%Qm=U7i|E*ueMNEE=*iAE9Ch`J5
zhuM<i3MckuI=(xQbt(xRb-A#Son`(j+v9yj`jcs?FjgTQ9iZd6d-<)yXm8#~za{#c
z8FmjL=+Dr<6}P;~>0wRS06(7bZ>~;ASLK{xSmob*z6F)Hr8ur4E0T}Wg1xZG?EZ+k
zru>a88;RL-+XP7u)X5?lLTqZ>q+GW?YKGo#*dt<VSlScrz0!i}-3txNsw#&BzzkDx
z<k!VX&>FxW>}sWhi&)^3pP;pMgie_0*?SQ)^#seQFa5LAzzgHG3AY=mu16t0`RnZb
zg|qWd2OlU0_9>rDQ~V|S=>d8;3Zw$2>S)5v{1Uo&(Yi7vK?Mx`SuLIsg8rxl_moU;
zY%D_~`U2^JEdgqt@q{LdZA~nx*s-9*mS^N6mWG8p1dVAAAG1Y)*NB{s5;Df?GP^z0
zc-#~hr0rK5kvIOy<V=S*%1;rVn(2t)rQVj(Ec3=dT9lNJnwVjHF>rE)_mp1?goERc
zDgGAV5hC52$oEQKd>%PH5<+rh9zyfn`UA=@F%1z67ZVD3sPelT=M@p)Xef2YDYcuW
z`yz~H>TNt*2C`95kaFy5hVz>t1sXjBVk!^p0@lkvRYE2MjlntuWHs4B2Q2tS8-d{@
z%*5hEKrK3c_cv~AIcjqhn28~f43E_-3k#tx9)@itfX)Po%oXZ>+DlsE-|avdE9cxv
zaqkn3o3&trjQ(n&6T;E48Em+`W0eYynCvcHmC64(>~|i$vI@*)a$n3Ced!U<>x*gO
zu9KxIPK7d>RiRVhdR!*~<frJG@Oj`Y;9+%HB1pS|P`-;eZ@B=5Bs(WWW2GBh!_!o7
zNzg}p@Yaz?VA^X_7!%e5qN=&-@C1wALBE~45XhGwn^rAi;0+#Me;c2{akcWRb~Lba
zw9%?B5-e_yU$p^(MOo;o*$*uKp9;RSm9zMxR!ryLe;UgPm)9t}Jrg!GxTs<vY6use
p$phY3_|sUqE&o3^%<&?YmV@_ou2r~FmMW~wIRi6&x}M9;{{oZqy6OM`

literal 0
HcmV?d00001

diff --git a/test/integration/connect/envoy/docs/img/windows-arch-singlecontainer.png b/test/integration/connect/envoy/docs/img/windows-arch-singlecontainer.png
new file mode 100644
index 0000000000000000000000000000000000000000..1ad5f4aabbcaf67e5bb6793d58dd64c554619ecb
GIT binary patch
literal 114040
zcmeFZc{H2r|2C?F4peowhL)n;t=6oip{StRs-mHZDW<9_5%W9+ooK6u-5M%N%mfK4
zF^iUB8)FI;Q&ED5d5Rd$qr3fn_wSs4&L3y3^R9Qj&stsaBu(->_x%~K>-yxi{(UVj
z4gn4}Ha0HpySE;&u^rA}V>@{N$RXev58<~U;9;M~1Ff5E`1Z5Yz{x>74LuDuwxTG`
zEo*k*{HW_)Qx7&ap|HJw`=TZmZQ0m%GqrDNz<e!dw>hf}DX95v$o<4+2kN=L<dUx^
zIKMR<dZDGRdSvpigBn+b4S4k5f4f_Th%mku{q-~tyX@&a^Zbn796_FEQC{PR9{ARC
zon>F`zlAF?cX*Y`5O@Eh`(yVCbD5^nyTJghee)Pvvqa7l*LSL{3YyL?gC{?D;Hp2=
zC^bxZZ@oAOT;Q)GM2;mJbnN#T8=Jc6AJKdF`0Icj+=ux6H}K-^6aUM<NT8BXtalpE
z4~Y&{czHbUs`O?o>8N1p!}%4H^Foz8CO1UYoflE^!8?I92Sc=30iV3+Mm0RYZnEQ#
zKcesC30-$R*I(&VfVpSB`K`z%D0jKP%C8t=D`i&Fn%yzX^MmVvX`T^oNr!3`I8wFP
zAP8pvoUyIiPeN5<_W$}M&s)5lcY`-Z!<ydkO1{HFvlXz64C~q#M`c_y(E1ih%_%<f
z!+On^olYycXGpd<a1`!K3y>!nbDGu!p^90SpjVu)OS^r-4RBj8Ir%rSy65O$4vVZn
z|FawR+_v0zB~RcUdW?`z?@f!Jh~^m=I6oNBR&f0GeZSU$!^b@}jGVd+ai+zWlma&j
zG0lwCJ}VzvB`4}N^p)F&ujj3X@?Kgh`2F}x3+?1Hf?8+7oFS^Kuy(Qz92YpTXT|><
zjO_e<2=+KbmQsGE$*X7i+^Q?ln44F5zSnGwg{yd}wK-|8JDNa^K`eu+WwP2x_NU>1
zc~#84?Dz+dIIi(mWGgxkPC?Hg8jnYuzFM38`(xQUgq!)IOCEaaI9%+CcbMj>s$3rq
z*ye#>I39^ND{ar#e;Y1S@pty85~qPlXxl{I(C$oL!6wXu!>Ey%PF7tv$J~3@nXYwt
zd9rO8`WpFk6kj>F^gkAe^RAW8kQesL)Z%#KWg?N-^yT^C_v4LGl^Wf}cH}kWIU_5p
z5fdW;;CLqv&DzK`&9yjAC@pSRZpr>MhHgz|43x599%dzui`dDoXO!`Vh-K{CfVuMQ
zMGxQul7G~4%C6}A`-V<N8$~n{zUMq^_ww?R5$nl@h^Q&Lb?d~-cs(@&VO0=a7i$h8
zLXQif^WnrdlVJw2EB%r4detA_<+*Gqjs$jRqg&SB-5&f{8hIwD;6I<7vKb?KZhN+v
zya|hQSdp0e7_}d#;xniFr2XSG?Xg&NCfn>sB@c7?@6`e8&Rvc3DH_lBY_7tKqrcR}
zN-lV3>+z4j|I%AaMKIK?mcKk2Xxu)=Ux`xU6%3TLV`{_CIEaMv%eJ5K)J@;c34S7^
zA_L*7kHJ2BH_8-C${VpxvMR$bITBhY8+%@qN_VGh@zphJHx@a0-Dft7OLgDW1g$$I
z^~Nt(&Xed+y@@<k>2iGV)orb?^;kR#p74^MvlS7UhZGu?hnIdMzwQk$?eo;Bx!_3_
z+eKik+q$dc=)>G(gXg_%qLzw%ObNBoYMk}<=4ue)4zk9j+a5FOw(2KmG&x$tVIe=E
zBn44998nh-)_AmEsbL}u<&ca|=xxdzq@8kTQ$5A8erisWX|&@$p+(DL5bjsuLVE`f
z|60qC<FmeJ>=hRaedaA|2-gmC3*Q(99H$4B#dYD%Ti1aMQ-Zz0jKX5HWI?^NTELoP
z&F$%~NCPXY`FI78>-W!>=+lEX6H;neEVijqP1=kU=vT~KRI*pLygU+}r`x^uKCh~)
zxtAxv3G`M(ZP+C?b=o)S=0pZE-W!vNOGMhYp^OlSzT38Ek@oiXpCadKT;ZBjZ;49Z
zY64xj;FOih>%PuyjJIChc_+234-7BHnAZ{miorfoYlLR$BG%5_m+ZTSm_V;p{|Q)h
zTQ66EMiB=4U{~SmdR#N^n;hg64cZO31X7M18XcK{tR|difaBaTQ3!^rjb~DLe-vr?
zCSqhCGxPyz+#^=>*Se(G*n4qJ6VUg8Rk(ZT*y-=t_tN39Vca5X(3e=m_dI+>GsG5K
zGQcPunaf^Mas3_wobnkL4afpP5oaZy+nFU`7qC9J>LE8*L6^ZaOBgd>N2)kc3017_
zPe6ELVh5L21wY=gMdyV+0!hH`S9s&9wft9SCZH6%m8ni}EYWZI38wiC>#32n9m?uO
zSIIz;O&G*BQ>a+<J`k6TCBY)nWG}Vc-L0Dg^dK2RWG5<(3@gIefIRTjoYd*=Y!=MO
zJkeCaiTVR-T8=gwDRD}K*iHozkR8<dfd@G*3y<&#%{Q#tT$i_&$(K3#WmcfmFky-D
zoAj43;rg>RXKB#LfIF}{CJ<<39Mo9r^Xu5R?K?u;zZS{9+~{z|h#yS|(|iwkuk_u@
zIW_0dl~6(F1#FjiSz6dcX2<4)L#Su#hpT#MB_RbzllLSq-XpnKtQ*QLUK7sLF4~uM
zuY8`w3e4TwT%VtZzFeK{@6Lu_#(ivz64^VQ>a5Gog$BwX_LWGRm2AKolxQEjXIXzb
zRhAC>w`9xR6ED5_hHETyC~C8nMqjUhNi*mEVE?P``*6P<h5<EoQ#T!>TX*fJFwwd$
zZR<|h6?d(oKHYsk0^97un`PQQKRtkw&=&TeO8rQmNFV3ltn8pJi}$Hs;J&e--svYE
zb}y*$z^~iQ)yg~2r4=Q-ip}pm*uJ?+r|rk*g31G#OBo~*Sjl%Gg?iuXx$tma@QlgX
zuWyj2kX9w!T-5n0zvaQA3ZMD8zUI4}cqup`=c<SRGPp=f1l5x*p+n3h-&odFqrl3W
zAy2yrpC6h;0+y`zOo4e!_{O&gFGu$7SlNN7Lwb!MTi(-Hm{q!jri!=jm-Z_z^=l)!
z3?Nz$Dj;YV+!A^z6p&IJm)mE<KF_5eO+mTJdgyCSK<K9P9|n<?=~DbLk-StHh6yfn
z{s0OL+o{kpoJ=LKt}^5c=+3N86PC0Q)h7xp?`?(9S7ykcJ+$7V7QEH3ORrRMO0HUJ
zmITM93e>u(uf5ZeS;Y3DMoMDVGU<;;TsFaP3KH_o%e%6dy1k0$MPnB)MBNyhlw|v8
zBo7ZhHLE<Z*bQE;-?6ZtX2#Hy|GNH7HDGP_Qm`69#KLUIY;lC?z>54GlVE?1<1$D>
z#6;H|&)_H^BuV+U`ue5rDC%kUG~z-hTH;xmdYMT9*se8$*^VxEnXIj@rC9G93}kbR
zcv~-ydoxZtZc|2@Afm?)Z_G&2MEfQ!`faZ9N=KDySJreb!CO%u;^xsgHNAnJH4Ou$
zkM(Q%GR0Q<U&lus*_1d=LmrtY5?F?;d#4KGy`{&!u4Tl!T<tq=`7<(-{JdO{re)3_
zO9`yo7@T?6T-`!(bnnRGaLVo^fo}VJNubNGk^X{qMpkl-RdO0Jkrn{hbNAAjcn_)<
zr8>DpP1{VZZ{#530;yf#=EMz*`-uGFk~z}>8yD0VHu8HFLL##%po{@c3>XzCQCfB>
z4t-7Nn!Wy~NA+*2^vW7ggZJ=gZ2FyuC2ao9wz|0Y=$>9?Ozwvz9eU$B6<M%~m1590
z=>_XhoJW`TWhSh#*mL>;;HdQRvX1Rk>N7X!bgo;Dz)(HB)Hw-4yl+k?o}e^GAU#9%
zZf38FI5lX2YU^0@#6HVq>@gwDMhSi)6<lC9c*MG<905`>Ouxoh&YWEJAUZtk+WfxV
zTS}UMwq;V@a;^Vmw0vVWT!kcT9pOMR=Sqx^Lh904pc~}4pplZEiFm7IczZ?UqUwj<
zE=^rxss~E8VdN!sw>3e28wRC@%{?_qg@2Y--CLKsFz$8iG0Gd`-QJl>Wt>^q1Fs+R
zzQ6oYy~WT;9j^B^7yDQ>8gs?^=6i4~i09MerjwZF2O&<q`KB@pY1>)sN4wDH<_Ah$
zipP=qR^%d}6x@KdP_*=tgm3s>vGXY80O#aC!b#VBc;;QcUm;W9^`3^r1Y)m1Sc)-9
zws?*2ujjX#&6e{l0Iz)m%HPfUZH=&BixeqDhn}(SU;uew4SQ^;n=<o^Qw9is)w??^
zaBQsX!cI9E)t=oYenj}Nyp``LJI29Z)e|#aAEtl0Ffws18H}oc*b-J)B_}!9ce;OY
z#?18>H)hLmFoOS%J`Xk&W=0y%1x!vRx;T52rzQ@9Ou>%duB<0n<ZvD!jqm%l5=B59
z2BPyk)D%HP>ZBeX&W!~Dspj$O4COY(H5}{hfCpc{&7#yT?p6Fs6rHCJ+2eagTus6a
zc%;4&5brU~Vp>eYXAb@1yBrV1A#NCg#gL(~#RT5Yo<Svw)*R8t@5GJ=;7(iD)Sm1m
zL_9~&s8KU0cPwjyss$TIF4K|&@DMMV%-)N_S008yCgSGVpI*VOjy<fP5R6G<)FnF%
zssv)|nKeIPf|X|f7`W5~HuRey*{xWl^YeCD2AxFN(dXanZ$rr5T>MXdx!XMxvVzD?
znuMDApRkyD?w<ZISJ=1lX?dLf37_@3p{AvY7LP-HJ%rh@`tWTSed>G=T)u50?ctZV
zXXLkFM&I7LDzy}R<azZ#S|tM-QM*z9^maHOF$duQx_q{`&}I5W-!bVsaHsnef}y^0
z)#dR^m~OD*K#7ybc$qo;!GRKaiAfa&2Kzn=toMW^H#^gdt2X3QvxP=uVS-Di4}yy7
z?;R<n%sl4?FJNb&t*YtBN)K9lMpjmqDRlGB(<jyHr^Zx-e{E8<4v;?leUtbCP0HOf
zA+eY68rh#?9fq;}GgnNEq}Z!@QlPH5)YS9DU@~j2lAPW3vawAOxTgR~A7;XJF%u5<
z3%sv5uzugm5bk=VUxD=T11j{sSqsFW$#JkPNu>|sbvF0unP8ErttG&L$1bHCK38;}
zG-b(TJ#h`trgxW`xD`)4BDQo_0i6XnmbcX8s`KD=z*&UH1L4tXB$=5S6~{@lF*=V#
z<GK^Fe&32Yu_T=Lu<iJE<FG$n8q++}SAc=U%8W2!W64(?o><`Ab3)53BVV@|072eF
zz<B9DciT}Eo5?**fLG><8|qrUpRwzDmgAoz)HiE5l9B7j-<ze2lpvhuNS3vz=utK2
ze%W~ThHoKIL#;UweRr5NltjyZjtQw6LW&h!$=*tF$n!ns9{=GBx7Y8OOO|9lort&e
z2Qr(dOJ=Mg(ST{;-ESKtq4^YJm+aR7@w$O%yG5g`Q9t?&`vEBn{z0~8>l3E=Z~kLW
zNQ6d1qe$?L)#Xf9b%%}+;^~)w`RcxGbmelp3Q9r}uZkz5&gxTWe>xtrki~tYsp1WA
zWTU|z|Dx^3{L83;2g+dt_g)`Z)h;1k<lY~_{0_V2JC~*cE+22@TRwSPhn#(KU02ty
zujQ&NX(J8u-fQ;TRYm-Y&y8PZkYXdLqrM45Xg%D^tgLjymV2l#q1*$8bOQ~0)g0sK
z2J|1quz^%ycL{FgYpG#_)+5CTf@P`m(BM@9$w~HJ4G>y_a?1&*ytQ0(LIg4y0cZ8O
z`LEA0x?<DhU<+Uz<bEEzDSqiaA;`aG73Ts{(i$*M4Z0a6tU3cVm4H-Uj#1OILakDq
zl`({KDf`v=&UJxfjiPbic67!Aj6o-HPw-28eO=PobbKY=RD=jo+xC3Ve?%GmvjLU!
z406+#X9&M#iN;+oi|6~>S(c-xp7_NJUy-$z&}}lpy(uGg5vNeRY1!*zzcKWlUa9_+
zM)+(um|a%F`Fz|uME>~w8F}GDw^mJGKYxp3lAOeoo^LjB*F>$9N0|vkU;o=OcO!_8
zmH3e6FoKh4xgPRyt=1?%lLnm&xP#I}stTzLTGH0rRpvLalg-Tkgo~*ck@4D2PB`jQ
z=guoZTfQ~%<Jgw)GkntUAM37Lz9<xGM!7un>4C$W((;pSiSZSdspnfYiwJsD(i@?e
zK7Fck{V{~!JSER~rlS5>#i6Vo`X9$fgWlqeslYkHb2k%*)btI$N8K#{N`J|sR{FRU
zPcTC_z&InINYQPp*=v~=kP60A$=#&o*L_h1Nj$}o8AGLuw8zY)iMC#G@4G5<v;D=;
zKItcSS^0NUS-K-b=PfXV)oWtGMGw?QGKU*+%$<&Ho)LM(NO^g4J7GoTGGk)`jBy{9
zN6>!=db(&M+r`^8sU-MPDeo_f(pPPMpb77h^3>Cdz)0wsXiDP9o%aF&AR|y>9LOBr
zAjiC<C0_s{*ucJZkHeq`q>V^R4<eeM8t8TPmI1K_B~fEp?a%8qSat|urnJ}0@M;lV
zRQ6Nm+I`e=_@2lx(Z<4RL4g#?S<DST_s$XC`ux&|U!J9{^LP2Un0xeRP<|Y*CsLLz
zo)h9u-Qx`&F?vuA7c{B#c5;wB$FxU*46WJ&6c~XLZe$*t;VQp~;L4Wm|8AT)fPC<Q
zPQk6Lth$~fR*&W#p2_+UM)&V12pcW`=uJg{V=-&#VM`oYVJn|&@OZrGNZ!ksiXa{F
zk#Iigd){+{K-(XizV#NL9r->A@1?1!>CT*pXDLm;IXWdaQor&?ejqPL6&;@AM+LAj
zrc!zAN!TqnxIoWa)?ddXgj9O7bHhlI$-ZN+pRGrMT@aW)6YPlUnot(`7PuU2-0XAq
zduyMTC;U_=ZkyzE6t%+{>sKBrI>T-DW#Z9p2|^WDz<AS%UKXdRLTA@g=4czXIqv`M
z9F)&kK`Ul^j?Ds_p9pdp%rll%gy^}#JunCd2M4s1%A>DG`fd?R_Ilv1s)Al_Y(E5-
zhk8Lrbld<D6X!SXG!|{YV0ENy=_bf!PN6b8z1?=Y_DoqpI8VR0zKgoViIwt_u3IG*
zT#=;?$01Z1YFS=hLqr@d?+ZRGj=xwWJwVs?B)(vJ!92#r3@_IzD(zBIbDbMb?(IzR
zazDD9tucUpR8Y;uT(WZVbYAr8O+hBj?@&IOV~CHyHj5<{1&`|UFEocY5B7Ew-z1hQ
zz>Qh2=S7Bst>1qg-62Scum<ZV>_^xu$jh;|cWwEF%`{2N+Leb!s|6+d)|~_xDub9q
zE#b}Qq(qX^o25pIJlm~>iF!p7V#-;~YBG=s&Bk`atgJoIf}xr|E+$*?1VPJ2ew<e^
zW%aHtE;58W+$X+F(v`om!siWf>C69t7R`rNAp6<Wd8rj%NVzAir`2MM>^svQ&kdFb
z<=RX;(th`E>gR2pJ_-JEn!N{2b%Fn$>Hl#s<99s;Jj<)`|9sIf&#ES<31}I&VPjo;
zr8iUvVy7bV`!hJEy|)fx{skAOIOd$^`u!>!Th5XFUH?4`d2{aE|2Hqba&CkyOy|nY
zehNeFLG(Y56b2~2x-+{u&#crL%+5y1Gq-;1aQF980RKfIZ3cPQc!qJ|*BjVEuEj<g
zm~c%?aCNdxjWurz-RAoL1MHsmF7aI)%K$Fhd1|QA=O-S0P+bRr9%at}{m-}^a;66x
zboBRC=iGVoema4aJfH3{?F!(sj*QS&(9|76Hi!B*yfRk|+Z0@eXQA5e8w;b4S!)cy
zBA5$x-0%OoprufLyyE^IZjH=Hl()M-zDXsW5W0Nq8Z`we)LrFU{UCIe-p5j%;7@+e
zwM-+g>vUty9W7#^#F1>FHo*1X0pQ{$_M&OEKN0fVa6%k1t|z=8uXieWmW2@Zmw0PV
zrU@GE%h|)D_aNvm8tifgN&w*Dyae=SEbK9hY(#g~1XoFD%NV2EkxCF>4WHU!0XR#3
zx>nRCtfgvuZ2%lQ^2xR(Py#tx`_k|E;!hYxS4lkNKYLA$l*lrjxM~PKpnt|9t;w1F
z@MYZ(>iQK)KRa^x{7Zhz1#A{i#xM~Xk7=IjOb>$)TXPK319NSK0~a(f4kFfi?&wl=
zV;gDy9QJ1p>GKlE=?gfo->s<Ah5Qe9bh6YZJU2pCHWtVCFk{8z9J;-|y%o&!6q2ae
z5E%Bn?Cb<y?GO`f88lZ;3zV>#Y)#Oc;}RSTu<1;@jipBjt5OR(<tk{@V#q?_B|kXM
zJw?7)B<dx+$DX?}QV7{<j5Krqy{#!!uL^;#1BZ^?m8n{&&A{VjOi6*|n8Z{zYb7N8
zPeo9yGmo#hR(W3eoIa5DAhs|~wJ)Q7EkiydjQ?WZ>V4hV#91S*{yj7s`xeM_QSdIO
zhYfGfXct&kZ^8VUw_jgQUcl;p_W_JbZ~y09_WT`T>U(s<@%eHtK?MR*`oAuaqUyB?
z&Y%Q)-X(gCqf74WgRauBS=G3C3;J`|7qVfV5filB?GGQ>JVHrPw-skynL%Eg<Gg-+
zcCvZ>@4qg*2k0o;?7Di3qXj+RYM+Hlas%$@!mwMT5SX$F?@~TYaaE*Yf=PmnvS+JS
zx^%#lAbib^Kc?AUPkQ=60d9`p>@uHoL4ZMRfX+ISTAk)MTJ1Q{;92lZS)gmPfkKLL
znNTw~W_GB4ko6UDw!x(Du{@J{E!|5P9p7E#tL4Nsru}PzN6CClAT4jp-ohfFvpQv&
zs~}-5VJ+zq-QMqfoUF=yslIhnJUw%nxav8~e6b$ajw9CE&}~oHEIYnpCB~a$KzjU}
z!zIX5mg5AuE<#+y8TkgX_PYU>nrb&eE(Asv05%Ra$1mmC{EjyIlt^Q2YP^h_rXyeq
zjj>LG4FI|q|3l%?*H@PYS`!t?vP}ResI-T#T%u=k0iJSWxTE8Hsl&|oFVAJv5CbnY
zQK;&XG2h}<ub?}u@MRv1i<6U+0kfA`Uuz?Y^Qv{a_JY}@MdNYdr&&##1n!heS&^!m
z{FPlgiAQMJLKor+TFw3(jJLpSoL*EtHPSe$Y7KXH8mC7i3j-T4T(KTfG67tBc&$$H
z6LRv<<D`w`ZkmjFGE#robN*|s7c6LT@tTQJR;;F&Ofc6dsDn9SW|{wpWb7%7kcyJv
z7E&1r8biIXwZX(*8>L+y4vVW_*P=$p1*0I;B?1yr8z5-~4(AOP`5`cd#4>7cWOGS`
z6FfRgUgC=q<ZSQFEV&kvvyK+nQUPpM_8%|EXyHv4;}0M`U*iQ!Mq=7xZ<3D_Wf^sA
z*&1YCklKhxS9G$)jMAg4Mf-5^;f%|Hb6AvvWvboKsE3*AE|02wUvaZ*uyQHk8&sxz
z?T-dgN75lefxA`MeJf3Pz5>o~JVG&0LX$X>rI$GAu*jG8B$cc(U)6*DkXyvp+l-WE
z$hLOB=6<r&Do@_P>f*{@pSsK!>yl(eqPDAe&$`lMpa3|9ro5AZbzg}uET21Ng~nrC
z&nSD^7w_Z_RQ5YF*Gg*`0M$i&xr~@5GKQ-w1^K&*?I4PKu!mrx7rmDW>y48(3zX1V
z*O4NX0Nq;_#MU9S0mu6zjT}9<9oTbl3y6JNFa*pfH&#G-QA_@esy_i>y8c0NrUj_$
zZ@`rRUb;EyUH4jTEP}}L5@tG_%*!`SH)1I*+B7g|U%5kne2x0h@MMt~Rd{LcHowIW
zDASC~_h*>uu77HPGeeP0^A0NGo9{MKuDA?WU22S6F1W<f!}E!M1^12GRe)Ad5B*>X
zf{AvTzBq>Y>JUC~>IP)%x@VvEGORuA)7?s0FWG6T{lJ32K#9@)G;&B}@Yvxv%=?R%
zgF-+}16`Rq+wWRcAFr49c7vUEmE-W7|Lk$dTBhB2cCvqNfYIs3S1aZQ%fu@Ez+2?b
zRVm*+^rrq$<XNRL0RI@q(ms@ks6ww%vnLS%yF=L=1IRuAyN(o6nS_VI&fXzQ)NM}>
zt{gL$*5Y$$GN2_RMT(!axwGyf`%fnQy(nSWF3`m+QF0qsG|kd*d1X(U!tquobxQgR
z-ga?&vBGz^%v^KBC~Wvo1291(ApKTMysIGYf}7KW>Z>PfG)|Fjr)^7cmqbpe3~Pyj
zy{QkG;sEUJ$AvHe*M5?W3A-jy;F?r63rceFlQK>yg_RX748Mu8S&y0eFe(>ol|$?^
zs+|z%`f8h4Vi`D(d^J+_W<9+WtxL7jq`A=2-L>;nag3XbON1}YS4kqESCPCJ$c7RK
zF~YeBlK6^GZSclljZJ5$Szab-buFEVa|+a(-B2Deue}jkONPP2Po^P-<7_vo`QofL
z5{|s2^K7=3+}dEaT)xq_aQ5aXO&Z_iwCoWJMKA2Mu5X_jK2Sb){+~U79Rg)khAx~j
z$J-?^zmjWKs|?5|R*&hAFEG<X&B+OMfm7vq$=XzKE$wfC6{!dGMzX}}F$40Xld9@E
zaob*>ntT-bw-?FUa%{W5sE#SHq$*+vuJfwfenI0?tJGpitb659C8<XH5JM~FaW88_
zUT~!@Xy$9s`869kOQDwI+}Yq4ZYdWnFZV5u$x5(4)eUsyLfg@SmD^-awMY#{wby-}
z5IH0;ek0>`fx(ujVEoI_z%PjeIhP1mD{ATMmW#(K>TT1!^px<p7cJL*oE)jNX3hv7
ziSIvgSZSQB^?|m*4aF}-k}pf?9F6Z!38=#po3H3L((iqY4}99OKnh=eaMzb>{IkDU
zt6i0)Z`2PKxJa$5A~N;L?xNkDTAMJI@fqrtFQ#arF)osyL(L8`a$%G?!Evzkj_;Ov
ztw)=W>|Ok-V^H7@^Mx&Do^@F&J#ge#>J(Gk-({h>aSY!>`|Ll5Alr41UB46<iC$|p
zWED+NA*nQMd9rvY`Gtq-e2+)Nf|4I~nZ976kRc?0BRP~{_W^BZo1wvc(+4fDC(nUW
zP_Zm!&)1hKm;1}y(jm5ku60~s3hdiQT+t<WO5ply*(31^?=M5vuw7Nm$;2j#u@xg*
zPOm?==`rZG;G4uz!}o^(Ed){_hxt;Ul=UiGH{o3mg(3>n8m`^SS(#?z05;>)<>)l{
z(d+!ElD(Q+Hwk@wU6zSH>MZHNxA9fvidrm!dL4&dHxb1<fh*=xod!ynuq@{6H3#Yi
z$3K;wXIKC=?QH|<wr&Fp4sj#?N#kNYTiXC&`5xfQ8$n#M5-vK~1|FBKE$?rQBD-$5
z>$1R$Leqy(GWY(78!dAi56mquoSxcdtpkiZW_OE*%2h%NsO}u+XklWrlL6EpfK+?4
z(UXfm5&A4Wm+YgZ;gvVbCeg@132gxU9*3GnsqK^rVm9{m&a!a07c>C{kK_h$%c7kL
zlONQG%R+L1^q_BcwplD#7H8Ok{I7a11*N+1`9Opoas)uelrSFmlaz^z%(Ue31~Ri&
zMs9UbSz6{4c%EpNcV4xW;4Ht|>i*>!yNpn`{EDbf+y?fd-%`_Mltd{SjsDq$N$8L}
z7|fg(WV47zAfr2R1sh7FW<BzEt%E~X(w3)B?wc;G4k+635Ir7;n)ARcV<&6BKN35B
za7Hs$_DWpTv$xhGY@2EKSSKYf6`JPCw_mTzZq~8=V@(t%JNSt8&Iq&5Iz@VpdobtY
zP1&l2XAok+^$on5{!7>xb<(3<iM9c|b9xE@9f~2M_>u1&EwVMUP`&4k6}yaN)cTOm
z(6=8f#}{AvAN}C$$|@rHw&6;LXP^`OhwOlUA#wBOQ?A%F5$UzV=6%<W$58F`WiP%^
za~%$1IRRP7ApH&#rfi`TaOPsrQ+15C8Q-othgx6hkawbBY1o1}#V&xlT6DgT^CYql
z?{ot~=e#4U7L#6cDmFDJ<jsx|)`fpHGYx6n{#o%?KInSs7I`z42PlZ?Q0-4BmN%yP
zh@_;2>lbz~B__E(RD)q+q75MjF4yPO+AY462o;w((P(wky7f}vutTkh9w`tJgypU4
zDDr$A;%UyQZ1tUZ7WC{em%tBbX7~u3!3mr>ag68MGyvpc9L(ILrymVh`~|@G?b&iX
zCOVva^<NqYY~}&4klMx)(LHFSVBeKK5qZuxVZm=#!mixlXPM)yYK9~9%*T~`(BwPF
zdW<wXSDv<sV2ODa1TzQK3yz*b_lL{Io4dajERCUb+_zDKc|u<9qb_(P6&&&dz1h7p
zHNnXqF72A{PFe3Pw5~J9P4*tjG7PtJIY&(lRqiDqy3N0vfj<3est7=o<wWk}y2m|I
zDi0M_^)K@h#osc`4=iFQ5|Ezxgc~n3H>z%o1l0v*D^0{e10^g>#IG3_4*lRvOCP7N
z08L@<7`%h&upOK3?SR}L8E+NjR~#}7kUHkBnAO$Qh&E1|z;PjESX@Ye&Q$otd{LZw
zHfe?9^?|m`oX{tgqQDbs`jW=@6=*#o94S~cn(>LVAZmXv2Oa|OtK_Dw^PQ+O3J_`L
zP7VO@G-gwWPeE>sLeEqj9{4jQ-n+UhG|(l12-`5S+_;1WaTd_2)R02Z<x`}dhqd_Q
zM)@YA(0=%a8)J42)=JaWgv-w>A8s@LZlTv?wqUaU&5xGUH<Ln`<3a(Kk4!vBGQ3bp
zwaov=VAv|2*)&E1;pb)~T(MO#2YLULPw?qOsGqdF!#(ntbgwO0L{lsB>>^fIClcXz
zB<zYaU#TbjzO~cbTJDwCGab_hy4+4RZKi~_{qa>J2A~GW+34^@nW^FGfcHg3>J~bx
z0PUr>l=->NtIvX#Em!-bQPg=XRRA0HbRk@BwoXCMB)nMkpH9-MVnpiIMZ~ts3+gyE
z83=U%{9cN!y;P3t=b{Tz#ax9-)E_=Yo(fi2X}sKLcOgjQy!7XOf!wAF`_4brVpG*x
zC+y)$3V|E0nC2?+KFgIqUsZokJ6C8~X23Lq%5iu$xFqo|k2l&|t)0=!6UWJwDl%q2
zRJ5;M$RHAn&5#S<zkm%l%)?VZ6P_(_2uog(mcU#&JtE-H_Idw^5#Aq>jZ0+yigO+A
zedZoO>-ZuzbPfR3d+et6q+F1RIVwSP?1QPOq0YobLezbsXrmM7@YX6e4aYFeuhhz-
zZY;fmfOrq{tehtXxq~8~+aY`N7qL>P*Cx9drkMK5N;d@P?AhPfX8mPIm&rJ1hgY`(
zmH&iUPu*=Yw&`_n6JYo4a*(2?JaN+WznTKy53&xf=eRV%dCz!;Iw=`m7MDL)dZokB
zud7;^1WU>4t5d{|!AS^AggNM|2x`Ru)0}fF!n&I055*xN1*8yKEjY;L{epvkIge)O
zF+iLp`-wm-2wKep$ND{0f6o3_LDkYd#p5q!g}xG-ZLB2^S~Hl@u?3OX`6~f`++M#O
zpxC$llc#+57)Xr(>&T%yP;E3fe}3Dw65s%~VDHXecm16G%i;(iFRui?;=e&($)wdP
zvIJ2)$hFthuKYuc#QIc1Zm(6DYpNNZmTO&gUattJ;b7llq=z->CVEu>kciJ_h(rjF
z!qamc$HmU^zClij`(|9yXFN~co_;PePcIp81|(%0oIlJ)HjUozJd3@IdM)P5@2!ss
zcc`t`^Vy><B3R)Els4aWDTQeuJNe_#qDCXtl#Y>{X7OY8aJ{B$Zr{Q9Btacc=a>76
z*LZd`{tBd7;E{rH#U|%W*1gS<iuu~eT6GVTwNah3ZiTC9;W9ur-6&3lH*M<nSLbg{
z$=kJEPb@5_xxaayuS_o6in+`>APf9)$Ol{z%J-@Uz;8Hu-{Bui&lE<vCRKullIU%U
z)wdp^UgkND#k;*-a%{Ve+_hf*p6a>-g{a1sdV4GJLUk-KIx5B%<2PkF>sg(fn~quA
z(Oug~bdMk^BAW?&w^yxzDIYB#HXH7^)NGgh29@j~I9yByEqt_CTh$n*druDu`FOo(
zvA;aIF4wF3CMY5gd)p#FK^m4nO;rw5hl_aT)#s$TjF9FI2n6pFJ8fZXOw0bn!}I!p
zTW)#Y!w81#@jH?se;jUExpQyh%LAv+00LFcAc{;hJv#-I8$RPVmq0@}*^gyRYxXG5
zkA*i@US_gAB(d3>aU!*8Y2WiGV>}kzd4DDA!1amxT;vki6iyThEO6hBafsmnR*GmL
zg->uA`vl=s7OeLC!>sV((*do!7;%=Pz3Je)r|mTztIpz#QvL2B+;&|~z#<@z^g;|Z
z)`fC;d@&p9<8VZFa35>y=46LkYOl$?n7hDQJXy;32M0^FkNBX&kV&k{TPvI6XT8lm
zGj0CGwykuW{;fn0&X{%QKw|UaN@7tPwST=>e?}@E_n>$yTd{|EC0zr^^FOz7og@4>
zn*oy)YCFjJnU?J%%+c7_mahsKwec4`tKDO3P@zOjiNk|m0Yd%GmaYu0>s}GS7SWPL
zC4^ySX7uFjP;$@emI3)Hpjb^>E@uLgSfC9X4&Fs!9D=Qlqh40%IqIEBJ8<1HGt{!;
zD_7Aek&5wV@1nZb+=T;^0H6`X-G=Co5r;k~jXI2rM_O@lan1Q62KrMNngFoo^2ywf
zD`{g1@yY!8WWs}H8-O|r%6ogWQRX(lU}>|I7ul(gQG%_nWd|=ULjupUM48iP>loK&
zhbsGI+r(&oI%Tp96_F&ZG7^_WjR_Kuo2v2{ib61ZHWBn0_zTb7Y#jf{z<HE{yT!8a
z-(IR?t6j~lU)R$^O+Jd~B@#aU?Nep`raH9Zev#`yVB_(5nmKHzB$8{9_NNgP3SD67
zwh%4PFRp)kEdmYFo|pnt+-k?EC*rf0jHk?<^i9!$n5%+g<S1<xzUxGgf(Od#TZ&B>
z^Pgm{&iwJlASPUOT!Y1dspIn}iExhJV<t!OKO&#jQ4JCcIy8u;g<2>4@V9i~zzKp6
zx2>C-kUhrj*6gh&NXLcnp(_AxiS7}&?=hxHA3kS*sr9$H)#gddt-cJ;qS^u3+`00U
zVzt$~R76{!``+sM%inHPS=@(oJY*Cza?0vX#6Vc>6I<diuo2s^Q1k$0;A(22i*3>X
zknV<*N3Y&yb>EQgE*ggqy^OSYGdEPJST6I@;c4Ea`$lNg$Bj=**o#V@Q_&FHCGUD(
z;|=UqZPvTCBAdoQi3@?yyKits$vVEmFVW3qfIBBzT-M8`xH`5Gc_(hS`AiLSwcJ|w
zFt>pcNORrMCE>_h^d0VkSo`Y2g0T-^K|sRliP09iKw9&bQ64EXMV$(gA);!6wzps&
zaK2;@^PrO>&y`Ck?~F{v)GqabBraBkB1R-7I8jzp0T+7HwYU{~{eGzQC94KhxcQQ<
z#s-@lQg%)aFvMx)ggWD^kfgXqy-(Sl>n0|>Ob5I8@HyxzpjX=!pbyqvD!$FsVa@SP
zm@Rvf>F`jObGgTeNpUZ2A2)W|L5YpsQ}TIa&9bDfQM+Xzue-52NVW95RZm?Zl|I40
zeq{!UpNb=_qs}Yl6w?FFk1`7P1uEILM|bPrVD{xv{x-Kb^QPi#Ptg(%dfb{n)1Txp
zq#oKMk>TYR-kz73)&;gO47FG*6jTJbi->(}Lh(WNCf&1}qXuH<j{ox=gzS5bVm(Qz
zFvP2@7X1_b6^+o$=)%|2*WO>!b9kVkJ4DA;>ZYS|PLjp5KaSBZHUYkCQP^Lx5nfRK
ztj^fN%dnl4W2jLtaWA)a=tt9gD5fB{35i2C{-I|T#GD9{=>AwL5oNky%xg7v?~!#v
zhBP;Cv2$5u&dF#)xc_pSqF`kL%(8x|!7d$WL{;8|Tw_Z~TX}vD6&fA{n>zeU8mZrQ
z<gO2wTOr{D<t9EaZy9<fb5`@qp6G1@drVa=2@or3gI-XmHt-f~?qWW*vwltocfA4k
zFiz#1wDrr(YZ85XSeW+1Wbz#VKJbBsApz#9qX=LKnt*1u{?~e|gY?f`o0TbuCZL-*
zYT<nm*2Vp4C}gsiJPT-InWCoFSKxHXLP2gfuw5H^0$mZwI|GLDh7x2M#d|^%orc0h
zC><^r@9IbLq7bbCOtpCKC<w>oSjyuoi*@<v;u+Wj%s9Y$0Q_1oSijT!SDT`|-{Ee$
zbiP#$IN`cmnvSG?9xaENjFAX&)H9d-8>cR-e{}DCo~IrDY<Sk`KOj94g$4YpQq5gj
zXs_N~|2=a-ng6Mrx>!CQsls72$(%8+nE}|EsgCoQ{kbB*w1s+o)#gl|bABnSRzwGJ
zTm(G(8{Y3Ao>lel$?n1yOlt}IeT9fNiN>3cLDg5&o1A~G4_gSEo_D(R>_BOOc5u_o
zh~MnDq9!1KY<;}QoJx;+2Q=>GSrrt~v>aLcRbDRGz4Ds$BmX7I4j#Fijst}05(xl5
z)G2*e!hRcoLNB5=R~9`&mL%7Gc=Wt~W87?PjE4Y+&;$gG_kcq2@}4;Pfelsch$?_5
zW&n$g&C9!RI^uYkz<)WweE=ah)%-s=!l@Jg`hI|<dj{Coe~y$t|IdqT|7Q^Zd-&gK
z5h{e#zGUY$7q$p{kB1T!E3W=Fcy+TJ&$nrNOz=m^TQ-dad|w?x@R=PxFzo;EnVcj4
zBDN3aW`?dTt9_VjU`#BzfJYnl-t+QbPRAB<{OSK&r>ckn)FS0U?mi6a1kIBRAdB5;
zs&?&X)eh&}_!pNiR*7P*i2`)6_r4C_4?t`OCQJfL?+1JXhNc8XRJ>aw2D$--qD6vk
zk}`$d)V9C5K0oov?#{OJpyfm){`J2ur+E&L7c`C5g<1G-Z7fFA0cY<4BJv_2&ey&3
z_Vnnpe2awUTSf(zNrAvHl}u6#r)<^thM!=|0ik{WnofhkEG#U>3+>3l#+rVBE?VZH
zDxe6J5sDF3_RQhzY5_Q(!RryvC>-z>0BjsQJ$2;&z71|l-@yCW)cs<X=l_X8>cpH|
zZ~x4=6fbK0sv&ZBi#w~*EuefW5mM%+(_&5U#Wj7nYGbb4SDsrw1F(Ur(}0rd6Tqou
zKrrASZQFiOPC)_WPLwdCi=o{XpVv_KY^D6!GP>Y9isZ#nv}A;HtUk+@A-*DHDDkfi
zO|fVNq>Ys0MtajAWba0~DZQ`2XIoTKJxc@i015vxXHJkBeA1Dk(FBbAyqQrnMVTQ5
zaUu`EjtLCtm!Y!PPC}Y3UV+lZPBHTqmEKGux^nD|<luFy;-PXh-C6rgy(5d@6yu_j
z9o?+nc#{2ZkW-^^|LF-AKmZ)k!V^gLimZ>5SB{f0)vTx<5!=s}l8$5y6#ZkPl(zz1
zXPgWGI?dbF9BHgEYTFW5PS`{nF%ZZ(vpsDOyEcxm=$pbGU$$@Fb=RA#R-nuKhEw)x
zen|;{@dN@~wDT}9CWfin*`&Ai5<PkYJC&93OABM+vXi(7-1oe8X+{-KG@yTQDMtUu
zj5ELsbaCv@vzjLejC<c-R4@t!Mz5TuL?$3KDPYdU!^Xl)x|=zD`khfrWsLhBTi(q`
z3En-!(3jgY*%)V*VFDV+TAtqN$x1(<>W#P6mD6$iyAX72*6i2Urz`+@-VeM<(Vqz*
zWSoxVg7U-9Z1F~n$L#W=$G=K!ln3ty8DB6P3-QE1^gR6*HJM<CK6uM15fIjb<`i%6
zPoP@jr14QxkG}b3vLmHC@ZaYF@@uFnF2+D~f7d5qSmH4t43H5LHmkjnSF*YX|0%Z`
zV<+A=OZcdxFIE0lQn2Y8Ci~BbE0Tc10L^}vcLVnQLG2TgG2VQ-fg_{=^cIvP`2qXT
z1%3rC3;-gEMpv%klLF|t(u&3LD7CqUqHIi1#neN>TS3M4h;B5aWU@lGV(L%DxV;N`
z@x|VNYI*F)^Uk!T!oX?(@^Y5KiQB={_Uta?oq?tRTS%8F7s3IkL6s$UdQ;_7Lp|>V
z^hTG+aUeTG^ZA@jkbMqJK>u)w-_kcV5nx|O(24Doiv(P@IzoV=z}MnaMEe-N2{$@L
zvF4fwxKYipPa{Rr;_3H#qVEq}8rkV`xDgL;&ylJWo{(_)x491mu5@ZS=ZECwnA*MP
zvyUYQ?<|93GlS3*8Sn4Ak3TZ${+8P*csN~?<5d>dBc@E)bho_hd6NkHen7`97)B(S
z!S7JM$3XAz&FD3oJdY{<*je(gx*=s~PgCL?2y9%%BG9)CmcjPMny_P7B?P-NMYqI(
zhn9v;D-SK~bw}zY-{_C1dr~QV9W@baTv0?Iyv?<MGpYLR?so?M{I7l~#M=gSU=Iw9
zsJoOrPKs#*c;xX0pxpJeDI&ebHF#aU4`x2@>nqOjqZdxP*#k40U_;Z~OjX-vo_M1X
zvT`tcw&8OXsra}!gY%g&7NP`0rF5r%&EBe4>f;`-KFx<W8>yJ^gzzHq$|cT2%8KCm
zs^vkG{OOrJJ#a*L=1vw3=+(R8Exb+NvlVQ{@v(;uH1E}g4Uij)x5k-f(aJsV<eF^(
zIgoRe(}05FanpyD@2Ke?JH7wCMtb5?mA;FQj3rHbJiWh#EjyJCO*VK;wrT@kI@9%J
zXN%bs$|Z<qFT!cl0hb32JOQTjoGZ-%N?Dkn$Ix}Ff{tJIc>g2L%-L-mK>iB)!Hl!{
zA~Wu16rDc`)&Q>F1c=6`x{S@;UJ8c6AKWQFc1G@NgrT>!v@N3%Zy-w4Qc7q19xqOM
zBb>52H>5J%i!+mR|8ZAMQHPtb($U`A`60{<2t=_UV3M{$qo#8cAS?!hSPYqma47Ws
zUbZPnxau*f+jp>Z^QEx-leYtR24+eJYF}~=c>`0Nh?8H9<a>ee;XUn}2$1`iT&fmB
z&Emq*4ZT5iI~lREjP9kY_8lotXs#<$2BpsBFWS5%#c=2j&9LKM-Kl^l$#6WQU#G_J
zU#3R218klgE@Ms1jv(|aH^QD?c_qN@e<YnvVjIh=)wVUQ5jVBZayB;)?+#LP6pC1%
zADQo(NC~s6aIQ!$-#iC&1ydY*gH_Mc(x?>*Ieee?V_V{7A>Q-DLsF-mW@csvl{unk
ze3D8iE>i3=pd`KwLp>yWS$7FArudhYB%(Eb$-d`@&o>MKG~~pBCCB=x9A=LISv|G3
zVHHmj%x3l`Vz3tzuG)k`K*kPd_U6kX#)C3>3Bv%HsB(E5+#3YD1IP*HwnT>;+KYhf
z<$U&&S9jc*mT>XRkDW!HDnZX6#<AA%s<RDTNEgp>_d*nS_xZFlFf<OI{8?~JY^iXu
zsoRxq=MFpHm`TudJ_{}O%sm<%MRC0wumA}C?^41(3d>EWQreSLw%@gD+WIZl^H+NG
z)Jdsk$Sdz!*M*i7nxWk4w~5mE<S)Gsu26gW`YO@NY#qEjn`VbSFUGzycrm+v6MsUF
z_*LHb&_PeVm!$N2zvX(l(L3V>8le3=*ZJ5@C@>4;S)c-8Xu)jK<R7qYbfjwHw`v~}
zrncG=?2@M)p4p2TU->D6?BLlqeSE6ACRp-}(uRB!CNL|&efq2HMtRO9N?-&@asE=g
zESK6))fe*KEVMq3N6g~W<JXwxYhJJ70%%D-fj{+V9ehXb(o)sa*yqMZsd<-0xur>x
z%=(@6ZK@N^xMuUZlK;vpoto`p#i25R94V<Id80b%5TB?0*Gh&XJn)Mi%JC2I2B*)-
zz=VT|v!e}O#;V(zYNgjkRasHH3;3Uy=+xgvIQYco5GO0eNUZ^o=DEzS-@hj7%s1G}
z&0?4VBPogPr3L0dpV?WKv{@aAZE|d}^VMYpERNOVYi1Y9(EK8OOIh3Y36VD4)L`FZ
z49GP|_Y7x;SXqIefM-zL@nu^_mU&C~A8`?D*;(~<%akCH6`{2qTKD4UDS`Nxgyi;-
zO<Zq^M_(0TmBL*fXUfdrqGlJZ)@@6YD`<PALCWca8Owk3-_75hhP;~yW~wjMdxVyq
zJOA!S@HSmd@sPFcE_qkHJb2Uxn0YE0E{ck*a5Gj|n)TS@Zg&}Q%)Qdh1jiGbQJX00
zPu$(p8^Hbl0-D^P6N{P}EdXl!bHv^8jag66I^fb4=el#w&~NhCe*{|c0Zb7J2h8J<
zn;6TO-74UHfQ$ys{+{<>NuY$71YC;=^Y~#cKc<YIM3|OgE@;W^X7>aUbQ_Bhpr)aB
zPnyDxof(5(-kJ9r8ypX;0a|cyY?}|Z2SV)ho1O@{60D5hTsJyl*;0#4aqpI6e-*KR
z5DuXge3Dc4X$$W&hPTxq6JjA?4*P-4(VbYkArB7NUaPEr{$NHpY<WDQNo{BBgP`SL
zp=!C)@cx>M+H+PLLdIqSZQ`z&ytr#}?PuhBv*p}D={R>-w3YwLR6?NjtZ)3Dy0)WS
z{FN_YaDe!7Z(1J^Mgpa>ww|7zJHY-l1Z4*RL$q<?zV<{@-e`P5fe*q4WjLVB_qb;b
zKw6y>8ukL-GN-|Ao42DMgV+a%<e4-K5EaU&(!vKffZ*hCtaawPGB=mEu5=6UG42Bu
z%ws~zJxMKTx5KwS>X!F2B@0Cku@v{_YR>>^<psocc}RfcisZLEWagJhoO;nSN{Q~o
ziM8`PpAT@C5jwqr80JHtxj`Vc>x``e399e(tKRLjRWG$~t6ijPkUsr=e(VG%6i}#o
zo^6TRPqB7#06Z)xK6v@Hw-8&(*&}yLKht&`?=D63D_+tOW+ByRUxQnBmY)8INZRd&
zShw<%en7Ru6XWJ2{MTlZ%r_<g$<#YXrgjnpL|K@;4=~lQ`5|lKdzP6L3yR7=m&$Iz
zt6RNL%V|Lsi#7)sg8jJwtl_rYGw*p?eYhsL2EzMf-(AXnqZ7v0EGs+_az1nBiWaYy
z9$ETNi(;A&_A$(P4pPePlUKuW9uzlEVF5m=ze&e-HpZg>y#k+<;rA^<_x)uL9Yr9+
z178o6Nnf(NmWSZV#ukbel3aTXxmA~ELNo9y1)pTUNXk9|s=_7!xEwU0zv-<R4HYzp
z*RJmUQbGfV*Z}CkLVp*Bf*|`3hGj=}hRv(UQ<F4cz<2fM9o^MZui)k3Id-5RxN=Sj
z)0~TPi=gv=+uWw4kg&WNs_xgTvDYZkT%`t9tuuCIA9ivnr9>zGL(hn~wNzBU`-CPl
z{N=Vvo)Mk_9pIzSdXS=5c4tK@SBlmA)22uzyggCN*e!cY^KLlJj&7e&!o}Jy*$M}+
z(Oi!=>vph9)=JbxkEG{l$I>ka3%%e#sezA{R~z*HCRqT3>p#lTHH!ddJg?J#Y28x<
zD>Vitdy&f5VlPQy0&Rs#4(Vf&59!oudsbH<ustb~&^A+c?(xZtZeR+$F8iJh(U$ik
z%;TH%wB+@CjkC@*HjT$I&4+Mx=)d>Wq7YlLG6y26?jhnXF-Y1Z_j7p(0*frD2BaYh
z145HmkCl{$ZazM~ETG^eEUPk|@gA7L*f({vc2$$_p-k4>+K{bsTJqiuqdNGQFHrn0
zAxr{n47u1k1P*4HP3Ku*fT_*{uQ?tKdk$d~>HH=rXz;q(h%PB;HRFi}!f838K+pM8
z1R7zaZ``tEkfN{mI2`Snd}Z-uyivz|7iVJ`%H%ycEl@0YF$foIC%xOu%dapeKUi{F
zv8`=Qq}rXy9Vns5u9$7%A5<JDp@z<`dZ96DqtUUx^K!&%Aapw@?-(&+|5rF)9JXD2
z81oHO?7^o(YQAzj#Q_BZ6o!-vG-)+-+PT8Sx_F4HHRxEngrM;$^x;@q>wnE<FAUzM
zC3>Sgj<S|_D8T$C_HAMQ2-EaA#Bfqz%HuJx?qcZPtq0F$fu&d1$`Yti=;`fMIP`{B
zEF!VMsKfZ_19myw6XLTz=~RK{JD_-qaiN1wo|R2HDV%YA^x+pcyOeYd$1`|wyLEK;
zvtH|(W{3UC!`YPNIKp>3odfd-7^@GR9tT3o?e3ZYgSLV?N<h;Yas5icCqsGq1+7R&
zDfv~&qy~qOJYB}^eNHY2N~=OIq;yL7NWtqvP~DKTdl%MsN4+9;=Q}rx3A+?+&l3VY
z0X>8X3Z?tNw;{VjC8dJ|G1v8l?f%I|7^}O)praGWP720Bw*Fn)8H2k`Mr_cw(D0J&
zP7k^Tw1dM$V#>~swNtHTAIB{ukDJ6k%O6#W9s5?4jz8pwC1wywOF3KO7?q&4<p%gv
zvkv}q$+JXd5vS}gk$Fx$=Spm;m?WR7nhmt6aEwUPtfb&$<A>K6{?qVSxU*aFkW1B0
zF2vR`z_u6ya>BFXYRXEkvgMD%lVkZOv|}1ej*P{P3rvAwCoF2^xX4=j*35A~#gIv{
z`>U)|Hb|_wWvniS%yC*mKPivTO`Hd2R8wmtZwfqy1OSzH(0yxby)i(<(H{}3h0reU
zqc)&3@fl{$<@MQe+jsKf2<-J{@8<74IA{9Bj(sV7T8H(s>T`@X9WZN~ChRnE9zC!D
zEGt`dXo#mIR&DxPl-gPfkRrL`w)MvSG1I~K<aPu44<F|1h!NRd<p9FhytMhdV<OBE
z3;2Nj=4d9QV*11WYU_x>iQsMX@kO8-bv_m;@la`Xrl69r#%wd2EGJ}u6lL7>3r&o|
zOJd+%%>$5<oz{q0HG>p|{Flj+Ik@jMZj2?Zr27iWsO0Eht_f@W$v$N@6!PQ5>wTc&
z8)9mF>V_SZl73h`<FHeMSLroNS&O_YW#;*X{d23b3OK{vnKk1;i2?Ic2c(&vb5eRF
z($B~;=JN75EqM{!EZzt@GGDhKpR!0OcrxcUM6M_RTI&$}<d64&G|sWR1^6W(_b+!1
z3Sl5D&WN~~=q$b}nGb%;`~CQOvFqqfV;xhy$6=r{rz459<H(beC#r+C{naQ{2<P<4
z((bjq(T>y-zpKE+m>W2@?3{~<V6}OhSA4kTohvh1EPz|X=daw<Kqopk6H+qIxtj>W
zLD@t-{KEiWt9nh}w!JR@9M`^S4t;3|=YGi(b{aQrG!$%z@9QStLPU(V1RF*^ZW9~E
zrTu0L5@*$pp(Agw&SIJipI}6dQ`VnqCEK6mkuo&VffGH=9u%)ahq_rL4%AxAQ<)CL
z{q64Vz+C1h*I>0^HE4kP7Yn4f3IlE7+IbP!$=%h0-PwlGRb`v6rr_AcST*vBmC>8R
ze&>mL^kL(K{{M@u^A2lb>)Jlxi5@}0qco{{RHR6;1O%js9gz;wMWiJZ=~5C91XQFP
zr5S{PNGJ5(f}kKEHIUE)(h0qj5cu}sdEWPVuj|VnDiX-do|(PZUhBSpt6)9A-?WU1
z-AmwYopHs_=onfgUV3hNA6IkuByl2K>5%z#Nm|`poutw-wD=@Zwnqc!m!7Z)2|#&1
ztIhd-tGt?Qo@U?!cF;Daf@lqR*H)i`jZ;1f#4MG?CNB5WLPbu)5mDfdYYh92|I<`t
z&b%K}8j~;W4TKo{MO>%YpAglUcBsL`Ru=tGqc)%H%mt~8oY)gLEt{<OBPzkZ^#H8o
z-~CslV`{m^SR9kHUC!w_lVAR}iWb-!zwNtNXr?oN0uS1~h@BmICS{>1rTb8-{6zKz
zT++^3cB0Fy3Hv954?klc?cTH$=yiIY`uK$0{8huX`YYW@Lg{Vz-8D&+X!eD#)HtS6
zi?+E9NqS#c!$6&d>u|D$-&B!ev|jj)5?IyYr;_?VxH?XEPw>3j`YP$S;(Bmom4_)8
z`vCT%A-zzSrJwp(U$DdC44nOl07u5Lra4KY!NFR$d4741@?xf+E1Ns7;BOm*QX7nZ
z3}9h>CE@LaaNJa(UXeH8L#b2qbBljVS&mcnja`S&M#paua4T?<$$0nK-uyDIKYrC#
zy0_^yRxVnvPR#Es>0LEzbyK)Sx~pQpVd&TdZC3nEKm^r2qOd=z^AS_BU_mq=f~rh3
z^{d9<@GxI;U**TR^+kC-EV1Np)4e)n5m_^EjBh<%Q4ej`<`GgdgsWK0l`zoR0l!Px
z=H%gH4QRC9DWj5@+h0v64F)BV9DTjiB5SKE#Rn;<IA{as&~vwV=K8?MCWnChd{ZU2
z9sI2x?RsuAc<Kg(zG};RK$I%5<(A$Y8`7^I7)~3&P&nbvj&2F_-m_+}*Yd7(xYONG
z&{=K%3Pd!KdV0!>Z9nFQgeOx{6f;`8Y-FMHYL5UjSP*K>?1l3hI?%QE25Y?LUJaQR
zrC~LRxGCR8!mn`Uir8p55Cr#n%`4sJ^Y*O6C@gXgKYEqiD_)g+X|VpNnswTt)^CaJ
zJ--sIqSaUgWe^(}u;#q;O4UfJ2V?4lEAMw4J~C+5e65XNn#8Y`eVK2nc`+jVTdv>0
z6I3!3)hFBsMQRM}uP`QmVuur-uC93pv(#WI4{{hlTduWJfa8ca9>&6XZLkqztMB)9
zKyd^cZi>*<e`z|Yz)n<@h7t-Tz8p_V7^?aTIJisBR0}^w9A*=k*D(YhFsGk><w{3M
zY+I+QKsL}<G$m@Pa^X|-k;(7tOJs8T`)44VqZs{HE~&_du-_2WTE7Nj8Xpruvc>6a
zFLzT_O8Vets!<!KJy9_SZ+F~?JQKu_ot#U-QF47Q+z9T*q+6x-#6hBuPB?g?U@-lL
zy46V?{8XdGaU&Md;Ckg`1go+C)tuDbqF{R+>!6HGpfs?L*`EX|**92JJJ-<Tkr#A5
zEW*b^d^TFF`_L58q^L!Ou_?b}>;X%Bnf}83Q^dy*5^_ta8pK*kREqsoo7C6w3;K~G
zEf*YfX&M2Fm@;aT`%D|jd@XZG9TifEjY27NBu2D6-MFf>t`p56ZH1@o56?o?Pi0cl
z=uEO|2v6Xvv7|jTfx5$yy@MD;<hXN8lz7dVUymvcgZXmY0=CILBc2z>Xrjc(?0#ed
zo+$@N4D3xv;rvJHqqlr%EFGpa7CY3Sv_Y7~(ZD9=x~UdV9(kKd6|c*3Z1Sb;@Gl$o
zAKPWwB|<yylEg1r)+9Y4Nez(>vEAr=OrQh47(!c3L9r|!``pwsTIa>FRCvS_s8-<r
z^hBg1Bg|(X(ch4(VV%NLLtH8fcnczuO0`xQ8$aA-Vce5-1#)Yxl>&+wrWk$R;9=_@
z#kXJHV=+M*^DlwKLB;H~ELq;eSEh$OYIrr`UcBKAW$MjN+_SLE*Q4oa(m~ch()c*p
zHz&p|d8)i*Xf>q(bJmGv3{IoIDP*M`F;H|<uScFR%R91EMZo11_IgwHr3phGY9NOd
zB6;ImNq~Es_>Vj;K{u1C(#l+mwVCfd!iqjUK(KgT<C0(Bu;2i;<?s3FiuV#VzeK^p
zVeAx_xa;OxYN$vX3gg>7t#lv~5}j_oSS0=?b)$dyABBw`9d+s~D{WdI=g8Cs#(|*)
zh;aYuDO&-_lqy~c0VPpr$3Nr?56XGs#<yIxQo3}Fn55^w5juU$c@Uw*8L7u`ZRnBR
z;GL4E3vmO)@YoJ<Pv5)(J8OQ`ukx_w*c+Q9$3$N!0B^rRFA4(#QG*Kz%Sz=XiiQWF
zECwr(IlCpdKM+>n1b2ObOM-KQa_r`k2d9t0E}5(yjbD(qP^WgLL?{s+OUvb&8k-tq
z8{#PD53#M@USBs;uaM};^vp~3Pf!<T1qv)h_Q~4=6OG6xSb2HiN-}y1X5_H8=+YiQ
zRKwgTcXDDD&QR*W8JAIICv}=pu{TR-x{C|yTM;d)s+n#b#aps7az=ZEMGKU)TR6iN
zY-~PxuK5E?nVjB2E|4UGVFfj!DqxvY)WmlZ{mKKn5Oe(h890Fornk%knRXVi&wkal
ziY1$wi2M7?v+lsh!FjDeqEt`adSiOGCP-~}C`XXASKKend`I-24JEt7j)gCnBC^f5
zNWd8CM{3Zekb?Rt`u2DuPH962$_)4Z0^8n?)X={+gXlYikR4qemL<R9`vUbFj)^|$
z@>|a<S`4k++bhi72o^=%bVXF523*N34)|e?#s*E=kRFoY_Hst^-b&lCV)RePaCujX
zDaq9ozH8+6b2qS0zrp9NTJ&b&pEzuZ3UQQy+Hwn@qNz%p5dKvgno>Ss@R(pWnc`o%
zC??;OpVNvueygebax|NKnyo@j@v`S&A)Ex_Bhd@21ERvYqfu~!!M{vh+u*r*hLh&%
zyP^!H$6un8cxrZ6TNT}Z?OW=kO)MZQQ#5hY!NI}Sbd^wQl>YwkT$8;0Q)u(R(2_j3
zB8tL5_Tb@i3y0GC6k;Kivn<VAI0{xX_Z^w5xI0jhuai@krlS(%iwfra%#et2EUDEW
zj7MA+%hv?H{7oT!v5F;aVeZ`pC%?fB!vTHvNd0AEZczXsUdG7-RaE+_)NgmC$=ID0
z*B00=QXRv5&uOT<;IamW2zQ#@)9TyI_O4pVu(@Ko0Or~L<ucZU`xl<FpQS6thEwas
z{M&IuWGzTE0;Z4Gy?;wD;rDAb+#fPuYg&JL$N2DX0hu!C)`2bCG#n8yr>=3_4mF#_
zSu8Hu^QC}zls451h9&uh*Ncagbi=_um*z5c44dM1QZscxk$q9g%+V`fW%3kDY&uLv
z)ney6>Lk+4*D+`nqhW*}70m{DLDnrUfevDcPyJ@9YyK4j@BTuo+-65y%8rqwqD-5l
z8~&BoePaXKL*v|?x$)lBC#`QQJVZ5+iJl<Taa0fy!s|;&zalBthU=R_BhSEa_8=2J
zqs{*K#@3Ll>G8*K^PDs0+)29rivYRi*$NltKO$hsyt)9ydpL6_XCE((bH?%@E5fa4
zJ(tImN=geRKkuPSB;yS--Yh@&fx~f@M$4K_-k=<V5tm_>Ga}dX{1R#_$raZjr-*(q
z(M2N;4-gF);H<jAlN{5xCsSPuTuI)T_S*ou$D>W?!$``NwhXSOP)@{z2}gXMv}>!#
z<}7IU0XZ~Be$!B~yy|WTuEo1edajEVGbXx(fz`jqYEp|aLTs_d{)TO~**TZkEUpgj
z<R(D%1%Bgs#Y@4P{AOyVAM(ll+Dlpo=MAl+;7TgTey;n><n|O?C65AO?yNdf?jALk
z8;$HyI^>?uC^6eIU~rIuK#rA`!6+#twfQ1;UFS42dn5ZT3H|aK*kRB4zOlv@ofnUQ
z-QHz<`BRUKv&2{}$Ir4+YaZAG+@)KLJ>?aY{OVuT8AG~gkFerIV#jx45d+>-H9qf*
zb9qf};3nR>jYsLCGr{iVknb<L@V?w4(0vWNVYaUW%%`WNlnJ{V>(VLM-rBII5V-_-
z97b)RU6VkHObS4;BLjo!se`(@n;r8>9+rn8Z6`uXJVQC819SX8Gx>}uj`P&mvG?gM
z=nkgoj(OehV|Vj?#Qf^5cn8-X3Of@YP@)M;^`(NxE$ZOvAW8y;%deE1ZTFh$8Spg>
zPuS1vAE!uZ>@dxxYC71$s&BuvgOMAa_?~q(%o=L&<#feHxhy=epmo)poD%67@cB(<
zbvyo>RnWooiui}~^{A7!#ZytY2St>5mO7Z;?AR(984Skqd^sMNOPntP*e>bP)f6kl
zo-C_1mzv5$m=w;?_BeBQ%&&tg;V(mR53LghggetGrNtanWihctMcsDh`jEC)T&-sQ
zQqE=#b>51T<sO%-$PGxlz}~1B;!w)L$Rr_uGYno3O<abiozG^yM8Y5Resb<}E5elP
zM;6231{~lhP+4IJ73)((@6ui4Q7Oez#9!0hc)xwlBXBmp>!UiSfku(1`!akC=fFO}
z5w^B*R-EWt+Hz~WydSyIY9hk?P4ol~DR3C!E;u9C@AaB^G%tSDN@cp3b`BTpwq2;2
z11Cv@nF(nY{rdiTsVnyxDKP~g51?1~?-CkQ)`Aypp-e^^nC{w4r&Ek@%zq$EVH$eb
zJ%~8bd#5GJ&d!I(q>VlUSWlgdJ0;<N<q8rbiKWb|1FPkng>9sy-R#p-F`8!{m$>0R
z+Q0%sag)ejDB-?%{S^7MsUnWL-s@i!<D(;%`QXJ<u$Pet%j}#`S&eLQM=wnV5;Y2B
zdy(AIlDRH_8iv^q>f4(h$5nXP%_p)%B&!&?M0n`8n(d}P>n<}_lb+u-_#Ij>ysG3U
zohlQ(_Iu)92y--HE$x{0lNtt9Y2{Xvy|#-(<)8f0Uxq*UdL4GMVW40}jy<lo^)NFg
z1YXqT{?j|-Y(K5lyaMcFb_Sbs_MIPGK~D&l&;Dm7W~~59n}p+jl+KU3f8Y75FjgV^
z+O0!Lp^&f*e!#*=3IaYdLe9tMZl;3!RHY9`^cRvFe~UpFf7kdrZvv0miz4fKMkd0+
zh(G&Xv^7#u=jt-?B$WUG3aRXBWN_W@A6tij7)Eu}$Xc())aD53z4}yeGH6eFYwU0w
z8qUa&z=67#ay6OFj=|LMUp1cpdqd?)?R}9$Kzb3kp{ZK96^mchnN{3qCO@im*|T}C
zWOBJreJxUep%dVm@7UZ_=212P?ge4YJhYlHBr&nSPNXaCUEk^29cxaV-duBK)UAiO
z$bg1+9+K^_bzFNGCv~<T@Da=psuVtFf7iB^Pk(=DtA0p$7*t+A06YCfG5wr-io468
zBqa+=xciR#9{@qVbifmiKhG;|e{Zp7%S@?v1BeD&qOpxYWx-CR3F0-=@K)aa4<)f@
zo$;Z%kG#+3UFdG%&ban(oivK^rEO9*P=b7binq-<hDGnA#SEwwZFc-Dx4<JJ1ywhB
z*}v$A&F0=?!=wYdcFP@0^^{7H@+2d=euE!`hCRyQX3vZX7LWUKobz!nS&U8>l(vtH
zmj<{9&+(YUPgp(zlL(@Ay(TBNYPE)&B(Pp}Z?fk-11k5*VbQREB}h2sGd#9R-cq2(
z+YQY46Tn-jHr1X$2~Lpr6oRO|t^SC#(KTQ|9C#tw3Pe5tw$NDs0MSV+-wOa$IGt6&
zd;NK96@XnfQsYNrMqZ2`mm!8a#9XZDOIxz48A`2lgTqpB)!v))vyG{?c~=fYWq1F#
zv<)Z4M<a6i!=S>~>E%1Q+i~LcVbNP`fw$Qn0=UwAcfo-#>HP#)HZ`d0v*YQNrD!^}
zB4qA!L7EndeMobm6xvSPISMcg)aNSP{op6Nj;HGmW@Klp@y{=9fx0Jzt+*J%%I`vO
zZ~%iH=G7hQ00iTUo<Asg_{1CQovLWurVJ>T8$1%9jY+9#<u>Iy5YAj?zD1(bBi_T@
zN$2zCQBVOiY3;hrb3vvq<)9ghd<7|}l0qL!t2g>$^T|0_!=lcg5h`Yw?AYbl>2kq8
zdPDx0+K$_dY(8%opaZPA`yp>=?M~tR{!Y3y+e1%wfctQ?clchL$5?y}e5mcqt-U?m
zvx(7;^M0!z7n=`iqhgl51SPkoE=}4m9wn{}M~gGw4L%*^cF;|({C<9*q;-Q_0YJVo
zKvog;3<BhVFn#D6LvgAg-X#gaM3{T4ijs+4McLxiZFwm)FCbW5{El_G4wk9m>-Np{
ztC{07+lX#s!km~fdF77Xr1-q5F{Ke6??5wwCmI0ZZcMfkvdbIuh@xsld1ZCkW#Wer
zO<cEe?#|6=t3k1)iWb6Z@~$0ztYWTwfa?jkw#qEKa|VJJ0XEfn)>4q)ef)u}$NV`E
z_#eXW)}<GQ^C?aQ5TR1<K`E;PHgM#nEp$FVmVmFqF~_J2D#pK5Y->AY>(qN9PT!C4
zRC1pEvwt3S)L_BNefR+N1F~))mBu?9s#L*LjpLZo`TA@F?qC|$=UE-D0C<V9GBCRa
zbS8Lki09*Oc+5YRL5~Hk6JgjFzmCe3N<7>II)p}MrV#e)`dAXPboQldGfQgaWM8YC
z8=1Uspe;(ZXh%y`8UdVMfmJJKS#A3UPy)M&qcc9bE`%msgD%<3XrlRs?&`1;>MFF$
zdv6z;xHQe=5ULDjKGP3~2Qyy{9<!V?7k?WmaArU{OYdx!#b+b_EG>)HVy8AjVc+h~
z8ZW7c=iJUrazgKbrT}5)dP{_W#6Ts_e6@>0Uyny=ZKK^zSkMj|l29BI&OcRU;$_#i
zQHoI*+tZ6Fm0Y-(JDD>3g7@eWzk(b5!JzN)76TtMF8SO|n+KWh?1c`+wKF%|ItDN6
zhHuJVvFJ~`UnS(cAaq>LW1!)gsZw@V>RGZ4Jk7!V({hm`t#j99M5E;c&Nz4J4RH>T
z8(88p^xbl&W*C!dbaldJZ?2b_!(%sGA~3{6dCy#4G3BgS^m<uR9A0h5o?JT|#_>E%
zWG1W5QB^gNg19yOF5{yU%|{ffgbv$$qic)3K;p$NY9!7#GVeC-^wzrZIeb`h3f>bi
zI%C+RZ3s;DfaJAD6w{CkU(KjS7*Co`pJDzYrgWL#K*csX$RP#q>H_6cFDpYEf?{sy
zuBjAK5Y{>K0DfVeK{UrAIV3<o^d@D(`%l}FyAyzVvv@WRQ9kqavq0tP1>?2iORTJ{
zKy;J-eqyCba4U02Ki8zcZ|JE}Wc#WVl6c9$=Yl<^t6h!l7yJ6#wa)_=OEqv+b_AhV
z5J?w;1i4c5QO)Sk)u*Vgm~)bo<s+4icSvSzb_ZADE}M$#*rASP^ijeN9{}2$=7ok|
z1mc=ImZyzy=T60770Mr_xc-H6q7{ZLe|9keg(0>0e0#z-(ygyX!!nhuW6~|yRfipd
zyVe;)k_PsaC01`E^wVa((RxMK^xeU^>ti;i#cXW`Uawy6J{H;10b0`G$1N)gTC7ke
zjqw!X_Mr^x=szD)mJDu8&}uvG`su8D-WwM9_R<K|F_-!`3d=<u#73ZbM?eTHfoc^m
zD|eosO~-mPvCPKFl_I!1KFJa~+BEB^;qr^mXD?!XyTgtg<L=~M4qrnOg3R8FZf<Ew
z06cyaub5Md<-O@A@H!H(oHw4OqczVMO<OqDZ0O5`?-NrfkV=ey2)jFLcOL)<O}(L7
zb)&NJ_QF0jo)h+Yn!YeGktV2N%g0Km;i(tyuhvab-Ye{HUR8=dujIQyQzs6utj$NP
za-mEA-kD9DSCxS^Hn<~4UUW*{e_zIG?@7BNcc(lz92q4zd6_*o`|J%e%-tO6!8%qc
zSE`lx%k@uEuPk?hu`l?Kh~AD3wf7UTcQ>WwL!O%+Kbv3<{r3R2%NcrKSe^>><qG_D
z$5|5tuPZItQ$ftbcUNRzQDR&K?JBxFQitx^O`l)|f2~Y^j-m-GhCCnEUQ8+OxGl1!
zRomeK{@kq)o>Y9>!KmE&Sn4N}mN!GH(W$Ka$trd%!H5Ki8=ku61pt?(b!u#jx?-wu
z(VlNf0#ZEU@c@Z}ZQ%y`Fk^G}*KY&A6-b?U0d{#*-C#ucV}bKO?|$Oqr&O=CBR#4I
z9jn^Fef#xD5!t}5J|t|wbDJTL&-!QFm`+8!-!%)f_58~})h^@$cRP8Q`;x9KC9X8$
z=_dfv3nP6O2!GoxZQgKPW@vP(Y|H&kt0qlv54dDV6V-Y`-+M;&P7gMiI^?aDcBrTg
zyAjkS;w}x?<nCr#7Yf7;t}I-AT9R}N8zCzjKoLE}!Xwt9&uQ002xYW`7g+`^UR0<n
zTkR@fS-85J_&V@UhE8JQK)%vx&(_kn$CL)PS^T1Q+2a!Fow?5j2XWbUm#Fe5*u0&y
zFBIcuQpM@?cSn3=TQJcQ!Dc3f$`xiwh2&tWe5}}+Px{Dyvy)YTZ7_7*8gD+&_YFPW
zh#$<UScH(2VXj?E=jb&AvMp?9gO<X+xz&L{HVLU?CK{pK#CT+jD7rao2=CCf;{N~F
zZ>8<Og!yY{=2;^Jj8#UXHEaaG#Ku#D^<9Tt2CHGsGS;z6K7ZL}w&FkTT+YE0oa@A5
zRq%e^F2iy4Y<)nqmQ!jTooOcnslA4@W*K99&-6CP_O6B+GPDQi!{P8YfnS;T&3Xfl
ziCo|4vy6ayC8du3BXF1p-psAItuxvhpjEMYj#(gEP)RHQf%;J%g?!z}wt%jIjsO@7
zM&U6*aXr7YU2QN!RyBqG>ZKG6@1pQd$Ez<8U%YCEbD2yvAsMp;i;vp<a?ww0xDl*k
z0>h6F$emm?P*I1gpGM|UJ_})0TLKX`zfb=)(g5jXthdY_bKa3W^oo&CzFR+@uCS+8
zCA6YAjzqdiK&%4oa}OomGhzz0)>56rF2jmJItI;kt6i_u!fQtUEbe2M_ENfwuSRju
zvfOkfHrv!@$N0!SD4#=1bj&*u7BCzX(2b=|I9)tMqnll!`RzJiStj78r(=Y6+kjEf
z6^A6#m?yG?9Ixj^ZaW!cit$Cvi&^G#AQY?ZCokTd{=zA}UUh}E#Puf6Z`<cPnx(IL
z+ezEV>-DNTkju&JsAtDYHQe|zsjy3nrSSB7*pbe(huAIo@Zoe8DR&`sU8kry_caki
z7dumz=Gh(r22CKflFK>Dnsm)u*!t^z1#X??i(vvu;)aFaG_2y!{k+Tell{fpL(a^K
z$dCO8to&Ccw^uhJK<1`n2P8roR)L)7nqoQOP>G59tZ2D)iS8{GIfYMGnb9Kt*4>zE
z?693nGnpX?S+k~&EunC_u=84kkhz&Cs%G4!o#VVC4pA;q$(dKPX*8#57o8n$<1#7v
z<%!qs^O};$*isEsY}I0AtA<ry#ka54u(*w#%PWDXuDuOq1@j~_W;-g3SB9#K4g#Wv
z>UD)=WP%VG*r?ntFyCV1?>p!9WOH=lrEH)v-#bSZ@0WKOi%e9LpSTGR#Zm)_<aZ{F
zlfLtwRwC=3t$X1EOVYd{c*|8SGhks|XjjD#uV0A?__2dNr-qED9e#U&K8%9Bv}54^
zo@{OvfA@$crd)QsI0<)Da3mF$c9Z$}WLAOj0rc65I(}T_3GRsF=McXN%y@}%$~X1D
zg4t$k=?hLYT{+lTeMkUA-_@`(acRDw7+r-Q$mipTYc&YR{k7@NeYjh7XSLgmRCRKI
zR+&N6%%$6*x4XX|FrgAKrR`ju4sU#E@8bXNt%;(TG(uDiajwJfL%ovBf6~8nIBYBY
zWk%7gT{;ScqjK732C5<Mww}VJ{N1j*f)&m`D^W+y@0~*a8UzY(veSXwmP^$yrMEuV
zj6rANxfY9%cb8P`vZqOIZ0QK-WFWKHf0f{VUQ?8*d*(U9+~k9a&&HSk3Bw(?yJrX=
zmfEUBfTVHP&sSf8-q7eULZg)p-Ec^8C}A`90E)@-@h@Fhj5XS%xmF2nygVe*3PG3+
z=pb7YVgZe_U5w;>jZEw<{hq&@z1z~3`=;?O>$D?A<mXnHYd5V+Y7E}0hn9;00I{I%
z0l!@2>B5CeN*?BYwYrYqO_m~8IYuNaR-Lwh)VzA8&m)5K^Tw~;rfcL)@s@ZDQ`v%B
z-eij)IDW7lcQdm{$^nsguE+CQm6v~ipp3<^Gw&uq@a<@cV<+$sWG*^21Wk0pt+F4k
zF8&!{<}LjAp*S~0k7lR{@ZNl`)l_^W9Qb4FZqgY`?>q*z&I*FSt*KVE)Z8sVa$nSO
zNG~DXmXymdY%vMMd~Q$gR6rjfSEh_6UBAM(wsm)AsGMTCr}^i|c)UjH*5!|Pwyb<5
zqd)i2MCR3QEMj$5Q5ql(P5SFlSKtvgk8xjd^I|R<@B7Uv-T6rc_)&pEvZJ@k1Hahy
zcx6f5N!nn11R})v`7WreJAMkSDUYV4ic`4cclnP+0kfRkG1xHswW`@lC5<^h>IV?^
zokQP$4|Z8f7drN4-b_G+mY2gO;ry+&|Ey=5qvn}h2JQ?Z1g93THM8L<PoDBURzS_1
z21OvhDv7};9SNluQiSS{Zc4M~u`Pu+F73A-8S)C6ukJA@V2W`z+Zz<z1)@yH!J9zA
z*W~Wlonk{M%WE0Cif!9X?k(xp$I_G%m4@FtxFG4|+>K1P__;kISh){morP|X#v6~R
z*V1rK(p8dC#65R$_oWGz<pGZ-MY%a*)q4Hq-1)GU1*j&d6EtgtqJM)ItqS;3PdC4M
z(=W67or&n7!8>`osrJRLu%{pUXCK+0emwDc8<(8sVh2hI0EGqDWc?$JkzvL+oUeIr
zMBmRD!6ZdKahN!Q+A_t8;(zPJh#t}w`BFLXOBSbs4hU?MTRR<oBkA3T@+=%k(*Z*M
zx4+6{2W1}db6z00yhV;QvT?IarW)mWs+CMt-dO!{F87$raljf|MV9`&|8<Rt<*mo9
zATxo>%yN_qj2i`+tKmzj5B@~npcpk_hkePXK%U0^n{si1zRUX4G0)ny1Zy&7vn);F
z@zpWJ6?wFsx@5&{Szw0WTqL@xKQxAruHiZUv?{Wb#YK*s&$mvq2A*Px;XHFCnfC8y
zLl|JrEQ)QI>cB1q%y?HsaNg?F{^Lv6Sz+bvXfX-<V>}T%^|9|SM9|%}f$r2XZiA~#
zNWuFV=B?(FvbZxN3goH=*u<B8oBh6p@lr1qlhID$xa|f!RZS^+W%7Ri)Me)0YCZq*
z%M8AM`%S;I8*qz8d^P$VkHIc++&UK64Jn3P#$qMcbndV2W&yRIn=x8@8mMQJ+A0Bp
zb^5IxDC(Z?-$4-2!#64B_B^ljHD$xvdznf^@sjV_Hg8`L-FNbJaIw_XqnPYO&xTEM
z#e^;L53BA3bh~VSyIhjEphHsLG8X9$=u-0aHtjAlaFTJTcfYlxSL@C;V|HR#5K=Iy
z#kPw3IXjFyyYnSrQE2}M`E~0RhvI9a7#SAEK47<XLAY`o&8%$P)lmNwAy5{DNPfIv
zq7d~iuzSp{f`)vQ-NqxGopI!!<nq(=4_J^?z%-yMMr&nO>r%bTbdkAg$x|ZZLNfn6
zVr$;WH&L;H1%=wZuQI6***&?{YuXGZ;fy=Xik{z;-Jq@ki%$7_xmyc^G9RTZ0(jT!
zKkO0hhvIPDy)n8ehV<*9W=6c%Y$ID^8&6$)<hF)HAhi7?4Q0-4@)q?m<QvI%k%{?y
zm!9Ost}>VGT9jm#)V4T6mMp6ZNS)M<P)OIzmQ<F2uJq5U1!^NhGE<ir)-3j6^$V9P
zz7u|)4Q;MV57FyG)W#%Cz>6RRi?Q+}#yYG${o`Phj5RrKw|p~Q;*2f(C~IJyTq2Am
zI^9=g)*<g1@~9ZzLRnj-FaPl3))HOigYRRry*Vf1wZzy}z9T=H)PE?NygpP@AeA@$
zX^@Iec-qj;J*!g@xKSx#;o#;qzF~mM$~4_ydW3C>GXH_;k!HT-ltqsAbsBr$xa#v_
z_Cs?hZ>h}TP4^l%$;p%}L~l{on)xJT63wBh1D$B1xRH&<4ZS^nhmv~KxG6k!SCm|N
z#7%N$guQC3^?SgsN5|~0M=hPjz(e`M@mZOcbcQ4ps?sJ+<O%~$$J`vtr-ZJ~P(k(S
zVS4}mCtudA_hvy-Y=G7z`n7f2nc(#kSB^!7(2YV+vLWy)vD+mfE^s~msZ>q!t6q;9
z<Iix??XNAxt|dU;H8iY$mXaJIfXI21OVehf@bd6rqHR)rH?sTpNg<>gyNR8uJ_4nO
zW|-Sg52dR!bpfRYcuvhm3XQ6nzXazX-)zG!(;W;(^~u8ncS>Hsg&`|+57!YwA3AiQ
z{%-?C)w!mM(o!OQug6JhQVq{_4M*0iKsZrSg~i0^?GIVb8*`l=y8?^im>@dwiycYr
zjaY|3ibgwYW<aq_BzcI+FQ_uwMdziBr!|NRR+tTmO<__fXU>FWrPrmw7Ig!!u|C9f
z(EB5wHM;i;Mb9DPw~nyuJU3>ni(?Albc>Oa66G@cg!8J(l&BH>(<@iV*itsfP@JVU
zexd5#%ce{NzhMn{s?pc7p?@5LtEVzAV*dD{C%~DnpCn_T)Wqy>{6q)-RIjRX$n7|&
zm>Zd)iJiN5m2;K7AE(f&CDoTR-$l3jbx!!QKMV`3{d_~bdS45q4X$&|u^3Hea`CON
zzU-<cYzq2p@4;Y!U4=mL@7GpYJ67;+QGGZiI*H!6WpZKhD9DDnnF0IXR_0t}w(Lm$
zQmqtsbR*{4rHKU3k(JD$dWMQgl{TS)KrMwCF<qThlWt5__}WROC-3wIHykq&l@iII
z3R;)mZSFF2Ot(GD!b-RG0UL#7*k_WxHYpjId*lALf>twnm@!GLd&{>#(rMNypBQHD
zsFSa^MyRyzl4dSP@cI<kO}8gBD{Kwvtdre*R(@gzB+eTsT2iY3$13egr(12zvvut#
zB7w?$B3(<$xV1sK$hNk9I6NKH!-7_GHyTj33j7ywm&64@zpwcl3}?Y*;yUbmQ9W@=
zXSSW&IR@zAvIo&~pa&I;oWXPBJ6O<P=fQiw-H<etxv3(2@LCB~nDx*%A^Tiol>w>I
z4C@qJOnv}12r(l1+!oA67UK+FF9a&6C9Hu}v1ZQE8qwz5Ic&7I(jE%#ibVF(mcMa#
zd>*&T;VK-jPRF}~!dyVN#oDml4zt4Yk5i8E+L?`|z1|&M?^yHj-%x5HZVnARv`NjG
zks}OAR}T`@=<T^JI=jDi7=OHj-7I};t?WTB@z>M~+)-;E<+L-pLz4N>CR;H&6V6LK
z(|-HqwX2}R9Tp*aEHeA_eb|o%>*R(y+ti>EEY1UQ*(-C3GOWGeZd$*`M>y!N)LUGt
zW8*Sf#|RYm!-H2&@H3ltLd`;Wxu}Uyj+b&G@=ovIW((-Q5sWCC;<-7;avi%kye5NR
zneFfel5ZV#ZRBC2(q5bRDQO_pvxwB^8TolQszY`w^mcD`ueT6uWC+~U6&}ss9ziRV
zNN16(>;d{IiUy(Of-4xMaUtLS)C-p+wK|Ci<&dw>j>d}QC+JsQ_t?w;<8^-oQckCa
z29m!EOLL3+Z0!aDTB|2l<zCQYuQqC|dJXW${d4c4?h(=zI$bQ<)M0CHkB*dHptx!z
zf~eEFZ8=TrjQowfgN_^B4#SltmovmFs2FvY$Po2ExCRBE$O<ppv|Y(+zL%g1#%Gf<
zd=iXL&k@Vqq+-NuFg&!<`}pt!vdsz$&v#!9FeFLtfYC5#II2~<QqtU9tk%&X&z+rM
zB0_54Wx=)(smB!xb}g_7qZFfXe%cQZd9A4i@93h(yg>-D0Xhp!l`vGasI|F<u)iyH
z(KT=V{zsj$sC}t1=}gWJ-{JSYTkd@k8)=pJjm&pcthM>AKWWV|=JYvBaAOietf>2<
z6Fo}DkqS{|PLgm{fz2biKIhC&3vOGLib!Lc4>Ke!9H-I=C}!nM_P%3*QCaF3$roQ3
zJ~25saQx6MdP(HVqgF$W8cd8<H~#SjIhk!;A>|U_JXGq9VyfUW_bmWTH_5Md5Jkc2
zul#6(WJh~WBStOQoxyI0GOMbvO5iOFZBZ*RUy4CQP(E7<3-iZ@wLEMp@y{^ho5_K@
z;n=jgrmrq2c7eo^e20c!@FEi4CgH7eZg-b!P7RXUhyx0KLJU)0G&}K%e$lY=XfNiO
zep306N>edUEs$j$t|8$vS2Ev8JrUUYZgSMZb=snBI^VjSsaceZ#f-GSeo-Bx=(m#!
zuwi>V!;@%36;Mac#tn2=9(nsuo{%E=2+gpb5R<+m6kzs!55Vh{XL64NFQxMuWLE@&
zhc*~?;B7#6V|ex%^V+GG91O>hcK}~;;h=iq)h9a(nWPEa*L9UCP&bQNlVWndb>UH@
zOIdWjkmm~p=E>9n5Q`Q!xoe#^+L;y5t7yY2Daisg7Vn{7pE2|Vz1@I7rVdcLdoJk>
zQW}frq9ag^qO-u9xso}rpgH67d8oc4^0<XxB1jiGmIBpGQp(?F!dNE-{hV`V#(Y>}
zw{fDX@FxvvUmEHt)L1m&M;`h<>9Q$nzMPqpFZe6p92o`|XWlFQB0HxYq_SjCW<&d0
zXw=yf0-J4^`iXOz&);{5cCJ9W8IyY_-PVTW<9oERo`V~isL&?#PAHbf&cI+R28yG_
z;fO!7*{rfHgqbr$ULylBo~(iPfXcO%*%B}73gE~=C4sJ5qk8bfumD}4(Mw<U)lDe@
z9WgQnij8Ex)IH<A<|J0>DBk@0o}f@p#v~)gvWGY&O!~Nedsjf11vLq+nr(l8z3OvX
zd0G*qy0<<z0ps^D>U^d2m`%aSZp?t>l+R}q_E&65s?x6{@6CJ<e^F5i3ZpZx!PBPt
zhW5tM>4T64h-tlYr<@?i8b0nQgBrK+qqTP99okjtAR?0U%od0;=*CSbLxZ;gBXfg>
zm$)UeVB!{v^@{0byI<PFdjBXrN<%+7l^fr&m_c56po#DD7-7y(^4({O4R>Eczt^w|
zSOS+~VV5c+c+qEX!3M;xYMGp4z&2^hp#Jq7i_~e@i0&yDz!bj^I({IMG}^XA|GcQ+
zV~xHG?!gUX+u?G~wD5njvD1BE*&1iM$s8QS__(VWp+y3QO6$x}hk>1gR%!1x|GdKs
z*K@Fv_`Vry98TdsoawVZGp4f>)Rr8wrJQkr7F}8^A*x#QE$IsLl6Z9Lq6}<(Z8ABo
z@O8gCbDmd5RH0b0<f$o#10iba+6!PS!$b#eX8W`%n#Yv6OelmY;#cVA^INxM*D0iq
z^aq4)pn_r;;AOPat;v_B9LTM+<X*irph(Kv=gJ!_j3^zYULDzdP?|U4Tffohdv@@=
zhw!n;Jd>4JM?N6KJ?tmu@asEJmpG%qFdMN6I)naN)K8^XhUPjh|8(u^C_a6CMgt|P
z!&?zIRnUMLfTni9O(l8nm@7@EpCsk2XQlhiq!-rj<%Ay1&<TY+puG<mufZaEe$InZ
zF7FYTB!_Rjyr*Nk&~x}csGmBb7S0LckTi+n+?l@8+VH;)uQ7L3GC!p7*$eVq!wn>)
z5})+$)iXF69bYW{oR)<HjTmmIbzvwt2M7AoR^>^D!6;XJw*cw3ie|Ld3n$RAgr9jh
z<$KiapSd4$y)fD>xt+BSw+-9e{Zjukcr6;W<0b2rA?*q>G^Xl+u~d+9j0v~ek+iaH
zy#YFaL;-D%ZjIE7@@Fesp@_p3;z2J-l>=OuYhZ+4tE%qj{S&707^X`Ih)Kp9ZRQ(m
z^bC~*l-q&q22+W?s$tvx>4DsncM?(IU?BsSh?<QS{m>B^oy@e;QUoKrZs2isPTQaB
zSMLh0XS!t>3KDxBvAD#xF8{Nyumc=4%V5U`3Vua~ZD`ynv;6@sQn?$CxXu%(%ZPH*
zmoxG3hHReX?}txm8JckUg86$h^C1N?KV<MRb!T`ZRtEw+nIEH__S(DxyR%Yr7@Uk@
zx#?zfcSsr8v728|;W#O4;Mc~S@rX9(1}Y+KBc3)Nc)p!YXr;5@$H96gPsWo$r!ZO#
zx=~M2?_+Jwnyk%3>6vUyhp`{VPVR=i{?IGbBQk!uD(vf)uh-rj$p*ke4WGjn2*TVq
zC>?p=6s}Mt9o3J!#C}+OvwXvScN=}o{Mq(Mbv&kbl}LpQycHmyvgHa+slvp?dlLDT
z(f>E%_kNm2$DZHug-}X&Nv5Q=&smkWfb0!$dJMX(;JPTloCIH-H&)gC+H_T8-`-{X
z6Vl{F_hEHEyY<;-U>f*^NCm+Q8#=T_8)w;T#0mQeboNrCaZ?oXHjBX_;Pa<9l7ub-
zk3s;;%{kv|#GM(FpV8(Y6R-YokicS&|1vWB^1dX1FjHx$slTHc=5U{K$_U;VwsBQ_
zXEnz~(~BFnpl8OsIG~Wc`pIK<CydcCx~!!}+;=H41Y<(ZGgoL%Z3`<yrQa8y4Q+}*
z{H)5QPe|^Qn^*C^b>eItr$Aw`{i4!J=ETpAQd7Zy7%EEvLF59j^fPnC#2d2v`=`33
z%Ozd_UIQv?yS4{h*G`v%%)|D!fnQPDW&exJ55@kp3ruTZnD?UvDy@P^T#<4I+ro@|
zl&)2`8KRMg>|QSpC}oDuj<sVNq#q!w(XVtDodt82S3Iy_F;lVYZRJO~c69ZPB4v-6
z#RHd3h^|1^ioLEGVq{?PC`&--X5K2XU?3p8XnF50?~>u<ZAP1vNhNPb)CZq|RY#Ip
zYYdPLH^*MILIQ&yn8dFi5NAIo#ZuebZmV=V4p&B7b=F22i;!Rm9gr*r6ufD`4!b#k
z1Tiu-`w{I^w4ALH_)${;5^>{ZegO8flhkRw6Eepp-b{(iWK8;%E#P{dSmQOYpw~)w
z4edTiFq)Xzn!*fmF~!1hMi0R){2&*kE}#@lE~kAtTbHcJXx7?J<NTD$l1Xkte=+BC
zqbKF!8U2gpCN8j#<9nr{4o`QdDm*J!wPe4)e4(CgqF2i%iMrw>HL!Y`Y*4W~vV_WV
z9$vh-@q9dPkrCGBP*a{~D^612pEmXCx*@KkPFsFFreOcJS?%$nksydma~7BUCUh7y
z4d>Dy_ncpjHZYs*w)JyxH!a?O{%$TG)ONvB2RenE2Pp7m9dNoCQUB9f=b>Nzabzf4
zJ;zg;@7|GXexdE^bldD%7p)|h=|TK+I|kucP#l_lkPHM_j7j1LOO`ykR%E9>DQ(z}
z!NCGhSGdmKRdD?Q#9K4=+r}a7Urt_r8)>8w`QQC^l1>>_>>dHxM?!523pY4~JE(i7
z-W{lz7;NSL`1116)Q>S$bxd&W@@KXGZT17$oY42uayNsZjHiUDy*UxOT+JF=Icp-|
zU*M(7!)TZE!Rx74n$xKYk16wQ-AX-;eW{%f9d1q=QZCCjy8_?_&Wfi-jw~-;MgQAe
zCi;#t&&(|-!~LGFw0|*nalc>b5#-GVvaNq#{+pl#KXa?+#@2zQ8(p|zbHBr^hW_47
zCvVStoQgXQr7Q4v|MPx^Goc4+BY%m>pB>@<eR$A2OdAg#xc3Ab>VF;h|NJb2^6lS}
zzRuKY_a{|AEd;%ix_`qvX0D*=@ev;qXnwyAO!FZ0wEL};bUQt#N~PHNk$(S#|7Ia5
zazRaontL*J=zMPazu$K7+cZ5mp97j^8J4gDbsd7>Z&z$P&v-g=YMPcHqRkI|m-Cp9
z;}w*3`4-mY^;_@OnYz3B!|Zpvd)@aiJ~jZVYvfM|Xa{{N9)fB{44<5v@M(~m;f2^u
z2SIPvVE0=NF%xB9fF(e)Y9{>W6na9|EjP+&zt8?{%9G-Nc7V-s;fe$xLDvSTWqW^-
zO_lNnkfaUEIg9~egCa~<=3glpbOOq(g6M4v%LN-)icR~c*>1q)R%`}|lMevM{sj;%
z&=UWr^VPy5)FZLwY{hh(-_+4lLKE}Yex~mhe(ftKv<bwqO5jnwl(jSs*h}TsO}!?b
zeD7E@C1-*Agqk_O^NkMpmY<2f;v{Jvd+=O3rW8++(LQM~sW1oA=-2|(7yb_F7E$i(
zWG{6$5eU%6(G4yS#I{VPFO=4r8aNm{tVmh=tszZPo2C2sjp``74}c!+AC5eiwoMdR
z1&G0syn_sg0JA15uk=s24~|?r7w`4$^<NNzMVn@$AF1=z0GG!w4ea?QMg34V{|-Kt
zqrAi&o?*QP@v%rhz*f`U@dmJ>%SZ&H%LaGW=XzVgJn66@qX4Sr)?Wv~S(X=2gNPoy
zGLH5`QyV06&%wTZm@dm;%$r6GQ3?R5Wi;%ub~%1aFA{)cuyVAj#Rv3b%H=EB2jO|u
zB=a+@_gv;;b-U93Zlj9<I=bn4XAb2VC3H1os@+}Psd83GhAjai8iLoqH#xB&Vn-xN
z4#?-~6c|qWWPDLsUq<};_9i#&=G~~g;5(_0+amJQ{sdRlplq6qj^U$j`EBSdXh>Qa
z)fuWkT>`A}jkap2<7jQ|2+WP6^H^X)R!NRBF5sJy=i*RBZofV3-sEblr03dg{Lu|#
zqpy0#27%q*dwTRVO(e=knPemy2Z4rfHH{&!UA3v(%TSXB%4Y84aqT*kd7$}m=4B}+
zgZ>IYht+2!4FK3OxPmk|D2FOInju955dkJ%1_HWfpOb3$@Y;Zl+cMY!;hz@eX5~cx
zbO4F{rSc8EO^-*+_b76+)Z~BF!VJpMg&_~dRC%@3VG6|*+tuFA4EAhD;P0QKuwN=>
zsJT@#5roBMyscXYm@<=2ZONyN>Q8}sL=M74nm{UXH%l!BU8t{u4AkqvW4tY1rmCR0
z$>}Bx!7&f@pv8W$*wIUp3j;;;M<r!#ppHKDcu=@}gcDLa<j6Yl8-MkhT&ZV~Tz9?7
zex5|F46jUVMBGtY`F2XZ{r;roK3-+|?t#}pId+vo_MHc$tdtOG;wAI#NXYqP`v$vc
zXu$E(4tbJ>LFPJ-$CYqDgGXN=wT9b$ohCezZ|fb=3o|K^W+#q1Aer;katFR1XalW8
zB9T_hi&aaN&Z()rhs#zC`m>c5U*yMH<Gh@Zr|<8F9HkMZq3&`bZXW-cyqNDOEqju{
z&0-0*jV=JjBNKD8P1{(f-@<{px3crbhL(-`c_VT!xQ&1I8<b2TL7$nVU3SDx6Snl?
zT!lJqvP)@AOi-~OzykZ>K5TYsPFqf=eWmu7y2CY^PVx^D2`3QEvfvW92`%u)jet(`
zyjYO2apY5Dv3>+`ov^4)LmBDK_^UY|bNm-WC2MB_x)BZ;5N3MI$=K~e3VDFK;Gi<N
zy#?a>zQIJ@Mnt8&K+Zh0k7{h(V++jv&#bSCy60z8Pu><u8rMqd6<B?I{HRFJAIZG}
zM@dCT3=wmh^omT8nyVc*2)$;S4#zk2_>ZJ=R1<yS4e3)G*KCb9nqoD8-pLfb!Jt_j
zmIk-|*rlqnV2<kP-zy0da1^=6e>j!nodD=IU+6r3hx93ls3&FQwLcojHY7KI55F)F
z!LJi&H+yihcNRF}h)xCCptRl|wjr;N=ir#>UAj;A=yAduJJs}x%Vd27rsxeH4ZK%L
zf|=Q+G&VbAsx4>?;b?M<?x9y(ya2itVE%BFmx~?)n<iIQ=OPNj?}wa0j-huXpQn>K
zBdzzO-BFm?M&v_!S7sgp7HHFvxDYc8xc-jzwV*+3#R@3IO<~x|&@092ip=atGV_bp
z_ZQT7XpO`xT|2YMN$ui8`_Q%*&2DQ3@`1(%kj_{JO`T0YXeWZJ0=>Osxx{!E%%O`J
zp82(S{S&xJ<%&vK9}cnvLg*OYrkqqkpRZa1FGd+<h)%cZ9y&<|`0@EN%OTIAjI?6(
zk{um@ORKz?IgND)6`%a}b{uzs+P2F1a&G0E=+>1?s<9*JPkA!m;i!+SE0B;ln!Gic
z9MC>6>TraRiU0O9RE}njkJDc`uJBmLVHDI88}qunneT`x^D5>S4V;%V%eVkHc)J1c
ztCa-^;~5o;AFFGC8d6m-F?TgzH~Pj!FbxnhXf(kKGV~WW$2Hd)13?8BEcQOD4F>on
zkge>%({q|D+3edr^uGA7R^t;uZ*J*ogQ2DSu(aNVf5Hv!ZyK+s#+tc+XY%B;mlj>E
z@2KKP$qS;LK7cDLlfd~dJd-mIRu7pE8Y@h^CZip5$W0ZMrGLS`;Z8qqEt-m6y)ql`
zR6DC<$Q(E5wAKOIk~s3UaGViP^eyLg8Z2!KQw7|ya1D-*fHAprfRH!o@hqE}Bo!z5
z4Gqc3N&a4pE01lQ<yU&mnDtR0((cdr%38o3#K7#0Rp}MqX{{R!9RhusrFWB!&Zia%
z6>f}5%$sX8VBpB1D+)iZfSwNS<GhaL$$F@Ly;bO18d=t3Q5PUJ%ea)owm2A*W3w`%
zJJf#ihR#Jafxb7ZPONdCw*=o<-y2rC$BC9*^J#gvKcuG^9bb8)8=c2n^n*X|ea;&j
z*vH<~2lp7CAg8E+jNob6wRD}XcxkFE39XZ5l_>Q(i;O0Ex&yPy&~+~OmILljQ$XEs
zTg{-iW0lCgrKO9O5BbUyuG)laq!N~%0-(BGPOSFrX}&#uLAa=^X-}9s=B#RPc|i+&
z7nfb#j)Avoa4dnT)=iReCbfOZcUr!!U7b{Kq<oUD)PQyhnLdxvukD2Yi#tntV7S(u
zHEW^HW(IY2wj0!OI0gI8ag7)#3_qJY@Yf{!CXS2sq;ywC8fWirvcS!(&2lD+w-mP$
zyVw`;b`UHiojZD{ixg(~$rsec_9uwlOF1v{M^h0evQzoAl63J4#U|rGEMB<-lvxr|
z_UrPG@N65#Quc;FN{{;yASM{h8$9BJFYH-z<~%(v!?U<9Jsw5-A$TVXfMO<$){W+p
zFqw%Nlob)TNpRO64~=PwUrn`~{!C6|?g7}sOh+=0*pi%q*try*ADBGyH;)mXcVMzz
z>p_=1q=@8kK9TGlC_xTij&91op(jwu>HOTpi%6x`I81+WFG2Y#&Q$-71{pdTXI{n&
z2+dmP_`n`+Bt1gOQ7n>R&U!3gG{qydU!f@91DV#&MuYZvD9a~CY=<}ev!jySj6Z>`
ztMXmVH_F8b0Woe7Y61tF#j>^}A0QS=@0Ai<=zD}>^jZ+y>Gm3jZSS5Q3+ZrIDOEik
zQ}>ytZ){27_=9XgJ9@iBFoHI>mA+~D)p{^CEqZI&lWG~EK;(Yj%Mt^$g;=DEiR4F7
zVf)FGRltonT)RGKP9w@9_6H;!sm5Ldg;t^RT+ts9zQ$@dKTnEUiis^~H1+N+RQo{c
z|HgpH3PhL~TT3X@K+Ik6i9%&?amV7?RqiPj${c16Gc9_=O=9@bZb+_GO}atf|L|cU
zFe!HbtD6ki7m2&>$Y7t3yX++#_AgBms^aP~CFE4dC5hYPv&wiQywmJ7;c3>3x<$&r
z_6sSDu>v`>jN#PgtEFKAw?xW$bRzZH(CeK|i0F*qV1akD$q5LHCf%xAs|wPc&Y*wy
z)2%1>*`|JlyecU6<(5wr_`;#1dLd2d&jpnPf$;uA(qi!@)2GEY!1HPNeGhj?F5tm8
z;hW!giCO12G#u#n#7@v>6A!&t3;ub@*kR^D5%~qxbQfeC;go<oZNAxnE0eII7S`K>
z7884oQx@+`{NJvtrojTmL)7o~<_P7xDMDMfRE!l~T}5PRu)hmK9zn_-GmHHY(Be7d
z9HO=aGC*OWe{E%7WKIj+;4&436~taL{MBuTQsFW_EUo}esNrea>aJxMV4udH6n}E-
zz7P14aR1H!#5dhE&;7b||M0tPgE@I+P+zIA+iMFJgQ{!_6OCY_Btf!CVCuuAGHe43
z_^=`n_d&ACS<pDD%2|=<I|@95zZ#Pv083bJlm)jv7yn&&WrNU(-lb27+E-@i9V;1D
z<YQxX`)C!u42h<LmG>493QQ;$oBilv3G+UygP+ccus)6$yHk?Rk%RvA=AoD$!@z<2
z0$Ro*Ay;Bpthh1pi}d;dixKc}-Pk63Cdi<sz(X5G;sAHM>IixuePO>xN5j31dCnrK
zcck5>Cqv6Iry41^xvaT9s`=Fe9*sNldd@(jsZ$Oxd)?bY1pz}GhwM3)f=e%GH)Rv(
zz5C<`^`x$1Np3*DcDO4@G0waWUgzySd#LM<<g+aKnEVK9-u1sfqYdUf&4#93;6<^b
z2QiK^<U0Zfs~nrG_(d=~T~b0<26q4U%ie2QE69@MUh_n)6CR+KgX2em+J(M?28Gvy
zH9np$ji+tO-R;RwOZ*NVih}KJ@3{0@EDmc8bKvMpka0@%;f^EfK7HtAfd3hD7lwu0
zFtI|pWE*h<21B-!?#II1AGWa_Y8x<{PWP`O5*`yEvg79H3c&jTO8-jnBA}ZsO~sBw
zi%6&9y0JP+d}*kHu;GdfOxvisVh>M0r<oYNzdiXN>FSKfuPH~Yz#0p;M}LFkQ2yo}
z8Hpo<;0_Xw`2C2jwx08mcT;C@Ga1Zl>1pBL_<0sQhDk+ZPW*Bopqn3Tv|PvkJEg&(
zH|^=O32pQJSI=<+_ZM^+9+kR4p~>G+Zd`gHUf@R4!LB^vPzi8MCGbOrG)-0D;kpB<
zI6<g=cH=DlVC{##g7);lCamdxz<?IL%{U9$a#--yjU9{w;k`V-C03LYd`<2UfU5o%
zT%A3cq-6enm$Xl}Q-ZvKNea+M^d<)bcSZ&~c&{>PHCqxDx7*%u@d6&ceF_a44txjS
z_Rj^3U+7~yna!1GRsR|b{U4k=aEK+fZckiPj6Mdcd~{I5fnK7(Oyyq)>h<P@h+a{p
z=<;<y4Sb)elP(0d<;mE88$W{KXb*?pDF1v^c@;o;0L|_o)8M<k{A_8Yrnx0rjBWzn
zwW$Rnp#T2Vq|dtY-lKIdp;G*ZONNE#`$20nb8w?}ZXRSmUZU*&?Q)%j152u=2XKd}
zdCd3y1L69;mcJhP06nRaAlA1v2T2hq2LmO$!0W(}*5U}6m!Nb(c3!RAEFnFDA`jiy
zzh9<oAh_j7KC=!I0Pia+<&-Yo2Sn%LXW$)43O&Fi^_v0-n4}<aq<kC5fW-RCoUl-0
z<lxhyYxX04XGs{8Q$gxP^RGFjO0cFjL$yI*$1C?@enjy7x61%{m`Fg2s@#tPtn1wU
z8BjKs$;9C{09X~6gPK7parfUb2L~r752CJ?MWA?BKg`M(_w$qNRat;L+l9t(?)hTf
z{@8z?<-pIof+&y-1lay@NE&rztfTh-<cy+*L1N`YLkQc&P%g<wirb@yWHjh^L07GW
z<}dd@08`b!FJU(K)C$nZ^ceuUpdZn+A1d!Kz5>_v?c*vBhgA^RUL>Tct4Z7UMIPgo
z&M7$U1YOeN@#*+~ahdw;!XT1@5===4J+I^B+!4@ygFkF!IoT3@fYd&1aOnFVQGx;8
zC%`F+KAq`IhRkK}sZ?(nkf(|j<OG91OoysuN5b`+27f_^)~PqspD%g|@K-K@b|sou
z(7P{Wa?EN5^blDwXApM}nuRR(7p3zWV9bO%)nFA&?KR#TF5}QVdbv^>`k)7Go=9$J
zD-E*7ooJAjx{ywIdT{#|bHGwK++v{Zg1?)oX#y{+z>T<{i3)?Ttjzm^a)<<|OSFUj
z<$17PC`Lab8SZFJ!u`Rh=<ArDI3@H@7!jxBS4;j+1MAL@ndX++bil+IO0@(nW#6Z&
z#R`Ggtmg|%?lL$MBXuQqApJG&k$U#y1fB!j7PJ?XI*)&|ZQUSdeh)5G)l}v96SsS9
zN=<M(Ql2@v?^1Cv)N^9C7}Jx*k>d{WK>G|z9Ma!vXX#$xJVUB2wg-Z;Oj^+bXmo-U
zEL9RG{6D__J0PknXdlN>gC-a?g`%LKQ3OFCAWhnW#)`1?UQ|TN!XjlsI$|sl0V7R7
zSfol>dR>|gkluS!R(kI&u<UovV)B~z{rx`o4`Sf%-FxpjXU@zs&phMxN9}t#0TQKZ
z>aJC=g-~mkCH(pb4iGwjPdi-N_=}KxrA$9%i)DFy5l|Lfyd!VR5gimjGKbR7JFOFZ
z2Cba$JoLR<YvS@cI~I~AlRzHlpEf{D<Y<xplJ+DRo0`c%I;CsguJmp=JOe0ude48F
zr+Z9d&~&ayb$WX4bGX3%=HPmGi~X(*&>y++R0DLD<Epg;*b9#VOws10uBIlXvrZ2x
zLnARz?ngnRXJu<<<&VSRxK@9j&3N_d?d+-dP({?VB8k1f5HDw0CX{1lRSp}-l6y_&
zbc^1Agd}QzSJnJelEepd>kW02b20_L+szkoO*f8MMa{hw&v$HbeN-FFXNV~g&KHSN
zer?n#*>|y%ec0UGP<UIcfw2x0yY+>7_6iri@%MYhnK7YB*3B@v0zPTB<EU!q;1Vi@
z%o&VTNN%+rNQX(-UO52L_`SEGL=kV0m&>R6a%^1!1($t;&=;xC`Ns5@XA7?s((`zL
zRXvQrIM=2!+wddGRRbV$ZJ3egba=Y4M(I3s{x;0N^Z8w6L=V*nf`yq)0=JBXtjo0K
zVjY)V$=|09az8FlLVIY(mX(xg;gsq$b3|~BG|9eog|coCianb_%Fo(Fs~Z1w;sP=?
zuake=M_mtwIG^!gFxR%roCcv!cQu#<<DS>uvk>VQ=Q3YD4^n!1XRp6uk|HUjpr-C&
zIzKr9{-qMJ8%aF(>)mS>XVFUy#7$qyB{3^Ox$x%z^IGv}P#;z<U+yr3g6<kez5Oif
z6LP~~w+Iv?Rwf-L-N{M0b3GQ)*ijJO?5kY-d+sHpK9Qu}fD<eja7*P9yc0Nq%xm{c
zhniFPkDW>4o~Vd+Wo10Nn_dE@7I1uMmsW#h4x}Z4fh2{xUvfQav$H>_77~P2==Rr+
zlbT5)o0fY)YlRqBa6;C!LZk210;PLkN)L4bGi#R=4wG(-T|CWz2rG4dE#bZB&pBK<
zES=<F+WWh-KjRkkZTiXWrSb_%-rt=*a^OJ((ouXJkM$bTtR|STZ-dy166%wYCv`LD
z8A`NyCPlj<*f-PJ?aHW$T&qZc+3yuD=42g*h{@DL<a~-)Mdg>}zXodOj@$^}W~qLs
zAY#qtjbn45vCKG(BPE1Nk#dAE+6NRKI7mBud5mRC99>U&AZOE+c?+u6tD&#V%<g5X
z(SD=ebhIPuX#Uzi@#x$=t7e{1jjblw{&Ew})3-9Vx7OG3pus=rPxRh$l@dNNrMve2
z0A?vU@oPx{m`RrtMGeUsZT^X<>5RXldRc?)tla8LZy+DwJvP_ur9h*3BhMfy$JFo(
z_|=N3$p`kfKL*Y1Yb_*0DXD?X8~2r~kbdx{4m^YHY-c%Dn)*3)aFwwu`CKJ0)Cl(L
zd5UKM;GNJ4_2Vg7?}FM>(0u2r0;qqqk|oBO_4vi7cPO1E?f^h^q&f5I5j#3u9EH);
za{%hWEzs~tpRCu25JPB}M@nYHU0ZcXG&9xQ9B)aehSWiSuLi2X^u8Vvu&2}*{GcWi
zu<Il<o^2Pv=c)#&3uPCUP}kh`ll!410F<Q$f!46ZZb`f1X-TPQ*sRQ+^;klqrU}Rs
zin%V_!W69gA3odS&jV__l|64cQ+MjVx^9m{%KIT9)^e$sF*SqENc(zol}G)AhiNOz
zjCi49>}e-^1=QKc*r0lDuj^xheL@9&LoM?$J#AkH+9&<STVLjCun9){jFwgUKnjfG
zaeGsN-QX?2-tk4umr#PkdcxW>uQK_1dPlpnf$ol4*z*cUn~ywbxWalzeljhmkNOgY
z<UKoALSn=;%*E8bn<kDMROOe&3LQkf_lkOIQ>xR4Sxf{K)8t0PtlRjdba-0H7deMw
zT++^%7_vS>ewwBu_k5%_+*td$`t7biJr8~Tte+PrCRQ>>U%02YFCv{pBGjHI5D5N4
z_5znv2yD4pb2_c|6@0h|8Pe=$w6)rodHu!q{XYGmc2p=&c~-A%czej~RJpa1)@WQ$
zjSSCnMt@UNQ&*a6A>c3TMfNX6f}DkQcH2Aly6I$qs>E~`RIpp0c5jyG0mX8`K_sI0
zDbKeZg@VQGzwl_XH94sWJtG}mL=DbbY!>^Rg%e+P>Nte_oT6MnnfSYeWnb~s4Jo{y
zdmPuUF`3H#Y@zO@PiIlWFUEuQsfn74O7>hWZu2k{Wvu*Pk2v{jN0vU5V-fVeEuLy`
zYMout4yK#KTLH1inchAWITnb$TiAv9kKW2#jV^(_^m5ZpZ^%4p?f#06!g)TzV|2MK
zK`2!bV7S7)(3V*Yr0j2XrW*^>K0o4ta?orb!*#aZ4}G)<E0%Fg-+v?Sa}~-;V}ASU
zR-HZs%gkXSIf?u!cV|-pB%n|-q6OE{<Z>MRPDA46homtK!-;h``uo0^UjSTr{n(_`
zjTf?Egd+ou(ekqTSvM~%04jeHL;|qFC3Ek-fV|mNwD3B&)31<0-3xaLieBK{NiWu&
z3EHu1ci|E<htV_WFV&b(e}ylK;ZUNR^y#9P(e)OZdA5`<Jfz>9)7|2yp8B1}c%37|
z^yyJ1#c{X^{$e!7CyPn+F))0RhZH>SE<gfCVug$Lb`Q@9)IR~XA)kDdfOvWO^+p84
z<?)$VmMtJ)RoBBXX&>iI?WpqJ!F}ZAHIZt&!1avk+4SiUk0IZ|dB+_wPGCcWqpU9?
z`M|9>z_cQ5`U*w$^KJAUmfLmtpz(w1#el=%b>V0DioQHo-ULsQ$rb>5Q<s^Wj4+Am
z@q>F~gEafuF9o~3--+z-2}LXRw?x&bh{JMsf48!<ybQ(nL8y62HKaM8gKZKj0xT#9
zQ9Mb=aqMuT&+x2)W5dMs1~eViPQfi{T|-_Tgb?IhYZXC~E2OYgZo^6*LHq=C^c;YC
zZbk^v{rV7oAE+i?J$dcLGnqO7ATuC_Y+7MtNgcOiE+^yfVt3@SAwxF;k~a3|!LJB{
z))tBTQ8!c^Tr@Y(l)HPBVQQNsPOV)#%Gv%2Ec`WS=MXW~TSae|J%c`dQN<pow%8XM
zuxH)>>!|yzEdRCF3(?zI#8$rcV8~Hwe8Tql4|D#eRCX0;t=tx02M*_K=j;8@B={PT
z6)6i(8X(=l*mKt7ZZ91-Lpk1m-CZ`w_#H)}A<BU~m@@k@u%p>-%hnu^jUc^jIKYXR
ziaT_pl`X~&(Lib=f}t@2JqHCBe?ES(P>d*Te^bAv#0W&uKX3Qga8gBkWe=kZ;dzXh
zq}{+2@-tJa7`gQSNqhHPMNNTXj*f#f*}v(~_7sfJYpfD#Z)x(~3o-Mn+3u@&-4PH8
zyavxYIijuUT94u=2p+VVtJS?2-vUlhKbNiBE?dxot5%Wf4~C{{?-M9DkTkC#if%;5
zR<WxP?}P8;t`E&W!C$%B+CQ8S(d0l|?&L!{<5ub}kt~}6-~X5kO<|a7&e`d;LoXEo
zy;Wd3j;}MT%Wyvg0r~=T5p+0d--r?SCqL05R(0&jt4vWLjlA~X*=^tqsy@Y5{t~t!
zNgwjHi8Z2=rutP+k{v=qE9!kx58R&a4T$r!jLM}ci;mvN6%pcK4p>f;?>pHkTJx%F
zQKKx+Xf)nD-+$q?W8OF@Tu?^Z^P&@5t!pOrB6vcL)61%qi-et3Y>a#Dcxww%A>@xa
zy+rv8Q1&&XiZYO{k;8Mf>OO<|)6;sulvcJ)FX&M|xCw2Fh#<~=`7ClsD3$){R<qC}
zhZkvfPyVX!dCZWh2&_-K_m_LS_K>aoNyG{0`c&*{V49a{>OL(YWy?CH^=n7=jrY5u
zM~RTxbS=Mhio%Q4scy<byb|e=z)$JdEe|)HUXgpc5LYrG4N<0})e%!O+c-1U_X}wq
z*Zh9S4s|e@$kq(j71HePo^LBn5=g9Ow2R8(i@y8L9|1{~40RZ3#f)tAL*pfEzjug=
z=a*HTPxxZGk%x;-1X-~m_6*3fE`T{&%Tsf%N^NUW4lCTD*twVxS+EYPTG5rZ;eA-P
zY{PqcK@%{I8HxzE+!oP}_6TfM%-xUxb$&U`ienMk$r%}quIUWzeTn@?<nGSh%`hqL
z%LKU+j8q)#p|)pWmSOnJkV92gndQ1TlE7WH5(43u?&6;PhsQ>5HC~t$2s|bmHn%2p
z_CS5k4b&KQW}bpX{V@@yVDU#s5|?c;J*w0vi#Au~Gv*?!2W50V)~KE@!5Ah^KQ%5c
zJgv17!DA|Q1oKkYdMoK#_|OQOW&m{5x_rI}!9f?s{EwH?5>AS~JEnUEk)v%<-4rYG
zuHi{#)l{^(v|6<#Oxs%$mw9c$%cNL;Hwcz4y^-?FIvbSetcMdNT%$&w2&UgLYk$12
z6r4J|96VP+c_#aGz!BL#J?fc2h4t55A_lpy^&Ke;cOC<(`OtspY#_wbQsbkp5a0Wg
z0?SaBo|l0gc9xcRs?@l(G}i#wRIz<WZd+uLr!BS4=pBnnwU(?!jl8<LoL+@$wQsIK
zylcD_CTu)0diyE2Jh{3=W6}G|$DfJk3>o|7Qrx-vTQ&nFMb&d1hIUj5w6xG+{J=Lu
zlK--RwHFl{*Wi9RVT`28Q>}&z-v#Y9Q@O+u>yx}QlI70Bx2D?B(2peI#s0{p{E@`Q
zv!jQl*m3U+sey~}pK`_yCQ6LXGinF3RnHEy5(NSp3{~`C^AZ2y8j;YUuM)u`vRra*
zqVi1r(s*mXG(NvKVzLaiU6AJ3OMWEs-4_k(t!XzzIY{<Yk2~j~GM;iis9&)v;iOpG
zmy78q6<J=P=8kGt8q2nPV6Dl>B8{h9=))LxsjI~Ca$`WdO`gPg((PdX2$Ou<g?%?P
zn>(f)yTlzoM&R>rXOgbqNOt3yhb)H$ZFCHBRbL(JOXMBBv8aX5Iyb6!S#Mz1{lt&c
zFQ^aaN*s(^n+Ae!7u%ZLwaHr4a6N?6DSqLYNBP1vgtOWJMX<3lODnm!oa}{D8~`8k
z7lV7p2hrv2oDtN(uBSJ{d(nQO;~sq+nPR}1l+evBqRe@scC7@SOfD-kY0i9kzE8_Z
zLFc#&#EtmPiPQ|pieAQHAey(fX)(-uq#e12lmc6`a!b1IK>D&=N9Sx~oP^eZ^Hz%J
z;m-Z4wUPU*MneK4rggfXNVM8gZd%J1#OqJzdi4G@YMMtO7zcBNRDh(EQEG<0;|M<w
zvbU<<ipv!$jvR~|1Cwpk#*_J1Wcn5(YFJLQvce7M-_vJ)C3G<DQ_jvHmM5v>7RW#7
zlh&~rY)^bS+H4?WIyrb&XTp`up<bf1FiWD>ww_=}9H8pu^gzWifpRlA!n@xc$id{)
zYbM^bWgx0j15BSdAR9WhRFR=@N*JYAbkwC8dpd$-(J@x@jx*WXRrBEio|#Il0yUm1
zY>2ixxSBkYb~{}_BU#c(Z&#0RV@kyaN=+}J)^%NaM?2Sfh2teg)lUi7F`HD>6t^u3
zgoY4JcB+vakLcRpziIs^bQ&7;pJw*;Fo^VSAA$J)FXb><{=n1lHUx&Ao@ux|Q%Kpr
zdQwvw^<l~YSF=f>lIR@r)tvkJ#_1fF_)*KmeL4@H7EyyX=<#RPd6jHLMoio><;=NP
zX3%rBKmE!KDzs4XBgX^-Dp>R;+4rS=Sa3m~gCEx*Xsy&6>}fALZBo)TT%Y?zu10A?
zdpL7>vUB6?p`z{Eu4y#c`2wUsxEet{+kY<<Qb}}ayX#jSI8{g*sZvR%&O(`8PPQv`
zIILgqtrf$aHct|nE^-`A-2a&ed<>ubm1?Yq05A`)Y`YvyIzt`e$oB(3qK=sxoa@QX
z8adPS<YarR<>^$WSld=maJ|)&YbC69NM<^>m2=mN`@8p98)0rKS>T>;fIOqKS+gix
ze4aVG;=b{2aQJeJe|HDXOaH1vpl%}@1|*`=E5Ei1oekX9l5)KU9m=ak9Yb7_N3~hp
ze|TeUjzyis;Bnj`5)~#<45P&nLnA1nRj9hW=49U}YG6|Yplxf$J;ofl*;evkK%wQQ
za{GT;#g6r%&QLo&V~<)%zh+-3ab0{4uR;n}sjpPIzP?_`2@UlCFk^II4U}Jb5oyQz
zMytH3C&{-2y6;&|J?i3DOq;&o`XumB$AEw2q$JC8fsbi4P+1D9tVtTF+EK63cwWgq
zYb5tPxJ7fxn{86r0m(<9HJ)>w$FOmY>v+VIVF{kp@zXs8=}L7GqXA(L%q?7Hz%h%2
z$Zr{E9{k*!xk_8ICu~}?mFzv_phW%O?V`+>j`&5qY2q?DMthr@nu_aayJFKP)caiJ
zKs03=8BB8TP*>(;B0o0u9Do1Cg<IhimGqW4=Ljhn)dVxvlw*S0oUuEaDp2oX$V=3y
z(!}@=lB5Ec%oCLCj#nf80Psd*<QWXq@~yzY|E49}A#H1HYblX@qph#f*rh)t&9I=M
z5#<8hC(gS8!=Pe&%5PIDEzj^pIX(aS8(5t&g23^JnL<4rBgS+vEf?$WqDfyp_xU~T
zFmnB}{sp%G$pD--Cbumgmj`(J7Wj)-knA~xtS6)fJ#vuLUd(jzfpL)bdH3ztzW#oh
zhh)%l=62m>fPEv|+S*QlqMRy%2|5{80{u|5Krl<ij|YE08jb|0SYu9p%`U+ooAOZR
z<7d>d4b_DMX#~DFojL>bZ7LE@pEkQ(PM=}K1OKEwRNsyQ3+N<>eFPGNl7-;0TtMxw
z$>KP?8w`pdpIg1RoBz*8P_NE(NvA2u-Z;OtMmNPc80wtC{Z>g)q2T)+>n0OYi9sh2
zCvyR@ULsI7Y1#@{EOpyE!!}7Z*cin`K+(Jf3oAX5ku=i8%C}2UJfW-MdLDeJX8`Rf
z*`G_3{xhggP|l#Gsp%Pf@c1EFXB&sv($$mj#u8CHZmA1N9<r$4e?M|a#>tY=(+4fN
z_Lu*JxZ4RA_$tLPhp|CA1FeSt`wxruUU_lDx1$ArM~4p`<4)fduT2=;*h;l~81&4i
z>H6&nvHcW9O^K%m`KhDFJ_VoHxg*Fd_8~^*keBFjNrNKJeU@?I5&V|F9@n|bEGHTk
zuKq?n-Q?2c`{jQ>@jpzpkWhc0>^pKW;Pb$>m>qBL{NkW$ib?G(&@b(7Y{j}@iZ{l+
z1~O7AOx!UWjXk(oFLL)_X~#~cqrXC+vVB+RXE>U)wFpDKT_2&XW&qJ|7eYHMmS$JO
zpCQ){p0@+S@v&^=i$lt*;0ltWfHzoneGBN52MpnAPUTy)-GzH@)68D{^AUjv4EqAF
zdEav2hSmE-SsJV2tQce{7^1e2aLfEq1YT^>WIDXB#iEfJseT-0(_{P7F^&rBL-wo5
zRU!_=gRLT`cQD2Lu3yD3ARw@r`^R~4rW&KH@;J+5`(no6LZ3m(sO{uIA%yV&W!d=a
z4WQdLMT?+0d9NLz(G$?W%=ikRiFtPR!{6kGr;5&`kC@th55@x>AAteRbRj9U+4`6~
zfLw#}tI!jy4^@6awy$5RY~DW;;(x`})`KmAWt%tueN1>WAOC<Xk2_@H`m2NZ`k_X^
zLlNAUfqDQ=(*AwZK4l2SsY9Uqp2QGF_fEn@+uRS^-wr=(zBZ^eKW}y!qqkac<7-cM
zeQ*kn{tC=nCv9!*^w`)~6)<BuddNIjyp&&6|G51XM{zK$to;xs^#dr`PbwIgsPYfc
zgr?<s|0Y$LJddD<bU_r!8}Gg=xK;fN2JiF|%m^1ujIYPnx8~0+-xDQm|LzFJOAZEr
ziGLq$W8a+uY+MzBL10GDASKb}ebD>MrIUtQd4c81y#gWA0UVsZ^b~VMPVCF}HJ?d<
zC-Fq}-YBH5$PmwiQe0x*6@#x22-jKwlDuNGRod9d$Vi)(t}X|<oiQ(q#wdG?>*U6_
zuL7<ZV`KT_c<MzHj*)LJFJ=!obAj`;L4m_?jieRCls5nh@rhPn?rwYl<`*5=C@*mG
zB<SjS&E4lIL~Xa^L7-y>awywKGvln_1L$t?Py_2l26{&U<Qt_RO@MJ;f?c%_Qq`Ll
zaGv}F(XY#hjIzGruTxSSKwfU2qYyjLp`a01!tZ;))Y2NFWhwh<BctCwL(CZ3B%p8O
zbk*NFUeFsD50p(j6p-VAICw*daTn;v5&?~Al)*(^UESg;Zuh!Ts8EEaGL*h==j7MZ
z*Ja?gA@@dgAf5(E@>xzUu72=EXkzFsh<R_iocm@%#TX)eYX5_xztu4Y3$5PTM=C#j
zyBPkx4aJi%$>IO_1x4r{w%^V-_+_wv&S*nn4VG^I?UF!eb8((u&qyuf{Ld(50qay(
zTYDJRa!<T|&g}>PhFMHaohaq)1hAVkv@LW&(O+sthFy>~4)@*wE+|j2cx1wYHYhl5
zp{zx$EFd(IAfRCgE^8#%`ABhOS^in4h6m*SGew@@p=sC*Ea@5Wgl>GZ@_t6ELJAVW
zgT|}SzTp#Gr1|9ZU^yo3AJ3a<d-=v{esTpD4Zl3mjt7s>_IW70m!<eC-d-x-z82P~
z$|ra{UR4FqZZw=eGo9swOfLPS><_-V{p|-qKN%+Z)@_)xcnF&n0HUuuqTnIz0gIr?
zao{ZZ%(v@EEDJziVjW~;W&!n6R0HI8=`|Vy7dnyt%eOE4iK@~lT5V9Lu^}24vj2$8
z7o>t0?K%?v?>kzo8a(o!&&&XVg@<-?cmS?$T=A2gDSVIWJkT`RK4LOZlrjc1f-%EC
z_z?Nv7@FvgXp*CU!Qqp}7|9MX1GCG$FPedJV?VgHQqT`AF10ZS;N)M$A1+}B*1f)+
zG9N#nU_IZqw-55-#uqL;hy)I0Dy%9$b|Dtr_IJZi#@8SH)tZ-tFP@y7^t86Iae~+U
z4}Ss92;PMjf&^hgiwI4@e-4FTEu|eJQiHzT&G<R}50P@AU9%LfBdsmhraL=R5}EhO
zK|7yfi}j%YELTh6(j^TddSa*+iH;C1-&{ave?8X8PeuYCcw9N;LZf)~WR9z1nAH^0
zi#AkNdk$cD(93-?37bt>f;dym?8ca1Reut9`A5&2*UB@$WAb@->qy+|*RSVVf7#c}
z#P3)EiGl}cW&;4)TWD|gLe>rp5gy`SbVo58rw-D_%KN$h?~nnt=teq;hc<SJF&wlu
zvGsfU^n?F7@uE;1Y7yN5a4eb(i}nVEcV2Oc-uy!km1J%o+gpU=`jXWu&|ixIWiL!j
zJV^{}eR}9jAGGB?*s=ScQ@`#MPmjoUw70hxX{YKGT?sl#^?1qH-JHgnwqGgim=bii
z^WTm&KN-yEI@7-i5vCfb^<@f|_S!5o1UQ?Sg1RG!{_oB6+BFE1XrK0A?ueAk`66Y2
z&4Vow|886{9>}eAf^cT86<pc8Ls&P+?9M<5)7BYe1DjwCuD(eld^@y9e}zpI517)8
z^a@l3p)69$ie8!9Lth5133efF#=eShUBEDC(k(T1kkkd^FgOi7v3=Zf(*M^;)Q(L|
zSg(SVA=Lwt@UV5iG$cDEZ&XT^{ro>0TVR=&`?v4p<A;UeTF-0`PtQ^u%xS;^S8CCn
z_>w21y(?VaeY=M>C#TMU2sRmr9glb$RK7LkFaOWJiyZMXcl^$#ujA&UQGmKPtE+$R
zNH^vRjVYc&57U)(yzW&70>T)Z6ClmiB0$GcbNJ6vbxHzi@cJ7&F{>iqck*m6at9Q!
zQ8L3x3I7-`(lWfzVMum#B!;yNpv?*y%I^|3q|v6TTAphG76=cyQo6F3>N+nN;ijPf
zu^eNnfch@CLZMY5(7o2<OF{t#?b&nE^`S@f!z!&zFM!eUuwRmvPXfv?w`hH%uOC6-
zyC@ZE`ugKZ!2MX#TvCA%yEW9JEJ6TzWIO~$wk?pl=kEAt-Ui2^sS5loA_VIc03Jt(
ze11Dg)<VWJtWR~0i!e{J-NoD3ED;i9WFdZqO=xw}YOQX@8LE$-O_E_bboTX4A+ISk
zMuhRk#GRL*B0-}S9E5jht706|Xh)%McKN2ED;rB=AT6eFkn~xU?avO!)h?Kq{g8C_
zJpX%48^c^q{C0w57=rS%FtiV0qwtBIuNN%ma6nh{(TF{YBM|Z$Q4Nk4XKRi{UUa^2
zTu9p!J+srJv2XG@uU1e*a6Av5mZyz&=c`<6Boq4X5)E`o5oR(E6*}ih6*(i?TPx%q
zFSKr!K)PsQ$A&oj$G~xEH-!u_eQMjZivjhI$z-`$w_N+Oylcy>c4os;`Q8a@%sbly
z8@khjrUgk2q?hv+)oz;Iw(_ZyMr2A)3<YKC$e==243yCaMfnKMLWXwC3;B!MM4Hj|
zBoB^2dTLn2A;3tmga$zVyC7Ppsi~6K(N)7~c9s-rXB%gqoF~HNt#AAXj>l@UDwjll
z-*K=iQqq=1IcgB!@bYX~uMOc$dORUF-8aJi(;_TNuauem<?tG7GsVfXZo(`x1_fQ6
zMvneO_H*~z)Z;Ev@r{INnb7A321y}UEy*LwqX}+WCcTy^ZY`3xAtWFTbM%%!_uoOf
zUN~`ypkUP!-?5x0VthZB;@2K>VzNH{KEXJhntRc{-`=+AN<FXjRHqL0yO>pA<5+I3
z?JcHKOj+uAysI}nUM__!&WreDI^#_@8v?esnwZ4~kI#CGJOflucnL9gAck2=%l-4b
zczD(#^xi$7+``)lYkjHlWu8ragoIakv&>32)a|`%3AMGs%sVuDY^KRjHw}n5lZ|#q
zyErqeq7DoQbnErRlF8(Hg%2IrUR{NrM@N#5FWH#%CZD#aYH`e4hzb%lj0yx&+b1D+
z^}dBY--|Oue>gBOV-t2(5$T6rWkc@2>D$d)INJsfnK^alo#N1usyMe7oS-<V7;%#a
z<fSGq>zb-@iYY6H6A$u2`X#3}Zfv_aZucRLNy;0Zfr`R+E$kB`8w2jM%T&PgsL7T;
z-d5-MG!c3>k!sYKLNc7Isk!=3z&BS-#eV?$mB`q|jcE6o`PL+&R}VHQ+H<8_azj8e
z#8Bv!_RJn0k4zP+_|{U2cB+SoP)I9avxzGGDQP-(z~e}VVWk+S;wcnCZxr@#B9ddS
z8hJO!OPjY8_8@T}Oo&FAWK1od=|a4z_4<W4Qv=AKE>op>y~klzIu#&KNtC|f{UgKG
z^%?jCwJ-~<5B74bTRq>|9*Yn2-zR8g?87kx6d7k-Q_s9czWdEL`yWqAbB0N)0_#1N
ze$7}hDO}#&`J?&!2II!hK|A!-)pXxl|5fEK8D{LP|1rvCJR$6%QKw3{SOwN`-)gwB
zL5v>d9AC&n9*Xe}HHkciWX2=3!dqU6#*6TDED*1wMXoshR~0qS{x2jvniOW_@E7r9
z0<(~9B$DyP?#+VEhJ(Kt%KMDSgj!x3%00opG>vCTR4zN3UFkF<Y@Jo=Jl)d~GY3H6
zd%o_g#llxxG&^@ATc}uW2^N`s<Yl9-me!i-5V+X;mH%<*ECpvCcJHib`Nc)cB4538
z5EzJaLRNO=w3W=IbM^K0XEou_OI<{ubCSK^?8-|ySFtZ{p+mc@-^$_pq+NP#3-WgV
z=}2HRv9ap>pdp&RPX=*9Vr4zoop1$QZjrVXPuTE_BlTse&wy9jCIU|4*s1>sC9eAC
z#kXfZt0aHfntOkMCVoXp?JvVO`2{M%6YKgL&00bpt+)E;1n|`*=Cz^EYVE+Fd$~=t
zox-S?kt#{Uu34wJV}u*onmY9wA`E^nEGtt;3lZY12sw$|z=W(rOONhXUf0XKzM~u{
zQi_2s2V080sRm!I(l5-RB;M&GE`6Vq#BP509s{*Jx-{`>gI^HBj7=!Db!c{ORM<#s
zOns2STzr9)R8e`N;YrQ)9n0nPjq=r2aTX>+yM&IEo=OeXmcnLh3FzW!z%d&2x5q$6
z$F$7DnzCEf&pU8UN63>sF^&vd2?{eCQlurnIcVmJTYQ8fE5>mJ9EBwkE`dz$K|A`W
zIVAhMQmzxS+p`UR>OJ^&KF3nx*)O(n*KMx#et55XGWni1co&VPU~owk0|YgCt$#co
zXq1U1#brGwa96~zSF&&eBHjtMWzzRkMgYcj;Y$Zot{Z>*x^+m&-T9#oF+bl4s1{gq
zB`6PQv!5<t@4Pafbz#w^pP>7q_M&KpKlyOy@A1{Nm_^2|BT@p2CQLonhi`jJzvg-d
zWWNo$uMZF-cS<_>Xeuu=9l?r*odQ2?LRRj9gyHK889Q@hb!u4-TFa`8)`e5T?7A{v
zsr+Q<$_)K-bFJ{Ov3f;9Rn(fTO;@#1sEDc8+q*3+>()epq!p{-rZQA)!gH{()7<&e
z*vobeL#5k!Oi*EdYx3+^p-frjA0~kNbiFImHF2%Lvi->;VXcMh7LU$pIB%|7JDi?9
z^OjJbCdV?6k`+;7rR2nXk8Mp?KU*ga7q_TpTn(5Ijnx=IMJJbPHSD-5%KLJ!m4ATs
z;nt#koUXZT_Q*km)HI(2-?Y%SA)R}c%sU<B&v)d2ftA`g_8aWQnu<D$oJ74H)hC$q
z*<N?pPrqQfEO^Ii2mX-U-AtlELFY+sY)_>_zGq6E&VCi`{XzvDePYmk0i*pa|4f^P
z;jm8shtZ=3&VT^y^__#XE$QA}QmU<%PKeN<F%Ch)p28MLJFpbxI|(^?><z`GIBJ{a
z+4kmBDXGi3zHd@wC5!+wU+gt7=8`RI579H(PzmaLbgD8>{YXzX=r*jKBB#gdAO9;X
z#=a9Xle8~#W=WGN0UF;n8LDv#{^swMoF}DFA>mR!ZnE)t^!>KC8MWBV5m=0s_xgL|
z!wWAIGC!!6x%i6xtw!uIPA2p8u0i!&@VUhg$S*y^vRq76ewusB%=PPZfN*6Ng^HGK
zM;<;W=QbIhv8pBy!ym^^p#}J#fVuwh&&N@?%dd?vpG(*y`@cmZE+l2eThvDkBb0Kn
zDv;*@Q5sO5tC$rZg}^Xm)gK}JVp5@i|7)1a0K;zGM92zwpk94r$Q3~JC(iS3V2Bjx
zLw+I;^Zv1bOidi%fIa&QHmlCAuCXeAP>ga01q1?Q*6*CLXh6QWGkxv=odN4?2Q{vv
zV-4TNlOI0-@!g;*Xsacx?8|;0ysQr80*5gx^4<C`nO(N)TGjj3+2<!iA5^MvvF+v<
zB)EzZW%dAOGn3FahQtUVs^}X1pSzP{xQEt<N`dZx@mi|jFr9)hc?7f)rtxLe+b%;N
zevq;s`U83Ouy8vcAOOh?Q~EUN7FhiefOUtHwufZ+3E1UpbwHU0tgcQ%T)Yqvt0Gje
z4~x1OVx}VC1vkrY&b{}7{JzhO4#Lii>`|b@*9~p&y^k@BFXx_=?VGFl0Yz<qmcJ%i
zZ(8O>K$qV%(|kY`3oM&|qaOlm>oNiH^u|cY;9kdW{bFZQYI^#L_i7)o0!a6^a{@jN
zAhD)+GT)|q2zm0*sARNwls%6%RvV(ju~f9{nB4u$Om}I5KlK9#@)rfhmj|=Zyh*XK
zz83A%YUj@^uYfWS0K7{OeNb_!dVieK@C>!?W&nQ8;~c@2emVtxP?xn|835q*Tv;Gy
zqTv`jR4&tf(4ivX5s>8S?m$Llo)p`Do<XJkRDwbspBw4ofDmNfb`Cgvb|^_MwE?@Y
z9)OAw28t5DBq5o<>1~?zSR?Lw?u4fQS`7nBasfv~%Hhl9L7`PN3qoOLFO?wAW1k&{
zedLK9kTcSYin?9eZG!_D107?8n%rUeuD$pKR4-R0P7uSOAC8JMQD*BBc?e;`#yE7V
z*<>|70|hY{Qd-)QW*mEK|FYOcEDAt+J^q1V&Oo>(-%9+^u_B=$Dx}4d3Y9XRVHRlo
z)n;@^2E!8*6T+9>syU)y+CVfTL$FQfNN=C}(O3!`OH-nXiVC1U8aDM&%qU>PLlc}W
z4k9<%3rb_W!Uq<p8|8HO)%Fap_C|PrOA^3_azd-$J5~RR*%d$ErioBxigGHOq8+FA
zHtrmg3R}lExYLToOrxy<h-DL17c%iBFp_T1$<qx`nNsY@;dm7#zPwM(LSrRIKosym
zJ;b-fU-9Bbx8I~tIwlJmsU7LBCEB|xi`<AU4xZc@8Pkr-w-Y!XQkEqu^Gc13_@@o4
znpUpDJV-Wg%R&nPQ$QfdNlaaJx7VLcHj3@2fg;a#r4oOWCmj}*D;ccB;;q0GTZ-71
z6dqDiBf%!lG27P3Bcy*NA$i16z0}|=WjSaxTJE83+@cP3ZvtgF^-P>OS$KYJq^4^0
zh~H{z{9@C}bk<_a`o%@Jd&aDnvOEPUWZdgC5I}yijrIX{O(TfvvHt%4XUpHfGn4&%
zn-6pd!5}5Q$sxbc)G(pHk|Rt67lY<FZ4@awUkW%p&#<G4c$UKY@H18N^v%VsVH1B*
zA?Q4%I_-J&?Ny=9Q5HpOPnEn<X4*|RFO;<?FI&mjt<6a>s5&jqPqG;3DG0bhxtXeb
zds=gcT3q(H9*UZYy)U|D1^_|!Y?5$Qa7#>&zMRJ+v8jQ=A{ve>E-ZFAJc}mS-BlsO
zCvmtnpR-DjIR294^&Gl%ysn}@LbNzyij7QJO}giJU*5Gvt9u$z_b0RoCcrWZ%2$?M
z{UW+Vx0Wq9S6omA`JK)Ah4%2V!_(w0vJ8hYN4u-on=<67(t2DiJ=<@%4=sv0%Vpti
zRyz&9;7us{!=Kh8KxA4nPV#mamhhaHmDOO__;x#QZ!)z^H~oNP#qzv2OC)S}?~NQC
zVa6^(Mr6~0_pe1JpQ$M7yQ~pR$>IjU?~0$Z84Rm;$0F*wT(K{Hf8`3urme;%{Zz9U
zjXn<i_#0Pp8Uul!J$s%$_@sN`i`T^DWbf%#1&V{Xq~t?v1kEkKM82nCB?s(vX6}O#
z3Vp-M+W@-}*m!B<F~+aEEM&;h7J|WaSdz6;b_0h)^D~!QU&}$zVe42HYu<CQ^~Ho~
zEd?Bn9#O5`^;}Uop6tXp+c;W9ZN-G_pr}*XgY4;GmgF->l$Uvkk1P#kz3Nu}mJ2-h
zVU*2pl21i9pqtIge451o!fb)kpA)5=homBcI~@q8elEY4TRtDWF+nR9zWhAjV=~%w
zqY)O$)n?Sagg(+7Ie69Wy#Xms!a4W(fMn;hlV+7qe=tOANzqkfuU4Lie=F=G?~;VT
zCiDS*(FZbi?|&IxM96z%m5@vOx~>qmeP|U}mMqFBVX*9L9!nrR1)k-fybb*zbmEn=
zkT(jYl=H0scny|1U0W0=eoe?-(FHJu+hgvn<Y=5(26THHZTFP|CluH7<AdaZE7Nzs
z#&W~WbbZQV2*Q}L+TKU9plZRi;G(%kR1KsWH?^Xn0TqTsBH235+*~Hn1(RG?x-Do_
zXRTL+#0A`4(wZF58dJYWcf6v`bo^RXw-dqmao2OmS%uU2y?s#N;pxIL5lw;3ex-J~
zc5G_{a#OOaRMGSO#2=}*UesbItvnI5l0a{p#C*B^{^7nE6!pPYFefsSyjNV_=LLj$
zdJGSJq1Uzb+4HLv8m6WhiD9<S$&SJwfO@~_gi6~4*l)drG&>4U=T7d5ufA@p;JnGe
zI~>(Bjah$E;l{H5*iL8TwLLvrD_nf~OGD0$S5MyhW<B`svzgVsp}QWp%#4*&x!ahX
zUz&K#U!d!!U%zWXryD($i9AHE54b;>Kb07Xx1Mg1!^zv%okl<>>-ukPBEb(I?xt^7
zPQ2HpWjDX?0-7kbAmh0mr#3yQ{QIKKt=pBvq8&6k!!>eJrF-q_dm>V>`ABN-`hlW>
z65W>fyJ@tz`FM$p^1qix7}=PZJJvVSOwI~DE&>AfT(zs)A-&!EIKL$I-vH{cms|4%
z4yu)~PQJ$ub^jav#!IJ7>AL>A-uEj}E+p}0`FLQ}1ugTk11C>RGygyvG|4(pajuOC
z>%XKGra$qQ+3kBMHf-|QbknRFc%mW21M3$Ltedlgo6pY~Txpd-`3&}TY}ytjg??0k
z_mLRd?tL0wEEs79CPv37<{I=N@MyKhYDZmeIti#VhaCEon$m;aV{NRKyftYUZ6%du
z%ZMLYEQIj;h}WL*F0oDy697H3oj5^i&o^kAyx=JDF6U_0gvNVk^8~(taJ1El#TAep
zm}AYR^PVRXkn6E;3bQ)jrHd;0O&O3k|I00J0)&SfF)@|g9c{j06Em__{|2Me`#VAw
z9`SgMB^9x1NaAee(MDbGOZL$DU9&&J5StWAK7Yztio{WaI>qfOMPjO&e9oS&uYZpA
z{XphuCmV`fxz%r7#227{4MEQSURDOU7-)KuT3^CjY8xD!5h6~CgMN^rQSvU8@+d=`
zUI?5k3Hrklx5vrg`;S9WgI73ti-Cx<UZku{&^1_Cg!QxI`?I1T=ATKDG_iNd6f0ey
zNcD<Pb~kS=Y?jewKGa%iKJzs9Q-*JI?9tm<0h-@4yH`~D3G)KCl}t>BVjE40Htul?
zBCU^ttsF{<(jGfFQ6YER1^FKQ09bY0ez`aAsVdj%Z=DCZi@uH`Yf$C0veCWRhebmz
z-rw1kE_X=Ef8ftBM+G^0jC<tQa`^s4eX6Kdi$tdpWf$4{3P~qJlt3eOBvj;If4dW-
zt*p%)V&-<Lo6};vOGlEBbC?)Z12t{uhy_Q@boEkAaQ0Cr^^^2nXdW<58{@|V<s6jc
zlTVXP<ojEsx@(MwvzW@%yHN>UMz}gv=(Vi~w^Q)Wy4a25)ZdhJs-}KGZ~DQ&?wn9X
z>hpoy%0V4hBRZNPBe$33s)drsKq+)gxiM2RGbP4Ip1SQ~4hbs73FzN(f>fec8U=jk
z^<fqRfj6?S`_f&Xo9y<2N(&DY3f+3j%GSb6&7#@C;NAzYjzprQZN!1Y6E6_!p7Qf7
zR7H57%qUrSLKL`5a%^%lFg4das<BbMJXLZ$&HawQsLiOI(se?+5GXjUEGNe|vUzA5
zTU^-T8bvg?ml{3QGqx$=oRhALrIk}tO=&5_0guJ{tu2kH*ET5_T(@mo6nW;7@tNWd
zawv-t&bXAdS%2lXdn<9Y3GU~o1H1cCJb$QKrzJN4CU@yyTgP8N+6ytyvfXLHam)&5
zpuk|4CfX|0gin7=IvVL~U7ZW~6TN6>U5((g<c>0U=+|jFAFS6-02^dQGww}NWvBKh
zZ6%ZGjO66%Mx4iWv(mdK3#6>;jrf`0O4)RMYOHOz^7fAqLo-t@<_rmZ4s&K+bVnzh
z4g8l@GxigzT)Hy4*mxFeV8pIDHi?RB&nBYM@BGj!%gOAu$S4o1J(G4F=-_qjW9eLh
z7C{c}$?ZW6o$3CGWJ!ZE%jVe35vrNf$;<d*f!qcsqa&tOE%bhE5t%*xm!t;n#+g>F
zB;XsSx1MC=O&G4;>N7Nm@EBc2{flS<mKn4O@@3sX{i^~I#kkys{hZ%q^SJRQWt}wg
zxJwyfDPs011htUUy9zW7{qnZ{GxCx6Vm6-+F4{UazS(=tZ$43$DTea@pTSc4Q+-3E
zfx%T(*Ys+v`_<&&U5cyxOR_0y-^HJ~Zd%7AGgI!haJAr-L-@u-a#ep}4xJqW2%mwp
zU~WDBqqOV&=L&{uMIQ2209geh)Hzqena;=oz1==#4?#LGCg=Oh1yHQXFH*7pa;v$N
z&+~<_a`#%}^$nLk)2+aQcfWu&9k{T=l2DZxUt*xr`@$FvGZWMBL-v+KpHz;;;2K`i
zb{P|PF*WT89vZCZZ$2ku1!-xNNO9`j$0YB=-U9YG_JNb(2YH_b1RHyDzl8>a&q7cX
zZf8O*Ma%~{7-?YmubNJZ!bZ`z(K7r}k<ZG*l29EbGCfc#n+7iwo#+L#68_6Ch*%%T
zItd)cPU;_r8AY0qx&C@tHIuJraUrZg*S|!#j)0gBP`zPXe1#z(3rXPPVAJ8Kxd=Pn
z!Sk@Gz!Ad*ku>99j32k4B@X<<Cp-Jb;DPhsup`i^h-2asuod>rvs^4d>1Z}KHvGqD
z$7X=mcf)EFB?4!aH(o;3i5}3Vwhy&3R5W77_au(>>O4Dd%nJ~P?v;>~Tpx#!vJdb-
z&oV((qQdklDzRE_jn0M0oz9$*Yfq`nWc}wNOSf634DJ`7ka&^P<-<!td1`JyHUM8+
zuxyu31rG_aJMMV$z(-u|mVN3hNSpnMAe*Zd1fn4Wbzov*ZP;0CwZjniJL3AF&aFh&
zX9GaDi-hWOJJ7us{N@ey#be4(Zi6RkMyWa^2S}+a9FcMQNYc-#6frGz%j*Tbn#Ntj
zXo~%FJi7-q8%4;r(UZK_`7q2i`*w`~5-Vk9<Kvo;k|Hqp;Cvr*E-HW#(bYXLPlhCR
z@pWUaMnx-7KG<5kYiOG^d<Ec~)s5EC{L&is^3q>t4T-$nqT(u{sX3_Qq`}E)-9^L=
zToaFqa`X`9tUbn^b4-DQ6n0VpZxL_ox8|05O{d(d^VD?xsbY>H$5u&$L<%qOYGi0G
zHf}?aa5&KOm6=tz0*dwhC%onxw;2j!csJ)L57j8ihV1C`lV?<da?=%*{Zz)f^QJq;
z?nZQGE&nLzC7I#Tv$%AVjDoVZN+*2a&F@ow6*O~i9A?8jCQ>Fndi`oGz3uys4{lM`
zHT!$>S{Gi_s9P50Wvt0q5+ktbTw$804h<@aG#kZMdfA3xOPeG23V2RD26y|maX_v(
zzzvx?j*CdBu`^3cU%$Jrsp+Q<JRVX*b~GCxgu*-WREBZ?!BAX^2N0W#$o%N%f2|$~
zYyQw{X&i)eb$4i2UwC;l#m{IoE#5QYE_FNMGhYN?h1hA8ByuJJGA{31-eo+<uU^(S
z5;o4sC7ib6fk^bm^lf6JE=TB8M6L_Z*cnuf_DtDgOSqwj5oaaM(lh}fSt3}J-ASV!
znB7!>*`ZdLX2!bmGEY8Xfu3?R<amJnn0|3|QdQ$Cip7c>ce?qy+^GPL6WyXv|HBpf
z(i?BrJFZ_8+I?p6%i@yJ(CFrsd^w?+SEF0&r-eeF-&($5o|`?|Gq6I6x1~&LSJm*<
z2KObAI86OsknEO|mh<pN(Q9Wyu2ioiSslizO<k<ju8fG_EKkqx%(s84+^IG>E}f4Z
zrr`W+UJrykdBEPnt7u2DoMNJ`Jp#gCMU3E-!q&oKzx0oQr+FtXi_eu>mIjtTrMdCY
ze=2ZZjk&jk%6Ev^>>bOtbRPPrb=M+rPR=zjdJ7PYr#l1Y=fes&)@t8~%;Md8c}W3U
z3Q>-nr57B*4J`0Vx93bV!N51v=3;R_Z_abPAl85|+93xauk}{qL!;hh8No94l-|2U
zXb!#Hx^}p}pqw`S4EJjC)nd!pZo>LnE!@_k7m`ReQP|S3BkeU-CS{ntR=BXyl8qP=
z)JQxzx!yCzvuZU$!F?p$!ULd?n1ZH*EjiG1XPXkRv|rYavn4M1VA>vRv!ktlMw)#n
z6hgJGrx`R(k(MVR45Dc@#s-l*3v7GY9fY!ix&Y<-oYZOT5=E@c^_Hh7+?|WT<R?Di
z80&ToZ7ha_0s#ZGzY^j|+$hcM;UG|qW!MSOs+Mj8h^noDV=74f#n@_vT{SRm+|0{3
z(Vnpqx8C6<*^zfs74o)eTe)QcakdphMo+M)?=tEk$VZA>4x0ZH9ON!6QcElVo?7_~
zP<V$|fv}-R4{ulmC7#vJOI3iLVE2v>Jo0h+;qK61eCHadJkoo=4>&0LuCe!kjzcL_
zU~g<fq}mT;lrB!aHjax6d%K{iZYhDj{x;8c$sA{TGf6dSL9=KgC3RD)N=^5Nb+NG@
zpv|7c$FnX#{>_iRKXFXgXAMv$+`cyxd$APp#}msuTc3G6Ob|6DX<mfSv$|r4n&C~G
zJk}}UETmO1zjwzkrhLYRztY8;sAF!HDUQEP3+^|lDvzJ$$So@&2wkYk^eC~jO)|Y4
zYif{UG2J^OvAEQVeYB0EgT*ZBKI6_TH0@g2oMSD&5ynWDMqlb(qytTVBYBLP7j0ok
zNh?$e@5-6Or59CV&3cIPv+OF!TP6-7l^FI&^2_|uX;du%BcqrrUm(TO(nH;v(1nKY
z>buT2yH@mCdNSjMcC+TJYpZqnmdCzmg=+F&Mp{ml#jGo5uZ3`)Gw6?SpDC)sQtqBR
zW*i2jYMC!h96vo1-eI5V2vFNGmscK><9p;x@&Ukjh7;U!`1>x`#%FHmMMZovpmUWg
zl3ZLdssNH2&v2mm;PR)Dq5V(2J0~lBsW(U2=?*O-XZAMrib$#7k<@<_#Wu@V)Oc5c
zI@~{yR|thn=hB7tHt?;6UGzTq0sz-PjrQ8wm9GsQMa(O^tc|cydIuxe(~ul4N_>9R
zcpf+$)Nv?&fQ($Utl^wa+OhCFH+FX~PdaUN!>Z4~pmBM*&){BbuEl5QUU&gAuhqO^
ze;V2M5ju^%4x97(`yDR0o?mGmB?`Gn3}UU*w9<wN2DrIfeINB`iOf@^S4P6%8=8I0
zGZ#HPZMb7iTE9syfUm3Q^*!VC-J#HUd}RkAFJ0%QK<8S=*pcrqhrKvg{<Nhdhv!o|
z`SU}r&9FTF$3-_QSa=?{hgtNo{UJJDe}wCqf+}YrCb?APk6+7g#HBX`ZAf-Z7@9WN
z<8T`q0rzu?49r}T;Mxz3l%)>3St;IM>vdI$loayl2@NqGH7CvFl@1g9Rr;=)^xJ$`
zPGqGkHMNQe!Yp$7(Cui^SBoj1v%7}2Va5Ek5XW?;I|gRI?|ofqES~yET|G^)v6LcQ
zI_NejgrRj5lnp1zD-AcFapGl;Z@-`Fn^mpTINiLsA)SePJ1QRaLy8NpbhMxEtkspF
zj-H9Px}B=au`e!aYlj5xsZg@0uxYz#*n3J9wH4jCdpVs+@+wfZj1)0nCTf(71wWYn
zw7$^xqRvx@$?C1kUxUB7eSW~P**4Jg{3Z;+kL%27BG$}Lm-nX2+bcWlZNj<Z&eGy|
zXdkh%=T<MVm*=8qK!>NFyx+|C^4=Y1JZy3MM%sSs;k<t8_A&OU{Oij|iX0w+azjc=
zY9oHP{lpOYcw_VOl<7Si`SQT~Wc%}38s?)>p>1rg*G7}c*>4ykXj~U7m8?pgV(iP<
zGBo03D$Z+(%<pCSI)e90ttKn%sy_7NU4ZE2cK(9tPn;hW@S-#*L0I<?9j`q;y;tCD
zz@JVd(;QLfd$vM`MA8fWSeRXx_coM$Ve=5uap|v!k-ArhDoUWRc#}G|SI(dO!_UUG
zg%Y`CQ+X<V{;p|>i6g!;Il-IEj9?d@Qjv4=`3BO?Xg#r4x@zC>2l8JXIc}sl=?BcQ
zLUT68ZmE-FH}{uz_p{Q~?u)5&46gK<UQy~c0)eIb&jgLw{SU~JvCJ>o;<E4^Y+<gS
z?(G5a?zBn5r?Q*JVr3?9{(Kui0_Hu6f5mm6ju>nwUn=^Gi1Oq{c@FDqsGin-AxnQC
zhH#0HTdpnSo|z|WeW*b58ScjYVZI9E7v<EE$YWuq*}XG`hJgXjNq<YYM_wbuy(z7U
z_Vc=8C}>TXC5hlScoRi7Zb^;JOZU&OA>yFt+u`?HW?$2!etExmZRgNAAJwBAx<7Mv
zJAWhjOTJ?6&PEoX>8t`MznQ&u$lERl1aL5=s{`(y*M1vx^hOHc#7Z+8t_tRso2u+~
zS2j-L-*o<*kL3~}$2r;Q9TqT+(a-v+m}ls-iuyV%MIY(0L#y5yJTm@!V}x10fIz{D
z=9P38D0?p0&A)8k8-foeT=Q)14lD5Ohl=A>S1Q=biKO+|0;v!u8(Y5hcN(266|9}j
zU>QcsFKY|8-`^KXjL*vSujF`K#iJIL{E{>5X!nrJOup<4%LZr@?kj4E73(=`Nk$k%
zpw;I0#X8lZuiBR%&19|d?qq&VV#`~}aLYH{nR33LtEVy@I39|2%|JYq^4_GDry}dd
z)c@Y?kM=VYx8fw_9rLpuQa<xl_%^WU;U3rDvP)#SE_m_AdkwFxMdE7fz!Z?gj&+_B
z{reKP>xsIk)dUgGYOHn=d+X1n44p6RQcv{#7T1c(`ETDO<;d0y=?a*Mjl{n2z4?QE
zrlI{`g(VBE#H}{0P?>p_fZycf8r;1lly*Gjwg+a3qUpPpmB(d=+vue`AFTW4iCk|!
z5WTxR?28+FaJv_Dq`E?!Wtp}E+{}y4$!}tMJC;^;&!jZLOiPE9A#$2_j(^1Pa<vSn
z6y69|l-sA^H?FK~Y;cgdI?um7ye1ic^m&Ux*rbO8!Kz=gEhIn7T}d-4h?(d=5ZfZn
zW~D`3zmUG(EOImlY5^pbY}&*750Is%Z2zT$_rx8|CdiUTo2`FO1RQ=MJZCK2EBg{Q
zOQ+RMILb!Jvt3)4nyesLVL?4|gXG=*QMGZBEx27v^k?}vtcJ0E-(|vUZjBHdTCQ|G
zQcf`wc(Tv(Nb&9`;g+=AyUOmTz09)&i}MBiZn8Y#;k`d4VCQjQ>?MIVRl&SZB~>pZ
zzf<O_Kt{kTGeW|RlVlzUY_cpGx#<@U(_<$0C}XtjkE*+R9_tNz-dwWY(CIZKe7KF2
z&&<|Z_Q&o6+=m@Ti$8UQ{S6A1>out!5KP&wWO!{5j5dC2%hI}?my#!XIQO)dCa+1s
zal6d1uAYLZz!fv|Y|oyyF=aK%aa{4*nc=)^L|*Tr@y#Xu(`Sj;O<rjbzk7zG8+2Jn
z`d1M3ql8S$`iR~hCgcO+Ci%2;`ID&y4^MZcnN?9#Ej{Dj<dpuLfZ6YKBxu#QCdTwC
z`2c|i)6XsPd^y$iA4)^?smbu%Xwg*r5Z{l0!+M!CPA*>q)RKAcxrV$-?x&pL-Dj4J
zdV3w+na>6deZJCbHaX%RF!(o(cf6=%LTUNc=rYR}ftk3``Hlp_!eLgaY`uHY<EbXg
zMy6Row~YU~dDOn7f|GcvBTlETTG~&KRv{V~FYRUCsiWz~rx&BIrFz7)b6{piJt$?D
z<}DXP*TN@Q%OkwQ+6_kg=G4dn5o~`8C{fbA`><S+{o_fc)eVsk*T#cKBQ{ybtXM7@
z3cAp;v1P{+LmN*DT}I6ELkVjx^JtHJ=owgqun6E-H-&jFRZwO$15Ljuh$fl>_NaIR
z5<^{Qy1(UItKHrjCvGLz-))+gZgS&#avcKQv0Cwm;t1P-!)FE()%?5cT~2a3DjDOu
z?lwuP7Wp<$>}RA07^m>F?`%;#q?S4gs61x(d56tC{zWnKC&X{x_pgT&n!;!kx4zm*
zCPY!VC-&-k&hB*#kW6P62U|c0tPeQA{lJBI7XjychE+cE$}UTIgnC`TaVzkf;QRkq
z9T%JvllH&sw&0iiT!@Q#pl-eD8#Lqp0wL%-;P|INY`d}}!n^d?x2y^{A$Xtvu~Gy<
zfptR%s>Rs;7y9|n$G`pt)tA9P8F<Q`$t}tMeXWq3QH5`dI=+7F|8b$ES*bVuix2p|
za#R>qJ#f0B{-K3&%n$$1d)j^^zR9pZ|9hHGHt_H)wubA!<%XlXPSf&Sas0Nb;eT%L
zU-W1psGy98LDE(0aUKwlm!N$vNZQQybO~5oEZ?aA8B<<9l0n-{Hl3PVoRwc<!wlxS
z<Pb5rEBi6@S-Z5=#aT>oT_aET(qm$$)}n#10d}!RHJ7JeaEGD=BzoW*)g=F0MWpsx
zDK6>ZVJ4?*7Z$6|mBl|T-m=Hob~z;xS5B^kHZhh5e2o7REQYL|Es$z<LN#kJ@yBZa
zU$~@y-c4>VS}7Dp_rGeIeSNO^+%|58-o$sOellixYf0FHH}>77cxf9*Q_~p<q^mNl
ziK3P4dTYDFa_(xVcLg8Q*pJ_$OT+IIx8FFwEqd6b=#_9xc^@C^;82C1=julwzWu1|
zmI2CY8;;>pb|!i)XCYm&vXPvU!lK;N`weKvujK8~zLV(I)5V5aOg?k^^4VJ-pJje0
z%4|9e+*Yri$S4KR9xUX9#*?B5Q09iQ1$wRK64GXYhX@V{^DdKQ6w}1yY74o&gBvLx
zJUovs<O(br%rwhhd}D-!;OQMrT;IO>hx<5x9)Sxm#pKd9xF$U(tTtv2k7{CbK1uov
z00swtVN4-D8dYL@3SI4emFKe7)~Z15{;crtK%z@9@hhD_SvQ}Y<nLYbHtA+dSM`LK
zJ1SIwq9i<sTBfI@)QGfdEs6@Ej6ox+HfS`2Cdr_*iSG}49surUKxU<@0hX95IET94
z+owxp47W6kaZYD6i8=jQ^V*YST-*^>Uy~7!uOk>`$z(2u13WokhVwQ61l$4V&NV1=
zs>qv^kv)8KGNCzZIXv-!MrqZsw!+|iGa~w-n-nCJuZ=P=Tc4JdFc(@5R(|?Gx%{xE
z=n>F(!*X$PdHzm-TB!8w>=u<5zrPh}-GqY4O&Ku&8tLJd^7V#dEFS|nC2B~(;75)i
zXxNYeD+CZilBZ5}w~)}Ml<Q+qs_6Mit15H&h)^8V;8dVi17UA#&H{I46*LSs#GH8f
zJ-=M8l^#GXUd@|CbG?sTQd$S`)gB)2g)h}xIjG{q43QjpdUtkQyl2krh?LmM1KKS#
zHG>9CsxJ3dPUzWqwhux*_iz~RFc)UCEje_fCXuS=syz$*r{&H95LlTtt<rsVI05vl
z;Ncl#IcT|AzHMTH^EJ!6K5JroX)fNMHQ8Ce*S=E#^_|nuVI*lEm*iR_Y8iF^nFh4o
zMGTuomR#$B=jt&UZ>xbFSez8?R)Y`_EZZCHCY>G1y{6aRYBQ%FfC8LAo>@&6p|}$0
zQ;CO;Bwn7qVJoTT3m<;Pu372w7m^fn0$$O0<nA^#PWB<%<gO3E3*<N~+s#7Fs^VT8
zy}iSkWVfN|Y3bc*>g}mlT!D($!f;%qq-BB}^P{|s)ACSruyv5-++-oS3~AdzagFu9
zCYL-mnQYLGMY9ndG2fLIYzitY6Ic#HHHSpq*}>AhooNg<wQZomLP|)cZw7GS_A48r
zTAx|Xdu>R`>a;xe?KS4~#Z$RYS)QlxuApt}IlD_=vlx5f&T``fioj7^l^X8zBW|~k
zqilC|^$87?0VF2ZI)k%<O*~<`8}7g<qLpb4NPoojZmv~fRwfTc75KL3yFrD5M>y-B
z0m+9!6r!LJss3Tr4YnsH<A#G{zyPkdwI<4Se$mt!`jp&U_~FPaQ11qGJW%xIwT^uS
z1otDw^OaoZg$vR{n|-@0EH9){D&Jmb2zhCds)EdqNZPz0R#xde)8FC7TtHDQZr*C2
zE}8<a8&>Fdl5NX`SxxY%W4azXCWO>zXV1aA{~u@X9uH;y|NpDjwo9cghf>IPBBxXc
zId!s8ksLAxl_VzQFqFfvTD6<dCY002F^3sphQ_hBLgZ|WhM{#D3?}Ep7=F)dsCV0Y
zKcCO<_Pzetwz#gj<~qDyujljmc-|j9>&tD3ZaIxmU|D`cA{G~7R^AY=58RyD-~N)_
zPaqaYyj$H0QqA$^Y}x&pQB7_Qr1V`@m>LMQnCWvtL%c)<nc5i5fA5q+K{GLj+#!ib
zM3YFLN1XYYZ6Ar8j-=(uI&~!3wyX!9zFW;3@jh#?+ZY`kaR(Jpk4Bb$R7scwfxMqw
z_uK@t@W+^_hv(DJ2BX>V4!&<;Ih|5kl{mS4P~KIO(c@qi>3fAoff*u1NpNdEqec$1
zM~HfRE}#sueVzFmJZ?eo#69#O6Unei)0F4J%%0UrZqr(^C&?SHYmCax;XN}g{^R+t
zVI+)LoCui6Fiqj#T?uTjbSG)6`!5|FENLJ2>C+F_r2Z^vq2b(NPyHLDCVq?6aygUD
zhyXgHsP=68Re&!`(^?VkqbEoJaN_xi-oD*-?H5`Hw7#zKuorcfcJmevx{lkHZr+BW
zC|p~sDm_6Jn*4Om2>xCNbY1TVe;C4Npc5Ir@sasP4;WG}Df+(aQL-sH+-q>VBGO#W
zrSTBaDAHP?)GT`FXUJM1Z~sKn#2@wNCRD>bnxHe3JE^ZTe~zUZlZlxC7*%I|p?)Q(
zL8s@S4$lf=<=l$A1g*N4el$RokFX)l+VxTa-aKt543xatBz>gVBhD!G<?19SY*t|Z
z18HVu0fMT`0*%nGjlj5R3vgk9%N2qA)-_7L3K1hBa#nn1W~N_=BmaBDcR(Q>WEm1t
z%v7_KsPQPDtS~%e?VfuHhBgwMC+D7>OGdFQu*CYNwin<YK9%H5BJ?X%p?`<=iH7KR
z)mgfQ)2Z`RKVslvAIaqtMNT$wlj*)+KN7#IK!{Q40+%bYYX*AV58nLr@d3tgl?lH;
z)yHC0Es~fsigSIJbul$4PQZA`V|O2P9WOX2lQ%{E{kpmM1pD+>kzVr4VWbBc3hv!C
z&+O!G#B@ZD>{LJNAui`YcOxWtP-Az66U-|SoGx}VEjp-7<1RE@m7hJ0ErC8ERhn*l
zE4YmAHjGMXjVx$n(sNLSm~GTQD%xy-iDtW3dkH;rzdGqa#&yxht!2k)=t`MBm!=xa
z6CN3%Ns?c$cQjp{Zf$d@_Bg}CxjafX;TF#}xZ*~Uk|Vr8|NDZccC?%$s53G+7OSwu
zTA;^rO_j~lu5-cAfr(r$WKkF}-a4}~3#jrZ`D$!Y5I7E=a}AcuD+=VY@;zu?j47Y~
zkx%3Hf7ZdeKQ<ZvqPpG0Xnr7?J^LMB{PJ+CYdP2aYUgq%w(;*ZQKj9R`8-#kkM_v{
z<*P=g9pygHI<oaDb1lu^bE&3y@Yw!(_<P0(m=P;$AMN7y|BmnSW**jYwZ2w9(_pc%
zyv$s}QoCm70s`zxm)DsAlj&L9g+I@P&)zz7qDCcW>Ug`O4d*8)u4!!e&*!HO7M5?|
zEsS-ao|U-v<4suSnH>s{?=`G`!IGM3zH`QV-qAHlEjUHE2s9E9Od7~8TKi3RY@LCg
z)KSUDQ{f;HPgMH<*W-#DV0rr-F+2)|0&)W)0D|q`YqiTee2Fps#}H-Z_f~?BmA_Se
z_n&tG;)Ty$?JL0%>L0!0uuC=AE-&xN>j7Ok2>kISq=`d>IP>!(-$o7BpB0b(YaRTK
z-@MV+ZTSB==I3+c(H|_!cl}qGWE+2EJ1@vsK~;R&_4D^w`G*5v9yCOC{cV_oq@pYk
zRrf!Cu(I!$8xgslgWK}Wr`h*F6SK?vrA4W41FsKIkBSzG{YUTlm(vS8y)vzt+bqt}
zdDA6adju!~zk)CVd}fqv1;1ANf7$ha`eskm=hOb{KuCleU_C|sUnAVWyz%^FN?+q3
z;KOu39QGZ(uQ}EpAoR^?AUDHyhH~PY`@3?2yjwQg21Xx@2hzvTNXI%7yMPK{KFK?5
zblumN*l!q+ZU}ln8&<8SbVh2!q;y81{gwq)?m@r}{DervA*#OAW%rK{^KSsFuO6gd
zwh&CL)ST(0=fbI{36mg1@RRc=x9WiP9*i!_TVN+|n$|k4@Szf9^Z<b1mY`Ttuw4Jr
zOfXOj7hYHD(AD=_5RK*pbT>?%e<Vo`N;vG6<oa#{-+(sKvbmfe;^in-B?`r8`4+$w
z;111TFc&JypO9_bg0zX<K-3Ep)ob|j5WK+*(yPh~l3+wcfFFFG2l<m#DhiAGqv&*0
zA!N_+%eoMFxs?Ev%BQQQ38H6wrkN+y77>I4{M<9#Hvan7e5vJc^kL_YP;>DbPXrKp
zr1{>xd#xbGmoG$g66P+5kcw3wtEMFHhSPL*<uqw%+zE>$L6ewjrTlM^W}Mm+_Qp?O
zQbo<URvOE_1$OOSmG*lzrAPpEsPM%C-8IUzA9`&IWRoBEW6LOY@18A!jf&T+>CBzh
z_~|-tnCc1bZ4}g#ZjL^uId8gpr+FHQV`Sf?9N~H0DyP(!w38)zTf%52jls@b8*k^Q
zG~_3kk=$D!%`K_m{E-toBsb!4AZnU2wCC1(v;He{!?R<QYdXOT+1G3{@g%&VgjHp}
zMontNd_(Sa>oe_H4vk~ZI*v2e%Il=GOUP!EAW(j70$miy1L`{$e|^b(IoYI}vLciA
zNmdgxoo_)XP={DvRngG4%~KH+ym&xBBp>CSu(+aM$DalU{|{CL*REf`4zQgGFvaj-
z745S!k+wI^%+4-JlsB=qW)y{ukNgoHSx|ntvCQnMra7wGn*i{Q^M$AOSXaVD3ntJr
zL7HG~#Azm1S?uwTVt2~+#x)W3{1mI1&7DPK>VqA{`?M3L8J+3{7WxGVT))&2IqjUI
zb$b^}O7YPz{6Nca%DU2|40EoEY~G|XhYP!2dUWWRj!=Pom-dMnzmo9jvb*;bv<ryR
ze3M?KW9-X(x?S%5f|W5#pX%7ixD#BXaq?1qAYY=e2r#}xn?4Z)5IyBYWMm`}!Z<2$
z#z_bj6p2DD?d+0^LF?G=eCZ|v2kZm@BzK{M;^A-j5+c#^faIPE!VUn>H~Prm0#ov%
ziVO%W#og-|J}d&H-3j772Y!#-X(<}|w?@F?f*`6^5k->ejk7BC!FEox-fGJwb)gkZ
ziVX<Q&CIuXdx2lVqR(L5A!^A03OqHbOuNhpAl}@e6tv4_a4sf~P&Fu}EG__2Ux1m%
z?18}!vqF0GQ2Ri>t3S)?5>Wy3!HFr{6@W-X6)gPNld4d(a4mIli{Hz7_5iQsPn^mw
zGgTX_KjW|~;Hro9F@|Q5xj5&7C!~ztjcPUeP*4UrR)s|JFufuy_0a<5G)_N7HbuLP
z!(iWu^UzuNTj-dg^+IX#1Z`&1%9z175VY~JqB`lpsHB^m9Xaeh_2+`3z}CN}DZ59M
zK6IZatd~oUx({{}e@BQqm0rV#o_3tt9x@Yg{p~Zmc8BV8vU>{!8t4kKS|du7gzAfU
zCdP7W;g(u69qZKb3T7PZF!`xHF)eo%C71Eu@gX5Tg7!;``@zoWheHQ$E$s@=nA;_n
zW0LoNWU#7Wgs=@Cfns=>`5iILthpkw+iE6_TKI-@u1R%Yej~2OU(8*5Z1GVO&b%A{
z?(puK47*Al?;@$DYn1BE(OOX*Mnq1FcHyHOZO^k~MUGu-_bi^hmZO3d?RM|a+{rg^
z#$bxw-6O><hkV`u3-D2V1M-Nf-hs#5@O;9VE-aUDuj4`_>cu1ZIBP-Oji4Y#MZM5M
zhC4{(i`@^+Y`tToHD&tP!==5zS(?@j{+2&dqRh)E6|QE6moPtNv_5c?J4yBovy#i&
z?nu~<B?77O3Z~}l2pc-LCU0#n%r>p5Lz{YE1$w)*1$v)VN8TY~Wg7_a{aD>s<QivD
zwAR)F$5oQCFzzB)sn=)@;q?gxD>L>x7>Al1`fJs?)=?%pah#C{9xh0fN}G9B_$%}j
z+ZyZ7Z>2y%?KS$6j%`s6u;535MlBvi>ZqsSaDta~^55a1L`8E@){K4}R_a8}+|TR)
zl#G<S^PqO4TX$Y1317@E(|oTUkTBwiTuG1Q*3Nf$k7Q0qHNn54OCLx$Fe~cJyA~o1
z%*Y1mU(c=QpIhkJo_i^~^+=fP^MlYwzn|&uRf!S4k$2J9qy+!M(7937jc>wsvCsA>
zk?^8;6gsZ&phKc<aq7KsLX&;_?hfQ19>^X|w{z1qu)dIvmD=u2Bj~yjb*(H)L4hUB
z>;S_pVfR7PJF`9&G}NyJh))j_<n<`lA3+}>uQ5J%sL0!$zp^hgizuMZ1cy2?cc!)5
zTM^jRC}6(%0n5tC$!XlHN77b^>P-|=exF~j9XrD$9~|et@4VR)Dotw&#S%SaTT25F
z6+xWGUZaF{ln#N6aA;yt?2YpUL&;;vxx2*Mm9bakf{>iuvbxEB7<gL(lqlWIp!aho
z9q!{$<XuPcoLjB#NQkt9WQlWCpQ}AQ{#$y?Y46PcawL|FS3fA;ubXh)@`)-D>;C>j
z_8YsSh>2^jz-C((#9+e0*P4C$!T4f5MUY&WbNI#MJuV`I-1j0sTzBpGIGPrf4>;}j
zvE%%I0%IGwE_dDJdVzoO8(M>WM5*BD?VK^e?;Nu$S2fO@ls5Gq^R9&igqXJMY3Zq_
zoNAlADk|sb!U4ktt<S3mK8<j=k1!*fR*}C0rgv<V+FR=%nS#b%kwJ!{Ee3+yWw$t6
zTV$zV4?MVvKP650C4#l9IDHYJnz%a`_p9p6z7jf0bT*{PV@cTSeuQ>GnV6fUH#wKj
zXQ8mGoIRC>=8fVGH`=nMiv-yl1U4#J7aelFXS-$K{;ak(B>bwTw4rNDIvP(Lfushq
zo`SqEI+h*N?ozCfZHAunv28HiIKBG*Xt{jQ;_|b%Ec6`MPd*@@(&uLJMj;gP2;1Bh
z@?73Nz8;_X@)0@PRB-69F43=J<d!d?+&7CvEC@M8u!!if$s#hL7Yz`l*jHK&450gL
zai@@J0^$mj2a}`MdpZ}3zhOV)X@I={zQABmn*l?|oPy#5VRk&^>s4A#K|!mEnwr?7
zn3$M*+Bj#E?T7CbGtDuUn77Y%xQP<BG*`T;rRE)|LwdB~T?M|oR&QRi5AART<nzkP
zdX%%Nm%TpZ+2hLg4&aP9mcK_-Fivt1^HcIx4{Jitl!-n%+DBbluqdomrD!w@7$LJI
zZ%U;+EsQ>|sCd+)PdxaB+<MAteK)y^!@tBC(hujJ3eMiVwyMXC(BtPW&yvU5-|qtx
z0L|WUInUC|&Ex>kt9L+yAva{x$sR*7cY;qA41U4rb~iF-Qz?4W+GOt$dY@ILw?qAE
zf!||+h(I-(nz+(8RHFqwqRU&uW+=wz9v%=```X|H>Z8mkQFFtlO8Ey0Ao@42>J!b0
z$ja)3o6s63@Su``#T55mXniY+r$N`>G2(utD@mOR=^;_~xwkBP#tC0>DicOSddbZP
zIU&sH3QC>(_Tg!g_jUf`BQ_7Af*p+R+7up&kRPuu9*pR}v(4oPN|Z}6m34F>$#9``
z4c|a4QZSLs=Cpqm4k+3U{rsWmg!%sL^vc0A_pG*O*{241wf=1R%98(&<_=^8V0H-M
zKCO|uQGEgrZ=V09I)qQC*sJ(x9dh0QJ=?l|pbR4*$=*25-$DUf+y{l_yK?RHVKRVZ
zv~$r*7d9#fO=-&6>+~)ri&*>`;1c5QV&Y(3P(^koB&2Zk6|#Nrg-Lj8;V0i8tp9Dh
zf@dEHAOtDh=Qkd~jU9hA07K*9i!e3CB8{B3HxGOj2-bAKuWoa%TYI%f*{peBV!BmU
zl)q2@M#{$lq>f@UPQGlaE4zWz1rtMto+JMY=$WR9-!$7{%vj6Zv^G;1ZOSru=OoWc
zxrw&IDs89fpMKSkq|&t}8;)H%Ww=q%#W9YJ!f=p9i#iiGnJg8IRz<Q>d`Cva9X~+(
zrbNHuaJ3I26pQAh3XJ#ykLMDR`E1=jLz4p+I-@IpmO6CJxJo_1x|v8BI%aprK^FIG
zFZ5lxju4AAeKg>8{hmLSr-I;X(E64TNmBa&IZmDUadZSestBag1>aveu5el8aqh=I
zi?(%wXB@`+-B1~YNUUSpfec%kiS{itd&=5(I8yYq=_h4dxu#w(0r9NhF%b*&-%J&4
z_l_iUJW^U_M7<PPZMB0Ao&?I_#kW_-xII5yW?pnwV=rsovc^p4<SQNik3AT|j*_9>
z&c5%kE>8Yh&h$h0daTal>DEv-f8+;ZBZpniu8}I={~U>A!guHV5eBNVNx?eS?8Bd+
zg#vx*xSpwgdpiYl-3hx^l2xTH@-uu!dABIjtM-tWZ^!yuWj$WKOhW;6{Lz`MctaH9
zt!MZLb!5q!u;u>fE9g-tQ_=)p+Pc5nJqqH+8z8nUPPCdPMrnza{_s;53vl;$N|aKC
zBW!-Z1#+y{9k<5n3vr9xlB-*G>Uu{C@!d-;<XW%e8}R+tB40PtiqAMxV`4#zTB*73
zlwEm2b$aJOEq|o;lqfL9FbUAXHu@~c1eQ5%d4!ws)1Frt)z#IitgP(dHgKThZ%<1F
zGSeZoLx+ANjJE^ph`(K|$T=5c547=}E8@UoaH4n;z;xzG(U}8K?zuxyG_|$uDoU7+
zHu7bOnn+sjjMNH^Voi`n9(fA!$S&$lb%dQv(;p;uYTF#aM|r+SGiAn#f@OOB1Q-tE
z=<z>t(yJe&;Ga(86tU~tjVx*s49A(j*bki@VF*z+@lC2C<$j)EdF@icVR%>Oiw@cz
zZe6(RjYG(5GU!(2dn5;)U7P+eb;`IfkhiTY1Vuhh0HTw^c#D&AnrJ-I-w(@MgioSw
zwFaY=v5sNSv||b9xpWX-2y58nqc%Z$z5&s}N9$ZAm{NZ>A-D)i?6kD@XuoxDoS{`V
z4mEqL95b{iH8s8&dVNi5QZa<qG{^Q3YX|c7TAF|t_z@Cl2-^`C6Vj^U$jUsjFTXm0
z<>wjdj!nJJG_|s7@9(6Rc`7=IltLGaYTxgb391t6>2=2bnVs0PWB#tpXC75FYZCQL
ziL-WaoY7OxeU{v)mu9GhA!j?(G3qNP52j!qmMlG@9Vni;u4Ap>tLP>++r&@^ZytR$
z{bq`vZy+Wu94Eoc=`<XSiH$wAYg0z=`P>G3@9zg<p1Xz=|8D-=>ebmD89N#1WQR8l
zFSyN~oSNNy#v2UA*xg9;`dXG~k%(>Cje+kVDmxa<fG&`sT4ez~85Mv)Xz2EoRrH7;
zbb9HviE8I^Hjd49e+T_)%UcyBITP1FZ=;`~IF=lj6JpPoiUDRF47r6c(Lp-r(QTxC
zq&=PbwXC3FRrrzdU#dj3qf`Q$@&MOY2*TO@`Y`Pohb?;U?-^f?hdsqWc=2n?TQ&?D
zemIE3T!8GQjjvhG%bbXA20!7~lB<M|EgUohR%>DU8vdMSoT6p~NonQ$_@H;eF;RC}
zB|O7m<J5WsJ(qzSw<eF2qJM?}(*+jn+CqFXQvbyz&APUDp(^^(7qUik=N0CeV+)>N
zrKJ~&FRU7bB;GKRnEoF`DLx+eSMwRHS6D7qBiYc6_mTQP2vJUcm2dt}1~U74+sy0#
zN`(P;Gd_8xU;=s!1PuH6TYlMf<sZJJ9s7#v6~2*S1m^LCYlHPU{}&eYOR4zl%pP))
zxJ$1CznX!O?_#V96PvAtzsgq=+kc;4V)nvtgW)&A3*N4+YyOYq<;pkvoTSZ0YY*#y
zR)V)7JP7z7-46qRrHIv89R23xR`&fO?QkDZ(-Hbln6q3Ja6=N_CwpqXUIN07JcY}@
zWPQIq=6F^_=)Zljh$+Kw600kFKKOB2O0oRc|KwBe`1OCAOisMc6UQ9nzWcwv*mTD~
z;LdPtnQa0mbuJX{|K`5@zlnWF_ocao-(H~XZ*j#dUl9KI_eA}2MI=G#$ku=46(KcW
z{lIAH)Yn<c|2kCSbzXM<UsCCyUh-%3g?tTEguRz5Gv9Q9tsM2sTLO{qQZIr1Rph(;
zNc_ulva;*vl={kFzdV)irIzCV>%~QK*#EDIbmVn={e9>^aMtjlNDA9%eggB&w_Q1%
z&yQBM0Yhm~{VU3>uGG0@NN)!KrC%e-qFs*b2Gzuu*k3(Zigp6%4d4i|R=Fp|9_CLE
z0KNW*nYMwJE^i1<JvZ+?dtFPX53y9xVHqOnXlR;E{^Ilmecp#4bUyuS4gBKl0@!R>
zMH~Ul1p@kW;YCAgbb!umQ*nBP;4|C7-;OmWd&3uaV-z3<Pf-$)i@&@X8~pIgYXCxE
zK*e~52=SPbEm)T246jDL8bDUKYdheF43N&y<GMhz?e}0Fs0BP0LLwTiGOqJ=NgyK%
z48jqorHP!<=@^hyIf)Q1PD0v{fwZgK*&rdV?U)OI8(KrdN5IoaM!_j0Zbx3c+WD;V
zugA(>Q@Dufyk?YhHFlw|vqy=|*M=P-kM|y6HrxZD?b)rZh^|MX7}cZB6wgB0>13@#
z)wfd1=*f17@`p+NOEVfydw#rv<c!wd9gm^AVHM}moaecjgpwF1?a(?k$z~L5Pw~k@
zA5fy}UvN*bzJ2Axmk~A41XPO|!WYSj#85efbR+x*iYMeXCYx`TLeJprAf!nckRt8?
zyFvyKjQj+zV`B-qnGp~^SW&AjU!ky4#1!*7WL~_mQ%$ZgOa&-uc%|Qh>VQ@}(RW@K
z#Uz0K1c1#mzYaaF_$V5BijYXIwu0h9VdH_?y=!U(s#$(ipY}RK7UuovW2&8aR=Xby
zF4>MkM)|P67T@xzPMUw0;<k!hO%`nssLtH&rYtj%xq}o$7O$BDB?8XRfd`(^5h3%n
z774UCX(6ZOC#{geYgQ@+p$C_=vDMw`P#LK@tp`!&Aj@jq{MA&)N(*CaX37+)tO*+J
z795<O5<Zq8ZC*Ud0fCw7KXen$rm7P}qv)Po{MYaH5tcT}5%^@<RVeV21!y7V`AM4W
z7QznK4yQTz>)3gTdJ;`QQ&4=b6(LF_kT%<t3vF9PyiR!<xZ|ata^e!E?xSwDZ|Oi<
zb<Z~<?l%n{Fa<7*dH>_1_%BDcY`V~*F~_o9Dq`;`zR<$;au0B{c7mi3J^GlQ6ZV!w
z;r_a6Ak_AzBgnSqUDVJE-XBjn5~{FerwZ`UD)z3hdU?43AHp|(V0F`{7I(`GXvg+W
zCS3dklyfQV5gP$iIT$Z#%McWE5Ug5Pd_mEsdIZ43oqTAhIM$qU8Edr&+%|HUAwjfd
zNWAoc3o_6eAGwP|)_lB;0h%|(#KerysgConOt1m|pFZkY0R5#VX)Kl+c~iPC*PNyr
z<tbg1CFdMjTk*Ky<s>M*tSWQh^mGg0+kXRp-bsbzUT^wLS3o&_4_04|?j&0Z7%6Ya
z+817}6)!*is(l(Pfp`sFuR4#`I9fXfKw=aZgAkl`$cnYa26m_A_FDt?d?q8%7xi4r
z;@0w+!hZuh0|O74SbNl};4;md+$=tbcUiWidLL-Zy2T%!{~Q+Ft%+lxN#Pz6i)5^>
zMBGvEY3Cl?f+kgMS3;((|CE`|nY`R&gj}2cHYw^O<X3a*0YCS~$R40mxcUBA*LlZb
zB#d8KD!_*(l74z{av%9@>xHH~9M?xjM8QIgzG<zmNJspUTX{kky{QP8NwE9yM}m2y
zYTX3HR}1j@=NMrj6^S-L!{UGC!Jm{<Hb2xFRWEQe1hvoV0Uc4uDS%}NlMQ}6IwR}&
zr-5wH=5zWSB^xsa12rcDjhpKOD9am#zp#ph3@@w47<`xtxGvxyV&SBWiHn{$YHEI8
zzBE-J4e2HEFbl?qHeAKc6n9OX=l2!47_Wkfg4A0aQuBj0uqizDEx@OcG%*{oB`SB_
z&HqZJE<dQZHAY>EpQN%#dKNcUCLCvGY{4mECipIBK(WZ#+7^$%xUeb^Vujff-SE^T
zN<NPo9+gGR?nJDCtZXqy95IoK)$Qu6gK{BtZ*7ESew!xv%ODnj^1xn~u|=lDLL;lM
z7XbFBSDCz1QOpa<X%+WDWJCL$&SWdcPd!<k?L^7mF$l>l29f}v<@$$^7r;#IIeyRX
z@Eoq(Y?f~J>P*q+RAoY+hxDOEQpGj%52ohr(c|>!iW_0K+fe~9i)lY2Ms=cSLBsU$
zpblkBMts)dLuOWDA)pg7I!WMR1D6F2L4@lE=SN)y&at)@udWcXdY<{2uYJe0QtvLZ
zP-CKqR~Se~?aIbTO`5Zlwl%4+UV4F7y<XI8<QoyMwtlP`QFzG0FByj+wTZN@Mf&==
zNjykpb#15ri@Z1ZCDuar;7NjUU(_kf<_7QsU8EX6b2{Mb#L<`8;LAcQG5cA&%ktTI
zB6bI`Ro_{GQZ4^8&ktkyf8oFXUW#A&@t0Ku(re$bCcpI?bwOZW(&wqVXzjNWjO2^Z
z|9JzkjqqUfKu<k5T>J&kP4I62b_m+Ib55vC&oiD%+YuWI+55z&b%bK})6TO~sq-f}
zo<^BO&+w?&&QFYU2C6O{11!Xh{L+u~WcJTgsBupGwJC8%1F4-(PPKovxGs7x8<@Oy
zTvVQPx0bhNAsIh#Ksb~D3%qn{<}d=dQiXPX$6Uy?W>1xfBvzfkCSmh7q$OxzGiyo0
zgSf`hPe}f5cW^G|Ca}^$IczOgyvG2kNl*AIw-NB_R5iUp@SHZaj<kD_tLEqZ=pi!U
zI(nCvBz94zeH{R)aLJK<v5Uc*jxXo3J^aIGrq~{jHehMoZ))lGr-i!p;e|nve~@JE
zfVC2D)<#}QAX+u=(bfFSg=;Rm3`8Obt6{+P_<ry3DnI3*j8X>Tck9`ZsE2cs*Nww|
zG<~(*T8@!k<Pdo_?(pACWSr3!d-EKx&e?k0#mk7UML#FHaZO$#y8<jtibdqif7{(q
zvvb-XAtY-r`G++f=xq+z#LFh|^eBS|%wdL<T7Xg@4c@p0ga;4k_}QpzlxQJo8*l+J
zE-ur*vdXSOaE_Zt+U#WAn?nSO#6%TP!cim{uPh4MGoTeT!Z3Es`I?`q@m!D9(E$|U
zrP?w*9gj>`?z*3K7!jFSex(w<$(*%SK{hGpSpM82EN>;$Gwp|6Ovt4#p4iSkq6l?`
zY(P~aTcX;|9o7{st4|>gW(bcP9}V=X*}$_0KDI?8X-`~cYd5KCpL3B~w7jMJD=jFM
z;%H0|Dfg%I8SiV^N4Hs=2c)BL)XyUvv{F}F$O-V6nL3}?29p>>Y+o;{`OjIj4pp1m
zovEDMZ&`z^dTHloVp~T>K=z@uC4_#BQc>UH<LC$)?@P4{q=YcLcG<2ct$!k*UxbS|
z7gkV}r>xiG_QGsK<QaVGxdu(iHI~>$8w*;&nIm;+L&Xo2jm<=zBg}KW)|1)0BD<=u
zd7iGd(rPbLxRGccSa60ucAVBljE&bP7VT@nb3fpN(SLWl%M6MSq0$;D!tOb5bv74W
z^|HN|iMc+9e#ki4KJ7@e<b<$y5@NlKp1F`arc+Z!+!-Dkw3`exGv-RyW+2Ep>hx%&
z&z=Ym>#TWKWVA<9D9d+5?kdx@^1R81?9=9F?N~CqSu%5sR3DSMhcm9`*h{STF>)80
zcFt6l5S<<2=Q;eM>=0GCIV_oTWbWXjtOXPi>$!n$;U`&LIdz#{?3GlaU}RT$sy)C$
z#6%mcFlS~Qw%;6CCt=iePJ*jwU~}F%f;HnY9_M*RaBj|MsA>k&WFKuU>aOdB!ye%J
ziZ0*lt=AOKeU;RVECPhQDogb7{!2$EU<v(Kljqdb6pqoWa2{4F(X~*trhs;xN$vuQ
zbOEs(+=!lgg&=zFK2$lP2!Gv5JK&sy-9>XVvx&5-A(u@*_5Xm&1nOMOoTbFTVS0M}
z?S8v4pWHil?zB2*4;K(kP>c#@%J?1{&6K&>FzX<dqHtb)yiw&jcW(x9@`=eq35&`D
z<~DN4t&In=)=In{dPPibQy$*lTvsYLe55<CKObP7t?mQp?6WFTtbx+BdcyY1&BaP2
z`LfC;q9q;MRAMsTnUAq!v9=Vr_MPzy&&=M3Pb-iwJ9&8~GCu3!cyLP=qkW$d+Cd`<
z9uI<ja7T@o^@xV!Ho0QPv4T+TLOXHlEkD9_seSm-RgEPDjT!}|sV|Pa%ai$V%Sn7G
z+u@v8fzfVF@7O}SYf{Qq`prk*%!I&+8ohg?BUTWwyIqyAU@n@aPl)J9%gt5Jwr(SD
z&Jr7u3zeV^S(9@7+J%!E#&?q~I?<+T<`!Pg-Ixa@(_UfI)>kU;=Qxbd<k!iTNus*?
zM=k_EDsEuY(ARw>ww2m~jBug73-40Kj%2|&otUFJ5o}i*aFaO$IfTH!ruw(=^F0z@
z-L!Q;VU;7l;N(l1<owXDZrhFjc>C*v$6BAvn_dqcetc1HtwQ*R*CU57ToQT}*?oZI
zjn-NSceL`oCb?G1z47+cP3v~o@u#=kwd^XJC>4F?T5s@g<+p59q7{h#ZepT-8m;EW
zy~j_Y3vRq7Rlx4m?*4dud|_C;LeDTO<i-7mSz-4jj>&FleY5KMl^ZF>q9w)#-@kIt
zwX2{hoY7~iSlOP!@11eQ#&qD@9Nf4-S+^Syr;lIJwVW6u=dvDVTV;9gmP_{E`>Z4W
z=>Zgl)YVIFa2tLM_sCq5k?f{LcY8QfO7$=47!4)OpKbCnaO}40FG_PO6)RRuN$!%k
zjNRlKVMJFx&fKhY-rq@!A?G${CYdEPB9}JN=-ysVO-`H67q(45nqy7mylQhJC!8v_
z(8%05W1d|)-k&sLYBYB1_sC;2ChzOc$=-?|7T+Dv+SBLdzpK+iy3gE_<WdqI_S_e>
z(k`Qgbaf##p*6Z=kR{&Qd^i+FSQi+-5gl7u))3SyQoVHAB}bB>AQRq)8Kp2Kb%17&
zgTGg#OwC0stHWJeLNkiYs16YP{9x#TSazW8?NhDF{BB)nI?ACy<AXmi=B9A;pAf7;
zm#dwfU9t6}A+)CpY6)C*OD>-70k4L+l8RK-p)_+&t12SBxIi~?kuaKiI0<0Cd7s9|
zF>u$0PGfUM^E|L)a`Yuc;e$g^b^GWi`*M30C)0JN&fE1U+ae(VY8{A>91m(!M%TpO
zErAoj(Iv5ZSuSpoErem`LPmeR(Ts<mZC|p6!f^+-3V0IGdpJjlrPC-KvT}!=S3TLH
ztNzHueZ0AaMPX}vV@bso5k_*6nyDJkvEx3qc<65+OH9-tfS>fYpTHl|=7xfXk5c(m
zs}&A}MTG?!l@KHr5Ze=YYJJ)f#L)p|W##)yh0HEmrsCf_Cl)_9x{)C$wM2By2NL>a
z%gTn_2v$~IkNtFM8k_QBVPANekl9)AWQcWTgwvyWH=pF%rL7Zr*}6E}(|gWyJz{T>
zuFTP<avx0>Tha0#bk$#`O;zeFy2WzPGk=b9kBZE5V@}T8_t)tJngdQi*a}&}spTx#
z@C5C!?gOD_v^xJO#4ZN><UdNGSkif`n}JC-+Hf;geA@xsO@((mLV5*nLJcJtjq|xc
zaNoBv<KwLZNKB3^^;<<pdu|Z*qyR^4;`@GuEomRmjdz^TTf=YvCg=dbV<%y3zY1h2
zY41*6WLqTZ$i#$6YKglKg2lXs4tf43!Q(^dx2qeHdSnw1UHa>{mI+oiDOXPkR3Q)K
z?(?G}<v%^;yR(`aTz2}>suGBTWtpW-k-pAQq|DG+Be2fux#Hs1^ZSh}P5jfH#qty5
z`3pUAeJ25nlF?V_&I{wflXavfZAWB<&&WWCZ0;34G~6$y;H=2Jzp{O`u#Q>cnHhZt
z%fQpv82Q4Wnj}n2+7@i%6Lwfwp4idhzDV>i^Jw|Ohp)~x&b$Si9KX(LiQ?{iaz{sx
zg!bS~voX<;Cj0RI_|(z{vjMgPM=O;TGkrNc-c?#)4tFM*9S6+?HHfvB30o=g0#YCN
zDl_={{Dar4n?>b|!9@Ob`dd3a6hF56Zi~+k&aWDfW^PAc)06!55${kp5o)xNW;JTB
z(^Bgum0GYJ9f5w63;~0*!E1cxo;Gk{^_~M*a~|N0Q7`&tAoasFrJc}|;s1H0=mM(+
z5uxEw29r&JDF1x`h|Zo07NGu#niJdf3sqZqfm-^^nM&8N$by^!M$~j6I$%yrCz7WJ
zAf#T?Zms4fg(!|UPY-Nwu6A9;(!2frTt<*NLbzMnYMpyIxOlcZgaLJGt2JhCO$JJ@
z>k+Qh^c>znmt?d%MdnOVAKEC1$+UI;xx-SP&|#3|!+I9Bi1zL;PBxy7zdCbF5y&kG
z_<apvrqDo1zUM!3kC0xS&Q>dZxvBhRVprGOhwLKJ%$;31xoahFzFd-QDtKpugjUEl
zY4cr5<DJ#^qA8}jDQ&;X<X()EJk0vLR5C5=M1kZ`)(KNz!m-dGGtoz<4TFy?)Y(H}
z3XDZ!Jowe9LnKW|C8Z~%r;<dSm8n@n=&9=p9#fkF$#+UXTgYt*iuaO2-|CCRp)!S!
zQ?<xo87H-|WzI5$>Sro7v}pe7x?mjQ;=A@@#6ABUg$vJL8iAnKSt{5woaiz91C|_X
z?qcXBHYAXTESz2K^cJBb9y`dC&1mqoJRhmobwc3bVDZtet+sR377I+B`Nr@Cl9q<f
z$T91<kf4#GemB9Xqp6WJlc$6NJ8LdQG3{u1b5VZQ&}Exqd1M$^Vx9OC^oA*AFOBzU
zjB}kPpOm?h%8ItE&71zxxw<SWN9(TIsI{>!2o?5WjRSTt^X`n#W1?=7B-%UWgsHOC
zZ@Xn>(s!h+4gkWVl^A6%=%8rFnF4n|fUz7S-jMS9q*sOQ3{~rd-jWS67n3IPbxHgQ
zgl$gzh9c{R>jE!W$n19}yd-G$9+i1ac=^Zb+t8C9u;+Hp+cKJGfMuc??Nt%0wPw{j
zBDVQL&ELR7Z!l_aZseS?Z+M)m;Y#Kc;g7gS9nXi$Les;h_%xCmy@SgRPBNadB3nhg
z6a^k+P}71&1SB)dG@AvF=USC}O)`rPc1Z;9>(xAy&Fc5l`bn5hFWMMvQ+(9tWYy8!
zQNr{<@H)YpK$WJ{h6ql_8?Sr2P$t*QG4phpKh4?&`Kr7dQ0-B3n-%*id=wXJIOdOi
zB0GXz!#LOKZpPTedP>qdO<RM(s52x(J>&#T?HhyI+g?<|g%Xm|?l9^xCn~edF9@|M
zJktc}wN7ZIld47q*v)V3uiJ)DFHl({#OH}`SvlpM^xcL0Nd%QlV#w;0rp^m_j`w~#
z%$6@c8^6`aLa&>bTI^Ad+#TXuJ2Z{R=}^V20=KgEWWL93UX(U&8ixMiVmvC4?%&*b
zxNl?--ZYl%59#b5IAsXA2zzI>wSc4n(LB{r&%yUp`h(V);DKw_p75R}(>Z4ks%9VU
zcpGrKFV|f(|86jvR);%lme33Cu=2Jx_e9)XvB719_S8%>37@UW#$z+qbgXqb&c6za
zrq5(G*5{W#PD@btsWCJjU?5#=ic;pYF9w!h!U0&n*&7H2s-z|JONL5zV%F)uOTuQ8
zvwgv>S?P!E!UjTIf^Q42(P}L-#)5{o9ywqp)IcD|@(<VvB(hc&Np`Ysj?E3U@f<6B
ze^45V=>W%)tds3SJ}DB+C@Yt-^JFI*z|7ZIdMfnz_u1(=j2IGr@3}~M)|XL7D>}Le
z?+-gY`1y|K<mYukL4QHvq2yzk2=!Mgp5Z`g!*%-}r@dUQE&8}-+=eqxD<4f4SVW>H
z;U??C3(;Lp=N_+nl;tvvGj1@TS<y^&Xz%dq&fCg=NHV_{6HaSZM;R_1t@N%>O`geP
zoVWgQHH&G$6v^l4V>jo&ERJ`5UoqV(xbK~Yh5z7|eF0B3P`pV#G7C&SYgH)&i}`lD
zSf^)RFywrs|FU`3aA=WYe9NV1a8E#ehIa9|W=aDl9e+MHU^usO!PN9BHMTC@7`new
z#}eC{|Mbmz{7`G>fK8)+i&>^VXX`JEXY)r%g69TivYrhO`RmO{tZ)qY5`{4T43zS~
zAo{8`E)~Qc{fO<BuoC9lwI48r);i`$q~zFs$gv$n9wf!^i0N~n6Ypqi+tT{pzXKw5
z6$Gk11*{4#v|n3AzwN7kTW48$Dmkxhv8mNCtMUa}1D^sh6$wWiM{OmQQbUJSL|r4i
zN)bX_>veqfBM^hRHMO}#*xzRz#U={p*x^&DWQP7b|2=~-bX>QOac2~3JAE^|a#W)I
zZa+5QNmwVwOA(c>HKyG(Dw10tF(qnS*{lAh()>gBe51oyQ4G{~TG7uFYMJ|N<;&K(
z!yB-jR=T_WELOrci&R8g>~`+v?q-X$cTPWLZKnC6nbY~(*hW(hdCx*_a*vj4UY9r{
z_@@_$5>+z2C1_C?EzPKhL%YjVFXQ*t$e7!@scX8Abo*McKID=JBYVrD9B1wcyE9Jf
zSEpmiXG;>C9Wu1M!susdR?Nf^()(%4Ds^%HG~tkPrEEXduFl2N`enAxTE(;`6FN7j
zGu3oS5$Cux$G#4l3a@`C-C4`|z7ZX_5$W$z^3&JS1fIWn^}UvS>+R7iJ6^5MN2y(X
z6>{a{o3>-u@*#Rvt-L3t(eCbSr|0PVoM3-yU$UfW`|X>%BaN8CI*;o2Dj5GMy!Kl6
z%jCub63umHr<f7zetBam<VG>u5T76KN?&s`@*Hb-c=C=D<34@K+_q^qzB44L_5dPZ
z3V&Zyol(s&uE~_?c)i>ad+pb#qpO87_eM$+bw-MJ(yX(!ou&4<(o2;jD70bRJF@`g
zk>=^>tYLHf^ueE+bDOFkW!q&P1X@Z#^W2`9*pBq^cbr{fBQ@23hEx50XY%+hM?4JQ
zjXxn36=KBj#bFX%vC0z7)v5mJ)bQ$y9Do(!qbl!Ni={yr<P|RBt`pN+e<$89ug+AP
zYB65cq}*IhJa8?Z#Ccbp<Dn)|>P62XWF27LED%x%2~Z>vN0hG47^B0`8YX44^Zf?F
zzbyI<-7JD7(KY77Bl>ps22I+eP>Exe`Ru*U=YL`BVoOuc(PuEyQxCHi2DA_XOxNO~
z=Y)R_8j%(8JQ8&sfJ+eAozb8}{4Vq>00T564i0%B%8z>!EpIc5M6L6$hDyb%UbQam
zpWm)~>m2PJ*iqlmvnU(d;{%Y#GRy#}{?|IhKNf12o>J?D&wcKy`+|A}(e-e$lB74@
zXW{3WKa{x$#8sd<)=rqu*a_gKTHW=F!}Z8=)7G&`d#!PTBD6U_&~$}-pLF!1dc!&K
z`WLymJY$b9ik!sX0ZMA6fPT?n<O(Jth<OOF2^Dcnuu99of~h7M5un=&>CQEI|B6^I
z2I#lV1ea;@GWYt3gHLUZysiTyV2O(uhECS4di2MWWY_<wNEC|?>P9o>z*_LN7Q{G+
zUS2zK7b2vAwYm01E!WN?V9C_tgoWkSqP@sL#4y8p2JvFzY1Tms^HYG>8a^L!Yp*qY
z8X=0ss}gVi@QXv>T32L7;r$5dZe6(%Pr>sGHv7JBTw>wh0`m~fhWGT0!`Jyb_`!-0
zWXd97^EV0u<WR8Vm*zFErE&6CtMbpyYx8~hob}&yjV<r`?-_Gl%Zzyl7FNXLmOPR$
zC`XXuvHwIh`<ul1@{#`2?HCEYQU7Qw`~1~r#x*ftFHm4dULD|@%E`*{;E(@&u^1eO
z^>1ISF`!uM8!5=j?*FCL7?doSNRuWEB6x^sr1u%W#BdFpo#Uzmj4+M3m+#^O*iUn2
z=h8}JxeEvuW4SXmVCjQBZm}v&f1xBThUVVr6GQV#;$E}ih)C#9Xb_)mkFlT}?`tV}
zn0u@4SC57x%$MpnHpJb|y`{O9Pllh%@!#{6U_mR}sc|zRt0{`*f8Ud+uB3Eh!(Zwo
zt-EC@NLTIGR;ZNzO)ArvEWe@9PPFmhW-x)zomtw#I-fB&RiA+2mimt-N8o^9HMcaz
zE}xuOKV#j;G%B-TGrRmh)!-Iq6D+t3uT%;-w?+&X+jVHObGBu(&zI3HUZ<V+(!=}7
zwvBFwa(eDnKfRTu6M25ZprT)WZJpl4+aq^-nG#g$$SS^p%zx?>UBk}t>1M!SBCTru
zb)9H4=EQ+M${wBCN))NVL>w4G*k13QflZeP#X5i%!O_nx48toz*S9?~sy#J(Vsx|J
zeDH37|E8%`%J3z&K;}m1yhTW>!cG{rsI!&Z{PwB%D8IMau;zv|f0E|5`-(irrEd&c
zXPz6n+Kj@b@wd$Qo_tezU6oOfQTvt_{}VM^npj`GL`8Skb4<ua5MtS<innyX-M^ze
z95)wc<RAKV@2qbd(s~T4L0j`oJq4R}YsQPOe~?@D@!{i(KcQQ6*Z)%hVe&^9=dw+2
zqe`}X->Wu|lQ!QXBIQ3H;Q}3^m@{{A6BD2Q@HkV>CHsQ;(tg^{HWso`s#1GHg`7!U
zH*G4Z8akSj4|$~?ljTPh=}ZwS?!_2_wN#>#+(~0OLFCXgoyTm)GUV#Gca2_D*y*^!
zq4Rb8l8E^_6JvQ3rF&%px94ODYx)e`h~44QtiR+Mi;dNu$Ic$-%vW)TdjH-}+qBTC
zLD#3g#S5<3=sh5R>j6A+23SCEjM9Nnkq)wFO~Gr{UIC8ehXt*TuXD<2Myp6vYB^@E
zcne=c^MA{AOVv-V;!6c0x7P50kp<_wNfkt2vx1%mx9|ytr+kmn&#(2GHFXmHeb1Kl
zy~~W2<?oG*h@+Pf($3yQ;p-hQ8VR6DH!2>2oCnSaAPL@3vBIx4E;CSh_BP~_E)L<*
ztQ1TJ<X6LIhUcI@Zmzx?RO+OX-TE3<$?FV#JHaRwDJn6b@1JWr!DlT0`HmmMus{3Q
z^L9sGMeV0-O>pyNSD;?mkj0}APQEPAgg@_sw5G#TgKWzud!$!R$jSK#Q1lV*%iZ0n
z4j?&3l8xFq8U3pgFBnYCNGRP|H8*x}8KxLW{CNlC^}zSJuIIA`pyiW-SjrdNO8_%)
zd{hk7czD)U{ry*Us7LsO4OgDxaGUS=9u*_bxu9xaRx%-=BCTxG%9i799iW?c0k1-B
zTTrj4x^@mDG#BQo#JERJ#vx*_0~fY9Na)&n&3?KB=DCe~Wce89K)kc(8V_E6Ya?9p
zfLk;j&TnOd$c5JM9z}bDE<(+B`Z}0i_ob~o*xt~K@4q^*3~|iGJxf9g4mL^hNLe2o
zQslC!T;Ywb>{)?8Ic((WPvSP2TjXEl@Ddrjkeiy0%YD7~kt((n%pOro7kA)%ap2?R
z0<a67M|5pL1wdu2POvUjB4#d4qfhNJuR~GNQ6Z<3PE#L1Hw}0Y(w)c8`48y*QK!>c
zShSbsAYsoj%(7KrS7~EA=|+B?1$eZO{_uQeS@wo*XROVL)`i?2N2#Q#sRuHhMi!FO
zZHs22$(*y5`F7VNY74!$$7ea`gASwoG%UrJ&_XXfZT1}-M>$$S)uxReP~uXC5vRo#
zG#7a-#)!J>JiA{Yq^UodZL;2J?DCceUAt|q0D=GyIC#E;UoRn`Ja&HG2hsU%;Eo_d
zl(|dcyaz@7Q1r80TdThFu9N*i26%zSKe3Gm#l^*Az%1!Qwp29w6kaT|tgNiI;4O4i
z=OUp@f%-`l7=*90iW3V+2pLMw%gd`Ra%*xxIxNqBAMc?EZLw9wI=exUH7?t$kvfw8
zphu2u@x7H1Gd?Q}F`lPOIB*&k1t}F!(Y#b6n6bSeff(8vT1b8*>>90Pxz#QvJjV#u
zZL=waS>`cTJFeTgy;zJCO2~TTm6Ocjj=#O@zfWavSJuprx~j8QV!E<<<?0^X_-Ex>
zBd*?OoI4lGTKrDq2VFm2SeU`M`~R_&Q0N>H&;zMTwuP*=%Q$-qy|nk2MZBr(;x<j&
z4-u6OWhCd4_fgUJ{%rzz8tf^w?T}BVk&JcMd}|>ZI$-OwSkB~|i?cd3ZT|(lTX{AV
zy#j0mBz=dKmrj<S26U6Ro<kq9NJWZ}eG-8BwN2mIqA@*`mE#5al1~%#@ac4)=iH%u
z$RfQ!aK+g1b1Vz;>E~QWDf99eC!0x1YYo-lRkb}$RuLLI^+<RGZ(Pz?A`t*@uyaAa
z$0kB@RPhM;kvWU;BFu9bi8B3^uPr&nU#DG|!B->lsv1|Mx@{F)$V9w}S@-J9>_cbl
zJV%Gh8m>u59JH)V%FDR#W_WdK<3?I(g}G4yx^*5B0qZ;zXca!9v!mYStn~5MQj7b0
zn@XqY7-^b`&d!tffAAPMg^ai9CKH|GIkVsGU@T8X{_lX5@-dyVc-Ayrn_a$yd+f2e
zv^B<c1H&g|v9tC>JNSPlWBvPjrW9Q9S=;B!A@Ge~0)+@r*HKv*h32L6k4Rw!KXFIk
z;Ldo1c}*PxGZ|ra*PmFLG3i9zW6BjTDy0C-d)Q;du${j2cKDzI(ybL}F14ipbXTOI
zpyQ*0@FkDV`8(bV{kJUMaNc+8H%x<a?v|b$b(&<MNd47c8xr1vDB*#dpu=&_m)afg
z@vy*b>l7u;$t-RUu3dZ1tL#*i+(-%4$*S^{jeev>O;fcDJ$l-aW1D{!9!dpH$HOoY
z_Ib|Wz|`-%XL5>uk@LVNkv-_jn9T(7M<nYK7e8k+@3A7v(95B=RznQGM3+=1?Qv^i
zy=lVZYCF8_Zg%Mfzx&gu^U0h?PJ)BpQVV%Td`;LXHfmAvd*ge<OIs)dOKYcRo-KNv
zUDVk{DQ(SNa%fwcxm<8M;5EIAOj%s|i7h7<sW3N_H~nOxU5zlDdqrJ9!I$3EHvJ?G
znd5kF5{LMNg%nbJ+w{x*D)&B01C5nZZ(OXlzfV;p@x|Lg&?er~a3OczDKw{y_ed?x
z28r@(By<kv5M3NU#MLK<Yt!lXKoTb91zCxyxm~5sItNMn!Nt2IF_KiLu1Eu^1m33;
zadHG|0k&&#y72Ww(bi4Uv~3G?8Z>)J^vAWA`TJHuA<S}+7BZ8;6=wN7QyC{(7n{^9
ze7r4GP%soFX6vWi>)t%o^upV1t{bzBX6fuqup(VM_ZVY{&Bi#k{Jc}Wb0We>`vXeb
zT4-B6)W8X8C-AHzm-mIEG-J`s)Sf}fjU!Cx86LYeSt7KU6R8~;Q!|PX^9JwuXV3wh
z7vesJOEIsCw()U%T->lb8okL~EU%RYb3XymBH}Es!^|jcapax*dIS>C=Ppf$Cv6XH
zvBfu1yM|`Kle%C24lX5+N|QR6SEDGX&IA+1;0JQnZpIeYR|{#Sp89VXJLGo6$OXy^
zxH!f83ICv~)^X!lRceUs_iYpphbr>#w;Khr_uTGP_D@T6)PF1Fbrx}2qG)l3^KY@z
zvxIf)MLJr?XM+Q$R}U1OEwZ7=7+)9475-S-7iHzAEykav@G)C#gYe<-48Ke%4`_Xy
z<Ct3aZ1Yd>!U1~Tx=MWp;iIFi#{4s*x4Kg|7ul{%((I<#XwG+h{(snXMv^YwnOvQ{
zxL7+AAS?(a=OxWUYIwFryU9X8B#)mxwyOpUV@%86H{E4ZhGXal_(z+IzT>@TyO5Pk
z1YTlvvq3ZHj@wE7h)YME+x`3`(G+nZc?)`;z2SxYVDcXG{l>2<4u5JFabvN7jSsiD
zM(l@{vTQ6#^1=4QH(t^(MB#96fAB(lfEk--<=jQL2l`n&^BWuMi5d^SrZhmnM0qJF
zSZ4i=rVHjF>|P;C6h{?5P3*IBEfsOE3zxF^CD4NP1bPb9dh5<}cd^gQrK9winL7NB
zN0{e?e(dpWDp?q>0oe}J4!60>@c(n6)DSK6EHfdXrO6_Iy{%LxL-f_W{02#uYyII*
zK9GH94vSR#C^vOYIg)I-3JVR#go1Y~uqu{Z4Yz4($j*)DRwqyV;aI|ilTmq}8gjdB
zBvR{C&zZee4;_BGhFq(LwTGf*DjuB7XlSd5Y<%&;K>V&@kDH3uWk30Cw`)v%yRpqC
z?tZzwk1GxK1wemTom<SAk~0s(?C>H76kSVj?tY{z5}vzu*Q<58X&hw=v*j!dB)i_Q
zNHCx7>f^{~l=_~YA^NBJX-inr-n6HL?o^onaB30lSXPS9xEVLtTSg}MN4aJnnY?ei
zG^~y{sO?;`%l>MdslF~ha5xnd)a6}MOR`pb=K@w+?G<Gobl%1-jbR<MN?^ItXW5-M
zt@@lPCcXjXl>vp|&B#9XF6__joGX+bjiKtL+IykO&<PX&c1sheS%G+P388c1jf+}_
z%n52eY9E1V$ZhX;VnA?`Cs^@LVGrh~m>LjH9U}&#o@W{|>2$iP^<K=8F5r*Mxs?^s
zBfZO%oAbbr>aPcK8_0QPHQwYszZWmnnT*HmCPTw@1fZ^h(N<1dHx;Ica*w=KIM?LI
zW!b{Rp`2;w=FJ$p*(|gEZfob?=QFk<STnvR?wFaNA1n@k(fV{qt#Bj;Rdd-eN`7pq
zylKB$L0EtLX5=fAgX*T9DAZF;Pyq+iowG_5EKEL3G%^cZ{5r?99}RDLH*XN7N!*EX
z<}FN*LUe@$<wi2j^Frl|9t7ZUmkPu^0a4fN4p(!KlhGH_b)Ga8^_m-_gv2&T9vOg2
zZ^P9i4*b?CU6F~N@EtXrAi<NtjFj6gwGkUxp;$1Qgta!aEvg$+X0cdY=G!EUC|l==
zXD#R6%?0-3qLY4$bIjLhLF>C$#3oPq=)D<rD82Sm&JqmVhkMb*cGk(9$dxs9rl{86
zn?VeYXnz@Ea)?whF%DVj222j>X+QODIQBii&s18`>gd*oX1|iAE4U*+3Y?Y;EQT&j
zDbvt3x1jK>ZTswn8T-$jZv{Jr^Ud7#*YpXjt9&&8hPHF_LnA^FkVSr3eu2kJsL3gv
zYDw1ZXwn+>{|Lfem%_?brN=MYAR=F?ps1Gu7C)i;eDd>(KW5qmz+N|`ORrd-JNGvT
zz(L;n7caWh-Lz^@Qgu*gNe$n?k-3p!-rNt(z5<k{6vgIl(TsPk86y;=226bZ@(OXZ
zZ`TKZD+?4RTuMh9NCG{fYDbCt-7a!ltz4&8Ep#T920EjKtk=H}+j?+MZyY4btg8CN
za-u~yBFTO~InTzBpXSx?*+$(2=DVME^fs3l(!Hpn5p(}H3~c2p%%iZ+t7$+WsX<_^
zn6gB>prl{2kr&ocAX8bCxVO?|^gi*(u0Pg<2wY_f{tRHe7b+hg8y=}})wjY_YA?;z
z-$fgSF#Y;WJ{};1OiY)+BrI(q-g3f^m`JMA(XIqXL)Bgl2c*@x;%C>Ky@3!(%}*UC
z)KTAhohJO!Qd@ehylbw`+fRGc1w6V5(IGb5e`ibaC-;o>1gaS5uMF_64Fehf2>wS(
z9Dg^GIpf4n_~=C3!Q5;V$HuABE>IY!ULEC^^WdN8zIa)`*xmf1vZSWfs#jNxO{Y?N
z<PzHwz&UbfFKTs%z?FW8Ko(mr4uB7oRZXhyH5BDIHtFLK#H-+F`Tcs0u6^T!>G-pZ
zv#%HkPT+my_t-N8AM^M(rnvZk?HkRxp20!oZqanGhya_01gw9QqP2K`9H%iHC+yCA
zYmLpaCy@<kT#@p}iBs<UjJ|DMvnRn%1V-ONFB)Njt)RfDS+A#%=v_3tXn|N+Bb!E6
zlBK_4<bN!;n>*jEet$jzGv4f{k*8RM55lQd<Q55+fmp(S5n%7yzdI2EsZHls<z5lI
z!msB&+Of4CRRZD(=hX!e97)qI1MWl2)6rUnAFHtA*~OF~4^dBl@LWLM_R51AfM8Ih
z_|p3nf0Y40Few)8N7Y%qGLSgNO#Mg*dWzD9R{K_$S1LFxT^&)jlF8ZEG)up`F_;>C
zXLnsGC=6UcHbc;BJz4|S9opXhtt~C%6KR1=1UNWD!0=4=qS)ehZ$ZXZ?7ka87YCkO
zk2P~ji&&XAmo(PO<r8y@&eOCqIMq>xM4xc>W=4Rxn3fbZ0w)R#C2T4t8-riCwUHs_
z7CpU5N{t|i-ClZVqc^h@>|pRl=grKpdWL?XBSegl@V&0ry0~;)<M_k&#PXqzu00F)
zSN$)Eu8j}s_=Gy=!wv^Vg#_IOT5NeD=JFqF=)u(@pX84p*dJ?1OthBPGvkl%F|Rl!
z@S7{0^bTK0wI;rNCTvo9l2fOmO0G_A9d^@IJw-FnYntt#(q~|Rs4I>SDiFBOiZhVj
z0jSK6m8ZhiyvZd^+{Yf;p&%gI<=K3OpHc6~F~y9+v=FS$T=UM+x{BrV{>j0;@5yl(
zdVN$%X~RXOZHbefD$gQCa1Lwcuu~4d;g$Jxjgb5=k}`q$$n(Sc-lvH%K^aaX8KO^>
z`S;MWEqh=veths^>l5YJ;sYSKFB6!|u+OL#J3mK8<Cy}cC>l**xG%|BWS41t+k6r?
zOIvuqxj(R@I+SQ-h}3?<(X^6Mo$X9MU1_q>A0(-NM+j!11sa@m=7?tF9aIB!`|f)E
zTMFktm{uSr(|xLE_N9#8J291&2ng3PO6EF^fOsP!M&8SL*J!~JDeP^69lib-+9FA#
zfFq~yQo_5Ci20MHO`B?1JcCjj>4zHZj}+0lx~*F5(mqJCwaEN(GI3qi$iV;{<x9Q?
z4CU5HIR2Q&VK4q=w3o|V0<G<XJuK0-QnL<c@3PjGfm;Zu)Toj;`vkvQMhLo#p;Zh}
zJx~OIXkmHo4wxO0#q;q=B)iZRwh*GA)z~n0bz|z5`>i3Drroy$3UWu)^uN4^A&>~<
zkwf_c!z>G3VD+h!rfOjIc|hul@A=2Ca(W%^!V*-b1A)7>60BawdGJ=pPfb5hTeDUo
z%dfaKlD%vk`i@V-1sX;GNdR?|Z5p1}9v{otM@<xcrMg4MhQ9o(x)#X1cE4tA;zlTf
zIH&cU?a>bzvO~Ix!<#;5Mp>gSBTKY^CH&_e(Xt@q+>5&%03)r9bhl9`AB-9cw0Sj>
zq(_lM7iy8DW+8Gl)3dpkm}~};493lrHUo{3x6KP6OW~D!Flo;aX&I7%EUZt|>c(;|
zD#B=Kg5hzAmt%sqp-sr|mfkIcqzvBxj+css1T_BMnO_I;m&zlwHxiDl990qd&6Zy!
zU@UKlwugi6gM$`Dqx7==KknZ9t;wwW9tIJ05REfZ6a{1)l`5zp0)`?gC@Q^o%g{mT
zB%xWr4kHpAr3y$Vhy(-@B4Puimna>jCejIkguuIR(C5+5^<3XS;N>?j1G&pNXYalC
zT5DT-@}@R$W<#&14=W|H?0>nH@6d19IJMKBAHfKpfZQY}Gjq}f=EL=GO+JF)rWyGx
z`(;ijOLNwXpwS<~oYh&IxT<2P(fuEu=Z*OS)>q*www`7Le9f{iTAR8aTr)Ms&I;fv
zV5Uho$iiR$F${Q4H~5OY-r4A9%lX``#BAsm7q95HUF?5-^;%=7;-CgHL(i6}(aXNZ
zo_%)u|90A-_msRFHNHg8rcAX^Nc1F*007oE<A}F)@}7zZ_HmbB7_@?cqidQai!~PK
z9wsd{WvpLt(HV6L9SL2IV7I)e#mS7$Nm@)+PoVgrYb5Y~-+uOP^8+`}t>NYp1)(0-
zZ5VsCPIbC5Vf`#un0I4avY8pC^Nu4TkpQg27v{EwQ~-XnY5T!6zr--b(`Oe;^2=!I
z%p@=kQ^*UOby`~1UTp-;?p!%mNMapTt0@*&@V~G>gzn;@4HHb;G&j*Z0U@GY1c&%O
zsKE#@@D!Y$(G;5NR;kZ8KR=L{bcJUQ*UnhhSYN(8)}X#(Q3!87nXns>*QNPvUUfzq
zg1mw)-^La1Tql|cJdk|JzYTI8VOs7uF56?7;ulQ)mX||fIwu%d_HSPt7^w5}7VBe-
z+;<)9+b7_z*p$*o&1{_3?s()JuJyIeYT>{qMe?-Uyw#M*jY`*JxeA#EJHARf|Cx0y
zZSi20dDdC3oa=hi&u<!0JUnMS#=9zdUi4Nyu2XlaS2^S~r~Y;3AKCULzjm05>r)>+
z)8m#0%Ee}H#%)h8uc%_LUNKvY6#A5*?ecu>DLtN13T~M)xAxh;@~fVs4kNpFB|QK7
zWa7oc^r}ddwVl1aIE-zya&>mT2@FU9FoD=x2Ba@Q8(1IigB{QxZ5v!SUC$NcZ)xm=
zJpFl3-O{c{5j}|jTU16?BH~cUPAv%|;OF$lI-K@+{&+^ZtAPWHP7!q(4NaN}{ZyRq
zvz#=zx}mnI!V3G=5>RYea}DgVPJ*dbp)VlFJN_`yqBUqNAH_g2_$3vQMJZjg;{5aW
znj_y4w~;ZJ9L3<L$g!~HSf(d-8{$QEyChLLWO3dZFy`6Y?~=<#3Y+lRr^so`^kwwx
zq5Edht2fN0y^(wLu5GCUG5u&6sOz2r+4gf`1TQaFveC8QTeIIdXl$E<g4g<$rQ)nV
zj1p{ZYI4lV%ae2U^em37MATqv>ppb+Gc;i-!oS?9w7jQmWLZRvu)0+pGIzn_H0<>%
zd}t1?*Ea@fM8U_f*fz;$OX$SFh{E%1-!r;Z4_uEJ8HQQ=n6S5`ixew*1RBK-4o_bo
z+SQZV!2oYUCGG*fWzDyaXB>cSizRAI_a!vgr|!CH{BKA8h33E=&LeHnHM-@A7u8rx
z$F$S2+Z_{{1KA6Hf!2|O7+a!zkb0h5xl!grZ|+@+kF@f<`RA@VB9?3<ffJy6aV-J?
zpfi;A_*rrp?B5Zv;peZu*EQd{Z^HU}8Yg{1Q}x2WfczH^&Amud5rbf_{k$s}ELf(R
zZ&WN!>($1*ceXI%Ef#zkuk4j5=T_l52sg5wWZLKh4gMyW3Fv};XJuve?LDT>1A!6d
zGhYi7ne7S!mGfazmL0*{S3N;v`x*71Lab*C=w?3c?8t6`CPH4u<9YyHKPGZb!mM#w
z`BtArC^8Ch0QuwZ)Mp$7KaCSI_SAf^R#NhHv%r@GbVTQs?I)i^xU;n|hTcn~P9>X;
z%yk+o^9>;qoHtk`=#M>}`z;6y<71BY7-34ew$!*8xD|-=BN8H#fF(@AD!(FQPyFr+
zW^y~s_uV;;KRKOb*l0`+3$|!tkMDT7pd|RRbxS&p``JRanwpx&C$NvM5~IKbVdCNq
zVY>pc3o!GLSbB(|%4^7;h8eq-|MF$ij$+6)pDCfC`ma>-B1^84`Hsni<x@v-e54xr
zkg1Keg2yKph%Fc??5p`mjm4Bf)sw?5ey$c~bxmWJa^#L{c~3avK>lsH1gvT+vFTmJ
zs~>I*{ockg=IZKf>(sBjxaqeXjEuoVVhGDc&5SX3*l^q<g?hSla7|e4>P@y>JC{!|
z+#hyy+tgSVqTGg`u+zUs*MAZWkR?7`&-a(>{H1g++}9n&`3`AoGI>7V(c`w*WJnXR
zF>7#I031*@?mW3b@408U>c)6!XAz?<Ou(xP2R%CX$19sqa~+-!HTr9?KR3vlZ)p#b
z9|H5YI`0gz*L;8H>_o+DfW94{lX0a`u1$z0CkN+x!6FQHr~Ss-8(Fyo+9RjZ^?5Cs
zJ9#4oTTuk<*7od9Q08K5%%05ia0PVxnG<jjCGmPc-4Wt)|26%?$-2fWd(5ZxA97N2
zJb!t4CmXChrBDKAOdL$ek=-y&Z#_=833Ao9dc(HBTb*hST1w@BC45pxOzAdJ!mF%^
zH|<fJ>e+g=iBDHt!j0?v621k+^H<zvhHQ@Pz{h>*FROB_C%>PCT1!s9j5F6M7YeTN
za?}O1?u3@>RDYRZu32MQw7Ff-Tkzv+$?t`s9IAG-&3EZNGLP~P8{{YU_j3qoHeAu9
zb;Nb-N`-sU{i&We#g>}29a!}l?-i#<x+1Z1-&KpTf5IWs;^kflFGoGcsURX|&asH0
z9dxiy)nYc4e6@`4uIv3vyr-1CdTh+}50cHO(Pu=|t$_mbN3BdsPXpf<nMu)gzaO1P
zsuydq`mA`NPxzu;92g39egWKdFO<$-?&h-*5Xo0dqn{}cA>Kg}Xzvnm5v?WKGnbom
z#EFbF?^@n4xZ1)%g)=Ss&X0LGo35}rQ^Z<W*5>2d7Me=I^vYhCud?#9a$Ja03Yv|2
zBtK<~e;kDIUC)nh<co0oa2a(5@uPnX0is&Vg)u))qe(wv?Ql2WVvqaeDV}eQzK5P)
z9E`KKvdf2{VNq~wFvy@Yl0N6)XW#1YLLHM*5oX#iv#5bmg_>+=H+&)X)W`{QO^dYF
z&?*(s7QUcJ&Loq`)SDu#daAa?EdHe3UH3;W-!s8X0pz?7;o$Uw27K1g-%lM2?^Fo0
zloL5<HO$l`44E!1G=z#x$eq)eGmk-4j*We-^6T|!K;!j}4EUvJvOp#+r$6^;Zr6>P
zO_6l7f-->{Yie9fDk5}*#m^lk-8WEytu_F44&$05OPxu%;^=^Z{C4V(=sYB>{(Ppq
zlf~2+*)2qU1qJ5wuCw3_I1TV9bvk;z`TED0o$Tml7axttcVJ9a8q!A?YRt%vxjLZk
zUV@?~#P@!Vyu^?wiNSde0Tfc{Jv?KQ({=gfc*Q*DR8PryvCzdUZUkul?#Q<GGn=%p
zN-IBI!^>6eW*{SviWr@^wWei>c`Vd?TiK4F$x*dV*`JphY5BwO%&v(Za=H1Id9~h!
z`-6}5j&xOkLH`aj?5?{zRi>{>=poY}YB$!s{iaAMWKIXeAPe~o4sOBK5B89U0`ea+
z|6F=2AL7VuyJ>4;ZZDWYx|i1f%de1G*IGea_=e6;h^R1oWj)Ah9Gw|vZjN`ZXaXuf
zLt2^S<*4~tY9wVwl~@Hd#@x*soKgKe4l<0bv*i5S+lh(YgZPbH`w5{F({m1wDq6yi
zR<o;OR+rre4G>7xvK4Of<x0PjZa_2R2cL?)qP<NQv*CN>YUjkcnV<Y@{nhoap)}3w
zD!}oc6$b64xZxwr0&7ceHXT|ln3|@ttD`)XSZ(@IZ$RlS#f*a6?z_s@ZKC-ZHg*$S
z8WPb$8_rFK!I+NhfFo;PUTy5y&z>85VdL8i=%~9TYQxA;)uabksX$kt2PMp_D0;o5
zYE^x}BmjNiuG7r3l&cTcs>nypQn96`-d#yU5~tXVS5X@&6XCf7L745Ux6--}xs|H;
z$Ld~FFjhoXf0~PqMA1@7=PbWXqj_QJ%t;R~uae|ve+_HTIqJf+AkQGlu`a$z>6gKC
z-z;V9OWOrsnl|)TWZs7?>Ndn)47_t~O3moV$cSk@v;*Yy+dD^D&DXWCqA@%3JG1uZ
z<>irSPs8$QPZ`Ik0(jwid1*eg!18nd9(?PakwW&nw<MCFf6C7kjRcp@{KR@yO7Xr(
z9xAz2$>qc4iL-XD-$SW_I6r&3R(>o+6irH<2)+0CIT!%wu{;w%h={v*v1MP{)YmFx
zp9Xpfkm2+c{<faAn;x_>`V@rS><B-O9w}aC>)&X{pyB%UvV=V_Y{+HdVV;xRdX`@J
zM&2dC54xMzZ{{Mt;;}N{Z{ZPSx9Cz8CA-{yjq;rISdmlNW^V7%JN$M;YftD)nKZ)#
ziZv%oXSe)L&NIwfTB6{WfmFxEm1#=cnaUMLN{RG+SI@aZ*ps|v(^z)j4a_c>Z(xvf
zj`F-3&aW-#ZI#YVA4I_*?nTpIvk7ANNhwYHakKY}9E$FWC`sE%>!%ZV25zh2t^RZR
zp+==8GxlvDpKKJaQ_fCodR(rel6IJ@^>&OJ)lwbP?p-_cTAXjklm})DPur_yKV<i{
zN@H|+UcEvt=H%T3*WYwggPsW9HEU40+Qj7wg-g)JleJB4C01*q&!J-Gd4S=B{Alih
zjM=?wH^FL6^Id>en|G}P^O>j;E=><eYVNGB3j2bjF5f?$Y_vA*&|HarPsv)YR|a@$
zvJfhQ`|UkeNX*Y4@K0O7LSnG32G;49N`>T?GQzpVKObEC%iN3L7a|HF9t0}zOO7KM
z`+sg8GR3V)BSk-dgJ>@<>E~~li=xE;@`05D`THHEBQ?Mz&sI2-6dn!&LFbyI=9LRV
z=u1DJ;K5_`-M@Um2}S%RS&a$hIO%b5@m~r8mW9JMgRZ2*iyweAiu@QzA%g#8+K>DD
z{X)in-yK{&vf6-&m2x*($l%F4^mO)5*UrtQ+4ke2hL>JafBKW#pA<53k>_&os+FdP
zY8lH6E&%z_gj?d_3d@EJY~_tCjrCG4{Cqc}^VQ07+}dx!B0u$?-P@OhG`-dm!#Wg0
z>Lz|k0z#KK@q0`fbi{)%YBj@wc>>EkXyb1G?(X&r9z^fKnn1k;b;z#*T^vB%OQj)x
z+<~>`olZ%?e=|>cfDH#LkbYx!y9GGSqa~9s#JbrM^ivydl@K5FY`sxqzP)33V#gkG
zF&I;3xbw^Xcyby`-p#+<CKPddOx}Z3Lrh6g@pyT_#Ql=wZM+-7+t#u6$zhMeooyLh
z&&3`~My{#A0Hw$6i`=Nd-F7EUrg3;59*=hh_`Eouy6;*u>mv+-k;BZ?DW^iLQnLf<
z?cZA8{)$Zr=98s=diLzu2pC4+^?cbMvGHp2ApTy;9)gyf7{81x?$hyJV-~;DiQauj
zP4M@sP-nnUZslhsTVGkA{6{&_>QFk20ESuIC(HtW)x)(gMCt-L9$cY4=|L$hp!l8u
zQ~anB{!N2(lI8}w-1aUW9z@a>GSf7~+S<AZl0;`1@zn%9@NZ(`s=ksP;4p-{2v8G6
z19Z@LKwr2O8Siz!7jk;Adi2uzrtl$`opMm%y4k;~X2S*vzV)DodZ*(r15XqUPn0nX
zNy=pZZq)TtowHoJc<!#H=3#5poe_!jckfQJ<B|6_)l;eL_<Aii`9|_=-`C~r)jJ!J
zhmep;J;gx!q(a+TqG-VGxLNXa8!>iGY!7`dfWl4~{1Atv5La#a)<o@4-rw{19644{
zw|OcBdR-RC>>-Q&e2G%?X<R<rW+`AQor;vZ)1W)NSh@(4VG9?LT(3*cs^~*~mJb&7
z&AawpV+=LfER^O462-*zrv-`_e_@vCDVa-WLZj0GLbu4Lq_Xl=06pQ{%M=o?p%}cf
zM7{U`J{EHC`y3U&k1?1PhOFxn`g#_Mog*HuB<qwnJ7g3s<8iJlIz-dlA(ztHVl~Jv
zMA>KKAZ`|;)8<T!I$6)F%SLrLFyHL6y1d?{$f|vGMn^{Bv7X%xC0Lb?#I%D%!b7o3
z*)eNm5T_Skn1}jVp}|q}z^UOGuB+4+1}JkvWR20~cN5n0A_*Gqokh&2aa$8J3_iQY
z8TB?ur^aJtU0Wtu3{3ZM5j&Y9ZB89wv=rW_7CKu5$;)g%dX6=!AL@$!NARQEjr`r!
z*It8&w*Z+%%u`DNn*=K{5zq(@Lg+2FX;rhDh$+H2m*aqffseC39Fd5m_K=Zs>ZW{Q
znIuY#GQ#vbn8)%)=qYjG)3C7L=#92M)4p>3uGOo8xu4$g4$2S{Uw9Byx`_+1ZCFEc
zscV0v5AVS$l`F9_uY{$QEX?_MT?PAWN<0%7yV?~#u&&_1^&^YB7S?iSbPeCy?2w)p
zdIHyxT0Ax@xWZmLl~#6?D_6YRZ+~~v<W3BkVuomyYmo`rwc3c7Hx}(jYYo(Mq;1N(
zfZoP}2D)Y9&Spy!9h61R`yAR+kFp_!SO2EbTio#S_MU_m;;2&3UUgDghuOs2W8t%a
zF&(s1ZRp)9ZGK78!m6HK8jsCoT6yok*k(IyUY^D~)ONw1nmO0zb`cD7(M&`1ZDQ^$
zG($fX3mT1MJ9~{!sb=JNf`bqiZ;zXLi;sMuwTtrZm|rOnnZBlb4nDk>B1O>3b471^
z1`l$3Owoi>vf0j+V{`S%3DRq_rUKjxOz!j~*gItjjmSlx5fv4k>cOdA`EtGOMQN!@
zPjd;JKDP;V_MI^C%MTj5fo|sJPEHvfgdBP>0h-?)?06NQFLJ}9i!PUL-KSQ78%LmC
zoM`HFY*ANx``_;~&((KoUy4|?NiT}2X@3q_^b~%k^TFWll2aC_sj<^3$2>A;T*~wH
z$3_=bWBi!juh|xv?!*gL+g<o#|M8C^_D-C#aGLVjJ3%g%y1_i07L4gNc|GwWU*c?V
zFnLVB-IUtTj;91{3_e%X5XGDk$}TC%qUOXG9#9-)czs=7oDa3gz8<=nj~u`W77tP9
zVAC6&-Y*NK1@EJ&9q(OWjkg9w7ms3d$Yiv7p>hIMV>l$YM*1B+{!BkJc_iM>yqCZz
zY6!FlwT+{mDh)MHOE2hNR4Q9a^QJWmx9JlYbEf%on;Ym%1NH+(Q(3Xhjnh)f1Qz>q
z9o=bVE3=Gh!SD3L4h+QTk!)+ZOX=$4WI+)nR}<1heUWozAcV(s2#Nezwv%=vr~hHq
z!^5pJ;5vq3tTQFl!vRNkd~6m43U5_ARWE4r;+Lo6zz)XAr6ayVbqIk?e7Zp3*B)cR
zJcFKy@3;U?c<sB7<VGgZSKyGhf%49bPkyQaFxoKo$+t_nJr&+aQ9EuzhzQIaQmj5q
zf*zindDLh@+_$sJ-4}yYw2$nog}JiDgB+>dV`4cOsqJlts}sp0fA;h~IprD`zU^3r
z4Ja)O25GnQCF&SU?d%cY{S_PjUXxCj(NUQxfz7P2WhG?0B)eQ(BOZRdclUme>ygnY
zTT!uq>5BoVaRjgmxOMWvBXG9jpeLJlJqRsP6uEY?XYwD_hqIh#O$xVR0Oiv*sz#J*
zQo9o0^_GB}^;r|Dy@b&XMfpv;AMD0oXHWzFIhoYxHY=)#nH_1Jk#b3znUJaL6qPR7
z|90dP_zr&>5oX;tf0BMLBxNFm)7{p)MtthEi)|+(pf1+R)9&nNO#9DaT8-Inr)T-O
z)F*=zD8q6rCzHF^#0O<8_%N;&hxD}>)D157#Upxoc9Z%U09SFOk|UhU@-EyF3I(G_
z3$WdOR7<hxzGo5a&B*l1@qa>Ws8L-|tKMS9X9Oh;A~>8)>)x`A>SUM4kYcoZ6Hjb=
zWWJ*os%58AW3J=P`3F3#VZOta6Qoval}iE#w_MVl7Q;I1@z{USFk1J4)?#?JeyPA(
zFE_Ur%&S9%ZEQAhO@w3(cOCDn?WdY&dk-bamAJR!;UvwTa(E=>+uXaii5Vc(Tb16}
z%N_i;V0@cR8w;Dlm9h9mm{MRP&^ODKcfY0T*lDYA`othO`i&h~K1$O{nDpbr$wX&!
zdF$vz1}6pDg4e*<wzK-thi$J?mtn-r++&#PvoSs+LBBd9S~5+;?^H9-T0YMlS<XFU
zwahx-Zr0|uUi;usRkZK33w~$S$=AIpCqpmic6qPX&0#4w0V8~uhifx3o84WyESW2Q
zS#U9zm-Ua8#y8q}r#5SiBW_E*$9x8bQpKUVair1Lvnz${sDLJXO`mBMTdI0FqJ!al
z7$aY}W7zka=c8COb6_y&en%QJa*fi`QhQ+!vuuLTq7=wkP1BSm1_4e;^gPaP`dE@m
z(xHx6<HHJ%AliV5S_I=S#>ci{J@Taz&u$U%rcgd#nwS54-=~I<xkI%atPP8Hqg#CG
z6<*ABYJxjsy~Cn}vUt$$fzXU~H133@);*`*k4y}K^OSs`f_`s`E0z(+>?_XKdS3(c
zL)&Cf;yYzZx{h`P4D0@s-8#9yDao)pwlG_jA98t4>^$p0#Y6Fg^$#L?9~wofPzE08
z$wG!i8I(ZP+~7WDsDH`!$<+zg0efw11}}HpI+{|3!z^$s{_ez$(9hf5#+v2?SZ;d=
zj{t*Gm{NV#mii!a&9rP#RPYAc3Ph3ya~?hg*RXYYmKtv`^M%F5l*c;M7bmrAy(k?2
z+7sadWaXCe(&8M^qq-)ZpSNL<k~?#KmB6A&Guv(!oh7w(owx7WO_T&#`LXi9fh=u?
z3f`<_vaA^*&*nL;E_duf=zVaJ_o&sT@uH)9?{Tv99_YuVP~P_IN+jAGx%hGk^^~1U
z`KL^|hM|0j|Gv4={?$07&<cI{Pb<X+3lZeripw4bACGU0)QUAltmpPxrADC+%)VZr
zNV)`lz*@oM;DqHR*6?|cM0#y9%}+FYtgl)<eA_JQ0PhYZ$|WgAGm7Qdr%>J5KAa}R
zI2kv<!zF?@@i59cUHV>ZfU5AkdRN0x-IKAUOscg?>k{8Zln|NVOYpUIwB2a?1TP*m
z@VoV9aqmX#nFrcsIidoOM)g0xa@Y<J1NX?~tY07M6vDdiQF|#+6vAjTA1gnh%|Lwq
z3mS0q4u*RcE2X4nnd$M4EOx4uUsHgIchQzT!5P&^f)^li-loWYj00v?9T=n1!J+B_
z`{mESoI%*k?mtdvh_|+FJ*APK6Yviv6w&{OY}m|W#aDwt{WT$)o}BHaw{9!@srWsl
z8KIWcoLA!Cpz>JAX8&<+RmQXC$@sE$ggbb_ZDw0`^MC0^usE45avd3cMfXkhN1`L_
z%|CZ!Bs*{WwEy^}zjz`~iM+G**s=LSzQlQ=2c$)4rWQ5%g1|toX?oWMUUfx&LdU15
zHilb;1u=45D<$l>gmN#=M}Jpm@7A{?hx*<xTw8;QVizkIq++BN)DyIQ2zQ2}QBpVC
znw!u2H60xe@vt)Mbhh6%zkno%6Fj`8q;ZT!rs#w4e}81lO3)4qD6ZJZ=-EtBTOT8K
zu-T@L<({>l@20Ed)KY84W9{%bm<S@JXmvAV0N2;AxRw=yj2$7hTO$vVTA_}}8<8J_
z=lSs>q3_q}5l6Zg{P3rzk|@2dzon~P`EuMGoMPg7DiRU*v$oHlw~IH)1)Vv#CrUmo
zJ^k%{FE6hN81_O73f9)vHrLV7!L<gddfD3cvqOhIZkKrhDgkq#?s`o9-VKMLN7DUG
zqb$>q4i%FKJL7MQ5|rX1`i89FnD<$n*N58=WIvf6Sl}G3K5QP;k?(f4**{kNv<&3Y
zPsg(L?MZiyCZ1>J5qqQBI3_A(lv5q{xnkADXWXKqsU-${_DN>?wim3>w$n=R;L@7F
zn6hkG)hy`wbgk5mZTy3ab?2rh6w?1%R&RIOKR{^0YTOGIzTS&o`d2?>pX!*g^t<I}
zlA}JIaYdM$afTy@#)p5S%&@X40;)+fGZE}yYZX7KHw^@~nREhm8PD#$KM<Uk)<sg8
z4ZUAtlC^|;hdjq!daF>6#4cOj#mU1(^Qh4qA%8V&ZEFhMrZeg~D#k<1ra*c*+HlQr
zDIw=!nnU`;MvC?8v1(1%ZGHUqhqiFLjLMAckoL``5)8uH?1k008K2WEGbruI5NOYM
zP$tma)#d(PDCfch%E_R>iPtlxMxH&h%w^&t1({v1nfE6UU3elT$`ASDW`gly;eA!g
zsCV%lV0;+5IGC1BDqUnP;MYBl$ntV^EgZbOImCkym2o(5aq7LCFnFD5e`3a=8pO|?
zoq`ID@zGQRbV9W<Q<GIF>%_zRh!J0?4+Vgh+5{bmuX*XE&=HXf9Zm?4l|Pa0*CepD
zDq<6z@fhYBb$XLe&h+hb$@GaG^`$6kl+;jXdCLgu<f_|(GMJ8vF7FxVFIy9S=?i5{
zxW8CC8yB)TrxLF;afoZ+l-)I}Hk^X{(&D&g$&lCPYgJ;prkXyWX+7LfKIE?fdLKon
z`kkFrail_p7Twzsge=x@beh$fta4xQuZafS*c~Cc+af!5<jK~Z8e@P7%|-n%e*|1j
zmV1wM`pm7f&g|iBzmt`=pYIs9F%&HQ@OL`W^788NN~nsO$ztP43}}AHVnQ#0ktj>W
z_1je}&0&JazoV={zD<`>e*sSr6zlrp4wys&sVdklmWWph@3-0JrByl|5*2O*XqZ{3
z82`)!Kd*YrnFLj0hH_CwYQh?5_U08&fR?D;$1?m2aO+P%Ln}{oYl!$gvF>h9#Jg_r
zRP{^_j#q1kh)Awe{sX+<IbMU>f9A+9!3jl1?^5=Xw0*dl?X`A5=ETJzmA04Nl3#3;
zKt4Om{02n$Tg;Q_u}9y!Z9Q#YW4~x!&afMV$_0($4eXTqkn3}lGuu*Zi%u{tE~YC<
z5DDXvVjB$PU8RU!B-Q3c^napogiF_Wpo;n4kC@lf^$92oJ3SyWG*3%eH&|`vdS#xl
zzUUocfjk&=g>~;NK8h8>ob2Gj&?lDN7D5qE-Y_fE|EBf>^?oY|;L=<*8$W$A-1%yg
zrsG$$3fG@es|3~<2EP5j5Zg^J{a^ZS`7bYI{elxB6~oV+hNc&I0PP$ke*k0k!M_4(
zYMgg_fBA+IvBi5ofpLfCrZ&pJU;HmlxO>Onzd(6$_8Pr#mTFtVl0CX@oj?Gx`;Zgi
zN7M7s34MSr|9c7Q!A?(p{)Tr^xHcy2xf3lJ`cY8H2#s|=p)BaV0Br4dw<o1O!|$w{
z@9k7+{==0Dc0yS7ji+Pwp1qBXAqw;=Gt$sd^@NtloLJNI8sgGtr=+(!v(L&#7SmhP
zy9)o&58`0oBj_gX<mx3g+5<lOPT^)-I+r<|+eIMM2;BH!rNK^_|FW@m{o^&=e1D#I
zi0#Y=d-1yv_MK|w<m3#Ejg5Ur8dIDh76|P;XG|N`;l3bR;?lA=C$1(5YLYyeM+y8p
zv9<s%`KT2`DGW97aaY?Kxg86!-$CF5w^uKLiv>)vchjmFLk0za+Hbtvjhm?xnmo1~
zkH)qem1YZ$EM?1-*a{-uhbaHC4nffEDR#WPa-p@O!<8)t*+#AQAT9(ES8d#1LL^$2
zO4|>E+UY(oIRK`7ihmY$umhzP@4w86Ua$B0c4XC#7fw-Q<_*IJDwlTmeurd_3|S(q
zd^k8mk<RqWYv(7ythCQ-JZV={&cC@CC^OlX)=&v%Q(uUlAZjVLsidXB^QNWb_SEnx
z?28OG@3Tw{p0lhS1j_P@#W>31C10R<b`%0k-h=Uwng6C80Hxiu+zO<~bNl;RTlvxz
z2)aw0X;pK32sO9h2y?w#hH-^KDVnAo@r4qMr#7H?A(^Q#1WXqya{Z_0I!Hk;JWyHa
z*w*3@_d-v;=^Hb{v?H;in>D`qsO98FV;*IzS9I4l&HV*<49|gp;`-sSzT4gFZBvUE
zE;m@sT{xB<V71-R`ewcsJ2t1gik(b9V|?nf$hnTFHnij$`_v1wrBm!=YS!HWmA@>-
z_wZVoni-`q4YS5N?9)R+Rx;nV7}Zgj{C1m0qvh^<p@y3;7=#8^!k`3i`XCI`DImd$
z^ZJ45BE9~f5!3tm6;Qi?`C{AFPtz(kEo+_xrE1z9$;kEQr5$ses9iE5oaNm~&9ipW
z=5^a}VUs;MaOz8I^6b>t_o+w&a?P#mq%}_GwBBA`vgxI`e?C~gA9YdsNQTeo()Hm+
zI)~^D?Kq1iV0&ANVTS&7%KZkd+jrJ1o#9P_<*3KQ=AAS;-J_e}2Nc5M{d~pQ%pAMa
zp64BezSIU({19Z&MgG()s&-5*k2unDEIyA@Mk&J^WpWs$O>FI90|yIo05sTo=5Ko1
zB^8iO2$0krdVJWUgO?Fk#59x|vy$HQuUxjdQC3nC$Y!kUGKGn>9jcf6!UkOi5vbIT
zX6E_%LkZI14pHF$P`-LJt*k-m_E_Vu6Q3Nigve@?dLt?Iz*&lA&F!8w)j$UNeWES{
z<iQr`Cr_Syl?!%ramkwRSR{f`pe@V+x>e%u=jZR=0p8tEz<~oraRabod%P3tlg#iV
zfn#nS9`{OoKOc~`KUE9anEzec010jK_lJfybG3yl*#QSaZ1Y>$(KuUOwy%e4ZFGkw
zp^2diK9YeHR5hKD=AJ$<bweOKYTP(Dn8SN1NbUNtAc0cz+rpH~#BQnf{B&uPjI{Gf
z;=RHZ`?Nzghvwm9n**QFl#Dz-YwoF8c(Ms67+iQEFa7k?cBCU_kmHKTu7k8uqj&FN
z2Tb)Wr|j@4U~~9ZZ(%^2Q2_>K?erpwqD^50ZnJSm;~=O<UpmxxBEXJP{4c=HzTt-0
z|ANlnv7OBKc^DmfqMR+JA}*yv8=a-(d&L5!K}ChmYuB!~3Z1xyxthZ)$sewjrxdaK
zs>#6n26jemoczT04$Gokv5Nl2I(YesO^%<_b=!5A?)|TC6fXiaROx+BHJO!}Se;14
z<c%kdU$M}Ln^PCrK=UK0j-qW`y(X8oA(6keL~noTUv|=G;jmF#Av7uPes_)ts>rO~
zeCUd;{H*j4RzhE4q0jKSjk>q428@l32|0f(zqdoV!=MgkVHWhqwM3}xZ>tDqyMGu~
zK(D~|U-q7hcP_n}c*;fl5BBAew?hqW3Uw(!WB7zN>ND4>1-$$Xw!VC<xKlP1&LUZ1
z;;nI)Qto!|*<tnh#aDcPxqYB1xafK|DNLv97W<`N5*86Dv!UAf+#4LOPk6Bi{ULlt
z-3?hJ0~v&=3WY}>&Z*Pn(VEHYcg<>60#EmAUYlt>yRkFXqzxB!q3=5pL9^$7_V@~)
zYSu$%Lop<u_ZR|K(3-LwF1Wenv|0NcblYs76k58I=8;QB8HcXvYTIHL*O0Tr2pi~i
z$q?nmOArs4ceEzp!(XCkN?lD&|2$R{_6aq4@y#mTp=c-_50KcbS|1wB18dRqi32_-
z)k3-Uj-emmyuKg0dAZ_XgD_qLGP$2qf;;<nc>FeKtUrF@j*#W9BCzgXlL{oEo6ODk
zVN1761DwE2xrqdipbwE`vn@(#5^vBWIms_D#m{(WTG!DSIp3iK#5bxoC##v==kY9T
z1f&JV#_426j-|g;PcYNARwrtF$sITrOChH)aB|3sBUpah1OAh!;|=G%=tXWVH@Pqh
z$Fv`)c`?r?aigq$z3%_j^1QxO3evwX>9ioALtuHYD)kbs5=4Z`Tl=1&@;C!A`c`6A
z;LSA{a#vC_L*k8KvT>ui_C=Wu84GDKxP0eL%K2hFe66O3Mjr1SQxDwIbM4+aKjTgp
zv9Cp?F@hFMiTYa8y22QE%T#*Dtk~xwml!#HaHa9)4KWob+XG<h*7kzj)!(*}=q91+
znS8D3Y4My2DTew?rF0KYpN;)%VY>mR)zeY!;m>ieVnO}CIi#Np?#s@{3iRJ<)dJKV
zg5*8}&QqJ=j&=(=fG|dD7Y>ko`OW||XnR<EBG%l_rD_4gWe_fddMz!91uT?Z0sVZT
zcoUQz`Q&&7d;CF!j2Y?@?~OJ!OOuF^c)rbUJ!6+Med^M4eFRy~F1l{0i}K*WQ;eSZ
zc&NSH@{-KRw?&Jw8T#~e%&;Kv#(`3yJ64g2Rx0tfNQ#b7j2rNa#fXD7f&0v1nS%Li
z;)}aj^IxN|`ArRS{p27pQp>wrUtgctmnPoX+}v!uFRp!v$JAe9NrWsvt3K&7Pd0hw
z%b?AWwFK8DsrWpTV?TG@Nc^`(cik;EMqJR1st5{^=a^Bg8$~LQl_vb=L!^giwie&$
z@lkzepBgEpD5v>>P)8r15GAHY7@MQ~%^_+Kyq6BI`G7*5jIx}4I5_y_1qzOlWV1GJ
z7-r?2A(Qd0_j#p}93~(nA>HVqk8D{2V8J=hpBoyMB|@DPpAQ!dajW{m1F0aG=piTP
zkHccI=CEEH=ulFWsj8}eNv&@QqSN?#TVPt7#lK+VOs)Yk_noMbb|mfcb=Rd5rd#S$
z4$eM4Kdf&QWEWL5@PKMc3vOgYj6J(>Ox3Q_q<Bt-iYfFU=5t)*(vEqkZ@DD=h0w$?
zoc0;15R%p*G%fhWQ*}I2i_b_82AkyC#*jj87)>*(u}{uav*SsJiQ3a-db2tY#v`TS
zA{?KT`@|kMDX*noeU0a9lU3&_2m<y~6=ANWg4Wu+IPe6ozr;wA(^(2cjov@rP<M2?
zCyiEZm0KdqB0R8b<C>1_d7^m*>EEjtreGgNdH;w-BQT(tCsHNt&@)ZNN@xCu9-U>w
zPNH{Jh}_9L`CNk>Wb`ZM7{BAW(%3B#;y>{ZM7I5@&i;1j3A3c4V(DsWI`=NOA8F6c
z=f*#uHU~Cc7}4JTXD`B2mLF^ZtwSopGPZho*^$J1&GF3!jM<v>U75VC&#pv~{#*O_
z=)%4E3?3keadCa_pHML9D%BV#;@*_VV3V&mAoYHj)!UuTTnd**BoYpAj=V?t0-NBR
zmK@5RJ5yB093Y&PIKu^GG#7}vem^dc!eIyeLdD|ISa^n1P%DfA5u`7;`irZCO^xM{
z`X9v&M)HhL*V0${eI6X(PPlWtl1N^39rJEix_Z|<0!OxMKxLCB4or-^q>u|Sc}ZQR
z_3g2DirsAA-?Gc_i`^}4PFIZ@Az7KDk29Jv^OKL;V|P+tDd{Q^DyiRL?$Zdi`DUN0
z+*Fkeb(akf{P*Qe+6y8$w0@u@|HzZjrJp}|BJLj0MqU}jy-&tBNQ{NvVMIS_4-T9{
zo+W*E1-h-B!szpI=S<UwJ6TYNeP(4&D1T;+Sk`*jmO7WW`^As=S(&Rm^(N-e+^o;>
zYtuH7&qLOdhiy^*K#@KjE+CoVYNH*<zxq@R@*QoL|BxT9xo)X%(Nj9ZUF&v>`N!Ay
zYVhB<*s107$j6A;cyJAiR-Oe-&3}GOcz>D7V7lf1Pybo}sX|T1iZ$HZ@R`-We(xt1
zLg;9ZQVeZqZvfg;o;Yax@{-W4p7i(1y-xI`iWhb58X=D9-<OD+ZRd&iF1CcNv8jHs
zGOAJSes+fFqI}FPT9)6Q;gy%*mmludC-QRLFulK+#7D1TN4PbrQXARdIrb~7HF`O7
z11yHa3)Im2anp2&`(MA;*<7zQMcNtiQ{MS!9x<*DCa8%Qknn*M4-n+SPB-g4vZgF2
z?OG955y@sTR2crPnU_5XmgobU&}oN!--_xXAb^R~qe1Sxqb-?x?%J%e(XGO=4Zg0v
z;T4vY^K9-Q0%~Nt?s?=#E1}DAkDNuP%8ZGwh=jSgHgJ#fC&11?_FJ~qZ+{<f{VjU@
zY3<3MX+_!ysTJ9Brg>{$Y$LAK4Orz$Az!m{myLteh81#^sZ6EpNjdIj&R7id=OZWO
zz@5ZGWLNz7z&-1QpZP_HW>@K$3MOr*748`7h4~^o<p&%L#HH=3s{xzel=#QT^R0jE
z>TWUxR@mx|BE(zmRSd)-GdtEnC>75&`hQUs7DAKz`4Xm<O;>*%p=t0Zu)o?Npv#ZH
zFPilI0j>P6sBLi0k0;c$Q9$?o$oK4Rg`OgEz#qAp|2)6@3vH|ay@G5gj{jpW$4x{g
zjW$82O4g&d0^P&MMclf2AFEKz%9X6#M<{zBSWi<(;D{Y1gcG(lx*<VLSpGy4%;SKS
zlbNu3bNeYF72ns<3cJl0c_9i#lCQv8y9=4MfhI>l`My=ovhc5ta%J(V%4{+C{yPZO
zD9Db+>oAh_{V}P-lK<r|ApoMIb0CL7mD`ZVHE~D2Vp}k%x~CE)5%{DC{Fa=-jzZ|s
zx-i1+AM0gy$CIBA@RVEnzE;P^j1@2d&5*A)f_w=Nh3;3mZh=R3r3X9vK7z0mLrb@z
za~W*<@jm}gZ62{S6&HgyV6X5_=rr0>ATf*pgB2kq$%?{M7+2td275vm2VkmT0m7z=
zocyvH8rbz*DsAUZ7J=pdHgk_=+0PX%vP>eyA36L+^m=pi_x2quz&D$~)+!aKK#Dyr
z9>6GTf&pz`iJnOA9mnM`@?$Zb8@F-#Z}b}FUm@b9%psH^jJ7b{<tRM%z~8tkRDXP}
zF~!#F=U+IBBm)xm5TRc<BMSlHydhmnAm8q_G_agGVV<3mB4H<D(OKeEQU=gkVMYa#
zlesk#)0#p=GpMsC1|!E(sIu@vRlzV3cYL(90#q{k9`+v8C8HqnYx<lw-=<sRO!Kip
zk1Z8uGgzild|6V1_`$|0*QkPcaN_EyI32jqZ}Sz?JBkb0ESk!ws84lcQ0F;D<u{o2
ze)_3&Bhd%U(}XrRz69&R$oE3!8II+neyZ&R`yi=_^=(bHnFHusv>(spWH6=r#}56q
zVPk+*RZ}a6H(oy5B>Aw2V&td-`Q21|O#<YekODq8FLfD(VFFV!^&6SOPp2W>!-zgP
zQ?@z%GC8`qxH!M8tjvy}zjus!<?Tc7q~;o_!Nt?TZIw~RojLnmF3k-uVYW+C9%8#%
zTLmc7$NI^@?k%`bMa7)vvp1Iw64kasP3Zgh_>eM`+ulbtP1&8B@2Ke6h`A@8^Ki~i
zr+8`c$=`ZGCCiC`qHeSJ(W_WJTI&=zTL&Be8%nDy)XK5(=YVA}ee5)P^EDl`wGyfb
z7UDkER8;6rTY&kCD`3|22*5CRV5rXTh?{qDtTy>9I3#=}N+Qd&G@Y%D)&^nkg<4uL
z2UtcY5Lr~7I2zN6xsy#Dg()TbA5pEyr)*OQ;RWd99^PX_>Pe`5?;t`Sw~blAxkErq
zYfl%K=Rrj=CQ%^ye(Pok=DY&k-nDY=6`^1+kqY&(9BfTvlJadxo}VI6liP5Xs9#=)
zdV)3j23WG6who0_0ZRiXUuW$sHO6c=8CxPpx9bA56HQ=4Ns)Kou~d4W$2Na2wKi>!
zK0;Gjhvl$j>*n+gwQ-Z^f7_RgMsPH_3V^z-&9L(fI%}_f;!fC(T{XY;^3aGodo~hd
z>+?#R_qbm$M7P!VW6zK?GC+||;LyuSFAj-lgy2Z+-Nu|UdOp20VlpJhoC)6W9+sDc
z*`ym2GHr%*uCVYKBp6VT)==D?<q71F|4v%&GSpO!s^CMXjUIR)@91@w!P@EU7-h`J
zJUb_ycRaLahAN$Ys@;4nMnLTAsm=%RI+|MUSd?M}GYq}J7J+=R<vRHWtTrP8!V9U7
zAw?mQE)N&#pVE4lFbmN0m`d!yQ8F&FGvk-KdM_@x-YHVuhgHi+I5Z|U>ev6gOyit~
zu$Xn`Cel65%Obl*SFc_e$}<|+8~3e0k2SBJUJ!DsUxh_Gd(VAwcme{H!4npH*>s7r
z5pE*ctVvshYu#oaT_;`ii4nO6;xxl=o}{UFz+BB#9x3yqe<4a*Rp1tQ(fC@y`q-Sr
ze2$#_C`_!p75CH`Ai^wiY}@V<km1?MfFe+gK6)az@O2^}v%Y5Xc7_d~2X?+K`+K5a
zhPEf(znd16FGd1)jZjkh6HG()KCceq%^D+lpAx5r#K5eAvNBb*{j$b`{H+`VR6mE!
z%xGUgXpl4IFaqF>-i<6L7954xHu-P7V#StvdU}XnE-+7-_<TIwIEpraYtYx=`08_f
zHE`-a-8vJW37oR~(X`Z_`us+}Q5*(!v!-<P*%SBe3*JccVfq~T2zlSWu$k6FWz9WJ
ztARHR63+7=RlE~d7WtQ$F3{k-^fk?@#KAPEySPi-(SZ3XoagXEhNj^w18zq!)cY1V
zdW`Q+Wo6~}ZlkXqAKr=G(_h6UvKK9|E>+Ot?2dDtF7|u0pR%KeSBZu<$dj)(^74G+
zkx&uv*X?ZEoKN5?yV}WjQuvRa0Ny}0CP~_2jN6G!5j=v*3UL(&sRbW4sRw%PQ~2>Y
zz48jgGQy6=xqN&C(N@Nl^+w+4`0ewbk9b>)R}-3*`#^xRh?SBr8U>xQv9>41GyC>o
zN6d~@T1>o^0`8F1wj;(Uqq+raNyKbn>Yr|s^7E_Ve1|u;E|wyQ5~(%#e#M$#^^(gX
zyed@=q#Cnwq0^3*k7ZP5=Q_RK>yde;IVr3g!zgS`+*3kw$+%?)d3Jytv2iqK4B=$H
z(;FUsynkT5#=I8k;W&aTk_0|4cBHQj^owVMcI^wWZPcroSyW?k@<w9PnvY9CCeb!b
zsZn6h+QLV110OPe#PV+`{{I0+fRjFw6sqC$+d^{R6U?Istx*X7Cy==G%5e`mTJX4a
z;l)!Vp%buicq8xN-`)|{0hyZ2BM`1s&wucQky%8pB*{-8(IO#9iGO_&mt7X(Cne7i
zt1tb-K4jq%sa4d%<cW};D^I}uWIw!L$EZ1PsmmI{tXXF;ylR3WrF@B@yG9bzyY=)r
z=w4uu?v(c{@d~|;;<CYx5vPo<^k1o7zabuTDH5G^g0Ai!AmKPM0XAAvcC=>=sTw0G
z>qVtUH$_!yDQwL22<@2M{qyauw0)z+X?{7HzS}k!N9%`c^ODW-ZGtL~mfn!ug{#`6
zJiE5f<nNS)z=ZW<eBiIF_a)tv@2Q)vQypW+x<$n#!kRq3vbg}s2^j+Epq&T~QR|Tu
z6@2wuXKcgSm**#3Pxrh?s~8WGlbYoU7jxZ!HM*m&AB_GsiI~>e(GpWt1vXPf>y_^<
z{>aHzln|?11QBlW+xmWX*83pLTiu#!9PZ4E5j^4ppye(v`{t`nZ->VHU`OABkjeL~
zNTO8mp<S7;i!X3{GU2Ucyf2a*$!09AP1jhO{~DOJtmy00;U{=nq&R4o%lLWm{Z>rV
zv2^y%#22ZlRdXnT?iU4%7n{-I(ytdN+9G`DoyB&(;t#YN_l<J@b9rsp<UBCm4%^*c
zck!IRiT?LuKzSv<UA<gHw3mYL(y!x;9IV27fSPOF*NiQcjy7}e={<d|iIe`SXwA#@
zD6yhs*KHqQI9&0d(T$lS%#uhy=Uv!6NveJzExEU*%25Hcyu@j@<A^>u>gK36Z&Sz9
zk3`tG+jRPody-q`d{H{$76lGkNxL_XNUULYxDhP#nQ6Ux<OVm6*k->UStSBd{Dg0>
zW|h&Qd^QnUgCJDgV@H$AaqxXGl(iX~wilZ*w<kVn0S=uhBgeNG!+paa$MwUopt_wh
z5+Kjit4$fXybgK}{c~sTMXN^hSBKprm)8AFC>?qnD0RCBf@omY%gL8TVGu|)dJdHk
z#qKr^OW-WN3~MZx$_XDt4zMijCr_fz5u1Q*1t-;i6g$6yBcuHH>}RlgnVVKfgb(-2
zS2|OZ`qHj`=#Ou8(Y~QJrdL1lM4*1k+S6;S5q5BQU>2M77S1&rp_~8-7;1AbZdyzG
zjWFM7I;+Z!v;xl7*uc6Zk7J+z!*vk`FQF#_7^>7Qof4bc@*Kxc3?j3Vh=Z43dXNKr
zZ6q+4cj1;Lw~1D$^IPmr`jOIx0(;<RsiXGdt2lWYFAQvba8;{5BM~EQS9UqSOZI9L
zpOCbLrQ{>wbz5b&*Qmr(EXSU@@k{BJfmXvA*b7tm*W*CS2+S%kDPHsM+YuX=%0}oG
z%zhlrD>h3$C})v#*zmGauJsXqM5h_UQsoU0mbcqU7`ztotUdUgTc~a5wk>At*~qJu
z{^$-Fvs}p|4KKzU3NO_{{KQOG?*nq->y$D^(4^fcpG_oc@5swzS^*14x(0>R?x>^9
zhippnDQ1|m(Ac(`UR9)Eo#Ogl1hL#KsFXLgr3W3`x8eiFaj&MW3McCS!RxPNfcNuh
z;|I((`nZJ%N{$Ts>~z!Z7hmjKUyK{?QrY;FRZvA6%?h*l#1jOp5VY1oDJ3psN{ac;
z<0b}Fo~wK(rH>42QK6w*Y98Ft*(rad0Sdw|>5`|}A_ifTK)@aUE%5eL0GNXYc|D$v
z_2`uWt7)j`oY7<lw)S?1p_W(dFxXjn?D(^*;a@X(-X|-mm953Oz_E^iId|r;LJ+#_
zJqkS=&A?HQeuT(V>Tut!`#m^fy>%OAwE1%c@dUR?Rl1lx9G&e;t`n0z&OMU@lOumr
z=<{_yiS9U+bYqf}T3m)G$2qYi=7Tw|lYu=&{;ff?jhaW|nZPdfPyu4>1x$jmVhMJ>
zZ*8MEQnA(s8SszPiMM9@>avZN?N^|wAmdeP#hPYQ0~*R}Q8P~7kt=Tt?|SC9&pwrn
zZydRv@4T@lF<p1v-y5X_ie&a=KK{0lkTz$q%Sg+Xp!Yo4Ny_7!z(tLa#XwT~6U@OJ
zs(%XR7FCYq&zQ4?t=~k=TH?Dab0h)GGl0)t7qfHSO>GzIc4_4mhn}F}1mU$KEore?
z%)0Bp4M(b*?NagB5Y!z7eff88-PFg6?xjWRMHU@-2CPG`S#lM&^)3^pmu-=gjCdP{
zpz-gF_*UQeGL~R<OkFbbncXwmSe96d1n*wZ$fQD`Pha=3i1J5u3Z*usrvNN^oLr_C
zvnj=Hp(&c_sNlR;b`oV~wl8Y<I*$|D4v!fxfVISgl+*0UYps36D=DfV>v%S2z9ksW
zxv9jBqw#!=d+B@n$*1kgF}LV`s*&~-XUk3#<+dpp&-{EWabIk+KhFuKrq&hSke2cA
z{ES94elp~G6<#>ivB2-#^3m%adt5Ihbau)}?ew%|K5fJem5EFDrf+H)M_LkrS=P_p
zPFA$mbbS;dzR}sweK}EVZ-4mr0&aFaIxQzGaTgaWwF6z?W_rXu;CWB$2VvAnecaQQ
zY0?)jWdl)MG4g2stJsTJD(cq(Z0W7bBY)J%oQxxtBONK4zCG8PUL%$Fifjw{4aj^E
z1)lGmLHQmo%_|6(I_}RW#yg0qW>+m&aGtQ9mGo)#!>fqWDl8&^h`F4>oNCHSpe_-u
zW_L_3a}~H){j8=RV6)%RCrNiGtl^*r>x~nLizaCuf4tRB;zf}3Hi7+%dx#&@IEvl_
zADqX#N)LZTD{N6@9-7fWI>2y+8c41)Kg5>h*38V$&o^H(9S&C_zF%B8`o`D|jzCkr
zRJ?O*7?kTLTArP~13mWELzFVa@2&}fNa~&_H{4$Udx9_M)hpwQ-UO%>Yc|0H&$SDY
z!er*;)Oyc)Mr9fQ`&GEjP$m_Rn{Co*+N9jIMHD1fJ%5~l?ztft_YO*k9)j#Aa8u?-
z1i}0n<3d!Qh(s?N9vtzYYxQVLMxJny^9C&AzIx!KLlH2qYQdEO%ll05;otL~-><|H
z3Cf5a2L!@GQ}|*Kx*yFZ5TcMO5n8(^&29ZmNg18sfZ_3Byb&;>FME=4-=&1e-$0an
zP9xvhQ3#NT{1M4M9B5geR#9bi^CU>&;gdu{)X#FXi0=x_6;$k!lIyLA7I2*LTzLVI
z*x?cRo{t7(hAQgWIN%c8jSE{+S$wtj=j?1`RbRRS>a{yWSxp0%$g(jAV#wh)#SI(f
z9t&e&Z8SjziCD8p_E;st9(%8+xx5H1fnV^)@0=?H9bEZC5TUIbEx|?lX>sx4C&E@)
zM4}QfM-dvy)8BVX({1w|$)e=+Ch=8K=gN~bas7XV21GbJEgP|cm&-vRP=SR&sEOu1
zYM25sftJRur^(1H(x(74wYIN+-9yHvLMHvz?H}IKJ9R3XOpLRZ<q=>$jFj~sfOqyg
z%gaP+O9IoOh<_+^4>(>Ur64E?c|`8wLB;k~&#?8=CtU>*j`#lylD%j3Wp|tj@`Asn
zO9K5v^X<&>3>cK`(_qjC{lY)wxnmdpkMD^#qCJ(;16o(1qjro7=-}p34|8#G3}q^F
zE5(S%(Q$)dty`j!wxTNJq$E-y5Z|PhU2Afj+>!YPIW>P?xd^;&ga<R7i=`p_)Tpng
zp_$iS?g~t0p@MaAK0v-E^371M*t6R;6njEz6abDBFgN)wUe>bNO?Sd5c<!@P6Pnp|
z;Zik-m7b>S#dREP6#t(faS$R0a0b&e{C#l^F+X45PyW2Q>z`7ExcYLkVB=gvyWSeQ
z*WPQxIG>-B^TLB~FL=U9Jq8E)dnQISgC4$<^!Z7N7sx<HeE5=T8SQ65tCRD^sxx{)
zil7_Igf2Zk6sD(JZsyV~g<TN~fFs}O9O0EW4KP-sSj*FYP8ao<8>oU+nPy4Nx^=Hh
zQOsYSOD|?p89z+}jbhOvoFfHYF1m(whZ0WCoO823vRo8$hFT14yAISaV0}@@mg#)x
zhOR^Ag}L2#6D{|?G&+NI{a~EXLZ@q|Jmb716cX)QcXu_=35MhZYKB3y=5Xs08QZWN
zm_yAO59vOw8kvulwI(#Fi<;lG*Pky_bk*RMTEz9V_tQ!FE@Rmq9dYq`Brwf+1<9#Q
zt)ZU4(RSt(n8bNpe{flH0tBnp=TawZuQp{Cla@ojo1rb}0J4hcf{pCRi_^7u&=8E_
z)sm79*1^SN2EAeKKrNz^)rgn3F8&y?uMIWa@r-d%(?qKgf^kQwVtm$v`=Ma0^L6)a
zV*^X=M8v(Ty~Ub<IM{edn#9J$CmAyuO9gQ4M-#2uaUC@bk+x2kauUqe#77G3oK%G&
z1?}DmbV#A@!+`Cr2_SuP%J<~m;yWhYd99T8Z+@|1aP!a>Qw0mZW+j1*M@CdzLqtNl
zJM{<mHXvnxt!c?5&Z_+|`ENL?r`nrqdAZDCrIYSjJ*DvU_m&+CWo|fmp<p2B_=+G5
z!r;wcIO;4T+LgAnk}xA6os-gY=zwn8BG}Rx(34jvQB2<%YMKk+cfmCYHFMNV(xeSg
zpU~{rGb1ktij78<FysgMdj^Kx+}-b%_|B+G5{rx9S(gJ!qlTq5_w;ynlI})Ctg}Wf
zs1uV~u5^G!V=EnFQgS&7oM@E*5wWhH33e2XA%SB-_1p|KlKFnZ^3z_pCEF;O5*sef
z!Px|w)T!ReC8qYN+Uki*4#_*+$W){B>B-fUC-b-*Ob*%Q1<l(OL>gXm4NfQqf29rR
zd(nj=U+qXdpF3TFtK816b-8Jjpua-DJ3$VUAzpaD8Os6fOe#R|(mfq@4H=~>EfHOw
zK=VSzd=pMI!O1hGG!1+<i;$MH%9i=Xr||tV9=-mZ9^i`e{C*AqoMOSVO?DnxWgedj
zD)DU_JL_O};&hSS721NFU8Ew+e|<OzAhK{*c@pQF6J7(D6Zl&2@9u8di_pl*mP5vj
zz-3~W<>ni<_bYc2kEe!Z2KXEyYD>mTYxTaBz`)zPbbz9|a*}gJ2tjZbVSdQLPity8
z({;R1n`OcfOJ(~ljbrk>ficZPdUN7^6Qr5?t3FD?(};#R-=SdW@VULi+P5MB855RI
z81`{d<BVtk=i7R7<d|9Xt7{*`6wDmV1wNhKC^WyN`%Cz59xcI*1>KGXufa5>Q=nYl
zZheAU&=_C)of`jaDk6rd6?tHN>ab^*b1CwYq5*_KT21Md$u4rUw%L)Dv&sf7X7fzM
z2mL9)EAMqq&XpXQh3Lgxo0_m>Car5Lo8_MT$InIq7G1`w0Tq1O{>u$f%aQ4_qjJe6
z&fCTYqN!il&GVBDKql*t?sgIR+MiOTdcDe0X7thJ`H}M^QpJOaul^Nsx!3f{pA|Wl
z2U{OmEJg*3RUDQYV=37L6v~PVl@t6M4+QVoq@5^GY;6@>MHN2nGPq{mmEF+mMSK__
zew5WKyD4IF;{5Z6bHVns-j_vdFNRB$Bi*o8>4<OZ!oq=M$1m!#lnAy`UOmsA?X?a8
zC{tG4oyLuu?5hOKq7LJgvkzj^3<fiSf0~-AO{ow*<3c9trHeJvKJVPzIR@4=0D9wV
z!Ik}Y`B<GQ=R2q-xpaQ2=;`vm^${#2N>v|C>IOxnu)M8g-ckLPODsq5<Y`X@9l0jm
zZ6bzGOJR_uL@7gAzmupDf4H(c@aw%Pqo4=F+@~3<fp=x4tN<DaJ4-4Gcg~^C!^Zi;
zH^exHb-*s%g*Q%+%PjcyE{_AiO1mAmE-|8XPBT1WY_7k|^gY6V^PhSZ9^oW60Ehw}
z83^fZsA;G5+oq<xl(OKLo|^>iXh%~9`Tg=2P7B(YFO;pby;J}1vo48NZX6L#Upm5O
za48tUhA?PthnIck9io<oT(Buw+rgx^gFbH*Q_o}a<$v|wYIdV;-flpB!?A(fA%_yA
zTXu@m&K85&s<nF1blTvJGl=aDqGPv{>)FbJtZM9EJ=M=oJZ4A6*Kfux4gOX4d!FWt
ztFNlXI+<NQQG*2X+~Yl^2!l`lS!1xwaqc06<tU0AwRyJX?Zs|A&66qDz$}RiFf21W
z9Xako|JDBVf1l#2;sZ015-A%BTv*uvB)3?s-k0?4Hw)<`#5(Vln~FeMn+iC@{oysb
ze|fB=xA+q3|7-6|qnbL~caK_1%cxcyP#Io}7G$t0AYd4!D2U861bl(YAcD*U!=!>$
z8AOIwWClTo1Q`VaQK_YZfIvc!A&3|PL<m!e5QcN_psjZG|KWT%>#TLw$y$C;5jW4?
z`+4r+x_<ZE&bQ5uUcdUVR*cL<7%7K2!}i9g9MRt`JKs93PFmM^udPs<yJfY?T#hdk
z$Ltl^La1*-2J5Dx`o!-c4%lLRQtP*|jNTdu3v3%=SDMP~YdiXn=Fj7uh)vdt{z5`P
zJ)O+v+Xj1;>(dM5B~VV^N{}UPypFU`Xf_+>U6B7=CK)5FdE_ZTj84AbKO57ma@bjh
z{{tEdEIYS00w&OVh@LquBIH;m$%N{q+>!mMcr6bn{~rz)71tHILCDhuLlescrFngo
zc2(m%BtsJ1$spRHV*Cy@E_<@?=Zjr(pyXi2>jSXGvHfRt%MW_EUlPhGbAFW6Au3Fn
zLOmfXNbN5?%DVTl8ats%S81A!a|f&(O7{k%X;Nx48C44Im%Vb7M{CYn2%M<|?n@?e
zUjqE-YG1_IUQQC{WeoXG7@mlDBtSnC4$fjQ-^iD#W;E_9+nkH|#7M7SzwXfu`TfQ`
zMG3LstU8<l2gn%$slCnmh*cCi1)p7kne!BWX*OnJ)z~O#y2k)|zNP>UTmabrKu}?1
zX@0eCi2RxJ3FAOG{KK$O=5$%jtaIaJ4#UiG$BE&`m-D=hzZ347(!Hk6bS(2rvUt$i
zt3lLnC5!h@i-^jBdv5OC%vf<{zx|bOd}OK}czhvZY~?_nY4ru^rMZ4h8r_ldZDnRT
z!Job*m6C)Fj<34X+FO~rCB=;C%F4HT0%^<WtQAku{^~iEJH#Qa`UI!(%&~WfCR1@&
zmOS#rekPakdr5zyKmt+6+$9n_U5@4`4)vnB(^2D4&E!7ZJkZAINW|O@!EckCfIOrk
zw9pNLh}11wW$-fea?OE})PFcEqV6Lj!R07}J&=5*$ivr4Azg)kz_LL3Cq6%slL)F%
zy?bx5&?=eT$y0>-RNUN9U2rb~dJxB<O(qs?tL447a$M$%JN(4BiA#1t(#G3%oAcEX
zf8xfqBT$$<h)4#pgA{Q)8=Br9?tHEYI6nK!Irw&eDI<pdAt%e>idR2orO3D6i=3+;
zmj*%Xy#o0S6b?U=W+2$1jW6I<1{SzroGaw_Lk%io$`@^_Ao>px*hq7^*ZU<@=7Rgm
zy<vNu8iea<l%+AWIsb3>iDEavwycoML1TG5FT`sJ=8b+Bxtsvd$-s0-KMA}T9_N?8
z{@4rd@}|jEr`8K2m7N;5pv66Gj;pQf*NmIYUJWlr7gBbadp6$j`Lxvk)Tl{?ziFek
zrX0?LOMUGJ?J=Ymi{$b5pvBEgPei6NrA8pt0T{mE)>fpzI%w@|rQPrM!??P4f7LkB
z{Z0*7vwejkU&sNnFWP*(GCTGJqR-gmvi_a`nscNy;Hzz7r|nH1X;&Gp@(U!4vk=-S
zE#Hh0w^EWq47_b;X7gd@7x7cAb2;)@VloGHV{K%U!N$^l6s`o8NW1Dk#Vsx_A~_LP
z?ttX{Tz?k=sN2{0P=5hngLwd)>|2glXRZ&;5q3kLmP95iy%YbTC|{+HFHV#PW~$t-
zMW5c331e1IL8+n(j+Uv)azJOgLr_?wx#zgmz~oaQ-W(Xc!CM9Y)n19$Q)?V%0^-a#
znNl(um<jV{-Jy80>#K6ZG8Io<=pQVb8}qt1vLk-o@jIDb`0CG1)mmA>SaBBHEK47I
zDGL@bg!v{NQZrPkjtORF269F22eIqKa1}lkc@q5>UjDibABaq?q%FKWOGo8em)e})
zbf(%|p3go;R_G!2&6B7iXmD(P@_c;LmQXl>xQTeG-cu|pBwNyd_sS9(AMUmUFRy1E
zjCHxgTS79oqwnIKToCUH)1#?oT!7KXH7nhQina<g(%$MEc#&2oUaTSkEsjqS@G$x8
zCh>Zctx9d^=c^+J{yQG^9V*ff0-9otnNeNNF8&iGac<DxO3ho|-2wVZ<g<#%Q4n|8
z!=3Jr&k6NBl=y`_(00`*beHh4;(UpE&N2FBut+q^9zL<RBPBiP-0CYFwpGcZB9+{9
z-q{*&Y7gL7+ZPfO0;?fRnr8!>YPeV2mTg8i!IR92^sA!d`4y-TDAmXd{&4W2(X$+M
zpfP{fkNtQxj>8`#UIe46A^f4K#v-g|nn_NDAy$(Sh>4rN(|=4(*E_@Nr-y74(wc$n
z@PHxSa*v&rh@NSumSRcYRUZBi;_5+i_tXMC2?ajf7DWIRrk8jvA&|gbtavM*$s-|C
zRgT>J0A<1kx+P`q74Qb+H4%4?*_n;kO6-QIA&3VqYTFxw8hB!lk<I~LQU#Y!NoH+u
zVmdNWUU|;fL>_0?e}r!#>&D$Oj=vo+m#1ZjP#&U_a;a!d7-Hb9+PUL<i$>AGdDY9J
zr`55`0as3`2}#R|+Z=9zciam#vH+9ERZ6McBhB*(l8#g@S`0noDc&5XMqKo0Xf+ct
zZ+}`6>Ds4mgi4_SOm$K<c5^0ds!>~c7fAvRjji37>W3|r(^C+ei2KN#Wtk-qV<p1-
zdM$Ax4flWA^af(|feM^9r2;siC0<fMh^cVQ10YmfbX|P{e@C$q>1%3@8Z#r9x`$X%
zTa_J?R+e4ZI#ZuEAKnCx&WmVTdAKJ7LRS@yTzggaD@0l`=Df%*oqla;?MU`-%spC#
zOWvs^T)=z#))K>MT}&}U1rrdw^;xVSTQVf40u?z$4P&C(6oJv(rh9#}0j+oMk`<(~
zo{-A2E1D#(b$xGAa!{k|FEpf$^|?5r%hdwAh3OSFL+sMbEN|)@uArd6&?n`HlCtt2
zVe=(moGwB1Nry9VMwGtZ-km-&akWNsf!q`qkxiuHaPjf+nWIpB94(`Z7GI4gBkmuj
zBAnrR6dXb{aba|mNUkkawY4qw^-FcnTm(Fz{pSL8fo(pjM0s0WtNH#U)+?p)rfaOg
z{s%kIwH>s9Kp`o|!kR-2oc9ZMQQEfDGK#3|ffvl*aEAyN&hHsn^ke2o;Ms;^#Fk=x
zX~N3!VwW6$2DStnjwkF-nqnj|^)!8QFkV?^QqL!a1oIW+g8(H%WC~yvR<PpX!bw?W
z-><I;F0mgs>06|(V@<pLKJ0(Du)l!vP)^f|byi*ZT~?#3LGKyL$nb>0vIc4C8Sy)X
zQesmu;avZ;_phnXl;@ZORdcN1A1;2Ef@c{tsaWba_A-i2hB}6e^sM1?>fN(izexdG
z^a`GcJ^#?GV2x{y=9zo&Ns!y|>b34v>Rd<I=@^pNF(ygf5|!KbTdjGsp_j(cAAkIT
zMy2XCV(-elW~fdDLU5KvgFfP;llhrlFVMMSxwe5Ot9RWd`c!57mpyTg`<bX;kR|mV
zeEi7T*u0&27_{94+FQEWZv_hmmOf67E+Om8CeEccXaOm;Wnk`=WCGErv9(ue1*kN)
zDGJFKbu-|GQ&R(tq{#MHLdKiEZ?kG_m3LX1qcu+d)@t+EH%ESbL?oh|kQ6o!RK$r8
zkC{Q3hk)|e^y>4Ch$z|hnC+`b0f6J%f+q5F|7ZVo=SCQ<4W3YljJUd>ArhO*Hs#~*
z3chA`dRRV}Xes8QeL!J6%*c%~U$SlI%I>b=A_lGjM>#FD+>kf5hPC_?4$QFDo!Bf7
z#{=OvT4$Kwtd@~Aq=g=q%};!AO_(WPgW`YXwu1rpYZ&Wd9&~g5b%|V}Ptv}rQxTlw
znCtydol54a(e4&EbplF%Qa9yH`uy5&M9CoFURPci2rk4qQQnc1HBL3GOK2I$tN8qD
zKcZEAecM39_q_>4P;D-fr~ejH(JS(NIm%8~lF{<kl}9ySBAO-UNas3|=rVojXOX;+
zy>o2--2)-1jGa~U60cYF*T0w8t{OTG10ZdtwMVP8ium?7?mzBOJBU<6cI9Q?<kNqa
zy#fWT()IvqITkzprpoK=-ln?UL&W2>uTTPeZXCtcjfu6Po>)wvlFh^gce|?<@|_mm
zcfy(JEmVeM-_qbDEjk<gNPDSL5*qwt0Fp`??+thLkd)!6bAGznzPDL!i{5bUGQqPc
zu-&rEVUrP7Ula1YS<^dM&BKu;l2zj4UCo9i*7$gsMA0{&XeOn0&W%Gik8r7)jv8u_
zh#*|h2+e4ww_7<vgUSukz@Ups6sMjYMGBaVwVw+zI@zLmL}OX=h+EKOz_eN*(yE}_
zo8O!-Z`!)L-`v;UZDN@u?5W}yY;T|LnAUVaZ#V<`LXX^5*PpI`Jt<yf6cD$zRR<Cm
zWXA{Pu@EAIK=`%QTAKHYDdyJJ6ke3iyul_LRySFsk>9;|7X|Q_8U0(%43H|%lJ2Tb
zEeA}!*s+-0Zg*lGAAU{bYI6rYd{L`vjL@4fie2qfq*mIYB2bdd7hA|^1<wRbE~9cP
z%bzA5vOS{wKZ3aYS=GFuI2EdUX#WZ+bV}$3{z264>QloB2vy(=fAr1h++}q&ljE&A
zA8KuubVX3EZCoZA7c|4qb8B<UNYS3+TjF*-!#jE1dVY#F*{ZJkRxjei@FCvSX7qUO
zlLqnb?Y!fhT$cqEZ%}vby8U$?F$H6y&whP%KrJf)GdrKPK3KzG=HfK3gy4Zu;EJR%
z8w;}0B%5t#+v>2!V=prUX{f{n7vCTD+!h~~tc-q}w6du_ailrc9w%Pnaq<lv@H4(9
zjWY!Ol4zduimHVpdNga|a?0v>8QQMkt31mlj1@zF)zt)jhW;H>=HLr-b57M8SNSj`
z8Dyh>PZ?|`AO_a=SkZ78tIj@WXJR)XdSf;_vG$i*(?4U+5WxT?-}1@=4jN>Ym{_ba
zhR5Q#S#$(jc!z|WRKRml>)#FOMhI1vH=$XofMclr^D2rQtbLS6Zh3%l;MDtp+RnLG
zBH=SvK@K<0yt~8m!g_ot0+?1DgO2zkhjo>2^ta5udnVP4C@I<KsrQr&SeK-~XhbkD
zBZix12@1F0O+WtXsXOZue^^Q@QfFIYQJj22oh<l7K1he9K5SYZLG6)51|7+t$c`+>
zjCc?+?h_vp!}nPmE2OOUxg@-<X^Qa{WiC1V;9KO}fFWFOY-nPYfsa>sn?mtjk@NPq
zjwc89;p&x{GUK}KR(>L!x4O3wMd#epH}iM!cGa@f?sodnIgN$v$h3G73BQ@njQ$_4
zNVqQ{K{u_c^Wc%buR+L;<@<1?2Lhl+Og$`>?5`}q4<e45H4XRVt?ds9pqL0}KVva-
zbb4e?+r1))J!6jQh=ivcyB^sSY;|J$jYAPUZ4xK9XHa5YDQi_8#~f5?W6%G!ZAi|M
zpt7!(vo-3c>lqh02@xwUZF=+eld%|<yV((?_htF{p)zeb;$~vG2=#CgLzA`E{>2RQ
zA9a!c8mB9_M@P#VE<rux{XWo`SFPr%$-ddvVL5?HVIoXDU7&255=hxa7z@KkPja%_
zu2Pnx(DSL2`a#v$5Fs@m`5vVY*skgcRKAzcRVmtFv)M{Z#7ZpfULmP%@^Df9=t+;=
zY+w66doyi+-c&*+zm10@b6X=mi8+)7>XaZM{@f22&f+bf7!EX__hfCohM6jfBU#DX
zw|Lnyg{BO@zC(yNcs?1|Z-P96(4c}xQ010}p{>yK(%AR~+nx)yq;%_uyGbH)DR~Hr
zh5>Hd+i72?j^&=)yX|-LIiCxC2d_V9Peh7X+)vE4FDm?rWso2RfWAC%!W%~dlpdK%
z6=zQEoHjO;&9hKz0-JM(Db&gtvc$T&ItD0&XHAD-_q!MYWe@^Q2blKk`l3?6d*Yzm
z`MZ8VPf)=-)c~pveP&ryJ>qoBWdF^H_wUc5kkG3zBM_a@lVFtTG|=7e;8uM5`;;<D
zQJIbhZHMeYn@Psa*{}zrJvbR7h|>8TU496qzC#(q$fklB2U&gALPg3-qXW3=DR1$n
zIF?QznC2=wv(vH`Lj%Ik+VL}xRf_nIV{W`Ieuk4tqU&&yV^@@xapy*vONp%%<woTf
z#JujwHw#M(%j4?#JHk6=!g@OkIxkDD4ebio+*v|2RChYfNdgW{4pV}x&FNYD`un9N
zR)(eQdin!p7UdArOBx=;_2q$Gsj`-bhq-o$M2j!<AX)EiyuQ`F8t&dJ(oy{+Vz;rt
z?f+!(Ip5?p<8de=LYHxFozT=}CVi7PpY`VY;>7uzN1P`IdZO#a-&pW31qT;w@<_7^
zk_zuQ!c$7zkN&BDc$;IPX6bf~_vWQ*9SJf!9<%0SSf-MX`@9G*bwot2ubju3^>-~b
zE7uo}Gz#Dwll)>~Kn`-RJw?F?wfltN>x>+(aDVq%G3DOaZHmW-5Ap~m<FVLl1%$n<
z)q{px5RZVeQB+JBTSn-2`fG~A{K&#q(CjB5xYm%eh%3uC60-~gi<8%aUj9N)vKANC
z$K@15AK_dB6=J!H*lc9x*GEdtb1otLf$-^$0ldfN1r<E-*q~$?M5qp%_Ar{t*&&Pv
zC2X)gj*@S*Et`{fG$XzXMXH`eGce%0_s)8t<V#CUKg6{(Y&^3Ya>2_jW`<9k0ooc%
zL$p9N9up&|W2n{nXB2oM(Hl)ef_P1P2wHD;Ga;Z<>Vj&!oK0zL%rXPfnq(J6<IqhV
z(j``96$CSo`Bw3Uir%)wS~hhfWyZ|dOlZ@JNjTQam_M+=h1Oa+6}Xz9&dj?WmMoQg
zJT^t~ve@NVJND8F1wtQ}d5k*QwB;}s2%)pR)0}P~O19nGH9T<615^M(5unjN&k?;r
zA*?~}_fy+*`fHJ^owVe174E2(jh~9EKj0dfjs%RitP{dO#6A@}mwu^Uh8pd6d-t97
z%uKCJlEIM@&AikPY@Hn9Ch9Tkrvv3Gxaj&xBgRuhUVVEzyWFdMB6c$t1G*Z;dj0HI
z!14m2m_<{o`HVS@vBDo+TU)CS^LFDBWQ{7WkeQINT1D{YTQ((a?oy+J?F7Rc`JADN
zS#WPdNIB%qwX)_c%XA0-cBNVBJgPxIPRy;YX9=O~tza@Ha~YR_X~c3h_U0`oHyMCl
zD6Tfhd>|koVBzGEH<SmI@qM1wUDX`ayw`V*Yym}rbDMa1s##lmI^v%B)H_!?I~vsT
zKdI5Uk^@h{ZTvi1;#|oAKcCe6lQ8}H?A=Go4OY2;8=iMYfA{qgoNTy-K!d1p0$<*B
z#Al^{kNAbN<s*}tTkY#ElGgD1HgcW|1=zS1pNn(;F6bc)z%L4lT-nQp>5S{b**2W{
znfntuKpSZ6zZ_H3|6t_g+z~p)HMf0INYXV1y*~HTe4M-R_a%H-m)*F+jndFYh4HWN
zAK&?T;RwNgY_F)sau(g;q~n^hjP4zm!GPy!w9ywHf$Bw7@YuknjZB_#NzPM--lRSv
zBFg>I<&VC`eX4%>Wf7oAnB6uJ&>2{&VfcJ}{z0dWOqL4%R;zrq0wyjZlRZs~$~uXt
zl^V680&agS`b4fFVjQHusuKh<<2{IOC>41&5$rQ!M}l)h-Zy3*pc4XZL}bPcUsCiS
zza-9ys6ma6GP%?s`zvr<otdjhx$c6F_8XW2WSgiWzqQmGV{;y9F3__g#C?qDSt|Pr
zD`1<*gVQEIoJvqot8Jys-aTZjV7H66hIJ1Hdbijo@_j6D?w>FDD1;({*2f(|tLp^q
z5cK*VaW|&*NKqQb0H&tpiD_R-9>x_KXT@KF#{D?FI9&*Z^4KGo%~%APq&O)AirsGy
zG|0GL0TaERPt(!^Z2ZlxM*#bM6#1yt;<Z`}z)CL?F&eR4gpLCsbY9cVS{VMtT6L2Z
z@a}+`oWK5XdD-&eS8*#JC14ZCD2Xo~J4C~x6GS@f54-fNT`i<`_Bdyy8Ox)9nd6*w
zz)Td(rv8~K`c*0{gWWVDdewve{7%Vp;qghCVbiK@5ld}Oi?R{WAy7UV72T;3P>azl
zIaC!*ncTnM%*38c))|7p;iAahqBSmv`adF{^s#ODtS>BI+%BhGHZ@iw!AoZT#n|=9
zDgO~!na2g0_sH3EN(s1_GmA^90vYE11D;uaLN29l)jlUQE79L|WHH>N>CajI(zRiA
z{Wz_x)Vqx)dQjLK_nICy`vCUSM1>%UDlB+?Y6vj1Hq#}^?T1%3t%J?=!qO>O1d;1w
zM1|^$Q$5w=Aw)$xg`Wbu>cEP#N>WW?zm#U=DR+n7%~JR73HPRiuGq*_J92az^F+i?
z?sg0$TY@-OSVH4s9r|v5cGVRiI;2J*Z0C|%|D+C@_DmwiIBnpV#8pJPhm__yAFii-
zk&+<x=j34ic$sY4d~-4VZD+)qzkSCsURO&W-mxo9cD#>{%U%9a?3@irz0zT_S`~=j
z={~mfi%?xg%uWKO1-!EoS7x-mjLAmYhJ{Z&{MH;;{~^EnlmBRp_A8|8h>VeD-Pese
z$NJu~(~5<$WLomhc1IVA#n`eJ!7h<dyD$v06R15fn~N<=-uIuHDsV|&8`WHEuK8ti
z-Mugylvkr5*;e;>A#XekX1z33I6odzeRaCI)VA{NfsVtq7g@iPXX_Q!YIYR2ATt%%
zK2Z8V`KK_@Fc%vwL4G=*!#?L-l<nWoIXw{AuGTwTTTtco(833V;9hdU=Z)!2$oS~F
zD#~pxV<%`~+_X)A70~O@eTGKjy;}0A53>RKLiR1K=k<P`EBp7#k#mFT6k9P_7+q1n
zVD+sz@D2$oM8r!6Vzsx`-4p!*aR|XMwL4_sdnXkHI7jX87xS5zoP-e<s!f%Z$EX-|
zj@q~l!gpR>n+wZ#2$)g>Bj&Lh1t|0codwDQSc0++pHz;MD6HT0mO^7CnoaBWGww6Z
zS9Oc=tycV@sJks3>^FGgU`1f5S%@OXtVlyvcfeAS&N2;?X6pBI{$w^x{uZ=;v)bz+
z;kK)Ne%IxC>hb=<<Ucw`@GOR`1+$5IYi(JF^W$Srn$KGk&VZ0$vT;ypwS|m^J@WH<
zTK;`1Z8V1WqL!bb2MYwd(v_G}>Ah{$TZJwVV6Yj(RBX{^r%=NEvoEN{9(WLrbL55r
zo<);lm9s`}X2jgH+HbM$YO7||h$V+9@0$(<bbSy3(^VW>Hb$fZqYIDD)3`qiYBis_
z4|NtlS7Uy)@{`cvPV}k|a;!Wg#3;>duJ5fvL-X(zH!s54xIfIl=x8jht9yts>K4Lu
zd0pe3PJ0oW`aJ9z5!4{5v53W`cu*6f0xGn6?B(zeHV`}QNLV5L?lpI;R4|A%zdh22
zOk(={@Y)~l99=+|m&y~(zKiVpi0_Ja(wqkmdu0r|*SCvbxsX>OBj#MMS3m}sXyR%!
z3!QzAW`H?@YTt)c(kVx%T-uIFug5&S6{)_5&J6;VsNA9XN+Itbq5+m+?&F?5d_oj?
zfW)WM$R^X+({pvPprgO2>kxY;>XHmi!vVaDz!^$OMkPi$@z%0@qvk`aZ?#vJ=G5Ko
z#(7J+yNC1ASWA>wO!63W$}BWpav1hHC2l(qqYlyJ7d<>g{%IjV+5$0OrI-&pI<q#k
zz&T~?>LtiMw2GqR@3p9?UckE#Kv&DTZSuwaAZ-1jYpc1|dwj&I7r20`&I&9;%b+<m
zOw!IDeV8Xp5G|7LH?8|4l#Wb6RpmL!#1{Shy4nCW#qzx>uGK{+5*HG$<u@u~JKR+e
z;!bnjpSl_nO5DbhryFUzbNNSBANK`AG_3A(`1On5lJlNaM3*5`_9BZgc@WqsQwQXc
z!U<1)^dqy$BXkYH%O{fk$H8w>IT(h%6@5iur(AjFpOfvy=rRC$IS|+c<Y-wdaawJ~
zj27?mRl3@ROXir|s2zBGd9*a`l3lTdQrq;c>EHUD*e{n7$!nS4hVnQy7MI8i{&Xl-
z44+&Z_{eKMn*}y#Ib)9CIJShH5c8Y9HymtMWw5OZ)_j!fB3F*IcAJg@*XKdV1R+ZJ
zCohe$se#%Suc6~ayaN#TQrUWeCW&TG4cag4Gs7yqt67W<gi8;TKV29aPENPvDCIxq
zTfV=!ng89x_buXKFKaB1O87<O5AlgS3oA#xo2v07%eLwAPaYg-*hiLAKch`e)I73P
zxP4l;kP~+B-KG`47;D8|+;xisyX9*K{ch1-c=d!?&;^Ej_|crf(HEVOV~%N_!p9P#
zz};VJCszH{?z0<8W#saCib&-Oaq9PV|8201Vm@iq<hMHq^zF(!=>=E>kw*804GMTP
zf&&kv@~e%s`>U3`5Qj~s3+L#?z9W0r?4r)I7Qi*RH?MX$d?1>{j|0o?5sjl2lIdeI
zRz71@BZ*ECtAXkMwmWtc;9bp2&|K@=9IU3l`y|_?nI|_b>m>e~+u?71RX%k29w?{>
zszb0kV*j;m{G|t1lFX4*JLgT`)WQsBH=sDHgT+jkoaUY0ue-@5W&hXlt9|dR?Q@hB
z3oj124B4|56jIXgoCjVc)n{Q3v%UJl!V%*Ks<2Um`tu9P*<}`E>gg6Cd32FV@S`B3
z?&=N*_a>{agf0W_ei$3vnYcJvMgaMo{Z6uUY4F_qsCN#V1~srPdz0*^vX`atPnl_x
zxl|UWbBQi9C0;ar$T&!(_I=BBCb^u-6WNVj?oftsB)kduJL?U|YJc2VgLfo$<b5_7
zK(RnPwiV8R!V(<roaq@ugwzIbuUYD)k+rJ)qXq?|FbH63AE<I`aB~nfHbBGXI|*_b
zVhgK9l!yxXE&<^X-6D8h1O#y9l!~{tL8dNUK0p}n^l1Lj#2`A&)e{7cF5TQ^d=X@B
zE0v*(7i#OOc^AkKA7`C;-cKM^RO9cnuN7%v94}nB&{>gomynk0KRHO<X;5qozKScq
zhpKh7DddBz_M!L6{p)5S3O+qLGOw*XC=Xot$xbvcqC^R0g5~k7#>nt_|2Je7mkq4t
zJ;_|RURwVrjAs){yXl_n1S(yW`LGyWd!FeaNYFvmL;<>BDgDpkOOiuK3033gE_1LN
zckYDsi?q`dL23anrG&0LcmLH*Liso6<B^^{M~ErHECI<d{!`Xsw?8Hm*FO0^BcHzW
zU(;B4r3<1DB}iEe8&xKre(Ny)uU<;s7U?vH?TR!C+_-&EPtsEv3NR<|k{>L7-BkR|
z&zq{JkYfGk=Y<h?Ft*2h-M)<gDNBev5sLD=LE)-g53@{0<%<rs%ixfI`za9p$6z1b
zU5?8A5GMac@Ay~4-sfbDk1P!2aoUjnOGK!CDIobbK?W$Ld)<dK4upl5QykLm)*%P1
z2?y_QO*o)eYr;WxWN)p|j|<#?2$Ru^?KqcG5}2Wnq?R?)jg_K1D3}w$4|-GXFM14Z
z8ON0MTBiC6Ib4Nb2ye&1S4e65%eSk|O5ad?N0e3uh!HKHNB(d5GypDQEikWti|;MZ
z!kCE3#{@d%Ul=P1cQ@#;fX5O2zk$bjUXF|SCC%UMS?M7;=HOB!t=biqZG#JAUXvM@
zhAe!xG6?}`&Bcg!Bfs7FL>6bqg3M>*qZJ7#7{ProKkL(<@bDBzBQl^*pKMuV0@Gig
z|Nob;6#u6d;lF=-LuNldnLIpC-Y^E2v<P1T@(Pvzkr;#A4$C_OU)<LIpJ31V>!bDm
p7KrKNW{LcG|2x1b(NkUPBBILy-3uMogUCNVqj&BUPRBX=e*rJ%AJqT=

literal 0
HcmV?d00001

diff --git a/test/integration/connect/envoy/docs/img/windows-linux-arch.png b/test/integration/connect/envoy/docs/img/windows-linux-arch.png
new file mode 100644
index 0000000000000000000000000000000000000000..d1c05533e51f21a971153bbcfff5ae81714bbae9
GIT binary patch
literal 61475
zcmeFZbyQSw`!9+C3P_hAk|GUCHwrTXgT%lL9U|S`Wq>pY5=t}FFm!iFcgc`~(hVZr
zXM?_Z&i$>s&boizS&QZ1?7ip7&y!z*loe(0aHw!FFfj1sWI-wz7?{);7&lk$-UR+9
zCZix5_~(YBii{LSK|l2>@XKw}=L*j;Fp48^&kQhu-?8mvH61Z9@LR5aZgkipjW95_
ztK>k>VQzXG=iYh7njSL&{B(C;zwAjAO%;Cf^5aKtx+g_11DY`dS)QB)+|~)a8>T$J
z!gi1EvDFO~g`ZzRY7ai+m{rSQht9p^AiU2IN2qo0ScZbctY(oYn9*5G$`aCMz`nVl
zhIf}4#g*3O<e%Sf?fQvdS6r1>yw`D{bW7AWzkZ<lG_iC*VtM2I)L{OVcip<K<!1fp
z<ht;wm)LFqK={?Gh&a&V&$~Bd&tbRzyv@6dp!)Of6_^nH=N$(7J0#Yhw;Dts{y*=U
zg6UAp4sLEoy}Sd|)YM{bzfvDrCnpHnqEzh9PxhnA)R7Z5m-*V2kYTEg(~0Yw-V8aG
zBV#k_TsGs$vOac-2@6L~vQB8vt*mrzVvk7iZyan+wY|0u{$ZNDI<y?~y~@5NhK80l
zE+cI)#u?pr(LP}lJT+KvQH{XIl^HV%G5teyDz19qn%l2&BiWpZ3_e6y!);&t$}h?N
zo>;YDN?|2oNw;53t5VIi8F~(zll-Ph$;oUU4i2wN^^#$Xs2f+5z3R|>gp!8JGs^KK
zrKGS!iRIt@`t{3B22`GqR^eZxYB@c^Uo2Q0l-&O*L_0dtzB(5reVI^NS{n6~QKGph
zh@k7A5BkE6%1p{L1#v4qJk2cIFmKb2@`(D{Hf97WuUSQb<>HC9)$U713hWSS57#`}
z$N4L6m&9s>NXAHv$I?<?0y8u7PMFSW?)q4v`ap1I>)f|C93z9rMjXeaSie(O=Cb=L
zNY#Ta{ByVc*tNuM$SQ57gRwg4e3yjlSfRSOylLUfuGDi$cQfNMC?$kFVgfdV=N+Sr
zGwP1NjY!2TDS};jN?0dyRj9?iZ#w#dx8hH>KuJ%tTZ@9e&2b^OaV(L3f|={E@%E#6
zED80s)X?Q13w>2>9D?d!S-h)GWUj%3U1i?Ru?rLJG{hDziH^0Ki>d_IDt@B26uhR)
z5ra{17gHrNQ~qxL%T9rySV#pW6W1Vb+lsj)6RS6=@E+XXBaTdWAKR2@nxcT=w&N$l
zk0nkJrkhDDMo$Kmm{5+lZsJN7(?cKP@Gh7oqB~Vu5}D>m=0)BrntKFB-@UyC)|neM
zAY^`SZ2dT%qNj6wnfcyt>@G%nE^iv%;0llaZord)S1LjmChtrtx3eeR^OzV-ET+P!
zCc}1Ls#A)c&nVDHPMHk5GOawL-k46xk9&|;fbigxyxi)<3t5O<^(tBfVp1(Kwa~9M
zp*GhIM>4L(CkB+@$>p#mGRS8e5wRq)AjasE*?VLuL<}twCaJe|Sd=%2hZqHY9wH8q
zEXm;YM8BvAUP7MnY;};~+$1>o7gMZ#Rj@$EVu)UVBata<e^G(|kDkuB844-Za2$Wr
z#bl4e4n|eb_IG`PX~JcXm}SiOgnu~Eg#|bfrQH%GR{3V}NXI|0&o32EmraUvu@&b5
zUk;zer$MLztFC%xpe*Tb|1)x1#h`w*K0Cx+b$We(LiHcggpg@rsK)^7b0^cU)oY4n
zl5D}bIqYPU{Lw|})fUbjK?=~MA4GxQ9t4q>F(^jXa1SVkmXb~i`4xXOhKt>H|Lp%Z
z5R&e?71>gsD0fZM=ey@2Yajh%;q-U?VVaAat#GDl>7W?5Tgw#;&&eWG5<p{8+5FC_
z_6Q9-tl%~*(7qS}laE|yKW3N?jwgvkfLiwGmmQ2B6zn4G<{nUo7rRCk$unypFl@Yu
zZ{R~ZLvmOGDwbs>Yw0=59OwJNnFI1>?U@p@JAb}ih5(`UdwyZz(TFY~16#5kmFCI&
zT87pEF}6+8=#3FE?Ce3=w6A{mM&5MdG(X<cK&vtb%c>hbqHB>byrn4;|9~!$r5Ucu
z74N>PNXjI^I1_~oW&bU$Rr*sQ;EY9xrtNg7pk^D%@50AlkQMleM7{9~1B!%yyN(~A
zt$B!!LsuSYCdjV{``kt6kzM?B7wWsAzsy-l`A1=LwMcTXhS<6A)Z>^}{YK9jm}Ax|
zh;bvoLBya|Djdmb&1olo&W22%c+$Q}?Hj8%2Q{xcjKi|uhV+sID3U_KPG=BG^F$WN
z+3J88H(}RnR%nu>C}9fcVRkxL2b8oXWNQ)R2!7O#w#^D$1NDj8_La^e?fCBYAemCA
z8&&C;p^?1^*JHWbdx)=(m#=~v1_rE`483DEMw@C4c4!kIe$p2(KyUl*qaea#vO3Sn
zo|T9P9X-;sr>qv`KkB1!PR@X`C?fIK1@|~h%^g>(`lTx@w+At3J$P8iv79Lijdm;1
zv3sjVSCGS{3?pI?n~|<|-_07Z7F*))`!wO<kxN1bHMsRn>_K>N)$PX?*ypqg@Zf|s
zEFlh0ylPD!aX-IA88iZgdrceNXLi&s@5~^KEX}{<5k7wu7}j1bHTz51yp-LZHIgi{
zRY|U%R0`j88EUvvMyP)Au{7vTMKj#bs)xWNiGjLrn@0%DryG=|!?!z}#6k_<=D^>d
ztX(KIofTAb(0>hU_2fd=(%Z+*tqH1voXO@sjWb{+5YK;gOAJG*bJ_=gG%geFe<2o#
z&n$6#Z2ho)X$B7Jng0_bt|iBCJJc_LFSIQK6w=%srFPH!k@xGTBube6;Akr&>NaVE
z5AX2$NR-|fvw|PVeKOYY4+$g`V|##ykGF&@`l6R0!Wmsu1nc3^sIrpfsDz-w!BuvA
z>1z$tA{K~p93k)~)Yt#CKt(ZPiIN#dMw*gK2+U5>ui#VoJd7hJ4ixdyIaW&*<Rn=`
z8MDT4V%3T!H6UMBU7mpV@N_R_bqA5$%2uZkq=-~nJdx_G=FZeh`Xkvvqex^d2R3*F
z^jlg$^Y}9a{=uue^D&Jq8zGpDoTdHs&<FUJzByK>cC^1Di30D0AFR|ZggNDlS@rqd
z@(I@G-(s-cZNE>jBquN@vXI(zw>7=9Q(&9W)b&SAFzrX(e*#5)VR#J#38H^5Jqe7k
zTP`IEB0H{0Kx!=nLx%4)hP{Rie>3_MuipfN5tFhoS&|PwBePWaqCXggg2Em1X`~-%
zJL6(X%^=;xBJoLM^6<QEBtzO>=6+V^>{A(bNV{cBXKfXfJNEi1WA8!-=RIr6eE0-X
z{RUZaSnzlgOEEeIQ9UmLwF&xIpU4i~bcO5}Tg1Q-?8CyYWpW3NJPyPcxdOQRlbQ&N
zjJs{?TV+{+M^4WgaE|>}_D)o4m>ga|NY8^jS-%%o2TFVydFKU<d9^Feg92zF&axno
z_FcW=bvXZ;14b&@zvn{Nc?1TA+HEM_pDT+P{x8z2NFUIC<0-|3z@2}+I=W>d$*0}0
zQf<4(wUTE*&e(sxi=zt%QR9bkg7NnoJ?|l?Dscbi69@M}{8kiy3EX%ZXfe+9mz;4!
zLUfVtV`dbsn46uQU8+q=a&qjWad?%+72S4BSC@)DLMbUKj>PxQ&d!!wj@kTZuzs)i
zQBbtee*T5rBnFUgIB*X83EIwZ<nU$?B<amz<I37QIl-b#)Xi?>*DKpE18G}IN=n=a
z<!L4~p!)jJMPqcRLsIs1A~8vAQ_wyKDiecyPxZm@RE&_$7XzpG#9DHDH#ZFxQ;=Ga
zKC#I6#H1wQ`qt&a$&e_)^r$_>jTzU*Z$l^KO&D~j`oX>ZhA1p_w9;dM=+GGKU<*k$
z+^(W*4a%@rt~LFElhH^Qn5=2L^qA#XLCnbheGQmAbe*4ls*`O;o<l#qaja0En=%g6
z<BWg|Q(G;e*yXnKw!CfiqUoQ*Jj?c&P~H;Eo;-l0U*)}2hUr^Ho=!2@;BGt16p6yQ
zA!hC;lp(mFav@2{N+HtvIuhPc#oZ%2PLDnwp%RGKhniJTm+kr*<X(uGy9|_5bIY~p
zw~?dTVFM$oGDJpRzbA8G+2{}LWT5@zx%#cUF4=2fY)&OfL;GSR`S2IT0Rmh8H;Rgi
zbMl>R+TQ(|Jn%T?+ts1@T?rzaljW9**aY3d%<VWv12&;+F@k~`$?|&5^U_Gln36CK
z8HGLQ!CF=eI^pin?{I_`S#^OGttOMisjOY1T>Y9AkgYeZ3iKx?Cr@SvF0~B=E#i{a
z+l|CA_M-~qVMbn=8$V_iF1tgR2%v*l3P$NF)$c7{cGcEVOKes^8EvO)7Ipk%K5zPm
zv|_^L9U7w_94HP<lfrl0kt4l}stb+{sj3ZGT!_cV3r8U1xs1gKKNdUVsVn<(!MS2L
ztXNOp%NF`qj_N?hNI{P;{Z7pYO2I&Hw*$%c&$XlJ>-00#cQX)YM7(<3%Rp@+%wBZ6
zL;<PE%CsDB=585AnUKSP%~{F2q-`WjCBe&va0G6V{m@2<D@V>6WvxgQYgdDVlS|px
zL$4FL$=G%ytpdFJ{pV5}&U^P|Q2j@xG<Ftdi2<9Kokitf>(*X<Xmfu)X>HA8!vN<n
zqf}B&99PxC*ebTFs-xEn%I8sc(629DYO7Q&++)^1rI#*`vWYmlNc%)@aqlj3tvD}X
z1MIz$d<GL7YJhr5Zg=?~_$e4}-m0I<>#Tjgc^|IkDWACx2Qm-a*N(Z<S%NJByY2jj
z>ZMd%E*TaPY$|TI6O{H5ezDmp#cr8Ma>Yu4LAVoatXCa2#`qybRm%I=0Y{gOf`BrM
zG=#)o8Wa3nUyDgA;I8L^zaWoVaEu)IGb;ykLFVr#ymim86tVXgx7?hth8$dtZU{J1
z=p=az^%57z7TQ0a9w`Fs+{~JfQ8Dt@#9(gv7WBRl8$p_G?gwmr+;W-15boHIUuu=H
z$DW13a=gNfSUvScXLmn&Pd?*>X<Q_&bIcZ0PuS>jvDc|oiTBNMy<XO}+l8T8O*yur
zJM6@)2C5FKPTJL(U9W)ZRpT?5dTYO?sQBjj-kRCQTYteY$l<5YgmjY@A2f~U!wL}Y
zj40As&dfwVuTIZbvtdZ2)t=U-;vvyrX;kGQN9A1kda(3u4W5z|#H-MAWxx0kphynp
zLORKS$EO@e8jdCdG{d!m;F=6nw#Muu0@(`^FXX*w$Y1eRD(mi&mh2{y;TulgO}RnV
z1)W9aC>EYSNMW)Rn>}8#<1c(YBVzFYyvwBRRa^jy<zkS0JM}oA0x*l3^ybXDN42H)
z=5=~i`uOU<;hNP|amgC44m(`EmNV}Z!MEa>A+g=R(F7=xtNg0Sl@7&T_r7lmW=&N7
ztv|uq-<af7B~u+Ml33KhV3F8U*M2CRlKf_~Gb@u|Q-V7#1O4*ONX=x@7UN&<-+@3k
zJG`4Ixchx{Yz@lkyyU3+DMate>zhXwB2=}Czvw+o5`3rdS(r*!IklUZST@+CFK5Rz
z;l2xl*34vKXdgnK+`%QL6v33=8(g6uJ=klJ&6KE^W!W{>xven%3|5l=d&3T0-bS$w
zLAa5W4+=<NqtP%(Su3v0NNy~UA#F*~1iT0`n4cRu)TzVmTXJ5FMmYv^K}xNh@zFl6
zAZyjHb!J!0ZeRwkg;xG3=Dk;^dpOTG1@p9h;HR{GEX{T&wxie_R%LFYUc9--1*=t%
zxwS2oJH0A_(2E}Yy~j&lNQ#bSYR;}j_m0Vpx6fKce=dsl`Spg73f}KrMn*t->{{l0
z`;LLyocSxbW?H3o7bEu{?qHGW1yTi%QXJIEGUP_4JSx)r)}omc9$V{VA=@A&HGIz(
zCuUKWA>5-eRc`yrW36mIKc$k&gsC8y*24Qg#1#G52xMx})!;z2)y?Ue2`Cw40!BNi
zIV`7&<{341Kv<FHbNNB1#6bRWS^$r4yl+60cCb`L;g~!#wQO_`Y;kkzD``Xhm8L91
zR_5MTE*fOng;RZDg%%1^B@CzXOzDq=5Njp-w9mbUa<&m$bjN?q)|15=f8mEHrTJB=
zKSU}<^GwQzfm$g@_X#^97+FsxNCq$}H=(9Uo{1Z1^TINB=trvw3faod<UO*;VJTMp
z3{<X1O2pjlsFYk9>q4g(nQk8y#%-BsF$L4Tvf0*UubtK3i^u{Kc(<t%5Blw3!ImdY
zK(p=XVkMThlvKINswdNxB4Mc^bL@+*3|{!VO~{X5J|J1_uX)6{;?aR-=Z%cE1lZ6L
z<!u;4ER{-T%k7^Im;e4@+(m8ZmEOrr+F$Ka1X`>T%HN#rNN#R^#?lj~!%B0*qdfRv
zktph^Vx&!3f6!cmTN=iuBo5opcPJ@FZlf3X%ff%s^#YNRA6_T(6Xg2j>`t1SbTYW7
zkQ651cqc4I1Gbs>S=d6_NoF6_&SE*uVnlcP+0cF_lo_tW5$Q>)KI*99<HZJoEtp*y
zuRKzG3zmmZ)}PN6dvgC_<Z{+q6$g1QPFRje47%h;ch2MnZ|slkyI*w4w%?s(mcX|Q
zHel_{eH1KOb9rh`L<#9c0Ozmbp2JM*8pEs)#OmnB+Lfljl%4^UQ&zL$UY2B(6MTIr
zfnLkuy1jbodX}`sRZ|WDurrCS!_?=GMr3J5kEW!aVUbJL%!HrJ8Os~9#>W_#ELG{a
z6}!3lYX%JzmEbu*(9h>N($rX~I16DqBnj|z-juS=5)Lb#0lHz%fl$R%l6(w>t;kS*
zUHKPM*^{~?ia9kEN3V^62=(aR2#qjNLj(C2Dc0ag?bPUQgOLPuNs-{<WOZM>IxiL+
zeg^SMc0O3pvEfXhaP5Y2hw~`cAb3qFj-*)BWdqp3;$*yni_*`#OP&I}HtD@V_M53@
z=PiZv8B!v25wv%Obv9x3ymbzzYjc2_vFex1O66iEF8<-9hWM>ycuwZdYuX*b1qBY)
zkCReM=s$(t{@kr4W%PcqcxO-P!g`6>jSaa@)z9>4q2u)nq+Yf<8m^(&Z5^aPXV18x
zKlE#KvO|czzr2B1-Gat7+oLXr%a5llp2wjeSO;YG8^$Yx7FI8;ewBzYi_p67gQCef
zsG^oK&h477I3~WWu9vq0Lr;Wikv$yAZLYR%U_hhqUB2yu)wOc(m<5sK`ji)lHVpR7
z>3;MT)GKfGB*YcTv?Pstp((Nng|Lj}!(&4h4%kzXoL8af02Ac=;#Az&yfjYmE!oWX
z3LBkU*1wGzot5VttIRs!h)IQEwQtb$CHFCrcjwt2P^q48rAVy%>{`Zr-!g3FuUkqd
zx1hSSGLO+MWRx9_jN6K2x^#631C^l}Za$r+32g|i@*{I)(tF^fz5|M@0Coq8H;A2Y
z7H@tmED6wnvDan<E_Yhp`6i3aF6jGaWHo#Z-R4gVGBwK5%@x1z`&|W@dM*?%IkFlJ
zJj{<B+vhY=sqzMN`c|ODeL)}7f|IK2nr^S{HrQEgDL>GbAM!w+{xq`uV?C+WT@zoL
zsa3U}X4c6n6Wz__DTq@+ucGPYscH##O0fEmtmrUe_VPSP`o!-XEf~tYA_7UlR3;W^
z@g{dC9?nUA(b;#i>=l{n6{Q-Tx54}I8dB;h>#;B!g#dO<QxN^%hG`ESDz0s=`gpO`
zeYFUvHLkA50P2i2<Dko|YL{b*d?3M&ND*XzF-ZAupOPUPIP#n9=Np~V7}rBt{(fQw
zT=G8^D}Ni&MICe~gIc=36hu6SwYdE4TQ||XM}FA++ogUZjs?Y=!u-FfivIsE`u|vT
znyRo|H*OjGJKt{oLm#~*?+~o0%j3)Cq4+xplkWc)`ZTdXXl*vS@0tYN>)D*DgrB~@
zLja*R`RAPz-cU}wJP0q7Ars8Y8#>JvQ8>~YxTZE*o%)ZWm*<oLCBHy$`KvwbL2v;_
z=oo8)u$UN39%9rE6u99L5%L*$AZK=TpjPm6aCxtgkkG*#%O`Tcs9zDrPW!-!W!u>O
z>za$J@M4hUqiCj*M{MIENVNwUx$;II5Fz4>C~eJSmEbh6Gryg%kdVtSje~-#nMu*(
z9vewE?2(W`jqe|_kg;6wU_Mm(==joA3CG8@|HX7Jr=&Ty!G(A=s+G6Jv;<b6=;8r0
z&HKnW1PuVYk;H_7o%c1gXTM8nQ%%U+$(<>$aNkxwl{a%IL<4h|{o)N>JPfS){s9`G
zn7`*6O?fxLXkt@_>8%G5RmjvJDO!qkw4FRrkrXH3H%!RVBv+H73{i1s`9%(gYrd8=
znK}mx*{V&QxDy51Aj`>rGv6@b5Z@Vfg<E}Jzd~tyX3!X~o{WFLb&p`z=Ki%PkQ8Zv
z97Z#l9OOEC@_79-az?Ul=4bj5=eJ0+X|IcLl<dXi4%R3jxY8JGUX;$*4eP>WB1i+-
zK%Y6yc4weT1(_Q4Mp^UJE5><_c6L@L*Rp#5b&2Mc+h^C7qK$*}sAu(e!`iIPx?z%~
zF;Os~n~y`;g{fG^K&%uwD-5V~N~s&n0_!ov2aLuE`wS?GGC(FhfK1f5zpM(~@t|A>
zM3W#9Tc3NQ=~Yqno%=LP(@!{R&ykOmxup#4A8^nCTJtl`U?C)ivGlN&X?BlGcy>lr
zy#`8e^4@mVK93eTax_F!2F48#T&yT_B8>TP`5Cui();&@-#SWM`7!R_6F9_ZX{meg
z!MKt(2AD^fao9*Rsb;d3ZbZlTRpXdCQyFwYb0=7GqX%;*cpNj4E>nIm8@YJ*T)v9j
zeuPMNtxWaAkSL}WxV#g5K;@kAUm|ZWt{z+3`1$kMRGfCDP0XV=53!))_x@!~SnC5X
zyQ)AcrAA`;yiA(%Yt&tA^{5j3sb0`r3_`0@VqGtColLEtA;f~HFIjxKVRW(?6QNaA
z6(q3z(83FwlK>I_{(bsiA;A((cXu6aU%!mg9a9q$7KZNj_xF?9OzUv9<9u(s@!`&&
z?=Itr9t_p<!_rP=RSiRC-cLYY3`?FUB!#D(tVXD>o_d~b>Yv2Wc<xPHu2C#16v9RB
z$VgPBV{CAsmu8e6u+4pK7R!Um8xfWuT@oU~!%4%JAB9w}pueS<-@Z=_+P_lLV2QF6
zFJQe^Z?j(VBVu2lB2H4KPm?C<OMcyw{1usU-s20Ntm0XB`|h=4EPQ-;aW1KzS?JOk
zk+2sds_z<nF6nu0>))3}fJRR;G6kD`Cg6t$31^CISa%*cZp?pui22I&3p0vL0_fei
zZ2l&CPBDR#ot=&H&KbB<^A%`+kq53BXt<oF8K?P~l;MOK6I47?&7y+J7kfjkzi83h
zBlo&XdWH&-E`}iF;4~3ha{n8xx`)rwnXAwKHmmUtuQiBYChol`PE-Fd7}oJ=4VdH6
z($Gx)1m>Is!4LV>Du4!B$;8*M&vWTqW6wk_48i`WUyim+5YDM*iqQxpaZE0$uYpp&
zv)V8AMu#2qJi>7Y7S9+5zM^7qx$g0lHx3JG&$9H#9Tm;;4)BPkw%RJHx&5tW$`}R4
zTO`euMaJhd@ukDfI6R9m<9V)7?IAHb+-H^cd@1E*M>2mU;%p`5Zo-z#HZVca;~ZL-
ztUVNkOgw~cM)<GmfV&4S78?<ya_h3@G=Uc3Tz6ba-y|6)Bk`qDgQJ{+B<*z>c&+l@
zv}P<6jAR)d=dGw3<#QFIige*?u%mzuw#7Ws^(g@D1T775ec)+D-`NtsOh_=HC|;?<
z!Ohl|6%)(`diof*5gu2FVwM~`c#mv*k!9<Z2aM5z)kP7u9!TKV5zxeRGt(;RNLBKD
z=cu>z-dU3x;;`^M+gF-Z6Q=FLCU0;Y{k9nrnd{bM8JUBODJ7X#jxAC+u!XXvpr$4K
zn>F2fBqkqwn(Mkg=Mg%|3?FY_Wn0-h>wkwAj}YlsNyLMb>MA=Q(3O}Twr#o!Df)}f
zRe;s_r14|S5>|5X-NS>U^}MN*43!ABSTIC;0IzCQo%r@m)z^Fiq9G(6;NJ{P6w8+5
z1`zp(ux_n&E!&>z=HDEKn6N=O3zHRx8Izi^VG2FUv7njAIYGA&ZvP?(a7Xi3?k<@Y
z?{60&MwiK3c<|v?l_*&Q3fBbV!V(;0-Z|gtO*%sK6%I=8mH`dkS4l+WAqcGiz6=!(
z%uGdVLfLs%-I{(L{*U$bIaRG`;4C;IWzOUbG`99s86v?jL?-uivJq@vCf3>Pd4o9R
zK)+l+znrDqrH>C>j=yf5``TH?z?rw1>|o=f=3F?>&;;IJT}u8FvRK;69obYN7+x;{
zWJ01nV$f--m{2hh5r<%V5B!iLmU39;UWQ7ZRM?{ezU&fG{8`kqk(e&TB*Q2NA$qtt
zxVteX|4dXo-D!4iB4&!PAaT(HZN=Z-C!koEEL*$rt^wmN;Nw?WTplk1=%6N$pm)SZ
zUn{Zozf*<E%dDy}b@xizn%G9UKnTFr%=DT}cgf02$~|DtB|~Y^UM%t~KLch^%@>@Y
zMTJ!^<CNHj3aB#<%UJh>lB>1J;_5-I1z4KC)@>`U&q(#*G09JXT~SOQr;Qig@0GIB
zw`_Uyqz%$08RdOOu#%)rCx$oortbJOw#=^N3<!7V(E?d;Qf4i(pElFRTZNOK{oy*P
z{rV`U{2;L}l_gX%t77ur(~a!fFPWh7q7Ri91DQ87aVZ80zW=aW1RU+im3G=KyB2pV
zXX6~^_56={U-jBYDWT_~Z9d@gg)gcZD~SnAnM{abc7+v2(wy>2Og&g+7ox_2IDqqE
zg%Z2Ll=hC6993nhg(II(iC=R;4FkxTv{Dnan}$`DAOgi%u{-fkcam_VUG{g@iFVh5
zscYhk_H5dZu@Ryfh5o87skpNYSzyPCt7rhvL1tv}Wy3Oy6#O4mhTL^`L4d6u_bhQl
zSbuSxmi?4e*{x+-?dGz$6~Jy<J+or?(+Ts;{})bNUlq<3m|y{^d7Sf$k^UeHIUY%~
z7!5egVW^tivm38`W4Vkcgt?{!8yug4Jrx8L`&x6z5kqGdc_HfLeG5-XYBgR`8;Kkj
zjewA<^L}ES+VgJsy!C2}z*^k!G<Sk=f>7c*(83lS68RApeJ4e!TzTlbe!%&Xlyh?F
z7kpFU4US4?3s>?EGkg$#Q@@J!)_LUWGl<IY(`3mGnIvFBaYjA9s?tV05ZwK&J&oCz
z<cGA)>o2Hxvp)#lZgv|@SP@y45Zj!$mm~#<71)vapb~YDvAv>yli2#c)5SW-8C&{f
z!GwzbMX7vJ_aCO|A`3Hp^k)8THrTv9SkYnVrszj@&(gQJT9g7wWvGs|B4bcX&?YA<
zZ-HPXJ)~O16x%;xlVW$cMca9yQ0cVvhsgJwQ0i`Lqv~_DeX{)QHb6)0hkU$+Nz|v#
zK-%gOTWqtHA23gO^x;=W9S{c}efGz!D0Aw<`g{w(#J@%}MS&*vTzmG5QSyZOk=ib!
zF(pfzh-x8@Htkwq$0X!%cbLO$u{F~uHtDn4zQ)6nF`^+i#jWgy-?m@#K$7hJD!dDs
zjeZ+z3ttcVRYt0xXPlas>TxEVi&gL2eR2?WM#>!gEOEHM3JJQXnPAKPG+)HY&Z|CK
zl+q>RIU=Ti^F5NL<1G?vT=PYBwPd5$49!53pr2nEd-nqK8b&@HD&PiCXBh+F<b9PY
z7F*sycsQD!Hn`m>RPgnRbyirAnSm^@+04{cU+mVzY`<Vzu^mSB;S6}{R9|#OnjXiI
zq!qD=Tb<^w>Y79+oYG%5Lr4Z`aVc;(k|Qv#lAWtj)OD43=Z=gw9ZIm{r79z8xkO{m
zMOZjwDpg|15h(fIa6Q@na778`6%|9vZ;><9DkD+;TIK%eq{ao-ye%m~$OSysr<*O$
zrzK{;sPwFEj73mPXxbo+A-MZ}`tQQ%CoTohSQ7svWRetgVyYc8X@%5&XX)$W)E&i$
z7n8nD%5bDr;+?cSRNhV(_JhpMUZ}hBh&3UKp~UL|#P>`Sr{_gXO{!gN=g`XhR@2`+
z_6<;ymh=a%nQ}0ogoWCj00sgU5}o7s({6f{uc^ic?h(dD5?j`Xu#BxTL>s)QKA_t-
z!?wtHq^n#w+9f6666I{t&I7-}--74D+guIb@m~%7W%z!@zvv6Gu5zc!0W^b6l(+hs
zA_9lPUZb-&zuT1c!Tn0j8xuY5um$AJp-G)>#eXE#|0iOcax!xk62V!ZByxL0;pM%L
z?iG>VPvg__?3nTdq|4(8KSJa5biYGSt-95-Z*wu|B;8bWwT!vH8Okw_bp#jSrNx9#
zZ=?pIbi3g~;PHf(e&V+I%n|h_tlwF7Xo^~RQ@KnSB;~lO3Euf^)@=5Fl1#_TyOK<(
zebg_G-J5a^gw7SA(Gc1XxzC0;Zo<2v^;+-N;6unsmNCpEb_ek6Hxryz&JKz6RB&Et
zXvnzs2n~zHfRq3m7s6snU03aOMwM)$xZsPoqXN;LUeJea>?o{zy^?39wlT`@`ox=l
z{qGh->^AB~?uTziBpBr$<)T=b;Z)<C?(mQd(p3Oi+b~H5c@E|VIvE6bl)o+Y6YH$D
zxW{`3B&3eWRUOx)2estesiiu_5tlUDIUVn5K;df~nMj66aTaQ0IK=sQVLYgGF0pew
ztoXTefr$i{azUStXF;*XfEaGTe4>@V<l)%ms{Xm;g(SOq-~XfaxW3I3&JK!k33^E!
zWI?N`Rr<HC`O_2uip~=;LUe6YE4Z8%64wdCh9+h5CwRV@HJHJ>bv+rrO7{n(Rrl2|
zXSZPwJn-?ub%n~RefN&07AtTt-oN<+_Q22>aJQ7}B4_+|Oyb3W&+5AV88gAe-x}}=
zovv$7Zy+~(qnjG_&F5L)l8<S%_vyjJgl3SAgW<ugqe<jLYU=Mb&bb*jx61n(hwrdA
z0kslQpvC1&lc1)Cx5%ZRKUa32!ESBbj7b!*+HxgXg>SZ_@HEeG&UbcphK7c^y5zdX
zv241Ioc32&SHFIJTcb9Y@YY@MUM)AuP~{F}Z|`tHOAXeMqHrH9-|ivy`P{MNoxTZB
z)_>pnp}p}~#2jdBori(}emXv1MG!9KF7uWpA3<SJ(Qh^{*9uxqj|gTmP9R>n8twuq
zncLh^coHpH88%ozv3QRa<-46k;1n%us>Qzxq>C35Lq6mzvs-j1b;BG>^`QYOKY)e%
z--bleFB`YdL-ddH8{rHXMNH%0w~1oCW-O!|WjT+m-?<H{^9bAmO6L!x=)%V1uxnla
zIIF!pR~bHm^wotU$%$*ucH78-=GuNK7ClPXL+s*!`#iXPPw9NGBX_SYU<1A;f4L&a
zxVRL;z04wWm>xeA^)2Q6H?zcf+q~)Jg;LxjjB#SCtwSKWS{ket7ZLgW-ZjZ+b`S3>
zAo5vodBoOm4V?G1*lzukMUW9VtQTT|AVyP-OTBfo$RB&6JlgvWvs(pHFxfe-X)xca
znU<}y$c#3iYfcEBO8Az(5eO9oYU>lt_kh~PX$JHzwW+>c&NN;wqpqogNKHa9xyav`
zCS%_U-;(KF`S|TBf7CWD>N^J(Kwsa=u8(%{Szcad+IC=eb#Op{Y;juhG;|<IOA;!X
z(KM$5?o~eLHR5+!Gj-xzWAhV)C6T@PT1~yK+3jZOlwnYtnS31E$jrsEA*Wk)PxrBd
zT$bt!BX>l+g~i2V-s(+DP4&R{Cmd{jf!<6F1vDw$9;;b}bt_uAlvCA_vxWgJM@U5@
zA}lbN8=C8wyB1yWhHI<$u<c?d8+>Ex_Er*yeBG^TIo`u_D>EQ`(0s5CTH6|)B*_MG
z?d%<X?!}6yczQz{H<$xe4|03Q7l*4rJ8M?~L$GzP;s?A%1-^UEm8r$B;j+{Kny?a3
zo7>25T4Uk`>L!{9J<xvK#gHxA$yMe0<mZZy8A{E83W`_6c(1g2tY1zZS)n``hTX*m
z-lswhXbWb7Vs9~IL{_{GRzoS#Sed9t+0pkJZ8J#CAh;fAY+w>Q3$X9xYM`F3HF)H!
z%hW&RKOk9_!BY+%_LlPNb0Uu3nyZMs4L|AjhI$&2h^XNk7ryD#;!D7;9M$BV+OGE=
zbXs|%ho*7v3&IclzBJgy(}_7Bh5g_Nl#@dvPd*?)MtKO{k3EXg87XU5tHQmigjHde
zYm#S45avQVubmVzj;+a}{(F2EF+xf(83dG%`*Az()4QJBtUG#eGBT9buKZh_bd^Mw
z=#@1cf0Fm3bM2+@w`}qUTib!=$;hodJ)ZZ-rIno(Fw8N}@oeB?en8D(G61~4@B3>f
z@hIg|@Di8lqTTiqmF_#Ad0Bm{@kIObPNwAHV&eufV&J@zg8k?c*pUItT=x7p(qG@7
zXuPET?t5A=d>NvB$)0^$we#ZwZFRO=c@d@8a^!nRa1p0?XfO}>=Vg6*+finU&+haX
zt)%;c8Fk8K_vPaUmwlSN61$m=AHyzpfoBPgwfim$US_3_U4HdNs%K(Y`QH#YoT)e8
zjpmQ4P=)L%%8vu<p>14)qEBYug{x@|1<~i`Wi5!U4HrBmPMSmIc6?UM1O2{P!}mg0
zjZa>*XM=;nni1jtSWy-j3fU*p76Yqj%fOVeA&i7Zd($eGJH^g}@3D4G)rPcGZVxo1
zKSIU97tKvZa0z|lYOu6)lfUGVt_4Bl)Dj4-G1p_5!c;<eRUc*{^@5i^tzB-!HTbw(
z)<=ooQK})XZZ#bL#D4E}ndxt*C-IPY38tuDQFGOl(15V43=>4ltmfO#^VKz<w<8fH
z$s>>)s*k0x)*vZGM0;`6X)Q-?Trb@f1QDXOCB@Qh&wgB>jE$&!Byui(+g?txAL?^N
z675WI`y%`>uuR|d)q`RCeCP+Q<DTvTV|=AmzY7$by9A24NnN(WlDgRvnR2n0g|)0t
zVUVDS-Pa-lk8iuYYD;iM1gp*Iz^nxX4kn(kAGUeECd=!O(L(GgmkNAp$r8*AF?*RS
zy`2UZ(^spko>&a6Ulhb8%~uH>kV{mW?HJQ6<L=2r`3RH&@q?hH0_02~Y%L}OSs+#r
zWb$w@elM%@W=XM}?*2gS=T11xZ;uS;E<8!MOG1gyfZ0Zc)b>DDafA&M#leJv1%*bh
z!8qEk{gw7|V`lqoL;r$Z@^`wgR2=ARM9H^q*sU9Wa_z*^l6l6ZN8+68a$mqiv=>ht
zN5A+kt6%E59lfPJl7+{SE&aI2)DI%1O*t?0fv);)N}fM}d#uw3@D#Les&9Es^DluO
z`mS|cmJO%liIAa~6#X60{7fI}@fRl}IINej1i|GZ?D9;g16lhpsciYx7^I6R+&^99
z?9^1`mdF<yjsC?>ndBi&twK7Kb9AT1ef@}6jrU(U7A``~E@87yQ*MsrL#a`bYWeiX
zQWIL86WM|;WTRhZWfJPB_m?x{re~bZL%sS>PQ<@6V(OrRvGSQSL>`!wHz3>9c(Xf%
z6HOmSb0KEb<PQ;$vR8ymGcQV0Ltx$%Gg+qcjogD}8~y*1`Y%LHZK8kzHrrB=McA&`
zi1yIS4F;5dZ*zj9;iwSG`Pob&Lo}j2y7OM;H;F~IQM@?k@y$vFw5D)liRh`~)^^D?
z5{%O4n9MSVF>4~#WlBrRf0dT06(A~xau*TKc?f80fU#+yfhQqxtOM~R|5}M#?63<T
zJ}#7Xn5};QBUZAz_u~))dDTdMugtP}*b2PQvC!XQpdfLjfknQ4&|TGo3Du&#*N-KY
z`JIvS=n*K_>#=`26tWCz|07Gs7us6f>?nQjdE<vnJmhCYJH$8cCw>J60mC&FJ2Z+y
zRAxPyt>bI%O5_B>55uMt;5IXuSTVG|L4r7Jsb=N+by00$#hr;Vvi5>`6HB8cD*MeG
zTOkOx82g$8ilJ0U%C$tF=ErV<OONu*yz>Y8`<=8FWU45tuO+*q_rY~@X0b9jcx&7s
z$O>4HzREmk#V-z2946hSSt8}dLd7T9Zz<q_-$%s{?ya(*{F6RgI2=#cSQR2EV!waT
zu!z2&`*Dia?-PpK!ot!1K4o=dPl-p@J)mI()*8)KdoLm-_n|I2$_b&zi7Wj?n_8`A
zEXV;_R6-g%#bKF`@NcVz7j!aIL^bH*S8_IT6MD?t91n=8D4}-FSxLu-KMYbFvY$16
zaZtz@vX+GiF8~KyZRqH*qWnX5&1cPMc1`wvocemD`DOLVyEY!yKY#O<@+B;;le%u!
zGT!}=yjGkQc{X8^yK*#K5>^g%<WoJ~N#=f3?|p*p=t?g5qEET3{OK2WYa4NTICn3w
zIAEFx2#+}+91DIT#%n*z&Yy)It~Vo3Av@O_dz789Nm`w%ifVYkZr7-krtY7RLaZOG
z30Dst=YI}>!AAsDYL^HjDy29O8C&qp*i3@5;x^u~DOC51W~7$%+Arx<4v9^jnn@^`
zI-jK$tqaX+xJkXmY?8RXJ6{Nr@_@sfDrhU~$6Y(iU2SZMc($=2H$nPvLiA3!^p?M4
zt|N=Q<u*GoAv$Zg)$z`7qIObj#{DvXM||YGSv`f5{*CpM&&coqvivd&S$fUPR*p=m
z=f_0GfpP}AV{Awc{#`-Ob9w{wS7~n^*>`DtV1GaoVY4)g-(A(pZ7xpVS8AZP(jx|R
zR%Yz+m%m_N17W7;5QhZ2Rt@>KLZ|e-D3h<6K`ziuy;H_p5@g3xg-!qT$*U~C=P&R0
z50TF#wES&A-WnIIJwt?<2Fl(C+6F_g59Cd=*~4oh9LmxzF2ZLTLVI;n<mWgOR?pXw
z4rDelTQOU3A({E2JLMHQNaw0Gwx`1_2?MCRw`%*C{S0S@;*brO2fCLkho6u3C?Yxz
zzqpJuVvT>-UgmQ)Y-fN(A2CJ2A-yVWq|uUcpW(Tx@wDD$yLoQ@wC1QPWjcx0DpFjk
zc@8)gL72Avodo9WeLrB)Uo(w+v`IuAzI)axBvuA7PIn>-GcR}Ij&Cys%a3VU#|M=X
zZz8lbVryZJ7##n?{(tAV;#ESxLO~zLnGrRnv&MySvAXxo@6cSc9<A9tFPP6Gd+XJA
zF=AUjRW9h<BIjB*ho<gPg<zSEU7Cz_q*GzDFjat37Fm@Y+8(C3l*#^tJq)S0xFQdW
zh#K%(ouh4o+<s+u#i$+RzzF<^lbMoyuFpYMh)PzCwKz&eO?h-JUvoG%jch)>Eygb9
zEwQmJx%>}I<VIb4)y((%^a*E=CLZQZKGsr_U7sLi-)p1NKrZfhjR#G<S7mFnG|6ln
z`+NnwnqF#UPJIFvAJV1DPra7jl@fD$3;Hz8c%-SnQiDrAm~{VF;{`pS0fK24m9uqu
zX&k{#Vtq9?CK6~5v`X4d^Aoh5hG)_GvQ0(J@KhaZuCo(JGFOsdn@CEz=6;v*tauwf
zDsf_`wxZ|n$cOK$-(H}FlAsA%M<({lA5IV&5ZW;MUu&CY@sq_{<OfckUSNQu>~9ni
z9mVuXsQ#>;i=BPejLwirO@+;qT`ta#mbFDEGMF^PuMtz6yOI%?ic!4KL`Xf1D15D4
zWA72Ft;D++OD$pgk$VLL+41v341^Z(B)sRP;-d(3hB3HYu^g{;j+?4i8lEd+D9PmD
zRksw-r49J>zbm<)$L*`ZtU9)0Pb0^{8EoP=Kj6c`!Fjyi8sC?=ADlAxade(T*Vb}u
z;}`{%6mTwaPOB?L7nf&6yx6qRwX_m44@k)s+!N7-2}z=hYez?iFCrR1`z)6#^1pU$
z#~I#RZ!w`Wl<Gc0_~mY!?5Lejs=dnBkYknSr>BQS5l1~EjvWmKj!*^jKq~w4d-N%^
z-?oK88%I75<_-rFhiUF>eiGDPAyL70PH9pLtF+RWy49n7*MYxK1nn}#HZq;F62iII
z4K>WyX2M}wvfM0Pkbhihk&sfq{0{D{V3o=heH7IyXU3z{Rrqg>z`!-1@FVb6)@WaV
z{|{ga5zv<LeQChw)UI0${$;Tee_cb}0I#l@=(W)4p`o2;_?=aek)qKWD^~SL1X9@}
z<EV2@{h{k7wD5;9a;8yv3X!d7@62FDh@K_@?cYqkoOEQmU4)laS6#V~>$jd<0+0=h
zJGwB0fA{iyE%+}L;6SIR4D#8F<DAPgbaz=TDS%bQ{@78#?mq&{mlkZrD*HRw7WHcT
zE|PgE(?@RoRy!N5Yt?1@))HiFXsh=KhQnr=OrP@){&wiJ*m=?AG$hy!msbX8iPqA3
z2d%lz_{z%!g$7dSoqA#4xYr*oc<2N9e&Xl8tx>_vNP_k$@-1q2oxk(%y+LPNnOGMU
z8xd-><+#Q>7b5h<?W!+_%389{%fV7R?P;Xi!Dm&TIV~re3k?h8YWp8jW9s9VD}hMs
zHW5Vse%=iA!_BgZZJI&9vovXaKifp|;|Ju{AICqn{qgX}rQcVYrxShk#-EWA(2WQU
z?yO_?rA?kfZruA{kO!VP=#G*3PsbtV=R)UM{~@Yn`Xtu+WtkEwh?2z<dClCfYb2AS
z^$Nw=q?z(@6+Rg{ic)!~7w*Z~U#4j&)mNtp_?v3PC7s7+$-8|O_tF$|<hYoOCcG@0
z@GJ$UBIe*?%r&JuvN|{uZE$~Lv{W1p)VeQaYN-;7t&%!lMjxSd;^?I>xuo9xs`jOe
zBdxDAd@gPy9hp29hgs%>>ESE<8QNtC;{Q8+Aw<thp53j?F&7qEdI-oK$^bpT%IiTG
zSONdpB71uH>(-QeM6Ixp)|I*FRbMg?<QjzhW32wS{j@}L(d54WW%;OK=XLy#!KKfg
zK&YTu*SGNAVo%|qfAiJAk>H6~Z>_;IU~T7mkx0hptck!2)KN!EtbGsRQ3AA&Z=`!A
zU>w~2J6ZobdLaEXr#>M@7dGttKJr0s^ttNOE&_UK`1e-pyFVSJE5we8+e(flZ2I|M
zBwlsMfTwKNU5*~nto`-}y31BuH$DUaEu}x_BY=*W#1$MQY&ZB^Zq@=B;Z=ua$2;rc
zf6(-|Lk5W4Bid_8o_3kL{MEmS;}Bo>-BhJ*T;~N)=w3Cs0Fr+Ao^Bl_!*GFN3ei9I
z2Bs;{zzGWKEERR5@CaAev9u+66y861H9SvQ^CZ}g{tq_#fL#>_PC=XR%8($At}O6&
z);U412nEHTRgJ(k%(`Eb%kp<$J@^;r{(LBu+pnL`g9<zT`+7j@9ZED|zqyl!&_!S^
z!NZP@j!B%`-ka?hO+b(_kcHMy(nj}^pxudL73926RKL&t`lTGCg^)k{Vj3Tj8dLIf
zcg82s8Zu0Kk@g+MP%m;0Y}Y`_gb2Q~O$d##Oh=8k#bib!#i`kTlFox>Xa1eP^o5xg
z(TEf=HljCQfoZ&<>5}fyl2iE^_xLZ)7oxnj8yE+;f3o2pUWfZizB@<9h2oXbWfh?u
zk@97a+EHe#>;C<7!Z1tHXnVB^vhJiq1KZ3FVv*ck*8TNhhg+bG2kgtla@96^LZl_3
zCM+M<gNts)Tzbn)v!*RRhXIQxBY&OdQlhOe`m0N|3Jlj8_q7aKG|=KR9nkr>uLnC_
z;mYTf0G36-Rz9@6<VKX1Lyic{iaw*FS7c#xAww$E{bZdg!k)^R)8KLve^EF?PQ(`2
zMFV`8^nKk}v)%{`P|ee<bZ)3P#Od(7H%>y20popXG_pY8nS073&veqXH{bm0grU(H
z@(yaiKn=_;m&2uQy&xvz@9I3$PAPc*)fE5(MQ(Wn*KiGS3PWM;3-;t#2xej?TFIdB
zQ|TG*YffjI$HA3zDkjOu*gLaDy{|RNAA+6r5^wSIA9k|DpKpt<DPnUDTo<|c;ZGl4
z8H&Rtc-liA$Y}~l(KxLYO)3H|VlxE7R=nE<RwkOcW8=tj1cQ4^oNKUqBU3`1Gw<&W
zt<cbpvIp;pfVt2Ie(-*r@97vv#JOwo&Mg+jGa&ngYiQO)uoJeUXTQ6{=2RD)2U_24
z<k3xiuJgevK$vrsJW`_@U4yVKi@wuYG_KJ4!dST$r>)0;{e#0{itX}L(XvqVx^jts
zZ}{@syBaSzB@Sbhu6!9V!%3X`{_<;Zgot)~vej3g{?0tM&(01<kqQF5F~w}%Q=)H@
zFoCI&W$;?2nM6+PS_PH<GbV{JwF-@`x?T@7`h<M0g3MiYf>^FoyMXCzfnOCfJ?|#e
z+~$q4P+`q)l1!ZtU^=E!=IpJuvjQt{rG_yZumT%JSH=>$`V7YXGqX1PDpHb5=2QfS
zCn>u^^X;O4Z$ZkokkOxUCwWLR>kLWghstmDOo<x2A78k!@fa|p@mS;*L$(4(#N*Kd
z;*>~mma*y2wjz*8ujd_Ad8cAo+ZYc#K`rxi7ffnrH9eCUJth&hXas{z{;Bc%CX>gL
zKc|AB6ThC|kK_<*(Ofs@y@BINGRM-!x#!q-p6PRtqnou^0{jof@ja!Ne%*vx*Ex14
z@G_R_D2t-96dqTaCKpqiq+rxy0i(qa6zJ*2Jsh(yVKJJpT$>0p^L%nUjWA%q`%mit
zV4=9V#bTTRIAWe={oJakY$BK=vm-oha)$N$_fK6_$9JVnerq!DN(xW55=c`gSMGiy
zfihs!0swy1<p!L3GBHsAU8BW0BF<xL?r(ez_rQQ+?aB|j18Tg|s4C<s0O74@NG1vB
zCd1gL+h5Oc^;JW`Tnyx14MQnUNPj0jATPjhA^C#=0bk`4yX0*e=}@OqaXJ6olmbW<
z{Ne5W&Gr_-Kz8AYx$>K^=D+ikClXM+(>949i}0O?m)|arE>$w^LVp4)eN<itJt-dx
zxB%SwM@RyeeSj3#XW{`AFMVO)eBW0~3PZ_pdp2oDJck?z4GjMoCdMBF0MP;DjO#m}
zWDaR&Sb;|kEhPi1VMpn`&&D792_}E90`KD%dN=q1tAMGJe<mkI3WVq<5r2_4<vRHS
zJ{1Qj05(`Z;5oRsxJb+cKng4gvE^Wc_+R2koC0SGi?ILR{v6m=wEfY*3FgEnAei5N
zaSO!XD}Azy7S!X4EN&`{1~#3oZvI)Qwfgw!)2DCWzNM!#`g0Z~(EzbpMHc1@#4PTs
z_4gIv=~sKVRv$}Cc~>obf1REH&?zDgglI7uNq3kO;~enRB?Dl)_u2NJIBzh|N2`42
znt$JOZLjOt{$EcjZE0zF|Nhphg~SD({8I?@e0cgBF>qew&Bayd2ex*xc1#;Nvx(3}
zr0HjAB|y@*4g~c7B8US8OvR5B`I}fIzu^PS0~4p~pXYP)KRjZZxUK}#I}hCFyL?^=
zG2*yVDhvG;B@y04=&=G_RrC@dLndc+U@TQJIdO(uEkS1gR%Ku`PQqtE&06#i4DgdB
z3?T6kR7><w@dhP`?@35U;dkF+5b%^#<^w4hu(L%&>$|P=jI`lu_jKbCdx%BO%6C=J
z{%b&k6!}E)l4JxlVk{GJS8~0g;3s!EaI=T$A-LQH*bQRhaT%H5KxJbfs03~zs79|s
z-r<i1Z3f1hSKF|IqQE386Io8l6^Ydi|MXIfGW<@PV&&sF4QIY&2Uost5;{ZO)h%OO
zUt-)|+{ji3FLYxuxa_aN<Z51qqWmAszvJD-b%;dDvryF&Lbvr&vEl}Q1Ec`5dJ+M>
z$Q+$#j(Bmb2-riD3$P-aPbK|BP1gNGMcGAJa#?d37a0z&Xz>@Yl}sswzBalg_S@*0
zfa8u%25N`^0dLLpO9VZL{+t4<&1>lnE>adcDJZfdi<#IeRkS=^Wd?E|GY0pDJ`)-G
zEPG(O>>jEDYrM`r012EJ`huOw6JHFEK+rW~463qTA1+9X%eTy8$x7^41B_Gn?fB>@
zBA>fVWvKM;g350mi*@oeJ|xtHXS<}V{KUC#4bm{h-_p&x0qAGvs4IQv{G`(D!g3(y
z>aQW}wQhy1DWk}uBGcFuI>#UydS;8yLFLW)h???qi#n^D%v|K?A*`oLwzX?3BU>c(
z8gJ3^CWPp85Q!W~dm&Q}9^h8MHoRN)AIEgjhsjr|%}p4=&82*_5A||lMdRTHaSj>>
znzsUc3P8>-mJYACI$uK{c58O>D9ZOs!MO1N3FtKX=<+W71d_ZJ*-zbkmm0WGyxor%
zb%(zcgF-QVGVcNF!z3FGNOBbHbe8xFtBR#;ruy*6>ymV>EwjgE!Vw&qxB)R5{CTV>
z$Cf>d(+y?T*(dVGvnBXF63tQuV~bA^9?pblLol&c@X6jDOm!#`I8<9F4=9-R5lV75
zGa~NpwK((wE$DM{Pzr%^xSe#-83F^sY{FDHYAo_tI8J;d6@2)jx(8Qq-l{o-tCNHm
z>S)cHXl9-SE-yM0uqXCI1g@c<!<2wE{N8y0)0p@e^njKqjT&%Xd#}F%ICsDfVA>zl
zyYl+k+=19XYWRpaY58#;9!`AYGk{;#0Digux;{5G7)cM_cWt;>IFvl_jPTvk&EUTc
zJcF*IH05@k^LlKvhd8ifEi7yw3jl)HmUta+11+29*}@QzdjlyF;2b0^Ar`c<mQSwk
zx=4BtfXbaxTI@Pt$UHOzy}+{rG#Cc;$$AKgxYkM@#+d&VF#Y!$vV!{Z0)WlzF4Yz`
z?p|nLCGn?=O3~N!cElr2-s>N|zn*37#x+8}f87H>2@Cj}1xvFVKTw7Gjavgg>-?8O
z68`}UVmZJr_e#>HM2^p;>CEv#l5LFD=PR7&h#Caunx>|vII@PPr)a=fAGet{o?&08
z0B1B(T`QPSk>6ec&_$Gyl8>-`^qbcLIH=(M-P3LPV#-zC2z0%|?qTW%4NLq09N)f1
z38QG=oc;b&+pynBSE#wklYzY0@}y<RP6JTm!E@r1gUzYf(Q6y-HH=1_Tqh-f#Lk~)
zAocJzgW=|OUUf<-Iz3_PRT%{Vt?%k$Ixk8U^{+9DG@eaHMg~}SRT*14JF7F&zfzf)
z&u`g()!hKtEB!CNzB(?du4~)E02M((K~PYnK_vwNB}71wff-=v28WUuI#fiu6b1na
z2g#vRI;BHm=#cJ`?r+baxA*hD@ALVO{(j)hIeYK3*0rv6t?MlKCUFGAPv^oof*&T;
zkB$Ovns{*(t6D11-;*o`J$LY#0I(*Yk-lc(BBLy$9l1}81)~EWaruJdI1HBpz;;cm
z*fvdkD)TnF2=Oo%m)+1(^>yVsJYPkYg-R6Z_1<VPgEQ89W{)8yPe@4xSfIQ#jlY)o
z%qndAV*E4hy6Q#g8AI=AqA8bezMqm*PZs*8DqUJ;#HO`j4|4lz;!GKegrvJL=)Sa4
zW_cuCM3leU!QMjn%tkjv4-9GJ!CT;`wY4>%+H5)3N!AN87a1vb1{fc`9`2)r(CE)H
zU0}J<{r+Kgsyz)wBO#Z!ltDuU<YDfVP0`gH1hQAn(pO<XP-rm46!RR0eQ*^L_X=H&
zYTR62U-^i+Ds87^9<6}xW8t`Ayphq}ubt?XkdE*E&XL4jx3aO}j-;ZrzpIar$gYXI
zAOYYe62Nz7Fk(d`^(E6D>V5pokmREeiSmdi&%-8nRI@cwNwB-K(xn(H_7O6?uP`6u
z^(-CunJM1|o8jS86Gw`EkFy(<ezVZnyvAukL{-R+=48#pG5(G<#x>L4L%@Py?b>99
zn=hyHMjt-&M)wLrXvW}7@}mbiKG3-?0Y!r}mMGRzL<1s*ygNRdZB<77D<Tv+AL<C(
zq$uFxdvPB$ci9Ui3lRi^lg%D=iCJ!6o(g=oxW8};@%(owF-KzU=;#P;QH_J+XHWST
z!8kJP{yHDXHg|iqAd8PN{LQ3Y&tTFQ=dr&!0yFgEl&O0YtFOb0o=IR?`alB#^yHXh
z$K;xs3K03Ps;#(KAVW4hZEm-e3s-@x47J{QPJF|w5GVugzNpA>6SMnQlsG6@Mjc1K
zVQ<9CartP%?LtclnE10W7Kum%t5I^}f~0+u2EDh#Zcd7*Var$weN7tm&wfnG>4z^9
znpBcZOI(65t?3~g#4ugfY<1InchV9IZsWV3iQqv@sKvE9@dw!(;E5;kXUW;Gzc7+;
z^wvt?H}z&+olOd6i4J87>5|c)QMqPhzzSsiuSmw<)(Sk#)HWx_nj>sAVKgnR25JXk
z^?u!q`)W`8LEVY32!(Wkwx0Wb4Un`L%1OzButjT8wzn&|3<M;4qd8iK;y8zg$8I2T
zytf4L;*u5k<LH=Dv9nWXgIsI51Hv@!!SB?1L_3+00e%+`;_yIje0_f8;SD?<0oZKf
z7>|GvG~7HCb&XbY5ULD0-(6XGvi$JU(Dg~;P=KTUh3;}xlw&@B=Dw*2m<sS6$APGH
zXK9`RH}Lxxqgront+%}TllE=4#u#zKF0mlS9HTUV+)|qX{IChB_xhW)&m0?6@YXjp
zGyq}94PgNRQD}9|=nLFP7cU5&IQt4-FX%e3omgGXBFkeshI!zr0o0Gx-;@gO56pq-
z<bZ4_qZ$(x6}sJtyX9xlI1KnC$KUrmaQq<HrGQxDj&m@Zq4|w>uj20xRF~Ud9^jtF
z<599|UR*AE%ABHQzqrP51{YF)gL3~@&d#Y>p+H(>>Y4-O8*AT=HivNROud(Uxisz|
zI)d1Y(?WVAy=VP)U+fJSrtn6T;-PfcPc1wu{Id%a+uQtykpiAL+>S%AJrJ<#Tw1&K
z$GiUf-rRxv**Jg|8DNf1grEPX6pxLh&u-M#2upC*$}A^sxy@GYF;WHKWu(MGF_a1v
z$BxE<>=q2!EViVngZY|N)(ij%3qE?p7ObHg1-vIl5x~kL?V+us<L=K&_YWZ;_kG<S
zR2FW~LV$H!Zw>H8EPBH9oDFj_`u9k&bc#c*SeuPd{|2L2L4|g-_!TVCV`v~SKI3Y+
zS^W_)(^~3j_Y@SO$1&}?0@Q80c%&UdKeVDZN7{EkJBb2NO7NP^XPjt9BOLN?X9H>f
z#{~EOE}xANI9@!BoIW4{m`434S{PdDP}No7LFlQET@d-n^W|Y^QdCaOSJDmDSxqO!
z*p4|CtI^4DBQho_F36mC`)(n?$@55+&G?Db>vCl2e6LmquNC~LcMBjCxnNhpY_4KH
z*W7Zm(b`+fHU(kEfo5YY>MQK%4%qTV{Cz07cY(15jNS}v04)e*<MW_Is^GX+lC;^b
zp(^vMWqnBTX1Xo9n&J)0O)jG*?cxnsQBHOMHhmylk*OyS%o1@^8)ZMw^Jle+Z&&S8
z$(yRxk9o*8&U8(jIWFmZA+;F=OzT}WeSy*}i7m#8$Rj7aZwgGQX>WYE4gy_!eQRgz
z1vC}K3P8K0R3vR~i-o^~H!4X}N!3K}(MPAnF-1sI6&sDexS?qZtfV6sK4X|7E)l7!
zjARyKO3qoA&!>;LL)^~WW1@4zpX7nD^odE$zH1+gIYs(l`aH#KTzuae8!rvqn1{B%
z7zc{+sfh{k+ib>iNL-zH_!W5nX<r3sRAk#jBopY+qAWDTMK+>4qqYy*O5!rJ%XXSZ
z<Zt<5stYyb7fC%YL-~a;(pMYrne;zv9^-wbE1_67RYX=F=p_>_W14VKQk5=aKpq|5
z(+{hqG*IxV@|D<VF1aEb@p2B>-Psj3`V<Xnd-Bx@z}7qY#WzBJW5KmKYR<5F6<mW+
za%cM(;cZFfK?|_<l3x$Lo}e*KQ4jVo*Z#uPKA#PgZ1C)e?iwHUu#H4tCLxjJ%cfV~
zrKXAJ1=C)hZfx;~aBm5<de_UUvZdsRh35f1x;xGA-v!v;-v`J#Zlora=onV-Y*^qk
zG@xym663c-AFGbTe=!Sn={+5oGTim}_E|{C9Glhg@yi?7AQsHOLXi@|gROoGSU*y!
zTpz@B$<rZ`FdHrwJx^@3@rOA=V*HNh2jz>2^Y~qob^rMB>LojZ%a<>2%dpS1f~e0^
z=2-;FLSKA{iW-&J$bOLs(+dhsL0V~7s$bC1v;0JE7_SG@pBiVT_J}eD>b;aE;h~E?
z*Yw-fJ{b1$Q|ZZ4H%qI7T$;7+|GEJ=dDnx_4jgoIDSPW+{)Wwkl_`}(A6F{RB-;B_
z2UK-CdHU)&+~@bJr<_0p3L@hVK{21X<+80&1uI8=^+*W4KV!p3e992r1!XiaBm{m$
zt~Xh6=oJ)taY?v<T^WRS95Z&h8JOyUhU>kcI3^Nu)~*A1ndYYAk3+hE_XaUST3_5R
z8#hx7(vZ*{0jHCJ$^LS{?S>c>#o${M^_)ds;;MX5>)`VTo*@Cujs`%b9-#d?{vXj8
zUuHam{6Y7CqQ~+5csTG+hUx3;14(9;!3X7sua?SIutqyF?Eeb(XM@pYwu}9XGTSkK
z0@(&=kNhhcx<7*!9M0I`v)nJvyr(-7mf-)V9giA=tPDsRz;l#R9VSv0aY+LXfflUF
z!YNP|0I#LqTR3|pN5`{hD%99<O?BL81FP^SkG9a$fpTVX>O}~syq*(A<4idJQa51g
z4@hX$i)|NiX@G$T<RXWX-P$G`<8+(@0)MRv;)?s<>Fex6Vc~$AEFj*4ystg>47xTy
z0=}*E&jo*w*Z{IxFhEOl8HYy!@nYgkj9e~vp*&_I{#>|1m#3#EXfohLnWv7w7k5&=
z|3hRk{@x}y$R_L%7k~m?T{S-dJ5j)jN$`jq{F|*J0a)iNdV>W*!;RztMU^FJtc>q{
zd2qiGM@;+!T;72hIbhJV!Cy%ndJ=b+_#OYVP?yH0u_U&)aHkJ<qVP51KefZ3%Lb{Y
zfYWU?QtRk_yggur0QOJ`N^+fDdg%>T;qi;#iB<6##KfKe+@W(K6-Df5`|kI>`>P%q
z!cEn9V2)c$JYP9VxZg5I`V!17S2g{}yIxl(VLj|*Zxo^>@)WmE>z9w=N<IkL?@(Vr
zi2+D9&nW)J@~$EP4scB)5KHI($>v4Kc`(cA{+tO1Wm&=M{#f~84B<z8h4{=VFO{o^
zf@}N%CXjwlJg8R!02K1UEqwtPkyg5&V;CnD=keMnvOP3Jdiw=Wmv5@$;liK0a#xW9
z!0nkT*z$YC>|#_b;PgRNPFms&PyPK?g`9w8VlTlTc(yNQ(9r>&=)+o50{rElBc?SD
z;$P?il*kT1TRHoyIE=9t_0N*vl6Rry_*noOl{;8cj2`NVp(C`8{tc>vfYa6vS1His
zx&OEoj23?Q@S%W!z-LQm=T-47@C1C<WdobXfiozJwM$@5$ulSdc4FQYO8CzPXRYQ#
zIRoqVhQ-X=+J>E-9VS3E9QU)p(m3jBiEp$-^1+Y^`l;gOXn_LRz0D6r_fs!R>mRjC
zvEo`f)#Tem*f${x4c`Fp69vAI6XHbkpkt;R1VYwYC+=B@)GilCdN-FbC(n$vAvt0t
zA!$M?*vwEj9;G2jwY0vl*Br1@Q;wA)cZ-X^ho(|(Z*&64`wN=<5vm8YgR!G4pRSD@
zW9}#+a%@#mkvQrrCj>mkW_e$BMhY<P5NO~<5D9&NJ1jU6-V7oM-3uKi4aMM^=sCsa
z*`%BR(8VpmrZQBfk%fV`p}RN1Q7N_5CNx?C8EW3dW*!(AXt2P>6Zf@MzLJ30Kh(s6
zKE>BiP($UTk)F=@U~<q>p+a7x!XR&<L!nR7khgGnVW65gJAg94qJ%!B&Zk_ST_f$n
zZQW?2E7)7PRKrC`nUn0nSr3MfAD*QZ<DbfnU^#dz4}B0iE=jMyCtmfa%5v*I%Usp3
ztoDwzT|f~<$Dd<BkxnQsLB7U2Cpw$OmlI?wahb@-fD1;VL$_zF#@l43h*mFD6qe{7
zrf8F+1oK^TZF#0Nd5L%vD=%EO*;=)Q0`lkzphz^IZ&1xo;qzU&4Jv8M6L$rUMmNv`
zr=F^I6}3}k7bYvEn_4le39wmJ5;Qt!qC%|~TEv+~Sy;DZMjfp9B0=xxo!urI^{5Sr
zgjKoiyP2NfRN?)Ihg3_VSAPQj8XvHHR1_o|*0h`gJh9+QN^{E5s(TYZf=KS^m|mK#
z@yku>@L-D?qbE-hg|CI=oX=7n%`g0RAu1-4-HHhNUK%PX=zrBZ9u6hy>&>~Se&-d5
zau{_!vMU-m`{0Sh+fT<e-8HSBW&kq9Xg{7pU4l&tlqlJkJ?lUU`n|h*keq75caJE(
zXivX<W&+u>NoS8z`(n292ofcv&oap-dO;apI4ljFcC_9q_CoZD_xWK=c<p_~%l}})
z)#pK<m3mJN%z`7sqANu;sf8HAb&`egoH%k53RQ!!wnNM!!GtLt4})OneCDZPs3%1W
zfpv28DF}N=BnEYknpKD_+ap)4SOsdNTsT=s!N4-N@(5z4EW5fe_jw7GYwPd~t@VdN
z043F4#s{+QRAadd;u|&Xx~e2H9ZV7%|J1{Q2c+2W50>6rq6wrv49M0DH;i`Dh%TSl
ztQ=JPO%g>TyMY2TT>%5nteZ@q5`-P?Rh7?;NYgaylz{rq`4yh@nxg<r?8L&tb05_V
zs`ZmcikDXQd!kwCz)sEJs_lD9AWo5_Yn5|Ir1gxS8A*Qc%~fW!41Qb;nDpZsF-AG8
zej$zuTaCa~Q6OXq;F<t{!3R+txBP!19q5&SM#8?4Dz0hHUACa}9~ci8>~Ya2*auX_
zsH5jHqo8rWm#2R_MMwCzOrQ)DzsKdxpI-)lH{$c5jNJ>Fe`-G*SQ1y=1r2ghRi;}2
z-TmrG0k;we@j<xmQsZFt?^M7~+sqVv9hWNsi803n<kUE{i>D|5K`$WsH8gmi?dw}u
z&RbV~zyZGUt34n`w_Q7c2hHECf&&NZ>s=#pn<n_62WX#<h~KpHb4e&LzJBa)VV)w{
zK#QaR*LSDsr8p1UcTkttZq1L7VmV7TcSu1NejVLQ32|AQl7&Sjmr*$|6en|Gzf$v=
zhdgszABNA8K<G=+wkTY00VKuF5s*6pAarEMH>Z3+D!M_8FT0I!u{E`(0=?VsM;aa&
zk!y!my|e_;&aj4)U|;b>oTbVJ$Z$up9AEhYrjT~h!VzyM11k1XIsu=#OIhu$^eH+b
zK|bBjnS%T1$7YsG*DB{NT&q3Bk?(*kHlO`u4X*J9*i#_khaMBfx36HqB{h<Uc37iV
z;(q=Jmm_m1kGkLqCznK@&q`5Z9x}VSy4qoSBTb=#S?4a<QpcmdkS=KP_cW^H8tDqo
z%_;hXI~vhCaj&FG#U%!VXFR+DLhQ#$ZJxvf4iOv}oB_j2)0ckH(b0$$;4EQ$#fj<}
zR7Qp`FlTSMknOeo<e~5QRqTEY@C&K9s{-oroj!NXfHCvS@L%3Pg8I2U)uBZM2=aXY
zPvq>2VV*zUU1xZ2EhWy{`*{Y%KQt=;q3`*d^S-Ybvcs#)r{7LB-0DdCXmDe;5T*Tw
z&qIt018cXxE=d%b1XW2HK2K!eO$v`Tp7_%x0ee9^1L6>&a?HVDq}x_`23ekhG;Kwa
z!$0j3aZcbA+8rAQNZp6eX5mA5RBA@=%}w(fKJXZ;z9&u3hB_s+gm;*RMf9bTV$)ha
z`lB!V0&nY}Msf`S*6efFd(Bu2TOMG<H%bg`zU1l99P?Px+)ss0(g(d1PMx~X^ZX57
zbpxK#^|~@&MAOd-0i{~maOK(Ols5dvvZjum96~IOn{czn3f|hhb2@k1P}xKge5|Wv
z9Oxbggsr8KkuYJO7#D-Q7P<ut@-!m*lClI@V4_Vqcy2Sq*pHTmW_IJ}&x(_lwzf*y
zF|H~tdI)1HT%XoO1;>WrCOc$syp5x7h6Iv<CeJ88U{P0n_W8It9JTG2P#|9gWE#!-
z3z;3&slG`l*^rjhyD4!`+vi3_ogSryOPE_P8P*!b2{<W}UQ#=58Fk(f!Qb5(Z-nas
zc#c8dR)wmustTw+eIEeh{~AXYYi0H$g^P<cd{q48fKeM<Kq;*e!G)1mrm0dHtta#@
zj&-oYvP7#fWWj&RzTxL$8D5W_6Zcj}hZwJwI9jt0!M{8^rf;*ib$9}kzl8qQ!FhlR
zh~^lY1Ad%K$&b`NKzho6#~Ai99hyd-BTAX;c-2S1<xNrmy<Ed$n<2tBY$}-{2Tj2D
zm_Y4&n##`>ovXA~x|kO{xBA(#<27l>A$oRD;O%0BryTTGs}Zz{VytodGVGN-I1bLy
zNDI`cp(H*Cf5QNmhpw|CJH!~W02+}-?tw>t>0MkO_j+OyAo^!Q=@@(dkxS8UWBvsg
zPd`@vq;B#Huo*a}?BC_tiJ}J+6L^#?lnnH0V8i~9fB2s`;v?OG8ag5aW+(0riY#1X
zy&~!>f~C$T;K3;hP`iRw`PtX$_X@iwJbHxNs^<dk^`3ZdR5wl2RK-1O4@^05b>xX3
zxXS~X>jpm12v$j7zV}E_cv*!aL8@*(;LoRAd|3E&CrlO8RSx?T5bp|6m4=i5@mY~i
zjc~6fVE6zix!TqH#22q%-Cx~{6Q8mMF;gQD^w>$y_1=H~Ssk>GEuGO3N1b!6URw;n
zK_Q?`5asc*W3}jZ%4w-V0FWQ1zILQ~X2S160KEYzJrNay({vz}4Xd~3I^&-(=WNu)
z>lf|=V^$RZ;}@A<;5S{9Qg7ey1<6oY?Mb=hysS%{@k3Z?$@qmhqdH25r6-+V$B~lI
zbD>F>4Mr2~SVzRBLnWY*fLFSVE@BmE(vY(O%0OD&DE5t5#@-*P4Kj8P7!2$E-jY}Y
zAO>+^Z#^N{8o>E$(EWH#F546!$g%WB>`f(moalaTNhrvr8tw2UD>PWtaj;f+8lG4N
z*DeRNwIf(B-OR<Rx9^kQduO@}Ciz9$xw@wBe1f~VtVr&I>QB1lG$=KiDBfUa_}R9e
zLHD9{Rk6#!!YPEDP-zoHZbGK-vpHzW-dIsrFif)Zk{m0|MjNvU|6mwH-D6_@p>tAx
zG)WYqMo2x~J(bKN!&qcOPw0abPAFsVS~x~zKz5?)#baD@8F3PpE8R7}G2aul^dvT^
zE<DH3T$+Tz2SD*lE)0lA%yW~l3_?tOvokQnj(^0YEY@h^=qJNd0T+cAqONtC*W!q2
zp8VAcf6d;)h_5z%PE1X1gT(q*#|0BTEr0f_MV=c^2-|B32~L{oDHkMlXXiA&p2(-n
z<&pQp;W}k25-O+56Iqbd2%?JZk~o}Y&;=6uQRPl3wXnfY>C;;Q66E=~^)`>5)~@9;
zX6CkrWr{12Vsj$O3v4Q;z!Eu;U`ua&AG+Zz#vBai$_-bpI6dH9q&1U1YV$?y>EK=c
zxYTEqmyJTM8IYf+24mq<v7xeqUko{XOId)z4Z^!;`Ozv^-NX8JN+zp<9r{@i`xZ%F
zIsTy!r<2H|Y^gZS&3pd|?I5}4E1{bcvM0&6&ezAWH?pu<eXDA6taX1rkW5-GPR=}}
zwdk8XHkReWZ7vn<N+i#zo>IeUiEJ@Ezw^20(KSBhVHU@UzY>fjNw2wp8tt{W6g6hw
zq$xF9N?P~w)5z6yGUPr~a$%N7UA+0uWsy3H$zM>-*hw$iL-(70=|Lz52fI<gdI{dE
zPbgQkVDeQk?P2G55^8kxY;K_Dedl!KOTTD)bi0lCiR;5Br))+-A8n6c4s9~D*}4!P
z``YIWb|_71dtHM$aK)?9XwcWgM;vNEj#Q~v2zkcBMD1X$8yli-yKKCfBnVtMD#i0`
zx#rSVUIz)_UYnud^Yrz(@HkN&V)bMt0%-TZZ7ow`g2m6jA|rS+t;5J$eKHxcAiaj^
z8ZhG|=DGH%gBVS6C6p-{3`skN2<;f^@2wyxOonkTNJ@~|>gkRoB)xcB@I_RIa?5$8
zThWlP%_JIqPxt*G=;m_fozcQ9J-f)uY5YdH{#no5R|Y1|A^07q_>L5YNVqE;o!7lX
zBgN^ry7X1Kd<s3sGXk^If?`QCd~~Mz$>pIZGo}lZ*?`N=@lvhbAd|buZJB$^USJ-U
zBgNdR;4@{xcAnCMbG2mCaqK!v?pI^_fyZy2wek1BHR&h%;<?=>pLm=5^_&Zzh3PO(
z**JOG=sD%}&HkFb)O%(Y|8P!|Ogf>esVYQIj@;&ELq^um^}CM@AcJ!ruo#Poo+SSD
zz1~ba2BskjDR{I;NmUB*Xk?kol;3Th+&VAQM)gILUxGhAPq8>qRTG#ewyE5B4t073
zJ>8_tt##<@`%sWM)FppCo1d%X-pcE>Z>z@Ea7)O8oo1QBsx%ls!h(EQ`=QKy-r3yK
zIUOU_XU!2Xj~rEM=Dlwo*BBhz!Yum;THHyvCR|NI&=E0*OL7<UK^XgmxNGS9<9kZ{
zMxT>BfsLMRtm*{`j-@=PN%q#@&RL6JW9o&CuAdn`$A9lDeA6<RQlWuiyX4Dqu{p?h
zpYWT*{q|FBsR-iRx+7X+T#uqow@p3@=CO_nZRn`tACh2+kxliCWZ&8|M#0FXw>m;z
zn(rh$uG4w=mJv%uM>vnIR)C9EKhDsJ9V_)kJoIKE%X}g8`q3})jn`pqE1b|fDfQ{%
z27NU`*#nP<(@obdqXUjTaL--Eej#?5%&nMBaiZ%yzY=Q+rGDVy5<ZS@RB3-C4;4Sn
zKx&Yj+0&wO)9AgyB$9ue1zNo6Ts5p7SFLHrx}bg*kr=5uiuwkFaekiU`pNd?)izXR
z;M+6hn;O1oNB<>GV_LsYbX#h;<|3|P3R-ahs4|=(@~%Wt=04YKc~@06suH_CH(i0<
z&49HwMZhqWLhRpjuuD!Ob(f*V7fXU{)u9@Crm`hN1>sfc8cE6NAb#1tp`+X(f3>EI
zCXmh|4Omn^KMpU<7FG#%tbJ&Ja(EJ5ADyOYt-p{uMQQ^%%=QX9PYzwo^0p!oabN9H
zO3zm_f1U3uy(K+1)~L`c^X7B?^OI@hOTmk!v9kUF)mB>Kd7PHs%@M(pVQ4CHx%L?a
z{-=40`d1+S*GCLkpwfB#sjofzPFYb;+;e8R;!1`JKUV^Cj~smkrOO$NGVSxpjyRjb
zJvVf_D;OjPV8pA9R-O5PseY4Q)ScQpc;<cxc>n}mQ{REUOV*7cW&euY;UpAkNuBu)
z4|tW3XWKK=&(%(vk&}RIE{seoeT7OChknUC=i<>Z1n7%6qKI?14ePelira8hMxz}e
z?~{wX8LHPav>kY^wp#ITc8UUDqe$0ZDdcV6R4HK@@A9|iC=IN+bakM;)E<P_dlQ(W
z<4l7h&)vHySXN)`a3B8J_>olU+Wo$}p0c4I7_CCF>!zkt^r8MaH*8UfIhz)$I&5-&
zofx4{BmE}n7eohI!+Tz~TdFMiCQ;B@Bv7d;U8PkP9S!<c6-R$3>8V`nr3sNG148>x
z?6-({^BA3{sKZS|XfIg{dVI!Qhj^H#(88(*_$Hmte*Q4<qd$2_lAROJ99;&S+%x!D
zA_6kl7%+0UGxg;shB~gM3B8e{X^@;mA?(kx*N*Y@iegF~gtsT6dI+)R%8naP?<qZ(
z(2HS2Gtj@cy13+5Jf5HgR!wH7rOQ}<JH&q;hEDisQ2yxCm0qxRdIt3e-Jm5<n<%mq
zn!N<_#p!83<$GxlNhk>G5O;OGH+R{{ey~gv$Yx~OM1Gqu;7HlI4%w1`#j8i58cnA{
z6*DMh<|eORs6-R08P!X;5)3|Sdon6M&YbFPQ95e;yf%DCaZ@fhtLLOFpM;QDsiVCv
zOHWRRQ%bYMP80nweXY7Js=D=;&F0f4(khHkXX(M3)#y+xX_`^U46ST9IDmlw1Ajn1
zg#s)7XOK%xW7Mxvu0y=JjeBy{yTWh)^MJy&12k=)-~p=s&(J|f6&ZDJi;K$}dASG(
z`EaAt$4i+=Tjz6=Q!mGiyU#OHC2RS1JjXQh47Z(c>Ss$~cjx-`dBmNowNV08z0cE2
z;U1k_>E;NK@s1hbB-dJcv}4#yj+wLqicjaCr}H?B=C!S57TrEg%qv2C^CxRd%R$kn
zsi)U%gJ`rShDzpc)4l092);tsa)VTvKTF(ju*9L0UR_ifvTUn+H^nr`d?&;x(MWv|
z9^C_p%em1SW9_i=^9}2VH$68bLTO*5kds5=^3@R0rJxsi3df!R*D9~M)sGes-QhHX
zyH!CS=R@~6%W%y61Ntjin(OuqZF}SX3X30b{0ij7YYpu>J9)jKpHdYjvOg4VwJZ?l
zTwF;G7eeFk>2FT`WWx8Lk0zk+iv&d*>0698!?|nGG%<F18WbGE+D=p=m1jF~SQ+mR
z2Jm~QZhgZ>;{jzIBhWi9xQJzbIDN4#pshHIgQ%b*kc^hw^(l#frX8SLfkhP=no3(0
zR0N(kS?15XU(&X>bso-Qd;T$?2NY2_{lf{3>sD6&%Za}`89!P6C(i#{GvE&B)};yD
z*a2Rfs&bz7Va3YAc8MPR(_NYj!DAZgL{Zg*>Q!7}SbX~;@9WXNRfoFld$Pw@1mqYe
zYz)Bl{}rNj-4;hm{`W7%O`(A{S>)@`8~^R%@jUjB&hKSoBRWR^cpu!y%HU+;LOqjP
zCvK}ySJ>W#I@^IaRFngD8t0hmd>OE?{R*Eye-7bap!?r-5U!d60s~xOM*7C%UT^mk
zs%^k$@!1oAcenvLf>?S$V8-^t6Ikr`i;mNvZwlDf($D)~|NdSGzIB4%=6OKMjd#ZE
zOT+C{8kBFZht5hs!K+3Zv7v#nBv>`N;m5O+6U+ZzQ82qo2)T5R{oha6E|Hc?zPL7B
z>ICa6TU$dHhLg@VHeVkDKI696+~_Jb6DTbnCBG;6&tvnpA@43Aw;X7d?A}%8p90)p
zP#I{zpsG5Qiz;uY)cMP81AeW1eYmM%<llSt=M;e|2aGw5VJu42aa!G>V9m1weSP6~
zJZ%!pk&dOdi>ezYYM^qFR{jZI*XEjQ!j()$t%4gCu88qMd9kmG?2AdkvGL+`jD$u{
z=GUhzTnfDmUP<aNBoO8u;Yez|?va#9Kt>Rzj0-D^exGcC&y^{J%qKN$BHo*-BBNTy
z)*7%c?`OA%U!-=ZXH;)dS$I+?9TqNKC<Ievb#67_yg?xlFH?v;QLp?2ZfOY<_h$LP
zSx_ZSLRbvtbf@bdbo`}^dm>F&{?xj_i%JxF`nfMCiNQ%T39-0p>a}q$GCo${Pd|}6
zlH3>F@#y=Q!mx_46cyZyaF&63o39Ak-CpsQWj#>ne0-A>Q^gg}bPefd$nE<txxk@-
zsWdm0Q%%V+tN)6wb$Q9stJHO(08SIE7IhzaM-@Y6U{HD2DN2fA4mNvv@3THv6vC)4
zO_Qc20-mn^BmD-2d0}g29M-$#K%q!sjJ`j6A}@GR<K?%Ox3<v(#+mXyuM*d(#G1kc
ziK!E3?ugqTR0aVe)C-jNd~_*1$vkNk&C+RxstnR+5@f?jc!+_;Pwq7<t5U0@@2dxU
zUAVsU`E=cu$^@Yx@qqfa)9g7pEAn0MsxHtNyTp(2)<?21Ha0_uL?m)La(2nhUt>_$
ztkW%ZQJTtQ`N(#Sxdb*rA4CDK$a*XAO^i<{y2_p<YcR#DA3xX0iq`H7ZT&>*GCZL)
zU8kcb5%D6zgoLIbUx$+s#&su}hJ0;scc2OJDpy)AWlVZC^w&<onEzneSuvoJyqz$P
zT-Ja(l{#*EmWy!8UzZ&aIcgV4h#Ma}JwDY)l6L}kC)!qNZTOC>Hl4|3UQErLPV5R-
zLy#CDUkh8%zC6TOFg}U*MF62-phk#+X74#A13BVQY?o)>T4=pyuK6;Hx|1ZtOlnXA
zs>Q9l**-%W0|{qVZcmV2pG9V1gNY=~VmzWfv3g2hmtMw0D7E)eblN}6bUiA7v!Anc
zxjp1wBibLwk-bZG@p=r(*<VTTAG%>#8MGbBSM+W=EVns7&ydwHlQ@`qaTpXJJCDHT
zeap)vO11X?9ld$VVh$;o=9W?)_NIE}HU)PyL4Q3Ry}|Q95v@s+C(uaM{6LVlLi3yP
zM-Pr`0$?y*$+ABeMxFQlo0em#f=7S$T>m4shOSR@2L$6+NoleyAK6{{Olt^{e&a`-
z@R)2i-P7O4i?nbdnZ{Npy0lZQJ3pdjzBrSmb(5Bn)(ZQ+IIJ=#S?;iLVf(VrrC}U3
z<V1-TIm`+y+q^2m1R3hWeo2bjTOf9GlY}gKFsR5kepJmMG=i`b&$q2>gIV7#K0ePU
zix7;i?66B$KYjuSf69hHFWC7e>JUE!KRrMV&Y6;#I?LG0uW`e9XFdo>U#uM8D_XH_
zY!8CD(z4!YfeO^ckOsaTzJna}BuE)jkgZ>PJM_NoF_uRnH2MOuE79X;{Tk)2Ld)sS
zqWTNQ*o;_dyJQEIQsrgAW-)(=;N*{9v4+SvS7cU5wD<H1A>X1z=rAHbw$fZBf9nE?
zY~Em#c71a(Q&aZ1AQP`WE;E3Q@^vUuy=u!N!OkruNadt357Xf!kqh(OFe=JC`bMzb
zJ++emih68m+&K5u7JT~5ru7^N_Qc+)k0!ErQg$|$1HiuJPXAbJ83-n*Pk7l4mE4?C
zD>i^JaWBifi@R<#ITUzPRkdTU((tg%(yr@6Q1{xVQJPVOV9xWU1lxPR?h+)~l-8;d
z3)8g+8<sy09e(65%hD#B>Tl5bRYiR>H>JKf>v>lPf-_}ZDTm;aEwIM5;<bF>UUt?!
z+zx^=_<QCwpuP#|-OU<s2$5_@{DObj66x#(<X6>^d^v`ctpH>?L_`_r7&19Q>>hUB
zLgM^9zzoZ~q^0@@_ZFX-M!RnYw^=6pppwHswy*wF%7Ne3_-4Epoik~7IQY$NTsq@{
z(&MT;{nU36W+w;xWn<o?m}tlk<W4L0*$2#BC4Jkn%WmZ^-BZ{#wixF-6N0ioy(K!G
z=};x3AF!)Y@yJQ5Pd-1*kci4uXMu4=G_gIqk1+@Sb*u6gqvbDU!+#=i*#!tYi^c)*
z;i7vedESpZX6)$NPxX0KU0q82zKH8J&wJ?O*f@FUM~F&(oq@$`-k)kvo{lK#YVx*3
zostVo5YW(XE2F$-S2tlJF;rK9A{0+VnPFFwHvhCHPwWA#hQnA4Py3Q(GpDq3bPE;q
zn$0Woeyv9dW0;$0zYK+Ht}UwDi+!}?s!d^oqP)h2g;L#?EqHleEy8+=;<BrBdPo_$
zTA$|8twrB$-v6wm3fYu<IhOY6Q$c~XxwpCkLs4QH;}`OQX+A;m9ELRWX&x1qb?O^*
zhdG9u=NoQ6Sr@!kGUWHM{DEMZyRJJQfJ9rDyb+Mux#N3A`Jn7QR)=bIGDbBS4DaS8
zrJI&;x8x9KKk=aa_{}aU6=A889x@5b>Vw|TDZ1xNU*^JZ+GegJ7j`w~>R#3xNEa;i
zN6IJ!3mo3?n%$F|9w4oOA<3mE)l|y**D43fKf%1Hvgj*vlgs(v>XfCQhP@C-6gMn*
zOtSTIJhF88$D0_jT^+;FNyd&2XkQ=?Oi`g<Z1@6Fa+8HNTQ-_UX)+OcdNefvR?lzO
z==iOlyrCANGwtX<?4YI?UKrWf$oNFI@ojf{2q|xot$@?g6nODf%qcG)>HQ8dB!oiS
ziR4lzCd0yf|53qxQr+pqG2VbNie}4=>C*DdR_!GD)xp=HeXBHN)Fn82*g_6U#7^Kg
zt94W+-*vQIC({49U1LR+gj?By{k*2FGv!+2EiMnE9ZD1J=Jk6NeVV*gvn<rU4nZ_Z
z^$sEAnrbD3%tD+G(qzf|3QetU#yvB4&=yH=VwxLc%|+Owdyc!iK+bT-yD%5R&87E|
z&=-JVv&r!hstZN3!o>|D@e@)=$?lt`Wf?>oibIwjaq#ws4Ed*?ZUKu2yUCTizt~6K
zS^MAcfW=ignx(TV{S@Up{Lpn>h9}shK@T>zh>qc+?`i*TlI($g5#poX6^zn~xnl5;
z<&k2@4E<%!d)AIBzzBj{U1G6}$@~+al;}yoLV0s=K&2s*sBKv9FnM8z@#8YhwZS>l
z0nPeaLwc?Af^E}-h7Jqf$g}RjVg+<|b!5H_$BTyjQNKRm%u4L{7!&ik9=3J8K$s?D
zZ%RCG%Ic6dFR=TluZT3Nbn1|9MC)B!8hL`UD0Q>xv=4%0Q`!$EQLA&a{&{VSQ+SZ&
zW_To|p(nGMx2ly!DYi<YtE5DfYOf(pq011rbX{NnJXb$_3?-UNTSmjnTe*ATxf*M&
z88v&_gCCnBordmC53!Bsr|9u$9N-2wmVL*l(P5Pd7dWuN3_(*8WvM75xby{?D8wp+
zd9Q(Q*-skYd%h66QZMLUp>{I(<|n&4q3m;5dd5OQx{e4oO_@pYv%=J(uo`7wk1cEL
z>mDgzRMPnHph{O?MN&D-wP=H6US*?NUaWzYlKH2L&PoQcnU~&?h7JtIw1|B-;4GNa
zQ-81#kHDTPK!iF53o=+((m9hyOjpu0yUTiWonyUxmV_})Dof=9C?5NMroEmr^ur=l
zIDBhuFBX26kuJ9>S)wMzTFw`s4i^FsF>8lL7^0#xs%p~u@A=SKhcmi6gN`mM9di=)
zs1X>H)l`3ckkBAcvnIs@NKz1AUgacLN!(CcOv4yst@K1JS>B;J%0w~m868Vc;h)zp
z<Sm5$t+FpJE?PikhGYCsq&*OJO8B~23Cc`RH=I7&3prbT_b}u^bw&u%sD`!BF5Y3}
zgxG`TmiXJnyw`A*U8NdoK5RtH@|H<p{ExIBS0xK1$|HFvF3#cMVPt_T(ydZyRN96L
z)8bB$LwV9fB1SEq$uu4jNi=VcRz2H|CdzEPXN?Rt7ZFWI7diam;e&mnyo`B<Nl~uM
z3@&Yxnv`UkqeusF#+&xHqo1)vj%b{<+EqQb_M&l(2ue1{gI(>P4I6mHt`A7HMo1S4
z_B$!%Ky4^<hT=hY=%Ao`$?4Z``l2G6E?<5RN+r`3l*H-h^zwH1=Rb#@i}ZEswzs>F
zziI$X*31ulN8W1raXhg;iY4QD%A~wKn0`A&gV#7TuPTg3o;h)kG%`tMB1OVP(PKz}
z4Q+Q9(J(7V5^QWin6%ugnh&dvdmsAa7k+;3y%IMow?F~U{Y}a!KK7-<ccZ329~2$I
z{5*ZCMZqpklPu4Ec8Qr7Blw`ZGGX*9{Ce@3k6VOm*ZR&O^6Qrd)oowh0~N1Yxx?Ym
z$(W}^A5uM1FQtlxP7>+o=vq4HUDCO-y<;{*=%BJfb5d(^Dovd47Im2Yxd}zreZwO8
z<&u;4LR%r}aZTvMr(r|e&T_o6b@Rg+N!{{0?aO<&!M$RYM#~Qi4)fyE`xDwLnuuh0
z-s_05(L#K$=Ok^?lViSgH>!N{vkFa@inq!5%IlkFy6O|&!xIlB(v7~Ld4P#bUn$5(
z9ndS8r#U7%uKDY%3RN)m6j<{}oqeDPb!Fi~vao!3Q>F8Bea?9|mkCoNxa{OiyFMo~
z)tU5^C0?aj9@PQ!jWDB*XVMrdC~bLnaX}u=!O(Rr6lR_-F_hs*2mQfLX{8qRSa~`}
zhpX_zG;M~J`G-ay(pmSZiCr+1<+?)Two;im%({Ar<5qzPMa4$qSBq7PNPOxxZrWco
zGl*tnFylRCQOVD1Bb*d*d1#etM|+)&C6el#NOzsO>7j_0wfL<xxIJ-P&o|lmvvVQ!
zR*!4^d$;Bh`}OWE3(}N5duK`;hb7*Xc)YPTiZAy>KpeLs%Sw_3S<vapk}OFqs&)Cr
z38;{5swDct4ij&S=zyM5El8R*=3{c?VTqcXDY?xvSH6N*YT_CgTX#WhNmjPKIJ;pk
zT0lvRQ^66*9r%nhSTnZNxc_MeDp|9fEYC$g?Gx&iXcPK#%`cjqo@^G3tX|W;+5=@$
zWU?tYzfv#j^2u87rEdcZWZ~q#HU;v0E~gBV#ixs&MK7WY2L~1!VFSL!tuJgCTXo9V
z`_#Axj2_RXEB8L<rm20|-nTg<1N<jv!d_vsL*8V*ImJ+HS*?Wf3+)|;wI-!91q;`I
zY_i&IZyzW>${KOnw_Zkd9rku>A+Bq5r(*ULx^UAV7b;;3+hEu`1b0Rg9kN>L)u@&U
zbrVU{PK`uFU2|fjw1L_gO;a(}$_{RsKMX9&<?<6xw5Nm&jYNIgBKKXLqFc6|A{pXb
z<yqmKZCr#0f}nQ*<Zv1XAKmr?TZ=cGFqtMksx{Ae#WYiy;}kVSo48aVW)DM@1!Sqy
zGU>Y|2fS3cg|<RSF$1Bj2^8=hD0g{UQut5t7Z8yFGDzMlbTjCEjxx46d*~$~3(t9l
z2NI!Mgda+KN6(dgh$9z9S{6TOnH)A$<~XA{=n+A+MK?11uIOiobLnSY-67`HM4F;+
za?hR_Z*U_l`EtZ2r#e|>!hGl<8k@Jr=29I(Sr>A|cPl>1SnWoZ?_X+qc{38&HaaVq
zag)x8#P8Qv9xZE?q%95HI(74K$<Bs9MfqIFuc!=>_WN8rV&^~`cWqH{q+`_h8td)^
zpYRV7NGTy>V`x>n#K}q5`JS8epTgC9XJ7<Kh)sPVI(?{+@+JdrEWjwN=-%Ou$dA$N
zcG^kTmE<j(UX@|f)Ok#`LAA>Fk)v=s8+|<km+`jf`OGX*GqxD%u1}C{`h)4C#~F<Z
zK9|ET>Fw;hi|lY7dAhB|Xni_W@!C%Xx`&EdE~(mr4~^0IJJ}da3BBH8FOnU&%X_V=
zwe;jln%35mvlu1TwK~$j#N$<^@pH<BGY~UJN~|cQrR57G_E#-&!gIg^1iJFh7vD`O
zP5M6I|As<1zOFgz8KyaPQn#h!LE_9?@=lBUygmG!D#1%dzrG?XrEhX1^nH3>=k)p&
zcRA55XDi(yOLtE)tUx@h>A?1JZs%~wjPZ{JZH$;!pY(-d(@vuV0dk1O+C;Ba3r77u
zCMCuJ;X2QG=oRt;)d`2nkig5~R8pC6b7l#8=?p^F?<p@bx-EE7XIX1w9A6Bx6@}=U
zB`DAHQ4fR$#gmGC@d(OEXRQspDO-?a4TV!!Suq?WRM#$fZ5NBIxHSS{*J@Ru%LL<L
zZ~0#B=uwl#`8K8ZqYwM{p<EorN4qfx%Uy<&p$2ePJy=?G_Cvp@YqjahwJ9>5{u)t!
zNLm|y7QG%dZ-la)&LhR20q@nr+{g>gNp7&{h0kVI-|NO)G`;<K{&5$FdWL4`*jxH@
zHoZ?LUZ0JuK5_5bZ3=7|-5iA$u$AO4I8)1KJSl*<Ktp|Tk;2fUabRq-&vCh%LlnMw
zbvd%muzHW1+%A{MJo7WOIQwosR8rdc(qLtLf8kv<GVF;VzzS|~QP{~sow9xu#XYW-
zNjb%fK_{r@h$aiLl<3wv`2e%?5X&c{#_?DWa=p}LjaM3L@6rX(gCNd`0=j^M)~FgX
z+tE!?!~jE~rJG%H;mG%q-vEuoFXYJG7CBGOAY7-D<3LZ#8D>wtNwL9;A#yBiB+p6N
z4NsgpI;1=d$yJX}LaO*m^MD<ahi6{!=AJG1;Yv4=I+B_p8p(X?bg8iGubEW`%XkH_
zVVjs&=*yC~HR5elzIezfrW1pIpS&4BsNtKM)U&S$MlZFT(%=1Lv2_NvM$%6?Q`Ed&
z`b(U03$9oSZXO5>E7);wQlkc24&Ep2Z*ydf1t5C98oQntCMZAR=pr)XoF=#HNil0i
zK&c~70y&LlCf+E1DIqCZa$_P#RWZT@6;>aVjrD=gV*NTis#otO5vevcgjx$`$8xkE
z(8j(Bh?pWY@f2O`l4_#=YGq6Y(-lTyuXis>Gha_Ep7S~jD>~Ju_R~?qyUnuKG&-C-
zjq$DDWDWGs%Gj#VyZmfmIAER}B*Pw90aZSJuHa-c*+!1Z5wpP*Zn|*0tzat*<ge3y
z9{_Zj=gw%lWH~I<Utl#Ukg_r2#4?gmI_e!YT!Onx6@SdPD%S{7Q5WW}i;Ka7cS@%M
zy9kz4t*LWP%|)o^*}f730rsEv#+bR!94n=7w?s~%VPE7(xoP?*A0HJ>u2z=drZ#1@
zjy;VA`@x~$@bb+f@hzu{X4%EWjjs)NzalB<LdD{eNY|1v5ffXtAIRBZ3uBWzSS{ZC
zIRl1D>rMtp_jQdl`Z+VDF!&LRa&rnI!-OZLVWUOs@V&&wp2(V<RKInEkHB3E&LUNG
zM0wX-eSpQ%$)^pVxqytArbZjAJenGcEA@~!_fFi)8@bYxR<5tUM6YTwGEDbw1_}T2
zdVzf9tTxX?O&Y>Q&~=#CkYKQK>OI2xf7~Nt`77lQmJYC;F?^1BX6c`7JNBRDPugk5
z8N`thS(UO3?#fM^n!*|sjhrT<*y*OHNX-;DZT{+WM>mT5MO2Hbi=jG_!`L}LPI9fJ
zP!lp{eWSIQy2S^To!>tD;T}<;fd#}Or>J>Xxlk9_1Fm)D%5g}|%X;B_QNZ-f#kZ|T
z2}dEnfczeaGya_~%P_nJC&L}Kj4kLw)W&9A7ZY1{3`au}vi)U6z1voD&XKQvbpIYv
zPGm(deP^^ka^Mqr5-;!RAOEyx!0TIZaaJCICDQ1U#ym68$SDbEGPC}^?&KqTa+#nh
z<~$*rxrW62K#*^^a@edZu{@Ni6ucu?QwP(j(4aAXE@!7JFM9NDx+;4{dRSZj?&QoP
z3-d^(RT)pLL~7BMW^j`nDliBGF9xHshTFtBfL=jAyZR^|^*+cDlWU_0iTr^TP&y>?
zUp)M}Lz^`Y{O%#y<7?(oQw}k4k*Q0W3@`H+=Figj?%<!z!q}CAey5Udwjps{BlLi0
z0R#4KrIVZy&(<|%G<~0rJ?rYb;(SqZ*%bel6aTT3>E4J@EPKX#(RqkcA-Dsccw|eq
z`g*pS!OLJ6x;`+Y^ezz1<x`kxgcSeG_g+v!dVE{7C;qgPG@z80X~ocXnW*5=9qGZ|
zu>%5XFK1WPwpUk`*=^oef4K^iST~3+;AdxWh36M3@M1{6rvh)Qw>vGTq8`U!lM3J(
z-y{C)?#059{>CGyNrmw(v!xfz$AhZMfA70x>ZQ(>8H5i$^rQ6t)vR-oc7dA|=>8pj
z3x?SbD{(@P(~~w@$6Vg3jOLG>8-lU-1zrpxFU;ruj;8L{3e~Nv8%A&6@F`jByK>y*
zI<^!2=8hJ~4O;mynxyIb{Q+8)wcR7`dJB1{^mBWMUkVHns4o=~u7g8S-%c8vfw?Xd
z!Qs=NRfbdtefg<3KRbOT%Nr@|U=O}_)?AJIDN||)t4BNr^>HSE#>e^cw1cl^*ftef
zfFo#^o^dJog<jV{YP#+LCbg(b4sQc_BTU->=x1<4$Uu^<<bBbr*2wy^z73Uf@9vrE
za>dNVzsI`VLA4agx84F7IQz1-B-*JuVV$(Rra!NLr{+@W2I`BTNB+s-@bfT%<=WAq
zw_bH8hE^}J<_jT=T))zxPs;j8@co+lDyqTylsfL8t|cyU$pdyKRdq@?>H~Mt;rdN-
zdy?iCpFAj|rgq23)n(M?eUiz4%;%YrrBf_bECS~NXNTMbPgNA(20c+4$JU7gx-e2#
zs+(KnF+zLoCNSTiCpPfKRiVc^4E>LLV+E>Zp~=l%P*|{w()5oWOdrk26D&|*IR{0n
z(NC0wGle8wM%6D+L=N0iE}MPI8G+@2udzs;j%cP<9(ppJ+OVQUHllUS^h9+IIQbz>
zZ|&s!<3sqlXO3l%ppUCZfi3plP*A)s7k&lHP<FKN3r1^Yg=4T;-IDVl+n^8cXU}l1
z7Y^!be=GQk;Ou<)ypZm{I;)QI`$20zQ?%qGselioplj&4Xj~VZ<xAEr$U$L-b2ezv
z>1i~av<(M&VqA@4fArhbbWeyqgR*PLvh@DL#_!xBaeR;dIaGuYA*RC<)*C13+={lP
zQ(kBVdIx*Y(UdpNeCBaDE=sGkPvd*T;M1mDcv}iKzJph5|I?U$0^AHQFpB4mOb&TS
zlvCR7vk)Km?3j*R=J3PRm7=vpA5Jek_>Vs4zj|OwhYBX0D~#CxPd63sH+W|Tr=7W?
zPViqlz%lq~tV+?}TM%HN6Y)ECfWd*8MnGwR@H@V@VL^rjt<e9Jmi}!ygKr7=<(5*{
zlYFW2|JJF3{;W7YSN-?yHf}luKOKkbT9PPP{g<9J513LT-Nz_NPF>0eqSV<k^1(8f
zV*L{p{eSx;I0-FI1Aut_^8UmGRXlEBr-;iUQwn<XW?13@m@gAoKD}Na;kyrP2@<Ap
zZ~owuM_trc8k4CyYw<r<;2)WwcnKI>f2U2ic2<o73;YCeFXRN~0`pm|^qk3{x4YhR
z=<haJC$ibDq>(0W(D2w0GmAKGXW(Q6;DxVvS@DBzAiSw8smy;2op-ebGF;D_kL+WU
zG|5qKd}d(G^ptHk?-p2k_{rE7!Bavki%v<~`0r#D_D^l{v%X5dnIp&sm2dCnJ#n$N
z(YJ(rBS&QaVEG_CuoQHKdb_YnU5y{!G%Iyt|EOaBzRBm9X$HMToMf2cjPiZ3B9-r1
z^5rhmrGTlLw9NPn`CfrRfo|`#B(!>%csB4=vK{kL&+v;wy^6l{u1P>WUQ*-4fbMX~
z-ilqhqNsIdlIv)lFn!Bl7Zwhg54w(~D*D^a23Z#DfQ!x_l8J~E8?)EQh$ELQGT|W+
z@`X>C*Tj+e7iUd|B4gN%vOT@}zmZm~=Bnp4)p}=JvWKod5?NKD*7oI|9x7ONo~L%(
z++S@gRU2CiPsEkdZ;!iT|Jv=!3Du9BN1GX|Ky8BCC3Mjn_%|vEFrh^5t<a67-@6|i
z3N*TeYG69*+ois5R<yk7qW(4&g(uYRv<WuNjvVza&w`h9N?_8LWFSO;B+CDmfXM7x
zha3rSgmb!-yyNxe{<<-72yVyV$vk6qd*^;;L0r;h{To%i`o!dgm%t121eLkawT->z
zX$2llMInkO^1Y@tP@OW~i1se53p1kf?{UMwEehYC!|5&0Iz?*Jqg9g<=_EsG;nKuX
zgA&lDTW1`CqKra54aC0kLWo$So`jONhK5q>?XbHC^_@_gC^#Gogjxw)j;~vtnOP*L
zTi&lZ+I!)4baclC$%J5FnI}G+C|BRvzIoW<#!;!&PxukMe9EcvuXX_+HKOsBpZB!L
z!sMFJ{n@fA{j*pI-6G?SVP=gU2()<h@*Z7gR)_{$O5AuAv+P)x_bd8w2k?5%XTnE2
z@1{|oy2W3o#X4+(a((Bg;xf!<7i=14onLr=Xqip8Z1=m{uegyd$>IHmo7rfk#}IH`
z#mg?=e$lmL^mHhF!Wo(p{eF7Ee#YP(b<Ie<bFUy3UZb45KNCJXBhaJDffoF3b2c(v
zw0i<<-joJITCv-{8npcRRP{)PlG1(E3x9VH|KtH_27WHe^<WPt%y`H9oB|8yQj@5=
zswxtl*K6CobT2sckqG2muK>1$=;e?Gl+SHm(5>82R-@(r+9eRL(gR4Z6U7{kt=@Ah
z1BO%~IU*ZrWUSLl2W*j1j+z3&p(VR_9#+`CjI#UCJ+iw|$B-S=?bep!T3|}^@6W`A
zT0(r=(i6;iHyE-nRqgiaj9SP}XKe4@&+AK`j>k!K;6}rFEOTquU1kw~g!%s#8zDg*
zgcr5@d1-9N%-JirjMrWgsTqEPkK2<DTfjC0{BheKznMmsXU(d?&UHOwg@g8gPaWXI
zJoq{0Tp=)nmbdQP-S%ereCh<q(yb+6Y^y)!Xy&HV8lzj1Lf2iJyo>r%H*HiX{;zA|
z0Ty~-KCTn9hvS)nrw^Papw_NltMCZjc_3&OnssEz<`)|2AGHU14+i64*kU`}&A_xx
z$29L|E$5Js85Jul^?V+-cSG}KYNi*hfgV1;n6wH?O~&kxyX7V)`6Kf#Dk*lo{a=|&
z=G1e?4Dnizy!cFBTc}mn0T$EAF3+d)h-<d4cSEW6VQlr~um=?Q+d3>M2J^faG;gEo
z^f?mvf6iEd+;!*79rX+URhI?O2&3?YM^v_>%8i=@|99r{0J0vhxuySm)PwwPPsH|g
zSuD|iRbnw5%#L`xfBBzNAZ1{XWG3uEKJGp3c<B)-cHAkw>EqneZ?W0$0gf#WrW0qu
zFgX5q@Q=7_65HV?!t{5))mrSv!~WEKjdAGfxWWJHPH+25T4VhEBLk{QffFS#w$WDI
zk2&%^TAeQYB}GHw33diqbd{#`*hz+I1<2f@mfUF5{SKOW{m9LD-Z$Vc)QLTXn3$NR
z3~0E9XAyX9-aSX0xMD2yXyzP4A`)lb1t}+FRDDTAq&I1($LJI9Cs|8bwrdI)Qv5ye
zi|6qR3j?zQRqu*uFhk!C%y2$Y08Qa2XI@eDZ<s|CQScbbDkO5obt>El=Mqx^rmaKc
zmE*nC)i>qHcw4unz9m1R#%g{r^oD!~a<Uuj4mq~{V&-34o?n};NiNm;VW|RU_uN37
zcuoZN0(g4={cJ`Fs+3-O-WuRen)d3vb~rp$wQLSME2|&wkp&4(Vvuo+H?oipq_UQ1
zf5!OU%_Gtq7Wni<osM_X`vaidyT|@X{T_JZG9Jzp#5$0Me~5Y_6_up|6@<JSOd~V>
z7&P+6FI0v8g;Tov4s(G=u4*VlDRpwsLZiM+JAzAB;IfQ3&jKe7%v4Uit<=suiPsSl
zv@{7QzF~VJmO=HhUkO-nVUT(Ct`B~_JS_?9ZuiR}OImlxm3&k0Q#0uIm}*$~bYED>
zh5vD%kB;)DfzIe{<yrh}5e4@PRc@Pvn6qjRiC#kIVOQZq;>cSuSg~2ZZ1rUI7RAC8
z;8>Dg@6RUn0=!QH)15Et`R9l@iq_PjwHxmhYTvtN>JBkm(gC`a615*C(!Pi~(nwTL
znW#6&dhsgr`J@sQ&blSx=6ZS3Az$yLuqvAuGA2g~J^6E^b3`Q_1P<PVS5$3f3{D@O
z`pSYBHq}PNT6a(2oacZp>gKsf%4q_%m9(EiyKf1c;SeE}n?qKmsO?S_5*XhTq@wp-
z%8&<^y4@O^7TGb*AEP4tfW8qdei344%+bE)+6tBo2+}w)W~R3$Dm!at6CPUr$|PX`
zwkx-#bspOAuRLyvlS%V=8On!(@G^oKhMxidES=U*0}jqXYVsmguQf9<<fWX<6!cUY
zK|-zY+~=sbT1QK*!<Tq1tn=iS`VEyA+fPL=E0UM_hSqcFgm(0s4xPg?D}IP}y_Kvf
zsY1!Hr1fw?M#+OcN&V&J|3}z&2SWY-@hcw<Lbl8#>#WMmj7Xh%+?_qj%pM`Tl7vuk
zWF?23v-c(mAtcToMaWsn-oMvLeLj7@pWpBIM}O$<-tX6VzMik=d^|KC0te)`)dpn8
zPk{@&9A53|8z}tjW|tM0__+)EpbhFIx>9<UQe60jm)`=FV2Fo_;D!Ou)eNy`F8;$`
zAA$CWGVvIF{SGxDXQ<9a<SjimY!joQI5RzhS9XW@Vn;$v=Brc}CWq8}q+7ja#5`7T
zClAINn%o{G1uwV0=nd7n71a*090u4LT1mU%2{iMFTn%iPM;)eL8Q8Q6(Msawn)>!_
zU`hF<&qqR05-`62wyp4E>EcuubNb4GX<4OVtY4(3g3idI`tmg)N-ttqO1AbTlrc8<
zLdP)*UBCOc-#)TZ2UUu<z%kF3?=Pn9j44x2_B9Ew7Dv958VgPMs;n1=b)q-9>&A&<
zQ}ugsGOnd!eqKqRgVQi8;x&@#lJE?)Ox>=3kKcy}TY2H59qlP2A6j_7;2i}XkO(5p
zia8NB+>NvlhFW+WLkoTJXgYIYEmNt4gIQ%e)$^KoMQB&iM3~I_tDpUCHv=-AlCv&y
z!{)2p?d?F~XWc$1$x`IYowymH1!s5ZJS|7by!RTeA~D#urh=3fpJ!O%3+nwJ-<T0b
z|E`_BPCW##2N5agD0{AJoLA-@ey@A^Ex&7S(bw}>tv5AUiGLYX1~puIEI#d=d$H_7
zEGoQ^g(3knBFg+!HY~rh<gw)Kifb41bQCOwEs|k^2<C@qXf_kO6=EnJ@gxBxx+{*W
z|11XHZqxD1M4bu7P|ymVDN1muwQjDhXAa8m*)@a(yGxro?;~?%;cyCNcn#bbRdDpC
z(JIO7lg#mAn}7t%;OBZ*KL{bg+FQQ$qBlF&>-B{WCs{yk4~-3PU%@MR#l$sSt0)j?
zt0T108s2#K3c@Uo2>&8drq$*@%xU0&g}NDY$5KNqeZ1bsz+iu=xm(4<*XSHIamTjd
zw{Uk$+O2S6&)XkBnwtO7n)hgT(#JE?ov}O0cEo$R-LT8I6WPCwEzgv$shpgR$ORqy
zQzIh@(v*nv@}vTYzM~UAS2(+c;1YsT7$4B}cYUfvqIVNnXcp!!eN-b4Ig^-G_(N;t
zgi)$V5v?eFD4j?8m09g%LyQ3$jZA>XS|z{6tM*SDJgj<kB^L&_etp9-*=39llc*GB
z@ybdPrZj}U_}Uf^WZA1(*5=UdGp+T^FbcjH0xAK9BPX~W#*y<rzV>ohhv2Sj9Ak^&
zp%Q}1lUkVaER)h)ucj}jU!P)TVti7=Xm4U>zRQ3*pY;(sWCTypuy}10ygWF&T48`g
z7<(kZ>c5*?Oil6eSA~ze(lKdUrrxb(eHadC<~RavP%fFyXlL3}PNgpEZsD(IM7oP5
z<dj`Fer&=6SxeRLh`+6HfQEcm>i=V)TNT|;)Zh|}%^j|li%Ye!&DZMLSST#wB>3-(
zA4e-$8Io>CyQEFmye)KZxnVD7ai$4+D#3_BjZ|FJ?gv1PF$Bw6CDUL1G9kP5l1UtY
zvFlW!#tLL!TG@>F8N;Yv;$)h^cTRpAcm5(?Nw)xnT47!Z@ADJRL$*<itZ#EcJ%y@r
zY(s)pf5<te%URzuBOdC9n4-lcN6O)hVfdZco{T!P#i=;^<Xt$A^UB=Dxz4{A8J{q0
z3kL7QPLn`AQfIwB8D?1f-C;<)U^74XI%VR}d0)~^flN)OOXwqQy_Uo@O^S4lCQA4F
zW9rk)t`>3cq$54AUG6Wmn5Po#NpP-`+vGm#Qx7^;f7|?fpE{FV$CSn1+yTX?E!MRw
zOQ2?-anfw)A!gL_ODJYk8U&17DC2)t#IJ#hcS6}}z1b7jd<RANbR^Y0(_?&%Iq1s$
zTS@#h4;W4z`?n?d(?lZFpdS`){o9WFpX>W~Ywh1g2S8TM09l#;iNu%^EG9x#IAPNN
z_fP-JxCDCn$ZHbdSsd!xxd}61=QfFS%B1#DkBPSj6nle43hk-goW7DXT!ljd8%09y
z3i{V}1v5neKzBk&DeY!*%bidtzB|M2{<2H{#B#(xmA=FS3E9Dm(HmMeW3R|nLhRXa
zCDMkP-%cEy2xfbOvXa*~Ud$I_Og^aTES6!A-Zti|T#mN%EkdZq{8Q*Qs?s=<to$+2
ziVJ>HGTi^#5O;+#=MkfD9f2p)vgCRn3ekgQJ5b6zEuTfS)S_}cCRfN%Gp;4%%v`}e
z{9uy9l14qaRBCsI>X1OL!TmUkAs1xTHU-yXLYQ*NlbQ=m5&{bh-sB1|V&yU{LNJiG
zC><p?^1M?|w5tWCV|WvtEK)>NWzsS9`q$RotQ)S1rk2<>`NMsY<34-Jk_?X6rv<x@
zO?Mhi@4V@Mb)#t8QS(V~>zh3~En-)nVN;SG;Q>k5dr6h%`akrZ<wBA@-<mOe)`Xe)
z#E7ZiY<SYc?%21M<~%N3qx2YZFSjDa`NBML3%l`0$|_h51i7O!kBIlP&gIuIojm&?
z(VIZt3DM)jyYiNeP#Cl$Cz7Fz+KY*-k^1&$ZvCFd_$e`Y3GJC$)Z^-v7PSrsC!W?&
z<wAXTJ89H-x@4>vmLE@d=|u3&Y+Z?~H@71flo;M>7TMk3wGi3Xg|768uL<)|(US=&
zyc++~T8?(sKBMG`70KkTAZuOC6xrN)^5~B{hzz}Tbi}Sk@Eh6K>T;6L#nI#6dUN}p
zi&m}s1b#}I+DkR<9geu`i8u!+We+dO_cmRpbI^{g)%eofPbju5t*Bd;6!#g9WDHd_
zoST;77k)`v?unw&skj7nX`9Tb^x|XULkwUrl{&okPG68p1HH(&R!w-)?umhoCkUQW
zTND0EkBc0zYjB6h!`R$!KDg3WdzL?yOm2CyyTxCc*kyI8$3qp1yZ&P07r17q<2GyA
zJQs}eSN9x<QJ<#XBv7YBSI2#<37Go)ATihZMpC-2VdC?yUg?ta%x&DmgBeG=o(+@S
zRHa+j;NlTFyDk)!G`$RLxKT}h{M5<h0wbk8V`U9bVKqmK8{UI;p|L%sQQ}7l{p!G7
zY5{6TFCf2hJU^s`u_LR5pDd@^TM}lcTJi+c33|JuW!gU6Of}+?niK23No6@HpQqdu
z4roFOB@k&gv`@sel#UZ8WbRgYb*0{l*1Cl&QJYkm_r#(65<5@4=*_jXVD~#oScH7d
zNu+yA<aX|`q`RVJ(ST(C9|oF0WwN{Vm~zR-B*eM_Y+QtP71^*pQ|>l9IyY3*;L=Cw
zGq&nC?J-au7OdVR4oMd{9{oblEnK{VybX1Y6Nf!9l+$p3-Z*yWy(Csk-?LS`Vu^}g
z?zTpYU|xP)ekb>($1jf+M%F|y(Ob@g!X@=PI=pT3FmzZI*%#9<Cq#F%>=~cXfqUnz
zsja)U@UaAIKa;BBvjV3LylQ^@K=+-HtTDLZn%mlX)uj8OU5}j`m%VXx^mvfaV>(U8
zhUIFKb_d>PJ*lq^VeW!Dn;}?!`7d=+1<Uc)76Q=ou#yZ{YW2{j7Z@ofbL{Jgz(34r
z%Y|KgzH4W(;R|`^7T%F=FU$^k3^%$vMI=4^G!es6<}kLJWHK^H=jcdV7%(~LZ!&+*
z-c?m;jz`Jy#R;b~XR7MG5xMr~Ml9V_lqN+&!&(dJN-ksHzt@ygKIf_QwUqCv^z+&F
zbhHDG@6z&4o910+etVnVuRr7Xh`C0yWhQOG{DMNUu1{Yk72kP}-Z@vK*ZWrOZcqzZ
z?DtD_jv^+}(67&pdX*AZncPoSIIN``5Yern<A=_OR?**`EZ!gH+&sBoP#J2IrvF*L
zabgZ3s;bPaw9>aa_+k3vmtk@JYj@RvuQkCY`m=p&PFS$)I~`*<hJI5c`(7E-W{f~I
zqvv>e5WmD6>)M*)(1{?Cc4O7G#e7q@d65Q1dq1qKmgom^On%uDgN1Q#1eKSLaYf}Y
z)w70kTaMUaq(K75SE&A5ScSXjga8SI(zd$HlvK$F?a<Zy;pqNCZGPuc{i9>Y%wvxm
zn*4R^2H%qEE!md44t(^Q!YGplV&=zs4{jAuyN*v9l;53=r{RBIz)uprpv{ea{LZF2
zwJF3U;{s{(nWxFOyl09CD!0deXu2D<8=aOBYhzvn2<Xa$7?p}tcc{xC$-%x92yB|1
zpOdY_(2GB1e8o-WOcZ8~qN&W5q#E}=<gN6{V7l^hk<Q2S4}g6XHp`amw44Lqb8lNW
zt}F3KG1`WQlS;$BK2j#8|LlRsrNfOJCq<YNrO!c<A#}#{#<tPn(zsB3c#M(?B%aNl
z#n0tdv3j1mF4@lUA2B`>OoSs20Eq~lI?;jZs?86S?Jeo^!mDn?2GJgXaQxGBFnu+m
zc2ahCAisYSUMTKCP4BAl!9ox+VN{B0tqTk5H_xm*-6>wWY$eGQkkS@4`Z8G7P&vy)
zW&R`I7t^oYC(oGjVJ&HPpBLD(I4U1=EShb1C&`(C!WmoxQXNqI=@K-C&n9mL$_A0Q
z$Nz+$BaF&{hCfhuk$Qmr4qG+)twzDWE^y(G9aor{qRLK$dM|%v)qLDg9hI+js_-dU
zP~0xr_6PW0(D_@Im-!9e4~j9p;^vbrGd<U>|2j=BJWNFy@=`D>Ldm!^wqV<?&{Au)
zCXL%jSxcLFCT3Uh%hXBxm$}2@$tE=7IeV#r=WJQd*xQ(005)53sc7sgu`b)FF`8k9
zJ8VB#k9+*v@2#On+Hrk)9e%_koX_3{z;K+00m=*2>ih5Bv^vEf+DZMg2mO?P7*cu4
zt8z5}&y#rWZ0gv@>o9f}7Mbmav4A^wdazkyn)^E{`!6B@DzF&<hprdisb373TVLDS
zU{D#`K2Jt;3b6HgoCXcFY)Y$@Hm3ed`d?J<s*y`;%pTNB%58>ILM@UD(1eu7kJ04K
z7bXdngP~jP$vYgZSu=QmPZ2>qp!r|p0-bBNt~WGP0l&HTHX(!YeC<pKo_)Vx#dJG_
zJsRVP$7}U;_<@$H020_P0aNSaBVcU4AqB_!ch}}m8})Guo$Fw74{I=ne)*2OaH#in
zU>@cl{b#1|XVgiw0&-dQ5==0@5&(PU3o9Q`nG9Y4v1YydKtcX)d)xy-#255+s|*2Y
z&%0f&+qb=`7~3dfV2|4aDW2u_<hqaUV>^>h{Y|Dddmx%WutCTnoSInl-3?JTvt)4{
zX<FR>AWbR}UgtM$82YGyra{k&6!ZS5xeAKQd<Gvd&3QZ}YrnqE?<w7Czz_MY$ijl7
z_}57oA?2hjIcz(r1%ZQ<`scuofI!z-K-nNm2zGsGq0<(RIE_h7@it)%t=tyDBVn?P
z|26(mA4j>}GLx#nw6>+CD|J!Tw79x3&2X8D!eX{$3_WO}+)&-$S`R|+HOudHffzW+
zzNs+>Y(z%zARlGZ0L)}F5@3G*Zn*^pedY1<c4ZsZ1^_xpF5O#j$wVItpB--Pe=@QE
zDL$(0leaJ0V1g$ga!_S<-yZZoWa3yoIuG*Le<x9a=`QP>j)}Q2^i+=ahs-5d&I9@a
zL%^M8C7E42Hw91vy`tL2wAsi}=wG$!b{F?T-KP$K)EyW>8*cWSf8g*CoCV4wApC=m
zpe3NtfRv)Ok?miUSsD2$gyJWV2?U5*WP5eqY-4_lSNER`Ag}y~7_E{Jx=MGJiM4B_
zU^k;sDJTRtwP0EHv2deF%;V;l&+9c>y!!`-W`1NwKMu{lkhS7GekV5PadTZo({<V|
z@v_V7qR|!_#eR&|#KDt0P*@W4=@Q2DuR^*Qk63D$*65RNI_Jvwg6sN_Ga+*#-n1Y1
zOFW<WUrpu5Z7u3A@6`>aS1uFk&i`8+Yv0&H>@Fx@wJ>m!&c4Gh8z$OT!4l&_dn!9d
z)q<WpnDpTfc;(K+#G=q5!<uU`Sw&YffNn&n_G7$2n@ur$hO|H;s-5;dD^<nKw+?QS
zo;fJ{VI_TpvBDjNuTy;4+7%3&0?JfDK@ImERt(0;dtw_$1{j)ZQYrwve5C&v`)!D=
z&J2EkYiz48ElYKjC0_F<ta>p(;QQaR=6C-q@`MNn7g9N=9zuo5Z%pgXX*NjL?M0)a
zjF46wI}dl@u(rU)90vgMPy9qIZOBQHSXaNxFD0~4i3;ViU@Vy!9PY+^sTDgo40SX?
zm?w7HbGmX8ds>);uYGPSUVP$n)y>~uC`mwY1Wrh}P_!&Inm?)Q0o`%`BXPF33kYQn
zp-=@7?jw7jT`2HL(d9;;G3|9eS2iC{hU|RH$5&EqT58{sraX^ueZf2y+KL>+`GwGj
zN}lW>-G)B6mc?Rh<_p}QQU>*<)OREgGNdkRWZS~~r;93U5s^pNmErBBek(3xXLcVo
zRc`U@Z?HR1K+KK(($Vxe=q&<^MhZCy)8C^bge!jalmnyW(=C#w-888aU6zWL`gbhv
zL%!;SP_!A^k4^JQafpOnp^48|4AEb8r^TWCG4JwEC|6$LIesYuI(<f$+Vdg=;f~~6
z7L6Q!Wb(Ydnu)Ho6Hi;R#>+YJ-D$#0a6sjCe#*04$0X_dcifxp26te0_O!F4=U)D+
zWT8&rIsM3)I7}(lexU;O2}_+*1p%@1#G_te!V|r$0hX_wv)0_)y~Ca1X;4o7D6xEd
zqp&UNkcu{Ar4pHUnNOphzA8L5A>iUhYyiu(qx_lyJ?R>bMVDMl$@dwYGp4=GMOwMI
z9A5xVq&|(3`+qp>^f$s5K<Fdvsmbf-&i7Fn>9L`_b9W|aIS^B{s$yR-Cs{G#5AVZ@
z8QV{!Fwa2Hz((RHEmA9%S%=@`34I!|;3Mg>cuv+iH~;=gb65!e#PJGGmq!yuB)H2|
z6<i+UD<BnXQ6{voa+dia4d`^{>gw19MuE1>UWKRXH)^@P5!PeOe*yxm#Tpo7H`RvW
zBd(`dw!gNa$K(^WbRjb-8yX&2nf|8=p(Y@0yS=PcjA9mn{#8m2B8;H;<@U+{R$9U;
zd)1<mnK#*QUhPimHQo0I7{}26*1HEl2$c={@Vx&?xcv&VRC2;b0Q**_|0WIBf1k;N
ztjmG3q4M7tY`-!ys!JeC&6lEjSNj+6^I^;+OB!g<2B+Pv3F<Q}1ZZtF(!aAX1~dnF
zdIz|ezmi7UqLzXH4iq4P6UfefKLr4+0$@cm0HAsJMO{w=<yAs=z9KW|rzRqb0_+RF
zCKfY3<XMYQjQz<&lmOs-e|^#mAb9`%Xu<#~<yK8XjNUfa0R%h(5Z$jp);t-wD2ZOs
zf?WFV_|XAm=7Gxn;{)8mh5+=qpL_SmMDY{{Q@Q}I-CxfEUuTDG&&A5a{$m2Y59@jW
z+eSZuFX`8NX~$}pbEqr7x|wcT{MRcwJjb@b8`kZWD;)!Q%s&_80Mr3;piYSH-2f=!
zzxS;xx&&k)1^?rt5s(@LuzZAs=dabP?1o@X{U#=VUO0cuzJzvcb1RCv@;?R+NTUG0
zs5-z<|Mk|9&4a#~%yr<f5r6>?tTduGX`l-Frx~S|>jx?-{+vV1IH+#WQ;a<@$`53o
z$V~eWc?j6uCZMbzh%(UyzCXlA6Nuiw#3ukVci>$f9JN2T%Yf#9yy;K5^xf_#gMNG7
z={FhmpRf3T$$1ojbIf`u4p?P~h`0gV_Al`gY?KJ7jVUqRn>XeE|7=0qLZ~eurzK~#
zjIT!&9|DH|L-gAsLT!oe8Gn{G4bc8u@)eE{_KwI5oF%ZA2}Fl~ze*wi{U1*TiG868
zz*P2Ip8g^sgjm6I4$eu`(O<t8BFqj5-$7jV*IR!*jP>VgT{um9a9)W9fz3@sbn4iH
zql9@9U6Ia_hp+uC^f_FC!%yB&|2m<+-=pb25eVM%v$EvRZ(li3C9g4T09%`&M}Cc!
z>n;KF^S4Csnh`Vv(TB+ddDFH*LKPG0w|r^6A;=ezP4L0-Vm$Th5gtI75YUZ(@4>5k
z1X(4z5K9@bF3ol4WI!g#f!a8nVGK|y|NMLK9|8>^!v8)_htJ6m1Ew)STz?Plrz{^N
zj{iOK;)Vk%mVd0@!2znj@@w=e=q<wB41Ouk!-on0i<ZpOf9>8OSSIUh+Y8M~5w4qg
ze{bU-%liS`RMbcBrSyk+HIH9V04TQr9iE72-gmu*G6C&<fncQ(G#`PA;ouY1?*Pc=
z(5E6CJwQv_Knt!lu-Ji`HM)wizMEwMIX~q*2I%7|0F3_{;58Gy0wQ8(d5g?_cWc%9
z<rDzY>|lBV__%OBuCChSM4Vu)|Nd?g64oAt7kWnzxY_#+qyPo)7yzDG#d2{`T+jxG
zIsv?yl(3#tKfWybXFL=l)G%m;*tQs`lmUuGZtxFqhKi{HFNo+3HK;)Vu7k%Gz;pzm
zcsfadM=vd{Q~4Hv#sJzjakt!5*KrJBp(8*cQP1<d^f#0TR65<TDCH6Xx>^89FT?w)
zGJ44V(NlGJY<GjC^Sn1IP6zEpbQM655_q<B2(s|;K>Hp@+|T_N;fAs54TyIK)h*lS
z*dYX1v+|>{Z`&8GR0kl&F{D-5`NKJXIq1NJ&l;gNxEvqJ#NJhuOPDD=&ImyM0cWi3
z3qT?P&Y=Y<fKo28149K+g|4}uimsPFm6Mf4wF}hA(8N3dR65RZeF}avDmJX7O{guM
zi+-3h9jw33n*Np^EX=Knj<l*gJ|{l`A`&zLuYs^QPJ9u6bK#G@OW#bwAC#{;ya4Gs
zu!_VPhUdwGf{yB+H;jjv@i9Lz`a1r+oK$t#U;vrCORo-N%`IfNK53l^_e~t)E!b2V
zw4BcX+f58G)}==E$z+Op75GDVpHXZ$luT8*=F9z>jmL&+4oV+Ds)t$dTR1siZ5=eZ
zg?l@M#c4iIe^V12bE5A1b3Fz4HeYe_^`W}%-KR#p*uHPN#RIT=Ir(+y!6;Fhu&XKp
zA<NnmnFi-r-;<H70PS`tVM?p5aJ1A!jVrR~tv<!HHFBxHVuokYZ{k^@rE_B|x>9k*
zBc0xaRzqpvtOTVQBgiG>iP+64<Z;!?%$6OQ0=FXHJ%Vz`SPgF7SX~4H*h-lwg3Q-%
zCk<K_;R^U}$hXw5f8?Z9x}@=!9VIDIXUPv=HQfz%n`-q#V6B>Isb~B*1T4(Ea^G!8
zl@YMcNWVsg@wd$o1zwbc<>=4cfD{XC@SJ)$Pq(T9XCaqKWi9n9xo2Z+u=9-mOTK_H
zv~d#2N1FBNZk^`+7aNz21<PE{?nC>SsAaY5d%5g<f5|=2J|jW*CDxZtey1K|L=FzN
z+VKm}<uK9VgeokE?NNRVxHDW$K6+=edRzB^S2_0mQhZwnX*?iTw|&tLQ0E2uY9uWL
zuvvFD<K7+xVtg>~7j0$!yDle<f2K5njvrw?L>VJ5UVGQBVnSqi(*ixXyk)UAu|rkz
zjr>Tqz_e83TO2Qh_PYc$%}UUe)g8(0D`m?p&%9n_$+ui|ro**{dJ_t}0wbGxx)KU`
z1*MBQ9%NjSkb@a%npg)c(uYev4b<TV=tP7(t5<+~Hb)j!myGaY&&gHt(XzeLz85i9
zg`rTe1N}|DR}Ajw-v)$$p=ibXB>HCn9l+q1*1)3S3o{mFBF^5chq9QYaHuTx9{kqF
z_tF{TFl%Lk8bZl%75EqEBx%OR)sa$NIIpwYS_0Wp+F;klj)zvs7xZ`VRLzu$kYafY
zM^Mf?Hb-NNkm*Ij5t34@zjUD+p(Ydck&8eVd#Lelf#r#O%`c$OkK)hP4R>HcULh4<
zad_Gmk0lp(E5~-|b71+Sg=lU3InqnGxSV=^ZRjA-U`SxaUXa=5$7*(Ku2?&!v*UEH
zz%q0py4Uldl>9I(&b0Lf9i(b_r!gGxU>aS(44Rn-C()$~JTVR{WI-$&1<{s#8nLgz
zBF?oUO*yDE*d=}+J8-)Zn7R)=1wOz!5qU~pyiR<ZLFi^l-n-|rvcG5bELSK+6&zC`
zpkN;XNOsN*1@E9_GtEB~DmW&LAh;Ld?C<YCKUlJ{b!YGMmguj`pm=#?UCw?_Yv7>d
zVE2m?F*2YdTDhdq;;e{@Cp*XxfB&ccv8TB)nVOnfx8}6NPeA3dGG;{^gb<3a*OYaO
zoCt6FheE9I1@vOT(KsN|={b(<>D>FiUbk*7w>GG`W7dnKKP=q-uittc19VGacn1GD
z&QBjuxiRQH>;0jzQ_4A4tsdLz(UZRzDw6LJT)MoW83^JT`N97jWwFSIeRyX#PP=En
zLxo}u1|wT*=YJK(uRa?vMg?HN0Lhx+e&}}a<H^!@(`H2*62^?DjK=|^jc3I*-9K-N
zMoN^Je}E57-QEZ`YhCx?NoVN<E!~}+&$^_y<>c$_S8h|Sw6xp^={y3fp#zn8^Rq%=
zhX5zS;XRz6QrBaP$L}I~9{4SjUN;)4_9{}^`%Xz$+RJne)LjQRQ(`D7D1bLM0mSOy
zhPn`Y;DlACjj==8;FaD1bR}kE!(<@NRbxZg?O+uiqgcHnz(q6!B8L}$%TDd~Xz+pO
zaptf2oPd?>z4r<7n^%!Nq`cU7&uipY3Z3MnrK7$ACfBE<paI6N4{JIkB_ji`JPK+c
zW#auz2CbIZ9>PPZmnTdoG?lE6c+K_-^6LRqwCV1JpQvc9F?Wyu4U3jaPBtQBplXb4
z_RBRo?|*Gnvl=yvS*jp6cP~Z2ha7z6Dx?Iji9=BG4T+lN5QAT!XuALuZP<Pw?Ars4
z+mqr=kJyif4MWK9`O?A7jf^S~=+-H)wAynY)4k7}>arq%m$n6&00Z+MrUIa*aXh&i
z?y<aCR_nL1jcbKm^Le|qZKbNv!WeSywm3h%@^YqDXg(xL^f|Xn=*n|)0a{Qa_)l=O
zr#EwJwk+*KZX^Ufs-q6`+SF|r<_l6aVa_cZ*drBt<A7B8inLZ^4e5m_>+9$1zYW2s
z%^;c@ZN$&IzeU-Ufkyl+9mM>D*5~}eL6hj8*l0)l$sdQ=v_0>;R_dAlMV!naqhC$V
zaw1nbFsPN(6PkCiI6h;9Z|(E<tw0W-QVD#KhZ=n%*{AHGkQV{+wTB;d5OIHAXIkS~
z>D}&E6dm##675Ci3o^wo4=IXkwOyDkGAEScF57;|ut9nw>)w((<EYI$#5Ah4m#l_M
z7b@G<Q2ut~y&XQ^Mrd)!6zaqXtSo&fDAA{bL6KOwnsb$>v0~bHnxelgb36T*%Xd-U
zOsk-$n%7tBZ@Ymzwb}-|$^2~W=xKlFoMS3kU(+DDw8>tSC;3O;&)Z!fu%tTv67%^}
z%drONOiYR8ez*J%&30B+->`%smw00u&g?x$P=Xcxbq)%5Zo2l?){d)h^`|T^-WC{5
zWP@a7Qu4Q#G7f}2eGmr2UFsn9U@M*D#paBC?d>|du4|LeHwX`rt63;vdY%71!}4OT
zEWdW2;q4xh{#skT;`39FQ`_C1<6KYoNqmyME|4aRKga*1kA;ANR(_2@fA+W4r;$Y<
zm!gX#k4;Cw>?ZcU*ZG<UxUa@<Taoe1NZhVg<8q?yfN_d&;c>96)a-hJqKPAOL1E(h
z-yWp6L2?}F`jo+<3fGuqD!QlS4F3om_tJabQtKU1zwuB>g(ZBQ_5r?HnUCbs!h@rQ
zE;S>o`7pr5L4GlSYk4k-t#Az;(bVr8I1%U8gq5sXm0Wt7rJ)Ou|0W(~l5y2S{%N|q
z9Vqs#T~)yl{`toJrO1F{?Vi@H&kTE4Dh;|m;x0wGtY<thOk;q_M&fT<a3!91k7j(J
zlF?=*mlg3S`#Jx#RD9;02zf3x60T8N2WWRA#zR$%qjQ<f9-Aqi#a4{H0YM!=nAtqU
zz}e2raa`)?l9X3KEqs&79?e>3ol0rKB)QtmrF?CtYLOyl7*Tzfsa1X(pnipcbhEia
z;7I;lFYy&ooGX}s4tXgGTqlmdY!kf)qx%^KK1&3QyfuI`r-kfML>mOJqQIR}<SxE&
z^-~xomlj4dAle>}e?OWnFPNp666EYE+TC;6-{$s>#p4OaY@8A>RYd~{VH;k&RZOEH
zx2Mh^LOG2HmD_iBww~v_)F&DF*U)6^n1c4Bd^QdO3EYjhBCfCbu*YH2aVGE?P+nrr
zX=Is*8Zo$>AQ`7%8dxuSe8~2XOM-Co?GWsO_gsV)f|IMk#UC~ImgM8<O7bztHxSih
z+h~k3z|_BV_edcXVB@xf1somr7PCtuV{jOAE8XcxW{#!R4K=aMzW30sMen58(9v@I
z>unSAM+=zfrVyETZavT&QiCk2IIjdSQd+nUNat;%-TGy|a9uJz-)a7`CeNOC=x|8|
zpX~l+@=er0eA_}iY(<Xo>-pTS)_)Gzo;~CtR4E8BZQygIJnoCFw<85~ZBGq6hDz#_
zPjy=kaGsxEVY2PklNKYXZZyOQP&MX!>I;ZW9q4)Lj5E`tzf46@6(bpkQ;7}77V(BR
z^{W}UD5#Emx$YHvHC1rA-atuep6_f}+ia)kvJXkc^}pydTkUdkez?&Y4;~)*SJ$E$
zi29WOvK>B5{)}H726-%CHJ;fOP83Tzd}mHF&LmRDaVEw?5gV5+(wW1PudC`<%J;(6
zZ``It>LY4&&-u_%4sdt&2B%ExB71&BNh4aUlAoTo=Qul|25H=-9*C^UL{6?@81z3r
zdPmM|EbZkXVJ(!rMSE|X7wU@uJViIXS69R3NQXr8U{4-?#6cXBVZ#qD=k8UnGxVN0
zMF)AwoPX(`r)vHb2>Iry0gpzWh?ZJ}n)z*4_P0dsnKO3pp=m)9Fxhn4FGiPc+_clE
zc|=5!{YLqE?}8pS#3<}-jBO0!nIToOtz)BN7f&lx^C2=%spN4{iV3gr5!CATiOuTF
zddIYK8zm``#&ZMT5XWFu!lBHs4Zb3I&jMx<1_nsFO|Iv~QcvYvQKqMPvD!*Hvjo&E
zOm<C3`RTVE6MvB=OcwBfVPB&dc{I$bBM<|e)jz!K-JiK58UUaXdL7HDdbZ`oPBB0Z
zdR`kNg}P40C#IQ;fuB&UAb_3f_=Mek`0{U*s;;D`!#Nl)aXV!V0ey#TNa2aHhsa2%
zFQ725E7YwUzK5^oGbU*$3dOYJ;tJH=;}TKK+{DR<Grac1DN2)8Bvp)bu{FcuRayd8
z<)0v37zAE<A-cLT==(-yQ^-zvpjSSh%amDT{n_y}F+O_L|23g392V>LWGR(a9dB{;
zV0+Do6ydQO$bpi25NQ0Zq4WQGj2C+1J~o$8i!)bad=9Ftr6n2v3?cwPfNQ|*A@ENT
z;y<GbJ8@s|MXl6#p+;(ZZ$z>i79QhSSx!C1^S$C=7z^vldW+LFi<tzZOQTR<VsM-e
zgAoM(B?b5|i%fgH1!?dQz^l$i9dO)dDfYv0Gl}EGXz!J~J7E)NDD0GSUT3j?@Sk|2
zp>$(}=$EObT)i){xU<*nuNj=`w3{Bbs0p=~?usl-_urj16pu)jAfVvjS6iHXwaySo
zc441EBcIF@;o7?0%=N;hZTa<Ffx69Q%`@^+-qOqg0KR2N?}#!;Bj3!XO_vCtRPcYR
zw`UlRdugBDYh~W%zsk=Hj98+EKn$BKFasq%E#hyeZgUhB7wA+HSWRNXJs&`uj)CKO
z5aSW3{~2w+=8b#q&VF<3)CHNx_><#fS*8lqs=@5Wdv1HSY?Z%kkACHY=n)Mq4umfH
zKGoGGB__fHG!{BlRi&oni`&MouDKb+U1oZJWoGl_cMzO;+fYB(_Mt*3Ln455RGEGs
z=Np90g@meftM?o;jJazaA1?fi9Bl1@Wux~Xc7bBWQUgSI1R8skO5SD2zY(}0;E=7W
zvYgkvDcum$+luHB_bwqS<wf+Y)dMaN6kC9zBjq^Y(bQ0EQZbIH$Cd4JJ#r|$LZ_?u
zAxjoJn51pIM1O@wKGU%@fX~W72~M01BDElN`pX-#wnYy<xGeuy=?8j_TMnFQ8c7)4
zlji9U%}Nz>*|?><Y?1n;Z4UmG%*j=ylChOYy_ZRLiM%z&<E(mXEv56ZSagWYW9ot5
z`^|L)?g^sY7i6NSasKEb+9>}t7RslBSbh;ZW6R6<;7^cmn0&VxTNObgC(*t4?Hx%%
zIYPJ`o4vov$*!4Ke)P>SJF+yen7yX^MgwZ`TM%PD6BwcoBANHnUqoZpJX5$7_V?#U
z)G>l>`b|s3)TiF%F+Yj>i}>1uS4u}2&S|jz6%1ii8DEinuSCq0c)lpGKGW*-aSB%v
zZLQ~5uDEd+-MT<b^YMlZ<9QDD#HR^)K5jJ6H|AD*{1<(&J~_rUYg^y&Tl@VWppb>l
zs#?b{OlSM8AvxL<bg{~A^f-vHlp;U14-A{Ui`0L;Z#u}1Y?ka;E)Z<A7o3W0H^fwV
z^L38JMP;y8u&W1N*Ow$#6uWi>BtFH?!HM-O-e}cm?u<>vXbIvp@A-7`4L&ohhGaD@
zX@)dU5ADgw1Q3nBPj>R*oqu1ews6XH_synDbw#1`v4^%#?rD(|k@<e>UgS>~;r#h5
z<MheQCaw7{mU~HP&g{y9yBCKTI>a8db~MfJOG|aXr^*qFx}6)LRP)XJyI*z6-_NmA
z!W_$ge=lXLqw_xV)zyjSNW?@k(R!zUv-JpCIj%`}f1~V^lfH($L~ax0D?6Y31FK2)
z@3|h`+qv~gql=oUH~yX&iOE*ICv@h+2^<mq83=saI%jc*y)8V&fW=hIes93Zt$k%Z
z-0M3_-7a6*Ap3677-|MC`{N`{iOm&0GV3dtrW4?o`9yWQRU|1)<<%*QC6cp{@+qTv
z_Cz5vRmBo{50B!P#_23s5$X7~t24K;>nC0sI*wf@o=Rq1N1jVe=7fbcMgKiFveQ_@
z)7blM%z|)!J&1|aX~?lKhE)Rtfs?qslg>lyDaE`Z)8y(6IW*<Gy0KU;nZhkwevK(F
z{;K<JgV2&lPwnkb%N~8LZ>7h)2Hy$&Uipn8cHYC4FV+%-zNKWByR$*dHM(BAUbD$l
zR)SpJ<SAB8fuW$0mYXrQ@VwK~+nke3?~)b6N-@utA1OX`Yfpm<evu9RnClu*o|}x4
zPj;fJJK=zTOxaJ#2{-@iAt=M)R1~|XeC!l%_Ukuk=89&e!{vE1UALpimvknD>CL%^
zc(LyRJ}>=G$z3{>EfTrqM$PC?aa7nN0*V+D;(Y<{)w;sny7I+4o%<hr<8oN;YlTyt
z1_dqQgk9o*n<nj-mAbm?*D7O#(yLDMeiT*&%IA$R#7+ToOej(--2L3)c<#w(;vP&}
zeg1I*r^oZ_btiCwcO8!jEy5S8f+^WG_O;yZ{`lJBw-<epA@~Rt_To{()4qo<`jtd?
z*hi%d28f6!?&PH$<&?f*f=gKOG~Mssif_k3dphN|=X^$2Dy?67O_dv|W7tloFmav*
z)hSF4V(@0u_$Bt29J<6AuKU$^rQLMTo#(Z$D+WWh8tT@_g!k5%SG|pLx#5(L4<~n@
z(r?Qz{f<=vCGJN|S@mRBs*2^2H@k`F;dRsMc{*0Tx~MESbZ?*a*j|{E&&2FWoQ=Za
z`d+&lgl~>ypVrLT4ZdlFWT@KoS~^Y%cdoJF)rDqy584wWY*PzbX};5ok(W^kdds~u
z{BE$?8X(r3Tp3I98LIJIca=V23a`Uu%kgtSiBlZ+)`{*Zd=J1H7C*F|)Fy#V_cx>%
zOeWUscEy=w1e_A@e)OXhT>vpZ?eu=AojsxXvsc)7i;|z3p7~TUrBP$%54@=E?7Z`H
zCBcXI-^=P8H@26f(w|qozAt_Ti&7TU&Sjy%JqzbT=RL?B#H7yhvt8(&TFN5I_O_ma
z-1Xtd^{$80px)3WUC6`xNKfMfHdn19uJ_3MenDwNPvD4u@3hv)_!UgV6YN>06wzSB
z<<nTsg;2K=CH3zoP`4TBS#5*yF9OND5$Og~O=yJUVouf5{rg1aG2K%LziE|RxpS~K
z&w%L`&zHMf{On$t0*j}y$A61&u>AIYZK(_h+zz&x6YBO_hEGU^x27^iYre+W10@rn
zax2!2p(SN7@xGshB1IF*FU3Hn{2hH(j!*xKjBSmKzl<7hFXN+lG=ZSR1^5ija>Dn!
zm`$p_85*Z-89MER*18rSN`jFnd{(`&FRr$g<5>R5%W(d_O@-bN4U%-pW@WLqu-Sq|
zG~5#2F8{+p$WEdrL)$%0J>OPl_jr(u*=s7-ns{XlQX$Otv{=M?0VcxsbD<5l0X(pT
zHQ>q2LrP+t6Zdl8+}MEBSw;7VUYUYZnB6oQY*(IYFkbuZ4HvWfVVfTq<YCb1Gz@);
z!5QI82{cKC!|LCvcb9Gl&$F!MI*uu4Lf?;4#j={_0B%bhfQvRSy}V?=!XEy4!V25T
zQ6Jv+Hlnvu8yh&snVfOlsEfgWHqZ63>=ua4eIIiQXm^?#Q(N1U*jMYo1?(>e7`ory
z-x|#G|IsYGhxx#0ewJ`>@q(Y<9A#ME6t2?(L-`&fpXq_udFY18LMLUm*V=n|O&CSf
zVu$3*i97J;7pn&9UasbP*4T}W<;lI;O4}N8+8tb%-xvwlZ!i_gx_Ii~+>aim5Xiq6
z+8(e}Dc>Etyu6_EiFuD>dS@V0UZ7;-$~OL31@ER(G|A_|h5cIT@9P-$j@@0`^+6uR
zl8IvZS5qODSLS(=w8H(Vux0m%$&5Z&`orR?tM?b-%{;hBHd%w|=CnYgXl(NN<GHhY
zi_%>9x=mDa0=I3J>uQ4OwhsI5H<h-^%cQu=8qAsk#J2J?4{cY%v}#CL^giDbTIMPF
zdIf`wSyt&Tl0RO1%qaR^Th;#dLdEn;9XK-aCAV#uQI0OxcOXI0bZ-9N3t}_&{o=zK
z?hR^6r7-Q{CE>I8pPN#e52Npe>0iZ|$O}Q=OeTHxn>O<Mya?mht(&kmb+bl~2LJwv
zfi7kZthv+uy`22x{)-(XitaBv<6Xjz3QaMOZQC9y>kRKPKHWvtp4Zkz6VxTnE{s~+
zH+bNwru^hM^xH4V_UGZp9bs>RYE}XlH~8sOpU&oBKLi;$!Dh5r?NUd>kccV8+%oJX
z2G<${s^aOagF%b($?|HUQBNb5V?F+#PU61xL9dpK-$~OCu$VV(O6}v#dbPH2j><3f
z8cCl`F;LG<FT7VJr^LsPjho8QOgs+8?mfZU%EXVHa^WIOc5^mhSEmMYWp7e`|9<U`
zPh0Kx)y_>#hu!Y!y^htrE8AC-{Y@RSOAO#`*n$ZRb5<(<{&J^$rWR{>NeXee><{bO
zjg#%?C6M~qCieZjfRDFCdk2U6eOA()_B0)Lb{O_xVvurR(C;-%s5_}dG}%sh6V}#!
zsdi%g!mG6?4a~K=UPdhH_A36Xz;VTrHjUDbnuV+f{H&2lF}qP;sR9um*F9<~vj&Q_
zE!{&Ra@UdYC?78z!a3|{X)yc#vHa@{i_$_AhZ12Io-)W{seBU=R+KWRU@+W;qWFX^
zpM965n@4ADUKZj?@c~_^vX=icB;$*#S_An`<|-Z7w9;TLa<gZDtSi&i63#61oZ?{o
zbaH@6p8i8y1`8%Et}j``nr)y#>iTx~j9T~i6CRB=?SiEJY=n!u^6r?+?=7}Fg@a->
z^1II_wLv7eLZvG|-M?HV0<XHTyE)H-UFN}|7&8P+S;~0Ld<eJl%(!23<ITe}k|PSw
z%6@=(x*t`<&k3(e6v<K1;s8I+N*wyj+NYC8lT#^{aT-#td}Qb<Fy;PSftr*-cBu4j
zr3n_$;JDD)dD@wbJi}0V)`hfr2H6g*^0K@fxiUOzNNJE@=V5Mi{O1VDqZZU_WsiJn
z+>ZFCj5oPR=D%4xjTPqHTY~q}YweCj>@2=7q7Sm&=g(g&6G)D-^8cJswnI6&$?)uJ
z(NpQEvAfR$wAFl!ZIeeiBWd=Z$i;(Y{jDm66<6t<&F;?wBjnM!#O|c!{`-IVc##G}
zBaeTY5z@(9io*M)402pHQJtTUd|8oQ<8e9pnNhC+$|+vXxHm=1w1fkmcjjLTz|7|w
z1#a*B@|73Wl;QTz#vhbQ=Fm=x=D9Y%FTlbEirh!rlC!Ugpv?7nuH}T5T&glAPj8}#
z@)j()O=G}3QSS0Vi^MZp^2x%tLMFSnj%RZ}h-M#K$_-iX=;=dgV?DON9g)o%X=N^0
z4MpCT6PgYQY3e!)xqCF1mV8!Oa}<TH^}1L|i3tln@>1{cSTdw|lMz<#6f>4n6iT7W
z;}WH?9#CwUUh)d6-o%>09(RqQQ>GBzYWwOzRhD_$I~LB2f`MCD{J4u+c#SgUxOjKr
zaPiAx&-69XR;Dpl5u8%<i@H`kV>sgR2KLzHR;1Tm=)4$v>@o-HMMhJkLrBvKx2q}4
zQcjMEr_+MhSmso*ruH;!S}J-_<C{-m)#YT(pQ<OrtAPfa7e-8GPnlwH&L#=kaUb>G
zUI(EOmanVaj47)|u4<g1dRg+VChOQq+qrKq%4(gssgwk_LYZu6AYa7`++jDR?lTSy
z*A7DWrteiN50vSo*yhzEqB0BPug+EVPSp-R_56q)xL0|X(Iz>q!#q*nk7uI_%@FTp
zN+Xx`^T=x~KjML#G90Jxe|ht2$;Oc_XNYwC@w}IwtPGq>Tlf3n`jetL?)^F(n%bym
zN6xRi?%fd%tF=vy$vxFw>zLYS8^%@?S_M&=OLT~mh%ci<$KFo0eNBapDM+bS&W!i~
z$H|3l!reZ;$j#frx{lpsS7)Fko{#!q-Mjd}Z%jn5;^#0<;0)i~Cn>f5s^xbCYWHkw
zCCz`stETlf)f)C2<7!MF_7%d5pNe_~AFno#NcO_`iDWjxE{lr}T?@3~jkVUXS-Dh}
zS2}L|F{{-pOq(?>6YDo+p8mGBA%RC2r&UxX@>q!N*dR~lvLrKh*YBH?OpCSA*oD1P
z7;(q~T0A##ckN?YOds?~_Ch+uFVf4+B%S;=j3n>*T^;!9MgP&Qxs8NFHJ|0Qu`P+f
zM9jWwbf0JO{n92e=kM;qPLh8jWh;B<YtDmYKgu!3;U>y&wVoR%C68T{pKWd^XvJe5
znCza<S=)SOVCkau;Rm+>_YC4<cI(1|`r_c|`w^Vk;I*OEv((*fJzU3@9vLO`WGl}3
zkD@<B#3AMb%^!K_SZemSS5FApRb9O6etoh--AV6YC40P95;Rtl=reF*jC<VAe4B7;
zS@2ZXy}is)EM1uZS=mm`H`h`07=@Rppm!KGv#W?Ma;#wd?e7`s`cYl(xP7%mn7@*!
zadL{qH(1X3+5B~ebr@0DX>4b`Cw)Tii&+u*5^3wu<PhZ`Joh-y?Pa&pMKS+EhVZDW
zX~a#bY)raz6L-%wv50a6MC<Y+MBr^^^@eVm#iX|Sn(@zHZ&Y6UalS-v{_)V=?s~WP
z!&w4zUu`bRz61n2gT;M=$jrgGg`O$*r3)YBS~k|AcEZ0dqBrDP#@=i-y%)rN7!&u;
zt8i^4MvlE<5(#L#eX;I{@$JD|)eLA|NBZvfYvFY_e%dtiHSYvmBedqLQuACkH7e}x
zx&?hAd2dN)v}SoR???9&gsy1b4|lCRYC~8XZ?iIz+=wP{n~Bv|>;uZt<B0LF%7NoX
zIYK+$8lcFu_S`d6`3_BV;XREzOSN{%X`^@i3x9MQ%QSiwaKW?Wyc;L<dn}fS&WzN&
z@VeAp=J27JM0d&xVuNZ^K+#418dTDhhkvhDPSz7)(OQE|?+itws|aWPJSGJa<2I!r
zn>;F+_*P_)Evkl&?tEp{{bMfSCWy?KmrwYYJrFZFbKLG*!TI{kKK>+UAL3U(mh7_h
zxsB-i1{<V^b&_xY9@qsMKZz!vkDX4cS4%d(2+ETqcb;UtEzaA#ktZ<hIx&*)+Fn*d
z=cZIo?UF?1PiuMgkuBXg<o4xb(<PAd?7nY8wdl=HGi^3TNnDXr^ObV3=3hU%-08Yg
z&!AKi;)1Rj#3-muWs9%vkX|`~n@v&ma~GBjDG$m1D8zaiE8X3=o$L49ySvdmA$eeY
z7hR}ZAvgNc`&8Rl88&b9mSe!@0f9=J!~xHmUfYL-&Z<#MG-mHshXp9py*qu!exEO<
ztM1O}dH3p<5JBaPnV$;-b2DRw3@yJPjglH0yhWY*Rx7e^8h3Dp2@jaqRZVH)`tOsi
zpLCepq`L<^YXNX?5=Qa5HPXRbh9;I(UtQD2{{*er3vwJ*IA?l~i(g)7Y5@{E$SU78
zS<JF?{Y>{$tiIaWvN+a&sGmkCHjk|NGBAegQIL)JbY+w~B9u%=D2zB?2vLh}tYbp{
zuqg<^f<Z*6!vi%l@Ky{>%l!GWAZ!o@cH?hrO6mlT$|lJ?i*YW%^bT>Ilpz25H3gJT
zn4){}%G5ddai>PR^~R0mFZ3kf1^@vC<Lbq7$zPrf1&Fw?0OFMLaHt^Uqm)K7<@dW6
zC5l))8G`VSKVqp=Z0KanIzAap#-NX3D~N#c3XFq;>HlFiEIbY@Zi^W9ULBwOPwR>y
zW$XH$(jYr_`o~X0?%(DY_`+S%PaOMZn}-kZJF}N}Wom!0=ve#>vACTHn2v$_$dFdm
zOzyyaniON5^!+O2`?`Vi`)M!sDPvJs*0SW06)VER{LAwIlis=%UC*MziqG9(_bN30
zZghHIbb0jZYAsEQw^#AD^qX9&X8W>E%W#&u_Vcm3ZCW415_*7L#1nI*B>9e_*p@Qp
zz#Ed~47P3LX-s25Yh33{a5c!RocxZYrzVjBhQ|r31H<FQoi{}`uU$`N-I+EiK)xQz
zVS3!u>C%;;rM`DhH&GB*E|8I*(^N5vdam;LwwkA)O=5Kd-UOLu&a4yu5Y*jF9myH2
zS8K--qm>acK`l#N5MkT?ep4qY`gDAWEV$&qzq@p3ME|<V`n8gX4e6#A7M-(Q=LE<?
zL{g-$LE-v0gf%~jMABvyMx_9I<NVdK;SvZj9v3E_lyS^OyWKC)_EweS=Ob?B?vbu(
zS}@Bw#V0!R22(CFwZ}qsvZ0H4Hol9Q>m8Ou^8>6c9^U81KgP8d2zK4W#<8{7G8l-D
zlz^M=?yWP24$e;>6j-M*16rQ!t#GQN{G_+Hk++$=5Eey{8ReSE5^Udz!PLjT&zQ3m
zvYDW_DCFcKYB~Dge&$zUr|GJ@7<<u+bJ+rsG?z=6nxo)1neLd=Y=3z9*j5gb^;%#!
zH_4G-6R|LSXAzhgpZ~qbo%tyS(Z10UYeAJhKR#>6c(NSjjO0tJ2*(scpBT*ABe`S|
zQ)#h2mlr3M82qw6TieDltFpBhp}t{UDR3st!vapc*K|@uD<|iXRWS$}Bm+Bocyv3f
zj~BR);6HfI!Ixo|*=@-&@iV2xFEYIEb~Ar$Y#{nC!<6AO<5Xdw(Zf%fk6+ObWJA4S
zPF^{r2B@;}zrLwgac4bxZcFie*_zF3ux~90Z>t9!hiB$lF1PB?_h&7~R^HXzQYmZ*
zHpogWa9dYS7=85L>nxXb;x;r8u@djf+$^pl##08FLBwfU26vuFv`vo6XuZU|{CX)5
zn)Cc>D$>hv{I=RUZ&^!fqfC))-z9fAL#$Yf&1)$8IavC1GSBVpYrQO184ifNVadh3
zL8T%YiK@%5AL8x)>nyRboNzEO&+TMUKs67aMNf#bOU=baVRbCeI~?57`u1(2(U?4B
zMXVQ1#is%7RTEKNtWR-d*E^9@jv^x^pN)BQy1%qeD0#T2^O$w11x908$!E7dd#k4k
zEWXSB!Sdtc6PH`Z)0up;x+?$6#6FGf<5c-b<GLb9w)-*Vv2z51;7if89s2g?;7&(?
znaQTO>Yd03mmlUM+dT`<LjtGqe~fkTqzSc@t@_~rD-(IeRa=6S`fthlAC>vHM?<Wa
z7Pig`VxWI&iT_d1hbQ%aT+UxU!~ZDM-%}7P#n%TOPu}XuXniaDb*$ANd$FqbpB~%q
zZ?0bE_2l!jv}}aP`tOu~_)#C|wy$hQ0(Ve06lf!>amx@GR%SLZ#H>kN)4v-ZsrH@+
z4VS(9bX~Sgx1wiZPrxg)rrAX<`@h!v4i&a;zkYG=v$=3=kVOeYI`P2mAX*#?ZBnkA
z;%xjHKn#`L)@?<cIU?Q4)-2L8sS?T7xKZJ2@Go_>j^6$jw^!puMYu%3LrwkH!^XTP
zbZggr#xUqrSz#z?6qI#7*|#*IT_g1Bvv}IOM#%Kmmmy!TFr%o;h<Lc%!pkhXWObz+
zNqDRirmP*{3A|)wRw|%ORRj_Kdcgpm?s*|H54yUll@1}N7BtVB(6eM3PUx1jJ+0D!
zqQhmywb_1-p$0DA6!)tKcEu3xi5SPH)-NJ$??h{tNT2QMD()4NtMKAakuq}3d%JL<
zy0T4f4r23HiAy@h#Y6`6$5G51rCyj|Ns$^mu`Gy(_;w4D%{G9@z{?25k~-Jo+D_#b
zmqrc$FFA!;TIspVwTqI_nOYi}k9Ix$+{)r^ci<eJqJ5HFQzeM<R^WaLkkJ&eW}vVk
z3b%5m*;fZk`bl!MMd*G!%RJU)w}37zXF-3OC{LtRq(|9KEj30xNfk}HGM5?O=&$UF
zxOTbH=V%vf_2ml_;}c%%T$)Xjr^#=*jW5`mCMh{IHmln$yF5Pg5(zB%-=2A1oOKu{
zI3dk~!=8L24Zbw43h+E;lv5OBgDn$^vw@MXKq{kdqZX~P@bv_R?j&uJG4Dp^_P}kc
z8AKOXX?jFO0VK5sKXPr=8?mWIh)uZBV8?dHDNXNMwwns?wn%Wor)~U_!?cYQxrF*M
zo*!p0O;0uH!(+OXNBg|GvE@47N_s{garI3PY}IPfYn$~-diAS0xW=ma`2}RcQ@w;+
z72^ZBW2&m+))mQR3ceYV-@?Lb+KR|MRA#NXaR%Y?vLP1@*pR+Yt(!Y<b$HeN&@z~9
zc}JCRlUK5N?|l-pSol-~jw9UZ$%}->zp%17@k!7>mY~XsL$HGtYuqdQL4t$foo9Rb
z<xPqV-I2<1ij2beO<ee@?PdhVTMVhtE>k;Hl}C@Lu+zKCvW{hH<~I6>l=-nqh)PYP
zBCFHxRsP6xs#~=~V0vTm`xEN{sdG)RJAyb8ncQ@qG}V>bxwQ64M0{X$(1^hZiLW&u
zLb~$p_QGex`1UiC8b%{wJi2k9W|`$j%?+7pzx8J_@rG8peW$W6$~troa5g`KrPvBo
z)xXq64u>`%SZ}JI^^n2bkFR*T-WG1nb5_EzX7b{)f95Ci&|dFm#Cx8Lo$9Mq&suMZ
z&HD|jx#d#a?$O=O%DKyJz}!u<+TN}abeQz<98)wf;)iFwQXVPx&HKSBwBROWgIdgF
z;)vucvJ9VDk}W4I_{N-ZyUQFIUNZ9OmS<S_W+G)7FOlxEfSn<itzhA5(C}#z?Mp69
z79u=SnWl0~hoco;Vw<X3DLj|%K^-%EMXZwbtKo;}WAKE+@5M6YnvzbpVpOE7JuPoG
zckB46UE1oPaGhoucSeke?cI?uFSgZV|2lB;YXhD6)NboluSM7T*UbuU9)SY@oxKR_
z_k^Xn{uXvrOc(lc{v>eb-u%}6mD}{6#)nf3%6La&?p*y*1GQWhgraIMZ^qD<sWB9{
z)~rBq#yQa*;k$`x;&|%7s;6a>R%}KhJ-2X@+-A7(%V0a5>8P-r8bh|iPy{_G#bv4x
zL~52_wEN9Slghc~nj3vPGj#q^Jp$zD1<NnDCDySc4sAoL>eKm*>dSEy(lr;oys<0o
zs-n1l6}nreJ$rm_<yki-F8`nItu&~qD+)g?5ky;zTEsvHHP$7VSYSXzP(&6>6#@hz
zfq+VbvL_%?A{IzzKp=?9U@1@}p+I~I1dx;ninsu>iBUre0>&U1!Y+;AhP^SCL8a4~
z{_Okl<}G*LIrpA3=biI?_gI+J<OE641vumK*fYf|PF<uA_~uL*HLNUAhV)oGcTM9q
z5wLyu6DGdQ{im9H_a_JLW#;a9i5KQh5wMe48z0O~Hi8E_Wm-qH#nt*=wMoh0_hdT?
zJ6?J!Y6#t2pSzgosgcmCqVYBt!Z?Z6r`L_(i($F!y4i}h$lqy|$?vVl!jtO*y+`af
zm$vVgP{~bwxPlhp)-D*C*|YDf9vij^Zj2VZEKS-R<V|XwGCOja$J=|eA(1f@`siq3
zP-BMZ&%>?xxFEc4UakGWS^vhK-lB}D$8KxW(Lt*<*K@89mzAC!)Ue_O?z#WQ?IiP}
z!1!jjalknpUhpl`iTItY?8Ih;Aoz!yua3r?yS%e1eRI=r-bVrIzE5X65_WN(x+ZK1
zTdH!oiM~~F1Sgk=b@qcB&_%y#@cicf)+IKqm!grUO%FjBu7g9QY&(uaG{9&lW^?96
z+G72N1VkA|U$_Ygi+=qSsa(L*UiG!~*$2pOj<$HL`%PC_1@$g{CQex#20H#v0#7N!
zsAz|wxj=5HIl*wo@Bv5xEDS$|y#Y2DTAi;qyvvToF`#T4zfgOos(Yp+Fp8Fz5&3#z
zX(rZI;CYe8lp2&Cy2=S4anJh_Vk9-k(w%6X{&0;%Ax6Aioo>a`wKlp+-#Yq}_sV#W
z$7~HB-?@l5HwRzh12c$$qRS5u{caMjl%DJY7vxJ$@tx~s&oRPYv#<e%xkBJNj_E%{
zY{-%=f@vuou~!0Jw&-x_RZW*HQDCjPH$G+_h}&2sguT0?7e$hz6B}J=ZYw~Sx122$
zOEQtcWY0%(Icwi%=kJXc3>f4@a*lT*(gS)^=z*cFj{0z7+F<`gdV|U?RM&+#{@lDt
zpumqvvv;*9HLoB&u@&Xot{3(QmW<YTd)=Ti4bXctBm7aW%c9d6iDD8K=Aok6Q!y5V
zr-%GajFVnTbrA<Wgqs%pESZ}Yk-|B;6xX;??jM_HvWUhWKDuV^xTx*6yiK>@h8S^h
zWQ3<F2<m)Ao+F+T(h}Ht|BRkhb&WJMnFKrZ6thVDm;*$ZXP)=uAM9LWN#O5RE}pam
z)$TlQfP}|Xn?MRbQB0k$&9eyV5_2ANswuDe%)w__zQv3U(O*xOZ*<>3c+T|6ylb(J
zaA7G61u;{XQ)50T{gsJ|X>|LHzlg3hjQJ5zXN1Aqs5oR7A_^%Gu~ByZ*wN~p%A_K4
zAMLQ{n*1T<^TLWo+NJ5pj-WAPvLT=Cq$6vV%YMmSJg>V*=z9ci97d(KQ?YjWX(2ma
z;dB*K>&fcs^a!n#`+iXeGi{4dk`o3Z2Q<W$RxB~rY@)a{Ofnfp1zurs5#4Nvmx6PO
zov4@eUu)h$t%ny+n%yRDe-phH5Nh0+iExA~g}l*MGlZy!^5dL7z$Io{-xw{B>2L2m
z50hWtQJ(I^H8%FKD-<47e@X}u9&UT#VZ~S#O<uycPAb#{P1(?aFF|=Pc#a>b%#93p
zE+cWNTt-KATL{O~6dO>ZlNWADkKHy2>$yKG?zm3&xsxFZ4zacs__e2j?Kx0<DF`Bb
zkE9?(msVj)#mp5+LWdGl^UQ{G=VV`BSV=@03HILt7j{$+*9J-L%_6<{9w)+`M|#%8
z#g>q%-=!bl03rnh9ZLf|DR8L*<U6IvXfQ!_K@CCq!Lz*Q-y_wG>U;6(as;$~-!+>>
zD!{;M2f(wb3l9jgk!XqK>S_bLlA{0vs&+(h_iw_;mW0WuB0xz45%FKB=9`+R(izHH
zhtKzWr#?h<$hQH)R8LEpHVJ_81%n}<)d>rM9MDb+2~8Fv0E)5*Tv90-+JMIes|QJ&
zwN?VPKwmLbmx)yGN&!NQ(Et6zL*KKqx7JR}QfE&?a{h8`d~fcCcZxvYtO1)<REMKl
jGl;tWfAHW%lgo@@F6()AIqqnyYIfh+JKL4o9%TFl|C+}~

literal 0
HcmV?d00001

diff --git a/test/integration/connect/envoy/docs/windows-testing-architecture.md b/test/integration/connect/envoy/docs/windows-testing-architecture.md
new file mode 100644
index 000000000000..73a29e4f17bf
--- /dev/null
+++ b/test/integration/connect/envoy/docs/windows-testing-architecture.md
@@ -0,0 +1,106 @@
+# Windows Testing Architecture
+
+## Index
+
+- [About](#about)
+- [Testing Architectures](#testing-architectures)
+  - [Linux Test Architecture](#linux-test-architecture)
+  - [Replicating the Linux Test Architecture on Windows](#replicating-the-linux-test-architecture-on-windows)
+  - [Single Container Test Architecture](#single-container-test-architecture)
+    - [Docker Image Components](#docker-image-components)
+      - Main Components:
+        - [Bats](#bats)
+        - [Fortio](#fortio)
+        - [Jaegertracing](#jaegertracing)
+        - [Openzipkin](#openzipkin)
+        - [Socat](#socat)
+      - Additional tools:
+        - [Git Bash](#git-bash)
+        - [JQ](#jq)
+        - [Netcat](#netcat)
+        - [Openssl](#openssl)
+
+## About
+
+The purpose of this document is not only to explain why the testing architecture is different on Windows but also to describe how the Single Container test architecture is composed.
+
+## Testing Architectures
+
+### Linux Test Architecture
+
+On Linux, tests take advantage of the Host network feature (only available for Linux containers). This means that every container within the network shares the host’s networking namespace. The network stack for every container that uses this network mode won’t be isolated from the Docker host and won’t get their own IP address.  
+
+![linux-architecture](./img/linux-arch.png)
+
+Every time a test is run, a directory called workdir is created, here all the required files to run the tests are copied. Then this same directory is mounted as a **named volume**, a container with a Kubernetes pause image tagged as *envoy_workdir_1* is run to keep the volume accessible as other containers start while running the tests. Linux containers allow file system operations on runtime unlike Windows containers.  
+
+### Replicating the Linux Test Architecture on Windows
+
+As we previously mentioned, on Windows there is no Host networking feature, so we went with NAT network instead. The main consequences of this is that now each container has their own networking stack (IP address) separated from each other, they can communicate among themselves using Docker's DNS feature (using the containers name) but no longer through localhost.  
+Another problem we are facing while sticking to this architecture, is that configuration files assume that every service (services run by fortio and Envoy's sidecar proxy service) are running in localhost. Though we had some partial success on modifying those files on runtime still we are finding issues related to this.
+Test's assertions are composed of either function calls or curl executions, we managed this by mapping those calls to the corresponding container name.
+
+![windows-linux-architecture](./img/windows-linux-arch.png)
+
+Above, the failing connections are depicted. We kept the same architecture as on Linux and worked around trying to solve those connectivity issues.  
+Finally, after serveral tries, it was decided that instead of replicating the Linux architecture on Windows, it was more straightforward just to have a single container with all the required components to run the tests. This **single container** test architecture is the approach that works best on Windows.
+
+## Single Container Test Architecture
+
+As mentioned above, the single container approach, means building a Windows Docker image not only with Consul and Envoy, but also with all the tools required to execute the existing Envoy integration tests.  
+
+![windows-linux-singlecontainer](./img/windows-singlecontainer.png)
+
+Below you can find a list and a brief description of those components.  
+
+### Docker Image Components
+
+The Docker image used for the Consul - Envoy integration tests has several components needed to run those tests.
+
+- Main Components:
+  - [Bats](#bats)
+  - [Fortio](#fortio)
+  - [Jaegertracing](#jaegertracing)
+  - [Openzipkin](#openzipkin)
+  - [Socat](#socat)
+- Additional tools:
+  - [Git Bash](#git-bash)
+  - [JQ](#jq)
+  - [Netcat](#netcat)
+  - [Openssl](#openssl)
+
+#### Bats
+
+BATS stands for Bash Automated Testing System and is the one in charge of executing the tests.
+
+#### Fortio
+
+Fortio is a microservices (http, grpc) load testing library, command line tool, advanced echo server, and web UI. It is used to run the services registered into Consul during the integration tests.
+
+#### Jaegertracing
+
+Jaeger is open source software for tracing transactions between distributed services. It's used for monitoring and troubleshooting complex microservices environments. It is used along with Openzipkin in some test cases.
+
+#### Openzipkin
+
+Zipkin is also a tracing software.
+
+#### Socat
+
+Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them. On this integration tests it is used to redirect Envoy's stats. There is no official Windows version. We are using this unofficial release available [here](https://github.com/tech128/socat-1.7.3.0-windows).
+
+#### Git Bash
+
+This tool is only used in Windows tests, it was added to the Docker image to be able to use some Linux commands during test execution.  
+
+#### JQ
+
+Jq is a lightweight and flexible command-line JSON processor. It is used in several tests to modify and filter JSON outputs.
+
+#### Netcat
+
+Netcat is a simple program that reads and writes data across networks, much the same way that cat reads and writes data to files.
+
+#### Openssl
+
+Open SSL is an all-around cryptography library that offers open-source application of the TLS protocol. It is used to verify that the correct tls certificates are being provisioned during tests.
diff --git a/test/integration/connect/envoy/helpers.windows.bash b/test/integration/connect/envoy/helpers.windows.bash
new file mode 100644
index 000000000000..2e4a5d4fac2b
--- /dev/null
+++ b/test/integration/connect/envoy/helpers.windows.bash
@@ -0,0 +1,1192 @@
+#!/bin/bash
+
+CONSUL_HOSTNAME=""
+MOD_ARG=""
+
+function split_hostport {
+  local HOSTPORT="$@"
+
+  if [[ $HOSTPORT == *":"* ]]; then
+    MOD_ARG=$( <<< $HOSTPORT  sed 's/:/ /' )
+  fi
+}
+
+function get_consul_hostname {
+  local DC=${1:-primary}
+
+  [[ $XDS_TARGET = "client" ]] && CONSUL_HOSTNAME="consul-$DC-client" || CONSUL_HOSTNAME="consul-$DC"
+}
+
+# retry based on
+# https://github.com/fernandoacorreia/azure-docker-registry/blob/master/tools/scripts/create-registry-server
+# under MIT license.
+function retry {
+  local n=1
+  local max=$1
+  shift
+  local delay=$1
+  shift
+
+  local errtrace=0
+  if grep -q "errtrace" <<<"$SHELLOPTS"
+  then
+    errtrace=1
+    set +E
+  fi
+
+  if [[ $1 == "curl" ]]; then
+    set -- "${@}" -m 10
+  elif [[ $1 == "nc" ]]
+  then
+    split_hostport $3
+    set -- "${@:1:2}" $MOD_ARG "${@:4}"
+  fi
+
+  # This if block, was added to check if curl is being executed directly on a test, 
+  # if so, we replace the url parameter with the correct one.
+
+  for ((i=1;i<=$max;i++))
+  do
+    if "$@"
+    then
+      if test $errtrace -eq 1
+      then
+        set -E
+      fi
+      return 0
+    else
+      echo "Command failed. Attempt $i/$max:"
+      sleep $delay
+    fi
+  done
+
+  if test $errtrace -eq 1; then
+    set -E
+  fi
+  return 1
+}
+
+function retry_default {
+  local DEFAULT_TOTAL_RETRIES=5
+  set +E
+  ret=0
+  retry $DEFAULT_TOTAL_RETRIES 1 "$@" || ret=1
+  set -E
+  return $ret
+}
+
+function retry_long {
+  retry 30 1 "$@"
+}
+
+function is_set {
+   # Arguments:
+   #   $1 - string value to check its truthiness
+   #
+   # Return:
+   #   0 - is truthy (backwards I know but allows syntax like `if is_set <var>` to work)
+   #   1 - is not truthy
+
+   local val=$(tr '[:upper:]' '[:lower:]' <<<"$1")
+   case $val in
+      1 | t | true | y | yes)
+         return 0
+         ;;
+      *)
+         return 1
+         ;;
+   esac
+}
+
+function get_cert {
+  local HOSTPORT=$1
+  local SERVER_NAME=$2
+  local CA_FILE=$3
+  local SNI_FLAG=""
+  if [ -n "$SERVER_NAME" ]; then
+    SNI_FLAG="-servername $SERVER_NAME"
+  fi
+  CERT=$(openssl s_client -connect $HOSTPORT $SNI_FLAG -showcerts </dev/null)
+  openssl x509 -noout -text <<<"$CERT"
+}
+
+function assert_proxy_presents_cert_uri {
+  local HOSTPORT=$1
+  local SERVICENAME=$2
+  local DC=${3:-primary}
+  local NS=${4:-default}
+  local PARTITION=${5:default}
+
+  CERT=$(retry_default get_cert $HOSTPORT)
+
+  echo "WANT SERVICE: ${PARTITION}/${NS}/${SERVICENAME}"
+  echo "GOT CERT:"
+  echo "$CERT"
+
+  if [[ -z $PARTITION ]] || [[ $PARTITION = "default" ]]; then
+    echo "$CERT" | grep -Eo "URI:spiffe://([a-zA-Z0-9-]+).consul/ns/${NS}/dc/${DC}/svc/$SERVICENAME"
+  else
+    echo "$CERT" | grep -Eo "URI:spiffe://([a-zA-Z0-9-]+).consul/ap/${PARTITION}/ns/${NS}/dc/${DC}/svc/$SERVICENAME"
+  fi
+}
+
+function assert_dnssan_in_cert {
+  local HOSTPORT=$1
+  local DNSSAN=$2
+  local SERVER_NAME=${3:-$DNSSAN}
+
+  CERT=$(retry_default get_cert $HOSTPORT $SERVER_NAME)
+
+  echo "WANT DNSSAN: ${DNSSAN} (SNI: ${SERVER_NAME})"
+  echo "GOT CERT:"
+  echo "$CERT"
+
+  echo "$CERT" | grep -Eo "DNS:${DNSSAN}"
+}
+
+function assert_cert_signed_by_ca {
+  local CA_FILE=$1
+  local HOSTPORT=$2
+  local DNSSAN=$3
+  local SERVER_NAME=${4:-$DNSSAN}
+  local SNI_FLAG=""
+  if [ -n "$SERVER_NAME" ]; then
+    SNI_FLAG="-servername $SERVER_NAME"
+  fi
+
+  # Fix in the CA_FILE parameter: for Windows environments, the root path starts with "/c"
+  CERT=$(openssl s_client -connect $HOSTPORT $SNI_FLAG -CAfile "/c/$CA_FILE" -showcerts </dev/null)
+
+  echo "GOT CERT:"
+  echo "$CERT"
+
+  echo "$CERT" | grep 'Verify return code: 0 (ok)'
+}
+
+function assert_cert_has_cn {
+  local HOSTPORT=$1
+  local CN=$2
+  local SERVER_NAME=${3:-$CN}
+
+  CERT=$(openssl s_client -connect $HOSTPORT -servername $SERVER_NAME -showcerts </dev/null 2>/dev/null)
+
+  echo "WANT CN: ${CN} (SNI: ${SERVER_NAME})"
+  echo "GOT CERT:"
+  echo "$CERT"
+
+  echo "$CERT" | grep "CN = ${CN}"
+}
+
+function get_upstream_endpoint {
+  local HOSTPORT=$1
+  local CLUSTER_NAME=$2
+  run curl -s -f "http://${HOSTPORT}/clusters?format=json"
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output "
+.cluster_statuses[]
+| select(.name|startswith(\"${CLUSTER_NAME}\"))"
+}
+
+function assert_upstream_missing_once {
+  local HOSTPORT=$1
+  local CLUSTER_NAME=$2
+
+  run get_upstream_endpoint $HOSTPORT $CLUSTER_NAME
+  [ "$status" -eq 0 ]
+  echo "$output"
+  [ "" == "$output" ]
+}
+
+function assert_upstream_missing {
+  local HOSTPORT=$1
+  local CLUSTER_NAME=$2
+  run retry_long assert_upstream_missing_once $HOSTPORT $CLUSTER_NAME
+  echo "OUTPUT: $output $status"
+
+  [ "$status" -eq 0 ]
+}
+
+function assert_envoy_version {
+  local ADMINPORT=$1
+  run retry_default curl -f -s localhost:$ADMINPORT/server_info
+  [ "$status" -eq 0 ]
+  # Envoy 1.8.0 returns a plain text line like
+  # envoy 5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/DEBUG live 3 3 0
+  # Later versions return JSON.
+  if (echo $output | grep '^envoy'); then
+    VERSION=$(echo $output | cut -d ' ' -f 2)
+  else
+    VERSION=$(echo $output | jq -r '.version')
+  fi
+  echo "Status=$status"
+  echo "Output=$output"
+  echo "---"
+  echo "Got version=$VERSION"
+  echo "Want version=$ENVOY_VERSION"
+
+  # 1.20.2, 1.19.3 and 1.18.6 are special snowflakes in that the version for
+  # the release is reported with a '-dev' suffix (eg 1.20.2-dev).
+  if [ "$ENVOY_VERSION" = "1.20.2" ]; then
+    ENVOY_VERSION="1.20.2-dev"
+  elif [ "$ENVOY_VERSION" = "1.19.3" ]; then
+    ENVOY_VERSION="1.19.3-dev"
+  elif [ "$ENVOY_VERSION" = "1.18.6" ]; then
+    ENVOY_VERSION="1.18.6-dev"
+  fi
+
+  echo $VERSION | grep "/$ENVOY_VERSION/"
+}
+
+function assert_envoy_expose_checks_listener_count {
+  local HOSTPORT=$1
+  local EXPECT_PATH=$2
+
+  # scrape this once
+  BODY=$(get_envoy_expose_checks_listener_once $HOSTPORT)
+  echo "BODY = $BODY"
+
+  CHAINS=$(echo "$BODY" | jq '.active_state.listener.filter_chains | length')
+  echo "CHAINS = $CHAINS (expect 1)"
+  [ "${CHAINS:-0}" -eq 1 ]
+
+  RANGES=$(echo "$BODY" | jq '.active_state.listener.filter_chains[0].filter_chain_match.source_prefix_ranges | length')
+  echo "RANGES = $RANGES (expect 3)"
+  # note: if IPv6 is not supported in the kernel per
+  # agent/xds:kernelSupportsIPv6() then this will only be 2
+  [ "${RANGES:-0}" -eq 3 ]
+
+  HCM=$(echo "$BODY" | jq '.active_state.listener.filter_chains[0].filters[0]')
+  HCM_NAME=$(echo "$HCM" | jq -r '.name')
+  HCM_PATH=$(echo "$HCM" | jq -r '.typed_config.route_config.virtual_hosts[0].routes[0].match.path')
+  echo "HCM = $HCM"
+  [ "${HCM_NAME:-}" == "envoy.filters.network.http_connection_manager" ]
+  [ "${HCM_PATH:-}" == "${EXPECT_PATH}" ]
+}
+
+function get_envoy_expose_checks_listener_once {
+  local HOSTPORT=$1
+  run curl -m 5 -s -f $HOSTPORT/config_dump
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output '.configs[] | select(.["@type"] == "type.googleapis.com/envoy.admin.v3.ListenersConfigDump") | .dynamic_listeners[] | select(.name | startswith("exposed_path_"))'
+}
+
+function get_envoy_public_listener_once {
+  local HOSTPORT=$1
+  run curl -s -f $HOSTPORT/config_dump
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output '.configs[] | select(.["@type"] == "type.googleapis.com/envoy.admin.v3.ListenersConfigDump") | .dynamic_listeners[] | select(.name | startswith("public_listener:"))'
+}
+
+function assert_envoy_http_rbac_policy_count {
+  local HOSTPORT=$1
+  local EXPECT_COUNT=$2
+
+  GOT_COUNT=$(get_envoy_http_rbac_once $HOSTPORT | jq '.rules.policies | length')
+  echo "GOT_COUNT = $GOT_COUNT"
+  [ "${GOT_COUNT:-0}" -eq $EXPECT_COUNT ]
+}
+
+function get_envoy_http_rbac_once {
+  local HOSTPORT=$1
+  run curl -m 5 -s -f $HOSTPORT/config_dump
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output '.configs[2].dynamic_listeners[].active_state.listener.filter_chains[0].filters[0].typed_config.http_filters[] | select(.name == "envoy.filters.http.rbac") | .typed_config'
+}
+
+function assert_envoy_network_rbac_policy_count {
+  local HOSTPORT=$1
+  local EXPECT_COUNT=$2
+
+  GOT_COUNT=$(get_envoy_network_rbac_once $HOSTPORT | jq '.rules.policies | length')
+  echo "GOT_COUNT = $GOT_COUNT"
+  [ "${GOT_COUNT:-0}" -eq $EXPECT_COUNT ]
+}
+
+function get_envoy_network_rbac_once {
+  local HOSTPORT=$1
+  run curl -m 5 -s -f $HOSTPORT/config_dump
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output '.configs[2].dynamic_listeners[].active_state.listener.filter_chains[0].filters[] | select(.name == "envoy.filters.network.rbac") | .typed_config'
+}
+
+function get_envoy_listener_filters {
+  local HOSTPORT=$1
+  run retry_default curl -s -f $HOSTPORT/config_dump
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output '.configs[2].dynamic_listeners[].active_state.listener | "\(.name) \( .filter_chains[0].filters | map(.name) | join(","))"'
+}
+
+function get_envoy_http_filter {
+  local HOSTPORT=$1
+  local FILTER_NAME=$2
+  run retry_default curl -s -f $HOSTPORT/config_dump
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output ".configs[2].dynamic_listeners[] | .active_state.listener.filter_chains[].filters[] | select(.name == \"envoy.filters.network.http_connection_manager\") | .typed_config.http_filters[] | select(.name == \"${FILTER_NAME}\")"
+}
+
+function get_envoy_http_filters {
+  local HOSTPORT=$1
+  run retry_default curl -s -f $HOSTPORT/config_dump
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output '.configs[2].dynamic_listeners[].active_state.listener | "\(.name) \( .filter_chains[0].filters[] | select(.name == "envoy.filters.network.http_connection_manager") | .typed_config.http_filters | map(.name) | join(","))"'
+}
+
+function get_envoy_dynamic_cluster_once {
+  local HOSTPORT=$1
+  local NAME_PREFIX=$2
+  run curl -m 5 -s -f $HOSTPORT/config_dump
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output ".configs[] | select (.[\"@type\"] == \"type.googleapis.com/envoy.admin.v3.ClustersConfigDump\") | .dynamic_active_clusters[] | select(.cluster.name | startswith(\"${NAME_PREFIX}\"))"
+}
+
+function assert_envoy_dynamic_cluster_exists_once {
+  local HOSTPORT=$1
+  local NAME_PREFIX=$2
+  local EXPECT_SNI=$3
+  BODY="$(get_envoy_dynamic_cluster_once $HOSTPORT $NAME_PREFIX)"
+  [ -n "$BODY" ]
+
+  SNI="$(echo "$BODY" | jq --raw-output ".cluster.transport_socket.typed_config.sni | select(. | startswith(\"${EXPECT_SNI}\"))")"
+  [ -n "$SNI" ]
+}
+
+function assert_envoy_dynamic_cluster_exists {
+  local HOSTPORT=$1
+  local NAME_PREFIX=$2
+  local EXPECT_SNI=$3
+  run retry_long assert_envoy_dynamic_cluster_exists_once $HOSTPORT $NAME_PREFIX $EXPECT_SNI
+  [ "$status" -eq 0 ]
+}
+
+function get_envoy_cluster_config {
+  local HOSTPORT=$1
+  local CLUSTER_NAME=$2
+  run retry_default curl -s -f $HOSTPORT/config_dump
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output "
+    .configs[1].dynamic_active_clusters[]
+    | select(.cluster.name|startswith(\"${CLUSTER_NAME}\"))
+    | .cluster
+  "
+}
+
+function get_envoy_stats_flush_interval {
+  local HOSTPORT=$1
+  run retry_default curl -s -f $HOSTPORT/config_dump
+  [ "$status" -eq 0 ]
+  #echo "$output" > /workdir/s1_envoy_dump.json
+  echo "$output" | jq --raw-output '.configs[0].bootstrap.stats_flush_interval'
+}
+
+# snapshot_envoy_admin is meant to be used from a teardown scriptlet from the host.
+function snapshot_envoy_admin {
+  local HOSTPORT=$1
+  local ENVOY_NAME=$2
+  local DC=${3:-primary}
+  local OUTDIR="${LOG_DIR}/envoy-snapshots/${DC}/${ENVOY_NAME}"
+
+  mkdir -p "${OUTDIR}"
+  docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/config_dump" > "${OUTDIR}/config_dump.json"
+  docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/clusters?format=json" > "${OUTDIR}/clusters.json"
+  docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/stats" > "${OUTDIR}/stats.txt"
+  docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/stats/prometheus"  > "${OUTDIR}/stats_prometheus.txt"
+}
+
+function reset_envoy_metrics {
+  local HOSTPORT=$1
+  curl -m 5 -s -f -XPOST $HOSTPORT/reset_counters
+  return $?
+}
+
+function get_all_envoy_metrics {
+  local HOSTPORT=$1
+  curl -m 5 -s -f $HOSTPORT/stats
+  return $?
+}
+
+function get_envoy_metrics {
+  local HOSTPORT=$1
+  local METRICS=$2
+
+  get_all_envoy_metrics $HOSTPORT | grep "$METRICS"
+}
+
+function assert_upstream_has_endpoint_port {
+  local HOSTPORT=$1
+  local CLUSTER_NAME=$2
+  local PORT_VALUE=$3
+
+  run retry_long assert_upstream_has_endpoint_port_once $HOSTPORT $CLUSTER_NAME $PORT_VALUE
+  [ "$status" -eq 0 ]
+}
+
+function get_upstream_endpoint_in_status_count {
+  local HOSTPORT=$1
+  local CLUSTER_NAME=$2
+  local HEALTH_STATUS=$3
+  run curl -m 5 -s -f "http://${HOSTPORT}/clusters?format=json"
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output "
+.cluster_statuses[]
+| select(.name|startswith(\"${CLUSTER_NAME}\"))
+| [.host_statuses[].health_status.eds_health_status]
+| [select(.[] == \"${HEALTH_STATUS}\")]
+| length"
+}
+
+function assert_upstream_has_endpoints_in_status_once {
+  local HOSTPORT=$1
+  local CLUSTER_NAME=$2
+  local HEALTH_STATUS=$3
+  local EXPECT_COUNT=$4
+
+  GOT_COUNT=$(get_upstream_endpoint_in_status_count $HOSTPORT $CLUSTER_NAME $HEALTH_STATUS)
+
+  [ "$GOT_COUNT" -eq $EXPECT_COUNT ]
+}
+
+function assert_upstream_has_endpoints_in_status {
+  local HOSTPORT=$1
+  local CLUSTER_NAME=$2
+  local HEALTH_STATUS=$3
+  local EXPECT_COUNT=$4
+  run retry_long assert_upstream_has_endpoints_in_status_once $HOSTPORT $CLUSTER_NAME $HEALTH_STATUS $EXPECT_COUNT
+  [ "$status" -eq 0 ]
+}
+
+function assert_envoy_metric {
+  set -eEuo pipefail
+  local HOSTPORT=$1
+  local METRIC=$2
+  local EXPECT_COUNT=$3
+
+  METRICS=$(get_envoy_metrics $HOSTPORT "$METRIC")
+
+  if [ -z "${METRICS}" ]; then
+    echo "Metric not found" 1>&2
+    return 1
+  fi
+
+  GOT_COUNT=$(awk -F: '{print $2}' <<<"$METRICS" | head -n 1 | tr -d ' ')
+
+  if [ -z "$GOT_COUNT" ]; then
+    echo "Couldn't parse metric count" 1>&2
+    return 1
+  fi
+
+  if [ $EXPECT_COUNT -ne $GOT_COUNT ]; then
+    echo "$METRIC - expected count: $EXPECT_COUNT, actual count: $GOT_COUNT" 1>&2
+    return 1
+  fi
+}
+
+function assert_envoy_metric_at_least {
+  set -eEuo pipefail
+  local HOSTPORT=$1
+  local METRIC=$2
+  local EXPECT_COUNT=$3
+
+  METRICS=$(get_envoy_metrics $HOSTPORT "$METRIC")
+
+  if [ -z "${METRICS}" ]; then
+    echo "Metric not found" 1>&2
+    return 1
+  fi
+
+  GOT_COUNT=$(awk -F: '{print $2}' <<<"$METRICS" | head -n 1 | tr -d ' ')
+
+  if [ -z "$GOT_COUNT" ]; then
+    echo "Couldn't parse metric count" 1>&2
+    return 1
+  fi
+
+  if [ $EXPECT_COUNT -gt $GOT_COUNT ]; then
+    echo "$METRIC - expected >= count: $EXPECT_COUNT, actual count: $GOT_COUNT" 1>&2
+    return 1
+  fi
+}
+
+function assert_envoy_aggregate_metric_at_least {
+  set -eEuo pipefail
+  local HOSTPORT=$1
+  local METRIC=$2
+  local EXPECT_COUNT=$3
+
+  METRICS=$(get_envoy_metrics $HOSTPORT "$METRIC")
+
+  if [ -z "${METRICS}" ]; then
+    echo "Metric not found" 1>&2
+    return 1
+  fi
+
+  GOT_COUNT=$(awk '{ sum += $2 } END { print sum }' <<<"$METRICS")
+
+  if [ -z "$GOT_COUNT" ]; then
+    echo "Couldn't parse metric count" 1>&2
+    return 1
+  fi
+
+  if [ $EXPECT_COUNT -gt $GOT_COUNT ]; then
+    echo "$METRIC - expected >= count: $EXPECT_COUNT, actual count: $GOT_COUNT" 1>&2
+    return 1
+  fi
+}
+
+function get_healthy_service_count {
+  local SERVICE_NAME=$1
+  local DC=$2
+  local NS=$3
+  local AP=$4
+  local PEER_NAME=$5
+
+  run curl -m 5 -s -f ${HEADERS} "consul-${DC}-client:8500/v1/health/connect/${SERVICE_NAME}?passing&ns=${NS}&partition=${AP}&peer=${PEER_NAME}"
+
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output '. | length'
+}
+
+function assert_alive_wan_member_count {
+  local DC=$1
+  local EXPECT_COUNT=$2
+  run retry_long assert_alive_wan_member_count_once $DC $EXPECT_COUNT
+  [ "$status" -eq 0 ]
+}
+
+function assert_alive_wan_member_count_once {
+  local DC=$1
+  local EXPECT_COUNT=$2
+
+  GOT_COUNT=$(get_alive_wan_member_count $DC)
+
+  [ "$GOT_COUNT" -eq "$EXPECT_COUNT" ]
+}
+
+function get_alive_wan_member_count {
+  local DC=$1
+  run retry_default curl -sL -f "consul-${DC}-server:8500/v1/agent/members?wan=1"
+  [ "$status" -eq 0 ]
+  # echo "$output" >&3
+  echo "$output" | jq '.[] | select(.Status == 1) | .Name' | wc -l
+}
+
+function assert_service_has_healthy_instances_once {
+  local SERVICE_NAME=$1
+  local EXPECT_COUNT=$2
+  local DC=${3:-primary}
+  local NS=${4:-}
+  local AP=${5:-}
+  local PEER_NAME=${6:-}
+
+  GOT_COUNT=$(get_healthy_service_count "$SERVICE_NAME" "$DC" "$NS" "$AP" "$PEER_NAME")
+
+  [ "$GOT_COUNT" -eq $EXPECT_COUNT ]
+}
+
+function assert_service_has_healthy_instances {
+  local SERVICE_NAME=$1
+  local EXPECT_COUNT=$2
+  local DC=${3:-primary}
+  local NS=${4:-}
+  local AP=${5:-}
+  local PEER_NAME=${6:-}
+
+  run retry_long assert_service_has_healthy_instances_once "$SERVICE_NAME" "$EXPECT_COUNT" "$DC" "$NS" "$AP" "$PEER_NAME"
+  [ "$status" -eq 0 ]
+}
+
+function check_intention {
+  local SOURCE=$1
+  local DESTINATION=$2
+  get_consul_hostname primary
+
+  curl -m 5 -s -f "${CONSUL_HOSTNAME}:8500/v1/connect/intentions/check?source=${SOURCE}&destination=${DESTINATION}" | jq ".Allowed"
+}
+
+function assert_intention_allowed {
+  local SOURCE=$1
+  local DESTINATION=$2
+
+  run check_intention "${SOURCE}" "${DESTINATION}"
+  [ "$status" -eq 0 ]
+  [ "$output" = "true" ]
+}
+
+function assert_intention_denied {
+  local SOURCE=$1
+  local DESTINATION=$2
+
+  run check_intention "${SOURCE}" "${DESTINATION}"
+  [ "$status" -eq 0 ]
+  [ "$output" = "false" ]
+}
+
+function docker_consul {
+  local DC=$1
+  shift 1
+  retry_default docker_exec envoy_consul-${DC}_1 "$@"
+}
+
+function docker_consul_for_proxy_bootstrap {
+  local DC=$1
+  shift 1
+
+  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$DC"_1
+
+  docker.exe exec -i $CONTAINER_NAME bash.exe -c "$@"
+}
+
+function docker_exec {
+  if ! docker.exe exec -i "$@"; then
+    echo "Failed to execute: docker exec -i $@" 1>&2
+    return 1
+  fi
+}
+
+function docker_consul_exec {
+  local DC=$1
+  shift 1
+  docker_exec envoy_consul-${DC}_1 "$@"
+}
+
+function kill_envoy {
+  local BOOTSTRAP_NAME=$1
+  local DC=${2:-primary}
+
+  PORT=$( cat /c/workdir/$DC/envoy/${BOOTSTRAP_NAME}-bootstrap.json | jq .admin.address.socket_address.port_value )
+  PID=$( netstat -qo | grep "127.0.0.1:$PORT" | sed -r "s/.* //g" )
+  tskill $PID
+}
+
+function must_match_in_statsd_logs {
+  local DC=${2:-primary}
+  local FILE="/c/workdir/${DC}/statsd/statsd.log"
+  
+  COUNT=$( grep -Ec $1 $FILE )  
+  echo "COUNT of '$1' matches: $COUNT"
+ 
+  [ "$COUNT" -gt "0" ]
+}
+
+function must_match_in_prometheus_response {
+  run curl -m 5 -f -s $1/metrics
+  COUNT=$( echo "$output" | grep -Ec $2 )
+
+  echo "OUTPUT head -n 10"
+  echo "$output" | head -n 10
+  echo "COUNT of '$2' matches: $COUNT"
+
+  [ "$status" == 0 ]
+  [ "$COUNT" -gt "0" ]
+}
+
+function must_match_in_stats_proxy_response {
+  run curl -m 5 -f -s $1/$2
+  COUNT=$( echo "$output" | grep -Ec $3 )
+
+  echo "OUTPUT head -n 10"
+  echo "$output" | head -n 10
+  echo "COUNT of '$3' matches: $COUNT"
+
+  [ "$status" == 0 ]
+  [ "$COUNT" -gt "0" ]
+}
+
+# must_fail_tcp_connection checks that a request made through an upstream fails,
+# probably due to authz being denied if all other tests passed already. Although
+# we are using curl, this only works as expected for TCP upstreams as we are
+# checking TCP-level errors. HTTP upstreams will return a valid 503 generated by
+# Envoy rather than a connection-level error.
+function must_fail_tcp_connection {
+  # Attempt to curl through upstream
+  run curl -m 5 --no-keepalive -s -v -f -d hello $1
+
+  echo "OUTPUT $output"
+
+  # Should fail during handshake and return "got nothing" error
+  [ "$status" == "52" ]
+
+  # Verbose output should enclude empty reply
+  echo "$output" | grep 'Empty reply from server'
+}
+
+function must_pass_tcp_connection {
+  run curl -m 5 --no-keepalive -s -f -d hello $1
+
+  echo "OUTPUT $output"
+
+  [ "$status" == "0" ]
+  [ "$output" = "hello" ]
+}
+
+# must_fail_http_connection see must_fail_tcp_connection but this expects Envoy
+# to generate a 503 response since the upstreams have refused connection.
+function must_fail_http_connection {
+  # Attempt to curl through upstream
+  run curl -m 5 --no-keepalive -s -i -d hello "$1"
+
+  echo "OUTPUT $output"
+
+  [ "$status" == "0" ]
+
+  local expect_response="${2:-403 Forbidden}"
+  # Should fail request with 503
+  echo "$output" | grep "${expect_response}"
+}
+
+# must_pass_http_request allows you to craft a specific http request to assert
+# that envoy will NOT reject the request. Primarily of use for testing L7
+# intentions.
+function must_pass_http_request {
+  local METHOD=$1
+  local URL=$2
+  local DEBUG_HEADER_VALUE="${3:-""}"
+
+  local extra_args
+  if [[ -n "${DEBUG_HEADER_VALUE}" ]]; then
+    extra_args="-H x-test-debug:${DEBUG_HEADER_VALUE}"
+  fi
+  case "$METHOD" in
+    GET) ;;
+
+    DELETE)
+      extra_args="$extra_args -X${METHOD}"
+      ;;
+    PUT | POST)
+      extra_args="$extra_args -d'{}' -X${METHOD}"
+      ;;
+    *)
+      return 1
+      ;;
+  esac
+
+  run curl -m 5 --no-keepalive -v -s -f $extra_args "$URL"
+  [ "$status" == 0 ]
+}
+
+# must_fail_http_request allows you to craft a specific http request to assert
+# that envoy will reject the request. Primarily of use for testing L7
+# intentions.
+function must_fail_http_request {
+  local METHOD=$1
+  local URL=$2
+  local DEBUG_HEADER_VALUE="${3:-""}"
+
+  local extra_args
+  if [[ -n "${DEBUG_HEADER_VALUE}" ]]; then
+      extra_args="-H x-test-debug:${DEBUG_HEADER_VALUE}"
+  fi
+  case "$METHOD" in
+    HEAD)
+      extra_args="$extra_args -I"
+      ;;
+    GET) ;;
+
+    DELETE)
+      extra_args="$extra_args -X${METHOD}"
+      ;;
+    PUT | POST)
+      extra_args="$extra_args -d'{}' -X${METHOD}"
+      ;;
+    *)
+      return 1
+      ;;
+  esac
+
+  # Attempt to curl through upstream
+  run curl -m 5 --no-keepalive -s -i $extra_args "$URL"
+
+  echo "OUTPUT $output"
+
+  echo "$output" | grep "403 Forbidden"
+}
+
+function upsert_config_entry {
+  local DC="$1"
+  local BODY="$2"
+
+  echo "$BODY" | docker_consul "$DC" consul config write -
+}
+
+function gen_envoy_bootstrap {
+  SERVICE=$1
+  ADMIN_PORT=$2
+  DC=${3:-primary}
+  IS_GW=${4:-0}
+  EXTRA_ENVOY_BS_ARGS="${5-}"
+  ADMIN_HOST="0.0.0.0"
+
+  PROXY_ID="$SERVICE"
+  if ! is_set "$IS_GW"; then
+    PROXY_ID="$SERVICE-sidecar-proxy"
+    ADMIN_HOST="127.0.0.1"
+  fi
+
+  if output=$(docker_consul_for_proxy_bootstrap $DC "consul connect envoy -bootstrap \
+    -proxy-id $PROXY_ID \
+    -envoy-version "$ENVOY_VERSION" \
+    -http-addr envoy_consul-${DC}_1:8500 \
+    -grpc-addr envoy_consul-${DC}_1:8502 \
+    -admin-access-log-path="C:/envoy/envoy.log" \
+    -admin-bind $ADMIN_HOST:$ADMIN_PORT ${EXTRA_ENVOY_BS_ARGS} \
+    > /c/workdir/${DC}/envoy/${SERVICE}-bootstrap.json"); then
+
+    # All OK, write config to file
+    echo $output
+    #echo "$output" > /c/workdir/${DC}/envoy/$SERVICE-bootstrap.json
+  else
+    status=$?
+    # Command failed, instead of swallowing error (printed on stdout by docker
+    # it seems) by writing it to file, echo it
+    echo "$output"
+    #return $status
+  fi
+
+
+}
+
+function read_config_entry {
+  local KIND=$1
+  local NAME=$2
+  local DC=${3:-primary}
+  get_consul_hostname $DC
+  docker_consul_exec "$DC" bash -c "consul config read -kind $KIND -name $NAME -http-addr=\"$CONSUL_HOSTNAME:8500\""
+}
+
+function wait_for_namespace {
+  local NS="${1}"
+  local DC=${2:-primary}
+  get_consul_hostname $DC
+  retry_default docker_consul_exec "$DC" bash -c "curl -sLf http://${CONSUL_HOSTNAME}:8500/v1/namespace/${NS} >/dev/null"
+}
+
+function wait_for_config_entry {
+  retry_default read_config_entry "$@"
+}
+
+function assert_config_entry_status {
+  local TYPE="$1"
+  local STATUS="$2"
+  local REASON="$3"
+  local DC="$4"
+  local KIND="$5"
+  local NAME="$6"
+  local NS=${7:-}
+  local AP=${8:-}
+  local PEER=${9:-}
+
+  status=$(curl -s -f "consul-${DC}-client:8500/v1/config/${KIND}/${NAME}?passing&ns=${NS}&partition=${AP}&peer=${PEER}" | jq ".Status.Conditions[] | select(.Type == \"$TYPE\" and .Status == \"$STATUS\" and .Reason == \"$REASON\")")
+  [ -n "$status" ]
+}
+
+function delete_config_entry {
+  local KIND=$1
+  local NAME=$2
+  get_consul_hostname primary
+  retry_default curl -sL -XDELETE "http://${CONSUL_HOSTNAME}:8500/v1/config/${KIND}/${NAME}"
+}
+
+function register_services {
+  local DC=${1:-primary}
+  wait_for_leader "$DC"
+  docker_consul_exec ${DC} bash -c "consul services register workdir/${DC}/register/service_*.hcl"
+}
+
+# wait_for_leader waits until a leader is elected.
+# Its first argument must be the datacenter name.
+function wait_for_leader {
+  get_consul_hostname primary
+  retry_default docker_consul_exec "$1" bash -c "[[ $(curl --fail -sS http://${CONSUL_HOSTNAME}:8500/v1/status/leader) ]]"
+}
+
+function setup_upsert_l4_intention {
+  local SOURCE=$1
+  local DESTINATION=$2
+  local ACTION=$3
+  get_consul_hostname primary
+  retry_default docker_consul_exec primary bash -c "curl -sL -X PUT -d '{\"Action\": \"${ACTION}\"}' 'http://${CONSUL_HOSTNAME}:8500/v1/connect/intentions/exact?source=${SOURCE}&destination=${DESTINATION}'"
+}
+
+function upsert_l4_intention {
+  local SOURCE=$1
+  local DESTINATION=$2
+  local ACTION=$3
+  get_consul_hostname primary
+  retry_default curl -sL -XPUT "http://${CONSUL_HOSTNAME}:8500/v1/connect/intentions/exact?source=${SOURCE}&destination=${DESTINATION}" \
+      -d"{\"Action\": \"${ACTION}\"}" >/dev/null
+}
+
+function get_ca_root {
+  get_consul_hostname primary
+  curl -s -f "http://${CONSUL_HOSTNAME}:8500/v1/connect/ca/roots" | jq -r ".Roots[0].RootCert"
+}
+
+function wait_for_agent_service_register {
+  local SERVICE_ID=$1
+  local DC=${2:-primary}
+  get_consul_hostname $DC
+  retry_default docker_consul_exec "$DC" bash -c "curl -sLf 'http://${CONSUL_HOSTNAME}:8500/v1/agent/service/${SERVICE_ID}' >/dev/null"
+}
+
+function set_ttl_check_state {
+  local CHECK_ID=$1
+  local CHECK_STATE=$2
+  local DC=${3:-primary}
+  get_consul_hostname $DC
+
+  case "$CHECK_STATE" in
+    pass) ;;
+
+    warn) ;;
+
+    fail) ;;
+
+    *)
+      echo "invalid ttl check state '${CHECK_STATE}'" >&2
+      return 1
+      ;;
+  esac
+
+  retry_default docker_consul_exec "$DC" bash -c "curl -sL -XPUT 'http://${CONSUL_HOSTNAME}:8500/v1/agent/check/warn/${CHECK_ID}' >/dev/null"
+}
+
+function get_upstream_fortio_name {
+  local HOST=$1
+  local PORT=$2
+  local PREFIX=$3
+  local DEBUG_HEADER_VALUE="${4:-""}"
+  local extra_args
+  if [[ -n "${DEBUG_HEADER_VALUE}" ]]; then
+      extra_args="-H x-test-debug:${DEBUG_HEADER_VALUE}"
+  fi
+  # split proto if https:// is at the front of the host since the --resolve
+  # string needs just a bare host.
+  local PROTO=""
+  local CA_FILE=""
+  if [ "${HOST:0:8}" = "https://" ]; then
+    HOST="${HOST:8}"
+    PROTO="https://"
+    # Fix in the CA_FILE parameter: for Windows environments, the root path starts with "/c"
+    extra_args="${extra_args} --cacert /c/workdir/test-sds-server/certs/ca-root.crt"
+  fi
+  # We use --resolve instead of setting a Host header since we need the right
+  # name to be sent for SNI in some cases too.
+  run retry_default curl --ssl-revoke-best-effort -v -s -f --resolve "${HOST}:${PORT}:127.0.0.1" $extra_args \
+      "${PROTO}${HOST}:${PORT}${PREFIX}/debug?env=dump"
+
+  # Useful Debugging but breaks the expectation that the value output is just
+  # the grep output when things don't fail
+  if [ "$status" != 0 ]; then
+    echo "GOT FORTIO OUTPUT: $output"
+  fi
+  [ "$status" == 0 ]
+  echo "$output" | grep -E "^FORTIO_NAME="
+}
+
+function get_upstream_endpoint_port {
+  local HOSTPORT=$1
+  local CLUSTER_NAME=$2
+  local PORT_VALUE=$3
+  run curl -s -f "http://${HOSTPORT}/clusters?format=json"
+  [ "$status" -eq 0 ]
+  echo "$output" | jq --raw-output "
+.cluster_statuses[]
+| select(.name|startswith(\"${CLUSTER_NAME}\"))
+| [.host_statuses[].address.socket_address.port_value]
+| [select(.[] == ${PORT_VALUE})]
+| length"
+}
+
+function assert_upstream_has_endpoint_port_once {
+  local HOSTPORT=$1
+  local CLUSTER_NAME=$2
+  local PORT_VALUE=$3
+
+  GOT_COUNT=$(get_upstream_endpoint_port $HOSTPORT $CLUSTER_NAME $PORT_VALUE)
+
+  [ "$GOT_COUNT" -eq 1 ]
+}
+
+function assert_expected_fortio_name {
+  local EXPECT_NAME=$1
+  local HOST=${2:-"localhost"}
+  local PORT=${3:-5000}
+  local URL_PREFIX=${4:-""}
+  local DEBUG_HEADER_VALUE="${5:-""}"
+
+  run get_upstream_fortio_name ${HOST} ${PORT} "${URL_PREFIX}" "${DEBUG_HEADER_VALUE}"
+
+  echo "GOT: $output"
+
+  [ "$status" == 0 ]
+  [ "$output" == "FORTIO_NAME=${EXPECT_NAME}" ]
+}
+
+function assert_expected_fortio_name_pattern {
+  local EXPECT_NAME_PATTERN=$1
+  local HOST=${2:-"localhost"}
+  local PORT=${3:-5000}
+  local URL_PREFIX=${4:-""}
+  local DEBUG_HEADER_VALUE="${5:-""}"
+
+  GOT=$(get_upstream_fortio_name ${HOST} ${PORT} "${URL_PREFIX}" "${DEBUG_HEADER_VALUE}")
+
+  if [[ "$GOT" =~ $EXPECT_NAME_PATTERN ]]; then
+      :
+  else
+    echo "expected name pattern: $EXPECT_NAME_PATTERN, actual name: $GOT" 1>&2
+    return 1
+  fi
+}
+
+function get_upstream_fortio_host_header {
+  local HOST=$1
+  local PORT=$2
+  local PREFIX=$3
+  local DEBUG_HEADER_VALUE="${4:-""}"
+  local extra_args
+  if [[ -n "${DEBUG_HEADER_VALUE}" ]]; then
+      extra_args="-H x-test-debug:${DEBUG_HEADER_VALUE}"
+  fi
+  run retry_default curl -v -s -f -H"Host: ${HOST}" $extra_args \
+      "localhost:${PORT}${PREFIX}/debug"
+  [ "$status" == 0 ]
+  echo "$output" | grep -E "^Host: "
+}
+
+function assert_expected_fortio_host_header {
+  local EXPECT_HOST=$1
+  local HOST=${2:-"localhost"}
+  local PORT=${3:-5000}
+  local URL_PREFIX=${4:-""}
+  local DEBUG_HEADER_VALUE="${5:-""}"
+
+  GOT=$(get_upstream_fortio_host_header ${HOST} ${PORT} "${URL_PREFIX}" "${DEBUG_HEADER_VALUE}")
+
+  if [ "$GOT" != "Host: ${EXPECT_HOST}" ]; then
+    echo "expected Host header: $EXPECT_HOST, actual Host header: $GOT" 1>&2
+    return 1
+  fi
+}
+
+function create_peering {
+  local GENERATE_PEER=$1
+  local ESTABLISH_PEER=$2
+  run curl -m 5 -sL -XPOST "http://consul-${GENERATE_PEER}-client:8500/v1/peering/token" -d"{ \"PeerName\" : \"${GENERATE_PEER}-to-${ESTABLISH_PEER}\" }"
+  # echo "$output" >&3
+  [ "$status" == 0 ]
+
+  local token
+  token="$(echo "$output" | jq -r .PeeringToken)"
+  [ -n "$token" ]
+
+  run curl -m 5 -sLv -XPOST "http://consul-${ESTABLISH_PEER}-client:8500/v1/peering/establish" -d"{ \"PeerName\" : \"${ESTABLISH_PEER}-to-${GENERATE_PEER}\", \"PeeringToken\" : \"${token}\" }"
+  # echo "$output" >&3
+  [ "$status" == 0 ]
+}
+
+function assert_service_has_imported {
+  local DC=${1:-primary}
+  local SERVICE_NAME=$2
+  local PEER_NAME=$3
+
+  run curl -s -f "http://consul-${DC}-client:8500/v1/peering/${PEER_NAME}"
+  [ "$status" == 0 ]
+
+  echo "$output" | jq --raw-output '.StreamStatus.ImportedServices' | grep -e "${SERVICE_NAME}"
+  if [ $? -ne 0 ]; then
+    echo "Error finding service: ${SERVICE_NAME}"
+    return 1
+  fi
+}
+
+function get_lambda_envoy_http_filter {
+  local HOSTPORT=$1
+  local NAME_PREFIX=$2
+  run retry_default curl -s -f $HOSTPORT/config_dump
+  [ "$status" -eq 0 ]
+  # get the full http filter object so the individual fields can be validated.
+  echo "$output" | jq --raw-output ".configs[2].dynamic_listeners[] | .active_state.listener.filter_chains[].filters[] | select(.name == \"envoy.filters.network.http_connection_manager\") | .typed_config.http_filters[] | select(.name == \"envoy.filters.http.aws_lambda\") | .typed_config"
+}
+
+function register_lambdas {
+  local DC=${1:-primary}
+  # register lambdas to the catalog
+  for f in $(find workdir/${DC}/register -type f -name 'lambda_*.json'); do
+    retry_default curl -sL -XPUT -d @${f} "http://localhost:8500/v1/catalog/register" >/dev/null && \
+      echo "Registered Lambda: $(jq -r .Service.Service $f)"
+  done
+  # write service-defaults config entries for lambdas
+  for f in $(find workdir/${DC}/register -type f -name 'service_defaults_*.json'); do
+    varsub ${f} AWS_LAMBDA_REGION AWS_LAMBDA_ARN
+    retry_default curl -sL -XPUT -d @${f} "http://localhost:8500/v1/config" >/dev/null && \
+      echo "Wrote config: $(jq -r '.Kind + " / " + .Name' $f)"
+  done
+}
+
+function assert_lambda_envoy_dynamic_cluster_exists {
+  local HOSTPORT=$1
+  local NAME_PREFIX=$2
+
+  local BODY=$(get_envoy_dynamic_cluster_once $HOSTPORT $NAME_PREFIX)
+  [ -n "$BODY" ]
+
+  [ "$(echo $BODY | jq -r '.cluster.transport_socket.typed_config.sni')" == '*.amazonaws.com' ]
+}
+
+function assert_lambda_envoy_dynamic_http_filter_exists {
+  local HOSTPORT=$1
+  local NAME_PREFIX=$2
+  local ARN=$3
+
+  local FILTER=$(get_lambda_envoy_http_filter $HOSTPORT $NAME_PREFIX)
+  [ -n "$FILTER" ]
+
+  [ "$(echo $FILTER | jq -r '.arn')" == "$ARN" ]
+}
+
+function varsub {
+  local file=$1
+  shift
+  for v in "$@"; do
+    sed -i "s/\${$v}/${!v}/g" $file
+  done
+}
+
+function get_url_header {
+  local URL=$1
+  local HEADER=$2
+  run curl -s -f -X GET -I "${URL}"
+  [ "$status" == 0 ]
+  RESP=$(echo "$output" | tr -d '\r')
+  RESP=$(echo "$RESP" | grep -E "^${HEADER}: ")
+  RESP=$(echo "$RESP" | sed "s/^${HEADER}: //g")
+  echo "$RESP"
+}
+
+function assert_url_header {
+  local URL=$1
+  local HEADER=$2
+  local VALUE=$3
+  run get_url_header "$URL" "$HEADER"
+  [ "$status" == 0 ]
+  [ "$VALUE" = "$output" ]
+}
+
+# assert_upstream_message asserts both the returned code
+# and message from upstream service
+function assert_upstream_message {
+  local HOSTPORT=$1
+  run curl -s -d hello localhost:$HOSTPORT
+
+  if [ "$status" -ne 0 ]; then
+    echo "Command failed"
+    return 1
+  fi
+
+  if (echo $output | grep 'hello'); then
+    return 0
+  fi
+
+  echo "expected message not found in $output"
+  return 1
+}
\ No newline at end of file
diff --git a/test/integration/connect/envoy/main_test.go b/test/integration/connect/envoy/main_test.go
index b81a72e37ddc..a03528055345 100644
--- a/test/integration/connect/envoy/main_test.go
+++ b/test/integration/connect/envoy/main_test.go
@@ -7,6 +7,9 @@
 package envoy
 
 import (
+	"flag"
+	"io/ioutil"
+	"log"
 	"os"
 	"os/exec"
 	"sort"
@@ -16,11 +19,23 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+var (
+	flagWin = flag.Bool("win", false, "Execute tests on windows")
+)
+
 func TestEnvoy(t *testing.T) {
+	flag.Parse()
+
+	if *flagWin == true {
+		dir := "../../../"
+		check_dir_files(dir)
+	}
+
 	testcases, err := discoverCases()
 	require.NoError(t, err)
 
 	runCmd(t, "suite_setup")
+
 	defer runCmd(t, "suite_teardown")
 
 	for _, tc := range testcases {
@@ -40,7 +55,8 @@ func TestEnvoy(t *testing.T) {
 	}
 }
 
-func runCmd(t *testing.T, c string, env ...string) {
+
+func runCmdLinux(t *testing.T, c string, env ...string) {
 	t.Helper()
 
 	cmd := exec.Command("./run-tests.sh", c)
@@ -52,6 +68,34 @@ func runCmd(t *testing.T, c string, env ...string) {
 	}
 }
 
+func runCmdWindows(t *testing.T, c string, env ...string) {
+	t.Helper()
+
+	param_5 := "false"
+	if env != nil {
+		param_5 = strings.Join(env, " ")
+	}
+
+	cmd := exec.Command("cmd", "/C", "bash run-tests.windows.sh", c, param_5)
+	cmd.Env = append(os.Environ(), env...)
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	if err := cmd.Run(); err != nil {
+		t.Fatalf("command failed: %v", err)
+	}
+}
+
+func runCmd(t *testing.T, c string, env ...string) {
+	t.Helper()
+
+	if *flagWin == true {
+		runCmdWindows(t, c, env...)
+
+	} else {
+		runCmdLinux(t, c, env...)
+	}
+}
+
 // Discover the cases so we pick up both oss and ent copies.
 func discoverCases() ([]string, error) {
 	cwd, err := os.Getwd()
@@ -74,3 +118,57 @@ func discoverCases() ([]string, error) {
 	sort.Strings(out)
 	return out, nil
 }
+
+// CRLF convert functions
+// Recursively iterates through the directory passed by parameter looking for the sh and bash files.
+// Upon finding them, it calls crlf_file_check.
+func check_dir_files(path string) {
+	files, err := ioutil.ReadDir(path)
+	if err != nil {
+		log.Fatal(err)
+	}
+	for _, fil := range files {
+
+		v := strings.Split(fil.Name(), ".")
+		file_extension := v[len(v)-1]
+
+		file_path := path + "/" + fil.Name()
+
+		if fil.IsDir() == true {
+			check_dir_files(file_path)
+		}
+
+		if file_extension == "sh" || file_extension == "bash" {
+			crlf_file_check(file_path)
+		}
+	}
+}
+
+// Check if a file contains CRLF line endings if so call crlf_normalize
+func crlf_file_check(file_name string) {
+
+	file, err := ioutil.ReadFile(file_name)
+	text := string(file)
+
+	if edit := crlf_verify(text); edit != -1 {
+		crlf_normalize(file_name, text)
+	}
+
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+// Checks for the existence of CRLF line endings.
+func crlf_verify(text string) int {
+	position := strings.Index(text, "\r\n")
+	return position
+}
+
+// Replace CRLF line endings with LF.
+func crlf_normalize(filename, text string) {
+	text = strings.Replace(text, "\r\n", "\n", -1)
+	data := []byte(text)
+
+	ioutil.WriteFile(filename, data, 0644)
+}
diff --git a/test/integration/connect/envoy/run-tests.windows.sh b/test/integration/connect/envoy/run-tests.windows.sh
new file mode 100644
index 000000000000..2388bcd5b6f6
--- /dev/null
+++ b/test/integration/connect/envoy/run-tests.windows.sh
@@ -0,0 +1,908 @@
+#!/usr/bin/env bash
+
+if [ $2 != "false" ]
+then
+  export $2
+fi
+
+readonly self_name="$0"
+
+readonly HASHICORP_DOCKER_PROXY="docker.mirror.hashicorp.services"
+
+readonly SINGLE_CONTAINER_BASE_NAME=envoy_consul
+
+# DEBUG=1 enables set -x for this script so echos every command run
+DEBUG=${DEBUG:-}
+
+XDS_TARGET=${XDS_TARGET:-server}
+
+# ENVOY_VERSION to run each test against
+ENVOY_VERSION=${ENVOY_VERSION:-"1.23.1"}
+export ENVOY_VERSION
+
+export DOCKER_BUILDKIT=0
+
+if [ ! -z "$DEBUG" ] ; then
+  set -x
+fi
+
+source helpers.windows.bash
+
+function command_error {
+  echo "ERR: command exited with status $1" 1>&2
+  echo "     command:   $2" 1>&2
+  echo "     line:      $3" 1>&2
+  echo "     function:  $4" 1>&2
+  echo "     called at: $5" 1>&2
+  # printf '%s\n' "${FUNCNAME[@]}"
+  # printf '%s\n' "${BASH_SOURCE[@]}"
+  # printf '%s\n' "${BASH_LINENO[@]}"
+}
+
+trap 'command_error $? "${BASH_COMMAND}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_SOURCE[0]}:${BASH_LINENO[0]}"' ERR
+
+readonly WORKDIR_SNIPPET="-v envoy_workdir:C:\workdir"
+
+function network_snippet {
+    local DC="$1"
+    echo "--net=envoy-tests"
+}
+
+function aws_snippet {
+  LAMBDA_TESTS_ENABLED=${LAMBDA_TESTS_ENABLED:-false}
+  if [ "$LAMBDA_TESTS_ENABLED" != false ]; then
+    local snippet=""
+
+    # The Lambda integration cases assume that a Lambda function exists in $AWS_REGION with an ARN of $AWS_LAMBDA_ARN.
+    # The AWS credentials must have permission to invoke the Lambda function.
+    [ -n "$(set | grep '^AWS_ACCESS_KEY_ID=')" ] && snippet="${snippet} -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
+    [ -n "$(set | grep '^AWS_SECRET_ACCESS_KEY=')" ] && snippet="${snippet} -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
+    [ -n "$(set | grep '^AWS_SESSION_TOKEN=')" ] && snippet="${snippet} -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN"
+    [ -n "$(set | grep '^AWS_LAMBDA_REGION=')" ] && snippet="${snippet} -e AWS_LAMBDA_REGION=$AWS_LAMBDA_REGION"
+    [ -n "$(set | grep '^AWS_LAMBDA_ARN=')" ] && snippet="${snippet} -e AWS_LAMBDA_ARN=$AWS_LAMBDA_ARN"
+
+    echo "$snippet"
+  fi
+}
+
+function init_workdir {
+  local CLUSTER="$1"
+
+  if test -z "$CLUSTER"
+  then
+    CLUSTER=primary
+  fi
+
+  # Note, we use explicit set of dirs so we don't delete .gitignore. Also,
+  # don't wipe logs between runs as they are already split and we need them to
+  # upload as artifacts later.
+  rm -rf workdir/${CLUSTER}
+  rm -rf workdir/logs
+  mkdir -p workdir/${CLUSTER}/{consul,consul-server,register,envoy,bats,statsd,data}
+
+  # Reload consul config from defaults
+  cp consul-base-cfg/*.hcl workdir/${CLUSTER}/consul/
+
+  # Add any overrides if there are any (no op if not)
+  find ${CASE_DIR} -maxdepth 1 -name '*.hcl' -type f -exec cp -f {} workdir/${CLUSTER}/consul \;
+
+  # Copy all the test files
+  find ${CASE_DIR} -maxdepth 1 -name '*.bats' -type f -exec cp -f {} workdir/${CLUSTER}/bats \;
+  # Copy CLUSTER specific bats
+  cp helpers.windows.bash workdir/${CLUSTER}/bats/helpers.bash
+
+  # Add any CLUSTER overrides
+  if test -d "${CASE_DIR}/${CLUSTER}"
+  then
+    find ${CASE_DIR}/${CLUSTER} -type f -name '*.hcl' -exec cp -f {} workdir/${CLUSTER}/consul \;
+    find ${CASE_DIR}/${CLUSTER} -type f -name '*.bats' -exec cp -f {} workdir/${CLUSTER}/bats \;
+  fi
+
+  # move all of the registration files OUT of the consul config dir now
+  find workdir/${CLUSTER}/consul -type f -name 'service_*.hcl' -exec mv -f {} workdir/${CLUSTER}/register \;
+
+  # move the server.hcl out of the consul dir so that it doesn't get picked up
+  # by the client agent (if we're running with XDS_TARGET=client).
+  if test -f "workdir/${CLUSTER}/consul/server.hcl"
+  then
+    mv workdir/${CLUSTER}/consul/server.hcl workdir/${CLUSTER}/consul-server/server.hcl
+  fi
+
+  # copy the ca-certs for SDS so we can verify the right ones are served
+  mkdir -p workdir/test-sds-server/certs
+  cp test-sds-server/certs/ca-root.crt workdir/test-sds-server/certs/ca-root.crt
+
+  if test -d "${CASE_DIR}/data"
+  then
+    cp -r ${CASE_DIR}/data/* workdir/${CLUSTER}/data
+  fi
+
+  return 0
+}
+
+function docker_kill_rm {
+  local name
+  local todo=()
+  for name in "$@"; do
+    name="envoy_${name}_1"
+    if docker.exe container inspect $name &>/dev/null; then
+      if [[ "$name" == envoy_tcpdump-* ]]; then
+        echo -n "Gracefully stopping $name..."
+        docker.exe stop $name &> /dev/null
+        echo "done"
+      fi
+      todo+=($name)
+    fi
+  done
+
+  if [[ ${#todo[@]} -eq 0 ]]; then
+      return 0
+  fi
+
+  echo -n "Killing and removing: ${todo[@]}..."
+  docker.exe rm -v -f ${todo[@]} &> /dev/null
+  echo "done"
+}
+
+function start_consul {
+  local DC=${1:-primary}
+
+  # 8500/8502 are for consul
+  # 9411 is for zipkin which shares the network with consul
+  # 16686 is for jaeger ui which also shares the network with consul
+  ports=(
+    '-p=8500:8500'
+    '-p=8502:8502'
+    '-p=9411:9411'
+    '-p=16686:16686'
+  )
+  case "$DC" in
+    secondary)
+      ports=(
+        '-p=9500:8500'
+        '-p=9502:8502'
+      )
+      ;;
+    alpha)
+      ports=(
+        '-p=9510:8500'
+        '-p=9512:8502'
+      )
+      ;;
+  esac
+
+  license="${CONSUL_LICENSE:-}"
+  # load the consul license so we can pass it into the consul
+  # containers as an env var in the case that this is a consul
+  # enterprise test
+  if test -z "$license" -a -n "${CONSUL_LICENSE_PATH:-}"
+  then
+    license=$(cat $CONSUL_LICENSE_PATH)
+  fi
+
+  # We currently run these integration tests in two modes: one in which Envoy's
+  # xDS sessions are served directly by a Consul server, and another in which it
+  # goes through a client agent.
+  #
+  # This is necessary because servers and clients source configuration data in
+  # different ways (client agents use an RPC-backed cache and servers use their
+  # own local data) and we want to catch regressions in both.
+  #
+  # In the future we should also expand these tests to register services to the
+  # catalog directly (agentless) rather than relying on the server also being
+  # an agent.
+  #
+  # When XDS_TARGET=client we'll start a Consul server with its gRPC port
+  # disabled (but only if REQUIRE_PEERS is not set), and a client agent with
+  # its gRPC port enabled.
+  #
+  # When XDS_TARGET=server (or anything else) we'll run a single Consul server
+  # with its gRPC port enabled.
+  #
+  # In either case, the hostname `consul-${DC}-server` should be used as a
+  # server address (e.g. for WAN joining) and `consul-${DC}-client` should be
+  # used as a client address (e.g. for interacting with the HTTP API).
+  #
+  # Both hostnames work in both modes because we set network aliases on the
+  # containers such that both hostnames will resolve to the same container when
+  # XDS_TARGET=server.
+  #
+  # We also join containers to the network `container:consul-${DC}_1` in many
+  # places (see: network_snippet) so that we can curl localhost etc. In both
+  # modes, you can assume that this name refers to the client's container.
+  #
+  # Any .hcl files in the case/cluster directory will be given to both clients
+  # and servers (via the -config-dir flag) *except for* server.hcl which will
+  # only be applied to the server (and service registrations which will be made
+  # against the client).
+  if [[ "$XDS_TARGET" == "client" ]]
+  then
+    docker_kill_rm consul-${DC}-server
+    docker_kill_rm consul-${DC}
+
+    server_grpc_port="-1"
+    if is_set $REQUIRE_PEERS; then
+      server_grpc_port="8502"
+    fi
+
+    docker.exe run -d --name envoy_consul-${DC}-server_1 \
+      --net=envoy-tests \
+      $WORKDIR_SNIPPET \
+      --hostname "consul-${DC}-server" \
+      --network-alias "consul-${DC}-server" \
+      -e "CONSUL_LICENSE=$license" \
+      windows/consul:local \
+      agent -dev -datacenter "${DC}" \
+      -config-dir "C:\\workdir\\${DC}\\consul" \
+      -config-dir "C:\\workdir\\${DC}\\consul-server" \
+      -grpc-port $server_grpc_port \
+      -client "0.0.0.0" \
+      -bind "0.0.0.0" >/dev/null
+
+    docker.exe run -d --name envoy_consul-${DC}_1 \
+      --net=envoy-tests \
+      $WORKDIR_SNIPPET \
+      --hostname "consul-${DC}-client" \
+      --network-alias "consul-${DC}-client" \
+      -e "CONSUL_LICENSE=$license" \
+      ${ports[@]} \
+      windows/consul:local \
+      agent -datacenter "${DC}" \
+      -config-dir "C:\\workdir\\${DC}\\consul" \
+      -data-dir "/tmp/consul" \
+      -client "0.0.0.0" \
+      -grpc-port 8502 \
+      -datacenter "${DC}" \
+      -retry-join "consul-${DC}-server" >/dev/null
+  else
+    docker_kill_rm consul-${DC}
+
+    docker.exe run -d --name envoy_consul-${DC}_1 \
+      --net=envoy-tests \
+      $WORKDIR_SNIPPET \
+      --memory 4096m \
+      --cpus 2 \
+      --hostname "consul-${DC}" \
+      --network-alias "consul-${DC}-client" \
+      --network-alias "consul-${DC}-server" \
+      -e "CONSUL_LICENSE=$license" \
+      ${ports[@]} \
+      windows/consul:local \
+      agent -dev -datacenter "${DC}" \
+      -config-dir "C:\\workdir\\${DC}\\consul" \
+      -config-dir "C:\\workdir\\${DC}\\consul-server" \
+      -client "0.0.0.0" >/dev/null
+  fi
+}
+
+function start_partitioned_client {
+  local PARTITION=${1:-ap1}
+
+  # Start consul now as setup script needs it up
+  docker_kill_rm consul-${PARTITION}
+
+  license="${CONSUL_LICENSE:-}"
+  # load the consul license so we can pass it into the consul
+  # containers as an env var in the case that this is a consul
+  # enterprise test
+  if test -z "$license" -a -n "${CONSUL_LICENSE_PATH:-}"
+  then
+    license=$(cat $CONSUL_LICENSE_PATH)
+  fi
+
+  sh -c "rm -rf /workdir/${PARTITION}/data"
+
+  # Run consul and expose some ports to the host to make debugging locally a
+  # bit easier.
+  #
+  docker.exe run -d --name envoy_consul-${PARTITION}_1 \
+    --net=envoy-tests \
+    $WORKDIR_SNIPPET \
+    --hostname "consul-${PARTITION}-client" \
+    --network-alias "consul-${PARTITION}-client" \
+    -e "CONSUL_LICENSE=$license" \
+    windows/consul:local agent \
+    -datacenter "primary" \
+    -retry-join "consul-primary-server" \
+    -grpc-port 8502 \
+    -data-dir "/tmp/consul" \
+    -config-dir "C:\\workdir\\${PARTITION}/consul" \
+    -client "0.0.0.0" >/dev/null
+}
+
+function pre_service_setup {
+  local CLUSTER=${1:-primary}
+
+  # Run test case setup (e.g. generating Envoy bootstrap, starting containers)
+  if [ -f "${CASE_DIR}/${CLUSTER}/setup.sh" ]
+  then
+    source ${CASE_DIR}/${CLUSTER}/setup.sh
+  else
+    source ${CASE_DIR}/setup.sh
+  fi
+}
+
+function start_services {
+  # Start containers required
+  if [ ! -z "$REQUIRED_SERVICES" ] ; then
+    docker_kill_rm $REQUIRED_SERVICES
+    run_containers $REQUIRED_SERVICES
+  fi
+
+  return 0
+}
+
+function verify {
+  local CLUSTER="$1"
+  if test -z "$CLUSTER"; then
+    CLUSTER="primary"
+  fi
+
+  # Execute tests
+  res=0
+
+  # Nuke any previous case's verify container.
+  docker_kill_rm verify-${CLUSTER}
+
+  echo "Running ${CLUSTER} verification step for ${CASE_DIR}..."
+
+  # need to tell the PID 1 inside of the container that it won't be actual PID
+  # 1 because we're using --pid=host so we use TINI_SUBREAPER
+  if docker.exe exec -i ${SINGLE_CONTAINER_BASE_NAME}-${CLUSTER}_1 bash \
+    -c "TINI_SUBREAPER=1 \
+    ENVOY_VERSION=${ENVOY_VERSION} \
+    XDS_TARGET=${XDS_TARGET} \
+    /c/bats/bin/bats \
+    --pretty /c/workdir/${CLUSTER}/bats" ; then
+    echo "✓ PASS"
+  else
+    echo "⨯ FAIL"
+    res=1
+  fi
+
+  return $res
+}
+
+function capture_logs {
+  local LOG_DIR="workdir/logs/${CASE_DIR}/${ENVOY_VERSION}"
+
+  init_vars
+
+  echo "Capturing Logs"
+  mkdir -p "$LOG_DIR"
+
+  services="$REQUIRED_SERVICES consul-primary"
+  if [[ "$XDS_TARGET" == "client" ]]
+  then
+    services="$services consul-primary-server"
+  fi
+
+  if is_set $REQUIRE_SECONDARY
+  then
+    services="$services consul-secondary"
+
+    if [[ "$XDS_TARGET" == "client" ]]
+    then
+      services="$services consul-secondary-server"
+    fi
+  fi
+
+  if is_set $REQUIRE_PARTITIONS
+  then
+    services="$services consul-ap1"
+  fi
+  if is_set $REQUIRE_PEERS
+  then
+    services="$services consul-alpha"
+
+    if [[ "$XDS_TARGET" == "client" ]]
+    then
+      services="$services consul-alpha-server"
+    fi
+  fi
+
+  if [ -f "${CASE_DIR}/capture.sh" ]
+  then
+    echo "Executing ${CASE_DIR}/capture.sh"
+    source ${CASE_DIR}/capture.sh || true
+  fi
+
+  for cont in $services; do
+    echo "Capturing log for $cont"
+    docker.exe logs "envoy_${cont}_1" &> "${LOG_DIR}/${cont}.log" || {
+        echo "EXIT CODE $?" > "${LOG_DIR}/${cont}.log"
+    }
+  done
+}
+
+function stop_services {
+  # Teardown
+  docker_kill_rm $REQUIRED_SERVICES
+
+  docker_kill_rm consul-primary consul-primary-server consul-secondary consul-secondary-server consul-ap1 consul-alpha consul-alpha-server
+}
+
+function init_vars {
+  source "defaults.sh"
+  if [ -f "${CASE_DIR}/vars.sh" ] ; then
+    source "${CASE_DIR}/vars.sh"
+  fi
+}
+
+function global_setup {
+  if [ -f "${CASE_DIR}/global-setup-windows.sh" ] ; then    
+    source "${CASE_DIR}/global-setup-windows.sh"
+  fi
+}
+
+function wipe_volumes {
+  docker.exe exec -w "C:\workdir" envoy_workdir_1 cmd /c "rd /s /q . 2>nul"
+}
+
+# Windows containers does not allow cp command while running.
+function stop_and_copy_files {
+    # Create CMD file to execute within the container
+    echo "icacls C:\workdir /grant:r Everyone:(OI)(CI)F /T" > copy.cmd
+    echo "XCOPY C:\workdir_bak C:\workdir /e /h /c /i /y" > copy.cmd
+    # Stop dummy container to copy local workdir to container's workdir_bak
+    docker.exe stop envoy_workdir_1 > /dev/null
+    docker.exe cp workdir/. envoy_workdir_1:/workdir_bak
+    # Copy CMD file into container
+    docker.exe cp copy.cmd envoy_workdir_1:/
+    # Start dummy container and execute the CMD file
+    docker.exe start envoy_workdir_1 > /dev/null
+    docker.exe exec envoy_workdir_1 copy.cmd
+    # Delete local CMD file after execution
+    rm copy.cmd
+}
+
+function run_tests {
+  CASE_DIR="${CASE_DIR?CASE_DIR must be set to the path of the test case}"
+  CASE_NAME=$( basename $CASE_DIR | cut -c6- )
+  export CASE_NAME
+  export SKIP_CASE=""
+
+  init_vars
+
+  # Initialize the workdir
+  init_workdir primary
+
+  if is_set $REQUIRE_SECONDARY
+  then
+    init_workdir secondary
+  fi
+  if is_set $REQUIRE_PARTITIONS
+  then
+    init_workdir ap1
+  fi
+  if is_set $REQUIRE_PEERS
+  then
+    init_workdir alpha
+  fi
+
+  global_setup
+  
+  # Allow vars.sh to set a reason to skip this test case based on the ENV
+  if [ "$SKIP_CASE" != "" ] ; then
+    echo "SKIPPING CASE: $SKIP_CASE"
+    return 0
+  fi
+
+  # Wipe state
+  wipe_volumes
+
+  # Copying base files to shared volume
+  stop_and_copy_files
+
+  # Starting Consul primary cluster
+  start_consul primary
+
+  if is_set $REQUIRE_SECONDARY; then
+    start_consul secondary
+  fi
+  if is_set $REQUIRE_PARTITIONS; then
+    docker_consul "primary" consul partition create -name ap1 > /dev/null
+    start_partitioned_client ap1
+  fi
+  if is_set $REQUIRE_PEERS; then
+    start_consul alpha
+  fi
+
+  echo "Setting up the primary datacenter"
+  pre_service_setup primary
+
+  if is_set $REQUIRE_SECONDARY; then
+    echo "Setting up the secondary datacenter"
+    pre_service_setup secondary
+  fi
+  if is_set $REQUIRE_PARTITIONS; then
+    echo "Setting up the non-default partition"
+    pre_service_setup ap1
+  fi
+  if is_set $REQUIRE_PEERS; then
+    echo "Setting up the alpha peer"
+    pre_service_setup alpha
+  fi
+
+  echo "Starting services"
+  start_services
+
+  # Run the verify container and report on the output
+  echo "Verifying the primary datacenter"
+  verify primary
+
+  if is_set $REQUIRE_SECONDARY; then
+    echo "Verifying the secondary datacenter"
+    verify secondary
+  fi
+  if is_set $REQUIRE_PEERS; then
+    echo "Verifying the alpha peer"
+    verify alpha
+  fi
+}
+
+function test_teardown {
+    init_vars
+
+    stop_services
+}
+
+function workdir_cleanup {
+  docker_kill_rm workdir
+  docker.exe volume rm -f envoy_workdir &>/dev/null || true
+}
+
+
+function suite_setup {
+  # Cleanup from any previous unclean runs.
+  suite_teardown
+
+  docker.exe network create -d "nat" envoy-tests &>/dev/null
+
+  # Start the volume container
+  #
+  # This is a dummy container that we use to create volume and keep it
+  # accessible while other containers are down.
+  docker.exe volume create envoy_workdir &>/dev/null
+  docker.exe run -d --name envoy_workdir_1 \
+      $WORKDIR_SNIPPET \
+      --user ContainerAdministrator \
+      --net=none \
+      "${HASHICORP_DOCKER_PROXY}/windows/kubernetes/pause" &>/dev/null
+
+  # pre-build the consul+envoy container
+  echo "Rebuilding 'windows/consul:local' image with envoy $ENVOY_VERSION..."
+  retry_default docker.exe build -t windows/consul:local \
+      --build-arg ENVOY_VERSION=${ENVOY_VERSION} \
+      -f Dockerfile-consul-envoy-windows .
+
+
+  local CONSUL_VERSION=$(docker image inspect --format='{{.ContainerConfig.Labels.version}}' \
+                        windows/consul:local)
+  echo "Running Tests with Consul=$CONSUL_VERSION - Envoy=$ENVOY_VERSION - XDS_TARGET=$XDS_TARGET"
+}
+
+function suite_teardown {
+    docker_kill_rm verify-primary verify-secondary verify-alpha
+
+    # this is some hilarious magic
+    docker_kill_rm $(grep "^function run_container_" $self_name | \
+        sed 's/^function run_container_\(.*\) {/\1/g')
+
+    docker_kill_rm consul-primary consul-primary-server consul-secondary consul-secondary-server consul-ap1 consul-alpha consul-alpha-server
+
+    if docker.exe network inspect envoy-tests &>/dev/null ; then
+        echo -n "Deleting network 'envoy-tests'..."
+        docker.exe network rm envoy-tests
+        echo "done"
+    fi
+
+    workdir_cleanup
+}
+
+function run_containers {
+ for name in $@ ; do
+   run_container $name
+ done
+}
+
+function run_container {
+  docker_kill_rm "$1"
+  "run_container_$1"
+}
+
+function common_run_container_service {
+  local service="$1"
+  local CLUSTER="$2"
+  local httpPort="$3"
+  local grpcPort="$4"
+  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$CLUSTER"_1
+
+  docker.exe exec -d $CONTAINER_NAME bash \
+    -c "FORTIO_NAME=${service} \
+    fortio.exe server \
+    -http-port ":$httpPort" \
+    -grpc-port ":$grpcPort" \
+    -redirect-port disabled"
+}
+
+function run_container_s1 {
+  common_run_container_service s1 primary 8080 8079
+}
+
+function run_container_s1-ap1 {
+  common_run_container_service s1 ap1 8080 8079
+}
+
+function run_container_s2 {
+  common_run_container_service s2 primary 8181 8179
+}
+function run_container_s2-v1 {
+  common_run_container_service s2-v1 primary 8182 8178
+}
+function run_container_s2-v2 {
+  common_run_container_service s2-v2 primary 8183 8177
+}
+
+function run_container_s3 {
+  common_run_container_service s3 primary 8282 8279
+}
+function run_container_s3-v1 {
+  common_run_container_service s3-v1 primary 8283 8278
+}
+function run_container_s3-v2 {
+  common_run_container_service s3-v2 primary 8284 8277
+}
+function run_container_s3-alt {
+  common_run_container_service s3-alt primary 8286 8280
+}
+
+function run_container_s4 {
+  common_run_container_service s4 primary 8382 8281
+}
+
+function run_container_s1-secondary {
+  common_run_container_service s1-secondary secondary 8080 8079
+}
+
+function run_container_s2-secondary {
+  common_run_container_service s2-secondary secondary 8181 8179
+}
+
+function run_container_s2-ap1 {
+  common_run_container_service s2 ap1 8480 8479
+}
+
+function run_container_s3-ap1 {
+  common_run_container_service s3 ap1 8580 8579
+}
+
+function run_container_s1-alpha {
+  common_run_container_service s1-alpha alpha 8080 8079
+}
+
+function run_container_s2-alpha {
+  common_run_container_service s2-alpha alpha 8181 8179
+}
+
+function run_container_s3-alpha {
+  common_run_container_service s3-alpha alpha 8282 8279
+}
+
+function common_run_container_sidecar_proxy {
+  local service="$1"
+  local CLUSTER="$2"
+  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$CLUSTER"_1
+
+  # Hot restart breaks since both envoys seem to interact with each other
+  # despite separate containers that don't share IPC namespace. Not quite
+  # sure how this happens but may be due to unix socket being in some shared
+  # location?
+  docker.exe exec -d $CONTAINER_NAME bash \
+    -c "envoy.exe \
+    -c /c/workdir/${CLUSTER}/envoy/${service}-bootstrap.json \
+    -l trace \
+    --disable-hot-restart \
+    --drain-time-s 1 >/dev/null"
+}
+
+function run_container_s1-sidecar-proxy {
+  common_run_container_sidecar_proxy s1 primary
+}
+
+function run_container_s1-ap1-sidecar-proxy {
+  common_run_container_sidecar_proxy s1 ap1
+}
+
+function run_container_s1-sidecar-proxy-consul-exec {
+  local CLUSTER="primary"
+  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$CLUSTER"_1
+  local ADMIN_HOST="127.0.0.1"
+  local ADMIN_PORT="19000"
+
+  docker.exe exec -d $CONTAINER_NAME bash \
+    -c "consul connect envoy -sidecar-for s1 \
+    -http-addr $CONTAINER_NAME:8500 \
+    -grpc-addr $CONTAINER_NAME:8502 \
+    -admin-bind $ADMIN_HOST:$ADMIN_PORT \
+    -envoy-version ${ENVOY_VERSION} \
+    -- \
+    -l trace >/dev/null"
+}
+
+function run_container_s2-sidecar-proxy {
+  common_run_container_sidecar_proxy s2 primary
+}
+function run_container_s2-v1-sidecar-proxy {
+  common_run_container_sidecar_proxy s2-v1 primary
+}
+function run_container_s2-v2-sidecar-proxy {
+  common_run_container_sidecar_proxy s2-v2 primary
+}
+
+function run_container_s3-sidecar-proxy {
+  common_run_container_sidecar_proxy s3 primary
+}
+function run_container_s3-v1-sidecar-proxy {
+  common_run_container_sidecar_proxy s3-v1 primary
+}
+function run_container_s3-v2-sidecar-proxy {
+  common_run_container_sidecar_proxy s3-v2 primary
+}
+
+function run_container_s3-alt-sidecar-proxy {
+  common_run_container_sidecar_proxy s3-alt primary
+}
+
+function run_container_s1-sidecar-proxy-secondary {
+  common_run_container_sidecar_proxy s1 secondary
+}
+function run_container_s2-sidecar-proxy-secondary {
+  common_run_container_sidecar_proxy s2 secondary
+}
+
+function run_container_s2-ap1-sidecar-proxy {
+  common_run_container_sidecar_proxy s2 ap1
+}
+
+function run_container_s3-ap1-sidecar-proxy {
+  common_run_container_sidecar_proxy s3 ap1
+}
+
+function run_container_s1-sidecar-proxy-alpha {
+  common_run_container_sidecar_proxy s1 alpha
+}
+function run_container_s2-sidecar-proxy-alpha {
+  common_run_container_sidecar_proxy s2 alpha
+}
+function run_container_s3-sidecar-proxy-alpha {
+  common_run_container_sidecar_proxy s3 alpha
+}
+
+function common_run_container_gateway {
+  local name="$1"
+  local DC="$2"
+  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$DC"_1
+
+  # Hot restart breaks since both envoys seem to interact with each other
+  # despite separate containers that don't share IPC namespace. Not quite
+  # sure how this happens but may be due to unix socket being in some shared
+  # location?
+  docker.exe exec -d $CONTAINER_NAME bash \
+    -c "envoy.exe \
+    -c /c/workdir/${DC}/envoy/${name}-bootstrap.json \
+    -l trace \
+    --disable-hot-restart \
+    --drain-time-s 1 >/dev/null"
+}
+
+function run_container_gateway-primary {
+  common_run_container_gateway mesh-gateway primary
+}
+function run_container_gateway-secondary {
+  common_run_container_gateway mesh-gateway secondary
+}
+function run_container_gateway-alpha {
+  common_run_container_gateway mesh-gateway alpha
+}
+
+function run_container_ingress-gateway-primary {
+  common_run_container_gateway ingress-gateway primary
+}
+
+function run_container_api-gateway-primary {
+  common_run_container_gateway api-gateway primary
+}
+
+function run_container_terminating-gateway-primary {
+  common_run_container_gateway terminating-gateway primary
+}
+
+function run_container_fake-statsd {
+  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"primary"_1
+  # This magic SYSTEM incantation is needed since Envoy doesn't add newlines and so
+  # we need each packet to be passed to echo to add a new line before
+  # appending. But it does not work on Windows.   
+  docker.exe exec -d $CONTAINER_NAME bash -c "socat -u UDP-RECVFROM:8125,fork,reuseaddr OPEN:/workdir/primary/statsd/statsd.log,create,append"                                            
+}
+
+function run_container_zipkin {
+  docker.exe run -d --name $(container_name) \
+    $WORKDIR_SNIPPET \
+    $(network_snippet primary) \
+    "${HASHICORP_DOCKER_PROXY}/windows/openzipkin"
+}
+
+function run_container_jaeger {
+  echo "Starting Jaeger service..."
+
+  local DC=${1:-primary}
+  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$DC"_1
+
+  docker.exe exec -d $CONTAINER_NAME bash -c "jaeger-all-in-one.exe \
+    --collector.zipkin.http-port=9411"
+}
+
+function run_container_test-sds-server {
+  echo "Starting test-sds-server"
+  
+  local DC=${1:-primary}
+  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$DC"_1
+
+  docker.exe exec -d $CONTAINER_NAME bash -c "cd /c/test-sds-server &&
+    ./test-sds-server.exe"
+}
+
+function container_name {
+  echo "envoy_${FUNCNAME[1]/#run_container_/}_1"
+}
+function container_name_prev {
+  echo "envoy_${FUNCNAME[2]/#run_container_/}_1"
+}
+
+# This is a debugging tool. Run via 'bash run-tests.sh debug_dump_volumes' on Powershell
+function debug_dump_volumes {
+  local LINUX_PATH=$(pwd)
+  local WIN_PATH=$( echo "$LINUX_PATH" | sed 's/^\/mnt//' | sed -e 's/^\///' -e 's/\//\\/g' -e 's/^./\0:/' )  
+  docker.exe run -it \
+    $WORKDIR_SNIPPET \
+    -v "$WIN_PATH":"C:\\cwd" \
+    --net=none \
+    "${HASHICORP_DOCKER_PROXY}/windows/nanoserver:1809" \
+    cmd /c "xcopy \workdir \cwd\workdir /E /H /C /I /Y"
+}
+
+function run_container_tcpdump-primary {
+    # To use add "tcpdump-primary" to REQUIRED_SERVICES
+    common_run_container_tcpdump primary
+}
+function run_container_tcpdump-secondary {
+    # To use add "tcpdump-secondary" to REQUIRED_SERVICES
+    common_run_container_tcpdump secondary
+}
+function run_container_tcpdump-alpha {
+    # To use add "tcpdump-alpha" to REQUIRED_SERVICES
+    common_run_container_tcpdump alpha
+}
+
+function common_run_container_tcpdump {
+    local DC="$1"
+
+    # we cant run this in circle but its only here to temporarily enable.
+
+#     docker.exe build --rm=false -t envoy-tcpdump -f Dockerfile-tcpdump-windows .
+
+    docker.exe run -d --name $(container_name_prev) \
+        $(network_snippet $DC) \
+        envoy-tcpdump \
+        -v -i any \
+        -w "/data/${DC}.pcap"
+}
+
+case "${1-}" in
+  "")
+    echo "command required"
+    exit 1 ;;
+  *)
+    "$@" ;;
+esac
diff --git a/test/integration/connect/envoy/windows-troubleshooting.md b/test/integration/connect/envoy/windows-troubleshooting.md
new file mode 100644
index 000000000000..a3a83e088808
--- /dev/null
+++ b/test/integration/connect/envoy/windows-troubleshooting.md
@@ -0,0 +1,90 @@
+# Envoy Integration Tests on Windows
+
+## Index
+
+- [About this Guide](#about-this-guide)
+- [Prerequisites](#prerequisites)
+- [Running the Tests](#running-the-tests)
+- [Troubleshooting](#troubleshooting)
+  - [About Envoy Integration Tests on Windows](#about-envoy-integration-tests-on-windows)
+  - [Common Errors](#common-errors)
+- [Windows Scripts Changes](#windows-scripts-changes)
+- [Volume Issues](#volume-issues)  
+
+## About this Guide
+
+On this guide you will find all the information required to run the Envoy integration tests on Windows.
+
+## Prerequisites
+
+To run the integration tests yo will need to have the following installed on your System:
+
+- GO v1.18(or later).
+- Gotestsum library [installation](https://pkg.go.dev/gotest.tools/gotestsum).
+- Docker.
+
+Before running the tests, you will need to build the required Docker images, to do so, you can use the script provided [here](../../../../build-support-windows/build-images.sh):
+
+- Build Images Script Execution
+  - From a Bash console (GitBash or WSL) execute: `./build-images.sh`
+
+## Running the Tests
+
+To execute the tests you need to run the following command depending on the shell you are using:  
+**On Powershell**:  
+`go test -v -timeout=30m -tags integration ./test/integration/connect/envoy -run="TestEnvoy/<TEST CASE>" -win=true`  
+Where **TEST CASE** is the individual test case we want to execute (e.g. case-badauthz).  
+
+**On Git Bash**:  
+`ENVOY_VERSION=<ENVOY VERSION> go test -v -timeout=30m -tags integration ./test/integration/connect/envoy -run="TestEnvoy/<TEST CASE>" -win=true`  
+Where **TEST CASE** is the individual test case we want to execute (e.g. case-badauthz), and **ENVOY VERSION** is the version which you are currently testing.
+
+> [!TIP]
+> When executing the integration tests using **Powershell** you may need to set the ENVOY_VERSION value manually in line 20 of the [run-tests.windows.sh](run-tests.windows.sh) file.
+
+> [!WARNING]
+> When executing the integration tests for Windows environments, the **End of Line Sequence** of every related file and/or script will be changed from **LF** to **CRLF**.
+
+### About Envoy Integration Tests on Windows
+
+Integration tests on Linux run a multi-container architecture that take advantage of the Host Network Docker feature, using this feature means that the container's network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated (read more about this [here](https://docs.docker.com/network/host/)). This feature is only available for Linux, which made migrating the tests to Windows challenging, since replicating the same architecture created more issues, that's why a **single container** architecture was chosen to run the Envoy integration tests.  
+Using a single container architecture meant that we could use the same tests as on linux, moreover we were able to speed-up their execution by replacing *docker run* commands which started utility containers, for *docker exec* commands.
+
+### Common errors
+
+If the tests are executed without docker running, the following error will be seen:
+
+```powershell
+error during connect: This error may indicate that the docker daemon is not running.: Post "http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile-bats-windows&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&shmsize=0&t=bats-verify&target=&ulimits=null&version=1": open //./pipe/docker_engine: The system cannot find the file specified.
+```
+
+If any of the docker images does not exist or is mistagged, an error similar to the following will be displayed:
+
+```powershell
+Error response from daemon: No such container: envoy_workdir_1
+```
+
+If you run the Windows tests from WSL you will get the following error message:
+
+```bash
+main_test.go:34: command failed: exec: "cmd": executable file not found in $PATH
+```
+
+## Windows Scripts Changes
+
+- The  "http-addr", "grpc-addr" and "admin-access-log-path" flags were added to the creation of the Envoy Bootstrap files.
+- To execute commands sh was replaced by bash on our Windows container.
+- All paths were updated to use Windows format.
+- Created *stop_and_copy_files* function to copy files into the shared volume (see [volume issues](#volume-issues)).
+- Changed the *-admin-bind* value from `0.0.0.0` to `127.0.0.1` when generating the Envoy Bootstrap files.
+- Removed the *&&* from the *common_run_container_service's* docker exec command and replaced it with *\*.
+- Removed *docker_wget* and *docker_curl* functions from [helpers.windows.bash](helpers.windows.bash) file and replaced them with **docker_consul_exec**, this way we avoid starting intermediate containers when capturing logs.
+- The function *wipe_volumes* uses a `docker exec` command instead of the original `docker run`, this way we speed up test execution by avoiding to start a new container just to delete volume content before each test run.
+- For **case-grpc** we increased the `envoy_stats_flush_interval` value from 1s to 5s, on Windows, the original value caused the test to pass or fail randomly.
+- For **case-wanfed-gw** a new script was created: **global-setup-windows.sh**, this file replaces global-setup.sh when running this test in Windows. The new script uses the windows/consul:local Docker image to generate the required TLS files and copies them into host's workdir directory.
+- To use the **debug_dump_volumes** function, you need to use it via Powershell and execute the following command: `bash run-tests.windows.sh debug_dump_volumes` Make sure to be positioned with your terminal in the correct directory.
+- For **case-consul-exec** this case can only be run when using the consul-dev Docker image on this repository, since it relies on features implemented only here. These features are: Windows valid default value for "-admin-access-log-path" and `consul connect envoy` command starts Envoy. This features have also been submitted in [PR#15114](https://github.com/hashicorp/consul/pull/15114).  
+
+## Volume Issues
+
+Another difference that arose when migrating the tests from Linux to Windows, is that file system operations can't be executed while Windows containers are running. Currently, when running the tests a **named volume** is created and all of the required files are copied into that volume. Because of the constraint mentioned before, the workaround we implemented was creating a function (**stop_and_copy_files**) that stops the *kubernetes/pause* container and executes a script to copy the required files and finally starts the container again.

From 926db9c8a61c631a2a060dbdfbdf894249ba860c Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Fri, 21 Jul 2023 08:21:25 -0700
Subject: [PATCH 201/359] fix typos and update ecs compat table (#18215)

* fix typos and update ecs compat table

* real info for the ecs compat matrix table

* Update website/content/docs/ecs/compatibility.mdx

Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>

---------

Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
---
 website/content/docs/ecs/compatibility.mdx        | 15 +++++++--------
 .../content/docs/lambda/registration/automate.mdx |  4 ++--
 website/content/docs/nia/usage/run-ha.mdx         | 14 ++++++++------
 3 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/website/content/docs/ecs/compatibility.mdx b/website/content/docs/ecs/compatibility.mdx
index 803d4e3c269b..8fc0fd0808cd 100644
--- a/website/content/docs/ecs/compatibility.mdx
+++ b/website/content/docs/ecs/compatibility.mdx
@@ -5,19 +5,18 @@ description: >-
   The binary for Consul on Amazon Web Services ECS and the Terraform modules for automating deployments are tightly coupled and have specific version requirements. Review compatibility information for versions of Consul and `consul-ecs` to help you choose compatible versions.
 ---
 
-# Consul on AWS Elastic Container Service (ECS) Compatability Matrix
+# Consul on AWS Elastic Container Service (ECS) compatability matrix
 
 For every release of Consul on ECS, the `consul-ecs` binary and `consul-ecs` Terraform module are updated. The versions of the Terraform module and binary are tightly coupled. For example, `consul-ecs` 0.5.2 binary must use the `consul-ecs` 0.5.2 Terraform module.
 
 ## Supported Consul versions
 
-| Consul Version | Compatible consul-ecs Versions  |
-| -------------- | ------------------------------- |
-| 1.14.x         | 0.5.2+                          |
-| 1.13.x         | 0.5.2+                          |
-| 1.12.x         | 0.5.x                           |
-| 1.11.x         | 0.3.0, 0.4.x                    |
-| 1.10.x         | 0.2.x                           |
+| Consul Version          | Compatible consul-ecs Version |
+|----------------------- | ----------------------------- |
+| 1.15.x, 1.14.x, 1.13.x | 0.6.x                         |
+| 1.14.x, 1.13.x, 1.12.x | 0.5.2+                        |
+| 1.11.x                 | 0.3.0, 0.4.x                  |
+| 1.10.x                 | 0.2.x                         |
 
 
 ## Supported Envoy versions
diff --git a/website/content/docs/lambda/registration/automate.mdx b/website/content/docs/lambda/registration/automate.mdx
index 4614be695032..8a118aa8605a 100644
--- a/website/content/docs/lambda/registration/automate.mdx
+++ b/website/content/docs/lambda/registration/automate.mdx
@@ -1,11 +1,11 @@
 ---
 layout: docs
-page_title: Automate Lambda Function Registeration
+page_title: Automate Lambda function registration
 description: >-
   Register AWS Lambda functions with Consul service mesh using the Consul Lambda registrator. The Consul Lambda registrator automates Lambda function registration.
 ---
 
-# Automate Lambda Function Registeration
+# Automate Lambda function registration
 
 This topic describes how to automate Lambda function registration using Consul's Lambda registrator module for Terraform.
 
diff --git a/website/content/docs/nia/usage/run-ha.mdx b/website/content/docs/nia/usage/run-ha.mdx
index 1623cd66ce3b..31d2251564e9 100644
--- a/website/content/docs/nia/usage/run-ha.mdx
+++ b/website/content/docs/nia/usage/run-ha.mdx
@@ -1,14 +1,16 @@
 ---
 layout: docs
-page_title: Run Consul-Terraform-Sync with High Availability
+page_title: Run Consul-Terraform-Sync with high availability
 description: >-
   Improve network automation resiliency by enabling high availability for Consul-Terraform-Sync. HA enables persistent task and event data so that CTS functions as expected during a failover event.
 ---
 
-# Run Consul-Terraform-Sync with High Availability
+# Run Consul-Terraform-Sync with high availability
+
 <EnterpriseAlert>
-  Licenses are only required for Consul-Terraform-Sync (CTS) Enterprise
+  An enterpise license is only required for enterprise distributions of Consul-Terraform-Sync (CTS).
 </EnterpriseAlert>
+
 This topic describes how to run Consul-Terraform-Sync (CTS) configured for high availability. High availability is an enterprise capability that ensures that all changes to Consul that occur during a failover transition are processed and that CTS continues to operate as expected.
 
 ## Introduction
@@ -120,9 +122,9 @@ When high availability is enabled, CTS persists task and event data. Refer to [S
 
 You can use the following methods for modifying tasks when high availability is enabled. We recommend choosing a single method to make all task configuration changes because inconsistencies between the state and the configuration can occur when mixing methods.
 
-### Delete and recreate the task (recommended)
+### Delete and recreate the task 
  
-Use the CTS API to identify the CTS leader instance as well as delete and replace a task. 
+We recommend deleting and recreating a task if you need to make a modification. Use the CTS API to identify the CTS leader instance and replace a task. 
 
 1. Identify the leader CTS instance by either making a call to the [`status/cluster` API endpoint](/consul/docs/nia/api/status#cluster-status) or by checking the logs for the following entry:
 
@@ -143,7 +145,7 @@ Use the CTS API to identify the CTS leader instance as well as delete and replac
   --request POST \  
   --data @payload.json \
   localhost:8558/v1/tasks
-``` 
+  ``` 
   
   You can also use the [`task-create` command](/consul/docs/nia/cli/task#task-create) to complete this step.
 

From c932d797a765c16791f8dd89a209936106b885e6 Mon Sep 17 00:00:00 2001
From: Nitya Dhanushkodi <nitya@hashicorp.com>
Date: Fri, 21 Jul 2023 09:21:39 -0700
Subject: [PATCH 202/359] [OSS] proxystate: add proxystate protos (#18216)

* proxystate: add proxystate protos to pbmesh and resolve imports and conflicts between message names
---
 .../pbmesh/v1alpha1/access_logs.pb.binary.go  |   18 +
 .../pbmesh/v1alpha1/access_logs.pb.go         |  319 +++
 .../pbmesh/v1alpha1/access_logs.proto         |   32 +
 .../pbmesh/v1alpha1/address.pb.binary.go      |   18 +
 proto-public/pbmesh/v1alpha1/address.pb.go    |  173 ++
 proto-public/pbmesh/v1alpha1/address.proto    |   11 +
 .../pbmesh/v1alpha1/cluster.pb.binary.go      |  248 ++
 proto-public/pbmesh/v1alpha1/cluster.pb.go    | 2449 +++++++++++++++++
 proto-public/pbmesh/v1alpha1/cluster.proto    |  179 ++
 .../pbmesh/v1alpha1/endpoints.pb.binary.go    |   28 +
 proto-public/pbmesh/v1alpha1/endpoints.pb.go  |  390 +++
 proto-public/pbmesh/v1alpha1/endpoints.proto  |   32 +
 .../v1alpha1/escape_hatches.pb.binary.go      |   18 +
 .../pbmesh/v1alpha1/escape_hatches.pb.go      |  167 ++
 .../pbmesh/v1alpha1/escape_hatches.proto      |   11 +
 .../v1alpha1/header_mutations.pb.binary.go    |   68 +
 .../pbmesh/v1alpha1/header_mutations.pb.go    |  681 +++++
 .../pbmesh/v1alpha1/header_mutations.proto    |   47 +
 .../pbmesh/v1alpha1/intentions.pb.binary.go   |   28 +
 proto-public/pbmesh/v1alpha1/intentions.pb.go |  206 ++
 proto-public/pbmesh/v1alpha1/intentions.proto |   10 +
 .../pbmesh/v1alpha1/listener.pb.binary.go     |   78 +
 proto-public/pbmesh/v1alpha1/listener.pb.go   | 1174 ++++++++
 proto-public/pbmesh/v1alpha1/listener.proto   |  123 +
 .../pbmesh/v1alpha1/proxy_state.pb.binary.go  |   28 +
 .../pbmesh/v1alpha1/proxy_state.pb.go         |  552 ++++
 .../pbmesh/v1alpha1/proxy_state.proto         |   55 +
 .../pbmesh/v1alpha1/references.pb.binary.go   |   38 +
 proto-public/pbmesh/v1alpha1/references.pb.go |  365 +++
 proto-public/pbmesh/v1alpha1/references.proto |   29 +
 .../pbmesh/v1alpha1/route.pb.binary.go        |  178 ++
 proto-public/pbmesh/v1alpha1/route.pb.go      | 1879 +++++++++++++
 proto-public/pbmesh/v1alpha1/route.proto      |  138 +
 .../v1alpha1/transport_socket.pb.binary.go    |  138 +
 .../pbmesh/v1alpha1/transport_socket.pb.go    | 1488 ++++++++++
 .../pbmesh/v1alpha1/transport_socket.proto    |  136 +
 .../v1alpha1/upstreams_configuration.pb.go    |  123 +-
 .../v1alpha1/upstreams_configuration.proto    |    7 +-
 38 files changed, 11604 insertions(+), 58 deletions(-)
 create mode 100644 proto-public/pbmesh/v1alpha1/access_logs.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/access_logs.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/access_logs.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/address.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/address.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/address.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/cluster.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/cluster.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/cluster.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/endpoints.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/endpoints.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/endpoints.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/escape_hatches.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/escape_hatches.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/escape_hatches.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/header_mutations.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/header_mutations.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/header_mutations.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/intentions.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/intentions.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/intentions.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/listener.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/listener.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/listener.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/proxy_state.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/proxy_state.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/proxy_state.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/references.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/references.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/references.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/route.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/route.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/route.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/transport_socket.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/transport_socket.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/transport_socket.proto

diff --git a/proto-public/pbmesh/v1alpha1/access_logs.pb.binary.go b/proto-public/pbmesh/v1alpha1/access_logs.pb.binary.go
new file mode 100644
index 000000000000..0621e7a4793a
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/access_logs.pb.binary.go
@@ -0,0 +1,18 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/access_logs.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *AccessLogs) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *AccessLogs) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/access_logs.pb.go b/proto-public/pbmesh/v1alpha1/access_logs.pb.go
new file mode 100644
index 000000000000..e12349e92e41
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/access_logs.pb.go
@@ -0,0 +1,319 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/access_logs.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type LogSinkType int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	LogSinkType_LOG_SINK_TYPE_DEFAULT LogSinkType = 0
+	LogSinkType_LOG_SINK_TYPE_FILE    LogSinkType = 1
+	LogSinkType_LOG_SINK_TYPE_STDERR  LogSinkType = 2
+	LogSinkType_LOG_SINK_TYPE_STDOUT  LogSinkType = 3
+)
+
+// Enum value maps for LogSinkType.
+var (
+	LogSinkType_name = map[int32]string{
+		0: "LOG_SINK_TYPE_DEFAULT",
+		1: "LOG_SINK_TYPE_FILE",
+		2: "LOG_SINK_TYPE_STDERR",
+		3: "LOG_SINK_TYPE_STDOUT",
+	}
+	LogSinkType_value = map[string]int32{
+		"LOG_SINK_TYPE_DEFAULT": 0,
+		"LOG_SINK_TYPE_FILE":    1,
+		"LOG_SINK_TYPE_STDERR":  2,
+		"LOG_SINK_TYPE_STDOUT":  3,
+	}
+)
+
+func (x LogSinkType) Enum() *LogSinkType {
+	p := new(LogSinkType)
+	*p = x
+	return p
+}
+
+func (x LogSinkType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (LogSinkType) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_access_logs_proto_enumTypes[0].Descriptor()
+}
+
+func (LogSinkType) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_access_logs_proto_enumTypes[0]
+}
+
+func (x LogSinkType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use LogSinkType.Descriptor instead.
+func (LogSinkType) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_access_logs_proto_rawDescGZIP(), []int{0}
+}
+
+type AccessLogs struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// enabled enables access logging.
+	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
+	// disable_listener_logs turns off just listener logs for connections rejected by Envoy because they don't
+	// have a matching listener filter.
+	DisableListenerLogs bool `protobuf:"varint,2,opt,name=disable_listener_logs,json=disableListenerLogs,proto3" json:"disable_listener_logs,omitempty"`
+	// type selects the output for logs: "file", "stderr". "stdout"
+	Type LogSinkType `protobuf:"varint,3,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.LogSinkType" json:"type,omitempty"`
+	// path is the output file to write logs
+	Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
+	// The presence of one format string or the other implies the access log string encoding.
+	// Defining both is invalid.
+	//
+	// Types that are assignable to Format:
+	//
+	//	*AccessLogs_Json
+	//	*AccessLogs_Text
+	Format isAccessLogs_Format `protobuf_oneof:"format"`
+}
+
+func (x *AccessLogs) Reset() {
+	*x = AccessLogs{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_access_logs_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *AccessLogs) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AccessLogs) ProtoMessage() {}
+
+func (x *AccessLogs) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_access_logs_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AccessLogs.ProtoReflect.Descriptor instead.
+func (*AccessLogs) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_access_logs_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *AccessLogs) GetEnabled() bool {
+	if x != nil {
+		return x.Enabled
+	}
+	return false
+}
+
+func (x *AccessLogs) GetDisableListenerLogs() bool {
+	if x != nil {
+		return x.DisableListenerLogs
+	}
+	return false
+}
+
+func (x *AccessLogs) GetType() LogSinkType {
+	if x != nil {
+		return x.Type
+	}
+	return LogSinkType_LOG_SINK_TYPE_DEFAULT
+}
+
+func (x *AccessLogs) GetPath() string {
+	if x != nil {
+		return x.Path
+	}
+	return ""
+}
+
+func (m *AccessLogs) GetFormat() isAccessLogs_Format {
+	if m != nil {
+		return m.Format
+	}
+	return nil
+}
+
+func (x *AccessLogs) GetJson() string {
+	if x, ok := x.GetFormat().(*AccessLogs_Json); ok {
+		return x.Json
+	}
+	return ""
+}
+
+func (x *AccessLogs) GetText() string {
+	if x, ok := x.GetFormat().(*AccessLogs_Text); ok {
+		return x.Text
+	}
+	return ""
+}
+
+type isAccessLogs_Format interface {
+	isAccessLogs_Format()
+}
+
+type AccessLogs_Json struct {
+	Json string `protobuf:"bytes,5,opt,name=json,proto3,oneof"`
+}
+
+type AccessLogs_Text struct {
+	Text string `protobuf:"bytes,6,opt,name=text,proto3,oneof"`
+}
+
+func (*AccessLogs_Json) isAccessLogs_Format() {}
+
+func (*AccessLogs_Text) isAccessLogs_Format() {}
+
+var File_pbmesh_v1alpha1_access_logs_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_access_logs_proto_rawDesc = []byte{
+	0x0a, 0x21, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x22, 0xe5, 0x01, 0x0a, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f,
+	0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x32, 0x0a, 0x15,
+	0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
+	0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x64, 0x69, 0x73,
+	0x61, 0x62, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x73,
+	0x12, 0x3f, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x14, 0x0a, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x05, 0x20,
+	0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x04, 0x74,
+	0x65, 0x78, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x04, 0x74, 0x65, 0x78,
+	0x74, 0x42, 0x08, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x2a, 0x74, 0x0a, 0x0b, 0x4c,
+	0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x15, 0x4c, 0x4f,
+	0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41,
+	0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e,
+	0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x18, 0x0a,
+	0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53,
+	0x54, 0x44, 0x45, 0x52, 0x52, 0x10, 0x02, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53,
+	0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x4f, 0x55, 0x54, 0x10,
+	0x03, 0x42, 0x97, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x4c, 0x6f, 0x67, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74,
+	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70,
+	0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68,
+	0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
+	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
+	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73,
+	0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_access_logs_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_access_logs_proto_rawDescData = file_pbmesh_v1alpha1_access_logs_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_access_logs_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_access_logs_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_access_logs_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_access_logs_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_access_logs_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_access_logs_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbmesh_v1alpha1_access_logs_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_pbmesh_v1alpha1_access_logs_proto_goTypes = []interface{}{
+	(LogSinkType)(0),   // 0: hashicorp.consul.mesh.v1alpha1.LogSinkType
+	(*AccessLogs)(nil), // 1: hashicorp.consul.mesh.v1alpha1.AccessLogs
+}
+var file_pbmesh_v1alpha1_access_logs_proto_depIdxs = []int32{
+	0, // 0: hashicorp.consul.mesh.v1alpha1.AccessLogs.type:type_name -> hashicorp.consul.mesh.v1alpha1.LogSinkType
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_access_logs_proto_init() }
+func file_pbmesh_v1alpha1_access_logs_proto_init() {
+	if File_pbmesh_v1alpha1_access_logs_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_access_logs_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*AccessLogs); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_access_logs_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*AccessLogs_Json)(nil),
+		(*AccessLogs_Text)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_access_logs_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_access_logs_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_access_logs_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_access_logs_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_access_logs_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_access_logs_proto = out.File
+	file_pbmesh_v1alpha1_access_logs_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_access_logs_proto_goTypes = nil
+	file_pbmesh_v1alpha1_access_logs_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/access_logs.proto b/proto-public/pbmesh/v1alpha1/access_logs.proto
new file mode 100644
index 000000000000..4306ece93897
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/access_logs.proto
@@ -0,0 +1,32 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+message AccessLogs {
+  // enabled enables access logging.
+  bool enabled = 1;
+  // disable_listener_logs turns off just listener logs for connections rejected by Envoy because they don't
+  // have a matching listener filter.
+  bool disable_listener_logs = 2;
+  // type selects the output for logs: "file", "stderr". "stdout"
+  LogSinkType type = 3;
+  // path is the output file to write logs
+  string path = 4;
+  // The presence of one format string or the other implies the access log string encoding.
+  // Defining both is invalid.
+  oneof format {
+    string json = 5;
+    string text = 6;
+  }
+}
+
+enum LogSinkType {
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  LOG_SINK_TYPE_DEFAULT = 0;
+  LOG_SINK_TYPE_FILE = 1;
+  LOG_SINK_TYPE_STDERR = 2;
+  LOG_SINK_TYPE_STDOUT = 3;
+}
diff --git a/proto-public/pbmesh/v1alpha1/address.pb.binary.go b/proto-public/pbmesh/v1alpha1/address.pb.binary.go
new file mode 100644
index 000000000000..32e199fffb48
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/address.pb.binary.go
@@ -0,0 +1,18 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/address.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HostPortAddress) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HostPortAddress) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/address.pb.go b/proto-public/pbmesh/v1alpha1/address.pb.go
new file mode 100644
index 000000000000..8fd8d704806e
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/address.pb.go
@@ -0,0 +1,173 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/address.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type HostPortAddress struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
+	Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
+}
+
+func (x *HostPortAddress) Reset() {
+	*x = HostPortAddress{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_address_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HostPortAddress) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HostPortAddress) ProtoMessage() {}
+
+func (x *HostPortAddress) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_address_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HostPortAddress.ProtoReflect.Descriptor instead.
+func (*HostPortAddress) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_address_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *HostPortAddress) GetHost() string {
+	if x != nil {
+		return x.Host
+	}
+	return ""
+}
+
+func (x *HostPortAddress) GetPort() uint32 {
+	if x != nil {
+		return x.Port
+	}
+	return 0
+}
+
+var File_pbmesh_v1alpha1_address_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_address_proto_rawDesc = []byte{
+	0x0a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22,
+	0x39, 0x0a, 0x0f, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65,
+	0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x94, 0x02, 0x0a, 0x22, 0x63,
+	0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x42, 0x0c, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+	0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65,
+	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02,
+	0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca,
+	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_address_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_address_proto_rawDescData = file_pbmesh_v1alpha1_address_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_address_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_address_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_address_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_address_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_address_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_address_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_pbmesh_v1alpha1_address_proto_goTypes = []interface{}{
+	(*HostPortAddress)(nil), // 0: hashicorp.consul.mesh.v1alpha1.HostPortAddress
+}
+var file_pbmesh_v1alpha1_address_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_address_proto_init() }
+func file_pbmesh_v1alpha1_address_proto_init() {
+	if File_pbmesh_v1alpha1_address_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_address_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HostPortAddress); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_address_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_address_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_address_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_address_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_address_proto = out.File
+	file_pbmesh_v1alpha1_address_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_address_proto_goTypes = nil
+	file_pbmesh_v1alpha1_address_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/address.proto b/proto-public/pbmesh/v1alpha1/address.proto
new file mode 100644
index 000000000000..23e59c95ab7a
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/address.proto
@@ -0,0 +1,11 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+message HostPortAddress {
+  string host = 1;
+  uint32 port = 2;
+}
diff --git a/proto-public/pbmesh/v1alpha1/cluster.pb.binary.go b/proto-public/pbmesh/v1alpha1/cluster.pb.binary.go
new file mode 100644
index 000000000000..6db01bde8e51
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/cluster.pb.binary.go
@@ -0,0 +1,248 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/cluster.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *Cluster) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *Cluster) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *FailoverGroup) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *FailoverGroup) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *FailoverGroupConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *FailoverGroupConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *EndpointGroup) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *EndpointGroup) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *DynamicEndpointGroup) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *DynamicEndpointGroup) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *PassthroughEndpointGroup) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *PassthroughEndpointGroup) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *DNSEndpointGroup) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *DNSEndpointGroup) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *StaticEndpointGroup) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *StaticEndpointGroup) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *L4WeightedClusterGroup) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *L4WeightedClusterGroup) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *L7WeightedClusterGroup) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *L7WeightedClusterGroup) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *L4WeightedDestinationCluster) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *L4WeightedDestinationCluster) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *L7WeightedDestinationCluster) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *L7WeightedDestinationCluster) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *DynamicEndpointGroupConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *DynamicEndpointGroupConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *LBPolicyLeastRequest) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *LBPolicyLeastRequest) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *LBPolicyRoundRobin) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *LBPolicyRoundRobin) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *LBPolicyRandom) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *LBPolicyRandom) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *LBPolicyRingHash) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *LBPolicyRingHash) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *LBPolicyMaglev) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *LBPolicyMaglev) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *CircuitBreakers) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *CircuitBreakers) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *OutlierDetection) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *OutlierDetection) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *UpstreamConnectionOptions) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *UpstreamConnectionOptions) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *PassthroughEndpointGroupConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *PassthroughEndpointGroupConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *DNSEndpointGroupConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *DNSEndpointGroupConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *StaticEndpointGroupConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *StaticEndpointGroupConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/cluster.pb.go b/proto-public/pbmesh/v1alpha1/cluster.pb.go
new file mode 100644
index 000000000000..dd240befcdea
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/cluster.pb.go
@@ -0,0 +1,2449 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/cluster.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
+	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type DiscoveryType int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	DiscoveryType_DISCOVERY_TYPE_LOGICAL DiscoveryType = 0
+	DiscoveryType_DISCOVERY_TYPE_STRICT  DiscoveryType = 1
+)
+
+// Enum value maps for DiscoveryType.
+var (
+	DiscoveryType_name = map[int32]string{
+		0: "DISCOVERY_TYPE_LOGICAL",
+		1: "DISCOVERY_TYPE_STRICT",
+	}
+	DiscoveryType_value = map[string]int32{
+		"DISCOVERY_TYPE_LOGICAL": 0,
+		"DISCOVERY_TYPE_STRICT":  1,
+	}
+)
+
+func (x DiscoveryType) Enum() *DiscoveryType {
+	p := new(DiscoveryType)
+	*p = x
+	return p
+}
+
+func (x DiscoveryType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (DiscoveryType) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_cluster_proto_enumTypes[0].Descriptor()
+}
+
+func (DiscoveryType) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_cluster_proto_enumTypes[0]
+}
+
+func (x DiscoveryType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use DiscoveryType.Descriptor instead.
+func (DiscoveryType) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{0}
+}
+
+type Cluster struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// group is either a failover group or endpoint group. If this cluster needs to failover to other clusters, use the failover group. If this cluster routes directly to endpoints, use the endpoint group.
+	//
+	// Types that are assignable to Group:
+	//
+	//	*Cluster_FailoverGroup
+	//	*Cluster_EndpointGroup
+	Group isCluster_Group `protobuf_oneof:"group"`
+	// escape_hatch_cluster_json configures a user configured escape hatch cluster.
+	EscapeHatchClusterJson string `protobuf:"bytes,3,opt,name=escape_hatch_cluster_json,json=escapeHatchClusterJson,proto3" json:"escape_hatch_cluster_json,omitempty"`
+}
+
+func (x *Cluster) Reset() {
+	*x = Cluster{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Cluster) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Cluster) ProtoMessage() {}
+
+func (x *Cluster) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Cluster.ProtoReflect.Descriptor instead.
+func (*Cluster) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{0}
+}
+
+func (m *Cluster) GetGroup() isCluster_Group {
+	if m != nil {
+		return m.Group
+	}
+	return nil
+}
+
+func (x *Cluster) GetFailoverGroup() *FailoverGroup {
+	if x, ok := x.GetGroup().(*Cluster_FailoverGroup); ok {
+		return x.FailoverGroup
+	}
+	return nil
+}
+
+func (x *Cluster) GetEndpointGroup() *EndpointGroup {
+	if x, ok := x.GetGroup().(*Cluster_EndpointGroup); ok {
+		return x.EndpointGroup
+	}
+	return nil
+}
+
+func (x *Cluster) GetEscapeHatchClusterJson() string {
+	if x != nil {
+		return x.EscapeHatchClusterJson
+	}
+	return ""
+}
+
+type isCluster_Group interface {
+	isCluster_Group()
+}
+
+type Cluster_FailoverGroup struct {
+	FailoverGroup *FailoverGroup `protobuf:"bytes,1,opt,name=failover_group,json=failoverGroup,proto3,oneof"`
+}
+
+type Cluster_EndpointGroup struct {
+	EndpointGroup *EndpointGroup `protobuf:"bytes,2,opt,name=endpoint_group,json=endpointGroup,proto3,oneof"`
+}
+
+func (*Cluster_FailoverGroup) isCluster_Group() {}
+
+func (*Cluster_EndpointGroup) isCluster_Group() {}
+
+type FailoverGroup struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name of the failover group.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// endpoint_groups is an ordered list of which groups to failover to.
+	EndpointGroups []*EndpointGroup     `protobuf:"bytes,2,rep,name=endpoint_groups,json=endpointGroups,proto3" json:"endpoint_groups,omitempty"`
+	Config         *FailoverGroupConfig `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
+}
+
+func (x *FailoverGroup) Reset() {
+	*x = FailoverGroup{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FailoverGroup) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FailoverGroup) ProtoMessage() {}
+
+func (x *FailoverGroup) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FailoverGroup.ProtoReflect.Descriptor instead.
+func (*FailoverGroup) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *FailoverGroup) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *FailoverGroup) GetEndpointGroups() []*EndpointGroup {
+	if x != nil {
+		return x.EndpointGroups
+	}
+	return nil
+}
+
+func (x *FailoverGroup) GetConfig() *FailoverGroupConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+type FailoverGroupConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	UseAltStatName bool                 `protobuf:"varint,1,opt,name=use_alt_stat_name,json=useAltStatName,proto3" json:"use_alt_stat_name,omitempty"`
+	ConnectTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
+}
+
+func (x *FailoverGroupConfig) Reset() {
+	*x = FailoverGroupConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FailoverGroupConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FailoverGroupConfig) ProtoMessage() {}
+
+func (x *FailoverGroupConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FailoverGroupConfig.ProtoReflect.Descriptor instead.
+func (*FailoverGroupConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *FailoverGroupConfig) GetUseAltStatName() bool {
+	if x != nil {
+		return x.UseAltStatName
+	}
+	return false
+}
+
+func (x *FailoverGroupConfig) GetConnectTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.ConnectTimeout
+	}
+	return nil
+}
+
+type EndpointGroup struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Group:
+	//
+	//	*EndpointGroup_Dynamic
+	//	*EndpointGroup_Static
+	//	*EndpointGroup_Dns
+	//	*EndpointGroup_Passthrough
+	Group isEndpointGroup_Group `protobuf_oneof:"group"`
+}
+
+func (x *EndpointGroup) Reset() {
+	*x = EndpointGroup{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EndpointGroup) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EndpointGroup) ProtoMessage() {}
+
+func (x *EndpointGroup) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EndpointGroup.ProtoReflect.Descriptor instead.
+func (*EndpointGroup) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{3}
+}
+
+func (m *EndpointGroup) GetGroup() isEndpointGroup_Group {
+	if m != nil {
+		return m.Group
+	}
+	return nil
+}
+
+func (x *EndpointGroup) GetDynamic() *DynamicEndpointGroup {
+	if x, ok := x.GetGroup().(*EndpointGroup_Dynamic); ok {
+		return x.Dynamic
+	}
+	return nil
+}
+
+func (x *EndpointGroup) GetStatic() *StaticEndpointGroup {
+	if x, ok := x.GetGroup().(*EndpointGroup_Static); ok {
+		return x.Static
+	}
+	return nil
+}
+
+func (x *EndpointGroup) GetDns() *DNSEndpointGroup {
+	if x, ok := x.GetGroup().(*EndpointGroup_Dns); ok {
+		return x.Dns
+	}
+	return nil
+}
+
+func (x *EndpointGroup) GetPassthrough() *PassthroughEndpointGroup {
+	if x, ok := x.GetGroup().(*EndpointGroup_Passthrough); ok {
+		return x.Passthrough
+	}
+	return nil
+}
+
+type isEndpointGroup_Group interface {
+	isEndpointGroup_Group()
+}
+
+type EndpointGroup_Dynamic struct {
+	// dynamic endpoint group is used to reach mesh destinations that are dynamically configured from Consul's catalog.
+	Dynamic *DynamicEndpointGroup `protobuf:"bytes,1,opt,name=dynamic,proto3,oneof"`
+}
+
+type EndpointGroup_Static struct {
+	// static endpoint group is used to reach local app ports.
+	Static *StaticEndpointGroup `protobuf:"bytes,2,opt,name=static,proto3,oneof"`
+}
+
+type EndpointGroup_Dns struct {
+	// dns is used to reach mesh and non-mesh destinations using a hostname.
+	Dns *DNSEndpointGroup `protobuf:"bytes,3,opt,name=dns,proto3,oneof"`
+}
+
+type EndpointGroup_Passthrough struct {
+	// passthrough is used to reach destinations that don't have endpoints saved in Consul.
+	Passthrough *PassthroughEndpointGroup `protobuf:"bytes,4,opt,name=passthrough,proto3,oneof"`
+}
+
+func (*EndpointGroup_Dynamic) isEndpointGroup_Group() {}
+
+func (*EndpointGroup_Static) isEndpointGroup_Group() {}
+
+func (*EndpointGroup_Dns) isEndpointGroup_Group() {}
+
+func (*EndpointGroup_Passthrough) isEndpointGroup_Group() {}
+
+type DynamicEndpointGroup struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name will be the name of the Envoy cluster created by this endpoint group.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// config configures how to connect to the endpoints.
+	Config *DynamicEndpointGroupConfig `protobuf:"bytes,2,opt,name=config,proto3" json:"config,omitempty"`
+	// outbound_tls will configure what TLS information to use when connecting to an upstream.
+	OutboundTls *TransportSocket `protobuf:"bytes,3,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
+}
+
+func (x *DynamicEndpointGroup) Reset() {
+	*x = DynamicEndpointGroup{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DynamicEndpointGroup) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DynamicEndpointGroup) ProtoMessage() {}
+
+func (x *DynamicEndpointGroup) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DynamicEndpointGroup.ProtoReflect.Descriptor instead.
+func (*DynamicEndpointGroup) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *DynamicEndpointGroup) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *DynamicEndpointGroup) GetConfig() *DynamicEndpointGroupConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+func (x *DynamicEndpointGroup) GetOutboundTls() *TransportSocket {
+	if x != nil {
+		return x.OutboundTls
+	}
+	return nil
+}
+
+type PassthroughEndpointGroup struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name will be the name of the Envoy cluster created by this endpoint group.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// config configures how to connect to the endpoints.
+	Config *PassthroughEndpointGroupConfig `protobuf:"bytes,2,opt,name=config,proto3" json:"config,omitempty"`
+	// outbound_tls will configure what TLS information to use when connecting to an upstream.
+	OutboundTls *TransportSocket `protobuf:"bytes,3,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
+}
+
+func (x *PassthroughEndpointGroup) Reset() {
+	*x = PassthroughEndpointGroup{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *PassthroughEndpointGroup) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PassthroughEndpointGroup) ProtoMessage() {}
+
+func (x *PassthroughEndpointGroup) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use PassthroughEndpointGroup.ProtoReflect.Descriptor instead.
+func (*PassthroughEndpointGroup) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *PassthroughEndpointGroup) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *PassthroughEndpointGroup) GetConfig() *PassthroughEndpointGroupConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+func (x *PassthroughEndpointGroup) GetOutboundTls() *TransportSocket {
+	if x != nil {
+		return x.OutboundTls
+	}
+	return nil
+}
+
+type DNSEndpointGroup struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name will be the name of the Envoy cluster created by this endpoint group.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// config configures how to connect to the endpoints.
+	Config *DNSEndpointGroupConfig `protobuf:"bytes,2,opt,name=config,proto3" json:"config,omitempty"`
+	// outbound_tls will configure what TLS information to use when connecting to an upstream.
+	OutboundTls *TransportSocket `protobuf:"bytes,3,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
+}
+
+func (x *DNSEndpointGroup) Reset() {
+	*x = DNSEndpointGroup{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DNSEndpointGroup) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DNSEndpointGroup) ProtoMessage() {}
+
+func (x *DNSEndpointGroup) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DNSEndpointGroup.ProtoReflect.Descriptor instead.
+func (*DNSEndpointGroup) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *DNSEndpointGroup) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *DNSEndpointGroup) GetConfig() *DNSEndpointGroupConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+func (x *DNSEndpointGroup) GetOutboundTls() *TransportSocket {
+	if x != nil {
+		return x.OutboundTls
+	}
+	return nil
+}
+
+// StaticEndpointGroup is used to reach local app ports.
+type StaticEndpointGroup struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name will be the name of the Envoy cluster created by this endpoint group.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// config configures how to connect to the endpoints.
+	Config *StaticEndpointGroupConfig `protobuf:"bytes,2,opt,name=config,proto3" json:"config,omitempty"`
+}
+
+func (x *StaticEndpointGroup) Reset() {
+	*x = StaticEndpointGroup{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *StaticEndpointGroup) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*StaticEndpointGroup) ProtoMessage() {}
+
+func (x *StaticEndpointGroup) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use StaticEndpointGroup.ProtoReflect.Descriptor instead.
+func (*StaticEndpointGroup) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *StaticEndpointGroup) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *StaticEndpointGroup) GetConfig() *StaticEndpointGroupConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+type L4WeightedClusterGroup struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// clusters to route to by weight.
+	Clusters []*L4WeightedDestinationCluster `protobuf:"bytes,1,rep,name=clusters,proto3" json:"clusters,omitempty"`
+}
+
+func (x *L4WeightedClusterGroup) Reset() {
+	*x = L4WeightedClusterGroup{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L4WeightedClusterGroup) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L4WeightedClusterGroup) ProtoMessage() {}
+
+func (x *L4WeightedClusterGroup) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L4WeightedClusterGroup.ProtoReflect.Descriptor instead.
+func (*L4WeightedClusterGroup) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *L4WeightedClusterGroup) GetClusters() []*L4WeightedDestinationCluster {
+	if x != nil {
+		return x.Clusters
+	}
+	return nil
+}
+
+type L7WeightedClusterGroup struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// clusters to route to by weight.
+	Clusters []*L7WeightedDestinationCluster `protobuf:"bytes,1,rep,name=clusters,proto3" json:"clusters,omitempty"`
+}
+
+func (x *L7WeightedClusterGroup) Reset() {
+	*x = L7WeightedClusterGroup{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L7WeightedClusterGroup) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L7WeightedClusterGroup) ProtoMessage() {}
+
+func (x *L7WeightedClusterGroup) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L7WeightedClusterGroup.ProtoReflect.Descriptor instead.
+func (*L7WeightedClusterGroup) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *L7WeightedClusterGroup) GetClusters() []*L7WeightedDestinationCluster {
+	if x != nil {
+		return x.Clusters
+	}
+	return nil
+}
+
+type L4WeightedDestinationCluster struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name is the name of the cluster. This will be used to look up a cluster in the clusters map.
+	Name   string                  `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Weight *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=weight,proto3" json:"weight,omitempty"`
+}
+
+func (x *L4WeightedDestinationCluster) Reset() {
+	*x = L4WeightedDestinationCluster{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L4WeightedDestinationCluster) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L4WeightedDestinationCluster) ProtoMessage() {}
+
+func (x *L4WeightedDestinationCluster) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L4WeightedDestinationCluster.ProtoReflect.Descriptor instead.
+func (*L4WeightedDestinationCluster) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *L4WeightedDestinationCluster) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *L4WeightedDestinationCluster) GetWeight() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.Weight
+	}
+	return nil
+}
+
+type L7WeightedDestinationCluster struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name is the name of the cluster. This will be used to look up a cluster in the clusters map.
+	Name            string                  `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Weight          *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=weight,proto3" json:"weight,omitempty"`
+	HeaderMutations []*HeaderMutation       `protobuf:"bytes,3,rep,name=header_mutations,json=headerMutations,proto3" json:"header_mutations,omitempty"`
+}
+
+func (x *L7WeightedDestinationCluster) Reset() {
+	*x = L7WeightedDestinationCluster{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L7WeightedDestinationCluster) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L7WeightedDestinationCluster) ProtoMessage() {}
+
+func (x *L7WeightedDestinationCluster) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L7WeightedDestinationCluster.ProtoReflect.Descriptor instead.
+func (*L7WeightedDestinationCluster) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *L7WeightedDestinationCluster) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *L7WeightedDestinationCluster) GetWeight() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.Weight
+	}
+	return nil
+}
+
+func (x *L7WeightedDestinationCluster) GetHeaderMutations() []*HeaderMutation {
+	if x != nil {
+		return x.HeaderMutations
+	}
+	return nil
+}
+
+type DynamicEndpointGroupConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ConnectTimeout        *durationpb.Duration `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
+	DisablePanicThreshold bool                 `protobuf:"varint,2,opt,name=disable_panic_threshold,json=disablePanicThreshold,proto3" json:"disable_panic_threshold,omitempty"`
+	// Types that are assignable to LbPolicy:
+	//
+	//	*DynamicEndpointGroupConfig_LeastRequest
+	//	*DynamicEndpointGroupConfig_RoundRobin
+	//	*DynamicEndpointGroupConfig_Random
+	//	*DynamicEndpointGroupConfig_RingHash
+	//	*DynamicEndpointGroupConfig_Maglev
+	LbPolicy                  isDynamicEndpointGroupConfig_LbPolicy `protobuf_oneof:"lb_policy"`
+	CircuitBreakers           *CircuitBreakers                      `protobuf:"bytes,8,opt,name=circuit_breakers,json=circuitBreakers,proto3" json:"circuit_breakers,omitempty"`
+	OutlierDetection          *OutlierDetection                     `protobuf:"bytes,9,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"`
+	UpstreamConnectionOptions *UpstreamConnectionOptions            `protobuf:"bytes,10,opt,name=upstream_connection_options,json=upstreamConnectionOptions,proto3" json:"upstream_connection_options,omitempty"`
+	UseAltStatName            bool                                  `protobuf:"varint,11,opt,name=use_alt_stat_name,json=useAltStatName,proto3" json:"use_alt_stat_name,omitempty"`
+}
+
+func (x *DynamicEndpointGroupConfig) Reset() {
+	*x = DynamicEndpointGroupConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[12]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DynamicEndpointGroupConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DynamicEndpointGroupConfig) ProtoMessage() {}
+
+func (x *DynamicEndpointGroupConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[12]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DynamicEndpointGroupConfig.ProtoReflect.Descriptor instead.
+func (*DynamicEndpointGroupConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *DynamicEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.ConnectTimeout
+	}
+	return nil
+}
+
+func (x *DynamicEndpointGroupConfig) GetDisablePanicThreshold() bool {
+	if x != nil {
+		return x.DisablePanicThreshold
+	}
+	return false
+}
+
+func (m *DynamicEndpointGroupConfig) GetLbPolicy() isDynamicEndpointGroupConfig_LbPolicy {
+	if m != nil {
+		return m.LbPolicy
+	}
+	return nil
+}
+
+func (x *DynamicEndpointGroupConfig) GetLeastRequest() *LBPolicyLeastRequest {
+	if x, ok := x.GetLbPolicy().(*DynamicEndpointGroupConfig_LeastRequest); ok {
+		return x.LeastRequest
+	}
+	return nil
+}
+
+func (x *DynamicEndpointGroupConfig) GetRoundRobin() *LBPolicyRoundRobin {
+	if x, ok := x.GetLbPolicy().(*DynamicEndpointGroupConfig_RoundRobin); ok {
+		return x.RoundRobin
+	}
+	return nil
+}
+
+func (x *DynamicEndpointGroupConfig) GetRandom() *LBPolicyRandom {
+	if x, ok := x.GetLbPolicy().(*DynamicEndpointGroupConfig_Random); ok {
+		return x.Random
+	}
+	return nil
+}
+
+func (x *DynamicEndpointGroupConfig) GetRingHash() *LBPolicyRingHash {
+	if x, ok := x.GetLbPolicy().(*DynamicEndpointGroupConfig_RingHash); ok {
+		return x.RingHash
+	}
+	return nil
+}
+
+func (x *DynamicEndpointGroupConfig) GetMaglev() *LBPolicyMaglev {
+	if x, ok := x.GetLbPolicy().(*DynamicEndpointGroupConfig_Maglev); ok {
+		return x.Maglev
+	}
+	return nil
+}
+
+func (x *DynamicEndpointGroupConfig) GetCircuitBreakers() *CircuitBreakers {
+	if x != nil {
+		return x.CircuitBreakers
+	}
+	return nil
+}
+
+func (x *DynamicEndpointGroupConfig) GetOutlierDetection() *OutlierDetection {
+	if x != nil {
+		return x.OutlierDetection
+	}
+	return nil
+}
+
+func (x *DynamicEndpointGroupConfig) GetUpstreamConnectionOptions() *UpstreamConnectionOptions {
+	if x != nil {
+		return x.UpstreamConnectionOptions
+	}
+	return nil
+}
+
+func (x *DynamicEndpointGroupConfig) GetUseAltStatName() bool {
+	if x != nil {
+		return x.UseAltStatName
+	}
+	return false
+}
+
+type isDynamicEndpointGroupConfig_LbPolicy interface {
+	isDynamicEndpointGroupConfig_LbPolicy()
+}
+
+type DynamicEndpointGroupConfig_LeastRequest struct {
+	LeastRequest *LBPolicyLeastRequest `protobuf:"bytes,3,opt,name=least_request,json=leastRequest,proto3,oneof"`
+}
+
+type DynamicEndpointGroupConfig_RoundRobin struct {
+	RoundRobin *LBPolicyRoundRobin `protobuf:"bytes,4,opt,name=round_robin,json=roundRobin,proto3,oneof"`
+}
+
+type DynamicEndpointGroupConfig_Random struct {
+	Random *LBPolicyRandom `protobuf:"bytes,5,opt,name=random,proto3,oneof"`
+}
+
+type DynamicEndpointGroupConfig_RingHash struct {
+	RingHash *LBPolicyRingHash `protobuf:"bytes,6,opt,name=ring_hash,json=ringHash,proto3,oneof"`
+}
+
+type DynamicEndpointGroupConfig_Maglev struct {
+	Maglev *LBPolicyMaglev `protobuf:"bytes,7,opt,name=maglev,proto3,oneof"`
+}
+
+func (*DynamicEndpointGroupConfig_LeastRequest) isDynamicEndpointGroupConfig_LbPolicy() {}
+
+func (*DynamicEndpointGroupConfig_RoundRobin) isDynamicEndpointGroupConfig_LbPolicy() {}
+
+func (*DynamicEndpointGroupConfig_Random) isDynamicEndpointGroupConfig_LbPolicy() {}
+
+func (*DynamicEndpointGroupConfig_RingHash) isDynamicEndpointGroupConfig_LbPolicy() {}
+
+func (*DynamicEndpointGroupConfig_Maglev) isDynamicEndpointGroupConfig_LbPolicy() {}
+
+type LBPolicyLeastRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ChoiceCount *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=choice_count,json=choiceCount,proto3" json:"choice_count,omitempty"`
+}
+
+func (x *LBPolicyLeastRequest) Reset() {
+	*x = LBPolicyLeastRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[13]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LBPolicyLeastRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LBPolicyLeastRequest) ProtoMessage() {}
+
+func (x *LBPolicyLeastRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[13]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LBPolicyLeastRequest.ProtoReflect.Descriptor instead.
+func (*LBPolicyLeastRequest) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *LBPolicyLeastRequest) GetChoiceCount() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.ChoiceCount
+	}
+	return nil
+}
+
+type LBPolicyRoundRobin struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+}
+
+func (x *LBPolicyRoundRobin) Reset() {
+	*x = LBPolicyRoundRobin{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[14]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LBPolicyRoundRobin) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LBPolicyRoundRobin) ProtoMessage() {}
+
+func (x *LBPolicyRoundRobin) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[14]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LBPolicyRoundRobin.ProtoReflect.Descriptor instead.
+func (*LBPolicyRoundRobin) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{14}
+}
+
+type LBPolicyRandom struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+}
+
+func (x *LBPolicyRandom) Reset() {
+	*x = LBPolicyRandom{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[15]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LBPolicyRandom) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LBPolicyRandom) ProtoMessage() {}
+
+func (x *LBPolicyRandom) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[15]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LBPolicyRandom.ProtoReflect.Descriptor instead.
+func (*LBPolicyRandom) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{15}
+}
+
+type LBPolicyRingHash struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	MinimumRingSize *wrapperspb.UInt64Value `protobuf:"bytes,1,opt,name=minimum_ring_size,json=minimumRingSize,proto3" json:"minimum_ring_size,omitempty"`
+	MaximumRingSize *wrapperspb.UInt64Value `protobuf:"bytes,2,opt,name=maximum_ring_size,json=maximumRingSize,proto3" json:"maximum_ring_size,omitempty"`
+}
+
+func (x *LBPolicyRingHash) Reset() {
+	*x = LBPolicyRingHash{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[16]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LBPolicyRingHash) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LBPolicyRingHash) ProtoMessage() {}
+
+func (x *LBPolicyRingHash) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[16]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LBPolicyRingHash.ProtoReflect.Descriptor instead.
+func (*LBPolicyRingHash) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{16}
+}
+
+func (x *LBPolicyRingHash) GetMinimumRingSize() *wrapperspb.UInt64Value {
+	if x != nil {
+		return x.MinimumRingSize
+	}
+	return nil
+}
+
+func (x *LBPolicyRingHash) GetMaximumRingSize() *wrapperspb.UInt64Value {
+	if x != nil {
+		return x.MaximumRingSize
+	}
+	return nil
+}
+
+type LBPolicyMaglev struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+}
+
+func (x *LBPolicyMaglev) Reset() {
+	*x = LBPolicyMaglev{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[17]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LBPolicyMaglev) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LBPolicyMaglev) ProtoMessage() {}
+
+func (x *LBPolicyMaglev) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[17]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LBPolicyMaglev.ProtoReflect.Descriptor instead.
+func (*LBPolicyMaglev) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{17}
+}
+
+type CircuitBreakers struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	UpstreamLimits *UpstreamLimits `protobuf:"bytes,1,opt,name=upstream_limits,json=upstreamLimits,proto3" json:"upstream_limits,omitempty"`
+}
+
+func (x *CircuitBreakers) Reset() {
+	*x = CircuitBreakers{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[18]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CircuitBreakers) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CircuitBreakers) ProtoMessage() {}
+
+func (x *CircuitBreakers) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[18]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CircuitBreakers.ProtoReflect.Descriptor instead.
+func (*CircuitBreakers) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{18}
+}
+
+func (x *CircuitBreakers) GetUpstreamLimits() *UpstreamLimits {
+	if x != nil {
+		return x.UpstreamLimits
+	}
+	return nil
+}
+
+type OutlierDetection struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Interval                 *durationpb.Duration    `protobuf:"bytes,1,opt,name=interval,proto3" json:"interval,omitempty"`
+	Consecutive_5Xx          *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=consecutive_5xx,json=consecutive5xx,proto3" json:"consecutive_5xx,omitempty"`
+	EnforcingConsecutive_5Xx *wrapperspb.UInt32Value `protobuf:"bytes,3,opt,name=enforcing_consecutive_5xx,json=enforcingConsecutive5xx,proto3" json:"enforcing_consecutive_5xx,omitempty"`
+	MaxEjectionPercent       *wrapperspb.UInt32Value `protobuf:"bytes,4,opt,name=max_ejection_percent,json=maxEjectionPercent,proto3" json:"max_ejection_percent,omitempty"`
+	BaseEjectionTime         *durationpb.Duration    `protobuf:"bytes,5,opt,name=base_ejection_time,json=baseEjectionTime,proto3" json:"base_ejection_time,omitempty"`
+}
+
+func (x *OutlierDetection) Reset() {
+	*x = OutlierDetection{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[19]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OutlierDetection) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OutlierDetection) ProtoMessage() {}
+
+func (x *OutlierDetection) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[19]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OutlierDetection.ProtoReflect.Descriptor instead.
+func (*OutlierDetection) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{19}
+}
+
+func (x *OutlierDetection) GetInterval() *durationpb.Duration {
+	if x != nil {
+		return x.Interval
+	}
+	return nil
+}
+
+func (x *OutlierDetection) GetConsecutive_5Xx() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.Consecutive_5Xx
+	}
+	return nil
+}
+
+func (x *OutlierDetection) GetEnforcingConsecutive_5Xx() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.EnforcingConsecutive_5Xx
+	}
+	return nil
+}
+
+func (x *OutlierDetection) GetMaxEjectionPercent() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.MaxEjectionPercent
+	}
+	return nil
+}
+
+func (x *OutlierDetection) GetBaseEjectionTime() *durationpb.Duration {
+	if x != nil {
+		return x.BaseEjectionTime
+	}
+	return nil
+}
+
+type UpstreamConnectionOptions struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	TcpKeepaliveTime     *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=tcp_keepalive_time,json=tcpKeepaliveTime,proto3" json:"tcp_keepalive_time,omitempty"`
+	TcpKeepaliveInterval *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=tcp_keepalive_interval,json=tcpKeepaliveInterval,proto3" json:"tcp_keepalive_interval,omitempty"`
+	TcpKeepaliveProbes   *wrapperspb.UInt32Value `protobuf:"bytes,3,opt,name=tcp_keepalive_probes,json=tcpKeepaliveProbes,proto3" json:"tcp_keepalive_probes,omitempty"`
+}
+
+func (x *UpstreamConnectionOptions) Reset() {
+	*x = UpstreamConnectionOptions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[20]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UpstreamConnectionOptions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpstreamConnectionOptions) ProtoMessage() {}
+
+func (x *UpstreamConnectionOptions) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[20]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpstreamConnectionOptions.ProtoReflect.Descriptor instead.
+func (*UpstreamConnectionOptions) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{20}
+}
+
+func (x *UpstreamConnectionOptions) GetTcpKeepaliveTime() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.TcpKeepaliveTime
+	}
+	return nil
+}
+
+func (x *UpstreamConnectionOptions) GetTcpKeepaliveInterval() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.TcpKeepaliveInterval
+	}
+	return nil
+}
+
+func (x *UpstreamConnectionOptions) GetTcpKeepaliveProbes() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.TcpKeepaliveProbes
+	}
+	return nil
+}
+
+type PassthroughEndpointGroupConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ConnectTimeout *durationpb.Duration `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
+}
+
+func (x *PassthroughEndpointGroupConfig) Reset() {
+	*x = PassthroughEndpointGroupConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[21]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *PassthroughEndpointGroupConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PassthroughEndpointGroupConfig) ProtoMessage() {}
+
+func (x *PassthroughEndpointGroupConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[21]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use PassthroughEndpointGroupConfig.ProtoReflect.Descriptor instead.
+func (*PassthroughEndpointGroupConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{21}
+}
+
+func (x *PassthroughEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.ConnectTimeout
+	}
+	return nil
+}
+
+type DNSEndpointGroupConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ConnectTimeout            *durationpb.Duration       `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
+	DisablePanicThreshold     bool                       `protobuf:"varint,2,opt,name=disable_panic_threshold,json=disablePanicThreshold,proto3" json:"disable_panic_threshold,omitempty"`
+	DiscoveryType             DiscoveryType              `protobuf:"varint,3,opt,name=discovery_type,json=discoveryType,proto3,enum=hashicorp.consul.mesh.v1alpha1.DiscoveryType" json:"discovery_type,omitempty"`
+	CircuitBreakers           *CircuitBreakers           `protobuf:"bytes,4,opt,name=circuit_breakers,json=circuitBreakers,proto3" json:"circuit_breakers,omitempty"`
+	OutlierDetection          *OutlierDetection          `protobuf:"bytes,5,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"`
+	UpstreamConnectionOptions *UpstreamConnectionOptions `protobuf:"bytes,6,opt,name=upstream_connection_options,json=upstreamConnectionOptions,proto3" json:"upstream_connection_options,omitempty"`
+	UseAltStatName            bool                       `protobuf:"varint,7,opt,name=use_alt_stat_name,json=useAltStatName,proto3" json:"use_alt_stat_name,omitempty"`
+}
+
+func (x *DNSEndpointGroupConfig) Reset() {
+	*x = DNSEndpointGroupConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[22]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DNSEndpointGroupConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DNSEndpointGroupConfig) ProtoMessage() {}
+
+func (x *DNSEndpointGroupConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[22]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DNSEndpointGroupConfig.ProtoReflect.Descriptor instead.
+func (*DNSEndpointGroupConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{22}
+}
+
+func (x *DNSEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.ConnectTimeout
+	}
+	return nil
+}
+
+func (x *DNSEndpointGroupConfig) GetDisablePanicThreshold() bool {
+	if x != nil {
+		return x.DisablePanicThreshold
+	}
+	return false
+}
+
+func (x *DNSEndpointGroupConfig) GetDiscoveryType() DiscoveryType {
+	if x != nil {
+		return x.DiscoveryType
+	}
+	return DiscoveryType_DISCOVERY_TYPE_LOGICAL
+}
+
+func (x *DNSEndpointGroupConfig) GetCircuitBreakers() *CircuitBreakers {
+	if x != nil {
+		return x.CircuitBreakers
+	}
+	return nil
+}
+
+func (x *DNSEndpointGroupConfig) GetOutlierDetection() *OutlierDetection {
+	if x != nil {
+		return x.OutlierDetection
+	}
+	return nil
+}
+
+func (x *DNSEndpointGroupConfig) GetUpstreamConnectionOptions() *UpstreamConnectionOptions {
+	if x != nil {
+		return x.UpstreamConnectionOptions
+	}
+	return nil
+}
+
+func (x *DNSEndpointGroupConfig) GetUseAltStatName() bool {
+	if x != nil {
+		return x.UseAltStatName
+	}
+	return false
+}
+
+type StaticEndpointGroupConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ConnectTimeout  *durationpb.Duration `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
+	CircuitBreakers *CircuitBreakers     `protobuf:"bytes,2,opt,name=circuit_breakers,json=circuitBreakers,proto3" json:"circuit_breakers,omitempty"`
+}
+
+func (x *StaticEndpointGroupConfig) Reset() {
+	*x = StaticEndpointGroupConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[23]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *StaticEndpointGroupConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*StaticEndpointGroupConfig) ProtoMessage() {}
+
+func (x *StaticEndpointGroupConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[23]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use StaticEndpointGroupConfig.ProtoReflect.Descriptor instead.
+func (*StaticEndpointGroupConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{23}
+}
+
+func (x *StaticEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.ConnectTimeout
+	}
+	return nil
+}
+
+func (x *StaticEndpointGroupConfig) GetCircuitBreakers() *CircuitBreakers {
+	if x != nil {
+		return x.CircuitBreakers
+	}
+	return nil
+}
+
+var File_pbmesh_v1alpha1_cluster_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_cluster_proto_rawDesc = []byte{
+	0x0a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a,
+	0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
+	0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
+	0x26, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f,
+	0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
+	0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xfd,
+	0x01, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x56, 0x0a, 0x0e, 0x66, 0x61,
+	0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75,
+	0x70, 0x48, 0x00, 0x52, 0x0d, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f,
+	0x75, 0x70, 0x12, 0x56, 0x0a, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x67,
+	0x72, 0x6f, 0x75, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d, 0x65, 0x6e, 0x64,
+	0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x39, 0x0a, 0x19, 0x65, 0x73,
+	0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74,
+	0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x65,
+	0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65,
+	0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xc8,
+	0x01, 0x0a, 0x0d, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70,
+	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x56, 0x0a, 0x0f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45,
+	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x0e, 0x65, 0x6e,
+	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x4b, 0x0a, 0x06,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x61,
+	0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x84, 0x01, 0x0a, 0x13, 0x46, 0x61,
+	0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61,
+	0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75, 0x73,
+	0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x42, 0x0a, 0x0f,
+	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
+	0x22, 0xdd, 0x02, 0x0a, 0x0d, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f,
+	0x75, 0x70, 0x12, 0x50, 0x0a, 0x07, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x07, 0x64, 0x79, 0x6e,
+	0x61, 0x6d, 0x69, 0x63, 0x12, 0x4d, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x61,
+	0x74, 0x69, 0x63, 0x12, 0x44, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f,
+	0x75, 0x70, 0x48, 0x00, 0x52, 0x03, 0x64, 0x6e, 0x73, 0x12, 0x5c, 0x0a, 0x0b, 0x70, 0x61, 0x73,
+	0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0b, 0x70, 0x61, 0x73, 0x73,
+	0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70,
+	0x22, 0xd2, 0x01, 0x0a, 0x14, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x52, 0x0a,
+	0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44,
+	0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72,
+	0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x12, 0x52, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c,
+	0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f,
+	0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75,
+	0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0xda, 0x01, 0x0a, 0x18, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68,
+	0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f,
+	0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x56, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f,
+	0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x52,
+	0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53,
+	0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54,
+	0x6c, 0x73, 0x22, 0xca, 0x01, 0x0a, 0x10, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69,
+	0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x4e, 0x0a, 0x06, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x4e, 0x53,
+	0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x52, 0x0a, 0x0c, 0x6f,
+	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b,
+	0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22,
+	0x7c, 0x0a, 0x13, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e,
+	0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x51, 0x0a, 0x06, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x61, 0x74,
+	0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x72, 0x0a,
+	0x16, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74,
+	0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x58, 0x0a, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74,
+	0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x34, 0x57, 0x65, 0x69,
+	0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
+	0x73, 0x22, 0x72, 0x0a, 0x16, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x58, 0x0a, 0x08, 0x63,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c,
+	0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75,
+	0x73, 0x74, 0x65, 0x72, 0x73, 0x22, 0x68, 0x0a, 0x1c, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68,
+	0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c,
+	0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69,
+	0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74,
+	0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22,
+	0xc3, 0x01, 0x0a, 0x1c, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65,
+	0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
+	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x59, 0x0a, 0x10, 0x68, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x9f, 0x07, 0x0a, 0x1a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69,
+	0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f,
+	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61,
+	0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68,
+	0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62,
+	0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64,
+	0x12, 0x5b, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52,
+	0x0c, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x55, 0x0a,
+	0x0b, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x72, 0x6f, 0x62, 0x69, 0x6e, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, 0x6e,
+	0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x52,
+	0x6f, 0x62, 0x69, 0x6e, 0x12, 0x48, 0x0a, 0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x61,
+	0x6e, 0x64, 0x6f, 0x6d, 0x48, 0x00, 0x52, 0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x12, 0x4f,
+	0x0a, 0x09, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x48,
+	0x61, 0x73, 0x68, 0x48, 0x00, 0x52, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12,
+	0x48, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x48,
+	0x00, 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, 0x5a, 0x0a, 0x10, 0x63, 0x69, 0x72,
+	0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x08, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61,
+	0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65,
+	0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72,
+	0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x79, 0x0a, 0x1b, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d,
+	0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72,
+	0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
+	0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41,
+	0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x0b, 0x0a, 0x09, 0x6c, 0x62,
+	0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x57, 0x0a, 0x14, 0x4c, 0x42, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+	0x3f, 0x0a, 0x0c, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x52, 0x0b, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74,
+	0x22, 0x14, 0x0a, 0x12, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, 0x6e,
+	0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x22, 0xa6, 0x01, 0x0a, 0x10, 0x4c, 0x42, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x48, 0x0a,
+	0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69,
+	0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36,
+	0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52,
+	0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x48, 0x0a, 0x11, 0x6d, 0x61, 0x78, 0x69, 0x6d,
+	0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x52, 0x0f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a,
+	0x65, 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67,
+	0x6c, 0x65, 0x76, 0x22, 0x6a, 0x0a, 0x0f, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72,
+	0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x57, 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65,
+	0x61, 0x6d, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x52,
+	0x0e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x22,
+	0x83, 0x03, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x45, 0x0a, 0x0f, 0x63,
+	0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35,
+	0x78, 0x78, 0x12, 0x58, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x5f,
+	0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f,
+	0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x12, 0x4e, 0x0a, 0x14,
+	0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72,
+	0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e,
+	0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x45, 0x6a, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x47, 0x0a, 0x12,
+	0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69,
+	0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x8b, 0x02, 0x0a, 0x19, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65,
+	0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x12, 0x4a, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61,
+	0x6c, 0x69, 0x76, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10, 0x74,
+	0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12,
+	0x52, 0x0a, 0x16, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65,
+	0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x14, 0x74,
+	0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72,
+	0x76, 0x61, 0x6c, 0x12, 0x4e, 0x0a, 0x14, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61,
+	0x6c, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52,
+	0x12, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x50, 0x72, 0x6f,
+	0x62, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x1e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75,
+	0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0xcb, 0x04, 0x0a, 0x16, 0x44, 0x4e,
+	0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f,
+	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61,
+	0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68,
+	0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62,
+	0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64,
+	0x12, 0x54, 0x0a, 0x0e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x74, 0x79,
+	0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
+	0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0d, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
+	0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x5a, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69,
+	0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72,
+	0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65,
+	0x72, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65,
+	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f,
+	0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x79, 0x0a, 0x1b, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x52, 0x19, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11,
+	0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d,
+	0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53,
+	0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xbb, 0x01, 0x0a, 0x19, 0x53, 0x74, 0x61, 0x74,
+	0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x5a, 0x0a, 0x10, 0x63, 0x69, 0x72,
+	0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61,
+	0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65,
+	0x61, 0x6b, 0x65, 0x72, 0x73, 0x2a, 0x46, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
+	0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56,
+	0x45, 0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4c, 0x4f, 0x47, 0x49, 0x43, 0x41, 0x4c,
+	0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x45, 0x52, 0x59, 0x5f,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x01, 0x42, 0x94, 0x02,
+	0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x42, 0x0c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x50, 0x72, 0x6f,
+	0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
+	0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70,
+	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d,
+	0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43,
+	0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
+	0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_cluster_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_cluster_proto_rawDescData = file_pbmesh_v1alpha1_cluster_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_cluster_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_cluster_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_cluster_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_cluster_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_cluster_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbmesh_v1alpha1_cluster_proto_msgTypes = make([]protoimpl.MessageInfo, 24)
+var file_pbmesh_v1alpha1_cluster_proto_goTypes = []interface{}{
+	(DiscoveryType)(0),                     // 0: hashicorp.consul.mesh.v1alpha1.DiscoveryType
+	(*Cluster)(nil),                        // 1: hashicorp.consul.mesh.v1alpha1.Cluster
+	(*FailoverGroup)(nil),                  // 2: hashicorp.consul.mesh.v1alpha1.FailoverGroup
+	(*FailoverGroupConfig)(nil),            // 3: hashicorp.consul.mesh.v1alpha1.FailoverGroupConfig
+	(*EndpointGroup)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.EndpointGroup
+	(*DynamicEndpointGroup)(nil),           // 5: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroup
+	(*PassthroughEndpointGroup)(nil),       // 6: hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroup
+	(*DNSEndpointGroup)(nil),               // 7: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroup
+	(*StaticEndpointGroup)(nil),            // 8: hashicorp.consul.mesh.v1alpha1.StaticEndpointGroup
+	(*L4WeightedClusterGroup)(nil),         // 9: hashicorp.consul.mesh.v1alpha1.L4WeightedClusterGroup
+	(*L7WeightedClusterGroup)(nil),         // 10: hashicorp.consul.mesh.v1alpha1.L7WeightedClusterGroup
+	(*L4WeightedDestinationCluster)(nil),   // 11: hashicorp.consul.mesh.v1alpha1.L4WeightedDestinationCluster
+	(*L7WeightedDestinationCluster)(nil),   // 12: hashicorp.consul.mesh.v1alpha1.L7WeightedDestinationCluster
+	(*DynamicEndpointGroupConfig)(nil),     // 13: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig
+	(*LBPolicyLeastRequest)(nil),           // 14: hashicorp.consul.mesh.v1alpha1.LBPolicyLeastRequest
+	(*LBPolicyRoundRobin)(nil),             // 15: hashicorp.consul.mesh.v1alpha1.LBPolicyRoundRobin
+	(*LBPolicyRandom)(nil),                 // 16: hashicorp.consul.mesh.v1alpha1.LBPolicyRandom
+	(*LBPolicyRingHash)(nil),               // 17: hashicorp.consul.mesh.v1alpha1.LBPolicyRingHash
+	(*LBPolicyMaglev)(nil),                 // 18: hashicorp.consul.mesh.v1alpha1.LBPolicyMaglev
+	(*CircuitBreakers)(nil),                // 19: hashicorp.consul.mesh.v1alpha1.CircuitBreakers
+	(*OutlierDetection)(nil),               // 20: hashicorp.consul.mesh.v1alpha1.OutlierDetection
+	(*UpstreamConnectionOptions)(nil),      // 21: hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions
+	(*PassthroughEndpointGroupConfig)(nil), // 22: hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroupConfig
+	(*DNSEndpointGroupConfig)(nil),         // 23: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig
+	(*StaticEndpointGroupConfig)(nil),      // 24: hashicorp.consul.mesh.v1alpha1.StaticEndpointGroupConfig
+	(*durationpb.Duration)(nil),            // 25: google.protobuf.Duration
+	(*TransportSocket)(nil),                // 26: hashicorp.consul.mesh.v1alpha1.TransportSocket
+	(*wrapperspb.UInt32Value)(nil),         // 27: google.protobuf.UInt32Value
+	(*HeaderMutation)(nil),                 // 28: hashicorp.consul.mesh.v1alpha1.HeaderMutation
+	(*wrapperspb.UInt64Value)(nil),         // 29: google.protobuf.UInt64Value
+	(*UpstreamLimits)(nil),                 // 30: hashicorp.consul.mesh.v1alpha1.UpstreamLimits
+}
+var file_pbmesh_v1alpha1_cluster_proto_depIdxs = []int32{
+	2,  // 0: hashicorp.consul.mesh.v1alpha1.Cluster.failover_group:type_name -> hashicorp.consul.mesh.v1alpha1.FailoverGroup
+	4,  // 1: hashicorp.consul.mesh.v1alpha1.Cluster.endpoint_group:type_name -> hashicorp.consul.mesh.v1alpha1.EndpointGroup
+	4,  // 2: hashicorp.consul.mesh.v1alpha1.FailoverGroup.endpoint_groups:type_name -> hashicorp.consul.mesh.v1alpha1.EndpointGroup
+	3,  // 3: hashicorp.consul.mesh.v1alpha1.FailoverGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.FailoverGroupConfig
+	25, // 4: hashicorp.consul.mesh.v1alpha1.FailoverGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
+	5,  // 5: hashicorp.consul.mesh.v1alpha1.EndpointGroup.dynamic:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroup
+	8,  // 6: hashicorp.consul.mesh.v1alpha1.EndpointGroup.static:type_name -> hashicorp.consul.mesh.v1alpha1.StaticEndpointGroup
+	7,  // 7: hashicorp.consul.mesh.v1alpha1.EndpointGroup.dns:type_name -> hashicorp.consul.mesh.v1alpha1.DNSEndpointGroup
+	6,  // 8: hashicorp.consul.mesh.v1alpha1.EndpointGroup.passthrough:type_name -> hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroup
+	13, // 9: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig
+	26, // 10: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.TransportSocket
+	22, // 11: hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroupConfig
+	26, // 12: hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.TransportSocket
+	23, // 13: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig
+	26, // 14: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.TransportSocket
+	24, // 15: hashicorp.consul.mesh.v1alpha1.StaticEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.StaticEndpointGroupConfig
+	11, // 16: hashicorp.consul.mesh.v1alpha1.L4WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v1alpha1.L4WeightedDestinationCluster
+	12, // 17: hashicorp.consul.mesh.v1alpha1.L7WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v1alpha1.L7WeightedDestinationCluster
+	27, // 18: hashicorp.consul.mesh.v1alpha1.L4WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value
+	27, // 19: hashicorp.consul.mesh.v1alpha1.L7WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value
+	28, // 20: hashicorp.consul.mesh.v1alpha1.L7WeightedDestinationCluster.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMutation
+	25, // 21: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
+	14, // 22: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.least_request:type_name -> hashicorp.consul.mesh.v1alpha1.LBPolicyLeastRequest
+	15, // 23: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.round_robin:type_name -> hashicorp.consul.mesh.v1alpha1.LBPolicyRoundRobin
+	16, // 24: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.random:type_name -> hashicorp.consul.mesh.v1alpha1.LBPolicyRandom
+	17, // 25: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.ring_hash:type_name -> hashicorp.consul.mesh.v1alpha1.LBPolicyRingHash
+	18, // 26: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.maglev:type_name -> hashicorp.consul.mesh.v1alpha1.LBPolicyMaglev
+	19, // 27: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.CircuitBreakers
+	20, // 28: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v1alpha1.OutlierDetection
+	21, // 29: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions
+	27, // 30: hashicorp.consul.mesh.v1alpha1.LBPolicyLeastRequest.choice_count:type_name -> google.protobuf.UInt32Value
+	29, // 31: hashicorp.consul.mesh.v1alpha1.LBPolicyRingHash.minimum_ring_size:type_name -> google.protobuf.UInt64Value
+	29, // 32: hashicorp.consul.mesh.v1alpha1.LBPolicyRingHash.maximum_ring_size:type_name -> google.protobuf.UInt64Value
+	30, // 33: hashicorp.consul.mesh.v1alpha1.CircuitBreakers.upstream_limits:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamLimits
+	25, // 34: hashicorp.consul.mesh.v1alpha1.OutlierDetection.interval:type_name -> google.protobuf.Duration
+	27, // 35: hashicorp.consul.mesh.v1alpha1.OutlierDetection.consecutive_5xx:type_name -> google.protobuf.UInt32Value
+	27, // 36: hashicorp.consul.mesh.v1alpha1.OutlierDetection.enforcing_consecutive_5xx:type_name -> google.protobuf.UInt32Value
+	27, // 37: hashicorp.consul.mesh.v1alpha1.OutlierDetection.max_ejection_percent:type_name -> google.protobuf.UInt32Value
+	25, // 38: hashicorp.consul.mesh.v1alpha1.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration
+	27, // 39: hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions.tcp_keepalive_time:type_name -> google.protobuf.UInt32Value
+	27, // 40: hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions.tcp_keepalive_interval:type_name -> google.protobuf.UInt32Value
+	27, // 41: hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions.tcp_keepalive_probes:type_name -> google.protobuf.UInt32Value
+	25, // 42: hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
+	25, // 43: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
+	0,  // 44: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig.discovery_type:type_name -> hashicorp.consul.mesh.v1alpha1.DiscoveryType
+	19, // 45: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.CircuitBreakers
+	20, // 46: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v1alpha1.OutlierDetection
+	21, // 47: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions
+	25, // 48: hashicorp.consul.mesh.v1alpha1.StaticEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
+	19, // 49: hashicorp.consul.mesh.v1alpha1.StaticEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.CircuitBreakers
+	50, // [50:50] is the sub-list for method output_type
+	50, // [50:50] is the sub-list for method input_type
+	50, // [50:50] is the sub-list for extension type_name
+	50, // [50:50] is the sub-list for extension extendee
+	0,  // [0:50] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_cluster_proto_init() }
+func file_pbmesh_v1alpha1_cluster_proto_init() {
+	if File_pbmesh_v1alpha1_cluster_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_header_mutations_proto_init()
+	file_pbmesh_v1alpha1_transport_socket_proto_init()
+	file_pbmesh_v1alpha1_upstreams_configuration_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Cluster); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FailoverGroup); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FailoverGroupConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EndpointGroup); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DynamicEndpointGroup); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PassthroughEndpointGroup); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DNSEndpointGroup); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*StaticEndpointGroup); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L4WeightedClusterGroup); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L7WeightedClusterGroup); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L4WeightedDestinationCluster); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L7WeightedDestinationCluster); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DynamicEndpointGroupConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LBPolicyLeastRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LBPolicyRoundRobin); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LBPolicyRandom); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LBPolicyRingHash); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LBPolicyMaglev); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CircuitBreakers); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OutlierDetection); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UpstreamConnectionOptions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PassthroughEndpointGroupConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DNSEndpointGroupConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_cluster_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*StaticEndpointGroupConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_cluster_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*Cluster_FailoverGroup)(nil),
+		(*Cluster_EndpointGroup)(nil),
+	}
+	file_pbmesh_v1alpha1_cluster_proto_msgTypes[3].OneofWrappers = []interface{}{
+		(*EndpointGroup_Dynamic)(nil),
+		(*EndpointGroup_Static)(nil),
+		(*EndpointGroup_Dns)(nil),
+		(*EndpointGroup_Passthrough)(nil),
+	}
+	file_pbmesh_v1alpha1_cluster_proto_msgTypes[12].OneofWrappers = []interface{}{
+		(*DynamicEndpointGroupConfig_LeastRequest)(nil),
+		(*DynamicEndpointGroupConfig_RoundRobin)(nil),
+		(*DynamicEndpointGroupConfig_Random)(nil),
+		(*DynamicEndpointGroupConfig_RingHash)(nil),
+		(*DynamicEndpointGroupConfig_Maglev)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_cluster_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   24,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_cluster_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_cluster_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_cluster_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_cluster_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_cluster_proto = out.File
+	file_pbmesh_v1alpha1_cluster_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_cluster_proto_goTypes = nil
+	file_pbmesh_v1alpha1_cluster_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/cluster.proto b/proto-public/pbmesh/v1alpha1/cluster.proto
new file mode 100644
index 000000000000..7ad69e1d2cb3
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/cluster.proto
@@ -0,0 +1,179 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "google/protobuf/duration.proto";
+import "google/protobuf/wrappers.proto";
+import "pbmesh/v1alpha1/header_mutations.proto";
+import "pbmesh/v1alpha1/transport_socket.proto";
+import "pbmesh/v1alpha1/upstreams_configuration.proto";
+
+message Cluster {
+  // group is either a failover group or endpoint group. If this cluster needs to failover to other clusters, use the failover group. If this cluster routes directly to endpoints, use the endpoint group.
+  oneof group {
+    FailoverGroup failover_group = 1;
+    EndpointGroup endpoint_group = 2;
+  }
+  // escape_hatch_cluster_json configures a user configured escape hatch cluster.
+  string escape_hatch_cluster_json = 3;
+}
+
+message FailoverGroup {
+  // name of the failover group.
+  string name = 1;
+  // endpoint_groups is an ordered list of which groups to failover to.
+  repeated EndpointGroup endpoint_groups = 2;
+  FailoverGroupConfig config = 3;
+}
+
+message FailoverGroupConfig {
+  bool use_alt_stat_name = 1;
+  google.protobuf.Duration connect_timeout = 2;
+}
+
+message EndpointGroup {
+  oneof group {
+    // dynamic endpoint group is used to reach mesh destinations that are dynamically configured from Consul's catalog.
+    DynamicEndpointGroup dynamic = 1;
+    // static endpoint group is used to reach local app ports.
+    StaticEndpointGroup static = 2;
+    // dns is used to reach mesh and non-mesh destinations using a hostname.
+    DNSEndpointGroup dns = 3;
+    // passthrough is used to reach destinations that don't have endpoints saved in Consul.
+    PassthroughEndpointGroup passthrough = 4;
+  }
+}
+
+message DynamicEndpointGroup {
+  // name will be the name of the Envoy cluster created by this endpoint group.
+  string name = 1;
+  // config configures how to connect to the endpoints.
+  DynamicEndpointGroupConfig config = 2;
+  // outbound_tls will configure what TLS information to use when connecting to an upstream.
+  TransportSocket outbound_tls = 3;
+}
+
+message PassthroughEndpointGroup {
+  // name will be the name of the Envoy cluster created by this endpoint group.
+  string name = 1;
+  // config configures how to connect to the endpoints.
+  PassthroughEndpointGroupConfig config = 2;
+  // outbound_tls will configure what TLS information to use when connecting to an upstream.
+  TransportSocket outbound_tls = 3;
+}
+
+message DNSEndpointGroup {
+  // name will be the name of the Envoy cluster created by this endpoint group.
+  string name = 1;
+  // config configures how to connect to the endpoints.
+  DNSEndpointGroupConfig config = 2;
+  // outbound_tls will configure what TLS information to use when connecting to an upstream.
+  TransportSocket outbound_tls = 3;
+}
+
+// StaticEndpointGroup is used to reach local app ports.
+message StaticEndpointGroup {
+  // name will be the name of the Envoy cluster created by this endpoint group.
+  string name = 1;
+  // config configures how to connect to the endpoints.
+  StaticEndpointGroupConfig config = 2;
+}
+
+message L4WeightedClusterGroup {
+  // clusters to route to by weight.
+  repeated L4WeightedDestinationCluster clusters = 1;
+}
+
+message L7WeightedClusterGroup {
+  // clusters to route to by weight.
+  repeated L7WeightedDestinationCluster clusters = 1;
+}
+
+message L4WeightedDestinationCluster {
+  // name is the name of the cluster. This will be used to look up a cluster in the clusters map.
+  string name = 1;
+  google.protobuf.UInt32Value weight = 2;
+}
+
+message L7WeightedDestinationCluster {
+  // name is the name of the cluster. This will be used to look up a cluster in the clusters map.
+  string name = 1;
+  google.protobuf.UInt32Value weight = 2;
+  repeated HeaderMutation header_mutations = 3;
+}
+
+message DynamicEndpointGroupConfig {
+  google.protobuf.Duration connect_timeout = 1;
+  bool disable_panic_threshold = 2;
+  oneof lb_policy {
+    LBPolicyLeastRequest least_request = 3;
+    LBPolicyRoundRobin round_robin = 4;
+    LBPolicyRandom random = 5;
+    LBPolicyRingHash ring_hash = 6;
+    LBPolicyMaglev maglev = 7;
+  }
+  CircuitBreakers circuit_breakers = 8;
+  OutlierDetection outlier_detection = 9;
+  UpstreamConnectionOptions upstream_connection_options = 10;
+  bool use_alt_stat_name = 11;
+}
+
+message LBPolicyLeastRequest {
+  google.protobuf.UInt32Value choice_count = 1;
+}
+message LBPolicyRoundRobin {}
+
+message LBPolicyRandom {}
+
+message LBPolicyRingHash {
+  google.protobuf.UInt64Value minimum_ring_size = 1;
+  google.protobuf.UInt64Value maximum_ring_size = 2;
+}
+
+message LBPolicyMaglev {}
+
+message CircuitBreakers {
+  UpstreamLimits upstream_limits = 1;
+}
+
+message OutlierDetection {
+  google.protobuf.Duration interval = 1;
+  google.protobuf.UInt32Value consecutive_5xx = 2;
+  google.protobuf.UInt32Value enforcing_consecutive_5xx = 3;
+  google.protobuf.UInt32Value max_ejection_percent = 4;
+  google.protobuf.Duration base_ejection_time = 5;
+}
+
+message UpstreamConnectionOptions {
+  google.protobuf.UInt32Value tcp_keepalive_time = 1;
+  google.protobuf.UInt32Value tcp_keepalive_interval = 2;
+  google.protobuf.UInt32Value tcp_keepalive_probes = 3;
+}
+
+message PassthroughEndpointGroupConfig {
+  google.protobuf.Duration connect_timeout = 1;
+}
+
+message DNSEndpointGroupConfig {
+  google.protobuf.Duration connect_timeout = 1;
+  bool disable_panic_threshold = 2;
+  DiscoveryType discovery_type = 3;
+  CircuitBreakers circuit_breakers = 4;
+  OutlierDetection outlier_detection = 5;
+  UpstreamConnectionOptions upstream_connection_options = 6;
+  bool use_alt_stat_name = 7;
+}
+
+enum DiscoveryType {
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  DISCOVERY_TYPE_LOGICAL = 0;
+  DISCOVERY_TYPE_STRICT = 1;
+}
+
+message StaticEndpointGroupConfig {
+  google.protobuf.Duration connect_timeout = 1;
+  CircuitBreakers circuit_breakers = 2;
+}
diff --git a/proto-public/pbmesh/v1alpha1/endpoints.pb.binary.go b/proto-public/pbmesh/v1alpha1/endpoints.pb.binary.go
new file mode 100644
index 000000000000..1c1a405964c8
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/endpoints.pb.binary.go
@@ -0,0 +1,28 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/endpoints.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *Endpoints) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *Endpoints) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *Endpoint) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *Endpoint) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/endpoints.pb.go b/proto-public/pbmesh/v1alpha1/endpoints.pb.go
new file mode 100644
index 000000000000..a08e93e503f4
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/endpoints.pb.go
@@ -0,0 +1,390 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/endpoints.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type HealthStatus int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	HealthStatus_HEALTH_STATUS_UNKNOWN   HealthStatus = 0
+	HealthStatus_HEALTH_STATUS_HEALTHY   HealthStatus = 1
+	HealthStatus_HEALTH_STATUS_UNHEALTHY HealthStatus = 2
+)
+
+// Enum value maps for HealthStatus.
+var (
+	HealthStatus_name = map[int32]string{
+		0: "HEALTH_STATUS_UNKNOWN",
+		1: "HEALTH_STATUS_HEALTHY",
+		2: "HEALTH_STATUS_UNHEALTHY",
+	}
+	HealthStatus_value = map[string]int32{
+		"HEALTH_STATUS_UNKNOWN":   0,
+		"HEALTH_STATUS_HEALTHY":   1,
+		"HEALTH_STATUS_UNHEALTHY": 2,
+	}
+)
+
+func (x HealthStatus) Enum() *HealthStatus {
+	p := new(HealthStatus)
+	*p = x
+	return p
+}
+
+func (x HealthStatus) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (HealthStatus) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_endpoints_proto_enumTypes[0].Descriptor()
+}
+
+func (HealthStatus) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_endpoints_proto_enumTypes[0]
+}
+
+func (x HealthStatus) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use HealthStatus.Descriptor instead.
+func (HealthStatus) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_endpoints_proto_rawDescGZIP(), []int{0}
+}
+
+type Endpoints struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name is the name of the Endpoints. This should match the cluster name.
+	Name      string      `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Endpoints []*Endpoint `protobuf:"bytes,2,rep,name=endpoints,proto3" json:"endpoints,omitempty"`
+}
+
+func (x *Endpoints) Reset() {
+	*x = Endpoints{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_endpoints_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Endpoints) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Endpoints) ProtoMessage() {}
+
+func (x *Endpoints) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_endpoints_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Endpoints.ProtoReflect.Descriptor instead.
+func (*Endpoints) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_endpoints_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Endpoints) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Endpoints) GetEndpoints() []*Endpoint {
+	if x != nil {
+		return x.Endpoints
+	}
+	return nil
+}
+
+type Endpoint struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Address:
+	//
+	//	*Endpoint_HostPort
+	//	*Endpoint_UnixSocket
+	Address             isEndpoint_Address      `protobuf_oneof:"address"`
+	HealthStatus        HealthStatus            `protobuf:"varint,3,opt,name=health_status,json=healthStatus,proto3,enum=hashicorp.consul.mesh.v1alpha1.HealthStatus" json:"health_status,omitempty"`
+	LoadBalancingWeight *wrapperspb.UInt32Value `protobuf:"bytes,4,opt,name=load_balancing_weight,json=loadBalancingWeight,proto3" json:"load_balancing_weight,omitempty"`
+}
+
+func (x *Endpoint) Reset() {
+	*x = Endpoint{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_endpoints_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Endpoint) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Endpoint) ProtoMessage() {}
+
+func (x *Endpoint) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_endpoints_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Endpoint.ProtoReflect.Descriptor instead.
+func (*Endpoint) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_endpoints_proto_rawDescGZIP(), []int{1}
+}
+
+func (m *Endpoint) GetAddress() isEndpoint_Address {
+	if m != nil {
+		return m.Address
+	}
+	return nil
+}
+
+func (x *Endpoint) GetHostPort() *HostPortAddress {
+	if x, ok := x.GetAddress().(*Endpoint_HostPort); ok {
+		return x.HostPort
+	}
+	return nil
+}
+
+func (x *Endpoint) GetUnixSocket() *UnixSocketAddress {
+	if x, ok := x.GetAddress().(*Endpoint_UnixSocket); ok {
+		return x.UnixSocket
+	}
+	return nil
+}
+
+func (x *Endpoint) GetHealthStatus() HealthStatus {
+	if x != nil {
+		return x.HealthStatus
+	}
+	return HealthStatus_HEALTH_STATUS_UNKNOWN
+}
+
+func (x *Endpoint) GetLoadBalancingWeight() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.LoadBalancingWeight
+	}
+	return nil
+}
+
+type isEndpoint_Address interface {
+	isEndpoint_Address()
+}
+
+type Endpoint_HostPort struct {
+	HostPort *HostPortAddress `protobuf:"bytes,1,opt,name=host_port,json=hostPort,proto3,oneof"`
+}
+
+type Endpoint_UnixSocket struct {
+	UnixSocket *UnixSocketAddress `protobuf:"bytes,2,opt,name=unix_socket,json=unixSocket,proto3,oneof"`
+}
+
+func (*Endpoint_HostPort) isEndpoint_Address() {}
+
+func (*Endpoint_UnixSocket) isEndpoint_Address() {}
+
+var File_pbmesh_v1alpha1_endpoints_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_endpoints_proto_rawDesc = []byte{
+	0x0a, 0x1f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x1a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x1a, 0x1f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x22, 0x67, 0x0a, 0x09, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x12,
+	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x46, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18,
+	0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52,
+	0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x22, 0xe0, 0x02, 0x0a, 0x08, 0x45,
+	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x4e, 0x0a, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x5f,
+	0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x6f, 0x73, 0x74,
+	0x50, 0x6f, 0x72, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x08, 0x68,
+	0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x54, 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f,
+	0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e,
+	0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48,
+	0x00, 0x52, 0x0a, 0x75, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x51, 0x0a,
+	0x0d, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x52, 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x12, 0x50, 0x0a, 0x15, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69,
+	0x6e, 0x67, 0x5f, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x13, 0x6c,
+	0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x57, 0x65, 0x69, 0x67,
+	0x68, 0x74, 0x42, 0x09, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2a, 0x61, 0x0a,
+	0x0c, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x19, 0x0a,
+	0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55,
+	0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c,
+	0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48,
+	0x59, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54,
+	0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x59, 0x10, 0x02,
+	0x42, 0x96, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e,
+	0x74, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75,
+	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62,
+	0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
+	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
+	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
+	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_endpoints_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_endpoints_proto_rawDescData = file_pbmesh_v1alpha1_endpoints_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_endpoints_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_endpoints_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_endpoints_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_endpoints_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_endpoints_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_endpoints_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbmesh_v1alpha1_endpoints_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_pbmesh_v1alpha1_endpoints_proto_goTypes = []interface{}{
+	(HealthStatus)(0),              // 0: hashicorp.consul.mesh.v1alpha1.HealthStatus
+	(*Endpoints)(nil),              // 1: hashicorp.consul.mesh.v1alpha1.Endpoints
+	(*Endpoint)(nil),               // 2: hashicorp.consul.mesh.v1alpha1.Endpoint
+	(*HostPortAddress)(nil),        // 3: hashicorp.consul.mesh.v1alpha1.HostPortAddress
+	(*UnixSocketAddress)(nil),      // 4: hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
+	(*wrapperspb.UInt32Value)(nil), // 5: google.protobuf.UInt32Value
+}
+var file_pbmesh_v1alpha1_endpoints_proto_depIdxs = []int32{
+	2, // 0: hashicorp.consul.mesh.v1alpha1.Endpoints.endpoints:type_name -> hashicorp.consul.mesh.v1alpha1.Endpoint
+	3, // 1: hashicorp.consul.mesh.v1alpha1.Endpoint.host_port:type_name -> hashicorp.consul.mesh.v1alpha1.HostPortAddress
+	4, // 2: hashicorp.consul.mesh.v1alpha1.Endpoint.unix_socket:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
+	0, // 3: hashicorp.consul.mesh.v1alpha1.Endpoint.health_status:type_name -> hashicorp.consul.mesh.v1alpha1.HealthStatus
+	5, // 4: hashicorp.consul.mesh.v1alpha1.Endpoint.load_balancing_weight:type_name -> google.protobuf.UInt32Value
+	5, // [5:5] is the sub-list for method output_type
+	5, // [5:5] is the sub-list for method input_type
+	5, // [5:5] is the sub-list for extension type_name
+	5, // [5:5] is the sub-list for extension extendee
+	0, // [0:5] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_endpoints_proto_init() }
+func file_pbmesh_v1alpha1_endpoints_proto_init() {
+	if File_pbmesh_v1alpha1_endpoints_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_address_proto_init()
+	file_pbmesh_v1alpha1_upstreams_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_endpoints_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Endpoints); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_endpoints_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Endpoint); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_endpoints_proto_msgTypes[1].OneofWrappers = []interface{}{
+		(*Endpoint_HostPort)(nil),
+		(*Endpoint_UnixSocket)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_endpoints_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_endpoints_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_endpoints_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_endpoints_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_endpoints_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_endpoints_proto = out.File
+	file_pbmesh_v1alpha1_endpoints_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_endpoints_proto_goTypes = nil
+	file_pbmesh_v1alpha1_endpoints_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/endpoints.proto b/proto-public/pbmesh/v1alpha1/endpoints.proto
new file mode 100644
index 000000000000..8e81911046da
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/endpoints.proto
@@ -0,0 +1,32 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "google/protobuf/wrappers.proto";
+import "pbmesh/v1alpha1/address.proto";
+import "pbmesh/v1alpha1/upstreams.proto";
+
+message Endpoints {
+  // name is the name of the Endpoints. This should match the cluster name.
+  string name = 1;
+  repeated Endpoint endpoints = 2;
+}
+
+message Endpoint {
+  oneof address {
+    HostPortAddress host_port = 1;
+    UnixSocketAddress unix_socket = 2;
+  }
+  HealthStatus health_status = 3;
+  google.protobuf.UInt32Value load_balancing_weight = 4;
+}
+
+enum HealthStatus {
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  HEALTH_STATUS_UNKNOWN = 0;
+  HEALTH_STATUS_HEALTHY = 1;
+  HEALTH_STATUS_UNHEALTHY = 2;
+}
diff --git a/proto-public/pbmesh/v1alpha1/escape_hatches.pb.binary.go b/proto-public/pbmesh/v1alpha1/escape_hatches.pb.binary.go
new file mode 100644
index 000000000000..3f7c6f16c33b
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/escape_hatches.pb.binary.go
@@ -0,0 +1,18 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/escape_hatches.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *EscapeHatches) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *EscapeHatches) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/escape_hatches.pb.go b/proto-public/pbmesh/v1alpha1/escape_hatches.pb.go
new file mode 100644
index 000000000000..290616f625e8
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/escape_hatches.pb.go
@@ -0,0 +1,167 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/escape_hatches.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type EscapeHatches struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// listener_tracing_json contains user provided tracing configuration.
+	ListenerTracingJson string `protobuf:"bytes,1,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"`
+}
+
+func (x *EscapeHatches) Reset() {
+	*x = EscapeHatches{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_escape_hatches_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EscapeHatches) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EscapeHatches) ProtoMessage() {}
+
+func (x *EscapeHatches) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_escape_hatches_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EscapeHatches.ProtoReflect.Descriptor instead.
+func (*EscapeHatches) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_escape_hatches_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *EscapeHatches) GetListenerTracingJson() string {
+	if x != nil {
+		return x.ListenerTracingJson
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_escape_hatches_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_escape_hatches_proto_rawDesc = []byte{
+	0x0a, 0x24, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0x43, 0x0a, 0x0d, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65,
+	0x48, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65,
+	0x6e, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
+	0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x42, 0x9a, 0x02, 0x0a, 0x22,
+	0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x42, 0x12, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x65,
+	0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c,
+	0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2,
+	0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
+	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_escape_hatches_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_escape_hatches_proto_rawDescData = file_pbmesh_v1alpha1_escape_hatches_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_escape_hatches_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_escape_hatches_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_escape_hatches_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_escape_hatches_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_escape_hatches_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_escape_hatches_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_pbmesh_v1alpha1_escape_hatches_proto_goTypes = []interface{}{
+	(*EscapeHatches)(nil), // 0: hashicorp.consul.mesh.v1alpha1.EscapeHatches
+}
+var file_pbmesh_v1alpha1_escape_hatches_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_escape_hatches_proto_init() }
+func file_pbmesh_v1alpha1_escape_hatches_proto_init() {
+	if File_pbmesh_v1alpha1_escape_hatches_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_escape_hatches_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EscapeHatches); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_escape_hatches_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_escape_hatches_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_escape_hatches_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_escape_hatches_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_escape_hatches_proto = out.File
+	file_pbmesh_v1alpha1_escape_hatches_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_escape_hatches_proto_goTypes = nil
+	file_pbmesh_v1alpha1_escape_hatches_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/escape_hatches.proto b/proto-public/pbmesh/v1alpha1/escape_hatches.proto
new file mode 100644
index 000000000000..cfd855393172
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/escape_hatches.proto
@@ -0,0 +1,11 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+message EscapeHatches {
+  // listener_tracing_json contains user provided tracing configuration.
+  string listener_tracing_json = 1;
+}
diff --git a/proto-public/pbmesh/v1alpha1/header_mutations.pb.binary.go b/proto-public/pbmesh/v1alpha1/header_mutations.pb.binary.go
new file mode 100644
index 000000000000..6655d37183e6
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/header_mutations.pb.binary.go
@@ -0,0 +1,68 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/header_mutations.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HeaderMutation) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HeaderMutation) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *RequestHeaderAdd) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *RequestHeaderAdd) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *RequestHeaderRemove) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *RequestHeaderRemove) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *ResponseHeaderAdd) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *ResponseHeaderAdd) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *ResponseHeaderRemove) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *ResponseHeaderRemove) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *Header) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *Header) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/header_mutations.pb.go b/proto-public/pbmesh/v1alpha1/header_mutations.pb.go
new file mode 100644
index 000000000000..28d8fbe020e3
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/header_mutations.pb.go
@@ -0,0 +1,681 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/header_mutations.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type AppendAction int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD    AppendAction = 0
+	AppendAction_APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD AppendAction = 1
+)
+
+// Enum value maps for AppendAction.
+var (
+	AppendAction_name = map[int32]string{
+		0: "APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD",
+		1: "APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD",
+	}
+	AppendAction_value = map[string]int32{
+		"APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD":    0,
+		"APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD": 1,
+	}
+)
+
+func (x AppendAction) Enum() *AppendAction {
+	p := new(AppendAction)
+	*p = x
+	return p
+}
+
+func (x AppendAction) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (AppendAction) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_header_mutations_proto_enumTypes[0].Descriptor()
+}
+
+func (AppendAction) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_header_mutations_proto_enumTypes[0]
+}
+
+func (x AppendAction) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use AppendAction.Descriptor instead.
+func (AppendAction) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{0}
+}
+
+// Note: it's nice to have this list of header mutations as opposed to configuration similar to Envoy because it
+// translates more nicely from GAMMA HTTPRoute, and our existing service router config. Then xds code can handle turning
+// it into envoy xds.
+type HeaderMutation struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Action:
+	//
+	//	*HeaderMutation_RequestHeaderAdd
+	//	*HeaderMutation_RequestHeaderRemove
+	//	*HeaderMutation_ResponseHeaderAdd
+	//	*HeaderMutation_ResponseHeaderRemove
+	Action isHeaderMutation_Action `protobuf_oneof:"action"`
+}
+
+func (x *HeaderMutation) Reset() {
+	*x = HeaderMutation{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HeaderMutation) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HeaderMutation) ProtoMessage() {}
+
+func (x *HeaderMutation) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HeaderMutation.ProtoReflect.Descriptor instead.
+func (*HeaderMutation) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{0}
+}
+
+func (m *HeaderMutation) GetAction() isHeaderMutation_Action {
+	if m != nil {
+		return m.Action
+	}
+	return nil
+}
+
+func (x *HeaderMutation) GetRequestHeaderAdd() *RequestHeaderAdd {
+	if x, ok := x.GetAction().(*HeaderMutation_RequestHeaderAdd); ok {
+		return x.RequestHeaderAdd
+	}
+	return nil
+}
+
+func (x *HeaderMutation) GetRequestHeaderRemove() *RequestHeaderRemove {
+	if x, ok := x.GetAction().(*HeaderMutation_RequestHeaderRemove); ok {
+		return x.RequestHeaderRemove
+	}
+	return nil
+}
+
+func (x *HeaderMutation) GetResponseHeaderAdd() *ResponseHeaderAdd {
+	if x, ok := x.GetAction().(*HeaderMutation_ResponseHeaderAdd); ok {
+		return x.ResponseHeaderAdd
+	}
+	return nil
+}
+
+func (x *HeaderMutation) GetResponseHeaderRemove() *ResponseHeaderRemove {
+	if x, ok := x.GetAction().(*HeaderMutation_ResponseHeaderRemove); ok {
+		return x.ResponseHeaderRemove
+	}
+	return nil
+}
+
+type isHeaderMutation_Action interface {
+	isHeaderMutation_Action()
+}
+
+type HeaderMutation_RequestHeaderAdd struct {
+	RequestHeaderAdd *RequestHeaderAdd `protobuf:"bytes,1,opt,name=request_header_add,json=requestHeaderAdd,proto3,oneof"`
+}
+
+type HeaderMutation_RequestHeaderRemove struct {
+	RequestHeaderRemove *RequestHeaderRemove `protobuf:"bytes,2,opt,name=request_header_remove,json=requestHeaderRemove,proto3,oneof"`
+}
+
+type HeaderMutation_ResponseHeaderAdd struct {
+	ResponseHeaderAdd *ResponseHeaderAdd `protobuf:"bytes,3,opt,name=response_header_add,json=responseHeaderAdd,proto3,oneof"`
+}
+
+type HeaderMutation_ResponseHeaderRemove struct {
+	ResponseHeaderRemove *ResponseHeaderRemove `protobuf:"bytes,4,opt,name=response_header_remove,json=responseHeaderRemove,proto3,oneof"`
+}
+
+func (*HeaderMutation_RequestHeaderAdd) isHeaderMutation_Action() {}
+
+func (*HeaderMutation_RequestHeaderRemove) isHeaderMutation_Action() {}
+
+func (*HeaderMutation_ResponseHeaderAdd) isHeaderMutation_Action() {}
+
+func (*HeaderMutation_ResponseHeaderRemove) isHeaderMutation_Action() {}
+
+type RequestHeaderAdd struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Header       *Header      `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
+	AppendAction AppendAction `protobuf:"varint,2,opt,name=append_action,json=appendAction,proto3,enum=hashicorp.consul.mesh.v1alpha1.AppendAction" json:"append_action,omitempty"`
+}
+
+func (x *RequestHeaderAdd) Reset() {
+	*x = RequestHeaderAdd{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RequestHeaderAdd) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RequestHeaderAdd) ProtoMessage() {}
+
+func (x *RequestHeaderAdd) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RequestHeaderAdd.ProtoReflect.Descriptor instead.
+func (*RequestHeaderAdd) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *RequestHeaderAdd) GetHeader() *Header {
+	if x != nil {
+		return x.Header
+	}
+	return nil
+}
+
+func (x *RequestHeaderAdd) GetAppendAction() AppendAction {
+	if x != nil {
+		return x.AppendAction
+	}
+	return AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+}
+
+type RequestHeaderRemove struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	HeaderKeys []string `protobuf:"bytes,1,rep,name=header_keys,json=headerKeys,proto3" json:"header_keys,omitempty"`
+}
+
+func (x *RequestHeaderRemove) Reset() {
+	*x = RequestHeaderRemove{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RequestHeaderRemove) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RequestHeaderRemove) ProtoMessage() {}
+
+func (x *RequestHeaderRemove) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RequestHeaderRemove.ProtoReflect.Descriptor instead.
+func (*RequestHeaderRemove) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *RequestHeaderRemove) GetHeaderKeys() []string {
+	if x != nil {
+		return x.HeaderKeys
+	}
+	return nil
+}
+
+type ResponseHeaderAdd struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Header       *Header      `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
+	AppendAction AppendAction `protobuf:"varint,2,opt,name=append_action,json=appendAction,proto3,enum=hashicorp.consul.mesh.v1alpha1.AppendAction" json:"append_action,omitempty"`
+}
+
+func (x *ResponseHeaderAdd) Reset() {
+	*x = ResponseHeaderAdd{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ResponseHeaderAdd) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResponseHeaderAdd) ProtoMessage() {}
+
+func (x *ResponseHeaderAdd) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResponseHeaderAdd.ProtoReflect.Descriptor instead.
+func (*ResponseHeaderAdd) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ResponseHeaderAdd) GetHeader() *Header {
+	if x != nil {
+		return x.Header
+	}
+	return nil
+}
+
+func (x *ResponseHeaderAdd) GetAppendAction() AppendAction {
+	if x != nil {
+		return x.AppendAction
+	}
+	return AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+}
+
+type ResponseHeaderRemove struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	HeaderKeys []string `protobuf:"bytes,1,rep,name=header_keys,json=headerKeys,proto3" json:"header_keys,omitempty"`
+}
+
+func (x *ResponseHeaderRemove) Reset() {
+	*x = ResponseHeaderRemove{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ResponseHeaderRemove) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResponseHeaderRemove) ProtoMessage() {}
+
+func (x *ResponseHeaderRemove) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResponseHeaderRemove.ProtoReflect.Descriptor instead.
+func (*ResponseHeaderRemove) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *ResponseHeaderRemove) GetHeaderKeys() []string {
+	if x != nil {
+		return x.HeaderKeys
+	}
+	return nil
+}
+
+type Header struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Key   string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
+	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *Header) Reset() {
+	*x = Header{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Header) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Header) ProtoMessage() {}
+
+func (x *Header) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Header.ProtoReflect.Descriptor instead.
+func (*Header) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *Header) GetKey() string {
+	if x != nil {
+		return x.Key
+	}
+	return ""
+}
+
+func (x *Header) GetValue() string {
+	if x != nil {
+		return x.Value
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_header_mutations_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_header_mutations_proto_rawDesc = []byte{
+	0x0a, 0x26, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0xba, 0x03, 0x0a, 0x0e, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x60, 0x0a, 0x12, 0x72,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x61, 0x64,
+	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x48, 0x00, 0x52, 0x10, 0x72, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x69, 0x0a,
+	0x15, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f,
+	0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76,
+	0x65, 0x48, 0x00, 0x52, 0x13, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x63, 0x0a, 0x13, 0x72, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x61, 0x64, 0x64, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x48, 0x00, 0x52, 0x11, 0x72, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x6c, 0x0a,
+	0x16, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d,
+	0x6f, 0x76, 0x65, 0x48, 0x00, 0x52, 0x14, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x42, 0x08, 0x0a, 0x06, 0x61,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xa5, 0x01, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x3e, 0x0a, 0x06, 0x68, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x51, 0x0a, 0x0d, 0x61, 0x70,
+	0x70, 0x65, 0x6e, 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0e, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x0c, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x36, 0x0a,
+	0x13, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65,
+	0x6d, 0x6f, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6b,
+	0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x68, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x4b, 0x65, 0x79, 0x73, 0x22, 0xa6, 0x01, 0x0a, 0x11, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x3e, 0x0a, 0x06, 0x68,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x51, 0x0a, 0x0d, 0x61,
+	0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x0c, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x37,
+	0x0a, 0x14, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x68, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x30, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
+	0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x2a, 0x67, 0x0a, 0x0c, 0x41, 0x70, 0x70,
+	0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x29, 0x0a, 0x25, 0x41, 0x50, 0x50,
+	0x45, 0x4e, 0x44, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x41, 0x50, 0x50, 0x45, 0x4e,
+	0x44, 0x5f, 0x49, 0x46, 0x5f, 0x45, 0x58, 0x49, 0x53, 0x54, 0x53, 0x5f, 0x4f, 0x52, 0x5f, 0x41,
+	0x44, 0x44, 0x10, 0x00, 0x12, 0x2c, 0x0a, 0x28, 0x41, 0x50, 0x50, 0x45, 0x4e, 0x44, 0x5f, 0x41,
+	0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x57, 0x52, 0x49, 0x54, 0x45, 0x5f,
+	0x49, 0x46, 0x5f, 0x45, 0x58, 0x49, 0x53, 0x54, 0x53, 0x5f, 0x4f, 0x52, 0x5f, 0x41, 0x44, 0x44,
+	0x10, 0x01, 0x42, 0x9c, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x14, 0x48, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+	0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65,
+	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02,
+	0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca,
+	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_header_mutations_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_header_mutations_proto_rawDescData = file_pbmesh_v1alpha1_header_mutations_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_header_mutations_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_header_mutations_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_header_mutations_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_header_mutations_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbmesh_v1alpha1_header_mutations_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
+var file_pbmesh_v1alpha1_header_mutations_proto_goTypes = []interface{}{
+	(AppendAction)(0),            // 0: hashicorp.consul.mesh.v1alpha1.AppendAction
+	(*HeaderMutation)(nil),       // 1: hashicorp.consul.mesh.v1alpha1.HeaderMutation
+	(*RequestHeaderAdd)(nil),     // 2: hashicorp.consul.mesh.v1alpha1.RequestHeaderAdd
+	(*RequestHeaderRemove)(nil),  // 3: hashicorp.consul.mesh.v1alpha1.RequestHeaderRemove
+	(*ResponseHeaderAdd)(nil),    // 4: hashicorp.consul.mesh.v1alpha1.ResponseHeaderAdd
+	(*ResponseHeaderRemove)(nil), // 5: hashicorp.consul.mesh.v1alpha1.ResponseHeaderRemove
+	(*Header)(nil),               // 6: hashicorp.consul.mesh.v1alpha1.Header
+}
+var file_pbmesh_v1alpha1_header_mutations_proto_depIdxs = []int32{
+	2, // 0: hashicorp.consul.mesh.v1alpha1.HeaderMutation.request_header_add:type_name -> hashicorp.consul.mesh.v1alpha1.RequestHeaderAdd
+	3, // 1: hashicorp.consul.mesh.v1alpha1.HeaderMutation.request_header_remove:type_name -> hashicorp.consul.mesh.v1alpha1.RequestHeaderRemove
+	4, // 2: hashicorp.consul.mesh.v1alpha1.HeaderMutation.response_header_add:type_name -> hashicorp.consul.mesh.v1alpha1.ResponseHeaderAdd
+	5, // 3: hashicorp.consul.mesh.v1alpha1.HeaderMutation.response_header_remove:type_name -> hashicorp.consul.mesh.v1alpha1.ResponseHeaderRemove
+	6, // 4: hashicorp.consul.mesh.v1alpha1.RequestHeaderAdd.header:type_name -> hashicorp.consul.mesh.v1alpha1.Header
+	0, // 5: hashicorp.consul.mesh.v1alpha1.RequestHeaderAdd.append_action:type_name -> hashicorp.consul.mesh.v1alpha1.AppendAction
+	6, // 6: hashicorp.consul.mesh.v1alpha1.ResponseHeaderAdd.header:type_name -> hashicorp.consul.mesh.v1alpha1.Header
+	0, // 7: hashicorp.consul.mesh.v1alpha1.ResponseHeaderAdd.append_action:type_name -> hashicorp.consul.mesh.v1alpha1.AppendAction
+	8, // [8:8] is the sub-list for method output_type
+	8, // [8:8] is the sub-list for method input_type
+	8, // [8:8] is the sub-list for extension type_name
+	8, // [8:8] is the sub-list for extension extendee
+	0, // [0:8] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_header_mutations_proto_init() }
+func file_pbmesh_v1alpha1_header_mutations_proto_init() {
+	if File_pbmesh_v1alpha1_header_mutations_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HeaderMutation); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RequestHeaderAdd); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RequestHeaderRemove); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ResponseHeaderAdd); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ResponseHeaderRemove); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Header); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*HeaderMutation_RequestHeaderAdd)(nil),
+		(*HeaderMutation_RequestHeaderRemove)(nil),
+		(*HeaderMutation_ResponseHeaderAdd)(nil),
+		(*HeaderMutation_ResponseHeaderRemove)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_header_mutations_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   6,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_header_mutations_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_header_mutations_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_header_mutations_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_header_mutations_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_header_mutations_proto = out.File
+	file_pbmesh_v1alpha1_header_mutations_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_header_mutations_proto_goTypes = nil
+	file_pbmesh_v1alpha1_header_mutations_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/header_mutations.proto b/proto-public/pbmesh/v1alpha1/header_mutations.proto
new file mode 100644
index 000000000000..01ad3f825672
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/header_mutations.proto
@@ -0,0 +1,47 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+// Note: it's nice to have this list of header mutations as opposed to configuration similar to Envoy because it
+// translates more nicely from GAMMA HTTPRoute, and our existing service router config. Then xds code can handle turning
+// it into envoy xds.
+message HeaderMutation {
+  oneof action {
+    RequestHeaderAdd request_header_add = 1;
+    RequestHeaderRemove request_header_remove = 2;
+    ResponseHeaderAdd response_header_add = 3;
+    ResponseHeaderRemove response_header_remove = 4;
+  }
+}
+
+message RequestHeaderAdd {
+  Header header = 1;
+  AppendAction append_action = 2;
+}
+
+message RequestHeaderRemove {
+  repeated string header_keys = 1;
+}
+
+message ResponseHeaderAdd {
+  Header header = 1;
+  AppendAction append_action = 2;
+}
+
+message ResponseHeaderRemove {
+  repeated string header_keys = 1;
+}
+
+message Header {
+  string key = 1;
+  string value = 2;
+}
+
+enum AppendAction {
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD = 0;
+  APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD = 1;
+}
diff --git a/proto-public/pbmesh/v1alpha1/intentions.pb.binary.go b/proto-public/pbmesh/v1alpha1/intentions.pb.binary.go
new file mode 100644
index 000000000000..f2c625aa8b89
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/intentions.pb.binary.go
@@ -0,0 +1,28 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/intentions.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *L7Intention) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *L7Intention) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *L4Intention) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *L4Intention) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/intentions.pb.go b/proto-public/pbmesh/v1alpha1/intentions.pb.go
new file mode 100644
index 000000000000..6920ab9b355a
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/intentions.pb.go
@@ -0,0 +1,206 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/intentions.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type L7Intention struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+}
+
+func (x *L7Intention) Reset() {
+	*x = L7Intention{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_intentions_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L7Intention) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L7Intention) ProtoMessage() {}
+
+func (x *L7Intention) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_intentions_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L7Intention.ProtoReflect.Descriptor instead.
+func (*L7Intention) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_intentions_proto_rawDescGZIP(), []int{0}
+}
+
+type L4Intention struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+}
+
+func (x *L4Intention) Reset() {
+	*x = L4Intention{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_intentions_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L4Intention) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L4Intention) ProtoMessage() {}
+
+func (x *L4Intention) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_intentions_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L4Intention.ProtoReflect.Descriptor instead.
+func (*L4Intention) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_intentions_proto_rawDescGZIP(), []int{1}
+}
+
+var File_pbmesh_v1alpha1_intentions_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_intentions_proto_rawDesc = []byte{
+	0x0a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x22, 0x0d, 0x0a, 0x0b, 0x4c, 0x37, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f,
+	0x6e, 0x22, 0x0d, 0x0a, 0x0b, 0x4c, 0x34, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e,
+	0x42, 0x97, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68,
+	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75,
+	0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
+	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
+	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68,
+	0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_intentions_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_intentions_proto_rawDescData = file_pbmesh_v1alpha1_intentions_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_intentions_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_intentions_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_intentions_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_intentions_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_intentions_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_intentions_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_pbmesh_v1alpha1_intentions_proto_goTypes = []interface{}{
+	(*L7Intention)(nil), // 0: hashicorp.consul.mesh.v1alpha1.L7Intention
+	(*L4Intention)(nil), // 1: hashicorp.consul.mesh.v1alpha1.L4Intention
+}
+var file_pbmesh_v1alpha1_intentions_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_intentions_proto_init() }
+func file_pbmesh_v1alpha1_intentions_proto_init() {
+	if File_pbmesh_v1alpha1_intentions_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_intentions_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L7Intention); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_intentions_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L4Intention); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_intentions_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_intentions_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_intentions_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_intentions_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_intentions_proto = out.File
+	file_pbmesh_v1alpha1_intentions_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_intentions_proto_goTypes = nil
+	file_pbmesh_v1alpha1_intentions_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/intentions.proto b/proto-public/pbmesh/v1alpha1/intentions.proto
new file mode 100644
index 000000000000..a008aa63f89b
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/intentions.proto
@@ -0,0 +1,10 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+message L7Intention {}
+
+message L4Intention {}
diff --git a/proto-public/pbmesh/v1alpha1/listener.pb.binary.go b/proto-public/pbmesh/v1alpha1/listener.pb.binary.go
new file mode 100644
index 000000000000..713d6af211b4
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/listener.pb.binary.go
@@ -0,0 +1,78 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/listener.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *Listener) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *Listener) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *Router) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *Router) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *Match) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *Match) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *CidrRange) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *CidrRange) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *L4Destination) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *L4Destination) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *L7Destination) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *L7Destination) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *SNIDestination) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *SNIDestination) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/listener.pb.go b/proto-public/pbmesh/v1alpha1/listener.pb.go
new file mode 100644
index 000000000000..d475ad8acad3
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/listener.pb.go
@@ -0,0 +1,1174 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/listener.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type Direction int32
+
+const (
+	// DIRECTION_UNSPECIFIED is used by mesh gateway listeners.
+	Direction_DIRECTION_UNSPECIFIED Direction = 0
+	Direction_DIRECTION_INBOUND     Direction = 1
+	Direction_DIRECTION_OUTBOUND    Direction = 2
+)
+
+// Enum value maps for Direction.
+var (
+	Direction_name = map[int32]string{
+		0: "DIRECTION_UNSPECIFIED",
+		1: "DIRECTION_INBOUND",
+		2: "DIRECTION_OUTBOUND",
+	}
+	Direction_value = map[string]int32{
+		"DIRECTION_UNSPECIFIED": 0,
+		"DIRECTION_INBOUND":     1,
+		"DIRECTION_OUTBOUND":    2,
+	}
+)
+
+func (x Direction) Enum() *Direction {
+	p := new(Direction)
+	*p = x
+	return p
+}
+
+func (x Direction) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Direction) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_listener_proto_enumTypes[0].Descriptor()
+}
+
+func (Direction) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_listener_proto_enumTypes[0]
+}
+
+func (x Direction) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Direction.Descriptor instead.
+func (Direction) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{0}
+}
+
+// Capabilities map to proxy functionality to enable. These enable tproxy, l7 protocol/alpn inspection, or l4 sni/alpn inspection.
+type Capability int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	Capability_CAPABILITY_TRANSPARENT            Capability = 0
+	Capability_CAPABILITY_L7_PROTOCOL_INSPECTION Capability = 1
+	Capability_CAPABILITY_L4_TLS_INSPECTION      Capability = 2
+)
+
+// Enum value maps for Capability.
+var (
+	Capability_name = map[int32]string{
+		0: "CAPABILITY_TRANSPARENT",
+		1: "CAPABILITY_L7_PROTOCOL_INSPECTION",
+		2: "CAPABILITY_L4_TLS_INSPECTION",
+	}
+	Capability_value = map[string]int32{
+		"CAPABILITY_TRANSPARENT":            0,
+		"CAPABILITY_L7_PROTOCOL_INSPECTION": 1,
+		"CAPABILITY_L4_TLS_INSPECTION":      2,
+	}
+)
+
+func (x Capability) Enum() *Capability {
+	p := new(Capability)
+	*p = x
+	return p
+}
+
+func (x Capability) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Capability) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_listener_proto_enumTypes[1].Descriptor()
+}
+
+func (Capability) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_listener_proto_enumTypes[1]
+}
+
+func (x Capability) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Capability.Descriptor instead.
+func (Capability) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{1}
+}
+
+type L7Protocol int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	L7Protocol_L7_PROTOCOL_HTTP  L7Protocol = 0
+	L7Protocol_L7_PROTOCOL_HTTP2 L7Protocol = 1
+	L7Protocol_L7_PROTOCOL_GRPC  L7Protocol = 2
+)
+
+// Enum value maps for L7Protocol.
+var (
+	L7Protocol_name = map[int32]string{
+		0: "L7_PROTOCOL_HTTP",
+		1: "L7_PROTOCOL_HTTP2",
+		2: "L7_PROTOCOL_GRPC",
+	}
+	L7Protocol_value = map[string]int32{
+		"L7_PROTOCOL_HTTP":  0,
+		"L7_PROTOCOL_HTTP2": 1,
+		"L7_PROTOCOL_GRPC":  2,
+	}
+)
+
+func (x L7Protocol) Enum() *L7Protocol {
+	p := new(L7Protocol)
+	*p = x
+	return p
+}
+
+func (x L7Protocol) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (L7Protocol) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_listener_proto_enumTypes[2].Descriptor()
+}
+
+func (L7Protocol) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_listener_proto_enumTypes[2]
+}
+
+func (x L7Protocol) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use L7Protocol.Descriptor instead.
+func (L7Protocol) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{2}
+}
+
+type Listener struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name is the name of the listener.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// direction tells the listener the direction of traffic.
+	Direction Direction `protobuf:"varint,2,opt,name=direction,proto3,enum=hashicorp.consul.mesh.v1alpha1.Direction" json:"direction,omitempty"`
+	// bind_address describes where to listen.
+	//
+	// Types that are assignable to BindAddress:
+	//
+	//	*Listener_IpPort
+	//	*Listener_UnixSocket
+	BindAddress isListener_BindAddress `protobuf_oneof:"bind_address"`
+	// routers describes how to route traffic from this listener.
+	Routers []*Router `protobuf:"bytes,5,rep,name=routers,proto3" json:"routers,omitempty"`
+	// default_router describes where to route if none of the other router matches match the connection.
+	DefaultRouter *Router `protobuf:"bytes,6,opt,name=default_router,json=defaultRouter,proto3" json:"default_router,omitempty"`
+	// capabilities describe Envoy proxy functionality to enable. These map closely to Envoy listener filters.
+	Capabilities []Capability `protobuf:"varint,7,rep,packed,name=capabilities,proto3,enum=hashicorp.consul.mesh.v1alpha1.Capability" json:"capabilities,omitempty"`
+	// balance_connections configures how the listener should balance connections.
+	BalanceConnections BalanceConnections `protobuf:"varint,8,opt,name=balance_connections,json=balanceConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceConnections" json:"balance_connections,omitempty"`
+	// escape_hatch_listener_json configures a user configured escape hatch listener.
+	EscapeHatchListener string `protobuf:"bytes,9,opt,name=escape_hatch_listener,json=escapeHatchListener,proto3" json:"escape_hatch_listener,omitempty"`
+	// use_escape_hatch_tracing configures whether to use the top level user configured tracing escape hatch for this listener.
+	UseEscapeHatchTracing bool `protobuf:"varint,10,opt,name=use_escape_hatch_tracing,json=useEscapeHatchTracing,proto3" json:"use_escape_hatch_tracing,omitempty"`
+}
+
+func (x *Listener) Reset() {
+	*x = Listener{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Listener) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Listener) ProtoMessage() {}
+
+func (x *Listener) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Listener.ProtoReflect.Descriptor instead.
+func (*Listener) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Listener) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Listener) GetDirection() Direction {
+	if x != nil {
+		return x.Direction
+	}
+	return Direction_DIRECTION_UNSPECIFIED
+}
+
+func (m *Listener) GetBindAddress() isListener_BindAddress {
+	if m != nil {
+		return m.BindAddress
+	}
+	return nil
+}
+
+func (x *Listener) GetIpPort() *IPPortAddress {
+	if x, ok := x.GetBindAddress().(*Listener_IpPort); ok {
+		return x.IpPort
+	}
+	return nil
+}
+
+func (x *Listener) GetUnixSocket() *UnixSocketAddress {
+	if x, ok := x.GetBindAddress().(*Listener_UnixSocket); ok {
+		return x.UnixSocket
+	}
+	return nil
+}
+
+func (x *Listener) GetRouters() []*Router {
+	if x != nil {
+		return x.Routers
+	}
+	return nil
+}
+
+func (x *Listener) GetDefaultRouter() *Router {
+	if x != nil {
+		return x.DefaultRouter
+	}
+	return nil
+}
+
+func (x *Listener) GetCapabilities() []Capability {
+	if x != nil {
+		return x.Capabilities
+	}
+	return nil
+}
+
+func (x *Listener) GetBalanceConnections() BalanceConnections {
+	if x != nil {
+		return x.BalanceConnections
+	}
+	return BalanceConnections_BALANCE_CONNECTIONS_DEFAULT
+}
+
+func (x *Listener) GetEscapeHatchListener() string {
+	if x != nil {
+		return x.EscapeHatchListener
+	}
+	return ""
+}
+
+func (x *Listener) GetUseEscapeHatchTracing() bool {
+	if x != nil {
+		return x.UseEscapeHatchTracing
+	}
+	return false
+}
+
+type isListener_BindAddress interface {
+	isListener_BindAddress()
+}
+
+type Listener_IpPort struct {
+	IpPort *IPPortAddress `protobuf:"bytes,3,opt,name=ip_port,json=ipPort,proto3,oneof"`
+}
+
+type Listener_UnixSocket struct {
+	UnixSocket *UnixSocketAddress `protobuf:"bytes,4,opt,name=unix_socket,json=unixSocket,proto3,oneof"`
+}
+
+func (*Listener_IpPort) isListener_BindAddress() {}
+
+func (*Listener_UnixSocket) isListener_BindAddress() {}
+
+type Router struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// match specifies how to match traffic coming into this listener. If the traffic matches, it will be routed to the
+	// destination.
+	Match *Match `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"`
+	// Types that are assignable to Destination:
+	//
+	//	*Router_L4
+	//	*Router_L7
+	//	*Router_Sni
+	Destination isRouter_Destination `protobuf_oneof:"destination"`
+	// inbound_tls is used by inbound listeners that terminate TLS.
+	InboundTls *TransportSocket `protobuf:"bytes,5,opt,name=inbound_tls,json=inboundTls,proto3" json:"inbound_tls,omitempty"`
+}
+
+func (x *Router) Reset() {
+	*x = Router{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Router) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Router) ProtoMessage() {}
+
+func (x *Router) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Router.ProtoReflect.Descriptor instead.
+func (*Router) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *Router) GetMatch() *Match {
+	if x != nil {
+		return x.Match
+	}
+	return nil
+}
+
+func (m *Router) GetDestination() isRouter_Destination {
+	if m != nil {
+		return m.Destination
+	}
+	return nil
+}
+
+func (x *Router) GetL4() *L4Destination {
+	if x, ok := x.GetDestination().(*Router_L4); ok {
+		return x.L4
+	}
+	return nil
+}
+
+func (x *Router) GetL7() *L7Destination {
+	if x, ok := x.GetDestination().(*Router_L7); ok {
+		return x.L7
+	}
+	return nil
+}
+
+func (x *Router) GetSni() *SNIDestination {
+	if x, ok := x.GetDestination().(*Router_Sni); ok {
+		return x.Sni
+	}
+	return nil
+}
+
+func (x *Router) GetInboundTls() *TransportSocket {
+	if x != nil {
+		return x.InboundTls
+	}
+	return nil
+}
+
+type isRouter_Destination interface {
+	isRouter_Destination()
+}
+
+type Router_L4 struct {
+	// l4 is an l4 destination to route to, which will have a reference to a cluster.
+	L4 *L4Destination `protobuf:"bytes,2,opt,name=l4,proto3,oneof"`
+}
+
+type Router_L7 struct {
+	// l7 is an l7 destination to route to, which will have a reference to a route.
+	L7 *L7Destination `protobuf:"bytes,3,opt,name=l7,proto3,oneof"`
+}
+
+type Router_Sni struct {
+	// sni is an SNI destination, which means there will be no references, but the SNI name will be tied to the cluster
+	// name, so we should generate all clusters.
+	Sni *SNIDestination `protobuf:"bytes,4,opt,name=sni,proto3,oneof"`
+}
+
+func (*Router_L4) isRouter_Destination() {}
+
+func (*Router_L7) isRouter_Destination() {}
+
+func (*Router_Sni) isRouter_Destination() {}
+
+type Match struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	DestinationPort    *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
+	PrefixRanges       []*CidrRange            `protobuf:"bytes,2,rep,name=prefix_ranges,json=prefixRanges,proto3" json:"prefix_ranges,omitempty"`
+	SourcePrefixRanges []*CidrRange            `protobuf:"bytes,3,rep,name=source_prefix_ranges,json=sourcePrefixRanges,proto3" json:"source_prefix_ranges,omitempty"`
+	// server_names matches based on SNI of the incoming request.
+	ServerNames []string `protobuf:"bytes,4,rep,name=server_names,json=serverNames,proto3" json:"server_names,omitempty"`
+}
+
+func (x *Match) Reset() {
+	*x = Match{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Match) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Match) ProtoMessage() {}
+
+func (x *Match) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Match.ProtoReflect.Descriptor instead.
+func (*Match) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Match) GetDestinationPort() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.DestinationPort
+	}
+	return nil
+}
+
+func (x *Match) GetPrefixRanges() []*CidrRange {
+	if x != nil {
+		return x.PrefixRanges
+	}
+	return nil
+}
+
+func (x *Match) GetSourcePrefixRanges() []*CidrRange {
+	if x != nil {
+		return x.SourcePrefixRanges
+	}
+	return nil
+}
+
+func (x *Match) GetServerNames() []string {
+	if x != nil {
+		return x.ServerNames
+	}
+	return nil
+}
+
+type CidrRange struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AddressPrefix string                  `protobuf:"bytes,1,opt,name=address_prefix,json=addressPrefix,proto3" json:"address_prefix,omitempty"`
+	PrefixLen     *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=prefix_len,json=prefixLen,proto3" json:"prefix_len,omitempty"`
+}
+
+func (x *CidrRange) Reset() {
+	*x = CidrRange{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CidrRange) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CidrRange) ProtoMessage() {}
+
+func (x *CidrRange) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CidrRange.ProtoReflect.Descriptor instead.
+func (*CidrRange) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *CidrRange) GetAddressPrefix() string {
+	if x != nil {
+		return x.AddressPrefix
+	}
+	return ""
+}
+
+func (x *CidrRange) GetPrefixLen() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.PrefixLen
+	}
+	return nil
+}
+
+type L4Destination struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name is a key in the top level clusters map. This specifies which cluster to go to in this L4 destination.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
+	StatPrefix string `protobuf:"bytes,2,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
+	// intentions is a list of intentions for this destination.
+	Intentions []*L4Intention `protobuf:"bytes,3,rep,name=intentions,proto3" json:"intentions,omitempty"`
+	// max_inbound_connections specifies how many connections this destination can accept.
+	MaxInboundConnections uint64 `protobuf:"varint,4,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
+}
+
+func (x *L4Destination) Reset() {
+	*x = L4Destination{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L4Destination) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L4Destination) ProtoMessage() {}
+
+func (x *L4Destination) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L4Destination.ProtoReflect.Descriptor instead.
+func (*L4Destination) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *L4Destination) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *L4Destination) GetStatPrefix() string {
+	if x != nil {
+		return x.StatPrefix
+	}
+	return ""
+}
+
+func (x *L4Destination) GetIntentions() []*L4Intention {
+	if x != nil {
+		return x.Intentions
+	}
+	return nil
+}
+
+func (x *L4Destination) GetMaxInboundConnections() uint64 {
+	if x != nil {
+		return x.MaxInboundConnections
+	}
+	return 0
+}
+
+type L7Destination struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name is a key in the top level routes map. This specifies which route to go to in this L7 destination.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
+	StatPrefix string `protobuf:"bytes,2,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
+	// protocol for the destination.
+	Protocol L7Protocol `protobuf:"varint,3,opt,name=protocol,proto3,enum=hashicorp.consul.mesh.v1alpha1.L7Protocol" json:"protocol,omitempty"`
+	// intentions is a list of intentions for this destination.
+	Intentions []*L7Intention `protobuf:"bytes,4,rep,name=intentions,proto3" json:"intentions,omitempty"`
+	// include_xfcc specifies whether to add xfcc header.
+	IncludeXfcc bool `protobuf:"varint,5,opt,name=include_xfcc,json=includeXfcc,proto3" json:"include_xfcc,omitempty"`
+	// static_route specifies whether this is a static route that is inlined in the listener filter. This is required to
+	// match existing xds config.
+	StaticRoute bool `protobuf:"varint,6,opt,name=static_route,json=staticRoute,proto3" json:"static_route,omitempty"`
+	// max_inbound_connections specifies how many connections this destination can accept.
+	MaxInboundConnections uint64 `protobuf:"varint,7,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
+}
+
+func (x *L7Destination) Reset() {
+	*x = L7Destination{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L7Destination) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L7Destination) ProtoMessage() {}
+
+func (x *L7Destination) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L7Destination.ProtoReflect.Descriptor instead.
+func (*L7Destination) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *L7Destination) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *L7Destination) GetStatPrefix() string {
+	if x != nil {
+		return x.StatPrefix
+	}
+	return ""
+}
+
+func (x *L7Destination) GetProtocol() L7Protocol {
+	if x != nil {
+		return x.Protocol
+	}
+	return L7Protocol_L7_PROTOCOL_HTTP
+}
+
+func (x *L7Destination) GetIntentions() []*L7Intention {
+	if x != nil {
+		return x.Intentions
+	}
+	return nil
+}
+
+func (x *L7Destination) GetIncludeXfcc() bool {
+	if x != nil {
+		return x.IncludeXfcc
+	}
+	return false
+}
+
+func (x *L7Destination) GetStaticRoute() bool {
+	if x != nil {
+		return x.StaticRoute
+	}
+	return false
+}
+
+func (x *L7Destination) GetMaxInboundConnections() uint64 {
+	if x != nil {
+		return x.MaxInboundConnections
+	}
+	return 0
+}
+
+type SNIDestination struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
+	StatPrefix string `protobuf:"bytes,1,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
+}
+
+func (x *SNIDestination) Reset() {
+	*x = SNIDestination{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SNIDestination) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SNIDestination) ProtoMessage() {}
+
+func (x *SNIDestination) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SNIDestination.ProtoReflect.Descriptor instead.
+func (*SNIDestination) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *SNIDestination) GetStatPrefix() string {
+	if x != nil {
+		return x.StatPrefix
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_listener_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_listener_proto_rawDesc = []byte{
+	0x0a, 0x1e, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x1a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f,
+	0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x70, 0x62,
+	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x75, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xca, 0x05,
+	0x0a, 0x08, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x47,
+	0x0a, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0e, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x64, 0x69,
+	0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x07, 0x69, 0x70, 0x5f, 0x70, 0x6f,
+	0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x50, 0x50, 0x6f, 0x72, 0x74,
+	0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x06, 0x69, 0x70, 0x50, 0x6f, 0x72,
+	0x74, 0x12, 0x54, 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b,
+	0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x0a, 0x75, 0x6e, 0x69,
+	0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x40, 0x0a, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x65,
+	0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72,
+	0x52, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4d, 0x0a, 0x0e, 0x64, 0x65, 0x66,
+	0x61, 0x75, 0x6c, 0x74, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x26, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x52, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75,
+	0x6c, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x12, 0x4e, 0x0a, 0x0c, 0x63, 0x61, 0x70, 0x61,
+	0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x2a,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x0c, 0x63, 0x61, 0x70, 0x61,
+	0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x63, 0x0a, 0x13, 0x62, 0x61, 0x6c, 0x61,
+	0x6e, 0x63, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+	0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x12, 0x62, 0x61, 0x6c, 0x61, 0x6e,
+	0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x32, 0x0a,
+	0x15, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x69,
+	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x65, 0x73,
+	0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65,
+	0x72, 0x12, 0x37, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x5f, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f,
+	0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x18, 0x0a, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x15, 0x75, 0x73, 0x65, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61,
+	0x74, 0x63, 0x68, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x0e, 0x0a, 0x0c, 0x62, 0x69,
+	0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, 0xec, 0x02, 0x0a, 0x06, 0x52,
+	0x6f, 0x75, 0x74, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x6d, 0x61, 0x74,
+	0x63, 0x68, 0x12, 0x3f, 0x0a, 0x02, 0x6c, 0x34, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x4c, 0x34, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52,
+	0x02, 0x6c, 0x34, 0x12, 0x3f, 0x0a, 0x02, 0x6c, 0x37, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x4c, 0x37, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00,
+	0x52, 0x02, 0x6c, 0x37, 0x12, 0x42, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x53, 0x4e, 0x49, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x48, 0x00, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, 0x50, 0x0a, 0x0b, 0x69, 0x6e, 0x62, 0x6f,
+	0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54,
+	0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0a,
+	0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x42, 0x0d, 0x0a, 0x0b, 0x64, 0x65,
+	0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xa0, 0x02, 0x0a, 0x05, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x12, 0x47, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x64, 0x65, 0x73,
+	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x4e, 0x0a, 0x0d,
+	0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0c,
+	0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x12, 0x5b, 0x0a, 0x14,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x72, 0x61,
+	0x6e, 0x67, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x69, 0x64, 0x72,
+	0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x12, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x50, 0x72, 0x65,
+	0x66, 0x69, 0x78, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52,
+	0x0b, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x6f, 0x0a, 0x09,
+	0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x64, 0x64,
+	0x72, 0x65, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0d, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78,
+	0x12, 0x3b, 0x0a, 0x0a, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x52, 0x09, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x4c, 0x65, 0x6e, 0x22, 0xc9, 0x01,
+	0x0a, 0x0d, 0x4c, 0x34, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
+	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66,
+	0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72,
+	0x65, 0x66, 0x69, 0x78, 0x12, 0x4b, 0x0a, 0x0a, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x34, 0x49, 0x6e, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x12, 0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64,
+	0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x04, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xd7, 0x02, 0x0a, 0x0d, 0x4c, 0x37,
+	0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78,
+	0x12, 0x46, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x4c, 0x37, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x08,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x4b, 0x0a, 0x0a, 0x69, 0x6e, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x37,
+	0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x69, 0x6e, 0x74, 0x65, 0x6e,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65,
+	0x5f, 0x78, 0x66, 0x63, 0x63, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x6e, 0x63,
+	0x6c, 0x75, 0x64, 0x65, 0x58, 0x66, 0x63, 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x74, 0x61, 0x74,
+	0x69, 0x63, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b,
+	0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x17, 0x6d,
+	0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, 0x6d, 0x61,
+	0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x22, 0x31, 0x0a, 0x0e, 0x53, 0x4e, 0x49, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72,
+	0x65, 0x66, 0x69, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74,
+	0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x2a, 0x55, 0x0a, 0x09, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e,
+	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15,
+	0x0a, 0x11, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x49, 0x4e, 0x42, 0x4f,
+	0x55, 0x4e, 0x44, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49,
+	0x4f, 0x4e, 0x5f, 0x4f, 0x55, 0x54, 0x42, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x02, 0x2a, 0x71, 0x0a,
+	0x0a, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x1a, 0x0a, 0x16, 0x43,
+	0x41, 0x50, 0x41, 0x42, 0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x50,
+	0x41, 0x52, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, 0x25, 0x0a, 0x21, 0x43, 0x41, 0x50, 0x41, 0x42,
+	0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x4c, 0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f,
+	0x4c, 0x5f, 0x49, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x01, 0x12, 0x20,
+	0x0a, 0x1c, 0x43, 0x41, 0x50, 0x41, 0x42, 0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x4c, 0x34, 0x5f,
+	0x54, 0x4c, 0x53, 0x5f, 0x49, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x02,
+	0x2a, 0x4f, 0x0a, 0x0a, 0x4c, 0x37, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x14,
+	0x0a, 0x10, 0x4c, 0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54,
+	0x54, 0x50, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x4c, 0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f,
+	0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x32, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x4c,
+	0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x47, 0x52, 0x50, 0x43, 0x10,
+	0x02, 0x42, 0x95, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
+	0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75,
+	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62,
+	0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
+	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
+	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
+	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_listener_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_listener_proto_rawDescData = file_pbmesh_v1alpha1_listener_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_listener_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_listener_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_listener_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_listener_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_listener_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_listener_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
+var file_pbmesh_v1alpha1_listener_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
+var file_pbmesh_v1alpha1_listener_proto_goTypes = []interface{}{
+	(Direction)(0),                 // 0: hashicorp.consul.mesh.v1alpha1.Direction
+	(Capability)(0),                // 1: hashicorp.consul.mesh.v1alpha1.Capability
+	(L7Protocol)(0),                // 2: hashicorp.consul.mesh.v1alpha1.L7Protocol
+	(*Listener)(nil),               // 3: hashicorp.consul.mesh.v1alpha1.Listener
+	(*Router)(nil),                 // 4: hashicorp.consul.mesh.v1alpha1.Router
+	(*Match)(nil),                  // 5: hashicorp.consul.mesh.v1alpha1.Match
+	(*CidrRange)(nil),              // 6: hashicorp.consul.mesh.v1alpha1.CidrRange
+	(*L4Destination)(nil),          // 7: hashicorp.consul.mesh.v1alpha1.L4Destination
+	(*L7Destination)(nil),          // 8: hashicorp.consul.mesh.v1alpha1.L7Destination
+	(*SNIDestination)(nil),         // 9: hashicorp.consul.mesh.v1alpha1.SNIDestination
+	(*IPPortAddress)(nil),          // 10: hashicorp.consul.mesh.v1alpha1.IPPortAddress
+	(*UnixSocketAddress)(nil),      // 11: hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
+	(BalanceConnections)(0),        // 12: hashicorp.consul.mesh.v1alpha1.BalanceConnections
+	(*TransportSocket)(nil),        // 13: hashicorp.consul.mesh.v1alpha1.TransportSocket
+	(*wrapperspb.UInt32Value)(nil), // 14: google.protobuf.UInt32Value
+	(*L4Intention)(nil),            // 15: hashicorp.consul.mesh.v1alpha1.L4Intention
+	(*L7Intention)(nil),            // 16: hashicorp.consul.mesh.v1alpha1.L7Intention
+}
+var file_pbmesh_v1alpha1_listener_proto_depIdxs = []int32{
+	0,  // 0: hashicorp.consul.mesh.v1alpha1.Listener.direction:type_name -> hashicorp.consul.mesh.v1alpha1.Direction
+	10, // 1: hashicorp.consul.mesh.v1alpha1.Listener.ip_port:type_name -> hashicorp.consul.mesh.v1alpha1.IPPortAddress
+	11, // 2: hashicorp.consul.mesh.v1alpha1.Listener.unix_socket:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
+	4,  // 3: hashicorp.consul.mesh.v1alpha1.Listener.routers:type_name -> hashicorp.consul.mesh.v1alpha1.Router
+	4,  // 4: hashicorp.consul.mesh.v1alpha1.Listener.default_router:type_name -> hashicorp.consul.mesh.v1alpha1.Router
+	1,  // 5: hashicorp.consul.mesh.v1alpha1.Listener.capabilities:type_name -> hashicorp.consul.mesh.v1alpha1.Capability
+	12, // 6: hashicorp.consul.mesh.v1alpha1.Listener.balance_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceConnections
+	5,  // 7: hashicorp.consul.mesh.v1alpha1.Router.match:type_name -> hashicorp.consul.mesh.v1alpha1.Match
+	7,  // 8: hashicorp.consul.mesh.v1alpha1.Router.l4:type_name -> hashicorp.consul.mesh.v1alpha1.L4Destination
+	8,  // 9: hashicorp.consul.mesh.v1alpha1.Router.l7:type_name -> hashicorp.consul.mesh.v1alpha1.L7Destination
+	9,  // 10: hashicorp.consul.mesh.v1alpha1.Router.sni:type_name -> hashicorp.consul.mesh.v1alpha1.SNIDestination
+	13, // 11: hashicorp.consul.mesh.v1alpha1.Router.inbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.TransportSocket
+	14, // 12: hashicorp.consul.mesh.v1alpha1.Match.destination_port:type_name -> google.protobuf.UInt32Value
+	6,  // 13: hashicorp.consul.mesh.v1alpha1.Match.prefix_ranges:type_name -> hashicorp.consul.mesh.v1alpha1.CidrRange
+	6,  // 14: hashicorp.consul.mesh.v1alpha1.Match.source_prefix_ranges:type_name -> hashicorp.consul.mesh.v1alpha1.CidrRange
+	14, // 15: hashicorp.consul.mesh.v1alpha1.CidrRange.prefix_len:type_name -> google.protobuf.UInt32Value
+	15, // 16: hashicorp.consul.mesh.v1alpha1.L4Destination.intentions:type_name -> hashicorp.consul.mesh.v1alpha1.L4Intention
+	2,  // 17: hashicorp.consul.mesh.v1alpha1.L7Destination.protocol:type_name -> hashicorp.consul.mesh.v1alpha1.L7Protocol
+	16, // 18: hashicorp.consul.mesh.v1alpha1.L7Destination.intentions:type_name -> hashicorp.consul.mesh.v1alpha1.L7Intention
+	19, // [19:19] is the sub-list for method output_type
+	19, // [19:19] is the sub-list for method input_type
+	19, // [19:19] is the sub-list for extension type_name
+	19, // [19:19] is the sub-list for extension extendee
+	0,  // [0:19] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_listener_proto_init() }
+func file_pbmesh_v1alpha1_listener_proto_init() {
+	if File_pbmesh_v1alpha1_listener_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_connection_proto_init()
+	file_pbmesh_v1alpha1_intentions_proto_init()
+	file_pbmesh_v1alpha1_transport_socket_proto_init()
+	file_pbmesh_v1alpha1_upstreams_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_listener_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Listener); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_listener_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Router); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_listener_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Match); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_listener_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CidrRange); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_listener_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L4Destination); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_listener_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L7Destination); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_listener_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SNIDestination); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_listener_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*Listener_IpPort)(nil),
+		(*Listener_UnixSocket)(nil),
+	}
+	file_pbmesh_v1alpha1_listener_proto_msgTypes[1].OneofWrappers = []interface{}{
+		(*Router_L4)(nil),
+		(*Router_L7)(nil),
+		(*Router_Sni)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_listener_proto_rawDesc,
+			NumEnums:      3,
+			NumMessages:   7,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_listener_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_listener_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_listener_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_listener_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_listener_proto = out.File
+	file_pbmesh_v1alpha1_listener_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_listener_proto_goTypes = nil
+	file_pbmesh_v1alpha1_listener_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/listener.proto b/proto-public/pbmesh/v1alpha1/listener.proto
new file mode 100644
index 000000000000..441f5eea83b1
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/listener.proto
@@ -0,0 +1,123 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "google/protobuf/wrappers.proto";
+import "pbmesh/v1alpha1/connection.proto";
+import "pbmesh/v1alpha1/intentions.proto";
+import "pbmesh/v1alpha1/transport_socket.proto";
+import "pbmesh/v1alpha1/upstreams.proto";
+
+message Listener {
+  // name is the name of the listener.
+  string name = 1;
+  // direction tells the listener the direction of traffic.
+  Direction direction = 2;
+  // bind_address describes where to listen.
+  oneof bind_address {
+    IPPortAddress ip_port = 3;
+    UnixSocketAddress unix_socket = 4;
+  }
+
+  // routers describes how to route traffic from this listener.
+  repeated Router routers = 5;
+  // default_router describes where to route if none of the other router matches match the connection.
+  Router default_router = 6;
+  // capabilities describe Envoy proxy functionality to enable. These map closely to Envoy listener filters.
+  repeated Capability capabilities = 7;
+  // balance_connections configures how the listener should balance connections.
+  BalanceConnections balance_connections = 8;
+  // escape_hatch_listener_json configures a user configured escape hatch listener.
+  string escape_hatch_listener = 9;
+  // use_escape_hatch_tracing configures whether to use the top level user configured tracing escape hatch for this listener.
+  bool use_escape_hatch_tracing = 10;
+}
+
+enum Direction {
+  // DIRECTION_UNSPECIFIED is used by mesh gateway listeners.
+  DIRECTION_UNSPECIFIED = 0;
+  DIRECTION_INBOUND = 1;
+  DIRECTION_OUTBOUND = 2;
+}
+
+// Capabilities map to proxy functionality to enable. These enable tproxy, l7 protocol/alpn inspection, or l4 sni/alpn inspection.
+enum Capability {
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  CAPABILITY_TRANSPARENT = 0;
+  CAPABILITY_L7_PROTOCOL_INSPECTION = 1;
+  CAPABILITY_L4_TLS_INSPECTION = 2;
+}
+
+message Router {
+  // match specifies how to match traffic coming into this listener. If the traffic matches, it will be routed to the
+  // destination.
+  Match match = 1;
+  oneof destination {
+    // l4 is an l4 destination to route to, which will have a reference to a cluster.
+    L4Destination l4 = 2;
+    // l7 is an l7 destination to route to, which will have a reference to a route.
+    L7Destination l7 = 3;
+    // sni is an SNI destination, which means there will be no references, but the SNI name will be tied to the cluster
+    // name, so we should generate all clusters.
+    SNIDestination sni = 4;
+  }
+  // inbound_tls is used by inbound listeners that terminate TLS.
+  TransportSocket inbound_tls = 5;
+}
+
+message Match {
+  google.protobuf.UInt32Value destination_port = 1;
+  repeated CidrRange prefix_ranges = 2;
+  repeated CidrRange source_prefix_ranges = 3;
+  // server_names matches based on SNI of the incoming request.
+  repeated string server_names = 4;
+}
+
+message CidrRange {
+  string address_prefix = 1;
+  google.protobuf.UInt32Value prefix_len = 2;
+}
+
+message L4Destination {
+  // name is a key in the top level clusters map. This specifies which cluster to go to in this L4 destination.
+  string name = 1;
+  // stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
+  string stat_prefix = 2;
+  // intentions is a list of intentions for this destination.
+  repeated L4Intention intentions = 3;
+  // max_inbound_connections specifies how many connections this destination can accept.
+  uint64 max_inbound_connections = 4;
+}
+
+message L7Destination {
+  // name is a key in the top level routes map. This specifies which route to go to in this L7 destination.
+  string name = 1;
+  // stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
+  string stat_prefix = 2;
+  // protocol for the destination.
+  L7Protocol protocol = 3;
+  // intentions is a list of intentions for this destination.
+  repeated L7Intention intentions = 4;
+  // include_xfcc specifies whether to add xfcc header.
+  bool include_xfcc = 5;
+  // static_route specifies whether this is a static route that is inlined in the listener filter. This is required to
+  // match existing xds config.
+  bool static_route = 6;
+  // max_inbound_connections specifies how many connections this destination can accept.
+  uint64 max_inbound_connections = 7;
+}
+
+enum L7Protocol {
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  L7_PROTOCOL_HTTP = 0;
+  L7_PROTOCOL_HTTP2 = 1;
+  L7_PROTOCOL_GRPC = 2;
+}
+
+message SNIDestination {
+  // stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
+  string stat_prefix = 1;
+}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.pb.binary.go b/proto-public/pbmesh/v1alpha1/proxy_state.pb.binary.go
new file mode 100644
index 000000000000..747ffba08044
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.pb.binary.go
@@ -0,0 +1,28 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/proxy_state.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *ProxyStateTemplate) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *ProxyStateTemplate) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *ProxyState) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *ProxyState) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
new file mode 100644
index 000000000000..5a9ba0d35cf4
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
@@ -0,0 +1,552 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/proxy_state.proto
+
+package meshv1alpha1
+
+import (
+	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type ProxyStateTemplate struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// proxy_state is the partially filled out ProxyState resource. The Endpoints, LeafCertificates and TrustBundles fields will need filling in after the resource is stored.
+	ProxyState *ProxyState `protobuf:"bytes,1,opt,name=proxy_state,json=proxyState,proto3" json:"proxy_state,omitempty"`
+	// required_endpoints is a map of arbitrary string names to endpoint refs that need fetching by the proxy state controller.
+	RequiredEndpoints map[string]*EndpointRef `protobuf:"bytes,2,rep,name=required_endpoints,json=requiredEndpoints,proto3" json:"required_endpoints,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// required_leaf_certificates is a map of arbitrary string names to leaf certificates that need fetching/generation by the proxy state controller.
+	RequiredLeafCertificates map[string]*LeafCertificateRef `protobuf:"bytes,3,rep,name=required_leaf_certificates,json=requiredLeafCertificates,proto3" json:"required_leaf_certificates,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// required_trust_bundles is a map of arbitrary string names to trust bundle refs that need fetching by the proxy state controller.
+	RequiredTrustBundles map[string]*TrustBundleRef `protobuf:"bytes,4,rep,name=required_trust_bundles,json=requiredTrustBundles,proto3" json:"required_trust_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (x *ProxyStateTemplate) Reset() {
+	*x = ProxyStateTemplate{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ProxyStateTemplate) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProxyStateTemplate) ProtoMessage() {}
+
+func (x *ProxyStateTemplate) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProxyStateTemplate.ProtoReflect.Descriptor instead.
+func (*ProxyStateTemplate) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_proxy_state_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ProxyStateTemplate) GetProxyState() *ProxyState {
+	if x != nil {
+		return x.ProxyState
+	}
+	return nil
+}
+
+func (x *ProxyStateTemplate) GetRequiredEndpoints() map[string]*EndpointRef {
+	if x != nil {
+		return x.RequiredEndpoints
+	}
+	return nil
+}
+
+func (x *ProxyStateTemplate) GetRequiredLeafCertificates() map[string]*LeafCertificateRef {
+	if x != nil {
+		return x.RequiredLeafCertificates
+	}
+	return nil
+}
+
+func (x *ProxyStateTemplate) GetRequiredTrustBundles() map[string]*TrustBundleRef {
+	if x != nil {
+		return x.RequiredTrustBundles
+	}
+	return nil
+}
+
+type ProxyState struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// id is this proxy's ID.
+	Id *pbresource.ID `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	// listeners is a list of listeners for this proxy.
+	Listeners []*Listener `protobuf:"bytes,2,rep,name=listeners,proto3" json:"listeners,omitempty"`
+	// clusters is a map from cluster name to clusters. The keys are referenced from listeners or routes.
+	Clusters map[string]*Cluster `protobuf:"bytes,3,rep,name=clusters,proto3" json:"clusters,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// routes is a map from route name to routes. The keys are referenced from listeners.
+	Routes map[string]*Route `protobuf:"bytes,4,rep,name=routes,proto3" json:"routes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// endpoints is a map from cluster name to endpoints.
+	Endpoints map[string]*Endpoints `protobuf:"bytes,5,rep,name=endpoints,proto3" json:"endpoints,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// leaf certificates is a map from UUID to leaf certificates.
+	LeafCertificates map[string]*LeafCertificate `protobuf:"bytes,6,rep,name=leaf_certificates,json=leafCertificates,proto3" json:"leaf_certificates,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// trust bundles is a map from peer name to trust bundles.
+	TrustBundles map[string]*TrustBundle `protobuf:"bytes,7,rep,name=trust_bundles,json=trustBundles,proto3" json:"trust_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// tls has TLS configuration for this proxy.
+	Tls *TLS `protobuf:"bytes,8,opt,name=tls,proto3" json:"tls,omitempty"`
+	// intention_default_allow is the default action for intentions. This determines how the Envoy RBAC filters are generated.
+	IntentionDefaultAllow bool `protobuf:"varint,9,opt,name=intention_default_allow,json=intentionDefaultAllow,proto3" json:"intention_default_allow,omitempty"`
+	// escape defines top level escape hatches. These are user configured json strings that configure an entire piece of listener or cluster Envoy configuration.
+	Escape *EscapeHatches `protobuf:"bytes,10,opt,name=escape,proto3" json:"escape,omitempty"`
+	// access_logs configures access logging for this proxy.
+	AccessLogs *AccessLogs `protobuf:"bytes,11,opt,name=access_logs,json=accessLogs,proto3" json:"access_logs,omitempty"`
+}
+
+func (x *ProxyState) Reset() {
+	*x = ProxyState{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ProxyState) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProxyState) ProtoMessage() {}
+
+func (x *ProxyState) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProxyState.ProtoReflect.Descriptor instead.
+func (*ProxyState) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_proxy_state_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *ProxyState) GetId() *pbresource.ID {
+	if x != nil {
+		return x.Id
+	}
+	return nil
+}
+
+func (x *ProxyState) GetListeners() []*Listener {
+	if x != nil {
+		return x.Listeners
+	}
+	return nil
+}
+
+func (x *ProxyState) GetClusters() map[string]*Cluster {
+	if x != nil {
+		return x.Clusters
+	}
+	return nil
+}
+
+func (x *ProxyState) GetRoutes() map[string]*Route {
+	if x != nil {
+		return x.Routes
+	}
+	return nil
+}
+
+func (x *ProxyState) GetEndpoints() map[string]*Endpoints {
+	if x != nil {
+		return x.Endpoints
+	}
+	return nil
+}
+
+func (x *ProxyState) GetLeafCertificates() map[string]*LeafCertificate {
+	if x != nil {
+		return x.LeafCertificates
+	}
+	return nil
+}
+
+func (x *ProxyState) GetTrustBundles() map[string]*TrustBundle {
+	if x != nil {
+		return x.TrustBundles
+	}
+	return nil
+}
+
+func (x *ProxyState) GetTls() *TLS {
+	if x != nil {
+		return x.Tls
+	}
+	return nil
+}
+
+func (x *ProxyState) GetIntentionDefaultAllow() bool {
+	if x != nil {
+		return x.IntentionDefaultAllow
+	}
+	return false
+}
+
+func (x *ProxyState) GetEscape() *EscapeHatches {
+	if x != nil {
+		return x.Escape
+	}
+	return nil
+}
+
+func (x *ProxyState) GetAccessLogs() *AccessLogs {
+	if x != nil {
+		return x.AccessLogs
+	}
+	return nil
+}
+
+var File_pbmesh_v1alpha1_proxy_state_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_proxy_state_proto_rawDesc = []byte{
+	0x0a, 0x21, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x1a, 0x21, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x24, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68,
+	0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x70, 0x62,
+	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x6c, 0x69,
+	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62,
+	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x72, 0x65,
+	0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b,
+	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
+	0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x70, 0x62, 0x6d,
+	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x72, 0x61,
+	0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f,
+	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xde,
+	0x06, 0x0a, 0x12, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d,
+	0x70, 0x6c, 0x61, 0x74, 0x65, 0x12, 0x4b, 0x0a, 0x0b, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78,
+	0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61,
+	0x74, 0x65, 0x12, 0x78, 0x0a, 0x12, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x5f, 0x65,
+	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61,
+	0x74, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x72, 0x65, 0x71, 0x75, 0x69,
+	0x72, 0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x8e, 0x01, 0x0a,
+	0x1a, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x5f, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x50, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d,
+	0x70, 0x6c, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x4c, 0x65,
+	0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x52, 0x18, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x4c, 0x65, 0x61,
+	0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x82, 0x01,
+	0x0a, 0x16, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x5f, 0x74, 0x72, 0x75, 0x73, 0x74,
+	0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x4c,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61,
+	0x74, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74,
+	0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x14, 0x72, 0x65,
+	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c,
+	0x65, 0x73, 0x1a, 0x71, 0x0a, 0x16, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x45, 0x6e,
+	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
+	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x41,
+	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45,
+	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x7f, 0x0a, 0x1d, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
+	0x64, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x48, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x66, 0x52, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x77, 0x0a, 0x19, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72,
+	0x65, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x44, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c,
+	0x65, 0x52, 0x65, 0x66, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22,
+	0xec, 0x0a, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2d,
+	0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x49, 0x44, 0x52, 0x02, 0x69, 0x64, 0x12, 0x46, 0x0a,
+	0x09, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x6c, 0x69, 0x73, 0x74,
+	0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x54, 0x0a, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
+	0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74,
+	0x61, 0x74, 0x65, 0x2e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4e, 0x0a, 0x06, 0x72,
+	0x6f, 0x75, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f,
+	0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x52, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x57, 0x0a, 0x09, 0x65,
+	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x73, 0x12, 0x6d, 0x0a, 0x11, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x65, 0x61, 0x66,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x52, 0x10, 0x6c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x73, 0x12, 0x61, 0x0a, 0x0d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e,
+	0x64, 0x6c, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78,
+	0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64,
+	0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x42,
+	0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x08, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x36, 0x0a,
+	0x17, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75,
+	0x6c, 0x74, 0x5f, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15,
+	0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x12, 0x45, 0x0a, 0x06, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x18,
+	0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74,
+	0x63, 0x68, 0x65, 0x73, 0x52, 0x06, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x12, 0x4b, 0x0a, 0x0b,
+	0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x0a, 0x61,
+	0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x1a, 0x64, 0x0a, 0x0d, 0x43, 0x6c, 0x75,
+	0x73, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65,
+	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3d, 0x0a, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x6c, 0x75,
+	0x73, 0x74, 0x65, 0x72, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a,
+	0x60, 0x0a, 0x0b, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
+	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
+	0x12, 0x3b, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x25, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
+	0x01, 0x1a, 0x67, 0x0a, 0x0e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x74, 0x0a, 0x15, 0x4c, 0x65,
+	0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x45, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
+	0x1a, 0x6c, 0x0a, 0x11, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73,
+	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x41, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e,
+	0x64, 0x6c, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x97,
+	0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74,
+	0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c,
+	0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2,
+	0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
+	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_proxy_state_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_proxy_state_proto_rawDescData = file_pbmesh_v1alpha1_proxy_state_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_proxy_state_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_proxy_state_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_proxy_state_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_proxy_state_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_proxy_state_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_proxy_state_proto_msgTypes = make([]protoimpl.MessageInfo, 10)
+var file_pbmesh_v1alpha1_proxy_state_proto_goTypes = []interface{}{
+	(*ProxyStateTemplate)(nil), // 0: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate
+	(*ProxyState)(nil),         // 1: hashicorp.consul.mesh.v1alpha1.ProxyState
+	nil,                        // 2: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredEndpointsEntry
+	nil,                        // 3: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredLeafCertificatesEntry
+	nil,                        // 4: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredTrustBundlesEntry
+	nil,                        // 5: hashicorp.consul.mesh.v1alpha1.ProxyState.ClustersEntry
+	nil,                        // 6: hashicorp.consul.mesh.v1alpha1.ProxyState.RoutesEntry
+	nil,                        // 7: hashicorp.consul.mesh.v1alpha1.ProxyState.EndpointsEntry
+	nil,                        // 8: hashicorp.consul.mesh.v1alpha1.ProxyState.LeafCertificatesEntry
+	nil,                        // 9: hashicorp.consul.mesh.v1alpha1.ProxyState.TrustBundlesEntry
+	(*pbresource.ID)(nil),      // 10: hashicorp.consul.resource.ID
+	(*Listener)(nil),           // 11: hashicorp.consul.mesh.v1alpha1.Listener
+	(*TLS)(nil),                // 12: hashicorp.consul.mesh.v1alpha1.TLS
+	(*EscapeHatches)(nil),      // 13: hashicorp.consul.mesh.v1alpha1.EscapeHatches
+	(*AccessLogs)(nil),         // 14: hashicorp.consul.mesh.v1alpha1.AccessLogs
+	(*EndpointRef)(nil),        // 15: hashicorp.consul.mesh.v1alpha1.EndpointRef
+	(*LeafCertificateRef)(nil), // 16: hashicorp.consul.mesh.v1alpha1.LeafCertificateRef
+	(*TrustBundleRef)(nil),     // 17: hashicorp.consul.mesh.v1alpha1.TrustBundleRef
+	(*Cluster)(nil),            // 18: hashicorp.consul.mesh.v1alpha1.Cluster
+	(*Route)(nil),              // 19: hashicorp.consul.mesh.v1alpha1.Route
+	(*Endpoints)(nil),          // 20: hashicorp.consul.mesh.v1alpha1.Endpoints
+	(*LeafCertificate)(nil),    // 21: hashicorp.consul.mesh.v1alpha1.LeafCertificate
+	(*TrustBundle)(nil),        // 22: hashicorp.consul.mesh.v1alpha1.TrustBundle
+}
+var file_pbmesh_v1alpha1_proxy_state_proto_depIdxs = []int32{
+	1,  // 0: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.proxy_state:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState
+	2,  // 1: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.required_endpoints:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredEndpointsEntry
+	3,  // 2: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.required_leaf_certificates:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredLeafCertificatesEntry
+	4,  // 3: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.required_trust_bundles:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredTrustBundlesEntry
+	10, // 4: hashicorp.consul.mesh.v1alpha1.ProxyState.id:type_name -> hashicorp.consul.resource.ID
+	11, // 5: hashicorp.consul.mesh.v1alpha1.ProxyState.listeners:type_name -> hashicorp.consul.mesh.v1alpha1.Listener
+	5,  // 6: hashicorp.consul.mesh.v1alpha1.ProxyState.clusters:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.ClustersEntry
+	6,  // 7: hashicorp.consul.mesh.v1alpha1.ProxyState.routes:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.RoutesEntry
+	7,  // 8: hashicorp.consul.mesh.v1alpha1.ProxyState.endpoints:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.EndpointsEntry
+	8,  // 9: hashicorp.consul.mesh.v1alpha1.ProxyState.leaf_certificates:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.LeafCertificatesEntry
+	9,  // 10: hashicorp.consul.mesh.v1alpha1.ProxyState.trust_bundles:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.TrustBundlesEntry
+	12, // 11: hashicorp.consul.mesh.v1alpha1.ProxyState.tls:type_name -> hashicorp.consul.mesh.v1alpha1.TLS
+	13, // 12: hashicorp.consul.mesh.v1alpha1.ProxyState.escape:type_name -> hashicorp.consul.mesh.v1alpha1.EscapeHatches
+	14, // 13: hashicorp.consul.mesh.v1alpha1.ProxyState.access_logs:type_name -> hashicorp.consul.mesh.v1alpha1.AccessLogs
+	15, // 14: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredEndpointsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.EndpointRef
+	16, // 15: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredLeafCertificatesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.LeafCertificateRef
+	17, // 16: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredTrustBundlesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.TrustBundleRef
+	18, // 17: hashicorp.consul.mesh.v1alpha1.ProxyState.ClustersEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.Cluster
+	19, // 18: hashicorp.consul.mesh.v1alpha1.ProxyState.RoutesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.Route
+	20, // 19: hashicorp.consul.mesh.v1alpha1.ProxyState.EndpointsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.Endpoints
+	21, // 20: hashicorp.consul.mesh.v1alpha1.ProxyState.LeafCertificatesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.LeafCertificate
+	22, // 21: hashicorp.consul.mesh.v1alpha1.ProxyState.TrustBundlesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.TrustBundle
+	22, // [22:22] is the sub-list for method output_type
+	22, // [22:22] is the sub-list for method input_type
+	22, // [22:22] is the sub-list for extension type_name
+	22, // [22:22] is the sub-list for extension extendee
+	0,  // [0:22] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_proxy_state_proto_init() }
+func file_pbmesh_v1alpha1_proxy_state_proto_init() {
+	if File_pbmesh_v1alpha1_proxy_state_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_access_logs_proto_init()
+	file_pbmesh_v1alpha1_cluster_proto_init()
+	file_pbmesh_v1alpha1_endpoints_proto_init()
+	file_pbmesh_v1alpha1_escape_hatches_proto_init()
+	file_pbmesh_v1alpha1_listener_proto_init()
+	file_pbmesh_v1alpha1_references_proto_init()
+	file_pbmesh_v1alpha1_route_proto_init()
+	file_pbmesh_v1alpha1_transport_socket_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ProxyStateTemplate); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ProxyState); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_proxy_state_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   10,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_proxy_state_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_proxy_state_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_proxy_state_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_proxy_state_proto = out.File
+	file_pbmesh_v1alpha1_proxy_state_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_proxy_state_proto_goTypes = nil
+	file_pbmesh_v1alpha1_proxy_state_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.proto b/proto-public/pbmesh/v1alpha1/proxy_state.proto
new file mode 100644
index 000000000000..5c0ccc5c050e
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.proto
@@ -0,0 +1,55 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "pbmesh/v1alpha1/access_logs.proto";
+import "pbmesh/v1alpha1/cluster.proto";
+import "pbmesh/v1alpha1/endpoints.proto";
+import "pbmesh/v1alpha1/escape_hatches.proto";
+import "pbmesh/v1alpha1/listener.proto";
+import "pbmesh/v1alpha1/references.proto";
+import "pbmesh/v1alpha1/route.proto";
+import "pbmesh/v1alpha1/transport_socket.proto";
+import "pbresource/resource.proto";
+
+message ProxyStateTemplate {
+  // proxy_state is the partially filled out ProxyState resource. The Endpoints, LeafCertificates and TrustBundles fields will need filling in after the resource is stored.
+  ProxyState proxy_state = 1;
+
+  // required_endpoints is a map of arbitrary string names to endpoint refs that need fetching by the proxy state controller.
+  map<string, EndpointRef> required_endpoints = 2;
+
+  // required_leaf_certificates is a map of arbitrary string names to leaf certificates that need fetching/generation by the proxy state controller.
+  map<string, LeafCertificateRef> required_leaf_certificates = 3;
+
+  // required_trust_bundles is a map of arbitrary string names to trust bundle refs that need fetching by the proxy state controller.
+  map<string, TrustBundleRef> required_trust_bundles = 4;
+}
+
+message ProxyState {
+  // id is this proxy's ID.
+  hashicorp.consul.resource.ID id = 1;
+  // listeners is a list of listeners for this proxy.
+  repeated Listener listeners = 2;
+  // clusters is a map from cluster name to clusters. The keys are referenced from listeners or routes.
+  map<string, Cluster> clusters = 3;
+  // routes is a map from route name to routes. The keys are referenced from listeners.
+  map<string, Route> routes = 4;
+  // endpoints is a map from cluster name to endpoints.
+  map<string, Endpoints> endpoints = 5;
+  // leaf certificates is a map from UUID to leaf certificates.
+  map<string, LeafCertificate> leaf_certificates = 6;
+  // trust bundles is a map from peer name to trust bundles.
+  map<string, TrustBundle> trust_bundles = 7;
+  // tls has TLS configuration for this proxy.
+  TLS tls = 8;
+  // intention_default_allow is the default action for intentions. This determines how the Envoy RBAC filters are generated.
+  bool intention_default_allow = 9;
+  // escape defines top level escape hatches. These are user configured json strings that configure an entire piece of listener or cluster Envoy configuration.
+  EscapeHatches escape = 10;
+  // access_logs configures access logging for this proxy.
+  AccessLogs access_logs = 11;
+}
diff --git a/proto-public/pbmesh/v1alpha1/references.pb.binary.go b/proto-public/pbmesh/v1alpha1/references.pb.binary.go
new file mode 100644
index 000000000000..d8193e451681
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/references.pb.binary.go
@@ -0,0 +1,38 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/references.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *LeafCertificateRef) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *LeafCertificateRef) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *TrustBundleRef) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *TrustBundleRef) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *EndpointRef) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *EndpointRef) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/references.pb.go b/proto-public/pbmesh/v1alpha1/references.pb.go
new file mode 100644
index 000000000000..e5abca5110b3
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/references.pb.go
@@ -0,0 +1,365 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/references.proto
+
+package meshv1alpha1
+
+import (
+	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type LeafCertificateRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name       string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Namespace  string   `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
+	Partition  string   `protobuf:"bytes,3,opt,name=partition,proto3" json:"partition,omitempty"`
+	Host       string   `protobuf:"bytes,4,opt,name=host,proto3" json:"host,omitempty"`
+	Datacenter string   `protobuf:"bytes,5,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
+	DnsSan     []string `protobuf:"bytes,6,rep,name=dns_san,json=dnsSan,proto3" json:"dns_san,omitempty"`
+}
+
+func (x *LeafCertificateRef) Reset() {
+	*x = LeafCertificateRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LeafCertificateRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LeafCertificateRef) ProtoMessage() {}
+
+func (x *LeafCertificateRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LeafCertificateRef.ProtoReflect.Descriptor instead.
+func (*LeafCertificateRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_references_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *LeafCertificateRef) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *LeafCertificateRef) GetNamespace() string {
+	if x != nil {
+		return x.Namespace
+	}
+	return ""
+}
+
+func (x *LeafCertificateRef) GetPartition() string {
+	if x != nil {
+		return x.Partition
+	}
+	return ""
+}
+
+func (x *LeafCertificateRef) GetHost() string {
+	if x != nil {
+		return x.Host
+	}
+	return ""
+}
+
+func (x *LeafCertificateRef) GetDatacenter() string {
+	if x != nil {
+		return x.Datacenter
+	}
+	return ""
+}
+
+func (x *LeafCertificateRef) GetDnsSan() []string {
+	if x != nil {
+		return x.DnsSan
+	}
+	return nil
+}
+
+type TrustBundleRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Peer        string `protobuf:"bytes,1,opt,name=peer,proto3" json:"peer,omitempty"`
+	TrustDomain string `protobuf:"bytes,2,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
+}
+
+func (x *TrustBundleRef) Reset() {
+	*x = TrustBundleRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TrustBundleRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TrustBundleRef) ProtoMessage() {}
+
+func (x *TrustBundleRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TrustBundleRef.ProtoReflect.Descriptor instead.
+func (*TrustBundleRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_references_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *TrustBundleRef) GetPeer() string {
+	if x != nil {
+		return x.Peer
+	}
+	return ""
+}
+
+func (x *TrustBundleRef) GetTrustDomain() string {
+	if x != nil {
+		return x.TrustDomain
+	}
+	return ""
+}
+
+type EndpointRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// id is the ServiceEndpoints resource id.
+	Id *pbresource.ID `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	// port is the name of the port in the ServiceEndpoints to generate the Endpoints from.
+	Port string `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
+}
+
+func (x *EndpointRef) Reset() {
+	*x = EndpointRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EndpointRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EndpointRef) ProtoMessage() {}
+
+func (x *EndpointRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EndpointRef.ProtoReflect.Descriptor instead.
+func (*EndpointRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_references_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *EndpointRef) GetId() *pbresource.ID {
+	if x != nil {
+		return x.Id
+	}
+	return nil
+}
+
+func (x *EndpointRef) GetPort() string {
+	if x != nil {
+		return x.Port
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_references_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_references_proto_rawDesc = []byte{
+	0x0a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x1a, 0x19, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x72,
+	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb1, 0x01,
+	0x0a, 0x12, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x52, 0x65, 0x66, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65,
+	0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d,
+	0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61,
+	0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x61,
+	0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x17, 0x0a, 0x07, 0x64, 0x6e, 0x73, 0x5f,
+	0x73, 0x61, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6e, 0x73, 0x53, 0x61,
+	0x6e, 0x22, 0x47, 0x0a, 0x0e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65,
+	0x52, 0x65, 0x66, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x65, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x70, 0x65, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74,
+	0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x74,
+	0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x22, 0x50, 0x0a, 0x0b, 0x45, 0x6e,
+	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x12, 0x2d, 0x0a, 0x02, 0x69, 0x64, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x2e, 0x49, 0x44, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x97, 0x02, 0x0a,
+	0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x42, 0x0f, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
+	0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63,
+	0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03,
+	0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
+	0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_references_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_references_proto_rawDescData = file_pbmesh_v1alpha1_references_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_references_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_references_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_references_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_references_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_references_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_references_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
+var file_pbmesh_v1alpha1_references_proto_goTypes = []interface{}{
+	(*LeafCertificateRef)(nil), // 0: hashicorp.consul.mesh.v1alpha1.LeafCertificateRef
+	(*TrustBundleRef)(nil),     // 1: hashicorp.consul.mesh.v1alpha1.TrustBundleRef
+	(*EndpointRef)(nil),        // 2: hashicorp.consul.mesh.v1alpha1.EndpointRef
+	(*pbresource.ID)(nil),      // 3: hashicorp.consul.resource.ID
+}
+var file_pbmesh_v1alpha1_references_proto_depIdxs = []int32{
+	3, // 0: hashicorp.consul.mesh.v1alpha1.EndpointRef.id:type_name -> hashicorp.consul.resource.ID
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_references_proto_init() }
+func file_pbmesh_v1alpha1_references_proto_init() {
+	if File_pbmesh_v1alpha1_references_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_references_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LeafCertificateRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_references_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TrustBundleRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_references_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EndpointRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_references_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   3,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_references_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_references_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_references_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_references_proto = out.File
+	file_pbmesh_v1alpha1_references_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_references_proto_goTypes = nil
+	file_pbmesh_v1alpha1_references_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/references.proto b/proto-public/pbmesh/v1alpha1/references.proto
new file mode 100644
index 000000000000..13d4116cbc30
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/references.proto
@@ -0,0 +1,29 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "pbresource/resource.proto";
+
+message LeafCertificateRef {
+  string name = 1;
+  string namespace = 2;
+  string partition = 3;
+  string host = 4;
+  string datacenter = 5;
+  repeated string dns_san = 6;
+}
+
+message TrustBundleRef {
+  string peer = 1;
+  string trust_domain = 2;
+}
+
+message EndpointRef {
+  // id is the ServiceEndpoints resource id.
+  hashicorp.consul.resource.ID id = 1;
+  // port is the name of the port in the ServiceEndpoints to generate the Endpoints from.
+  string port = 2;
+}
diff --git a/proto-public/pbmesh/v1alpha1/route.pb.binary.go b/proto-public/pbmesh/v1alpha1/route.pb.binary.go
new file mode 100644
index 000000000000..f50de72dc287
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/route.pb.binary.go
@@ -0,0 +1,178 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/route.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *Route) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *Route) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *VirtualHost) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *VirtualHost) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *RouteRule) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *RouteRule) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *RouteMatch) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *RouteMatch) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *PathMatch) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *PathMatch) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *QueryParameterMatch) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *QueryParameterMatch) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HeaderMatch) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HeaderMatch) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *RouteDestination) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *RouteDestination) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *DestinationConfiguration) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *DestinationConfiguration) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *RetryPolicy) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *RetryPolicy) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *TimeoutConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *TimeoutConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *LoadBalancerHashPolicy) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *LoadBalancerHashPolicy) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *CookiePolicy) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *CookiePolicy) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HeaderPolicy) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HeaderPolicy) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *QueryParameterPolicy) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *QueryParameterPolicy) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *ConnectionPropertiesPolicy) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *ConnectionPropertiesPolicy) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *DestinationCluster) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *DestinationCluster) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/route.pb.go b/proto-public/pbmesh/v1alpha1/route.pb.go
new file mode 100644
index 000000000000..2fe192a4ecd5
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/route.pb.go
@@ -0,0 +1,1879 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/route.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
+	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type Route struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name is the name of the route.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// virtual_hosts is a list of virtual hosts. A virtual host is selected based on an incoming request's host header.
+	VirtualHosts []*VirtualHost `protobuf:"bytes,2,rep,name=virtual_hosts,json=virtualHosts,proto3" json:"virtual_hosts,omitempty"`
+}
+
+func (x *Route) Reset() {
+	*x = Route{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Route) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Route) ProtoMessage() {}
+
+func (x *Route) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Route.ProtoReflect.Descriptor instead.
+func (*Route) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Route) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Route) GetVirtualHosts() []*VirtualHost {
+	if x != nil {
+		return x.VirtualHosts
+	}
+	return nil
+}
+
+type VirtualHost struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// domains are used to match an incoming request's host header and determine which virtual host to use.
+	Domains []string `protobuf:"bytes,2,rep,name=domains,proto3" json:"domains,omitempty"`
+	// header_mutations to apply to the request when it matches this virtual host. These are applied after any headers in
+	// the RouteRule.
+	HeaderMutations []*HeaderMutation `protobuf:"bytes,3,rep,name=header_mutations,json=headerMutations,proto3" json:"header_mutations,omitempty"`
+	// route_rules are a list of rules to use for what to do next with this request. The first rule with a match will be
+	// used.
+	RouteRules []*RouteRule `protobuf:"bytes,4,rep,name=route_rules,json=routeRules,proto3" json:"route_rules,omitempty"`
+}
+
+func (x *VirtualHost) Reset() {
+	*x = VirtualHost{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *VirtualHost) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VirtualHost) ProtoMessage() {}
+
+func (x *VirtualHost) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VirtualHost.ProtoReflect.Descriptor instead.
+func (*VirtualHost) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *VirtualHost) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *VirtualHost) GetDomains() []string {
+	if x != nil {
+		return x.Domains
+	}
+	return nil
+}
+
+func (x *VirtualHost) GetHeaderMutations() []*HeaderMutation {
+	if x != nil {
+		return x.HeaderMutations
+	}
+	return nil
+}
+
+func (x *VirtualHost) GetRouteRules() []*RouteRule {
+	if x != nil {
+		return x.RouteRules
+	}
+	return nil
+}
+
+type RouteRule struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// match determines how to match the request. The first match determines which destination the request will go to.
+	Match *RouteMatch `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"`
+	// destination is where to send the request to.
+	Destination *RouteDestination `protobuf:"bytes,2,opt,name=destination,proto3" json:"destination,omitempty"`
+	// header_mutations to apply to the request. These are applied before the VirtualHost header mutations.
+	HeaderMutations []*HeaderMutation `protobuf:"bytes,3,rep,name=header_mutations,json=headerMutations,proto3" json:"header_mutations,omitempty"`
+}
+
+func (x *RouteRule) Reset() {
+	*x = RouteRule{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RouteRule) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RouteRule) ProtoMessage() {}
+
+func (x *RouteRule) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RouteRule.ProtoReflect.Descriptor instead.
+func (*RouteRule) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *RouteRule) GetMatch() *RouteMatch {
+	if x != nil {
+		return x.Match
+	}
+	return nil
+}
+
+func (x *RouteRule) GetDestination() *RouteDestination {
+	if x != nil {
+		return x.Destination
+	}
+	return nil
+}
+
+func (x *RouteRule) GetHeaderMutations() []*HeaderMutation {
+	if x != nil {
+		return x.HeaderMutations
+	}
+	return nil
+}
+
+// RouteMatch has configuration to match a request.
+type RouteMatch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	PathMatch             *PathMatch             `protobuf:"bytes,1,opt,name=path_match,json=pathMatch,proto3" json:"path_match,omitempty"`
+	HeaderMatches         []*HeaderMatch         `protobuf:"bytes,2,rep,name=header_matches,json=headerMatches,proto3" json:"header_matches,omitempty"`
+	MethodMatches         []string               `protobuf:"bytes,3,rep,name=method_matches,json=methodMatches,proto3" json:"method_matches,omitempty"`
+	QueryParameterMatches []*QueryParameterMatch `protobuf:"bytes,4,rep,name=query_parameter_matches,json=queryParameterMatches,proto3" json:"query_parameter_matches,omitempty"`
+}
+
+func (x *RouteMatch) Reset() {
+	*x = RouteMatch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RouteMatch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RouteMatch) ProtoMessage() {}
+
+func (x *RouteMatch) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RouteMatch.ProtoReflect.Descriptor instead.
+func (*RouteMatch) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *RouteMatch) GetPathMatch() *PathMatch {
+	if x != nil {
+		return x.PathMatch
+	}
+	return nil
+}
+
+func (x *RouteMatch) GetHeaderMatches() []*HeaderMatch {
+	if x != nil {
+		return x.HeaderMatches
+	}
+	return nil
+}
+
+func (x *RouteMatch) GetMethodMatches() []string {
+	if x != nil {
+		return x.MethodMatches
+	}
+	return nil
+}
+
+func (x *RouteMatch) GetQueryParameterMatches() []*QueryParameterMatch {
+	if x != nil {
+		return x.QueryParameterMatches
+	}
+	return nil
+}
+
+type PathMatch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to PathMatch:
+	//
+	//	*PathMatch_Exact
+	//	*PathMatch_Prefix
+	//	*PathMatch_Regex
+	PathMatch isPathMatch_PathMatch `protobuf_oneof:"path_match"`
+}
+
+func (x *PathMatch) Reset() {
+	*x = PathMatch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *PathMatch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PathMatch) ProtoMessage() {}
+
+func (x *PathMatch) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use PathMatch.ProtoReflect.Descriptor instead.
+func (*PathMatch) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{4}
+}
+
+func (m *PathMatch) GetPathMatch() isPathMatch_PathMatch {
+	if m != nil {
+		return m.PathMatch
+	}
+	return nil
+}
+
+func (x *PathMatch) GetExact() string {
+	if x, ok := x.GetPathMatch().(*PathMatch_Exact); ok {
+		return x.Exact
+	}
+	return ""
+}
+
+func (x *PathMatch) GetPrefix() string {
+	if x, ok := x.GetPathMatch().(*PathMatch_Prefix); ok {
+		return x.Prefix
+	}
+	return ""
+}
+
+func (x *PathMatch) GetRegex() string {
+	if x, ok := x.GetPathMatch().(*PathMatch_Regex); ok {
+		return x.Regex
+	}
+	return ""
+}
+
+type isPathMatch_PathMatch interface {
+	isPathMatch_PathMatch()
+}
+
+type PathMatch_Exact struct {
+	Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"`
+}
+
+type PathMatch_Prefix struct {
+	Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"`
+}
+
+type PathMatch_Regex struct {
+	Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"`
+}
+
+func (*PathMatch_Exact) isPathMatch_PathMatch() {}
+
+func (*PathMatch_Prefix) isPathMatch_PathMatch() {}
+
+func (*PathMatch_Regex) isPathMatch_PathMatch() {}
+
+type QueryParameterMatch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Types that are assignable to Match:
+	//
+	//	*QueryParameterMatch_Exact
+	//	*QueryParameterMatch_Regex
+	//	*QueryParameterMatch_Present
+	Match isQueryParameterMatch_Match `protobuf_oneof:"match"`
+}
+
+func (x *QueryParameterMatch) Reset() {
+	*x = QueryParameterMatch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *QueryParameterMatch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*QueryParameterMatch) ProtoMessage() {}
+
+func (x *QueryParameterMatch) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use QueryParameterMatch.ProtoReflect.Descriptor instead.
+func (*QueryParameterMatch) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *QueryParameterMatch) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (m *QueryParameterMatch) GetMatch() isQueryParameterMatch_Match {
+	if m != nil {
+		return m.Match
+	}
+	return nil
+}
+
+func (x *QueryParameterMatch) GetExact() string {
+	if x, ok := x.GetMatch().(*QueryParameterMatch_Exact); ok {
+		return x.Exact
+	}
+	return ""
+}
+
+func (x *QueryParameterMatch) GetRegex() string {
+	if x, ok := x.GetMatch().(*QueryParameterMatch_Regex); ok {
+		return x.Regex
+	}
+	return ""
+}
+
+func (x *QueryParameterMatch) GetPresent() bool {
+	if x, ok := x.GetMatch().(*QueryParameterMatch_Present); ok {
+		return x.Present
+	}
+	return false
+}
+
+type isQueryParameterMatch_Match interface {
+	isQueryParameterMatch_Match()
+}
+
+type QueryParameterMatch_Exact struct {
+	Exact string `protobuf:"bytes,2,opt,name=exact,proto3,oneof"`
+}
+
+type QueryParameterMatch_Regex struct {
+	Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"`
+}
+
+type QueryParameterMatch_Present struct {
+	Present bool `protobuf:"varint,4,opt,name=present,proto3,oneof"`
+}
+
+func (*QueryParameterMatch_Exact) isQueryParameterMatch_Match() {}
+
+func (*QueryParameterMatch_Regex) isQueryParameterMatch_Match() {}
+
+func (*QueryParameterMatch_Present) isQueryParameterMatch_Match() {}
+
+type HeaderMatch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Types that are assignable to Match:
+	//
+	//	*HeaderMatch_Exact
+	//	*HeaderMatch_Prefix
+	//	*HeaderMatch_Suffix
+	//	*HeaderMatch_Regex
+	//	*HeaderMatch_Present
+	Match       isHeaderMatch_Match `protobuf_oneof:"match"`
+	InvertMatch bool                `protobuf:"varint,7,opt,name=invert_match,json=invertMatch,proto3" json:"invert_match,omitempty"`
+}
+
+func (x *HeaderMatch) Reset() {
+	*x = HeaderMatch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HeaderMatch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HeaderMatch) ProtoMessage() {}
+
+func (x *HeaderMatch) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HeaderMatch.ProtoReflect.Descriptor instead.
+func (*HeaderMatch) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *HeaderMatch) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (m *HeaderMatch) GetMatch() isHeaderMatch_Match {
+	if m != nil {
+		return m.Match
+	}
+	return nil
+}
+
+func (x *HeaderMatch) GetExact() string {
+	if x, ok := x.GetMatch().(*HeaderMatch_Exact); ok {
+		return x.Exact
+	}
+	return ""
+}
+
+func (x *HeaderMatch) GetPrefix() string {
+	if x, ok := x.GetMatch().(*HeaderMatch_Prefix); ok {
+		return x.Prefix
+	}
+	return ""
+}
+
+func (x *HeaderMatch) GetSuffix() string {
+	if x, ok := x.GetMatch().(*HeaderMatch_Suffix); ok {
+		return x.Suffix
+	}
+	return ""
+}
+
+func (x *HeaderMatch) GetRegex() string {
+	if x, ok := x.GetMatch().(*HeaderMatch_Regex); ok {
+		return x.Regex
+	}
+	return ""
+}
+
+func (x *HeaderMatch) GetPresent() bool {
+	if x, ok := x.GetMatch().(*HeaderMatch_Present); ok {
+		return x.Present
+	}
+	return false
+}
+
+func (x *HeaderMatch) GetInvertMatch() bool {
+	if x != nil {
+		return x.InvertMatch
+	}
+	return false
+}
+
+type isHeaderMatch_Match interface {
+	isHeaderMatch_Match()
+}
+
+type HeaderMatch_Exact struct {
+	Exact string `protobuf:"bytes,2,opt,name=exact,proto3,oneof"`
+}
+
+type HeaderMatch_Prefix struct {
+	Prefix string `protobuf:"bytes,3,opt,name=prefix,proto3,oneof"`
+}
+
+type HeaderMatch_Suffix struct {
+	Suffix string `protobuf:"bytes,4,opt,name=suffix,proto3,oneof"`
+}
+
+type HeaderMatch_Regex struct {
+	Regex string `protobuf:"bytes,5,opt,name=regex,proto3,oneof"`
+}
+
+type HeaderMatch_Present struct {
+	Present bool `protobuf:"varint,6,opt,name=present,proto3,oneof"`
+}
+
+func (*HeaderMatch_Exact) isHeaderMatch_Match() {}
+
+func (*HeaderMatch_Prefix) isHeaderMatch_Match() {}
+
+func (*HeaderMatch_Suffix) isHeaderMatch_Match() {}
+
+func (*HeaderMatch_Regex) isHeaderMatch_Match() {}
+
+func (*HeaderMatch_Present) isHeaderMatch_Match() {}
+
+// RouteDestination has configuration for where to send a request.
+type RouteDestination struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// destination is one or more clusters to route to.
+	//
+	// Types that are assignable to Destination:
+	//
+	//	*RouteDestination_Cluster
+	//	*RouteDestination_WeightedClusters
+	Destination              isRouteDestination_Destination `protobuf_oneof:"destination"`
+	DestinationConfiguration *DestinationConfiguration      `protobuf:"bytes,3,opt,name=destination_configuration,json=destinationConfiguration,proto3" json:"destination_configuration,omitempty"`
+}
+
+func (x *RouteDestination) Reset() {
+	*x = RouteDestination{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RouteDestination) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RouteDestination) ProtoMessage() {}
+
+func (x *RouteDestination) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RouteDestination.ProtoReflect.Descriptor instead.
+func (*RouteDestination) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{7}
+}
+
+func (m *RouteDestination) GetDestination() isRouteDestination_Destination {
+	if m != nil {
+		return m.Destination
+	}
+	return nil
+}
+
+func (x *RouteDestination) GetCluster() *DestinationCluster {
+	if x, ok := x.GetDestination().(*RouteDestination_Cluster); ok {
+		return x.Cluster
+	}
+	return nil
+}
+
+func (x *RouteDestination) GetWeightedClusters() *L7WeightedClusterGroup {
+	if x, ok := x.GetDestination().(*RouteDestination_WeightedClusters); ok {
+		return x.WeightedClusters
+	}
+	return nil
+}
+
+func (x *RouteDestination) GetDestinationConfiguration() *DestinationConfiguration {
+	if x != nil {
+		return x.DestinationConfiguration
+	}
+	return nil
+}
+
+type isRouteDestination_Destination interface {
+	isRouteDestination_Destination()
+}
+
+type RouteDestination_Cluster struct {
+	Cluster *DestinationCluster `protobuf:"bytes,1,opt,name=cluster,proto3,oneof"`
+}
+
+type RouteDestination_WeightedClusters struct {
+	WeightedClusters *L7WeightedClusterGroup `protobuf:"bytes,2,opt,name=weighted_clusters,json=weightedClusters,proto3,oneof"`
+}
+
+func (*RouteDestination_Cluster) isRouteDestination_Destination() {}
+
+func (*RouteDestination_WeightedClusters) isRouteDestination_Destination() {}
+
+type DestinationConfiguration struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AutoHostRewrite *wrapperspb.BoolValue     `protobuf:"bytes,1,opt,name=auto_host_rewrite,json=autoHostRewrite,proto3" json:"auto_host_rewrite,omitempty"`
+	HashPolicies    []*LoadBalancerHashPolicy `protobuf:"bytes,2,rep,name=hash_policies,json=hashPolicies,proto3" json:"hash_policies,omitempty"`
+	TimeoutConfig   *TimeoutConfig            `protobuf:"bytes,3,opt,name=timeout_config,json=timeoutConfig,proto3" json:"timeout_config,omitempty"`
+	PrefixRewrite   string                    `protobuf:"bytes,4,opt,name=prefix_rewrite,json=prefixRewrite,proto3" json:"prefix_rewrite,omitempty"`
+	RetryPolicy     *RetryPolicy              `protobuf:"bytes,5,opt,name=retry_policy,json=retryPolicy,proto3" json:"retry_policy,omitempty"`
+}
+
+func (x *DestinationConfiguration) Reset() {
+	*x = DestinationConfiguration{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DestinationConfiguration) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DestinationConfiguration) ProtoMessage() {}
+
+func (x *DestinationConfiguration) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DestinationConfiguration.ProtoReflect.Descriptor instead.
+func (*DestinationConfiguration) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *DestinationConfiguration) GetAutoHostRewrite() *wrapperspb.BoolValue {
+	if x != nil {
+		return x.AutoHostRewrite
+	}
+	return nil
+}
+
+func (x *DestinationConfiguration) GetHashPolicies() []*LoadBalancerHashPolicy {
+	if x != nil {
+		return x.HashPolicies
+	}
+	return nil
+}
+
+func (x *DestinationConfiguration) GetTimeoutConfig() *TimeoutConfig {
+	if x != nil {
+		return x.TimeoutConfig
+	}
+	return nil
+}
+
+func (x *DestinationConfiguration) GetPrefixRewrite() string {
+	if x != nil {
+		return x.PrefixRewrite
+	}
+	return ""
+}
+
+func (x *DestinationConfiguration) GetRetryPolicy() *RetryPolicy {
+	if x != nil {
+		return x.RetryPolicy
+	}
+	return nil
+}
+
+type RetryPolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	RetryOn              string                  `protobuf:"bytes,1,opt,name=retry_on,json=retryOn,proto3" json:"retry_on,omitempty"`
+	NumRetries           *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=num_retries,json=numRetries,proto3" json:"num_retries,omitempty"`
+	RetriableStatusCodes []uint32                `protobuf:"varint,3,rep,packed,name=retriable_status_codes,json=retriableStatusCodes,proto3" json:"retriable_status_codes,omitempty"`
+}
+
+func (x *RetryPolicy) Reset() {
+	*x = RetryPolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RetryPolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RetryPolicy) ProtoMessage() {}
+
+func (x *RetryPolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RetryPolicy.ProtoReflect.Descriptor instead.
+func (*RetryPolicy) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *RetryPolicy) GetRetryOn() string {
+	if x != nil {
+		return x.RetryOn
+	}
+	return ""
+}
+
+func (x *RetryPolicy) GetNumRetries() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.NumRetries
+	}
+	return nil
+}
+
+func (x *RetryPolicy) GetRetriableStatusCodes() []uint32 {
+	if x != nil {
+		return x.RetriableStatusCodes
+	}
+	return nil
+}
+
+type TimeoutConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Timeout     *durationpb.Duration `protobuf:"bytes,1,opt,name=timeout,proto3" json:"timeout,omitempty"`
+	IdleTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"`
+}
+
+func (x *TimeoutConfig) Reset() {
+	*x = TimeoutConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TimeoutConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TimeoutConfig) ProtoMessage() {}
+
+func (x *TimeoutConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TimeoutConfig.ProtoReflect.Descriptor instead.
+func (*TimeoutConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *TimeoutConfig) GetTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.Timeout
+	}
+	return nil
+}
+
+func (x *TimeoutConfig) GetIdleTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.IdleTimeout
+	}
+	return nil
+}
+
+type LoadBalancerHashPolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Policy:
+	//
+	//	*LoadBalancerHashPolicy_Cookie
+	//	*LoadBalancerHashPolicy_Header
+	//	*LoadBalancerHashPolicy_QueryParameter
+	//	*LoadBalancerHashPolicy_ConnectionProperties
+	Policy isLoadBalancerHashPolicy_Policy `protobuf_oneof:"policy"`
+}
+
+func (x *LoadBalancerHashPolicy) Reset() {
+	*x = LoadBalancerHashPolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LoadBalancerHashPolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LoadBalancerHashPolicy) ProtoMessage() {}
+
+func (x *LoadBalancerHashPolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LoadBalancerHashPolicy.ProtoReflect.Descriptor instead.
+func (*LoadBalancerHashPolicy) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{11}
+}
+
+func (m *LoadBalancerHashPolicy) GetPolicy() isLoadBalancerHashPolicy_Policy {
+	if m != nil {
+		return m.Policy
+	}
+	return nil
+}
+
+func (x *LoadBalancerHashPolicy) GetCookie() *CookiePolicy {
+	if x, ok := x.GetPolicy().(*LoadBalancerHashPolicy_Cookie); ok {
+		return x.Cookie
+	}
+	return nil
+}
+
+func (x *LoadBalancerHashPolicy) GetHeader() *HeaderPolicy {
+	if x, ok := x.GetPolicy().(*LoadBalancerHashPolicy_Header); ok {
+		return x.Header
+	}
+	return nil
+}
+
+func (x *LoadBalancerHashPolicy) GetQueryParameter() *QueryParameterPolicy {
+	if x, ok := x.GetPolicy().(*LoadBalancerHashPolicy_QueryParameter); ok {
+		return x.QueryParameter
+	}
+	return nil
+}
+
+func (x *LoadBalancerHashPolicy) GetConnectionProperties() *ConnectionPropertiesPolicy {
+	if x, ok := x.GetPolicy().(*LoadBalancerHashPolicy_ConnectionProperties); ok {
+		return x.ConnectionProperties
+	}
+	return nil
+}
+
+type isLoadBalancerHashPolicy_Policy interface {
+	isLoadBalancerHashPolicy_Policy()
+}
+
+type LoadBalancerHashPolicy_Cookie struct {
+	Cookie *CookiePolicy `protobuf:"bytes,1,opt,name=cookie,proto3,oneof"`
+}
+
+type LoadBalancerHashPolicy_Header struct {
+	Header *HeaderPolicy `protobuf:"bytes,2,opt,name=header,proto3,oneof"`
+}
+
+type LoadBalancerHashPolicy_QueryParameter struct {
+	QueryParameter *QueryParameterPolicy `protobuf:"bytes,3,opt,name=query_parameter,json=queryParameter,proto3,oneof"`
+}
+
+type LoadBalancerHashPolicy_ConnectionProperties struct {
+	ConnectionProperties *ConnectionPropertiesPolicy `protobuf:"bytes,4,opt,name=connection_properties,json=connectionProperties,proto3,oneof"`
+}
+
+func (*LoadBalancerHashPolicy_Cookie) isLoadBalancerHashPolicy_Policy() {}
+
+func (*LoadBalancerHashPolicy_Header) isLoadBalancerHashPolicy_Policy() {}
+
+func (*LoadBalancerHashPolicy_QueryParameter) isLoadBalancerHashPolicy_Policy() {}
+
+func (*LoadBalancerHashPolicy_ConnectionProperties) isLoadBalancerHashPolicy_Policy() {}
+
+type CookiePolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name     string               `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Ttl      *durationpb.Duration `protobuf:"bytes,2,opt,name=ttl,proto3" json:"ttl,omitempty"`
+	Path     string               `protobuf:"bytes,3,opt,name=path,proto3" json:"path,omitempty"`
+	Terminal bool                 `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
+}
+
+func (x *CookiePolicy) Reset() {
+	*x = CookiePolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[12]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CookiePolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CookiePolicy) ProtoMessage() {}
+
+func (x *CookiePolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[12]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CookiePolicy.ProtoReflect.Descriptor instead.
+func (*CookiePolicy) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *CookiePolicy) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *CookiePolicy) GetTtl() *durationpb.Duration {
+	if x != nil {
+		return x.Ttl
+	}
+	return nil
+}
+
+func (x *CookiePolicy) GetPath() string {
+	if x != nil {
+		return x.Path
+	}
+	return ""
+}
+
+func (x *CookiePolicy) GetTerminal() bool {
+	if x != nil {
+		return x.Terminal
+	}
+	return false
+}
+
+type HeaderPolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name     string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Terminal bool   `protobuf:"varint,2,opt,name=terminal,proto3" json:"terminal,omitempty"`
+}
+
+func (x *HeaderPolicy) Reset() {
+	*x = HeaderPolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[13]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HeaderPolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HeaderPolicy) ProtoMessage() {}
+
+func (x *HeaderPolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[13]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HeaderPolicy.ProtoReflect.Descriptor instead.
+func (*HeaderPolicy) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *HeaderPolicy) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *HeaderPolicy) GetTerminal() bool {
+	if x != nil {
+		return x.Terminal
+	}
+	return false
+}
+
+type QueryParameterPolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name     string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Terminal bool   `protobuf:"varint,2,opt,name=terminal,proto3" json:"terminal,omitempty"`
+}
+
+func (x *QueryParameterPolicy) Reset() {
+	*x = QueryParameterPolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[14]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *QueryParameterPolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*QueryParameterPolicy) ProtoMessage() {}
+
+func (x *QueryParameterPolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[14]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use QueryParameterPolicy.ProtoReflect.Descriptor instead.
+func (*QueryParameterPolicy) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{14}
+}
+
+func (x *QueryParameterPolicy) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *QueryParameterPolicy) GetTerminal() bool {
+	if x != nil {
+		return x.Terminal
+	}
+	return false
+}
+
+type ConnectionPropertiesPolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	SourceIp bool `protobuf:"varint,1,opt,name=source_ip,json=sourceIp,proto3" json:"source_ip,omitempty"`
+	Terminal bool `protobuf:"varint,2,opt,name=terminal,proto3" json:"terminal,omitempty"`
+}
+
+func (x *ConnectionPropertiesPolicy) Reset() {
+	*x = ConnectionPropertiesPolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[15]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ConnectionPropertiesPolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ConnectionPropertiesPolicy) ProtoMessage() {}
+
+func (x *ConnectionPropertiesPolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[15]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ConnectionPropertiesPolicy.ProtoReflect.Descriptor instead.
+func (*ConnectionPropertiesPolicy) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{15}
+}
+
+func (x *ConnectionPropertiesPolicy) GetSourceIp() bool {
+	if x != nil {
+		return x.SourceIp
+	}
+	return false
+}
+
+func (x *ConnectionPropertiesPolicy) GetTerminal() bool {
+	if x != nil {
+		return x.Terminal
+	}
+	return false
+}
+
+type DestinationCluster struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name is the name of the cluster. This will be used to look up a cluster in the clusters map.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+}
+
+func (x *DestinationCluster) Reset() {
+	*x = DestinationCluster{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[16]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DestinationCluster) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DestinationCluster) ProtoMessage() {}
+
+func (x *DestinationCluster) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[16]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DestinationCluster.ProtoReflect.Descriptor instead.
+func (*DestinationCluster) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{16}
+}
+
+func (x *DestinationCluster) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_route_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_route_proto_rawDesc = []byte{
+	0x0a, 0x1b, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77,
+	0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70,
+	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x70, 0x62,
+	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x68, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x22, 0x6d, 0x0a, 0x05, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x50, 0x0a, 0x0d, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x68, 0x6f, 0x73,
+	0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61,
+	0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x0c, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f,
+	0x73, 0x74, 0x73, 0x22, 0xe2, 0x01, 0x0a, 0x0b, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48,
+	0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69,
+	0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
+	0x73, 0x12, 0x59, 0x0a, 0x10, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4a, 0x0a, 0x0b,
+	0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x0a, 0x72, 0x6f,
+	0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x22, 0xfc, 0x01, 0x0a, 0x09, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x40, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x52, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74,
+	0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52,
+	0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x59, 0x0a, 0x10,
+	0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75,
+	0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75,
+	0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xbe, 0x02, 0x0a, 0x0a, 0x52, 0x6f, 0x75, 0x74,
+	0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x48, 0x0a, 0x0a, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x6d,
+	0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x74, 0x68,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x09, 0x70, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x12, 0x52, 0x0a, 0x0e, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68,
+	0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x0d, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x6d,
+	0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x6b, 0x0a, 0x17, 0x71,
+	0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x6d,
+	0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x51, 0x75,
+	0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x52, 0x15, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
+	0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x22, 0x63, 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x18, 0x0a,
+	0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52,
+	0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x42,
+	0x0c, 0x0a, 0x0a, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x22, 0x7e, 0x0a,
+	0x13, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63,
+	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74,
+	0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48,
+	0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x12, 0x1a, 0x0a, 0x07, 0x70, 0x72, 0x65, 0x73,
+	0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x07, 0x70, 0x72, 0x65,
+	0x73, 0x65, 0x6e, 0x74, 0x42, 0x07, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x22, 0xcd, 0x01,
+	0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x70, 0x72, 0x65,
+	0x66, 0x69, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x70, 0x72, 0x65,
+	0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a,
+	0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05,
+	0x72, 0x65, 0x67, 0x65, 0x78, 0x12, 0x1a, 0x0a, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e,
+	0x74, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x5f, 0x6d, 0x61, 0x74, 0x63,
+	0x68, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x42, 0x07, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x22, 0xcf, 0x02,
+	0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x48, 0x00, 0x52, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74,
+	0x65, 0x72, 0x12, 0x65, 0x0a, 0x11, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x5f, 0x63,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c,
+	0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
+	0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x10, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65,
+	0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x75, 0x0a, 0x19, 0x64, 0x65, 0x73,
+	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65,
+	0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x18, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x42, 0x0d, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22,
+	0x8c, 0x03, 0x0a, 0x18, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x11,
+	0x61, 0x75, 0x74, 0x6f, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x52, 0x0f, 0x61, 0x75, 0x74, 0x6f, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x77,
+	0x72, 0x69, 0x74, 0x65, 0x12, 0x5b, 0x0a, 0x0d, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x70, 0x6f, 0x6c,
+	0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61,
+	0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x52, 0x0c, 0x68, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65,
+	0x73, 0x12, 0x54, 0x0a, 0x0e, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75,
+	0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x72, 0x65, 0x66, 0x69,
+	0x78, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0d, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x4e,
+	0x0a, 0x0c, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x52, 0x0b, 0x72, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x9d,
+	0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x19,
+	0x0a, 0x08, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x3d, 0x0a, 0x0b, 0x6e, 0x75, 0x6d,
+	0x5f, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0a, 0x6e, 0x75,
+	0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x16, 0x72, 0x65, 0x74, 0x72,
+	0x69, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x63, 0x6f, 0x64,
+	0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x14, 0x72, 0x65, 0x74, 0x72, 0x69, 0x61,
+	0x62, 0x6c, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x22, 0x82,
+	0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69,
+	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x74, 0x69,
+	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x22, 0x86, 0x03, 0x0a, 0x16, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61,
+	0x6e, 0x63, 0x65, 0x72, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x46,
+	0x0a, 0x06, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52, 0x06,
+	0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x46, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x5f,
+	0x0a, 0x0f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
+	0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61,
+	0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52,
+	0x0e, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x12,
+	0x71, 0x0a, 0x15, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72,
+	0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72,
+	0x74, 0x69, 0x65, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52, 0x14, 0x63, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69,
+	0x65, 0x73, 0x42, 0x08, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x7f, 0x0a, 0x0c,
+	0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x12, 0x2b, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x12, 0x12, 0x0a,
+	0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74,
+	0x68, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x3e, 0x0a,
+	0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x46, 0x0a,
+	0x14, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72,
+	0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72,
+	0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x55, 0x0a, 0x1a, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70,
+	0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x28, 0x0a, 0x12,
+	0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74,
+	0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0x92, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0a, 0x52,
+	0x6f, 0x75, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74,
+	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70,
+	0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68,
+	0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
+	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
+	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73,
+	0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_route_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_route_proto_rawDescData = file_pbmesh_v1alpha1_route_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_route_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_route_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_route_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_route_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_route_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_route_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
+var file_pbmesh_v1alpha1_route_proto_goTypes = []interface{}{
+	(*Route)(nil),                      // 0: hashicorp.consul.mesh.v1alpha1.Route
+	(*VirtualHost)(nil),                // 1: hashicorp.consul.mesh.v1alpha1.VirtualHost
+	(*RouteRule)(nil),                  // 2: hashicorp.consul.mesh.v1alpha1.RouteRule
+	(*RouteMatch)(nil),                 // 3: hashicorp.consul.mesh.v1alpha1.RouteMatch
+	(*PathMatch)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.PathMatch
+	(*QueryParameterMatch)(nil),        // 5: hashicorp.consul.mesh.v1alpha1.QueryParameterMatch
+	(*HeaderMatch)(nil),                // 6: hashicorp.consul.mesh.v1alpha1.HeaderMatch
+	(*RouteDestination)(nil),           // 7: hashicorp.consul.mesh.v1alpha1.RouteDestination
+	(*DestinationConfiguration)(nil),   // 8: hashicorp.consul.mesh.v1alpha1.DestinationConfiguration
+	(*RetryPolicy)(nil),                // 9: hashicorp.consul.mesh.v1alpha1.RetryPolicy
+	(*TimeoutConfig)(nil),              // 10: hashicorp.consul.mesh.v1alpha1.TimeoutConfig
+	(*LoadBalancerHashPolicy)(nil),     // 11: hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy
+	(*CookiePolicy)(nil),               // 12: hashicorp.consul.mesh.v1alpha1.CookiePolicy
+	(*HeaderPolicy)(nil),               // 13: hashicorp.consul.mesh.v1alpha1.HeaderPolicy
+	(*QueryParameterPolicy)(nil),       // 14: hashicorp.consul.mesh.v1alpha1.QueryParameterPolicy
+	(*ConnectionPropertiesPolicy)(nil), // 15: hashicorp.consul.mesh.v1alpha1.ConnectionPropertiesPolicy
+	(*DestinationCluster)(nil),         // 16: hashicorp.consul.mesh.v1alpha1.DestinationCluster
+	(*HeaderMutation)(nil),             // 17: hashicorp.consul.mesh.v1alpha1.HeaderMutation
+	(*L7WeightedClusterGroup)(nil),     // 18: hashicorp.consul.mesh.v1alpha1.L7WeightedClusterGroup
+	(*wrapperspb.BoolValue)(nil),       // 19: google.protobuf.BoolValue
+	(*wrapperspb.UInt32Value)(nil),     // 20: google.protobuf.UInt32Value
+	(*durationpb.Duration)(nil),        // 21: google.protobuf.Duration
+}
+var file_pbmesh_v1alpha1_route_proto_depIdxs = []int32{
+	1,  // 0: hashicorp.consul.mesh.v1alpha1.Route.virtual_hosts:type_name -> hashicorp.consul.mesh.v1alpha1.VirtualHost
+	17, // 1: hashicorp.consul.mesh.v1alpha1.VirtualHost.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMutation
+	2,  // 2: hashicorp.consul.mesh.v1alpha1.VirtualHost.route_rules:type_name -> hashicorp.consul.mesh.v1alpha1.RouteRule
+	3,  // 3: hashicorp.consul.mesh.v1alpha1.RouteRule.match:type_name -> hashicorp.consul.mesh.v1alpha1.RouteMatch
+	7,  // 4: hashicorp.consul.mesh.v1alpha1.RouteRule.destination:type_name -> hashicorp.consul.mesh.v1alpha1.RouteDestination
+	17, // 5: hashicorp.consul.mesh.v1alpha1.RouteRule.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMutation
+	4,  // 6: hashicorp.consul.mesh.v1alpha1.RouteMatch.path_match:type_name -> hashicorp.consul.mesh.v1alpha1.PathMatch
+	6,  // 7: hashicorp.consul.mesh.v1alpha1.RouteMatch.header_matches:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMatch
+	5,  // 8: hashicorp.consul.mesh.v1alpha1.RouteMatch.query_parameter_matches:type_name -> hashicorp.consul.mesh.v1alpha1.QueryParameterMatch
+	16, // 9: hashicorp.consul.mesh.v1alpha1.RouteDestination.cluster:type_name -> hashicorp.consul.mesh.v1alpha1.DestinationCluster
+	18, // 10: hashicorp.consul.mesh.v1alpha1.RouteDestination.weighted_clusters:type_name -> hashicorp.consul.mesh.v1alpha1.L7WeightedClusterGroup
+	8,  // 11: hashicorp.consul.mesh.v1alpha1.RouteDestination.destination_configuration:type_name -> hashicorp.consul.mesh.v1alpha1.DestinationConfiguration
+	19, // 12: hashicorp.consul.mesh.v1alpha1.DestinationConfiguration.auto_host_rewrite:type_name -> google.protobuf.BoolValue
+	11, // 13: hashicorp.consul.mesh.v1alpha1.DestinationConfiguration.hash_policies:type_name -> hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy
+	10, // 14: hashicorp.consul.mesh.v1alpha1.DestinationConfiguration.timeout_config:type_name -> hashicorp.consul.mesh.v1alpha1.TimeoutConfig
+	9,  // 15: hashicorp.consul.mesh.v1alpha1.DestinationConfiguration.retry_policy:type_name -> hashicorp.consul.mesh.v1alpha1.RetryPolicy
+	20, // 16: hashicorp.consul.mesh.v1alpha1.RetryPolicy.num_retries:type_name -> google.protobuf.UInt32Value
+	21, // 17: hashicorp.consul.mesh.v1alpha1.TimeoutConfig.timeout:type_name -> google.protobuf.Duration
+	21, // 18: hashicorp.consul.mesh.v1alpha1.TimeoutConfig.idle_timeout:type_name -> google.protobuf.Duration
+	12, // 19: hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy.cookie:type_name -> hashicorp.consul.mesh.v1alpha1.CookiePolicy
+	13, // 20: hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy.header:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderPolicy
+	14, // 21: hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy.query_parameter:type_name -> hashicorp.consul.mesh.v1alpha1.QueryParameterPolicy
+	15, // 22: hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy.connection_properties:type_name -> hashicorp.consul.mesh.v1alpha1.ConnectionPropertiesPolicy
+	21, // 23: hashicorp.consul.mesh.v1alpha1.CookiePolicy.ttl:type_name -> google.protobuf.Duration
+	24, // [24:24] is the sub-list for method output_type
+	24, // [24:24] is the sub-list for method input_type
+	24, // [24:24] is the sub-list for extension type_name
+	24, // [24:24] is the sub-list for extension extendee
+	0,  // [0:24] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_route_proto_init() }
+func file_pbmesh_v1alpha1_route_proto_init() {
+	if File_pbmesh_v1alpha1_route_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_cluster_proto_init()
+	file_pbmesh_v1alpha1_header_mutations_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_route_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Route); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*VirtualHost); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RouteRule); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RouteMatch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PathMatch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*QueryParameterMatch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HeaderMatch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RouteDestination); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DestinationConfiguration); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RetryPolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TimeoutConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LoadBalancerHashPolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CookiePolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HeaderPolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*QueryParameterPolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ConnectionPropertiesPolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_route_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DestinationCluster); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_route_proto_msgTypes[4].OneofWrappers = []interface{}{
+		(*PathMatch_Exact)(nil),
+		(*PathMatch_Prefix)(nil),
+		(*PathMatch_Regex)(nil),
+	}
+	file_pbmesh_v1alpha1_route_proto_msgTypes[5].OneofWrappers = []interface{}{
+		(*QueryParameterMatch_Exact)(nil),
+		(*QueryParameterMatch_Regex)(nil),
+		(*QueryParameterMatch_Present)(nil),
+	}
+	file_pbmesh_v1alpha1_route_proto_msgTypes[6].OneofWrappers = []interface{}{
+		(*HeaderMatch_Exact)(nil),
+		(*HeaderMatch_Prefix)(nil),
+		(*HeaderMatch_Suffix)(nil),
+		(*HeaderMatch_Regex)(nil),
+		(*HeaderMatch_Present)(nil),
+	}
+	file_pbmesh_v1alpha1_route_proto_msgTypes[7].OneofWrappers = []interface{}{
+		(*RouteDestination_Cluster)(nil),
+		(*RouteDestination_WeightedClusters)(nil),
+	}
+	file_pbmesh_v1alpha1_route_proto_msgTypes[11].OneofWrappers = []interface{}{
+		(*LoadBalancerHashPolicy_Cookie)(nil),
+		(*LoadBalancerHashPolicy_Header)(nil),
+		(*LoadBalancerHashPolicy_QueryParameter)(nil),
+		(*LoadBalancerHashPolicy_ConnectionProperties)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_route_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   17,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_route_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_route_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_route_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_route_proto = out.File
+	file_pbmesh_v1alpha1_route_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_route_proto_goTypes = nil
+	file_pbmesh_v1alpha1_route_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/route.proto b/proto-public/pbmesh/v1alpha1/route.proto
new file mode 100644
index 000000000000..adcf350bc127
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/route.proto
@@ -0,0 +1,138 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "google/protobuf/duration.proto";
+import "google/protobuf/wrappers.proto";
+import "pbmesh/v1alpha1/cluster.proto";
+import "pbmesh/v1alpha1/header_mutations.proto";
+
+message Route {
+  // name is the name of the route.
+  string name = 1;
+  // virtual_hosts is a list of virtual hosts. A virtual host is selected based on an incoming request's host header.
+  repeated VirtualHost virtual_hosts = 2;
+}
+
+message VirtualHost {
+  string name = 1;
+  // domains are used to match an incoming request's host header and determine which virtual host to use.
+  repeated string domains = 2;
+  // header_mutations to apply to the request when it matches this virtual host. These are applied after any headers in
+  // the RouteRule.
+  repeated HeaderMutation header_mutations = 3;
+  // route_rules are a list of rules to use for what to do next with this request. The first rule with a match will be
+  // used.
+  repeated RouteRule route_rules = 4;
+}
+
+message RouteRule {
+  // match determines how to match the request. The first match determines which destination the request will go to.
+  RouteMatch match = 1;
+  // destination is where to send the request to.
+  RouteDestination destination = 2;
+  // header_mutations to apply to the request. These are applied before the VirtualHost header mutations.
+  repeated HeaderMutation header_mutations = 3;
+}
+
+// RouteMatch has configuration to match a request.
+message RouteMatch {
+  PathMatch path_match = 1;
+  repeated HeaderMatch header_matches = 2;
+  repeated string method_matches = 3;
+  repeated QueryParameterMatch query_parameter_matches = 4;
+}
+
+message PathMatch {
+  oneof path_match {
+    string exact = 1;
+    string prefix = 2;
+    string regex = 3;
+  }
+}
+
+message QueryParameterMatch {
+  string name = 1;
+  oneof match {
+    string exact = 2;
+    string regex = 3;
+    bool present = 4;
+  }
+}
+
+message HeaderMatch {
+  string name = 1;
+  oneof match {
+    string exact = 2;
+    string prefix = 3;
+    string suffix = 4;
+    string regex = 5;
+    bool present = 6;
+  }
+  bool invert_match = 7;
+}
+
+// RouteDestination has configuration for where to send a request.
+message RouteDestination {
+  // destination is one or more clusters to route to.
+  oneof destination {
+    DestinationCluster cluster = 1;
+    L7WeightedClusterGroup weighted_clusters = 2;
+  }
+  DestinationConfiguration destination_configuration = 3;
+}
+
+message DestinationConfiguration {
+  google.protobuf.BoolValue auto_host_rewrite = 1;
+  repeated LoadBalancerHashPolicy hash_policies = 2;
+  TimeoutConfig timeout_config = 3;
+  string prefix_rewrite = 4;
+  RetryPolicy retry_policy = 5;
+}
+
+message RetryPolicy {
+  string retry_on = 1;
+  google.protobuf.UInt32Value num_retries = 2;
+  repeated uint32 retriable_status_codes = 3;
+}
+
+message TimeoutConfig {
+  google.protobuf.Duration timeout = 1;
+  google.protobuf.Duration idle_timeout = 2;
+}
+
+message LoadBalancerHashPolicy {
+  oneof policy {
+    CookiePolicy cookie = 1;
+    HeaderPolicy header = 2;
+    QueryParameterPolicy query_parameter = 3;
+    ConnectionPropertiesPolicy connection_properties = 4;
+  }
+}
+
+message CookiePolicy {
+  string name = 1;
+  google.protobuf.Duration ttl = 2;
+  string path = 3;
+  bool terminal = 4;
+}
+message HeaderPolicy {
+  string name = 1;
+  bool terminal = 2;
+}
+message QueryParameterPolicy {
+  string name = 1;
+  bool terminal = 2;
+}
+message ConnectionPropertiesPolicy {
+  bool source_ip = 1;
+  bool terminal = 2;
+}
+
+message DestinationCluster {
+  // name is the name of the cluster. This will be used to look up a cluster in the clusters map.
+  string name = 1;
+}
diff --git a/proto-public/pbmesh/v1alpha1/transport_socket.pb.binary.go b/proto-public/pbmesh/v1alpha1/transport_socket.pb.binary.go
new file mode 100644
index 000000000000..6669cd6f0ad3
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/transport_socket.pb.binary.go
@@ -0,0 +1,138 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/transport_socket.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *TLS) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *TLS) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *TransportSocket) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *TransportSocket) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InboundMeshMTLS) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InboundMeshMTLS) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *OutboundMeshMTLS) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *OutboundMeshMTLS) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InboundNonMeshTLS) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InboundNonMeshTLS) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *OutboundNonMeshTLS) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *OutboundNonMeshTLS) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *MeshInboundValidationContext) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *MeshInboundValidationContext) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *MeshOutboundValidationContext) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *MeshOutboundValidationContext) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *NonMeshOutboundValidationContext) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *NonMeshOutboundValidationContext) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *SDSCertificate) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *SDSCertificate) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *TLSParameters) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *TLSParameters) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *LeafCertificate) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *LeafCertificate) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *TrustBundle) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *TrustBundle) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/transport_socket.pb.go b/proto-public/pbmesh/v1alpha1/transport_socket.pb.go
new file mode 100644
index 000000000000..210ca364f889
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/transport_socket.pb.go
@@ -0,0 +1,1488 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/transport_socket.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type TLSVersion int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	TLSVersion_TLS_VERSION_AUTO        TLSVersion = 0
+	TLSVersion_TLS_VERSION_1_0         TLSVersion = 1
+	TLSVersion_TLS_VERSION_1_1         TLSVersion = 2
+	TLSVersion_TLS_VERSION_1_2         TLSVersion = 3
+	TLSVersion_TLS_VERSION_1_3         TLSVersion = 4
+	TLSVersion_TLS_VERSION_INVALID     TLSVersion = 5
+	TLSVersion_TLS_VERSION_UNSPECIFIED TLSVersion = 6
+)
+
+// Enum value maps for TLSVersion.
+var (
+	TLSVersion_name = map[int32]string{
+		0: "TLS_VERSION_AUTO",
+		1: "TLS_VERSION_1_0",
+		2: "TLS_VERSION_1_1",
+		3: "TLS_VERSION_1_2",
+		4: "TLS_VERSION_1_3",
+		5: "TLS_VERSION_INVALID",
+		6: "TLS_VERSION_UNSPECIFIED",
+	}
+	TLSVersion_value = map[string]int32{
+		"TLS_VERSION_AUTO":        0,
+		"TLS_VERSION_1_0":         1,
+		"TLS_VERSION_1_1":         2,
+		"TLS_VERSION_1_2":         3,
+		"TLS_VERSION_1_3":         4,
+		"TLS_VERSION_INVALID":     5,
+		"TLS_VERSION_UNSPECIFIED": 6,
+	}
+)
+
+func (x TLSVersion) Enum() *TLSVersion {
+	p := new(TLSVersion)
+	*p = x
+	return p
+}
+
+func (x TLSVersion) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (TLSVersion) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_transport_socket_proto_enumTypes[0].Descriptor()
+}
+
+func (TLSVersion) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_transport_socket_proto_enumTypes[0]
+}
+
+func (x TLSVersion) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use TLSVersion.Descriptor instead.
+func (TLSVersion) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{0}
+}
+
+type TLSCipherSuite int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256 TLSCipherSuite = 0
+	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305 TLSCipherSuite = 1
+	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256   TLSCipherSuite = 2
+	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305   TLSCipherSuite = 3
+	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA        TLSCipherSuite = 4
+	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA          TLSCipherSuite = 5
+	TLSCipherSuite_TLS_CIPHER_SUITE_AES128_GCM_SHA256             TLSCipherSuite = 6
+	TLSCipherSuite_TLS_CIPHER_SUITE_AES128_SHA                    TLSCipherSuite = 7
+	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384 TLSCipherSuite = 8
+	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384   TLSCipherSuite = 9
+	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA        TLSCipherSuite = 10
+	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA          TLSCipherSuite = 11
+	TLSCipherSuite_TLS_CIPHER_SUITE_AES256_GCM_SHA384             TLSCipherSuite = 12
+	TLSCipherSuite_TLS_CIPHER_SUITE_AES256_SHA                    TLSCipherSuite = 13
+)
+
+// Enum value maps for TLSCipherSuite.
+var (
+	TLSCipherSuite_name = map[int32]string{
+		0:  "TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256",
+		1:  "TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305",
+		2:  "TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256",
+		3:  "TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305",
+		4:  "TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA",
+		5:  "TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA",
+		6:  "TLS_CIPHER_SUITE_AES128_GCM_SHA256",
+		7:  "TLS_CIPHER_SUITE_AES128_SHA",
+		8:  "TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384",
+		9:  "TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384",
+		10: "TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA",
+		11: "TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA",
+		12: "TLS_CIPHER_SUITE_AES256_GCM_SHA384",
+		13: "TLS_CIPHER_SUITE_AES256_SHA",
+	}
+	TLSCipherSuite_value = map[string]int32{
+		"TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256": 0,
+		"TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305": 1,
+		"TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256":   2,
+		"TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305":   3,
+		"TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA":        4,
+		"TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA":          5,
+		"TLS_CIPHER_SUITE_AES128_GCM_SHA256":             6,
+		"TLS_CIPHER_SUITE_AES128_SHA":                    7,
+		"TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384": 8,
+		"TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384":   9,
+		"TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA":        10,
+		"TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA":          11,
+		"TLS_CIPHER_SUITE_AES256_GCM_SHA384":             12,
+		"TLS_CIPHER_SUITE_AES256_SHA":                    13,
+	}
+)
+
+func (x TLSCipherSuite) Enum() *TLSCipherSuite {
+	p := new(TLSCipherSuite)
+	*p = x
+	return p
+}
+
+func (x TLSCipherSuite) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (TLSCipherSuite) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_transport_socket_proto_enumTypes[1].Descriptor()
+}
+
+func (TLSCipherSuite) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_transport_socket_proto_enumTypes[1]
+}
+
+func (x TLSCipherSuite) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use TLSCipherSuite.Descriptor instead.
+func (TLSCipherSuite) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{1}
+}
+
+type TLS struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// inbound_tls_parameters has default TLS parameter configuration for inbound connections. These can be overridden per
+	// transport socket.
+	InboundTlsParameters *TLSParameters `protobuf:"bytes,1,opt,name=inbound_tls_parameters,json=inboundTlsParameters,proto3" json:"inbound_tls_parameters,omitempty"`
+	// outbound_tls_parameters has default TLS parameter configuration for inbound connections. These can be overridden per transport socket.
+	OutboundTlsParameters *TLSParameters `protobuf:"bytes,2,opt,name=outbound_tls_parameters,json=outboundTlsParameters,proto3" json:"outbound_tls_parameters,omitempty"`
+	// TrustBundles is a map of peer name to trust domain. The V2 resource tenancy field will have the peer, which will be either local, or have a peer name. The map keys would be "local" or the name of the peer if it is for a remote peer. The peer name and trust domain will be used to look up CA pems for a trust domain.
+	TrustBundles map[string]string `protobuf:"bytes,3,rep,name=trust_bundles,json=trustBundles,proto3" json:"trust_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (x *TLS) Reset() {
+	*x = TLS{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TLS) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TLS) ProtoMessage() {}
+
+func (x *TLS) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TLS.ProtoReflect.Descriptor instead.
+func (*TLS) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *TLS) GetInboundTlsParameters() *TLSParameters {
+	if x != nil {
+		return x.InboundTlsParameters
+	}
+	return nil
+}
+
+func (x *TLS) GetOutboundTlsParameters() *TLSParameters {
+	if x != nil {
+		return x.OutboundTlsParameters
+	}
+	return nil
+}
+
+func (x *TLS) GetTrustBundles() map[string]string {
+	if x != nil {
+		return x.TrustBundles
+	}
+	return nil
+}
+
+type TransportSocket struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to ConnectionTls:
+	//
+	//	*TransportSocket_InboundMesh
+	//	*TransportSocket_OutboundMesh
+	//	*TransportSocket_InboundNonMesh
+	//	*TransportSocket_OutboundNonMesh
+	ConnectionTls isTransportSocket_ConnectionTls `protobuf_oneof:"connection_tls"`
+	// tls_parameters can override any top level tls parameters that are configured.
+	TlsParameters *TLSParameters `protobuf:"bytes,5,opt,name=tls_parameters,json=tlsParameters,proto3" json:"tls_parameters,omitempty"`
+	AlpnProtocols []string       `protobuf:"bytes,6,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"`
+}
+
+func (x *TransportSocket) Reset() {
+	*x = TransportSocket{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TransportSocket) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TransportSocket) ProtoMessage() {}
+
+func (x *TransportSocket) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TransportSocket.ProtoReflect.Descriptor instead.
+func (*TransportSocket) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{1}
+}
+
+func (m *TransportSocket) GetConnectionTls() isTransportSocket_ConnectionTls {
+	if m != nil {
+		return m.ConnectionTls
+	}
+	return nil
+}
+
+func (x *TransportSocket) GetInboundMesh() *InboundMeshMTLS {
+	if x, ok := x.GetConnectionTls().(*TransportSocket_InboundMesh); ok {
+		return x.InboundMesh
+	}
+	return nil
+}
+
+func (x *TransportSocket) GetOutboundMesh() *OutboundMeshMTLS {
+	if x, ok := x.GetConnectionTls().(*TransportSocket_OutboundMesh); ok {
+		return x.OutboundMesh
+	}
+	return nil
+}
+
+func (x *TransportSocket) GetInboundNonMesh() *InboundNonMeshTLS {
+	if x, ok := x.GetConnectionTls().(*TransportSocket_InboundNonMesh); ok {
+		return x.InboundNonMesh
+	}
+	return nil
+}
+
+func (x *TransportSocket) GetOutboundNonMesh() *OutboundNonMeshTLS {
+	if x, ok := x.GetConnectionTls().(*TransportSocket_OutboundNonMesh); ok {
+		return x.OutboundNonMesh
+	}
+	return nil
+}
+
+func (x *TransportSocket) GetTlsParameters() *TLSParameters {
+	if x != nil {
+		return x.TlsParameters
+	}
+	return nil
+}
+
+func (x *TransportSocket) GetAlpnProtocols() []string {
+	if x != nil {
+		return x.AlpnProtocols
+	}
+	return nil
+}
+
+type isTransportSocket_ConnectionTls interface {
+	isTransportSocket_ConnectionTls()
+}
+
+type TransportSocket_InboundMesh struct {
+	// inbound_mesh is for incoming connections FROM the mesh.
+	InboundMesh *InboundMeshMTLS `protobuf:"bytes,1,opt,name=inbound_mesh,json=inboundMesh,proto3,oneof"`
+}
+
+type TransportSocket_OutboundMesh struct {
+	// outbound_mesh is for outbound connections TO mesh destinations.
+	OutboundMesh *OutboundMeshMTLS `protobuf:"bytes,2,opt,name=outbound_mesh,json=outboundMesh,proto3,oneof"`
+}
+
+type TransportSocket_InboundNonMesh struct {
+	// inbound_non_mesh is for incoming connections FROM non mesh.
+	InboundNonMesh *InboundNonMeshTLS `protobuf:"bytes,3,opt,name=inbound_non_mesh,json=inboundNonMesh,proto3,oneof"`
+}
+
+type TransportSocket_OutboundNonMesh struct {
+	// outbound_non_mesh is for outbound connections TO non mesh destinations.
+	OutboundNonMesh *OutboundNonMeshTLS `protobuf:"bytes,4,opt,name=outbound_non_mesh,json=outboundNonMesh,proto3,oneof"`
+}
+
+func (*TransportSocket_InboundMesh) isTransportSocket_ConnectionTls() {}
+
+func (*TransportSocket_OutboundMesh) isTransportSocket_ConnectionTls() {}
+
+func (*TransportSocket_InboundNonMesh) isTransportSocket_ConnectionTls() {}
+
+func (*TransportSocket_OutboundNonMesh) isTransportSocket_ConnectionTls() {}
+
+type InboundMeshMTLS struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// identity_key is UUID key to use to look up the leaf certificate in ProxyState to present for incoming connections.
+	IdentityKey string `protobuf:"bytes,1,opt,name=identity_key,json=identityKey,proto3" json:"identity_key,omitempty"`
+	// validation_context has what is needed to validate incoming connections.
+	ValidationContext *MeshInboundValidationContext `protobuf:"bytes,2,opt,name=validation_context,json=validationContext,proto3" json:"validation_context,omitempty"`
+}
+
+func (x *InboundMeshMTLS) Reset() {
+	*x = InboundMeshMTLS{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InboundMeshMTLS) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InboundMeshMTLS) ProtoMessage() {}
+
+func (x *InboundMeshMTLS) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InboundMeshMTLS.ProtoReflect.Descriptor instead.
+func (*InboundMeshMTLS) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *InboundMeshMTLS) GetIdentityKey() string {
+	if x != nil {
+		return x.IdentityKey
+	}
+	return ""
+}
+
+func (x *InboundMeshMTLS) GetValidationContext() *MeshInboundValidationContext {
+	if x != nil {
+		return x.ValidationContext
+	}
+	return nil
+}
+
+type OutboundMeshMTLS struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// identity_key is UUID key to use to look up the leaf certificate in ProxyState when connecting to destinations.
+	IdentityKey string `protobuf:"bytes,1,opt,name=identity_key,json=identityKey,proto3" json:"identity_key,omitempty"`
+	// validation_context has what is needed to validate the destination.
+	ValidationContext *MeshOutboundValidationContext `protobuf:"bytes,2,opt,name=validation_context,json=validationContext,proto3" json:"validation_context,omitempty"`
+	// sni to use when connecting to the destination.
+	Sni string `protobuf:"bytes,3,opt,name=sni,proto3" json:"sni,omitempty"`
+}
+
+func (x *OutboundMeshMTLS) Reset() {
+	*x = OutboundMeshMTLS{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OutboundMeshMTLS) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OutboundMeshMTLS) ProtoMessage() {}
+
+func (x *OutboundMeshMTLS) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OutboundMeshMTLS.ProtoReflect.Descriptor instead.
+func (*OutboundMeshMTLS) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *OutboundMeshMTLS) GetIdentityKey() string {
+	if x != nil {
+		return x.IdentityKey
+	}
+	return ""
+}
+
+func (x *OutboundMeshMTLS) GetValidationContext() *MeshOutboundValidationContext {
+	if x != nil {
+		return x.ValidationContext
+	}
+	return nil
+}
+
+func (x *OutboundMeshMTLS) GetSni() string {
+	if x != nil {
+		return x.Sni
+	}
+	return ""
+}
+
+type InboundNonMeshTLS struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// identity is the reference to the leaf certificate to present for incoming connections.
+	//
+	// Types that are assignable to Identity:
+	//
+	//	*InboundNonMeshTLS_LeafKey
+	//	*InboundNonMeshTLS_Sds
+	Identity isInboundNonMeshTLS_Identity `protobuf_oneof:"identity"`
+}
+
+func (x *InboundNonMeshTLS) Reset() {
+	*x = InboundNonMeshTLS{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InboundNonMeshTLS) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InboundNonMeshTLS) ProtoMessage() {}
+
+func (x *InboundNonMeshTLS) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InboundNonMeshTLS.ProtoReflect.Descriptor instead.
+func (*InboundNonMeshTLS) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{4}
+}
+
+func (m *InboundNonMeshTLS) GetIdentity() isInboundNonMeshTLS_Identity {
+	if m != nil {
+		return m.Identity
+	}
+	return nil
+}
+
+func (x *InboundNonMeshTLS) GetLeafKey() string {
+	if x, ok := x.GetIdentity().(*InboundNonMeshTLS_LeafKey); ok {
+		return x.LeafKey
+	}
+	return ""
+}
+
+func (x *InboundNonMeshTLS) GetSds() *SDSCertificate {
+	if x, ok := x.GetIdentity().(*InboundNonMeshTLS_Sds); ok {
+		return x.Sds
+	}
+	return nil
+}
+
+type isInboundNonMeshTLS_Identity interface {
+	isInboundNonMeshTLS_Identity()
+}
+
+type InboundNonMeshTLS_LeafKey struct {
+	// leaf_key is the UUID key to use to look up the leaf certificate in the ProxyState leaf certificate map.
+	LeafKey string `protobuf:"bytes,1,opt,name=leaf_key,json=leafKey,proto3,oneof"`
+}
+
+type InboundNonMeshTLS_Sds struct {
+	// sds refers to certificates retrieved via Envoy SDS.
+	Sds *SDSCertificate `protobuf:"bytes,2,opt,name=sds,proto3,oneof"`
+}
+
+func (*InboundNonMeshTLS_LeafKey) isInboundNonMeshTLS_Identity() {}
+
+func (*InboundNonMeshTLS_Sds) isInboundNonMeshTLS_Identity() {}
+
+type OutboundNonMeshTLS struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// cert_file is a filename for a certificate to present for outbound connections.
+	CertFile string `protobuf:"bytes,1,opt,name=cert_file,json=certFile,proto3" json:"cert_file,omitempty"`
+	// key_file is a filename for a key for outbound connections.
+	KeyFile string `protobuf:"bytes,2,opt,name=key_file,json=keyFile,proto3" json:"key_file,omitempty"`
+	// validation_context has what is needed to validate the destination.
+	ValidationContext *NonMeshOutboundValidationContext `protobuf:"bytes,3,opt,name=validation_context,json=validationContext,proto3" json:"validation_context,omitempty"`
+}
+
+func (x *OutboundNonMeshTLS) Reset() {
+	*x = OutboundNonMeshTLS{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OutboundNonMeshTLS) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OutboundNonMeshTLS) ProtoMessage() {}
+
+func (x *OutboundNonMeshTLS) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OutboundNonMeshTLS.ProtoReflect.Descriptor instead.
+func (*OutboundNonMeshTLS) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *OutboundNonMeshTLS) GetCertFile() string {
+	if x != nil {
+		return x.CertFile
+	}
+	return ""
+}
+
+func (x *OutboundNonMeshTLS) GetKeyFile() string {
+	if x != nil {
+		return x.KeyFile
+	}
+	return ""
+}
+
+func (x *OutboundNonMeshTLS) GetValidationContext() *NonMeshOutboundValidationContext {
+	if x != nil {
+		return x.ValidationContext
+	}
+	return nil
+}
+
+type MeshInboundValidationContext struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// trust_bundle_peer_name_keys is which trust bundles to use for validating incoming connections. If this workload is exported
+	// to peers, the incoming connection could be from a different peer, requiring that trust bundle to validate the
+	// connection. These could be local or peered trust bundles. This will be a key in the trust bundle map.
+	TrustBundlePeerNameKeys []string `protobuf:"bytes,1,rep,name=trust_bundle_peer_name_keys,json=trustBundlePeerNameKeys,proto3" json:"trust_bundle_peer_name_keys,omitempty"`
+}
+
+func (x *MeshInboundValidationContext) Reset() {
+	*x = MeshInboundValidationContext{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *MeshInboundValidationContext) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MeshInboundValidationContext) ProtoMessage() {}
+
+func (x *MeshInboundValidationContext) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MeshInboundValidationContext.ProtoReflect.Descriptor instead.
+func (*MeshInboundValidationContext) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *MeshInboundValidationContext) GetTrustBundlePeerNameKeys() []string {
+	if x != nil {
+		return x.TrustBundlePeerNameKeys
+	}
+	return nil
+}
+
+type MeshOutboundValidationContext struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// trust_bundle_peer_name_key is which trust bundle to use for the destination. It could be the local or a peer's trust bundle.
+	// This will be a key in the trust bundle map.
+	TrustBundlePeerNameKey string `protobuf:"bytes,1,opt,name=trust_bundle_peer_name_key,json=trustBundlePeerNameKey,proto3" json:"trust_bundle_peer_name_key,omitempty"`
+	// spiffe_ids is one or more spiffe IDs to validate.
+	SpiffeIds []string `protobuf:"bytes,2,rep,name=spiffe_ids,json=spiffeIds,proto3" json:"spiffe_ids,omitempty"`
+}
+
+func (x *MeshOutboundValidationContext) Reset() {
+	*x = MeshOutboundValidationContext{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *MeshOutboundValidationContext) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MeshOutboundValidationContext) ProtoMessage() {}
+
+func (x *MeshOutboundValidationContext) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MeshOutboundValidationContext.ProtoReflect.Descriptor instead.
+func (*MeshOutboundValidationContext) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *MeshOutboundValidationContext) GetTrustBundlePeerNameKey() string {
+	if x != nil {
+		return x.TrustBundlePeerNameKey
+	}
+	return ""
+}
+
+func (x *MeshOutboundValidationContext) GetSpiffeIds() []string {
+	if x != nil {
+		return x.SpiffeIds
+	}
+	return nil
+}
+
+type NonMeshOutboundValidationContext struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// ca_file is a filename for a ca for outbound connections to validate the destination.
+	CaFile string `protobuf:"bytes,1,opt,name=ca_file,json=caFile,proto3" json:"ca_file,omitempty"`
+}
+
+func (x *NonMeshOutboundValidationContext) Reset() {
+	*x = NonMeshOutboundValidationContext{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NonMeshOutboundValidationContext) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NonMeshOutboundValidationContext) ProtoMessage() {}
+
+func (x *NonMeshOutboundValidationContext) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NonMeshOutboundValidationContext.ProtoReflect.Descriptor instead.
+func (*NonMeshOutboundValidationContext) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *NonMeshOutboundValidationContext) GetCaFile() string {
+	if x != nil {
+		return x.CaFile
+	}
+	return ""
+}
+
+type SDSCertificate struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ClusterName  string `protobuf:"bytes,1,opt,name=cluster_name,json=clusterName,proto3" json:"cluster_name,omitempty"`
+	CertResource string `protobuf:"bytes,2,opt,name=cert_resource,json=certResource,proto3" json:"cert_resource,omitempty"`
+}
+
+func (x *SDSCertificate) Reset() {
+	*x = SDSCertificate{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SDSCertificate) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SDSCertificate) ProtoMessage() {}
+
+func (x *SDSCertificate) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SDSCertificate.ProtoReflect.Descriptor instead.
+func (*SDSCertificate) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *SDSCertificate) GetClusterName() string {
+	if x != nil {
+		return x.ClusterName
+	}
+	return ""
+}
+
+func (x *SDSCertificate) GetCertResource() string {
+	if x != nil {
+		return x.CertResource
+	}
+	return ""
+}
+
+type TLSParameters struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	MinVersion   TLSVersion       `protobuf:"varint,1,opt,name=min_version,json=minVersion,proto3,enum=hashicorp.consul.mesh.v1alpha1.TLSVersion" json:"min_version,omitempty"`
+	MaxVersion   TLSVersion       `protobuf:"varint,2,opt,name=max_version,json=maxVersion,proto3,enum=hashicorp.consul.mesh.v1alpha1.TLSVersion" json:"max_version,omitempty"`
+	CipherSuites []TLSCipherSuite `protobuf:"varint,3,rep,packed,name=cipher_suites,json=cipherSuites,proto3,enum=hashicorp.consul.mesh.v1alpha1.TLSCipherSuite" json:"cipher_suites,omitempty"`
+}
+
+func (x *TLSParameters) Reset() {
+	*x = TLSParameters{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TLSParameters) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TLSParameters) ProtoMessage() {}
+
+func (x *TLSParameters) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TLSParameters.ProtoReflect.Descriptor instead.
+func (*TLSParameters) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *TLSParameters) GetMinVersion() TLSVersion {
+	if x != nil {
+		return x.MinVersion
+	}
+	return TLSVersion_TLS_VERSION_AUTO
+}
+
+func (x *TLSParameters) GetMaxVersion() TLSVersion {
+	if x != nil {
+		return x.MaxVersion
+	}
+	return TLSVersion_TLS_VERSION_AUTO
+}
+
+func (x *TLSParameters) GetCipherSuites() []TLSCipherSuite {
+	if x != nil {
+		return x.CipherSuites
+	}
+	return nil
+}
+
+type LeafCertificate struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Cert string `protobuf:"bytes,1,opt,name=cert,proto3" json:"cert,omitempty"`
+	Key  string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
+}
+
+func (x *LeafCertificate) Reset() {
+	*x = LeafCertificate{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LeafCertificate) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LeafCertificate) ProtoMessage() {}
+
+func (x *LeafCertificate) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LeafCertificate.ProtoReflect.Descriptor instead.
+func (*LeafCertificate) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *LeafCertificate) GetCert() string {
+	if x != nil {
+		return x.Cert
+	}
+	return ""
+}
+
+func (x *LeafCertificate) GetKey() string {
+	if x != nil {
+		return x.Key
+	}
+	return ""
+}
+
+type TrustBundle struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Ca string `protobuf:"bytes,1,opt,name=ca,proto3" json:"ca,omitempty"`
+}
+
+func (x *TrustBundle) Reset() {
+	*x = TrustBundle{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[12]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TrustBundle) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TrustBundle) ProtoMessage() {}
+
+func (x *TrustBundle) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[12]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TrustBundle.ProtoReflect.Descriptor instead.
+func (*TrustBundle) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *TrustBundle) GetCa() string {
+	if x != nil {
+		return x.Ca
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_transport_socket_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_transport_socket_proto_rawDesc = []byte{
+	0x0a, 0x26, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b,
+	0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0xee, 0x02, 0x0a, 0x03, 0x54, 0x4c, 0x53,
+	0x12, 0x63, 0x0a, 0x16, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x5f,
+	0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52,
+	0x14, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d,
+	0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x65, 0x0a, 0x17, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e,
+	0x64, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d,
+	0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54,
+	0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x5a, 0x0a, 0x0d,
+	0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75,
+	0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x74, 0x72, 0x75, 0x73,
+	0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x1a, 0x3f, 0x0a, 0x11, 0x54, 0x72, 0x75, 0x73,
+	0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a,
+	0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12,
+	0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x90, 0x04, 0x0a, 0x0f, 0x54, 0x72,
+	0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x54, 0x0a,
+	0x0c, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68,
+	0x4d, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0b, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d,
+	0x65, 0x73, 0x68, 0x12, 0x57, 0x0a, 0x0d, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f,
+	0x6d, 0x65, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0c,
+	0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x5d, 0x0a, 0x10,
+	0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x73, 0x68,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e,
+	0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0e, 0x69, 0x6e, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x60, 0x0a, 0x11, 0x6f,
+	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x73, 0x68,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64,
+	0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0f, 0x6f, 0x75,
+	0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x54, 0x0a,
+	0x0e, 0x74, 0x6c, 0x73, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65,
+	0x74, 0x65, 0x72, 0x73, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74,
+	0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x61, 0x6c, 0x70,
+	0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x63, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x22, 0xa1, 0x01, 0x0a,
+	0x0f, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53,
+	0x12, 0x21, 0x0a, 0x0c, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6b, 0x65, 0x79,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
+	0x4b, 0x65, 0x79, 0x12, 0x6b, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x4d, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69,
+	0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76,
+	0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74,
+	0x22, 0xb5, 0x01, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73,
+	0x68, 0x4d, 0x54, 0x4c, 0x53, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
+	0x79, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x64, 0x65,
+	0x6e, 0x74, 0x69, 0x74, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x6c, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69,
+	0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75,
+	0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74,
+	0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43,
+	0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x22, 0x80, 0x01, 0x0a, 0x11, 0x49, 0x6e, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x12, 0x1b,
+	0x0a, 0x08, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x48, 0x00, 0x52, 0x07, 0x6c, 0x65, 0x61, 0x66, 0x4b, 0x65, 0x79, 0x12, 0x42, 0x0a, 0x03, 0x73,
+	0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x44, 0x53, 0x43, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x03, 0x73, 0x64, 0x73, 0x42,
+	0x0a, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0xbd, 0x01, 0x0a, 0x12,
+	0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54,
+	0x4c, 0x53, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x65, 0x72, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x12,
+	0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x6f, 0x0a, 0x12, 0x76, 0x61,
+	0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x4f,
+	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x5c, 0x0a, 0x1c, 0x4d,
+	0x65, 0x73, 0x68, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3c, 0x0a, 0x1b, 0x74,
+	0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09,
+	0x52, 0x17, 0x74, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65,
+	0x72, 0x4e, 0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x7a, 0x0a, 0x1d, 0x4d, 0x65, 0x73,
+	0x68, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3a, 0x0a, 0x1a, 0x74, 0x72,
+	0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16,
+	0x74, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65, 0x72, 0x4e,
+	0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65,
+	0x5f, 0x69, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x70, 0x69, 0x66,
+	0x66, 0x65, 0x49, 0x64, 0x73, 0x22, 0x3b, 0x0a, 0x20, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68,
+	0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x5f,
+	0x66, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x63, 0x61, 0x46, 0x69,
+	0x6c, 0x65, 0x22, 0x58, 0x0a, 0x0e, 0x53, 0x44, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6c, 0x75, 0x73,
+	0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x65, 0x72, 0x74, 0x5f,
+	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c,
+	0x63, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0xfe, 0x01, 0x0a,
+	0x0d, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4b,
+	0x0a, 0x0b, 0x6d, 0x69, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52,
+	0x0a, 0x6d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x4b, 0x0a, 0x0b, 0x6d,
+	0x61, 0x78, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e,
+	0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x6d, 0x61,
+	0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x53, 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68,
+	0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32,
+	0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x52,
+	0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x37, 0x0a,
+	0x0f, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x63, 0x65, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x22, 0x1d, 0x0a, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42,
+	0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x63, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x02, 0x63, 0x61, 0x2a, 0xac, 0x01, 0x0a, 0x0a, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53,
+	0x49, 0x4f, 0x4e, 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c,
+	0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12,
+	0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31,
+	0x5f, 0x31, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53,
+	0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x32, 0x10, 0x03, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53,
+	0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x12, 0x17,
+	0x0a, 0x13, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x49, 0x4e,
+	0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x54, 0x4c, 0x53, 0x5f, 0x56,
+	0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x10, 0x06, 0x2a, 0x84, 0x05, 0x0a, 0x0e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68,
+	0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43,
+	0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48,
+	0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x47,
+	0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x00, 0x12, 0x32, 0x0a, 0x2e, 0x54,
+	0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f,
+	0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x43, 0x48, 0x41, 0x43,
+	0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x10, 0x01, 0x12,
+	0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55,
+	0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45,
+	0x53, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10,
+	0x02, 0x12, 0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f,
+	0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f,
+	0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30,
+	0x35, 0x10, 0x03, 0x12, 0x2b, 0x0a, 0x27, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
+	0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43,
+	0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x04,
+	0x12, 0x29, 0x0a, 0x25, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53,
+	0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41,
+	0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x05, 0x12, 0x26, 0x0a, 0x22, 0x54,
+	0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f,
+	0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35,
+	0x36, 0x10, 0x06, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
+	0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53,
+	0x48, 0x41, 0x10, 0x07, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48,
+	0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45,
+	0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f,
+	0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x08, 0x12, 0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f,
+	0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44,
+	0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43,
+	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x09, 0x12, 0x2b, 0x0a, 0x27, 0x54, 0x4c,
+	0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45,
+	0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35,
+	0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0a, 0x12, 0x29, 0x0a, 0x25, 0x54, 0x4c, 0x53, 0x5f, 0x43,
+	0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48,
+	0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41,
+	0x10, 0x0b, 0x12, 0x26, 0x0a, 0x22, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52,
+	0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43,
+	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x4c,
+	0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41,
+	0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0d, 0x42, 0x9c, 0x02, 0x0a, 0x22,
+	0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x42, 0x14, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63,
+	0x6b, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68,
+	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75,
+	0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
+	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
+	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68,
+	0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_transport_socket_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_transport_socket_proto_rawDescData = file_pbmesh_v1alpha1_transport_socket_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_transport_socket_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_transport_socket_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_transport_socket_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_transport_socket_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
+var file_pbmesh_v1alpha1_transport_socket_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
+var file_pbmesh_v1alpha1_transport_socket_proto_goTypes = []interface{}{
+	(TLSVersion)(0),                          // 0: hashicorp.consul.mesh.v1alpha1.TLSVersion
+	(TLSCipherSuite)(0),                      // 1: hashicorp.consul.mesh.v1alpha1.TLSCipherSuite
+	(*TLS)(nil),                              // 2: hashicorp.consul.mesh.v1alpha1.TLS
+	(*TransportSocket)(nil),                  // 3: hashicorp.consul.mesh.v1alpha1.TransportSocket
+	(*InboundMeshMTLS)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.InboundMeshMTLS
+	(*OutboundMeshMTLS)(nil),                 // 5: hashicorp.consul.mesh.v1alpha1.OutboundMeshMTLS
+	(*InboundNonMeshTLS)(nil),                // 6: hashicorp.consul.mesh.v1alpha1.InboundNonMeshTLS
+	(*OutboundNonMeshTLS)(nil),               // 7: hashicorp.consul.mesh.v1alpha1.OutboundNonMeshTLS
+	(*MeshInboundValidationContext)(nil),     // 8: hashicorp.consul.mesh.v1alpha1.MeshInboundValidationContext
+	(*MeshOutboundValidationContext)(nil),    // 9: hashicorp.consul.mesh.v1alpha1.MeshOutboundValidationContext
+	(*NonMeshOutboundValidationContext)(nil), // 10: hashicorp.consul.mesh.v1alpha1.NonMeshOutboundValidationContext
+	(*SDSCertificate)(nil),                   // 11: hashicorp.consul.mesh.v1alpha1.SDSCertificate
+	(*TLSParameters)(nil),                    // 12: hashicorp.consul.mesh.v1alpha1.TLSParameters
+	(*LeafCertificate)(nil),                  // 13: hashicorp.consul.mesh.v1alpha1.LeafCertificate
+	(*TrustBundle)(nil),                      // 14: hashicorp.consul.mesh.v1alpha1.TrustBundle
+	nil,                                      // 15: hashicorp.consul.mesh.v1alpha1.TLS.TrustBundlesEntry
+}
+var file_pbmesh_v1alpha1_transport_socket_proto_depIdxs = []int32{
+	12, // 0: hashicorp.consul.mesh.v1alpha1.TLS.inbound_tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.TLSParameters
+	12, // 1: hashicorp.consul.mesh.v1alpha1.TLS.outbound_tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.TLSParameters
+	15, // 2: hashicorp.consul.mesh.v1alpha1.TLS.trust_bundles:type_name -> hashicorp.consul.mesh.v1alpha1.TLS.TrustBundlesEntry
+	4,  // 3: hashicorp.consul.mesh.v1alpha1.TransportSocket.inbound_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.InboundMeshMTLS
+	5,  // 4: hashicorp.consul.mesh.v1alpha1.TransportSocket.outbound_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.OutboundMeshMTLS
+	6,  // 5: hashicorp.consul.mesh.v1alpha1.TransportSocket.inbound_non_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.InboundNonMeshTLS
+	7,  // 6: hashicorp.consul.mesh.v1alpha1.TransportSocket.outbound_non_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.OutboundNonMeshTLS
+	12, // 7: hashicorp.consul.mesh.v1alpha1.TransportSocket.tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.TLSParameters
+	8,  // 8: hashicorp.consul.mesh.v1alpha1.InboundMeshMTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.MeshInboundValidationContext
+	9,  // 9: hashicorp.consul.mesh.v1alpha1.OutboundMeshMTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.MeshOutboundValidationContext
+	11, // 10: hashicorp.consul.mesh.v1alpha1.InboundNonMeshTLS.sds:type_name -> hashicorp.consul.mesh.v1alpha1.SDSCertificate
+	10, // 11: hashicorp.consul.mesh.v1alpha1.OutboundNonMeshTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.NonMeshOutboundValidationContext
+	0,  // 12: hashicorp.consul.mesh.v1alpha1.TLSParameters.min_version:type_name -> hashicorp.consul.mesh.v1alpha1.TLSVersion
+	0,  // 13: hashicorp.consul.mesh.v1alpha1.TLSParameters.max_version:type_name -> hashicorp.consul.mesh.v1alpha1.TLSVersion
+	1,  // 14: hashicorp.consul.mesh.v1alpha1.TLSParameters.cipher_suites:type_name -> hashicorp.consul.mesh.v1alpha1.TLSCipherSuite
+	15, // [15:15] is the sub-list for method output_type
+	15, // [15:15] is the sub-list for method input_type
+	15, // [15:15] is the sub-list for extension type_name
+	15, // [15:15] is the sub-list for extension extendee
+	0,  // [0:15] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_transport_socket_proto_init() }
+func file_pbmesh_v1alpha1_transport_socket_proto_init() {
+	if File_pbmesh_v1alpha1_transport_socket_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TLS); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TransportSocket); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InboundMeshMTLS); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OutboundMeshMTLS); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InboundNonMeshTLS); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OutboundNonMeshTLS); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*MeshInboundValidationContext); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*MeshOutboundValidationContext); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NonMeshOutboundValidationContext); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SDSCertificate); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TLSParameters); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LeafCertificate); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TrustBundle); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[1].OneofWrappers = []interface{}{
+		(*TransportSocket_InboundMesh)(nil),
+		(*TransportSocket_OutboundMesh)(nil),
+		(*TransportSocket_InboundNonMesh)(nil),
+		(*TransportSocket_OutboundNonMesh)(nil),
+	}
+	file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[4].OneofWrappers = []interface{}{
+		(*InboundNonMeshTLS_LeafKey)(nil),
+		(*InboundNonMeshTLS_Sds)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_transport_socket_proto_rawDesc,
+			NumEnums:      2,
+			NumMessages:   14,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_transport_socket_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_transport_socket_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_transport_socket_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_transport_socket_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_transport_socket_proto = out.File
+	file_pbmesh_v1alpha1_transport_socket_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_transport_socket_proto_goTypes = nil
+	file_pbmesh_v1alpha1_transport_socket_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/transport_socket.proto b/proto-public/pbmesh/v1alpha1/transport_socket.proto
new file mode 100644
index 000000000000..8b9b8359783e
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/transport_socket.proto
@@ -0,0 +1,136 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+message TLS {
+  // inbound_tls_parameters has default TLS parameter configuration for inbound connections. These can be overridden per
+  // transport socket.
+  TLSParameters inbound_tls_parameters = 1;
+  // outbound_tls_parameters has default TLS parameter configuration for inbound connections. These can be overridden per transport socket.
+  TLSParameters outbound_tls_parameters = 2;
+  // TrustBundles is a map of peer name to trust domain. The V2 resource tenancy field will have the peer, which will be either local, or have a peer name. The map keys would be "local" or the name of the peer if it is for a remote peer. The peer name and trust domain will be used to look up CA pems for a trust domain.
+  map<string, string> trust_bundles = 3;
+}
+
+message TransportSocket {
+  oneof connection_tls {
+    // inbound_mesh is for incoming connections FROM the mesh.
+    InboundMeshMTLS inbound_mesh = 1;
+    // outbound_mesh is for outbound connections TO mesh destinations.
+    OutboundMeshMTLS outbound_mesh = 2;
+    // inbound_non_mesh is for incoming connections FROM non mesh.
+    InboundNonMeshTLS inbound_non_mesh = 3;
+    // outbound_non_mesh is for outbound connections TO non mesh destinations.
+    OutboundNonMeshTLS outbound_non_mesh = 4;
+  }
+  // tls_parameters can override any top level tls parameters that are configured.
+  TLSParameters tls_parameters = 5;
+  repeated string alpn_protocols = 6;
+}
+
+message InboundMeshMTLS {
+  // identity_key is UUID key to use to look up the leaf certificate in ProxyState to present for incoming connections.
+  string identity_key = 1;
+  // validation_context has what is needed to validate incoming connections.
+  MeshInboundValidationContext validation_context = 2;
+}
+
+message OutboundMeshMTLS {
+  // identity_key is UUID key to use to look up the leaf certificate in ProxyState when connecting to destinations.
+  string identity_key = 1;
+  // validation_context has what is needed to validate the destination.
+  MeshOutboundValidationContext validation_context = 2;
+  // sni to use when connecting to the destination.
+  string sni = 3;
+}
+
+message InboundNonMeshTLS {
+  // identity is the reference to the leaf certificate to present for incoming connections.
+  oneof identity {
+    // leaf_key is the UUID key to use to look up the leaf certificate in the ProxyState leaf certificate map.
+    string leaf_key = 1;
+    // sds refers to certificates retrieved via Envoy SDS.
+    SDSCertificate sds = 2;
+  }
+}
+
+message OutboundNonMeshTLS {
+  // cert_file is a filename for a certificate to present for outbound connections.
+  string cert_file = 1;
+  // key_file is a filename for a key for outbound connections.
+  string key_file = 2;
+  // validation_context has what is needed to validate the destination.
+  NonMeshOutboundValidationContext validation_context = 3;
+}
+
+message MeshInboundValidationContext {
+  // trust_bundle_peer_name_keys is which trust bundles to use for validating incoming connections. If this workload is exported
+  // to peers, the incoming connection could be from a different peer, requiring that trust bundle to validate the
+  // connection. These could be local or peered trust bundles. This will be a key in the trust bundle map.
+  repeated string trust_bundle_peer_name_keys = 1;
+}
+
+message MeshOutboundValidationContext {
+  // trust_bundle_peer_name_key is which trust bundle to use for the destination. It could be the local or a peer's trust bundle.
+  // This will be a key in the trust bundle map.
+  string trust_bundle_peer_name_key = 1;
+  // spiffe_ids is one or more spiffe IDs to validate.
+  repeated string spiffe_ids = 2;
+}
+
+message NonMeshOutboundValidationContext {
+  // ca_file is a filename for a ca for outbound connections to validate the destination.
+  string ca_file = 1;
+}
+
+message SDSCertificate {
+  string cluster_name = 1;
+  string cert_resource = 2;
+}
+
+message TLSParameters {
+  TLSVersion min_version = 1;
+  TLSVersion max_version = 2;
+  repeated TLSCipherSuite cipher_suites = 3;
+}
+
+message LeafCertificate {
+  string cert = 1;
+  string key = 2;
+}
+
+message TrustBundle {
+  string ca = 1;
+}
+
+enum TLSVersion {
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  TLS_VERSION_AUTO = 0;
+  TLS_VERSION_1_0 = 1;
+  TLS_VERSION_1_1 = 2;
+  TLS_VERSION_1_2 = 3;
+  TLS_VERSION_1_3 = 4;
+  TLS_VERSION_INVALID = 5;
+  TLS_VERSION_UNSPECIFIED = 6;
+}
+
+enum TLSCipherSuite {
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256 = 0;
+  TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305 = 1;
+  TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256 = 2;
+  TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305 = 3;
+  TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA = 4;
+  TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA = 5;
+  TLS_CIPHER_SUITE_AES128_GCM_SHA256 = 6;
+  TLS_CIPHER_SUITE_AES128_SHA = 7;
+  TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384 = 8;
+  TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384 = 9;
+  TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA = 10;
+  TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA = 11;
+  TLS_CIPHER_SUITE_AES256_GCM_SHA384 = 12;
+  TLS_CIPHER_SUITE_AES256_SHA = 13;
+}
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
index a4e2cc66c82e..61f9709cdcd1 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
+++ b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
@@ -15,6 +15,7 @@ import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	durationpb "google.golang.org/protobuf/types/known/durationpb"
+	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
 	reflect "reflect"
 	sync "sync"
 )
@@ -280,16 +281,16 @@ type UpstreamLimits struct {
 
 	// max_connections is the maximum number of connections the local proxy can
 	// make to the upstream service.
-	MaxConnections int32 `protobuf:"varint,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"`
+	MaxConnections *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"`
 	// max_pending_requests is the maximum number of requests that will be queued
 	// waiting for an available connection. This is mostly applicable to HTTP/1.1
 	// clusters since all HTTP/2 requests are streamed over a single
 	// connection.
-	MaxPendingRequests int32 `protobuf:"varint,2,opt,name=max_pending_requests,json=maxPendingRequests,proto3" json:"max_pending_requests,omitempty"`
+	MaxPendingRequests *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=max_pending_requests,json=maxPendingRequests,proto3" json:"max_pending_requests,omitempty"`
 	// max_concurrent_requests is the maximum number of in-flight requests that will be allowed
 	// to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
 	// clusters since all HTTP/1.1 requests are limited by MaxConnections.
-	MaxConcurrentRequests int32 `protobuf:"varint,3,opt,name=max_concurrent_requests,json=maxConcurrentRequests,proto3" json:"max_concurrent_requests,omitempty"`
+	MaxConcurrentRequests *wrapperspb.UInt32Value `protobuf:"bytes,3,opt,name=max_concurrent_requests,json=maxConcurrentRequests,proto3" json:"max_concurrent_requests,omitempty"`
 }
 
 func (x *UpstreamLimits) Reset() {
@@ -324,25 +325,25 @@ func (*UpstreamLimits) Descriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP(), []int{3}
 }
 
-func (x *UpstreamLimits) GetMaxConnections() int32 {
+func (x *UpstreamLimits) GetMaxConnections() *wrapperspb.UInt32Value {
 	if x != nil {
 		return x.MaxConnections
 	}
-	return 0
+	return nil
 }
 
-func (x *UpstreamLimits) GetMaxPendingRequests() int32 {
+func (x *UpstreamLimits) GetMaxPendingRequests() *wrapperspb.UInt32Value {
 	if x != nil {
 		return x.MaxPendingRequests
 	}
-	return 0
+	return nil
 }
 
-func (x *UpstreamLimits) GetMaxConcurrentRequests() int32 {
+func (x *UpstreamLimits) GetMaxConcurrentRequests() *wrapperspb.UInt32Value {
 	if x != nil {
 		return x.MaxConcurrentRequests
 	}
-	return 0
+	return nil
 }
 
 type PassiveHealthCheck struct {
@@ -425,6 +426,8 @@ var file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDesc = []byte{
 	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a,
 	0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
 	0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
+	0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
 	0x21, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
 	0x68, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x1a, 0x21, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31,
@@ -503,47 +506,53 @@ var file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDesc = []byte{
 	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
 	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74,
 	0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x68, 0x47, 0x61,
-	0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0xa3, 0x01, 0x0a, 0x0e, 0x55, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x27, 0x0a, 0x0f,
+	0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0xfd, 0x01, 0x0a, 0x0e, 0x55, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x45, 0x0a, 0x0f,
 	0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e,
-	0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63,
-	0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e,
-	0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22,
-	0xaa, 0x01, 0x0a, 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74,
-	0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76,
-	0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x21, 0x0a,
-	0x0c, 0x6d, 0x61, 0x78, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x61, 0x78, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73,
-	0x12, 0x3a, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f,
-	0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x0d, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f,
-	0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x42, 0xa3, 0x02, 0x0a,
-	0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x42, 0x1b, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f,
-	0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d,
-	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73,
-	0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa,
-	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02,
-	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x12, 0x4e, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69,
+	0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52,
+	0x12, 0x6d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x73, 0x12, 0x54, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75,
+	0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e,
+	0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0xaa, 0x01, 0x0a, 0x12, 0x50, 0x61,
+	0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b,
+	0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x78, 0x5f, 0x66,
+	0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x6d,
+	0x61, 0x78, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x65, 0x6e,
+	0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74,
+	0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x65,
+	0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74,
+	0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x42, 0xa3, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x1b, 0x55,
+	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69,
+	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
+	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73,
+	0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
+	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d,
+	0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42,
+	0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65,
+	0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -571,6 +580,7 @@ var file_pbmesh_v1alpha1_upstreams_configuration_proto_goTypes = []interface{}{
 	(*durationpb.Duration)(nil),       // 8: google.protobuf.Duration
 	(BalanceConnections)(0),           // 9: hashicorp.consul.mesh.v1alpha1.BalanceConnections
 	(MeshGatewayMode)(0),              // 10: hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
+	(*wrapperspb.UInt32Value)(nil),    // 11: google.protobuf.UInt32Value
 }
 var file_pbmesh_v1alpha1_upstreams_configuration_proto_depIdxs = []int32{
 	5,  // 0: hashicorp.consul.mesh.v1alpha1.UpstreamsConfiguration.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
@@ -584,12 +594,15 @@ var file_pbmesh_v1alpha1_upstreams_configuration_proto_depIdxs = []int32{
 	4,  // 8: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.passive_health_check:type_name -> hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck
 	9,  // 9: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.balance_outbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceConnections
 	10, // 10: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
-	8,  // 11: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck.interval:type_name -> google.protobuf.Duration
-	12, // [12:12] is the sub-list for method output_type
-	12, // [12:12] is the sub-list for method input_type
-	12, // [12:12] is the sub-list for extension type_name
-	12, // [12:12] is the sub-list for extension extendee
-	0,  // [0:12] is the sub-list for field type_name
+	11, // 11: hashicorp.consul.mesh.v1alpha1.UpstreamLimits.max_connections:type_name -> google.protobuf.UInt32Value
+	11, // 12: hashicorp.consul.mesh.v1alpha1.UpstreamLimits.max_pending_requests:type_name -> google.protobuf.UInt32Value
+	11, // 13: hashicorp.consul.mesh.v1alpha1.UpstreamLimits.max_concurrent_requests:type_name -> google.protobuf.UInt32Value
+	8,  // 14: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck.interval:type_name -> google.protobuf.Duration
+	15, // [15:15] is the sub-list for method output_type
+	15, // [15:15] is the sub-list for method input_type
+	15, // [15:15] is the sub-list for extension type_name
+	15, // [15:15] is the sub-list for extension extendee
+	0,  // [0:15] is the sub-list for field type_name
 }
 
 func init() { file_pbmesh_v1alpha1_upstreams_configuration_proto_init() }
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto b/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
index 9124528e2d90..81bbbf5f8269 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
+++ b/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
@@ -6,6 +6,7 @@ syntax = "proto3";
 package hashicorp.consul.mesh.v1alpha1;
 
 import "google/protobuf/duration.proto";
+import "google/protobuf/wrappers.proto";
 import "pbcatalog/v1alpha1/protocol.proto";
 import "pbcatalog/v1alpha1/selector.proto";
 import "pbmesh/v1alpha1/connection.proto";
@@ -73,18 +74,18 @@ message UpstreamConfig {
 message UpstreamLimits {
   // max_connections is the maximum number of connections the local proxy can
   // make to the upstream service.
-  int32 max_connections = 1;
+  google.protobuf.UInt32Value max_connections = 1;
 
   // max_pending_requests is the maximum number of requests that will be queued
   // waiting for an available connection. This is mostly applicable to HTTP/1.1
   // clusters since all HTTP/2 requests are streamed over a single
   // connection.
-  int32 max_pending_requests = 2;
+  google.protobuf.UInt32Value max_pending_requests = 2;
 
   // max_concurrent_requests is the maximum number of in-flight requests that will be allowed
   // to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
   // clusters since all HTTP/1.1 requests are limited by MaxConnections.
-  int32 max_concurrent_requests = 3;
+  google.protobuf.UInt32Value max_concurrent_requests = 3;
 }
 
 message PassiveHealthCheck {

From 7e01fcf5c05237ce8ebdc87ee5582be5e532d778 Mon Sep 17 00:00:00 2001
From: Dan Bond <danbond@protonmail.com>
Date: Fri, 21 Jul 2023 10:00:37 -0700
Subject: [PATCH 203/359] ci: don't verify s390x (#18224)

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 40275b36ce7b..3888b612872d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -371,7 +371,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        arch: ["386", "amd64", "arm", "arm64", "s390x"]
+        arch: ["386", "amd64", "arm", "arm64"]
       fail-fast: true
     env:
       version: ${{ needs.set-product-version.outputs.product-version }}

From 6671d7ebd7a08639b891c62b18e3411d8d28b3ee Mon Sep 17 00:00:00 2001
From: Jeremy Jacobson <jjacobson93@users.noreply.github.com>
Date: Fri, 21 Jul 2023 10:33:22 -0700
Subject: [PATCH 204/359] [CC-5718] Remove HCP token requirement during
 bootstrap (#18140)

* [CC-5718] Remove HCP token requirement during bootstrap

* Re-add error for loading HCP management token

* Remove old comment

* Add changelog entry

* Remove extra validation line

* Apply suggestions from code review

Co-authored-by: lornasong <lornasong@users.noreply.github.com>

---------

Co-authored-by: lornasong <lornasong@users.noreply.github.com>
---
 .changelog/18140.txt                  |  3 +++
 agent/hcp/bootstrap/bootstrap.go      | 25 +++++++++---------
 agent/hcp/bootstrap/bootstrap_test.go | 37 +++++++++++++++------------
 3 files changed, 37 insertions(+), 28 deletions(-)
 create mode 100644 .changelog/18140.txt

diff --git a/.changelog/18140.txt b/.changelog/18140.txt
new file mode 100644
index 000000000000..fabd9fc2916b
--- /dev/null
+++ b/.changelog/18140.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+hcp: Removes requirement for HCP to provide a management token
+```
diff --git a/agent/hcp/bootstrap/bootstrap.go b/agent/hcp/bootstrap/bootstrap.go
index 38fa7d22746b..191859ea002b 100644
--- a/agent/hcp/bootstrap/bootstrap.go
+++ b/agent/hcp/bootstrap/bootstrap.go
@@ -298,21 +298,25 @@ func persistAndProcessConfig(dataDir string, devMode bool, bsCfg *hcpclient.Boot
 			return "", fmt.Errorf("failed to persist bootstrap config: %w", err)
 		}
 
-		if err := validateManagementToken(bsCfg.ManagementToken); err != nil {
-			return "", fmt.Errorf("invalid management token: %w", err)
-		}
-		if err := persistManagementToken(dir, bsCfg.ManagementToken); err != nil {
-			return "", fmt.Errorf("failed to persist HCP management token: %w", err)
+		// HCP only returns the management token if it requires Consul to
+		// initialize it
+		if bsCfg.ManagementToken != "" {
+			if err := validateManagementToken(bsCfg.ManagementToken); err != nil {
+				return "", fmt.Errorf("invalid management token: %w", err)
+			}
+			if err := persistManagementToken(dir, bsCfg.ManagementToken); err != nil {
+				return "", fmt.Errorf("failed to persist HCP management token: %w", err)
+			}
 		}
 
-		if err := persistSucessMarker(dir); err != nil {
+		if err := persistSuccessMarker(dir); err != nil {
 			return "", fmt.Errorf("failed to persist success marker: %w", err)
 		}
 	}
 	return cfgJSON, nil
 }
 
-func persistSucessMarker(dir string) error {
+func persistSuccessMarker(dir string) error {
 	name := filepath.Join(dir, successFileName)
 	return os.WriteFile(name, []byte(""), 0600)
 
@@ -352,12 +356,9 @@ func persistTLSCerts(dir string, serverCert, serverKey string, caCerts []string)
 	return nil
 }
 
-// Basic validation to ensure a UUID was loaded.
+// Basic validation to ensure a UUID was loaded and assumes the token is non-empty
 func validateManagementToken(token string) error {
-	if token == "" {
-		return errors.New("missing HCP management token")
-	}
-
+	// note: we assume that the token is not an empty string
 	if _, err := uuid.ParseUUID(token); err != nil {
 		return errors.New("management token is not a valid UUID")
 	}
diff --git a/agent/hcp/bootstrap/bootstrap_test.go b/agent/hcp/bootstrap/bootstrap_test.go
index 7cb46a32bf2f..74b57e5f50ab 100644
--- a/agent/hcp/bootstrap/bootstrap_test.go
+++ b/agent/hcp/bootstrap/bootstrap_test.go
@@ -305,9 +305,10 @@ func Test_loadPersistedBootstrapConfig(t *testing.T) {
 		warning string
 	}
 	type testCase struct {
-		existingCluster bool
-		mutateFn        func(t *testing.T, dir string)
-		expect          expect
+		existingCluster        bool
+		disableManagementToken bool
+		mutateFn               func(t *testing.T, dir string)
+		expect                 expect
 	}
 
 	run := func(t *testing.T, tc testCase) {
@@ -319,7 +320,7 @@ func Test_loadPersistedBootstrapConfig(t *testing.T) {
 
 		// Do some common setup as if we received config from HCP and persisted it to disk.
 		require.NoError(t, lib.EnsurePath(dir, true))
-		require.NoError(t, persistSucessMarker(dir))
+		require.NoError(t, persistSuccessMarker(dir))
 
 		if !tc.existingCluster {
 			caCert, caKey, err := tlsutil.GenerateCA(tlsutil.CAOpts{})
@@ -333,9 +334,12 @@ func Test_loadPersistedBootstrapConfig(t *testing.T) {
 			require.NoError(t, persistBootstrapConfig(dir, cfgJSON))
 		}
 
-		token, err := uuid.GenerateUUID()
-		require.NoError(t, err)
-		require.NoError(t, persistManagementToken(dir, token))
+		var token string
+		if !tc.disableManagementToken {
+			token, err = uuid.GenerateUUID()
+			require.NoError(t, err)
+			require.NoError(t, persistManagementToken(dir, token))
+		}
 
 		// Optionally mutate the persisted data to trigger errors while loading.
 		if tc.mutateFn != nil {
@@ -348,7 +352,6 @@ func Test_loadPersistedBootstrapConfig(t *testing.T) {
 		if loaded {
 			require.Equal(t, token, cfg.ManagementToken)
 			require.Empty(t, ui.ErrorWriter.String())
-
 		} else {
 			require.Nil(t, cfg)
 			require.Contains(t, ui.ErrorWriter.String(), tc.expect.warning)
@@ -365,15 +368,11 @@ func Test_loadPersistedBootstrapConfig(t *testing.T) {
 				warning: "",
 			},
 		},
-		"existing cluster missing token": {
-			existingCluster: true,
-			mutateFn: func(t *testing.T, dir string) {
-				// Remove the token file while leaving the existing cluster marker.
-				require.NoError(t, os.Remove(filepath.Join(dir, tokenFileName)))
-			},
+		"existing cluster no token": {
+			existingCluster:        true,
+			disableManagementToken: true,
 			expect: expect{
-				loaded:  false,
-				warning: "configuration files on disk are incomplete",
+				loaded: false,
 			},
 		},
 		"existing cluster no files": {
@@ -396,6 +395,12 @@ func Test_loadPersistedBootstrapConfig(t *testing.T) {
 				warning: "",
 			},
 		},
+		"new cluster with no token": {
+			disableManagementToken: true,
+			expect: expect{
+				loaded: false,
+			},
+		},
 		"new cluster some files": {
 			mutateFn: func(t *testing.T, dir string) {
 				// Remove one of the required files

From c138f24cfd320e40691ef7470ec8d07f6094c88c Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Fri, 21 Jul 2023 15:31:41 -0400
Subject: [PATCH 205/359] [NET-4122] Doc guidance for federation with
 externalServers (#18207)

Doc guidance for federation with externalServers

Add guidance for proper configuration when joining to a secondary
cluster using WAN fed with external servers also enabled.

Also clarify federation requirements and fix formatting for an
unrelated value.

Update both the Helm chart reference (synced from `consul-k8s`, see
hashicorp/consul-k8s#2583) and the docs on using `externalServers`.
---
 .../servers-outside-kubernetes.mdx                |  4 ++++
 website/content/docs/k8s/helm.mdx                 | 15 +++++++++++----
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/website/content/docs/k8s/deployment-configurations/servers-outside-kubernetes.mdx b/website/content/docs/k8s/deployment-configurations/servers-outside-kubernetes.mdx
index 4827b0767aa7..a794f3643d5e 100644
--- a/website/content/docs/k8s/deployment-configurations/servers-outside-kubernetes.mdx
+++ b/website/content/docs/k8s/deployment-configurations/servers-outside-kubernetes.mdx
@@ -114,6 +114,10 @@ to create policies, tokens, and an auth method. If you are [enabling Consul serv
 so that the Consul servers can validate a Kubernetes service account token when using the [Kubernetes auth method](/consul/docs/security/acl/auth-methods/kubernetes)
 with `consul login`.
 
+-> **Note:** If `externalServers.k8sAuthMethodHost` is set and you are also using WAN federation 
+(`global.federation.enabled` is set to `true`), ensure that `global.federation.k8sAuthMethodHost` is set to the same 
+value as `externalServers.k8sAuthMethodHost`.
+
 <CodeBlockConfig filename="values.yaml">
 
 ```yaml
diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx
index 06f77f32a98b..011133251ad9 100644
--- a/website/content/docs/k8s/helm.mdx
+++ b/website/content/docs/k8s/helm.mdx
@@ -484,8 +484,9 @@ Use these links to navigate to a particular top-level stanza.
     - `enabled` ((#v-global-federation-enabled)) (`boolean: false`) - If enabled, this datacenter will be federation-capable. Only federation
       via mesh gateways is supported.
       Mesh gateways and servers will be configured to allow federation.
-      Requires `global.tls.enabled`, `meshGateway.enabled` and `connectInject.enabled`
-      to be true. Requires Consul 1.8+.
+      Requires `global.tls.enabled`, `connectInject.enabled`, and one of 
+      `meshGateway.enabled` or `externalServers.enabled` to be true.
+      Requires Consul 1.8+.
 
     - `createFederationSecret` ((#v-global-federation-createfederationsecret)) (`boolean: false`) - If true, the chart will create a Kubernetes secret that can be imported
       into secondary datacenters so they can federate with this datacenter. The
@@ -497,8 +498,8 @@ Use these links to navigate to a particular top-level stanza.
 
     - `primaryDatacenter` ((#v-global-federation-primarydatacenter)) (`string: null`) - The name of the primary datacenter.
 
-    - `primaryGateways` ((#v-global-federation-primarygateways)) (`array<string>: []`) - A list of addresses of the primary mesh gateways in the form `<ip>:<port>`.
-      (e.g. ["1.1.1.1:443", "2.3.4.5:443"]
+    - `primaryGateways` ((#v-global-federation-primarygateways)) (`array<string>: []`) - A list of addresses of the primary mesh gateways in the form `<ip>:<port>`
+      (e.g. `["1.1.1.1:443", "2.3.4.5:443"]`).
 
     - `k8sAuthMethodHost` ((#v-global-federation-k8sauthmethodhost)) (`string: null`) - If you are setting `global.federation.enabled` to true and are in a secondary datacenter,
       set `k8sAuthMethodHost` to the address of the Kubernetes API server of the secondary datacenter.
@@ -507,6 +508,9 @@ Use these links to navigate to a particular top-level stanza.
       from the one used by the Consul Service Mesh.
       Please refer to the [Kubernetes Auth Method documentation](/consul/docs/security/acl/auth-methods/kubernetes).
 
+      If `externalServers.enabled` is set to true, `global.federation.k8sAuthMethodHost` and 
+      `externalServers.k8sAuthMethodHost` should be set to the same value.
+
       You can retrieve this value from your `kubeconfig` by running:
 
       ```shell-session
@@ -1120,6 +1124,9 @@ Use these links to navigate to a particular top-level stanza.
     This address must be reachable from the Consul servers.
     Please refer to the [Kubernetes Auth Method documentation](/consul/docs/security/acl/auth-methods/kubernetes).
 
+    If `global.federation.enabled` is set to true, `global.federation.k8sAuthMethodHost` and 
+    `externalServers.k8sAuthMethodHost` should be set to the same value.
+
     You could retrieve this value from your `kubeconfig` by running:
 
     ```shell-session

From 8e3a1ddeb6ccce3d5e148d88095eb89e7adc939c Mon Sep 17 00:00:00 2001
From: Dan Stough <dan.stough@hashicorp.com>
Date: Fri, 21 Jul 2023 17:48:25 -0400
Subject: [PATCH 206/359] [OSS] Improve xDS Code Coverage - Endpoints and Misc
 (#18222)

test: improve xDS endpoints code coverage
---
 agent/proxycfg/testing.go                     |  60 +++-
 agent/proxycfg/testing_mesh_gateway.go        |  30 +-
 agent/structs/structs_test.go                 |   2 +-
 agent/structs/testing_catalog.go              |   9 +-
 agent/xds/clusters_test.go                    |  19 ++
 agent/xds/config.go                           |   4 +-
 agent/xds/delta_test.go                       |   6 +
 agent/xds/endpoints.go                        |   3 +-
 agent/xds/endpoints_test.go                   |   7 +
 agent/xds/rbac.go                             |   3 +
 ...thcheck-zero-consecutive_5xx.latest.golden | 133 +++++++++
 ...upstream-with-prepared-query.latest.golden | 154 +++++-----
 ...efaults-passive-health-check.latest.golden |  81 +++---
 ...ing-federation-control-plane.latest.golden | 260 ++++++++---------
 ...ed-services-http-with-router.latest.golden | 115 ++++----
 ...ing-federation-control-plane.latest.golden | 249 ++++++++++++++++
 ...ed-services-http-with-router.latest.golden | 100 +++++++
 ...ixed-cipher-suites-listeners.latest.golden | 180 ++++++------
 ...-mixed-max-version-listeners.latest.golden | 266 +++++++++---------
 ...ing-federation-control-plane.latest.golden | 178 ++++++------
 20 files changed, 1224 insertions(+), 635 deletions(-)
 create mode 100644 agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden
 create mode 100644 agent/xds/testdata/endpoints/mesh-gateway-using-federation-control-plane.latest.golden

diff --git a/agent/proxycfg/testing.go b/agent/proxycfg/testing.go
index ac68994cb8f1..4ec19469a98b 100644
--- a/agent/proxycfg/testing.go
+++ b/agent/proxycfg/testing.go
@@ -167,7 +167,7 @@ func TestUpstreamNodes(t testing.T, service string) structs.CheckServiceNodes {
 				Datacenter: "dc1",
 				Partition:  structs.NodeEnterpriseMetaInDefaultPartition().PartitionOrEmpty(),
 			},
-			Service: structs.TestNodeServiceWithName(t, service),
+			Service: structs.TestNodeServiceWithName(service),
 		},
 		structs.CheckServiceNode{
 			Node: &structs.Node{
@@ -177,7 +177,47 @@ func TestUpstreamNodes(t testing.T, service string) structs.CheckServiceNodes {
 				Datacenter: "dc1",
 				Partition:  structs.NodeEnterpriseMetaInDefaultPartition().PartitionOrEmpty(),
 			},
-			Service: structs.TestNodeServiceWithName(t, service),
+			Service: structs.TestNodeServiceWithName(service),
+		},
+	}
+}
+
+// TestUpstreamNodesWithServiceSubset returns a sample service discovery result with one instance tagged v1
+// and the other tagged v2
+func TestUpstreamNodesWithServiceSubset(t testing.T, service string) structs.CheckServiceNodes {
+	return structs.CheckServiceNodes{
+		structs.CheckServiceNode{
+			Node: &structs.Node{
+				ID:         "test1",
+				Node:       "test1",
+				Address:    "10.10.1.3",
+				Datacenter: "dc1",
+				Partition:  structs.NodeEnterpriseMetaInDefaultPartition().PartitionOrEmpty(),
+			},
+			Service: &structs.NodeService{
+				Kind:    structs.ServiceKindTypical,
+				Service: service,
+				Port:    8080,
+				Meta:    map[string]string{"Version": "1"},
+				Weights: &structs.Weights{
+					Passing: 300, // Check that this gets normalized to 128
+				},
+			},
+		},
+		structs.CheckServiceNode{
+			Node: &structs.Node{
+				ID:         "test2",
+				Node:       "test2",
+				Address:    "10.10.1.4",
+				Datacenter: "dc1",
+				Partition:  structs.NodeEnterpriseMetaInDefaultPartition().PartitionOrEmpty(),
+			},
+			Service: &structs.NodeService{
+				Kind:    structs.ServiceKindTypical,
+				Service: service,
+				Port:    8080,
+				Meta:    map[string]string{"Version": "2"},
+			},
 		},
 	}
 }
@@ -231,7 +271,7 @@ func TestUpstreamNodesInStatus(t testing.T, status string) structs.CheckServiceN
 				Address:    "10.10.1.1",
 				Datacenter: "dc1",
 			},
-			Service: structs.TestNodeService(t),
+			Service: structs.TestNodeService(),
 			Checks: structs.HealthChecks{
 				&structs.HealthCheck{
 					Node:        "test1",
@@ -248,7 +288,7 @@ func TestUpstreamNodesInStatus(t testing.T, status string) structs.CheckServiceN
 				Address:    "10.10.1.2",
 				Datacenter: "dc1",
 			},
-			Service: structs.TestNodeService(t),
+			Service: structs.TestNodeService(),
 			Checks: structs.HealthChecks{
 				&structs.HealthCheck{
 					Node:        "test2",
@@ -270,7 +310,7 @@ func TestUpstreamNodesDC2(t testing.T) structs.CheckServiceNodes {
 				Address:    "10.20.1.1",
 				Datacenter: "dc2",
 			},
-			Service: structs.TestNodeService(t),
+			Service: structs.TestNodeService(),
 		},
 		structs.CheckServiceNode{
 			Node: &structs.Node{
@@ -279,7 +319,7 @@ func TestUpstreamNodesDC2(t testing.T) structs.CheckServiceNodes {
 				Address:    "10.20.1.2",
 				Datacenter: "dc2",
 			},
-			Service: structs.TestNodeService(t),
+			Service: structs.TestNodeService(),
 		},
 	}
 }
@@ -293,7 +333,7 @@ func TestUpstreamNodesInStatusDC2(t testing.T, status string) structs.CheckServi
 				Address:    "10.20.1.1",
 				Datacenter: "dc2",
 			},
-			Service: structs.TestNodeService(t),
+			Service: structs.TestNodeService(),
 			Checks: structs.HealthChecks{
 				&structs.HealthCheck{
 					Node:        "test1",
@@ -310,7 +350,7 @@ func TestUpstreamNodesInStatusDC2(t testing.T, status string) structs.CheckServi
 				Address:    "10.20.1.2",
 				Datacenter: "dc2",
 			},
-			Service: structs.TestNodeService(t),
+			Service: structs.TestNodeService(),
 			Checks: structs.HealthChecks{
 				&structs.HealthCheck{
 					Node:        "test2",
@@ -332,7 +372,7 @@ func TestUpstreamNodesAlternate(t testing.T) structs.CheckServiceNodes {
 				Address:    "10.20.1.1",
 				Datacenter: "dc1",
 			},
-			Service: structs.TestNodeService(t),
+			Service: structs.TestNodeService(),
 		},
 		structs.CheckServiceNode{
 			Node: &structs.Node{
@@ -341,7 +381,7 @@ func TestUpstreamNodesAlternate(t testing.T) structs.CheckServiceNodes {
 				Address:    "10.20.1.2",
 				Datacenter: "dc1",
 			},
-			Service: structs.TestNodeService(t),
+			Service: structs.TestNodeService(),
 		},
 	}
 }
diff --git a/agent/proxycfg/testing_mesh_gateway.go b/agent/proxycfg/testing_mesh_gateway.go
index b45595502ec2..c414a09caf72 100644
--- a/agent/proxycfg/testing_mesh_gateway.go
+++ b/agent/proxycfg/testing_mesh_gateway.go
@@ -766,8 +766,12 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(
 				Kind: structs.ServiceResolver,
 				Name: "api",
 				Subsets: map[string]structs.ServiceResolverSubset{
+					"v1": {
+						Filter: "Service.Meta.Version == 1",
+					},
 					"v2": {
-						Filter: "Service.Meta.version == v2",
+						Filter:      "Service.Meta.Version == 2",
+						OnlyPassing: true,
 					},
 				},
 			},
@@ -817,6 +821,7 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(
 		var (
 			dbSN  = structs.NewServiceName("db", nil)
 			altSN = structs.NewServiceName("alt", nil)
+			apiSN = structs.NewServiceName("api", nil)
 
 			dbChain = discoverychain.TestCompileConfigEntries(t, "db", "default", "default", "dc1", connect.TestClusterID+".consul", nil, set)
 		)
@@ -826,6 +831,7 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(
 		discoChains[dbSN] = dbChain
 		endpoints[dbSN] = TestUpstreamNodes(t, "db")
 		endpoints[altSN] = TestUpstreamNodes(t, "alt")
+		endpoints[apiSN] = TestUpstreamNodesWithServiceSubset(t, "api")
 
 		extraUpdates = append(extraUpdates,
 			UpdateEvent{
@@ -849,7 +855,29 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(
 					},
 				},
 			},
+			UpdateEvent{
+				CorrelationID: serviceResolversWatchID,
+				Result: &structs.IndexedConfigEntries{
+					Kind: structs.ServiceResolver,
+					Entries: []structs.ConfigEntry{
+						&structs.ServiceResolverConfigEntry{
+							Kind: structs.ServiceResolver,
+							Name: "api",
+							Subsets: map[string]structs.ServiceResolverSubset{
+								"v1": {
+									Filter: "Service.Meta.Version == 1",
+								},
+								"v2": {
+									Filter:      "Service.Meta.Version == 2",
+									OnlyPassing: true,
+								},
+							},
+						},
+					},
+				},
+			},
 		)
+
 	case "peer-through-mesh-gateway":
 
 		extraUpdates = append(extraUpdates,
diff --git a/agent/structs/structs_test.go b/agent/structs/structs_test.go
index 668f5fb08fae..20365e43bcdb 100644
--- a/agent/structs/structs_test.go
+++ b/agent/structs/structs_test.go
@@ -1358,7 +1358,7 @@ func TestStructs_NodeService_ValidateSidecarService(t *testing.T) {
 }
 
 func TestStructs_NodeService_ConnectNativeEmptyPortError(t *testing.T) {
-	ns := TestNodeService(t)
+	ns := TestNodeService()
 	ns.Connect.Native = true
 	ns.Port = 0
 	err := ns.Validate()
diff --git a/agent/structs/testing_catalog.go b/agent/structs/testing_catalog.go
index 9e72aebc7745..2706e71e360a 100644
--- a/agent/structs/testing_catalog.go
+++ b/agent/structs/testing_catalog.go
@@ -6,8 +6,9 @@ package structs
 import (
 	"fmt"
 
-	"github.com/hashicorp/consul/acl"
 	"github.com/mitchellh/go-testing-interface"
+
+	"github.com/hashicorp/consul/acl"
 )
 
 // TestRegisterRequest returns a RegisterRequest for registering a typical service.
@@ -47,11 +48,11 @@ func TestRegisterIngressGateway(t testing.T) *RegisterRequest {
 }
 
 // TestNodeService returns a *NodeService representing a valid regular service: "web".
-func TestNodeService(t testing.T) *NodeService {
-	return TestNodeServiceWithName(t, "web")
+func TestNodeService() *NodeService {
+	return TestNodeServiceWithName("web")
 }
 
-func TestNodeServiceWithName(t testing.T, name string) *NodeService {
+func TestNodeServiceWithName(name string) *NodeService {
 	return &NodeService{
 		Kind:    ServiceKindTypical,
 		Service: name,
diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
index 0db68eab26ce..fa8e625fdde1 100644
--- a/agent/xds/clusters_test.go
+++ b/agent/xds/clusters_test.go
@@ -36,6 +36,10 @@ func uint32ptr(i uint32) *uint32 {
 	return &i
 }
 
+func durationPtr(d time.Duration) *time.Duration {
+	return &d
+}
+
 func makeClusterDiscoChainTests(enterprise bool) []clusterTestCase {
 	return []clusterTestCase{
 		{
@@ -384,6 +388,20 @@ func TestClustersFromSnapshot(t *testing.T) {
 				}, nil)
 			},
 		},
+		{
+			name: "custom-passive-healthcheck-zero-consecutive_5xx",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) {
+					ns.Proxy.Upstreams[0].Config["passive_health_check"] = map[string]interface{}{
+						"enforcing_consecutive_5xx": float64(0),
+						"max_failures":              float64(5),
+						"interval":                  float64(10 * time.Second),
+						"max_ejection_percent":      float64(100),
+						"base_ejection_time":        float64(10 * time.Second),
+					}
+				}, nil)
+			},
+		},
 		{
 			name: "custom-max-inbound-connections",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -737,6 +755,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 							Interval:                8000000000,
 							EnforcingConsecutive5xx: &enforcingConsecutive5xx,
 							MaxEjectionPercent:      uint32ptr(90),
+							BaseEjectionTime:        durationPtr(12 * time.Second),
 						}
 					}, nil)
 			},
diff --git a/agent/xds/config.go b/agent/xds/config.go
index 967bcb213dec..2b8da88939dd 100644
--- a/agent/xds/config.go
+++ b/agent/xds/config.go
@@ -229,9 +229,9 @@ func ToOutlierDetection(p *structs.PassiveHealthCheck, override *structs.Passive
 		// NOTE: EnforcingConsecutive5xx must be great than 0 for ingress-gateway
 		if *override.EnforcingConsecutive5xx != 0 {
 			od.EnforcingConsecutive_5Xx = &wrapperspb.UInt32Value{Value: *override.EnforcingConsecutive5xx}
-		} else if allowZero {
-			od.EnforcingConsecutive_5Xx = &wrapperspb.UInt32Value{Value: *override.EnforcingConsecutive5xx}
 		}
+		// Because only ingress gateways have overrides and they cannot have a value of 0, there is no allowZero
+		// override case to handle
 	}
 
 	if override.MaxEjectionPercent != nil {
diff --git a/agent/xds/delta_test.go b/agent/xds/delta_test.go
index f9c77835ad11..38c7ae615f9c 100644
--- a/agent/xds/delta_test.go
+++ b/agent/xds/delta_test.go
@@ -1693,6 +1693,12 @@ func Test_applyEnvoyExtension_Validations(t *testing.T) {
 			runtimeConfig: makeRuntimeConfig(false, ">= 1.15.0", ">= 1.25.0", map[string]interface{}{"bad": "args"}),
 			err:           false,
 		},
+		{
+			name:          "valid everything - no resources and required",
+			runtimeConfig: makeRuntimeConfig(true, ">= 1.15.0", ">= 1.25.0", nil),
+			err:           true,
+			errString:     "failed to patch xDS resources in",
+		},
 		{
 			name:          "valid everything",
 			runtimeConfig: makeRuntimeConfig(false, ">= 1.15.0", ">= 1.25.0", nil),
diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go
index aef2dc31c9f0..45361b534e18 100644
--- a/agent/xds/endpoints.go
+++ b/agent/xds/endpoints.go
@@ -11,10 +11,11 @@ import (
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/go-bexpr"
 	"google.golang.org/protobuf/proto"
 
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
diff --git a/agent/xds/endpoints_test.go b/agent/xds/endpoints_test.go
index eee35103aa61..0a9524332980 100644
--- a/agent/xds/endpoints_test.go
+++ b/agent/xds/endpoints_test.go
@@ -10,6 +10,7 @@ import (
 
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
+
 	"github.com/hashicorp/consul/agent/xds/testcommon"
 
 	"github.com/mitchellh/copystructure"
@@ -361,6 +362,12 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "newer-info-in-federation-states", nil, nil)
 			},
 		},
+		{
+			name: "mesh-gateway-using-federation-control-plane",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil)
+			},
+		},
 		{
 			name: "mesh-gateway-older-information-in-federation-states",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
diff --git a/agent/xds/rbac.go b/agent/xds/rbac.go
index f38525abb78d..bfb0a39569c7 100644
--- a/agent/xds/rbac.go
+++ b/agent/xds/rbac.go
@@ -833,6 +833,9 @@ func optimizePrincipals(orig []*envoy_rbac_v3.Principal) []*envoy_rbac_v3.Princi
 		if !ok {
 			return orig
 		}
+		// In practice, you can't hit this
+		// Only JWTs (HTTP-only) generate orPrinciples, but optimizePrinciples is only called
+		// against the combined list of principles for L4 intentions.
 		orIds = append(orIds, or.OrIds.Ids...)
 	}
 
diff --git a/agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden b/agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden
new file mode 100644
index 000000000000..4cc45b94c841
--- /dev/null
+++ b/agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden
@@ -0,0 +1,133 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "circuitBreakers":  {},
+      "outlierDetection":  {
+        "consecutive5xx":  5,
+        "interval":  "10s",
+        "baseEjectionTime":  "10s",
+        "maxEjectionPercent":  100,
+        "enforcingConsecutive5xx":  0
+      },
+      "commonLbConfig":  {
+        "healthyPanicThreshold":  {}
+      },
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
+                }
+              ]
+            }
+          },
+          "sni":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
+        }
+      },
+      "connectTimeout":  "5s",
+      "circuitBreakers":  {},
+      "outlierDetection":  {},
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
+              {
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames":  [
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
+                },
+                {
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
+                }
+              ]
+            }
+          },
+          "sni":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "local_app",
+      "type":  "STATIC",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "local_app",
+        "endpoints":  [
+          {
+            "lbEndpoints":  [
+              {
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "127.0.0.1",
+                      "portValue":  8080
+                    }
+                  }
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden b/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden
index 31e9a4ab7cf3..b57d44e8ab56 100644
--- a/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden
+++ b/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden
@@ -1,21 +1,21 @@
 {
-  "versionInfo": "00000001",
-  "resources": [
+  "versionInfo":  "00000001",
+  "resources":  [
     {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "db:custom-upstream",
-      "connectTimeout": "15s",
-      "loadAssignment": {
-        "clusterName": "db:custom-upstream",
-        "endpoints": [
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "db:custom-upstream",
+      "connectTimeout":  "15s",
+      "loadAssignment":  {
+        "clusterName":  "db:custom-upstream",
+        "endpoints":  [
           {
-            "lbEndpoints": [
+            "lbEndpoints":  [
               {
-                "endpoint": {
-                  "address": {
-                    "socketAddress": {
-                      "address": "1.2.3.4",
-                      "portValue": 8443
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "1.2.3.4",
+                      "portValue":  8443
                     }
                   }
                 }
@@ -24,103 +24,103 @@
           }
         ]
       },
-      "transportSocket": {
-        "name": "tls",
-        "typedConfig": {
-          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext": {
-            "tlsParams": {},
-            "tlsCertificates": [
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
               {
-                "certificateChain": {
-                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                 },
-                "privateKey": {
-                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                 }
               }
             ],
-            "validationContext": {
-              "trustedCa": {
-                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
               }
             }
           },
-          "sni": "db.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+          "sni":  "db.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
         }
       }
     },
     {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
         }
       },
-      "connectTimeout": "5s",
-      "circuitBreakers": {},
-      "typedExtensionProtocolOptions": {
-        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
-          "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
-          "explicitHttpConfig": {
-            "http2ProtocolOptions": {}
+      "connectTimeout":  "5s",
+      "circuitBreakers":  {},
+      "typedExtensionProtocolOptions":  {
+        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions":  {
+          "@type":  "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+          "explicitHttpConfig":  {
+            "http2ProtocolOptions":  {}
           }
         }
       },
-      "outlierDetection": {},
-      "transportSocket": {
-        "name": "tls",
-        "typedConfig": {
-          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext": {
-            "tlsParams": {},
-            "tlsCertificates": [
+      "outlierDetection":  {},
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
               {
-                "certificateChain": {
-                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                 },
-                "privateKey": {
-                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                 }
               }
             ],
-            "validationContext": {
-              "trustedCa": {
-                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
               },
-              "matchSubjectAltNames": [
+              "matchSubjectAltNames":  [
                 {
-                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
                 },
                 {
-                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
                 }
               ]
             }
           },
-          "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
+          "sni":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
         }
       }
     },
     {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "local_app",
-      "type": "STATIC",
-      "connectTimeout": "5s",
-      "loadAssignment": {
-        "clusterName": "local_app",
-        "endpoints": [
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "local_app",
+      "type":  "STATIC",
+      "connectTimeout":  "5s",
+      "loadAssignment":  {
+        "clusterName":  "local_app",
+        "endpoints":  [
           {
-            "lbEndpoints": [
+            "lbEndpoints":  [
               {
-                "endpoint": {
-                  "address": {
-                    "socketAddress": {
-                      "address": "127.0.0.1",
-                      "portValue": 8080
+                "endpoint":  {
+                  "address":  {
+                    "socketAddress":  {
+                      "address":  "127.0.0.1",
+                      "portValue":  8080
                     }
                   }
                 }
@@ -131,6 +131,6 @@
       }
     }
   ],
-  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce": "00000001"
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden b/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden
index def339441530..af2488846500 100644
--- a/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden
+++ b/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden
@@ -1,66 +1,67 @@
 {
-  "versionInfo": "00000001",
-  "resources": [
+  "versionInfo":  "00000001",
+  "resources":  [
     {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
+      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type":  "EDS",
+      "edsClusterConfig":  {
+        "edsConfig":  {
+          "ads":  {},
+          "resourceApiVersion":  "V3"
         }
       },
-      "connectTimeout": "33s",
-      "circuitBreakers": {
-        "thresholds": [
+      "connectTimeout":  "33s",
+      "circuitBreakers":  {
+        "thresholds":  [
           {
-            "maxConnections": 4096,
-            "maxPendingRequests": 2048
+            "maxConnections":  4096,
+            "maxPendingRequests":  2048
           }
         ]
       },
-      "outlierDetection": {
-        "interval": "8s",
-        "maxEjectionPercent": 90,
-        "enforcingConsecutive5xx": 50
+      "outlierDetection":  {
+        "interval":  "8s",
+        "baseEjectionTime":  "12s",
+        "maxEjectionPercent":  90,
+        "enforcingConsecutive5xx":  50
       },
-      "commonLbConfig": {
-        "healthyPanicThreshold": {}
+      "commonLbConfig":  {
+        "healthyPanicThreshold":  {}
       },
-      "transportSocket": {
-        "name": "tls",
-        "typedConfig": {
-          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext": {
-            "tlsParams": {},
-            "tlsCertificates": [
+      "transportSocket":  {
+        "name":  "tls",
+        "typedConfig":  {
+          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext":  {
+            "tlsParams":  {},
+            "tlsCertificates":  [
               {
-                "certificateChain": {
-                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                "certificateChain":  {
+                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                 },
-                "privateKey": {
-                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                "privateKey":  {
+                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                 }
               }
             ],
-            "validationContext": {
-              "trustedCa": {
-                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+            "validationContext":  {
+              "trustedCa":  {
+                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
               },
-              "matchSubjectAltNames": [
+              "matchSubjectAltNames":  [
                 {
-                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
+                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
                 }
               ]
             }
           },
-          "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+          "sni":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
         }
       }
     }
   ],
-  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce": "00000001"
+  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce":  "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden
index 3383f4bbf74b..9b177efb4652 100644
--- a/agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden
+++ b/agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden
@@ -1,205 +1,205 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
         }
       },
-      "connectTimeout":  "5s",
-      "outlierDetection":  {}
+      "connectTimeout": "5s",
+      "outlierDetection": {}
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "dc2.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "dc2.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
         }
       },
-      "connectTimeout":  "5s",
-      "outlierDetection":  {}
+      "connectTimeout": "5s",
+      "outlierDetection": {}
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "dc4.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "LOGICAL_DNS",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "dc4.internal.11111111-2222-3333-4444-555555555555.consul",
-        "endpoints":  [
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "dc4.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "LOGICAL_DNS",
+      "connectTimeout": "5s",
+      "loadAssignment": {
+        "clusterName": "dc4.internal.11111111-2222-3333-4444-555555555555.consul",
+        "endpoints": [
           {
-            "lbEndpoints":  [
+            "lbEndpoints": [
               {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "123.us-west-2.elb.notaws.com",
-                      "portValue":  443
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "123.us-west-2.elb.notaws.com",
+                      "portValue": 443
                     }
                   }
                 },
-                "healthStatus":  "HEALTHY",
-                "loadBalancingWeight":  1
+                "healthStatus": "HEALTHY",
+                "loadBalancingWeight": 1
               }
             ]
           }
         ]
       },
-      "dnsRefreshRate":  "10s",
-      "dnsLookupFamily":  "V4_ONLY",
-      "outlierDetection":  {}
+      "dnsRefreshRate": "10s",
+      "dnsLookupFamily": "V4_ONLY",
+      "outlierDetection": {}
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "dc6.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "LOGICAL_DNS",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "dc6.internal.11111111-2222-3333-4444-555555555555.consul",
-        "endpoints":  [
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "dc6.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "LOGICAL_DNS",
+      "connectTimeout": "5s",
+      "loadAssignment": {
+        "clusterName": "dc6.internal.11111111-2222-3333-4444-555555555555.consul",
+        "endpoints": [
           {
-            "lbEndpoints":  [
+            "lbEndpoints": [
               {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "123.us-east-1.elb.notaws.com",
-                      "portValue":  443
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "123.us-east-1.elb.notaws.com",
+                      "portValue": 443
                     }
                   }
                 },
-                "healthStatus":  "UNHEALTHY",
-                "loadBalancingWeight":  1
+                "healthStatus": "UNHEALTHY",
+                "loadBalancingWeight": 1
               }
             ]
           }
         ]
       },
-      "dnsRefreshRate":  "10s",
-      "dnsLookupFamily":  "V4_ONLY",
-      "outlierDetection":  {}
+      "dnsRefreshRate": "10s",
+      "dnsLookupFamily": "V4_ONLY",
+      "outlierDetection": {}
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
         }
       },
-      "connectTimeout":  "5s",
-      "outlierDetection":  {}
+      "connectTimeout": "5s",
+      "outlierDetection": {}
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "node1.server.dc1.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "node1.server.dc1.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
         }
       },
-      "connectTimeout":  "5s",
-      "outlierDetection":  {}
+      "connectTimeout": "5s",
+      "outlierDetection": {}
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "node2.server.dc1.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "node2.server.dc1.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
         }
       },
-      "connectTimeout":  "5s",
-      "outlierDetection":  {}
+      "connectTimeout": "5s",
+      "outlierDetection": {}
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "server.dc2.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "server.dc2.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
         }
       },
-      "connectTimeout":  "5s",
-      "outlierDetection":  {}
+      "connectTimeout": "5s",
+      "outlierDetection": {}
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "server.dc4.consul",
-      "type":  "LOGICAL_DNS",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "server.dc4.consul",
-        "endpoints":  [
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "server.dc4.consul",
+      "type": "LOGICAL_DNS",
+      "connectTimeout": "5s",
+      "loadAssignment": {
+        "clusterName": "server.dc4.consul",
+        "endpoints": [
           {
-            "lbEndpoints":  [
+            "lbEndpoints": [
               {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "123.us-west-2.elb.notaws.com",
-                      "portValue":  443
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "123.us-west-2.elb.notaws.com",
+                      "portValue": 443
                     }
                   }
                 },
-                "healthStatus":  "HEALTHY",
-                "loadBalancingWeight":  1
+                "healthStatus": "HEALTHY",
+                "loadBalancingWeight": 1
               }
             ]
           }
         ]
       },
-      "dnsRefreshRate":  "10s",
-      "dnsLookupFamily":  "V4_ONLY",
-      "outlierDetection":  {}
+      "dnsRefreshRate": "10s",
+      "dnsLookupFamily": "V4_ONLY",
+      "outlierDetection": {}
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "server.dc6.consul",
-      "type":  "LOGICAL_DNS",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "server.dc6.consul",
-        "endpoints":  [
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "server.dc6.consul",
+      "type": "LOGICAL_DNS",
+      "connectTimeout": "5s",
+      "loadAssignment": {
+        "clusterName": "server.dc6.consul",
+        "endpoints": [
           {
-            "lbEndpoints":  [
+            "lbEndpoints": [
               {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "123.us-east-1.elb.notaws.com",
-                      "portValue":  443
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "123.us-east-1.elb.notaws.com",
+                      "portValue": 443
                     }
                   }
                 },
-                "healthStatus":  "UNHEALTHY",
-                "loadBalancingWeight":  1
+                "healthStatus": "UNHEALTHY",
+                "loadBalancingWeight": 1
               }
             ]
           }
         ]
       },
-      "dnsRefreshRate":  "10s",
-      "dnsLookupFamily":  "V4_ONLY",
-      "outlierDetection":  {}
+      "dnsRefreshRate": "10s",
+      "dnsLookupFamily": "V4_ONLY",
+      "outlierDetection": {}
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
index 8c85bbc827ad..c8ca9b37688e 100644
--- a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
+++ b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
@@ -7,16 +7,25 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {
-
-          },
+          "ads": {},
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "5s",
-      "outlierDetection": {
-
-      }
+      "outlierDetection": {}
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
+        }
+      },
+      "connectTimeout": "5s",
+      "outlierDetection": {}
     },
     {
       "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
@@ -24,16 +33,12 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {
-
-          },
+          "ads": {},
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "5s",
-      "outlierDetection": {
-
-      }
+      "outlierDetection": {}
     },
     {
       "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
@@ -42,32 +47,22 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {
-
-          },
+          "ads": {},
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "5s",
-      "circuitBreakers": {
-
-      },
-      "outlierDetection": {
-
-      },
+      "circuitBreakers": {},
+      "outlierDetection": {},
       "commonLbConfig": {
-        "healthyPanicThreshold": {
-
-        }
+        "healthyPanicThreshold": {}
       },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {
-
-            },
+            "tlsParams": {},
             "tlsCertificates": [
               {
                 "certificateChain": {
@@ -100,32 +95,22 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {
-
-          },
+          "ads": {},
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "33s",
-      "circuitBreakers": {
-
-      },
-      "outlierDetection": {
-
-      },
+      "circuitBreakers": {},
+      "outlierDetection": {},
       "commonLbConfig": {
-        "healthyPanicThreshold": {
-
-        }
+        "healthyPanicThreshold": {}
       },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {
-
-            },
+            "tlsParams": {},
             "tlsCertificates": [
               {
                 "certificateChain": {
@@ -158,32 +143,22 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {
-
-          },
+          "ads": {},
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "5s",
-      "circuitBreakers": {
-
-      },
-      "outlierDetection": {
-
-      },
+      "circuitBreakers": {},
+      "outlierDetection": {},
       "commonLbConfig": {
-        "healthyPanicThreshold": {
-
-        }
+        "healthyPanicThreshold": {}
       },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {
-
-            },
+            "tlsParams": {},
             "tlsCertificates": [
               {
                 "certificateChain": {
@@ -208,6 +183,32 @@
           "sni": "v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
         }
       }
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "v1.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
+        }
+      },
+      "connectTimeout": "5s",
+      "outlierDetection": {}
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
+        }
+      },
+      "connectTimeout": "5s",
+      "outlierDetection": {}
     }
   ],
   "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
diff --git a/agent/xds/testdata/endpoints/mesh-gateway-using-federation-control-plane.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-using-federation-control-plane.latest.golden
new file mode 100644
index 000000000000..231f4b9b2c99
--- /dev/null
+++ b/agent/xds/testdata/endpoints/mesh-gateway-using-federation-control-plane.latest.golden
@@ -0,0 +1,249 @@
+{
+  "versionInfo":  "00000001",
+  "resources":  [
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "172.16.1.6",
+                    "portValue":  2222
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "172.16.1.7",
+                    "portValue":  2222
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "172.16.1.8",
+                    "portValue":  2222
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "dc2.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "198.18.1.1",
+                    "portValue":  443
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "198.18.1.2",
+                    "portValue":  443
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "172.16.1.3",
+                    "portValue":  2222
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "172.16.1.4",
+                    "portValue":  2222
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "172.16.1.5",
+                    "portValue":  2222
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "172.16.1.9",
+                    "portValue":  2222
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "node1.server.dc1.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "127.0.0.1",
+                    "portValue":  0
+                  }
+                }
+              }
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "node2.server.dc1.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "127.0.0.2",
+                    "portValue":  0
+                  }
+                }
+              }
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "server.dc1.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "127.0.0.1",
+                    "portValue":  0
+                  }
+                }
+              }
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "127.0.0.2",
+                    "portValue":  0
+                  }
+                }
+              }
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName":  "server.dc2.consul",
+      "endpoints":  [
+        {
+          "lbEndpoints":  [
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "198.18.1.1",
+                    "portValue":  443
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            },
+            {
+              "endpoint":  {
+                "address":  {
+                  "socketAddress":  {
+                    "address":  "198.18.1.2",
+                    "portValue":  443
+                  }
+                }
+              },
+              "healthStatus":  "HEALTHY",
+              "loadBalancingWeight":  1
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "typeUrl":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+  "nonce":  "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
index b993f6a71e49..03bd971ef6e8 100644
--- a/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
+++ b/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
@@ -35,6 +35,40 @@
         }
       ]
     },
+    {
+      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints": [
+        {
+          "lbEndpoints": [
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.3",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 128
+            },
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.4",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            }
+          ]
+        }
+      ]
+    },
     {
       "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
       "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
@@ -136,6 +170,72 @@
           ]
         }
       ]
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName": "exported~v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints": [
+        {
+          "lbEndpoints": [
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.4",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName": "v1.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints": [
+        {
+          "lbEndpoints": [
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.3",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 128
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName": "v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints": [
+        {
+          "lbEndpoints": [
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.4",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            }
+          ]
+        }
+      ]
     }
   ],
   "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
index ff9c69156331..08b36fef2433 100644
--- a/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
@@ -1,166 +1,166 @@
 {
-  "versionInfo": "00000001",
-  "resources": [
+  "versionInfo":  "00000001",
+  "resources":  [
     {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "http:1.2.3.4:8080",
-      "address": {
-        "socketAddress": {
-          "address": "1.2.3.4",
-          "portValue": 8080
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "http:1.2.3.4:8080",
+      "address":  {
+        "socketAddress":  {
+          "address":  "1.2.3.4",
+          "portValue":  8080
         }
       },
-      "filterChains": [
+      "filterChains":  [
         {
-          "filters": [
+          "filters":  [
             {
-              "name": "envoy.filters.network.http_connection_manager",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix": "ingress_upstream_8080",
-                "rds": {
-                  "configSource": {
-                    "ads": {},
-                    "resourceApiVersion": "V3"
+              "name":  "envoy.filters.network.http_connection_manager",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix":  "ingress_upstream_8080",
+                "rds":  {
+                  "configSource":  {
+                    "ads":  {},
+                    "resourceApiVersion":  "V3"
                   },
-                  "routeConfigName": "8080"
+                  "routeConfigName":  "8080"
                 },
-                "httpFilters": [
+                "httpFilters":  [
                   {
-                    "name": "envoy.filters.http.router",
-                    "typedConfig": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name":  "envoy.filters.http.router",
+                    "typedConfig":  {
+                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing": {
-                  "randomSampling": {}
+                "tracing":  {
+                  "randomSampling":  {}
                 },
-                "upgradeConfigs": [
+                "upgradeConfigs":  [
                   {
-                    "upgradeType": "websocket"
+                    "upgradeType":  "websocket"
                   }
                 ]
               }
             }
           ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {
-                  "cipherSuites": [
+          "transportSocket":  {
+            "name":  "tls",
+            "typedConfig":  {
+              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext":  {
+                "tlsParams":  {
+                  "cipherSuites":  [
                     "ECDHE-RSA-AES256-SHA"
                   ]
                 },
-                "tlsCertificates": [
+                "tlsCertificates":  [
                   {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain":  {
+                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey":  {
+                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext":  {
+                  "trustedCa":  {
+                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols": [
+                "alpnProtocols":  [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate": false
+              "requireClientCertificate":  false
             }
           }
         }
       ],
-      "trafficDirection": "OUTBOUND"
+      "trafficDirection":  "OUTBOUND"
     },
     {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "http:1.2.3.4:8081",
-      "address": {
-        "socketAddress": {
-          "address": "1.2.3.4",
-          "portValue": 8081
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "http:1.2.3.4:8081",
+      "address":  {
+        "socketAddress":  {
+          "address":  "1.2.3.4",
+          "portValue":  8081
         }
       },
-      "filterChains": [
+      "filterChains":  [
         {
-          "filters": [
+          "filters":  [
             {
-              "name": "envoy.filters.network.http_connection_manager",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix": "ingress_upstream_8081",
-                "rds": {
-                  "configSource": {
-                    "ads": {},
-                    "resourceApiVersion": "V3"
+              "name":  "envoy.filters.network.http_connection_manager",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix":  "ingress_upstream_8081",
+                "rds":  {
+                  "configSource":  {
+                    "ads":  {},
+                    "resourceApiVersion":  "V3"
                   },
-                  "routeConfigName": "8081"
+                  "routeConfigName":  "8081"
                 },
-                "httpFilters": [
+                "httpFilters":  [
                   {
-                    "name": "envoy.filters.http.router",
-                    "typedConfig": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name":  "envoy.filters.http.router",
+                    "typedConfig":  {
+                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing": {
-                  "randomSampling": {}
+                "tracing":  {
+                  "randomSampling":  {}
                 },
-                "upgradeConfigs": [
+                "upgradeConfigs":  [
                   {
-                    "upgradeType": "websocket"
+                    "upgradeType":  "websocket"
                   }
                 ]
               }
             }
           ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {
-                  "cipherSuites": [
+          "transportSocket":  {
+            "name":  "tls",
+            "typedConfig":  {
+              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext":  {
+                "tlsParams":  {
+                  "cipherSuites":  [
                     "ECDHE-RSA-CHACHA20-POLY1305",
                     "ECDHE-ECDSA-CHACHA20-POLY1305"
                   ]
                 },
-                "tlsCertificates": [
+                "tlsCertificates":  [
                   {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain":  {
+                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey":  {
+                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext":  {
+                  "trustedCa":  {
+                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols": [
+                "alpnProtocols":  [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate": false
+              "requireClientCertificate":  false
             }
           }
         }
       ],
-      "trafficDirection": "OUTBOUND"
+      "trafficDirection":  "OUTBOUND"
     }
   ],
-  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce": "00000001"
+  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce":  "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
index 77debfa56722..c9e56105a5c5 100644
--- a/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
+++ b/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
@@ -1,238 +1,238 @@
 {
-  "versionInfo": "00000001",
-  "resources": [
+  "versionInfo":  "00000001",
+  "resources":  [
     {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "http:1.2.3.4:8080",
-      "address": {
-        "socketAddress": {
-          "address": "1.2.3.4",
-          "portValue": 8080
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "http:1.2.3.4:8080",
+      "address":  {
+        "socketAddress":  {
+          "address":  "1.2.3.4",
+          "portValue":  8080
         }
       },
-      "filterChains": [
+      "filterChains":  [
         {
-          "filters": [
+          "filters":  [
             {
-              "name": "envoy.filters.network.http_connection_manager",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix": "ingress_upstream_8080",
-                "rds": {
-                  "configSource": {
-                    "ads": {},
-                    "resourceApiVersion": "V3"
+              "name":  "envoy.filters.network.http_connection_manager",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix":  "ingress_upstream_8080",
+                "rds":  {
+                  "configSource":  {
+                    "ads":  {},
+                    "resourceApiVersion":  "V3"
                   },
-                  "routeConfigName": "8080"
+                  "routeConfigName":  "8080"
                 },
-                "httpFilters": [
+                "httpFilters":  [
                   {
-                    "name": "envoy.filters.http.router",
-                    "typedConfig": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name":  "envoy.filters.http.router",
+                    "typedConfig":  {
+                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing": {
-                  "randomSampling": {}
+                "tracing":  {
+                  "randomSampling":  {}
                 },
-                "upgradeConfigs": [
+                "upgradeConfigs":  [
                   {
-                    "upgradeType": "websocket"
+                    "upgradeType":  "websocket"
                   }
                 ]
               }
             }
           ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {
-                  "tlsMaximumProtocolVersion": "TLSv1_2"
+          "transportSocket":  {
+            "name":  "tls",
+            "typedConfig":  {
+              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext":  {
+                "tlsParams":  {
+                  "tlsMaximumProtocolVersion":  "TLSv1_2"
                 },
-                "tlsCertificates": [
+                "tlsCertificates":  [
                   {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain":  {
+                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey":  {
+                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext":  {
+                  "trustedCa":  {
+                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols": [
+                "alpnProtocols":  [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate": false
+              "requireClientCertificate":  false
             }
           }
         }
       ],
-      "trafficDirection": "OUTBOUND"
+      "trafficDirection":  "OUTBOUND"
     },
     {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "http:1.2.3.4:8081",
-      "address": {
-        "socketAddress": {
-          "address": "1.2.3.4",
-          "portValue": 8081
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "http:1.2.3.4:8081",
+      "address":  {
+        "socketAddress":  {
+          "address":  "1.2.3.4",
+          "portValue":  8081
         }
       },
-      "filterChains": [
+      "filterChains":  [
         {
-          "filters": [
+          "filters":  [
             {
-              "name": "envoy.filters.network.http_connection_manager",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix": "ingress_upstream_8081",
-                "rds": {
-                  "configSource": {
-                    "ads": {},
-                    "resourceApiVersion": "V3"
+              "name":  "envoy.filters.network.http_connection_manager",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix":  "ingress_upstream_8081",
+                "rds":  {
+                  "configSource":  {
+                    "ads":  {},
+                    "resourceApiVersion":  "V3"
                   },
-                  "routeConfigName": "8081"
+                  "routeConfigName":  "8081"
                 },
-                "httpFilters": [
+                "httpFilters":  [
                   {
-                    "name": "envoy.filters.http.router",
-                    "typedConfig": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name":  "envoy.filters.http.router",
+                    "typedConfig":  {
+                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing": {
-                  "randomSampling": {}
+                "tracing":  {
+                  "randomSampling":  {}
                 },
-                "upgradeConfigs": [
+                "upgradeConfigs":  [
                   {
-                    "upgradeType": "websocket"
+                    "upgradeType":  "websocket"
                   }
                 ]
               }
             }
           ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {
-                  "tlsMaximumProtocolVersion": "TLSv1_0"
+          "transportSocket":  {
+            "name":  "tls",
+            "typedConfig":  {
+              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext":  {
+                "tlsParams":  {
+                  "tlsMaximumProtocolVersion":  "TLSv1_0"
                 },
-                "tlsCertificates": [
+                "tlsCertificates":  [
                   {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain":  {
+                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey":  {
+                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext":  {
+                  "trustedCa":  {
+                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols": [
+                "alpnProtocols":  [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate": false
+              "requireClientCertificate":  false
             }
           }
         }
       ],
-      "trafficDirection": "OUTBOUND"
+      "trafficDirection":  "OUTBOUND"
     },
     {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "http:1.2.3.4:8082",
-      "address": {
-        "socketAddress": {
-          "address": "1.2.3.4",
-          "portValue": 8082
+      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name":  "http:1.2.3.4:8082",
+      "address":  {
+        "socketAddress":  {
+          "address":  "1.2.3.4",
+          "portValue":  8082
         }
       },
-      "filterChains": [
+      "filterChains":  [
         {
-          "filters": [
+          "filters":  [
             {
-              "name": "envoy.filters.network.http_connection_manager",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix": "ingress_upstream_8082",
-                "rds": {
-                  "configSource": {
-                    "ads": {},
-                    "resourceApiVersion": "V3"
+              "name":  "envoy.filters.network.http_connection_manager",
+              "typedConfig":  {
+                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix":  "ingress_upstream_8082",
+                "rds":  {
+                  "configSource":  {
+                    "ads":  {},
+                    "resourceApiVersion":  "V3"
                   },
-                  "routeConfigName": "8082"
+                  "routeConfigName":  "8082"
                 },
-                "httpFilters": [
+                "httpFilters":  [
                   {
-                    "name": "envoy.filters.http.router",
-                    "typedConfig": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    "name":  "envoy.filters.http.router",
+                    "typedConfig":  {
+                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
                     }
                   }
                 ],
-                "tracing": {
-                  "randomSampling": {}
+                "tracing":  {
+                  "randomSampling":  {}
                 },
-                "upgradeConfigs": [
+                "upgradeConfigs":  [
                   {
-                    "upgradeType": "websocket"
+                    "upgradeType":  "websocket"
                   }
                 ]
               }
             }
           ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {
-                  "tlsMaximumProtocolVersion": "TLSv1_3"
+          "transportSocket":  {
+            "name":  "tls",
+            "typedConfig":  {
+              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext":  {
+                "tlsParams":  {
+                  "tlsMaximumProtocolVersion":  "TLSv1_3"
                 },
-                "tlsCertificates": [
+                "tlsCertificates":  [
                   {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                    "certificateChain":  {
+                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                     },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                    "privateKey":  {
+                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                     }
                   }
                 ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+                "validationContext":  {
+                  "trustedCa":  {
+                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
                   }
                 },
-                "alpnProtocols": [
+                "alpnProtocols":  [
                   "http/1.1"
                 ]
               },
-              "requireClientCertificate": false
+              "requireClientCertificate":  false
             }
           }
         }
       ],
-      "trafficDirection": "OUTBOUND"
+      "trafficDirection":  "OUTBOUND"
     }
   ],
-  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce": "00000001"
+  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce":  "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
index 599f1058e276..fef17ff195ae 100644
--- a/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
+++ b/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
@@ -1,181 +1,181 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "default:1.2.3.4:8443",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8443
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "default:1.2.3.4:8443",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8443
         }
       },
-      "filterChains":  [
+      "filterChains": [
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "mesh_gateway_remote.default.dc2",
-                "cluster":  "dc2.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "mesh_gateway_remote.default.dc2",
+                "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "mesh_gateway_remote.default.dc4",
-                "cluster":  "dc4.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "mesh_gateway_remote.default.dc4",
+                "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "mesh_gateway_remote.default.dc6",
-                "cluster":  "dc6.internal.11111111-2222-3333-4444-555555555555.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "mesh_gateway_remote.default.dc6",
+                "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul"
               }
             }
           ]
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "*.server.dc2.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "mesh_gateway_remote.default.dc2",
-                "cluster":  "server.dc2.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "mesh_gateway_remote.default.dc2",
+                "cluster": "server.dc2.consul"
               }
             }
           ]
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "*.server.dc4.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "mesh_gateway_remote.default.dc4",
-                "cluster":  "server.dc4.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "mesh_gateway_remote.default.dc4",
+                "cluster": "server.dc4.consul"
               }
             }
           ]
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "*.server.dc6.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "mesh_gateway_remote.default.dc6",
-                "cluster":  "server.dc6.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "mesh_gateway_remote.default.dc6",
+                "cluster": "server.dc6.consul"
               }
             }
           ]
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "node1.server.dc1.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "mesh_gateway_local_server.default.dc1",
-                "cluster":  "node1.server.dc1.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "mesh_gateway_local_server.default.dc1",
+                "cluster": "node1.server.dc1.consul"
               }
             }
           ]
         },
         {
-          "filterChainMatch":  {
-            "serverNames":  [
+          "filterChainMatch": {
+            "serverNames": [
               "node2.server.dc1.consul"
             ]
           },
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "mesh_gateway_local_server.default.dc1",
-                "cluster":  "node2.server.dc1.consul"
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "mesh_gateway_local_server.default.dc1",
+                "cluster": "node2.server.dc1.consul"
               }
             }
           ]
         },
         {
-          "filters":  [
+          "filters": [
             {
-              "name":  "envoy.filters.network.sni_cluster",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
+              "name": "envoy.filters.network.sni_cluster",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
               }
             },
             {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "mesh_gateway_local.default",
-                "cluster":  ""
+              "name": "envoy.filters.network.tcp_proxy",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
+                "statPrefix": "mesh_gateway_local.default",
+                "cluster": ""
               }
             }
           ]
         }
       ],
-      "listenerFilters":  [
+      "listenerFilters": [
         {
-          "name":  "envoy.filters.listener.tls_inspector",
-          "typedConfig":  {
-            "@type":  "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
+          "name": "envoy.filters.listener.tls_inspector",
+          "typedConfig": {
+            "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
           }
         }
       ]
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
-}
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}
\ No newline at end of file

From 7ce539e5f6ae19fc8f5d19404ca40fe99df26908 Mon Sep 17 00:00:00 2001
From: Judith Malnick <judith@hashicorp.com>
Date: Fri, 21 Jul 2023 16:08:37 -0700
Subject: [PATCH 207/359] Clarify license reporting timing and GDPR compliance
 (#18237)

Add Alicia's edits to clarify log timing and other details
---
 .../docs/enterprise/license/utilization-reporting.mdx     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/website/content/docs/enterprise/license/utilization-reporting.mdx b/website/content/docs/enterprise/license/utilization-reporting.mdx
index 50db53860979..bd751581d0a4 100644
--- a/website/content/docs/enterprise/license/utilization-reporting.mdx
+++ b/website/content/docs/enterprise/license/utilization-reporting.mdx
@@ -8,7 +8,7 @@ description: >-
 
 Automated license utilization reporting sends license utilization data to HashiCorp without requiring you to manually collect and report them. It also enables you to review your license usage with the monitoring solution you already use, such as Splunk and Datadog, as you optimize and manage your deployments. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption.  
 
-Automated reporting shares the minimum data required to validate license utilization as defined in our contracts. This data mostly consists of computed metrics, and it will never contain Personal Identifiable Information (PII) or other sensitive information. Automated reporting shares the data with HashiCorp using a secure unidirectional HTTPS API and makes an auditable record in the product logs each time it submits a report.
+Automated reporting shares the minimum data required to validate license utilization as defined in our contracts. This data mostly consists of computed metrics, and it will never contain Personal Identifiable Information (PII) or other sensitive information. Automated reporting shares the data with HashiCorp using a secure unidirectional HTTPS API and makes an auditable record in the product logs each time it submits a report. This process is GDPR compliant.
 
 ## Enable automated reporting
 
@@ -40,7 +40,7 @@ Upgrade to a release that supports license utilization reporting. These [release
 
 ### Check product logs
 
-Automatic license utilization reporting starts sending data within 24 hours. Check the product logs for records that the data sent successfully.
+Automatic license utilization reporting starts sending data within roughly 24 hours. Check the product logs for records that the data sent successfully.
 
 <CodeBlockConfig hideClipboard>
 
@@ -77,7 +77,7 @@ If your installation is air-gapped or your network does not allow the correct eg
 
 </CodeBlockConfig>
 
-In this case, reconfigure your network to allow egress and check back in 24 hours. 
+In this case, reconfigure your network to allow egress and check back in roughly 24 hours. 
 
 ## Opt out
 
@@ -119,7 +119,7 @@ $ consul reload
 ```
 
 
-Check your product logs 24 hours after opting out to make sure that the system is not trying to send reports. Keep in mind that if your configuration file and environment variable differ, the environment variable setting takes precedence.
+Check your product logs roughly 24 hours after opting out to make sure that the system is not trying to send reports. Keep in mind that if your configuration file and environment variable differ, the environment variable setting takes precedence.
 
 ## Example payloads
 

From 2b0d64ee27badd669a8efbe468a8846264309dbb Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Sat, 22 Jul 2023 09:48:42 +0530
Subject: [PATCH 208/359] Fix Github Workflow File (#18241)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [CONSUL-382] Support openssl in unique test dockerfile (#43)

* [CONSUL-405] Add bats to single container (#44)

* [CONSUL-414] Run Prometheus Test Cases and Validate Changes (#46)

* [CONSUL-410] Run Jaeger in Single container (#45)

* [CONSUL-412] Run test-sds-server in single container (#48)

* [CONSUL-408] Clean containers (#47)

* [CONSUL-384] Rebase and sync fork (#50)

* [CONSUL-415] Create Scenarios Troubleshooting Docs (#49)

* [CONSUL-417] Update Docs Single Container (#51)

* [CONSUL-428] Add Socat to single container (#54)

* [CONSUL-424] Replace pkill in kill_envoy function (#52)

* [CONSUL-434] Modify Docker run functions in Helper script (#53)

* [CONSUL-435] Replace docker run in set_ttl_check_state & wait_for_agent_service_register functions (#55)

* [CONSUL-438] Add netcat (nc) in the Single container Dockerfile (#56)

* [CONSUL-429] Replace Docker run with Docker exec (#57)

* [CONSUL-436] Curl timeout and run tests (#58)

* [CONSUL-443] Create dogstatsd Function (#59)

* [CONSUL-431] Update Docs Netcat (#60)

* [CONSUL-439] Parse nc Command in function (#61)

* [CONSUL-463] Review curl Exec and get_ca_root Func (#63)

* [CONSUL-453] Docker hostname in Helper functions (#64)

* [CONSUL-461] Test wipe volumes without extra cont (#66)

* [CONSUL-454] Check ports in the Server and Agent containers (#65)

* [CONSUL-441] Update windows dockerfile with version (#62)

* [CONSUL-466] Review case-grpc Failing Test (#67)

* [CONSUL-494] Review case-cfg-resolver-svc-failover (#68)

* [CONSUL-496] Replace docker_wget & docker_curl (#69)

* [CONSUL-499] Cleanup Scripts - Remove nanoserver (#70)

* [CONSUL-500] Update Troubleshooting Docs (#72)

* [CONSUL-502] Pull & Tag Envoy Windows Image (#73)

* [CONSUL-504] Replace docker run in docker_consul (#76)

* [CONSUL-505] Change admin_bind

* [CONSUL-399] Update envoy to 1.23.1 (#78)

* [CONSUL-510] Support case-wanfed-gw on Windows (#79)

* [CONSUL-506] Update troubleshooting Documentation (#80)

* [CONSUL-512] Review debug_dump_volumes Function (#81)

* [CONSUL-514] Add zipkin to Docker Image (#82)

* [CONSUL-515] Update Documentation (#83)

* [CONSUL-529] Support case-consul-exec (#86)

* [CONSUL-530] Update Documentation (#87)

* [CONSUL-530] Update default consul version 1.13.3

* [CONSUL-539] Cleanup (#91)

* [CONSUL-546] Scripts Clean-up (#92)

* [CONSUL-491] Support admin_access_log_path value for Windows (#71)

* [CONSUL-519] Implement mkfifo Alternative (#84)

* [CONSUL-542] Create OS Specific Files for Envoy Package (#88)

* [CONSUL-543] Create exec_supported.go (#89)

* [CONSUL-544] Test and Build Changes (#90)

* Implement os.DevNull

* using mmap instead of disk files

* fix import in exec-unix

* fix nmap open too many arguemtn

* go fmt on file

* changelog file

* fix go mod

* Update .changelog/17694.txt

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>

* different mmap library

* fix bootstrap json

* some fixes

* chocolatey version fix and image fix

* using different library

* fix Map funciton call

* fix mmap call

* fix tcp dump

* fix tcp dump

* windows tcp dump

* Fix docker run

* fix tests

* fix go mod

* fix version 16.0

* fix version

* fix version dev

* sleep to debug

* fix sleep

* fix permission issue

* fix permission issue

* fix permission issue

* fix command

* fix command

* fix funciton

* fix assert config entry status command not found

* fix command not found assert_cert_has_cn

* fix command not found assert_upstream_missing

* fix command not found assert_upstream_missing_once

* fix command not found get_upstream_endpoint

* fix command not found get_envoy_public_listener_once

* fix command not found

* fix test cases

* windows integration test workflow github

* made code similar to unix using npipe

* fix go.mod

* fix dialing of npipe

* dont wait

* check size of written json

* fix undefined n

* running

* fix dep

* fix syntax error

* fix workflow file

* windows runner

* fix runner

* fix from json

* fix runs on

* merge connect envoy

* fix cin path

* build

* fix file name

* fix file name

* fix dev build

* remove unwanted code

* fix upload

* fix bin name

* fix path

* checkout current branch

* fix path

* fix tests

* fix shell bash for windows sh files

* fix permission of run-test.sh

* removed docker dev

* added shell bash for tests

* fix tag

* fix win=true

* fix cd

* added dev

* fix variable undefined

* removed failing tests

* fix tcp dump image

* fix curl

* fix curl

* tcp dump path

* fix tcpdump path

* fix curl

* fix curl install

* stop removing intermediate containers

* fix tcpdump docker image

* revert -rm

* --rm=false

* makeing docker image before

* fix tcpdump

* removed case consul exec

* removed terminating gateway simple

* comment case wasm

* removed data dog

* comment out upload coverage

* uncomment case-consul-exec

* comment case consul exec

* if always

* logs

* using consul 1.17.0

* fix quotes

* revert quotes

* redirect to dev null

* Revert version

* revert consul connect

* fix version

* removed envoy connect

* not using function

* change log

* docker logs

* fix logs

* restructure bad authz

* rmeoved dev null

* output

* fix file descriptor

* fix cacert

* fix cacert

* fix ca cert

* cacert does not work in windows curl

* fix func

* removed docker logs

* added sleep

* fix tls

* commented case-consul-exec

* removed echo

* retry docker consul

* fix upload bin

* uncomment consul exec

* copying consul.exe to docker image

* copy fix

* fix paths

* fix path

* github workspace path

* latest version

* Revert "latest version"

This reverts commit 5a7d7b82d9e7553bcb01b02557ec8969f9deba1d.

* commented consul exec

* added ssl revoke best effort

* revert best effort

* removed unused files

* rename var name and change dir

* windows runner

* permission

* needs setup fix

* swtich to github runner

* fix file path

* fix path

* fix path

* fix path

* fix path

* fix path

* fix build paths

* fix tag

* nightly runs

* added matrix in github workflow, renamed files

* fix job

* fix matrix

* removed brackes

* from json

* without using job matrix

* fix quotes

* revert job matrix

* fix workflow

* fix comment

* added comment

* nightly runs

* removed datadog ci as it is already measured in linux one

* running test

* Revert "running test"

This reverts commit 7013d15a23732179d18ec5d17336e16b26fab5d4.

* pr comment fixes

* running test now

* running subset of test

* running subset of test

* job matrix

* shell bash

* removed bash shell

* linux machine for job matrix

* fix output

* added cat to debug

* using ubuntu latest

* fix job matrix

* fix win true

* fix go test

* revert job matrix

* Fix tests

---------

Co-authored-by: Ivan K Berlot <ivanberlot@gmail.com>
Co-authored-by: Jose Ignacio Lorenzo <74208929+joselo85@users.noreply.github.com>
Co-authored-by: Franco Bruno Lavayen <cocolavayen@gmail.com>
Co-authored-by: Ezequiel Fernández Ponce <20102608+ezfepo@users.noreply.github.com>
Co-authored-by: joselo85 <joseignaciolorenzo85@gmail.com>
Co-authored-by: Ezequiel Fernández Ponce <ezequiel.fernandez@southworks.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
---
 .github/workflows/test-integrations-windows.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/test-integrations-windows.yml b/.github/workflows/test-integrations-windows.yml
index d71892c78403..79359c481bb8 100644
--- a/.github/workflows/test-integrations-windows.yml
+++ b/.github/workflows/test-integrations-windows.yml
@@ -1197,7 +1197,6 @@ jobs:
   test-integrations-success:
     needs:
       - envoy-integration-test
-      - upgrade-integration-test
     runs-on: 'ubuntu-latest'
     if: ${{ always() }}
     steps:

From a11dba710e6ce6f172c0fa6c9b61567cc1efffc8 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Sun, 23 Jul 2023 13:08:15 -0600
Subject: [PATCH 209/359] NET-4996 - filter go-tests and test-integration
 workflows from running on docs only and ui only changes (#18236)

---
 .github/workflows/go-tests.yml          | 11 +++++------
 .github/workflows/test-integrations.yml | 11 +++++------
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 60e7d10d261c..4d51c119169c 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -2,14 +2,13 @@ name: go-tests
 
 on:
   pull_request:
-    branches-ignore:
-      - stable-website
+    paths-ignore: 
+      - '.changelog/**'
+      - '.github/ISSUE_TEMPLATE/**'
+      - 'contributing/**'
       - 'docs/**'
       - 'ui/**'
-      - 'mktg-**' # Digital Team Terraform-generated branches' prefix
-      - 'backport/docs/**'
-      - 'backport/ui/**'
-      - 'backport/mktg-**'
+      - 'website/**'
   push:
     branches:
       # Push events on the main branch
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 6c96b5da1d2c..80c9dc8cf7da 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -5,14 +5,13 @@ name: test-integrations
 
 on:
   pull_request:
-    branches-ignore:
-      - stable-website
+    paths-ignore:
+      - '.changelog/**'
+      - '.github/ISSUE_TEMPLATE/**'
+      - 'contributing/**'
       - 'docs/**'
       - 'ui/**'
-      - 'mktg-**' # Digital Team Terraform-generated branch prefix
-      - 'backport/docs/**'
-      - 'backport/ui/**'
-      - 'backport/mktg-**'
+      - 'website/**'
 
 env:
   TEST_RESULTS_DIR: /tmp/test-results

From 8b46bac36de657f47465f915637f0e08fd4f9949 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Mon, 24 Jul 2023 11:22:34 -0400
Subject: [PATCH 210/359] Align build arch matrix with enterprise (#18235)

Ensure that OSS remains in sync w/ Enterprise by aligning the format of
arch matrix args for various build jobs.
---
 .github/workflows/build.yml | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 3888b612872d..c3070da291f3 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -282,7 +282,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        arch: ["386", "amd64", "arm", "arm64"]
+        include:
+          - { arch: "386" }
+          - { arch: "arm" }
+          - { arch: "amd64" }
+          - { arch: "arm64" }
     env:
       repo: ${{github.event.repository.name}}
       version: ${{needs.set-product-version.outputs.product-version}}
@@ -371,7 +375,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        arch: ["386", "amd64", "arm", "arm64"]
+        include:
+          - { arch: "386" }
+          - { arch: "arm" }
+          - { arch: "amd64" }
+          - { arch: "arm64" }
       fail-fast: true
     env:
       version: ${{ needs.set-product-version.outputs.product-version }}
@@ -432,7 +440,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        arch: ["i386", "amd64", "armhf", "arm64"]
+        include:
+          - { arch: "i386" }
+          - { arch: "armhf" }
+          - { arch: "amd64" }
+          - { arch: "arm64" }
       # fail-fast: true
     env:
       version: ${{ needs.set-product-version.outputs.product-version }}
@@ -469,8 +481,12 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
+        include:
+          - { arch: "i386" }
+          - { arch: "x86_64" }
         # TODO(eculver): re-enable when there is a smaller verification container available
-        arch: ["i386", "x86_64"] #, "armv7hl", "aarch64"]
+          # - { arch: "armv7hl" }
+          # - { arch: "aarch64" }
     env:
       version: ${{ needs.set-product-version.outputs.product-version }}
 

From 639210e28d5dcd0cb7942174da56fd3b2fe1bdb5 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Mon, 24 Jul 2023 10:05:43 -0600
Subject: [PATCH 211/359] Revert "NET-4996 - filter go-tests and
 test-integration workflows from running on docs only and ui only changes"
 (#18248)

Revert "NET-4996 - filter go-tests and test-integration workflows from running on docs only and ui only changes (#18236)"

This reverts commit a11dba710e6ce6f172c0fa6c9b61567cc1efffc8.
---
 .github/workflows/go-tests.yml          | 11 ++++++-----
 .github/workflows/test-integrations.yml | 11 ++++++-----
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 4d51c119169c..60e7d10d261c 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -2,13 +2,14 @@ name: go-tests
 
 on:
   pull_request:
-    paths-ignore: 
-      - '.changelog/**'
-      - '.github/ISSUE_TEMPLATE/**'
-      - 'contributing/**'
+    branches-ignore:
+      - stable-website
       - 'docs/**'
       - 'ui/**'
-      - 'website/**'
+      - 'mktg-**' # Digital Team Terraform-generated branches' prefix
+      - 'backport/docs/**'
+      - 'backport/ui/**'
+      - 'backport/mktg-**'
   push:
     branches:
       # Push events on the main branch
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 80c9dc8cf7da..6c96b5da1d2c 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -5,13 +5,14 @@ name: test-integrations
 
 on:
   pull_request:
-    paths-ignore:
-      - '.changelog/**'
-      - '.github/ISSUE_TEMPLATE/**'
-      - 'contributing/**'
+    branches-ignore:
+      - stable-website
       - 'docs/**'
       - 'ui/**'
-      - 'website/**'
+      - 'mktg-**' # Digital Team Terraform-generated branch prefix
+      - 'backport/docs/**'
+      - 'backport/ui/**'
+      - 'backport/mktg-**'
 
 env:
   TEST_RESULTS_DIR: /tmp/test-results

From efb45fe8518ec980c3155df171c5b7280be93500 Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Mon, 24 Jul 2023 11:34:30 -0500
Subject: [PATCH 212/359] resource: Add scope to resource type registration
 [NET-4976] (#18214)

Enables querying a resource type's registration to determine if a resource is cluster, partition, or partition and namespace scoped.
---
 internal/resource/demo/demo.go |  4 ++++
 internal/resource/registry.go  | 31 +++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go
index e055e165c09c..88fe7134c074 100644
--- a/internal/resource/demo/demo.go
+++ b/internal/resource/demo/demo.go
@@ -133,6 +133,7 @@ func RegisterTypes(r resource.Registry) {
 			List:  makeListACL(TypeV1Artist),
 		},
 		Validate: validateV1ArtistFn,
+		Scope:    resource.ScopeNamespace,
 	})
 
 	r.Register(resource.Registration{
@@ -143,6 +144,7 @@ func RegisterTypes(r resource.Registry) {
 			Write: writeACL,
 			List:  makeListACL(TypeV1Album),
 		},
+		Scope: resource.ScopeNamespace,
 	})
 
 	r.Register(resource.Registration{
@@ -155,6 +157,7 @@ func RegisterTypes(r resource.Registry) {
 		},
 		Validate: validateV2ArtistFn,
 		Mutate:   mutateV2ArtistFn,
+		Scope:    resource.ScopeNamespace,
 	})
 
 	r.Register(resource.Registration{
@@ -165,6 +168,7 @@ func RegisterTypes(r resource.Registry) {
 			Write: writeACL,
 			List:  makeListACL(TypeV2Album),
 		},
+		Scope: resource.ScopeNamespace,
 	})
 }
 
diff --git a/internal/resource/registry.go b/internal/resource/registry.go
index 9d278a31cf36..bd044565a7c4 100644
--- a/internal/resource/registry.go
+++ b/internal/resource/registry.go
@@ -20,6 +20,34 @@ var (
 	kindRegexp         = regexp.MustCompile(`^[A-Z][A-Za-z\d]+$`)
 )
 
+// Scope describes the tenancy scope of a resource.
+type Scope int
+
+const (
+	// There is no default scope, it must be set explicitly.
+	ScopeUndefined Scope = iota
+	// ScopeCluster describes a resource that is scoped to a cluster.
+	ScopeCluster
+	// ScopePartition describes a resource that is scoped to a partition.
+	ScopePartition
+	// ScopeNamespace applies to a resource that is scoped to a partition and namespace.
+	ScopeNamespace
+)
+
+func (s Scope) String() string {
+	switch s {
+	case ScopeUndefined:
+		return "undefined"
+	case ScopeCluster:
+		return "cluster"
+	case ScopePartition:
+		return "partition"
+	case ScopeNamespace:
+		return "namespace"
+	}
+	panic(fmt.Sprintf("string mapping missing for scope %v", int(s)))
+}
+
 type Registry interface {
 	// Register the given resource type and its hooks.
 	Register(reg Registration)
@@ -45,6 +73,9 @@ type Registration struct {
 	// Mutate is called to fill out any autogenerated fields (e.g. UUIDs) or
 	// apply defaults before validation.
 	Mutate func(*pbresource.Resource) error
+
+	// Scope describes the tenancy scope of a resource.
+	Scope Scope
 }
 
 type ACLHooks struct {

From b162c5152348e9a3cd4dfbfbd698709e6e0f6560 Mon Sep 17 00:00:00 2001
From: John Maguire <john.maguire@hashicorp.com>
Date: Mon, 24 Jul 2023 12:36:26 -0400
Subject: [PATCH 213/359] Fix some inconsistencies in jwt docs (#18234)

---
 .../connect/config-entries/jwt-provider.mdx   |  6 +--
 .../config-entries/service-intentions.mdx     | 45 +++++++++----------
 2 files changed, 24 insertions(+), 27 deletions(-)

diff --git a/website/content/docs/connect/config-entries/jwt-provider.mdx b/website/content/docs/connect/config-entries/jwt-provider.mdx
index 8716dde8c23f..43cfee2e5e9c 100644
--- a/website/content/docs/connect/config-entries/jwt-provider.mdx
+++ b/website/content/docs/connect/config-entries/jwt-provider.mdx
@@ -67,7 +67,7 @@ The following list outlines field hierarchy, language-specific data types, and r
 <Tab heading="YAML" group="yaml">
 
 - [`apiVersion`](#apiversion): string | required | must be set to `consul.hashicorp.com/v1alpha1`
-- [`kind`](#kind): string | required | must be set to `jwtProvider`
+- [`kind`](#kind): string | required | must be set to `JWTProvider`
 - [`metadata`](#metadata): map | required
   - [`name`](#metadata-name): string | required
   - [`namespace`](#metadata-namespace): string
@@ -289,8 +289,8 @@ CacheConfig = {
 
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1         # required
-kind: jwtProvider                                 # required            
-metadata:                                         # required    
+kind: JWTProvider                                 # required
+metadata:                                         # required
   name: <name-of-provider-configuration-entry>    # required
   namespace: <namespace>
 spec:                                             # required
diff --git a/website/content/docs/connect/config-entries/service-intentions.mdx b/website/content/docs/connect/config-entries/service-intentions.mdx
index 180e3aaabd96..b03fa555a30f 100644
--- a/website/content/docs/connect/config-entries/service-intentions.mdx
+++ b/website/content/docs/connect/config-entries/service-intentions.mdx
@@ -62,20 +62,20 @@ The following outline shows how to format the service intentions configuration e
 <Tab heading= "YAML" group="yaml">
 
 - [`apiVersion`](#apiversion): string | must be set to `consul.hashicorp.com/v1alpha1`
-- [`kind`](#kind): string | must be set to `ServiceIntentions` 
-- [`metadata`](#metadata): map | required 
-  - [`name`](#metadata-name): string | required  
+- [`kind`](#kind): string | must be set to `ServiceIntentions`
+- [`metadata`](#metadata): map | required
+  - [`name`](#metadata-name): string | required
   - [`namespace`](#metadata-namespace): string | `default` | <EnterpriseAlert inline/>
-- [`spec`](#spec): map | no default 
+- [`spec`](#spec): map | no default
   - [`destination`](#spec-destination): map | no default
     - [`name`](#spec-destination-name): string | required
     - [`namespace`](#metadata-namespace): string | `default` | <EnterpriseAlert inline/>
-  - [`jwt`](#spec-jwt): map 
-  - [`providers`](#spec-jwt-providers): list of maps
-    - [`name`](#spec-jwt-providers-name): string
-    - [`verifyClaims`](#spec-jwt-provider-verifyclaims): list of maps
-      - [`path`](#spec-jwt-provider-verifyclaims-path): list of strings
-      - [`value`](#spec-jwt-provider-verifyclaims-value): string
+  - [`jwt`](#spec-jwt): map
+    - [`providers`](#spec-jwt-providers): list of maps
+        - [`name`](#spec-jwt-providers-name): string
+        - [`verifyClaims`](#spec-jwt-provider-verifyclaims): list of maps
+            - [`path`](#spec-jwt-provider-verifyclaims-path): list of strings
+            - [`value`](#spec-jwt-provider-verifyclaims-value): string
   - [`sources`](#spec-sources): list | no default
     - [`name`](#spec-sources-name): string | no default
     - [`peer`](#spec-sources-peer): string | no default
@@ -86,20 +86,19 @@ The following outline shows how to format the service intentions configuration e
     - [`permissions`](#spec-sources-permissions): list | no default
       - [`action`](#spec-sources-permissions-action): string | no default  | required
       - [`http`](#spec-sources-permissions-http): map | required
-        - [`pathExact`](#spec-sources-permissions-http): string | no default 
-        - [`pathPrefix`](#spec-sources-permissions-http): string | no default 
-        - [`pathRegex`](#spec-sources-permissions-http): string | no default 
-        - [`methods`](#spec-sources-permissions-http): list | no default 
-          - [`header`](#spec-sources-permissions-http-header): list of maps |no default 
+        - [`pathExact`](#spec-sources-permissions-http): string | no default
+        - [`pathPrefix`](#spec-sources-permissions-http): string | no default
+        - [`pathRegex`](#spec-sources-permissions-http): string | no default
+        - [`methods`](#spec-sources-permissions-http): list | no default
+          - [`header`](#spec-sources-permissions-http-header): list of maps |no default
             - [`name`](#spec-sources-permissions-http-header): string | required
-            - [`present`](#spec-sources-permissions-http-header): boolean | `false` 
+            - [`present`](#spec-sources-permissions-http-header): boolean | `false`
             - [`exact`](#spec-sources-permissions-http-header): string | no default
             - [`prefix`](#spec-sources-permissions-http-header): string | no default
             - [`suffix`](#spec-sources-permissions-http-header): string | no default
             - [`regex`](#spec-sources-permissions-http-header): string | no default
-            - [`invert`](#spec-sources-permissions-http-header): boolean | `false` 
-    - [`type`](#spec-sources-type): string | `consul` 
-    - [`description`](#spec-sources-description): string 
+            - [`invert`](#spec-sources-permissions-http-header): boolean | `false`
+    - [`description`](#spec-sources-description): string
 
 </Tab>
 </Tabs>
@@ -195,15 +194,14 @@ Sources = [
 
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
-kind: service-intentions
+kind: ServiceIntentions
 metadata:
   name: <name of destination service>
   namespace: <destination namespace>
 spec:
   destination:
-    destination: 
-      name: <name of destination service>
-      namespace: <destination namespace>
+    name: <name of destination service>
+    namespace: <destination namespace>
   jwt:
     providers:
       name: <JWT-provider-name>
@@ -238,7 +236,6 @@ spec:
       - name: <http header name>
         regex: <regex pattern to match>
         invert: false
-  type: consul
   description: <description for API responses>
 ```
 </Tab>

From b7cdd18575a581afddba4d2e4569c1027728888a Mon Sep 17 00:00:00 2001
From: Paul Glass <pglass@hashicorp.com>
Date: Mon, 24 Jul 2023 11:53:00 -0500
Subject: [PATCH 214/359] NET-1825: More new ACL token creation docs (#18063)

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 .../create/create-a-consul-esm-token.mdx      | 382 ++++++++++++++++++
 .../acl/tokens/create/create-a-dns-token.mdx  | 331 +++++++++++++++
 .../create/create-a-replication-token.mdx     | 312 ++++++++++++++
 .../create/create-a-snapshot-agent-token.mdx  | 173 ++++++++
 ...reate-a-token-for-vault-consul-storage.mdx | 164 ++++++++
 .../tokens/create/create-an-agent-token.mdx   |   6 +-
 website/data/docs-nav-data.json               |  20 +
 7 files changed, 1385 insertions(+), 3 deletions(-)
 create mode 100644 website/content/docs/security/acl/tokens/create/create-a-consul-esm-token.mdx
 create mode 100644 website/content/docs/security/acl/tokens/create/create-a-dns-token.mdx
 create mode 100644 website/content/docs/security/acl/tokens/create/create-a-replication-token.mdx
 create mode 100644 website/content/docs/security/acl/tokens/create/create-a-snapshot-agent-token.mdx
 create mode 100644 website/content/docs/security/acl/tokens/create/create-a-token-for-vault-consul-storage.mdx

diff --git a/website/content/docs/security/acl/tokens/create/create-a-consul-esm-token.mdx b/website/content/docs/security/acl/tokens/create/create-a-consul-esm-token.mdx
new file mode 100644
index 000000000000..cf33e95248f9
--- /dev/null
+++ b/website/content/docs/security/acl/tokens/create/create-a-consul-esm-token.mdx
@@ -0,0 +1,382 @@
+---
+layout: docs
+page_title: Create tokens for for Consul external service monitor
+description: >-
+  Learn how to create ACL tokens for the Consul external service monitor
+---
+
+# Create a Consul ESM token
+
+This topic describes how to create a token for the Consul external service monitor.
+
+## Introduction
+
+Consul external service monitor (ESM) can monitor third-party or external services in contexts where you are unable to run a Consul agent. To learn more about Consul ESM, refer to the [Register External Services with Consul Service Discovery](/consul/tutorials/developer-discovery/service-registration-external-services) tutorial.
+
+
+## Requirements
+
+Core ACL functionality is available in all versions of Consul.
+
+Consul ESM must present a token linked to policies that grant the following permissions:
+
+* `agent:read`: Enables checking version compatibility and calculating network coordinates
+* `key:write`: Enables storing state in the Consul KV store
+* `node:read`: Enables discovering Consul nodes to monitor
+* `node:write`: Enables updating status for the nodes that Consul ESM monitors
+* `service:write`: Enables Consul ESM to register as a service in the catalog
+* `session:write`: Enables Consul ESM is registered to acquire a leader lock
+* `acl:read`: (Enterprise-only) Enables Consul ESM to scan namespaces for nodes and health checks to monitor
+
+Consul ESM only supports `default` admin partitions.
+
+@include 'create-token-requirements.mdx'
+
+## Consul ESM token in Consul OSS
+
+To create a token for Consul ESM, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions for Consul ESM running on an agent with the node name `agent1` to monitor two nodes named `node1` and `node2`. It allows Consul ESM to register into the catalog as the `consul-esm` service and write keys with the prefix `consul-esm/` in the Consul KV store.
+
+<CodeTabs>
+
+```hcl
+agent "agent1" {
+  policy = "read"
+}
+key_prefix "consul-esm/" {
+  policy = "write"
+}
+node_prefix "" {
+  policy = "read"
+}
+service "consul-esm" {
+  policy = "write"
+}
+session "agent1" {
+   policy = "write"
+}
+node "node1" {
+  policy = "write"
+}
+node "node2" {
+  policy = "write"
+}
+```
+
+```json
+{
+  "agent": {
+    "agent1": [{
+      "policy": "read"
+    }]
+  },
+  "key_prefix": {
+    "consul-esm/": [{
+      "policy": "write"
+    }]
+  },
+  "node": {
+    "node1": [{
+      "policy": "write"
+    }],
+    "node2": [{
+      "policy": "write"
+    }]
+  },
+  "node_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "service": {
+    "consul-esm": [{
+      "policy": "write"
+    }]
+  },
+  "session": {
+    "agent1": [{
+      "policy": "write"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+The following example registers a policy defined in `esm-policy.hcl`.
+
+```shell-session
+$ consul acl policy create \
+    -name "esm-policy" -rules @esm-policy.hcl \
+    -description "Policy for Consul ESM"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+The following example registers the policy defined in `esm-policy.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "esm-policy",
+  "Description": "Policy for Consul ESM",
+  "Rules": "agent \"agent1\" {\n  policy = \"read\"\n}\nkey_prefix \"consul-esm/\" {\n  policy = \"write\"\n}\nnode_prefix \"\" {\n  policy = \"read\"\n}\nservice \"consul-esm\" {\n  policy = \"write\"\n}\nsession \"agent1\" {\n   policy = \"write\"\n}\nnode \"node1\" {\n  policy = \"write\"\n}\nnode \"node2\" {\n  policy = \"write\"\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following example creates an ACL token linked to the policy `esm-policy`.
+
+```shell-session
+$ consul acl token create \
+    -description "Token for Consul ESM" \
+    -policy-name "esm-policy"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates an ACL token linked to the policy `esm-policy`.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "esm-policy"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+
+## Consul ESM token in Consul Enterprise
+
+To create a token for Consul ESM, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions for Consul ESM running on an agent named `agent1` to monitor two nodes named `node1` and `node2`. It allows Consul ESM to register into the catalog as the `consul-esm` service, to write keys with the prefix `consul-esm/` in the Consul KV store, and to scan the `default` and `ns1` namespaces for nodes and health checks to monitor.
+
+<CodeTabs>
+
+```hcl
+partition "default" {
+  agent "agent1" {
+    policy = "read"
+  }
+  key_prefix "consul-esm/" {
+    policy = "write"
+  }
+  node_prefix "" {
+    policy = "read"
+  }
+  service "consul-esm" {
+    policy = "write"
+  }
+  session "agent1" {
+    policy = "write"
+  }
+
+  node "node1" {
+    policy = "write"
+  }
+  node "node1" {
+    policy = "write"
+  }
+
+  namespace "default" {
+    acl = "read"
+  }
+  namespace "ns1" {
+    acl = "read"
+  }
+}
+```
+
+```json
+{
+  "partition": {
+    "default": [{
+      "agent": {
+        "agent1": [{
+          "policy": "read"
+        }]
+      },
+      "key_prefix": {
+        "consul-esm/": [{
+          "policy": "write"
+        }]
+      },
+      "namespace": {
+        "default": [{
+          "acl": "read"
+        }],
+        "ns1": [{
+          "acl": "read"
+        }]
+      },
+      "node": {
+        "node1": [{
+          "policy": "write"
+        },
+        {
+          "policy": "write"
+        }]
+      },
+      "node_prefix": {
+        "": [{
+          "policy": "read"
+        }]
+      },
+      "service": {
+        "consul-esm": [{
+          "policy": "write"
+        }]
+      },
+      "session": {
+        "agent1": [{
+          "policy": "write"
+        }]
+      }
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+You can specify an admin partition and namespace when creating policies in Consul Enterprise. The policy is only valid in the specified scopes. The example policy contains permissions for multiple namespaces in multiple partitions. You must create ACL policies that grant permissions for multiple namespaces in multiple partitions in the `default` namespace and the `default` partition.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+The following command registers a policy defined in `esm-policy.hcl`.
+
+```shell-session
+$ consul acl policy create -partition "default" -namespace "default" \
+    -name "esm-policy" -rules @esm-policy.hcl \
+    -description "Policy for Consul ESM"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+The following example registers the policy defined in `esm-policy.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "esm-policy",
+  "Description": "Policy for Consul ESM",
+  "Partition": "default",
+  "Namespace": "default",
+  "Rules": "partition \"default\" {\n  agent \"agent1\" {\n    policy = \"read\"\n  }\n  key_prefix \"consul-esm/\" {\n    policy = \"write\"\n  }\n  node_prefix \"\" {\n    policy = \"read\"\n  }\n  service \"consul-esm\" {\n    policy = \"write\"\n  }\n  session \"agent1\" {\n    policy = \"write\"\n  }\n\n  node \"node1\" {\n    policy = \"write\"\n  }\n  node \"node1\" {\n    policy = \"write\"\n  }\n\n  namespace \"default\" {\n    acl = \"read\"\n  }\n  namespace \"ns1\" {\n    acl = \"read\"\n  }\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+You can specify an admin partition and namespace when creating tokens in Consul Enterprise. The token must be created in the partition and namespace where the policy was created. The following example creates an ACL token in the `default` namespace in the `default` partition.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+
+The following command creates the ACL token linked to the policy `esm-policy`.
+
+```shell-session
+$ consul acl token create -partition "default" -namespace "default" \
+    -description "Token for Consul ESM" \
+    -policy-name "esm-policy"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates an ACL token linked to the policy `esm-policy`.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "esm-policy"
+    }
+  ],
+  "Partition": "default",
+  "Namespace": "default"
+}'
+```
+
+</Tab>
+
+</Tabs>
diff --git a/website/content/docs/security/acl/tokens/create/create-a-dns-token.mdx b/website/content/docs/security/acl/tokens/create/create-a-dns-token.mdx
new file mode 100644
index 000000000000..f4d87b7724bf
--- /dev/null
+++ b/website/content/docs/security/acl/tokens/create/create-a-dns-token.mdx
@@ -0,0 +1,331 @@
+---
+layout: docs
+page_title: Create tokens for service registration
+description: >-
+  Learn how to create ACL tokens to enable Consul DNS.
+---
+
+# Create a DNS token
+
+This topic describes how to create a token that enables the Consul DNS to query services in the network when ACLs are enabled.
+
+## Introduction
+
+The Consul binary ships with a DNS server that you can use for service discovery in your network. The agent that fulfills DNS lookups requires appropriate ACL permissions to discover services, nodes, and prepared queries registered in Consul.
+
+A Consul agent must be configured with a token linked to policies that grant the appropriate set of permissions.
+
+Specify the [`default`](/consul/docs/agent/config/config-files#acl_tokens_default) token to the Consul agent to authorize the agent to respond to DNS queries. Refer to [DNS usage overview](/consul/docs/services/discovery/dns-overview) for details on configuring and using Consul DNS.
+
+## Requirements
+
+Core ACL functionality is available in all versions of Consul.
+
+The DNS token must be linked to policies that grant the following permissions:
+
+* `service:read`: Enables the agent to perform service lookups for DNS
+* `node:read`: Enables node lookups over DNS
+* `query:read`: Enables the agent to perform prepared query lookups for DNS
+
+@include 'create-token-requirements.mdx'
+
+## DNS token in Consul OSS
+
+To create a token for DNS, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions to enable a Consul agent to respond to DNS queries.
+
+<CodeTabs>
+
+```hcl
+node_prefix "" {
+  policy = "read"
+}
+service_prefix "" {
+  policy = "read"
+}
+query_prefix "" {
+  policy = "read"
+}
+```
+
+```json
+{
+  "node_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "query_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "service_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+The following example registers a policy defined in `dns-access.hcl`.
+
+```shell-session
+$ consul acl policy create \
+    -name "dns-access" -rules @dns-access.hcl \
+    -description "DNS Policy"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+The following example registers the policy defined in `dns-access.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "dns-access",
+  "Description": "DNS Policy",
+  "Rules": "node_prefix \"\" {\n  policy = \"read\"\n}\nservice_prefix \"\" {\n  policy = \"read\"\n}\nquery_prefix \"\" {\n  policy = \"read\"\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates the ACL token linked to the policy `dns-access`.
+
+```shell-session
+$ consul acl token create \
+    -description "DNS token" \
+    -policy-name "dns-access"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates the ACL token linked to the policy `dns-access`.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "dns-access"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## DNS token in Consul Enterprise
+
+To create a token for DNS, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions to enable a Consul agent to respond to DNS queries for resources in any namespace in any partition.
+
+<CodeTabs>
+
+```hcl
+partition_prefix "" {
+  namespace_prefix "" {
+    node_prefix "" {
+      policy = "read"
+    }
+    service_prefix "" {
+      policy = "read"
+    }
+    query_prefix "" {
+      policy = "read"
+    }
+  }
+}
+```
+
+```json
+{
+  "partition_prefix": {
+    "": [{
+      "namespace_prefix": {
+        "": [{
+          "node_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          },
+          "query_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          },
+          "service_prefix": {
+            "": [{
+              "policy": "read"
+            }]
+          }
+        }]
+      }
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+You can specify an admin partition when creating policies in Consul Enterprise. The policy is only valid in the specified admin partition. The example policy contains permissions for multiple namespaces in multiple partitions. You must create ACL policies that grant permissions for multiple namespaces in multiple partitions in the `default` namespace and the `default` partition.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+```shell-session
+consul acl policy create -partition "default" -namespace "default" \
+  -name dns-access -rules @dns-access.hcl \
+  -description "DNS Policy"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+The following example registers the policy defined in `dns-access.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "dns-access",
+  "Description": "DNS Policy",
+  "Partition": "default",
+  "Namespace": "default",
+  "Rules": "partition_prefix \"\" {\n  namespace_prefix \"\" {\n    node_prefix \"\" {\n      policy = \"read\"\n    }\n    service_prefix \"\" {\n      policy = \"read\"\n    }\n    query_prefix \"\" {\n      policy = \"read\"\n    }\n  }\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates the ACL token linked to the policy `dns-access`.
+
+```shell-session
+$ consul acl token create -partition "default" -namespace "default" \
+    -description "DNS token" \
+    -policy-name "dns-access"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates the ACL token linked to the policy `dns-access`.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "dns-access"
+    }
+  ],
+  "Partition": "default",
+  "Namespace": "default"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Apply the token
+
+Configure the Consul agent with the token by either specifying the token in the agent configuration file or by using the `consul set-agent-token` command.
+
+### Apply the token in a file
+
+Specify the token in the [`default`](/consul/docs/agent/config/config-files#acl_tokens_default) field of the agent configuration file so that the agent can present it and register into the catalog on startup.
+
+```hcl
+acl = {
+  enabled = true
+  tokens = {
+    default = "<token>"
+    ...
+  }
+  ...
+}
+```
+
+### Apply the token with a command
+
+Set the `default` token using the [`acl.token.default`](/consul/docs/agent/config/config-files#acl_tokens_default)  command. The following command configures a running Consul agent token with the specified token.
+
+```shell-session
+$ consul set-agent-token default <acl-token-secret-id>
+```
+
diff --git a/website/content/docs/security/acl/tokens/create/create-a-replication-token.mdx b/website/content/docs/security/acl/tokens/create/create-a-replication-token.mdx
new file mode 100644
index 000000000000..f38f4682fcc2
--- /dev/null
+++ b/website/content/docs/security/acl/tokens/create/create-a-replication-token.mdx
@@ -0,0 +1,312 @@
+---
+layout: docs
+page_title: Create tokens for service registration
+description: >-
+  Learn how to create ACL tokens that a server agent in a secondary datacenter can use for ACL token replication between WAN-federated datacenters.
+---
+
+# Create a replication token
+
+This topic describes how to configure an ACL token for ACL replication between WAN-federated datacenters. If your Consul clusters are connected through peer connections, ACL replication is not required. To learn more about cluster peering, refer to the [comparison between WAN federation and cluster peering](/consul/docs/connect/cluster-peering#compared-with-wan-federation).
+
+## Introduction
+
+Consul agents must present a token linked to policies that grant the appropriate set of permissions.
+Specify the [`replication`](/consul/docs/agent/config/config-files#acl_tokens_replication) token on each server in a non-primary datacenter. For hands-on instructions on how to configure ACL replication across datacenters, refer to the [ACL Replication for Multiple Datacenters](/consul/tutorials/security-operations/access-control-replication-multiple-datacenters) tutorial.
+
+
+## Requirements
+
+Core ACL functionality is available in all versions of Consul.
+
+For a Consul server agent with ACL replication enabled in a secondary datacenter, the token must be linked to a policy that grants the following permissions:
+
+* `acl:write`: Enables replication of ACL resources
+* `operator:write`: Enables replication of the proxy-defaults configuration entry and enables CA certification signing in the secondary datacenter
+* `service:read` and `intention:read`: Enables replication of the service-defaults and intentions configuration entries
+
+@include 'create-token-requirements.mdx'
+
+## Replication token in Consul OSS
+
+To create a token for ACL replication, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions for ACL replication.
+
+<CodeTabs>
+
+```hcl
+acl = "write"
+operator = "write"
+service_prefix "" {
+  policy = "read"
+  intentions = "read"
+}
+```
+
+```json
+{
+  "acl": "write",
+  "operator": "write",
+  "service_prefix": {
+    "": [{
+      "intentions": "read",
+      "policy": "read"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+The following example registers a policy defined in `acl-replication.hcl`.
+
+```shell-session
+$ consul acl policy create \
+    -name "acl-replication" -rules @acl-replication.hcl \
+    -description "ACL replication token"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+The following example registers the policy defined in `acl-replication.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "acl-replication",
+  "Description": "ACL replication",
+  "Rules": "acl = \"write\"\noperator = \"write\"\nservice_prefix \"\" {\n  policy = \"read\"\n  intentions = \"read\"\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an auth method.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates the ACL token linked to the policy `acl-replication`.
+
+```shell-session
+$ consul acl token create \
+    -description "ACL replication" \
+    -policy-name "acl-replication"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates the ACL token linked to the policy `acl-replication`.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "acl-replication"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Replication token in Consul Enterprise
+
+To create a token for ACL replication, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The following example policy grants the appropriate permissions for ACL replication.
+
+<CodeTabs>
+
+```hcl
+operator = "write"
+service_prefix "" {
+  policy = "read"
+  intentions = "read"
+}
+namespace_prefix "" {
+  acl = "write"
+  service_prefix "" {
+    policy = "read"
+    intentions = "read"
+  }
+}
+```
+
+```json
+{
+  "namespace_prefix": {
+    "": [{
+      "acl": "write",
+      "service_prefix": {
+        "": [{
+          "intentions": "read",
+          "policy": "read"
+        }]
+      }
+    }]
+  },
+  "operator": "write",
+  "service_prefix": {
+    "": [{
+      "intentions": "read",
+      "policy": "read"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+You can specify an admin partition, namespace, or both when registering policies in Consul Enterprise. Policies are only valid in the specified scopes. The policy for replication must be created in the `default` namespace and `default` partition.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+The following example registers a policy defined in `acl-replication.hcl`.
+
+```shell-session
+$ consul acl policy create -partition "default" -namespace "default" \
+    -name "acl-replication" -rules @acl-replication.hcl \
+    -description "ACL replication token"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+The following example registers the policy defined in `acl-replication.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "acl-replication",
+  "Description": "ACL replication",
+  "Partition": "default",
+  "Namespace": "default",
+  "Rules": "operator = \"write\"\nservice_prefix \"\" {\n  policy = \"read\"\n  intentions = \"read\"\n}\nnamespace_prefix \"\" {\n  acl = \"write\"\n  service_prefix \"\" {\n    policy = \"read\"\n    intentions = \"read\"\n  }\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy.  Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+```shell-session
+$ consul acl token create -partition "default" -namespace "default" \
+    -description "ACL replication" \
+    -policy-name "acl-replication"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates the ACL token linked to the policy `acl-replication`.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "acl-replication"
+    }
+  ],
+  "Partition": "default",
+  "Namespace": "default"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+## Apply the token
+
+Configure the Consul agent with the token by either specifying the token in the agent configuration file or by using the `consul set-agent-token` command.
+
+### Apply the token in a file
+
+Specify the token in the [`replication`](/consul/docs/agent/config/config-files#acl_tokens_replication) field of the agent configuration file so that the agent can present it and register into the catalog on startup.
+
+```hcl
+acl = {
+  enabled = true
+  tokens = {
+    replication = "<token>"
+    ...
+  }
+  ...
+}
+```
+
+### Apply the token with a command
+
+Set the `replication` token using the [`consul set-agent-token`](/consul/commands/acl/set-agent-token) command. The following command configures a running Consul agent token with the specified token.
+
+```shell-session
+$ consul set-agent-token replication <acl-token-secret-id>
+```
+
diff --git a/website/content/docs/security/acl/tokens/create/create-a-snapshot-agent-token.mdx b/website/content/docs/security/acl/tokens/create/create-a-snapshot-agent-token.mdx
new file mode 100644
index 000000000000..374498a93d75
--- /dev/null
+++ b/website/content/docs/security/acl/tokens/create/create-a-snapshot-agent-token.mdx
@@ -0,0 +1,173 @@
+---
+layout: docs
+page_title: Create tokens for snapshot agents
+description: >-
+  Learn how to create an ACL token for the Consul snapshot agent.
+---
+
+# Create a snapshot agent token
+
+This topic describes how to create a token for the Consul snapshot agent.
+
+<EnterpriseAlert />
+
+## Introduction
+
+The `consul snapshot agent` command starts a process that takes snapshots of the state of the Consul
+servers and either saves them locally or pushes them to a remote storage service. Refer to [Consul Snapshot Agent](/consul/commands/snapshot/agent) for additional information.
+
+## Requirements
+
+Core ACL functionality is available in all versions of Consul.
+
+### Requirements for the `agent` command
+
+The [`agent`](/consul/commands/snapshot/agent) subcommand requires [Consul Enterprise](https://www.hashicorp.com/products/consul/). All other [`snapshot` subcommands](/consul/commands/snapshot) are available in the open source version of Consul.
+
+### Snapshot agent ACL requirements
+
+The Consul snapshot agent must present a token linked to policies that grant the following set of permissions.
+
+* `acl:write`: Enables the agent read and snapshot ACL data
+* `key:write`: Enables the agent to create a key in the Consul KV store that serves as a leader election lock when multiple snapshot agents are running in an environment
+* `session:write`: Enables the agent to create sessions for the specified Consul node where it is running
+* `service:write`: Enables the agent to register into the catalog
+
+@include 'create-token-requirements.mdx'
+
+## Create a token
+
+To create a token for the snapshot agent, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions for a snapshot agent running on a node named `server-1234` to register into the catalog as the `consul-snapshot` service. It uses the key `consul-snapshot/lock` for a leader election lock.
+
+<CodeTabs>
+
+```hcl
+acl = "write"
+key "consul-snapshot/lock" {
+  policy = "write"
+}
+session "server-1234" {
+  policy = "write"
+}
+service "consul-snapshot" {
+  policy = "write"
+}
+```
+
+```json
+{
+  "acl": "write",
+  "key": {
+    "consul-snapshot/lock": [{
+      "policy": "write"
+    }]
+  },
+  "service": {
+    "consul-snapshot": [{
+      "policy": "write"
+    }]
+  },
+  "session": {
+    "server-1234": [{
+      "policy": "write"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+You can specify an admin partition and namespace when creating policies in Consul Enterprise. Policies are only valid in the specified scopes. You must create the policy for the snapshot agent in the `default` namespace in the `default` partition.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+The following example registers a policy defined in `snapshot-agent.hcl`:
+
+```shell-session
+$ consul acl policy create -partition "default" -namespace "default" \
+  -name snapshot-agent -rules @snapshot-agent.hcl \
+  -description "Snapshot agent policy"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+The following example registers the policy defined in `snapshot-agent.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "snapshot-agent",
+  "Description": "Snapshot agent policy",
+  "Partition": "default",
+  "Namespace": "default",
+  "Rules": "acl = \"write\"\nkey \"consul-snapshot/lock\" {\n  policy = \"write\"\n}\nsession \"server-1234\" {\n  policy = \"write\"\n}\nservice \"consul-snapshot\" {\n  policy = \"write\"\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policies into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+You can specify an admin partition and namespace when creating tokens in Consul Enterprise. Tokens are only valid in the specified scopes. The snapshot agent token must be created in the `default` namespace in the `default` partition.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates the ACL token linked to the policy `snapshot-agent`.
+
+```shell-session
+$ consul acl token create -partition "default" -namespace "default" \
+    -description "Snapshot agent token" \
+    -policy-name "snapshot-agent"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "snapshot-agent"
+    }
+  ],
+  "Partition": "default",
+  "Namespace": "default"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
diff --git a/website/content/docs/security/acl/tokens/create/create-a-token-for-vault-consul-storage.mdx b/website/content/docs/security/acl/tokens/create/create-a-token-for-vault-consul-storage.mdx
new file mode 100644
index 000000000000..ab2c04061499
--- /dev/null
+++ b/website/content/docs/security/acl/tokens/create/create-a-token-for-vault-consul-storage.mdx
@@ -0,0 +1,164 @@
+---
+layout: docs
+page_title: Create tokens for service registration
+description: Learn how to create an ACL token for Vault’s Consul storage backend.
+---
+
+# Create a token for Vault with Consul storage backend
+
+This topic describes how to create a token for Vault’s Consul storage backend.
+
+## Introduction
+
+If you are using Vault to manage secrets in your infrastructure, you can configure Vault to use Consul's key/value (KV) store as backend storage to persist Vault's data. Refer to the [Consul KV documentation](/consul/docs/dynamic-app-config/kv) and the [Vault storage documentation](/vault/docs/configuration/storage) for additional information.
+
+## Requirements
+
+Core ACL functionality is available in all versions of Consul.
+
+The Vault Consul storage backend must present a token linked to policies that grant the following permissions:
+
+* `agent:read`: Provides KV visibility to all agents
+* `key:write`: Enables writing to the KV store
+* `service:write`: Enables the Vault service to register into the catalog
+* `session:write`: Enables the agent to initialize a new session
+
+@include 'create-token-requirements.mdx'
+
+## Create a token linked to a policy
+
+To create a token for Vault’s Consul storage backend, you must define a policy, register the policy with Consul, and link the policy to a token.
+
+### Define a policy
+
+You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.
+
+The following example policy is defined in a file. The policy grants the appropriate permissions to enable Vault to register as a service named `vault` and provides access to the `vault/` path in Consul's KV store.
+
+<CodeTabs>
+
+```hcl
+agent_prefix "" {
+  policy = "read"
+}
+key_prefix "vault/" {
+  policy = "write"
+}
+service "vault" {
+  policy = "write"
+}
+session_prefix "" {
+  policy = "write"
+}
+```
+
+```json
+{
+  "agent_prefix": {
+    "": [{
+      "policy": "read"
+    }]
+  },
+  "key_prefix": {
+    "vault/": [{
+      "policy": "write"
+    }]
+  },
+  "service": {
+    "vault": [{
+      "policy": "write"
+    }]
+  },
+  "session_prefix": {
+    "": [{
+      "policy": "write"
+    }]
+  }
+}
+```
+
+</CodeTabs>
+
+### Register the policy with Consul
+
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+
+Run the `consul acl policy create` command and specify the policy rules to create a policy. Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.
+
+The following example registers a policy defined in `vault-storage-backend.hcl`.
+
+```shell-session
+$ consul acl policy create -partition "default" -namespace "default" \
+  -name vault-storage-backend -rules @vault-storage-backend.hcl \
+  -description "Policy for the Vault Consul storage backend"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.
+
+The following example registers the policy defined in `vault-storage-backend.hcl`. You must embed policy rules in the `Rules` field of the request body.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Name": "vault-storage-backend",
+  "Description": "Policy for the Vault Consul storage backend",
+  "Rules": "agent_prefix \"\" {\n  policy = \"read\"\n}\nkey_prefix \"vault/\" {\n  policy = \"write\"\n}\nservice \"vault\" {\n  policy = \"write\"\n}\nsession_prefix \"\" {\n  policy = \"write\"\n}\n"
+}'
+```
+
+</Tab>
+
+</Tabs>
+
+### Link the policy to a token
+
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+
+<Tabs>
+
+<Tab heading="CLI" group="CLI">
+
+Run the `consul acl token create` command and specify the policy name or ID to create a token linked to the policy. Refer to [Consul ACL Token Create](/consul/commands/acl/token/create) for details about the `consul acl token create` command.
+
+The following command creates the ACL token linked to the policy `vault-storage-backend`.
+
+```shell-session
+$ consul acl token create \
+    -description "Token for the Vault Consul storage backend" \
+    -policy-name "vault-storage-backend"
+```
+
+</Tab>
+
+<Tab heading="API" group="API">
+
+Send a PUT request to the `/acl/token` endpoint and specify the policy name or ID in the request to create an ACL token linked to the policy. Refer to [ACL Token HTTP API](/consul/api-docs/acl/tokens) for additional information about using the API endpoint.
+
+The following example creates the ACL token linked to the policy `vault-storage-backend`.
+
+```shell-session
+$ curl --request PUT http://127.0.0.1:8500/v1/acl/token \
+  --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
+  --data '{
+  "Policies": [
+    {
+      "Name": "vault-storage-backend"
+    }
+  ]
+}'
+```
+
+</Tab>
+
+</Tabs>
+
diff --git a/website/content/docs/security/acl/tokens/create/create-an-agent-token.mdx b/website/content/docs/security/acl/tokens/create/create-an-agent-token.mdx
index 598db91125f2..1fa06d7c4d3d 100644
--- a/website/content/docs/security/acl/tokens/create/create-an-agent-token.mdx
+++ b/website/content/docs/security/acl/tokens/create/create-an-agent-token.mdx
@@ -165,7 +165,7 @@ service_prefix "" {
 
 ### Register the policy with Consul
 
-After defining the policies, you can register them with Consul using the command line or API endpoint.
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
 
 <Tabs>
 
@@ -299,7 +299,7 @@ partition "ptn1" {
 
 ### Register the policy with Consul
 
-After defining the policies, you can register them with Consul using the command line or API endpoint.
+After defining the policy, you can register the policy with Consul using the command line or API endpoint.
 
 <Tabs>
 
@@ -340,7 +340,7 @@ Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional inf
 
 ### Link the policy to a token
 
-After registering the policies into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
+After registering the policy into Consul, you can create and link tokens using the Consul command line or API endpoint. You can also enable Consul to dynamically create tokens from trusted external systems using an [auth method](/consul/docs/security/acl/auth-methods).
 
 <Tabs>
 
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 90ddb493ef56..f5789535cca5 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -926,6 +926,26 @@
                   {
                     "title": "Create a terminating gateway token",
                     "path": "security/acl/tokens/create/create-a-terminating-gateway-token"
+                  },
+                  {
+                    "title": "Create a DNS token",
+                    "path": "security/acl/tokens/create/create-a-dns-token"
+                  },
+                  {
+                    "title": "Create a replication token",
+                    "path": "security/acl/tokens/create/create-a-replication-token"
+                  },
+                  {
+                    "title": "Create a snapshot agent token",
+                    "path": "security/acl/tokens/create/create-a-snapshot-agent-token"
+                  },
+                  {
+                    "title": "Create a token for Vault's Consul storage backend",
+                    "path": "security/acl/tokens/create/create-a-token-for-vault-consul-storage"
+                  },
+                  {
+                    "title": "Create a Consul ESM token",
+                    "path": "security/acl/tokens/create/create-a-consul-esm-token"
                   }
                 ]
               }

From 4d3f9a1ee2682b42d4328c0704dddecf552cc994 Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Mon, 24 Jul 2023 13:10:22 -0400
Subject: [PATCH 215/359] grafana: add the panel resource usage of connect
 injector (#18247)

---
 .../consul-k8s-control-plane-monitoring.json  | 6322 +++++++++--------
 1 file changed, 3339 insertions(+), 2983 deletions(-)

diff --git a/grafana/consul-k8s-control-plane-monitoring.json b/grafana/consul-k8s-control-plane-monitoring.json
index a00f80b083dd..e84fe8c6b963 100644
--- a/grafana/consul-k8s-control-plane-monitoring.json
+++ b/grafana/consul-k8s-control-plane-monitoring.json
@@ -1,3111 +1,3467 @@
 {
-      "annotations": {
+    "annotations": {
         "list": [
-          {
-            "builtIn": 1,
-            "datasource": {
-              "type": "grafana",
-              "uid": "-- Grafana --"
-            },
-            "enable": true,
-            "hide": true,
-            "iconColor": "rgba(0, 211, 255, 1)",
-            "name": "Annotations & Alerts",
-            "target": {
-              "limit": 100,
-              "matchAny": false,
-              "tags": [],
-              "type": "dashboard"
-            },
-            "type": "dashboard"
-          }
-        ]
-      },
-      "editable": true,
-      "fiscalYearStartMonth": 0,
-      "graphTooltip": 0,
-      "id": 8,
-      "links": [],
-      "liveNow": false,
-      "panels": [
-        {
-          "collapsed": false,
-          "gridPos": {
-            "h": 1,
-            "w": 24,
-            "x": 0,
-            "y": 0
-          },
-          "id": 16,
-          "panels": [],
-          "title": "Cluster Status",
-          "type": "row"
-        },
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "PBFA97CFB590B2093"
-          },
-          "fieldConfig": {
-            "defaults": {
-              "mappings": [],
-              "thresholds": {
-                "mode": "absolute",
-                "steps": [
-                  {
-                    "color": "green",
-                    "value": null
-                  },
-                  {
-                    "color": "red",
-                    "value": 80
-                  }
-                ]
-              },
-              "unit": "short"
-            },
-            "overrides": []
-          },
-          "gridPos": {
-            "h": 8,
-            "w": 6,
-            "x": 0,
-            "y": 1
-          },
-          "id": 10,
-          "options": {
-            "colorMode": "value",
-            "graphMode": "none",
-            "justifyMode": "auto",
-            "orientation": "auto",
-            "reduceOptions": {
-              "calcs": [
-                "last"
-              ],
-              "fields": "",
-              "limit": 1,
-              "values": true
-            },
-            "textMode": "auto"
-          },
-          "pluginVersion": "9.5.5",
-          "targets": [
             {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "editorMode": "code",
-              "exemplar": false,
-              "expr": "consul_consul_server_0_members_servers{pod=\"consul-server-0\"}",
-              "hide": false,
-              "instant": true,
-              "legendFormat": "__auto",
-              "range": false,
-              "refId": "A"
+                "builtIn": 1,
+                "datasource": {
+                    "type": "grafana",
+                    "uid": "-- Grafana --"
+                },
+                "enable": true,
+                "hide": true,
+                "iconColor": "rgba(0, 211, 255, 1)",
+                "name": "Annotations & Alerts",
+                "target": {
+                    "limit": 100,
+                    "matchAny": false,
+                    "tags": [],
+                    "type": "dashboard"
+                },
+                "type": "dashboard"
             }
-          ],
-          "title": "Number of Consul Servers",
-          "type": "stat"
-        },
+        ]
+    },
+    "editable": true,
+    "fiscalYearStartMonth": 0,
+    "graphTooltip": 0,
+    "id": 1,
+    "links": [],
+    "liveNow": false,
+    "panels": [
         {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "PBFA97CFB590B2093"
-          },
-          "description": "No data in agentless mode",
-          "fieldConfig": {
-            "defaults": {
-              "mappings": [],
-              "thresholds": {
-                "mode": "absolute",
-                "steps": [
-                  {
-                    "color": "green",
-                    "value": null
-                  },
-                  {
-                    "color": "red",
-                    "value": 80
-                  }
-                ]
-              },
-              "unit": "short"
-            },
-            "overrides": []
-          },
-          "gridPos": {
-            "h": 8,
-            "w": 8,
-            "x": 6,
-            "y": 1
-          },
-          "id": 29,
-          "options": {
-            "colorMode": "value",
-            "graphMode": "none",
-            "justifyMode": "auto",
-            "orientation": "auto",
-            "reduceOptions": {
-              "calcs": [
-                "last"
-              ],
-              "fields": "",
-              "values": false
+            "collapsed": false,
+            "gridPos": {
+                "h": 1,
+                "w": 24,
+                "x": 0,
+                "y": 0
             },
-            "textMode": "auto"
-          },
-          "pluginVersion": "9.5.5",
-          "targets": [
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "editorMode": "code",
-              "exemplar": false,
-              "expr": "count(kube_pod_container_resource_limits{pod=~\"consul-client-.*\", container=\"consul\", resource=\"memory\"})",
-              "hide": false,
-              "instant": true,
-              "legendFormat": "__auto",
-              "range": false,
-              "refId": "A"
-            }
-          ],
-          "title": "Number of Consul Clients (No data in agentless mode)",
-          "type": "stat"
+            "id": 16,
+            "panels": [],
+            "title": "Cluster Status",
+            "type": "row"
         },
         {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "PBFA97CFB590B2093"
-          },
-          "description": "Must be 1",
-          "fieldConfig": {
-            "defaults": {
-              "color": {
-                "mode": "palette-classic"
-              },
-              "custom": {
-                "axisCenteredZero": false,
-                "axisColorMode": "text",
-                "axisLabel": "",
-                "axisPlacement": "auto",
-                "barAlignment": 0,
-                "drawStyle": "line",
-                "fillOpacity": 0,
-                "gradientMode": "none",
-                "hideFrom": {
-                  "legend": false,
-                  "tooltip": false,
-                  "viz": false
-                },
-                "lineInterpolation": "linear",
-                "lineWidth": 1,
-                "pointSize": 5,
-                "scaleDistribution": {
-                  "type": "linear"
-                },
-                "showPoints": "auto",
-                "spanNulls": false,
-                "stacking": {
-                  "group": "A",
-                  "mode": "none"
-                },
-                "thresholdsStyle": {
-                  "mode": "off"
-                }
-              },
-              "mappings": [],
-              "thresholds": {
-                "mode": "absolute",
-                "steps": [
-                  {
-                    "color": "green",
-                    "value": null
-                  },
-                  {
-                    "color": "red",
-                    "value": 1
-                  }
-                ]
-              }
-            },
-            "overrides": []
-          },
-          "gridPos": {
-            "h": 8,
-            "w": 10,
-            "x": 14,
-            "y": 1
-          },
-          "id": 12,
-          "options": {
-            "legend": {
-              "calcs": [],
-              "displayMode": "list",
-              "placement": "bottom",
-              "showLegend": true
-            },
-            "tooltip": {
-              "mode": "single",
-              "sort": "none"
-            }
-          },
-          "targets": [
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "editorMode": "code",
-              "exemplar": false,
-              "expr": "sum({__name__=~\".+server_isLeader\"})",
-              "instant": false,
-              "legendFormat": "__auto",
-              "range": true,
-              "refId": "A"
-            }
-          ],
-          "title": "Number of Leader (1: Healthy)",
-          "type": "timeseries"
-        },
-        {
-          "collapsed": true,
-          "gridPos": {
-            "h": 1,
-            "w": 24,
-            "x": 0,
-            "y": 9
-          },
-          "id": 40,
-          "panels": [
-            {
-              "datasource": {
+            "datasource": {
                 "type": "prometheus",
                 "uid": "PBFA97CFB590B2093"
-              },
-              "description": "",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 0,
-                "y": 10
-              },
-              "id": 22,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
-                {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "builder",
-                  "expr": "consul_raft_leader_lastContact{quantile=\"0.5\"}",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                },
-                {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "consul_raft_leader_lastContact{quantile=\"0.99\"}",
-                  "hide": false,
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "B"
-                }
-              ],
-              "title": "Raft Leader LastContact 99th and 50th (ms)",
-              "type": "timeseries"
             },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "Use consul.raft.rpc.appendEntries to understand how long it takes a follower node to process newly received Raft logs from the leader. Like consul.raft.commitTime, increases in this metric can indicate higher load on your Consul servers, and come with a risk of stale data. Since this metric is exposed within each follower, you should aggregate it as both an average (to track overall load on your Raft servers) and a percentile (to watch for outlier nodes).",
-              "fieldConfig": {
+            "fieldConfig": {
                 "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
+                    "mappings": [],
+                    "thresholds": {
+                        "mode": "absolute",
+                        "steps": [
+                            {
+                                "color": "green",
+                                "value": null
+                            },
+                            {
+                                "color": "red",
+                                "value": 80
+                            }
+                        ]
+                    },
+                    "unit": "short"
                 },
                 "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 12,
-                "y": 10
-              },
-              "id": 18,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
-                {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "consul_raft_rpc_appendEntries{quantile=\"0.99\"}",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                },
-                {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "consul_raft_rpc_appendEntries{quantile=\"0.5\"}",
-                  "hide": false,
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "B"
-                }
-              ],
-              "title": "Follower Append Entries Latency 99th and 50th (ms)",
-              "type": "timeseries"
             },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
+            "gridPos": {
                 "h": 8,
-                "w": 12,
+                "w": 6,
                 "x": 0,
-                "y": 18
-              },
-              "id": 20,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
-                {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "consul_raft_commitTime{quantile=\"0.99\"}",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                },
-                {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "consul_raft_commitTime{quantile=\"0.5\"}",
-                  "hide": false,
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "B"
-                }
-              ],
-              "title": "Leader Raft Commit Latency 99th and 50th (ms)",
-              "type": "timeseries"
+                "y": 1
             },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 12,
-                "y": 18
-              },
-              "id": 46,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
-                {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_raft_fsm_apply_sum[5m])\n/\nrate(consul_raft_fsm_apply_count[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "Average Raft FSM Apply Latency per 5 minutes (ms)",
-              "type": "timeseries"
+            "id": 10,
+            "options": {
+                "colorMode": "value",
+                "graphMode": "none",
+                "justifyMode": "auto",
+                "orientation": "auto",
+                "reduceOptions": {
+                    "calcs": [
+                        "last"
+                    ],
+                    "fields": "",
+                    "limit": 1,
+                    "values": true
+                },
+                "textMode": "auto"
             },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 0,
-                "y": 26
-              },
-              "id": 47,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
+            "pluginVersion": "9.5.5",
+            "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "sum(rate(consul_raft_apply[5m]))",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "editorMode": "code",
+                    "exemplar": false,
+                    "expr": "consul_consul_server_0_members_servers{pod=\"consul-server-0\"}",
+                    "hide": false,
+                    "instant": true,
+                    "legendFormat": "__auto",
+                    "range": false,
+                    "refId": "A"
                 }
-              ],
-              "title": "Raft Apply Rate per 5 minutes",
-              "type": "timeseries"
-            },
-            {
-              "datasource": {
+            ],
+            "title": "Number of Consul Servers",
+            "type": "stat"
+        },
+        {
+            "datasource": {
                 "type": "prometheus",
                 "uid": "PBFA97CFB590B2093"
-              },
-              "description": "An approximate measurement of the proportion of time the main Raft goroutine is busy and unavailable to accept new work.",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 12,
-                "y": 26
-              },
-              "id": 41,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
-                {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "builder",
-                  "expr": "consul_raft_thread_main_saturation{pod=~\"consul-server-.*\",quantile=\"0.9\"}",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "Raft thread main saturation (percentage)",
-              "type": "timeseries"
             },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "An approximate measurement of the proportion of time the FSM Raft goroutine is busy and unavailable to accept new work.",
-              "fieldConfig": {
+            "description": "No data in agentless mode",
+            "fieldConfig": {
                 "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
+                    "mappings": [],
+                    "thresholds": {
+                        "mode": "absolute",
+                        "steps": [
+                            {
+                                "color": "green",
+                                "value": null
+                            },
+                            {
+                                "color": "red",
+                                "value": 80
+                            }
+                        ]
+                    },
+                    "unit": "short"
                 },
                 "overrides": []
-              },
-              "gridPos": {
+            },
+            "gridPos": {
                 "h": 8,
-                "w": 12,
-                "x": 0,
-                "y": 34
-              },
-              "id": 42,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+                "w": 8,
+                "x": 6,
+                "y": 1
+            },
+            "id": 29,
+            "options": {
+                "colorMode": "value",
+                "graphMode": "none",
+                "justifyMode": "auto",
+                "orientation": "auto",
+                "reduceOptions": {
+                    "calcs": [
+                        "last"
+                    ],
+                    "fields": "",
+                    "values": false
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
+                "textMode": "auto"
+            },
+            "pluginVersion": "9.5.5",
+            "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "builder",
-                  "expr": "consul_raft_thread_fsm_saturation{pod=~\"consul-server-.*\", quantile=\"0.9\"}",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "editorMode": "code",
+                    "exemplar": false,
+                    "expr": "count(kube_pod_container_resource_limits{pod=~\"consul-client-.*\", container=\"consul\", resource=\"memory\"})",
+                    "hide": false,
+                    "instant": true,
+                    "legendFormat": "__auto",
+                    "range": false,
+                    "refId": "A"
                 }
-              ],
-              "title": "Raft thread FSM saturation (percentage)",
-              "type": "timeseries"
-            }
-          ],
-          "title": "Raft",
-          "type": "row"
+            ],
+            "title": "Number of Consul Clients (No data in agentless mode)",
+            "type": "stat"
         },
         {
-          "collapsed": true,
-          "gridPos": {
-            "h": 1,
-            "w": 24,
-            "x": 0,
-            "y": 10
-          },
-          "id": 43,
-          "panels": [
-            {
-              "datasource": {
+            "datasource": {
                 "type": "prometheus",
                 "uid": "PBFA97CFB590B2093"
-              },
-              "description": "Measures the time spent updating the raft store from the serf member information.",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 0,
-                "y": 11
-              },
-              "id": 44,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
-                {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_leader_reconcile_sum{pod=~\"consul-server-.*\"}[5m])\n/ \nrate(consul_leader_reconcile_count{pod=~\"consul-server-.*\"}[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "Average latency of leader reconcile per 5 minutes (ms)",
-              "type": "timeseries"
             },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "Increments whenever a Consul server becomes a leader.",
-              "fieldConfig": {
+            "description": "Must be 1",
+            "fieldConfig": {
                 "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
+                    "color": {
+                        "mode": "palette-classic"
+                    },
+                    "custom": {
+                        "axisCenteredZero": false,
+                        "axisColorMode": "text",
+                        "axisLabel": "",
+                        "axisPlacement": "auto",
+                        "barAlignment": 0,
+                        "drawStyle": "line",
+                        "fillOpacity": 0,
+                        "gradientMode": "none",
+                        "hideFrom": {
+                            "legend": false,
+                            "tooltip": false,
+                            "viz": false
+                        },
+                        "lineInterpolation": "linear",
+                        "lineWidth": 1,
+                        "pointSize": 5,
+                        "scaleDistribution": {
+                            "type": "linear"
+                        },
+                        "showPoints": "auto",
+                        "spanNulls": false,
+                        "stacking": {
+                            "group": "A",
+                            "mode": "none"
+                        },
+                        "thresholdsStyle": {
+                            "mode": "off"
+                        }
+                    },
+                    "mappings": [],
+                    "thresholds": {
+                        "mode": "absolute",
+                        "steps": [
+                            {
+                                "color": "green",
+                                "value": null
+                            },
+                            {
+                                "color": "red",
+                                "value": 1
+                            }
+                        ]
                     }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
                 },
                 "overrides": []
-              },
-              "gridPos": {
+            },
+            "gridPos": {
                 "h": 8,
-                "w": 12,
-                "x": 12,
-                "y": 11
-              },
-              "id": 45,
-              "options": {
+                "w": 10,
+                "x": 14,
+                "y": 1
+            },
+            "id": 12,
+            "options": {
                 "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+                    "calcs": [],
+                    "displayMode": "list",
+                    "placement": "bottom",
+                    "showLegend": true
                 },
                 "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
+                    "mode": "single",
+                    "sort": "none"
                 }
-              },
-              "targets": [
+            },
+            "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "sum(consul_raft_state_leader{pod=~\"consul-server-.*\"})",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "editorMode": "code",
+                    "exemplar": false,
+                    "expr": "sum({__name__=~\".+server_isLeader\"})",
+                    "instant": false,
+                    "legendFormat": "__auto",
+                    "range": true,
+                    "refId": "A"
                 }
-              ],
-              "title": "Count of a new leader elected [so far] (increasing only)",
-              "type": "timeseries"
-            }
-          ],
-          "title": "Leadership Changes",
-          "type": "row"
+            ],
+            "title": "Number of Leader (1: Healthy)",
+            "type": "timeseries"
         },
         {
-          "collapsed": true,
-          "gridPos": {
-            "h": 1,
-            "w": 24,
-            "x": 0,
-            "y": 11
-          },
-          "id": 14,
-          "panels": [
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 15,
+            "collapsed": true,
+            "gridPos": {
+                "h": 1,
+                "w": 24,
                 "x": 0,
-                "y": 12
-              },
-              "id": 6,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
+                "y": 9
+            },
+            "id": 40,
+            "panels": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "builder",
-                  "expr": "rate(container_cpu_usage_seconds_total{container=\"consul\", pod=~\"consul-server-.*\"}[5m])",
-                  "hide": false,
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 0,
+                        "y": 10
+                    },
+                    "id": 22,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "builder",
+                            "expr": "consul_raft_leader_lastContact{quantile=\"0.5\"}",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        },
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "consul_raft_leader_lastContact{quantile=\"0.99\"}",
+                            "hide": false,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "B"
+                        }
+                    ],
+                    "title": "Raft Leader LastContact 99th and 50th (ms)",
+                    "type": "timeseries"
                 },
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "builder",
-                  "expr": "kube_pod_container_resource_limits{resource=\"cpu\", container=\"consul\"}",
-                  "hide": true,
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "B"
-                }
-              ],
-              "title": "CPU Usage in Seconds (Consul servers)",
-              "type": "timeseries"
-            },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "All consul servers have the same limit",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "thresholds"
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 9,
-                "x": 15,
-                "y": 12
-              },
-              "id": 4,
-              "options": {
-                "orientation": "auto",
-                "reduceOptions": {
-                  "calcs": [
-                    "lastNotNull"
-                  ],
-                  "fields": "",
-                  "values": false
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "Use consul.raft.rpc.appendEntries to understand how long it takes a follower node to process newly received Raft logs from the leader. Like consul.raft.commitTime, increases in this metric can indicate higher load on your Consul servers, and come with a risk of stale data. Since this metric is exposed within each follower, you should aggregate it as both an average (to track overall load on your Raft servers) and a percentile (to watch for outlier nodes).",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 12,
+                        "y": 10
+                    },
+                    "id": 18,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "consul_raft_rpc_appendEntries{quantile=\"0.99\"}",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        },
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "consul_raft_rpc_appendEntries{quantile=\"0.5\"}",
+                            "hide": false,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "B"
+                        }
+                    ],
+                    "title": "Follower Append Entries Latency 99th and 50th (ms)",
+                    "type": "timeseries"
                 },
-                "showThresholdLabels": false,
-                "showThresholdMarkers": true
-              },
-              "pluginVersion": "9.5.5",
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "builder",
-                  "exemplar": false,
-                  "expr": "kube_pod_container_resource_limits{resource=\"cpu\", pod=\"consul-server-0\"}",
-                  "instant": true,
-                  "legendFormat": "__auto",
-                  "range": false,
-                  "refId": "A"
-                }
-              ],
-              "title": "CPU Limit in Seconds (Consul Servers)",
-              "type": "gauge"
-            },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  },
-                  "unit": "bytes"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 0,
+                        "y": 18
+                    },
+                    "id": 20,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "consul_raft_commitTime{quantile=\"0.99\"}",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        },
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "consul_raft_commitTime{quantile=\"0.5\"}",
+                            "hide": false,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "B"
+                        }
+                    ],
+                    "title": "Leader Raft Commit Latency 99th and 50th (ms)",
+                    "type": "timeseries"
                 },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 15,
-                "x": 0,
-                "y": 20
-              },
-              "id": 2,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "builder",
-                  "expr": "container_memory_working_set_bytes{container=\"consul\", pod=~\"consul-server-.*\"}",
-                  "hide": false,
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "Memory Usage (Consul servers)",
-              "type": "timeseries"
-            },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "All consul servers have the same limit",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "continuous-BlYlRd"
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  },
-                  "unit": "bytes"
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 9,
-                "x": 15,
-                "y": 20
-              },
-              "id": 8,
-              "options": {
-                "orientation": "auto",
-                "reduceOptions": {
-                  "calcs": [
-                    "lastNotNull"
-                  ],
-                  "fields": "",
-                  "values": false
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 12,
+                        "y": 18
+                    },
+                    "id": 46,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_raft_fsm_apply_sum[5m])\n/\nrate(consul_raft_fsm_apply_count[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Average Raft FSM Apply Latency per 5 minutes (ms)",
+                    "type": "timeseries"
                 },
-                "showThresholdLabels": false,
-                "showThresholdMarkers": true
-              },
-              "pluginVersion": "9.5.5",
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "exemplar": false,
-                  "expr": "kube_pod_container_resource_limits{resource=\"memory\", pod=\"consul-server-0\"}",
-                  "instant": true,
-                  "legendFormat": "__auto",
-                  "range": false,
-                  "refId": "A"
-                }
-              ],
-              "title": "Memory Limit (Consul Servers)",
-              "type": "gauge"
-            },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  },
-                  "unit": "bytes"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 0,
+                        "y": 26
+                    },
+                    "id": 47,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "sum(rate(consul_raft_apply[5m]))",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Raft Apply Rate per 5 minutes",
+                    "type": "timeseries"
                 },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 15,
-                "x": 0,
-                "y": 28
-              },
-              "id": 48,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "An approximate measurement of the proportion of time the main Raft goroutine is busy and unavailable to accept new work.",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 12,
+                        "y": 26
+                    },
+                    "id": 41,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "builder",
+                            "expr": "consul_raft_thread_main_saturation{pod=~\"consul-server-.*\",quantile=\"0.9\"}",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Raft thread main saturation (percentage)",
+                    "type": "timeseries"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "sum(rate(container_network_receive_bytes_total{pod=~\"consul-server-.*\"}[5m])) by (pod)",
-                  "hide": false,
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "An approximate measurement of the proportion of time the FSM Raft goroutine is busy and unavailable to accept new work.",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 0,
+                        "y": 34
+                    },
+                    "id": 42,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "builder",
+                            "expr": "consul_raft_thread_fsm_saturation{pod=~\"consul-server-.*\", quantile=\"0.9\"}",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Raft thread FSM saturation (percentage)",
+                    "type": "timeseries"
                 }
-              ],
-              "title": "Received bytes total per 5 minutes (Consul servers)",
-              "type": "timeseries"
-            }
-          ],
-          "title": "Resource Utilization (Consul Servers)",
-          "type": "row"
+            ],
+            "title": "Raft",
+            "type": "row"
         },
         {
-          "collapsed": true,
-          "gridPos": {
-            "h": 1,
-            "w": 24,
-            "x": 0,
-            "y": 12
-          },
-          "id": 24,
-          "panels": [
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 15,
+            "collapsed": true,
+            "gridPos": {
+                "h": 1,
+                "w": 24,
                 "x": 0,
-                "y": 13
-              },
-              "id": 26,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
+                "y": 10
+            },
+            "id": 43,
+            "panels": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(container_cpu_usage_seconds_total{container=\"consul\", pod=~\"consul-client-.*\"}[5m])",
-                  "hide": false,
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "Measures the time spent updating the raft store from the serf member information.",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 0,
+                        "y": 11
+                    },
+                    "id": 44,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_leader_reconcile_sum{pod=~\"consul-server-.*\"}[5m])\n/ \nrate(consul_leader_reconcile_count{pod=~\"consul-server-.*\"}[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Average latency of leader reconcile per 5 minutes (ms)",
+                    "type": "timeseries"
                 },
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "builder",
-                  "expr": "kube_pod_container_resource_limits{resource=\"cpu\", container=\"consul\"}",
-                  "hide": true,
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "B"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "Increments whenever a Consul server becomes a leader.",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 12,
+                        "y": 11
+                    },
+                    "id": 45,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "sum(consul_raft_state_leader{pod=~\"consul-server-.*\"})",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Count of a new leader elected [so far] (increasing only)",
+                    "type": "timeseries"
                 }
-              ],
-              "title": "CPU Usage in Seconds (Consul Clients)",
-              "type": "timeseries"
+            ],
+            "title": "Leadership Changes",
+            "type": "row"
+        },
+        {
+            "collapsed": true,
+            "gridPos": {
+                "h": 1,
+                "w": 24,
+                "x": 0,
+                "y": 11
             },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "All consul clients have the same limit",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "thresholds"
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 9,
-                "x": 15,
-                "y": 13
-              },
-              "id": 28,
-              "options": {
-                "orientation": "auto",
-                "reduceOptions": {
-                  "calcs": [
-                    "lastNotNull"
-                  ],
-                  "fields": "",
-                  "values": false
-                },
-                "showThresholdLabels": false,
-                "showThresholdMarkers": true
-              },
-              "pluginVersion": "9.5.5",
-              "targets": [
+            "id": 14,
+            "panels": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "exemplar": false,
-                  "expr": "max(kube_pod_container_resource_limits{resource=\"cpu\", pod=~\"consul-client-.*\"})",
-                  "instant": true,
-                  "legendFormat": "__auto",
-                  "range": false,
-                  "refId": "A"
-                }
-              ],
-              "title": "CPU Limit in Seconds (Consul Clients)",
-              "type": "gauge"
-            },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  },
-                  "unit": "bytes"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 15,
+                        "x": 0,
+                        "y": 12
+                    },
+                    "id": 6,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "builder",
+                            "expr": "rate(container_cpu_usage_seconds_total{container=\"consul\", pod=~\"consul-server-.*\"}[5m])",
+                            "hide": false,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        },
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "builder",
+                            "expr": "kube_pod_container_resource_limits{resource=\"cpu\", container=\"consul\"}",
+                            "hide": true,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "B"
+                        }
+                    ],
+                    "title": "CPU Usage in Seconds (Consul servers)",
+                    "type": "timeseries"
                 },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 15,
-                "x": 0,
-                "y": 21
-              },
-              "id": 23,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "All consul servers have the same limit",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "thresholds"
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 9,
+                        "x": 15,
+                        "y": 12
+                    },
+                    "id": 4,
+                    "options": {
+                        "orientation": "auto",
+                        "reduceOptions": {
+                            "calcs": [
+                                "lastNotNull"
+                            ],
+                            "fields": "",
+                            "values": false
+                        },
+                        "showThresholdLabels": false,
+                        "showThresholdMarkers": true
+                    },
+                    "pluginVersion": "9.5.5",
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "builder",
+                            "exemplar": false,
+                            "expr": "kube_pod_container_resource_limits{resource=\"cpu\", pod=\"consul-server-0\"}",
+                            "instant": true,
+                            "legendFormat": "__auto",
+                            "range": false,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "CPU Limit in Seconds (Consul Servers)",
+                    "type": "gauge"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "container_memory_working_set_bytes{container=\"consul\", pod=~\"consul-client-.*\"}",
-                  "hide": false,
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "Memory Usage (Consul clients)",
-              "type": "timeseries"
-            },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "All consul servers have the same limit",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "continuous-BlYlRd"
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  },
-                  "unit": "bytes"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            },
+                            "unit": "bytes"
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 15,
+                        "x": 0,
+                        "y": 20
+                    },
+                    "id": 2,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "builder",
+                            "expr": "container_memory_working_set_bytes{container=\"consul\", pod=~\"consul-server-.*\"}",
+                            "hide": false,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Memory Usage (Consul servers)",
+                    "type": "timeseries"
                 },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 9,
-                "x": 15,
-                "y": 21
-              },
-              "id": 25,
-              "options": {
-                "orientation": "auto",
-                "reduceOptions": {
-                  "calcs": [
-                    "lastNotNull"
-                  ],
-                  "fields": "",
-                  "values": false
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "All consul servers have the same limit",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "continuous-BlYlRd"
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            },
+                            "unit": "bytes"
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 9,
+                        "x": 15,
+                        "y": 20
+                    },
+                    "id": 8,
+                    "options": {
+                        "orientation": "auto",
+                        "reduceOptions": {
+                            "calcs": [
+                                "lastNotNull"
+                            ],
+                            "fields": "",
+                            "values": false
+                        },
+                        "showThresholdLabels": false,
+                        "showThresholdMarkers": true
+                    },
+                    "pluginVersion": "9.5.5",
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "exemplar": false,
+                            "expr": "kube_pod_container_resource_limits{resource=\"memory\", pod=\"consul-server-0\"}",
+                            "instant": true,
+                            "legendFormat": "__auto",
+                            "range": false,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Memory Limit (Consul Servers)",
+                    "type": "gauge"
                 },
-                "showThresholdLabels": false,
-                "showThresholdMarkers": true
-              },
-              "pluginVersion": "9.5.5",
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "exemplar": false,
-                  "expr": "max(kube_pod_container_resource_limits{resource=\"memory\", pod=~\"consul-client-.*\"})",
-                  "instant": true,
-                  "legendFormat": "__auto",
-                  "range": false,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            },
+                            "unit": "bytes"
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 15,
+                        "x": 0,
+                        "y": 28
+                    },
+                    "id": 48,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "sum(rate(container_network_receive_bytes_total{pod=~\"consul-server-.*\"}[5m])) by (pod)",
+                            "hide": false,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Received bytes total per 5 minutes (Consul servers)",
+                    "type": "timeseries"
                 }
-              ],
-              "title": "Memory Limit (Consul Clients)",
-              "type": "gauge"
-            }
-          ],
-          "title": "Resource Utilization (Consul Clients) - N/A in agentless mode",
-          "type": "row"
+            ],
+            "title": "Resource Utilization (Consul Servers)",
+            "type": "row"
         },
         {
-          "collapsed": true,
-          "gridPos": {
-            "h": 1,
-            "w": 24,
-            "x": 0,
-            "y": 13
-          },
-          "id": 33,
-          "panels": [
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
+            "collapsed": true,
+            "gridPos": {
+                "h": 1,
+                "w": 24,
                 "x": 0,
-                "y": 14
-              },
-              "id": 37,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
-                {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_client_rpc{namespace=\"consul\"}[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "Rate of RPC requests per 5 minutes - client side ",
-              "type": "timeseries"
+                "y": 12
             },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "Increments when a server accepts an RPC connection.",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 12,
-                "y": 14
-              },
-              "id": 36,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+            "id": 24,
+            "panels": [
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 15,
+                        "x": 0,
+                        "y": 13
+                    },
+                    "id": 26,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(container_cpu_usage_seconds_total{container=\"consul\", pod=~\"consul-client-.*\"}[5m])",
+                            "hide": false,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        },
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "builder",
+                            "expr": "kube_pod_container_resource_limits{resource=\"cpu\", container=\"consul\"}",
+                            "hide": true,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "B"
+                        }
+                    ],
+                    "title": "CPU Usage in Seconds (Consul Clients)",
+                    "type": "timeseries"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_rpc_accept_conn{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "RPC Accept Connection Count Rate per 5 minutes - server side",
-              "type": "timeseries"
-            },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails.",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "All consul clients have the same limit",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "thresholds"
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 9,
+                        "x": 15,
+                        "y": 13
+                    },
+                    "id": 28,
+                    "options": {
+                        "orientation": "auto",
+                        "reduceOptions": {
+                            "calcs": [
+                                "lastNotNull"
+                            ],
+                            "fields": "",
+                            "values": false
+                        },
+                        "showThresholdLabels": false,
+                        "showThresholdMarkers": true
+                    },
+                    "pluginVersion": "9.5.5",
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "exemplar": false,
+                            "expr": "max(kube_pod_container_resource_limits{resource=\"cpu\", pod=~\"consul-client-.*\"})",
+                            "instant": true,
+                            "legendFormat": "__auto",
+                            "range": false,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "CPU Limit in Seconds (Consul Clients)",
+                    "type": "gauge"
                 },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 0,
-                "y": 22
-              },
-              "id": 39,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            },
+                            "unit": "bytes"
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 15,
+                        "x": 0,
+                        "y": 21
+                    },
+                    "id": 23,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "container_memory_working_set_bytes{container=\"consul\", pod=~\"consul-client-.*\"}",
+                            "hide": false,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Memory Usage (Consul clients)",
+                    "type": "timeseries"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_client_rpc_failed{namespace=\"consul\"}[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "All consul servers have the same limit",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "continuous-BlYlRd"
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            },
+                            "unit": "bytes"
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 9,
+                        "x": 15,
+                        "y": 21
+                    },
+                    "id": 25,
+                    "options": {
+                        "orientation": "auto",
+                        "reduceOptions": {
+                            "calcs": [
+                                "lastNotNull"
+                            ],
+                            "fields": "",
+                            "values": false
+                        },
+                        "showThresholdLabels": false,
+                        "showThresholdMarkers": true
+                    },
+                    "pluginVersion": "9.5.5",
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "exemplar": false,
+                            "expr": "max(kube_pod_container_resource_limits{resource=\"memory\", pod=~\"consul-client-.*\"})",
+                            "instant": true,
+                            "legendFormat": "__auto",
+                            "range": false,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Memory Limit (Consul Clients)",
+                    "type": "gauge"
                 }
-              ],
-              "title": "Rate of Failed RPC requests per 5 minutes - client side ",
-              "type": "timeseries"
+            ],
+            "title": "Resource Utilization (Consul Clients) - N/A in agentless mode",
+            "type": "row"
+        },
+        {
+            "collapsed": true,
+            "gridPos": {
+                "h": 1,
+                "w": 24,
+                "x": 0,
+                "y": 13
             },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "Increments when a server receives a Consul-related RPC request.",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 12,
-                "y": 22
-              },
-              "id": 32,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+            "id": 54,
+            "panels": [
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 15,
+                        "x": 0,
+                        "y": 17
+                    },
+                    "id": 55,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(container_cpu_usage_seconds_total{pod=~\".*-connect-injector-.*\",container=\"sidecar-injector\"}[5m])",
+                            "hide": false,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        },
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "builder",
+                            "expr": "kube_pod_container_resource_limits{resource=\"cpu\", container=\"consul\"}",
+                            "hide": true,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "B"
+                        }
+                    ],
+                    "title": "CPU Usage in Seconds (Connect Injector)",
+                    "type": "timeseries"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_rpc_request{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "Rate of RPC requests per 5 minutes - server side",
-              "type": "timeseries"
-            },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's limits configuration.",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "All consul servers have the same limit",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "thresholds"
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 9,
+                        "x": 15,
+                        "y": 17
+                    },
+                    "id": 56,
+                    "options": {
+                        "orientation": "auto",
+                        "reduceOptions": {
+                            "calcs": [
+                                "lastNotNull"
+                            ],
+                            "fields": "",
+                            "values": false
+                        },
+                        "showThresholdLabels": false,
+                        "showThresholdMarkers": true
+                    },
+                    "pluginVersion": "9.5.5",
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "exemplar": false,
+                            "expr": "max(kube_pod_container_resource_limits{resource=\"cpu\", container=\"sidecar-injector\"})",
+                            "instant": true,
+                            "legendFormat": "__auto",
+                            "range": false,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "CPU Limit in Seconds (Connect Injector)",
+                    "type": "gauge"
                 },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 0,
-                "y": 30
-              },
-              "id": 38,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            },
+                            "unit": "bytes"
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 15,
+                        "x": 0,
+                        "y": 25
+                    },
+                    "id": 59,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "container_memory_working_set_bytes{pod=~\".*-connect-injector-.*\",container=\"sidecar-injector\"}",
+                            "hide": false,
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Memory Usage (Connect Injector)",
+                    "type": "timeseries"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_client_rpc_exceeded{namespace=\"consul\"}[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "All consul servers have the same limit",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "continuous-BlYlRd"
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            },
+                            "unit": "bytes"
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 9,
+                        "x": 15,
+                        "y": 25
+                    },
+                    "id": 58,
+                    "options": {
+                        "orientation": "auto",
+                        "reduceOptions": {
+                            "calcs": [
+                                "lastNotNull"
+                            ],
+                            "fields": "",
+                            "values": false
+                        },
+                        "showThresholdLabels": false,
+                        "showThresholdMarkers": true
+                    },
+                    "pluginVersion": "9.5.5",
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "exemplar": false,
+                            "expr": "max(kube_pod_container_resource_limits{resource=\"memory\", container=\"sidecar-injector\"})",
+                            "instant": true,
+                            "legendFormat": "__auto",
+                            "range": false,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Memory Limit (Connect Injector)",
+                    "type": "gauge"
                 }
-              ],
-              "title": "Rate of Exceeded RPC requests per 5 minutes - client side ",
-              "type": "timeseries"
+            ],
+            "title": "Resource Utilization (Connect Injector)",
+            "type": "row"
+        },
+        {
+            "collapsed": true,
+            "gridPos": {
+                "h": 1,
+                "w": 24,
+                "x": 0,
+                "y": 14
             },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "Increments when a server returns an error from an RPC request.",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green"
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 12,
-                "y": 30
-              },
-              "id": 35,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+            "id": 30,
+            "panels": [
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 0,
+                        "y": 15
+                    },
+                    "id": 31,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "sum(rate(consul_catalog_register_count{pod=~\"consul-server-.*\"}[5m]))",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Catalog Register Count per 5 minutes",
+                    "type": "timeseries"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_rpc_request_error{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 12,
+                        "y": 15
+                    },
+                    "id": 34,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_catalog_register_sum{pod=~\"consul-server-.*\"}[5m])\n/\nrate(consul_catalog_register_count{pod=~\"consul-server-.*\"}[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Average latency of catalog register per 5 minutes (ms)",
+                    "type": "timeseries"
                 }
-              ],
-              "title": "Error rate of RPC requests per 5 minutes - server side",
-              "type": "timeseries"
-            }
-          ],
-          "title": "RPC",
-          "type": "row"
+            ],
+            "title": "Feature: Catalog",
+            "type": "row"
         },
         {
-          "collapsed": true,
-          "gridPos": {
-            "h": 1,
-            "w": 24,
-            "x": 0,
-            "y": 14
-          },
-          "id": 30,
-          "panels": [
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
+            "collapsed": true,
+            "gridPos": {
+                "h": 1,
+                "w": 24,
                 "x": 0,
                 "y": 15
-              },
-              "id": 31,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+            },
+            "id": 49,
+            "panels": [
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 0,
+                        "y": 16
+                    },
+                    "id": 50,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "sum(rate(consul_acl_ResolveToken_count{pod=~\"consul-server-.*\"}[5m]))",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "ACL Token Resolve Count per 5 minutes",
+                    "type": "timeseries"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "sum(rate(consul_catalog_register_count{pod=~\"consul-server-.*\"}[5m]))",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "Catalog Register Count per 5 minutes",
-              "type": "timeseries"
-            },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 12,
+                        "y": 16
+                    },
+                    "id": 51,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_acl_ResolveToken_sum{pod=~\"consul-server-.*\"}[5m])/rate(consul_acl_ResolveToken_count{pod=~\"consul-server-.*\"}[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Average latency of resolving ACL token per 5 minutes (ms)",
+                    "type": "timeseries"
                 },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 12,
-                "y": 15
-              },
-              "id": 34,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 0,
+                        "y": 24
+                    },
+                    "id": 52,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_acl_token_cache_hit{pod=~\"consul-server-.*\"}[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Rate of ACL token cache hit per 5 minutes",
+                    "type": "timeseries"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_catalog_register_sum{pod=~\"consul-server-.*\"}[5m])\n/\nrate(consul_catalog_register_count{pod=~\"consul-server-.*\"}[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green"
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 12,
+                        "y": 24
+                    },
+                    "id": 53,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_acl_token_cache_miss{pod=~\"consul-server-.*\"}[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Rate of ACL token cache miss per 5 minutes",
+                    "type": "timeseries"
                 }
-              ],
-              "title": "Average latency of catalog register per 5 minutes (ms)",
-              "type": "timeseries"
-            }
-          ],
-          "title": "Feature: Catalog",
-          "type": "row"
+            ],
+            "title": "ACL",
+            "type": "row"
         },
         {
-          "collapsed": true,
-          "gridPos": {
-            "h": 1,
-            "w": 24,
-            "x": 0,
-            "y": 15
-          },
-          "id": 49,
-          "panels": [
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
+            "collapsed": true,
+            "gridPos": {
+                "h": 1,
+                "w": 24,
                 "x": 0,
                 "y": 16
-              },
-              "id": 50,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
-                },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
-                {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "sum(rate(consul_acl_ResolveToken_count{pod=~\"consul-server-.*\"}[5m]))",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "ACL Token Resolve Count per 5 minutes",
-              "type": "timeseries"
             },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 12,
-                "y": 16
-              },
-              "id": 51,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+            "id": 33,
+            "panels": [
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 0,
+                        "y": 14
+                    },
+                    "id": 37,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_client_rpc{namespace=\"consul\"}[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Rate of RPC requests per 5 minutes - client side ",
+                    "type": "timeseries"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_acl_ResolveToken_sum{pod=~\"consul-server-.*\"}[5m])/rate(consul_acl_ResolveToken_count{pod=~\"consul-server-.*\"}[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "Average latency of resolving ACL token per 5 minutes (ms)",
-              "type": "timeseries"
-            },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "Increments when a server accepts an RPC connection.",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 12,
+                        "y": 14
+                    },
+                    "id": 36,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_rpc_accept_conn{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "RPC Accept Connection Count Rate per 5 minutes - server side",
+                    "type": "timeseries"
                 },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 0,
-                "y": 24
-              },
-              "id": 52,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails.",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 0,
+                        "y": 22
+                    },
+                    "id": 39,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_client_rpc_failed{namespace=\"consul\"}[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Rate of Failed RPC requests per 5 minutes - client side ",
+                    "type": "timeseries"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_acl_token_cache_hit{pod=~\"consul-server-.*\"}[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
-                }
-              ],
-              "title": "Rate of ACL token cache hit per 5 minutes",
-              "type": "timeseries"
-            },
-            {
-              "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-              },
-              "description": "",
-              "fieldConfig": {
-                "defaults": {
-                  "color": {
-                    "mode": "palette-classic"
-                  },
-                  "custom": {
-                    "axisCenteredZero": false,
-                    "axisColorMode": "text",
-                    "axisLabel": "",
-                    "axisPlacement": "auto",
-                    "barAlignment": 0,
-                    "drawStyle": "line",
-                    "fillOpacity": 0,
-                    "gradientMode": "none",
-                    "hideFrom": {
-                      "legend": false,
-                      "tooltip": false,
-                      "viz": false
-                    },
-                    "lineInterpolation": "linear",
-                    "lineWidth": 1,
-                    "pointSize": 5,
-                    "scaleDistribution": {
-                      "type": "linear"
-                    },
-                    "showPoints": "auto",
-                    "spanNulls": false,
-                    "stacking": {
-                      "group": "A",
-                      "mode": "none"
-                    },
-                    "thresholdsStyle": {
-                      "mode": "off"
-                    }
-                  },
-                  "mappings": [],
-                  "thresholds": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "Increments when a server receives a Consul-related RPC request.",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 12,
+                        "y": 22
+                    },
+                    "id": 32,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_rpc_request{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Rate of RPC requests per 5 minutes - server side",
+                    "type": "timeseries"
                 },
-                "overrides": []
-              },
-              "gridPos": {
-                "h": 8,
-                "w": 12,
-                "x": 12,
-                "y": 24
-              },
-              "id": 53,
-              "options": {
-                "legend": {
-                  "calcs": [],
-                  "displayMode": "list",
-                  "placement": "bottom",
-                  "showLegend": true
+                {
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's limits configuration.",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 0,
+                        "y": 30
+                    },
+                    "id": 38,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_client_rpc_exceeded{namespace=\"consul\"}[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Rate of Exceeded RPC requests per 5 minutes - client side ",
+                    "type": "timeseries"
                 },
-                "tooltip": {
-                  "mode": "single",
-                  "sort": "none"
-                }
-              },
-              "targets": [
                 {
-                  "datasource": {
-                    "type": "prometheus",
-                    "uid": "PBFA97CFB590B2093"
-                  },
-                  "editorMode": "code",
-                  "expr": "rate(consul_acl_token_cache_miss{pod=~\"consul-server-.*\"}[5m])",
-                  "legendFormat": "__auto",
-                  "range": true,
-                  "refId": "A"
+                    "datasource": {
+                        "type": "prometheus",
+                        "uid": "PBFA97CFB590B2093"
+                    },
+                    "description": "Increments when a server returns an error from an RPC request.",
+                    "fieldConfig": {
+                        "defaults": {
+                            "color": {
+                                "mode": "palette-classic"
+                            },
+                            "custom": {
+                                "axisCenteredZero": false,
+                                "axisColorMode": "text",
+                                "axisLabel": "",
+                                "axisPlacement": "auto",
+                                "barAlignment": 0,
+                                "drawStyle": "line",
+                                "fillOpacity": 0,
+                                "gradientMode": "none",
+                                "hideFrom": {
+                                    "legend": false,
+                                    "tooltip": false,
+                                    "viz": false
+                                },
+                                "lineInterpolation": "linear",
+                                "lineWidth": 1,
+                                "pointSize": 5,
+                                "scaleDistribution": {
+                                    "type": "linear"
+                                },
+                                "showPoints": "auto",
+                                "spanNulls": false,
+                                "stacking": {
+                                    "group": "A",
+                                    "mode": "none"
+                                },
+                                "thresholdsStyle": {
+                                    "mode": "off"
+                                }
+                            },
+                            "mappings": [],
+                            "thresholds": {
+                                "mode": "absolute",
+                                "steps": [
+                                    {
+                                        "color": "green",
+                                        "value": null
+                                    },
+                                    {
+                                        "color": "red",
+                                        "value": 80
+                                    }
+                                ]
+                            }
+                        },
+                        "overrides": []
+                    },
+                    "gridPos": {
+                        "h": 8,
+                        "w": 12,
+                        "x": 12,
+                        "y": 30
+                    },
+                    "id": 35,
+                    "options": {
+                        "legend": {
+                            "calcs": [],
+                            "displayMode": "list",
+                            "placement": "bottom",
+                            "showLegend": true
+                        },
+                        "tooltip": {
+                            "mode": "single",
+                            "sort": "none"
+                        }
+                    },
+                    "targets": [
+                        {
+                            "datasource": {
+                                "type": "prometheus",
+                                "uid": "PBFA97CFB590B2093"
+                            },
+                            "editorMode": "code",
+                            "expr": "rate(consul_rpc_request_error{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
+                            "legendFormat": "__auto",
+                            "range": true,
+                            "refId": "A"
+                        }
+                    ],
+                    "title": "Error rate of RPC requests per 5 minutes - server side",
+                    "type": "timeseries"
                 }
-              ],
-              "title": "Rate of ACL token cache miss per 5 minutes",
-              "type": "timeseries"
-            }
-          ],
-          "title": "ACL",
-          "type": "row"
+            ],
+            "title": "RPC",
+            "type": "row"
         }
-      ],
-      "refresh": "5s",
-      "revision": 1,
-      "schemaVersion": 38,
-      "style": "dark",
-      "tags": [],
-      "templating": {
+    ],
+    "refresh": "30s",
+    "revision": 1,
+    "schemaVersion": 38,
+    "style": "dark",
+    "tags": [],
+    "templating": {
         "list": []
-      },
-      "time": {
+    },
+    "time": {
         "from": "now-30m",
         "to": "now"
-      },
-      "timepicker": {},
-      "timezone": "",
-      "title": "Consul K8s monitoring (control plane)",
-      "weekStart": ""
-    }
\ No newline at end of file
+    },
+    "timepicker": {},
+    "timezone": "",
+    "title": "Consul K8s monitoring (control plane)",
+    "version": 2,
+    "weekStart": ""
+}
\ No newline at end of file

From 9a82df27ba7112fe9920e633520b317c0b98c5a3 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Mon, 24 Jul 2023 14:30:45 -0400
Subject: [PATCH 216/359] [NET-3700] Backfill changelog entry for c2bbe67 and
 7402d06 (#18259)

Backfill changelog entry for c2bbe67 and 7402d06

Add a changelog entry for the follow-up PR since it was specific to the
fix and references the original change.
---
 .changelog/18184.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/18184.txt

diff --git a/.changelog/18184.txt b/.changelog/18184.txt
new file mode 100644
index 000000000000..594546ca3259
--- /dev/null
+++ b/.changelog/18184.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+api: Fix client deserialization errors by marking new Enterprise-only prepared query fields as omit empty
+```

From 319a2239d3545c34bc8bccad64ef25e078e0a665 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Mon, 24 Jul 2023 15:27:19 -0600
Subject: [PATCH 217/359] NET-4897 - update comment to include the current
 issue url from the go team. (#18263)

---
 api/api.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/api/api.go b/api/api.go
index 18bb3479c9be..f62c0c5a1bf0 100644
--- a/api/api.go
+++ b/api/api.go
@@ -1005,8 +1005,10 @@ func (r *request) toHTTP() (*http.Request, error) {
 	// this is required since go started validating req.host in 1.20.6 and 1.19.11.
 	// prior to that they would strip out the slashes for you.  They removed that
 	// behavior and added more strict validation as part of a CVE.
-	// https://github.com/golang/go/issues/60374
-	// the hope is that
+	// This issue is being tracked by the Go team:
+	// https://github.com/golang/go/issues/61431
+	// If there is a resolution in this issue, we will remove this code.
+	// In the time being, this is the accepted workaround.
 	if strings.HasPrefix(r.url.Host, "/") {
 		r.url.Host = "localhost"
 	}

From 090e869a555199ad12e78bd683f46714f32be5dd Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Mon, 24 Jul 2023 16:37:00 -0700
Subject: [PATCH 218/359] fix typos, style, and improper links (#18269)

---
 .../license/utilization-reporting.mdx         | 39 +++++++++++--------
 1 file changed, 23 insertions(+), 16 deletions(-)

diff --git a/website/content/docs/enterprise/license/utilization-reporting.mdx b/website/content/docs/enterprise/license/utilization-reporting.mdx
index bd751581d0a4..444b5733cee0 100644
--- a/website/content/docs/enterprise/license/utilization-reporting.mdx
+++ b/website/content/docs/enterprise/license/utilization-reporting.mdx
@@ -6,9 +6,26 @@ description: >-
 
 # Automated license utilization reporting
 
-Automated license utilization reporting sends license utilization data to HashiCorp without requiring you to manually collect and report them. It also enables you to review your license usage with the monitoring solution you already use, such as Splunk and Datadog, as you optimize and manage your deployments. You can use these reports to understand how much more you can deploy under your current contract, which can help you protect against overutilization and budget for predicted consumption.  
+This topic describes how to enable automated license utilization reporting in Consul Enterprise. This feature automatically sends license utilization data to HashiCorp so that you do not have to manually collect and report it. It also enables you to review your license usage with the monitoring solution you already use, such as Splunk and Datadog, as you optimize and manage your deployments.
 
-Automated reporting shares the minimum data required to validate license utilization as defined in our contracts. This data mostly consists of computed metrics, and it will never contain Personal Identifiable Information (PII) or other sensitive information. Automated reporting shares the data with HashiCorp using a secure unidirectional HTTPS API and makes an auditable record in the product logs each time it submits a report. This process is GDPR compliant.
+## Introduction
+
+You can use automated license utilization report to understand how much additional networking infrastructure you can deploy under your current contract. This feature helps you protect against overutilization and budget for predicted consumption.
+
+Automated reporting shares the minimum data required to validate license utilization as defined in our contracts. This data mostly consists of computed metrics, and it will never contain Personal Identifiable Information (PII) or other sensitive information. Automated reporting shares the data with HashiCorp using a secure unidirectional HTTPS API and makes an auditable record in the product logs each time it submits a report. This process is GDPR-compliant.
+
+## Requirements
+
+Automated license utilization reporting does not support _air-gapped installations_, which are systems with no network interfaces.
+
+The following versions of Consul Enterprise support automated license utilization reporting:
+
+- Consul Enterprise v1.16.0 and newer.
+- Patch releases of Consul Enterprise v1.15.4 and newer.
+- Patch releases of Consul Enterprise v1.14.8 and newer.
+- Patch releases of Consul Enterprise v1.13.9 and newer.
+
+Download a supported release from the [Consul Versions](https://releases.hashicorp.com/consul/) page.
 
 ## Enable automated reporting
 
@@ -17,27 +34,17 @@ Before you enable automated reporting, make sure that outbound network traffic i
 To enable automated reporting, complete the following steps:
 
 1. [Allow outbound HTTPS traffic on port 443](#allow-outbound-https-traffic)
-1. Upgrade to Consul Enterprise v1.16.0 or newer (#upgrade-to-consul-enterprise)
-1. Check product logs(#check-product-logs)
+1. [Check product logs](#check-product-logs)
 
 ### Allow outbound HTTPS traffic on port 443
 
-Make sure that your network allows HTTPS egress on port 443 from `https://reporting.hashicorp.services` by allow-listing the following IP addresses:
+Make sure that your network allows HTTPS egress on port 443 from `https://reporting.hashicorp.services` by adding the following IP adddresses to your allow-list:
 
 - `100.20.70.12`
 - `35.166.5.222`
 - `23.95.85.111`
 - `44.215.244.1`
 
-### Upgrade to Consul Enterprise v1.16.0 or newer
-
-Upgrade to a release that supports license utilization reporting. These [releases](https://releases.hashicorp.com/consul/) include:
-
-- Consul Enterprise 1.16.0 and newer.
-- Consul Enterprise 1.15.4 and newer.
-- Consul Enterprise 1.14.8 and newer.
-- Consul Enterprise 1.13.9 and newer.
-
 ### Check product logs
 
 Automatic license utilization reporting starts sending data within roughly 24 hours. Check the product logs for records that the data sent successfully.
@@ -77,7 +84,7 @@ If your installation is air-gapped or your network does not allow the correct eg
 
 </CodeBlockConfig>
 
-In this case, reconfigure your network to allow egress and check back in roughly 24 hours. 
+In this case, reconfigure your network to allow egress and check the logs again in roughly 24 hours to confirm that automated reporting works correctly. 
 
 ## Opt out
 
@@ -102,7 +109,7 @@ reporting {
 }
 ```
 
-When you opt out using an environment variable, once you restart your system it will provide a startup message confirming that you have disabled automated reporting. Set the following environment variable to disable automated reporting:
+When opting out using an environment variable, the system provides a startup message confirming that you have disabled automated reporting. Set the following environment variable to disable automated reporting:
 
 <CodeBlockConfig>
 

From 31d2813714290f7bfb16d493a767228edd4ed9fa Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Tue, 25 Jul 2023 13:54:52 -0400
Subject: [PATCH 219/359] member cli: add -filter expression to flags (#18223)

* member cli: add -filter expression to flags

* changelog

* update doc

* Add test cases

* use quote
---
 .changelog/18223.txt                 |  3 +++
 agent/agent_endpoint.go              | 15 +++++++++++++++
 api/agent.go                         |  6 ++++++
 api/agent_test.go                    | 25 +++++++++++++++++++++++++
 command/members/members.go           |  3 +++
 website/content/commands/members.mdx |  6 ++++++
 6 files changed, 58 insertions(+)
 create mode 100644 .changelog/18223.txt

diff --git a/.changelog/18223.txt b/.changelog/18223.txt
new file mode 100644
index 000000000000..067ca64f48e8
--- /dev/null
+++ b/.changelog/18223.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+cli: `consul members` command uses `-filter` expression to filter members based on bexpr.
+```
diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go
index 8057487b2b45..9ee6e41e1c85 100644
--- a/agent/agent_endpoint.go
+++ b/agent/agent_endpoint.go
@@ -619,6 +619,21 @@ func (s *HTTPHandlers) AgentMembers(resp http.ResponseWriter, req *http.Request)
 		}
 	}
 
+	// filter the members by parsed filter expression
+	var filterExpression string
+	s.parseFilter(req, &filterExpression)
+	if filterExpression != "" {
+		filter, err := bexpr.CreateFilter(filterExpression, nil, members)
+		if err != nil {
+			return nil, err
+		}
+		raw, err := filter.Execute(members)
+		if err != nil {
+			return nil, err
+		}
+		members = raw.([]serf.Member)
+	}
+
 	total := len(members)
 	if err := s.agent.filterMembers(token, &members); err != nil {
 		return nil, err
diff --git a/api/agent.go b/api/agent.go
index f45929cb5b7a..b09ed1c1cd75 100644
--- a/api/agent.go
+++ b/api/agent.go
@@ -274,6 +274,8 @@ type MembersOpts struct {
 	// Segment is the LAN segment to show members for. Setting this to the
 	// AllSegments value above will show members in all segments.
 	Segment string
+
+	Filter string
 }
 
 // AgentServiceRegistration is used to register a new service
@@ -790,6 +792,10 @@ func (a *Agent) MembersOpts(opts MembersOpts) ([]*AgentMember, error) {
 		r.params.Set("wan", "1")
 	}
 
+	if opts.Filter != "" {
+		r.params.Set("filter", opts.Filter)
+	}
+
 	_, resp, err := a.c.doRequest(r)
 	if err != nil {
 		return nil, err
diff --git a/api/agent_test.go b/api/agent_test.go
index ebf738154781..e6731bb29ad6 100644
--- a/api/agent_test.go
+++ b/api/agent_test.go
@@ -155,6 +155,31 @@ func TestAPI_AgentMembersOpts(t *testing.T) {
 	if len(members) != 2 {
 		t.Fatalf("bad: %v", members)
 	}
+
+	members, err = agent.MembersOpts(MembersOpts{
+		WAN:    true,
+		Filter: `Tags["dc"] == dc2`,
+	})
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	require.Equal(t, 1, len(members))
+
+	members, err = agent.MembersOpts(MembersOpts{
+		WAN:    true,
+		Filter: `Tags["dc"] == "not-Exist"`,
+	})
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	require.Equal(t, 0, len(members))
+
+	_, err = agent.MembersOpts(MembersOpts{
+		WAN:    true,
+		Filter: `Tags["dc"] == invalid-bexpr-value`,
+	})
+	require.ErrorContains(t, err, "Failed to create boolean expression evaluator")
 }
 
 func TestAPI_AgentMembers(t *testing.T) {
diff --git a/command/members/members.go b/command/members/members.go
index e6be185e5328..9895837f6484 100644
--- a/command/members/members.go
+++ b/command/members/members.go
@@ -33,6 +33,7 @@ type cmd struct {
 	wan          bool
 	statusFilter string
 	segment      string
+	filter       string
 }
 
 func New(ui cli.Ui) *cmd {
@@ -54,6 +55,7 @@ func (c *cmd) init() {
 	c.flags.StringVar(&c.segment, "segment", consulapi.AllSegments,
 		"(Enterprise-only) If provided, output is filtered to only nodes in"+
 			"the given segment.")
+	c.flags.StringVar(&c.filter, "filter", "", "Filter to use with the request")
 
 	c.http = &flags.HTTPFlags{}
 	flags.Merge(c.flags, c.http.ClientFlags())
@@ -83,6 +85,7 @@ func (c *cmd) Run(args []string) int {
 	opts := consulapi.MembersOpts{
 		Segment: c.segment,
 		WAN:     c.wan,
+		Filter:  c.filter,
 	}
 	members, err := client.Agent().MembersOpts(opts)
 	if err != nil {
diff --git a/website/content/commands/members.mdx b/website/content/commands/members.mdx
index 4e6b73cae288..ff1df561a6f4 100644
--- a/website/content/commands/members.mdx
+++ b/website/content/commands/members.mdx
@@ -48,6 +48,12 @@ Usage: `consul members [options]`
   in the WAN gossip pool. These are generally all the server nodes in
   each datacenter.
 
+- `-filter=<filter>` - Expression to use for filtering the results,
+  e.g., `-filter='Tags["dc"] == dc2'`.
+  See the [`/catalog/nodes` API documentation](/consul/api-docs/catalog#filtering) for a
+  description of what is filterable.
+
+
 #### Enterprise Options
 
 @include 'http_api_partition_options.mdx'

From 9b540e29bcc2ac87030529f3d5545184f91c30e9 Mon Sep 17 00:00:00 2001
From: Dan Bond <danbond@protonmail.com>
Date: Tue, 25 Jul 2023 10:58:12 -0700
Subject: [PATCH 220/359] go-tests: disable s390x (#18273)

---
 .github/workflows/go-tests.yml | 66 +++++++++++++++++-----------------
 1 file changed, 33 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 60e7d10d261c..bc9b985d5e31 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -184,18 +184,18 @@ jobs:
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
 
-  dev-build-s390x:
-    if: ${{ endsWith(github.repository, '-enterprise') }}
-    needs:
-    - setup
-    uses: ./.github/workflows/reusable-dev-build.yml
-    with:
-      uploaded-binary-name: 'consul-bin-s390x'
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
-      go-arch: "s390x"
-      repository-name: ${{ github.repository }}
-    secrets:
-      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+  # dev-build-s390x:
+  #   if: ${{ endsWith(github.repository, '-enterprise') }}
+  #   needs:
+  #   - setup
+  #   uses: ./.github/workflows/reusable-dev-build.yml
+  #   with:
+  #     uploaded-binary-name: 'consul-bin-s390x'
+  #     runs-on: ${{ needs.setup.outputs.compute-xl }}
+  #     go-arch: "s390x"
+  #     repository-name: ${{ github.repository }}
+  #   secrets:
+  #     elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
 
   # dev-build-arm64:
   #   # only run on enterprise because GHA does not have arm64 runners in OSS
@@ -309,26 +309,26 @@ jobs:
       consul-license: ${{secrets.CONSUL_LICENSE}}
       datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
 
-  go-test-s390x:
-    if: ${{ endsWith(github.repository, '-enterprise') }}
-    needs:
-    - setup
-    - dev-build-s390x
-    uses: ./.github/workflows/reusable-unit.yml
-    with:
-      uploaded-binary-name: 'consul-bin-s390x'
-      directory: .
-      go-test-flags: 'export GO_TEST_FLAGS="-short"'
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
-      repository-name: ${{ github.repository }}
-      go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
-    permissions:
-      id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read
-    secrets:
-      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
-      consul-license: ${{secrets.CONSUL_LICENSE}}
-      datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
+  # go-test-s390x:
+  #   if: ${{ endsWith(github.repository, '-enterprise') }}
+  #   needs:
+  #   - setup
+  #   - dev-build-s390x
+  #   uses: ./.github/workflows/reusable-unit.yml
+  #   with:
+  #     uploaded-binary-name: 'consul-bin-s390x'
+  #     directory: .
+  #     go-test-flags: 'export GO_TEST_FLAGS="-short"'
+  #     runs-on: ${{ needs.setup.outputs.compute-xl }}
+  #     repository-name: ${{ github.repository }}
+  #     go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
+  #   permissions:
+  #     id-token: write # NOTE: this permission is explicitly required for Vault auth.
+  #     contents: read
+  #   secrets:
+  #     elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+  #     consul-license: ${{secrets.CONSUL_LICENSE}}
+  #     datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
 
   go-test-envoyextensions:
     needs:
@@ -483,7 +483,7 @@ jobs:
     - go-test-sdk-1-19
     - go-test-sdk-1-20
     - go-test-32bit
-    - go-test-s390x
+    # - go-test-s390x
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     if: ${{ always() }}
     steps:

From 02cf17758d8788ef8f955f54abf4c399f2678005 Mon Sep 17 00:00:00 2001
From: Gautam <gautambaghel93@gmail.com>
Date: Tue, 25 Jul 2023 17:38:39 -0700
Subject: [PATCH 221/359] docs: Update ext-authz documentation for kubernetes
 (#18281)

Update ext-authz documentation for kubernetes
---
 .../proxies/envoy-extensions/usage/ext-authz.mdx      | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
index 30615d3b054f..afec572bee8a 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
@@ -83,9 +83,13 @@ EnvoyExtensions = [
 <CodeBlockConfig filename="api-auth-service-defaults">
 
 ```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
 kind: ServiceDefaults
-name: api
-envoyExtensions:
+metadata:
+  name: api
+  namespace: default
+spec:
+  envoyExtensions:
   - name: builtin/ext-authz
     arguments:
       proxyType: connect-proxy
@@ -94,6 +98,7 @@ envoyExtensions:
           target:
             service:
               name: authz
+              namespace: authz
 ```
 </CodeBlockConfig>
 </Tab>
@@ -140,7 +145,7 @@ $ consul config write api-auth-service-defaults.json
 <Tab heading="Kubernetes" group="kubernetes">
 
 ```shell-session
-$ kubectl apply api-auth-service-defaults.yaml
+$ kubectl apply -f api-auth-service-defaults.yaml
 ```
 
 </Tab>

From d147c3e5cdfb2e9f83af763f12636aa39f944f86 Mon Sep 17 00:00:00 2001
From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Date: Wed, 26 Jul 2023 07:03:07 -0700
Subject: [PATCH 222/359] docs: Consul on Kubernetes specific upgrade info
 (#18230)

* Compatibility page - dataplanes mention

* Upgrading higher-level dataplane mention

* `exec=` string callout

* More visible for upgrade page

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
---
 website/content/docs/k8s/compatibility.mdx | 10 ++++++++--
 website/content/docs/k8s/upgrade/index.mdx | 13 +++++++++++--
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/website/content/docs/k8s/compatibility.mdx b/website/content/docs/k8s/compatibility.mdx
index ad9f2cdf1261..1ad8a365e7eb 100644
--- a/website/content/docs/k8s/compatibility.mdx
+++ b/website/content/docs/k8s/compatibility.mdx
@@ -11,14 +11,20 @@ For every release of Consul on Kubernetes, a Helm chart, `consul-k8s-control-pla
 
 ## Supported Consul and Kubernetes versions
 
-Consul Kubernetes versions all of its components (`consul-k8s` CLI, `consul-k8s-control-plane`, and Helm chart) with a single semantic version. When installing or upgrading to a specific versions, ensure that you are using the correct Consul version with the compatible `consul-k8s` helm chart and/or CLI.
+Consul Kubernetes versions all of its components (`consul-k8s` CLI, `consul-k8s-control-plane`, and Helm chart) with a single semantic version. When installing or upgrading to a specific versions, ensure that you are using the correct Consul version with the compatible Helm chart or `consul-k8s` CLI.
 
-| Consul Version | Compatible consul-k8s Versions   | Compatible Kubernetes Versions | 
+| Consul version | Compatible `consul-k8s` versions | Compatible Kubernetes versions |
 | -------------- | -------------------------------- | -------------------------------|
 | 1.16.x         | 1.2.x                            | 1.24.x - 1.27.x                |
 | 1.15.x         | 1.1.x                            | 1.23.x - 1.26.x                |
 | 1.14.x         | 1.0.x                            | 1.22.x - 1.25.x                |
 
+### Version-specific upgrade requirements
+
+As of Consul v1.14.0, Kubernetes deployments use [Consul Dataplane](/consul/docs/connect/dataplane) instead of client agents. If you upgrade Consul from a version that uses client agents to a version that uses dataplanes, you must follow specific steps to update your Helm chart and remove client agents from the existing deployment. Refer to [Upgrading to Consul Dataplane](/consul/docs/k8s/upgrade#upgrading-to-consul-dataplane) for more information.
+
+The v1.0.0 release of the Consul on Kubernetes Helm chart also introduced a change to the [`externalServers[].hosts` parameter](/consul/docs/k8s/helm#v-externalservers-hosts). Previously, you were able to enter a provider lookup as a string in this field. Now, you must include `exec=` at the start of a string containing a provider lookup. Otherwise, the string is treated as a DNS name. Refer to the [`go-netaddrs`](https://github.com/hashicorp/go-netaddrs) library and command line tool for more information.
+
 ## Supported Envoy versions
 
 Supported versions of Envoy and `consul-dataplane` (for Consul K8s 1.0 and above) for Consul versions are also found in [Envoy - Supported Versions](/consul/docs/connect/proxies/envoy#supported-versions). Starting with `consul-k8s` 1.0, `consul-dataplane` will include a bundled version of Envoy. The recommended best practice is to use the default version of Envoy or `consul-dataplane` that is provided in the Helm `values.yaml` file, as that is the version that has been tested with the default Consul and Consul Kubernetes binaries for a given Helm chart.
diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx
index 695e615b7bf9..5075ffce48c7 100644
--- a/website/content/docs/k8s/upgrade/index.mdx
+++ b/website/content/docs/k8s/upgrade/index.mdx
@@ -5,14 +5,23 @@ description: >-
   Consul on Kubernetes relies on packages and binaries that have individual upgrade requirements. Learn how to update Helm configurations, Helm versions, Consul versions, and Consul agents, as well as how to determine what will change and its impact on your service mesh.
 ---
 
-# Upgrading Consul on Kubernetes Components
+# Upgrading Consul on Kubernetes components
+
+This topic describes considerations and strategies for upgrading Consul deployments running on Kubernetes clusters. In addition to upgrading the version of Consul, you may need to update your Helm chart or the release version of the Helm chart.
+
+## Version-specific upgrade requirements
+
+As of Consul v1.14.0, Kubernetes deployments use [Consul Dataplane](/consul/docs/connect/dataplane) instead of client agents. If you upgrade Consul from a version that uses client agents to a version that uses dataplanes, you must follow specific steps to update your Helm chart and remove client agents from the existing deployment. Refer to [Upgrading to Consul Dataplane](/consul/docs/k8s/upgrade#upgrading-to-consul-dataplane) for more information.
+
+The v1.0.0 release of the Consul on Kubernetes Helm chart also introduced a change to the [`externalServers[].hosts` parameter](/consul/docs/k8s/helm#v-externalservers-hosts). Previously, you were able to enter a provider lookup as a string in this field. Now, you must include `exec=` at the start of a string containing a provider lookup. Otherwise, the string is treated as a DNS name. Refer to the [`go-netaddrs`](https://github.com/hashicorp/go-netaddrs) library and command line tool for more information.
 
 ## Upgrade types
 
 We recommend updating Consul on Kubernetes when:
+
   - You change your Helm configuration
   - A new Helm chart is released
-  - You want to upgrade your Consul version.
+  - You want to upgrade your Consul version
 
 ### Helm configuration changes
 

From e37f702d92136349502f8ef28123aec791c569e1 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Wed, 26 Jul 2023 13:02:41 -0400
Subject: [PATCH 223/359] Fix typo in Envoy extensions doc (#18284)

---
 website/content/docs/connect/proxies/envoy-extensions/index.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/connect/proxies/envoy-extensions/index.mdx b/website/content/docs/connect/proxies/envoy-extensions/index.mdx
index eb8056ee659b..d79d78b50e67 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/index.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/index.mdx
@@ -40,7 +40,7 @@ The `lua` Envoy extension enables HTTP Lua filters in your Consul Envoy proxies.
 
 ### Property override
 
-The `property-override` extension lets you set and unset individual properties pm the Envoy resources that Consul generates. Use the extension instead of [escape-hatch overrides](/consul/docs/connect/proxies/envoy#escape-hatch-overrides) to enable advanced Envoy configuration. Refer to the [property override documentation](/consul/docs/connect/proxies/envoy-extensions/usage/property-override) for more information.
+The `property-override` extension lets you set and unset individual properties on the Envoy resources that Consul generates. Use the extension instead of [escape-hatch overrides](/consul/docs/connect/proxies/envoy#escape-hatch-overrides) to enable advanced Envoy configuration. Refer to the [property override documentation](/consul/docs/connect/proxies/envoy-extensions/usage/property-override) for more information.
 
 ### WebAssembly
 

From e29ceab2f9beb25a548974d066ed1fc31be375e0 Mon Sep 17 00:00:00 2001
From: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Date: Wed, 26 Jul 2023 11:42:56 -0700
Subject: [PATCH 224/359] docs: K8s secondary DC requirements (#18280)

* Requested edit

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 .../multi-cluster/kubernetes.mdx                      | 11 +++++------
 .../multi-cluster/vms-and-kubernetes.mdx              | 11 ++++++-----
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/website/content/docs/k8s/deployment-configurations/multi-cluster/kubernetes.mdx b/website/content/docs/k8s/deployment-configurations/multi-cluster/kubernetes.mdx
index e407c7bedea9..406ca258ec60 100644
--- a/website/content/docs/k8s/deployment-configurations/multi-cluster/kubernetes.mdx
+++ b/website/content/docs/k8s/deployment-configurations/multi-cluster/kubernetes.mdx
@@ -13,8 +13,8 @@ description: >-
 
 -> Looking for a step-by-step guide? Complete the [Secure and Route Service Mesh Communication Across Kubernetes](/consul/tutorials/kubernetes/kubernetes-mesh-gateways?utm_source=docs) tutorial to learn more.
 
-This page describes how to federate multiple Kubernetes clusters. See [Multi-Cluster Overview](/consul/docs/k8s/deployment-configurations/multi-cluster)
-for more information on use-cases and how it works.
+This page describes how to federate multiple Kubernetes clusters. Refer to [Multi-Cluster Overview](/consul/docs/k8s/deployment-configurations/multi-cluster)
+for more information, including [networking requirements](/consul/docs/k8s/deployment-configurations/multi-cluster#network-requirements).
 
 ## Primary Datacenter
 
@@ -81,8 +81,7 @@ Modifications:
 
 1. The Consul datacenter name is `dc1`. The datacenter name in each federated
    cluster **must be unique**.
-1. ACLs are enabled in the above config file. They can be disabled by setting:
-
+1. ACLs are enabled in the template configuration. When ACLs are enabled, primary clusters must be able to make requests to the Kubernetes API URLs of secondary clusters. To disable ACLs for testing purposes, change the following settings:
 
    ```yaml
    global:
@@ -90,9 +89,9 @@ Modifications:
        manageSystemACLs: false
        createReplicationToken: false
    ```
+
    ACLs secure Consul by requiring every API call to present an ACL token that
-   is validated to ensure it has the proper permissions. If you are only testing Consul,
-   this is not required.
+   is validated to ensure it has the proper permissions.
 1. Gossip encryption is enabled in the above config file. To disable it, comment
    out or delete the `gossipEncryption` key:
 
diff --git a/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx b/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx
index 6486630daeda..7fab4286f80e 100644
--- a/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx
+++ b/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx
@@ -11,14 +11,15 @@ description: >-
 
 ~> This topic requires familiarity with [Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters) and [WAN Federation Via Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways).
 
+This page describes how to federate Consul clusters separately deployed in VM and Kubernetes runtimes. Refer to [Multi-Cluster Overview](/consul/docs/k8s/deployment-configurations/multi-cluster)
+for more information, including [Kubernetes networking requirements](/consul/docs/k8s/deployment-configurations/multi-cluster#network-requirements).
+
 Consul datacenters running on non-kubernetes platforms like VMs or bare metal can
-be federated with Kubernetes datacenters. Just like with Kubernetes, one datacenter
-must be the [primary](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#primary-datacenter).
+be federated with Kubernetes datacenters. 
 
 ## Kubernetes as the Primary
 
-If your primary datacenter is running on Kubernetes, use the Helm config from the
-[Primary Datacenter](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#primary-datacenter) section to install Consul.
+One Consul datacenter must be the [primary](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#primary-datacenter). If your primary datacenter is running on Kubernetes, use the Helm config from the [Primary Datacenter](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#primary-datacenter) section to install Consul.
 
 Once installed on Kubernetes, and with the `ProxyDefaults` [resource created](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#proxydefaults),
 you'll need to export the following information from the primary Kubernetes cluster:
@@ -210,7 +211,7 @@ ports {
 
 If you're running your primary datacenter on VMs then you'll need to manually
 construct the [Federation Secret](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#federation-secret) in order to federate
-Kubernetes clusters as secondaries.
+Kubernetes clusters as secondaries. In addition, primary clusters must be able to make requests to the Kubernetes API URLs of secondary clusters when ACLs are enabled.
 
 -> Your VM cluster must be running mesh gateways, and have mesh gateway WAN
 federation enabled. See [WAN Federation via Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways).

From 5caa0ae3f5bda122e90b191f9526e7045cbb5fb9 Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Wed, 26 Jul 2023 15:02:04 -0500
Subject: [PATCH 225/359] api-gateway: subscribe to bound-api-gateway only
 after receiving api-gateway (#18291)

* api-gateway: subscribe to bound-api-gateway only after receiving api-gateway

This fixes a race condition due to our dependency on having the listener(s) from the api-gateway config entry in order to fully and properly process the resources on the bound-api-gateway config entry.

* Apply suggestions from code review

* Add changelog entry
---
 .changelog/18291.txt          |  3 +++
 agent/proxycfg/api_gateway.go | 22 ++++++++++++----------
 2 files changed, 15 insertions(+), 10 deletions(-)
 create mode 100644 .changelog/18291.txt

diff --git a/.changelog/18291.txt b/.changelog/18291.txt
new file mode 100644
index 000000000000..bb0ec6f89295
--- /dev/null
+++ b/.changelog/18291.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+api-gateway: fix race condition in proxy config generation when Consul is notified of the bound-api-gateway config entry before it is notified of the api-gateway config entry.
+```
diff --git a/agent/proxycfg/api_gateway.go b/agent/proxycfg/api_gateway.go
index 41eb5921259e..b4954cd3973c 100644
--- a/agent/proxycfg/api_gateway.go
+++ b/agent/proxycfg/api_gateway.go
@@ -54,12 +54,6 @@ func (h *handlerAPIGateway) initialize(ctx context.Context) (ConfigSnapshot, err
 		return snap, err
 	}
 
-	// Watch the bound-api-gateway's config entry
-	err = h.subscribeToConfigEntry(ctx, structs.BoundAPIGateway, h.service, h.proxyID.EnterpriseMeta, boundGatewayConfigWatchID)
-	if err != nil {
-		return snap, err
-	}
-
 	snap.APIGateway.Listeners = make(map[string]structs.APIGatewayListener)
 	snap.APIGateway.BoundListeners = make(map[string]structs.BoundAPIGatewayListener)
 	snap.APIGateway.HTTPRoutes = watch.NewMap[structs.ResourceReference, *structs.HTTPRouteConfigEntry]()
@@ -143,10 +137,12 @@ func (h *handlerAPIGateway) handleRootCAUpdate(u UpdateEvent, snap *ConfigSnapsh
 	return nil
 }
 
-// handleGatewayConfigUpdate responds to changes in the watched config entry for a gateway.
-// In particular, we want to make sure that we're subscribing to any attached resources such
-// as routes and certificates. These additional subscriptions will enable us to update the
-// config snapshot appropriately for any route or certificate changes.
+// handleGatewayConfigUpdate responds to changes in the watched config entries for a gateway.
+// Once the base api-gateway config entry has been seen, we store the list of listeners and
+// then subscribe to the corresponding bound-api-gateway config entry. We use the bound-api-gateway
+// config entry to subscribe to any attached resources, including routes and certificates.
+// These additional subscriptions will enable us to update the config snapshot appropriately
+// for any route or certificate changes.
 func (h *handlerAPIGateway) handleGatewayConfigUpdate(ctx context.Context, u UpdateEvent, snap *ConfigSnapshot, correlationID string) error {
 	resp, ok := u.Result.(*structs.ConfigEntryResponse)
 	if !ok {
@@ -244,6 +240,12 @@ func (h *handlerAPIGateway) handleGatewayConfigUpdate(ctx context.Context, u Upd
 		}
 
 		snap.APIGateway.GatewayConfigLoaded = true
+
+		// Watch the corresponding bound-api-gateway config entry
+		err := h.subscribeToConfigEntry(ctx, structs.BoundAPIGateway, h.service, h.proxyID.EnterpriseMeta, boundGatewayConfigWatchID)
+		if err != nil {
+			return err
+		}
 		break
 	default:
 		return fmt.Errorf("invalid type for config entry: %T", resp.Entry)

From 09b251ff77a0b76607351f4be187fbbe52a743e3 Mon Sep 17 00:00:00 2001
From: Paul Glass <pglass@hashicorp.com>
Date: Wed, 26 Jul 2023 15:25:27 -0500
Subject: [PATCH 226/359] Update K8s changelog to address cloud auto-join
 change in 1.0.0 (#18293)

---
 website/content/docs/release-notes/consul-k8s/v1_0_x.mdx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/website/content/docs/release-notes/consul-k8s/v1_0_x.mdx b/website/content/docs/release-notes/consul-k8s/v1_0_x.mdx
index b9236898dd51..5de0b43f5824 100644
--- a/website/content/docs/release-notes/consul-k8s/v1_0_x.mdx
+++ b/website/content/docs/release-notes/consul-k8s/v1_0_x.mdx
@@ -19,7 +19,8 @@ description: >-
 
 - `client.enabled` now defaults to `false`. Setting it to true will deploy client agents, however, none of the consul-k8s components will use clients for their operation. For Vault on Kubernetes using Consul deployed on Kubernetes as a storage backend, `client.enabled` should be set to `true` prior to upgrading.
 - `externalServers.grpcPort` default is now 8502 instead of 8503.
-- `sync-catalog` now communicates directly to Consul servers. When communicating to servers outside of Kubernetes, use the `externalServers.hosts` stanza as described in [Join External Servers to Consul on Kubernetes](/consul/docs/k8s/deployment-configurations/servers-outside-kubernetes). 
+- `externalServers.hosts` no longer supports [cloud auto-join](/consul/docs/install/cloud-auto-join) strings directly. Instead, include an [`exec=`](https://github.com/hashicorp/go-netaddrs#command-line-tool-usage) string in the `externalServers.hosts` list to invoke the `discover` CLI. For example, the following string invokes the `discover` CLI with a cloud auto-join string: `exec=discover -q addrs provider=aws region=us-west-2 tag_key=consul-server tag_value=true`. The `discover` CLI is included in the official `hashicorp/consul-dataplane` images by default.
+- `sync-catalog` now communicates directly to Consul servers. When communicating to servers outside of Kubernetes, use the `externalServers.hosts` stanza as described in [Join External Servers to Consul on Kubernetes](/consul/docs/k8s/deployment-configurations/servers-outside-kubernetes).
 - Consul snapshot agent runs as a sidecar to Consul servers. <EnterpriseAlert inline />
   - `client.snapshotAgent` values are moved to `server.snapshotAgent`, with the exception of the following values: `client.snaphostAgent.replicas`, `client.snaphostAgent.serviceAccount`
   - `global.secretsBackend.vault.consulSnapshotAgentRole` value is now removed. You should now use the `global.secretsBackend.vault.consulServerRole` for access to any Vault secrets. 

From cf4deeb7ea52ad2cc2fce524dd0d79990811ea16 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Wed, 26 Jul 2023 17:48:29 -0400
Subject: [PATCH 227/359] Update list of Envoy versions (#18300)

Update supported envoy versions to 1.24.10, 1.25.9, 1.26.4, 1.27.0.
---
 .changelog/18300.txt                               | 3 +++
 .github/workflows/test-integrations-windows.yml    | 2 +-
 .github/workflows/test-integrations.yml            | 4 ++--
 envoyextensions/xdscommon/envoy_versioning_test.go | 8 ++++----
 envoyextensions/xdscommon/proxysupport.go          | 8 ++++----
 5 files changed, 14 insertions(+), 11 deletions(-)
 create mode 100644 .changelog/18300.txt

diff --git a/.changelog/18300.txt b/.changelog/18300.txt
new file mode 100644
index 000000000000..717a697777e2
--- /dev/null
+++ b/.changelog/18300.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+connect: update supported envoy versions to 1.24.10, 1.25.9, 1.26.4, 1.27.0
+```
diff --git a/.github/workflows/test-integrations-windows.yml b/.github/workflows/test-integrations-windows.yml
index 79359c481bb8..7361f1b379bd 100644
--- a/.github/workflows/test-integrations-windows.yml
+++ b/.github/workflows/test-integrations-windows.yml
@@ -57,7 +57,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        envoy-version: [ "1.23.10", "1.24.8", "1.25.7", "1.26.2" ]
+        envoy-version: [ "1.24.10", "1.25.9", "1.26.4", "1.27.0" ]
         xds-target: [ "server", "client" ]
     env:
       ENVOY_VERSION: ${{ matrix.envoy-version }}
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 6c96b5da1d2c..2646d59cb789 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -240,7 +240,7 @@ jobs:
           # this is further going to multiplied in envoy-integration tests by the 
           # other dimensions in the matrix.  Currently TOTAL_RUNNERS would be
           # multiplied by 8 based on these values:
-          # envoy-version: ["1.23.10", "1.24.8", "1.25.7", "1.26.2"]
+          # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"]
           # xds-target: ["server", "client"]
           TOTAL_RUNNERS: 4 
           JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]'
@@ -274,7 +274,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        envoy-version: ["1.23.10", "1.24.8", "1.25.7", "1.26.2"]
+        envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"]
         xds-target: ["server", "client"]
         test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
     env:
diff --git a/envoyextensions/xdscommon/envoy_versioning_test.go b/envoyextensions/xdscommon/envoy_versioning_test.go
index cc2134c7323d..8cf3948f8ad1 100644
--- a/envoyextensions/xdscommon/envoy_versioning_test.go
+++ b/envoyextensions/xdscommon/envoy_versioning_test.go
@@ -151,10 +151,10 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) {
 	}
 	*/
 	for _, v := range []string{
-		"1.23.0", "1.23.1", "1.23.2", "1.23.3", "1.23.4", "1.23.5", "1.23.6", "1.23.7", "1.23.8", "1.23.9", "1.23.10",
-		"1.24.0", "1.24.1", "1.24.2", "1.24.3", "1.24.4", "1.24.5", "1.24.6", "1.24.7", "1.24.8",
-		"1.25.0", "1.25.1", "1.25.2", "1.25.3", "1.25.4", "1.25.5", "1.25.6", "1.25.7",
-		"1.26.0", "1.26.1", "1.26.2",
+		"1.24.0", "1.24.1", "1.24.2", "1.24.3", "1.24.4", "1.24.5", "1.24.6", "1.24.7", "1.24.8", "1.24.9", "1.24.10",
+		"1.25.0", "1.25.1", "1.25.2", "1.25.3", "1.25.4", "1.25.5", "1.25.6", "1.25.7", "1.25.8", "1.25.9",
+		"1.26.0", "1.26.1", "1.26.2", "1.26.3", "1.26.4",
+		"1.27.0",
 	} {
 		cases[v] = testcase{expect: SupportedProxyFeatures{}}
 	}
diff --git a/envoyextensions/xdscommon/proxysupport.go b/envoyextensions/xdscommon/proxysupport.go
index 250133a13844..290d4e03b86d 100644
--- a/envoyextensions/xdscommon/proxysupport.go
+++ b/envoyextensions/xdscommon/proxysupport.go
@@ -12,10 +12,10 @@ import "strings"
 //
 // see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions
 var EnvoyVersions = []string{
-	"1.26.2",
-	"1.25.7",
-	"1.24.8",
-	"1.23.10",
+	"1.27.0",
+	"1.26.4",
+	"1.25.9",
+	"1.24.10",
 }
 
 // UnsupportedEnvoyVersions lists any unsupported Envoy versions (mainly minor versions) that fall

From cbfeb6c8af6a7fdf0e61c31ec7536fb77cbca08d Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Thu, 27 Jul 2023 11:47:02 -0400
Subject: [PATCH 228/359] [NET-4904] Update list of Envoy versions in docs
 (#18306)

Update list of Envoy versions in docs

Update supported Envoy versions across Consul release versions.
---
 website/content/docs/connect/proxies/envoy.mdx | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx
index bbdda8b82fcd..51ff61d8a2c9 100644
--- a/website/content/docs/connect/proxies/envoy.mdx
+++ b/website/content/docs/connect/proxies/envoy.mdx
@@ -39,9 +39,9 @@ Consul supports **four major Envoy releases** at the beginning of each major Con
 
 | Consul Version      | Compatible Envoy Versions                                                          |
 | ------------------- | -----------------------------------------------------------------------------------|
-| 1.16.x              | 1.26.2, 1.25.7, 1.24.8, 1.23.10                                                    |
-| 1.15.x              | 1.25.6, 1.24.7, 1.23.9, 1.22.11                                                    |
-| 1.14.x              | 1.24.0, 1.23.1, 1.22.5, 1.21.5                                                     |
+| 1.16.x              | 1.26.4, 1.25.9, 1.24.10, 1.23.12                                                   |
+| 1.15.x              | 1.25.9, 1.24.10, 1.23.12, 1.22.11                                                  |
+| 1.14.x              | 1.24.10, 1.23.12, 1.22.11, 1.21.6                                                  |
 
 ### Envoy and Consul Dataplane
 

From 449e0507417d01a4b44f57b64890c4d8dfccfc4a Mon Sep 17 00:00:00 2001
From: Curt Bushko <cbushko@gmail.com>
Date: Fri, 28 Jul 2023 12:49:23 -0400
Subject: [PATCH 229/359] Update actions for TSCCR (#18317)

Update action versions before deadline
---
 .github/workflows/reusable-dev-build-windows.yml | 2 +-
 .github/workflows/test-integrations-windows.yml  | 6 +++---
 .github/workflows/test-integrations.yml          | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/reusable-dev-build-windows.yml b/.github/workflows/reusable-dev-build-windows.yml
index 446fbb713663..01247c477878 100644
--- a/.github/workflows/reusable-dev-build-windows.yml
+++ b/.github/workflows/reusable-dev-build-windows.yml
@@ -25,7 +25,7 @@ jobs:
   build:
     runs-on: 'windows-2019'
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
diff --git a/.github/workflows/test-integrations-windows.yml b/.github/workflows/test-integrations-windows.yml
index 7361f1b379bd..f18b43e006ac 100644
--- a/.github/workflows/test-integrations-windows.yml
+++ b/.github/workflows/test-integrations-windows.yml
@@ -31,7 +31,7 @@ jobs:
       compute-xl: ${{ steps.runners.outputs.compute-xl }}
       enterprise: ${{ steps.runners.outputs.enterprise }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - id: runners
         run: .github/scripts/get_runner_classes_windows.sh
 
@@ -64,7 +64,7 @@ jobs:
       XDS_TARGET: ${{ matrix.xds-target }}
       AWS_LAMBDA_REGION: us-west-2
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
           go-version-file: 'go.mod'
@@ -86,7 +86,7 @@ jobs:
           docker build -t envoy-tcpdump -f Dockerfile-tcpdump-windows .
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
+        uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
 
       - name: Docker build consul
         run: docker build -t windows/consul -f Dockerfile-windows .
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 2646d59cb789..ea21f613e764 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -604,7 +604,7 @@ jobs:
     env:
       ENVOY_VERSION: "1.24.6"
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(github.repository, '-enterprise') }}

From 6ada2e05ff8193b2c9875941ee8fa39415a9b226 Mon Sep 17 00:00:00 2001
From: Florian Apolloner <florian@apolloner.eu>
Date: Mon, 31 Jul 2023 14:10:55 +0200
Subject: [PATCH 230/359] Fix topology view when displaying mixed
 connect-native/normal services. (#13023)

* Fix topoloy intention with mixed connect-native/normal services.

If a service is registered twice, once with connect-native and once
without, the topology views would prune the existing intentions. This
change brings the code more in line with the transparent proxy behavior.

* Dedupe nodes in the ServiceTopology ui endpoint (like done with tags).

* Consider a service connect-native as soon as one instance is.
---
 .changelog/13023.txt          |  3 ++
 agent/consul/state/catalog.go | 24 +++++++++----
 agent/ui_endpoint.go          | 18 ++++++++--
 agent/ui_endpoint_test.go     | 66 +++++++++++++++++++++++++++++++++--
 4 files changed, 100 insertions(+), 11 deletions(-)
 create mode 100644 .changelog/13023.txt

diff --git a/.changelog/13023.txt b/.changelog/13023.txt
new file mode 100644
index 000000000000..cadf7bb93849
--- /dev/null
+++ b/.changelog/13023.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: the topology view now properly displays services with mixed connect and non-connect instances.
+```
diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go
index 4e9fcf716c47..040a9608142b 100644
--- a/agent/consul/state/catalog.go
+++ b/agent/consul/state/catalog.go
@@ -4535,13 +4535,17 @@ func (s *Store) ServiceTopology(
 		maxIdx = idx
 	}
 
-	// Store downstreams with at least one instance in transparent proxy mode.
+	// Store downstreams with at least one instance in transparent proxy or connect native mode.
 	// This is to avoid returning downstreams from intentions when none of the downstreams are transparent proxies.
-	tproxyMap := make(map[structs.ServiceName]struct{})
+	proxyMap := make(map[structs.ServiceName]struct{})
 	for _, downstream := range unfilteredDownstreams {
 		if downstream.Service.Proxy.Mode == structs.ProxyModeTransparent {
 			sn := structs.NewServiceName(downstream.Service.Proxy.DestinationServiceName, &downstream.Service.EnterpriseMeta)
-			tproxyMap[sn] = struct{}{}
+			proxyMap[sn] = struct{}{}
+		}
+		if downstream.Service.Connect.Native {
+			sn := downstream.Service.CompoundServiceName()
+			proxyMap[sn] = struct{}{}
 		}
 	}
 
@@ -4551,7 +4555,7 @@ func (s *Store) ServiceTopology(
 		if downstream.Service.Kind == structs.ServiceKindConnectProxy {
 			sn = structs.NewServiceName(downstream.Service.Proxy.DestinationServiceName, &downstream.Service.EnterpriseMeta)
 		}
-		if _, ok := tproxyMap[sn]; !ok && !downstream.Service.Connect.Native && downstreamSources[sn.String()] != structs.TopologySourceRegistration {
+		if _, ok := proxyMap[sn]; !ok && downstreamSources[sn.String()] != structs.TopologySourceRegistration {
 			// If downstream is not a transparent proxy or connect native, remove references
 			delete(downstreamSources, sn.String())
 			delete(downstreamDecisions, sn.String())
@@ -4580,6 +4584,7 @@ func (s *Store) combinedServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, names []s
 		maxIdx uint64
 		resp   structs.CheckServiceNodes
 	)
+	dedupMap := make(map[string]structs.CheckServiceNode)
 	for _, u := range names {
 		// Collect typical then connect instances
 		idx, csn, err := checkServiceNodesTxn(tx, ws, u.Name, false, &u.EnterpriseMeta, peerName)
@@ -4589,7 +4594,9 @@ func (s *Store) combinedServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, names []s
 		if idx > maxIdx {
 			maxIdx = idx
 		}
-		resp = append(resp, csn...)
+		for _, item := range csn {
+			dedupMap[item.Node.Node+"/"+item.Service.ID] = item
+		}
 
 		idx, csn, err = checkServiceNodesTxn(tx, ws, u.Name, true, &u.EnterpriseMeta, peerName)
 		if err != nil {
@@ -4598,7 +4605,12 @@ func (s *Store) combinedServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, names []s
 		if idx > maxIdx {
 			maxIdx = idx
 		}
-		resp = append(resp, csn...)
+		for _, item := range csn {
+			dedupMap[item.Node.Node+"/"+item.Service.ID] = item
+		}
+	}
+	for _, item := range dedupMap {
+		resp = append(resp, item)
 	}
 	return maxIdx, resp, nil
 }
diff --git a/agent/ui_endpoint.go b/agent/ui_endpoint.go
index 5924e23f6f79..20d6f8a4126e 100644
--- a/agent/ui_endpoint.go
+++ b/agent/ui_endpoint.go
@@ -563,11 +563,25 @@ func summarizeServices(dump structs.ServiceDump, cfg *config.RuntimeConfig, dc s
 		sum := getService(psn)
 
 		svc := csn.Service
-		sum.Nodes = append(sum.Nodes, csn.Node.Node)
+
+		found := false
+		for _, existing := range sum.Nodes {
+			if existing == csn.Node.Node {
+				found = true
+				break
+			}
+		}
+		if !found {
+			sum.Nodes = append(sum.Nodes, csn.Node.Node)
+		}
+
 		sum.Kind = svc.Kind
 		sum.Datacenter = csn.Node.Datacenter
 		sum.InstanceCount += 1
-		sum.ConnectNative = svc.Connect.Native
+		// Consider a service connect native once at least one instance is
+		if svc.Connect.Native {
+			sum.ConnectNative = svc.Connect.Native
+		}
 		if svc.Kind == structs.ServiceKindConnectProxy {
 			sn := structs.NewServiceName(svc.Proxy.DestinationServiceName, &svc.EnterpriseMeta)
 			psn := structs.PeeredServiceName{Peer: peerName, ServiceName: sn}
diff --git a/agent/ui_endpoint_test.go b/agent/ui_endpoint_test.go
index f6810db801d6..d2cda642f2aa 100644
--- a/agent/ui_endpoint_test.go
+++ b/agent/ui_endpoint_test.go
@@ -1687,19 +1687,43 @@ func TestUIServiceTopology(t *testing.T) {
 				SkipNodeUpdate: true,
 				Service: &structs.NodeService{
 					Kind:    structs.ServiceKindTypical,
-					ID:      "cproxy",
+					ID:      "cproxy-https",
 					Service: "cproxy",
 					Port:    1111,
 					Address: "198.18.1.70",
+					Tags:    []string{"https"},
 					Connect: structs.ServiceConnect{Native: true},
 				},
 				Checks: structs.HealthChecks{
 					&structs.HealthCheck{
 						Node:        "cnative",
-						CheckID:     "cnative:cproxy",
+						CheckID:     "cnative:cproxy-https",
 						Name:        "cproxy-liveness",
 						Status:      api.HealthPassing,
-						ServiceID:   "cproxy",
+						ServiceID:   "cproxy-https",
+						ServiceName: "cproxy",
+					},
+				},
+			},
+			"Service cproxy/http on cnative": {
+				Datacenter:     "dc1",
+				Node:           "cnative",
+				SkipNodeUpdate: true,
+				Service: &structs.NodeService{
+					Kind:    structs.ServiceKindTypical,
+					ID:      "cproxy-http",
+					Service: "cproxy",
+					Port:    1112,
+					Address: "198.18.1.70",
+					Tags:    []string{"http"},
+				},
+				Checks: structs.HealthChecks{
+					&structs.HealthCheck{
+						Node:        "cnative",
+						CheckID:     "cnative:cproxy-http",
+						Name:        "cproxy-liveness",
+						Status:      api.HealthPassing,
+						ServiceID:   "cproxy-http",
 						ServiceName: "cproxy",
 					},
 				},
@@ -2125,6 +2149,42 @@ func TestUIServiceTopology(t *testing.T) {
 				FilteredByACLs: false,
 			},
 		},
+		{
+			name: "cbackend",
+			httpReq: func() *http.Request {
+				req, _ := http.NewRequest("GET", "/v1/internal/ui/service-topology/cbackend?kind=", nil)
+				return req
+			}(),
+			want: &ServiceTopology{
+				Protocol:         "http",
+				TransparentProxy: false,
+				Upstreams:        []*ServiceTopologySummary{},
+				Downstreams: []*ServiceTopologySummary{
+					{
+						ServiceSummary: ServiceSummary{
+							Name:           "cproxy",
+							Datacenter:     "dc1",
+							Tags:           []string{"http", "https"},
+							Nodes:          []string{"cnative"},
+							InstanceCount:  2,
+							ChecksPassing:  3,
+							ChecksWarning:  0,
+							ChecksCritical: 0,
+							ConnectNative:  true,
+							EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
+						},
+						Intention: structs.IntentionDecisionSummary{
+							DefaultAllow:   true,
+							Allowed:        true,
+							HasPermissions: false,
+							HasExact:       true,
+						},
+						Source: structs.TopologySourceSpecificIntention,
+					},
+				},
+				FilteredByACLs: false,
+			},
+		},
 	}
 
 	for _, tc := range tcs {

From 356b29bf358eb77db934d8ad7ec3ad3bf1d8b581 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Mon, 31 Jul 2023 09:13:16 -0400
Subject: [PATCH 231/359] Stop JWT provider from being written in non default
 namespace (#18325)

---
 .changelog/18325.txt                           | 3 +++
 agent/structs/config_entry_jwt_provider.go     | 2 +-
 agent/structs/config_entry_jwt_provider_oss.go | 7 ++++++-
 3 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 .changelog/18325.txt

diff --git a/.changelog/18325.txt b/.changelog/18325.txt
new file mode 100644
index 000000000000..b2870352b6c0
--- /dev/null
+++ b/.changelog/18325.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+mesh: **(Enterprise Only)** Require that `jwt-provider` config entries are created in the `default` namespace.
+```
\ No newline at end of file
diff --git a/agent/structs/config_entry_jwt_provider.go b/agent/structs/config_entry_jwt_provider.go
index cc9a37be0c48..7336027d7095 100644
--- a/agent/structs/config_entry_jwt_provider.go
+++ b/agent/structs/config_entry_jwt_provider.go
@@ -509,7 +509,7 @@ func (e *JWTProviderConfigEntry) Validate() error {
 		return err
 	}
 
-	if err := e.validatePartition(); err != nil {
+	if err := e.validatePartitionAndNamespace(); err != nil {
 		return err
 	}
 
diff --git a/agent/structs/config_entry_jwt_provider_oss.go b/agent/structs/config_entry_jwt_provider_oss.go
index 2152f139f0f7..533f349c01e5 100644
--- a/agent/structs/config_entry_jwt_provider_oss.go
+++ b/agent/structs/config_entry_jwt_provider_oss.go
@@ -12,9 +12,14 @@ import (
 	"github.com/hashicorp/consul/acl"
 )
 
-func (e *JWTProviderConfigEntry) validatePartition() error {
+func (e *JWTProviderConfigEntry) validatePartitionAndNamespace() error {
 	if !acl.IsDefaultPartition(e.PartitionOrDefault()) {
 		return fmt.Errorf("Partitions are an enterprise only feature")
 	}
+
+	if acl.DefaultNamespaceName != e.NamespaceOrDefault() {
+		return fmt.Errorf("Namespaces are an enterprise only feature")
+	}
+
 	return nil
 }

From 18a5edd23265566e3a8c0e8953c870080b36185b Mon Sep 17 00:00:00 2001
From: cui fliter <imcusg@gmail.com>
Date: Tue, 1 Aug 2023 01:56:09 +0800
Subject: [PATCH 232/359] docs: Fix some comments (#17118)

Signed-off-by: cui fliter <imcusg@gmail.com>
---
 agent/connect/ca/provider.go                                  | 2 +-
 agent/connect/parsing.go                                      | 2 +-
 agent/consul/auto_config_backend.go                           | 2 +-
 agent/consul/prepared_query_endpoint_test.go                  | 2 +-
 agent/consul/server.go                                        | 2 +-
 agent/consul/state/catalog.go                                 | 4 ++--
 agent/consul/state/catalog_events.go                          | 2 +-
 agent/proxycfg/proxycfg.go                                    | 2 +-
 agent/structs/acl.go                                          | 2 +-
 agent/structs/prepared_query.go                               | 2 +-
 agent/xds/delta.go                                            | 2 +-
 command/connect/envoy/bootstrap_tpl.go                        | 2 +-
 connect/tls.go                                                | 2 +-
 envoyextensions/extensioncommon/envoy_extender.go             | 2 +-
 proto/private/pbpeering/peering.pb.go                         | 2 +-
 proto/private/pbpeering/peering.proto                         | 2 +-
 sdk/iptables/iptables.go                                      | 2 +-
 test/integration/connect/envoy/case-stats-proxy/verify.bats   | 2 +-
 website/content/api-docs/acl/index.mdx                        | 2 +-
 website/content/api-docs/catalog.mdx                          | 2 +-
 website/content/api-docs/status.mdx                           | 2 +-
 website/content/commands/connect/envoy.mdx                    | 2 +-
 website/content/commands/debug.mdx                            | 2 +-
 website/content/commands/snapshot/agent.mdx                   | 2 +-
 website/content/docs/agent/config/cli-flags.mdx               | 2 +-
 website/content/docs/agent/config/config-files.mdx            | 2 +-
 website/content/docs/agent/telemetry.mdx                      | 4 ++--
 website/content/docs/api-gateway/configuration/routes.mdx     | 2 +-
 website/content/docs/api-gateway/tech-specs.mdx               | 2 +-
 website/content/docs/dynamic-app-config/kv.mdx                | 2 +-
 website/content/docs/ecs/manual/secure-configuration.mdx      | 4 ++--
 .../docs/k8s/connect/cluster-peering/usage/manage-peering.mdx | 4 ++--
 website/content/docs/nia/configuration.mdx                    | 2 +-
 website/content/docs/nia/usage/errors-ref.mdx                 | 2 +-
 .../content/docs/release-notes/consul-api-gateway/v0_1_x.mdx  | 2 +-
 website/content/docs/security/acl/acl-roles.mdx               | 4 ++--
 website/content/docs/security/acl/auth-methods/index.mdx      | 2 +-
 website/content/docs/upgrading/upgrade-specific.mdx           | 2 +-
 38 files changed, 43 insertions(+), 43 deletions(-)

diff --git a/agent/connect/ca/provider.go b/agent/connect/ca/provider.go
index 2ef34228bc48..d8061005e9d9 100644
--- a/agent/connect/ca/provider.go
+++ b/agent/connect/ca/provider.go
@@ -152,7 +152,7 @@ type PrimaryProvider interface {
 	SignIntermediate(*x509.CertificateRequest) (string, error)
 
 	// CrossSignCA must accept a CA certificate from another CA provider and cross
-	// sign it exactly as it is such that it forms a chain back the the
+	// sign it exactly as it is such that it forms a chain back the
 	// CAProvider's current root. Specifically, the Distinguished Name, Subject
 	// Alternative Name, SubjectKeyID and other relevant extensions must be kept.
 	// The resulting certificate must have a distinct Serial Number and the
diff --git a/agent/connect/parsing.go b/agent/connect/parsing.go
index a89544532fbb..d0eb55d7b0dd 100644
--- a/agent/connect/parsing.go
+++ b/agent/connect/parsing.go
@@ -148,7 +148,7 @@ func ParseSigner(pemValue string) (crypto.Signer, error) {
 }
 
 // ParseCSR parses a CSR from a PEM-encoded value. The certificate request
-// must be the the first block in the PEM value.
+// must be the first block in the PEM value.
 func ParseCSR(pemValue string) (*x509.CertificateRequest, error) {
 	// The _ result below is not an error but the remaining PEM bytes.
 	block, _ := pem.Decode([]byte(pemValue))
diff --git a/agent/consul/auto_config_backend.go b/agent/consul/auto_config_backend.go
index 78413fe0121c..f56e4249bdd7 100644
--- a/agent/consul/auto_config_backend.go
+++ b/agent/consul/auto_config_backend.go
@@ -34,7 +34,7 @@ func (b autoConfigBackend) GetCARoots() (*structs.IndexedCARoots, error) {
 }
 
 // DatacenterJoinAddresses will return all the strings suitable for usage in
-// retry join operations to connect to the the LAN or LAN segment gossip pool.
+// retry join operations to connect to the LAN or LAN segment gossip pool.
 func (b autoConfigBackend) DatacenterJoinAddresses(partition, segment string) ([]string, error) {
 	members, err := b.Server.LANMembers(LANMemberFilter{
 		Segment:   segment,
diff --git a/agent/consul/prepared_query_endpoint_test.go b/agent/consul/prepared_query_endpoint_test.go
index af1fd65a876d..f8dae39b0a5e 100644
--- a/agent/consul/prepared_query_endpoint_test.go
+++ b/agent/consul/prepared_query_endpoint_test.go
@@ -2808,7 +2808,7 @@ func TestPreparedQuery_Wrapper(t *testing.T) {
 		t.Fatalf("bad: %v", ret)
 	}
 	// Since we have no idea when the joinWAN operation completes
-	// we keep on querying until the the join operation completes.
+	// we keep on querying until the join operation completes.
 	retry.Run(t, func(r *retry.R) {
 		r.Check(s1.forwardDC("Status.Ping", "dc2", &struct{}{}, &struct{}{}))
 	})
diff --git a/agent/consul/server.go b/agent/consul/server.go
index 6e5ea29da082..032eb00bd9c2 100644
--- a/agent/consul/server.go
+++ b/agent/consul/server.go
@@ -242,7 +242,7 @@ type Server struct {
 	// serf cluster that spans datacenters
 	eventChWAN chan serf.Event
 
-	// wanMembershipNotifyCh is used to receive notifications that the the
+	// wanMembershipNotifyCh is used to receive notifications that the
 	// serfWAN wan pool may have changed.
 	//
 	// If this is nil, notification is skipped.
diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go
index 040a9608142b..07e965d6b25c 100644
--- a/agent/consul/state/catalog.go
+++ b/agent/consul/state/catalog.go
@@ -3972,7 +3972,7 @@ func updateGatewayService(tx WriteTxn, idx uint64, mapping *structs.GatewayServi
 }
 
 // checkWildcardForGatewaysAndUpdate checks whether a service matches a
-// wildcard definition in gateway config entries and if so adds it the the
+// wildcard definition in gateway config entries and if so adds it the
 // gateway-services table.
 func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.ServiceName, ns *structs.NodeService, kind structs.GatewayServiceKind) error {
 	sn := structs.ServiceName{Name: structs.WildcardSpecifier, EnterpriseMeta: svc.EnterpriseMeta}
@@ -4020,7 +4020,7 @@ func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.Servic
 }
 
 // checkGatewayAndUpdate checks whether a service matches a
-// wildcard definition in gateway config entries and if so adds it the the
+// wildcard definition in gateway config entries and if so adds it the
 // gateway-services table.
 func checkGatewayAndUpdate(tx WriteTxn, idx uint64, svc *structs.ServiceName, kind structs.GatewayServiceKind) error {
 	sn := structs.ServiceName{Name: svc.Name, EnterpriseMeta: svc.EnterpriseMeta}
diff --git a/agent/consul/state/catalog_events.go b/agent/consul/state/catalog_events.go
index 0cd7258d5e80..6be12ec2a3ce 100644
--- a/agent/consul/state/catalog_events.go
+++ b/agent/consul/state/catalog_events.go
@@ -645,7 +645,7 @@ func getPayloadCheckServiceNode(payload stream.Payload) *structs.CheckServiceNod
 }
 
 // newServiceHealthEventsForNode returns health events for all services on the
-// given node. This mirrors some of the the logic in the oddly-named
+// given node. This mirrors some of the logic in the oddly-named
 // parseCheckServiceNodes but is more efficient since we know they are all on
 // the same node.
 func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta *acl.EnterpriseMeta, peerName string) ([]stream.Event, error) {
diff --git a/agent/proxycfg/proxycfg.go b/agent/proxycfg/proxycfg.go
index f73e6ac726ce..759c0b733996 100644
--- a/agent/proxycfg/proxycfg.go
+++ b/agent/proxycfg/proxycfg.go
@@ -45,7 +45,7 @@
 //	   ConfigSource - on a client agent this would be a local config source, on a
 //	   server it would be a catalog config source.
 //	4. On server, the catalog config source will check if service is registered locally.
-//	   4a. If the service *is* registered locally it hands off the the local config
+//	   4a. If the service *is* registered locally it hands off the local config
 //	      source, which calls Watch on the proxycfg manager (and serves the pre-
 //	      fetched data).
 //	5. Otherwise, it fetches the service from the state store.
diff --git a/agent/structs/acl.go b/agent/structs/acl.go
index d239b8822224..1533fd6577d0 100644
--- a/agent/structs/acl.go
+++ b/agent/structs/acl.go
@@ -1296,7 +1296,7 @@ type ACLTokenListResponse struct {
 }
 
 // ACLTokenBatchGetRequest is used for reading multiple tokens, this is
-// different from the the token list request in that only tokens with the
+// different from the token list request in that only tokens with the
 // the requested ids are returned
 type ACLTokenBatchGetRequest struct {
 	AccessorIDs []string // List of accessor ids to fetch
diff --git a/agent/structs/prepared_query.go b/agent/structs/prepared_query.go
index 71b0eba81bc3..bf1581975e1b 100644
--- a/agent/structs/prepared_query.go
+++ b/agent/structs/prepared_query.go
@@ -341,7 +341,7 @@ type PreparedQueryExecuteRemoteRequest struct {
 	Connect bool
 
 	// QueryOptions (unfortunately named here) controls the consistency
-	// settings for the the service lookups.
+	// settings for the service lookups.
 	QueryOptions
 }
 
diff --git a/agent/xds/delta.go b/agent/xds/delta.go
index f84b633a852b..0b3fbc2f9570 100644
--- a/agent/xds/delta.go
+++ b/agent/xds/delta.go
@@ -117,7 +117,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 		// type => name => proto
 		resourceMap = xdscommon.EmptyIndexedResources()
 
-		// currentVersions is the the xDS versioning represented by Resources.
+		// currentVersions is the xDS versioning represented by Resources.
 		//
 		// type => name => version (as consul knows right now)
 		currentVersions = make(map[string]map[string]string)
diff --git a/command/connect/envoy/bootstrap_tpl.go b/command/connect/envoy/bootstrap_tpl.go
index 26b8e2118b1e..6d1946c90df4 100644
--- a/command/connect/envoy/bootstrap_tpl.go
+++ b/command/connect/envoy/bootstrap_tpl.go
@@ -8,7 +8,7 @@ package envoy
 type BootstrapTplArgs struct {
 	GRPC
 
-	// ProxyCluster is the cluster name for the the Envoy `node` specification and
+	// ProxyCluster is the cluster name for the Envoy `node` specification and
 	// is typically the same as the ProxyID.
 	ProxyCluster string
 
diff --git a/connect/tls.go b/connect/tls.go
index a0e0286bc1af..ed34b3315b51 100644
--- a/connect/tls.go
+++ b/connect/tls.go
@@ -425,7 +425,7 @@ func (cfg *dynamicTLSConfig) Ready() bool {
 	return cfg.VerifyLeafWithRoots() == nil
 }
 
-// ReadyWait returns a chan that is closed when the the Service becomes ready
+// ReadyWait returns a chan that is closed when the Service becomes ready
 // for use for the first time. Note that if the Service is ready when it is
 // called it returns a nil chan. Ready means that it has root and leaf
 // certificates configured but not that the combination is valid nor that
diff --git a/envoyextensions/extensioncommon/envoy_extender.go b/envoyextensions/extensioncommon/envoy_extender.go
index 8cf0bc289e12..a1c01f33d72a 100644
--- a/envoyextensions/extensioncommon/envoy_extender.go
+++ b/envoyextensions/extensioncommon/envoy_extender.go
@@ -17,7 +17,7 @@ type EnvoyExtender interface {
 
 	// Extend updates indexed xDS structures to include patches for
 	// built-in extensions. It is responsible for applying extensions to
-	// the the appropriate xDS resources. If any portion of this function fails,
+	// the appropriate xDS resources. If any portion of this function fails,
 	// it will attempt continue and return an error. The caller can then determine
 	// if it is better to use a partially applied extension or error out.
 	Extend(*xdscommon.IndexedResources, *RuntimeConfig) (*xdscommon.IndexedResources, error)
diff --git a/proto/private/pbpeering/peering.pb.go b/proto/private/pbpeering/peering.pb.go
index 65a75ada268f..69af206ca4b2 100644
--- a/proto/private/pbpeering/peering.pb.go
+++ b/proto/private/pbpeering/peering.pb.go
@@ -324,7 +324,7 @@ type Peering struct {
 	PeerCAPems []string `protobuf:"bytes,8,rep,name=PeerCAPems,proto3" json:"PeerCAPems,omitempty"`
 	// PeerServerName is the name of the remote server as it relates to TLS.
 	PeerServerName string `protobuf:"bytes,9,opt,name=PeerServerName,proto3" json:"PeerServerName,omitempty"`
-	// PeerServerAddresses contains all the the connection addresses for the remote peer.
+	// PeerServerAddresses contains all the connection addresses for the remote peer.
 	PeerServerAddresses []string `protobuf:"bytes,10,rep,name=PeerServerAddresses,proto3" json:"PeerServerAddresses,omitempty"`
 	// StreamStatus contains information computed on read based on the state of the stream.
 	//
diff --git a/proto/private/pbpeering/peering.proto b/proto/private/pbpeering/peering.proto
index 098c8f6387d5..e72d5eb76803 100644
--- a/proto/private/pbpeering/peering.proto
+++ b/proto/private/pbpeering/peering.proto
@@ -229,7 +229,7 @@ message Peering {
   // PeerServerName is the name of the remote server as it relates to TLS.
   string PeerServerName = 9;
 
-  // PeerServerAddresses contains all the the connection addresses for the remote peer.
+  // PeerServerAddresses contains all the connection addresses for the remote peer.
   repeated string PeerServerAddresses = 10;
 
   // StreamStatus contains information computed on read based on the state of the stream.
diff --git a/sdk/iptables/iptables.go b/sdk/iptables/iptables.go
index 5b965a6322ac..32f089a6c9a8 100644
--- a/sdk/iptables/iptables.go
+++ b/sdk/iptables/iptables.go
@@ -149,7 +149,7 @@ func Setup(cfg Config) error {
 		// Redirect remaining outbound traffic to Envoy.
 		cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", ProxyOutputChain, "-j", ProxyOutputRedirectChain)
 
-		// We are using "insert" (-I) instead of "append" (-A) so the the provided rules take precedence over default ones.
+		// We are using "insert" (-I) instead of "append" (-A) so the provided rules take precedence over default ones.
 		for _, outboundPort := range cfg.ExcludeOutboundPorts {
 			cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-I", ProxyOutputChain, "-p", "tcp", "--dport", outboundPort, "-j", "RETURN")
 		}
diff --git a/test/integration/connect/envoy/case-stats-proxy/verify.bats b/test/integration/connect/envoy/case-stats-proxy/verify.bats
index 2d02010dc185..a200a5a31367 100644
--- a/test/integration/connect/envoy/case-stats-proxy/verify.bats
+++ b/test/integration/connect/envoy/case-stats-proxy/verify.bats
@@ -40,7 +40,7 @@ load helpers
     must_match_in_stats_proxy_response localhost:1239 \
     'stats' '^http.envoy_metrics.downstream_rq_active'
 
-  # Response should include the the local cluster request.
+  # Response should include the local cluster request.
   retry_default \
     must_match_in_stats_proxy_response localhost:1239 \
     'stats' 'cluster.local_agent.upstream_rq_active'
diff --git a/website/content/api-docs/acl/index.mdx b/website/content/api-docs/acl/index.mdx
index 835a8e28dd40..57a527d99d63 100644
--- a/website/content/api-docs/acl/index.mdx
+++ b/website/content/api-docs/acl/index.mdx
@@ -444,7 +444,7 @@ replication enabled.
   login. This must be of type [`oidc`](/consul/docs/security/acl/auth-methods/oidc).
 
 - `State` `(string: <required>)` - Opaque state ID that is part of the
-  Authorization URL and will be included in the the redirect following
+  Authorization URL and will be included in the redirect following
   successful authentication on the provider.
 
 - `Code` `(string: <required>)` - Provider-generated authorization code that
diff --git a/website/content/api-docs/catalog.mdx b/website/content/api-docs/catalog.mdx
index c7f715849ccf..b60759465f4a 100644
--- a/website/content/api-docs/catalog.mdx
+++ b/website/content/api-docs/catalog.mdx
@@ -55,7 +55,7 @@ The table below shows this endpoint's support for
 - `NodeMeta` `(map<string|string>: nil)` - Specifies arbitrary KV metadata
   pairs for filtering purposes.
 
-- `Service` `(Service: nil)` - Contains an object the specifies the service to register. The the `Service.Service` field is required. If `Service.ID` is not provided, the default is the `Service.Service`.
+- `Service` `(Service: nil)` - Contains an object the specifies the service to register. The `Service.Service` field is required. If `Service.ID` is not provided, the default is the `Service.Service`.
   You can only specify one service with a given `ID` per node. We recommend using
   valid DNS labels for service definition names. Refer to the Internet Engineering Task Force's [RFC 1123](https://datatracker.ietf.org/doc/html/rfc1123#page-72) for additional information. Service names that conform to standard usage ensures compatibility with external DNSs. Refer to [Services Configuration Reference](/consul/docs/services/configuration/services-configuration-reference#name) for additional information.
   The following fields are optional: 
diff --git a/website/content/api-docs/status.mdx b/website/content/api-docs/status.mdx
index 1a14e5d4fcac..2eb466b97fb5 100644
--- a/website/content/api-docs/status.mdx
+++ b/website/content/api-docs/status.mdx
@@ -51,7 +51,7 @@ $ curl http://127.0.0.1:8500/v1/status/leader
 
 ## List Raft Peers
 
-This endpoint retrieves the Raft peers for the datacenter in which the the agent
+This endpoint retrieves the Raft peers for the datacenter in which the agent
 is running. This list of peers is strongly consistent and can be useful in
 determining when a given server has successfully joined the cluster.
 
diff --git a/website/content/commands/connect/envoy.mdx b/website/content/commands/connect/envoy.mdx
index bb2cc5d77e81..e86e3d4291c2 100644
--- a/website/content/commands/connect/envoy.mdx
+++ b/website/content/commands/connect/envoy.mdx
@@ -342,7 +342,7 @@ immediately unlinks it so it can't be read by any other process that doesn't
 already have the file descriptor. It then writes the bootstrap JSON, and unsets
 the CLOEXEC bit on the file handle so that it remains available to the Envoy
 process after exec. Finally it `exec`s Envoy with `--config-file /dev/fd/X`
-where `X` is the the file descriptor number of the temp file.
+where `X` is the file descriptor number of the temp file.
 
 This ensures that Envoy can read the file without any other normal user process
 being able to (assuming they don't have privileged access to /proc). Once the
diff --git a/website/content/commands/debug.mdx b/website/content/commands/debug.mdx
index 1514158ff907..0473c32cc8cf 100644
--- a/website/content/commands/debug.mdx
+++ b/website/content/commands/debug.mdx
@@ -86,7 +86,7 @@ information when `debug` is running. By default, it captures all information.
 
 This command can be run from any host with the Consul binary, but requires
 network access to the target agent in order to retrieve data. Once retrieved,
-the data is written to the the specified path (defaulting to the current
+the data is written to the specified path (defaulting to the current
 directory) on the host where the command runs.
 
 By default the command will capture all available data from the default
diff --git a/website/content/commands/snapshot/agent.mdx b/website/content/commands/snapshot/agent.mdx
index 9f7c5d1d50eb..541a4708645f 100644
--- a/website/content/commands/snapshot/agent.mdx
+++ b/website/content/commands/snapshot/agent.mdx
@@ -339,7 +339,7 @@ no `aws-s3-static-snapshot-name` configured.
 | `ListBucket`         | `arn:aws:s3:::<bucket name>`       | Required only when snapshot rotation is enabled |
 | `ListBucketVersions` | `arn:aws:s3:::<bucket name>`       | Required only when snapshot rotation is enabled |
 
-Within the table `<key>` refers to the the key used to store the snapshot. When `aws-s3-static-snapshot-name` is configured the `<key>` is simply the value of that configuration. Otherwise the `<key>` will be the `<aws-s3-key-prefix configuration>/consul-*.snap`.
+Within the table `<key>` refers to the key used to store the snapshot. When `aws-s3-static-snapshot-name` is configured the `<key>` is simply the value of that configuration. Otherwise the `<key>` will be the `<aws-s3-key-prefix configuration>/consul-*.snap`.
 
 The following example IAM policy document assumes that the `aws-s3-bucket` is `consul-data` with defaults for `aws-s3-key-prefix`, `aws-s3-static-snapshot-name` and `retain`:
 
diff --git a/website/content/docs/agent/config/cli-flags.mdx b/website/content/docs/agent/config/cli-flags.mdx
index 82d44d02528b..cf83e7ef6450 100644
--- a/website/content/docs/agent/config/cli-flags.mdx
+++ b/website/content/docs/agent/config/cli-flags.mdx
@@ -273,7 +273,7 @@ information.
 
 - `-config-dir` ((#\_config_dir)) - A directory of configuration files to
   load. Consul will load all files in this directory with the suffix ".json" or ".hcl".
-  The load order is alphabetical, and the the same merge routine is used as with
+  The load order is alphabetical, and the same merge routine is used as with
   the [`config-file`](#_config_file) option above. This option can be specified multiple
   times to load multiple directories. Sub-directories of the config directory are
   not loaded. For more information on the format of the configuration files, see
diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx
index f314acd38ca9..2d91c6e8a7be 100644
--- a/website/content/docs/agent/config/config-files.mdx
+++ b/website/content/docs/agent/config/config-files.mdx
@@ -948,7 +948,7 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
       `service:write` permissions for service "B", the agent will successfully register service "A"
       and fail to register service "B". Failed registration requests are eventually retried as part
       of [anti-entropy enforcement](/consul/docs/architecture/anti-entropy). If a registration request is
-      failing due to missing permissions, the the token for this agent can be updated with
+      failing due to missing permissions, the token for this agent can be updated with
       additional policy rules or the `config_file_service_registration` token can be replaced using
       the [Set Agent Token](/consul/commands/acl/set-agent-token) CLI command.
 
diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx
index a1ab4969ceed..d561e6b06883 100644
--- a/website/content/docs/agent/telemetry.mdx
+++ b/website/content/docs/agent/telemetry.mdx
@@ -566,7 +566,7 @@ These metrics are used to monitor the health of the Consul servers.
 | `consul.rpc.raft_handoff`                           | Increments when a server accepts a Raft-related RPC connection.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | connections                       | counter |
 | `consul.rpc.request`                                | Increments when a server receives a Consul-related RPC request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | requests                          | counter |
 | `consul.rpc.request_error`                          | Increments when a server returns an error from an RPC request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | errors                            | counter |
-| `consul.rpc.query`                                  | Increments when a server receives a read RPC request, indicating the rate of new read queries. See consul.rpc.queries_blocking for the current number of in-flight blocking RPC calls. This metric changed in 1.7.0 to only increment on the the start of a query. The rate of queries will appear lower, but is more accurate.                                                                                                                                                                                                                                                                                                                                                                                                                    | queries                           | counter |
+| `consul.rpc.query`                                  | Increments when a server receives a read RPC request, indicating the rate of new read queries. See consul.rpc.queries_blocking for the current number of in-flight blocking RPC calls. This metric changed in 1.7.0 to only increment on the start of a query. The rate of queries will appear lower, but is more accurate.                                                                                                                                                                                                                                                                                                                                                                                                                        | queries                           | counter |
 | `consul.rpc.queries_blocking`                       | The current number of in-flight blocking queries the server is handling.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | queries                           | gauge   |
 | `consul.rpc.cross-dc`                               | Increments when a server sends a (potentially blocking) cross datacenter RPC query.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | queries                           | counter |
 | `consul.rpc.consistentRead`                         | Measures the time spent confirming that a consistent read can be performed.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | ms                                | timer   |
@@ -603,7 +603,7 @@ Label based RPC metrics were added in Consul 1.12.0 as a Beta feature to better
 
 ### Labels
 
-The the server workload metrics above come with the following labels:
+The server workload metrics above come with the following labels:
 
 | Label Name                            | Description                                                          | Possible values                         |
 | ------------------------------------- | -------------------------------------------------------------------- | --------------------------------------- |
diff --git a/website/content/docs/api-gateway/configuration/routes.mdx b/website/content/docs/api-gateway/configuration/routes.mdx
index 973ebed0251b..57c111a72221 100644
--- a/website/content/docs/api-gateway/configuration/routes.mdx
+++ b/website/content/docs/api-gateway/configuration/routes.mdx
@@ -210,7 +210,7 @@ The following table describes the parameters for `path`:
 | Parameter | Description | Type | Required |
 | ---       | ---         | ---  | ---      |
 | `replacePrefixMatch` | Specifies a value that replaces the path prefix for incoming HTTP requests. The operation only affects the path prefix. The rest of the path is unchanged. | String | Required |
-| `type` | Specifies the type of replacement to use for the URL path. You can specify the following values: <ul><li>`ReplacePrefixMatch`: Replaces the the matched prefix of the URL path (default). </li></ul> | String | Optional |
+| `type` | Specifies the type of replacement to use for the URL path. You can specify the following values: <ul><li>`ReplacePrefixMatch`: Replaces the matched prefix of the URL path (default). </li></ul> | String | Optional |
 
 ### rules.matches
 
diff --git a/website/content/docs/api-gateway/tech-specs.mdx b/website/content/docs/api-gateway/tech-specs.mdx
index 22fa8d30b5dd..21763f1b04ad 100644
--- a/website/content/docs/api-gateway/tech-specs.mdx
+++ b/website/content/docs/api-gateway/tech-specs.mdx
@@ -63,7 +63,7 @@ The following resources are allocated for each component of the API gateway.
 ### Gateway controller pod
 
 - **CPU**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
-- **Memory**: None. Either the the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
+- **Memory**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
 
 ### Gateway instance pod
 
diff --git a/website/content/docs/dynamic-app-config/kv.mdx b/website/content/docs/dynamic-app-config/kv.mdx
index 5986cb0741a9..80da28e9e48f 100644
--- a/website/content/docs/dynamic-app-config/kv.mdx
+++ b/website/content/docs/dynamic-app-config/kv.mdx
@@ -33,7 +33,7 @@ To restrict access, enable and configure
 [ACLs](/consul/tutorials/security/access-control-setup-production).
 Once the ACL system has been bootstrapped, users and services, will need a
 valid token with KV [privileges](/consul/docs/security/acl/acl-rules#key-value-rules) to
-access the the data store, this includes even reads. We recommend creating a
+access the data store, this includes even reads. We recommend creating a
 token with limited privileges, for example, you could create a token with write
 privileges on one key for developers to update the value related to their
 application.
diff --git a/website/content/docs/ecs/manual/secure-configuration.mdx b/website/content/docs/ecs/manual/secure-configuration.mdx
index 5a94ed4acda1..3a2c7fdf29fd 100644
--- a/website/content/docs/ecs/manual/secure-configuration.mdx
+++ b/website/content/docs/ecs/manual/secure-configuration.mdx
@@ -89,7 +89,7 @@ The following flags are required:
 | `-type`         | string  | Must be `aws-iam`.                                                                                                                |
 | `-name`         | string  | A name of your choice. Must be unique among all auth methods.                                                                     |
 | `-description`  | string  | A description of your choice.                                                                                                     |
-| `-config`       | string  | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the the auth method.  |
+| `-config`       | string  | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the auth method.  |
 
 In the `-config` option, the following fields are required:
 
@@ -177,7 +177,7 @@ The following flags are required:
 | `-type`         | string  | Must be `aws-iam`.                                                                                                                |
 | `-name`         | string  | A name of your choice. Must be unique among all auth methods.                                                                     |
 | `-description`  | string  | A description of your choice.                                                                                                     |
-| `-config`       | string  | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the the auth method.  |
+| `-config`       | string  | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the auth method.  |
 
 In the `-config` option, the following fields are required:
 
diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/manage-peering.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/manage-peering.mdx
index bc622fe15d38..42f8fc59832e 100644
--- a/website/content/docs/k8s/connect/cluster-peering/usage/manage-peering.mdx
+++ b/website/content/docs/k8s/connect/cluster-peering/usage/manage-peering.mdx
@@ -100,7 +100,7 @@ To end a peering connection in Kubernetes deployments, delete both the `PeeringA
   $ kubectl --context $CLUSTER1_CONTEXT delete --filename acceptor.yaml
   ````
 
-To confirm that you deleted your peering connection in `cluster-01`, query the the `/health` HTTP endpoint:
+To confirm that you deleted your peering connection in `cluster-01`, query the `/health` HTTP endpoint:
 
 1. Exec into the server pod for the first cluster.
 
@@ -114,7 +114,7 @@ To confirm that you deleted your peering connection in `cluster-01`, query the t
   $ export CONSUL_HTTP_TOKEN=<INSERT BOOTSTRAP ACL TOKEN>
   ```
 
-1. Query the the `/health` HTTP endpoint. Peered services with deleted connections should no longe appear.
+1. Query the `/health` HTTP endpoint. Peered services with deleted connections should no longe appear.
 
   ```shell-session
   $ curl "localhost:8500/v1/health/connect/backend?peer=cluster-02"
diff --git a/website/content/docs/nia/configuration.mdx b/website/content/docs/nia/configuration.mdx
index bd67ef5c07e4..f54a4ef51e0a 100644
--- a/website/content/docs/nia/configuration.mdx
+++ b/website/content/docs/nia/configuration.mdx
@@ -84,7 +84,7 @@ license {
 
 ### Auto-retrieval
 
-You can use the `auto_retrieval` block to configure the the automatic license retrieval in CTS. When enabled, CTS attempts to retrieve a new license from its configured Consul Enterprise backend once a day. If CTS cannot retrieve a license and the current license is reaching its expiration date, CTS attempts to retrieve a license with increased frequency, as defined by the [License Expiration Date Handling](/consul/docs/nia/enterprise/license#license-expiration-handling).
+You can use the `auto_retrieval` block to configure the automatic license retrieval in CTS. When enabled, CTS attempts to retrieve a new license from its configured Consul Enterprise backend once a day. If CTS cannot retrieve a license and the current license is reaching its expiration date, CTS attempts to retrieve a license with increased frequency, as defined by the [License Expiration Date Handling](/consul/docs/nia/enterprise/license#license-expiration-handling).
 
 ~> Enabling `auto_retrieval` is recommended when using HCP Consul, as HCP Consul licenses expire more frequently than Consul Enterprise licenses. Without auto-retrieval enabled, you have to restart CTS every time you load a new license.
 
diff --git a/website/content/docs/nia/usage/errors-ref.mdx b/website/content/docs/nia/usage/errors-ref.mdx
index fafb9faf1ee1..4cbb525a3a1c 100644
--- a/website/content/docs/nia/usage/errors-ref.mdx
+++ b/website/content/docs/nia/usage/errors-ref.mdx
@@ -11,7 +11,7 @@ This topic explains error messages you may encounter when using Consul-Terraform
 
 ## Example error log messages
 
-If you configured the CTS cluster to run in [high availability mode](/consul/docs/nia/usage/run-ha) and the the local module is missing, then the following message appears in the log:
+If you configured the CTS cluster to run in [high availability mode](/consul/docs/nia/usage/run-ha) and the local module is missing, then the following message appears in the log:
 
 ```shell-session
 [ERROR] ha.compat: error="compatibility check failure: stat ./example-module: no such file or directory"
diff --git a/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx b/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx
index 293b3ffa8372..efb65ec71adf 100644
--- a/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx
+++ b/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx
@@ -19,7 +19,7 @@ gateway functionality. It provides additional capabilities that ingress gateway
 
 1. It allows you to configure and deploy new gateways at any time, without
    rerunning the Consul Helm chart. The configuration of a running gateway can
-   be changed dynamically at anytime, usually without disrupting any the the
+   be changed dynamically at anytime, usually without disrupting any the
    traffic flowing through it.
 1. Listeners on a gateway can use TLS server certificates signed by any
    certificate authority (CA). This allows you to use certificates from public
diff --git a/website/content/docs/security/acl/acl-roles.mdx b/website/content/docs/security/acl/acl-roles.mdx
index 0f451596c9c0..6f094931ee2d 100644
--- a/website/content/docs/security/acl/acl-roles.mdx
+++ b/website/content/docs/security/acl/acl-roles.mdx
@@ -93,7 +93,7 @@ Use the following syntax to define a service identity:
 - `ServiceIdentities.ServiceName`: String value that specifies the name of the service you want to associate with the policy.
 - `ServiceIdentities.Datacenters`: Array that specifies the names of datacenters in which the service identity applies. This field is optional.
 
-Refer to the the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
+Refer to the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
 
 -> **Scope for Namespace and Admin Partition** - In Consul Enterprise, service identities inherit the namespace or admin partition scope of the corresponding ACL token or role.
 
@@ -230,7 +230,7 @@ Use the following syntax to define a node identity:
 - `NodeIdentities.NodeName`: String value that specifies the name of the node you want to associate with the policy.
 - `NodeIdentities.Datacenter`: String value that specifies the name of the datacenter in which the node identity applies.
 
-Refer to the the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
+Refer to the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
 
 -> **Consul Enterprise Namespacing** - Node Identities can only be applied to tokens and roles in the `default` namespace. The generated policy rules allow for `service:read` permissions on all services in all namespaces.
 
diff --git a/website/content/docs/security/acl/auth-methods/index.mdx b/website/content/docs/security/acl/auth-methods/index.mdx
index c26cb05d21f2..decab071088a 100644
--- a/website/content/docs/security/acl/auth-methods/index.mdx
+++ b/website/content/docs/security/acl/auth-methods/index.mdx
@@ -74,7 +74,7 @@ tokens without operator intervention.
 Successful authentication with an auth method returns a set of trusted
 identity attributes corresponding to the authenticated identity. Those
 attributes are matched against all configured binding rules for that auth
-method to determine what privileges to grant the the Consul ACL token it will
+method to determine what privileges to grant the Consul ACL token it will
 ultimately create.
 
 Each binding rule is composed of two portions:
diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx
index 985a70335325..a5ef59339d88 100644
--- a/website/content/docs/upgrading/upgrade-specific.mdx
+++ b/website/content/docs/upgrading/upgrade-specific.mdx
@@ -864,7 +864,7 @@ API so existing integrations that create tokens (e.g. Vault) will continue to
 work. The "legacy" tokens generated though will not be able to take advantage of
 new policy features. It's recommended that you complete migration of all tokens
 as soon as possible after upgrade, as well as updating any integrations to work
-with the the new ACL [Token](/consul/api-docs/acl/tokens) and
+with the new ACL [Token](/consul/api-docs/acl/tokens) and
 [Policy](/consul/api-docs/acl/policies) APIs.
 
 ### Multi-datacenter service mesh

From b1b05f0bac8586628f31a7cd7ba3a2032868ede5 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Mon, 31 Jul 2023 15:24:33 -0400
Subject: [PATCH 233/359] [NET-4703] Prevent partial application of Envoy
 extensions (#18068)

Prevent partial application of Envoy extensions

Ensure that non-required extensions do not change xDS resources before
exiting on failure by cloning proto messages prior to applying each
extension.

To support this change, also move `CanApply` checks up a layer and make
them prior to attempting extension application, s.t. we avoid
unnecessary copies where extensions can't be applied.

Last, ensure that we do not allow panics from `CanApply` or `Extend`
checks to escape the attempted extension application.
---
 .changelog/18068.txt                          |   3 +
 agent/xds/delta.go                            |  74 +++--
 agent/xds/delta_envoy_extender_oss_test.go    |   2 +-
 agent/xds/delta_test.go                       | 309 +++++++++++++++++-
 .../extensioncommon/basic_envoy_extender.go   |   8 +-
 .../extensioncommon/envoy_extender.go         |   4 +
 .../extensioncommon/runtime_config.go         |  15 +-
 .../upstream_envoy_extender.go                |   8 +-
 envoyextensions/go.mod                        |   1 +
 envoyextensions/go.sum                        |   1 +
 envoyextensions/xdscommon/xdscommon.go        |  23 ++
 envoyextensions/xdscommon/xdscommon_test.go   | 123 +++++++
 12 files changed, 537 insertions(+), 34 deletions(-)
 create mode 100644 .changelog/18068.txt
 create mode 100644 envoyextensions/xdscommon/xdscommon_test.go

diff --git a/.changelog/18068.txt b/.changelog/18068.txt
new file mode 100644
index 000000000000..be55ad365877
--- /dev/null
+++ b/.changelog/18068.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+xds: Prevent partial application of non-Required Envoy extensions in the case of failure.
+```
\ No newline at end of file
diff --git a/agent/xds/delta.go b/agent/xds/delta.go
index 0b3fbc2f9570..b59c03953277 100644
--- a/agent/xds/delta.go
+++ b/agent/xds/delta.go
@@ -258,7 +258,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 				s.ResourceMapMutateFn(newResourceMap)
 			}
 
-			if err = s.applyEnvoyExtensions(newResourceMap, cfgSnap, node); err != nil {
+			if newResourceMap, err = s.applyEnvoyExtensions(newResourceMap, cfgSnap, node); err != nil {
 				// err is already the result of calling status.Errorf
 				return err
 			}
@@ -403,30 +403,30 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 	}
 }
 
-func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, cfgSnap *proxycfg.ConfigSnapshot, node *envoy_config_core_v3.Node) error {
+func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, cfgSnap *proxycfg.ConfigSnapshot, node *envoy_config_core_v3.Node) (*xdscommon.IndexedResources, error) {
 	var err error
 	envoyVersion := xdscommon.DetermineEnvoyVersionFromNode(node)
 	consulVersion, err := goversion.NewVersion(version.Version)
 
 	if err != nil {
-		return status.Errorf(codes.InvalidArgument, "failed to parse Consul version")
+		return nil, status.Errorf(codes.InvalidArgument, "failed to parse Consul version")
 	}
 
 	serviceConfigs := extensionruntime.GetRuntimeConfigurations(cfgSnap)
 	for _, cfgs := range serviceConfigs {
 		for _, cfg := range cfgs {
-			err = applyEnvoyExtension(s.Logger, cfgSnap, resources, cfg, envoyVersion, consulVersion)
+			resources, err = validateAndApplyEnvoyExtension(s.Logger, cfgSnap, resources, cfg, envoyVersion, consulVersion)
 
 			if err != nil {
-				return err
+				return nil, err
 			}
 		}
 	}
 
-	return nil
+	return resources, nil
 }
 
-func applyEnvoyExtension(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot, resources *xdscommon.IndexedResources, runtimeConfig extensioncommon.RuntimeConfig, envoyVersion, consulVersion *goversion.Version) error {
+func validateAndApplyEnvoyExtension(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot, resources *xdscommon.IndexedResources, runtimeConfig extensioncommon.RuntimeConfig, envoyVersion, consulVersion *goversion.Version) (*xdscommon.IndexedResources, error) {
 	logFn := logger.Warn
 	if runtimeConfig.EnvoyExtension.Required {
 		logFn = logger.Error
@@ -460,14 +460,14 @@ func applyEnvoyExtension(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot,
 			logFn("failed to parse Envoy extension version constraint", errorParams...)
 
 			if ext.Required {
-				return status.Errorf(codes.InvalidArgument, "failed to parse Envoy version constraint for extension %q for service %q", ext.Name, svc.Name)
+				return nil, status.Errorf(codes.InvalidArgument, "failed to parse Envoy version constraint for extension %q for service %q", ext.Name, svc.Name)
 			}
-			return nil
+			return resources, nil
 		}
 
 		if !c.Check(envoyVersion) {
 			logger.Info("skipping envoy extension due to Envoy version constraint violation", errorParams...)
-			return nil
+			return resources, nil
 		}
 	}
 
@@ -477,14 +477,14 @@ func applyEnvoyExtension(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot,
 			logFn("failed to parse Consul extension version constraint", errorParams...)
 
 			if ext.Required {
-				return status.Errorf(codes.InvalidArgument, "failed to parse Consul version constraint for extension %q for service %q", ext.Name, svc.Name)
+				return nil, status.Errorf(codes.InvalidArgument, "failed to parse Consul version constraint for extension %q for service %q", ext.Name, svc.Name)
 			}
-			return nil
+			return resources, nil
 		}
 
 		if !c.Check(consulVersion) {
 			logger.Info("skipping envoy extension due to Consul version constraint violation", errorParams...)
-			return nil
+			return resources, nil
 		}
 	}
 
@@ -496,10 +496,10 @@ func applyEnvoyExtension(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot,
 		logFn("failed to construct extension", errorParams...)
 
 		if ext.Required {
-			return status.Errorf(codes.InvalidArgument, "failed to construct extension %q for service %q", ext.Name, svc.Name)
+			return nil, status.Errorf(codes.InvalidArgument, "failed to construct extension %q for service %q", ext.Name, svc.Name)
 		}
 
-		return nil
+		return resources, nil
 	}
 
 	now = time.Now()
@@ -510,25 +510,59 @@ func applyEnvoyExtension(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot,
 		logFn("failed to validate extension arguments", errorParams...)
 
 		if ext.Required {
-			return status.Errorf(codes.InvalidArgument, "failed to validate arguments for extension %q for service %q", ext.Name, svc.Name)
+			return nil, status.Errorf(codes.InvalidArgument, "failed to validate arguments for extension %q for service %q", ext.Name, svc.Name)
 		}
 
-		return nil
+		return resources, nil
 	}
 
 	now = time.Now()
-	_, err = extender.Extend(resources, &runtimeConfig)
+	resources, err = applyEnvoyExtension(extender, resources, &runtimeConfig)
 	metrics.MeasureSinceWithLabels([]string{"envoy_extension", "extend"}, now, getMetricLabels(err))
 	if err != nil {
 		errorParams = append(errorParams, "error", err)
 		logFn("failed to apply envoy extension", errorParams...)
 
 		if ext.Required {
-			return status.Errorf(codes.InvalidArgument, "failed to patch xDS resources in the %q extension: %v", ext.Name, err)
+			return nil, status.Errorf(codes.InvalidArgument, "failed to patch xDS resources in the %q extension: %v", ext.Name, err)
 		}
 	}
 
-	return nil
+	return resources, nil
+}
+
+// applyEnvoyExtension safely checks whether an extension can be applied, and if so attempts to apply it.
+//
+// applyEnvoyExtension makes a copy of the provided IndexedResources, then applies the given extension to them.
+// The copy ensures against partial application if a non-required extension modifies a resource then fails at a later
+// stage; this is necessary because IndexedResources and its proto messages are all passed by reference, and
+// non-required extensions do not lead to a terminal failure in xDS updates.
+//
+// If the application is successful, the modified copy is returned. If not, the original and an error is returned.
+// Returning resources in either case allows for applying extensions in a loop and reporting on non-required extension
+// failures simultaneously.
+func applyEnvoyExtension(extender extensioncommon.EnvoyExtender, resources *xdscommon.IndexedResources, runtimeConfig *extensioncommon.RuntimeConfig) (r *xdscommon.IndexedResources, e error) {
+	// Don't panic due to an extension misbehaving.
+	defer func() {
+		if err := recover(); err != nil {
+			r = resources
+			e = fmt.Errorf("attempt to apply Envoy extension %q caused an unexpected panic: %v",
+				runtimeConfig.EnvoyExtension.Name, err)
+		}
+	}()
+
+	// First check whether the extension is eligible for application in the current environment.
+	// Do this before copying indexed resources for the sake of efficiency.
+	if !extender.CanApply(runtimeConfig) {
+		return resources, nil
+	}
+
+	newResources, err := extender.Extend(xdscommon.Clone(resources), runtimeConfig)
+	if err != nil {
+		return resources, err
+	}
+
+	return newResources, nil
 }
 
 // https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol#eventual-consistency-considerations
diff --git a/agent/xds/delta_envoy_extender_oss_test.go b/agent/xds/delta_envoy_extender_oss_test.go
index 4da20dfb3153..10411e353cec 100644
--- a/agent/xds/delta_envoy_extender_oss_test.go
+++ b/agent/xds/delta_envoy_extender_oss_test.go
@@ -748,7 +748,7 @@ end`,
 					cfgs := extensionruntime.GetRuntimeConfigurations(snap)
 					for _, extensions := range cfgs {
 						for _, ext := range extensions {
-							err := applyEnvoyExtension(hclog.NewNullLogger(), snap, indexedResources, ext, parsedEnvoyVersion, consulVersion)
+							indexedResources, err = validateAndApplyEnvoyExtension(hclog.NewNullLogger(), snap, indexedResources, ext, parsedEnvoyVersion, consulVersion)
 							require.NoError(t, err)
 						}
 					}
diff --git a/agent/xds/delta_test.go b/agent/xds/delta_test.go
index 38c7ae615f9c..7d4b29463439 100644
--- a/agent/xds/delta_test.go
+++ b/agent/xds/delta_test.go
@@ -5,6 +5,7 @@ package xds
 
 import (
 	"errors"
+	"fmt"
 	"strconv"
 	"strings"
 	"sync"
@@ -13,6 +14,8 @@ import (
 	"time"
 
 	"github.com/armon/go-metrics"
+	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
+	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
 	"github.com/hashicorp/go-hclog"
 	goversion "github.com/hashicorp/go-version"
@@ -1613,7 +1616,7 @@ func requireExtensionMetrics(
 	}
 }
 
-func Test_applyEnvoyExtension_Validations(t *testing.T) {
+func Test_validateAndApplyEnvoyExtension_Validations(t *testing.T) {
 	type testCase struct {
 		name          string
 		runtimeConfig extensioncommon.RuntimeConfig
@@ -1713,13 +1716,315 @@ func Test_applyEnvoyExtension_Validations(t *testing.T) {
 					ServiceID: structs.NewServiceID("s1", nil),
 				},
 			}
-			err := applyEnvoyExtension(hclog.NewNullLogger(), &snap, nil, tc.runtimeConfig, envoyVersion, consulVersion)
+			resources, err := validateAndApplyEnvoyExtension(hclog.NewNullLogger(), &snap, nil, tc.runtimeConfig, envoyVersion, consulVersion)
 			if tc.err {
 				require.Error(t, err)
 				require.Contains(t, err.Error(), tc.errString)
 			} else {
 				require.NoError(t, err)
+				require.Nil(t, resources)
 			}
 		})
 	}
 }
+
+func Test_applyEnvoyExtension_CanApply(t *testing.T) {
+	type testCase struct {
+		name     string
+		canApply bool
+	}
+
+	cases := []testCase{
+		{
+			name:     "cannot apply: is not applied",
+			canApply: false,
+		},
+		{
+			name:     "can apply: is applied",
+			canApply: true,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			extender := extensioncommon.BasicEnvoyExtender{
+				Extension: &maybeCanApplyExtension{
+					canApply: tc.canApply,
+				},
+			}
+			config := &extensioncommon.RuntimeConfig{
+				Kind:                  api.ServiceKindConnectProxy,
+				ServiceName:           api.CompoundServiceName{Name: "api"},
+				Upstreams:             map[api.CompoundServiceName]*extensioncommon.UpstreamData{},
+				IsSourcedFromUpstream: false,
+				EnvoyExtension: api.EnvoyExtension{
+					Name:     "maybeCanApplyExtension",
+					Required: false,
+				},
+			}
+			listener := &envoy_listener_v3.Listener{
+				Name:                  xdscommon.OutboundListenerName,
+				IgnoreGlobalConnLimit: false,
+			}
+			indexedResources := xdscommon.IndexResources(testutil.Logger(t), map[string][]proto.Message{
+				xdscommon.ListenerType: {
+					listener,
+				},
+			})
+
+			result, err := applyEnvoyExtension(&extender, indexedResources, config)
+			require.NoError(t, err)
+			resultListener := result.Index[xdscommon.ListenerType][xdscommon.OutboundListenerName].(*envoy_listener_v3.Listener)
+			require.Equal(t, tc.canApply, resultListener.IgnoreGlobalConnLimit)
+		})
+	}
+}
+
+func Test_applyEnvoyExtension_PartialApplicationDisallowed(t *testing.T) {
+	type testCase struct {
+		name            string
+		fail            bool
+		returnOnFailure bool
+	}
+
+	cases := []testCase{
+		{
+			name:            "failure: returns nothing",
+			fail:            true,
+			returnOnFailure: false,
+		},
+		// Not expected, but cover to be sure.
+		{
+			name:            "failure: returns values",
+			fail:            true,
+			returnOnFailure: true,
+		},
+		// Ensure that under normal circumstances, the extension would succeed in
+		// modifying resources.
+		{
+			name: "success: resources modified",
+			fail: false,
+		},
+	}
+
+	for _, tc := range cases {
+		for _, indexType := range []string{
+			xdscommon.ListenerType,
+			xdscommon.ClusterType,
+		} {
+			typeShortName := indexType[strings.LastIndex(indexType, ".")+1:]
+			t.Run(fmt.Sprintf("%s: %s", tc.name, typeShortName), func(t *testing.T) {
+				extender := extensioncommon.BasicEnvoyExtender{
+					Extension: &partialFailureExtension{
+						returnOnFailure: tc.returnOnFailure,
+						// Alternate which resource fails so that we can test for
+						// partial modification independent of patch order.
+						failListener: tc.fail && indexType == xdscommon.ListenerType,
+						failCluster:  tc.fail && indexType == xdscommon.ClusterType,
+					},
+				}
+				config := &extensioncommon.RuntimeConfig{
+					Kind:                  api.ServiceKindConnectProxy,
+					ServiceName:           api.CompoundServiceName{Name: "api"},
+					Upstreams:             map[api.CompoundServiceName]*extensioncommon.UpstreamData{},
+					IsSourcedFromUpstream: false,
+					EnvoyExtension: api.EnvoyExtension{
+						Name:     "partialFailureExtension",
+						Required: false,
+					},
+				}
+				cluster := &envoy_cluster_v3.Cluster{
+					Name:          xdscommon.LocalAppClusterName,
+					RespectDnsTtl: false,
+				}
+				listener := &envoy_listener_v3.Listener{
+					Name:                  xdscommon.OutboundListenerName,
+					IgnoreGlobalConnLimit: false,
+				}
+				indexedResources := xdscommon.IndexResources(testutil.Logger(t), map[string][]proto.Message{
+					xdscommon.ClusterType: {
+						cluster,
+					},
+					xdscommon.ListenerType: {
+						listener,
+					},
+				})
+
+				result, err := applyEnvoyExtension(&extender, indexedResources, config)
+				if tc.fail {
+					require.Error(t, err)
+				} else {
+					require.NoError(t, err)
+				}
+
+				resultListener := result.Index[xdscommon.ListenerType][xdscommon.OutboundListenerName].(*envoy_listener_v3.Listener)
+				resultCluster := result.Index[xdscommon.ClusterType][xdscommon.LocalAppClusterName].(*envoy_cluster_v3.Cluster)
+				require.Equal(t, !tc.fail, resultListener.IgnoreGlobalConnLimit)
+				require.Equal(t, !tc.fail, resultCluster.RespectDnsTtl)
+
+				// Regardless of success, original values should not be modified.
+				originalListener := indexedResources.Index[xdscommon.ListenerType][xdscommon.OutboundListenerName].(*envoy_listener_v3.Listener)
+				originalCluster := indexedResources.Index[xdscommon.ClusterType][xdscommon.LocalAppClusterName].(*envoy_cluster_v3.Cluster)
+				require.False(t, originalListener.IgnoreGlobalConnLimit)
+				require.False(t, originalCluster.RespectDnsTtl)
+			})
+		}
+	}
+}
+
+func Test_applyEnvoyExtension_HandlesPanics(t *testing.T) {
+	type testCase struct {
+		name            string
+		panicOnCanApply bool
+		panicOnPatch    bool
+	}
+
+	cases := []testCase{
+		{
+			name:            "panic: CanApply",
+			panicOnCanApply: true,
+		},
+		{
+			name:         "panic: Extend",
+			panicOnPatch: true,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			extension := &maybePanicExtension{
+				panicOnCanApply: tc.panicOnCanApply,
+				panicOnPatch:    tc.panicOnPatch,
+			}
+			extender := extensioncommon.BasicEnvoyExtender{
+				Extension: extension,
+			}
+			config := &extensioncommon.RuntimeConfig{
+				Kind:                  api.ServiceKindConnectProxy,
+				ServiceName:           api.CompoundServiceName{Name: "api"},
+				Upstreams:             map[api.CompoundServiceName]*extensioncommon.UpstreamData{},
+				IsSourcedFromUpstream: false,
+				EnvoyExtension: api.EnvoyExtension{
+					Name:     "maybePanicExtension",
+					Required: false,
+				},
+			}
+			listener := &envoy_listener_v3.Listener{
+				Name:                  xdscommon.OutboundListenerName,
+				IgnoreGlobalConnLimit: false,
+			}
+			indexedResources := xdscommon.IndexResources(testutil.Logger(t), map[string][]proto.Message{
+				xdscommon.ListenerType: {
+					listener,
+				},
+			})
+
+			_, err := applyEnvoyExtension(&extender, indexedResources, config)
+
+			// We did not panic, good.
+			// First assert our test is valid by forcing a panic, then check the error message that was returned.
+			if tc.panicOnCanApply {
+				require.PanicsWithError(t, "this is an expected failure in CanApply", func() {
+					extension.CanApply(config)
+				})
+				require.ErrorContains(t, err, "attempt to apply Envoy extension \"maybePanicExtension\" caused an unexpected panic: this is an expected failure in CanApply")
+			}
+			if tc.panicOnPatch {
+				require.PanicsWithError(t, "this is an expected failure in PatchListener", func() {
+					_, _, _ = extension.PatchListener(config.GetListenerPayload(listener))
+				})
+				require.ErrorContains(t, err, "attempt to apply Envoy extension \"maybePanicExtension\" caused an unexpected panic: this is an expected failure in PatchListener")
+			}
+		})
+	}
+}
+
+type maybeCanApplyExtension struct {
+	extensioncommon.BasicExtensionAdapter
+	canApply bool
+}
+
+var _ extensioncommon.BasicExtension = (*maybeCanApplyExtension)(nil)
+
+func (m *maybeCanApplyExtension) CanApply(_ *extensioncommon.RuntimeConfig) bool {
+	return m.canApply
+}
+
+func (m *maybeCanApplyExtension) PatchListener(payload extensioncommon.ListenerPayload) (*envoy_listener_v3.Listener, bool, error) {
+	payload.Message.IgnoreGlobalConnLimit = true
+	return payload.Message, true, nil
+}
+
+type partialFailureExtension struct {
+	extensioncommon.BasicExtensionAdapter
+	returnOnFailure bool
+	failCluster     bool
+	failListener    bool
+}
+
+var _ extensioncommon.BasicExtension = (*partialFailureExtension)(nil)
+
+func (p *partialFailureExtension) CanApply(_ *extensioncommon.RuntimeConfig) bool {
+	return true
+}
+
+func (p *partialFailureExtension) PatchListener(payload extensioncommon.ListenerPayload) (*envoy_listener_v3.Listener, bool, error) {
+	// Modify original input message
+	payload.Message.IgnoreGlobalConnLimit = true
+
+	err := fmt.Errorf("oops - listener patch failed")
+	if !p.failListener {
+		err = nil
+	}
+
+	returnMsg := payload.Message
+	if err != nil && !p.returnOnFailure {
+		returnMsg = nil
+	}
+
+	patched := err == nil || p.returnOnFailure
+
+	return returnMsg, patched, err
+}
+
+func (p *partialFailureExtension) PatchCluster(payload extensioncommon.ClusterPayload) (*envoy_cluster_v3.Cluster, bool, error) {
+	// Modify original input message
+	payload.Message.RespectDnsTtl = true
+
+	err := fmt.Errorf("oops - cluster patch failed")
+	if !p.failCluster {
+		err = nil
+	}
+
+	returnMsg := payload.Message
+	if err != nil && !p.returnOnFailure {
+		returnMsg = nil
+	}
+
+	patched := err == nil || p.returnOnFailure
+
+	return returnMsg, patched, err
+}
+
+type maybePanicExtension struct {
+	extensioncommon.BasicExtensionAdapter
+	panicOnCanApply bool
+	panicOnPatch    bool
+}
+
+var _ extensioncommon.BasicExtension = (*maybePanicExtension)(nil)
+
+func (m *maybePanicExtension) CanApply(_ *extensioncommon.RuntimeConfig) bool {
+	if m.panicOnCanApply {
+		panic(fmt.Errorf("this is an expected failure in CanApply"))
+	}
+	return true
+}
+
+func (m *maybePanicExtension) PatchListener(payload extensioncommon.ListenerPayload) (*envoy_listener_v3.Listener, bool, error) {
+	if m.panicOnPatch {
+		panic(fmt.Errorf("this is an expected failure in PatchListener"))
+	}
+	payload.Message.IgnoreGlobalConnLimit = true
+	return payload.Message, true, nil
+}
diff --git a/envoyextensions/extensioncommon/basic_envoy_extender.go b/envoyextensions/extensioncommon/basic_envoy_extender.go
index eee8cc32fb8d..a99d7439fea8 100644
--- a/envoyextensions/extensioncommon/basic_envoy_extender.go
+++ b/envoyextensions/extensioncommon/basic_envoy_extender.go
@@ -103,6 +103,10 @@ type BasicEnvoyExtender struct {
 	Extension BasicExtension
 }
 
+func (b *BasicEnvoyExtender) CanApply(config *RuntimeConfig) bool {
+	return b.Extension.CanApply(config)
+}
+
 func (b *BasicEnvoyExtender) Validate(config *RuntimeConfig) error {
 	return b.Extension.Validate(config)
 }
@@ -123,10 +127,6 @@ func (b *BasicEnvoyExtender) Extend(resources *xdscommon.IndexedResources, confi
 		return resources, nil
 	}
 
-	if !b.Extension.CanApply(config) {
-		return resources, nil
-	}
-
 	clusters := make(ClusterMap)
 	clusterLoadAssignments := make(ClusterLoadAssignmentMap)
 	routes := make(RouteMap)
diff --git a/envoyextensions/extensioncommon/envoy_extender.go b/envoyextensions/extensioncommon/envoy_extender.go
index a1c01f33d72a..8b713f00bad7 100644
--- a/envoyextensions/extensioncommon/envoy_extender.go
+++ b/envoyextensions/extensioncommon/envoy_extender.go
@@ -11,6 +11,10 @@ import (
 // to be dynamically executed during runtime.
 type EnvoyExtender interface {
 
+	// CanApply checks whether the extension configured for this extender is eligible
+	// for application based on the specified RuntimeConfig.
+	CanApply(*RuntimeConfig) bool
+
 	// Validate ensures the data in config can successfuly be used
 	// to apply the specified Envoy extension.
 	Validate(*RuntimeConfig) error
diff --git a/envoyextensions/extensioncommon/runtime_config.go b/envoyextensions/extensioncommon/runtime_config.go
index 9317271e1e7a..a20e4ed04e64 100644
--- a/envoyextensions/extensioncommon/runtime_config.go
+++ b/envoyextensions/extensioncommon/runtime_config.go
@@ -70,7 +70,10 @@ type RuntimeConfig struct {
 // that matches the given SNI, if the RuntimeConfig corresponds to an upstream of the local service.
 // Only used when IsSourcedFromUpstream is true.
 func (c RuntimeConfig) MatchesUpstreamServiceSNI(sni string) bool {
-	u := c.Upstreams[c.ServiceName]
+	u, ok := c.Upstreams[c.ServiceName]
+	if !ok {
+		return false
+	}
 	_, match := u.SNIs[sni]
 	return match
 }
@@ -79,7 +82,10 @@ func (c RuntimeConfig) MatchesUpstreamServiceSNI(sni string) bool {
 // upstream of the local service. Note that this could be the local service if it targets itself as an upstream.
 // Only used when IsSourcedFromUpstream is true.
 func (c RuntimeConfig) UpstreamEnvoyID() string {
-	u := c.Upstreams[c.ServiceName]
+	u, ok := c.Upstreams[c.ServiceName]
+	if !ok {
+		return ""
+	}
 	return u.EnvoyID
 }
 
@@ -87,6 +93,9 @@ func (c RuntimeConfig) UpstreamEnvoyID() string {
 // RuntimeConfig corresponds to an upstream of the local service.
 // Only used when IsSourcedFromUpstream is true.
 func (c RuntimeConfig) UpstreamOutgoingProxyKind() api.ServiceKind {
-	u := c.Upstreams[c.ServiceName]
+	u, ok := c.Upstreams[c.ServiceName]
+	if !ok {
+		return ""
+	}
 	return u.OutgoingProxyKind
 }
diff --git a/envoyextensions/extensioncommon/upstream_envoy_extender.go b/envoyextensions/extensioncommon/upstream_envoy_extender.go
index 0df0d0049d75..135aca3f82e7 100644
--- a/envoyextensions/extensioncommon/upstream_envoy_extender.go
+++ b/envoyextensions/extensioncommon/upstream_envoy_extender.go
@@ -30,6 +30,10 @@ type UpstreamEnvoyExtender struct {
 
 var _ EnvoyExtender = (*UpstreamEnvoyExtender)(nil)
 
+func (ext *UpstreamEnvoyExtender) CanApply(config *RuntimeConfig) bool {
+	return ext.Extension.CanApply(config)
+}
+
 func (ext *UpstreamEnvoyExtender) Validate(_ *RuntimeConfig) error {
 	return nil
 }
@@ -56,10 +60,6 @@ func (ext *UpstreamEnvoyExtender) Extend(resources *xdscommon.IndexedResources,
 		return resources, nil
 	}
 
-	if !ext.Extension.CanApply(config) {
-		return resources, nil
-	}
-
 	for _, indexType := range []string{
 		xdscommon.ListenerType,
 		xdscommon.RouteType,
diff --git a/envoyextensions/go.mod b/envoyextensions/go.mod
index 2f28501f0a97..77e93bb31d40 100644
--- a/envoyextensions/go.mod
+++ b/envoyextensions/go.mod
@@ -6,6 +6,7 @@ replace github.com/hashicorp/consul/api => ../api
 
 require (
 	github.com/envoyproxy/go-control-plane v0.11.0
+	github.com/google/go-cmp v0.5.9
 	github.com/hashicorp/consul/api v1.22.0
 	github.com/hashicorp/consul/sdk v0.14.0
 	github.com/hashicorp/go-hclog v1.5.0
diff --git a/envoyextensions/go.sum b/envoyextensions/go.sum
index d299b764a08b..1921dcb3069d 100644
--- a/envoyextensions/go.sum
+++ b/envoyextensions/go.sum
@@ -60,6 +60,7 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/hashicorp/consul/sdk v0.14.0 h1:Hly+BMNMssVzoWddbBnBFi3W+Fzytvm0haSkihhj3GU=
 github.com/hashicorp/consul/sdk v0.14.0/go.mod h1:gHYeuDa0+0qRAD6Wwr6yznMBvBwHKoxSBoW5l73+saE=
diff --git a/envoyextensions/xdscommon/xdscommon.go b/envoyextensions/xdscommon/xdscommon.go
index e4d293f8c9bc..30c82de9ae56 100644
--- a/envoyextensions/xdscommon/xdscommon.go
+++ b/envoyextensions/xdscommon/xdscommon.go
@@ -66,6 +66,29 @@ type IndexedResources struct {
 	ChildIndex map[string]map[string][]string
 }
 
+// Clone makes a deep copy of the IndexedResources value at the given pointer and
+// returns a pointer to the copy.
+func Clone(i *IndexedResources) *IndexedResources {
+	if i == nil {
+		return nil
+	}
+
+	iCopy := EmptyIndexedResources()
+	for typeURL, typeMap := range i.Index {
+		for name, msg := range typeMap {
+			clone := proto.Clone(msg)
+			iCopy.Index[typeURL][name] = clone
+		}
+	}
+	for typeURL, parentMap := range i.ChildIndex {
+		for name, childName := range parentMap {
+			iCopy.ChildIndex[typeURL][name] = childName
+		}
+	}
+
+	return iCopy
+}
+
 func IndexResources(logger hclog.Logger, resources map[string][]proto.Message) *IndexedResources {
 	data := EmptyIndexedResources()
 
diff --git a/envoyextensions/xdscommon/xdscommon_test.go b/envoyextensions/xdscommon/xdscommon_test.go
new file mode 100644
index 000000000000..5cca6e13a619
--- /dev/null
+++ b/envoyextensions/xdscommon/xdscommon_test.go
@@ -0,0 +1,123 @@
+package xdscommon
+
+import (
+	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
+	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/testing/protocmp"
+	duration "google.golang.org/protobuf/types/known/durationpb"
+	"testing"
+)
+
+func TestCloneIndexedResources(t *testing.T) {
+	exampleResources := map[string][]proto.Message{
+		ListenerType: {
+			&envoy_listener_v3.Listener{
+				Name:                  "listener1",
+				IgnoreGlobalConnLimit: true,
+				ListenerFiltersTimeout: &duration.Duration{
+					Seconds: 123,
+				},
+			},
+			&envoy_listener_v3.Listener{
+				Name:       "listener2",
+				StatPrefix: "stats.foo",
+				ListenerFiltersTimeout: &duration.Duration{
+					Seconds: 456,
+				},
+			},
+		},
+		ClusterType: {
+			&envoy_cluster_v3.Cluster{
+				Name:          "cluster1",
+				RespectDnsTtl: true,
+				TransportSocketMatches: []*envoy_cluster_v3.Cluster_TransportSocketMatch{
+					{
+						Name: "match1",
+					},
+				},
+			},
+		},
+	}
+
+	getPointerField := func(msg proto.Message) interface{} {
+		switch typedMsg := msg.(type) {
+		case *envoy_cluster_v3.Cluster:
+			return typedMsg.TransportSocketMatches[0]
+		case *envoy_listener_v3.Listener:
+			return typedMsg.ListenerFiltersTimeout
+		default:
+			panic("should not happen")
+		}
+	}
+	updatePointerField := func(msg proto.Message) {
+		switch typedMsg := msg.(type) {
+		case *envoy_cluster_v3.Cluster:
+			typedMsg.TransportSocketMatches[0] = &envoy_cluster_v3.Cluster_TransportSocketMatch{
+				Name: "match1-updated",
+			}
+		case *envoy_listener_v3.Listener:
+			typedMsg.ListenerFiltersTimeout = &duration.Duration{
+				Seconds: 999,
+			}
+		default:
+			panic("should not happen")
+		}
+	}
+
+	cases := []struct {
+		name         string
+		input        *IndexedResources
+		hasResources bool
+	}{
+		{
+			name:         "simple compare",
+			input:        IndexResources(testutil.Logger(t), exampleResources),
+			hasResources: true,
+		},
+		{
+			name:  "empty input returns empty",
+			input: EmptyIndexedResources(),
+		},
+		{
+			name:  "nil input returns nil",
+			input: nil,
+		},
+	}
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			clone := Clone(tc.input)
+
+			if tc.input == nil {
+				require.Nil(t, clone)
+			} else {
+				if diff := cmp.Diff(tc.input, clone, protocmp.Transform()); diff != "" {
+					t.Errorf("unexpected difference:\n%v", diff)
+				}
+
+				require.NotSame(t, tc.input, clone)
+				require.NotSame(t, tc.input.Index, clone.Index)
+				require.NotSame(t, tc.input.ChildIndex, clone.ChildIndex)
+
+				// Ensure deep clone of protos
+				for typeURL, typeMap := range tc.input.Index {
+					for name, msg := range typeMap {
+						require.NotSame(t, msg, clone.Index[typeURL][name])
+						require.NotSame(t, getPointerField(msg), getPointerField(clone.Index[typeURL][name]))
+						updatePointerField(msg)
+					}
+				}
+
+				// Only check post-update difference if there are resources to differ
+				if tc.hasResources {
+					if diff := cmp.Diff(tc.input, clone, protocmp.Transform()); diff == "" {
+						t.Errorf("updated original and clone should be different:\n%v", diff)
+					}
+				}
+			}
+		})
+	}
+}

From 389494082415a1cf49d87801dc51bad30ab0fd9d Mon Sep 17 00:00:00 2001
From: Blake Covarrubias <blake@covarrubi.as>
Date: Mon, 31 Jul 2023 14:01:39 -0700
Subject: [PATCH 234/359] docs: Simplify example jq commands by removing pipes
 (#18327)

Simplify jq command examples by removing pipes to other commands.
---
 website/content/docs/connect/ca/consul.mdx               | 6 +++---
 website/content/docs/ecs/manual/secure-configuration.mdx | 6 +++---
 website/content/docs/security/acl/auth-methods/oidc.mdx  | 2 +-
 website/content/docs/troubleshoot/common-errors.mdx      | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/website/content/docs/connect/ca/consul.mdx b/website/content/docs/connect/ca/consul.mdx
index 8d36c001211f..870bea4fe434 100644
--- a/website/content/docs/connect/ca/consul.mdx
+++ b/website/content/docs/connect/ca/consul.mdx
@@ -100,13 +100,13 @@ In order to use the Update CA Configuration HTTP endpoint, the private key and c
 must be passed via JSON:
 
 ```shell-session
-$ jq --null-input --arg key "$(cat root.key)" --arg cert "$(cat root.crt)" '
+$ jq --null-input --rawfile key root.key --rawfile cert root.crt '
 {
     "Provider": "consul",
     "Config": {
         "LeafCertTTL": "72h",
-        "PrivateKey": $key,
-        "RootCert": $cert,
+        "PrivateKey": $key | sub("\\n$"; ""),
+        "RootCert": $cert | sub("\\n$"; ""),
         "IntermediateCertTTL": "8760h"
     }
 }' > ca_config.json
diff --git a/website/content/docs/ecs/manual/secure-configuration.mdx b/website/content/docs/ecs/manual/secure-configuration.mdx
index 3a2c7fdf29fd..ec374670bc5d 100644
--- a/website/content/docs/ecs/manual/secure-configuration.mdx
+++ b/website/content/docs/ecs/manual/secure-configuration.mdx
@@ -346,9 +346,9 @@ script to the container.
 
 # Obtain details from the task metadata
 ECS_TASK_META=$(curl -s $ECS_CONTAINER_METADATA_URI_V4/task)
-TASK_REGION=$(echo "$ECS_TASK_META" | jq -r .TaskARN | cut -d ':' -f 4)
-TASK_ID=$(echo "$ECS_TASK_META" | jq -r .TaskARN | cut -d '/' -f 3)
-CLUSTER_ARN=$(echo "$ECS_TASK_META" | jq -r .TaskARN | sed -E 's|:task/([^/]+).*|:cluster/\1|')
+TASK_REGION=$(echo "$ECS_TASK_META" | jq --raw-output '.TaskARN / ":" | .[3]')
+TASK_ID=$(echo "$ECS_TASK_META" | jq --raw-output '.TaskARN / "/" | .[2]')
+CLUSTER_ARN=$(echo "$ECS_TASK_META" | jq --raw-output '.TaskARN | sub(":task/(?<cluster>[^/]+).*"; ":cluster/\(.cluster)")')
 
 # Write the CA certs to a files in the shared volume
 echo "$CONSUL_CACERT_PEM" > /consul/consul-ca-cert.pem
diff --git a/website/content/docs/security/acl/auth-methods/oidc.mdx b/website/content/docs/security/acl/auth-methods/oidc.mdx
index 7d22f01df7d6..0c0f9efda06b 100644
--- a/website/content/docs/security/acl/auth-methods/oidc.mdx
+++ b/website/content/docs/security/acl/auth-methods/oidc.mdx
@@ -202,7 +202,7 @@ be tricky to debug why things aren't working. Some tips for setting up OIDC:
   request to obtain a JWT that you can inspect. An example of how to decode the
   JWT (in this case located in the `access_token` field of a JSON response):
 
-      cat jwt.json | jq --raw-output .access_token | cut -d. -f2 | base64 --decode
+      jq --raw-output '.access_token / "." | .[1] | @base64d' jwt.json
 
 - The [`VerboseOIDCLogging`](#verboseoidclogging) option is available which
   will log the received OIDC token if debug level logging is enabled. This can
diff --git a/website/content/docs/troubleshoot/common-errors.mdx b/website/content/docs/troubleshoot/common-errors.mdx
index 505d360b05e4..b2d41b6314f0 100644
--- a/website/content/docs/troubleshoot/common-errors.mdx
+++ b/website/content/docs/troubleshoot/common-errors.mdx
@@ -44,7 +44,7 @@ There is a syntax error in your configuration file. If the error message doesn't
 ```shell-session
 $ consul agent -server -config-file server.json
 ==> Error parsing server.json: invalid character '`' looking for beginning of value
-$ cat server.json | jq .
+$ jq . server.json
 parse error: Invalid numeric literal at line 3, column 29
 ```
 

From bb6fc638234a36226df50e26fd83afe85f120674 Mon Sep 17 00:00:00 2001
From: Ronald <roncodingenthusiast@users.noreply.github.com>
Date: Tue, 1 Aug 2023 10:18:08 -0400
Subject: [PATCH 235/359] fix typo in create a mesh token docs (#18337)

---
 .../security/acl/tokens/create/create-a-mesh-gateway-token.mdx  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/security/acl/tokens/create/create-a-mesh-gateway-token.mdx b/website/content/docs/security/acl/tokens/create/create-a-mesh-gateway-token.mdx
index 9736beb50d9e..6e94395d31dd 100644
--- a/website/content/docs/security/acl/tokens/create/create-a-mesh-gateway-token.mdx
+++ b/website/content/docs/security/acl/tokens/create/create-a-mesh-gateway-token.mdx
@@ -19,7 +19,7 @@ Gateways](/consul/docs/connect/gateways#mesh-gateways) for additional informatio
 Gateways must present a token linked to policies that grant the appropriate set of permissions in
 order to be discoverable and to route to other services in a mesh.
 
-## Requiremements
+## Requirements
 
 Core ACL functionality is available in all versions of Consul.
 

From 6424ef6a56435191aae5da1392ae2f5a89bc5591 Mon Sep 17 00:00:00 2001
From: Jeremy Jacobson <jjacobson93@users.noreply.github.com>
Date: Tue, 1 Aug 2023 10:12:14 -0700
Subject: [PATCH 236/359] [CC-5719] Add support for builtin global-read-only
 policy (#18319)

* [CC-5719] Add support for builtin global-read-only policy

* Add changelog

* Add read-only to docs

* Fix some minor issues.

* Change from ReplaceAll to Sprintf

* Change IsValidPolicy name to return an error instead of bool

* Fix PolicyList test

* Fix other tests

* Apply suggestions from code review

Co-authored-by: Paul Glass <pglass@hashicorp.com>

* Fix state store test for policy list.

* Fix naming issues

* Update acl/validation.go

Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>

* Update agent/consul/acl_endpoint.go

---------

Co-authored-by: Paul Glass <pglass@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
---
 .changelog/18319.txt                          |  6 ++
 acl/acl.go                                    |  2 +
 acl/validation.go                             | 28 ++++--
 acl/validation_test.go                        | 78 +++++++++++++++
 agent/acl_endpoint_test.go                    |  4 +-
 agent/consul/acl_endpoint.go                  | 14 +--
 agent/consul/acl_endpoint_test.go             | 95 ++++++++++---------
 agent/consul/auth/token_writer.go             |  2 +-
 agent/consul/auth/token_writer_test.go        |  4 +-
 agent/consul/fsm/snapshot_test.go             |  2 +-
 agent/consul/leader.go                        | 61 ++++++------
 agent/consul/leader_test.go                   | 25 +++--
 agent/consul/state/acl.go                     | 14 +--
 agent/consul/state/acl_test.go                | 53 +++++++----
 agent/structs/acl.go                          | 63 ++++++++----
 agent/structs/acl_oss.go                      |  1 +
 api/acl_test.go                               |  7 +-
 .../docs/security/acl/acl-policies.mdx        |  6 +-
 18 files changed, 316 insertions(+), 149 deletions(-)
 create mode 100644 .changelog/18319.txt
 create mode 100644 acl/validation_test.go

diff --git a/.changelog/18319.txt b/.changelog/18319.txt
new file mode 100644
index 000000000000..bb9c8cdf2c72
--- /dev/null
+++ b/.changelog/18319.txt
@@ -0,0 +1,6 @@
+```release-note:improvement
+acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only)
+```
+```release-note:improvement
+acl: allow for a single slash character in policy names
+```
diff --git a/acl/acl.go b/acl/acl.go
index fd6515d2389e..75789dd17498 100644
--- a/acl/acl.go
+++ b/acl/acl.go
@@ -12,6 +12,8 @@ const (
 	AnonymousTokenID     = "00000000-0000-0000-0000-000000000002"
 	AnonymousTokenAlias  = "anonymous token"
 	AnonymousTokenSecret = "anonymous"
+
+	ReservedBuiltinPrefix = "builtin/"
 )
 
 // Config encapsulates all of the generic configuration parameters used for
diff --git a/acl/validation.go b/acl/validation.go
index 400465efafbf..96119dcc0fba 100644
--- a/acl/validation.go
+++ b/acl/validation.go
@@ -3,17 +3,22 @@
 
 package acl
 
-import "regexp"
+import (
+	"fmt"
+	"regexp"
+	"strings"
+)
 
 const (
 	ServiceIdentityNameMaxLength = 256
 	NodeIdentityNameMaxLength    = 256
+	PolicyNameMaxLength          = 128
 )
 
 var (
 	validServiceIdentityName = regexp.MustCompile(`^[a-z0-9]([a-z0-9\-_]*[a-z0-9])?$`)
 	validNodeIdentityName    = regexp.MustCompile(`^[a-z0-9]([a-z0-9\-_]*[a-z0-9])?$`)
-	validPolicyName          = regexp.MustCompile(`^[A-Za-z0-9\-_]{1,128}$`)
+	validPolicyName          = regexp.MustCompile(`^[A-Za-z0-9\-_]+\/?[A-Za-z0-9\-_]*$`)
 	validRoleName            = regexp.MustCompile(`^[A-Za-z0-9\-_]{1,256}$`)
 	validAuthMethodName      = regexp.MustCompile(`^[A-Za-z0-9\-_]{1,128}$`)
 )
@@ -40,10 +45,21 @@ func IsValidNodeIdentityName(name string) bool {
 	return validNodeIdentityName.MatchString(name)
 }
 
-// IsValidPolicyName returns true if the provided name can be used as an
-// ACLPolicy Name.
-func IsValidPolicyName(name string) bool {
-	return validPolicyName.MatchString(name)
+// ValidatePolicyName returns nil if the provided name can be used as an
+// ACLPolicy Name otherwise a useful error is returned.
+func ValidatePolicyName(name string) error {
+	if len(name) < 1 || len(name) > PolicyNameMaxLength {
+		return fmt.Errorf("Invalid Policy: invalid Name. Length must be greater than 0 and less than %d", PolicyNameMaxLength)
+	}
+
+	if strings.HasPrefix(name, "/") || strings.HasPrefix(name, ReservedBuiltinPrefix) {
+		return fmt.Errorf("Invalid Policy: invalid Name. Names cannot be prefixed with '/' or '%s'", ReservedBuiltinPrefix)
+	}
+
+	if !validPolicyName.MatchString(name) {
+		return fmt.Errorf("Invalid Policy: invalid Name. Only alphanumeric characters, a single '/', '-' and '_' are allowed")
+	}
+	return nil
 }
 
 // IsValidRoleName returns true if the provided name can be used as an
diff --git a/acl/validation_test.go b/acl/validation_test.go
new file mode 100644
index 000000000000..d5d01e0e9054
--- /dev/null
+++ b/acl/validation_test.go
@@ -0,0 +1,78 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package acl
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func Test_ValidatePolicyName(t *testing.T) {
+	for _, tc := range []struct {
+		description string
+		name        string
+		valid       bool
+	}{
+		{
+			description: "valid policy",
+			name:        "this-is-valid",
+			valid:       true,
+		},
+		{
+			description: "empty policy",
+			name:        "",
+			valid:       false,
+		},
+		{
+			description: "with slash",
+			name:        "policy/with-slash",
+			valid:       true,
+		},
+		{
+			description: "leading slash",
+			name:        "/no-leading-slash",
+			valid:       false,
+		},
+		{
+			description: "too many slashes",
+			name:        "too/many/slashes",
+			valid:       false,
+		},
+		{
+			description: "no double-slash",
+			name:        "no//double-slash",
+			valid:       false,
+		},
+		{
+			description: "builtin prefix",
+			name:        "builtin/prefix-cannot-be-used",
+			valid:       false,
+		},
+		{
+			description: "long",
+			name:        "this-policy-name-is-very-very-long-but-it-is-okay-because-it-is-the-max-length-that-we-allow-here-in-a-policy-name-which-is-good",
+			valid:       true,
+		},
+		{
+			description: "too long",
+			name:        "this-is-a-policy-that-has-one-character-too-many-it-is-way-too-long-for-a-policy-we-do-not-want-a-policy-of-this-length-because-1",
+			valid:       false,
+		},
+		{
+			description: "invalid start character",
+			name:        "!foo",
+			valid:       false,
+		},
+		{
+			description: "invalid character",
+			name:        "this%is%bad",
+			valid:       false,
+		},
+	} {
+		t.Run(tc.description, func(t *testing.T) {
+			require.Equal(t, tc.valid, ValidatePolicyName(tc.name) == nil)
+		})
+	}
+}
diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go
index 0c948880e036..4a84ef3155fd 100644
--- a/agent/acl_endpoint_test.go
+++ b/agent/acl_endpoint_test.go
@@ -438,8 +438,8 @@ func TestACL_HTTP(t *testing.T) {
 			policies, ok := raw.(structs.ACLPolicyListStubs)
 			require.True(t, ok)
 
-			// 2 we just created + global management
-			require.Len(t, policies, 3)
+			// 2 we just created + builtin policies
+			require.Len(t, policies, 2+len(structs.ACLBuiltinPolicies))
 
 			for policyID, expected := range policyMap {
 				found := false
diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go
index 5d5ba3cb406f..7d2d1028cc85 100644
--- a/agent/consul/acl_endpoint.go
+++ b/agent/consul/acl_endpoint.go
@@ -869,8 +869,8 @@ func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPol
 		return fmt.Errorf("Invalid Policy: no Name is set")
 	}
 
-	if !acl.IsValidPolicyName(policy.Name) {
-		return fmt.Errorf("Invalid Policy: invalid Name. Only alphanumeric characters, '-' and '_' are allowed")
+	if err := acl.ValidatePolicyName(policy.Name); err != nil {
+		return err
 	}
 
 	var idMatch *structs.ACLPolicy
@@ -915,13 +915,13 @@ func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPol
 			return fmt.Errorf("Invalid Policy: A policy with name %q already exists", policy.Name)
 		}
 
-		if policy.ID == structs.ACLPolicyGlobalManagementID {
+		if builtinPolicy, ok := structs.ACLBuiltinPolicies[policy.ID]; ok {
 			if policy.Datacenters != nil || len(policy.Datacenters) > 0 {
-				return fmt.Errorf("Changing the Datacenters of the builtin global-management policy is not permitted")
+				return fmt.Errorf("Changing the Datacenters of the %s policy is not permitted", builtinPolicy.Name)
 			}
 
 			if policy.Rules != idMatch.Rules {
-				return fmt.Errorf("Changing the Rules for the builtin global-management policy is not permitted")
+				return fmt.Errorf("Changing the Rules for the builtin %s policy is not permitted", builtinPolicy.Name)
 			}
 		}
 	}
@@ -999,8 +999,8 @@ func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string)
 		return fmt.Errorf("policy does not exist: %w", acl.ErrNotFound)
 	}
 
-	if policy.ID == structs.ACLPolicyGlobalManagementID {
-		return fmt.Errorf("Delete operation not permitted on the builtin global-management policy")
+	if builtinPolicy, ok := structs.ACLBuiltinPolicies[policy.ID]; ok {
+		return fmt.Errorf("Delete operation not permitted on the builtin %s policy", builtinPolicy.Name)
 	}
 
 	req := structs.ACLPolicyBatchDeleteRequest{
diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go
index 7e09880ad3d6..20deb56aa4b0 100644
--- a/agent/consul/acl_endpoint_test.go
+++ b/agent/consul/acl_endpoint_test.go
@@ -2183,7 +2183,7 @@ func TestACLEndpoint_PolicySet_CustomID(t *testing.T) {
 	require.Error(t, err)
 }
 
-func TestACLEndpoint_PolicySet_globalManagement(t *testing.T) {
+func TestACLEndpoint_PolicySet_builtins(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
 	}
@@ -2195,47 +2195,50 @@ func TestACLEndpoint_PolicySet_globalManagement(t *testing.T) {
 
 	aclEp := ACL{srv: srv}
 
-	// Can't change the rules
-	{
-		req := structs.ACLPolicySetRequest{
-			Datacenter: "dc1",
-			Policy: structs.ACLPolicy{
-				ID:    structs.ACLPolicyGlobalManagementID,
-				Name:  "foobar", // This is required to get past validation
-				Rules: "service \"\" { policy = \"write\" }",
-			},
-			WriteRequest: structs.WriteRequest{Token: TestDefaultInitialManagementToken},
-		}
-		resp := structs.ACLPolicy{}
+	for _, builtinPolicy := range structs.ACLBuiltinPolicies {
+		name := fmt.Sprintf("foobar-%s", builtinPolicy.Name) // This is required to get past validation
 
-		err := aclEp.PolicySet(&req, &resp)
-		require.EqualError(t, err, "Changing the Rules for the builtin global-management policy is not permitted")
-	}
+		// Can't change the rules
+		{
+			req := structs.ACLPolicySetRequest{
+				Datacenter: "dc1",
+				Policy: structs.ACLPolicy{
+					ID:    builtinPolicy.ID,
+					Name:  name,
+					Rules: "service \"\" { policy = \"write\" }",
+				},
+				WriteRequest: structs.WriteRequest{Token: TestDefaultInitialManagementToken},
+			}
+			resp := structs.ACLPolicy{}
 
-	// Can rename it
-	{
-		req := structs.ACLPolicySetRequest{
-			Datacenter: "dc1",
-			Policy: structs.ACLPolicy{
-				ID:    structs.ACLPolicyGlobalManagementID,
-				Name:  "foobar",
-				Rules: structs.ACLPolicyGlobalManagement,
-			},
-			WriteRequest: structs.WriteRequest{Token: TestDefaultInitialManagementToken},
+			err := aclEp.PolicySet(&req, &resp)
+			require.EqualError(t, err, fmt.Sprintf("Changing the Rules for the builtin %s policy is not permitted", builtinPolicy.Name))
 		}
-		resp := structs.ACLPolicy{}
 
-		err := aclEp.PolicySet(&req, &resp)
-		require.NoError(t, err)
+		// Can rename it
+		{
+			req := structs.ACLPolicySetRequest{
+				Datacenter: "dc1",
+				Policy: structs.ACLPolicy{
+					ID:    builtinPolicy.ID,
+					Name:  name,
+					Rules: builtinPolicy.Rules,
+				},
+				WriteRequest: structs.WriteRequest{Token: TestDefaultInitialManagementToken},
+			}
+			resp := structs.ACLPolicy{}
 
-		// Get the policy again
-		policyResp, err := retrieveTestPolicy(codec, TestDefaultInitialManagementToken, "dc1", structs.ACLPolicyGlobalManagementID)
-		require.NoError(t, err)
-		policy := policyResp.Policy
+			err := aclEp.PolicySet(&req, &resp)
+			require.NoError(t, err)
 
-		require.Equal(t, policy.ID, structs.ACLPolicyGlobalManagementID)
-		require.Equal(t, policy.Name, "foobar")
+			// Get the policy again
+			policyResp, err := retrieveTestPolicy(codec, TestDefaultInitialManagementToken, "dc1", builtinPolicy.ID)
+			require.NoError(t, err)
+			policy := policyResp.Policy
 
+			require.Equal(t, policy.ID, builtinPolicy.ID)
+			require.Equal(t, policy.Name, name)
+		}
 	}
 }
 
@@ -2271,7 +2274,7 @@ func TestACLEndpoint_PolicyDelete(t *testing.T) {
 	require.Nil(t, tokenResp.Policy)
 }
 
-func TestACLEndpoint_PolicyDelete_globalManagement(t *testing.T) {
+func TestACLEndpoint_PolicyDelete_builtins(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
 	}
@@ -2282,16 +2285,17 @@ func TestACLEndpoint_PolicyDelete_globalManagement(t *testing.T) {
 	waitForLeaderEstablishment(t, srv)
 	aclEp := ACL{srv: srv}
 
-	req := structs.ACLPolicyDeleteRequest{
-		Datacenter:   "dc1",
-		PolicyID:     structs.ACLPolicyGlobalManagementID,
-		WriteRequest: structs.WriteRequest{Token: TestDefaultInitialManagementToken},
-	}
-	var resp string
-
-	err := aclEp.PolicyDelete(&req, &resp)
+	for _, builtinPolicy := range structs.ACLBuiltinPolicies {
+		req := structs.ACLPolicyDeleteRequest{
+			Datacenter:   "dc1",
+			PolicyID:     builtinPolicy.ID,
+			WriteRequest: structs.WriteRequest{Token: TestDefaultInitialManagementToken},
+		}
+		var resp string
 
-	require.EqualError(t, err, "Delete operation not permitted on the builtin global-management policy")
+		err := aclEp.PolicyDelete(&req, &resp)
+		require.EqualError(t, err, fmt.Sprintf("Delete operation not permitted on the builtin %s policy", builtinPolicy.Name))
+	}
 }
 
 func TestACLEndpoint_PolicyList(t *testing.T) {
@@ -2324,6 +2328,7 @@ func TestACLEndpoint_PolicyList(t *testing.T) {
 
 	policies := []string{
 		structs.ACLPolicyGlobalManagementID,
+		structs.ACLPolicyGlobalReadOnlyID,
 		p1.ID,
 		p2.ID,
 	}
diff --git a/agent/consul/auth/token_writer.go b/agent/consul/auth/token_writer.go
index ab99eeb37023..857a2e3d1321 100644
--- a/agent/consul/auth/token_writer.go
+++ b/agent/consul/auth/token_writer.go
@@ -244,7 +244,7 @@ func (w *TokenWriter) Delete(secretID string, fromLogout bool) error {
 
 func validateTokenID(id string) error {
 	if structs.ACLIDReserved(id) {
-		return fmt.Errorf("UUIDs with the prefix %q are reserved", structs.ACLReservedPrefix)
+		return fmt.Errorf("UUIDs with the prefix %q are reserved", structs.ACLReservedIDPrefix)
 	}
 	if _, err := uuid.ParseUUID(id); err != nil {
 		return errors.New("not a valid UUID")
diff --git a/agent/consul/auth/token_writer_test.go b/agent/consul/auth/token_writer_test.go
index e4fbf04db8c4..51a2b3cc45a8 100644
--- a/agent/consul/auth/token_writer_test.go
+++ b/agent/consul/auth/token_writer_test.go
@@ -41,7 +41,7 @@ func TestTokenWriter_Create_Validation(t *testing.T) {
 			errorContains: "not a valid UUID",
 		},
 		"AccessorID is reserved": {
-			token:         structs.ACLToken{AccessorID: structs.ACLReservedPrefix + generateID(t)},
+			token:         structs.ACLToken{AccessorID: structs.ACLReservedIDPrefix + generateID(t)},
 			errorContains: "reserved",
 		},
 		"AccessorID already in use (as AccessorID)": {
@@ -57,7 +57,7 @@ func TestTokenWriter_Create_Validation(t *testing.T) {
 			errorContains: "not a valid UUID",
 		},
 		"SecretID is reserved": {
-			token:         structs.ACLToken{SecretID: structs.ACLReservedPrefix + generateID(t)},
+			token:         structs.ACLToken{SecretID: structs.ACLReservedIDPrefix + generateID(t)},
 			errorContains: "reserved",
 		},
 		"SecretID already in use (as AccessorID)": {
diff --git a/agent/consul/fsm/snapshot_test.go b/agent/consul/fsm/snapshot_test.go
index a34e1f3e335c..d95865b92cb3 100644
--- a/agent/consul/fsm/snapshot_test.go
+++ b/agent/consul/fsm/snapshot_test.go
@@ -108,7 +108,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
 		ID:          structs.ACLPolicyGlobalManagementID,
 		Name:        "global-management",
 		Description: "Builtin Policy that grants unlimited access",
-		Rules:       structs.ACLPolicyGlobalManagement,
+		Rules:       structs.ACLPolicyGlobalManagementRules,
 	}
 	policy.SetHash(true)
 	require.NoError(t, fsm.state.ACLPolicySet(1, policy))
diff --git a/agent/consul/leader.go b/agent/consul/leader.go
index 4bc1908d5fe8..17408d4ef441 100644
--- a/agent/consul/leader.go
+++ b/agent/consul/leader.go
@@ -420,34 +420,11 @@ func (s *Server) initializeACLs(ctx context.Context) error {
 	if s.InPrimaryDatacenter() {
 		s.logger.Info("initializing acls")
 
-		// Create/Upgrade the builtin global-management policy
-		_, policy, err := s.fsm.State().ACLPolicyGetByID(nil, structs.ACLPolicyGlobalManagementID, structs.DefaultEnterpriseMetaInDefaultPartition())
-		if err != nil {
-			return fmt.Errorf("failed to get the builtin global-management policy")
-		}
-		if policy == nil || policy.Rules != structs.ACLPolicyGlobalManagement {
-			newPolicy := structs.ACLPolicy{
-				ID:             structs.ACLPolicyGlobalManagementID,
-				Name:           "global-management",
-				Description:    "Builtin Policy that grants unlimited access",
-				Rules:          structs.ACLPolicyGlobalManagement,
-				EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
-			}
-			if policy != nil {
-				newPolicy.Name = policy.Name
-				newPolicy.Description = policy.Description
-			}
-
-			newPolicy.SetHash(true)
-
-			req := structs.ACLPolicyBatchSetRequest{
-				Policies: structs.ACLPolicies{&newPolicy},
-			}
-			_, err := s.raftApply(structs.ACLPolicySetRequestType, &req)
-			if err != nil {
-				return fmt.Errorf("failed to create global-management policy: %v", err)
+		// Create/Upgrade the builtin policies
+		for _, policy := range structs.ACLBuiltinPolicies {
+			if err := s.writeBuiltinACLPolicy(policy); err != nil {
+				return err
 			}
-			s.logger.Info("Created ACL 'global-management' policy")
 		}
 
 		// Check for configured initial management token.
@@ -492,6 +469,36 @@ func (s *Server) initializeACLs(ctx context.Context) error {
 	return nil
 }
 
+// writeBuiltinACLPolicy writes the given built-in policy to Raft if the policy
+// is not found or if the policy rules have been changed. The name and
+// description of a built-in policy are user-editable and must be preserved
+// during updates. This function must only be called in a primary datacenter.
+func (s *Server) writeBuiltinACLPolicy(newPolicy structs.ACLPolicy) error {
+	_, policy, err := s.fsm.State().ACLPolicyGetByID(nil, newPolicy.ID, structs.DefaultEnterpriseMetaInDefaultPartition())
+	if err != nil {
+		return fmt.Errorf("failed to get the builtin %s policy", newPolicy.Name)
+	}
+	if policy == nil || policy.Rules != newPolicy.Rules {
+		if policy != nil {
+			newPolicy.Name = policy.Name
+			newPolicy.Description = policy.Description
+		}
+
+		newPolicy.EnterpriseMeta = *structs.DefaultEnterpriseMetaInDefaultPartition()
+		newPolicy.SetHash(true)
+
+		req := structs.ACLPolicyBatchSetRequest{
+			Policies: structs.ACLPolicies{&newPolicy},
+		}
+		_, err := s.raftApply(structs.ACLPolicySetRequestType, &req)
+		if err != nil {
+			return fmt.Errorf("failed to create %s policy: %v", newPolicy.Name, err)
+		}
+		s.logger.Info(fmt.Sprintf("Created ACL '%s' policy", newPolicy.Name))
+	}
+	return nil
+}
+
 func (s *Server) initializeManagementToken(name, secretID string) error {
 	state := s.fsm.State()
 	if _, err := uuid.ParseUUID(secretID); err != nil {
diff --git a/agent/consul/leader_test.go b/agent/consul/leader_test.go
index 48b9876ae76d..8a5a158ce34a 100644
--- a/agent/consul/leader_test.go
+++ b/agent/consul/leader_test.go
@@ -1307,9 +1307,12 @@ func TestLeader_ACL_Initialization(t *testing.T) {
 			_, s1 := testServerWithConfig(t, conf)
 			testrpc.WaitForTestAgent(t, s1.RPC, "dc1")
 
-			_, policy, err := s1.fsm.State().ACLPolicyGetByID(nil, structs.ACLPolicyGlobalManagementID, nil)
-			require.NoError(t, err)
-			require.NotNil(t, policy)
+			// check that the builtin policies were created
+			for _, builtinPolicy := range structs.ACLBuiltinPolicies {
+				_, policy, err := s1.fsm.State().ACLPolicyGetByID(nil, builtinPolicy.ID, nil)
+				require.NoError(t, err)
+				require.NotNil(t, policy)
+			}
 
 			if tt.initialManagement != "" {
 				_, initialManagement, err := s1.fsm.State().ACLTokenGetBySecret(nil, tt.initialManagement, nil)
@@ -1439,15 +1442,17 @@ func TestLeader_ACLUpgrade_IsStickyEvenIfSerfTagsRegress(t *testing.T) {
 	waitForLeaderEstablishment(t, s2)
 	waitForNewACLReplication(t, s2, structs.ACLReplicatePolicies, 1, 0, 0)
 
-	// Everybody has the management policy.
+	// Everybody has the builtin policies.
 	retry.Run(t, func(r *retry.R) {
-		_, policy1, err := s1.fsm.State().ACLPolicyGetByID(nil, structs.ACLPolicyGlobalManagementID, structs.DefaultEnterpriseMetaInDefaultPartition())
-		require.NoError(r, err)
-		require.NotNil(r, policy1)
+		for _, builtinPolicy := range structs.ACLBuiltinPolicies {
+			_, policy1, err := s1.fsm.State().ACLPolicyGetByID(nil, builtinPolicy.ID, structs.DefaultEnterpriseMetaInDefaultPartition())
+			require.NoError(r, err)
+			require.NotNil(r, policy1)
 
-		_, policy2, err := s2.fsm.State().ACLPolicyGetByID(nil, structs.ACLPolicyGlobalManagementID, structs.DefaultEnterpriseMetaInDefaultPartition())
-		require.NoError(r, err)
-		require.NotNil(r, policy2)
+			_, policy2, err := s2.fsm.State().ACLPolicyGetByID(nil, builtinPolicy.ID, structs.DefaultEnterpriseMetaInDefaultPartition())
+			require.NoError(r, err)
+			require.NotNil(r, policy2)
+		}
 	})
 
 	// Shutdown s1 and s2.
diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go
index 1774ee879377..22c8a6164e42 100644
--- a/agent/consul/state/acl.go
+++ b/agent/consul/state/acl.go
@@ -884,18 +884,18 @@ func aclPolicySetTxn(tx WriteTxn, idx uint64, policy *structs.ACLPolicy) error {
 	}
 
 	if existing != nil {
-		if policy.ID == structs.ACLPolicyGlobalManagementID {
+		if builtinPolicy, ok := structs.ACLBuiltinPolicies[policy.ID]; ok {
 			// Only the name and description are modifiable
-			// Here we specifically check that the rules on the global management policy
+			// Here we specifically check that the rules on the builtin policy
 			// are identical to the correct policy rules within the binary. This is opposed
 			// to checking against the current rules to allow us to update the rules during
 			// upgrades.
-			if policy.Rules != structs.ACLPolicyGlobalManagement {
-				return fmt.Errorf("Changing the Rules for the builtin global-management policy is not permitted")
+			if policy.Rules != builtinPolicy.Rules {
+				return fmt.Errorf("Changing the Rules for the builtin %s policy is not permitted", builtinPolicy.Name)
 			}
 
 			if policy.Datacenters != nil && len(policy.Datacenters) != 0 {
-				return fmt.Errorf("Changing the Datacenters of the builtin global-management policy is not permitted")
+				return fmt.Errorf("Changing the Datacenters of the builtin %s policy is not permitted", builtinPolicy.Name)
 			}
 		}
 	}
@@ -1062,8 +1062,8 @@ func aclPolicyDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclPolicyGetFn
 
 	policy := rawPolicy.(*structs.ACLPolicy)
 
-	if policy.ID == structs.ACLPolicyGlobalManagementID {
-		return fmt.Errorf("Deletion of the builtin global-management policy is not permitted")
+	if builtinPolicy, ok := structs.ACLBuiltinPolicies[policy.ID]; ok {
+		return fmt.Errorf("Deletion of the builtin %s policy is not permitted", builtinPolicy.Name)
 	}
 
 	return aclPolicyDeleteWithPolicy(tx, policy, idx)
diff --git a/agent/consul/state/acl_test.go b/agent/consul/state/acl_test.go
index 78824315d089..4bf42954dd20 100644
--- a/agent/consul/state/acl_test.go
+++ b/agent/consul/state/acl_test.go
@@ -30,16 +30,17 @@ const (
 )
 
 func setupGlobalManagement(t *testing.T, s *Store) {
-	policy := structs.ACLPolicy{
-		ID:          structs.ACLPolicyGlobalManagementID,
-		Name:        "global-management",
-		Description: "Builtin Policy that grants unlimited access",
-		Rules:       structs.ACLPolicyGlobalManagement,
-	}
+	policy := structs.ACLBuiltinPolicies[structs.ACLPolicyGlobalManagementID]
 	policy.SetHash(true)
 	require.NoError(t, s.ACLPolicySet(1, &policy))
 }
 
+func setupBuiltinGlobalReadOnly(t *testing.T, s *Store) {
+	policy := structs.ACLBuiltinPolicies[structs.ACLPolicyGlobalReadOnlyID]
+	policy.SetHash(true)
+	require.NoError(t, s.ACLPolicySet(2, &policy))
+}
+
 func setupAnonymous(t *testing.T, s *Store) {
 	token := structs.ACLToken{
 		AccessorID:  acl.AnonymousTokenID,
@@ -53,6 +54,7 @@ func setupAnonymous(t *testing.T, s *Store) {
 func testACLStateStore(t *testing.T) *Store {
 	s := testStateStore(t)
 	setupGlobalManagement(t, s)
+	setupBuiltinGlobalReadOnly(t, s)
 	setupAnonymous(t, s)
 	return s
 }
@@ -184,6 +186,7 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
 
 	s := testStateStore(t)
 	setupGlobalManagement(t, s)
+	setupBuiltinGlobalReadOnly(t, s)
 
 	canBootstrap, index, err := s.CanBootstrapACLToken()
 	require.NoError(t, err)
@@ -1430,7 +1433,7 @@ func TestStateStore_ACLPolicy_SetGet(t *testing.T) {
 				ID:          structs.ACLPolicyGlobalManagementID,
 				Name:        "global-management",
 				Description: "Global Management",
-				Rules:       structs.ACLPolicyGlobalManagement,
+				Rules:       structs.ACLPolicyGlobalManagementRules,
 				Datacenters: []string{"dc1"},
 			}
 
@@ -1444,7 +1447,7 @@ func TestStateStore_ACLPolicy_SetGet(t *testing.T) {
 				ID:          structs.ACLPolicyGlobalManagementID,
 				Name:        "management",
 				Description: "Modified",
-				Rules:       structs.ACLPolicyGlobalManagement,
+				Rules:       structs.ACLPolicyGlobalManagementRules,
 			}
 
 			require.NoError(t, s.ACLPolicySet(3, &policy))
@@ -1494,7 +1497,7 @@ func TestStateStore_ACLPolicy_SetGet(t *testing.T) {
 		require.NotNil(t, rpolicy)
 		require.Equal(t, "global-management", rpolicy.Name)
 		require.Equal(t, "Builtin Policy that grants unlimited access", rpolicy.Description)
-		require.Equal(t, structs.ACLPolicyGlobalManagement, rpolicy.Rules)
+		require.Equal(t, structs.ACLPolicyGlobalManagementRules, rpolicy.Rules)
 		require.Len(t, rpolicy.Datacenters, 0)
 		require.Equal(t, uint64(1), rpolicy.CreateIndex)
 		require.Equal(t, uint64(1), rpolicy.ModifyIndex)
@@ -1664,31 +1667,39 @@ func TestStateStore_ACLPolicy_List(t *testing.T) {
 
 	_, policies, err := s.ACLPolicyList(nil, nil)
 	require.NoError(t, err)
-	require.Len(t, policies, 3)
+	require.Len(t, policies, 4)
 	policies.Sort()
 	require.Equal(t, structs.ACLPolicyGlobalManagementID, policies[0].ID)
-	require.Equal(t, "global-management", policies[0].Name)
-	require.Equal(t, "Builtin Policy that grants unlimited access", policies[0].Description)
+	require.Equal(t, structs.ACLPolicyGlobalManagementName, policies[0].Name)
+	require.Equal(t, structs.ACLPolicyGlobalManagementDesc, policies[0].Description)
 	require.Empty(t, policies[0].Datacenters)
 	require.NotEqual(t, []byte{}, policies[0].Hash)
 	require.Equal(t, uint64(1), policies[0].CreateIndex)
 	require.Equal(t, uint64(1), policies[0].ModifyIndex)
 
-	require.Equal(t, "a2719052-40b3-4a4b-baeb-f3df1831a217", policies[1].ID)
-	require.Equal(t, "acl-write-dc3", policies[1].Name)
-	require.Equal(t, "Can manage ACLs in dc3", policies[1].Description)
-	require.ElementsMatch(t, []string{"dc3"}, policies[1].Datacenters)
-	require.Nil(t, policies[1].Hash)
+	require.Equal(t, structs.ACLPolicyGlobalReadOnlyID, policies[1].ID)
+	require.Equal(t, structs.ACLPolicyGlobalReadOnlyName, policies[1].Name)
+	require.Equal(t, structs.ACLPolicyGlobalReadOnlyDesc, policies[1].Description)
+	require.Empty(t, policies[1].Datacenters)
+	require.NotEqual(t, []byte{}, policies[1].Hash)
 	require.Equal(t, uint64(2), policies[1].CreateIndex)
 	require.Equal(t, uint64(2), policies[1].ModifyIndex)
 
-	require.Equal(t, "a4f68bd6-3af5-4f56-b764-3c6f20247879", policies[2].ID)
-	require.Equal(t, "service-read", policies[2].Name)
-	require.Equal(t, "", policies[2].Description)
-	require.Empty(t, policies[2].Datacenters)
+	require.Equal(t, "a2719052-40b3-4a4b-baeb-f3df1831a217", policies[2].ID)
+	require.Equal(t, "acl-write-dc3", policies[2].Name)
+	require.Equal(t, "Can manage ACLs in dc3", policies[2].Description)
+	require.ElementsMatch(t, []string{"dc3"}, policies[2].Datacenters)
 	require.Nil(t, policies[2].Hash)
 	require.Equal(t, uint64(2), policies[2].CreateIndex)
 	require.Equal(t, uint64(2), policies[2].ModifyIndex)
+
+	require.Equal(t, "a4f68bd6-3af5-4f56-b764-3c6f20247879", policies[3].ID)
+	require.Equal(t, "service-read", policies[3].Name)
+	require.Equal(t, "", policies[3].Description)
+	require.Empty(t, policies[3].Datacenters)
+	require.Nil(t, policies[3].Hash)
+	require.Equal(t, uint64(2), policies[3].CreateIndex)
+	require.Equal(t, uint64(2), policies[3].ModifyIndex)
 }
 
 func TestStateStore_ACLPolicy_Delete(t *testing.T) {
diff --git a/agent/structs/acl.go b/agent/structs/acl.go
index 1533fd6577d0..981550694348 100644
--- a/agent/structs/acl.go
+++ b/agent/structs/acl.go
@@ -45,41 +45,68 @@ const (
 
 	// This policy gives unlimited access to everything. Users
 	// may rename if desired but cannot delete or modify the rules.
-	ACLPolicyGlobalManagementID = "00000000-0000-0000-0000-000000000001"
-	ACLPolicyGlobalManagement   = `
-acl = "write"
+	ACLPolicyGlobalManagementID   = "00000000-0000-0000-0000-000000000001"
+	ACLPolicyGlobalManagementName = "global-management"
+	ACLPolicyGlobalManagementDesc = "Builtin Policy that grants unlimited access"
+
+	ACLPolicyGlobalReadOnlyID   = "00000000-0000-0000-0000-000000000002"
+	ACLPolicyGlobalReadOnlyName = "builtin/global-read-only"
+	ACLPolicyGlobalReadOnlyDesc = "Builtin Policy that grants unlimited read-only access to all components"
+
+	ACLReservedIDPrefix = "00000000-0000-0000-0000-0000000000"
+
+	aclPolicyGlobalRulesTemplate = `
+acl = "%[1]s"
 agent_prefix "" {
-	policy = "write"
+	policy = "%[1]s"
 }
 event_prefix "" {
-	policy = "write"
+	policy = "%[1]s"
 }
 key_prefix "" {
-	policy = "write"
+	policy = "%[1]s"
 }
-keyring = "write"
+keyring = "%[1]s"
 node_prefix "" {
-	policy = "write"
+	policy = "%[1]s"
 }
-operator = "write"
-mesh = "write"
-peering = "write"
+operator = "%[1]s"
+mesh = "%[1]s"
+peering = "%[1]s"
 query_prefix "" {
-	policy = "write"
+	policy = "%[1]s"
 }
 service_prefix "" {
-	policy = "write"
-	intentions = "write"
+	policy = "%[1]s"
+	intentions = "%[1]s"
 }
 session_prefix "" {
-	policy = "write"
-}` + EnterpriseACLPolicyGlobalManagement
+	policy = "%[1]s"
+}`
+)
 
-	ACLReservedPrefix = "00000000-0000-0000-0000-0000000000"
+var (
+	ACLPolicyGlobalReadOnlyRules   = fmt.Sprintf(aclPolicyGlobalRulesTemplate, "read") + EnterpriseACLPolicyGlobalReadOnly
+	ACLPolicyGlobalManagementRules = fmt.Sprintf(aclPolicyGlobalRulesTemplate, "write") + EnterpriseACLPolicyGlobalManagement
+
+	ACLBuiltinPolicies = map[string]ACLPolicy{
+		ACLPolicyGlobalManagementID: {
+			ID:          ACLPolicyGlobalManagementID,
+			Name:        ACLPolicyGlobalManagementName,
+			Description: ACLPolicyGlobalManagementDesc,
+			Rules:       ACLPolicyGlobalManagementRules,
+		},
+		ACLPolicyGlobalReadOnlyID: {
+			ID:          ACLPolicyGlobalReadOnlyID,
+			Name:        ACLPolicyGlobalReadOnlyName,
+			Description: ACLPolicyGlobalReadOnlyDesc,
+			Rules:       ACLPolicyGlobalReadOnlyRules,
+		},
+	}
 )
 
 func ACLIDReserved(id string) bool {
-	return strings.HasPrefix(id, ACLReservedPrefix)
+	return strings.HasPrefix(id, ACLReservedIDPrefix)
 }
 
 // ACLBootstrapNotAllowedErr is returned once we know that a bootstrap can no
diff --git a/agent/structs/acl_oss.go b/agent/structs/acl_oss.go
index 01e252636f86..9cc4e7813ce8 100644
--- a/agent/structs/acl_oss.go
+++ b/agent/structs/acl_oss.go
@@ -14,6 +14,7 @@ import (
 
 const (
 	EnterpriseACLPolicyGlobalManagement = ""
+	EnterpriseACLPolicyGlobalReadOnly   = ""
 
 	// aclPolicyTemplateServiceIdentity is the template used for synthesizing
 	// policies for service identities.
diff --git a/api/acl_test.go b/api/acl_test.go
index 2a7bcbd23f78..f515878290cd 100644
--- a/api/acl_test.go
+++ b/api/acl_test.go
@@ -190,7 +190,7 @@ func TestAPI_ACLPolicy_List(t *testing.T) {
 
 	policies, qm, err := acl.PolicyList(nil)
 	require.NoError(t, err)
-	require.Len(t, policies, 4)
+	require.Len(t, policies, 5)
 	require.NotEqual(t, 0, qm.LastIndex)
 	require.True(t, qm.KnownLeader)
 
@@ -233,6 +233,11 @@ func TestAPI_ACLPolicy_List(t *testing.T) {
 	policy4, ok := policyMap["00000000-0000-0000-0000-000000000001"]
 	require.True(t, ok)
 	require.NotNil(t, policy4)
+
+	// make sure the 5th policy is the global read-only
+	policy5, ok := policyMap["00000000-0000-0000-0000-000000000002"]
+	require.True(t, ok)
+	require.NotNil(t, policy5)
 }
 
 func prepTokenPolicies(t *testing.T, acl *ACL) (policies []*ACLPolicy) {
diff --git a/website/content/docs/security/acl/acl-policies.mdx b/website/content/docs/security/acl/acl-policies.mdx
index f5d005ffbb50..e1583f250a29 100644
--- a/website/content/docs/security/acl/acl-policies.mdx
+++ b/website/content/docs/security/acl/acl-policies.mdx
@@ -391,7 +391,11 @@ New installations of Consul ship with the following built-in policies.
 
 ### Global Management
 
-The `global-management` policy grants unrestricted privileges to any token linked to it. The policy is assigned the reserved ID of `00000000-0000-0000-0000-000000000001`. You can rename the global management policy, but Consul will prevent you from modifying any other attributes, including the rule set and datacenter scope.
+The `global-management` policy grants unrestricted privileges to any token linked to it. The policy is assigned the reserved ID of `00000000-0000-0000-0000-000000000001`. You can rename the global management policy, but Consul prevents you from modifying any other attributes, including the rule set and datacenter scope.
+
+### Global Read-Only
+
+The `builtin/global-read-only` policy grants unrestricted _read-only_ privileges to any token linked to it. The policy is assigned the reserved ID of `00000000-0000-0000-0000-000000000002`. You can rename the global read-only policy, but Consul prevents you from modifying any other attributes, including the rule set and datacenter scope.
 
 ### Namespace Management <EnterpriseAlert inline />
 

From e459399e395f85be9144680958be2802fe9ae057 Mon Sep 17 00:00:00 2001
From: Nitya Dhanushkodi <nitya@hashicorp.com>
Date: Tue, 1 Aug 2023 10:35:17 -0700
Subject: [PATCH 237/359] [NET-5121] proxystate: move protos to subdirectory to
 avoid conflicts (#18335)

* also makes a few protos updates
---
 .../pbmesh/v1alpha1/access_logs.pb.go         |  319 ----
 proto-public/pbmesh/v1alpha1/address.pb.go    |  173 ---
 proto-public/pbmesh/v1alpha1/address.proto    |   11 -
 proto-public/pbmesh/v1alpha1/endpoints.pb.go  |  390 -----
 .../pbmesh/v1alpha1/escape_hatches.pb.go      |  167 ---
 .../pbmesh/v1alpha1/header_mutations.pb.go    |  681 ---------
 proto-public/pbmesh/v1alpha1/intentions.pb.go |  206 ---
 proto-public/pbmesh/v1alpha1/listener.pb.go   | 1174 ---------------
 .../access_logs.pb.binary.go                  |    4 +-
 .../v1alpha1/pbproxystate/access_logs.pb.go   |  325 ++++
 .../{ => pbproxystate}/access_logs.proto      |    2 +-
 .../{ => pbproxystate}/address.pb.binary.go   |   14 +-
 .../v1alpha1/pbproxystate/address.pb.go       |  254 ++++
 .../v1alpha1/pbproxystate/address.proto       |   20 +
 .../{ => pbproxystate}/cluster.pb.binary.go   |   14 +-
 .../v1alpha1/{ => pbproxystate}/cluster.pb.go | 1311 +++++++++--------
 .../v1alpha1/{ => pbproxystate}/cluster.proto |   41 +-
 .../{ => pbproxystate}/endpoints.pb.binary.go |    4 +-
 .../v1alpha1/pbproxystate/endpoints.pb.go     |  386 +++++
 .../{ => pbproxystate}/endpoints.proto        |    9 +-
 .../escape_hatches.pb.binary.go               |    4 +-
 .../pbproxystate/escape_hatches.pb.go         |  173 +++
 .../{ => pbproxystate}/escape_hatches.proto   |    2 +-
 .../header_mutations.pb.binary.go             |    4 +-
 .../pbproxystate/header_mutations.pb.go       |  693 +++++++++
 .../{ => pbproxystate}/header_mutations.proto |    2 +-
 .../intentions.pb.binary.go                   |    4 +-
 .../v1alpha1/pbproxystate/intentions.pb.go    |  211 +++
 .../{ => pbproxystate}/intentions.proto       |    2 +-
 .../{ => pbproxystate}/listener.pb.binary.go  |    4 +-
 .../v1alpha1/pbproxystate/listener.pb.go      | 1269 ++++++++++++++++
 .../{ => pbproxystate}/listener.proto         |   29 +-
 .../references.pb.binary.go                   |    4 +-
 .../v1alpha1/pbproxystate/references.pb.go    |  371 +++++
 .../{ => pbproxystate}/references.proto       |    2 +-
 .../{ => pbproxystate}/route.pb.binary.go     |    4 +-
 .../v1alpha1/{ => pbproxystate}/route.pb.go   |  754 +++++-----
 .../v1alpha1/{ => pbproxystate}/route.proto   |   10 +-
 .../transport_socket.pb.binary.go             |    4 +-
 .../{ => pbproxystate}/transport_socket.pb.go |  713 ++++-----
 .../{ => pbproxystate}/transport_socket.proto |    7 +-
 .../pbmesh/v1alpha1/proxy_state.pb.go         |  489 +++---
 .../pbmesh/v1alpha1/proxy_state.proto         |   44 +-
 proto-public/pbmesh/v1alpha1/references.pb.go |  365 -----
 44 files changed, 5503 insertions(+), 5166 deletions(-)
 delete mode 100644 proto-public/pbmesh/v1alpha1/access_logs.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/address.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/address.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/endpoints.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/escape_hatches.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/header_mutations.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/intentions.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/listener.pb.go
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/access_logs.pb.binary.go (83%)
 create mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/access_logs.proto (94%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/address.pb.binary.go (51%)
 create mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/cluster.pb.binary.go (95%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/cluster.pb.go (50%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/cluster.proto (82%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/endpoints.pb.binary.go (89%)
 create mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/endpoints.proto (67%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/escape_hatches.pb.binary.go (82%)
 create mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/escape_hatches.proto (81%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/header_mutations.pb.binary.go (95%)
 create mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/header_mutations.proto (95%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/intentions.pb.binary.go (89%)
 create mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/intentions.proto (72%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/listener.pb.binary.go (96%)
 create mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/listener.proto (83%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/references.pb.binary.go (92%)
 create mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/references.proto (91%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/route.pb.binary.go (98%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/route.pb.go (55%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/route.proto (93%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/transport_socket.pb.binary.go (97%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/transport_socket.pb.go (52%)
 rename proto-public/pbmesh/v1alpha1/{ => pbproxystate}/transport_socket.proto (91%)
 delete mode 100644 proto-public/pbmesh/v1alpha1/references.pb.go

diff --git a/proto-public/pbmesh/v1alpha1/access_logs.pb.go b/proto-public/pbmesh/v1alpha1/access_logs.pb.go
deleted file mode 100644
index e12349e92e41..000000000000
--- a/proto-public/pbmesh/v1alpha1/access_logs.pb.go
+++ /dev/null
@@ -1,319 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/access_logs.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type LogSinkType int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	LogSinkType_LOG_SINK_TYPE_DEFAULT LogSinkType = 0
-	LogSinkType_LOG_SINK_TYPE_FILE    LogSinkType = 1
-	LogSinkType_LOG_SINK_TYPE_STDERR  LogSinkType = 2
-	LogSinkType_LOG_SINK_TYPE_STDOUT  LogSinkType = 3
-)
-
-// Enum value maps for LogSinkType.
-var (
-	LogSinkType_name = map[int32]string{
-		0: "LOG_SINK_TYPE_DEFAULT",
-		1: "LOG_SINK_TYPE_FILE",
-		2: "LOG_SINK_TYPE_STDERR",
-		3: "LOG_SINK_TYPE_STDOUT",
-	}
-	LogSinkType_value = map[string]int32{
-		"LOG_SINK_TYPE_DEFAULT": 0,
-		"LOG_SINK_TYPE_FILE":    1,
-		"LOG_SINK_TYPE_STDERR":  2,
-		"LOG_SINK_TYPE_STDOUT":  3,
-	}
-)
-
-func (x LogSinkType) Enum() *LogSinkType {
-	p := new(LogSinkType)
-	*p = x
-	return p
-}
-
-func (x LogSinkType) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (LogSinkType) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_access_logs_proto_enumTypes[0].Descriptor()
-}
-
-func (LogSinkType) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_access_logs_proto_enumTypes[0]
-}
-
-func (x LogSinkType) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use LogSinkType.Descriptor instead.
-func (LogSinkType) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_access_logs_proto_rawDescGZIP(), []int{0}
-}
-
-type AccessLogs struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// enabled enables access logging.
-	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
-	// disable_listener_logs turns off just listener logs for connections rejected by Envoy because they don't
-	// have a matching listener filter.
-	DisableListenerLogs bool `protobuf:"varint,2,opt,name=disable_listener_logs,json=disableListenerLogs,proto3" json:"disable_listener_logs,omitempty"`
-	// type selects the output for logs: "file", "stderr". "stdout"
-	Type LogSinkType `protobuf:"varint,3,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.LogSinkType" json:"type,omitempty"`
-	// path is the output file to write logs
-	Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
-	// The presence of one format string or the other implies the access log string encoding.
-	// Defining both is invalid.
-	//
-	// Types that are assignable to Format:
-	//
-	//	*AccessLogs_Json
-	//	*AccessLogs_Text
-	Format isAccessLogs_Format `protobuf_oneof:"format"`
-}
-
-func (x *AccessLogs) Reset() {
-	*x = AccessLogs{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_access_logs_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AccessLogs) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AccessLogs) ProtoMessage() {}
-
-func (x *AccessLogs) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_access_logs_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AccessLogs.ProtoReflect.Descriptor instead.
-func (*AccessLogs) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_access_logs_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *AccessLogs) GetEnabled() bool {
-	if x != nil {
-		return x.Enabled
-	}
-	return false
-}
-
-func (x *AccessLogs) GetDisableListenerLogs() bool {
-	if x != nil {
-		return x.DisableListenerLogs
-	}
-	return false
-}
-
-func (x *AccessLogs) GetType() LogSinkType {
-	if x != nil {
-		return x.Type
-	}
-	return LogSinkType_LOG_SINK_TYPE_DEFAULT
-}
-
-func (x *AccessLogs) GetPath() string {
-	if x != nil {
-		return x.Path
-	}
-	return ""
-}
-
-func (m *AccessLogs) GetFormat() isAccessLogs_Format {
-	if m != nil {
-		return m.Format
-	}
-	return nil
-}
-
-func (x *AccessLogs) GetJson() string {
-	if x, ok := x.GetFormat().(*AccessLogs_Json); ok {
-		return x.Json
-	}
-	return ""
-}
-
-func (x *AccessLogs) GetText() string {
-	if x, ok := x.GetFormat().(*AccessLogs_Text); ok {
-		return x.Text
-	}
-	return ""
-}
-
-type isAccessLogs_Format interface {
-	isAccessLogs_Format()
-}
-
-type AccessLogs_Json struct {
-	Json string `protobuf:"bytes,5,opt,name=json,proto3,oneof"`
-}
-
-type AccessLogs_Text struct {
-	Text string `protobuf:"bytes,6,opt,name=text,proto3,oneof"`
-}
-
-func (*AccessLogs_Json) isAccessLogs_Format() {}
-
-func (*AccessLogs_Text) isAccessLogs_Format() {}
-
-var File_pbmesh_v1alpha1_access_logs_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_access_logs_proto_rawDesc = []byte{
-	0x0a, 0x21, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x22, 0xe5, 0x01, 0x0a, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f,
-	0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x32, 0x0a, 0x15,
-	0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
-	0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x64, 0x69, 0x73,
-	0x61, 0x62, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x73,
-	0x12, 0x3f, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70,
-	0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x14, 0x0a, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x05, 0x20,
-	0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x04, 0x6a, 0x73, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x04, 0x74,
-	0x65, 0x78, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x04, 0x74, 0x65, 0x78,
-	0x74, 0x42, 0x08, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x2a, 0x74, 0x0a, 0x0b, 0x4c,
-	0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x15, 0x4c, 0x4f,
-	0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41,
-	0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e,
-	0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x18, 0x0a,
-	0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53,
-	0x54, 0x44, 0x45, 0x52, 0x52, 0x10, 0x02, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53,
-	0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x4f, 0x55, 0x54, 0x10,
-	0x03, 0x42, 0x97, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73,
-	0x4c, 0x6f, 0x67, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74,
-	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70,
-	0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68,
-	0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
-	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
-	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d,
-	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73,
-	0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_access_logs_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_access_logs_proto_rawDescData = file_pbmesh_v1alpha1_access_logs_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_access_logs_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_access_logs_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_access_logs_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_access_logs_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_access_logs_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_access_logs_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbmesh_v1alpha1_access_logs_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_pbmesh_v1alpha1_access_logs_proto_goTypes = []interface{}{
-	(LogSinkType)(0),   // 0: hashicorp.consul.mesh.v1alpha1.LogSinkType
-	(*AccessLogs)(nil), // 1: hashicorp.consul.mesh.v1alpha1.AccessLogs
-}
-var file_pbmesh_v1alpha1_access_logs_proto_depIdxs = []int32{
-	0, // 0: hashicorp.consul.mesh.v1alpha1.AccessLogs.type:type_name -> hashicorp.consul.mesh.v1alpha1.LogSinkType
-	1, // [1:1] is the sub-list for method output_type
-	1, // [1:1] is the sub-list for method input_type
-	1, // [1:1] is the sub-list for extension type_name
-	1, // [1:1] is the sub-list for extension extendee
-	0, // [0:1] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_access_logs_proto_init() }
-func file_pbmesh_v1alpha1_access_logs_proto_init() {
-	if File_pbmesh_v1alpha1_access_logs_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_access_logs_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AccessLogs); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_access_logs_proto_msgTypes[0].OneofWrappers = []interface{}{
-		(*AccessLogs_Json)(nil),
-		(*AccessLogs_Text)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_access_logs_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   1,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_access_logs_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_access_logs_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_access_logs_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_access_logs_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_access_logs_proto = out.File
-	file_pbmesh_v1alpha1_access_logs_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_access_logs_proto_goTypes = nil
-	file_pbmesh_v1alpha1_access_logs_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/address.pb.go b/proto-public/pbmesh/v1alpha1/address.pb.go
deleted file mode 100644
index 8fd8d704806e..000000000000
--- a/proto-public/pbmesh/v1alpha1/address.pb.go
+++ /dev/null
@@ -1,173 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/address.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type HostPortAddress struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
-	Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
-}
-
-func (x *HostPortAddress) Reset() {
-	*x = HostPortAddress{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_address_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HostPortAddress) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HostPortAddress) ProtoMessage() {}
-
-func (x *HostPortAddress) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_address_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HostPortAddress.ProtoReflect.Descriptor instead.
-func (*HostPortAddress) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_address_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *HostPortAddress) GetHost() string {
-	if x != nil {
-		return x.Host
-	}
-	return ""
-}
-
-func (x *HostPortAddress) GetPort() uint32 {
-	if x != nil {
-		return x.Port
-	}
-	return 0
-}
-
-var File_pbmesh_v1alpha1_address_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_address_proto_rawDesc = []byte{
-	0x0a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
-	0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22,
-	0x39, 0x0a, 0x0f, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65,
-	0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x94, 0x02, 0x0a, 0x22, 0x63,
-	0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x42, 0x0c, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
-	0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65,
-	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02,
-	0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca,
-	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21,
-	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_address_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_address_proto_rawDescData = file_pbmesh_v1alpha1_address_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_address_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_address_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_address_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_address_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_address_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_address_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_pbmesh_v1alpha1_address_proto_goTypes = []interface{}{
-	(*HostPortAddress)(nil), // 0: hashicorp.consul.mesh.v1alpha1.HostPortAddress
-}
-var file_pbmesh_v1alpha1_address_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_address_proto_init() }
-func file_pbmesh_v1alpha1_address_proto_init() {
-	if File_pbmesh_v1alpha1_address_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_address_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HostPortAddress); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_address_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   1,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_address_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_address_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_address_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_address_proto = out.File
-	file_pbmesh_v1alpha1_address_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_address_proto_goTypes = nil
-	file_pbmesh_v1alpha1_address_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/address.proto b/proto-public/pbmesh/v1alpha1/address.proto
deleted file mode 100644
index 23e59c95ab7a..000000000000
--- a/proto-public/pbmesh/v1alpha1/address.proto
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1;
-
-message HostPortAddress {
-  string host = 1;
-  uint32 port = 2;
-}
diff --git a/proto-public/pbmesh/v1alpha1/endpoints.pb.go b/proto-public/pbmesh/v1alpha1/endpoints.pb.go
deleted file mode 100644
index a08e93e503f4..000000000000
--- a/proto-public/pbmesh/v1alpha1/endpoints.pb.go
+++ /dev/null
@@ -1,390 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/endpoints.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type HealthStatus int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	HealthStatus_HEALTH_STATUS_UNKNOWN   HealthStatus = 0
-	HealthStatus_HEALTH_STATUS_HEALTHY   HealthStatus = 1
-	HealthStatus_HEALTH_STATUS_UNHEALTHY HealthStatus = 2
-)
-
-// Enum value maps for HealthStatus.
-var (
-	HealthStatus_name = map[int32]string{
-		0: "HEALTH_STATUS_UNKNOWN",
-		1: "HEALTH_STATUS_HEALTHY",
-		2: "HEALTH_STATUS_UNHEALTHY",
-	}
-	HealthStatus_value = map[string]int32{
-		"HEALTH_STATUS_UNKNOWN":   0,
-		"HEALTH_STATUS_HEALTHY":   1,
-		"HEALTH_STATUS_UNHEALTHY": 2,
-	}
-)
-
-func (x HealthStatus) Enum() *HealthStatus {
-	p := new(HealthStatus)
-	*p = x
-	return p
-}
-
-func (x HealthStatus) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (HealthStatus) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_endpoints_proto_enumTypes[0].Descriptor()
-}
-
-func (HealthStatus) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_endpoints_proto_enumTypes[0]
-}
-
-func (x HealthStatus) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use HealthStatus.Descriptor instead.
-func (HealthStatus) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_endpoints_proto_rawDescGZIP(), []int{0}
-}
-
-type Endpoints struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name is the name of the Endpoints. This should match the cluster name.
-	Name      string      `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Endpoints []*Endpoint `protobuf:"bytes,2,rep,name=endpoints,proto3" json:"endpoints,omitempty"`
-}
-
-func (x *Endpoints) Reset() {
-	*x = Endpoints{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_endpoints_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Endpoints) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Endpoints) ProtoMessage() {}
-
-func (x *Endpoints) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_endpoints_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Endpoints.ProtoReflect.Descriptor instead.
-func (*Endpoints) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_endpoints_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Endpoints) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *Endpoints) GetEndpoints() []*Endpoint {
-	if x != nil {
-		return x.Endpoints
-	}
-	return nil
-}
-
-type Endpoint struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Types that are assignable to Address:
-	//
-	//	*Endpoint_HostPort
-	//	*Endpoint_UnixSocket
-	Address             isEndpoint_Address      `protobuf_oneof:"address"`
-	HealthStatus        HealthStatus            `protobuf:"varint,3,opt,name=health_status,json=healthStatus,proto3,enum=hashicorp.consul.mesh.v1alpha1.HealthStatus" json:"health_status,omitempty"`
-	LoadBalancingWeight *wrapperspb.UInt32Value `protobuf:"bytes,4,opt,name=load_balancing_weight,json=loadBalancingWeight,proto3" json:"load_balancing_weight,omitempty"`
-}
-
-func (x *Endpoint) Reset() {
-	*x = Endpoint{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_endpoints_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Endpoint) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Endpoint) ProtoMessage() {}
-
-func (x *Endpoint) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_endpoints_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Endpoint.ProtoReflect.Descriptor instead.
-func (*Endpoint) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_endpoints_proto_rawDescGZIP(), []int{1}
-}
-
-func (m *Endpoint) GetAddress() isEndpoint_Address {
-	if m != nil {
-		return m.Address
-	}
-	return nil
-}
-
-func (x *Endpoint) GetHostPort() *HostPortAddress {
-	if x, ok := x.GetAddress().(*Endpoint_HostPort); ok {
-		return x.HostPort
-	}
-	return nil
-}
-
-func (x *Endpoint) GetUnixSocket() *UnixSocketAddress {
-	if x, ok := x.GetAddress().(*Endpoint_UnixSocket); ok {
-		return x.UnixSocket
-	}
-	return nil
-}
-
-func (x *Endpoint) GetHealthStatus() HealthStatus {
-	if x != nil {
-		return x.HealthStatus
-	}
-	return HealthStatus_HEALTH_STATUS_UNKNOWN
-}
-
-func (x *Endpoint) GetLoadBalancingWeight() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.LoadBalancingWeight
-	}
-	return nil
-}
-
-type isEndpoint_Address interface {
-	isEndpoint_Address()
-}
-
-type Endpoint_HostPort struct {
-	HostPort *HostPortAddress `protobuf:"bytes,1,opt,name=host_port,json=hostPort,proto3,oneof"`
-}
-
-type Endpoint_UnixSocket struct {
-	UnixSocket *UnixSocketAddress `protobuf:"bytes,2,opt,name=unix_socket,json=unixSocket,proto3,oneof"`
-}
-
-func (*Endpoint_HostPort) isEndpoint_Address() {}
-
-func (*Endpoint_UnixSocket) isEndpoint_Address() {}
-
-var File_pbmesh_v1alpha1_endpoints_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_endpoints_proto_rawDesc = []byte{
-	0x0a, 0x1f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x1a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x1a, 0x1f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x22, 0x67, 0x0a, 0x09, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x12,
-	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x12, 0x46, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18,
-	0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52,
-	0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x22, 0xe0, 0x02, 0x0a, 0x08, 0x45,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x4e, 0x0a, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x5f,
-	0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x6f, 0x73, 0x74,
-	0x50, 0x6f, 0x72, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x08, 0x68,
-	0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x54, 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f,
-	0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e,
-	0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48,
-	0x00, 0x52, 0x0a, 0x75, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x51, 0x0a,
-	0x0d, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x52, 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x12, 0x50, 0x0a, 0x15, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69,
-	0x6e, 0x67, 0x5f, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x13, 0x6c,
-	0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x57, 0x65, 0x69, 0x67,
-	0x68, 0x74, 0x42, 0x09, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2a, 0x61, 0x0a,
-	0x0c, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x19, 0x0a,
-	0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55,
-	0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c,
-	0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48,
-	0x59, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54,
-	0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x59, 0x10, 0x02,
-	0x42, 0x96, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e,
-	0x74, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75,
-	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62,
-	0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
-	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
-	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
-	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_endpoints_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_endpoints_proto_rawDescData = file_pbmesh_v1alpha1_endpoints_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_endpoints_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_endpoints_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_endpoints_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_endpoints_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_endpoints_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_endpoints_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbmesh_v1alpha1_endpoints_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
-var file_pbmesh_v1alpha1_endpoints_proto_goTypes = []interface{}{
-	(HealthStatus)(0),              // 0: hashicorp.consul.mesh.v1alpha1.HealthStatus
-	(*Endpoints)(nil),              // 1: hashicorp.consul.mesh.v1alpha1.Endpoints
-	(*Endpoint)(nil),               // 2: hashicorp.consul.mesh.v1alpha1.Endpoint
-	(*HostPortAddress)(nil),        // 3: hashicorp.consul.mesh.v1alpha1.HostPortAddress
-	(*UnixSocketAddress)(nil),      // 4: hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
-	(*wrapperspb.UInt32Value)(nil), // 5: google.protobuf.UInt32Value
-}
-var file_pbmesh_v1alpha1_endpoints_proto_depIdxs = []int32{
-	2, // 0: hashicorp.consul.mesh.v1alpha1.Endpoints.endpoints:type_name -> hashicorp.consul.mesh.v1alpha1.Endpoint
-	3, // 1: hashicorp.consul.mesh.v1alpha1.Endpoint.host_port:type_name -> hashicorp.consul.mesh.v1alpha1.HostPortAddress
-	4, // 2: hashicorp.consul.mesh.v1alpha1.Endpoint.unix_socket:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
-	0, // 3: hashicorp.consul.mesh.v1alpha1.Endpoint.health_status:type_name -> hashicorp.consul.mesh.v1alpha1.HealthStatus
-	5, // 4: hashicorp.consul.mesh.v1alpha1.Endpoint.load_balancing_weight:type_name -> google.protobuf.UInt32Value
-	5, // [5:5] is the sub-list for method output_type
-	5, // [5:5] is the sub-list for method input_type
-	5, // [5:5] is the sub-list for extension type_name
-	5, // [5:5] is the sub-list for extension extendee
-	0, // [0:5] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_endpoints_proto_init() }
-func file_pbmesh_v1alpha1_endpoints_proto_init() {
-	if File_pbmesh_v1alpha1_endpoints_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_address_proto_init()
-	file_pbmesh_v1alpha1_upstreams_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_endpoints_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Endpoints); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_endpoints_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Endpoint); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_endpoints_proto_msgTypes[1].OneofWrappers = []interface{}{
-		(*Endpoint_HostPort)(nil),
-		(*Endpoint_UnixSocket)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_endpoints_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   2,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_endpoints_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_endpoints_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_endpoints_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_endpoints_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_endpoints_proto = out.File
-	file_pbmesh_v1alpha1_endpoints_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_endpoints_proto_goTypes = nil
-	file_pbmesh_v1alpha1_endpoints_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/escape_hatches.pb.go b/proto-public/pbmesh/v1alpha1/escape_hatches.pb.go
deleted file mode 100644
index 290616f625e8..000000000000
--- a/proto-public/pbmesh/v1alpha1/escape_hatches.pb.go
+++ /dev/null
@@ -1,167 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/escape_hatches.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type EscapeHatches struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// listener_tracing_json contains user provided tracing configuration.
-	ListenerTracingJson string `protobuf:"bytes,1,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"`
-}
-
-func (x *EscapeHatches) Reset() {
-	*x = EscapeHatches{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_escape_hatches_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *EscapeHatches) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*EscapeHatches) ProtoMessage() {}
-
-func (x *EscapeHatches) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_escape_hatches_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use EscapeHatches.ProtoReflect.Descriptor instead.
-func (*EscapeHatches) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_escape_hatches_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *EscapeHatches) GetListenerTracingJson() string {
-	if x != nil {
-		return x.ListenerTracingJson
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_escape_hatches_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_escape_hatches_proto_rawDesc = []byte{
-	0x0a, 0x24, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0x43, 0x0a, 0x0d, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65,
-	0x48, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65,
-	0x6e, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
-	0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x42, 0x9a, 0x02, 0x0a, 0x22,
-	0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x42, 0x12, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x65,
-	0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c,
-	0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2,
-	0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
-	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_escape_hatches_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_escape_hatches_proto_rawDescData = file_pbmesh_v1alpha1_escape_hatches_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_escape_hatches_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_escape_hatches_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_escape_hatches_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_escape_hatches_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_escape_hatches_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_escape_hatches_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_pbmesh_v1alpha1_escape_hatches_proto_goTypes = []interface{}{
-	(*EscapeHatches)(nil), // 0: hashicorp.consul.mesh.v1alpha1.EscapeHatches
-}
-var file_pbmesh_v1alpha1_escape_hatches_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_escape_hatches_proto_init() }
-func file_pbmesh_v1alpha1_escape_hatches_proto_init() {
-	if File_pbmesh_v1alpha1_escape_hatches_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_escape_hatches_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EscapeHatches); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_escape_hatches_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   1,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_escape_hatches_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_escape_hatches_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_escape_hatches_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_escape_hatches_proto = out.File
-	file_pbmesh_v1alpha1_escape_hatches_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_escape_hatches_proto_goTypes = nil
-	file_pbmesh_v1alpha1_escape_hatches_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/header_mutations.pb.go b/proto-public/pbmesh/v1alpha1/header_mutations.pb.go
deleted file mode 100644
index 28d8fbe020e3..000000000000
--- a/proto-public/pbmesh/v1alpha1/header_mutations.pb.go
+++ /dev/null
@@ -1,681 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/header_mutations.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type AppendAction int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD    AppendAction = 0
-	AppendAction_APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD AppendAction = 1
-)
-
-// Enum value maps for AppendAction.
-var (
-	AppendAction_name = map[int32]string{
-		0: "APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD",
-		1: "APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD",
-	}
-	AppendAction_value = map[string]int32{
-		"APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD":    0,
-		"APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD": 1,
-	}
-)
-
-func (x AppendAction) Enum() *AppendAction {
-	p := new(AppendAction)
-	*p = x
-	return p
-}
-
-func (x AppendAction) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (AppendAction) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_header_mutations_proto_enumTypes[0].Descriptor()
-}
-
-func (AppendAction) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_header_mutations_proto_enumTypes[0]
-}
-
-func (x AppendAction) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use AppendAction.Descriptor instead.
-func (AppendAction) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{0}
-}
-
-// Note: it's nice to have this list of header mutations as opposed to configuration similar to Envoy because it
-// translates more nicely from GAMMA HTTPRoute, and our existing service router config. Then xds code can handle turning
-// it into envoy xds.
-type HeaderMutation struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Types that are assignable to Action:
-	//
-	//	*HeaderMutation_RequestHeaderAdd
-	//	*HeaderMutation_RequestHeaderRemove
-	//	*HeaderMutation_ResponseHeaderAdd
-	//	*HeaderMutation_ResponseHeaderRemove
-	Action isHeaderMutation_Action `protobuf_oneof:"action"`
-}
-
-func (x *HeaderMutation) Reset() {
-	*x = HeaderMutation{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HeaderMutation) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HeaderMutation) ProtoMessage() {}
-
-func (x *HeaderMutation) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HeaderMutation.ProtoReflect.Descriptor instead.
-func (*HeaderMutation) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{0}
-}
-
-func (m *HeaderMutation) GetAction() isHeaderMutation_Action {
-	if m != nil {
-		return m.Action
-	}
-	return nil
-}
-
-func (x *HeaderMutation) GetRequestHeaderAdd() *RequestHeaderAdd {
-	if x, ok := x.GetAction().(*HeaderMutation_RequestHeaderAdd); ok {
-		return x.RequestHeaderAdd
-	}
-	return nil
-}
-
-func (x *HeaderMutation) GetRequestHeaderRemove() *RequestHeaderRemove {
-	if x, ok := x.GetAction().(*HeaderMutation_RequestHeaderRemove); ok {
-		return x.RequestHeaderRemove
-	}
-	return nil
-}
-
-func (x *HeaderMutation) GetResponseHeaderAdd() *ResponseHeaderAdd {
-	if x, ok := x.GetAction().(*HeaderMutation_ResponseHeaderAdd); ok {
-		return x.ResponseHeaderAdd
-	}
-	return nil
-}
-
-func (x *HeaderMutation) GetResponseHeaderRemove() *ResponseHeaderRemove {
-	if x, ok := x.GetAction().(*HeaderMutation_ResponseHeaderRemove); ok {
-		return x.ResponseHeaderRemove
-	}
-	return nil
-}
-
-type isHeaderMutation_Action interface {
-	isHeaderMutation_Action()
-}
-
-type HeaderMutation_RequestHeaderAdd struct {
-	RequestHeaderAdd *RequestHeaderAdd `protobuf:"bytes,1,opt,name=request_header_add,json=requestHeaderAdd,proto3,oneof"`
-}
-
-type HeaderMutation_RequestHeaderRemove struct {
-	RequestHeaderRemove *RequestHeaderRemove `protobuf:"bytes,2,opt,name=request_header_remove,json=requestHeaderRemove,proto3,oneof"`
-}
-
-type HeaderMutation_ResponseHeaderAdd struct {
-	ResponseHeaderAdd *ResponseHeaderAdd `protobuf:"bytes,3,opt,name=response_header_add,json=responseHeaderAdd,proto3,oneof"`
-}
-
-type HeaderMutation_ResponseHeaderRemove struct {
-	ResponseHeaderRemove *ResponseHeaderRemove `protobuf:"bytes,4,opt,name=response_header_remove,json=responseHeaderRemove,proto3,oneof"`
-}
-
-func (*HeaderMutation_RequestHeaderAdd) isHeaderMutation_Action() {}
-
-func (*HeaderMutation_RequestHeaderRemove) isHeaderMutation_Action() {}
-
-func (*HeaderMutation_ResponseHeaderAdd) isHeaderMutation_Action() {}
-
-func (*HeaderMutation_ResponseHeaderRemove) isHeaderMutation_Action() {}
-
-type RequestHeaderAdd struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Header       *Header      `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
-	AppendAction AppendAction `protobuf:"varint,2,opt,name=append_action,json=appendAction,proto3,enum=hashicorp.consul.mesh.v1alpha1.AppendAction" json:"append_action,omitempty"`
-}
-
-func (x *RequestHeaderAdd) Reset() {
-	*x = RequestHeaderAdd{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RequestHeaderAdd) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RequestHeaderAdd) ProtoMessage() {}
-
-func (x *RequestHeaderAdd) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RequestHeaderAdd.ProtoReflect.Descriptor instead.
-func (*RequestHeaderAdd) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *RequestHeaderAdd) GetHeader() *Header {
-	if x != nil {
-		return x.Header
-	}
-	return nil
-}
-
-func (x *RequestHeaderAdd) GetAppendAction() AppendAction {
-	if x != nil {
-		return x.AppendAction
-	}
-	return AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-}
-
-type RequestHeaderRemove struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	HeaderKeys []string `protobuf:"bytes,1,rep,name=header_keys,json=headerKeys,proto3" json:"header_keys,omitempty"`
-}
-
-func (x *RequestHeaderRemove) Reset() {
-	*x = RequestHeaderRemove{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RequestHeaderRemove) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RequestHeaderRemove) ProtoMessage() {}
-
-func (x *RequestHeaderRemove) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RequestHeaderRemove.ProtoReflect.Descriptor instead.
-func (*RequestHeaderRemove) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *RequestHeaderRemove) GetHeaderKeys() []string {
-	if x != nil {
-		return x.HeaderKeys
-	}
-	return nil
-}
-
-type ResponseHeaderAdd struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Header       *Header      `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
-	AppendAction AppendAction `protobuf:"varint,2,opt,name=append_action,json=appendAction,proto3,enum=hashicorp.consul.mesh.v1alpha1.AppendAction" json:"append_action,omitempty"`
-}
-
-func (x *ResponseHeaderAdd) Reset() {
-	*x = ResponseHeaderAdd{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ResponseHeaderAdd) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ResponseHeaderAdd) ProtoMessage() {}
-
-func (x *ResponseHeaderAdd) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ResponseHeaderAdd.ProtoReflect.Descriptor instead.
-func (*ResponseHeaderAdd) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *ResponseHeaderAdd) GetHeader() *Header {
-	if x != nil {
-		return x.Header
-	}
-	return nil
-}
-
-func (x *ResponseHeaderAdd) GetAppendAction() AppendAction {
-	if x != nil {
-		return x.AppendAction
-	}
-	return AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-}
-
-type ResponseHeaderRemove struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	HeaderKeys []string `protobuf:"bytes,1,rep,name=header_keys,json=headerKeys,proto3" json:"header_keys,omitempty"`
-}
-
-func (x *ResponseHeaderRemove) Reset() {
-	*x = ResponseHeaderRemove{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ResponseHeaderRemove) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ResponseHeaderRemove) ProtoMessage() {}
-
-func (x *ResponseHeaderRemove) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ResponseHeaderRemove.ProtoReflect.Descriptor instead.
-func (*ResponseHeaderRemove) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *ResponseHeaderRemove) GetHeaderKeys() []string {
-	if x != nil {
-		return x.HeaderKeys
-	}
-	return nil
-}
-
-type Header struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Key   string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
-	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
-}
-
-func (x *Header) Reset() {
-	*x = Header{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Header) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Header) ProtoMessage() {}
-
-func (x *Header) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Header.ProtoReflect.Descriptor instead.
-func (*Header) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *Header) GetKey() string {
-	if x != nil {
-		return x.Key
-	}
-	return ""
-}
-
-func (x *Header) GetValue() string {
-	if x != nil {
-		return x.Value
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_header_mutations_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_header_mutations_proto_rawDesc = []byte{
-	0x0a, 0x26, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0xba, 0x03, 0x0a, 0x0e, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x60, 0x0a, 0x12, 0x72,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x61, 0x64,
-	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x48, 0x00, 0x52, 0x10, 0x72, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x69, 0x0a,
-	0x15, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f,
-	0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76,
-	0x65, 0x48, 0x00, 0x52, 0x13, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x63, 0x0a, 0x13, 0x72, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x61, 0x64, 0x64, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x48, 0x00, 0x52, 0x11, 0x72, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x6c, 0x0a,
-	0x16, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d,
-	0x6f, 0x76, 0x65, 0x48, 0x00, 0x52, 0x14, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x42, 0x08, 0x0a, 0x06, 0x61,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xa5, 0x01, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x3e, 0x0a, 0x06, 0x68, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x51, 0x0a, 0x0d, 0x61, 0x70,
-	0x70, 0x65, 0x6e, 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x0c, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x36, 0x0a,
-	0x13, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65,
-	0x6d, 0x6f, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6b,
-	0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x68, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x4b, 0x65, 0x79, 0x73, 0x22, 0xa6, 0x01, 0x0a, 0x11, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x3e, 0x0a, 0x06, 0x68,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x51, 0x0a, 0x0d, 0x61,
-	0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x0c, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x37,
-	0x0a, 0x14, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x68, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x30, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
-	0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x2a, 0x67, 0x0a, 0x0c, 0x41, 0x70, 0x70,
-	0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x29, 0x0a, 0x25, 0x41, 0x50, 0x50,
-	0x45, 0x4e, 0x44, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x41, 0x50, 0x50, 0x45, 0x4e,
-	0x44, 0x5f, 0x49, 0x46, 0x5f, 0x45, 0x58, 0x49, 0x53, 0x54, 0x53, 0x5f, 0x4f, 0x52, 0x5f, 0x41,
-	0x44, 0x44, 0x10, 0x00, 0x12, 0x2c, 0x0a, 0x28, 0x41, 0x50, 0x50, 0x45, 0x4e, 0x44, 0x5f, 0x41,
-	0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x57, 0x52, 0x49, 0x54, 0x45, 0x5f,
-	0x49, 0x46, 0x5f, 0x45, 0x58, 0x49, 0x53, 0x54, 0x53, 0x5f, 0x4f, 0x52, 0x5f, 0x41, 0x44, 0x44,
-	0x10, 0x01, 0x42, 0x9c, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x14, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
-	0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65,
-	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02,
-	0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca,
-	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21,
-	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_header_mutations_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_header_mutations_proto_rawDescData = file_pbmesh_v1alpha1_header_mutations_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_header_mutations_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_header_mutations_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_header_mutations_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_header_mutations_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_header_mutations_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_header_mutations_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbmesh_v1alpha1_header_mutations_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
-var file_pbmesh_v1alpha1_header_mutations_proto_goTypes = []interface{}{
-	(AppendAction)(0),            // 0: hashicorp.consul.mesh.v1alpha1.AppendAction
-	(*HeaderMutation)(nil),       // 1: hashicorp.consul.mesh.v1alpha1.HeaderMutation
-	(*RequestHeaderAdd)(nil),     // 2: hashicorp.consul.mesh.v1alpha1.RequestHeaderAdd
-	(*RequestHeaderRemove)(nil),  // 3: hashicorp.consul.mesh.v1alpha1.RequestHeaderRemove
-	(*ResponseHeaderAdd)(nil),    // 4: hashicorp.consul.mesh.v1alpha1.ResponseHeaderAdd
-	(*ResponseHeaderRemove)(nil), // 5: hashicorp.consul.mesh.v1alpha1.ResponseHeaderRemove
-	(*Header)(nil),               // 6: hashicorp.consul.mesh.v1alpha1.Header
-}
-var file_pbmesh_v1alpha1_header_mutations_proto_depIdxs = []int32{
-	2, // 0: hashicorp.consul.mesh.v1alpha1.HeaderMutation.request_header_add:type_name -> hashicorp.consul.mesh.v1alpha1.RequestHeaderAdd
-	3, // 1: hashicorp.consul.mesh.v1alpha1.HeaderMutation.request_header_remove:type_name -> hashicorp.consul.mesh.v1alpha1.RequestHeaderRemove
-	4, // 2: hashicorp.consul.mesh.v1alpha1.HeaderMutation.response_header_add:type_name -> hashicorp.consul.mesh.v1alpha1.ResponseHeaderAdd
-	5, // 3: hashicorp.consul.mesh.v1alpha1.HeaderMutation.response_header_remove:type_name -> hashicorp.consul.mesh.v1alpha1.ResponseHeaderRemove
-	6, // 4: hashicorp.consul.mesh.v1alpha1.RequestHeaderAdd.header:type_name -> hashicorp.consul.mesh.v1alpha1.Header
-	0, // 5: hashicorp.consul.mesh.v1alpha1.RequestHeaderAdd.append_action:type_name -> hashicorp.consul.mesh.v1alpha1.AppendAction
-	6, // 6: hashicorp.consul.mesh.v1alpha1.ResponseHeaderAdd.header:type_name -> hashicorp.consul.mesh.v1alpha1.Header
-	0, // 7: hashicorp.consul.mesh.v1alpha1.ResponseHeaderAdd.append_action:type_name -> hashicorp.consul.mesh.v1alpha1.AppendAction
-	8, // [8:8] is the sub-list for method output_type
-	8, // [8:8] is the sub-list for method input_type
-	8, // [8:8] is the sub-list for extension type_name
-	8, // [8:8] is the sub-list for extension extendee
-	0, // [0:8] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_header_mutations_proto_init() }
-func file_pbmesh_v1alpha1_header_mutations_proto_init() {
-	if File_pbmesh_v1alpha1_header_mutations_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HeaderMutation); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RequestHeaderAdd); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RequestHeaderRemove); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ResponseHeaderAdd); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ResponseHeaderRemove); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Header); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_header_mutations_proto_msgTypes[0].OneofWrappers = []interface{}{
-		(*HeaderMutation_RequestHeaderAdd)(nil),
-		(*HeaderMutation_RequestHeaderRemove)(nil),
-		(*HeaderMutation_ResponseHeaderAdd)(nil),
-		(*HeaderMutation_ResponseHeaderRemove)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_header_mutations_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   6,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_header_mutations_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_header_mutations_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_header_mutations_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_header_mutations_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_header_mutations_proto = out.File
-	file_pbmesh_v1alpha1_header_mutations_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_header_mutations_proto_goTypes = nil
-	file_pbmesh_v1alpha1_header_mutations_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/intentions.pb.go b/proto-public/pbmesh/v1alpha1/intentions.pb.go
deleted file mode 100644
index 6920ab9b355a..000000000000
--- a/proto-public/pbmesh/v1alpha1/intentions.pb.go
+++ /dev/null
@@ -1,206 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/intentions.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type L7Intention struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-}
-
-func (x *L7Intention) Reset() {
-	*x = L7Intention{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_intentions_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L7Intention) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L7Intention) ProtoMessage() {}
-
-func (x *L7Intention) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_intentions_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L7Intention.ProtoReflect.Descriptor instead.
-func (*L7Intention) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_intentions_proto_rawDescGZIP(), []int{0}
-}
-
-type L4Intention struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-}
-
-func (x *L4Intention) Reset() {
-	*x = L4Intention{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_intentions_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L4Intention) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L4Intention) ProtoMessage() {}
-
-func (x *L4Intention) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_intentions_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L4Intention.ProtoReflect.Descriptor instead.
-func (*L4Intention) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_intentions_proto_rawDescGZIP(), []int{1}
-}
-
-var File_pbmesh_v1alpha1_intentions_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_intentions_proto_rawDesc = []byte{
-	0x0a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x22, 0x0d, 0x0a, 0x0b, 0x4c, 0x37, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f,
-	0x6e, 0x22, 0x0d, 0x0a, 0x0b, 0x4c, 0x34, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e,
-	0x42, 0x97, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68,
-	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75,
-	0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
-	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
-	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65,
-	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68,
-	0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_intentions_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_intentions_proto_rawDescData = file_pbmesh_v1alpha1_intentions_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_intentions_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_intentions_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_intentions_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_intentions_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_intentions_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_intentions_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
-var file_pbmesh_v1alpha1_intentions_proto_goTypes = []interface{}{
-	(*L7Intention)(nil), // 0: hashicorp.consul.mesh.v1alpha1.L7Intention
-	(*L4Intention)(nil), // 1: hashicorp.consul.mesh.v1alpha1.L4Intention
-}
-var file_pbmesh_v1alpha1_intentions_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_intentions_proto_init() }
-func file_pbmesh_v1alpha1_intentions_proto_init() {
-	if File_pbmesh_v1alpha1_intentions_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_intentions_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L7Intention); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_intentions_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L4Intention); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_intentions_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   2,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_intentions_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_intentions_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_intentions_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_intentions_proto = out.File
-	file_pbmesh_v1alpha1_intentions_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_intentions_proto_goTypes = nil
-	file_pbmesh_v1alpha1_intentions_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/listener.pb.go b/proto-public/pbmesh/v1alpha1/listener.pb.go
deleted file mode 100644
index d475ad8acad3..000000000000
--- a/proto-public/pbmesh/v1alpha1/listener.pb.go
+++ /dev/null
@@ -1,1174 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/listener.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type Direction int32
-
-const (
-	// DIRECTION_UNSPECIFIED is used by mesh gateway listeners.
-	Direction_DIRECTION_UNSPECIFIED Direction = 0
-	Direction_DIRECTION_INBOUND     Direction = 1
-	Direction_DIRECTION_OUTBOUND    Direction = 2
-)
-
-// Enum value maps for Direction.
-var (
-	Direction_name = map[int32]string{
-		0: "DIRECTION_UNSPECIFIED",
-		1: "DIRECTION_INBOUND",
-		2: "DIRECTION_OUTBOUND",
-	}
-	Direction_value = map[string]int32{
-		"DIRECTION_UNSPECIFIED": 0,
-		"DIRECTION_INBOUND":     1,
-		"DIRECTION_OUTBOUND":    2,
-	}
-)
-
-func (x Direction) Enum() *Direction {
-	p := new(Direction)
-	*p = x
-	return p
-}
-
-func (x Direction) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (Direction) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_listener_proto_enumTypes[0].Descriptor()
-}
-
-func (Direction) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_listener_proto_enumTypes[0]
-}
-
-func (x Direction) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use Direction.Descriptor instead.
-func (Direction) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{0}
-}
-
-// Capabilities map to proxy functionality to enable. These enable tproxy, l7 protocol/alpn inspection, or l4 sni/alpn inspection.
-type Capability int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	Capability_CAPABILITY_TRANSPARENT            Capability = 0
-	Capability_CAPABILITY_L7_PROTOCOL_INSPECTION Capability = 1
-	Capability_CAPABILITY_L4_TLS_INSPECTION      Capability = 2
-)
-
-// Enum value maps for Capability.
-var (
-	Capability_name = map[int32]string{
-		0: "CAPABILITY_TRANSPARENT",
-		1: "CAPABILITY_L7_PROTOCOL_INSPECTION",
-		2: "CAPABILITY_L4_TLS_INSPECTION",
-	}
-	Capability_value = map[string]int32{
-		"CAPABILITY_TRANSPARENT":            0,
-		"CAPABILITY_L7_PROTOCOL_INSPECTION": 1,
-		"CAPABILITY_L4_TLS_INSPECTION":      2,
-	}
-)
-
-func (x Capability) Enum() *Capability {
-	p := new(Capability)
-	*p = x
-	return p
-}
-
-func (x Capability) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (Capability) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_listener_proto_enumTypes[1].Descriptor()
-}
-
-func (Capability) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_listener_proto_enumTypes[1]
-}
-
-func (x Capability) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use Capability.Descriptor instead.
-func (Capability) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{1}
-}
-
-type L7Protocol int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	L7Protocol_L7_PROTOCOL_HTTP  L7Protocol = 0
-	L7Protocol_L7_PROTOCOL_HTTP2 L7Protocol = 1
-	L7Protocol_L7_PROTOCOL_GRPC  L7Protocol = 2
-)
-
-// Enum value maps for L7Protocol.
-var (
-	L7Protocol_name = map[int32]string{
-		0: "L7_PROTOCOL_HTTP",
-		1: "L7_PROTOCOL_HTTP2",
-		2: "L7_PROTOCOL_GRPC",
-	}
-	L7Protocol_value = map[string]int32{
-		"L7_PROTOCOL_HTTP":  0,
-		"L7_PROTOCOL_HTTP2": 1,
-		"L7_PROTOCOL_GRPC":  2,
-	}
-)
-
-func (x L7Protocol) Enum() *L7Protocol {
-	p := new(L7Protocol)
-	*p = x
-	return p
-}
-
-func (x L7Protocol) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (L7Protocol) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_listener_proto_enumTypes[2].Descriptor()
-}
-
-func (L7Protocol) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_listener_proto_enumTypes[2]
-}
-
-func (x L7Protocol) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use L7Protocol.Descriptor instead.
-func (L7Protocol) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{2}
-}
-
-type Listener struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name is the name of the listener.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// direction tells the listener the direction of traffic.
-	Direction Direction `protobuf:"varint,2,opt,name=direction,proto3,enum=hashicorp.consul.mesh.v1alpha1.Direction" json:"direction,omitempty"`
-	// bind_address describes where to listen.
-	//
-	// Types that are assignable to BindAddress:
-	//
-	//	*Listener_IpPort
-	//	*Listener_UnixSocket
-	BindAddress isListener_BindAddress `protobuf_oneof:"bind_address"`
-	// routers describes how to route traffic from this listener.
-	Routers []*Router `protobuf:"bytes,5,rep,name=routers,proto3" json:"routers,omitempty"`
-	// default_router describes where to route if none of the other router matches match the connection.
-	DefaultRouter *Router `protobuf:"bytes,6,opt,name=default_router,json=defaultRouter,proto3" json:"default_router,omitempty"`
-	// capabilities describe Envoy proxy functionality to enable. These map closely to Envoy listener filters.
-	Capabilities []Capability `protobuf:"varint,7,rep,packed,name=capabilities,proto3,enum=hashicorp.consul.mesh.v1alpha1.Capability" json:"capabilities,omitempty"`
-	// balance_connections configures how the listener should balance connections.
-	BalanceConnections BalanceConnections `protobuf:"varint,8,opt,name=balance_connections,json=balanceConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceConnections" json:"balance_connections,omitempty"`
-	// escape_hatch_listener_json configures a user configured escape hatch listener.
-	EscapeHatchListener string `protobuf:"bytes,9,opt,name=escape_hatch_listener,json=escapeHatchListener,proto3" json:"escape_hatch_listener,omitempty"`
-	// use_escape_hatch_tracing configures whether to use the top level user configured tracing escape hatch for this listener.
-	UseEscapeHatchTracing bool `protobuf:"varint,10,opt,name=use_escape_hatch_tracing,json=useEscapeHatchTracing,proto3" json:"use_escape_hatch_tracing,omitempty"`
-}
-
-func (x *Listener) Reset() {
-	*x = Listener{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Listener) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Listener) ProtoMessage() {}
-
-func (x *Listener) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Listener.ProtoReflect.Descriptor instead.
-func (*Listener) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Listener) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *Listener) GetDirection() Direction {
-	if x != nil {
-		return x.Direction
-	}
-	return Direction_DIRECTION_UNSPECIFIED
-}
-
-func (m *Listener) GetBindAddress() isListener_BindAddress {
-	if m != nil {
-		return m.BindAddress
-	}
-	return nil
-}
-
-func (x *Listener) GetIpPort() *IPPortAddress {
-	if x, ok := x.GetBindAddress().(*Listener_IpPort); ok {
-		return x.IpPort
-	}
-	return nil
-}
-
-func (x *Listener) GetUnixSocket() *UnixSocketAddress {
-	if x, ok := x.GetBindAddress().(*Listener_UnixSocket); ok {
-		return x.UnixSocket
-	}
-	return nil
-}
-
-func (x *Listener) GetRouters() []*Router {
-	if x != nil {
-		return x.Routers
-	}
-	return nil
-}
-
-func (x *Listener) GetDefaultRouter() *Router {
-	if x != nil {
-		return x.DefaultRouter
-	}
-	return nil
-}
-
-func (x *Listener) GetCapabilities() []Capability {
-	if x != nil {
-		return x.Capabilities
-	}
-	return nil
-}
-
-func (x *Listener) GetBalanceConnections() BalanceConnections {
-	if x != nil {
-		return x.BalanceConnections
-	}
-	return BalanceConnections_BALANCE_CONNECTIONS_DEFAULT
-}
-
-func (x *Listener) GetEscapeHatchListener() string {
-	if x != nil {
-		return x.EscapeHatchListener
-	}
-	return ""
-}
-
-func (x *Listener) GetUseEscapeHatchTracing() bool {
-	if x != nil {
-		return x.UseEscapeHatchTracing
-	}
-	return false
-}
-
-type isListener_BindAddress interface {
-	isListener_BindAddress()
-}
-
-type Listener_IpPort struct {
-	IpPort *IPPortAddress `protobuf:"bytes,3,opt,name=ip_port,json=ipPort,proto3,oneof"`
-}
-
-type Listener_UnixSocket struct {
-	UnixSocket *UnixSocketAddress `protobuf:"bytes,4,opt,name=unix_socket,json=unixSocket,proto3,oneof"`
-}
-
-func (*Listener_IpPort) isListener_BindAddress() {}
-
-func (*Listener_UnixSocket) isListener_BindAddress() {}
-
-type Router struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// match specifies how to match traffic coming into this listener. If the traffic matches, it will be routed to the
-	// destination.
-	Match *Match `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"`
-	// Types that are assignable to Destination:
-	//
-	//	*Router_L4
-	//	*Router_L7
-	//	*Router_Sni
-	Destination isRouter_Destination `protobuf_oneof:"destination"`
-	// inbound_tls is used by inbound listeners that terminate TLS.
-	InboundTls *TransportSocket `protobuf:"bytes,5,opt,name=inbound_tls,json=inboundTls,proto3" json:"inbound_tls,omitempty"`
-}
-
-func (x *Router) Reset() {
-	*x = Router{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Router) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Router) ProtoMessage() {}
-
-func (x *Router) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Router.ProtoReflect.Descriptor instead.
-func (*Router) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *Router) GetMatch() *Match {
-	if x != nil {
-		return x.Match
-	}
-	return nil
-}
-
-func (m *Router) GetDestination() isRouter_Destination {
-	if m != nil {
-		return m.Destination
-	}
-	return nil
-}
-
-func (x *Router) GetL4() *L4Destination {
-	if x, ok := x.GetDestination().(*Router_L4); ok {
-		return x.L4
-	}
-	return nil
-}
-
-func (x *Router) GetL7() *L7Destination {
-	if x, ok := x.GetDestination().(*Router_L7); ok {
-		return x.L7
-	}
-	return nil
-}
-
-func (x *Router) GetSni() *SNIDestination {
-	if x, ok := x.GetDestination().(*Router_Sni); ok {
-		return x.Sni
-	}
-	return nil
-}
-
-func (x *Router) GetInboundTls() *TransportSocket {
-	if x != nil {
-		return x.InboundTls
-	}
-	return nil
-}
-
-type isRouter_Destination interface {
-	isRouter_Destination()
-}
-
-type Router_L4 struct {
-	// l4 is an l4 destination to route to, which will have a reference to a cluster.
-	L4 *L4Destination `protobuf:"bytes,2,opt,name=l4,proto3,oneof"`
-}
-
-type Router_L7 struct {
-	// l7 is an l7 destination to route to, which will have a reference to a route.
-	L7 *L7Destination `protobuf:"bytes,3,opt,name=l7,proto3,oneof"`
-}
-
-type Router_Sni struct {
-	// sni is an SNI destination, which means there will be no references, but the SNI name will be tied to the cluster
-	// name, so we should generate all clusters.
-	Sni *SNIDestination `protobuf:"bytes,4,opt,name=sni,proto3,oneof"`
-}
-
-func (*Router_L4) isRouter_Destination() {}
-
-func (*Router_L7) isRouter_Destination() {}
-
-func (*Router_Sni) isRouter_Destination() {}
-
-type Match struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	DestinationPort    *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
-	PrefixRanges       []*CidrRange            `protobuf:"bytes,2,rep,name=prefix_ranges,json=prefixRanges,proto3" json:"prefix_ranges,omitempty"`
-	SourcePrefixRanges []*CidrRange            `protobuf:"bytes,3,rep,name=source_prefix_ranges,json=sourcePrefixRanges,proto3" json:"source_prefix_ranges,omitempty"`
-	// server_names matches based on SNI of the incoming request.
-	ServerNames []string `protobuf:"bytes,4,rep,name=server_names,json=serverNames,proto3" json:"server_names,omitempty"`
-}
-
-func (x *Match) Reset() {
-	*x = Match{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Match) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Match) ProtoMessage() {}
-
-func (x *Match) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Match.ProtoReflect.Descriptor instead.
-func (*Match) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *Match) GetDestinationPort() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.DestinationPort
-	}
-	return nil
-}
-
-func (x *Match) GetPrefixRanges() []*CidrRange {
-	if x != nil {
-		return x.PrefixRanges
-	}
-	return nil
-}
-
-func (x *Match) GetSourcePrefixRanges() []*CidrRange {
-	if x != nil {
-		return x.SourcePrefixRanges
-	}
-	return nil
-}
-
-func (x *Match) GetServerNames() []string {
-	if x != nil {
-		return x.ServerNames
-	}
-	return nil
-}
-
-type CidrRange struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	AddressPrefix string                  `protobuf:"bytes,1,opt,name=address_prefix,json=addressPrefix,proto3" json:"address_prefix,omitempty"`
-	PrefixLen     *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=prefix_len,json=prefixLen,proto3" json:"prefix_len,omitempty"`
-}
-
-func (x *CidrRange) Reset() {
-	*x = CidrRange{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CidrRange) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CidrRange) ProtoMessage() {}
-
-func (x *CidrRange) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CidrRange.ProtoReflect.Descriptor instead.
-func (*CidrRange) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *CidrRange) GetAddressPrefix() string {
-	if x != nil {
-		return x.AddressPrefix
-	}
-	return ""
-}
-
-func (x *CidrRange) GetPrefixLen() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.PrefixLen
-	}
-	return nil
-}
-
-type L4Destination struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name is a key in the top level clusters map. This specifies which cluster to go to in this L4 destination.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
-	StatPrefix string `protobuf:"bytes,2,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
-	// intentions is a list of intentions for this destination.
-	Intentions []*L4Intention `protobuf:"bytes,3,rep,name=intentions,proto3" json:"intentions,omitempty"`
-	// max_inbound_connections specifies how many connections this destination can accept.
-	MaxInboundConnections uint64 `protobuf:"varint,4,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
-}
-
-func (x *L4Destination) Reset() {
-	*x = L4Destination{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L4Destination) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L4Destination) ProtoMessage() {}
-
-func (x *L4Destination) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L4Destination.ProtoReflect.Descriptor instead.
-func (*L4Destination) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *L4Destination) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *L4Destination) GetStatPrefix() string {
-	if x != nil {
-		return x.StatPrefix
-	}
-	return ""
-}
-
-func (x *L4Destination) GetIntentions() []*L4Intention {
-	if x != nil {
-		return x.Intentions
-	}
-	return nil
-}
-
-func (x *L4Destination) GetMaxInboundConnections() uint64 {
-	if x != nil {
-		return x.MaxInboundConnections
-	}
-	return 0
-}
-
-type L7Destination struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name is a key in the top level routes map. This specifies which route to go to in this L7 destination.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
-	StatPrefix string `protobuf:"bytes,2,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
-	// protocol for the destination.
-	Protocol L7Protocol `protobuf:"varint,3,opt,name=protocol,proto3,enum=hashicorp.consul.mesh.v1alpha1.L7Protocol" json:"protocol,omitempty"`
-	// intentions is a list of intentions for this destination.
-	Intentions []*L7Intention `protobuf:"bytes,4,rep,name=intentions,proto3" json:"intentions,omitempty"`
-	// include_xfcc specifies whether to add xfcc header.
-	IncludeXfcc bool `protobuf:"varint,5,opt,name=include_xfcc,json=includeXfcc,proto3" json:"include_xfcc,omitempty"`
-	// static_route specifies whether this is a static route that is inlined in the listener filter. This is required to
-	// match existing xds config.
-	StaticRoute bool `protobuf:"varint,6,opt,name=static_route,json=staticRoute,proto3" json:"static_route,omitempty"`
-	// max_inbound_connections specifies how many connections this destination can accept.
-	MaxInboundConnections uint64 `protobuf:"varint,7,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
-}
-
-func (x *L7Destination) Reset() {
-	*x = L7Destination{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L7Destination) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L7Destination) ProtoMessage() {}
-
-func (x *L7Destination) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L7Destination.ProtoReflect.Descriptor instead.
-func (*L7Destination) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *L7Destination) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *L7Destination) GetStatPrefix() string {
-	if x != nil {
-		return x.StatPrefix
-	}
-	return ""
-}
-
-func (x *L7Destination) GetProtocol() L7Protocol {
-	if x != nil {
-		return x.Protocol
-	}
-	return L7Protocol_L7_PROTOCOL_HTTP
-}
-
-func (x *L7Destination) GetIntentions() []*L7Intention {
-	if x != nil {
-		return x.Intentions
-	}
-	return nil
-}
-
-func (x *L7Destination) GetIncludeXfcc() bool {
-	if x != nil {
-		return x.IncludeXfcc
-	}
-	return false
-}
-
-func (x *L7Destination) GetStaticRoute() bool {
-	if x != nil {
-		return x.StaticRoute
-	}
-	return false
-}
-
-func (x *L7Destination) GetMaxInboundConnections() uint64 {
-	if x != nil {
-		return x.MaxInboundConnections
-	}
-	return 0
-}
-
-type SNIDestination struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
-	StatPrefix string `protobuf:"bytes,1,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
-}
-
-func (x *SNIDestination) Reset() {
-	*x = SNIDestination{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SNIDestination) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SNIDestination) ProtoMessage() {}
-
-func (x *SNIDestination) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_listener_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SNIDestination.ProtoReflect.Descriptor instead.
-func (*SNIDestination) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_listener_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *SNIDestination) GetStatPrefix() string {
-	if x != nil {
-		return x.StatPrefix
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_listener_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_listener_proto_rawDesc = []byte{
-	0x0a, 0x1e, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x1a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f,
-	0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x70, 0x62,
-	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x75, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xca, 0x05,
-	0x0a, 0x08, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x47,
-	0x0a, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x64, 0x69,
-	0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x07, 0x69, 0x70, 0x5f, 0x70, 0x6f,
-	0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x50, 0x50, 0x6f, 0x72, 0x74,
-	0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x06, 0x69, 0x70, 0x50, 0x6f, 0x72,
-	0x74, 0x12, 0x54, 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b,
-	0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x0a, 0x75, 0x6e, 0x69,
-	0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x40, 0x0a, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x65,
-	0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72,
-	0x52, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4d, 0x0a, 0x0e, 0x64, 0x65, 0x66,
-	0x61, 0x75, 0x6c, 0x74, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x26, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x52, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75,
-	0x6c, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x12, 0x4e, 0x0a, 0x0c, 0x63, 0x61, 0x70, 0x61,
-	0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x2a,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x0c, 0x63, 0x61, 0x70, 0x61,
-	0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x63, 0x0a, 0x13, 0x62, 0x61, 0x6c, 0x61,
-	0x6e, 0x63, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
-	0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x12, 0x62, 0x61, 0x6c, 0x61, 0x6e,
-	0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x32, 0x0a,
-	0x15, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x69,
-	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x65, 0x73,
-	0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65,
-	0x72, 0x12, 0x37, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x5f, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f,
-	0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x18, 0x0a, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x15, 0x75, 0x73, 0x65, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61,
-	0x74, 0x63, 0x68, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x0e, 0x0a, 0x0c, 0x62, 0x69,
-	0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, 0xec, 0x02, 0x0a, 0x06, 0x52,
-	0x6f, 0x75, 0x74, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x6d, 0x61, 0x74,
-	0x63, 0x68, 0x12, 0x3f, 0x0a, 0x02, 0x6c, 0x34, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x4c, 0x34, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52,
-	0x02, 0x6c, 0x34, 0x12, 0x3f, 0x0a, 0x02, 0x6c, 0x37, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x4c, 0x37, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00,
-	0x52, 0x02, 0x6c, 0x37, 0x12, 0x42, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x53, 0x4e, 0x49, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x48, 0x00, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, 0x50, 0x0a, 0x0b, 0x69, 0x6e, 0x62, 0x6f,
-	0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54,
-	0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0a,
-	0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x42, 0x0d, 0x0a, 0x0b, 0x64, 0x65,
-	0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xa0, 0x02, 0x0a, 0x05, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x12, 0x47, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x64, 0x65, 0x73,
-	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x4e, 0x0a, 0x0d,
-	0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0c,
-	0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x12, 0x5b, 0x0a, 0x14,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x72, 0x61,
-	0x6e, 0x67, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x69, 0x64, 0x72,
-	0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x12, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x50, 0x72, 0x65,
-	0x66, 0x69, 0x78, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72,
-	0x76, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52,
-	0x0b, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x6f, 0x0a, 0x09,
-	0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x64, 0x64,
-	0x72, 0x65, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0d, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78,
-	0x12, 0x3b, 0x0a, 0x0a, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x52, 0x09, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x4c, 0x65, 0x6e, 0x22, 0xc9, 0x01,
-	0x0a, 0x0d, 0x4c, 0x34, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
-	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66,
-	0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72,
-	0x65, 0x66, 0x69, 0x78, 0x12, 0x4b, 0x0a, 0x0a, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x34, 0x49, 0x6e, 0x74, 0x65,
-	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x12, 0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64,
-	0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x04, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xd7, 0x02, 0x0a, 0x0d, 0x4c, 0x37,
-	0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
-	0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78,
-	0x12, 0x46, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x4c, 0x37, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x08,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x4b, 0x0a, 0x0a, 0x69, 0x6e, 0x74, 0x65,
-	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x37,
-	0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x69, 0x6e, 0x74, 0x65, 0x6e,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65,
-	0x5f, 0x78, 0x66, 0x63, 0x63, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x6e, 0x63,
-	0x6c, 0x75, 0x64, 0x65, 0x58, 0x66, 0x63, 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x74, 0x61, 0x74,
-	0x69, 0x63, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b,
-	0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x17, 0x6d,
-	0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, 0x6d, 0x61,
-	0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x22, 0x31, 0x0a, 0x0e, 0x53, 0x4e, 0x49, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72,
-	0x65, 0x66, 0x69, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74,
-	0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x2a, 0x55, 0x0a, 0x09, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e,
-	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15,
-	0x0a, 0x11, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x49, 0x4e, 0x42, 0x4f,
-	0x55, 0x4e, 0x44, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49,
-	0x4f, 0x4e, 0x5f, 0x4f, 0x55, 0x54, 0x42, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x02, 0x2a, 0x71, 0x0a,
-	0x0a, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x1a, 0x0a, 0x16, 0x43,
-	0x41, 0x50, 0x41, 0x42, 0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x50,
-	0x41, 0x52, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, 0x25, 0x0a, 0x21, 0x43, 0x41, 0x50, 0x41, 0x42,
-	0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x4c, 0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f,
-	0x4c, 0x5f, 0x49, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x01, 0x12, 0x20,
-	0x0a, 0x1c, 0x43, 0x41, 0x50, 0x41, 0x42, 0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x4c, 0x34, 0x5f,
-	0x54, 0x4c, 0x53, 0x5f, 0x49, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x02,
-	0x2a, 0x4f, 0x0a, 0x0a, 0x4c, 0x37, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x14,
-	0x0a, 0x10, 0x4c, 0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54,
-	0x54, 0x50, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x4c, 0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f,
-	0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x32, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x4c,
-	0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x47, 0x52, 0x50, 0x43, 0x10,
-	0x02, 0x42, 0x95, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
-	0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75,
-	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62,
-	0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
-	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
-	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
-	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_listener_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_listener_proto_rawDescData = file_pbmesh_v1alpha1_listener_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_listener_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_listener_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_listener_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_listener_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_listener_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_listener_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
-var file_pbmesh_v1alpha1_listener_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
-var file_pbmesh_v1alpha1_listener_proto_goTypes = []interface{}{
-	(Direction)(0),                 // 0: hashicorp.consul.mesh.v1alpha1.Direction
-	(Capability)(0),                // 1: hashicorp.consul.mesh.v1alpha1.Capability
-	(L7Protocol)(0),                // 2: hashicorp.consul.mesh.v1alpha1.L7Protocol
-	(*Listener)(nil),               // 3: hashicorp.consul.mesh.v1alpha1.Listener
-	(*Router)(nil),                 // 4: hashicorp.consul.mesh.v1alpha1.Router
-	(*Match)(nil),                  // 5: hashicorp.consul.mesh.v1alpha1.Match
-	(*CidrRange)(nil),              // 6: hashicorp.consul.mesh.v1alpha1.CidrRange
-	(*L4Destination)(nil),          // 7: hashicorp.consul.mesh.v1alpha1.L4Destination
-	(*L7Destination)(nil),          // 8: hashicorp.consul.mesh.v1alpha1.L7Destination
-	(*SNIDestination)(nil),         // 9: hashicorp.consul.mesh.v1alpha1.SNIDestination
-	(*IPPortAddress)(nil),          // 10: hashicorp.consul.mesh.v1alpha1.IPPortAddress
-	(*UnixSocketAddress)(nil),      // 11: hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
-	(BalanceConnections)(0),        // 12: hashicorp.consul.mesh.v1alpha1.BalanceConnections
-	(*TransportSocket)(nil),        // 13: hashicorp.consul.mesh.v1alpha1.TransportSocket
-	(*wrapperspb.UInt32Value)(nil), // 14: google.protobuf.UInt32Value
-	(*L4Intention)(nil),            // 15: hashicorp.consul.mesh.v1alpha1.L4Intention
-	(*L7Intention)(nil),            // 16: hashicorp.consul.mesh.v1alpha1.L7Intention
-}
-var file_pbmesh_v1alpha1_listener_proto_depIdxs = []int32{
-	0,  // 0: hashicorp.consul.mesh.v1alpha1.Listener.direction:type_name -> hashicorp.consul.mesh.v1alpha1.Direction
-	10, // 1: hashicorp.consul.mesh.v1alpha1.Listener.ip_port:type_name -> hashicorp.consul.mesh.v1alpha1.IPPortAddress
-	11, // 2: hashicorp.consul.mesh.v1alpha1.Listener.unix_socket:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
-	4,  // 3: hashicorp.consul.mesh.v1alpha1.Listener.routers:type_name -> hashicorp.consul.mesh.v1alpha1.Router
-	4,  // 4: hashicorp.consul.mesh.v1alpha1.Listener.default_router:type_name -> hashicorp.consul.mesh.v1alpha1.Router
-	1,  // 5: hashicorp.consul.mesh.v1alpha1.Listener.capabilities:type_name -> hashicorp.consul.mesh.v1alpha1.Capability
-	12, // 6: hashicorp.consul.mesh.v1alpha1.Listener.balance_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceConnections
-	5,  // 7: hashicorp.consul.mesh.v1alpha1.Router.match:type_name -> hashicorp.consul.mesh.v1alpha1.Match
-	7,  // 8: hashicorp.consul.mesh.v1alpha1.Router.l4:type_name -> hashicorp.consul.mesh.v1alpha1.L4Destination
-	8,  // 9: hashicorp.consul.mesh.v1alpha1.Router.l7:type_name -> hashicorp.consul.mesh.v1alpha1.L7Destination
-	9,  // 10: hashicorp.consul.mesh.v1alpha1.Router.sni:type_name -> hashicorp.consul.mesh.v1alpha1.SNIDestination
-	13, // 11: hashicorp.consul.mesh.v1alpha1.Router.inbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.TransportSocket
-	14, // 12: hashicorp.consul.mesh.v1alpha1.Match.destination_port:type_name -> google.protobuf.UInt32Value
-	6,  // 13: hashicorp.consul.mesh.v1alpha1.Match.prefix_ranges:type_name -> hashicorp.consul.mesh.v1alpha1.CidrRange
-	6,  // 14: hashicorp.consul.mesh.v1alpha1.Match.source_prefix_ranges:type_name -> hashicorp.consul.mesh.v1alpha1.CidrRange
-	14, // 15: hashicorp.consul.mesh.v1alpha1.CidrRange.prefix_len:type_name -> google.protobuf.UInt32Value
-	15, // 16: hashicorp.consul.mesh.v1alpha1.L4Destination.intentions:type_name -> hashicorp.consul.mesh.v1alpha1.L4Intention
-	2,  // 17: hashicorp.consul.mesh.v1alpha1.L7Destination.protocol:type_name -> hashicorp.consul.mesh.v1alpha1.L7Protocol
-	16, // 18: hashicorp.consul.mesh.v1alpha1.L7Destination.intentions:type_name -> hashicorp.consul.mesh.v1alpha1.L7Intention
-	19, // [19:19] is the sub-list for method output_type
-	19, // [19:19] is the sub-list for method input_type
-	19, // [19:19] is the sub-list for extension type_name
-	19, // [19:19] is the sub-list for extension extendee
-	0,  // [0:19] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_listener_proto_init() }
-func file_pbmesh_v1alpha1_listener_proto_init() {
-	if File_pbmesh_v1alpha1_listener_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_connection_proto_init()
-	file_pbmesh_v1alpha1_intentions_proto_init()
-	file_pbmesh_v1alpha1_transport_socket_proto_init()
-	file_pbmesh_v1alpha1_upstreams_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_listener_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Listener); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_listener_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Router); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_listener_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Match); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_listener_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CidrRange); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_listener_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L4Destination); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_listener_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L7Destination); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_listener_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SNIDestination); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_listener_proto_msgTypes[0].OneofWrappers = []interface{}{
-		(*Listener_IpPort)(nil),
-		(*Listener_UnixSocket)(nil),
-	}
-	file_pbmesh_v1alpha1_listener_proto_msgTypes[1].OneofWrappers = []interface{}{
-		(*Router_L4)(nil),
-		(*Router_L7)(nil),
-		(*Router_Sni)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_listener_proto_rawDesc,
-			NumEnums:      3,
-			NumMessages:   7,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_listener_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_listener_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_listener_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_listener_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_listener_proto = out.File
-	file_pbmesh_v1alpha1_listener_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_listener_proto_goTypes = nil
-	file_pbmesh_v1alpha1_listener_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/access_logs.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.binary.go
similarity index 83%
rename from proto-public/pbmesh/v1alpha1/access_logs.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.binary.go
index 0621e7a4793a..813f6d3ebb6a 100644
--- a/proto-public/pbmesh/v1alpha1/access_logs.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.binary.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/access_logs.proto
+// source: pbmesh/v1alpha1/pbproxystate/access_logs.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	"google.golang.org/protobuf/proto"
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
new file mode 100644
index 000000000000..bedb5f988072
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
@@ -0,0 +1,325 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/pbproxystate/access_logs.proto
+
+package pbproxystate
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type LogSinkType int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	LogSinkType_LOG_SINK_TYPE_DEFAULT LogSinkType = 0
+	LogSinkType_LOG_SINK_TYPE_FILE    LogSinkType = 1
+	LogSinkType_LOG_SINK_TYPE_STDERR  LogSinkType = 2
+	LogSinkType_LOG_SINK_TYPE_STDOUT  LogSinkType = 3
+)
+
+// Enum value maps for LogSinkType.
+var (
+	LogSinkType_name = map[int32]string{
+		0: "LOG_SINK_TYPE_DEFAULT",
+		1: "LOG_SINK_TYPE_FILE",
+		2: "LOG_SINK_TYPE_STDERR",
+		3: "LOG_SINK_TYPE_STDOUT",
+	}
+	LogSinkType_value = map[string]int32{
+		"LOG_SINK_TYPE_DEFAULT": 0,
+		"LOG_SINK_TYPE_FILE":    1,
+		"LOG_SINK_TYPE_STDERR":  2,
+		"LOG_SINK_TYPE_STDOUT":  3,
+	}
+)
+
+func (x LogSinkType) Enum() *LogSinkType {
+	p := new(LogSinkType)
+	*p = x
+	return p
+}
+
+func (x LogSinkType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (LogSinkType) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_enumTypes[0].Descriptor()
+}
+
+func (LogSinkType) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_enumTypes[0]
+}
+
+func (x LogSinkType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use LogSinkType.Descriptor instead.
+func (LogSinkType) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescGZIP(), []int{0}
+}
+
+type AccessLogs struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// enabled enables access logging.
+	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
+	// disable_listener_logs turns off just listener logs for connections rejected by Envoy because they don't
+	// have a matching listener filter.
+	DisableListenerLogs bool `protobuf:"varint,2,opt,name=disable_listener_logs,json=disableListenerLogs,proto3" json:"disable_listener_logs,omitempty"`
+	// type selects the output for logs: "file", "stderr". "stdout"
+	Type LogSinkType `protobuf:"varint,3,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.LogSinkType" json:"type,omitempty"`
+	// path is the output file to write logs
+	Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
+	// The presence of one format string or the other implies the access log string encoding.
+	// Defining both is invalid.
+	//
+	// Types that are assignable to Format:
+	//
+	//	*AccessLogs_Json
+	//	*AccessLogs_Text
+	Format isAccessLogs_Format `protobuf_oneof:"format"`
+}
+
+func (x *AccessLogs) Reset() {
+	*x = AccessLogs{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *AccessLogs) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AccessLogs) ProtoMessage() {}
+
+func (x *AccessLogs) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AccessLogs.ProtoReflect.Descriptor instead.
+func (*AccessLogs) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *AccessLogs) GetEnabled() bool {
+	if x != nil {
+		return x.Enabled
+	}
+	return false
+}
+
+func (x *AccessLogs) GetDisableListenerLogs() bool {
+	if x != nil {
+		return x.DisableListenerLogs
+	}
+	return false
+}
+
+func (x *AccessLogs) GetType() LogSinkType {
+	if x != nil {
+		return x.Type
+	}
+	return LogSinkType_LOG_SINK_TYPE_DEFAULT
+}
+
+func (x *AccessLogs) GetPath() string {
+	if x != nil {
+		return x.Path
+	}
+	return ""
+}
+
+func (m *AccessLogs) GetFormat() isAccessLogs_Format {
+	if m != nil {
+		return m.Format
+	}
+	return nil
+}
+
+func (x *AccessLogs) GetJson() string {
+	if x, ok := x.GetFormat().(*AccessLogs_Json); ok {
+		return x.Json
+	}
+	return ""
+}
+
+func (x *AccessLogs) GetText() string {
+	if x, ok := x.GetFormat().(*AccessLogs_Text); ok {
+		return x.Text
+	}
+	return ""
+}
+
+type isAccessLogs_Format interface {
+	isAccessLogs_Format()
+}
+
+type AccessLogs_Json struct {
+	Json string `protobuf:"bytes,5,opt,name=json,proto3,oneof"`
+}
+
+type AccessLogs_Text struct {
+	Text string `protobuf:"bytes,6,opt,name=text,proto3,oneof"`
+}
+
+func (*AccessLogs_Json) isAccessLogs_Format() {}
+
+func (*AccessLogs_Text) isAccessLogs_Format() {}
+
+var File_pbmesh_v1alpha1_pbproxystate_access_logs_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDesc = []byte{
+	0x0a, 0x2e, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x61,
+	0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x12, 0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0xf2, 0x01,
+	0x0a, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07,
+	0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65,
+	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x32, 0x0a, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c,
+	0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x4c, 0x69,
+	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x4c, 0x0a, 0x04, 0x74, 0x79,
+	0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79,
+	0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x14, 0x0a, 0x04,
+	0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x04, 0x6a, 0x73,
+	0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x04, 0x74, 0x65, 0x78, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09,
+	0x48, 0x00, 0x52, 0x04, 0x74, 0x65, 0x78, 0x74, 0x42, 0x08, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d,
+	0x61, 0x74, 0x2a, 0x74, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70,
+	0x65, 0x12, 0x19, 0x0a, 0x15, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59,
+	0x50, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12,
+	0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49,
+	0x4c, 0x45, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b,
+	0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x45, 0x52, 0x52, 0x10, 0x02, 0x12, 0x18,
+	0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x53, 0x54, 0x44, 0x4f, 0x55, 0x54, 0x10, 0x03, 0x42, 0xdb, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0f, 0x41, 0x63,
+	0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68,
+	0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02,
+	0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
+	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
+	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
+	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_goTypes = []interface{}{
+	(LogSinkType)(0),   // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.LogSinkType
+	(*AccessLogs)(nil), // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.AccessLogs
+}
+var file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_depIdxs = []int32{
+	0, // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.AccessLogs.type:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LogSinkType
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_init() }
+func file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_init() {
+	if File_pbmesh_v1alpha1_pbproxystate_access_logs_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*AccessLogs); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*AccessLogs_Json)(nil),
+		(*AccessLogs_Text)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_pbproxystate_access_logs_proto = out.File
+	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_goTypes = nil
+	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/access_logs.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
similarity index 94%
rename from proto-public/pbmesh/v1alpha1/access_logs.proto
rename to proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
index 4306ece93897..00770c0c146e 100644
--- a/proto-public/pbmesh/v1alpha1/access_logs.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
@@ -3,7 +3,7 @@
 
 syntax = "proto3";
 
-package hashicorp.consul.mesh.v1alpha1;
+package hashicorp.consul.mesh.v1alpha1.pbproxystate;
 
 message AccessLogs {
   // enabled enables access logging.
diff --git a/proto-public/pbmesh/v1alpha1/address.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.binary.go
similarity index 51%
rename from proto-public/pbmesh/v1alpha1/address.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.binary.go
index 32e199fffb48..84ba62db4083 100644
--- a/proto-public/pbmesh/v1alpha1/address.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.binary.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/address.proto
+// source: pbmesh/v1alpha1/pbproxystate/address.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	"google.golang.org/protobuf/proto"
@@ -16,3 +16,13 @@ func (msg *HostPortAddress) MarshalBinary() ([]byte, error) {
 func (msg *HostPortAddress) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *UnixSocketAddress) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *UnixSocketAddress) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
new file mode 100644
index 000000000000..0afb768f4aa4
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
@@ -0,0 +1,254 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/pbproxystate/address.proto
+
+package pbproxystate
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type HostPortAddress struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
+	Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
+}
+
+func (x *HostPortAddress) Reset() {
+	*x = HostPortAddress{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HostPortAddress) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HostPortAddress) ProtoMessage() {}
+
+func (x *HostPortAddress) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HostPortAddress.ProtoReflect.Descriptor instead.
+func (*HostPortAddress) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *HostPortAddress) GetHost() string {
+	if x != nil {
+		return x.Host
+	}
+	return ""
+}
+
+func (x *HostPortAddress) GetPort() uint32 {
+	if x != nil {
+		return x.Port
+	}
+	return 0
+}
+
+type UnixSocketAddress struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// path is the file system path at which to bind a Unix domain socket listener.
+	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
+	// mode is the Unix file mode for the socket file. It should be provided
+	// in the numeric notation, for example, "0600".
+	Mode string `protobuf:"bytes,2,opt,name=mode,proto3" json:"mode,omitempty"`
+}
+
+func (x *UnixSocketAddress) Reset() {
+	*x = UnixSocketAddress{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UnixSocketAddress) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UnixSocketAddress) ProtoMessage() {}
+
+func (x *UnixSocketAddress) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UnixSocketAddress.ProtoReflect.Descriptor instead.
+func (*UnixSocketAddress) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *UnixSocketAddress) GetPath() string {
+	if x != nil {
+		return x.Path
+	}
+	return ""
+}
+
+func (x *UnixSocketAddress) GetMode() string {
+	if x != nil {
+		return x.Mode
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_pbproxystate_address_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDesc = []byte{
+	0x0a, 0x2a, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x61,
+	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x39, 0x0a, 0x0f, 0x48, 0x6f, 0x73,
+	0x74, 0x50, 0x6f, 0x72, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04,
+	0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74,
+	0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04,
+	0x70, 0x6f, 0x72, 0x74, 0x22, 0x3b, 0x0a, 0x11, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b,
+	0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74,
+	0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a,
+	0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6d, 0x6f, 0x64,
+	0x65, 0x42, 0xd8, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0c, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
+	0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f,
+	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48,
+	0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47,
+	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a,
+	0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a,
+	0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_pbmesh_v1alpha1_pbproxystate_address_proto_goTypes = []interface{}{
+	(*HostPortAddress)(nil),   // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.HostPortAddress
+	(*UnixSocketAddress)(nil), // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.UnixSocketAddress
+}
+var file_pbmesh_v1alpha1_pbproxystate_address_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_pbproxystate_address_proto_init() }
+func file_pbmesh_v1alpha1_pbproxystate_address_proto_init() {
+	if File_pbmesh_v1alpha1_pbproxystate_address_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HostPortAddress); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UnixSocketAddress); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_address_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_address_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_pbproxystate_address_proto = out.File
+	file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_pbproxystate_address_proto_goTypes = nil
+	file_pbmesh_v1alpha1_pbproxystate_address_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
new file mode 100644
index 000000000000..2d08199a0ecc
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
@@ -0,0 +1,20 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1.pbproxystate;
+
+message HostPortAddress {
+  string host = 1;
+  uint32 port = 2;
+}
+
+message UnixSocketAddress {
+  // path is the file system path at which to bind a Unix domain socket listener.
+  string path = 1;
+
+  // mode is the Unix file mode for the socket file. It should be provided
+  // in the numeric notation, for example, "0600".
+  string mode = 2;
+}
diff --git a/proto-public/pbmesh/v1alpha1/cluster.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.binary.go
similarity index 95%
rename from proto-public/pbmesh/v1alpha1/cluster.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.binary.go
index 6db01bde8e51..54087655a2c8 100644
--- a/proto-public/pbmesh/v1alpha1/cluster.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.binary.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/cluster.proto
+// source: pbmesh/v1alpha1/pbproxystate/cluster.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	"google.golang.org/protobuf/proto"
@@ -197,6 +197,16 @@ func (msg *CircuitBreakers) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
 
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *UpstreamLimits) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *UpstreamLimits) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
 // MarshalBinary implements encoding.BinaryMarshaler
 func (msg *OutlierDetection) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
diff --git a/proto-public/pbmesh/v1alpha1/cluster.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
similarity index 50%
rename from proto-public/pbmesh/v1alpha1/cluster.pb.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
index dd240befcdea..59d800a4664f 100644
--- a/proto-public/pbmesh/v1alpha1/cluster.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
@@ -5,9 +5,9 @@
 // versions:
 // 	protoc-gen-go v1.30.0
 // 	protoc        (unknown)
-// source: pbmesh/v1alpha1/cluster.proto
+// source: pbmesh/v1alpha1/pbproxystate/cluster.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
@@ -56,11 +56,11 @@ func (x DiscoveryType) String() string {
 }
 
 func (DiscoveryType) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_cluster_proto_enumTypes[0].Descriptor()
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_enumTypes[0].Descriptor()
 }
 
 func (DiscoveryType) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_cluster_proto_enumTypes[0]
+	return &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_enumTypes[0]
 }
 
 func (x DiscoveryType) Number() protoreflect.EnumNumber {
@@ -69,7 +69,7 @@ func (x DiscoveryType) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use DiscoveryType.Descriptor instead.
 func (DiscoveryType) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{0}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{0}
 }
 
 type Cluster struct {
@@ -91,7 +91,7 @@ type Cluster struct {
 func (x *Cluster) Reset() {
 	*x = Cluster{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[0]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[0]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -104,7 +104,7 @@ func (x *Cluster) String() string {
 func (*Cluster) ProtoMessage() {}
 
 func (x *Cluster) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[0]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[0]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -117,7 +117,7 @@ func (x *Cluster) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Cluster.ProtoReflect.Descriptor instead.
 func (*Cluster) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{0}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{0}
 }
 
 func (m *Cluster) GetGroup() isCluster_Group {
@@ -169,17 +169,15 @@ type FailoverGroup struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// name of the failover group.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// endpoint_groups is an ordered list of which groups to failover to.
-	EndpointGroups []*EndpointGroup     `protobuf:"bytes,2,rep,name=endpoint_groups,json=endpointGroups,proto3" json:"endpoint_groups,omitempty"`
-	Config         *FailoverGroupConfig `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
+	EndpointGroups []*EndpointGroup     `protobuf:"bytes,1,rep,name=endpoint_groups,json=endpointGroups,proto3" json:"endpoint_groups,omitempty"`
+	Config         *FailoverGroupConfig `protobuf:"bytes,2,opt,name=config,proto3" json:"config,omitempty"`
 }
 
 func (x *FailoverGroup) Reset() {
 	*x = FailoverGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[1]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[1]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -192,7 +190,7 @@ func (x *FailoverGroup) String() string {
 func (*FailoverGroup) ProtoMessage() {}
 
 func (x *FailoverGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[1]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[1]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -205,14 +203,7 @@ func (x *FailoverGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use FailoverGroup.ProtoReflect.Descriptor instead.
 func (*FailoverGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *FailoverGroup) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{1}
 }
 
 func (x *FailoverGroup) GetEndpointGroups() []*EndpointGroup {
@@ -241,7 +232,7 @@ type FailoverGroupConfig struct {
 func (x *FailoverGroupConfig) Reset() {
 	*x = FailoverGroupConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[2]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[2]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -254,7 +245,7 @@ func (x *FailoverGroupConfig) String() string {
 func (*FailoverGroupConfig) ProtoMessage() {}
 
 func (x *FailoverGroupConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[2]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[2]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -267,7 +258,7 @@ func (x *FailoverGroupConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use FailoverGroupConfig.ProtoReflect.Descriptor instead.
 func (*FailoverGroupConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{2}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{2}
 }
 
 func (x *FailoverGroupConfig) GetUseAltStatName() bool {
@@ -301,7 +292,7 @@ type EndpointGroup struct {
 func (x *EndpointGroup) Reset() {
 	*x = EndpointGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[3]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[3]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -314,7 +305,7 @@ func (x *EndpointGroup) String() string {
 func (*EndpointGroup) ProtoMessage() {}
 
 func (x *EndpointGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[3]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[3]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -327,7 +318,7 @@ func (x *EndpointGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use EndpointGroup.ProtoReflect.Descriptor instead.
 func (*EndpointGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{3}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{3}
 }
 
 func (m *EndpointGroup) GetGroup() isEndpointGroup_Group {
@@ -402,18 +393,16 @@ type DynamicEndpointGroup struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// name will be the name of the Envoy cluster created by this endpoint group.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// config configures how to connect to the endpoints.
-	Config *DynamicEndpointGroupConfig `protobuf:"bytes,2,opt,name=config,proto3" json:"config,omitempty"`
+	Config *DynamicEndpointGroupConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
 	// outbound_tls will configure what TLS information to use when connecting to an upstream.
-	OutboundTls *TransportSocket `protobuf:"bytes,3,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
+	OutboundTls *TransportSocket `protobuf:"bytes,2,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
 }
 
 func (x *DynamicEndpointGroup) Reset() {
 	*x = DynamicEndpointGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[4]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[4]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -426,7 +415,7 @@ func (x *DynamicEndpointGroup) String() string {
 func (*DynamicEndpointGroup) ProtoMessage() {}
 
 func (x *DynamicEndpointGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[4]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[4]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -439,14 +428,7 @@ func (x *DynamicEndpointGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DynamicEndpointGroup.ProtoReflect.Descriptor instead.
 func (*DynamicEndpointGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *DynamicEndpointGroup) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{4}
 }
 
 func (x *DynamicEndpointGroup) GetConfig() *DynamicEndpointGroupConfig {
@@ -468,18 +450,16 @@ type PassthroughEndpointGroup struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// name will be the name of the Envoy cluster created by this endpoint group.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// config configures how to connect to the endpoints.
-	Config *PassthroughEndpointGroupConfig `protobuf:"bytes,2,opt,name=config,proto3" json:"config,omitempty"`
+	Config *PassthroughEndpointGroupConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
 	// outbound_tls will configure what TLS information to use when connecting to an upstream.
-	OutboundTls *TransportSocket `protobuf:"bytes,3,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
+	OutboundTls *TransportSocket `protobuf:"bytes,2,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
 }
 
 func (x *PassthroughEndpointGroup) Reset() {
 	*x = PassthroughEndpointGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[5]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[5]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -492,7 +472,7 @@ func (x *PassthroughEndpointGroup) String() string {
 func (*PassthroughEndpointGroup) ProtoMessage() {}
 
 func (x *PassthroughEndpointGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[5]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[5]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -505,14 +485,7 @@ func (x *PassthroughEndpointGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use PassthroughEndpointGroup.ProtoReflect.Descriptor instead.
 func (*PassthroughEndpointGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *PassthroughEndpointGroup) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{5}
 }
 
 func (x *PassthroughEndpointGroup) GetConfig() *PassthroughEndpointGroupConfig {
@@ -534,18 +507,16 @@ type DNSEndpointGroup struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// name will be the name of the Envoy cluster created by this endpoint group.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// config configures how to connect to the endpoints.
-	Config *DNSEndpointGroupConfig `protobuf:"bytes,2,opt,name=config,proto3" json:"config,omitempty"`
+	Config *DNSEndpointGroupConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
 	// outbound_tls will configure what TLS information to use when connecting to an upstream.
-	OutboundTls *TransportSocket `protobuf:"bytes,3,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
+	OutboundTls *TransportSocket `protobuf:"bytes,2,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
 }
 
 func (x *DNSEndpointGroup) Reset() {
 	*x = DNSEndpointGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[6]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[6]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -558,7 +529,7 @@ func (x *DNSEndpointGroup) String() string {
 func (*DNSEndpointGroup) ProtoMessage() {}
 
 func (x *DNSEndpointGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[6]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[6]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -571,14 +542,7 @@ func (x *DNSEndpointGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DNSEndpointGroup.ProtoReflect.Descriptor instead.
 func (*DNSEndpointGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *DNSEndpointGroup) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{6}
 }
 
 func (x *DNSEndpointGroup) GetConfig() *DNSEndpointGroupConfig {
@@ -601,16 +565,14 @@ type StaticEndpointGroup struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// name will be the name of the Envoy cluster created by this endpoint group.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// config configures how to connect to the endpoints.
-	Config *StaticEndpointGroupConfig `protobuf:"bytes,2,opt,name=config,proto3" json:"config,omitempty"`
+	Config *StaticEndpointGroupConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
 }
 
 func (x *StaticEndpointGroup) Reset() {
 	*x = StaticEndpointGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[7]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[7]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -623,7 +585,7 @@ func (x *StaticEndpointGroup) String() string {
 func (*StaticEndpointGroup) ProtoMessage() {}
 
 func (x *StaticEndpointGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[7]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[7]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -636,14 +598,7 @@ func (x *StaticEndpointGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use StaticEndpointGroup.ProtoReflect.Descriptor instead.
 func (*StaticEndpointGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *StaticEndpointGroup) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{7}
 }
 
 func (x *StaticEndpointGroup) GetConfig() *StaticEndpointGroupConfig {
@@ -665,7 +620,7 @@ type L4WeightedClusterGroup struct {
 func (x *L4WeightedClusterGroup) Reset() {
 	*x = L4WeightedClusterGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[8]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[8]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -678,7 +633,7 @@ func (x *L4WeightedClusterGroup) String() string {
 func (*L4WeightedClusterGroup) ProtoMessage() {}
 
 func (x *L4WeightedClusterGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[8]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[8]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -691,7 +646,7 @@ func (x *L4WeightedClusterGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use L4WeightedClusterGroup.ProtoReflect.Descriptor instead.
 func (*L4WeightedClusterGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{8}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{8}
 }
 
 func (x *L4WeightedClusterGroup) GetClusters() []*L4WeightedDestinationCluster {
@@ -713,7 +668,7 @@ type L7WeightedClusterGroup struct {
 func (x *L7WeightedClusterGroup) Reset() {
 	*x = L7WeightedClusterGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[9]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[9]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -726,7 +681,7 @@ func (x *L7WeightedClusterGroup) String() string {
 func (*L7WeightedClusterGroup) ProtoMessage() {}
 
 func (x *L7WeightedClusterGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[9]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[9]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -739,7 +694,7 @@ func (x *L7WeightedClusterGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use L7WeightedClusterGroup.ProtoReflect.Descriptor instead.
 func (*L7WeightedClusterGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{9}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{9}
 }
 
 func (x *L7WeightedClusterGroup) GetClusters() []*L7WeightedDestinationCluster {
@@ -762,7 +717,7 @@ type L4WeightedDestinationCluster struct {
 func (x *L4WeightedDestinationCluster) Reset() {
 	*x = L4WeightedDestinationCluster{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[10]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[10]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -775,7 +730,7 @@ func (x *L4WeightedDestinationCluster) String() string {
 func (*L4WeightedDestinationCluster) ProtoMessage() {}
 
 func (x *L4WeightedDestinationCluster) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[10]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[10]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -788,7 +743,7 @@ func (x *L4WeightedDestinationCluster) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use L4WeightedDestinationCluster.ProtoReflect.Descriptor instead.
 func (*L4WeightedDestinationCluster) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{10}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{10}
 }
 
 func (x *L4WeightedDestinationCluster) GetName() string {
@@ -819,7 +774,7 @@ type L7WeightedDestinationCluster struct {
 func (x *L7WeightedDestinationCluster) Reset() {
 	*x = L7WeightedDestinationCluster{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[11]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[11]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -832,7 +787,7 @@ func (x *L7WeightedDestinationCluster) String() string {
 func (*L7WeightedDestinationCluster) ProtoMessage() {}
 
 func (x *L7WeightedDestinationCluster) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[11]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[11]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -845,7 +800,7 @@ func (x *L7WeightedDestinationCluster) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use L7WeightedDestinationCluster.ProtoReflect.Descriptor instead.
 func (*L7WeightedDestinationCluster) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{11}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{11}
 }
 
 func (x *L7WeightedDestinationCluster) GetName() string {
@@ -893,7 +848,7 @@ type DynamicEndpointGroupConfig struct {
 func (x *DynamicEndpointGroupConfig) Reset() {
 	*x = DynamicEndpointGroupConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[12]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[12]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -906,7 +861,7 @@ func (x *DynamicEndpointGroupConfig) String() string {
 func (*DynamicEndpointGroupConfig) ProtoMessage() {}
 
 func (x *DynamicEndpointGroupConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[12]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[12]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -919,7 +874,7 @@ func (x *DynamicEndpointGroupConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DynamicEndpointGroupConfig.ProtoReflect.Descriptor instead.
 func (*DynamicEndpointGroupConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{12}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{12}
 }
 
 func (x *DynamicEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
@@ -1051,7 +1006,7 @@ type LBPolicyLeastRequest struct {
 func (x *LBPolicyLeastRequest) Reset() {
 	*x = LBPolicyLeastRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[13]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[13]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1064,7 +1019,7 @@ func (x *LBPolicyLeastRequest) String() string {
 func (*LBPolicyLeastRequest) ProtoMessage() {}
 
 func (x *LBPolicyLeastRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[13]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[13]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1077,7 +1032,7 @@ func (x *LBPolicyLeastRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LBPolicyLeastRequest.ProtoReflect.Descriptor instead.
 func (*LBPolicyLeastRequest) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{13}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{13}
 }
 
 func (x *LBPolicyLeastRequest) GetChoiceCount() *wrapperspb.UInt32Value {
@@ -1096,7 +1051,7 @@ type LBPolicyRoundRobin struct {
 func (x *LBPolicyRoundRobin) Reset() {
 	*x = LBPolicyRoundRobin{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[14]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[14]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1109,7 +1064,7 @@ func (x *LBPolicyRoundRobin) String() string {
 func (*LBPolicyRoundRobin) ProtoMessage() {}
 
 func (x *LBPolicyRoundRobin) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[14]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[14]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1122,7 +1077,7 @@ func (x *LBPolicyRoundRobin) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LBPolicyRoundRobin.ProtoReflect.Descriptor instead.
 func (*LBPolicyRoundRobin) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{14}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{14}
 }
 
 type LBPolicyRandom struct {
@@ -1134,7 +1089,7 @@ type LBPolicyRandom struct {
 func (x *LBPolicyRandom) Reset() {
 	*x = LBPolicyRandom{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[15]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[15]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1147,7 +1102,7 @@ func (x *LBPolicyRandom) String() string {
 func (*LBPolicyRandom) ProtoMessage() {}
 
 func (x *LBPolicyRandom) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[15]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[15]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1160,7 +1115,7 @@ func (x *LBPolicyRandom) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LBPolicyRandom.ProtoReflect.Descriptor instead.
 func (*LBPolicyRandom) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{15}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{15}
 }
 
 type LBPolicyRingHash struct {
@@ -1175,7 +1130,7 @@ type LBPolicyRingHash struct {
 func (x *LBPolicyRingHash) Reset() {
 	*x = LBPolicyRingHash{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[16]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[16]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1188,7 +1143,7 @@ func (x *LBPolicyRingHash) String() string {
 func (*LBPolicyRingHash) ProtoMessage() {}
 
 func (x *LBPolicyRingHash) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[16]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[16]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1201,7 +1156,7 @@ func (x *LBPolicyRingHash) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LBPolicyRingHash.ProtoReflect.Descriptor instead.
 func (*LBPolicyRingHash) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{16}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{16}
 }
 
 func (x *LBPolicyRingHash) GetMinimumRingSize() *wrapperspb.UInt64Value {
@@ -1227,7 +1182,7 @@ type LBPolicyMaglev struct {
 func (x *LBPolicyMaglev) Reset() {
 	*x = LBPolicyMaglev{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[17]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[17]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1240,7 +1195,7 @@ func (x *LBPolicyMaglev) String() string {
 func (*LBPolicyMaglev) ProtoMessage() {}
 
 func (x *LBPolicyMaglev) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[17]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[17]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1253,7 +1208,7 @@ func (x *LBPolicyMaglev) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LBPolicyMaglev.ProtoReflect.Descriptor instead.
 func (*LBPolicyMaglev) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{17}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{17}
 }
 
 type CircuitBreakers struct {
@@ -1267,7 +1222,7 @@ type CircuitBreakers struct {
 func (x *CircuitBreakers) Reset() {
 	*x = CircuitBreakers{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[18]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[18]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1280,7 +1235,7 @@ func (x *CircuitBreakers) String() string {
 func (*CircuitBreakers) ProtoMessage() {}
 
 func (x *CircuitBreakers) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[18]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[18]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1293,7 +1248,7 @@ func (x *CircuitBreakers) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CircuitBreakers.ProtoReflect.Descriptor instead.
 func (*CircuitBreakers) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{18}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{18}
 }
 
 func (x *CircuitBreakers) GetUpstreamLimits() *UpstreamLimits {
@@ -1303,6 +1258,69 @@ func (x *CircuitBreakers) GetUpstreamLimits() *UpstreamLimits {
 	return nil
 }
 
+type UpstreamLimits struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	MaxConnections        *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"`
+	MaxPendingRequests    *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=max_pending_requests,json=maxPendingRequests,proto3" json:"max_pending_requests,omitempty"`
+	MaxConcurrentRequests *wrapperspb.UInt32Value `protobuf:"bytes,3,opt,name=max_concurrent_requests,json=maxConcurrentRequests,proto3" json:"max_concurrent_requests,omitempty"`
+}
+
+func (x *UpstreamLimits) Reset() {
+	*x = UpstreamLimits{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[19]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UpstreamLimits) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpstreamLimits) ProtoMessage() {}
+
+func (x *UpstreamLimits) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[19]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpstreamLimits.ProtoReflect.Descriptor instead.
+func (*UpstreamLimits) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{19}
+}
+
+func (x *UpstreamLimits) GetMaxConnections() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.MaxConnections
+	}
+	return nil
+}
+
+func (x *UpstreamLimits) GetMaxPendingRequests() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.MaxPendingRequests
+	}
+	return nil
+}
+
+func (x *UpstreamLimits) GetMaxConcurrentRequests() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.MaxConcurrentRequests
+	}
+	return nil
+}
+
 type OutlierDetection struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -1318,7 +1336,7 @@ type OutlierDetection struct {
 func (x *OutlierDetection) Reset() {
 	*x = OutlierDetection{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[19]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[20]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1331,7 +1349,7 @@ func (x *OutlierDetection) String() string {
 func (*OutlierDetection) ProtoMessage() {}
 
 func (x *OutlierDetection) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[19]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[20]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1344,7 +1362,7 @@ func (x *OutlierDetection) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use OutlierDetection.ProtoReflect.Descriptor instead.
 func (*OutlierDetection) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{19}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{20}
 }
 
 func (x *OutlierDetection) GetInterval() *durationpb.Duration {
@@ -1395,7 +1413,7 @@ type UpstreamConnectionOptions struct {
 func (x *UpstreamConnectionOptions) Reset() {
 	*x = UpstreamConnectionOptions{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[20]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[21]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1408,7 +1426,7 @@ func (x *UpstreamConnectionOptions) String() string {
 func (*UpstreamConnectionOptions) ProtoMessage() {}
 
 func (x *UpstreamConnectionOptions) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[20]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[21]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1421,7 +1439,7 @@ func (x *UpstreamConnectionOptions) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use UpstreamConnectionOptions.ProtoReflect.Descriptor instead.
 func (*UpstreamConnectionOptions) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{20}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{21}
 }
 
 func (x *UpstreamConnectionOptions) GetTcpKeepaliveTime() *wrapperspb.UInt32Value {
@@ -1456,7 +1474,7 @@ type PassthroughEndpointGroupConfig struct {
 func (x *PassthroughEndpointGroupConfig) Reset() {
 	*x = PassthroughEndpointGroupConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[21]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[22]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1469,7 +1487,7 @@ func (x *PassthroughEndpointGroupConfig) String() string {
 func (*PassthroughEndpointGroupConfig) ProtoMessage() {}
 
 func (x *PassthroughEndpointGroupConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[21]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[22]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1482,7 +1500,7 @@ func (x *PassthroughEndpointGroupConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use PassthroughEndpointGroupConfig.ProtoReflect.Descriptor instead.
 func (*PassthroughEndpointGroupConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{21}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{22}
 }
 
 func (x *PassthroughEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
@@ -1499,7 +1517,7 @@ type DNSEndpointGroupConfig struct {
 
 	ConnectTimeout            *durationpb.Duration       `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
 	DisablePanicThreshold     bool                       `protobuf:"varint,2,opt,name=disable_panic_threshold,json=disablePanicThreshold,proto3" json:"disable_panic_threshold,omitempty"`
-	DiscoveryType             DiscoveryType              `protobuf:"varint,3,opt,name=discovery_type,json=discoveryType,proto3,enum=hashicorp.consul.mesh.v1alpha1.DiscoveryType" json:"discovery_type,omitempty"`
+	DiscoveryType             DiscoveryType              `protobuf:"varint,3,opt,name=discovery_type,json=discoveryType,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.DiscoveryType" json:"discovery_type,omitempty"`
 	CircuitBreakers           *CircuitBreakers           `protobuf:"bytes,4,opt,name=circuit_breakers,json=circuitBreakers,proto3" json:"circuit_breakers,omitempty"`
 	OutlierDetection          *OutlierDetection          `protobuf:"bytes,5,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"`
 	UpstreamConnectionOptions *UpstreamConnectionOptions `protobuf:"bytes,6,opt,name=upstream_connection_options,json=upstreamConnectionOptions,proto3" json:"upstream_connection_options,omitempty"`
@@ -1509,7 +1527,7 @@ type DNSEndpointGroupConfig struct {
 func (x *DNSEndpointGroupConfig) Reset() {
 	*x = DNSEndpointGroupConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[22]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[23]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1522,7 +1540,7 @@ func (x *DNSEndpointGroupConfig) String() string {
 func (*DNSEndpointGroupConfig) ProtoMessage() {}
 
 func (x *DNSEndpointGroupConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[22]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[23]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1535,7 +1553,7 @@ func (x *DNSEndpointGroupConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DNSEndpointGroupConfig.ProtoReflect.Descriptor instead.
 func (*DNSEndpointGroupConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{22}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{23}
 }
 
 func (x *DNSEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
@@ -1599,7 +1617,7 @@ type StaticEndpointGroupConfig struct {
 func (x *StaticEndpointGroupConfig) Reset() {
 	*x = StaticEndpointGroupConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[23]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[24]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1612,7 +1630,7 @@ func (x *StaticEndpointGroupConfig) String() string {
 func (*StaticEndpointGroupConfig) ProtoMessage() {}
 
 func (x *StaticEndpointGroupConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_cluster_proto_msgTypes[23]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[24]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1625,7 +1643,7 @@ func (x *StaticEndpointGroupConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use StaticEndpointGroupConfig.ProtoReflect.Descriptor instead.
 func (*StaticEndpointGroupConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP(), []int{23}
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{24}
 }
 
 func (x *StaticEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
@@ -1642,486 +1660,529 @@ func (x *StaticEndpointGroupConfig) GetCircuitBreakers() *CircuitBreakers {
 	return nil
 }
 
-var File_pbmesh_v1alpha1_cluster_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_cluster_proto_rawDesc = []byte{
-	0x0a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
-	0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a,
-	0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
-	0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
-	0x26, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f,
-	0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
-	0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xfd,
-	0x01, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x56, 0x0a, 0x0e, 0x66, 0x61,
-	0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75,
-	0x70, 0x48, 0x00, 0x52, 0x0d, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f,
-	0x75, 0x70, 0x12, 0x56, 0x0a, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x67,
-	0x72, 0x6f, 0x75, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d, 0x65, 0x6e, 0x64,
-	0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x39, 0x0a, 0x19, 0x65, 0x73,
-	0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74,
-	0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x65,
-	0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65,
-	0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xc8,
-	0x01, 0x0a, 0x0d, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70,
-	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x56, 0x0a, 0x0f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
-	0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x0e, 0x65, 0x6e,
-	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x4b, 0x0a, 0x06,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68,
+var File_pbmesh_v1alpha1_pbproxystate_cluster_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDesc = []byte{
+	0x0a, 0x2a, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x63,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70,
+	0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73,
+	0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d,
+	0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x33,
+	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x74, 0x72, 0x61,
+	0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x22, 0x97, 0x02, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12,
+	0x63, 0x0a, 0x0e, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x67, 0x72, 0x6f, 0x75,
+	0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72,
+	0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47,
+	0x72, 0x6f, 0x75, 0x70, 0x12, 0x63, 0x0a, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
 	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x61,
-	0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x84, 0x01, 0x0a, 0x13, 0x46, 0x61,
-	0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61,
-	0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75, 0x73,
-	0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x42, 0x0a, 0x0f,
-	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
-	0x22, 0xdd, 0x02, 0x0a, 0x0d, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f,
-	0x75, 0x70, 0x12, 0x50, 0x0a, 0x07, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x07, 0x64, 0x79, 0x6e,
-	0x61, 0x6d, 0x69, 0x63, 0x12, 0x4d, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d, 0x65, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x39, 0x0a, 0x19, 0x65, 0x73, 0x63,
+	0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65,
+	0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x65, 0x73,
+	0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
+	0x4a, 0x73, 0x6f, 0x6e, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xce, 0x01,
+	0x0a, 0x0d, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12,
+	0x63, 0x0a, 0x0f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75,
+	0x70, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47,
+	0x72, 0x6f, 0x75, 0x70, 0x52, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72,
+	0x6f, 0x75, 0x70, 0x73, 0x12, 0x58, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
 	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x61,
-	0x74, 0x69, 0x63, 0x12, 0x44, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f,
-	0x75, 0x70, 0x48, 0x00, 0x52, 0x03, 0x64, 0x6e, 0x73, 0x12, 0x5c, 0x0a, 0x0b, 0x70, 0x61, 0x73,
-	0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0b, 0x70, 0x61, 0x73, 0x73,
-	0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70,
-	0x22, 0xd2, 0x01, 0x0a, 0x14, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x52, 0x0a,
-	0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44,
-	0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72,
-	0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x12, 0x52, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c,
-	0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f,
-	0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75,
-	0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0xda, 0x01, 0x0a, 0x18, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68,
-	0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f,
-	0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x56, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x84,
+	0x01, 0x0a, 0x13, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c,
+	0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d,
+	0x65, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d,
+	0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69,
+	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x91, 0x03, 0x0a, 0x0d, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69,
+	0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5d, 0x0a, 0x07, 0x64, 0x79, 0x6e, 0x61, 0x6d,
+	0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e,
+	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x07, 0x64,
+	0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x12, 0x5a, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f,
-	0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x52,
-	0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53,
-	0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54,
-	0x6c, 0x73, 0x22, 0xca, 0x01, 0x0a, 0x10, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69,
-	0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x4e, 0x0a, 0x06, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x4e, 0x53,
-	0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x52, 0x0a, 0x0c, 0x6f,
-	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b,
-	0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22,
-	0x7c, 0x0a, 0x13, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e,
-	0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x51, 0x0a, 0x06, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74,
+	0x69, 0x63, 0x12, 0x51, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x4e,
+	0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00,
+	0x52, 0x03, 0x64, 0x6e, 0x73, 0x12, 0x69, 0x0a, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72,
+	0x6f, 0x75, 0x67, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68, 0x61, 0x73,
 	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x61, 0x74,
-	0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x72, 0x0a,
-	0x16, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74,
-	0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x58, 0x0a, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74,
-	0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x34, 0x57, 0x65, 0x69,
-	0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
-	0x73, 0x22, 0x72, 0x0a, 0x16, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x58, 0x0a, 0x08, 0x63,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c,
-	0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75,
-	0x73, 0x74, 0x65, 0x72, 0x73, 0x22, 0x68, 0x0a, 0x1c, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68,
-	0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c,
-	0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69,
-	0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74,
-	0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22,
-	0xc3, 0x01, 0x0a, 0x1c, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65,
-	0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
-	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x59, 0x0a, 0x10, 0x68, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x9f, 0x07, 0x0a, 0x1a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69,
-	0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f,
-	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61,
-	0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68,
-	0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62,
-	0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64,
-	0x12, 0x5b, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63,
-	0x79, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52,
-	0x0c, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x55, 0x0a,
-	0x0b, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x72, 0x6f, 0x62, 0x69, 0x6e, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72,
+	0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75,
+	0x70, 0x48, 0x00, 0x52, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68,
+	0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xd8, 0x01, 0x0a, 0x14, 0x44, 0x79,
+	0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f,
+	0x75, 0x70, 0x12, 0x5f, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x47, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, 0x6e,
-	0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x52,
-	0x6f, 0x62, 0x69, 0x6e, 0x12, 0x48, 0x0a, 0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x61,
-	0x6e, 0x64, 0x6f, 0x6d, 0x48, 0x00, 0x52, 0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x12, 0x4f,
-	0x0a, 0x09, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f,
+	0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72,
+	0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e,
+	0x64, 0x54, 0x6c, 0x73, 0x22, 0xe0, 0x01, 0x0a, 0x18, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72,
+	0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75,
+	0x70, 0x12, 0x63, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x4b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
 	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x48,
-	0x61, 0x73, 0x68, 0x48, 0x00, 0x52, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12,
-	0x48, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
+	0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75,
+	0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73,
+	0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0xd0, 0x01, 0x0a, 0x10, 0x44, 0x4e, 0x53, 0x45,
+	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5b, 0x0a, 0x06,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x4e, 0x53, 0x45, 0x6e,
+	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a, 0x0c, 0x6f, 0x75, 0x74,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
 	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x48,
-	0x00, 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, 0x5a, 0x0a, 0x10, 0x63, 0x69, 0x72,
-	0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x08, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61,
-	0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65,
-	0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72,
-	0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x79, 0x0a, 0x1b, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d,
-	0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72,
-	0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
-	0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41,
-	0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x0b, 0x0a, 0x09, 0x6c, 0x62,
-	0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x57, 0x0a, 0x14, 0x4c, 0x42, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
-	0x3f, 0x0a, 0x0c, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x52, 0x0b, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74,
-	0x22, 0x14, 0x0a, 0x12, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, 0x6e,
-	0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x22, 0xa6, 0x01, 0x0a, 0x10, 0x4c, 0x42, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x48, 0x0a,
-	0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69,
-	0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36,
-	0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52,
-	0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x48, 0x0a, 0x11, 0x6d, 0x61, 0x78, 0x69, 0x6d,
-	0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72,
+	0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f,
+	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0x75, 0x0a, 0x13, 0x53, 0x74,
+	0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75,
+	0x70, 0x12, 0x5e, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
+	0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72,
+	0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x22, 0x7f, 0x0a, 0x16, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x65, 0x0a, 0x08, 0x63,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x34, 0x57, 0x65,
+	0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65,
+	0x72, 0x73, 0x22, 0x7f, 0x0a, 0x16, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64,
+	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x65, 0x0a, 0x08,
+	0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37, 0x57,
+	0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74,
+	0x65, 0x72, 0x73, 0x22, 0x68, 0x0a, 0x1c, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65,
+	0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73,
+	0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68,
+	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0xd0, 0x01,
+	0x0a, 0x1c, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74,
+	0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12,
+	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01,
 	0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x52, 0x0f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a,
-	0x65, 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67,
-	0x6c, 0x65, 0x76, 0x22, 0x6a, 0x0a, 0x0f, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72,
-	0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x57, 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65,
-	0x61, 0x6d, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x66, 0x0a, 0x10, 0x68, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x22, 0x88, 0x08, 0x0a, 0x1a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
+	0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x70,
+	0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x61, 0x6e,
+	0x69, 0x63, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x68, 0x0a, 0x0d, 0x6c,
+	0x65, 0x61, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x62, 0x0a, 0x0b, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x72,
+	0x6f, 0x62, 0x69, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x72,
+	0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x12, 0x55, 0x0a, 0x06, 0x72, 0x61, 0x6e,
+	0x64, 0x6f, 0x6d, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x48, 0x00, 0x52, 0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d,
+	0x12, 0x5c, 0x0a, 0x09, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61,
+	0x73, 0x68, 0x48, 0x00, 0x52, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x55,
+	0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x48, 0x00, 0x52, 0x06, 0x6d,
+	0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, 0x67, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74,
+	0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
 	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x52,
-	0x0e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x22,
-	0x83, 0x03, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x45, 0x0a, 0x0f, 0x63,
-	0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35,
-	0x78, 0x78, 0x12, 0x58, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x5f,
+	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69,
+	0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63,
+	0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x6a,
+	0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44,
+	0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65,
+	0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x86, 0x01, 0x0a, 0x1b, 0x75,
+	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55,
+	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65,
+	0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73,
+	0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e,
+	0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x0b,
+	0x0a, 0x09, 0x6c, 0x62, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x57, 0x0a, 0x14, 0x4c,
+	0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x0c, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6f,
+	0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74,
+	0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x43,
+	0x6f, 0x75, 0x6e, 0x74, 0x22, 0x14, 0x0a, 0x12, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x52, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42,
+	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x22, 0xa6, 0x01, 0x0a,
+	0x10, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73,
+	0x68, 0x12, 0x48, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e,
+	0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55,
+	0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69,
+	0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x48, 0x0a, 0x11, 0x6d,
+	0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e,
+	0x67, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x22, 0x77, 0x0a, 0x0f, 0x43, 0x69, 0x72, 0x63, 0x75,
+	0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x64, 0x0a, 0x0f, 0x75, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73,
+	0x52, 0x0e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73,
+	0x22, 0xfd, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d,
+	0x69, 0x74, 0x73, 0x12, 0x45, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55,
+	0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4e, 0x0a, 0x14, 0x6d, 0x61,
+	0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33,
+	0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69,
+	0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x54, 0x0a, 0x17, 0x6d, 0x61,
+	0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49,
+	0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f,
+	0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73,
+	0x22, 0x83, 0x03, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
+	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x45, 0x0a, 0x0f,
 	0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
 	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f,
-	0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x12, 0x4e, 0x0a, 0x14,
-	0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72,
-	0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e,
-	0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x45, 0x6a, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x47, 0x0a, 0x12,
-	0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69,
-	0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x8b, 0x02, 0x0a, 0x19, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65,
-	0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x12, 0x4a, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61,
-	0x6c, 0x69, 0x76, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10, 0x74,
-	0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12,
-	0x52, 0x0a, 0x16, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65,
-	0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x14, 0x74,
-	0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72,
-	0x76, 0x61, 0x6c, 0x12, 0x4e, 0x0a, 0x14, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61,
-	0x6c, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52,
-	0x12, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x50, 0x72, 0x6f,
-	0x62, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x1e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75,
-	0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43,
+	0x6c, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65,
+	0x35, 0x78, 0x78, 0x12, 0x58, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67,
+	0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43,
+	0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x12, 0x4e, 0x0a,
+	0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x65,
+	0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49,
+	0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x45, 0x6a,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x47, 0x0a,
+	0x12, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74,
+	0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x8b, 0x02, 0x0a, 0x19, 0x55, 0x70, 0x73, 0x74, 0x72,
+	0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4a, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70,
+	0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10,
+	0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x54, 0x69, 0x6d, 0x65,
+	0x12, 0x52, 0x0a, 0x16, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76,
+	0x65, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x14,
+	0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x49, 0x6e, 0x74, 0x65,
+	0x72, 0x76, 0x61, 0x6c, 0x12, 0x4e, 0x0a, 0x14, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70,
+	0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x52, 0x12, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x50, 0x72,
+	0x6f, 0x62, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x1e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f,
+	0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x80, 0x05, 0x0a, 0x16, 0x44,
+	0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43,
 	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
 	0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
 	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0xcb, 0x04, 0x0a, 0x16, 0x44, 0x4e,
-	0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f,
-	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61,
-	0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68,
-	0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62,
-	0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64,
-	0x12, 0x54, 0x0a, 0x0e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x74, 0x79,
-	0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73,
+	0x61, 0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73,
+	0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61,
+	0x62, 0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c,
+	0x64, 0x12, 0x61, 0x0a, 0x0e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x74,
+	0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72,
+	0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0d, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79,
+	0x54, 0x79, 0x70, 0x65, 0x12, 0x67, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x5f,
+	0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x72,
+	0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69,
+	0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x6a, 0x0a,
+	0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
-	0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0d, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
-	0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x5a, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69,
-	0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72,
-	0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65,
-	0x72, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65,
-	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f,
-	0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x12, 0x79, 0x0a, 0x1b, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65,
+	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72,
+	0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x86, 0x01, 0x0a, 0x1b, 0x75, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
+	0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74,
+	0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75,
+	0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xc8, 0x01,
+	0x0a, 0x19, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12,
+	0x67, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b,
+	0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42,
+	0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74,
+	0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x2a, 0x46, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63,
+	0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x44, 0x49, 0x53,
+	0x43, 0x4f, 0x56, 0x45, 0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4c, 0x4f, 0x47, 0x49,
+	0x43, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x45,
+	0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x01,
+	0x42, 0xd8, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d,
-	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x52, 0x19, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11,
-	0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53,
-	0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xbb, 0x01, 0x0a, 0x19, 0x53, 0x74, 0x61, 0x74,
-	0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x5a, 0x0a, 0x10, 0x63, 0x69, 0x72,
-	0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61,
-	0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65,
-	0x61, 0x6b, 0x65, 0x72, 0x73, 0x2a, 0x46, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
-	0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56,
-	0x45, 0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4c, 0x4f, 0x47, 0x49, 0x43, 0x41, 0x4c,
-	0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x45, 0x52, 0x59, 0x5f,
-	0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x01, 0x42, 0x94, 0x02,
-	0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x42, 0x0c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x50, 0x72, 0x6f,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x42, 0x0c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x50, 0x72, 0x6f,
 	0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
 	0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75,
 	0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70,
-	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d,
-	0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43,
-	0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
-	0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43,
+	0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2,
+	0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50,
+	0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d,
+	0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
 }
 
 var (
-	file_pbmesh_v1alpha1_cluster_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_cluster_proto_rawDescData = file_pbmesh_v1alpha1_cluster_proto_rawDesc
+	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDesc
 )
 
-func file_pbmesh_v1alpha1_cluster_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_cluster_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_cluster_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_cluster_proto_rawDescData)
+func file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescData)
 	})
-	return file_pbmesh_v1alpha1_cluster_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_cluster_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbmesh_v1alpha1_cluster_proto_msgTypes = make([]protoimpl.MessageInfo, 24)
-var file_pbmesh_v1alpha1_cluster_proto_goTypes = []interface{}{
-	(DiscoveryType)(0),                     // 0: hashicorp.consul.mesh.v1alpha1.DiscoveryType
-	(*Cluster)(nil),                        // 1: hashicorp.consul.mesh.v1alpha1.Cluster
-	(*FailoverGroup)(nil),                  // 2: hashicorp.consul.mesh.v1alpha1.FailoverGroup
-	(*FailoverGroupConfig)(nil),            // 3: hashicorp.consul.mesh.v1alpha1.FailoverGroupConfig
-	(*EndpointGroup)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.EndpointGroup
-	(*DynamicEndpointGroup)(nil),           // 5: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroup
-	(*PassthroughEndpointGroup)(nil),       // 6: hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroup
-	(*DNSEndpointGroup)(nil),               // 7: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroup
-	(*StaticEndpointGroup)(nil),            // 8: hashicorp.consul.mesh.v1alpha1.StaticEndpointGroup
-	(*L4WeightedClusterGroup)(nil),         // 9: hashicorp.consul.mesh.v1alpha1.L4WeightedClusterGroup
-	(*L7WeightedClusterGroup)(nil),         // 10: hashicorp.consul.mesh.v1alpha1.L7WeightedClusterGroup
-	(*L4WeightedDestinationCluster)(nil),   // 11: hashicorp.consul.mesh.v1alpha1.L4WeightedDestinationCluster
-	(*L7WeightedDestinationCluster)(nil),   // 12: hashicorp.consul.mesh.v1alpha1.L7WeightedDestinationCluster
-	(*DynamicEndpointGroupConfig)(nil),     // 13: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig
-	(*LBPolicyLeastRequest)(nil),           // 14: hashicorp.consul.mesh.v1alpha1.LBPolicyLeastRequest
-	(*LBPolicyRoundRobin)(nil),             // 15: hashicorp.consul.mesh.v1alpha1.LBPolicyRoundRobin
-	(*LBPolicyRandom)(nil),                 // 16: hashicorp.consul.mesh.v1alpha1.LBPolicyRandom
-	(*LBPolicyRingHash)(nil),               // 17: hashicorp.consul.mesh.v1alpha1.LBPolicyRingHash
-	(*LBPolicyMaglev)(nil),                 // 18: hashicorp.consul.mesh.v1alpha1.LBPolicyMaglev
-	(*CircuitBreakers)(nil),                // 19: hashicorp.consul.mesh.v1alpha1.CircuitBreakers
-	(*OutlierDetection)(nil),               // 20: hashicorp.consul.mesh.v1alpha1.OutlierDetection
-	(*UpstreamConnectionOptions)(nil),      // 21: hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions
-	(*PassthroughEndpointGroupConfig)(nil), // 22: hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroupConfig
-	(*DNSEndpointGroupConfig)(nil),         // 23: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig
-	(*StaticEndpointGroupConfig)(nil),      // 24: hashicorp.consul.mesh.v1alpha1.StaticEndpointGroupConfig
-	(*durationpb.Duration)(nil),            // 25: google.protobuf.Duration
-	(*TransportSocket)(nil),                // 26: hashicorp.consul.mesh.v1alpha1.TransportSocket
-	(*wrapperspb.UInt32Value)(nil),         // 27: google.protobuf.UInt32Value
-	(*HeaderMutation)(nil),                 // 28: hashicorp.consul.mesh.v1alpha1.HeaderMutation
-	(*wrapperspb.UInt64Value)(nil),         // 29: google.protobuf.UInt64Value
-	(*UpstreamLimits)(nil),                 // 30: hashicorp.consul.mesh.v1alpha1.UpstreamLimits
-}
-var file_pbmesh_v1alpha1_cluster_proto_depIdxs = []int32{
-	2,  // 0: hashicorp.consul.mesh.v1alpha1.Cluster.failover_group:type_name -> hashicorp.consul.mesh.v1alpha1.FailoverGroup
-	4,  // 1: hashicorp.consul.mesh.v1alpha1.Cluster.endpoint_group:type_name -> hashicorp.consul.mesh.v1alpha1.EndpointGroup
-	4,  // 2: hashicorp.consul.mesh.v1alpha1.FailoverGroup.endpoint_groups:type_name -> hashicorp.consul.mesh.v1alpha1.EndpointGroup
-	3,  // 3: hashicorp.consul.mesh.v1alpha1.FailoverGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.FailoverGroupConfig
-	25, // 4: hashicorp.consul.mesh.v1alpha1.FailoverGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
-	5,  // 5: hashicorp.consul.mesh.v1alpha1.EndpointGroup.dynamic:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroup
-	8,  // 6: hashicorp.consul.mesh.v1alpha1.EndpointGroup.static:type_name -> hashicorp.consul.mesh.v1alpha1.StaticEndpointGroup
-	7,  // 7: hashicorp.consul.mesh.v1alpha1.EndpointGroup.dns:type_name -> hashicorp.consul.mesh.v1alpha1.DNSEndpointGroup
-	6,  // 8: hashicorp.consul.mesh.v1alpha1.EndpointGroup.passthrough:type_name -> hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroup
-	13, // 9: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig
-	26, // 10: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.TransportSocket
-	22, // 11: hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroupConfig
-	26, // 12: hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.TransportSocket
-	23, // 13: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig
-	26, // 14: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.TransportSocket
-	24, // 15: hashicorp.consul.mesh.v1alpha1.StaticEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.StaticEndpointGroupConfig
-	11, // 16: hashicorp.consul.mesh.v1alpha1.L4WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v1alpha1.L4WeightedDestinationCluster
-	12, // 17: hashicorp.consul.mesh.v1alpha1.L7WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v1alpha1.L7WeightedDestinationCluster
-	27, // 18: hashicorp.consul.mesh.v1alpha1.L4WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value
-	27, // 19: hashicorp.consul.mesh.v1alpha1.L7WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value
-	28, // 20: hashicorp.consul.mesh.v1alpha1.L7WeightedDestinationCluster.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMutation
-	25, // 21: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
-	14, // 22: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.least_request:type_name -> hashicorp.consul.mesh.v1alpha1.LBPolicyLeastRequest
-	15, // 23: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.round_robin:type_name -> hashicorp.consul.mesh.v1alpha1.LBPolicyRoundRobin
-	16, // 24: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.random:type_name -> hashicorp.consul.mesh.v1alpha1.LBPolicyRandom
-	17, // 25: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.ring_hash:type_name -> hashicorp.consul.mesh.v1alpha1.LBPolicyRingHash
-	18, // 26: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.maglev:type_name -> hashicorp.consul.mesh.v1alpha1.LBPolicyMaglev
-	19, // 27: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.CircuitBreakers
-	20, // 28: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v1alpha1.OutlierDetection
-	21, // 29: hashicorp.consul.mesh.v1alpha1.DynamicEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions
-	27, // 30: hashicorp.consul.mesh.v1alpha1.LBPolicyLeastRequest.choice_count:type_name -> google.protobuf.UInt32Value
-	29, // 31: hashicorp.consul.mesh.v1alpha1.LBPolicyRingHash.minimum_ring_size:type_name -> google.protobuf.UInt64Value
-	29, // 32: hashicorp.consul.mesh.v1alpha1.LBPolicyRingHash.maximum_ring_size:type_name -> google.protobuf.UInt64Value
-	30, // 33: hashicorp.consul.mesh.v1alpha1.CircuitBreakers.upstream_limits:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamLimits
-	25, // 34: hashicorp.consul.mesh.v1alpha1.OutlierDetection.interval:type_name -> google.protobuf.Duration
-	27, // 35: hashicorp.consul.mesh.v1alpha1.OutlierDetection.consecutive_5xx:type_name -> google.protobuf.UInt32Value
-	27, // 36: hashicorp.consul.mesh.v1alpha1.OutlierDetection.enforcing_consecutive_5xx:type_name -> google.protobuf.UInt32Value
-	27, // 37: hashicorp.consul.mesh.v1alpha1.OutlierDetection.max_ejection_percent:type_name -> google.protobuf.UInt32Value
-	25, // 38: hashicorp.consul.mesh.v1alpha1.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration
-	27, // 39: hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions.tcp_keepalive_time:type_name -> google.protobuf.UInt32Value
-	27, // 40: hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions.tcp_keepalive_interval:type_name -> google.protobuf.UInt32Value
-	27, // 41: hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions.tcp_keepalive_probes:type_name -> google.protobuf.UInt32Value
-	25, // 42: hashicorp.consul.mesh.v1alpha1.PassthroughEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
-	25, // 43: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
-	0,  // 44: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig.discovery_type:type_name -> hashicorp.consul.mesh.v1alpha1.DiscoveryType
-	19, // 45: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.CircuitBreakers
-	20, // 46: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v1alpha1.OutlierDetection
-	21, // 47: hashicorp.consul.mesh.v1alpha1.DNSEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConnectionOptions
-	25, // 48: hashicorp.consul.mesh.v1alpha1.StaticEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
-	19, // 49: hashicorp.consul.mesh.v1alpha1.StaticEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.CircuitBreakers
-	50, // [50:50] is the sub-list for method output_type
-	50, // [50:50] is the sub-list for method input_type
-	50, // [50:50] is the sub-list for extension type_name
-	50, // [50:50] is the sub-list for extension extendee
-	0,  // [0:50] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_cluster_proto_init() }
-func file_pbmesh_v1alpha1_cluster_proto_init() {
-	if File_pbmesh_v1alpha1_cluster_proto != nil {
+	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes = make([]protoimpl.MessageInfo, 25)
+var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_goTypes = []interface{}{
+	(DiscoveryType)(0),                     // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.DiscoveryType
+	(*Cluster)(nil),                        // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.Cluster
+	(*FailoverGroup)(nil),                  // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroup
+	(*FailoverGroupConfig)(nil),            // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroupConfig
+	(*EndpointGroup)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup
+	(*DynamicEndpointGroup)(nil),           // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroup
+	(*PassthroughEndpointGroup)(nil),       // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroup
+	(*DNSEndpointGroup)(nil),               // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroup
+	(*StaticEndpointGroup)(nil),            // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroup
+	(*L4WeightedClusterGroup)(nil),         // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4WeightedClusterGroup
+	(*L7WeightedClusterGroup)(nil),         // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedClusterGroup
+	(*L4WeightedDestinationCluster)(nil),   // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4WeightedDestinationCluster
+	(*L7WeightedDestinationCluster)(nil),   // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedDestinationCluster
+	(*DynamicEndpointGroupConfig)(nil),     // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig
+	(*LBPolicyLeastRequest)(nil),           // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyLeastRequest
+	(*LBPolicyRoundRobin)(nil),             // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRoundRobin
+	(*LBPolicyRandom)(nil),                 // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRandom
+	(*LBPolicyRingHash)(nil),               // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRingHash
+	(*LBPolicyMaglev)(nil),                 // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyMaglev
+	(*CircuitBreakers)(nil),                // 19: hashicorp.consul.mesh.v1alpha1.pbproxystate.CircuitBreakers
+	(*UpstreamLimits)(nil),                 // 20: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamLimits
+	(*OutlierDetection)(nil),               // 21: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection
+	(*UpstreamConnectionOptions)(nil),      // 22: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions
+	(*PassthroughEndpointGroupConfig)(nil), // 23: hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroupConfig
+	(*DNSEndpointGroupConfig)(nil),         // 24: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig
+	(*StaticEndpointGroupConfig)(nil),      // 25: hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroupConfig
+	(*durationpb.Duration)(nil),            // 26: google.protobuf.Duration
+	(*TransportSocket)(nil),                // 27: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
+	(*wrapperspb.UInt32Value)(nil),         // 28: google.protobuf.UInt32Value
+	(*HeaderMutation)(nil),                 // 29: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
+	(*wrapperspb.UInt64Value)(nil),         // 30: google.protobuf.UInt64Value
+}
+var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_depIdxs = []int32{
+	2,  // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Cluster.failover_group:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroup
+	4,  // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.Cluster.endpoint_group:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup
+	4,  // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroup.endpoint_groups:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup
+	3,  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroupConfig
+	26, // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
+	5,  // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup.dynamic:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroup
+	8,  // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup.static:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroup
+	7,  // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup.dns:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroup
+	6,  // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup.passthrough:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroup
+	13, // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig
+	27, // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
+	23, // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroupConfig
+	27, // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
+	24, // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig
+	27, // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
+	25, // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroupConfig
+	11, // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L4WeightedDestinationCluster
+	12, // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedDestinationCluster
+	28, // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value
+	28, // 19: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value
+	29, // 20: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedDestinationCluster.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
+	26, // 21: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
+	14, // 22: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.least_request:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyLeastRequest
+	15, // 23: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.round_robin:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRoundRobin
+	16, // 24: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.random:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRandom
+	17, // 25: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.ring_hash:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRingHash
+	18, // 26: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.maglev:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyMaglev
+	19, // 27: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CircuitBreakers
+	21, // 28: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection
+	22, // 29: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions
+	28, // 30: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyLeastRequest.choice_count:type_name -> google.protobuf.UInt32Value
+	30, // 31: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRingHash.minimum_ring_size:type_name -> google.protobuf.UInt64Value
+	30, // 32: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRingHash.maximum_ring_size:type_name -> google.protobuf.UInt64Value
+	20, // 33: hashicorp.consul.mesh.v1alpha1.pbproxystate.CircuitBreakers.upstream_limits:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamLimits
+	28, // 34: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamLimits.max_connections:type_name -> google.protobuf.UInt32Value
+	28, // 35: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamLimits.max_pending_requests:type_name -> google.protobuf.UInt32Value
+	28, // 36: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamLimits.max_concurrent_requests:type_name -> google.protobuf.UInt32Value
+	26, // 37: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection.interval:type_name -> google.protobuf.Duration
+	28, // 38: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection.consecutive_5xx:type_name -> google.protobuf.UInt32Value
+	28, // 39: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection.enforcing_consecutive_5xx:type_name -> google.protobuf.UInt32Value
+	28, // 40: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection.max_ejection_percent:type_name -> google.protobuf.UInt32Value
+	26, // 41: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration
+	28, // 42: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_time:type_name -> google.protobuf.UInt32Value
+	28, // 43: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_interval:type_name -> google.protobuf.UInt32Value
+	28, // 44: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_probes:type_name -> google.protobuf.UInt32Value
+	26, // 45: hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
+	26, // 46: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
+	0,  // 47: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig.discovery_type:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DiscoveryType
+	19, // 48: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CircuitBreakers
+	21, // 49: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection
+	22, // 50: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions
+	26, // 51: hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
+	19, // 52: hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CircuitBreakers
+	53, // [53:53] is the sub-list for method output_type
+	53, // [53:53] is the sub-list for method input_type
+	53, // [53:53] is the sub-list for extension type_name
+	53, // [53:53] is the sub-list for extension extendee
+	0,  // [0:53] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_pbproxystate_cluster_proto_init() }
+func file_pbmesh_v1alpha1_pbproxystate_cluster_proto_init() {
+	if File_pbmesh_v1alpha1_pbproxystate_cluster_proto != nil {
 		return
 	}
-	file_pbmesh_v1alpha1_header_mutations_proto_init()
-	file_pbmesh_v1alpha1_transport_socket_proto_init()
-	file_pbmesh_v1alpha1_upstreams_configuration_proto_init()
+	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_init()
+	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_init()
 	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Cluster); i {
 			case 0:
 				return &v.state
@@ -2133,7 +2194,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*FailoverGroup); i {
 			case 0:
 				return &v.state
@@ -2145,7 +2206,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*FailoverGroupConfig); i {
 			case 0:
 				return &v.state
@@ -2157,7 +2218,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*EndpointGroup); i {
 			case 0:
 				return &v.state
@@ -2169,7 +2230,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*DynamicEndpointGroup); i {
 			case 0:
 				return &v.state
@@ -2181,7 +2242,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*PassthroughEndpointGroup); i {
 			case 0:
 				return &v.state
@@ -2193,7 +2254,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*DNSEndpointGroup); i {
 			case 0:
 				return &v.state
@@ -2205,7 +2266,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*StaticEndpointGroup); i {
 			case 0:
 				return &v.state
@@ -2217,7 +2278,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*L4WeightedClusterGroup); i {
 			case 0:
 				return &v.state
@@ -2229,7 +2290,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*L7WeightedClusterGroup); i {
 			case 0:
 				return &v.state
@@ -2241,7 +2302,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*L4WeightedDestinationCluster); i {
 			case 0:
 				return &v.state
@@ -2253,7 +2314,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*L7WeightedDestinationCluster); i {
 			case 0:
 				return &v.state
@@ -2265,7 +2326,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*DynamicEndpointGroupConfig); i {
 			case 0:
 				return &v.state
@@ -2277,7 +2338,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*LBPolicyLeastRequest); i {
 			case 0:
 				return &v.state
@@ -2289,7 +2350,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*LBPolicyRoundRobin); i {
 			case 0:
 				return &v.state
@@ -2301,7 +2362,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*LBPolicyRandom); i {
 			case 0:
 				return &v.state
@@ -2313,7 +2374,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*LBPolicyRingHash); i {
 			case 0:
 				return &v.state
@@ -2325,7 +2386,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*LBPolicyMaglev); i {
 			case 0:
 				return &v.state
@@ -2337,7 +2398,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*CircuitBreakers); i {
 			case 0:
 				return &v.state
@@ -2349,7 +2410,19 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UpstreamLimits); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*OutlierDetection); i {
 			case 0:
 				return &v.state
@@ -2361,7 +2434,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*UpstreamConnectionOptions); i {
 			case 0:
 				return &v.state
@@ -2373,7 +2446,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*PassthroughEndpointGroupConfig); i {
 			case 0:
 				return &v.state
@@ -2385,7 +2458,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*DNSEndpointGroupConfig); i {
 			case 0:
 				return &v.state
@@ -2397,7 +2470,7 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_cluster_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*StaticEndpointGroupConfig); i {
 			case 0:
 				return &v.state
@@ -2410,17 +2483,17 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 			}
 		}
 	}
-	file_pbmesh_v1alpha1_cluster_proto_msgTypes[0].OneofWrappers = []interface{}{
+	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[0].OneofWrappers = []interface{}{
 		(*Cluster_FailoverGroup)(nil),
 		(*Cluster_EndpointGroup)(nil),
 	}
-	file_pbmesh_v1alpha1_cluster_proto_msgTypes[3].OneofWrappers = []interface{}{
+	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[3].OneofWrappers = []interface{}{
 		(*EndpointGroup_Dynamic)(nil),
 		(*EndpointGroup_Static)(nil),
 		(*EndpointGroup_Dns)(nil),
 		(*EndpointGroup_Passthrough)(nil),
 	}
-	file_pbmesh_v1alpha1_cluster_proto_msgTypes[12].OneofWrappers = []interface{}{
+	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[12].OneofWrappers = []interface{}{
 		(*DynamicEndpointGroupConfig_LeastRequest)(nil),
 		(*DynamicEndpointGroupConfig_RoundRobin)(nil),
 		(*DynamicEndpointGroupConfig_Random)(nil),
@@ -2431,19 +2504,19 @@ func file_pbmesh_v1alpha1_cluster_proto_init() {
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_cluster_proto_rawDesc,
+			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDesc,
 			NumEnums:      1,
-			NumMessages:   24,
+			NumMessages:   25,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
-		GoTypes:           file_pbmesh_v1alpha1_cluster_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_cluster_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_cluster_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_cluster_proto_msgTypes,
+		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_cluster_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_cluster_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_cluster_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes,
 	}.Build()
-	File_pbmesh_v1alpha1_cluster_proto = out.File
-	file_pbmesh_v1alpha1_cluster_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_cluster_proto_goTypes = nil
-	file_pbmesh_v1alpha1_cluster_proto_depIdxs = nil
+	File_pbmesh_v1alpha1_pbproxystate_cluster_proto = out.File
+	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_goTypes = nil
+	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_depIdxs = nil
 }
diff --git a/proto-public/pbmesh/v1alpha1/cluster.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
similarity index 82%
rename from proto-public/pbmesh/v1alpha1/cluster.proto
rename to proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
index 7ad69e1d2cb3..6fd7dba82845 100644
--- a/proto-public/pbmesh/v1alpha1/cluster.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
@@ -3,13 +3,12 @@
 
 syntax = "proto3";
 
-package hashicorp.consul.mesh.v1alpha1;
+package hashicorp.consul.mesh.v1alpha1.pbproxystate;
 
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
-import "pbmesh/v1alpha1/header_mutations.proto";
-import "pbmesh/v1alpha1/transport_socket.proto";
-import "pbmesh/v1alpha1/upstreams_configuration.proto";
+import "pbmesh/v1alpha1/pbproxystate/header_mutations.proto";
+import "pbmesh/v1alpha1/pbproxystate/transport_socket.proto";
 
 message Cluster {
   // group is either a failover group or endpoint group. If this cluster needs to failover to other clusters, use the failover group. If this cluster routes directly to endpoints, use the endpoint group.
@@ -22,11 +21,9 @@ message Cluster {
 }
 
 message FailoverGroup {
-  // name of the failover group.
-  string name = 1;
   // endpoint_groups is an ordered list of which groups to failover to.
-  repeated EndpointGroup endpoint_groups = 2;
-  FailoverGroupConfig config = 3;
+  repeated EndpointGroup endpoint_groups = 1;
+  FailoverGroupConfig config = 2;
 }
 
 message FailoverGroupConfig {
@@ -48,38 +45,30 @@ message EndpointGroup {
 }
 
 message DynamicEndpointGroup {
-  // name will be the name of the Envoy cluster created by this endpoint group.
-  string name = 1;
   // config configures how to connect to the endpoints.
-  DynamicEndpointGroupConfig config = 2;
+  DynamicEndpointGroupConfig config = 1;
   // outbound_tls will configure what TLS information to use when connecting to an upstream.
-  TransportSocket outbound_tls = 3;
+  TransportSocket outbound_tls = 2;
 }
 
 message PassthroughEndpointGroup {
-  // name will be the name of the Envoy cluster created by this endpoint group.
-  string name = 1;
   // config configures how to connect to the endpoints.
-  PassthroughEndpointGroupConfig config = 2;
+  PassthroughEndpointGroupConfig config = 1;
   // outbound_tls will configure what TLS information to use when connecting to an upstream.
-  TransportSocket outbound_tls = 3;
+  TransportSocket outbound_tls = 2;
 }
 
 message DNSEndpointGroup {
-  // name will be the name of the Envoy cluster created by this endpoint group.
-  string name = 1;
   // config configures how to connect to the endpoints.
-  DNSEndpointGroupConfig config = 2;
+  DNSEndpointGroupConfig config = 1;
   // outbound_tls will configure what TLS information to use when connecting to an upstream.
-  TransportSocket outbound_tls = 3;
+  TransportSocket outbound_tls = 2;
 }
 
 // StaticEndpointGroup is used to reach local app ports.
 message StaticEndpointGroup {
-  // name will be the name of the Envoy cluster created by this endpoint group.
-  string name = 1;
   // config configures how to connect to the endpoints.
-  StaticEndpointGroupConfig config = 2;
+  StaticEndpointGroupConfig config = 1;
 }
 
 message L4WeightedClusterGroup {
@@ -139,6 +128,12 @@ message CircuitBreakers {
   UpstreamLimits upstream_limits = 1;
 }
 
+message UpstreamLimits {
+  google.protobuf.UInt32Value max_connections = 1;
+  google.protobuf.UInt32Value max_pending_requests = 2;
+  google.protobuf.UInt32Value max_concurrent_requests = 3;
+}
+
 message OutlierDetection {
   google.protobuf.Duration interval = 1;
   google.protobuf.UInt32Value consecutive_5xx = 2;
diff --git a/proto-public/pbmesh/v1alpha1/endpoints.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.binary.go
similarity index 89%
rename from proto-public/pbmesh/v1alpha1/endpoints.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.binary.go
index 1c1a405964c8..62f943ca762e 100644
--- a/proto-public/pbmesh/v1alpha1/endpoints.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.binary.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/endpoints.proto
+// source: pbmesh/v1alpha1/pbproxystate/endpoints.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	"google.golang.org/protobuf/proto"
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
new file mode 100644
index 000000000000..ce14e15f722d
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
@@ -0,0 +1,386 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/pbproxystate/endpoints.proto
+
+package pbproxystate
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type HealthStatus int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	HealthStatus_HEALTH_STATUS_UNKNOWN   HealthStatus = 0
+	HealthStatus_HEALTH_STATUS_HEALTHY   HealthStatus = 1
+	HealthStatus_HEALTH_STATUS_UNHEALTHY HealthStatus = 2
+)
+
+// Enum value maps for HealthStatus.
+var (
+	HealthStatus_name = map[int32]string{
+		0: "HEALTH_STATUS_UNKNOWN",
+		1: "HEALTH_STATUS_HEALTHY",
+		2: "HEALTH_STATUS_UNHEALTHY",
+	}
+	HealthStatus_value = map[string]int32{
+		"HEALTH_STATUS_UNKNOWN":   0,
+		"HEALTH_STATUS_HEALTHY":   1,
+		"HEALTH_STATUS_UNHEALTHY": 2,
+	}
+)
+
+func (x HealthStatus) Enum() *HealthStatus {
+	p := new(HealthStatus)
+	*p = x
+	return p
+}
+
+func (x HealthStatus) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (HealthStatus) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_enumTypes[0].Descriptor()
+}
+
+func (HealthStatus) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_enumTypes[0]
+}
+
+func (x HealthStatus) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use HealthStatus.Descriptor instead.
+func (HealthStatus) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescGZIP(), []int{0}
+}
+
+type Endpoints struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Endpoints []*Endpoint `protobuf:"bytes,1,rep,name=endpoints,proto3" json:"endpoints,omitempty"`
+}
+
+func (x *Endpoints) Reset() {
+	*x = Endpoints{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Endpoints) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Endpoints) ProtoMessage() {}
+
+func (x *Endpoints) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Endpoints.ProtoReflect.Descriptor instead.
+func (*Endpoints) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Endpoints) GetEndpoints() []*Endpoint {
+	if x != nil {
+		return x.Endpoints
+	}
+	return nil
+}
+
+type Endpoint struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Address:
+	//
+	//	*Endpoint_HostPort
+	//	*Endpoint_UnixSocket
+	Address             isEndpoint_Address      `protobuf_oneof:"address"`
+	HealthStatus        HealthStatus            `protobuf:"varint,3,opt,name=health_status,json=healthStatus,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.HealthStatus" json:"health_status,omitempty"`
+	LoadBalancingWeight *wrapperspb.UInt32Value `protobuf:"bytes,4,opt,name=load_balancing_weight,json=loadBalancingWeight,proto3" json:"load_balancing_weight,omitempty"`
+}
+
+func (x *Endpoint) Reset() {
+	*x = Endpoint{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Endpoint) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Endpoint) ProtoMessage() {}
+
+func (x *Endpoint) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Endpoint.ProtoReflect.Descriptor instead.
+func (*Endpoint) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescGZIP(), []int{1}
+}
+
+func (m *Endpoint) GetAddress() isEndpoint_Address {
+	if m != nil {
+		return m.Address
+	}
+	return nil
+}
+
+func (x *Endpoint) GetHostPort() *HostPortAddress {
+	if x, ok := x.GetAddress().(*Endpoint_HostPort); ok {
+		return x.HostPort
+	}
+	return nil
+}
+
+func (x *Endpoint) GetUnixSocket() *UnixSocketAddress {
+	if x, ok := x.GetAddress().(*Endpoint_UnixSocket); ok {
+		return x.UnixSocket
+	}
+	return nil
+}
+
+func (x *Endpoint) GetHealthStatus() HealthStatus {
+	if x != nil {
+		return x.HealthStatus
+	}
+	return HealthStatus_HEALTH_STATUS_UNKNOWN
+}
+
+func (x *Endpoint) GetLoadBalancingWeight() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.LoadBalancingWeight
+	}
+	return nil
+}
+
+type isEndpoint_Address interface {
+	isEndpoint_Address()
+}
+
+type Endpoint_HostPort struct {
+	HostPort *HostPortAddress `protobuf:"bytes,1,opt,name=host_port,json=hostPort,proto3,oneof"`
+}
+
+type Endpoint_UnixSocket struct {
+	UnixSocket *UnixSocketAddress `protobuf:"bytes,2,opt,name=unix_socket,json=unixSocket,proto3,oneof"`
+}
+
+func (*Endpoint_HostPort) isEndpoint_Address() {}
+
+func (*Endpoint_UnixSocket) isEndpoint_Address() {}
+
+var File_pbmesh_v1alpha1_pbproxystate_endpoints_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDesc = []byte{
+	0x0a, 0x2c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x65,
+	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x1a, 0x1e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61,
+	0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2a, 0x70, 0x62, 0x6d,
+	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
+	0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x60, 0x0a, 0x09, 0x45, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x73, 0x12, 0x53, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x09,
+	0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x22, 0x87, 0x03, 0x0a, 0x08, 0x45, 0x6e,
+	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x5b, 0x0a, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x70,
+	0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74,
+	0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x50,
+	0x6f, 0x72, 0x74, 0x12, 0x61, 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6f, 0x63, 0x6b,
+	0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65,
+	0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x0a, 0x75, 0x6e, 0x69, 0x78,
+	0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x5e, 0x0a, 0x0d, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68,
+	0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x6c,
+	0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x50, 0x0a, 0x15, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62,
+	0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x52, 0x13, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69,
+	0x6e, 0x67, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x42, 0x09, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72,
+	0x65, 0x73, 0x73, 0x2a, 0x61, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61,
+	0x74, 0x75, 0x73, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54,
+	0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x19,
+	0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
+	0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x59, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x48, 0x45, 0x41,
+	0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x48, 0x45, 0x41,
+	0x4c, 0x54, 0x48, 0x59, 0x10, 0x02, 0x42, 0xda, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0e, 0x45, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69,
+	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
+	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d,
+	0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
+	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
+	0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_goTypes = []interface{}{
+	(HealthStatus)(0),              // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.HealthStatus
+	(*Endpoints)(nil),              // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoints
+	(*Endpoint)(nil),               // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint
+	(*HostPortAddress)(nil),        // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.HostPortAddress
+	(*UnixSocketAddress)(nil),      // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.UnixSocketAddress
+	(*wrapperspb.UInt32Value)(nil), // 5: google.protobuf.UInt32Value
+}
+var file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_depIdxs = []int32{
+	2, // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoints.endpoints:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint
+	3, // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint.host_port:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HostPortAddress
+	4, // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint.unix_socket:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.UnixSocketAddress
+	0, // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint.health_status:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HealthStatus
+	5, // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint.load_balancing_weight:type_name -> google.protobuf.UInt32Value
+	5, // [5:5] is the sub-list for method output_type
+	5, // [5:5] is the sub-list for method input_type
+	5, // [5:5] is the sub-list for extension type_name
+	5, // [5:5] is the sub-list for extension extendee
+	0, // [0:5] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_init() }
+func file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_init() {
+	if File_pbmesh_v1alpha1_pbproxystate_endpoints_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_pbproxystate_address_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Endpoints); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Endpoint); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[1].OneofWrappers = []interface{}{
+		(*Endpoint_HostPort)(nil),
+		(*Endpoint_UnixSocket)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_pbproxystate_endpoints_proto = out.File
+	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_goTypes = nil
+	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/endpoints.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
similarity index 67%
rename from proto-public/pbmesh/v1alpha1/endpoints.proto
rename to proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
index 8e81911046da..28ff53b7eec1 100644
--- a/proto-public/pbmesh/v1alpha1/endpoints.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
@@ -3,16 +3,13 @@
 
 syntax = "proto3";
 
-package hashicorp.consul.mesh.v1alpha1;
+package hashicorp.consul.mesh.v1alpha1.pbproxystate;
 
 import "google/protobuf/wrappers.proto";
-import "pbmesh/v1alpha1/address.proto";
-import "pbmesh/v1alpha1/upstreams.proto";
+import "pbmesh/v1alpha1/pbproxystate/address.proto";
 
 message Endpoints {
-  // name is the name of the Endpoints. This should match the cluster name.
-  string name = 1;
-  repeated Endpoint endpoints = 2;
+  repeated Endpoint endpoints = 1;
 }
 
 message Endpoint {
diff --git a/proto-public/pbmesh/v1alpha1/escape_hatches.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.binary.go
similarity index 82%
rename from proto-public/pbmesh/v1alpha1/escape_hatches.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.binary.go
index 3f7c6f16c33b..b684a26f32e0 100644
--- a/proto-public/pbmesh/v1alpha1/escape_hatches.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.binary.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/escape_hatches.proto
+// source: pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	"google.golang.org/protobuf/proto"
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
new file mode 100644
index 000000000000..9250341dbef5
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
@@ -0,0 +1,173 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
+
+package pbproxystate
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type EscapeHatches struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// listener_tracing_json contains user provided tracing configuration.
+	ListenerTracingJson string `protobuf:"bytes,1,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"`
+}
+
+func (x *EscapeHatches) Reset() {
+	*x = EscapeHatches{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EscapeHatches) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EscapeHatches) ProtoMessage() {}
+
+func (x *EscapeHatches) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EscapeHatches.ProtoReflect.Descriptor instead.
+func (*EscapeHatches) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *EscapeHatches) GetListenerTracingJson() string {
+	if x != nil {
+		return x.ListenerTracingJson
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDesc = []byte{
+	0x0a, 0x31, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x65,
+	0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x22, 0x43, 0x0a, 0x0d, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x65,
+	0x73, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x74, 0x72,
+	0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e,
+	0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x42, 0xde, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x12, 0x45, 0x73, 0x63, 0x61, 0x70,
+	0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68,
+	0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02,
+	0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
+	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
+	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
+	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_goTypes = []interface{}{
+	(*EscapeHatches)(nil), // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.EscapeHatches
+}
+var file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_init() }
+func file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_init() {
+	if File_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EscapeHatches); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto = out.File
+	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_goTypes = nil
+	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/escape_hatches.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
similarity index 81%
rename from proto-public/pbmesh/v1alpha1/escape_hatches.proto
rename to proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
index cfd855393172..ab8871182780 100644
--- a/proto-public/pbmesh/v1alpha1/escape_hatches.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
@@ -3,7 +3,7 @@
 
 syntax = "proto3";
 
-package hashicorp.consul.mesh.v1alpha1;
+package hashicorp.consul.mesh.v1alpha1.pbproxystate;
 
 message EscapeHatches {
   // listener_tracing_json contains user provided tracing configuration.
diff --git a/proto-public/pbmesh/v1alpha1/header_mutations.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.binary.go
similarity index 95%
rename from proto-public/pbmesh/v1alpha1/header_mutations.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.binary.go
index 6655d37183e6..55d9155e9f7a 100644
--- a/proto-public/pbmesh/v1alpha1/header_mutations.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.binary.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/header_mutations.proto
+// source: pbmesh/v1alpha1/pbproxystate/header_mutations.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	"google.golang.org/protobuf/proto"
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
new file mode 100644
index 000000000000..71d0b5dc3c02
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
@@ -0,0 +1,693 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/pbproxystate/header_mutations.proto
+
+package pbproxystate
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type AppendAction int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD    AppendAction = 0
+	AppendAction_APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD AppendAction = 1
+)
+
+// Enum value maps for AppendAction.
+var (
+	AppendAction_name = map[int32]string{
+		0: "APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD",
+		1: "APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD",
+	}
+	AppendAction_value = map[string]int32{
+		"APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD":    0,
+		"APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD": 1,
+	}
+)
+
+func (x AppendAction) Enum() *AppendAction {
+	p := new(AppendAction)
+	*p = x
+	return p
+}
+
+func (x AppendAction) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (AppendAction) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_enumTypes[0].Descriptor()
+}
+
+func (AppendAction) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_enumTypes[0]
+}
+
+func (x AppendAction) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use AppendAction.Descriptor instead.
+func (AppendAction) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{0}
+}
+
+// Note: it's nice to have this list of header mutations as opposed to configuration similar to Envoy because it
+// translates more nicely from GAMMA HTTPRoute, and our existing service router config. Then xds code can handle turning
+// it into envoy xds.
+type HeaderMutation struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Action:
+	//
+	//	*HeaderMutation_RequestHeaderAdd
+	//	*HeaderMutation_RequestHeaderRemove
+	//	*HeaderMutation_ResponseHeaderAdd
+	//	*HeaderMutation_ResponseHeaderRemove
+	Action isHeaderMutation_Action `protobuf_oneof:"action"`
+}
+
+func (x *HeaderMutation) Reset() {
+	*x = HeaderMutation{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HeaderMutation) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HeaderMutation) ProtoMessage() {}
+
+func (x *HeaderMutation) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HeaderMutation.ProtoReflect.Descriptor instead.
+func (*HeaderMutation) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{0}
+}
+
+func (m *HeaderMutation) GetAction() isHeaderMutation_Action {
+	if m != nil {
+		return m.Action
+	}
+	return nil
+}
+
+func (x *HeaderMutation) GetRequestHeaderAdd() *RequestHeaderAdd {
+	if x, ok := x.GetAction().(*HeaderMutation_RequestHeaderAdd); ok {
+		return x.RequestHeaderAdd
+	}
+	return nil
+}
+
+func (x *HeaderMutation) GetRequestHeaderRemove() *RequestHeaderRemove {
+	if x, ok := x.GetAction().(*HeaderMutation_RequestHeaderRemove); ok {
+		return x.RequestHeaderRemove
+	}
+	return nil
+}
+
+func (x *HeaderMutation) GetResponseHeaderAdd() *ResponseHeaderAdd {
+	if x, ok := x.GetAction().(*HeaderMutation_ResponseHeaderAdd); ok {
+		return x.ResponseHeaderAdd
+	}
+	return nil
+}
+
+func (x *HeaderMutation) GetResponseHeaderRemove() *ResponseHeaderRemove {
+	if x, ok := x.GetAction().(*HeaderMutation_ResponseHeaderRemove); ok {
+		return x.ResponseHeaderRemove
+	}
+	return nil
+}
+
+type isHeaderMutation_Action interface {
+	isHeaderMutation_Action()
+}
+
+type HeaderMutation_RequestHeaderAdd struct {
+	RequestHeaderAdd *RequestHeaderAdd `protobuf:"bytes,1,opt,name=request_header_add,json=requestHeaderAdd,proto3,oneof"`
+}
+
+type HeaderMutation_RequestHeaderRemove struct {
+	RequestHeaderRemove *RequestHeaderRemove `protobuf:"bytes,2,opt,name=request_header_remove,json=requestHeaderRemove,proto3,oneof"`
+}
+
+type HeaderMutation_ResponseHeaderAdd struct {
+	ResponseHeaderAdd *ResponseHeaderAdd `protobuf:"bytes,3,opt,name=response_header_add,json=responseHeaderAdd,proto3,oneof"`
+}
+
+type HeaderMutation_ResponseHeaderRemove struct {
+	ResponseHeaderRemove *ResponseHeaderRemove `protobuf:"bytes,4,opt,name=response_header_remove,json=responseHeaderRemove,proto3,oneof"`
+}
+
+func (*HeaderMutation_RequestHeaderAdd) isHeaderMutation_Action() {}
+
+func (*HeaderMutation_RequestHeaderRemove) isHeaderMutation_Action() {}
+
+func (*HeaderMutation_ResponseHeaderAdd) isHeaderMutation_Action() {}
+
+func (*HeaderMutation_ResponseHeaderRemove) isHeaderMutation_Action() {}
+
+type RequestHeaderAdd struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Header       *Header      `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
+	AppendAction AppendAction `protobuf:"varint,2,opt,name=append_action,json=appendAction,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.AppendAction" json:"append_action,omitempty"`
+}
+
+func (x *RequestHeaderAdd) Reset() {
+	*x = RequestHeaderAdd{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RequestHeaderAdd) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RequestHeaderAdd) ProtoMessage() {}
+
+func (x *RequestHeaderAdd) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RequestHeaderAdd.ProtoReflect.Descriptor instead.
+func (*RequestHeaderAdd) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *RequestHeaderAdd) GetHeader() *Header {
+	if x != nil {
+		return x.Header
+	}
+	return nil
+}
+
+func (x *RequestHeaderAdd) GetAppendAction() AppendAction {
+	if x != nil {
+		return x.AppendAction
+	}
+	return AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+}
+
+type RequestHeaderRemove struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	HeaderKeys []string `protobuf:"bytes,1,rep,name=header_keys,json=headerKeys,proto3" json:"header_keys,omitempty"`
+}
+
+func (x *RequestHeaderRemove) Reset() {
+	*x = RequestHeaderRemove{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RequestHeaderRemove) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RequestHeaderRemove) ProtoMessage() {}
+
+func (x *RequestHeaderRemove) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RequestHeaderRemove.ProtoReflect.Descriptor instead.
+func (*RequestHeaderRemove) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *RequestHeaderRemove) GetHeaderKeys() []string {
+	if x != nil {
+		return x.HeaderKeys
+	}
+	return nil
+}
+
+type ResponseHeaderAdd struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Header       *Header      `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
+	AppendAction AppendAction `protobuf:"varint,2,opt,name=append_action,json=appendAction,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.AppendAction" json:"append_action,omitempty"`
+}
+
+func (x *ResponseHeaderAdd) Reset() {
+	*x = ResponseHeaderAdd{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ResponseHeaderAdd) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResponseHeaderAdd) ProtoMessage() {}
+
+func (x *ResponseHeaderAdd) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResponseHeaderAdd.ProtoReflect.Descriptor instead.
+func (*ResponseHeaderAdd) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ResponseHeaderAdd) GetHeader() *Header {
+	if x != nil {
+		return x.Header
+	}
+	return nil
+}
+
+func (x *ResponseHeaderAdd) GetAppendAction() AppendAction {
+	if x != nil {
+		return x.AppendAction
+	}
+	return AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+}
+
+type ResponseHeaderRemove struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	HeaderKeys []string `protobuf:"bytes,1,rep,name=header_keys,json=headerKeys,proto3" json:"header_keys,omitempty"`
+}
+
+func (x *ResponseHeaderRemove) Reset() {
+	*x = ResponseHeaderRemove{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ResponseHeaderRemove) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResponseHeaderRemove) ProtoMessage() {}
+
+func (x *ResponseHeaderRemove) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResponseHeaderRemove.ProtoReflect.Descriptor instead.
+func (*ResponseHeaderRemove) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *ResponseHeaderRemove) GetHeaderKeys() []string {
+	if x != nil {
+		return x.HeaderKeys
+	}
+	return nil
+}
+
+type Header struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Key   string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
+	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *Header) Reset() {
+	*x = Header{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Header) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Header) ProtoMessage() {}
+
+func (x *Header) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Header.ProtoReflect.Descriptor instead.
+func (*Header) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *Header) GetKey() string {
+	if x != nil {
+		return x.Key
+	}
+	return ""
+}
+
+func (x *Header) GetValue() string {
+	if x != nil {
+		return x.Value
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_pbproxystate_header_mutations_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDesc = []byte{
+	0x0a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x68,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x22, 0xee, 0x03, 0x0a, 0x0e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x6d, 0x0a, 0x12, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x61, 0x64, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64,
+	0x48, 0x00, 0x52, 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x41, 0x64, 0x64, 0x12, 0x76, 0x0a, 0x15, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f,
+	0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52,
+	0x65, 0x6d, 0x6f, 0x76, 0x65, 0x48, 0x00, 0x52, 0x13, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x70, 0x0a, 0x13,
+	0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f,
+	0x61, 0x64, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x48, 0x00, 0x52, 0x11, 0x72, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x79,
+	0x0a, 0x16, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76,
+	0x65, 0x48, 0x00, 0x52, 0x14, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x42, 0x08, 0x0a, 0x06, 0x61, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x22, 0xbf, 0x01, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x4b, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x68,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x5e, 0x0a, 0x0d, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f,
+	0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x6e,
+	0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x36, 0x0a, 0x13, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b,
+	0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
+	0x09, 0x52, 0x0a, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x73, 0x22, 0xc0, 0x01,
+	0x0a, 0x11, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x41, 0x64, 0x64, 0x12, 0x4b, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x12, 0x5e, 0x0a, 0x0d, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x0c, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x22, 0x37, 0x0a, 0x14, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x68,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x30, 0x0a, 0x06, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x2a, 0x67, 0x0a, 0x0c, 0x41,
+	0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x29, 0x0a, 0x25, 0x41,
+	0x50, 0x50, 0x45, 0x4e, 0x44, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x41, 0x50, 0x50,
+	0x45, 0x4e, 0x44, 0x5f, 0x49, 0x46, 0x5f, 0x45, 0x58, 0x49, 0x53, 0x54, 0x53, 0x5f, 0x4f, 0x52,
+	0x5f, 0x41, 0x44, 0x44, 0x10, 0x00, 0x12, 0x2c, 0x0a, 0x28, 0x41, 0x50, 0x50, 0x45, 0x4e, 0x44,
+	0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x57, 0x52, 0x49, 0x54,
+	0x45, 0x5f, 0x49, 0x46, 0x5f, 0x45, 0x58, 0x49, 0x53, 0x54, 0x53, 0x5f, 0x4f, 0x52, 0x5f, 0x41,
+	0x44, 0x44, 0x10, 0x01, 0x42, 0xe0, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x14, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01,
+	0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73,
+	0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa,
+	0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d,
+	0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
+	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
+	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
+var file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_goTypes = []interface{}{
+	(AppendAction)(0),            // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.AppendAction
+	(*HeaderMutation)(nil),       // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
+	(*RequestHeaderAdd)(nil),     // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderAdd
+	(*RequestHeaderRemove)(nil),  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderRemove
+	(*ResponseHeaderAdd)(nil),    // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderAdd
+	(*ResponseHeaderRemove)(nil), // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderRemove
+	(*Header)(nil),               // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.Header
+}
+var file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_depIdxs = []int32{
+	2, // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation.request_header_add:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderAdd
+	3, // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation.request_header_remove:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderRemove
+	4, // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation.response_header_add:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderAdd
+	5, // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation.response_header_remove:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderRemove
+	6, // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderAdd.header:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Header
+	0, // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderAdd.append_action:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.AppendAction
+	6, // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderAdd.header:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Header
+	0, // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderAdd.append_action:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.AppendAction
+	8, // [8:8] is the sub-list for method output_type
+	8, // [8:8] is the sub-list for method input_type
+	8, // [8:8] is the sub-list for extension type_name
+	8, // [8:8] is the sub-list for extension extendee
+	0, // [0:8] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_init() }
+func file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_init() {
+	if File_pbmesh_v1alpha1_pbproxystate_header_mutations_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HeaderMutation); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RequestHeaderAdd); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RequestHeaderRemove); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ResponseHeaderAdd); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ResponseHeaderRemove); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Header); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*HeaderMutation_RequestHeaderAdd)(nil),
+		(*HeaderMutation_RequestHeaderRemove)(nil),
+		(*HeaderMutation_ResponseHeaderAdd)(nil),
+		(*HeaderMutation_ResponseHeaderRemove)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   6,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_pbproxystate_header_mutations_proto = out.File
+	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_goTypes = nil
+	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/header_mutations.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
similarity index 95%
rename from proto-public/pbmesh/v1alpha1/header_mutations.proto
rename to proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
index 01ad3f825672..ca3bd6ee79cc 100644
--- a/proto-public/pbmesh/v1alpha1/header_mutations.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
@@ -3,7 +3,7 @@
 
 syntax = "proto3";
 
-package hashicorp.consul.mesh.v1alpha1;
+package hashicorp.consul.mesh.v1alpha1.pbproxystate;
 
 // Note: it's nice to have this list of header mutations as opposed to configuration similar to Envoy because it
 // translates more nicely from GAMMA HTTPRoute, and our existing service router config. Then xds code can handle turning
diff --git a/proto-public/pbmesh/v1alpha1/intentions.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.binary.go
similarity index 89%
rename from proto-public/pbmesh/v1alpha1/intentions.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.binary.go
index f2c625aa8b89..7eb87f443f19 100644
--- a/proto-public/pbmesh/v1alpha1/intentions.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.binary.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/intentions.proto
+// source: pbmesh/v1alpha1/pbproxystate/intentions.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	"google.golang.org/protobuf/proto"
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
new file mode 100644
index 000000000000..171c5f357f37
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
@@ -0,0 +1,211 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/pbproxystate/intentions.proto
+
+package pbproxystate
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type L7Intention struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+}
+
+func (x *L7Intention) Reset() {
+	*x = L7Intention{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L7Intention) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L7Intention) ProtoMessage() {}
+
+func (x *L7Intention) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L7Intention.ProtoReflect.Descriptor instead.
+func (*L7Intention) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescGZIP(), []int{0}
+}
+
+type L4Intention struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+}
+
+func (x *L4Intention) Reset() {
+	*x = L4Intention{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L4Intention) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L4Intention) ProtoMessage() {}
+
+func (x *L4Intention) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L4Intention.ProtoReflect.Descriptor instead.
+func (*L4Intention) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescGZIP(), []int{1}
+}
+
+var File_pbmesh_v1alpha1_pbproxystate_intentions_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDesc = []byte{
+	0x0a, 0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x69,
+	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x0d, 0x0a, 0x0b,
+	0x4c, 0x37, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x0d, 0x0a, 0x0b, 0x4c,
+	0x34, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0xdb, 0x02, 0x0a, 0x2f, 0x63,
+	0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0f,
+	0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+	0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65,
+	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50,
+	0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02,
+	0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c,
+	0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
+	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68,
+	0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_pbmesh_v1alpha1_pbproxystate_intentions_proto_goTypes = []interface{}{
+	(*L7Intention)(nil), // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Intention
+	(*L4Intention)(nil), // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Intention
+}
+var file_pbmesh_v1alpha1_pbproxystate_intentions_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_pbproxystate_intentions_proto_init() }
+func file_pbmesh_v1alpha1_pbproxystate_intentions_proto_init() {
+	if File_pbmesh_v1alpha1_pbproxystate_intentions_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L7Intention); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L4Intention); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_intentions_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_intentions_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_pbproxystate_intentions_proto = out.File
+	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_goTypes = nil
+	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/intentions.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
similarity index 72%
rename from proto-public/pbmesh/v1alpha1/intentions.proto
rename to proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
index a008aa63f89b..37f009cc3039 100644
--- a/proto-public/pbmesh/v1alpha1/intentions.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
@@ -3,7 +3,7 @@
 
 syntax = "proto3";
 
-package hashicorp.consul.mesh.v1alpha1;
+package hashicorp.consul.mesh.v1alpha1.pbproxystate;
 
 message L7Intention {}
 
diff --git a/proto-public/pbmesh/v1alpha1/listener.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.binary.go
similarity index 96%
rename from proto-public/pbmesh/v1alpha1/listener.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.binary.go
index 713d6af211b4..333fa99892e0 100644
--- a/proto-public/pbmesh/v1alpha1/listener.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.binary.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/listener.proto
+// source: pbmesh/v1alpha1/pbproxystate/listener.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	"google.golang.org/protobuf/proto"
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
new file mode 100644
index 000000000000..24c6f5fc8ce5
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
@@ -0,0 +1,1269 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/pbproxystate/listener.proto
+
+package pbproxystate
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type Direction int32
+
+const (
+	// DIRECTION_UNSPECIFIED is used by mesh gateway listeners.
+	Direction_DIRECTION_UNSPECIFIED Direction = 0
+	Direction_DIRECTION_INBOUND     Direction = 1
+	Direction_DIRECTION_OUTBOUND    Direction = 2
+)
+
+// Enum value maps for Direction.
+var (
+	Direction_name = map[int32]string{
+		0: "DIRECTION_UNSPECIFIED",
+		1: "DIRECTION_INBOUND",
+		2: "DIRECTION_OUTBOUND",
+	}
+	Direction_value = map[string]int32{
+		"DIRECTION_UNSPECIFIED": 0,
+		"DIRECTION_INBOUND":     1,
+		"DIRECTION_OUTBOUND":    2,
+	}
+)
+
+func (x Direction) Enum() *Direction {
+	p := new(Direction)
+	*p = x
+	return p
+}
+
+func (x Direction) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Direction) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[0].Descriptor()
+}
+
+func (Direction) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[0]
+}
+
+func (x Direction) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Direction.Descriptor instead.
+func (Direction) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{0}
+}
+
+type BalanceConnections int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	BalanceConnections_BALANCE_CONNECTIONS_DEFAULT BalanceConnections = 0
+	BalanceConnections_BALANCE_CONNECTIONS_EXACT   BalanceConnections = 1
+)
+
+// Enum value maps for BalanceConnections.
+var (
+	BalanceConnections_name = map[int32]string{
+		0: "BALANCE_CONNECTIONS_DEFAULT",
+		1: "BALANCE_CONNECTIONS_EXACT",
+	}
+	BalanceConnections_value = map[string]int32{
+		"BALANCE_CONNECTIONS_DEFAULT": 0,
+		"BALANCE_CONNECTIONS_EXACT":   1,
+	}
+)
+
+func (x BalanceConnections) Enum() *BalanceConnections {
+	p := new(BalanceConnections)
+	*p = x
+	return p
+}
+
+func (x BalanceConnections) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (BalanceConnections) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[1].Descriptor()
+}
+
+func (BalanceConnections) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[1]
+}
+
+func (x BalanceConnections) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use BalanceConnections.Descriptor instead.
+func (BalanceConnections) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{1}
+}
+
+// Capabilities map to proxy functionality to enable. These enable tproxy, l7 protocol/alpn inspection, or l4 sni/alpn inspection.
+type Capability int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	Capability_CAPABILITY_TRANSPARENT            Capability = 0
+	Capability_CAPABILITY_L7_PROTOCOL_INSPECTION Capability = 1
+	Capability_CAPABILITY_L4_TLS_INSPECTION      Capability = 2
+)
+
+// Enum value maps for Capability.
+var (
+	Capability_name = map[int32]string{
+		0: "CAPABILITY_TRANSPARENT",
+		1: "CAPABILITY_L7_PROTOCOL_INSPECTION",
+		2: "CAPABILITY_L4_TLS_INSPECTION",
+	}
+	Capability_value = map[string]int32{
+		"CAPABILITY_TRANSPARENT":            0,
+		"CAPABILITY_L7_PROTOCOL_INSPECTION": 1,
+		"CAPABILITY_L4_TLS_INSPECTION":      2,
+	}
+)
+
+func (x Capability) Enum() *Capability {
+	p := new(Capability)
+	*p = x
+	return p
+}
+
+func (x Capability) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Capability) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[2].Descriptor()
+}
+
+func (Capability) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[2]
+}
+
+func (x Capability) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Capability.Descriptor instead.
+func (Capability) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{2}
+}
+
+type L7Protocol int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	L7Protocol_L7_PROTOCOL_HTTP  L7Protocol = 0
+	L7Protocol_L7_PROTOCOL_HTTP2 L7Protocol = 1
+	L7Protocol_L7_PROTOCOL_GRPC  L7Protocol = 2
+)
+
+// Enum value maps for L7Protocol.
+var (
+	L7Protocol_name = map[int32]string{
+		0: "L7_PROTOCOL_HTTP",
+		1: "L7_PROTOCOL_HTTP2",
+		2: "L7_PROTOCOL_GRPC",
+	}
+	L7Protocol_value = map[string]int32{
+		"L7_PROTOCOL_HTTP":  0,
+		"L7_PROTOCOL_HTTP2": 1,
+		"L7_PROTOCOL_GRPC":  2,
+	}
+)
+
+func (x L7Protocol) Enum() *L7Protocol {
+	p := new(L7Protocol)
+	*p = x
+	return p
+}
+
+func (x L7Protocol) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (L7Protocol) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[3].Descriptor()
+}
+
+func (L7Protocol) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[3]
+}
+
+func (x L7Protocol) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use L7Protocol.Descriptor instead.
+func (L7Protocol) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{3}
+}
+
+type Listener struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name is the name of the listener.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// direction tells the listener the direction of traffic.
+	Direction Direction `protobuf:"varint,2,opt,name=direction,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.Direction" json:"direction,omitempty"`
+	// bind_address describes where to listen.
+	//
+	// Types that are assignable to BindAddress:
+	//
+	//	*Listener_HostPort
+	//	*Listener_UnixSocket
+	BindAddress isListener_BindAddress `protobuf_oneof:"bind_address"`
+	// routers describes how to route traffic from this listener.
+	Routers []*Router `protobuf:"bytes,5,rep,name=routers,proto3" json:"routers,omitempty"`
+	// default_router describes where to route if none of the other router matches match the connection.
+	DefaultRouter *Router `protobuf:"bytes,6,opt,name=default_router,json=defaultRouter,proto3" json:"default_router,omitempty"`
+	// capabilities describe Envoy proxy functionality to enable. These map closely to Envoy listener filters.
+	Capabilities []Capability `protobuf:"varint,7,rep,packed,name=capabilities,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.Capability" json:"capabilities,omitempty"`
+	// balance_connections configures how the listener should balance connections.
+	BalanceConnections BalanceConnections `protobuf:"varint,8,opt,name=balance_connections,json=balanceConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.BalanceConnections" json:"balance_connections,omitempty"`
+	// escape_hatch_listener_json configures a user configured escape hatch listener.
+	EscapeHatchListener string `protobuf:"bytes,9,opt,name=escape_hatch_listener,json=escapeHatchListener,proto3" json:"escape_hatch_listener,omitempty"`
+	// use_escape_hatch_tracing configures whether to use the top level user configured tracing escape hatch for this listener.
+	UseEscapeHatchTracing bool `protobuf:"varint,10,opt,name=use_escape_hatch_tracing,json=useEscapeHatchTracing,proto3" json:"use_escape_hatch_tracing,omitempty"`
+}
+
+func (x *Listener) Reset() {
+	*x = Listener{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Listener) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Listener) ProtoMessage() {}
+
+func (x *Listener) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Listener.ProtoReflect.Descriptor instead.
+func (*Listener) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Listener) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Listener) GetDirection() Direction {
+	if x != nil {
+		return x.Direction
+	}
+	return Direction_DIRECTION_UNSPECIFIED
+}
+
+func (m *Listener) GetBindAddress() isListener_BindAddress {
+	if m != nil {
+		return m.BindAddress
+	}
+	return nil
+}
+
+func (x *Listener) GetHostPort() *HostPortAddress {
+	if x, ok := x.GetBindAddress().(*Listener_HostPort); ok {
+		return x.HostPort
+	}
+	return nil
+}
+
+func (x *Listener) GetUnixSocket() *UnixSocketAddress {
+	if x, ok := x.GetBindAddress().(*Listener_UnixSocket); ok {
+		return x.UnixSocket
+	}
+	return nil
+}
+
+func (x *Listener) GetRouters() []*Router {
+	if x != nil {
+		return x.Routers
+	}
+	return nil
+}
+
+func (x *Listener) GetDefaultRouter() *Router {
+	if x != nil {
+		return x.DefaultRouter
+	}
+	return nil
+}
+
+func (x *Listener) GetCapabilities() []Capability {
+	if x != nil {
+		return x.Capabilities
+	}
+	return nil
+}
+
+func (x *Listener) GetBalanceConnections() BalanceConnections {
+	if x != nil {
+		return x.BalanceConnections
+	}
+	return BalanceConnections_BALANCE_CONNECTIONS_DEFAULT
+}
+
+func (x *Listener) GetEscapeHatchListener() string {
+	if x != nil {
+		return x.EscapeHatchListener
+	}
+	return ""
+}
+
+func (x *Listener) GetUseEscapeHatchTracing() bool {
+	if x != nil {
+		return x.UseEscapeHatchTracing
+	}
+	return false
+}
+
+type isListener_BindAddress interface {
+	isListener_BindAddress()
+}
+
+type Listener_HostPort struct {
+	HostPort *HostPortAddress `protobuf:"bytes,3,opt,name=host_port,json=hostPort,proto3,oneof"`
+}
+
+type Listener_UnixSocket struct {
+	UnixSocket *UnixSocketAddress `protobuf:"bytes,4,opt,name=unix_socket,json=unixSocket,proto3,oneof"`
+}
+
+func (*Listener_HostPort) isListener_BindAddress() {}
+
+func (*Listener_UnixSocket) isListener_BindAddress() {}
+
+type Router struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// match specifies how to match traffic coming into this listener. If the traffic matches, it will be routed to the
+	// destination.
+	Match *Match `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"`
+	// Types that are assignable to Destination:
+	//
+	//	*Router_L4
+	//	*Router_L7
+	//	*Router_Sni
+	Destination isRouter_Destination `protobuf_oneof:"destination"`
+	// inbound_tls is used by inbound listeners that terminate TLS.
+	InboundTls *TransportSocket `protobuf:"bytes,5,opt,name=inbound_tls,json=inboundTls,proto3" json:"inbound_tls,omitempty"`
+}
+
+func (x *Router) Reset() {
+	*x = Router{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Router) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Router) ProtoMessage() {}
+
+func (x *Router) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Router.ProtoReflect.Descriptor instead.
+func (*Router) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *Router) GetMatch() *Match {
+	if x != nil {
+		return x.Match
+	}
+	return nil
+}
+
+func (m *Router) GetDestination() isRouter_Destination {
+	if m != nil {
+		return m.Destination
+	}
+	return nil
+}
+
+func (x *Router) GetL4() *L4Destination {
+	if x, ok := x.GetDestination().(*Router_L4); ok {
+		return x.L4
+	}
+	return nil
+}
+
+func (x *Router) GetL7() *L7Destination {
+	if x, ok := x.GetDestination().(*Router_L7); ok {
+		return x.L7
+	}
+	return nil
+}
+
+func (x *Router) GetSni() *SNIDestination {
+	if x, ok := x.GetDestination().(*Router_Sni); ok {
+		return x.Sni
+	}
+	return nil
+}
+
+func (x *Router) GetInboundTls() *TransportSocket {
+	if x != nil {
+		return x.InboundTls
+	}
+	return nil
+}
+
+type isRouter_Destination interface {
+	isRouter_Destination()
+}
+
+type Router_L4 struct {
+	// l4 is an l4 destination to route to, which will have a reference to a cluster.
+	L4 *L4Destination `protobuf:"bytes,2,opt,name=l4,proto3,oneof"`
+}
+
+type Router_L7 struct {
+	// l7 is an l7 destination to route to, which will have a reference to a route.
+	L7 *L7Destination `protobuf:"bytes,3,opt,name=l7,proto3,oneof"`
+}
+
+type Router_Sni struct {
+	// sni is an SNI destination, which means there will be no references, but the SNI name will be tied to the cluster
+	// name, so we should generate all clusters.
+	Sni *SNIDestination `protobuf:"bytes,4,opt,name=sni,proto3,oneof"`
+}
+
+func (*Router_L4) isRouter_Destination() {}
+
+func (*Router_L7) isRouter_Destination() {}
+
+func (*Router_Sni) isRouter_Destination() {}
+
+type Match struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	DestinationPort    *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
+	PrefixRanges       []*CidrRange            `protobuf:"bytes,2,rep,name=prefix_ranges,json=prefixRanges,proto3" json:"prefix_ranges,omitempty"`
+	SourcePrefixRanges []*CidrRange            `protobuf:"bytes,3,rep,name=source_prefix_ranges,json=sourcePrefixRanges,proto3" json:"source_prefix_ranges,omitempty"`
+	// server_names matches based on SNI of the incoming request.
+	ServerNames []string `protobuf:"bytes,4,rep,name=server_names,json=serverNames,proto3" json:"server_names,omitempty"`
+}
+
+func (x *Match) Reset() {
+	*x = Match{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Match) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Match) ProtoMessage() {}
+
+func (x *Match) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Match.ProtoReflect.Descriptor instead.
+func (*Match) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Match) GetDestinationPort() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.DestinationPort
+	}
+	return nil
+}
+
+func (x *Match) GetPrefixRanges() []*CidrRange {
+	if x != nil {
+		return x.PrefixRanges
+	}
+	return nil
+}
+
+func (x *Match) GetSourcePrefixRanges() []*CidrRange {
+	if x != nil {
+		return x.SourcePrefixRanges
+	}
+	return nil
+}
+
+func (x *Match) GetServerNames() []string {
+	if x != nil {
+		return x.ServerNames
+	}
+	return nil
+}
+
+type CidrRange struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AddressPrefix string                  `protobuf:"bytes,1,opt,name=address_prefix,json=addressPrefix,proto3" json:"address_prefix,omitempty"`
+	PrefixLen     *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=prefix_len,json=prefixLen,proto3" json:"prefix_len,omitempty"`
+}
+
+func (x *CidrRange) Reset() {
+	*x = CidrRange{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CidrRange) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CidrRange) ProtoMessage() {}
+
+func (x *CidrRange) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CidrRange.ProtoReflect.Descriptor instead.
+func (*CidrRange) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *CidrRange) GetAddressPrefix() string {
+	if x != nil {
+		return x.AddressPrefix
+	}
+	return ""
+}
+
+func (x *CidrRange) GetPrefixLen() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.PrefixLen
+	}
+	return nil
+}
+
+type L4Destination struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name is a key in the top level clusters map. This specifies which cluster to go to in this L4 destination.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
+	StatPrefix string `protobuf:"bytes,2,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
+	// intentions is a list of intentions for this destination.
+	Intentions []*L4Intention `protobuf:"bytes,3,rep,name=intentions,proto3" json:"intentions,omitempty"`
+	// add_empty_intention specifies whether to add an empty intention for this destination, when there are no other intentions specified.
+	AddEmptyIntention bool `protobuf:"varint,4,opt,name=add_empty_intention,json=addEmptyIntention,proto3" json:"add_empty_intention,omitempty"`
+	// max_inbound_connections specifies how many connections this destination can accept.
+	MaxInboundConnections uint64 `protobuf:"varint,5,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
+}
+
+func (x *L4Destination) Reset() {
+	*x = L4Destination{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L4Destination) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L4Destination) ProtoMessage() {}
+
+func (x *L4Destination) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L4Destination.ProtoReflect.Descriptor instead.
+func (*L4Destination) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *L4Destination) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *L4Destination) GetStatPrefix() string {
+	if x != nil {
+		return x.StatPrefix
+	}
+	return ""
+}
+
+func (x *L4Destination) GetIntentions() []*L4Intention {
+	if x != nil {
+		return x.Intentions
+	}
+	return nil
+}
+
+func (x *L4Destination) GetAddEmptyIntention() bool {
+	if x != nil {
+		return x.AddEmptyIntention
+	}
+	return false
+}
+
+func (x *L4Destination) GetMaxInboundConnections() uint64 {
+	if x != nil {
+		return x.MaxInboundConnections
+	}
+	return 0
+}
+
+type L7Destination struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// name is a key in the top level routes map. This specifies which route to go to in this L7 destination.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
+	StatPrefix string `protobuf:"bytes,2,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
+	// protocol for the destination.
+	Protocol L7Protocol `protobuf:"varint,3,opt,name=protocol,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Protocol" json:"protocol,omitempty"`
+	// intentions is a list of intentions for this destination.
+	Intentions []*L7Intention `protobuf:"bytes,4,rep,name=intentions,proto3" json:"intentions,omitempty"`
+	// add_empty_intention specifies whether to add an empty intention for this destination, when there are no other intentions specified.
+	AddEmptyIntention bool `protobuf:"varint,5,opt,name=add_empty_intention,json=addEmptyIntention,proto3" json:"add_empty_intention,omitempty"`
+	// include_xfcc specifies whether to add xfcc header.
+	IncludeXfcc bool `protobuf:"varint,6,opt,name=include_xfcc,json=includeXfcc,proto3" json:"include_xfcc,omitempty"`
+	// static_route specifies whether this is a static route that is inlined in the listener filter. This is required to
+	// match existing xds config.
+	StaticRoute bool `protobuf:"varint,7,opt,name=static_route,json=staticRoute,proto3" json:"static_route,omitempty"`
+	// max_inbound_connections specifies how many connections this destination can accept.
+	MaxInboundConnections uint64 `protobuf:"varint,8,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
+}
+
+func (x *L7Destination) Reset() {
+	*x = L7Destination{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *L7Destination) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*L7Destination) ProtoMessage() {}
+
+func (x *L7Destination) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use L7Destination.ProtoReflect.Descriptor instead.
+func (*L7Destination) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *L7Destination) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *L7Destination) GetStatPrefix() string {
+	if x != nil {
+		return x.StatPrefix
+	}
+	return ""
+}
+
+func (x *L7Destination) GetProtocol() L7Protocol {
+	if x != nil {
+		return x.Protocol
+	}
+	return L7Protocol_L7_PROTOCOL_HTTP
+}
+
+func (x *L7Destination) GetIntentions() []*L7Intention {
+	if x != nil {
+		return x.Intentions
+	}
+	return nil
+}
+
+func (x *L7Destination) GetAddEmptyIntention() bool {
+	if x != nil {
+		return x.AddEmptyIntention
+	}
+	return false
+}
+
+func (x *L7Destination) GetIncludeXfcc() bool {
+	if x != nil {
+		return x.IncludeXfcc
+	}
+	return false
+}
+
+func (x *L7Destination) GetStaticRoute() bool {
+	if x != nil {
+		return x.StaticRoute
+	}
+	return false
+}
+
+func (x *L7Destination) GetMaxInboundConnections() uint64 {
+	if x != nil {
+		return x.MaxInboundConnections
+	}
+	return 0
+}
+
+type SNIDestination struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
+	StatPrefix string `protobuf:"bytes,1,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
+}
+
+func (x *SNIDestination) Reset() {
+	*x = SNIDestination{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SNIDestination) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SNIDestination) ProtoMessage() {}
+
+func (x *SNIDestination) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SNIDestination.ProtoReflect.Descriptor instead.
+func (*SNIDestination) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *SNIDestination) GetStatPrefix() string {
+	if x != nil {
+		return x.StatPrefix
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_pbproxystate_listener_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDesc = []byte{
+	0x0a, 0x2b, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x6c,
+	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70,
+	0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2a, 0x70, 0x62, 0x6d, 0x65,
+	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f,
+	0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xab, 0x06, 0x0a, 0x08, 0x4c,
+	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x54, 0x0a, 0x09, 0x64,
+	0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x69, 0x72,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x5b, 0x0a, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65,
+	0x73, 0x73, 0x48, 0x00, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x61,
+	0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72,
+	0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x0a, 0x75, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65,
+	0x74, 0x12, 0x4d, 0x0a, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x52, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x73,
+	0x12, 0x5a, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x72, 0x6f, 0x75, 0x74,
+	0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x52, 0x0d, 0x64,
+	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x12, 0x5b, 0x0a, 0x0c,
+	0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03,
+	0x28, 0x0e, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x0c, 0x63, 0x61, 0x70,
+	0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x70, 0x0a, 0x13, 0x62, 0x61, 0x6c,
+	0x61, 0x6e, 0x63, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x12, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x32, 0x0a, 0x15, 0x65,
+	0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x69, 0x73, 0x74,
+	0x65, 0x6e, 0x65, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x65, 0x73, 0x63, 0x61,
+	0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12,
+	0x37, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x5f, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61,
+	0x74, 0x63, 0x68, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x18, 0x0a, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x15, 0x75, 0x73, 0x65, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63,
+	0x68, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x0e, 0x0a, 0x0c, 0x62, 0x69, 0x6e, 0x64,
+	0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, 0xad, 0x03, 0x0a, 0x06, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x72, 0x12, 0x48, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x4c, 0x0a,
+	0x02, 0x6c, 0x34, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x34, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x02, 0x6c, 0x34, 0x12, 0x4c, 0x0a, 0x02, 0x6c,
+	0x37, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x02, 0x6c, 0x37, 0x12, 0x4f, 0x0a, 0x03, 0x73, 0x6e, 0x69,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x4e, 0x49, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, 0x5d, 0x0a, 0x0b, 0x69, 0x6e,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72,
+	0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0a, 0x69,
+	0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x42, 0x0d, 0x0a, 0x0b, 0x64, 0x65, 0x73,
+	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xba, 0x02, 0x0a, 0x05, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x12, 0x47, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55,
+	0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x64, 0x65, 0x73, 0x74,
+	0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x5b, 0x0a, 0x0d, 0x70,
+	0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x66,
+	0x69, 0x78, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x12, 0x68, 0x0a, 0x14, 0x73, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x73,
+	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x12,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x52, 0x61, 0x6e, 0x67,
+	0x65, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d,
+	0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x6f, 0x0a, 0x09, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e,
+	0x67, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x70, 0x72,
+	0x65, 0x66, 0x69, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x61, 0x64, 0x64, 0x72,
+	0x65, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x3b, 0x0a, 0x0a, 0x70, 0x72, 0x65,
+	0x66, 0x69, 0x78, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x70, 0x72, 0x65,
+	0x66, 0x69, 0x78, 0x4c, 0x65, 0x6e, 0x22, 0x86, 0x02, 0x0a, 0x0d, 0x4c, 0x34, 0x44, 0x65, 0x73,
+	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b,
+	0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x58, 0x0a,
+	0x0a, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
+	0x4c, 0x34, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x69, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2e, 0x0a, 0x13, 0x61, 0x64, 0x64, 0x5f, 0x65,
+	0x6d, 0x70, 0x74, 0x79, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x61, 0x64, 0x64, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x49, 0x6e,
+	0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x69,
+	0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22,
+	0xa1, 0x03, 0x0a, 0x0d, 0x4c, 0x37, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72,
+	0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74,
+	0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x53, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63,
+	0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
+	0x6c, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x58, 0x0a, 0x0a, 0x69,
+	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37,
+	0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x69, 0x6e, 0x74, 0x65, 0x6e,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2e, 0x0a, 0x13, 0x61, 0x64, 0x64, 0x5f, 0x65, 0x6d, 0x70,
+	0x74, 0x79, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x11, 0x61, 0x64, 0x64, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x49, 0x6e, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65,
+	0x5f, 0x78, 0x66, 0x63, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x6e, 0x63,
+	0x6c, 0x75, 0x64, 0x65, 0x58, 0x66, 0x63, 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x74, 0x61, 0x74,
+	0x69, 0x63, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b,
+	0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x17, 0x6d,
+	0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, 0x6d, 0x61,
+	0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x22, 0x31, 0x0a, 0x0e, 0x53, 0x4e, 0x49, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72,
+	0x65, 0x66, 0x69, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74,
+	0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x2a, 0x55, 0x0a, 0x09, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e,
+	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15,
+	0x0a, 0x11, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x49, 0x4e, 0x42, 0x4f,
+	0x55, 0x4e, 0x44, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49,
+	0x4f, 0x4e, 0x5f, 0x4f, 0x55, 0x54, 0x42, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x02, 0x2a, 0x54, 0x0a,
+	0x12, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x12, 0x1f, 0x0a, 0x1b, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x43,
+	0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55,
+	0x4c, 0x54, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f,
+	0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x45, 0x58, 0x41, 0x43,
+	0x54, 0x10, 0x01, 0x2a, 0x71, 0x0a, 0x0a, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74,
+	0x79, 0x12, 0x1a, 0x0a, 0x16, 0x43, 0x41, 0x50, 0x41, 0x42, 0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f,
+	0x54, 0x52, 0x41, 0x4e, 0x53, 0x50, 0x41, 0x52, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, 0x25, 0x0a,
+	0x21, 0x43, 0x41, 0x50, 0x41, 0x42, 0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x4c, 0x37, 0x5f, 0x50,
+	0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x49, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x54, 0x49,
+	0x4f, 0x4e, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, 0x43, 0x41, 0x50, 0x41, 0x42, 0x49, 0x4c, 0x49,
+	0x54, 0x59, 0x5f, 0x4c, 0x34, 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x49, 0x4e, 0x53, 0x50, 0x45, 0x43,
+	0x54, 0x49, 0x4f, 0x4e, 0x10, 0x02, 0x2a, 0x4f, 0x0a, 0x0a, 0x4c, 0x37, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x14, 0x0a, 0x10, 0x4c, 0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f,
+	0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x4c, 0x37,
+	0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x32, 0x10,
+	0x01, 0x12, 0x14, 0x0a, 0x10, 0x4c, 0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c,
+	0x5f, 0x47, 0x52, 0x50, 0x43, 0x10, 0x02, 0x42, 0xd9, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0d, 0x4c, 0x69, 0x73,
+	0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69,
+	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
+	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d,
+	0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
+	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
+	0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes = make([]protoimpl.EnumInfo, 4)
+var file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
+var file_pbmesh_v1alpha1_pbproxystate_listener_proto_goTypes = []interface{}{
+	(Direction)(0),                 // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Direction
+	(BalanceConnections)(0),        // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.BalanceConnections
+	(Capability)(0),                // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.Capability
+	(L7Protocol)(0),                // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Protocol
+	(*Listener)(nil),               // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener
+	(*Router)(nil),                 // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router
+	(*Match)(nil),                  // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.Match
+	(*CidrRange)(nil),              // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.CidrRange
+	(*L4Destination)(nil),          // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Destination
+	(*L7Destination)(nil),          // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Destination
+	(*SNIDestination)(nil),         // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.SNIDestination
+	(*HostPortAddress)(nil),        // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.HostPortAddress
+	(*UnixSocketAddress)(nil),      // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.UnixSocketAddress
+	(*TransportSocket)(nil),        // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
+	(*wrapperspb.UInt32Value)(nil), // 14: google.protobuf.UInt32Value
+	(*L4Intention)(nil),            // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Intention
+	(*L7Intention)(nil),            // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Intention
+}
+var file_pbmesh_v1alpha1_pbproxystate_listener_proto_depIdxs = []int32{
+	0,  // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.direction:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Direction
+	11, // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.host_port:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HostPortAddress
+	12, // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.unix_socket:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.UnixSocketAddress
+	5,  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.routers:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Router
+	5,  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.default_router:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Router
+	2,  // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.capabilities:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Capability
+	1,  // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.balance_connections:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.BalanceConnections
+	6,  // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router.match:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Match
+	8,  // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router.l4:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Destination
+	9,  // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router.l7:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Destination
+	10, // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router.sni:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.SNIDestination
+	13, // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router.inbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
+	14, // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.Match.destination_port:type_name -> google.protobuf.UInt32Value
+	7,  // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.Match.prefix_ranges:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CidrRange
+	7,  // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.Match.source_prefix_ranges:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CidrRange
+	14, // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.CidrRange.prefix_len:type_name -> google.protobuf.UInt32Value
+	15, // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Destination.intentions:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Intention
+	3,  // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Destination.protocol:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Protocol
+	16, // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Destination.intentions:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Intention
+	19, // [19:19] is the sub-list for method output_type
+	19, // [19:19] is the sub-list for method input_type
+	19, // [19:19] is the sub-list for extension type_name
+	19, // [19:19] is the sub-list for extension extendee
+	0,  // [0:19] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_pbproxystate_listener_proto_init() }
+func file_pbmesh_v1alpha1_pbproxystate_listener_proto_init() {
+	if File_pbmesh_v1alpha1_pbproxystate_listener_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_pbproxystate_address_proto_init()
+	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_init()
+	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Listener); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Router); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Match); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CidrRange); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L4Destination); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*L7Destination); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SNIDestination); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*Listener_HostPort)(nil),
+		(*Listener_UnixSocket)(nil),
+	}
+	file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[1].OneofWrappers = []interface{}{
+		(*Router_L4)(nil),
+		(*Router_L7)(nil),
+		(*Router_Sni)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDesc,
+			NumEnums:      4,
+			NumMessages:   7,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_listener_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_listener_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_pbproxystate_listener_proto = out.File
+	file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_pbproxystate_listener_proto_goTypes = nil
+	file_pbmesh_v1alpha1_pbproxystate_listener_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/listener.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
similarity index 83%
rename from proto-public/pbmesh/v1alpha1/listener.proto
rename to proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
index 441f5eea83b1..d4a4dcda9f35 100644
--- a/proto-public/pbmesh/v1alpha1/listener.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
@@ -3,13 +3,12 @@
 
 syntax = "proto3";
 
-package hashicorp.consul.mesh.v1alpha1;
+package hashicorp.consul.mesh.v1alpha1.pbproxystate;
 
 import "google/protobuf/wrappers.proto";
-import "pbmesh/v1alpha1/connection.proto";
-import "pbmesh/v1alpha1/intentions.proto";
-import "pbmesh/v1alpha1/transport_socket.proto";
-import "pbmesh/v1alpha1/upstreams.proto";
+import "pbmesh/v1alpha1/pbproxystate/address.proto";
+import "pbmesh/v1alpha1/pbproxystate/intentions.proto";
+import "pbmesh/v1alpha1/pbproxystate/transport_socket.proto";
 
 message Listener {
   // name is the name of the listener.
@@ -18,7 +17,7 @@ message Listener {
   Direction direction = 2;
   // bind_address describes where to listen.
   oneof bind_address {
-    IPPortAddress ip_port = 3;
+    HostPortAddress host_port = 3;
     UnixSocketAddress unix_socket = 4;
   }
 
@@ -43,6 +42,12 @@ enum Direction {
   DIRECTION_OUTBOUND = 2;
 }
 
+enum BalanceConnections {
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  BALANCE_CONNECTIONS_DEFAULT = 0;
+  BALANCE_CONNECTIONS_EXACT = 1;
+}
+
 // Capabilities map to proxy functionality to enable. These enable tproxy, l7 protocol/alpn inspection, or l4 sni/alpn inspection.
 enum Capability {
   // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
@@ -88,8 +93,10 @@ message L4Destination {
   string stat_prefix = 2;
   // intentions is a list of intentions for this destination.
   repeated L4Intention intentions = 3;
+  // add_empty_intention specifies whether to add an empty intention for this destination, when there are no other intentions specified.
+  bool add_empty_intention = 4;
   // max_inbound_connections specifies how many connections this destination can accept.
-  uint64 max_inbound_connections = 4;
+  uint64 max_inbound_connections = 5;
 }
 
 message L7Destination {
@@ -101,13 +108,15 @@ message L7Destination {
   L7Protocol protocol = 3;
   // intentions is a list of intentions for this destination.
   repeated L7Intention intentions = 4;
+  // add_empty_intention specifies whether to add an empty intention for this destination, when there are no other intentions specified.
+  bool add_empty_intention = 5;
   // include_xfcc specifies whether to add xfcc header.
-  bool include_xfcc = 5;
+  bool include_xfcc = 6;
   // static_route specifies whether this is a static route that is inlined in the listener filter. This is required to
   // match existing xds config.
-  bool static_route = 6;
+  bool static_route = 7;
   // max_inbound_connections specifies how many connections this destination can accept.
-  uint64 max_inbound_connections = 7;
+  uint64 max_inbound_connections = 8;
 }
 
 enum L7Protocol {
diff --git a/proto-public/pbmesh/v1alpha1/references.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.binary.go
similarity index 92%
rename from proto-public/pbmesh/v1alpha1/references.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.binary.go
index d8193e451681..5d42cb386296 100644
--- a/proto-public/pbmesh/v1alpha1/references.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.binary.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/references.proto
+// source: pbmesh/v1alpha1/pbproxystate/references.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	"google.golang.org/protobuf/proto"
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
new file mode 100644
index 000000000000..cee7c44bc46b
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
@@ -0,0 +1,371 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/pbproxystate/references.proto
+
+package pbproxystate
+
+import (
+	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type LeafCertificateRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name       string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Namespace  string   `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
+	Partition  string   `protobuf:"bytes,3,opt,name=partition,proto3" json:"partition,omitempty"`
+	Host       string   `protobuf:"bytes,4,opt,name=host,proto3" json:"host,omitempty"`
+	Datacenter string   `protobuf:"bytes,5,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
+	DnsSan     []string `protobuf:"bytes,6,rep,name=dns_san,json=dnsSan,proto3" json:"dns_san,omitempty"`
+}
+
+func (x *LeafCertificateRef) Reset() {
+	*x = LeafCertificateRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LeafCertificateRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LeafCertificateRef) ProtoMessage() {}
+
+func (x *LeafCertificateRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LeafCertificateRef.ProtoReflect.Descriptor instead.
+func (*LeafCertificateRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *LeafCertificateRef) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *LeafCertificateRef) GetNamespace() string {
+	if x != nil {
+		return x.Namespace
+	}
+	return ""
+}
+
+func (x *LeafCertificateRef) GetPartition() string {
+	if x != nil {
+		return x.Partition
+	}
+	return ""
+}
+
+func (x *LeafCertificateRef) GetHost() string {
+	if x != nil {
+		return x.Host
+	}
+	return ""
+}
+
+func (x *LeafCertificateRef) GetDatacenter() string {
+	if x != nil {
+		return x.Datacenter
+	}
+	return ""
+}
+
+func (x *LeafCertificateRef) GetDnsSan() []string {
+	if x != nil {
+		return x.DnsSan
+	}
+	return nil
+}
+
+type TrustBundleRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Peer        string `protobuf:"bytes,1,opt,name=peer,proto3" json:"peer,omitempty"`
+	TrustDomain string `protobuf:"bytes,2,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
+}
+
+func (x *TrustBundleRef) Reset() {
+	*x = TrustBundleRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TrustBundleRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TrustBundleRef) ProtoMessage() {}
+
+func (x *TrustBundleRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TrustBundleRef.ProtoReflect.Descriptor instead.
+func (*TrustBundleRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *TrustBundleRef) GetPeer() string {
+	if x != nil {
+		return x.Peer
+	}
+	return ""
+}
+
+func (x *TrustBundleRef) GetTrustDomain() string {
+	if x != nil {
+		return x.TrustDomain
+	}
+	return ""
+}
+
+type EndpointRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// id is the ServiceEndpoints resource id.
+	Id *pbresource.ID `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	// port is the name of the port in the ServiceEndpoints to generate the Endpoints from.
+	Port string `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
+}
+
+func (x *EndpointRef) Reset() {
+	*x = EndpointRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EndpointRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EndpointRef) ProtoMessage() {}
+
+func (x *EndpointRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EndpointRef.ProtoReflect.Descriptor instead.
+func (*EndpointRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *EndpointRef) GetId() *pbresource.ID {
+	if x != nil {
+		return x.Id
+	}
+	return nil
+}
+
+func (x *EndpointRef) GetPort() string {
+	if x != nil {
+		return x.Port
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_pbproxystate_references_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDesc = []byte{
+	0x0a, 0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x72,
+	0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x1a, 0x19, 0x70, 0x62,
+	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb1, 0x01, 0x0a, 0x12, 0x4c, 0x65, 0x61, 0x66,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x66, 0x12, 0x12,
+	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65,
+	0x12, 0x1c, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12,
+	0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f,
+	0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72,
+	0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74,
+	0x65, 0x72, 0x12, 0x17, 0x0a, 0x07, 0x64, 0x6e, 0x73, 0x5f, 0x73, 0x61, 0x6e, 0x18, 0x06, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6e, 0x73, 0x53, 0x61, 0x6e, 0x22, 0x47, 0x0a, 0x0e, 0x54,
+	0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x66, 0x12, 0x12, 0x0a,
+	0x04, 0x70, 0x65, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x65, 0x65,
+	0x72, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69,
+	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f,
+	0x6d, 0x61, 0x69, 0x6e, 0x22, 0x50, 0x0a, 0x0b, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x52, 0x65, 0x66, 0x12, 0x2d, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x49, 0x44, 0x52, 0x02,
+	0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x42, 0xdb, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0f, 0x52, 0x65, 0x66, 0x65,
+	0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67,
+	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
+	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
+	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
+	0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
+var file_pbmesh_v1alpha1_pbproxystate_references_proto_goTypes = []interface{}{
+	(*LeafCertificateRef)(nil), // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificateRef
+	(*TrustBundleRef)(nil),     // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundleRef
+	(*EndpointRef)(nil),        // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointRef
+	(*pbresource.ID)(nil),      // 3: hashicorp.consul.resource.ID
+}
+var file_pbmesh_v1alpha1_pbproxystate_references_proto_depIdxs = []int32{
+	3, // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointRef.id:type_name -> hashicorp.consul.resource.ID
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_pbproxystate_references_proto_init() }
+func file_pbmesh_v1alpha1_pbproxystate_references_proto_init() {
+	if File_pbmesh_v1alpha1_pbproxystate_references_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LeafCertificateRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TrustBundleRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EndpointRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   3,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_references_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_references_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_pbproxystate_references_proto = out.File
+	file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_pbproxystate_references_proto_goTypes = nil
+	file_pbmesh_v1alpha1_pbproxystate_references_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/references.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
similarity index 91%
rename from proto-public/pbmesh/v1alpha1/references.proto
rename to proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
index 13d4116cbc30..3e2c1ddd45ca 100644
--- a/proto-public/pbmesh/v1alpha1/references.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
@@ -3,7 +3,7 @@
 
 syntax = "proto3";
 
-package hashicorp.consul.mesh.v1alpha1;
+package hashicorp.consul.mesh.v1alpha1.pbproxystate;
 
 import "pbresource/resource.proto";
 
diff --git a/proto-public/pbmesh/v1alpha1/route.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.binary.go
similarity index 98%
rename from proto-public/pbmesh/v1alpha1/route.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.binary.go
index f50de72dc287..5d6ba14ecc91 100644
--- a/proto-public/pbmesh/v1alpha1/route.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.binary.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/route.proto
+// source: pbmesh/v1alpha1/pbproxystate/route.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	"google.golang.org/protobuf/proto"
diff --git a/proto-public/pbmesh/v1alpha1/route.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
similarity index 55%
rename from proto-public/pbmesh/v1alpha1/route.pb.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
index 2fe192a4ecd5..c6840dd18aaa 100644
--- a/proto-public/pbmesh/v1alpha1/route.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
@@ -5,9 +5,9 @@
 // versions:
 // 	protoc-gen-go v1.30.0
 // 	protoc        (unknown)
-// source: pbmesh/v1alpha1/route.proto
+// source: pbmesh/v1alpha1/pbproxystate/route.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
@@ -30,16 +30,14 @@ type Route struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// name is the name of the route.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// virtual_hosts is a list of virtual hosts. A virtual host is selected based on an incoming request's host header.
-	VirtualHosts []*VirtualHost `protobuf:"bytes,2,rep,name=virtual_hosts,json=virtualHosts,proto3" json:"virtual_hosts,omitempty"`
+	VirtualHosts []*VirtualHost `protobuf:"bytes,1,rep,name=virtual_hosts,json=virtualHosts,proto3" json:"virtual_hosts,omitempty"`
 }
 
 func (x *Route) Reset() {
 	*x = Route{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[0]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[0]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -52,7 +50,7 @@ func (x *Route) String() string {
 func (*Route) ProtoMessage() {}
 
 func (x *Route) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[0]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[0]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -65,14 +63,7 @@ func (x *Route) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Route.ProtoReflect.Descriptor instead.
 func (*Route) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Route) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{0}
 }
 
 func (x *Route) GetVirtualHosts() []*VirtualHost {
@@ -101,7 +92,7 @@ type VirtualHost struct {
 func (x *VirtualHost) Reset() {
 	*x = VirtualHost{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[1]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[1]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -114,7 +105,7 @@ func (x *VirtualHost) String() string {
 func (*VirtualHost) ProtoMessage() {}
 
 func (x *VirtualHost) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[1]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[1]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -127,7 +118,7 @@ func (x *VirtualHost) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use VirtualHost.ProtoReflect.Descriptor instead.
 func (*VirtualHost) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{1}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{1}
 }
 
 func (x *VirtualHost) GetName() string {
@@ -174,7 +165,7 @@ type RouteRule struct {
 func (x *RouteRule) Reset() {
 	*x = RouteRule{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[2]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[2]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -187,7 +178,7 @@ func (x *RouteRule) String() string {
 func (*RouteRule) ProtoMessage() {}
 
 func (x *RouteRule) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[2]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[2]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -200,7 +191,7 @@ func (x *RouteRule) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RouteRule.ProtoReflect.Descriptor instead.
 func (*RouteRule) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{2}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{2}
 }
 
 func (x *RouteRule) GetMatch() *RouteMatch {
@@ -239,7 +230,7 @@ type RouteMatch struct {
 func (x *RouteMatch) Reset() {
 	*x = RouteMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[3]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[3]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -252,7 +243,7 @@ func (x *RouteMatch) String() string {
 func (*RouteMatch) ProtoMessage() {}
 
 func (x *RouteMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[3]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[3]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -265,7 +256,7 @@ func (x *RouteMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RouteMatch.ProtoReflect.Descriptor instead.
 func (*RouteMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{3}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{3}
 }
 
 func (x *RouteMatch) GetPathMatch() *PathMatch {
@@ -312,7 +303,7 @@ type PathMatch struct {
 func (x *PathMatch) Reset() {
 	*x = PathMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[4]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[4]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -325,7 +316,7 @@ func (x *PathMatch) String() string {
 func (*PathMatch) ProtoMessage() {}
 
 func (x *PathMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[4]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[4]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -338,7 +329,7 @@ func (x *PathMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use PathMatch.ProtoReflect.Descriptor instead.
 func (*PathMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{4}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{4}
 }
 
 func (m *PathMatch) GetPathMatch() isPathMatch_PathMatch {
@@ -408,7 +399,7 @@ type QueryParameterMatch struct {
 func (x *QueryParameterMatch) Reset() {
 	*x = QueryParameterMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[5]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[5]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -421,7 +412,7 @@ func (x *QueryParameterMatch) String() string {
 func (*QueryParameterMatch) ProtoMessage() {}
 
 func (x *QueryParameterMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[5]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[5]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -434,7 +425,7 @@ func (x *QueryParameterMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use QueryParameterMatch.ProtoReflect.Descriptor instead.
 func (*QueryParameterMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{5}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{5}
 }
 
 func (x *QueryParameterMatch) GetName() string {
@@ -514,7 +505,7 @@ type HeaderMatch struct {
 func (x *HeaderMatch) Reset() {
 	*x = HeaderMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[6]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[6]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -527,7 +518,7 @@ func (x *HeaderMatch) String() string {
 func (*HeaderMatch) ProtoMessage() {}
 
 func (x *HeaderMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[6]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[6]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -540,7 +531,7 @@ func (x *HeaderMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HeaderMatch.ProtoReflect.Descriptor instead.
 func (*HeaderMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{6}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{6}
 }
 
 func (x *HeaderMatch) GetName() string {
@@ -652,7 +643,7 @@ type RouteDestination struct {
 func (x *RouteDestination) Reset() {
 	*x = RouteDestination{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[7]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[7]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -665,7 +656,7 @@ func (x *RouteDestination) String() string {
 func (*RouteDestination) ProtoMessage() {}
 
 func (x *RouteDestination) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[7]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[7]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -678,7 +669,7 @@ func (x *RouteDestination) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RouteDestination.ProtoReflect.Descriptor instead.
 func (*RouteDestination) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{7}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{7}
 }
 
 func (m *RouteDestination) GetDestination() isRouteDestination_Destination {
@@ -740,7 +731,7 @@ type DestinationConfiguration struct {
 func (x *DestinationConfiguration) Reset() {
 	*x = DestinationConfiguration{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[8]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[8]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -753,7 +744,7 @@ func (x *DestinationConfiguration) String() string {
 func (*DestinationConfiguration) ProtoMessage() {}
 
 func (x *DestinationConfiguration) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[8]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[8]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -766,7 +757,7 @@ func (x *DestinationConfiguration) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DestinationConfiguration.ProtoReflect.Descriptor instead.
 func (*DestinationConfiguration) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{8}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{8}
 }
 
 func (x *DestinationConfiguration) GetAutoHostRewrite() *wrapperspb.BoolValue {
@@ -817,7 +808,7 @@ type RetryPolicy struct {
 func (x *RetryPolicy) Reset() {
 	*x = RetryPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[9]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[9]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -830,7 +821,7 @@ func (x *RetryPolicy) String() string {
 func (*RetryPolicy) ProtoMessage() {}
 
 func (x *RetryPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[9]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[9]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -843,7 +834,7 @@ func (x *RetryPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RetryPolicy.ProtoReflect.Descriptor instead.
 func (*RetryPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{9}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{9}
 }
 
 func (x *RetryPolicy) GetRetryOn() string {
@@ -879,7 +870,7 @@ type TimeoutConfig struct {
 func (x *TimeoutConfig) Reset() {
 	*x = TimeoutConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[10]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[10]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -892,7 +883,7 @@ func (x *TimeoutConfig) String() string {
 func (*TimeoutConfig) ProtoMessage() {}
 
 func (x *TimeoutConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[10]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[10]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -905,7 +896,7 @@ func (x *TimeoutConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TimeoutConfig.ProtoReflect.Descriptor instead.
 func (*TimeoutConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{10}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{10}
 }
 
 func (x *TimeoutConfig) GetTimeout() *durationpb.Duration {
@@ -939,7 +930,7 @@ type LoadBalancerHashPolicy struct {
 func (x *LoadBalancerHashPolicy) Reset() {
 	*x = LoadBalancerHashPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[11]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[11]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -952,7 +943,7 @@ func (x *LoadBalancerHashPolicy) String() string {
 func (*LoadBalancerHashPolicy) ProtoMessage() {}
 
 func (x *LoadBalancerHashPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[11]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[11]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -965,7 +956,7 @@ func (x *LoadBalancerHashPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LoadBalancerHashPolicy.ProtoReflect.Descriptor instead.
 func (*LoadBalancerHashPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{11}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{11}
 }
 
 func (m *LoadBalancerHashPolicy) GetPolicy() isLoadBalancerHashPolicy_Policy {
@@ -1045,7 +1036,7 @@ type CookiePolicy struct {
 func (x *CookiePolicy) Reset() {
 	*x = CookiePolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[12]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[12]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1058,7 +1049,7 @@ func (x *CookiePolicy) String() string {
 func (*CookiePolicy) ProtoMessage() {}
 
 func (x *CookiePolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[12]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[12]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1071,7 +1062,7 @@ func (x *CookiePolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CookiePolicy.ProtoReflect.Descriptor instead.
 func (*CookiePolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{12}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{12}
 }
 
 func (x *CookiePolicy) GetName() string {
@@ -1114,7 +1105,7 @@ type HeaderPolicy struct {
 func (x *HeaderPolicy) Reset() {
 	*x = HeaderPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[13]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[13]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1127,7 +1118,7 @@ func (x *HeaderPolicy) String() string {
 func (*HeaderPolicy) ProtoMessage() {}
 
 func (x *HeaderPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[13]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[13]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1140,7 +1131,7 @@ func (x *HeaderPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HeaderPolicy.ProtoReflect.Descriptor instead.
 func (*HeaderPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{13}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{13}
 }
 
 func (x *HeaderPolicy) GetName() string {
@@ -1169,7 +1160,7 @@ type QueryParameterPolicy struct {
 func (x *QueryParameterPolicy) Reset() {
 	*x = QueryParameterPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[14]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[14]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1182,7 +1173,7 @@ func (x *QueryParameterPolicy) String() string {
 func (*QueryParameterPolicy) ProtoMessage() {}
 
 func (x *QueryParameterPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[14]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[14]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1195,7 +1186,7 @@ func (x *QueryParameterPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use QueryParameterPolicy.ProtoReflect.Descriptor instead.
 func (*QueryParameterPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{14}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{14}
 }
 
 func (x *QueryParameterPolicy) GetName() string {
@@ -1224,7 +1215,7 @@ type ConnectionPropertiesPolicy struct {
 func (x *ConnectionPropertiesPolicy) Reset() {
 	*x = ConnectionPropertiesPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[15]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[15]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1237,7 +1228,7 @@ func (x *ConnectionPropertiesPolicy) String() string {
 func (*ConnectionPropertiesPolicy) ProtoMessage() {}
 
 func (x *ConnectionPropertiesPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[15]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[15]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1250,7 +1241,7 @@ func (x *ConnectionPropertiesPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ConnectionPropertiesPolicy.ProtoReflect.Descriptor instead.
 func (*ConnectionPropertiesPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{15}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{15}
 }
 
 func (x *ConnectionPropertiesPolicy) GetSourceIp() bool {
@@ -1279,7 +1270,7 @@ type DestinationCluster struct {
 func (x *DestinationCluster) Reset() {
 	*x = DestinationCluster{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[16]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[16]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1292,7 +1283,7 @@ func (x *DestinationCluster) String() string {
 func (*DestinationCluster) ProtoMessage() {}
 
 func (x *DestinationCluster) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_route_proto_msgTypes[16]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[16]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1305,7 +1296,7 @@ func (x *DestinationCluster) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DestinationCluster.ProtoReflect.Descriptor instead.
 func (*DestinationCluster) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_route_proto_rawDescGZIP(), []int{16}
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{16}
 }
 
 func (x *DestinationCluster) GetName() string {
@@ -1315,302 +1306,323 @@ func (x *DestinationCluster) GetName() string {
 	return ""
 }
 
-var File_pbmesh_v1alpha1_route_proto protoreflect.FileDescriptor
+var File_pbmesh_v1alpha1_pbproxystate_route_proto protoreflect.FileDescriptor
 
-var file_pbmesh_v1alpha1_route_proto_rawDesc = []byte{
-	0x0a, 0x1b, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77,
-	0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70,
-	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x70, 0x62,
-	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x68, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x22, 0x6d, 0x0a, 0x05, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x50, 0x0a, 0x0d, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x68, 0x6f, 0x73,
-	0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+var file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDesc = []byte{
+	0x0a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x72,
+	0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72,
+	0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2a, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x1a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x66, 0x0a, 0x05, 0x52, 0x6f, 0x75, 0x74,
+	0x65, 0x12, 0x5d, 0x0a, 0x0d, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x68, 0x6f, 0x73,
+	0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61,
-	0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x0c, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f,
-	0x73, 0x74, 0x73, 0x22, 0xe2, 0x01, 0x0a, 0x0b, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48,
-	0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69,
-	0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
-	0x73, 0x12, 0x59, 0x0a, 0x10, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f,
+	0x73, 0x74, 0x52, 0x0c, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x73,
+	0x22, 0xfc, 0x01, 0x0a, 0x0b, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74,
+	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18,
+	0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x12, 0x66,
+	0x0a, 0x10, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x57, 0x0a, 0x0b, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f,
+	0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4a, 0x0a, 0x0b,
-	0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52,
+	0x75, 0x6c, 0x65, 0x52, 0x0a, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x22,
+	0xa3, 0x02, 0x0a, 0x09, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x4d, 0x0a,
+	0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x5f, 0x0a, 0x0b,
+	0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
 	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x0a, 0x72, 0x6f,
-	0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x22, 0xfc, 0x01, 0x0a, 0x09, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x40, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x52, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74,
-	0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52,
-	0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x59, 0x0a, 0x10,
-	0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75,
-	0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75,
-	0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xbe, 0x02, 0x0a, 0x0a, 0x52, 0x6f, 0x75, 0x74,
-	0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x48, 0x0a, 0x0a, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x6d,
-	0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x74, 0x68,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x09, 0x70, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x12, 0x52, 0x0a, 0x0e, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68,
-	0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
+	0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x66, 0x0a,
+	0x10, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe5, 0x02, 0x0a, 0x0a, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x12, 0x55, 0x0a, 0x0a, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x6d, 0x61, 0x74,
+	0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x0d, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x6d,
-	0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x6b, 0x0a, 0x17, 0x71,
-	0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x6d,
-	0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x51, 0x75,
-	0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x52, 0x15, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
-	0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x22, 0x63, 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x18, 0x0a,
-	0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52,
-	0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x42,
-	0x0c, 0x0a, 0x0a, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x22, 0x7e, 0x0a,
-	0x13, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63,
-	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74,
-	0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48,
-	0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x12, 0x1a, 0x0a, 0x07, 0x70, 0x72, 0x65, 0x73,
-	0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x07, 0x70, 0x72, 0x65,
-	0x73, 0x65, 0x6e, 0x74, 0x42, 0x07, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x22, 0xcd, 0x01,
-	0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x70, 0x72, 0x65,
-	0x66, 0x69, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x70, 0x72, 0x65,
-	0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a,
-	0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05,
-	0x72, 0x65, 0x67, 0x65, 0x78, 0x12, 0x1a, 0x0a, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74,
-	0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e,
-	0x74, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x5f, 0x6d, 0x61, 0x74, 0x63,
-	0x68, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x42, 0x07, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x22, 0xcf, 0x02,
-	0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x52, 0x09, 0x70, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x5f, 0x0a, 0x0e, 0x68,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
 	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x48, 0x00, 0x52, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74,
-	0x65, 0x72, 0x12, 0x65, 0x0a, 0x11, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x5f, 0x63,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c,
-	0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x10, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65,
-	0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x75, 0x0a, 0x19, 0x64, 0x65, 0x73,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x0d, 0x68,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e,
+	0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x03,
+	0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x65, 0x73, 0x12, 0x78, 0x0a, 0x17, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72,
+	0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x04,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
+	0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x15, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72,
+	0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x22, 0x63, 0x0a,
+	0x09, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78,
+	0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61,
+	0x63, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x05,
+	0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x72,
+	0x65, 0x67, 0x65, 0x78, 0x42, 0x0c, 0x0a, 0x0a, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x6d, 0x61, 0x74,
+	0x63, 0x68, 0x22, 0x7e, 0x0a, 0x13, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d,
+	0x65, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a,
+	0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05,
+	0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x12, 0x1a, 0x0a,
+	0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00,
+	0x52, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x42, 0x07, 0x0a, 0x05, 0x6d, 0x61, 0x74,
+	0x63, 0x68, 0x22, 0xcd, 0x01, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x18,
+	0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00,
+	0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x75, 0x66, 0x66,
+	0x69, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x75, 0x66, 0x66,
+	0x69, 0x78, 0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28,
+	0x09, 0x48, 0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x12, 0x1a, 0x0a, 0x07, 0x70, 0x72,
+	0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x07, 0x70,
+	0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x76, 0x65, 0x72, 0x74,
+	0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x6e,
+	0x76, 0x65, 0x72, 0x74, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x42, 0x07, 0x0a, 0x05, 0x6d, 0x61, 0x74,
+	0x63, 0x68, 0x22, 0xf7, 0x02, 0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74,
+	0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5b, 0x0a, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74,
+	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x48, 0x00, 0x52, 0x07, 0x63, 0x6c, 0x75,
+	0x73, 0x74, 0x65, 0x72, 0x12, 0x72, 0x0a, 0x11, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64,
+	0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37,
+	0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47,
+	0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x10, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64,
+	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x82, 0x01, 0x0a, 0x19, 0x64, 0x65, 0x73,
 	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68,
 	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65,
-	0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x18, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x42, 0x0d, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22,
-	0x8c, 0x03, 0x0a, 0x18, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x11,
-	0x61, 0x75, 0x74, 0x6f, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x52, 0x0f, 0x61, 0x75, 0x74, 0x6f, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x77,
-	0x72, 0x69, 0x74, 0x65, 0x12, 0x5b, 0x0a, 0x0d, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x70, 0x6f, 0x6c,
-	0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69,
+	0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x18, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x0d, 0x0a,
+	0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xb3, 0x03, 0x0a,
+	0x18, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x11, 0x61, 0x75, 0x74,
+	0x6f, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x52, 0x0f, 0x61, 0x75, 0x74, 0x6f, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74,
+	0x65, 0x12, 0x68, 0x0a, 0x0d, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69,
+	0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e,
+	0x63, 0x65, 0x72, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0c, 0x68,
+	0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x61, 0x0a, 0x0e, 0x74,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
+	0x0d, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25,
+	0x0a, 0x0e, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x52, 0x65,
+	0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x5b, 0x0a, 0x0c, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x70,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61,
-	0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x52, 0x0c, 0x68, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65,
-	0x73, 0x12, 0x54, 0x0a, 0x0e, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x6f,
-	0x75, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75,
-	0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x72, 0x65, 0x66, 0x69,
-	0x78, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0d, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x4e,
-	0x0a, 0x0c, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63,
-	0x79, 0x52, 0x0b, 0x72, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x9d,
-	0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x19,
-	0x0a, 0x08, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x3d, 0x0a, 0x0b, 0x6e, 0x75, 0x6d,
-	0x5f, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0a, 0x6e, 0x75,
-	0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x16, 0x72, 0x65, 0x74, 0x72,
-	0x69, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x63, 0x6f, 0x64,
-	0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x14, 0x72, 0x65, 0x74, 0x72, 0x69, 0x61,
-	0x62, 0x6c, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x22, 0x82,
-	0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69,
-	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x74, 0x69,
-	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65,
-	0x6f, 0x75, 0x74, 0x22, 0x86, 0x03, 0x0a, 0x16, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61,
-	0x6e, 0x63, 0x65, 0x72, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x46,
-	0x0a, 0x06, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52, 0x06,
-	0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x46, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x5f,
-	0x0a, 0x0f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
-	0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0b, 0x72, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x22, 0x9d, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x6f, 0x6e, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x3d, 0x0a,
+	0x0b, 0x6e, 0x75, 0x6d, 0x5f, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x52, 0x0a, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x16,
+	0x72, 0x65, 0x74, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x5f, 0x63, 0x6f, 0x64, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x14, 0x72, 0x65,
+	0x74, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64,
+	0x65, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, 0x6c,
+	0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, 0x65,
+	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0xba, 0x03, 0x0a, 0x16, 0x4c, 0x6f, 0x61, 0x64,
+	0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x12, 0x53, 0x0a, 0x06, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52,
+	0x06, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x53, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
 	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61,
-	0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52,
-	0x0e, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x12,
-	0x71, 0x0a, 0x15, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72,
-	0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72,
-	0x74, 0x69, 0x65, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52, 0x14, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69,
-	0x65, 0x73, 0x42, 0x08, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x7f, 0x0a, 0x0c,
-	0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x2b, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x12, 0x12, 0x0a,
-	0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74,
-	0x68, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x3e, 0x0a,
-	0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x46, 0x0a,
-	0x14, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x50,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x48, 0x00, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x6c, 0x0a, 0x0f,
+	0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74,
+	0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52, 0x0e, 0x71, 0x75, 0x65, 0x72,
+	0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x12, 0x7e, 0x0a, 0x15, 0x63, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74,
+	0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x47, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x48, 0x00, 0x52, 0x14, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x42, 0x08, 0x0a, 0x06, 0x70, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x22, 0x7f, 0x0a, 0x0c, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2b, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x03, 0x74, 0x74, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72,
+	0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72,
+	0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x3e, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50,
 	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
 	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72,
 	0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72,
-	0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x55, 0x0a, 0x1a, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70,
-	0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x28, 0x0a, 0x12,
-	0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74,
-	0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0x92, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0a, 0x52,
-	0x6f, 0x75, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74,
-	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70,
-	0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68,
-	0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
-	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
-	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d,
-	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73,
-	0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
+	0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x46, 0x0a, 0x14, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61,
+	0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x55, 0x0a,
+	0x1a, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x65,
+	0x72, 0x74, 0x69, 0x65, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72, 0x6d,
+	0x69, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72, 0x6d,
+	0x69, 0x6e, 0x61, 0x6c, 0x22, 0x28, 0x0a, 0x12, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0xd6,
+	0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x42, 0x0a, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01,
+	0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73,
+	0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa,
+	0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d,
+	0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
+	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
+	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
-	file_pbmesh_v1alpha1_route_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_route_proto_rawDescData = file_pbmesh_v1alpha1_route_proto_rawDesc
+	file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDesc
 )
 
-func file_pbmesh_v1alpha1_route_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_route_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_route_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_route_proto_rawDescData)
+func file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescData)
 	})
-	return file_pbmesh_v1alpha1_route_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_route_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
-var file_pbmesh_v1alpha1_route_proto_goTypes = []interface{}{
-	(*Route)(nil),                      // 0: hashicorp.consul.mesh.v1alpha1.Route
-	(*VirtualHost)(nil),                // 1: hashicorp.consul.mesh.v1alpha1.VirtualHost
-	(*RouteRule)(nil),                  // 2: hashicorp.consul.mesh.v1alpha1.RouteRule
-	(*RouteMatch)(nil),                 // 3: hashicorp.consul.mesh.v1alpha1.RouteMatch
-	(*PathMatch)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.PathMatch
-	(*QueryParameterMatch)(nil),        // 5: hashicorp.consul.mesh.v1alpha1.QueryParameterMatch
-	(*HeaderMatch)(nil),                // 6: hashicorp.consul.mesh.v1alpha1.HeaderMatch
-	(*RouteDestination)(nil),           // 7: hashicorp.consul.mesh.v1alpha1.RouteDestination
-	(*DestinationConfiguration)(nil),   // 8: hashicorp.consul.mesh.v1alpha1.DestinationConfiguration
-	(*RetryPolicy)(nil),                // 9: hashicorp.consul.mesh.v1alpha1.RetryPolicy
-	(*TimeoutConfig)(nil),              // 10: hashicorp.consul.mesh.v1alpha1.TimeoutConfig
-	(*LoadBalancerHashPolicy)(nil),     // 11: hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy
-	(*CookiePolicy)(nil),               // 12: hashicorp.consul.mesh.v1alpha1.CookiePolicy
-	(*HeaderPolicy)(nil),               // 13: hashicorp.consul.mesh.v1alpha1.HeaderPolicy
-	(*QueryParameterPolicy)(nil),       // 14: hashicorp.consul.mesh.v1alpha1.QueryParameterPolicy
-	(*ConnectionPropertiesPolicy)(nil), // 15: hashicorp.consul.mesh.v1alpha1.ConnectionPropertiesPolicy
-	(*DestinationCluster)(nil),         // 16: hashicorp.consul.mesh.v1alpha1.DestinationCluster
-	(*HeaderMutation)(nil),             // 17: hashicorp.consul.mesh.v1alpha1.HeaderMutation
-	(*L7WeightedClusterGroup)(nil),     // 18: hashicorp.consul.mesh.v1alpha1.L7WeightedClusterGroup
+	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
+var file_pbmesh_v1alpha1_pbproxystate_route_proto_goTypes = []interface{}{
+	(*Route)(nil),                      // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Route
+	(*VirtualHost)(nil),                // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.VirtualHost
+	(*RouteRule)(nil),                  // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteRule
+	(*RouteMatch)(nil),                 // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteMatch
+	(*PathMatch)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.PathMatch
+	(*QueryParameterMatch)(nil),        // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.QueryParameterMatch
+	(*HeaderMatch)(nil),                // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMatch
+	(*RouteDestination)(nil),           // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteDestination
+	(*DestinationConfiguration)(nil),   // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration
+	(*RetryPolicy)(nil),                // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.RetryPolicy
+	(*TimeoutConfig)(nil),              // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.TimeoutConfig
+	(*LoadBalancerHashPolicy)(nil),     // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy
+	(*CookiePolicy)(nil),               // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.CookiePolicy
+	(*HeaderPolicy)(nil),               // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderPolicy
+	(*QueryParameterPolicy)(nil),       // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.QueryParameterPolicy
+	(*ConnectionPropertiesPolicy)(nil), // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.ConnectionPropertiesPolicy
+	(*DestinationCluster)(nil),         // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationCluster
+	(*HeaderMutation)(nil),             // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
+	(*L7WeightedClusterGroup)(nil),     // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedClusterGroup
 	(*wrapperspb.BoolValue)(nil),       // 19: google.protobuf.BoolValue
 	(*wrapperspb.UInt32Value)(nil),     // 20: google.protobuf.UInt32Value
 	(*durationpb.Duration)(nil),        // 21: google.protobuf.Duration
 }
-var file_pbmesh_v1alpha1_route_proto_depIdxs = []int32{
-	1,  // 0: hashicorp.consul.mesh.v1alpha1.Route.virtual_hosts:type_name -> hashicorp.consul.mesh.v1alpha1.VirtualHost
-	17, // 1: hashicorp.consul.mesh.v1alpha1.VirtualHost.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMutation
-	2,  // 2: hashicorp.consul.mesh.v1alpha1.VirtualHost.route_rules:type_name -> hashicorp.consul.mesh.v1alpha1.RouteRule
-	3,  // 3: hashicorp.consul.mesh.v1alpha1.RouteRule.match:type_name -> hashicorp.consul.mesh.v1alpha1.RouteMatch
-	7,  // 4: hashicorp.consul.mesh.v1alpha1.RouteRule.destination:type_name -> hashicorp.consul.mesh.v1alpha1.RouteDestination
-	17, // 5: hashicorp.consul.mesh.v1alpha1.RouteRule.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMutation
-	4,  // 6: hashicorp.consul.mesh.v1alpha1.RouteMatch.path_match:type_name -> hashicorp.consul.mesh.v1alpha1.PathMatch
-	6,  // 7: hashicorp.consul.mesh.v1alpha1.RouteMatch.header_matches:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMatch
-	5,  // 8: hashicorp.consul.mesh.v1alpha1.RouteMatch.query_parameter_matches:type_name -> hashicorp.consul.mesh.v1alpha1.QueryParameterMatch
-	16, // 9: hashicorp.consul.mesh.v1alpha1.RouteDestination.cluster:type_name -> hashicorp.consul.mesh.v1alpha1.DestinationCluster
-	18, // 10: hashicorp.consul.mesh.v1alpha1.RouteDestination.weighted_clusters:type_name -> hashicorp.consul.mesh.v1alpha1.L7WeightedClusterGroup
-	8,  // 11: hashicorp.consul.mesh.v1alpha1.RouteDestination.destination_configuration:type_name -> hashicorp.consul.mesh.v1alpha1.DestinationConfiguration
-	19, // 12: hashicorp.consul.mesh.v1alpha1.DestinationConfiguration.auto_host_rewrite:type_name -> google.protobuf.BoolValue
-	11, // 13: hashicorp.consul.mesh.v1alpha1.DestinationConfiguration.hash_policies:type_name -> hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy
-	10, // 14: hashicorp.consul.mesh.v1alpha1.DestinationConfiguration.timeout_config:type_name -> hashicorp.consul.mesh.v1alpha1.TimeoutConfig
-	9,  // 15: hashicorp.consul.mesh.v1alpha1.DestinationConfiguration.retry_policy:type_name -> hashicorp.consul.mesh.v1alpha1.RetryPolicy
-	20, // 16: hashicorp.consul.mesh.v1alpha1.RetryPolicy.num_retries:type_name -> google.protobuf.UInt32Value
-	21, // 17: hashicorp.consul.mesh.v1alpha1.TimeoutConfig.timeout:type_name -> google.protobuf.Duration
-	21, // 18: hashicorp.consul.mesh.v1alpha1.TimeoutConfig.idle_timeout:type_name -> google.protobuf.Duration
-	12, // 19: hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy.cookie:type_name -> hashicorp.consul.mesh.v1alpha1.CookiePolicy
-	13, // 20: hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy.header:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderPolicy
-	14, // 21: hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy.query_parameter:type_name -> hashicorp.consul.mesh.v1alpha1.QueryParameterPolicy
-	15, // 22: hashicorp.consul.mesh.v1alpha1.LoadBalancerHashPolicy.connection_properties:type_name -> hashicorp.consul.mesh.v1alpha1.ConnectionPropertiesPolicy
-	21, // 23: hashicorp.consul.mesh.v1alpha1.CookiePolicy.ttl:type_name -> google.protobuf.Duration
+var file_pbmesh_v1alpha1_pbproxystate_route_proto_depIdxs = []int32{
+	1,  // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Route.virtual_hosts:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.VirtualHost
+	17, // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.VirtualHost.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
+	2,  // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.VirtualHost.route_rules:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteRule
+	3,  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteRule.match:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteMatch
+	7,  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteRule.destination:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteDestination
+	17, // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteRule.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
+	4,  // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteMatch.path_match:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.PathMatch
+	6,  // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteMatch.header_matches:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMatch
+	5,  // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteMatch.query_parameter_matches:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.QueryParameterMatch
+	16, // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteDestination.cluster:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationCluster
+	18, // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteDestination.weighted_clusters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedClusterGroup
+	8,  // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteDestination.destination_configuration:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration
+	19, // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration.auto_host_rewrite:type_name -> google.protobuf.BoolValue
+	11, // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration.hash_policies:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy
+	10, // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration.timeout_config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TimeoutConfig
+	9,  // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration.retry_policy:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RetryPolicy
+	20, // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.RetryPolicy.num_retries:type_name -> google.protobuf.UInt32Value
+	21, // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.TimeoutConfig.timeout:type_name -> google.protobuf.Duration
+	21, // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.TimeoutConfig.idle_timeout:type_name -> google.protobuf.Duration
+	12, // 19: hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy.cookie:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CookiePolicy
+	13, // 20: hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy.header:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderPolicy
+	14, // 21: hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy.query_parameter:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.QueryParameterPolicy
+	15, // 22: hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy.connection_properties:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.ConnectionPropertiesPolicy
+	21, // 23: hashicorp.consul.mesh.v1alpha1.pbproxystate.CookiePolicy.ttl:type_name -> google.protobuf.Duration
 	24, // [24:24] is the sub-list for method output_type
 	24, // [24:24] is the sub-list for method input_type
 	24, // [24:24] is the sub-list for extension type_name
@@ -1618,15 +1630,15 @@ var file_pbmesh_v1alpha1_route_proto_depIdxs = []int32{
 	0,  // [0:24] is the sub-list for field type_name
 }
 
-func init() { file_pbmesh_v1alpha1_route_proto_init() }
-func file_pbmesh_v1alpha1_route_proto_init() {
-	if File_pbmesh_v1alpha1_route_proto != nil {
+func init() { file_pbmesh_v1alpha1_pbproxystate_route_proto_init() }
+func file_pbmesh_v1alpha1_pbproxystate_route_proto_init() {
+	if File_pbmesh_v1alpha1_pbproxystate_route_proto != nil {
 		return
 	}
-	file_pbmesh_v1alpha1_cluster_proto_init()
-	file_pbmesh_v1alpha1_header_mutations_proto_init()
+	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_init()
+	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_init()
 	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_route_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Route); i {
 			case 0:
 				return &v.state
@@ -1638,7 +1650,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*VirtualHost); i {
 			case 0:
 				return &v.state
@@ -1650,7 +1662,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*RouteRule); i {
 			case 0:
 				return &v.state
@@ -1662,7 +1674,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*RouteMatch); i {
 			case 0:
 				return &v.state
@@ -1674,7 +1686,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*PathMatch); i {
 			case 0:
 				return &v.state
@@ -1686,7 +1698,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*QueryParameterMatch); i {
 			case 0:
 				return &v.state
@@ -1698,7 +1710,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HeaderMatch); i {
 			case 0:
 				return &v.state
@@ -1710,7 +1722,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*RouteDestination); i {
 			case 0:
 				return &v.state
@@ -1722,7 +1734,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*DestinationConfiguration); i {
 			case 0:
 				return &v.state
@@ -1734,7 +1746,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*RetryPolicy); i {
 			case 0:
 				return &v.state
@@ -1746,7 +1758,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*TimeoutConfig); i {
 			case 0:
 				return &v.state
@@ -1758,7 +1770,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*LoadBalancerHashPolicy); i {
 			case 0:
 				return &v.state
@@ -1770,7 +1782,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*CookiePolicy); i {
 			case 0:
 				return &v.state
@@ -1782,7 +1794,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HeaderPolicy); i {
 			case 0:
 				return &v.state
@@ -1794,7 +1806,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*QueryParameterPolicy); i {
 			case 0:
 				return &v.state
@@ -1806,7 +1818,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*ConnectionPropertiesPolicy); i {
 			case 0:
 				return &v.state
@@ -1818,7 +1830,7 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_route_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*DestinationCluster); i {
 			case 0:
 				return &v.state
@@ -1831,28 +1843,28 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 			}
 		}
 	}
-	file_pbmesh_v1alpha1_route_proto_msgTypes[4].OneofWrappers = []interface{}{
+	file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[4].OneofWrappers = []interface{}{
 		(*PathMatch_Exact)(nil),
 		(*PathMatch_Prefix)(nil),
 		(*PathMatch_Regex)(nil),
 	}
-	file_pbmesh_v1alpha1_route_proto_msgTypes[5].OneofWrappers = []interface{}{
+	file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[5].OneofWrappers = []interface{}{
 		(*QueryParameterMatch_Exact)(nil),
 		(*QueryParameterMatch_Regex)(nil),
 		(*QueryParameterMatch_Present)(nil),
 	}
-	file_pbmesh_v1alpha1_route_proto_msgTypes[6].OneofWrappers = []interface{}{
+	file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[6].OneofWrappers = []interface{}{
 		(*HeaderMatch_Exact)(nil),
 		(*HeaderMatch_Prefix)(nil),
 		(*HeaderMatch_Suffix)(nil),
 		(*HeaderMatch_Regex)(nil),
 		(*HeaderMatch_Present)(nil),
 	}
-	file_pbmesh_v1alpha1_route_proto_msgTypes[7].OneofWrappers = []interface{}{
+	file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[7].OneofWrappers = []interface{}{
 		(*RouteDestination_Cluster)(nil),
 		(*RouteDestination_WeightedClusters)(nil),
 	}
-	file_pbmesh_v1alpha1_route_proto_msgTypes[11].OneofWrappers = []interface{}{
+	file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[11].OneofWrappers = []interface{}{
 		(*LoadBalancerHashPolicy_Cookie)(nil),
 		(*LoadBalancerHashPolicy_Header)(nil),
 		(*LoadBalancerHashPolicy_QueryParameter)(nil),
@@ -1862,18 +1874,18 @@ func file_pbmesh_v1alpha1_route_proto_init() {
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_route_proto_rawDesc,
+			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDesc,
 			NumEnums:      0,
 			NumMessages:   17,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
-		GoTypes:           file_pbmesh_v1alpha1_route_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_route_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_route_proto_msgTypes,
+		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_route_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_route_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes,
 	}.Build()
-	File_pbmesh_v1alpha1_route_proto = out.File
-	file_pbmesh_v1alpha1_route_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_route_proto_goTypes = nil
-	file_pbmesh_v1alpha1_route_proto_depIdxs = nil
+	File_pbmesh_v1alpha1_pbproxystate_route_proto = out.File
+	file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_pbproxystate_route_proto_goTypes = nil
+	file_pbmesh_v1alpha1_pbproxystate_route_proto_depIdxs = nil
 }
diff --git a/proto-public/pbmesh/v1alpha1/route.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
similarity index 93%
rename from proto-public/pbmesh/v1alpha1/route.proto
rename to proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
index adcf350bc127..2ec10f3737d1 100644
--- a/proto-public/pbmesh/v1alpha1/route.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
@@ -3,18 +3,16 @@
 
 syntax = "proto3";
 
-package hashicorp.consul.mesh.v1alpha1;
+package hashicorp.consul.mesh.v1alpha1.pbproxystate;
 
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
-import "pbmesh/v1alpha1/cluster.proto";
-import "pbmesh/v1alpha1/header_mutations.proto";
+import "pbmesh/v1alpha1/pbproxystate/cluster.proto";
+import "pbmesh/v1alpha1/pbproxystate/header_mutations.proto";
 
 message Route {
-  // name is the name of the route.
-  string name = 1;
   // virtual_hosts is a list of virtual hosts. A virtual host is selected based on an incoming request's host header.
-  repeated VirtualHost virtual_hosts = 2;
+  repeated VirtualHost virtual_hosts = 1;
 }
 
 message VirtualHost {
diff --git a/proto-public/pbmesh/v1alpha1/transport_socket.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.binary.go
similarity index 97%
rename from proto-public/pbmesh/v1alpha1/transport_socket.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.binary.go
index 6669cd6f0ad3..c659541c9214 100644
--- a/proto-public/pbmesh/v1alpha1/transport_socket.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.binary.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/transport_socket.proto
+// source: pbmesh/v1alpha1/pbproxystate/transport_socket.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	"google.golang.org/protobuf/proto"
diff --git a/proto-public/pbmesh/v1alpha1/transport_socket.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
similarity index 52%
rename from proto-public/pbmesh/v1alpha1/transport_socket.pb.go
rename to proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
index 210ca364f889..c5615447b041 100644
--- a/proto-public/pbmesh/v1alpha1/transport_socket.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
@@ -5,9 +5,9 @@
 // versions:
 // 	protoc-gen-go v1.30.0
 // 	protoc        (unknown)
-// source: pbmesh/v1alpha1/transport_socket.proto
+// source: pbmesh/v1alpha1/pbproxystate/transport_socket.proto
 
-package meshv1alpha1
+package pbproxystate
 
 import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
@@ -69,11 +69,11 @@ func (x TLSVersion) String() string {
 }
 
 func (TLSVersion) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_transport_socket_proto_enumTypes[0].Descriptor()
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes[0].Descriptor()
 }
 
 func (TLSVersion) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_transport_socket_proto_enumTypes[0]
+	return &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes[0]
 }
 
 func (x TLSVersion) Number() protoreflect.EnumNumber {
@@ -82,7 +82,7 @@ func (x TLSVersion) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use TLSVersion.Descriptor instead.
 func (TLSVersion) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{0}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{0}
 }
 
 type TLSCipherSuite int32
@@ -152,11 +152,11 @@ func (x TLSCipherSuite) String() string {
 }
 
 func (TLSCipherSuite) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_transport_socket_proto_enumTypes[1].Descriptor()
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes[1].Descriptor()
 }
 
 func (TLSCipherSuite) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_transport_socket_proto_enumTypes[1]
+	return &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes[1]
 }
 
 func (x TLSCipherSuite) Number() protoreflect.EnumNumber {
@@ -165,7 +165,7 @@ func (x TLSCipherSuite) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use TLSCipherSuite.Descriptor instead.
 func (TLSCipherSuite) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{1}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{1}
 }
 
 type TLS struct {
@@ -178,14 +178,12 @@ type TLS struct {
 	InboundTlsParameters *TLSParameters `protobuf:"bytes,1,opt,name=inbound_tls_parameters,json=inboundTlsParameters,proto3" json:"inbound_tls_parameters,omitempty"`
 	// outbound_tls_parameters has default TLS parameter configuration for inbound connections. These can be overridden per transport socket.
 	OutboundTlsParameters *TLSParameters `protobuf:"bytes,2,opt,name=outbound_tls_parameters,json=outboundTlsParameters,proto3" json:"outbound_tls_parameters,omitempty"`
-	// TrustBundles is a map of peer name to trust domain. The V2 resource tenancy field will have the peer, which will be either local, or have a peer name. The map keys would be "local" or the name of the peer if it is for a remote peer. The peer name and trust domain will be used to look up CA pems for a trust domain.
-	TrustBundles map[string]string `protobuf:"bytes,3,rep,name=trust_bundles,json=trustBundles,proto3" json:"trust_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 }
 
 func (x *TLS) Reset() {
 	*x = TLS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[0]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[0]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -198,7 +196,7 @@ func (x *TLS) String() string {
 func (*TLS) ProtoMessage() {}
 
 func (x *TLS) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[0]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[0]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -211,7 +209,7 @@ func (x *TLS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TLS.ProtoReflect.Descriptor instead.
 func (*TLS) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{0}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{0}
 }
 
 func (x *TLS) GetInboundTlsParameters() *TLSParameters {
@@ -228,13 +226,6 @@ func (x *TLS) GetOutboundTlsParameters() *TLSParameters {
 	return nil
 }
 
-func (x *TLS) GetTrustBundles() map[string]string {
-	if x != nil {
-		return x.TrustBundles
-	}
-	return nil
-}
-
 type TransportSocket struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -255,7 +246,7 @@ type TransportSocket struct {
 func (x *TransportSocket) Reset() {
 	*x = TransportSocket{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[1]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[1]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -268,7 +259,7 @@ func (x *TransportSocket) String() string {
 func (*TransportSocket) ProtoMessage() {}
 
 func (x *TransportSocket) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[1]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[1]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -281,7 +272,7 @@ func (x *TransportSocket) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TransportSocket.ProtoReflect.Descriptor instead.
 func (*TransportSocket) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{1}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{1}
 }
 
 func (m *TransportSocket) GetConnectionTls() isTransportSocket_ConnectionTls {
@@ -379,7 +370,7 @@ type InboundMeshMTLS struct {
 func (x *InboundMeshMTLS) Reset() {
 	*x = InboundMeshMTLS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[2]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[2]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -392,7 +383,7 @@ func (x *InboundMeshMTLS) String() string {
 func (*InboundMeshMTLS) ProtoMessage() {}
 
 func (x *InboundMeshMTLS) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[2]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[2]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -405,7 +396,7 @@ func (x *InboundMeshMTLS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use InboundMeshMTLS.ProtoReflect.Descriptor instead.
 func (*InboundMeshMTLS) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{2}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{2}
 }
 
 func (x *InboundMeshMTLS) GetIdentityKey() string {
@@ -438,7 +429,7 @@ type OutboundMeshMTLS struct {
 func (x *OutboundMeshMTLS) Reset() {
 	*x = OutboundMeshMTLS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[3]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[3]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -451,7 +442,7 @@ func (x *OutboundMeshMTLS) String() string {
 func (*OutboundMeshMTLS) ProtoMessage() {}
 
 func (x *OutboundMeshMTLS) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[3]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[3]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -464,7 +455,7 @@ func (x *OutboundMeshMTLS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use OutboundMeshMTLS.ProtoReflect.Descriptor instead.
 func (*OutboundMeshMTLS) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{3}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{3}
 }
 
 func (x *OutboundMeshMTLS) GetIdentityKey() string {
@@ -505,7 +496,7 @@ type InboundNonMeshTLS struct {
 func (x *InboundNonMeshTLS) Reset() {
 	*x = InboundNonMeshTLS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[4]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[4]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -518,7 +509,7 @@ func (x *InboundNonMeshTLS) String() string {
 func (*InboundNonMeshTLS) ProtoMessage() {}
 
 func (x *InboundNonMeshTLS) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[4]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[4]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -531,7 +522,7 @@ func (x *InboundNonMeshTLS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use InboundNonMeshTLS.ProtoReflect.Descriptor instead.
 func (*InboundNonMeshTLS) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{4}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{4}
 }
 
 func (m *InboundNonMeshTLS) GetIdentity() isInboundNonMeshTLS_Identity {
@@ -589,7 +580,7 @@ type OutboundNonMeshTLS struct {
 func (x *OutboundNonMeshTLS) Reset() {
 	*x = OutboundNonMeshTLS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[5]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[5]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -602,7 +593,7 @@ func (x *OutboundNonMeshTLS) String() string {
 func (*OutboundNonMeshTLS) ProtoMessage() {}
 
 func (x *OutboundNonMeshTLS) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[5]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[5]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -615,7 +606,7 @@ func (x *OutboundNonMeshTLS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use OutboundNonMeshTLS.ProtoReflect.Descriptor instead.
 func (*OutboundNonMeshTLS) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{5}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{5}
 }
 
 func (x *OutboundNonMeshTLS) GetCertFile() string {
@@ -653,7 +644,7 @@ type MeshInboundValidationContext struct {
 func (x *MeshInboundValidationContext) Reset() {
 	*x = MeshInboundValidationContext{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[6]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[6]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -666,7 +657,7 @@ func (x *MeshInboundValidationContext) String() string {
 func (*MeshInboundValidationContext) ProtoMessage() {}
 
 func (x *MeshInboundValidationContext) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[6]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[6]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -679,7 +670,7 @@ func (x *MeshInboundValidationContext) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use MeshInboundValidationContext.ProtoReflect.Descriptor instead.
 func (*MeshInboundValidationContext) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{6}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{6}
 }
 
 func (x *MeshInboundValidationContext) GetTrustBundlePeerNameKeys() []string {
@@ -704,7 +695,7 @@ type MeshOutboundValidationContext struct {
 func (x *MeshOutboundValidationContext) Reset() {
 	*x = MeshOutboundValidationContext{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[7]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[7]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -717,7 +708,7 @@ func (x *MeshOutboundValidationContext) String() string {
 func (*MeshOutboundValidationContext) ProtoMessage() {}
 
 func (x *MeshOutboundValidationContext) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[7]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[7]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -730,7 +721,7 @@ func (x *MeshOutboundValidationContext) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use MeshOutboundValidationContext.ProtoReflect.Descriptor instead.
 func (*MeshOutboundValidationContext) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{7}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{7}
 }
 
 func (x *MeshOutboundValidationContext) GetTrustBundlePeerNameKey() string {
@@ -759,7 +750,7 @@ type NonMeshOutboundValidationContext struct {
 func (x *NonMeshOutboundValidationContext) Reset() {
 	*x = NonMeshOutboundValidationContext{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[8]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[8]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -772,7 +763,7 @@ func (x *NonMeshOutboundValidationContext) String() string {
 func (*NonMeshOutboundValidationContext) ProtoMessage() {}
 
 func (x *NonMeshOutboundValidationContext) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[8]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[8]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -785,7 +776,7 @@ func (x *NonMeshOutboundValidationContext) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use NonMeshOutboundValidationContext.ProtoReflect.Descriptor instead.
 func (*NonMeshOutboundValidationContext) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{8}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{8}
 }
 
 func (x *NonMeshOutboundValidationContext) GetCaFile() string {
@@ -807,7 +798,7 @@ type SDSCertificate struct {
 func (x *SDSCertificate) Reset() {
 	*x = SDSCertificate{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[9]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[9]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -820,7 +811,7 @@ func (x *SDSCertificate) String() string {
 func (*SDSCertificate) ProtoMessage() {}
 
 func (x *SDSCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[9]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[9]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -833,7 +824,7 @@ func (x *SDSCertificate) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SDSCertificate.ProtoReflect.Descriptor instead.
 func (*SDSCertificate) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{9}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{9}
 }
 
 func (x *SDSCertificate) GetClusterName() string {
@@ -855,15 +846,15 @@ type TLSParameters struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	MinVersion   TLSVersion       `protobuf:"varint,1,opt,name=min_version,json=minVersion,proto3,enum=hashicorp.consul.mesh.v1alpha1.TLSVersion" json:"min_version,omitempty"`
-	MaxVersion   TLSVersion       `protobuf:"varint,2,opt,name=max_version,json=maxVersion,proto3,enum=hashicorp.consul.mesh.v1alpha1.TLSVersion" json:"max_version,omitempty"`
-	CipherSuites []TLSCipherSuite `protobuf:"varint,3,rep,packed,name=cipher_suites,json=cipherSuites,proto3,enum=hashicorp.consul.mesh.v1alpha1.TLSCipherSuite" json:"cipher_suites,omitempty"`
+	MinVersion   TLSVersion       `protobuf:"varint,1,opt,name=min_version,json=minVersion,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSVersion" json:"min_version,omitempty"`
+	MaxVersion   TLSVersion       `protobuf:"varint,2,opt,name=max_version,json=maxVersion,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSVersion" json:"max_version,omitempty"`
+	CipherSuites []TLSCipherSuite `protobuf:"varint,3,rep,packed,name=cipher_suites,json=cipherSuites,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSCipherSuite" json:"cipher_suites,omitempty"`
 }
 
 func (x *TLSParameters) Reset() {
 	*x = TLSParameters{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[10]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[10]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -876,7 +867,7 @@ func (x *TLSParameters) String() string {
 func (*TLSParameters) ProtoMessage() {}
 
 func (x *TLSParameters) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[10]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[10]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -889,7 +880,7 @@ func (x *TLSParameters) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TLSParameters.ProtoReflect.Descriptor instead.
 func (*TLSParameters) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{10}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{10}
 }
 
 func (x *TLSParameters) GetMinVersion() TLSVersion {
@@ -925,7 +916,7 @@ type LeafCertificate struct {
 func (x *LeafCertificate) Reset() {
 	*x = LeafCertificate{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[11]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[11]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -938,7 +929,7 @@ func (x *LeafCertificate) String() string {
 func (*LeafCertificate) ProtoMessage() {}
 
 func (x *LeafCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[11]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[11]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -951,7 +942,7 @@ func (x *LeafCertificate) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LeafCertificate.ProtoReflect.Descriptor instead.
 func (*LeafCertificate) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{11}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{11}
 }
 
 func (x *LeafCertificate) GetCert() string {
@@ -973,13 +964,14 @@ type TrustBundle struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Ca string `protobuf:"bytes,1,opt,name=ca,proto3" json:"ca,omitempty"`
+	TrustDomain string   `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
+	Roots       []string `protobuf:"bytes,2,rep,name=roots,proto3" json:"roots,omitempty"`
 }
 
 func (x *TrustBundle) Reset() {
 	*x = TrustBundle{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[12]
+		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[12]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -992,7 +984,7 @@ func (x *TrustBundle) String() string {
 func (*TrustBundle) ProtoMessage() {}
 
 func (x *TrustBundle) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[12]
+	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[12]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1005,301 +997,316 @@ func (x *TrustBundle) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TrustBundle.ProtoReflect.Descriptor instead.
 func (*TrustBundle) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP(), []int{12}
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{12}
 }
 
-func (x *TrustBundle) GetCa() string {
+func (x *TrustBundle) GetTrustDomain() string {
 	if x != nil {
-		return x.Ca
+		return x.TrustDomain
 	}
 	return ""
 }
 
-var File_pbmesh_v1alpha1_transport_socket_proto protoreflect.FileDescriptor
+func (x *TrustBundle) GetRoots() []string {
+	if x != nil {
+		return x.Roots
+	}
+	return nil
+}
+
+var File_pbmesh_v1alpha1_pbproxystate_transport_socket_proto protoreflect.FileDescriptor
 
-var file_pbmesh_v1alpha1_transport_socket_proto_rawDesc = []byte{
-	0x0a, 0x26, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b,
-	0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+var file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDesc = []byte{
+	0x0a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x74,
+	0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x22, 0xeb, 0x01, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x70, 0x0a, 0x16, 0x69, 0x6e,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65,
+	0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61,
+	0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x14, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54,
+	0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x72, 0x0a, 0x17,
+	0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x70, 0x61, 0x72,
+	0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x50,
+	0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f,
+	0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73,
+	0x22, 0xd1, 0x04, 0x0a, 0x0f, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f,
+	0x63, 0x6b, 0x65, 0x74, 0x12, 0x61, 0x0a, 0x0c, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f,
+	0x6d, 0x65, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64,
+	0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0b, 0x69, 0x6e, 0x62, 0x6f,
+	0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x64, 0x0a, 0x0d, 0x6f, 0x75, 0x74, 0x62, 0x6f,
+	0x75, 0x6e, 0x64, 0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52,
+	0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x6a, 0x0a,
+	0x10, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x73,
+	0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
 	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0xee, 0x02, 0x0a, 0x03, 0x54, 0x4c, 0x53,
-	0x12, 0x63, 0x0a, 0x16, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x5f,
-	0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e,
+	0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0e, 0x69, 0x6e, 0x62, 0x6f, 0x75,
+	0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x6d, 0x0a, 0x11, 0x6f, 0x75, 0x74,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65,
+	0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0f, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e,
+	0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x61, 0x0a, 0x0e, 0x74, 0x6c, 0x73, 0x5f,
+	0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
 	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52,
-	0x14, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d,
-	0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x65, 0x0a, 0x17, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e,
-	0x64, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d,
-	0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54,
-	0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x5a, 0x0a, 0x0d,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75,
-	0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x74, 0x72, 0x75, 0x73,
-	0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x1a, 0x3f, 0x0a, 0x11, 0x54, 0x72, 0x75, 0x73,
-	0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a,
-	0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12,
-	0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x90, 0x04, 0x0a, 0x0f, 0x54, 0x72,
-	0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x54, 0x0a,
-	0x0c, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68,
-	0x4d, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0b, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d,
-	0x65, 0x73, 0x68, 0x12, 0x57, 0x0a, 0x0d, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f,
-	0x6d, 0x65, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73,
+	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54,
+	0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x0d, 0x74, 0x6c,
+	0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x61,
+	0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x06, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x0d, 0x61, 0x6c, 0x70, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
+	0x6c, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x5f, 0x74, 0x6c, 0x73, 0x22, 0xae, 0x01, 0x0a, 0x0f, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64,
+	0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x74, 0x79, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
+	0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x78, 0x0a, 0x12, 0x76,
+	0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78,
+	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e,
+	0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65,
+	0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
+	0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0xc2, 0x01, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75,
+	0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x64,
+	0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x79, 0x0a,
+	0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74,
+	0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
+	0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x22, 0x8d, 0x01, 0x0a, 0x11, 0x49,
+	0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53,
+	0x12, 0x1b, 0x0a, 0x08, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x48, 0x00, 0x52, 0x07, 0x6c, 0x65, 0x61, 0x66, 0x4b, 0x65, 0x79, 0x12, 0x4f, 0x0a,
+	0x03, 0x73, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73,
 	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x62,
-	0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0c,
-	0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x5d, 0x0a, 0x10,
-	0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x73, 0x68,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e,
-	0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0e, 0x69, 0x6e, 0x62,
-	0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x60, 0x0a, 0x11, 0x6f,
-	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x73, 0x68,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64,
-	0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0f, 0x6f, 0x75,
-	0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x54, 0x0a,
-	0x0e, 0x74, 0x6c, 0x73, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18,
-	0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x44, 0x53, 0x43, 0x65, 0x72, 0x74,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x03, 0x73, 0x64, 0x73, 0x42, 0x0a,
+	0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0xca, 0x01, 0x0a, 0x12, 0x4f,
+	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c,
+	0x53, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x65, 0x72, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x19,
+	0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x07, 0x6b, 0x65, 0x79, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x7c, 0x0a, 0x12, 0x76, 0x61, 0x6c,
+	0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
 	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65,
-	0x74, 0x65, 0x72, 0x73, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74,
-	0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x61, 0x6c, 0x70,
-	0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x22, 0xa1, 0x01, 0x0a,
-	0x0f, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53,
-	0x12, 0x21, 0x0a, 0x0c, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6b, 0x65, 0x79,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
-	0x4b, 0x65, 0x79, 0x12, 0x6b, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x4d, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69,
-	0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76,
-	0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74,
-	0x22, 0xb5, 0x01, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73,
-	0x68, 0x4d, 0x54, 0x4c, 0x53, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
-	0x79, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x64, 0x65,
-	0x6e, 0x74, 0x69, 0x74, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x6c, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69,
-	0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75,
-	0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74,
-	0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43,
-	0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x22, 0x80, 0x01, 0x0a, 0x11, 0x49, 0x6e, 0x62,
-	0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x12, 0x1b,
-	0x0a, 0x08, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x48, 0x00, 0x52, 0x07, 0x6c, 0x65, 0x61, 0x66, 0x4b, 0x65, 0x79, 0x12, 0x42, 0x0a, 0x03, 0x73,
-	0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x44, 0x53, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x03, 0x73, 0x64, 0x73, 0x42,
-	0x0a, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0xbd, 0x01, 0x0a, 0x12,
-	0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54,
-	0x4c, 0x53, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x65, 0x72, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x12,
-	0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x6f, 0x0a, 0x12, 0x76, 0x61,
-	0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x4f,
-	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x5c, 0x0a, 0x1c, 0x4d,
-	0x65, 0x73, 0x68, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3c, 0x0a, 0x1b, 0x74,
-	0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72,
-	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09,
-	0x52, 0x17, 0x74, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65,
-	0x72, 0x4e, 0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x7a, 0x0a, 0x1d, 0x4d, 0x65, 0x73,
-	0x68, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3a, 0x0a, 0x1a, 0x74, 0x72,
-	0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f,
-	0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65, 0x72, 0x4e,
-	0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65,
-	0x5f, 0x69, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x70, 0x69, 0x66,
-	0x66, 0x65, 0x49, 0x64, 0x73, 0x22, 0x3b, 0x0a, 0x20, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68,
-	0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x5f,
-	0x66, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x63, 0x61, 0x46, 0x69,
-	0x6c, 0x65, 0x22, 0x58, 0x0a, 0x0e, 0x53, 0x44, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6c, 0x75, 0x73,
-	0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x65, 0x72, 0x74, 0x5f,
-	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c,
-	0x63, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0xfe, 0x01, 0x0a,
-	0x0d, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4b,
-	0x0a, 0x0b, 0x6d, 0x69, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52,
-	0x0a, 0x6d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x4b, 0x0a, 0x0b, 0x6d,
-	0x61, 0x78, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e,
-	0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x6d, 0x61,
-	0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x53, 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68,
-	0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32,
-	0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0x2e, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x62, 0x6f,
+	0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e,
+	0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x5c, 0x0a, 0x1c, 0x4d, 0x65, 0x73, 0x68, 0x49,
+	0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3c, 0x0a, 0x1b, 0x74, 0x72, 0x75, 0x73, 0x74,
+	0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d,
+	0x65, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x74, 0x72,
+	0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d,
+	0x65, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x7a, 0x0a, 0x1d, 0x4d, 0x65, 0x73, 0x68, 0x4f, 0x75, 0x74,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43,
+	0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3a, 0x0a, 0x1a, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f,
+	0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
+	0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x74, 0x72, 0x75, 0x73,
+	0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x4b,
+	0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x73,
+	0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64,
+	0x73, 0x22, 0x3b, 0x0a, 0x20, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
+	0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x5f, 0x66, 0x69, 0x6c, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x63, 0x61, 0x46, 0x69, 0x6c, 0x65, 0x22, 0x58,
+	0x0a, 0x0e, 0x53, 0x44, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4e,
+	0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x72, 0x65, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x65, 0x72, 0x74,
+	0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0xa5, 0x02, 0x0a, 0x0d, 0x54, 0x4c, 0x53,
+	0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x58, 0x0a, 0x0b, 0x6d, 0x69,
+	0x6e, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32,
+	0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
 	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x52,
-	0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x37, 0x0a,
-	0x0f, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x63, 0x65, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x22, 0x1d, 0x0a, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42,
-	0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x63, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x02, 0x63, 0x61, 0x2a, 0xac, 0x01, 0x0a, 0x0a, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72,
-	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53,
-	0x49, 0x4f, 0x4e, 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c,
-	0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12,
-	0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31,
-	0x5f, 0x31, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53,
-	0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x32, 0x10, 0x03, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53,
-	0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x12, 0x17,
-	0x0a, 0x13, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x49, 0x4e,
-	0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x54, 0x4c, 0x53, 0x5f, 0x56,
-	0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
-	0x45, 0x44, 0x10, 0x06, 0x2a, 0x84, 0x05, 0x0a, 0x0e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68,
-	0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43,
-	0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48,
-	0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x47,
-	0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x00, 0x12, 0x32, 0x0a, 0x2e, 0x54,
-	0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f,
-	0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x43, 0x48, 0x41, 0x43,
-	0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x10, 0x01, 0x12,
-	0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55,
-	0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45,
-	0x53, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10,
-	0x02, 0x12, 0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f,
-	0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f,
-	0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30,
-	0x35, 0x10, 0x03, 0x12, 0x2b, 0x0a, 0x27, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
+	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c,
+	0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x6d, 0x69, 0x6e, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x58, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f, 0x76, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x60,
+	0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18,
+	0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69,
+	0x74, 0x65, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73,
+	0x22, 0x37, 0x0a, 0x0f, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x22, 0x46, 0x0a, 0x0b, 0x54, 0x72, 0x75,
+	0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x72, 0x75, 0x73,
+	0x74, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
+	0x74, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x72,
+	0x6f, 0x6f, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x72, 0x6f, 0x6f, 0x74,
+	0x73, 0x2a, 0xac, 0x01, 0x0a, 0x0a, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x12, 0x14, 0x0a, 0x10, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f,
+	0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45,
+	0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x54,
+	0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x31, 0x10, 0x02,
+	0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f,
+	0x31, 0x5f, 0x32, 0x10, 0x03, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52,
+	0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x4c,
+	0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49,
+	0x44, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49,
+	0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x06,
+	0x2a, 0x84, 0x05, 0x0a, 0x0e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75,
+	0x69, 0x74, 0x65, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
 	0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43,
-	0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x04,
-	0x12, 0x29, 0x0a, 0x25, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53,
-	0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41,
-	0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x05, 0x12, 0x26, 0x0a, 0x22, 0x54,
-	0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f,
-	0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35,
-	0x36, 0x10, 0x06, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
-	0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53,
-	0x48, 0x41, 0x10, 0x07, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48,
-	0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45,
-	0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f,
-	0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x08, 0x12, 0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f,
-	0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44,
-	0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43,
-	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x09, 0x12, 0x2b, 0x0a, 0x27, 0x54, 0x4c,
-	0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45,
-	0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35,
-	0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0a, 0x12, 0x29, 0x0a, 0x25, 0x54, 0x4c, 0x53, 0x5f, 0x43,
+	0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53,
+	0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x00, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43,
 	0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48,
-	0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41,
-	0x10, 0x0b, 0x12, 0x26, 0x0a, 0x22, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52,
-	0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43,
-	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x4c,
-	0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41,
-	0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0d, 0x42, 0x9c, 0x02, 0x0a, 0x22,
-	0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x42, 0x14, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63,
-	0x6b, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68,
-	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75,
-	0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
-	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
-	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65,
-	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68,
-	0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30,
+	0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x10, 0x01, 0x12, 0x30, 0x0a, 0x2c, 0x54,
+	0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f,
+	0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38,
+	0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x02, 0x12, 0x30, 0x0a,
+	0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54,
+	0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x43, 0x48, 0x41, 0x43,
+	0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x10, 0x03, 0x12,
+	0x2b, 0x0a, 0x27, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55,
+	0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f,
+	0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x04, 0x12, 0x29, 0x0a, 0x25,
+	0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45,
+	0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32,
+	0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x05, 0x12, 0x26, 0x0a, 0x22, 0x54, 0x4c, 0x53, 0x5f, 0x43,
+	0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x31,
+	0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x06, 0x12,
+	0x1f, 0x0a, 0x1b, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55,
+	0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x07,
+	0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53,
+	0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41,
+	0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33,
+	0x38, 0x34, 0x10, 0x08, 0x12, 0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48,
+	0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52,
+	0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48,
+	0x41, 0x33, 0x38, 0x34, 0x10, 0x09, 0x12, 0x2b, 0x0a, 0x27, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49,
+	0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45,
+	0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48,
+	0x41, 0x10, 0x0a, 0x12, 0x29, 0x0a, 0x25, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
+	0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53,
+	0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0b, 0x12, 0x26,
+	0x0a, 0x22, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49,
+	0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48,
+	0x41, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49,
+	0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35,
+	0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0d, 0x42, 0xe0, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x14, 0x54, 0x72, 0x61,
+	0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62,
+	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d,
+	0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02,
+	0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c,
+	0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42,
+	0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65,
+	0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
 	0x6f, 0x33,
 }
 
 var (
-	file_pbmesh_v1alpha1_transport_socket_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_transport_socket_proto_rawDescData = file_pbmesh_v1alpha1_transport_socket_proto_rawDesc
+	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDesc
 )
 
-func file_pbmesh_v1alpha1_transport_socket_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_transport_socket_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_transport_socket_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_transport_socket_proto_rawDescData)
+func file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescData)
 	})
-	return file_pbmesh_v1alpha1_transport_socket_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_transport_socket_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
-var file_pbmesh_v1alpha1_transport_socket_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
-var file_pbmesh_v1alpha1_transport_socket_proto_goTypes = []interface{}{
-	(TLSVersion)(0),                          // 0: hashicorp.consul.mesh.v1alpha1.TLSVersion
-	(TLSCipherSuite)(0),                      // 1: hashicorp.consul.mesh.v1alpha1.TLSCipherSuite
-	(*TLS)(nil),                              // 2: hashicorp.consul.mesh.v1alpha1.TLS
-	(*TransportSocket)(nil),                  // 3: hashicorp.consul.mesh.v1alpha1.TransportSocket
-	(*InboundMeshMTLS)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.InboundMeshMTLS
-	(*OutboundMeshMTLS)(nil),                 // 5: hashicorp.consul.mesh.v1alpha1.OutboundMeshMTLS
-	(*InboundNonMeshTLS)(nil),                // 6: hashicorp.consul.mesh.v1alpha1.InboundNonMeshTLS
-	(*OutboundNonMeshTLS)(nil),               // 7: hashicorp.consul.mesh.v1alpha1.OutboundNonMeshTLS
-	(*MeshInboundValidationContext)(nil),     // 8: hashicorp.consul.mesh.v1alpha1.MeshInboundValidationContext
-	(*MeshOutboundValidationContext)(nil),    // 9: hashicorp.consul.mesh.v1alpha1.MeshOutboundValidationContext
-	(*NonMeshOutboundValidationContext)(nil), // 10: hashicorp.consul.mesh.v1alpha1.NonMeshOutboundValidationContext
-	(*SDSCertificate)(nil),                   // 11: hashicorp.consul.mesh.v1alpha1.SDSCertificate
-	(*TLSParameters)(nil),                    // 12: hashicorp.consul.mesh.v1alpha1.TLSParameters
-	(*LeafCertificate)(nil),                  // 13: hashicorp.consul.mesh.v1alpha1.LeafCertificate
-	(*TrustBundle)(nil),                      // 14: hashicorp.consul.mesh.v1alpha1.TrustBundle
-	nil,                                      // 15: hashicorp.consul.mesh.v1alpha1.TLS.TrustBundlesEntry
-}
-var file_pbmesh_v1alpha1_transport_socket_proto_depIdxs = []int32{
-	12, // 0: hashicorp.consul.mesh.v1alpha1.TLS.inbound_tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.TLSParameters
-	12, // 1: hashicorp.consul.mesh.v1alpha1.TLS.outbound_tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.TLSParameters
-	15, // 2: hashicorp.consul.mesh.v1alpha1.TLS.trust_bundles:type_name -> hashicorp.consul.mesh.v1alpha1.TLS.TrustBundlesEntry
-	4,  // 3: hashicorp.consul.mesh.v1alpha1.TransportSocket.inbound_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.InboundMeshMTLS
-	5,  // 4: hashicorp.consul.mesh.v1alpha1.TransportSocket.outbound_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.OutboundMeshMTLS
-	6,  // 5: hashicorp.consul.mesh.v1alpha1.TransportSocket.inbound_non_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.InboundNonMeshTLS
-	7,  // 6: hashicorp.consul.mesh.v1alpha1.TransportSocket.outbound_non_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.OutboundNonMeshTLS
-	12, // 7: hashicorp.consul.mesh.v1alpha1.TransportSocket.tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.TLSParameters
-	8,  // 8: hashicorp.consul.mesh.v1alpha1.InboundMeshMTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.MeshInboundValidationContext
-	9,  // 9: hashicorp.consul.mesh.v1alpha1.OutboundMeshMTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.MeshOutboundValidationContext
-	11, // 10: hashicorp.consul.mesh.v1alpha1.InboundNonMeshTLS.sds:type_name -> hashicorp.consul.mesh.v1alpha1.SDSCertificate
-	10, // 11: hashicorp.consul.mesh.v1alpha1.OutboundNonMeshTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.NonMeshOutboundValidationContext
-	0,  // 12: hashicorp.consul.mesh.v1alpha1.TLSParameters.min_version:type_name -> hashicorp.consul.mesh.v1alpha1.TLSVersion
-	0,  // 13: hashicorp.consul.mesh.v1alpha1.TLSParameters.max_version:type_name -> hashicorp.consul.mesh.v1alpha1.TLSVersion
-	1,  // 14: hashicorp.consul.mesh.v1alpha1.TLSParameters.cipher_suites:type_name -> hashicorp.consul.mesh.v1alpha1.TLSCipherSuite
-	15, // [15:15] is the sub-list for method output_type
-	15, // [15:15] is the sub-list for method input_type
-	15, // [15:15] is the sub-list for extension type_name
-	15, // [15:15] is the sub-list for extension extendee
-	0,  // [0:15] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_transport_socket_proto_init() }
-func file_pbmesh_v1alpha1_transport_socket_proto_init() {
-	if File_pbmesh_v1alpha1_transport_socket_proto != nil {
+	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
+var file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes = make([]protoimpl.MessageInfo, 13)
+var file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_goTypes = []interface{}{
+	(TLSVersion)(0),                          // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSVersion
+	(TLSCipherSuite)(0),                      // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSCipherSuite
+	(*TLS)(nil),                              // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLS
+	(*TransportSocket)(nil),                  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
+	(*InboundMeshMTLS)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundMeshMTLS
+	(*OutboundMeshMTLS)(nil),                 // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundMeshMTLS
+	(*InboundNonMeshTLS)(nil),                // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundNonMeshTLS
+	(*OutboundNonMeshTLS)(nil),               // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundNonMeshTLS
+	(*MeshInboundValidationContext)(nil),     // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.MeshInboundValidationContext
+	(*MeshOutboundValidationContext)(nil),    // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.MeshOutboundValidationContext
+	(*NonMeshOutboundValidationContext)(nil), // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.NonMeshOutboundValidationContext
+	(*SDSCertificate)(nil),                   // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.SDSCertificate
+	(*TLSParameters)(nil),                    // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters
+	(*LeafCertificate)(nil),                  // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificate
+	(*TrustBundle)(nil),                      // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundle
+}
+var file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_depIdxs = []int32{
+	12, // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLS.inbound_tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters
+	12, // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLS.outbound_tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters
+	4,  // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket.inbound_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundMeshMTLS
+	5,  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket.outbound_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundMeshMTLS
+	6,  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket.inbound_non_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundNonMeshTLS
+	7,  // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket.outbound_non_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundNonMeshTLS
+	12, // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket.tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters
+	8,  // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundMeshMTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.MeshInboundValidationContext
+	9,  // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundMeshMTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.MeshOutboundValidationContext
+	11, // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundNonMeshTLS.sds:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.SDSCertificate
+	10, // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundNonMeshTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.NonMeshOutboundValidationContext
+	0,  // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters.min_version:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSVersion
+	0,  // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters.max_version:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSVersion
+	1,  // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters.cipher_suites:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSCipherSuite
+	14, // [14:14] is the sub-list for method output_type
+	14, // [14:14] is the sub-list for method input_type
+	14, // [14:14] is the sub-list for extension type_name
+	14, // [14:14] is the sub-list for extension extendee
+	0,  // [0:14] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_init() }
+func file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_init() {
+	if File_pbmesh_v1alpha1_pbproxystate_transport_socket_proto != nil {
 		return
 	}
 	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*TLS); i {
 			case 0:
 				return &v.state
@@ -1311,7 +1318,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*TransportSocket); i {
 			case 0:
 				return &v.state
@@ -1323,7 +1330,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*InboundMeshMTLS); i {
 			case 0:
 				return &v.state
@@ -1335,7 +1342,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*OutboundMeshMTLS); i {
 			case 0:
 				return &v.state
@@ -1347,7 +1354,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*InboundNonMeshTLS); i {
 			case 0:
 				return &v.state
@@ -1359,7 +1366,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*OutboundNonMeshTLS); i {
 			case 0:
 				return &v.state
@@ -1371,7 +1378,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*MeshInboundValidationContext); i {
 			case 0:
 				return &v.state
@@ -1383,7 +1390,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*MeshOutboundValidationContext); i {
 			case 0:
 				return &v.state
@@ -1395,7 +1402,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*NonMeshOutboundValidationContext); i {
 			case 0:
 				return &v.state
@@ -1407,7 +1414,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*SDSCertificate); i {
 			case 0:
 				return &v.state
@@ -1419,7 +1426,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*TLSParameters); i {
 			case 0:
 				return &v.state
@@ -1431,7 +1438,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*LeafCertificate); i {
 			case 0:
 				return &v.state
@@ -1443,7 +1450,7 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 				return nil
 			}
 		}
-		file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*TrustBundle); i {
 			case 0:
 				return &v.state
@@ -1456,13 +1463,13 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 			}
 		}
 	}
-	file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[1].OneofWrappers = []interface{}{
+	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[1].OneofWrappers = []interface{}{
 		(*TransportSocket_InboundMesh)(nil),
 		(*TransportSocket_OutboundMesh)(nil),
 		(*TransportSocket_InboundNonMesh)(nil),
 		(*TransportSocket_OutboundNonMesh)(nil),
 	}
-	file_pbmesh_v1alpha1_transport_socket_proto_msgTypes[4].OneofWrappers = []interface{}{
+	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[4].OneofWrappers = []interface{}{
 		(*InboundNonMeshTLS_LeafKey)(nil),
 		(*InboundNonMeshTLS_Sds)(nil),
 	}
@@ -1470,19 +1477,19 @@ func file_pbmesh_v1alpha1_transport_socket_proto_init() {
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_transport_socket_proto_rawDesc,
+			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDesc,
 			NumEnums:      2,
-			NumMessages:   14,
+			NumMessages:   13,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
-		GoTypes:           file_pbmesh_v1alpha1_transport_socket_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_transport_socket_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_transport_socket_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_transport_socket_proto_msgTypes,
+		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes,
 	}.Build()
-	File_pbmesh_v1alpha1_transport_socket_proto = out.File
-	file_pbmesh_v1alpha1_transport_socket_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_transport_socket_proto_goTypes = nil
-	file_pbmesh_v1alpha1_transport_socket_proto_depIdxs = nil
+	File_pbmesh_v1alpha1_pbproxystate_transport_socket_proto = out.File
+	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_goTypes = nil
+	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_depIdxs = nil
 }
diff --git a/proto-public/pbmesh/v1alpha1/transport_socket.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
similarity index 91%
rename from proto-public/pbmesh/v1alpha1/transport_socket.proto
rename to proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
index 8b9b8359783e..df7d70602720 100644
--- a/proto-public/pbmesh/v1alpha1/transport_socket.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
@@ -3,7 +3,7 @@
 
 syntax = "proto3";
 
-package hashicorp.consul.mesh.v1alpha1;
+package hashicorp.consul.mesh.v1alpha1.pbproxystate;
 
 message TLS {
   // inbound_tls_parameters has default TLS parameter configuration for inbound connections. These can be overridden per
@@ -11,8 +11,6 @@ message TLS {
   TLSParameters inbound_tls_parameters = 1;
   // outbound_tls_parameters has default TLS parameter configuration for inbound connections. These can be overridden per transport socket.
   TLSParameters outbound_tls_parameters = 2;
-  // TrustBundles is a map of peer name to trust domain. The V2 resource tenancy field will have the peer, which will be either local, or have a peer name. The map keys would be "local" or the name of the peer if it is for a remote peer. The peer name and trust domain will be used to look up CA pems for a trust domain.
-  map<string, string> trust_bundles = 3;
 }
 
 message TransportSocket {
@@ -103,7 +101,8 @@ message LeafCertificate {
 }
 
 message TrustBundle {
-  string ca = 1;
+  string trust_domain = 1;
+  repeated string roots = 2;
 }
 
 enum TLSVersion {
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
index 5a9ba0d35cf4..ab763966485f 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
@@ -10,6 +10,7 @@
 package meshv1alpha1
 
 import (
+	pbproxystate "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
 	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
@@ -32,11 +33,11 @@ type ProxyStateTemplate struct {
 	// proxy_state is the partially filled out ProxyState resource. The Endpoints, LeafCertificates and TrustBundles fields will need filling in after the resource is stored.
 	ProxyState *ProxyState `protobuf:"bytes,1,opt,name=proxy_state,json=proxyState,proto3" json:"proxy_state,omitempty"`
 	// required_endpoints is a map of arbitrary string names to endpoint refs that need fetching by the proxy state controller.
-	RequiredEndpoints map[string]*EndpointRef `protobuf:"bytes,2,rep,name=required_endpoints,json=requiredEndpoints,proto3" json:"required_endpoints,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	RequiredEndpoints map[string]*pbproxystate.EndpointRef `protobuf:"bytes,2,rep,name=required_endpoints,json=requiredEndpoints,proto3" json:"required_endpoints,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// required_leaf_certificates is a map of arbitrary string names to leaf certificates that need fetching/generation by the proxy state controller.
-	RequiredLeafCertificates map[string]*LeafCertificateRef `protobuf:"bytes,3,rep,name=required_leaf_certificates,json=requiredLeafCertificates,proto3" json:"required_leaf_certificates,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	RequiredLeafCertificates map[string]*pbproxystate.LeafCertificateRef `protobuf:"bytes,3,rep,name=required_leaf_certificates,json=requiredLeafCertificates,proto3" json:"required_leaf_certificates,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// required_trust_bundles is a map of arbitrary string names to trust bundle refs that need fetching by the proxy state controller.
-	RequiredTrustBundles map[string]*TrustBundleRef `protobuf:"bytes,4,rep,name=required_trust_bundles,json=requiredTrustBundles,proto3" json:"required_trust_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	RequiredTrustBundles map[string]*pbproxystate.TrustBundleRef `protobuf:"bytes,4,rep,name=required_trust_bundles,json=requiredTrustBundles,proto3" json:"required_trust_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 }
 
 func (x *ProxyStateTemplate) Reset() {
@@ -78,21 +79,21 @@ func (x *ProxyStateTemplate) GetProxyState() *ProxyState {
 	return nil
 }
 
-func (x *ProxyStateTemplate) GetRequiredEndpoints() map[string]*EndpointRef {
+func (x *ProxyStateTemplate) GetRequiredEndpoints() map[string]*pbproxystate.EndpointRef {
 	if x != nil {
 		return x.RequiredEndpoints
 	}
 	return nil
 }
 
-func (x *ProxyStateTemplate) GetRequiredLeafCertificates() map[string]*LeafCertificateRef {
+func (x *ProxyStateTemplate) GetRequiredLeafCertificates() map[string]*pbproxystate.LeafCertificateRef {
 	if x != nil {
 		return x.RequiredLeafCertificates
 	}
 	return nil
 }
 
-func (x *ProxyStateTemplate) GetRequiredTrustBundles() map[string]*TrustBundleRef {
+func (x *ProxyStateTemplate) GetRequiredTrustBundles() map[string]*pbproxystate.TrustBundleRef {
 	if x != nil {
 		return x.RequiredTrustBundles
 	}
@@ -104,28 +105,28 @@ type ProxyState struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// id is this proxy's ID.
-	Id *pbresource.ID `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	// identity is a reference to the WorkloadIdentity associated with this proxy.
+	Identity *pbresource.Reference `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
 	// listeners is a list of listeners for this proxy.
-	Listeners []*Listener `protobuf:"bytes,2,rep,name=listeners,proto3" json:"listeners,omitempty"`
+	Listeners []*pbproxystate.Listener `protobuf:"bytes,2,rep,name=listeners,proto3" json:"listeners,omitempty"`
 	// clusters is a map from cluster name to clusters. The keys are referenced from listeners or routes.
-	Clusters map[string]*Cluster `protobuf:"bytes,3,rep,name=clusters,proto3" json:"clusters,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Clusters map[string]*pbproxystate.Cluster `protobuf:"bytes,3,rep,name=clusters,proto3" json:"clusters,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// routes is a map from route name to routes. The keys are referenced from listeners.
-	Routes map[string]*Route `protobuf:"bytes,4,rep,name=routes,proto3" json:"routes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Routes map[string]*pbproxystate.Route `protobuf:"bytes,4,rep,name=routes,proto3" json:"routes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// endpoints is a map from cluster name to endpoints.
-	Endpoints map[string]*Endpoints `protobuf:"bytes,5,rep,name=endpoints,proto3" json:"endpoints,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Endpoints map[string]*pbproxystate.Endpoints `protobuf:"bytes,5,rep,name=endpoints,proto3" json:"endpoints,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// leaf certificates is a map from UUID to leaf certificates.
-	LeafCertificates map[string]*LeafCertificate `protobuf:"bytes,6,rep,name=leaf_certificates,json=leafCertificates,proto3" json:"leaf_certificates,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	LeafCertificates map[string]*pbproxystate.LeafCertificate `protobuf:"bytes,6,rep,name=leaf_certificates,json=leafCertificates,proto3" json:"leaf_certificates,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// trust bundles is a map from peer name to trust bundles.
-	TrustBundles map[string]*TrustBundle `protobuf:"bytes,7,rep,name=trust_bundles,json=trustBundles,proto3" json:"trust_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	TrustBundles map[string]*pbproxystate.TrustBundle `protobuf:"bytes,7,rep,name=trust_bundles,json=trustBundles,proto3" json:"trust_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// tls has TLS configuration for this proxy.
-	Tls *TLS `protobuf:"bytes,8,opt,name=tls,proto3" json:"tls,omitempty"`
+	Tls *pbproxystate.TLS `protobuf:"bytes,8,opt,name=tls,proto3" json:"tls,omitempty"`
 	// intention_default_allow is the default action for intentions. This determines how the Envoy RBAC filters are generated.
 	IntentionDefaultAllow bool `protobuf:"varint,9,opt,name=intention_default_allow,json=intentionDefaultAllow,proto3" json:"intention_default_allow,omitempty"`
 	// escape defines top level escape hatches. These are user configured json strings that configure an entire piece of listener or cluster Envoy configuration.
-	Escape *EscapeHatches `protobuf:"bytes,10,opt,name=escape,proto3" json:"escape,omitempty"`
+	Escape *pbproxystate.EscapeHatches `protobuf:"bytes,10,opt,name=escape,proto3" json:"escape,omitempty"`
 	// access_logs configures access logging for this proxy.
-	AccessLogs *AccessLogs `protobuf:"bytes,11,opt,name=access_logs,json=accessLogs,proto3" json:"access_logs,omitempty"`
+	AccessLogs *pbproxystate.AccessLogs `protobuf:"bytes,11,opt,name=access_logs,json=accessLogs,proto3" json:"access_logs,omitempty"`
 }
 
 func (x *ProxyState) Reset() {
@@ -160,56 +161,56 @@ func (*ProxyState) Descriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_proxy_state_proto_rawDescGZIP(), []int{1}
 }
 
-func (x *ProxyState) GetId() *pbresource.ID {
+func (x *ProxyState) GetIdentity() *pbresource.Reference {
 	if x != nil {
-		return x.Id
+		return x.Identity
 	}
 	return nil
 }
 
-func (x *ProxyState) GetListeners() []*Listener {
+func (x *ProxyState) GetListeners() []*pbproxystate.Listener {
 	if x != nil {
 		return x.Listeners
 	}
 	return nil
 }
 
-func (x *ProxyState) GetClusters() map[string]*Cluster {
+func (x *ProxyState) GetClusters() map[string]*pbproxystate.Cluster {
 	if x != nil {
 		return x.Clusters
 	}
 	return nil
 }
 
-func (x *ProxyState) GetRoutes() map[string]*Route {
+func (x *ProxyState) GetRoutes() map[string]*pbproxystate.Route {
 	if x != nil {
 		return x.Routes
 	}
 	return nil
 }
 
-func (x *ProxyState) GetEndpoints() map[string]*Endpoints {
+func (x *ProxyState) GetEndpoints() map[string]*pbproxystate.Endpoints {
 	if x != nil {
 		return x.Endpoints
 	}
 	return nil
 }
 
-func (x *ProxyState) GetLeafCertificates() map[string]*LeafCertificate {
+func (x *ProxyState) GetLeafCertificates() map[string]*pbproxystate.LeafCertificate {
 	if x != nil {
 		return x.LeafCertificates
 	}
 	return nil
 }
 
-func (x *ProxyState) GetTrustBundles() map[string]*TrustBundle {
+func (x *ProxyState) GetTrustBundles() map[string]*pbproxystate.TrustBundle {
 	if x != nil {
 		return x.TrustBundles
 	}
 	return nil
 }
 
-func (x *ProxyState) GetTls() *TLS {
+func (x *ProxyState) GetTls() *pbproxystate.TLS {
 	if x != nil {
 		return x.Tls
 	}
@@ -223,14 +224,14 @@ func (x *ProxyState) GetIntentionDefaultAllow() bool {
 	return false
 }
 
-func (x *ProxyState) GetEscape() *EscapeHatches {
+func (x *ProxyState) GetEscape() *pbproxystate.EscapeHatches {
 	if x != nil {
 		return x.Escape
 	}
 	return nil
 }
 
-func (x *ProxyState) GetAccessLogs() *AccessLogs {
+func (x *ProxyState) GetAccessLogs() *pbproxystate.AccessLogs {
 	if x != nil {
 		return x.AccessLogs
 	}
@@ -244,184 +245,202 @@ var file_pbmesh_v1alpha1_proxy_state_proto_rawDesc = []byte{
 	0x31, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x1a, 0x21, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x24, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68,
-	0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x70, 0x62,
-	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x6c, 0x69,
-	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62,
-	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x72, 0x65,
-	0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b,
-	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
-	0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x70, 0x62, 0x6d,
-	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x72, 0x61,
-	0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f,
-	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xde,
-	0x06, 0x0a, 0x12, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d,
-	0x70, 0x6c, 0x61, 0x74, 0x65, 0x12, 0x4b, 0x0a, 0x0b, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78,
-	0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x12, 0x78, 0x0a, 0x12, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x5f, 0x65,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61,
-	0x74, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x72, 0x65, 0x71, 0x75, 0x69,
-	0x72, 0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x8e, 0x01, 0x0a,
-	0x1a, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x5f, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x50, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d,
-	0x70, 0x6c, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x4c, 0x65,
-	0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x52, 0x18, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x4c, 0x65, 0x61,
-	0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x82, 0x01,
-	0x0a, 0x16, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x5f, 0x74, 0x72, 0x75, 0x73, 0x74,
-	0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x4c,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61,
-	0x74, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74,
-	0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x14, 0x72, 0x65,
-	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c,
-	0x65, 0x73, 0x1a, 0x71, 0x0a, 0x16, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x45, 0x6e,
-	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
-	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x41,
-	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e,
+	0x68, 0x61, 0x31, 0x1a, 0x2e, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x1a, 0x2a, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
+	0x2c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x65, 0x6e,
+	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x31, 0x70,
+	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x65, 0x73, 0x63, 0x61,
+	0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x1a, 0x2b, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x6c,
+	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2d, 0x70,
+	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x72, 0x65, 0x66, 0x65,
+	0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x28, 0x70, 0x62,
+	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73,
+	0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x70, 0x62, 0x72,
+	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x87, 0x07, 0x0a, 0x12, 0x50, 0x72, 0x6f, 0x78, 0x79,
+	0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x12, 0x4b, 0x0a,
+	0x0b, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x78, 0x0a, 0x12, 0x72, 0x65,
+	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73,
+	0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61,
+	0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69,
+	0x72, 0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x52, 0x11, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x73, 0x12, 0x8e, 0x01, 0x0a, 0x1a, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
+	0x64, 0x5f, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x50, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79,
+	0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65,
+	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x18, 0x72, 0x65, 0x71,
+	0x75, 0x69, 0x72, 0x65, 0x64, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x82, 0x01, 0x0a, 0x16, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72,
+	0x65, 0x64, 0x5f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73,
+	0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x4c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61,
+	0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69,
+	0x72, 0x65, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45,
+	0x6e, 0x74, 0x72, 0x79, 0x52, 0x14, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x54, 0x72,
+	0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x1a, 0x7e, 0x0a, 0x16, 0x52, 0x65,
+	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45,
+	0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x4e, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x8c, 0x01, 0x0a, 0x1d, 0x52,
+	0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
+	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x55,
+	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e,
 	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x7f, 0x0a, 0x1d, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
-	0x64, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x48, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x66, 0x52, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x77, 0x0a, 0x19, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72,
-	0x65, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x44, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x65, 0x61, 0x66,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x66, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x84, 0x01, 0x0a, 0x19, 0x52, 0x65,
+	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c,
+	0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x51, 0x0a, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64,
+	0x6c, 0x65, 0x52, 0x65, 0x66, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
+	0x22, 0xf5, 0x0b, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
+	0x40, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x24, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x52, 0x65,
+	0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
+	0x79, 0x12, 0x53, 0x0a, 0x09, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
 	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c,
-	0x65, 0x52, 0x65, 0x66, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22,
-	0xec, 0x0a, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2d,
-	0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x49, 0x44, 0x52, 0x02, 0x69, 0x64, 0x12, 0x46, 0x0a,
-	0x09, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x6c, 0x69, 0x73,
+	0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x54, 0x0a, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65,
+	0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53,
+	0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74,
+	0x72, 0x79, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4e, 0x0a, 0x06,
+	0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72,
+	0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x45,
+	0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x57, 0x0a, 0x09,
+	0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x6d, 0x0a, 0x11, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63, 0x65,
+	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
 	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x6c, 0x69, 0x73, 0x74,
-	0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x54, 0x0a, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
-	0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74,
-	0x61, 0x74, 0x65, 0x2e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4e, 0x0a, 0x06, 0x72,
-	0x6f, 0x75, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
+	0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x65, 0x61,
+	0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74,
+	0x72, 0x79, 0x52, 0x10, 0x6c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x73, 0x12, 0x61, 0x0a, 0x0d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75,
+	0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
 	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f,
-	0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x52, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x57, 0x0a, 0x09, 0x65,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x73, 0x12, 0x6d, 0x0a, 0x11, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x65, 0x61, 0x66,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x52, 0x10, 0x6c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x73, 0x12, 0x61, 0x0a, 0x0d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e,
-	0x64, 0x6c, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78,
-	0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64,
-	0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x42,
-	0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x08, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x36, 0x0a,
-	0x17, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75,
-	0x6c, 0x74, 0x5f, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15,
-	0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
-	0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x12, 0x45, 0x0a, 0x06, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x18,
-	0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74,
-	0x63, 0x68, 0x65, 0x73, 0x52, 0x06, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x12, 0x4b, 0x0a, 0x0b,
-	0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x0a, 0x61,
-	0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x1a, 0x64, 0x0a, 0x0d, 0x43, 0x6c, 0x75,
-	0x73, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65,
-	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3d, 0x0a, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x6c, 0x75,
-	0x73, 0x74, 0x65, 0x72, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a,
-	0x60, 0x0a, 0x0b, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
-	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
-	0x12, 0x3b, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x25, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
-	0x01, 0x1a, 0x67, 0x0a, 0x0e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e,
+	0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74,
+	0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x12, 0x42, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x08,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
 	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x52,
-	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x74, 0x0a, 0x15, 0x4c, 0x65,
-	0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x36, 0x0a, 0x17, 0x69,
+	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x5f, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x69, 0x6e,
+	0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x41, 0x6c,
+	0x6c, 0x6f, 0x77, 0x12, 0x52, 0x0a, 0x06, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x18, 0x0a, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x52,
+	0x06, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x12, 0x58, 0x0a, 0x0b, 0x61, 0x63, 0x63, 0x65, 0x73,
+	0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73,
+	0x73, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67,
+	0x73, 0x1a, 0x71, 0x0a, 0x0d, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74,
+	0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x03, 0x6b, 0x65, 0x79, 0x12, 0x4a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x3a, 0x02, 0x38, 0x01, 0x1a, 0x6d, 0x0a, 0x0b, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x45, 0x6e,
 	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x45, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x48, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
 	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
-	0x1a, 0x6c, 0x0a, 0x11, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
+	0x02, 0x38, 0x01, 0x1a, 0x74, 0x0a, 0x0e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73,
 	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x41, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x4c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e,
-	0x64, 0x6c, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x97,
-	0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x81, 0x01, 0x0a, 0x15, 0x4c, 0x65,
+	0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x52, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
 	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74,
-	0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c,
-	0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2,
-	0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
-	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x2e, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x79, 0x0a,
+	0x11, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74,
+	0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x03, 0x6b, 0x65, 0x79, 0x12, 0x4e, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x97, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42,
+	0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d,
+	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73,
+	0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa,
+	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02,
+	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -438,53 +457,53 @@ func file_pbmesh_v1alpha1_proxy_state_proto_rawDescGZIP() []byte {
 
 var file_pbmesh_v1alpha1_proxy_state_proto_msgTypes = make([]protoimpl.MessageInfo, 10)
 var file_pbmesh_v1alpha1_proxy_state_proto_goTypes = []interface{}{
-	(*ProxyStateTemplate)(nil), // 0: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate
-	(*ProxyState)(nil),         // 1: hashicorp.consul.mesh.v1alpha1.ProxyState
-	nil,                        // 2: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredEndpointsEntry
-	nil,                        // 3: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredLeafCertificatesEntry
-	nil,                        // 4: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredTrustBundlesEntry
-	nil,                        // 5: hashicorp.consul.mesh.v1alpha1.ProxyState.ClustersEntry
-	nil,                        // 6: hashicorp.consul.mesh.v1alpha1.ProxyState.RoutesEntry
-	nil,                        // 7: hashicorp.consul.mesh.v1alpha1.ProxyState.EndpointsEntry
-	nil,                        // 8: hashicorp.consul.mesh.v1alpha1.ProxyState.LeafCertificatesEntry
-	nil,                        // 9: hashicorp.consul.mesh.v1alpha1.ProxyState.TrustBundlesEntry
-	(*pbresource.ID)(nil),      // 10: hashicorp.consul.resource.ID
-	(*Listener)(nil),           // 11: hashicorp.consul.mesh.v1alpha1.Listener
-	(*TLS)(nil),                // 12: hashicorp.consul.mesh.v1alpha1.TLS
-	(*EscapeHatches)(nil),      // 13: hashicorp.consul.mesh.v1alpha1.EscapeHatches
-	(*AccessLogs)(nil),         // 14: hashicorp.consul.mesh.v1alpha1.AccessLogs
-	(*EndpointRef)(nil),        // 15: hashicorp.consul.mesh.v1alpha1.EndpointRef
-	(*LeafCertificateRef)(nil), // 16: hashicorp.consul.mesh.v1alpha1.LeafCertificateRef
-	(*TrustBundleRef)(nil),     // 17: hashicorp.consul.mesh.v1alpha1.TrustBundleRef
-	(*Cluster)(nil),            // 18: hashicorp.consul.mesh.v1alpha1.Cluster
-	(*Route)(nil),              // 19: hashicorp.consul.mesh.v1alpha1.Route
-	(*Endpoints)(nil),          // 20: hashicorp.consul.mesh.v1alpha1.Endpoints
-	(*LeafCertificate)(nil),    // 21: hashicorp.consul.mesh.v1alpha1.LeafCertificate
-	(*TrustBundle)(nil),        // 22: hashicorp.consul.mesh.v1alpha1.TrustBundle
+	(*ProxyStateTemplate)(nil),              // 0: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate
+	(*ProxyState)(nil),                      // 1: hashicorp.consul.mesh.v1alpha1.ProxyState
+	nil,                                     // 2: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredEndpointsEntry
+	nil,                                     // 3: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredLeafCertificatesEntry
+	nil,                                     // 4: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredTrustBundlesEntry
+	nil,                                     // 5: hashicorp.consul.mesh.v1alpha1.ProxyState.ClustersEntry
+	nil,                                     // 6: hashicorp.consul.mesh.v1alpha1.ProxyState.RoutesEntry
+	nil,                                     // 7: hashicorp.consul.mesh.v1alpha1.ProxyState.EndpointsEntry
+	nil,                                     // 8: hashicorp.consul.mesh.v1alpha1.ProxyState.LeafCertificatesEntry
+	nil,                                     // 9: hashicorp.consul.mesh.v1alpha1.ProxyState.TrustBundlesEntry
+	(*pbresource.Reference)(nil),            // 10: hashicorp.consul.resource.Reference
+	(*pbproxystate.Listener)(nil),           // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener
+	(*pbproxystate.TLS)(nil),                // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLS
+	(*pbproxystate.EscapeHatches)(nil),      // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.EscapeHatches
+	(*pbproxystate.AccessLogs)(nil),         // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.AccessLogs
+	(*pbproxystate.EndpointRef)(nil),        // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointRef
+	(*pbproxystate.LeafCertificateRef)(nil), // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificateRef
+	(*pbproxystate.TrustBundleRef)(nil),     // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundleRef
+	(*pbproxystate.Cluster)(nil),            // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.Cluster
+	(*pbproxystate.Route)(nil),              // 19: hashicorp.consul.mesh.v1alpha1.pbproxystate.Route
+	(*pbproxystate.Endpoints)(nil),          // 20: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoints
+	(*pbproxystate.LeafCertificate)(nil),    // 21: hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificate
+	(*pbproxystate.TrustBundle)(nil),        // 22: hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundle
 }
 var file_pbmesh_v1alpha1_proxy_state_proto_depIdxs = []int32{
 	1,  // 0: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.proxy_state:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState
 	2,  // 1: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.required_endpoints:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredEndpointsEntry
 	3,  // 2: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.required_leaf_certificates:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredLeafCertificatesEntry
 	4,  // 3: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.required_trust_bundles:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredTrustBundlesEntry
-	10, // 4: hashicorp.consul.mesh.v1alpha1.ProxyState.id:type_name -> hashicorp.consul.resource.ID
-	11, // 5: hashicorp.consul.mesh.v1alpha1.ProxyState.listeners:type_name -> hashicorp.consul.mesh.v1alpha1.Listener
+	10, // 4: hashicorp.consul.mesh.v1alpha1.ProxyState.identity:type_name -> hashicorp.consul.resource.Reference
+	11, // 5: hashicorp.consul.mesh.v1alpha1.ProxyState.listeners:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener
 	5,  // 6: hashicorp.consul.mesh.v1alpha1.ProxyState.clusters:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.ClustersEntry
 	6,  // 7: hashicorp.consul.mesh.v1alpha1.ProxyState.routes:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.RoutesEntry
 	7,  // 8: hashicorp.consul.mesh.v1alpha1.ProxyState.endpoints:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.EndpointsEntry
 	8,  // 9: hashicorp.consul.mesh.v1alpha1.ProxyState.leaf_certificates:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.LeafCertificatesEntry
 	9,  // 10: hashicorp.consul.mesh.v1alpha1.ProxyState.trust_bundles:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.TrustBundlesEntry
-	12, // 11: hashicorp.consul.mesh.v1alpha1.ProxyState.tls:type_name -> hashicorp.consul.mesh.v1alpha1.TLS
-	13, // 12: hashicorp.consul.mesh.v1alpha1.ProxyState.escape:type_name -> hashicorp.consul.mesh.v1alpha1.EscapeHatches
-	14, // 13: hashicorp.consul.mesh.v1alpha1.ProxyState.access_logs:type_name -> hashicorp.consul.mesh.v1alpha1.AccessLogs
-	15, // 14: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredEndpointsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.EndpointRef
-	16, // 15: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredLeafCertificatesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.LeafCertificateRef
-	17, // 16: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredTrustBundlesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.TrustBundleRef
-	18, // 17: hashicorp.consul.mesh.v1alpha1.ProxyState.ClustersEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.Cluster
-	19, // 18: hashicorp.consul.mesh.v1alpha1.ProxyState.RoutesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.Route
-	20, // 19: hashicorp.consul.mesh.v1alpha1.ProxyState.EndpointsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.Endpoints
-	21, // 20: hashicorp.consul.mesh.v1alpha1.ProxyState.LeafCertificatesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.LeafCertificate
-	22, // 21: hashicorp.consul.mesh.v1alpha1.ProxyState.TrustBundlesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.TrustBundle
+	12, // 11: hashicorp.consul.mesh.v1alpha1.ProxyState.tls:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLS
+	13, // 12: hashicorp.consul.mesh.v1alpha1.ProxyState.escape:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.EscapeHatches
+	14, // 13: hashicorp.consul.mesh.v1alpha1.ProxyState.access_logs:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.AccessLogs
+	15, // 14: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredEndpointsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointRef
+	16, // 15: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredLeafCertificatesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificateRef
+	17, // 16: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredTrustBundlesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundleRef
+	18, // 17: hashicorp.consul.mesh.v1alpha1.ProxyState.ClustersEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Cluster
+	19, // 18: hashicorp.consul.mesh.v1alpha1.ProxyState.RoutesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Route
+	20, // 19: hashicorp.consul.mesh.v1alpha1.ProxyState.EndpointsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoints
+	21, // 20: hashicorp.consul.mesh.v1alpha1.ProxyState.LeafCertificatesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificate
+	22, // 21: hashicorp.consul.mesh.v1alpha1.ProxyState.TrustBundlesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundle
 	22, // [22:22] is the sub-list for method output_type
 	22, // [22:22] is the sub-list for method input_type
 	22, // [22:22] is the sub-list for extension type_name
@@ -497,14 +516,6 @@ func file_pbmesh_v1alpha1_proxy_state_proto_init() {
 	if File_pbmesh_v1alpha1_proxy_state_proto != nil {
 		return
 	}
-	file_pbmesh_v1alpha1_access_logs_proto_init()
-	file_pbmesh_v1alpha1_cluster_proto_init()
-	file_pbmesh_v1alpha1_endpoints_proto_init()
-	file_pbmesh_v1alpha1_escape_hatches_proto_init()
-	file_pbmesh_v1alpha1_listener_proto_init()
-	file_pbmesh_v1alpha1_references_proto_init()
-	file_pbmesh_v1alpha1_route_proto_init()
-	file_pbmesh_v1alpha1_transport_socket_proto_init()
 	if !protoimpl.UnsafeEnabled {
 		file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*ProxyStateTemplate); i {
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.proto b/proto-public/pbmesh/v1alpha1/proxy_state.proto
index 5c0ccc5c050e..e00ae00446c5 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.proto
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.proto
@@ -5,14 +5,14 @@ syntax = "proto3";
 
 package hashicorp.consul.mesh.v1alpha1;
 
-import "pbmesh/v1alpha1/access_logs.proto";
-import "pbmesh/v1alpha1/cluster.proto";
-import "pbmesh/v1alpha1/endpoints.proto";
-import "pbmesh/v1alpha1/escape_hatches.proto";
-import "pbmesh/v1alpha1/listener.proto";
-import "pbmesh/v1alpha1/references.proto";
-import "pbmesh/v1alpha1/route.proto";
-import "pbmesh/v1alpha1/transport_socket.proto";
+import "pbmesh/v1alpha1/pbproxystate/access_logs.proto";
+import "pbmesh/v1alpha1/pbproxystate/cluster.proto";
+import "pbmesh/v1alpha1/pbproxystate/endpoints.proto";
+import "pbmesh/v1alpha1/pbproxystate/escape_hatches.proto";
+import "pbmesh/v1alpha1/pbproxystate/listener.proto";
+import "pbmesh/v1alpha1/pbproxystate/references.proto";
+import "pbmesh/v1alpha1/pbproxystate/route.proto";
+import "pbmesh/v1alpha1/pbproxystate/transport_socket.proto";
 import "pbresource/resource.proto";
 
 message ProxyStateTemplate {
@@ -20,36 +20,36 @@ message ProxyStateTemplate {
   ProxyState proxy_state = 1;
 
   // required_endpoints is a map of arbitrary string names to endpoint refs that need fetching by the proxy state controller.
-  map<string, EndpointRef> required_endpoints = 2;
+  map<string, pbproxystate.EndpointRef> required_endpoints = 2;
 
   // required_leaf_certificates is a map of arbitrary string names to leaf certificates that need fetching/generation by the proxy state controller.
-  map<string, LeafCertificateRef> required_leaf_certificates = 3;
+  map<string, pbproxystate.LeafCertificateRef> required_leaf_certificates = 3;
 
   // required_trust_bundles is a map of arbitrary string names to trust bundle refs that need fetching by the proxy state controller.
-  map<string, TrustBundleRef> required_trust_bundles = 4;
+  map<string, pbproxystate.TrustBundleRef> required_trust_bundles = 4;
 }
 
 message ProxyState {
-  // id is this proxy's ID.
-  hashicorp.consul.resource.ID id = 1;
+  // identity is a reference to the WorkloadIdentity associated with this proxy.
+  hashicorp.consul.resource.Reference identity = 1;
   // listeners is a list of listeners for this proxy.
-  repeated Listener listeners = 2;
+  repeated pbproxystate.Listener listeners = 2;
   // clusters is a map from cluster name to clusters. The keys are referenced from listeners or routes.
-  map<string, Cluster> clusters = 3;
+  map<string, pbproxystate.Cluster> clusters = 3;
   // routes is a map from route name to routes. The keys are referenced from listeners.
-  map<string, Route> routes = 4;
+  map<string, pbproxystate.Route> routes = 4;
   // endpoints is a map from cluster name to endpoints.
-  map<string, Endpoints> endpoints = 5;
+  map<string, pbproxystate.Endpoints> endpoints = 5;
   // leaf certificates is a map from UUID to leaf certificates.
-  map<string, LeafCertificate> leaf_certificates = 6;
+  map<string, pbproxystate.LeafCertificate> leaf_certificates = 6;
   // trust bundles is a map from peer name to trust bundles.
-  map<string, TrustBundle> trust_bundles = 7;
+  map<string, pbproxystate.TrustBundle> trust_bundles = 7;
   // tls has TLS configuration for this proxy.
-  TLS tls = 8;
+  pbproxystate.TLS tls = 8;
   // intention_default_allow is the default action for intentions. This determines how the Envoy RBAC filters are generated.
   bool intention_default_allow = 9;
   // escape defines top level escape hatches. These are user configured json strings that configure an entire piece of listener or cluster Envoy configuration.
-  EscapeHatches escape = 10;
+  pbproxystate.EscapeHatches escape = 10;
   // access_logs configures access logging for this proxy.
-  AccessLogs access_logs = 11;
+  pbproxystate.AccessLogs access_logs = 11;
 }
diff --git a/proto-public/pbmesh/v1alpha1/references.pb.go b/proto-public/pbmesh/v1alpha1/references.pb.go
deleted file mode 100644
index e5abca5110b3..000000000000
--- a/proto-public/pbmesh/v1alpha1/references.pb.go
+++ /dev/null
@@ -1,365 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/references.proto
-
-package meshv1alpha1
-
-import (
-	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type LeafCertificateRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name       string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Namespace  string   `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
-	Partition  string   `protobuf:"bytes,3,opt,name=partition,proto3" json:"partition,omitempty"`
-	Host       string   `protobuf:"bytes,4,opt,name=host,proto3" json:"host,omitempty"`
-	Datacenter string   `protobuf:"bytes,5,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
-	DnsSan     []string `protobuf:"bytes,6,rep,name=dns_san,json=dnsSan,proto3" json:"dns_san,omitempty"`
-}
-
-func (x *LeafCertificateRef) Reset() {
-	*x = LeafCertificateRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LeafCertificateRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LeafCertificateRef) ProtoMessage() {}
-
-func (x *LeafCertificateRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LeafCertificateRef.ProtoReflect.Descriptor instead.
-func (*LeafCertificateRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_references_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *LeafCertificateRef) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *LeafCertificateRef) GetNamespace() string {
-	if x != nil {
-		return x.Namespace
-	}
-	return ""
-}
-
-func (x *LeafCertificateRef) GetPartition() string {
-	if x != nil {
-		return x.Partition
-	}
-	return ""
-}
-
-func (x *LeafCertificateRef) GetHost() string {
-	if x != nil {
-		return x.Host
-	}
-	return ""
-}
-
-func (x *LeafCertificateRef) GetDatacenter() string {
-	if x != nil {
-		return x.Datacenter
-	}
-	return ""
-}
-
-func (x *LeafCertificateRef) GetDnsSan() []string {
-	if x != nil {
-		return x.DnsSan
-	}
-	return nil
-}
-
-type TrustBundleRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Peer        string `protobuf:"bytes,1,opt,name=peer,proto3" json:"peer,omitempty"`
-	TrustDomain string `protobuf:"bytes,2,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
-}
-
-func (x *TrustBundleRef) Reset() {
-	*x = TrustBundleRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TrustBundleRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TrustBundleRef) ProtoMessage() {}
-
-func (x *TrustBundleRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TrustBundleRef.ProtoReflect.Descriptor instead.
-func (*TrustBundleRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_references_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *TrustBundleRef) GetPeer() string {
-	if x != nil {
-		return x.Peer
-	}
-	return ""
-}
-
-func (x *TrustBundleRef) GetTrustDomain() string {
-	if x != nil {
-		return x.TrustDomain
-	}
-	return ""
-}
-
-type EndpointRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// id is the ServiceEndpoints resource id.
-	Id *pbresource.ID `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	// port is the name of the port in the ServiceEndpoints to generate the Endpoints from.
-	Port string `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
-}
-
-func (x *EndpointRef) Reset() {
-	*x = EndpointRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *EndpointRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*EndpointRef) ProtoMessage() {}
-
-func (x *EndpointRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_references_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use EndpointRef.ProtoReflect.Descriptor instead.
-func (*EndpointRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_references_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *EndpointRef) GetId() *pbresource.ID {
-	if x != nil {
-		return x.Id
-	}
-	return nil
-}
-
-func (x *EndpointRef) GetPort() string {
-	if x != nil {
-		return x.Port
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_references_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_references_proto_rawDesc = []byte{
-	0x0a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x1a, 0x19, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x72,
-	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb1, 0x01,
-	0x0a, 0x12, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x52, 0x65, 0x66, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65,
-	0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d,
-	0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61,
-	0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x61,
-	0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x17, 0x0a, 0x07, 0x64, 0x6e, 0x73, 0x5f,
-	0x73, 0x61, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6e, 0x73, 0x53, 0x61,
-	0x6e, 0x22, 0x47, 0x0a, 0x0e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65,
-	0x52, 0x65, 0x66, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x65, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x70, 0x65, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74,
-	0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x74,
-	0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x22, 0x50, 0x0a, 0x0b, 0x45, 0x6e,
-	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x12, 0x2d, 0x0a, 0x02, 0x69, 0x64, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
-	0x65, 0x2e, 0x49, 0x44, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x97, 0x02, 0x0a,
-	0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x42, 0x0f, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x50,
-	0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
-	0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63,
-	0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03,
-	0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_references_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_references_proto_rawDescData = file_pbmesh_v1alpha1_references_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_references_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_references_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_references_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_references_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_references_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_references_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
-var file_pbmesh_v1alpha1_references_proto_goTypes = []interface{}{
-	(*LeafCertificateRef)(nil), // 0: hashicorp.consul.mesh.v1alpha1.LeafCertificateRef
-	(*TrustBundleRef)(nil),     // 1: hashicorp.consul.mesh.v1alpha1.TrustBundleRef
-	(*EndpointRef)(nil),        // 2: hashicorp.consul.mesh.v1alpha1.EndpointRef
-	(*pbresource.ID)(nil),      // 3: hashicorp.consul.resource.ID
-}
-var file_pbmesh_v1alpha1_references_proto_depIdxs = []int32{
-	3, // 0: hashicorp.consul.mesh.v1alpha1.EndpointRef.id:type_name -> hashicorp.consul.resource.ID
-	1, // [1:1] is the sub-list for method output_type
-	1, // [1:1] is the sub-list for method input_type
-	1, // [1:1] is the sub-list for extension type_name
-	1, // [1:1] is the sub-list for extension extendee
-	0, // [0:1] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_references_proto_init() }
-func file_pbmesh_v1alpha1_references_proto_init() {
-	if File_pbmesh_v1alpha1_references_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_references_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LeafCertificateRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_references_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TrustBundleRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_references_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EndpointRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_references_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   3,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_references_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_references_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_references_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_references_proto = out.File
-	file_pbmesh_v1alpha1_references_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_references_proto_goTypes = nil
-	file_pbmesh_v1alpha1_references_proto_depIdxs = nil
-}

From 13ce787a3f3f12a9908956b94183bfe5273c97ba Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Tue, 1 Aug 2023 13:39:15 -0500
Subject: [PATCH 238/359] resource: adding various helpers for working with
 resources (#18342)

This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
---
 internal/resource/decode.go                   |  38 +++
 internal/resource/decode_test.go              |  66 ++++
 internal/resource/equality.go                 |  16 +
 internal/resource/equality_test.go            | 304 ++++++++++++++++++
 .../resource/mappers/bimapper/bimapper.go     | 212 ++++++++++++
 .../mappers/bimapper/bimapper_test.go         | 169 ++++++++++
 internal/resource/reference.go                |  23 ++
 internal/resource/refkey.go                   |  93 ++++++
 internal/resource/refkey_test.go              |  87 +++++
 internal/resource/resourcetest/builder.go     |  20 +-
 internal/resource/resourcetest/client.go      |  33 +-
 internal/resource/resourcetest/decode.go      |  23 ++
 internal/resource/resourcetest/validation.go  |  30 ++
 internal/resource/stringer.go                 |  60 ++++
 14 files changed, 1166 insertions(+), 8 deletions(-)
 create mode 100644 internal/resource/decode.go
 create mode 100644 internal/resource/decode_test.go
 create mode 100644 internal/resource/mappers/bimapper/bimapper.go
 create mode 100644 internal/resource/mappers/bimapper/bimapper_test.go
 create mode 100644 internal/resource/refkey.go
 create mode 100644 internal/resource/refkey_test.go
 create mode 100644 internal/resource/resourcetest/decode.go
 create mode 100644 internal/resource/resourcetest/validation.go
 create mode 100644 internal/resource/stringer.go

diff --git a/internal/resource/decode.go b/internal/resource/decode.go
new file mode 100644
index 000000000000..b93b799c52de
--- /dev/null
+++ b/internal/resource/decode.go
@@ -0,0 +1,38 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package resource
+
+import (
+	"google.golang.org/protobuf/proto"
+
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+// DecodedResource is a generic holder to contain an original Resource and its
+// decoded contents.
+type DecodedResource[V any, PV interface {
+	proto.Message
+	*V
+}] struct {
+	Resource *pbresource.Resource
+	Data     PV
+}
+
+// Decode will generically decode the provided resource into a 2-field
+// structure that holds onto the original Resource and the decoded contents.
+//
+// Returns an ErrDataParse on unmarshalling errors.
+func Decode[V any, PV interface {
+	proto.Message
+	*V
+}](res *pbresource.Resource) (*DecodedResource[V, PV], error) {
+	data := PV(new(V))
+	if err := res.Data.UnmarshalTo(data); err != nil {
+		return nil, NewErrDataParse(data, err)
+	}
+	return &DecodedResource[V, PV]{
+		Resource: res,
+		Data:     data,
+	}, nil
+}
diff --git a/internal/resource/decode_test.go b/internal/resource/decode_test.go
new file mode 100644
index 000000000000..10b61cfa14c2
--- /dev/null
+++ b/internal/resource/decode_test.go
@@ -0,0 +1,66 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package resource_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/anypb"
+
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/resource/demo"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	pbdemo "github.com/hashicorp/consul/proto/private/pbdemo/v2"
+	"github.com/hashicorp/consul/proto/private/prototest"
+)
+
+func TestDecode(t *testing.T) {
+	t.Run("good", func(t *testing.T) {
+		fooData := &pbdemo.Artist{
+			Name: "caspar babypants",
+		}
+		any, err := anypb.New(fooData)
+		require.NoError(t, err)
+
+		foo := &pbresource.Resource{
+			Id: &pbresource.ID{
+				Type:    demo.TypeV2Artist,
+				Tenancy: demo.TenancyDefault,
+				Name:    "babypants",
+			},
+			Data: any,
+			Metadata: map[string]string{
+				"generated_at": time.Now().Format(time.RFC3339),
+			},
+		}
+
+		dec, err := resource.Decode[pbdemo.Artist, *pbdemo.Artist](foo)
+		require.NoError(t, err)
+
+		prototest.AssertDeepEqual(t, foo, dec.Resource)
+		prototest.AssertDeepEqual(t, fooData, dec.Data)
+	})
+
+	t.Run("bad", func(t *testing.T) {
+		foo := &pbresource.Resource{
+			Id: &pbresource.ID{
+				Type:    demo.TypeV2Artist,
+				Tenancy: demo.TenancyDefault,
+				Name:    "babypants",
+			},
+			Data: &anypb.Any{
+				TypeUrl: "garbage",
+				Value:   []byte("more garbage"),
+			},
+			Metadata: map[string]string{
+				"generated_at": time.Now().Format(time.RFC3339),
+			},
+		}
+
+		_, err := resource.Decode[pbdemo.Artist, *pbdemo.Artist](foo)
+		require.Error(t, err)
+	})
+}
diff --git a/internal/resource/equality.go b/internal/resource/equality.go
index c7c880cddc9e..20c65e2fce86 100644
--- a/internal/resource/equality.go
+++ b/internal/resource/equality.go
@@ -120,6 +120,22 @@ func EqualReference(a, b *pbresource.Reference) bool {
 		a.Section == b.Section
 }
 
+// ReferenceOrIDMatch compares two references or IDs to see if they both refer
+// to the same thing.
+//
+// Note that this only compares fields that are common between them as
+// represented by the ReferenceOrID interface and notably ignores the section
+// field on references and the uid field on ids.
+func ReferenceOrIDMatch(ref1, ref2 ReferenceOrID) bool {
+	if ref1 == nil || ref2 == nil {
+		return false
+	}
+
+	return EqualType(ref1.GetType(), ref2.GetType()) &&
+		EqualTenancy(ref1.GetTenancy(), ref2.GetTenancy()) &&
+		ref1.GetName() == ref2.GetName()
+}
+
 // EqualStatusMap compares two status maps for equality without reflection.
 func EqualStatusMap(a, b map[string]*pbresource.Status) bool {
 	if len(a) != len(b) {
diff --git a/internal/resource/equality_test.go b/internal/resource/equality_test.go
index 4fb7cb666b3a..7a0ec72f3ccd 100644
--- a/internal/resource/equality_test.go
+++ b/internal/resource/equality_test.go
@@ -283,6 +283,310 @@ func TestEqualID(t *testing.T) {
 	})
 }
 
+func TestEqualReference(t *testing.T) {
+	t.Run("same pointer", func(t *testing.T) {
+		id := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		require.True(t, resource.EqualReference(id, id))
+	})
+
+	t.Run("equal", func(t *testing.T) {
+		a := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		b := clone(a)
+		require.True(t, resource.EqualReference(a, b))
+	})
+
+	t.Run("nil", func(t *testing.T) {
+		a := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		require.False(t, resource.EqualReference(a, nil))
+		require.False(t, resource.EqualReference(nil, a))
+	})
+
+	t.Run("different type", func(t *testing.T) {
+		a := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		b := clone(a)
+		b.Type.Kind = "album"
+		require.False(t, resource.EqualReference(a, b))
+	})
+
+	t.Run("different tenancy", func(t *testing.T) {
+		a := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		b := clone(a)
+		b.Tenancy.Namespace = "qux"
+		require.False(t, resource.EqualReference(a, b))
+	})
+
+	t.Run("different name", func(t *testing.T) {
+		a := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		b := clone(a)
+		b.Name = "boom"
+		require.False(t, resource.EqualReference(a, b))
+	})
+
+	t.Run("different section", func(t *testing.T) {
+		a := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		b := clone(a)
+		b.Section = "not-blah"
+		require.False(t, resource.EqualReference(a, b))
+	})
+}
+
+func TestReferenceOrIDMatch(t *testing.T) {
+	t.Run("equal", func(t *testing.T) {
+		a := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		b := &pbresource.ID{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name: "qux",
+			Uid:  ulid.Make().String(),
+		}
+		require.True(t, resource.ReferenceOrIDMatch(a, b))
+	})
+
+	t.Run("nil", func(t *testing.T) {
+		a := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		b := &pbresource.ID{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name: "qux",
+			Uid:  ulid.Make().String(),
+		}
+		require.False(t, resource.ReferenceOrIDMatch(a, nil))
+		require.False(t, resource.ReferenceOrIDMatch(nil, b))
+	})
+
+	t.Run("different type", func(t *testing.T) {
+		a := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		b := &pbresource.ID{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name: "qux",
+			Uid:  ulid.Make().String(),
+		}
+		b.Type.Kind = "album"
+		require.False(t, resource.ReferenceOrIDMatch(a, b))
+	})
+
+	t.Run("different tenancy", func(t *testing.T) {
+		a := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		b := &pbresource.ID{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name: "qux",
+			Uid:  ulid.Make().String(),
+		}
+		b.Tenancy.Namespace = "qux"
+		require.False(t, resource.ReferenceOrIDMatch(a, b))
+	})
+
+	t.Run("different name", func(t *testing.T) {
+		a := &pbresource.Reference{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name:    "qux",
+			Section: "blah",
+		}
+		b := &pbresource.ID{
+			Type: &pbresource.Type{
+				Group:        "demo",
+				GroupVersion: "v2",
+				Kind:         "artist",
+			},
+			Tenancy: &pbresource.Tenancy{
+				Partition: "foo",
+				PeerName:  "bar",
+				Namespace: "baz",
+			},
+			Name: "qux",
+			Uid:  ulid.Make().String(),
+		}
+		b.Name = "boom"
+		require.False(t, resource.ReferenceOrIDMatch(a, b))
+	})
+}
+
 func TestEqualStatus(t *testing.T) {
 	orig := &pbresource.Status{
 		ObservedGeneration: ulid.Make().String(),
diff --git a/internal/resource/mappers/bimapper/bimapper.go b/internal/resource/mappers/bimapper/bimapper.go
new file mode 100644
index 000000000000..3f81e294422d
--- /dev/null
+++ b/internal/resource/mappers/bimapper/bimapper.go
@@ -0,0 +1,212 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package bimapper
+
+import (
+	"context"
+	"fmt"
+	"sync"
+
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+// Mapper tracks bidirectional lookup for an item that contains references to
+// other items. For example: an HTTPRoute has many references to Services.
+//
+// The primary object is called the "item" and an item has many "links".
+// Tracking is done on items.
+type Mapper struct {
+	itemType, linkType *pbresource.Type
+
+	lock       sync.Mutex
+	itemToLink map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}
+	linkToItem map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}
+}
+
+// New creates a bimapper between the two required provided types.
+func New(itemType, linkType *pbresource.Type) *Mapper {
+	if itemType == nil {
+		panic("itemType is required")
+	}
+	if linkType == nil {
+		panic("linkType is required")
+	}
+	return &Mapper{
+		itemType:   itemType,
+		linkType:   linkType,
+		itemToLink: make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}),
+		linkToItem: make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}),
+	}
+}
+
+// Reset clears the internal mappings.
+func (m *Mapper) Reset() {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	m.itemToLink = make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{})
+	m.linkToItem = make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{})
+}
+
+// IsEmpty returns true if the internal structures are empty.
+func (m *Mapper) IsEmpty() bool {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	return len(m.itemToLink) == 0 && len(m.linkToItem) == 0
+}
+
+// UntrackItem removes tracking for the provided item. The item type MUST match
+// the type configured for the item.
+func (m *Mapper) UntrackItem(item *pbresource.ID) {
+	if !resource.EqualType(item.Type, m.itemType) {
+		panic(fmt.Sprintf("expected item type %q got %q",
+			resource.TypeToString(m.itemType),
+			resource.TypeToString(item.Type),
+		))
+	}
+	m.untrackItem(resource.NewReferenceKey(item))
+}
+
+func (m *Mapper) untrackItem(item resource.ReferenceKey) {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	m.removeItemLocked(item)
+}
+
+// TrackItem adds tracking for the provided item. The item and link types MUST
+// match the types configured for the items and links.
+func (m *Mapper) TrackItem(item *pbresource.ID, links []*pbresource.Reference) {
+	if !resource.EqualType(item.Type, m.itemType) {
+		panic(fmt.Sprintf("expected item type %q got %q",
+			resource.TypeToString(m.itemType),
+			resource.TypeToString(item.Type),
+		))
+	}
+
+	linksAsKeys := make([]resource.ReferenceKey, 0, len(links))
+	for _, link := range links {
+		if !resource.EqualType(link.Type, m.linkType) {
+			panic(fmt.Sprintf("expected link type %q got %q",
+				resource.TypeToString(m.linkType),
+				resource.TypeToString(link.Type),
+			))
+		}
+		linksAsKeys = append(linksAsKeys, resource.NewReferenceKey(link))
+	}
+
+	m.trackItem(resource.NewReferenceKey(item), linksAsKeys)
+}
+
+func (m *Mapper) trackItem(item resource.ReferenceKey, links []resource.ReferenceKey) {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+
+	m.removeItemLocked(item)
+	m.addItemLocked(item, links)
+}
+
+// you must hold the lock before calling this function
+func (m *Mapper) removeItemLocked(item resource.ReferenceKey) {
+	for link := range m.itemToLink[item] {
+		delete(m.linkToItem[link], item)
+		if len(m.linkToItem[link]) == 0 {
+			delete(m.linkToItem, link)
+		}
+	}
+	delete(m.itemToLink, item)
+}
+
+// you must hold the lock before calling this function
+func (m *Mapper) addItemLocked(item resource.ReferenceKey, links []resource.ReferenceKey) {
+	if m.itemToLink[item] == nil {
+		m.itemToLink[item] = make(map[resource.ReferenceKey]struct{})
+	}
+	for _, link := range links {
+		m.itemToLink[item][link] = struct{}{}
+
+		if m.linkToItem[link] == nil {
+			m.linkToItem[link] = make(map[resource.ReferenceKey]struct{})
+		}
+		m.linkToItem[link][item] = struct{}{}
+	}
+}
+
+// LinksForItem returns references to links related to the requested item.
+func (m *Mapper) LinksForItem(item *pbresource.ID) []*pbresource.Reference {
+	if !resource.EqualType(item.Type, m.itemType) {
+		panic(fmt.Sprintf("expected item type %q got %q",
+			resource.TypeToString(m.itemType),
+			resource.TypeToString(item.Type),
+		))
+	}
+
+	m.lock.Lock()
+	defer m.lock.Unlock()
+
+	items, ok := m.linkToItem[resource.NewReferenceKey(item)]
+	if !ok {
+		return nil
+	}
+
+	out := make([]*pbresource.Reference, 0, len(items))
+	for item := range items {
+		out = append(out, item.ToReference())
+	}
+	return out
+}
+
+// ItemsForLink returns item ids for items related to the provided link.
+func (m *Mapper) ItemsForLink(link *pbresource.ID) []*pbresource.ID {
+	if !resource.EqualType(link.Type, m.linkType) {
+		panic(fmt.Sprintf("expected type %q got %q",
+			resource.TypeToString(m.linkType),
+			resource.TypeToString(link.Type),
+		))
+	}
+
+	return m.itemsByLink(resource.NewReferenceKey(link))
+}
+
+// MapLink is suitable as a DependencyMapper to map the provided link event to its item.
+func (m *Mapper) MapLink(_ context.Context, _ controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) {
+	link := res.Id
+
+	if !resource.EqualType(link.Type, m.linkType) {
+		return nil, fmt.Errorf("expected type %q got %q",
+			resource.TypeToString(m.linkType),
+			resource.TypeToString(link.Type),
+		)
+	}
+
+	itemIDs := m.itemsByLink(resource.NewReferenceKey(link))
+
+	out := make([]controller.Request, 0, len(itemIDs))
+	for _, item := range itemIDs {
+		if !resource.EqualType(item.Type, m.itemType) {
+			return nil, fmt.Errorf("expected type %q got %q",
+				resource.TypeToString(m.itemType),
+				resource.TypeToString(item.Type),
+			)
+		}
+		out = append(out, controller.Request{ID: item})
+	}
+	return out, nil
+}
+
+func (m *Mapper) itemsByLink(ref resource.ReferenceKey) []*pbresource.ID {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+
+	items, ok := m.linkToItem[ref]
+	if !ok {
+		return nil
+	}
+
+	out := make([]*pbresource.ID, 0, len(items))
+	for item := range items {
+		out = append(out, item.ToID())
+	}
+	return out
+}
diff --git a/internal/resource/mappers/bimapper/bimapper_test.go b/internal/resource/mappers/bimapper/bimapper_test.go
new file mode 100644
index 000000000000..c0f8709ecd9a
--- /dev/null
+++ b/internal/resource/mappers/bimapper/bimapper_test.go
@@ -0,0 +1,169 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package bimapper
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/internal/controller"
+	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/proto/private/prototest"
+)
+
+const (
+	fakeGroupName = "catalog"
+	fakeVersion   = "v1"
+)
+
+var (
+	fakeFooType = &pbresource.Type{
+		Group:        fakeGroupName,
+		GroupVersion: fakeVersion,
+		Kind:         "Foo",
+	}
+	fakeBarType = &pbresource.Type{
+		Group:        fakeGroupName,
+		GroupVersion: fakeVersion,
+		Kind:         "Bar",
+	}
+)
+
+func TestMapper(t *testing.T) {
+	// Create an advance pointer to some services.
+
+	randoSvc := rtest.Resource(fakeBarType, "rando").Build()
+	apiSvc := rtest.Resource(fakeBarType, "api").Build()
+	fooSvc := rtest.Resource(fakeBarType, "foo").Build()
+	barSvc := rtest.Resource(fakeBarType, "bar").Build()
+	wwwSvc := rtest.Resource(fakeBarType, "www").Build()
+
+	fail1 := rtest.Resource(fakeFooType, "api").Build()
+	fail1_refs := []*pbresource.Reference{
+		newRef(fakeBarType, "api"),
+		newRef(fakeBarType, "foo"),
+		newRef(fakeBarType, "bar"),
+	}
+
+	fail2 := rtest.Resource(fakeFooType, "www").Build()
+	fail2_refs := []*pbresource.Reference{
+		newRef(fakeBarType, "www"),
+		newRef(fakeBarType, "foo"),
+	}
+
+	fail1_updated := rtest.Resource(fakeFooType, "api").Build()
+	fail1_updated_refs := []*pbresource.Reference{
+		newRef(fakeBarType, "api"),
+		newRef(fakeBarType, "bar"),
+	}
+
+	m := New(fakeFooType, fakeBarType)
+
+	// Nothing tracked yet so we assume nothing.
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc)
+	requireServicesTracked(t, m, fooSvc)
+	requireServicesTracked(t, m, barSvc)
+	requireServicesTracked(t, m, wwwSvc)
+
+	// no-ops
+	m.UntrackItem(fail1.Id)
+
+	// still nothing
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc)
+	requireServicesTracked(t, m, fooSvc)
+	requireServicesTracked(t, m, barSvc)
+	requireServicesTracked(t, m, wwwSvc)
+
+	// Actually insert some data.
+	m.TrackItem(fail1.Id, fail1_refs)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc, fail1.Id)
+	requireServicesTracked(t, m, fooSvc, fail1.Id)
+	requireServicesTracked(t, m, barSvc, fail1.Id)
+	requireServicesTracked(t, m, wwwSvc)
+
+	// track it again, no change
+	m.TrackItem(fail1.Id, fail1_refs)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc, fail1.Id)
+	requireServicesTracked(t, m, fooSvc, fail1.Id)
+	requireServicesTracked(t, m, barSvc, fail1.Id)
+	requireServicesTracked(t, m, wwwSvc)
+
+	// track new one that overlaps slightly
+	m.TrackItem(fail2.Id, fail2_refs)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc, fail1.Id)
+	requireServicesTracked(t, m, fooSvc, fail1.Id, fail2.Id)
+	requireServicesTracked(t, m, barSvc, fail1.Id)
+	requireServicesTracked(t, m, wwwSvc, fail2.Id)
+
+	// update the original to change it
+	m.TrackItem(fail1_updated.Id, fail1_updated_refs)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc, fail1.Id)
+	requireServicesTracked(t, m, fooSvc, fail2.Id)
+	requireServicesTracked(t, m, barSvc, fail1.Id)
+	requireServicesTracked(t, m, wwwSvc, fail2.Id)
+
+	// delete the original
+	m.UntrackItem(fail1.Id)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc)
+	requireServicesTracked(t, m, fooSvc, fail2.Id)
+	requireServicesTracked(t, m, barSvc)
+	requireServicesTracked(t, m, wwwSvc, fail2.Id)
+
+	// delete the other one
+	m.UntrackItem(fail2.Id)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc)
+	requireServicesTracked(t, m, fooSvc)
+	requireServicesTracked(t, m, barSvc)
+	requireServicesTracked(t, m, wwwSvc)
+}
+
+func requireServicesTracked(t *testing.T, mapper *Mapper, link *pbresource.Resource, items ...*pbresource.ID) {
+	t.Helper()
+
+	reqs, err := mapper.MapLink(
+		context.Background(),
+		controller.Runtime{},
+		link,
+	)
+	require.NoError(t, err)
+
+	require.Len(t, reqs, len(items))
+
+	for _, item := range items {
+		prototest.AssertContainsElement(t, reqs, controller.Request{ID: item})
+	}
+}
+
+func newRef(typ *pbresource.Type, name string) *pbresource.Reference {
+	return rtest.Resource(typ, name).Reference("")
+}
+
+func newID(typ *pbresource.Type, name string) *pbresource.ID {
+	return rtest.Resource(typ, name).ID()
+}
+
+func defaultTenancy() *pbresource.Tenancy {
+	return &pbresource.Tenancy{
+		Partition: "default",
+		Namespace: "default",
+		PeerName:  "local",
+	}
+}
diff --git a/internal/resource/reference.go b/internal/resource/reference.go
index 80492c98787a..7610f6288d83 100644
--- a/internal/resource/reference.go
+++ b/internal/resource/reference.go
@@ -14,3 +14,26 @@ func Reference(id *pbresource.ID, section string) *pbresource.Reference {
 		Section: section,
 	}
 }
+
+// IDFromReference returns a Reference converted into an ID. NOTE: the UID
+// field is not populated, and the Section field of a reference is dropped.
+func IDFromReference(ref *pbresource.Reference) *pbresource.ID {
+	return &pbresource.ID{
+		Type:    ref.Type,
+		Tenancy: ref.Tenancy,
+		Name:    ref.Name,
+	}
+}
+
+// ReferenceOrID is the common accessors shared by pbresource.Reference and
+// pbresource.ID.
+type ReferenceOrID interface {
+	GetType() *pbresource.Type
+	GetTenancy() *pbresource.Tenancy
+	GetName() string
+}
+
+var (
+	_ ReferenceOrID = (*pbresource.ID)(nil)
+	_ ReferenceOrID = (*pbresource.Reference)(nil)
+)
diff --git a/internal/resource/refkey.go b/internal/resource/refkey.go
new file mode 100644
index 000000000000..d6ddcac6a191
--- /dev/null
+++ b/internal/resource/refkey.go
@@ -0,0 +1,93 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package resource
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+// ReferenceKey is the pointer-free representation of a ReferenceOrID
+// suitable for a go map key.
+type ReferenceKey struct {
+	GVK       string
+	Partition string // Tenancy.*
+	Namespace string // Tenancy.*
+	PeerName  string // Tenancy.*
+	Name      string
+}
+
+// String returns a string representation of the ReferenceKey. This should not
+// be relied upon nor parsed and is provided just for debugging and logging
+// reasons.
+//
+// This format should be aligned with IDToString and ReferenceToString.
+func (r ReferenceKey) String() string {
+	return fmt.Sprintf("%s/%s.%s.%s/%s",
+		r.GVK,
+		orDefault(r.Partition, "default"),
+		orDefault(r.PeerName, "local"),
+		orDefault(r.Namespace, "default"),
+		r.Name,
+	)
+}
+
+func (r ReferenceKey) GetTenancy() *pbresource.Tenancy {
+	return &pbresource.Tenancy{
+		Partition: r.Partition,
+		PeerName:  r.PeerName,
+		Namespace: r.Namespace,
+	}
+}
+
+// ToReference converts this back into a pbresource.ID.
+func (r ReferenceKey) ToID() *pbresource.ID {
+	return &pbresource.ID{
+		Type:    GVKToType(r.GVK),
+		Tenancy: r.GetTenancy(),
+		Name:    r.Name,
+	}
+}
+
+// ToReference converts this back into a pbresource.Reference.
+func (r ReferenceKey) ToReference() *pbresource.Reference {
+	return &pbresource.Reference{
+		Type:    GVKToType(r.GVK),
+		Tenancy: r.GetTenancy(),
+		Name:    r.Name,
+	}
+}
+
+func (r ReferenceKey) GoString() string { return r.String() }
+
+func NewReferenceKey(refOrID ReferenceOrID) ReferenceKey {
+	return ReferenceKey{
+		GVK:       ToGVK(refOrID.GetType()),
+		Partition: orDefault(refOrID.GetTenancy().GetPartition(), "default"),
+		Namespace: orDefault(refOrID.GetTenancy().GetNamespace(), "default"),
+		PeerName:  orDefault(refOrID.GetTenancy().GetPeerName(), "local"),
+		Name:      refOrID.GetName(),
+	}
+}
+
+func orDefault(v, def string) string {
+	if v == "" {
+		return def
+	}
+	return v
+}
+
+func GVKToType(gvk string) *pbresource.Type {
+	parts := strings.Split(gvk, ".")
+	if len(parts) != 3 {
+		panic("bad gvk")
+	}
+	return &pbresource.Type{
+		Group:        parts[0],
+		GroupVersion: parts[1],
+		Kind:         parts[2],
+	}
+}
diff --git a/internal/resource/refkey_test.go b/internal/resource/refkey_test.go
new file mode 100644
index 000000000000..f5f1a7796f0c
--- /dev/null
+++ b/internal/resource/refkey_test.go
@@ -0,0 +1,87 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package resource_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/resource/demo"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/proto/private/prototest"
+)
+
+func TestReferenceKey(t *testing.T) {
+	tenancy1 := &pbresource.Tenancy{}
+	tenancy1_actual := defaultTenancy()
+	tenancy2 := &pbresource.Tenancy{
+		Partition: "ap1",
+		Namespace: "ns-billing",
+		PeerName:  "peer-dc4",
+	}
+	tenancy3 := &pbresource.Tenancy{
+		Partition: "ap2",
+		Namespace: "ns-intern",
+		PeerName:  "peer-sea",
+	}
+
+	res1, err := demo.GenerateV2Artist()
+	require.NoError(t, err)
+	res1.Id.Tenancy = tenancy1
+
+	res2, err := demo.GenerateV2Artist()
+	require.NoError(t, err)
+	res2.Id.Tenancy = tenancy2
+
+	res3, err := demo.GenerateV2Artist()
+	require.NoError(t, err)
+	res3.Id.Tenancy = tenancy3
+
+	id1 := res1.Id
+	id2 := res2.Id
+	id3 := res3.Id
+
+	ref1 := resource.Reference(id1, "")
+	ref2 := resource.Reference(id2, "")
+	ref3 := resource.Reference(id3, "")
+
+	idRK1 := resource.NewReferenceKey(id1)
+	idRK2 := resource.NewReferenceKey(id2)
+	idRK3 := resource.NewReferenceKey(id3)
+
+	refRK1 := resource.NewReferenceKey(ref1)
+	refRK2 := resource.NewReferenceKey(ref2)
+	refRK3 := resource.NewReferenceKey(ref3)
+
+	require.Equal(t, idRK1, refRK1)
+	require.Equal(t, idRK2, refRK2)
+	require.Equal(t, idRK3, refRK3)
+
+	prototest.AssertDeepEqual(t, tenancy1_actual, idRK1.GetTenancy())
+	prototest.AssertDeepEqual(t, tenancy2, idRK2.GetTenancy())
+	prototest.AssertDeepEqual(t, tenancy3, idRK3.GetTenancy())
+
+	// Now that we tested the defaulting, swap out the tenancy in the id so
+	// that the comparisons work.
+	id1.Tenancy = tenancy1_actual
+	ref1.Tenancy = tenancy1_actual
+
+	prototest.AssertDeepEqual(t, id1, idRK1.ToID())
+	prototest.AssertDeepEqual(t, id2, idRK2.ToID())
+	prototest.AssertDeepEqual(t, id3, idRK3.ToID())
+
+	prototest.AssertDeepEqual(t, ref1, refRK1.ToReference())
+	prototest.AssertDeepEqual(t, ref2, refRK2.ToReference())
+	prototest.AssertDeepEqual(t, ref3, refRK3.ToReference())
+}
+
+func defaultTenancy() *pbresource.Tenancy {
+	return &pbresource.Tenancy{
+		Partition: "default",
+		Namespace: "default",
+		PeerName:  "local",
+	}
+}
diff --git a/internal/resource/resourcetest/builder.go b/internal/resource/resourcetest/builder.go
index 749ff4fea27e..395cba57b28f 100644
--- a/internal/resource/resourcetest/builder.go
+++ b/internal/resource/resourcetest/builder.go
@@ -1,12 +1,11 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
 package resourcetest
 
 import (
 	"strings"
 
-	"github.com/hashicorp/consul/internal/storage"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/sdk/testutil"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/oklog/ulid/v2"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
@@ -14,6 +13,12 @@ import (
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/types/known/anypb"
+
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/storage"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
 )
 
 type resourceBuilder struct {
@@ -118,6 +123,10 @@ func (b *resourceBuilder) ID() *pbresource.ID {
 	return b.resource.Id
 }
 
+func (b *resourceBuilder) Reference(section string) *pbresource.Reference {
+	return resource.Reference(b.ID(), section)
+}
+
 func (b *resourceBuilder) Write(t T, client pbresource.ResourceServiceClient) *pbresource.Resource {
 	t.Helper()
 
@@ -136,6 +145,9 @@ func (b *resourceBuilder) Write(t T, client pbresource.ResourceServiceClient) *p
 		})
 
 		if err == nil || res.Id.Uid != "" || status.Code(err) != codes.FailedPrecondition {
+			if err != nil {
+				t.Logf("write saw error: %v", err)
+			}
 			return
 		}
 
diff --git a/internal/resource/resourcetest/client.go b/internal/resource/resourcetest/client.go
index 5047406d0585..17d621884e7d 100644
--- a/internal/resource/resourcetest/client.go
+++ b/internal/resource/resourcetest/client.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
 package resourcetest
 
 import (
@@ -5,14 +8,15 @@ import (
 	"math/rand"
 	"time"
 
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/sdk/testutil"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/exp/slices"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
 )
 
 type Client struct {
@@ -157,6 +161,16 @@ func (client *Client) RequireStatusConditionForCurrentGen(t T, id *pbresource.ID
 	return res
 }
 
+func (client *Client) RequireStatusConditionsForCurrentGen(t T, id *pbresource.ID, statusKey string, conditions []*pbresource.Condition) *pbresource.Resource {
+	t.Helper()
+
+	res := client.RequireResourceExists(t, id)
+	for _, condition := range conditions {
+		RequireStatusConditionForCurrentGen(t, res, statusKey, condition)
+	}
+	return res
+}
+
 func (client *Client) RequireResourceMeta(t T, id *pbresource.ID, key string, value string) *pbresource.Resource {
 	t.Helper()
 
@@ -196,6 +210,17 @@ func (client *Client) WaitForStatusCondition(t T, id *pbresource.ID, statusKey s
 	return res
 }
 
+func (client *Client) WaitForStatusConditions(t T, id *pbresource.ID, statusKey string, conditions ...*pbresource.Condition) *pbresource.Resource {
+	t.Helper()
+
+	var res *pbresource.Resource
+	client.retry(t, func(r *retry.R) {
+		res = client.RequireStatusConditionsForCurrentGen(r, id, statusKey, conditions)
+	})
+
+	return res
+}
+
 func (client *Client) WaitForNewVersion(t T, id *pbresource.ID, version string) *pbresource.Resource {
 	t.Helper()
 
diff --git a/internal/resource/resourcetest/decode.go b/internal/resource/resourcetest/decode.go
new file mode 100644
index 000000000000..3bdb35cc02bd
--- /dev/null
+++ b/internal/resource/resourcetest/decode.go
@@ -0,0 +1,23 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package resourcetest
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/proto"
+
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+func MustDecode[V any, PV interface {
+	proto.Message
+	*V
+}](t *testing.T, res *pbresource.Resource) *resource.DecodedResource[V, PV] {
+	dec, err := resource.Decode[V, PV](res)
+	require.NoError(t, err)
+	return dec
+}
diff --git a/internal/resource/resourcetest/validation.go b/internal/resource/resourcetest/validation.go
new file mode 100644
index 000000000000..e8f3ee22180a
--- /dev/null
+++ b/internal/resource/resourcetest/validation.go
@@ -0,0 +1,30 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package resourcetest
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+func ValidateAndNormalize(t *testing.T, registry resource.Registry, res *pbresource.Resource) {
+	typ := res.Id.Type
+
+	typeInfo, ok := registry.Resolve(typ)
+	if !ok {
+		t.Fatalf("unhandled resource type: %q", resource.ToGVK(typ))
+	}
+
+	if typeInfo.Mutate != nil {
+		require.NoError(t, typeInfo.Mutate(res), "failed to apply type mutation to resource")
+	}
+
+	if typeInfo.Validate != nil {
+		require.NoError(t, typeInfo.Validate(res), "failed to validate resource")
+	}
+}
diff --git a/internal/resource/stringer.go b/internal/resource/stringer.go
new file mode 100644
index 000000000000..927a86f2ba47
--- /dev/null
+++ b/internal/resource/stringer.go
@@ -0,0 +1,60 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package resource
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+// IDToString returns a string representation of pbresource.ID. This should not
+// be relied upon nor parsed and is provided just for debugging and logging
+// reasons.
+//
+// This format should be aligned with ReferenceToString and
+// (ReferenceKey).String.
+func IDToString(id *pbresource.ID) string {
+	s := fmt.Sprintf("%s/%s/%s",
+		TypeToString(id.Type),
+		TenancyToString(id.Tenancy),
+		id.Name,
+	)
+	if id.Uid != "" {
+		return s + "?uid=" + id.Uid
+	}
+	return s
+}
+
+// ReferenceToString returns a string representation of pbresource.Reference.
+// This should not be relied upon nor parsed and is provided just for debugging
+// and logging reasons.
+//
+// This format should be aligned with IDToString and (ReferenceKey).String.
+func ReferenceToString(ref *pbresource.Reference) string {
+	s := fmt.Sprintf("%s/%s/%s",
+		TypeToString(ref.Type),
+		TenancyToString(ref.Tenancy),
+		ref.Name,
+	)
+
+	if ref.Section != "" {
+		return s + "?section=" + ref.Section
+	}
+	return s
+}
+
+// TenancyToString returns a string representation of pbresource.Tenancy. This
+// should not be relied upon nor parsed and is provided just for debugging and
+// logging reasons.
+func TenancyToString(tenancy *pbresource.Tenancy) string {
+	return fmt.Sprintf("%s.%s.%s", tenancy.Partition, tenancy.PeerName, tenancy.Namespace)
+}
+
+// TypeToString returns a string representation of pbresource.Type. This should
+// not be relied upon nor parsed and is provided just for debugging and logging
+// reasons.
+func TypeToString(typ *pbresource.Type) string {
+	return ToGVK(typ)
+}

From 2a8bf5df61334aa8f9de06239e9c15ccbcacb1cf Mon Sep 17 00:00:00 2001
From: John Landa <jonathanlanda@gmail.com>
Date: Tue, 1 Aug 2023 14:49:39 -0600
Subject: [PATCH 239/359] Wasm integration tests for local and remote wasm
 files (#17756)

* wasm integration tests for local and remote wasm files

refactoring and cleanup for wasm testing

remove wasm debug logging

PR feedback, wasm build lock

correct path pattern for wasm build files

Add new helper function to minimize changes to existing test code

Remove extra param

mod tidy

add custom service setup to test lib

add wait until static server sidecar can reach nginx sidecar

Doc comments

PR feedback

Update workflows to compile wasm for integration tests

Fix docker build path

Fix package name for linter

Update makefile, fix redeclared function

Update expected wasm filename

Debug test ls in workflow

remove pwd in favor of relative path

more debugging

Build wasm in compatability tests as well

Build wasm directly in ci rather than in container

Debug tinygo and llvm version

Change wasm file extension

Remove tinygo debugging

Remove extra comments

* Add compiled wasm and build instructions
---
 .../libs/cluster/container.go                 |   2 +
 .../consul-container/libs/service/connect.go  |  16 +-
 .../consul-container/libs/service/examples.go |  36 ++
 .../consul-container/libs/service/helpers.go  | 112 ++++-
 .../libs/topology/service_topology.go         |   3 +-
 .../testdata/wasm_test_files/Dockerfile       |   3 +
 .../testdata/wasm_test_files/README.md        |  14 +
 .../testdata/wasm_test_files/build.sh         |   3 +
 .../testdata/wasm_test_files/go.mod           |  13 +
 .../testdata/wasm_test_files/go.sum           |  12 +
 .../testdata/wasm_test_files/nginx.conf       |  13 +
 .../wasm_test_files/wasm_add_header.go        |  47 ++
 .../wasm_test_files/wasm_add_header.wasm      | Bin 0 -> 400008 bytes
 .../test/envoy_extensions/wasm_test.go        | 461 ++++++++++++++++++
 .../consul-container/test/upgrade/common.go   |   2 +-
 15 files changed, 727 insertions(+), 10 deletions(-)
 create mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile
 create mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/README.md
 create mode 100755 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh
 create mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod
 create mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum
 create mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/nginx.conf
 create mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go
 create mode 100755 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.wasm
 create mode 100644 test/integration/consul-container/test/envoy_extensions/wasm_test.go

diff --git a/test/integration/consul-container/libs/cluster/container.go b/test/integration/consul-container/libs/cluster/container.go
index a371404bafe0..4002c9c301b5 100644
--- a/test/integration/consul-container/libs/cluster/container.go
+++ b/test/integration/consul-container/libs/cluster/container.go
@@ -630,6 +630,8 @@ func newContainerRequest(config Config, opts containerOpts, ports ...int) (podRe
 			"9997/tcp", // Envoy App Listener
 			"9998/tcp", // Envoy App Listener
 			"9999/tcp", // Envoy App Listener
+
+			"80/tcp", // Nginx - http port used in wasm tests
 		},
 		Hostname: opts.hostname,
 		Networks: opts.addtionalNetworks,
diff --git a/test/integration/consul-container/libs/service/connect.go b/test/integration/consul-container/libs/service/connect.go
index 4251a6d3c89a..36df4e09f769 100644
--- a/test/integration/consul-container/libs/service/connect.go
+++ b/test/integration/consul-container/libs/service/connect.go
@@ -157,8 +157,15 @@ type SidecarConfig struct {
 // "consul connect envoy", for service name (serviceName) on the specified
 // node. The container exposes port serviceBindPort and envoy admin port
 // (19000) by mapping them onto host ports. The container's name has a prefix
-// combining datacenter and name.
-func NewConnectService(ctx context.Context, sidecarCfg SidecarConfig, serviceBindPorts []int, node cluster.Agent) (*ConnectContainer, error) {
+// combining datacenter and name. The customContainerConf parameter can be used
+// to mutate the testcontainers.ContainerRequest used to create the sidecar proxy.
+func NewConnectService(
+	ctx context.Context,
+	sidecarCfg SidecarConfig,
+	serviceBindPorts []int,
+	node cluster.Agent,
+	customContainerConf func(request testcontainers.ContainerRequest) testcontainers.ContainerRequest,
+) (*ConnectContainer, error) {
 	nodeConfig := node.GetConfig()
 	if nodeConfig.ScratchDir == "" {
 		return nil, fmt.Errorf("node ScratchDir is required")
@@ -265,6 +272,11 @@ func NewConnectService(ctx context.Context, sidecarCfg SidecarConfig, serviceBin
 	exposedPorts := make([]string, len(appPortStrs))
 	copy(exposedPorts, appPortStrs)
 	exposedPorts = append(exposedPorts, adminPortStr)
+
+	if customContainerConf != nil {
+		req = customContainerConf(req)
+	}
+
 	info, err := cluster.LaunchContainerOnNode(ctx, node, req, exposedPorts)
 	if err != nil {
 		return nil, err
diff --git a/test/integration/consul-container/libs/service/examples.go b/test/integration/consul-container/libs/service/examples.go
index 85505c5dccc5..b77869e15b7f 100644
--- a/test/integration/consul-container/libs/service/examples.go
+++ b/test/integration/consul-container/libs/service/examples.go
@@ -127,6 +127,42 @@ func (c exampleContainer) GetStatus() (string, error) {
 	return state.Status, err
 }
 
+// NewCustomService creates a new test service from a custom testcontainers.ContainerRequest.
+func NewCustomService(ctx context.Context, name string, httpPort int, grpcPort int, node libcluster.Agent, request testcontainers.ContainerRequest) (Service, error) {
+	namePrefix := fmt.Sprintf("%s-service-example-%s", node.GetDatacenter(), name)
+	containerName := utils.RandName(namePrefix)
+
+	pod := node.GetPod()
+	if pod == nil {
+		return nil, fmt.Errorf("node Pod is required")
+	}
+
+	var (
+		httpPortStr = strconv.Itoa(httpPort)
+		grpcPortStr = strconv.Itoa(grpcPort)
+	)
+
+	request.Name = containerName
+
+	info, err := libcluster.LaunchContainerOnNode(ctx, node, request, []string{httpPortStr, grpcPortStr})
+	if err != nil {
+		return nil, err
+	}
+
+	out := &exampleContainer{
+		ctx:         ctx,
+		container:   info.Container,
+		ip:          info.IP,
+		httpPort:    info.MappedPorts[httpPortStr].Int(),
+		grpcPort:    info.MappedPorts[grpcPortStr].Int(),
+		serviceName: name,
+	}
+
+	fmt.Printf("Custom service exposed http port %d, gRPC port %d\n", out.httpPort, out.grpcPort)
+
+	return out, nil
+}
+
 func NewExampleService(ctx context.Context, name string, httpPort int, grpcPort int, node libcluster.Agent, containerArgs ...string) (Service, error) {
 	namePrefix := fmt.Sprintf("%s-service-example-%s", node.GetDatacenter(), name)
 	containerName := utils.RandName(namePrefix)
diff --git a/test/integration/consul-container/libs/service/helpers.go b/test/integration/consul-container/libs/service/helpers.go
index 70624bf001d8..d4f866aeb403 100644
--- a/test/integration/consul-container/libs/service/helpers.go
+++ b/test/integration/consul-container/libs/service/helpers.go
@@ -9,6 +9,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
+	"github.com/testcontainers/testcontainers-go"
 
 	"github.com/hashicorp/consul/api"
 	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
@@ -50,7 +51,7 @@ type ServiceOpts struct {
 }
 
 // createAndRegisterStaticServerAndSidecar register the services and launch static-server containers
-func createAndRegisterStaticServerAndSidecar(node libcluster.Agent, httpPort int, grpcPort int, svc *api.AgentServiceRegistration, containerArgs ...string) (Service, Service, error) {
+func createAndRegisterStaticServerAndSidecar(node libcluster.Agent, httpPort int, grpcPort int, svc *api.AgentServiceRegistration, customContainerCfg func(testcontainers.ContainerRequest) testcontainers.ContainerRequest, containerArgs ...string) (Service, Service, error) {
 	// Do some trickery to ensure that partial completion is correctly torn
 	// down, but successful execution is not.
 	var deferClean utils.ResettableDefer
@@ -77,10 +78,11 @@ func createAndRegisterStaticServerAndSidecar(node libcluster.Agent, httpPort int
 			svc.Connect.SidecarService.Proxy != nil &&
 			svc.Connect.SidecarService.Proxy.Mode == api.ProxyModeTransparent,
 	}
-	serverConnectProxy, err := NewConnectService(context.Background(), sidecarCfg, []int{svc.Port}, node) // bindPort not used
+	serverConnectProxy, err := NewConnectService(context.Background(), sidecarCfg, []int{svc.Port}, node, customContainerCfg) // bindPort not used
 	if err != nil {
 		return nil, nil, err
 	}
+
 	deferClean.Add(func() {
 		_ = serverConnectProxy.Terminate()
 	})
@@ -91,7 +93,101 @@ func createAndRegisterStaticServerAndSidecar(node libcluster.Agent, httpPort int
 	return serverService, serverConnectProxy, nil
 }
 
-func CreateAndRegisterStaticServerAndSidecar(node libcluster.Agent, serviceOpts *ServiceOpts, containerArgs ...string) (Service, Service, error) {
+// createAndRegisterCustomServiceAndSidecar creates a custom service from the given testcontainers.ContainerRequest
+// and a sidecar proxy for the service. The customContainerCfg parameter is used to mutate the
+// testcontainers.ContainerRequest for the sidecar proxy.
+func createAndRegisterCustomServiceAndSidecar(node libcluster.Agent,
+	httpPort int,
+	grpcPort int,
+	svc *api.AgentServiceRegistration,
+	request testcontainers.ContainerRequest,
+	customContainerCfg func(testcontainers.ContainerRequest) testcontainers.ContainerRequest,
+) (Service, Service, error) {
+	// Do some trickery to ensure that partial completion is correctly torn
+	// down, but successful execution is not.
+	var deferClean utils.ResettableDefer
+	defer deferClean.Execute()
+
+	if err := node.GetClient().Agent().ServiceRegister(svc); err != nil {
+		return nil, nil, err
+	}
+
+	// Create a service and proxy instance
+	serverService, err := NewCustomService(context.Background(), svc.ID, httpPort, grpcPort, node, request)
+	if err != nil {
+		return nil, nil, err
+	}
+	deferClean.Add(func() {
+		_ = serverService.Terminate()
+	})
+	sidecarCfg := SidecarConfig{
+		Name:      fmt.Sprintf("%s-sidecar", svc.ID),
+		ServiceID: svc.ID,
+		Namespace: svc.Namespace,
+		EnableTProxy: svc.Connect != nil &&
+			svc.Connect.SidecarService != nil &&
+			svc.Connect.SidecarService.Proxy != nil &&
+			svc.Connect.SidecarService.Proxy.Mode == api.ProxyModeTransparent,
+	}
+	serverConnectProxy, err := NewConnectService(context.Background(), sidecarCfg, []int{svc.Port}, node, customContainerCfg) // bindPort not used
+	if err != nil {
+		return nil, nil, err
+	}
+
+	deferClean.Add(func() {
+		_ = serverConnectProxy.Terminate()
+	})
+
+	// disable cleanup functions now that we have an object with a Terminate() function
+	deferClean.Reset()
+
+	return serverService, serverConnectProxy, nil
+}
+
+func CreateAndRegisterCustomServiceAndSidecar(node libcluster.Agent,
+	serviceOpts *ServiceOpts,
+	request testcontainers.ContainerRequest,
+	customContainerCfg func(testcontainers.ContainerRequest) testcontainers.ContainerRequest) (Service, Service, error) {
+	// Register the static-server service and sidecar first to prevent race with sidecar
+	// trying to get xDS before it's ready
+	p := serviceOpts.HTTPPort
+	agentCheck := api.AgentServiceCheck{
+		Name:     "Static Server Listening",
+		TCP:      fmt.Sprintf("127.0.0.1:%d", p),
+		Interval: "10s",
+		Status:   api.HealthPassing,
+	}
+	if serviceOpts.RegisterGRPC {
+		p = serviceOpts.GRPCPort
+		agentCheck.TCP = ""
+		agentCheck.GRPC = fmt.Sprintf("127.0.0.1:%d", p)
+	}
+	req := &api.AgentServiceRegistration{
+		Name: serviceOpts.Name,
+		ID:   serviceOpts.ID,
+		Port: p,
+		Connect: &api.AgentServiceConnect{
+			SidecarService: &api.AgentServiceRegistration{
+				Proxy: &api.AgentServiceConnectProxyConfig{
+					Mode: api.ProxyMode(serviceOpts.Connect.Proxy.Mode),
+				},
+			},
+		},
+		Namespace: serviceOpts.Namespace,
+		Meta:      serviceOpts.Meta,
+		Check:     &agentCheck,
+	}
+	return createAndRegisterCustomServiceAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req, request, customContainerCfg)
+}
+
+// CreateAndRegisterStaticServerAndSidecarWithCustomContainerConfig creates an example static server and a sidecar for
+// the service. The customContainerCfg parameter is a function of testcontainers.ContainerRequest to
+// testcontainers.ContainerRequest which can be used to mutate the container request for the sidecar proxy and inject
+// custom configuration and lifecycle hooks.
+func CreateAndRegisterStaticServerAndSidecarWithCustomContainerConfig(node libcluster.Agent,
+	serviceOpts *ServiceOpts,
+	customContainerCfg func(testcontainers.ContainerRequest) testcontainers.ContainerRequest,
+	containerArgs ...string) (Service, Service, error) {
 	// Register the static-server service and sidecar first to prevent race with sidecar
 	// trying to get xDS before it's ready
 	p := serviceOpts.HTTPPort
@@ -122,7 +218,11 @@ func CreateAndRegisterStaticServerAndSidecar(node libcluster.Agent, serviceOpts
 		Check:     &agentCheck,
 		Locality:  serviceOpts.Locality,
 	}
-	return createAndRegisterStaticServerAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req, containerArgs...)
+	return createAndRegisterStaticServerAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req, customContainerCfg, containerArgs...)
+}
+
+func CreateAndRegisterStaticServerAndSidecar(node libcluster.Agent, serviceOpts *ServiceOpts, containerArgs ...string) (Service, Service, error) {
+	return CreateAndRegisterStaticServerAndSidecarWithCustomContainerConfig(node, serviceOpts, nil, containerArgs...)
 }
 
 func CreateAndRegisterStaticServerAndSidecarWithChecks(node libcluster.Agent, serviceOpts *ServiceOpts) (Service, Service, error) {
@@ -149,7 +249,7 @@ func CreateAndRegisterStaticServerAndSidecarWithChecks(node libcluster.Agent, se
 		Meta: serviceOpts.Meta,
 	}
 
-	return createAndRegisterStaticServerAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req)
+	return createAndRegisterStaticServerAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req, nil)
 }
 
 func CreateAndRegisterStaticClientSidecar(
@@ -209,7 +309,7 @@ func CreateAndRegisterStaticClientSidecar(
 		EnableTProxy: enableTProxy,
 	}
 
-	clientConnectProxy, err := NewConnectService(context.Background(), sidecarCfg, []int{libcluster.ServiceUpstreamLocalBindPort}, node)
+	clientConnectProxy, err := NewConnectService(context.Background(), sidecarCfg, []int{libcluster.ServiceUpstreamLocalBindPort}, node, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/test/integration/consul-container/libs/topology/service_topology.go b/test/integration/consul-container/libs/topology/service_topology.go
index 2a69ddc7cd62..06a1c8475549 100644
--- a/test/integration/consul-container/libs/topology/service_topology.go
+++ b/test/integration/consul-container/libs/topology/service_topology.go
@@ -7,11 +7,12 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/stretchr/testify/require"
+
 	"github.com/hashicorp/consul/api"
 	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
 	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
 	libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service"
-	"github.com/stretchr/testify/require"
 )
 
 // CreateServices
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile
new file mode 100644
index 000000000000..6c5d77a16052
--- /dev/null
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile
@@ -0,0 +1,3 @@
+FROM tinygo/tinygo:sha-598cb1e4ddce53d85600a1b7724ed39eea80e119
+COPY ./build.sh /
+ENTRYPOINT ["/build.sh"]
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/README.md b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/README.md
new file mode 100644
index 000000000000..173e27bf3709
--- /dev/null
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/README.md
@@ -0,0 +1,14 @@
+# Building WASM test files
+
+We have seen some issues with building the wasm test files on the build runners for the integration test. Currently,
+the theory is that there may be some differences in the clang toolchain on different runners which cause panics in
+tinygo if the job is scheduled on particular runners but not others.
+
+In order to get around this, we are just building the wasm test file and checking it into the repo.
+
+To build the wasm test file, 
+
+```bash
+~/consul/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files
+> docker run -v ./:/wasm --rm $(docker build -q .)
+```
\ No newline at end of file
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh
new file mode 100755
index 000000000000..1bedc2b52038
--- /dev/null
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+cd /wasm
+tinygo build -o /wasm/wasm_add_header.wasm -scheduler=none -target=wasi /wasm/wasm_add_header.go
\ No newline at end of file
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod
new file mode 100644
index 000000000000..95d0c7ede900
--- /dev/null
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod
@@ -0,0 +1,13 @@
+module main
+
+go 1.20
+
+require (
+	github.com/tetratelabs/proxy-wasm-go-sdk v0.21.0
+	github.com/tidwall/gjson v1.14.4
+)
+
+require (
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.0 // indirect
+)
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum
new file mode 100644
index 000000000000..39bbbdf17388
--- /dev/null
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum
@@ -0,0 +1,12 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+github.com/tetratelabs/proxy-wasm-go-sdk v0.21.0 h1:sxuh1wxy/zz4vXwMEC+ESVpwJmej1f22eYsrJlgVn7c=
+github.com/tetratelabs/proxy-wasm-go-sdk v0.21.0/go.mod h1:jqQTUvJBI6WJ+sVCZON3A4GwmUfBDuiNnZ4kuxsvLCo=
+github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM=
+github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
+github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
+github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/nginx.conf b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/nginx.conf
new file mode 100644
index 000000000000..06533f75ac1a
--- /dev/null
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/nginx.conf
@@ -0,0 +1,13 @@
+server {
+    # send wasm files as download rather than render as html
+    location ~ ^.*/(?P<request_basename>[^/]+\.(wasm))$  {
+        root /www/downloads;
+
+       add_header Content-disposition 'attachment; filename="$request_basename"';
+       types {
+        application/octet-stream .wasm;
+       }
+       default_type application/octet-stream;
+    }
+}
+
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go
new file mode 100644
index 000000000000..86a4af214211
--- /dev/null
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go
@@ -0,0 +1,47 @@
+package main
+
+import (
+	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm"
+	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm/types"
+)
+
+func main() {
+	proxywasm.SetVMContext(&vmContext{})
+}
+
+type vmContext struct {
+	// Embed the default VM context here,
+	// so that we don't need to reimplement all the methods.
+	types.DefaultVMContext
+}
+
+func (*vmContext) NewPluginContext(contextID uint32) types.PluginContext {
+	return &pluginContext{}
+}
+
+type pluginContext struct {
+	// Embed the default plugin context here,
+	// so that we don't need to reimplement all the methods.
+	types.DefaultPluginContext
+}
+
+func (p *pluginContext) NewHttpContext(contextID uint32) types.HttpContext {
+	return &httpHeaders{}
+}
+
+type httpHeaders struct {
+	// Embed the default http context here,
+	// so that we don't need to reimplement all the methods.
+	types.DefaultHttpContext
+}
+
+func (ctx *httpHeaders) OnHttpResponseHeaders(int, bool) types.Action {
+	proxywasm.LogDebug("adding header: x-test:true")
+
+	err := proxywasm.AddHttpResponseHeader("x-test", "true")
+	if err != nil {
+		proxywasm.LogCriticalf("failed to add test header to response: %v", err)
+	}
+
+	return types.ActionContinue
+}
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.wasm b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.wasm
new file mode 100755
index 0000000000000000000000000000000000000000..520e7e144ada5b0bc7dc9e1860e1908d88f76add
GIT binary patch
literal 400008
zcmeFadzhccRp<HMe)sOyD_OQ>w}{{04^7g>5{Mw%LThkWk9D(r5s8QKux2F3R$_O{
zwz}0;oS;Y@TX8xdf&zwU84YO$CsGnA5#X?5(F`3BgLcLX+F9|S=RvRyqgk|r1_YR(
z83f+X_f-8ZEh(8W&$ILFA8WaP^<Jt@ojP^u)Twh$)f+vz^SL;RqWEv(=GJ8I-e_yQ
zH{QE7-K$IeauY>cGp=}G2~Wt#Z_JaDUXWHS)m0RV$9uMx{X-sPd-v#Fcp%7o1i_cK
z0(<s^`gVI*mcJ38Dv7q%yLZvnTIVL(ngn2!u}b#rvC_$2V3zjoZa-BCU$s5vxmu(o
zxfoY&`QVc~pWU+a`6qYmeCCD8EjuQ*?Rs|G2fwrW{-?KmaN^m?ZBhB_<QRBr`wLHv
zZJB)bxoulMux&ERzh1s4CqA%q%g$#%yltoD`?@t+K0&Ia+n(PwxMSjlmp-&*=eEf$
z+ur~FZBI=;yKCE)r(Sq|a@$LjQLG%d`y5X`{q&Y+wmtduwuvpzJ-K7ct|zy@xGh?!
z3^ku&`wJh4()3vT#W-uw=e0P=7A0w|9>;NHf3QK4Wm%loDruUQYEdaIm6DtK`qCsx
z(xkss>Mz&J<tWOkQCw|Qqb!b-YB{P@vT`NLN{w<gP9gxNQ8ik8^DVayEV-?8`(VA4
zL{U;&ur!IjB`GCINst%3BdOm}4Ae@MB(7BAEX^YSmr{477Dd%8uJV(W;vF%_q;Zr0
zesAoirm{xmud=1(=e9lf!o-J?sQlcM+v$Sn`?B{>Y}*#SxBQg9|NhFvHh=Yx%UgC%
zJ~=TNJ-)<~;)Un8_|jV}!;^IHPsR&7?{+;G^8Zx4sPhn-zyH|}yg0Ef`gDA2=jrp?
zKB(S!ULEto^U=Y$Tf@^YeDL|5li={&mZzVbd@}m!cv+`d&%18vEpXD#ZPB6lmQKDG
zcl1K|nYeZRo9oKY^x!bDZT!V;J0}BU?2P_Jd~*jv``!Cqc=|)p&&9W0_hNG5$!E83
zo7fq>KJVqu9WOk;b6W@GXM50{*cM(I%+JMvH6eHBO$X@VIIuQvpP8K8u|?h1$rl~z
zAu>%AyKi|4V$xNgkNY~fimAUC_jm4}e&P9T(Xn_z_rbR9+bHv;cyZ?uBzbWgH9bkY
zzuZ%H^4X`xqT}s)pM2l5TXxZUx^>ISE$`m4GWz+rR*fSUH<AbbVPE`?`oI3e^o#I%
z+{mJDjT&E$6UojZYR1WMGF(J19belY714?)TH7CUACI=;@G$N?Om6frz0t#Lv>7*w
z*p<ebaXPGv(Pl!T=S4D<M6JZ_-B~2=qc88Pj*Yu1(wBrn!*Z*3YULInMKsp<Qk)9m
zc<;AHZsk}jSr!$^NOEto%$+(~0$elI1@MZ|dlKFi={-r2?4`zNLpIFweAGonJeD_j
zNBwy#z9(7E^XjMusf($G$BXkmCDmr8q_2-QByP!Q5v$x#vcx}M+GxgB9hE?{0#F%A
zW;MH&qsyYkCz7(qw}W*Nuy)Zs$x@&u_auwk$d>~0c|g8&Pm<Fs@!D+I#nkoDsjQiL
zWESWBt@1s|lA`Qx8f{jR;dGdsscte_Ti-}8X6~j<{g9xjfVmz%-^$$A;_aj0wkC?m
z9gj8BB5TILZ20UvEy|;SX$g$aC+hGvF4D1lz|*bTqRpTWajbN{AZi%$pxi?WBaAu&
zQv70^wMjweL532YR~m`#O%{`+_a=R9GE_YzY89|jQN1Ur(zpaN6lt>z!W9uA(|yc+
z;_vD9A{%X0JY@h{7=bLwi?Vw5YMo{$G>}$iy75R;fsn5F{-YGNdZa&Es<e^zX%VS2
zW{;K@G~AJ+CH>u*Qux^Jd(+4r=Lvs28Hx3P0kmM$WxJXscgXm&MF*;<{6Ar_UTkSJ
zR2S<xO!0O+K9D4g(m;~i^Qzc0-)Kxa_mxt<F&%baJzCO`1fQsx@R#w&C=(1fW7QS$
zrYzJ2+&F*GAZLvKq|AuQH@OpF%wGrNzD$e|k2fm<SX9>b!w31MzO-Q#91LJxvI|NV
z73y~y&+()yk54j`$6+io(}tXp-j_5SjpNQ2bf7-w(&r!TFXs>4-UkjoA5EuTz#ta-
zq6XbUOVmCW0WUPBnMfuS$)o)-C|Ofnx=uWhKitVO4@w05W}H7ndyr<0Hc?cF3R18u
zQV$3yscQGnbd`vIB>u|2hf<M%PAnL(5j<349J@Gwgg&H635e4pzLSesMPirmHnd6O
zD{<MR2p~BLXIyPWMGP06`H{@^=WDIaWvfDR45~vuk>UegiN~Nx88oRMH0iuSli8q2
z!=Qn&7&Jw~SSX2R;&sbl!U_C6tJ`QzJ*zh&_xt-Zw@9e`U=r_%_b?<Vy64`s%2hJ*
zHvcVnrIi+O`!d@zQcOdDn4}f&+1*NYpXd&z*t1&$au4YGlDm1XLDBeE^Mzs|5szeg
zc`6&_s+lIREKK-U@mQ<s9^PoeucZDNhjQ^)k&Q#Yc+CCn+v)g3vy3coF(ZsyghA>m
z<3;iy;xBQ@MzP9@D27#2m+o@!7;mNS<(I7<NyyZ_;%|zIZmVweVS29O?jNWAJH}mk
z68La%$qU`o;4P05p#17y)lqdHR*6(4RE!doTrlqXCMQ%hZ5Pc#(Ud0mqH(88pUPCm
z-J;0}gQRLzIBS*~P~PMb5{WKb(2$^gJC5VMkO(;usrJ~W>LSrlfur<%fj##G5GBBD
zDxO#q#p+2{-sNU>$Jm7dMK@^9^Qj$VJD#o+gtvb^+B9KQMDWlDj3k?Sn7h@KUZAPn
zE!yQS8_;$Y?K%^C(6_6Lgrgyh49Lki@J%-ClrweYoNEJ0g=-rSB|HKCJnfE&xhTve
znoyr$CP5o`EQn2nn6!bCI}?Se1QEYE5pzw&YE!Am)<m1gzyueQ{M%?0o`usG*-Rkl
z2h5KoeG&(z55Neh6Iq}z<vZ9tENC6lJ_Ix=3?y#`ph+8O;ekqv0O(Tjuko%&tlbCH
z(e4A#^?i^Tw_8PRqC9GMZQ@g{N22}u5qr=>e9&~O=Oc!^_pKfFh^_XB-6y7(5bT9j
z?sSi;D))AeAP>!l3?)6}l^*hthrGOD;uTr+gr9)v7UKlTEI6x2k1DyjNZP~sdD=sc
zWIzyBr9GM8lgO-FXWLv}E$Tpoo+Ym%F#MY}bsb$Vfj!!)J*t5d6bYs;<WF2=gUt$a
zOhq@7%?f#IuxO*Ga#h}rECtVMkxE0Z(6wkv+f9ie18@3xs7GQUNaJ4_PC|xunMjU`
zns1)9xym$2>%QC6aMU6i7B4eNtrjI#8nu$r`7KQ^!EOGDty~c`emdz61r%ZmGq9G7
zGDDz!#7Oq`)lmCN4{}~XsE)=JDhiWFtR9fYrR4x*LaK~4BXL6v9=Ej^XoW8CNtXF!
zsZW;pWU)#@qX0lXp!Eduw3WKs&`2Gmn}nrjZW%|Cr0(YR{mjJCP?AxLzp7e&t_sZ~
z2i?%C-JgEkCa+i(5BaK=y8}N{0;eTGkqfku>J4rFb=)Q^6Q`$4-lhUHlE8pQqDK{a
zNWO~RL-Pr5#IUxkHF`|+w8!1LPHKh65?xnV{^TdRSOQka_PGNe<CU-!{pR(f-Y@pq
z0{L=LqOa+D&)RWQ<bH&ixstDgiQ@c!%-2Van`vPFEli1`t|XIS|95Ed?L94qgVf@S
zAG=YD+x_y*wfH;Yytl>sd$_vOcO9;7b1>C*IM}cI;A#`}a8=-7<3lMF{-1SWKMdVW
z^q|d{F!;djm823Sng7A26lV!{X(_{oBP}*TU3EE0slm*gpeQ@01!;v<64*ATskgLX
z!5qD7kege#^P+dugdPsVWwGyQRAfz3wp7x9rOP!dpEy`@2VTv@H2-{QK7SE%{T-s?
za;3ep{NLfJ*R=>fQi93dsYI%#4RLt8wcws)roGUdDT!QxG;y1sq|oQ1`8$wfEbt;N
z^`!R-#UrGQ(^g3;N2*c%?d$sysFDz-qDh5D{g+D8rg<AY!UW3qp{bpEm1Pjrm*OX}
zP;)np4OF9gjA<_`)zDyI^IKH!aW!Lj3^kp_rm7y+(>Ks*eNlJQ`hG*{fo7>)&v(Q~
zn6ZI0s>Sq50!iIxUS;@5@M~Q!FonRJvXaYC(a_Fm5u#mC@6(zhVeRWaM=><YZn2dr
zc3L<w(WL^k${i(B+=e@(3~w6T<sNRrZ0nAZ2l8|QtyaD>mhV3D)rBXfiJS5}Jbt;}
zpSAakdEZNtbE+PNrc0B}%6wjrPe-Hf7le;T?y)vn8<b<tz&!-GY7d1ks2p=_7u;55
zzNp9N0QZZ4lMR8kKHUcQxN=-Fa8CfPBJ8JQrvCiayzUz?9V^deL79q2-B-Fu?e7q4
z%JRIWJXeH(>ev^%UsB$7RWAw56{~7D9OfB=8T6`3U8Yp6%^5pdJf6ZD;4T`lQc)AY
z$u^{C1Zf}dhm!3et+giz8zW4s)NvZnVYB0g+I~Gh0{XxFsgjf8K-o7ss2#C92b5<<
zW%c&xHR#V+p4Y6_*IA@=8*otN4pOeufP=AGa7fP&7`)JeL!BBA7_=FK_8QO-MKs~|
zR?3{@Y7DIZSp!Q?QzuP2dT_9rlQK9LBBlD=8Q#}ZxLf+s>t%*uf05hz)?Ln|y7lKx
zUeb`MlE`(6s&scbYa#4U=#Hny!_$4G7L(?=aCZf9d{o!uJff6$XG8i1=}<CVYSJa{
zVm9h#jUQN`4kd48?H;;lwVWicn*$qrdnxmI+j-_J&#b|_fFX#y=g8aXxO18CJ}nq$
z42Fh1wVdzNa>jDJsT`-tQ7`&@j<cN{r?VF1Ib(IanKk>0nn|;w=F;t`Fnc$k|D`T@
zuEoTUUYoeqn&>ChwbXoGa8C#$(w~(4MN9R|38Ul*t9{O3&t|B@;C2$V-a3Wy7kDGe
zU8Hm9o|=mvK^m2ovqG-Ay$^C-l?{iLP28+%)?wsP8?2Hq6s-Nw$HnV)Ii0mCT3D=~
z=#R;EQ9R{d{wq{jmI#Sy=7!Qm<El&LLe?aVRRCD9uAgyCzoQ{5y@Y*6J?lR2m&<FS
zpVIg{=h@!<R0;ba>))Pso-?4A1JDKIJwWFI(DT;;{WSAPlWupX1K>~32RxLVu`)x+
zn`ZYLN>0b#WMh4BP&ge4v_D8uHM9q(BS!mE;+YwrivgRpO`0>FFL<kdJgr;@JDh4f
z^m>Ow4qDzb%5wln9UeN=$#KAV=qx#glGorN4a!6s=RxKvNOeA14{KChYyF@U%7h1N
zB6KE1Vd|OZXRc{LWli)MF&O}_q+;@`VzrAQ_h-n>o2!QCRHxZ=Vd|Oel8htdxX5B(
zN=XGadXV2@%>AFyqlU||cpVRZHr_BXXj(3~gnkIbq&}{Ygq3`e=N|+`;^AKnJ#s}o
zqLtSCe*mtG4OF7Il$MjsW{fL|81k*Ru4Bk6*jEtcM!Tti{?&w~ub*htV)wP{i%lC<
z_F1t5q1b*}?ahn_t=N_8iygFL(^hOI6g#A1)?-Jk*nhdc*bytX--;a%#g3{NhD;=Y
z6}x(Uu@hG8fEAk!#ZIc2*-TGcvA?^%*l8>FniV?}ioK~~CIQY_v8n5a_Bktd(2C84
zV&_%N7@&B>y8Z2_&4Wj*M{Xb@j#!Tz!r+U1z`Vr*xh*1&(=p<!qe)XUYStAI#?1!>
z5`u`E8#1VN<<3C^IwPP!<R=K7nZQwp3^H#!LPz}XrUOKA{51o7+91Ae%{>sH>=)zM
z%D*Dp7R!D!whRDwYBn9?XEws3tN{^>ES2Vf=)>4Da=dyySua{WZ&ch;wV5#%>bgW-
zZ9#sbQeeg2fd54ocj#~9;EQVMfLbbA4P4W*b6>w@=d8w)0+o&VO6NkQ=heUnLopbi
zHjMXOkMU_Mf24x??Rh8^ezOPTqv{DTjtddz4*dm;8=-HgeSTk@`1%;1uo{mW%Z&L-
zXG5hYyBJH<&T3fe;w{a6q*uz!{k2UXQY)%s=nS}kM$vZE$h>6@J%M0C>bhT(cG}hr
zPS~7t!5Vl{>XGSqOy%b)=s62Fn4FyrCBNFMWzNQ$@y}byQ*pCT2=QQ!a`FZAd!K~X
z`Iwir>P_7r`c<zXd_r;=#80whW2K+kN?#5`caU1<Ej*S;w9S$q!ygzXX3(YQFhJJY
z%D*|+E*dhdmi+RNRa;beBQOatw4%FQk@0BATZ7GaOB220R#SN~?n=AN|BBfZZ||LC
zggxUTk)7SBAx8(yE;BO=S61_KVn&T$XZdSxR&%tn0?$~LW}3d1l92Nnmu1G{MJQp=
zWclkV&D8zLD=d=d&jH{3T@jn3YH%=$lQb)pE7e-P(bqq)AYZuXCPis1x$SnX!c+Gb
zs-}+{rZx99ySdH3`OkK<q~S`u`CGfW)!)3lPi1cLHy^i~n|+!6cC*;OIbb(8HC!10
zKWR6M{LMeJn}z=7XYD3$xWjhA()~+zG0<>dv5Wo&x_RnO+D%`>)w%f%yJ>g`zil`5
zh8y6`@7PVv<MZ$B2J?de{IT6sd{Zym4HgNt?l0{IPSMR3yTLjk^8BscV51OuKKe1W
z8+(Hqw9jskbD0^xXIZ#qMTR9w7K|l4{o#*g%=AcftWk_Gdx^W=SU{#afSPgLGbS7<
z?%}l<#T>q;<F0A4W5nq-z~L_PX3Dk+4o}C|H^DKD1mh!2+G92|L*)%@bGP+asyue?
z+^bznRi6iv-^hY^tpRSj)MyWf`Kin<QE<w+TV%;g&9KPISvD6lO38xKuTf!E9zRet
z60niL=6JAJO|-2Ux3AaIf;HW3T5m1ml4Qsy1$|M)PA0zv&l&#dq+E$hMpXk1Th3#W
zmCzrzWqmDEPwW;G98hEo_okd=I3AlxO698FmAxNS-hYT;PO(;b7Hf<q0aOFT@g&vU
zv1za<O-LxpyGYJD(6J7sMH<*;E7$b=W}mDoDne04%o<NBLJzU<IM*c4_+&MhAW#gW
zGV@9zLuO5&@wX{BM7~#{jSPn%a_v~M-6!`^)F#7mY0r>Dn9z7#lRTiLjiM1}gAii9
z=$V%OkTiuP_^S)9`oz}eYFk1=br|PNmXVlg|61$4F?uQs#IndsR|r<aA&2v^hiE0p
zjEs#TV@0A?Q<$0drao?_J+mEq+cP=;!dtklp-X&2ml}V@no)9OJx<y`YddMVKEm~_
za@cbH(I3s+KhX6%5%WGw0nFUZRNk2yG%MUOZc{?z3rUZ4+}z6WrXP@E;&A1MCT_T%
zp&4AwqM=bcO7KP|!_;Xt!O*((k9>`8;n+Ye#iUB;L6)E)V;uGRwHdHuSVTx!!?D7t
z0~nucu`KdxiC3ww&xvWncNIC|by&bmkMy(DVjPLg*Fb7hvWThnAFPRF>^FfB2V=dP
zK~*&pyQmSY^Dq&u^XAy7@mpD`JMhDxx9}Brt1vCeb{DaP)1Wuos(7BEJ1>%@O%y2A
z9r}SzZ2<tCDufQEX_T-aFf}3aaXxsI%(6`DitJ(8TtWF3wQs2|<&v>PA}ASG>+zDW
zM@CGzcmgX0@h=#qv+d$S##8`Jx#hmxkW`W`=pYVY^OXj$$;9%*C89G}75SP$XH`+o
z2T}il+^T6Hc5qtlfohn_V9sbR$>G*{Z<iXU%rA18`CPihvY~;LJxsMY{4>8iCWHx>
zVMZ{DRIPG8q>1P;V+{1`a(*XoAqTw9d-DT}B#(P6wkluA*Z~dZX&#b1!^n<3J4ELD
zfp^bMtJ{qoyiZ9+_?c-xQgwaCU;9cn2)geA`9i60vzIP(d<67VtTs=t0tpisjr(lq
zr7(gbQOpa`6&tC#3$a1S95^98fPvtJL{ik!#)=4D+v}JQ=-pN_whIW!nA^H>P@u%z
zldX6cDS~^v@#*V_`Mkj``yj3EI8wskroztnuKMxq2Xv1^#YVgL^Mzr)2s3^hM{!z8
zVtU<%ZzO*qE-s1R*e~JZ@qXiq_6XMt#s4sj`88qiUmd|rB^hlzVD7e_5ge;zEO(d*
z2fS%(+hKaWV>)j9=zJfOmw<nN(wLm<Ax$7k+q2Xv$>m9J7A3hnk1xar0vp`24v9sC
z!215!%eh`sMYuF#3z0OcSpO@6DU*0(U?bLOio_ZT3VB<s5l1AVWbWs?L^0kiVives
z0eIpv1xXj_B?ls|!zaVU{+YTTpb;7wxm6NvZRJeUc{iNM8c*Lv{=(cm9gSx3*gz6T
zCXP*jBV-T>Xq_6S@~e|9E)?2_s4(?})LcmPt{+^|JsDhL)MVU*nYx&g60*ENS=IaH
z{!tcGR6QEfBh!d<SNJ=$D))C-P|XUK88ykX%D-HVbO}-+@qXtd_??Z#63xT&)ZXjI
zc!s}<nfl}D{3)Xwr-H75%$0wM7}jfNj3Eyl{}Ln)l+}>FUQL8Y&~chb9$ePBIASx`
zBoam>60wR|(exovCCBzXi3BrOizRz)O1Temd}!RU3XuJ`7{uAb`@TT}kaV#WH4E`B
zO%8Dk8)wLR6qb#Hh;wWk=r%UsLI>)))|T~pP2nMR(&J14qPkhEB*O*vPQ7_T>Zg~^
zV7(HoNYovnAMl)cuJ+oI^@EqlV&Wic%f24~r&S05G|2F3(GkBle;HyS!yQe>7U_@$
z3F<YSWL_MA7lyD0?>*E+ve4#l^OkmW9qXfkEQ;eq+O(I4SPO1n2jOnU1P@`P3PK>$
z|BiV5&%|OwHUT*%Nf--C&{6V1ybC_Q*xG|+_pReK==e3(!5$$-_=g|2Z6T(0m{;R6
z_{oPmWO|S@lBLy(*EAl>#&lW;3N*8@InRyzH0HA5(Bx~_aIsb^(i-H~5*(A_;uCp?
zX@JXQ#7Q)jX;=*^_O(cjaZ)Mw^ih=vJ98WpiEQ&5GdyFxO{VEjcmYNTo`yWH7W;&C
zy}BPvHRl<J7=a|DEb{sdI>N_^6I0VMUm!~qAl4RSO&>O3^u=xiFl%&Ik!_1{Tq<fS
zO#^%Nu8&kfV6C@E6>61Oww^OUaw-LF)8<zmx<4@W-Wb?SMAic9P1#Q@)MH;yWLu{{
zEnrB!gTPoePY$d3zV8C+Lf@M3bv4Xe5Xel>qNe1lVVtf7JBb*a-Ly@SkJa_u(5Y2)
z5$odEcd?WZGOLT3ehdV}UxNFb&J+kbsSAP(;^+LGhzzrZ#sasNkr1s%2bkA~hDnFX
zZOr+uBv!B^rk7DCuZEZywH&gcG#7ZJlSxw|nF^uWd8k>0hZgwXk?_VhiTk5&$C!lw
zo!FbdcE`JYOqSR6krRDBz_7zVUO)f_9y9@Q1LC)(fm>jtM-U|6mSn#ov-!6r(XSAL
zrbl<BRXw>YWnnu{A|jUs*=9knuiD_%JpadCyt@)H2#fM}6V=4x^}ACIGmA3&hb#<z
zd!+0n?#R!S6zbqt^|;Y($!;;2^t+lwCW)NXiu+aWuLo%w2=n(DSiS4R-A1Pn7Uuff
zJeh<6Cc20!@xS^N(ISQ_4aJQx;(NynLHOTz;938s?ytLavVr&UAT{@RYWzJKvB%?m
z-9lH7li`lEz|~bw*_c+2%w>hXo3%CHwT!FyI|-5xZ`MlL`>r_hUMjEV(PUAAAx7Kp
zPAs54CPZH(`DO&ov9A8-ZPD?u8<MZ_vHw>H(IG=JHc*lUw<JS64eC$Zt&|j9>4^{@
z`?cPu@AjmKkNtYvK;X%+>hD1Yctl+L``zVSAj8oclVMZORAK9Yk+^4$@MGNg&YL?J
z7cn7TcQt+3qzyPfMvA2IyPbIl`R#$R#bsHMDq4T3SXeV<fQg+&<IKP=>1Y<$OtT9+
z(=4@8*h}DCsug2aqt<pYQH7?6&wc{)ANcWDyO@HJ4%I<sM0?!lK1ZI4UfP;W3B#+W
zF|^OC8VrB1^AqZyVZZ761f~eix7N9aG|p5JNlZ`6H9d9Ap3*%1pjBiNuxyYdngJzv
z%xn`DKGd{Xg0hM?Srxjkfg=$OrXYD#S4mMAN><`lAOhRl{V4Vr`7ujsIdzdT13oh`
zdCF{Cx0rIw{HUNUW&8LKW7%%g#w-aK7l)GNR&@bgK?7fmk*<)6x|J#j=9aC(D7dU$
zc!}OV&0F<`U@Ub%0`RiOfnY&BTg>_sVBqkKx{i>68#aGCV1~!s@sDRtk#|}zx2qXe
zH9L53f!lz5!2K54^7i}HTJub*uKUozBrw-f&53_rve1t%g<mqLSlX;pg6=fGs|nU>
z8#Esc=KF$}3-mTxkN(=q6oZ2GpC`2H5tgyyUo-;3@bmw{q?R5L$w5>~eqVu0!mOT+
z#^1&BS48*(JO_P~W=F53hH)t5C2%!=71-;|$ZPSo(5+RHk(|zQecMM{%raG0G0H?o
zkPv1}A%-osGMR!{S&HGMftNO-m1vKJt(MUk3<CD^D$Iu`gte=Rst(F)_(6FK>tsPA
z{wU?&)ATBtkvBCp9h<-%yBhy7_Im;M_+b>V7e4H%NgftCA62N1Z%sfxy^}hrx{V2}
z-YN?Zc@;BW-fJV2r_$UAp26U*L5mBO{T)I`83-&lFTu6-^l3MbCz7v+40fBS9<#(i
zp&|+OM0%=8n~?$uRSye7)dS_I$Eye;-%mICgRnq{;vc(-+QP$hkhx^6RYnOZy8^$f
zto@e>vy(SP0t7Xb_(DBJMIjc7EA`Wb&XYM^c~RP0gn!pBlgbK60x7pw8zNPfhMSrL
ze<t~`F=r$hWOB&IsCRD>yWWP;ejoH$#RfMb{TJJRX_{q8saz}7tMz(?&`nVx$?s`N
z+KL12Y4yLizrW}!`u`ES9Ik$!;qFd`yIcK__4g^m_mcs~3S<~nu6#8urF#q6%r4W&
zp=236TbA?zcKfwCk>839E|y)yP7D8%CRka$H2h+_1-Q9(h2AQ2#t6Mt%{rcz+WY!(
zw-ojFVR_L$2r_d26mef9PxF9=l_hXI^6xInccsHkp52wM22@$X)HnCt9vWe1FeR^t
zS^^7ngNG*{c-%FL#`_4dCBw>=uU`Gc+lJnfJVm7hy88O=ZP^$F-FsW?6Ot;MZXyGr
zt7T0lK3l+Gq$sb59%9HtiVZ%~4WS?eJd{cU@fGE_7uAPQzsj-{1c23ih3|r=wb|n;
zv=`8=tpUOkxLFZB(_BCSW;<VZ(JAm)D<{4b<FpEFZY?B&NfC3{Z>tKZC>9h83$~%I
zh#t?sr^UX?sDaueG>m)RDO6Z_I|OhCm3Mhy``EvBPqIINo{ELcG<Pea>DaKrsNBIO
zl$jJZuZ1Ezgw25)WAjo68#B|N=~VAKcSO~kjXiCNzN>g^zM?2R;>*F=M(OLJvRT7+
zMt5L+Bs@KZfISqR9VGSPwl-Wk5Ke@=$7A_U-q0QC$?)_IARG_Rj`~quaXzgwx}mAj
zZ>ASBb;awk2GgkkWyY|Z<!%Mr^=)kVU|Wq0Fj0xuERN*OP~t$W+4Zz6R@P!DP1%Dn
zg1#dAY*~|kgeqobiBBPPl%j}A_c!PQH&Y6j(#0%;1$Ue!gZ!fvzjs80>PS=*b>~z$
zkj^uW6V~Xx5wXLsXWX)~6*1an@Atj5vWRx-0T{8U_A5w@E<e#DAth<&64@9kjf?5L
zJ?ZIiqRBlTb1_O849N_qm{Wv?CUvPi8F9oV-eAOD2a$z?Y+0?0`CYbqc{Ra=f}<|p
zMG;Lrv1tRX5>_A69C*#OcY!Liudg5`$RKCbX&1>ORt15MR=rgbN`Z-0p!v||9A8Cw
zkogGQq;hZ_@L@W&%$k?!ya#b5X@QMRvc)Vpre^t8ApjH_L=v!v^7z*?b~6*!>Z_=!
zEY+$CuC*T&O|B?CL`HT3<BfmFLMFKw0~y|og;20E0Zg=up{+P;64ix=i#%C=KfO#m
zmqq{S85_=M0*}cD9MvL$sLVV?uPaL0&{uiH??Tc&v6$aW@LExQ1OrtCh9-ccNO9m(
z^ltdW*&iJ!jZL;U&q4R`2D6;zdn6Ryuf)y)XdJE7yK{AS7H6$I2S4~(8{u+D^Ae+t
zS$o#c+U*$`zrn%wjC{~$WG(&EwG+?@Y}OIIoDj#XYZTNd8SegL!u|%ca6Qt0HVMZ`
z!aQ6mRZF#UtybyG8}|U!=HTyREOh4PyTjAF^|X_BRd~AUNuJuo!Zhp2W7FM|=76TF
z!elH<3=jF;NOPW6pG2aQ=1<ZbE#}LtT2#6{N!wnL8HmIt5tB1am_TU19+HfE9YYv%
zpk-PviyQa)qq`!yD_YA-)D(WyS#YIvFBn@%N1W4<?79I+vd&K`5*@nD?~-}%2+&nA
z^6f4Or=u}<={k@mU<hA}>apDKEYgP%qM8qTCfGboC=Z!T7AzXHK|2+WbF(7aj5ZPU
z1ggN+7xLfNVqthP<X_#w>2U(YJ*tHDDS8i;006_Lm<e-YmI6M^%!Z35MD6A<1c4pq
z=Iz4eRDk`AaG5n+b{H<~TJi1e7I;F)ycr5SE@V#M7@4gdWH7yyZBvUUPM8|@+thG2
zK$^D6<c!sQAZDH~+eQ{o>`-F2Xf6#`bbCn)xpOhYRS`Vu2naA0=fm^{g8TP53Sepe
z6vEV3ideUPTZwSr*_P%OyMi>=LanGY{%L!aCJvxc4-OKXOEF`jEE%SIGnwNNT_%~t
zI!q`^kcR3H^hG7IV3x%}N;hePHe#f4Pvmidmfyx=L0w$ts!UV?p)(T01nP_vv=fif
zMEZApklCj3K)@<dz@g-CMl{y#faKs8YFA>hyE?4|5>PikR=MzOFoh(KHV(#+!TrQ<
z|M*vSZ!eOa?v4ND>V+TLsQ@M(XB%Vzh=wSejD}3D#O1rlY4QxY8q+drlEtLamN697
z=CCA==wZk}5#n{Ag59x!uzd$vz^Mb8Kr4LefJW{&*pd0;gx=f|c4V&8j!c|q-O(Eh
zN8tyEe1p|#*oe+1)yt8q=NlShW_falz9_2@M)JSbhJM|u$fy(#L7n*`vCcXPgZ8lb
z!`0V2J^pJSxb4m<(wdwuc4vQvS<sz6TFRr_1;(5{4c29>$+r0LPfD^nPQXo7COVNq
z`|#UGbUbR;c1{OdK@xvF2HGm(WOMu0rF0b!9)@Ne0yo|fg;PFw$nhZRRZ!BwAiEIi
zjc=p+c^O*pE14WC%=zbsG#(1vbAL3<Vs3p4O5Pu_tUhRDYJw^RVof`#M*EXRno<5}
z2Ri%~jrpC~apUboM{v#i$5e)s+Z!LyDA@96W-BRN!a2<!aWPh=VLFi!B4vm~=Y1^j
z=jkLanY8sZY&hAB#9GLGe<F$PJd7h5VKk~pnKwD~1GZOgDMw8B3`cvIwb5taIY7!y
z4fu-sKudPZM<QkFLBxxP$f80_fV79LL6HdpT#LX#p*!OMSfFCnHKv_C0ZDadOn0_%
zw(i8q%y}gY2ed#tdL@S8Y{M&Uu%=^~<ASEkS`vvSe%L4^oe?Zf@Il)05XlMd`R-lU
zbvyz=+!51Ae{hV>qG)_q$QQb~B^t~K@vlbDk4cJhivz&Osn+nIF=XRMM1VjBk8T1P
ziysz=5NE=(@mla($N_@kDMoh2^8%UM8;E@%GqMl65LAsch<#K%;BoN<dk;z2#%pq1
z`a3hO$YM#KJFl2B*C#9Od%PO%?IqqI#13CYvVUtt?`6aJ6K#=CX@+H=eqfaRf&2#>
z?}aQNjTaN714iVM`?gyL-p9v~z2<i{HumrGe<U`P^C#>mKJp{xC|d68g*2!F@V?`H
zVW?k+z&~LCU9S&%&ngyf?@lj9y`MSh_?Z(uSV9FXZLaY%CoGMOe}bP`3=B6}{hh`;
z8sAFuACQ?%ksnKTwU}Irbg)^ax0z4O6HI%hGT2DP3T!(WjeuAf((PI;^o=T5WeId+
z@*-|ke1~t->LavJdVzKpQ}0qOvJ0Jfq?uHEFHx%(BBw>xsHodfL~uEzqlY9gtXSSc
z>Dg}26p$P0q_1U<XH+Po6~PoRhF@LlXIi3t(hOg<L@^pPXGr%lJ9dq;iMPD_Xfe+N
z&^xHvP0z8$b9CMI{QHoQ9S<4fSo%TKxDtGszQ<sF-(wW(#PEA(gi82s5y|~@i6L41
zpT8H}U?kfd!dk(5y6Ihw65?hhAiEri1rb|$ha)i#o7=+N$Pg<QbvF%4Jo{1vPHF-Z
zuL4`K50+>ZWkbdi&+Hy_dq9CFApC&R$uJBka|oaIOnxz|%@_N+gNkzz(nPdTxYRNd
z#YXr5r#5Yk6^xij3o|J)<J`|6oV3uV{838zc}EJ}aypn~NECu`;xUb=b^&nArN5ss
z$B#OCrKhc&7)aW=_K6ec>_UWQIEv{lAsku8KdK(hliS5+OIjgXDueay-~pZ1^Y+{6
zCKy-rV9PV7J}HKV+_;9+ZF&>BZ8ewB^*--@k;b0hPAP$i0U<=WO$9^*cHrf;3o!K(
zjyX!<MK}QpzkR4ICJ7Ue{5VFA4L*4QZfA>RoY$nZQ?;Kw3<i-(HffNB_(tq13=!L{
zWx`0Dz+g4Qe1o@E<gtdE{W1%2VRniOafmz3MHmOXc)W-te5x)QVH1sP);X$Yhm1vZ
zXIdSZdhJinr+Y`H{_LY~*LIIg@n7-Spqu(KbmK&eFPGeuEYBFExtu*}ml|7$2r<rF
z2>X_!0IvJJ<i?!ViQs6<$7|wnw9Vpr`8Yog2YmpdAqc@?z96iLk5c}ml}j9QgaJI`
z7y4cpQWja&V!5%MLvJJu>posioS}ymlUe?iL?OV4EH>S(CMjtEmT19L`0J(W#brg+
z+}14ODn(yW?Mlf6p()rJ-SX=8NIH;|qytlvbnqCIRMv(x;`xHl2YyJ{u5Y~CviZE$
zoKbM5DTKgc4qFi|ZbdqHj$YA5g?N1XXycPTQ8XQi$CyIWEBdD+_<{uO2tJs}=6rYX
zliopz>}QDXI|Q5N>$F0<`eP+m;?hRxo1aoH#xaIDtj}&mzJWHu!V;E^e5=nz*fhDw
zgVNT1hE30&p@DlxUx0|qZXFGgf0P9lSGWq-`$#+P^6y3@$^$H+Bc~JB!b`~HPa3XJ
z6+?yczR%~aDz7vZ^7dI?H^hP@%D1{T`3Ab%4wwAH0|f8*w<~GH71k`S+Kkd+&CM~m
zFU6|oR!+dLzsu@6<9x|MLD6`n1=51UxqWxCsOg=BY$p)n@K;$by+gYbPI3;@JY~Fl
zhitwqizBi*bMKN{ISX#(L$Rh&o2S%#Hp6+pa@OltmKs5Wj3r9$TQ<SI@K@DgxSM=f
zyez4}?ik}b9~H{`WwMcM^-l|N=M!y4$AR~_zh0vG;4yy<8*S!_LJyFTf0%@<SVAQo
zR+9kLVmuMhniaDApK8eP9A;(aZxI;oWwYgMvopkGxWFW>6j!d8nG>fFdx{P7+EvC(
zU<*26QGel+r+vc|ORI|g-29Bc%ee!$?dnJX!5RqJe2ZrlB8Y~PVKr?Bxw(Eo&7YJQ
zQLTk#rT}l2>t`8*y~I$@e-Mt7gyvZx>Op6@B9{>};jfl+n5V8*M61?B+DSvs)dH@~
zHC*2(q_p3LYeS%bm6mZRmmWOe=Lu`#OCUzE-6WKl!h9ea?^B8xnpR4it=snNrY7zH
zqXUpK=)#ahd4N--AkVfn6*7qmh}T5(u5M`tC`2fNr&;5#62vPYU$;ty_z_)!)r{3>
zhEPN6AV!{!1Wty9jv2`;^Bc+x?pWWL?6iFL-POWrxLuZKWHagrHZpr|!nx0cvww%n
z2V<IA(XT$lhP@(U%AIJ{2SwP^23}^hL3QY?Zfh7Sxdn++G3Z!<MvqWuD!?RW)tOX3
zgYDRhb@?vqy<%ObzCy$si*@W;RrQ&yVnM65W7kx`STb-p+|24tPf&$Xs>HFNj&01+
ziy_54#=YnPt><)u`I262*<7XOT#z*lBbup@vW>S<gE|daNv!W}x0xN0F|ST3paOS&
zVfo}>aY2B=I}?)ayv^jFCgAYfwMIRIk%d3;TI4E|_+CiaabaoA-`l8YT+XgJJ{A#o
z2KCd&6JkUso{-^<`sq#R-*E4cUndbXqt%Ig^L}mQkHJ-&?199wM2U$(PNOVKl4yBq
zO4H(oadf;Q%CXs1?374|VXg)hTodIUc%OiypZL`f!_w9$pexmDDMQ2d5OH0=TIjL<
z#d6I>phjk!*R<PS-YA*cR1NAFOo98DZVf!Z>>|viNz?+PXqS?zS8XuqG7ozwRAD%2
z5SOK<Xng`Z01VV^CiL|fo(d+%3)x->0&*4H!Z@_f?-Ef#@kT#5PI6ouBY6a3Mh0t~
zHGlzWEoebyNVt8}#w~Esaw!)HuER+RN_ro#!erQc?<*_B-W&Y&GPRc34nvNWMvDiY
z@pTYh7>p!&|A}9WvTs<*C}R#0ped3Wv%&(1#p5rBAR7y~fZICiPkZXnGS5#ZiD}6k
zUEJi@=w`%U%sk<B8RRi?+bzZsp@%fr*4COqB9Yxs{-fTQStLvr%OWisq<k=MjMS%E
z*~r&8LN?uf7`>rY(y#;y=*o7ravcs1s*<jxb%Z9A#+~G_m{gL3(tt>(Lwfd*zkfq%
z<2MpB`_R0O8E<uHRO%;ri@9DdD#2WxXgk|fp`Kz|MtR-~!nm&0*{n)@0Bi(8#8Juh
z##^Bw2GjmRvhZB?pH=?a)UcHj=hC<m96Q}$JFa0K4@7O~0D<~u^=!wNS?C_lI6TBY
zw^}NMwCdByuv!IM$Br9rIxrO6Acb}hrJAT?fny@{8J1lW%m>QwreAk;40G^GEz(md
zWxt!va|uJ(85A)ur5J(e1afR3SB9jAb)*!pb{HqxzBahgokB1q!u~fRnN111(S}~L
z8_02B`!QeAb`OqBdO<@>le_KIFy8nxRie>sr-ax}m90`>r(m3+<QWDQ$<t;6va-_>
zg*0y;sfACb!CbpMV%wxYFR3h!V>ah}8pY3+%(+E(a$XX^9+K-~y{_<SwNFb@UNR0r
zSUWI@<2_x{Maed_pl?t$LqR8^O#hYbo?a6@Pcd~I$)BPq19rK7R`#~Yf(Fr0LU9fY
z?i7EHa>h+1_n&-mHh0pm?cx%iMuR@A!Mw2P&4{_3k_t*u&6h}pvQg3chmNA#hLXo%
z5WCoH^OMN0xfU<3EQDOG76i(&iKm6)x=n>}PAR$1SGl^O4nc3S4nXHY8_|KlB<4;=
zEC(mQR>qg=?U6c_j<qV1Q;u*1Vmm61!$aVx)8;#7(<i!-p86pxed4%}NUgZz$tdW;
zR#`YU$%F_;r`z68ou#xU`l8Aj<ty%soJv9m2coh4eNFTQUTY`%5=mMjN(j7Q8AI{~
z^74GCe%fT_QlXn99B!|KO%RMZ5P(-$5Q4|s(Sx)(%inJTSq?oa`MltYX-Gal9|sFt
z6{zJN;t&vF#x?+vMJMH`<WXPJUpW->aMluqXA+MVC*v4i2a|vp!mQ^X_{~3Ssp2@q
z4qnz-OCpTtWh2NDb7;<5Ymdhs{Lz@z93E}D$cpK#rE7}$qgDv20jt?ij3ZZKt@$fX
z$9Kg}XDwY*?6lQ(+KLfOWGP2^#WIRk>^QO5>8zz|iuuFD2*{zfxlru9iV=QOaXQ#6
zb~<b6nqn8NHiB^|b~zNgq++Ne6+7E1b~<b6nqpVHkJpM#1&Uu)F*>Z`bo@~4bk@=}
z#r)wz1ny89hYwlG;X@XW%W6tzEs1a1Oe-(7moC@9vBMS5Q=IH}*iu(K9O0>nFM>SX
z5fGuOC-k$m%j-IPydzHz3k>f!i0$W8ngK4hKkN%Xq?emJg}GU+<<kXnYTR4mLyB$m
z^_-uCe&wcS)1LE_dJd^pcnp;g`#}?Re$q8fJZKbtE8+YkOlt6T=$u1PIUNRNaJWJY
zjV2DYKr-qM{rU5Vy6yX{nlw!{BFJaeGfa$r^00PKTSZp|3Lll#bs*HWUp;DpOR$3V
zg^o?S2GN&9jf+^FalwJ-R4BW<i{>TtNk6|KB)Pmpf7hb<IiaaI2BG=6>(R8MDK85W
zSXxaxJngp!98HLux`%4$?V={SBeQ=3bSl;A<fpnJ`jQ9ePjAOEObKnNg6<EZhY?$m
zJI0i!IsU=%1rlqKo0`g`tDjB1cfBA83(X!|mWy9Rqidz^|G>V?njDoDA|pa3-CO@9
zlM}RvHY&6V%F{e9!XX!jK2vhPfYCPp02b(<PbDs6w?{`n|2&XHXIy_|8vTwK5SX9S
zacvf)^Cql-@^Eu)9;O;K$4z~%<e2q6_*Y^Np4>d|fw&&GS487u(ARPOjCWbeah~>|
zFGEqNR*e)6y{~bOt471I0uVQSq{NYVq3S<iBCz6<dfr=g6LBFoA2#Cmb#_h^GPI}T
zup%InVVE6CD59RkXw6r2SUNpw)R)r6GHKGFmNvGCZ4-|eyL0UwNa0BQlj#ji&|0g^
zl+kcz%3A3uyr@qnSk9oX&~xlfmoi7R5rJ96T5cqMkbXJj-zr|%9SqlX_(`E0$_1_!
zi{@ZhX&ZaO!p+R{L{Tt;z)xtdh**wVq*6=nWyJ?(n@~(OhbpSDPNZB*r#jF<DUb=b
zgH^duj9TiyRkMpd5r9r0kNZqn0lrE%5hoQ9vOzBUK8=Kpoykr=F$w#<Mq|Pukchq_
z43vc+Y6OYh&giz4Kp9}plsB+M<}%8kwJl|;1m?n-M>F`)P!VI2V-$GAQn!l}D@xa)
z1-A<=ZSD3p1hdG)H~}rX&O&gM_)%gz4N#M|hJXj<l@?|F){HfXp$N=r0huD4Cje^^
z@G;ytJ6+Wp`iadptTtiENE+4a<q-QZmt13r@Ste|pmr&{IHgELV`!PFAM}FW_5DeY
zY=@jCFhwwRyjlwmB8t8#)Qu*jM`R!LR9B#<5guhvRj{srL^I`03aJzbqF^zh%Z6`3
zrU4UZ-@^~!qVWQkcs@|-`2gQi;t6g;!&@>EnQ}UG#}Y)$jL;8u%ig|L%#(~v6*UDF
zSDkKc4?wk}!it9$YWz`&2%+Bdbe<_U{x2rI8{4(D%Medc4du6{gJ(LMz!sQTuc5X|
z8?O~unwAtb7O;HI>Z?(cNPH63OxOjB5%BtmO@s>b%{Z5iK+}cB9+`J${QzB8FBXn+
z;%|5|)mk(%b?LRA>)TUgyAMNV+DFG$-Ah``SKNi@`KCT@z@bZh@Rpm6B;u<@KH3_f
zl?5N8*^7&asMtx2Z}EgX`j=su6LIt&{pt(ow7{M>Rbf^w8kl`VZVFCHrdQl=;$9?Z
zk?O?Abt|oV>|azi55^)N`&wj&1I8C39UoIQlq>k+1Gb#fSM-mz8r%aw*b;ROwip=a
zVOs|$+9-VSP;mpO9+dl_b%o<}g|A?Ptg_<t??4CQq^L9xY}M6;mO=MLVh_Eq2fCJ3
zwrYS9ZOB?M^pCm~hzTgfWwT0G7Znal#3~V18M2be7cQkipV45GgoHL~z%qK0B^u@k
z&UB85Qsq+E!!Vc^Sia>v(!*TF;34(9?iM!(xTHj*=?zHXP(f_V7;0sm?jykss8N6i
zL-UU*9W};6JDTTGk8e$9pEY3XhKw$c({#+akKqAC*?h()Py1x6Po4;?yJo*}KHom_
z-(_hOu=wWgDKm*^Do;qC`wtPpdU29Q4Os3sbQ7gI8i}L$O%c(MD3Il}ntdkua|Izm
ziy;n)?2IH!r0zG&N&+c+vggn1^)jEi@R^6C<kQ#Umfcd>`*0s=cM9rcQQa`eZ|#vm
z3B~cj4YvGjKpRQp9?0ZTz72z7OEHH>Yn88QrLSqVYHH|g`|AtS7OJWuGr)kq2M0Z_
z4|oW}9>NCoI1IZcdK5q$Z1o6tV!+?RibDK#<UkX?p^+SXrUa*kl4>JZ#GpE2Qr)E<
zr~lRC7})92a8S{&Rl>}K43lrJPH)#841+(TuH_*@eYI>tb!now6D*z8%dn7#kB<9b
z@VfSV0Nlk$9Z@jbOE$*9mz7<+FqD27n1(#F9>}wmh~-o)n*+WPt~vLdHV+YDju{G0
zmI&bG$yhU*7^f%$*Fs)XBs!BZ(WGnmmLjmHLLFa{a1#pMDyFQ8Q&z>a)IF-$$Hqq>
z!VWs|yY9YyO>|6PwB1JOF~FF@(*?6bh@LhmFL@x71_QkbA=e_NxM*w`L|`Rs0}vt9
zhj=YE;&Q9IIRl(Z9BL^dvDO8>RiN?FfY>u0^wWGa4S8<u$N7TH)#0smw{lH%RH?TI
z)!otS@g(-o0+Fd=)YJ2E5A(4ww*j?=RRu7jE<T#NXVtp<;`Pvm6-G6uJS*H?l2&8z
zZCU5UL>mS%zUU33M8fq8l%@p_=x0N32dor~3*=-C>QPz6G#8`%-0@<ox>KVeb~WiI
z*1#j=<efCF&+AgKW#mwQc(w;nwQ2A&-$E7w5(TmQ_x9B+6_+iVuOe0r&gTTDif+e(
z2b=Yp=r9i?W(50l*TR-DmMRu|*w~8%TQHeb4cyNOoPBh$s*f(VfqvH4Vm0ruYF<}0
zg|Fu4LN)M!n13i4^3^Q!)f7|{_NOY?i6JIA9WiR@B#mKcs4<K>D2DYutG}CfnCo#y
zu~$VH{gX%+Z`if-ozVErooVS5$M5zGVsGfJiTV8)MuGQZxTZ1u0-4REK`JY5&k(km
z=y5UJOPYnAkYa<$qCI?><}d<>(F^ZL)s;Z!Pa}m`G3M-A*!m1fZCtdc!_@-2Pt$2b
z$07rF*n_{%7P1C=8kr~qKC_q%v^8&{tC@k8aUPh^uxwj)85RNDN)K*%P}n_?F%oT&
z5QYAP)JS1HW>7W=DHs%Nv^#?2p(euKkU0={B}z>a<vC!O-LhsT-)j&uTQSB~U=$wI
z(r&{rzT&WD5YTdzyA2|l--d)b`><B)L90crLGZ7Mwo{jxmuqGtzNRh<6`2918gKSv
zogGTexv#k|(4d#?>YnZ3H?bYf)_jGSH*EnHm5ThIECR8|Aw_@(MBvm&mKt<+;yC1)
z)y7Em)g}^I5;1k>Q7?b<!?IQ={sBtk(UBH9{p;B%Ct+}V$F5_$b97zaRonspSoeC%
z53Nx`c;-HGly<kuBYQvgiY{N-H*){<?vdK7MS0}j>3s|^bS(Fke^=h_7Q8s>k)b4?
zR<#coVlcS>m3^BVExxbUM<W>`8fmdUu!UXEnrdN(Q-5i(weQu8No&=_&EEK;CLs&;
z7aVHwT4bDDxg${#eMGGn(PJXlN_fti)PfTKLwmlDg)<XX<BBO=9;kiQRaFxOb^1?@
z8X-;rLa+#MI%6l62d+G_YflmHZp9<zAMk;)JTJWmnz9N%%qfGyOTNnV*hu^e`5vb?
zP*yEg9RN*UM?5kOp^q9tF-eDMSUhqe(t0C&2~y?a!>v@ZuazC69iT6DeDs)ix+wot
zt1@zEuMlG0SFx3<AZ=!9Whse{!bd@sa!Y?7mcE_3W8D=8O?phLI&w<#j6K}V&K*72
zRp>z*+r6P{`OUyUC->B_B4SY{M;p~i?-fM4#J3*000OiKjFZZeV-#rP2%iTW%h%)B
zgIp)ywa8Hw3#73A|JKNs2cF{5dx~TNB+3vcYWTtP3$Yw1-Ggc%S<k>RmkS5^5`J}q
zfm6iCAPXNI4Womb_Ml;qj8tCr<D@k5-P8LH(`oaDfq^cyN5I?hD}Drs^%()3(e6*K
z3en}K|H4MVf4o7|1Ab^f>qyqI;|8&^)QgoRu!F5z68~5pF5YTlHEEUl$9>Jd1lH3(
zy(Z$sLX(lbtPGF>IL`7HEnJNml033h(Y=ked@dA4qKu%A){iz3_te*LAN@C9`BThn
zQkSQ6xsFA?g`OG+mPzoUEGT^_SQW8}*iM^zA7+D`aR6~S$kK|}A2h+UP?pw!<|AIB
z{;&d8Q9>}wt~R<6p<GdM(AQd<DsY>L|5#~p<!aoB#ANq3B6PdDnr2?^dzwtP{6(!K
z^i+!=L(&sMSt*)RFDwjCD?UI^Y-E&^VVVZ2u(;Gl8+%!+A=9HO6vp1d<VOk73hZFE
zmT7oEA=wgWB?ik55L8e?Of}h7Y=Fr@9i&IVMKSQXCSBP8si)eiKWfp*EJD;)y$K`$
zs+O-%MzvPG?Wq<dZrgJ9V9)Td$aZ8>JUw#o-~PL={KUmipZLUHrUXW^_<iYgEB#(0
zVA?i|#Jj(jS`%g%tmmKUJ+aaF3{zw(elzPL+UKY`TT>B9UG{-QR~4y@n6dO>P?m|H
zO|(RRbbC=@CoaYcw&2_jxiGZC(y>-7G>8>HeN|g4-mD|A8}@xlF)lAzZosB&L2xKP
zno&#Zi%dK2e0Z7s46*im+Z&x9j`YH&Oy`R9^of0NfprBVdgC}YR_kl^JlI!Qc~C&c
zAL&gzMe_PShlQDlWJbX?i~I%bJbQ=os)5MfP66(K)|I`yN4znsAmSuOsY49Zt_XgR
z_@ts>wG-<KV@Lvr1?|=bp}n!k$Y1g9pPMXH2)|;e&>}4IF?oQ5vy}+kaqn6a-5YdP
z=q>d)Lva)jAs{R`(<^_OyH_h$mdMCWbV&<;H05uY5~hw3^0Zvxh$|stqQC%tr)E>{
z@Y*O70NyZ;+<h031lxSo_jou2=v#28#Dnbh_pmCFhnb(k*Jqf44`|893@vrh_3wa=
z7H{z6C*$t=8xfk)=2T*dlV|4bUTU8w<+pG!`<h7yx~G0HQ<=_-#qD4nt{+TGYP+YB
za3O$1r!R5AXt7gcyk#J54>`Kvr#f8#Hhw3GVZ)r(v!Uchan+_tp!2MW7C;p-fwW}p
zA&Eg`!Dtt+9vU&zz}&)%cGxKPc$p5C^x*Z;`E>gGVHVJVW<tlrl9x@)R5uxYz6m`3
zKi5?`5*HqiL|=GxcjH+31}-87(-g9}3}cmDUFJJZ(dmZzbWYikfzC)_XP?k5CLnF+
zmP{4w%c}8&fP81W2mFk=m`Nm<!kX;5CkDq1$&WPjn&H75ff$SstX%Po)f28aWCb#C
zd=L>d#)q?*+z=_uwEihiq?WFT6fFl+z)5+&*U$O>seeY*eGf@rbT*CY3J`r``Cb`e
zjQ^Ni9@l;^2_U??W?D6OdKJxt2eKOgvI=Hw?w5Uys35}nWN@=B@7nN<vCRwwHkimj
zH0)~GXt(O>J|K{=CRL?8eVR!Cn$Rm|)@u%=z}Aar63NH`4D(!2X>Bc-Nwk+;u_k($
zguoKj_rHbuyx_9>>?i?(h!tdl`Ab129&u}$Fn_Rv`6fUh-vsI3T#xw@VZK8kwAv)$
z14jY#N$@h)95zH-URoGM%pH>)OLXrI=~8yLD69Doh@yN$^E<PlP43ovCYrENtDm^`
z{iJx)c1Ovg0>vq141zUu!MHeOO|;RT*NBhs_Zw&q(pIg~x?BdEp8l}t<d<w_hWNBf
z3tEys%x|V=BiM|$%^qq;@F04xuDH3!p<~NeyPtpMkF}D1K2vT-%zYP@P${H*fRF+B
zrtMwm#LO+hKIo-2k!YFbCUv+Ch~ANdX^-cLn~mhFNnBwkh5ypYV`#AZK2yS95Hk{F
z&ia=;IiM$u0b7S2ylh&y*Y@b_W<NBf7tXK&Vua<rIK6zV)nNVW?%&j^4Yu-;_#;LA
z6`gaT*J!JwtwmJ55v6j`vFVZMJ>$(q8u0oD@1lTCALbksr!6=Y+kL~wqBaq0&Ud_u
zn&$hG`?<@RJA64S77e-?k_DUbUyHrY8foaIehp~N!7OF57TQEioY~{B6v<;q29nKQ
zDbGh>ios&RK6*~y`cP-`VAP}zjA`BiB8Z}Oytxvsv-43Z?vEnKhE!U_S^<I)U8c}(
zki%ki*zib%N68(gt9ndU7I}Ckk>~9k*@lv{37kWEE@`0I6NHaVROR&ntbQ2OmKU^O
zjAxf&(9iKw`A;z|UI^EG5la#6DyG;Sz_`!hYa|x|Y5dN@vYrUKJ7T#nl6#0qIA8lw
zg%xpl20h4`GtNRROYW{U(Psrz0b~ODS-C_-pe`^zwMNyK4A@KnMi3dI73T>jjj8yQ
z6}J(4l%Ba`mv4^h-%l&9kVn^328yUDuBQ{<SNjsUFJ(;ta`nw@(WSTQ?miYLFq&tx
zLHq7#eREMCnF{~qufSOT)Er5A9D^hAtIfK!Mp&Pd95*5U1con8O}5Hou<Uee0n7)?
z&boBLE5!ng7yCL;tKWZYchPvY)vc#^MK%U_O*%JqOiLP<+!x_b0;N3fh;wYK#MSH@
zvC9;s{d(*&m5E)Zj7WTS$=GE&^X$TopHGQ?WY|XriR1&iuaDd}eVDn<7LGs86L&fF
zHR!XFu$4=@op?D_Cr(=hS5jZWTPYk-AIWI%X6Ur{L8E6$hDEWUn+05((XQc%Sp&Df
zG?Fv!>CDps<S9ThD;Z-P0L9I6O@L>sF_QlPi(lIreb~!g<GbUbjvMgZajWAsH8i7Z
zRn3V|%^OtXmvk&<v;Z}vKQE-`0>IB-&&YEI@bwPT7X!2lqC?i~ZzFyLT5J00A}(@c
z1PzEEQ9WluJ^EzmHN-h%^{{^6`)^|i&@TSxLX8TQ^7xnBj0C-=IR;@iDrYE{N)BWu
zGj(LVk8g1WyI|;$kr@qw>|VYN8Ymr7J|$PjYG}oiLm3f{l=VZNA;4Nw@kR_ZeeAoa
zfB3MXkNE1GYAxzTa%`Hp;(jDCelxA5*+#z;7$*2TL$RpK254dwD+9|_h4awF<W>4O
z+1Je79_A9r*|E5QLtDgphisNGWy+FL2~OE0Rtb$UeQi-!#DcZ@Y@3K%LJ$MW)|)Vo
zMQPh_dp=QW6CB)L3;a8BP~>4zXXK$MqlIwphd>i8Rm;`-Vb0LAc?QBC%3S0RFf`E!
zE6};|sMh1!*KFHd=->~uSY|5Zh>=w#M0T>NAXl086a@6ui`jN}@XfzO`Cas)&i>-_
zz7yiuvoQ<d=n;ki%HKI@JUk?NbpX6^7s<+0bxSukZ&kx9$LO5uSiXaaP){eCw^Cbe
z0{xd4_}>eKJ?#RqJ2tg$8sxjo-8uB8!D4{Jq`-wxn42K)KyfR=fp8qMvs5i^;%pjy
z=cScw;>bjru^uL<dBXtuB>Cm#Fw?*U85YVaFrf3U%5Kqvoa|V-5nVmIiGPiZoP!l+
z7%-`SsMR>kOyk2G@bmvQ<Xo^@Lz(7bp~6ETSvm(3>5=%s==e)NvJVqNhmM5$^W|Ai
zOA;O7^c4|txb)JU=^Q>#qvNQj<LZt6>znm989~OahK$xWtfTO9AyP5`YR6jjX&P)w
zOmo4=-Vq$iuVUs$H7Ode2uV>AGSFv4v_MHoA}K)&nU*SU7*aOAA3HJ%&3ovu#FMfN
zDYa~2K9-e5$Ko%Ll*UBE2lw<Hpo?C`^6J)~o4RG!XZ$r~Z({mf2ZSw~)CHVurD6xX
zeUzGib?+uBU5IWKe;;r~LrHv=#?&bs-!nlsl=E>BZib*7&O}1^&twX)_IVc`v%Usc
zw0=TolHDM)efQ|7_FXW8&q{Wao+5R#9XX}1RriRj<BTOcx~{%i<BQe8I!@m#x#OT$
zrkCYdXxP@Cy0-Qx(v3_S_eH}`-juJTHmDU+FvAkXJJ2f@v!#d@tUt0Owlp&V*Uu%4
z48@=cl#d)DpT+AX`Ll3{z0`uHt^be{S79m?zePSnqKWfoxLJzrRXT)*b^eUTq&9-|
zN0##`A4Iqmml8R>up%e?gduelPVD{*60h7Ff>I9B&c0!W8C3v~d*DV~VPBAaJTLkN
zTV;JQ4^~p_fFa*vd7>3*+2~O5au1reYAYhlt?usiyka0#*V`n{-jdIkk#y`Sm7g&l
zBbV`T2t;2+h@v&phyLZy($uz1*9^Lz!inE13jEdRQwsM&Gqhd<G*>DuBEfhbko!(`
zDMl|f$}$i|NJrsJW;Tq9MP!{R^S^IZyYZM9*n=W=y&Q{GPun$LgEn#bR*Z&-fl?|S
z>=SE}*(=?M>yOyFgC&Pq^xFfWQLuf^rZ14Ix?lbD4{fIni(YIooFO#S+gtR}?c@is
z1&6ixlf2f^oK1EP-klKX&6x<8H&_t%ye7J1K(D9b=FMsrE0MhO`tD>$^A-Vl$>TjK
z(lA<7h1Gy0TM@Bkfg0{iXMGL$J6Uq7etXM42r9TUJ?<-*;cec1d(<d$XF3zBBJ}*Y
zAys|@O(BeX>T-F5WI8f|F7UHK(Kk+YW%rC?%{WCCnZ`j}JBmKO$w<ArtV|%RbGx*u
z1{rw^T}8}9BCVMoLq;Zp&D)BbS-KG+s9B;lP~2iNvtcqb8Eh?(M&4S;WW^|>t6te`
zVzXE{fq4g*)G*l8QjDM?fDY1v1;x#;G#ey~wS43g^*d?&ZNT5VQ%=Q?&;{@tn`RKg
zi2}tCz5@u~stMnlzaIvN`i<gd#GoB!LRTXj8)WjbQC8%6!qYQ|umjYB&4c_h;>HJy
zTXusW)fJ7+<B(#f=SGC5JS;O(r2M}d4QzBBDBKfYM$a%EN=8XGIQebO6lKr7P@exz
ze4;WM^~U;q0iI!SQo?r5R=aEr*v05U=;@R2`aNjBhwK+T*$S>Pr1%~iG;DO!-Bzzs
znL^H4uwq%P!?dE9(6ZMzXB}}iUj~qyNxjDZ<@rjjMdpal$oD1k3Gj?5xrYSuKq&Pk
zO7Z4(bRAeT?Oj72NTtKgSjmG@x5@EZD&qnpu}X&$r&Hc(Yd#`uBxk|c)t`gAHA{R!
zmHJ2+JZF0HMWH*#s*|OX`vMjB!>5QL?D2rU7}k~-SX=6TPK*G+KQ?VnpcP0D@OHdS
zsKCN`<c?D<xZ{rcdVAt+tlrDl)Js!+y;nlLZ-sg<TfM69V#Npc92Z1drnsTH58?TR
z`HiF6U-X%TTu;?M&r>%At<_}BsA@87=Bu7geZTKZeUqnBoAi%Ea;?(eKz`cA+3?_8
zNY99{3HuZRf0tK8vAav5l5qshh$ht0K$7JMT+Jj@!*W<YH6tkogeZVMUrL5C#hJZL
zlda-Q?0`mhmrf3dP@kEGY!bsPNhx2kvPir8t!O>NrQ-hAu+51>4)NhpLOQn{papm#
zVh@#FK(ThtgB=j|C>9mJ)f@uM;dy2FRP#NgFbW4y)-gL6#%4@j%UJj$j6Yf-S!8U|
z8S!89ailRQ^Ce{+HA(uLG7s@N<U$UYz3fTGf>xIB<_ivX`q2drjnFW|qSU;V1C>+Y
z-o&3&N^~6G9hcM%I1et0cBsWB%8Tlw{eJOBgHd=|i=aZQpRuc|`w=x-bM-Tj{r!Ik
z_uo!DKfrIYt!+hhll9(2Kl}ocix3e5xN#KZESAx@uucD0%t*RP+2kyt1z7PAX$oq_
zMtCb#f>;}v)GidD8^g0N$z2WbOjhX_T;MGZ@TBj6_{#N63!03_70du1v0$-}@xl=@
z0HR%p4Ogz?HOwW8#3#l5!()<w?vpS-{oE^Hh9xieTa_F9KzN{8CBPA?8rx54m1d!s
zW<dEdK`Xql`?2ex6@s?UihzL{Fyw(QGqx8>D^*wl?={UJZGx^;!D&N72i;R}6(!UL
z4Z^oVXI~a)FoY~PTN-QBXpf--C?`E5<(eU6%q_=-hJg*kd{3K+>l$1db_@yJ8>HB(
zbufHH<!zV6Ym5MmN>*Fs&R+tQ&xUKGC)+`?Y2Y*PdaC-M*dYue+SK-<oAn#ZH1)Wd
zvK)_paHIW1Sh;cgm6nl>6@yNklH;{=yq|>&0>K~ehq(n?zXqT;Z(EaM!xc@hKc-{-
zXM^z`u>*>1T<Dx09PFdZ87!G!bhBxaNbtIQ8RHub=JB7$>yT%VU-FC|W<;>#b-dLW
z-O!(LmRV5-j7BJ+%=yDY0~_-$_YS@%>t24@;P9aj9=_slw1t_uM=M_UYw?(Shu-30
z)n=>&|9t?K2`}`M2gximkRmL{S^R1<OzLdwmd{<t@7>Amk7XCFVGBdZCP(W~Jd2$5
zLhdC0ARSZ1mBotMF4~<*7JaD1ve=ngh!YJs5ugDB22m~sG@E~56^hB_YsI{K!y>yi
zX6WDloZRSC)Xss9?N10M<o1ih1P7EiawU3zDmd@xvZ}FA68fGHhj!m9=FP-GPjh9N
zgJKe1IHqYF(u%`>m=-uf7y%YOGK0HN&)@@X1EsqV%I3%p4qIA?A6y=z01W-4fNB*F
z5U!y8*+x5RP(q8c%ix#VMqZRR@~IWK(iL=x4Lj|9gJs!nhFp)qn31i8kg*wL)L>U^
zq5xS_ST1qmpPE8f%c}*m$;X8ylY!(ZZoV%CI&|V8aW(xyb^dvp;martt~><T&-+B-
zfKe8|nGAeH-bd{rg&xk@38j&cm*~CYXkt3!4v{74LE}!z)foJ-{aQ4NJHk`R6<V>F
z6IZmk^EYgjO6)!q)~GGuZiQ7bLuqFxF|5R9_<HC2cj0r{DiB9D)u#+l#w63ENXI{O
z&VnJrj@jBiU>4|ot(a?S9`BdT>*yFAJp^X=5xE^5Ubv8-F+1k&_#hu0j-n)sqLc>8
z&@ywNq%XC4Wrr2788qUN<S~p-ph6&p4%tPZGnHDbp|`+8P`L*XK&ad%&`n$F0;oRb
z6{!FKU;#j-3n2YQ0P@G+mo5enMgR!QINb4V3W@9+!5|D$X3%ykfM-Zh4AV@XOf$Pj
zR_?x!4$$!hou+h4NEtB0FI}aoB~}&91wm6r06rG`b`YGu0oaX4yc=55mQZ7OBUH^+
zT$rj?{qh>9dS$(ayw16bN%HkxT#t$9cmgS}RWyEd4KM7W)*IoY?YtvbYPnG6=I619
zRm-g)Dk;`0RYe;k48w>;nji-Y-JiMNj--p&d$cgc`!W7UiBO*p7Z9CN##sF<SXcOU
zSKvn;+|_;%)Z^F{(oMUydoTqbqcu^F?yD&plCgla3JJ>w9a>Fo5>sQQ$|Ar`m1Tss
zeAK56d5v|Z7>iB&^ZDQGKvvA*0`%cPc)Y!cwvVv2FA3rZmr6tfgwcHhjM&9}tl%hp
zP)wCDhbTBIl|}^nF&Dk8rXY$}O5lnyB9T$55Xz1J$3XQ;x3m)&t!!>1gpq=u5-Dn$
zqb-&y;j9%C(VVesGpo+BVP@5aH;GSd^8C0&W;~|*zfDogrEz7hM&O$(HjML22o^^I
zWi%WGACarG6f8X2q#i=q%MA%++A5C@;~TZ^Y2Ok)i(%i2lLd4$tu%c4(7pJQC{(8m
z^V<>5K}3FI$&py4y+bOsftM(nR${r&(|%v*{X=bV%kozY?^NowuRm(npDX7RKqcXX
zQV(r0_4gb#X46GV3pGRk-}AdX5M479pI`QhBD9lU&az$y60i)X*F-}cGkSzmB-ZeZ
z3Fm8NaN?}28Dww-7n%l9FsVsB+&b=t87O+Leqdxn-#DmSvkbE-4h+cL{o~~2<FMt)
z37*&t%7=LcsqA))yRBUie6pzvf~}Drggvu8!%XVkXB7Yg6Cj*j(Kk5(mQ$D6q)&j|
zI>xK&rM}$iORYXbwCr9QcRSXDaK<Y_=mN&w>h#Q4SL;-#XSQ{^i-Oev7_jIQ76|i2
zli1%qS`*Ygm5pI;xPOyYmVE74+8rml!(Dt&5^8HDBJTp?97dKt*1{5o%~{eYlblR#
z^7V{HXb1g|%0Q5rxZ(d-wr$A%_f@t(4DJ6b%Jzr<+m!7OU$1OG(>?@=)svUm2uX{)
zlq|ks?52sZNJF<Hi%o**1kE72UO~k}h{H%oaIe)X=1*nt7V?akzhAtenvb5zA}&Fq
zyF2-8P&hejNOM!_rVo|8%fS5}0@gI&HPLQH90nX-zmp~9?e0$IE;P-QA!mUd1TkwH
z_MKV@H4Fse#{Is{zF4QEh}rneKOR#plfNx*nTj-6ILXO|uZ{xHdOPBo2A3QL8o;cs
zQ`)JzbS|4MbXZKeh@G7pcMRER!-Rgl`xpfQH6DyJhv7-$2~oHv`UrzjFEsjCI<!Y0
zcY>l1$cOJF|4(rUx|Ph;2-c^Sw8(()IwM1~sXl1JEiPEeTUM-U?@FWuYt_WnHi?vA
zYYw=t?)x5IeC=a<adCoCNo(*D2NEEbiBgsq9b`caOl?I@9@GjG5!wr&<pc>@Mb`M)
z?g=kJ2k@b;eBW&`-CnRn^B=Q-hHD}naOWp{o&S>?yC~S*0J=|os>FBGG!WwaLrkAT
z*b;1Q)7Os7)v4ojhYrD6n$S!d#gwB1&lCU6w;_>4t15e3@L2k^-sRuLGh9e)!_rZ^
z)S<gRRp-8EUPU^RQR@WNvf47H?rTy03EK!}uNDi&eaeP9(PCD%Wn&v3$g{!MkJ=&Z
z9#X<-epY{^vYPL${;a2dgTu?m$*84}>VJ%ka6A<)wGRCn<0$`O!-QyY=vB%;OwYJG
z^Ow3~k362#e%^k$H2*WFQq(L~-B~C3Lws3=Y1edwZbrw6&NdSWPwlf%{eH3CIrEsc
zt?xkXxS<0R+AjyKh$W+I>dtnIuCRee)~h4D%%{}|%A{Bz#j=)N^RX%<Hr@9p2Y&YU
zpoPU-4;G+=3PgT&;y$mP3FRRVVVN+e`xC(DpE82+1rmRXHUf+B1rGbebAN6&C6c3#
zp_3m7&%;UC%Fi%TAVv3GI5C@dbiaOB+vh(X3SRI>Z1=tt>(R(V^jSIo(U32kt%&9+
z9-`q7dF%->6B$;K2(oluqN(&~If*o2pXhLB?p8v19sP$ub_1Lx<o&heM{`W_?+}f&
z3T6Nc7)l*$ZP^C;D9+sm67C-0VVeI0hJ|r0TSPyKgL8-DI<JA`)kecfOlq_adHs9?
ze~>Ncj%SAQp4inJ9!rAwm}=m{S_W$FZ)oa%t<v!WAwe!x#GIYjZw~C6_96Xz5i9k~
zmkf&tNG}9$+Cv5V%%IQ%`R`DW?VPM?#^BssNJI`vGtkB3CUU%{MKHGqQXXf4AjoVQ
zDWPUVL?eQggp?&48wCM%Q8N6^{F8|WQ2MM~zn#2^0y{7m#fkn)?Z2#4u2csG^8N)2
z25NQr?=-L?_b*_cTk{Y1-K1%VQAPw!M+)>ULg^JkhlD<u9u)e%-79GZyuL8xz?o(_
zX1Y1<f$uZ%eID{04S9}q^V|*pTOKwaT1{_+Jjc6vR=I*aKNj~5gghrho)f)!W(9~$
zd>z&RoeG&|No}}WZ@nA*^<6vt<j%@`GPaM?s+n(wGN)C>FY4&wP=>9td?wFLsZo@%
zka5bK4Q0-#%#fsq4oSsit92D5JLi$)mSLvBOk5_P5SQeI{)XyY0C7H~7X)ew!?^^!
zL7KwvgzrV5Sjp(n24uXIy&TG1l0+9jej7v0I`&_BNp2s<b$^2mU0?r;+%NN(8Nv*(
z^U*jiJ2My`4e1-CiZJV<amLU%p;2#WoCOWR6m$&}X8JU=X*K{kSx$x%h7ljTt9b)>
zEf~d?8<xKYI?T_~Un1fLIW`r;-d)ISlI4DZ9J#+0_HBZn4v<fU^i83uQxOOt$(x>D
zoZJY#UIR%Dx~Y)9r4pi}QmA+&)<E4K-k#G_?yrP&F626Huns5}Z_nr{Fs_F5LP*bs
z+$Syf!2ok#NH2w4=ShbWq9f|`0pWuF91;UK9kLz@>16`8j8Z6;b(_)Gh&tBkN0o=3
znhEI<rSRhGr2arcu>#}>pAzIKLQp=fT%@xhJ)snI4jCEV3{Q_MrJ<)ndNQPMkgkYk
zK%MSXR3ZwTLYP=m>SLCEFC@$6#Zq(e!-2F|ksJSoLH}sEuaYkeQpH(;27zfq?~GMI
zJPQNF@SF=ZUkK@WrQm-KQR{19#wek=Nb$xb?2VZc1Ly%*c8x@r>OOrdq!*Mzs>|X2
ze7L_D(m9F0`(bBFw@07NqE~nUi-E4!ugGIzYHFYW9uEMI*2$%Tc&~cTUY!W9-XL{n
z@X7lOffhvI)2KI<hxC+EDmiPD$eHl;q*5q$I;68i{jD|1%O)V-GXlR=bGL6o=GHhM
zaBAwFalf;MXwIY=)2MgSC{H&e7$ze$K9(Ma;5mVXpU(O=igz+8INfj(`W%;3*S(y{
zTTIm%G39bEdpL)Xt2Rx9bjH&BW;O7249wS|%m-ZBL^>ME98n5A-w5}|@j3YRxmz&3
zK*5;~1;102I)ZgZ>FY@oGzj=eh|ojVFicJmUnq=bLwY=<`$IYv(o3PXv!V7w;rXd>
ze^B>ebs(e{!t=S1o(t(|vm8qRTlO=0O!aTdaU!O8XR|5`R_L&bTPQWPVlCraQj!SL
z>AZWwuFZmCSCMRM;wXrDUT{hG1$3^4>aT?KBB3hsi&`u4+XU~jUe)qjbo~}D^Fj9R
zs!7HZS}F2f&t%jnXQ=RMI)HyoaawWC=}T4AR+K|DH8=AKEz0#77iK*9A!so=q2M1?
zInpB`ouRyx+3LoA&Lp;G!pzz!MW)cC*Oiwhy+NwA21lbBLJcCtqzL)9Cqu4N$~9|@
zfQ30XMmQZ9;Z$IRS<eWPQ*G+&Fvtz&5-EX2odJdKyNUZ9t(5q1&80N^j4DyDsS?g*
z_N6&+>|H#E!``s5c}}^wJD#Y?XBA6ZA1w$vk(@k{<af(Cp)ka@-~8HHKh$zQq!(1%
zlxl0sohg$H7x8rgo0|4%A!`_34rMN}AF<6%?v~D2x)NT$g}c$%PLkLr6W7)X<bUm%
zx9g%(It(;}KNSSR)i!{4a_EXAP4Ao?2K{u%yN}f3C#}jZwcavWe?Ylt!{u1i+Al#9
zNOc8q#AJaO55$uDG0ge05MZHcYZupGc`(%cT3h7K!_t%qYt2l^cSso8(Z(W57sLJ5
zpGN|Q9B~YWulHbhK>KB{$ME;1m6!;HkxuB-%G&sMlK%I{T(`TCeMyo)vU1c5MOd)F
z5h)HOTC-s$F(fZ(b|c?KQoQZgOcHZ;#_yEIFe~^g$_s=GHgWC?PcQ2!Bj{>K-(qB_
zztmLm<V6u$TAD<^3`FzQzx@IO0@EQqK<ZDcZa3sytcJX%hFAm6OAC!UEM*{r{h%v=
z<vyg;sgM$>X7@88B|6a88q$3sy&A^i>2Uv6xF;^n$n|<ii7T}G{UMzS>6J7QH@Byb
z+cb6fvG7h#z5AUn{LUBj9XQJN>9p92mj(w^Sl8_1BzUn?c)f{?I4{H*Cv~EMoiu~^
zB2)sGblEMZ5F%|>07%beZZUgc1`r0c9V4v7ih^*EWD?DIz4}OMs7?g76KI6uw2%Pz
zehlj4t((?FcLIk@L_%81P9ICp3O>)zg!D~dvQQ!Zw2I{dOsa0#XmcSx(cBbq_;F5I
zX%9R3KurP~jIQd2^n#_d3-m7On)Gr=FOurqETsFli`jN73PTq!i3&vQxW$|ys@5%b
zoEjtn&GS>jl&3^S+x=UDCYDtiqY6;#6z?#hNYWW(4tDX7cL<NA#0whH7Pi51H!X0y
z+^3XQWP-!SE#D*r3ielQ6@Kl5zbI;&PC_R3Wm!{S51ALM4x$YW9F}EE2@f?$MeAmZ
z{?v4>y%;y!XQWzK8HZ#TWa_>NKB7pV;~Q39=m2z9H`GWptN}g2%0>z@!<n|qj-2G^
zeEPNnbK6j|m1Z+6pHX-VQy!F;mm2_tK3e)_07U4c-CxvuDk3Bjny!f~KldEZjb2F|
zl5ZE8LD+3f%vm47UM40sYo<G|Lj3{n3%Y@fONI9wH`<YksX{wakrj$xW5O>MqNfOD
zAvdMLLWW^cp1?4>c|hff7W3#S6*~5EMYLf}WQBOd;pCRZCUyL;A_~d|5!H%+?;vW&
z;}PaZHLHo=CRx>7011O=-N&MwamEHW4Ikp!6vV;2tD!|Gw^*?zrsR`Dy29LOXMY+W
z66|N`6pfJ|5gNthZJ9gPX1RP#fud}+>AsS$ad;gqXZ8PK?oHsS`nrelbIn5{4Jy=4
zii*1Tx~?k~SE!UyQW}(5W*IUxP-KXZDMTpqP?QiEq9jC#C=DtKnJSg2ylbCxslLzi
z`#rz^|9wB7_f_kjea_kA+H0-7_u6aigN%ECxLjb}hNni71?&-^<G^kNG9jZgv!M=X
zLzzQl-Bd;b$dZ7}yHyBg<@ifpk#+3$0Iz`k9n=YR3AjuKql$r1JR&CK`U8N>v593h
zd-D^rm`14L1+~D&04x-78&kF?KZfWCcj-s-?Rb<qFkTq@3Z`=S=nx4Da%ei(f1y*t
z!Kod?m)dBcVEvoLII2F-704MhLSyhfJ+w4}T24c%<Rs`-bR&XH9$-ub#Wir@BCxSR
zEQrP-2ymg88SLUy2;~8ITTbQ)2hSsKHK-D7kmJZfOMkpR__`lPShUFkV=e46;G`J9
zLu@p{_6XW+#Ff;bz5@va+CJP02|{Q#4V0I`mSzR0ep6FeeD(=nzWK)#Rt4X}g5qTH
zhQO{B>Q4|VNW6i10wfko1XPEhG4BH78*kLz#I_0sM*sML!@(NC&u=9mqhyqXXc}4(
zaIn9z=tDv$ZLz<yh~I!t7uKwT-*_g?)!5cj_?KM4T#Z*6%_PazgslTFRFBY`^P&fH
z;T25Dr*_(KOGS7_?0|qM0AY=)_V50&7j=BxJRCecBp$FV!dG-?Cd>sk=P>S}MocQJ
zV3!7r20RIs{O@repROSl5D+j30H9p}pj|HD9l$;!SYUtTU<LBdnhGN(l2eleh}()x
zQXZ5B#vmk-Ac%?Rf$(u+PX=+t86XtqAH<yScTq5{$E}~BepAJvN&kOU96mP$6$K0U
z8MTz?%)g4nDGq$rFxC>JtJ6dWv9aiArwDD_aj^@8hHVkzg)Gpy?m!JZ+l2U$?g5^|
z8ConbHQ+#^0{ou@ArmRSN_@v0z1{>roUqppYcS+a04j`)?2R)Z96r_;*j^W6Z2{~6
zOMvj;n=%arr_RG*1`h%bOc-Ej2Lohqa^Yi}enPxS(@&UoOqqU8M=69@){q~IZOs6a
z4?Mjb#(`UVqW7NYJz;$S`NO6@<S&PD67LD40HAktzB^zVbq@v`m4Fw-8PMwpk4Fj3
zBKye~{0U6sVcmzv5rKoWk&NO)2FS3_i<06(YnsSOq>#Y*78hJ-8VU@I&l?bPgET>t
z1N=fJF0zm<Y>S}1IpD}MP$w3$cg6P>z~Y51A3z%8>j=C`JR&Cufq@?>%8Oeq3I>yK
z#z!0i$-zMePy>N>*wo@?3F`pI!?uMB>trqGVR6C;1Glut*i0@1pWlYwMY|#R{vrm*
zfWh7lOumpx8i{aRfS?{Ho`66DBOJ7xLv_aG3&;c@MI;8oN!Xvf3R%4Yk;20bC!CVF
zF+r#!vSq|ijGnwDs>8*NPr=!!e~+=eM2@3u+1&%lc>a38dIy%e_!CZaGyqcLpxv4P
zB%l6B1i1*F<p1}_>P($c1x8kcbmD@^!(<4Iw%8kd=n3o?AZyyG50(-Azy;C_buSkh
z)nR(^-~EFY3_-&Mgamj6;EyE0#YP805GN-OSeZbSR=DBf<>%+Z_1(De(gflJA6I<G
z1C2BwV9-VZ(MXm6yqyy1XfxoC=UtPcp3tKs+yaepK$ozk2BFW#pCfbO(W&RS?3jAq
zj<FCgc$1J89^Ze2Go=ALut$oYyG2R|)5eL3YHXLd$V@;6?5gphag#z+2IvOuNuB`a
z`e$?)^-)$Z&Y)_8E(~MIuy+^mQ@()cputCoJm;c3(GDM6=s<jUz7lx8P%Ee{ij7Ui
zCZpKE5-9eX$=K2m8|Nn|6Ev}t;t>^(i$^Iw7B@0w<^u;C*gFKPTaYPtkc|S2-!KZp
zxC~UFfmWcL$aGN%5iL%3@Cc6xf(9W8P3&OPd(s#W@|PtfG4L0GDv)V#A}2Td164>w
zKsUp7pEWuo4Td2y4+l7&0~>O~b_z(q`K%MfjR<}NYijfcjJl8!7J7Z0g+A2g?G5(S
zf>LNUgDkvY2881U>^Vh5=Ob)_SU?u@$oLJ;L&VDheusjIry$R)(Sb%ljc76r(ZS*x
zMjB*w4d_I6k;tM-9qeRLCAoEAxP=K3kQOqKMRbDNiCTclLX%8&F0hrw=SFyR!u$$M
zQ&35OZ%!K+QXw%rCEA6-%Yly&aDd@0o)a?t#LwKLAayCx3fKn)!xUr*2dGD8Trf_7
zSb|5$h!nn-j2a4Uf#VaA`xH@E5_AO68L}M&7afSg4;+WyVyxwCK?oBC!WI<G($Vk+
zhBRQ026mu`I&pCa1y0(5;`sqv!6F%|MU2ISYygP>f`NTX+yKX4r^Io?oQPYU^v8#;
z@vU4anV9%MBmbEA{N5l%GT^uVbskcf!{I*O-g)9kVGbgYgsLH;guci^{DT_cQiq#^
z3;mI}K<dIXT;_0ba-nVQ-%})f03g0^2Wk`Cc?q{IKqgIq(n;%(S8VZ*pAC$$h)+}F
zwph^VxrBg%xflEOpQa9o^&kqAiE{(ExFTVO=4t=>6fxXy$&T-f;G6JJ0vc-wlLXw*
zgTOan40RpuI}uC5CK13!11G)#zy}9Na&u#V4AgEQ1SEbYXNdSFBn;#*fDl37KgSX<
zsrX}L!F&4jpHJ8cf7kdQV-YSvPm=_@x&Agj2?GuzEQCNcvJ+$gakd+NWdD?H5VVar
z+l>R!6Eu`V4J~}UfCa%YW*X7mK!x8hG=pRt1>vSxKo65PLZI>9kH`ZV)Nr!!51DgL
zeaM`1@<Zk@m@Fcp%)LqYm<oBKEh(Tan4Q4!XhaT1f8Y&&4yIBl=R-($Mnbp-UgVvc
ze58W+FR|+eq61n8E_Cet;Jgf!&hfvg5#U758m$t5hmn*=ntP%$$B4vW6vgs82N7i9
z9v1l0#A9S%1Z#gdF%S*lFutL&;P)5Wp;T{ZDD*Y1-Y3EKHsm8>y$FM;KTMe+F)aTU
zVfZu=<R6ST_$S<vXBP*n0cHm{#c?2g!|y5uz)RF1Ulb__RSHG{R4EPO`5L%DrI=*A
zQWS^;Q%h7Y6L<j?!N<+usd|Bf2T?D|RK4KcAN7Js`XA)afn4p8Y!URCvQ5U9V_-`%
z^&wW6JWe@;!FgMtMna~H2&phwAgu%k3wI6%CV&M4ZkGmcAdH*c%mUKmVi5*HEE13k
zH(|gBgE4NQj?8bs=Lg*(=O(zo2UyWX7B28^4RJ>%?$C!?;h`LHk%q5Az<3M8EdZjq
z$sm-7@6&>0W)}`eSaGPKs=#1_6p$P?(*-f~N5cPrypXz>Lxds4laBOr_~}!8$MB2D
zPAL-l3L4Nf5lQi{NW@#D#z1o=WEu#xj2j1{&-!q)eu16fW-=T$!p1z{3?l>1!TJv_
z&{9Ao5Cs^BoBtO2V9-f|j)CbLtO^j)0kzOfgnf7dFVJ!Ug9c%^{WsjB?+O7S!GaMf
zY*9oM19Cv_24wV6F;E|%Wx{%V{?8h|is#9R(8B7$Z=^U_weV?MXoWXih%+l#JqhTm
zw1`hRfx&T)Ba&eKq(LPR3Yfs+0tvVVH(7*AOoJ>&Gohn!12<H4!Xy?^FRBzS0?-f$
zq|JpY09AnakP6&B;YVaA44fdDfWX04@ek)Rh!0kgQ;HU}rm93W##o~XP-9><@S{K#
zMjvm$9f!Ol3CE$S$|KC+Naw(1KZ_)2fg^-y34!$5EU5e3f1sT`*5a5KA$n#O845(~
z0SVyAG&Eu6V^>}T1{I<TdFSyeaAOF0e-=hq4*y-)e_=ZeosL`vrwZdlg#jN<7Ixu3
z7Dfyje;4*|k9FlhG>5P}RT$D*LAOj5mhc}7`#;#S#Q#{>|G}0e|J%Z@{7vmd<C6ZO
zk^kInY%+&r&~JZr9!}0^yg<~Bv5E<T9-boT_P+?am`%{!liWB((3}K8V}k!r)wk#W
zbA5^a{2RajnNt72??31jAFx3b<I?0m;x{RZ5E$Ta$@Z^ABOWfbCh>c9uJC_vj0v*j
zAuJXMLQ#VK2&5x{eNI>cKgSObg^3g*pHB1~`VVzHOy}AOxeW>mbczoeUx5W{Nkq%g
zFG>X|YGKEelT`^Tnn{*Kv{T8+CLR!+aC?VS2tQj2KJx^Wgr2dwE<l-GFs7goYrY5%
zTHyJ{!^3`5kzeR_4~bQq$-M~sT__aGf!?ur*g9QqDemb){CpTU{E;}gIk~xDWP6Ab
zp%r^O9)M%DI`II!>cInWV%9Jofb$)|t)2bN9<(S8fKNie1->eW4jqS(z$PhfaVco~
z2&yZr0>#nT%ZWZi0vLpUWbPb@1_xSVa6TvQ)&-_$5dQ~Sz(U*eK!U+mJ3<QX(1Rn=
z8^#TUP+z#Rz=n?1ex92(8;!)1zF!$6WGEbfk1t@i2AT^PQ}H1hjnwdp-6g^7oWk()
zZ7>$jpvVaTA932*1cVnhOhPkfSiOQG7_AdvCnO%FhHDD@8i}p~puJ~bli1f7*dRf6
z4EW0i)G|m^i#qBdF<L`gayX!O+KF4hAaWJMi-pf|<JUa=ijWHncKE&sc#R=igQgV2
z7>wqHFqcF~sYDTBScHR1@%uZll4W(`8N=2wDgrGrk^9-?s0i8|#2APS;RQ@2VGo#)
zf{-1mHRRR+>knu>iUwDxJ(@+J7a2$i0M~YQu`TEd5gu~Dlm?FaBPbSJN<cY;R@dIh
zj0;o2;Jb&g=?gxwm=cDjb}-S$m*Wr(d5Yt4kHKZRHJn`p9)=j&C!Pkg4mh0(BZ!(4
z_z3-jnSw0Z$b$1Ai3L46@E^JvmWT*8i^JC#Aq_0z*`BmO0pR|LJYpaOpJhaq0}~5y
zu0eCkCFn71n<16GAi5xr5V#;`I+QIBXok>bGo)Dts&KR=gyE@y{=l#l>}gSL*e!$F
zLZyJv`B<_DP;EdxjatBoYQ7vf$wF?R^MK8<KY5h{z4j+61@lliGzPXiIAOyB*B-)p
z7xaZ(JUkdItwFmDd%c9F3g*R2;e;n#U$Go0nRqFKrhPb4mlF?`;*(&MZW&q;L;Da(
zAdNSs4efmm+GOOzI}iEQvC+&8D@2>=93%|&J<^a?;(d?odXZZEIrKbk#);H4Kud@!
z1E9Czj9SF}T(GYTYz*I#hRsFvjW|F9kStif0gJ=B2h=zqM$u9Ywz*I`bnlC1>hhQj
ziYt%FLQ-gh3MPYM;Vnc?0E8-f1tLgbKG<%?`Kt?M1^cVeDS=Qvm@~oBA6%$F;vy3+
zXtIrn9~3K(f$=8LHL5Ip;&Jli3%Cb!Pc~)21^=Sy6pbuLMoY+F1Bq`W#Cb&`Aum}t
zq6`_zK&Egi?rIE{HHa4|WFF{bF4lEWpCC6IKnbX`PzP`#Qw5YOL8{<_g);FbErQ(T
zG4wSa97XOZ52B$&wnB@5GNr&Pip+CZh%_H{F42e3bzZRTi^v^sGY7;2eJ4&JOA+$O
z+%_mPVaNaz#3>wSJ3d&`u)7&$1l)lWG2U=soT-Mx890yyF{c;8NgFky6YzkL%EQL!
zAp)UB2%o4yX8#G1=w$Fe5h;&tArL9cu@TW0a{oZ3uEv(I8wwetQ%AYfP@~XexIjEW
zD&Ale8L4QwSQUVDK@m?jHlP&Hqx=iT4G_Zd6Ri=#<*}Vo;ARhbA{wNV`Jl}>1}96w
z>jEni=s~<7yeFA#!oqQY&X>otWTMj=KnkH_|F~FnP#G|b#)<lv5L6jji8u}f5L;d#
z5yzH<tQLsPk5?VzM8W`B!$I{Bm3t%BgHZ%b6xhAN^?NrGe-i*P2+tv36av2hezx-$
z+=7!g8fAk)bd&LFN+7bty}xj#0Zu2l25nIiiV!Ftm;f9SA%OcK^2ou~Ae-C}Gs9Au
zbeJG&uwek%NXBfyxg5%x1#jUZf;@7Or~}M!gP6tpZVBv=1N91l<V8A8t|`|y=x}g-
z<6>nJC_|CJ(vEOLpLCC#j1vLo_ynSOA>O|eSBU2bF$HEPoQPCfaFGMy79<h=RaBuG
z!(r^WeG4Fc83&vQ{J$ZVz=j0xmXUuEOCWXe^JlnN;JSu{7*qyU54hJ2C*k%FPq<(U
z67M()dIkO__~0Iit|&h4<N`IO1B&6Ek9E?U3we{n_8tI!MiM(?Xi*X#<b%h+E#HH<
zSfV1PNI8roFD_xx{v}TPKpQAKUl7spoY3_U24T*JvmJVjx*KOa5a3)$ZQu*;oapRG
z{05w={&1F?WsM@B9H9!}c!Q_=jZx?c_G}1V=iu!EyDYd86OKw00v#ZGaA8lC*b^HV
zUijd1DUcrZ8X0M>U@k}8Nuw~#f6yD*srd{z>Hq>+K#2JCw3w5HNRt~T(u7hC=I~Hc
zbPTmL#A2&lVA22o)Pihse)>OOK>pudkWJS2zgduVaBxj7$YALOMkM%#33NQr4kr>D
zvXde7U@klWYJtP92qo2&qKD9K{@zppO`Qk~mcS;{kaWORR4^8!B?^e!DJ>N&-}t1E
z)(yo)VaOb9hXDD5nHfa>BgK5QEdnu+P76%FfSV>0K`G?PM5xNstVQ(UGK|)V((nSf
zY#O@zJ3nGf<r9HZvS3sPmPULoON4Q|K{>P=1d2(-l0d7Z8L*+lLNj+<4T+9SLnj&G
z3zxiTeC3O)_|Ta<qr^g{nww`5x#$WAMh>t9O|ZR`=c08P;Q%|e2Z4}>7lf4Lz!wOE
zgf$Jvq`DCh1lo4CCK4$xai3&d2MIz5^mu4>0=h?-f{}2QBs>K@AHGq+eoZ3ulQ3qp
zHI7J`kFNzl2|#E>LCX*7cL)O_<sd8zK`0q?>8OY3A_qY5kYH7T)LwufBzxGJQ<x!u
zhELts+uOSmgb+GC3Az?pG(%QMBtZ(8ma-~y;2sUJNP-|#qmIY*XP}ovYE38=x)VMI
zNOUJ?^Kqh@jDvc0G7gfB?4}^yKdRFd?GbT)6CNluU@r%v<H`gzcCNUR;4c*j^gk$3
zK><RHPEbn?B8(qsx)J&X4(|Z16E68d(1QIBA)*1<=pnQZCWfF!z&+YwWI$pVSF^%a
z9Nye5Z~+|XqH;)+&4k@4f(O{B__LXll{O#};&mgChq&#JCW!2qTvzAC5Q-V-Batjv
zRs)6h5EP4t1BlnZX`2I0F!5u$KmrGGOe%RnIuNuwDHAx5Odvyr057lyM92g($_LnK
z(WK&OE}~(gu|TtU&!c|%-8Uc-ATgZ3H6<6IduA;{*ua&ph%ljTvv6H8iU==2iVzwc
zKpL<qbS1Heg7YvQX7lhr)ZCC0fqzcm4T5*stw&g4V}gt}<cJf(ervE0y9+jxes45@
z_MQa$126!i)`PYM2}aNX{iWSxZ#?`%13o1fK{P^qNCkp!QUQ){Jrjfp+2T?0Ui~`~
zG#PCa0YTw=NB^C2P9z7Gu)p^pkO*V5DZYhEXxA(LP0P^y0W}HdN)pk%Q~MG`_d=!d
z?uE%6;%L0OTx@|4Yf#iGqE|s5gQOUevm6kHn1oUhM;fkYM0S|}+?GJNV0Re4k;3sW
z9Ycb#3Z@Js!B<ms3j1$F$4t^G9B#)R#Yng{4WdUls}0dE3E3K<-or<WDcYUvHiCAc
zuBd8w<M{BA1T`B58Fp_=6R%*yj@_F;qA131B_lf`n1`eO<YPxec_48?B6=GJ9D>e~
zt`eCY|4Sygv;voVA`>Fo?@aK0Bl_f9BtB6k@SJ|L7P}jn|BQy$1ZRjCV$+2ffpAn2
zdu;drrVv~d5EKF@K;m-y9~AO`ZRd);ZS*(E6C(^xErS1O3QjHm|A~D{lKn;SK)I9D
z4)W-KMC~BU*u*}y3HOlb4Dx?P_=22ZK`a=VMOuI%gCxOV4tdJ(|K-1r|J#4~fdv2M
z&rIT|0^)ZuCnp`uZ8ZKU)4L+6!aFgn!aEdWrJUjt>{7EccQM8&RGI=^k)gy?Ha0Oe
zxA4R;jJ%D6?I)42U;rm`3tMwjmzBGWZC%YZotzw;Fl;Zx@n*lD24M~W<`xq8%91ep
zRua|)?^@v*%EQ9WWik)U93^+g__^SrmaVa+GiGV!a>&(WrKyA6Di?DXCu0|LTVoUF
zRgO*$?jG`P#?E%~mJagHW;VnV^k9{XhoiYOW@l_=k8$yBwz4<Ftn7~%+gh2KI5^l^
z*}K4hCIFQIKMFMXVbERS7XcIfP#Ne~frfsGSB@@D7Pbz?@C?5&=ujO;TXXlR0F}mc
zc5$+@w{*34HnuQdsp|k~&7DjS8QbFl3u9Ar$i&&!%GBK0$;sHm!qwi?&e#zWxthAz
zpgLj*uOfig0>IIqc-;xjVWSnt>qGW?K8R2H1Fs05C@mMJWA1Xu!3<jurE6F@ZFRNN
zvNE?dbG5fZm9{g7nwhO8J6n00lN~I`2wRX619uk^CJt9r={54?HS#Dx#(!j&;g{w6
z4EGrlRVE)jPF5iwpK2W3Prle}?!hLB)np4)Fd3R>?oM`abwTAh8QWXp1@7Y{VT+)=
zsmP|r_Vx}gWIJOUbMkWZw-c{i0K_Bz9naPl&xuWV2tg~!4)#zE-pzO_b?9q#4;ORi
z^+Z=`Ld$V9XrYdrDiiOKe_z2L|EwR;!~Z@q)K8X+1WO?d+k{%X$=*fwFUDB55+0d5
zAwpP9cC|NmcXV)qet`H!kZuV|=e*U*c8j^aj<Mqogd;sfENjR(TdmUvOzY#c#U`z(
z7C@6-&B<2IWQ03oGczZ1XJ=y*TXU=&@<sSXnDI1sav*Y=N@r?JU=h70UO`+$gT=s~
zOl}eu3A{=0<4XLZhZ8u#+dJ9s|D?hF@C?x)N{eC60Eo0q9n7G&x$s(I7@q~s)F#Ge
zcqaia$%vJVod78oPUi4C*@un<2SF}jkl$>$I+;U_9ZdfvN*=tQ3-8(VWoK^Z;N(H%
z3JeLjmM3lyQt(nywaCWK&gM=oWD8>}TXQo<U{lDLeQ|OH8DVEm##_CbY;R>tX4i&n
zW)AoRum?7FcDAy#N8ChqaUjFR$pbY9#RkUySCS_v?N26P%L=@oR}t7<O|~_+|BF);
zX^K>uB7>%=02e9>C@~?VpiF@vRT+P*ti(Vs=u9RJy`$0TR672eMx!WEP(lWkqClip
zpeRz6h&-r}Hxr~fimJq*DJv+`@$3|sR60XhiH2uNRi-E@(3uPcJZmVAp+r}pGVuKA
zN(`og5>=5&!waD)FzHmLqLMO|f>)GERi;stX-s8BMG9VNMP&ws&Y;tkl-TvBDKjZF
z1sWt&Vh~NC(v>MxDg%;2W<;};=!z6YCIu2JLqxn93QEvQWeOyxGpNe!#xfZ+23-*{
zpeaz46^V8$D^MYOMJ0%)NLOMKD4;{b7$C8g6evnc3d(GZLOqxY6b4;^p{T%QC^Mkm
zI1Zt$R7C|El}TeL10tw&0!gURN(=@?nW{hslu(pt1iom{dIiV`4VVfFPzwgs0QCx$
zt_b}FIEP{w45$i|!XVJ7L{n0P3NxsHJq0>VQJJEkKwwmXp`fI!#AHG*DpQrHG-X99
z6iFbLNo6WCmFdv0bVa5jgRZ0qr4o2nrYO^u=}Hu;k`fK@PlHUTiWGum=zs^hl7b?I
z$z(uZP$3sZrAb1f(UcUFpobOdbOpc%;2e+!l_NTWN>yMmQI9LppobWMe!w2&%_ciV
z29vG;O<*!8O!!9yqETirm6h4VNMq7zRA>hsa0CA+Kt^;Xovy6JCQ&N9rZAy)fFcTw
zLIJ{3qSI(}rXrhim8cX&I#duaMWIqCKxs@RDwRg3L466HP*kKTK^+moD2fyyJ!J(&
zU<@ks1G_Volo$$7PoQ)Pg{Fvzk)Z@>p(g;9IPo)?OsW#lG1Lp@J&J$@1qDc~sGtCJ
zOLQ@vPNy&tX)~b^AUcE$NKIoflxWan1P=o1(dj_$KwiKc3J4`Ay@CP|1e47_R4SDM
z#808o5ict;6ag_P2k2xbMVZ28D@C9iDix#vVq_&IO^HH-UIVUEfar>JHnY)ysT83n
zfzT1@QUPhueH7?<h!1JlEJy`bgBB|RN#UdnxC2fCb_5!N{soCZkO|N_lL-<5Q4Nqb
z>U1D6kP6TqploP0!LLC4%Fs?AOe7i*1p_qz>oS3Xl$an%6xdu$1t|jP0Wt+@!U-Cr
z6bJ}9u#|!_NEu)kg1MOxVnB36SU7nrAwpyTDNvvsC`N(7W_b|$@Tb>h^uVf?CKkXU
z!I#t;I#v*}pR8WyH9hL&3~t}<*m&b>&Kco33wMmY*5~OyP+9%`V%UzN^Xc#0_kP%L
z@krjte$%*!=5pDvpt+y>rL+fQ6n=O!{Re3-S6;5l$bP=8LRBT1XIYl&jJ;1(!k_4k
z4D#NUPT5m;PkYqdT->6-AZpWBd7<H39)?FM)?M;?eWm2NvxkVBT>FTgL*toOv3q;1
zdN!ZAAkOO%$$h(UMN<1Y-#0I9PrccA{=3%U6h`gV!X+2x@GTY>|5+4sR!770&D(F}
z>D^z3DZiY&-1Dr1?LrhYw;xcDFDu)Y7`^}W5Z|>^Gv6tCyUXP+-f-)>#fqSp)P}2z
zbn8{N9LdqAkjLi)t*sDWE?utuDniU=P0!8exk6Vj(R1x2+uUEA-fYsN_w-P1w_327
zlb=nNg2URwE&f$=7jD1$bNV5kD6BsC?ETD7FD;gcmx*$0EUElCG_2CHd$Z9uO5tXb
zolDHGs3WPq@&}lTWtT6q0?w^Fq0-WrdehbKRL&Nj9es+8hT4JZO%eQ&k3I~ocfR&I
z$+Iyk@Z_lA_q*>t%o15Rf73km@ej#gx4OA?E}h?!W^^G@bj+fzKuSL<CXXEWka=pu
z`C{y6o}#|tLHh#zQ>OXB2b{?lC4I8!-vSqXFuC<&6(cO;Zr9>gl52l&>d_UgrRxhs
zzu7aEEV{37ZG*guxqeojO`L$Qy;W)D#n{on^1haMp4&o8>elx;@>Cv?vtJ^hvGJqq
z?gQ50JY3AW4zt~U%O6C4>i@!}#K&E8OLX0UjH~ypm4_5+G_?J`*_=Pyb2vQdgXE&l
zaqGeBo|jJ;Q2qC5M3^mWFX8Sp+Oy^2m7j;4W*3(!ge>!yzUlBvbN*V+rupx7b&h(p
z6h2PPwxRHt+<q8pJJ&5HFlA$CwBIfNl8<+;`@f9*mHlA8!kUciWy@9;cFq!%^a`pR
zPF%7{u;l6U!@*B=x(-|!?&oz750Mqw8FE$EIN|G4xt{ylm-1<|dJlIr@0VK5CqXT@
z=f0YlLzM~S8OhoxU|MEZR}*(n?3ZIUUw-SehEh5H<L)PKCal$Yk{WWC&*)3(lC2+x
zBTi`zpWgcEt3dIm<yRLi9bhgtuuXq`r9jBy>X-Rh4zj#*_8T7Q420Dto_(rYr|IF_
zk<xG~N%lqw??>V8HRsQpi#B>)u5~iW+%%xKVA}DYzoKs+Z15B=of+TLvt--zTjf9U
z-6nE+cLp1u%XiD?XM9`Rl$9tZZ9R1JOG2w;FsG}KPt-lhTn!spXYS2Q95k9AzV-Z0
z>lax6-SX{Lx4YIpCXM|URMQ_sd}GB+wI0!w9w+rw3D3Cg?z&^W&6$>610EcgK4)gR
z+XT)O@Oh%Kiyq9<jL~b|Rbvy=uz1=N8`jXdUF8{P`iuO^E964!Yi8Im`Uf(fe5TE6
z`*u`WRpJB3rR$M;4SA|h8@@c_-S#%s=S=6#Llg0#!fMwa-Iv-QDxGW4lf1C%CO@CZ
z;_|52rwm)Ab7#_NveN`wvgOAoLNzv=zG1svl@>bf{+#dMC$7(qefQ>VxTV+A^tD%1
zet3oDE_`@4-i`IDX~u(C?eWBs7#WRxpVk>|>vyTCNsis4dQqcZI4!ZU=u?#4xZ{U}
z*U-A-XPO4NG4u7bXBH}52eLyXa!*<Fs;z4&4^z`lVC=eP+J5d5S5KOT+ulQ4rQW!1
zTj$TH=f3oC_UywPZ?g94y%oyjT<2e>v2U-CPn<qgcK`OrReq7b1Uw9S&Uv>kh<z&R
z>y)8fu5;erq_Fdh#YCuBYN%+f{Gzo2<8Nc+)h3(`8)F3%ZqY5?9SiZ22=F>I=Iy=p
z&WGC*3niQq7h5NCC?}ImZdhEKkh#3oKSyK3djI<wB_>$n#K+B2nQgP@&FUS`ELdw)
zt?K4*<9=FhXwKn;$BT5B1;YCEQpZGMuZuO_*=TK~m8`e?#EJ_$y^<10U+vU?)N8mr
zTRGktxy_g3b}XOX_%Hn#=f;%hd73U+PpzzzDLIj?ujmnwXmD#VV(sut1Ny2U{o9*w
zm=-Cz9$Okc$AL6Hkd=S&(wZec;o^Cv&+Be`WX?XIRUb6C*i9<F@BV^${ech01P_Y2
z9yt@09DdYdp=H1K_eO@H=&XUUO-1w7-h0cuE;{8qGG|YQheWqXKv-UJ|FuWW23M5$
z8>pePvkIQSOJC^6I~03bQ1#cfxR%!uo#)am?^|P*jg4imI;HLQ%azu4mZ=+ItmG#_
zbL|71zx9q8*y*{eo!iuK<zk?<u4{_&)s2Uu!@lhEdd3;8zT-ZRubn*UfTu@nXn>E(
z<FuoE-L>u~zqGe`UC%NT2ndVQUNHXTHLdBvL8DeL9{sqa!B6{_KJZHJRM~%e!N$JI
zjajQk94cSkZ`Zz_w)C0w$7hi$AA|CC{|J#ZdT78`^n`Ei-6Ojj3k^L)*PODiGn=+K
z_{h$IlhQZD#Og2c|2*DgxGFO9&?UP|FP<N--*U`wy`swZ#~gzEg0puT{<>;6Uz>FI
z=$+ST-Am8z9J?sapB&FBj8lvgNp#HXEv_-ye4n$~lvG{WQWGp8Z8<90WT<ZXveRQ!
z<44=MBWf4A)W3-Sn7t>4v1?q15h+rY5OGcH=st&acUE}5UVk(4lX`s9pj<3>`rdv0
zwsoK5&+Ga4EO(!%(WN@c@Rd<~%Vf=@6?avPrj%`^YWJ_{?vE{JypD1c_h&phaAl^J
zaHOie@1CRjZ)AN>e~pb1n|ZS-uzS_BzWEB>OI<2Yyx9GI(UBp;+U8-^Z7~~}4t>#K
znR+&^p1cFXrsaEi1XFJnM9S8P?%CAyc--#eJ)Oo6ulGMK&2E!FY*yCwHGbGg;q3LM
ztY{sNvt|7W^gD9O-g!wr`ahD|hWjn=vc9-&NP4c}bR*%8-<%O6@lD^e<hlY|8>Q~L
z%1Tg`O)eC*DjDVkow8v>&`gitTYYLt{b`rB^Hffb_zA-+x6BTIyZAW6@5fIc4j->C
zPd}9D-0<Vm%Q*T|y4v)W(?bjSWRr|K%VxU;-}YRr-=J=ED`jowOK%^(cP_)H%b)IW
z{~&Z$Z;o+F(86$AnU!IdyDYXl_U!X`P^i~&xm}_J`}&Heb@-``cZzIt!}OFM@6YEe
z&Od1KOL}mP$6NG)l=1NKt3NA!GHOpA<RkC)w(+nv6knU4(ma-@!tKJKysbB#PpuhD
ztB#L9!!twUM@RV&qcXRwu#svF`Hi#n$HNCzZsyExE%-R1EukYn`-Qmc-OoYt+%v>t
z4Na5W_qLcc7Y+})YqjpLpdYK9b2xC^uPbM{Sd0LDC`o7Sm3NAUEz@&6rziS(NAV{&
z>@o6j2^8HuuURXjvt;vqRYzvZqZMsAiGBvnF}+PMWV9~xm>%V6SiIBCXX2cCYrfc)
zT9x^H6>`h;&AbXDv@c2?EU6>c4Z1m7uU*&`KX}UNXu*k{>%J@xF!75BS)a9dTb%L5
z-m}*fmycUAueC(>zrn`1&8Q2jN4}q|dCB$S@maN7J}*yv{?1%8V@;4|%f@`&Z0YC&
zj?4`~vjwm0=D+Yl`bn<Jkzk&AgU`-BebVhM(3ZNT`@UF8Q%lCE|CWV|9&Bk!Ja9|$
zET_QZubB%ituS)+h9fJ?9eo@8U0R$wS=h+a{$(nvHO;SDYJI~Dc3_7^4vp|Px!n^J
z7*8!2v`{-c>(t?fD*c-Y4IWJteYK74TRzrQ#I{DfS(tP3n6>WS=}Ec8tFU@zhm6=I
ziPK%fGx(mSsZ{>tY5o{rXPPEyH%B`(Oq)^`ptVxt=P!R6*Vd3daVysyncW|+eevfq
z)zhy(4ylzqcsyT5<Hg-$BO&kh46b-2dpqDYC2HrlMuT~jQJ2zFH{HJkuX_<0N4mOj
z4P%G(+xJgsl#p4gZ{LoSsjq&g@jN+L^;Ujtz{i`FqX$-tWH0M3N}nxk^d<WJaN*aD
zEwf!-rq1XPExvYZQLY(%-zM=HyM&*d6SH{rf!<$^Jr&BYi@Lw0v@y{pLOp#@ZQFLk
zwc{#7R#pC5#iHAn&$yggFl|i0hU@w=gLm0ZC4Hyg4{vz>uIi2O{BNPVgssdi7Y*!*
zNOJCo=p4B&r&qo1w$&j@ae!`f@!U_H<1<&^o2$-R;H>ZD<Gk&B@K_Ar_lx0=x|{m8
zn&~bsyQ*BFU8MC*^OaAk$#H4hoDQF&5L$3akd0HiVPkal=0G!Zn(C@dd!B7GzMMQ(
za51~=*RSbE^#p1!={sGzVC?sVaqwWToC{CcX;*(u($ATGTuMcYnKL%Zz2DIr&H53O
zewQm%&TsbKZ%OHwe{5IrdNeNezQb83ChpG0cWY;!9y(R>p|km+(Yo7To*fi2u*klg
zu{4&K`}<ky^+!b_gR0RDI~=_>X}Nv;xv-`?vbU*pLLqHvAgHhK*W(MqKR+6`CRT>p
z^sY=b`&D~N@0fi_-Mu{Ln#-PzKi3{LJtQt*RrY-=-~O~|$>luq>lSTKGoBM~BJjCs
z+a~*s#b>R$g~!CJ#~OyJFLwm)UHY;5WyI*4&k~)kd$pEDj}{$SZL`0_E@rX8%#Y`<
zmwq*$#qX!EBd}a<rNO}QBx@J1JwcY0X)6YwOYAP#no^Z9Bvz!x+}II0vkNrrI-kQo
zyy()^nlD-+CRzKvgq-JQF?&IGTT*n-N>Rz@F0&d1j2_U2{G<<@E7>JIGd%XBP_g$!
zRz~iP8&<Xh=f6(87I|k>(JDG`@!Q*`BMZh<&(?*;pTC<u^yTceWBF;Lp_H=gK0gbi
zZJhI8b{IbVdi_{VQr9iBV_FYi*krC&_Z)s;(>48TxscqYGc|hmn`3Nm`z3^5Upb>l
zJGUs~C~w8R!#x^qMxL!^3GGgsa?RQ#Hp~dpK4!~((8Ry#Li<{wu9#MN!wdInzOK%!
zuG)H5L~=sggMP}xy&&*$iSl-X<xZ~}>y18ct`}kW$_AJZ7HmCV^{aSb!LP{mskFXd
z%S@!!I<J$-Ok3+2*?4e=>fYmuJbeDe%K|JKBu;)?+LZUainlIfDSf&3glY1PVU8CO
z*8_j-pxmY#P29TwCTD$%J2|J+^4LcfQ&sMV(3ULU&5@g1D+d_Me9|u@%y`vee!%0R
z05#M1v*|gGyRCDyCvJ#o=^TG-K731Y{a4McAr+4rH|wrUQJoV_>Wh8y`tT~hssmlh
zXPYjJpERr7vUh8#jPnu00LSW6o|ldfJB*67j`CWs)?Zq3F8K7;=pcr^z_&oIz`m=p
zg+oi<l&<vcYjDZYT+!We?Q(YBv%Z9IQS5$@po+u&ZCW;0YQr^@#MDad8~N)?--_`(
z^DLUpEh%Cxpx#iH^*q5pY)`lRVo~i=TA7K3eVJ7|$99K)&yIdB6%(<+%zWqP-ckAM
z-*(-KSaHIAPuYoOj?!-5U+pc_U(>Pm!*0gVyqY6@<3S%6+X#kBy&K@PNphRjJ$7ZF
zUo(V}eX#e=>42y`7jHhBRq$ahM}5bP3wo|Uzi|`<%u8OHSXH*;$;pi7A2&E(XC2%$
ztfgT0e)FXryvHtU#I|<G@0zBT;^>eX;Vb{H&g=A!n>NC_54O~Y6n7UVmc2?#PuH56
zf{{;LTe>ivH~0L*TG?sA7FbKjDtG5v>4pQR#%RK;ys<zhm0e+D@?Kvr-JED%ousy6
zTb&Kv<NJbw`iu(yO|>Fl-`w&$*;ceP`Pcon5&7eFPlXsGdGBb&(ut))P973#b<eG*
z8YZc}8>m@+uJOF-mK4{><1PVB2Qx=Y=D%K7e%0^(vBr%zUUyhsIAk2#n7glMT%6;A
z)UzELRn<3D)nlFBj9sc?Wrta|ewyE6c|Xzr!SmF4{5B;<ch8gW-!Ap<#dZoC)pPe2
z7nU7Txt7(tn6zvrbKQo;meK=@%&!VK6()TbeCs#uNF^iEYTdrG)4TXa8!u#pMmTER
z<eGksA}T3ZSXCA7TpS$rzG|bxffb)>@^9W$+4$M5EbQ}qK}O*f<^tIa?fJv4{RMfi
z&sLj0t64(Z@q%nCDEnr5E_3gRjq$q=>Ya&P%)968_V$|LguOoUN<BFq{Tr|5nTL$p
zYErvKHKgXo$cT45pD++NtG^f`ZZliBVsx1AjOr?>wI{Tk-rRlGJjjp_$`LNLZjfxB
zzR&HPf0plPZd-3bRifyI-k83U$i5w=4Sv!l*Eh7qELKhJRZf-Z^UBCwoitC#t3PDA
zSwKjBS7LLHG#BMilis|*b+f+@4qo<YljmNeUY&7pMabTwtiIqB9S@#*(UEYaLMqi<
ze@Whhhk{+@LG7h)W>l;@s4o`ceP?>Yl`D<b`<~cOFIt|EpX9njWAENmnxBFMn$29f
zUe=0Qwhj-!c`~^2EKhm(>Dl8pMyI2n=xFJ$oqMP7sPjO)U-8m4TV9{f+OohkW$#1T
zI~f*~&52Lfw!ShC*E!6k@MW3WuMo}*t?q2EqYrD|sKzQhEOX-85%V(oV4SaeM`(qb
zhF$1si*?b*zE!5~YIYvV&`$A~iM@Z38y6#U#55ynhoO+c+)5+;J-1Kf>m3s<O)C(w
zUoc#pb@lMeghS$Oy*-X~Tr;Du*9q}vn=CrKG+avP=iT#1jn+P@)i1RY$}6<iJyvu)
zt~i)mWySJ4BKy14ujPh^7=3no%e61g^UTeV#|!o-U1JXGOVoT+n>S#2Ex=;c-IrRn
zHkXxFo;%n>dNn&~t;*({#fxj++$vF_8VAki6B0OZzCYVd+&1&fapfzEw8MfG%ic%p
zOWo5Ocz*Bc&Xv#HSWk3MxVrA&Ijc`1p!ep()<=TfFPg)htzxC6v&?!lHrH%D5asXo
zu)0D%w`JW7!6B88d&>&6O`e@!)9)M7`k?PjZhpV<i?N4gn`P2IX`f6TnETSQBvM&3
zcR_wrTce|YWK*B_$dC1#<*qlLJj<bz>EW{^nfhbafo})ZFHzPf%{1t;=U=B1r}*Vt
zbKMWUfVuVwbwNUPn9rvh{y&e?^_$Et9dO%tqVrtQBbSQ_Czo^n(q=?GOE5UHgh#Z7
zOX`bH*$bc5+wTrOzTzMKO<mE$DcU;x&JGn<jR&*J<04Lp39sQUa+Ns~9)-o(-DaA;
z5Dlu4*2|asR^pA_|Hyfu?!%lPUmp)1edeN@BzfNV%dIqt(vg6^`7^@J__}X((`+BU
z?WL|rHI6DguDzhYDRI5YO4`I~UPH<7kiqbXD*u+To4?BWHx;BXXjyK>*E0h>4wbLm
zvhTIdo$|=2cOn8`H<OeSgrDZ*t^RgQGAuIq^Tpe~zIwv#`}q~0OBdX9$m98xYA!o-
zdckJ(nJZsE)?BGk<gfa@K0w!jzu{K!#x~{IsaB!ieq~A53r>8vDy|c-ce;l2jq=uk
zvc_NUIw+K=(Ex!%)bptY4Aw!%z_rIp7%POTe*S1Q_MPF@kiA9Rit9)iZS5^}&+gX9
ziYLPPx2rbAsiwieewDjS$xlzxN#VJ7lkj5S4dNSe?xts?Y*m|ST>W^3`Mfs<VnvU7
zms0t1B=(xAyxMm5yuGN;WyiGwZGZeU{NoQ}ov-E+Bza@3baYL^SVibsi?QyZ>lns*
z0#^>Tc#QQ91$3+7gg6wC9>G|r?{EondPm1#tSA&B-zvvgsVF3CGl;QnpwM@YD6kZT
z5SLof`Vx%Qf`THcEj@6Q5DG4T?|TkoeTE>n_Xzpj4UFY;7s5%@%!6++Rs;%jRooX3
z!C043`0mPEm+~>zH3;*l!4ymIB^>OBZh8W_7T-IAv6|71NzUC5?zwRC2;A^`dx{k;
zZG$6<KBBv@9DAC(pFhSrSp#<ky9HF|9LmI4=ittNRq{YXqj=S0LbHuwNxrkxjJNOc
zoxHD2ofmd9)gg8Aezh=pL?*Ppk$tb`%O5%FuB>{JeXrXsc$3k_8=B0%PkFi3lIy|!
zPxsmPI?+-mHPwze{2=bh!wEMWS7hYgO(5=NZMolWVTjICx=Y;C?$wBQR_}V{`xU=e
z^IEfihVANT!I^RRy-4Eb>$7?9A8kBeiQl*QEg*MnES+CfHjM7QHD=8m2@txW8+#-g
z-6!ck6{CL8eUqX(>lV7_%Wg9Kxuko3$hLVO(0zAZ^4@Z#riaCkhQi@i?c!SPkGbIb
zDN~bO1oscQAH>_uySKh3uPC}3?k_FIPIWo#?>pK^I}r+{ossjt^djhU*ZflzhSy;i
zJXeV<*lJI?m~662u@l4S4N@aZH8o#yq$aFg6pX=PUMun)qn|{rpU!=D*;Pz!#=#>m
zrmfj>v}L>2@aJb(t@XH-KtQVS1L@Bzj<g40o|>LqLVY26*x*oM#Pn?M_9ro#VJS|B
zynC}#n9Z%a8~nUhJWJca8b18N!u0ZK>8F+l3&X-<x7%(_Q(H4F-L8rC?QOxxggNh<
zCf&_V4^tKedQSg1T9K$Ra8fk%<S8NR74vq;f4h1w>X201r$v{;G>#;ujgDMUF6H<T
z?9f+V(5koLA>$JVpLO*TN5Sr2Vdjx?>LzU@O{qAsr83(Rznr*P)Vx|p{YjR0!qBkP
zy=yPi&HV#An}b?AeOKgu7+v)tAaO*$!PM>aGzFC{5f{dn*xWm8Q?aHst!ZM@LiZ}q
zAx-72T0=o+!m7O_WafO%xl#XiILP(<uGP<)4z~}S7rR_8F)+AeZGY{<^&wk(%U*0A
zG|k9L-y$=9r-gdSbijJZWnE@nPw1$`xb#8I1CbglL__p`zPZlmQXVXP;(BvVVf5jQ
zTOCFkhP9byTOPlEK>elFs~>nvd$nX=xo}q)tGq16G&|eoML<f*m6?(^9?1`!SQ8yx
zGb{UnPMm?+n@ekUHg!ub_|bnR$<e6j#M%1I%hn%EU80haTN}(Yf0<W)@$<~0=|h`D
zpN?Ji`!)N8(t3AWnw6q`_PrnSvnu4zaP5rd^{TGg6#f0E^3#<!b9j1>-ap`?@O=E+
zGyhP}_idLC53DVfO|ts=tfwG0XV`CA;~}9w8sD8;GZsr#w&i4mk*dQ|R0Y1Qc#^$5
zPpG|ltkdIJjpb604)g5!A$<3In0w})D<(Pa-l4iHIlrzr#n0iujinr029`Eu^B?&6
z?m+?fKB~dVZ9CnK1#9*m$n#!wFMsV7V^gaq${}taU7siQG8a6UxB3?6mfFLub`dl0
zFTQ84mb5XO>)`4}?M?0m<459EWzB>>m>lh@Y?R+DmJsQ)jaK$BRV7aHu=;mN!#f^k
zZ%_1Vgw|o^LJ@A}E??>wY;Bqu6nlbvu&30z;!x~~v_;kJ1F9E$j=Ztf9IC2VAkz1F
zYj4xtOS3NAos)fiNL1U&;L*qA((Zn5l|k)?QRknBT+y^YvwWefab2dNMrm0DZGIcS
z{FkLp-`C7?o!z%9{-ER1rEB&WycbWCv(gE-^>Le)w<^eC<?BmLZq=QI8_c4F<Hzj;
zJ!6Ba^+#g5at@RQvdW}4^s6ex-H3S=vb#{O|6Koo!F%Dm*xM85uMNCavMjV*w(7Os
z*UAeA*1mEXJcTuPdX(9Y#2PHx=NB|1>#{e`p7wtK!<AQhKU!XiifkZnbeP`Ld)9Hj
z*&ylJi|1am&T{ipuNnA-{i3r1X165n8P?id_Hr<tzV6iatoiqO9dqVhw2kh2bo;@Z
z?v}h4Ts1aLZ#XZ~7ROfR3ZIsk?N_Ab)8VT*VN*eg)k`ytvoxP;Ci-s9gx1h8ub!q8
zl}4(eC+fG^9}J#-W!uM-3Bycbg#+bpH@OYP#a_0%bXSh|amAP1{Sx}wB=2eb^<Tf$
z-dpAT)Y)|T9FC-I^*_hrUOfN#-ct6&Gab^M8HpE*NwatUe0}no<o0Be;uEc!rRwuD
zkL{IOXr9WiUKP~-&A=+J_pH0C!a-gwt3A8l$6fJ}Fw1|k15*k-U%g5``F32&;xfZv
z%SvCH;{`|E`9F1PF``R~)JAEhjk-D?G|$JhSF2=p>lRLolTyhRVrAux1!rb1?7lqV
zsot2OYS^zt%4gUrIMlof?)AREp(MhWWvH<M6D$@RUi`ZBX-0APIhWacDuvP{`)!{t
z7kT_{RmY)RrI=d(@R?or=J%}+8=p}fqgh_E%x&%qkL0eM1)fhn|9WD#Y$Wo)&i4C~
z)~}~o7#vLNik&N2N|(8~<4tg=*UE2AhLs1pdP(`3@8{<^FB}_L@9KEO&`e!YEP2uM
z3_S@C?M*z^B_}pHUEzuf3_oNlmeAqPW%aUS`ZLY3>_YW5hQ7_2nw(F<!*$z6pIpn-
zED2wHMzHGcg?-_E`}`KnYCGhXV;e#%I`xTh=u`UAr_<I)weiv>%obnO;23&T%-gf6
z?45?!!i7f$tc?|Y()dl{ZOL;EzE69carY)iig2)JwSPtjBRPz3rqUtK2Z871p6%SU
zsmg3`w~f>yDR0}dB9W{M9iM*Yz2vdUT%L3<r#mw8RJg-h!|2+(dWyB*#TJ$*FLtXB
z9w}X2l%YO0Zm&0s>&WtnHuoF8PMKEmCEADPou2vSmr&cAB~3GZtE~*H4q6yoJMk!Z
z-%!<D^ATgur{k(_tA;q3v8^7fDq_ako5qCo$Fn&7CbSL42g{jFKHv40mqhtmRv4}<
z$r|)A{&du3Z{&+>N$1D*7c7tJ`aT#p<M8*$R{?94U5s5z42!c!yB;WcihT&)@aU#!
z@9OIUxAi+sat1|<8>9-d&+!}SP;Fw4?#>c>=d~hvPN86N($CW;_6|fQygGPfQ~X<A
zXW#Ofp$4;#SA7`o&1HquhAz3%e$9T5#PxTcX7if!OFv(E8gj7C;qAes*s?^empcuF
zHr_n?a><|ym-my!{b#JNh{UDO-*vTDo15Gqm!8Y@EYf>>@(S^k1RmLmZz50C`3#4f
zHO9mIq_{jL;<Ehpv|Vy|=d4zgU7@+Vf)$n7v;W-rzzYHDpIqn2uL>V~JmXo(FGb@h
zt0MlD#|$qV^Nk9#I^lD3Z2gj8<qmq)h1Aj!&I4VR-y>HJ@rqVm<7oQgUR5&KDK2^Z
zi^k@gSB+27#GI{`KQ%FXPMdQvUA!du*YhS$*U+QKBPuSOK6gpBZe2^Y#t!Fa``xc{
zyjQHh_9NYF%z9=3-|FmK<2+KuP{PBX#hP=o&hX8d=P6Nj#pbT&TAAG!cjlhiml$)|
zDX!-0W<U3@Z+7M|Vog=k{K;$LUZl?{5Vzj#>$RpSG*h;|vUR&e@+A#B^F+bw&yPR-
z9A0ugKc!pSEOGt&J??jkE=CV7d?}P@xYmD`v19ZNbFEu_>H3d&ZcNME<1y`r)Wq%&
zp8{Idr9Y<gx7Yi>aGjVFvFgJaJ-dM!(;CZrcj{F<FB(g=%cwmxC-me>>E*IRkGpUA
zYgip8*?$*F*frn7H6=7BGphRe$@@zB8vRCX;b*Ul%{n@w_ono;wZ4q<*>8@WA^i>R
zE_P87CQ-%fi{rF{ugPHNAJuv?OH0yrTCfbRUZht3;6575V{P@Yw_^Ls4$g(6WpDcz
zYP?}deG>cpBcOWekz9!$nby6{S%WWDt;u%Dd)&VG&EYd2{q(I{RRo`G+Uje$OWyzM
zE*Do5bMAYmJB-aqIis=#wvR+h%WIhFJ4(t)Z48Ci_fEH2*^lx(a;A$JYjITe$6sH{
zp}8;RR2a$ddmG2FjIU9i`Wz>n%Ok9UZ)Z9Csj2S!A75xBHyqxP?0T5X@<d~_LajQ-
zvI)P(zP&Xjm@sP{xy&lrBk>U5yUXrJD|bB7IV5+7-{9V<Gp`zU#W|*H8lO^9oVN1&
zxk5p;BSvWf^~dtnlkeTSpqMiKVZ>;Y^{)=Yh`{gJRqJ&`?-YOa;r_KlarDEtU7xib
zgFF>HovL5zEjs#n@0^(ZTUPF=oV(5CNk;FUypQ7L&aXTihF_Y@m^RbQQDX4YK*ow3
z&0X~`&b$v=SM#XlbYwU~tZl`*D7)7y8<lvp({Czqy=W*rJ60Q8a{I2o#EhOxQUYq>
zG4YZ~vtm11@&(Rq&Yt$Lu$*&A?H(^t?E^YDB%cWTnqARYxtg-@{PP=0Z<@OUn}7B9
z?Uz2`{4(=!%GnJE<^0!WEOE&-6xlT^L@0lr+c(**qN^Uwb&a%%{iyrGAuH~wqfObV
zRrlAtorvCXMo^z5qElmQdURaydBvLdIa{+xJ3GH^ShII*`r{$NMeT<LPSX3wa?IWL
z_r7&apXD#4lgvt2p6eBT{q26eM^7_!llVnvY<#)kSds)iLsR52jY}(AU_d)Ur|TR!
za7CYw>S?iEIvJ9qMuvrlYzn(lLM#%pjYO9)ZjQWF=joDcoM)tNb8JQ1?a%Iwy*^i(
zy%&y(`tAF=<r+myy-Rv8Z?a6`dCN}<oiBgH?~uGg*>peu@^R9TTFjg^8tExdk6jqw
z>NjW<CA%;r^-K>B-%3`(8=2)dOFpH2+?sod?~KQ}J01BhmR46qu3R#xKhxiK<IA$4
zjLu}cx*T({iYK4b&c%LS{@6f(|EHMh3;TvVk*^hbUwDVMZ2s{gB=XF}^T^LbA>Ykr
zi(D<!ei~o6P+;w7)JLWA`7QJ95`;BU(zk3mQaW(gZc(6dt?x|zvyTqG((5a@&{gnd
z%}<(~{^*+vHZI}GRgzK)!M9Z1tP49%`GHnjA+=BSYPRrf?v(JwJ*{2S)zUxt>(nok
z_eoQklg}M0Dzbg3m%Pqpba7bSKFNF6=ImTzBb}*p?yDTV>{^%mtB{@FstN-i&YvHz
zRyY)r9hAT9hO=~zZ!)?1;pJ?n=qn3cE``arb>Hv#d?$F9@S11g0p^~^(pH@~Ja=3y
zI?z0zsP9*dcv$I+voF6VjDI+hWuCguOUh-rK6RJ->9Mp0tp{cNL!$y#x4u-giP$fz
za9Zi(q0c4D1JCT@)GBuV<dt?>etn*m>k4@}-`!~<Lkk}||5!HNWSL6*g==3et-s7X
z6?(MbT*>E6KI#WYNOwQQTyl<E#K?4%ke=ywSpCQ<)p`+9me1qh#RF|ELXY*vr~k@Q
z)24AT86!NYJ*Kk^?_X?v_<S9A&HDU}jc<<aDL7gqz#SRlR}}f;*-7!|4$1RJm-<M|
zEBJJ*PL_JEw>w4T!tiC&g~qESemWihV!E)g<#vDY8cSsr(_2l?Kdnh8X@8p8e!7#B
zyS$ZDC+5e;vOhm}YkIqepZw-iw-VB|A8jhTxaiUJC+|mJTv~B@dxB<sKj#hg``uxs
zb($)lcbv+89kJddLS><=^;$83y!R$^o)x#Ob{DV|y*n*oT72^O1(El6rGqTISB%TN
z@h52>H?|J@Iw0?D^!0oGvtCy8^Y6X|&Q{7vqt5OJwwpDV>M_$^_q<+gc66g)$F&ot
z`t-NFXHA~Tt&N-Cc<$hVTh^rKoASm*+#A%ASx3IP+T11S?SGyiQ14aC)tgze%vAjK
z^_zhj56Tk9G);Fd8&NTNN|w!uQp?@oA$BZN;bUEi@G@GP;l_rB?2v&?l~2lBGWU4-
zx$K>&*!Ahqe#hX!O|vKqGiFdH9Qs%KI0vt?-aqfh(&p?F6L<A~QfrG0tDc4$8u;iR
z@G8nUwytE!7uv(mE-O<$C?4!?7H^bwxTboCBD(s)^^^OWOdolBoNh|@Jg`~Ad!Y%f
z`WE-=HjC=*^B4#8lhVh2eO|HQ=~*>;T4MDL>)P!%e+_?)*_N++JJg?UdV1`!LgKEt
zibwX%?KfMn0}=7H*oJ=ZRel1z+j{s<Di&9dRT{_`m&!b-H8I)pT0Lzf-u-;BL@U#~
z?08vIL+|^T>Rn~;Oa(S{%Du?pRO?z);gVz9`J=&LuKTPQE?vXE!P*b&r!DYS60V>2
zierc8j;NA%J42TkaX<dq6z%hFZhDCodHLs+#Wfp#`W%xcztZhx!A6Iq!t*UBnjg$@
z32HvKqjxm7OLb<a<c5<H+gENVOk3>s^o8(TgYKAQ)9&x>Z#N$4OYh?s-W@ujabQ)v
zWyrIc-P_F@n&q5TpD3#Mkgh#4IFNS2i+6Ne(`HVAu9GiMeH)XxdX;PZoUyRF-^v+5
zrZ>KSjO)1T@l`pZS;n(9_m-6Vm6JP^=DP4P@8!2^KfN(qQ0QEQROm)-9|?zhjs8*{
zI=ZgR57**qF2B|GsLK4X-8dzjC+#4sI5<8*Orb^L@vSuRJNG(dKewH%8cg)X_-w<Z
zZrl|8JftJ#+;=Y(6Y!_oNF8b$vU%Mn+^yWCX3>KA%uasi`nKWIvQ@q(AA0fMe!F**
zk)DLN!^rCH<U6l6=f~&oV;)*;6qFx$pzcQ7#TT3xowU^Dn1hmXUw=H(^0BVE#A}-=
z{<a{zW8THnbEUbRgZS@7yb(8X+mUoPeSuxgw!!*hX2+$~vn~0)$trL?|LEf7%y~am
z!%odS?vpCF-pU;Zbv0C)q5{HxRSt#LyuZ2B&1|;7`qC`=x{qJxJ*Uv!>kjC=<G<0@
zSrhF<p1GDa=Xhb~!7V0BV%=|r_UsORv`?a|-R)J0eMR(#Js%6dncO@V@;<Aco~pDi
zA}=@PMyU+LDLLxb$&kB3#S%}2E@$OeH}b2Tkov@!@h(5TCsknE>P7FmLiBf6)rBTJ
zGTHXvO+e<ti=UPcIF()J_EWj+E&d@QUGu7IMpI5_wF0*V<)hQBfS|LR?vreT3%vcj
zj^&1aupS(~pu*vQ^)>lWVn>W~8u#*nQ*~8`I)Y~<uMbq^3s}Fp<y^VPqQJa8fsr=b
z1gu*&Zepx#x5}2t%l6QE8|=$}p`%)PtHzTVTLq_0o8JDZTg_^IS6<)gs72F-LuZ6I
zEIh}#NYc<eeLV9~^QWl8n=M^6tjr45JtBbu4E+fZ7YzB8puZkY;wmCTT$B8Wm}=_6
z_yeRl#s6M^;l{6ZaVq$=OK>Oh*}{5`Y!pLRTwe;;B&V%&`QfVODe@V2@~TNWaTXPF
z+u@VnVz{0$bk{V6Ld?>y7j_Ck2DnxfTxU!j?2mx&hOMo+rLirU<>+W`Z-)EgtkQCD
zvNHyEFYwDDn^?K%fn!pS5(%R~Zd;AF%5So_SOM_c3yr0|UPDvM$-`C4#lcw1%H7;d
zfksB|EaqlpH*gmt+d~m9R!7Xqj!x#LkPC*XFiDs!T>qOyC@y&&Ss9P-2=P&CkWY=d
zy@RXeA@G;7w70Ub0w*QBmd<2j3-IS5+qv3;lNeN6*TIcSNrH5!-v6_7;Da!k5HA(O
z+95rB!2|m{SMW@6aD%eIdx}ayu0DTyk>DxkDwD7k>~w$R`X3YOLOMA}_Zzw3;%8=V
zVR^{P+Q!z--of#(le3HK5jS@aPYM{sgJC{0-&dqCz-k|C)WP^1Oz^1+VE7HL3E-l@
zL_QxhDh<rq!7?9g;%Q3YfS{~^Y~aC?UV*LvX5!#ufScfhX8;Yn0KlUH4Dpq~8$cO6
zJ&;!l@@W7wb1-LTg5@^_?CZgD9&Gi&Zv$-4!LI<E2B_dRp#ZK7;0}OWw1X=NxI}=Z
zIvAfTf|~+(0f6%XR1vuWfIkFe1lH^DXut7(ll>O^?e{zFciDerzx#gI{rdlGKlnd>
z;Sx-jM%<FdL&E*+P&ggJh%Zn$6T*n{(S6Pz;j0klVn4qQVZ>M{UhyB{G6?gqpI1Ye
z7s4n_-5=pc5Jvu0==oC!Bep}~HxNdAj`HpQBm5P@g6!ucUJ@LJgyCff{SlrAVPH!9
z`BDf^hcGIe{zq6H!bm!x=i4DH!VVilcm{+~ot*v%`#@Nf{X7c7Ga-!Xn(;@t6vDIE
z&zm5O{JBsYy8Z}%hwvQsb74LbhU5;4vlPO}zYDc(-5=py5T3_=?f~KW5Jqhd{3CoB
z!pNr)Juio_1YA-3pZyX33Smk1^O^i4Yymq=h44ZMBOK}e5q5wunf*Kz!iyk`@Rj#R
z_z{GWFCcpU8Nx`GAUw_y_#IY;ur&L*A%vH(!>1s;6v7DC8GnQuA&kU0dj18%NS-0Q
zOA7uDYeIM#`?)=YmqQr!M+`fRC|3tS7r+p}8(<6o17AN50A2tE040EUfFw3NgzHZL
zZ}1U~2S@@yeyE)Q;{X`=N-hSF2hax41@Hv$2B-$81!x7pz$Y;QAPFE7AP?X%Ks&%V
z00zE%G5{0+Qve4xU_jdppbs?weE=f>O8^Y|jvIgvfC;dM4XSXx2#^kN6`&K~3&1#l
zIP}Lt0A&DGHh9Ce2;de#6F@Tn58!wjfFb}BU^Rd$z(xRF00RIcfJA^wfOh~N0KNiX
zfNw<rWdMBu0{|xgcYt#Mu>kP^nE+P-;7CJkBY-!+HGoQhPXJ>8GD3h40A&E9=_D){
zAP*oP027Ay02F{d0C@oQ0G$9|0WcBhZ-5;D4gg*Nw*ejk^Z*P4d<Vd0kgyE^x&TK2
zya7f4Fi{e=4!|2A6Ce+u4`3MJI{-Ela0DO>AObKGKm%X{z(#=006GA=Y}gG~1cm^n
z02TnY0FD4I0N5-NW(?pBa1Y=iz*BTTn}po}C<b@|fX#t&0CWNN02l$-0(b)y15^Us
z2f)NYE&xaZtN@?@r~+VfNtg;i62K>b2>_mXAY<7u4X#W86#y*&U4T6RNdV~pSpaPS
z&j7jru=&tt09}Af0F?lv0GI>`(*)23umx}g2n7fSC<ORl?7atkRz>zdJhwc_)AR78
zhdfDu(9;uIqy!9AflxvbBm@#50!d6l6$BL(8%0q;(V)_?fNNh1x+-?DAnGcj?y74+
z>;;kcd(PZ@pF*<hZ-4v#-_QH`?*r%FbEcd*bLPyMxpU`EL;!XTC<Y7#lmR9KrUNzt
zwg7ekj;4VhU~jsF{kVSvI0e|$0emu{Kfp@BnH@prDI%u`_fp6|1ot_p&w1!SfEqw8
zpbl^l@D<=V;0J)13wZ%$fJK1ifVF^<T1DIh5OwI^fYE@<0c!!xfTMuF0geN{0f>4<
z{B$|)tI_YT#{C-fQGnPB|GE$S0b>DGfZ2e0z=?Yi|EMC)1JnbS0agN51J(gH0X74g
z0pcL!1&G(+D*;^r4S)*(p8>?{s0ZLE;5&eLLlF}I(*cVC;!W@Y+-|@&+_wXE0i1_0
zMgoQaMgX?GrHGw?7Y{4q6~I;RD&l6qJpgeOV-uh)pc_DZi1`#C56}-#0vHY$1sDz3
z{}K8P;FJO4GetZNH~@GHApU_q11JMb222A~0M7ps=K=tfufP`|j$!NobOxLO7-Yau
z+{XhZ0`MM8%m&;HxDD`Uz;VDg0C61s0gwl{4zLAqH((#&2Y~nneg^OfK>Zed8*m1o
z1TYLx1{edF4yXo*@6aE9guVe^0*(WI1Bjm#(Fj-xcpGpO@C88pjJXQH2N(({155@?
z2V4$V2e=Ec7qAZ?eo@4@Ul9+O52yz;0Tu(60#*Vp1FQq=1ndPo0N4+B3UCnc7C@X(
z#0!AqfL{PKdwYL7W^g-HQS_iHN&ta}RFMI=?G;t*1sweX@joN{SDNW*Vni%vbBb4d
z4Jby)!BL8M5B+Sl!e?3J)YrouAiQL-3|j}B<}t%SH=!@Cqj11@<lBOK62g3dq@l2H
z0Nr;Q_xp|elg9le+&=@n4WMuBsob8p?+33c;%mq-W5FzZrVclWxO#*y22grR^BnFg
z4VuD*yRu<6!o~wO8sQ|Ph?5`f(_`M7py^Bsnn%%Gw##U=g$-#S_gvgJp!`PMsf?XS
z`!4Q3<4$=<%LG(bd(bR5@UaN9BR|o^M`X}RAOiCdA)W)jJcOC`p%~&h&j_0eoaVn&
zZ_?>9z|G+O(lFQubVK(>+*bjX8oDBWLO?UPQW={;Zv}*uA&(qE9LYpHsZ4?Vl!oTC
z1k^ru0NuM7_nyYRzi}UI+(#Psa^pVLxL4s$Wl;G-EUKw0!?6uGLjZ($5|ClUQyD^`
zM^h_-I=`lNK_i->ejeTQ#yOP@usB;|J&u;Z%$|;Vz~r4`CqTg*4aA2+(4@o)RlsQy
ztcb%XYXi!lwkZWpGLg>2vWDuq20HBknU>G4tE(E=FdGMn2yr1Fl7JISU@|NCgak%c
zDvKH_>jyXB@D{O(@%rj2Ns<kI51!N}#GmYUR^`0LYBVYxg)z6bZc%N<jLOF9Gw>8&
z+qo%YP9?1lC`eE9@9A9z4J;i#s&w$At{vMEK5=;I_+bWKHg@otgpL|LVer^NgbkiF
ze(b=Enyy{D;3$U3=eotg0J(}V2{P6-$io+qdF1eM<A#qK+I7mgGjMiDU-K{u<IoIw
z#7%!3?=Xd!cg@P^i(7xl_!QtxqkdFRR!l}?Q)SbF#*BvQrUebPSe%%#Bx6opBPvbH
z1GDND;GhsHz4df6a83p~=K?;n<)0_5o?qXz<X^CxS=pE|zorq3Ei>o*i=;4+>V{e@
z)X)JL3ve>WKQBG(Y#CE)Sn+A9UW`LuYOxT5<9aIUYAX;nt7bMB;+b~1eCGLQ$s4NA
zUr^oHR57Qz61swI;b$Kq*E;@4z8Q5@OG=QQo|XPcdK@r>^FU-l^~jgiLcW@+uo|J`
z*4NcGR$DUeM84e6d~|FH&c31kN57+pr{}ggO-=O`v}{#jvLL>ul<2>+`E(T4A!j`6
z56NR_y<#TLOKF0dMQ`NG#@*!HQnOT5&#UIdNLP>a?N3iHwji9IXH7m0b#+bDp47$_
zsN6${r)PGvM;q2p2f!5Llox3WP+rx7dYo(n*$jPrg?#ZLe8X#QsZIFKme2cRkhTOk
z`4T!)ihQ}icr*w22k_H$@Kesh`De-!@vM*NVTh+V`q6bG(yjt{L}~S`N-W_`7-^*^
zexG4n*^l_`$V11)H0GS1j`+TbG@m2Qz&AJ9TqkrAiLw!kpTR<m3=v7z%PNMlmqdtF
zg!HKZORO@s0xJ*kJ=&UREu=k;w5vj8Ae$Q&>`Np=?+6(lLi#PCG7Li=O9DA`zTKJ(
z5ovK85goxJdv9^Z;%uD9)KrW!uc{?Vm^^`p&d@>X3`$_6ry#Ru6lZi?2w6Wv<JloE
z4OgK@Wbq+ih+is(h$O_*6eKjB&rm}AuUJ5%smps2@eP%W=nyI9pVtC^o(LI}gF}!Z
z&PL{^^OWuo7FcKscL<Zdr!gHngoQKG;UO%tQF|W36qC%2!lxVI?=h{4VSJZIq7mP9
zDy19BQ$wPA!?X^Gj-m<rCYq*M#E06H_>+ARe=_}n2XD2xo^d~+FFt=uxwQ1E33%GS
zSmHXWPqQ~k$yG~`OjEC=RlSSw7t4!qr<FG4w^OGw#D(HEu}E90t<Y9!6Ks=hSK6+z
z9k3m=eQx{O_Ps4Cs%=zSlqcF3JtBH!^uFl*(Z5EYjLx>_*{9g2+0V0Yu^+I%VZYk3
z*0IiUo#S4|1CECsk2;=q9B@46c+v5S<1qfc=lIz1iQ{*Nf<HJL<McUWoqe2ror9c1
zox_}GIY&Cj;NN8DH0LbmLgz)!hn<f)Uv?hEzoX8Nou4?rasJ|TyKw5YE7sM=)z?+(
z8tNM6I?FZERqmSTn(CVAn&n#Ly4ZE4YmMuA*Cto9>kije*G|`N*WIp%U5~q-ay{#M
z*>w>A4&&b^u3ufk-N)U}J<?t7KF2-XJ<~nQUFTlpe%Sq}`(^hb_gn5G?vLG{xW9D^
z&uGth&rHuO&kdfNJdb(yd!F^YfPb%gKJa|v`P%cX=X;OhE%pxZPVrvkeaySx`?B|-
z_Z{zh-VeMYW?szsG4I9*-vQst_;=7Z(qHC3*FW8Vjenj0e*Z)MXZ+9k<71Oz&xt)Z
zc3JGo*iErpVt<JJIre0%h})d7CE@1;kr<blk=Qe_Byn8g^u)%*m5J{s9!>m5;_<{^
z5=D|H$(NLzl##SJX=T#xq`gT$B#Gqi$$80VB$wb{Y4ZH!`sAkMmC1XO_a;A|d@%Xl
z<Ri&#Q_@nFrL0J~B4u65rj#uycctu2*`FfXp4GOj?XtEj+kV&fx3;}f&qy7fIx=;2
z>blfNQXfk_ka{rn*HjURPftn@q-UfLP9K&&GQBK)dHTxqH`3oq|2qBK^xxBc8J#oo
zGNxtJXPlqWl(9KuOU4r!2Q!Xmh;~=CTi32rW=ZCV%;}kp-4}NMF6)=9&e`<K%buNG
zmtCK|BKwByE!kspR_1({BXSSr9?w0ItK{8~w<+&bo-P05{Nwq*HH$4*Z(X<b*{uh+
zcHdsI{ip3>#}hlA+VR4UA9iHz%-h*#XUWb*J6G;}X6GwA-`RO|=eS)JyO!-*x$B)>
zM|SnxU9x-R?y}vJcTe5@)b79T{&BamCu)ylk9SX-Jqdd<_RQT=zvrtx$M^iQN8EYG
z;k}2SJ^bR~6Nkkw^M9@X^_^eEiKr8?ClXHtPCR+yjS~Y-mYrOC^4gOJP98sb@}&4Z
z`S*<9=l)**`)|K1ryf7`)TslfUO4sYsn<^(KK1UY_f8!>b?nq{r%s-_OI)R0qus9M
z+1A<Kj~ZaFu-|Y0$iB+4%dyXK#GyO8I`f@H&R))b&U2lsoNJudI(IquIq!2m>wLi}
zT)L~PE8kV*n&w*NTJO5qb&KnHm&e`4-PJwVJ={IfeT{p)dzbq@_cQM2-5<D*yFH#Z
zp242so|T?eo_jrydJcIGdoJ-_>b=Ul)w|vMjQ4<dSj@(l$6{WNdDb`FKhZzge}#Xa
z{|Wz-{=@z@u`3fiiSrZBPfSm)NclA|DgB)Esp-?w?@xaw{k`-b(${9(&^<S+BCAvO
zj_iA~AIyFt`#|=q*@v?~$i6A31n-X4=BF3Dvg_2Y&U<qA^g7Y+#DEinP7FRV?)TZh
zFZlh_Q*O~2e=nuKSgYKsIqW^{6YSsFb!VJ2$+^P2+xwWWN1LN<{Qk=!&l>-&em%Bp
zY<_G}Y;o+=xVYrR<etfn)LyAOQ=<dUz!`!5fmwl?z}mpIfx66!^Uj$&V{ZAIx4e1R
zn~%Kt=$lW!8FeWBP~cGUp#g^m9~yIL%e&D>+aK+CR6mw+ti!P`#|n@2K305e*s&4E
z&OTOlY}~O)$Idx6_1Lsy(~r$OHuqTLvBk%hA6s$k%41uP?LM~u_`%~#etGGa>rUWF
z9J79!W$KvK(wn$k+%s_>XV4eoPP4+haHm=2_Y?8N_4CwIK>4i>`RA5=^VO5^v~<A{
zdI7@e$WOPFu4*z?nlBqM=U=7kdyXP#j4;!+T<+STdTr(WYGq^Ty;z(u4#dluRaLR5
zp{A)?NiaiZ;y}K+6?9r&#q8=P)e6T$OJfC{Fxg1qn#F;`5u&%1PXvwCO%>Hxs+dWy
zYt6}|Ek#CRK446$EAYrw!Gmy=L&nXkn;qSzqJqx*lym5rO*lBz9>C$AOJ>(mp=T~=
zz&U+Q<C-dG&Na?VbVT7jG!EEv`pw6i+#0+>&KZu2D>gi=oMPN@W<`+^GZ{>SFmd&G
z%uqg%(3@zIGSQHRy7_$aWK66XF|V#}?t=O<I%UuogU7Eqxp?o}m@{(0yq-mE((&*_
zljPh5O|yDqo=NyvoDey@b{rS#PYg>ixYkS%8y+EFsZ-84t6)BKP)5WjcIjq5#~SmU
zt~qonW<pC5cpjLan9xEF98j6$HS1Nuivh`j7Si#<?Yt#WT1wj%qOq31r*XDzsc_l>
zkeb{=E~$_}N()gnjiX?&RcWzS9Wl+7>CZ`zx6b0EnPS%*8J^Kn{pMCLY1fj#P#Fu{
z-fvc(b<1tq!Ln~G2XIJcl9@^#^2ldAa!kiKOBSA$cFiG?I>knYLeHIpVjD^MXwfch
z%qn8XM3sz*GlS+=HqISbTQzP@&8((wr{||5M!N?h%L+SKH0v}0$w;zK<Hg#@ahU~=
zs$P_v9Lab%9{Tvm)4bD|()q0Ur!nPzQ;-<R=S+EqYvFx%?xcK(>IDPmVMj(W9i&@)
z!SV~ReuN`D5xqQXAfL=h$9;~kGvdjaRTZ1E(p=xnL1zLl&l-g8*b=KV<q^78R5%|a
zc6k=bSJ^-%S}CPGk~`eSLL4?)^FNV@lx{H#FP6p6V*MK_f|b7@JShwv=L>Vv<uXUB
zTH{26mavH#Y}vw#{|C$mEg1zxhY8ilK5TjGa%F{TYPfkqvDq5o)j7T4hMN}9s+3Y&
z!y6}5Hq=yB!A8O@Mz#>nEVja1C^C!sXe$XQYIzpAs}&y<B}<;fY{Ue^BeWq?EjLpC
zVI|6JVfqVEziHq`17w*Vw<R$VXDQOm$6W~#VO5BX9KE2aC4Rx+R_iRArEKo(G7N_i
zJWP>k9EgabGr4h)_VO%PHpZ5SSR><d!@*}_sj6;nb<t^VhWDEFIL#-~A<I2a^Tfkz
zn|ht*k&GEd?}SKKCFSZ<1Xjjr&le1)wbRxl<w!%&Vt*qJh0dwLY9hQvUF|qfXDkch
z)QXjzjU%58{+7NCvp{CE&7`G|TU1&9&(bbmo<r;miTeJZFP#K5O7BPSDR>z=7w-yK
zH}WXw>i!<48kfL48)jDz@JbR{`RMGDWOMj6Tt1JIgU?@3Id5Qa{ALTH$_{FKS~(cV
zrBkmy(;D1yvNV>XE9aG3^Pf4DjdKbM23yl!qf{Q~2R03{reXE4)h212Lt{+QIIwo!
zuwcLftjkw63~ytmm|xj2cPv&}8%MzY<e}6#vu6&XId|6_T3)R_E9LYE$~6Ql_Gepy
z&u*w&gjK)#krroUZfF{bgrizufJr%K%}v##)67D#N<DMIJOmM!f%1&;>c+Ab^3H-c
zqy@$?QS*6nJl2{Bk*+X}A5>FY*|20BiqPr6@9{0i53O!0Z)=twma`Ny)28YPQM7Pg
zH*;dNaVq$vs0yyrWUG0NT;Oz0MkJ>NGv`(}Q9ZErbQt8CVyTK7rKV}tRIBY^2_q}z
z-2L20=BUOrE9<OEv~Xo@RfUz+5MdM+$fsL@TmreV!h*_BFCiUAYi=U533C=4IS$7#
zgZ^%T>0ADJE*Wd|rkU2mjG+!T)2bv$Jrfg@9DeCmHD*B_R^}&S8*O!Rc+B9&nU#2{
zHx>^VvtrDs;f-Zv+q2u40W%u$2M%V=$?rMG3Yu3vtBEJ1HEuH%y59Wr{3g{<GkcCq
zG1m&4#hZd@UN$ezOee!iYw$NA8s}TQ;2H+khEhZ763ra6k2YjKY`s;bs+xs0jWi(}
zv;-S>s~dWpA8+O{N~xY%0~2mYFoVOl<ThHh!<J$xQIiz}=JV^S@~itSh&6LtsR|1g
zrka7F8Yi`q))&Qg>4qBR$T#?1bNGRKF`kl63#7U7l9nQf)lxh@ot9%9d%O#LG78aM
zb8s27cv+k9ka05>FE_+66Y+?7p*JL5ePz`OqjXNhf|lW#9mDcUB|ao2qKCs`XID2|
zq{M`WkGWVe1Z5tWt<nQ_wG{LcB`zd2%9FvXBAJZ4REen4xW$(#Mg{8YyXIik0TY=S
z)eV;`Zj_UQxjJ69FPOhtF)B`p@UC@2b;FD+6u&H#!s^Mk2R6*U(v-vs<N@WX(EMPW
zhd&5%bwt=8JYQTB$`k4MDQ8V6PXrpzIBO%)vf|f8q&3vJJ|ftdlw2EHcW{<!yG}7$
zi|T;KnyPu#a%$JOLGdCLrX5YRbb;z#uOwM7Y~`O*s9<l4mbpP`V?`~TFMaNfir)%@
zCz0=WH!6u%U~TmxTHC3mWuCg)P0CX`$}&CJ=-N`e|8K;f<fxo~=DfN_bH*p9;s5TR
zf5|DsD{J|<uskcYh|<cY%2wt-JV7$1=KprN1G$b=CZ34#;Ad3Y^6UT0Y6aP&RiUxc
zx>{3V%P*i(%js{*{J*J6vw;6Yid>!(p-E#jyD7v*t1JVms6zAJto-G_28N;J-}$pi
zIsaE0SkMEJRT~zzS;@3KScruM9a#ldzZ<J>QJ(&<wf)!H{>7goGy4^}v!J!{cxRZ~
ztxAGrZVL=2&hD&PdGfyo_Fn`09~fBZ5N%l37Nz~^))nc>Zu{@dtoT1L@%z7MW@cJi
zs3W^QWM&qzfAbC{-m*e7ineHORgzB&H@9ML3yTZiYq>qdXPR5ZDv03@#dwE|EvHt5
z$#JJ*ynROG>6<Wjg*>>RgYfP~xtDUcQr@N8zhNKzu!Fs{a>=f1j^s9ern#$bkK(p!
zkN4VlDo^~^-~ZR&{}23q(BT-~{w~F1SyUCC5bsuEf;2Cn-lO1C0Ao)!wpcHyMmMRf
zTCz7JV^ht{x%<q{P&uQf0`D*z@%&zqS5Z)r7wyMx;0js*zy=WG&m%hCR?|duPD33%
zg((gL$;nqOv_P}aLft}(Y!=!h%0hcaTWBx4h4yw>XdkE3Dk9Gn#Pi)jyucI03%x<S
zC?<&a@CEUnZGw0&e-Q5-8^rs>S$IKSd=Sr12;v2aLA)?2h!-UX@g6Bbyl2}W-YYeT
z_YT-{NSk8A=QdYPRrQPovny(9XVraZYzM-oAl?l`A8XUL&D;fz4Y^ntubh`Fx5DH$
zHq6Y$vKsBt$)(*gGMF~b<ct%!bQd${;qQ%R7|olJ-y<h4CoiK5xyHug+}se4hpq1L
zrj0eTa_7xkI6oT}bRO1pGG@%^-J`OodS>sc9=-GN_c43+ti}NVeR>pB&!oSyhreT2
zG;2mdVRcubtW;(Bt?ba@txfci4b?|@P&Hk&1Ewpr6o6mL6*OIJZWH!D@TH=%aY^mW
znpsPDkI?_8Rb5cK2yaEWYV<7({Y)*)tHgrm9FEGDF;-MVwUukQ5heBk(M1VemEF5(
zLvQj;_*e?`D>%o4K5V}Spc1Rsi?L5^q!z$86VbZf4<R-Vuf_Qu%CIOiZS+_4IhSaT
zIT!hyl#w-GG?d6qAnoVjGP)V0n@C4FHo2)WC|juX;mhCG0Pza_R^ZM%aM5zg@ez`u
zlOWD(a1qa<(z<vWm??B6gs#WObR;zWdIMOvC;LLUtF^{LNUN)7BKU3!*`j@qt#i?;
z3fAHw3R$nkqGC2X?Ox-bS&z=Wz$$)g8)EPk>NSzXO?cLzmF71WfKI#zbks^@Jf|nf
zWcu13A{sxFRWD-IKFI2WU7$O>Xt7EsI+N%qsy(yn)H16Jh*fTo)sK@w=LMyDpQOrX
zsU9_16}HT3B(drnWW`eTi;${6OZBeFs-$IBvxwF3AS>UsphxKVHidMjG&Ae7KB5Z#
zY_b~JGOI1bYC;67i9uFlrXqgQr-trS$$B!gPCzGT-A!qk^(7Y}YgLeS8cA85Wl8yY
z574vP8MNA5NtQgD=;(P@1D(?wXjG9|%6To9QoRC68zV|-iYR44L@5i2jv8ySUL0gi
z-+P*Nbk<6+z9@qA#l$+Q-psnH<*dE0N7id1vaaE*Ys{?cf>}|hRjQv_WK%@en}QYM
z#=W_eq`1>$bxX^vzC=e<w@0wrL9C)Xl_F|qGjVyr<g&YEE=_P3>YpOG+!qvR)y0Uv
ze-BuZ^{LIn(ZSURh>rTqWc^UftWQucelmjfQ$f~T*S|bStfJs{*xH_HnbjK$!RnO=
zR<8zG{Y>!(x!p5OR<F0rs`p?d{c8lP_kyh6n2GrJgMH$8qK^<A{Sj&WgK4o4c#v7j
zhb@=#<8?^-c|<8+1WSp6>sP;A09I113DiBlI?tfBX6`=6OvBb?&-|MG$8@vkZ(1(;
zB~tsZ5k;Q}7R_q^?H;Pdg(j=tnU$R^m40R)$zKgt(F*Z$u;1ohZdZsI1t`sh_{LRr
zDC8q4KyA+B5lcCU0Ow|ty<2ISzp@Ou<0JVegz#rQB`V$GO#ZB>B!x6Z1sa-4R!CJ8
zV5llZAze8iF(pWCMS`dekf39v1f3!!=&Vpv$r`c*T|y*ag?5z%zHJuRy_Ev@o{a*F
zA`9#hQsCcd)ae<b(mtfpUaV4C<<G7_KyRhiP>NCIK2m}oO$p9uMS`sH$XyyK!Qc=H
zc27WxAspb0(~O=utQB_Un2D%kBH4`%VaK*SPFVqQU4HWY<CUun(KTt<<;qe7I19|O
zCWe$1=CjH1PLC|BQc7B8=AIdnJJgyN&O+{ak-6uGNXji)D}|{w+10ngE}e{bNhG_a
zA?(<AFNieWWs#<{TsGX*W`QeODKI+|1+I=P@QRQExi?;^+(^pY4R+iaujcZc&zbD6
zX@&hq<Tq}JWPf7_dmdIcDm#tFQ)Tbp#N|oLWCh-&kWY7hVhXTX3ZP>u$3Fg+Rs={U
z&%8ZSfE|$n?2Hs(SBL=Yy>~0*uBA6%_q~S$T<pK^RLFrl+d~>w&)rhG5>vW+T9c0K
z{Gkx(Qm#e7!y(eOFGav3A=2fNbNq9Nbg`7>Q7eny+=)^=CL3%TB*>z!{)Cih8R&GP
z_e=UFQ^F@(k??n#&AkvJA$#i=t>TpC`_4p)mqH|DgL#?DcfCQ8uP6^2t*bZl(EqAJ
zV?F88CddAR9N>DFQop9q9D^dGWk-HpxsPn`A&AP#eN&45mMQw7Rz%lHxkn;J{~$zk
zmh`BlOSPHZ<cF4<)SB5%eq^~x!z+F)JJ<K7M1PkO`E7<Ve$t9WzD!8;b)-bcBPIGq
zwp||BafQE=>_?gGzi)+o8jY+cBia8R!k&%iR7i!{c!X+>y_z&0MdjW;4+XOEXetej
z&MQH)@#vD?X$oXhTONv!*FYez8XW4m{21m=4XiY?HTkUaRat%;S^l$T`LVLRznSI7
zNm`9E^c~+y`5Q?gX(8ovap_iZ##AFi7MB5btnc=ceSedEhgR5MOB2Mb5cbbfXUSIQ
z#7p~Cn!nCLK#uy1<=oyKh=5#`W-_DzW2nkgd15iuEU-Wp=;nD-$kb_V5ptiQQcnC?
z=2;;6s;d)_;Iv8BGwTpJghg{MHQ5etr5<bO`C)8GJ-8c;Q_TsOBD=wO7TdYeWH+G|
zc6a21T}22x*7|hTx{KX?rD}F@<MD8Y%3b^clXX=qtfzMY>-mwaYeO1z{AQ%6Q-d?B
z$>i<oxkX*crNGZuw?Sp3L!&o0u=Xjy)|^fc`i<%aq;S4zO0%F9X$ncn7e-36B1D?A
zNt%^vaHctuq`62+<0EM<R`-QVbBVNtZ_UClZKd#Sw63rwvhcN1%W<Tqb?ReO4Ifr{
zc!<1Ka#CptM#s{SHqUb(>`;9Im+gJA(sHxbu^hIfc&On$WTWa|ahXkN^Nr;t4~>HA
zx43+RRVQtrdJ^b^lzX@4Y{V?zuExN9_d|#_TulMGpCY$u=M^GS=bYulu#Yz%a*U#M
zn^i9fl1=y|%`+UCyydtY?1O;&v>3W4X}4;=tW`o>hX{N_D}2#VADNN1LsNY;tk9UE
z-Kp7q^f<}Hy_!!j>jP9`wC1I%KS^?5sClUl4#Iy>JdYx)_c>f1ry_gmF?27{Ji2cx
zG+7Mir?t_AZ}>!<UPMHKZujMy!nD<WzR%(5#!^g%p5&tkM|yP7I_eodnmmxsv~GGA
zA59#X$kp?Fub4!U-dnIZ0n)&eQnW8g<Wnk#UqVvZbQV9CM1Ef5mXQm5o~0<b%?ez+
zSK-n?Ozu%*=x*1xsy^z?)S}u>RrqK?qn6d~Qgz|Ek23AY<t{3r))qr|yEfP6dk~qZ
zQ8Ww!zS&)Id?!+A^KH8D9tT!N>CdzI>8@*YY`(|w2oeo9r`5nodt-sUM}k(^V(6}G
zlWo3%X3^&&i6<9H+7#j9Ey3j+68dR1hVFLlVJUPKBDBXsg?@^JuA!VH8|&sB($m+f
zhZOD|f%d(KSiK@m%0u{Ds%JB0xsBM#B}*^a=s*(iBh5pDAFFmY1$?P_UO+<cTe#dx
zwcMh|&^<%DQuoDf#<@!H?%Eny!}Y_3prK8>4%SczYsjFOjk?q4UxtB`h+B0SAQ{>Q
z5@e{(#&{n|JQ}Tu6blGnsmIXWr!CNZSHh~<c9x(7a+Xtx&xN{OikM6yo~L`}BeYEe
zF5U}qX-ixjwivqSX(vPERE^fVow!8Xz~ydWbE#fG=rMHfqJ66eTl+hdO0E4mrT?Bv
zJp!yJrT<3v(>+7`O7~rdsZ|V|i*^j@JsX6mCgN)n8C7TExDMgkBDfC;_nIC<_YCdN
z=q%U5AfR*Y38eoJBP92Tr=dhzI%MJnq@v1CCbqBYNwV^bsPcE|-t!T<p1A%^kD<G+
z9npP1U>TcQQu~MsruIESNn&lDO-Rn|JAv|dvoYRGcw33DA-so;8)q-!{cL<<nJ(VJ
zYLvN>{mdpIPU1P(T*-#136Sz<E^cfog0pjKJV3kp5k86%=yI7`Tu-=Yk8CE_i@<e^
z7Ua4UC7#B0QzkgskV^i{!p0J}SpyK)RY8{ukGz>A$&Jc^_aAr_q3aPJO<ByJlCR>-
zutHib5-%c97yDSS%O~^kA$P#KjUp$-KqxHB3&l-R;4EaQR_KE$MA*h|1!E;@GF}|m
zqh+!<8xDZQ5wnjY#od&YR&fsA0@nk8eh%zJ+Or{=m`ya1BDxk;caXv<@jXaLp!l^7
z3y}CcGqImY$7+yo)FC>N@;bJG>`@LfnPPDU5LHB0#~G~7FR+YEjH~A&h3os9geU-_
zWGRGdSh5uQU|ceUZTJNtHFCX&Xc(qY3Kc?wDNBUwPWXVuh*Lc}q3(--lV5OO3FL9S
z6Y<z}Z$IcCI)X&rSCN=eUBs+r(|{;W_)ccx(+TyNGMeqYVmr=X11N7P+GXv~@u4B5
z`H9XPVg{(q6FOM|{@0+8^DtT=3nlP>3VPoz(C<pxWruqw`fW+)f_{+b_ar?SbS%;D
zNV*0zy;)M;m-IED6Lx_9K+<=B_EGx3O8NlB6MaO|?}J`n3tGw}Vz;9{1j@y-PD&it
z=VDGC$5k<KXC|kjYQ+0z2JsFsNaUt)kx&j+1j;$AAtjNyox_o_7w;5;Kq*zU<}SF)
zvPu;qL~I@M5h!EAL>VJliwDuQ3|mSH+7dk+xDIR)eC)C^$WEx%6YTi?TePr^1V`O&
z^a|H@M2|<Ta+aOYU`o4isR+O$yHLvQga+em!gVW*<!Z#K$L)j$<D!IXAp$6$`m>$T
z<SVxsX%)pzc=8NfIDtd46P~Q1#h9C4u@j#BE`;P1DT<x&<ZH|n9TYp^$<?@UitdV?
z@Z=4qMB@}Y;mPyNfGLWd@Z^=I9My`Q@Z?Emz<k9{c=FFEise|O*a=TQXa=lM?1U#@
zV#;xaVkbO#iW#t8u@mmP(kNE@!cM4b1}-G1_MM$j*FvLE?KeB2$)j-LcwMm*o_x$G
zQ}ZZx!jqrHg;T^UcEXdF7-ec{ik<M}F}QGwPKurI<dvonqfk}g$&<{038*Rs%rnK9
z4((8}rDnh!#ZGwg-%L3g6g%O`kD38X6+7X{b*3Dv6g%O`L(PDz6+7Xs*KQZ$PvrBa
z*a;1qiCef<z^1xEF?x-iP}h&}(@Zzm33a`R%h#0m0z09>yfMP{90I7J^sDWJx*j#@
z4R%6Zci_UjHrokxxo^hbU%&`qv)c&`^2!jdPtXG=Qk>6DXfO_E+x&unMv9BK6B>+j
z3D;uyUXmf|Tsxtzg98nEww+Mdqo~w9$QwPtPG~T%CR{fofEp~i)J~}DbzCT|y^ozx
z*FKZ(Zzt5X0S$5j@s2TeLbYfeb%)!-f%dke2#B_)#3RV5v~5l?Vq!$<bB#h2BG{$q
zHmwBbbCJ{ExK@Zs2*knr^+SZH0II5i1*?QO+!k4NVH>v<6;^C-;ufu@9s-laNW@I&
zth;a~fg_WwoQ4d1b1QuF$eXvNTZ|0!$y*zF^Z)<mme3DFGeN9dTZ%){l*HE-5<$2~
z%R&S}Y$7+jlFpHd<cYD_0Qx+AR<kggBSn1-2Ky|GBE3N?12Mr;(OMM1t=n!eCBs?a
za$=M59_SeqGL2HAa0<{crpal8Pq-HWcVgi8s7inaU$POLM^57&qnHp~5`{l(0J+Vf
zeQ=Wy1j+$T#S{PsAqhbnGL!>Ew&zjoWy<V`ci@qVM%0(ihy6GPg7nP<`5aGxDnLFu
z2juGuo<P2y9e^I<nB|B`rF`#FzV@kb7s`i>J^<gMd`4)8d-8$4MRgIGe}Q^V0Wn4V
z;8Gz7lnILV7)0;*cW~S~fdh!{v<q}TO}-{5RJi{DXr7x*k^^k#ZMO+QpsbJ_lrEfo
zg+kfmIO__|8qe7-lG(ccbt&diy7vmG;}ay*MS$M-_kfhT9{3&wGHMsys0#GUd>Y!r
zDb_TDv^B?EhG!IjvdECTtJ9Es5f|La1)2+A#D#ai3^|_zD9e<#S>=e_2qJqcE;)N~
zfsJ(rI|5~Zs!>%HDf|GH2+=tT^GO0_U06NWadEP4*D2H}@ry`Z>m|PDCg9gAREc<Q
z@0%5B@OWB9P_~4m*)G#?t6$6Ex!i8sc*9gY^VucSFn%ZFBDNFki$J+wVIx!G*uw5t
z$i$>r56WWt4nnF2LW+DSM6Aa{#QIA}n&(5rx<5p$=R(AKDMYMSrC4b{!KMh58`-Rs
zbT*0`$tK!!9XFDy+J8#6yO|A^wQ~z8r#;*H?Lk}L#%T*E?QTw6N_M`FP-)!T$++7;
zyd9wrQK*P*I}IHjfSw=Pm;>1uggDxrOfK??Xo?$I@mmMqkv9;Y``&ioKz^T&+0Gk@
zke|#DI=M1=DQXB;Ak<T;PI&%w%8sAA2A3(T;4Ks-@cqrEw-5!}i!81MnF$u2S3AnW
zZ5kb>op%XBtkURM?YuXk8%v^}QGV)I2zeVNv5a&UrYBVo(AadC#1sJ<n~ng**c2RL
z0%;gDd6=?$$qc(H(1km&*G%j4?gE-ep%@rngsP);tuK*taKX{xC`Yu#11H9?06qOM
zFX5fI83Q3D(?vIGM*11<wQvGdaRKF4bWf%p_^6keD=4iVlr}0Ttv%2mLnoKu4hrt`
zR;(7{C1MyS+EQg%HlHZk09;d2$fan;I8IXIP<SJTp1(t5aJHurlM)f*wqlARVl+`$
zf(o6DV5*S&4^+sS8rVhQe6;&&BX8D!s=eL;L$p`0p&;ZVFt%@uf-?R<L6)lRK~=k1
z)x9unQhXt*_KK7d2-8D!+)fnGT*<J|0-Ev|_UqC+<GgVsx49KU-IoI&45WupQr1&=
z8#(2orUGYLnXrX$ZX;42j0m!c!Y*K7G(jHOn$<PvEZ<agVeuU@ao3=ud_8f0Km&iM
zYn18{s>TGd1j0;3IN3v&KVT15cl>7teitzeHE_RB$+B&~+O&&{@dpFQa&0GUT31Y1
zB=MUhdU3J@%w?L8PEtvr7FtvasKpkQ3TmlErGZ*zQ5m2vw5ax=R$5diP$WrjmZUQ%
z5=By73`&-s4QiE@GB+%)0MunxT#*r%vd0Do;tN_vw8&c&>H=4ys1(_2Q)IU;yam3`
zu!+LGz`q8I|ESL?iHc|vk4W7Pp{7wdjTBQM6uG$nj2FHKY{PoBDpEI|CB(~Sadfco
zA1bc(z8xD4(L?)otSDT8G7LR(KaWyWY7K3PP5S~Rs<gVNU0~C`1rcl@9s88vZnWh#
z?MExs3Y+!|5!8dVi)<SG^(jeQf|)kXNtVQ=HZ7V6=6tzLb6YW2*fbvz+{9Pew0MiS
z#-_Ekh_yDY9T6<&dYjhSBCfM(ITmrfP3u8~7qdz2Mw`|bM6d=9p?0Q-O*U<CScKCk
z|7M#unzEDE(r&S7<wUT|%{FZ&5zP2Dn>L#WR>vJSt)2+hz&4xKXc0Tm2Z>+?yKLHW
zE6*OAb`cR=>ATQ%tYr7tv@1cRJWq0lILY=R<-LfYP9o*&h@dQyqGARgnz4gOp~sKV
zpbU}HB_gO$^kFG;wZgv!jU%r<HpKDL9}-Kw8X?x4<UR`d4(TrhJMJHJGWP${VA(DD
zL@#dXgPKkIko56RguvON&sP*QSr0a^NAyuJ_16Z3gt<gY9EF9bvWH0N91+w_^y0Sc
ziQ=xuml`}qX-cmNl&%DUpFxITL3WW+6TzXQ**@wO9Andthh=GNR4Aa@v?MIB%j%_r
zN+*g9p%bW1pn6{im!lDtMR9CcT|m)aZIf|Xpb99CXF@rk3az+2P(8w^o|KZCw*YYu
z4>P$C#c^!ZJwf$C%067_-l{C=41|_g+`_4TVQ~XN4WyD-rczLYh++>u3{)vm25*~2
ze|b*IRExM{L~#o&05ypyuJzrZz6GVyY(&GzF$F{)j(Sy9rCr;!)s$Yr>|Q$z7rhr$
zu&L5SueN5)D`7D{vtt<jgFPW8m&`~>8G&4Ch}CqJ;;J;79iakA3RQ!EA6b+ujEXZT
zwiQ)L*&M;KyXZqz#zugY2P2{~rF~$(kxly)?E8?psR#5vA5y{tA@&_G#3D_x7Fn$O
zL6P42koMK&=#(T6?jf}~Llo1Pu6B>+E~Dl}%lf>E0)L{6%;o`w6|W-jHw3EWl!)kp
zE+W&9N8gx46xXB@ap!_kSzHj)iC|Wb+q88cQf?zbHU`@#&d9n95>wA(>r?k?DKA7w
zTp;?8M^G=**of2*Q1V9N_+3Q8&eB<^N+0Tp>Qb#wf*1F@LzI>*`gEhPKZk^+$UcpB
zA`gn&S(G9~WwC|;g}Tv_M#+6>NKqH)Qt~-^AL`5M5WNpq^?E&JLj<E->88}@qf+jP
zi0UQ16=bI_sjk#zou}wh+k>H`Ex|f-4^>Y<&)X2l9)+pxL{Wdo?oAtBx}pupSE_H@
zw0%TSXQF0&90Z#?$|J|A&W%bLh?#Y0t#d@m_=uo9kup0XDAf!~VFOjnn^ff)$I9eG
zp8AYUC%g~!T=hkpdGAG!1Zr{=CKe<*jlN8MMij@jHRHHiL`B;W$EqgE1<Gs>n-AH0
zM+I#xUKEo@MHoAN)RyzDiQ-WfP2H1ngfw-!(bU7D&89Z0CF`9+h83-(%tyB9kZfH<
z<^~sPhi4Oh%QvkGGe>|nP1R@}p<^TR(ULR*h!&j>V-icCmB|!J7mhCD=y=-4fhh<r
zm5IzR(DR=K!kouq?Snuo(j@2gCg&oi`|gBjMd%nw$br$om30piJc7V}F9UfN2w1+4
z1QyFVc;qM0`Wr02Fj@8wvg`zVWtIcL(t)}%%g#U~%g(n!WCHD|!nuqJ9aXr#ncI-x
zjYk}=MB-xn-A8~n)F^Q<_;CG)a^C*UplL&cHkavmS{~MBY5$ln1Xu7M;D&Y;+Au99
zYo;m9MTRtem$X3~3>D>(8soCBq5x?9<Fkbz&|Z-R8$!M!OQGE`+8g|uTXa5qHD<~H
z&7p_Z$DvbwayzX;j8kv&gUDY_SNz<U0hxL!7Et1J?@XkajzFx|bU{1I)fz879ufmx
z_m;vw7_|qkhu$(eB2+$<zXUckai<k8V{InkgA1^p3$PuNtAUBM8fZJl>&>)P$oBP5
znOG`Ist5WVFRRfasqK4S<BXkj8D47uY&J!sbV?lOu_;9GawuXbX*{jr*?e-Lkc%h`
z!E+cFvDpP!Vg=axhAzT^;?gqz1l0%7LTGF3AHW(Wffi$Qg%{1Xj*+%brD$zbs);`u
zrapvBu}Gyl_zOYP>ax~H(qlk#`re#Ao^+_CFrLdcQmhW_CPeo%Xz(anACD2S*?Az?
zYMzGi!?dwCMRR47{SGjUw=Zp8>x6&+#kNts*;5dZGaDC~b0*@lDK1Hk;hg>c5o&8o
z5glP`-QPxLJ3Tb@Q{($Bhuq&IpkEJkyi<hK0&!wSU6O#yvP8TL#}H>bm6CN6BDx?f
zy9k$l*Fu#ggzN=!HX*M7nFM5DH7?F1*(+@^ihIx%u%MIZ6(otRs{)=P^HqqMf&lJz
z`Op@DHp6I&FTsnu-3)FDzZ3Of*E5q{PyZpH>G=}RJY=cdud-1UuIo%S?o6;1&D^<I
z!Ig-EL_(XRCS`R&W_A({K*&jO_F6N0NVm*<4SMf_eCErG&DY_N{{ghWNng@&9kR2a
ze`9yzzZ*0Q`getVBy)ZjOjxkLE1`mk%=0qvh5+1I2lvC^3A6@72QQhd8@P`B?Qj)b
z=SEp)@}~#Ef$P<z#$|nu0IpXNQX0<hiIGAOXjiD(4_F0My8KF3eT7Oym$7gOz)6L1
zw3rH<7Cz%fp+5tsHPtv;_XJM8pbLE^1Dw`x<w$Uqv~~~q{WaV)@xAMTZ{%>1|2s;d
zpF0|je$gs8pwxfufOsj8y-wJ2F?Bz7R&u#`5;)RAMHStRb>jKJqmhi>byD3XqG-J5
zp{ntMt}bH#z5`z#1F-)r#NmJ<hr@3#uuqM;czn{$NcFu=zAl$u6<}i<SDd@~cRKG3
z$}DOpS60!4TJw>0kPx8VX*A(jGz446ovh<dYe179Ljo$I{|lhGJ@#^Y_<sb=?eGY<
zL;rKoA>Ss353Ad{LnLmO$5j@I+hV_Li;GK<W<T?c=l1#w>%aR#YGmr_&#LXSX=iuV
zQE;T)$XUMw*#ac{PNI6F%RU68-#I`I0?B!gsKuZ@10sFRC8%pM2<-KAWz|DeHnux~
zu(5T&9NMRyQjjDqXB&uqi&4lvLbd{VjF6{*JP!mO;92;Scpzrq>fQ+d2+-a!`qoyI
z&f0rN4%NP2(UCCrS~=!73qhcr&@^h_PER2R>+b~9@#p6u@;Ao)M-fLa{IruA&t6J9
zrU`K-#6{Do&7Wf+AkY?S>$_m7_;;k<K9^`B#gGp>fPF~OSE9Hq+J}8JkfGESr-PNc
zEh%dR0$DM0fLPw;2jpiT5aM0Zdi559K<%vMk$X(9Ls@EP!tuAHaQ(*;*fQQ((mRid
z2!t)ujxTA;-cD%sX_U_{hEZ3o1D$prIy-@SB$Ve7=9%e$jdz0>Y_0v#X$i2sos)LF
z3<9$Rbt)wv{@rqHA)s0<RDC1#3xzmq<_i4TWblBi6!uNABbq=P#xWMbcmMU&DeR3;
z%DUIo!9ha@qVH^QT!S<;%&ARk+mcu#fV851&?f5`l4c?dqlph?(H=#jkhaZ;b_f`m
zMG_1_i8~Al95?w!Oq3E3_lHdG3)K|nP5~x&CoD~J7imwe6@ozB8mgkLtfI6d6VQhN
zYNE!vm2HwpxXA2*fozmC8C&x^um=KF(WL%5p$yia!gQz2plObP1l-%-22E|II+(TN
zN6^%qY6dlE|2TBCi{Z5JYLD8we*x&>M7QT@o_`wXKP>{?feqNd3^ct>Q!^#K6ZB={
zLFY?@r^6GN?knlPf#%}+NjeSPkm-?}KezE}<i%PHdRQ(^UsNYoBbWRgwDBpz<M}hm
zvpIcV>H>?Qkk#*^)m2P)r=dR79ZIM>STX1lw5OQ6#3MlDz|?mK5`Ko<(bUEcZF=@Y
z2*4j5KMqfuXqxE3S@1>xbvKJLxGzLz4ezGL>hLl4@2L0Q4bRwtg@5Q>pzUc7sQTyo
zNDvaS0DUTr3fU8rH3#`E39Sf7xEc{G;dUTaryYr`WI&-a^%63*OAuiro_EEvr4emf
z+SA}*SX!wAI^&Z_Xml7b3iCRE`hu*?Q6%Kbyb!F+>%q#rN|oUnj0Bf-D(%IXEO$~!
z4Xg;%APW&(gAqWi8q7e}7HjYTBBF@r%d!SUn>CmN4n_?!lQ3z;Uk)UXp*IhQRS>8f
z4Ue%3DY*(8*<-}h-U{_*Id*lyP{G!|MWxQ;9|D^En7V`G{SBbm{3OlhREE;v25|a-
z8k4mb%&o?<Vo=qCh~TOo17cOR5_u!5%3fy)BAmqZW>wae0?fL)A%$7jIZ*iJvaYt~
zRqKTyQ2%7q^;V?hy8eml+9?i|;@<ryIhL1!ra6cDGI!rxuKOdh?i&%uUG*iNBl#Zy
zeS8tpz9MOQ&(6C0QtIYg(5#!UB%KC3X8I>ipWA^1dr%#Sim={xLvn~G)cY_pzXi<F
zn-v4S{fG$GTLIV`-H^O+ah9QvSJgII%Mc(H()n+b@R<fc`!(#r`Bxr|<@`@!d4%s9
zu=pzk;IXs>y@5de!lrrPkUEWk_`S+Gfat#WW}y3IWBx%Re`QO^nui2WBar9ngAfBJ
zAhc78@km46*lOp=h_+L7$VfV9LxUo=AwnmP$82py+Vxjr=QKc_!oAHHTc=Q0YtO2j
zO|yXZJLe+F97Z{mU9m_Tb1k;f1Js<*+&Pq6l)i$3lFUA_cny3VKpiW4^-jpjW-^u%
z53Os5%^fs`P6%YFsY0v--R~SAR}r!b$PGYpZo_5NN{nTDDee5^5$l1E*i3^Pd(*-k
zctxt))HwN+mw}wzgzSH2AX=g5sy12u5hEM0<SuZ{Go!}&vyMWx#}S4}=qhNqFA#I`
zwR#C0IRNV7(V^3Ruwj#&BI(;fvk6a;qs^C~mr;hPl1{+fY<&;V=SsQ+G<T0_Obg$W
zC=rUYN_-TF3Dnsdr=VTvqFFYL6`;sNCT3d!YBLKV1N>7_2yNX_=g2}bKSOQrLm}X$
zHTS~EL4Y|jw@t^TNX~83RiVb=t`o>Lx=uGGChJ}#u)2;FgRb*BBDm`u2NKeC`XM(f
zK1=auc`?iwU1!D>*xUzDn{{bGUAWw4oh>NyR%Ba+d=OJ_ez_EHR{`oNL(FdA!^uyv
znBBj^-0?ZG3%eTMmpbfVOl!H+ExJGJSF2R6&%0pV=^#dA9JQ1+194V;tQgeiVnlF#
zwg55eL!)*ZaE^!mR8>vQdfZI(o|%aI=Xf)X6KN7KFfpSdAd*pLX1@Gu@Lap=I^i2T
zfcm~syRk^fwR=C<2<IZl9j`#>BWQ$GNMH$V#X#t-W?4^JWr@rI1w#DAZ1Lm0;a36p
z<XyJ-QM0gzgM}?bjw@eAVUM7&q>PZltQZv58xdTw2|z+x{8r><-9L&JZ$g}G@l3rC
zrY)NkpLv5IQ0oji)*&HRx-KZk8A$NVOOT@;ay*9wR;8^N$nhB>SdOT6VRF!iHY`U2
z<j6!E%faTc+>Ba`sFJX#Ys{z%5j8a|>J~F<6`~f0MeQ`Bu0#~QqcQ62DS{tYjNaB4
z1c6#&)Ojxwa-B<pbuLAMM_)vp2cpiOA%RtAD+YD8w>RqC2}p?UmmoKa6Y80eqZDz$
zI$vT&4M)`Uu&7OD)M!L43yZqPj4DUeMl(v3#=<Y1g@V|P+&D@I0`+O>;qOB_uGiDD
zGfzk2!)D@#n}i@xzcaM(rJ4G>pcXbFM>5spduSmIz1z})6$35wM+CS0R3K6dqVu_D
z<9j23ni!>3V~kb0yuXGiB1C>IUGZ}-0&)wgKwHJSuSJT*sEzP`4wN2f%}2)jL3dsP
zegxWEy7n+dGEY!Mi2SGMil6&MAU_jN?7|E36rD$7HbS6okW(c^I=c-#PZFaagdZd@
z9<7zmZLh&@K7g7SmOhcw$MK+%$aAVV9-Sr5OEYR)o^Ql+xPkMbU1}5!;qmnBuPRaW
zI3?2;grt{v?#1JgCPk&koOphmYA4gs4q#PdKDoVU9$To=Bad)Dg=@?>sY+`lskP0+
z?&C<kZ>&^Oi>XEDo1iNKZJAsqGS>Q+@w}1ij~IGl%;mM8<vh<5?h%;n<suvHWvE&W
z0l7&7CG`es_in)Sb0S36ectC6VBUcYdR(AqPa(H9rv}RVp}8B-!WmeoLH0i*RoXTv
zgh2gD4ps7r_bWE;&Szo@MWDVfA99VheV>!&_FjdUkK{XwBh;cFYs6l}K9z$<Y=G+4
zwS?IyFm4TO9uyI|&t(GtTC(7$wd0J(A15RFR<h_E(-CS1;1lT3*BlxAnnT3?3?2mP
zk6LI6KQa;Dbs=JY)94{Em;35TE<waPmSVFzK-I$p(^)XALDM7)zx)TgOT@h&NC#?t
z7=0sZ#A`1i5OuY=3?uT%l=wGUrB23sd_z9%qDPm49kJG~m4XAnjeUxR>xSb=ADL;(
zSkfQZ!`1qxDl|oKQ`I^U(dJ&*f>kKQ*sJK;fOLOCta`al=rB^z)vy~rQqbDaI38}j
zwY`;j@3+BZ6~2IX*YrlpJTE-nnNSXg&|kPO_@NO70KFijpl`HQd_hf6l)^>8u?LUq
z4mb5L_pgQQXf2oso`wvCXOF<biNWWO?1O7vhtClgb7LCmu#G6_0q#akirz<8Qk9~Q
zd(kcB2c$M%(Nf|fk+uPDlt3GzrNJ1Kbn?#H5W+=%XS(9&&I1w)m61*H>I(N{k#IJY
zN}%;KUZpLBPVt%s(L%fsWf_+e{BH107#IEMJw!o&%nePYdr`2tF}4=-HxqvVxM_SH
zkY*Y(lksKzfd*(@aa)Otskpr$Voc*JoC2X}f@T!*5p-wtA*;b#+lX!LjdcfT)=!^T
z>b~H%@wfnO8{bZ$NuuDJ75Gv-o69L$2g^e{u?JELjv&Tt!I}9Svs)%GD4DK^C`~C^
zh&bF%j|*~Kg5Ga%%(E3*%C%|V4@Ga77#i{>wl?KeBE(R-O?!z#+8|^DoG$m6&ycI|
z8u0ugXvO~%Jz4D%x?w#)F9Pm@d0;<pQ3|{m#5byKP)4<h3Re5{xL~!v3|70K?RKl$
z1;ruwFyKa23%Ub0Dp{aocz7Kpp~6M$QTd=W24zS?R8X4J<ATyW5hBf=#-KE<YzZ%T
z1ZfOu3g1HBNg7M@AK5(3%5IMt1e9IcwKwKNuz2&?njWeMbf-2?$J5)ln9tGFKz9;p
z-w2XU$<_J0b^B6~^y*2Hjt4-}lt_2cjDXiGbT^@*^UCE|PXOo#6=tk-VXg-iVjIUS
z5Au8QxOvr_in7HqZyC<>DE)Q$9-Rw$O}<CxQK1XGL#A4SWm;IJS(mS`z!qnKzEqYe
zi(DE~<kFBL4V;UVI8V#;i)E2Cjngk--2YaleBq*BBWV>w|J~;!{!*Ei#k(ma-_0@|
zy(gp>HTpJ5pKa#5MbhViKA)6-m!vNTO&btQdMoG$*Mr_8;}3$SFNbvb?UA3}`p_#o
z{Z1L51)4sG(jSua2+-r#f!@z_-!{<wl!4N(>Q5<-tT{-~0fE`MbUA}ALviUx=eCX`
zWG@i<oD<sq0vRz+vb0@vB}Ns1K3r<MBYncajXaz+-l;QaZs_4$dM5{H*0w>v0^TgW
zr2SulW=)RZ^rG_!v?YN)I?RSf%Le7Fqd95(vx|_bOyXSR7>RRn2F`XiU9wJ_0Ja3`
ztI|5tNpSU5GEO1Ba)R4wpF?HAf75TT52M)?alt;l4J%E?2=>n$vl*8SM*~OEq6=?_
zGJ<ip<hD+|B*zMa3k?gwe8vdVVqAC$;X_ThWZ|WU=L@GohA0RT&LvzH-a~2CeNk8)
z!t;ff5FQsU^{Ox}g{KVX60W6isl$1OYd4%rcw9Ko@Y;r_442br9OD+QiEu9ArH51D
zbqJ@zYZRU@T(a;wgtz-YOBtRoybj^D4KF>sjl#KvQ{goVr^4k7*QYTw8-d}ahvy5Y
z!b_0(3J#)wn-i*QqO87d)7~76hl!BS5DNxwwPFiGK94M*4-<_Cf&%*X@0%`iu0h=a
z^NFeGy|@_^X&^|EEd(iQQ%xx-0S|L79rCGULC8mvDKEm6nGXPmf&0x#FBhjO1!GDr
zCWYq#KZ!&%5B^Vluf<c2EAW7TDM#Mlp|js1I8P^clFt4Hjov<yLkj*3+?<C!1+V(1
zoF*4^!Z`Om#zy2SumLyf+mp_m*YC68bDP$m0@LCLU;zc7x7EJ4fk*lslZhZak%ySJ
zG~Gz#F`iM8e-d%@b4Nkk?kEtCyx#U0a5F$-bt-kKfx1Q4{gB!CT6;Lhw)VC5c8r<y
zOIw3coj^|w6(}_*P-;*hMn%FeTZACc-_h>J!oHHo1KT@<i-a#P5rRN}F*Nc;icI7|
zk5Lgls~F2Us2LUuqnh791_FJQMuOR!F(A*JLo}1KK~A$s$6OdG7g>JIGOSD72$DHV
z@-Jp=#bq#J$Jb^olVuap+?;p8KQNY-HG|~5Ogfso8L^kr!kFVlkQ^(?pFr{?W-Y12
z5s%^W(;5i5mR4^Zg&@b#6zE#cTLJPa(yJt|0?F;Wne*-f$*gW+@{k#O2b15Kv0Ir;
z&oUD4X0jhhE_XMVJH?E>i(@Yb$rZeSV%s-e3K2%r`@{CNL6j5J&=YcduAf9%poPRm
zhBAjyJMkQtq=8GBYfN`2^I_0q{)!fP8VJ^V&%_Q$v?U&pg+9(dq7CS?(lD1d1F^ej
zL>}m|v@f79kh8zWCFKkl4zkeu$Pw7aO}~=cVX|6ZY_A5PHzs7YMeF<tVOf2EJPxGf
zQX>TnN9ZrRX~Uwc`33~aDBML180fFMvpG}@C7yXC{=&qpi%foBhw>YP46X31G^1X1
zXSGG^hwvOmJeMS7vwTAlXUVtF%=EG$1WSFf846a77OS($%20SexvN0moH1esXfbX{
zqavnL0r%yK=$s)q`wgMy!-R7c-pm8^$GEd3az}ZLI!YpU5=O=NO;=z$5J1J6Iz=i8
znQ&SJdZ7$REP}Vt3n`Mn_1BB3?K{vqqkaZCmk#t^QSZy>6?it&`>l5(bi}nl2a$&m
z`8Oeee(pPftU($NzLcg3Epf%hD_X$hg$s9p_;RQ(K+BhmrUq#Bk}Or}5_k;{yNq@f
zwm)x$Dfq-Ous(flFtq>%)DBUKv1gwq!2Qi(#9Dz<;h@d0n}HiSipWoE>8>Z|V9OWs
zX?8oIZan9TAAxw1?A}8dARY#d3Vb@$T(S&IzXe-^P^{hV9R&0#O5pP@T`t7CK$W;a
z>}n%zoX98E^mD(6OA(TLbUpC+RC5_e3_IBkk3h&P<?+f}vbdX?{j}B4%TeQ^MR>?p
zl-8<Ov>yx+ePKWj^;G-bbLH?vcvPEUc(gN!o5M7vF^6fwU)dH+^H<=sJVD`cs0$5w
zgg@j6ra20nrV<D*%te}ms5kIGbkc#f6m!}K?FkAhWiFAm2jRAwxd)U-Pd6k8Y1+hN
zfY-o-k|3jzW-@a9?*(a&6vQP8Z-*KmG`N@kft5gOWzHU4nLF)32ijzg9lCArg)Vif
zag-?h26mZ&@c(@^W`RqXKAocAZE!bRGz(T@w&GY=kD<JRhj#=O{48+O8a@ojDHJJt
z8hqEYhLr#I!YEJB9-yg~PZXR5j)r7KSHW{BO3{Aq1QFB##9=N<Ni-$RkLNA|JyBbL
z-Xza7(Gv;h6Y2CsTE1^TU=Wf-@!3J$o}Et?gi$OBV-o>ZokH?D3FmWwba!N4p}`TJ
z-ebS#9*gHlB~X6mG7R7-QVHmU7A3+dDjDVD&EO23P+oskI+V8`W2Ek&6UxhvN>=$N
zw;91%I-y0;FmWZX{B<)pPbaj<UxeTu<qz~XQuojaE#@Ml)H9N=Ho~J+op2cut)6iT
zGO>)&s!n(jJ%2#o^q7U4LD2(JkfH}Gc$^>BSgq7*M~qsFVOWtC4BPn6tkXuHhw|e@
zasrrN3+76_suRu&ajQn-b+L1n5O-3{N>wM^eLsk{K<Ja6ap+;Mg2o)0Y~de-+WGZD
z4g8z2+)leC8P!Es*t$8p_QTGRk6xp;B~<s)n@~n^782PA{cKGbJ)-rZiD(opvwYK~
zQpZ}RPG~`&3xb`h6u8l;^4`LXo}N6=scc#mo=ftcM~LCy@R2$~infpqwK^CS^nt9V
zL%eou5U)xP;x_^}`|<5avl{9|kp=qpU>YBAGY#z<qK6<#Ga2dMlOh%j0&e<`dtJf2
zb!Y)ohLe~dns|Olxhs&yEcYGcHTma(XU<$%Rv^e<b{)Bt13P4^R*L9x7`pgzQc#X6
zcMx9&d?{w;<fGb5#+GMvX5cha`Cr>1pSt4EQNDTp2OUipZw^wjPn+@<+=|+on%W1P
z-n>8(PNmB?FS=6jGkU$5%7wZcsS2(`Jxm?eA>70-0&bW~!Tm^M`0s)T!6#nUyWsW^
zo_#~w=<JX-ng-nDGYx4>K2MJd^0^1N>5=cGiIh?#Z{lXy`{{0QJlu8BmC{d`uNcUF
zLg!^A$Z5{x&IaDs)L!`kxGwr^L+PdvngRn2OF0B?ig_2UA-89a4)pgs!qVaSWGr{|
z$hXY9AfD^-UGn@yB~d4oJ{`CpuAvl6(8X!4ivP6v!#xuB#!g6rFJ<;$XM_vy6F_Sz
zHO>>X!MUgkpF%eg_KR7ccLqGeWz0<Euf?5y?v1#FPB&$OmZzHmnr`;SD2?}cG~Fx%
z8a~~0?ZHTS3@p`vPN@4Q;6Gt{PcKX9RX%wn7$y%7SYk1oLJMgM!k4#~W<~hBz^UsK
zK530y^B}wza56pM;z|^AdZWA182q|Q@sz*2-WXRrI-&edP4Sk$HpK|`>Vy_ON$xDB
zd}FQ=9HSE|gMH=G&0wESs0?mXJ`H;3F{_PEs2JX&H0MB?)1DR*OdGRQ5n+{lKJn>Q
zqobN6Gq3zC89f+#OpWui%0GsCVTrstp+)?)@-TT@C2!Bm+ab|VXz4EG)pQgTLBHpG
zcn@&Ph4THal7xYvY_uXMp!`x?=s85`W+$}#YD{}*%|Y#@6FOnpI)g4ou8rl2pn&p4
zW~#nAq2)DZs(w15<+EU=%w>R1sOzO6c$EY}G?z|j{(~$QOlv=oeMmv;aqIe91LXm<
z0OiMH&bR23jM@Xqiwx8q_{2ngfl<gt-`>E8<I%V1J77I2u)5wrGer4-h4`)y<BjgH
z6PmH^93cjw3)?bKr_HDn1=s=wG`wc)MQ5s@$aaVv4>eJMdk#X*>npneeI6?ZbZ^`=
z$qAh`qiBra^960`_=tWBxKe=pPIoJEFE-oNm50*)jF70a?1Z|X1|E9`c<0#zQ#Tur
zg~B@<^M)gcvcp$=iu=qyq$YcSzHQ|C$|MSA43xx)dp>c=um|Woc79ba0w3lW4DEq2
zn0@dgr!UY6{)j*1OA@@)NQY>w3teiAM&C5uDsXikxKpCNNF;5Q>XamVkG%tTB6~+y
z`=wadKvGAlPN=&XcnuKpaq%1Q91I$6@Gr9rRL9;n1kum^B9KrgCe!}APOO-o%<Xq5
z#Wb(9Z&!++X~ex;k>Qh+Vw!#0A5@BIG2H&JasRVYOmkHGV@feCP}`qSifKMze^TMO
ztvy*S_BVmfP>ZkbfqQ3F@|$Md=c+t^aC*vnVnK^c(N&=n>N*a`v=?&)w^Jvy>$@b5
z9-#f*hu~7NI6%`sY4c*jE_5m~F;5YUFlmA!C?Ml4Xz*9?@bo}vDncn>80FcI!7QU0
z7mn_U=nO<tz=Us+hFaaz%Z?*D5J~|P9zieU(B25mLnsAI7;1+0L1=G;Qow}h>!rbY
z`oRE75J~~Ov%@n+-p0vWxx7u3w{wc<Ny^h$bP5{vT*ONXo?Y^`g@;<teLUWK9x1A(
zl+{Ix>GnoZb`fs>C@QPO?WDZ@E^nubIZ!C_t{8XKxNAx=O&~nc3OAD{S?NtLM?7>A
z>_J#=F;i7aF^hD&QcUk}Jnt&S^lpOgw7bZ2#EAb;;YRl0yW-zF%he>$_X=1IgbpaA
zm=;kyiYg0jrxw$T3lHw}IOWMxi)kS8^ikRNJTui|dhnq;*`DVbmCv8>tT*o08Tac|
zDb9^5i{qW9_9U@l%52*Es6$WEK+I$uutfw}r!OBTT}0ue3+kl45`OdH8`P5w-dAeV
z{D|sFR_nVA20#Rf?Zcs31Bf7YzI8aE#UgN8Rvie*?&h8!K!d*9aWoaeikRsReqQw5
zDR29VMwcVS{k%1+jlxNAqY`nWZh{+W#=n3K!@pSGE|7uGNa{Ixdy(tz_sJ&lC(3^5
zpRBNM{Zo|Q%&7{kP>D@Ey{Y&57lP99iBxaWtA8=5--bd~YHU|BuXMRaW_$wg$4);J
zy<-?!kODGRpNY-9(eT9?dc0PK(Cc(<lDtjl8zt!a1XO9f3Aqf3!#Zo|xwZM!!|CU0
zfC)Df--&iY-8+HbKn@(<Iq2g9i4zS!Y!A#`Ww>>xcWyJjIYtJ%Pk4Oxz*abG_S+)p
zx9y_*)qc{+M@`ZRE!QrWHtI-H2z3pC-z6XF2<U{mZbV>#9dw$VQ1=<Y--m3r`0cpZ
zU4=+Amg3WOLi48pr=PnD$dIcbyHEFC0DV&;IPorJ_&kMBJur8!G1%Hg{<UVdn}K8?
zji<!!t$>C6B(v4P%~8=<_-wb<Kz#u^purfqkDqVMFf#&$$i^<Qi?`a$mKUJE!oj0k
zZ|VHXhQb|@SvWe%Tb8^P7Lo6FDEvg^m{4>pybCCL&T~v->u_8vsZG2j;n>Ct6pp+3
z9i`(zndC5g9>+T}<$Jt0&G7|Wx#I_3Xmy;Dfxq!IHC8ci^ine}k=<W>RDwDRlPZ9B
zBY(}KB+|mRcO!Xuk<cCy1a>o$_P^LUvID(Iv2Xgsfpqy_(-lAW&p<wzMfRizx|wq!
z5jbd~Ixi)UcVb#(=SPZjf#Sf|lnsVPeSznYos}CGSaO|#CIzg?O{)B&c{(PA`LmFj
zi>(8K*9iR9kW7KO3NL*k&cn6trOlMhRF>WQmw`gO$i<5MohFBUK!$-Q%?MVbrKw)%
zPxNxYTp76+1sJ_e@(&prLwj4=_pk{9`#O!-DCw-Kb*!qi4-rA&U9a5@*_CwG_j<xb
z!VlL7K@bybGzNVZ852tqB$6l+#dgryc*O*W3GhZ{`9~;X0`vfsNPp2nqGD3@5c!B_
zzE;tZhrm@#EbU)s;RuM%7Wo=T%5B8{2_$XvaTQZ@I6QFa^mfm629w=Eeocw{(xlHZ
z9Ar6>{fHEk_Ml`;P=#6YjXUwF1R$X!m;64G(;UMfXM?1o5;_uZ`=uahsx3*!9U$*U
zn<V5=_u}_<30ZU~gP5EYg(5?WX}kdsuK?d#ZSrFs!sDJqIDv12c8-QVM_?PQDbb}6
zBsPS}*L_hnfUiHdLLz-C?dwl+4?Y1=zJw^g{^U}p+~`KFk$cZWr%w5XMvKx(AdtkW
z_T})<1b#P8dPDwpIq(Tc<98G37z&bf>i5uFDKYgjM4?7j_9?Sa2*97FXwlao5)RFZ
zjE5H@uyxjG{lH!YW@Kr$&P0}7407W+ATwxq=|GPJHaDT-+)iLakkmy}+Sh`GI)L;p
zrd@G6ng!t5qG(DkN#=P}`PqZ5@{^YWzf++}bcb%h9jS!oQV;X&Rj8B2{{`a#GBPKg
z{oRlLbZ+?|s0fhkMp-MMa<wm|Xn+1Xp#5aA!)nm^0G=VLro=~~kujm6w`94S&I3L|
zrRigb9fbEJR7_h6p$R<mkVB@bjZ76kwl@;YSNR?B=pn%S&~PQ?oF_j|O$(q{0?)k~
zaaPjlU9sn0F3>^Y4;=AA+I<k*Q$!}v{xF)s^B_%*r6+1YEz>^hkIj$(PkktxdScUl
z168^gSDGxzb3UU%jv}pWB-#t$nH!pWE>|_-t_j$z3vhKad;;|wS2vO+k@h~jy0H>{
zIVkHQw1e5>o`Xvz@Wd$m31p`iU=Wl60hA-|UC_XZk%PXD{FM^-A{9BJ;Od?tjrAtd
zp9%6Jw4o=RbNUB?ZX`NW(wBk$8DpBKBcI&f|8CHab^_f&p*ocP2>J+d??I$&fLzWR
zq8!IKa0qI}e?G_yF>ZMBIAz(xpo1pR|1d~4&>AkIe>5JGKcg~cFzp`$dMW9&mTMUQ
zG5m?AiCJ~O8y3A7l6Z2J#J<;qpw1YF2K8)LTsgNRpyKl;JYgeLM`%(`yy&ZVu^RvZ
z(6I3AP&_$a1mq;+BD#0Pl@fcNQ9S+f(A<Rx=(iRU4xmJIHlOG|5!Zv1=mjOV-#JKB
zO^N8y;(S7G0J4mbCxEObq%-ng2c+*7TzWwe_+vb<sJ`rd2pFI~N{QY_>H~zF0P;Ez
z{Q7o`!3pPhV?%=*>YtI_69FZkBGw9>*Dm{K%2o(9X^8E&9EcYPvJb-TQe?+};aRM>
zXa_=6^EiZNPvaDmpYIUvT5rAqU#bComud+&u7jrscwS?(QxdOcf{lI^P?d+1&>lrK
z_8jKU6^%j8^EMlF!ujy<1g><$@Q>#b!G?c1TG~Ll52SOJ>30mnxCp7uKJX-51c5qA
zbL^rD!k*MJbq`GZ0LZyTAjc3nl>T(yacbU)?yNS2(1{;9`8#DHBo`scgiHaFNyri)
zxj;(Jz~xgEONQe4$PQhpqWNqDlGc>wi4s%Q<{7~7E1itQX+TUF=Pbujb^y-??);U=
zCYsp`ZJ^%bxDh1<yM^O^knDo4XBSj@{s>I3L)c}*9T9joN3z>Y?1;V6d^MG~nLL~0
zjd1qgnCx$1_R}|kJ%TK0KQ6^-bO6t{nj--91zXfH9AwbfITnEYmHO|G)HaUmKnAN(
z_5{daZ+6gxzlJ=@uWToeQoirFO-mO;U)@3^_{Wu)k^?;3A}hF!^>rewAV+c!Ltopu
zLTNj4P%yxAMX0a6g0hC#q)7M}W<%h4+%RKuyPn5cykIRuv!vZP5|$50X{&XMr?KSl
zXd(ztq}(ZODR&~Zpn-nA#zg-g=H5HLs$y#&-}~%2CkaVTl9QYhCLsY52p~Q5DhLQh
zh=7Ks6hWFGQp5sY3o43W0}Cn|1REAay()UW_TGEBdTn^^h!wG1{XNf`nNw8m_x-%@
z{o{8&pMB<8Q`W3mGqYy)-ZQh!T8Vd&Ao2G@a3T_}{24Z988v47hn!n|4IQ0~p<ODs
zCx$Iv`9Jtl#MZ-lc;1~bCh%Y}V>3XjDWHFr_1FWS04)RUZzlXZ(2{4743e=}PaKQ|
zN%M<^9yk#6wj)88%a9ve2|9hyX0h|bA(mUtS<25f`zQ~gAuzZ<jZysp=x3-|_*JsE
z1dTLFUi%A5Fq=Vtf`69|8z9UkcyziMe_sDD@c%y2p|D<lJXB%QWh1LW{PedADr;6`
zLimNvPOmbl*S{NL?M7PZs^y_p9f!iB(?R${w|utF^V$NqZdr99hi+uDT$DI$GYToa
zayfPA75@zi<&{4^WU8q|R5o6US|aK;*vw8QimE!t$#I%sukc5-iK%H>-j2x>ulzU6
zh+VRXhVcy<vr0sH2FIR<ERx$75*EwtWh;26(EZ;`pq9}jaAWV~f9dCT*og!`z;i$^
z#0*LSW&jib^rzMsR}?xSluxyV8dGW$t+hb}(b~k2PS=_@;RmP<Wil;qJ<w`gL6nU(
z`#j`9>ukuJn?bT01adz!`c06pV2%;wZbkYk-rxl>nbl9&b|BV=Ii}B{uiu6%(6s#7
zKR7Nzj*erFm*SE$7$nyX1{Iw3c@u6!cf?Gd;)NO?glK=Ic;+tSFNpgH=F66x3R0w%
zP%kmH6>0}pdB?Qjr@Uiw__6TC$&4Z$yBGSDh1@=DpsYG8@5~5ZqVw?>HE`v&PUD#?
zw?w5fq!}nfnh|5dS17?ASAv@$eIrZIUUYFeME;N(HRRnOr3CGn+vwLprm3a~twB`N
zQzpbx6LM2yRNsxNuku-4JqZWh(-aeudJKTbJm{6(@oCT<I)lk;03F{abtb4U0H*st
z;D5j<kRgqvQT(k$QiY`D-EulM2aR?W@*DR7>Tr7>+|~o&H|h0>FweLu5`jPYr3TDl
zaOFRSdxg}<l4fM9WJGyNv^n|sAvjwNSEM@dtIsEB!DnVwOV$Ink$c5mD366bp{R(N
z!WS(B>_H~g8`l7KdZ^5{z({9N11FY|?s8AoZZZmDZ~H$-w7ouLlNmY7H2GW%WV|BN
zP>fOI0S@Oh+MBfUOy~tyF77%fzug9hgy9Mgfb>HVD?EVDpQ=xQ^afTPFOc&SZ^ma3
zV-6;tXvtpVLKucQxFSV4FG87Vs!9z_!&^Yw7N~+qJY0XnBHtSXT%nuPtD}8yBXIMa
zrU!48S4xOiR*FebN2HjBSzkqIlOx0)_l3uRe<O!s1nv5wRRIj*1aUfyJPl#~(>XL5
zO6G^G<WQrTBo03eQBNVara7JFGW~F*KZallz{v!S0A~|C4R8^FSKktrXuC;O-|HUF
zdk?r}anaZx5MvnVv7`H8Z7x9jGMa-3CR5{8(*Y&$Z3B-1{8Du-!0>$hwMB4vVA1gJ
z%5bv=oV$O^0kw$WBh3C<DNGnSvv!96i(Y8dxT5#_@`R@KM@S$KY3}#8B3{iCpt;Ty
z5!efBZUD`PGmc&Zn(qNYvx&tN4A5z4anVQQb7L~Sjv~`6FpECuH|dx*vu?BQL`?c|
zMe9xOep|`9Ua~HcZ0jZ45@A^{EIUu>i4^1gtrZw?k7icm%qO(ij-!Vf{0v1t%-jsU
zN^y@6T*Vie(IV+lUGD+|{_-9GSO=y&B!UcOg_I|cS(yoz5G8JfH?L?P^QqHP5vY%J
zJCUKUJPE3NANlf%ZWDFd2VUE#%H|^XHgYUw4$*B)QuTEYz*{L%l?Z(s)$CP%388sK
z?@DKMSBlYHDMoh*qmER|c3~tXzFQczs)h3HY$?=u9F)x~`i!maLH%uYKVz!93bg3`
z8PQklY|v8F7ex2%yFmImXj{=2aVXV(AUf9Lufr5Xn*=c6PJmeeofebYX8`VM2}S^%
zO|TZ=VuJesHUaeKsjzoK#wI8=YO>t)ug@9hS1{WR;Pnqx;xRcQ@vZ{ZTG6o>9vv(B
z*A9Q?E^ZhG4|dY%3_o9*S%+f=;OPmvuh;)T#2SHc>K1LGy5nI?JDY!tlMLn~0y>}<
zo$1TWAlc2af5CKfFYC7a%*SU(T<m$g3fsuT$?Uh0<w6YLg>CqJvic_&z`}Mn*P?bW
zI{~nozEu?%{tK%(GRZ@=hrx5eH+ZPlJ<Dsg2GfCR2;q9@o#>ssqPN>B8#vHb+3lvv
zT7Z@+yIrcRCInh~sG(zrftD(~%X|QE;*vvP8`5$(6XNqKJUeLfAZ#?RXjVp#%#y4+
z^QmPt$G;1S(|S@BpI$}_rR8xQK(vJIG5!XvLZMiN_<DMqCoxrAVGu1~<BW^g3DZkO
z<WhtA{4-i+#7*?abc|Q@RC|XYQk=@{N+r8frTMR<)T`+0RUUw>c}1^C?>twq^LUjr
zd*W#XuIQfhz&#8s6@m6pHhBUaHBdVE9?3-t^`jK^Q&eK~C&sOop8YdBWR-Ni-{_mJ
zA?ew_($^b$3e<nElCe!SKHm$Kg)91i2s7*zC`WAI1C%G5D?LS~2beaSY7{*gav4ae
z*#~HcMqfDyt(^sXf|BI)AB^*PXtExs<fA8nJd2@EO6aj5U!kFThMaTOf_#_e=2;=P
zf;^6CpX0vboTosFb$x-Xay|hmC3;aJmtgdlV!uSPny)0HZ6uSCLp(2Kafd(D0%IhN
z$3xMMuK*9|v@eD{f;j+R5S$M11HmSMP)mU40P+dG0MG<Y24O=9L0f<>1cw0hCpZOQ
z1VI0@@OMT7?l(PTSLnCucqu$EPBy?<PZ1s*+@TN*XMrB@4fJ>-!w1nA#m3uYkC%58
zGZY$Z&Cnp4p_K?0GxXvgtk57@nVS%v&0Jq<`FkTHk5Bqdz$As?@8osllar2oXwqR2
zbSTeE23-R|W+Tor#`$zm$2&oHe2{<7@b7i}4VZ%19}t`fu#@02fIS4;0fH)k4*{YC
zAyk3}7(|_ra}hcJXjLL*x(>cReSa+%%Ssy@X{33b?$N&Po7Wxxo|JDZ;?kr>e`_w~
zGjVB2r+dbf@*&Z~h$R*sAI)ZrEO|;KWhI$y9uW0s)YlLd-NB27{OmN1bb{FCDUzry
zf@!nF+L<2dNEb=s6uUTIrpMvSW5cL&HM$<J=%)0pze&2jn59i@!KGqgHc2NRcpPGH
zCN!P=YPM@{=(e$#cL6vfeLngMujm$GY#wV#Ki)#-Gf`x}QM&3DcGa9~A=ADT<VMLw
z%;OD&!#AS8ZDRwysf>#98gGS1her_qUIMORd>mlF2k?0bKx*|)h!dv@H@7s2Ol$WN
zW3I>a5tm<Pr!9N|=9f_hZ`uH;t5aGbCY+CZNL+q#kaIrrx#lF`ri?r2f*R~WL-Z0v
z_e&}}R3dm2{P2A6D0nXnS#x#@`0<J^wu4peFl)~i%LvlC1T=RLAp##f*6ao&F>s5`
z;PnP*v2cdY8IAZ-Gjc1Mb0SDlRwpVe=Q5BFL5yfuF>&vK6a&~rtWVzlR>^Wd8XEyp
ztkzn|Ds~KLF<a{my%Drj(MB0~V)udOEoAg6c{|gdHS<IS^eVq)N7hP5)<{RGjeQW8
zwK1H1>^(->+|rty_B0xM=(W~wX67ws%EGq)?@6|stn+iE?VG-0pQEA=O2chWyHc11
z7VD8UXD%ihJDn$esNqlqf{0#<8Mb>Ko8_Lzq7|7A(CUyem~x<}qh+baaBoa^a7A0$
z%6c26kVf0e%q&hCZY!sishnw`rE&~iBJ+OpR;1=9q!sP8673Cainvl2ozf=i9c6MJ
z+kh|`PHGK(4``{GZl)$a0xdPuU1*si-Ve#epma1-#GsM3+1$9L=7^sm7S!rRyZy-=
zky<Q3PswJ4?pBlOb3oR}5r}}w!bIOsx6gcNBs!EEn)47T%t-s8+IU0Lp$o#z6tQ^6
zOgu})6+6b4BfNY$Y6O%#q)EJV9hwTR*x-Qoy1rPO*kHNuO?0{%T@qI;7O+Lzz!-7W
zrvu=hAoLRbpdntdebVMcG4pP$_(TNoicL39*8CDa{s6^3BL|Pf=9)7rhOC1Bk><m}
zg&(3&=bE+=YV33@1i=++?aREjrXB_4yI^>53L6((W7t?s(VRca>M)0_&Nj{zbb9B{
zB0GOR3~-pQZCxC$k93%p$YDNWa9E0E`Sa`L&Y!DI9nYC*`7W59^5=^z7oW>~UHtis
z-;WA7NXk1nybtt_->`$>*VfPO-wGZLAQJG5?SrAK2V?XfjQ?fuX7h;kg!fo_?{~@)
z6bipaCO^Or^`8sx03!g~T5Jq%rj|+amH5wvcRjri_Om-21HG?@XQ!+2H()KOZH(w8
z?zslXBI1gT45$p-R7Mh4v2(>n^NEgu69xX%omug9dDWMM2gxI!tao8M?gmF0qc&WJ
z4}0K>4UhpN`!i(7;V?FU+8;i@10FMEfgG6M;XVZY1@wSyJY_zMpax(a!BBuJ0WjOH
zgtB>6m&%#|zd1*s>Qd^xIhS7;C}LKd?eSSvn7Q19a0nD>tVLR01ue}+@`Yec76mP@
z9gMDgJxEytB4kdhI%8Q12C-~8`#EwrN!i4_5zN8cE9j!lCgu;pA-Rc}p{%H?)F$RZ
z#T`)tLolyos{Zi~Au#O>KTo#$He$eH9Tp6)Fk5}Sp-rYBYk0ZI!A%#VJh%#biwc^v
zsTTI82E2){R%hOey@GhW3a<*X?rMS^Ifw*3WHk=Oz|5;WS01Kj_s4Bw_OYZnWy!7t
z`R&pq$x}P!0c|cjNA?DYe9$<C3V9O9Hzp^^X&~hhu7u`HLRvnbF0UkKdAvC)7g9iy
z@~T{UyxCEnY_3E^d9o>S=D0X*b2?m&5IzPq@g8#VyrItzgPBZIO^CC6T-7y3HPSe0
zQjJ4k&U;{R&m6>RBenV~NDfogZG~($($sl%dy?MJ6EGRM-KZ_x*s>2EsNt&a70j$f
z@12Usl1VQi`+$^IC}hqVAo;koT9#_$+zOJKsFo+kGR6EJ%uy{~^}g~TFl}1fQHBSJ
zq)@flj5H{x1D{$Xr}-uhrjKE>(*!jeG~S37#H)J$;4F&xGg63%`;*LRIm!xgpi~FP
zs4tORgczCKVHAShfS-H;i^u<Fz^}Zp6W&<hsy^R#Kd#5AK3_D<d06%NA9b--qWVJW
zuZo94RbM2ZfEQI<#3oa93%ja)Zng_4_{-Y^aLx!%HbOH3W1^W<UVpXc@v6QzJ=1%c
zX(?AqRNpH+bEw+C3zYKSC#FgAe@yZh_;w1uC||EijD*4BRsFdv1@h$-it5jq+M6^9
z^6-jw5B%cyp&VY(t-g5$At!)=qAKMmPKRX<YW-!3W3ZR#i!$;m7;gsiQcejA#+$MH
zl~w4ixS~VsFwD&n(IG5SsZ5RxtnZfey#Qs74w3O(o?Q$TC{Gm*5KYKrw~q2varZ=Y
zBo|~>aZg2b6rq>50IlNkCD6KExz0OuJf~-6kpp%?@Hr-jd>fKl)1JO?uj`%Q!(ZP0
z1ZROE4&MA^qg?{%Rjk-#p^Dxx1Oplhf%Sw_F$=jF2~>6kpJGuDeqIHiZE;$lxUriq
zHzr`sVi^+gmsbt2luZTS0%s8=l2^gGyb-#Bw?hK6qntN#29KqZoZVAJ*gG8l1x+d(
z3SW5*EO@r;2t8>uct48kkK1}`Vc%p$sNd9_`nN*1M}$r{&PrKViv4AF|EoQ|hfC1y
z;Z_La!gM$cgJbt3R^a}g`{lTC>ToFeHVnALM+5(0aaY9Qp)>H$9fl!gD?|*nSA^v}
zqeI;T4~!cV8(}E2gmb8^x3lQa3et#z<lfoFZfLtf5e86@d=dylPnaiQhn3|eJ0|==
zX6J-I*zBC}_cM#^{UK&&g+J7W53}_Ce!n@xJnxp}DCoYvB9^7zew|tJ?H_2}k=7k$
z-FoXDWZltzzXr$X0ACRsMu*r4*!#gn!u~kxj<+uMf{4FeWA0C~^r6;0%(|1UJH@(F
z{eH__h6nqKST>9JGi=eY&p@hprgdl8gtN_}c7Kj_=USB<X;n4Ps&2mJbCh)#`2Egv
z8BX^VvFu9mAN2c`U|^EHVh{R?ShgPcU4niCF0=t%0!7@Hher9k!u{G|9wsSvg%z<Z
zy!UG&#%&WZN@;7|cGiENh-_N$+grDTbvs7-?Sb|7&@cVg5k;)eKMju`FldEhN)ZQ(
zKyV?Wm+yrSyq-;`-&izN9=sDeSY;FEcDM*@BoHqckxiJl3HZuGkz`P|?B<s?>_uN$
ziAe|9Wk)BXpB@bRj&qiGod-^A<Si<=*qe;A+g99gzJ*<)A0t^a#_jF3+X`&oH;PyK
z4x9{Y)fx%-%j3$w=aC8v;nQW|7kQ*tWLLb0US;f(*DkzYlK+X!a<BZ)aQx2&=z>&S
z^gkDUPvrM1IBtm{%C30#T+2VF;#5?oWYxqheh)_Ep0Eiwuiz03QG{KoNB(ka=h%SJ
zim*kcQ}Q9$=X1(<AK&Ug1K_5ZU`43k45*te16UEuCLOh)A?pg`uNEjmSr8wNcfapg
z)MP?zTe!4g{Qjmhhf5Tpti<>4H5TmehI-r>$0rQ+ylnjNcNph$(}l8aSID(pCu+M$
zk?leywu@*RubGY4+{UZ2@ml+`<;OohkbPeM34wgz*k5Mp<$(!5DKO1_YG9iGtibe>
z+18yC$W|c#>!2@BXZ1e}_vL~@(%j(Ud&<zBs=YmC408mA+3k!acDw0-yTyuerxu14
z#>Vmf|E;q=o(4nZ&iY_43wzxjgDKcyGr~@R_2?hGCB}D07ou`_hZ_o2@VlcjD5{D-
zJv&9(`hGN>I7Nd?MmPpRblK*Flhgak@d53^eYxMu?-A}Rr)%^H%N{L%c-W|Re%PqC
zFl<x~SFGbf%2dr<>n>1cAX#GF<;tYH$hwzUce8b`vF<(Aec*TQYs%#RndR3+nS9}L
z^N^qBa?2lS4#obqy}Od`tguNBSB8%@mfjLJ7IJ7r_MrJAtUD<p+r<21EPax7&$RBE
zh_TtrB1S)OxrNG~W8FinyDs9IpzN*6y3#l|%eJqqn+<h~><i9HI&7p_w@bf+!|h~n
z#Pbg0d53J1%DTgNZg&n3NXho)wC!xa_MtPAO<N`?n69wsa5!Co!+A=IV)a@Ia~ST1
zu@f73+5-@6y0n;o;6i1mcxL98mJY0?`jS&8d6S-$%w}YrOrDui+j-cZO7@?mW_~F-
z?WE3f;Xb5PSSIzKcyhmBDqUJ>;hB~$v+M}V)KaEonPHil$kb9MmB}SjXPI37Q&?t+
z(qzeOAz8kRCvYf4CWZ24=4UifdmCD(wM?~H(PT?ao;^h)?9QGdb|;e%yOT+XXO*VX
zUa~TU?@7a(3se5%(MLEFXIgj4IB=KmXD0oz9d|emUh!s`c{)O|s~0}CuYwN`jbz%V
zz@Mj=5N`qI=^4bI4o>o^O<;E5@~SRK;la2+asKW|PNeO2IO6Qc6+YNX{QtK9|D!{t
zy663Fpiy3JdkDtkK`5{XY=!UkC6vkIQ{bOJ^1mej&n3wi>9V}qOEFQIy^j&#3}Dw1
z2B9Tb4R`w-E#zw}3`WEM^LZ^YFg}MW!+9;WuY<X(vVCq$RYxyi-kd=LW|v{-?qe}d
zHo-ASunKTEk!aG?%p*<?nR&#iX0Nc{J!IxXz096qf1q^-S$99{4z=$7)*TU&eeC{$
zmd_}&C)uA8k~6PDeqUxDdPm6^9U5lF>d^FX-?^O56q>EfeuZVX%er4%_j~L95HiEY
zi0<4ZoHbHL!qC@d@)dgD?>inh79l^}m*Yq%f)Sr|)Qps&QQ^LKVI&HT4U4d$;l7NV
zbj3{IMoW&ofGb9My~#DSDI^*U`MC$L!69L&;GjVf<~<KQ9e__EK0p_e`LP$}6FYtt
z9?vK8zJY5`U8#6rT`~$!UCBddVU#%B^y5}q(I3<4j&S+Q<1UZ%lL}0P|LsWyVy%OV
zjB{CTXc*2iMFzoaMcD2bG-i97@~{Z9m)($EIrHZ)x5jB@jv|y9Z_vv(ZlT}r1>9%7
zu^c&^9#X`5uuE`8ND)gl2H1bj5hu7TB#$9-%>xTK9NY5DdA@K+!IO5{hQZ+wkn7jF
z2Ntvn?tulddtgEA9#{ZNGYB?^WOHqPe!~H{%ix12)l3n}c3xE@Il|!}ppKU`3ik&T
zK;iy?;}mHLUSOJ#TI|cDN#Q&Q&fjs;yzH%4uiAKU#s5p|e&_f5@p7BF7gEGBD^*z`
z=`pHjNVWyzoF(cA=PcD9n6f#ufma-Ex;$HMxJrZ#w-znIVVZDT=WrAZ?<e&Shi3<b
zYfV@;=SY-3Q<}ErUP5%4aSHqQ#-r|V-^{zjI2W^q#tZJu)vUn0+m3U+tM#w$g<HR1
zv}q<h|Nf6pt{%n%@`fibunz`SDZ+-oqXEi;g0mH2!zw6R=+%m_q2AGJ6k$U>x{`#S
zqX^AIuY!hGM;h-?fg+T1AVMV#>oF!WcBn)V%DmO@ZX9!zfj=mD?oVLO{Yf796PN>k
zk|+HH=A@tG5kG-B;wO2wPhigWkrrg<qHt(r{GVk0?EjQJbw{P0x)YvQ``7A}Nq;{L
zABT4hZsdIn*qZv<-H6kBt{IP>2DU?kY%R}fCmkfKUG2o2RO-FlEG9o4#LnWrVMOe{
zVMNSt7_C3p<hBYt-JGHiS|U$AW1MPWJ1U9-Fsou8fx|8ghpjS2Wri85whwL<-N<@x
zeoFRf@ON4Omn257O=@H*;y8_bfV4ajjB<^Fe;s-`aPnNjY<n&tt0t$W_S>Qq%LyA(
zxUedPhXY&XcbknkpQ8DL<^S=MPMre|hj_A#5nS~H5pj=BYs+z?&lBd5Nw?w1a1uk2
zVYC0iH0Mw6v*q}=jla(@2j4#ecUN<~jml{y#sZG$XOVFh8)vDE#W~B&Sq96bj&sHu
z=TPGuVPdW@T+T4(BlI$!`_{gems08;U{_BYs<EnktCX?!G+--{_b4R#qbb=s6(hji
zE9|r5d_|bo&BI$-fOdzSogCB-gWuktjbY@LU)};ZQ;>>J@lT(K2V!VFNcPgv7OLo%
zFw(F$cqHiMZGd~+g)n#5)8iKW1zz}uGhkWW)9T#koNRfDF!wq~mng#A1)H$C90@~R
z6k*q0!2IRy!QaYNkffQ4)?9;S_dX?w=54_{X~MjUJj`nNLQ6IE+La)N9lrOMh<h8p
zanh9h@+JTzkSaeCl9I|(8dFmHz$SN%eRhLmB)20U%m3Q{$p03{e>=cENX1FgpK7v#
z{6)XnUha{XS~b)w!rXh0we&ben0qejLe#WC5#~mRTl#oKm^<z&OP{0&^)+)W{X$3)
z>+v(K$1#B-)(aiSErBA|Z}hh@P6;bwJr*ra@>~;E#JZcyq*X)_>w_<~F@|O-V!h>D
z>+xZhBGx}ow;o?+DPmpdc<3BOtf!&<NG@0BC}MrG6aCX1MXV<}Nq^2!#QL8bZIT0;
zC}Q2;$?;7SMXV2SOn+&ji1k`0SV68L*4H=%x6f6?dOe!B$k8KL5$pY2wu5pNvHoFy
z8{?x~MXd9k9N|1gtV^66FXt&@eE|jqVftB~BG!XkHRR?iV%^^5GBjTi>r?S;TatX0
zuZZ;=r;lIq6|o*S&c+Bu6|sKL36>pI#QIn#M?9*C^%JhNiKrshm$__9ql#FUxdzoV
zs)+R>+@XjZI;x2Ee5cd0s3O*7qil?FBmvfkySi-_Rm6IRD{Vzo5$h9Owv|yuta&`6
z<kCE<i1n?mv@N2FSid^g#%LK;#Co91r7Eh3_0&skjOwT&)_1tdZWUF;I%|fF(K@P#
z^=g+(O;i!<nNF}aQAMn|gkA(|8&$-*+-2J?s)+T%(Kg0DQAMmTai*+&R1xbDPOuJ9
zMXVc~3Ohy>vA)tt+9|4t^{uX=I-~fksH<JG>=ISPy533JHL8ep;A*Zms)#ke$|a(A
ziz;Hh%eB+)QAMm<IKg^E6|ug;wbPzaMXX1<n(Gx+#JZQuws%w!>uu-QT>3;6v0mdE
zZr`XP)+1-x82!KlSTA*Q^p7gy+}*?Q+$4fgqe2n3J8f0c%I0O!-0#hbvv~aJxo6ot
z21FIH{?J*mfl)=QpFGIM*f*+(^%R&grVkB@Dq?+%YYc;<idat{XJhOaRmA#>{jJB4
zs3Okoia!y&R1wOU9%^DfhLUTXJmcgWCu*V;7^=`XMaGF4r`R|pCT84F3FDL+r>P0k
zhAJ~oxpA7AunI#}8mGB&S{SFLajJ|{Z5%VZ3AHv<jd9u-r>$|?8P@w4s=aYK7^h>y
zlc+hqkPPK0LVfHJR#_jx_yFszuJ`SVDq{V~em2IQs3O+yUSd6diz;IM<W%d?qd*bs
zHMnK^h?O?5KoRQ;PqiNV7bs%g&gC+yKoRTJi)@T>1&UZ7;~M#t0!6GZIm*VES)hpZ
zcIR<?fg;w|;J!|>T~VNj_3<vo*#(MNALkn2x&lS4?{b1&TA+ya?h7oBjRlHWZ=7vC
zt}Rf+`UY3pn+p`N{=#|uwLlT;`B&N`_ZBE(t!G+~M+y|NR;#VYvjvJ+S5LDZuNEj`
zT{Ovhyj`G(^^A+G$61AnSRd<Dcz&TG)-QIoF)k}q#Ja>))HQ{QSP$rFW87M(h;_bG
z(Dp(_tk<-)F&->b#Ck36Rz#=I7b;>s*VXN7g^F0;?Apisg^E~z>tcLbsEGBiPL8h%
z6|ru0v1R&0p(55>UGbY0DPsMUD{Z?XMXb+oJbD!=Vtvz<mdC&%MXZlK(t3<7QpEa%
z`PSovB1Np<USK`e6e(hTl=E0$q=@y)(`}5Kixjb5;A-x%B1NnxU_veWc(X_m>)qq5
z$NNQ!SeLlw@NtnM)-9b*zbaD1dLJkHuSJSjH(zggG>Iu<{ry_&5sN8e{hsR$-C~MZ
zAMG^OFQ$m~KU_;55>v#w+7<4=m?GBsjh5-bF-5GioE$S_idf&`hOebDMXdL8JWh-$
zVtu4*V`s+{vF_x?)wMB2tpDkn)a5ZntlK)Kn`4StKRUt6abrvo>q8H-9)F7|V*RWW
z?46h**8g@Y{3xb~^*=Y+BwryHV7=9O{1{WjdXY;KDOSY#`onFKf?`FiUvw%=6f0ug
z;6$%1R>b;cH?3%0tcdkGXDvGvD`Gv?)m-mlMXYa{ZgbhUSP|=UCR>l;#fn(p;&eK?
zSP|<LuK1IS6|vsOwd5m;6|t^xEqQ)1zWoA^5yxAm#}q4K-Fk@i_)D=O);CPB9;X*8
zVtt{@_MBoxtm|CyFDh2V`cc=CHy0~n-QDTqreZ~`zjOMyt5^~1GhJ!#FIL3*LnrCu
z#fn(}Wto-Zg<?glZ%TF`D2N^CsPQ(&`^Ab_Z+A8KNwFf<PcODHzA9G4db_KJpAdu9
z@QahwD^bMyFRl|tN))l~<?Kg6i6Yk3PV~|eMXYyTY;&nBQN;QX$D?(LBGyw}3+h;+
zi1nAwqkD-W)>B+A{Sbq>^mC=%uS5~+<IlFaG?XY}UFKp;E>XmKqbu#q5=E>JKhq{z
zSfYq^nVS<Gha{X6b!xORPAXBv`f(@N=_QI--{S1Yni55<7caF*E-F#Pdblh8h7v`r
zZ=PafY%Wp6dY&5!ZYWX2`U}@hZ!J;8x|`G3_7X*`Uv(9Ae~BX2Q<hk!k3&JgdbQ*6
zLWv^QXFAb8EK$UIxRdmA2u4X)xu*SXi6YkjKGib)sYDU$yIm{v<BC{+zuv~kiYsE>
z-YK~-u88$2R}H0cMXVn<*CuHmSHya^D@#pW5$i2IZHz8)MXWctY<tBOvA%Yejj?ZB
z5$kU|S&#8?MXY%&kPIh>#}%<2<@B*Qu88$0XFiXI2hHb8Q*4rx<BC`}U1U90#}%=D
z+?8crToLQ*F0wH$k1Jw5$1&X;SHzmTC`FDfaYd|0yRzIGSHwEUCAmAUi1n$?<Ds}B
z)*DZ=Jf4gzVtt0w*h_ImtnZy+W4s(!#5!w;^>`(&i1jYlfnJR(V*QqDQm@4ovA)6;
z|Mj>c*4Mh)e*;Qp?e})Myct)-`bwvuf5a8BKF#%px8jOeU+?V4+i^v#pLQPqj4NV&
zms8L?aYd}paxvbGD`I`tS+*?i!2?)7=>&T}u84Jbt&Q<PToLQPySe3#xFXi~xYB+Y
zSHwEo8R>t;6|p|?O3UM;xFXhV+zjR8xFXhx)i%Z_aYd|qIUb+J6|rvV=9Ztu6|r98
z+Q;W{MXXmj6@G!<Kox$_)iT`~SH!x;Rn(VpMXc*xZ`c)A#JZ(Z&{xQX3cAX*^{?ZK
zSYPD~$~W+!L0RtV_S?83)=%$ev;7X$0IZc$(D!jgtP5Pv-W^xOy643<$q#WwtRHa2
z--C|K;=kic`(s=Y>x*1jeu^t%{dcG2pHVMV@)>SK{sk?WBl2q3J^me6#QNI>Hrrp(
zvw`)=&f~YZBG&J@0mn-yVttaUIX|I@^&;1ALkUH!v&LJdK|&GhR<8Iep@?-?r_*pk
z5$pa=^hiPx>po6FSqVj~v++Dwx_Wj(5$oUPS&y8ABG%_QjWtOqV*Q0{$+-zdth>3w
z<s}rcu57eC@)L?!YbQrEp@{W^&Ri5E6tN!XcoZfSu|Ctav7&?`)&tz!GL}%pdZ%kr
z#R)~M`#Gj12}P`5nqcLKCls+h(oL=s2}P{`=>#iHC}N%GM$@JVMXYyivOIJ`5$gw>
zM_ED<>yw?<%M*%NZ$I27X_ipL`hBOuii9H8vz_Rb2}P_wbaScZ2}P{0b=I;)LJ{j3
zuI5@M6tR9_y3M5uascZqCtHu|gd*0DIi0pjC}MqyD}L*QBG!XkORh;MV%^=f<TeRK
ztfwDunYK+RVm)Mt^=Ow+#CrP#>#+|?3#>P}Y}+Rkv7YRT-yxxh^-JSyl8&esU_H#~
zqf<f=>u`gO(K(@r^<}QKT@s2||L7#`noz`gt(#lcCKR#0$914?2}P`zxenAlp@{Y4
zuI73q6tVu?O$2%-6tRBXRYNbtU^PTt;d&<&vA)oC!afN_tPi}zirzP&i1k1xdcTAs
z*1n6;KcR^AT*qTTLJ{jFt_2NDC}N%Cc<h@{#CoygF({#kb)75i;DjR9XP#~4*bf~D
zShsgEh9nfRzSEU<XhIR|W8B<wSV9r&&aOA?pHRelP@`o!91R9ozvUzykx<0?31>eJ
zNGM{xVyR71mr%rdoU_RXqN|Hdo?>H+L`w$NC%d6w6nYegf`4CWW7H=Uu^#F)c2GhQ
z>yKPTjZP?Hy~NEe$3TUgTW)YX#wHZ8UhhOdIH8F3WGCq%Xs49)GS{>l(CFB-3s+b<
z#w8T7e%`gh@d-t&!|w6y1T<Vep6&0HJP{_CO1|7x!=!{F)-RlEnI4)@#5&sz1&6^V
zb13**Pa9)$LJ{j5UA9vaidf%)`J|ZfsR>1_gU;4tT0#-)f4R1PctR2D$xa{BQCjNb
zP-i}8BowjUF~#yYBB6-&K8vi!%!DG=Z@99|N+@D|_eD0w?1UoLOC8fW2}P_g9&cmJ
zO(<eL)0O4Ogd*13C7Fl8f=SMC9`h55Sl@G+<#7~xHn6P135|%#ik8p;QTgIXs4glC
zQbGqt&Elz%QCTS#8fEGFs7ZHFR941>Mq7G}jW^c%A8g|vV)-@L@Nw3EyiGSDD$A2Y
z6K%XnQL}XHP)i?X<(q8NO^KRCTvKiMH0vI2^PO(<nPKA}Vd<GR-K?m5xg|8)=0C^A
zn;VrqFQFrC{CU=$Z^MtW?gGo_Xq)ds8*h>2x7fy85|!oFp<^t)G-?*H9c$Aa7nOBW
zq2q1(6RiI->n^wHPK?TqfzV%U`A)L+baGU_{t-IG#yi!fTVeT~X8ljM?ip6@l~&(p
zT6xd1=~h|(XInW}+we6u{2WW4Yx$jL-SchzTwvp^weC6_exa4;BFq0`OJ8E;S#Rk}
zt-da^^>cZ&FP9{QHdy~FtRAkk_0(wd-DusbEdNbb{>_%})z-bnhF@#>UuWIxZTc-X
z-3_*!H(LGPWa*o2dA3@4Zn5%ji^>YG(5;rf&GNn7x_`Cdci8YdEx)_0yWPrnw=M5I
zR?ffK^!M6)|8CRYXWPyFR?iPuJ`dV-57~GRTfUE2_fhLUX8AsD=_joFq|N^+OFwP-
zJ!Ac!wfQ|~!=JZuy<q)cwDe2Xec8(OigjPL@m{m;>(+h4>i<p4_a8R>Tb6#?(*Lye
z^NvmTt}VxVmVQ5K7IS`J+sTe-zs&<Y^PXmSR1xd)9@YY0l2F8YyBjk$Viv|R<B5ef
z#ukjjz`D%M^zTb3V!guI>ZdU<(^j86#wM9rs)+SSm&=M$MXVQ0wlU5vRmA$;5!U0f
zQbnw<b{<!iDq?-Lo2Xm|4^C9hagsh*s)+SL?gsSnQbnwfs<ljCDpkb#YbWXFrHWW@
zbupfAs)+UO^K6oLn<`>`+40t6cT+{IU+7{zer>9Vb(I^-BU%yb5l&+jS`q7mU5v}L
zBG%*ESRU7EMXc-3u^x|TMXb-BYdxORidY}&Jl@obSPz(EV|=O=v93M9dVH-Fv7R^E
zdhF4PShrkjJqDC1VqJ8o^*F3d5$hdJ^n1$`u@1Xxc(F_o>oc9CZ<Q%x-QCsgXJv|5
zKj-S@^D;%OUvo^qC{x6`lWRdc%M`J`$kof2Wr|o|;9AhGGDWPXx?H|0Q^fit*Mhz-
zQ^figC+Rn3idaA7JiaYc#QJX6g1#$L#Co%n^!qYJtQWc#w7X0Z>vLWE_@PV@>s&YI
z+*78A^*>yUAIlW6j-PLJ`cs)A)_1rT^mCaa)}M5-F@7mi#JZnrAO9{>#QLy>HpZ`I
zidfHgF@7sk#QJF0g1mA?tmnCU@yivl-sT!is9X{2CC(!#SH!x0j?G1tD`L&Vt7Y;R
zh6k{|e1`Rilq+Jr(lx29az(6ruC+0;%N4Qi?3z?gxgyrTy0SDWSH!xdtC!qzMXWbC
z(eug`v6%%dPMFbdNy5y=j!BqV&eDXLWgVL^v$5kWeSE^q(oRU2+0(LwnY}DenAy#V
zmfv3zve_$il66l`nAyZB3E5N^IyGTteJc`X6gw>;o9{xWCyZQYSUFZ&`b-;smd$rn
zLe@Kn&bI!m6K1x!CShiA=UBeyCd{nyJS*S%R^AJ2_*xr(oejS*(eKV-)_O0(eHO58
zvcEaWJ`^ig#JbXX6qPIDewz_(aWy6l2RHMH_3h_l3vXL^jH?I{mvf<;EZaK;h8sO=
zAp_s6P{i#X8kt;-aVh-wz8GT@Lix+P5#SM|%2%O^Eod@!NnKkk7coofU>~otZDw$#
zBGwnru^z)K6|sJ@zx8;aQW5JR?X1Uhm5Nxmc05KjSH${@={Cke%@wiP&(NpR41s;E
z+t0fFD^2(SOAoB<SJw*SFGbmVS1MxtD@6VXexYg26|p|TJ>;0xToLPcUE`nMToIcF
zcxZD|v4=G`4Rvz!e&f4Z-jkXu!6${O%v(eFZ+a$p=Xu^{oVPO#HP#P3fHj6~{XVgL
zqHph?el3G_#J&&np-9+4ueVz@n_S_m><VA*g$ehN4ISYXvKJ<Nav7R{7d|MJysKxt
z=61gX{X0D0P=4}T=*oNxy>`EtS-Q$Y5tgYGZq_Y@-F7WGL;?O>GYs6VJ#daMnESi`
zpIc>@o^E%|W~a`-$n$D>R>f_GWi5}H<GOEV^)STYs%&O86Y9ZdPl);5)Bk5yf4W*&
zHXl_ll;z2_b>PVLxXfuel)!b#%;~a&(ZX#`UH-Q@$-3lLXcozZ(5%u5ul6`_ce!2~
zPnCQ1>XiScrYZjk@OQdd4D581ud#AztC4;a{P`_#mgKi(src^m=Ja=;H)jb8mM5#N
z_Fc%}bX)))Z$M_m`QPhUN?sZKuH;R<+OJb3@Af*dt<BndQ~tBYq4P{c+Q@<VbMPvA
zpgm&*=SOeA79=uN_EV}<=iy%Mn4(m1uT3ku`(8VX?!M;EqHjkW+hS{PT#`zA53p11
z8t`<DVLXKU9Qjfu9sW;^p(`45Mq?=VYI~-N-kqDsB7V1y2jNp&i28reaMSNIEc0sf
z!QHmL+5MpF#}Fry@3Zr!lwCn(b2k~3Ee94veAz}6@oV3xPo}RuIX9&~_oaEN+kI)C
z*nMf9*nMf9_)?_h8hPSx!IMkUfoIikLH)y|W_4u){GCV->|;bat{Yrmmh9vBxEbiW
zf3(1NPs6U7-|x!#+XcyeGlYNGrE?ReIkK-Np$Px5Yv(V}iG-Ib!awZd+1G_PRfNCa
z)zdI|olUP5p?vN$)U07XMjT<=OcBaH@=!&?Q_j0W5!Rx?CoMq%@Z9#Ivu^uxXt(z2
z|JFqLiS}d@odQC;A*i+mGO-P(;Tczq){0QJ#;fKHU#~R9P|X#g*_37WT!;Nks&)s4
zBxeQpHn{9ToDXfeTK%_no*p_5MJ(}h>$>9TE|@y3{vnj(iQYtpxeI35fD%P$_8u*7
zXo`odtfQ>uim-cY{AJzJ@C7Wdc;BK38;<I2Ho#@oC_>r1nq8WE<6$`C47p{OD#EV!
z0`r&mD8M^sagwE?kHLKfG`eKhf4T@C0X)nIO;z+GxCz)IOx~sf%AqaU(I>{^@HYAu
zR=f`pWcy}`DNv79VAU33l2=!NP7@@r3Vtn>=Q$!T>Dt*%b3g55Wo)VljknJIe7N=2
zicroq$r;_y^Z--voY9J~;aHTGSvQ&Q6DGHQv4gv<U&L<f7x7yd!t6{Ux%G?wPgf^x
zvFzB-T_(bWI@LDGNp%6Y^@}N9U6SH-I>d1UrrY|(IBx3~vD^AZTnnDo+SmT0&TQAA
z|0BS*iJHZ+!(=C-8j#$8##nCS7_r+pM(j3@0ZY@*%agW{S7>&Obu>;_DPPu5v#HE{
z13K$anbBs|nr)bLxgV0QY$(G~OS0+Axj1TxJ4dtN@{oiq9JwTW)8I-xoS-D(&c#Ve
z;*XP*xI;1vE_Xy_;Y6hiTf)UjN)nD8#Lks`r&=1W<b(X3JkFJTom?qbc2%Wz&T+G8
zlB#XGF{$QmZGc~c^@q~<jn@CpUh}H^q{ka2o^K1g&aYkCG?{Vj@zGS9X|^hbpKPAO
zJ6ojMSQo_M#(CECkjhk?zSpPl{=lwvPedFy+_gg&d~mKw+Z5QDL3i{4dAdUnh@XRO
z$Nbfp`uouBe~1_b;q<rv-6U8hXall-XX>+YObxg@Y1TkH%U~-ZLAN*Ie-z>abEDq>
zxmr>J;0S=HQ<<9fbb)Q}m)okk(zde=e)2vDGqI1Zf-U0qW1O_YW(vnrY+fmf=Um_v
zmak@{ik5u@<{L<Y;>c3?>>|UVmF($^8h&utnlW(6W@JOblRKtu7#w!2XllzgtIKWK
zCU#r4iQSfM<|;xRVsgDesDjGc?%Aofb2PB6^V-mXW;-gG>`Jpqe_D77n<_l}rKJkY
zKn#cJ;4th@DI`c!D59{C1%B<$R7KT>(f*wZnPq|5bzCsm6lQ<JeS~rLHyp-^87P=1
zIxo1kR_7<nD;5$nI_3+9ySd>|)hUYdrYLGKMVYYL?W<FjeD`%p?zN8ryF1or5vNZR
z)0Y2hCg!BMkOpnp?dWAyp$y4k=n7zG3fzuf#+e5dxN6?iEoD;91$ILZZF9lxxsMLO
z$Cn{@VG~8zZWN}2b_-)=u1pE`a%^N9gz}fy1>hj0;#~i*8asXPqW?nAs3V7LGiPXy
z-XX`66`J}e(o$hXBgS1Z#GFzV%g0G958wbadPpr5M`!ief`i||rlf*fB!4$?m)gR;
z1na4!s`e?EcsD}317)a=!fTUi61H)3C=VPq1vqSpDT=MdQVDZZ5*!<oIsR$PKX9Q;
zshAuQQ&eUS<Y{w&Lo<`g&t_|#OrDuiv%CCh4)FX>QZv6)I@+cb#qoG=)PLg1d%RS-
zw9>*eEgg!PR(6DCYAI8)%&<&NWNIms%H)!%vrI1kDJ-)@X|kXUeC29utkfKp1cyRo
zQYc?$enu0?qmtNC-BC%z&s~#h&F-iq`nw~Mh~1G$#O_EWVs|7Gu{+j?*d1#`?2a`e
zcE=hKyJL-r-LXc*gRf4><Bm0=KaVwX#>SmIM1Obk5HU|4`rgbnl7|D)-yIG_><$Ma
z=HWmq?htEQ`(B?^zG2)cxgK7*JcT;|H-2j3pSC_}<Z8cZmWq?8NX^GDLmc;D>*F*%
z?*_Jfy8VK@atn<`U-Lhh6a9~lYdQ=Jlcy!|PPo9U{T>D6aZN0E2Ta1;)3>X8n==~d
zzZTe8ZuX~=&JE2@FdM^jqKYtg25j&BV4qW<2=kr*-pk=SA5aP$uJbwE^uu+2qCal!
zf+B0%^8nHh*D(?P*N5w{7v&5TyPs3%9PzA^4wJLcc%JMW_M#k1oh!q5)_c;6vW^wg
zk+s4&XBg)k6ZXBtEQ!nOpRCqqyve#+%zW0}#`&9Z9+7;TRteR#o8;ScfXvO{aExp^
zW^x|Jd0sh1_-Nt#Z2*dU$8Z`mzju{W(%2TTIcgv$O6cVcM%Y(q!1+zHE6$jO^9gYG
zlkHW!h5<ni5zVeBy9i$#x(T|5zI8QqE)V+s)Pw%5(@hPu0I!CBA8T*F3w%QT>}B}!
z2g3c{z9Mdyz_@M)?fLNE>r0q@cn|`Ay44Mk3&6j^SH$hQT$^NZ3;g%af?reMPxnEx
zCjtCTz9MdS1ejYXzJdQ<S#<rG>G2ECLJFni@Saetq55od>yIO931zw#iZ>*naCwS_
zW#xc9St-GT;o#bc@Ac%U7d#XWt|LLS96THjwj_y1!of`>Xn2E1!@(^i*nfh@!olrH
z;_+~>odhj%@I*NHI|&X4!IR<O;Uw`?ICzQ#hm_#yaPT4tHqqdjaPTGxw&md2aPUEr
zcrF}#L4reR@O(JfO@bpv@IpB7vmEhaILIf#@i%xW9B2}puLduNgPJ7qN;v3Ff;ZH`
ztKncj5<EmWcr6@^A;DRA@On5nJW0F}4i=LbeK<ni3<sx?cn}YTgMWmBi;~1!;oy1_
zr3`sH9Q=*M@?IeR84jLL67PhA4@o?_1R?K+gC9x6jsfvrI4H;l!6Rsc_aSwX_#hk%
zB*8N-gB{^u90{IN8hjWIj!qK)3J0r5$kDeSg@er`csyqCaX7dyNqiCx{y}1VcZ7Tj
zjgsJ_+u*ZsP>g5rJ#V7apNE64N#cueFq#ApLk)H!Qxbga8+;iK&Px)z!ofBYJUcb`
z3KdL(N5TbPhl6jE#5ds}(F7qpKrQ$-9P}Z<L)U`u!og$`e32G>9}ZR|iQP~y2|kSv
zeh3H8k=Q{&_k@G*lf;kVpduF`Jfki6DI5$V!Q<hApTog|B=Ji)SPvq1GhSqjgvAbS
zQ-tmEF_hRYxD?)d?}8^Gl)t<)0Sb_cv+GYTw@0OT6{}H+@*GfkEw)bfyt~NlZ#ba%
z31mx;;1T$=d;x#kLtgnxv`0lE<R0v{_+~slNd_Nm5C{jS<3JU9<n4w}WP-`A91>r+
zRHSU>psILle=9_`*Ww+=qZB;O2M>CTD}=FGh72Q(kY_|M-=jzFS65>!!wo=It|Dyr
z82+p(PJ#DcRk06WI`fzNmgDfTBGh@XPB)O_0$&lg+jd=&<;(w(rHlh$seeEU5$e#8
zBG%7dVm<B)DPkF7vh#lD&|JYY)1lqVHYWt69NIEanGQ`-c2Vt?Y%}@E!TiBJ)FgHf
zHHqCrO=9;@lh{4fBz6xqiT?qfe5*&ivCd4Qh*tq~egbU7E;TY~L$xqemCTi!<U5B&
zYBJMMvy3xQZh-tgaxdTykrf?&jXgQ>2<uL@?f~oJbUa#Kf30;FTKAria0}T34x0at
zqOlDPFrNh&EE9pySmRu3oGXoUjd3nA&W*-7&Nzz<&*zNuZichdP@kFQDLChm6&h+{
z-O{8h?*ed8AJvgtY8-QHLvEQ+LA9tOJVvw`KG--7J)eSc4Ey2W6LbO@{lfL(pha&G
z%!x#GI?)D%EM*BtLdMMw_2%dSIvkwU*Y{FXdnTlPihzGV610OP7Ls7jBsPMO^#>8Z
zXU(U^?+y5ccA%j|Fy7tN$G0z5X&#=i0T}xjU}9k$OA#2LNMtbUCCpw&b__Dq8<y%B
zgAt}AO_^$@m2or)n&-R$C>RLIDQ{oHL5|(b^Nru}X}RZ}kWQSOPOM2M&PgZMr4tt$
zLR6A>t#NKN&K<_NN9HW~oiR8-;WBvVcQM*GL|032YLh=c92~=FLQD(?$0mtG!@==M
zVsbcGmL#TzgA<d);o;z<Brzi#oRTDFr%Ny=U4psk5-foAW*WAW{DtWuOTxj*WXMtz
zk`<o<1BZ7@YNr=&+;cQOd50^%dB87>XWux=e8VQcxsWG->^_{q9BQ)X*W*KbxRJ|m
z&QG{x^ObNTQsp=2`=9J>Ah#sRoZTRsE<~vL_)q79aNE)VvYmV;<`)br`PIw>)_WR0
z6GU^(&nFGUq?cFzP$SWcNXJk6<PQ~zE^=&!l1=t;AVs2~BGK(2MWUf1(V-wkA|Z1=
z9)qW7Gr(#LXW2R7v9@r>2wCmOqe&jPsx>~3bp%WnB+NguwC-}ynB-rJFkU!rEa1@N
zw>=0i)IgCa;n#71Il9Q_+w!wQWEQ`E9{erdx(GN&{Jp}rXW}c%$ijVrYCtV=#g*SI
z6tI9bgCUiutyze4{2SIr*AR!q*lL9F17i8L!Yy_eXvwLk$yLJo87%4gie#}JF5VCc
ztKM@p2W5_e)jJ43ChXj!R&o+tm4-`DAPl%HZ|C1IVrCs0O2zLhdgv_i`-*@6yga<6
zoMrBZ^81AfJMIIIPCfazAN~eRg*5d5_(J89**K6Ez-c3N4XiP){2%;)d9?0$FrH*m
z-#_@IYYIS%&VTSlBL{;P4eXKc-NhDx7A;u%T+pKbpCsHXo`CFl1)eX>&3pn76dPL!
zn?5kxzEo%6n`EtChoJYSRoe|cFcHBO<oiJu#)#JUAR`J257IU25HuS!0??dL#oj<T
zCv!p62)Yj8Y??u-gvVLsL9q#YnrX*@Ze!B^0J<YuX3$pXs!10yE*pGK9LdgN(jsZn
z-2k_p53-PCY$`}$RAv~h1}%)rg|5C4bG+a-&Q{|MXu&~=<lp|Se7q&k0$t$8J5(X_
zo$%<eKfsRw1LgpPqpZK7yXSh|v^2F`(!=w31q(zg!yZS5qLl?yO7<3zqLc;HNzT7O
zO1Y&2=2W7{BE~`~%XpBYp(PUeZjd)#2G*wv`8vo{!K?0_gOHUH@;yQ>1^eJalIhAS
z##A+>ot!Qph2z<ht{$YMTTRj%dLhdO;M(RJs4ZT>a8tJVh%aRu&azdd7+0m_^0FqN
z4e-Ujn7WD3H?O=2#?+0+wEL^hq{Y-d3XZce#N<uj<URXrkms%-NquBr2l5I?mN!96
z9gi9vg9c~FoE->d!_S*4$~z6A>=${))NKUWqXFb%a?W`M<naSQ8r6OV@`n9DE)|VQ
z$eE&(#6%miN=TljClN0YaskMbFGM;KKZnQBu><8zVE?JQpa<Yp!m%kDe%>Z#UB$De
z^ERh^w~B8M%Jx@6FKf^Oe9qDrjpa5*pe<hE$Bo9grjr^AKQ0=(dlJ4lBc$l$a*$L}
z_;HfM9z*17hLGHa8p=K#p(m{;Df(;!a&~u;97%Fs2l*F<J}(OV9%MgA6@HVXSG>=4
zII0s@WP%^i#~0HNN`ea)AB$dsc&KL8SdW_@UXdmt`2b|iyhF`r@!-KS*6a&<Fqt(G
zdtB2JG*w{f*ecLpZUNm);>X?x-G+3zq4Tk@<gN=qR~ULG=q9jVjy?_aK56N10sVO@
zedkx(AZ~Gp_lqN6X@<NYeJP|z`m!;1AhVC)IR|C&8~M0)uJ<ec$M!i4x$sd_|Kb?#
zn~p<inWkwd(Xll=&|9a$4|XouW%hw7=M|~4ig*?**aF}oiufEf4FYKDQEYCcMzA;Z
z4shFphTuA2vpM)U5w6H}!HP;$@8h`VW%G+%M>2a6Na1}QS!W*%l7=#JoivR$AdiA&
zuw)KMwuQ)b%s1y>Ao-R0$n{K{6HLKv@H&uNB(x4BdwS$X2|X4hTeKmoXrm&Jutmo<
zA%u1ye4I3koCiQ3-4?-*Ny2wPYF5J&LdvdvwgMqzhfOsW%_jB=Z#e-si_oUDsaa@G
zydpb&`TS?iBZw}=-6>!7tyvFR+SE?TyJi_^X;X%deE?eOeYeltW8O5+y8vA+^0T2U
zK_59jNlP8KSZ3?^7e86YoiM|DC=jWdH150#%^p{HxfxAs=75Xz&*d_p);xN+?UBpn
z8@sLR5Y9S70`|!oA49S9$>m1s9f&WTa=Co^Hr5>BXJP&nUSa4u&@^-5)e=9p0yMP{
zUSnuJq?K;FUTClIn<dB~B;w{YJ_=EJg>SRsmZ0uL+}n(}eU7l=-e$zz4R#{#ZARSj
z2p4g0GubT#E!p2Aw6x#wV<zk>go)^ni|8^X3_oGSYBd9zJ<^C3Y5Z=0=kbax@TFz9
z{s&4VEqj5_rd@L%SVcxj1lC<mQ-sf$ouYe!e)ymiy%qHLY-mSIF>1~Sy)W&Hp<{1@
z-%Qr^Li0WCpFq!LTd?#Yh(DL%i%j@p(C0JU(tAK3&hW)1Jb~F>bA}r_p4JEA(mhs~
z`Nw{UC;j0xla8zIq(hu;=*vKJ@U&eZE~-CPswS@4Q%pRs@VOK5Cfk!*4K+5|47-FY
z($!d*A~9T?CBjGA`eWcLZM~<VKLjm(qnFTLtFph~Ho{MtnguWlydoQHjeG%ZOO0$W
zHS!#_&l=evlGkhlEj424wV<U&EIkXf)W{X4M*4%68nJXC=(}sc?+Vk9I4_CZY_!s3
z4klh0s2trL^gXyDH<|Ehz??Qjwi<d3Xt7?K3@@(-!mcrm@&<%Sjl5#Qq&8kQ>0U#a
zX!$ime@B|F$k6Gv8jH=%s3|Y&Zzti~A*M!D<6G#Vyz={+QM(Ib%Pn1B8MQwIDYrO%
z<(BS7kaA1cS8nMFkF>XReZ_D;fl#@n6SAInY16X6x_=1=s8FN1O{;toBMGlyjLgpb
z<}x)K!>L&*3mJ@IOAuonG|;M7v1q|~@%{6;Th~G)<}XhJ<Ut!pb_i6I&0r!td~Y7p
zk(X)_%wxM1+$xyIIS7UK+XnME1_^E#c;zghJfUq7c!?cX;4D&H;mzhwq*N@?W~!)E
zjLc^8D;0CNnJG(UZnK%(O7qYl!ka05sn|P-+kCb7egx^NrSDuVQ&X8CUC(6IG99{(
zrq}DrN5TB%?E!hi8t4>fhcg)^z{A;O>GCR)g)8(D-$G<w;XdhN_Ytu@G~;j|zK=3u
z_YtwBFny#jJ&$7q!m0xX0`_GIszvO66uU~wb%4~0ly*49u96~-kYt=;hU;a983r@I
zKqBzdui=FPcMbqNopDWRk7jABL<fr*A>FEYiMM;>i7BpdkMz>?kkY(}X;HXGsx&=P
zrRk9>jX<yXs!g89EBvy%v6Sk3+1yx4SzeaDUm`_(Sw`IwDcH->7u$*!UiPU5ulV9d
zJSV^v{w#ytXNH|<^fO6TBJJZd8DmN$o6pj+`7A9P6W?U>nPd~^96h{8jB|V@>-0y7
zAHNZ%2u~oB_rc+EGe48@tSUr3c$IH-#tjj!$PO8`{N`dHcW}g#<{8<MY@U%F)R#2R
z$PN}T-I&DFOn%ionC8eXssCx{ITqg0HVI{pvrC$SnDFlf?q;$dCE25#)*1L6lNtCK
zdVAz2X&~RF;5{k076L|okvGThr{E>mIbYFFq{8Ux3Fgt#=;}vi-NN8vG{Z=x!9Otb
zDuX|ue;cWnxS0Je2Fs8z#Ndw@XP{u5rq4!zU-7#AacV!V$TVN>C46Z<pjcLEKEPCg
z)GM%PSB4@JCoaR3#WEyWEQ&N~y~?M+fmfs?y)H{qbt&)E#nePfn4MTC1NT~&l0(Z>
zRdo<}1bSPftJK8TRDU;tbr>!p-9-J(sq=0Umu)gKh;!>IQSD%fu#4IsB2cFE^02Q;
zrsP#j<`w@1Gi6?p`i#4^deM|udET|2$15@^y|j~3rJa;&xs%Azlvdz>F6|K_wlvJe
z0;ROarAm83s<bCabCuGbAaSL%@({z6_DqQ&rClXZN_)0&kkZa%GOx{x=*7H(e&%76
zc|-|{*1tp^xb!n6Z&Q077VP5+re{Q*ZlcOKINe5Fin}FV!9f{O4@!%Akd1l|ZnSv?
zn7}emE5L%Zs0$=&+EWs*&1x{`6&#n5>bSI2=03_iiu;Rjh;wEXoFwKhja&LNm&C6l
z@kR_+DBpgCoM}S&Vzm-Gm*bWNSN_U0gP*@r48A=1UP-IxC7wbYUiq&F^zch1@O5JO
z5PSZcoV--sj@$5j^Nb)d?<&vZmA@{X^|}=6b%ymy#Nn0yKzh6fB%aKR9w2KkamyK4
zg^4SFTY9{0sd(E=ydsSHyz+Fw)hvFgJP6XnrSbqtOY@RvGZjXJhtaWk<yD!d877J8
zJ&Chtc^<F4e(8bzq_KGudUA5``^7OlZIQnRVt5<;&e_;)b`%6zt4h~p2QOg#=sFd=
zVVw8GVHDl<9M3xxi9)%)B5wEm)yPyu`GNG);lI}x#EdLIvl04I;N)BGelOeHL(6<c
zY(A>?qTlcG1MI4m7kx!+zP|R7-|x;k8}O2^h-Wp!-Nct*>aY8g6|Q`-i`{Zv+61^g
zZ;8gpuN4j&hOZU+W0EVvYST9*?qzRg`ewy0F{HIy1@HzP+`6p9EG)@?J$=rHk6l}g
zckl3#b?f-X7GEvG;mgxMP!xA>VO&p>3gi3Qy-{3WlM3UaoD{{SGbt)FEHekL21>=u
zlq@s%%ygMlW@$6IWXi%dIjQ`(-X}$6rpwGBGb~eTzRCZeammy~rqr1{Gqsy3OJ-Om
z&&<+h#>|w{HVx}!Y9f<MX6~6(W*IW6%o1g$%akm$44L)*pJHaF%Pd1?X)|-rtj$a=
znN((pGO0{CGxf<Av8gtZnR{lsOe!-6ldkp!JodBeN^8%FByB+LD;QYaLff6d^=-xW
z)Q*Fx{MukywUFA!!sZW(WrSlX)^>_wt%d#CLEz!?Tu`6N=QLnzaoqR(_}Uxa^BXfX
zmEuTXe$S7qV*dq+?H=>m4^fg$cuYk9(HNg>4qbjKN#+m^=I;;7)&U%nwr&G`t}ICN
z@rJ{??q$<dvzCR(1-XhHz8Y!s5BqN|4gMBvlS_j+%H()m_JyeYWSnGoBC@O9%cj;Y
zA1q5N!i6Y8m#^Vt*D~W3K7H!qSYNW$a_ho^Pl2KezPCP2$$u|LCNz5y1JLDJHs;$y
zQSc-FTLu3DY%>bp#OpGy!IN+3Nx>gMcC`n<$F-V|ij#${{o$Y#{w+6!Yw^<8?TyJB
zjhjGD{?Im-V@~B-c5XO@=K(iA(!^PfIQ;rA<M&4UaVxTi?VFUUwl}boXD3SFc)FEV
zOzT!!5xbRE#BQY(v0G_H>{eP47iFiGtG{so9=h#g<aq?x<+~^?-?{L2G8_l&4jovJ
zIBpy2Igr`u;rNvNvRWu|N;pvUSm;3u7FiJvenFFwrIcJ<<B!1NAg)h}JOrxkA1GOO
z8o53kEJctZZZ?Fh{PO+Y?8^Q(K{&X8iD{br??AO9C1EFnv4l|oe+{Td5GH#?{W10%
zw^;Z^!{r|yl9N;X8KK@ZG5!e5in@^#4YhwHsC|>UEC*Fbie}s21nLk{lIJy`9wH@q
zUJr_S_U0m5e<LI~A{iE7h1B1Z>2g3xI*C~VN@5CCo<UWBqE1YH?}O*$WDYmF93<V=
z3~E~jbz27Y*9_`TP^lccBfqK4fyUPF3F>fCQoaG8Qsw(LgUk1pi=0s7<I~3+9R0IG
zCgo*FxsrTn-u;cBR+ADP?s0W0`uz#ix@3;qT#l0NV^A9y#`VH}9%61v#w-LSvWcYa
zK&7<Z9h7LBLzv$Q)ZNM4>s*+mo9xmFH5F8f=gBTiq&_1f-BOgEF&nr;{pqjpY~E~E
z|Nq@)-shsJ%{JV$YmN8bw%FEki|rZ4z^CtsZQyAEQciPlKynAH{nlsg2V+tjWS$1L
z7N`4_U2ymFS93Jd4Zb<A>Q=um*E@&iD&sCy^5N>xV(YF{CjO`PlhHdvhW^&NyUn+a
zLwy2sJQ7^aaYFr7UoHg?-KhF<d3WeZ%LgtyOz34*I~_Mr&gk8jW(;2gc2kyP5yu)&
zbJWv=R*v7hk6Qo7|LD@Jgq{kS1)NV?xu3D|;Icu7p0)IIHvAP!za28?i@jrA@NxVk
zT^e6D@DTX3iPEL93-wL8G@GIRHXPp_XD1B}37Jz(?f1q*eXKuRuF@wh>EMdq&I{!G
z=An&2!%J70o6+npiqOav4Vij?E9s94OnuF<<(g;nUtry%%?HXuSamCMFS71pW28e%
zEPaf1ms))tYr~JX`j~6O6Sll?g<p%kxUH@KpSYrz_JPqKT#j6!Gp+n^x&0w@R;VvG
zA%xtg%vYO5v7ymcf1lX&aE0HOmWIns5}|(wMxXh%J(k<{dAs%hYhccK!=NSkU!QU%
z|1IYG@}WCJeRdUs-x7O97w3LGz1lkxskXg#YziOIJcTa-c9Wb<h~p+Ld)pfqElo{k
z&RCh8Th=ZHwq1Pa)|0Uk2qNHxSJ2oQk9BzYvxA2*!5?-AW<`7&=+7pZ-3jE?m{|F<
z`JBibI`9;{NHA$bjT7)di<f`2NqfFad$goo43f{v{G;Vr+0fUJ_EeYlaXg9Q<u5U5
zw<0nZl=({}?K2?x@XB8z52c1qM8c%ZGtn7&`SVQL!g*Had6M=sq~+5of1W&@YV`@y
zLj9gw`Ehw0%ye-@w)?@cDCB%7!fWK~8TinnL>`B3H!nx{0to(wRXa%h3#tt%!i{(I
z_B>vZ&kdi}d^Rd<J{LAMXMvViqM!SG?Nf6k=snElb9wk!GZOU8P!MRAvW7PTd>3QG
zV^5=ATF(IewTKcs2X96HJ`VJ6@?1aXM$p?ySMnil>~WAHZJxYdiG2h5;aLdQAy!`O
z6x93VTF~VoiN67KF4{TP1quBMXg=$UR7&~-j%?<8$HUGd`(|Svfo#j+QMZzR7w~Tb
z|E|Md{f2Vi+lH7;dX|j&kc9$Wx1E0v<8O?f?|ILWdJ}(R4+r%j!KDDZ2zCMdM8Ge_
zg~4!adw@cMnE>SkeHTGN1mgj^5@f^l^(UAGH4O)-|5usseL^v=C>oQ8w|TokkLk+S
zdSG6c$G=kkRq?MQ|9azZ>~h2yLNF6|1@!=<CgQKY7OAnV&uel`lQEMS1$13K{>EMh
zY9hh=07nqyBjwQmqn6>%tMAm(_nI>4wK;WzfXB2)_(%ZnsEPPL`T`t~hz8ljtD6V1
z?l}A%a610FAWhCJKUQ}!y*J^{8+i-<pFsl53%s1UezfjEhCPeFQEy6wf8l=zB8+B)
z*?wN#5AYa!Dsn8S0=N~RoZz1TZ3un>s0G09z~8E{5|!N$M3aFn$GnKDD6D2kGyFe`
zkbH&=F01P(zPCfqU%{5lL4qbTqhl^W{X7c4x)=HPPyCG;y#OZ}k@_BgUVW&-_eM|`
zbE0ETL{JInx)%KFz`x%38`FLvObfvdG{4dGJ`8_jZ-n<8g4Y3#A^0BP6oLx0f;9wd
zQTgiuMh--Y_(8uWl(#xmRCkaRvHltaE@b}4#p><^9`gc{K1gsIz%u}Kuj6m*FQ7gk
z(CABF5;VmFho1mOg)8w_h`+Ht;Z;s>5<m^X27s;v9{}_xC|ic+NH7*)EWz0TlL;OI
zm_zUrz!HK4%;!l2wE(LK>H#h!SO&0>U_HQ11a|^#C-?y15dsgTe}SM9;BA5t0G|LH
zSPhHw<Z93R`M2MG%loW#U3bu4eUs+CcRsX{x2t7cGvK<m{OgXtu|rYrK?G|6MiRUY
zFaf}uI;e&3ZC`7YoA-U(t6v1~>#5ZXV|6Ql$4o<SJcnREfb{@%oAEbx4XCXITLA7M
zcnsh%0<NWck)RT${B45%03Q=f0{DhtCBVN4ZUe}M5M$o~C?@y?ppu|$DW3HMOdW(0
ze!m751O?5jDmjosmz@Jlx<jIFENG};Dx5bc`ubSiLg2dP_!~16Tvn300DohrgW5oF
zGQjl&8vy=F@C3m91m6KXMG%8Yf0dvMz<UIT0enty7Qk+TzXJH|moEY25qt$u3UJ_5
zRt$dKF}~%^EU8;WT7;iY9}szqo$w%ru4qK}RWb%e8Xq1F8;>jUkPKzRcAR2|poch+
zW&Z|~E{k~{T1oOzgz^<m<RQL&$({#t^*WNY|Jm1pl;P+hjz-zTLCSFQ5XZipRUr2T
zh&;^5IsU0;dq(70vdZZQQiiVAg**nNj8tz+<h3AE169rwAZ4KWLL#4d8itlm;QTFx
zj9m{>(hiVOu8K>2B2UQlqt%_8@pRI+Q<v2nAwI6i{dWBQ0x4zuz2A(#kAdby01;S(
zxNv$@#?l3c!aD3hD~LSlH#^`o5QRA)9`sv{ZE`wh1MnEz7T^XNk^Sz(|NB>aUV9I5
z9`~!U)nE&HGANlteS{j}6`5%TS%#D%$V?;1A)rN&nRXuW6Ex5<uyy!N4O%-ctcR0I
zY+VDhE6Ep`<oCJcizIo?deAaOStMnt2_e4JlnIZ0i0~p<N-UtGf@4Dw&aE_&6NMgl
z5@^xIh5j?tcuyE~PShfo%8St00?<-Fmq~oD)!Qg-Axi6JP-nNnD?MD1+l|C&GpO4|
zWZC+FP^!H|L^IeM+GYdJt#dW_F&ZB)yg6rc9d<u5mV!@`)_W;PDd!~Cew7qK7Npl-
z-x^C4SYcCJj{PTMJqCKzOZXf6GpKh6+MMZmpAj4ku$$myfKUyJfz|lerAcu$ED5j3
zd?Uq+h$m9a7b$K8DU~;$r7==0qF(Fw1+x*9Vo|%XyAW$K=uva=H#Yw)yzM6F18^$A
zOn`F;E&#X`0Q*(8T!WDkx^QYe8A9-i47Ckm2jYq(Lrp{YJ7^JQsAx9kuR^`dK!W|H
zqRfKl;ewC)@M;{1h7499g9rv=kfU-zk4o^bCH}_Vj^rHx4xEU;FLA{t{q|eYMY?V&
zL;E506oQEWs|k(+xR~G~fU5uw+>XE6YmLb*dboyb=&~B0gr^Bw>Vlq=pzO4uRmq@X
zzfbj{3wrYpsrDp;BvnotL!RFdM#e>N9+Acn9z*#B+7nEZ3pI9zHQ^N*WGZ_XiXti=
zB$fRlNYUsZF-`erdw7P9*u#YE1M;cK)VGkIf?SB9I5LViIMvdnhO$Rhw_y%r39F<d
z9nAO#=3y}U7{Wv$RirMft^zb=&1q~4RM!oEV;aG8Ai!Mz0Q`@g3Gxtt1E=BdYot|3
z8|#)+w+OUJdm_-7rxEW=0Q`!l9fC!Txcuh=v)G^{(nlyUf|SR9RbIu%Z@^sLf8AiN
zc>|`sj<cs(f3MY-TX4d-QJ-oY3BJ7i4}<@Yz4rjKsz~0(&$(eTL(UA6ku*dR133so
zkRgc#VP+U$aF~G!3M#>bdCl4NV#b_vTy<TuYs9?j8ZcmXO{@Ojx4Qe>(|zxZvitqM
z|MPv%*E}^;byZhaS67GAC*0`2`{MHC6l^i%0`YyJdsTy;gph;)+uW-MXsP~vv87iA
zXfZ+aCxSkEd?25FE$AaLCHTjRCHM6L`f<p@kCladP(tTt_rjWg0INKXMfRP&8y2c-
z5WDaNM7s5V94gC^S-2K|Mt%Zn1CcBgI{^p=;se(ro=t?@f|-!uZ}3$U$3ak<xWQ+W
zdz}E9>m&rYP-ZU$&CiDWC$avj^|ijYG8^RaeqXQ0@JI0oIrwIbZ^Pgq;JX~6T}_>$
z{?AJNKcS9Sjga7a*y_68f>U>ktH2vS7xcyI3h=L*&gew8*LiKJ=MgeCN_6|XNoa3m
zXv=e}85>1z@Frw1<sA>CY#4U=i(>hV-$y{ly!^=%u%!X&#|r3a_9VU%$^~A~R{76B
zb|S7F{C3`8hB?z@&eCm*q4jO#On{0e*?s{}_E@R!6&z(yzhLD^of|2rGHA4bO%vHz
z!5#=^LE{D7IS86jaAQKFnFY5SG)p}Q8#^B+Oz?Wtz~SS78i)5>jwl8AXXx%63C-f~
zGnBt~11<hOLwwrH2QA%uhIDVg8EDLA_UGAt%l-?&T!M@NtEADrpWK8Q0gy3EP1*kL
z;_+E(6_mwmmMqe0Zl0^=X_;Z>D4hPySRlC9yXSr|7LakUrS9O6x`RcX*W(Vf^U$bl
zAu<!E!`TG?7v0E@O(TC%jlAD9@)xybSZ^Bni#mEZ7xejcq98d-=r>MfxHgkB0eN1^
z&y+_t72Ztne)-+8>!*|2NAmk;{>k&YAfw-dh>*vTn^EaE8}K}c{yo8Z3&_avKt3i?
z1>`#-Cj-IO%A4{E#{8Eowa70heiykPA!AnbRJBW*{tKzDpt3M9rnkhOS<^vvCUPv0
zKFl75KTJIaK8_1TASN6(qBOyOMSH5{X*wKUQJ&ff6%r1w_*E+~+Mff>LmL#33GHUk
z5+1LJ=UNO#`C5dq|Arcp`-5gkXLMxDdOhxk0cV5^cwz*u%K-kP+JKjg0goyJ?f@+Y
zJgQEO&I2t5JgN*h473>Vs2G5TV@4xn92Xw+$H}0V&A)o`Pqyc$unlStbGo3iJe?<~
zY`X8I)!mYtb+!FIUbf%854zOz2pP{=;rW~jPuW5~ryfz|*<Hp9VxZb~zoNpncRvhM
zLdKhxiZ??l-VCXDE2QFG9r?viV2OxH<i`@P&GbBie}#7EG>j)1-d8Ah7J?RcULk6G
zH3Q9y9u#0xdwp%(d4*KfZ+uVe0CK>;55v6^dTtIf`u~bjOMr~r8#$|p8~~)A$k9MH
z6Ny6WNkqB=IS0tpd5FRmPh)R2^tazKE^bw{Qlhfo_23O+6?gef`kw>M4<cj0Q!Kg)
z)OH|Vzc2B3GKKE(^ZUPpY;Ii#<m1oC+dy>yGVN_#m&Bez$fH2UKmFcCKOw`LmeC!z
z(@pjVewU(d$Uy4x(la=L0*XCHJaN=?Yz_f_&xl&*UWD1=xt<YO=PE!yhb=Dzt{e+b
zO$9B1*HhjlZ}Amq#+TnKvPTuF<tM8$pT%2ssLJmhX<2+W1ezmrYG=f|;l!?JSA07d
zgOE3?<5^g+flT`Xf7+oe?TpWjv?}tkWkHhFbSd31G}6cGG5$GBQ^+=>`Q2L2BltUX
z?{9!YX~PcH`v-uQ-ru1vo%RAPZP=j(Pmi~uu{<I!i6jo6gey^izgoNGLZfcAa>?DM
z_-f^X?Vx4jv_T!Aeq-n@if(!~Uadr9p^(AWT4ZYlAJ~V!-w+uy92?RtjNmPiDZpEc
zx#vdsMXZ4upN0IY&DdA0qbF)3Erd9Y#CegJ*Q4Zmbfs!UEb;AHy#EF8uhxy&3r2`f
zu2zjW0Q8qi;5Jm!YXfNU$<^u`0bIfSN7Q_;@k9qq3R30>7U?Eov58U9T1!atG=7-x
z2l+hsHZpf!mBcx>n*8lulQ=)YWAgc(af9>mQ-kvfZi92HVQ@afZE$X#49@5@xU6p4
zPEKkjKin2J(QEk=CI*5(*N>9xx02qN>yv0Di=tl6`JReDPx8IqLyyIF8Q|Bdko0#K
z-`7e!DiyU#ba1>MLmd01d>{+wV!w2n+J$jPg~wItaM}{fE1<(!Z>&{5-_YRxE!L%g
z8)Z7)KcaveU_mz&w1j&E-B`eFsi2z*ibrd7bHM_j4`Zmsj`4bYa3fA!TS41Sd~PXo
zJ%$#*|5b-h({ps_{Hj9d!n5_1@T-~<_zP+hI=@Qj^m-BW%hjSlmXu_iw3rH2;<Wu_
zH{aqA(EJ#^KT|FYT3iZx8R&RTjD6JN;d3#Ya!a#H9#@wAlV7LGzIC3~b+n?hFeixa
zlNH?)hYUrSmi<A|^`+=z;SE;2lfio&9q$j8UJXUH3WaRRZY`D{sPGt<_m$BmbD)YZ
zg8Ao3{*=uawc9udtD>!oN5H0wkx|?M$TdJ_RRg&L$n=N#=UHZ*i>%j)+z#YJW`B)8
zGIL&V7cM0b46$~RrbWT58RTBku81>cwM>@~lQNIr<av96@Ux@4CCivx%(PNw)&RIR
zm}S3586Ra*X4!|>lHSptGUdKXVnVd%w3)E)#9Oi1Vm13k3yMmS;Z1u6lhJ3$-p=fq
z(ax(k7vnv9ozV);2U&D6{-EXy`r;nuZD=oL=SJHPxC<F#|H9kxNEUMs@S7BW1}lSh
z8xB{CXTgxwA`c-Ev|}~Oy6y1xeIBYu-GRd)YP~GlY`{N}Auakc2RZAp!IYZcflLd^
zoEPm<JQ;d}nhl3F_XR_0Ua4!wrNv8V`Ehq*y=Cc&Xp?DgAmbEdaMD0VtJPfX&O}CQ
zWVG^%x1g*j;ZGLQeBF2=FGCD>G4qq1XL3#FnGT=UbQZ2#5hHA~zdG8k_}@_11(~XO
zS-HsGfDYp-yyG5BDwNw8ZIV=Na$VKpo-QoEPWS!@5{sg}raZhHvjd4i(e|^3VwAm&
zj9E*7d`#pKAm0*Mi_78Pi2QgV4%RUpPNi2O52&+_HpAMBQw)vx2*>h_{%FM-)Y4{T
z$D&cdXHA5<A|m$!nFmB#H6H5FiC*mOXl}AqL9R1Grm!21ht}9Xqq`UPh9c>NKLZJ3
zXd5&}p)oWTs$Rar^R}|sN73%y)G}1w@<GHD+}>tX)1rD>)e?<7lE`Qvrx1Aq$oW8~
zU5P&(Adjf?VohRQia$bqcOlc8_SRVJ<H3?9G>i2tJ{W~QN9NQMGzWEfv41o#J_U>m
zkcUF=!J0iEQn3_k7He1ZEi#I{E7jpoB#{TK_(sUL1A-&TzoM$U=*rOrMcY~JjDO?r
ztIQeGy(oV+a;C0Wghl^hOhhAp`>oBSCR6i5bo;+&74-!@s~FSda3Isik*WeU0|-;g
zUrxYH8Gyee{5ljUPWfJsi7$BG(P#=*lxQNe1}h4{-xiI&G87lL-$0Yhq1%M+^)hHV
zFWRQ2=W9Su$6AI0RM(>WpK+Xq6%RBQvKC`O^PafjZvfql^iA@%N{g!veTTf@rgl>|
z$b2n9#1^!B5%M=gha`i@<eH%|YYEh-vD)v}!RR+Q(0?eJKj5z*P+|9L?R{t`SU~V`
z2Y{<rujV+a<4G+tgyt)*YX=F<X7zd*^qkWIy2YN5m(#d%@nVa)prx6bt_9sjRX{iF
zOQY&wL?*29SNX=U&X1mmJA(lK64}%HyUFI`67J{ae9~Vphmza@_@{CY5L*92yE?B;
z(?f9o7~t<zXNYa(5N{_NBQHbyJK3GxMg8Yg-%XnPB?Y`bo3X&+dy{<irav}c4ZeD_
zcq}%-1pi!oc~_L3C(5{o@lRk=yCsj-x^WNVpTb;k!If8IM+ETCjQXALACG%RfQ;ec
zOW@(W1n$nWtc?CV&GI@wgGeG|>>ZZdn{vC!@$KF`08=NqeTjO#JHiPB{}*-QsrPfg
zh=0||>M!CV`H~l;=$F>gx4%jVx0dk!P2tb>f+jB}4GSG}$_6DGlRZ=ND6@4@C8Xn$
ztxj9o#dy-(jpt<Q$S-`Qo;-Ev#^be&4pIvb(lQDJ4fQ%t&oX*QF3;35x(h02QH5d!
zkL@zrNiL7=GTI9&X9xo+&|0>An_@fxZ7s(Wo0Of>l*<$@R}7cMWIx@z6yZzozp@<p
zm2#x0`$|4q=Jjra9wzwTTcY2GM88*}^7BhW5kP{RioJ;-+=zJ>`iwmH7Z&?GiIK^#
zulgJ3e$X2?zTi-QV~l9-*b+n|N=AnJL?{1(xb6WYHwS+fkg=CfR2W|_g(7**Ym0o@
zGIGo?d8+Y6_1(zl)w5?~eD#du!+!g+L$R_@30@2%o`>l5Ce6dPA8)BWwF-x?pfObV
z2@nQ7epn$7hX)OP<NHHO;~U>!;Q#P9zJFyt9!kjcfgt5I0}}qmw-WeIzwzDB3kvEH
zI6NXKkHXy?37$CBzdac|iWpOmB6>f=w$$#q0o@~?rS!+eqi^zw-KnSQP8t^@D&K?j
zC*WE3DPZ1*j+7pp5F;v|g!CuHqXWs@tGi}SiV;;Mr^TbQ$=qkHW=@L{9iB5BaWE4f
zQzY}fqcn47jHrBe(w`NNUQg!6Gc<EnjOY+L`IfHeS3K0;6nI5H!3TYd|Bw7kaD3Hy
zI?iOaB8N}mLDJjYJZOICv*4qiqBgAIEfIC^Z&2F(elenh_fb4A4>Owg%@GKkPO<!q
z0ob5}M&O)<QLh50;BbTDYYPT#RxsgGEzqi<FHl}D$J(h8GoldD%&$R5+Q@ggqa7rg
zqutbZkMa2QYiN7$nb{cHYF>T-E<g4c?;xM8=J!gsPQ~kl)E4h;=kfc@@nLoz$54E%
zoyX}XKEuwVzKjmR_dv6XP{&M+#*E#A@0gBZ9-nE=*dzE<=$asJoOCkZcG$)|)|;`v
zoyX^OGZv-EtB}uYv+O%48z}eKP(Cc0*=G3uSd%j$FoJn}AUCsz{QOwv5P6p}bCi5`
zni6X$!AEto+DH?#kS8wVW5d~P<a68E$h(VjeA6nYjl5-%+gttDN8ZuQ?Wg`zKM9sQ
zP(DVRJ6IIw`oXx#Q{yHWDtT(C1fwHQjgDYI<f#D>jDb8g27<89Q(-Tk4$oa1kG={c
z=W@E-YXM#wQZwhUKVgy0_eI7>Lv}(&z79^J*)$OB%(R@&Um&0f{*Wl++TV>4?hhf}
zy~{?R{W#*fOKvyjdh?%n5r=p{u;ug<(>CFAbbv@Jo)cxAhMg1FCq>F}cBGvgXU`w_
z67Hs<m^n?Hhv57T5N*ei(Uw1Tr_scrM7i#TOjz<Bu5l(q2i9~i+NqB>zYYWkFzkpV
z1|1FUfM^$L%enz}biklfWZUDYu?scMd>Wkj&=Kvie-m{74<LC?7?tHYRNw56QC~A$
z*G2nu^X89v8Lt+bHgCh?^bjB}mS?qr<sRx%WcDzS)EJk$gdvUHS#7-2L`+5A{Ogkn
zqlux|hTjf|_Y~u28HGZ&&BrD$-jl|+9R|P0dvbG-y~b42hh$1MeN;6aUJ2}uBzkSe
z5eXnZM5_6dsYb}%1{_Py3|N<aozXo!t?uDU_i;(x(L^VhU(P0s7Tr%8-9oA+j7~OT
zv@~Idsb+lIYR0Q-zD-sWNkn1(LN;NVRFkpQQ?3_MHDQ`Gp$9n93p3N|o~d+~ZpQ<2
zP=OGNCQcZGr!xT=s$0iF1G`m`ZTA^VG-!g_tz|ET5UWx9L$?<)Ivs-;oBbssX?H|Y
zMz^ls{1&f<s_fMhY(PdYY0gGdrI2mAB5E^wC9CWuUc1Ot**9IwGWtrD-=oSgta4yy
zZ~nu{DkF(YM&n5pfcjuZ);*?5`F=;+K4ZvXmD#VFdiG3P&z@4xuc&7}>)E%P*ZI>a
zcn}YeyEJ-aCg+k|EQYyDiF=dTz!sp}oU$J-;{okj>ua6Q){@|*Ot)1dfVNljMa^qC
zl80*Pn@eHW8uq{#an!$HoAiy4s&C{O5*Z;GW5iLdF427>-xx{hn+a^dj5vPYcnupc
zrQ4c2*Wxit;7z?5U90ifBG6X-+7};o8P1qNPZ@TAk6i#xubz#xD!vf86OmDTACQ?q
zrZ2>w8K2HWUqhz#S6M~>20nw=ne&-(dtUMItMTv@=vlLXJP!m0T!>P~lmB`1>Dz$M
z`W5<aCDP$?&wGH#a3D_rnff7$?0m!X{(*w6&uc#WWn^we*=8;Cy%{~P#H>U`=d~(+
z2Rep>_NL~{_q{LP<WE|Ib5UMVN6<yR@Mrp9{F(Y5G?3i_?6&*n7kvYo#YTde_m<~<
zmw{qm<Q44?x_B1sSOH|#AwX)0w7vqT<3x@EauShyfSgN&PeWZwWE1ST0m$^bNnHf$
zuS6aP@;s4WfV@d$=vC-1A~S(}4P^Q+qz(g>bs(sg_%rJ^P@Rdq1Edd;JOt}7B9nlO
zCUQQIA|gA1%q5Zwf0qCm$M!ypcD15ATE|*S#;@;6w|cEFiM5=z1!7tM)DkDeniidh
zjH1i&$D4LD{`Lp29ZR1SYgY6KdC!rDOPLchaq92^77P&0pNmZNrp`yy^n4w%$Z6HP
zRq>EZa61!u-i$jLU+An>eReM%j!EVT(8ce8{W6d#hvLtd;5I+mZ&myP*e8&EF_5!~
zTmZRCfb?628nf~tHz&H=fO-&9OK|V;PSm&_HRi6}yQl{Aj6(eB0<jj|TNI53Ui>*U
z6#<#m4skLU$kdJaa}Ub(MY$Fon--l48fohJb8#t#i0dZ$S{6@0foqVb)BMZO-e3aV
zw<o$BkTG4&W^lR;QX$oBHa$6;O;@uSgk%COPCLsK%Pf<JK{^5r$e6dAH-GkrL6woj
zy_m`N7z54%sgmD>k}8E%vzdJPC;L@X&p~PHIY{bhiF#(Tp0e)V{OCtmYTyOTKk-D%
zBQY5PGFGVh2imy3&}7v$c-bpS&IGy7SaR9gtRWy}DpzDHkbP*fkTXvPc?UM483)UL
z<SvlnkArFF%vV4@c>%a<4&cJfdvrft0<xZFWOo56!ke5%d7by_i!CAm2g^g?6Mr{3
zFj_>sEj{EfqK39?ghIR12!An+=tiCXV(L_Asi^1n#a~WGd4oBlG3Av2IeP=f53Z^!
z`rw8xXj~j!G!D#qp!(+uxAw;pz>|s7U{mM)KoR`C!^Z8MG;VJiC;KITA8PdGFWrGF
z_K5UGB=O8fJW>nDlrLLlErJ`^CQXh4$#y9+H1F^CC1&)M=-<o^eFx-0?SQuUGxAEv
zcO&vBkO4&A12O{0j1CBh^H9KF-ec`<HNN){a9(uocM7=gP*eNv1Fi<Xq$?z!gpGTF
z>+jQZ>Nw15JwC=%PkPkQir8#qRKyPAU#~*`*5Plp$LX<p+KKo(>o8P%HV~xwLq7Ao
z7l0u8u*pVG90<tlCei0z2L>A`WOiqe?6FL>KiJohX*Y(My}0uc*Jk#Spx+&q|G=j7
zYm23PC!UWm)xNd`ANn~CoIz6U0#mJ!GuMG+NMsI^z`fj5JIsm2B?D2x$<W&ydNYS(
zGyM#RCBAOkiX-riNI>SkQpv-n5+SqSF<QquTD|#&Utro)rbZH9W7^4tF<B}iI$W<j
zq{z1O;4FpC903lk&T1!CF9S*6Wy#@NC{|_<ht<u{*IAuAc=LZu*5xPuz6y6{0P45O
zvW|iZhMOX1Zq*fJs|udh6=bJWFcKB)jta61T6ySOmCVJ_4_9N4y9k$}ttRyR6jQnK
zRwVH<h7ZA?EF(va>d8Y;I4kQ0{DmF9Y_+mJ(Pk-fW-oAMgin!nPXH;Sd<y-VU24b~
z$&o&bfiimmtQ-R?{aM}B0PfdMZ|1Hz2J^sD$S~zq09kjq%mW1nAB;OztI@w+K@JRJ
zzhWNn{>nzAoDgoq3L-DY`a{$Uvi@xS|J=wB^YgGg>@hzNOZ?d@l7~R%#~hKb^!zIl
z9Gp<r9Gs9Z*TJ7hhQzK+mTw09`>t|KBro#%&7(>#J1Q@>`U5oGQ@w!dzaQCqG_G5H
zFRK3U7!9ueqw4Cv&5Z-_^)EoIeYDGBA7Axi$i><d_gYTH^)bPJCZcx0>RkI7`DA0O
z)5a@K6}AoB8T-#lzSr_55Cs2dQ%u-LD|YXZSn>(}>}d2XRO9dd5jqGIiB@tCezsKC
zN^Z6*Ty4w0fMCnVW?^p%@J~`VReV+EB)Oxa$|xKgy-2!_y!Jz!pREInXKp?m-wX~g
zIAi1%IGOo~CONeO-f1ah5a!IsZ*bwLqRH-m;5#UzaOSifi%Bf2Ao!WcJo&k5gq!C#
z^E&b&ml%Q?i(STn35<@+L4Sv7e2HDET8XL#{kuPWJWuCLM$V9rkYh~#3;bqqbCgK)
z%|RpZK?Px*9u6G`9gpELzEJCYlRB%BWAx;Qbe;n@>HI-EfcL;0BevZ|J$&Uau=W_{
z^c;(Q@*FL*ln0#o$k7_)_unGD@oREm$Pe#D`oyEZl8~3+LCDugcoZM$7msG)(<BRS
zgXam6EZo$Y1Z9LsuV@Rj%HNG48|g*7?EuV1kzTTO>v<JX&Jx|e+7D<So(Fq_J3@>p
zuLqF6P}9Wo^Lt^U8cJQ5F?hJY6RqsL7JmqlPSIuL$vv}3C*ra(iFD$8;SFAm45qw8
zfSdv!QsWTx&#^3}HU5ZvZvis&yb?Ow{TkuOv<_SS+E&+MTkhBWG*}%$$t5LE?CbX$
zj^i&Nk|R=U_-N1$siUZpJKfdy?eBTVL+(2e*zP|I(p%kZCSC#9Q{AUPW;c*fcNnf;
ze+80Mw|Y{k=ke!8|Bh^Iy@&L`{R3nbw*pd1<RBocfv`As51#-rtAH|SJDIqsK<T?6
zyMu);0P+oyBY^xWrFA0@IqMpT9(q3d6<!WhF}MCvWa86vA@kPVv>eYIE!Gc)c<ZXs
zj%PqNLs1B7o&UT4TOZ$v<u7EtI6_;oejyHRQkd&Me<fY+k!f>VrOmzS<un?+VK5_g
z)hb0dwduSK@eJ_WM`vYlmfynR*`7GkuU(rKE-NpsU$JCOeQDkLHRZLuY>eO)W<1pe
zY#%^<MO7VQ18FKC;tj=MnifHifU2*mEm>Y(II|iu<u%@s$f~KYs;gLCUbsZEmY0;3
zd!vwDy1uU5TL+}PrluMr6N%f<h_|W0^X`SK5WL><%IcE3;lsT7G0eWKbqNsGKX|y8
zsZp?*C?4_l?v6X(U|=DFEfr<e%gP7V*DW7WSW;G2zNT(gN!5yS?|w9O;bJj>B{zeN
zc!yx8_dZ7EuWev*`SQy0vbw_Bx|;g3x;b!zw-K>yvP(;r&0b$sSF+AqisB}>rsPnO
z>;rW)ap(|lY+s8#ThvXeD6d@R-HED9$>sG`Ws}QGmce0nBm7NvZDmDSxy~O1|C{`I
zC6)E%-bZ1{x|)ir6<U-RD@Ih+IHzQVcRJ=LlRLGdYMECR$`Fkcr5`r5NXk`}tS(<B
zZQ2)YGX1EWqFS-6ZBja%e^AKWLul@#%90he-ov3fsaI9WK2W{4V7BKiMkL)Da;wze
z8<`R(wT1E@+Jy$Qpw|@;@$ST=_iP3~)PV6{T~k*$h4ClBMxkXQbS!3)uX3=>1C&*-
zUQ=1VZt##1-UT3yYo?d1nZm&R1p$aYEU&35sT{a`b)D#(4aMclAmVjFRSOrJLaIYp
z&pfH;5Los#uvLISNnJ_p!G&}12hUZy*(=H>l+=}Yuct6->q;<6nDPM;Z{<qtNDzrk
zlK~O0LnWq582d4LXyIb1jjcX>gLejUDyj<)sHtFst^-xOzN!pEv%1pb%EuU8Q>R9r
z(%uytHEcU19W2@(LJrOYy;DJ@X$eP}ojtp*r0ih%lqoA4SW;KLx}vO5If(sL%GxIY
z5nHC$*YSf2NXmdV*dqN&Xp?g}a;953Um>SN=d_0_BHpYz&pTu&b`@xpZH>75jv>j|
zT~@xlyk=4j;@T?@WiLVOGM;#SXTp5Rl0!>sE0$DLA5vbnq|TeeAki~f*~*eCG!#Aa
zLz5tPpj2H`zoxEG@fK&YN3`aHU>^i9ZJm)76e;AqSmWJ^))>_*OKMlHMu0tq>JVU|
z3aiR1$5mFB9bCR_T19Q0mw<M|)~1#pQeIUDQy025%)l(@eILqQWBR^t>!g+yW&4+|
z!mKyDtfZ<6W_5tcrUq>mhX%T|#v2DmQHM7qq?N6iTUAl#m7}B{UznULLwb}qpxj4a
z8Rgpi+WOMkvYLuDbrscBOUl?(wB;vGyV?sY%ESTQ!<bwaE_PO$FS3(@>>s#G9=tV$
zrO(PatE=95JGHAV1L{%vIVk~ETwji<_fD)(Mz8kFxO((Vo%h9{BuBM1aM?ca6g&op
z+=Mpiu(<bktf=#rJ8|cP!P^)(#*|X}Otp^VLk+3NuTlpN%y|tE@lM}{S+F_wv#NDi
zroI8TaIq}XhgDaVd&k1SfSOZNQdR3c25mBA_pieGo!8VIX{Z+C{(LBsg43$YO4yIy
z1(000xUZerGpyg64JuT-s*mdd<LhHnubL_bq*N?JoQ+e>J?b9pO0Whn@!KL1@0kbS
z0IZc8Krw1$Pf#cu0W`fJH5X&_(%pmIL*er3%4IW4Dr&qNA?g<2-_1keFHp55H>ac&
z&+GhCmW;k>IDJC}X0ItPt0<`)Us7A{Vcdi)W|rE%oEef|=Akzk0p;Er7@cfjU^bTz
zQ)yBMGPTFf*?|{Buz)bB0BQF*?wGW|ZAJ8Eb#39K3RwS^!j}{0@7_y?&cT59-ovgN
zJ*8GkS>#kKd?zy)%CD}*_>~QzSCkuQtX*GQhcEX;5r}qa>CoK~6DYc@qGn3f@@lV*
zB5BFwlB#8}p|{c$(mhdGIJ;s6mTd1qSmi7+PoaU>UE&I%pgS&S&}4WEb+gMbqhLgq
zRaYH?-EUdN>XORY+<eKce_2)K&~D*k*^eS@_zQ+Iw@Z=A^5u2oSC*I5d0SA2mcl^)
z8I&o(pLTJo@HRq=$xG_s&t59aP!WGJ#fXS1@dxyJX9FVMMY!d$2!n-B6fRs`QnlV2
z0}30K!b#ONt4r#*^z+pq=FFBw4jFu@gc)nrcvCcQzv_Uy5Q-NrUO2=!=jE<S8YR>&
zj&GK*IKX>a<E8b>v9i)G?>s=n`vLct5*Qu4U`^A(A415^R#7t+`Q=sEwqrRSSXxn4
zQnS9WvZAi8vV3CIvWk)_Zz}{;$6}RSkVd++VucocBoKAB8Ry~-$!}mXU5~Jdc;_tg
zy<-rHJhop^QMa<bv=9r}z`F7}tas&=C8f0k*VI(6TR#AMg4F|7R1c_KcCgA}#=tsW
zC>74EtY1-4HNF~yVO^caW9t7{)#SRmHAc~iu<}1vG;g|5!z;J{K#l1nTnll-!=uyx
zM$1YztfaEC6wAffIs{}X`o`nU_WwpJVyCXYR_<8;H)_^|JCHidJwBH4AE?v;QC?mn
zmoGe&{*SfHDGNe@0Xq+XZGV;TJ%ORcbJG7nbI_}}m=O!9`AyOMPu!zD6@!8&R{w!!
z)$$4D%S-Aj>+BK1Q?>tAV|ZZjux)ioMOC5IZ*pxT*^D)HO<c?7>GiG#cf<}t$z;yo
z>u{r1W#E|jtw@eO0l{{Px!5A(EM+Gyjk*Erp{R)b2()^K13W*0Q#CoifFyW4$r!C9
zc_$3m3`K!Q3`Z`a(>Iq}pu;r@i9h%-mrPXXWu9!Y3^e@T&CSwnP2b+ex%ABcX}-cv
z=6}fM|3>qFQ?~J5_}|xq5o@GiJ(h&E<`0acs8yB)|9D*e&y~&i|H&%ble^{(yX>y@
zf?d|FH~wFEBRTV?n`2}Dg=X94U2CsBx8sU&7oyHC>-x&(Hg47b!m*z`P?WU{*W%$8
zVQr+HOzZ{hX&T`^!vToI@f-D;x3r4>teITcxkyG5#Mn$O-I;-G9&&JoATr6yacw4_
zq+m%u(FqjpCP~TUQ0|GG-YOT`i5Zz>u<VZ9ep)7}9S4p2hRn`LG{L(SresnEmtnF8
zQ5JAFVq}sQa0fpLpk#nZ8iT*%0L+afh?$bfKxC=;fea8y2jVYI#2tO?h)WQ8X1dG5
zPigU4^)qoLsuCs6W^5uEf6KL=lz|<1ELm|?w}!Qmo3x9X9@m<1)tknWZ&K=EjkxPT
zSue|~=MhAPu{yP$KhDjAW)JP<w$5(#qgcDbH6(kUEg_d_UqB1!U}@z!dc@W=2FI02
zO=rez?pYjxNZdxUCHCO`6hWLU>vD%7=o{uzYl!P?Cf{nbY%d(Kg~~csHLm#zlx3O<
zNNo{M`ItDgQ@K6|EK)Mo6s@A`5Qpo_$mfVo)pRRl!!1aTKlb0@ynl?8zMkh>y4<iP
zdnp=PV99#9R-C@U2?oj3qbz3SwAj|PiB}&;wrm^ZDA{^oJP(Xvl;R&So(qA8d5qXL
zMM3KhV4nm$V!s5uVl-toK<S(V><FQ#lh{VZgHB>UC<;1(h(A^BASBV3|A5_wi^*C!
z+BCwGE`o$qm}fcXF=iui+|!&U3HrS-pnynXCF?j3AaUG9-~dyhGADf1<;zvq$&gb`
zWb;1@sD3Co0HEAPY`mh-#8P0(0v@r$0^a$+E)00YZVq^V2lhh1Beo;pWx^5J097Bc
z-4uoTMgbcW@QBR|c=f;z4S2*(33&GddobV;dm-Sp!0~A-fU1vJ4@IHAWx$pPJYq)#
zyr+RZ8}NvI81TLamX9St`Fa$vF+wr$h%HtWYTzm7=72}+ynuH#u!n?VsC^0SYsG^W
zVok9ss2)RSNn*cGYNv1rkQ=dw%p)BY7pK%xwwV=Q^?L9bZWD|99420LlMZTkYNg%~
z*O@%WVOnPD1)$CLq|NtQn9wO=vl{ffE6S0jT*LJ|kI5y(-KDatx-?ey!A80FgUgg`
z!GCJSu&zqeLHLiJvZvvrHCJ!b9Iji|-b_$$$SS9YuF#s(x4@2~mr`U|%1pc&iE2=5
z0gOLCLF^PoVYB%pu%|W8OAvcQ^X$3qE2pLQcBWG|6hboAs#!A!IrN#WX?1rIl_#Lc
zwHKVjHCJnLHemIrC*(7y>{e}s-kzaeV#W$TK@7VF@q-=lTS9u(CbEgM2|6((L96Yn
z+pl!Z5v^T~7!IRU*~ef)xDB=?KRF}Dj<;r=p%O{g<9Mg1<{kqH*6SyTU8*Q2zTSnO
zjTIS?<t7q>k~nXL`P5}wNikCzTt|0y52c5<Jh-_`Zct^5$%2wt&nzvAQ)jVxSL&e>
zV+Gb!F0GQNmq<grJ$fp+@%WEz=jN9<FFW#sO9<HrTehy#<+$vdazG`q&M;s3Kg>0?
z>WdrC-jGw$*qiFn?{v-Fds4G~(c*I&M@k<RBOR_CQIl*g=7*3Kp^H)1r?et@sY>o#
zN0WV-WzQGq*s@L>->ta}NY-P|o2gumGwm7JPmKGp)RNn^Uha5PxnJ@+8EG8g_o8+P
z7ege@`{_ncn9rK*sODqGOuE0E(X&Z&an%J0JF2tsZ~)T;!0*{OUCTCPW0;?6W0@|U
z-o_g=m%eswY}c0-sw09lmzLIunyF>8A)jtUh55A6j@?pSI=zjw!Njs_<HL4IXFNS^
za}iUlVH6<MhJU1$?Wbk!$X&^7q;UY#TH?ik#^#-CbUD+L?xlX1pK770m9>z&EA!6F
zx@O~Hdv>rj_37WRzek36v?1Ht$-=Opr&8@-jj~L7Hb8GET3u4F)!d|o#OSG1O(&(5
zH5c->-mkRmRA^E=0@v%K1}Hns%4L^dpt)MRGsd6QT&@Mso~70r6RkYdNgl|kT2yO$
z6(&8EEEkp-3JInrfYeJ}a!f7ok7LzAx-1t`cf?eO^hUfv32xKqB6`{03!Seeb&oh>
z>ln<kAq$)l?Q*>YmGOQh>#=9iuq-X=5|XsXoh!LVNYY+OT}cQ^;`;WwULW+@;`nZd
zZZ&nA6@fTsYBjcl9%b_-QES0Kg`2VM?!&_TR3ETx$eWH$VXoVs7wdZWhLD+yco_J5
zbJ6R%Ttj=HFrW6?qath(xQ@N~gUAooawl@gX}GOpb=h>WTkPny<F#?UJqDAnjyH{;
zc+@!=pymblxOuTIVS3b^H^Tf~_0VXZ&m(a}m?$Iudr@|XF2`BHlmjY>Q5fd`uZ*(T
zP*sO(FTK~;sMtrB<J_9g-Y|bx?XA|jx#w_4#d^(47eyyD!aHB{a?<F$ypeKE)cYVQ
z{rP+TnV`!x<exBqSN&73b*J+Wniq^g*LRKauGKoz`L!jdNhD67_U#Pj==B#XB*vLF
zb1v28MnKApOyc_i(vQsZbcu#WW|+ULBeM^yM#=@Sti1xcTzggwbEPHS{X{G1(I+^V
zB}4O`Gb@J6s#d!z$P=(ET;8tR<$4L;x;sF(!d`J*S-XvVw=P^y<6PScx2#?7lrb;|
z$?Wme4O5OadfMKF&KpBX{l(f8?sa2?`G+)7GTa{f%<V(1iJJo4G_VbBl=-<XX<DPs
z%65Yuw#L4u_QxU{iL!`{2!1M5u0`?`?PY-`pNaE$SRUFCIV?$O>b9@JSti^*+m9~S
zF1t|Ml@Bq@12IZ7(S}mZ%LJ|ZhqGBxKmn0N*)v1!qpZC$f2z4^FYBIqgt;j_5N1-b
z9gHs54#qGy{g7JDT@#WyK;j+KO`y*QsAVmN9Nr(Zr>t9bIj+WLStC9T@Ozi@H|nzV
zHA8{hiWa~*Nf??NxCxr(G(en=C*QrRYiwcN>08;6GXYXEP!+AZd439)a-3S}Z~FqT
z)R9#e)I6M}Y>pMe>m6AY!s+!M?Z`H!_eU+uC6l$<$Iel@4#@<qePlgBb2%xivg|c(
z1KmY1RT4sy815xnPtv2rl67_k#S1I+M-~U~nOUTEH#xA`J`ValeJCjDkJKHOJ*rVV
zZO`qB?3HQtn!dH?(3>1tyKn8wws&pW#wR-GqT@5Wte!H{+w?C-wlSM(Mk<fC$A65O
zd@IV2)?7OhxILn*J=x016FBKLHRrh$(jU<@%9eHOffio_tZ@9a-7c&B#Mvm-;zvg#
z8_C$D7VM75p{(7{<&&&hotfI@+B3DwwKbm#%}i$buot+qG&chhsjWR<bLkIq?Ru}(
zTyu-9ajw1gysyieXDA{G&d{?1D~K&rlymXy)@rwQ!hR@(#BIC1jh1Zu;Vdv;OVKBP
zOe$q*<);NhVd8Y>`MLtr_4eM?PjLEe2~bWA>#^Nb7;UVU1HfhCf2rNGvQcimquK7f
zFqfxFm%zkp0L1Uc|Mvn^xBwA9fO7Vrt`1)P76T&Q5Ni_P(+f=LeT6ScqKeB@eO}bM
z2C(;{zo+LT=+IAeIDvdK#&4({ddRCQzd@F*36Aunt<Fwur)~*#rS?ajF3Wz8dV{(o
z<^tg*2AzukBr!TWXhCXARWnX=(~sE6wt;$nGINf-tv=Y6#XgN|Y=2cNC@~0sXw%_Z
zR_|6E2X5Bf^cK^-Ova(S3LXw%$k<!m2-PE{ci?2rWuR~`=ivg8IOh=1UK}(~NwhgE
zPd}<Xl$mkt_HAyo<|9KjCpDQ13cC%vB6}UL36PSZuW04-8#LE=)t>1d)?9j(o{S`j
z^-+}5KTkQDY(H&xH2I=Q@AC9upk4H-ku`fjThm8c6FZ!KvL~|=%}pP<D;yi`)*jB~
z0V#diBQ-baM`CRO$}=p<#1>rT$f_9X2`**rS|5dMcw$idEfbw~>u%F}({pc6TdT3q
zuJv&(YrJUt*l<l$*xaKU_3`nVYx}8#Zo94ND=o`uJJmBirXX85a^dfu)No5+CLP;N
z({w>oX*5v-**a0>ZnlcFtZi;5CF|Ln-^I3rowewVw3@QhYWgXytU1w&Cb%iqmrocR
z#L`<dC}fe$_mGstDEvo=$&q4T-`OskZTFfJqxqVf3EipDo@bZU^_Yg+_4G?CYZ`9L
z?wwZF>@jWG@6p!KD01u{IaPVZbg~+cJfmc5>`t!Gvf6%UZn_EFhU<Aom(5k0QI_4-
zC7^&vV(+}FWz86~$LB56l_W2NXrn!DT&`XAOO$QcMwe@AUNS?~n`{ABQ67k>2;zQu
zSwI1i#P+PxCDXU(P|ZzlNW*21&|K3$_OWAJ9w*a}k~s5y`jY0c6MOyLqH8g8o*h9W
z_g5Af8|)kKc8pAKRMx)wDb=#ZFLtdDIhyQEyuIpwo+3+I&6u=nT{P2e4P|*j#Avc*
z*QJ&1t7Yvg<nOfX9B^^HvdP*E#kloGnh0RH*iAKDZLq`5)n)V3mNne;Wn(y53kSU2
zSuWSH$|-9P2e+&}&<3C^lL;BS-XWS>28q-m>~d|*S38>3fG|tB-F>?vd%dGqO@w+-
zVmtmJY~7*k#rBREwku-2J(TWr^r)r9O!>Bb$Lpy~d&vpDFC0zEB6GQK2j4`kDg96?
zv+IHVtkFybwoQjSn(SV`r3nfmu{{l6x}S^*JREg)T)AAk2A6C1{&jk3NFP_5Irfki
z0T@?y)VW;SDwk_p<#KJSKGF3imj*Ede>nYrtGV<D$G)w3G_OOEOwZxjK?w5qrIakO
zYZc|Rr&^ah2BqDL*xD4WQVIUhqRpCXyr|-#7Ti>?oug%2DXz2VU#+<?FiqQT&|E$1
zIrhJk)(SJ??7sUvtt_t#X|a7_J!T%Vkxc7sO<4!nT-Ej-$fTwmdEJl;yYfCU7Era|
zL$4k_sj7Lz@Y4ml9E2p%zb&0Q>^UGR7kK6%)jr7Xq)VF1WSiSXbMsJ>+vEQeyeacl
zo3tmL{yWcUrSjxT6rs25_e5?>E6WLvvi7m`KDyTQn~`<4O-?)>p}DKHW_z2^IQM=>
zvuaNtt;xQbv_;D%M=iu8vH!QF)x@)F6-QcB#^NhlHhpV<YP6n=1C^%qWm`7N{l_d-
z76DAFoIS@Kn%hrv?fLF+nyX{jnbC}9;~RUPovy9YM+vwbA(o}<@e{=KP6s?<dMuz8
zVrKpG62#g8XuY2x)>%=`CC*e`qnQs>zv_~ZC8n>3p@&$Pw0c%+J>2K9AMJU?<=U-w
zx%L|1a&2$Fp4R^E+6sH_`$o$e-`n-<wg82Yc-74L<1YMvFF<*a^BG@kRMbJhN&*T(
zk{I24YAv=u&5UK+bE1|_Z_gzT*Y?>DDfPe{*;ml}c0DtB^@U{H)D1bQviCT$c0b;y
zxyE9<FXrgIc)ix#IM>#Ehc0W|Xx6)o#NVLv38fctNbFf%i#?0EHrQTsxpoB9=#i^!
zaANr1X)PS6t*~dnwzei%Or3g{;M`7Mre)L5Q>SXK@wnZd&a;zy$%c2F2k1SPX_wvV
z;Wig*2IaczcG>&i<=i|XX-&Fa#s{|SKXj~^qX;`1PSu*sOlL>Kbh{pB&Z@P!+KO(l
zi}7q<adaCe2Fu+Y9>nvZi&A7&0UCS0u~wJkY`}7SID<H^3-}-iX<iVgdx+!`T{Z$)
z&KGve&l`_yB#u{ktONGj&*vODK?H)^$+mCuxnV?V4`6$3?wvWwh#=P<9WK}QmCKDK
z4niGERXu10u@#C!%MS*&T2bH;s|k2@z}9QZ9vN;OjazR=yIa<d<Gp!-fn>a{#vI%s
zUb3y2u4U7Yxf0Fgf2sYqveB~7>E1EdkG732*KU27n{rckJ=$facn<Ys0J70cTz*`s
z;E{H=R1&4$rjL+pR}~_MA!A=Wzn50lobuQUO^mY?lG(7>fqxUPNRSvpY(aY4KG#yl
zHZ>iYjiw#2yCU0~v5Yhcpq{3p2aQKL#NEfl!zFU@2;CsaH=E!TVk0hq%8LMu6+c1j
z21TKXO;CgS8UWu(CpHkEB#Bij3X;UC0v<8m&1Q%AiF<&3DU`g~4(uDnLw!K>x=$Vm
zN$h4ez;L5pvu-j-X_^q!8HJaHu*9?q38=6R?uv|{dxaI2qs{hOkiR5sN!kxMn8neK
zsDJ5RGs{Gde88bUEMz72b7@sela;vU{S7=O1}L3xM`pNWs_`z@o>IfyG%wS|PDPEU
z>stK;F>Ym4Eul>f#&di4wj+SNXksZael9{$p$84n<$UD81V=RSDyY|$BzVMBs8CB&
zbZ~P3w17v9AHP>RCjpxr@QCqChKjcV*rtF-?CgMd8?ZY99<iqb-lxFeU0olsC|s^|
z4goeyQLu&BmVig>_<%=@-?e7BSb`WoQx6K|h&`rx(L@^rd^>>R5gVi^w0$hFO+s;C
z5Ia)wpoQ4Qih|?=z#a;C#I^^#9l&~GPExOG5$i1!Z6P*JQP6^JmBgWUONqi!SZuTB
zt)G@DZVSbAwk%uA71vxe*hA?}aM8tj$nSKvMnjjYvT(fAt7cC<A3HX#X;ju;dY{_`
z*&<HxNa<~`_10=xbK#oGHEnHpdwYb|(FAoeV(cY1%uQKT6KPG&)Qap*+YVV{46CuH
zkP}z3$;n2m-A6WZC~Hq@t|r^yAGA#)Q8ow54i=rQ8CYegor&R<t83#jtQIpo$ZSc3
zwMeroA-VxTbL?2%sFk$_m-FVm`2T(-iFq>IWIGbCa+++*+H>>GkZoAg&sviiEw)2)
zDqswfi6`Y+TASLIF)6YQ*E$)pVXocX|8lstO)l3ChGDCcnuD0j)&@u9jmbd)1w<12
z^&ja9>ULu$<ix<}V7u+U*e6ubtbL|jG|>fR`si}e#67^0{re!OzXZGp93sE8ml7p&
zQ3De_hWau435h>6yiRk|_u$<j>u9?@%BjcnL*OlDQgOk-#Da4!XLH(HbFm(zG3qRI
zA(NS0>`t1m%kpF&)!OkIX3}CiHe9aV7q@H0s@mp%@e<?Eya@pM%}Wp~Qk2&`@i$;k
z1UzETX`X%X>(*)SLc-j1yAbgM{?MgwYWupXhTFz}qM2r}sRhKG!`SE6KWbUs>CQ>@
zFwQtgMw1%09g#za+KqcJt!#moZEA(uUaP4!tQY<=VF`x{6Mxv$2U28djj_Sj`&o)?
zSg&pG7#<%W9Rlc#)&%DOI1}Jp%^9D6vz%EuT&^j~@#<kPKrSmpBmU5EBgkPzcjY9A
z(Mu|Zh_Q0=>`pNy4L3W{7wu4&AUh*ji4~w$0jS5m(sN7NtAxw7$MEE87=uKYQL{Ze
z^weAv3ie82+g}62sYPq@Y%5%D#9E&km$hyBhz>$ZZ<8(ixg#6C=yH!(c18AIjq0^G
z4Z9-ymhD65YA1fEYI(A+6lP*eaa9}+OOXw8mx3GaD|>=<xwcPl*P7Gsa$RmTcp{k*
zZ}+n+Ye%Nb^%FzUggpR^Q!hbmoT4yj%Ybo}RlIQ98n@nVITToau~&~C>yq4Hy)%2x
zjKr_HG#i?c!1v|7qX3E`i-}Xj4(-5X026BppsXD{U#68cb=pnq$b&ni<bFlbs@5_X
z&y){fJ$BjZP}AIPh<bE4SCxa~iFMFgYzH-_B~#wJHRbG94$_vV-woUdZn#73Aac2l
zO)Rdg?Smg}|2g*#GY><Pk&KOY;55}-)2H@CV|%G^O=Il|b5mBDEimAC06GveHL<f4
zh3>o&*vCTg(u3HiiU&zzSvnYTGZL6O%%UW*!HNe-Ai)goCzgS%5FRB@1a`7etex1!
zibCx-0oyJVC5gSJc#tIat)d|LJ+PkelfEtorcX8?NvuM6{InghgB9gimY3**e&`2a
zC`S^f0Xrk0E(G?lP_zXNlEk4GcCISf7}q{}cFWpp@b*xr;$Uu2;yg6-BGqUZAFifs
zZL<F{jrfUy;0^-_!ESsIK=bTZC67WmCU`^wz+Q}P*=0P^N76F|UQs1B2SB}kg4jGo
zVMN2sP^W{CM2CHiO?H@TkG(KAC037t62>bkgae43rYJ@Wu)he!9(n`VTZ#usV*gSU
zB;%-^`ydr9#QF<Goy7K26eNp)tr3bkiE#>6wG%r=QII?bn0ncWlEnB^ph}XM*~eq!
z3ty|~q$IIEK|B(hswn830gNAJP5m%X*hzH0y~?><JF2d$gCmfjSnN}qdNcjoUH<p_
zWLHT9N=f`-KbB#BLdzQH<&zw)Jv*P_aBUM^&35x#t{p#DJDTlFxmz5rJse%l_8jYS
zV{(9djdG)N3GT|;GyC0+751}BkAcgS?4Yoh?G7qF+?G|>Rh^K@u=vkqztMUz<LMwi
z8Q7@-1w<0#;QJ#Ko|M&0iISf**R)1i*cl?U(C)hq8|;Y6kT0CRre*D(bY<~9WylfC
zUIVCD;7Z04+-YwH&;t94*OhJDK07Ymvi1z^a_xvX&}n(De6g!LY;;>Q3X)95pKAE#
zA&0H8>zwGwD&NPotR4HuYguy)ZI9OvHMfZ_o0HfC?AU+;B8l<PYoo%`$3w2>=0GUb
z;+q;Rd#~mepsaNhZVWOG0`SfqFQbVs1)u`V>BO#76u88;DGEGdZ);v8LG0at2SgGZ
zWvc!PIhYB1TdQxF>Gqf5oq>XEZzMtNJViz9=rgjcgtB(@-2j)HnV{iYreP`Su;Xmh
z=A;gC?RasycG*`@mgz`9s%DpKYd#Q#e&6=6RB8=<5N<{Xxwh|IuI)RQYmZ!)YuoN}
zZLfSCvWnrC<DBwr3-KAV!3mFPO1eU;INKuGgWMdgWhb7?^1SB(bVGLHQ(!v-N|jVo
zU$}AxW;-x@09Y<F(HGc|fC3_k(e9S(42~(6Wo_;3h5J6v2uN%j>Tu2)I%30ST1^Y=
zBey*ru6=m77+j{LN5Yz#SvJ{cNQXNm)g+h!U9`cr|I3gKR%h)E@qJYhOd7-{YXv!p
z1A(0=6gPCl*n4a~E@*(=r6_z3gxEa+FWi7!*_37?OO+#LZvW;cW`dd(@QAHcl=E4X
z$Bu(?r1Va*n|k2!N_IE=XEk*@^F=+ILyY$Ulv%{`6@@_W4NN`wNJ(O4iid^+F;M^`
zj|a)CIkl4|c8gGS5wRx~1xa4leIOKdwn9tV095V7_)CAFAXyG<MZhC=big|U*u_Fo
z%QL{9Q#{m1j6X}PwO~c#s~XBOVz&uJ%ZR<BDAY&ny?_T3gZ4E`Y{v=6YXGH_4rJm;
zI#0XV9H3++mVt9HfU;SM$D#2_t<}D0vNwftVUAKTTuNppxCpZIpa<iO*d)zsnjoeF
z6g*=3!VIH6Y<Xtl4Ujv<-<%OHg!=2XZ|n`g?YbShejH>F8v{sf^K)8Ok1==>Vv^{Q
zAsit{+_LavRCnY5ziJ%+NunGPV{33S#!NEzKPk+_HwwsLB6D?!$yskECeB#^dAW51
z5Z?Y5Vl$9C0hBrkU33LN7~cY!oTC^@u~L0MR5Qf^Y`Fak5btZQagv&9%;}iz(Cb37
zDa}h^?gx9O0@&HMJ3FRbDsr`bd5LoL!U}*26XQ_YZeJaQ^<YT~zFkI5T%z*u?J}dw
z@QpUZho~fWLN{#}yepo{w*t?;gTm#`=%QsR^o<wQ4%g_hcde{0T+&|G|CZvLu&mv8
zuY_b%`lC^1<dk$aAb6zRwne)`mdUg&D#NHba@cNXhPGur`)A3<I<?x1-V}%1B5?rf
zSf%S}Z4H+pc0HIdXq`C_u<bw6kyX=x*+keLy->@V>i~P-v{iG>-9)==n9ITW0y^#`
z0KL@0vL2>d5n$^n_!Ifc-zmM?D05GgOpO*ZmhD>Bgld6>I2oe{)A#Bnwye{d6P#LY
z@1O2)^JMQ)iMr?)dpmWQU60eNw*8MgvZ`10Z4u{|;s;tbeXo9^xu#d`IWNp*ud-*D
zIA84K;R4d00Bb)Yx%fk&<)<sk3?F-Huvg4~X@!L-LigCN{8n>~CN)(LN-H~`hm1&i
zJ;U@g7!>auv9r}Zr0I&%Qx^!acdRaH*V0zY+7s|)wyd+XJPvL+9CH)Aam_sd+m@S{
z2yDNA0wRe%>!^LkJ-qAmPecARle!6APU^YN2P?k|$+PYDRAC2Ik291FP4ORwp1o=f
z)J#3AJ8K#Xh8t@~_IbLjajLy-%90-^I~N-0n5@Jnz`hPBAd={qzd=v97CU^xT)M3%
z%B=)YYnuc&+K&WOOPJCXK$qC<bhS(fX=$6dBBZ6QH5%M<3qs}ESu1J#M$0ikjMdq4
zW@D_j*HO1VUg4N>EfRkY*=f(dZn=_Bxh4tLW$Lrnr)P8@awxb#X?VjM;F&&i%YAkx
z3P>5%6ZTy@d-%^j%kF!7C@yfgcKo#mx8Zth*-lzEiUO(8K`o{=j4RtmVJq0yxsX0U
z>2W5r_jN61G}$L36=$=a<eo!Kb<>c;I_;=`K+CoV7sp&P6GZeZgU}ueiZe}WQ(okV
zLsHuYUUhW>)g7R&tVRIiMYO7NA7JAG-h5z-18Oa>bpf>=*yez`2H1T8^$f6=0_r$;
z@?3zbk54|o7f`(Ck}U(2mhqm;z<`<s?7)Dk0(MkDL4kCT(zzA+j|Dtpj|;^?PwaI?
z!KI%AQ$LF*SFz~*HUQ-{VuKY0$)Uie3q?s{`zs!F5-U>_BzXsNt5B4@2H4F3wH?^I
z0rfesZvyJyz&ar^R2v2W+cTihJV~4m4>?ca>~Z#zJzzFyZVPbTf%m@VbpTH`S<TS=
zF4`Hkn%?KDO2E|aAl6k;IMLezj9Un0>^5NRa^*N;w<`*gF9Lf*D7xbZU_U7y97l{d
z`PhtD;vc~H=)2MhmLxWLfVPH9soN-**BM&6D4nQ**zSt*?A>&@oGg30qw2m=y?eQM
z6sB(I5TL1kVk^iiwOT*%F0hXRiubqsX+8EL6V{UhJ$(FktaA(*mSJ7?@#t%M5y^)&
z<l2jaTh^XlTyDf#kX){P5zuTaDnvrFq?6TtB1=(@jU%=uy(Lk`J!b2mV0b%}mspDY
z<%;KA=ay_mHWH^NHr1YUS8gRwee;qL5vl`{=nLsAH&&vTNFk>g<_ZcgAAmg`fcmgy
zA~so3XyQ@8jtO|gP6&990ed{)5#yAnx-T5@o<#g_0dFh}9S_j;0ppEqRqjw=hXuSp
z0Xr?Ah^Z-*0rF>13`nJg$8@&^6ft$Xo02brdO6?`)32a_$9I#y3wXqSQWX4|gMQCb
zAq~F})32wXTrsHG0S`rjVPbt-6XpIm4@x9)?7w-5!cm2^P+jvhQIvBfUUOM8^yo$V
z^x_V1nMwf--<P3O*iw5S9DljZwNC<$0GG+ws#fqga%hcxja7TKh<bzZU&GcIsg+uX
zZOu<dDjnP-P)GXL3ysv=Mr)dMl+uO6E3wv|Ji<B}n!3U=Y_DzW2Cd)t#*T;V@THow
z*C{<(S!PNqujXkxa}ra5tr3bV46z!;!~9Q-2Y9q6Cqe8Up(sgAZBn=~AZA8wj-2x6
zAPm%6R0>RuK9(bPhVWR9*ma6R4NxM9k$a@Jo0f7W+7nWH>2i?-u~T$8JBq^PWCGm~
z618Xi-WMgqvEd*JOQm+qqr7Sm6P26nXVkAk4I!>`C25EB18HTmP&_sKUv*^dI}x@c
zzjkER>cdMC>a{&`)>VJRBVnmjj||pBQwN;$I(DmV;*emF+t=2%NBX6eP4AJ3j%;Hd
zS>nhx=8>y$^@;!zV2tpMSv6Itc6f3E5|*Mz?48RCyaGmw32?K<us=(MFJgk&`HBKh
zMDd4%fH)We)N6<OPg*Y}z=bBtGqLQ%D;2J5b-07k(@c7Lb+|>LIAFc@BSM)M+g91F
zb-A`x=b$W;nU3s<%pN@#HY#h!%14f@TIh066YY=5cM<iz&v`sGeMz%NwEN>LU5oLl
zy$k$Jb9plXmz7<t?)Y2}i|*PaduwXA9l*`R?V@IVoSm%^U~$=So3Ic9nUdJ=VM(^#
zw$bI<eMcop#m)_<FjKvOm+ct&CtkcDMFFV+xkYo+hwIOp%Ybxuo)27`G>c8LLn?k<
zk}J2hxG`J+_&qgt+xL5vrZ@B>J>(eAsEA??6Ma5hm*o{dxwhsS&26r^c8|E+#>?7G
zXZ>NTY|VG*dXLog+OZtwa%SW8lzNqiTAA3gu+;CpWfhi9?WWd`E3Fy$4_s%)naryI
zB#xcbOW4_(OAo56BDA_SfYsQO#zHNcJ_a{yE~89F&fY-wl{)ExB4FGOQf)lJ;k-4V
z9su@GKmn0NAKeV4rWe$}$a4lpSc1CkgSgkUQD#n5TQsxI*{gY27F)@Pzh{SLzxf^H
zRt!sUdzqv2w29J>JDoc0HP7Da4@6Iy_Rv~8Zd|TCk%hT>Po;h)jmAl$$HG#q!H(*B
z)Xy{$K(5`vXK3zj;L30((j~3v{aUn>=GvyZTzl}iTzgo$T)P3qPoP31o))qJcD*jw
zuGi(-^}1ZU-dmoOYR!8rk+^(WPz|Y_&Qo~LI<mH=cO9<1owD1*I>X^&ch`$gE1S%A
z&~DEb&20uDddd#=6;G+MYyn2A9fw;q(~KH>Ct*AFXGd0zFfO*NG&?-*aZ$n<V1Lbv
zI`2o7BY&0VWh8iRd$^)7pAp-vC}&^2k=I5@JpioHcJ{HF%flV6S^U2st>jBua*XEM
z9x>dZ;HH_Y*+-H%0yCdgcoY1`dtiK?ROP67Kg_4acDI?D#-K=Qd%|Ve9?q}kNWan0
zan^+K&nb(#=vwTuVQ#}$Z(*raOW)QtOxHEo{o-<MAJ8@v_U=xjF<$=j<a*v(fXrXK
zNt6vuLXgA6J}S9BSwpJr<T7yuYq<Tc4%>$x+$bvKsbZ{LfA}Y#S<bYbmf6<_F4vAy
zmuvg{hnti|$x*Fn<&m|wChL`b0B>R(1E3N1+|lbcTag;_mm-t0_GRy`$Tr8}e7NcM
zC0UruVdcIJU4_z2>6>@M9g1rfK3jK~n@%^&hAeXi)2VkV-A(ZyJz(o@yzH;KthO2_
zOuWsM3!tXl1fMp$4v@NW^Y04V#Pc6zh3d`=EUw!tVXk!cN|ap<5aLxJzZnAmOX8@B
z+^ukPA<+lq2!K0AM`$_ID0{`I(cIp;q;agPrO&;pHoZi7^0v&G$V>I{bFSzq5IZ%k
zXh&`~k+f~-N@A>oYVE`P!H%p7bZ&}N=NQXX=e!9;{1zH`Sm}uIj+>Hv02qHXDYY9%
zrmcgw4OlWS@e1^;4@wd{TqxE->{LZTlHW2)-ot|eN$j`zx{hq*P^&$h=cTp4c*K^i
zNh@nSZ4dpcwJgkHt*}>FqyqHbw3;Sq3+*RCIy|UK!WCLm((~^6xu{WDyES(-Dr-mW
zzqBk{Bl9^T$NsfXN*KG+OYHejW9_hS15VMh>Am;*Uu;b(iYFj5wSRX-cG$y8ZwCIu
zT+k|^NY!QYHIow!tFiC=cYH+2n*FA|93J~((m5=voZDShV@Jls7t)DRIb)ezro8|e
z`gI87^>n+f?x>iFGK@mIR}DvVom(MobXgO3_If%kg-bbeL1ZriYtzcMR5m#aM)zxJ
z75ACS&Gs7aa&0$<xef1J&et{Qc6qjrKWT0gUBA5pIYV<fm!xc~o<K8AXRw!Tht=U(
zi-x&x@ktD%q_c@}si7v@2`_3{GdS#e#=P8EJ*R=ol)misjh6kT(Xt(0X{_E=;5J<E
zagCPU-e}ox8!bCwdt>#Mg4=MP+|y{;7T72>Ty_<=5lHF%{BWaXJG|Cd*&1*guJ@Nl
z%l3R-Y32mS>7xi2XT);^xJaoy(wxbR4DnWu4C%!o8K9ClO^wm@aIVC(BzlSW2gu<P
z>KO(gJx=HGE-CXsO8PxLw9V)kgc8(ibdaWABO?m&hdL)XJ{XQVT^}%yKIo=(kR~3s
zpLwK5g=BzAYOEg08y`@IE@Ih68Ta=yZ-U*X-?2F51UK%52y2PIp{NM{<D_q&vDmZ4
zG%cG4SuP;_))Miy08XLlzrC~*rHn0U?<(w)0Kd$~_xcE^RuVl(#MHue*p|QfrjneF
z|J==UV?6&YRc`k*<+3!dD|iiA6_$bP`y_ZBFbp6BM?{4oxG#U$5FY{g+z=J$n?C`h
z%tt`@NShG+Io0C~aW4=)oF<$D;hfU}LOcuPWkW!#Bs$G8&r8gK_Iau*Kf!MrvtBML
z`SLE;i-z@tu1m3u-%%O9Rf6%c6CgxGm9Y=jhSX;!_`wfaPmT6XwKm$%+yc0L7v`Zt
zPi#J1*^Ce%wpmeFV7~>{T~}eB(|J<;ql$-e#Mnd{<4Tspkw*g*?=D~u29$Ax;)NSu
zq#MDZlCl?Q_qGy+eN+nrh?$#zwl_wGWJM9zJ4QcUvl@GVa{#WJigY0~Nh<IY4BGCx
zRA<!I4d9kq;8q2BNerFEn#tK-?BInsAN@;d-RD}e2PEm3?8K#T*yYM;m~V*Pt0?D0
zr0YLaeI0|6=R)q5w6c$CSvr`tWXd;E4p0<oQJU1O{*;!5wb~uT*b-&mBw$qm1w;~C
z-Q-<smO(8X%)<e6-VykJBY=JACy1S_D10670$`T`Qry!DDw&eTgrg{1-ZmTvzJxce
zIu@YpBzBQu;eSaq^Un7a&dFIhL(!`Fmx62RkWp#~r8O-2^ZSaTSNQ^Am^bMIMI{X<
zHWENR_NM+a$cAgNXXl@_CKH}EclL*kmAw{Rru1c_m`EG0*X7zfXP0Yl{avnovE*{?
z_&b`@JCgC78t-xB&~tX{*K67I?Yp^AP4>)jzvBzLhkkCfo~1i%KichaxpoVBeJqU)
zTC0wRw&~W|_i29BvOP4{?vbxGH@z<kK2i0g=MMSIZh>v%>EJS@FMCI$+&pv{Qwboo
z|LQb1eP7!#wL;6Lx8fOa8;<2tZWoY}Wha7~41i5oQBDMQN<aaT#L1%Yi^lYx3ocW7
z`|bWYMaw2_P-WG$^JAm+lzypX)7NABX}*?CUr*0Z?e^HQ>T>Nk_%q5f^#-sn?Xst9
zZu)v3Y>?}H-ls|7vhvdU6-#PLs#cWO((S(jSQQtLFg@6z_oI+bEc5^1f8Gbi-~69L
zj*0&p-%AGmyqtvxrLyrhAm9{U1M2k8rg*#>`-w*Z&jVfsd;nlF`iSq_8li@@btqsT
zz!89lcr2#VfnBlJ1TeAOrQJO57l27Qz()WM>W*)W1Hy^&-ytu`xm2f)z-Iv-0lXE;
ze{TT3-(Ltj09OL;0z3vV$?)C$TLz+SfQf@VZwlZkz$*ZgW@2Y_IN-fKF@f;*hfas#
zNOHm6_(@E_GJr{^0{=JQv(fl11%OG#`{G9p0VRMsfJuh{-vBrY@aIte43s?xPz^XF
zq=&y~z~3-nqJMS(&x_%>0<aoz8sH_stALLH;Y4{R{_pbB>A56S{%*{}PXe9-d<rnB
zcnUU}fFl4;15C=@AN>j#2iT_=uM_}g0ZcOd3E&q24g@R)lmjXNwSe`2Qvjy}&H-Ei
z*b2BDa24QMKu_rG4;Td4^Zz3K^jkXL82|Bq_G8#L36u%@=7E{1e*XY@I{-TY{AK0e
z0PW$o4uGy9|NS>|&3{Kv&Mxq0PQw*EfIm5W`SfJ#ubSg|F9LoBJT)(w{}pKdFf8Fa
zfJyw}#is!L5yf`_Ce<&%D>Q(ufGYqdh4anN>5=yqWZnmS3NSyU$NV7+@e&Q72w;9R
zkNMw&&R;}K_1A&G&(<{any<uFEP%<3PvRptq5lC>0n-2`l^%;R4!9BUA%Gv0+P(#L
z0a~7bgDk*HXJcLmY(LkO!s{lG`)|s9eJWlAIwMtI=4qaHE5Ib;4*;G7bU5AQ;^6||
z4*(tqJQ2!Yczn|CX(!>=VPLnh|DKTj)I|S02$^0dd)_A4^8Hy!{ojZ3%`4yJ-UHc3
z0sOeftAMWoUtt$H3hk)_JOua*5Kg8a_<uck4~F<JT!vqbxg7KO6}U78n6v<SF9Mn)
zuT?02zl$(01C9e6_Gf%^6!0p*q}#5->ra4h0UvGiyuz!o76D9p_c|P-0loqJ8(`9@
zk7B(5Bmma{OnM1;zrP}89>XiyfAhQ_0lxq;AIA|NfKQKh1eo-D@~+&i&^tS%*YK;J
zKsx}-p28sk;4gq{o-tfp<UffQTL64q?lpi(Zv+1x@GD>m%9wP-v+ytAbif4wlji;%
z>n?!F^b_$9koQ@d{MI+&r-cE02;$wlDXG!}w|L&)0j~hw0hl!LRy<<`SPWPJFlo#k
zc=Hx88?Xpq(rx!(JqA1tcm-h6;rC(f0-OoB0$|dF`*A!8SOi!OFe&l?_AL*?hmYX7
z0zd@)xJRg8$Aj-bn3}%``6YmD0CSg}I*$Uq1@I7n<-&=6yW=7B1>hCH+W?bV{smwB
z2kZmbA21tm48WvQU&QAK0ha<U1DN#FOL%MfWz1!O-T;%H+K#ved<*zDz@)=*OXys{
z<$&t|CiTM&o&5lF0E+-7C4k=yxEHWp=lfu`eI4JUegktV;OGzV{s-U^fJtsS-V!>(
zk-w-Bd7kVWy}u{7R@dK{+>rM%w*#1H{}I4h&Lr2~m%x7o@G0O60FSf6^0Y7SExc@o
z{KEkzt$h>wM!;c!69In$TnGp!*6)_vJLI3YpxdN|^6zXwp7~z^egF&#>B;*LuR;U%
z0E`5fbRY0n0UrQ%hVl>Jf$;;l0dO1OKET6(=RU@G{{*E!#q&G>lNypA4cVh9uTw*E
zh99o$S=43H<DX&u2Ydqf8er0GUtm4~yajj{VA5e<!ta1>fa?Gzy$hRv0knaR4k0}l
zuJXfv{1LxHBSspwXJAgv#B~qg;Vi6afZKDD{IhZ~zXCqZ!#HUII{=sE!*_t2n_`Uy
z{Jj8vgUrW}c^>$WfK^?vcj=02c))$#F_)p-8-Sm{>)sjrYrsm#ybE4t4?JKA7}^v4
z2ROPnu5kdFeUJ}m(-&(aV0k~30esOPF#vda0OlINhlQ9+Apa2HFM!VhJCJwLKzx4>
z&}}fD>;?P?7(E1Y-B2810CI<UUK2ozJ+M~*90XVj*mHQY{e4E@I}m`#81&6p_yN#m
zT#~<hZ{Xk+PQn@mFsU5))qraO<M)I88E7})ezf;-zy#zS0GJOr7O(|yGT;=z4}iib
z_F{4DX(0O&;IheRH{d|Pp@6kTm@fh61D*z~L*Au;uK;U6KLhv<@FR51N8b0qPnwGF
z9|EG&aI0WC`~>(Cuww?=2H<s647@>rA%L5~yQK-fiw8Iv<!%Jj&cQ)GU^8If1EFsg
zu3-TqfgcRuPh-Ee5c4c_-H8160X2~2Pw$?$2z>$HJv$M5hJ)a9z{_acJAgZLu%_iA
zj=&oLpYaY`|0wjs2W{aullY^Kl}mAL2zb5R^Z46yH7j5j;AH@R$n4Atd}kdn?_j*e
zhyT9?@Yje&RiUc@{nwz(A=nojiv9-N3gB;YT)!SR14<5q{~_~bEyf~X4P^N#?PrdF
z?SOV0Ftz}9Z^XI*xGuDhz5)2Yn^70wCBQ3y1CB($0X_ok0Q>;p=UjVUg!MFm`R6jM
zn}DmXKs&C+I05i=<KB>Y6ZmI<-jI!7jP_gw+d=b<#xsCtB5yNv@V&9F*J3XWSaLmX
zygZ5+0r2gm+W>s`XTan5;t1eg0AG;U{|WqnIN*h6U@KtkbBI;In*csrJ^lsw0=oWr
zBj!&4_YHh<>hTv5%c$o*fJuC4r|>1{2h;%gn9k^z;cvi|06r4a@)h_Euo=KdRdxdS
z*vW$JxQ+lc!+OofK^_9|(T+8*K^K7QE^m_*e~5hp!2bv_3^-^9`VY|kQ^f0Mh~1r7
zvj9&4cqH8a3)lqs9>62khxI(^!)P9M4ni4|e!|=^atNLX8;*5k1lBjey1no}fafsh
zFG6|1qk!y#&==6316T;VmjXUVJH7!N3D^Q?1!xbr3hllQ5Tqsf`n<D59e8#E2eFP6
zlfR7hY{Ar@{`fEAq4k>21JPli_&;ox|M$cHL3*^MIZ-VsEv+d(#Bc65Yuns!;YYJN
zX7$W!8Hc_cFPgP?#y%O%=?W2;+qMyQ&-|A0XnwP{9rK|F21eR=Q(8vz_s-oXS5DEQ
z`J-}kfySC5AHL}Ytr>;T+ahC3yK~32SE9Y!PiZ;2Jwi6_McS$?N@oqT$n0TWl9$s<
z6w<`74RhNzVnc)V#!+v(r0xv6URagnWw}b?#`x?&Nu0*#1WJU=)k=iOOQU3T`{R7L
zpowx+e&9!RO4F8pG(R^NP6g4d39OmYlEer&wz={{i?$&V*D2C5Zk4&c+v_T$f#JC{
zJk|phs9tjwiFXU}z=G9#=;%=1V5%t89%CI{U}e1F+B57v&n)l;w`2wLa}Uft07bLX
zn{(T^_RW2<XBYy3@fK+ZLwsMF&=q-mvfgCj45GQYqmY|vtf|UZ9oxJ8@Z2fQP*=zn
zkO;US96{zJLrrR@Td`4KZ;WnF3y$}jR^?-&QGJKLZ0YAR6X!9i(}1(jnl?qDp(x$V
zF$A%s3~3&8Nt|}I2n-RjWudPv*9GX}RzZNFKx;izM7&KPjy|V;ink4d8shD&mSK7d
zwJNS#)xr3gAAa^}Ri}^?o5>C+kcKwX4ejjI+>$l#7SxPL>5`&@9_%XphhXof+abNv
zJs?o9M_Si`fgioqohC!ASBQkoy#tGs>%^kn1J|K^A2ry}0=!U+!Ptx))vv%G+;VPP
z#AKW?*`G=o=mX-2RxBmM<iCO1K&g0;w5(YW8T8Iz4sPlj;xMtpm7HWCVSfyVH)B{~
zd2Q+GKpJi`scui*C2<lXG)IWN3<ob6nS5MfhiWz5x-VO%$D6cmBx8+@8WjpUkfVor
zotiR#OsIs6(6ON*D=Nkzqghzzc!o2}PH=in1tb^~gKm;JXp)g*q5T5qOLdbmyqZN3
zB~y^!EZHeV=nM4lROW^!kZGX|F>gA03xYF(;-Yr{LeH8GBr;|OJ`l5trQcC@mN*H>
zY&KPF5G8X0C83cyH{^CRN6d5bBJCLW2ZVCjK`M8?aYoWU4!;A<q?^nhj#ya`m>|yO
zh+7!yATe{1Q&fz_2~;pRf}#fnSt3JiOG3RX+Lor;M?*^3>B)t&G_K>PEL9vEDL7Oj
zq&!p#ja)7s(Zd4gV<8gL!%7OXFDpbjkX4v+={a0-BxfQ>Rt9QiaIOx;1Wc_8dQk$T
zT0$M#)+9p&d*(n0C2AZG!eQ8<bJ^n*OE=XS35IaJX|v+vphSsM@K7U29=4WY_u^_N
z%%xkg*?c*gt9Oc(6;<V{kQI|}tNXtHGgcb>C!06y-v-v#)(otyE-R@VSXWWCens`b
z+M2R~HT6|>6|2k9MYXG!sQg2L7S5LQAuk@ugvuyB@gK)_5LkqmRPFooq_&y(`$uc5
zsH!WksiFlXwFkp5_`9T}c70V@#q#w_LiJt_qhs<wNUG-A^|dwC)pY|as>&+smz57J
zt*EQ@Dl1CM2Gmur8L+aXa{0j3^|h7Ky4t#$imDZ8TxDh5`ZeXXg)7-C<W`nf6_%+T
zbv)994a<p1(>fE6$J^k;NAbvRAmWh>qTPu0A=aB1zNZ(D6cXz~Y$&ld#JK5>i>5t^
zNr`=lNr~~qq{L)mQep}*DS?Y=T>_WIy2N~9QerVNDS-<MU801T)UlkH)UleFl&A+5
z^>qU_GP^+9ax77)@p#Fk-IoS=*8z)0<Jls5i)0IWFY_aDUx@oapw~~p-<Wr_;BLG%
z+)t&|b#>LNRaezk*VmMl*Ltorf}z6gw<Qdb3U>99n(~rL)qy2zD$uJ@n7}}cc{ssH
z6OIxe;d;v|tLv9BSK>q=b<Dt|HgR1=9h7t6>@PZTW!I3-)R-$rY1~Op>VS9Yu4w<b
zp93|;65FHGstk=$JwAgGQ&Crq-sa!J71d%J^x`txi)P0&BwD{G;m5Ptoj)lYAJ>RS
zej~myF8#*Y0G)`R>xf5Uz~ikYy9H7FSVlZjAeqE^1bKS^i$*eFJF*`m(OOseI0-};
z8E-3GOyRFIpc>K5Pv}KA#q%h`5eNCs#C_np`WR8M2_l{<)`_C=xFY&9yQ!!fKolR$
zj7J7h!bdg?<HurR-gLAyb;3w>>gtlZm1^GbID2S^5?xYWQ&U}Ia!^yG54LF0cQGEM
zVS`BN29G3uXk79q6W>UyrVxw8@mu8a$P6Wo>*si6F7YFj^gJaaJ#`@PcoS*bLClWC
zbA%`pd6ry8EJO8cMN)bdvp2<aMfy+@8<qBT#3OpxA5OxLw-Ko$K*U=Jx*;rdBnUWe
zm^iTzfB&cxu?m;0UTq?B)gbN3Rf9EB8D_7kK6J2=sI92dB6TGpY^BMpslcON<;&{J
z%5~1Niq%W1s<|?$=-+q0>MoqpN5OIowlza6E;1~7d1ZBVjg_-<{hI1JE2px0#gf{(
z`chrN>gr|7Ek1cBFzTynOO_kcymxUX6O&g{{)pe|t18N>v2NAZEgym10RHM48EvPr
zTb{xomZ&<Ll&^-)H42xN_#Wc1czZ_2gDSrj@xKz^r1GCu`MsF`4DfhI>GyY;9nn$q
zo+3miUpwHmPx%5Y`p}<6ya#bV-c3sP0TIs^v_H{yf({_siNgC(IHK2%{Yhvo^N9QL
zJw<*Y<+}@d5YYjGmJyXXXgRTV)VG2drlfdeB{BR=YdmrYu%M0;NyOq)MZ>9-=|-6|
zi1jCSF0m%WE+E#H*oDNz-mS!xQI`=ND|#*`Ds^4)|Iv1yVOCYy)~>2^4n+n*Tf~4U
zB8Uizf}$uYASN(lrVA*778FuN4rRjB3MvLLVnPv&U<AxrQB)LLF(+Cu2UHB-c;}pZ
zpTli#U+?pLmmky^W6izNUU{vvHmIkngPvL{oOw%$vsbeWR-98Cnk)GfEC=u!*DdRQ
zblv*wUxcHY{|dARGqv?#O*Dd~B4JS*Xcld;NIK(AMhInJP^rJ5gTPrI8T1hjKl%dA
zk7F^I9HE?;w>T-a7>q?pSPVnn%rauQ857`$)OIYkNt`DjH#gfUsclVadjYoNa<$E1
z1|;M0ywZ$Ko|#(TfWefA#VvV@IjO~6SQLlFy~rNV`^}hmK47-~!Z=)*`9r;sy)cd$
zW+vnsVO1Ag>_u!N;ap>j3a1b=wWIVN<~HrIKMI@e%;sdEmB;}gd$)r@jWN7KNFMvx
z=>bRv`B_7`<G?Rse7O1b2GIQaC&>Kz7_>izpMeeleF54F#HW687NxbIUC`EnT7&)s
zSv+>pSY27UzXj7-B)6x*?m!E%2gpL~12R7k2U)p48f1PR2WqSg{Z?CY*`k&IQx97>
zwJ0B4Q9iJ`sG$EXbWJ86>$T)#$|^=D?JCWC(ioSWT0VI6h=D;hfFD>nVobuumW>=)
zJ}TIlVO7HhRFn@MR$ehEX|9KsRSg|pHWCYs83qpZE=SNtSA)yEml0Q5OK#NcCi8AK
z*EE~4g0m2=VFo$;Ft{ey6#R(mHuhof(+l0ls2}E^ZeL&g&ndZ9JhCg~tm0e?NLNV4
z+oA5l(P583{#6gy3mXOdIo|3Okd6Ee%?6iv37GHLVs)=@Zex4)C17oj*6)}ssFfya
zKh1eEw@mTUa-c|5szcCM7DpR@1gtox(P6G+6h>Z?Cn0BYyICk_qWc`_AHc2{-)bU=
z-C&QxGNH`dnOs}tt1DllEXhY|S1o&Fu8v6UDH4&|8~w8+QaxbB{tgbp$WuEAXw5FG
zC(4@67QJd@kKSb9o<wSvi6AzqJu(joWuD1Lrbz1snX4xIi|YqDFXP#Dl1Oe-^L;R|
zEgqc$Y7QESZArvx406V7&qpuLbuw~`8(DnWAon<M>^ZZvG<{1OY26|7#3b((TSL}m
za_tCYdyxpDBhX6W-X`L_Kep#i%9UDRebIfKcnl62QJ6jf(#KPHE;uP@H$wK!*|_yK
z;b`JHjh)#i8p{{aefID&`cEZMXgI5_{>XaYFTpQO%Go?*lZ`|)^dN#Qg=0Y93ON^E
z?T5aF#qI#0J=n)Y9vhBrNv^3GTn^dJTk-qA{k=h3gn0`yc?)P`icd_$kJYJ`ZDPLp
ztE?-M+uEMm9%%KwlZialHPwz3QXIVJIS$#wItge)vf&^Lb$qIwk!qKKw#CmYQ|<ax
zTLiK;_;HZcruRTr%05Z8uT!nI)|3<<ABr^;$+fgp><F}1xVwpj*ge$_16iYVOsbun
zYLh_LyPOHKN;4a@1HQ~jwR=;IU#x3H;&ZgRBDsw$7ERGrTa6ryo;7$l&|0i=6Y+O+
zs!bNsQ$8&^9}<o3CE<Yi4Ve4H=2oDM^6oPc=cOR4ET4jGytg{l)}~tNCUUibQUj3L
zZI){M!XUG7a;|ySXQKP!;_>PYY)McDng}`)^Gp<uevrvtH~YJTm5Lh7y-k`5H1To_
zl8M?~$X>!0p=YAyUFt@y3F>2TiBArGaNYX;CVw-J?9De5jzZl6XvMA-$fn@?2;tQM
zDE9CWA;rSq-Ed^D64gL^dOXOUzD$UxXQSBDD}+>)J>u^m`&^+|JF)WB3r8uW#uMEr
z9Pnl{;m8$!(vexD1|{oFCqM7VJUuzrC~Fgce(4d;Ja{k<`rA1iXxVv^i8%9{kjzVy
zbG70P&V;M};&u&I9<7DQ#S!<#kQ#3TUN8r&-!c`nD%I+0yCt)8&ZbZ;!8vc>+JO7I
z51qj^KKJMij?u(av&X-igrb|63$(^(G0t90-p;#!kh*`Lci%{h#qs>6Kzn`%p?JP`
z-n~!iUY2*S$-7TY-Dl?A@6Wq0PTgP0yMLK?|2}oE+g#yiVmV_|NU;}_-5gs9-A6dr
z+M0y@fL5{w2$3zPpjgSeKuC{!xx5V7pP2=;XBG<a%wiOKW+lif_D89<#pd!S8*yq4
zspZB!grjNd12i8_#vlo`0@>TK@veJ2I|Y3QOTk${8{AD3A~si`SVHdyS@C^LNX5Zx
z$&(NTf$>}5@gDR~n0r%Mw1uF>r?F5PpRJHRKJ8rh_;f_~`0NI>_;eQ{h~6j`*iewg
zXOvJHpV5$r&kS%6pHbg}xzE`j7R0Z|aelQVmx)@s2Cgv&ZtK9su}-I%gJyv??dS@=
zGUG$a6Gft78;rhG0|m>+OJVJEoB62dZP*8yT&oz6zXz}F)$9x5sK8$WZ3Ols$c7o5
zF?3HFXkkC|M=6oDQT@j7thddaG<2&js6Wcbuxhxq_#WOTG!>54@NYotC|ZFmKX**E
zPN{aFQ04%|&wZZ){Wd>0cmQ7P9xdS^uk7z34~}8hr|6z5tI#)(k>^*C7zO`;jgNvG
zwiL8cWiuf)bM9qJ<c^lNZGbjh+(pPE#?Rz3=cx^iWM2wD%*)&?>^%b4ATLiE_3L4o
z+#bB{TQKsV9z<5xjr;<*cJ3Gp_(g2G8(ii#KI>kN?$3ULo{K{LsT)}jzU?-0xG&a{
z+CXCV-bpyR<2{g<PK>yAhfVPj#{OU}ZxE#la58tP63KN(z5=;dbXWXJP&T%tHWxev
zliNXBd;s4KuIt&j)OG81UImxrI$`scaE!|SKyDX_JaSv<yIDT)v%}22*$B2j4n7zi
z3e4ckI82Jo`gGt!6aDp0gG}=DU52&4|2u*9{vX7kNv@qe%Gp|f)%J_Vg39y@X34mp
zn{6ZiIBm<wy(F6~{PWw#%$3C|B(<#uodwr?u9<I~O@rP)(F@HbkOzx>J$jar8a-$$
zWb>huyo-7ed|6GdvHP*8@G*X4nR$@MEIn^RH3T42z5su&H{_445sen_XJAKc{s6TB
z<+c;D-Gz-nF(d9HoH<>sf40PuGZ&uq;nd?`%{O`a8F0>9ua^q+kHK11!)6tD`UD??
zd=2?FmpclVA0aufB<qA@9p(?9wN=^HGN==+;1-Yww<S29Y$F`&Pwm{qhrQh)S?~XP
zVdKN4gWblbQO84aZu56+eDFFJIU7yq1W2jdoDMGWe7+Do$#ZdraE!L+AgckkqIEAM
zmi3l^bGhwE`P0~Yjx0s4A9Y~`q{Q>{U2J?V`bo&<=P!_`fa|c?(d5$Y1#MQ+0JH<a
zYz(rOyEVv)$__%A1vRk@*BNF@82f>SdI>!c{A7$B`a+auuOgSg-m9e{zn6?F#B*&e
z2G;|vUf$)8c>jApq{bbVfHU4SaMaxWd<pgQTDflF=Q8og&DVk5NXuI$f<D5$IM#qZ
zM)uLd8la{7OOQ3=oMZPuO4{hDxf*0eAcw*qD52xT(_zrJC+A|P`z+{}vDz{X@{ee?
z=R@jw`*){sWdFlJ%l^ke7L8{?mi@1TqHb;3RvtW`kH`S{m1#uEp-G!_8RXYVxjJ5#
zuNIAA-fg&KqP*S@c`ai5IOOhPkKvO%v8%nFSAaHUegkB2T?w)nt^!#B`A$e9lE%?5
z@34dDmAN$E%HYpy3C{CvJoMQ~Nh380nzU_aLl$NH)z5*HdeNQ_j;g#E98JZe!qE#p
z?dD#xUPW(Xsdx)$)BX2N<lU_X*<1WB)qY8}TssAzEdYDG5hN<lM#9krYzf>MzqSRL
z|2u#zZ#skG?VTZ<xi_C355ecucxF6?p$`Y1M1M!a0d*1h`wU#eG;nT5nYmmWXkt?#
z8F-y(2GR1GJ-W3BkG0ib6FTC$iBHnHf>%!P>1Q{{oM?{^gp~RU&_Hlg?{Nl$vtB%g
zgH@IA{xsoeBPSv!t8`~TYWoE3AMRk~<Vx`38uw_HNYsQ|fL6NZfvhIn3$na?1QdCh
zYcC&u$)qEzz2Q+Tjsp+&m<<3YRbmokZjB$}I31Gnayu9Nd1<bR*Ofb<Q@j=6S1#TP
zaMyr3{#x0(bxAYV5@fbW3U7DV?OA`92Z+SGJP7@)Nx4nqT^<Ur<+(Wk+{>HI!Qj1e
zt?{`+INC)WVIsqQi}6fIaZDDbVdQUoI?&s(D}ejq$+Z}lL`QKeWLS(}z>m`XTQZ)7
zs=d~Dgva<Xk0<vh9BwN~EANgS#P2Tg6m}Ac6m~{`ZE~(OQrHdt`(#g6cgWOOo9qKA
z@nQL~;HXT;3rA%d47AEr0kX<e1+oHA1BwE0uW;tNI%)K3brk=2f{z>Oi^OW@7U(N9
z&x^^_wm5k`YmJkNLyL%cTe#-c<O3H+WNw<|b%PruG9P8!@4h18cYpL(@_rA-$^9ON
z(>-~=E8wL%qAkD2Vdia0jUdwfI43puLEL?O`7HY6Fy<1A%*9b;-+_D)>3x?ce7E--
z^l=f3@ACSe=&{F<+gaw8xAj3bUTOxiDJH+y%2ej+croY<Td5WL==;uq*YXA7b9lzn
zdp^*%y{4H+qAtU<ZmbE+g{WP?VIC$sS$p&Va96}7AY0si3S=*Q87N+O-(BRvgZYSD
z2mg8!kKO>(<kyxx=ZM5vj62YMu73|OmXKZrmwHrQ$J$3h?*pyz`4nW0&l-?L<!6vJ
zUUn$WcCI(>B#*wzSCK0CLz9WpWI;>d8EBf!`{|I2V0T63xCF97PCRfeWNx_JCSp(D
zhx)JN>BnI?kNA_qQAl0^TBUgdWG{9l$RfT96nVJiuJYi~e1yltS6PJ560{)CLA$Xe
z#tPG5F~z$?IA+hYkXKH&2d)9Dq1cFI-0b#N5^l}g--Z09+b;$$4EyIGk)#)}_XU<W
zfi~S(32KAaAA>AOUxOk^+wCR~p3D!4_JtRF6MryRlOUe%>$){^{L;`%_bAlw@`dVF
z_-94l$lWOt#rq!gYiiO)ZXrCHiYFc0g7sTG;%l=X15NzGL?Th#Sz0RveXJsoEjq%Y
z@n6sP6>RIqSv5a9rC+ucp3NCM$~Rt%i;C7iTQ#W!zsvuk-&K{Ps{f16NXZs(dD*Ce
z$>E_1IIOp`tFV=zlD&3UZq!we;$2EN(U>;(!X;Vg>xb@ZX+vF)DH9|{_Wan>U(H6{
zrT(r{2H|US@tApRiBl~rd|iNbyzKP`$FAyuSiASfATucC4IB@NJ&*p__`1La$Q$`d
zlS{zv`&Gd3eI7V`pD!G~FG3z0J@I4c?&D|Z4MYDjuYZM}i4DX*AX9uvt=Yc9^}P+<
zQaJVocR*IK7W*C1Jt2ppm&RQ21V|H){s3?dX+0B^^A)2D!EvnS3UG<*Hx=l2f#ZbT
zbKoKP^153`ckl=71?`T+TWPVM`DNA0ewbTaye3Qed$EZ3_#eu4;gN-ZKhW@BPiYPw
zUTr0{pmG#?@V`0pkQ8rKll2O7#;ZZ9Z9TladT8aKy_FFC%aw2klm>j-?ywQU4bWom
zJm(5W%XJrUZ!&HHXdloba|S&vq~hnL>r+UvcQjuM+bdp+t@X(3gm|X;o-%vVmTAr6
zF!&EzqRM7*K2|h#N(bPQoO2vv1dG!^wY=LHkG0pqvkI-xORX<;Yiq&p!FoFj^?5-&
zTW*HYslRIk`D;)uZ|{B)&ULV-GJ8q>JlP~~1{>?ev<29TO<T~7v5nJ1B)7di%iUU;
zPm^cM#7rKFEKiJ7Ld+L#+@d}Z8E)M&=jnyESERPrf$ohE=ZHjzcbi3|?Y`9fQBW<P
zGkpTK`QjR(7^VMYrcoEy86g_EZnFJTCsBN8-2key0~`5!YYdGeyIqB&sn{22r-mvq
zs7cPNxV4RNE(F)|u5c#izI$`En`~t%e-_=R2d@Cl$KSEgnA9vdSE=yL$L8Qj;l5y<
zCLslVg~R+fpov33J#nr~wX;Bd&@KVl*2tBh9%xsmu5&@Q)Ob&-Jq@xa-bh{F5lZJh
zxqW2dX>0(r(Lfgy@tynB6k#uLgOI&^bH5tycOu!yZ84SyMA!73h-Jib+^wU26ZfS4
zaMfF8HuI#McSs$2Nm!yS#%TIZ7H6Sjh+2niQJMb#tL>dNG5KF>oHn{VJ)5;&7jHk~
z7*RPQIjv=Pa%YPM{x5>!Hz2weV03l)xaiW?3t?>8u<9YBDo5K9u44Tdr?Rpl?21mb
zbRF|Q1(vkbm1<5aHx$OmVfo``qbsV1CH^07{vZ4o{U;$E%JlPwVM<ToX}0y!Q`Fx)
zJ?<}hntu`HRn<DDtf3S?FYuGl;u}hi{SYEs)Z>2}L}ir?)Bfvd?JwqXL1&jndcgQ<
z{aQnj4zR)4_O=XBFa4iOXS~IcI>4{uQdXS~`cRTL)<#Q_*`itMDF13nPksgUAG_@i
zV=61ks)tpS7j+m~IlMgi6_uhi^3)+6bY8r}kYUwBb%1<e<?s&G<<+Cgs>>_N22^zz
zIjVBp`1bs~sr``3_Em#U?LMaCPP^>9Q%85fLBD45Uq%(4mW;&O@3T5!^?wj>VR!{E
zud?dDaTpb2ApN9jNaZM{H#v~c0KD)AWL`M`i`sv<eu-6?9OKlf{IaAJ#~b)}9})-B
zZ@>T9Q1MBQbgF5n8aPzH8>mRngO;b~M8l_ezI+@R9%RVC{sR=RQ#Wv6R9@P<NluB<
z`jqJie>^#|vLb1TM(Vd_Npffg!h+WqkY=oZW%bZBa>L7qb2hbqMfn&VS51C;kd!l?
z(&$f-tEw&=cxwNVn%9)+Y-{)?eMm*+fU=4t))I6qR`qv`is_idtg2#I`YVbt!{t-8
zxu|xeS*71Oq>XnHU5$<{%gY80>OZu+Y>>w}r*>gP^(g&#BGOt*zv3$&K60?C1<@)M
zjbppD?T2>y`CUXeZ4Bk0o~&fLl9uVLersDBr>=m;f(;)uQ=e}g@JGV2X8R*@nV#^S
zr(z``(^8v&+tPhzVf}H0HGnnCZmSkRtT*gxZH8wXSXf7j$9B{)KpUA2z{q!6D}g#v
z$Frj_@J^erMQD}Fm$mskS~8G39UOay^TDItORh_0jj>kNes{1C+AOzi);xY#EH=OR
zTteo=T)nKXj&j3lX1Ya}7`z0X7r&-@5AsGFD&yMJ%xfjS`uC+s3@N@rPtM8L)|=G0
z!&Yy&t2J|bJk6!8{Gh>x=N%zB{Yrpcz)L3iDsL~5I7@o~&^GsaW0Cx_@MvUT$3GEh
zxj7VzmojmLWfW{?ggXwhv5!-0c)+(k&P3K}2pjD1fryw)o`at3kzWIOsKm#KeE1-9
zf^Uo52aaX_hlO+7m_JKhwq4p~;94;s=9b#bixDHPqs`o@{V7uakw~oieS`ju7Q4)^
z5*7YTgLq}lAsa>VT0ycN5nTfi^V*$UwWY+a;K*wI0-mT^kvIe#rT%2sZHPBeIOjv;
zQ(X2_Y7-&nPVsf4Nf`OQ|5Wsc7zKLWm<HF5+s0Wth;c3S1b;I(fa@ijoln7@)^F~j
z8h!!K`PTPW;G>c%^)qaHuWY}8OWi-acgd>RW@-#F(^=zcY}KqKJbo<4tyW$cm)4ca
zD$M3)v<_O!Cq&tLN{}zqZY-z_^QpmBka2ztwKZ57&#P(&p6EHbGq}{(CAe54wzj(h
zZ6eeIgKSI_4u!BSW39yz&Nj)~vfXh!;zynS4zw3o2HKZEhhj{f_M9FL9h}|V6Sts&
zSjSw0$bm)BI0o^!<2v~9B)F;k$icWdi+pk~9@$pxvV1N+1CLzfPB6E60d;EL>a_wZ
zZUS?wH&JiMTfJ9c#eG_C)pI{tZLQcevNuu%&H7r^Z17?x_1h5BH=(cV@J80!=J!Nn
z{pT~FwJ~e3(b}!mnIDk7O8*A5_N8Qhv+$`>U6Cm1O@Nl$&D_G@ekWwF&IbT(%HP{W
z;?y_QjuBGGz6LcKd25TrC4yMa#Qj9A3Hi&t6&h#y9|lK{^SE#<e7yy<BJv>y+vGOO
zdOci?gHKSu1=@zmI*=U;Yt%#5$(iiUMPgpKHF|Nh(g&e?i+?!K=Dt&~sEI5)!_7A%
z^4EixXEjT=R_a#hy%RM{w>L50Ev@Z%Q#ky67ij+0>uLV_l(Qj3XI=5P4Y*d$UhfgY
zv59v)(6%|wG!fHTnCh5>W$I0k0lsKG4-<dO3xM{PAI6|kYe-(meuK8tX0dnonO?H<
zpC@bsv`pS!NOd^bm#=_!Ri4+gaybDSCr8cz+v?$khWzZxba4Cv`ZB{7Z9^W5h2ZwN
z4q5+!|9zrSfS<)BN!*L}h#w_bhK(Pr`KQU2{P*0#BKCgXVimGZi<?c|14NV@BC(Nh
zG;K|Q)+9B<Kqb(uTjVXaPAys&TC_LWjCV!%!O9*6eX*}=-l99QR;$gNy9J}JBWoYE
zVYE<(!sEA#M+?&?*&|##sJu*0f1L_#ptB=QEXim4W7gGkF`;{YKI#qfEv)_lkEV-j
z3*G8E)a^OU?Z3>sLEJNGZrED{?t;V_?8k&nd=fEPmR{!OmcQ>L79YCkjq@r<?5unR
z)@fDV#&?b_`agij`CyYf6+M!<-cr|OG$!*QV-vWxkF7i19&%eO%<Ui&!=HBO-)Ew-
zcZS7kRadauVFK^L1KzY9fSipX$zhOlYkZBTpSxHLxtY;pbv&y2hSm|Qa`70P4F=la
zYzRg=9Ag<a0@-W*Xy5_FU<}B-=8{PFdZJL~mb};JVAI+BI2UMMpNA2J0$(mi_R}lZ
z0L{Z2u<&}#MU(FLe8gpHB4Ts)Zg~8z`95%*8G8tPx_$)Vqn0IZW`nmUz%}0X^Cf`H
z={317zF_$x^nAt2pL!WO)-6|n>-s?cpWrdBzYDJCE4&}Lz9mWe9Q>^AO3+BehBS>1
zl<*S+1uq7h!b@TU8XSE_N7M15i(6PR+siF%$FZldWm_M_?<Pgx#1{-QoB6TBQ{CJi
zoe7@e0bK{qdhfbGI8Ki)33K!HX-G|OH=^(yHoKd=9Qm9~3|c>g&5uI-6C^3bzwn5U
z;eSQHU(3PfLGB>2y57Il0ms3JrozzyHb<@#_FKD+74)`Xy<5u`uzp($?k;SeAB?Eo
z9wWy?4)?jtK=3Zfh^QKNO}=Q>h)2;p9cV@K42+VZIStu|3^RaMG_S<M!{Sa<f5F!v
ze#dI5zu;Tp89&3dKsbI9z7V-MO8b52UI!jV*LcWM@CYQHeF~h-ZBKfi#okY-J%^mc
z@<m8PEV!H1<MSHYI_=s;eBSd1tW2x|*LV}OS~xn6?~!Xqgt*PseX4h`<OV9ae&Bsq
zsG1sr>n0rb2O>|3ot`QYOUb!mY=jG8-OEdn7iQFXG_+peGI;EeUm+ZG>YISu63}fR
zD+}{6O@4TIrxSZCTo>!UKY`jTjqux|7XEtzc(xXI{pj69Zm0Ff8VY6FQe`bpn?kSR
zShD48E72Itw*^{c+GE3y(%gr`pi9}p^<-TRKQm64&*mu~F!B`$8fdR4ci`Zq;C>uF
zo*c=43^qIF>u*ECt9QX~PVsHGPegLPEG_>6+KG;@+}gKhzlPi%o1s6ri?xN^a}oo*
zoS@!-Um4O2-8+^ofi@i9!!5iw=<dV@em%j@+C+xj?G2q)oa^rSc93YUpGB`Pune0M
zK)pdHf_4R+1UeWrKuAgT5$!<8{5a`W0nzWbV!Cx2ba6?pwg)vqGz#EEpzVQ7#b$I|
zSaczzu@5U}VB*8EtC6c?ygwVF;ikXR$6&3}va}o;*WRoUj?VENWVQB|%=g{K3MF?Q
zyGOP9$Yh7qqmIz{(OnmC+^e%ExVG1>9>P&DjzS(60aS=sNavtVi236M5LHrg@T$b(
zEkt=|<|`qk-gI&avqy|i*yx96wX$1SvFB?y8jiQ}_H8e*SXSu<v_$bym&^i{#jN|=
z1HPKh&gLw92PZRAODNur9tw>)!VzGVd*aBaax$yZr}%0PPc`?a20%Z+)duu@PbX8`
z{pY(nI__8}Ydvihta%bP-`dHH%0*AWS9f$KA>ze1X6UOuWqgT8<s#hpCQsgtuk+;H
zZg$qdpS#s9<2k<FBg;~EyAziD1`8aU&>srh8~8-P2af-8Q?H=kA^Rzsb*V+^Vdj}1
z8>=r8`>mU!tLZckw?g+q+!|<2Ra+Cu;}fwhj_FYqq?Xr;YVbs#BaZ{eDZ8_UBlB)X
zo)WF(Jc#ZH!qW%9agETU;1m2!d<uS^fxktK&+}v+(BXM^<x4%87u0ULD<AF2+@HGg
z{hrK=YH8e+PwQxc-N2VM_z+L#Ds@a*`+;6FX#9SLZ~kN+(eAhh!l!>MaK5LcpExzj
z`rw04D`m<PD?YO1jwGkcdTxB=NvSUJcpL<4p4-W5%1GEv`R4sjcwH~e_X|f|eH8h^
zDba{O4_m8WyAamrkZ8oe0P8{rJ3H~MNHpR<0j&{V=hj|EeuJD5jd(^UsWMY*qFt>m
z=Iv@DP;U#WG0?{f8v(6l{hN@&_m*{2h(-vu0=9*_Shvs`d$(zaoOBC&qkFfoKhU~`
z6WqdQ27@4<rR{SibcSZy-ae0k*7w$TvTzjK3y}3=HjDOj$g0$b%b^!(DaL)c13Dqc
zb%e^zdtmc)_AR<wK8~cyZz)|Q9LawMXy;P+a*`sjwS}|{Qk?66Pj7?cob)>d`by!L
z^zg+c{if2dKluRNPi^oOrgYH6)$|^>ACPaRtoS^4t0Tp=5>IIDg)Isl5p|x{>++sv
zg2B-s{nFTurydW9rN5IMn?3>D$Is|a6b@fzAnUZDk8T#g;>6|47`eRCWzX_o^Lp`7
zGEaWhnt{AO+1r#l5S4xFBbq>(cuUd(9M?Uy0^6(E4OHTDq@JdFmv$65=S|?r;6d(V
zncG|TaDTsNVm0ao`BleBa1DCNBfbjYR=1*_ldqPq!ym5kq4yUeekkKx<ldfNKY)w9
zIpfn?nLp(tzW#x^&pLBQ3z}FPWO?2w)izGG{Zj4ZR4Y%l3L%B$%}J#bTO6*!#N{!_
z$zkXkbYHMP-AstqR4gv8iR-B@K=-PBInc`X^_YB<JUSaz>_=wif=hfg;CAf&wcm@Z
z38|IDCm@r(DOes31iS(qr<mUpjunXyfcD_07$mn1tU-3)ze+7ib)rJy_{g%kNQ|>u
z0BuIw3X9~DhPIGcyVw<z_7=__sde{4>s}Bo;}F+FG4XNq5kM1<GZE(#Q*B_X4NkS;
zsWvjz#-`e&R68rx&P%oFsWvOsW~bUMsm2H1^!t~XL%)yiqv=n9w$}Lt$jZmJpw>kE
zr_{BmpFGIMw4t_0B)19rcS(=46YTQnadwA{_j0@!xYXZUIau$F0L~JQ-s&9WvfSR5
z=NF;-%;Hj@bxK!ap-m^Vm<eg&#b!2mNOVcJU~fbH`5^C-?f`nZy%T5+^#URJ=iSXh
z$Y$=}!|q@`(hHco$@|EqQAdA3_kEsqW<qj`j+I5yXKgGJMY1{2`m9~t!uzZ}A&;jc
z&0f%ZijzL;Q0T_~a*h&?K5GcF+L(ha8!B+{gpCDSg&c>;%H$PKg4ObrO~u9w>N!B`
zfX~NZLdds5^pjQF+Pe+%lAa)OcS00!cgP}<$lJx}Nj5HlJQGhm37MUyZz=TSG<|PE
zuT5RwhJHeeYa_`Ip@Y2#_y(+fSOWe<IHLM1(8S*{&;dWol3F^Fl({$cw=VP*-TvqP
zHih1kx^4<x#==`eZ_>LXG|jcJ-li|4u1{MI6OMrUAtzU)9h=wt7wUh{>jTlNEpkK6
zgoN-784vOTv~Tmh$P##rmY)}nHImnnldYk*(Y*ov6g~N^(iiBS58nc93FA8x3G{oA
zMdT-;OpU=mfH_ZPz2jxz#k!#&ve|3_iD5wta2#iBjlFLbbOBn+*Bb++$DTYIV)Nla
zpz$#uJ{4;#WPB(xGiyqe;z{UUw)v`LW=+zAU4Vo4j~C%k6O+T)kjtld$>&3p%DO#C
z>&-miBPG5|nfWxCjogld*O_~O7Uu^sN&2Kmk$p?!O?2&gTUu6_xj{Z-nYl@0Xk&cP
zGV@_^ZYKif%a)nzr{sD;zT=Ty%xEoo(th#jOP;WD_B-Ulbm&=nf~YQ|s^dkrp=kUr
zsX5SkuGZLOA`jXlcd|hEj3#xiyRmLKcoVocupd$4E1Q`Ql54#9-X;%NlX);ko;8O6
zt)1+PMN+}}G$#+&!>6Mm=cMr-2wkV8Wsi4-Xk^@QpyhKFHr@hF%DYca-A~6oIVv#&
z*?+z@6KE~+4IrC<-wA3%L>8p34+|->8(Z=p5i#%->ftJpUgP+tD09AKh|KpzHGH>y
z+m_%ap2>TF?G5cK6a$Ha5R;?5heHN?1Id?3)pXeUa5*@RQ&fWER)H#TZ10@`j-8#e
z!LcZFA$W3bQ;%!Clf}BG2NE`d#z2(MO37%L{{P<|Rjtw;>J>%&oMl9El2q4MBlhPa
z>HqeWTG7@zJeDoesd)wbAAWMM-nqXG-r63)6%`Gx9Hmo`al$G&x+VW7=s?%75rdQH
zC6s%!2ZeR2=|b8K9=dhE`;Qttuv4c_d&E;!73Jm0DO|;(f5F4m!v>xjR%zCh=n&Y3
zvPOCuzRnTqKKFRC=yQ7^AKJ_LpYv!~WrxA*9aW6HOO8`^NRG1>oa_t}J45>K@~}$f
zYI34(Y*|G?lHy`$#XUWFnkg#c3|>Tjy)(XK^`K$NwUmD5IIHYPZx}B6yCqf4*Iz0Q
zac^)@(ZI5*ayti@#Bx0{M8CHhnjTLqy2--0_AiFv_vLReLzOMz8i^e+dRRrA3RHnx
zFX^6G<r8_39(Ej6KC&XN+SCJ8g+JLU`c_J|Xtn<TD>dWa-uhoTxti3O4ZiY!7wyz-
zz9i&-yQXBVm)P=g<#yCl`UZ=-iU=k;y;<e;OoqvE$$<UKMvSktw<)3UIHhP5A)z?Q
z3X*@L?XCCM+2Vm-T&1UlEUkYEoUqbrDkHces$h7L5|X3SK=~HxsPf^JV{~r2B7b02
z1{@zP^eky|a`HEAic(V8c1ToG(za2475%UkFMXT8_|oIj*TQqjQIqr6x&QlXT>rLh
z9n2pb#aA#n;y<W-;4mFb4u|q#Rpn~P%ZCpel^mfRoWFG+IBNXpupL%ac<5JNZm=bg
zo*V`qnD?pRD*w|)SNfq`Wkqr!y)r1d8(c3@9cW2Mdate2@A^*V5NO7Sfg`{gl+c}5
zg0-Uut^(_p7w{zEm<FBWviI}nqx%Nt#Xy@uT!%%naWMx{+a2!0#D^gFrPfbkkgO)W
zfvlIBD|sK})4$bNB)1s;?&htrX`)|3Bz<>la2%58?N~i#uH<mx*n&F-Xv@hbfowPL
z6ij_IJ`QLrS?3yZ(~B|nExgNt_WU&<dwwpa{`><#d;WD${NVRZOntHMD>H};SPO}p
z40C_yNgvB>2G$`U;@$^b9if*)CMvVl%E|2vsLtXfZ}dvIxm*ph<4v!FbfF~nD}>`s
zePyPRxj&h;zvWC>;zwhU`LR{1^#a8;S_cZp9{G`G5L1y8(0%-V0eZ5+br~cs2D%X(
z^W25tI0o@8*!KGy4UjLs!?6j_ieMX|7{B()yC0Ie_s_de&byzLx?hoZUzm4)ICWo|
zcVC@%|2B2c4ot(}Mlj;n259lyGw*&}-o1b7J_h$>P3$a4l-AjfZE`Um^VU}V?gCnA
zTMV+&_5!9}+TH@%`~JX?uN!@62L9Nmsl}JBnioH~wT1SpaJ;S3L8;H10L|yEgkm1i
z3TPgjh;y=DJQxzUAfBDKo|al)he7h===sRLR=CJ@UygYU-G3DSG_VB)b}7iB`6b8-
z##$j29d8zXg~ZNVqjKT6{cuO&h;?V6#kwa3Nj#23_IM0%-QzI?-Q%Gj>O?%MK^Bi0
zAdAPfLTNl^L*%vB%dcS9W;GS_mbTtt@wk+s1-RVT(A$7xi@Sqxtg?0l+QesfH}Hvf
zFA*yheQ~!bU^(t>;<3?gY_t7InE27EGlAQao97GhcP56(1>v(GC0<%)W7^fim;>A$
z>pO(_yBNddsU?sS-@|$etTSsEEeFTJtapUt%88Z8HOV5f+t}IAFTfLgD{VEnmfwc3
z7M$}*YsnD#)5c<z1GXlhh9H}VZVK81ZA(xWP%9z+wnym(+Dk~0^qkxWlJ!E-7aTL{
zV=!-LA@xJn^w7u&Zqp8r%H6@1b_ToN!QcA%u%FdO#aqA3U9CI3S~!w_4ba~1^={yC
zx?98oyAOAJyGwDe6@A64kO`h6ZwPysKcY_4WwhChpN0GbA^EyOZm3AHUzxG3u=(E>
zF|p_<5>=@idR3(OAV~E4$6(`;EJL0Y?ff9Ov4w?U*!UP=B+%kN4g)oC7VIoY6W<M*
z18(GJ*5-u~c{^V?R>>bkPIj{%a~likC2aiU_fnvVE8RMl<RIhm?;B8KU#0vRV;^^{
z1KQH%pBPNC_?2oRAMVWsRruVutsv1aZwD^(lD-S}zB<wgXl1c8$WCJHgK2VHsfQD9
zgfQ_d>-r)mY3%1VmYjjucp3)*P2_V{vi4X_f>ilvVLEt{_wX}>y=2^o`m8qo;`r7=
z@i<Aa2xzN0FN3Uqc@=Zrw`zIuFNh`MD^P4-eglq+czzJ}aB`<e{a!a#L^xZ(i(|jB
z6+}k{%-5YEx~YjbvpYD>74!t_wlMVG!u&l7O}>DS7WT4oEXa#fe+))N13nlM?|B3^
z{+_FW_MR`pK*x719@jv0kOIHwV&Yp=_afJeSM!)ZVBtRp*77Cx%dz)2^9ImMpBwlp
z<!Xpt6V_`T+nUrL;8;elb*lMjHVwh2c<Q$VYZ;Vhw*gP_bhicT7ZK<?2uC4kkE~k*
z&Au~4jSn_mu<<h16=)CcTWEba<dj^gzr!go-5pgcTi+U{JK^T*-JmG_E5MDs>G~Hq
zez5kP+gO46UO4voegfL4D5JG5dE%XIJxJtFW5<?1n+iuOvpdjAWjBy*i|uR9B<>KQ
zIJw@>oGqd!r0%ETu3H04u15Bc)=dD~59clbne)}Dc73YdE|eafx*rnj#E*dECs<EA
zw%7l>a8#VnfOZ&aHOL0tUz;;A|4k@jo*5pkaa{qoYY4K+(Nah$@bc8n3@o;L18wK7
z7syKXq1Yz7AxA-?hLs81Qv<Nwl<+G+7Q#df+eXPb0}=;J?gPgm&qpx#V(=Q!PJX_P
z0mp&8<QzRh^cn7S^>Wc)JWdWz1X>K9!YDbp^gYD3v|4FJNass!XRa+c^7&A3^gR{A
zvF~{rumkBB1+tQL0jBz~nFTW)GTFPHTfrG0_AJEQO<qFIM*p<}-OI+?z_`70|B<r!
zRV6f%bd-3U1sMeNurSgYQ6n>uz4KcLw3hP;6N&CC*y^TevwhczEp~qlj$3iof|D;`
zY<ik}u{_!mWGz)EA%*B|RaZ!yC)yhm4}CncPG49^=eUhE2$wpx@^~fo-iY1=H1RGI
ziS2_RD_W1F+EO8f?alZ<k^R>ZAE76E6Q7y61)Up}_|Zs6O_VPbG=ao~XFG6AkK1GJ
zDcB8Y=^bds=G|~$)|d7x!EwB<%8bqAbmY+nrvYvJu^1Hh{5%OR_5!g~I40Du0lkr`
zG6PRo11Hv}Zz3G;zctX-NZNtyxiU<3)XBmgguIPG{Qy30_L>Mfki0z?WaHioKz97~
zB9IMQF9n&Oj|*jvi%fnRQrBP8^Wd$$XnZ5=m9S2=)O+}ifmg!K#3ROSffk=5F-l78
zG02|dV}Mp-&oq&EPQx~t-pz-^Z<!aEiTSq_XwSWEBG0YDG--_1IkDpP2PR(TwiqpF
z<*O~ox~A?zY25Zl_P7lIS{Or3B#g1xW~05GitJV5LUdILi`;ZGH+Too{8(Tjemrir
z=KK~gQum3;-p>8ty0y0Jgd_HwjS;liw+DIbg%l&N-$Nl4-p^Ek8@hiZh5c>KK)o=V
z+a&8F_N&CBv%b?G@cR1@WSsYdk746S8ec@N9d&$#+gOkD4!BPIJVls<evW2KIA4L*
zOwliBtag11jgLwG3eNgDq2GjKd{aDD(9)j;?SOwdA+GS&F-gn4+VEJqX&`LkW{8V4
zbTPJtSj2Wq93IiRJ#*L^2hX%^anKdergws5{WlrA3KQ;;Xrp{^(_h$gatP{;OtU>F
z&w|JAF|P+}3(zf}fZeK%$*_E0+yYyULox*a91@e)AHXr3`qPc9YBn1uy`hi$T7u*1
z-Zo&%=>tIVX}u%Bv9WkGIPTFpNjRE}lYw>yr~+i!JQmZWGq?bvgD>R6CGKE-_)N_G
zHCzoeakhz=-UPDY&Vp2XSV;c*T<#es_Smy#Vma~x(8O0v#IH9%=GXhF_OTF2vxmMw
z_U@r%yuY%#`s;mr10f~co1qp?tU|U1E13k*5py5$baE3f8oNO%Jwkh7<0;+;XtC^J
zB3>K-vNh9wsdl_j8umblubd5X-6B5(YxAoDWZF28`86rk&J)s^Z;#{*$WU)st^(Kf
z(m4m*D!EkjCD_-xP&LZk>*A4RpW{?73c)v!iC))##Kw=C7EO?>Z%JE}>OgEzP!}|X
zBsWd9O@yM=+#2!Sr2cJ-gZt15ha2_vIP-6N96Xad<4_zcA4fyRdTPpqy#`H0{klZ=
z`+8lw)E*%Yb5rzBP)w}e0dMZUd<@q2D6sw&9LGuPP88N@1N2RVBQv&g*<VCE5sPj&
zR2^b7vNzUVjQ0ha*vmvbI}BT0^>6ZtkXW8N$xKYHL{7eAIsx5_@>D_mn1*{&YA=IW
z?Y<#zIS**%=1!0eIqoxOo?n!@z9dApSg;>KPQ&06P<-L!JB)p({XNip{T&0HwzcOP
zO(F<`n*eP9xdq7PU9E-iv?Gd5ojM7n@jnov-=bpD9}_=hbSls~=n;k1qm5uY1p|*)
z4bb9sj@x>6or~=8ng*=TV>43Q*{OCzs@<My^HOcGklse}W8sgW`dmj++P=cj<NOOw
znkiUT{OZJNMV-mA@vfyV&<1Y}K<3;`$cu7Uq0GFDek9;Uxf?b<LhXT5((v|##2Q2&
z@D!g$m4O?3N(TwY8=8u&BhD7F8zH6M_1^(j-$TwUbZk}OWnnXZ)5YzKybY=2zJCTD
z@4kEwE_MAk;Rv<%6!Y8*S3M{8mYN7hZP^59VsjITNPCcF(Jmls+&ibPdk9f@u-p&T
z3*r7|VA1RaH1~r|#IhgA8qE_@ZGez`@?5EgXzYgZL^CnJrT|Sm%S4<n09iKuBh{u0
z>Fsy}d=sR5F7B**8McQ;z`o$V5*k_lK3Er<;Ojcqt;H#=$?J{5u@Ju%IKGX%EjT`(
z*tbCM=l1qWj|ay$lgosoO&#ne{$fTI*qj~?#OF+KeD>oUa9oM<54X2?&T@Mz#Pfw!
zh--SY@6G*3f90@)t`sfY^Da2*kle*pu<Kpmy8abj$+?)yLcc=%&pYcIc;GK@xNkUS
z8@O#PiC)}-)?owps3wuMi+~Ha-F5ORxyNh0gBj_CQ_AS%QYyjxIfY^o4o9S?FERy3
zC<+b*<YX87_Ja9uf7fz7jswUk*}E?-DoTzQNKJS5c{o1zT{}5V!$E>NBFQCP!Ugw~
ziIJrA0<yxpUe|XhtJ1w+)qAUa6(twP)-5V3`0%Z~`uB^G>*cKlDg2L6TtCy$&sGxa
zpDvah@oxyJiRHm2kXTvX)E#VrX*=PlLLHEct>W(P7FHql684t-5Y(@duqMFV{0u=K
zS6l=#kFQ9zn^SF$P#UA#ArYgy+`%4Pg1HZro<;T`mbrz+Xt}V*=rh#sG@!TCH$DS%
zZ(Mf}j??oyA?t2tOW7`v2(^nl*kWBz>^;=J$R27xK@Vvd;ulHUA25^nz2`%aB%hZ+
z!v81S!BVwMIQ)Mb+5P|6Ei6@^3wu~!qv}ffy3u2<wFkUk{W-PT{7hMWqYeJB>IE<L
zhW+otF<=`EwEkui2Fc|WXFy^fZiZu9y1ES<3qJFNqxpZ*W$%|>bbA{Ky@rk7;Ijf*
zn~0XrAENuO7d`{}k1arLX^Gcjn=Bvvf$XdN#b-%Ru0N<P64RV6uD3G3yQ2HhqX*Dt
ziUUA4&l!<wV}$fFd=PsPBs!fdF!2SF>s|Jg-Qy3~7;RzR<~5)#L#!~76nu(lviR~X
zq$JlGhaWK6#v=L$&^BtfI9tg2+?F8IItnSR9=rV^aaQ(luysHufO7ue0O1(=4FQ_L
z8D<)Jem=72`81&A`7BTyA~qY_B+qX}_B_82{nUuZVo2j$J04hqjqhr|1hnzXQjqz)
z9AtU_9mw*2olxeqSn>S>(#TC3P8C+Y@De@%rVB=zX6snZy%>ItQtE?^t3)GBvvEl_
z_8zjwCh3#Z_S9l%pIm$Y?eY@XE;>7GZcAauC2sG)+G}&p+&+iRO+)(*`ZixQGS@#u
zqjY7?kxO!dp_UU%dIPXF*vX}a1^On!ahl<8K+B!YF_;oV-ffV5vt$RLH4dFXJK)*A
z*d`(NLiTZgA7Cdejs<N8Ixf|Y2em{yNl10v>)>c77Q{qwsmJ&X%)Ru_66Co@ajqK;
z+Kae*Tet%K;!JLrSb@r&D_*Xjq+3?i5sPWx4nQjcyPJro`(m7Y=IB6VpHmD#*GV|5
zBZDFFv855%c)+8~9A8d%YaiK7E3m#U958y?u|N9)B&nLOI<Xe;4dICIk3cW7CgMr`
z^YmP@p1-k3#J4%nvUhtEvE3D9RdDxIJ3&Z!>~p1Ikhqwy!i+7smm_Nt%g8klo98YB
z#l3>}f#cxTgTi6F*o>pCeHq<XC|`GTuglBPeSY{p(Awyaut>uE77|-O-(lkY;xBIF
z^{?oB*;u@qf=2TCN%W?$za<rAGgvfEyMm+Z-Ca0x`8c5E@(>g8WF)4^_qfO9ZO;bo
zip4aLt=mrrwMM%fWbfcAkoB0430b_B3n+p1I#z-seV;nEcmFTph*g~n1T9ugK~_n(
z71Co~aoQt$#p~?4ui<n-_mfbE0&T)H9AurtShKYlO#sHv9cF-IMdT_o@&5Qa;fT>A
zK#S3HCX(WnW@^5DZP3qXeS?9=q1HbHEe@?g7KbiEF}Uaoj5r(x)<uBk-FS$O2@=W_
z$F|)04{*%DZv%g=J}YZW439$NXH!oJ`_ACApdHQ6=P~$(pPKn)70ck4s^RwM--5;$
z_r3zhy6;-BKHzHav-m=J=e4I6&^n=dpq+{8Mxa)p=0d7yUjADkcd|&FgsvYW=_YmK
zRq(pLmOC08zt+5xN4!C~-DO`)eHe0PjRszp=*OY<R+fRHsDBLpo0rA!z?HF(2-XK~
zlmo=^SLg?m^#NP+tM)~r@ny0)!cnQ4Bj1s%>u!sKw~?)JSUEYqlF$ZL>S1;U$H?tO
z*X<XhWx{cqY!J|LZwdxF>|xn)1|$mNdEi)KIUgL?0$u8Q3zBfP>$ctT5Lj!Y=uZeo
zv++E#B4hrqanc%_pTPPx<;LDqluR=_KY9Q@FezEP!s2_E`?{44zj`{h>^}_L#1APC
z0I!JRbE-&W*a-9+r$mO0gq8XeQ^1j7x4CW^HcvPfVV_1$vgtXuw`swP;K-WSz>#II
z7w9Wpw=DbAb<48Mbo11*tbuT3Srg<W%Q`u+G4bBub837M_aKNR{uq#XI1IE|{Nizh
zNOT6H(KWgu-_LOy+vT5*iT^(GGUQs(+S~$}<ja$Dz*_m^*;}#qRopv}leM1(=-#zH
zhOS@Cy45o{cw6)u4)W6q!s`%S-HNBnv2pXakrPipKzC2SLw{LSKdS8y@Hhoida>|)
z&EB$Bb~-|9do$J@9Q*mbz{P}jfKXJfgG`LV-v`~t+DE${i)0YpGR(7++`-at9=O{3
zl=H#$eS76{;qYgsn|o|#qq~>4q9^IR%Z<#>1>m=0l>dTR5$x+`0(#qxEixZCwpRUf
zv-Q=;A6&QW_}ws1W-pP~F}tbj*q+=393SO582t4V-9c)jx5M4Zn%;iGF&(HxzD?ag
z)*Ho9IQdv@9MFo^*%*zCb;?=D-t5moPd4}-fM^e#_$|R^Tg!##T=oIWOOQ>y?^+Iy
zCi-J=T_3-EAsku0+D*Ke{o=&Redbbo*3z66j-I@M%l_UsgVgr0T7qkQX4ML;_eDH+
z5{_co0chf`7(6^h`%2!g^oCFISydmb{5P*hA?u@NmdXL>UcQF{Z6sEM#r3*0JL{v1
zvvKjh>sp+qCAStl2z%d#=1Z_~Kc7Ior6%SNOJTMBYU$T8+TH?w6Sy^LS%ZNuG<=tL
z|1ov1Hv{)Ly0DQ*9Q)lEXk)F8SY%=ctB;xEafKld<Z`gyIQsQq%|5_SfYnEXpA?QF
z^b)dHlNAPW{}(8Zw66ijZQEai<7VTZ!1~}N_G=6D-@rCjZG4%~WN&pg1MBi#takv%
z=0H2)Xb|>89vg-JbjZeDwlBcOTdYfwleYRsNbH}@!^VFKelK#Ls0xoj_V%Xr6JdKJ
zs}Pf)c7G!h<>Gsw6|h#9%i?~`5u<?ZC?30rd*PIP_;f#XANKS%6Vi9ATX-K|25I4w
z$x2MT<V*tE40EQ5Ja<2)XC+t8z5rV@Q5UFMgRmU>u}%E2eFM5nGV)&mi?3|HBOGI?
z-;tAf*PoDBNXlFxJl+R+8-cBav@jLlJEU4)Q2qE>F?gKk<p{8DQ^2}PI124lpiPS}
z0NF_XF*o%l;zcL++;U8|u{ZKQ&<2&OK?mdQTF`Ew-$8qTO0E<#U%LwFHTb!sZphx4
z^#=CF_E69vpu<3ifd+sEfJT5U#8II3Xrn=$LE}Ic;$)D8xI&1J+18G!_t)?k_Y}{J
zqSZt|(en1~Z;;sUX(b$OU^}1<_Pc<r2JH=MMbN#4<gNQ~7$kmgG{PNhelfwZEnuAu
zjvI(C6pogEI?#5bt^&2j@7b6p%hB^hEb|wj>SA9bi!k=Zx98p3yVExz@r#6JvxIAT
z@!1X>$1}DE$EWjpgL9s9#|uZjE_V|j>)!#1M&UkeeBJUDpe5~%LhD~4aXV<qRWk93
zatokEeLEoq?=8gv5c6aJsGiTu$}#rUo)JJB5sk$_KM^xeCL+gL4A7c`>rEsF@5VMc
zLh=Z*C*^7M<S5|tW^Uen4m3Z$H477e0LDbH*3}lcm9VXa<2AGfn%D({lcJy>A!1$}
zkJ>s8l?=t$XUZdhHX@h+va#-DY#YQ-@B$I@;bPpa-d~OTn0V<oBKv!|9k>mtz6;bE
zv=G~*bS^^no#V%WR+66qS?PYoZN0&J6WO!)pFoS_J8t1+{Uc<5r#}i3+Bzi5g`#T|
zF28^D^~wXF(>e0zUrHDbe{r&}ii{SC)Jz82c;{R!9^{j#{&KH?N3EF$j(PS1aC}Vh
z$pZbA&@Jy)K=i{!BX7BtW#xx%Wi!k#gw5b*w~jS}Yb`7reY6C}EoJQr^c{sGC%Ood
z6Me$eJUp(z_V~Q*z_6{sdEw-=p_&S><u&R;%)N$O0<^wm76!>8=Z%nwgn66GR*CMy
z*q>VnwC5hj;3c&jk*BZ22f5o@;ODrV!=n5?G<MWK6Ar&t1LN|W?XHu_KI!(!Y0&uD
zK{Z&r5X5StaBM<cft-Bf;%dkg@2PGC$MO7m;Q0RDeBoG1UI4Ul{bG>K>>hVhFCfpE
zfkpmX^b?d6FP%R@+az}-{t1hpZ)|pbyz<rpikXj2_i<wR*h@HS;=w>$A{&gsDasNr
z+&4oX=SpQipz#<yzVPv`u*K;E#N-EE--yI`?iX~O0ym?Q*&;cwYo)?5LaGn6H`oYd
zjl?FHsyDOennB`Z+E$qOOWYY*Tl8kr-5;=G-^;PRpX0!>s8Q~^*$;JW1;0`_8kw<S
zVm4<&;sn+C*!XeQOWelecB2zJdoUjxpHM&OvPbki$aX#kUI(7w<)Y*U;W+A_acuE#
zBpe-7GoXnr!q{TA7bHGuxqmoN8hbdl2M!YsUycKs`1de2UnWDsm$SnGU#2>?2QCqg
z%6~1;#GAv|e0dx)##8iMIN;0k;J91;9dP`#`a`#|Dac2{F_8TfXaj`LKo-ugm^O<y
zybcm|w*HMW@fl(}LCHQw*d3zr4&m<)jy1&|Ze;q=;FyJs2RHH_ae~`ez-I}Y@!102
zeVh+6$BW(2-|Zz%%;9?QDEDo4fj(E*d|T+EKY3q)#pB>OhxejzwB>KONep?M*i7mx
zu)c9lI)8NCnv9<uTVVBXl8w&#VAH^{>AQeqxU@gmERF<CbnBxEtWN>!^FsJC#&sJ%
zT<F-l`OCt={J$EaACr0O@fu7Ywn@H5)9hyPhqa61nXn5qUh2WZF>W{>`N}C;^6^G~
z2u{9)aEd?C%EFrD#PZ}kVH2-%(ObKloY->6y<oF_7^E(VRJ{(?Woz|3MsNEA_Ch}d
zzdV`G#9+BrGzw$p7C~ExtS^*Vpc!tA!#9G@nBq@t0$HUWTSaPl%GXM|0Bu~-!$kZ)
z0b~tfnGiQ@C*P+Ti;FjOX8|qb3o&{kAMz#eamg91`(aP%=SR_OKgDzYx?aR7IkfjC
z<VBrN&DwV5SI}52{1Y7Q?#6QrTaIli93^xc<m5-CZPD9!Aw%CGdYsPa-i_^vew_cR
zxI41H)ct{eEVc*GCg#1dO=@;Oh<SZH20qp)cMJEr0^LI&jou<cACK-Pr=yqU4lsYt
z4<mB^qP)#z$b(|Z=1O$`3HCKW>!Gg)SuZskWRu4ih13^$EA%q5$M7BW;)vEKkd3|8
zuENG+^)+%u#Omh)o8R&_nOn_fu*JMSB>ZVC9R6&AT$vk3f|?`m0@@PP6|@b=Qm`G!
zQqUS?DQE{e#{Az2c(TC`z<qhTBWMt)rx2GPdU+fOyH~xK7xAIcSi&6P*n%7bp6H{#
z31AIsy@gl^(^m+R!Smbj2V?O3kx1m~7eE_4|A2+Q2A&L_Gq;IHn9UqpIo%o@gXfL~
z`d*=13VT43!E;ZyvdZ7bt!xz0PuQ%>-P#AwRc>u#h-u&$JkKo9X9-9Dd9xt-w<t`_
z!)FR?pUvAY3)?j~-;^Ibe+Q4j^DmhDbmkABjX`S7l|eFiZUnKx^Cm9apl=J|c&;VT
zp4$n7ck_eip75*F0rMfyXs3_lArJRh;Ku$Qr(*I+{=m`A{)iQ`XB}HfcmX`cdz6>K
zu`~OQu>15m>Vo_Mr`7OS@L!W!HN0KwCpxoWz2IhIu@Kn~xGg!o3ns}&3-^Hx^&<|4
zgJYCj4vvMB3gM_t6J7S5-K!v3@7Zt0#>XCaBTtEG@1v0VK8JtB?QORD5m?g#BJ`7E
z>p|Cn)irpUcbF&ksZPLKYW9W2H8JObWA<>qaK!Hl<Vm?6F-m^}`kNYSdwvxxMwY9=
z$+b4~g(EJFz$z)kYcs>3&E3NK%bkUzf!@oFceXOSKf14P9SLmBgU5qx1*^X~qm`%H
zB#;%fGldka&*{&0Vv9&uV&dJwJePfg;YoDw8(wm~rN!cPbni^R0`5SFzkw{Ak~<2*
z$r{0+o>0v88Ut<OzrBe#?}lNroZ7>Q<xnrjHbFWPT;rwT7;u!${=)t?C!pS@;~n-k
zromzZ;c~F8N6!Hj6X>m=Dc<wXEwG(mpnnXGTZ2CljyB~RH}`C-f2VBf_`X9^;aCdZ
z0@#LtTAB#jKGpUBS-a3R)%FEhWj#Ph1<^-geUQCE{2ge6qS09BS`2(015Rdb=R)dw
zH#5!5?X}H8t{*S-_PqYAn|rtUFGy@lmEI+MqR%gygSYd*T7pk-y=Q@b3^=wdM+nE-
z<rzR*5;_lq<a(<c+}e_ID_B2#BPk0UZwG!@IOgd~fsOqoZ*sTHuh7LM@n!Zt@P9Fo
zw6}U9G=5<=MmU;@u|S*WOg51KE=jdnLVCzs*EtXk;4rxdY~|)bGeKJmdV8`y@nP@p
zSLn}*9&WAg5z*H{Hu1>p4%KglaoQ6cmrnNv$M)v2!cnXS0Ilac1q1!i$ll!qWZz#n
z2WYuA%`JQ^a~-l**4tByd)>lc?GwnJzL$Yk%-$@t_$+VneQL4JEj*NZ_v%6KgSQ7-
zJUR#|rf#uM-r|JRVxU=AN~#b&QI`R2)IHnWW6@y_BywpPCfnJA9{{b#|Hut|Nd0Gl
z^+pTyWSpP*8(4dO<oovEO*~uMgTwcJ!r}W6pcz+Uklb)Q&aJHrxd8k!KOMDlaT!#@
zuZ{dY-vNzV<n9MY*bljGnf;h>yv0|LYe!?e91=G+tpVS`mZlZ02@CazkN0K*Es8e^
z>0w`mx*6FQU!OyNNqclz-&|Y{k1vI+0B5}XuLYkmDUM0qC-M(IS7QN=geGNqtVk4@
z3Fv?56Tad1WSo3^^#Yudk<SuHtf#&UUKhVa{RT41w=aJNAMEeG<bL5xqC4Ch@`eqZ
z4h8B)X<p!o!bt^j*@pqALUh5D^*a+W@_nFl+{jDh73f|wR-->oB7A1w^Z__u_qB$j
zB{X8PJvg>Ly9h^1T#0-@tUF!@`PRH6mbYN$73?-#F6L)~{wC(ZV>9+O@K-un8IgDc
zeyPr~gza1Kcx#g%6h2ee_IjB+9eR3Bvr~)j#iFt7brmkF^C?>h-&ZTLR#xxF(5K}~
zfVS}Pgo#A_`BZx;)m~4vw^FU-A$gjd4=si0GJZU0ARH%lHUrxHr<EIcHEjo(g6%$_
zZG2R=FUIYxdiMp|DCTHTTTD*`S&KasWRrtYLYWbfn9Cr_WsI)|$7RRYx^55L435J)
z^Ms=xeH8hmXtX|rtSHHC@A=yBVbPp#qc<0hYT6k&X_0%O`;ucd(Aw;=pw`6ZtW>)~
zC_dzP4KUiCXE5-V?M<Ln?6=&&vuqXQowRg)YgU$5Kj3l;(=abxYjJ92PNj<k?S$DT
zLIh^=_K;{9JG+C`nZq#m_WTH-4a&+eNYXjTi8)l~t!D#meD(kalcM5135l<tF9qA^
zWF;tmhW3+ig!nViJkBh}H0n+*C+6@s;jrEhXdxblK@ws)Btkp|JlMxnRl=6^iv;{!
z_AMamvF2e|7X8g4WFHl8zC?PR7-4TA66K>cx_*FY9_|Q<gAm7H)7s?0KpVjfH3Jhz
z11%5E1Rd_Bx#SVyxl?F{C@T#_BkhfGd1s>f7=Ld~;gPy+!P>OtksXCCfSm<=RMy3v
zeZaUsL=9tva1d7BG98M`RIRPYvcX~Stp9M}7_bh(5W+}s9IzW@I_jCASH|Tw&sv>3
z2YOGbmLRN|x!UYJ|8E2TIx*>1=0Sgm^`%9S8T|6p9(xSBbeuL)%+umWMeAr)!ZNcd
z?3GeA(PrBm+EmMWmUC@jaky$H;pi!QAXlVGJP{Xf@J9h{$Z;t)$r+oOCR>KyZ^oqc
z`PBBG*y?+oX7B;BSKQBlmRmn#F>_oLmvyiQ<E(S$F_F7#`Q0YXMRGmOpDyUvO;kF4
zG}H|qmE>SyGdcwELmeH6w{-%%!jE25`U6&=Cxc_j{Q_`YDRVFQk#V^eo|!L;MooQB
zkW_w!WPUVwT*!Kcrb3w)^ds8{wK*<6#Ml~WZC!he?$`Hzqp0o~55<e>3w>Z*ZaWY8
zNa*wFYaAjPFKal^8l%xB5~<0lcD4}SY#X7>#Kk-R`+*kU#U}FL%a|v>6nNW-tw?<c
zj$gn23XW~wx=)yHv&Gin=`8EoV%Lt)xTa?>aNNaoG&nY=hPjQ6?yDSI=A7^LRyHm!
z(C2`cWpZ12NAsSjz2{W|zC8Im$U3g3Px>2bqrZxW&&j(&qQ~3cvGp9iz%kM~&L6Nr
z>j{o6L6ySs_QwKkx-!K?^6o;=HlRyW?W)x7Ss{85i|(rsYt~Ah64JrBc<WiwTnDph
z0^AMnnt|GbT7WhOwFB9k*-gl&b^8cquGN;Iy^TX*@s^GT#|K;cgJZp~qQGXPV~f>k
z!tUpJsF$fan4g!zG)ijdOQzRCXX(dJ{x+_M{wsC89eQQzIv*Mr(JcVSj|mqFdsxd+
zuVBZ;4<j7<wD`YthTOeB5*p*Wzk^jy$%;|n=$kKc8`I}HwumouZ0+L`aBL1Nb8N5r
zL&Ny^n_HVN&7QGP&6gIAt-y2yTW0NV$OmMHfS2fV$(}*|`~iD-kYnqCPxD8t*pG4D
zx~0>>aa+v!!d4Kj67VMDHaGQ!j0F%2%F5vrP;1oR1(kXm_Z~R5GCu{!OnTF2h2uQb
zcHq#v6zDw*^#0&E=~{Uubct3~{mqONjctQ7aM9k4#r({?KHYV11aC)olX*aEz3v5B
zE<B9w$uY@&AJWQ)$)923ss9D}C;jdtj!gUxzkn{$M)sRLC;F1T2QOR05#H9(K6@AA
zVR69fEXP)>&K8bQ%5-GS!z>|}x{bx|TE`aWI~?14ya%l7n<zjFz){v821i+6B<%6|
z4fUC%Ue$VD;d-lFTTqKnK4onPncxG0P4hOJAtx8Qwt!4>o3?qIcF4(XQk@|YpKjoY
z&;DR-yb<R^gd+}pkdqHN_Z9Itk3c>rf1aZ53*tAV^>Zs|jIY{&W74n-I1W{IcWeP3
zBpmJGvB*iO8IadUq9>PhO~~u#7202#*RMfu$#oz0+HQfy?VxvoCy~&HKye^u5jd9I
zo)V6I#-+$*6mRqAWoQe$<@q=AcJJY!6D6jvf`q@{fa9W+wcz8Dy7C9CP0~PQUlh|f
z61VhS*Jh&e>RSPAf2%z<`u$C^PrD0Td%N*WulzGdq|cmy4PSALoEQYxZcIHAa4Mvh
zcamdx#7~Dz0a}PtG0?4tmaKn3Vwd3x$2I`G26NAmJCNsDL9j<2hiiE+Hm2W%#z*!(
z=czr+>I>kmMCexxlFL2TIWZIc(8e4vY68~XTXnM5-nD>QW!nd2gWH~<<x`R^`lCc+
zVsa8LNeCx9u@I`lfe@+-^jpBu65j!ivl$D8qtHG9G*6bff$#FJgs5WU<F}aj)M%rn
zCVNq74+$T;gX1Syy-erH13)(4KPuJ681lj9nc&zbnd;aEJ=YZIH-XE%le`P8PpL+W
zy-+lg@fa=*qtv}7;+1_B^36IGZVhI$m&J5uHx{|JfF_Gvdq56L)__LBYI}b*0UX~L
zyU=l45_gqwOsB3f*>Z6nF#7Zd9a~TPDAv9N`wFs#=4Ss+fz2n_v^4n(pe=f=23cAC
z7SrStvA-gFFH-c1ppET{K{oVkE<`lUvzEv{C2WsATAAkgGZgxTN{Ho8C3b$UYBUa-
zQ`z%VAdS3JI2~N&5jr2-!1d|iF<xLU7LE?+O5~&?xE2x(^>x^|_j8exhWai@bOd)}
z<J0X2kduz!2}pDV&x4~Qcm*6C%`)Ne{~hF{qgg59X<v)HCMg@+EE9`%Z%?rHKY7dh
zgX??t9u6MkX+K`rGUp7$<Os%eC)UMY4zBGva*c2_P`A45Rp<`4H;)$PZPp-f6m_o2
zt0KpEsM~<s`zB{w;W)zA5&6hS?hzv9;nAo&MX*&^`%-8Pdi|&?S3t)4CdVz{z8=zj
z;7%UW65$BxY2-sAq|Zexq%Tl+jU}3TucaYvDwyVc2S~5vd}n{yt=dtuTs{+~rk5O_
z3Xb*HnZgnB0_5b!E{~&oO?eJzC%4}OS>Nz(s(q4bTfDC4^%)V1@IjC`kA4U^!aGhl
zDov%Ec$UqDjPiE!4)B&<>Yo!<X*xsyXNx8p{-3|HRX$>1<)C3BhIAM(Y=pjkvw<6d
z_-fXevQfIICccd0mO<9LmM8r<RMCYNiE}m_iJ_Il%R9t%M!NcE<f%hC46hv2VaTxR
zq56W>z{=qrs>`cKl~tEllntorpbr;~8{d9xS=I3NLn_->4LY^^n2tN`vhz+I-35mZ
z+yPYOR{<qo&RQ>GMT47@DKj%<(7$EM|Nr<T-zY2U@c-X$Piw*TOL2SBe|VDxS4UNi
zA2IO%AXXbFH~;<BQ~trNq7J;e4LtZCZp9is!oS@$W;kD~O1|M#HegtPKG8RzY~ZQ=
z^*8+_(|QgAD@P0-He|HQ)v(G9UMjVob;Yhxz}Hv1Y)~CGxP0LFffXB!&uOE}M{m%9
zl#EJB>w2M#k)DquPURy;4^K?({S%FnBHc<wrG=<u%R^P<{*{B1?_jNejnwe+>Y<f`
z_EwcF8d+IspTx=*6%DPdswVI7Bd0sE;xepSMSKG>zKT~`RK%<5uaDmKADVvlt+xD0
zT7^1#lKZ^|$4B7m78TsZCC4O`{-dial5`YYU?p=kbtUi8m^IY|w8YxsKcR8sdF|yG
zSaaDxP)($F#ZB^hYjmy1n9&YqL<_!?koU2>qHV6Btbe-lG|}*KRBCe`HZ2qdx49IW
z^{t<)!Er6ZBL(_%1^OGp7XG`4bs{o9io^>3rf*2s5iT>@5fUe!_7V1I_Ceh|*E+6@
z?gx!vrwWs%OZC@$xE#kiu?##D630)j0#EYgtU1E&^&-?Zsn<`rk@@tUFkb(uzb2Ht
zX<qy8We$@3%o-eCHx+iT+o0~2dcCt7nNR(N@w!5PO{m1NPOL_Zf`r%A;PCo%VfXrS
z)F-s55jk?5TbWlc3FG%a_1A=zIM#_DQoRoezdr<r-(L#5-z6)gzLNL59z1e;4`KZ7
zrN8F)fjHKQVfG=A@VgH<{61dT{T_w7xpwe;STWI!%%@wxS-<oAt^$3ruo<jE)VGd}
z{O;B^HEaA<;{7&4`cgpReLHBx{Ah4^-@ibw5H=rYA|~G70f}Pxn6StGHPp_j_wPW%
z``kZ;!}~_y(6<ma?|UOA-k$^s??(!|_t&HTO}jz9FnJHOJ)x1~i(p6M2wMSbt2$|J
z@53VSFToM`pTcIa-P;nM($pmD%Rf7dn?n}?{OgLrtNQY_sXbuDxr1;SkeCidtO<(|
ziTWz)=i{}~;1keK;bp$o_AR)U56yoDPjEf=j&Phutp|>aJvxGy>q->Ak?MHpq1u4A
zb<-2YV&r!|4z<%&hj*dnxdXDcSoS6C?^+bFe5$ijPkGGh3o2Bfaczw5TkWlYwgu1@
zWScDA%+~UvCouMG4mH`0j|Ru}2`7N#%Au2mW9nE2v>E#FFg71ggPf<SOx7lzW1v6F
zCy()j^<B>qjScJz@`mQmw6NUR{ka-?x(+hBKQBS`!-8;K0gajb2Vko?t3WpY{~B~%
zP3-NxD`IOM^+C@>O!t6jKbvCF9UKQ<k8$1CnT2CUQzMA!R3yvb+cESadyk-{Vo6v%
zf|X^+vsmdqF>`(ya?d#Jtl6si_s|ct?Cfd&9U3>fZ~R{P*i}H4%O`N%A-XP!h#V*!
zh2apOO-1^dfrV8Dw5_V4AUjPqD%B={`uh}PKDdqVmfS5Ir{5j{+S=AjCKBk%RQm~J
znbh=sJzg3Oa&yRJ&!FwV(Y@~kwxz_~K^CuWhH@?OxTkQW=1`!$mi`#ji@oj{Zf*NF
zS7G8?m^TUH!CWL;ke-iWNqo%vMP%QFUIw&r$H!PCciw*riF4y$gG)Upntgz|Wo1jC
zz0ICN+LZTp=LCoj@e=$1a9jdcj=8_EbCDaw3h9OD?&A!gy~b;V@Zd%i%k8^`6gxkV
zu@Is|BABcMM@#cD=Dr5GMiA%kkgR0>h+#>ti$#9p4<&nSS^%x&Z7-zg`upz)iOrxc
z;FuckZAN%~EGU+I%N%z^KVLZB!!)2}#kCkD*EZe^v9k9NsMJ&Pwwu_yd>0&BRI9-8
z+qpl$S8A=m>q@<kL|4~NT7Ye#vD>{LI2OTrf^&YT=Sbn$HSY(slRgtbwo7$7rfO0w
zm;T|z+RN*~M@A(VHiLz3;2HUplQ!hRQsLNsTn04pV+@j?wXcC>e4plfa4hfD{#bam
zHCT0lu`1BavGo%z!P?%lc<l)JYKrfg?Nso@UIkC|1J8)t5r&E6cCh#l2ig+fSdf*p
zb5reNkl9_4YS*UP?LvBWUfk}1=*LQ=eK9x&ZBK)(hQ9)`8ou1!E!dU9u_W{f&=whg
z#9&AaZ~ugJ^wT*dp9nv$!wm$}NF+wu8v{+;+(evPfvgAEMJV%-b}uX`-C+6*o2`!>
z8cx2#aso`R#Oy{v?$A9(er(`e=&S1Myj8vg8eg)xRXDQYc4S>?VLm(niQl`t1dfl5
zEeC(b!Agtro6xJ+5wynSW2g=Sl7`jbPg2XTq1U9A>(+Oz`>CSgCquRX+Oeg!AoF+6
zRO^;%`=(kikadR#r>=cd*P~L`eyQsTsq5cU*Hcs1YN5;nxpXvkHvHEK{6yIYf(sCI
zzh^RzT?~&g-Dlt!>wQz8|1NAf+x9aVBm>R8Au-TAT-f~|i282c{|b2ce+4-FpIxBe
zA#DEt6EX4sD@gcX{CVR4W<nX=s;uFu^&VZ|S^ot>cW{I?us}bxK%XdVVV#ATOc|$(
zM4x#X`q((Rem|t4*N!D%E7(tA?K8FK5l4pgKOxP$!}<t3)NApV!W66D_1D5KS|!KL
zBETF(X9lonCLF8vTLP_GcEmu-+-9*K<P@K29s#yN;K@Rs{}a(R*ZEN2C%#kEo?D3C
zLW3LM5L^r`!;D~`NF8BMi$yn|{g=$tK$;f~Ao}f@MbsTSftx$Fa^DKvAZzVWYvG7>
z2jpDz)H_3BOTQa7zLn9_ZM;kF3yF=-;~ZPVQ4ZFRQwevd>$YoD>Dcr!;1Rh_zL7q;
zz~v(FWIscAH8_5cb3ItMZ{h20;CkLE-2)!&`lAK<lLh)K;B9>s`YmvbJKhKD6C?Qf
zd4c|euw~~Th_#{|m3|>I!9!{YmIF^VDbQO8+mqWM){TYut|HN|o&~hmGaZZMdnq#^
zr@7yAz>Pe0w-@LOz>WR7#Kqu|ZvSe5{zifRAvksyzXWS*t!>s`#ShRp>0Gp0_?aSq
z6ZIjoE6K*!77s>vPVe7d+elbs-dJ#C-dP3u3}MTHYY}TjvpWY8nRiDxka_nM=#LBA
zlTRTgnYU6T&dvUTK0cNJ>aG#VdX3r-+)@orsYUZJbMiH+<G|72Oe)aNDbQyKTfkQ$
zmgaUgG8;19EB&qEK$Pbd=no2;@u!G718U@ZNX}n#_RFN&Z!MJRkVbL`Xg0SaUUmXU
zB#$Z3Pb|=f37hZLi28-Pkq06AD1+z2`>;LJAWFXyjkUVQ;0U5qf!?J+-y59s5$6G5
z9egBueG2rW3iLt3W-ufSj0}h9rwTkd5**)*7#l|D6T#v8RB&l-C-iCH$n#mkXmj<~
zJf0thM(%|a`<dbUz~elwi^GT~9|MPPFM#XhY!v=FSp5e!?+NqwEB!U$+b}e;77}0L
z`xQLKpDO-3?^_NWzBK~Z_ojbyaBO|<C>%u<l@(pz(>(+lujpuSyrOXh`k4j#bYY9x
zm5AOD-z69w)vIpmi)5ccq8P3f_6RiiMk*2T%fmN?Mg+D7M+EjS&<`!pj~BKG3_$c*
z`Zd6~FW??<oKSi~Sb_ej|FcEE82-QCY5G6d%1JiUk~RC-@mOy^t#A*bd_?uA@gpnq
z`-4UMTNZTNa2D96kA3<APxhA4hBg<9C0As~$yYY)&FHF89kkI?R?#8Z{<7_g!tJDj
zU9Sy%P9+{ocIwj4lKl5y<;ZV{D0ctN7f6y1bSUcU@4gg##DhNZu+AztPiuA@dmZP&
zU#q8eGMgFA618&oJi4w3GO|o0F4_MEJ-K6UEqWU>*}RKjcdB?Nkj-g#PqqD1?Qqck
z*d3E<C#BlCLYc*rb34Up>zTOtMDZq|wO+TIh!+onb^|R*wWm_;b&w4L-b%HPgficZ
z(daMvuGFQwOKHw8kgQXCUNpCtCFvvJKKTBn5P!3KNa+Qt2kHT80y3-3K?kC32ignN
zA=P#U?SZy?s`W~>gH!DY)4UNmS2(kU=4BqYOL6k~)hu9Ze7jwUzYm!s=uwajK;B5L
z-c7YnKsLVnNl35QmkNJH_J!%<u7Z}+O@#2VCCWCS?LoG@)-AQ_nQDiCY_9kJ*n1Pe
zxRT<2xH0z;2#^rMIlC;2ZFXf__8Nn@Bw4n_%92(id%?@{7|lG5W;L3boi`&(OT-P~
z`nbXsl7GS#APGmpeIz6#Tp<CHKsb{?4g%pyAbbfq`TwfAtGoKWC$HD*P4a!of;_LQ
z@9OI6>gww1$KnejjO?{ucQu0FgH5(O-ueWEpN8kyZb72OJZ9Q0%%iSvzUgUY&tvzj
zciT8sZKs$P?#nR^V?O!W9k&~4q)WqQf&*ci@|E5A7}f_**y5*qDn4}8)&2}o;&unf
zbauGa-?^)@gtN=B%JFVv5$C4}(=qA@eKU|Ct?r)XY~%>qgH!;|);J;R!SU!=rP{iV
zQ*{Oh4<NLeAq$=fa;^DKuTZdYw$=}MtA~-p>2ht@9vmACdXrro!fp&=#Ge0x&sUS@
z+rwt7bCWc>tmyOA?32fDk|yVimF6xDmn$%d7{Tvy+8?Xb`c0zOu?jCi6}PmFoUFBn
zAa<nW)c74kT({py`)R|?nr64#81FY{hieYdt94rSRZI&P<|Qr!PxouRseV6mu@vm3
z4TkV!jS20)e?tYOz1jfA3LRoS%o3Jrjmec-zq;D$RjwMn>>x3su?k_U3Z%C-Yy?5$
z9^dG4q(K<UR-;;5PaUQ^?dfc)Bg00aY7eFrE*2Cp16z*)JsvhzX@}3X+QyZw27%*t
z-c-d)^E=?M9+?^VD>Z?*E6lp^o#V#<62I1*JKM}E_+vwqDlB`FTnBEt3Zx6PGQkoK
ztCLKqe(m%kfHKeA+i>$F=+ZP?Zr7TbpM5+Rj}R!v{P`|cnv02=Rj#_4=WASJNsMG#
z%bI?aN|L#S_<B-FVJM(dUVQ|X<hfF#H02dXNu-#$p6|h2yWziQ)6@QYs=Q(6kW(r>
zGVIiS@x(lZZ){W5S*Mo@AcPR<UthV`mrRONU7fEDR<5tuvrR6=!}PAc3Vzw@RN_ey
z6XNwHlj3F}u~e*}*THsfP|H?F7V*zmWq#1l)i72$TpQFXL&sj4bq?~3^m#3C484Yh
zATc6vdMTG-C?v&7dZbTW>r6fPZ`d+H+Ub4^{UR0so7*cn5MzJ)1ilC`=JKqC2+7i?
zm<6@~9IKozBy;oldQvHw{zRvb!WM=d63CgEjByPB*jiklco509@Cj#|Lt5<H8)GLA
zmgLkNkJhLO(zk6BND-~hGG6ucOWrhsxw^MaAVu_QeJEA@w2c-&EGVjUyTQ5MD$iem
z(nNY(mAa<dQtauO6G>60iSx;fCSKqsH?%vI-MqV-fu4tqc4Iu=;CxcyO0Cmqr<JbV
zBOc?>SS7-8qXoebz1xjM_@=Hw@P_c)X%Na;4vSlJehZbRo?b~if{#|Gk!~=e4q=vL
z*+9g@RyG{eOPX|UnSIr*#(Y1`h!E|TyVp<aF$CtuL)jbj+Ws?xDBW|JG9|WNm-f3-
z7E+&-B$V6+Vw9f#uWNxIAtDMGR%fXbx?9=d>LPa_Zu8k^kSYe<UfJpw7klPJQdB?f
zwZSCUFlJa8XdiRc)k~WLh_Hk1f{nw1VTG5t{By`Dl|pdmT~u6P4l0S4Nzix9u{u`4
z)GEz=eaU=rG$;D3P{KYg8?h}p!cdXh%UZX5L-R?6Gqug`FmPtxb9+8*Bd6MF5D+;*
z1Ua5&S*<C%r5I^9QR&k7<9q?26yar2YMq9h+a=vwgv+ofmqtsi5K?Hh#gbmdW8NLw
zI^`7w^)B>?#OA<b2UBxL9AhA*2avU%##lOk1xgbyPd70yWZ%bQHde7?n*+x!xxx9Q
zLPEf9t<#}z{P6}7l9k=Vk5!1}TD$-`l<BI2hj>QE?Koe>N%Q*MuF!Zkg2|oEV$A~+
zsV%ir(w^ETtzkVRRS`29Vl#20Zd@VKl-j<WgborJEr3WU%J19b*4*fFq(N3fWRiAr
zFptXt$7o4HAfzxcQ(%HdEySj)G!rU#2R@H3F6}&)D-DiTr0cq<{Hm*2s-kZU>V^(4
z_G_JNtO6+vP4|qgUaPO9)j_TAWiy6MAqo0PdL9m+qQb4jMrFqX@L$~wK?g~6B$vjm
z%RwdaI_XqB8gSdGi=Eb{8(i><)`pMl@GjOe$ik!nim6CmqhvnC4fs!}N%3=%XTi>Q
z#@m!j>=ta-SS3DdnT^j+NGXQQAumb9t~VeDdkO3bH(3=jHhj`LE%n9NERB<l(ONfF
zxg4^9SL0D2F6t~(OW|v&Q%@X<iz&b*!{Kz@Z+@mbUH?7XZgp0Dh&LUyN7_F+Ryl#?
zLB5Zw@A+CIsW-dH-oS7c8mf3<-85k*+N+|cr6MP=*;>UyZD;d1_=8u+lBza?ZWPCB
z<>1M3@D&jK`(QTvNo{`cK#Y$6VZD~YuG;0CFg}~v?>uJClthYI(96WE9km$0XGkH1
zoUXNSlH0VpBOZFCCj+yuLjmW~SVhP-X{?&f(qr6+o3IAyL_(e4KN{B?0~OnwNjt>2
zNY0#r7{0Sb-<MRbp&vO|uAZ*-;s{qb(m2+3ql!_@Vbt%$i4)5XV8^`GXD;kGaiQw7
z&Z4TJ(Ys-_oNW$O$z;2m(W<Z$T0Fmua5+n7=-*g{l8g^_N}@|DVUvCEKp9GKVxOj~
zJ9V;4Dx~Sa=@<{=&Q5wdj@3=7;`)2OnHH(igz`!`%?)a3VeI}FMRvM{;czHYWHbkn
zd8ZN;F&IJ45c#Bl*&C8eRW`W-{lm_ngMi?3G=<>1zH=2DLMyKU#-)?U7(if;gPj^w
zXwrEtJG;)Dvk?dH&8fY^Y-+7H*t9k`yDe6UcOP!`r^tfOMr;S)O$QBRRud;Lhq}_^
zq`B<%S|4>L3Csao3C_`1l770@T~8B?M_M0rbCLCaiqjkwIfUT?<j#>J-F9OVQBBH$
zZ54!(bR=uH>gi;+7a(itS{=cwu7>4=LxKOIkH&CqZPScbC#R>oo%W__!qj1<RiC5p
zo%yZht`QK3$=clkGyo<gv{qd}THu@;2sjjRyw;n>Lb7XwvIej_Y_?$bc#?EGKnc7@
zWP@a>+t`G&1^7X+(5%<(WT^$817+}1hBL7dE^@B3V5^y+TFy&xwtZZlZ#DbDK#ywY
zr;;nktp=?go2HKc4>o`w+K?IS@1U2)KDKdu2xBNi4o^nx=T6qS^m@BU*D~2%>$MTT
zGt&F)8WH#k;z+AOs=^J!+j{y~8rE0S!88MF%NR-fnJ>jc>nNV<M15Rob!o#$ec*#w
zjRrL|anOfzlJybHRR<xnfuPZVd5VTh0Rb$NA;EDkn$$^La)IZ-FcZnQD-W31Fl`_g
z0^;5cax8*5HE7^7N8d;L-P7<Ua@xZ?_|7?^8NsaXFSk`9u$}tqoIqC)!!^v}Lt301
zOPBg-2)m$k9q0W9_#^)$^a+EQb%U*r@RJO?8IW3iJ(M?tQxYGF0?FaldYUEUtHXXs
zp<!zQoXifhl@N?W$zlqFwh-%rjiFiY*XjYDz<6gV1mh5faF|TCI?1tGNKyt{2IHFv
zNfPyqPtX%t0%Dlga85sh)0tptw~KJ5%mp1kJcpT2WQrxBV1Q^#Jf8*b+<gwEc|J$$
zT)Jz-E+V?;=TNBavo7R3wr#O4Hk{|eh;7qU8J3L{DZq};cJOmSbwmk~@#XoUg}BJ`
zi1E1KbEb#57=`!sHD@fUaGrzRXncFi(es1rP}~hi$4E6D+?f1({G7e91zCy=Z6O7%
zU#6URMg~3}W(9r*?UZG%S!c}{)^3OaHp&ZwUXo*Yn@<LLA;SqFNg>rigTDNVwpi;l
zRoDf0?#@U+nTJ*Tu911fvtT?I67CremJgx+e#WIjMwsmmrZ!p#T9G<}kdlI|ov<6H
z<&i`RpB!yMFqhQ@OY+$m9Dq5Yx(*YEPTFRKqzx>g1Cy<E`vVB5UV`aw4v)ZtSXJN+
z#KFR<)$G6qnNxdo*Orjiu%@;JVYW{O9#sMf1;~w@5r#@DIF?L-7P0n>XOuBW#_Mai
zWPoD|Ur8?5Y<HJx?W`K5SxIX>3kl~Oz5vqOHehmQ6JW`OK3D<#;LZ(J(ta|1II#%@
zo&(?T`4r}ZlhscicTLGgrfJan!(N~<+6-0e{gwhHm#?%2HAsYOFtbT=k!5jiOU5Ep
ztzJ)279HgUjMVz83k0D3PoVC}O*$S4015Niu3;SG_;->{dL@&k>;)W!IWWf7v@+1^
zJdR3GW4heNR&b=1*|3Po(=L3~)g<dviENZ>FsTox^%gp6!!iiTY_|jAg$xFKC6m}S
zCUJu6i%;w@IyonqZg#qTItwi;>nxJm)qxG@EyGryyT$z6#W-X1!Y<_mA&4~i$LPbB
z=)dU0&pHYOOB&iGi4~8_1|$Mg8`!PGZp6Z3khLB=cYy><r`reBLIp7aZC}4RBnuU@
zR>MCsrboK{wHmfnL;&<JZwNr$Gj<a~pyC!wI_^%-ZQCUP+a=tJ@noB|)3mpU%MRIs
zjaWvcs2}>>dXjFm007gIQic51TbaOOklNa{I!GccirRjH0L-)-EzEjTcR#dN9A-#X
zI}N%cn<yLh)XGW-?0+_}F`=vyu^qf5X)$wLRK1p^bNwY0o~^W&!zlDy&6Pnl0=3g+
z2a(RN!8Uii)3C{~e7VhQ!%n?jBR0aSU`0tX$EH(QutqSZE-(X|zK;6_!69NcZ34EQ
zIv_C^w!&~>K}2#GW@-I2U`E1rZ|=vzE%MX6x`2YZ*!E2D_T98=*}#3usJYY*>g!sp
zwUU!9Rhb7k;#qDam{S?ZJ82@BkQ8aONJE&9K=SRtSS;g0u&vE>p&X`3A3>q8Z1tfm
zDn!)jP!HSS($uQ0q$}yJ>56PlqGN{UQN&J1A)n<jO&~0o@G@EwIl;N0V9n<uP$UHr
zK=3~g)BEDoCmvz-gxFfA>Ey6aylZah8Y~wk-2kIEODrw538f^Ak(2^u2G~rUwMO7}
zGaP4GCsNR;R4Fw>G(gRBFqb3kE)qqmBny&>FwSP8E}2XkrsG{B7P`#L4$4T$LX&I~
zYh=I;V$fV{9bow?G?fjPGG5#vDJ4Vv&&LP>5=aJ1*6}!#&qBw`yfzoJr0YOtv2dT&
z({F%S(iP4b-{i3f&B0vjnBiohF0Q(Nn(x*G=yEp5LE7E!>adps_PaSiJ`4mhW#^J*
ztsJ1A2V{+0ie(R=gU{Ze9~vuT0s0I;no1zIwO#;$-*vhOo@u<!9P4JOkOvP7m_w+7
zI6?^7VFmvo9qehkG7#b-(kf5F*=cTsTvTHWL8t2&nwCn`>X5+YNrjeKQrriKJ-iEH
z=<%Sv58+xP4s*9#jgSEC^~Kj)&^Fc)&Y@Mn!nD!yM%o_KLe3%96q57-p)oz=e)k=8
z9|sS(kNu<c;f^0z3m1aPO!&s9G{XJP({0Of+PAG|kbFoWIv1%5t>aA|c9>kmc&FRh
zgdCii`95$*A8eUzda$xK*b+cFk(rfnKR7c3uV>0ARnQG)zGrr;koi8WIk_JtI;lIv
z1>tITikJrqMN1kazEDT4b{l&`mO=u=@<9hAaS#$o2L9dSU&w<imSG+|kOS-=Wq@7p
zCv+vYNCv@WHvh_yW8t-IDoY26Wjs!spBYNal0j%3@no32)zBh{EmO3Qp6_>?SWb}!
zTlPJ*L3gcHw>$GH4y<q=!Y3#y5a2tTvkFOA22W-PSW9F?qb+aRfQDh$2q&?t6p6M-
z&jI%>H*}4<n`;@u8oNYK8fclz!Y2_fg9lPM3g(Y%<md^0_%T;dgo<&;Pd@5AY-`;S
z6zmUeZ5R;$eO`*UZT4lV-q<5Hj5OW+De0!foR?;BWyf4yc2rpnOS3Zq7ofn1BydW7
zm1oz;T!&QB3ozB9qd`e|UfLWN2{l4BrG5Ea4}6B^Xj1QD2I(b42u@j=0`naQE{6ug
zQI(Xpfn-c-VOX=)X!hBQ!lYJ$HYegxN3Dj3Cp6o%(bo~kh}Oc*bW-sBh6~7C9MHDV
zGD!4}UJ<~Y51cTWYHs!hEhtfrwXj`lwl{k#A@+=s$#@5BqP<<-Gsh;!Q5%f3>ZSFT
zMoN#mS>iqu+B6W$j>3|TBY~lDmxzDCw=*-fG3eJ8QhZ@eXX(euykHnONx|WugIXcW
zIElzWR!eO1Qod`WmNS<IXa5$`mk%sg4itDEsysqhs{`kYAzmfRR<tUqNZ$(HPI=F1
zI&`*6yq6fDI})B?P{;lViY%i(((kTWIBhuWS6(3z=fj2G`VekWXfF1~E%!%-Owq#*
z*|;>0v^LTPSxsjm!?7WRm#=A|V#!gW_2w}|a*?cDJzU!)V_jEEyW45T5KeR)M}sT5
zWC|vd4LD?vw6Z8oK=VbAGrdr$tX9uz4i}*Ej`Cxn%fXUK=pu5k63|g=kKq!^*fi@j
zwOw~{_h~@OKOwZ*9b%)$>pB#+*pTXxwpaB8F5(HEo$0|~U;_F?q+V{NZTt}PuwS9d
z<KPk9dSE*)xYVizOeLqnxB5)x16X|~lL3s+c)vN3nL66&xg6B2oq^kR1fT%yq=`Zj
zkREUW*s|P6(UbP4MDe(!&9W>{3JQ?GNk4o7f?W=92~}w$wR_iY-;+~v60ZvJ#m>a8
zC@QWbO4{!fHDo_9)2%g*V7HHqxmc)r$jk=Jw-8l;+Zpb`LhaDzSCd6_6ECbJFaooM
zN$eRTIjdE8l;_OH0a?J5Gt)R$%c?1quH1O3F99#czQ5K^Nc91&fI?PDl%)gbAj0y^
zD6kvVp#)B5KZy_09Dq&C6vxrpj#r@unK$6D@W7Y7+!z>h0NohT!)|OAyShSdWj1mR
z{BJ05Ih2_?gan<E`j-QF-R10XO_eDe!9yu4-GNnU=)y?V${`9`3Z$en(6+?s6ojm6
zFrF=yz**3NAXXIAp7-T|R&Js>R>gK-rRHU!1nyT$)=8-hvRdZhwubpyKPwcU2l}!X
zp(rRRI)DRpHCpSfhE7ZfI}8ySDynp9qs|hWDr?)=U`-c#u#0wXAoLLDn-HQ>O2RXc
z&MAnoNnDU&NNEB|2ueGdk+k)nuK{F-g?t1ZMkv(eZTjFVqeD?bSg?gk0~?%)Ln&Es
zx!05U3&eMX6^0V(q^J2n49SZ7%pT?kCCm#a9<Bu*J_d`6u}V~TRdd%!2j>+yZ*zqT
zg`j7^6MVSw;z+WQPvH)W9h0WxjuV}%ww!L00Jiky@pRf;h|G5?&Pqc=RpBt*;=ppM
zGGGptFE=g#+y6BjCAHWF-0{pZ7_k%3j$A|5$+wU3nXGq#Dp{_U<=iHk?Q)$L4`K6Y
zn=S#oBnpS145zbXu=y!@r`ww(gZ|Lj02xBP9f<b?hlsCs0F_0!S&zsl6uc0w0b3v{
z(=aK3cvq+dXV^MuLw0c4c%n}`J!xzNk-5sJvc7qCG?0N9`_V2)8N=p+KENbIrWAB^
z(C#)z@JESa>1-O4EkNBqLV$u_I^@GGQTUv3nBWCP0aO?W0motk3S1qfEP@kAr*w+#
zpsxE7#o3GRwvL$MT#TRt$DDM*6NL-J18liy1(Q4(*h;I*V0NM9M(Cu}AKL&8CCW;>
z%NkUKP@+NV+`o7l$w4R)dq7JYxzb9Yc8ch9WVP<x*th}7g+ow=(DufvRn9?h9>E5%
zsGso`4s5UP3YQv}aq{Ir@mMcG=(beqd^$L)k`do7-gBA^)J|tzMD^uGY@fmxLba4<
zF2?vw%@kasRWHw%kJM`~_F+q)L#yzGTt<Pgb%z$i!HDo6IcF&p84e^A?t&|gz9C(#
zpH|ViFYVI{OXp;*!*H31OT=zy(POBTpB%5P*0NfdQu%Ole6!Yp7TwP|2}`+df+OA;
zOwn{VS$ZuIDXGOxeb~c^J=~=@vgPi&fP8m*zH2yQsIM*p&{43{u!As-o>}SvgPzGD
zH=AOSt(8+e(@i*El*5t_H(~fqiVY7S3y2tyK_y8k>iA<>6qp)dsgWt?PBDr)Z<}EI
zra6;-l$7=BllbvNa4LM`vrk+36G-I_AfWviwi^o$T4K2%QP&Q;X3+Ir!`%_$;Iy$l
zMZdnf<0?SkUW^F(rd=Z{4Q#qQ!%jDpAYllg9aIUK8NN)Mb`z_Bz+%u^7jT@anNE!o
z(Cz^P-5<<SaM<n|s3!~#$wE74S3^L5Cs)>B7!~4j!DOP_>#lW|Ljn(gBuxI1Z0)3<
z<&YqHnU2U09w@^0j}~FmTn={~l06CzfP5HipROQ9X-YsY*%54sLRmJQhxswAb~n3g
zOQDPTaB{p=3$alknNczH4W-H=$i|ti^{f;Mh+k8^6lLWziNbPIj8QH0BUueCfeD)j
zt54Xvd9eCSW&#+Wi>=P)(Ex!Ro6m$#$9UNS5Vsv*#(KH~ULm9F4SjgJ9HvO&VE8qp
z!Xyy}re02;feRsQq2lYHofEFvfRH^1O^CuSC<TWD#;USs2)SpvP3T10$sD=6g>*w^
zi_n(%1lz?+`HuC@cVX&9`TX$^_F6dJfN)!9_>EC&aG7%*Xr^G+AqDzTUQGKqv_%)#
z;$_HcG2i^sNNIa3BMWo5;<9;|A%LOGIHzgYvDyv12Uv3CbTKRjVfJAd=c!#8JxA>J
zxjC3{ab<9<vPc`3hOKtvB+l2UoEweA@rh|E3+K#r*ypLC#;gP~JnC%7o>M`r@o*fj
zG;nXF)c_;&Kn+9pVZn_^K8d4$NX_XSUzSY=7$f6A$}ETJ;HYYrW;^6<nOHPK5-8WH
zz&_3+*d8FE527}Xr2r;L2w?lbDSG{cjt=-6hbL^XK#6gF;=gInPDT~JTgfq;SgCL>
z2+5_7lkSjS!ePb_=vcNfPnwEsZg~-D(bO6I;6$B%a3Hvr(T5DUlNU6|?dUBQDPmA-
z(hs^uKW-)jqhJC82lRt=o__rL%K9BT8YjLa{MM^m2<+$8;bE`ch2Z5O1wb;6>t8UD
z_9^n=q*{a6Mpo25NfDAPww7QT9+Kq4$rMf&GnF78hID`<w@^SXm{eD4>o`aZZODa_
zIS>ryUZxY3!8qZuVW&yz_fQ@sEkbcV6Q#-plkq-`d37-b07@9b;1p?+aiAbde1@oG
z5|;?@>bNeu1eD<Ds>vs;9x+7-bmrc2j#w<Dr4?Q7^+YE};YYoxGZX;H%w|I;aKZdl
z$fZ^jUXv(cK4xOum^PS4JKZMRjE?j~PeWPlHlr4m!3v4;nb56z+^r~>%&&AY`Vp)I
z!~};UIk3HP7|!bgZL7*+IMXb)BjuUm7~xb{4sZu}8muVG7NJ1|d!T(0{`mUs1eExx
zBKc&twgi(e4Jtyw9?`{>C{+oFgnLhd`kSPk;~^?h-}uaiYp^xw;9uUr(cYB;ekdnu
zYbt0%cE3w3*lu%8@ayk7Oo}L64|dVMut})jT69M0%P&HzBy1Sk-ugtz_=*Z~U=6YY
zZe8OathQ@@iv^tmI)b$VTNc=AILQ}FDVnfB!ncMO!GNela0pPw-f68VECo{xEUpC%
z_x&Glv}>VTaR|eVJ6!k+35t+puDPNT#G$0xYBY3oKAe#4ILI>8Pym4Isb~&BQ8%|-
z9rRNbf$Kbebkt`u6Ts?|NV7R?`y9Do@+j<7Ab`UQL^mWV1tt@%MyrrC0*VB{$INtU
z=7=DC@)!0zOK?`YdJHp?F2C7LJ%0to4yFW6*}`ZuP)4=7iTzvKOCDTrr)}2SbOe2Q
ztKAm4i|j;G1j%u*r`QbFh1%)}XB;6Z8RNCq3PBqpQHW#~3|+Bd)7dPbf&!9waAVFi
z+I#~X5l{^HSf~}?cL4x6lbGTU$p>x*)m#j7QjR^@ic+(pgl@#y40YIF_ED<uL=^yX
zkAv&!c8lSowvWM@-NEgDTC#CX4|bf`nfPpFaX@vI&9QP?3=I@DhJy*ucKb;`BG!b{
z-Q=<w2HK{C`jZ7TO#>vn1nig^{o^}-DtxQYWHx}+CmZvIm}Dk=<CE^agv*KSrk-{M
z<f>kF__7)DKJ0CTS7ik_8&DmmtPs}wHU26d<_$?-xaui})jSZ+0|eJnTiFVOe3!2n
zc3~HcEfLA}s~#2GfD_mZlb_18LDL#`1t~1n3YpI;k*%(~YTEeg&;<jTdAz5|HrEO;
zFf}^njT17!cjtHtpFAz}Wit((iGV>-oWV7e?=X$#QJ4n>ND>Eah|S3j>vTP$fe$tj
zBwY?}8e#HC*d1@Wd%;0ZKqiDYeq%e=p&M$x8EY87D(yK-=}X1L1ZE>JLD-bh<0F}X
zs1uM8hmvZD!RIw3T(m;g`K;C+K(jJmTWMn#;v=?$7X<D&TVCFdW3e>{Jtmj8R%@%n
zP*)748(bj{noMk+nsA(<fMu}c=<ph{tO;2Q0C4@)eu$4l@T`JcX)OqjO_in;h%^xO
zJ2l#7d4!e0aGz}*>^4eQ0!ohK5E`PWFDoC$99gMd6Q#%ll8Jt8Wi1qu3nmjOc7<&f
zp9?1wc=ls88?LG(1qhC7yVs}`xgZ34NI5N)AOKcExyj{lP^iMWAS$W#yV**VB!Jo~
zC&s+LHe6K@52!03c9M-yeG~v@ak5ieOOAFiq+tL`p{TBN4dlpN;&N#6nDjb`RKCbu
z5WO5WYNxT@`4mM6iIgEe3c$oJ#OUwjF#)bVllcHvpBRhH+6w&EgjNXPSPPDKdV>|e
zd|N{WT5WJRi~Yux7{$^^j%b6x5RVJW__w#(q?N*}!MqBLV&*Ak-u?R3!CtpMPH_TL
zAh^vZMO1Lng~KogK;$|`5h8Ipb(OsXLdSZrxG773{0x@5lEYMrgrY!lqSJyEX(O3#
zq_{Q$cVa%>_A$^RVM(twLs}0w2dyb7dRd7p*RNq%d%OjS7ls7BF<2JhWF3SOKml^Y
zD;<HV{V+ZEXz=0_Ic8EjQWnjzC*`d!)+|0ljZ(0xxznUHf>f|$u%vDPNZ9M>De{Il
zbdM~W;sp&250zq}tDRm+j^T_VKudwi>}IRB3NnV~9)7ZiX)e>Y(WEVgR}8Y!=6_JR
z0+sE2ah#d<+nd-Mz|7uVVM<yZc%EQauA%iLVUyCCQVJe5Ovs)G#O^lyRG?=%DW5$h
zkmn+7Fb=t6eH-O+MSHiZE(u2xIU_rpu>|g#98|&VA7Z-W%8R10Prz+LVl+P9wgFo-
z$ZorExe2#MTu!A8g83RtyQ+=FL_IiOvwg^`o&{XgI7p1BrOBl<F2&noxU+;^=r*u-
zpfCRfqv7j;^cW*xur<W5YA<&K9-bL4V+#FUzlML-Ai=AVE(5}T7@|Q)<bt&}YFlmM
zl1CG4mui%Ddv!WaHKD2Z$C~H~4F50*X)gpMv-7otKI9@geY>l91f`>a34C<uAIRkN
z1BE{QkjksdM7XTjL<1M?Q1-GXNlwvH0GuM9!;B}^G)c1pqVY0pDF)r;Wxqq|!aEAi
zu?gg{J0HH)XEGVU_zb%b)_Y;=mC)4;x_j$UV?&v<L+Ijca*d*)0f5&^GTS8`0RNJw
zNB$tRVdHLrE%(b;6d5ElI9j-D#ttR~hzF+IWVuduSQsykS|Lw2RGYu@x!h_FNg9Uh
z9fGrCsvL|O!jS`PE8G0Vn<e`-Tz0?Y6%j+qA!s><Y>jNMQ7{aC0j%E~s)sb9I$T0^
zoJo2KM3HY$qEIvzAAX4ZEhzW^$aG90!tyhsIDS*aGM^CiC0g+To_yS?YN)Ij!yRQG
z7f?D3(;#QqpfukNQdRs}C|YOIwyB{)agHmo+vaP$7QR;N*^e8(#*Khqz~aVchfxN0
z`Sx2TIl(N1nUDPx&M%1+H1`~eMWSaJDq);g-<P$C!iYQL(_QufTR-Q4JN6jr0hlvs
zpS^y15L*RU5N(yy2I*pKSQhs^ta7n1Kg6>*W+lz*42DdA8s-oX9#FFVR4*#Ij$6;&
zE|$G`ON4u;#YIIS>*9y3<XkM(6N0<lYauSuJ{{tU4XOBxug*<SK_yEb!?BR??+quN
zARf^*(@CdH7$0CATf#LdFVRC8H~|d>Or`*oQMV!Cch(^W?+6sP?D2|*dxOCrfr_<}
zCEbFm)*HxPNlQBcu&hpZ*69sh3-Y2N?)XD{<OxQ&C3D8ZrEv~=V-V&HJ<dZ(Q23$s
zmK<Y>RxxD}MOC8Bz&3t;(hm|dg%Lk}+^D{4=K(jqxVrV^VhbwiL^`lh!dXefZtsqj
zz`1jh(ymz%Xan*n`8qmyAkHlC{i6}w&It0i#*P=Tii$(#x^=diSpT9o4xd!!oV<xX
z3H_)d-zFqo?5s}oVCtc&w_-$sDM}_kshUL|bfbpYHt9GEE8|j$5=}*vc7$qa4DLd3
zlxaZ`#A9vP1B1Y!ma?x(po~Q(pM)&Wwo4S`E}Q8*bn%315mtU@pEb$tIS)mXnVjuO
zzHr}J;<MIg0~|&0E&lUCNn~|S+*>>YXzGAt6<}LdKqvyBd53E)4=DhW333$@CCLMl
zN7bOr)JY0}q>7DfoTdnIKKJ-?6s$)=qpTEGgu4uUA*CckfQPL!>~TW5RlIT2s<oja
z39xb4{k9@VvN-Io;>aZeYS=l@3h{TRrkQppNJntEIP9yL02ae?`Hke(p1ZihNT?cV
z)Hbt;6vu9%<H;!~q?c;f)%r;lhm9(x5aE{}$kIH~=@KdBC`7PXFbq4(V>_+3#B~TG
zq~f3*6@O!Uv`8=t1i$ERi)x`FdkB#I6>%oFmEvzng}F$(SSnL1AQ*7YLpYzNeJ%ka
z`?;1RSQ~*{%w<?c+k-*Ju(JyH>K%qspZJ3>s`Hn0ja>^cWQqT+MX_`n{7?kpfR(D4
z-8JT0zzWvQAmk|tZh_z>av8%NE3t~3DcXp#W=0r_g$IpI47ZgO%fW`B#hPR<b6OSi
z6mFgMtd7|Wp2e5}Qw;6%=&X@TXHXG>dqO-N$ei7hQ~?ltl-L9zz31W$%I%-SBNK!v
z7}3JPBrK8+Q(WI2A!abSYz*OAhoR>{bDmPT?zs+^<C*z<t-ZF1qsuU-14NoY7YL{e
zp-to@lQ&CH0jG-;W%0)yRbi65Dmh>oEF^&od{q%lZ`}jz23}R=(=F+IT8ySshOo-R
zv@3)7Mo)mS2`q?EDBi28ILj>M6Fe-oU_0kSbo>Q_kN}Xdu6f8u*UWod?=gtPiEJne
z&{bu!Sn^RE0CMoabjXaxu<_F|1xLm*uoRd}O2s-*r?mvvv(|Ak5aPcftI~H~Q3)!m
zuhNMI=#LY?99)pY-ZU0VvsGDNc~Psg-d$CNYGtNG3N^XS6|OyD0<aS}*T~H^C}Wyn
z=$M3qZg&QU0)7N6OHkfI{3OS;;r6*ga2d%4^Bn}Av=QNEHZ9H;245)j+HN3#xhQBu
zLPpp?4%2B`fytWY1m7k0Q={Elswd?8MJaDMNWIE3@<U=R_<H<V+`Ev5f};fcI0VIQ
zqE+M*hzBU)8pWTmzUG*oh^6{A(d>d-GC=GsEqP_q#%vqmZ{}gR`IT3j9;+iXh~XJa
zSAMudL+=q<U=C&(Fh_&Jv9$7re0(t7vFx2=CMh>j7=EnxKevg$lHc*NHa`U)Idd?>
zh%X!k2<?2@9OUc2{AK+HLOX{W)vg09pJ0UfmbL3DEKEl{2&9?WNT2{R*ZPRFPEt8`
zb18O$C~!H{CT6#v*k*>NaOw!0r)!&-sf*rFr+L9+Qp@VCR+T|QH~!g|E8*)qP2xzL
zn}VV{Nm*Peuq>f1Qf4~NoZKWKy|te)uw%U(YHWBWNgLx?082I!46(fn5teFYQ0%me
zM@7TJWktD>ohzy3&9AUh;82i;)fJFOZiopu4D)b4e8LvRPfzt})rTR9wTTdUGrW>x
zPIvnazGFJKd?kI_ZbHIpv>>twK!x#n*hS%PeXH9bzeCnP5x7l`5_gU8y{mKC8&X4}
z^I*7IKSI|b4Nje;ox%-?)!U{=kUS<iS;<n&aM-rNl*c2`ZPD156HYhWEp#7kcXs($
zw=~<^XjGbzQ%1ANaup9-hE-4>tE>k&kN;B&M5iDWhW?B0r|Kvi+z3csIQFgMd3OXS
z7b26e0GDi%dnkL(Q6`Z<G+`eZyf(n+vJD7E(O7Y!;aeQR+*Lx9QdLPo9k!hOV9ff6
zqHGl6q;}TC!zVHKpkxSb1WYsFPPE}9S*K=o2D4bBJwPU(x(Ft5evVBHS5T4!Z3x2v
z$DC~Hfgg#(q2}@+Iot*B3P24bu7RjL23pzFM$blJ{XzS%jKgDvg`9(st)|S0PK&%F
z(Wx9NwxweNO)H?Zo=gv??YX>aK8)h{s9u4J5Ez3&(j`4!=(hsdYVAHP41$D9#=u1_
z4VO=3D6)^6EHEO#S1Tin0DNFwS%WjWGU~-+3=pOpcv*o2+J?1~#4qeD1p|3UJ;eB&
zh=jFk7jEPG2?JF>x)y~whzW_Jhs&6HG@!AGrG0vZqj)m`kpeeM1D(u=Z}pkX2C(|1
zUc-w99Y6c|#)2Igfp>E-w5<q)n4uHKA-Z@s&hfBH%j{R^&LW+k#z4AOP6wS0my5J9
zEXvHFG2C6WmcGL_h;I3jjH5stWF@Rws|U>B{X-me`*1FZ#|3I|CazNyA;}3cO4Mlz
zfaEAVGvfZ0PE-PNtbe=>`zzd&Q|+=`za%1=0v5YHm9zjz7HG!#F4~Y_9G534Qi9fH
zI3II*7<5k9J``Xvz!eY!dGU!sFyDdmAr{+ggm44C$;6jpLsRGMT|GDu_N`AQH~ZL}
zDo6pqB~62jR3a)V2jXO`lnkX)vK$BoiokG4k_!gIHI>F2vjK*cibdpB=Dah8uJARl
zP;xGatB{*8e+lvVZ~~?ZK?qm%kTXiTZ3Ij-p;T67N*E%29o}ivx?#rZq%paRu!t!~
zubVru)A?TTP$3?7lXrUVB$77je4V3i_F!7>fsxf_vnxN~CVS{f(@Tl1m<B!k7qC*r
z0IP5=h{t(+QhdgHz$-#rG9SLxXL3A%)n_sp!1%nrChwtkUkba)OIKhdvuACXwfBHq
z?jg7B{LjeQma&AjySrwKskggB*!eHjxh(rJAiy4eaOJGaEVc_YNVYEcfhFl#m!sR3
zSy!Qi7>paWjSi&SC<`Z8OKuoQ{fhf^xOKi{Iyi4zGW8`-|9Jlrx)=6^Z2cuR(uw}C
zbxr5sfpYl%QGt&j@4meh3d{obnVrp=2h8Qd@Nv-6(NTzQdclG;S?I0+Eh^b|aI&t%
zo!rx*z5*bDX+(&Q0x(zY!$Cxdl`ziT0mTV8{w2#FyO@!+$>Mb|-s+O&=i+s=mKpK8
zA5Q)J!63&g&8i%s@l|)ceq?{$)psuFFqL=?VxDXr#THaf0?$`@;rNeB<fR?-WCN_B
zmKIopm1aFemB(070q#$M$tn0lYQVN<@f7Fc8%3UeaC;plUNDsJhhZuKLDq(mvd?8h
zzUmepbsITB|9YyQra+v4L9!~~sxv(W=hHj)P7L$JemPx9!BLa1w*Y|e>pl#CRgwaL
z?B8{QT#&9*uC9eDazWhM?10yW_<R_*hVV4ON=T3oCo^de%5UF?T#zpA_hI|y<MUxy
z*TWyQN{|oZnl-#%L(Aif@BpiCOCSx7FD#5dCaF%Jno1TQGe4Ci{!oO3>?-rgQ@(&C
ze4g?{1cCk0%*IBNcC)s2B|ji>(t4aasUr0E2?bw-czw9Km|ME4DusNb^lE5J)h)`{
z+(5g3#0BG!bLs;x^Ac}0j|w1ue_Vd2nGE$v<<z%@TqCb=jl=~T`9v!B3E+xA@jdU-
zB7ys)1oNRk^X5^*wO%zq=EFn*j#=SFTdUcSC47c2+C?4@Ny2CNq9ijRN%)-cgK9M-
zY<;!Z<u}C2q84zhC(&+pI@LVCW<=3=tt`%tt{fr7E$_17o(w*6(#F)Bh2cjy0n$y;
z3*FO)<ym6-s^J`_4`T>=rWj#wlIp_n>I`$v5YHR0A*F=OY11rr=^a8quBErY@f(Xw
zlL0T2cKtcAILRY3Kk0V>5b%zMgp<0>6CwW$j2>_l9v~iI9m^0!jTe#!h)X_h9_r3;
zAMPuH_uI8@V_*7UY0{o%eZ)Q{`jGtxFCE=W|LuEFS@eSrT#C4ZrBM&scj>;-0}uZH
z^#27TSd_8O@WHiX6zbc4@-SSxuX@N%&7S|dcCUx|uWR=$_;m7h?Oyrn(U-{m(Ej7B
z;>6;SLm)f$jlFO55cvQ`gZ3T7$5o^9Ez}+!utb6YoTol0$WjK1s;_V%vK;c66(9>L
z9eGF2S~%I8*kt!Rm)RboukH(d71&<+>iIA9)u)p$^i^Q~Yi+)DK)QJFfRcJKdG~Gr
zA{g;w0hm>66D}m6zjt4?|7sN#he(+(nbarF;GOe0TX-(GJBpM54Zan;7wLExf-kx0
z%TRoXflr_)jJuNv%ka2oYxzBfC>ah;DcOFrwBO_1eF5(R+bdtdyTJA>_;m6GybFxJ
zu)dMg#QW_xr$^2DsL4iglWwCoO1B0Oa+_<oVV&5-#f5!)@z1D9N6pfxZ;JauQv|kG
zzR(nb?OX8a<O@v^7=1N{`$vl-449>Ke1xHv01b6MmjgMi^>7`^BTgip33CHE1CZxN
zC~MDp7f(6h#2XhjYK;@N2-^Vl?do#c!eFzBHZx(U8vM&sfJG#MaHAb69-$*_mCwyl
zK*HHF&ry{|lMcX*I{sm9#5+5jcVTlEfpCYxf))VY+-ElSnbZ5s`aYBGgTzK}$?Y@k
zeP(4J(ZN2m1gPz!S{M!-y7a)_vWU@x`w(;E{@cfA6-1gB?K7Ku&Bk7HdM`+1ZxCYS
z0Io+Gwz&>Hn!49ydtLkYnjX@(_nH;_;Qw_1*i;s-e-bhaCHDe*lhFiu9F<$X!6@@E
zH@!=M`$uCS=Ewki8E+NL({|dIKyZFLtN`XIHOkY<>^$17fSBw_VFi~V@#@JgIMBpx
zsfufDW#45Zdq?(Gc9M-|_K-b$)D{!!BeJb%E$?Z!*VisZPw5rP%F@!I%W4PG`k}^U
zhxWn5<>0||baeE=myM?Ny`z`yJv6%a!1B`Q{&ZKae(aX<T*)ps;m8T_P8V?B=G9NV
z`JHeq4MX6hH(Vl<mu$iqv%@s*Va%uSHH|-W5`Ww)a$(KeH{P8+tpK*WI?D15{OvIN
z?`h1;4rBiQW=2hxJZJq)qzzNaa??wYE5IzrU5V1+4i8=p>Yj$g2%r2HMscDvvC5G*
z$8qY3fLBNDvJ84AP93RVek9*2Ogs9oc5~|OlkRQI`)_H?URUY}FODCP5HGG@SE2pp
zjuJx3L+14oLdrwt$tZ~@{}HG<z#ZxJ46_NKx!@MY4Jk+-E0p;rs^_G<^8UVr>`vlK
zI(UUymdq|M#@Xggcnfk^2d^+6mmnmW{pRr!qO?_0m-a$1+HanrLZjxVBq@tP_f>I+
z%o|nQW#(HdG-}3G%FE0zO4}3OD!pF^uP`t0L3%Xo-$OaoQS&7g+HVp!ZX*z3_M7*r
zxXaALRNQ6e6)NtKxu=RdWR6OG%rQJWeu_#oYF;ZL-u8~0f0hpQXzBc%3hg&9mb8$-
zM$Nla+-0Vx;`W<a6}rs4Or<<zo+Qn}&A^V4iG!|!i0Tr@P4>&h10yi041Y^1;AStF
zPetLX`EnFqH2)ffPng?FiJbqWxn~r<()^!@n%yIe1L+5g5Vw;eSp->7ar-eS##{l&
z4)c)v8S_xk@G}v*zRl%@$Q7mGN3_kokUat~U`GlTW9HC;C?c4P9>`axEK*;TuO?Wf
z`g_Db4}3&Lhct#bP86q1*fMj=d`@a@e2Mw*@{P0mbV_JC`9AsVsMVPNxGf=d{Q<`O
z^#hGr{!xIsD2*i~IolU2=#yxP6`dUKID*uYh*n)|3%miSO(t>n)$<qqqzOmtWYXbp
zGJktFV!V|BPSNQ7q+KKQ;D<37Zz+eoCXIL8YvHflsWUA?@yRQJyteWjEIs)HeYPWc
zTO|}2+$t|g-(1%=@2pGrMxpNh^4;zl%CK59Z9x1&j{tj&=id;yE0}G*P3rmSNgznN
zs`YH2ze|AI+i*Yq69Ez=;|}^D`Ej&e-Rul%8@w{w;ou=MSKhza2wq}L_kxhW)PC{X
z7>j)S3pSze@Vy5rVUh9#(%DzI?k)47l2Mt4CxQ+0NYH6aH9~f`i>Sj7g|#U8#zn;@
zk?B8Po-)q_MVF8jo2r<PqqF(GOpD}Z-h>H}kClg9_D03}_P|`tyhi$-8~9DktI!gk
zWeOG`=FKGyQI;pCFhLnF4x84Lt76G?%gjZM@l%Hy^XZF=eLxS*N2HM@<MVV7c1c64
zR?cWkTZGE|tTXfAsoYG7!ij_<z%SB76|l1t@&-iry>))rIfWJKzECm>t|_0A`AQ~j
zL}gp%oj+dMcCkCTQ+YI9elSlLlt^i{eU*3!$11ha0tg*0Tp-ypFSt{fMr4!$YZO?e
zn>Uuz0Q01$moNrekeVfM$Fs~`?^fDf7*U$<LlDhl{6zF}(vgUH29yi;e9e7}CD;k~
zS+JfG3IR>q_&bzLNV+zhnRn4V&e4H4xPCX}1EwDtfr!q>DukwrWTwEDdH=0)Bp142
zQpKQK8S4bhIuIr$pt&F<v6rKBFPYtcA%x}W>Yp|JQq{6<iP8EonHHsO-!eZXtj!g9
zV~Fb&<?9lAIQXj6BfYfi?&mye1<o}0vn9hJuan#dD^AHE<Ft$49{Y4TDHFv`m*?cm
z6n7>8z%TQj3o1`E5A~RorUnl4XO%E~I5;-HD+A?A3@qn%yNaY{ZJ-}eGBu{z(Pmn*
zxUp~08KE;beAiEz@48R1dgk@dzcBP6xJ&qQ$%=de;*>ccY{{<Ne<cGc$l-CkxSS$9
zhkb)ya@Xlv0zYcYkBOjs^A`~Jc9>IDW3C4Md<P-(NvW3znl_jtfb#5=cOUO203mtE
z8(GE0ZW-EC+S!b5SY^l)n5FOB<yWr1ku(minU7hQ!ci!>`3cW7(r%l}<rwpWC>TAu
zXD*aNpa!<7KjR^Va(_b#lJ11YJOW5@>51xI?o--AUyHDd<{zS0bGv*^996Zr{GycL
zaC@<Yw@1}AQl3K<ic`qG8Ctm0zQGxxKzKRIH}}9~*<s#&0%HqmzAZxL^~lD!bh<IK
z6Hq&7u4T`c6iSo+326%6y#j@PK#~;iAS_6~ayI!F3f$w`-I}m;vSl9P69kNawSaUG
z9;=W$?wu|AzNB&u{p_lc6X3B5y)hI=Y?%}2E!XdEH+@-}FO9NXf%FsHbq2#@3g0*X
zWr5NGgE=7RaoBmAbUmCa+)I)GVJ;QTS=#`A>1YU1$%5oE)13w4yeS+J44_^&d(IUB
z@0Ow*=}5l?*+1%=%rRA_QHzvUN(cQ($@>K%gpZd?0G*}qBc&wY_ow;-xNP2J$i<Zr
zX_vj!GA$i7za}H*?x6iLiskGr*xlg?X?Pa`y_o0v+Bp*WZKEF?!(}LEq;Z^D_Y&<e
zw*mflm}flJnD5@sn4iaxna2Xe6d}CUEm!6lXdk+ZTQJat#s~1fEc{v6<_kTbkb^qG
zZ)2ISN=<$p3ryOyrG&h*oDGR^;|hTv>{lAglF(R%fAZih^DuO>v_a;bs#N0pPnU3M
za@+m|Aml6_|GHzLo7_6{CJ&DVZu4D<kWMMI+(Y7ohtN>b>1sh7AFFV-g6PifZoEJl
zirzAZeA#x@eNEYbGtZPO=9l;!ZZPzY_f<Yp`XQ9`@v?&HWSB0zKVC2|xh%HcBc<h#
z6{b^;2+XV$<l1%~G4(*uQC^_8Q%fY{52Erj(*|*K^L>bY1qxGl_zO$M4WahK9%ZQF
zP}r!Jj1}>MIs8E()->jO`1%Hcycj0)`V@e^z3dc<9Pp9DDDy}}*_Fhu_6VBaMGJPA
zl@(*&1~xQ?Kl7`?rd%sX)m2fK(oob0l{Z$IAM^{vOO|=8Q8{>EtYXdkDsg)(a10_9
zE`Q|W7&cZ3ccpXXZ<!0E6Vl;FY5?uFPs5)s7zAI)ge($Q4$fUi%UzlUSd3vgEl*?H
zM-y%T=$3hnEEpDGE)y)tG~Y6J5Jrx-?K<@ld9AfCIZJS8CXfeL-zYu339xHqemG#I
zD-TpI2RGh)NID$%%$ZWYNn)j4=!SdDsesF8`Lxt27yw)<01Q3x*j>Jpab1iW)05P=
zXdS&r{1)l4qoA8+MCdq1$k}RH-skJp`2R71#(m%^@tpEFi|9xD{<(g@EW2zXY?=2+
zN|*2qIB!T&8K3`N)9WSDJVy~v%+u%5bYPAP=3|Uns(6{8bhn!+blk?{l%tX-O2X^I
z?yIDL+;nghk67~`VCFl_J=(_H8ecyIQ!@{i;&(5R=eR%gK}+gh@gaQV=g=t_`NfZQ
zyej1KFX?_=V6NQ@6=buVWUMkvyyW14E%Q3G!Oh|Ljo~TD&dsVz2$CuTo+SX3PE&B;
z%h9j-ZlQx^7KvWf2^-Oo@CNaUFT}N(RQSaBRGC}mC4qlgy`}HhmU+C712DW&{7?Y{
zY8kG1h13NQ878zWYRsFYV|EnD^}rJ-YG)6vpsw$#?CcQsE~#J-Nq^n`u867HM)fti
zPgB5Fyk++K#)!oJ1dh6%8jNHkoW<`dUm<OFgX1M{qzu@lWf_2}_&MuEDHc%yVegR=
zdFq@k5<Vt4<?(WeJ|-2&m~M-h@B2#g9ekFQL47a2&3Olz=)$bF%x9!2uGZ7!n@}i8
zM#A`fC{}KR-(A<``tV_kIt=#Q@-l8En_XzC#ihN_$v%4i)VH5ksf$8EH)x>0B~7Q!
zGHJS2e8`tC6WP2;>L|s_-KBpH30r2_(E!YW5BWa1d%;|bA<k-hHVePMxP(B`<wa5u
zVgyf50SrO8DZg8{+7FTW4G-2dL90LV0-w&s#09=qernw|<tvgGNi`l`B6yJDE@y2|
zmh6gqm|qj1<UL(R7|)YbLbGLj=v9Jymk6!2JY>rpl>C4NT%eEUG5FhIF1Xg1U&PmQ
z2}FIjEEok5FNGeFpI_Qj!;P(09nNn085}LbkHd7w4@q7IqLO|JL$bsCHVQw9uUp~I
zJPiME;XILP!!5>Q(?XQyM<k7`G5Z7%X8+_0t^(}DpHngJ8mnN5g^TH(I4udVIe5O_
zNzQo!2tvvr0&SU}l=5ANrzNab&VtW~KSys0oq$`3CJu&3Sz3sTtl{n-SHT?Zy!Ht#
zFz>+M4s*B6nCIhboj@1h&$q1PE<Vpf8VMR270>rm?K`i$h?XRASIL>Jmqfz~FdNtj
zUlNO(@-_iAl6Gf1%<ItZ<M<+E7B_5<1ds{IjTt4{jlUh{yU16=7m+sSBZpD6%uIwQ
zhbij!?m(#*2EfdIV_u03t9iyADD%Yu7ZX2j7~rzKc`AlWBHU$9c(bN6z!&cgF}5je
z<M2fsN=OFh`A8mz_}U$5kDb59j(hRU+FpW#28k^5M|%-EDe-J<jnRb3+FfoFz{>CO
zTYe;fkqdVjChim<xT#2|ndZ*74=`6J9sFF0hDuc#zY9N}ubgDnLuMAb3ZGE9-T3Xh
z1~@Kg)Q7O!P051>%<`zSI6-{h-9wU$vf>{4rg;#KkflKKxnpjnYH$(u67^$29g?z(
zM-MDo6V7xG9Fs^KJmZ-?;DQov*715D?$T%GY5M}ybsnbzWUc~s*EhsfB~$cF@e5QN
z!~4?<X$IlV?8nKp&xLB>+Nrxny*A@y5#k2l-zG&0b4L|{fnkT{FS<A+Rwm3xz-*-q
zr%Ym9l6~Rr@*)KV*Wxt4C99Mu4sKtE2_bRrmytX^Fo}xNH|0kZeK9rSWxXHds0q|r
z10fVi9)b%o<J25eje@s_9-z<%-(QiRddO@?dH0|{GGCzMV24}sr$zUF%v}|->;$!F
zx>QjPSu+z|nw^E&OanK;hu!zb%qez4&hB5XFjT{%cmwmy{A7Wpk@-87j1lJ8*Wcbh
zG+m}WyYnZak=JG}ES==u7vEniQtd$dWW7dQrKp}}yK*RTNs+7hC(daN6kJBv+dqrL
zNr`|$&rZXR8bRk%#}48JYL>WS{Cn4Xi#*af#a>o(GWUM@E%R8VlOppyRZW<Tvs3Hv
z#*&#Q7F$PdeMS{iv72l@aIigksiN%g(Aw`*Lg(Eu9qog)wDPSY#z^Bmp@xjE^*R^z
zBWjM2emL@b^~+=iA}DrG$tgc4uUBo*9x8q_-v)XT<EWNRNtk=*C7}mQfKJ`;MAag&
zpOoK_Tvlu>qe*!jv&wv5%^bMuSk27$6ip~6NmZ%b5&4r8vuEDNxAyAhHTMc_65?kc
z?4&iBR$Ls9&k$$0ps-A{&iQ7FVbG8rZFiSy?aUlj2#boZqWHHc7VF(Zz4ymLgId{K
zhk3&@(Hj{R{PL|r^CPNt-e2YiAWKL}-2CleF+CC4>fB3BE_$rwLPem$mBqdIi3>tu
zuJv;`%%r<7M{o-gOVqQ9DeOyCY(g@Dz7(m6@Wbu~Kdq-431%dUF5>J3@73dQjwMIw
z3$R~bg&1Ql%Mau-`8T|^DoWjq`=nw^bd1t~s@pP$7nL>*yuQIQ)T0$vXjz~+d%2pH
zj-QzC-!5Rtq1*gY5hr+65FMKC47ym~ErQIe&ct?ErSJPrzE2m4+N;AQ|5~`|z&J*d
zG{Fg&Ql6lgJPS3JrTo3Zj~hw$hIw<vp;LKU@>L+_;;^|FKVMiZi7=KUGMIHq(`dM9
zHO$PnVw}${(RGw+onE4aeJ(8<)0r4fy?SRT!8Mp><l}A`z)TWEk2pR%ZLU$mC5u<)
z{vd5>ge!t(-B(oGm=ib;OBKahkj>nsTyS8ip<TwwppE}Yh0bPOxmEfFMNdxnn~KuX
zgviVb6}`qT^}nxph3gCx>Z{d!cksfL-=P+Q*thRV#d)!6*coVLl)r+_o?y@UD;iS-
z2R>bgv`qiezdOvw-hgclzCK8x7vs<Fkeu5ZY=JsmbDe-$(M)U9GX)}x79mPJ;Lw|6
z#6)R@=hATM0yl;2HtncT9Q`+gzU?qCdLs_o?+ir({>&n=esV&gyodh-=BX_L-NZnh
z1Rc2|t)k(jFhb)@WJp!wxq?;V*0V*YdAPPo-p4X?9QAQAoRv2F#P`rTu*O-i3tNS|
z9(5g60q$0bd+~ZIgG!zS72iby)Qo~dk}vsQ5W3KfF^r$B17XvV3Iv%;(o44pei+!{
zs<IVGiM|)7q@}K*)1XXF*2AWW-aI}9@6c82jK=(yuaasxWS)b0$B7GGQOz4}=A!5!
zx#PGSzhbfW=b&=V0{>xn5&6Rsq)YIBux)YdIrVFT0f&GuNENAdzV<n39eT_si*VaY
z8frS)1aD6_tm!xc<PX!C`mpCU{@yZQ1^)~qx`=VH=4UiO$gy|BoX%B2#)wYEGgiSP
zT@XU3Myld)b<q{OAvDQS#B2@J`@yItLIs(lm`O>AI~<UCdgf_TAES(2fPYG`;5B!c
z6#fX84u4&jvAL^Q&)`!2mN_X@lABF;kWmLJCAC@diG`-T{U<kPzJ{kXEWLkE4aE$U
zgpl~AL6qN-(M4NoZ4_({N<yYWMHi0}a+Pk))Hb`rfk!THG=0cMk|CrA*`26{9LH84
zUY1>oE%OFJX7HDe`-2^r6JyQe9&t07*6t71VkZ}^>=lk(B!YN>6r#PbKU#*<QC>tA
zG-^0A;UegJtTNcpVQ#}%1tW(=*ms8=eX_VB<0-B`qcF`*H_BA@mia=iDfFuR*;2<3
zg|wK0%<oFj;)}aqmG1B6{m<Kd@LcEIo_q-r?zWp!9ibLi?fEB`PY534DP$fga6g`w
zhVJM4;Umn?d6*i0oBY{+rdv;n6T*gb<o55v5@~eFMHN%$xAIVPRI0+znO(OM;^nre
zd74Tx9=&l{!E7JnCG59lra~Rnva|g6CAa1NGlGgj?|woO;+Qm`<Mtl<Uq4MQ5{4)4
zu1KEv0r0lNJoSCXT#o3w;?I1Mu)yoKT~p?IeumP^zdis2*)z~B^J2*&#|ZE801S>5
zvkE56r%;#m41|)LMthdHC)KT83jK;NEM-aKHz{L@Vp}QBe?hVU?X(pSRutVm%k0}|
z8iZvQC0S@C!C@@B)A=ldh(i!Q@x^KHSY<jpjMEUYnxzHaTV;<`7SVLFwB<_Zr2ulW
zj-xlCeD0M;MqCV%ErQb`E0Yd=k5wpdp)j1^$5oO5Myc$YU){_QfY&-}2<*{o75;g9
z2BLoIooX-zxA?*=HyG!TgfHp}#hAbG2xB<WgPkWA6LBe`X_XcGa7pBfg>WzcHm5p+
z{-$}T6zw8?1l?7&jd646EC}+?wjmLJ_VHmE5_Q(kCs>LXM^qpbuw~x7P1)jO`H!UN
zKvZX0vbV#^Vcj3~3f|cD)~I09rjC$FMq7F~mLY@7C|AcS;V=(&6M|k_j7K}&!?$Rs
zLsX&yA9YZA=-Pwgm^!|_4QAZrrnA421EOQTqJS_e4upJOXW^;P>i@)PIN@t`)VuAZ
zE12b$&LI{%X`(sYhbj18Uy~!Bs%Z;q3q$ycZHCG+ir<lZVMKVEV@NDR-Qoj4TMuFs
z=OyDR9DS4Xv1_Rgrkv_(s|V^aZ}v?TWNc5De<o>tZ$2rlvdh4ueDP?3pV-i9xJm()
zDfui9q?U}g+Xx%;(OtCmec}Vy$m8p+_%l~S%5ay-N0PbbN^Q-2<3a_RK3q)}v7+EP
z-vpD|o?E>Oi@eVS_nziQAVqq>Bo*=@h}#|lA02SW&@z9cfwOqzYfwv(`<u5_X(wyL
zI-H@_I>~q&-a+wUZVws6mvt;%>f>U~IJzw`@-K|t>tKak_AXJ5&!T4%n@pM~>w1s3
zYF+a#XoV%gVhdiOk?DER2MH`ZLw|3Kia?VYLzfhM@VNPi4$hhnLfG=L?qP=8firp7
zyt(uu6|9m&cf2i<ET(-tz>B@|M^v=(z5ZfdNY&h14}f<~{U=d3H)|be=FG1{-jV97
zn`=ur(D=H>=jAInI4}>4vZi<=sn%*>*v;2;#iz`-aF8ga5!#*i=ikz(TdB2Hv*BvX
z)HIT7Ypu5Vq8hdNm2L_bJ~UkK1|>?V^vppO-obkVb45f|)}{C}R0-mq_E&MHA=#mb
z<;>V=!-eyFZKYjXZ<*_$n3NR$rJHA}zRa$6&GYr(IS0uv)lE2zrv>3A$^6p&LTS#q
z_;JVuW=nO0ydxfk%5T;D#u-}IhZAh{{}OBrq<P5<)C3*#72RTS&iyZX*pJl)*w~sM
zLfa{MXEqyDTsI!fewRF?!<i`#=$h@#-b!XZ6_t*o8k}XmR8RZhkNsg$+pM?I|9C*C
z6Gl2<3xgJvWp~hcc~rO6;diY2pt#rGKV&F>YGVgZgQOdWQ#|7c$E*F8S;t|3fREQQ
zI5S;?>+nvaWgY-srNm(R;4Ro8UsV@act7!*ie%=qS{vfICyaq+JrmttcdZMd@7>X;
z!xv<hjIR#+L-PZT40!o&VJAl%>|Qu+l!~uJBRkDx5=b}qxH!PEZlUJ*F`P$5B-icN
zz{lWz9P<0VogpXuIthxOQb45gUjGV>tP~bYEqEs11PLCG2?A=e<nq>PZFSf(_f^QD
z35|t~n6DYr>%#0XTN#?iYqpV}XO5CD)%<X#Z5|$l*R;!&kz}T8zNZ<7dmwE?O&ITR
z_itm;?+iQLuK5|oEZIM3axC4z>jH3*WgZ{ZJTTWr;i0)eBMXjzL0e|-Og*%m<iYWX
zHF?6lRny{?wN8DdYaR$;RY+p8&OT^-aM?UnwLE$W>1T8^kJruXqHt=C>teg+2^xR3
zwc(n1oKBFLFROWVba)MD6J$x6YiUdZ^V+4Md1q8l$2>`oKM}^UVTWcUNaMB<HIXMt
z*z;5rz4|xMGE>tmp?v0lPS-r!Fpp7P8pqV5rTMR+rSuIJAIAT#_&2q17Ao%`0+30#
z&obLK^U-3o3f}V1QHrjqs`8+~g?`iWpf^HI=t~-Jv?1NR{z3(sVx=Ay(G!XlU%t}4
z220?@x-%VUS=zv0#ES0_waYm~e>YBkrOIk|vx{Zhd`#DQ3~U@&zmsb6aTr@YBVuR$
z+R9qXJR+)~m7Hv03A<8}#T4YM3`kzmm9`oU663y_Cxckd%5<9!!-Jvu7ggKITFd;0
zo@O{DU<8=Y7T8#LRQDp)H0uid^SQYnd6^&86~LGFCjQpgpOhew9xb>;i!t*J^ROtK
z8dAfA^vh-|n&z8ryj7XZ)|#N2k7yooIoxY^;op3vWs<0bmbqs%#~^ZkxX|b6!wD;Y
z4LL~gwJQhdy{OEtc}f({%$+sCq30`@%;vojxvq5AOkMMM_SygW`>6`c7N&1Sh4k_8
z5Y7B+b>IEl%8yfv+(O#4lGilm4-PzVOg7N9^Am^<(cOiJRy)0t99si%m_Jvn|8m?J
z173RyZEypP1sCsH&=O8B`6YasY~G`)n6C}7_F|6JhGt$9j(cL{5fLmrAhR<Xap#x)
zUp0N}_eWlR%YeX1^YI8<rPKW1^vuK#iM+y-3Ri}G9^MuQ<~53W&zRe&N{*W+snD$X
zy9iU(hx<cxdFFRisA}G=dlFX3ESmGp4jH49`tWbnH1_ZAyh@dL%8Y0l+HPciT@UpF
zb=KTRSBV!^P$Nj|$6;h8xUdhWuIa4a>HHt-VWJ%tJnpZV`)hd?vLmg^$v7<KAPUf~
z>H|6+Zq8bC=xIKtTjJjZ|ETKvB3KPpffe&(ssQ_T*dOUN|1s%xEy$z~y*PA&yq@!c
zA7n7tHQh}oUxa{&JB6>+)45tVcTr<XyXtpD@vG)-d1ee@jb8Dg^HsrJQe88jjlx~C
zqByENck{RRQ+ek5DTGeE;y?mBW-Z>orK3vQ@;N2j7GB_ffg%a}P~)MfqxN-#PpSsk
zP0=HC^@V4c7W8D9fH;g-hs^CXL%n=u*r=VxIGfw<3LUXt>p#3RhRm3j8a>udB)Tl`
zA-z`uoiNW+l<6KDVn@80c|k;>xt+zI>UD`!4nI(g%=S3E3%_48ay+C7>aCL13f|@6
zo$!0rI&YOUUBxM^!26Cu`B-1biG8axOwFtFv=d89ue&JVYyzb0cWzf`zLA%)_vn4n
zBuox!*&3}AbaE#I3CA)^kd6LHwU;Nv*EF)_!6Y(Wl#IzyycgG`;uaKpCqd7>C3TNj
z4%M5(o2vnz7=j02=WgDvX6Ffdss{A#dAd0q4FTyy{zf$!TbZ}(;F|eSJ-%4Ot|0~2
zhjf}Q8=y;fj$`-D`|!yjc3A7FY3kW-m0BOw-3JF~4%_BpMSe2_b4&+^W^WEP)vn!<
zT%+X93CtcwKus4fFNw?-XCkh8*PyXWrkfoMDg3|dwe||lG*_Tp!2op?W~-#iGMA|t
ze|XqyccG0kH&Z=6I_$3vSFyg|TeDm6^O@A#{vt&M3z+0&MDml0rm!!1x~5B|DBG=*
zrRIfsvUdurdqq_gg_bucyoSfipQUKTs%a`}Vv3e?OgEup$nsr?0MD(sM`xZG@s6Mh
zBLgR&8t)<1aO=msQXwup+t`WwhPP%~*m1mBk-mF(@Aou2h0m_S^7ueCerH?@_Ue*?
zj`T&*OzeUye?wD=eR`~+Pz57N`;09((?g@oT5Um>+5{Ka817RA9CzBy8HH<X^6F9h
zydv@`n%B(08pvF&^L5Qhg<z*wqw5h;xqkffr=s=Ey+L)AT7*b}If*s2*~J;(ONz5A
z>~wxx7p2ukkBs<g7xy(f=DTWKMG^T$-Q7vMJO5ctqgGw_yD^~zCC}@1Jxc5La)oKD
z``J|U+3TBMrD=E}1qW=Jr|IczwQ{dfm?Y*v5?R9X?vTX{Goh>VrvfjI25plS#b1g9
zZBq8v&A3Lw1kEq=mm0B;X_@=zetP}yyVM~8FDcmyX)equom&nEJ{Qg6k|p{lHIhN!
zHS;z_W7vZJt`0WLXLK+%U)8~7vrD5^^xXfb)3nUfqh5)Q_-RFo^ZU$S(X_#8pF1g8
zDN%ZxTi+^B|9scnUdez?zjb$=A~Qd@dB~8QYMa}txtpBo89M8e>6Dzx%-<`5Iy&rJ
zgI&8*>`p~<(JK1>N%IJ;n>np}1R?7dYTdJ{ns+Kr&l-w9R7t$Xm;4a==3z_GGB4E}
z%&n?fjB%?s{|BA5ARvG3{-Izi_3=@`=X9(5YpDIwvGX$AEp<(ce4z5vS_)CeHuuux
z>XoRePVE$TuZ^b}>ob2`p=g{m2#-{&trbZ#zDFl0V@cNhi*9~y|8qNq2dBLH3suX6
z)m1%GBi%h+Hm6YK&&eYGak(NzY@^7YQW}<co#*3qF((S*-^(H{;xy5TnjJWlOy~OW
zs&784ptR$FZ1`B+f>rZjjZ>K6vvPS&r&%-4R%BjyS@elIZP(oP;?N_});Mpui_wt!
z1BtKY+c+>k$b*LFU3$Rsdy>cLIaiQgAFCOZ*13FL;n{0O@1fR5-lTQRT@?d3td3Y-
z6IJUqhQF4Ri|oUZiJ~gJs6m1v-l&8d4ZQ7HPw@sZ7S7!fW5zk(XXDWkmEo)^D>}UT
z_uB;QC!&%53Edug%~~`kf2AWxLBaagH>ut_MHJoc5i+%!k$dam*seQ|R&s#TBVDDd
z6m{{RD4Mwv>s6ZA{rT%vweTtzPMkiZGMpq?f>i)jI6UTyK=)MWA)|l^EaTcH;J(oW
z;-iQOMRDN?`+wC;RCLd`in`#G&o5S0TIxLG&g7pp&vW|sr|aH2rQSQEbfPvT=X)|7
zT$wqh_|v$kKtG|Tt=E7aQKLK6+yvd_l>C>f_0#E!epydkQoi^jxxN;mtfpv5@n2wG
z?a#lj5w}>QbB*88Q?u$dY|qcl!LX5N>oTfd5w@fUYSL@XUZR_4^*ilc(eQLfBI}bC
zMHMX_E>ugm(xd-BdXe+0$2V#bakEuhg;EG>K&`$qOr7rdODYLz3BrNZQ9Wgf<|TVH
zjf4kFe@|}#<q^z3gGG)|2|aH-qLCrm$Zto9md&c}l2<8yOrzHxbo@+AnO3X&?@?)8
z^A<&xq8p=!W<s+v^UsP22W9V5<KkJp{&R|S)!XTx(M*%DDT;+#YvQuc0Y6+5cgy_A
zEkav(uVcQgNu73wpT1Q{G7l@0fm5ixJ>va1&-%xFGo0$@?oliFP~j5AEJ}@*zMzL$
zpXki!N@mN6>-~yYy}s}diogl;XAuxv&0o-?Pe)?+Q!K<Oc^;-4-$>~>+#WrTeg`ee
zi0bw+N(BT-`x+hWncGCYQTyyC=yaL+h9<vKru7BQbjn!%i}XmRWZht1rYDU)*;!U-
z3Ci0^O&RVH^*gE}i1M70`%+E31%c_|ir_)3%LBYAj0QE#Z)*C6VFo>>`wF$7yPZ0j
zue>K(!G<d>+z8cl7W6>R(S?eZa;W$Z@BgmVZ7Nw&k1O^lTCO+5ZE%{)muNDGcT4Yx
zg&C)Ze0YSc&I%s1CuIDqngXI*x?@zMs0#m&W-`2|#;61qqqoaHueqyb{J*b<RrH?P
z{^$#u_`H7bm*Q?Z1z|sevPsoJU8Plf9Ec}XbVU4bilUsF!f0|7o!oa6aK<VeKCk(^
zQ}%pZ4fI^wsofr=5H@ZV6Cc&$Tuy9%uI@olod1%pj&`B{uO>hkKCrqKBVoP`8s1@E
z_H|>P3c=+%{F$G}B4F*8*=yY>K;DX+&h+NRniRINxIjWj-tPXVdfx9r|G#*>^$Wi5
zSB+kFkh}Y3bXN?-fsJg0kW}T%5(_ErLDs>&Ug$B%*%*y)6c~rT>I)_mK2+l5K3gBx
zpq;^RHiEM8aB+j~f{_xP?k&)*g|W&S-T*=qD!!5}^KdEGS{s{}OKZgkA-&q=N0Tl-
z;>eB~jg$ESd<If4twTK2)^#1i1vD{UKBimB-Ivxy9&S0tzEH&OD%dw!-@M;fE+z8w
zY1|%<VA8xZ1jf)V-*>P;_(pTtwmmL-Z=q3mk*o<!#iR0RsU4Ybc+ZJ%*;=y^-h|j~
z5S_i+_FEs1hh=g&_v9Z9@iw=)kMEy1rssZKk1NCX`GTbt_V)<gR_&Xo3l1dKk4sx(
zuDaS?G72PRCZsWv&Hg&X9#pY>NftLD+?Z^cKb8jhtYt`ltM7jxE%OJ`B+1%LakIZw
z_Y>$7LdG&7de-RCU!lTHENoi)WRz}+mM28B+ig_g@~X9ABWS{InUz9AnJygS-cq2g
zBHi9f@PMlWLX&)XoUaq06NH>~dgH=3kaT)jEH~{;#q*kIl#e7229?5KxcQCQR*2d%
zcL`0nL1gn-)p=^=jX~rr+EC>5=jXlF21eZ7e)wR1@L@Xv5)TNoRAa|a9IaazF69Vm
zVg41+X#PbHc7dY(-5;Nkc(o@=zM8FWYTdL0{_74Q&hseGNb?TqooD&xxiZ0aE9Py!
zD>$U(Ww%eV-F*9PDc8~RIj=t-$&uR)8M^mjaEj#RUx+^_y^u~sgYz&wvb;o4bTwW9
zfE05J2zWcp-M?c@6C0`>_%pu=$<Qt@z!sb(Y)M%T8)tEC?pLu}vdh2$yAFIx0IrN`
zS|?Vpe-!r+Gy6@hg#SU3`KQJ2DV3}Hb-0kzrK^*+=XiY$`(E2%Jitv?46*%dv{Um|
zNO^$ZWDGl$#_{0*uhG2{9rV|Y+<mgwL+IoDv4e?J25&bCIgFe6bly)2P#g#}xDDn>
z*jd|}onHmM`D<@gfzn<n1&b4a+d@FM>D^@{ceT^JS4I;^ao1dLimPjnLhsQTG@iGA
z);T0G7z>0mnqjZUZ(^8J8d3H(*Ry3TY~vw&yGxtT6*M?3kjH71n8G(J?U2R?)1C1i
znL^Q3RP!@3$i!EO>)?pgU$dX?bp7`%5Wea|l$QfUG$&dO|9w<_&(|7Bz1dCnR<5#?
zH&$6_sNzLhB)=9D?bXZ)k5uFYJQ%F9gM5k{#|2vNaD?vBW_a2HcWKMPljYzmGI~X#
zBE-C9e$jW`HP2is6p<r{=lDVKH`1>1WFClwDVQ!e0@u!wG<r<FrkAjA(ws+J!Pm4+
zGCuH$E>R9R4jw4aQpK&Cox!QV!2_36PQzHb&eAt!Nl(YIx=A=z!K>GCGp(3+=5{*z
zxd9E`GFJ+cF(~xlJS^|%z~ZAa8HMZ=AA>@~OCwM+_-{-UxtcxzGqFs<60N%5iw7PY
z9TDZM5uL`P$v`3^eJz`AEDFPcz49P|Z1z5(1~)T^d^)oA8LLEfqA`VPN^g2T-*;Tt
zP!q}t%Z4yZq2Sz5Oq0%pZ5*SId?#493r`jVAP?O=r8b+F3QH*5BBd9Yk+M2~!M~|N
zNydc&LUoxhOD)>T!R0b=uJ=)QsUh0+$4%=B<f|A6v~{fu*OZz0Jy{X$g7{HC5!n^Q
z9|`X+T#h{<-F6+Kg@jPIWt!4|<salSi?L~10s2E+)O&y+H_UesWVG~sA8djV>uShd
z*H>IVlSaECaBJi@&_pL_?icju2L7#aTWKK79}A&UmxzLJD;Jb%eqAsnlPns;^EFMr
z>06}8$5QFLJ!zlMDfH8V8t?nZ&RFv`A0bTMd{ZHs2Adx&2bM4saG93fW5`sfTDM$0
zsOEVxzl2J7f~^QNW)<cGLRyrXr_>5ikMD8vy-T}u%Ysn0TwdPomlT0K1C)y_<jxy1
zB3zc%A>P*-7|WTAX7@h{WxE}Kd7RCFu7E_%(1!5o)NsdYSv3XE;tL8FdA5Tpgvp>6
z1HAO=9}T6}%dP(}2`;6p#4%~vHQ&_jAc?^tu8dEATy}=G<Rf@AT^a%i4jEQ0x?fvH
zL#8Q%7pC0*F0mx3$4^zfR?y@oSz?9xEpsPfS@tDF^E}Jb+DuO5G*Orp=*`>~yA6y9
zdGfvAe)biD(B-Xm+dNmwC#fIKh@S;f9B~*q+>5QlH`QTcLZ9~p4H*e%7jR%j7rz_k
zt&$yigu1Sj%8BG0{a8xKgk>N?=+tq?*9e;n<Z#nFT)C6X1NQcJ$Xw&QX~pnsJu>o}
z660T^Kv(jSwzIGHQ_1oN%=IaDn{utkj~i1Z9+9M9HrL1kk_S|{{WjaW2S_?sG|7!b
zF=y>v?g>%=FHOW3%yVRDoa8|~khV-_T60Ebz(4Mjk^ls9`l!r(*PdvR3PNn`itZWU
zuf_fNfkT%b*t^gCBG@!=?zWmR_FZpvhZ*}-Gfxs~6fF7K@>JnWep$gF!NuKMq`^Uq
z<gR^0;Eqx;c(mwd(jBSbhBz)`FM_mV&C$b4J)soDng``OBrDdI`Lr~}%Mj)QX|zNB
z*Fnw^(QKJ7OMz}YR(StjK`&`k?Oe=BznIo6?5YI>kAwS7rgI<oX5R@lfo}qrFfWrn
zDlNrL&nSK<v%;b6f6hMo(=u^f&lRsai>=(Rc!uf}K=1IH9uYmr^bEHnx;YHrkcoA3
z$?Iq34dr@!rI&8H(_}ycS%8vxCWW6B3wwm{c!#z#h*5RldY;LC7yWrbRSr}8rRbDh
ztNno_!@Og=6rS<CU3#}KS&ATj&T`(%g%4OZoq9FWY}&*oem$MDPbYm-5JR&+h;-Ls
zT)oum)h3ftsG#b+ahDH>sOgvxWX*d@=ZM)IGLMj8VW0ByGY;T??q(NgGmpfoxx+jO
z0tA^$eh~c3EMEY3)`YZrx3fM1@8B)mo!d3CfIV^JM9-ueuO!Z041*;}-QOG@8FXv>
z5)*b8<^WFMB@WN^PMBx=+<`N*grfAie~Jc3CaXUr>*v(a5xl^A-P1S*Hop(k5doq6
zBjzfYY6t+{vB?_B+$&BrW%iz-hljhTJ7&wb(vtPH5=PO~<y)#2!Yk{r-4N`&9o7sb
z$b*M=a2CGKA+1AmA8lH&Hxa;6mXZ<qzJq2T2uz?vPzMj7yZiQ<XTr=u;Pk51!2>X$
zp695CVjfCVJ6#^Yi$o0?jJtr`G`PCbS{|5h!f-{P7Qy^Fv^lEkZCT`@H4nNlpPGkb
zvCH=t&08y_J+?KyS~aTyw@~0@4Kx^DQRbEx;c<a1f}|yMiMTeHXrbA=Fn<J$OUEk%
zTiTyS?ZZsx@r7Xb7#Sa#>ql_^yMhuhSU71I2A8*>HPP(t$52TnR)XMuH5Oo-c_pm*
z%va#jTM{_JKGNDq8#o*Ju&$8j2`XVaHuqM@bqBgMCCqd06H23ZBycP-K~pL-zon=N
zuGw*neNWX<e(d<*0g`&mmlV0!!_?`F-c!I8i;nqAHBQr1W1;|R9#Q{f@G3V8jY9LC
z75sbDMC0oBk6HqJHB5R0BaPNNRG$0N2b(twG7v?(^s_<!Fkgkx_#s&Ss47}n3&tK3
zn@lv9nIEbyWpt(2yjN8o55yf5D{ylQq_PYhiIl(8YVy#$RLa<%Cw;M;%6ZzG@2R2H
zgo5gRS~WN~24)FoaMBcH<9o-M`6PI-Ks8x1Nq$bvCpR)o7>~y$CC)Sj&+omIiP?Nt
z4V$kBjk~3qeV8k2?59JDvD48t>Sq-}I?jOnuNJ&nE{U%CMv!~4HE74pEffN9S#ko;
zQe11fIkW&$7csMaqlY{<d#lO>^%U5`H2C;!V`611SMy9oFRsaU#WLTH+U)L{o4dx<
zPHf_4z`nisXViR9&3CkjqeeN}JUc2&I1iX3{r6F<FFVZ7-|uGTu>gDxNHzZLd3iuw
zo*kcraX8CFau9S!EW0~*V=)-PAD)iEBAJ<GL9Fnz)2#+Jml<|_&IdbYe?5j^4?4^w
zw(UPN*oX8S7{^jLwjpV3tU~V#snjPW2_?6IE%P`pZ(*QlX5*~C)u`6irI1d0I-BZ<
zUw8_!Igl$0FMIK0qqOB8tF%E6&eQu^ZR1KD-T}O2KI`k)e)7EnGudt(qphK-V=QyH
z+c2*_Ai!R4*GK~|QKH~wGqp>Ddjy2a)O_PI4Te1pfMDgpT4pz#;hIH19&VtHz|%=)
z9u9)E0xk~R%$>ag0%e=GVxVo?miYC#T_dOIOmu=$zH&FDER1+F9UN(;Z9H$pQiCg-
ziC`KEEq<O*s$deaMVY?>g%wp2`ww0^x|jaj_n-%xuYh1J%ItGVczYYI!qRdp(RxvB
zr(qavS1teI{cfRHtHijEBo|6t%bFEX123$Y_VmCm&;BiTdT6V3)B?DywF`cfsap7$
z$Bq4woq{16D8Q>$xZ3bdcjeGaG<@oNXv^Hj<HJP)B^4^uq6WHvev|wci$P4(n=wks
zsqs5j>BH6-3hh+rm+YqO@XN#?mvpP>sta>RL(pMQCLIOAai=U&fNeY_>$@WD5I*oA
z;RCyc5&RZ-o+4&UIQAW4uJvSP4Nd<D#ADMD+J>D~yqDKmgeHey?&JXo_%Kg?pia$X
zZwK~U(zG0X?7vuNKuJQ0zXZ8PwGT1X4Ze+U$DFClzKz+&6IuB~-~Zuf(-WS7D6&;k
znkkd!05g`c3i!R{n#AYr7Z6Oee$~N4e7?VB?kgk|P|sLC^J~*jmvJwdTy&{3kQQ2l
zn@7;DZ<yC$WegFRV$Kc8u0WfvS;6*&dxr;rZ{@o#a{#NzFtr@?kHN`M&j_tam^kon
z<#nU3ec&)SrzDxxy?iuQ$xrz@oz_|;)dp}J>}D&K%bW&>qr!dys!nwJIP#)$L8?5l
zq4u>E5f;<_miZUSC8&y7pYXQ(`Yk=zi1(RnPyQ8xK*SHJLKyH-E&OGB;tf{FP==Tb
z+BjCBzyuAqn6va?hC!{ZfG^-6`H|QOaN%x6G>--V-}c;n?E!kc&@AEp?{)a54G0F-
zHgv;}5G!g9NYSp_LCbqh4k0&zIPi-7mLRIks+P^GT!XWWpFm55;0V?DGk1};mk^gX
zfZ%b-%!YJ~!@StofiQD2m4xWd<4FCbAT7`yqg^RHenaG&SiD(5d)*oRH_N37A_((C
zhcX!A%#&DyMgCo*7K=EOh0F+X=D}Xdq(uY$CpjcDbk)_b7(||2;JpM-XbvBw?9L<E
zE+IWM+maj|a6d?<fx{u@l+2L32?|7rI4_g>85K?B5Zz9u{U!6`5WxehTEn|Vm{VBQ
z&AK$gQUggKN4%&A*shU!8w!|Zmh5H(1w{O$e>G3usmryx#N+8;rHc*xs257e^2+=h
zlwNA3l$E?{#hbTDI|vzQn>i>VmXoB+mJqpJ@NX@HL}u5HU~i$@Cr6zJWte0;VX|_v
zF|!v$EhKsX118tIzb2#@sP%sj!igov2jSlmG&y4TM|;O*>|6w`RX1{-UysSDS8F&*
zdiy>*%Lm==4A$h-T<A&5tz>S=WRHq=DZ;G8B73nXSZge3J|H<AO@1YsTcD4<8_;^a
zPzcO*?!RVN`WeB!GZJWvL?hgVdRixIJinK5QnzdhVv!fJ7tMKW2bSq_{zwo{w#*Nt
zF0cWaW;^xVWBxb?4jgz6Kd_lVgGs!*-#>wC4rmYT6X;EYN#T;rg}khA*D%M4fwLS<
zQ~i2w!~9SNgi6Do6{?QNVCJacQ8Mao(02>t!6gAp7v!E!b;Pm-Q-$<L74T|eH%R1z
zZu0(;7?HfFoWOPocsCPLu%nah_lzUbRCR!Q7LwV=WLRX#{rvk!sP`1_Ma!y78|E+a
zg00neKN$R<I!2Z#7wt2T5?O=PB<9KaI)WT@7wI3*?68UcQK1ai@AG!z^mHlM3e{S4
zd2?YDCQZ{*6ZOuo>!-?_ow4(Gi!`vSWqMqcbrn^+K0Q!M3(L=#a5>qHn2`eBuQ2Z}
zz^dl&3(dWvZf@tPfZE&ZnYR=aJ9fb8P_(Mi<yOM<o5W^wolrL^Y`!BUTDrcsv=@xr
zJY6OYOS`jz6sp<}WoG`^F<0c^2jL+>d_^b%FlayTBjvc!K96kYc~X<m_j#ivf9F9;
z&dp5`*}w?wobR#R{R2Uu8=y`sIne|%e;+Fduuhq0OE!n1{LT%l)_)&m4SH<;0Dn8o
z4<2(f^NS#-b^Mtp;veGVVBR1J1Iu^#T<A3SEV0KH977KV?G#E-^4xe*Xpq>Mc|l2X
ziwL@o!0aYp+C;1Ain^dAb5|bkU6OjJn&-O)=9d~2VE%9i_2=bR-OT(Dp<gA?XYj|e
zfE$x7^F4v=hNu6P;nE0phkFJo-oqHA?b=ed2QMaUY+iaA?np0fb}!8us}@3lJyaAK
zow1M0dAu9Z>X3&mT<tT5QSLdHh?TS3CsWvAHo;oiAsPAo-`1|?wW%eFpQQNlP;jA$
z=%%>vHJ03__ZdkaJi%72BB5$)U5NVfF{#nyCNH_SkVQcrf*^{nL=eG0K?FB0L|1-*
zAmT<>g1B+zAE4mx%-p%Tx9Y+>vuJ4VZO)vpIdkTG%+Q~fU?PNnh_i3<!g(7=;<UGN
z6DcWVUa4XU$%E~#KcEkQCIyxn&7Vr=jxmx)*i}Kf%ps(8gPtHx8>Yrl${P+uteo??
zCS2R96+9q%j9eFb_0iIK87tF<5j;AIj}#+g_DBL8so-;7S+sG=B(8Vj-Vs3$0a-Gh
z$LA&HD$JS5F!K@&Z@rJ<E@y7UHh~r*joH>{E;0Y-;Rss*c(My}MWuZJ2RYCKLy|)z
zPoU7JgG=3U=Q=`QeR_o0*jO5K6N!u~iv{-Vz|<EDwXQZgE|yLUOgQZO-5KPUHRALY
ztGxxdC&YgN3S-c;fS>{x(S?Cd0ajVvU)ad&@D?pHH)+(L>PZpK39f)mK|mx&sUZ8O
zk05x{=XNcwRWpV+=b@Vm8sTBz#X#>Hb2(|5PQe6OKvFB$bf-R`n|282`lZ<XeS>|d
z1x$|zB9J{I19}Bsu6A1zPSAa9aV-pq#5;Y#WVWcua#DxR$xi6836`~>$3@uep$OV)
z)i`J)$>sAVD2BFI_DtL}o&l>@dp?5R3U*pwhx1iN9BH2o%QELJAcaf++gWQD%aC`^
zr@G;)sQlW6jx^wO&61pPwj^}%Ut>ut>>>~OrX_%J5BZWMn94(bWY_Uot%%zUm1kb~
zi)HPfJi+2@VcLY?W~BQgt7<I(4V@FY9KE!=#6=Dd%&xq~E=$|J486eKm2<#!6+g<?
zhG&3KGndx<K1JyIUOFJE!IEsAO8D;4kx*Pvi|Eaw9#9q7(r5ggV!(uK*QG{!2DL$a
z+-^e_IV;3NL^&!sd;r$m(hn4;-lsx5+_%R($Y{PVYxtpucQ+kX`|EXHZ?%u37BxDP
z4j5v5<w{qj9f6*_5+zF?I~lqGOA^Tz7;~8#8tO63@bs578x3apFX9?+0eozCyVCTW
z^Pn(Xu5-?u_ani5d8%3X-`#k4B<H|Kje8_DfR%y{srY?uOa^0Ouvh4v7OKK~xvlLH
zGR4D9u3}!a@3n+TWc*fS%uCW}N?Zh!o`G#r7W_dwG!x~c1jA`cztiyqQzQ}`4m9-D
ziXpqQ)eN@J(7Ya1$u&tZ7tGq!sKicig?2@%W6H>(G{0$>rXUlz(m~A$V^a{5IbDgM
z{vh*bnhyD9INgrxub9#o$K#V8%$8y&n5Uv{(-<R5y<UdS!s5>2XKc2^iE)*!97T~P
zY9Vs81q3GFRQkB*+0WtoM2>{=+Rso4zac*q)v+#jT4?oZ@xd*X`bo7$<2BLk%pcgu
z)B~I-+0U+T@d@6QC6O7KnVO=Fc*AYsqMok~vTJJm_Vi@YDL94EvGcIa{l6zBVw^@4
zs)v7XHYQrF<#rz5zJLh9Xti1@R`!Tmsa`BiiiX&`SGcY_RdhwI;1&xdx3H&Cb^j8%
zwF^yeFxy#MaNLqJN&jrZZU9BR=Nbq?Ap+MQ8Q<(-f60ZQh!^G?U7xFN$2U}i*2R2V
OMi<A|b0<(9@$v7+D4Vzd

literal 0
HcmV?d00001

diff --git a/test/integration/consul-container/test/envoy_extensions/wasm_test.go b/test/integration/consul-container/test/envoy_extensions/wasm_test.go
new file mode 100644
index 000000000000..2a9a17ff1742
--- /dev/null
+++ b/test/integration/consul-container/test/envoy_extensions/wasm_test.go
@@ -0,0 +1,461 @@
+package envoyextensions
+
+import (
+	"context"
+	"crypto/sha256"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/go-cleanhttp"
+	"github.com/stretchr/testify/require"
+	"github.com/testcontainers/testcontainers-go"
+	"github.com/testcontainers/testcontainers-go/wait"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
+	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
+	libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service"
+	"github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
+)
+
+// TestWASMRemote Summary
+// This test ensures that a WASM extension can be loaded from a remote file server then executed.
+// It uses the same basic WASM extension as the TestWASMLocal test which adds the header
+// "x-test:true" to the response.
+// This test configures a static server and proxy, a client proxy, as well as an Nginx file server to
+// serve the compiled wasm extension. The static proxy is configured to apply the wasm filter
+// and pointed at the remote file server. When the filter is added with the remote wasm file configured
+// envoy calls out to the nginx file server to download it.
+func TestWASMRemote(t *testing.T) {
+	t.Parallel()
+
+	// build all the file paths we will need for the test
+	cwd, err := os.Getwd()
+	require.NoError(t, err, "could not get current working directory")
+	hostWASMDir := fmt.Sprintf("%s/testdata/wasm_test_files", cwd)
+
+	cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{
+		NumServers:                1,
+		NumClients:                1,
+		ApplyDefaultProxySettings: true,
+		BuildOpts: &libcluster.BuildOptions{
+			Datacenter:             "dc1",
+			InjectAutoEncryption:   true,
+			InjectGossipEncryption: true,
+		},
+	})
+
+	clientService, staticProxy := createTestServices(t, cluster)
+	_, port := clientService.GetAddr()
+	_, adminPort := clientService.GetAdminAddr()
+
+	libassert.AssertUpstreamEndpointStatus(t, adminPort, "static-server.default", "HEALTHY", 1)
+	libassert.GetEnvoyListenerTCPFilters(t, adminPort)
+
+	libassert.AssertContainerState(t, clientService, "running")
+	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", port), "static-server", "")
+
+	// Check header not present
+	c1 := cleanhttp.DefaultClient()
+	res, err := c1.Get(fmt.Sprintf("http://localhost:%d", port))
+	require.NoError(t, err)
+
+	// check that header DOES NOT exist before wasm applied
+	if value := res.Header.Get(http.CanonicalHeaderKey("x-test")); value != "" {
+		t.Fatal("unexpected test header present before WASM applied")
+	}
+
+	// Create Nginx file server
+	uri, nginxService, nginxProxy := createNginxFileServer(t, cluster,
+		// conf file
+		testcontainers.ContainerFile{
+			HostFilePath:      fmt.Sprintf("%s/nginx.conf", hostWASMDir),
+			ContainerFilePath: "/etc/nginx/conf.d/wasm.conf",
+			FileMode:          777,
+		},
+		// extra files loaded after startup
+		testcontainers.ContainerFile{
+			HostFilePath:      fmt.Sprintf("%s/wasm_add_header.wasm", hostWASMDir),
+			ContainerFilePath: "/usr/share/nginx/html/wasm_add_header.wasm",
+			FileMode:          777,
+		})
+
+	defer nginxService.Terminate()
+	defer nginxProxy.Terminate()
+
+	// wire up the wasm filter
+	node := cluster.Agents[0]
+	client := node.GetClient()
+
+	agentService, _, err := client.Agent().Service(libservice.StaticServerServiceName, nil)
+	require.NoError(t, err)
+
+	agentService.Connect = &api.AgentServiceConnect{
+		SidecarService: &api.AgentServiceRegistration{
+			Kind: api.ServiceKindConnectProxy,
+			Proxy: &api.AgentServiceConnectProxyConfig{
+				Upstreams: []api.Upstream{
+					{
+						DestinationName:  "nginx-fileserver",
+						DestinationPeer:  "",
+						LocalBindAddress: "0.0.0.0",
+						LocalBindPort:    9595,
+					},
+				},
+			},
+		},
+	}
+
+	// Upsert the service registration to add the nginx file server as an
+	// upstream so that the static server proxy can retrieve the wasm plugin.
+	err = client.Agent().ServiceRegister(&api.AgentServiceRegistration{
+		Kind:              agentService.Kind,
+		ID:                agentService.ID,
+		Name:              agentService.Service,
+		Tags:              agentService.Tags,
+		Port:              agentService.Port,
+		Address:           agentService.Address,
+		SocketPath:        agentService.SocketPath,
+		TaggedAddresses:   agentService.TaggedAddresses,
+		EnableTagOverride: agentService.EnableTagOverride,
+		Meta:              agentService.Meta,
+		Weights:           &agentService.Weights,
+		Check:             nil,
+		Checks:            nil,
+		Proxy:             agentService.Proxy,
+		Connect:           agentService.Connect,
+		Namespace:         agentService.Namespace,
+		Partition:         agentService.Partition,
+		Locality:          agentService.Locality,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// wait until the nginx-fileserver is reachable from the static proxy
+	t.Log("Attempting wait until nginx-fileserver-sidecar-proxy is available")
+	bashScript := "for i in {1..10}; do echo Attempt $1: contacting nginx; if curl -I localhost:9595; then break; fi;" +
+		"if [[ $i -ge 10 ]]; then echo Unable to connect to nginx; exit 1; fi; sleep 3; done; echo nginx available"
+	_, err = staticProxy.Exec(context.Background(), []string{"/bin/bash", "-c", bashScript})
+	require.NoError(t, err)
+
+	consul := cluster.APIClient(0)
+	defaults := api.ServiceConfigEntry{
+		Kind:     api.ServiceDefaults,
+		Name:     "static-server",
+		Protocol: "http",
+		EnvoyExtensions: []api.EnvoyExtension{{
+			Name: "builtin/wasm",
+			Arguments: map[string]any{
+				"Protocol":     "http",
+				"ListenerType": "inbound",
+				"PluginConfig": map[string]any{
+					"VmConfig": map[string]any{
+						"Code": map[string]any{
+							"Remote": map[string]any{
+								"HttpURI": map[string]any{
+									"Service": map[string]any{
+										"Name": "nginx-fileserver",
+									},
+									"URI": fmt.Sprintf("%s/wasm_add_header.wasm", uri),
+								},
+								"SHA256": sha256FromFile(t, fmt.Sprintf("%s/wasm_add_header.wasm", hostWASMDir)),
+							},
+						},
+					},
+				},
+			},
+		}},
+	}
+
+	_, _, err = consul.ConfigEntries().Set(&defaults, nil)
+	require.NoError(t, err, "could not set config entries")
+
+	// Check that header is present after wasm applied
+	c2 := cleanhttp.DefaultClient()
+
+	// The wasm plugin is not always applied on the first call. Retry and see if it is loaded.
+	retryStrategy := func() *retry.Timer {
+		return &retry.Timer{Timeout: 5 * time.Second, Wait: time.Second}
+	}
+	retry.RunWith(retryStrategy(), t, func(r *retry.R) {
+		res2, err := c2.Get(fmt.Sprintf("http://localhost:%d", port))
+		require.NoError(r, err)
+
+		if value := res2.Header.Get(http.CanonicalHeaderKey("x-test")); value == "" {
+			r.Fatal("test header missing after WASM applied")
+		}
+	})
+}
+
+// TestWASMLocal Summary
+// This test ensures that a WASM extension with basic functionality is executed correctly.
+// The extension takes an incoming request and adds the header "x-test:true"
+func TestWASMLocal(t *testing.T) {
+	t.Parallel()
+
+	cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{
+		NumServers:                1,
+		NumClients:                1,
+		ApplyDefaultProxySettings: true,
+		BuildOpts: &libcluster.BuildOptions{
+			Datacenter:             "dc1",
+			InjectAutoEncryption:   true,
+			InjectGossipEncryption: true,
+		},
+	})
+
+	clientService, _ := createTestServices(t, cluster)
+	_, port := clientService.GetAddr()
+	_, adminPort := clientService.GetAdminAddr()
+
+	libassert.AssertUpstreamEndpointStatus(t, adminPort, "static-server.default", "HEALTHY", 1)
+	libassert.GetEnvoyListenerTCPFilters(t, adminPort)
+
+	libassert.AssertContainerState(t, clientService, "running")
+	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", port), "static-server", "")
+
+	// Check header not present
+	c1 := cleanhttp.DefaultClient()
+	res, err := c1.Get(fmt.Sprintf("http://localhost:%d", port))
+	require.NoError(t, err)
+
+	// check that header DOES NOT exist before wasm applied
+	if value := res.Header.Get(http.CanonicalHeaderKey("x-test")); value != "" {
+		t.Fatal("unexpected test header present before WASM applied")
+	}
+
+	// wire up the wasm filter
+	consul := cluster.APIClient(0)
+	defaults := api.ServiceConfigEntry{
+		Kind:     api.ServiceDefaults,
+		Name:     "static-server",
+		Protocol: "http",
+		EnvoyExtensions: []api.EnvoyExtension{{
+			Name: "builtin/wasm",
+			Arguments: map[string]any{
+				"Protocol":     "http",
+				"ListenerType": "inbound",
+				"PluginConfig": map[string]any{
+					"VmConfig": map[string]any{
+						"Code": map[string]any{
+							"Local": map[string]any{
+								"Filename": "/wasm_add_header.wasm",
+							},
+						},
+					},
+				},
+			},
+		}},
+	}
+
+	_, _, err = consul.ConfigEntries().Set(&defaults, nil)
+	require.NoError(t, err, "could not set config entries")
+
+	// Check that header is present after wasm applied
+	c2 := cleanhttp.DefaultClient()
+
+	// The wasm plugin is not always applied on the first call. Retry and see if it is loaded.
+	retryStrategy := func() *retry.Timer {
+		return &retry.Timer{Timeout: 5 * time.Second, Wait: time.Second}
+	}
+	retry.RunWith(retryStrategy(), t, func(r *retry.R) {
+		res2, err := c2.Get(fmt.Sprintf("http://localhost:%d", port))
+		require.NoError(r, err)
+
+		if value := res2.Header.Get(http.CanonicalHeaderKey("x-test")); value == "" {
+			r.Fatal("test header missing after WASM applied")
+		}
+	})
+}
+
+func createTestServices(t *testing.T, cluster *libcluster.Cluster) (libservice.Service, libservice.Service) {
+	node := cluster.Agents[0]
+	client := node.GetClient()
+	// Create a service and proxy instance
+	serviceOpts := &libservice.ServiceOpts{
+		Name:     libservice.StaticServerServiceName,
+		ID:       libservice.StaticServerServiceName,
+		HTTPPort: 8080,
+		GRPCPort: 8079,
+	}
+	cwd, err := os.Getwd()
+	require.NoError(t, err, "could not get current working directory")
+	hostWASMDir := fmt.Sprintf("%s/testdata/wasm_test_files", cwd)
+
+	wasmFile := testcontainers.ContainerFile{
+		HostFilePath:      fmt.Sprintf("%s/wasm_add_header.wasm", hostWASMDir),
+		ContainerFilePath: "/wasm_add_header.wasm",
+		FileMode:          777,
+	}
+
+	customFn := chain(
+		copyFilesToContainer([]testcontainers.ContainerFile{wasmFile}),
+		chownFiles([]testcontainers.ContainerFile{wasmFile}, "envoy", true),
+	)
+
+	// Create a service and proxy instance
+	_, staticProxy, err := libservice.CreateAndRegisterStaticServerAndSidecarWithCustomContainerConfig(node, serviceOpts, customFn)
+	require.NoError(t, err)
+
+	libassert.CatalogServiceExists(t, client, "static-server-sidecar-proxy", nil)
+	libassert.CatalogServiceExists(t, client, libservice.StaticServerServiceName, nil)
+
+	// Create a client proxy instance with the server as an upstream
+
+	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false)
+	require.NoError(t, err)
+
+	libassert.CatalogServiceExists(t, client, "static-client-sidecar-proxy", nil)
+
+	return clientConnectProxy, staticProxy
+}
+
+// createNginxFileServer creates an nginx container configured to serve a wasm file for download, as well as a sidecar
+// registered for the service.
+func createNginxFileServer(t *testing.T,
+	cluster *libcluster.Cluster,
+	conf testcontainers.ContainerFile,
+	files ...testcontainers.ContainerFile) (string, libservice.Service, libservice.Service) {
+
+	nginxName := "nginx-fileserver"
+	nginxPort := 80
+	svc := &libservice.ServiceOpts{
+		Name:     nginxName,
+		ID:       nginxName,
+		HTTPPort: nginxPort,
+		GRPCPort: 9999,
+	}
+
+	node := cluster.Agents[0]
+
+	req := testcontainers.ContainerRequest{
+		// nginx:stable
+		Image:      "nginx@sha256:b07a5ab5292bd90c4271a55a44761899cc1b14814172cf7f186e3afb8bdbec28",
+		Name:       nginxName,
+		WaitingFor: wait.ForLog("").WithStartupTimeout(time.Second * 30),
+		LifecycleHooks: []testcontainers.ContainerLifecycleHooks{
+			{
+				PostStarts: []testcontainers.ContainerHook{
+					func(ctx context.Context, c testcontainers.Container) error {
+						_, _, err := c.Exec(ctx, []string{"mkdir", "-p", "/www/downloads"})
+						if err != nil {
+							return err
+						}
+
+						for _, f := range files {
+							fBytes, err := os.ReadFile(f.HostFilePath)
+							if err != nil {
+								return err
+							}
+							err = c.CopyToContainer(ctx, fBytes, f.ContainerFilePath, f.FileMode)
+							if err != nil {
+								return err
+							}
+
+							_, _, err = c.Exec(ctx, []string{"chmod", "+r", f.ContainerFilePath})
+							if err != nil {
+								return err
+							}
+						}
+
+						return err
+					},
+				},
+			},
+		},
+		Files: []testcontainers.ContainerFile{conf},
+	}
+
+	nginxService, nginxProxy, err := libservice.CreateAndRegisterCustomServiceAndSidecar(node, svc, req, nil)
+	require.NoError(t, err, "could not create custom server and sidecar")
+
+	_, port := nginxService.GetAddr()
+
+	client := node.GetClient()
+	libassert.CatalogServiceExists(t, client, nginxName, nil)
+	libassert.CatalogServiceExists(t, client, fmt.Sprintf("%s-sidecar-proxy", nginxName), nil)
+
+	return fmt.Sprintf("http://nginx-fileserver:%d", port), nginxService, nginxProxy
+}
+
+// chain takes multiple setup functions for testcontainers.ContainerRequest and chains them together into a single function
+// of testcontainers.ContainerRequest to testcontainers.ContainerRequest.
+func chain(fns ...func(testcontainers.ContainerRequest) testcontainers.ContainerRequest) func(testcontainers.ContainerRequest) testcontainers.ContainerRequest {
+	return func(req testcontainers.ContainerRequest) testcontainers.ContainerRequest {
+		for _, fn := range fns {
+			req = fn(req)
+		}
+
+		return req
+	}
+}
+
+// copyFilesToContainer is a convenience function to build custom testcontainers.ContainerRequest. It takes a list of files
+// which need to be copied to the container. It returns a function which updates a given testcontainers.ContainerRequest
+// to include the files which need to be copied to the container on startup.
+func copyFilesToContainer(files []testcontainers.ContainerFile) func(testcontainers.ContainerRequest) testcontainers.ContainerRequest {
+	return func(req testcontainers.ContainerRequest) testcontainers.ContainerRequest {
+		req.Files = files
+		return req
+	}
+}
+
+// chownFiles is a convenience function to build custom testcontainers.ContainerRequest. It takes a list of files,
+// a user to make the owner, and whether the command requires sudo. It then returns a function which updates
+// a testcontainers.ContainerRequest with a lifecycle hook which will chown the files to the user after container startup.
+func chownFiles(files []testcontainers.ContainerFile, user string, sudo bool) func(request testcontainers.ContainerRequest) testcontainers.ContainerRequest {
+	return func(req testcontainers.ContainerRequest) testcontainers.ContainerRequest {
+		req.LifecycleHooks = append(req.LifecycleHooks, testcontainers.ContainerLifecycleHooks{
+			PostStarts: []testcontainers.ContainerHook{
+				func(ctx context.Context, c testcontainers.Container) error {
+					cmd := []string{}
+					if sudo {
+						cmd = append(cmd, "sudo")
+					}
+
+					cmd = append(cmd, "chown", user)
+
+					for _, f := range files {
+						cmd = append(cmd, f.ContainerFilePath)
+					}
+
+					_, _, err := c.Exec(ctx, cmd)
+					return err
+				},
+			},
+		})
+
+		return req
+	}
+}
+
+// sha256FromFile reads in the file from filepath and computes a sha256 of its contents.
+func sha256FromFile(t *testing.T, filepath string) string {
+	f, err := os.Open(filepath)
+	require.NoError(t, err, "could not open file for sha")
+	defer f.Close()
+
+	h := sha256.New()
+	_, err = io.Copy(h, f)
+	require.NoError(t, err, "could not copy file to sha")
+
+	return fmt.Sprintf("%x", h.Sum(nil))
+}
+
+// safeDelete removes a given file if it exists.
+func safeDelete(t *testing.T, filePath string) {
+	t.Logf("cleaning up stale build file: %s", filePath)
+	if _, err := os.Stat(filePath); err != nil {
+		return
+	}
+
+	// build is out of date, wipe compiled wasm
+	err := os.Remove(filePath)
+	require.NoError(t, err, "could not remove file")
+}
diff --git a/test/integration/consul-container/test/upgrade/common.go b/test/integration/consul-container/test/upgrade/common.go
index 44bdcca25180..abba2b425ad5 100644
--- a/test/integration/consul-container/test/upgrade/common.go
+++ b/test/integration/consul-container/test/upgrade/common.go
@@ -66,7 +66,7 @@ func CreateAndRegisterStaticClientSidecarWith2Upstreams(c *cluster.Cluster, dest
 		ServiceID: libservice.StaticClientServiceName,
 	}
 
-	clientConnectProxy, err := libservice.NewConnectService(context.Background(), sidecarCfg, []int{cluster.ServiceUpstreamLocalBindPort, cluster.ServiceUpstreamLocalBindPort2}, node)
+	clientConnectProxy, err := libservice.NewConnectService(context.Background(), sidecarCfg, []int{cluster.ServiceUpstreamLocalBindPort, cluster.ServiceUpstreamLocalBindPort2}, node, nil)
 	if err != nil {
 		return nil, err
 	}

From 828567c62e9aa440dfffc3cdec889b8158c1810e Mon Sep 17 00:00:00 2001
From: Ashvitha <ashvitha.sridharan@hashicorp.com>
Date: Tue, 1 Aug 2023 17:20:18 -0400
Subject: [PATCH 240/359] [HCP Telemetry] Periodic Refresh for Dynamic
 Telemetry Configuration (#18168)

* OTElExporter now uses an EndpointProvider to discover the endpoint

* OTELSink uses a ConfigProvider to obtain filters and labels configuration

* improve tests for otel_sink

* Regex logic is moved into client for a method on the TelemetryConfig object

* Create a telemetry_config_provider and update deps to use it

* Fix conversion

* fix import newline

* Add logger to hcp client and move telemetry_config out of the client.go file

* Add a telemetry_config.go to refactor client.go

* Update deps

* update hcp deps test

* Modify telemetry_config_providers

* Check for nil filters

* PR review updates

* Fix comments and move around pieces

* Fix comments

* Remove context from client struct

* Moved ctx out of sink struct and fixed filters, added a test

* Remove named imports, use errors.New if not fformatting

* Remove HCP dependencies in telemetry package

* Add success metric and move lock only to grab the t.cfgHahs

* Update hash

* fix nits

* Create an equals method and add tests

* Improve telemetry_config_provider.go tests

* Add race test

* Add missing godoc

* Remove mock for MetricsClient

* Avoid goroutine test panics

* trying to kick CI lint issues by upgrading mod

* imprve test code and add hasher for testing

* Use structure logging for filters, fix error constants, and default to allow all regex

* removed hashin and modify logic to simplify

* Improve race test and fix PR feedback by removing hash equals and avoid testing the timer.Ticker logic, and instead unit test

* Ran make go-mod-tidy

* Use errtypes in the test

* Add changelog

* add safety check for exporter endpoint

* remove require.Contains by using error types, fix structure logging, and fix success metric typo in exporter

* Fixed race test to have changing config values

* Send success metric before modifying config

* Avoid the defer and move the success metric under
---
 .changelog/18168.txt                      |   3 +
 agent/hcp/client/client.go                |  80 +----
 agent/hcp/client/client_test.go           | 240 +++++---------
 agent/hcp/client/metrics_client.go        |   8 +-
 agent/hcp/client/mock_metrics_client.go   |   5 -
 agent/hcp/client/telemetry_config.go      | 176 ++++++++++
 agent/hcp/client/telemetry_config_test.go | 377 +++++++++++++++++++++
 agent/hcp/deps.go                         |  43 ++-
 agent/hcp/deps_test.go                    |  97 +++---
 agent/hcp/manager_test.go                 |  12 +-
 agent/hcp/telemetry/custom_metrics.go     |   2 +-
 agent/hcp/telemetry/filter.go             |  37 ---
 agent/hcp/telemetry/filter_test.go        |  58 ----
 agent/hcp/telemetry/otel_exporter.go      |  35 +-
 agent/hcp/telemetry/otel_exporter_test.go |  41 ++-
 agent/hcp/telemetry/otel_sink.go          | 103 +++---
 agent/hcp/telemetry/otel_sink_test.go     | 229 ++++++++++---
 agent/hcp/telemetry_provider.go           | 156 +++++++++
 agent/hcp/telemetry_provider_test.go      | 384 ++++++++++++++++++++++
 go.mod                                    |   2 +-
 go.sum                                    |   4 +-
 test-integ/go.mod                         |   2 +-
 test-integ/go.sum                         |   4 +-
 test/integration/consul-container/go.mod  |   2 +-
 test/integration/consul-container/go.sum  |   4 +-
 25 files changed, 1581 insertions(+), 523 deletions(-)
 create mode 100644 .changelog/18168.txt
 delete mode 100644 agent/hcp/client/mock_metrics_client.go
 create mode 100644 agent/hcp/client/telemetry_config.go
 create mode 100644 agent/hcp/client/telemetry_config_test.go
 delete mode 100644 agent/hcp/telemetry/filter.go
 delete mode 100644 agent/hcp/telemetry/filter_test.go
 create mode 100644 agent/hcp/telemetry_provider.go
 create mode 100644 agent/hcp/telemetry_provider_test.go

diff --git a/.changelog/18168.txt b/.changelog/18168.txt
new file mode 100644
index 000000000000..a68483527e10
--- /dev/null
+++ b/.changelog/18168.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+hcp: Add dynamic configuration support for the export of server metrics to HCP.
+```
\ No newline at end of file
diff --git a/agent/hcp/client/client.go b/agent/hcp/client/client.go
index 1c49fd792471..f04767e983c7 100644
--- a/agent/hcp/client/client.go
+++ b/agent/hcp/client/client.go
@@ -35,21 +35,6 @@ type Client interface {
 	DiscoverServers(ctx context.Context) ([]string, error)
 }
 
-// MetricsConfig holds metrics specific configuration for the TelemetryConfig.
-// The endpoint field overrides the TelemetryConfig endpoint.
-type MetricsConfig struct {
-	Filters  []string
-	Endpoint string
-}
-
-// TelemetryConfig contains configuration for telemetry data forwarded by Consul servers
-// to the HCP Telemetry gateway.
-type TelemetryConfig struct {
-	Endpoint      string
-	Labels        map[string]string
-	MetricsConfig *MetricsConfig
-}
-
 type BootstrapConfig struct {
 	Name            string
 	BootstrapExpect int
@@ -112,10 +97,14 @@ func (c *hcpClient) FetchTelemetryConfig(ctx context.Context) (*TelemetryConfig,
 
 	resp, err := c.tgw.AgentTelemetryConfig(params, nil)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to fetch from HCP: %w", err)
+	}
+
+	if err := validateAgentTelemetryConfigPayload(resp); err != nil {
+		return nil, fmt.Errorf("invalid response payload: %w", err)
 	}
 
-	return convertTelemetryConfig(resp)
+	return convertAgentTelemetryResponse(ctx, resp, c.cfg)
 }
 
 func (c *hcpClient) FetchBootstrap(ctx context.Context) (*BootstrapConfig, error) {
@@ -272,60 +261,3 @@ func (c *hcpClient) DiscoverServers(ctx context.Context) ([]string, error) {
 
 	return servers, nil
 }
-
-// convertTelemetryConfig validates the AgentTelemetryConfig payload and converts it into a TelemetryConfig object.
-func convertTelemetryConfig(resp *hcptelemetry.AgentTelemetryConfigOK) (*TelemetryConfig, error) {
-	if resp.Payload == nil {
-		return nil, fmt.Errorf("missing payload")
-	}
-
-	if resp.Payload.TelemetryConfig == nil {
-		return nil, fmt.Errorf("missing telemetry config")
-	}
-
-	payloadConfig := resp.Payload.TelemetryConfig
-	var metricsConfig MetricsConfig
-	if payloadConfig.Metrics != nil {
-		metricsConfig.Endpoint = payloadConfig.Metrics.Endpoint
-		metricsConfig.Filters = payloadConfig.Metrics.IncludeList
-	}
-	return &TelemetryConfig{
-		Endpoint:      payloadConfig.Endpoint,
-		Labels:        payloadConfig.Labels,
-		MetricsConfig: &metricsConfig,
-	}, nil
-}
-
-// Enabled verifies if telemetry is enabled by ensuring a valid endpoint has been retrieved.
-// It returns full metrics endpoint and true if a valid endpoint was obtained.
-func (t *TelemetryConfig) Enabled() (string, bool) {
-	endpoint := t.Endpoint
-	if override := t.MetricsConfig.Endpoint; override != "" {
-		endpoint = override
-	}
-
-	if endpoint == "" {
-		return "", false
-	}
-
-	// The endpoint from Telemetry Gateway is a domain without scheme, and without the metrics path, so they must be added.
-	return endpoint + metricsGatewayPath, true
-}
-
-// DefaultLabels returns a set of <key, value> string pairs that must be added as attributes to all exported telemetry data.
-func (t *TelemetryConfig) DefaultLabels(cfg config.CloudConfig) map[string]string {
-	labels := make(map[string]string)
-	nodeID := string(cfg.NodeID)
-	if nodeID != "" {
-		labels["node_id"] = nodeID
-	}
-	if cfg.NodeName != "" {
-		labels["node_name"] = cfg.NodeName
-	}
-
-	for k, v := range t.Labels {
-		labels[k] = v
-	}
-
-	return labels
-}
diff --git a/agent/hcp/client/client_test.go b/agent/hcp/client/client_test.go
index 0292fa3fab22..d4bae2ae4cb5 100644
--- a/agent/hcp/client/client_test.go
+++ b/agent/hcp/client/client_test.go
@@ -2,200 +2,122 @@ package client
 
 import (
 	"context"
+	"fmt"
+	"net/url"
+	"regexp"
 	"testing"
+	"time"
 
-	"github.com/hashicorp/consul/agent/hcp/config"
-	"github.com/hashicorp/consul/types"
-	"github.com/hashicorp/hcp-sdk-go/clients/cloud-consul-telemetry-gateway/preview/2023-04-14/client/consul_telemetry_service"
+	"github.com/go-openapi/runtime"
+	hcptelemetry "github.com/hashicorp/hcp-sdk-go/clients/cloud-consul-telemetry-gateway/preview/2023-04-14/client/consul_telemetry_service"
 	"github.com/hashicorp/hcp-sdk-go/clients/cloud-consul-telemetry-gateway/preview/2023-04-14/models"
-	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 )
 
-func TestFetchTelemetryConfig(t *testing.T) {
-	t.Parallel()
-	for name, test := range map[string]struct {
-		metricsEndpoint string
-		expect          func(*MockClient)
-		disabled        bool
-	}{
-		"success": {
-			expect: func(mockClient *MockClient) {
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(&TelemetryConfig{
-					Endpoint: "https://test.com",
-					MetricsConfig: &MetricsConfig{
-						Endpoint: "",
-					},
-				}, nil)
-			},
-			metricsEndpoint: "https://test.com/v1/metrics",
-		},
-		"overrideMetricsEndpoint": {
-			expect: func(mockClient *MockClient) {
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(&TelemetryConfig{
-					Endpoint: "https://test.com",
-					MetricsConfig: &MetricsConfig{
-						Endpoint: "https://test.com",
-					},
-				}, nil)
-			},
-			metricsEndpoint: "https://test.com/v1/metrics",
-		},
-		"disabledWithEmptyEndpoint": {
-			expect: func(mockClient *MockClient) {
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(&TelemetryConfig{
-					Endpoint: "",
-					MetricsConfig: &MetricsConfig{
-						Endpoint: "",
-					},
-				}, nil)
-			},
-			disabled: true,
-		},
-	} {
-		test := test
-		t.Run(name, func(t *testing.T) {
-			t.Parallel()
-
-			mock := NewMockClient(t)
-			test.expect(mock)
-
-			telemetryCfg, err := mock.FetchTelemetryConfig(context.Background())
-			require.NoError(t, err)
-
-			if test.disabled {
-				endpoint, ok := telemetryCfg.Enabled()
-				require.False(t, ok)
-				require.Empty(t, endpoint)
-				return
-			}
+type mockTGW struct {
+	mockResponse *hcptelemetry.AgentTelemetryConfigOK
+	mockError    error
+}
 
-			endpoint, ok := telemetryCfg.Enabled()
+func (m *mockTGW) AgentTelemetryConfig(params *hcptelemetry.AgentTelemetryConfigParams, authInfo runtime.ClientAuthInfoWriter, opts ...hcptelemetry.ClientOption) (*hcptelemetry.AgentTelemetryConfigOK, error) {
+	return m.mockResponse, m.mockError
+}
+func (m *mockTGW) GetLabelValues(params *hcptelemetry.GetLabelValuesParams, authInfo runtime.ClientAuthInfoWriter, opts ...hcptelemetry.ClientOption) (*hcptelemetry.GetLabelValuesOK, error) {
+	return hcptelemetry.NewGetLabelValuesOK(), nil
+}
+func (m *mockTGW) QueryRangeBatch(params *hcptelemetry.QueryRangeBatchParams, authInfo runtime.ClientAuthInfoWriter, opts ...hcptelemetry.ClientOption) (*hcptelemetry.QueryRangeBatchOK, error) {
+	return hcptelemetry.NewQueryRangeBatchOK(), nil
+}
+func (m *mockTGW) SetTransport(transport runtime.ClientTransport) {}
 
-			require.True(t, ok)
-			require.Equal(t, test.metricsEndpoint, endpoint)
-		})
-	}
+type expectedTelemetryCfg struct {
+	endpoint        string
+	labels          map[string]string
+	filters         string
+	refreshInterval time.Duration
 }
 
-func TestConvertTelemetryConfig(t *testing.T) {
+func TestFetchTelemetryConfig(t *testing.T) {
 	t.Parallel()
-	for name, test := range map[string]struct {
-		resp                 *consul_telemetry_service.AgentTelemetryConfigOK
-		expectedTelemetryCfg *TelemetryConfig
-		wantErr              string
+	for name, tc := range map[string]struct {
+		mockResponse *hcptelemetry.AgentTelemetryConfigOK
+		mockError    error
+		wantErr      string
+		expected     *expectedTelemetryCfg
 	}{
-		"success": {
-			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
-				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
-					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{
-						Endpoint: "https://test.com",
-						Labels:   map[string]string{"test": "test"},
-					},
-				},
-			},
-			expectedTelemetryCfg: &TelemetryConfig{
-				Endpoint:      "https://test.com",
-				Labels:        map[string]string{"test": "test"},
-				MetricsConfig: &MetricsConfig{},
+		"errorsWithFetchFailure": {
+			mockError:    fmt.Errorf("failed to fetch from HCP"),
+			mockResponse: nil,
+			wantErr:      "failed to fetch from HCP",
+		},
+		"errorsWithInvalidPayload": {
+			mockResponse: &hcptelemetry.AgentTelemetryConfigOK{
+				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{},
 			},
+			mockError: nil,
+			wantErr:   "invalid response payload",
 		},
-		"successWithMetricsConfig": {
-			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
+		"success:": {
+			mockResponse: &hcptelemetry.AgentTelemetryConfigOK{
 				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
+					RefreshConfig: &models.HashicorpCloudConsulTelemetry20230414RefreshConfig{
+						RefreshInterval: "1s",
+					},
 					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{
 						Endpoint: "https://test.com",
-						Labels:   map[string]string{"test": "test"},
+						Labels:   map[string]string{"test": "123"},
 						Metrics: &models.HashicorpCloudConsulTelemetry20230414TelemetryMetricsConfig{
-							Endpoint:    "https://metrics-test.com",
-							IncludeList: []string{"consul.raft.apply"},
+							IncludeList: []string{"consul", "test"},
 						},
 					},
 				},
 			},
-			expectedTelemetryCfg: &TelemetryConfig{
-				Endpoint: "https://test.com",
-				Labels:   map[string]string{"test": "test"},
-				MetricsConfig: &MetricsConfig{
-					Endpoint: "https://metrics-test.com",
-					Filters:  []string{"consul.raft.apply"},
-				},
-			},
-		},
-		"errorsWithNilPayload": {
-			resp:    &consul_telemetry_service.AgentTelemetryConfigOK{},
-			wantErr: "missing payload",
-		},
-		"errorsWithNilTelemetryConfig": {
-			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
-				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{},
+			expected: &expectedTelemetryCfg{
+				endpoint:        "https://test.com/v1/metrics",
+				labels:          map[string]string{"test": "123"},
+				filters:         "consul|test",
+				refreshInterval: 1 * time.Second,
 			},
-			wantErr: "missing telemetry config",
 		},
 	} {
-		test := test
+		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
-			telemetryCfg, err := convertTelemetryConfig(test.resp)
-			if test.wantErr != "" {
+			c := &hcpClient{
+				tgw: &mockTGW{
+					mockError:    tc.mockError,
+					mockResponse: tc.mockResponse,
+				},
+			}
+
+			telemetryCfg, err := c.FetchTelemetryConfig(context.Background())
+
+			if tc.wantErr != "" {
 				require.Error(t, err)
+				require.Contains(t, err.Error(), tc.wantErr)
 				require.Nil(t, telemetryCfg)
-				require.Contains(t, err.Error(), test.wantErr)
 				return
 			}
 
+			urlEndpoint, err := url.Parse(tc.expected.endpoint)
 			require.NoError(t, err)
-			require.Equal(t, test.expectedTelemetryCfg, telemetryCfg)
-		})
-	}
-}
 
-func Test_DefaultLabels(t *testing.T) {
-	for name, tc := range map[string]struct {
-		cfg            config.CloudConfig
-		expectedLabels map[string]string
-	}{
-		"Success": {
-			cfg: config.CloudConfig{
-				NodeID:   types.NodeID("nodeyid"),
-				NodeName: "nodey",
-			},
-			expectedLabels: map[string]string{
-				"node_id":   "nodeyid",
-				"node_name": "nodey",
-			},
-		},
+			regexFilters, err := regexp.Compile(tc.expected.filters)
+			require.NoError(t, err)
 
-		"NoNodeID": {
-			cfg: config.CloudConfig{
-				NodeID:   types.NodeID(""),
-				NodeName: "nodey",
-			},
-			expectedLabels: map[string]string{
-				"node_name": "nodey",
-			},
-		},
-		"NoNodeName": {
-			cfg: config.CloudConfig{
-				NodeID:   types.NodeID("nodeyid"),
-				NodeName: "",
-			},
-			expectedLabels: map[string]string{
-				"node_id": "nodeyid",
-			},
-		},
-		"Empty": {
-			cfg: config.CloudConfig{
-				NodeID:   "",
-				NodeName: "",
-			},
-			expectedLabels: map[string]string{},
-		},
-	} {
-		t.Run(name, func(t *testing.T) {
-			tCfg := &TelemetryConfig{}
-			labels := tCfg.DefaultLabels(tc.cfg)
-			require.Equal(t, labels, tc.expectedLabels)
+			expectedCfg := &TelemetryConfig{
+				MetricsConfig: &MetricsConfig{
+					Endpoint: urlEndpoint,
+					Filters:  regexFilters,
+					Labels:   tc.expected.labels,
+				},
+				RefreshConfig: &RefreshConfig{
+					RefreshInterval: tc.expected.refreshInterval,
+				},
+			}
+
+			require.NoError(t, err)
+			require.Equal(t, expectedCfg, telemetryCfg)
 		})
 	}
 }
diff --git a/agent/hcp/client/metrics_client.go b/agent/hcp/client/metrics_client.go
index 0bcb90b81ce2..3c5b5c4fb9d6 100644
--- a/agent/hcp/client/metrics_client.go
+++ b/agent/hcp/client/metrics_client.go
@@ -18,6 +18,7 @@ import (
 	"golang.org/x/oauth2"
 	"google.golang.org/protobuf/proto"
 
+	"github.com/hashicorp/consul/agent/hcp/telemetry"
 	"github.com/hashicorp/consul/version"
 )
 
@@ -38,11 +39,6 @@ const (
 	defaultErrRespBodyLength = 100
 )
 
-// MetricsClient exports Consul metrics in OTLP format to the HCP Telemetry Gateway.
-type MetricsClient interface {
-	ExportMetrics(ctx context.Context, protoMetrics *metricpb.ResourceMetrics, endpoint string) error
-}
-
 // cloudConfig represents cloud config for TLS abstracted in an interface for easy testing.
 type CloudConfig interface {
 	HCPConfig(opts ...hcpcfg.HCPConfigOption) (hcpcfg.HCPConfig, error)
@@ -58,7 +54,7 @@ type otlpClient struct {
 
 // NewMetricsClient returns a configured MetricsClient.
 // The current implementation uses otlpClient to provide retry functionality.
-func NewMetricsClient(ctx context.Context, cfg CloudConfig) (MetricsClient, error) {
+func NewMetricsClient(ctx context.Context, cfg CloudConfig) (telemetry.MetricsClient, error) {
 	if cfg == nil {
 		return nil, fmt.Errorf("failed to init telemetry client: provide valid cloudCfg (Cloud Configuration for TLS)")
 	}
diff --git a/agent/hcp/client/mock_metrics_client.go b/agent/hcp/client/mock_metrics_client.go
deleted file mode 100644
index a30b1f1c62c0..000000000000
--- a/agent/hcp/client/mock_metrics_client.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package client
-
-type MockMetricsClient struct {
-	MetricsClient
-}
diff --git a/agent/hcp/client/telemetry_config.go b/agent/hcp/client/telemetry_config.go
new file mode 100644
index 000000000000..55c226438030
--- /dev/null
+++ b/agent/hcp/client/telemetry_config.go
@@ -0,0 +1,176 @@
+package client
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/url"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/go-hclog"
+	hcptelemetry "github.com/hashicorp/hcp-sdk-go/clients/cloud-consul-telemetry-gateway/preview/2023-04-14/client/consul_telemetry_service"
+
+	"github.com/hashicorp/consul/agent/hcp/config"
+)
+
+var (
+	// defaultMetricFilters is a regex that matches all metric names.
+	defaultMetricFilters = regexp.MustCompile(".+")
+
+	// Validation errors for AgentTelemetryConfigOK response.
+	errMissingPayload         = errors.New("missing payload")
+	errMissingTelemetryConfig = errors.New("missing telemetry config")
+	errMissingRefreshConfig   = errors.New("missing refresh config")
+	errMissingMetricsConfig   = errors.New("missing metrics config")
+	errInvalidRefreshInterval = errors.New("invalid refresh interval")
+	errInvalidEndpoint        = errors.New("invalid metrics endpoint")
+)
+
+// TelemetryConfig contains configuration for telemetry data forwarded by Consul servers
+// to the HCP Telemetry gateway.
+type TelemetryConfig struct {
+	MetricsConfig *MetricsConfig
+	RefreshConfig *RefreshConfig
+}
+
+// MetricsConfig holds metrics specific configuration within TelemetryConfig.
+type MetricsConfig struct {
+	Labels   map[string]string
+	Filters  *regexp.Regexp
+	Endpoint *url.URL
+}
+
+// RefreshConfig contains configuration for the periodic fetch of configuration from HCP.
+type RefreshConfig struct {
+	RefreshInterval time.Duration
+}
+
+// MetricsEnabled returns true if metrics export is enabled, i.e. a valid metrics endpoint exists.
+func (t *TelemetryConfig) MetricsEnabled() bool {
+	return t.MetricsConfig.Endpoint != nil
+}
+
+// validateAgentTelemetryConfigPayload ensures the returned payload from HCP is valid.
+func validateAgentTelemetryConfigPayload(resp *hcptelemetry.AgentTelemetryConfigOK) error {
+	if resp.Payload == nil {
+		return errMissingPayload
+	}
+
+	if resp.Payload.TelemetryConfig == nil {
+		return errMissingTelemetryConfig
+	}
+
+	if resp.Payload.RefreshConfig == nil {
+		return errMissingRefreshConfig
+	}
+
+	if resp.Payload.TelemetryConfig.Metrics == nil {
+		return errMissingMetricsConfig
+	}
+
+	return nil
+}
+
+// convertAgentTelemetryResponse converts an AgentTelemetryConfig payload into a TelemetryConfig object.
+func convertAgentTelemetryResponse(ctx context.Context, resp *hcptelemetry.AgentTelemetryConfigOK, cfg config.CloudConfig) (*TelemetryConfig, error) {
+	refreshInterval, err := time.ParseDuration(resp.Payload.RefreshConfig.RefreshInterval)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %w", errInvalidRefreshInterval, err)
+	}
+
+	telemetryConfig := resp.Payload.TelemetryConfig
+	metricsEndpoint, err := convertMetricEndpoint(telemetryConfig.Endpoint, telemetryConfig.Metrics.Endpoint)
+	if err != nil {
+		return nil, errInvalidEndpoint
+	}
+
+	metricsFilters := convertMetricFilters(ctx, telemetryConfig.Metrics.IncludeList)
+	metricLabels := convertMetricLabels(telemetryConfig.Labels, cfg)
+
+	return &TelemetryConfig{
+		MetricsConfig: &MetricsConfig{
+			Endpoint: metricsEndpoint,
+			Labels:   metricLabels,
+			Filters:  metricsFilters,
+		},
+		RefreshConfig: &RefreshConfig{
+			RefreshInterval: refreshInterval,
+		},
+	}, nil
+}
+
+// convertMetricEndpoint returns a url for the export of metrics, if a valid endpoint was obtained.
+// It returns no error, and no url, if an empty endpoint is retrieved (server not registered with CCM).
+// It returns an error, and no url, if a bad endpoint is retrieved.
+func convertMetricEndpoint(telemetryEndpoint string, metricsEndpoint string) (*url.URL, error) {
+	// Telemetry endpoint overriden by metrics specific endpoint, if given.
+	endpoint := telemetryEndpoint
+	if metricsEndpoint != "" {
+		endpoint = metricsEndpoint
+	}
+
+	// If endpoint is empty, server not registered with CCM, no error returned.
+	if endpoint == "" {
+		return nil, nil
+	}
+
+	// Endpoint from CTW has no metrics path, so it must be added.
+	rawUrl := endpoint + metricsGatewayPath
+	u, err := url.ParseRequestURI(rawUrl)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %w", errInvalidEndpoint, err)
+	}
+
+	return u, nil
+}
+
+// convertMetricFilters returns a valid regex used to filter metrics.
+// if invalid filters are given, a defaults regex that allow all metrics is returned.
+func convertMetricFilters(ctx context.Context, payloadFilters []string) *regexp.Regexp {
+	logger := hclog.FromContext(ctx)
+	validFilters := make([]string, 0, len(payloadFilters))
+	for _, filter := range payloadFilters {
+		_, err := regexp.Compile(filter)
+		if err != nil {
+			logger.Error("invalid filter", "error", err)
+			continue
+		}
+		validFilters = append(validFilters, filter)
+	}
+
+	if len(validFilters) == 0 {
+		logger.Error("no valid filters")
+		return defaultMetricFilters
+	}
+
+	// Combine the valid regex strings with OR.
+	finalRegex := strings.Join(validFilters, "|")
+	composedRegex, err := regexp.Compile(finalRegex)
+	if err != nil {
+		logger.Error("failed to compile final regex", "error", err)
+		return defaultMetricFilters
+	}
+
+	return composedRegex
+}
+
+// convertMetricLabels returns a set of <key, value> string pairs that must be added as attributes to all exported telemetry data.
+func convertMetricLabels(payloadLabels map[string]string, cfg config.CloudConfig) map[string]string {
+	labels := make(map[string]string)
+	nodeID := string(cfg.NodeID)
+	if nodeID != "" {
+		labels["node_id"] = nodeID
+	}
+
+	if cfg.NodeName != "" {
+		labels["node_name"] = cfg.NodeName
+	}
+
+	for k, v := range payloadLabels {
+		labels[k] = v
+	}
+
+	return labels
+}
diff --git a/agent/hcp/client/telemetry_config_test.go b/agent/hcp/client/telemetry_config_test.go
new file mode 100644
index 000000000000..42d3ee649802
--- /dev/null
+++ b/agent/hcp/client/telemetry_config_test.go
@@ -0,0 +1,377 @@
+package client
+
+import (
+	"context"
+	"net/url"
+	"regexp"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/hcp-sdk-go/clients/cloud-consul-telemetry-gateway/preview/2023-04-14/client/consul_telemetry_service"
+	"github.com/hashicorp/hcp-sdk-go/clients/cloud-consul-telemetry-gateway/preview/2023-04-14/models"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/agent/hcp/config"
+	"github.com/hashicorp/consul/types"
+)
+
+func TestValidateAgentTelemetryConfigPayload(t *testing.T) {
+	t.Parallel()
+	for name, tc := range map[string]struct {
+		resp    *consul_telemetry_service.AgentTelemetryConfigOK
+		wantErr error
+	}{
+		"errorsWithNilPayload": {
+			resp:    &consul_telemetry_service.AgentTelemetryConfigOK{},
+			wantErr: errMissingPayload,
+		},
+		"errorsWithNilTelemetryConfig": {
+			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
+				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
+					RefreshConfig: &models.HashicorpCloudConsulTelemetry20230414RefreshConfig{},
+				},
+			},
+			wantErr: errMissingTelemetryConfig,
+		},
+		"errorsWithNilRefreshConfig": {
+			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
+				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
+					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{},
+				},
+			},
+			wantErr: errMissingRefreshConfig,
+		},
+		"errorsWithNilMetricsConfig": {
+			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
+				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
+					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{},
+					RefreshConfig:   &models.HashicorpCloudConsulTelemetry20230414RefreshConfig{},
+				},
+			},
+			wantErr: errMissingMetricsConfig,
+		},
+		"success": {
+			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
+				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
+					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{
+						Metrics: &models.HashicorpCloudConsulTelemetry20230414TelemetryMetricsConfig{},
+					},
+					RefreshConfig: &models.HashicorpCloudConsulTelemetry20230414RefreshConfig{},
+				},
+			},
+		},
+	} {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			err := validateAgentTelemetryConfigPayload(tc.resp)
+			if tc.wantErr != nil {
+				require.ErrorIs(t, err, tc.wantErr)
+				return
+			}
+			require.NoError(t, err)
+		})
+	}
+}
+
+func TestConvertAgentTelemetryResponse(t *testing.T) {
+	validTestURL, err := url.Parse("https://test.com/v1/metrics")
+	require.NoError(t, err)
+
+	validTestFilters, err := regexp.Compile("test|consul")
+	require.NoError(t, err)
+
+	for name, tc := range map[string]struct {
+		resp                 *consul_telemetry_service.AgentTelemetryConfigOK
+		expectedTelemetryCfg *TelemetryConfig
+		wantErr              error
+		expectedEnabled      bool
+	}{
+		"success": {
+			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
+				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
+					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{
+						Endpoint: "https://test.com",
+						Labels:   map[string]string{"test": "test"},
+						Metrics: &models.HashicorpCloudConsulTelemetry20230414TelemetryMetricsConfig{
+							IncludeList: []string{"test", "consul"},
+						},
+					},
+					RefreshConfig: &models.HashicorpCloudConsulTelemetry20230414RefreshConfig{
+						RefreshInterval: "2s",
+					},
+				},
+			},
+			expectedTelemetryCfg: &TelemetryConfig{
+				MetricsConfig: &MetricsConfig{
+					Endpoint: validTestURL,
+					Labels:   map[string]string{"test": "test"},
+					Filters:  validTestFilters,
+				},
+				RefreshConfig: &RefreshConfig{
+					RefreshInterval: 2 * time.Second,
+				},
+			},
+			expectedEnabled: true,
+		},
+		"successNoEndpoint": {
+			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
+				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
+					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{
+						Endpoint: "",
+						Labels:   map[string]string{"test": "test"},
+						Metrics: &models.HashicorpCloudConsulTelemetry20230414TelemetryMetricsConfig{
+							IncludeList: []string{"test", "consul"},
+						},
+					},
+					RefreshConfig: &models.HashicorpCloudConsulTelemetry20230414RefreshConfig{
+						RefreshInterval: "2s",
+					},
+				},
+			},
+			expectedTelemetryCfg: &TelemetryConfig{
+				MetricsConfig: &MetricsConfig{
+					Endpoint: nil,
+					Labels:   map[string]string{"test": "test"},
+					Filters:  validTestFilters,
+				},
+				RefreshConfig: &RefreshConfig{
+					RefreshInterval: 2 * time.Second,
+				},
+			},
+			expectedEnabled: false,
+		},
+		"successBadFilters": {
+			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
+				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
+					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{
+						Endpoint: "https://test.com",
+						Labels:   map[string]string{"test": "test"},
+						Metrics: &models.HashicorpCloudConsulTelemetry20230414TelemetryMetricsConfig{
+							IncludeList: []string{"[", "(*LF)"},
+						},
+					},
+					RefreshConfig: &models.HashicorpCloudConsulTelemetry20230414RefreshConfig{
+						RefreshInterval: "2s",
+					},
+				},
+			},
+			expectedTelemetryCfg: &TelemetryConfig{
+				MetricsConfig: &MetricsConfig{
+					Endpoint: validTestURL,
+					Labels:   map[string]string{"test": "test"},
+					Filters:  defaultMetricFilters,
+				},
+				RefreshConfig: &RefreshConfig{
+					RefreshInterval: 2 * time.Second,
+				},
+			},
+			expectedEnabled: true,
+		},
+		"errorsWithInvalidRefreshInterval": {
+			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
+				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
+					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{
+						Metrics: &models.HashicorpCloudConsulTelemetry20230414TelemetryMetricsConfig{},
+					},
+					RefreshConfig: &models.HashicorpCloudConsulTelemetry20230414RefreshConfig{
+						RefreshInterval: "300ws",
+					},
+				},
+			},
+			wantErr: errInvalidRefreshInterval,
+		},
+		"errorsWithInvalidEndpoint": {
+			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
+				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
+					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{
+						Metrics: &models.HashicorpCloudConsulTelemetry20230414TelemetryMetricsConfig{
+							Endpoint: "     ",
+						},
+					},
+					RefreshConfig: &models.HashicorpCloudConsulTelemetry20230414RefreshConfig{
+						RefreshInterval: "1s",
+					},
+				},
+			},
+			wantErr: errInvalidEndpoint,
+		},
+	} {
+		t.Run(name, func(t *testing.T) {
+			telemetryCfg, err := convertAgentTelemetryResponse(context.Background(), tc.resp, config.CloudConfig{})
+			if tc.wantErr != nil {
+				require.ErrorIs(t, err, tc.wantErr)
+				require.Nil(t, telemetryCfg)
+				return
+			}
+			require.NoError(t, err)
+			require.Equal(t, tc.expectedTelemetryCfg, telemetryCfg)
+			require.Equal(t, tc.expectedEnabled, telemetryCfg.MetricsEnabled())
+		})
+	}
+}
+
+func TestConvertMetricEndpoint(t *testing.T) {
+	t.Parallel()
+	for name, tc := range map[string]struct {
+		endpoint string
+		override string
+		expected string
+		wantErr  error
+	}{
+		"success": {
+			endpoint: "https://test.com",
+			expected: "https://test.com/v1/metrics",
+		},
+		"successMetricsOverride": {
+			endpoint: "https://test.com",
+			override: "https://override.com",
+			expected: "https://override.com/v1/metrics",
+		},
+		"noErrorWithEmptyEndpoints": {
+			endpoint: "",
+			override: "",
+			expected: "",
+		},
+		"errorWithInvalidURL": {
+			endpoint: "     ",
+			override: "",
+			wantErr:  errInvalidEndpoint,
+		},
+	} {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			u, err := convertMetricEndpoint(tc.endpoint, tc.override)
+			if tc.wantErr != nil {
+				require.ErrorIs(t, err, tc.wantErr)
+				require.Empty(t, u)
+				return
+			}
+
+			if tc.expected == "" {
+				require.Nil(t, u)
+				require.NoError(t, err)
+				return
+			}
+
+			require.NotNil(t, u)
+			require.NoError(t, err)
+			require.Equal(t, tc.expected, u.String())
+		})
+	}
+
+}
+
+func TestConvertMetricFilters(t *testing.T) {
+	t.Parallel()
+	for name, tc := range map[string]struct {
+		filters             []string
+		expectedRegexString string
+		matches             []string
+		wantErr             string
+		wantMatch           bool
+	}{
+		"badFilterRegex": {
+			filters:             []string{"(*LF)"},
+			expectedRegexString: defaultMetricFilters.String(),
+			matches:             []string{"consul.raft.peers", "consul.mem.heap_size"},
+			wantMatch:           true,
+		},
+		"emptyRegex": {
+			filters:             []string{},
+			expectedRegexString: defaultMetricFilters.String(),
+			matches:             []string{"consul.raft.peers", "consul.mem.heap_size"},
+			wantMatch:           true,
+		},
+		"matchFound": {
+			filters:             []string{"raft.*", "mem.*"},
+			expectedRegexString: "raft.*|mem.*",
+			matches:             []string{"consul.raft.peers", "consul.mem.heap_size"},
+			wantMatch:           true,
+		},
+		"matchNotFound": {
+			filters:             []string{"mem.*"},
+			matches:             []string{"consul.raft.peers", "consul.txn.apply"},
+			expectedRegexString: "mem.*",
+			wantMatch:           false,
+		},
+	} {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			f := convertMetricFilters(context.Background(), tc.filters)
+
+			require.Equal(t, tc.expectedRegexString, f.String())
+			for _, metric := range tc.matches {
+				m := f.MatchString(metric)
+				require.Equal(t, tc.wantMatch, m)
+			}
+		})
+	}
+}
+
+func TestConvertMetricLabels(t *testing.T) {
+	t.Parallel()
+	for name, tc := range map[string]struct {
+		payloadLabels  map[string]string
+		cfg            config.CloudConfig
+		expectedLabels map[string]string
+	}{
+		"Success": {
+			payloadLabels: map[string]string{
+				"ctw_label": "test",
+			},
+			cfg: config.CloudConfig{
+				NodeID:   types.NodeID("nodeyid"),
+				NodeName: "nodey",
+			},
+			expectedLabels: map[string]string{
+				"ctw_label": "test",
+				"node_id":   "nodeyid",
+				"node_name": "nodey",
+			},
+		},
+
+		"NoNodeID": {
+			payloadLabels: map[string]string{
+				"ctw_label": "test",
+			},
+			cfg: config.CloudConfig{
+				NodeID:   types.NodeID(""),
+				NodeName: "nodey",
+			},
+			expectedLabels: map[string]string{
+				"ctw_label": "test",
+				"node_name": "nodey",
+			},
+		},
+		"NoNodeName": {
+			payloadLabels: map[string]string{
+				"ctw_label": "test",
+			},
+			cfg: config.CloudConfig{
+				NodeID:   types.NodeID("nodeyid"),
+				NodeName: "",
+			},
+			expectedLabels: map[string]string{
+				"ctw_label": "test",
+				"node_id":   "nodeyid",
+			},
+		},
+		"Empty": {
+			cfg: config.CloudConfig{
+				NodeID:   "",
+				NodeName: "",
+			},
+			expectedLabels: map[string]string{},
+		},
+	} {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			labels := convertMetricLabels(tc.payloadLabels, tc.cfg)
+			require.Equal(t, labels, tc.expectedLabels)
+		})
+	}
+}
diff --git a/agent/hcp/deps.go b/agent/hcp/deps.go
index e3e83dec9657..0d52c7b54ea5 100644
--- a/agent/hcp/deps.go
+++ b/agent/hcp/deps.go
@@ -6,7 +6,6 @@ package hcp
 import (
 	"context"
 	"fmt"
-	"net/url"
 	"time"
 
 	"github.com/armon/go-metrics"
@@ -44,7 +43,11 @@ func NewDeps(cfg config.CloudConfig, logger hclog.Logger) (Deps, error) {
 		return Deps{}, fmt.Errorf("failed to init metrics client: %w", err)
 	}
 
-	sink := sink(ctx, client, metricsClient, cfg)
+	sink, err := sink(ctx, client, metricsClient)
+	if err != nil {
+		// Do not prevent server start if sink init fails, only log error.
+		logger.Error("failed to init sink", "error", err)
+	}
 
 	return Deps{
 		Client:   client,
@@ -53,50 +56,44 @@ func NewDeps(cfg config.CloudConfig, logger hclog.Logger) (Deps, error) {
 	}, nil
 }
 
-// sink provides initializes an OTELSink which forwards Consul metrics to HCP.
+// sink initializes an OTELSink which forwards Consul metrics to HCP.
 // The sink is only initialized if the server is registered with the management plane (CCM).
-// This step should not block server initialization, so errors are logged, but not returned.
+// This step should not block server initialization, errors are returned, only to be logged.
 func sink(
 	ctx context.Context,
 	hcpClient hcpclient.Client,
-	metricsClient hcpclient.MetricsClient,
-	cfg config.CloudConfig,
-) metrics.MetricSink {
+	metricsClient telemetry.MetricsClient,
+) (metrics.MetricSink, error) {
 	logger := hclog.FromContext(ctx).Named("sink")
 	reqCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
 	defer cancel()
 
 	telemetryCfg, err := hcpClient.FetchTelemetryConfig(reqCtx)
 	if err != nil {
-		logger.Error("failed to fetch telemetry config", "error", err)
-		return nil
+		return nil, fmt.Errorf("failed to fetch telemetry config: %w", err)
 	}
 
-	endpoint, isEnabled := telemetryCfg.Enabled()
-	if !isEnabled {
-		return nil
+	if !telemetryCfg.MetricsEnabled() {
+		return nil, nil
 	}
 
-	u, err := url.Parse(endpoint)
+	cfgProvider, err := NewHCPProvider(ctx, hcpClient, telemetryCfg)
 	if err != nil {
-		logger.Error("failed to parse url endpoint", "error", err)
-		return nil
+		return nil, fmt.Errorf("failed to init config provider: %w", err)
 	}
 
+	reader := telemetry.NewOTELReader(metricsClient, cfgProvider, telemetry.DefaultExportInterval)
 	sinkOpts := &telemetry.OTELSinkOpts{
-		Ctx:     ctx,
-		Reader:  telemetry.NewOTELReader(metricsClient, u, telemetry.DefaultExportInterval),
-		Labels:  telemetryCfg.DefaultLabels(cfg),
-		Filters: telemetryCfg.MetricsConfig.Filters,
+		Reader:         reader,
+		ConfigProvider: cfgProvider,
 	}
 
-	sink, err := telemetry.NewOTELSink(sinkOpts)
+	sink, err := telemetry.NewOTELSink(ctx, sinkOpts)
 	if err != nil {
-		logger.Error("failed to init OTEL sink", "error", err)
-		return nil
+		return nil, fmt.Errorf("failed create OTELSink: %w", err)
 	}
 
 	logger.Debug("initialized HCP metrics sink")
 
-	return sink
+	return sink, nil
 }
diff --git a/agent/hcp/deps_test.go b/agent/hcp/deps_test.go
index 9a90c26d50ad..8bab66bac3f3 100644
--- a/agent/hcp/deps_test.go
+++ b/agent/hcp/deps_test.go
@@ -3,98 +3,97 @@ package hcp
 import (
 	"context"
 	"fmt"
+	"net/url"
+	"regexp"
 	"testing"
+	"time"
 
-	"github.com/hashicorp/consul/agent/hcp/config"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 
 	"github.com/hashicorp/consul/agent/hcp/client"
-	"github.com/hashicorp/consul/types"
+	"github.com/hashicorp/consul/agent/hcp/telemetry"
 )
 
+type mockMetricsClient struct {
+	telemetry.MetricsClient
+}
+
 func TestSink(t *testing.T) {
 	t.Parallel()
 	for name, test := range map[string]struct {
 		expect       func(*client.MockClient)
-		cloudCfg     config.CloudConfig
+		wantErr      string
 		expectedSink bool
 	}{
 		"success": {
 			expect: func(mockClient *client.MockClient) {
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(&client.TelemetryConfig{
-					Endpoint: "https://test.com",
-					MetricsConfig: &client.MetricsConfig{
-						Endpoint: "https://test.com",
-					},
-				}, nil)
-			},
-			cloudCfg: config.CloudConfig{
-				NodeID:   types.NodeID("nodeyid"),
-				NodeName: "nodey",
+				u, _ := url.Parse("https://test.com/v1/metrics")
+				filters, _ := regexp.Compile("test")
+				mt := mockTelemetryConfig(1*time.Second, u, filters)
+				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mt, nil)
 			},
 			expectedSink: true,
 		},
-		"noSinkWhenServerNotRegisteredWithCCM": {
-			expect: func(mockClient *client.MockClient) {
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(&client.TelemetryConfig{
-					Endpoint: "",
-					MetricsConfig: &client.MetricsConfig{
-						Endpoint: "",
-					},
-				}, nil)
-			},
-			cloudCfg: config.CloudConfig{},
-		},
-		"noSinkWhenCCMVerificationFails": {
+		"noSinkWhenFetchTelemetryConfigFails": {
 			expect: func(mockClient *client.MockClient) {
 				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, fmt.Errorf("fetch failed"))
 			},
-			cloudCfg: config.CloudConfig{},
+			wantErr: "failed to fetch telemetry config",
 		},
-		"failsWithFetchTelemetryFailure": {
-			expect: func(mockClient *client.MockClient) {
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, fmt.Errorf("FetchTelemetryConfig error"))
-			},
-		},
-		"failsWithURLParseErr": {
+		"noSinkWhenServerNotRegisteredWithCCM": {
 			expect: func(mockClient *client.MockClient) {
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(&client.TelemetryConfig{
-					// Minimum 2 chars for a domain to be valid.
-					Endpoint: "s",
-					MetricsConfig: &client.MetricsConfig{
-						// Invalid domain chars
-						Endpoint: "			",
-					},
-				}, nil)
+				mt := mockTelemetryConfig(1*time.Second, nil, nil)
+				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mt, nil)
 			},
 		},
-		"noErrWithEmptyEndpoint": {
+		"noSinkWhenTelemetryConfigProviderInitFails": {
 			expect: func(mockClient *client.MockClient) {
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(&client.TelemetryConfig{
-					Endpoint: "",
-					MetricsConfig: &client.MetricsConfig{
-						Endpoint: "",
-					},
-				}, nil)
+				u, _ := url.Parse("https://test.com/v1/metrics")
+				// Bad refresh interval forces ConfigProvider creation failure.
+				mt := mockTelemetryConfig(0*time.Second, u, nil)
+				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mt, nil)
 			},
+			wantErr: "failed to init config provider",
 		},
 	} {
 		test := test
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			c := client.NewMockClient(t)
-			mc := client.MockMetricsClient{}
+			mc := mockMetricsClient{}
 
 			test.expect(c)
 			ctx := context.Background()
 
-			s := sink(ctx, c, mc, test.cloudCfg)
+			s, err := sink(ctx, c, mc)
+
+			if test.wantErr != "" {
+				require.NotNil(t, err)
+				require.Contains(t, err.Error(), test.wantErr)
+				require.Nil(t, s)
+				return
+			}
+
 			if !test.expectedSink {
 				require.Nil(t, s)
+				require.Nil(t, err)
 				return
 			}
+
 			require.NotNil(t, s)
 		})
 	}
 }
+
+func mockTelemetryConfig(refreshInterval time.Duration, metricsEndpoint *url.URL, filters *regexp.Regexp) *client.TelemetryConfig {
+	return &client.TelemetryConfig{
+		MetricsConfig: &client.MetricsConfig{
+			Endpoint: metricsEndpoint,
+			Filters:  filters,
+		},
+		RefreshConfig: &client.RefreshConfig{
+			RefreshInterval: refreshInterval,
+		},
+	}
+}
diff --git a/agent/hcp/manager_test.go b/agent/hcp/manager_test.go
index 4a3bdf582c49..48ace166618b 100644
--- a/agent/hcp/manager_test.go
+++ b/agent/hcp/manager_test.go
@@ -58,7 +58,11 @@ func TestManager_SendUpdate(t *testing.T) {
 		StatusFn: statusF,
 	})
 	mgr.testUpdateSent = updateCh
-	go mgr.Run(context.Background())
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	go mgr.Run(ctx)
 	select {
 	case <-updateCh:
 	case <-time.After(time.Second):
@@ -90,7 +94,11 @@ func TestManager_SendUpdate_Periodic(t *testing.T) {
 		MinInterval: 100 * time.Millisecond,
 	})
 	mgr.testUpdateSent = updateCh
-	go mgr.Run(context.Background())
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	go mgr.Run(ctx)
 	select {
 	case <-updateCh:
 	case <-time.After(time.Second):
diff --git a/agent/hcp/telemetry/custom_metrics.go b/agent/hcp/telemetry/custom_metrics.go
index 746dc56cbe41..d691dccde207 100644
--- a/agent/hcp/telemetry/custom_metrics.go
+++ b/agent/hcp/telemetry/custom_metrics.go
@@ -6,7 +6,7 @@ package telemetry
 var (
 	internalMetricTransformFailure []string = []string{"hcp", "otel", "transform", "failure"}
 
-	internalMetricExportSuccess []string = []string{"hcp", "otel", "exporter", "export", "sucess"}
+	internalMetricExportSuccess []string = []string{"hcp", "otel", "exporter", "export", "success"}
 	internalMetricExportFailure []string = []string{"hcp", "otel", "exporter", "export", "failure"}
 
 	internalMetricExporterShutdown   []string = []string{"hcp", "otel", "exporter", "shutdown"}
diff --git a/agent/hcp/telemetry/filter.go b/agent/hcp/telemetry/filter.go
deleted file mode 100644
index 54dca7d44aef..000000000000
--- a/agent/hcp/telemetry/filter.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package telemetry
-
-import (
-	"fmt"
-	"regexp"
-	"strings"
-
-	"github.com/hashicorp/go-multierror"
-)
-
-// newFilterRegex returns a valid regex used to filter metrics.
-// It will fail if there are 0 valid regex filters given.
-func newFilterRegex(filters []string) (*regexp.Regexp, error) {
-	var mErr error
-	validFilters := make([]string, 0, len(filters))
-	for _, filter := range filters {
-		_, err := regexp.Compile(filter)
-		if err != nil {
-			mErr = multierror.Append(mErr, fmt.Errorf("compilation of filter %q failed: %w", filter, err))
-			continue
-		}
-		validFilters = append(validFilters, filter)
-	}
-
-	if len(validFilters) == 0 {
-		return nil, multierror.Append(mErr, fmt.Errorf("no valid filters"))
-	}
-
-	// Combine the valid regex strings with an OR.
-	finalRegex := strings.Join(validFilters, "|")
-	composedRegex, err := regexp.Compile(finalRegex)
-	if err != nil {
-		return nil, fmt.Errorf("failed to compile regex: %w", err)
-	}
-
-	return composedRegex, nil
-}
diff --git a/agent/hcp/telemetry/filter_test.go b/agent/hcp/telemetry/filter_test.go
deleted file mode 100644
index abe962f4cd47..000000000000
--- a/agent/hcp/telemetry/filter_test.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package telemetry
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestFilter(t *testing.T) {
-	t.Parallel()
-	for name, tc := range map[string]struct {
-		filters             []string
-		expectedRegexString string
-		matches             []string
-		wantErr             string
-		wantMatch           bool
-	}{
-		"badFilterRegex": {
-			filters: []string{"(*LF)"},
-			wantErr: "no valid filters",
-		},
-		"failsWithNoRegex": {
-			filters: []string{},
-			wantErr: "no valid filters",
-		},
-		"matchFound": {
-			filters:             []string{"raft.*", "mem.*"},
-			expectedRegexString: "raft.*|mem.*",
-			matches:             []string{"consul.raft.peers", "consul.mem.heap_size"},
-			wantMatch:           true,
-		},
-		"matchNotFound": {
-			filters:             []string{"mem.*"},
-			matches:             []string{"consul.raft.peers", "consul.txn.apply"},
-			expectedRegexString: "mem.*",
-			wantMatch:           false,
-		},
-	} {
-		tc := tc
-		t.Run(name, func(t *testing.T) {
-			t.Parallel()
-			f, err := newFilterRegex(tc.filters)
-
-			if tc.wantErr != "" {
-				require.Error(t, err)
-				require.Contains(t, err.Error(), tc.wantErr)
-				return
-			}
-
-			require.NoError(t, err)
-			require.Equal(t, tc.expectedRegexString, f.String())
-			for _, metric := range tc.matches {
-				m := f.MatchString(metric)
-				require.Equal(t, tc.wantMatch, m)
-			}
-		})
-	}
-}
diff --git a/agent/hcp/telemetry/otel_exporter.go b/agent/hcp/telemetry/otel_exporter.go
index 76c8f5b000b5..084657816e0c 100644
--- a/agent/hcp/telemetry/otel_exporter.go
+++ b/agent/hcp/telemetry/otel_exporter.go
@@ -9,23 +9,34 @@ import (
 	"go.opentelemetry.io/otel/sdk/metric"
 	"go.opentelemetry.io/otel/sdk/metric/aggregation"
 	"go.opentelemetry.io/otel/sdk/metric/metricdata"
-
-	hcpclient "github.com/hashicorp/consul/agent/hcp/client"
+	metricpb "go.opentelemetry.io/proto/otlp/metrics/v1"
 )
 
+// MetricsClient exports Consul metrics in OTLP format to the desired endpoint.
+type MetricsClient interface {
+	ExportMetrics(ctx context.Context, protoMetrics *metricpb.ResourceMetrics, endpoint string) error
+}
+
+// EndpointProvider provides the endpoint where metrics are exported to by the OTELExporter.
+// EndpointProvider exposes the GetEndpoint() interface method to fetch the endpoint.
+// This abstraction layer offers flexibility, in particular for dynamic configuration or changes to the endpoint.
+type EndpointProvider interface {
+	GetEndpoint() *url.URL
+}
+
 // OTELExporter is a custom implementation of a OTEL Metrics SDK metrics.Exporter.
 // The exporter is used by a OTEL Metrics SDK PeriodicReader to export aggregated metrics.
 // This allows us to use a custom client - HCP authenticated MetricsClient.
 type OTELExporter struct {
-	client   hcpclient.MetricsClient
-	endpoint *url.URL
+	client           MetricsClient
+	endpointProvider EndpointProvider
 }
 
-// NewOTELExporter returns a configured OTELExporter
-func NewOTELExporter(client hcpclient.MetricsClient, endpoint *url.URL) *OTELExporter {
+// NewOTELExporter returns a configured OTELExporter.
+func NewOTELExporter(client MetricsClient, endpointProvider EndpointProvider) *OTELExporter {
 	return &OTELExporter{
-		client:   client,
-		endpoint: endpoint,
+		client:           client,
+		endpointProvider: endpointProvider,
 	}
 }
 
@@ -54,11 +65,17 @@ func (e *OTELExporter) Aggregation(kind metric.InstrumentKind) aggregation.Aggre
 
 // Export serializes and transmits metric data to a receiver.
 func (e *OTELExporter) Export(ctx context.Context, metrics *metricdata.ResourceMetrics) error {
+	endpoint := e.endpointProvider.GetEndpoint()
+	if endpoint == nil {
+		return nil
+	}
+
 	otlpMetrics := transformOTLP(metrics)
 	if isEmpty(otlpMetrics) {
 		return nil
 	}
-	err := e.client.ExportMetrics(ctx, otlpMetrics, e.endpoint.String())
+
+	err := e.client.ExportMetrics(ctx, otlpMetrics, endpoint.String())
 	if err != nil {
 		goMetrics.IncrCounter(internalMetricExportFailure, 1)
 		return fmt.Errorf("failed to export metrics: %w", err)
diff --git a/agent/hcp/telemetry/otel_exporter_test.go b/agent/hcp/telemetry/otel_exporter_test.go
index bc1a626f1c16..53b7bd316094 100644
--- a/agent/hcp/telemetry/otel_exporter_test.go
+++ b/agent/hcp/telemetry/otel_exporter_test.go
@@ -15,8 +15,10 @@ import (
 	"go.opentelemetry.io/otel/sdk/metric/metricdata"
 	"go.opentelemetry.io/otel/sdk/resource"
 	metricpb "go.opentelemetry.io/proto/otlp/metrics/v1"
+)
 
-	"github.com/hashicorp/consul/agent/hcp/client"
+const (
+	testExportEndpoint = "https://test.com/v1/metrics"
 )
 
 type mockMetricsClient struct {
@@ -27,6 +29,12 @@ func (m *mockMetricsClient) ExportMetrics(ctx context.Context, protoMetrics *met
 	return m.exportErr
 }
 
+type mockEndpointProvider struct {
+	endpoint *url.URL
+}
+
+func (m *mockEndpointProvider) GetEndpoint() *url.URL { return m.endpoint }
+
 func TestTemporality(t *testing.T) {
 	t.Parallel()
 	exp := &OTELExporter{}
@@ -64,10 +72,15 @@ func TestAggregation(t *testing.T) {
 func TestExport(t *testing.T) {
 	t.Parallel()
 	for name, test := range map[string]struct {
-		wantErr string
-		metrics *metricdata.ResourceMetrics
-		client  client.MetricsClient
+		wantErr  string
+		metrics  *metricdata.ResourceMetrics
+		client   MetricsClient
+		provider EndpointProvider
 	}{
+		"earlyReturnWithoutEndpoint": {
+			client:   &mockMetricsClient{},
+			provider: &mockEndpointProvider{},
+		},
 		"earlyReturnWithoutScopeMetrics": {
 			client:  &mockMetricsClient{},
 			metrics: mutateMetrics(nil),
@@ -100,7 +113,16 @@ func TestExport(t *testing.T) {
 		test := test
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
-			exp := NewOTELExporter(test.client, &url.URL{})
+			provider := test.provider
+			if provider == nil {
+				u, err := url.Parse(testExportEndpoint)
+				require.NoError(t, err)
+				provider = &mockEndpointProvider{
+					endpoint: u,
+				}
+			}
+
+			exp := NewOTELExporter(test.client, provider)
 
 			err := exp.Export(context.Background(), test.metrics)
 			if test.wantErr != "" {
@@ -119,7 +141,7 @@ func TestExport(t *testing.T) {
 // sets a shared global sink.
 func TestExport_CustomMetrics(t *testing.T) {
 	for name, tc := range map[string]struct {
-		client    client.MetricsClient
+		client    MetricsClient
 		metricKey []string
 		operation string
 	}{
@@ -154,7 +176,12 @@ func TestExport_CustomMetrics(t *testing.T) {
 			metrics.NewGlobal(cfg, sink)
 
 			// Perform operation that emits metric.
-			exp := NewOTELExporter(tc.client, &url.URL{})
+			u, err := url.Parse(testExportEndpoint)
+			require.NoError(t, err)
+
+			exp := NewOTELExporter(tc.client, &mockEndpointProvider{
+				endpoint: u,
+			})
 
 			ctx := context.Background()
 			switch tc.operation {
diff --git a/agent/hcp/telemetry/otel_sink.go b/agent/hcp/telemetry/otel_sink.go
index 39e9aa599cd8..49a6d595076c 100644
--- a/agent/hcp/telemetry/otel_sink.go
+++ b/agent/hcp/telemetry/otel_sink.go
@@ -3,8 +3,7 @@ package telemetry
 import (
 	"bytes"
 	"context"
-	"fmt"
-	"net/url"
+	"errors"
 	"regexp"
 	"strings"
 	"sync"
@@ -16,19 +15,24 @@ import (
 	otelmetric "go.opentelemetry.io/otel/metric"
 	otelsdk "go.opentelemetry.io/otel/sdk/metric"
 	"go.opentelemetry.io/otel/sdk/resource"
-
-	"github.com/hashicorp/consul/agent/hcp/client"
 )
 
 // DefaultExportInterval is a default time interval between export of aggregated metrics.
 const DefaultExportInterval = 10 * time.Second
 
+// ConfigProvider is required to provide custom metrics processing.
+type ConfigProvider interface {
+	// GetLabels should return a set of OTEL attributes added by default all metrics.
+	GetLabels() map[string]string
+	// GetFilters should return filtesr that are required to enable metric processing.
+	// Filters act as an allowlist to collect only the required metrics.
+	GetFilters() *regexp.Regexp
+}
+
 // OTELSinkOpts is used to provide configuration when initializing an OTELSink using NewOTELSink.
 type OTELSinkOpts struct {
-	Reader  otelsdk.Reader
-	Ctx     context.Context
-	Filters []string
-	Labels  map[string]string
+	Reader         otelsdk.Reader
+	ConfigProvider ConfigProvider
 }
 
 // OTELSink captures and aggregates telemetry data as per the OpenTelemetry (OTEL) specification.
@@ -38,7 +42,7 @@ type OTELSink struct {
 	// spaceReplacer cleans the flattened key by removing any spaces.
 	spaceReplacer *strings.Replacer
 	logger        hclog.Logger
-	filters       *regexp.Regexp
+	cfgProvider   ConfigProvider
 
 	// meterProvider is an OTEL MeterProvider, the entrypoint to the OTEL Metrics SDK.
 	// It handles reading/export of aggregated metric data.
@@ -68,45 +72,32 @@ type OTELSink struct {
 // NewOTELReader returns a configured OTEL PeriodicReader to export metrics every X seconds.
 // It configures the reader with a custom OTELExporter with a MetricsClient to transform and export
 // metrics in OTLP format to an external url.
-func NewOTELReader(client client.MetricsClient, url *url.URL, exportInterval time.Duration) otelsdk.Reader {
-	exporter := NewOTELExporter(client, url)
+func NewOTELReader(client MetricsClient, endpointProvider EndpointProvider, exportInterval time.Duration) otelsdk.Reader {
+	exporter := NewOTELExporter(client, endpointProvider)
 	return otelsdk.NewPeriodicReader(exporter, otelsdk.WithInterval(exportInterval))
 }
 
 // NewOTELSink returns a sink which fits the Go Metrics MetricsSink interface.
 // It sets up a MeterProvider and Meter, key pieces of the OTEL Metrics SDK which
 // enable us to create OTEL Instruments to record measurements.
-func NewOTELSink(opts *OTELSinkOpts) (*OTELSink, error) {
+func NewOTELSink(ctx context.Context, opts *OTELSinkOpts) (*OTELSink, error) {
 	if opts.Reader == nil {
-		return nil, fmt.Errorf("ferror: provide valid reader")
+		return nil, errors.New("ferror: provide valid reader")
 	}
 
-	if opts.Ctx == nil {
-		return nil, fmt.Errorf("ferror: provide valid context")
+	if opts.ConfigProvider == nil {
+		return nil, errors.New("ferror: provide valid config provider")
 	}
 
-	logger := hclog.FromContext(opts.Ctx).Named("otel_sink")
-
-	filterList, err := newFilterRegex(opts.Filters)
-	if err != nil {
-		logger.Error("Failed to initialize all filters", "error", err)
-	}
+	logger := hclog.FromContext(ctx).Named("otel_sink")
 
-	attrs := make([]attribute.KeyValue, 0, len(opts.Labels))
-	for k, v := range opts.Labels {
-		kv := attribute.KeyValue{
-			Key:   attribute.Key(k),
-			Value: attribute.StringValue(v),
-		}
-		attrs = append(attrs, kv)
-	}
 	// Setup OTEL Metrics SDK to aggregate, convert and export metrics periodically.
-	res := resource.NewWithAttributes("", attrs...)
+	res := resource.NewSchemaless()
 	meterProvider := otelsdk.NewMeterProvider(otelsdk.WithResource(res), otelsdk.WithReader(opts.Reader))
 	meter := meterProvider.Meter("github.com/hashicorp/consul/agent/hcp/telemetry")
 
 	return &OTELSink{
-		filters:              filterList,
+		cfgProvider:          opts.ConfigProvider,
 		spaceReplacer:        strings.NewReplacer(" ", "_"),
 		logger:               logger,
 		meterProvider:        meterProvider,
@@ -138,12 +129,12 @@ func (o *OTELSink) IncrCounter(key []string, val float32) {
 func (o *OTELSink) SetGaugeWithLabels(key []string, val float32, labels []gometrics.Label) {
 	k := o.flattenKey(key)
 
-	if !o.filters.MatchString(k) {
+	if !o.allowedMetric(k) {
 		return
 	}
 
 	// Set value in global Gauge store.
-	o.gaugeStore.Set(k, float64(val), toAttributes(labels))
+	o.gaugeStore.Set(k, float64(val), o.labelsToAttributes(labels))
 
 	o.mutex.Lock()
 	defer o.mutex.Unlock()
@@ -166,7 +157,7 @@ func (o *OTELSink) SetGaugeWithLabels(key []string, val float32, labels []gometr
 func (o *OTELSink) AddSampleWithLabels(key []string, val float32, labels []gometrics.Label) {
 	k := o.flattenKey(key)
 
-	if !o.filters.MatchString(k) {
+	if !o.allowedMetric(k) {
 		return
 	}
 
@@ -184,7 +175,7 @@ func (o *OTELSink) AddSampleWithLabels(key []string, val float32, labels []gomet
 		o.histogramInstruments[k] = inst
 	}
 
-	attrs := toAttributes(labels)
+	attrs := o.labelsToAttributes(labels)
 	inst.Record(context.TODO(), float64(val), otelmetric.WithAttributes(attrs...))
 }
 
@@ -192,7 +183,7 @@ func (o *OTELSink) AddSampleWithLabels(key []string, val float32, labels []gomet
 func (o *OTELSink) IncrCounterWithLabels(key []string, val float32, labels []gometrics.Label) {
 	k := o.flattenKey(key)
 
-	if !o.filters.MatchString(k) {
+	if !o.allowedMetric(k) {
 		return
 	}
 
@@ -211,7 +202,7 @@ func (o *OTELSink) IncrCounterWithLabels(key []string, val float32, labels []gom
 		o.counterInstruments[k] = inst
 	}
 
-	attrs := toAttributes(labels)
+	attrs := o.labelsToAttributes(labels)
 	inst.Add(context.TODO(), float64(val), otelmetric.WithAttributes(attrs...))
 }
 
@@ -228,17 +219,39 @@ func (o *OTELSink) flattenKey(parts []string) string {
 	return buf.String()
 }
 
-// toAttributes converts go metrics Labels into OTEL format []attributes.KeyValue
-func toAttributes(labels []gometrics.Label) []attribute.KeyValue {
-	if len(labels) == 0 {
-		return nil
+// filter checks the filter allowlist, if it exists, to verify if this metric should be recorded.
+func (o *OTELSink) allowedMetric(key string) bool {
+	if filters := o.cfgProvider.GetFilters(); filters != nil {
+		return filters.MatchString(key)
+	}
+
+	return true
+}
+
+// labelsToAttributes converts go metrics and provider labels into OTEL format []attributes.KeyValue
+func (o *OTELSink) labelsToAttributes(goMetricsLabels []gometrics.Label) []attribute.KeyValue {
+	providerLabels := o.cfgProvider.GetLabels()
+
+	length := len(goMetricsLabels) + len(providerLabels)
+	if length == 0 {
+		return []attribute.KeyValue{}
 	}
-	attrs := make([]attribute.KeyValue, len(labels))
-	for i, label := range labels {
-		attrs[i] = attribute.KeyValue{
+
+	attrs := make([]attribute.KeyValue, 0, length)
+	// Convert provider labels to OTEL attributes.
+	for _, label := range goMetricsLabels {
+		attrs = append(attrs, attribute.KeyValue{
 			Key:   attribute.Key(label.Name),
 			Value: attribute.StringValue(label.Value),
-		}
+		})
+	}
+
+	// Convert provider labels to OTEL attributes.
+	for k, v := range providerLabels {
+		attrs = append(attrs, attribute.KeyValue{
+			Key:   attribute.Key(k),
+			Value: attribute.StringValue(v),
+		})
 	}
 
 	return attrs
diff --git a/agent/hcp/telemetry/otel_sink_test.go b/agent/hcp/telemetry/otel_sink_test.go
index 34127bdf9d77..509dde299d62 100644
--- a/agent/hcp/telemetry/otel_sink_test.go
+++ b/agent/hcp/telemetry/otel_sink_test.go
@@ -3,6 +3,7 @@ package telemetry
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"sort"
 	"strings"
 	"sync"
@@ -16,15 +17,32 @@ import (
 	"go.opentelemetry.io/otel/sdk/resource"
 )
 
+type mockConfigProvider struct {
+	filter *regexp.Regexp
+	labels map[string]string
+}
+
+func (m *mockConfigProvider) GetLabels() map[string]string {
+	return m.labels
+}
+
+func (m *mockConfigProvider) GetFilters() *regexp.Regexp {
+	return m.filter
+}
+
 var (
-	expectedResource = resource.NewWithAttributes("", attribute.KeyValue{
+	expectedResource = resource.NewSchemaless()
+
+	attrs = attribute.NewSet(attribute.KeyValue{
 		Key:   attribute.Key("node_id"),
 		Value: attribute.StringValue("test"),
 	})
-
-	attrs = attribute.NewSet(attribute.KeyValue{
+	attrsWithMetricLabel = attribute.NewSet(attribute.KeyValue{
 		Key:   attribute.Key("metric.label"),
 		Value: attribute.StringValue("test"),
+	}, attribute.KeyValue{
+		Key:   attribute.Key("node_id"),
+		Value: attribute.StringValue("test"),
 	})
 
 	expectedSinkMetrics = map[string]metricdata.Metrics{
@@ -35,7 +53,7 @@ var (
 			Data: metricdata.Gauge[float64]{
 				DataPoints: []metricdata.DataPoint[float64]{
 					{
-						Attributes: *attribute.EmptySet(),
+						Attributes: attrs,
 						Value:      float64(float32(0)),
 					},
 				},
@@ -48,7 +66,7 @@ var (
 			Data: metricdata.Gauge[float64]{
 				DataPoints: []metricdata.DataPoint[float64]{
 					{
-						Attributes: attrs,
+						Attributes: attrsWithMetricLabel,
 						Value:      float64(float32(1.23)),
 					},
 				},
@@ -61,7 +79,7 @@ var (
 			Data: metricdata.Sum[float64]{
 				DataPoints: []metricdata.DataPoint[float64]{
 					{
-						Attributes: *attribute.EmptySet(),
+						Attributes: attrs,
 						Value:      float64(float32(23.23)),
 					},
 				},
@@ -74,7 +92,7 @@ var (
 			Data: metricdata.Sum[float64]{
 				DataPoints: []metricdata.DataPoint[float64]{
 					{
-						Attributes: attrs,
+						Attributes: attrsWithMetricLabel,
 						Value:      float64(float32(1.44)),
 					},
 				},
@@ -87,7 +105,7 @@ var (
 			Data: metricdata.Histogram[float64]{
 				DataPoints: []metricdata.HistogramDataPoint[float64]{
 					{
-						Attributes: *attribute.EmptySet(),
+						Attributes: attrs,
 						Count:      1,
 						Sum:        float64(float32(45.32)),
 						Min:        metricdata.NewExtrema(float64(float32(45.32))),
@@ -103,7 +121,7 @@ var (
 			Data: metricdata.Histogram[float64]{
 				DataPoints: []metricdata.HistogramDataPoint[float64]{
 					{
-						Attributes: attrs,
+						Attributes: attrsWithMetricLabel,
 						Count:      1,
 						Sum:        float64(float32(26.34)),
 						Min:        metricdata.NewExtrema(float64(float32(26.34))),
@@ -121,34 +139,30 @@ func TestNewOTELSink(t *testing.T) {
 		wantErr string
 		opts    *OTELSinkOpts
 	}{
-		"failsWithEmptyLogger": {
-			wantErr: "ferror: provide valid context",
+		"failsWithEmptyReader": {
+			wantErr: "ferror: provide valid reader",
 			opts: &OTELSinkOpts{
-				Reader: metric.NewManualReader(),
+				Reader:         nil,
+				ConfigProvider: &mockConfigProvider{},
 			},
 		},
-		"failsWithEmptyReader": {
-			wantErr: "ferror: provide valid reader",
+		"failsWithEmptyConfigProvider": {
+			wantErr: "ferror: provide valid config provider",
 			opts: &OTELSinkOpts{
-				Reader: nil,
-				Ctx:    context.Background(),
+				Reader: metric.NewManualReader(),
 			},
 		},
 		"success": {
 			opts: &OTELSinkOpts{
-				Ctx:    context.Background(),
-				Reader: metric.NewManualReader(),
-				Labels: map[string]string{
-					"server": "test",
-				},
-				Filters: []string{"raft"},
+				Reader:         metric.NewManualReader(),
+				ConfigProvider: &mockConfigProvider{},
 			},
 		},
 	} {
 		test := test
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
-			sink, err := NewOTELSink(test.opts)
+			sink, err := NewOTELSink(context.Background(), test.opts)
 			if test.wantErr != "" {
 				require.Error(t, err)
 				require.Contains(t, err.Error(), test.wantErr)
@@ -168,15 +182,16 @@ func TestOTELSink(t *testing.T) {
 
 	ctx := context.Background()
 	opts := &OTELSinkOpts{
-		Reader:  reader,
-		Ctx:     ctx,
-		Filters: []string{"raft", "autopilot"},
-		Labels: map[string]string{
-			"node_id": "test",
+		Reader: reader,
+		ConfigProvider: &mockConfigProvider{
+			filter: regexp.MustCompile("raft|autopilot"),
+			labels: map[string]string{
+				"node_id": "test",
+			},
 		},
 	}
 
-	sink, err := NewOTELSink(opts)
+	sink, err := NewOTELSink(ctx, opts)
 	require.NoError(t, err)
 
 	labels := []gometrics.Label{
@@ -186,12 +201,15 @@ func TestOTELSink(t *testing.T) {
 		},
 	}
 
+	sink.SetGauge([]string{"test", "bad_filter", "gauge"}, float32(0))
 	sink.SetGauge([]string{"consul", "raft", "leader"}, float32(0))
 	sink.SetGaugeWithLabels([]string{"consul", "autopilot", "healthy"}, float32(1.23), labels)
 
+	sink.IncrCounter([]string{"test", "bad_filter", "counter"}, float32(23.23))
 	sink.IncrCounter([]string{"consul", "raft", "state", "leader"}, float32(23.23))
 	sink.IncrCounterWithLabels([]string{"consul", "raft", "apply"}, float32(1.44), labels)
 
+	sink.AddSample([]string{"test", "bad_filter", "sample"}, float32(45.32))
 	sink.AddSample([]string{"consul", "raft", "leader", "lastContact"}, float32(45.32))
 	sink.AddSampleWithLabels([]string{"consul", "raft", "commitTime"}, float32(26.34), labels)
 
@@ -202,23 +220,147 @@ func TestOTELSink(t *testing.T) {
 	isSame(t, expectedSinkMetrics, collected)
 }
 
+func TestLabelsToAttributes(t *testing.T) {
+	for name, test := range map[string]struct {
+		providerLabels         map[string]string
+		goMetricsLabels        []gometrics.Label
+		expectedOTELAttributes []attribute.KeyValue
+	}{
+		"emptyLabels": {
+			expectedOTELAttributes: []attribute.KeyValue{},
+		},
+		"emptyGoMetricsLabels": {
+			providerLabels: map[string]string{
+				"node_id": "test",
+			},
+			expectedOTELAttributes: []attribute.KeyValue{
+				{
+					Key:   attribute.Key("node_id"),
+					Value: attribute.StringValue("test"),
+				},
+			},
+		},
+		"emptyProviderLabels": {
+			goMetricsLabels: []gometrics.Label{
+				{
+					Name:  "server_type",
+					Value: "internal",
+				},
+			},
+			expectedOTELAttributes: []attribute.KeyValue{
+				{
+					Key:   attribute.Key("server_type"),
+					Value: attribute.StringValue("internal"),
+				},
+			},
+		},
+		"combinedLabels": {
+			goMetricsLabels: []gometrics.Label{
+				{
+					Name:  "server_type",
+					Value: "internal",
+				},
+				{
+					Name:  "method",
+					Value: "get",
+				},
+			},
+			providerLabels: map[string]string{
+				"node_id":   "test",
+				"node_name": "labels_test",
+			},
+			expectedOTELAttributes: []attribute.KeyValue{
+				{
+					Key:   attribute.Key("server_type"),
+					Value: attribute.StringValue("internal"),
+				},
+				{
+					Key:   attribute.Key("method"),
+					Value: attribute.StringValue("get"),
+				},
+				{
+					Key:   attribute.Key("node_id"),
+					Value: attribute.StringValue("test"),
+				},
+				{
+					Key:   attribute.Key("node_name"),
+					Value: attribute.StringValue("labels_test"),
+				},
+			},
+		},
+	} {
+		test := test
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			ctx := context.Background()
+			opts := &OTELSinkOpts{
+				Reader: metric.NewManualReader(),
+				ConfigProvider: &mockConfigProvider{
+					filter: regexp.MustCompile("raft|autopilot"),
+					labels: test.providerLabels,
+				},
+			}
+			sink, err := NewOTELSink(ctx, opts)
+			require.NoError(t, err)
+
+			require.Equal(t, test.expectedOTELAttributes, sink.labelsToAttributes(test.goMetricsLabels))
+		})
+	}
+}
+
+func TestOTELSinkFilters(t *testing.T) {
+	t.Parallel()
+	for name, tc := range map[string]struct {
+		cfgProvider ConfigProvider
+		expected    bool
+	}{
+		"emptyMatch": {
+			cfgProvider: &mockConfigProvider{},
+			expected:    true,
+		},
+		"matchingFilter": {
+			cfgProvider: &mockConfigProvider{
+				filter: regexp.MustCompile("raft"),
+			},
+			expected: true,
+		},
+		"mismatchFilter": {cfgProvider: &mockConfigProvider{
+			filter: regexp.MustCompile("test"),
+		}},
+	} {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			testMetricKey := "consul.raft"
+			s, err := NewOTELSink(context.Background(), &OTELSinkOpts{
+				ConfigProvider: tc.cfgProvider,
+				Reader:         metric.NewManualReader(),
+			})
+			require.NoError(t, err)
+			require.Equal(t, tc.expected, s.allowedMetric(testMetricKey))
+		})
+	}
+}
+
 func TestOTELSink_Race(t *testing.T) {
 	reader := metric.NewManualReader()
 	ctx := context.Background()
+	defaultLabels := map[string]string{
+		"node_id": "test",
+	}
 	opts := &OTELSinkOpts{
-		Ctx:    ctx,
 		Reader: reader,
-		Labels: map[string]string{
-			"node_id": "test",
+		ConfigProvider: &mockConfigProvider{
+			filter: regexp.MustCompile("test"),
+			labels: defaultLabels,
 		},
-		Filters: []string{"test"},
 	}
 
-	sink, err := NewOTELSink(opts)
+	sink, err := NewOTELSink(context.Background(), opts)
 	require.NoError(t, err)
 
 	samples := 100
-	expectedMetrics := generateSamples(samples)
+	expectedMetrics := generateSamples(samples, defaultLabels)
 	wg := &sync.WaitGroup{}
 	errCh := make(chan error, samples)
 	for k, v := range expectedMetrics {
@@ -240,8 +382,17 @@ func TestOTELSink_Race(t *testing.T) {
 }
 
 // generateSamples generates n of each gauges, counter and histogram measurements to use for test purposes.
-func generateSamples(n int) map[string]metricdata.Metrics {
+func generateSamples(n int, labels map[string]string) map[string]metricdata.Metrics {
 	generated := make(map[string]metricdata.Metrics, 3*n)
+	attrs := *attribute.EmptySet()
+
+	kvs := make([]attribute.KeyValue, 0, len(labels))
+	for k, v := range labels {
+		kvs = append(kvs, attribute.KeyValue{Key: attribute.Key(k), Value: attribute.StringValue(v)})
+	}
+	if len(kvs) > 0 {
+		attrs = attribute.NewSet(kvs...)
+	}
 
 	for i := 0; i < n; i++ {
 		v := 12.3
@@ -251,7 +402,7 @@ func generateSamples(n int) map[string]metricdata.Metrics {
 			Data: metricdata.Gauge[float64]{
 				DataPoints: []metricdata.DataPoint[float64]{
 					{
-						Attributes: *attribute.EmptySet(),
+						Attributes: attrs,
 						Value:      float64(float32(v)),
 					},
 				},
@@ -267,7 +418,7 @@ func generateSamples(n int) map[string]metricdata.Metrics {
 			Data: metricdata.Sum[float64]{
 				DataPoints: []metricdata.DataPoint[float64]{
 					{
-						Attributes: *attribute.EmptySet(),
+						Attributes: attrs,
 						Value:      float64(float32(v)),
 					},
 				},
@@ -284,7 +435,7 @@ func generateSamples(n int) map[string]metricdata.Metrics {
 			Data: metricdata.Histogram[float64]{
 				DataPoints: []metricdata.HistogramDataPoint[float64]{
 					{
-						Attributes: *attribute.EmptySet(),
+						Attributes: attrs,
 						Sum:        float64(float32(v)),
 						Max:        metricdata.NewExtrema(float64(float32(v))),
 						Min:        metricdata.NewExtrema(float64(float32(v))),
diff --git a/agent/hcp/telemetry_provider.go b/agent/hcp/telemetry_provider.go
new file mode 100644
index 000000000000..eb0f23e804f3
--- /dev/null
+++ b/agent/hcp/telemetry_provider.go
@@ -0,0 +1,156 @@
+package hcp
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"regexp"
+	"sync"
+	"time"
+
+	"github.com/armon/go-metrics"
+	"github.com/hashicorp/go-hclog"
+
+	"github.com/hashicorp/consul/agent/hcp/client"
+	"github.com/hashicorp/consul/agent/hcp/telemetry"
+)
+
+var (
+	// internalMetricRefreshFailure is a metric to monitor refresh failures.
+	internalMetricRefreshFailure []string = []string{"hcp", "telemetry_config_provider", "refresh", "failure"}
+	// internalMetricRefreshSuccess is a metric to monitor refresh successes.
+	internalMetricRefreshSuccess []string = []string{"hcp", "telemetry_config_provider", "refresh", "success"}
+)
+
+// Ensure hcpProviderImpl implements telemetry provider interfaces.
+var _ telemetry.ConfigProvider = &hcpProviderImpl{}
+var _ telemetry.EndpointProvider = &hcpProviderImpl{}
+
+// hcpProviderImpl holds telemetry configuration and settings for continuous fetch of new config from HCP.
+// it updates configuration, if changes are detected.
+type hcpProviderImpl struct {
+	// cfg holds configuration that can be dynamically updated.
+	cfg *dynamicConfig
+
+	// A reader-writer mutex is used as the provider is read heavy.
+	// OTEL components access telemetryConfig during metrics collection and export (read).
+	// Meanwhile, config is only updated when there are changes (write).
+	rw sync.RWMutex
+	// hcpClient is an authenticated client used to make HTTP requests to HCP.
+	hcpClient client.Client
+}
+
+// dynamicConfig is a set of configurable settings for metrics collection, processing and export.
+// fields MUST be exported to compute hash for equals method.
+type dynamicConfig struct {
+	Endpoint *url.URL
+	Labels   map[string]string
+	Filters  *regexp.Regexp
+	// refreshInterval controls the interval at which configuration is fetched from HCP to refresh config.
+	RefreshInterval time.Duration
+}
+
+// NewHCPProvider initializes and starts a HCP Telemetry provider with provided params.
+func NewHCPProvider(ctx context.Context, hcpClient client.Client, telemetryCfg *client.TelemetryConfig) (*hcpProviderImpl, error) {
+	refreshInterval := telemetryCfg.RefreshConfig.RefreshInterval
+	// refreshInterval must be greater than 0, otherwise time.Ticker panics.
+	if refreshInterval <= 0 {
+		return nil, fmt.Errorf("invalid refresh interval: %d", refreshInterval)
+	}
+
+	cfg := &dynamicConfig{
+		Endpoint:        telemetryCfg.MetricsConfig.Endpoint,
+		Labels:          telemetryCfg.MetricsConfig.Labels,
+		Filters:         telemetryCfg.MetricsConfig.Filters,
+		RefreshInterval: refreshInterval,
+	}
+
+	t := &hcpProviderImpl{
+		cfg:       cfg,
+		hcpClient: hcpClient,
+	}
+
+	go t.run(ctx, refreshInterval)
+
+	return t, nil
+}
+
+// run continously checks for updates to the telemetry configuration by making a request to HCP.
+func (h *hcpProviderImpl) run(ctx context.Context, refreshInterval time.Duration) {
+	ticker := time.NewTicker(refreshInterval)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ticker.C:
+			if newCfg := h.getUpdate(ctx); newCfg != nil {
+				ticker.Reset(newCfg.RefreshInterval)
+			}
+		case <-ctx.Done():
+			return
+		}
+	}
+}
+
+// getUpdate makes a HTTP request to HCP to return a new metrics configuration
+// and updates the hcpProviderImpl.
+func (h *hcpProviderImpl) getUpdate(ctx context.Context) *dynamicConfig {
+	logger := hclog.FromContext(ctx).Named("telemetry_config_provider")
+
+	ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
+	defer cancel()
+
+	telemetryCfg, err := h.hcpClient.FetchTelemetryConfig(ctx)
+	if err != nil {
+		logger.Error("failed to fetch telemetry config from HCP", "error", err)
+		metrics.IncrCounter(internalMetricRefreshFailure, 1)
+		return nil
+	}
+
+	// newRefreshInterval of 0 or less can cause ticker Reset() panic.
+	newRefreshInterval := telemetryCfg.RefreshConfig.RefreshInterval
+	if newRefreshInterval <= 0 {
+		logger.Error("invalid refresh interval duration", "refreshInterval", newRefreshInterval)
+		metrics.IncrCounter(internalMetricRefreshFailure, 1)
+		return nil
+	}
+
+	newDynamicConfig := &dynamicConfig{
+		Filters:         telemetryCfg.MetricsConfig.Filters,
+		Endpoint:        telemetryCfg.MetricsConfig.Endpoint,
+		Labels:          telemetryCfg.MetricsConfig.Labels,
+		RefreshInterval: newRefreshInterval,
+	}
+
+	// Acquire write lock to update new configuration.
+	h.rw.Lock()
+	h.cfg = newDynamicConfig
+	h.rw.Unlock()
+
+	metrics.IncrCounter(internalMetricRefreshSuccess, 1)
+
+	return newDynamicConfig
+}
+
+// GetEndpoint acquires a read lock to return endpoint configuration for consumers.
+func (h *hcpProviderImpl) GetEndpoint() *url.URL {
+	h.rw.RLock()
+	defer h.rw.RUnlock()
+
+	return h.cfg.Endpoint
+}
+
+// GetFilters acquires a read lock to return filters configuration for consumers.
+func (h *hcpProviderImpl) GetFilters() *regexp.Regexp {
+	h.rw.RLock()
+	defer h.rw.RUnlock()
+
+	return h.cfg.Filters
+}
+
+// GetLabels acquires a read lock to return labels configuration for consumers.
+func (h *hcpProviderImpl) GetLabels() map[string]string {
+	h.rw.RLock()
+	defer h.rw.RUnlock()
+
+	return h.cfg.Labels
+}
diff --git a/agent/hcp/telemetry_provider_test.go b/agent/hcp/telemetry_provider_test.go
new file mode 100644
index 000000000000..684593b4f38b
--- /dev/null
+++ b/agent/hcp/telemetry_provider_test.go
@@ -0,0 +1,384 @@
+package hcp
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"regexp"
+	"strings"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/armon/go-metrics"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/agent/hcp/client"
+)
+
+const (
+	testRefreshInterval      = 100 * time.Millisecond
+	testSinkServiceName      = "test.telemetry_config_provider"
+	testRaceWriteSampleCount = 100
+	testRaceReadSampleCount  = 5000
+)
+
+var (
+	// Test constants to verify inmem sink metrics.
+	testMetricKeyFailure = testSinkServiceName + "." + strings.Join(internalMetricRefreshFailure, ".")
+	testMetricKeySuccess = testSinkServiceName + "." + strings.Join(internalMetricRefreshSuccess, ".")
+)
+
+type testConfig struct {
+	filters         string
+	endpoint        string
+	labels          map[string]string
+	refreshInterval time.Duration
+}
+
+func TestNewTelemetryConfigProvider(t *testing.T) {
+	t.Parallel()
+	for name, tc := range map[string]struct {
+		testInputs *testConfig
+		wantErr    string
+	}{
+		"success": {
+			testInputs: &testConfig{
+				refreshInterval: 1 * time.Second,
+			},
+		},
+		"failsWithInvalidRefreshInterval": {
+			testInputs: &testConfig{
+				refreshInterval: 0 * time.Second,
+			},
+			wantErr: "invalid refresh interval",
+		},
+	} {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+
+			ctx, cancel := context.WithCancel(context.Background())
+			defer cancel()
+
+			testCfg, err := testTelemetryCfg(tc.testInputs)
+			require.NoError(t, err)
+
+			cfgProvider, err := NewHCPProvider(ctx, client.NewMockClient(t), testCfg)
+			if tc.wantErr != "" {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), tc.wantErr)
+				require.Nil(t, cfgProvider)
+				return
+			}
+			require.NotNil(t, cfgProvider)
+		})
+	}
+}
+
+func TestTelemetryConfigProviderGetUpdate(t *testing.T) {
+	for name, tc := range map[string]struct {
+		mockExpect func(*client.MockClient)
+		metricKey  string
+		optsInputs *testConfig
+		expected   *testConfig
+	}{
+		"noChanges": {
+			optsInputs: &testConfig{
+				endpoint: "http://test.com/v1/metrics",
+				filters:  "test",
+				labels: map[string]string{
+					"test_label": "123",
+				},
+				refreshInterval: testRefreshInterval,
+			},
+			mockExpect: func(m *client.MockClient) {
+				mockCfg, _ := testTelemetryCfg(&testConfig{
+					endpoint: "http://test.com/v1/metrics",
+					filters:  "test",
+					labels: map[string]string{
+						"test_label": "123",
+					},
+					refreshInterval: testRefreshInterval,
+				})
+				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mockCfg, nil)
+			},
+			expected: &testConfig{
+				endpoint: "http://test.com/v1/metrics",
+				labels: map[string]string{
+					"test_label": "123",
+				},
+				filters:         "test",
+				refreshInterval: testRefreshInterval,
+			},
+			metricKey: testMetricKeySuccess,
+		},
+		"newConfig": {
+			optsInputs: &testConfig{
+				endpoint: "http://test.com/v1/metrics",
+				filters:  "test",
+				labels: map[string]string{
+					"test_label": "123",
+				},
+				refreshInterval: 2 * time.Second,
+			},
+			mockExpect: func(m *client.MockClient) {
+				mockCfg, _ := testTelemetryCfg(&testConfig{
+					endpoint: "http://newendpoint/v1/metrics",
+					filters:  "consul",
+					labels: map[string]string{
+						"new_label": "1234",
+					},
+					refreshInterval: 2 * time.Second,
+				})
+				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mockCfg, nil)
+			},
+			expected: &testConfig{
+				endpoint: "http://newendpoint/v1/metrics",
+				filters:  "consul",
+				labels: map[string]string{
+					"new_label": "1234",
+				},
+				refreshInterval: 2 * time.Second,
+			},
+			metricKey: testMetricKeySuccess,
+		},
+		"sameConfigInvalidRefreshInterval": {
+			optsInputs: &testConfig{
+				endpoint: "http://test.com/v1/metrics",
+				filters:  "test",
+				labels: map[string]string{
+					"test_label": "123",
+				},
+				refreshInterval: testRefreshInterval,
+			},
+			mockExpect: func(m *client.MockClient) {
+				mockCfg, _ := testTelemetryCfg(&testConfig{
+					refreshInterval: 0 * time.Second,
+				})
+				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mockCfg, nil)
+			},
+			expected: &testConfig{
+				endpoint: "http://test.com/v1/metrics",
+				labels: map[string]string{
+					"test_label": "123",
+				},
+				filters:         "test",
+				refreshInterval: testRefreshInterval,
+			},
+			metricKey: testMetricKeyFailure,
+		},
+		"sameConfigHCPClientFailure": {
+			optsInputs: &testConfig{
+				endpoint: "http://test.com/v1/metrics",
+				filters:  "test",
+				labels: map[string]string{
+					"test_label": "123",
+				},
+				refreshInterval: testRefreshInterval,
+			},
+			mockExpect: func(m *client.MockClient) {
+				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, fmt.Errorf("failure"))
+			},
+			expected: &testConfig{
+				endpoint: "http://test.com/v1/metrics",
+				filters:  "test",
+				labels: map[string]string{
+					"test_label": "123",
+				},
+				refreshInterval: testRefreshInterval,
+			},
+			metricKey: testMetricKeyFailure,
+		},
+	} {
+		t.Run(name, func(t *testing.T) {
+			sink := initGlobalSink()
+			mockClient := client.NewMockClient(t)
+			tc.mockExpect(mockClient)
+
+			dynamicCfg, err := testDynamicCfg(tc.optsInputs)
+			require.NoError(t, err)
+
+			provider := &hcpProviderImpl{
+				hcpClient: mockClient,
+				cfg:       dynamicCfg,
+			}
+
+			provider.getUpdate(context.Background())
+
+			// Verify endpoint provider returns correct config values.
+			require.Equal(t, tc.expected.endpoint, provider.GetEndpoint().String())
+			require.Equal(t, tc.expected.filters, provider.GetFilters().String())
+			require.Equal(t, tc.expected.labels, provider.GetLabels())
+
+			// Verify count for transform success metric.
+			interval := sink.Data()[0]
+			require.NotNil(t, interval, 1)
+			sv := interval.Counters[tc.metricKey]
+			assert.NotNil(t, sv.AggregateSample)
+			require.Equal(t, sv.AggregateSample.Count, 1)
+		})
+	}
+}
+
+// mockRaceClient is a mock HCP client that fetches TelemetryConfig.
+// The mock TelemetryConfig returned can be manually updated at any time.
+// It manages concurrent read/write access to config with a sync.RWMutex.
+type mockRaceClient struct {
+	client.Client
+	cfg *client.TelemetryConfig
+	rw  sync.RWMutex
+}
+
+// updateCfg acquires a write lock and updates client config to a new value givent a count.
+func (m *mockRaceClient) updateCfg(count int) (*client.TelemetryConfig, error) {
+	m.rw.Lock()
+	defer m.rw.Unlock()
+
+	labels := map[string]string{fmt.Sprintf("label_%d", count): fmt.Sprintf("value_%d", count)}
+
+	filters, err := regexp.Compile(fmt.Sprintf("consul_filter_%d", count))
+	if err != nil {
+		return nil, err
+	}
+
+	endpoint, err := url.Parse(fmt.Sprintf("http://consul-endpoint-%d.com", count))
+	if err != nil {
+		return nil, err
+	}
+
+	cfg := &client.TelemetryConfig{
+		MetricsConfig: &client.MetricsConfig{
+			Filters:  filters,
+			Endpoint: endpoint,
+			Labels:   labels,
+		},
+		RefreshConfig: &client.RefreshConfig{
+			RefreshInterval: testRefreshInterval,
+		},
+	}
+	m.cfg = cfg
+
+	return cfg, nil
+}
+
+// FetchTelemetryConfig returns the current config held by the mockRaceClient.
+func (m *mockRaceClient) FetchTelemetryConfig(ctx context.Context) (*client.TelemetryConfig, error) {
+	m.rw.RLock()
+	defer m.rw.RUnlock()
+
+	return m.cfg, nil
+}
+
+func TestTelemetryConfigProvider_Race(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	initCfg, err := testTelemetryCfg(&testConfig{
+		endpoint:        "test.com",
+		filters:         "test",
+		labels:          map[string]string{"test_label": "test_value"},
+		refreshInterval: testRefreshInterval,
+	})
+	require.NoError(t, err)
+
+	m := &mockRaceClient{
+		cfg: initCfg,
+	}
+
+	// Start the provider goroutine, which fetches client TelemetryConfig every RefreshInterval.
+	provider, err := NewHCPProvider(ctx, m, m.cfg)
+	require.NoError(t, err)
+
+	for count := 0; count < testRaceWriteSampleCount; count++ {
+		// Force a TelemetryConfig value change in the mockRaceClient.
+		newCfg, err := m.updateCfg(count)
+		require.NoError(t, err)
+		// Force provider to obtain new client TelemetryConfig immediately.
+		// This call is necessary to guarantee TelemetryConfig changes to assert on expected values below.
+		provider.getUpdate(context.Background())
+
+		// Start goroutines to access label configuration.
+		wg := &sync.WaitGroup{}
+		kickOff(wg, testRaceReadSampleCount, provider, func(provider *hcpProviderImpl) {
+			require.Equal(t, provider.GetLabels(), newCfg.MetricsConfig.Labels)
+		})
+
+		// Start goroutines to access endpoint configuration.
+		kickOff(wg, testRaceReadSampleCount, provider, func(provider *hcpProviderImpl) {
+			require.Equal(t, provider.GetFilters(), newCfg.MetricsConfig.Filters)
+		})
+
+		// Start goroutines to access filter configuration.
+		kickOff(wg, testRaceReadSampleCount, provider, func(provider *hcpProviderImpl) {
+			require.Equal(t, provider.GetEndpoint(), newCfg.MetricsConfig.Endpoint)
+		})
+
+		wg.Wait()
+	}
+}
+
+func kickOff(wg *sync.WaitGroup, count int, provider *hcpProviderImpl, check func(cfgProvider *hcpProviderImpl)) {
+	for i := 0; i < count; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			check(provider)
+		}()
+	}
+}
+
+// initGlobalSink is a helper function to initialize a Go metrics inmemsink.
+func initGlobalSink() *metrics.InmemSink {
+	cfg := metrics.DefaultConfig(testSinkServiceName)
+	cfg.EnableHostname = false
+
+	sink := metrics.NewInmemSink(10*time.Second, 10*time.Second)
+	metrics.NewGlobal(cfg, sink)
+
+	return sink
+}
+
+// testDynamicCfg converts testConfig inputs to a dynamicConfig to be used in tests.
+func testDynamicCfg(testCfg *testConfig) (*dynamicConfig, error) {
+	filters, err := regexp.Compile(testCfg.filters)
+	if err != nil {
+		return nil, err
+	}
+
+	endpoint, err := url.Parse(testCfg.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	return &dynamicConfig{
+		Endpoint:        endpoint,
+		Filters:         filters,
+		Labels:          testCfg.labels,
+		RefreshInterval: testCfg.refreshInterval,
+	}, nil
+}
+
+// testTelemetryCfg converts testConfig inputs to a TelemetryConfig to be used in tests.
+func testTelemetryCfg(testCfg *testConfig) (*client.TelemetryConfig, error) {
+	filters, err := regexp.Compile(testCfg.filters)
+	if err != nil {
+		return nil, err
+	}
+
+	endpoint, err := url.Parse(testCfg.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	return &client.TelemetryConfig{
+		MetricsConfig: &client.MetricsConfig{
+			Endpoint: endpoint,
+			Filters:  filters,
+			Labels:   testCfg.labels,
+		},
+		RefreshConfig: &client.RefreshConfig{
+			RefreshInterval: testCfg.refreshInterval,
+		},
+	}, nil
+}
diff --git a/go.mod b/go.mod
index ed8caab6ee01..b9e11569578a 100644
--- a/go.mod
+++ b/go.mod
@@ -62,7 +62,7 @@ require (
 	github.com/hashicorp/golang-lru v0.5.4
 	github.com/hashicorp/hcl v1.0.0
 	github.com/hashicorp/hcp-scada-provider v0.2.3
-	github.com/hashicorp/hcp-sdk-go v0.48.0
+	github.com/hashicorp/hcp-sdk-go v0.55.0
 	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038
 	github.com/hashicorp/memberlist v0.5.0
 	github.com/hashicorp/raft v1.5.0
diff --git a/go.sum b/go.sum
index 0eae0ab4af9f..58ba8949b0f6 100644
--- a/go.sum
+++ b/go.sum
@@ -554,8 +554,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
 github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
-github.com/hashicorp/hcp-sdk-go v0.48.0 h1:LWpFR7YVDz4uG4C/ixcy2tRbg7/BgjMcTh1bRkKaeBQ=
-github.com/hashicorp/hcp-sdk-go v0.48.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
+github.com/hashicorp/hcp-sdk-go v0.55.0 h1:T4sQtgQfQJOD0uucT4hS+GZI1FmoHAQMADj277W++xw=
+github.com/hashicorp/hcp-sdk-go v0.55.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
diff --git a/test-integ/go.mod b/test-integ/go.mod
index c8ec1d6bb305..3967d9db57ac 100644
--- a/test-integ/go.mod
+++ b/test-integ/go.mod
@@ -118,7 +118,7 @@ require (
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/hcl/v2 v2.16.2 // indirect
 	github.com/hashicorp/hcp-scada-provider v0.2.3 // indirect
-	github.com/hashicorp/hcp-sdk-go v0.48.0 // indirect
+	github.com/hashicorp/hcp-sdk-go v0.55.0 // indirect
 	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 // indirect
 	github.com/hashicorp/memberlist v0.5.0 // indirect
 	github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 // indirect
diff --git a/test-integ/go.sum b/test-integ/go.sum
index 09d3a07243e7..c2b33e09997a 100644
--- a/test-integ/go.sum
+++ b/test-integ/go.sum
@@ -473,8 +473,8 @@ github.com/hashicorp/hcl/v2 v2.16.2 h1:mpkHZh/Tv+xet3sy3F9Ld4FyI2tUpWe9x3XtPx9f1
 github.com/hashicorp/hcl/v2 v2.16.2/go.mod h1:JRmR89jycNkrrqnMmvPDMd56n1rQJ2Q6KocSLCMCXng=
 github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
 github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
-github.com/hashicorp/hcp-sdk-go v0.48.0 h1:LWpFR7YVDz4uG4C/ixcy2tRbg7/BgjMcTh1bRkKaeBQ=
-github.com/hashicorp/hcp-sdk-go v0.48.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
+github.com/hashicorp/hcp-sdk-go v0.55.0 h1:T4sQtgQfQJOD0uucT4hS+GZI1FmoHAQMADj277W++xw=
+github.com/hashicorp/hcp-sdk-go v0.55.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index ed5584d9b59a..424c69ce3462 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -122,7 +122,7 @@ require (
 	github.com/hashicorp/go-syslog v1.0.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcp-scada-provider v0.2.3 // indirect
-	github.com/hashicorp/hcp-sdk-go v0.48.0 // indirect
+	github.com/hashicorp/hcp-sdk-go v0.55.0 // indirect
 	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 // indirect
 	github.com/hashicorp/memberlist v0.5.0 // indirect
 	github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 // indirect
diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum
index 7fb07a8b4b3c..78939c529a39 100644
--- a/test/integration/consul-container/go.sum
+++ b/test/integration/consul-container/go.sum
@@ -467,8 +467,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
 github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
-github.com/hashicorp/hcp-sdk-go v0.48.0 h1:LWpFR7YVDz4uG4C/ixcy2tRbg7/BgjMcTh1bRkKaeBQ=
-github.com/hashicorp/hcp-sdk-go v0.48.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
+github.com/hashicorp/hcp-sdk-go v0.55.0 h1:T4sQtgQfQJOD0uucT4hS+GZI1FmoHAQMADj277W++xw=
+github.com/hashicorp/hcp-sdk-go v0.55.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=

From 67fc93e26d61bcb61600840fe4f069c878533b51 Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Wed, 2 Aug 2023 08:14:35 +0530
Subject: [PATCH 241/359] NET-4240 - Snapshots are failing on Windows  (#18302)

* fix go mod

* fix go sum

* added change log

* ran make go mod tidy
---
 .changelog/18302.txt | 4 ++++
 go.mod               | 2 +-
 go.sum               | 4 ++--
 test-integ/go.mod    | 2 +-
 test-integ/go.sum    | 4 ++--
 5 files changed, 10 insertions(+), 6 deletions(-)
 create mode 100644 .changelog/18302.txt

diff --git a/.changelog/18302.txt b/.changelog/18302.txt
new file mode 100644
index 000000000000..c77e7106be91
--- /dev/null
+++ b/.changelog/18302.txt
@@ -0,0 +1,4 @@
+```release-note:bug
+snapshot: fix access denied and handle is invalid when we call snapshot save on windows - skip sync() for folders in windows in
+https://github.com/rboyer/safeio/pull/3
+```
diff --git a/go.mod b/go.mod
index b9e11569578a..2b1f2c291265 100644
--- a/go.mod
+++ b/go.mod
@@ -92,7 +92,7 @@ require (
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.14.0
-	github.com/rboyer/safeio v0.2.1
+	github.com/rboyer/safeio v0.2.3
 	github.com/ryanuber/columnize v2.1.2+incompatible
 	github.com/shirou/gopsutil/v3 v3.22.8
 	github.com/stretchr/testify v1.8.3
diff --git a/go.sum b/go.sum
index 58ba8949b0f6..09659349cb61 100644
--- a/go.sum
+++ b/go.sum
@@ -819,8 +819,8 @@ github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+Gx
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rboyer/safeio v0.2.1 h1:05xhhdRNAdS3apYm7JRjOqngf4xruaW959jmRxGDuSU=
-github.com/rboyer/safeio v0.2.1/go.mod h1:Cq/cEPK+YXFn622lsQ0K4KsPZSPtaptHHEldsy7Fmig=
+github.com/rboyer/safeio v0.2.3 h1:gUybicx1kp8nuM4vO0GA5xTBX58/OBd8MQuErBfDxP8=
+github.com/rboyer/safeio v0.2.3/go.mod h1:d7RMmt7utQBJZ4B7f0H/cU/EdZibQAU1Y8NWepK2dS8=
 github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 h1:Wdi9nwnhFNAlseAOekn6B5G/+GMtks9UKbvRU/CMM/o=
 github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03/go.mod h1:gRAiPF5C5Nd0eyyRdqIu9qTiFSoZzpTq727b5B8fkkU=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
diff --git a/test-integ/go.mod b/test-integ/go.mod
index 3967d9db57ac..4bb6e8301d55 100644
--- a/test-integ/go.mod
+++ b/test-integ/go.mod
@@ -177,7 +177,7 @@ require (
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.39.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/rboyer/safeio v0.2.2 // indirect
+	github.com/rboyer/safeio v0.2.3 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
 	github.com/segmentio/fasthash v1.0.3 // indirect
diff --git a/test-integ/go.sum b/test-integ/go.sum
index c2b33e09997a..e39fda49a4a8 100644
--- a/test-integ/go.sum
+++ b/test-integ/go.sum
@@ -706,8 +706,8 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/rboyer/safeio v0.2.2 h1:XhtqyUTRleMYGyBt3ni4j2BtEh669U2ry2INnnd+B4k=
-github.com/rboyer/safeio v0.2.2/go.mod h1:pSnr2LFXyn/c/fotxotyOdYy7pP/XSh6MpBmzXPjiNc=
+github.com/rboyer/safeio v0.2.3 h1:gUybicx1kp8nuM4vO0GA5xTBX58/OBd8MQuErBfDxP8=
+github.com/rboyer/safeio v0.2.3/go.mod h1:d7RMmt7utQBJZ4B7f0H/cU/EdZibQAU1Y8NWepK2dS8=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=

From a33001f4d4c3ebfb48be200d8a4aa6ffeda66ae3 Mon Sep 17 00:00:00 2001
From: Iryna Shustava <ishustava@users.noreply.github.com>
Date: Wed, 2 Aug 2023 08:15:13 -0600
Subject: [PATCH 242/359] Register ProxyStateTemplate Resource (#18316)

  Also, change the ProxyState.id to identity. This is because we already have the id of this proxy
  from the resource, and this id should be name-aligned with the workload it represents. It should
  also have the owner ref set to the workload ID if we need that. And so the id field seems unnecessary.
  We do, however, need a reference to workload identity so that we can authorize the proxy when it initially
  connects to the xDS server.
---
 internal/mesh/exports.go                      |  8 ++-
 .../internal/types/proxy_state_template.go    | 59 +++++++++++++++++++
 internal/mesh/internal/types/types.go         |  1 +
 .../pbmesh/v1alpha1/proxy_state.pb.go         |  3 +-
 .../pbmesh/v1alpha1/proxy_state.proto         |  3 +-
 5 files changed, 69 insertions(+), 5 deletions(-)
 create mode 100644 internal/mesh/internal/types/proxy_state_template.go

diff --git a/internal/mesh/exports.go b/internal/mesh/exports.go
index c73ebdb097f5..78056db0d1d7 100644
--- a/internal/mesh/exports.go
+++ b/internal/mesh/exports.go
@@ -19,12 +19,14 @@ var (
 
 	ProxyConfigurationKind = types.ProxyConfigurationKind
 	UpstreamsKind          = types.UpstreamsKind
+	ProxyStateKind         = types.ProxyStateTemplateKind
 
 	// Resource Types for the v1alpha1 version.
 
-	ProxyConfigurationV1Alpha1Type     = types.ProxyConfigurationV1Alpha1Type
-	UpstreamsV1Alpha1Type              = types.UpstreamsV1Alpha1Type
-	UpstreamsConfigurationV1Alpha1Type = types.UpstreamsConfigurationV1Alpha1Type
+	ProxyConfigurationV1Alpha1Type              = types.ProxyConfigurationV1Alpha1Type
+	UpstreamsV1Alpha1Type                       = types.UpstreamsV1Alpha1Type
+	UpstreamsConfigurationV1Alpha1Type          = types.UpstreamsConfigurationV1Alpha1Type
+	ProxyStateTemplateConfigurationV1Alpha1Type = types.ProxyStateTemplateV1Alpha1Type
 )
 
 // RegisterTypes adds all resource types within the "catalog" API group
diff --git a/internal/mesh/internal/types/proxy_state_template.go b/internal/mesh/internal/types/proxy_state_template.go
new file mode 100644
index 000000000000..7f46190ea015
--- /dev/null
+++ b/internal/mesh/internal/types/proxy_state_template.go
@@ -0,0 +1,59 @@
+package types
+
+import (
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/internal/resource"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const (
+	ProxyStateTemplateKind = "ProxyStateTemplate"
+)
+
+var (
+	ProxyStateTemplateV1Alpha1Type = &pbresource.Type{
+		Group:        GroupName,
+		GroupVersion: VersionV1Alpha1,
+		Kind:         ProxyStateTemplateKind,
+	}
+
+	ProxyStateTemplateType = ProxyStateTemplateV1Alpha1Type
+)
+
+func RegisterProxyStateTemplate(r resource.Registry) {
+	r.Register(resource.Registration{
+		Type:     ProxyStateTemplateV1Alpha1Type,
+		Proto:    &pbmesh.ProxyStateTemplate{},
+		Validate: nil,
+		ACLs: &resource.ACLHooks{
+			Read: func(authorizer acl.Authorizer, id *pbresource.ID) error {
+				// Check service:read and operator:read permissions.
+				// If service:read is not allowed, check operator:read. We want to allow both as this
+				// resource is mostly useful for debuggability and we want to cover
+				// the most cases that serve that purpose.
+				serviceReadErr := authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.Name, resource.AuthorizerContext(id.Tenancy))
+				operatorReadErr := authorizer.ToAllowAuthorizer().OperatorReadAllowed(resource.AuthorizerContext(id.Tenancy))
+
+				switch {
+				case serviceReadErr != nil:
+					return serviceReadErr
+				case operatorReadErr != nil:
+					return operatorReadErr
+				}
+
+				return nil
+			},
+			Write: func(authorizer acl.Authorizer, p *pbresource.Resource) error {
+				// Require operator:write only for "break-glass" scenarios as this resource should be mostly
+				// managed by a controller.
+				return authorizer.ToAllowAuthorizer().OperatorWriteAllowed(resource.AuthorizerContext(p.Id.Tenancy))
+			},
+			List: func(authorizer acl.Authorizer, tenancy *pbresource.Tenancy) error {
+				// No-op List permission as we want to default to filtering resources
+				// from the list using the Read enforcement.
+				return nil
+			},
+		},
+	})
+}
diff --git a/internal/mesh/internal/types/types.go b/internal/mesh/internal/types/types.go
index 3a7c6a329ac4..d1ca23b09528 100644
--- a/internal/mesh/internal/types/types.go
+++ b/internal/mesh/internal/types/types.go
@@ -17,4 +17,5 @@ func Register(r resource.Registry) {
 	RegisterProxyConfiguration(r)
 	RegisterUpstreams(r)
 	RegisterUpstreamsConfiguration(r)
+	RegisterProxyStateTemplate(r)
 }
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
index ab763966485f..cb858b6d1d78 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
@@ -105,7 +105,8 @@ type ProxyState struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// identity is a reference to the WorkloadIdentity associated with this proxy.
+	// id is this proxy's identity. This should correspond to the workload identity that this proxy of
+	// the workload this proxy represents.
 	Identity *pbresource.Reference `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
 	// listeners is a list of listeners for this proxy.
 	Listeners []*pbproxystate.Listener `protobuf:"bytes,2,rep,name=listeners,proto3" json:"listeners,omitempty"`
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.proto b/proto-public/pbmesh/v1alpha1/proxy_state.proto
index e00ae00446c5..46ef458e5711 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.proto
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.proto
@@ -30,7 +30,8 @@ message ProxyStateTemplate {
 }
 
 message ProxyState {
-  // identity is a reference to the WorkloadIdentity associated with this proxy.
+  // id is this proxy's identity. This should correspond to the workload identity that this proxy of
+  // the workload this proxy represents.
   hashicorp.consul.resource.Reference identity = 1;
   // listeners is a list of listeners for this proxy.
   repeated pbproxystate.Listener listeners = 2;

From 905e371607112dc00c55cae53c907b989a651f61 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Wed, 2 Aug 2023 13:10:29 -0400
Subject: [PATCH 243/359] [NET-5146] security: Update Go version to 1.20.7 and
 `x/net` to 0.13.0 (#18358)

* Update Go version to 1.20.7

This resolves [CVE-2023-29409]
(https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`).

* Bump golang.org/x/net to 0.13.0

Addresses [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978)
for security scans (non-impacting).
---
 .changelog/18358.txt                          |  7 ++++++
 .github/workflows/build.yml                   | 22 +++++++++----------
 api/go.mod                                    |  2 +-
 api/go.sum                                    |  4 ++--
 build-support/docker/Build-Go.dockerfile      |  2 +-
 envoyextensions/go.sum                        |  2 +-
 go.mod                                        |  2 +-
 go.sum                                        |  4 ++--
 proto-public/go.mod                           |  2 +-
 proto-public/go.sum                           |  4 ++--
 sdk/go.mod                                    |  2 +-
 sdk/go.sum                                    |  4 ++--
 test-integ/go.mod                             |  2 +-
 test-integ/go.sum                             |  4 ++--
 .../connect/envoy/test-sds-server/go.mod      |  2 +-
 .../connect/envoy/test-sds-server/go.sum      | 11 +++++++---
 test/integration/consul-container/go.mod      |  2 +-
 test/integration/consul-container/go.sum      |  4 ++--
 testing/deployer/go.mod                       |  7 +++---
 testing/deployer/go.sum                       | 15 +++++++------
 troubleshoot/go.mod                           |  2 +-
 troubleshoot/go.sum                           |  4 ++--
 22 files changed, 62 insertions(+), 48 deletions(-)
 create mode 100644 .changelog/18358.txt

diff --git a/.changelog/18358.txt b/.changelog/18358.txt
new file mode 100644
index 000000000000..e29d258c6c92
--- /dev/null
+++ b/.changelog/18358.txt
@@ -0,0 +1,7 @@
+```release-note:security
+Upgrade to use Go 1.20.7.
+This resolves vulnerability [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`).
+```
+```release-note:security
+Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978).
+```
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c3070da291f3..a63609a3da12 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -84,15 +84,15 @@ jobs:
     strategy:
       matrix:
         include:
-          - {go: "1.20.6", goos: "linux", goarch: "386"}
-          - {go: "1.20.6", goos: "linux", goarch: "amd64"}
-          - {go: "1.20.6", goos: "linux", goarch: "arm"}
-          - {go: "1.20.6", goos: "linux", goarch: "arm64"}
-          - {go: "1.20.6", goos: "freebsd", goarch: "386"}
-          - {go: "1.20.6", goos: "freebsd", goarch: "amd64"}
-          - {go: "1.20.6", goos: "windows", goarch: "386"}
-          - {go: "1.20.6", goos: "windows", goarch: "amd64"}
-          - {go: "1.20.6", goos: "solaris", goarch: "amd64"}
+          - {go: "1.20.7", goos: "linux", goarch: "386"}
+          - {go: "1.20.7", goos: "linux", goarch: "amd64"}
+          - {go: "1.20.7", goos: "linux", goarch: "arm"}
+          - {go: "1.20.7", goos: "linux", goarch: "arm64"}
+          - {go: "1.20.7", goos: "freebsd", goarch: "386"}
+          - {go: "1.20.7", goos: "freebsd", goarch: "amd64"}
+          - {go: "1.20.7", goos: "windows", goarch: "386"}
+          - {go: "1.20.7", goos: "windows", goarch: "amd64"}
+          - {go: "1.20.7", goos: "solaris", goarch: "amd64"}
       fail-fast: true
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
@@ -181,7 +181,7 @@ jobs:
     strategy:
       matrix:
         include:
-          - {go: "1.20.6", goos: "linux", goarch: "s390x"}
+          - {go: "1.20.7", goos: "linux", goarch: "s390x"}
       fail-fast: true
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
@@ -232,7 +232,7 @@ jobs:
       matrix:
         goos: [ darwin ]
         goarch: [ "amd64", "arm64" ]
-        go: [ "1.20.6" ]
+        go: [ "1.20.7" ]
       fail-fast: true
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
diff --git a/api/go.mod b/api/go.mod
index deff04e5fdb7..0c85ba4715ae 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -39,7 +39,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
-	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/net v0.13.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/api/go.sum b/api/go.sum
index 0151f6b644eb..846be7540ea2 100644
--- a/api/go.sum
+++ b/api/go.sum
@@ -182,8 +182,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
-golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
+golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile
index 5f0732cf252e..c5b3c8394ea3 100644
--- a/build-support/docker/Build-Go.dockerfile
+++ b/build-support/docker/Build-Go.dockerfile
@@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-ARG GOLANG_VERSION=1.20.6
+ARG GOLANG_VERSION=1.20.7
 FROM golang:${GOLANG_VERSION}
 
 WORKDIR /consul
diff --git a/envoyextensions/go.sum b/envoyextensions/go.sum
index 1921dcb3069d..ffb9566775e0 100644
--- a/envoyextensions/go.sum
+++ b/envoyextensions/go.sum
@@ -202,7 +202,7 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
diff --git a/go.mod b/go.mod
index 2b1f2c291265..4c8a76b7fbf8 100644
--- a/go.mod
+++ b/go.mod
@@ -105,7 +105,7 @@ require (
 	go.uber.org/goleak v1.1.10
 	golang.org/x/crypto v0.11.0
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29
-	golang.org/x/net v0.12.0
+	golang.org/x/net v0.13.0
 	golang.org/x/oauth2 v0.6.0
 	golang.org/x/sync v0.2.0
 	golang.org/x/sys v0.10.0
diff --git a/go.sum b/go.sum
index 09659349cb61..5ca08d3b9460 100644
--- a/go.sum
+++ b/go.sum
@@ -1084,8 +1084,8 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
-golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
+golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
diff --git a/proto-public/go.mod b/proto-public/go.mod
index ba1268d698f2..20feb72ecdc5 100644
--- a/proto-public/go.mod
+++ b/proto-public/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/rogpeppe/go-internal v1.10.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
-	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/net v0.13.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect
 	golang.org/x/text v0.11.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
diff --git a/proto-public/go.sum b/proto-public/go.sum
index 9d540aba9999..f030ff875f78 100644
--- a/proto-public/go.sum
+++ b/proto-public/go.sum
@@ -30,8 +30,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
 github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
-golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
+golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
diff --git a/sdk/go.mod b/sdk/go.mod
index 0732bcf1397f..9fd95927b085 100644
--- a/sdk/go.mod
+++ b/sdk/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/hashicorp/go-version v1.2.1
 	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.8.3
-	golang.org/x/sys v0.8.0
+	golang.org/x/sys v0.10.0
 )
 
 require (
diff --git a/sdk/go.sum b/sdk/go.sum
index a073220befad..170d4464fc55 100644
--- a/sdk/go.sum
+++ b/sdk/go.sum
@@ -49,8 +49,8 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
diff --git a/test-integ/go.mod b/test-integ/go.mod
index 4bb6e8301d55..f775cd7da07f 100644
--- a/test-integ/go.mod
+++ b/test-integ/go.mod
@@ -201,7 +201,7 @@ require (
 	golang.org/x/crypto v0.11.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/net v0.13.0 // indirect
 	golang.org/x/oauth2 v0.6.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect
diff --git a/test-integ/go.sum b/test-integ/go.sum
index e39fda49a4a8..9ccc587e33bc 100644
--- a/test-integ/go.sum
+++ b/test-integ/go.sum
@@ -919,8 +919,8 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
-golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
+golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
diff --git a/test/integration/connect/envoy/test-sds-server/go.mod b/test/integration/connect/envoy/test-sds-server/go.mod
index c0c4f13857e7..916d9b7211ac 100644
--- a/test/integration/connect/envoy/test-sds-server/go.mod
+++ b/test/integration/connect/envoy/test-sds-server/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/stretchr/testify v1.8.3 // indirect
-	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/net v0.13.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.55.0
 )
diff --git a/test/integration/connect/envoy/test-sds-server/go.sum b/test/integration/connect/envoy/test-sds-server/go.sum
index b6ee5b6be501..1a851374f877 100644
--- a/test/integration/connect/envoy/test-sds-server/go.sum
+++ b/test/integration/connect/envoy/test-sds-server/go.sum
@@ -1730,6 +1730,7 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1873,8 +1874,9 @@ golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
+golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -2041,8 +2043,9 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -2052,6 +2055,7 @@ golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2069,8 +2073,9 @@ golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20161028155119-f51c12702a4d/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index 424c69ce3462..9ddab4e1d6f7 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -195,7 +195,7 @@ require (
 	go.uber.org/atomic v1.9.0 // indirect
 	golang.org/x/crypto v0.11.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/net v0.13.0 // indirect
 	golang.org/x/oauth2 v0.6.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect
diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum
index 78939c529a39..b4e8a0e663b1 100644
--- a/test/integration/consul-container/go.sum
+++ b/test/integration/consul-container/go.sum
@@ -906,8 +906,8 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
-golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
+golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
diff --git a/testing/deployer/go.mod b/testing/deployer/go.mod
index 7a2a1102c24d..c94643e830f2 100644
--- a/testing/deployer/go.mod
+++ b/testing/deployer/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/mitchellh/copystructure v1.2.0
 	github.com/rboyer/safeio v0.2.2
 	github.com/stretchr/testify v1.8.3
-	golang.org/x/crypto v0.7.0
+	golang.org/x/crypto v0.11.0
 )
 
 require (
@@ -39,7 +39,8 @@ require (
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/zclconf/go-cty v1.12.1 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/net v0.13.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/testing/deployer/go.sum b/testing/deployer/go.sum
index 9c55f3bd270a..57896354907f 100644
--- a/testing/deployer/go.sum
+++ b/testing/deployer/go.sum
@@ -184,8 +184,8 @@ github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeW
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -195,7 +195,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
+golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -221,15 +222,15 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/troubleshoot/go.mod b/troubleshoot/go.mod
index cd97de4e17c5..75666de18b31 100644
--- a/troubleshoot/go.mod
+++ b/troubleshoot/go.mod
@@ -45,7 +45,7 @@ require (
 	github.com/prometheus/client_model v0.3.0 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/net v0.13.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect
 	golang.org/x/text v0.11.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
diff --git a/troubleshoot/go.sum b/troubleshoot/go.sum
index 490e0f892cc8..ee3bf90645d5 100644
--- a/troubleshoot/go.sum
+++ b/troubleshoot/go.sum
@@ -371,8 +371,8 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
-golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
+golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 9c227e2c361af7a1aa0d8b5fcbf7103038ed3272 Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Thu, 3 Aug 2023 13:42:04 -0500
Subject: [PATCH 244/359] mesh: adding the protobuf types and resources backing
 mesh config v2 (#18351)

---
 internal/catalog/exports.go                   |   14 +
 .../catalog/internal/types/failover_policy.go |   33 +
 internal/catalog/internal/types/types.go      |    1 +
 internal/mesh/exports.go                      |   29 +-
 .../mesh/internal/types/computed_routes.go    |   32 +
 .../mesh/internal/types/destination_policy.go |   32 +
 internal/mesh/internal/types/grpc_route.go    |   32 +
 internal/mesh/internal/types/http_route.go    |   32 +
 internal/mesh/internal/types/tcp_route.go     |   32 +
 internal/mesh/internal/types/types.go         |    5 +
 .../v1alpha1/failover_policy.pb.binary.go     |   38 +
 .../pbcatalog/v1alpha1/failover_policy.pb.go  |  457 ++++++
 .../pbcatalog/v1alpha1/failover_policy.proto  |   47 +
 .../pbcatalog/v1alpha1/selector.pb.go         |   53 +-
 .../pbcatalog/v1alpha1/selector.proto         |    1 +
 .../pbmesh/v1alpha1/common.pb.binary.go       |   28 +
 proto-public/pbmesh/v1alpha1/common.pb.go     |  307 ++++
 proto-public/pbmesh/v1alpha1/common.proto     |   64 +
 .../v1alpha1/computed_routes.pb.binary.go     |  128 ++
 .../pbmesh/v1alpha1/computed_routes.pb.go     | 1321 +++++++++++++++
 .../pbmesh/v1alpha1/computed_routes.proto     |   99 ++
 proto-public/pbmesh/v1alpha1/connection.pb.go |  126 +-
 proto-public/pbmesh/v1alpha1/connection.proto |    8 +-
 .../v1alpha1/destination_policy.pb.binary.go  |   88 +
 .../pbmesh/v1alpha1/destination_policy.pb.go  | 1091 +++++++++++++
 .../pbmesh/v1alpha1/destination_policy.proto  |  147 ++
 .../pbmesh/v1alpha1/grpc_route.pb.binary.go   |   78 +
 proto-public/pbmesh/v1alpha1/grpc_route.pb.go |  887 ++++++++++
 proto-public/pbmesh/v1alpha1/grpc_route.proto |  121 ++
 .../pbmesh/v1alpha1/http_route.pb.binary.go   |  118 ++
 proto-public/pbmesh/v1alpha1/http_route.pb.go | 1441 +++++++++++++++++
 proto-public/pbmesh/v1alpha1/http_route.proto |  259 +++
 .../v1alpha1/http_route_retries.pb.binary.go  |   18 +
 .../pbmesh/v1alpha1/http_route_retries.pb.go  |  206 +++
 .../pbmesh/v1alpha1/http_route_retries.proto  |   25 +
 .../v1alpha1/http_route_timeouts.pb.binary.go |   18 +
 .../pbmesh/v1alpha1/http_route_timeouts.pb.go |  223 +++
 .../pbmesh/v1alpha1/http_route_timeouts.proto |   41 +
 .../v1alpha1/proxy_configuration.pb.binary.go |   20 +
 .../pbmesh/v1alpha1/proxy_configuration.pb.go |  710 ++++++--
 .../pbmesh/v1alpha1/proxy_configuration.proto |   74 +-
 .../pbmesh/v1alpha1/tcp_route.pb.binary.go    |   38 +
 proto-public/pbmesh/v1alpha1/tcp_route.pb.go  |  362 +++++
 proto-public/pbmesh/v1alpha1/tcp_route.proto  |   56 +
 44 files changed, 8688 insertions(+), 252 deletions(-)
 create mode 100644 internal/catalog/internal/types/failover_policy.go
 create mode 100644 internal/mesh/internal/types/computed_routes.go
 create mode 100644 internal/mesh/internal/types/destination_policy.go
 create mode 100644 internal/mesh/internal/types/grpc_route.go
 create mode 100644 internal/mesh/internal/types/http_route.go
 create mode 100644 internal/mesh/internal/types/tcp_route.go
 create mode 100644 proto-public/pbcatalog/v1alpha1/failover_policy.pb.binary.go
 create mode 100644 proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
 create mode 100644 proto-public/pbcatalog/v1alpha1/failover_policy.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/common.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/common.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/common.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/computed_routes.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/computed_routes.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/computed_routes.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/destination_policy.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/destination_policy.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/destination_policy.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/grpc_route.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/grpc_route.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/grpc_route.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/http_route.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/http_route.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/http_route.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/http_route_retries.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/http_route_retries.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
 create mode 100644 proto-public/pbmesh/v1alpha1/tcp_route.pb.binary.go
 create mode 100644 proto-public/pbmesh/v1alpha1/tcp_route.pb.go
 create mode 100644 proto-public/pbmesh/v1alpha1/tcp_route.proto

diff --git a/internal/catalog/exports.go b/internal/catalog/exports.go
index e0373bf7079b..06af51d37a4b 100644
--- a/internal/catalog/exports.go
+++ b/internal/catalog/exports.go
@@ -32,6 +32,7 @@ var (
 	HealthStatusKind     = types.HealthStatusKind
 	HealthChecksKind     = types.HealthChecksKind
 	DNSPolicyKind        = types.DNSPolicyKind
+	FailoverPolicyKind   = types.FailoverPolicyKind
 
 	// Resource Types for the v1alpha1 version.
 
@@ -43,6 +44,19 @@ var (
 	HealthStatusV1Alpha1Type     = types.HealthStatusV1Alpha1Type
 	HealthChecksV1Alpha1Type     = types.HealthChecksV1Alpha1Type
 	DNSPolicyV1Alpha1Type        = types.DNSPolicyV1Alpha1Type
+	FailoverPolicyV1Alpha1Type   = types.FailoverPolicyV1Alpha1Type
+
+	// Resource Types for the latest version.
+
+	WorkloadType         = types.WorkloadType
+	ServiceType          = types.ServiceType
+	ServiceEndpointsType = types.ServiceEndpointsType
+	VirtualIPsType       = types.VirtualIPsType
+	NodeType             = types.NodeType
+	HealthStatusType     = types.HealthStatusType
+	HealthChecksType     = types.HealthChecksType
+	DNSPolicyType        = types.DNSPolicyType
+	FailoverPolicyType   = types.FailoverPolicyType
 
 	// Controller Statuses
 	NodeHealthStatusKey              = nodehealth.StatusKey
diff --git a/internal/catalog/internal/types/failover_policy.go b/internal/catalog/internal/types/failover_policy.go
new file mode 100644
index 000000000000..61930bc1c54d
--- /dev/null
+++ b/internal/catalog/internal/types/failover_policy.go
@@ -0,0 +1,33 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package types
+
+import (
+	"github.com/hashicorp/consul/internal/resource"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const (
+	FailoverPolicyKind = "FailoverPolicy"
+)
+
+var (
+	FailoverPolicyV1Alpha1Type = &pbresource.Type{
+		Group:        GroupName,
+		GroupVersion: VersionV1Alpha1,
+		Kind:         FailoverPolicyKind,
+	}
+
+	FailoverPolicyType = FailoverPolicyV1Alpha1Type
+)
+
+func RegisterFailoverPolicy(r resource.Registry) {
+	r.Register(resource.Registration{
+		Type:     FailoverPolicyV1Alpha1Type,
+		Proto:    &pbcatalog.FailoverPolicy{},
+		Validate: nil,
+		Mutate:   nil,
+	})
+}
diff --git a/internal/catalog/internal/types/types.go b/internal/catalog/internal/types/types.go
index 6ab3730bb293..3eb76d296f5b 100644
--- a/internal/catalog/internal/types/types.go
+++ b/internal/catalog/internal/types/types.go
@@ -22,4 +22,5 @@ func Register(r resource.Registry) {
 	RegisterHealthChecks(r)
 	RegisterDNSPolicy(r)
 	RegisterVirtualIPs(r)
+	RegisterFailoverPolicy(r)
 }
diff --git a/internal/mesh/exports.go b/internal/mesh/exports.go
index 78056db0d1d7..f0edd1ff45ec 100644
--- a/internal/mesh/exports.go
+++ b/internal/mesh/exports.go
@@ -17,9 +17,15 @@ var (
 
 	// Resource Kind Names.
 
-	ProxyConfigurationKind = types.ProxyConfigurationKind
-	UpstreamsKind          = types.UpstreamsKind
-	ProxyStateKind         = types.ProxyStateTemplateKind
+	ProxyConfigurationKind     = types.ProxyConfigurationKind
+	UpstreamsKind              = types.UpstreamsKind
+	UpstreamsConfigurationKind = types.UpstreamsConfigurationKind
+	ProxyStateKind             = types.ProxyStateTemplateKind
+	HTTPRouteKind              = types.HTTPRouteKind
+	GRPCRouteKind              = types.GRPCRouteKind
+	TCPRouteKind               = types.TCPRouteKind
+	DestinationPolicyKind      = types.DestinationPolicyKind
+	ComputedRoutesKind         = types.ComputedRoutesKind
 
 	// Resource Types for the v1alpha1 version.
 
@@ -27,6 +33,23 @@ var (
 	UpstreamsV1Alpha1Type                       = types.UpstreamsV1Alpha1Type
 	UpstreamsConfigurationV1Alpha1Type          = types.UpstreamsConfigurationV1Alpha1Type
 	ProxyStateTemplateConfigurationV1Alpha1Type = types.ProxyStateTemplateV1Alpha1Type
+	HTTPRouteV1Alpha1Type                       = types.HTTPRouteV1Alpha1Type
+	GRPCRouteV1Alpha1Type                       = types.GRPCRouteV1Alpha1Type
+	TCPRouteV1Alpha1Type                        = types.TCPRouteV1Alpha1Type
+	DestinationPolicyV1Alpha1Type               = types.DestinationPolicyV1Alpha1Type
+	ComputedRoutesV1Alpha1Type                  = types.ComputedRoutesV1Alpha1Type
+
+	// Resource Types for the latest version.
+
+	ProxyConfigurationType              = types.ProxyConfigurationType
+	UpstreamsType                       = types.UpstreamsType
+	UpstreamsConfigurationType          = types.UpstreamsConfigurationType
+	ProxyStateTemplateConfigurationType = types.ProxyStateTemplateType
+	HTTPRouteType                       = types.HTTPRouteType
+	GRPCRouteType                       = types.GRPCRouteType
+	TCPRouteType                        = types.TCPRouteType
+	DestinationPolicyType               = types.DestinationPolicyType
+	ComputedRoutesType                  = types.ComputedRoutesType
 )
 
 // RegisterTypes adds all resource types within the "catalog" API group
diff --git a/internal/mesh/internal/types/computed_routes.go b/internal/mesh/internal/types/computed_routes.go
new file mode 100644
index 000000000000..aca627d554fa
--- /dev/null
+++ b/internal/mesh/internal/types/computed_routes.go
@@ -0,0 +1,32 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package types
+
+import (
+	"github.com/hashicorp/consul/internal/resource"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const (
+	ComputedRoutesKind = "ComputedRoutes"
+)
+
+var (
+	ComputedRoutesV1Alpha1Type = &pbresource.Type{
+		Group:        GroupName,
+		GroupVersion: VersionV1Alpha1,
+		Kind:         ComputedRoutesKind,
+	}
+
+	ComputedRoutesType = ComputedRoutesV1Alpha1Type
+)
+
+func RegisterComputedRoutes(r resource.Registry) {
+	r.Register(resource.Registration{
+		Type:     ComputedRoutesV1Alpha1Type,
+		Proto:    &pbmesh.ComputedRoutes{},
+		Validate: nil,
+	})
+}
diff --git a/internal/mesh/internal/types/destination_policy.go b/internal/mesh/internal/types/destination_policy.go
new file mode 100644
index 000000000000..f92dbabdae03
--- /dev/null
+++ b/internal/mesh/internal/types/destination_policy.go
@@ -0,0 +1,32 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package types
+
+import (
+	"github.com/hashicorp/consul/internal/resource"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const (
+	DestinationPolicyKind = "DestinationPolicy"
+)
+
+var (
+	DestinationPolicyV1Alpha1Type = &pbresource.Type{
+		Group:        GroupName,
+		GroupVersion: VersionV1Alpha1,
+		Kind:         DestinationPolicyKind,
+	}
+
+	DestinationPolicyType = DestinationPolicyV1Alpha1Type
+)
+
+func RegisterDestinationPolicy(r resource.Registry) {
+	r.Register(resource.Registration{
+		Type:     DestinationPolicyV1Alpha1Type,
+		Proto:    &pbmesh.DestinationPolicy{},
+		Validate: nil,
+	})
+}
diff --git a/internal/mesh/internal/types/grpc_route.go b/internal/mesh/internal/types/grpc_route.go
new file mode 100644
index 000000000000..eacf5a245b0f
--- /dev/null
+++ b/internal/mesh/internal/types/grpc_route.go
@@ -0,0 +1,32 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package types
+
+import (
+	"github.com/hashicorp/consul/internal/resource"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const (
+	GRPCRouteKind = "GRPCRoute"
+)
+
+var (
+	GRPCRouteV1Alpha1Type = &pbresource.Type{
+		Group:        GroupName,
+		GroupVersion: VersionV1Alpha1,
+		Kind:         GRPCRouteKind,
+	}
+
+	GRPCRouteType = GRPCRouteV1Alpha1Type
+)
+
+func RegisterGRPCRoute(r resource.Registry) {
+	r.Register(resource.Registration{
+		Type:     GRPCRouteV1Alpha1Type,
+		Proto:    &pbmesh.GRPCRoute{},
+		Validate: nil,
+	})
+}
diff --git a/internal/mesh/internal/types/http_route.go b/internal/mesh/internal/types/http_route.go
new file mode 100644
index 000000000000..bd2a4a43f846
--- /dev/null
+++ b/internal/mesh/internal/types/http_route.go
@@ -0,0 +1,32 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package types
+
+import (
+	"github.com/hashicorp/consul/internal/resource"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const (
+	HTTPRouteKind = "HTTPRoute"
+)
+
+var (
+	HTTPRouteV1Alpha1Type = &pbresource.Type{
+		Group:        GroupName,
+		GroupVersion: VersionV1Alpha1,
+		Kind:         HTTPRouteKind,
+	}
+
+	HTTPRouteType = HTTPRouteV1Alpha1Type
+)
+
+func RegisterHTTPRoute(r resource.Registry) {
+	r.Register(resource.Registration{
+		Type:     HTTPRouteV1Alpha1Type,
+		Proto:    &pbmesh.HTTPRoute{},
+		Validate: nil,
+	})
+}
diff --git a/internal/mesh/internal/types/tcp_route.go b/internal/mesh/internal/types/tcp_route.go
new file mode 100644
index 000000000000..dcd1eca4a491
--- /dev/null
+++ b/internal/mesh/internal/types/tcp_route.go
@@ -0,0 +1,32 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package types
+
+import (
+	"github.com/hashicorp/consul/internal/resource"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const (
+	TCPRouteKind = "TCPRoute"
+)
+
+var (
+	TCPRouteV1Alpha1Type = &pbresource.Type{
+		Group:        GroupName,
+		GroupVersion: VersionV1Alpha1,
+		Kind:         TCPRouteKind,
+	}
+
+	TCPRouteType = TCPRouteV1Alpha1Type
+)
+
+func RegisterTCPRoute(r resource.Registry) {
+	r.Register(resource.Registration{
+		Type:     TCPRouteV1Alpha1Type,
+		Proto:    &pbmesh.TCPRoute{},
+		Validate: nil,
+	})
+}
diff --git a/internal/mesh/internal/types/types.go b/internal/mesh/internal/types/types.go
index d1ca23b09528..4fc36c11b243 100644
--- a/internal/mesh/internal/types/types.go
+++ b/internal/mesh/internal/types/types.go
@@ -18,4 +18,9 @@ func Register(r resource.Registry) {
 	RegisterUpstreams(r)
 	RegisterUpstreamsConfiguration(r)
 	RegisterProxyStateTemplate(r)
+	RegisterHTTPRoute(r)
+	RegisterTCPRoute(r)
+	RegisterGRPCRoute(r)
+	RegisterDestinationPolicy(r)
+	RegisterComputedRoutes(r)
 }
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy.pb.binary.go b/proto-public/pbcatalog/v1alpha1/failover_policy.pb.binary.go
new file mode 100644
index 000000000000..85aa74cd41db
--- /dev/null
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy.pb.binary.go
@@ -0,0 +1,38 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbcatalog/v1alpha1/failover_policy.proto
+
+package catalogv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *FailoverPolicy) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *FailoverPolicy) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *FailoverConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *FailoverConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *FailoverDestination) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *FailoverDestination) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go b/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
new file mode 100644
index 000000000000..568405a1cd53
--- /dev/null
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
@@ -0,0 +1,457 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbcatalog/v1alpha1/failover_policy.proto
+
+package catalogv1alpha1
+
+import (
+	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type FailoverMode int32
+
+const (
+	FailoverMode_FAILOVER_MODE_UNSPECIFIED       FailoverMode = 0
+	FailoverMode_FAILOVER_MODE_SEQUENTIAL        FailoverMode = 1
+	FailoverMode_FAILOVER_MODE_ORDER_BY_LOCALITY FailoverMode = 2
+)
+
+// Enum value maps for FailoverMode.
+var (
+	FailoverMode_name = map[int32]string{
+		0: "FAILOVER_MODE_UNSPECIFIED",
+		1: "FAILOVER_MODE_SEQUENTIAL",
+		2: "FAILOVER_MODE_ORDER_BY_LOCALITY",
+	}
+	FailoverMode_value = map[string]int32{
+		"FAILOVER_MODE_UNSPECIFIED":       0,
+		"FAILOVER_MODE_SEQUENTIAL":        1,
+		"FAILOVER_MODE_ORDER_BY_LOCALITY": 2,
+	}
+)
+
+func (x FailoverMode) Enum() *FailoverMode {
+	p := new(FailoverMode)
+	*p = x
+	return p
+}
+
+func (x FailoverMode) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (FailoverMode) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbcatalog_v1alpha1_failover_policy_proto_enumTypes[0].Descriptor()
+}
+
+func (FailoverMode) Type() protoreflect.EnumType {
+	return &file_pbcatalog_v1alpha1_failover_policy_proto_enumTypes[0]
+}
+
+func (x FailoverMode) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use FailoverMode.Descriptor instead.
+func (FailoverMode) EnumDescriptor() ([]byte, []int) {
+	return file_pbcatalog_v1alpha1_failover_policy_proto_rawDescGZIP(), []int{0}
+}
+
+// This is a Resource type.
+type FailoverPolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Config defines failover for any named port not present in PortConfigs.
+	Config *FailoverConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
+	// PortConfigs defines failover for a specific port on this service and takes
+	// precedence over Config.
+	PortConfigs map[string]*FailoverConfig `protobuf:"bytes,2,rep,name=port_configs,json=portConfigs,proto3" json:"port_configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (x *FailoverPolicy) Reset() {
+	*x = FailoverPolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FailoverPolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FailoverPolicy) ProtoMessage() {}
+
+func (x *FailoverPolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FailoverPolicy.ProtoReflect.Descriptor instead.
+func (*FailoverPolicy) Descriptor() ([]byte, []int) {
+	return file_pbcatalog_v1alpha1_failover_policy_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *FailoverPolicy) GetConfig() *FailoverConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+func (x *FailoverPolicy) GetPortConfigs() map[string]*FailoverConfig {
+	if x != nil {
+		return x.PortConfigs
+	}
+	return nil
+}
+
+type FailoverConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Destinations specifies a fixed list of failover destinations to try. We
+	// never try a destination multiple times, so those are subtracted from this
+	// list before proceeding.
+	Destinations []*FailoverDestination `protobuf:"bytes,1,rep,name=destinations,proto3" json:"destinations,omitempty"`
+	// Mode specifies the type of failover that will be performed. Valid values are
+	// "sequential", "" (equivalent to "sequential") and "order-by-locality".
+	Mode    FailoverMode `protobuf:"varint,2,opt,name=mode,proto3,enum=hashicorp.consul.catalog.v1alpha1.FailoverMode" json:"mode,omitempty"`
+	Regions []string     `protobuf:"bytes,3,rep,name=regions,proto3" json:"regions,omitempty"`
+	// SamenessGroup specifies the sameness group to failover to.
+	SamenessGroup string `protobuf:"bytes,4,opt,name=sameness_group,json=samenessGroup,proto3" json:"sameness_group,omitempty"`
+}
+
+func (x *FailoverConfig) Reset() {
+	*x = FailoverConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FailoverConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FailoverConfig) ProtoMessage() {}
+
+func (x *FailoverConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FailoverConfig.ProtoReflect.Descriptor instead.
+func (*FailoverConfig) Descriptor() ([]byte, []int) {
+	return file_pbcatalog_v1alpha1_failover_policy_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *FailoverConfig) GetDestinations() []*FailoverDestination {
+	if x != nil {
+		return x.Destinations
+	}
+	return nil
+}
+
+func (x *FailoverConfig) GetMode() FailoverMode {
+	if x != nil {
+		return x.Mode
+	}
+	return FailoverMode_FAILOVER_MODE_UNSPECIFIED
+}
+
+func (x *FailoverConfig) GetRegions() []string {
+	if x != nil {
+		return x.Regions
+	}
+	return nil
+}
+
+func (x *FailoverConfig) GetSamenessGroup() string {
+	if x != nil {
+		return x.SamenessGroup
+	}
+	return ""
+}
+
+type FailoverDestination struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// This must be a Service.
+	Ref *pbresource.Reference `protobuf:"bytes,1,opt,name=ref,proto3" json:"ref,omitempty"`
+	// TODO: what should an empty port mean?
+	Port       string `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
+	Datacenter string `protobuf:"bytes,3,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
+}
+
+func (x *FailoverDestination) Reset() {
+	*x = FailoverDestination{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FailoverDestination) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FailoverDestination) ProtoMessage() {}
+
+func (x *FailoverDestination) ProtoReflect() protoreflect.Message {
+	mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FailoverDestination.ProtoReflect.Descriptor instead.
+func (*FailoverDestination) Descriptor() ([]byte, []int) {
+	return file_pbcatalog_v1alpha1_failover_policy_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *FailoverDestination) GetRef() *pbresource.Reference {
+	if x != nil {
+		return x.Ref
+	}
+	return nil
+}
+
+func (x *FailoverDestination) GetPort() string {
+	if x != nil {
+		return x.Port
+	}
+	return ""
+}
+
+func (x *FailoverDestination) GetDatacenter() string {
+	if x != nil {
+		return x.Datacenter
+	}
+	return ""
+}
+
+var File_pbcatalog_v1alpha1_failover_policy_proto protoreflect.FileDescriptor
+
+var file_pbcatalog_v1alpha1_failover_policy_proto_rawDesc = []byte{
+	0x0a, 0x28, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2f, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x21, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74,
+	0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x19, 0x70,
+	0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb5, 0x02, 0x0a, 0x0e, 0x46, 0x61, 0x69,
+	0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x49, 0x0a, 0x06, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63,
+	0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x65, 0x0a, 0x0c, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
+	0x50, 0x6f, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x52, 0x0b, 0x70, 0x6f, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x71, 0x0a,
+	0x10, 0x50, 0x6f, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
+	0x6b, 0x65, 0x79, 0x12, 0x47, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
+	0x22, 0xf2, 0x01, 0x0a, 0x0e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x12, 0x5a, 0x0a, 0x0c, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74,
+	0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x61,
+	0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x0c, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
+	0x43, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04,
+	0x6d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+	0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25,
+	0x0a, 0x0e, 0x73, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73,
+	0x47, 0x72, 0x6f, 0x75, 0x70, 0x22, 0x81, 0x01, 0x0a, 0x13, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76,
+	0x65, 0x72, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x36, 0x0a,
+	0x03, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
+	0x52, 0x03, 0x72, 0x65, 0x66, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74,
+	0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64,
+	0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x2a, 0x70, 0x0a, 0x0c, 0x46, 0x61, 0x69,
+	0x6c, 0x6f, 0x76, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1d, 0x0a, 0x19, 0x46, 0x41, 0x49,
+	0x4c, 0x4f, 0x56, 0x45, 0x52, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45,
+	0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x46, 0x41, 0x49, 0x4c,
+	0x4f, 0x56, 0x45, 0x52, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x45, 0x51, 0x55, 0x45, 0x4e,
+	0x54, 0x49, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x46, 0x41, 0x49, 0x4c, 0x4f, 0x56,
+	0x45, 0x52, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x4f, 0x52, 0x44, 0x45, 0x52, 0x5f, 0x42, 0x59,
+	0x5f, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x49, 0x54, 0x59, 0x10, 0x02, 0x42, 0xb0, 0x02, 0x0a, 0x25,
+	0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x13, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x4b, 0x67, 0x69,
+	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
+	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67,
+	0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f,
+	0x67, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x43, 0xaa,
+	0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c,
+	0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x43, 0x61, 0x74,
+	0x61, 0x6c, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbcatalog_v1alpha1_failover_policy_proto_rawDescOnce sync.Once
+	file_pbcatalog_v1alpha1_failover_policy_proto_rawDescData = file_pbcatalog_v1alpha1_failover_policy_proto_rawDesc
+)
+
+func file_pbcatalog_v1alpha1_failover_policy_proto_rawDescGZIP() []byte {
+	file_pbcatalog_v1alpha1_failover_policy_proto_rawDescOnce.Do(func() {
+		file_pbcatalog_v1alpha1_failover_policy_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbcatalog_v1alpha1_failover_policy_proto_rawDescData)
+	})
+	return file_pbcatalog_v1alpha1_failover_policy_proto_rawDescData
+}
+
+var file_pbcatalog_v1alpha1_failover_policy_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+var file_pbcatalog_v1alpha1_failover_policy_proto_goTypes = []interface{}{
+	(FailoverMode)(0),            // 0: hashicorp.consul.catalog.v1alpha1.FailoverMode
+	(*FailoverPolicy)(nil),       // 1: hashicorp.consul.catalog.v1alpha1.FailoverPolicy
+	(*FailoverConfig)(nil),       // 2: hashicorp.consul.catalog.v1alpha1.FailoverConfig
+	(*FailoverDestination)(nil),  // 3: hashicorp.consul.catalog.v1alpha1.FailoverDestination
+	nil,                          // 4: hashicorp.consul.catalog.v1alpha1.FailoverPolicy.PortConfigsEntry
+	(*pbresource.Reference)(nil), // 5: hashicorp.consul.resource.Reference
+}
+var file_pbcatalog_v1alpha1_failover_policy_proto_depIdxs = []int32{
+	2, // 0: hashicorp.consul.catalog.v1alpha1.FailoverPolicy.config:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverConfig
+	4, // 1: hashicorp.consul.catalog.v1alpha1.FailoverPolicy.port_configs:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverPolicy.PortConfigsEntry
+	3, // 2: hashicorp.consul.catalog.v1alpha1.FailoverConfig.destinations:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverDestination
+	0, // 3: hashicorp.consul.catalog.v1alpha1.FailoverConfig.mode:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverMode
+	5, // 4: hashicorp.consul.catalog.v1alpha1.FailoverDestination.ref:type_name -> hashicorp.consul.resource.Reference
+	2, // 5: hashicorp.consul.catalog.v1alpha1.FailoverPolicy.PortConfigsEntry.value:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverConfig
+	6, // [6:6] is the sub-list for method output_type
+	6, // [6:6] is the sub-list for method input_type
+	6, // [6:6] is the sub-list for extension type_name
+	6, // [6:6] is the sub-list for extension extendee
+	0, // [0:6] is the sub-list for field type_name
+}
+
+func init() { file_pbcatalog_v1alpha1_failover_policy_proto_init() }
+func file_pbcatalog_v1alpha1_failover_policy_proto_init() {
+	if File_pbcatalog_v1alpha1_failover_policy_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FailoverPolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FailoverConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FailoverDestination); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbcatalog_v1alpha1_failover_policy_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   4,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbcatalog_v1alpha1_failover_policy_proto_goTypes,
+		DependencyIndexes: file_pbcatalog_v1alpha1_failover_policy_proto_depIdxs,
+		EnumInfos:         file_pbcatalog_v1alpha1_failover_policy_proto_enumTypes,
+		MessageInfos:      file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes,
+	}.Build()
+	File_pbcatalog_v1alpha1_failover_policy_proto = out.File
+	file_pbcatalog_v1alpha1_failover_policy_proto_rawDesc = nil
+	file_pbcatalog_v1alpha1_failover_policy_proto_goTypes = nil
+	file_pbcatalog_v1alpha1_failover_policy_proto_depIdxs = nil
+}
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy.proto b/proto-public/pbcatalog/v1alpha1/failover_policy.proto
new file mode 100644
index 000000000000..69dcec0d973d
--- /dev/null
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy.proto
@@ -0,0 +1,47 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.catalog.v1alpha1;
+
+import "pbresource/resource.proto";
+
+// This is a Resource type.
+message FailoverPolicy {
+  // Config defines failover for any named port not present in PortConfigs.
+  FailoverConfig config = 1;
+
+  // PortConfigs defines failover for a specific port on this service and takes
+  // precedence over Config.
+  map<string, FailoverConfig> port_configs = 2;
+}
+
+message FailoverConfig {
+  // Destinations specifies a fixed list of failover destinations to try. We
+  // never try a destination multiple times, so those are subtracted from this
+  // list before proceeding.
+  repeated FailoverDestination destinations = 1;
+
+  // Mode specifies the type of failover that will be performed. Valid values are
+  // "sequential", "" (equivalent to "sequential") and "order-by-locality".
+  FailoverMode mode = 2;
+  repeated string regions = 3;
+
+  // SamenessGroup specifies the sameness group to failover to.
+  string sameness_group = 4;
+}
+
+message FailoverDestination {
+  // This must be a Service.
+  hashicorp.consul.resource.Reference ref = 1;
+  // TODO: what should an empty port mean?
+  string port = 2;
+  string datacenter = 3;
+}
+
+enum FailoverMode {
+  FAILOVER_MODE_UNSPECIFIED = 0;
+  FAILOVER_MODE_SEQUENTIAL = 1;
+  FAILOVER_MODE_ORDER_BY_LOCALITY = 2;
+}
diff --git a/proto-public/pbcatalog/v1alpha1/selector.pb.go b/proto-public/pbcatalog/v1alpha1/selector.pb.go
index a6f5a3ef880d..8caf0f51d6c8 100644
--- a/proto-public/pbcatalog/v1alpha1/selector.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/selector.pb.go
@@ -31,6 +31,7 @@ type WorkloadSelector struct {
 
 	Prefixes []string `protobuf:"bytes,1,rep,name=prefixes,proto3" json:"prefixes,omitempty"`
 	Names    []string `protobuf:"bytes,2,rep,name=names,proto3" json:"names,omitempty"`
+	Filter   string   `protobuf:"bytes,3,opt,name=filter,proto3" json:"filter,omitempty"`
 }
 
 func (x *WorkloadSelector) Reset() {
@@ -79,6 +80,13 @@ func (x *WorkloadSelector) GetNames() []string {
 	return nil
 }
 
+func (x *WorkloadSelector) GetFilter() string {
+	if x != nil {
+		return x.Filter
+	}
+	return ""
+}
+
 var File_pbcatalog_v1alpha1_selector_proto protoreflect.FileDescriptor
 
 var file_pbcatalog_v1alpha1_selector_proto_rawDesc = []byte{
@@ -86,31 +94,32 @@ var file_pbcatalog_v1alpha1_selector_proto_rawDesc = []byte{
 	0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x12, 0x21, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0x44, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0x5c, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f,
 	0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72,
 	0x65, 0x66, 0x69, 0x78, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72,
 	0x65, 0x66, 0x69, 0x78, 0x65, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18,
-	0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x42, 0xaa, 0x02, 0x0a,
-	0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72,
-	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x4b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
-	0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69,
-	0x63, 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x43, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x43, 0x61,
-	0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02,
-	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x3a,
-	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
+	0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06,
+	0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x69,
+	0x6c, 0x74, 0x65, 0x72, 0x42, 0xaa, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61,
+	0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d,
+	0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x4b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61,
+	0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74,
+	0x61, 0x6c, 0x6f, 0x67, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48,
+	0x43, 0x43, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f,
+	0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61,
+	0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47,
+	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a,
+	0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/proto-public/pbcatalog/v1alpha1/selector.proto b/proto-public/pbcatalog/v1alpha1/selector.proto
index b1b39409ba3a..1b5aa366e07f 100644
--- a/proto-public/pbcatalog/v1alpha1/selector.proto
+++ b/proto-public/pbcatalog/v1alpha1/selector.proto
@@ -9,4 +9,5 @@ package hashicorp.consul.catalog.v1alpha1;
 message WorkloadSelector {
   repeated string prefixes = 1;
   repeated string names = 2;
+  string filter = 3;
 }
diff --git a/proto-public/pbmesh/v1alpha1/common.pb.binary.go b/proto-public/pbmesh/v1alpha1/common.pb.binary.go
new file mode 100644
index 000000000000..a02a97e494a1
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/common.pb.binary.go
@@ -0,0 +1,28 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/common.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *ParentReference) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *ParentReference) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *BackendReference) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *BackendReference) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/common.pb.go b/proto-public/pbmesh/v1alpha1/common.pb.go
new file mode 100644
index 000000000000..4262d3872c3d
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/common.pb.go
@@ -0,0 +1,307 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/common.proto
+
+package meshv1alpha1
+
+import (
+	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// NOTE: roughly equivalent to structs.ResourceReference
+type ParentReference struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// For east/west configuration, this should point to a pbcatalog.Service.
+	// For north/south it should point to a gateway (TBD)
+	Ref *pbresource.Reference `protobuf:"bytes,1,opt,name=ref,proto3" json:"ref,omitempty"`
+	// Port is the network port this Route targets. It can be interpreted
+	// differently based on the type of parent resource.
+	//
+	// When the parent resource is a Gateway, this targets all listeners
+	// listening on the specified port that also support this kind of Route(and
+	// select this Route). It’s not recommended to set Port unless the networking
+	// behaviors specified in a Route must apply to a specific port as opposed to
+	// a listener(s) whose port(s) may be changed. When both Port and SectionName
+	// are specified, the name and port of the selected listener must match both
+	// specified values.
+	//
+	// Implementations MAY choose to support other parent resources.
+	// Implementations supporting other types of parent resources MUST clearly
+	// document how/if Port is interpreted.
+	//
+	// For the purpose of status, an attachment is considered successful as long
+	// as the parent resource accepts it partially. For example, Gateway
+	// listeners can restrict which Routes can attach to them by Route kind,
+	// namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+	// the referencing Route, the Route MUST be considered successfully attached.
+	// If no Gateway listeners accept attachment from this Route, the Route MUST
+	// be considered detached from the Gateway.
+	//
+	// For east/west this is the name of the consul port.
+	// For north/south this is the stringified integer port expected by GAMMA.
+	//
+	// https://gateway-api.sigs.k8s.io/geps/gep-957/
+	Port string `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
+}
+
+func (x *ParentReference) Reset() {
+	*x = ParentReference{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_common_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ParentReference) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ParentReference) ProtoMessage() {}
+
+func (x *ParentReference) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_common_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ParentReference.ProtoReflect.Descriptor instead.
+func (*ParentReference) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_common_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ParentReference) GetRef() *pbresource.Reference {
+	if x != nil {
+		return x.Ref
+	}
+	return nil
+}
+
+func (x *ParentReference) GetPort() string {
+	if x != nil {
+		return x.Port
+	}
+	return ""
+}
+
+type BackendReference struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// For east/west configuration, this should point to either a
+	// pbcatalog.Service or ServiceSubset.
+	//
+	// For Partition/PeerName fields likely we could map them to ServiceImports
+	// (MCS+GAMMA) when translating
+	Ref *pbresource.Reference `protobuf:"bytes,1,opt,name=ref,proto3" json:"ref,omitempty"`
+	// For east/west this is the name of the consul port.
+	Port string `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
+	// NOT IN GAMMA; multi-cluster + GWapi is still unknown
+	//
+	// Likely we could map this to ServiceImports (MCS+GAMMA) when translating
+	// to/from k8s.
+	//
+	// https://gateway-api.sigs.k8s.io/geps/gep-1748/
+	Datacenter string `protobuf:"bytes,3,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
+}
+
+func (x *BackendReference) Reset() {
+	*x = BackendReference{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_common_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *BackendReference) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BackendReference) ProtoMessage() {}
+
+func (x *BackendReference) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_common_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use BackendReference.ProtoReflect.Descriptor instead.
+func (*BackendReference) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_common_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *BackendReference) GetRef() *pbresource.Reference {
+	if x != nil {
+		return x.Ref
+	}
+	return nil
+}
+
+func (x *BackendReference) GetPort() string {
+	if x != nil {
+		return x.Port
+	}
+	return ""
+}
+
+func (x *BackendReference) GetDatacenter() string {
+	if x != nil {
+		return x.Datacenter
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_common_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_common_proto_rawDesc = []byte{
+	0x0a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x19,
+	0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75,
+	0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x5d, 0x0a, 0x0f, 0x50, 0x61, 0x72,
+	0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x36, 0x0a, 0x03,
+	0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52,
+	0x03, 0x72, 0x65, 0x66, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x7e, 0x0a, 0x10, 0x42, 0x61, 0x63, 0x6b,
+	0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x36, 0x0a, 0x03,
+	0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52,
+	0x03, 0x72, 0x65, 0x66, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61,
+	0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x61,
+	0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x42, 0x93, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42,
+	0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45,
+	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d,
+	0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
+	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47,
+	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a,
+	0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_common_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_common_proto_rawDescData = file_pbmesh_v1alpha1_common_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_common_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_common_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_common_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_common_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_common_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_pbmesh_v1alpha1_common_proto_goTypes = []interface{}{
+	(*ParentReference)(nil),      // 0: hashicorp.consul.mesh.v1alpha1.ParentReference
+	(*BackendReference)(nil),     // 1: hashicorp.consul.mesh.v1alpha1.BackendReference
+	(*pbresource.Reference)(nil), // 2: hashicorp.consul.resource.Reference
+}
+var file_pbmesh_v1alpha1_common_proto_depIdxs = []int32{
+	2, // 0: hashicorp.consul.mesh.v1alpha1.ParentReference.ref:type_name -> hashicorp.consul.resource.Reference
+	2, // 1: hashicorp.consul.mesh.v1alpha1.BackendReference.ref:type_name -> hashicorp.consul.resource.Reference
+	2, // [2:2] is the sub-list for method output_type
+	2, // [2:2] is the sub-list for method input_type
+	2, // [2:2] is the sub-list for extension type_name
+	2, // [2:2] is the sub-list for extension extendee
+	0, // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_common_proto_init() }
+func file_pbmesh_v1alpha1_common_proto_init() {
+	if File_pbmesh_v1alpha1_common_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_common_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ParentReference); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_common_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*BackendReference); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_common_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_common_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_common_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_common_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_common_proto = out.File
+	file_pbmesh_v1alpha1_common_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_common_proto_goTypes = nil
+	file_pbmesh_v1alpha1_common_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/common.proto b/proto-public/pbmesh/v1alpha1/common.proto
new file mode 100644
index 000000000000..48668e59dd5a
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/common.proto
@@ -0,0 +1,64 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "pbresource/resource.proto";
+
+// NOTE: roughly equivalent to structs.ResourceReference
+message ParentReference {
+  // For east/west configuration, this should point to a pbcatalog.Service.
+  // For north/south it should point to a gateway (TBD)
+  hashicorp.consul.resource.Reference ref = 1;
+
+  // Port is the network port this Route targets. It can be interpreted
+  // differently based on the type of parent resource.
+  //
+  // When the parent resource is a Gateway, this targets all listeners
+  // listening on the specified port that also support this kind of Route(and
+  // select this Route). It’s not recommended to set Port unless the networking
+  // behaviors specified in a Route must apply to a specific port as opposed to
+  // a listener(s) whose port(s) may be changed. When both Port and SectionName
+  // are specified, the name and port of the selected listener must match both
+  // specified values.
+  //
+  // Implementations MAY choose to support other parent resources.
+  // Implementations supporting other types of parent resources MUST clearly
+  // document how/if Port is interpreted.
+  //
+  // For the purpose of status, an attachment is considered successful as long
+  // as the parent resource accepts it partially. For example, Gateway
+  // listeners can restrict which Routes can attach to them by Route kind,
+  // namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+  // the referencing Route, the Route MUST be considered successfully attached.
+  // If no Gateway listeners accept attachment from this Route, the Route MUST
+  // be considered detached from the Gateway.
+  //
+  // For east/west this is the name of the consul port.
+  // For north/south this is the stringified integer port expected by GAMMA.
+  //
+  // https://gateway-api.sigs.k8s.io/geps/gep-957/
+  string port = 2;
+}
+
+message BackendReference {
+  // For east/west configuration, this should point to either a
+  // pbcatalog.Service or ServiceSubset.
+  //
+  // For Partition/PeerName fields likely we could map them to ServiceImports
+  // (MCS+GAMMA) when translating
+  hashicorp.consul.resource.Reference ref = 1;
+
+  // For east/west this is the name of the consul port.
+  string port = 2;
+
+  // NOT IN GAMMA; multi-cluster + GWapi is still unknown
+  //
+  // Likely we could map this to ServiceImports (MCS+GAMMA) when translating
+  // to/from k8s.
+  //
+  // https://gateway-api.sigs.k8s.io/geps/gep-1748/
+  string datacenter = 3;
+}
diff --git a/proto-public/pbmesh/v1alpha1/computed_routes.pb.binary.go b/proto-public/pbmesh/v1alpha1/computed_routes.pb.binary.go
new file mode 100644
index 000000000000..cd30ceac2707
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/computed_routes.pb.binary.go
@@ -0,0 +1,128 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/computed_routes.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *ComputedRoutes) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *ComputedRoutes) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *ComputedPortRoutes) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *ComputedPortRoutes) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InterpretedHTTPRoute) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InterpretedHTTPRoute) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InterpretedHTTPRouteRule) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InterpretedHTTPRouteRule) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InterpretedHTTPBackendRef) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InterpretedHTTPBackendRef) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InterpretedGRPCRoute) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InterpretedGRPCRoute) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InterpretedGRPCRouteRule) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InterpretedGRPCRouteRule) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InterpretedGRPCBackendRef) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InterpretedGRPCBackendRef) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InterpretedTCPRoute) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InterpretedTCPRoute) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InterpretedTCPRouteRule) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InterpretedTCPRouteRule) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InterpretedTCPBackendRef) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InterpretedTCPBackendRef) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *BackendTargetDetails) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *BackendTargetDetails) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/computed_routes.pb.go b/proto-public/pbmesh/v1alpha1/computed_routes.pb.go
new file mode 100644
index 000000000000..605e4fbd679e
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/computed_routes.pb.go
@@ -0,0 +1,1321 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/computed_routes.proto
+
+package meshv1alpha1
+
+import (
+	v1alpha1 "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// This is a Resource type.
+type ComputedRoutes struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	PortedConfigs map[string]*ComputedPortRoutes `protobuf:"bytes,1,rep,name=ported_configs,json=portedConfigs,proto3" json:"ported_configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (x *ComputedRoutes) Reset() {
+	*x = ComputedRoutes{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ComputedRoutes) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ComputedRoutes) ProtoMessage() {}
+
+func (x *ComputedRoutes) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ComputedRoutes.ProtoReflect.Descriptor instead.
+func (*ComputedRoutes) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ComputedRoutes) GetPortedConfigs() map[string]*ComputedPortRoutes {
+	if x != nil {
+		return x.PortedConfigs
+	}
+	return nil
+}
+
+type ComputedPortRoutes struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Config:
+	//
+	//	*ComputedPortRoutes_Http
+	//	*ComputedPortRoutes_Grpc
+	//	*ComputedPortRoutes_Tcp
+	Config             isComputedPortRoutes_Config `protobuf_oneof:"config"`
+	UsingDefaultConfig bool                        `protobuf:"varint,4,opt,name=using_default_config,json=usingDefaultConfig,proto3" json:"using_default_config,omitempty"` // TODO
+	// map key is an opaque string; like disco chain target name
+	Targets map[string]*BackendTargetDetails `protobuf:"bytes,5,rep,name=targets,proto3" json:"targets,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (x *ComputedPortRoutes) Reset() {
+	*x = ComputedPortRoutes{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ComputedPortRoutes) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ComputedPortRoutes) ProtoMessage() {}
+
+func (x *ComputedPortRoutes) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ComputedPortRoutes.ProtoReflect.Descriptor instead.
+func (*ComputedPortRoutes) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{1}
+}
+
+func (m *ComputedPortRoutes) GetConfig() isComputedPortRoutes_Config {
+	if m != nil {
+		return m.Config
+	}
+	return nil
+}
+
+func (x *ComputedPortRoutes) GetHttp() *InterpretedHTTPRoute {
+	if x, ok := x.GetConfig().(*ComputedPortRoutes_Http); ok {
+		return x.Http
+	}
+	return nil
+}
+
+func (x *ComputedPortRoutes) GetGrpc() *InterpretedGRPCRoute {
+	if x, ok := x.GetConfig().(*ComputedPortRoutes_Grpc); ok {
+		return x.Grpc
+	}
+	return nil
+}
+
+func (x *ComputedPortRoutes) GetTcp() *InterpretedTCPRoute {
+	if x, ok := x.GetConfig().(*ComputedPortRoutes_Tcp); ok {
+		return x.Tcp
+	}
+	return nil
+}
+
+func (x *ComputedPortRoutes) GetUsingDefaultConfig() bool {
+	if x != nil {
+		return x.UsingDefaultConfig
+	}
+	return false
+}
+
+func (x *ComputedPortRoutes) GetTargets() map[string]*BackendTargetDetails {
+	if x != nil {
+		return x.Targets
+	}
+	return nil
+}
+
+type isComputedPortRoutes_Config interface {
+	isComputedPortRoutes_Config()
+}
+
+type ComputedPortRoutes_Http struct {
+	Http *InterpretedHTTPRoute `protobuf:"bytes,1,opt,name=http,proto3,oneof"`
+}
+
+type ComputedPortRoutes_Grpc struct {
+	Grpc *InterpretedGRPCRoute `protobuf:"bytes,2,opt,name=grpc,proto3,oneof"`
+}
+
+type ComputedPortRoutes_Tcp struct {
+	Tcp *InterpretedTCPRoute `protobuf:"bytes,3,opt,name=tcp,proto3,oneof"`
+}
+
+func (*ComputedPortRoutes_Http) isComputedPortRoutes_Config() {}
+
+func (*ComputedPortRoutes_Grpc) isComputedPortRoutes_Config() {}
+
+func (*ComputedPortRoutes_Tcp) isComputedPortRoutes_Config() {}
+
+type InterpretedHTTPRoute struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ParentRef *ParentReference            `protobuf:"bytes,1,opt,name=parent_ref,json=parentRef,proto3" json:"parent_ref,omitempty"`
+	Rules     []*InterpretedHTTPRouteRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
+}
+
+func (x *InterpretedHTTPRoute) Reset() {
+	*x = InterpretedHTTPRoute{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterpretedHTTPRoute) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterpretedHTTPRoute) ProtoMessage() {}
+
+func (x *InterpretedHTTPRoute) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterpretedHTTPRoute.ProtoReflect.Descriptor instead.
+func (*InterpretedHTTPRoute) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *InterpretedHTTPRoute) GetParentRef() *ParentReference {
+	if x != nil {
+		return x.ParentRef
+	}
+	return nil
+}
+
+func (x *InterpretedHTTPRoute) GetRules() []*InterpretedHTTPRouteRule {
+	if x != nil {
+		return x.Rules
+	}
+	return nil
+}
+
+type InterpretedHTTPRouteRule struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Matches     []*HTTPRouteMatch            `protobuf:"bytes,1,rep,name=matches,proto3" json:"matches,omitempty"`
+	Filters     []*HTTPRouteFilter           `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"`
+	BackendRefs []*InterpretedHTTPBackendRef `protobuf:"bytes,3,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
+	Timeouts    *HTTPRouteTimeouts           `protobuf:"bytes,4,opt,name=timeouts,proto3" json:"timeouts,omitempty"`
+	Retries     *HTTPRouteRetries            `protobuf:"bytes,5,opt,name=retries,proto3" json:"retries,omitempty"`
+}
+
+func (x *InterpretedHTTPRouteRule) Reset() {
+	*x = InterpretedHTTPRouteRule{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterpretedHTTPRouteRule) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterpretedHTTPRouteRule) ProtoMessage() {}
+
+func (x *InterpretedHTTPRouteRule) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterpretedHTTPRouteRule.ProtoReflect.Descriptor instead.
+func (*InterpretedHTTPRouteRule) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *InterpretedHTTPRouteRule) GetMatches() []*HTTPRouteMatch {
+	if x != nil {
+		return x.Matches
+	}
+	return nil
+}
+
+func (x *InterpretedHTTPRouteRule) GetFilters() []*HTTPRouteFilter {
+	if x != nil {
+		return x.Filters
+	}
+	return nil
+}
+
+func (x *InterpretedHTTPRouteRule) GetBackendRefs() []*InterpretedHTTPBackendRef {
+	if x != nil {
+		return x.BackendRefs
+	}
+	return nil
+}
+
+func (x *InterpretedHTTPRouteRule) GetTimeouts() *HTTPRouteTimeouts {
+	if x != nil {
+		return x.Timeouts
+	}
+	return nil
+}
+
+func (x *InterpretedHTTPRouteRule) GetRetries() *HTTPRouteRetries {
+	if x != nil {
+		return x.Retries
+	}
+	return nil
+}
+
+type InterpretedHTTPBackendRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	BackendTarget string             `protobuf:"bytes,1,opt,name=backend_target,json=backendTarget,proto3" json:"backend_target,omitempty"`
+	Weight        uint32             `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
+	Filters       []*HTTPRouteFilter `protobuf:"bytes,3,rep,name=filters,proto3" json:"filters,omitempty"`
+}
+
+func (x *InterpretedHTTPBackendRef) Reset() {
+	*x = InterpretedHTTPBackendRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterpretedHTTPBackendRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterpretedHTTPBackendRef) ProtoMessage() {}
+
+func (x *InterpretedHTTPBackendRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterpretedHTTPBackendRef.ProtoReflect.Descriptor instead.
+func (*InterpretedHTTPBackendRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *InterpretedHTTPBackendRef) GetBackendTarget() string {
+	if x != nil {
+		return x.BackendTarget
+	}
+	return ""
+}
+
+func (x *InterpretedHTTPBackendRef) GetWeight() uint32 {
+	if x != nil {
+		return x.Weight
+	}
+	return 0
+}
+
+func (x *InterpretedHTTPBackendRef) GetFilters() []*HTTPRouteFilter {
+	if x != nil {
+		return x.Filters
+	}
+	return nil
+}
+
+type InterpretedGRPCRoute struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ParentRef *ParentReference            `protobuf:"bytes,1,opt,name=parent_ref,json=parentRef,proto3" json:"parent_ref,omitempty"`
+	Rules     []*InterpretedGRPCRouteRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
+}
+
+func (x *InterpretedGRPCRoute) Reset() {
+	*x = InterpretedGRPCRoute{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterpretedGRPCRoute) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterpretedGRPCRoute) ProtoMessage() {}
+
+func (x *InterpretedGRPCRoute) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterpretedGRPCRoute.ProtoReflect.Descriptor instead.
+func (*InterpretedGRPCRoute) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *InterpretedGRPCRoute) GetParentRef() *ParentReference {
+	if x != nil {
+		return x.ParentRef
+	}
+	return nil
+}
+
+func (x *InterpretedGRPCRoute) GetRules() []*InterpretedGRPCRouteRule {
+	if x != nil {
+		return x.Rules
+	}
+	return nil
+}
+
+type InterpretedGRPCRouteRule struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Matches     []*GRPCRouteMatch            `protobuf:"bytes,1,rep,name=matches,proto3" json:"matches,omitempty"`
+	Filters     []*GRPCRouteFilter           `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"`
+	BackendRefs []*InterpretedGRPCBackendRef `protobuf:"bytes,3,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
+	Timeouts    *HTTPRouteTimeouts           `protobuf:"bytes,4,opt,name=timeouts,proto3" json:"timeouts,omitempty"`
+	Retries     *HTTPRouteRetries            `protobuf:"bytes,5,opt,name=retries,proto3" json:"retries,omitempty"`
+}
+
+func (x *InterpretedGRPCRouteRule) Reset() {
+	*x = InterpretedGRPCRouteRule{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterpretedGRPCRouteRule) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterpretedGRPCRouteRule) ProtoMessage() {}
+
+func (x *InterpretedGRPCRouteRule) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterpretedGRPCRouteRule.ProtoReflect.Descriptor instead.
+func (*InterpretedGRPCRouteRule) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *InterpretedGRPCRouteRule) GetMatches() []*GRPCRouteMatch {
+	if x != nil {
+		return x.Matches
+	}
+	return nil
+}
+
+func (x *InterpretedGRPCRouteRule) GetFilters() []*GRPCRouteFilter {
+	if x != nil {
+		return x.Filters
+	}
+	return nil
+}
+
+func (x *InterpretedGRPCRouteRule) GetBackendRefs() []*InterpretedGRPCBackendRef {
+	if x != nil {
+		return x.BackendRefs
+	}
+	return nil
+}
+
+func (x *InterpretedGRPCRouteRule) GetTimeouts() *HTTPRouteTimeouts {
+	if x != nil {
+		return x.Timeouts
+	}
+	return nil
+}
+
+func (x *InterpretedGRPCRouteRule) GetRetries() *HTTPRouteRetries {
+	if x != nil {
+		return x.Retries
+	}
+	return nil
+}
+
+type InterpretedGRPCBackendRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	BackendTarget string             `protobuf:"bytes,1,opt,name=backend_target,json=backendTarget,proto3" json:"backend_target,omitempty"`
+	Weight        uint32             `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
+	Filters       []*GRPCRouteFilter `protobuf:"bytes,3,rep,name=filters,proto3" json:"filters,omitempty"`
+}
+
+func (x *InterpretedGRPCBackendRef) Reset() {
+	*x = InterpretedGRPCBackendRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterpretedGRPCBackendRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterpretedGRPCBackendRef) ProtoMessage() {}
+
+func (x *InterpretedGRPCBackendRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterpretedGRPCBackendRef.ProtoReflect.Descriptor instead.
+func (*InterpretedGRPCBackendRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *InterpretedGRPCBackendRef) GetBackendTarget() string {
+	if x != nil {
+		return x.BackendTarget
+	}
+	return ""
+}
+
+func (x *InterpretedGRPCBackendRef) GetWeight() uint32 {
+	if x != nil {
+		return x.Weight
+	}
+	return 0
+}
+
+func (x *InterpretedGRPCBackendRef) GetFilters() []*GRPCRouteFilter {
+	if x != nil {
+		return x.Filters
+	}
+	return nil
+}
+
+type InterpretedTCPRoute struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ParentRef *ParentReference           `protobuf:"bytes,1,opt,name=parent_ref,json=parentRef,proto3" json:"parent_ref,omitempty"`
+	Rules     []*InterpretedTCPRouteRule `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"`
+}
+
+func (x *InterpretedTCPRoute) Reset() {
+	*x = InterpretedTCPRoute{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterpretedTCPRoute) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterpretedTCPRoute) ProtoMessage() {}
+
+func (x *InterpretedTCPRoute) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterpretedTCPRoute.ProtoReflect.Descriptor instead.
+func (*InterpretedTCPRoute) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *InterpretedTCPRoute) GetParentRef() *ParentReference {
+	if x != nil {
+		return x.ParentRef
+	}
+	return nil
+}
+
+func (x *InterpretedTCPRoute) GetRules() []*InterpretedTCPRouteRule {
+	if x != nil {
+		return x.Rules
+	}
+	return nil
+}
+
+type InterpretedTCPRouteRule struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	BackendRefs []*InterpretedTCPBackendRef `protobuf:"bytes,1,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
+}
+
+func (x *InterpretedTCPRouteRule) Reset() {
+	*x = InterpretedTCPRouteRule{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterpretedTCPRouteRule) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterpretedTCPRouteRule) ProtoMessage() {}
+
+func (x *InterpretedTCPRouteRule) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterpretedTCPRouteRule.ProtoReflect.Descriptor instead.
+func (*InterpretedTCPRouteRule) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *InterpretedTCPRouteRule) GetBackendRefs() []*InterpretedTCPBackendRef {
+	if x != nil {
+		return x.BackendRefs
+	}
+	return nil
+}
+
+// TODO: look into smuggling the target through a different typeURL, or just
+// skip in favor of letting the caller do their own lookups?
+type InterpretedTCPBackendRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	BackendTarget string `protobuf:"bytes,1,opt,name=backend_target,json=backendTarget,proto3" json:"backend_target,omitempty"`
+	Weight        uint32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
+}
+
+func (x *InterpretedTCPBackendRef) Reset() {
+	*x = InterpretedTCPBackendRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InterpretedTCPBackendRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InterpretedTCPBackendRef) ProtoMessage() {}
+
+func (x *InterpretedTCPBackendRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InterpretedTCPBackendRef.ProtoReflect.Descriptor instead.
+func (*InterpretedTCPBackendRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *InterpretedTCPBackendRef) GetBackendTarget() string {
+	if x != nil {
+		return x.BackendTarget
+	}
+	return ""
+}
+
+func (x *InterpretedTCPBackendRef) GetWeight() uint32 {
+	if x != nil {
+		return x.Weight
+	}
+	return 0
+}
+
+type BackendTargetDetails struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// identity info
+	BackendRef        *BackendReference        `protobuf:"bytes,1,opt,name=backend_ref,json=backendRef,proto3" json:"backend_ref,omitempty"`
+	NullRouteTraffic  bool                     `protobuf:"varint,2,opt,name=null_route_traffic,json=nullRouteTraffic,proto3" json:"null_route_traffic,omitempty"`
+	Service           *v1alpha1.Service        `protobuf:"bytes,3,opt,name=service,proto3" json:"service,omitempty"`
+	FailoverPolicy    *v1alpha1.FailoverPolicy `protobuf:"bytes,4,opt,name=failover_policy,json=failoverPolicy,proto3" json:"failover_policy,omitempty"`
+	DestinationPolicy *DestinationPolicy       `protobuf:"bytes,5,opt,name=destination_policy,json=destinationPolicy,proto3" json:"destination_policy,omitempty"`
+}
+
+func (x *BackendTargetDetails) Reset() {
+	*x = BackendTargetDetails{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *BackendTargetDetails) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BackendTargetDetails) ProtoMessage() {}
+
+func (x *BackendTargetDetails) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use BackendTargetDetails.ProtoReflect.Descriptor instead.
+func (*BackendTargetDetails) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *BackendTargetDetails) GetBackendRef() *BackendReference {
+	if x != nil {
+		return x.BackendRef
+	}
+	return nil
+}
+
+func (x *BackendTargetDetails) GetNullRouteTraffic() bool {
+	if x != nil {
+		return x.NullRouteTraffic
+	}
+	return false
+}
+
+func (x *BackendTargetDetails) GetService() *v1alpha1.Service {
+	if x != nil {
+		return x.Service
+	}
+	return nil
+}
+
+func (x *BackendTargetDetails) GetFailoverPolicy() *v1alpha1.FailoverPolicy {
+	if x != nil {
+		return x.FailoverPolicy
+	}
+	return nil
+}
+
+func (x *BackendTargetDetails) GetDestinationPolicy() *DestinationPolicy {
+	if x != nil {
+		return x.DestinationPolicy
+	}
+	return nil
+}
+
+var File_pbmesh_v1alpha1_computed_routes_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_computed_routes_proto_rawDesc = []byte{
+	0x0a, 0x25, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65,
+	0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x28, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c,
+	0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x66, 0x61, 0x69, 0x6c,
+	0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x1a, 0x20, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x1a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62, 0x6d,
+	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x67, 0x72, 0x70,
+	0x63, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70,
+	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x68,
+	0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
+	0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x72, 0x65, 0x74, 0x72,
+	0x69, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, 0x70, 0x62, 0x6d, 0x65, 0x73,
+	0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f,
+	0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf0, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65,
+	0x64, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x68, 0x0a, 0x0e, 0x70, 0x6f, 0x72, 0x74, 0x65,
+	0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x2e,
+	0x50, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74,
+	0x72, 0x79, 0x52, 0x0d, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x73, 0x1a, 0x74, 0x0a, 0x12, 0x50, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x48, 0x0a, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74,
+	0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x52, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xfe, 0x03, 0x0a, 0x12, 0x43, 0x6f, 0x6d, 0x70,
+	0x75, 0x74, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x4a,
+	0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e,
+	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x48, 0x00, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x12, 0x4a, 0x0a, 0x04, 0x67, 0x72,
+	0x70, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70,
+	0x72, 0x65, 0x74, 0x65, 0x64, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x48, 0x00,
+	0x52, 0x04, 0x67, 0x72, 0x70, 0x63, 0x12, 0x47, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64,
+	0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x48, 0x00, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12,
+	0x30, 0x0a, 0x14, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x75,
+	0x73, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x12, 0x59, 0x0a, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74,
+	0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x52, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x1a, 0x70, 0x0a, 0x0c,
+	0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
+	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x4a,
+	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42,
+	0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x44, 0x65, 0x74, 0x61,
+	0x69, 0x6c, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x08,
+	0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xbc, 0x01, 0x0a, 0x14, 0x49, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74,
+	0x65, 0x12, 0x4e, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x66,
+	0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65,
+	0x66, 0x12, 0x4e, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x48, 0x54, 0x54,
+	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65,
+	0x73, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xa8, 0x03, 0x0a, 0x18, 0x49, 0x6e, 0x74, 0x65,
+	0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65,
+	0x52, 0x75, 0x6c, 0x65, 0x12, 0x48, 0x0a, 0x07, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x49,
+	0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72,
+	0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x5c, 0x0a, 0x0c, 0x62, 0x61, 0x63,
+	0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50,
+	0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b, 0x62, 0x61, 0x63, 0x6b,
+	0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52,
+	0x6f, 0x75, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x52, 0x08, 0x74, 0x69,
+	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x12, 0x4a, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65,
+	0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69,
+	0x65, 0x73, 0x22, 0xa5, 0x01, 0x0a, 0x19, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
+	0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66,
+	0x12, 0x25, 0x0a, 0x0e, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x74, 0x61, 0x72, 0x67,
+	0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e,
+	0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68,
+	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12,
+	0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65,
+	0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x22, 0xbc, 0x01, 0x0a, 0x14, 0x49,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x12, 0x4e, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65,
+	0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x52,
+	0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
+	0x52, 0x65, 0x66, 0x12, 0x4e, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x47,
+	0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x72, 0x75,
+	0x6c, 0x65, 0x73, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xa8, 0x03, 0x0a, 0x18, 0x49, 0x6e,
+	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x48, 0x0a, 0x07, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65,
+	0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73,
+	0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74,
+	0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x5c, 0x0a, 0x0c, 0x62,
+	0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x47, 0x52,
+	0x50, 0x43, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b, 0x62, 0x61,
+	0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x74, 0x69, 0x6d,
+	0x65, 0x6f, 0x75, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54,
+	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x52, 0x08,
+	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x12, 0x4a, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72,
+	0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52,
+	0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x07, 0x72, 0x65, 0x74,
+	0x72, 0x69, 0x65, 0x73, 0x22, 0xa5, 0x01, 0x0a, 0x19, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x65, 0x74, 0x65, 0x64, 0x47, 0x52, 0x50, 0x43, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52,
+	0x65, 0x66, 0x12, 0x25, 0x0a, 0x0e, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x74, 0x61,
+	0x72, 0x67, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x62, 0x61, 0x63, 0x6b,
+	0x65, 0x6e, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69,
+	0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68,
+	0x74, 0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c,
+	0x74, 0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x22, 0xb4, 0x01, 0x0a,
+	0x13, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x54, 0x43, 0x50, 0x52,
+	0x6f, 0x75, 0x74, 0x65, 0x12, 0x4e, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72,
+	0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74,
+	0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e,
+	0x74, 0x52, 0x65, 0x66, 0x12, 0x4d, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64,
+	0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x72, 0x75,
+	0x6c, 0x65, 0x73, 0x22, 0x76, 0x0a, 0x17, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
+	0x65, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x5b,
+	0x0a, 0x0c, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x73, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65,
+	0x64, 0x54, 0x43, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b,
+	0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x73, 0x22, 0x59, 0x0a, 0x18, 0x49,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x54, 0x43, 0x50, 0x42, 0x61, 0x63,
+	0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12, 0x25, 0x0a, 0x0e, 0x62, 0x61, 0x63, 0x6b, 0x65,
+	0x6e, 0x64, 0x5f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0d, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16,
+	0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06,
+	0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0x9b, 0x03, 0x0a, 0x14, 0x42, 0x61, 0x63, 0x6b, 0x65,
+	0x6e, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12,
+	0x51, 0x0a, 0x0b, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66,
+	0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52,
+	0x65, 0x66, 0x12, 0x2c, 0x0a, 0x12, 0x6e, 0x75, 0x6c, 0x6c, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65,
+	0x5f, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10,
+	0x6e, 0x75, 0x6c, 0x6c, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63,
+	0x12, 0x44, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x07, 0x73,
+	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5a, 0x0a, 0x0f, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76,
+	0x65, 0x72, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x52, 0x0e, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x12, 0x60, 0x0a, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x52, 0x11, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x42, 0x9b, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x13, 0x43, 0x6f, 0x6d,
+	0x70, 0x75, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d,
+	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73,
+	0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa,
+	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02,
+	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_computed_routes_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_computed_routes_proto_rawDescData = file_pbmesh_v1alpha1_computed_routes_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_computed_routes_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_computed_routes_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_computed_routes_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_computed_routes_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
+var file_pbmesh_v1alpha1_computed_routes_proto_goTypes = []interface{}{
+	(*ComputedRoutes)(nil),            // 0: hashicorp.consul.mesh.v1alpha1.ComputedRoutes
+	(*ComputedPortRoutes)(nil),        // 1: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes
+	(*InterpretedHTTPRoute)(nil),      // 2: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRoute
+	(*InterpretedHTTPRouteRule)(nil),  // 3: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule
+	(*InterpretedHTTPBackendRef)(nil), // 4: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPBackendRef
+	(*InterpretedGRPCRoute)(nil),      // 5: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRoute
+	(*InterpretedGRPCRouteRule)(nil),  // 6: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule
+	(*InterpretedGRPCBackendRef)(nil), // 7: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCBackendRef
+	(*InterpretedTCPRoute)(nil),       // 8: hashicorp.consul.mesh.v1alpha1.InterpretedTCPRoute
+	(*InterpretedTCPRouteRule)(nil),   // 9: hashicorp.consul.mesh.v1alpha1.InterpretedTCPRouteRule
+	(*InterpretedTCPBackendRef)(nil),  // 10: hashicorp.consul.mesh.v1alpha1.InterpretedTCPBackendRef
+	(*BackendTargetDetails)(nil),      // 11: hashicorp.consul.mesh.v1alpha1.BackendTargetDetails
+	nil,                               // 12: hashicorp.consul.mesh.v1alpha1.ComputedRoutes.PortedConfigsEntry
+	nil,                               // 13: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.TargetsEntry
+	(*ParentReference)(nil),           // 14: hashicorp.consul.mesh.v1alpha1.ParentReference
+	(*HTTPRouteMatch)(nil),            // 15: hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch
+	(*HTTPRouteFilter)(nil),           // 16: hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
+	(*HTTPRouteTimeouts)(nil),         // 17: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
+	(*HTTPRouteRetries)(nil),          // 18: hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
+	(*GRPCRouteMatch)(nil),            // 19: hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch
+	(*GRPCRouteFilter)(nil),           // 20: hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
+	(*BackendReference)(nil),          // 21: hashicorp.consul.mesh.v1alpha1.BackendReference
+	(*v1alpha1.Service)(nil),          // 22: hashicorp.consul.catalog.v1alpha1.Service
+	(*v1alpha1.FailoverPolicy)(nil),   // 23: hashicorp.consul.catalog.v1alpha1.FailoverPolicy
+	(*DestinationPolicy)(nil),         // 24: hashicorp.consul.mesh.v1alpha1.DestinationPolicy
+}
+var file_pbmesh_v1alpha1_computed_routes_proto_depIdxs = []int32{
+	12, // 0: hashicorp.consul.mesh.v1alpha1.ComputedRoutes.ported_configs:type_name -> hashicorp.consul.mesh.v1alpha1.ComputedRoutes.PortedConfigsEntry
+	2,  // 1: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.http:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRoute
+	5,  // 2: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.grpc:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRoute
+	8,  // 3: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.tcp:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedTCPRoute
+	13, // 4: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.targets:type_name -> hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.TargetsEntry
+	14, // 5: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRoute.parent_ref:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
+	3,  // 6: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule
+	15, // 7: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule.matches:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch
+	16, // 8: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule.filters:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
+	4,  // 9: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedHTTPBackendRef
+	17, // 10: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule.timeouts:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
+	18, // 11: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule.retries:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
+	16, // 12: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPBackendRef.filters:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
+	14, // 13: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRoute.parent_ref:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
+	6,  // 14: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule
+	19, // 15: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule.matches:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch
+	20, // 16: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule.filters:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
+	7,  // 17: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedGRPCBackendRef
+	17, // 18: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule.timeouts:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
+	18, // 19: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule.retries:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
+	20, // 20: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCBackendRef.filters:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
+	14, // 21: hashicorp.consul.mesh.v1alpha1.InterpretedTCPRoute.parent_ref:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
+	9,  // 22: hashicorp.consul.mesh.v1alpha1.InterpretedTCPRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedTCPRouteRule
+	10, // 23: hashicorp.consul.mesh.v1alpha1.InterpretedTCPRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedTCPBackendRef
+	21, // 24: hashicorp.consul.mesh.v1alpha1.BackendTargetDetails.backend_ref:type_name -> hashicorp.consul.mesh.v1alpha1.BackendReference
+	22, // 25: hashicorp.consul.mesh.v1alpha1.BackendTargetDetails.service:type_name -> hashicorp.consul.catalog.v1alpha1.Service
+	23, // 26: hashicorp.consul.mesh.v1alpha1.BackendTargetDetails.failover_policy:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverPolicy
+	24, // 27: hashicorp.consul.mesh.v1alpha1.BackendTargetDetails.destination_policy:type_name -> hashicorp.consul.mesh.v1alpha1.DestinationPolicy
+	1,  // 28: hashicorp.consul.mesh.v1alpha1.ComputedRoutes.PortedConfigsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes
+	11, // 29: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.TargetsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.BackendTargetDetails
+	30, // [30:30] is the sub-list for method output_type
+	30, // [30:30] is the sub-list for method input_type
+	30, // [30:30] is the sub-list for extension type_name
+	30, // [30:30] is the sub-list for extension extendee
+	0,  // [0:30] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_computed_routes_proto_init() }
+func file_pbmesh_v1alpha1_computed_routes_proto_init() {
+	if File_pbmesh_v1alpha1_computed_routes_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_common_proto_init()
+	file_pbmesh_v1alpha1_destination_policy_proto_init()
+	file_pbmesh_v1alpha1_grpc_route_proto_init()
+	file_pbmesh_v1alpha1_http_route_proto_init()
+	file_pbmesh_v1alpha1_http_route_retries_proto_init()
+	file_pbmesh_v1alpha1_http_route_timeouts_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ComputedRoutes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ComputedPortRoutes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterpretedHTTPRoute); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterpretedHTTPRouteRule); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterpretedHTTPBackendRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterpretedGRPCRoute); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterpretedGRPCRouteRule); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterpretedGRPCBackendRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterpretedTCPRoute); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterpretedTCPRouteRule); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*InterpretedTCPBackendRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*BackendTargetDetails); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[1].OneofWrappers = []interface{}{
+		(*ComputedPortRoutes_Http)(nil),
+		(*ComputedPortRoutes_Grpc)(nil),
+		(*ComputedPortRoutes_Tcp)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_computed_routes_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   14,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_computed_routes_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_computed_routes_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_computed_routes_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_computed_routes_proto = out.File
+	file_pbmesh_v1alpha1_computed_routes_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_computed_routes_proto_goTypes = nil
+	file_pbmesh_v1alpha1_computed_routes_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/computed_routes.proto b/proto-public/pbmesh/v1alpha1/computed_routes.proto
new file mode 100644
index 000000000000..d48d417d6823
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/computed_routes.proto
@@ -0,0 +1,99 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "pbcatalog/v1alpha1/failover_policy.proto";
+import "pbcatalog/v1alpha1/service.proto";
+import "pbmesh/v1alpha1/common.proto";
+import "pbmesh/v1alpha1/destination_policy.proto";
+import "pbmesh/v1alpha1/grpc_route.proto";
+import "pbmesh/v1alpha1/http_route.proto";
+import "pbmesh/v1alpha1/http_route_retries.proto";
+import "pbmesh/v1alpha1/http_route_timeouts.proto";
+
+// This is a Resource type.
+message ComputedRoutes {
+  map<string, ComputedPortRoutes> ported_configs = 1;
+}
+
+message ComputedPortRoutes {
+  oneof config {
+    InterpretedHTTPRoute http = 1;
+    InterpretedGRPCRoute grpc = 2;
+    InterpretedTCPRoute tcp = 3;
+  }
+  bool using_default_config = 4; // TODO
+
+  // map key is an opaque string; like disco chain target name
+  map<string, BackendTargetDetails> targets = 5;
+}
+
+message InterpretedHTTPRoute {
+  ParentReference parent_ref = 1;
+  reserved 2; // hostnames
+  repeated InterpretedHTTPRouteRule rules = 3;
+}
+
+message InterpretedHTTPRouteRule {
+  repeated HTTPRouteMatch matches = 1;
+  repeated HTTPRouteFilter filters = 2;
+  repeated InterpretedHTTPBackendRef backend_refs = 3;
+  HTTPRouteTimeouts timeouts = 4;
+  HTTPRouteRetries retries = 5;
+}
+
+message InterpretedHTTPBackendRef {
+  string backend_target = 1;
+  uint32 weight = 2;
+  repeated HTTPRouteFilter filters = 3;
+}
+
+message InterpretedGRPCRoute {
+  ParentReference parent_ref = 1;
+  reserved 2; // hostnames
+  repeated InterpretedGRPCRouteRule rules = 3;
+}
+
+message InterpretedGRPCRouteRule {
+  repeated GRPCRouteMatch matches = 1;
+  repeated GRPCRouteFilter filters = 2;
+  repeated InterpretedGRPCBackendRef backend_refs = 3;
+  HTTPRouteTimeouts timeouts = 4;
+  HTTPRouteRetries retries = 5;
+}
+
+message InterpretedGRPCBackendRef {
+  string backend_target = 1;
+  uint32 weight = 2;
+  repeated GRPCRouteFilter filters = 3;
+}
+
+message InterpretedTCPRoute {
+  ParentReference parent_ref = 1;
+  repeated InterpretedTCPRouteRule rules = 2;
+}
+
+message InterpretedTCPRouteRule {
+  repeated InterpretedTCPBackendRef backend_refs = 1;
+}
+
+// TODO: look into smuggling the target through a different typeURL, or just
+// skip in favor of letting the caller do their own lookups?
+message InterpretedTCPBackendRef {
+  string backend_target = 1;
+  uint32 weight = 2;
+}
+
+message BackendTargetDetails {
+  // identity info
+  BackendReference backend_ref = 1;
+
+  bool null_route_traffic = 2;
+
+  hashicorp.consul.catalog.v1alpha1.Service service = 3;
+  hashicorp.consul.catalog.v1alpha1.FailoverPolicy failover_policy = 4;
+  DestinationPolicy destination_policy = 5;
+}
diff --git a/proto-public/pbmesh/v1alpha1/connection.pb.go b/proto-public/pbmesh/v1alpha1/connection.pb.go
index 65fa3ba329dd..221845b26dbb 100644
--- a/proto-public/pbmesh/v1alpha1/connection.pb.go
+++ b/proto-public/pbmesh/v1alpha1/connection.pb.go
@@ -12,6 +12,7 @@ package meshv1alpha1
 import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
 	reflect "reflect"
 	sync "sync"
 )
@@ -70,13 +71,14 @@ func (BalanceConnections) EnumDescriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_connection_proto_rawDescGZIP(), []int{0}
 }
 
+// Referenced by ProxyConfiguration
 type ConnectionConfig struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	ConnectTimeoutMs uint64 `protobuf:"varint,2,opt,name=connect_timeout_ms,json=connectTimeoutMs,proto3" json:"connect_timeout_ms,omitempty"`
-	RequestTimeoutMs uint64 `protobuf:"varint,3,opt,name=request_timeout_ms,json=requestTimeoutMs,proto3" json:"request_timeout_ms,omitempty"`
+	ConnectTimeout *durationpb.Duration `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
+	RequestTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=request_timeout,json=requestTimeout,proto3" json:"request_timeout,omitempty"`
 }
 
 func (x *ConnectionConfig) Reset() {
@@ -111,20 +113,21 @@ func (*ConnectionConfig) Descriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_connection_proto_rawDescGZIP(), []int{0}
 }
 
-func (x *ConnectionConfig) GetConnectTimeoutMs() uint64 {
+func (x *ConnectionConfig) GetConnectTimeout() *durationpb.Duration {
 	if x != nil {
-		return x.ConnectTimeoutMs
+		return x.ConnectTimeout
 	}
-	return 0
+	return nil
 }
 
-func (x *ConnectionConfig) GetRequestTimeoutMs() uint64 {
+func (x *ConnectionConfig) GetRequestTimeout() *durationpb.Duration {
 	if x != nil {
-		return x.RequestTimeoutMs
+		return x.RequestTimeout
 	}
-	return 0
+	return nil
 }
 
+// Referenced by ProxyConfiguration
 type InboundConnectionsConfig struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -187,50 +190,54 @@ var file_pbmesh_v1alpha1_connection_proto_rawDesc = []byte{
 	0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
 	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x22, 0x6e, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2c, 0x0a, 0x12, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x04, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f,
-	0x75, 0x74, 0x4d, 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f,
-	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04,
-	0x52, 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
-	0x4d, 0x73, 0x22, 0xc6, 0x01, 0x0a, 0x18, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
-	0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04,
-	0x52, 0x15, 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x72, 0x0a, 0x1b, 0x62, 0x61, 0x6c, 0x61, 0x6e,
-	0x63, 0x65, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61,
-	0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x52, 0x19, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64,
-	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2a, 0x54, 0x0a, 0x12, 0x42,
-	0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x12, 0x1f, 0x0a, 0x1b, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x43, 0x4f, 0x4e,
-	0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54,
-	0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x43, 0x4f,
-	0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x45, 0x58, 0x41, 0x43, 0x54, 0x10,
-	0x01, 0x42, 0x97, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74,
-	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70,
-	0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68,
-	0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
-	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
-	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d,
-	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73,
-	0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
+	0x61, 0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x22, 0x9a, 0x01, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e,
+	0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x42, 0x0a, 0x0f, 0x72,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22,
+	0xc6, 0x01, 0x0a, 0x18, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x17,
+	0x6d, 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, 0x6d,
+	0x61, 0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x72, 0x0a, 0x1b, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x5f,
+	0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e,
+	0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x62,
+	0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e,
+	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2a, 0x54, 0x0a, 0x12, 0x42, 0x61, 0x6c, 0x61,
+	0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1f,
+	0x0a, 0x1b, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43,
+	0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12,
+	0x1d, 0x0a, 0x19, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x4e, 0x45,
+	0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x45, 0x58, 0x41, 0x43, 0x54, 0x10, 0x01, 0x42, 0x97,
+	0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c,
+	0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2,
+	0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
+	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -251,14 +258,17 @@ var file_pbmesh_v1alpha1_connection_proto_goTypes = []interface{}{
 	(BalanceConnections)(0),          // 0: hashicorp.consul.mesh.v1alpha1.BalanceConnections
 	(*ConnectionConfig)(nil),         // 1: hashicorp.consul.mesh.v1alpha1.ConnectionConfig
 	(*InboundConnectionsConfig)(nil), // 2: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig
+	(*durationpb.Duration)(nil),      // 3: google.protobuf.Duration
 }
 var file_pbmesh_v1alpha1_connection_proto_depIdxs = []int32{
-	0, // 0: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig.balance_inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceConnections
-	1, // [1:1] is the sub-list for method output_type
-	1, // [1:1] is the sub-list for method input_type
-	1, // [1:1] is the sub-list for extension type_name
-	1, // [1:1] is the sub-list for extension extendee
-	0, // [0:1] is the sub-list for field type_name
+	3, // 0: hashicorp.consul.mesh.v1alpha1.ConnectionConfig.connect_timeout:type_name -> google.protobuf.Duration
+	3, // 1: hashicorp.consul.mesh.v1alpha1.ConnectionConfig.request_timeout:type_name -> google.protobuf.Duration
+	0, // 2: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig.balance_inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceConnections
+	3, // [3:3] is the sub-list for method output_type
+	3, // [3:3] is the sub-list for method input_type
+	3, // [3:3] is the sub-list for extension type_name
+	3, // [3:3] is the sub-list for extension extendee
+	0, // [0:3] is the sub-list for field type_name
 }
 
 func init() { file_pbmesh_v1alpha1_connection_proto_init() }
diff --git a/proto-public/pbmesh/v1alpha1/connection.proto b/proto-public/pbmesh/v1alpha1/connection.proto
index 1d054e503b30..8cae7c1c1099 100644
--- a/proto-public/pbmesh/v1alpha1/connection.proto
+++ b/proto-public/pbmesh/v1alpha1/connection.proto
@@ -5,11 +5,15 @@ syntax = "proto3";
 
 package hashicorp.consul.mesh.v1alpha1;
 
+import "google/protobuf/duration.proto";
+
+// Referenced by ProxyConfiguration
 message ConnectionConfig {
-  uint64 connect_timeout_ms = 2;
-  uint64 request_timeout_ms = 3;
+  google.protobuf.Duration connect_timeout = 1;
+  google.protobuf.Duration request_timeout = 2;
 }
 
+// Referenced by ProxyConfiguration
 message InboundConnectionsConfig {
   uint64 max_inbound_connections = 12;
   BalanceConnections balance_inbound_connections = 13;
diff --git a/proto-public/pbmesh/v1alpha1/destination_policy.pb.binary.go b/proto-public/pbmesh/v1alpha1/destination_policy.pb.binary.go
new file mode 100644
index 000000000000..e77b66710870
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/destination_policy.pb.binary.go
@@ -0,0 +1,88 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/destination_policy.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *DestinationPolicy) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *DestinationPolicy) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *DestinationConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *DestinationConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *LocalityPrioritization) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *LocalityPrioritization) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *LoadBalancer) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *LoadBalancer) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *RingHashConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *RingHashConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *LeastRequestConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *LeastRequestConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HashPolicy) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HashPolicy) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *CookieConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *CookieConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/destination_policy.pb.go b/proto-public/pbmesh/v1alpha1/destination_policy.pb.go
new file mode 100644
index 000000000000..44a3049d5eb2
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/destination_policy.pb.go
@@ -0,0 +1,1091 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/destination_policy.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type LocalityPrioritizationMode int32
+
+const (
+	LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED LocalityPrioritizationMode = 0
+	LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_NONE        LocalityPrioritizationMode = 1
+	LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_FAILOVER    LocalityPrioritizationMode = 2
+)
+
+// Enum value maps for LocalityPrioritizationMode.
+var (
+	LocalityPrioritizationMode_name = map[int32]string{
+		0: "LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED",
+		1: "LOCALITY_PRIORITIZATION_MODE_NONE",
+		2: "LOCALITY_PRIORITIZATION_MODE_FAILOVER",
+	}
+	LocalityPrioritizationMode_value = map[string]int32{
+		"LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED": 0,
+		"LOCALITY_PRIORITIZATION_MODE_NONE":        1,
+		"LOCALITY_PRIORITIZATION_MODE_FAILOVER":    2,
+	}
+)
+
+func (x LocalityPrioritizationMode) Enum() *LocalityPrioritizationMode {
+	p := new(LocalityPrioritizationMode)
+	*p = x
+	return p
+}
+
+func (x LocalityPrioritizationMode) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (LocalityPrioritizationMode) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[0].Descriptor()
+}
+
+func (LocalityPrioritizationMode) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[0]
+}
+
+func (x LocalityPrioritizationMode) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use LocalityPrioritizationMode.Descriptor instead.
+func (LocalityPrioritizationMode) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{0}
+}
+
+type LoadBalancerPolicy int32
+
+const (
+	LoadBalancerPolicy_LOAD_BALANCER_POLICY_UNSPECIFIED   LoadBalancerPolicy = 0
+	LoadBalancerPolicy_LOAD_BALANCER_POLICY_RANDOM        LoadBalancerPolicy = 1
+	LoadBalancerPolicy_LOAD_BALANCER_POLICY_ROUND_ROBIN   LoadBalancerPolicy = 2
+	LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST LoadBalancerPolicy = 3
+	LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV        LoadBalancerPolicy = 4
+	LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH     LoadBalancerPolicy = 5
+)
+
+// Enum value maps for LoadBalancerPolicy.
+var (
+	LoadBalancerPolicy_name = map[int32]string{
+		0: "LOAD_BALANCER_POLICY_UNSPECIFIED",
+		1: "LOAD_BALANCER_POLICY_RANDOM",
+		2: "LOAD_BALANCER_POLICY_ROUND_ROBIN",
+		3: "LOAD_BALANCER_POLICY_LEAST_REQUEST",
+		4: "LOAD_BALANCER_POLICY_MAGLEV",
+		5: "LOAD_BALANCER_POLICY_RING_HASH",
+	}
+	LoadBalancerPolicy_value = map[string]int32{
+		"LOAD_BALANCER_POLICY_UNSPECIFIED":   0,
+		"LOAD_BALANCER_POLICY_RANDOM":        1,
+		"LOAD_BALANCER_POLICY_ROUND_ROBIN":   2,
+		"LOAD_BALANCER_POLICY_LEAST_REQUEST": 3,
+		"LOAD_BALANCER_POLICY_MAGLEV":        4,
+		"LOAD_BALANCER_POLICY_RING_HASH":     5,
+	}
+)
+
+func (x LoadBalancerPolicy) Enum() *LoadBalancerPolicy {
+	p := new(LoadBalancerPolicy)
+	*p = x
+	return p
+}
+
+func (x LoadBalancerPolicy) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (LoadBalancerPolicy) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[1].Descriptor()
+}
+
+func (LoadBalancerPolicy) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[1]
+}
+
+func (x LoadBalancerPolicy) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use LoadBalancerPolicy.Descriptor instead.
+func (LoadBalancerPolicy) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{1}
+}
+
+type HashPolicyField int32
+
+const (
+	HashPolicyField_HASH_POLICY_FIELD_UNSPECIFIED     HashPolicyField = 0
+	HashPolicyField_HASH_POLICY_FIELD_HEADER          HashPolicyField = 1
+	HashPolicyField_HASH_POLICY_FIELD_COOKIE          HashPolicyField = 2
+	HashPolicyField_HASH_POLICY_FIELD_QUERY_PARAMETER HashPolicyField = 3
+)
+
+// Enum value maps for HashPolicyField.
+var (
+	HashPolicyField_name = map[int32]string{
+		0: "HASH_POLICY_FIELD_UNSPECIFIED",
+		1: "HASH_POLICY_FIELD_HEADER",
+		2: "HASH_POLICY_FIELD_COOKIE",
+		3: "HASH_POLICY_FIELD_QUERY_PARAMETER",
+	}
+	HashPolicyField_value = map[string]int32{
+		"HASH_POLICY_FIELD_UNSPECIFIED":     0,
+		"HASH_POLICY_FIELD_HEADER":          1,
+		"HASH_POLICY_FIELD_COOKIE":          2,
+		"HASH_POLICY_FIELD_QUERY_PARAMETER": 3,
+	}
+)
+
+func (x HashPolicyField) Enum() *HashPolicyField {
+	p := new(HashPolicyField)
+	*p = x
+	return p
+}
+
+func (x HashPolicyField) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (HashPolicyField) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[2].Descriptor()
+}
+
+func (HashPolicyField) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[2]
+}
+
+func (x HashPolicyField) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use HashPolicyField.Descriptor instead.
+func (HashPolicyField) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{2}
+}
+
+// DestinationPolicy is the destination-controlled set of defaults that
+// are used when similar controls defined in an UpstreamConfig are left
+// unspecified.
+//
+// Users may wish to share commonly configured settings for communicating with
+// a service in one place, but yet retain the ability to tweak those on a
+// client-by-client basis, which is why there are separate resources to control
+// the definition of these values from either end of the connection.
+//
+// This is a Resource type.
+type DestinationPolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	PortConfigs map[string]*DestinationConfig `protobuf:"bytes,1,rep,name=port_configs,json=portConfigs,proto3" json:"port_configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (x *DestinationPolicy) Reset() {
+	*x = DestinationPolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DestinationPolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DestinationPolicy) ProtoMessage() {}
+
+func (x *DestinationPolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DestinationPolicy.ProtoReflect.Descriptor instead.
+func (*DestinationPolicy) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *DestinationPolicy) GetPortConfigs() map[string]*DestinationConfig {
+	if x != nil {
+		return x.PortConfigs
+	}
+	return nil
+}
+
+type DestinationConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// ConnectTimeout is the timeout for establishing new network connections
+	// to this service.
+	ConnectTimeout *durationpb.Duration `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
+	// RequestTimeout is the timeout for an HTTP request to complete before the
+	// connection is automatically terminated. If unspecified, defaults to 15
+	// seconds.
+	RequestTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=request_timeout,json=requestTimeout,proto3" json:"request_timeout,omitempty"`
+	// LoadBalancer determines the load balancing policy and configuration for
+	// services issuing requests to this upstream service.
+	LoadBalancer *LoadBalancer `protobuf:"bytes,3,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"`
+	// LocalityPrioritization controls whether the locality of services within the
+	// local partition will be used to prioritize connectivity.
+	LocalityPrioritization *LocalityPrioritization `protobuf:"bytes,4,opt,name=locality_prioritization,json=localityPrioritization,proto3" json:"locality_prioritization,omitempty"`
+}
+
+func (x *DestinationConfig) Reset() {
+	*x = DestinationConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DestinationConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DestinationConfig) ProtoMessage() {}
+
+func (x *DestinationConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DestinationConfig.ProtoReflect.Descriptor instead.
+func (*DestinationConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *DestinationConfig) GetConnectTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.ConnectTimeout
+	}
+	return nil
+}
+
+func (x *DestinationConfig) GetRequestTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.RequestTimeout
+	}
+	return nil
+}
+
+func (x *DestinationConfig) GetLoadBalancer() *LoadBalancer {
+	if x != nil {
+		return x.LoadBalancer
+	}
+	return nil
+}
+
+func (x *DestinationConfig) GetLocalityPrioritization() *LocalityPrioritization {
+	if x != nil {
+		return x.LocalityPrioritization
+	}
+	return nil
+}
+
+type LocalityPrioritization struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Mode specifies the type of prioritization that will be performed
+	// when selecting nodes in the local partition.
+	// Valid values are: "" (default "none"), "none", and "failover".
+	Mode LocalityPrioritizationMode `protobuf:"varint,1,opt,name=mode,proto3,enum=hashicorp.consul.mesh.v1alpha1.LocalityPrioritizationMode" json:"mode,omitempty"`
+}
+
+func (x *LocalityPrioritization) Reset() {
+	*x = LocalityPrioritization{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LocalityPrioritization) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LocalityPrioritization) ProtoMessage() {}
+
+func (x *LocalityPrioritization) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LocalityPrioritization.ProtoReflect.Descriptor instead.
+func (*LocalityPrioritization) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *LocalityPrioritization) GetMode() LocalityPrioritizationMode {
+	if x != nil {
+		return x.Mode
+	}
+	return LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED
+}
+
+// LoadBalancer determines the load balancing policy and configuration
+// for services issuing requests to this upstream service.
+type LoadBalancer struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Policy is the load balancing policy used to select a host
+	Policy LoadBalancerPolicy `protobuf:"varint,1,opt,name=policy,proto3,enum=hashicorp.consul.mesh.v1alpha1.LoadBalancerPolicy" json:"policy,omitempty"`
+	// HashPolicies is a list of hash policies to use for hashing load balancing
+	// algorithms. Hash policies are evaluated individually and combined such
+	// that identical lists result in the same hash.
+	//
+	// If no hash policies are present, or none are successfully evaluated,
+	// then a random backend host will be selected.
+	HashPolicies []*HashPolicy `protobuf:"bytes,2,rep,name=hash_policies,json=hashPolicies,proto3" json:"hash_policies,omitempty"`
+	// Types that are assignable to Config:
+	//
+	//	*LoadBalancer_RingHashConfig
+	//	*LoadBalancer_LeastRequestConfig
+	Config isLoadBalancer_Config `protobuf_oneof:"config"`
+}
+
+func (x *LoadBalancer) Reset() {
+	*x = LoadBalancer{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LoadBalancer) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LoadBalancer) ProtoMessage() {}
+
+func (x *LoadBalancer) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LoadBalancer.ProtoReflect.Descriptor instead.
+func (*LoadBalancer) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *LoadBalancer) GetPolicy() LoadBalancerPolicy {
+	if x != nil {
+		return x.Policy
+	}
+	return LoadBalancerPolicy_LOAD_BALANCER_POLICY_UNSPECIFIED
+}
+
+func (x *LoadBalancer) GetHashPolicies() []*HashPolicy {
+	if x != nil {
+		return x.HashPolicies
+	}
+	return nil
+}
+
+func (m *LoadBalancer) GetConfig() isLoadBalancer_Config {
+	if m != nil {
+		return m.Config
+	}
+	return nil
+}
+
+func (x *LoadBalancer) GetRingHashConfig() *RingHashConfig {
+	if x, ok := x.GetConfig().(*LoadBalancer_RingHashConfig); ok {
+		return x.RingHashConfig
+	}
+	return nil
+}
+
+func (x *LoadBalancer) GetLeastRequestConfig() *LeastRequestConfig {
+	if x, ok := x.GetConfig().(*LoadBalancer_LeastRequestConfig); ok {
+		return x.LeastRequestConfig
+	}
+	return nil
+}
+
+type isLoadBalancer_Config interface {
+	isLoadBalancer_Config()
+}
+
+type LoadBalancer_RingHashConfig struct {
+	// RingHashConfig contains configuration for the "ring_hash" policy type
+	RingHashConfig *RingHashConfig `protobuf:"bytes,3,opt,name=ring_hash_config,json=ringHashConfig,proto3,oneof"`
+}
+
+type LoadBalancer_LeastRequestConfig struct {
+	// LeastRequestConfig contains configuration for the "least_request" policy type
+	LeastRequestConfig *LeastRequestConfig `protobuf:"bytes,4,opt,name=least_request_config,json=leastRequestConfig,proto3,oneof"`
+}
+
+func (*LoadBalancer_RingHashConfig) isLoadBalancer_Config() {}
+
+func (*LoadBalancer_LeastRequestConfig) isLoadBalancer_Config() {}
+
+// RingHashConfig contains configuration for the "ring_hash" policy type
+type RingHashConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// MinimumRingSize determines the minimum number of entries in the hash ring
+	MinimumRingSize uint64 `protobuf:"varint,1,opt,name=minimum_ring_size,json=minimumRingSize,proto3" json:"minimum_ring_size,omitempty"`
+	// MaximumRingSize determines the maximum number of entries in the hash ring
+	MaximumRingSize uint64 `protobuf:"varint,2,opt,name=maximum_ring_size,json=maximumRingSize,proto3" json:"maximum_ring_size,omitempty"`
+}
+
+func (x *RingHashConfig) Reset() {
+	*x = RingHashConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RingHashConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RingHashConfig) ProtoMessage() {}
+
+func (x *RingHashConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RingHashConfig.ProtoReflect.Descriptor instead.
+func (*RingHashConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *RingHashConfig) GetMinimumRingSize() uint64 {
+	if x != nil {
+		return x.MinimumRingSize
+	}
+	return 0
+}
+
+func (x *RingHashConfig) GetMaximumRingSize() uint64 {
+	if x != nil {
+		return x.MaximumRingSize
+	}
+	return 0
+}
+
+// LeastRequestConfig contains configuration for the "least_request" policy type
+type LeastRequestConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// ChoiceCount determines the number of random healthy hosts from which to select the one with the least requests.
+	ChoiceCount uint32 `protobuf:"varint,1,opt,name=choice_count,json=choiceCount,proto3" json:"choice_count,omitempty"`
+}
+
+func (x *LeastRequestConfig) Reset() {
+	*x = LeastRequestConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LeastRequestConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LeastRequestConfig) ProtoMessage() {}
+
+func (x *LeastRequestConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LeastRequestConfig.ProtoReflect.Descriptor instead.
+func (*LeastRequestConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *LeastRequestConfig) GetChoiceCount() uint32 {
+	if x != nil {
+		return x.ChoiceCount
+	}
+	return 0
+}
+
+// HashPolicy defines which attributes will be hashed by hash-based LB algorithms
+type HashPolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Field is the attribute type to hash on.
+	// Must be one of "header","cookie", or "query_parameter".
+	// Cannot be specified along with SourceIP.
+	Field HashPolicyField `protobuf:"varint,1,opt,name=field,proto3,enum=hashicorp.consul.mesh.v1alpha1.HashPolicyField" json:"field,omitempty"`
+	// FieldValue is the value to hash.
+	// ie. header name, cookie name, URL query parameter name
+	// Cannot be specified along with SourceIP.
+	FieldValue string `protobuf:"bytes,2,opt,name=field_value,json=fieldValue,proto3" json:"field_value,omitempty"`
+	// CookieConfig contains configuration for the "cookie" hash policy type.
+	CookieConfig *CookieConfig `protobuf:"bytes,3,opt,name=cookie_config,json=cookieConfig,proto3" json:"cookie_config,omitempty"`
+	// SourceIP determines whether the hash should be of the source IP rather than of a field and field value.
+	// Cannot be specified along with Field or FieldValue.
+	SourceIp bool `protobuf:"varint,4,opt,name=source_ip,json=sourceIp,proto3" json:"source_ip,omitempty"`
+	// Terminal will short circuit the computation of the hash when multiple hash policies are present.
+	// If a hash is computed when a Terminal policy is evaluated,
+	// then that hash will be used and subsequent hash policies will be ignored.
+	Terminal bool `protobuf:"varint,5,opt,name=terminal,proto3" json:"terminal,omitempty"`
+}
+
+func (x *HashPolicy) Reset() {
+	*x = HashPolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HashPolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HashPolicy) ProtoMessage() {}
+
+func (x *HashPolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HashPolicy.ProtoReflect.Descriptor instead.
+func (*HashPolicy) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *HashPolicy) GetField() HashPolicyField {
+	if x != nil {
+		return x.Field
+	}
+	return HashPolicyField_HASH_POLICY_FIELD_UNSPECIFIED
+}
+
+func (x *HashPolicy) GetFieldValue() string {
+	if x != nil {
+		return x.FieldValue
+	}
+	return ""
+}
+
+func (x *HashPolicy) GetCookieConfig() *CookieConfig {
+	if x != nil {
+		return x.CookieConfig
+	}
+	return nil
+}
+
+func (x *HashPolicy) GetSourceIp() bool {
+	if x != nil {
+		return x.SourceIp
+	}
+	return false
+}
+
+func (x *HashPolicy) GetTerminal() bool {
+	if x != nil {
+		return x.Terminal
+	}
+	return false
+}
+
+// CookieConfig contains configuration for the "cookie" hash policy type.
+// This is specified to have Envoy generate a cookie for a client on its first request.
+type CookieConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Generates a session cookie with no expiration.
+	Session bool `protobuf:"varint,1,opt,name=session,proto3" json:"session,omitempty"`
+	// TTL for generated cookies. Cannot be specified for session cookies.
+	Ttl *durationpb.Duration `protobuf:"bytes,2,opt,name=ttl,proto3" json:"ttl,omitempty"`
+	// The path to set for the cookie
+	Path string `protobuf:"bytes,3,opt,name=path,proto3" json:"path,omitempty"`
+}
+
+func (x *CookieConfig) Reset() {
+	*x = CookieConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CookieConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CookieConfig) ProtoMessage() {}
+
+func (x *CookieConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CookieConfig.ProtoReflect.Descriptor instead.
+func (*CookieConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *CookieConfig) GetSession() bool {
+	if x != nil {
+		return x.Session
+	}
+	return false
+}
+
+func (x *CookieConfig) GetTtl() *durationpb.Duration {
+	if x != nil {
+		return x.Ttl
+	}
+	return nil
+}
+
+func (x *CookieConfig) GetPath() string {
+	if x != nil {
+		return x.Path
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_destination_policy_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_destination_policy_proto_rawDesc = []byte{
+	0x0a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xed, 0x01, 0x0a, 0x11, 0x44,
+	0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x12, 0x65, 0x0a, 0x0c, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73,
+	0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x70, 0x6f, 0x72, 0x74,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x71, 0x0a, 0x10, 0x50, 0x6f, 0x72, 0x74, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b,
+	0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x47, 0x0a,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65,
+	0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdf, 0x02, 0x0a, 0x11, 0x44,
+	0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d,
+	0x65, 0x6f, 0x75, 0x74, 0x12, 0x42, 0x0a, 0x0f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f,
+	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x51, 0x0a, 0x0d, 0x6c, 0x6f, 0x61, 0x64,
+	0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x52, 0x0c, 0x6c,
+	0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x6f, 0x0a, 0x17, 0x6c,
+	0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x69,
+	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f,
+	0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x7a, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x16, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x50, 0x72,
+	0x69, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x68, 0x0a, 0x16,
+	0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x69,
+	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x50, 0x72,
+	0x69, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65,
+	0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x22, 0xf9, 0x02, 0x0a, 0x0c, 0x4c, 0x6f, 0x61, 0x64, 0x42,
+	0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x4a, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c,
+	0x61, 0x6e, 0x63, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x06, 0x70, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x12, 0x4f, 0x0a, 0x0d, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x70, 0x6f, 0x6c, 0x69,
+	0x63, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68,
+	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0c, 0x68, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x69, 0x65, 0x73, 0x12, 0x5a, 0x0a, 0x10, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73,
+	0x68, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00,
+	0x52, 0x0e, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x12, 0x66, 0x0a, 0x14, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x48, 0x00, 0x52, 0x12, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x08, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x22, 0x68, 0x0a, 0x0e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f,
+	0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52,
+	0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65,
+	0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67,
+	0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x6d, 0x61, 0x78,
+	0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x37, 0x0a, 0x12,
+	0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65,
+	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x80, 0x02, 0x0a, 0x0a, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x12, 0x45, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x46,
+	0x69, 0x65, 0x6c, 0x64, 0x52, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x66,
+	0x69, 0x65, 0x6c, 0x64, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0a, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x51, 0x0a, 0x0d,
+	0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x0c, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
+	0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x1a, 0x0a, 0x08,
+	0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08,
+	0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x69, 0x0a, 0x0c, 0x43, 0x6f, 0x6f, 0x6b,
+	0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x73, 0x73,
+	0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x65, 0x73, 0x73, 0x69,
+	0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x12,
+	0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70,
+	0x61, 0x74, 0x68, 0x2a, 0x9c, 0x01, 0x0a, 0x1a, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79,
+	0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f,
+	0x64, 0x65, 0x12, 0x2c, 0x0a, 0x28, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x50,
+	0x52, 0x49, 0x4f, 0x52, 0x49, 0x54, 0x49, 0x5a, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4d, 0x4f,
+	0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00,
+	0x12, 0x25, 0x0a, 0x21, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x50, 0x52, 0x49,
+	0x4f, 0x52, 0x49, 0x54, 0x49, 0x5a, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4d, 0x4f, 0x44, 0x45,
+	0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x29, 0x0a, 0x25, 0x4c, 0x4f, 0x43, 0x41, 0x4c,
+	0x49, 0x54, 0x59, 0x5f, 0x50, 0x52, 0x49, 0x4f, 0x52, 0x49, 0x54, 0x49, 0x5a, 0x41, 0x54, 0x49,
+	0x4f, 0x4e, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x4f, 0x56, 0x45, 0x52,
+	0x10, 0x02, 0x2a, 0xee, 0x01, 0x0a, 0x12, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e,
+	0x63, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x24, 0x0a, 0x20, 0x4c, 0x4f, 0x41,
+	0x44, 0x5f, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x52, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43,
+	0x59, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
+	0x1f, 0x0a, 0x1b, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x52,
+	0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x52, 0x41, 0x4e, 0x44, 0x4f, 0x4d, 0x10, 0x01,
+	0x12, 0x24, 0x0a, 0x20, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45,
+	0x52, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x52, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x52,
+	0x4f, 0x42, 0x49, 0x4e, 0x10, 0x02, 0x12, 0x26, 0x0a, 0x22, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x42,
+	0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x52, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x4c,
+	0x45, 0x41, 0x53, 0x54, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x03, 0x12, 0x1f,
+	0x0a, 0x1b, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x52, 0x5f,
+	0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x4d, 0x41, 0x47, 0x4c, 0x45, 0x56, 0x10, 0x04, 0x12,
+	0x22, 0x0a, 0x1e, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x52,
+	0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x48, 0x41, 0x53,
+	0x48, 0x10, 0x05, 0x2a, 0x97, 0x01, 0x0a, 0x0f, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x21, 0x0a, 0x1d, 0x48, 0x41, 0x53, 0x48, 0x5f,
+	0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x55, 0x4e, 0x53,
+	0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x41,
+	0x53, 0x48, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f,
+	0x48, 0x45, 0x41, 0x44, 0x45, 0x52, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x41, 0x53, 0x48,
+	0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x43, 0x4f,
+	0x4f, 0x4b, 0x49, 0x45, 0x10, 0x02, 0x12, 0x25, 0x0a, 0x21, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x50,
+	0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x51, 0x55, 0x45, 0x52,
+	0x59, 0x5f, 0x50, 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x10, 0x03, 0x42, 0x9e, 0x02,
+	0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x42, 0x16, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45,
+	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d,
+	0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
+	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47,
+	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a,
+	0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_destination_policy_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_destination_policy_proto_rawDescData = file_pbmesh_v1alpha1_destination_policy_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_destination_policy_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_destination_policy_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_destination_policy_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_destination_policy_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
+var file_pbmesh_v1alpha1_destination_policy_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
+var file_pbmesh_v1alpha1_destination_policy_proto_goTypes = []interface{}{
+	(LocalityPrioritizationMode)(0), // 0: hashicorp.consul.mesh.v1alpha1.LocalityPrioritizationMode
+	(LoadBalancerPolicy)(0),         // 1: hashicorp.consul.mesh.v1alpha1.LoadBalancerPolicy
+	(HashPolicyField)(0),            // 2: hashicorp.consul.mesh.v1alpha1.HashPolicyField
+	(*DestinationPolicy)(nil),       // 3: hashicorp.consul.mesh.v1alpha1.DestinationPolicy
+	(*DestinationConfig)(nil),       // 4: hashicorp.consul.mesh.v1alpha1.DestinationConfig
+	(*LocalityPrioritization)(nil),  // 5: hashicorp.consul.mesh.v1alpha1.LocalityPrioritization
+	(*LoadBalancer)(nil),            // 6: hashicorp.consul.mesh.v1alpha1.LoadBalancer
+	(*RingHashConfig)(nil),          // 7: hashicorp.consul.mesh.v1alpha1.RingHashConfig
+	(*LeastRequestConfig)(nil),      // 8: hashicorp.consul.mesh.v1alpha1.LeastRequestConfig
+	(*HashPolicy)(nil),              // 9: hashicorp.consul.mesh.v1alpha1.HashPolicy
+	(*CookieConfig)(nil),            // 10: hashicorp.consul.mesh.v1alpha1.CookieConfig
+	nil,                             // 11: hashicorp.consul.mesh.v1alpha1.DestinationPolicy.PortConfigsEntry
+	(*durationpb.Duration)(nil),     // 12: google.protobuf.Duration
+}
+var file_pbmesh_v1alpha1_destination_policy_proto_depIdxs = []int32{
+	11, // 0: hashicorp.consul.mesh.v1alpha1.DestinationPolicy.port_configs:type_name -> hashicorp.consul.mesh.v1alpha1.DestinationPolicy.PortConfigsEntry
+	12, // 1: hashicorp.consul.mesh.v1alpha1.DestinationConfig.connect_timeout:type_name -> google.protobuf.Duration
+	12, // 2: hashicorp.consul.mesh.v1alpha1.DestinationConfig.request_timeout:type_name -> google.protobuf.Duration
+	6,  // 3: hashicorp.consul.mesh.v1alpha1.DestinationConfig.load_balancer:type_name -> hashicorp.consul.mesh.v1alpha1.LoadBalancer
+	5,  // 4: hashicorp.consul.mesh.v1alpha1.DestinationConfig.locality_prioritization:type_name -> hashicorp.consul.mesh.v1alpha1.LocalityPrioritization
+	0,  // 5: hashicorp.consul.mesh.v1alpha1.LocalityPrioritization.mode:type_name -> hashicorp.consul.mesh.v1alpha1.LocalityPrioritizationMode
+	1,  // 6: hashicorp.consul.mesh.v1alpha1.LoadBalancer.policy:type_name -> hashicorp.consul.mesh.v1alpha1.LoadBalancerPolicy
+	9,  // 7: hashicorp.consul.mesh.v1alpha1.LoadBalancer.hash_policies:type_name -> hashicorp.consul.mesh.v1alpha1.HashPolicy
+	7,  // 8: hashicorp.consul.mesh.v1alpha1.LoadBalancer.ring_hash_config:type_name -> hashicorp.consul.mesh.v1alpha1.RingHashConfig
+	8,  // 9: hashicorp.consul.mesh.v1alpha1.LoadBalancer.least_request_config:type_name -> hashicorp.consul.mesh.v1alpha1.LeastRequestConfig
+	2,  // 10: hashicorp.consul.mesh.v1alpha1.HashPolicy.field:type_name -> hashicorp.consul.mesh.v1alpha1.HashPolicyField
+	10, // 11: hashicorp.consul.mesh.v1alpha1.HashPolicy.cookie_config:type_name -> hashicorp.consul.mesh.v1alpha1.CookieConfig
+	12, // 12: hashicorp.consul.mesh.v1alpha1.CookieConfig.ttl:type_name -> google.protobuf.Duration
+	4,  // 13: hashicorp.consul.mesh.v1alpha1.DestinationPolicy.PortConfigsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.DestinationConfig
+	14, // [14:14] is the sub-list for method output_type
+	14, // [14:14] is the sub-list for method input_type
+	14, // [14:14] is the sub-list for extension type_name
+	14, // [14:14] is the sub-list for extension extendee
+	0,  // [0:14] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_destination_policy_proto_init() }
+func file_pbmesh_v1alpha1_destination_policy_proto_init() {
+	if File_pbmesh_v1alpha1_destination_policy_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DestinationPolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DestinationConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LocalityPrioritization); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LoadBalancer); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RingHashConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LeastRequestConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HashPolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CookieConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[3].OneofWrappers = []interface{}{
+		(*LoadBalancer_RingHashConfig)(nil),
+		(*LoadBalancer_LeastRequestConfig)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_destination_policy_proto_rawDesc,
+			NumEnums:      3,
+			NumMessages:   9,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_destination_policy_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_destination_policy_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_destination_policy_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_destination_policy_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_destination_policy_proto = out.File
+	file_pbmesh_v1alpha1_destination_policy_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_destination_policy_proto_goTypes = nil
+	file_pbmesh_v1alpha1_destination_policy_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/destination_policy.proto b/proto-public/pbmesh/v1alpha1/destination_policy.proto
new file mode 100644
index 000000000000..cc03f38d8c05
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/destination_policy.proto
@@ -0,0 +1,147 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "google/protobuf/duration.proto";
+
+// DestinationPolicy is the destination-controlled set of defaults that
+// are used when similar controls defined in an UpstreamConfig are left
+// unspecified.
+//
+// Users may wish to share commonly configured settings for communicating with
+// a service in one place, but yet retain the ability to tweak those on a
+// client-by-client basis, which is why there are separate resources to control
+// the definition of these values from either end of the connection.
+//
+// This is a Resource type.
+message DestinationPolicy {
+  map<string, DestinationConfig> port_configs = 1;
+}
+
+message DestinationConfig {
+  // ConnectTimeout is the timeout for establishing new network connections
+  // to this service.
+  google.protobuf.Duration connect_timeout = 1;
+
+  // RequestTimeout is the timeout for an HTTP request to complete before the
+  // connection is automatically terminated. If unspecified, defaults to 15
+  // seconds.
+  google.protobuf.Duration request_timeout = 2;
+
+  // LoadBalancer determines the load balancing policy and configuration for
+  // services issuing requests to this upstream service.
+  LoadBalancer load_balancer = 3;
+
+  // LocalityPrioritization controls whether the locality of services within the
+  // local partition will be used to prioritize connectivity.
+  LocalityPrioritization locality_prioritization = 4;
+}
+
+message LocalityPrioritization {
+  // Mode specifies the type of prioritization that will be performed
+  // when selecting nodes in the local partition.
+  // Valid values are: "" (default "none"), "none", and "failover".
+  LocalityPrioritizationMode mode = 1;
+}
+
+enum LocalityPrioritizationMode {
+  LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED = 0;
+  LOCALITY_PRIORITIZATION_MODE_NONE = 1;
+  LOCALITY_PRIORITIZATION_MODE_FAILOVER = 2;
+}
+
+// LoadBalancer determines the load balancing policy and configuration
+// for services issuing requests to this upstream service.
+//
+message LoadBalancer {
+  // Policy is the load balancing policy used to select a host
+  LoadBalancerPolicy policy = 1;
+
+  // HashPolicies is a list of hash policies to use for hashing load balancing
+  // algorithms. Hash policies are evaluated individually and combined such
+  // that identical lists result in the same hash.
+  //
+  // If no hash policies are present, or none are successfully evaluated,
+  // then a random backend host will be selected.
+  repeated HashPolicy hash_policies = 2;
+
+  oneof config {
+    // RingHashConfig contains configuration for the "ring_hash" policy type
+    RingHashConfig ring_hash_config = 3;
+
+    // LeastRequestConfig contains configuration for the "least_request" policy type
+    LeastRequestConfig least_request_config = 4;
+  }
+}
+
+enum LoadBalancerPolicy {
+  LOAD_BALANCER_POLICY_UNSPECIFIED = 0;
+  LOAD_BALANCER_POLICY_RANDOM = 1;
+  LOAD_BALANCER_POLICY_ROUND_ROBIN = 2;
+  LOAD_BALANCER_POLICY_LEAST_REQUEST = 3;
+  LOAD_BALANCER_POLICY_MAGLEV = 4;
+  LOAD_BALANCER_POLICY_RING_HASH = 5;
+}
+
+// RingHashConfig contains configuration for the "ring_hash" policy type
+message RingHashConfig {
+  // MinimumRingSize determines the minimum number of entries in the hash ring
+  uint64 minimum_ring_size = 1;
+
+  // MaximumRingSize determines the maximum number of entries in the hash ring
+  uint64 maximum_ring_size = 2;
+}
+
+// LeastRequestConfig contains configuration for the "least_request" policy type
+message LeastRequestConfig {
+  // ChoiceCount determines the number of random healthy hosts from which to select the one with the least requests.
+  uint32 choice_count = 1;
+}
+
+// HashPolicy defines which attributes will be hashed by hash-based LB algorithms
+message HashPolicy {
+  // Field is the attribute type to hash on.
+  // Must be one of "header","cookie", or "query_parameter".
+  // Cannot be specified along with SourceIP.
+  HashPolicyField field = 1;
+
+  // FieldValue is the value to hash.
+  // ie. header name, cookie name, URL query parameter name
+  // Cannot be specified along with SourceIP.
+  string field_value = 2;
+
+  // CookieConfig contains configuration for the "cookie" hash policy type.
+  CookieConfig cookie_config = 3;
+
+  // SourceIP determines whether the hash should be of the source IP rather than of a field and field value.
+  // Cannot be specified along with Field or FieldValue.
+  bool source_ip = 4;
+
+  // Terminal will short circuit the computation of the hash when multiple hash policies are present.
+  // If a hash is computed when a Terminal policy is evaluated,
+  // then that hash will be used and subsequent hash policies will be ignored.
+  bool terminal = 5;
+}
+
+enum HashPolicyField {
+  HASH_POLICY_FIELD_UNSPECIFIED = 0;
+  HASH_POLICY_FIELD_HEADER = 1;
+  HASH_POLICY_FIELD_COOKIE = 2;
+  HASH_POLICY_FIELD_QUERY_PARAMETER = 3;
+}
+
+// CookieConfig contains configuration for the "cookie" hash policy type.
+// This is specified to have Envoy generate a cookie for a client on its first request.
+message CookieConfig {
+  // Generates a session cookie with no expiration.
+  bool session = 1;
+
+  // TTL for generated cookies. Cannot be specified for session cookies.
+  google.protobuf.Duration ttl = 2;
+
+  // The path to set for the cookie
+  string path = 3;
+}
diff --git a/proto-public/pbmesh/v1alpha1/grpc_route.pb.binary.go b/proto-public/pbmesh/v1alpha1/grpc_route.pb.binary.go
new file mode 100644
index 000000000000..40efa6110d0b
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/grpc_route.pb.binary.go
@@ -0,0 +1,78 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/grpc_route.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *GRPCRoute) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *GRPCRoute) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *GRPCRouteRule) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *GRPCRouteRule) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *GRPCRouteMatch) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *GRPCRouteMatch) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *GRPCMethodMatch) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *GRPCMethodMatch) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *GRPCHeaderMatch) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *GRPCHeaderMatch) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *GRPCRouteFilter) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *GRPCRouteFilter) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *GRPCBackendRef) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *GRPCBackendRef) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/grpc_route.pb.go b/proto-public/pbmesh/v1alpha1/grpc_route.pb.go
new file mode 100644
index 000000000000..2f25aae654e7
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/grpc_route.pb.go
@@ -0,0 +1,887 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/grpc_route.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type GRPCMethodMatchType int32
+
+const (
+	GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_UNSPECIFIED GRPCMethodMatchType = 0
+	GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT       GRPCMethodMatchType = 1
+	GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_REGEX       GRPCMethodMatchType = 2
+)
+
+// Enum value maps for GRPCMethodMatchType.
+var (
+	GRPCMethodMatchType_name = map[int32]string{
+		0: "GRPC_METHOD_MATCH_TYPE_UNSPECIFIED",
+		1: "GRPC_METHOD_MATCH_TYPE_EXACT",
+		2: "GRPC_METHOD_MATCH_TYPE_REGEX",
+	}
+	GRPCMethodMatchType_value = map[string]int32{
+		"GRPC_METHOD_MATCH_TYPE_UNSPECIFIED": 0,
+		"GRPC_METHOD_MATCH_TYPE_EXACT":       1,
+		"GRPC_METHOD_MATCH_TYPE_REGEX":       2,
+	}
+)
+
+func (x GRPCMethodMatchType) Enum() *GRPCMethodMatchType {
+	p := new(GRPCMethodMatchType)
+	*p = x
+	return p
+}
+
+func (x GRPCMethodMatchType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (GRPCMethodMatchType) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_grpc_route_proto_enumTypes[0].Descriptor()
+}
+
+func (GRPCMethodMatchType) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_grpc_route_proto_enumTypes[0]
+}
+
+func (x GRPCMethodMatchType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use GRPCMethodMatchType.Descriptor instead.
+func (GRPCMethodMatchType) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{0}
+}
+
+// NOTE: this should align to the GAMMA/gateway-api version, or at least be
+// easily translatable.
+//
+// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.GRPCRoute
+//
+// This is a Resource type.
+type GRPCRoute struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// ParentRefs references the resources (usually Gateways) that a Route wants
+	// to be attached to. Note that the referenced parent resource needs to allow
+	// this for the attachment to be complete. For Gateways, that means the
+	// Gateway needs to allow attachment from Routes of this kind and namespace.
+	//
+	// It is invalid to reference an identical parent more than once. It is valid
+	// to reference multiple distinct sections within the same parent resource,
+	// such as 2 Listeners within a Gateway.
+	ParentRefs []*ParentReference `protobuf:"bytes,1,rep,name=parent_refs,json=parentRefs,proto3" json:"parent_refs,omitempty"`
+	Hostnames  []string           `protobuf:"bytes,2,rep,name=hostnames,proto3" json:"hostnames,omitempty"`
+	// Rules are a list of GRPC matchers, filters and actions.
+	Rules []*GRPCRouteRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
+}
+
+func (x *GRPCRoute) Reset() {
+	*x = GRPCRoute{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GRPCRoute) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GRPCRoute) ProtoMessage() {}
+
+func (x *GRPCRoute) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GRPCRoute.ProtoReflect.Descriptor instead.
+func (*GRPCRoute) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GRPCRoute) GetParentRefs() []*ParentReference {
+	if x != nil {
+		return x.ParentRefs
+	}
+	return nil
+}
+
+func (x *GRPCRoute) GetHostnames() []string {
+	if x != nil {
+		return x.Hostnames
+	}
+	return nil
+}
+
+func (x *GRPCRoute) GetRules() []*GRPCRouteRule {
+	if x != nil {
+		return x.Rules
+	}
+	return nil
+}
+
+type GRPCRouteRule struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Matches     []*GRPCRouteMatch  `protobuf:"bytes,1,rep,name=matches,proto3" json:"matches,omitempty"`
+	Filters     []*GRPCRouteFilter `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"`
+	BackendRefs []*GRPCBackendRef  `protobuf:"bytes,3,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
+	// ALTERNATIVE: Timeouts defines the timeouts that can be configured for an HTTP request.
+	Timeouts *HTTPRouteTimeouts `protobuf:"bytes,4,opt,name=timeouts,proto3" json:"timeouts,omitempty"`
+	// ALTERNATIVE:
+	Retries *HTTPRouteRetries `protobuf:"bytes,5,opt,name=retries,proto3" json:"retries,omitempty"`
+}
+
+func (x *GRPCRouteRule) Reset() {
+	*x = GRPCRouteRule{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GRPCRouteRule) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GRPCRouteRule) ProtoMessage() {}
+
+func (x *GRPCRouteRule) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GRPCRouteRule.ProtoReflect.Descriptor instead.
+func (*GRPCRouteRule) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *GRPCRouteRule) GetMatches() []*GRPCRouteMatch {
+	if x != nil {
+		return x.Matches
+	}
+	return nil
+}
+
+func (x *GRPCRouteRule) GetFilters() []*GRPCRouteFilter {
+	if x != nil {
+		return x.Filters
+	}
+	return nil
+}
+
+func (x *GRPCRouteRule) GetBackendRefs() []*GRPCBackendRef {
+	if x != nil {
+		return x.BackendRefs
+	}
+	return nil
+}
+
+func (x *GRPCRouteRule) GetTimeouts() *HTTPRouteTimeouts {
+	if x != nil {
+		return x.Timeouts
+	}
+	return nil
+}
+
+func (x *GRPCRouteRule) GetRetries() *HTTPRouteRetries {
+	if x != nil {
+		return x.Retries
+	}
+	return nil
+}
+
+type GRPCRouteMatch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Method specifies a gRPC request service/method matcher. If this field is
+	// not specified, all services and methods will match.
+	Method *GRPCMethodMatch `protobuf:"bytes,1,opt,name=method,proto3" json:"method,omitempty"`
+	// Headers specifies gRPC request header matchers. Multiple match values are
+	// ANDed together, meaning, a request MUST match all the specified headers to
+	// select the route.
+	Headers []*GRPCHeaderMatch `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
+}
+
+func (x *GRPCRouteMatch) Reset() {
+	*x = GRPCRouteMatch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GRPCRouteMatch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GRPCRouteMatch) ProtoMessage() {}
+
+func (x *GRPCRouteMatch) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GRPCRouteMatch.ProtoReflect.Descriptor instead.
+func (*GRPCRouteMatch) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *GRPCRouteMatch) GetMethod() *GRPCMethodMatch {
+	if x != nil {
+		return x.Method
+	}
+	return nil
+}
+
+func (x *GRPCRouteMatch) GetHeaders() []*GRPCHeaderMatch {
+	if x != nil {
+		return x.Headers
+	}
+	return nil
+}
+
+type GRPCMethodMatch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Type specifies how to match against the service and/or method. Support:
+	// Core (Exact with service and method specified)
+	Type GRPCMethodMatchType `protobuf:"varint,1,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.GRPCMethodMatchType" json:"type,omitempty"`
+	// Value of the service to match against. If left empty or omitted, will
+	// match any service.
+	//
+	// At least one of Service and Method MUST be a non-empty string.
+	Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"`
+	// Value of the method to match against. If left empty or omitted, will match
+	// all services.
+	//
+	// At least one of Service and Method MUST be a non-empty string.}
+	Method string `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"`
+}
+
+func (x *GRPCMethodMatch) Reset() {
+	*x = GRPCMethodMatch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GRPCMethodMatch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GRPCMethodMatch) ProtoMessage() {}
+
+func (x *GRPCMethodMatch) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GRPCMethodMatch.ProtoReflect.Descriptor instead.
+func (*GRPCMethodMatch) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GRPCMethodMatch) GetType() GRPCMethodMatchType {
+	if x != nil {
+		return x.Type
+	}
+	return GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_UNSPECIFIED
+}
+
+func (x *GRPCMethodMatch) GetService() string {
+	if x != nil {
+		return x.Service
+	}
+	return ""
+}
+
+func (x *GRPCMethodMatch) GetMethod() string {
+	if x != nil {
+		return x.Method
+	}
+	return ""
+}
+
+type GRPCHeaderMatch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Type  HeaderMatchType `protobuf:"varint,1,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.HeaderMatchType" json:"type,omitempty"`
+	Name  string          `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Value string          `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *GRPCHeaderMatch) Reset() {
+	*x = GRPCHeaderMatch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GRPCHeaderMatch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GRPCHeaderMatch) ProtoMessage() {}
+
+func (x *GRPCHeaderMatch) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GRPCHeaderMatch.ProtoReflect.Descriptor instead.
+func (*GRPCHeaderMatch) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *GRPCHeaderMatch) GetType() HeaderMatchType {
+	if x != nil {
+		return x.Type
+	}
+	return HeaderMatchType_HEADER_MATCH_TYPE_UNSPECIFIED
+}
+
+func (x *GRPCHeaderMatch) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *GRPCHeaderMatch) GetValue() string {
+	if x != nil {
+		return x.Value
+	}
+	return ""
+}
+
+type GRPCRouteFilter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// RequestHeaderModifier defines a schema for a filter that modifies request
+	// headers.
+	RequestHeaderModifier *HTTPHeaderFilter `protobuf:"bytes,1,opt,name=request_header_modifier,json=requestHeaderModifier,proto3" json:"request_header_modifier,omitempty"`
+	// ResponseHeaderModifier defines a schema for a filter that modifies
+	// response headers.
+	ResponseHeaderModifier *HTTPHeaderFilter `protobuf:"bytes,2,opt,name=response_header_modifier,json=responseHeaderModifier,proto3" json:"response_header_modifier,omitempty"`
+	// URLRewrite defines a schema for a filter that modifies a request during
+	// forwarding.
+	UrlRewrite *HTTPURLRewriteFilter `protobuf:"bytes,5,opt,name=url_rewrite,json=urlRewrite,proto3" json:"url_rewrite,omitempty"`
+}
+
+func (x *GRPCRouteFilter) Reset() {
+	*x = GRPCRouteFilter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GRPCRouteFilter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GRPCRouteFilter) ProtoMessage() {}
+
+func (x *GRPCRouteFilter) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GRPCRouteFilter.ProtoReflect.Descriptor instead.
+func (*GRPCRouteFilter) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *GRPCRouteFilter) GetRequestHeaderModifier() *HTTPHeaderFilter {
+	if x != nil {
+		return x.RequestHeaderModifier
+	}
+	return nil
+}
+
+func (x *GRPCRouteFilter) GetResponseHeaderModifier() *HTTPHeaderFilter {
+	if x != nil {
+		return x.ResponseHeaderModifier
+	}
+	return nil
+}
+
+func (x *GRPCRouteFilter) GetUrlRewrite() *HTTPURLRewriteFilter {
+	if x != nil {
+		return x.UrlRewrite
+	}
+	return nil
+}
+
+type GRPCBackendRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	BackendRef *BackendReference `protobuf:"bytes,1,opt,name=backend_ref,json=backendRef,proto3" json:"backend_ref,omitempty"`
+	// Weight specifies the proportion of requests forwarded to the referenced
+	// backend. This is computed as weight/(sum of all weights in this
+	// BackendRefs list). For non-zero values, there may be some epsilon from the
+	// exact proportion defined here depending on the precision an implementation
+	// supports. Weight is not a percentage and the sum of weights does not need
+	// to equal 100.
+	//
+	// If only one backend is specified and it has a weight greater than 0, 100%
+	// of the traffic is forwarded to that backend. If weight is set to 0, no
+	// traffic should be forwarded for this entry. If unspecified, weight defaults
+	// to 1.
+	Weight uint32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
+	// Filters defined at this level should be executed if and only if the
+	// request is being forwarded to the backend defined here.
+	Filters []*GRPCRouteFilter `protobuf:"bytes,3,rep,name=filters,proto3" json:"filters,omitempty"`
+}
+
+func (x *GRPCBackendRef) Reset() {
+	*x = GRPCBackendRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GRPCBackendRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GRPCBackendRef) ProtoMessage() {}
+
+func (x *GRPCBackendRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GRPCBackendRef.ProtoReflect.Descriptor instead.
+func (*GRPCBackendRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *GRPCBackendRef) GetBackendRef() *BackendReference {
+	if x != nil {
+		return x.BackendRef
+	}
+	return nil
+}
+
+func (x *GRPCBackendRef) GetWeight() uint32 {
+	if x != nil {
+		return x.Weight
+	}
+	return 0
+}
+
+func (x *GRPCBackendRef) GetFilters() []*GRPCRouteFilter {
+	if x != nil {
+		return x.Filters
+	}
+	return nil
+}
+
+var File_pbmesh_v1alpha1_grpc_route_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_grpc_route_proto_rawDesc = []byte{
+	0x0a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x1a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x1a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x1a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x72,
+	0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, 0x70, 0x62,
+	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x68, 0x74,
+	0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
+	0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc0, 0x01, 0x0a, 0x09, 0x47, 0x52, 0x50, 0x43,
+	0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x50, 0x0a, 0x0b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f,
+	0x72, 0x65, 0x66, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65,
+	0x6e, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x72,
+	0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x6e,
+	0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x68, 0x6f, 0x73, 0x74,
+	0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x43, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52,
+	0x75, 0x6c, 0x65, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x22, 0x92, 0x03, 0x0a, 0x0d, 0x47,
+	0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x48, 0x0a, 0x07,
+	0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47,
+	0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x6d,
+	0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72,
+	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72,
+	0x73, 0x12, 0x51, 0x0a, 0x0c, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66,
+	0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x42, 0x61, 0x63,
+	0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64,
+	0x52, 0x65, 0x66, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74,
+	0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x52, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x73, 0x12, 0x4a, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52,
+	0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x22,
+	0xa4, 0x01, 0x0a, 0x0e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x12, 0x47, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x49, 0x0a, 0x07, 0x68,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52,
+	0x50, 0x43, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x68,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x8c, 0x01, 0x0a, 0x0f, 0x47, 0x52, 0x50, 0x43, 0x4d,
+	0x65, 0x74, 0x68, 0x6f, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x47, 0x0a, 0x04, 0x74, 0x79,
+	0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x4d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74,
+	0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x16, 0x0a,
+	0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d,
+	0x65, 0x74, 0x68, 0x6f, 0x64, 0x22, 0x80, 0x01, 0x0a, 0x0f, 0x47, 0x52, 0x50, 0x43, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x43, 0x0a, 0x04, 0x74, 0x79, 0x70,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12,
+	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xbe, 0x02, 0x0a, 0x0f, 0x47, 0x52, 0x50,
+	0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x68, 0x0a, 0x17,
+	0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d,
+	0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48,
+	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52,
+	0x15, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f,
+	0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x6a, 0x0a, 0x18, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x6f, 0x64, 0x69, 0x66, 0x69,
+	0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x16, 0x72, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69,
+	0x65, 0x72, 0x12, 0x55, 0x0a, 0x0b, 0x75, 0x72, 0x6c, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74,
+	0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x55, 0x52, 0x4c,
+	0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0a, 0x75,
+	0x72, 0x6c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0xc6, 0x01, 0x0a, 0x0e, 0x47, 0x52,
+	0x50, 0x43, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12, 0x51, 0x0a, 0x0b,
+	0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65,
+	0x6e, 0x63, 0x65, 0x52, 0x0a, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12,
+	0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52,
+	0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65,
+	0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65,
+	0x72, 0x73, 0x2a, 0x81, 0x01, 0x0a, 0x13, 0x47, 0x52, 0x50, 0x43, 0x4d, 0x65, 0x74, 0x68, 0x6f,
+	0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x26, 0x0a, 0x22, 0x47, 0x52,
+	0x50, 0x43, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
+	0x10, 0x00, 0x12, 0x20, 0x0a, 0x1c, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f,
+	0x44, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x41,
+	0x43, 0x54, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x4d, 0x45, 0x54,
+	0x48, 0x4f, 0x44, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52,
+	0x45, 0x47, 0x45, 0x58, 0x10, 0x02, 0x42, 0x96, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0e, 0x47,
+	0x72, 0x70, 0x63, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68,
+	0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02,
+	0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c,
+	0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a,
+	0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_grpc_route_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_grpc_route_proto_rawDescData = file_pbmesh_v1alpha1_grpc_route_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_grpc_route_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_grpc_route_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_grpc_route_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_grpc_route_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbmesh_v1alpha1_grpc_route_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
+var file_pbmesh_v1alpha1_grpc_route_proto_goTypes = []interface{}{
+	(GRPCMethodMatchType)(0),     // 0: hashicorp.consul.mesh.v1alpha1.GRPCMethodMatchType
+	(*GRPCRoute)(nil),            // 1: hashicorp.consul.mesh.v1alpha1.GRPCRoute
+	(*GRPCRouteRule)(nil),        // 2: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule
+	(*GRPCRouteMatch)(nil),       // 3: hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch
+	(*GRPCMethodMatch)(nil),      // 4: hashicorp.consul.mesh.v1alpha1.GRPCMethodMatch
+	(*GRPCHeaderMatch)(nil),      // 5: hashicorp.consul.mesh.v1alpha1.GRPCHeaderMatch
+	(*GRPCRouteFilter)(nil),      // 6: hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
+	(*GRPCBackendRef)(nil),       // 7: hashicorp.consul.mesh.v1alpha1.GRPCBackendRef
+	(*ParentReference)(nil),      // 8: hashicorp.consul.mesh.v1alpha1.ParentReference
+	(*HTTPRouteTimeouts)(nil),    // 9: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
+	(*HTTPRouteRetries)(nil),     // 10: hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
+	(HeaderMatchType)(0),         // 11: hashicorp.consul.mesh.v1alpha1.HeaderMatchType
+	(*HTTPHeaderFilter)(nil),     // 12: hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
+	(*HTTPURLRewriteFilter)(nil), // 13: hashicorp.consul.mesh.v1alpha1.HTTPURLRewriteFilter
+	(*BackendReference)(nil),     // 14: hashicorp.consul.mesh.v1alpha1.BackendReference
+}
+var file_pbmesh_v1alpha1_grpc_route_proto_depIdxs = []int32{
+	8,  // 0: hashicorp.consul.mesh.v1alpha1.GRPCRoute.parent_refs:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
+	2,  // 1: hashicorp.consul.mesh.v1alpha1.GRPCRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteRule
+	3,  // 2: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule.matches:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch
+	6,  // 3: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule.filters:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
+	7,  // 4: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCBackendRef
+	9,  // 5: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule.timeouts:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
+	10, // 6: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule.retries:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
+	4,  // 7: hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch.method:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCMethodMatch
+	5,  // 8: hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch.headers:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCHeaderMatch
+	0,  // 9: hashicorp.consul.mesh.v1alpha1.GRPCMethodMatch.type:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCMethodMatchType
+	11, // 10: hashicorp.consul.mesh.v1alpha1.GRPCHeaderMatch.type:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMatchType
+	12, // 11: hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter.request_header_modifier:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
+	12, // 12: hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter.response_header_modifier:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
+	13, // 13: hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter.url_rewrite:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPURLRewriteFilter
+	14, // 14: hashicorp.consul.mesh.v1alpha1.GRPCBackendRef.backend_ref:type_name -> hashicorp.consul.mesh.v1alpha1.BackendReference
+	6,  // 15: hashicorp.consul.mesh.v1alpha1.GRPCBackendRef.filters:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
+	16, // [16:16] is the sub-list for method output_type
+	16, // [16:16] is the sub-list for method input_type
+	16, // [16:16] is the sub-list for extension type_name
+	16, // [16:16] is the sub-list for extension extendee
+	0,  // [0:16] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_grpc_route_proto_init() }
+func file_pbmesh_v1alpha1_grpc_route_proto_init() {
+	if File_pbmesh_v1alpha1_grpc_route_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_common_proto_init()
+	file_pbmesh_v1alpha1_http_route_proto_init()
+	file_pbmesh_v1alpha1_http_route_retries_proto_init()
+	file_pbmesh_v1alpha1_http_route_timeouts_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GRPCRoute); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GRPCRouteRule); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GRPCRouteMatch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GRPCMethodMatch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GRPCHeaderMatch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GRPCRouteFilter); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GRPCBackendRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_grpc_route_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   7,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_grpc_route_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_grpc_route_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_grpc_route_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_grpc_route_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_grpc_route_proto = out.File
+	file_pbmesh_v1alpha1_grpc_route_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_grpc_route_proto_goTypes = nil
+	file_pbmesh_v1alpha1_grpc_route_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/grpc_route.proto b/proto-public/pbmesh/v1alpha1/grpc_route.proto
new file mode 100644
index 000000000000..ce4ca4d917ca
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/grpc_route.proto
@@ -0,0 +1,121 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "pbmesh/v1alpha1/common.proto";
+import "pbmesh/v1alpha1/http_route.proto";
+import "pbmesh/v1alpha1/http_route_retries.proto";
+import "pbmesh/v1alpha1/http_route_timeouts.proto";
+
+// NOTE: this should align to the GAMMA/gateway-api version, or at least be
+// easily translatable.
+//
+// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.GRPCRoute
+//
+// This is a Resource type.
+message GRPCRoute {
+  // ParentRefs references the resources (usually Gateways) that a Route wants
+  // to be attached to. Note that the referenced parent resource needs to allow
+  // this for the attachment to be complete. For Gateways, that means the
+  // Gateway needs to allow attachment from Routes of this kind and namespace.
+  //
+  // It is invalid to reference an identical parent more than once. It is valid
+  // to reference multiple distinct sections within the same parent resource,
+  // such as 2 Listeners within a Gateway.
+  repeated ParentReference parent_refs = 1;
+
+  repeated string hostnames = 2;
+
+  // Rules are a list of GRPC matchers, filters and actions.
+  repeated GRPCRouteRule rules = 3;
+}
+
+message GRPCRouteRule {
+  repeated GRPCRouteMatch matches = 1;
+  repeated GRPCRouteFilter filters = 2;
+  repeated GRPCBackendRef backend_refs = 3;
+
+  // ALTERNATIVE: Timeouts defines the timeouts that can be configured for an HTTP request.
+  HTTPRouteTimeouts timeouts = 4;
+  // ALTERNATIVE:
+  HTTPRouteRetries retries = 5;
+}
+
+message GRPCRouteMatch {
+  // Method specifies a gRPC request service/method matcher. If this field is
+  // not specified, all services and methods will match.
+  GRPCMethodMatch method = 1;
+
+  // Headers specifies gRPC request header matchers. Multiple match values are
+  // ANDed together, meaning, a request MUST match all the specified headers to
+  // select the route.
+  repeated GRPCHeaderMatch headers = 2;
+}
+
+message GRPCMethodMatch {
+  // Type specifies how to match against the service and/or method. Support:
+  // Core (Exact with service and method specified)
+  GRPCMethodMatchType type = 1;
+
+  // Value of the service to match against. If left empty or omitted, will
+  // match any service.
+  //
+  // At least one of Service and Method MUST be a non-empty string.
+  string service = 2;
+
+  // Value of the method to match against. If left empty or omitted, will match
+  // all services.
+  //
+  // At least one of Service and Method MUST be a non-empty string.}
+  string method = 3;
+}
+
+enum GRPCMethodMatchType {
+  GRPC_METHOD_MATCH_TYPE_UNSPECIFIED = 0;
+  GRPC_METHOD_MATCH_TYPE_EXACT = 1;
+  GRPC_METHOD_MATCH_TYPE_REGEX = 2;
+}
+
+message GRPCHeaderMatch {
+  HeaderMatchType type = 1;
+  string name = 2;
+  string value = 3;
+}
+
+message GRPCRouteFilter {
+  // RequestHeaderModifier defines a schema for a filter that modifies request
+  // headers.
+  HTTPHeaderFilter request_header_modifier = 1;
+
+  // ResponseHeaderModifier defines a schema for a filter that modifies
+  // response headers.
+  HTTPHeaderFilter response_header_modifier = 2;
+
+  // URLRewrite defines a schema for a filter that modifies a request during
+  // forwarding.
+  HTTPURLRewriteFilter url_rewrite = 5;
+}
+
+message GRPCBackendRef {
+  BackendReference backend_ref = 1;
+
+  // Weight specifies the proportion of requests forwarded to the referenced
+  // backend. This is computed as weight/(sum of all weights in this
+  // BackendRefs list). For non-zero values, there may be some epsilon from the
+  // exact proportion defined here depending on the precision an implementation
+  // supports. Weight is not a percentage and the sum of weights does not need
+  // to equal 100.
+  //
+  //If only one backend is specified and it has a weight greater than 0, 100%
+  //of the traffic is forwarded to that backend. If weight is set to 0, no
+  //traffic should be forwarded for this entry. If unspecified, weight defaults
+  //to 1.
+  uint32 weight = 2;
+
+  // Filters defined at this level should be executed if and only if the
+  // request is being forwarded to the backend defined here.
+  repeated GRPCRouteFilter filters = 3;
+}
diff --git a/proto-public/pbmesh/v1alpha1/http_route.pb.binary.go b/proto-public/pbmesh/v1alpha1/http_route.pb.binary.go
new file mode 100644
index 000000000000..81b3901a5bd9
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/http_route.pb.binary.go
@@ -0,0 +1,118 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/http_route.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPRoute) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPRoute) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPRouteRule) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPRouteRule) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPRouteMatch) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPRouteMatch) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPPathMatch) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPPathMatch) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPHeaderMatch) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPHeaderMatch) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPQueryParamMatch) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPQueryParamMatch) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPRouteFilter) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPRouteFilter) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPHeaderFilter) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPHeaderFilter) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPHeader) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPHeader) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPURLRewriteFilter) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPURLRewriteFilter) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPBackendRef) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPBackendRef) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/http_route.pb.go b/proto-public/pbmesh/v1alpha1/http_route.pb.go
new file mode 100644
index 000000000000..f69b84f22656
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/http_route.pb.go
@@ -0,0 +1,1441 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/http_route.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// PathMatchType specifies the semantics of how HTTP paths should be compared.
+// Valid PathMatchType values, along with their support levels, are:
+//
+// PathPrefix and Exact paths must be syntactically valid:
+//
+// - Must begin with the / character
+// - Must not contain consecutive / characters (e.g. /foo///, //).
+// - Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash.
+//
+// Unknown values here must result in the implementation setting the Accepted
+// Condition for the Route to status: False, with a Reason of UnsupportedValue.
+type PathMatchType int32
+
+const (
+	PathMatchType_PATH_MATCH_TYPE_UNSPECIFIED PathMatchType = 0
+	PathMatchType_PATH_MATCH_TYPE_EXACT       PathMatchType = 1
+	PathMatchType_PATH_MATCH_TYPE_PREFIX      PathMatchType = 2
+	PathMatchType_PATH_MATCH_TYPE_REGEX       PathMatchType = 3
+)
+
+// Enum value maps for PathMatchType.
+var (
+	PathMatchType_name = map[int32]string{
+		0: "PATH_MATCH_TYPE_UNSPECIFIED",
+		1: "PATH_MATCH_TYPE_EXACT",
+		2: "PATH_MATCH_TYPE_PREFIX",
+		3: "PATH_MATCH_TYPE_REGEX",
+	}
+	PathMatchType_value = map[string]int32{
+		"PATH_MATCH_TYPE_UNSPECIFIED": 0,
+		"PATH_MATCH_TYPE_EXACT":       1,
+		"PATH_MATCH_TYPE_PREFIX":      2,
+		"PATH_MATCH_TYPE_REGEX":       3,
+	}
+)
+
+func (x PathMatchType) Enum() *PathMatchType {
+	p := new(PathMatchType)
+	*p = x
+	return p
+}
+
+func (x PathMatchType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (PathMatchType) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_http_route_proto_enumTypes[0].Descriptor()
+}
+
+func (PathMatchType) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_http_route_proto_enumTypes[0]
+}
+
+func (x PathMatchType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use PathMatchType.Descriptor instead.
+func (PathMatchType) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{0}
+}
+
+// HeaderMatchType specifies the semantics of how HTTP header values should be
+// compared. Valid HeaderMatchType values, along with their conformance levels,
+// are:
+//
+// Note that values may be added to this enum, implementations must ensure that
+// unknown values will not cause a crash.
+//
+// Unknown values here must result in the implementation setting the Accepted
+// Condition for the Route to status: False, with a Reason of UnsupportedValue.
+type HeaderMatchType int32
+
+const (
+	HeaderMatchType_HEADER_MATCH_TYPE_UNSPECIFIED HeaderMatchType = 0
+	HeaderMatchType_HEADER_MATCH_TYPE_EXACT       HeaderMatchType = 1
+	HeaderMatchType_HEADER_MATCH_TYPE_REGEX       HeaderMatchType = 2
+	// consul only after this point (service-router compat)
+	HeaderMatchType_HEADER_MATCH_TYPE_PRESENT HeaderMatchType = 3
+	HeaderMatchType_HEADER_MATCH_TYPE_PREFIX  HeaderMatchType = 4
+	HeaderMatchType_HEADER_MATCH_TYPE_SUFFIX  HeaderMatchType = 5
+)
+
+// Enum value maps for HeaderMatchType.
+var (
+	HeaderMatchType_name = map[int32]string{
+		0: "HEADER_MATCH_TYPE_UNSPECIFIED",
+		1: "HEADER_MATCH_TYPE_EXACT",
+		2: "HEADER_MATCH_TYPE_REGEX",
+		3: "HEADER_MATCH_TYPE_PRESENT",
+		4: "HEADER_MATCH_TYPE_PREFIX",
+		5: "HEADER_MATCH_TYPE_SUFFIX",
+	}
+	HeaderMatchType_value = map[string]int32{
+		"HEADER_MATCH_TYPE_UNSPECIFIED": 0,
+		"HEADER_MATCH_TYPE_EXACT":       1,
+		"HEADER_MATCH_TYPE_REGEX":       2,
+		"HEADER_MATCH_TYPE_PRESENT":     3,
+		"HEADER_MATCH_TYPE_PREFIX":      4,
+		"HEADER_MATCH_TYPE_SUFFIX":      5,
+	}
+)
+
+func (x HeaderMatchType) Enum() *HeaderMatchType {
+	p := new(HeaderMatchType)
+	*p = x
+	return p
+}
+
+func (x HeaderMatchType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (HeaderMatchType) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_http_route_proto_enumTypes[1].Descriptor()
+}
+
+func (HeaderMatchType) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_http_route_proto_enumTypes[1]
+}
+
+func (x HeaderMatchType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use HeaderMatchType.Descriptor instead.
+func (HeaderMatchType) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{1}
+}
+
+type QueryParamMatchType int32
+
+const (
+	QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_UNSPECIFIED QueryParamMatchType = 0
+	QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_EXACT       QueryParamMatchType = 1
+	QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_REGEX       QueryParamMatchType = 2
+	// consul only after this point (service-router compat)
+	QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_PRESENT QueryParamMatchType = 3
+)
+
+// Enum value maps for QueryParamMatchType.
+var (
+	QueryParamMatchType_name = map[int32]string{
+		0: "QUERY_PARAM_MATCH_TYPE_UNSPECIFIED",
+		1: "QUERY_PARAM_MATCH_TYPE_EXACT",
+		2: "QUERY_PARAM_MATCH_TYPE_REGEX",
+		3: "QUERY_PARAM_MATCH_TYPE_PRESENT",
+	}
+	QueryParamMatchType_value = map[string]int32{
+		"QUERY_PARAM_MATCH_TYPE_UNSPECIFIED": 0,
+		"QUERY_PARAM_MATCH_TYPE_EXACT":       1,
+		"QUERY_PARAM_MATCH_TYPE_REGEX":       2,
+		"QUERY_PARAM_MATCH_TYPE_PRESENT":     3,
+	}
+)
+
+func (x QueryParamMatchType) Enum() *QueryParamMatchType {
+	p := new(QueryParamMatchType)
+	*p = x
+	return p
+}
+
+func (x QueryParamMatchType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (QueryParamMatchType) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_http_route_proto_enumTypes[2].Descriptor()
+}
+
+func (QueryParamMatchType) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_http_route_proto_enumTypes[2]
+}
+
+func (x QueryParamMatchType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use QueryParamMatchType.Descriptor instead.
+func (QueryParamMatchType) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{2}
+}
+
+// NOTE: this should align to the GAMMA/gateway-api version, or at least be
+// easily translatable.
+//
+// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.HTTPRoute
+//
+// This is a Resource type.
+type HTTPRoute struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// ParentRefs references the resources (usually Gateways) that a Route wants
+	// to be attached to. Note that the referenced parent resource needs to allow
+	// this for the attachment to be complete. For Gateways, that means the
+	// Gateway needs to allow attachment from Routes of this kind and namespace.
+	//
+	// It is invalid to reference an identical parent more than once. It is valid
+	// to reference multiple distinct sections within the same parent resource,
+	// such as 2 Listeners within a Gateway.
+	ParentRefs []*ParentReference `protobuf:"bytes,1,rep,name=parent_refs,json=parentRefs,proto3" json:"parent_refs,omitempty"`
+	// Hostnames are the hostnames for which this HTTPRoute should respond to requests.
+	Hostnames []string `protobuf:"bytes,2,rep,name=hostnames,proto3" json:"hostnames,omitempty"`
+	// Rules are a list of HTTP-based routing rules that this route should
+	// use for constructing a routing table.
+	Rules []*HTTPRouteRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
+}
+
+func (x *HTTPRoute) Reset() {
+	*x = HTTPRoute{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPRoute) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPRoute) ProtoMessage() {}
+
+func (x *HTTPRoute) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPRoute.ProtoReflect.Descriptor instead.
+func (*HTTPRoute) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *HTTPRoute) GetParentRefs() []*ParentReference {
+	if x != nil {
+		return x.ParentRefs
+	}
+	return nil
+}
+
+func (x *HTTPRoute) GetHostnames() []string {
+	if x != nil {
+		return x.Hostnames
+	}
+	return nil
+}
+
+func (x *HTTPRoute) GetRules() []*HTTPRouteRule {
+	if x != nil {
+		return x.Rules
+	}
+	return nil
+}
+
+// HTTPRouteRule specifies the routing rules used to determine what upstream
+// service an HTTP request is routed to.
+type HTTPRouteRule struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Matches specified the matching criteria used in the routing table. If a
+	// request matches the given HTTPMatch configuration, then traffic is routed
+	// to services specified in the Services field.
+	Matches []*HTTPRouteMatch  `protobuf:"bytes,1,rep,name=matches,proto3" json:"matches,omitempty"`
+	Filters []*HTTPRouteFilter `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"`
+	// BackendRefs defines the backend(s) where matching requests should be sent.
+	//
+	// Failure behavior here depends on how many BackendRefs are specified and
+	// how many are invalid.
+	//
+	// If all entries in BackendRefs are invalid, and there are also no filters
+	// specified in this route rule, all traffic which matches this rule MUST
+	// receive a 500 status code.
+	//
+	// See the HTTPBackendRef definition for the rules about what makes a single
+	// HTTPBackendRef invalid.
+	//
+	// When a HTTPBackendRef is invalid, 500 status codes MUST be returned for
+	// requests that would have otherwise been routed to an invalid backend. If
+	// multiple backends are specified, and some are invalid, the proportion of
+	// requests that would otherwise have been routed to an invalid backend MUST
+	// receive a 500 status code.
+	//
+	// For example, if two backends are specified with equal weights, and one is
+	// invalid, 50 percent of traffic must receive a 500. Implementations may
+	// choose how that 50 percent is determined.
+	BackendRefs []*HTTPBackendRef `protobuf:"bytes,3,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
+	// ALTERNATIVE: Timeouts defines the timeouts that can be configured for an HTTP request.
+	Timeouts *HTTPRouteTimeouts `protobuf:"bytes,4,opt,name=timeouts,proto3" json:"timeouts,omitempty"`
+	// ALTERNATIVE:
+	Retries *HTTPRouteRetries `protobuf:"bytes,5,opt,name=retries,proto3" json:"retries,omitempty"`
+}
+
+func (x *HTTPRouteRule) Reset() {
+	*x = HTTPRouteRule{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPRouteRule) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPRouteRule) ProtoMessage() {}
+
+func (x *HTTPRouteRule) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPRouteRule.ProtoReflect.Descriptor instead.
+func (*HTTPRouteRule) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *HTTPRouteRule) GetMatches() []*HTTPRouteMatch {
+	if x != nil {
+		return x.Matches
+	}
+	return nil
+}
+
+func (x *HTTPRouteRule) GetFilters() []*HTTPRouteFilter {
+	if x != nil {
+		return x.Filters
+	}
+	return nil
+}
+
+func (x *HTTPRouteRule) GetBackendRefs() []*HTTPBackendRef {
+	if x != nil {
+		return x.BackendRefs
+	}
+	return nil
+}
+
+func (x *HTTPRouteRule) GetTimeouts() *HTTPRouteTimeouts {
+	if x != nil {
+		return x.Timeouts
+	}
+	return nil
+}
+
+func (x *HTTPRouteRule) GetRetries() *HTTPRouteRetries {
+	if x != nil {
+		return x.Retries
+	}
+	return nil
+}
+
+type HTTPRouteMatch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Path specifies a HTTP request path matcher. If this field is not
+	// specified, a default prefix match on the “/” path is provided.
+	Path *HTTPPathMatch `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
+	// Headers specifies HTTP request header matchers. Multiple match values are
+	// ANDed together, meaning, a request must match all the specified headers to
+	// select the route.
+	Headers []*HTTPHeaderMatch `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
+	// QueryParams specifies HTTP query parameter matchers. Multiple match values
+	// are ANDed together, meaning, a request must match all the specified query
+	// parameters to select the route.
+	QueryParams []*HTTPQueryParamMatch `protobuf:"bytes,3,rep,name=query_params,json=queryParams,proto3" json:"query_params,omitempty"`
+	// Method specifies HTTP method matcher. When specified, this route will be
+	// matched only if the request has the specified method.
+	Method string `protobuf:"bytes,4,opt,name=method,proto3" json:"method,omitempty"`
+}
+
+func (x *HTTPRouteMatch) Reset() {
+	*x = HTTPRouteMatch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPRouteMatch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPRouteMatch) ProtoMessage() {}
+
+func (x *HTTPRouteMatch) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPRouteMatch.ProtoReflect.Descriptor instead.
+func (*HTTPRouteMatch) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *HTTPRouteMatch) GetPath() *HTTPPathMatch {
+	if x != nil {
+		return x.Path
+	}
+	return nil
+}
+
+func (x *HTTPRouteMatch) GetHeaders() []*HTTPHeaderMatch {
+	if x != nil {
+		return x.Headers
+	}
+	return nil
+}
+
+func (x *HTTPRouteMatch) GetQueryParams() []*HTTPQueryParamMatch {
+	if x != nil {
+		return x.QueryParams
+	}
+	return nil
+}
+
+func (x *HTTPRouteMatch) GetMethod() string {
+	if x != nil {
+		return x.Method
+	}
+	return ""
+}
+
+type HTTPPathMatch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Type specifies how to match against the path Value.
+	Type PathMatchType `protobuf:"varint,1,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.PathMatchType" json:"type,omitempty"`
+	// Value of the HTTP path to match against.
+	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *HTTPPathMatch) Reset() {
+	*x = HTTPPathMatch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPPathMatch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPPathMatch) ProtoMessage() {}
+
+func (x *HTTPPathMatch) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPPathMatch.ProtoReflect.Descriptor instead.
+func (*HTTPPathMatch) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *HTTPPathMatch) GetType() PathMatchType {
+	if x != nil {
+		return x.Type
+	}
+	return PathMatchType_PATH_MATCH_TYPE_UNSPECIFIED
+}
+
+func (x *HTTPPathMatch) GetValue() string {
+	if x != nil {
+		return x.Value
+	}
+	return ""
+}
+
+type HTTPHeaderMatch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Type specifies how to match against the value of the header.
+	Type HeaderMatchType `protobuf:"varint,1,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.HeaderMatchType" json:"type,omitempty"`
+	// Name is the name of the HTTP Header to be matched. Name matching MUST be
+	// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+	//
+	// If multiple entries specify equivalent header names, only the first entry
+	// with an equivalent name MUST be considered for a match. Subsequent entries
+	// with an equivalent header name MUST be ignored. Due to the
+	// case-insensitivity of header names, “foo” and “Foo” are considered
+	// equivalent.
+	//
+	// When a header is repeated in an HTTP request, it is
+	// implementation-specific behavior as to how this is represented. Generally,
+	// proxies should follow the guidance from the RFC:
+	// https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
+	// processing a repeated header, with special handling for “Set-Cookie”.
+	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	// Value is the value of HTTP Header to be matched.
+	Value string `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
+	// NOTE: not in gamma; service-router compat
+	Invert bool `protobuf:"varint,4,opt,name=invert,proto3" json:"invert,omitempty"`
+}
+
+func (x *HTTPHeaderMatch) Reset() {
+	*x = HTTPHeaderMatch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPHeaderMatch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPHeaderMatch) ProtoMessage() {}
+
+func (x *HTTPHeaderMatch) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPHeaderMatch.ProtoReflect.Descriptor instead.
+func (*HTTPHeaderMatch) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *HTTPHeaderMatch) GetType() HeaderMatchType {
+	if x != nil {
+		return x.Type
+	}
+	return HeaderMatchType_HEADER_MATCH_TYPE_UNSPECIFIED
+}
+
+func (x *HTTPHeaderMatch) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *HTTPHeaderMatch) GetValue() string {
+	if x != nil {
+		return x.Value
+	}
+	return ""
+}
+
+func (x *HTTPHeaderMatch) GetInvert() bool {
+	if x != nil {
+		return x.Invert
+	}
+	return false
+}
+
+type HTTPQueryParamMatch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Type specifies how to match against the value of the query parameter.
+	Type QueryParamMatchType `protobuf:"varint,1,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.QueryParamMatchType" json:"type,omitempty"`
+	// Name is the name of the HTTP query param to be matched. This must be an
+	// exact string match. (See
+	// https://tools.ietf.org/html/rfc7230#section-2.7.3).
+	//
+	// If multiple entries specify equivalent query param names, only the first
+	// entry with an equivalent name MUST be considered for a match. Subsequent
+	// entries with an equivalent query param name MUST be ignored.
+	//
+	// If a query param is repeated in an HTTP request, the behavior is purposely
+	// left undefined, since different data planes have different capabilities.
+	// However, it is recommended that implementations should match against the
+	// first value of the param if the data plane supports it, as this behavior
+	// is expected in other load balancing contexts outside of the Gateway API.
+	//
+	// Users SHOULD NOT route traffic based on repeated query params to guard
+	// themselves against potential differences in the implementations.
+	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	// Value is the value of HTTP query param to be matched.
+	Value string `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *HTTPQueryParamMatch) Reset() {
+	*x = HTTPQueryParamMatch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPQueryParamMatch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPQueryParamMatch) ProtoMessage() {}
+
+func (x *HTTPQueryParamMatch) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPQueryParamMatch.ProtoReflect.Descriptor instead.
+func (*HTTPQueryParamMatch) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *HTTPQueryParamMatch) GetType() QueryParamMatchType {
+	if x != nil {
+		return x.Type
+	}
+	return QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_UNSPECIFIED
+}
+
+func (x *HTTPQueryParamMatch) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *HTTPQueryParamMatch) GetValue() string {
+	if x != nil {
+		return x.Value
+	}
+	return ""
+}
+
+type HTTPRouteFilter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// RequestHeaderModifier defines a schema for a filter that modifies request
+	// headers.
+	RequestHeaderModifier *HTTPHeaderFilter `protobuf:"bytes,1,opt,name=request_header_modifier,json=requestHeaderModifier,proto3" json:"request_header_modifier,omitempty"`
+	// ResponseHeaderModifier defines a schema for a filter that modifies
+	// response headers.
+	ResponseHeaderModifier *HTTPHeaderFilter `protobuf:"bytes,2,opt,name=response_header_modifier,json=responseHeaderModifier,proto3" json:"response_header_modifier,omitempty"`
+	// URLRewrite defines a schema for a filter that modifies a request during
+	// forwarding.
+	UrlRewrite *HTTPURLRewriteFilter `protobuf:"bytes,5,opt,name=url_rewrite,json=urlRewrite,proto3" json:"url_rewrite,omitempty"`
+}
+
+func (x *HTTPRouteFilter) Reset() {
+	*x = HTTPRouteFilter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPRouteFilter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPRouteFilter) ProtoMessage() {}
+
+func (x *HTTPRouteFilter) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPRouteFilter.ProtoReflect.Descriptor instead.
+func (*HTTPRouteFilter) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *HTTPRouteFilter) GetRequestHeaderModifier() *HTTPHeaderFilter {
+	if x != nil {
+		return x.RequestHeaderModifier
+	}
+	return nil
+}
+
+func (x *HTTPRouteFilter) GetResponseHeaderModifier() *HTTPHeaderFilter {
+	if x != nil {
+		return x.ResponseHeaderModifier
+	}
+	return nil
+}
+
+func (x *HTTPRouteFilter) GetUrlRewrite() *HTTPURLRewriteFilter {
+	if x != nil {
+		return x.UrlRewrite
+	}
+	return nil
+}
+
+type HTTPHeaderFilter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Set overwrites the request with the given header (name, value) before the
+	// action.
+	Set []*HTTPHeader `protobuf:"bytes,1,rep,name=set,proto3" json:"set,omitempty"`
+	// Add adds the given header(s) (name, value) to the request before the
+	// action. It appends to any existing values associated with the header name.
+	Add []*HTTPHeader `protobuf:"bytes,2,rep,name=add,proto3" json:"add,omitempty"`
+	// Remove the given header(s) from the HTTP request before the action. The
+	// value of Remove is a list of HTTP header names. Note that the header names
+	// are case-insensitive (see
+	// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+	Remove []string `protobuf:"bytes,3,rep,name=remove,proto3" json:"remove,omitempty"`
+}
+
+func (x *HTTPHeaderFilter) Reset() {
+	*x = HTTPHeaderFilter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPHeaderFilter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPHeaderFilter) ProtoMessage() {}
+
+func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPHeaderFilter.ProtoReflect.Descriptor instead.
+func (*HTTPHeaderFilter) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *HTTPHeaderFilter) GetSet() []*HTTPHeader {
+	if x != nil {
+		return x.Set
+	}
+	return nil
+}
+
+func (x *HTTPHeaderFilter) GetAdd() []*HTTPHeader {
+	if x != nil {
+		return x.Add
+	}
+	return nil
+}
+
+func (x *HTTPHeaderFilter) GetRemove() []string {
+	if x != nil {
+		return x.Remove
+	}
+	return nil
+}
+
+type HTTPHeader struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name  string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *HTTPHeader) Reset() {
+	*x = HTTPHeader{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPHeader) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPHeader) ProtoMessage() {}
+
+func (x *HTTPHeader) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPHeader.ProtoReflect.Descriptor instead.
+func (*HTTPHeader) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *HTTPHeader) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *HTTPHeader) GetValue() string {
+	if x != nil {
+		return x.Value
+	}
+	return ""
+}
+
+type HTTPURLRewriteFilter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	PathPrefix string `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"`
+}
+
+func (x *HTTPURLRewriteFilter) Reset() {
+	*x = HTTPURLRewriteFilter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPURLRewriteFilter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPURLRewriteFilter) ProtoMessage() {}
+
+func (x *HTTPURLRewriteFilter) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPURLRewriteFilter.ProtoReflect.Descriptor instead.
+func (*HTTPURLRewriteFilter) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *HTTPURLRewriteFilter) GetPathPrefix() string {
+	if x != nil {
+		return x.PathPrefix
+	}
+	return ""
+}
+
+type HTTPBackendRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	BackendRef *BackendReference `protobuf:"bytes,1,opt,name=backend_ref,json=backendRef,proto3" json:"backend_ref,omitempty"`
+	// Weight specifies the proportion of requests forwarded to the referenced
+	// backend. This is computed as weight/(sum of all weights in this
+	// BackendRefs list). For non-zero values, there may be some epsilon from the
+	// exact proportion defined here depending on the precision an implementation
+	// supports. Weight is not a percentage and the sum of weights does not need
+	// to equal 100.
+	//
+	// If only one backend is specified and it has a weight greater than 0, 100%
+	// of the traffic is forwarded to that backend. If weight is set to 0, no
+	// traffic should be forwarded for this entry. If unspecified, weight defaults
+	// to 1.
+	Weight uint32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
+	// Filters defined at this level should be executed if and only if the
+	// request is being forwarded to the backend defined here.
+	Filters []*HTTPRouteFilter `protobuf:"bytes,3,rep,name=filters,proto3" json:"filters,omitempty"`
+}
+
+func (x *HTTPBackendRef) Reset() {
+	*x = HTTPBackendRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPBackendRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPBackendRef) ProtoMessage() {}
+
+func (x *HTTPBackendRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPBackendRef.ProtoReflect.Descriptor instead.
+func (*HTTPBackendRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *HTTPBackendRef) GetBackendRef() *BackendReference {
+	if x != nil {
+		return x.BackendRef
+	}
+	return nil
+}
+
+func (x *HTTPBackendRef) GetWeight() uint32 {
+	if x != nil {
+		return x.Weight
+	}
+	return 0
+}
+
+func (x *HTTPBackendRef) GetFilters() []*HTTPRouteFilter {
+	if x != nil {
+		return x.Filters
+	}
+	return nil
+}
+
+var File_pbmesh_v1alpha1_http_route_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_http_route_proto_rawDesc = []byte{
+	0x0a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x1a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x1a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x72, 0x65, 0x74,
+	0x72, 0x69, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, 0x70, 0x62, 0x6d, 0x65,
+	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x68, 0x74, 0x74, 0x70,
+	0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc0, 0x01, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x12, 0x50, 0x0a, 0x0b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65,
+	0x66, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74,
+	0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e,
+	0x74, 0x52, 0x65, 0x66, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d,
+	0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
+	0x6d, 0x65, 0x73, 0x12, 0x43, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c,
+	0x65, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x22, 0x92, 0x03, 0x0a, 0x0d, 0x48, 0x54, 0x54,
+	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x48, 0x0a, 0x07, 0x6d, 0x61,
+	0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54,
+	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x6d, 0x61, 0x74,
+	0x63, 0x68, 0x65, 0x73, 0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18,
+	0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65,
+	0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12,
+	0x51, 0x0a, 0x0c, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x73, 0x18,
+	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65,
+	0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65,
+	0x66, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x54,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x52, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
+	0x73, 0x12, 0x4a, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x74,
+	0x72, 0x69, 0x65, 0x73, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x22, 0x8e, 0x02,
+	0x0a, 0x0e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x12, 0x41, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x04, 0x70,
+	0x61, 0x74, 0x68, 0x12, 0x49, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x56,
+	0x0a, 0x0c, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x18, 0x03,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50,
+	0x61, 0x72, 0x61, 0x6d, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x0b, 0x71, 0x75, 0x65, 0x72, 0x79,
+	0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x22, 0x68,
+	0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12,
+	0x41, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50,
+	0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79,
+	0x70, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x98, 0x01, 0x0a, 0x0f, 0x48, 0x54, 0x54,
+	0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x43, 0x0a, 0x04,
+	0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x69,
+	0x6e, 0x76, 0x65, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x69, 0x6e, 0x76,
+	0x65, 0x72, 0x74, 0x22, 0x88, 0x01, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72,
+	0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x47, 0x0a, 0x04, 0x74,
+	0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79,
+	0x50, 0x61, 0x72, 0x61, 0x6d, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04,
+	0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xbe,
+	0x02, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74,
+	0x65, 0x72, 0x12, 0x68, 0x0a, 0x17, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46,
+	0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x15, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x6a, 0x0a, 0x18,
+	0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f,
+	0x6d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72,
+	0x52, 0x16, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x55, 0x0a, 0x0b, 0x75, 0x72, 0x6c, 0x5f,
+	0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48,
+	0x54, 0x54, 0x50, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x46, 0x69, 0x6c,
+	0x74, 0x65, 0x72, 0x52, 0x0a, 0x75, 0x72, 0x6c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22,
+	0xa6, 0x01, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69,
+	0x6c, 0x74, 0x65, 0x72, 0x12, 0x3c, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x03, 0x73,
+	0x65, 0x74, 0x12, 0x3c, 0x0a, 0x03, 0x61, 0x64, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x03, 0x61, 0x64, 0x64,
+	0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09,
+	0x52, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x22, 0x36, 0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50,
+	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x22, 0x37, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69,
+	0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x61, 0x74, 0x68,
+	0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70,
+	0x61, 0x74, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0xc6, 0x01, 0x0a, 0x0e, 0x48, 0x54,
+	0x54, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12, 0x51, 0x0a, 0x0b,
+	0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65,
+	0x6e, 0x63, 0x65, 0x52, 0x0a, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12,
+	0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52,
+	0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65,
+	0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65,
+	0x72, 0x73, 0x2a, 0x82, 0x01, 0x0a, 0x0d, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x1b, 0x50, 0x41, 0x54, 0x48, 0x5f, 0x4d, 0x41, 0x54,
+	0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
+	0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x50, 0x41, 0x54, 0x48, 0x5f, 0x4d, 0x41,
+	0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x41, 0x43, 0x54, 0x10, 0x01,
+	0x12, 0x1a, 0x0a, 0x16, 0x50, 0x41, 0x54, 0x48, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54,
+	0x59, 0x50, 0x45, 0x5f, 0x50, 0x52, 0x45, 0x46, 0x49, 0x58, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15,
+	0x50, 0x41, 0x54, 0x48, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x52, 0x45, 0x47, 0x45, 0x58, 0x10, 0x03, 0x2a, 0xc9, 0x01, 0x0a, 0x0f, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x21, 0x0a, 0x1d, 0x48,
+	0x45, 0x41, 0x44, 0x45, 0x52, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45,
+	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1b,
+	0x0a, 0x17, 0x48, 0x45, 0x41, 0x44, 0x45, 0x52, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54,
+	0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x41, 0x43, 0x54, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x48,
+	0x45, 0x41, 0x44, 0x45, 0x52, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45,
+	0x5f, 0x52, 0x45, 0x47, 0x45, 0x58, 0x10, 0x02, 0x12, 0x1d, 0x0a, 0x19, 0x48, 0x45, 0x41, 0x44,
+	0x45, 0x52, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50, 0x52,
+	0x45, 0x53, 0x45, 0x4e, 0x54, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x45, 0x41, 0x44, 0x45,
+	0x52, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50, 0x52, 0x45,
+	0x46, 0x49, 0x58, 0x10, 0x04, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x45, 0x41, 0x44, 0x45, 0x52, 0x5f,
+	0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x55, 0x46, 0x46, 0x49,
+	0x58, 0x10, 0x05, 0x2a, 0xa5, 0x01, 0x0a, 0x13, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72,
+	0x61, 0x6d, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x26, 0x0a, 0x22, 0x51,
+	0x55, 0x45, 0x52, 0x59, 0x5f, 0x50, 0x41, 0x52, 0x41, 0x4d, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48,
+	0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
+	0x44, 0x10, 0x00, 0x12, 0x20, 0x0a, 0x1c, 0x51, 0x55, 0x45, 0x52, 0x59, 0x5f, 0x50, 0x41, 0x52,
+	0x41, 0x4d, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58,
+	0x41, 0x43, 0x54, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, 0x51, 0x55, 0x45, 0x52, 0x59, 0x5f, 0x50,
+	0x41, 0x52, 0x41, 0x4d, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x52, 0x45, 0x47, 0x45, 0x58, 0x10, 0x02, 0x12, 0x22, 0x0a, 0x1e, 0x51, 0x55, 0x45, 0x52, 0x59,
+	0x5f, 0x50, 0x41, 0x52, 0x41, 0x4d, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x50, 0x52, 0x45, 0x53, 0x45, 0x4e, 0x54, 0x10, 0x03, 0x42, 0x96, 0x02, 0x0a, 0x22,
+	0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x42, 0x0e, 0x48, 0x74, 0x74, 0x70, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x50, 0x72, 0x6f,
+	0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
+	0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70,
+	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d,
+	0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43,
+	0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
+	0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_http_route_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_http_route_proto_rawDescData = file_pbmesh_v1alpha1_http_route_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_http_route_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_http_route_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_http_route_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_http_route_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_http_route_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
+var file_pbmesh_v1alpha1_http_route_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
+var file_pbmesh_v1alpha1_http_route_proto_goTypes = []interface{}{
+	(PathMatchType)(0),           // 0: hashicorp.consul.mesh.v1alpha1.PathMatchType
+	(HeaderMatchType)(0),         // 1: hashicorp.consul.mesh.v1alpha1.HeaderMatchType
+	(QueryParamMatchType)(0),     // 2: hashicorp.consul.mesh.v1alpha1.QueryParamMatchType
+	(*HTTPRoute)(nil),            // 3: hashicorp.consul.mesh.v1alpha1.HTTPRoute
+	(*HTTPRouteRule)(nil),        // 4: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule
+	(*HTTPRouteMatch)(nil),       // 5: hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch
+	(*HTTPPathMatch)(nil),        // 6: hashicorp.consul.mesh.v1alpha1.HTTPPathMatch
+	(*HTTPHeaderMatch)(nil),      // 7: hashicorp.consul.mesh.v1alpha1.HTTPHeaderMatch
+	(*HTTPQueryParamMatch)(nil),  // 8: hashicorp.consul.mesh.v1alpha1.HTTPQueryParamMatch
+	(*HTTPRouteFilter)(nil),      // 9: hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
+	(*HTTPHeaderFilter)(nil),     // 10: hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
+	(*HTTPHeader)(nil),           // 11: hashicorp.consul.mesh.v1alpha1.HTTPHeader
+	(*HTTPURLRewriteFilter)(nil), // 12: hashicorp.consul.mesh.v1alpha1.HTTPURLRewriteFilter
+	(*HTTPBackendRef)(nil),       // 13: hashicorp.consul.mesh.v1alpha1.HTTPBackendRef
+	(*ParentReference)(nil),      // 14: hashicorp.consul.mesh.v1alpha1.ParentReference
+	(*HTTPRouteTimeouts)(nil),    // 15: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
+	(*HTTPRouteRetries)(nil),     // 16: hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
+	(*BackendReference)(nil),     // 17: hashicorp.consul.mesh.v1alpha1.BackendReference
+}
+var file_pbmesh_v1alpha1_http_route_proto_depIdxs = []int32{
+	14, // 0: hashicorp.consul.mesh.v1alpha1.HTTPRoute.parent_refs:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
+	4,  // 1: hashicorp.consul.mesh.v1alpha1.HTTPRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteRule
+	5,  // 2: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule.matches:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch
+	9,  // 3: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule.filters:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
+	13, // 4: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPBackendRef
+	15, // 5: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule.timeouts:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
+	16, // 6: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule.retries:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
+	6,  // 7: hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch.path:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPPathMatch
+	7,  // 8: hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch.headers:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeaderMatch
+	8,  // 9: hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch.query_params:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPQueryParamMatch
+	0,  // 10: hashicorp.consul.mesh.v1alpha1.HTTPPathMatch.type:type_name -> hashicorp.consul.mesh.v1alpha1.PathMatchType
+	1,  // 11: hashicorp.consul.mesh.v1alpha1.HTTPHeaderMatch.type:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMatchType
+	2,  // 12: hashicorp.consul.mesh.v1alpha1.HTTPQueryParamMatch.type:type_name -> hashicorp.consul.mesh.v1alpha1.QueryParamMatchType
+	10, // 13: hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter.request_header_modifier:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
+	10, // 14: hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter.response_header_modifier:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
+	12, // 15: hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter.url_rewrite:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPURLRewriteFilter
+	11, // 16: hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter.set:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeader
+	11, // 17: hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter.add:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeader
+	17, // 18: hashicorp.consul.mesh.v1alpha1.HTTPBackendRef.backend_ref:type_name -> hashicorp.consul.mesh.v1alpha1.BackendReference
+	9,  // 19: hashicorp.consul.mesh.v1alpha1.HTTPBackendRef.filters:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
+	20, // [20:20] is the sub-list for method output_type
+	20, // [20:20] is the sub-list for method input_type
+	20, // [20:20] is the sub-list for extension type_name
+	20, // [20:20] is the sub-list for extension extendee
+	0,  // [0:20] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_http_route_proto_init() }
+func file_pbmesh_v1alpha1_http_route_proto_init() {
+	if File_pbmesh_v1alpha1_http_route_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_common_proto_init()
+	file_pbmesh_v1alpha1_http_route_retries_proto_init()
+	file_pbmesh_v1alpha1_http_route_timeouts_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_http_route_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPRoute); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_http_route_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPRouteRule); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_http_route_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPRouteMatch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_http_route_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPPathMatch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_http_route_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPHeaderMatch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_http_route_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPQueryParamMatch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_http_route_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPRouteFilter); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_http_route_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPHeaderFilter); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_http_route_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPHeader); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_http_route_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPURLRewriteFilter); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_http_route_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPBackendRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_http_route_proto_rawDesc,
+			NumEnums:      3,
+			NumMessages:   11,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_http_route_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_http_route_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_http_route_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_http_route_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_http_route_proto = out.File
+	file_pbmesh_v1alpha1_http_route_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_http_route_proto_goTypes = nil
+	file_pbmesh_v1alpha1_http_route_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/http_route.proto b/proto-public/pbmesh/v1alpha1/http_route.proto
new file mode 100644
index 000000000000..ea14176b1b7c
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/http_route.proto
@@ -0,0 +1,259 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "pbmesh/v1alpha1/common.proto";
+import "pbmesh/v1alpha1/http_route_retries.proto";
+import "pbmesh/v1alpha1/http_route_timeouts.proto";
+
+// NOTE: this should align to the GAMMA/gateway-api version, or at least be
+// easily translatable.
+//
+// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.HTTPRoute
+//
+// This is a Resource type.
+message HTTPRoute {
+  // ParentRefs references the resources (usually Gateways) that a Route wants
+  // to be attached to. Note that the referenced parent resource needs to allow
+  // this for the attachment to be complete. For Gateways, that means the
+  // Gateway needs to allow attachment from Routes of this kind and namespace.
+  //
+  // It is invalid to reference an identical parent more than once. It is valid
+  // to reference multiple distinct sections within the same parent resource,
+  // such as 2 Listeners within a Gateway.
+  repeated ParentReference parent_refs = 1;
+
+  // Hostnames are the hostnames for which this HTTPRoute should respond to requests.
+  repeated string hostnames = 2;
+
+  // Rules are a list of HTTP-based routing rules that this route should
+  // use for constructing a routing table.
+  repeated HTTPRouteRule rules = 3;
+}
+
+// HTTPRouteRule specifies the routing rules used to determine what upstream
+// service an HTTP request is routed to.
+message HTTPRouteRule {
+  // Matches specified the matching criteria used in the routing table. If a
+  // request matches the given HTTPMatch configuration, then traffic is routed
+  // to services specified in the Services field.
+  repeated HTTPRouteMatch matches = 1;
+
+  repeated HTTPRouteFilter filters = 2;
+
+  // BackendRefs defines the backend(s) where matching requests should be sent.
+  //
+  // Failure behavior here depends on how many BackendRefs are specified and
+  // how many are invalid.
+  //
+  // If all entries in BackendRefs are invalid, and there are also no filters
+  // specified in this route rule, all traffic which matches this rule MUST
+  // receive a 500 status code.
+  //
+  // See the HTTPBackendRef definition for the rules about what makes a single
+  // HTTPBackendRef invalid.
+  //
+  // When a HTTPBackendRef is invalid, 500 status codes MUST be returned for
+  // requests that would have otherwise been routed to an invalid backend. If
+  // multiple backends are specified, and some are invalid, the proportion of
+  // requests that would otherwise have been routed to an invalid backend MUST
+  // receive a 500 status code.
+  //
+  // For example, if two backends are specified with equal weights, and one is
+  // invalid, 50 percent of traffic must receive a 500. Implementations may
+  // choose how that 50 percent is determined.
+  repeated HTTPBackendRef backend_refs = 3;
+
+  // ALTERNATIVE: Timeouts defines the timeouts that can be configured for an HTTP request.
+  HTTPRouteTimeouts timeouts = 4;
+  // ALTERNATIVE:
+  HTTPRouteRetries retries = 5;
+}
+
+message HTTPRouteMatch {
+  // Path specifies a HTTP request path matcher. If this field is not
+  // specified, a default prefix match on the “/” path is provided.
+  HTTPPathMatch path = 1;
+
+  // Headers specifies HTTP request header matchers. Multiple match values are
+  // ANDed together, meaning, a request must match all the specified headers to
+  // select the route.
+  repeated HTTPHeaderMatch headers = 2;
+
+  // QueryParams specifies HTTP query parameter matchers. Multiple match values
+  // are ANDed together, meaning, a request must match all the specified query
+  // parameters to select the route.
+  repeated HTTPQueryParamMatch query_params = 3;
+
+  // Method specifies HTTP method matcher. When specified, this route will be
+  // matched only if the request has the specified method.
+  string method = 4;
+}
+
+message HTTPPathMatch {
+  // Type specifies how to match against the path Value.
+  PathMatchType type = 1;
+  // Value of the HTTP path to match against.
+  string value = 2;
+}
+
+// PathMatchType specifies the semantics of how HTTP paths should be compared.
+// Valid PathMatchType values, along with their support levels, are:
+//
+// PathPrefix and Exact paths must be syntactically valid:
+//
+// - Must begin with the / character
+// - Must not contain consecutive / characters (e.g. /foo///, //).
+// - Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash.
+//
+// Unknown values here must result in the implementation setting the Accepted
+// Condition for the Route to status: False, with a Reason of UnsupportedValue.
+enum PathMatchType {
+  PATH_MATCH_TYPE_UNSPECIFIED = 0;
+  PATH_MATCH_TYPE_EXACT = 1;
+  PATH_MATCH_TYPE_PREFIX = 2;
+  PATH_MATCH_TYPE_REGEX = 3;
+}
+
+message HTTPHeaderMatch {
+  // Type specifies how to match against the value of the header.
+  HeaderMatchType type = 1;
+
+  // Name is the name of the HTTP Header to be matched. Name matching MUST be
+  // case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+  //
+  // If multiple entries specify equivalent header names, only the first entry
+  // with an equivalent name MUST be considered for a match. Subsequent entries
+  // with an equivalent header name MUST be ignored. Due to the
+  // case-insensitivity of header names, “foo” and “Foo” are considered
+  // equivalent.
+  //
+  // When a header is repeated in an HTTP request, it is
+  // implementation-specific behavior as to how this is represented. Generally,
+  // proxies should follow the guidance from the RFC:
+  // https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
+  // processing a repeated header, with special handling for “Set-Cookie”.
+  string name = 2;
+
+  // Value is the value of HTTP Header to be matched.
+  string value = 3;
+
+  // NOTE: not in gamma; service-router compat
+  bool invert = 4;
+}
+
+// HeaderMatchType specifies the semantics of how HTTP header values should be
+// compared. Valid HeaderMatchType values, along with their conformance levels,
+// are:
+//
+// Note that values may be added to this enum, implementations must ensure that
+// unknown values will not cause a crash.
+//
+// Unknown values here must result in the implementation setting the Accepted
+// Condition for the Route to status: False, with a Reason of UnsupportedValue.
+enum HeaderMatchType {
+  HEADER_MATCH_TYPE_UNSPECIFIED = 0;
+  HEADER_MATCH_TYPE_EXACT = 1;
+  HEADER_MATCH_TYPE_REGEX = 2;
+  // consul only after this point (service-router compat)
+  HEADER_MATCH_TYPE_PRESENT = 3;
+  HEADER_MATCH_TYPE_PREFIX = 4;
+  HEADER_MATCH_TYPE_SUFFIX = 5;
+}
+
+message HTTPQueryParamMatch {
+  // Type specifies how to match against the value of the query parameter.
+  QueryParamMatchType type = 1;
+
+  // Name is the name of the HTTP query param to be matched. This must be an
+  // exact string match. (See
+  // https://tools.ietf.org/html/rfc7230#section-2.7.3).
+  //
+  // If multiple entries specify equivalent query param names, only the first
+  // entry with an equivalent name MUST be considered for a match. Subsequent
+  // entries with an equivalent query param name MUST be ignored.
+  //
+  // If a query param is repeated in an HTTP request, the behavior is purposely
+  // left undefined, since different data planes have different capabilities.
+  // However, it is recommended that implementations should match against the
+  // first value of the param if the data plane supports it, as this behavior
+  // is expected in other load balancing contexts outside of the Gateway API.
+  //
+  // Users SHOULD NOT route traffic based on repeated query params to guard
+  // themselves against potential differences in the implementations.
+  string name = 2;
+
+  // Value is the value of HTTP query param to be matched.
+  string value = 3;
+}
+
+enum QueryParamMatchType {
+  QUERY_PARAM_MATCH_TYPE_UNSPECIFIED = 0;
+  QUERY_PARAM_MATCH_TYPE_EXACT = 1;
+  QUERY_PARAM_MATCH_TYPE_REGEX = 2;
+  // consul only after this point (service-router compat)
+  QUERY_PARAM_MATCH_TYPE_PRESENT = 3;
+}
+
+message HTTPRouteFilter {
+  // RequestHeaderModifier defines a schema for a filter that modifies request
+  // headers.
+  HTTPHeaderFilter request_header_modifier = 1;
+
+  // ResponseHeaderModifier defines a schema for a filter that modifies
+  // response headers.
+  HTTPHeaderFilter response_header_modifier = 2;
+
+  // URLRewrite defines a schema for a filter that modifies a request during
+  // forwarding.
+  HTTPURLRewriteFilter url_rewrite = 5;
+}
+
+message HTTPHeaderFilter {
+  // Set overwrites the request with the given header (name, value) before the
+  // action.
+  repeated HTTPHeader set = 1;
+
+  // Add adds the given header(s) (name, value) to the request before the
+  // action. It appends to any existing values associated with the header name.
+  repeated HTTPHeader add = 2;
+
+  // Remove the given header(s) from the HTTP request before the action. The
+  // value of Remove is a list of HTTP header names. Note that the header names
+  // are case-insensitive (see
+  // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+  repeated string remove = 3;
+}
+
+message HTTPHeader {
+  string name = 1;
+  string value = 2;
+}
+
+message HTTPURLRewriteFilter {
+  string path_prefix = 1;
+}
+
+message HTTPBackendRef {
+  BackendReference backend_ref = 1;
+
+  // Weight specifies the proportion of requests forwarded to the referenced
+  // backend. This is computed as weight/(sum of all weights in this
+  // BackendRefs list). For non-zero values, there may be some epsilon from the
+  // exact proportion defined here depending on the precision an implementation
+  // supports. Weight is not a percentage and the sum of weights does not need
+  // to equal 100.
+  //
+  //If only one backend is specified and it has a weight greater than 0, 100%
+  //of the traffic is forwarded to that backend. If weight is set to 0, no
+  //traffic should be forwarded for this entry. If unspecified, weight defaults
+  //to 1.
+  uint32 weight = 2;
+
+  // Filters defined at this level should be executed if and only if the
+  // request is being forwarded to the backend defined here.
+  repeated HTTPRouteFilter filters = 3;
+}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_retries.pb.binary.go b/proto-public/pbmesh/v1alpha1/http_route_retries.pb.binary.go
new file mode 100644
index 000000000000..b84704f0e1aa
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/http_route_retries.pb.binary.go
@@ -0,0 +1,18 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/http_route_retries.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPRouteRetries) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPRouteRetries) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go b/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
new file mode 100644
index 000000000000..5a34d26a3260
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
@@ -0,0 +1,206 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/http_route_retries.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// ALTERNATIVE: not using policy attachment semantics
+type HTTPRouteRetries struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// NumRetries is the number of times to retry the request when a retryable
+	// result occurs.
+	Number int32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"`
+	// RetryOnConnectFailure allows for connection failure errors to trigger a
+	// retry.
+	OnConnectFailure bool `protobuf:"varint,2,opt,name=on_connect_failure,json=onConnectFailure,proto3" json:"on_connect_failure,omitempty"`
+	// RetryOn allows setting envoy specific conditions when a request should
+	// be automatically retried.
+	OnConditions []string `protobuf:"bytes,3,rep,name=on_conditions,json=onConditions,proto3" json:"on_conditions,omitempty"`
+	// RetryOnStatusCodes is a flat list of http response status codes that are
+	// eligible for retry. This again should be feasible in any reasonable proxy.
+	OnStatusCodes []uint32 `protobuf:"varint,4,rep,packed,name=on_status_codes,json=onStatusCodes,proto3" json:"on_status_codes,omitempty"`
+}
+
+func (x *HTTPRouteRetries) Reset() {
+	*x = HTTPRouteRetries{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_retries_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPRouteRetries) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPRouteRetries) ProtoMessage() {}
+
+func (x *HTTPRouteRetries) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_retries_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPRouteRetries.ProtoReflect.Descriptor instead.
+func (*HTTPRouteRetries) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_retries_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *HTTPRouteRetries) GetNumber() int32 {
+	if x != nil {
+		return x.Number
+	}
+	return 0
+}
+
+func (x *HTTPRouteRetries) GetOnConnectFailure() bool {
+	if x != nil {
+		return x.OnConnectFailure
+	}
+	return false
+}
+
+func (x *HTTPRouteRetries) GetOnConditions() []string {
+	if x != nil {
+		return x.OnConditions
+	}
+	return nil
+}
+
+func (x *HTTPRouteRetries) GetOnStatusCodes() []uint32 {
+	if x != nil {
+		return x.OnStatusCodes
+	}
+	return nil
+}
+
+var File_pbmesh_v1alpha1_http_route_retries_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_http_route_retries_proto_rawDesc = []byte{
+	0x0a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x72, 0x65, 0x74,
+	0x72, 0x69, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0xa5, 0x01, 0x0a, 0x10, 0x48,
+	0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12,
+	0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x2c, 0x0a, 0x12, 0x6f, 0x6e, 0x5f, 0x63, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x10, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61,
+	0x69, 0x6c, 0x75, 0x72, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x64,
+	0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x6f, 0x6e,
+	0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6f, 0x6e,
+	0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x73, 0x18, 0x04, 0x20,
+	0x03, 0x28, 0x0d, 0x52, 0x0d, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64,
+	0x65, 0x73, 0x42, 0x9d, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x15, 0x48, 0x74, 0x74, 0x70, 0x52,
+	0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d,
+	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73,
+	0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa,
+	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02,
+	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_http_route_retries_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_http_route_retries_proto_rawDescData = file_pbmesh_v1alpha1_http_route_retries_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_http_route_retries_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_http_route_retries_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_http_route_retries_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_http_route_retries_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_http_route_retries_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_http_route_retries_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_pbmesh_v1alpha1_http_route_retries_proto_goTypes = []interface{}{
+	(*HTTPRouteRetries)(nil), // 0: hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
+}
+var file_pbmesh_v1alpha1_http_route_retries_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_http_route_retries_proto_init() }
+func file_pbmesh_v1alpha1_http_route_retries_proto_init() {
+	if File_pbmesh_v1alpha1_http_route_retries_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_http_route_retries_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPRouteRetries); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_http_route_retries_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_http_route_retries_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_http_route_retries_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_http_route_retries_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_http_route_retries_proto = out.File
+	file_pbmesh_v1alpha1_http_route_retries_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_http_route_retries_proto_goTypes = nil
+	file_pbmesh_v1alpha1_http_route_retries_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_retries.proto b/proto-public/pbmesh/v1alpha1/http_route_retries.proto
new file mode 100644
index 000000000000..3ea112027abe
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/http_route_retries.proto
@@ -0,0 +1,25 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+// ALTERNATIVE: not using policy attachment semantics
+message HTTPRouteRetries {
+  // NumRetries is the number of times to retry the request when a retryable
+  // result occurs.
+  int32 number = 1;
+
+  // RetryOnConnectFailure allows for connection failure errors to trigger a
+  // retry.
+  bool on_connect_failure = 2;
+
+  // RetryOn allows setting envoy specific conditions when a request should
+  // be automatically retried.
+  repeated string on_conditions = 3;
+
+  // RetryOnStatusCodes is a flat list of http response status codes that are
+  // eligible for retry. This again should be feasible in any reasonable proxy.
+  repeated uint32 on_status_codes = 4;
+}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.binary.go b/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.binary.go
new file mode 100644
index 000000000000..cb38ff24c577
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.binary.go
@@ -0,0 +1,18 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/http_route_timeouts.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *HTTPRouteTimeouts) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *HTTPRouteTimeouts) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go b/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
new file mode 100644
index 000000000000..0fc421e43e5b
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
@@ -0,0 +1,223 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/http_route_timeouts.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// HTTPRouteTimeouts defines timeouts that can be configured for an HTTPRoute.
+// Timeout values are formatted like 1h/1m/1s/1ms as parsed by Golang time.ParseDuration
+// and MUST BE >= 1ms.
+//
+// ALTERNATIVE: not using policy attachment semantics
+type HTTPRouteTimeouts struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Request specifies the duration for processing an HTTP client request after which the
+	// gateway will time out if unable to send a response.
+	// Whether the gateway starts the timeout before or after the entire client request stream
+	// has been received, is implementation-dependent.
+	//
+	// For example, setting the `rules.timeouts.request` field to the value `10s` in an
+	// `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds
+	// to complete.
+	//
+	// When this field is unspecified, request timeout behavior is implementation-dependent.
+	Request *durationpb.Duration `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"`
+	// BackendRequest specifies a timeout for an individual request from the gateway
+	// to a backend service. Typically used in conjuction with retry configuration,
+	// if supported by an implementation.
+	//
+	// The value of BackendRequest defaults to and must be <= the value of Request timeout.
+	//
+	// Support: Extended
+	//
+	// TODO(rb): net-new feature
+	BackendRequest *durationpb.Duration `protobuf:"bytes,2,opt,name=backend_request,json=backendRequest,proto3" json:"backend_request,omitempty"`
+	// TODO(RB): this is a consul-only feature
+	Idle *durationpb.Duration `protobuf:"bytes,3,opt,name=idle,proto3" json:"idle,omitempty"`
+}
+
+func (x *HTTPRouteTimeouts) Reset() {
+	*x = HTTPRouteTimeouts{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_http_route_timeouts_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HTTPRouteTimeouts) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPRouteTimeouts) ProtoMessage() {}
+
+func (x *HTTPRouteTimeouts) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_http_route_timeouts_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPRouteTimeouts.ProtoReflect.Descriptor instead.
+func (*HTTPRouteTimeouts) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *HTTPRouteTimeouts) GetRequest() *durationpb.Duration {
+	if x != nil {
+		return x.Request
+	}
+	return nil
+}
+
+func (x *HTTPRouteTimeouts) GetBackendRequest() *durationpb.Duration {
+	if x != nil {
+		return x.BackendRequest
+	}
+	return nil
+}
+
+func (x *HTTPRouteTimeouts) GetIdle() *durationpb.Duration {
+	if x != nil {
+		return x.Idle
+	}
+	return nil
+}
+
+var File_pbmesh_v1alpha1_http_route_timeouts_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDesc = []byte{
+	0x0a, 0x29, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d,
+	0x65, 0x6f, 0x75, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xbb, 0x01, 0x0a, 0x11,
+	0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
+	0x73, 0x12, 0x33, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x72,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x42, 0x0a, 0x0f, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e,
+	0x64, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x62, 0x61, 0x63, 0x6b,
+	0x65, 0x6e, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x04, 0x69, 0x64,
+	0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x04, 0x69, 0x64, 0x6c, 0x65, 0x42, 0x9e, 0x02, 0x0a, 0x22, 0x63, 0x6f,
+	0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x42, 0x16, 0x48, 0x74, 0x74, 0x70, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68,
+	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75,
+	0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
+	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
+	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68,
+	0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescData = file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_http_route_timeouts_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_pbmesh_v1alpha1_http_route_timeouts_proto_goTypes = []interface{}{
+	(*HTTPRouteTimeouts)(nil),   // 0: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
+	(*durationpb.Duration)(nil), // 1: google.protobuf.Duration
+}
+var file_pbmesh_v1alpha1_http_route_timeouts_proto_depIdxs = []int32{
+	1, // 0: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts.request:type_name -> google.protobuf.Duration
+	1, // 1: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts.backend_request:type_name -> google.protobuf.Duration
+	1, // 2: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts.idle:type_name -> google.protobuf.Duration
+	3, // [3:3] is the sub-list for method output_type
+	3, // [3:3] is the sub-list for method input_type
+	3, // [3:3] is the sub-list for extension type_name
+	3, // [3:3] is the sub-list for extension extendee
+	0, // [0:3] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_http_route_timeouts_proto_init() }
+func file_pbmesh_v1alpha1_http_route_timeouts_proto_init() {
+	if File_pbmesh_v1alpha1_http_route_timeouts_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_http_route_timeouts_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HTTPRouteTimeouts); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_http_route_timeouts_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_http_route_timeouts_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_http_route_timeouts_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_http_route_timeouts_proto = out.File
+	file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_http_route_timeouts_proto_goTypes = nil
+	file_pbmesh_v1alpha1_http_route_timeouts_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto b/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
new file mode 100644
index 000000000000..f33587496b55
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
@@ -0,0 +1,41 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "google/protobuf/duration.proto";
+
+// HTTPRouteTimeouts defines timeouts that can be configured for an HTTPRoute.
+// Timeout values are formatted like 1h/1m/1s/1ms as parsed by Golang time.ParseDuration
+// and MUST BE >= 1ms.
+//
+// ALTERNATIVE: not using policy attachment semantics
+message HTTPRouteTimeouts {
+  // Request specifies the duration for processing an HTTP client request after which the
+  // gateway will time out if unable to send a response.
+  // Whether the gateway starts the timeout before or after the entire client request stream
+  // has been received, is implementation-dependent.
+  //
+  // For example, setting the `rules.timeouts.request` field to the value `10s` in an
+  // `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds
+  // to complete.
+  //
+  // When this field is unspecified, request timeout behavior is implementation-dependent.
+  google.protobuf.Duration request = 1;
+
+  // BackendRequest specifies a timeout for an individual request from the gateway
+  // to a backend service. Typically used in conjuction with retry configuration,
+  // if supported by an implementation.
+  //
+  // The value of BackendRequest defaults to and must be <= the value of Request timeout.
+  //
+  // Support: Extended
+  //
+  // TODO(rb): net-new feature
+  google.protobuf.Duration backend_request = 2;
+
+  // TODO(RB): this is a consul-only feature
+  google.protobuf.Duration idle = 3;
+}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.binary.go b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.binary.go
index 5238331fb7f9..bb706d5da3d6 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.binary.go
@@ -46,3 +46,23 @@ func (msg *BootstrapConfig) MarshalBinary() ([]byte, error) {
 func (msg *BootstrapConfig) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *AccessLogsConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *AccessLogsConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *EnvoyExtension) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *EnvoyExtension) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
index 6ce928b15384..0072714553da 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
@@ -82,6 +82,110 @@ func (ProxyMode) EnumDescriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{0}
 }
 
+type LogSinkType int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	LogSinkType_LOG_SINK_TYPE_DEFAULT LogSinkType = 0
+	LogSinkType_LOG_SINK_TYPE_FILE    LogSinkType = 1
+	LogSinkType_LOG_SINK_TYPE_STDERR  LogSinkType = 2
+	LogSinkType_LOG_SINK_TYPE_STDOUT  LogSinkType = 3
+)
+
+// Enum value maps for LogSinkType.
+var (
+	LogSinkType_name = map[int32]string{
+		0: "LOG_SINK_TYPE_DEFAULT",
+		1: "LOG_SINK_TYPE_FILE",
+		2: "LOG_SINK_TYPE_STDERR",
+		3: "LOG_SINK_TYPE_STDOUT",
+	}
+	LogSinkType_value = map[string]int32{
+		"LOG_SINK_TYPE_DEFAULT": 0,
+		"LOG_SINK_TYPE_FILE":    1,
+		"LOG_SINK_TYPE_STDERR":  2,
+		"LOG_SINK_TYPE_STDOUT":  3,
+	}
+)
+
+func (x LogSinkType) Enum() *LogSinkType {
+	p := new(LogSinkType)
+	*p = x
+	return p
+}
+
+func (x LogSinkType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (LogSinkType) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[1].Descriptor()
+}
+
+func (LogSinkType) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[1]
+}
+
+func (x LogSinkType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use LogSinkType.Descriptor instead.
+func (LogSinkType) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{1}
+}
+
+type MutualTLSMode int32
+
+const (
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	MutualTLSMode_MUTUAL_TLS_MODE_DEFAULT    MutualTLSMode = 0
+	MutualTLSMode_MUTUAL_TLS_MODE_STRICT     MutualTLSMode = 1
+	MutualTLSMode_MUTUAL_TLS_MODE_PERMISSIVE MutualTLSMode = 2
+)
+
+// Enum value maps for MutualTLSMode.
+var (
+	MutualTLSMode_name = map[int32]string{
+		0: "MUTUAL_TLS_MODE_DEFAULT",
+		1: "MUTUAL_TLS_MODE_STRICT",
+		2: "MUTUAL_TLS_MODE_PERMISSIVE",
+	}
+	MutualTLSMode_value = map[string]int32{
+		"MUTUAL_TLS_MODE_DEFAULT":    0,
+		"MUTUAL_TLS_MODE_STRICT":     1,
+		"MUTUAL_TLS_MODE_PERMISSIVE": 2,
+	}
+)
+
+func (x MutualTLSMode) Enum() *MutualTLSMode {
+	p := new(MutualTLSMode)
+	*p = x
+	return p
+}
+
+func (x MutualTLSMode) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (MutualTLSMode) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[2].Descriptor()
+}
+
+func (MutualTLSMode) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[2]
+}
+
+func (x MutualTLSMode) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use MutualTLSMode.Descriptor instead.
+func (MutualTLSMode) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{2}
+}
+
+// This is a Resource type.
 type ProxyConfiguration struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -172,27 +276,31 @@ type DynamicConfig struct {
 	// mode indicates the proxy's mode. This will default to 'transparent'.
 	Mode             ProxyMode         `protobuf:"varint,1,opt,name=mode,proto3,enum=hashicorp.consul.mesh.v1alpha1.ProxyMode" json:"mode,omitempty"`
 	TransparentProxy *TransparentProxy `protobuf:"bytes,2,opt,name=transparent_proxy,json=transparentProxy,proto3" json:"transparent_proxy,omitempty"`
+	MutualTlsMode    MutualTLSMode     `protobuf:"varint,3,opt,name=mutual_tls_mode,json=mutualTlsMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MutualTLSMode" json:"mutual_tls_mode,omitempty"`
 	// local_connection is the configuration that should be used
 	// to connect to the local application provided per-port.
 	// The map keys should correspond to port names on the workload.
-	LocalConnection map[string]*ConnectionConfig `protobuf:"bytes,3,rep,name=local_connection,json=localConnection,proto3" json:"local_connection,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	LocalConnection map[string]*ConnectionConfig `protobuf:"bytes,4,rep,name=local_connection,json=localConnection,proto3" json:"local_connection,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// inbound_connections configures inbound connections to the proxy.
-	InboundConnections  *InboundConnectionsConfig `protobuf:"bytes,4,opt,name=inbound_connections,json=inboundConnections,proto3" json:"inbound_connections,omitempty"`
-	MeshGatewayMode     MeshGatewayMode           `protobuf:"varint,5,opt,name=mesh_gateway_mode,json=meshGatewayMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MeshGatewayMode" json:"mesh_gateway_mode,omitempty"`
-	ExposeConfig        *ExposeConfig             `protobuf:"bytes,6,opt,name=expose_config,json=exposeConfig,proto3" json:"expose_config,omitempty"`
-	PublicListenerJson  string                    `protobuf:"bytes,7,opt,name=public_listener_json,json=publicListenerJson,proto3" json:"public_listener_json,omitempty"`
-	ListenerTracingJson string                    `protobuf:"bytes,8,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"`
-	LocalClusterJson    string                    `protobuf:"bytes,9,opt,name=local_cluster_json,json=localClusterJson,proto3" json:"local_cluster_json,omitempty"`
+	InboundConnections *InboundConnectionsConfig `protobuf:"bytes,5,opt,name=inbound_connections,json=inboundConnections,proto3" json:"inbound_connections,omitempty"`
+	MeshGatewayMode    MeshGatewayMode           `protobuf:"varint,6,opt,name=mesh_gateway_mode,json=meshGatewayMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MeshGatewayMode" json:"mesh_gateway_mode,omitempty"`
+	ExposeConfig       *ExposeConfig             `protobuf:"bytes,7,opt,name=expose_config,json=exposeConfig,proto3" json:"expose_config,omitempty"`
+	// AccessLogs configures the output and format of Envoy access logs
+	AccessLogs          *AccessLogsConfig `protobuf:"bytes,8,opt,name=access_logs,json=accessLogs,proto3" json:"access_logs,omitempty"`
+	EnvoyExtensions     []*EnvoyExtension `protobuf:"bytes,9,rep,name=envoy_extensions,json=envoyExtensions,proto3" json:"envoy_extensions,omitempty"`
+	PublicListenerJson  string            `protobuf:"bytes,10,opt,name=public_listener_json,json=publicListenerJson,proto3" json:"public_listener_json,omitempty"`
+	ListenerTracingJson string            `protobuf:"bytes,11,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"`
+	LocalClusterJson    string            `protobuf:"bytes,12,opt,name=local_cluster_json,json=localClusterJson,proto3" json:"local_cluster_json,omitempty"`
 	// deprecated:
 	// local_workload_address, local_workload_port, and local_workload_socket_path
 	// are deprecated and are only needed for migration of existing resources.
 	//
 	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
-	LocalWorkloadAddress string `protobuf:"bytes,10,opt,name=local_workload_address,json=localWorkloadAddress,proto3" json:"local_workload_address,omitempty"`
+	LocalWorkloadAddress string `protobuf:"bytes,13,opt,name=local_workload_address,json=localWorkloadAddress,proto3" json:"local_workload_address,omitempty"`
 	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
-	LocalWorkloadPort uint32 `protobuf:"varint,11,opt,name=local_workload_port,json=localWorkloadPort,proto3" json:"local_workload_port,omitempty"`
+	LocalWorkloadPort uint32 `protobuf:"varint,14,opt,name=local_workload_port,json=localWorkloadPort,proto3" json:"local_workload_port,omitempty"`
 	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
-	LocalWorkloadSocketPath string `protobuf:"bytes,12,opt,name=local_workload_socket_path,json=localWorkloadSocketPath,proto3" json:"local_workload_socket_path,omitempty"`
+	LocalWorkloadSocketPath string `protobuf:"bytes,15,opt,name=local_workload_socket_path,json=localWorkloadSocketPath,proto3" json:"local_workload_socket_path,omitempty"`
 }
 
 func (x *DynamicConfig) Reset() {
@@ -241,6 +349,13 @@ func (x *DynamicConfig) GetTransparentProxy() *TransparentProxy {
 	return nil
 }
 
+func (x *DynamicConfig) GetMutualTlsMode() MutualTLSMode {
+	if x != nil {
+		return x.MutualTlsMode
+	}
+	return MutualTLSMode_MUTUAL_TLS_MODE_DEFAULT
+}
+
 func (x *DynamicConfig) GetLocalConnection() map[string]*ConnectionConfig {
 	if x != nil {
 		return x.LocalConnection
@@ -269,6 +384,20 @@ func (x *DynamicConfig) GetExposeConfig() *ExposeConfig {
 	return nil
 }
 
+func (x *DynamicConfig) GetAccessLogs() *AccessLogsConfig {
+	if x != nil {
+		return x.AccessLogs
+	}
+	return nil
+}
+
+func (x *DynamicConfig) GetEnvoyExtensions() []*EnvoyExtension {
+	if x != nil {
+		return x.EnvoyExtensions
+	}
+	return nil
+}
+
 func (x *DynamicConfig) GetPublicListenerJson() string {
 	if x != nil {
 		return x.PublicListenerJson
@@ -518,6 +647,182 @@ func (x *BootstrapConfig) GetTracingConfigJson() string {
 	return ""
 }
 
+// AccessLogsConfig contains the associated default settings for all Envoy
+// instances within the datacenter or partition
+type AccessLogsConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Enabled turns off all access logging
+	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
+	// DisableListenerLogs turns off just listener logs for connections rejected by Envoy because they don't
+	// have a matching listener filter.
+	DisableListenerLogs bool `protobuf:"varint,2,opt,name=disable_listener_logs,json=disableListenerLogs,proto3" json:"disable_listener_logs,omitempty"`
+	// Type selects the output for logs: "file", "stderr". "stdout"
+	Type LogSinkType `protobuf:"varint,3,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.LogSinkType" json:"type,omitempty"`
+	// Path is the output file to write logs
+	Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
+	// The presence of one format string or the other implies the access log string encoding.
+	// Defining Both is invalid.
+	JsonFormat string `protobuf:"bytes,5,opt,name=json_format,json=jsonFormat,proto3" json:"json_format,omitempty"`
+	TextFormat string `protobuf:"bytes,6,opt,name=text_format,json=textFormat,proto3" json:"text_format,omitempty"`
+}
+
+func (x *AccessLogsConfig) Reset() {
+	*x = AccessLogsConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *AccessLogsConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AccessLogsConfig) ProtoMessage() {}
+
+func (x *AccessLogsConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AccessLogsConfig.ProtoReflect.Descriptor instead.
+func (*AccessLogsConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *AccessLogsConfig) GetEnabled() bool {
+	if x != nil {
+		return x.Enabled
+	}
+	return false
+}
+
+func (x *AccessLogsConfig) GetDisableListenerLogs() bool {
+	if x != nil {
+		return x.DisableListenerLogs
+	}
+	return false
+}
+
+func (x *AccessLogsConfig) GetType() LogSinkType {
+	if x != nil {
+		return x.Type
+	}
+	return LogSinkType_LOG_SINK_TYPE_DEFAULT
+}
+
+func (x *AccessLogsConfig) GetPath() string {
+	if x != nil {
+		return x.Path
+	}
+	return ""
+}
+
+func (x *AccessLogsConfig) GetJsonFormat() string {
+	if x != nil {
+		return x.JsonFormat
+	}
+	return ""
+}
+
+func (x *AccessLogsConfig) GetTextFormat() string {
+	if x != nil {
+		return x.TextFormat
+	}
+	return ""
+}
+
+// EnvoyExtension has configuration for an extension that patches Envoy resources.
+type EnvoyExtension struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name          string           `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Required      bool             `protobuf:"varint,2,opt,name=required,proto3" json:"required,omitempty"`
+	Arguments     *structpb.Struct `protobuf:"bytes,3,opt,name=arguments,proto3" json:"arguments,omitempty"`
+	ConsulVersion string           `protobuf:"bytes,4,opt,name=consul_version,json=consulVersion,proto3" json:"consul_version,omitempty"`
+	EnvoyVersion  string           `protobuf:"bytes,5,opt,name=envoy_version,json=envoyVersion,proto3" json:"envoy_version,omitempty"`
+}
+
+func (x *EnvoyExtension) Reset() {
+	*x = EnvoyExtension{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EnvoyExtension) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EnvoyExtension) ProtoMessage() {}
+
+func (x *EnvoyExtension) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EnvoyExtension.ProtoReflect.Descriptor instead.
+func (*EnvoyExtension) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *EnvoyExtension) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *EnvoyExtension) GetRequired() bool {
+	if x != nil {
+		return x.Required
+	}
+	return false
+}
+
+func (x *EnvoyExtension) GetArguments() *structpb.Struct {
+	if x != nil {
+		return x.Arguments
+	}
+	return nil
+}
+
+func (x *EnvoyExtension) GetConsulVersion() string {
+	if x != nil {
+		return x.ConsulVersion
+	}
+	return ""
+}
+
+func (x *EnvoyExtension) GetEnvoyVersion() string {
+	if x != nil {
+		return x.EnvoyVersion
+	}
+	return ""
+}
+
 var File_pbmesh_v1alpha1_proxy_configuration_proto protoreflect.FileDescriptor
 
 var file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc = []byte{
@@ -557,7 +862,7 @@ var file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc = []byte{
 	0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17,
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
 	0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0c, 0x6f, 0x70, 0x61,
-	0x71, 0x75, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xf0, 0x07, 0x0a, 0x0d, 0x44, 0x79,
+	0x71, 0x75, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xf5, 0x09, 0x0a, 0x0d, 0x44, 0x79,
 	0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3d, 0x0a, 0x04, 0x6d,
 	0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
@@ -568,127 +873,185 @@ var file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc = []byte{
 	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
 	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65,
 	0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x10, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61,
-	0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x6d, 0x0a, 0x10, 0x6c, 0x6f, 0x63,
-	0x61, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x69, 0x0a, 0x13, 0x69, 0x6e, 0x62, 0x6f,
-	0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x55, 0x0a, 0x0f, 0x6d, 0x75, 0x74,
+	0x75, 0x61, 0x6c, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64,
+	0x65, 0x52, 0x0d, 0x6d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x6c, 0x73, 0x4d, 0x6f, 0x64, 0x65,
+	0x12, 0x6d, 0x0a, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x79, 0x6e, 0x61,
+	0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f,
+	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12,
+	0x69, 0x0a, 0x13, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x12, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5b, 0x0a, 0x11, 0x6d, 0x65,
+	0x73, 0x68, 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
 	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
-	0x12, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x12, 0x5b, 0x0a, 0x11, 0x6d, 0x65, 0x73, 0x68, 0x5f, 0x67, 0x61, 0x74, 0x65,
-	0x77, 0x61, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77,
+	0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65,
+	0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x51, 0x0a, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73,
+	0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c,
 	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
 	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52,
-	0x0f, 0x6d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65,
-	0x12, 0x51, 0x0a, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0c, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6c, 0x69,
-	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x12, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65,
-	0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65,
-	0x72, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x08,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x54, 0x72,
-	0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x6c, 0x6f, 0x63,
-	0x61, 0x6c, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18,
-	0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6c, 0x75, 0x73,
-	0x74, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x16, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
-	0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
-	0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x14, 0x6c, 0x6f, 0x63,
-	0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73,
-	0x73, 0x12, 0x32, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c,
-	0x6f, 0x61, 0x64, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02,
-	0x18, 0x01, 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61,
-	0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x3f, 0x0a, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77,
-	0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x70,
-	0x61, 0x74, 0x68, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x17, 0x6c,
-	0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x6f, 0x63, 0x6b,
-	0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x74, 0x0a, 0x14, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
-	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
-	0x12, 0x46, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0c, 0x65, 0x78,
+	0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x51, 0x0a, 0x0b, 0x61, 0x63,
+	0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32,
 	0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
 	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x71, 0x0a, 0x10,
-	0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79,
-	0x12, 0x34, 0x0a, 0x16, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x73,
-	0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d,
-	0x52, 0x14, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
-	0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64,
-	0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x0e, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x22,
-	0xc0, 0x04, 0x0a, 0x0f, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72,
-	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55,
-	0x72, 0x6c, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f,
-	0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x6f, 0x67, 0x73, 0x74,
-	0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73,
-	0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61,
-	0x74, 0x73, 0x54, 0x61, 0x67, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74,
-	0x68, 0x65, 0x75, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
-	0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x73, 0x74, 0x61, 0x74,
-	0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0d, 0x73, 0x74, 0x61, 0x74, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72,
-	0x12, 0x26, 0x0a, 0x0f, 0x72, 0x65, 0x61, 0x64, 0x79, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61,
-	0x64, 0x64, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x72, 0x65, 0x61, 0x64, 0x79,
-	0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x76, 0x65, 0x72,
-	0x72, 0x69, 0x64, 0x65, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x74, 0x70, 0x6c, 0x18, 0x07, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x4a, 0x73, 0x6f,
-	0x6e, 0x54, 0x70, 0x6c, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x63,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65,
-	0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63,
-	0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18,
-	0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x4c, 0x69, 0x73,
-	0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x28, 0x0a, 0x10, 0x73, 0x74,
-	0x61, 0x74, 0x73, 0x5f, 0x73, 0x69, 0x6e, 0x6b, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0a,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x73, 0x53, 0x69, 0x6e, 0x6b, 0x73,
-	0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e,
-	0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x66, 0x6c, 0x75, 0x73, 0x68, 0x5f,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12,
-	0x73, 0x74, 0x61, 0x74, 0x73, 0x46, 0x6c, 0x75, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76,
-	0x61, 0x6c, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x11, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73,
-	0x6f, 0x6e, 0x2a, 0x56, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12,
-	0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x45,
-	0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x50, 0x52, 0x4f, 0x58, 0x59,
-	0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x50, 0x41, 0x52, 0x45, 0x4e,
-	0x54, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44,
-	0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x10, 0x02, 0x42, 0x9f, 0x02, 0x0a, 0x22, 0x63,
-	0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x42, 0x17, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69,
-	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
-	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73,
-	0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
-	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d,
-	0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42,
-	0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65,
-	0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33,
+	0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x59, 0x0a,
+	0x10, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x75, 0x62, 0x6c,
+	0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e,
+	0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4c, 0x69,
+	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69,
+	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a,
+	0x73, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65,
+	0x6e, 0x65, 0x72, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2c,
+	0x0a, 0x12, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f,
+	0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x6c, 0x6f, 0x63, 0x61,
+	0x6c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x16,
+	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x61,
+	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01,
+	0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x41,
+	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x32, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f,
+	0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0e, 0x20,
+	0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f,
+	0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x3f, 0x0a, 0x1a, 0x6c, 0x6f,
+	0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x6f, 0x63,
+	0x6b, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02,
+	0x18, 0x01, 0x52, 0x17, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61,
+	0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x74, 0x0a, 0x14, 0x4c,
+	0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x46, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
+	0x01, 0x22, 0x71, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
+	0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x34, 0x0a, 0x16, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e,
+	0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x14, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c,
+	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64,
+	0x69, 0x61, 0x6c, 0x65, 0x64, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65,
+	0x63, 0x74, 0x6c, 0x79, 0x22, 0xc0, 0x04, 0x0a, 0x0f, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72,
+	0x61, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74,
+	0x73, 0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74,
+	0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x6f, 0x67, 0x73, 0x74,
+	0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c,
+	0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x1d, 0x0a, 0x0a,
+	0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09,
+	0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, 0x54, 0x61, 0x67, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70,
+	0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61,
+	0x64, 0x64, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, 0x6f, 0x6d, 0x65,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a,
+	0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72,
+	0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x74, 0x61, 0x74, 0x73, 0x42, 0x69, 0x6e,
+	0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x72, 0x65, 0x61, 0x64, 0x79, 0x5f, 0x62,
+	0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d,
+	0x72, 0x65, 0x61, 0x64, 0x79, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x2a, 0x0a,
+	0x11, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x74,
+	0x70, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69,
+	0x64, 0x65, 0x4a, 0x73, 0x6f, 0x6e, 0x54, 0x70, 0x6c, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61,
+	0x74, 0x69, 0x63, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f,
+	0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x43,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x73,
+	0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x5f,
+	0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x73, 0x74, 0x61, 0x74,
+	0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12,
+	0x28, 0x0a, 0x10, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x73, 0x69, 0x6e, 0x6b, 0x73, 0x5f, 0x6a,
+	0x73, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x73,
+	0x53, 0x69, 0x6e, 0x6b, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x74, 0x61,
+	0x74, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x66,
+	0x6c, 0x75, 0x73, 0x68, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0c, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x73, 0x46, 0x6c, 0x75, 0x73, 0x68, 0x49,
+	0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x63, 0x69,
+	0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0d,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x22, 0xf7, 0x01, 0x0a, 0x10, 0x41, 0x63, 0x63, 0x65,
+	0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07,
+	0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65,
+	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x32, 0x0a, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c,
+	0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x4c, 0x69,
+	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x3f, 0x0a, 0x04, 0x74, 0x79,
+	0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e,
+	0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70,
+	0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12,
+	0x1f, 0x0a, 0x0b, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6a, 0x73, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74,
+	0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x65, 0x78, 0x74, 0x46, 0x6f, 0x72, 0x6d, 0x61,
+	0x74, 0x22, 0xc3, 0x01, 0x0a, 0x0e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x71, 0x75,
+	0x69, 0x72, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x71, 0x75,
+	0x69, 0x72, 0x65, 0x64, 0x12, 0x35, 0x0a, 0x09, 0x61, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74,
+	0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74,
+	0x52, 0x09, 0x61, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x65, 0x6e, 0x76, 0x6f, 0x79,
+	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x2a, 0x56, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79,
+	0x4d, 0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f,
+	0x44, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16,
+	0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53,
+	0x50, 0x41, 0x52, 0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x50, 0x52, 0x4f, 0x58,
+	0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x10, 0x02, 0x2a,
+	0x74, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19,
+	0x0a, 0x15, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4c, 0x4f, 0x47,
+	0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10,
+	0x01, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59,
+	0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x45, 0x52, 0x52, 0x10, 0x02, 0x12, 0x18, 0x0a, 0x14, 0x4c,
+	0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44,
+	0x4f, 0x55, 0x54, 0x10, 0x03, 0x2a, 0x68, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54,
+	0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c,
+	0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c,
+	0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c,
+	0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x01, 0x12,
+	0x1e, 0x0a, 0x1a, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f,
+	0x44, 0x45, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x02, 0x42,
+	0x9f, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x17, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+	0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65,
+	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02,
+	0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca,
+	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -703,39 +1066,48 @@ func file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP() []byte {
 	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescData
 }
 
-var file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
+var file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
+var file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
 var file_pbmesh_v1alpha1_proxy_configuration_proto_goTypes = []interface{}{
 	(ProxyMode)(0),                    // 0: hashicorp.consul.mesh.v1alpha1.ProxyMode
-	(*ProxyConfiguration)(nil),        // 1: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration
-	(*DynamicConfig)(nil),             // 2: hashicorp.consul.mesh.v1alpha1.DynamicConfig
-	(*TransparentProxy)(nil),          // 3: hashicorp.consul.mesh.v1alpha1.TransparentProxy
-	(*BootstrapConfig)(nil),           // 4: hashicorp.consul.mesh.v1alpha1.BootstrapConfig
-	nil,                               // 5: hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry
-	(*v1alpha1.WorkloadSelector)(nil), // 6: hashicorp.consul.catalog.v1alpha1.WorkloadSelector
-	(*structpb.Struct)(nil),           // 7: google.protobuf.Struct
-	(*InboundConnectionsConfig)(nil),  // 8: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig
-	(MeshGatewayMode)(0),              // 9: hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
-	(*ExposeConfig)(nil),              // 10: hashicorp.consul.mesh.v1alpha1.ExposeConfig
-	(*ConnectionConfig)(nil),          // 11: hashicorp.consul.mesh.v1alpha1.ConnectionConfig
+	(LogSinkType)(0),                  // 1: hashicorp.consul.mesh.v1alpha1.LogSinkType
+	(MutualTLSMode)(0),                // 2: hashicorp.consul.mesh.v1alpha1.MutualTLSMode
+	(*ProxyConfiguration)(nil),        // 3: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration
+	(*DynamicConfig)(nil),             // 4: hashicorp.consul.mesh.v1alpha1.DynamicConfig
+	(*TransparentProxy)(nil),          // 5: hashicorp.consul.mesh.v1alpha1.TransparentProxy
+	(*BootstrapConfig)(nil),           // 6: hashicorp.consul.mesh.v1alpha1.BootstrapConfig
+	(*AccessLogsConfig)(nil),          // 7: hashicorp.consul.mesh.v1alpha1.AccessLogsConfig
+	(*EnvoyExtension)(nil),            // 8: hashicorp.consul.mesh.v1alpha1.EnvoyExtension
+	nil,                               // 9: hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry
+	(*v1alpha1.WorkloadSelector)(nil), // 10: hashicorp.consul.catalog.v1alpha1.WorkloadSelector
+	(*structpb.Struct)(nil),           // 11: google.protobuf.Struct
+	(*InboundConnectionsConfig)(nil),  // 12: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig
+	(MeshGatewayMode)(0),              // 13: hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
+	(*ExposeConfig)(nil),              // 14: hashicorp.consul.mesh.v1alpha1.ExposeConfig
+	(*ConnectionConfig)(nil),          // 15: hashicorp.consul.mesh.v1alpha1.ConnectionConfig
 }
 var file_pbmesh_v1alpha1_proxy_configuration_proto_depIdxs = []int32{
-	6,  // 0: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
-	2,  // 1: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.dynamic_config:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicConfig
-	4,  // 2: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.bootstrap_config:type_name -> hashicorp.consul.mesh.v1alpha1.BootstrapConfig
-	7,  // 3: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.opaque_config:type_name -> google.protobuf.Struct
+	10, // 0: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
+	4,  // 1: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.dynamic_config:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicConfig
+	6,  // 2: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.bootstrap_config:type_name -> hashicorp.consul.mesh.v1alpha1.BootstrapConfig
+	11, // 3: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.opaque_config:type_name -> google.protobuf.Struct
 	0,  // 4: hashicorp.consul.mesh.v1alpha1.DynamicConfig.mode:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyMode
-	3,  // 5: hashicorp.consul.mesh.v1alpha1.DynamicConfig.transparent_proxy:type_name -> hashicorp.consul.mesh.v1alpha1.TransparentProxy
-	5,  // 6: hashicorp.consul.mesh.v1alpha1.DynamicConfig.local_connection:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry
-	8,  // 7: hashicorp.consul.mesh.v1alpha1.DynamicConfig.inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig
-	9,  // 8: hashicorp.consul.mesh.v1alpha1.DynamicConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
-	10, // 9: hashicorp.consul.mesh.v1alpha1.DynamicConfig.expose_config:type_name -> hashicorp.consul.mesh.v1alpha1.ExposeConfig
-	11, // 10: hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.ConnectionConfig
-	11, // [11:11] is the sub-list for method output_type
-	11, // [11:11] is the sub-list for method input_type
-	11, // [11:11] is the sub-list for extension type_name
-	11, // [11:11] is the sub-list for extension extendee
-	0,  // [0:11] is the sub-list for field type_name
+	5,  // 5: hashicorp.consul.mesh.v1alpha1.DynamicConfig.transparent_proxy:type_name -> hashicorp.consul.mesh.v1alpha1.TransparentProxy
+	2,  // 6: hashicorp.consul.mesh.v1alpha1.DynamicConfig.mutual_tls_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MutualTLSMode
+	9,  // 7: hashicorp.consul.mesh.v1alpha1.DynamicConfig.local_connection:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry
+	12, // 8: hashicorp.consul.mesh.v1alpha1.DynamicConfig.inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig
+	13, // 9: hashicorp.consul.mesh.v1alpha1.DynamicConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
+	14, // 10: hashicorp.consul.mesh.v1alpha1.DynamicConfig.expose_config:type_name -> hashicorp.consul.mesh.v1alpha1.ExposeConfig
+	7,  // 11: hashicorp.consul.mesh.v1alpha1.DynamicConfig.access_logs:type_name -> hashicorp.consul.mesh.v1alpha1.AccessLogsConfig
+	8,  // 12: hashicorp.consul.mesh.v1alpha1.DynamicConfig.envoy_extensions:type_name -> hashicorp.consul.mesh.v1alpha1.EnvoyExtension
+	1,  // 13: hashicorp.consul.mesh.v1alpha1.AccessLogsConfig.type:type_name -> hashicorp.consul.mesh.v1alpha1.LogSinkType
+	11, // 14: hashicorp.consul.mesh.v1alpha1.EnvoyExtension.arguments:type_name -> google.protobuf.Struct
+	15, // 15: hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.ConnectionConfig
+	16, // [16:16] is the sub-list for method output_type
+	16, // [16:16] is the sub-list for method input_type
+	16, // [16:16] is the sub-list for extension type_name
+	16, // [16:16] is the sub-list for extension extendee
+	0,  // [0:16] is the sub-list for field type_name
 }
 
 func init() { file_pbmesh_v1alpha1_proxy_configuration_proto_init() }
@@ -795,14 +1167,38 @@ func file_pbmesh_v1alpha1_proxy_configuration_proto_init() {
 				return nil
 			}
 		}
+		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*AccessLogsConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EnvoyExtension); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   5,
+			NumEnums:      3,
+			NumMessages:   7,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto-public/pbmesh/v1alpha1/proxy_configuration.proto b/proto-public/pbmesh/v1alpha1/proxy_configuration.proto
index 06ebecbf4aba..c20ff3d47c44 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_configuration.proto
+++ b/proto-public/pbmesh/v1alpha1/proxy_configuration.proto
@@ -11,6 +11,7 @@ import "pbmesh/v1alpha1/connection.proto";
 import "pbmesh/v1alpha1/expose.proto";
 import "pbmesh/v1alpha1/routing.proto";
 
+// This is a Resource type.
 message ProxyConfiguration {
   // Selection of workloads this proxy configuration should apply to.
   // These can be prefixes or specific workload names.
@@ -35,28 +36,35 @@ message DynamicConfig {
 
   TransparentProxy transparent_proxy = 2;
 
+  MutualTLSMode mutual_tls_mode = 3;
+
   // local_connection is the configuration that should be used
   // to connect to the local application provided per-port.
   // The map keys should correspond to port names on the workload.
-  map<string, ConnectionConfig> local_connection = 3;
+  map<string, ConnectionConfig> local_connection = 4;
 
   // inbound_connections configures inbound connections to the proxy.
-  InboundConnectionsConfig inbound_connections = 4;
+  InboundConnectionsConfig inbound_connections = 5;
+
+  MeshGatewayMode mesh_gateway_mode = 6;
+
+  ExposeConfig expose_config = 7;
 
-  MeshGatewayMode mesh_gateway_mode = 5;
+  // AccessLogs configures the output and format of Envoy access logs
+  AccessLogsConfig access_logs = 8;
 
-  ExposeConfig expose_config = 6;
+  repeated EnvoyExtension envoy_extensions = 9;
 
-  string public_listener_json = 7;
-  string listener_tracing_json = 8;
-  string local_cluster_json = 9;
+  string public_listener_json = 10;
+  string listener_tracing_json = 11;
+  string local_cluster_json = 12;
 
   // deprecated:
   // local_workload_address, local_workload_port, and local_workload_socket_path
   // are deprecated and are only needed for migration of existing resources.
-  string local_workload_address = 10 [deprecated = true];
-  uint32 local_workload_port = 11 [deprecated = true];
-  string local_workload_socket_path = 12 [deprecated = true];
+  string local_workload_address = 13 [deprecated = true];
+  uint32 local_workload_port = 14 [deprecated = true];
+  string local_workload_socket_path = 15 [deprecated = true];
 }
 
 message TransparentProxy {
@@ -102,3 +110,49 @@ enum ProxyMode {
   // by the local application and other proxies.
   PROXY_MODE_DIRECT = 2;
 }
+
+// AccessLogsConfig contains the associated default settings for all Envoy
+// instances within the datacenter or partition
+message AccessLogsConfig {
+  // Enabled turns off all access logging
+  bool enabled = 1;
+
+  // DisableListenerLogs turns off just listener logs for connections rejected by Envoy because they don't
+  // have a matching listener filter.
+  bool disable_listener_logs = 2;
+
+  // Type selects the output for logs: "file", "stderr". "stdout"
+  LogSinkType type = 3;
+
+  // Path is the output file to write logs
+  string path = 4;
+
+  // The presence of one format string or the other implies the access log string encoding.
+  // Defining Both is invalid.
+  string json_format = 5;
+  string text_format = 6;
+}
+
+enum LogSinkType {
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  LOG_SINK_TYPE_DEFAULT = 0;
+  LOG_SINK_TYPE_FILE = 1;
+  LOG_SINK_TYPE_STDERR = 2;
+  LOG_SINK_TYPE_STDOUT = 3;
+}
+
+// EnvoyExtension has configuration for an extension that patches Envoy resources.
+message EnvoyExtension {
+  string name = 1;
+  bool required = 2;
+  google.protobuf.Struct arguments = 3;
+  string consul_version = 4;
+  string envoy_version = 5;
+}
+
+enum MutualTLSMode {
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  MUTUAL_TLS_MODE_DEFAULT = 0;
+  MUTUAL_TLS_MODE_STRICT = 1;
+  MUTUAL_TLS_MODE_PERMISSIVE = 2;
+}
diff --git a/proto-public/pbmesh/v1alpha1/tcp_route.pb.binary.go b/proto-public/pbmesh/v1alpha1/tcp_route.pb.binary.go
new file mode 100644
index 000000000000..6a7885b9ca72
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/tcp_route.pb.binary.go
@@ -0,0 +1,38 @@
+// Code generated by protoc-gen-go-binary. DO NOT EDIT.
+// source: pbmesh/v1alpha1/tcp_route.proto
+
+package meshv1alpha1
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *TCPRoute) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *TCPRoute) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *TCPRouteRule) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *TCPRouteRule) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *TCPBackendRef) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *TCPBackendRef) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/tcp_route.pb.go b/proto-public/pbmesh/v1alpha1/tcp_route.pb.go
new file mode 100644
index 000000000000..6a8cf5700fc4
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/tcp_route.pb.go
@@ -0,0 +1,362 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/tcp_route.proto
+
+package meshv1alpha1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// NOTE: this should align to the GAMMA/gateway-api version, or at least be
+// easily translatable.
+//
+// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.TCPRoute
+//
+// This is a Resource type.
+type TCPRoute struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// ParentRefs references the resources (usually Gateways) that a Route wants
+	// to be attached to. Note that the referenced parent resource needs to allow
+	// this for the attachment to be complete. For Gateways, that means the
+	// Gateway needs to allow attachment from Routes of this kind and namespace.
+	//
+	// It is invalid to reference an identical parent more than once. It is valid
+	// to reference multiple distinct sections within the same parent resource,
+	// such as 2 Listeners within a Gateway.
+	ParentRefs []*ParentReference `protobuf:"bytes,1,rep,name=parent_refs,json=parentRefs,proto3" json:"parent_refs,omitempty"`
+	// Rules are a list of TCP matchers and actions.
+	Rules []*TCPRouteRule `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"`
+}
+
+func (x *TCPRoute) Reset() {
+	*x = TCPRoute{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TCPRoute) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TCPRoute) ProtoMessage() {}
+
+func (x *TCPRoute) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TCPRoute.ProtoReflect.Descriptor instead.
+func (*TCPRoute) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_tcp_route_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *TCPRoute) GetParentRefs() []*ParentReference {
+	if x != nil {
+		return x.ParentRefs
+	}
+	return nil
+}
+
+func (x *TCPRoute) GetRules() []*TCPRouteRule {
+	if x != nil {
+		return x.Rules
+	}
+	return nil
+}
+
+type TCPRouteRule struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// BackendRefs defines the backend(s) where matching requests should be sent.
+	// If unspecified or invalid (refers to a non-existent resource or a Service
+	// with no endpoints), the underlying implementation MUST actively reject
+	// connection attempts to this backend. Connection rejections must respect
+	// weight; if an invalid backend is requested to have 80% of connections,
+	// then 80% of connections must be rejected instead.
+	BackendRefs []*TCPBackendRef `protobuf:"bytes,1,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
+}
+
+func (x *TCPRouteRule) Reset() {
+	*x = TCPRouteRule{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TCPRouteRule) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TCPRouteRule) ProtoMessage() {}
+
+func (x *TCPRouteRule) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TCPRouteRule.ProtoReflect.Descriptor instead.
+func (*TCPRouteRule) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_tcp_route_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *TCPRouteRule) GetBackendRefs() []*TCPBackendRef {
+	if x != nil {
+		return x.BackendRefs
+	}
+	return nil
+}
+
+type TCPBackendRef struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	BackendRef *BackendReference `protobuf:"bytes,1,opt,name=backend_ref,json=backendRef,proto3" json:"backend_ref,omitempty"`
+	// Weight specifies the proportion of requests forwarded to the referenced
+	// backend. This is computed as weight/(sum of all weights in this
+	// BackendRefs list). For non-zero values, there may be some epsilon from the
+	// exact proportion defined here depending on the precision an implementation
+	// supports. Weight is not a percentage and the sum of weights does not need
+	// to equal 100.
+	//
+	// If only one backend is specified and it has a weight greater than 0, 100%
+	// of the traffic is forwarded to that backend. If weight is set to 0, no
+	// traffic should be forwarded for this entry. If unspecified, weight defaults
+	// to 1.
+	Weight uint32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
+}
+
+func (x *TCPBackendRef) Reset() {
+	*x = TCPBackendRef{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TCPBackendRef) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TCPBackendRef) ProtoMessage() {}
+
+func (x *TCPBackendRef) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TCPBackendRef.ProtoReflect.Descriptor instead.
+func (*TCPBackendRef) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_tcp_route_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *TCPBackendRef) GetBackendRef() *BackendReference {
+	if x != nil {
+		return x.BackendRef
+	}
+	return nil
+}
+
+func (x *TCPBackendRef) GetWeight() uint32 {
+	if x != nil {
+		return x.Weight
+	}
+	return 0
+}
+
+var File_pbmesh_v1alpha1_tcp_route_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_tcp_route_proto_rawDesc = []byte{
+	0x0a, 0x1f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x74, 0x63, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x1a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22,
+	0xa0, 0x01, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x50, 0x0a, 0x0b,
+	0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e,
+	0x63, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x73, 0x12, 0x42,
+	0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54,
+	0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x72, 0x75, 0x6c,
+	0x65, 0x73, 0x22, 0x60, 0x0a, 0x0c, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75,
+	0x6c, 0x65, 0x12, 0x50, 0x0a, 0x0c, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65,
+	0x66, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x43, 0x50, 0x42, 0x61, 0x63,
+	0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64,
+	0x52, 0x65, 0x66, 0x73, 0x22, 0x7a, 0x0a, 0x0d, 0x54, 0x43, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65,
+	0x6e, 0x64, 0x52, 0x65, 0x66, 0x12, 0x51, 0x0a, 0x0b, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64,
+	0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x63, 0x6b,
+	0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x62, 0x61,
+	0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67,
+	0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74,
+	0x42, 0x95, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d, 0x54, 0x63, 0x70, 0x52, 0x6f, 0x75, 0x74,
+	0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c,
+	0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2,
+	0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
+	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_tcp_route_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_tcp_route_proto_rawDescData = file_pbmesh_v1alpha1_tcp_route_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_tcp_route_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_tcp_route_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_tcp_route_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_tcp_route_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_tcp_route_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_tcp_route_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
+var file_pbmesh_v1alpha1_tcp_route_proto_goTypes = []interface{}{
+	(*TCPRoute)(nil),         // 0: hashicorp.consul.mesh.v1alpha1.TCPRoute
+	(*TCPRouteRule)(nil),     // 1: hashicorp.consul.mesh.v1alpha1.TCPRouteRule
+	(*TCPBackendRef)(nil),    // 2: hashicorp.consul.mesh.v1alpha1.TCPBackendRef
+	(*ParentReference)(nil),  // 3: hashicorp.consul.mesh.v1alpha1.ParentReference
+	(*BackendReference)(nil), // 4: hashicorp.consul.mesh.v1alpha1.BackendReference
+}
+var file_pbmesh_v1alpha1_tcp_route_proto_depIdxs = []int32{
+	3, // 0: hashicorp.consul.mesh.v1alpha1.TCPRoute.parent_refs:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
+	1, // 1: hashicorp.consul.mesh.v1alpha1.TCPRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.TCPRouteRule
+	2, // 2: hashicorp.consul.mesh.v1alpha1.TCPRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.TCPBackendRef
+	4, // 3: hashicorp.consul.mesh.v1alpha1.TCPBackendRef.backend_ref:type_name -> hashicorp.consul.mesh.v1alpha1.BackendReference
+	4, // [4:4] is the sub-list for method output_type
+	4, // [4:4] is the sub-list for method input_type
+	4, // [4:4] is the sub-list for extension type_name
+	4, // [4:4] is the sub-list for extension extendee
+	0, // [0:4] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_tcp_route_proto_init() }
+func file_pbmesh_v1alpha1_tcp_route_proto_init() {
+	if File_pbmesh_v1alpha1_tcp_route_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_common_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TCPRoute); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TCPRouteRule); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TCPBackendRef); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_tcp_route_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   3,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_tcp_route_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_tcp_route_proto_depIdxs,
+		MessageInfos:      file_pbmesh_v1alpha1_tcp_route_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_tcp_route_proto = out.File
+	file_pbmesh_v1alpha1_tcp_route_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_tcp_route_proto_goTypes = nil
+	file_pbmesh_v1alpha1_tcp_route_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/tcp_route.proto b/proto-public/pbmesh/v1alpha1/tcp_route.proto
new file mode 100644
index 000000000000..0a6c974c046b
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/tcp_route.proto
@@ -0,0 +1,56 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+syntax = "proto3";
+
+package hashicorp.consul.mesh.v1alpha1;
+
+import "pbmesh/v1alpha1/common.proto";
+
+// NOTE: this should align to the GAMMA/gateway-api version, or at least be
+// easily translatable.
+//
+// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.TCPRoute
+//
+// This is a Resource type.
+message TCPRoute {
+  // ParentRefs references the resources (usually Gateways) that a Route wants
+  // to be attached to. Note that the referenced parent resource needs to allow
+  // this for the attachment to be complete. For Gateways, that means the
+  // Gateway needs to allow attachment from Routes of this kind and namespace.
+  //
+  // It is invalid to reference an identical parent more than once. It is valid
+  // to reference multiple distinct sections within the same parent resource,
+  // such as 2 Listeners within a Gateway.
+  repeated ParentReference parent_refs = 1;
+
+  // Rules are a list of TCP matchers and actions.
+  repeated TCPRouteRule rules = 2;
+}
+
+message TCPRouteRule {
+  // BackendRefs defines the backend(s) where matching requests should be sent.
+  // If unspecified or invalid (refers to a non-existent resource or a Service
+  // with no endpoints), the underlying implementation MUST actively reject
+  // connection attempts to this backend. Connection rejections must respect
+  // weight; if an invalid backend is requested to have 80% of connections,
+  // then 80% of connections must be rejected instead.
+  repeated TCPBackendRef backend_refs = 1;
+}
+
+message TCPBackendRef {
+  BackendReference backend_ref = 1;
+
+  // Weight specifies the proportion of requests forwarded to the referenced
+  // backend. This is computed as weight/(sum of all weights in this
+  // BackendRefs list). For non-zero values, there may be some epsilon from the
+  // exact proportion defined here depending on the precision an implementation
+  // supports. Weight is not a percentage and the sum of weights does not need
+  // to equal 100.
+  //
+  //If only one backend is specified and it has a weight greater than 0, 100%
+  //of the traffic is forwarded to that backend. If weight is set to 0, no
+  //traffic should be forwarded for this entry. If unspecified, weight defaults
+  //to 1.
+  uint32 weight = 2;
+}

From 284e3bdb547915d82bfc89296ccad485befdee59 Mon Sep 17 00:00:00 2001
From: Dan Stough <dan.stough@hashicorp.com>
Date: Thu, 3 Aug 2023 15:03:02 -0400
Subject: [PATCH 245/359] [OSS] test: xds coverage for routes (#18369)

test: xds coverage for routes
---
 agent/proxycfg/testing_api_gateway.go         |   3 +-
 agent/proxycfg/testing_mesh_gateway.go        |  67 +++++++++
 agent/proxycfg/testing_terminating_gateway.go |   3 +
 agent/proxycfg/testing_upstreams.go           | 120 +++++++++++++++
 agent/xds/clusters.go                         |   7 +-
 agent/xds/resources_test.go                   |   6 +-
 agent/xds/routes.go                           |  42 +++---
 agent/xds/routes_test.go                      |  34 ++++-
 ...oxy-with-chain-and-overrides.latest.golden |  40 ++---
 ...ed-services-http-with-router.latest.golden |   2 +-
 ...oxy-with-chain-and-overrides.latest.golden |   2 +-
 ...connect-proxy-lb-in-resolver.latest.golden |   5 +
 ...nnect-proxy-resolver-with-lb.latest.golden |  30 ++++
 ...t-proxy-route-to-lb-resolver.latest.golden |  38 +++++
 ...ct-proxy-splitter-overweight.latest.golden |  99 +++++++++++++
 .../ingress-lb-in-resolver.latest.golden      |   5 +
 ...erminating-gateway-lb-config.latest.golden | 137 +++++++++---------
 17 files changed, 514 insertions(+), 126 deletions(-)
 create mode 100644 agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden
 create mode 100644 agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden
 create mode 100644 agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden

diff --git a/agent/proxycfg/testing_api_gateway.go b/agent/proxycfg/testing_api_gateway.go
index 87ff58fbf053..f42875af8cc4 100644
--- a/agent/proxycfg/testing_api_gateway.go
+++ b/agent/proxycfg/testing_api_gateway.go
@@ -8,10 +8,9 @@ import (
 
 	"github.com/mitchellh/go-testing-interface"
 
+	"github.com/hashicorp/consul/agent/configentry"
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/consul/discoverychain"
-
-	"github.com/hashicorp/consul/agent/configentry"
 	"github.com/hashicorp/consul/agent/structs"
 )
 
diff --git a/agent/proxycfg/testing_mesh_gateway.go b/agent/proxycfg/testing_mesh_gateway.go
index c414a09caf72..d6622699d0e3 100644
--- a/agent/proxycfg/testing_mesh_gateway.go
+++ b/agent/proxycfg/testing_mesh_gateway.go
@@ -747,6 +747,73 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(
 				},
 			},
 		)
+	case "mgw-peered-upstream":
+		// This is a modified version of "chain-and-l7-stuff" that adds a peer field to the resolver
+		// and removes some of the extraneous disco-chain testing.
+		entries = []structs.ConfigEntry{
+			&structs.ProxyConfigEntry{
+				Kind: structs.ProxyDefaults,
+				Name: structs.ProxyConfigGlobal,
+				Config: map[string]interface{}{
+					"protocol": "http",
+				},
+			},
+			&structs.ServiceResolverConfigEntry{
+				Kind: structs.ServiceResolver,
+				Name: "db",
+				Redirect: &structs.ServiceResolverRedirect{
+					Service: "alt",
+					Peer:    "peer-b",
+				},
+				ConnectTimeout: 33 * time.Second,
+				RequestTimeout: 33 * time.Second,
+			},
+		}
+		for _, entry := range entries {
+			require.NoError(t, entry.Normalize())
+			require.NoError(t, entry.Validate())
+		}
+
+		set := configentry.NewDiscoveryChainSet()
+		set.AddEntries(entries...)
+
+		var (
+			dbSN  = structs.NewServiceName("db", nil)
+			altSN = structs.NewServiceName("alt", nil)
+
+			dbChain = discoverychain.TestCompileConfigEntries(t, "db", "default", "default", "dc1", connect.TestClusterID+".consul", nil, set)
+		)
+
+		needPeerA = true
+		needLeaf = true
+		discoChains[dbSN] = dbChain
+		endpoints[dbSN] = TestUpstreamNodes(t, "db")
+		endpoints[altSN] = TestUpstreamNodes(t, "alt")
+
+		extraUpdates = append(extraUpdates,
+			UpdateEvent{
+				CorrelationID: datacentersWatchID,
+				Result:        &[]string{"dc1"},
+			},
+			UpdateEvent{
+				CorrelationID: exportedServiceListWatchID,
+				Result: &structs.IndexedExportedServiceList{
+					Services: map[string]structs.ServiceList{
+						"peer-a": []structs.ServiceName{dbSN},
+					},
+				},
+			},
+			UpdateEvent{
+				CorrelationID: serviceListWatchID,
+				Result: &structs.IndexedServiceList{
+					Services: []structs.ServiceName{
+						dbSN,
+						altSN,
+					},
+				},
+			},
+		)
+
 	case "chain-and-l7-stuff":
 		entries = []structs.ConfigEntry{
 			&structs.ProxyConfigEntry{
diff --git a/agent/proxycfg/testing_terminating_gateway.go b/agent/proxycfg/testing_terminating_gateway.go
index 2bfdd8fca043..731c8e54b2d5 100644
--- a/agent/proxycfg/testing_terminating_gateway.go
+++ b/agent/proxycfg/testing_terminating_gateway.go
@@ -4,6 +4,8 @@
 package proxycfg
 
 import (
+	"time"
+
 	"github.com/mitchellh/go-testing-interface"
 
 	"github.com/hashicorp/consul/agent/structs"
@@ -648,6 +650,7 @@ func testConfigSnapshotTerminatingGatewayLBConfig(t testing.T, variant string) *
 				OnlyPassing: true,
 			},
 		},
+		RequestTimeout: 200 * time.Millisecond,
 		LoadBalancer: &structs.LoadBalancer{
 			Policy: "ring_hash",
 			RingHashConfig: &structs.RingHashConfig{
diff --git a/agent/proxycfg/testing_upstreams.go b/agent/proxycfg/testing_upstreams.go
index f9b77c4d62d5..c5c47ae72fe2 100644
--- a/agent/proxycfg/testing_upstreams.go
+++ b/agent/proxycfg/testing_upstreams.go
@@ -256,6 +256,9 @@ func setupTestVariationConfigEntriesAndSnapshot(
 	case "chain-and-router":
 	case "lb-resolver":
 	case "register-to-terminating-gateway":
+	case "redirect-to-lb-node":
+	case "resolver-with-lb":
+	case "splitter-overweight":
 	default:
 		extraEvents := extraUpdateEvents(t, variation, dbUID)
 		events = append(events, extraEvents...)
@@ -580,6 +583,61 @@ func setupTestVariationDiscoveryChain(
 				},
 			},
 		)
+	case "splitter-overweight":
+		entries = append(entries,
+			&structs.ServiceResolverConfigEntry{
+				Kind:           structs.ServiceResolver,
+				Name:           "db",
+				EnterpriseMeta: entMeta,
+				ConnectTimeout: 33 * time.Second,
+				RequestTimeout: 33 * time.Second,
+			},
+			&structs.ProxyConfigEntry{
+				Kind:           structs.ProxyDefaults,
+				Name:           structs.ProxyConfigGlobal,
+				EnterpriseMeta: entMeta,
+				Config: map[string]interface{}{
+					"protocol": "http",
+				},
+			},
+			&structs.ServiceSplitterConfigEntry{
+				Kind:           structs.ServiceSplitter,
+				Name:           "db",
+				EnterpriseMeta: entMeta,
+				Splits: []structs.ServiceSplit{
+					{
+						Weight:  100.0,
+						Service: "big-side",
+						RequestHeaders: &structs.HTTPHeaderModifiers{
+							Set: map[string]string{"x-split-leg": "big"},
+						},
+						ResponseHeaders: &structs.HTTPHeaderModifiers{
+							Set: map[string]string{"x-split-leg": "big"},
+						},
+					},
+					{
+						Weight:  100.0,
+						Service: "goldilocks-side",
+						RequestHeaders: &structs.HTTPHeaderModifiers{
+							Set: map[string]string{"x-split-leg": "goldilocks"},
+						},
+						ResponseHeaders: &structs.HTTPHeaderModifiers{
+							Set: map[string]string{"x-split-leg": "goldilocks"},
+						},
+					},
+					{
+						Weight:  100.0,
+						Service: "lil-bit-side",
+						RequestHeaders: &structs.HTTPHeaderModifiers{
+							Set: map[string]string{"x-split-leg": "small"},
+						},
+						ResponseHeaders: &structs.HTTPHeaderModifiers{
+							Set: map[string]string{"x-split-leg": "small"},
+						},
+					},
+				},
+			},
+		)
 	case "grpc-router":
 		entries = append(entries,
 			&structs.ServiceResolverConfigEntry{
@@ -917,12 +975,74 @@ func setupTestVariationDiscoveryChain(
 							Field:      "header",
 							FieldValue: "x-user-id",
 						},
+						{
+							Field:      "query_parameter",
+							FieldValue: "my-pretty-param",
+						},
 						{
 							SourceIP: true,
 							Terminal: true,
 						},
 					},
 				},
+			})
+	case "redirect-to-lb-node":
+		entries = append(entries,
+			&structs.ProxyConfigEntry{
+				Kind:           structs.ProxyDefaults,
+				Name:           structs.ProxyConfigGlobal,
+				EnterpriseMeta: entMeta,
+				Config: map[string]interface{}{
+					"protocol": "http",
+				},
+			},
+			&structs.ServiceRouterConfigEntry{
+				Kind:           structs.ServiceRouter,
+				Name:           "db",
+				EnterpriseMeta: entMeta,
+				Routes: []structs.ServiceRoute{
+					{
+						Match: httpMatch(&structs.ServiceRouteHTTPMatch{
+							PathPrefix: "/web",
+						}),
+						Destination: toService("web"),
+					},
+				},
+			},
+			&structs.ServiceResolverConfigEntry{
+				Kind:           structs.ServiceResolver,
+				Name:           "web",
+				EnterpriseMeta: entMeta,
+				LoadBalancer: &structs.LoadBalancer{
+					Policy: "ring_hash",
+					RingHashConfig: &structs.RingHashConfig{
+						MinimumRingSize: 20,
+						MaximumRingSize: 30,
+					},
+				},
+			},
+		)
+	case "resolver-with-lb":
+		entries = append(entries,
+			&structs.ProxyConfigEntry{
+				Kind:           structs.ProxyDefaults,
+				Name:           structs.ProxyConfigGlobal,
+				EnterpriseMeta: entMeta,
+				Config: map[string]interface{}{
+					"protocol": "http",
+				},
+			},
+			&structs.ServiceResolverConfigEntry{
+				Kind:           structs.ServiceResolver,
+				Name:           "db",
+				EnterpriseMeta: entMeta,
+				LoadBalancer: &structs.LoadBalancer{
+					Policy: "ring_hash",
+					RingHashConfig: &structs.RingHashConfig{
+						MinimumRingSize: 20,
+						MaximumRingSize: 30,
+					},
+				},
 			},
 		)
 	default:
diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go
index d4016eabb2b4..bcce1d01abb2 100644
--- a/agent/xds/clusters.go
+++ b/agent/xds/clusters.go
@@ -971,8 +971,10 @@ func (s *ResourceGenerator) clustersFromSnapshotAPIGateway(cfgSnap *proxycfg.Con
 			// Grab the discovery chain compiled in handlerAPIGateway.recompileDiscoveryChains
 			chain, ok := cfgSnap.APIGateway.DiscoveryChain[uid]
 			if !ok {
-				// this should not happen
-				return nil, fmt.Errorf("no discovery chain for upstream %q", uid)
+				// this should not happen, but it can't error out because the equivalent
+				// listener generation will continue
+				s.Logger.Warn("could not find discovery chain for gateway upstream", "upstream", uid)
+				continue
 			}
 
 			// Generate the list of upstream clusters for the discovery chain
@@ -2027,6 +2029,7 @@ func (s *ResourceGenerator) getTargetClusterName(upstreamsSnapshot *proxycfg.Con
 	target := chain.Targets[tid]
 	clusterName := target.Name
 	targetUID := proxycfg.NewUpstreamIDFromTargetID(tid)
+
 	if targetUID.Peer != "" {
 		tbs, ok := upstreamsSnapshot.UpstreamPeerTrustBundles.Get(targetUID.Peer)
 		// We can't generate cluster on peers without the trust bundle. The
diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go
index 87ccf5e4788e..47573f3173fc 100644
--- a/agent/xds/resources_test.go
+++ b/agent/xds/resources_test.go
@@ -157,8 +157,10 @@ func TestAllResourcesFromSnapshot(t *testing.T) {
 			},
 		},
 		{
-			name:   "transparent-proxy",
-			create: proxycfg.TestConfigSnapshotTransparentProxy,
+			name: "transparent-proxy",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotTransparentProxy(t)
+			},
 		},
 		{
 			name:   "connect-proxy-with-peered-upstreams",
diff --git a/agent/xds/routes.go b/agent/xds/routes.go
index 7ecfc5255b11..e02e845bd927 100644
--- a/agent/xds/routes.go
+++ b/agent/xds/routes.go
@@ -14,9 +14,9 @@ import (
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
 	envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
-
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
 
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/consul/discoverychain"
@@ -56,17 +56,13 @@ func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapsh
 			continue
 		}
 
-		explicit := cfgSnap.ConnectProxy.UpstreamConfig[uid].HasLocalPortOrSocket()
-		implicit := cfgSnap.ConnectProxy.IsImplicitUpstream(uid)
-		if !implicit && !explicit {
-			// Discovery chain is not associated with a known explicit or implicit upstream so it is skipped.
-			continue
-		}
-
 		virtualHost, err := s.makeUpstreamRouteForDiscoveryChain(cfgSnap, uid, chain, []string{"*"}, false)
 		if err != nil {
 			return nil, err
 		}
+		if virtualHost == nil {
+			continue
+		}
 
 		route := &envoy_route_v3.RouteConfiguration{
 			Name:         uid.EnvoyID(),
@@ -249,10 +245,6 @@ func (s *ResourceGenerator) routesForMeshGateway(cfgSnap *proxycfg.ConfigSnapsho
 			continue // ignore; not relevant
 		}
 
-		if cfgSnap.MeshGateway.Leaf == nil {
-			continue // ignore; not ready
-		}
-
 		uid := proxycfg.NewUpstreamIDFromServiceName(svc)
 
 		virtualHost, err := s.makeUpstreamRouteForDiscoveryChain(
@@ -265,6 +257,9 @@ func (s *ResourceGenerator) routesForMeshGateway(cfgSnap *proxycfg.ConfigSnapsho
 		if err != nil {
 			return nil, err
 		}
+		if virtualHost == nil {
+			continue
+		}
 
 		route := &envoy_route_v3.RouteConfiguration{
 			Name:         uid.EnvoyID(),
@@ -374,6 +369,9 @@ func (s *ResourceGenerator) routesForIngressGateway(cfgSnap *proxycfg.ConfigSnap
 			uid := proxycfg.NewUpstreamID(&u)
 			chain := cfgSnap.IngressGateway.DiscoveryChain[uid]
 			if chain == nil {
+				// Note that if we continue here we must also do this in the cluster generation
+				s.Logger.Warn("could not find discovery chain for ingress upstream",
+					"listener", listenerKey, "upstream", uid)
 				continue
 			}
 
@@ -382,6 +380,9 @@ func (s *ResourceGenerator) routesForIngressGateway(cfgSnap *proxycfg.ConfigSnap
 			if err != nil {
 				return nil, err
 			}
+			if virtualHost == nil {
+				continue
+			}
 
 			// Lookup listener and service config details from ingress gateway
 			// definition.
@@ -466,6 +467,7 @@ func (s *ResourceGenerator) routesForAPIGateway(cfgSnap *proxycfg.ConfigSnapshot
 			uid := proxycfg.NewUpstreamID(&upstream)
 			chain := cfgSnap.APIGateway.DiscoveryChain[uid]
 			if chain == nil {
+				// Note that if we continue here we must also do this in the cluster generation
 				s.Logger.Debug("Discovery chain not found for flattened route", "discovery chain ID", uid)
 				continue
 			}
@@ -476,6 +478,9 @@ func (s *ResourceGenerator) routesForAPIGateway(cfgSnap *proxycfg.ConfigSnapshot
 			if err != nil {
 				return nil, err
 			}
+			if virtualHost == nil {
+				continue
+			}
 
 			defaultRoute.VirtualHosts = append(defaultRoute.VirtualHosts, virtualHost)
 		}
@@ -975,19 +980,18 @@ func (s *ResourceGenerator) makeRouteActionForSplitter(
 		return nil, fmt.Errorf("number of clusters in splitter must be > 0; got %d", len(clusters))
 	}
 
-	envoyWeightScale := 10000
-	if envoyWeightScale < totalWeight {
-		clusters[0].Weight.Value += uint32(totalWeight - envoyWeightScale)
-	} else {
-		clusters[0].Weight.Value += uint32(envoyWeightScale - totalWeight)
+	var envoyWeightScale *wrapperspb.UInt32Value
+	if totalWeight == 10000 {
+		envoyWeightScale = makeUint32Value(10000)
 	}
 
 	return &envoy_route_v3.Route_Route{
 		Route: &envoy_route_v3.RouteAction{
 			ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{
 				WeightedClusters: &envoy_route_v3.WeightedCluster{
-					Clusters:    clusters,
-					TotalWeight: makeUint32Value(envoyWeightScale), // scaled up 100%
+					Clusters: clusters,
+					// this field is deprecated, and we should get the desired behavior with the front-end validation
+					TotalWeight: envoyWeightScale, // scaled up 100%
 				},
 			},
 		},
diff --git a/agent/xds/routes_test.go b/agent/xds/routes_test.go
index eaa8d48c0fc3..9496eca4b6d7 100644
--- a/agent/xds/routes_test.go
+++ b/agent/xds/routes_test.go
@@ -10,14 +10,13 @@ import (
 	"time"
 
 	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
-	"github.com/hashicorp/consul/agent/xds/testcommon"
-
 	testinf "github.com/mitchellh/go-testing-interface"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/durationpb"
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/testcommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
@@ -42,6 +41,12 @@ func makeRouteDiscoChainTests(enterprise bool) []routeTestCase {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
 			},
 		},
+		{
+			name: "connect-proxy-splitter-overweight",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-overweight", enterprise, nil, nil)
+			},
+		},
 		{
 			name: "connect-proxy-with-chain-and-overrides",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -78,6 +83,18 @@ func makeRouteDiscoChainTests(enterprise bool) []routeTestCase {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil)
 			},
 		},
+		{
+			name: "connect-proxy-route-to-lb-resolver",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "redirect-to-lb-node", enterprise, nil, nil)
+			},
+		},
+		{
+			name: "connect-proxy-resolver-with-lb",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "resolver-with-lb", enterprise, nil, nil)
+			},
+		},
 	}
 }
 
@@ -443,6 +460,11 @@ func TestEnvoyLBConfig_InjectToRouteAction(t *testing.T) {
 						FieldValue: "special-header",
 						Terminal:   true,
 					},
+					{
+						Field:      structs.HashPolicyQueryParam,
+						FieldValue: "my-pretty-param",
+						Terminal:   true,
+					},
 				},
 			},
 			expected: &envoy_route_v3.RouteAction{
@@ -481,6 +503,14 @@ func TestEnvoyLBConfig_InjectToRouteAction(t *testing.T) {
 						},
 						Terminal: true,
 					},
+					{
+						PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter_{
+							QueryParameter: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter{
+								Name: "my-pretty-param",
+							},
+						},
+						Terminal: true,
+					},
 				},
 			},
 		},
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden
index fd63324de86c..a6334a035a79 100644
--- a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden
+++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden
@@ -8,42 +8,30 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {
-
-          },
+          "ads": {},
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "66s",
-      "circuitBreakers": {
-
-      },
+      "circuitBreakers": {},
       "typedExtensionProtocolOptions": {
         "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
           "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
           "explicitHttpConfig": {
-            "http2ProtocolOptions": {
-
-            }
+            "http2ProtocolOptions": {}
           }
         }
       },
-      "outlierDetection": {
-
-      },
+      "outlierDetection": {},
       "commonLbConfig": {
-        "healthyPanicThreshold": {
-
-        }
+        "healthyPanicThreshold": {}
       },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {
-
-            },
+            "tlsParams": {},
             "tlsCertificates": [
               {
                 "certificateChain": {
@@ -75,27 +63,19 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {
-
-          },
+          "ads": {},
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "5s",
-      "circuitBreakers": {
-
-      },
-      "outlierDetection": {
-
-      },
+      "circuitBreakers": {},
+      "outlierDetection": {},
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {
-
-            },
+            "tlsParams": {},
             "tlsCertificates": [
               {
                 "certificateChain": {
diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
index c8ca9b37688e..36b196675ca1 100644
--- a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
+++ b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
@@ -213,4 +213,4 @@
   ],
   "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
   "nonce": "00000001"
-}
\ No newline at end of file
+}
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden
index 03e15abeaa72..1fc03f74705d 100644
--- a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden
+++ b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden
@@ -148,4 +148,4 @@
   ],
   "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
   "nonce": "00000001"
-}
\ No newline at end of file
+}
diff --git a/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden b/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden
index 9cac48040255..75fe8ccc350f 100644
--- a/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden
+++ b/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden
@@ -47,6 +47,11 @@
                       "headerName": "x-user-id"
                     }
                   },
+                  {
+                    "queryParameter": {
+                      "name": "my-pretty-param"
+                    }
+                  },
                   {
                     "connectionProperties": {
                       "sourceIp": true
diff --git a/agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden b/agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden
new file mode 100644
index 000000000000..547b923b0d6e
--- /dev/null
+++ b/agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden
@@ -0,0 +1,30 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name": "db",
+      "virtualHosts": [
+        {
+          "name": "db",
+          "domains": [
+            "*"
+          ],
+          "routes": [
+            {
+              "match": {
+                "prefix": "/"
+              },
+              "route": {
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        }
+      ],
+      "validateClusters": true
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden b/agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden
new file mode 100644
index 000000000000..b364c9f9d0c7
--- /dev/null
+++ b/agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden
@@ -0,0 +1,38 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name": "db",
+      "virtualHosts": [
+        {
+          "name": "db",
+          "domains": [
+            "*"
+          ],
+          "routes": [
+            {
+              "match": {
+                "prefix": "/web"
+              },
+              "route": {
+                "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            },
+            {
+              "match": {
+                "prefix": "/"
+              },
+              "route": {
+                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              }
+            }
+          ]
+        }
+      ],
+      "validateClusters": true
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden b/agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden
new file mode 100644
index 000000000000..776509501f62
--- /dev/null
+++ b/agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden
@@ -0,0 +1,99 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name": "db",
+      "virtualHosts": [
+        {
+          "name": "db",
+          "domains": [
+            "*"
+          ],
+          "routes": [
+            {
+              "match": {
+                "prefix": "/"
+              },
+              "route": {
+                "weightedClusters": {
+                  "clusters": [
+                    {
+                      "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+                      "weight": 10000,
+                      "requestHeadersToAdd": [
+                        {
+                          "header": {
+                            "key": "x-split-leg",
+                            "value": "big"
+                          },
+                          "append": false
+                        }
+                      ],
+                      "responseHeadersToAdd": [
+                        {
+                          "header": {
+                            "key": "x-split-leg",
+                            "value": "big"
+                          },
+                          "append": false
+                        }
+                      ]
+                    },
+                    {
+                      "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+                      "weight": 10000,
+                      "requestHeadersToAdd": [
+                        {
+                          "header": {
+                            "key": "x-split-leg",
+                            "value": "goldilocks"
+                          },
+                          "append": false
+                        }
+                      ],
+                      "responseHeadersToAdd": [
+                        {
+                          "header": {
+                            "key": "x-split-leg",
+                            "value": "goldilocks"
+                          },
+                          "append": false
+                        }
+                      ]
+                    },
+                    {
+                      "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+                      "weight": 10000,
+                      "requestHeadersToAdd": [
+                        {
+                          "header": {
+                            "key": "x-split-leg",
+                            "value": "small"
+                          },
+                          "append": false
+                        }
+                      ],
+                      "responseHeadersToAdd": [
+                        {
+                          "header": {
+                            "key": "x-split-leg",
+                            "value": "small"
+                          },
+                          "append": false
+                        }
+                      ]
+                    }
+                  ]
+                }
+              }
+            }
+          ]
+        }
+      ],
+      "validateClusters": true
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden b/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden
index f2bc276d8e99..959cc72d4ef0 100644
--- a/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden
+++ b/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden
@@ -48,6 +48,11 @@
                       "headerName": "x-user-id"
                     }
                   },
+                  {
+                    "queryParameter": {
+                      "name": "my-pretty-param"
+                    }
+                  },
                   {
                     "connectionProperties": {
                       "sourceIp": true
diff --git a/agent/xds/testdata/routes/terminating-gateway-lb-config.latest.golden b/agent/xds/testdata/routes/terminating-gateway-lb-config.latest.golden
index cc49c907cce5..30b36d92d194 100644
--- a/agent/xds/testdata/routes/terminating-gateway-lb-config.latest.golden
+++ b/agent/xds/testdata/routes/terminating-gateway-lb-config.latest.golden
@@ -1,40 +1,41 @@
 {
-  "versionInfo": "00000001",
-  "resources": [
+  "versionInfo":  "00000001",
+  "resources":  [
     {
-      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "virtualHosts": [
+      "@type":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name":  "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "virtualHosts":  [
         {
-          "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-          "domains": [
+          "name":  "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+          "domains":  [
             "*"
           ],
-          "routes": [
+          "routes":  [
             {
-              "match": {
-                "prefix": "/"
+              "match":  {
+                "prefix":  "/"
               },
-              "route": {
-                "cluster": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-                "autoHostRewrite": true,
-                "hashPolicy": [
+              "route":  {
+                "cluster":  "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+                "autoHostRewrite":  true,
+                "timeout":  "0.200s",
+                "hashPolicy":  [
                   {
-                    "cookie": {
-                      "name": "chocolate-chip"
+                    "cookie":  {
+                      "name":  "chocolate-chip"
                     },
-                    "terminal": true
+                    "terminal":  true
                   },
                   {
-                    "header": {
-                      "headerName": "x-user-id"
+                    "header":  {
+                      "headerName":  "x-user-id"
                     }
                   },
                   {
-                    "connectionProperties": {
-                      "sourceIp": true
+                    "connectionProperties":  {
+                      "sourceIp":  true
                     },
-                    "terminal": true
+                    "terminal":  true
                   }
                 ]
               }
@@ -42,42 +43,43 @@
           ]
         }
       ],
-      "validateClusters": true
+      "validateClusters":  true
     },
     {
-      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "virtualHosts": [
+      "@type":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name":  "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "virtualHosts":  [
         {
-          "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-          "domains": [
+          "name":  "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+          "domains":  [
             "*"
           ],
-          "routes": [
+          "routes":  [
             {
-              "match": {
-                "prefix": "/"
+              "match":  {
+                "prefix":  "/"
               },
-              "route": {
-                "cluster": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-                "autoHostRewrite": true,
-                "hashPolicy": [
+              "route":  {
+                "cluster":  "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+                "autoHostRewrite":  true,
+                "timeout":  "0.200s",
+                "hashPolicy":  [
                   {
-                    "cookie": {
-                      "name": "chocolate-chip"
+                    "cookie":  {
+                      "name":  "chocolate-chip"
                     },
-                    "terminal": true
+                    "terminal":  true
                   },
                   {
-                    "header": {
-                      "headerName": "x-user-id"
+                    "header":  {
+                      "headerName":  "x-user-id"
                     }
                   },
                   {
-                    "connectionProperties": {
-                      "sourceIp": true
+                    "connectionProperties":  {
+                      "sourceIp":  true
                     },
-                    "terminal": true
+                    "terminal":  true
                   }
                 ]
               }
@@ -85,42 +87,43 @@
           ]
         }
       ],
-      "validateClusters": true
+      "validateClusters":  true
     },
     {
-      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "virtualHosts": [
+      "@type":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name":  "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "virtualHosts":  [
         {
-          "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-          "domains": [
+          "name":  "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+          "domains":  [
             "*"
           ],
-          "routes": [
+          "routes":  [
             {
-              "match": {
-                "prefix": "/"
+              "match":  {
+                "prefix":  "/"
               },
-              "route": {
-                "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-                "autoHostRewrite": true,
-                "hashPolicy": [
+              "route":  {
+                "cluster":  "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+                "autoHostRewrite":  true,
+                "timeout":  "0.200s",
+                "hashPolicy":  [
                   {
-                    "cookie": {
-                      "name": "chocolate-chip"
+                    "cookie":  {
+                      "name":  "chocolate-chip"
                     },
-                    "terminal": true
+                    "terminal":  true
                   },
                   {
-                    "header": {
-                      "headerName": "x-user-id"
+                    "header":  {
+                      "headerName":  "x-user-id"
                     }
                   },
                   {
-                    "connectionProperties": {
-                      "sourceIp": true
+                    "connectionProperties":  {
+                      "sourceIp":  true
                     },
-                    "terminal": true
+                    "terminal":  true
                   }
                 ]
               }
@@ -128,9 +131,9 @@
           ]
         }
       ],
-      "validateClusters": true
+      "validateClusters":  true
     }
   ],
-  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce": "00000001"
+  "typeUrl":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce":  "00000001"
 }
\ No newline at end of file

From 8e5e16de609a16cf80eaad985ae09d3f23be0c30 Mon Sep 17 00:00:00 2001
From: Jeremy Jacobson <jjacobson93@users.noreply.github.com>
Date: Thu, 3 Aug 2023 13:21:43 -0700
Subject: [PATCH 246/359] Fix policy lookup to allow for slashes (#18347)

* Fix policy lookup to allow for slashes

* Fix suggestions

* Fix other test

* Revert some lines
---
 agent/acl_endpoint.go      |  7 ++++
 command/acl/acl_helpers.go | 12 +++++-
 command/acl/acl_test.go    | 83 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 100 insertions(+), 2 deletions(-)
 create mode 100644 command/acl/acl_test.go

diff --git a/agent/acl_endpoint.go b/agent/acl_endpoint.go
index d6f230a8f64e..60aa13a1490c 100644
--- a/agent/acl_endpoint.go
+++ b/agent/acl_endpoint.go
@@ -6,6 +6,7 @@ package agent
 import (
 	"fmt"
 	"net/http"
+	"net/url"
 	"strings"
 
 	"github.com/hashicorp/consul/acl"
@@ -145,6 +146,12 @@ func (s *HTTPHandlers) ACLPolicyCRUD(resp http.ResponseWriter, req *http.Request
 }
 
 func (s *HTTPHandlers) ACLPolicyRead(resp http.ResponseWriter, req *http.Request, policyID, policyName string) (interface{}, error) {
+	// policy name needs to be unescaped in case there were `/` characters
+	policyName, err := url.QueryUnescape(policyName)
+	if err != nil {
+		return nil, err
+	}
+
 	args := structs.ACLPolicyGetRequest{
 		Datacenter: s.agent.config.Datacenter,
 		PolicyID:   policyID,
diff --git a/command/acl/acl_helpers.go b/command/acl/acl_helpers.go
index 0a6545be1af9..b0e65d224c75 100644
--- a/command/acl/acl_helpers.go
+++ b/command/acl/acl_helpers.go
@@ -45,9 +45,17 @@ func GetTokenAccessorIDFromPartial(client *api.Client, partialAccessorID string)
 }
 
 func GetPolicyIDFromPartial(client *api.Client, partialID string) (string, error) {
-	if partialID == "global-management" {
-		return structs.ACLPolicyGlobalManagementID, nil
+	// try the builtin policies (by name) first
+	for _, policy := range structs.ACLBuiltinPolicies {
+		if partialID == policy.Name {
+			return policy.ID, nil
+		}
+	}
+
+	if policy, ok := structs.ACLBuiltinPolicies[partialID]; ok {
+		return policy.ID, nil
 	}
+
 	// The full UUID string was given
 	if len(partialID) == 36 {
 		return partialID, nil
diff --git a/command/acl/acl_test.go b/command/acl/acl_test.go
new file mode 100644
index 000000000000..2095795ff00b
--- /dev/null
+++ b/command/acl/acl_test.go
@@ -0,0 +1,83 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package acl
+
+import (
+	"fmt"
+	"io"
+	"testing"
+
+	"github.com/hashicorp/consul/agent"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/testrpc"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_GetPolicyIDByName_Builtins(t *testing.T) {
+	t.Parallel()
+
+	a := agent.StartTestAgent(t,
+		agent.TestAgent{
+			LogOutput: io.Discard,
+			HCL: `
+				primary_datacenter = "dc1"
+				acl {
+					enabled = true
+					tokens {
+						initial_management = "root"
+					}
+				}
+			`,
+		},
+	)
+
+	defer a.Shutdown()
+	testrpc.WaitForTestAgent(t, a.RPC, "dc1", testrpc.WithToken("root"))
+
+	client := a.Client()
+	client.AddHeader("X-Consul-Token", "root")
+
+	for _, policy := range structs.ACLBuiltinPolicies {
+		name := fmt.Sprintf("%s policy", policy.Name)
+		t.Run(name, func(t *testing.T) {
+			id, err := GetPolicyIDByName(client, policy.Name)
+			require.NoError(t, err)
+			require.Equal(t, policy.ID, id)
+		})
+	}
+}
+
+func Test_GetPolicyIDFromPartial_Builtins(t *testing.T) {
+	t.Parallel()
+
+	a := agent.StartTestAgent(t,
+		agent.TestAgent{
+			LogOutput: io.Discard,
+			HCL: `
+				primary_datacenter = "dc1"
+				acl {
+					enabled = true
+					tokens {
+						initial_management = "root"
+					}
+				}
+			`,
+		},
+	)
+
+	defer a.Shutdown()
+	testrpc.WaitForTestAgent(t, a.RPC, "dc1", testrpc.WithToken("root"))
+
+	client := a.Client()
+	client.AddHeader("X-Consul-Token", "root")
+
+	for _, policy := range structs.ACLBuiltinPolicies {
+		name := fmt.Sprintf("%s policy", policy.Name)
+		t.Run(name, func(t *testing.T) {
+			id, err := GetPolicyIDFromPartial(client, policy.Name)
+			require.NoError(t, err)
+			require.Equal(t, policy.ID, id)
+		})
+	}
+}

From 89aac4b0989f34283893328f9479aa5eb209c6d1 Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Thu, 3 Aug 2023 16:22:18 -0500
Subject: [PATCH 247/359] add some initial CODEOWNERS (#18346)

---
 .github/CODEOWNERS | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 31495d06491b..d9af3f042a7e 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -8,3 +8,34 @@
 # release configuration
 /.release/                              @hashicorp/release-engineering @hashicorp/github-consul-core
 /.github/workflows/build.yml            @hashicorp/release-engineering @hashicorp/github-consul-core
+
+
+# Staff Engineer Review (protocol buffer definitions)
+/proto-public/   @hashicorp/consul-core-staff
+/proto/          @hashicorp/consul-core-staff
+
+# Staff Engineer Review (v1 architecture shared components)
+/agent/cache/                  @hashicorp/consul-core-staff
+/agent/consul/fsm/             @hashicorp/consul-core-staff
+/agent/consul/leader*.go       @hashicorp/consul-core-staff
+/agent/consul/server*.go       @hashicorp/consul-core-staff
+/agent/consul/state/           @hashicorp/consul-core-staff
+/agent/consul/stream/          @hashicorp/consul-core-staff
+/agent/submatview/             @hashicorp/consul-core-staff
+/agent/blockingquery/          @hashicorp/consul-core-staff
+
+# Staff Engineer Review (raft/autopilot)
+/agent/consul/autopilotevents/  @hashicorp/consul-core-staff
+/agent/consul/autopilot*.go     @hashicorp/consul-core-staff
+
+# Staff Engineer Review (v2 architecture shared components)
+/internal/controller/                   @hashicorp/consul-core-staff
+/internal/resource/                     @hashicorp/consul-core-staff
+/internal/storage/                      @hashicorp/consul-core-staff
+/agent/consul/controller/               @hashicorp/consul-core-staff
+/agent/grpc-external/services/resource/ @hashicorp/consul-core-staff
+
+# Staff Engineer Review (v1 security)
+/acl/                   @hashicorp/consul-core-staff
+/agent/xds/rbac*.go     @hashicorp/consul-core-staff
+/agent/xds/jwt*.go      @hashicorp/consul-core-staff

From 0a48a24a2f19821688c67aa418f7c9d3e0af7a9f Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Fri, 4 Aug 2023 09:36:21 -0700
Subject: [PATCH 248/359] Add redirects for mesh-gateway docs (#18377)

---
 website/redirects.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/website/redirects.js b/website/redirects.js
index bdad1457b68c..e5ca3e8775ee 100644
--- a/website/redirects.js
+++ b/website/redirects.js
@@ -67,4 +67,11 @@ module.exports = [
       '/consul/docs/dynamic-app-config/kv#using-sentinel-to-apply-policies-for-consul-kv',
     permanent: true,
   },
+  {
+    source:
+      '/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters',
+    destination:
+      '/consul/docs/k8s/deployment-configurations/multi-cluster',
+    permanent: true,
+  }
 ]

From 1f28ac2664fdc78096ee9e2b2932dfab482a6f26 Mon Sep 17 00:00:00 2001
From: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com>
Date: Fri, 4 Aug 2023 11:27:48 -0700
Subject: [PATCH 249/359] expose grpc as http endpoint (#18221)

expose resource grpc endpoints as http endpoints
---
 agent/agent_endpoint_test.go                  |  29 +-
 agent/agent_test.go                           |  11 +
 .../services/resource/testing/testing.go      |  34 +-
 agent/http.go                                 |  12 +
 internal/resource/http/http.go                | 170 ++++++++++
 internal/resource/http/http_test.go           | 299 ++++++++++++++++++
 internal/resource/registry.go                 |  13 +
 7 files changed, 563 insertions(+), 5 deletions(-)
 create mode 100644 internal/resource/http/http.go
 create mode 100644 internal/resource/http/http_test.go

diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go
index 1a275f61afb3..152a9b954015 100644
--- a/agent/agent_endpoint_test.go
+++ b/agent/agent_endpoint_test.go
@@ -1601,14 +1601,35 @@ func TestAgent_Metrics_ACLDeny(t *testing.T) {
 	})
 }
 
+func newDefaultBaseDeps(t *testing.T) BaseDeps {
+	dataDir := testutil.TempDir(t, "acl-agent")
+	logBuffer := testutil.NewLogBuffer(t)
+	logger := hclog.NewInterceptLogger(nil)
+	loader := func(source config.Source) (config.LoadResult, error) {
+		dataDir := fmt.Sprintf(`data_dir = "%s"`, dataDir)
+		opts := config.LoadOpts{
+			HCL:           []string{TestConfigHCL(NodeID()), "", dataDir},
+			DefaultConfig: source,
+		}
+		result, err := config.Load(opts)
+		if result.RuntimeConfig != nil {
+			result.RuntimeConfig.Telemetry.Disable = true
+		}
+		return result, err
+	}
+	bd, err := NewBaseDeps(loader, logBuffer, logger)
+	require.NoError(t, err)
+	return bd
+}
+
 func TestHTTPHandlers_AgentMetricsStream_ACLDeny(t *testing.T) {
-	bd := BaseDeps{}
+	bd := newDefaultBaseDeps(t)
 	bd.Tokens = new(tokenStore.Store)
 	sink := metrics.NewInmemSink(30*time.Millisecond, time.Second)
 	bd.MetricsConfig = &lib.MetricsConfig{
 		Handler: sink,
 	}
-	d := fakeResolveTokenDelegate{authorizer: acl.DenyAll()}
+	d := fakeResolveTokenDelegate{delegate: &delegateMock{}, authorizer: acl.DenyAll()}
 	agent := &Agent{
 		baseDeps: bd,
 		delegate: d,
@@ -1631,13 +1652,13 @@ func TestHTTPHandlers_AgentMetricsStream_ACLDeny(t *testing.T) {
 }
 
 func TestHTTPHandlers_AgentMetricsStream(t *testing.T) {
-	bd := BaseDeps{}
+	bd := newDefaultBaseDeps(t)
 	bd.Tokens = new(tokenStore.Store)
 	sink := metrics.NewInmemSink(20*time.Millisecond, time.Second)
 	bd.MetricsConfig = &lib.MetricsConfig{
 		Handler: sink,
 	}
-	d := fakeResolveTokenDelegate{authorizer: acl.ManageAll()}
+	d := fakeResolveTokenDelegate{delegate: &delegateMock{}, authorizer: acl.ManageAll()}
 	agent := &Agent{
 		baseDeps: bd,
 		delegate: d,
diff --git a/agent/agent_test.go b/agent/agent_test.go
index a2e27feaf4fd..646cc340595a 100644
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@@ -57,6 +57,7 @@ import (
 	"github.com/hashicorp/consul/agent/token"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/internal/go-sso/oidcauth/oidcauthtest"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/ipaddr"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/proto/private/pbautoconf"
@@ -322,6 +323,7 @@ func TestAgent_HTTPMaxHeaderBytes(t *testing.T) {
 					Tokens:          new(token.Store),
 					TLSConfigurator: tlsConf,
 					GRPCConnPool:    &fakeGRPCConnPool{},
+					Registry:        resource.NewRegistry(),
 				},
 				RuntimeConfig: &config.RuntimeConfig{
 					HTTPAddrs: []net.Addr{
@@ -344,6 +346,7 @@ func TestAgent_HTTPMaxHeaderBytes(t *testing.T) {
 			require.NoError(t, err)
 
 			a, err := New(bd)
+			a.delegate = &delegateMock{}
 			require.NoError(t, err)
 
 			a.startLicenseManager(testutil.TestContext(t))
@@ -5477,6 +5480,7 @@ func TestAgent_ListenHTTP_MultipleAddresses(t *testing.T) {
 			Tokens:          new(token.Store),
 			TLSConfigurator: tlsConf,
 			GRPCConnPool:    &fakeGRPCConnPool{},
+			Registry:        resource.NewRegistry(),
 		},
 		RuntimeConfig: &config.RuntimeConfig{
 			HTTPAddrs: []net.Addr{
@@ -5499,6 +5503,7 @@ func TestAgent_ListenHTTP_MultipleAddresses(t *testing.T) {
 	require.NoError(t, err)
 
 	agent, err := New(bd)
+	agent.delegate = &delegateMock{}
 	require.NoError(t, err)
 
 	agent.startLicenseManager(testutil.TestContext(t))
@@ -6073,6 +6078,7 @@ func TestAgent_startListeners(t *testing.T) {
 			Logger:       hclog.NewInterceptLogger(nil),
 			Tokens:       new(token.Store),
 			GRPCConnPool: &fakeGRPCConnPool{},
+			Registry:     resource.NewRegistry(),
 		},
 		RuntimeConfig: &config.RuntimeConfig{
 			HTTPAddrs: []net.Addr{},
@@ -6091,6 +6097,7 @@ func TestAgent_startListeners(t *testing.T) {
 	require.NoError(t, err)
 
 	agent, err := New(bd)
+	agent.delegate = &delegateMock{}
 	require.NoError(t, err)
 
 	// use up an address
@@ -6213,6 +6220,7 @@ func TestAgent_startListeners_scada(t *testing.T) {
 			HCP: hcp.Deps{
 				Provider: pvd,
 			},
+			Registry: resource.NewRegistry(),
 		},
 		RuntimeConfig: &config.RuntimeConfig{},
 		Cache:         cache.New(cache.Options{}),
@@ -6230,6 +6238,7 @@ func TestAgent_startListeners_scada(t *testing.T) {
 	require.NoError(t, err)
 
 	agent, err := New(bd)
+	agent.delegate = &delegateMock{}
 	require.NoError(t, err)
 
 	_, err = agent.startListeners([]net.Addr{c})
@@ -6273,6 +6282,7 @@ func TestAgent_checkServerLastSeen(t *testing.T) {
 			Logger:       hclog.NewInterceptLogger(nil),
 			Tokens:       new(token.Store),
 			GRPCConnPool: &fakeGRPCConnPool{},
+			Registry:     resource.NewRegistry(),
 		},
 		RuntimeConfig: &config.RuntimeConfig{},
 		Cache:         cache.New(cache.Options{}),
@@ -6284,6 +6294,7 @@ func TestAgent_checkServerLastSeen(t *testing.T) {
 		Config:      leafcert.Config{},
 	})
 	agent, err := New(bd)
+	agent.delegate = &delegateMock{}
 	require.NoError(t, err)
 
 	// Test that an ErrNotExist OS error is treated as ok.
diff --git a/agent/grpc-external/services/resource/testing/testing.go b/agent/grpc-external/services/resource/testing/testing.go
index 5bcbc148e7bb..e049b229b085 100644
--- a/agent/grpc-external/services/resource/testing/testing.go
+++ b/agent/grpc-external/services/resource/testing/testing.go
@@ -8,18 +8,50 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 
+	"github.com/hashicorp/go-uuid"
+
+	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/acl/resolver"
 	svc "github.com/hashicorp/consul/agent/grpc-external/services/resource"
 	internal "github.com/hashicorp/consul/agent/grpc-internal"
+	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/storage/inmem"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
 
+func randomACLIdentity(t *testing.T) structs.ACLIdentity {
+	id, err := uuid.GenerateUUID()
+	require.NoError(t, err)
+
+	return &structs.ACLToken{AccessorID: id}
+}
+
+func AuthorizerFrom(t *testing.T, policyStrs ...string) resolver.Result {
+	policies := []*acl.Policy{}
+	for _, policyStr := range policyStrs {
+		policy, err := acl.NewPolicyFromSource(policyStr, nil, nil)
+		require.NoError(t, err)
+		policies = append(policies, policy)
+	}
+
+	authz, err := acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), policies, nil)
+	require.NoError(t, err)
+
+	return resolver.Result{
+		Authorizer:  authz,
+		ACLIdentity: randomACLIdentity(t),
+	}
+}
+
 // RunResourceService runs a Resource Service for the duration of the test and
 // returns a client to interact with it. ACLs will be disabled.
 func RunResourceService(t *testing.T, registerFns ...func(resource.Registry)) pbresource.ResourceServiceClient {
+	return RunResourceServiceWithACL(t, resolver.DANGER_NO_AUTH{}, registerFns...)
+}
+
+func RunResourceServiceWithACL(t *testing.T, aclResolver svc.ACLResolver, registerFns ...func(resource.Registry)) pbresource.ResourceServiceClient {
 	t.Helper()
 
 	backend, err := inmem.NewBackend()
@@ -40,7 +72,7 @@ func RunResourceService(t *testing.T, registerFns ...func(resource.Registry)) pb
 		Backend:     backend,
 		Registry:    registry,
 		Logger:      testutil.Logger(t),
-		ACLResolver: resolver.DANGER_NO_AUTH{},
+		ACLResolver: aclResolver,
 	}).Register(server)
 
 	pipe := internal.NewPipeListener()
diff --git a/agent/http.go b/agent/http.go
index 32010c343a6c..31aaf68c2011 100644
--- a/agent/http.go
+++ b/agent/http.go
@@ -36,6 +36,7 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/uiserver"
 	"github.com/hashicorp/consul/api"
+	resourcehttp "github.com/hashicorp/consul/internal/resource/http"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/logging"
 	"github.com/hashicorp/consul/proto/private/pbcommon"
@@ -259,6 +260,17 @@ func (s *HTTPHandlers) handler() http.Handler {
 	handlePProf("/debug/pprof/symbol", pprof.Symbol)
 	handlePProf("/debug/pprof/trace", pprof.Trace)
 
+	mux.Handle("/api/",
+		http.StripPrefix("/api",
+			resourcehttp.NewHandler(
+				s.agent.delegate.ResourceServiceClient(),
+				s.agent.baseDeps.Registry,
+				s.parseToken,
+				s.agent.logger.Named(logging.HTTP),
+			),
+		),
+	)
+
 	if s.IsUIEnabled() {
 		// Note that we _don't_ support reloading ui_config.{enabled, content_dir,
 		// content_path} since this only runs at initial startup.
diff --git a/internal/resource/http/http.go b/internal/resource/http/http.go
new file mode 100644
index 000000000000..532a91cfcaf8
--- /dev/null
+++ b/internal/resource/http/http.go
@@ -0,0 +1,170 @@
+package http
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"path"
+	"strings"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/types/known/anypb"
+
+	"github.com/hashicorp/go-hclog"
+
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+func NewHandler(
+	client pbresource.ResourceServiceClient,
+	registry resource.Registry,
+	parseToken func(req *http.Request, token *string),
+	logger hclog.Logger) http.Handler {
+	mux := http.NewServeMux()
+	for _, t := range registry.Types() {
+		// Individual Resource Endpoints.
+		prefix := strings.ToLower(fmt.Sprintf("/%s/%s/%s/", t.Type.Group, t.Type.GroupVersion, t.Type.Kind))
+		logger.Info("Registered resource endpoint", "endpoint", prefix)
+		mux.Handle(prefix, http.StripPrefix(prefix, &resourceHandler{t, client, parseToken, logger}))
+	}
+
+	return mux
+}
+
+type writeRequest struct {
+	Metadata map[string]string `json:"metadata"`
+	Data     json.RawMessage   `json:"data"`
+	Owner    *pbresource.ID    `json:"owner"`
+}
+
+type resourceHandler struct {
+	reg        resource.Registration
+	client     pbresource.ResourceServiceClient
+	parseToken func(req *http.Request, token *string)
+	logger     hclog.Logger
+}
+
+func (h *resourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	var token string
+	h.parseToken(r, &token)
+	ctx := metadata.AppendToOutgoingContext(r.Context(), "x-consul-token", token)
+	switch r.Method {
+	case http.MethodPut:
+		h.handleWrite(w, r, ctx)
+	default:
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		return
+	}
+}
+
+func (h *resourceHandler) handleWrite(w http.ResponseWriter, r *http.Request, ctx context.Context) {
+	var req writeRequest
+	// convert req body to writeRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("Request body didn't follow schema."))
+	}
+	// convert data struct to proto message
+	data := h.reg.Proto.ProtoReflect().New().Interface()
+	if err := protojson.Unmarshal(req.Data, data); err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("Request body didn't follow schema."))
+	}
+	// proto message to any
+	anyProtoMsg, err := anypb.New(data)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		h.logger.Error("Failed to convert proto message to any type", "error", err)
+		return
+	}
+
+	tenancyInfo, resourceName, version := checkURL(r)
+
+	rsp, err := h.client.Write(ctx, &pbresource.WriteRequest{
+		Resource: &pbresource.Resource{
+			Id: &pbresource.ID{
+				Type:    h.reg.Type,
+				Tenancy: tenancyInfo,
+				Name:    resourceName,
+			},
+			Owner:    req.Owner,
+			Version:  version,
+			Metadata: req.Metadata,
+			Data:     anyProtoMsg,
+		},
+	})
+	if err != nil {
+		handleResponseError(err, w, h)
+		return
+	}
+
+	output, err := jsonMarshal(rsp.Resource)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		h.logger.Error("Failed to unmarshal GRPC resource response", "error", err)
+		return
+	}
+	w.Write(output)
+}
+
+func checkURL(r *http.Request) (tenancy *pbresource.Tenancy, resourceName string, version string) {
+	params := r.URL.Query()
+	tenancy = &pbresource.Tenancy{
+		Partition: params.Get("partition"),
+		PeerName:  params.Get("peer_name"),
+		Namespace: params.Get("namespace"),
+	}
+	resourceName = path.Base(r.URL.Path)
+	if resourceName == "." || resourceName == "/" {
+		resourceName = ""
+	}
+	version = params.Get("version")
+
+	return
+}
+
+func jsonMarshal(res *pbresource.Resource) ([]byte, error) {
+	output, err := protojson.Marshal(res)
+	if err != nil {
+		return nil, err
+	}
+
+	var stuff map[string]any
+	if err := json.Unmarshal(output, &stuff); err != nil {
+		return nil, err
+	}
+
+	delete(stuff["data"].(map[string]any), "@type")
+	return json.MarshalIndent(stuff, "", "  ")
+}
+
+func handleResponseError(err error, w http.ResponseWriter, h *resourceHandler) {
+	if e, ok := status.FromError(err); ok {
+		switch e.Code() {
+		case codes.InvalidArgument:
+			w.WriteHeader(http.StatusBadRequest)
+			h.logger.Info("User has mal-formed request", "error", err)
+		case codes.NotFound:
+			w.WriteHeader(http.StatusNotFound)
+			h.logger.Info("Failed to write to GRPC resource: Not found", "error", err)
+		case codes.PermissionDenied:
+			w.WriteHeader(http.StatusForbidden)
+			h.logger.Info("Failed to write to GRPC resource: User not authenticated", "error", err)
+		case codes.Aborted:
+			w.WriteHeader(http.StatusConflict)
+			h.logger.Info("Failed to write to GRPC resource: the request conflict with the current state of the target resource", "error", err)
+		default:
+			w.WriteHeader(http.StatusInternalServerError)
+			h.logger.Error("Failed to write to GRPC resource", "error", err)
+		}
+	} else {
+		w.WriteHeader(http.StatusInternalServerError)
+		h.logger.Error("Failed to write to GRPC resource: not able to parse error returned", "error", err)
+	}
+	w.Write([]byte(err.Error()))
+}
diff --git a/internal/resource/http/http_test.go b/internal/resource/http/http_test.go
new file mode 100644
index 000000000000..d385a861c3d0
--- /dev/null
+++ b/internal/resource/http/http_test.go
@@ -0,0 +1,299 @@
+package http
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/go-hclog"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+
+	resourceSvc "github.com/hashicorp/consul/agent/grpc-external/services/resource"
+	svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing"
+	pbdemov1 "github.com/hashicorp/consul/proto/private/pbdemo/v1"
+
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/resource/demo"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	pbdemov2 "github.com/hashicorp/consul/proto/private/pbdemo/v2"
+	"github.com/hashicorp/consul/sdk/testutil"
+)
+
+const testACLTokenArtistReadPolicy = "00000000-0000-0000-0000-000000000001"
+const testACLTokenArtistWritePolicy = "00000000-0000-0000-0000-000000000002"
+
+func parseToken(req *http.Request, token *string) {
+	*token = req.Header.Get("X-Consul-Token")
+}
+
+func TestResourceHandler_InputValidation(t *testing.T) {
+	type testCase struct {
+		description          string
+		request              *http.Request
+		response             *httptest.ResponseRecorder
+		expectedResponseCode int
+	}
+	client := svctest.RunResourceService(t, demo.RegisterTypes)
+	resourceHandler := resourceHandler{
+		resource.Registration{
+			Type:  demo.TypeV2Artist,
+			Proto: &pbdemov2.Artist{},
+		},
+		client,
+		func(req *http.Request, token *string) { return },
+		hclog.NewNullLogger(),
+	}
+
+	testCases := []testCase{
+		{
+			description: "missing resource name",
+			request: httptest.NewRequest("PUT", "/?partition=default&peer_name=local&namespace=default", strings.NewReader(`
+				{
+					"metadata": {
+						"foo": "bar"
+					},
+					"data": {
+						"name": "Keith Urban",
+						"genre": "GENRE_COUNTRY"
+					}
+				}
+			`)),
+			response:             httptest.NewRecorder(),
+			expectedResponseCode: http.StatusBadRequest,
+		},
+		{
+			description: "wrong schema",
+			request: httptest.NewRequest("PUT", "/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(`
+				{
+					"metadata": {
+						"foo": "bar"
+					},
+					"dada": {
+						"name": "Keith Urban",
+						"genre": "GENRE_COUNTRY"
+					}
+				}
+			`)),
+			response:             httptest.NewRecorder(),
+			expectedResponseCode: http.StatusBadRequest,
+		},
+		{
+			description: "missing tenancy info",
+			request: httptest.NewRequest("PUT", "/keith-urban?partition=default&peer_name=local", strings.NewReader(`
+				{
+					"metadata": {
+						"foo": "bar"
+					},
+					"data": {
+						"name": "Keith Urban",
+						"genre": "GENRE_COUNTRY"
+					}
+				}
+			`)),
+			response:             httptest.NewRecorder(),
+			expectedResponseCode: http.StatusBadRequest,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.description, func(t *testing.T) {
+			resourceHandler.ServeHTTP(tc.response, tc.request)
+
+			require.Equal(t, tc.expectedResponseCode, tc.response.Result().StatusCode)
+		})
+	}
+}
+
+func TestResourceWriteHandler(t *testing.T) {
+	aclResolver := &resourceSvc.MockACLResolver{}
+	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything).
+		Return(svctest.AuthorizerFrom(t, demo.ArtistV1ReadPolicy, demo.ArtistV2ReadPolicy), nil)
+	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything).
+		Return(svctest.AuthorizerFrom(t, demo.ArtistV1WritePolicy, demo.ArtistV2WritePolicy), nil)
+
+	client := svctest.RunResourceServiceWithACL(t, aclResolver, demo.RegisterTypes)
+
+	v1ArtistHandler := resourceHandler{
+		resource.Registration{
+			Type:  demo.TypeV1Artist,
+			Proto: &pbdemov1.Artist{},
+		},
+		client,
+		parseToken,
+		hclog.NewNullLogger(),
+	}
+
+	v2ArtistHandler := resourceHandler{
+		resource.Registration{
+			Type:  demo.TypeV2Artist,
+			Proto: &pbdemov2.Artist{},
+		},
+		client,
+		parseToken,
+		hclog.NewNullLogger(),
+	}
+
+	t.Run("should be blocked if the token is not authorized", func(t *testing.T) {
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(`
+			{
+				"metadata": {
+					"foo": "bar"
+				},
+				"data": {
+					"name": "Keith Urban",
+					"genre": "GENRE_COUNTRY"
+				}
+			}
+		`))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistReadPolicy)
+
+		v2ArtistHandler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusForbidden, rsp.Result().StatusCode)
+	})
+
+	t.Run("should write to the resource backend", func(t *testing.T) {
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(`
+			{
+				"metadata": {
+					"foo": "bar"
+				},
+				"data": {
+					"name": "Keith Urban",
+					"genre": "GENRE_COUNTRY"
+				}
+			}
+		`))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
+
+		v2ArtistHandler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
+
+		var result map[string]any
+		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
+		require.Equal(t, "Keith Urban", result["data"].(map[string]any)["name"])
+		require.Equal(t, "keith-urban", result["id"].(map[string]any)["name"])
+
+		readRsp, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
+			Id: &pbresource.ID{
+				Type:    demo.TypeV2Artist,
+				Tenancy: demo.TenancyDefault,
+				Name:    "keith-urban",
+			},
+		})
+		require.NoError(t, err)
+		require.NotNil(t, readRsp.Resource)
+
+		var artist pbdemov2.Artist
+		require.NoError(t, readRsp.Resource.Data.UnmarshalTo(&artist))
+		require.Equal(t, "Keith Urban", artist.Name)
+	})
+
+	t.Run("should update the record with version parameter", func(t *testing.T) {
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=1", strings.NewReader(`
+			{
+				"metadata": {
+					"foo": "bar"
+				},
+				"data": {
+					"name": "Keith Urban Two",
+					"genre": "GENRE_COUNTRY"
+				}
+			}
+		`))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
+
+		v2ArtistHandler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
+		var result map[string]any
+		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
+		require.Equal(t, "Keith Urban Two", result["data"].(map[string]any)["name"])
+		require.Equal(t, "keith-urban", result["id"].(map[string]any)["name"])
+	})
+
+	t.Run("should fail the update if the resource's version doesn't match the version of the existing resource", func(t *testing.T) {
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=1", strings.NewReader(`
+			{
+				"metadata": {
+					"foo": "bar"
+				},
+				"data": {
+					"name": "Keith Urban",
+					"genre": "GENRE_COUNTRY"
+				}
+			}
+		`))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
+
+		v2ArtistHandler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusConflict, rsp.Result().StatusCode)
+	})
+
+	t.Run("should write to the resource backend with owner", func(t *testing.T) {
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("PUT", "/demo/v1/artist/keith-urban-v1?partition=default&peer_name=local&namespace=default", strings.NewReader(`
+			{
+				"metadata": {
+					"foo": "bar"
+				},
+				"data": {
+					"name": "Keith Urban V1",
+					"genre": "GENRE_COUNTRY"
+				},
+				"owner": {
+					"name": "keith-urban",
+					"type": {
+						"group": "demo",
+						"group_version": "v2",
+						"kind": "Artist"
+					},
+					"tenancy": {
+						"partition": "default",
+						"peer_name": "local",
+						"namespace": "default"
+					}
+				}
+			}
+		`))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
+
+		v1ArtistHandler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
+
+		var result map[string]any
+		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
+		require.Equal(t, "Keith Urban V1", result["data"].(map[string]any)["name"])
+		require.Equal(t, "keith-urban-v1", result["id"].(map[string]any)["name"])
+
+		readRsp, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
+			Id: &pbresource.ID{
+				Type:    demo.TypeV1Artist,
+				Tenancy: demo.TenancyDefault,
+				Name:    "keith-urban-v1",
+			},
+		})
+		require.NoError(t, err)
+		require.NotNil(t, readRsp.Resource)
+		require.Equal(t, "keith-urban", readRsp.Resource.Owner.Name)
+
+		var artist pbdemov1.Artist
+		require.NoError(t, readRsp.Resource.Data.UnmarshalTo(&artist))
+		require.Equal(t, "Keith Urban V1", artist.Name)
+	})
+}
diff --git a/internal/resource/registry.go b/internal/resource/registry.go
index bd044565a7c4..3bedbdebf893 100644
--- a/internal/resource/registry.go
+++ b/internal/resource/registry.go
@@ -54,6 +54,8 @@ type Registry interface {
 
 	// Resolve the given resource type and its hooks.
 	Resolve(typ *pbresource.Type) (reg Registration, ok bool)
+
+	Types() []Registration
 }
 
 type Registration struct {
@@ -183,6 +185,17 @@ func (r *TypeRegistry) Resolve(typ *pbresource.Type) (reg Registration, ok bool)
 	return Registration{}, false
 }
 
+func (r *TypeRegistry) Types() []Registration {
+	r.lock.RLock()
+	defer r.lock.RUnlock()
+
+	types := make([]Registration, 0, len(r.registrations))
+	for _, v := range r.registrations {
+		types = append(types, v)
+	}
+	return types
+}
+
 func ToGVK(resourceType *pbresource.Type) string {
 	return fmt.Sprintf("%s.%s.%s", resourceType.Group, resourceType.GroupVersion, resourceType.Kind)
 }

From 1ebd001a07b6b2db5f68dedea75cd793bd5182cb Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Fri, 4 Aug 2023 16:45:10 -0500
Subject: [PATCH 250/359] bimapper: fix a bug and add some more test coverage
 (#18387)

---
 .../resource/mappers/bimapper/bimapper.go     | 12 +--
 .../mappers/bimapper/bimapper_test.go         | 90 +++++++++++++++++--
 2 files changed, 89 insertions(+), 13 deletions(-)

diff --git a/internal/resource/mappers/bimapper/bimapper.go b/internal/resource/mappers/bimapper/bimapper.go
index 3f81e294422d..714b825b6cdc 100644
--- a/internal/resource/mappers/bimapper/bimapper.go
+++ b/internal/resource/mappers/bimapper/bimapper.go
@@ -145,14 +145,14 @@ func (m *Mapper) LinksForItem(item *pbresource.ID) []*pbresource.Reference {
 	m.lock.Lock()
 	defer m.lock.Unlock()
 
-	items, ok := m.linkToItem[resource.NewReferenceKey(item)]
+	links, ok := m.itemToLink[resource.NewReferenceKey(item)]
 	if !ok {
 		return nil
 	}
 
-	out := make([]*pbresource.Reference, 0, len(items))
-	for item := range items {
-		out = append(out, item.ToReference())
+	out := make([]*pbresource.Reference, 0, len(links))
+	for link := range links {
+		out = append(out, link.ToReference())
 	}
 	return out
 }
@@ -195,11 +195,11 @@ func (m *Mapper) MapLink(_ context.Context, _ controller.Runtime, res *pbresourc
 	return out, nil
 }
 
-func (m *Mapper) itemsByLink(ref resource.ReferenceKey) []*pbresource.ID {
+func (m *Mapper) itemsByLink(link resource.ReferenceKey) []*pbresource.ID {
 	m.lock.Lock()
 	defer m.lock.Unlock()
 
-	items, ok := m.linkToItem[ref]
+	items, ok := m.linkToItem[link]
 	if !ok {
 		return nil
 	}
diff --git a/internal/resource/mappers/bimapper/bimapper_test.go b/internal/resource/mappers/bimapper/bimapper_test.go
index c0f8709ecd9a..747a0021a24e 100644
--- a/internal/resource/mappers/bimapper/bimapper_test.go
+++ b/internal/resource/mappers/bimapper/bimapper_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/resource"
 	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/prototest"
@@ -42,28 +43,40 @@ func TestMapper(t *testing.T) {
 	barSvc := rtest.Resource(fakeBarType, "bar").Build()
 	wwwSvc := rtest.Resource(fakeBarType, "www").Build()
 
+	apiRef := newRef(fakeBarType, "api")
+	fooRef := newRef(fakeBarType, "foo")
+	barRef := newRef(fakeBarType, "bar")
+	wwwRef := newRef(fakeBarType, "www")
+
 	fail1 := rtest.Resource(fakeFooType, "api").Build()
 	fail1_refs := []*pbresource.Reference{
-		newRef(fakeBarType, "api"),
-		newRef(fakeBarType, "foo"),
-		newRef(fakeBarType, "bar"),
+		apiRef,
+		fooRef,
+		barRef,
 	}
 
 	fail2 := rtest.Resource(fakeFooType, "www").Build()
 	fail2_refs := []*pbresource.Reference{
-		newRef(fakeBarType, "www"),
-		newRef(fakeBarType, "foo"),
+		wwwRef,
+		fooRef,
 	}
 
 	fail1_updated := rtest.Resource(fakeFooType, "api").Build()
 	fail1_updated_refs := []*pbresource.Reference{
-		newRef(fakeBarType, "api"),
-		newRef(fakeBarType, "bar"),
+		apiRef,
+		barRef,
 	}
 
 	m := New(fakeFooType, fakeBarType)
 
 	// Nothing tracked yet so we assume nothing.
+	requireLinksForItem(t, m, fail1.Id)
+	requireLinksForItem(t, m, fail2.Id)
+	requireItemsForLink(t, m, apiRef)
+	requireItemsForLink(t, m, fooRef)
+	requireItemsForLink(t, m, barRef)
+	requireItemsForLink(t, m, wwwRef)
+
 	requireServicesTracked(t, m, randoSvc)
 	requireServicesTracked(t, m, apiSvc)
 	requireServicesTracked(t, m, fooSvc)
@@ -74,6 +87,13 @@ func TestMapper(t *testing.T) {
 	m.UntrackItem(fail1.Id)
 
 	// still nothing
+	requireLinksForItem(t, m, fail1.Id)
+	requireLinksForItem(t, m, fail2.Id)
+	requireItemsForLink(t, m, apiRef)
+	requireItemsForLink(t, m, fooRef)
+	requireItemsForLink(t, m, barRef)
+	requireItemsForLink(t, m, wwwRef)
+
 	requireServicesTracked(t, m, randoSvc)
 	requireServicesTracked(t, m, apiSvc)
 	requireServicesTracked(t, m, fooSvc)
@@ -83,6 +103,12 @@ func TestMapper(t *testing.T) {
 	// Actually insert some data.
 	m.TrackItem(fail1.Id, fail1_refs)
 
+	requireLinksForItem(t, m, fail1.Id, fail1_refs...)
+	requireItemsForLink(t, m, apiRef, fail1.Id)
+	requireItemsForLink(t, m, fooRef, fail1.Id)
+	requireItemsForLink(t, m, barRef, fail1.Id)
+	requireItemsForLink(t, m, wwwRef)
+
 	requireServicesTracked(t, m, randoSvc)
 	requireServicesTracked(t, m, apiSvc, fail1.Id)
 	requireServicesTracked(t, m, fooSvc, fail1.Id)
@@ -92,6 +118,12 @@ func TestMapper(t *testing.T) {
 	// track it again, no change
 	m.TrackItem(fail1.Id, fail1_refs)
 
+	requireLinksForItem(t, m, fail1.Id, fail1_refs...)
+	requireItemsForLink(t, m, apiRef, fail1.Id)
+	requireItemsForLink(t, m, fooRef, fail1.Id)
+	requireItemsForLink(t, m, barRef, fail1.Id)
+	requireItemsForLink(t, m, wwwRef)
+
 	requireServicesTracked(t, m, randoSvc)
 	requireServicesTracked(t, m, apiSvc, fail1.Id)
 	requireServicesTracked(t, m, fooSvc, fail1.Id)
@@ -101,6 +133,13 @@ func TestMapper(t *testing.T) {
 	// track new one that overlaps slightly
 	m.TrackItem(fail2.Id, fail2_refs)
 
+	requireLinksForItem(t, m, fail1.Id, fail1_refs...)
+	requireLinksForItem(t, m, fail2.Id, fail2_refs...)
+	requireItemsForLink(t, m, apiRef, fail1.Id)
+	requireItemsForLink(t, m, fooRef, fail1.Id, fail2.Id)
+	requireItemsForLink(t, m, barRef, fail1.Id)
+	requireItemsForLink(t, m, wwwRef, fail2.Id)
+
 	requireServicesTracked(t, m, randoSvc)
 	requireServicesTracked(t, m, apiSvc, fail1.Id)
 	requireServicesTracked(t, m, fooSvc, fail1.Id, fail2.Id)
@@ -110,6 +149,13 @@ func TestMapper(t *testing.T) {
 	// update the original to change it
 	m.TrackItem(fail1_updated.Id, fail1_updated_refs)
 
+	requireLinksForItem(t, m, fail1.Id, fail1_updated_refs...)
+	requireLinksForItem(t, m, fail2.Id, fail2_refs...)
+	requireItemsForLink(t, m, apiRef, fail1.Id)
+	requireItemsForLink(t, m, fooRef, fail2.Id)
+	requireItemsForLink(t, m, barRef, fail1.Id)
+	requireItemsForLink(t, m, wwwRef, fail2.Id)
+
 	requireServicesTracked(t, m, randoSvc)
 	requireServicesTracked(t, m, apiSvc, fail1.Id)
 	requireServicesTracked(t, m, fooSvc, fail2.Id)
@@ -119,6 +165,13 @@ func TestMapper(t *testing.T) {
 	// delete the original
 	m.UntrackItem(fail1.Id)
 
+	requireLinksForItem(t, m, fail1.Id)
+	requireLinksForItem(t, m, fail2.Id, fail2_refs...)
+	requireItemsForLink(t, m, apiRef)
+	requireItemsForLink(t, m, fooRef, fail2.Id)
+	requireItemsForLink(t, m, barRef)
+	requireItemsForLink(t, m, wwwRef, fail2.Id)
+
 	requireServicesTracked(t, m, randoSvc)
 	requireServicesTracked(t, m, apiSvc)
 	requireServicesTracked(t, m, fooSvc, fail2.Id)
@@ -128,6 +181,13 @@ func TestMapper(t *testing.T) {
 	// delete the other one
 	m.UntrackItem(fail2.Id)
 
+	requireLinksForItem(t, m, fail1.Id)
+	requireLinksForItem(t, m, fail2.Id)
+	requireItemsForLink(t, m, apiRef)
+	requireItemsForLink(t, m, fooRef)
+	requireItemsForLink(t, m, barRef)
+	requireItemsForLink(t, m, wwwRef)
+
 	requireServicesTracked(t, m, randoSvc)
 	requireServicesTracked(t, m, apiSvc)
 	requireServicesTracked(t, m, fooSvc)
@@ -152,6 +212,22 @@ func requireServicesTracked(t *testing.T, mapper *Mapper, link *pbresource.Resou
 	}
 }
 
+func requireLinksForItem(t *testing.T, mapper *Mapper, item *pbresource.ID, links ...*pbresource.Reference) {
+	t.Helper()
+
+	got := mapper.LinksForItem(item)
+
+	prototest.AssertElementsMatch(t, links, got)
+}
+
+func requireItemsForLink(t *testing.T, mapper *Mapper, link *pbresource.Reference, items ...*pbresource.ID) {
+	t.Helper()
+
+	got := mapper.ItemsForLink(resource.IDFromReference(link))
+
+	prototest.AssertElementsMatch(t, items, got)
+}
+
 func newRef(typ *pbresource.Type, name string) *pbresource.Reference {
 	return rtest.Resource(typ, name).Reference("")
 }

From 38c356c39bc60181dcdc56ec607e6dbc5ad7aa21 Mon Sep 17 00:00:00 2001
From: Andrea Scarpino <andrea@scarpino.dev>
Date: Sat, 5 Aug 2023 01:07:06 +0200
Subject: [PATCH 251/359] [docs] Fix ServiceDefaults example in distributed
 tracing (#17212)

Fix ServiceDefaults example in distributed tracing.
---
 website/content/docs/connect/distributed-tracing.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/connect/distributed-tracing.mdx b/website/content/docs/connect/distributed-tracing.mdx
index 939cde52d5a5..363cded6f7ad 100644
--- a/website/content/docs/connect/distributed-tracing.mdx
+++ b/website/content/docs/connect/distributed-tracing.mdx
@@ -214,7 +214,7 @@ config to take effect.
 
    ```yaml
    apiVersion: consul.hashicorp.com/v1alpha1
-   kind: ProxyDefaults
+   kind: ServiceDefaults
    metadata:
      name: service-name
    spec:

From 417ae9fc391118e9ac1f26ef97e87f0c631979ff Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Sat, 5 Aug 2023 08:15:24 +0530
Subject: [PATCH 252/359] Fix #17730 - Dev mode has new line (#18367)

* adding new line only in case of pretty in url not in dev mode

* change log added
---
 .changelog/18367.txt | 3 +++
 agent/http.go        | 4 +++-
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/18367.txt

diff --git a/.changelog/18367.txt b/.changelog/18367.txt
new file mode 100644
index 000000000000..578cf7091853
--- /dev/null
+++ b/.changelog/18367.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+dev-mode: Fix dev mode has new line in responses. Now new line is added only when url has pretty query parameter.
+```
diff --git a/agent/http.go b/agent/http.go
index 31aaf68c2011..200f28c7559c 100644
--- a/agent/http.go
+++ b/agent/http.go
@@ -616,7 +616,9 @@ func (s *HTTPHandlers) marshalJSON(req *http.Request, obj interface{}) ([]byte,
 		if err != nil {
 			return nil, err
 		}
-		buf = append(buf, "\n"...)
+		if ok {
+			buf = append(buf, "\n"...)
+		}
 		return buf, nil
 	}
 

From 48effe5f8a55745a6b1c257548e5d479bb03c81c Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Mon, 7 Aug 2023 14:02:34 -0500
Subject: [PATCH 253/359] chore: make go-mod-tidy (#18388)

---
 .../envoy_extensions/testdata/wasm_test_files/go.mod   | 10 +---------
 .../envoy_extensions/testdata/wasm_test_files/go.sum   |  6 ------
 2 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod
index 95d0c7ede900..703b71414fae 100644
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod
@@ -2,12 +2,4 @@ module main
 
 go 1.20
 
-require (
-	github.com/tetratelabs/proxy-wasm-go-sdk v0.21.0
-	github.com/tidwall/gjson v1.14.4
-)
-
-require (
-	github.com/tidwall/match v1.1.1 // indirect
-	github.com/tidwall/pretty v1.2.0 // indirect
-)
+require github.com/tetratelabs/proxy-wasm-go-sdk v0.21.0
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum
index 39bbbdf17388..e09133fbccbf 100644
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum
@@ -3,10 +3,4 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/tetratelabs/proxy-wasm-go-sdk v0.21.0 h1:sxuh1wxy/zz4vXwMEC+ESVpwJmej1f22eYsrJlgVn7c=
 github.com/tetratelabs/proxy-wasm-go-sdk v0.21.0/go.mod h1:jqQTUvJBI6WJ+sVCZON3A4GwmUfBDuiNnZ4kuxsvLCo=
-github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM=
-github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
-github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
-github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
-github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
-github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

From 63cc0371107c5f84afcdbde80b24abdebaee67ef Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Mon, 7 Aug 2023 16:37:03 -0500
Subject: [PATCH 254/359] resource: Make resource read tenancy aware (#18397)

---
 agent/consul/server.go                        |  21 +-
 agent/consul/tenancy_bridge.go                |  15 ++
 agent/consul/tenancy_bridge_oss.go            |  21 ++
 .../grpc-external/services/resource/delete.go |   3 +-
 .../services/resource/delete_test.go          |  27 +--
 agent/grpc-external/services/resource/list.go |   5 +-
 .../services/resource/list_by_owner.go        |   5 +-
 .../services/resource/mock_TenancyBridge.go   |  73 +++++++
 agent/grpc-external/services/resource/read.go |  61 ++++--
 .../services/resource/read_test.go            | 183 ++++++++++++----
 .../grpc-external/services/resource/server.go |  50 +++--
 .../services/resource/server_oss.go           |  27 +++
 .../services/resource/server_oss_test.go      |  17 ++
 .../services/resource/server_test.go          |  32 ++-
 .../services/resource/testing/testing.go      |  16 +-
 .../grpc-external/services/resource/watch.go  |   5 +-
 .../grpc-external/services/resource/write.go  |   3 +-
 .../services/resource/write_status.go         |   3 +-
 .../services/resource/write_test.go           |  76 ++++---
 .../internal/types/proxy_state_template.go    |   6 +-
 internal/resource/demo/demo.go                |  49 ++++-
 internal/resource/http/http_test.go           |  16 --
 internal/resource/registry.go                 |  34 +--
 internal/resource/registry_test.go            |   4 +-
 internal/resource/resourcetest/builder.go     |   4 +-
 internal/resource/tenancy.go                  |  53 +++++
 proto/private/pbdemo/v1/demo.pb.binary.go     |  10 +
 proto/private/pbdemo/v1/demo.pb.go            | 202 ++++++++++++------
 proto/private/pbdemo/v1/demo.proto            |   5 +
 29 files changed, 755 insertions(+), 271 deletions(-)
 create mode 100644 agent/consul/tenancy_bridge.go
 create mode 100644 agent/consul/tenancy_bridge_oss.go
 create mode 100644 agent/grpc-external/services/resource/mock_TenancyBridge.go
 create mode 100644 agent/grpc-external/services/resource/server_oss.go
 create mode 100644 agent/grpc-external/services/resource/server_oss_test.go
 create mode 100644 internal/resource/tenancy.go

diff --git a/agent/consul/server.go b/agent/consul/server.go
index 032eb00bd9c2..fba8e8cfd919 100644
--- a/agent/consul/server.go
+++ b/agent/consul/server.go
@@ -36,6 +36,7 @@ import (
 	"golang.org/x/time/rate"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/reflection"
 
 	"github.com/hashicorp/consul-net-rpc/net/rpc"
 
@@ -1343,20 +1344,24 @@ func (s *Server) setupExternalGRPC(config *Config, typeRegistry resource.Registr
 	s.peerStreamServer.Register(s.externalGRPCServer)
 
 	s.resourceServiceServer = resourcegrpc.NewServer(resourcegrpc.Config{
-		Registry:    typeRegistry,
-		Backend:     s.raftStorageBackend,
-		ACLResolver: s.ACLResolver,
-		Logger:      logger.Named("grpc-api.resource"),
+		Registry:        typeRegistry,
+		Backend:         s.raftStorageBackend,
+		ACLResolver:     s.ACLResolver,
+		Logger:          logger.Named("grpc-api.resource"),
+		V1TenancyBridge: NewV1TenancyBridge(s),
 	})
 	s.resourceServiceServer.Register(s.externalGRPCServer)
+
+	reflection.Register(s.externalGRPCServer)
 }
 
 func (s *Server) setupInsecureResourceServiceClient(typeRegistry resource.Registry, logger hclog.Logger) error {
 	server := resourcegrpc.NewServer(resourcegrpc.Config{
-		Registry:    typeRegistry,
-		Backend:     s.raftStorageBackend,
-		ACLResolver: resolver.DANGER_NO_AUTH{},
-		Logger:      logger.Named("grpc-api.resource"),
+		Registry:        typeRegistry,
+		Backend:         s.raftStorageBackend,
+		ACLResolver:     resolver.DANGER_NO_AUTH{},
+		Logger:          logger.Named("grpc-api.resource"),
+		V1TenancyBridge: NewV1TenancyBridge(s),
 	})
 
 	conn, err := s.runInProcessGRPCServer(server.Register)
diff --git a/agent/consul/tenancy_bridge.go b/agent/consul/tenancy_bridge.go
new file mode 100644
index 000000000000..99f8ca660a3d
--- /dev/null
+++ b/agent/consul/tenancy_bridge.go
@@ -0,0 +1,15 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package consul
+
+// V1TenancyBridge is used by the resource service to access V1 implementations of
+// partitions and namespaces. This bridge will be removed when V2 implemenations
+// of partitions and namespaces are available.
+type V1TenancyBridge struct {
+	server *Server
+}
+
+func NewV1TenancyBridge(server *Server) *V1TenancyBridge {
+	return &V1TenancyBridge{server: server}
+}
diff --git a/agent/consul/tenancy_bridge_oss.go b/agent/consul/tenancy_bridge_oss.go
new file mode 100644
index 000000000000..09004c2ba603
--- /dev/null
+++ b/agent/consul/tenancy_bridge_oss.go
@@ -0,0 +1,21 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+//go:build !consulent
+// +build !consulent
+
+package consul
+
+func (b *V1TenancyBridge) NamespaceExists(partition, namespace string) (bool, error) {
+	if partition == "default" && namespace == "default" {
+		return true, nil
+	}
+	return false, nil
+}
+
+func (b *V1TenancyBridge) PartitionExists(partition string) (bool, error) {
+	if partition == "default" {
+		return true, nil
+	}
+	return false, nil
+}
diff --git a/agent/grpc-external/services/resource/delete.go b/agent/grpc-external/services/resource/delete.go
index 88987b6a69ff..597d184d2d6b 100644
--- a/agent/grpc-external/services/resource/delete.go
+++ b/agent/grpc-external/services/resource/delete.go
@@ -36,7 +36,8 @@ func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pb
 		return nil, err
 	}
 
-	authz, err := s.getAuthorizer(tokenFromContext(ctx))
+	// TODO(spatel): Refactor _ and entMeta in NET-4919
+	authz, _, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
 	if err != nil {
 		return nil, err
 	}
diff --git a/agent/grpc-external/services/resource/delete_test.go b/agent/grpc-external/services/resource/delete_test.go
index 0e98d3fd57a7..fd74d427eec1 100644
--- a/agent/grpc-external/services/resource/delete_test.go
+++ b/agent/grpc-external/services/resource/delete_test.go
@@ -30,19 +30,22 @@ func TestDelete_InputValidation(t *testing.T) {
 		"no type":    func(req *pbresource.DeleteRequest) { req.Id.Type = nil },
 		"no tenancy": func(req *pbresource.DeleteRequest) { req.Id.Tenancy = nil },
 		"no name":    func(req *pbresource.DeleteRequest) { req.Id.Name = "" },
+
+		// TODO(spatel): Refactor tenancy as part of NET-4919
+		//
 		// clone necessary to not pollute DefaultTenancy
-		"tenancy partition not default": func(req *pbresource.DeleteRequest) {
-			req.Id.Tenancy = clone(req.Id.Tenancy)
-			req.Id.Tenancy.Partition = ""
-		},
-		"tenancy namespace not default": func(req *pbresource.DeleteRequest) {
-			req.Id.Tenancy = clone(req.Id.Tenancy)
-			req.Id.Tenancy.Namespace = ""
-		},
-		"tenancy peername not local": func(req *pbresource.DeleteRequest) {
-			req.Id.Tenancy = clone(req.Id.Tenancy)
-			req.Id.Tenancy.PeerName = ""
-		},
+		// "tenancy partition not default": func(req *pbresource.DeleteRequest) {
+		// 	req.Id.Tenancy = clone(req.Id.Tenancy)
+		// 	req.Id.Tenancy.Partition = ""
+		// },
+		// "tenancy namespace not default": func(req *pbresource.DeleteRequest) {
+		// 	req.Id.Tenancy = clone(req.Id.Tenancy)
+		// 	req.Id.Tenancy.Namespace = ""
+		// },
+		// "tenancy peername not local": func(req *pbresource.DeleteRequest) {
+		// 	req.Id.Tenancy = clone(req.Id.Tenancy)
+		// 	req.Id.Tenancy.PeerName = ""
+		// },
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
diff --git a/agent/grpc-external/services/resource/list.go b/agent/grpc-external/services/resource/list.go
index 77269e74688f..7332c0c8a0a2 100644
--- a/agent/grpc-external/services/resource/list.go
+++ b/agent/grpc-external/services/resource/list.go
@@ -25,7 +25,8 @@ func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbreso
 		return nil, err
 	}
 
-	authz, err := s.getAuthorizer(tokenFromContext(ctx))
+	// TODO(spatel): Refactor _ and entMeta in NET-4915
+	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
 	if err != nil {
 		return nil, err
 	}
@@ -58,7 +59,7 @@ func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbreso
 		}
 
 		// filter out items that don't pass read ACLs
-		err = reg.ACLs.Read(authz, resource.Id)
+		err = reg.ACLs.Read(authz, authzContext, resource.Id)
 		switch {
 		case acl.IsErrPermissionDenied(err):
 			continue
diff --git a/agent/grpc-external/services/resource/list_by_owner.go b/agent/grpc-external/services/resource/list_by_owner.go
index 2cc203e72c30..02b513011fdd 100644
--- a/agent/grpc-external/services/resource/list_by_owner.go
+++ b/agent/grpc-external/services/resource/list_by_owner.go
@@ -28,7 +28,8 @@ func (s *Server) ListByOwner(ctx context.Context, req *pbresource.ListByOwnerReq
 		return nil, status.Errorf(codes.Internal, "failed list by owner: %v", err)
 	}
 
-	authz, err := s.getAuthorizer(tokenFromContext(ctx))
+	// TODO(spatel): Refactor _ and entMeta in NET-4917
+	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
 	if err != nil {
 		return nil, err
 	}
@@ -41,7 +42,7 @@ func (s *Server) ListByOwner(ctx context.Context, req *pbresource.ListByOwnerReq
 		}
 
 		// ACL filter
-		err = reg.ACLs.Read(authz, child.Id)
+		err = reg.ACLs.Read(authz, authzContext, child.Id)
 		switch {
 		case acl.IsErrPermissionDenied(err):
 			continue
diff --git a/agent/grpc-external/services/resource/mock_TenancyBridge.go b/agent/grpc-external/services/resource/mock_TenancyBridge.go
new file mode 100644
index 000000000000..f2dcc6e0b46a
--- /dev/null
+++ b/agent/grpc-external/services/resource/mock_TenancyBridge.go
@@ -0,0 +1,73 @@
+// Code generated by mockery v2.20.0. DO NOT EDIT.
+
+package resource
+
+import mock "github.com/stretchr/testify/mock"
+
+// MockTenancyBridge is an autogenerated mock type for the TenancyBridge type
+type MockTenancyBridge struct {
+	mock.Mock
+}
+
+// NamespaceExists provides a mock function with given fields: partition, namespace
+func (_m *MockTenancyBridge) NamespaceExists(partition string, namespace string) (bool, error) {
+	ret := _m.Called(partition, namespace)
+
+	var r0 bool
+	var r1 error
+	if rf, ok := ret.Get(0).(func(string, string) (bool, error)); ok {
+		return rf(partition, namespace)
+	}
+	if rf, ok := ret.Get(0).(func(string, string) bool); ok {
+		r0 = rf(partition, namespace)
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+
+	if rf, ok := ret.Get(1).(func(string, string) error); ok {
+		r1 = rf(partition, namespace)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// PartitionExists provides a mock function with given fields: partition
+func (_m *MockTenancyBridge) PartitionExists(partition string) (bool, error) {
+	ret := _m.Called(partition)
+
+	var r0 bool
+	var r1 error
+	if rf, ok := ret.Get(0).(func(string) (bool, error)); ok {
+		return rf(partition)
+	}
+	if rf, ok := ret.Get(0).(func(string) bool); ok {
+		r0 = rf(partition)
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+
+	if rf, ok := ret.Get(1).(func(string) error); ok {
+		r1 = rf(partition)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+type mockConstructorTestingTNewMockTenancyBridge interface {
+	mock.TestingT
+	Cleanup(func())
+}
+
+// NewMockTenancyBridge creates a new instance of MockTenancyBridge. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+func NewMockTenancyBridge(t mockConstructorTestingTNewMockTenancyBridge) *MockTenancyBridge {
+	mock := &MockTenancyBridge{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}
diff --git a/agent/grpc-external/services/resource/read.go b/agent/grpc-external/services/resource/read.go
index c75779183cb8..490909114b3f 100644
--- a/agent/grpc-external/services/resource/read.go
+++ b/agent/grpc-external/services/resource/read.go
@@ -11,28 +11,41 @@ import (
 	"google.golang.org/grpc/status"
 
 	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbresource.ReadResponse, error) {
-	if err := validateReadRequest(req); err != nil {
-		return nil, err
-	}
-
-	// check type exists
-	reg, err := s.resolveType(req.Id.Type)
+	// Light first pass validation based on what user passed in and not much more.
+	reg, err := s.validateReadRequest(req)
 	if err != nil {
 		return nil, err
 	}
 
-	authz, err := s.getAuthorizer(tokenFromContext(ctx))
+	// acl.EnterpriseMeta acl.AuthorizerContext follow rules for V1 resources since they integrate with the V1 acl subsystem.
+	// pbresource.Tenacy follows rules for V2 resources and the Resource service.
+	// Example:
+	//
+	//    An OSS namespace scoped resource:
+	//      V1: EnterpriseMeta{}
+	//      V2: Tenancy {Partition: "default", Namespace: "default"}
+	//
+	//   An ENT namespace scoped resource:
+	//      V1: EnterpriseMeta{Partition: "default", Namespace: "default"}
+	//      V2: Tenancy {Partition: "default", Namespace: "default"}
+	//
+	// It is necessary to convert back and forth depending on which component supports which version, V1 or V2.
+	entMeta := v2TenancyToV1EntMeta(req.Id.Tenancy)
+	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), entMeta)
 	if err != nil {
 		return nil, err
 	}
 
-	// check acls
-	err = reg.ACLs.Read(authz, req.Id)
+	v1EntMetaToV2Tenancy(reg, entMeta, req.Id.Tenancy)
+
+	// ACL check comes before tenancy existence checks to not leak tenancy "existence".
+	err = reg.ACLs.Read(authz, authzContext, req.Id)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return nil, status.Error(codes.PermissionDenied, err.Error())
@@ -40,6 +53,11 @@ func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbreso
 		return nil, status.Errorf(codes.Internal, "failed read acl: %v", err)
 	}
 
+	// Check V1 tenancy exists for the V2 resource.
+	if err = v1TenancyExists(reg, s.V1TenancyBridge, req.Id.Tenancy); err != nil {
+		return nil, err
+	}
+
 	resource, err := s.Backend.Read(ctx, readConsistencyFrom(ctx), req.Id)
 	switch {
 	case err == nil:
@@ -53,13 +71,30 @@ func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbreso
 	}
 }
 
-func validateReadRequest(req *pbresource.ReadRequest) error {
+func (s *Server) validateReadRequest(req *pbresource.ReadRequest) (*resource.Registration, error) {
 	if req.Id == nil {
-		return status.Errorf(codes.InvalidArgument, "id is required")
+		return nil, status.Errorf(codes.InvalidArgument, "id is required")
 	}
 
 	if err := validateId(req.Id, "id"); err != nil {
-		return err
+		return nil, err
 	}
-	return nil
+
+	// Check type exists.
+	reg, err := s.resolveType(req.Id.Type)
+	if err != nil {
+		return nil, err
+	}
+
+	// Check scope
+	if reg.Scope == resource.ScopePartition && req.Id.Tenancy.Namespace != "" {
+		return nil, status.Errorf(
+			codes.InvalidArgument,
+			"partition scoped resource %s cannot have a namespace. got: %s",
+			resource.ToGVK(req.Id.Type),
+			req.Id.Tenancy.Namespace,
+		)
+	}
+
+	return reg, nil
 }
diff --git a/agent/grpc-external/services/resource/read_test.go b/agent/grpc-external/services/resource/read_test.go
index cca911ec15b5..82085b451ff5 100644
--- a/agent/grpc-external/services/resource/read_test.go
+++ b/agent/grpc-external/services/resource/read_test.go
@@ -5,6 +5,7 @@ package resource
 
 import (
 	"context"
+	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/mock"
@@ -12,6 +13,7 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
 
 	"github.com/hashicorp/consul/acl/resolver"
 	"github.com/hashicorp/consul/internal/resource"
@@ -24,35 +26,37 @@ import (
 func TestRead_InputValidation(t *testing.T) {
 	server := testServer(t)
 	client := testClient(t, server)
-
 	demo.RegisterTypes(server.Registry)
 
-	testCases := map[string]func(*pbresource.ReadRequest){
-		"no id":      func(req *pbresource.ReadRequest) { req.Id = nil },
-		"no type":    func(req *pbresource.ReadRequest) { req.Id.Type = nil },
-		"no tenancy": func(req *pbresource.ReadRequest) { req.Id.Tenancy = nil },
-		"no name":    func(req *pbresource.ReadRequest) { req.Id.Name = "" },
-		// clone necessary to not pollute DefaultTenancy
-		"tenancy partition not default": func(req *pbresource.ReadRequest) {
-			req.Id.Tenancy = clone(req.Id.Tenancy)
-			req.Id.Tenancy.Partition = ""
+	testCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
+		"no id": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID { return nil },
+		"no type": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			artistId.Type = nil
+			return artistId
+		},
+		"no tenancy": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			artistId.Tenancy = nil
+			return artistId
 		},
-		"tenancy namespace not default": func(req *pbresource.ReadRequest) {
-			req.Id.Tenancy = clone(req.Id.Tenancy)
-			req.Id.Tenancy.Namespace = ""
+		"no name": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			artistId.Name = ""
+			return artistId
 		},
-		"tenancy peername not local": func(req *pbresource.ReadRequest) {
-			req.Id.Tenancy = clone(req.Id.Tenancy)
-			req.Id.Tenancy.PeerName = ""
+		"partition scope with non-empty namespace": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
+			recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace"
+			return recordLabelId
 		},
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
-			res, err := demo.GenerateV2Artist()
+			artist, err := demo.GenerateV2Artist()
 			require.NoError(t, err)
 
-			req := &pbresource.ReadRequest{Id: res.Id}
-			modFn(req)
+			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
+			require.NoError(t, err)
+
+			// Each test case picks which resource to use based on the resource type's scope.
+			req := &pbresource.ReadRequest{Id: modFn(artist.Id, recordLabel.Id)}
 
 			_, err = client.Read(testContext(t), req)
 			require.Error(t, err)
@@ -77,18 +81,50 @@ func TestRead_TypeNotFound(t *testing.T) {
 func TestRead_ResourceNotFound(t *testing.T) {
 	for desc, tc := range readTestCases() {
 		t.Run(desc, func(t *testing.T) {
-			server := testServer(t)
-
-			demo.RegisterTypes(server.Registry)
-			client := testClient(t, server)
-
-			artist, err := demo.GenerateV2Artist()
-			require.NoError(t, err)
-
-			_, err = client.Read(tc.ctx, &pbresource.ReadRequest{Id: artist.Id})
-			require.Error(t, err)
-			require.Equal(t, codes.NotFound.String(), status.Code(err).String())
-			require.Contains(t, err.Error(), "resource not found")
+			tenancyCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
+				"resource not found by name": func(artistId, _ *pbresource.ID) *pbresource.ID {
+					artistId.Name = "bogusname"
+					return artistId
+				},
+				"partition not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID {
+					id := clone(artistId)
+					id.Tenancy.Partition = "boguspartition"
+					return id
+				},
+				"namespace not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID {
+					id := clone(artistId)
+					id.Tenancy.Namespace = "bogusnamespace"
+					return id
+				},
+				"partition not found when partition scoped": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
+					id := clone(recordLabelId)
+					id.Tenancy.Partition = "boguspartition"
+					return id
+				},
+			}
+			for tenancyDesc, modFn := range tenancyCases {
+				t.Run(tenancyDesc, func(t *testing.T) {
+					server := testServer(t)
+					demo.RegisterTypes(server.Registry)
+					client := testClient(t, server)
+
+					recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
+					require.NoError(t, err)
+					recordLabel, err = server.Backend.WriteCAS(tc.ctx, recordLabel)
+					require.NoError(t, err)
+
+					artist, err := demo.GenerateV2Artist()
+					require.NoError(t, err)
+					artist, err = server.Backend.WriteCAS(tc.ctx, artist)
+					require.NoError(t, err)
+
+					// Each tenancy test case picks which resource to use based on the resource type's scope.
+					_, err = client.Read(tc.ctx, &pbresource.ReadRequest{Id: modFn(artist.Id, recordLabel.Id)})
+					require.Error(t, err)
+					require.Equal(t, codes.NotFound.String(), status.Code(err).String())
+					require.Contains(t, err.Error(), "resource not found")
+				})
+			}
 		})
 	}
 }
@@ -121,20 +157,77 @@ func TestRead_GroupVersionMismatch(t *testing.T) {
 func TestRead_Success(t *testing.T) {
 	for desc, tc := range readTestCases() {
 		t.Run(desc, func(t *testing.T) {
-			server := testServer(t)
-
-			demo.RegisterTypes(server.Registry)
-			client := testClient(t, server)
-
-			artist, err := demo.GenerateV2Artist()
-			require.NoError(t, err)
-
-			resource1, err := server.Backend.WriteCAS(tc.ctx, artist)
-			require.NoError(t, err)
-
-			rsp, err := client.Read(tc.ctx, &pbresource.ReadRequest{Id: artist.Id})
-			require.NoError(t, err)
-			prototest.AssertDeepEqual(t, resource1, rsp.Resource)
+			tenancyCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
+				"namespaced resource provides nonempty partition and namespace": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID {
+					return artistId
+				},
+				"namespaced resource provides uppercase namespace and partition": func(artistId, _ *pbresource.ID) *pbresource.ID {
+					id := clone(artistId)
+					id.Tenancy.Partition = strings.ToUpper(artistId.Tenancy.Partition)
+					id.Tenancy.Namespace = strings.ToUpper(artistId.Tenancy.Namespace)
+					return id
+				},
+				"namespaced resource inherits tokens namespace when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
+					id := clone(artistId)
+					id.Tenancy.Namespace = ""
+					return id
+				},
+				"namespaced resource inherits tokens partition when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
+					id := clone(artistId)
+					id.Tenancy.Partition = ""
+					return id
+				},
+				"namespaced resource inherits tokens partition and namespace when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
+					id := clone(artistId)
+					id.Tenancy.Partition = ""
+					id.Tenancy.Namespace = ""
+					return id
+				},
+				"partitioned resource provides nonempty partition": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
+					return recordLabelId
+				},
+				"partitioned resource provides uppercase partition": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
+					id := clone(recordLabelId)
+					id.Tenancy.Partition = strings.ToUpper(recordLabelId.Tenancy.Partition)
+					return id
+				},
+				"partitioned resource inherits tokens partition when empty": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
+					id := clone(recordLabelId)
+					id.Tenancy.Partition = ""
+					return id
+				},
+			}
+			for tenancyDesc, modFn := range tenancyCases {
+				t.Run(tenancyDesc, func(t *testing.T) {
+					server := testServer(t)
+					demo.RegisterTypes(server.Registry)
+					client := testClient(t, server)
+
+					recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
+					require.NoError(t, err)
+					recordLabel, err = server.Backend.WriteCAS(tc.ctx, recordLabel)
+					require.NoError(t, err)
+
+					artist, err := demo.GenerateV2Artist()
+					require.NoError(t, err)
+					artist, err = server.Backend.WriteCAS(tc.ctx, artist)
+					require.NoError(t, err)
+
+					// Each tenancy test case picks which resource to use based on the resource type's scope.
+					req := &pbresource.ReadRequest{Id: modFn(artist.Id, recordLabel.Id)}
+					rsp, err := client.Read(tc.ctx, req)
+					require.NoError(t, err)
+
+					switch {
+					case proto.Equal(rsp.Resource.Id.Type, demo.TypeV2Artist):
+						prototest.AssertDeepEqual(t, artist, rsp.Resource)
+					case proto.Equal(rsp.Resource.Id.Type, demo.TypeV1RecordLabel):
+						prototest.AssertDeepEqual(t, recordLabel, rsp.Resource)
+					default:
+						require.Fail(t, "unexpected resource type")
+					}
+				})
+			}
 		})
 	}
 }
diff --git a/agent/grpc-external/services/resource/server.go b/agent/grpc-external/services/resource/server.go
index 51bb4610d527..e011c81c0fd0 100644
--- a/agent/grpc-external/services/resource/server.go
+++ b/agent/grpc-external/services/resource/server.go
@@ -31,6 +31,9 @@ type Config struct {
 	// Backend is the storage backend that will be used for resource persistence.
 	Backend     Backend
 	ACLResolver ACLResolver
+	// V1TenancyBridge temporarily allows us to use V1 implementations of
+	// partitions and namespaces until V2 implementations are available.
+	V1TenancyBridge TenancyBridge
 }
 
 //go:generate mockery --name Registry --inpackage
@@ -48,6 +51,12 @@ type ACLResolver interface {
 	ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (resolver.Result, error)
 }
 
+//go:generate mockery --name TenancyBridge --inpackage
+type TenancyBridge interface {
+	PartitionExists(partition string) (bool, error)
+	NamespaceExists(partition string, namespace string) (bool, error)
+}
+
 func NewServer(cfg Config) *Server {
 	return &Server{cfg}
 }
@@ -100,12 +109,13 @@ func readConsistencyFrom(ctx context.Context) storage.ReadConsistency {
 	return storage.EventualConsistency
 }
 
-func (s *Server) getAuthorizer(token string) (acl.Authorizer, error) {
-	authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, nil, nil)
+func (s *Server) getAuthorizer(token string, entMeta *acl.EnterpriseMeta) (acl.Authorizer, *acl.AuthorizerContext, error) {
+	authzContext := &acl.AuthorizerContext{}
+	authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, entMeta, authzContext)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed getting authorizer: %v", err)
+		return nil, nil, status.Errorf(codes.Internal, "failed getting authorizer: %v", err)
 	}
-	return authz, nil
+	return authz, authzContext, nil
 }
 
 func isGRPCStatusError(err error) bool {
@@ -130,20 +140,30 @@ func validateId(id *pbresource.ID, errorPrefix string) error {
 	if field != "" {
 		return status.Errorf(codes.InvalidArgument, "%s.%s is required", errorPrefix, field)
 	}
+	resource.Normalize(id.Tenancy)
 
-	// Revisit defaulting and non-namespaced resources post-1.16
-	var expected string
-	switch {
-	case id.Tenancy.Partition != "default":
-		field, expected = "partition", "default"
-	case id.Tenancy.Namespace != "default":
-		field, expected = "namespace", "default"
-	case id.Tenancy.PeerName != "local":
-		field, expected = "peername", "local"
+	return nil
+}
+
+func v1TenancyExists(reg *resource.Registration, v1Bridge TenancyBridge, tenancy *pbresource.Tenancy) error {
+	if reg.Scope == resource.ScopePartition || reg.Scope == resource.ScopeNamespace {
+		exists, err := v1Bridge.PartitionExists(tenancy.Partition)
+		switch {
+		case err != nil:
+			return err
+		case !exists:
+			return status.Errorf(codes.NotFound, "partition resource not found: %v", tenancy.Partition)
+		}
 	}
 
-	if field != "" {
-		return status.Errorf(codes.InvalidArgument, "%s.tenancy.%s must be %s", errorPrefix, field, expected)
+	if reg.Scope == resource.ScopeNamespace {
+		exists, err := v1Bridge.NamespaceExists(tenancy.Partition, tenancy.Namespace)
+		switch {
+		case err != nil:
+			return err
+		case !exists:
+			return status.Errorf(codes.NotFound, "namespace resource not found: %v", tenancy.Namespace)
+		}
 	}
 	return nil
 }
diff --git a/agent/grpc-external/services/resource/server_oss.go b/agent/grpc-external/services/resource/server_oss.go
new file mode 100644
index 000000000000..1871aab205aa
--- /dev/null
+++ b/agent/grpc-external/services/resource/server_oss.go
@@ -0,0 +1,27 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+//go:build !consulent
+// +build !consulent
+
+package resource
+
+import (
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+func v2TenancyToV1EntMeta(tenancy *pbresource.Tenancy) *acl.EnterpriseMeta {
+	return acl.DefaultEnterpriseMeta()
+}
+
+func v1EntMetaToV2Tenancy(reg *resource.Registration, entMeta *acl.EnterpriseMeta, tenancy *pbresource.Tenancy) {
+	if (reg.Scope == resource.ScopeNamespace || reg.Scope == resource.ScopePartition) && tenancy.Partition == "" {
+		tenancy.Partition = entMeta.PartitionOrDefault()
+	}
+
+	if reg.Scope == resource.ScopeNamespace && tenancy.Namespace == "" {
+		tenancy.Namespace = entMeta.NamespaceOrDefault()
+	}
+}
diff --git a/agent/grpc-external/services/resource/server_oss_test.go b/agent/grpc-external/services/resource/server_oss_test.go
new file mode 100644
index 000000000000..5f92f5226c74
--- /dev/null
+++ b/agent/grpc-external/services/resource/server_oss_test.go
@@ -0,0 +1,17 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+//go:build !consulent
+// +build !consulent
+
+package resource
+
+import "github.com/hashicorp/consul/acl"
+
+func fillEntMeta(entMeta *acl.EnterpriseMeta) {
+	return
+}
+
+func fillAuthorizerContext(authzContext *acl.AuthorizerContext) {
+	return
+}
diff --git a/agent/grpc-external/services/resource/server_test.go b/agent/grpc-external/services/resource/server_test.go
index a92fff38a326..0e14f73292d2 100644
--- a/agent/grpc-external/services/resource/server_test.go
+++ b/agent/grpc-external/services/resource/server_test.go
@@ -57,16 +57,36 @@ func testServer(t *testing.T) *Server {
 	require.NoError(t, err)
 	go backend.Run(testContext(t))
 
-	// Mock the ACL Resolver to allow everything for testing
+	// Mock the ACL Resolver to "allow all" for testing.
 	mockACLResolver := &MockACLResolver{}
 	mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything).
-		Return(testutils.ACLsDisabled(t), nil)
+		Return(testutils.ACLsDisabled(t), nil).
+		Run(func(args mock.Arguments) {
+			// Caller expecting passed in tokenEntMeta and authorizerContext to be filled in.
+			tokenEntMeta := args.Get(1).(*acl.EnterpriseMeta)
+			if tokenEntMeta != nil {
+				fillEntMeta(tokenEntMeta)
+			}
+
+			authzContext := args.Get(2).(*acl.AuthorizerContext)
+			if authzContext != nil {
+				fillAuthorizerContext(authzContext)
+			}
+		})
+
+	// Mock the V1 tenancy bridge since we can't use the real thing.
+	mockTenancyBridge := &MockTenancyBridge{}
+	mockTenancyBridge.On("PartitionExists", resource.DefaultPartitionName).Return(true, nil)
+	mockTenancyBridge.On("NamespaceExists", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(true, nil)
+	mockTenancyBridge.On("PartitionExists", mock.Anything).Return(false, nil)
+	mockTenancyBridge.On("NamespaceExists", mock.Anything, mock.Anything).Return(false, nil)
 
 	return NewServer(Config{
-		Logger:      testutil.Logger(t),
-		Registry:    resource.NewRegistry(),
-		Backend:     backend,
-		ACLResolver: mockACLResolver,
+		Logger:          testutil.Logger(t),
+		Registry:        resource.NewRegistry(),
+		Backend:         backend,
+		ACLResolver:     mockACLResolver,
+		V1TenancyBridge: mockTenancyBridge,
 	})
 }
 
diff --git a/agent/grpc-external/services/resource/testing/testing.go b/agent/grpc-external/services/resource/testing/testing.go
index e049b229b085..d6eb6c069200 100644
--- a/agent/grpc-external/services/resource/testing/testing.go
+++ b/agent/grpc-external/services/resource/testing/testing.go
@@ -46,7 +46,8 @@ func AuthorizerFrom(t *testing.T, policyStrs ...string) resolver.Result {
 }
 
 // RunResourceService runs a Resource Service for the duration of the test and
-// returns a client to interact with it. ACLs will be disabled.
+// returns a client to interact with it. ACLs will be disabled and only the
+// default partition and namespace are available.
 func RunResourceService(t *testing.T, registerFns ...func(resource.Registry)) pbresource.ResourceServiceClient {
 	return RunResourceServiceWithACL(t, resolver.DANGER_NO_AUTH{}, registerFns...)
 }
@@ -68,11 +69,16 @@ func RunResourceServiceWithACL(t *testing.T, aclResolver svc.ACLResolver, regist
 
 	server := grpc.NewServer()
 
+	mockTenancyBridge := &svc.MockTenancyBridge{}
+	mockTenancyBridge.On("PartitionExists", resource.DefaultPartitionName).Return(true, nil)
+	mockTenancyBridge.On("NamespaceExists", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(true, nil)
+
 	svc.NewServer(svc.Config{
-		Backend:     backend,
-		Registry:    registry,
-		Logger:      testutil.Logger(t),
-		ACLResolver: aclResolver,
+		Backend:         backend,
+		Registry:        registry,
+		Logger:          testutil.Logger(t),
+		ACLResolver:     aclResolver,
+		V1TenancyBridge: mockTenancyBridge,
 	}).Register(server)
 
 	pipe := internal.NewPipeListener()
diff --git a/agent/grpc-external/services/resource/watch.go b/agent/grpc-external/services/resource/watch.go
index 35ec14513ac3..140ff78fbdcb 100644
--- a/agent/grpc-external/services/resource/watch.go
+++ b/agent/grpc-external/services/resource/watch.go
@@ -25,7 +25,8 @@ func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.R
 		return err
 	}
 
-	authz, err := s.getAuthorizer(tokenFromContext(stream.Context()))
+	// TODO(spatel): Refactor _ and entMeta as part of NET-4914
+	authz, authzContext, err := s.getAuthorizer(tokenFromContext(stream.Context()), acl.DefaultEnterpriseMeta())
 	if err != nil {
 		return err
 	}
@@ -66,7 +67,7 @@ func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.R
 		}
 
 		// filter out items that don't pass read ACLs
-		err = reg.ACLs.Read(authz, event.Resource.Id)
+		err = reg.ACLs.Read(authz, authzContext, event.Resource.Id)
 		switch {
 		case acl.IsErrPermissionDenied(err):
 			continue
diff --git a/agent/grpc-external/services/resource/write.go b/agent/grpc-external/services/resource/write.go
index 3900612f07e1..f55645ae945d 100644
--- a/agent/grpc-external/services/resource/write.go
+++ b/agent/grpc-external/services/resource/write.go
@@ -46,7 +46,8 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre
 		return nil, err
 	}
 
-	authz, err := s.getAuthorizer(tokenFromContext(ctx))
+	// TODO(spatel): Refactor _ and entMeta as part of NET-4911
+	authz, _, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
 	if err != nil {
 		return nil, err
 	}
diff --git a/agent/grpc-external/services/resource/write_status.go b/agent/grpc-external/services/resource/write_status.go
index 205918e1dc2b..67a2eff05387 100644
--- a/agent/grpc-external/services/resource/write_status.go
+++ b/agent/grpc-external/services/resource/write_status.go
@@ -20,7 +20,8 @@ import (
 )
 
 func (s *Server) WriteStatus(ctx context.Context, req *pbresource.WriteStatusRequest) (*pbresource.WriteStatusResponse, error) {
-	authz, err := s.getAuthorizer(tokenFromContext(ctx))
+	// TODO(spatel): Refactor _ and entMeta as part of NET-4912
+	authz, _, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
 	if err != nil {
 		return nil, err
 	}
diff --git a/agent/grpc-external/services/resource/write_test.go b/agent/grpc-external/services/resource/write_test.go
index 4ec25ee26c0c..8c886d9bf876 100644
--- a/agent/grpc-external/services/resource/write_test.go
+++ b/agent/grpc-external/services/resource/write_test.go
@@ -36,19 +36,22 @@ func TestWrite_InputValidation(t *testing.T) {
 		"no tenancy":  func(req *pbresource.WriteRequest) { req.Resource.Id.Tenancy = nil },
 		"no name":     func(req *pbresource.WriteRequest) { req.Resource.Id.Name = "" },
 		"no data":     func(req *pbresource.WriteRequest) { req.Resource.Data = nil },
-		// clone necessary to not pollute DefaultTenancy
-		"tenancy partition not default": func(req *pbresource.WriteRequest) {
-			req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
-			req.Resource.Id.Tenancy.Partition = ""
-		},
-		"tenancy namespace not default": func(req *pbresource.WriteRequest) {
-			req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
-			req.Resource.Id.Tenancy.Namespace = ""
-		},
-		"tenancy peername not local": func(req *pbresource.WriteRequest) {
-			req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
-			req.Resource.Id.Tenancy.PeerName = ""
-		},
+
+		// TODO(spatel): Refactor tenancy as part of NET-4911
+		//
+		// // clone necessary to not pollute DefaultTenancy
+		// "tenancy partition not default": func(req *pbresource.WriteRequest) {
+		// 	req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
+		// 	req.Resource.Id.Tenancy.Partition = ""
+		// },
+		// "tenancy namespace not default": func(req *pbresource.WriteRequest) {
+		// 	req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
+		// 	req.Resource.Id.Tenancy.Namespace = ""
+		// },
+		// "tenancy peername not local": func(req *pbresource.WriteRequest) {
+		// 	req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
+		// 	req.Resource.Id.Tenancy.PeerName = ""
+		// },
 		"wrong data type": func(req *pbresource.WriteRequest) {
 			var err error
 			req.Resource.Data, err = anypb.New(&pbdemov2.Album{})
@@ -99,28 +102,31 @@ func TestWrite_OwnerValidation(t *testing.T) {
 			modReqFn:      func(req *pbresource.WriteRequest) { req.Resource.Owner.Name = "" },
 			errorContains: "resource.owner.name",
 		},
-		// clone necessary to not pollute DefaultTenancy
-		"owner tenancy partition not default": {
-			modReqFn: func(req *pbresource.WriteRequest) {
-				req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
-				req.Resource.Owner.Tenancy.Partition = ""
-			},
-			errorContains: "resource.owner.tenancy.partition",
-		},
-		"owner tenancy namespace not default": {
-			modReqFn: func(req *pbresource.WriteRequest) {
-				req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
-				req.Resource.Owner.Tenancy.Namespace = ""
-			},
-			errorContains: "resource.owner.tenancy.namespace",
-		},
-		"owner tenancy peername not local": {
-			modReqFn: func(req *pbresource.WriteRequest) {
-				req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
-				req.Resource.Owner.Tenancy.PeerName = ""
-			},
-			errorContains: "resource.owner.tenancy.peername",
-		},
+
+		// TODO(spatel): Refactor tenancy as part of NET-4911
+		//
+		// // clone necessary to not pollute DefaultTenancy
+		// "owner tenancy partition not default": {
+		// 	modReqFn: func(req *pbresource.WriteRequest) {
+		// 		req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
+		// 		req.Resource.Owner.Tenancy.Partition = ""
+		// 	},
+		// 	errorContains: "resource.owner.tenancy.partition",
+		// },
+		// "owner tenancy namespace not default": {
+		// 	modReqFn: func(req *pbresource.WriteRequest) {
+		// 		req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
+		// 		req.Resource.Owner.Tenancy.Namespace = ""
+		// 	},
+		// 	errorContains: "resource.owner.tenancy.namespace",
+		// },
+		// "owner tenancy peername not local": {
+		// 	modReqFn: func(req *pbresource.WriteRequest) {
+		// 		req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
+		// 		req.Resource.Owner.Tenancy.PeerName = ""
+		// 	},
+		// 	errorContains: "resource.owner.tenancy.peername",
+		// },
 	}
 	for desc, tc := range testCases {
 		t.Run(desc, func(t *testing.T) {
diff --git a/internal/mesh/internal/types/proxy_state_template.go b/internal/mesh/internal/types/proxy_state_template.go
index 7f46190ea015..84195ed2c665 100644
--- a/internal/mesh/internal/types/proxy_state_template.go
+++ b/internal/mesh/internal/types/proxy_state_template.go
@@ -27,13 +27,13 @@ func RegisterProxyStateTemplate(r resource.Registry) {
 		Proto:    &pbmesh.ProxyStateTemplate{},
 		Validate: nil,
 		ACLs: &resource.ACLHooks{
-			Read: func(authorizer acl.Authorizer, id *pbresource.ID) error {
+			Read: func(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID) error {
 				// Check service:read and operator:read permissions.
 				// If service:read is not allowed, check operator:read. We want to allow both as this
 				// resource is mostly useful for debuggability and we want to cover
 				// the most cases that serve that purpose.
-				serviceReadErr := authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.Name, resource.AuthorizerContext(id.Tenancy))
-				operatorReadErr := authorizer.ToAllowAuthorizer().OperatorReadAllowed(resource.AuthorizerContext(id.Tenancy))
+				serviceReadErr := authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.Name, authzContext)
+				operatorReadErr := authorizer.ToAllowAuthorizer().OperatorReadAllowed(authzContext)
 
 				switch {
 				case serviceReadErr != nil:
diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go
index 88fe7134c074..6fd79f0b6cfb 100644
--- a/internal/resource/demo/demo.go
+++ b/internal/resource/demo/demo.go
@@ -24,9 +24,17 @@ import (
 var (
 	// TenancyDefault contains the default values for all tenancy units.
 	TenancyDefault = &pbresource.Tenancy{
-		Partition: "default",
+		Partition: resource.DefaultPartitionName,
 		PeerName:  "local",
-		Namespace: "default",
+		Namespace: resource.DefaultNamespaceName,
+	}
+
+	// TypeV1RecordLabel represents a record label which artists are signed to.
+	// Used specifically as a resource to test partition only scoped resources.
+	TypeV1RecordLabel = &pbresource.Type{
+		Group:        "demo",
+		GroupVersion: "v1",
+		Kind:         "RecordLabel",
 	}
 
 	// TypeV1Artist represents a musician or group of musicians.
@@ -72,9 +80,9 @@ const (
 // TODO(spatel): We're standing-in key ACLs for demo resources until our ACL
 // system can be more modularly extended (or support generic resource permissions).
 func RegisterTypes(r resource.Registry) {
-	readACL := func(authz acl.Authorizer, id *pbresource.ID) error {
+	readACL := func(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID) error {
 		key := fmt.Sprintf("resource/%s/%s", resource.ToGVK(id.Type), id.Name)
-		return authz.ToAllowAuthorizer().KeyReadAllowed(key, &acl.AuthorizerContext{})
+		return authz.ToAllowAuthorizer().KeyReadAllowed(key, authzContext)
 	}
 
 	writeACL := func(authz acl.Authorizer, res *pbresource.Resource) error {
@@ -124,6 +132,17 @@ func RegisterTypes(r resource.Registry) {
 		return nil
 	}
 
+	r.Register(resource.Registration{
+		Type:  TypeV1RecordLabel,
+		Proto: &pbdemov1.RecordLabel{},
+		ACLs: &resource.ACLHooks{
+			Read:  readACL,
+			Write: writeACL,
+			List:  makeListACL(TypeV1RecordLabel),
+		},
+		Scope: resource.ScopePartition,
+	})
+
 	r.Register(resource.Registration{
 		Type:  TypeV1Artist,
 		Proto: &pbdemov1.Artist{},
@@ -172,6 +191,28 @@ func RegisterTypes(r resource.Registry) {
 	})
 }
 
+// GenerateV1RecordLabel generates a named RecordLabel resource.
+func GenerateV1RecordLabel(name string) (*pbresource.Resource, error) {
+	data, err := anypb.New(&pbdemov1.RecordLabel{Name: name})
+	if err != nil {
+		return nil, err
+	}
+
+	return &pbresource.Resource{
+		Id: &pbresource.ID{
+			Type: TypeV1RecordLabel,
+			Tenancy: &pbresource.Tenancy{
+				Partition: resource.DefaultPartitionName,
+			},
+			Name: name,
+		},
+		Data: data,
+		Metadata: map[string]string{
+			"generated_at": time.Now().Format(time.RFC3339),
+		},
+	}, nil
+}
+
 // GenerateV2Artist generates a random Artist resource.
 func GenerateV2Artist() (*pbresource.Resource, error) {
 	adjective := adjectives[rand.Intn(len(adjectives))]
diff --git a/internal/resource/http/http_test.go b/internal/resource/http/http_test.go
index d385a861c3d0..80e506cd92de 100644
--- a/internal/resource/http/http_test.go
+++ b/internal/resource/http/http_test.go
@@ -80,22 +80,6 @@ func TestResourceHandler_InputValidation(t *testing.T) {
 			response:             httptest.NewRecorder(),
 			expectedResponseCode: http.StatusBadRequest,
 		},
-		{
-			description: "missing tenancy info",
-			request: httptest.NewRequest("PUT", "/keith-urban?partition=default&peer_name=local", strings.NewReader(`
-				{
-					"metadata": {
-						"foo": "bar"
-					},
-					"data": {
-						"name": "Keith Urban",
-						"genre": "GENRE_COUNTRY"
-					}
-				}
-			`)),
-			response:             httptest.NewRecorder(),
-			expectedResponseCode: http.StatusBadRequest,
-		},
 	}
 
 	for _, tc := range testCases {
diff --git a/internal/resource/registry.go b/internal/resource/registry.go
index 3bedbdebf893..afc3f25bcd4c 100644
--- a/internal/resource/registry.go
+++ b/internal/resource/registry.go
@@ -20,34 +20,6 @@ var (
 	kindRegexp         = regexp.MustCompile(`^[A-Z][A-Za-z\d]+$`)
 )
 
-// Scope describes the tenancy scope of a resource.
-type Scope int
-
-const (
-	// There is no default scope, it must be set explicitly.
-	ScopeUndefined Scope = iota
-	// ScopeCluster describes a resource that is scoped to a cluster.
-	ScopeCluster
-	// ScopePartition describes a resource that is scoped to a partition.
-	ScopePartition
-	// ScopeNamespace applies to a resource that is scoped to a partition and namespace.
-	ScopeNamespace
-)
-
-func (s Scope) String() string {
-	switch s {
-	case ScopeUndefined:
-		return "undefined"
-	case ScopeCluster:
-		return "cluster"
-	case ScopePartition:
-		return "partition"
-	case ScopeNamespace:
-		return "namespace"
-	}
-	panic(fmt.Sprintf("string mapping missing for scope %v", int(s)))
-}
-
 type Registry interface {
 	// Register the given resource type and its hooks.
 	Register(reg Registration)
@@ -85,7 +57,7 @@ type ACLHooks struct {
 	// RPCs.
 	//
 	// If it is omitted, `operator:read` permission is assumed.
-	Read func(acl.Authorizer, *pbresource.ID) error
+	Read func(acl.Authorizer, *acl.AuthorizerContext, *pbresource.ID) error
 
 	// Write is used to authorize Write and Delete RPCs.
 	//
@@ -147,8 +119,8 @@ func (r *TypeRegistry) Register(registration Registration) {
 		registration.ACLs = &ACLHooks{}
 	}
 	if registration.ACLs.Read == nil {
-		registration.ACLs.Read = func(authz acl.Authorizer, id *pbresource.ID) error {
-			return authz.ToAllowAuthorizer().OperatorReadAllowed(&acl.AuthorizerContext{})
+		registration.ACLs.Read = func(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID) error {
+			return authz.ToAllowAuthorizer().OperatorReadAllowed(authzContext)
 		}
 	}
 	if registration.ACLs.Write == nil {
diff --git a/internal/resource/registry_test.go b/internal/resource/registry_test.go
index 7d8bb2433921..d717f46f59ce 100644
--- a/internal/resource/registry_test.go
+++ b/internal/resource/registry_test.go
@@ -43,8 +43,8 @@ func TestRegister_Defaults(t *testing.T) {
 	require.True(t, ok)
 
 	// verify default read hook requires operator:read
-	require.NoError(t, reg.ACLs.Read(testutils.ACLOperatorRead(t), artist.Id))
-	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Read(testutils.ACLNoPermissions(t), artist.Id)))
+	require.NoError(t, reg.ACLs.Read(testutils.ACLOperatorRead(t), nil, artist.Id))
+	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Read(testutils.ACLNoPermissions(t), nil, artist.Id)))
 
 	// verify default write hook requires operator:write
 	require.NoError(t, reg.ACLs.Write(testutils.ACLOperatorWrite(t), artist))
diff --git a/internal/resource/resourcetest/builder.go b/internal/resource/resourcetest/builder.go
index 395cba57b28f..38f1a6e3ec4a 100644
--- a/internal/resource/resourcetest/builder.go
+++ b/internal/resource/resourcetest/builder.go
@@ -37,8 +37,8 @@ func Resource(rtype *pbresource.Type, name string) *resourceBuilder {
 					Kind:         rtype.Kind,
 				},
 				Tenancy: &pbresource.Tenancy{
-					Partition: "default",
-					Namespace: "default",
+					Partition: resource.DefaultPartitionName,
+					Namespace: resource.DefaultNamespaceName,
 					PeerName:  "local",
 				},
 				Name: name,
diff --git a/internal/resource/tenancy.go b/internal/resource/tenancy.go
new file mode 100644
index 000000000000..e783a004fc3f
--- /dev/null
+++ b/internal/resource/tenancy.go
@@ -0,0 +1,53 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package resource
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const (
+	DefaultPartitionName = "default"
+	DefaultNamespaceName = "default"
+)
+
+// Scope describes the tenancy scope of a resource.
+type Scope int
+
+const (
+	// There is no default scope, it must be set explicitly.
+	ScopeUndefined Scope = iota
+	// ScopeCluster describes a resource that is scoped to a cluster.
+	ScopeCluster
+	// ScopePartition describes a resource that is scoped to a partition.
+	ScopePartition
+	// ScopeNamespace applies to a resource that is scoped to a partition and namespace.
+	ScopeNamespace
+)
+
+func (s Scope) String() string {
+	switch s {
+	case ScopeUndefined:
+		return "undefined"
+	case ScopeCluster:
+		return "cluster"
+	case ScopePartition:
+		return "partition"
+	case ScopeNamespace:
+		return "namespace"
+	}
+	panic(fmt.Sprintf("string mapping missing for scope %v", int(s)))
+}
+
+// Normalize lowercases partition and namespace.
+func Normalize(tenancy *pbresource.Tenancy) {
+	if tenancy == nil {
+		return
+	}
+	tenancy.Partition = strings.ToLower(tenancy.Partition)
+	tenancy.Namespace = strings.ToLower(tenancy.Namespace)
+}
diff --git a/proto/private/pbdemo/v1/demo.pb.binary.go b/proto/private/pbdemo/v1/demo.pb.binary.go
index 45a3c34e5536..b52d5f33496e 100644
--- a/proto/private/pbdemo/v1/demo.pb.binary.go
+++ b/proto/private/pbdemo/v1/demo.pb.binary.go
@@ -7,6 +7,16 @@ import (
 	"google.golang.org/protobuf/proto"
 )
 
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *RecordLabel) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *RecordLabel) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
 // MarshalBinary implements encoding.BinaryMarshaler
 func (msg *Artist) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
diff --git a/proto/private/pbdemo/v1/demo.pb.go b/proto/private/pbdemo/v1/demo.pb.go
index 9ee119d76f54..a69008fce767 100644
--- a/proto/private/pbdemo/v1/demo.pb.go
+++ b/proto/private/pbdemo/v1/demo.pb.go
@@ -105,6 +105,61 @@ func (Genre) EnumDescriptor() ([]byte, []int) {
 	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{0}
 }
 
+type RecordLabel struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name        string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+}
+
+func (x *RecordLabel) Reset() {
+	*x = RecordLabel{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbdemo_v1_demo_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RecordLabel) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RecordLabel) ProtoMessage() {}
+
+func (x *RecordLabel) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbdemo_v1_demo_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RecordLabel.ProtoReflect.Descriptor instead.
+func (*RecordLabel) Descriptor() ([]byte, []int) {
+	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *RecordLabel) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *RecordLabel) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
 type Artist struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -119,7 +174,7 @@ type Artist struct {
 func (x *Artist) Reset() {
 	*x = Artist{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbdemo_v1_demo_proto_msgTypes[0]
+		mi := &file_private_pbdemo_v1_demo_proto_msgTypes[1]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -132,7 +187,7 @@ func (x *Artist) String() string {
 func (*Artist) ProtoMessage() {}
 
 func (x *Artist) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbdemo_v1_demo_proto_msgTypes[0]
+	mi := &file_private_pbdemo_v1_demo_proto_msgTypes[1]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -145,7 +200,7 @@ func (x *Artist) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Artist.ProtoReflect.Descriptor instead.
 func (*Artist) Descriptor() ([]byte, []int) {
-	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{0}
+	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{1}
 }
 
 func (x *Artist) GetName() string {
@@ -190,7 +245,7 @@ type Album struct {
 func (x *Album) Reset() {
 	*x = Album{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbdemo_v1_demo_proto_msgTypes[1]
+		mi := &file_private_pbdemo_v1_demo_proto_msgTypes[2]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -203,7 +258,7 @@ func (x *Album) String() string {
 func (*Album) ProtoMessage() {}
 
 func (x *Album) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbdemo_v1_demo_proto_msgTypes[1]
+	mi := &file_private_pbdemo_v1_demo_proto_msgTypes[2]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -216,7 +271,7 @@ func (x *Album) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Album.ProtoReflect.Descriptor instead.
 func (*Album) Descriptor() ([]byte, []int) {
-	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{1}
+	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{2}
 }
 
 func (x *Album) GetName() string {
@@ -254,59 +309,63 @@ var file_private_pbdemo_v1_demo_proto_rawDesc = []byte{
 	0x2f, 0x76, 0x31, 0x2f, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x21,
 	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
 	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x76,
-	0x31, 0x22, 0xa3, 0x01, 0x0a, 0x06, 0x41, 0x72, 0x74, 0x69, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x05, 0x67, 0x65, 0x6e, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x64, 0x65,
-	0x6d, 0x6f, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x6e, 0x72, 0x65, 0x52, 0x05, 0x67, 0x65, 0x6e,
-	0x72, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x6d, 0x65, 0x6d, 0x62,
-	0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x67, 0x72, 0x6f, 0x75, 0x70,
-	0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x22, 0x8c, 0x01, 0x0a, 0x05, 0x41, 0x6c, 0x62, 0x75,
-	0x6d, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x26, 0x0a, 0x0f, 0x79, 0x65, 0x61, 0x72, 0x5f, 0x6f, 0x66,
-	0x5f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d,
-	0x79, 0x65, 0x61, 0x72, 0x4f, 0x66, 0x52, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x12, 0x2f, 0x0a,
-	0x13, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x6c, 0x79, 0x5f, 0x61, 0x63, 0x6c, 0x61,
-	0x69, 0x6d, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x63, 0x72, 0x69, 0x74,
-	0x69, 0x63, 0x61, 0x6c, 0x6c, 0x79, 0x41, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x65, 0x64, 0x12, 0x16,
-	0x0a, 0x06, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06,
-	0x74, 0x72, 0x61, 0x63, 0x6b, 0x73, 0x2a, 0xe9, 0x01, 0x0a, 0x05, 0x47, 0x65, 0x6e, 0x72, 0x65,
-	0x12, 0x15, 0x0a, 0x11, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
-	0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x47, 0x45, 0x4e, 0x52, 0x45,
-	0x5f, 0x4a, 0x41, 0x5a, 0x5a, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x47, 0x45, 0x4e, 0x52, 0x45,
-	0x5f, 0x46, 0x4f, 0x4c, 0x4b, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x47, 0x45, 0x4e, 0x52, 0x45,
-	0x5f, 0x50, 0x4f, 0x50, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f,
-	0x4d, 0x45, 0x54, 0x41, 0x4c, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x47, 0x45, 0x4e, 0x52, 0x45,
-	0x5f, 0x50, 0x55, 0x4e, 0x4b, 0x10, 0x05, 0x12, 0x0f, 0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45,
-	0x5f, 0x42, 0x4c, 0x55, 0x45, 0x53, 0x10, 0x06, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x52,
-	0x45, 0x5f, 0x52, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x42, 0x10, 0x07, 0x12, 0x11, 0x0a, 0x0d, 0x47,
-	0x45, 0x4e, 0x52, 0x45, 0x5f, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x52, 0x59, 0x10, 0x08, 0x12, 0x0f,
-	0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x10, 0x09, 0x12,
-	0x0d, 0x0a, 0x09, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x53, 0x4b, 0x41, 0x10, 0x0a, 0x12, 0x11,
-	0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x48, 0x49, 0x50, 0x5f, 0x48, 0x4f, 0x50, 0x10,
-	0x0b, 0x12, 0x0f, 0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x49, 0x4e, 0x44, 0x49, 0x45,
-	0x10, 0x0c, 0x42, 0x97, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x76, 0x31, 0x42, 0x09, 0x44, 0x65,
-	0x6d, 0x6f, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75,
-	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69,
-	0x76, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x62, 0x64, 0x65, 0x6d, 0x6f, 0x2f, 0x76, 0x31, 0x3b, 0x64,
-	0x65, 0x6d, 0x6f, 0x76, 0x31, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x44, 0xaa, 0x02, 0x21, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x44, 0x65, 0x6d, 0x6f, 0x2e, 0x56, 0x31,
-	0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x44, 0x65, 0x6d,
-	0x6f, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x5c, 0x44, 0x65, 0x6d, 0x6f, 0x5c, 0x56, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
-	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x3a, 0x3a, 0x44, 0x65, 0x6d, 0x6f, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33,
+	0x31, 0x22, 0x43, 0x0a, 0x0b, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x4c, 0x61, 0x62, 0x65, 0x6c,
+	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xa3, 0x01, 0x0a, 0x06, 0x41, 0x72, 0x74, 0x69, 0x73,
+	0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x05, 0x67, 0x65, 0x6e, 0x72, 0x65,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2e, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x6e, 0x72, 0x65,
+	0x52, 0x05, 0x67, 0x65, 0x6e, 0x72, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x67, 0x72, 0x6f, 0x75, 0x70,
+	0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c,
+	0x67, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x22, 0x8c, 0x01, 0x0a,
+	0x05, 0x41, 0x6c, 0x62, 0x75, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x26, 0x0a, 0x0f, 0x79, 0x65,
+	0x61, 0x72, 0x5f, 0x6f, 0x66, 0x5f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x05, 0x52, 0x0d, 0x79, 0x65, 0x61, 0x72, 0x4f, 0x66, 0x52, 0x65, 0x6c, 0x65, 0x61,
+	0x73, 0x65, 0x12, 0x2f, 0x0a, 0x13, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x6c, 0x79,
+	0x5f, 0x61, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x12, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x6c, 0x79, 0x41, 0x63, 0x6c, 0x61, 0x69,
+	0x6d, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x73, 0x18, 0x04, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x06, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x73, 0x2a, 0xe9, 0x01, 0x0a, 0x05,
+	0x47, 0x65, 0x6e, 0x72, 0x65, 0x12, 0x15, 0x0a, 0x11, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x55,
+	0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a,
+	0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x4a, 0x41, 0x5a, 0x5a, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a,
+	0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x46, 0x4f, 0x4c, 0x4b, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09,
+	0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x50, 0x4f, 0x50, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x47,
+	0x45, 0x4e, 0x52, 0x45, 0x5f, 0x4d, 0x45, 0x54, 0x41, 0x4c, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a,
+	0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x50, 0x55, 0x4e, 0x4b, 0x10, 0x05, 0x12, 0x0f, 0x0a, 0x0b,
+	0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x42, 0x4c, 0x55, 0x45, 0x53, 0x10, 0x06, 0x12, 0x11, 0x0a,
+	0x0d, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x52, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x42, 0x10, 0x07,
+	0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x52,
+	0x59, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x44, 0x49, 0x53,
+	0x43, 0x4f, 0x10, 0x09, 0x12, 0x0d, 0x0a, 0x09, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x53, 0x4b,
+	0x41, 0x10, 0x0a, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x48, 0x49, 0x50,
+	0x5f, 0x48, 0x4f, 0x50, 0x10, 0x0b, 0x12, 0x0f, 0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f,
+	0x49, 0x4e, 0x44, 0x49, 0x45, 0x10, 0x0c, 0x42, 0x97, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x76,
+	0x31, 0x42, 0x09, 0x44, 0x65, 0x6d, 0x6f, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3a,
+	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x62, 0x64, 0x65, 0x6d, 0x6f,
+	0x2f, 0x76, 0x31, 0x3b, 0x64, 0x65, 0x6d, 0x6f, 0x76, 0x31, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49,
+	0x44, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x44, 0x65,
+	0x6d, 0x6f, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x5c, 0x44, 0x65, 0x6d, 0x6f, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x44, 0x65, 0x6d, 0x6f, 0x5c, 0x56, 0x31, 0x5c, 0x47, 0x50,
+	0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x44, 0x65, 0x6d, 0x6f, 0x3a, 0x3a, 0x56,
+	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -322,11 +381,12 @@ func file_private_pbdemo_v1_demo_proto_rawDescGZIP() []byte {
 }
 
 var file_private_pbdemo_v1_demo_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_private_pbdemo_v1_demo_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_private_pbdemo_v1_demo_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
 var file_private_pbdemo_v1_demo_proto_goTypes = []interface{}{
-	(Genre)(0),     // 0: hashicorp.consul.internal.demo.v1.Genre
-	(*Artist)(nil), // 1: hashicorp.consul.internal.demo.v1.Artist
-	(*Album)(nil),  // 2: hashicorp.consul.internal.demo.v1.Album
+	(Genre)(0),          // 0: hashicorp.consul.internal.demo.v1.Genre
+	(*RecordLabel)(nil), // 1: hashicorp.consul.internal.demo.v1.RecordLabel
+	(*Artist)(nil),      // 2: hashicorp.consul.internal.demo.v1.Artist
+	(*Album)(nil),       // 3: hashicorp.consul.internal.demo.v1.Album
 }
 var file_private_pbdemo_v1_demo_proto_depIdxs = []int32{
 	0, // 0: hashicorp.consul.internal.demo.v1.Artist.genre:type_name -> hashicorp.consul.internal.demo.v1.Genre
@@ -344,7 +404,7 @@ func file_private_pbdemo_v1_demo_proto_init() {
 	}
 	if !protoimpl.UnsafeEnabled {
 		file_private_pbdemo_v1_demo_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Artist); i {
+			switch v := v.(*RecordLabel); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -356,6 +416,18 @@ func file_private_pbdemo_v1_demo_proto_init() {
 			}
 		}
 		file_private_pbdemo_v1_demo_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Artist); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbdemo_v1_demo_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Album); i {
 			case 0:
 				return &v.state
@@ -374,7 +446,7 @@ func file_private_pbdemo_v1_demo_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_private_pbdemo_v1_demo_proto_rawDesc,
 			NumEnums:      1,
-			NumMessages:   2,
+			NumMessages:   3,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto/private/pbdemo/v1/demo.proto b/proto/private/pbdemo/v1/demo.proto
index 60ce1d0a4f50..4fcbe7155c48 100644
--- a/proto/private/pbdemo/v1/demo.proto
+++ b/proto/private/pbdemo/v1/demo.proto
@@ -7,6 +7,11 @@ syntax = "proto3";
 // Consul's generic storage APIs.
 package hashicorp.consul.internal.demo.v1;
 
+message RecordLabel {
+  string name = 1;
+  string description = 2;
+}
+
 message Artist {
   string name = 1;
   string description = 2;

From 96ce4daefa79c373ab9fc7fae0ff533024daecc3 Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Tue, 8 Aug 2023 12:42:03 +0530
Subject: [PATCH 255/359] Not using chmod - fixed integration test for
 Enterprise (#18401)

* Not using chmod

* checking icacls

* Removed push
---
 .github/workflows/test-integrations-windows.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test-integrations-windows.yml b/.github/workflows/test-integrations-windows.yml
index f18b43e006ac..c3e977e97d58 100644
--- a/.github/workflows/test-integrations-windows.yml
+++ b/.github/workflows/test-integrations-windows.yml
@@ -76,7 +76,7 @@ jobs:
           path: ${{ github.workspace }}
 
       - name: Restore mode+x
-        run: chmod +x ${{ github.workspace }}\consul.exe
+        run: icacls ${{ github.workspace }}\consul.exe /grant:rx Everyone:RX
 
       - name: Setup TcpDump Docker Image
         shell: bash
@@ -1184,7 +1184,7 @@ jobs:
         if: ${{ !endsWith(github.repository, '-enterprise') }}
         run: |
           curl -L --fail "https://github.com/DataDog/datadog-ci/releases/download/v2.17.2/datadog-ci_win-x64.exe" --output "C:/datadog-ci"
-          chmod +x C:/datadog-ci
+          icacls C:/datadog-ci /grant:rx Everyone:RX
 
       - name: Upload coverage
         # do not run on forks

From 2096f2318878551213349e37701387a8f2721446 Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Tue, 8 Aug 2023 09:49:01 -0700
Subject: [PATCH 256/359] replaced ordered list of rate limit ops with flow
 diagram (#18398)

* replaced ordered list of rate limit ops with flow diagram

* made diagram font bigger

* updated colors for dark mode img

* fixed typo

* recentered dark mode image

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---
 website/content/docs/agent/limits/index.mdx     |   7 ++++++-
 .../img/agent-rate-limiting-ops-order-dark.jpg  | Bin 0 -> 48822 bytes
 .../img/agent-rate-limiting-ops-order.jpg       | Bin 0 -> 48016 bytes
 3 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 website/public/img/agent-rate-limiting-ops-order-dark.jpg
 create mode 100644 website/public/img/agent-rate-limiting-ops-order.jpg

diff --git a/website/content/docs/agent/limits/index.mdx b/website/content/docs/agent/limits/index.mdx
index 9a522dc3313a..ecf6deac49bd 100644
--- a/website/content/docs/agent/limits/index.mdx
+++ b/website/content/docs/agent/limits/index.mdx
@@ -29,8 +29,12 @@ Setting limits per source IP requires Consul Enterprise.
 
 ### Order of operations
 
-You can define request rate limits in the agent configuration and in the control plane request limit configuration entry. The configuration entry also supports rate limit configurations for Consul resources. Consul perfroms the following order of operations when determing request rate limits:
+You can define request rate limits in the agent configuration and in the control plane request limit configuration entry. The configuration entry also supports rate limit configurations for Consul resources. Consul performs the following order of operations when determining request rate limits:
 
+![Flowchart that describes the order of operations for determining request rate limits.](/img/agent-rate-limiting-ops-order.jpg#light-theme-only)
+![Flowchart that describes the order of operations for determining request rate limits.](/img/agent-rate-limiting-ops-order-dark.jpg#dark-theme-only)
+
+<!--
 1. Parse request.
 1. Does the request reach a global server limit?
    - No: Proceed to the next stage.
@@ -50,6 +54,7 @@ You can define request rate limits in the agent configuration and in the control
    - No: Proceed to the next stage.
    - Yes: Return an error that the requested resource has been exhausted.
 1. Handle the request.
+-->
 
 ## Kubernetes
 
diff --git a/website/public/img/agent-rate-limiting-ops-order-dark.jpg b/website/public/img/agent-rate-limiting-ops-order-dark.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..8b87f67e24746f930657f82c580ca5f4831c391e
GIT binary patch
literal 48822
zcmdqJ1z1*Xw=O#A7U^yfq`O-wkyJ`bLb^MB2|?)+P`W#$yF^;)lJ4%#moxqTwa+hW
z|KGp9RcGyeUayH4ymLO!7*C96jB(#%-c8;u01ux@%Si(;umAu9{sZo&fhPbmA|etZ
z0x}X35()}3DmpF(IvN@}5jGAcE*UWeIT<l2DJ3l{JtZ|W4Jj!D-(zNW4sLF43VHz%
zeokRlE^f|WjliIwprE6n6JlTxa#E2}asInMcdY;xGCU=08XOEY0E-0!hXr%@4WIz!
zM1c9@1N_Se1{Mw;0TBrq1r-gvq3R(33j+rS3lE2Y01pq|?G1hpz+)j`Q*lTj;;0xP
zQQPBk`bMQA(@2)J;i(QC&~h0%_@SWU6A%&+(><bRc+AMn!^_7nAo%2|l(dYj+_M)i
z)zmdKwO$z+zcDd2Gq-Sba&~cbbNBFn7ZCXVLr`#Z%*WWc_)nh`GBUHWb8_?Y3(6}h
ztEy{i>*~L@f9vS%>h9?s9vK}QpP2kPwYaprvbwguvAK14bbNApc7Abr^-C`p0Pb&U
zfj|GI*uT;X3)Bl19v%)J>6czGu&&?*hXs#7#es+|p@L*!k3-Gri;OE7m0s3{Lc^tc
zfM@71go;ngy-0WXOSL~V`)i8%{f9LBe--<?UQ+-%91J*la9DsCa4^M?ktZRAs|@q+
zz7#Aic~+JPaU7FUYJmq?F|BZ;W5Z6<6tOR^CGE#PeSAmpn*GOV_mwi@8@$Zh3jQS_
zOL%>yvTyT+kGUb%x{v`T%o~EXJK&o#qBD3ymGd1STqJg&k8}rM$()T%+#G$m1KPYO
zZlnNHl~-cZ8v4h*?RNme0pt+(fBJb0MU>ixk>V_hxp(fYqKR+ye<=JC5@++UsX^EL
zsB$ouQ@R~nYEQ-<I(TERbpohJ;r<U_`a?!?Jf4o!fwDcZAJ37|ur65ud9V4O<MThG
z?3sWGE5W!enkzPl*A;4Ct~|{Tral^cSHtg04jv<BKt^y~j=4sC$NWz#N-l-6q`cSc
zX~s#>NVqVH!Na2`7%!y5AG7VuF|5+kenu~nQK^$7TCvxv{8uW=<28<C4d5znqT0sB
zI$${v&=0=xxr!3U0!Igir}%rdD~d2iwUn?c(kRvp#j}chiH96|+N{%-k(%`SEM0R-
z?S3L33h*+muXi6@;S5A>3SK*wwTSdxq5}OH!3?03|8rL{8D_GI(LOWR(-!rxk8g7-
z3gq4Arq-A~gwqDK=buonD8oCc?W)gG*W<KuSULz#di!p*s0mO6sHDNxN5D2>ZF$7#
zN*{@H7dCA~!<&$6b)!qPowr?Sut@=~#E;V76zZGLQ4F7atFGcxa#@1vSA90tOavHS
zB8B?2eESA#uZ!0an}xMGaZYTk;1uVPC^%<6I2~uUq!HouI2InC)-;-98gHdi87W6o
z8)D`5y#LC%sY1@$k$J*jF<@8M*MU#A;ni#>phjxf=+(t#ape+^`MxBS*s3&#HIZa`
zHiTbQjKARK>$1z4_ljS#M_41eyEQJ%$VLs;<OQ2nqqeqyP4iDnbO#;ntQ;QWRF~P-
zWg(f(8PuJsS-z)%!-tBgoErs{_^y8agfR#sYjW+jA7f`@SB~W1Y{?a*0FTB5PZ^e(
z`jU`b?aeYv-XK%{$}qg*(6Hnpq<tDj0%o~^(nkfGDMVFeaomT9$z<hnB?Xkpu=o*u
zAM@5J8ca~RB6G>yN`>Dm*ZM2ef01mK8tFWO73j5@_P+yQdDMMG)a4lnl!u$g7B3Sn
zv+B@r&v?h9W&K!rzoKX`&XlaSQ^cqIsI984)b&6!qp}QXLU_ZwpWTJ<b+=C3tGoGi
zafPE-Z8z#<H)3OXFu;%z3@}NzuMD4RVM+&3Q@o(AIeMZsmg^zfkt1Q~mLN@l6R~&r
z?!_JqJrqHl=%b1hfcrmu>6JHr5Fd99{$aLTi+4T5cOHKgeh2t)$G_4!kT#95?kF{1
zT!oNtd51H`%G)~Io3kZa3rDt`XBy_7q#@@OQ|va3oJ0GlpeNN)0yn)e|K(O%S0m7t
zM0s>IaBKXl?D(7v+zxxhCsv6?OOk7gZK%5@WT6=oO6|k-OO(RW%T<Fr!0$rrB3P`t
zq-8z!Jrr%>4p?G<6AT`LPSxK5De4p#Y~bX7$h`k}f$ZzJCADDW6fKgBjA*3=#{ILg
z`9F@ER%Ea><ND5YZfP2a9vttDC0HIY<uo{Pd~8B)|FxM<YfTheyKU%YsTv|E6tg$C
z4~)xugiD!A^knEhe_Dz59AQX<4gNpxdeGiB#hMjg>@psW=59@kLT}Q0sME9?FrI9`
zq9-}n=QB-G!Zh@jWDDw&%KMqg>umjdgxCyyYWE!=xX5!WbFHD<*x0YKLM1j!%C>>P
z_l2lZMT!!YA;ahYm}>-I&`aH=LU&Flb4J=21+Tmo5TbuUeSDNM_W6}y{EeGA#p%ZU
zmFO!#IGF?r*}nr0P{b~F$rZ!y0I~Bs-~vAN#-$=J4TFMS`VL6Fz5{Mxm7qd0F`1Bo
z+dBXXLw^U56>TxV$@C1htV8dBI{=8e1Hy+^Hs+7-00_8|<nDkjOTl1Z=*Y?T@(yUZ
z16pbCfaOYeLB5+iVEztRz=j-7^=J6-7L{<%in=6BtG39PO>w^cmQ45%vRc}te*eL$
zWGTSx^4`PuWH(h2Cl<XYf5bi6wMLZ@Bkswcd0+N%XIz-f`|_Lp?;^Y!wZ`r}?g>|q
zMYr!R>8Xs|DB<L^du#hb%~Iyo9T0KRvOPR~2Rx-S{SSDN{}IpgPoB9q%l*Y<@=#&!
zh^rIZTM8DyGS@%TzyN3a%874cP==d#gt;(sc@^Od7ydfQbDaK6I&*DSx|)D_JXC#w
zR;n=r1<6IwiDzuKJ<}q3!*%2$xN{Coo5Zbz>L-&TD&{A~cWt7nydqndhji5y?&f(N
zMLFTG$86Ya3>+3e$x+&ES3caWv}!v!;f86IGH@5EtYM#0qHEOOrjzY?c@@=~HmQfk
zR-GsZ?N*!@>l5PIY#=O^uQ=2THykM`R!lS}OPt}3oFxg{Zq~4`=AWeXjg7VQW>=h1
z*BYzbyrDL%AEi9jP&}f(=K4W;?b{tFdl@z%*3m_}F02aoaimcUQlP2iZHvV_C{M~M
ziiyzEB{67}`aI&5NpXh0*@UBnvn^xB^Mj&JUX;h`l(Do9{KXIq{b`AGi@1t;y2da^
zbGzWxGU`r!H$tS;&u$`?Zznp=;B?1IPDyGSs%;-?&q+qqoj)z*)sol@FkTM-`iT@_
zEMPTA!qr@)&Uwbqtk;G-Q$z~Qz-@fqTwCr(3q=!Fa$_`-h@hVs>b93wp|(<b2*V!t
z&)NO3Zr%t-CL?o%kmp@CI}snzZ_<)pn^=={;3s&xi3;o`O=$*&eSc!FIh*ZJBHn5L
z(MDi7+zc)(RiU}MPTn$v=|gS|33c=%b*qzBnn!WgyjMSe(wEl-jbis6az-MlItUrR
zb>5))_R70LYf8>Dr*lR3!yfb0nr(SynUxlLG>1W48<n&)*F^9OZr=JwF{a+d6701j
zw#7#EbW^m33k7kV_MKdz=vR*7<j#0uGe;e`ycIpP?M|{$(K^PVd1Nw3x#{`T!>1^F
zSyh3ZYw{nCn`r|=N(5J6qV#;ti_ON>56ufb-`Mk=QBS!a5oNyrPM|6~6sJ%Eqbfj3
zihf{r2fPdH^_;FHK9@85j$c-f<A^P5gn3MR9kQp;`li-kdX)%Rq<GpA@kGI3!N6ps
zs@5=fp8<Y7JZX6gGh0KOq^8O;yDDkAgo`0`hlro_WV^%pE%hk(_AKfd37OjZ(dp+B
zJR73W7#V6x%p~CL8>@Asq~(M}sY9upq-Lye&v;Ai$8Vzduxbl%s2DqB=DK=k9J`7E
z`{T`t@ro{lj@WNpa(+=gI83}Aud#kGPrbQqntG*V<cQa|Y|MtkRPA9P+fyn@JpQRh
z(7CEJ+Xz`cB<Nc;j!vEG5T5REuV$J{E0qQ%dJ?e~&n}&{)3xj=n!IO}xu?}5-*u;I
zcV1k&d1eWckFg6j!iGNli4Y76SKjlI>I#%ya$3(9IPOLIF6^}f2MN8=e1YoWFO8#6
z)YS<oudsBpJHIds^W;skeRy?rBwK7WOTLh<wrWINxBAiMMNGINqIi)K{(M{hMX+{*
zd*f;}n)k5dF@FHuy2v?V8fyK-4W#1^(2JYDqGA%PbS}NP145upEG;LJ>dyb8z8YR;
zKBOx!3X}~zn=)66wuVMqmfL0TfKu>e8af(8bjH=loN{w%t9-n>XT>7*b)z^BG04PS
zt+9oJENc-E#z@2J7hD-cN_y#sqR^m&ob<H_D{IOnkTMcwGa6=jazbLUk6&AA?37|>
zWz=T(6@2iV_^KLd^(JaQ{IW%<4#pkuY&Uz5`>Zxz))U9nk~KSr>*sr`_m+=IyJGs~
zqea})Fdqk^*wA9N;q+0#?@BS-A<DI$0I6RyOBD|~vIzJ*-sVi<y0}8j8mhE4g*yly
zpJ|~G8Y-^x>qP9MAHOU*u~d+rP#U8h+S#Q&+9!4+%h7yp4?oR2R5$Q_)unXq@$_2S
z15|#x&u`2!Ts7mp0$xUjL~?o~$`YMYXO=!6b($7pp;xY}sF8g;z1YU>$3MqyLNJu~
zMuRqwvB3Lk!KAE_%pgZ+^QdX}qb+y5Il80n6Q))PB#t$jI>N(aYq7uw;{3f)dyk?C
z)7`VoG6v#8zZICq_)ha|s*4g0?NW_c+cK-V+p^kF*H1?OpvH}jF;;xXz*s;+>sX7^
zVbX;d0O#f^pQ=#(Gk*$)=epwZ!#-_UW<;VHsw4-YKnGywq>(Y@<|towtx&vMWSwvB
z;h^LY&D4!PEX!4=yz*h_<7)^O?E!~EQ`wMHAIl4s2$^7ad^A2;8~m5yeDQCW3Tt_X
zf!8R@G+)4hAkhx-=|ppXgQ_O?l*O+Lm48nOZamY;ZN+RwT|@N=6Z%6LBVAX2YPrfE
z&mO}toV%d5VsoNT3J1^BjBrbhI`ut1aib?V)@MEzjz)patX0V3g&`!3bc`qw7oKCF
zONGSZ^pwdrchFmeXI)`>r1U)-b!PInH8OB^=GR^0r!uu}u7%@Yan#LjN=f$2=qh-W
zh)@)5UX#7#yMp|RS0NW6Xk$|NIN0?=30?DHp}9?$(n!f-RrLDK5C><0Bq3H(w6rW)
zEzxEIus|Cu`^GI>I{Yb}7UAoBG6}N$s_fFOE}aQhXB>i$bc}dtHdJbop(*Qt@wos`
zqBybO|HT_sm$*5HMRnAI&v1@iQfj@r1OA~nQEN9XMSj6cWyF%8qLK*O@8cn2328Q3
zdXI4^W}PWRPiWF}ET&f1N+CR>#jDJr@1Ed13@LMY1Vg`<*Giw-UtyMp7GrT0`{S#Q
zQl4&~;Nz!JYbI}0Ieg^03AuAM$B1v)`m^0^9~#)8@2)YNU?c@+O98LqRa;Ua$)1jn
zP8p|HjcW1HC3;ryfm>;_iqX=OeXbq88s53rQ_!bHiSN_f)(VEi@zX~4cdgfIYMSc;
zQCh~kNQ(;TuUkneI@8><KT6X^%}6&q<ie?PP((`Wp+C$~5yyX_(j0s-FXL_(Zya|#
zu8wVdDpZkRRa4_w`GaS4m}rtadxicxO}f=7jmQ=%1FU9=sSg(Vury&H6=`Us119<V
zY_Z)5&mriT=tUo{E&Hmxb61XoquNFqO5D*ZH5SXaK0<Y6-)=(NMve_Tu5Bg3fX%qa
z3af3=gg1Ffy+5C>SieX?qW9ghsQM$>29sF~>AKNB-L$>~GO#NO|Icz(k7Ud}4RZbS
zr?q?FF-WrVSsm9JAgEZO?E6}{pxb_CU3!bSBeov|MkccqKdW0#NWgSxGZ=&{JO2s`
z?f{diJ7CbJ9eR;^2ZRmXCR*MB5)GKwOAsjEACCWjx`n3dck$7mcB??E|JVVKenT+z
z)EV<$t7aEm&?j7wiLCi6497~C%zHw}+`IKxtRi+#4JXJw4gQEl{<950G~$R#+x*nx
zxcvyv^C&qqV--1JIwiIk1O6mt_;+W$|JDv-@`subxrT;>ex`W2#jvME3qT*0nDcuv
z%A7mE91MyEvD=~7;KYQhVBUnpx165a-T`R}TBG0?WrGtXE{}P=2Z0L6oW+*j!Z3^N
z*MZZ#`o|beskfZK|C;J`aH>B-?lq?VD_;BmTLY@kt!*l`_GrHNO=*@;iw{=5XY8Y*
z+%thL6cr4;hf4L$UtQOLBl;)}ed}Jrp*UHro!}}qcusPB6OBXp&8J7Q+v7eQc_ksx
zhd<<@o|BLT)uB58*(Cc85ZMtscx?8CbQf<3@|7qbGT@1MgZfHr5q-2}z3Dv^fdwBf
zIisHK;t3Di<vy5J@|Bmlp-PCqIR|H=H9Mn~9Q_W6{62rW$p`h<*>x2qJ=h)poYy1r
zqa#wfCYqyqQHl1o`tOhAz808b$^d<PE>$oQbw+W4TlrhZ>i@hq$4U*UdxDdrjrIUa
zujMundWXP<89Ppsro4Bm;{g;y>muA0lfuD&KYsJicLZXn*b%GV9WXK50`=vQ%Q90c
z)Yh9xoR$~zWDnG0m0w=tCqyptxPEDO2XxnY-U0e9cfb|=SmEN2R~T&VQy2D@w8t#9
z!6Y9alp8)z{dn5C=EGH`i|EZsA|Fs!-B{HyLzOc2sgN_0$gY*0#^FH5Uip>T`9y`z
z6O4w-xP!{0LUcSSB4G`P(Gm;evhpy`qm=O<_`^#-tzJCLj_pyTRn4T*Szces-#-er
zpD^T8nZkHBKDSy~m?ym2VlHkX5Jqm))&?JL$7jS1v!<uL5*8N8=d`=6bj{M$cOCTB
zhG0ebI9v=zccq5dQ^qy_4zSR&N^Kv~>caedJ;M2fm@{@uKzilCt<yqRsbje6JXjCI
zL?Ne>!Ra>UA>tc<w}`=5^?t#HL8Rn*ZX1=+!pCjugw#pn#~C!0oCq;{94`W|JjVBf
zO4CPA6?hj*ZpJN1jO!Bjs}Fp5_f<KrG@M<FHoI$7`U*P)A?8y`@X_;^yVSIe-MB!M
zSMHt<G7%X9;4ak8{H&PP#`jXSSNiQoTF&n9O_FlTKF)lqx6QE=mI;SrPGp8m$x<b6
zpg-lTRaRK4Sz-_wFu~QM&d$H7t%pCsZ0#kMNvnbXMI>psX=}jaAh6GvBTQ!B_c^P8
zFjgoraO`W#_2@KMGIb8se*Ok?RsKvnv|BjHk+3i9{VF*$c0&*noLSv+(5SqnClyu|
z+b)kB`C<8EkDZ3yW)g0vx0F<tWxR$9@zcH~sfv`T!`0ESAAL;UIU97&KU(QFxYH1J
zVgPoc&vR(#<Di;b(~3yTud4NkM{U!qK4W1secGc9npwa?C3yRJ=YfcVrCX+c__oxD
z6?b25csn2Knb`{CUagCGFMqdgmT9)dg{Q8(0*&Oytsbm0T`6=0ULvyH`Cck-PCLx}
zE)QUVc+U8f<Y0Gsk^yR@qKCbDab?JMnTKJG?Foa|Wji{aZf}!l5r4_F?6^T=<?u?=
zxH0iN{P>`{l6MXQtPMt7>_RXI{ckgAc);bXU7gq;IIrO+kaMtDZ9)**`n^V~nusLM
zmW`79JwGWHm=Undo}JU2oqIyQ!2<g^QG|~a)ul8`ccVV`N7!)K*|9JNHC)+e#RtRU
z-QC3yOufsuB!?K0E!wUr49PU^E+~@CS~7<A(@o9<DNN;!hZG--M^E8Ab0C(}1GZ=a
z&Ti3;4TdRVW6}Iu7=U|GWZ%OV;9BThoyoEx&nSIz2T-r>-+F_&w+$Q({bdn7l49aD
z{QAl|_x*Q+<@zFh0WjsQ6sNCOC0_X1@n2d-{u67uQ7X3bWCXIkr@z9KToQZ?eJa8S
zZC-^+`Urp!@jp)UmgRzb|Jekzf&LgzugLrkIKr;F14?>sIsmha3aE6GJhXvgg^9S@
zOY07x(F4t}Zp0B@m^cEi%75ua%zobnCBOPte<;oRxoPy(VRlxFcH)J8agw7PQ$cGn
zk<dYwvA_QSnPUR5x>2gwe2^NrI=aXGNsobiLd9?7hp)|Z-&ZOmMBhVJ{rxoYTD!YM
zESlpp%<8|5FDbz7XilV$OfnxOAC`ANOaA`Wt6(M6rIoBzcrAEOm}${l?B&SG<^Hl0
zr=IS6Lml@ZjQVaI0O!2?!Jra7=~6Lk)Z%Bl^5!EWGjfs`hN{5BV%(hBl8)9G8_mF}
zE+pIMOFqJ9!6)wA*YadcdcMreG=4{Oy|OvMOIkFjN7i!zA70nN?|Mbb&<3Yme|<|5
z|Dtx-z%4EMUnGB}P|Oe(+9`F^*2avwU~H693A6TA`_p${l0NvyR(2>GTo)9*iMq{2
zXT=K&QY@7QIUk&B4JqYlY`(oXnC`jk@_OySkGqR0HB?&E$YW}6B05qyE37(4q{D4d
z&H#f;*6@MO9Vu^_8>U@F@BMAqV&P}268sr%OJ~{_UAa%(HdG8v`#y_X_rAnOmSB_v
z3_m-jZQ8Xt7C%aU<7|odJ{6rep6e4U$pBUy)gdDSM(^JC%mW6vfsK-BwLzz`gWLXm
zTa)pl9wSSqFYcjVXBtaF5fz_B7PPy_q6-ufmxN_*c(~+p*UKijO)L3v$C=|k9eG7W
zYX}3M+|Dl|nxu>bC*?tTFc;&xwCTm0@HDc`+#9c9OXd6OEShy+Al+NY;uIpM;J8wd
z(=DEp?7q{gpTPLebomtB#77OAw<gJuaaaN12vZ^$SefFJk~V&$L8K}ThrS%4Cy_Ie
zq1m3ZC20GOJ8@Rvk!J%_?6q9%*y8QY>N7xcord1d>iPxuKE|fQ#;&cixjEV5(CR4O
zyOE~;r`FVBy~43i0!S3KQ|h>3*2gk`_YZYN%Q7~N+GF~1wIpls?Ic)Q<K!|LLR<zr
zpL%s}X?60x_K{et`v6(dX#$f$4Uk({i~GoT@paw93kt<h!FU3P=(-hj4>j76%&IWc
z(VrRcZ&*fdt^6l$efJ=M`MmX)hT9)MqP3;@!?g{LWuOQ2>l8W^Z%1L`rL-GHva6&%
zasIGcM-i4`^lp+k<L6QR$0nfS?<N3uTSU~dbr`lxJNK$*h5zY|XR1MrIx&<4k7Luo
zKPs@nK8WOY=mzfed{-RD4KxqMGSK=|&^%Ncj(#g+Y0f073y{WY`&Jflrd@jn7$0ti
zSN0|IWWJky)y--x)a{QTlI)RxD}s`S%Kcvqq?)z=Zc5eIDizLbE8K_ONp1$1?57(D
zXTv{t5fy^2;P0MJvN*xsX_Gp1m`T3r+1}C|GvQL4$r~MXbXd;^j3-c*v62)0FS>KO
zI<hq?Ivw^b?Oab)bj5W}t}pvN)$wp)vYnSOOwQbL>&HrS;^^l|dhB*onqIE^?>#m?
z#IIsaCr^J=>@^X^I=RkOeX6%Wy7EAYe63#T;RWyH_Ny#nyiv{`OKO`kHLuR_UVrp?
zPxLL!oV^Pkyn*&)Ib%(0y6dN3_k;wVNYFkb>j4Vc+jAt~BW&0m#Ywj<>njEvg)Cgd
zSVrGI-!rx9P3A2dVA^rZsvkeq-j*$9J!PufU1|$|Y+|C;+S*G0WvQO);B0e`1s|=|
zAZ2B$a%5T#S&p{?E|7>(vKskh<pC3c`VjS(k)l&H1xcZ4`S@tcZ4xRinkmhPvtPC(
zzzN6OubS0=5n#|V#>SeViY%9Fsw_@PiZcO!yl0VKU(3->l%g6LZK%7B747gWeCA3+
z#d?A1I++vAmkBK~M7<#p%Vrh*HI6?eiP{HM@hf9L3*3X$7*q3tK2P`r=e7^x(yj_L
zyyPNH63=;;NA{NYQGwoCa2Q=3Z5{0k=jBD}zH>IU<A+}54<OAb&ryx*tLREpX^*&t
zl$nCVtH0-;v>el6YYD}!e6KQ^s4%+w9Dgcxay869V;aeH(v@#c<%^$pL%5kO@O|FE
z({p%mR)?oH+ER<Eospm$UGxnlIfR`74wmhqCA$Uo7M4X#z9+*p-PiuM84vt^*@d@~
zX|<!JC1c}jXKMyDH2l%()*TuaF)=-;vgH23lS7Skj>Qs2%zVf#mT_zBzGz~5Ml#j~
z0)|f(U}n@NZ&-4lm@dKD=W+dbV~RV7Nj2nOS&*%ZNmVx;F7qAJ0$5)MXD(5eg?@CO
zuExh7SBVQxQt-8DsLM&t7IA-W;ivx0JYC((*YA$kOs7+7d-iqd&fAL>hl$3>vKy;8
zioc0I$?)6BgO!z@Xy^2g&<XWT2tRMHw@F<LGc;}qyt*1bo10DGaXt#d-tV*{l2h@A
z_AIypYthi7M>S@9>(Vs{ubHS2DdlL{#2Dy;mPfC~vJMd|$P%=2ioL44v+?O_U#H7b
zhMMM}5T1)xB}xJMsoG;UP8TPa;99d<252$4aFqoO9K(e?UZmdvQ4Z(O=G{Bs1f@{0
zy0Y+7F}G!1PG#^W!fdnA$4JZ`zI0re7=*?NPUM9^Ib#ug9%c~5m+vD<7KJ?8BM8(@
zuNFf>Y~qtVto9iyBA46@g}i@_wSK!G_6aX$Y1UEcy$+*OBGb;dB6?GLnuDcep9Kam
zYQ$#Yg9a30UT@}Oe&FsT(QbE<P=e3=LbJIqi*70Zc;EO<03z<2+3+!mt#1biI@f9?
zpF6_o>&a}A->Qk7{7{0vb3cL29eo$?(r~h-K4Ns)_#xi%$v*WF2n<`&dWOdai9c{B
z*CLi9OP*Z)94;q%GPTPcCOxk7fVa@uif+`2CF)g~vZ@M|sQxFROJff5M!42uv^xNG
zBZN6_ZEb03kG{(M)lZW+t;TWjpNN$HLOqg%>wwp{K_nz|Z;_a?fX)d*w@Dir@=#2~
z67Pf&)wS;8s-bOb8m}VAq!E~bs98`jbIX-0FAMJ9SJ3>CwaaWMyJo6x%oM3MrlpCf
z<Hs?8*U!jR`&9LN7XTBj00?Sk1*!*wn2REj=4;S2#WpzfAtsDpRWMH&xU>-;gQ<&_
z+-oHI+o`Yjhz|&A%xy2Rzb(Lwj(;kz840|VXA`sJw!#8kK+J<%B(Z13Ia}D~HE+Gl
zN}heBs^u540}q-m9^nKpSF@4L@FO2Sk%l{<Sm_0H@|@xWF3hVVsONBoWFfIVsY+O$
z|0F~&w@FDfpg`L~)qF%to@~aR`v(sCLtpfO=0pjeRJ}~zmTU`;wQ^gwbgiOdHubM7
zwM@be+TG2Ho{{@?Z;M12;Q9(IE%SHQaI|}eYL{thPee1P8g$hyaWc06`5fL)Rtv;d
zDuj)vsT_OV6pcvaHcK-Ukht1sz$ln!8@+OO;WMp~H5R+30zrSsYykmp#n0~swLzJY
zj)7!NGI{5Pyi=C)$aQs*+OJG+Ekonaq_(<FPN`G9^J&i_C#O66EYa|vJf5YZFBSVL
z_LJ0Gi5n*QKbVdBN3s9?_}x_fUO4|ZpdLxXd)b}7wz08%<aJp~qZ8MR^v<_;&USz>
zdii7eW+6v~)XsA6a-nT9K{V|lmv~#YPe-s@a#ICetCEVc>tFg2nc^~h1OpD=xtzz<
z;J<p#?#{*io!B(8j8Vgk`K=leKgDOBFxH%-4fT4JFiGthc{>W>80yZfx8#~PTLHK*
z!<hJSBL;!Xiou?FEMY}_7)(Am@UTPcmYn`R-hmPwOc!4@$`tq~+iz20zgefjLzkWk
zaKg<dvNTM%Uel0{fh|nA^=|dOXl@A~MvUH84N+mdWGo8ZA(-)6pAQCO5tNz8s=Dft
zD6hmJ_j=EuNA3@Xi;BLj_+eTZ9sY2@RYrO~$5{1na!M-wRdH-qOl?563-g<o@O%AF
zFns(t!ue05_d7@QyfYpb#qMT}jCZKZ&1R`-36D8a379+({j`kNJ0wm92HRnDP3Ej|
zUm2<dvgGI*u(`ap+G?nA-qHFfEr-HAZ#q<KnoS<7H;WrY>&x3K34XTz{mtxAXlktD
zaqEg{>2t@I%J4Dua`rSG4}*CP)!F5cxmtTxmgh46;FwWd60m`R8OR?IPpBxA{{2^w
z3I*Qsi;5PF7F2Aal@^s5<-wVR^@^mZN~vY_ryj);+{13~t^*4Dqgy7{V4y-!Pm{=+
z?$`j+?{M#Hv*_jtO$vsng0@OrKZyVjT5i=le_R$W+|cl?y4IV=<5N+xQpGcdYlBYG
z{ARa9E$=VMm%t2XkV5W$)Jl`lce{Grmv?}d|G<zNc*s9+EU^64FnWrz;>S_3%NJd-
zOEIgn60`F-BCo?NkcEX<IFzRk+|`iWbEGfpqY3%0o+3NG>)zASc;a8vPL%oKHq|!%
zHx_3uZ3J!ztxflqLs2d~g$2kt%s(sCRSMaWaPrWlzA1uiW<=Z~J8ogTXedwV6|bOd
zN6*ZkDG_-Yj$CjGQEE!y)m8`+X)J;9)329Xrm0W07ss>S&1v{-P!p6Dd7?&9Ix<(f
z)b;#&PWN;Y`p^;Gbmk5q0(bS>%G+1wJEp16WL1Y5rmdnnr$bWDQVYHL$;YC^adc*t
z+&SWw)T0hVQ`!d~v`@a|{%?+IHFow{GRkYK>Z{|-R-*-Af(?jN)4QClB9fpl_l16u
zmcX;(215zTBTh7`9+3<ZmjXcI5+dlL6KD2=q@}OFNK0@pz~%Y}<$B$0{&*1r<~qUL
zS7+XFrS0WG3z+Q$?c4H8&=#3pPVwDb=!2{!3&>%C@Gc3|iwz`A@rYfFfm~<pdWGtk
z0*mT#mC5<Q&tF&Os9N{zS6zsBJUawUVlymNCC3Q@1!NM5!Z%gyJbchi2?fX$@ZmmY
zRC@j161fWqaf=dw*>B?18;d`fefKnxxu*q~0cMi9uZhZiEq-zT?rY-yyB0uyG2!pg
z(><+l=6>D*rgG-ymcn|*JxtsauuAo$03ZduyvYOG{fn%=dwCFzlK3`!eB!uj>wUHJ
zfMY7g$;*%H6!BsKz>7oEn=p^~TNklzbsm>_EM{ir(u_DfNVP7P{9~3#B#ExNfmIy^
z^#5));e+@#zB6K*Y8y7KbG)NP)Vj-0%VO~qVb(X|W88%+*VL8%$`$dXx$xwfVo^6t
z??>){6*>^X(2cna9{RfuFPeRfKo+;pFH`hyT~79m<;?b(LUpJGnY1y3FdBEj7oOBB
z_+Lwn>kbGYM!E_0(7*NWxC7FI`$0n94u&bz_tzQ$lkkf&XNVP`B@6+VIwIuY4?^BG
z9GG891I;iLPV7SE*0%^m3#fmsb(qu}reAzKXzMs+0}EX0J_Ar($ZJcn6Xahj-4t}K
zKsFvX<X-m_lf(nJu)mf%Xav6g!3ex3fQFN|nD+2#i2T^FGv=%;QJK|EsidHX$rrP<
z2Q?kz9?iu|LZ6q1_fv4G89vlFpqAQqNjgA?+kY1V?{5&^JxRpwN%033bWf6qds6%j
z;`@ClGVcw;-=Ly<L&5NGN#M8se3Us8TX%A%_1!K8^YgUS=TT~we{$gbTeJLEzW+Ue
zn7K4?Nqow7wF8MP+7*LJs<)i}6#G<6fe-1P$cIcA-2?!?R@lEPDfoxK!(^sGy1TML
z@M1>)iV&pF42rE74c`IVdu+GpAh$=qZ1B`t@lm|e@V?Em`qY4}%@N?S5Q)j7sF~%b
z5o|Um@NhAz6E#&5^V!y}K}+IdBlTCIc>5x`T98n5_33J<rb?d2(#X@>knMCDgM4Ba
z|9Fp9NVeT87}>Co;^PA)l0Xk-q|ZZoNx~u-(^GR6s#;PQ12HE1rnH>j<8ss-x(us#
z$O^;0?aqhS=1Qb(*l)$h9d0Ii^-X4cnAiS3<TX^tEg(HlG}DFtgw!Y<iIV(vUjMX;
zJYO17ZXf)Y58um#4W%9=ehll|5|Kel*lHvq(RACgG^q~O!bY2HESC@cK)diz+A-AA
zUt1N8MSSB*Z9LZMc>?_KZCX5b=SEC-;#(^K^#QU#&wv%+-h{U)80ed>ZO%2FU3~|z
z$;nsNhR><4Jt3|>ezcp2hF#l5CVEg}E2+%{L9=`n)|qVUZjXL8^khA5%J*ACIBw|e
z(3LV0kCcZ?+2R1^bUVa2$|`((jv)AuWfh$d_jb8k+lUEK7-q&Oz3<Hs_gTZ3b<V+w
zdfXXtaa9o?Q6xc7HscfQNyA>4?yeV;p@4fb-bTIBJLcT_Xcp;ydAG!G96vL8S09PQ
z;1CYvza-io&W3gmuBR&1dNaz1nbn5N?pm#eX{l4UGwj#(@}i(hFm=5Gj^9XI?W($j
zCOz;Uk8a}D>M*b^>a#R5VAiOIiQ|HIWbm$G$hx#~r8*^zh<s=trBm~MychEUs9=Ax
zt*1!CbQbkO_1K&a2bJsq+;Ios=%kUoO-??zyTewryIVuzNtheBB;*bk|N5QKGi?KD
zW@%uVhSdMX?1jFZr>^9<r?$3CSyOdQw6<~LIY}1sVs;Gd6F)`C<<M{jxbFsj+ClJk
zPmj7KgjD27VWRCs0Q!Tx?GdLB_!Kw|Vgbu#e*K<#@F6rgr`N*s^{>Ch@$2jncD>Cc
z&1oXbf>I2f$}+#MNLbvXj%7KwvJT));^61^a^7J8p~WWZf%a;QbR~oz0eQ8$Sf{`c
z?Eqs<{2EPV5+#yvC9FV~PQtMVSibPPFZrjg<zLy!|JFVKLpxo&YV;J1a7sviJJHD~
zy6ky3%4sVPDM5|PguX>heF9Tx%vu+f#(F7Df?oqx=5)`ZrDa~a?;B$73C@ai!|!Zf
zUnIKQU;C!G!5by{JTN4C2A$j8TWG2aUOlcij*XobacEr`ZY!|BFXft^*ZDdEDdzaz
zYkUWIBBeBK=Z^{#WNnrfpxiv+!eHFAE~(Zuj-IZ*bdR*TelIW`-qA2O(nw}%n@<;5
zNG%WV5ina9O{jP&T#Gjv)9BT>PUe`R=mspjPO&r}cB6C4ei9qa%h>BJLH4-wXfqo-
z@pGu}GbC0A+;tk!_w>g+uCl{RV^xr{qT?cCuE*h%eat@SK4tl<5jo=LB_D5u?F(2+
zr)*uCJ~YX`{faP+$=<0fZcM>W8O`UkKIJ0-m#3GAWoXNaktXoay?Awf!p2@X$XGLh
za)-tNjZzq!%TK0SX<gSl!dLZ3R~&7-OI~gqo8@FJS`ERmSvG_zBmAAujDP5Xf+Yot
zwhqK(dd6Z-3R)mr7GxblgUONkf+h|DPB4<ac*|a#^m>b+{AYGjd_1Pb`^Rw4I&iO9
z?HHFX{O*8j;&u5rb9z5pX0}8czK;*1VbK>JSgb(FD$2@2cCYelMop^uRHhRhhIZF2
zDt*hz%37ynXlT{j4pjBGC(b%81K9hctVWzVKP%%Qd9JoTUBCWzy5u8(maGUpfN}PA
z<R|P(Wa8yWauzAKKjp5ls1NJ-rhzj*E6**qwc`Hyv*^2|;2oUS1D&bOD=Qqav+oJT
zyIFhGk3=FF@o6w(e52Xx=sqk1pKRVz$lDAmo)fs7p~uK^$5%@eWneLwi0Umj2>Gaz
z#6;Q$1FPCENA-3~QlOh9TF<yUO;}%szD`;v+*KRb!siRqeP<)_1}U)XdHAhm+96$F
zqG{#^=Vtlm=p_{0HMhnZ2fEjMtg`Sh;V7ieg{p4Y>pLE?9Zgf;Sppig^CA#8>5v^7
z4=ZIqliu!I0Bh6AO`de+o_&FpPhx#~J77-Hl3wJF@u1~>b0s)`A&pC^^~eN90*R15
zM|^pz!O|AhT)9C4;_%3ifrlk#T042~fNf47()hu%aKYE7-TC<!rt-Bl{yVOLB&$P)
z&6WnX*EQb^QaNq99XKbaWNOnMsOr8@PWtwyxjyo1HqAU2S+F!R=>bO<o^EzjrtHtj
z&Udk@ZmJ#&o(mchi^;6>D%EwK#eVR0RpFA<ERV>#g%lT%T26}Hy)aE(MGGCx-Ce39
z^?ukCVgx02qxgUJt22I{ga}hn8IAM|SP`q@fw7AF3f=AweHi8bqe=pv6n()MTMS3-
z7dCm1B?2Dz{{-gzGbr;f{+;=Ekn?wpQ%DKqhk#rj7o{~OnU2&Wo-O^;$vc2boN)9n
zVijf^6h|DJkkfMlXdp;OcEY?QJZZVQ2L0S8c*)`jR=Gj8G{c=K)c!sAN=CK$vt>EQ
zLEGmw=pIJZ?nM?1aHh(KENfZLj@-&@XT`(1N@cQBTRJ{<!k9^?0~R1$gwmfi<)<f7
zmB=|K=kmhR+9aAM?BmVP=_+r>p0zTk-AC8z(ND{2%%5A<^^2<!wf6ACB~)22dOPfS
zelQqeMUOjjS1n{6F1_uyk6TV#^C8K$jL6d09l*%Kz!+76kK56=jr&HH7KqN_+wa&V
zuvRL!w3gIHdc_)d_C?z}j-OW+HusY;Jn!wIKgSBW#5zxOy>!~qt4<cWd1sCqU)eTy
z7$A>4?F&VirV{$L>dz<c<cW3%&zJZ=Yls@zJPsg}n?YW_8bnOJc{G7-!Q$<hy?Krk
zL=%l~KwU}qklJT!@v}?bVo*QVXi_yB$vku9%)pyBju2~_K1)|d-V36cx>j`D#h;&S
zkl>+s5;ttc**og*6%+eowFc4g7+c)-kO;{xmzz|YNA^zoGOaz~+Sy^MYwX<N$=^|c
z+_lUOu0+Dcgs;7pdBs!XOh45^^GQrYZKh<=#SODUPZtblQUn@mvAqiwztle3-;H{Y
z4MW<X=IFD){*?_QC1vI1z#^Go-?gfO%!_(?PuvQj;$nPhM`6#yz$kIJTs=z~-64bF
z<uCP>4W5Ne7wCh+k(a6fS!AG2H8P_IHU^+i&fkK=4Z>pO$6+_;z0>-uTtInO*d#+M
zjDO6A1^l7B_Kf7&E9qoQSlXx_n-4n`Mg9-SK8Hm4u*0Dn(I6${IxhY&>~G(lAod!X
z4r}=28#{aM`k*l7CmfH5KH^qfJ>7V^yR|U33^#ihO2i}S7*|r#KoS{{c48oo>l|i%
zYG##&uU;K@rc!CwVM7AoGdpMn(bFC$jD9)XE6XLL?~zxB_JwOM&JzipFTA;2DIp-^
zDDxPhJCH6#jEl#f`d;HOho)KV2dneZgrD-1#7?7>N6m|>wDDNHUS~~KOKl>ev7Jgr
zxQuj{^jaCN@(#e$os==hs;;gLoMolq=%qL>6x_Az&?HYrrW`f>HW9eJORiRHyK@KZ
z>{wg5ztxXVY4IexGOc=o^uEe7k)SE?tEn$s^yEsw^|uFE4=zYuvmp<*hBWC;s%^<K
ztwb#k@U-_T9;7QuqYw%#`4Hu9YY4t6?r20K|G5$@Z2})@WY`z(t;AD75Vqp~()t+-
z!SnDPovKmJw2y>YR;H160DJdr)j1#s=O6rD`2d<o9^>tqy%jwhf-;PfAa76VKrkB^
zR6`n?zu;p(kViTTFmbprchM##JOgtHl_1OPcbMb;@Bfa3!(T{Dpb<lE-W5Z(%OM=E
zM47>UOF>dvN!KN6|DS~O%7{FFk)uH@crRKnyrK<y(2^_9R3II%!o@|3023(3y}zSf
zdbthi>kpP!)`N(3C8W%zWxe=46rB<**xZ12{3_P0rnq4D2TL%(fFE@$ZVED;QC}~s
zx`=C)GGs#;gT(K=g=yE<E%s_`l*jgg<-@83omum^@$-FW6wT);7WLA_z7346U9s>{
zft_yapYOMsd5ymf^#BQhUooMqAuv;HA>1rV+F!;>O=>GFSuCudbju32QwwGKAXCDk
zlCDqCh%j+t;%c^eFaA_Y8q#cc#9h=_)92L+U+q~5h*GkVW=i>|9Sm<0cfL>W5P9c%
zP9W!MO{-+j^2N-6ZrS;pLeD^apy)ENyH3(UoJAZvo1i_gE@f`@g(<|@_w6wUYG%f2
zIM;w)GJ@E>Q4_m2VqeH~C&CPTdFr@(W?5NBlw?CB2@MHd<RV*r2c9igk*Qv5)Ds8>
zjMi`=AQL}HE)ay-5D8GY4FTV=AYvtUV1RT75U5UHxLj>5QU=T8yYeg743>%c7=jtP
zvf4xa_q*0rVmr4*tniq&D3u_>;mU2JZvH9GP%<TzZNyi3+Aa0TFzenans#B~PgZA3
z?<YG)Pbw@j8}L}7(Qa;KNKKoOD6jCAglObnqb8Bgw~C#4DBV+s8A&^9yZ(V+wS8Ou
z>@55k!m^O|$0<KPm6_FYX-^LvH7Cr6n?q*!9^NZMQ$42cbgfZ4>dW6XP|h9Cb*%Q=
zx>pSA2JW@^uLsDvCD<t>Q7iRjYzbagUF5X9S+hlD=y!CkN3%Y0B)-c6tpXh{n<pwg
zOVNAKhi?lGrk<c96hC$Rw)y4ZQ9i6}t16;|m}?G~&iWb4#LX!P{<poOxY4DUtkFLn
z2l)bs4<Uz6nkYON^8G{H#iEbf0%ysxf{Ym8i*}DWdgi8GLJwQvsuk5hrnccMWI!A9
zhEU=T=oq>`34dg2|49ch|C-A*3i-XY(cx*HIA2HH;b|h;`hZx&x^Pv=qB?$c{_FPA
zV!-$>=1cxkPQ~a?JRGg5Kd~)9=YQsX48^G^Al+gD1REv{Zo-Vz2i}2+M@x{P_5~{a
z4$&nY^sSgmuRz=XeaxdQ57PZ?8`>at%%k^@X)1rwz56T0%>RupAnw1oidLI~s9UeR
z&MPb)zIuZ0$2sihAiJCm<~ZNEDu6lBxOV8J1!%=ro{YADDXkUD<g^DNP^?)#XrMOc
z^=jU|`_{p%<X`==;4Cc1+{2{I(gR9e<{WU2r~H$r3k0}$`U7&5oVhc<#Q{QbK%sq1
zLd4&@D@+D4K(-4Rr}--)E3y5!%>U3=MZ1=A*2LgRUM#5aX<U2*86GQ2Yi!7E0Qv;v
z@=aukU10!@m4DHd{$JzxSN_-hlM_(gCH2=5)4$qD{jMGnBDP`)4t5zxhvdln3n}j3
z(;*v0zfV<hgLZ?{f%9$VvkZ4uBj<=Zz`+vx&ll}RBbcP7`UKe?rnp7?LLDr(s+k^^
z71fXT(m3X%B)+41*U_!UWq|CP@^lyJ+>1aCc0wVa4G}OK$M#<cCjT#h86oT+CT30l
zBr0NnBmN7{$=?tTMoVqEeUqc&W!A}_9bAuSH@KNWc%HZO3b(zpdVOb>>Z@`@?qV|_
zBV7-vNxr%7`5mBEezpVYlO_t}+QFO`U5_vtFX*nB@|)2Y{2|y;)1QdoXT0d(>46GV
z-F~rdan5Zc<-H}+eHzAa2UtZ748DFVJane5tCUCz0*O-%AVp#`k>VEqctb%sddlr}
zpgC0(^(P#h@<>uRKZ$++4k_^mZgY=`1+bz<7h?mFLGs41g0xWHIEKP2Wkl>nvGGn3
zv1#(I1M2jKk*w-a#n6hWy01zUj7sTyxs!tkg7<7tt_(>Zbr&&L11V!(5B;PvoW*WV
z(m57MkgoME?qY6CjyJBe(T*4?h_0Gc4PQ1*+dB!q%Jj;EY-VEK!oQ_;DsXkJnCm5X
z?H_ul%$_HL`vAC7M)>TE>-VU7L?t~akX#+)FEgC~;ucT@@hHx%S;~!Dx)Tc!WIhJp
zv!ou|^4`|whR3m_)yUJ*{GDni=05IguM6k~b6TpsLVSBd!W;{jo2`ik^RrK1bq-t0
z(P$90F2neUo&eUBW00{+7uVbiuIk51Wl*@?k<H<X96xRI1foo{l_!B95B`$`ydS%a
zvZW-M6kUL|Gp>2M%7+#G(<n@%8A!R?Ne74^YOtQHSBEN*6rF|JRdkJrzH@%D19_GE
zU&;)|ciO>F9HF7<e;#r1u%zOfh90TXL%rhhWOv#nrQ~5d7}2kFEdOv#16tRn0b(0?
zAZX+Z8&U1{0_qFmR2L7Kk~2blhrBDkrk<ew!jODrriH-~6)yzwC}h0;A*t4l=AVm7
zR|xtbnkAmOn}Q2MQ)(bI1&_LJma*WZZ*`D+3tI}JOOz^S1E`Qe#$P}cECOiU>;&2V
z-VeiX-PcVq)RGbW)(`G){p;-F>O2Vfy&uuP_g~@?%!(xSdp{I^?_WbmiU2O-w|@Rz
zYR*URe_i9l+H`H}7LuzaM5>Y^J+vUUQh(T6t(vyRX;0SfQQ=~HUVGAEI3$j(1YbSE
z&DA;7or_+?E@gS4c)Zh0RUN2MZ0_-Oc#n@?Bd8lA^|@W^8729cDu$FEUezcKAO045
z=mXl2+wqfMbkLJ+h5C^MhPNZOly#N#<QC|7qTyoipzq7LVdgYNQVJ$U(99my)-=j%
z7T<hY)3h3WnEo_0?Xkeja-@5A|8vaT%@=MC;0Y5~J@|yM-l;aqC|TdKOo}rQlQdDX
zz_(7DaydrN{l(PJ0Z+bISR2YWLHwv9a>6isX0WK!W$HsM!)(UJ*laiM==h%@(@0br
zTU;ALqZDRU!xt4y_AY`m<u@N7o1a9Ku4NA3icK0CO9p7b{awM)^T-E<P`G3(gt!75
z%Q4`LC}-&J?*hVOsro+diehg|75-8{oveV70q(^u(u>X2$=Q@yDlo>}c@MsK<PLDj
z)0rAD<p^AQ6fV(E=yFP)IhRp*_IG|pSU8c$P<`pqDWVS#cPcgpg-lH_-n^i`aQV~a
zbBC`(?~HAgr6sP$`wN#akX~L(#b&RrC0k&`v~fu_eF%ghQlA2egp?=S!*v3cL$oZ8
zx!pFeRpNCFW#3=RZ$byVubc|(w0}5rw!>S~h7G+mP5>H~Fr-=ZzX^tCqFa+{@L@6*
z8d2h;*w0VQeYVbtf2XV4%~FghV-Oefli;Eya?irL`j!6t(Y`Ixf&V8X(e;agFPCqt
zq}R4QdqO9$xx?Lhc0_<3kv!NR{TVs4MLQYSBAE|$aN<9P2MnAL!krfU#enp$78l@i
z-vO5>V5#1OG1Rc~UWGz(F6esxOI^cnuw)v##XTGTCsh&u>z<VHJ<rFD)9$Fe?4E(-
z@5qtQco0DDO7f%Q^Wlo0g2%KRk4|H52li5px>_s(w^caX&n(S4nm!2}eOxI!b-a-|
zA@eEV{?k{gz%3?dyT_Rsg9bO&iJ!XWH2+b}@X2{tX2k9Rk?Bz;vd%i`a^Bg3r-qO&
z!H1R=j76|M>qP7d@Bdam>UW=tp;+t0%-V*oCQ<W?oS{Q_g9-m@I~lA|$o&e_Uo4h?
zS}6Os@axY@ZJqw@79JcxQ>_cOA5P9H9u)mla|Ui^--|XeRUg_0TC)iA!SB1$U%`vM
zG%~wgWa)$mE*X~l5vgjPPUAVf?ro!A2!DU8>kMTbE9NPtR}A3M=C6qm)a_#>3@s&;
zv`?P3pGug-6af<^71odqJ_C?z1%_dr8_*vhxh-w>{q3RH9YB)x#|spHF95z@d;7=x
z6Yr1A{n}gbjS}D+82?KfP^cYIXL?j0cr~@g9c5(jFcOcMFru;Wc4XLx;Xe_U!u)?5
zhQi5!$9Pl(=!KQmK~A`|#xlW^ySu9ZGBML~MN~`y+lAZAUaplM{1T1HDi$uEnx2MH
z0x42(5J^bNrQT6)nT+J6-`;o|8_PRPOGkt(mldw>QC7ArFWIS%yJ_*RhLHT7ZuPFb
z#blc5uGNZn)GI_rEwIIp+}|25tQeFXB^`Ji1_MiZB}>a~399lIU26D|A`8`#Gdkis
zFAK3KCs!DH7xotL^_2KK4n^P9)1GDU+bqj1vjl<la<pF2RE*2HG&%O-gxnfgI_Aw}
z?-fUhigUtohpbEuKZHFxH|u|y@@_q5&u#Z*<^fAOpN8L>yA`&OhOcmUdhE@`O)F7S
z0Esx|vcNLn=<@(Ocs{;;uw&WN8^KoH44hmldo1-!<LM3A8MxOzvfVsY)(f|cTWE!o
ztZa0Zek)o5=9B?*;wY|tUtq+i16Gnw34Z`~qZ%eqtl`S*PX?nr0@>OP=M~inJ!+AR
zJGaY@{aziH5<BjjD!Kl}^EyMIiLR2bP-%%9nm6l(kMHX~@8X8(R?%&W@U>nawt7?7
zbY#P3ov=u2z9^f%>c_;y?wH&d$v-2wFlOG!Vn7iX^D<Dop-R&*!Q493=7XlsVYz=Z
zXB~|rI<}w#2H?Q0p|QmBsI8gyN0w&h^i<Q)^ls}VXPcr(UE#q6-?Lin?L^Oz9&2k>
zgp`SBWIegJhW%)uDsXVoa=W2}NN7^7yl;^!tR=VREE7XM(KO=sINA)!JXD22*PS-E
zV!wnLAoEaTO2sgLCH{15zvNxa%mBQq_BSFU&7_<&_?1=POBr#&BoLhxWNH|75+OfB
zGs|#a9L13cKVJ!Y%B;$=gX!=cMyN@4TZaz7yH_d%F2&y~hd@L2p9qfs`-9-$jrY(5
z7!VtciGj6-x9FoD>iLeD7Is_s0m2s*H6Dn15-%b>4iw~m-)Kc!z*N(rbf&8ri;A_?
z?oCH*W_h(NU;XWHhd4bEf6r2O-C=mCoh!}s^s|xd?-knOWy0n8y$ufqD5JeO9YaS2
zO#@C9^pLZw<n8DqJ7D`9Nv(xK->7K%bw%>;*^g%oao3&-C3feyDpB`(`qt!|4Sqoq
zDQAG4NnszIGJ6v&#N<fY>7vP^qOOHZ8Bf@@5EY)3B2XZhQ{`BY-Kg3H&wIAmn8&h&
z{6TXy97)wqK-8~_qAelxoD)q`m4Svm-Lfw)v%QDVnTQ#tUk-5D9vp64C{`7b>?fJF
z?%|o5k|S&SF0HvDAVg@qV+eCSx#7(K8`c%%jFv3?Q`X?<N2N<q-$V4n&bCOLc@pt~
zw0!DAy)55osp?wa#Xx*Nw<qaXtdsph>_kMQN8T19`jXa6&xiIgzNv;uj}DaS%0--q
z*S6B0sPuFRkV#~V;*UuuO*HF}sKYo6-sXt$OWMCbI&QF~JlSv@NdStb#<sWfiz+|Z
zsv3XRq(mi>WeOk#*bxO^zZ@5(ZYr1m5b9FHuEg+pvCh|6iQN<(X2YE(JhQ~Y+>55@
zo1qf*<44h&3rEzoVJmVJdrXv8`Jy0-=`TBnJN9<W7GBO;AoXnzWqsH(38KDZ;8cS|
zPY<c1IDX{-(H4Gvu#)@AtjyVv+uZ-t-d6|2k)``KA-Dws1h<AjfX3Yuf(0kI1oz->
z!4e2=0TLj%yEG2LJ-7vTcX#GhcJJ&avy-{AyKiTn+`sx%H(gzIs)}>Y_cMzcUeV={
zUJ_>oAtL*ES7cY`CHb-u0ymsWI-KQL<uDt|FiNT^$~$(!^9FW1ieax$tjaqqOB%N*
zAw1JmpN%jeGWfwCCP92eiFHmmbk4H!p)&)M5>&&Q8f~z`^j6qDO5ufwf*g+4Vz6k5
zCU@wpaLkk|nANi@?Cx4%-|xBuElxA0%@-BAh$s2L)doJ#l8=%x=db8~0ap>Zpd-)P
zTGjmE_(IWj9wx3K%bDbIPpP;fZgJ3}Fx|QB^8@*3xt+BiB$V5?F*_RYbD7R%m8&Z5
zw-KQdx&#OelUy`o;kDP6&g&eqCJ-58!@#XJxVaUI<@YQHjo3%Iiej_obm}48jpRPb
znsg359hk`zv#>)ONj24}el70zIDrWv<>Kv9Nt=l&30iG^McnRoIuk<@|0Y?YAX~2J
z=Yo}}T3tg}uD$ays={a&H?uR2{fmh7!NxDT;fI!An8!b6B_@3YnNbIq>sEDI7<)p?
zr>)p)nEjMNxQ~M|YU=c1O&T+T+T-dJ>gLvqI43D<0wo}$akDDiM!`w7eds)QSh!Q?
zn$;sWIXT8-Y%xl^D6#TwlXWRt4|TAtg%BmcmDM=ueDHIIAKz?auxwb*WnDfs3w-fZ
z8C{|gMl;-&MU3Pfj5h#Gqo<sDb4N(|bbeV*{t2WgmqMzQex&AL_k5TE8Z>O`99U|h
z0!PGCQw*o3CUN)P<IY@r&@c21-){o*o!>_k{I$aO|4}mx;2+;k9b~bW`mwKMM8R6<
z=FoDlV3fuE_>?LfcxB!wkiH3?z(lW(sXCOv;WmYrGBg%97Iz(l5C4=F>G~pn%G||r
zH?_hWrI+>X(&K9>8PN4++ibLxp)uOXIxe?i3{J}(C$UOvfbISUWVQK;uDqerdCA8R
z;$$k=8yfL=1#>)yFU+jccu9lK!tC&*pb%NMNGz8&*g*7?qvFw7gDZa(d#k(<Awgk=
zsb}hXF~#RfM~*!!8bd;SsUnJE?mkcF$9EkI0|g(fpI%D0m6zAIQg|>;5<2hbil{vU
z8L;?%k}9S~z?+!^sh|K($0{$Fht?`8(PPhSJJ_&9kLXR=b5r1aG#Rvxg3%iFeS-rX
zI)aaL3`8Oc<IC7o?rCYWLzR!-FUw);BB3h=@9IZIauuQng0}SzI3ldF(9pT|v?a~e
zbR!oc?oQ2$FHhgM!GotHbh2gb?4^o*%g3M9N*^U%U0rfzn0|=Vy=sHiO;oz<B@wP`
zEBYWx(*ql39c3wm<9<da!!Fj)MIrHR4_XyXS8;B;zX`bLg-1?IB3Bu-q$HHP9C1!2
zV8L6z(*JC$`U8H#N}3=inI(};@Hm_@d1)2kD_kAOKQOg(q)i4lZ7s+uL@XshHQ0?Z
zvG|GL?GUNd;Q(WF5?OPpW#6k^ma46&#L=V$Mof`~t)35-WG;)5WbzM4={uViU%A1{
zC+V353>1#Zp-dr4_e>V_Pu}k`mP2Y;!)rp|=f?RUL|o=PJF_-qz%h(brY;q0a8GKu
zz9F2nNID09?bDump2MOB5>%pKDR5a!Hsi6*LbM~D2)!j9(Xvmro3)MRN6Q!IvWmr}
zajUwP>NA+TIufH9-Wo8H+1x~>VS1u~e&VEF2BM&W8$b+K|Bj=#mZ+2giDWbuc<8==
z5Pu;%`hV)V9NlmGQgWaiWk2ll2xnR9(6W7WniI=|Ic^Ufs5Q@-#FUy@zdF*a;+*>=
z0o&Y*NcaT{8E0k=fn?eRaPisVk=~8A%21_Bw~;U;O=L%$QVN{K6#z7P1;MR*WRHp;
zDR_YH5-ho6SX-0_Ws1D5RWD8E)SHxZVr1%U%nk>+o)G#g(7jLf;^#S3!#rV5HX9%|
zldwpXNHn2{?LG`$#=3*~)}ppMDL$tUO(ds9H!omm*wTLVkX?1P%8G|83LYCvyc+yy
zmF{Nx1dk~22%r!R10r34IR$8id7fQ{rgPxV-Vmf<RpVk1XC~B9--bAh&2*d-b8}EI
zpq!XzRchM9TVWHcdsQ$ZMvA5VL;Fk%OtDQ<5fgw1?Ga69G!4Uc1dRk-uSLm8R=>x+
zcpCaPFQShp0W-ly3%7uBU#(_tM%`1d(toE_dG@7SNK-|a?qSnR!z=V{kJ<Ag#=Hly
zl@E?6D-~QqBgBvsU|x$LriF>f2_l0|h!r%%kNK7Rw4U(3Pm?q%b*%I4c9+J3+(l-^
z`=Y_k4d%x0quG2xUOSS0P@b-y?rE&nFsP?C#AbqP)F~sR3q8iC=HKe2NygBzP(~{E
zL(0)0=E1<$>Rh*!BMWH0c!`~;!n-d<Y);X=0T=D9(L=rvJ=8s`fu9DKbvWgy-?u~_
z1*bvG?CWLTo1KjDw03OB#wC+|rPj2iW$cP#x)!au3A4Y>+nc0LzuXRz?Ge@-go-RM
zm?OS;=oq0k$ws5h#2T&DV$(_ZmMEMK{%1Gw{}>(jKSaO%)$y~;^I?cb_RI^9(i^^u
zM6D!!;Yu57{3DkwrR#5vm%j=e{s8mhU-&0~fbOtEuyzW|G4BS;8(bmlM2vVA<OhD^
zenJDw`@Ko>zhdyr=Kk%e{t+J28=1q4Lxxaj+^TVm^YTMgT&5JI4&#?=o*QcKepo~N
z8Q1%**Z&~q_iKu(M+c(A&myR29g$f#O<>-sh~6TNf^EYffyJ8yE03|0_WjJXk7fb>
z#hsWSn7%=+2jAFqrG4Z3^_%uv^a#9KIBVB$U9E0BdamD)ezVi^T|Qn1>Nok&ld96A
z#VQv(j}#jpuGNoT3qST1GgU=*3|w#cyP4RxJN$2t(s8X>J-Q%aT<Wxlh_3p&y5*jL
zPjU7?$RPg(GR2+tq+i9b%b-6hePhFf{5!C*^0zhhywSg-#Q>-4?>ZiU%<*?Tz2t{y
z3Y)sWckNyG7(jdhTG*39#~Ma-p!i1E3i!AS9@DOw{NLF{^fK%ydag(+7lDz(GBFzj
zMut8U=p-)A^4q*o+bm{|BYLIJNn-MYMF}=K_B3whb}_O9ZnE#lV%KyndORNIl}Zox
z!H^YJ!%4$UFMC>X8Oe4))BFr$PmiSIudXS9p<6P}6jxGMklqxo`(#&HgZ@f_+Kq9b
zj9<O9IBDn!5l<@BgP=^spKXdRyTppO1t<Ajjl395uxL#Q4l8WOl2IQCwp}X2nRMk(
z`v<Efm9$`fws|5Bx-7W`?|Q~!Ur%f{xb>9Q^Ir--I=cmchK^V703#Vm8w>XI9kf;p
zqM%XLSD%(<Q@`^F_*bNjKV&lY4~Mez3VYeGSi4;}*YsnW$8g+|)%!`q_c=*08QM-*
z0mdgvU(NqS07}t7IZ#RWU?<&=Fl{)7sCv#x3;op@@P9u1!+Qu1Q-ty`U#@*fyaPFx
zMdB1E?bMB*HNLr0MK}X$aY+6X$iiRyOy!7}##dF9VRr_C#cQ5Yz7P@^tu11ic7jmF
zPBdu}iCaCq%*jO4Q^-sye3Nnf6UfBCgGUZj<WOkFaoW!&KExDAwk(G2!Ur=UcEMJZ
zs@-Pc!nc1xXUbF=VXzRKo)nJ0tP{14FjST|0J+vSeOQ(z?P5=?J52J3ie{6d#=zhR
zFMC?!4wIIx^Id~L(0nV_2Pr*j7W6#m@+<5sjjrvCBeL)uFe-C+%YbhaNqapKpS<De
zPST{KP!Oe`gq>sR6DlK+3{sS>57V<9u66+>>Nn#LE2_rJk@8n#%uN}Hmty3Ps_128
zVWW;o9}8h!aJXi1OhFj>Rq;!R{BQgO?XO7qG0ghn@F6QEnIUNr=wBT<j`NC5lb=+o
z3=x_et#Eyg{0UUmFf#8+YnhfEzxR+m%z)`(r!R4T*y;O|8_+f!NdDVlB<HIP{-bUs
zKq#uA4LfQRQ9pIEmdqsP>N<UdAHeE;*t=fp1aj;kNvj8OI%G!Q7WLHClXip*KK1ZF
zNP3m@qWmfJ?98hREWy_Yzs60O$jzpu)^Erd%V#Ko|2)BuBsmoE3|mb+d~T|H4KXs0
z`4|L<aqIWnbFwz$LO(hnci8A+#_4GI_!8ypqR)#MKrI9FJDW73DXm{c&q*%UKfDyg
zgly*z?^H>1ScF`y8@v;IH*KK5_lTdRWhn1FR;#SOWbDr7Paw;{(@pM|5DsyHR<DvK
z)H{XPubZ(j29QB31t;`E6_q77nIj$pG9--lmUA*<<qvo)zo3mKB$+~qHBs4K_0@l>
z$0(31aHDf!YnPm=4S=w)L{MK&07H+#KK5lL!oUE$2oC@D!OROuKIIL|&<RXxKy56z
zh6DF+`NaQmW%oz>y^y*dHWoHp^6nZUOsP~acD^fq*`V;4SmX5dhFZJZ$*>xa@xwjE
z-R-Q>aLSEJ>+WK16_Q-ByB@Uln$Qu0ir^*+`qO;d0g3Ll5vS+7G<OKi)%G6Vn`$58
zUV|+@p)Nklo63haRIkj=Vl0B0+P~f+c851+gdfH0;3vn(&COifv#4%nYAO$jfzT@?
z>Z-U+qc|4=3Bo+)E_UL7bR&hE(h`{u+8%DN<aoW@ytbR9#IJZGc+X4%x*YegdN|#5
zK|VIb9~k$RfN{^nW-G8StA#D*Fu%BSu+yKm+xqe404!~9M(|l-GY;WB!)3ejd#)vX
z$b)YRPPj6wtBa#EDzy&la}Y~0PCNFGW;_{Ap6toT?I_dJb9CB<KV=Hq+x6&^26#Y9
znelCJA3OjTj07DPT?Kj`gZq<l;wi(}LMRLSwrxLmP$t<)|2JfSpGg6~@%jf4OMed`
z^5?&?e*v&g!a3gxZVh;@EA@@1pG&rI#J(a-w6Bf25g?^~41Kljw?-OmBS1F111-=q
zCsdm?^hfS%#E7q28qVPG`kWg0=+_pA|IB-Ta547#8D-^3y_K@R_K04PV!im#rjnwD
zKa7yR7rZl$*p=s3#{oc9b$hqr{IBSF13>c}0O*Op%0&Cx<aQ2l9ANYW$YYGRUyXeL
z8iLi9;PHb7fHD>f_;CnUo+MqO%mExRNx+WdF97}2W&aJ_9zYDE0ucVNog3p@pEH1Q
zh6UJh{FSC~3-}&92Ap=UkvtF5zCQv4iTQra%&0W85~&tu>Llc(Mg2D&Yn3O39BL${
zFVyhLYH^MDyEe_vPJg_U;lJc&eS6%V-yO2hUs4$Vjf4CP$>6uU$zp2L_08^wJTWH^
zJ8Pd&Rr=C0FZXpnYuOjldjIq)_77gU{(UuzM(lYj%Ksd&PX%s?USs7@;Hra3asZEH
zfPc1bRF(~!HVm!DcW1sS%B{bExQ=DVWWX~8PVoBIL-t-9bC!4-K4YM#hH8A-Wxyvx
z!qiKuqn}drhjTp?BQ_Z>hhWJf10$1JsTn5Ei}IoR{6}PDsfFlkn)Z1^=UI~VJ{}Y%
zRuE`dsj!6=rLN%zRLlPAchP9oAG<)o2DUbx@I2?wRXLq-_wLGje3V~_F@HNmR&<6K
zUaUY^fz)qiFK}-xGtuN#FSddRlUKm5evtiZ16o|&x(FYRwd@m|LE$AgxQcj5?Q)GT
z`N{`V(>IZX0e1JSCEJ%7dsmqkN~>V0;~>}OS@k!|m3C(EvubHp4>cs+-meARBU28k
z$hUa25X*%?Tq;M@;eU+pFk`au$xNfBjXv1WQ1hkeOZQeMywl}lc&L^812>Y7#xBMy
zpG&{QSKpf!X;@*bOSPQtzOzOK7!%8ijBeWlDlv`}s=5f(hQvfgF2@i`F(G*IzJZ(0
zKHBS7R3-jO!wk5*et!MW;#yY}Sy|J&(OH9E9oY33sp}Xv_^}%df0`aUxX{D2);}8V
z#UzQuJE~&@C+H*a(?S>@kFdXGu%usl+hktZ7o#>rB|R|}x$H10HV#`=n0eHJJML<b
z58z^lTKq5LW*}sk%c5Y&n%%>pG+vuI!V=Bi%q*M+zjA)|7-7it=^+@^;tumeU{dj^
zUBJ(a*k&O_eXOa7s#54}0A)nLU`7Zbq1qCHt#3pZEYQt-v#8@bPx?(UAJGa^Kt4+i
zimxGurj({9b`am7+4CfY>C^^pZa%1%?0FwSFtu$>FW#8*vRlCEdF2~22ciVqlQF0f
zbi6zdx0ds{w#Ewy3u_!D**MMIVm<AI>sAH?Ga;J;6Q1<8R^<>d)#L<@=-rFnS~C#3
zj3XyFl(y$wQdQ$ExhmPazP=nvPI(DD8cr@_W!hSms7NO64J~XE=0W=)Uz^M}PwPXo
zgG~koeep)2(wt!3cuJQ9PS3}os<+Igp>EiIXNo4NA6H%Up_Sz(T~C6_?~`|S^)14p
zGw}?=KAdW*9Lh`{?givrC08$BR?4$TebSMQ_FclCiDdO*9trFnf)Wd>g)VB)EHZ0Y
z9HqxNFFu|5Sj`}`>?2S`+-4suKs`tux54+Jv3i(f$h;~))qCY#cPZU_`3j6G?C=SG
zkG#avk;RJr)4VK}>X?Ih1Kp5hay>g>`G*X$zr`CZI6ke9oMk3xE#uR(XGymRDID~z
zS6sFgv)O!fmWVw@Z;|Lyuq2>CAxY$f*+nlkXU{{2tKe$Ob1+r|k?p{(JXKMEuK{#W
zij{6kP;W2-GTucC3rlzwig)nME_a+Kkty!Li^2~UEcsDQ{N<HjQhd1hs+CSz$syFR
zgj0z;cFnM0>HUWp0tIjx%Vq&!iTileq0fo(?sJ7SN0o%mhJ^YLj6KXsoijy&ouPlo
z>m{Yo#3L2v>jO&;COg3|^h2|2iE}Kzj81n=7?!5&o3%~7pgj<;g(up(NWki_LK%*0
zt{qvd+MoT9nadS3WF9~q$`L^w8|*m;{~mSNbE!oIU^fBN*}(&42a}D4g9U)fJPtV5
zub=1f{8*UqgNe+aIEgXY0t~2`H<M1z7;pW|fj}pq$c1+zdwB(nx5Dgzgc`?K7J%vK
zR99lS^j#v<B}C<6z*PR$JaNaQcy%n!3YU*Ej~H}EQkh&TnRs193{mw%nXjt4Cfda}
zHaZay<M^jkTU_1KeGK2V_tO^c(cft_IJxjccs2T@ww_}3v$Mj`BO_l|pcDcw?lcPF
zIM@_l8iTSkV%E_uA{JN{C_xJ7CtE4n9VM@lw-Y?BS(igyFRfu3CrnjbgPz6&M)uHe
zSP?xDLGPPr$4*!Ztw$g!e^zfctXN!mKoz|?Gx>Bc-_*8;f~N@0%zc$>os)THiaKtI
zPw;NRlB32|c500*_rx-D*C(N1A%za3MP~&Wn5I=P?m)V+j2i!)IH~hM^PfN^Ga@wc
z3jRAn{tC5*NKkPYDq-{w_`NLn3TWE$hYTX0hsDf>B;b1MIIY9;ks}|6$`8Lnq}-vd
z2f2vgY+~MrYn5N;3H?Bclq-9aMTe&+p+CzJqs+zpa>lD#bB#E+th30_l8@6NOJn`K
z=E`h_1ty9z-n~tb_0?7nikHhqp9yS#p+(}DJR$VuGrCnybf#`RTi*FYULxPlj4R@%
zV!&zjis_y3s^eVn(jm@<HQyu1=**i%B)Crre!LR%K2j)3)9q@k<*)`!pri2&jkqHz
zo{(uQ%}I^`(zj`e&dQ31pXt-kpbpaKeFzKU7!-LdUo?fYG_-4AtZXPF+9&Yo<DG1#
z_6l6>&m4`8WC+r&Ap_O#r+QsH;o66ni^C|mMxVa0iV<D%_Vo@P=UlwlOW$vQgPv!1
zck;E<1Ea@8*}J(<d7YxEqkMx;VTaxm8EQd?3io2bW;t}-yFmn<wYN&s5}M1XP8&_f
zMURI`MMv!23=$W+>FRAq?Jv|t<xh>hiRdbmjWq0%&T=gnHOf2`#@y)MLZZugzv%Yl
zVj`A@kazLJOmg!X1JMPsjt_9<)g^e~G^*Us-;%9xvaC%-n-#o>#x32lN!j33aa<id
z4tiG~637CrEks0}P2K?~BHeXZ>otKD1N35HXxg{+4}JoPwE>(lp!n6{2T-eC1Odrn
zivYdgTVmGlY5##p(zgo*nD2;}fXBo5HypAtAg)a%%d<5R!mtt=PutALd^a-P4rHKj
zhs!<H!7oect9ZZJl{4Bd_v4lU#NuJ#m|J-m2GdL5hqFS5Q$%-c`43?l0Y|&c=qz>T
zOhP)h4<yacQLJQVdFbBI!-Hm3DDNQjdby2@alU2?DAY@wFtFfYuZ~nJuu|}3*L&M}
z&pjnA{0%p1RR<XGrCmE#F@E3={U|AZJ6;~RI>}K{Cur>AyQqqT$7GR4`_vaq{CM@F
z{=yCkgaq>JmM-U=N&C%WsLq?^E8}qZX9*0`jsj4aHhC?F*|4<7%c@kF$!C=ukDOyM
zyYnMr<rdU9!XgwG;<-Di@$m9qQ0}(}WlU}kOlj)vNk!<RTE6yMTKh5;PIK5NBS!7@
zxNFsm%aty7(7qRYox^D|x_qX!k|#>-jo-W|4oAC_Z5E}Kz-W28Go7S|0>8k`!?yMe
z$U7%S7b42su3|Qug%5pp310Q}(jb=^oSBVJL<5xm;+1uQ7ll^amW2j!k4B#w;l>jx
z=JY*P<>ucQOMEbBwWBvWXjoZ#+vk>59<w8=Wyu%LH&gehlREfxmkFjxUTe|Ws>SD2
zlvBL(w4@i6<%Nq468?l5>J`VaW}#4@>va~>j0q1zh&g3VXi|;@`6$UC#RD4Tr&yeK
zOY`7g3f{GL9YDA*;wtcQUW=JMdZ-)*>@t~9@yLEWqNR#HQPm`^g*9P~yK!gJ99^1J
zqPT2$XV;<}C2#6VjR99f1@En2gdF0*ksXP~DiH~fEljt()@;#&^aJVg`tk>Kr(3)R
z@x51aR^0m;?^++wR_XiJ7Wcm(8|4$`-+P_K6WuNQFoos{Cs_YX8Hv!gThNy;TYkhK
zaRjE%^!vdRYCm_rKML564SF8CD**%0KdE5&k1G^@Fou6s!Lt2g^we<uSRcJx;NnD5
zW{|_TN8uOh?)6!`fA{i8=@-;=80}Vq^f=cq^%ES67-eu@st+skcKTRER}{FHu&+F^
z%*IL)0{6V{Ol>=l4yHYiR#t}7Ko}tiyW$wX^>rjYYXug#mSNjd+LvfwJm>EJ1Ujez
z`7J%KuN?_Z;~xog))f4hzyxH9@aV(hZFsA!9vD^gw?2Tsi4><~N%3O~TLZ(rm4n6N
zqFjzpYWOYId@@phphKD`+I&47J>p<{4gtMc!N;Bz?@9z}Fwt42)_Ii5Cl!tOF$Xsr
zGZj7W6(qh!FPKJD7`%;O`^B{H8Te`69laL`pI9D4>`fda;r6Ur5a9#s;DmQ`AyanO
z+#ThRvjB&XXPuK;v(N};1;BUSFFd<>Plr>0*Ye?S@0CnibeC7PAX1OqPv3?>$G!9(
zj8&J|in_IPhjxX<ff<~^eYP#~0F<<n9vnTE<izBA7#X6sq^jE#pDffHHJ+_t9&pn0
z1iQH8{sj774WN3LU^TsTs<TpxWcCsH+c(+~lnk2aycb~?!v*X&3LV>kFJ`R)?m?Y=
z;V4~6fRO@X%N+?W?)2a61bW86lN2XNR~_n5dkGI8&EPxjnonw4Ug%$l9P<Xxmz4a)
zIS!_|>)h6ABNs(fx@ZEK@Q9cut;M7c0=s^D&lBfmn#G}P6%7u|;)Wp;I3Mv6N>s>-
zyEb8(_T<|ZE%Z>R%K}egaA%oIoX9*s;gq~Xpe7ebc$oT|yQPY6t!ZnIze$2@u~&-(
zd=f$LteOlypYCR2LTYS0&cCo+i<_LC6@#a<Zf2i^ACQsdmlY_t`tH*I;>KnB?mvL~
zL5HcKZZ=HLl%@n93IU}AkolJ8i3Jn<2*`Z<cC`CF?LW0N7D)4bsVtBNHnk2=N?-u<
z4L~Uo4uG|E{TKI+=YZMw1t5IX`MIk2@4WtT<?>&f2t^_WpJBG5qZG@@zD!UNv02dI
zmGrNyIzS7yO=$ts84xu6KuInKm-O$d<A0&4=T+Ob&vEB9&&0Slf#7HS?i1l%lF<)9
zVAyUvu+)M0-yDwqMTpw4Ks@ZZZdeRd9Mr@9ehh#p6a=spe&1*5{>?GtFZ3q2#_T#H
zpz)X*lrT}6z4k9q|DJ~?1+X7z(tnFX@}tlGv<lr<==q0Ga&M_l?CEv~GL?etBAtF)
zMOldB;eP9!ag27P%nT2y@V2!H><_W)8b)}}P9v+!W8hLe1|9=#_!gRm#O3x`@yZzf
z^UXGA`Av^Ei0Ed4JVXTl@DTm-q58G$ACfwb=QW-~<yfRTffBSg@|Odpkg4-DIm3z%
z?|Q<OkPy6uh)!_yw;wbdZ3y062`-3zVf0)Z^1M3rZ1$oXR2FCgD$4><KumqvEw+cx
z*{ugPkYI0oO>?LIf4=p9dT)dn+vf+44a3`&KNgM=@E!9a%X4&fANNit)b|z~lO=Da
zUYfo_O)@JxmDJ)~9l`i$&7&?l=X6`cv~jz>Hjbn4HC^G8Ia~-=C?%mh0`L!m@+=v}
z=oXFd<uFcgJ=(G_#!ny+X(RvTRcN%r*zMwwawIovLjX?uO1LW%A3+TtXAb*KeR2p=
z;@pk|!@<f0ujB*B00^c(<*q}1Dq=ejl3ouoy@?rrzS?n5i=?7(j*j%wr~`OJ_%83O
z6%n?9#VA;K5?G3x5N5-DvhLpVKr_iqBOWn_&n%#UMY2xX(kDsU3DZBv6vBrp_0;o7
znzXL>@aH8^9vr4$l5Bc}JpZ0r^6ri}$RN>6DTo(;PwVxwJ7k|DxhLQ9tDfc=oz6+a
zu?@X=72@1-*K?ft8a!7toB_JiJtqxwLiXZSo>3O?w(vE0s%W@Csb++MVMWYo61+$m
zY@ynb>OGV(bQ~hASsOVg>s`ozOZ_1nGcuROCNXO&C!3&s!G5{n(QWV%8|?*AjhA@G
zi(r~NYg3RD@=E!enGW+-P2d63!uHrZ^A}Xlana|G%8q_4h9CNrH=-k(f3sYpY=jCb
z`ZgCxUShnPkmq(qYSRl+Oob-N2JUhsNg9R2#8!BoWb=!ibyTg5AoqTM&cDNJ1BJ&1
z{2WR)9}tCbfHQO+)f(5E^>#1WS1yh#QUM2hAI^^FM{YiX3-sd+>yK<M0{`A>2fPr<
z00oB;fP_7k4ErqqO<S2ATN5qmT#|k75?S+=UfADSCE2O-F9Bz5wIa^}g{32G&!1a3
zA%Gu&@hw)b+pSM5>HD<5wE%m=Dnh~i81uPf?5gWF(!aF;L+Hi{!0x6Dz}=EFI#vN^
zkH59)2m%@4`>(0u&Tils1ewMD)>0jjx90Ht|L$xQ70!cH5>*XjZjGHa><uCgBbhv9
zzD7cfOc>{S<{fVDVeH?3Ybelq)3WV+MocH*OjYqAC6Oakgv(IZhn8o+S6&5h@<8lu
zs|g0f1_1u*_LqQ_$E8Cunz@#{@VwJ7<$Jay3n6gFXNyh<1$+mxmfRA*%SmCG!oiEU
z%h%5zXREPM%S-Is^>KOCi-$JqeCP$Im}{I2-t}?c-I6iUy^^l;Ssh4l$!3OLa&2ZE
z^9SULhk$b_VvM+u;U(B$hMc=khi*^%R2fNDl`5w=j7(!#>)$FxjIg5KbLnFZPSDYx
zH0|XRU3G!0Pv&Cf>RVb*I}f{{RQw5KSTS^KK2Kds3{m<7Y!<%uTn8s9@F>yMcI_D+
zQG2wa<tFROxzZ59Y}0%-AZRc$=f(Ss8~oTkp)TE?!84o)!>-r(8{3Aj^H|d<?G}iS
zX=Ta~ob3iZzfzdvi%>!NFQ>U@aqeTf22_TXo+ozgwqfU|0v+(VO7XlG+d+ukP^;Dm
zaZYfU&5dj52u#j`hlqV`-c=aXBT>7!ySR!=zzBYtR5Ngkd>r~{JD(xa*@AKRVQrl1
zgn*<*rnfvLECQk?Jdt~P((X9+%YqZk2I+3u+1@EiplHu}tu5R?R)+tqMENcgV6lh|
zGvJ)L!w@AUVWt0RM9({Bcawv$Zci_{;UGNSefkuCu^5v;Oi_e>+Zsnyg57dhCUOyM
z11_k~O<+5;?@tZQ_we6P_>@MR%EqJ4CKSvL&~6KCegc(Z=$=OjVNpQ|B=ai^dma7h
zEKueFc+<jv<`Vr?^pn$F$*nHS3`7#q=_d>bD{}vQF2<i(`uJM@pf0aV?6%^VeG(Fk
z8T?=74L0QtA$WlGtudSLS!5d4tAL~`frP82z|TLXet@iP=^Xn^%jq=YgW_qdNV=KH
zW5j5`taIw`g^kY<DdT)cvQQ*rX4s>ye<#5g{}xXP7TI@DXdXjX?qAgP{<*8AUt2-_
z{2twqJJmwGWCL11k5<=h5=J!Hq@bg)U08SBWUVa1`D;^G+!B-u0-Edd$F~Q~KY>`F
z14I>BR%n@7b{1A(No)md70ZH9){D_+NR*K>5_=+KzsI-jmw)poB30imf^o`-Z&t$m
zA+Nfe_&;4$pSiGL&%E}>Z(7T_-Xee+ef0?Kx&5>YBvzQf^c0#0v(#j!ie*=M9srg6
z@8}up^d}**V&_(tmquw$28U)x2<E1fERDjrFq5L@&(%vx<3^l)mC89E1Z1lB*u4x{
zafy1in=01Wd4YqsgwKHPvRp-^{TuX<aU;G*DNTj~MRcMuhhioJle3yU`Jx7n<R9*p
zwD-q)hugZ^YMkr0<YjAV(0Qc9ZGbB^a?&d>2u1Uixsl;m?wnujBQ|xgX`-`!&s}lY
zF>x3zYWLg#*b?m(?!>6dpBSqu>&vh%lw-T~B1+0*W`(C3y2X|fN6Ue{U9*x6<@;*S
z7&Kb;Y=}D(!sy#0J98i4ftQ>5`3{2R5b$q)Ofg{}Hxs}ec$v=tc{Pk#?<*r&Lfb|6
z>=19Xljgq86GG7Ll8>xe)1U=g$-+l%#S!}DnwUv9XC0CE?P;F@vs>7Nm+(Q}Nx$_2
zlV+bV1}x&vqyi6d>Y(DMeWlNKx7Bd!TEAdEU!}Y^?OvBKBDrt_zj-BB8YWxg4ZTsG
zZS5Y8Ig-yX&}$*3Bd%Twb+w7qL>K<9lLo*4P4lclK63rszWvWb&G66)jiwFUE;X;E
zJ@-JEwW4S7R|qZlyA17Ca~lmmP)mv>ns})OrLn$mp+P&_$LO{NrOw-G{|4Jg>-{i2
z+my7U;&8Gv_2AusE}V%t3Xu^LDGRSgV<Jwn9AY%PIGjuXRz<um%Gu<w)#A?&7eh5?
z4mOfyr3@FGK-f>6H~z)#`90yuk)YxAF)y9l7NRBC{7TXwnuMFm#V~xElI7)Owi6N1
zPu0}yY_n)XmU>mtw_>JF7H$@1SC*fL$RcGSb<+%ujYn_zbV6MRt+^tK%%9GijV}Y^
zUk^Z~BK_{fY8f$v(=qNdR}Aj$EJ8W0C8^`<wFG)OQN^1(9TO8AmI7DHd!z-gNF_$;
zAuq;vj7*kacN>7(dwh`A!dt@3K)!Od)%64PhBZ|&E^wpG{?R@6I9l3eEoIjL0zT(;
zP>lA;889Ly3#*O%-&C|Kz;9UAECp(HwP81R2>QO?1Vu?7FqEZDu~#Hz_gkO{zE|LA
zobh5kX(WvnL$A+!oZXxKFvaGyy6OJ2KGkjvqdq5e1ntL)6u~{TqR2km*bj7)jYkqe
zX9c~_TQIUrNhbkwhsuf`Ye>2Yt`JUl87i(EzPR$TaaL6_a*1=4n&0K(2|HaFRMYFB
zqs6QaF(+(OJ3K${^MY&nLiHZL;>}nJiRB{$y$cBS*`X_E)oQtgJ)!9}x2bbDxbJkl
zwEKm!{8d4%IBZqdQp%nrr+4B6L-6J52mCVC*$q!usYhglvPef*;&_@75sBxZHTo06
zUV$6N0tU*!4J10+q<G4Eo=oC`>fxK0zM7Dx+Sp!kbvXA!u+C%oZDFQsX@@u!AF#)Z
zIhm0R-);*TLZfOwv7WS61GzLyrWT@zaPfZE<sJLu+EKK)IrR<_jT>5{M<k<n*CJ}e
zx$wFuQH{JFdfwaI%S2-@N9s*%B7LWE4%4Z5GKs;pp%}U8yhBwkp{minc_@m3+7q6B
z!^yd7o}qo`g@g^r?{rpDt>DGBCSt|{W<_OJnF}{KnU81<zm;PaBXWMWn_YvkWRmUK
z*|XA``(#wMI4BGp3A?a&^$S2o)6V`XHN$>M0x5hk$+Q<QXOv#8Q|G`I^C8#GGL15@
z(G_qUuDbcsH6J`1vcnJKJMN+;Gv;258E$6Lq!hJKk*zTQFgrUSzT3R;Zih-u(W{ya
zo)Y%B3k_IfDVP+<?>V3l5`It?^BV(V=7iq7yPk3^RKr7SH3-W9Db*c_R(qE1@ML^W
z)Xd{?Kc6D&Bho*w<~zxVZzEVfb39Wpb0Tr5*1r!wRa`kshR(gWH4CNQZ?(wjLXEB9
zam`n5(}&Q1-l3$uP*S3IT~5%s?<I?4ag9Vf!Jb_ea*~oq%q5gjkpR;PFs&RVHui+@
zq!*<P3lo<&SzU@?DyaEf#3J9XKj2#;cG*(I0y^2SLPAaFLv(sD30|RN)N$AKR+=ZQ
zHa_IG$Hl_Niav~R+9Hzeb?O7XsR7~?SPmg>(Ai@0xV;83XUio2OvW^)l>=3y%K`(A
z&&$Ti#(Sa~l^Gzp*jDw{OWTdZO-?j3oaa4|QI%)~*Kl6g#>T8!=Om2=A92fa-T=LK
zz7#PFon(Gi%AG`sW>e0*^0=;VCM95749(#N4fU_uqJ=?qwnEe5T<z`01tEe>_u}8v
zpK#B=4cJ|ZG@0qK3Y_J3FXag5h*>`2(*0rp`>_h>U&n*G%ZwhV+iB#@gky<7dJb7s
zA03Zm&Ps*f#EOw0Ry!N@8%XfdmiL8<iqis$={9t{cm#sG>%qKx`*~IR=$$DF%g0)k
z6&V;XmtYvN5CN-aXSE?fQgkA{yvzPk{rk<|g<k&I)Aqm3@do2>MS2)7uK;HF06D-G
z_;xcHdF+9<?ubR<b@u8Zm4tgWywYj7wOC4<z3W+U1CTZw4`bmJusgKf<K%8h{4B4q
z?Lr9YC;`<#KWC>KusS$Rq;`{jNC#t<53a27eRXZzHx(7^ICVbgvFKlKp%bqpyF;@e
z?B5@|63xBQ=XhK0Edp}rTB_D>sI0+7dT#|OJpF(nAoT=N&+DCVnqN<->HqWqc9Ubw
z)`iO8X;^=230;nyvUDBKn%~rjef|`RcBL8aSfX+4+Ov|qFa4F&_>;*|$Dp_dK|co*
z3+P1KyF-T5{L>yHDK#%W9{nQxj!ZPr%ibju%ZH^b8)q^x5t0PY9N@2Hw0y0wb{3lM
z8e1~i1iBo2iBgWa)!=P?pDsb%R*^iYxd2027i&6Kd;Up&Kp&^G--17*MPs^!l9jwg
zi~`3{VE#xw+}ZMSPa{?a8fZF17XdpBsq=mgfwJCVNt^IugUP*RtE{V$ED#e3H7(d(
zt|`CQr}vcMs+(np_Z=r64qu{KT_T;&DW1WoeMbEVWJuA^DE_4ZFYooi4sS(S2_D@P
zcbkDknzn!4p#^m!A*Vr{NvhG)rgjO~u=X@9I(awIT1k}53X$nyMAc+s77e@(gu`U?
z4}4DV3)3RI7nzwVFA5l?P-hkCaL0AhONpx|nSEyy=I&A54kX^#FKfh%_@yD;C(dq#
zvj^iFf<u#o&+>!9kj<2Bz?v--d=(|rO?W<{EdCC1)hJ%CbX=B_H-&O*#(cBad4f+>
zPItqw3(#-;^^4mbBjH_rk14!3N!yzkAd{2bD=E(zlZbb&rtuY?GMB=>L9SIRY2xPY
z$}iAYgMJ!*$#zA|UjW&jRe4T%YhE2?DM_5mHT4Bukkv|N-*?U<ZdO`!a!R4rNzx4;
zr!q!C1;hJomyQs^LE~z54QLD6Pu!a|xqjNOi+!N#l1JkN-jT1;!K_*`iD(qK9fb=E
zUag2ks4jm%Us<VQN6Km%yMvi;$?6-59qs}cI(`M`WU(*Qqu-1u3sFS}S4a>_Mk=+Y
zQ7&a4d2n~s1J<MeFF*Vfq0NU^EinxS(8MLf>8rZ;Jv-gP!Sgl)w~Bz;6(HvSMhf3w
zi21*f!Y6e9T;_02_P{U5#epnv7G>Qqx|5PN&qtP|xh8~DqYRfv@LD>5Ftw}(8aKJi
ztwv~HIL|DFqpS>KN$_D3W!3cmF3s@!2tRopM(5JS<|VZ^+YAJ%W3y~gXGIjE^E&A-
z=b43=gRf5T*e5j4eWgAf5IH&4Tsz*IG#`IZii?FI!0AA{RW2igU5L&T+Pc*Li+siJ
z0}g{=<|dqzo*`vP<BY|ln4WQBiCe}j*IGs=@K9RjJY1ozdg(EJzoN9jUBWE(5;=Y`
zCfxJ^?om7EO9|5c3&*p*^&2-=6}s<J7r%=d#8ySm+*2>{xMN!r$v3p_cp88>SN||{
z@u7|_^PmI(U6$5le)L=<#nS5KncWE2M6;a~QJ$*Txbtutp3_PRoT;di_=~Ib(Y_xu
zBWj``Cbyz+VHO748{hwl3Lf=r5DY_nzNEQTzV^i+n#{tJ^gh`*&XOZ!Yf<s}1Rof#
zEmfto-#XI2DmDI{8{+QVA%mLd_)N#GH=42Xrxa5=!(`Pq2P=9k!aP4DS{zCX{{)h0
z((cmV1^)dI?1TP?6x_cm5&lPQ)?WZ!tp~vX36B-y##I<t0gVGTqu*|SwLtvA7yq00
z|5Q}?dtjF?bzet&rwc!V)DW5vn++y+2F&^<=>T^0>wbW{lZZ=tjtuo|HqP<vN5Qy;
zQwOb?06Fsa`6X|iRXyiv2LU`JF$3`1rWf4DF#&@4Y8cO@P8cs1bb%<+JhAJCuCdqq
z0NU25l#C9@+wlQ;yAkQ-u|I&Or2Ty_!%6Lz`5`sp+X+kf=7xOFVdH<ipLC$t?X~wm
zY-%4h1Jzm><*;vl@V`XPe>+;i1=f*<wKx8^cM1SgSQRa&9Le1ChnuUbgbopwL+mE0
zNbRhX)datrBl;(CL;qpnts*kte}UQyuw0`&*V+5Vzujab<DUEt-Ww0q#Vg`Y&xTyM
z>(pMm@<GYNYyL{oxseYIGzXeHzdMchhungHKXB)tV-YHjjg`$xkpmK6yFLWnO<CPN
zp?l*Z3stMbyJ*XK1oQ)Za_OarpELXfG*8dCh|A*AYI-EE618^bZz)(&jlX!}p9wOK
zm92d%)?@=k2}A07Q3s*6<SpP}OsN7y2Xaa}i)>NAGWzw)MZhu|vT@thdFhZ|J^bv6
zWdY>_4&VGhrmpR+QP0>EHkc>BhEyg*{52K0q&YV@(j#{?^CQ(~3*OQuGk*-e1R4R~
zT2kHT0%^qg7Vz&2?tw7?%d#y4lBDgwKoJBi9UrmKaNY7uEcK%^RJ-`a+s8a>vZjtG
ziY+0T&<`n90YEN#9;%|!t2qS<obtM$9gei!94_adK+}H_1cT&Kq13~|PsTa0ZZc;?
zwSy(@0dR%~f4kUW{^jqw|4V>Jnw;=2aS<xgi?V22oUg#2fM|773Kt0#`6iss(Xh%{
z&we0U{A~ZL;t!a2G*bfzD8terfPns23+LnM)!fBZ((NtjLE6q)!_k@G&9&f?5P{%+
zz}DO`O4V1dlAl|~9-q!`U#$Tw4gYJCE04YF8(^UK!~o=oVb>I{XE%3t1<A$!)>50Z
z0zlfN>YqS+3xNJmU=E;r2-*R3j}}0mm<E*c5`m9}YQs7K4EJwsWv8h<&$V68t8>qG
z;P8I}{m=3LPyheV{qs*hzYhdU(#zqs<jT`&+Z-c4P=d3SZnL~E6*+k#oTUrW^(F^S
zM7T})XBvVo(3>OY6cg_q^ajPdpd0w<iBpe|BwvM^sSKypgk%llXMhZM=5Ai<kKdH+
z3f`ju4cSNK1y!ZIN2y9-6^40XjM77!v<KG%Gl%er)m9eCOuIU85}&~`SQ668oOSKC
zx5}oUsO8V=dK6mS?ik_9He=R)9(!kUkz1zaNLTfK*ekk>;sb|dt!H%o?8<9$oL!t>
zl56x6d@>B@i7@>TLY=vj(H-m|O4|nY8c4VOBs+VR$<O_`w!B;uXErm+M^5dK3RX;(
zi40|}gg5!~ieuX*Jyw(486#I0O?!JNpKCNvy-+q%QHwPf^J#pCtn`+j)23_Ui>#|g
zw_HgU%d<5zvNOSDfK6|8gYtaqYYM{6_bCWd(#E!@XPEC-g#DgR7Tpw%OJCR@tZAZG
z+A_`n$iA7YXPwJ&+qdxx)U#fM-%dHz^9-%B)E~RJW-erD?Ki*P2H#YWULvlI1a<?o
zsn->OgE(ph3Acwx+{$OC0!wiq!<p@~Quq(;*t(daqmS2<t>G-3A@uPtB2G})>dO7P
zH;ui|F-jj;)`t<1w3n?6FIEQ>vbCFHif%yudZ{wbNZ;Zp3>_}Ei$zY#LK3Opgu-<5
zMC<lvQ_3M&yAzw)x2mqd54lxV`CN;l)aOps`NM)&3Gs0HXYZ;o=555pjB)V1c|FWu
zu=YNMT8@|)5fvRBvE>m$Xu4zej=ON4n!1Mi)SP&@hKwcoV;{`UCNMaK2y@`5gB?9B
zch;;3vnB$$wH6#o6G{0v;bXQJO&2#8(EywYb<Ct;91;OH_KKPeVu3gonysOKH}2Wq
z*$c{>Y5$uHQm0L>Q)07%!nmQ9)4UIG<(W3C#a(vmL0{7eI<sVR;NBFx1aqABwj``d
zc+OeLo{EvafWnB1e^#h_saVRapy<PO3@+gKN51f{Q5*jw?`2VjVFyuKc5d3{XWb<=
zvj8F(PV=;6gSLUxA1#V&AoV9T>;}<p6HT$ExC$DrAIZ13${}2B0C-=(=PA`{$(;5*
z44hqA5?zBWIU(_%28@bDUK2Ra<&@#O266R~-okr&xj6uxRKA+RKCjyMWnT8gT9hf^
z+(}@KdNvnJqKo_CU;X`l#=n1lbyw&@&7+s;qDaVl)P(S5EcT;m?t!hs*#2<>su(#C
zQiM_CIZ5OidJ-)HQj3zU4Lq<QnEAXDlAY$beGDcRtIB(&lo;FF-c#H36Np}^4BPl7
zRp8*1$Te!HK>a4~7L%~&O?|X}pyAu6%)y*5T)j6D5bAXX?vAV2&GxQNi)$Ttf1%k1
zts@j?oBWu=@VA=kZ_Jwih`-^X6TG;00@QSaE(q4lzZ{2%cFV$LrqSPv4!twX&~(Iu
zO4=H6IUXhnmZa<aGQF)j@5D9<1C{^R*a831Gjf;f;mgBju8ZUp5ur?KREj4gw_BBF
zOH|6|V(AJ_bfqEwa!UGqKrw2wXr;V9@+NX*UmoK#FmtO^zO+BS<MrSQ{l+<h3`oRt
zbbG%f7{$c)T`1rf;4hl?eaxWPcM*eMtrrEq%Q5_i?+;JKpYyRgr6av`>}TN;oV;f(
z_}1emkX%E7!S{KF|2ux{7Y8do`7rrjjmAYcyhNo#EbN>vdy<Tp$utkMG6Gpn6E<jw
z$=amgX+w~FD^JSJ!U7}cV&o@K<;}s~h}&^4r*i4UblrU#^iTd|p~=3}n4N4eX#b?}
z>YrO;{T_Cc(hLPvl6vu*YBdJ%^J98AkaQktnTxufbw$fr!;aLe13}qZV6}dh-yONA
zoVco%u##@uu_<G2)p)wEb-pEBS?$N29C^s@ye!w<SlmgrF9On$*UJ2uym5NT_;!t;
zA}Xhg<YNt+4|h=Oth=!D5rrHVr2*0P?1vl%cci=OFU!)$2fJV!Nq3m?^^_ufR-QYa
zH0hrCg8}BN^|6ZOEMjq8ePV~?h$VrWmI6P|!Y(<ozf07bCNmd_hPCU#aE8e`ft7z&
zS+P0S<c5YqBsbblDMDi<U{DU^vUTVQ5`d0e>B>pq0_@)##2hTu#<lEp_pZDZdQ`7Z
zS+Ub*)5jc%P;Ug}c^Y>3yGz)(MwYjg=UZ5I!hC60)I9WPyuAOlII%83v0w4Qv&fuj
z{jdvXru;Ll4imk#o|tN*6j3lMqovD+S|a)Wn~I36>1mDGXZ@x;&0B&opRBnFmylb%
z5Z7Ir5Juz>z#<OnvTyQFAdJuSU3fML3YOF+TT6TiqM3dAT9+|q9T76LqZ%E{q%AAr
zUYDd)G4-6j39c3jUR6}Ii+FAI?wHDD%?q6%aBJrpl3}JCQ|an)G8fG`B}{ohV_@!P
zL$fYUUMle6G;@6xO-s42Z+p74q#k<4noGNjLYNDu8O|cfsKC4@L==rP)iEDLJ@QoV
zX2Jk^^;9`!;Q{KbQ45LWb|)z(0;N7|A^8Xt!Ya96QAonuzk}i-gGb>qfA}6Ox>Nox
zA=IDW1tk;>WHXv6I|WtH_^>VBw5zKh?AfRqcC|NIMkgkAkyZWnW&%Rpe+`EcHY)OO
z87%)p8RcIwQCB>5f*-n^T}FMMt|kbM^9cl1=1c`?$*cn6Re#-+=iN!IIzt=k(d}V*
z>YK{7uLjL&dq@r<s)&LEi+gTzvgoonV*<*@>mtyD`NvaEo3_mvycoWi#q!vzluSk6
zImDn)5S5wPymlo@9c$|kIiX9cxNoIT6k8anB|(H|YM_FSm#}ZkgNiPT(+gmA%;#x}
zK8w4HNXm~2i}XJ^DXkbjSrI?|9MUmV;Mr`NP3CQ}^Ae(fKe?cQ$l(hne<Ca3pY?bO
zrw{n9ejDf9#MaA!iMkw13x$mZc!Re-9Pk?h;pi*~punswv*C^6*%mBeN|j=l`;<9V
zm{m;R0iR@FMVe%^0C(9ONv9kwtEcgDG{Y<mh_svYMOn0u9AvSy%qk8=sLJ0xG<`ab
zrO}9)X_KgWOF6G&um<p-K_+4abC0dET2Or$w=ZTFX9nE6w-uw3&hIQ1buI1)_xqTu
z(&r~Wx*d`(uhM3b!i?#&WfGq{bK$d7#g;?Ryk#>Of;O3&np-%TI@ys2(pi(6WQ4Mj
z`AEE66tepg?AQigf{1xkg`&_D%m<3&j*^i)7bEWh!;TmjbN9LQ+KtG;?_E=IK6HfW
zXO-u?etgPmb(QR0iE3BN8^BwZD9e@k!Z}NB1X5J68#61uM?wwmhV5o%Xq^bFeRJ_D
zI!FYFDap9qM7c^E;&lvmE4zMw9YorkEk@W&+lIy3xlH@DxI-r_X8^4TlL{E^=KNs2
zX-gob4?06;Vcpc2^kOynC*w7Lo=yGle067)uws!$0qR@br3v@UA7>1oV8nSI(?yMm
z4>NP0&~j_HfWIgkejR4R=<LvDUgvF{rppd?Ck=&tmr2|Q2x)&S>N<au23G9bXzD-v
z>ltD31y8!EfFWL+Eh$+l>~rAPQ;54o;hKc76S3YYa$w+V=6wVE8evnm!L0YcF4a#H
F{|gH6R8Rl_

literal 0
HcmV?d00001

diff --git a/website/public/img/agent-rate-limiting-ops-order.jpg b/website/public/img/agent-rate-limiting-ops-order.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..2cf0daab268994a7ec1cd39f4bcec61caf2d71b9
GIT binary patch
literal 48016
zcmdSB1y~)+mNwkDySoR1yK4v@g6qaDxVr=b0TNsSB)A5L5ZobX(BSSCAh`SA=iZq!
z$(?&=&YkakbH9J{G|#T;?%h?@)wR}o-*@%H^uscMDK9N24M0Hy02KHKJj?--03tj*
z0z4cd0s;aO5+X7xE*dHd3Mvsc4hAk6F$FmpF)1k}Eh{}GH8Tw<DFfeQW_Av4Zf**C
z0TF&qVOB0~&fk6n3JD1b6$O<L4ULeKij<1;pZ+|w0a%Ezl+c+lP}Bf478DE?)I%pg
z0k#tk>MtMQ-#$>#FtBj&2#83?DBuCrm;f{s3=A|Z3>+LREO@jZxF3MUg2SfbkbuWg
zF-D+v!sUDwn}ta8q@o>9b>xti%fvYl2^pV&kcgP>5k13WMs6NnK7Ii~$){4%GO}{=
zYU&!ATG~3gre@|AFD$LBU0mJVJv_a<gI))RguZzj78n06Au;Lwhve*>+`NzZ1%*YQ
zE32w&YU}D7zI1eUb@%js?He5%pO~DQo|#=)U0dJS-1@$~b98)idUk$sd3F6;zn}n^
zzjh1!|JRQFO~0_fenG>+!oVW@)-Nb%4{(FQf`y~vfX9|lK`?g0q2_#ri2EcqtD+r=
zhD-Gj&%}8I8K0JWh3@FLuKlHFf2?DH|D&G$-m(Aa*DQbv0|nkZ7%V^xxVUD>4nY1N
zY|xIJ*3sud^VrNrCp}6$DQ5n!+UXBrea6WAtM<t`{l8_~m5FUtM&;a%ER7${r2)_Z
z0DunQLMd4k%->}XiZq4zPkG*}d+Fxi-s?O7%S`@9eT`Cp>T$Kw)otYi(5CqStiAhx
zcz1}RJh=fOD?#hKE|NpE7=I3}f=uM|sh9<OMETx~mwY5TFLSO>i}5t~2lVXXc#ro@
z9{?=|GLh&4kuJfZtv&X*{?F<raUWf(Lsd@qMc!nh;HpRg|H=)|;NHFFQ?fddo7yMu
zishGe#dr!D4?r}g57G+#_9m;pJdi%QU}tCY>iH7}B9UR2%kgm)aX4HpiX*Z&-<Y+&
zrn|+fSIGn}oC_D30hx5~ocY&Z9f*?!<89$*-*k-bcz1nF6AjO!OYW|jt=@WH?q~+^
zt9$VVptB<~%Mu<ux!ls5^S6$jRrJD}h+tRbd3|o#??UygN|nQ@s!(89^c~dqQ!Nyy
z)kq)3snv=JwBY8tM8u|x&#96wO{|+bL7biK?*pRH9Yu{(-?)~O?#!ka+R=KuM(67p
zG#9+(o(mYEw2*jQC)OxjKqpR!aDdGK^Npd*LwAD5vq>rU`?dCGjfUFvRV(}04D0R@
zR0d7b4E89$Xj^g{*~`$vB@}&WMP98j*4NP+Js;<3Al(H6B`+KnzNTejLNC|Ct_FyZ
zhn-ycLRN*Cm>_d?r}fm$qxNouaSZEdC^Ezi-JSJ|qQ;3(-mZ8K`bX76;e<&)Vh7M;
z9G)=Pes~s}T~2i6LNAQd1-MsfK~aP^$+Gak>a!};uS5}1r@0n~n|H|7NFC?e4fVFN
zBX@W_M-y+Mny9vEMfW1ki*eZdz*45kB$v&aJu8Dk`@B6znBrX`(e%uk6>w_(+XJ56
z(L1RUisC{9K3HB}6j@?1#S`)u_hMDcf>%HMF<2geG6v{9+~02Kzi^ZAayT!3oH;c5
zU0gJ@;&#WI0UCuVx>{G}F^OJ;-~-?m3i}d)M@0DpZAHCLfl4}(KspZ*<pba+^HMO{
zVQ8I8#tFM0r8oyQL@mY=>P++IdDVCvZe#d>Hod}|?p5C2Q0H_E6G7Kvb!9k3rDs)>
z+*iyF*_@DG^%&ADIBm|DJ_%S%M9Ot6ofuD{r-4@VH^QUC%rOeImHG-ajbFNQXe&wg
zXzxi~0nIa9sJAXFBIF0EKHHh^zcRn&t|%P{$Nl_>x3ZhW6sy{c=29jzH~fnrw_w~7
zT~pSid%bLAX9#XW<p)?u4ZHw7|Bl>_3*?<LoE7(tjvGG@K{%hI6fMWsy4!*c1=JS^
zbOguOljixaxgkvJjUls&BV0`!BAt<_%vY$YoL#svO5%bUYT)?@wCONod)0F!#ZQe*
z(W<+u636u9s9(o0AQ4wk5d^iht$U;D)f|e2?j>s6&{n>+i%jt=+R<rsloi!p>_KMd
zh)Qcn{%)Cx?&nL874GvUH)PX2qaTg?BJL~ao1yhN8V<8rFA~|U^s2MNkcbNDbdB~n
zp$cz$oBC(nMvZ(#eD-4W{eezV9AOLpW=yj4_XOLG`*ge2#P({CZUZPTCRhg7yh0|w
zA+f&MYUmVeT3Q*uuNEo&JUdq+ui(Z!IPv~i?&8sV92F_t0EX-^;9t2hrY5^8GAW{b
zwc{eK{Nhx16BP3@*P={C9JeV_&J(ihEMitedmqK{i>XR*4+HWxtTRroUOWH+r4K;Q
zKfk|gg7r+1cjD2>kM#xWp6E*U9jA=51dqN6v906b2LKB407Pl9;rjQovRz+=KLAfk
zi;VtjgGu@L7Yiy}s&?<s`~V!{wO(%MX9xVcSJK>tjey`7Z~qfR1VvBc?VI9pWmsiM
zhaEu@to7R|z)duNe7x#kxH$a2Flor~Fj;QKQPaPO2w2o_ih^q6?<*ujy!{TnfTwVy
zxpeQf=)X+5bgM`)Tk`;%44pgxz~%$6YWa!4vdHjn>h33MAAod^j7tQ*2LMMZpixTo
z*D9Iw($?FPCeSAlXuV8khMQ$f`lUv!+U^0^O53`J8hijcM~wKRiF5~F6nll!rc1Rg
z<~X$(Pu=<x{}2|kqpJzErL(Zo_w8nO_S(8KDY9WQFVXEmja>+gD-JprXm}BO;S+J6
zkj<lD#7^A^bKkT9w%R)7o7B#KdCl=@^Z%|<tRw2Jzqa$P*x>;XJ`g)ZcesBP4&@$}
z_e)Lm9>o7@%L|;$F8)W{+9*}(nip6LPw3vny^cM3tcpmBDY5R1rtq&d7pfJYf6}aQ
z-y(A#7F9OEL~(gD-nzT)|GnTl^d4T=BHQ7(cf8eb`Sx4y@{JVt2Jw|^yV>V1dk}R1
zTxkFmm40FNWd%km%1`rcX6SOa41u0yc5CTK*xKgG-@iMT<eFjn1TsL&|Lh?@Zn1so
zkkITq*jV!-)q8C;?XN?ChqE9-HlTUHZ6n+s;gkrK%F1Wt(JlS5ngviDZCx8xy1vSI
z0HmAsi*&Vaz2zPNL#_wl`&4n&Ut989YyJhB#!o}Gv-itz2Jj0hYIRIrBZS-W6gRR&
z7cPd>BuXt_3ByT#rLTc^87-LGA&zW`=V_^3MTw-okRM?&59FZEic`a4-6y2r+R_j9
zb{c!s%;P!-SI@^}Zp(@^Z;r*f>gN(M9<MVy{}nfWPLiq9Lwe{{7=^NuJaFu@gnb$1
zb;k6z+;q%=d98*W((g_!#fB}wg5PZ=Da7eE-2W<&OSeO>x%TK2f#AE!xvzzHvG|i4
zh|x^1a1(!Ig<y!9#5oN=o677rw-M>o!k&|)9q})YU4x7N?j0uDWph4U<CjcPZR(J=
z5qWvKFog@%<vB$70IYC~Jc`@bcFA8V%8a*ego_C7@m)V!vOFz8ba2Z+^)!`9QEF{$
zO5Ez;ntwyzk*$F1_>Ljd5pXBm2Zoe*cE%v>PL)F;0=#7X%@VVI(%z~in1vA~vZyvS
z!VFgkq!<!yw*@evhwfSatSxpK>QUz-KVW~L9X9yg1ZcsjJSm1=V)cJ*<W}T;o>ekC
zyvFi;OsxSyfkVc|7WqmgG=%e*eb%Mc$=;K2`)j#G&FAXMrE`d-(Fuvml}hlu-*ds_
z7%Ae)&)r$M0?r65-2!K;0m9YQg9d#}(=?OnGdSj3dMFc(aU--TW^rCA&;^g<huqiP
zfx^~Wi%%2#D?y!{3)_>k)e(=ZEVQt4!{$a(-ALZ7pY#%y%LINInneg%97W7_R>*Y<
z)*RM*HCZt0>GHg?ew;1}mctNnQo%WV0|)}(dRn=m+O5eM##zhDGAqX=#x{;%bV**<
zYX@e}O0Uu-S)qL3a~VH|BKjy=UaDwpN;GMlpt-pR>tsz$WRHam*SX0aH4@hr1>-2k
z&$HeAWnfOEqAH;6a)BU`w+4WrAruD0pyVE<ner4t6ka&cHJF+yV!zXKZR>^u9ADx#
zgsUD^*W^xJ*k2fs*TiD4B%rnmXU2v1*e$UUnaIG$8@5i`l?xje%<S;#j2egks3{J@
zPI^t?PDodg*5(T5xBD%!30`}Hy=PMzIcJYZ**m~TEs<ejVFH(H%>}C8G|JBsrr&>s
zvUSYPjmOS>y@q#kgP3G`e=|zw5h9_iiV9x)Jxy@8cn=<0>ziu+yz$eE2?LU+t)Igb
zGHO`*XJr`t9)M;>;H!p#ORYb`*tqGKt#NJKA`_Eqi0ZT05_!CnDH=lV!u%O26iKqY
zhNrzW3>5)+(l7N)^Xa2q#K}DmWeP8AWh$zV==R3h<$Oa{Ibq)j*U7z6h)#jsa$NTt
zbw+bbM`>zkIjnA~jj!(9=IMmjf^m7X>DkV|#;=m$JrgoCyFe{#mlbIOD~$ypVkmQr
z=0<V9<&_Q#k8{j{p<TbPf>M(QS5-N&-A(^H;xqR`E5oC0`a56H1IaNc`vxV2tNbt9
z)Jy!=4pbk2^4JF;JEyo>zUN-_40MJlt{DY^Mm>$KXyX1(C#%npX~M-T=CDVZ<QpC_
z#Z+(AgY{zDjhu#rv~2V$4q0OB=6T4Z>_RemXsfg$q${t|jm2D?;3_*fNRJ{=0fWhE
zaKV%BP#CjaX=rWIF;@}ZWEkZ?-#2O3-eL^^gl@DLgx#FZr+Fa7a;2-$&&Oety`PbC
ze_QB+J_+D_F70E_^UbqTp`|J1dE?mLhEKR=j91MR6KZb>K;;n_kq<-F3`H6?JR%Hb
zM;-)MQ)U+D;@|;WP>By^Pk$0UByQ68Bw*edDHA!J?nt`U>f^$+o_3E_QPG^<T#8U7
zbzjIPx7oake8zj2ZbXNI(#N-kent(EEm`^6b4xQN*m1J~5L4WeKGMFOT%(*o-uSjQ
zfmN#}lowtOuE`<!g^R<Eu~O$B%%$SEqa>({Y^7i}f%u3F132b%gsL>!xHZ*ri*aJl
zeBz+0m)6`m$8Au;%{eYdm1&)+>6S3$bKL~Q3+GX>@0TsB$6h$v(Q`^UW|$@_OX8`@
zFgnU;986X>X{}xf3;5XCvy?tj#F1rXD~oKRdj&{Sm@>FztTKu==T{w?N0#m^@@$-S
z^|lZP$#I7%3{bMKuZVYde`kk+Atco(ebLchB2P=4o@Mro1vYzT%(fyuD`6t^77>^~
z%S5-)zWf0Hp}?Rm@jRjitNQ|pWmztlHBj+WfhPKsPdjbcjw06c_q;7pikf@eo)DSQ
zeN~k3c=xBTu}HYX$p`Gz<DL338nsB;CK2Vemv#jGs$#lO&(A9vOLmE0>vtBK3yJIH
zJf=iV9uIo*Igmw@x|CKowUp(HtOSCq4G~OKit@`UsG*$)0F!#G%={HgY0tICv{7As
z{c*Ot_C@c2dmQwZ0}wawG?`O%w6|E`dgI3?UsKmqpS()I;;jkG{(~-|)9mx-y7pOt
zHkvXXlS9o6hwSZHx6+Bdrexnpp5`6dk8ZKG4kkMC6?S_u>OtvgjDr~=c6O{KWy$;J
zo10U^)R4E5M5uN1kN|`QLS%sa9aPHdp1hx!`j~IMg*IC0X<QF(3g3@#$E^yoDE^Xd
zUylM^o%unB>{1YkLCcw!V>zdD;(QDRKfr}Hzg{2~P4>JrQ`d&GgRXy|6j$wO3k2%8
zFNH(^A=S0$MSFwQr<TeSR^P_)S9C(%;%_yyNWB?`Pcu>LZ&iF9q%#V%S(?|0BTKZa
znji7$NaE2&7{wmPXpyd!s#G+N^C%&7m3oG1r1y<ZD&z=z`<Bqwb>^8~jWeO;a=unM
z@y$)27}vWr__C|vCoPlu>||~pvxIm5HM_xrsA<NwRC$Qqk5jMHItMnmrdl*X^O!0D
zzYW~Io5sp1`uO2zfZU4f1Wt#$LP=%y`B>`!Wu1PHkuyItfhDa|jEzAU19W1-13(_<
zKQ-_GT=Rgw&M!_`CUh9Xziunk2IIxWJkTekc>ttjw5$`NZ~b-*&yK}T)m=f){J(D+
z@~=*1wZbn;`2Psv{fDqHW9i^ZZ90SMtkrs~&X;a=qsKseedt9n*WMJxDKZ!*wPb-&
z%Wn?2!ml+qZasI<<zfc~{+A5^7-s!k7F}?90K|)jZ+0l|Sp&dmrRC>}=vqDhZ;U7R
z*P#zUcqU4f2HVdSIlo@!|D6kOe_P^CQgEQlJrtr5{D6!pPD#<wbMqyDW#r#neGQ$e
zIh420Ds><VR67UQ6=HAktU(;%E)tvz-*|`bZ`m$YelBRtGSuO=R#dfK!_PbbOTiBS
zve+-BMkxa5q;uXRa4hG<ZVp>lWPUDaS!OS*-gl3Jfd>f)Q@kX&W%#AUxQDBU?$GIN
z_nO$%4lSX|)}977R~{W{-I2-ghD6~3$h6D2yEHs3GGKTBV)P8pP6+OUA?nvq3P117
z`MFSBrTTxn#qd(7nn%pa-Lc)xSh%2vsPre}M|o_wp)CHpvkrI2jE(Bxor&2fzw=Ri
z0J5Z>w@h%~abTUH>_Vhmg86WmjiYO12LVWS@ywFW4!hU6ma<+)s#lCGnag&pS|T!M
zCseA7ILd!=q3}p+F~##fCiAy3BDupP@~aFNE_){fabb^9;JRgr_=yg{lc>y9p(tOx
zil0nD9nlkyZ)a4%4I`qJMlHd3g1Ex~btZ3kg|7PmOjRvi<7&7Ug13vR-|+f81q6!1
zz$fab=u%zD30AR2E=T&*0vN9z;t2-vs&EJV9oPiTMb4~7VoS8)8t|8f2gEL>bM_Kj
zPfjrI&KZ+#X_Ce6U{-Dm9)Q;_GT?0R6-yw7^7!`y7;enVZ*Mz5Fg6SvB*e{Va1vhn
zGm5Q{j(`)60%JouK>t4u5uLGl0L0kAS!`11|3x4NobaL)ebJXP-2T@H9ak!uc)|)U
zFxwTd>AYf=5zG7{yQcqsq5tic5WM`4wnqOxFhz!kQI-$DDMsjVL0OYXZeH#{4Q7b;
zbWl_%t|k1J&kZ4(sQFn4l%tb|p<?R>6(GRwRw(;t+Zklg8}4<Ux^Mmn4q$c}q&sFo
zX|)`=#~dxSGO6K<0kkPi-xfdYl-f^|`17G8ZAIS^jU2vjtvT#RX><(RFyPpHyqb)7
zsZ%Q~@mz3y>fBvRbF!jH#tzG_kdxpF;$7eI35F6{R84hp-g?S}Nkm2^owjO<`L+Gn
z+*eKq*o2tuz2)U7sH^%x@7I&~9vC!(R<NbaFV!QCLRiz>Q=_!vd!Ac2SPBYzTaBs7
zRY2hFx+m<uJyp{C(aqJiCr%n+K;Oihh<qJ*S7eBzWYix#Z>*CC#Szt8IIL&1m7Mi)
z;WF^Jr$be4RiXV+wI8z@UI?iav6PUBSbU&6tK2Y6glpNYWrK37&(TMn@E*$QwpYI0
zG#?>E{Dq@^lRUwyvv`=;BT$6oI+TH0-<D&03Nul~P^<~qa;zz43G5sv32J#C0Lxgw
zJ&I3A0S>^47Uv3Er966Gi(6BPCVehjjrM3~pSKZWj;_kSP3zQ?D0S{GOzs6cRV)Ro
zjDYntHq>OVLVUibP;_guVD8dKs*2UF%1;z~J@I%i)&m<+plypX<~N_w)BQj*w3ArB
zdcRcU);lWV;xqF|cea4W3dN%d*vHuE=-%kwTlAfalt<7uv#0KS7&hqfu&R<byPm5;
z@lIY(gIuV@*!pA^__y+NSgIT3NW)>}kFp{ODdCjY7%`07)~3BRe3~hqwbqAho;<Ir
zPltJ*mkj3~adss~L=g-)3Pu&K;#VI@=iyiKRBA6u*w|TDJRRw25pp+iZcO<=LVA6V
z&t~r?WRqq;s)VOM=WjBd*U8xzV_(Ni77=$FfCmfvCHTA7*Fld+bL(Bk>MG_+elLj#
z%pdGf4r<5c^xwSIwUVV%3I<W9X5I1zK9P2wd?_2rIF}=Ri3`<#se7X}d3JNtICr%i
zIAd3{-TMZUJ8`5jgw7+C%c-|VU|4=jSk2+_q_D=u4i0U!Xavm@%-4@L*xO9$VLkZQ
zw}ee6unBYG<gjVA-UZPx2I##CkUMCD&P;kXw$*T>KFK?(XNR=eByVVG)Mgg3%npm8
zj0QL+HMHdC>05hq*$@YJ+<hKplG7w4-nbpNuxzKIF|6z4LWiP>59<qj0F)=}U3(AC
zgc1b(!y=2ggqd$%b`OV|>*ob=v5~zcjY0GFTTI9|?BVuE#IMB~tR2+J(!#deuEQD<
zvdFpb9DO-_?*F5ajmEh(>D+a$UL4se!VCaJD#S@2fVbH!YYxa_b9BLy^O0d%sJ>0h
z>o~*Dg|z6htOa{Qnuu14i+!#R64xY>H9jYDPnY7=#j&TT^V#LoZt?8Y@@gi9;JDeK
zZW6&(5SgNF)P3(yf9)Mc^SS!1k@jAegngqi3L&|6H+xGEsgpRVSkRfBv!BHf$!=|Z
zP1D%yM$^^aOfB?#&)4FZp-!;8{-FqEK9Bv^1;CZqV9fu!ii&B@cCuN#oN>Ocu5b@$
z6(+NV<W48LKQZ0UMo*l;@+S++gg<vLeRFVq9(^@AVKV36y99z92H=V>Xo*(DkR9`P
z=|l+-S0?A9I2&wDP*OJV?}_ZWb8*-J2^N6|fch-@&ZSho|8VOzd{XResQPhp8%PI<
z|C!XdYSO)AV(Zx+-+eHig>^b@dQT_26}#1<r;VwHNXK&;Z4-37D0Vp-fwtXY`LUl4
zmSK%_;H`0!Bl<8qFjFN%B9A}sPd*OSJMF7ETIN3JSTi!GV8b#mD)qx<0Gpc=i`izt
zRv8;!=?M}-Shd?)@dB?<$aoce?c==u!fyQU{BF_`pKfz7P9n}=B5=~#bS^phS)?;u
zimeHf)!m1!@FGfz0w3wunPd`tIpo8Mb{VvgTlOiAv}`Z1)~dbMYhdY4AMG0{?y6s%
zg`Xg@Wy0>HXkdU*>m=u{I@}xlp{0ynGx=$VVn72OJdDw7nQZ`GI~8!5{VdZtCt>Qn
zhn6z0D+et*d9lm#xg;;J@fpE}vPO`(=UM^fWY8tCP;Ens>Ll9%YZ+Atl>k=G6O)*)
zB$OHeyJ@<_*WDgGhkLBz+M1NXqelf7&a!dLE3q29W^h=+)9UN{u%!1e01*ZlklM*~
z4C9qnx$`-=oPSiPN+6<9^`I$A>yLi#H|i7!Ct-X9k*}X&`7$SC$5S$;e8pGD-A*G(
zh27oM-33Kyc1juJS*l<NtuyNvyVhKXBk931UWUzH`9aI}jWX-EJaGyJgcg^0Rb5YT
z@ZkS4c;0^<yt3a0uTi@I?yw21b8Y@a9M5&oMYs8=Iid6{$m;y_HkV!rwG)H;2^A0r
zbTF78uKUj8%-X4ShsuvvTdt3hm2khu_i1e9hlZgtSAXW)nb4yQFEOY)+QdBTUV)zH
zRI+5)50^9Zv=*8jpV!P`MJ4eHUT#-y!PBJsth&7F18ua{Tk15f$Sm~&Mj6VJ)ax){
z%k(nE>fGmquDPTZzoy?6yZeq+Im<EBr{D@XQFR^@fiji286ncV;d3?btY7os-o{96
zwSvuQB9aru`{B)3Ujh&X^wy1FVyss^E%q|&AQ{*@CyKOIq-spL(qyG|?CQ!Tov-5B
z)}11-(PVEC9B@Qtt+gH(Rex(B80o>rb0Uf+f!<?OkCA{)-4cKSaJCoO2pZCAQh0*q
z7I`|)rx49isXRx_mS3H~YpG(8dEx0|5YHPLOwVe6@3vyq{ZU~P6OIj;N7Q-SBhX8U
zk>3n@!idkD-q6=hl$(sNHN<Tn)N~Is^=45xC(K1=i36y1<X0I_4}(9xb+QuH(&B2a
z;!}a)P}Ni7{}673F3E~e4X7xQ30e-8>syXVWmQ)$NV>)|HBv{Eowm(2`7J87Fgl=J
zPR<!l(2dDfLh@<}n9haP8=j=p#0+HG8Oio;55t~3i*D1*FuotC8$UxjeZL%s;)A_Y
zjLqN8$ACH~gHo63lS(`}T4hs=l2q3?Szb-R@g_#8LIsy}%bEc$+Fkgln*k;zr7Jl-
zq0IBcMukl?<Co(FVnY$-FVV2Hul0PVEts8U43M@p&)CQweJJnB*VBbCI~zz@G?vHc
zal|G_mJoh@_Gyc9jUF%0YefMv&C_e(_09%6w-T?XSA|BRHd?mFP)+Cf5*>;4h1-M!
zO>L5jqHJ3sIch&;eBxYvlJhBjbej>>HGM>Pb=hFP%nM{@RRt1^n#bwXuOq%9LA~SU
zr>s>;)jVxICanemP^;EchGJ?AMCs&>vV51qMg6-lIlAg7$JgC@?37<?eHhT&pgq^h
z;CVLw!P1>e%a~{akjD9FU{nwLx=*i|95}CmN{TwM@ZGUpah&<ZE?W&mt4IFz*r=8M
z0T;p=JXU-5y2qP+Vv7vuhuFh}WH1=3<ZH(VT6QI?)u_t&u~%NC8>u%L$BbR<M7R~h
z*!?(v6=GPO$wQz&SDib1;c)b$n$v;;6hFTn?oWmx?;!KtcKaAo^o$R{eyxALp|!YP
zb{GTj>sILGTOqgpG{h&4lUnkdcf~!{*)5kiK5ZhusTG~uQ<b;@M>v%ib>r`HB}(@Q
zjr#gedc|fCGB3oEynWqSXv0NL-sY*j6BqL!Iwu>hzXg?AFq{nZqdD4p<MTS@vJb#U
zuIb!O$Mng*^;z=(pNdyZo%s-k2}Tx~#5oU(dR>K_`N@h4+z`iRzSH-P9E|dnFrZdS
zMPVy=lH?S#o?l1n4w7LyeM8Z~<Nc>XEsuYR;mRg{w$&Q5e-TM+33IK9Fm=`>b~B}T
z9^}30oeVVk@qUNvRjN}u|1i(Xp3Y>}eCClE>%__`M*T1H=(wc#7s{T!t92<9$Tqd!
zkKShM&q(DzdS6*-AR}1seArKjh(L2^zd0mez?C{7+k{ZEL##4Z7U!cwIciZ6<yC$=
zebK-OMO*+Y?Y_R>zKrUTiGDrTrHi&u-8DemoYG;RmFL9p<uO01|BOhqq}sOkW>RTM
z{<GG=?@yk5-4J!(iUr5&q72#rVV5`|?MBhuiFDA2g$6PxVKM)#;0FPyPJE8El^)or
zpwGEVLA>LgLLCkXN72T5wcg|)U>ltqE{;!kgdUAv)S#D~@Og;~4wDFeuhU%p8e0(k
zW1It~)mwYBsAD9(s)`=sUe04_Bv<k^tKmE+Em5?I6wPs#0S~U3#hq~9N01d#hQ^7g
z%cHu6y|x|%l-^<vPgAYvE`sZ;s+ytPN{E~_p~V7kKwQwbN?Ve)A8KVo;(}-}-MYN3
z#;D(xbW1yQS;oI11re$TK<Fca>0!@BoHSXQv@#8(gln#=bMhLB`<@2aY4U4sRfu3n
z>UH%5SHBx^CA2lJf)tZMuXeqj)8*jmK~$EZN@AE<j@BK__##R*PCIUH`9h61;oLLw
zZbx=gBS8-u(@u(?f9@cLKNCZ;anf}TLs)-F0;%??mt-9r-dA<{yVYC_RSuna&oL>5
zG-|@K)igJuq?*W)Zma~NH}=cxa6NjT%3eMIPbbg9_Y9RAMl^ZSN$>*a4Q<~OnkUR8
zK3ySofb(i!qc6knd2)oSYNh4D0RnmE6S=7}+#`Njls@j^tUJ(+@FqTKbwsqv2oRf9
z7V;bAxGz(xHOV_7bJ=oGVvjparx1do(sqJtBTkzoJKepdQ(PQ;w%Ub<nYmy#uFQco
z(vU?*m*{tAdp%a7FcYIwN~88&eKN+lBjJ-R7(^^M-KDrj_OJ(E(E<c^+e_2f6sO{~
zM(kO+AwI67u3z`~==y5YsIcsidJugpr_#MqouL*~ROXsKL!O>UZOHec^fbD6_t1zO
z?W!t6>39d}eayF=jFq8XvPeOp*`x4gvmP({C0@>g>a-DDdb8?6_RWV!7z%rtBFE*L
zc<gXvv1V4*#>dkhv$tm;*@Q58cab{*SvKsuCu0ZYxcg*`PNzxDTa$>mIjxV18mD*>
ztyP!d_pi?VFD^%Umfj@D-49mr6SbwpLtIts22!N%Ck=UzCTh~{2q>lfNXg}{K}Mju
zK?9P)uum#q@@<~s%Rrh;#Tj{bw!#d{yi@^Wx7?SZ)}8qW;79)SJ?u9Gp~Btd#kAsi
z%eRE-2P$^6QawpGbyN4cNFZt|e1CBx@y=~f=EV`cY@!1V=QC)<4cWM-$Ip#5E$&8Z
zHfU+^dWm{$1H66GSW!xKdsIAP6fHh8Tj$zQwIK+<xRe&aOR!nq_2D%ORU41{hV+zo
zq_3hx)WW4YK{C}|$b(~UF7pfYaHy~p!J9qWx<D9GYw0PSoCH#=bRxotsMqA7C#6=)
zVVg9#BgI)iq)e^6$?`)#wv1b}B>RNtMOxI=VP#SA*{$*@D-F%B(TldBG?pDa022q*
zHDcY;bWT4o7Ra|UjK#5Xk7t&8EaFJ2?2EkOuy%T~C=6a!7pg$!By9+ikm2;!FKDmh
z$1_}1e_<ivAg2v+<E1&T<7q_R8Z47L`W;$}@a#R|#*{Wr@QQmZdhe%HK9zbsu~Y8y
z0`HsZa>?61*-+Hb=?5TI9G|I&nMXuY{;(|4)W=QuleNb=m-c)mcKiJlRwBIEv(MLM
zE4Ms5{x<2Ido3MOvm5Zh1K{hAF_k}>d*451R#{tfgI5U=-(|+SGRo#mEoS(RC>+QD
zlQh<(P&Dk4yD)TaXI^BeWSRID2gzufjw*a#D0)9?rOMQ!RwPe3^yz46^<y4F?m5{5
zv!R>U!ICxJ8x`q}T)Sa9Y{@#rB)B-T`Dj#PjgtF58OE2Z0rZWDi%jl(Qo<jv<UbAl
zIPdY#Qy(*_lW_?R8;D+zd_2G7=NDQryfT_!TcN#ivgslMnl1jDmOeocvZYO~eFg$h
zxqlXa3-_x*`UNQc?}b4>2VwfZK9?ZG|L<bxDXCaw!4OSCMrjG$9R?V&9~bzfvlcc^
zlM5*zq2m;NEbJ2|R@M0cG*$+0q+BMnOHkabM~Mc}Urh$%LOmzJSS;-tPxouvkRt?H
zmIZ?)gO)Sr|Kwu))#cdL*?U13%c;#-<Ywc+FL}Rxk8|zgQHmURaxZKzwwvP52ozQ5
zSu>KaG!>hU5@vv5@uKnE^h=BK9%3ot9%4r72so7hIEzb{d#PQD>n+`P(_r}fr(%A{
z1SXzmBsOpMa?|i1W4*S`4D3R@>GXFU`-Lwl8xhC-rQ#O?rMOBN?!O>VcJ^?g{tM;?
zRO!D^DpGKOjhFkVUnHIPJ~2E%Y}pMyrBtE7>PYWVn)6KvVUA2>M^Hqah@W+B#DVBw
z7Pt7yJ}Ldm_yfTFk|%yyQPMVkd*9PxvFGf&%<*lcMpa!@@vkh-&*V^}lx&}&eI1B6
zYi!+}VLSi?GIM2O-|;{c!B6r5=$e>ifKK|QX5@S~`Wnu_e@XcPICA?<oB4Bvt6#&~
z{VT1Ei*d1A{oizuKbJYVoScd}xMl`no!Y5!XsEtgJmIL0zEHIMCzOvCHpyu%DJI=(
zo;Xa@33?|{XZbqhk3QeH2RR3ruaR5(X=QB0UXDRtLB1rXHBWv(ON9*797S_6wQWr{
zAaCB{nV;L?&a-#S3piXNF8ixpPRU8mV}b&)|EuEIQh!`$9mP%Q@)}+m$07bAa*{x*
zEbU%u3HqdqnuvS1oc};=RR0~F$q?uHqu`9j_(vZ<#$(GA+t{}Ke4=(_*^ho9YxjY*
z85aX$w^GEzw*hAu*XQvMfCP{Gd)$@|(6&iHhHo}0?x~|c&HI1TJh{ID3BWfXrv#le
zZ7=qn32cxrNH}z=oRdUfBQN?dfqcRd-d}F_PZhX7U*<2j`=`rN82>h}O1JJ#z<GtG
zWtoX=_)CqfEh}RCgnjP=;0(5-Tt%Gd+qN_0OH5bcLWyOT#*?l#ibLf1AAA(2c)wAf
z#vt|i8;$lizasNXb3q#Kf3E}2BJ?0TpT1ngE0M;?uFDp%Ys8@1sobsU;{8k*skb#s
z;i~>k;PtnG*dH!KqYQ&yHOP3_-4-SN&VIQ6zKrIr3||qH`0u8P23Y^mS)Eq`G94J;
z^IUEvc8a3~1~d-<rHJHxb1ukyDC%dT^Ql%PX<dd~`|RjOR+s3iyOg*mDI&6(yV0(d
z0~%nE)KFSA=J}Gn;bR_t9#1X-fvT58mTb<uridcvK3eq^FX5xFWkKqPRl13vc(l(%
z<hyr&tj<K{hGoTY7^n65R1|<hLDaFF&($HLKK%;eI_axI(|KqDu_w(RQrZ1x*4b(D
zGuz<FraE0<B+Mq=Yp$~rJ<ISnH(p~A$_GjoVb9f;ExmJm?i7JP?<?<CF}9yGwpY5=
z5WLQ5O`r%X{nR;xHr`k-E;n#a0#3;#vSPWI(6rV^VeSU<omlI}SM_nS<YRcnn|H<V
zjQJ#vyb-3jwdANZ$)iG+XZo73_<MF7IvpvmP2`rEA#pk_=IvWV-3(B|=7l@F<am$;
zrhbKx`s!!Bmrw>~s+=(B9;TwNV|(%5zF4)hQEHgTZ>S1eQw)bF@Wqy;3`EG9h-2{@
z6;%d(CHlG+<=rgVajqL08WQ&GlWulr1tA23BC)Smg7O%-T<^31BiNQisiD$~m5kNF
zv?ZZGvRmD9+Lf@|L@&bo8-keC5j9h@HIr*iz)Zidt(xr*dl&=;T8<yHn4j*?#VK#l
z791es%x;5h@?)--tRGvVtQ3YFO|&Oz$i10xVs4$LC;}mu@{^OdifH$liQ&#uHb$Rc
z0SRwSJoTsN73>yj>GQz&Zf@QN-#aDgMk-geix6RBj_Sz_#rdGq<u?SPkGD#-EzPy2
z4#21SxTldhAJRR)gix(32Ef@hzmH8g<NwscH$hWd+1M~b88vy`ZL{l~WS*u$a{?{P
z3lIhhVk3yA?#_5V8R}l8A=|srd2&E2=p*0q)chnB$a-@Xh4=ndI?z^9v25&6vi*dq
zu`%t@?BeS5oZbL(J5Hv?(>B<s853E+MI2`*T_9YxHe_{m;C+T{ys8lG7UKv*gwuTg
zRE?mfuOXHNZ^J7=R{}o#Z#{x{AzpNEie<5C`4S0jht`5^%VbYW`F){2!kITUjkAqU
zx1?up8Xt>yJs+vog2g3tXx>pGtZKoI1VO>b7h3hn8j-523c*^hY3%h=@U#SWWa%16
zqZnXdFB>(+$HbGA1WjqLduHf;Y?gQhl*JDM-0clyC<7$K1<;be^Xxe&f10Rj=6W`^
z+)&qw!@IqYDn}S?MH^G{T+-XEX9YM^OoT1>e|gbrr?A<~LYR=N&JhvtisMs4o66Kw
z@=V?6-o6`zMXLYm+=^Nz=y+AJ@w3=6b$|dG+v-!@^l}?yh`8<ke)24JeC6{xW|#)s
zS=@vloe>ci9d<3WZ0B#n&QY*nB%QeYqAvC15Z>kWeGQ(8%e<T9ry)Hnoijw3)z!<9
z@hk8P6ELtmeE|3ov6ck7aXBcsF!RD94&mW6D-ZEgY|dd5&+qpazt9KHE_&hgN6|kC
zW-sDH%P+>BciW9YE%oUnrz6KrJUh*;Jb|m4Jf1VyH`4X&d3U8j6;`os?j3PDER$`+
zSKE-7_t9F@5u!hXn401>P|+YuSO{AbBcTavTH`apbI9^GK+**S<(;}?yMT0a(I>QT
zDK)-CtapE4ssF^0JQt);3*w_Zv}{`oxhlO#S5D-6brgqO;-t+7(d7M|vD?EA`Bh5(
zWU)_MmYf@VHDYr#sHA0=Kk;vs<IPU7FTz*w!L=+EggX_W$+6%+#mc>Z@gB0jPg(O)
z(?nnyon!19)UVP6E$eqbL4^f>YHAne@05-D?~F}xZN||WXtDL?t~A)t{d=2D!SCCr
zFsgqr-hg9yaWC#2dglX5<1>>R)vGhEpmr$E_UP{et@i-DAq?zBn<+sj1<y$`X(2i*
zvRYZ<xuGj@gw0{oR{>r_P~Uf>QaT8ZJ+sd6EPaDYrTqHI7IkOdD-rHCot|c*IQfbn
zHuXi~=Wim>oR}avFcE3Bv=OjH923xbbV(Fn?({sXio2%|IUfG;N$)8otC<sXFpOg^
z+*+ASj5GpKxcFi9`TKM%oGYSH?io9KUJfxK#DKXTnss~663<(tlAdglPrM;cc@PLC
zXUs?KGICX<xi-pIsUYRKxM+PY_%gNj!sSZypz5)i-2i02K+m4pWsK;&2&U_rL_55?
z$z4*Q_PDDl#E_eHHC=PzCh#P(Szue`GO=HKyb7Z6X%4M#m^2Bq<OYQj!I`#EPAyK<
z2;uomnI;>Y^%2B?$hLIL%1x=JJ4d4qr@Qrq_HmM!FF(_eGa{{17vNTT*)LvO9k@{q
zd>bbEpv#c{jFR8NF7t=7C*3C~gwYJI)j{Mhdv^9bh?7sSJ|yVGfqs;0V}J(KUR}f#
zoy!Uvww$q<8Hb)VM?15E7k&<1(_v!FXC}e2nV84Q9`tl_?Zf!2O>C=F`Mb%gBq()f
z)9>^Q6{w_x2ar%h`;jG4A8i0p&(RUMp~e+f{fN=jt>O#{8cy)3c{wy<Lo|qvs<qdR
z<zUyH234cGz14~BO1tjX4a|<Xr>mlL0>nEBR`}o^0IL8p>$LR9vTZF7P0g5TMPs)D
zlnxIkD%LmhNowRvA6iuLYK_dur}>MQ53st7t&Cd)SSH)%-i0g2P0Mh2(9L%@=IWQU
zvWhPs4Ozl`G$gU2hqQk3dg`b%-QhbGnejOG!qwIkU`*Xgn<fp?%sH|TrHdTgntSa8
z!NWny_FO=5%%B05I95EjYHXsD+8PF~m8OxZRanFGXN3b-rp(SibFFO<P0v--Vaf<=
zyjs3feUYRJk!3l^PM*}Jt{dNH9mpoIU_6#fEAmKd)C&4K<Om2VVO%CsU@lpYK-l(~
zEu!e0OG>(OP$iiF^+4HnvZ8Tv>QPqnvDL6^-gspl;t5BIcQO};h-+jg>b?T`JC4@g
zi#dhucJ|k=kG_&B%bU#>W9JWaNh|el>y_mnJ^(t2YZ`T9`+M05tT5kybl$I+TcLG(
zE@ucFB3x+Y0rrNz;$uH@Zsa-jb>(<+RY=@oGjKRarfs(aWV<~~NzE*}6V@Vm&+mOu
zK4_v;jX(Mv=`Ntj(8<6Sne`rZk6tw4ga7i)ck>26Rv}YTXRBx{)VO!3HRW-+!9vdL
zQ0>JuUoIYinU56nNEmOVKfZK{X4->(UUxI+qYOXPST2)QrT93a+c@1qDYf?t585%1
zOWw2|-CYRrJdlikUeQorZ{uEH8|5w?_Jm5a7jDiT%b5_~7AA^O3G=&_ZcV;1Hw$qO
zTJ!vKz0@E^I6d^+D4WE(!;H6dpDT}9N^Q>=PQRDpA5W<ya^dvU!BFqb3Hyd1t79dS
zorsesNl^!4Ns<j9&=Y>m%Y^<_G4(6jt_(N(a}Ln|;de?fQiuivl+C5SLeGE03bY)=
z*1Fg3>uZmT3`jv_%Dd;je(XDZ-XFvdkad3vp9*cnj$y{dc4w9DU?={{6fl&rts+s2
za3r6xtYFu>)tzY0s?`R^u2E*~=dPQ%4l$+GHr3SQN3XgR%~);8D}8!gpPKkyjxy#z
zx#ZXm3vZs!xQ=KL@UF&NkF(J&OIz8qCbRdMuJ&m~hoqPx-z={6y%Qa5Cgo6_-k!?S
zYpQCE71k+~e3Uztcwk4?n!x=b3cogBz*O830yiX1PidMAoL)2a@qE~m$}SJtcSw=G
zv89;BQQ#i5E#COr=IGnThj=?c>Ri7wG3g0aMk3q9sdtw>w-<db4gDmXd}4)I=|jBx
z5Aw87KpCzvn)tis;jFy9Jsp7^r+Ce|+Q5*BU7T;h>j*v~8uEmk++E$5^|mM57v$D5
zRAJ)1y(6ITy048h71L41$-pjmdM9rFQp46>w2Sj=Nn)ac12<sr45b&<TwgB!&Gpg9
z?DgvE*?~j(CXU|oUQBE(l_v$uK#_=&fhCMdu|k1vdjUjSj&&~OoyS|=_<A+_wNxWh
z=d-hN>M<U&Cw?w+4P(zL7Uol`l8IO!C2ROoYd)=GhP9lVaLjayLPww!O73<*S1430
z`xxwV9xagPu8<wO=J*m{wY`q;yO2qMi0cl1j+#Dq|9#@O51l?r^QgF~Yh<!(0>wOQ
zf=ScDd-4vb^E=Pr1N+Q5pAE!ajhwz%my2#f5aDDzc>800l;>-SV*i|#(=?OSrccVp
zM<%00$ebK3tnNk}^n|kl+)%sRuY*+w!~wJT*`|2q`qs+H(ictj=@-gaGZrJsK34sE
z`kQF=GO8W~nku*AsU~GsF2XN`wRPp#W_@<wCFsiKq!ac!!;bKpdP)PDB>n*b&dyMC
zRxg=Hs#B_JKG(<Q#&Iz}Qt+bD`DTP4`9VAeHA+1_^OUDrZ!*KE_9b&;W8%|e*Hm3?
z$kRMc%#j=+a(L}^hHi0{9Yxo_rpRghW3Ukv6aRThDX;{8$C26D+q(6f_n+du*HGxl
zIA#N(#3?~PU_3kQ@gK?CgHq4|X;^Yl7i}==|NT+f*rT_slyO8_uFj98iMk~Sd9-dA
zm+rj{{Flv^ZZ!b?>_UHYFxz)nVfYpm)Nh96{4eg#wNO_bXjgZmT}IBoOK^AqMA*a*
zIUVj9E8Xq{5v!QK;_biHK8Dek?>J@&dWLo=0R+WZmh>xfE|e@kQfPWVe&oThcYmh%
z%egVXCEm_}uO2uV1(R`M9)T!H!F^vXn0T9%aY@AY0N{bDqW_g6eszm~ZG%#fQf+O<
zkdi<yvN9397dsN{niKzbF-9ZZKX{-2&|HA~J5#Cg{|s9DT^psLFsRxG!c}FekBk%0
z<~1BHWl#OD5hbrijCdGIT7NG+07&G~AiRd?FX(P$t)k<982cU6vSNmw<lJM6P}~P%
z-n;6&D%5#N^P4HUxvvKWUB90(JjFA}x%IR$gk(BhCK@^OSP@C+RU;@UCkGXjXM_F;
zO4^exRHLe+cs7@k%+`p*l3__d|EiSv1Mo#A2ZU{&Pz*)?-X;t9JiMfzE+e)=177tz
z6~>m-d*XMRhPSldVt24qw>xL0^8}yXmgec0(vu{8w9-Z@_(_ijqLF{f+XMas^Zy;J
z(*HYVTPc(Hor)CYKTMYRJDvi2xv88l#N;z|!(H-oLNm8ghl*M7S+5eiXe;T@xFY!h
zYR#3lAnMbYeo<5Re&C|f0!LvAias(d{SRKLjmRR3_JE2#(Qlx38an#-a|^#`{%`O2
ze9H`sZU9CoAH>q^CfR}?fOP`4JKug#8n5;pe&P?hF8_=q8j<Zkdr1>>e+O)Iy@o3M
z=K#&H)lCxZrmv}tTQK$X-_Ub!kb%B>aQ3(KfDq%oTeVIe+kUDZWz>}A-K^}Z53P%0
zUqnJh?}~hUR%lzEemAOz5rvS3kQe#CdD)Vw2EFiid(SAa6*f!5JjzJ9qX@`pzr=SF
zwA~@ZhkW3KT6fXna4T?Iva$AYO_X>5K4VO6KeuCC&_F8+*HJd6eFJrgbt}313}sw{
zq1-?~bMXrQvGxj?|HRi*k?4wBE-kA+vikfp$3XqPm8#htMQ5l8=@Bo0eyhck<ry})
zBvV_PNRoDh7HTFHO1_#QF4(|CaE~2MakU1nY5{vPw{-YoC*9z>4>cRk&RbAocqz~9
zzZJQ44^vHX_zpCs!z9DE2-eJPv)L8?D-0E&Rp86GL?8G6q5^^l!VY4GWCfKl)?r;>
z-a&THy(jo`2O$-3p^%EcJpv!eHuvlSw4(pNUUGtdmO{DF=0$9&N%s@KnMa1oJ{b98
z^2~4_%ERR+&n+K)@HBajEp`!I{%LD_GR?uHqJL{>(<jw*z&J8zMCLGhYCO3Dm7^WI
z3z?Dn5KkH?5yK~$Q{-?<L0Z@0{xZc0IryU2iEw}w`fTs3+DyO?MM}OMrf|!$?Bh+v
z4gmyyMn8!ijArmo-O|o>rwKAipDgX*Z>f3?;LOXwngvI}YA4hjioOtjL61O*hS>Dt
z<#ktt%QQ=5!qm(cl7jVqB9-S$91>3*2Ww4@DoDwt0M{13?u@PxtI|-pwyXHNLm~ev
zF-*aUQ@2={9C%G4Skl19HjH~(3U_zK!HfQD<LhsgZYZ5ewtET=o}uYJuBh;w_<)QJ
z#poSv?e^2cT40~$6RtxYWf44WB%7ugK$U)D`*CqrOmx{z*|BiHr*^Eo8dG~!#mS96
z!%=jb28H4#r*^8mS<*^Sn^AYZEpdil2j@;NbjO?HRO~}3qmkr!qp>IR{RqKq#7oN{
z&!tNKh1xQ%ZmVy463!8ailjwlBbCza0p@f%&xHaJX)5qKJ;P-iTaLc9jJ;Hp?|G(U
zM^-1}z*GCQ=cX(-XgkLHmA0;E?&$2?*CIV@UETy2(L6_9{I|C!?p-Q<5rMdI1UaOK
zPO=ypi40qBvlH+}LXbc8@+jC1rCspN&qlB8(*CAGn=7BpIh>!mASW7oG=Z0Rx0hqp
z!8*C9{(@=xI;y)|Pp`uUlv7&L18&TIz>d<VOauvGEe<4OH&+qFLMGnHSu3`|Bc;zd
zsD!Vs@=n>NvG#^rtw;ad+{OxDHjsO%_ut(#yhE-jCiwCI9HS)Nw}5v2Tj44Ar2avP
zfr=hP(v2XA6JBrKo$@+poWe<UM4afR?1$K-LqiQkH@vyTKEfjTT8616nVp*u5{+H_
z>`)|0fTuYPtVUQqPw0W}>ZB6&@^L3>NyY)2f4QMIQ0l+ZOs^)3zcc0$OBBW#Cu~c@
z--n%xoe#t4$^S6}<@?8Lp>~sSW(!{Ah<@^QfQGPrRz84TwzsWELJh>2-iUd4p>**b
z7D2BnT_BR)p<|rn{J0>vUDzaX8C`%Rf|PUUF{w{7pw%3=GN9{S@|u);@4gh{e!wqu
zRZ79moUHMKPO?o1p;boVIeE~u#%rlaXzE}MLS%RVcjrI3CN|mf5pj$S?Cs!#p+QkO
zKkZ`q>>GN`{(SjOgn#U97sxteLi9V_OH57cpOX<9$6RC0<`+%zs_1?Gni%CqD3`-;
zettpT6P9H^X04_NQF0b;d~v*vStv<$ArkuO_C^hQJZX?N5-toWPc78h--GBvWcbsq
zlM*No$vxR{5&25US@&H8*B|lvr9d%O7b!=H6LmI2n+73t#-A!&_=}bQvnI|T3HP)c
z=x>90GJbnG0Gg#W@oPcz!uq<U4QMFF`fi)lZ`E^;dBUg1dv%W;N6^wLmPV6x5qB-K
z!zBM1SMCoT+jZD_8@K`TmLL328D~ojQ9vG()$sZX^mU))fBVNt62HIh=pPFYa9eA*
zTd$FHKu_@O0U#Euas8>p?QjLP4Lam|pgYgF$Nt#gcH93H8)Qveckj7>F7UXAiL2hv
z{FW9<2YT`TQ@57Cl&pUfgxtIU#i*GH8Fyfo@=?w&B~VWSufK5~>toJS(h!;cRlV@;
z`siS?9s`LkudLijWMQG|<&$?$Mhj5ox+R8bfP1&^uAL$Li!x7<M|rns>f0!Kk*(eo
z-&N*;>xcaCJvdaCBfpd;W*?*G{ZjL{`$0ned<Yy-2_~_d`_?s?p9_B>_2&c)?_fa+
z`QZ8ih@|+X^qVB$=kfU4!2uI;e{S0NC&QTq0R^ABM~<AD0x*~&o;)VMVu!zGTY?1l
zKjU=)n!h;GniD3MhW8TAAmA|2dW|O<VE0D}^S>7f<>mPIVkm(FYzantSn9s|#rof0
z5;l%AKYg^xMclJhXx1-V+zX3y(JW;!(z=e2|64vO7(f=iWE`cRYT|SIIHy3WCa)5^
z4qL#uGryLxl8HJ}V&lzPn?JLAyj?kK4KKUeP!+s<ocom1cw*rgx!4)8olKyZH=TE+
zti{47+){U8KRbD6VKvH9**uLXloA@F4BaWLkT1kd-}{`%SIXnXxsT<hw%rd?xBjn0
z5sh3pBRT<qKfa6li$l@8lI`<r`&xgSbBGX8$%>Ecv~Y;*Z8=8}DJy{(!;suAsN**l
zcF4I)_sYM~F9?Hj#^0P6$$b-(6)W5CtZrJs%n2`Lwe8&`_<3-n-3>N|UyiyyILDk8
zTJQ{(Jcp-u))Re)zpTF_3seB5s2}g?s=rHA?H1n(780KpafyEg5yd{-n+#y{-8PYZ
zVa7fq!5k;$@G7XPzIWb>5`ae_Qv}TDJ0GX-5Adc4cCi+^ne^7|AM?M}D-;)s%Ml<X
zy|$?7i8#%#s!oP$N{4(*ps5a<iD>JbGedoU<(`i26FWs+Fzu;&JqHQgfuy+C)Q<0$
z=OC9hy`5-Ro1<(sSk`n~>X<QWjJi^cod4?Ly@`^!${Ph{1tzR>#t30L`$Yn7U(2nI
zJ-rp31;VvyF@*S^5Hdn*;|T|{OCY31Xj)&+DaJAAGU-3pq1TM#$L^D)d0Kb3KmWpb
zo?S_A*=)39B`LH`OO#BGWmIR6{&f?FZKQ#6XG}dkk?9isuFmXMpjj(O*CU#Ks!v9t
zvN&7}MHCm%Qf&%E_uR*@Rfdloj^dW3lFNx(-NCOWD5ooJ?4=IaLcgS75Q0RtK3)q_
zs}1K)7&}8*V@{U}{;dDpw=$OG(V_Uh`+1rD?icT};G8AiaGrRg(<~bo63FMsqqm5j
z2}=GPAsu_edhPT<XT=WyhW?z6zAmJrWSjT=B>er-z^h4?P{7d{k#vppY+Ia6V=BC=
zSm?^mj1SHzma48^mMH7h5{bq<D$EJnnBx#bbXT(P)UmE4-j5XXI4I6JfwvpcLThLd
z_9WWg*zD*w>8+REQ^bR}BRwA#?EGD8ITc)RxW64{O-Q?c67r-cocCVVDDWlw|Jr-&
zfU3H*Z}<=b(kR`+L6GiFkuFjCP*T#}NJ}?JhzLkXcQ;6PcS=fkhu?PQ8E=`<d*+__
z=6T=m`-`*I+3d4x?RBl|7ndtZkg}pg?)HdA?LogWF_*b6>EffOL?OXp3Cr(OJ)DwJ
zWMEo4v(K1G&}XOXvI*=H6{y`5K~Z7yp5t{QB%!RG3tr-MWsfu$Seg-41>S-sG2cF3
z+IiLO%O}y;nKpFA<6^Y%h?mQX7lmx9(+G3W+bdl%hmr4m8L@x#3WH+#LSsfk*N*Ld
z*hHG|9%qPOmvEM*5G*mH^|w2b*B-(em-nI4(}IC4W`0|>wA_hZq`zmzYG8ldyB$-*
zaagSUg<n<T18DVbwz`^*@F!O}RWKfcl;bd9ovO_OztaOqlR+#yiyEDO`GKCqJt_*?
zl@;;m@^S}M-2GCU&YT#2tnpGqWHqH!eFF8#X~>KWt#mJPgedtTIS~OVGL1Gg&l)C_
zuGD_Z{dx7t`DRwr>a^-t&)ZFJWEUnvRL=>*h$qQEn&js{zro=83M!eJ-j<Isv$B(E
zm7BdEz<zDXq@e-2MO6BIW&8i$cP&6z3i(D@61b`RmiZFVNQMPN1A6|9I)xEC9#?uQ
zaMgUdi+^5}VShjQ9j#`t^4lxn!s?NN<Bp}l;8?OIk>F<O_#Fv|3CXM^YPWT+6Ofza
z-PcG8NUo|KVzr>Yn;v1ugQti1x;Qghiit=N2E3LIvQV1|dS}HEO-ourKN)Lc+47Ru
z505xGkbXxbJ#Cy=p~Oj2r5$nC{sg9~fNA&@-Sr1vjExJ{C?O)>^w*UY6tE%ol9r+z
zSm1(Jgn{XHfIQU#Mfik|Y{h(+mx6g7(=#|q!vH!(mU+mA9%^mZ`6+zv)CTr=EKa!4
z!*kjd^gc$>ajJq)=d1jTFtwtH8go&r1ZB$4uG}a*t%-Ex((FSsbLpREke&sx8sHuV
zF!^3DghwQJN$@!>Ef?3mYqhV)N~x<`c0O5;=c6}>d#tBFH*RWQ%p7h{`pG*q&=P9%
zEo?+Y#F&TB7oh^u;nIMGs``qGA&cevlbT{yjD;?c2`OknmSqv^mL;R*(5g)dqx9K4
zpOw1$;Gy-$5RMuXGkOS4Re(lqM{kYg790{LjODr0!c+J{xH}He2*;Uf%XG_1a|(H@
zqC-yEZ$+jQv@3KREO{0#l;gTT!X+AQvqDPuB1ZC--^pRiCh8!h-Q%9#Mt<JI7+K?H
z_IlyeZuVW<wpGfR$x|t;p<`CxiGUY#8ryrA$gDzzD^JZhpL<Zj3|Sl#$S{90*{pgD
z`NX^hWoi@ZJ(s%-4JRrmq)8*-w^CKM536)R71L)%kNu=#V7VkvLibH1Hf1-951$-m
zxs?*2++THtJk>9*3{+jIFe4K$l^_-;#c0FOjkV6J|3qNTsCnLJB}kl=WgIi5z}RgK
zF|ELW<PS#Giy<`lswhq!yt{q`dEVOR=fYnHWLCf&NUvhdm$n*=M4zugRp_*PJm<yg
z<LtF{<1ZO0S2f1xt1X^e)ZnX42d6n8RXDZlN9gE&fntRko1M9ioatWfrN>j&dsJ1W
z%@QV*kfd$G>lh|u((R%U{eG<`rc+$llh&|rVXY9s>9~L^thqYHD0Zyig{|)3O8Ic<
zR$Gt$YfW(O=0?4W$3335xda)L&nBvNXSC^i`w+W*tlri>Q^{s9oduJB%yii}7&Q&r
z(iyN{Rv`=yeWT2=P=hmU+kMGmdNQ_etV}lb@Nsq#-dzpv%i8@=rlD#{5cQADnC$Hz
zdFTN2@(XVGKhl3Yw$IDH75Te@rv3#K0ZK~r8-fH_NPg2+e<8~sr6U0NGVa$dVnA3P
zSR;6cRG(IXafXYWH?VEr?>(T&)GXJ2{~_AcKtDo^96=7Nsl~45uHEJ(o$5UZ5p>t*
z;Fzu(7wWzy$VVKIcc>F#ur<`ih;qD^V{?nm%*HskT}dwfivXp2g$U_%_r&K+BgJ!*
zcN?i0nG&5~viHqSvR-CPx$Akoj9+>7B&?ey?xcj{O)+}z5@_KB+2tv`u!tr8OMf7y
z+v%1l8x<){L3(R$uGs=kPmR{ah?@vcGr!~C=hz07#VfG5E&ME^eq@ijJzataQ=LYF
z@ZgCa-pxI9Mm#=4n3|N@uKCtP(kSWb(cTeJBA({4>V%k2Gxu$1Bg9*<Z?L*xS~bV)
z>Rg(~<UfpVv(eNHn@3PL27yH-pjonaprXQYtS%=yxsp+D0#|EkGB?JbZzwruOT1GK
z>x{IZ(AU@RM2#o`2@w)ABP@BDU=M4JW9f{nj%dfv$vA7UY)OG|!?w}xy>EWM0kU|U
z`qAmzjt(IVIGgu2@fCt>=-QI9-g!i_rHDY?#f*I5A9IK{1B$^VT??h=<JWL`TDK>f
zo@wHys|D$_9cVZ84@5?sc9na^vSSqpI_hWQZD4WUYIArQ>}oW+I50Q&6{ORh`Bobs
z;C!OcWh`dzT!!vhf@1Q3!fUT20_ErLwx|t3Hq@3K!t?S%vraHFaD@)hC5s}pc)ZKE
zyF<C;y%PrDU8Pl1oYW{HkONM`8N04UES2JS>J7?99*#VS95QoWlD;IZfH{?7Ey}Uz
zb3pN)2%TKbojOySn{GWp$}sv0(({&@wXw>qPGUb^MMZYmKlG420Vh5N@qu`pzabj8
zlpeQvXSdw}ezpery*`>-xuhK9TM2_CLH5jl!3f~lj|-ZdvXFG+YFjnFU~8?Z)Vx~b
zu3;)tA3Rut{97x*tvgvdp^ln(5qg0l)L)t(crJMH(eO_<PXW{CSoy^(j3!>_IR&KV
zHjWo^6@Bw>vl?zK!EZ0fm7vS|eU5m#JMwo}Yg8%y$#RNOgSxyoLnr%q6zjyKibl8H
zdNbA9tq`<7tGkX7;Swib23q{MlD)O874gX8@L|Q<A}x-RC}Tfai3i^e@u}a3wdr@)
zJkQW@)OuVerBFF!29|nqu<#rm>V8-_)D<sUYz8#24E|LvfK>&0Tzq&dI%cX5cl1N(
ztXBaXD=b-(Hg2%XD3ANyGq<s!)iEOCUhS%<QDQ65L}DUqg<IUHqc*oP0=M%6DUJ9B
z5gA_wSn=)B?DuOdT)kt>-%@6Ag7hwwWCIp@8N{k$j`J20uXlFnMLL5_9>s{gvg7r*
zbg(0}CseBVoePj|@tFi|N}Zy$KEi~sqvy*;!Ut`k>FWVucEQHgJbu6QPL$Vlx=>+q
z)Mjw=$2_8N^Rk@4lJ?gpk67^84DpE%fn+%iN?~cR>1APPz|C$MzZ}Y!;*Dm-DCu&O
zg{G?|+`a`y+>1g&m=T4qpj)|w+nEJy5WZ+)5m;x4G{Dk4+J29MR;6L2<o?;npejVz
ziEqX-Wk&tZy$*PK93Gpa&Z`ZQ?e`2fUP|t#*Y0g$KYaePJ@b!Ah}-#(L2de5;$ZpP
z35&Z<CJuSi*YT@(<<l}X-If#GV!=yaj6DA!LUx<}{~w&}{w7_bBvaSZyJ*sFA0GD%
zR$sO;sx!~Hwfq}6cL{{kH?{)=3V#rU{cmUP?!bE7r3A_UV15EWP3OM0N^-d+f6}dW
ze(ra3iRJU*i?e=TfD!AMJZ~7Ws{e94fcbv6-r@t*{AEi_*W&RTw-*3X+zRMhzi&bE
z-JvQ~kpBAnCM2fcz~ngh-6DmC@8(=$-`%|ikQ%;kpmH+Kh=#4jmB{yTj*-BzX%%n^
z`<YqS-?hj}y}{@ux$)e)Q82tS|J_6D-)b(V1<7&H&f%4APe#4VMrXrup%Lwym&TS?
z{G``X7;A?~gAEx-LjUXHN0oXUAQV$?I6h<m-0u{FKD(da0U&QJW*{yDyzt8Y80>s|
zP-T9{x3e~W)6ir>|0bdVI2nJT2act4RQ^g|h^%38^EjU4`c=|39DvXOWTNno!1_~*
z5=fEeWt;vlzYrO0Hx%qAMb{~R!uD<s?Jw+3l98Bu2{BkpxKkJ?;ua9oG&i5(`m>c4
zZIUzW61u>gidC&m*HKS_P3e#C#z@=`hpdD$oQhdwt>%~d=VtePNcb$o8#NvXN-mmN
z&xU=GZw9~T-Ywo<aq72uoD;4tVuv1s2lHWxyy%GEZz?_8X2SQ)3`AmC{nV0~WYW)l
zZC4P7D*Nd?2KDqDWdzq}r!EOVAL<tmMBaa$s8_D44IH6z?IqufNbcr3AsJ83)I5>$
zGc<*+f=A<VZQ)PaCV6od@oZYP)uj4yn?#)3fe~7dd!q{~6?BQJh9*}0q76(|k9?~a
zIe)JBdD!~Z#*;cnq8AN{ApxJHf0Koe7O{$8v;>q(oAUS)@G)&leu+#42j&JdD*6gx
zHrin&EzcNTO`9i9*m=HNl{>w=c_iSut(3R(p*rjpLpUlfhF8XbcL%FS{6AnY3Oq2s
z#1IkI!dorC9(pM;?E}gTA36bdS(<58hy-TOP?nRW6Wh?-UmTu(lM7@FAh-=LGF-q<
z0@%fp*wiZ#z%B4n;PT4EIFKHW;kUNorJR4m7m}9%E)fExz8hPAXp<Q2<6OgR0ZIM+
zylkpU+=k!UsoVTyz{1Ei>H3DPOauo8=eIViYetLK5!yE(q^&$NWkKiqw|3Zf9sk%U
zraH3L_vYY95{CN#|2J>~e<~%&Gw6pl|8FM(QINM}`aj^ry3+wBw@38EtT~y_UJoBu
zja!nuk}0^<#5E=m1O0Pq+mPQtX!5o3sA5%-#Ef+CH;aO<_f}tA#fp;e(r?r4ZmpKo
z1Q=AjN49QTdhjL~-5v4ZoJ3)mwfkCVSEjcu!a1HVujQTC<aT#^y#ZbHA!2owH6uH;
zC=$#%##}8kEyqR?4<R_`CSUk?%Qb94MtvggMVaNiqi(@iII-ppcr3&N2IAc<wHBZc
z$;4KD`XsMVdeDg?I)JmW1Gi7H<O@GZ19yg>?dIYTS7mwV;~`OuxM+9^A<~x<5$nn*
zwQv}BeOb`Iyb~QfQ*<g&O*e62y)RqKM0uCwvVDBQ=4ey!o>r%EOsn~)Qj3Gv<W@Fc
z;GelgW4|RDu@XpB5tZA~ji}&eNab)JC;pgLUi=*^E&LN!`V~aUW_;V~rK`b#!%bs}
zmD>ph)z6QwxneJD;Nm1t?J>+FC6IR$d>sgE7}1u6pPh{RG!=wqT#yC8fDaFEDg^+6
z3rVq@j)ThQlwH#`kb9-O-}>;n5?%i18YQIg&E}RR<Oca05s;H;9DOMd+MRX!VnF)9
zS2p|FFNv-;hWT-O1*P>`5&4-(@?M2MgGCw2eYcX6^MY;gyQjsIxR*#C86aw3btb0I
zos=6W4)tm;L|Z>y4~8a53PwE96wG{AW#5R`ZVi-6dY464YfYQIOSFkBwj9!T)9UW;
z>g*ioFtt{9ZVFPVnW<d(i$RbQ9bo!1(_OXV-awO3;wpEvE)B0%x@$t9o|4w`YQv8d
zKmH%1#{NyL_dhAzpOTOMT{OwRm<s@Z*~N!crnoRPaJ6%gy{N;YZ88omsuw5he8T#?
zuOpqqbkB%KKLC>Vub{LIzO=Hk({ueOK!Z$DFqGf?C*RqW6b2D_xnGpg%d^qP>Qtsk
zeapX`Y1w^4KC!Q4n2h`tRHg}W+i+2Se*q3hCAnUZ>vES{kt~0v!5H;a-x5`6R$#PX
z{IY$sy-aaTBlg+gry{6)1XAK!rCvrLaQ(Tb-e1o`ztjFt=(qkEPYHO6{LOOtO>Ft1
zaJGb%bOIjTiac9qw-2Zp#`I>V=TE|s=ve}nu5{BS=*x`2NHH}n?t2f~1w2Wj?d|Q0
zCME$}keLAJFn8w+6NJP-sw~_;n*RT*?f>6;=DyQ)f#*+us@2YcF!H_Vs=$1gCx%WV
z5;@hz>m!&txgRy{n74{B4F9frTv%aWCO<YiKhE?RsU{UvNn>QHKjjm+yflMfm$q@D
zHtRK~(xFM#6HJ82&7Htp9FADXi!MTnb4$Zcb&1k`eaAvzH_rVm@LOTVAKUytO7qhi
z8p?<1P)29!)gKIUXeYg$pbq6z^|&&M;f}6PISnvZc_-y<LH{|J6S18*6`2a^)_?z%
zu>UEX%euAre$9rm>0tRX#e;=~upQ_7azFm~pDeC#$?5-q`d`Aq-Atb%*WuolN!Dxh
z;QMtaCAy&rG{mmdy}xscf3nl~@tkiRb^6FLjVoDG0eujH;^1BRs8~zy;}^<QFl<1k
z<e-D#d{si9s*|ie*vWkUQ}VIAnxf?84gb;n#ks%*wd7C2$KM&a-$Kp*#^Aj}M{~mm
z__h_i1!w~%qf_bW?(Jzw$A<zpA<i{|ga+yE*J1lu1^KjgTxNPh&#+>KKACvdN-k$H
zWi>Uy$2Xd>JJE|~<*swce9+oBobA^h+oqvDe?%xlOMRC#ZqmQ0$qsPT&5{=+=CMhe
zFP^~L28T84EbixR7qC`YU}G7`QMy)#H)=~&kZyP2;^7*6NR_Q-e`CH~U_lYurSD55
zEEZ!pfv1u}6*48|^mrR8pl`OW31*Umij$V*I6WDar%g#F>xwT}!^n&^^CYU%WaXWo
zOmUkYNIT|%gLiNw%clBOB7tbdXqk%{*^A5&w<*Y@`o3;zq52v2M$yM+^OdNKsLoa!
zczA81u8$01I*zu<pAkO_l={GIyrkl!m&ivfOb$5@7UU2WOq2*isvxvQR8fAh$cIX2
z(#B7M6C-2y0;O(RqUvri|BK0*az`-CtTnf?stCyO#yfRmJ!i7iSH*6m>V5v22C>LX
zSb>Y_k5PINgh0KO_HG{nS@QD2@<UrG0vYOqarG#v+Q92o&!xj1-r#$EjdxXwz>JjM
zBhWOH)U{*m!*dXgZgi6%vpK2dt9QNxhtM9p^~cAqIzw24xn<(!W>+kHB@%SG;X2kQ
z=OI!)-Ji8!Nj@wrBDoUSzt73bbr@8UFoW*K^7T5&RF@{O3Y0*SY!aHoeAOl1$%(bu
z=*5g6AgKmA;L%`0DSr#TAr8pREjzM{nU;=cb)1@gQ$1a25a6%{Z_y<_yQ|?BP|8`>
zfaU1S(~VtS7(ySfulJB~LgwA29UkbEcy#QUo?dWp=m^xZGj>!~>mmV{xzdZ=j~{4b
zpNXZ37l57Ih}Y8)2C=9?prw^hUKv=nIVg(9bljWLLsM-xCXmufruCAReaV3$k;=;O
zo3mY*)i!3nHrK=`a?XzabdVE8TU5sEnNjXh66!{{MqOF8R_BS)i<!m6drb#WF|tIp
zO$i`3Qw)tHKU@DJEzHdURh8>7X~#Uh0P--shmXPcu!vYZ-nN%Jk3U7=YJw*+GK7vk
zy>eY|I6iPcQi!(C(sFN~10*`%7S<vX%7%Z`LE}H+l<|8B_HW<a8odgo1!qT5H}yb(
zGgzQ(2#qxTrlhc{I%0^`_hCe$^!8IIaDx3}WdZV8luGqJ-}{iG$X+v-j85AEy0{9c
z!4#4jf}kxj;nPN5R5{Ka{Xni1$8-_LS;=a~4sA!$Fv;%WTDlY?4yKuj^+91?LtP0`
zDQd!3Rg^rAgtkPPFcG6WC=DTH_s9ZePMvujBRF)K#hLjKwp^Z@+BIO#*9U$DO_fJ{
z%(JsID^>Mgrqz6*1n)rm#BnX`T?XMPi{X@A>#%ya5kb%H{gQ}I!%n88v%8ceY7YiW
zzud_T9Ad=|JrMG|$xE_d<ga;mn2bgTXji13?e!%ebi+DiC2x4{Ec%%wk*(-*uB{;B
zfKgwsl{pjFWU3q1;~dItxRx+IE~%?>J>a3fD$1Y$kbt*sj=g|2{%Z%ZgE@h%Geil@
zf$HcEz37ULG-noTV~J83_9ZcmhbB)VTNM>wn1-{5E5m03rV1NOf`ni<s(l)ftVz-0
zP8%}^^FVzs+#Ts>4-AlquY;G&1;K<bL%AZZ<nw1HRD&L^zKz(qx1YC#vn|ie{2Il4
z3zc!6N&2t?7p}Sph{DnGY6noLK~cr5?;Thk+83FwS$3Y6Bsr_{k|#?U-6=7$^iMW0
zJXukda$Tw<d_Q~Ov>Ojv)!An+$eW&<HHy!BgT6jxizCvTMPs`Yyd2)bEOxL&;=<Lr
zghdzTf9z^z!A50~Tbd(v-xPmtho7X!mrK1S5;0h+%xc!!W~iE`;I5<FX$KCzNKP&W
zg6`8edE76rQ4zy-62golcbnDNPCgJ__q~UWeN=&}oIf1h@nu?$oU7d!w76Y%d1!<Z
z^PVz-H&!jEl%1VS6_;W<rK0CC6(vs)VWi`Z2@|hsj!#f412Ye$uiAR<C=-D=30|Kp
zoTVHe9E+x(!0RKL2;6tlp0(u>v4AOy%Jecke0Yzw&_d$K*%edD6SH!om<7m_y-)0W
zMfDC3xv{u-iK$>hV_W$thCWw^u5gqz-}PPGL0CLUi?n?m8SsD(_mIQ>GVPv?+8n;`
z$$WbvIPl_vr&Hv8D22-Fm*y`&dvNyI3=`^<oAEwMo`lRyH>FSe=j&of2iG(w_o1%|
zP<4Jf!pkbHgOMC0emR_*TH*95K*L&1rfRw}QI-QAw7AP_mAO9ErK(;^tP%QwY{MF>
zt^1|p7~ILCEikVRv*(8BDvXv9F|Rs-Lx(n8**|UehzmwMgLJaD$t6EaC9bIhz{qjG
zqoCD#lRW;rYBv<VUy8qi@<jRu+}^To)*(qX+z-mZ)xY0Ze&DNBhacJ1ASglR!AZ4q
zoQLmz-`M_iFOKebf;?t6uZd+hbdoTpzq=Wlk&`@OElehNWx%$yBz{0uY*~g(ii|LP
z=fmToQ-b?9=UAzNm<0_>yMV`U0kG^zNdszb{a+Tn5W7%@l!a9Yrb<;#v7Os~1wCZK
zFj_(vZ-mwY`6_}VQ%OQh-9I@PYF8)>@1lNSJ%n7pj*EF>ShR|*^O-%k;6bPZvR#Jo
z=euNMN=F+HlEV~SWjS93Grsg$)TgV7IP@j73bsiIbO6R|N_8bpfQ|8~gp-vGZe0-$
z`u02XWj$J!kU(KLc%Z-=!I&mlQT^Ug{E$<Y1!9+hs8%8i-h&YjInpe``-zje-R^`_
z-D#bf-5=*$QOOu}yJNQ>DoyzZhj!N%fwIW);4|3L(+%Ax-H5mq9C-Bfqd3qXN0_|?
z?<l|+FY%%}Bd=Cfx)Hv}&!-rnOQ{WitQ#v=h`j+06asF#`3v$L(EY|XQ8+^wO#wUz
zQdqI(`f0htr$q$(DR~0M!vKtW#lSZdDtd%o8G$mwZ80$%&!)sO=4WT=lUY{+??~5v
zgyL*60MQQzCum>VDAM!dIXRExj61iO<?@yfiC7VRoX|mMVP<%v9(mWHzdx$Ri;-H2
z0j?i4gE-Y8J18h=TW<Ri;`F(3`_{*KZGun`Jn3>Gqs^EHZPVfxz&gQd9Y3N>Dy+EM
z5d)tyoy3t58G`8ctkDdX*z#`XQ5eC*#%Z}FMcxR8Rt{V6LEOpA9fC^4)>vvJltw+6
zqZ9!oO(7><OA|OgGMBd6m_hC9O_uk4iRQb<rY(`|Ympo}*^Um4@?UVqtm#^VrYBOx
zELMz)T6v(^!`Rg$m+3_n=$#V=;6h6lTZZf&*`AfYe|+O;c4w=>0K-S6g0W9yoN}2L
zRaTT|u|8udNQ1rk@`+KrPg_EHrvt?lH5sib2eO4ez2LGBJc%Za=#tR=O^)iYDa3bq
ze5UrMmz6KgCi?~4Gs>(h8j$(NP3S64qD#P2wn`|p7mhK8kHtzDt6qr`Wa09z!P)^S
zNWU;T*2|iShT^hE3q_T_bE~VE!6~KLA;eIYy-7@BFy7<A_g42ubLFLo+TOXMro;vr
z&=R(;@`jMaA!uK+Z*|{;1QTCtaCo<jRj1LtvT=7Yaa0jGMJ9u)z+2-N)10nZien3d
z7S7Sq&?1O)8>Covu*_@Cj0fxcby9y3pG&uP&Vt9~eG2og{REEc9uG}MUCgS~b3;8J
zJg^9IV-2V9L2-mH*9_DA{r)8iskm+Jfijn%D7}iI$3>zcn0m#Zy(`a~o*x9Sl{>XQ
z++$4@hp^TR-!)o}ccd7?$fKA6!E_=cOo5u_<kX`QsU{u8)P{~r%ZAFHTbN*nVdZGZ
znXUR+uq!<f{ap5jae4$KNIC#lpSo1TgTiTSwLX5Trd=jgQ5Palj!`(nzN=4f)rokQ
zM3Z_XktXO;)Wk%C;c2bcoZ&)cbw!9OnFFHWbd8HPcT|}y)Cpj@bA#Pv1$z=RUcNuo
zozbrSakWE^uNv$kVD~^99ix*#R#sMMy|^BGgsy-dCA8ekboXKC;s!-|kI$$)q&v!?
z1DCXedUj9L5LCL~>$7r%-fm)DKF)z=X6CpmK(C79fQzgSQ|3V-$a#vFl`-e&HQmbX
z_TD9{*`0N-b}FQl5eh4EVT<Yv#jDv6EwY(17+;3+^AWdfh6OE)%5~_JLm~yfF;b+g
zxKa`&HIkJNN@F+iHQUGcCmM23Yv=JUA)=N=+xk-<oJ_A~`QWIaEdEb_gTsmVroXU2
zE|POG!wj<FmtRpNKh1T%uXLMjQ6uu76*=5t_yLmt5uX2+AGm!ew}~GardzL6U-^U%
zTHqli!n2h~BWnE)X+R?-{CD^EEgN%7pYg}l8Vchl4$2qSkl7}dAYYxL4qVR_iGH{;
z!(U`Ee<EW33x56|urm2QsOh)wMD?H0wj-v3FA#fxa6C*50DE2wya)Y4%f8h(k^+QF
z-xcLze-V>^DFGa+0QC0z9!S0`;Zu4L%o>(0>i?{kcyFdmXOU-=1F#T$Yl9!}k>#v;
z2`wuXeBY6w=&$ALy^=Hx-xcug-?i^Sj6aI<hYI{{V=Z&s?;3Ez@X26n8x8)GexLt2
z>H1&p`p^FU@FbMH;xjS7xD&;S!Ge2E0rjx7;BQsi!(Z;qf7h<3ZrL{+ZlhiAQ9D0^
zf}hxSUz;MiT#!HE(K<izyE((+!~D<pDhULbEd<E~r24X2l(u(e!tW|w>zt+D2w4F&
zBegED*ed^NlF1L3=HKP_^V>l96)yXzSUkLKNPNRT6@bg31TlW%*_MSo&h0^Cj*Q)&
z+t<K?b^?%@SkCc9hGIsARm2Cn;CTY{qpm++iwSha;j=1oGI&eU?dTrRyFB1R+sSA+
zJjr?UQ$Jc7oK}(pq@bI69f0Vb^LX`GC#u5-`4p`8BqRA)_lo=~cm!SwN7(hsSJgTH
zlOnK{!~D$QnUxGws>sXh6c<zm7Fwcw1?z@g&*2Tu<5n#t<)>XuZ-Tv0g)lwTe&=QM
zv&ZsV-%qbU!?^u>+p0DltE9$po)6O|FGb4O$HzMFN@v$T31``qOD0mp3Oca>P~XQu
zA;x(AUI48|_@=ar67c|p>TbWa#U^V3^jZi>;PSw*kU&9+;fMAm2Y_Bb0Fo<iGT7fF
z>_4<g3;^^RmKH#-J5w6X<W(AeYo~6_eM7H(lCIBLRlaH4e`veD1JG;qZ|L>IAb@P5
zbNyR8ti&<s#tYm1ba_zwo6i2X=5Oag3pe`z?bCYJYLvsv((d4nJ69>@#g{IZhYdY)
z+D-To0lnV_up1cJtKV{e?N;wGOkQLJRxL=7Axp@H@?YX_t~wP+7kkNS&ttmgNtcim
z9sB0Zg|9%1E1H1XP%@lT(Yb-lW}!8N*Uk1~fx*^54!bku$z>@db6zE;1+9Ua+c%ha
zu%@_*IQc|Z<-#K9O33CTLCh!}wp0kyPMo>~>a;49Ap7fQ9myq+4mr>T`$aK5jvs9=
zR{OWIz8E<4p124T-c{t#0QkA?uA`YZq%72ER#(Eu7h`hXY(~dCkhA=J`iF^QYu&nx
zK7lJ(9%yJCO9^X;qLyNKd?>9gN=0}EmVumWRYx#YC&_nw4fDxV0ok~Da0Xdg?li<n
zuYsdpwJgN5N2`_LQkEO$;v#W0{T90gp(iu_tyd-<H~~cMH$^$ZS^AL1?G)B}eg_7y
z{2=Co$}C8=a-^scO>7l>fUfu8SpVk1RUOaRn`dIICSck8VCLKm(qX8WlftR?Vv06d
zm8i(}k;Jr-(au*wMffohA1B|Yd-P^QvU@R_+onVD<T5!0e5}`6s^9RFj_?nzOl^#f
zm2<l;_q`2dKBfO?2k(`x&e;#c$%jJ9r<BR|CMH*ZxGR&A&U}X4RiN4}!NnnW7i9xS
znZvm*q<3nb&gWAr(Ns#7<zP;<Sp)qF-2^Ja65GJjJ0>O*J5pl4p|(K9ROE(5zIH5w
z5<48Pm*`*%w#9=)`KiIn7@+9P<`?6Y?7o<yyq+L%<EyPyP(0|5QfK~y{w24GWGTPN
z7@#6s3HMp8Q~o3}hs!dp8U|`FSX7mf9P}h~02sI1-U;tzVl)793&ED33aUSr??c>a
zCm$hRT9=F|-!ILL*{6}Vd7uDl7$4uy%%>IZGN+qqvbo;-#*4DLxWEs>4;kM{Q!Eo|
z?j+a&UUd$asWXRHUqCFvFK>J@AfkGN=kgu_#4bgIXsfQ&Dzx@p^z>T&Ra-4Do==Kd
z6g=O24w-H>K@Y@4NKNEPdghYk9CMpn@$HqLN)aSRE~m4Ir?N5-HrwIauDc^ZIJ!Xv
z{YIH_R=iNXk-SQ{R)h*Z;!4uxT1?J3QA)~4O*C?j(&%}2crmmF*STEg^8SutWx4ML
zU(~||R3U(@_sw!Z(S1?Z>@rQE=J_Y_?V{Lk`sPf4Nd}URm{?~QA`3;5Qn>&dV~7nP
z`q|BX1<lMGnY#N2OD;_SlKI1<tOtcHDT^C&rRu1`qF4g|Q(wS?tfJg^jDa2#p{ld}
znXAN(>xSB|=ILMe|2H0%zl&ewn(0s4(Gk+1<1ctYZMK?@{{+Klg@=d;8`%)8<T@~!
zA1o8ZS~j)H{8MfM{|hcbf4I83amnM@C?P^i(FM^=Yt;n8o#)qsg7}z<3_se^r``t8
zzm=iB-SZ=g4OrIw8d3-J;|jmFzfVRgYd))ya5|pm@CU#rGRo^@tE7&wuIh##k0x_@
zXgPYxVI+St#jHb8q^XHy=ICL(J%%$?B<?e+HVjPaFu_O1zjK7bf9D{8BHTaz-XA^t
zr==|InKRR!HsCKsq8oaOu-NoyvoMz_1-ELu{EAibpD^kB6%*;F{fbl#%UpJV8Vg`#
ze|ZKV;y71+^bMO+B-e;)pfx+}(PI*#?sPSiac8q!Zarllv(KKVJW^zl(h)^pQauB`
zW%gZ<r0ApV%%>8|P(RQGIzj2&rzVqFEtf@yjeu%%(`{S};gf5Q9p@+GZhN1{_PW3@
zrkG(eMm@WRk=$xwrQg_-7c-`CN=i4YA3Mu}w*tkLnbz0gjgHJ_Bk5;LIHoeIA&&=9
zizsmrN8RG6OHt*w;L=3H#RFt%tWzHLx!lSot`0sH|LH}(;2hl(0=#^^>IxH2jCiVf
z#1*{zHacR+x$Ifwp8ezu{LrE76*UzjXeaTk+ibn9)siLWJ$R>Ljkwe`mZG3`F4pQW
zPqj-)KUwY)zRC(l=~$(r9>Pe82q6&pN*H;tZs;ArGQzjaHRa5Xp>)%N+rFkeNEe;4
zSlZt?F~goO06v*5?8Oqz83P+e=K47Eq*yKzhV4hj!d<3p`T=1^<OS^ZeTSxYq3knP
zHWHMNVMHT^2({jr%kcV!?}_gA&#l0@I%S7^21m)%ltvy;%xqX0Gmr)&GfNO`!|>e=
zBMAX1RGfKd%os;Na*^pC*0M9HpASY3`O@4J*zcu#KAqSMWwcR?@An4}v$^s}RSZ+s
zSJg}C$=^?bRq1&VgiU_qjMh!G$=}{Yld-{6i|+|R*hyTc^QpE#?tvJ^W(oF)<Ms<B
zSV5HWCDk3hnw6LfU3i=pFqVAp#dUI>9QdsX5+294n9(2X%&>~m5M&YaxTLb0)g~Ks
zlbUs<k)w+r^)WwEZci3LKE<cl!aikxt_6|Y@#_g>MeBf#)<IafxE6GKw;*o2{=!4c
zVrYTcNvYwbhz>5}!~v?Rpsr`rf?k3m+@9Hmaka>si`S>syx1H{>M7*H1Z3GeFS^U&
zSVCvHdO@Ze#4N){l|zuqRh4%#W>1PeWCuEGn64M~K=!#OXCb;4CeEiZA;>3#tqgBs
znZ$D=#mQki^2#h*%x6U5c>~d!0peP!SdIzH9Oa3PQ3p0=kdC>iGH!n#vi9<x<AOs4
z+H3P6qyiST7dFhI5uFxBgyNnM2P$R)2ho05OHeXmtR}<A`y&{mbmqLBk7krTgVn_d
znu5BPmW|te?h`M9BOpLEF7Qwp9gi$<7aFST@0FU|Pq~A!J)=?tvYh|OGbU5u5!p)?
ziFE9{&BitoBxGFFT>C_ax(F3S-A)N!USk{3FnVN@zkcx{IyyHco(Y$b<828g|FnP_
zsHqTm2<A7G2EfSWu?{F^W;Sc0Qq?<~xMmv}Mor|2EWv?f``6hUWYbTJVp@skOkNx5
zhrEBrHZ!MZEcIYI%6r}0yOl?7kJ)IPiIzJEh5s(GxY^Jwwor{j*HBno_6`^o4F<fJ
zrSgikqFjoKvf;j(S`%GG6j8Rwni$xCotbeZ3HH^zCU7V4=Y#FUYq==4xY<AGK432q
z+#-+a30Vul;||YPtY1G~*s~fmtlr#+br@4-zc(?big`#DG1{aIn*;Yu=!;kp)|)w$
znyL~AK<h`>P;b5WDV*U=X0jNyL@em@%(=Gt5-0&x#$0Xvkx9NWcU<(_f@hd|<UR+@
zP~N*WN6B}AwPpCq__d2L5VcDIM)6t)gw@}&T<%AYjJLmuBz{Tt{>yj&^?5m4-o3+m
z^QI1PM;u58KuLykR1Np>Qh^K1QYhO5<oN#K<5_a0coo}OrLF@N_c4mPPaV%Upg6Pa
zRCXu^cXdlc@ys>nL;|_mbYD{2`vQ{3gqKs5VMt#tmNjVsZ;DN+qjEpVn8Ds*wak$2
zPfhZq3lA|0W#tH$yac(8ctrzpXVz2h%v#Wu>My^4%JIGixBnUY5n<vexnoJQ|1gco
zg^J<xo;L&?2SEvXhmD;u`&j)Oi6o=+ujH+qu<|z@8iqeAA7bj0F{~24<kfR^F-RG#
zrExN>zt3W{pJQ~Y9Hmaw@v4DQqO6iPQq}q8Q8G%MR-2k;$P4;Z+LMC`iYQImLG?Ci
zZ_B3`HivqJprcNhth}hqi4acXhbJ>CaV;rpy;?Lc@K9<v+jz#~B^G9_j-;la6e&6k
z*&!K@_extte(A(NUZM$gM)kv*ID5;+C-$ksv~=m@W6WLRDMg=^5aAs5*_JlFr_9Wf
z%TMnd?LYK+7=ICI!tJ8cc1gUf{viZ%nO@@IMCdZqzbJz^)rB;94EV=M1)sCj4Z%hc
z*%tw;H%pq&y=L<YHC4l9Mrx2vlQ@b?{bEh}j<-l54b?L&AsJqIBN2fvhMJ_<_R9B-
zP8au4rgAS_)WDy?cG{Ey4c3<@D}jm0&QXFy$8&Y5>xYn5r|gMo2^(){8B2e?ewpM%
zcSO6kvUD|L^z~Ej=md@u-L8sAJ5>@s#<b;excG;4FLg7UY?6iC`E$~nOx`I6a+=MO
zQ4JOvz>40TVTaprTz{wJOrMv={vo3~<zvaodR`i2GA*o2o>2b5p)lZR`lhX~MzN%(
zs22o)!+TNd_EXlH#?C%IuPs=M9>g5*<;qXW5^z$kbP_3tJHbV~QcP{|e=Y)<z+d0y
zAFGUJ>~PjiNMxSnwo$j`ru5%(YYTc|UF6#^OW|2|*c7v#ruZ_JM^}$pw*MWUvrd-S
z!Y+CeDrDWDqn);%h}$;uZt65<_DXpL7j<)Rrg^QWAaR&c!I$xql3CS_F%ImLub|EJ
zz|VNPyNBqOoX6Qy0s*Dh4$te$hClkQ5{Q3xFKuG(2wSySz*sL_+f-Md!yRK|t*K_m
z_v$5N?<m~hz@A@+el(`!k03f*`S?TJR}kJ39^25F_1Jl>e1Y+}8gINQN6}QS6m3Ll
zB<4LhT8ucDuFyKB9T41wvGXfmQ0!QbInk1zY1gYU^&Q2vNcM8Ub?<c*09UgO!J|yv
z*ch35Qlz6$9US8jy+l*N1tm$CbONc4Utt5}q@HXcqL(sd5~A;|PPXxovr|+JY+YV+
z2{6or>n&YdjHTD@nP(Xp*;wcso5%1m$oSxj2fmC!dQ0)<Rf~4GP-i1W^>HJ-V#Zmw
zX#I$}DgMn6Qsz!bEfZgtMddk`H`yAP=(=R68gb#}-fF5<nn|necC177Y}uA%Kk-)(
z9sW$DxDM3Qur?P$JG|XY=-Y3?XF)f@v0BI5Xg5A|8Xr9ViY)xIu<*Y@ApVg|jP=8N
zu*^OS$VxuwF1R@H1DwWUzME1(VfFT4+ZWHw^n^Dd;(;SY5i^tZBIN|{a6JqZvkiS>
zAZ>xz7~Rp)pFudr5kj9)w8!4yVD=zz5ryB0+-@V6TnBAUoo;zZ)wuo<`_w>Lb?mc}
zS)$fKfAJ95mxh+PIy2TE_CujpJ^0je+TD%l6WI`UUYM{4_2D2ce2{)=zZ2Kal}iG<
zVU}fhpGCrY*TRMt*_=YcpL7k0%!({{fkP94*IUz#?QNL=eD`(P;@vIPS8NtmrYVZS
z>a`IKamyH&{c+UW+lg<r4Phq9BPasEA)|wh`ube3#IK*{wC&n$8)Mgn@;#<uC{$G=
zz@RvdY+$9H?$Lzcd0KY{e+8j};NvIjYDT?GsvAz~maW$>M$2m1JC-^zDke{})L%^=
zLJDM=0ChflLy2mt|LkLM<a5M_`!Sa3fu0+f_rrvqwbI(O6gQJe5CrF>>S1gk6fg}D
z<&`z*!lhc>L@z=*%%20?QP+3_ExS(8+I572t&H($b0YlSY->nQtd-Wf&L>>e(_Du$
zIEoW^`ZW6~DwtslUg1=ui`Vuz@#$$e)@IYlQPf49pZ1*f_V`?sqOF|gyh_xj&Ybl8
z><gid9g3^Z57Xp5B(u2aEmKK}lB0qbYb3v$3;wtmsZmI|HQO6%|M<ZC>a&m&;O5Lh
za@^Yx{k_y%{!e9GD3bpMLBiii=xz<Y>?oDeSQ#s#nLQq|RD@6Hg5a>)jLS9;y5C<V
z|D6TubV^5X=!XbjJQY2Rb@@&svqv@*wX%8|VO3Bw^?oA?w+qAFF5vd`PG(9dLJU=^
z_>#QO6I_rBV#rpWo=WughZi^(g@fKD6~xhKzvif8Lh(#NB*4%3YNhwSf^rN5C0)^s
zoqWk~al`%0de}qd2$S64R}|fTq@0)7veniXJL!$md*6M}snQR+{E(r|?o$e_%jnDW
zh>M|6FF}{<;vNn6nqWosNN#?jDmDQZa;ITn(0xfEXwh?rdmMx|!H2=Yqe;JBwm*V0
zZ42Jm3RJZz^Iv|M|7i4g@&o@$1_S!HaIMTfds_9K)5_Z&gG33er=^~v(2;@!3hs`h
z+25b%-y^jCcfihHAx(ekzh(RK?=yV-ZxH|gCjX-9e7({dnovAdoSR2YO3Tc}nJ3x0
zFLvd%2rMAt8jh$<EYW@jJN;QR`7<=_&yvZXqG^BDg8qi48JERG<*Pg%6v|Zdc}Z`B
z!JAk%IQUHx`Wwjh1E}_AN$5{OwLeQje-5gBlZ0wd&1@8!3{1?;2vJKQNnBQ*ED<Ul
z>j?BNsra3mN_+*i??Y_=VJX)CiW{d=PxVc;u62Bf^G&rLw#aIftL?+6XX4+LFGvYb
zNnAR%U<!mdKSgxE4Zs$ycWr&{H5s0O?E(wL&MUGVCzu{zOcBLAB8xI)vX3vU!g=mv
zBe1F9uV$4W`~TZB4A!0A8FqhsrIk<&O#OrlsJR^1MBo{ISKDmv49T&c-z~fm1}K?`
zr^V`AL2`=W-oEb}MuFAlWLV*qc*et6i?W-62BSzJzexE=vE(D-Pf2v!(ZMG%*5cuH
z-MHJsxX6kQSVScrvV39b+(?^{oOkaGAF5K6X-8251u)QYp`BmC61s$`feHX)k!z*P
z9KgMSc4GAjam)4REvHjH>e;#;4*B!&$`=V3fT=QhCVyLcb_Mn$+Qe6~1L~fh)DFbK
z+>94DxXDNgikS6|L^=&30Rf-70D1Ve`|C@R#`wBh*xemWMU!_E+i!Idhx&k8rkE@5
z<|kYdsi2*};;BYpyC?FIJ(i$sezUgJmOFXda;oCZ9Ric^$)^GyyRxBO63eOulNz2~
zj~h0Y1TL9?UM#WJ>d`sR53c2Hy%zK`J?QCGX7w-Ml6{2Qax>@q0;5Qqms-aD36rs6
zP6=;zL)JOTMzOZ$y+EA9%rx4$o~)kGO{ajP3$g2^68G6uQ@(Cek9>Ol`;&Pd6P(#q
z*vV3x8cG7I_cL~RAq=XeqgTfjhpF+iUcJcstj|QnJGu(tVXe`G&+tJN7B(m&ntJqj
zHr^X(ABe)rq!j6CpG01#z%!~Z5$go|p1hcGtAG9cMLn5fMXeC>nh)1E>HhHv?^h5v
zFp2&B$}un+*y5A8`YPyRWjX~uwntBMD5f&Mz%D~U-T-QE_s=-r9P7uE&d>qJdInvf
zU`m0&-h&+DKnHCdz%Ao@55QD^t=WF#0#tbsRvN|B@C*V>y6VENPQH2A`vL|TE+psM
zK-}et0=yFK;TW#SP6Q684!?q+@x#tUw%pgs)^1?g01f;EZo^*C1YnzQ(tm|uEb!a!
zj{-{f|Nl4tFT1w-`7vY6v?p|{+{url${nbV%(LBv*XQ!4HCwG!L58bx4flfq>k<D`
zLdE!>6u8HmqZw{X|C}>13O0#LWtl1!W(Id~h<5Mbq7}#<Hyb+x)}5#k*cQ+Fq;TTx
zrAz|ST*e=~O%UvA>XRLsK^1Jr`l4l$*s@*UEHbqM2LcK%yQ7U~3>A3c2|t1*79v`Q
zS~Vdqvsffz2ByU_26HQe;@of<Y<|Ui+_mNd+beGe&pS9NA8Ez`+=2K1!yPDVJrE}K
zWi!f0=m_AxmiUr7Ga{vPicB$rr$@S?t#u4A99l_i&Y%QQoK{96Qp-dj2DnBm>b@jf
zS)0eauEw)@)oKti3p^cvMx=5X84=Kr6AM<tSc$57uZ?kv{@V(v`y_EmCqRjbFO*@A
zX+#4-UQ;^+rF8eLGf;yWJ6sXA747n9E;YyI(0IBI%(r(+D(qin0d7NL8kPN~r&&9u
zsg+jLCBl}eNX&M`?ISMu0StN-R@lioc$7%oK<Ew-Mv9Yk&+ZEn&aO3oc{yfBb7>~D
z9kWkv>)nN1I0NqHi02~24w2AYv+8H7NL|NaSFV`yxt>wxs7O?+^1Y8~=#QX?s2aA<
z1Wvpzf?&y-TuGX3>t2d9ZX|zxe!aSVw7D&atsl=xW@KRZL{o~X5i5zgH>XAC;OZUw
z#t=i_(si_e!-mrdk+ESe3w6H}WfJ#6?F;g+AUk)!`D7R>(~ENy2TTRhTfTXj$NjHK
z@_&}`_(Oem+3+%k6G2k3<pDQW#!xV`Hm7py+sZ)U8ne6?rNL>BDky0sI(0WBmXq>i
ze&L$^Tm$<F)drr5b`~D&^UP#q2VYK$rD5ILM9!7Ri&#XU4VYv3?Q;yZ@FuL%$5grs
zLIYH}?|!VR^DD=kzofSRH~dB88et1jBe{pw#nwYR(0*VCyWie`^(Dd=Bhwyv0i^|5
zZwzHFV9l|9=qt!#=e7R)_3?r`6EHT%g%l>j<wdZ_e|LfMPf+Oo)%}sjJ8pkAGO+Zo
zlgRcgDB#x@(0zSG`ypMx^RqkQ4Q6=3^e+C&xflE+#1mT1msbby1Bu5U09JJgxy5lT
zN2sgY(B{P>=&-FE_w)5{b7YkJzM_2~{T+rMdlYV0P0J~jw|sQF>sBE(4Zz1m>c`4z
zB)2P+W&f#;`|ZBJs#>OOn6mKfb`deL6UBzBqi=J1XTw?cpVaENdgQhi6PlbH@V<hK
z<rv+U&T~fOEva1dU6}7&eDF^|@^8a*uNCmy?6^?85PjOE=s_Bc?lMXsJvqx30B%us
zt>SxQr`1eO+&<;O01$-#(D?fYGMIm8e+oDy1SSLl?JA2euY8T23o;*@vrcC!M}g_R
z_hFwxPd3u!CVRL;-{D`wdcWAK<_iBwtvt^(qV~kTfSJ}KnnF~NlXS6k`y&o^VNV@c
zaA_Yew;#*szRAt~QQLP;_qYn^5;2`v%A}C>mdZc|bB^=UuF6k}hS+47FQhi-$@F|b
z>)D2NMVx~2+Is?-9ar-pj{Tz5mEw_7(W>_(9>hzj-sAd&T;4|G+X%ZqV$J+$s@>1$
zcqhQhkZyq;XWl4$t4aSrUm6*;%F^j5U#-8<d7^H3$HLr<B5{msDSjp2AYLjJEd6e8
z3FAO$qKa_O5#(W8?#4M_q4?hXq3;93@hrC9(g<)kJqI@n6*AmPAD_^=N_=b!rBu+!
z@U{wF-D?Ly&8cpr$YE+!0=#Ewi9BIC)MmnsB^zq8Q5oG1geFEQ{U1BN+~t{l0rkcK
z)FO+@9T+AL*th^5?vx`2!w(`Mn59oDjBxc0RFUo}*flLxWNiu(>@LneU?bPje@DYv
zX4F~}r=%M!s@FC!Nvg{yP9*!tE(tw^Qf=Vq(2TZW$^q@JZAhFbHoNH_nkDxV3}rG~
zPm<qZeu-t1X?k(eGmdT65}DPHdWU$hf?JgKmMwcsO=Q)s7Lqk}BS%u39NzXx_Cp;}
z_h3>*_sbFBR|yVy2<?-R8<5U+x*>(bH<R^K2OBt1Hjqw2)aS7XTa1=myeIs=Wvm5Q
zM$WBWkg2*)wMBTzEYr1*9h*S4`X0z!L_Fxu7%Bk^0rNt8H?dYW*t7hP7Ap-8W9|uo
z-6@IOULCGW?=^Vsl)6gxE$;AuX!E8pWAF?jR&_x0ew@MDgqgGB1(;BEPK$Ze?aEQo
ziK;#=PXktIU`j2;e0i2F*)z`}kuD01XTwiokOI=;UG%)>x5c)VhMs5=E;;)?RnhZo
z=OPak)gGy(no4gEcruPeR9}+Os)vYNtN$dqXd8eA;P`zDQ_fr*tnPGF<GZGP1?i(V
z(cbIjV!nG%W_uN*%m#l2&V3GWng?sL4yG9mE>~5=zyPxO*4&8d^C2fI%kC?g_KH`E
z@8<6tskzLG@$Rlp^UBvs+~+CjU=B=1F5>rQ>(KZzM>=*Tl-uf9u5>EeE)zeSGPh^$
zyP^8H1pRKOrX?pb_c8MZF~VqBfCWRrN+FK5CS<nRf-uraxH}}3st;r?994;mX3hor
z((svS2&G#5<N8OZ-oi47D)ORWO;_B0gwJ`gV-o=02Lj%%<MrU-qZ$=TM+;NE8r7bA
z^h5bMrCtpTN_|$|o+E+H7SOXqY|**40S_Y&x9>q%hs{7@MfNi`q*lQ@h|H*r++(3Z
zpWkaqjg-371f3P2)TOuPb;gUmL;?qqnd(Mf+Q05b7suNK3Qix3$)BU7E#*2O2*8~S
zoLCGMDAGx-N*Vg8((ATg!R`vA#G~UF{+mkm{a$+T?|t_{&#jv`2CWgc6YBV}6Up8^
ztD{z}O!~ZM8;nTI+(d&N4Ne3j?uo{g4Uyx^BlisiR;r<OEo`pm+rw<6k&YCs<d8S3
z@t%qB4SJHKOZ<Z4MtyhJ%&cKtUDU6Tmf6j_4kV{QCSW!qy%a~+6v}eFCg6C3+kSm4
z-fxq66_Fb=*1jv=Y#PdkX{VL7HsFv`^d!8cNb~~+9F~~iBae&!M85s+c#ix{ejeB!
zOMlq(rP<IVM7+JG1sEUHFHhKk0xW{l0sxEl^Pg(2OiXEA!<YgD_fKCzJ|wqVf1Y~@
zqyUz?S<>~H)?Vu64~;+1+`2~YM<^u#(H-dq)BT4A)}JSSGlm<_a`)5E?w`W8e*2sc
zBm~p1L%x-gVF!5o3}^B`HWa6*Dlr?1N*gZVCIKqH&sPv)A_0$y#WD6kD^Ra~fZ-r3
M^E>$g?d#<K16`Si1^@s6

literal 0
HcmV?d00001


From 7902ae20a1b98ca2072e0aae4de34d09b51729b8 Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Tue, 8 Aug 2023 13:16:32 -0400
Subject: [PATCH 257/359] Upgrade test: remove outdated test and disable log
 due to verbosity (#18403)

* remove outdated test

* disable log since we have too many parallel tests
---
 .github/workflows/test-integrations.yml       |   4 +-
 .../upgrade/basic/fullstopupgrade_test.go     | 156 +++++++-----------
 2 files changed, 66 insertions(+), 94 deletions(-)

diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index ea21f613e764..4545cef6049d 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -546,7 +546,9 @@ jobs:
             -p=4 \
             -tags "${{ env.GOTAGS }}" \
             -timeout=30m \
-            -json ./... \
+            -json \
+            ./... \
+            --follow-log=false \
             --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
             --target-version local \
             --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
diff --git a/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go b/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go
index ff5c9f36a540..6b4a047952bc 100644
--- a/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go
+++ b/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go
@@ -32,99 +32,69 @@ var (
 
 // Test upgrade a cluster of latest version to the target version
 func TestStandardUpgradeToTarget_fromLatest(t *testing.T) {
-	tcs = append(tcs,
-		testcase{
-			// Use the case of "1.12.3" ==> "1.13.0" to verify the test can
-			// catch the upgrade bug found in snapshot of 1.13.0
-			oldVersion:    "1.12.3",
-			targetVersion: "1.13.0",
-			expectErr:     true,
-		},
-	)
-
-	tcs = append(tcs, testcase{
-		oldVersion:    utils.LatestVersion,
-		targetVersion: utils.TargetVersion,
-	},
-	)
-
-	run := func(t *testing.T, tc testcase) {
-		const numServers = 1
-		buildOpts := &libcluster.BuildOptions{
-			ConsulImageName:      utils.GetLatestImageName(),
-			ConsulVersion:        utils.LatestVersion,
-			Datacenter:           "dc1",
-			InjectAutoEncryption: true,
-		}
-
-		cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{
-			NumServers:                numServers,
-			BuildOpts:                 buildOpts,
-			ApplyDefaultProxySettings: true,
-		})
-		client := cluster.APIClient(0)
-
-		libcluster.WaitForLeader(t, cluster, client)
-		libcluster.WaitForMembers(t, client, numServers)
-
-		// Create a service to be stored in the snapshot
-		const serviceName = "api"
-		index := libservice.ServiceCreate(t, client, serviceName)
-
-		require.NoError(t, client.Agent().ServiceRegister(
-			&api.AgentServiceRegistration{Name: serviceName, Port: 9998},
-		))
-		err := goretry.Do(
-			func() error {
-				ch, errCh := libservice.ServiceHealthBlockingQuery(client, serviceName, index)
-				select {
-				case err := <-errCh:
-					require.NoError(t, err)
-				case service := <-ch:
-					index = service[0].Service.ModifyIndex
-					if len(service) != 1 {
-						return fmt.Errorf("service is %d, want 1", len(service))
-					}
-					if serviceName != service[0].Service.Service {
-						return fmt.Errorf("service name is %s, want %s", service[0].Service.Service, serviceName)
-					}
-					if service[0].Service.Port != 9998 {
-						return fmt.Errorf("service is %d, want 9998", service[0].Service.Port)
-					}
-				}
-				return nil
-			},
-			goretry.Attempts(5),
-			goretry.Delay(time.Second),
-		)
-		require.NoError(t, err)
-
-		// upgrade the cluster to the Target version
-		t.Logf("initiating standard upgrade to version=%q", tc.targetVersion)
-		err = cluster.StandardUpgrade(t, context.Background(), utils.GetTargetImageName(), tc.targetVersion)
-
-		if !tc.expectErr {
-			require.NoError(t, err)
-			libcluster.WaitForLeader(t, cluster, client)
-			libcluster.WaitForMembers(t, client, numServers)
-
-			// Verify service is restored from the snapshot
-			retry.RunWith(&retry.Timer{Timeout: 5 * time.Second, Wait: 500 * time.Microsecond}, t, func(r *retry.R) {
-				service, _, err := client.Catalog().Service(serviceName, "", &api.QueryOptions{})
-				require.NoError(r, err)
-				require.Len(r, service, 1)
-				require.Equal(r, serviceName, service[0].ServiceName)
-			})
-		} else {
-			require.ErrorContains(t, err, "context deadline exceeded")
-		}
+	const numServers = 1
+	buildOpts := &libcluster.BuildOptions{
+		ConsulImageName:      utils.GetLatestImageName(),
+		ConsulVersion:        utils.LatestVersion,
+		Datacenter:           "dc1",
+		InjectAutoEncryption: true,
 	}
 
-	for _, tc := range tcs {
-		t.Run(fmt.Sprintf("upgrade from %s to %s", tc.oldVersion, tc.targetVersion),
-			func(t *testing.T) {
-				run(t, tc)
-			})
-		time.Sleep(1 * time.Second)
-	}
+	cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{
+		NumServers:                numServers,
+		BuildOpts:                 buildOpts,
+		ApplyDefaultProxySettings: true,
+	})
+	client := cluster.APIClient(0)
+
+	libcluster.WaitForLeader(t, cluster, client)
+	libcluster.WaitForMembers(t, client, numServers)
+
+	// Create a service to be stored in the snapshot
+	const serviceName = "api"
+	index := libservice.ServiceCreate(t, client, serviceName)
+
+	require.NoError(t, client.Agent().ServiceRegister(
+		&api.AgentServiceRegistration{Name: serviceName, Port: 9998},
+	))
+	err := goretry.Do(
+		func() error {
+			ch, errCh := libservice.ServiceHealthBlockingQuery(client, serviceName, index)
+			select {
+			case err := <-errCh:
+				require.NoError(t, err)
+			case service := <-ch:
+				index = service[0].Service.ModifyIndex
+				if len(service) != 1 {
+					return fmt.Errorf("service is %d, want 1", len(service))
+				}
+				if serviceName != service[0].Service.Service {
+					return fmt.Errorf("service name is %s, want %s", service[0].Service.Service, serviceName)
+				}
+				if service[0].Service.Port != 9998 {
+					return fmt.Errorf("service is %d, want 9998", service[0].Service.Port)
+				}
+			}
+			return nil
+		},
+		goretry.Attempts(5),
+		goretry.Delay(time.Second),
+	)
+	require.NoError(t, err)
+
+	// upgrade the cluster to the Target version
+	t.Logf("initiating standard upgrade to version=%q", utils.TargetVersion)
+	err = cluster.StandardUpgrade(t, context.Background(), utils.GetTargetImageName(), utils.TargetVersion)
+
+	require.NoError(t, err)
+	libcluster.WaitForLeader(t, cluster, client)
+	libcluster.WaitForMembers(t, client, numServers)
+
+	// Verify service is restored from the snapshot
+	retry.RunWith(&retry.Timer{Timeout: 5 * time.Second, Wait: 500 * time.Microsecond}, t, func(r *retry.R) {
+		service, _, err := client.Catalog().Service(serviceName, "", &api.QueryOptions{})
+		require.NoError(r, err)
+		require.Len(r, service, 1)
+		require.Equal(r, serviceName, service[0].ServiceName)
+	})
 }

From 43d8898e08dcbb6e00403d408b12426ae0cdce01 Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Tue, 8 Aug 2023 14:08:14 -0400
Subject: [PATCH 258/359] =?UTF-8?q?bump=20testcontainers-go=20from=200.22.?=
 =?UTF-8?q?0=20and=20remove=20pinned=20go=20version=20in=20in=E2=80=A6=20(?=
 =?UTF-8?q?#18395)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* bump testcontainers-go from 0.22.0 and remove pinned go version in integ test

* go mod tidy

* Replace deprecated target.Authority with target.URL.Host
---
 .github/workflows/test-integrations.yml  |  12 +-
 agent/grpc-internal/resolver/registry.go |   4 +-
 test-integ/go.mod                        |  60 +++++-----
 test-integ/go.sum                        | 130 ++++++++++++----------
 test/integration/consul-container/go.mod |  62 ++++++-----
 test/integration/consul-container/go.sum | 134 ++++++++++++-----------
 6 files changed, 211 insertions(+), 191 deletions(-)

diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 4545cef6049d..4947662d5651 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -372,11 +372,7 @@ jobs:
         run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
-          # pinning this to 1.20.5 because this issue in go-testcontainers occurs
-          # in 1.20.6 with the error "http: invalid Host header, host port waiting failed"
-          # https://github.com/testcontainers/testcontainers-go/issues/1359
-          # go-version-file: 'go.mod'
-          go-version: '1.20.5'
+          go-version-file: 'go.mod'
       - run: go env
       - name: docker env
         run: |
@@ -491,11 +487,7 @@ jobs:
         run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
-          # pinning this to 1.20.5 because this issue in go-testcontainers occurs
-          # in 1.20.6 with the error "http: invalid Host header, host port waiting failed"
-          # https://github.com/testcontainers/testcontainers-go/issues/1359
-          # go-version-file: 'go.mod'
-          go-version: '1.20.5'
+          go-version-file: 'go.mod'
       - run: go env
 
       # Get go binary from workspace
diff --git a/agent/grpc-internal/resolver/registry.go b/agent/grpc-internal/resolver/registry.go
index 650915becc32..5151cfd46ce0 100644
--- a/agent/grpc-internal/resolver/registry.go
+++ b/agent/grpc-internal/resolver/registry.go
@@ -23,10 +23,10 @@ func (r *registry) Build(target resolver.Target, cc resolver.ClientConn, opts re
 	r.lock.RLock()
 	defer r.lock.RUnlock()
 	//nolint:staticcheck
-	res, ok := r.byAuthority[target.Authority]
+	res, ok := r.byAuthority[target.URL.Host]
 	if !ok {
 		//nolint:staticcheck
-		return nil, fmt.Errorf("no resolver registered for %v", target.Authority)
+		return nil, fmt.Errorf("no resolver registered for %v", target.URL.Host)
 	}
 	return res.Build(target, cc, opts)
 }
diff --git a/test-integ/go.mod b/test-integ/go.mod
index f775cd7da07f..e1a62dbdaadb 100644
--- a/test-integ/go.mod
+++ b/test-integ/go.mod
@@ -14,9 +14,10 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.19.0 // indirect
+	cloud.google.com/go/compute v1.20.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v0.13.0 // indirect
+	cloud.google.com/go/iam v1.1.1 // indirect
+	dario.cat/mergo v1.0.0 // indirect
 	fortio.org/dflag v1.5.2 // indirect
 	fortio.org/fortio v1.54.0 // indirect
 	fortio.org/log v1.3.0 // indirect
@@ -43,21 +44,21 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect
 	github.com/circonus-labs/circonusllhist v0.1.3 // indirect
-	github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 // indirect
-	github.com/containerd/containerd v1.7.1 // indirect
+	github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
+	github.com/containerd/containerd v1.7.3 // indirect
 	github.com/coreos/etcd v3.3.27+incompatible // indirect
 	github.com/coreos/go-oidc v2.1.0+incompatible // indirect
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
 	github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/docker/distribution v2.8.1+incompatible // indirect
-	github.com/docker/docker v23.0.6+incompatible // indirect
+	github.com/docker/distribution v2.8.2+incompatible // indirect
+	github.com/docker/docker v24.0.5+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
-	github.com/envoyproxy/go-control-plane v0.11.0 // indirect
-	github.com/envoyproxy/protoc-gen-validate v0.10.0 // indirect
+	github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f // indirect
+	github.com/envoyproxy/protoc-gen-validate v0.10.1 // indirect
 	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 	github.com/fatih/color v1.14.1 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
@@ -83,9 +84,10 @@ require (
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/s2a-go v0.1.4 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
-	github.com/googleapis/gax-go/v2 v2.7.1 // indirect
+	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
 	github.com/hashicorp/consul v0.0.0-00010101000000-000000000000 // indirect
@@ -137,7 +139,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.16.5 // indirect
+	github.com/klauspost/compress v1.16.7 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
@@ -164,8 +166,8 @@ require (
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/oklog/ulid/v2 v2.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
-	github.com/opencontainers/runc v1.1.7 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
+	github.com/opencontainers/runc v1.1.8 // indirect
 	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
 	github.com/otiai10/copy v1.10.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
@@ -181,11 +183,11 @@ require (
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
 	github.com/segmentio/fasthash v1.0.3 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 // indirect
-	github.com/testcontainers/testcontainers-go v0.20.1 // indirect
+	github.com/testcontainers/testcontainers-go v0.22.0 // indirect
 	github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect
 	github.com/zclconf/go-cty v1.12.1 // indirect
 	go.etcd.io/bbolt v1.3.7 // indirect
@@ -198,22 +200,24 @@ require (
 	go.opentelemetry.io/otel/trace v1.16.0 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
-	golang.org/x/crypto v0.11.0 // indirect
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/net v0.13.0 // indirect
-	golang.org/x/oauth2 v0.6.0 // indirect
-	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.10.0 // indirect
-	golang.org/x/term v0.10.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/crypto v0.12.0 // indirect
+	golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b // indirect
+	golang.org/x/mod v0.12.0 // indirect
+	golang.org/x/net v0.14.0 // indirect
+	golang.org/x/oauth2 v0.8.0 // indirect
+	golang.org/x/sync v0.3.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/term v0.11.0 // indirect
+	golang.org/x/text v0.12.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.9.1 // indirect
-	google.golang.org/api v0.114.0 // indirect
+	golang.org/x/tools v0.11.1 // indirect
+	google.golang.org/api v0.126.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
-	google.golang.org/grpc v1.55.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 // indirect
+	google.golang.org/grpc v1.57.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.66.2 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/test-integ/go.sum b/test-integ/go.sum
index 9ccc587e33bc..015660056dd5 100644
--- a/test-integ/go.sum
+++ b/test-integ/go.sum
@@ -25,22 +25,20 @@ cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aD
 cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
 cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
 cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ=
-cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU=
+cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
+cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k=
-cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
-cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
+cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y=
+cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -50,6 +48,8 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
+dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 fortio.org/assert v1.1.4 h1:Za1RaG+OjsTMpQS3J3UCvTF6wc4+IOHCz+jAOU37Y4o=
 fortio.org/dflag v1.5.2 h1:F9XVRj4Qr2IbJP7BMj7XZc9wB0Q/RZ61Ool+4YPVad8=
@@ -62,6 +62,7 @@ fortio.org/sets v1.0.2 h1:gSWZFg9rgzl1zJfI/93lDJKBFw8WZ3Uxe3oQ5uDM4T4=
 fortio.org/sets v1.0.2/go.mod h1:xVjulHr0FhlmReSymI+AhDtQ4FgjiazQ3JmuNpYFMs8=
 fortio.org/version v1.0.2 h1:8NwxdX58aoeKx7T5xAPO0xlUu1Hpk42nRz5s6e6eKZ0=
 fortio.org/version v1.0.2/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
@@ -141,11 +142,10 @@ github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 h1:58f1tJ1ra+zFINPlwLWvQsR9CzAKt2e+EWV2yX9oXQ4=
-github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/containerd/containerd v1.7.1 h1:k8DbDkSOwt5rgxQ3uCI4WMKIJxIndSCBUaGm5oRn+Go=
-github.com/containerd/containerd v1.7.1/go.mod h1:gA+nJUADRBm98QS5j5RPROnt0POQSMK+r7P7EGMC/Qc=
-github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
+github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
+github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/containerd/containerd v1.7.3 h1:cKwYKkP1eTj54bP3wCdXXBymmKRQMrWjkLSWZZJDa8o=
+github.com/containerd/containerd v1.7.3/go.mod h1:32FOM4/O0RkNg7AjQj3hDzN9cUGtu+HMvaKUNiqCZB8=
 github.com/coreos/etcd v3.3.27+incompatible h1:QIudLb9KeBsE5zyYxd1mjzRSkzLg9Wf9QlRwFgd6oTA=
 github.com/coreos/etcd v3.3.27+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM=
@@ -158,14 +158,15 @@ github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoY
 github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
+github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
-github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v23.0.6+incompatible h1:aBD4np894vatVX99UTx/GyOUOK4uEcROwA3+bQhEcoU=
-github.com/docker/docker v23.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
+github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v24.0.5+incompatible h1:WmgcE4fxyI6EEXxBRxsHnZXrO1pQ3smi0k/jho4HLeY=
+github.com/docker/docker v24.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -181,11 +182,11 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/go-control-plane v0.11.0 h1:jtLewhRR2vMRNnq2ZZUoCjUlgut+Y0+sDDWPOfwOi1o=
-github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI=
+github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f h1:7T++XKzy4xg7PKy+bM+Sa9/oe1OC88yz2hXQUISoXfA=
+github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v0.10.0 h1:oIfnZFdC0YhpNNEX+SuIqko4cqqVZeN9IGTrhZje83Y=
-github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
+github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8=
+github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
 github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
@@ -370,6 +371,8 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
+github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
 github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 h1:AtvtonGEH/fZK0XPNNBdB6swgy7Iudfx88wzyIpwqJ8=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -380,8 +383,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A=
-github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
+github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4=
+github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
@@ -546,8 +549,8 @@ github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0Lh
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
-github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
+github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
@@ -653,10 +656,10 @@ github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs=
 github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
-github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
-github.com/opencontainers/runc v1.1.7 h1:y2EZDS8sNng4Ksf0GUYNhKbTShZJPJg1FiXJNH/uoCk=
-github.com/opencontainers/runc v1.1.7/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
+github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
+github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/runc v1.1.8 h1:zICRlc+C1XzivLc3nzE+cbJV4LIi8tib6YG0MqC6OqA=
+github.com/opencontainers/runc v1.1.8/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU=
@@ -727,8 +730,8 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
@@ -756,8 +759,8 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 h1:xzABM9let0HLLqFypcxvLmlvEciCHL7+Lv+4vwZqecI=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569/go.mod h1:2Ly+NIftZN4de9zRmENdYbvPQeaVIYKWpLFStLFEBgI=
-github.com/testcontainers/testcontainers-go v0.20.1 h1:mK15UPJ8c5P+NsQKmkqzs/jMdJt6JMs5vlw2y4j92c0=
-github.com/testcontainers/testcontainers-go v0.20.1/go.mod h1:zb+NOlCQBkZ7RQp4QI+YMIHyO2CQ/qsXzNF5eLJ24SY=
+github.com/testcontainers/testcontainers-go v0.22.0 h1:hOK4NzNu82VZcKEB1aP9LO1xYssVFMvlfeuDW9JMmV0=
+github.com/testcontainers/testcontainers-go v0.22.0/go.mod h1:k0YiPa26xJCRUbUkYqy5rY6NGvSbVCeUBXCvucscBR4=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
@@ -829,9 +832,10 @@ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
-golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -842,8 +846,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b h1:r+vk0EmXNmekl0S0BascoeeoHk/L7wmaW2QF90K+kYI=
+golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -871,8 +875,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
-golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -919,8 +923,8 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
-golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -937,8 +941,8 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw=
-golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
+golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
+golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -952,8 +956,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
-golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1027,13 +1031,13 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
-golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
-golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1043,9 +1047,10 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
-golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1114,8 +1119,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
-golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+golang.org/x/tools v0.11.1 h1:ojD5zOW8+7dOGzdnNgersm8aPfcDjhMp12UfG93NIMc=
+golang.org/x/tools v0.11.1/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1148,8 +1153,8 @@ google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00
 google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
 google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE=
-google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg=
+google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o=
+google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1217,8 +1222,12 @@ google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e h1:xIXmWJ303kJCuogpj0bHq+dcjcZHU+XFyc1I0Yl9cRg=
+google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:0ggbjUrZYpy1q+ANUS30SEoGZ53cdfwtbuG7Ptgy108=
+google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU=
+google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 h1:eSaPbMR4T7WfH9FvABk36NBMacoTUKdWCvV0dx+KfOg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5/go.mod h1:zBEcrKX2ZOcEkHWxBPAIvYUWOKKMIhYcmNiUIu2ji3I=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1247,8 +1256,9 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
-google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
+google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
+google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
+google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1264,8 +1274,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1293,7 +1303,7 @@ gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
+gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index 9ddab4e1d6f7..3a1fe15feaaf 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -5,7 +5,7 @@ go 1.20
 require (
 	fortio.org/fortio v1.54.0
 	github.com/avast/retry-go v3.0.0+incompatible
-	github.com/docker/docker v23.0.6+incompatible
+	github.com/docker/docker v24.0.5+incompatible
 	github.com/docker/go-connections v0.4.0
 	github.com/evanphx/json-patch v4.12.0+incompatible
 	github.com/go-jose/go-jose/v3 v3.0.0
@@ -26,17 +26,18 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/otiai10/copy v1.10.0
 	github.com/pkg/errors v0.9.1
-	github.com/stretchr/testify v1.8.3
+	github.com/stretchr/testify v1.8.4
 	github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569
-	github.com/testcontainers/testcontainers-go v0.20.1
-	golang.org/x/mod v0.10.0
-	google.golang.org/grpc v1.55.0
+	github.com/testcontainers/testcontainers-go v0.22.0
+	golang.org/x/mod v0.12.0
+	google.golang.org/grpc v1.57.0
 )
 
 require (
-	cloud.google.com/go/compute v1.19.0 // indirect
+	cloud.google.com/go/compute v1.20.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v0.13.0 // indirect
+	cloud.google.com/go/iam v1.1.1 // indirect
+	dario.cat/mergo v1.0.0 // indirect
 	fortio.org/dflag v1.5.2 // indirect
 	fortio.org/log v1.3.0 // indirect
 	fortio.org/sets v1.0.2 // indirect
@@ -59,19 +60,19 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect
 	github.com/circonus-labs/circonusllhist v0.1.3 // indirect
-	github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 // indirect
-	github.com/containerd/containerd v1.7.1 // indirect
+	github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
+	github.com/containerd/containerd v1.7.3 // indirect
 	github.com/coreos/etcd v3.3.27+incompatible // indirect
 	github.com/coreos/go-oidc v2.1.0+incompatible // indirect
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
 	github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/docker/distribution v2.8.1+incompatible // indirect
+	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
-	github.com/envoyproxy/go-control-plane v0.11.0 // indirect
-	github.com/envoyproxy/protoc-gen-validate v0.10.0 // indirect
+	github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f // indirect
+	github.com/envoyproxy/protoc-gen-validate v0.10.1 // indirect
 	github.com/fatih/color v1.14.1 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-logr/logr v1.2.4 // indirect
@@ -95,9 +96,10 @@ require (
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/s2a-go v0.1.4 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
-	github.com/googleapis/gax-go/v2 v2.7.1 // indirect
+	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
 	github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 // indirect
@@ -140,7 +142,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.16.5 // indirect
+	github.com/klauspost/compress v1.16.7 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
@@ -165,8 +167,8 @@ require (
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/oklog/ulid/v2 v2.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
-	github.com/opencontainers/runc v1.1.7 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
+	github.com/opencontainers/runc v1.1.8 // indirect
 	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/pierrec/lz4 v2.5.2+incompatible // indirect
@@ -179,7 +181,7 @@ require (
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
 	github.com/segmentio/fasthash v1.0.3 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect
@@ -193,20 +195,22 @@ require (
 	go.opentelemetry.io/otel/trace v1.16.0 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
-	golang.org/x/crypto v0.11.0 // indirect
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/net v0.13.0 // indirect
-	golang.org/x/oauth2 v0.6.0 // indirect
-	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.10.0 // indirect
-	golang.org/x/term v0.10.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/crypto v0.12.0 // indirect
+	golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b // indirect
+	golang.org/x/net v0.14.0 // indirect
+	golang.org/x/oauth2 v0.8.0 // indirect
+	golang.org/x/sync v0.3.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/term v0.11.0 // indirect
+	golang.org/x/text v0.12.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.9.1 // indirect
-	google.golang.org/api v0.114.0 // indirect
+	golang.org/x/tools v0.11.1 // indirect
+	google.golang.org/api v0.126.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.66.2 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum
index b4e8a0e663b1..c5563b08a8bd 100644
--- a/test/integration/consul-container/go.sum
+++ b/test/integration/consul-container/go.sum
@@ -25,22 +25,20 @@ cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aD
 cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
 cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
 cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ=
-cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU=
+cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
+cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k=
-cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
-cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
+cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y=
+cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -50,6 +48,8 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
+dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 fortio.org/assert v1.1.4 h1:Za1RaG+OjsTMpQS3J3UCvTF6wc4+IOHCz+jAOU37Y4o=
 fortio.org/dflag v1.5.2 h1:F9XVRj4Qr2IbJP7BMj7XZc9wB0Q/RZ61Ool+4YPVad8=
@@ -62,6 +62,7 @@ fortio.org/sets v1.0.2 h1:gSWZFg9rgzl1zJfI/93lDJKBFw8WZ3Uxe3oQ5uDM4T4=
 fortio.org/sets v1.0.2/go.mod h1:xVjulHr0FhlmReSymI+AhDtQ4FgjiazQ3JmuNpYFMs8=
 fortio.org/version v1.0.2 h1:8NwxdX58aoeKx7T5xAPO0xlUu1Hpk42nRz5s6e6eKZ0=
 fortio.org/version v1.0.2/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
@@ -137,11 +138,10 @@ github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 h1:58f1tJ1ra+zFINPlwLWvQsR9CzAKt2e+EWV2yX9oXQ4=
-github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/containerd/containerd v1.7.1 h1:k8DbDkSOwt5rgxQ3uCI4WMKIJxIndSCBUaGm5oRn+Go=
-github.com/containerd/containerd v1.7.1/go.mod h1:gA+nJUADRBm98QS5j5RPROnt0POQSMK+r7P7EGMC/Qc=
-github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
+github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
+github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/containerd/containerd v1.7.3 h1:cKwYKkP1eTj54bP3wCdXXBymmKRQMrWjkLSWZZJDa8o=
+github.com/containerd/containerd v1.7.3/go.mod h1:32FOM4/O0RkNg7AjQj3hDzN9cUGtu+HMvaKUNiqCZB8=
 github.com/coreos/etcd v3.3.27+incompatible h1:QIudLb9KeBsE5zyYxd1mjzRSkzLg9Wf9QlRwFgd6oTA=
 github.com/coreos/etcd v3.3.27+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM=
@@ -154,14 +154,15 @@ github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoY
 github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
+github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
-github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v23.0.6+incompatible h1:aBD4np894vatVX99UTx/GyOUOK4uEcROwA3+bQhEcoU=
-github.com/docker/docker v23.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
+github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v24.0.5+incompatible h1:WmgcE4fxyI6EEXxBRxsHnZXrO1pQ3smi0k/jho4HLeY=
+github.com/docker/docker v24.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -177,11 +178,11 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/go-control-plane v0.11.0 h1:jtLewhRR2vMRNnq2ZZUoCjUlgut+Y0+sDDWPOfwOi1o=
-github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI=
+github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f h1:7T++XKzy4xg7PKy+bM+Sa9/oe1OC88yz2hXQUISoXfA=
+github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v0.10.0 h1:oIfnZFdC0YhpNNEX+SuIqko4cqqVZeN9IGTrhZje83Y=
-github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
+github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8=
+github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
 github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
@@ -366,6 +367,8 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
+github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
 github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 h1:AtvtonGEH/fZK0XPNNBdB6swgy7Iudfx88wzyIpwqJ8=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -376,8 +379,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A=
-github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
+github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4=
+github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
@@ -540,8 +543,8 @@ github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0Lh
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
-github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
+github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
@@ -645,10 +648,10 @@ github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs=
 github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
-github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
-github.com/opencontainers/runc v1.1.7 h1:y2EZDS8sNng4Ksf0GUYNhKbTShZJPJg1FiXJNH/uoCk=
-github.com/opencontainers/runc v1.1.7/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
+github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
+github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/runc v1.1.8 h1:zICRlc+C1XzivLc3nzE+cbJV4LIi8tib6YG0MqC6OqA=
+github.com/opencontainers/runc v1.1.8/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU=
@@ -716,8 +719,8 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
@@ -741,12 +744,12 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
-github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 h1:xzABM9let0HLLqFypcxvLmlvEciCHL7+Lv+4vwZqecI=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569/go.mod h1:2Ly+NIftZN4de9zRmENdYbvPQeaVIYKWpLFStLFEBgI=
-github.com/testcontainers/testcontainers-go v0.20.1 h1:mK15UPJ8c5P+NsQKmkqzs/jMdJt6JMs5vlw2y4j92c0=
-github.com/testcontainers/testcontainers-go v0.20.1/go.mod h1:zb+NOlCQBkZ7RQp4QI+YMIHyO2CQ/qsXzNF5eLJ24SY=
+github.com/testcontainers/testcontainers-go v0.22.0 h1:hOK4NzNu82VZcKEB1aP9LO1xYssVFMvlfeuDW9JMmV0=
+github.com/testcontainers/testcontainers-go v0.22.0/go.mod h1:k0YiPa26xJCRUbUkYqy5rY6NGvSbVCeUBXCvucscBR4=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
@@ -816,9 +819,10 @@ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
-golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -829,8 +833,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b h1:r+vk0EmXNmekl0S0BascoeeoHk/L7wmaW2QF90K+kYI=
+golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -858,8 +862,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
-golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -906,8 +910,8 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
-golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -924,8 +928,8 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw=
-golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
+golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
+golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -939,8 +943,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
-golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1013,13 +1017,13 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
-golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
-golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1029,9 +1033,10 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
-golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1100,8 +1105,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
-golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+golang.org/x/tools v0.11.1 h1:ojD5zOW8+7dOGzdnNgersm8aPfcDjhMp12UfG93NIMc=
+golang.org/x/tools v0.11.1/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1134,8 +1139,8 @@ google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00
 google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
 google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE=
-google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg=
+google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o=
+google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1203,8 +1208,12 @@ google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e h1:xIXmWJ303kJCuogpj0bHq+dcjcZHU+XFyc1I0Yl9cRg=
+google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:0ggbjUrZYpy1q+ANUS30SEoGZ53cdfwtbuG7Ptgy108=
+google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU=
+google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 h1:eSaPbMR4T7WfH9FvABk36NBMacoTUKdWCvV0dx+KfOg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5/go.mod h1:zBEcrKX2ZOcEkHWxBPAIvYUWOKKMIhYcmNiUIu2ji3I=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1233,8 +1242,9 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
-google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
+google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
+google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
+google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1250,8 +1260,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1279,7 +1289,7 @@ gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
+gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

From 91d331bbaa1148b58abd5871a594b38dc305be11 Mon Sep 17 00:00:00 2001
From: Matt Keeler <mkeeler@users.noreply.github.com>
Date: Tue, 8 Aug 2023 15:22:14 -0400
Subject: [PATCH 259/359] Add ServiceEndpoints Mutation hook tests (#18404)

* Add ServiceEndpoints Mutation hook tests

* Move endpoint owner validation into the validation hook

Also there were some minor changes to error validation to account for go-cmp not liking to peer through an errors.errorstring type that get created by errors.New
---
 .../internal/types/service_endpoints.go       | 22 ++---
 .../internal/types/service_endpoints_test.go  | 95 +++++++++++++------
 internal/resource/errors.go                   | 29 +++++-
 internal/resource/resourcetest/builder.go     |  5 +
 internal/resource/resourcetest/require.go     | 26 +++++
 5 files changed, 134 insertions(+), 43 deletions(-)

diff --git a/internal/catalog/internal/types/service_endpoints.go b/internal/catalog/internal/types/service_endpoints.go
index 8c3d1cf10956..be3475103172 100644
--- a/internal/catalog/internal/types/service_endpoints.go
+++ b/internal/catalog/internal/types/service_endpoints.go
@@ -44,6 +44,16 @@ func MutateServiceEndpoints(res *pbresource.Resource) error {
 		}
 	}
 
+	return nil
+}
+
+func ValidateServiceEndpoints(res *pbresource.Resource) error {
+	var svcEndpoints pbcatalog.ServiceEndpoints
+
+	if err := res.Data.UnmarshalTo(&svcEndpoints); err != nil {
+		return resource.NewErrDataParse(&svcEndpoints, err)
+	}
+
 	var err error
 	if !resource.EqualType(res.Owner.Type, ServiceV1Alpha1Type) {
 		err = multierror.Append(err, resource.ErrOwnerTypeInvalid{
@@ -54,6 +64,7 @@ func MutateServiceEndpoints(res *pbresource.Resource) error {
 
 	if !resource.EqualTenancy(res.Owner.Tenancy, res.Id.Tenancy) {
 		err = multierror.Append(err, resource.ErrOwnerTenantInvalid{
+			ResourceType:    ServiceEndpointsV1Alpha1Type,
 			ResourceTenancy: res.Id.Tenancy,
 			OwnerTenancy:    res.Owner.Tenancy,
 		})
@@ -69,17 +80,6 @@ func MutateServiceEndpoints(res *pbresource.Resource) error {
 		})
 	}
 
-	return err
-}
-
-func ValidateServiceEndpoints(res *pbresource.Resource) error {
-	var svcEndpoints pbcatalog.ServiceEndpoints
-
-	if err := res.Data.UnmarshalTo(&svcEndpoints); err != nil {
-		return resource.NewErrDataParse(&svcEndpoints, err)
-	}
-
-	var err error
 	for idx, endpoint := range svcEndpoints.Endpoints {
 		if endpointErr := validateEndpoint(endpoint, res); endpointErr != nil {
 			err = multierror.Append(err, resource.ErrInvalidListElement{
diff --git a/internal/catalog/internal/types/service_endpoints_test.go b/internal/catalog/internal/types/service_endpoints_test.go
index bd902d624683..25492577d390 100644
--- a/internal/catalog/internal/types/service_endpoints_test.go
+++ b/internal/catalog/internal/types/service_endpoints_test.go
@@ -7,11 +7,10 @@ import (
 	"testing"
 
 	"github.com/hashicorp/consul/internal/resource"
+	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/types/known/anypb"
 )
 
 var (
@@ -20,22 +19,13 @@ var (
 		Namespace: "default",
 		PeerName:  "local",
 	}
-)
 
-func createServiceEndpointsResource(t *testing.T, data protoreflect.ProtoMessage) *pbresource.Resource {
-	res := &pbresource.Resource{
-		Id: &pbresource.ID{
-			Type:    ServiceEndpointsType,
-			Tenancy: defaultEndpointTenancy,
-			Name:    "test-service",
-		},
+	badEndpointTenancy = &pbresource.Tenancy{
+		Partition: "default",
+		Namespace: "bad",
+		PeerName:  "local",
 	}
-
-	var err error
-	res.Data, err = anypb.New(data)
-	require.NoError(t, err)
-	return res
-}
+)
 
 func TestValidateServiceEndpoints_Ok(t *testing.T) {
 	data := &pbcatalog.ServiceEndpoints{
@@ -62,8 +52,14 @@ func TestValidateServiceEndpoints_Ok(t *testing.T) {
 		},
 	}
 
-	res := createServiceEndpointsResource(t, data)
+	res := rtest.Resource(ServiceEndpointsType, "test-service").
+		WithData(t, data).
+		Build()
+
+	// fill in owner automatically
+	require.NoError(t, MutateServiceEndpoints(res))
 
+	// Now validate that everything is good.
 	err := ValidateServiceEndpoints(res)
 	require.NoError(t, err)
 }
@@ -73,7 +69,7 @@ func TestValidateServiceEndpoints_ParseError(t *testing.T) {
 	// to cause the error we are expecting
 	data := &pbcatalog.IP{Address: "198.18.0.1"}
 
-	res := createServiceEndpointsResource(t, data)
+	res := rtest.Resource(ServiceEndpointsType, "test-service").WithData(t, data).Build()
 
 	err := ValidateServiceEndpoints(res)
 	require.Error(t, err)
@@ -104,6 +100,7 @@ func TestValidateServiceEndpoints_EndpointInvalid(t *testing.T) {
 	}
 
 	type testCase struct {
+		owner       *pbresource.ID
 		modify      func(*pbcatalog.Endpoint)
 		validateErr func(t *testing.T, err error)
 	}
@@ -140,11 +137,11 @@ func TestValidateServiceEndpoints_EndpointInvalid(t *testing.T) {
 				}
 			},
 			validateErr: func(t *testing.T, err error) {
-				var mapErr resource.ErrInvalidMapKey
-				require.ErrorAs(t, err, &mapErr)
-				require.Equal(t, "ports", mapErr.Map)
-				require.Equal(t, "", mapErr.Key)
-				require.Equal(t, resource.ErrEmpty, mapErr.Wrapped)
+				rtest.RequireError(t, err, resource.ErrInvalidMapKey{
+					Map:     "ports",
+					Key:     "",
+					Wrapped: resource.ErrEmpty,
+				})
 			},
 		},
 		"port-0": {
@@ -163,18 +160,50 @@ func TestValidateServiceEndpoints_EndpointInvalid(t *testing.T) {
 				require.ErrorIs(t, err, errInvalidPhysicalPort)
 			},
 		},
+		"invalid-owner": {
+			owner: &pbresource.ID{
+				Type:    DNSPolicyType,
+				Tenancy: badEndpointTenancy,
+				Name:    "wrong",
+			},
+			validateErr: func(t *testing.T, err error) {
+				rtest.RequireError(t, err, resource.ErrOwnerTypeInvalid{
+					ResourceType: ServiceEndpointsType,
+					OwnerType:    DNSPolicyType})
+				rtest.RequireError(t, err, resource.ErrOwnerTenantInvalid{
+					ResourceType:    ServiceEndpointsType,
+					ResourceTenancy: defaultEndpointTenancy,
+					OwnerTenancy:    badEndpointTenancy,
+				})
+				rtest.RequireError(t, err, resource.ErrInvalidField{
+					Name: "name",
+					Wrapped: errInvalidEndpointsOwnerName{
+						Name:      "test-service",
+						OwnerName: "wrong"},
+				})
+			},
+		},
 	}
 
 	for name, tcase := range cases {
 		t.Run(name, func(t *testing.T) {
-			data := genData()
-			tcase.modify(data)
+			endpoint := genData()
+			if tcase.modify != nil {
+				tcase.modify(endpoint)
+			}
 
-			res := createServiceEndpointsResource(t, &pbcatalog.ServiceEndpoints{
+			data := &pbcatalog.ServiceEndpoints{
 				Endpoints: []*pbcatalog.Endpoint{
-					data,
+					endpoint,
 				},
-			})
+			}
+			res := rtest.Resource(ServiceEndpointsType, "test-service").
+				WithOwner(tcase.owner).
+				WithData(t, data).
+				Build()
+
+			// Run the mututation to setup defaults
+			require.NoError(t, MutateServiceEndpoints(res))
 
 			err := ValidateServiceEndpoints(res)
 			require.Error(t, err)
@@ -182,3 +211,13 @@ func TestValidateServiceEndpoints_EndpointInvalid(t *testing.T) {
 		})
 	}
 }
+
+func TestMutateServiceEndpoints_PopulateOwner(t *testing.T) {
+	res := rtest.Resource(ServiceEndpointsType, "test-service").Build()
+
+	require.NoError(t, MutateServiceEndpoints(res))
+	require.NotNil(t, res.Owner)
+	require.True(t, resource.EqualType(res.Owner.Type, ServiceType))
+	require.True(t, resource.EqualTenancy(res.Owner.Tenancy, defaultEndpointTenancy))
+	require.Equal(t, res.Owner.Name, res.Id.Name)
+}
diff --git a/internal/resource/errors.go b/internal/resource/errors.go
index c258f9ad35b1..8eaf9e2259c1 100644
--- a/internal/resource/errors.go
+++ b/internal/resource/errors.go
@@ -4,7 +4,6 @@
 package resource
 
 import (
-	"errors"
 	"fmt"
 
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -12,11 +11,33 @@ import (
 )
 
 var (
-	ErrMissing                  = errors.New("missing required field")
-	ErrEmpty                    = errors.New("cannot be empty")
-	ErrReferenceTenancyNotEqual = errors.New("resource tenancy and reference tenancy differ")
+	ErrMissing                  = NewConstError("missing required field")
+	ErrEmpty                    = NewConstError("cannot be empty")
+	ErrReferenceTenancyNotEqual = NewConstError("resource tenancy and reference tenancy differ")
 )
 
+// ConstError is more or less equivalent to the stdlib errors.errorstring. However, having
+// our own exported type allows us to more accurately compare error values in tests.
+//
+//   - go-cmp will not compared unexported fields by default.
+//   - cmp.AllowUnexported(<type>) requires a concrete struct type and due to the stdlib not
+//     exporting the errorstring type there doesn't seem to be a way to get at the type.
+//   - cmpopts.EquateErrors has issues with protobuf types within other error structs.
+//
+// Due to these factors the easiest thing to do is to create a custom comparer for
+// the ConstError type and use it where necessary.
+type ConstError struct {
+	message string
+}
+
+func NewConstError(msg string) ConstError {
+	return ConstError{message: msg}
+}
+
+func (e ConstError) Error() string {
+	return e.message
+}
+
 type ErrDataParse struct {
 	TypeName string
 	Wrapped  error
diff --git a/internal/resource/resourcetest/builder.go b/internal/resource/resourcetest/builder.go
index 38f1a6e3ec4a..11e82c07839c 100644
--- a/internal/resource/resourcetest/builder.go
+++ b/internal/resource/resourcetest/builder.go
@@ -55,6 +55,11 @@ func ResourceID(id *pbresource.ID) *resourceBuilder {
 	}
 }
 
+func (b *resourceBuilder) WithTenancy(tenant *pbresource.Tenancy) *resourceBuilder {
+	b.resource.Id.Tenancy = tenant
+	return b
+}
+
 func (b *resourceBuilder) WithData(t T, data protoreflect.ProtoMessage) *resourceBuilder {
 	t.Helper()
 
diff --git a/internal/resource/resourcetest/require.go b/internal/resource/resourcetest/require.go
index fff8cb2aebf2..8e102398fa87 100644
--- a/internal/resource/resourcetest/require.go
+++ b/internal/resource/resourcetest/require.go
@@ -2,12 +2,38 @@ package resourcetest
 
 import (
 	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/prototest"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/testing/protocmp"
 )
 
+// CompareErrorString is a helper to generate a custom go-cmp comparer method
+// that will perform an equality check on the error message. This is mainly
+// useful to get around not being able to see unexported data within errors.
+func CompareErrorString[T error]() cmp.Option {
+	return cmp.Comparer(func(e1, e2 T) bool {
+		return e1.Error() == e2.Error()
+	})
+}
+
+// default comparers for known types that don't play well with go-cmp
+var comparers = []cmp.Option{
+	CompareErrorString[resource.ConstError](),
+}
+
+// RequireError is useful for asserting that some chained multierror contains a specific error.
+func RequireError[E error](t T, err error, expected E, opts ...cmp.Option) {
+	t.Helper()
+
+	var actual E
+	require.ErrorAs(t, err, &actual)
+
+	opts = append(opts, comparers...)
+	prototest.AssertDeepEqual(t, expected, actual, opts...)
+}
+
 func RequireVersionUnchanged(t T, res *pbresource.Resource, version string) {
 	t.Helper()
 	require.Equal(t, version, res.Version)

From bfc519f293f946ea737e5fe090e524bd964f20a7 Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Tue, 8 Aug 2023 14:42:43 -0500
Subject: [PATCH 260/359] catalog: add FailoverPolicy mutation and validation
 hooks (#18390)

Add most of the validation and mutation hooks for the FailoverPolicy resource.
---
 internal/catalog/exports.go                   |   7 +
 .../catalog/internal/types/failover_policy.go | 224 ++++++-
 .../internal/types/failover_policy_test.go    | 590 ++++++++++++++++++
 .../v1alpha1/failover_policy_extras.go        |  65 ++
 .../v1alpha1/failover_policy_extras_test.go   | 171 +++++
 5 files changed, 1055 insertions(+), 2 deletions(-)
 create mode 100644 internal/catalog/internal/types/failover_policy_test.go
 create mode 100644 proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
 create mode 100644 proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go

diff --git a/internal/catalog/exports.go b/internal/catalog/exports.go
index 06af51d37a4b..463b11e16ef2 100644
--- a/internal/catalog/exports.go
+++ b/internal/catalog/exports.go
@@ -13,6 +13,7 @@ import (
 	"github.com/hashicorp/consul/internal/catalog/internal/types"
 	"github.com/hashicorp/consul/internal/controller"
 	"github.com/hashicorp/consul/internal/resource"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 )
 
 var (
@@ -94,3 +95,9 @@ func DefaultControllerDependencies() ControllerDependencies {
 func RegisterControllers(mgr *controller.Manager, deps ControllerDependencies) {
 	controllers.Register(mgr, deps)
 }
+
+// SimplifyFailoverPolicy fully populates the PortConfigs map and clears the
+// Configs map using the provided Service.
+func SimplifyFailoverPolicy(svc *pbcatalog.Service, failover *pbcatalog.FailoverPolicy) *pbcatalog.FailoverPolicy {
+	return types.SimplifyFailoverPolicy(svc, failover)
+}
diff --git a/internal/catalog/internal/types/failover_policy.go b/internal/catalog/internal/types/failover_policy.go
index 61930bc1c54d..49d38674bb9b 100644
--- a/internal/catalog/internal/types/failover_policy.go
+++ b/internal/catalog/internal/types/failover_policy.go
@@ -4,6 +4,12 @@
 package types
 
 import (
+	"errors"
+	"fmt"
+
+	"github.com/hashicorp/go-multierror"
+	"google.golang.org/protobuf/proto"
+
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -27,7 +33,221 @@ func RegisterFailoverPolicy(r resource.Registry) {
 	r.Register(resource.Registration{
 		Type:     FailoverPolicyV1Alpha1Type,
 		Proto:    &pbcatalog.FailoverPolicy{},
-		Validate: nil,
-		Mutate:   nil,
+		Mutate:   MutateFailoverPolicy,
+		Validate: ValidateFailoverPolicy,
 	})
 }
+
+func MutateFailoverPolicy(res *pbresource.Resource) error {
+	var failover pbcatalog.FailoverPolicy
+
+	if err := res.Data.UnmarshalTo(&failover); err != nil {
+		return resource.NewErrDataParse(&failover, err)
+	}
+
+	changed := false
+
+	// Handle eliding empty configs.
+	if failover.Config != nil && failover.Config.IsEmpty() {
+		failover.Config = nil
+		changed = true
+	}
+	for port, pc := range failover.PortConfigs {
+		if pc.IsEmpty() {
+			delete(failover.PortConfigs, port)
+			changed = true
+		}
+	}
+	if len(failover.PortConfigs) == 0 {
+		failover.PortConfigs = nil
+		changed = true
+	}
+
+	// TODO(rb): normalize dest ref tenancies
+
+	if !changed {
+		return nil
+	}
+
+	return res.Data.MarshalFrom(&failover)
+}
+
+func ValidateFailoverPolicy(res *pbresource.Resource) error {
+	var failover pbcatalog.FailoverPolicy
+
+	if err := res.Data.UnmarshalTo(&failover); err != nil {
+		return resource.NewErrDataParse(&failover, err)
+	}
+
+	var merr error
+
+	if failover.Config == nil && len(failover.PortConfigs) == 0 {
+		merr = multierror.Append(merr, resource.ErrInvalidField{
+			Name:    "config",
+			Wrapped: fmt.Errorf("at least one of config or port_configs must be set"),
+		})
+	}
+
+	if failover.Config != nil {
+		for _, err := range validateFailoverConfig(failover.Config, false) {
+			merr = multierror.Append(merr, resource.ErrInvalidField{
+				Name:    "config",
+				Wrapped: err,
+			})
+		}
+	}
+
+	for portName, pc := range failover.PortConfigs {
+		if portNameErr := validatePortName(portName); portNameErr != nil {
+			merr = multierror.Append(merr, resource.ErrInvalidMapKey{
+				Map:     "port_configs",
+				Key:     portName,
+				Wrapped: portNameErr,
+			})
+		}
+
+		for _, err := range validateFailoverConfig(pc, true) {
+			merr = multierror.Append(merr, resource.ErrInvalidMapValue{
+				Map:     "port_configs",
+				Key:     portName,
+				Wrapped: err,
+			})
+		}
+
+		// TODO: should sameness group be a ref once that's a resource?
+	}
+
+	return merr
+}
+
+func validateFailoverConfig(config *pbcatalog.FailoverConfig, ported bool) []error {
+	var errs []error
+
+	if (len(config.Destinations) > 0) == (config.SamenessGroup != "") {
+		errs = append(errs, resource.ErrInvalidField{
+			Name:    "destinations",
+			Wrapped: fmt.Errorf("exactly one of destinations or sameness_group should be set"),
+		})
+	}
+	for i, dest := range config.Destinations {
+		for _, err := range validateFailoverPolicyDestination(dest, ported) {
+			errs = append(errs, resource.ErrInvalidListElement{
+				Name:    "destinations",
+				Index:   i,
+				Wrapped: err,
+			})
+		}
+	}
+
+	// TODO: validate sameness group requirements
+
+	return errs
+}
+
+func validateFailoverPolicyDestination(dest *pbcatalog.FailoverDestination, ported bool) []error {
+	var errs []error
+	if dest.Ref == nil {
+		errs = append(errs, resource.ErrInvalidField{
+			Name:    "ref",
+			Wrapped: resource.ErrMissing,
+		})
+	} else if !resource.EqualType(dest.Ref.Type, ServiceType) {
+		errs = append(errs, resource.ErrInvalidField{
+			Name: "ref",
+			Wrapped: resource.ErrInvalidReferenceType{
+				AllowedType: ServiceType,
+			},
+		})
+	} else if dest.Ref.Section != "" {
+		errs = append(errs, resource.ErrInvalidField{
+			Name: "ref",
+			Wrapped: resource.ErrInvalidField{
+				Name:    "section",
+				Wrapped: errors.New("section not supported for failover policy dest refs"),
+			},
+		})
+	}
+
+	// NOTE: Destinations here cannot define ports. Port equality is
+	// assumed and will be reconciled.
+	if dest.Port != "" {
+		if ported {
+			if portNameErr := validatePortName(dest.Port); portNameErr != nil {
+				errs = append(errs, resource.ErrInvalidField{
+					Name:    "port",
+					Wrapped: portNameErr,
+				})
+			}
+		} else {
+			errs = append(errs, resource.ErrInvalidField{
+				Name:    "port",
+				Wrapped: fmt.Errorf("ports cannot be specified explicitly for the general failover section since it relies upon port alignment"),
+			})
+		}
+	}
+
+	hasPeer := false
+	if dest.Ref != nil {
+		hasPeer = dest.Ref.Tenancy.PeerName != "local"
+	}
+
+	if hasPeer && dest.Datacenter != "" {
+		errs = append(errs, resource.ErrInvalidField{
+			Name:    "datacenter",
+			Wrapped: fmt.Errorf("ref.tenancy.peer_name and datacenter are mutually exclusive fields"),
+		})
+	}
+
+	return errs
+}
+
+// SimplifyFailoverPolicy fully populates the PortConfigs map and clears the
+// Configs map using the provided Service.
+func SimplifyFailoverPolicy(svc *pbcatalog.Service, failover *pbcatalog.FailoverPolicy) *pbcatalog.FailoverPolicy {
+	if failover == nil {
+		panic("failover is required")
+	}
+	if svc == nil {
+		panic("service is required")
+	}
+
+	// Copy so we can edit it.
+	dup := proto.Clone(failover)
+	failover = dup.(*pbcatalog.FailoverPolicy)
+
+	if failover.PortConfigs == nil {
+		failover.PortConfigs = make(map[string]*pbcatalog.FailoverConfig)
+	}
+
+	for _, port := range svc.Ports {
+		if port.Protocol == pbcatalog.Protocol_PROTOCOL_MESH {
+			continue // skip
+		}
+
+		if pc, ok := failover.PortConfigs[port.TargetPort]; ok {
+			for i, dest := range pc.Destinations {
+				// Assume port alignment.
+				if dest.Port == "" {
+					dest.Port = port.TargetPort
+					pc.Destinations[i] = dest
+				}
+			}
+			continue
+		}
+
+		if failover.Config != nil {
+			// Duplicate because each port will get this uniquely.
+			pc2 := proto.Clone(failover.Config).(*pbcatalog.FailoverConfig)
+			for _, dest := range pc2.Destinations {
+				dest.Port = port.TargetPort
+			}
+			failover.PortConfigs[port.TargetPort] = pc2
+		}
+	}
+
+	if failover.Config != nil {
+		failover.Config = nil
+	}
+
+	return failover
+}
diff --git a/internal/catalog/internal/types/failover_policy_test.go b/internal/catalog/internal/types/failover_policy_test.go
new file mode 100644
index 000000000000..3d41cb25fcb0
--- /dev/null
+++ b/internal/catalog/internal/types/failover_policy_test.go
@@ -0,0 +1,590 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package types
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/proto"
+
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/proto/private/prototest"
+	"github.com/hashicorp/consul/sdk/testutil"
+)
+
+func TestMutateFailoverPolicy(t *testing.T) {
+	type testcase struct {
+		failover  *pbcatalog.FailoverPolicy
+		expect    *pbcatalog.FailoverPolicy
+		expectErr string
+	}
+
+	run := func(t *testing.T, tc testcase) {
+		res := resourcetest.Resource(FailoverPolicyType, "api").
+			WithData(t, tc.failover).
+			Build()
+
+		err := MutateFailoverPolicy(res)
+
+		got := resourcetest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, res)
+
+		if tc.expectErr == "" {
+			require.NoError(t, err)
+			prototest.AssertDeepEqual(t, tc.expect, got.Data)
+		} else {
+			testutil.RequireErrorContains(t, err, tc.expectErr)
+		}
+	}
+
+	cases := map[string]testcase{
+		"empty-1": {
+			failover: &pbcatalog.FailoverPolicy{},
+			expect:   &pbcatalog.FailoverPolicy{},
+		},
+		"empty-config-1": {
+			failover: &pbcatalog.FailoverPolicy{
+				Config: &pbcatalog.FailoverConfig{},
+			},
+			expect: &pbcatalog.FailoverPolicy{},
+		},
+		"empty-config-2": {
+			failover: &pbcatalog.FailoverPolicy{
+				Config: &pbcatalog.FailoverConfig{
+					Destinations: make([]*pbcatalog.FailoverDestination, 0),
+				},
+			},
+			expect: &pbcatalog.FailoverPolicy{},
+		},
+		"empty-map-1": {
+			failover: &pbcatalog.FailoverPolicy{
+				PortConfigs: make(map[string]*pbcatalog.FailoverConfig),
+			},
+			expect: &pbcatalog.FailoverPolicy{},
+		},
+		"empty-map-config-1": {
+			failover: &pbcatalog.FailoverPolicy{
+				PortConfigs: map[string]*pbcatalog.FailoverConfig{
+					"http": {},
+				},
+			},
+			expect: &pbcatalog.FailoverPolicy{},
+		},
+		"empty-map-config-2": {
+			failover: &pbcatalog.FailoverPolicy{
+				PortConfigs: map[string]*pbcatalog.FailoverConfig{
+					"http": {
+						Destinations: make([]*pbcatalog.FailoverDestination, 0),
+					},
+				},
+			},
+			expect: &pbcatalog.FailoverPolicy{},
+		},
+		"normal": {
+			failover: &pbcatalog.FailoverPolicy{
+				Config: &pbcatalog.FailoverConfig{
+					Mode:    pbcatalog.FailoverMode_FAILOVER_MODE_SEQUENTIAL,
+					Regions: []string{"foo", "bar"},
+					Destinations: []*pbcatalog.FailoverDestination{
+						{Ref: newRef(ServiceType, "a")},
+						{Ref: newRef(ServiceType, "b")},
+					},
+				},
+				PortConfigs: map[string]*pbcatalog.FailoverConfig{
+					"http": {
+						Destinations: []*pbcatalog.FailoverDestination{
+							{Ref: newRef(ServiceType, "foo")},
+							{Ref: newRef(ServiceType, "bar")},
+						},
+					},
+					"admin": {
+						Destinations: []*pbcatalog.FailoverDestination{
+							{Ref: newRef(ServiceType, "y")},
+							{Ref: newRef(ServiceType, "z")},
+						},
+					},
+				},
+			},
+			expect: &pbcatalog.FailoverPolicy{
+				Config: &pbcatalog.FailoverConfig{
+					Mode:    pbcatalog.FailoverMode_FAILOVER_MODE_SEQUENTIAL,
+					Regions: []string{"foo", "bar"},
+					Destinations: []*pbcatalog.FailoverDestination{
+						{Ref: newRef(ServiceType, "a")},
+						{Ref: newRef(ServiceType, "b")},
+					},
+				},
+				PortConfigs: map[string]*pbcatalog.FailoverConfig{
+					"http": {
+						Destinations: []*pbcatalog.FailoverDestination{
+							{Ref: newRef(ServiceType, "foo")},
+							{Ref: newRef(ServiceType, "bar")},
+						},
+					},
+					"admin": {
+						Destinations: []*pbcatalog.FailoverDestination{
+							{Ref: newRef(ServiceType, "y")},
+							{Ref: newRef(ServiceType, "z")},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
+
+func TestValidateFailoverPolicy(t *testing.T) {
+	type configTestcase struct {
+		config    *pbcatalog.FailoverConfig
+		expectErr string
+	}
+
+	type testcase struct {
+		failover  *pbcatalog.FailoverPolicy
+		expectErr string
+	}
+
+	run := func(t *testing.T, tc testcase) {
+		res := resourcetest.Resource(FailoverPolicyType, "api").
+			WithData(t, tc.failover).
+			Build()
+
+		require.NoError(t, MutateFailoverPolicy(res))
+
+		// Verify that mutate didn't actually change the object.
+		got := resourcetest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, res)
+		prototest.AssertDeepEqual(t, tc.failover, got.Data)
+
+		err := ValidateFailoverPolicy(res)
+
+		// Verify that validate didn't actually change the object.
+		got = resourcetest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, res)
+		prototest.AssertDeepEqual(t, tc.failover, got.Data)
+
+		if tc.expectErr == "" {
+			require.NoError(t, err)
+		} else {
+			testutil.RequireErrorContains(t, err, tc.expectErr)
+		}
+	}
+
+	configCases := map[string]configTestcase{
+		"dest with sameness": {
+			config: &pbcatalog.FailoverConfig{
+				Destinations: []*pbcatalog.FailoverDestination{
+					{Ref: newRef(ServiceType, "api-backup")},
+				},
+				SamenessGroup: "blah",
+			},
+			expectErr: `invalid "destinations" field: exactly one of destinations or sameness_group should be set`,
+		},
+		"dest without sameness": {
+			config: &pbcatalog.FailoverConfig{
+				Destinations: []*pbcatalog.FailoverDestination{
+					{Ref: newRef(ServiceType, "api-backup")},
+				},
+			},
+		},
+		"sameness without dest": {
+			config: &pbcatalog.FailoverConfig{
+				SamenessGroup: "blah",
+			},
+		},
+		"dest: no ref": {
+			config: &pbcatalog.FailoverConfig{
+				Destinations: []*pbcatalog.FailoverDestination{
+					{},
+				},
+			},
+			expectErr: `invalid element at index 0 of list "destinations": invalid "ref" field: missing required field`,
+		},
+		"dest: non-service ref": {
+			config: &pbcatalog.FailoverConfig{
+				Destinations: []*pbcatalog.FailoverDestination{
+					{Ref: newRef(WorkloadType, "api-backup")},
+				},
+			},
+			expectErr: `invalid element at index 0 of list "destinations": invalid "ref" field: reference must have type catalog.v1alpha1.Service`,
+		},
+		"dest: ref with section": {
+			config: &pbcatalog.FailoverConfig{
+				Destinations: []*pbcatalog.FailoverDestination{
+					{Ref: resourcetest.Resource(ServiceType, "api").Reference("blah")},
+				},
+			},
+			expectErr: `invalid element at index 0 of list "destinations": invalid "ref" field: invalid "section" field: section not supported for failover policy dest refs`,
+		},
+		"dest: ref peer and datacenter": {
+			config: &pbcatalog.FailoverConfig{
+				Destinations: []*pbcatalog.FailoverDestination{
+					{Ref: newRefWithPeer(ServiceType, "api", "peer1"), Datacenter: "dc2"},
+				},
+			},
+			expectErr: `invalid element at index 0 of list "destinations": invalid "datacenter" field: ref.tenancy.peer_name and datacenter are mutually exclusive fields`,
+		},
+		"dest: ref peer without datacenter": {
+			config: &pbcatalog.FailoverConfig{
+				Destinations: []*pbcatalog.FailoverDestination{
+					{Ref: newRefWithPeer(ServiceType, "api", "peer1")},
+				},
+			},
+		},
+		"dest: ref datacenter without peer": {
+			config: &pbcatalog.FailoverConfig{
+				Destinations: []*pbcatalog.FailoverDestination{
+					{Ref: newRef(ServiceType, "api"), Datacenter: "dc2"},
+				},
+			},
+		},
+	}
+
+	cases := map[string]testcase{
+		// emptiness
+		"empty": {
+			failover:  &pbcatalog.FailoverPolicy{},
+			expectErr: `invalid "config" field: at least one of config or port_configs must be set`,
+		},
+		"non-empty: one port config but no plain config": {
+			failover: &pbcatalog.FailoverPolicy{
+				PortConfigs: map[string]*pbcatalog.FailoverConfig{
+					"http": {
+						Destinations: []*pbcatalog.FailoverDestination{
+							{Ref: newRef(ServiceType, "api-backup")},
+						},
+					},
+				},
+			},
+		},
+		"non-empty: some plain config but no port configs": {
+			failover: &pbcatalog.FailoverPolicy{
+				Config: &pbcatalog.FailoverConfig{
+					Destinations: []*pbcatalog.FailoverDestination{
+						{Ref: newRef(ServiceType, "api-backup")},
+					},
+				},
+			},
+		},
+		// plain config
+		"plain config: bad dest: any port name": {
+			failover: &pbcatalog.FailoverPolicy{
+				Config: &pbcatalog.FailoverConfig{
+					Destinations: []*pbcatalog.FailoverDestination{
+						{Ref: newRef(ServiceType, "api-backup"), Port: "web"},
+					},
+				},
+			},
+			expectErr: `invalid "config" field: invalid element at index 0 of list "destinations": invalid "port" field: ports cannot be specified explicitly for the general failover section since it relies upon port alignment`,
+		},
+		// ported config
+		"ported config: bad dest: invalid port name": {
+			failover: &pbcatalog.FailoverPolicy{
+				PortConfigs: map[string]*pbcatalog.FailoverConfig{
+					"http": {
+						Destinations: []*pbcatalog.FailoverDestination{
+							{Ref: newRef(ServiceType, "api-backup"), Port: "$bad$"},
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid element at index 0 of list "destinations": invalid "port" field: value must match regex: ^[a-z0-9]([a-z0-9\-_]*[a-z0-9])?$`,
+		},
+		"ported config: bad ported in map": {
+			failover: &pbcatalog.FailoverPolicy{
+				PortConfigs: map[string]*pbcatalog.FailoverConfig{
+					"$bad$": {
+						Destinations: []*pbcatalog.FailoverDestination{
+							{Ref: newRef(ServiceType, "api-backup"), Port: "http"},
+						},
+					},
+				},
+			},
+			expectErr: `map port_configs contains an invalid key - "$bad$": value must match regex: ^[a-z0-9]([a-z0-9\-_]*[a-z0-9])?$`,
+		},
+	}
+
+	maybeWrap := func(wrapPrefix, base string) string {
+		if base != "" {
+			return wrapPrefix + base
+		}
+		return ""
+	}
+
+	for name, tc := range configCases {
+		cases["plain config: "+name] = testcase{
+			failover: &pbcatalog.FailoverPolicy{
+				Config: proto.Clone(tc.config).(*pbcatalog.FailoverConfig),
+			},
+			expectErr: maybeWrap(`invalid "config" field: `, tc.expectErr),
+		}
+
+		cases["ported config: "+name] = testcase{
+			failover: &pbcatalog.FailoverPolicy{
+				PortConfigs: map[string]*pbcatalog.FailoverConfig{
+					"http": proto.Clone(tc.config).(*pbcatalog.FailoverConfig),
+				},
+			},
+			expectErr: maybeWrap(`invalid value of key "http" within port_configs: `, tc.expectErr),
+		}
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
+
+func TestSimplifyFailoverPolicy(t *testing.T) {
+	registry := resource.NewRegistry()
+	Register(registry)
+
+	type testcase struct {
+		svc      *pbresource.Resource
+		failover *pbresource.Resource
+		expect   *pbresource.Resource
+	}
+	run := func(t *testing.T, tc testcase) {
+		// Ensure we only use valid inputs.
+		resourcetest.ValidateAndNormalize(t, registry, tc.svc)
+		resourcetest.ValidateAndNormalize(t, registry, tc.failover)
+		resourcetest.ValidateAndNormalize(t, registry, tc.expect)
+
+		svc := resourcetest.MustDecode[pbcatalog.Service, *pbcatalog.Service](t, tc.svc)
+		failover := resourcetest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, tc.failover)
+		expect := resourcetest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, tc.expect)
+
+		inputFailoverCopy := proto.Clone(failover.Data).(*pbcatalog.FailoverPolicy)
+
+		got := SimplifyFailoverPolicy(svc.Data, failover.Data)
+		prototest.AssertDeepEqual(t, expect.Data, got)
+
+		// verify input was not altered
+		prototest.AssertDeepEqual(t, inputFailoverCopy, failover.Data)
+	}
+
+	newPort := func(name string, virtualPort uint32, protocol pbcatalog.Protocol) *pbcatalog.ServicePort {
+		return &pbcatalog.ServicePort{
+			VirtualPort: virtualPort,
+			TargetPort:  name,
+			Protocol:    protocol,
+		}
+	}
+
+	cases := map[string]testcase{
+		"implicit with mesh port skipping": {
+			svc: resourcetest.Resource(ServiceType, "api").
+				WithData(t, &pbcatalog.Service{
+					Ports: []*pbcatalog.ServicePort{
+						newPort("mesh", 21001, pbcatalog.Protocol_PROTOCOL_MESH),
+						newPort("http", 8080, pbcatalog.Protocol_PROTOCOL_HTTP),
+					},
+				}).
+				Build(),
+			failover: resourcetest.Resource(FailoverPolicyType, "api").
+				WithData(t, &pbcatalog.FailoverPolicy{
+					Config: &pbcatalog.FailoverConfig{
+						Destinations: []*pbcatalog.FailoverDestination{
+							{
+								Ref: newRef(ServiceType, "api-backup"),
+							},
+						},
+					},
+				}).
+				Build(),
+			expect: resourcetest.Resource(FailoverPolicyType, "api").
+				WithData(t, &pbcatalog.FailoverPolicy{
+					PortConfigs: map[string]*pbcatalog.FailoverConfig{
+						"http": {
+							Destinations: []*pbcatalog.FailoverDestination{
+								{
+									Ref:  newRef(ServiceType, "api-backup"),
+									Port: "http", // port defaulted
+								},
+							},
+						},
+					},
+				}).
+				Build(),
+		},
+		"explicit with port aligned defaulting": {
+			svc: resourcetest.Resource(ServiceType, "api").
+				WithData(t, &pbcatalog.Service{
+					Ports: []*pbcatalog.ServicePort{
+						newPort("mesh", 9999, pbcatalog.Protocol_PROTOCOL_MESH),
+						newPort("http", 8080, pbcatalog.Protocol_PROTOCOL_HTTP),
+						newPort("rest", 8282, pbcatalog.Protocol_PROTOCOL_HTTP2),
+					},
+				}).
+				Build(),
+			failover: resourcetest.Resource(FailoverPolicyType, "api").
+				WithData(t, &pbcatalog.FailoverPolicy{
+					PortConfigs: map[string]*pbcatalog.FailoverConfig{
+						"http": {
+							Destinations: []*pbcatalog.FailoverDestination{
+								{
+									Ref:  newRef(ServiceType, "api-backup"),
+									Port: "www",
+								},
+								{
+									Ref: newRef(ServiceType, "api-double-backup"),
+								},
+							},
+						},
+					},
+				}).
+				Build(),
+			expect: resourcetest.Resource(FailoverPolicyType, "api").
+				WithData(t, &pbcatalog.FailoverPolicy{
+					PortConfigs: map[string]*pbcatalog.FailoverConfig{
+						"http": {
+							Destinations: []*pbcatalog.FailoverDestination{
+								{
+									Ref:  newRef(ServiceType, "api-backup"),
+									Port: "www",
+								},
+								{
+									Ref:  newRef(ServiceType, "api-double-backup"),
+									Port: "http", // port defaulted
+								},
+							},
+						},
+					},
+				}).
+				Build(),
+		},
+		"implicit port explosion": {
+			svc: resourcetest.Resource(ServiceType, "api").
+				WithData(t, &pbcatalog.Service{
+					Ports: []*pbcatalog.ServicePort{
+						newPort("http", 8080, pbcatalog.Protocol_PROTOCOL_HTTP),
+						newPort("rest", 8282, pbcatalog.Protocol_PROTOCOL_HTTP2),
+					},
+				}).
+				Build(),
+			failover: resourcetest.Resource(FailoverPolicyType, "api").
+				WithData(t, &pbcatalog.FailoverPolicy{
+					Config: &pbcatalog.FailoverConfig{
+						Destinations: []*pbcatalog.FailoverDestination{
+							{
+								Ref: newRef(ServiceType, "api-backup"),
+							},
+							{
+								Ref: newRef(ServiceType, "api-double-backup"),
+							},
+						},
+					},
+				}).
+				Build(),
+			expect: resourcetest.Resource(FailoverPolicyType, "api").
+				WithData(t, &pbcatalog.FailoverPolicy{
+					PortConfigs: map[string]*pbcatalog.FailoverConfig{
+						"http": {
+							Destinations: []*pbcatalog.FailoverDestination{
+								{
+									Ref:  newRef(ServiceType, "api-backup"),
+									Port: "http",
+								},
+								{
+									Ref:  newRef(ServiceType, "api-double-backup"),
+									Port: "http",
+								},
+							},
+						},
+						"rest": {
+							Destinations: []*pbcatalog.FailoverDestination{
+								{
+									Ref:  newRef(ServiceType, "api-backup"),
+									Port: "rest",
+								},
+								{
+									Ref:  newRef(ServiceType, "api-double-backup"),
+									Port: "rest",
+								},
+							},
+						},
+					},
+				}).
+				Build(),
+		},
+		"mixed port explosion with skip": {
+			svc: resourcetest.Resource(ServiceType, "api").
+				WithData(t, &pbcatalog.Service{
+					Ports: []*pbcatalog.ServicePort{
+						newPort("http", 8080, pbcatalog.Protocol_PROTOCOL_HTTP),
+						newPort("rest", 8282, pbcatalog.Protocol_PROTOCOL_HTTP2),
+					},
+				}).
+				Build(),
+			failover: resourcetest.Resource(FailoverPolicyType, "api").
+				WithData(t, &pbcatalog.FailoverPolicy{
+					Config: &pbcatalog.FailoverConfig{
+						Destinations: []*pbcatalog.FailoverDestination{
+							{
+								Ref: newRef(ServiceType, "api-backup"),
+							},
+							{
+								Ref: newRef(ServiceType, "api-double-backup"),
+							},
+						},
+					},
+					PortConfigs: map[string]*pbcatalog.FailoverConfig{
+						"rest": {
+							Mode:          pbcatalog.FailoverMode_FAILOVER_MODE_ORDER_BY_LOCALITY,
+							Regions:       []string{"us", "eu"},
+							SamenessGroup: "sameweb",
+						},
+					},
+				}).
+				Build(),
+			expect: resourcetest.Resource(FailoverPolicyType, "api").
+				WithData(t, &pbcatalog.FailoverPolicy{
+					PortConfigs: map[string]*pbcatalog.FailoverConfig{
+						"http": {
+							Destinations: []*pbcatalog.FailoverDestination{
+								{
+									Ref:  newRef(ServiceType, "api-backup"),
+									Port: "http",
+								},
+								{
+									Ref:  newRef(ServiceType, "api-double-backup"),
+									Port: "http",
+								},
+							},
+						},
+						"rest": {
+							Mode:          pbcatalog.FailoverMode_FAILOVER_MODE_ORDER_BY_LOCALITY,
+							Regions:       []string{"us", "eu"},
+							SamenessGroup: "sameweb",
+						},
+					},
+				}).
+				Build(),
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
+
+func newRef(typ *pbresource.Type, name string) *pbresource.Reference {
+	return resourcetest.Resource(typ, name).Reference("")
+}
+
+func newRefWithPeer(typ *pbresource.Type, name string, peer string) *pbresource.Reference {
+	ref := newRef(typ, name)
+	ref.Tenancy.PeerName = peer
+	return ref
+}
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go b/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
new file mode 100644
index 000000000000..8c1f2d104cae
--- /dev/null
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
@@ -0,0 +1,65 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package catalogv1alpha1
+
+import pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+
+// GetUnderlyingDestinations will collect FailoverDestinations from all
+// internal fields and bundle them up in one slice.
+//
+// NOTE: no deduplication occurs.
+func (x *FailoverPolicy) GetUnderlyingDestinations() []*FailoverDestination {
+	if x == nil {
+		return nil
+	}
+
+	estimate := 0
+	if x.Config != nil {
+		estimate += len(x.Config.Destinations)
+	}
+	for _, pc := range x.PortConfigs {
+		estimate += len(pc.Destinations)
+	}
+
+	out := make([]*FailoverDestination, 0, estimate)
+	if x.Config != nil {
+		out = append(out, x.Config.Destinations...)
+	}
+	for _, pc := range x.PortConfigs {
+		out = append(out, pc.Destinations...)
+	}
+	return out
+}
+
+// GetUnderlyingDestinationRefs is like GetUnderlyingDestinations except it
+// returns a slice of References.
+//
+// NOTE: no deduplication occurs.
+func (x *FailoverPolicy) GetUnderlyingDestinationRefs() []*pbresource.Reference {
+	if x == nil {
+		return nil
+	}
+
+	dests := x.GetUnderlyingDestinations()
+
+	out := make([]*pbresource.Reference, 0, len(dests))
+	for _, dest := range dests {
+		if dest.Ref != nil {
+			out = append(out, dest.Ref)
+		}
+	}
+
+	return out
+}
+
+// IsEmpty returns true if a config has no definition.
+func (x *FailoverConfig) IsEmpty() bool {
+	if x == nil {
+		return true
+	}
+	return len(x.Destinations) == 0 &&
+		x.Mode == 0 &&
+		len(x.Regions) == 0 &&
+		x.SamenessGroup == ""
+}
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go b/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go
new file mode 100644
index 000000000000..f9fe3e879dca
--- /dev/null
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go
@@ -0,0 +1,171 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package catalogv1alpha1
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+
+	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+func TestFailoverPolicy_IsEmpty(t *testing.T) {
+	t.Run("nil", func(t *testing.T) {
+		var fc *FailoverConfig
+		require.True(t, fc.IsEmpty())
+	})
+	t.Run("empty", func(t *testing.T) {
+		fc := &FailoverConfig{}
+		require.True(t, fc.IsEmpty())
+	})
+	t.Run("dest", func(t *testing.T) {
+		fc := &FailoverConfig{
+			Destinations: []*FailoverDestination{
+				newFailoverDestination("foo"),
+			},
+		}
+		require.False(t, fc.IsEmpty())
+	})
+	t.Run("regions", func(t *testing.T) {
+		fc := &FailoverConfig{
+			Regions: []string{"us-east"},
+		}
+		require.False(t, fc.IsEmpty())
+	})
+	t.Run("regions", func(t *testing.T) {
+		fc := &FailoverConfig{
+			SamenessGroup: "blah",
+		}
+		require.False(t, fc.IsEmpty())
+	})
+}
+
+func TestFailoverPolicy_GetUnderlyingDestinations_AndRefs(t *testing.T) {
+	type testcase struct {
+		failover    *FailoverPolicy
+		expectDests []*FailoverDestination
+		expectRefs  []*pbresource.Reference
+	}
+
+	run := func(t *testing.T, tc testcase) {
+		assertSliceEquals(t, tc.expectDests, tc.failover.GetUnderlyingDestinations())
+		assertSliceEquals(t, tc.expectRefs, tc.failover.GetUnderlyingDestinationRefs())
+	}
+
+	cases := map[string]testcase{
+		"nil": {},
+		"kitchen sink dests": {
+			failover: &FailoverPolicy{
+				Config: &FailoverConfig{
+					Destinations: []*FailoverDestination{
+						newFailoverDestination("foo"),
+						newFailoverDestination("bar"),
+					},
+				},
+				PortConfigs: map[string]*FailoverConfig{
+					"admin": {
+						Destinations: []*FailoverDestination{
+							newFailoverDestination("admin"),
+						},
+					},
+					"web": {
+						Destinations: []*FailoverDestination{
+							newFailoverDestination("foo"), // duplicated
+							newFailoverDestination("www"),
+						},
+					},
+				},
+			},
+			expectDests: []*FailoverDestination{
+				newFailoverDestination("foo"),
+				newFailoverDestination("bar"),
+				newFailoverDestination("admin"),
+				newFailoverDestination("foo"), // duplicated
+				newFailoverDestination("www"),
+			},
+			expectRefs: []*pbresource.Reference{
+				newFailoverRef("foo"),
+				newFailoverRef("bar"),
+				newFailoverRef("admin"),
+				newFailoverRef("foo"), // duplicated
+				newFailoverRef("www"),
+			},
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
+
+func assertSliceEquals[V proto.Message](t *testing.T, expect, got []V) {
+	t.Helper()
+
+	require.Len(t, got, len(expect))
+
+	// O(N*M) scan
+	var expectedMissing []string
+	for _, expectVal := range expect {
+		found := false
+		for j, gotVal := range got {
+			if proto.Equal(expectVal, gotVal) {
+				found = true
+				got = append(got[:j], got[j+1:]...) // remove found item
+				break
+			}
+		}
+
+		if !found {
+			expectedMissing = append(expectedMissing, protoToString(t, expectVal))
+		}
+	}
+
+	if len(expectedMissing) > 0 || len(got) > 0 {
+		var gotMissing []string
+		for _, gotVal := range got {
+			gotMissing = append(gotMissing, protoToString(t, gotVal))
+		}
+
+		t.Fatalf("assertion failed: unmatched values\n\texpected: %s\n\tactual: %s",
+			expectedMissing,
+			gotMissing,
+		)
+	}
+}
+
+func protoToString[V proto.Message](t *testing.T, pb V) string {
+	m := protojson.MarshalOptions{
+		Indent: "  ",
+	}
+	gotJSON, err := m.Marshal(pb)
+	require.NoError(t, err)
+	return string(gotJSON)
+}
+
+func newFailoverRef(name string) *pbresource.Reference {
+	return &pbresource.Reference{
+		Type: &pbresource.Type{
+			Group:        "fake",
+			GroupVersion: "v1alpha1",
+			Kind:         "fake",
+		},
+		Tenancy: &pbresource.Tenancy{
+			Partition: "default",
+			Namespace: "default",
+			PeerName:  "local",
+		},
+		Name: name,
+	}
+}
+
+func newFailoverDestination(name string) *FailoverDestination {
+	return &FailoverDestination{
+		Ref: newFailoverRef(name),
+	}
+}

From e235c8be3c67ed1389af017a76b29a8452b86453 Mon Sep 17 00:00:00 2001
From: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
Date: Tue, 8 Aug 2023 16:39:46 -0500
Subject: [PATCH 261/359] NET-5115 Add retry + timeout filters for api-gateway
 (#18324)

* squash, implement retry/timeout in consul core

* update tests
---
 .changelog/18324.txt                          |    3 +
 .../discoverychain/gateway_httproute.go       |   23 +
 agent/structs/config_entry_routes.go          |   19 +-
 agent/structs/structs.deepcopy.go             |   48 +
 agent/xds/resources_test.go                   |   86 +
 ...-route-timeoutfilter-one-set.latest.golden |   55 +
 ...-route-timeoutfilter-one-set.latest.golden |   41 +
 ...-route-timeoutfilter-one-set.latest.golden |   85 +
 ...-route-timeoutfilter-one-set.latest.golden |   51 +
 .../api-gateway-with-http-route.latest.golden |   59 +-
 ...-route-timeoutfilter-one-set.latest.golden |    5 +
 api/config_entry_routes.go                    |   20 +-
 go.mod                                        |    2 +-
 .../private/pbconfigentry/config_entry.gen.go |   52 +
 .../pbconfigentry/config_entry.pb.binary.go   |   20 +
 .../private/pbconfigentry/config_entry.pb.go  | 1381 ++++++++++-------
 .../private/pbconfigentry/config_entry.proto  |   26 +
 17 files changed, 1363 insertions(+), 613 deletions(-)
 create mode 100644 .changelog/18324.txt
 create mode 100644 agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
 create mode 100644 agent/xds/testdata/endpoints/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
 create mode 100644 agent/xds/testdata/listeners/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
 create mode 100644 agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
 create mode 100644 agent/xds/testdata/secrets/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden

diff --git a/.changelog/18324.txt b/.changelog/18324.txt
new file mode 100644
index 000000000000..6d1f11a92e96
--- /dev/null
+++ b/.changelog/18324.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+api-gateway: add retry and timeout filters
+```
\ No newline at end of file
diff --git a/agent/consul/discoverychain/gateway_httproute.go b/agent/consul/discoverychain/gateway_httproute.go
index fcd2dc440259..84866f271740 100644
--- a/agent/consul/discoverychain/gateway_httproute.go
+++ b/agent/consul/discoverychain/gateway_httproute.go
@@ -161,6 +161,28 @@ func httpRouteToDiscoveryChain(route structs.HTTPRouteConfigEntry) (*structs.Ser
 			}
 		}
 
+		if rule.Filters.RetryFilter != nil {
+			if rule.Filters.RetryFilter.NumRetries != nil {
+				destination.NumRetries = *rule.Filters.RetryFilter.NumRetries
+			}
+			if rule.Filters.RetryFilter.RetryOnConnectFailure != nil {
+				destination.RetryOnConnectFailure = *rule.Filters.RetryFilter.RetryOnConnectFailure
+			}
+
+			if len(rule.Filters.RetryFilter.RetryOn) > 0 {
+				destination.RetryOn = rule.Filters.RetryFilter.RetryOn
+			}
+
+			if len(rule.Filters.RetryFilter.RetryOnStatusCodes) > 0 {
+				destination.RetryOnStatusCodes = rule.Filters.RetryFilter.RetryOnStatusCodes
+			}
+		}
+
+		if rule.Filters.TimeoutFilter != nil {
+			destination.IdleTimeout = rule.Filters.TimeoutFilter.IdleTimeout
+			destination.RequestTimeout = rule.Filters.TimeoutFilter.RequestTimeout
+		}
+
 		// for each match rule a ServiceRoute is created for the service-router
 		// if there are no rules a single route with the destination is set
 		if len(rule.Matches) == 0 {
@@ -173,6 +195,7 @@ func httpRouteToDiscoveryChain(route structs.HTTPRouteConfigEntry) (*structs.Ser
 				Destination: &destination,
 			})
 		}
+
 	}
 
 	return router, splitters, defaults
diff --git a/agent/structs/config_entry_routes.go b/agent/structs/config_entry_routes.go
index 4d908331511d..a897759012e5 100644
--- a/agent/structs/config_entry_routes.go
+++ b/agent/structs/config_entry_routes.go
@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"strings"
+	"time"
 
 	"github.com/miekg/dns"
 
@@ -417,8 +418,10 @@ type HTTPQueryMatch struct {
 // HTTPFilters specifies a list of filters used to modify a request
 // before it is routed to an upstream.
 type HTTPFilters struct {
-	Headers    []HTTPHeaderFilter
-	URLRewrite *URLRewrite
+	Headers       []HTTPHeaderFilter
+	URLRewrite    *URLRewrite
+	RetryFilter   *RetryFilter
+	TimeoutFilter *TimeoutFilter
 }
 
 // HTTPHeaderFilter specifies how HTTP headers should be modified.
@@ -432,6 +435,18 @@ type URLRewrite struct {
 	Path string
 }
 
+type RetryFilter struct {
+	NumRetries            *uint32
+	RetryOn               []string
+	RetryOnStatusCodes    []uint32
+	RetryOnConnectFailure *bool
+}
+
+type TimeoutFilter struct {
+	RequestTimeout time.Duration
+	IdleTimeout    time.Duration
+}
+
 // HTTPRouteRule specifies the routing rules used to determine what upstream
 // service an HTTP request is routed to.
 type HTTPRouteRule struct {
diff --git a/agent/structs/structs.deepcopy.go b/agent/structs/structs.deepcopy.go
index cdd007c26cdb..c9a9783c935c 100644
--- a/agent/structs/structs.deepcopy.go
+++ b/agent/structs/structs.deepcopy.go
@@ -383,6 +383,30 @@ func (o *HTTPRouteConfigEntry) DeepCopy() *HTTPRouteConfigEntry {
 				cp.Rules[i2].Filters.URLRewrite = new(URLRewrite)
 				*cp.Rules[i2].Filters.URLRewrite = *o.Rules[i2].Filters.URLRewrite
 			}
+			if o.Rules[i2].Filters.RetryFilter != nil {
+				cp.Rules[i2].Filters.RetryFilter = new(RetryFilter)
+				*cp.Rules[i2].Filters.RetryFilter = *o.Rules[i2].Filters.RetryFilter
+				if o.Rules[i2].Filters.RetryFilter.NumRetries != nil {
+					cp.Rules[i2].Filters.RetryFilter.NumRetries = new(uint32)
+					*cp.Rules[i2].Filters.RetryFilter.NumRetries = *o.Rules[i2].Filters.RetryFilter.NumRetries
+				}
+				if o.Rules[i2].Filters.RetryFilter.RetryOn != nil {
+					cp.Rules[i2].Filters.RetryFilter.RetryOn = make([]string, len(o.Rules[i2].Filters.RetryFilter.RetryOn))
+					copy(cp.Rules[i2].Filters.RetryFilter.RetryOn, o.Rules[i2].Filters.RetryFilter.RetryOn)
+				}
+				if o.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes != nil {
+					cp.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes = make([]uint32, len(o.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes))
+					copy(cp.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes, o.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes)
+				}
+				if o.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure != nil {
+					cp.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure = new(bool)
+					*cp.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure = *o.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure
+				}
+			}
+			if o.Rules[i2].Filters.TimeoutFilter != nil {
+				cp.Rules[i2].Filters.TimeoutFilter = new(TimeoutFilter)
+				*cp.Rules[i2].Filters.TimeoutFilter = *o.Rules[i2].Filters.TimeoutFilter
+			}
 			if o.Rules[i2].Matches != nil {
 				cp.Rules[i2].Matches = make([]HTTPMatch, len(o.Rules[i2].Matches))
 				copy(cp.Rules[i2].Matches, o.Rules[i2].Matches)
@@ -427,6 +451,30 @@ func (o *HTTPRouteConfigEntry) DeepCopy() *HTTPRouteConfigEntry {
 						cp.Rules[i2].Services[i4].Filters.URLRewrite = new(URLRewrite)
 						*cp.Rules[i2].Services[i4].Filters.URLRewrite = *o.Rules[i2].Services[i4].Filters.URLRewrite
 					}
+					if o.Rules[i2].Services[i4].Filters.RetryFilter != nil {
+						cp.Rules[i2].Services[i4].Filters.RetryFilter = new(RetryFilter)
+						*cp.Rules[i2].Services[i4].Filters.RetryFilter = *o.Rules[i2].Services[i4].Filters.RetryFilter
+						if o.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries != nil {
+							cp.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries = new(uint32)
+							*cp.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries = *o.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries
+						}
+						if o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn != nil {
+							cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn = make([]string, len(o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn))
+							copy(cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn, o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn)
+						}
+						if o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes != nil {
+							cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes = make([]uint32, len(o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes))
+							copy(cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes, o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes)
+						}
+						if o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure != nil {
+							cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure = new(bool)
+							*cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure = *o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure
+						}
+					}
+					if o.Rules[i2].Services[i4].Filters.TimeoutFilter != nil {
+						cp.Rules[i2].Services[i4].Filters.TimeoutFilter = new(TimeoutFilter)
+						*cp.Rules[i2].Services[i4].Filters.TimeoutFilter = *o.Rules[i2].Services[i4].Filters.TimeoutFilter
+					}
 				}
 			}
 		}
diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go
index 47573f3173fc..f1ba3d5146c7 100644
--- a/agent/xds/resources_test.go
+++ b/agent/xds/resources_test.go
@@ -7,12 +7,14 @@ import (
 	"path/filepath"
 	"sort"
 	"testing"
+	"time"
 
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
 	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
+	"k8s.io/utils/pointer"
 
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/consul/discoverychain"
@@ -567,6 +569,90 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
 										Remove: []string{"X-Header-Remove"},
 									},
 								},
+								RetryFilter: &structs.RetryFilter{
+									NumRetries:            pointer.Uint32(3),
+									RetryOn:               []string{"cancelled"},
+									RetryOnStatusCodes:    []uint32{500},
+									RetryOnConnectFailure: pointer.Bool(true),
+								},
+								TimeoutFilter: &structs.TimeoutFilter{
+									IdleTimeout:    time.Second * 30,
+									RequestTimeout: time.Second * 30,
+								},
+							},
+							Services: []structs.HTTPService{{
+								Name: "service",
+							}},
+						}},
+						Parents: []structs.ResourceReference{
+							{
+								Kind: structs.APIGateway,
+								Name: "api-gateway",
+							},
+						},
+					},
+				}, []structs.InlineCertificateConfigEntry{{
+					Kind:        structs.InlineCertificate,
+					Name:        "certificate",
+					PrivateKey:  gatewayTestPrivateKey,
+					Certificate: gatewayTestCertificate,
+				}}, []proxycfg.UpdateEvent{{
+					CorrelationID: "discovery-chain:" + serviceUID.String(),
+					Result: &structs.DiscoveryChainResponse{
+						Chain: serviceChain,
+					},
+				}, {
+					CorrelationID: "upstream-target:" + serviceChain.ID() + ":" + serviceUID.String(),
+					Result: &structs.IndexedCheckServiceNodes{
+						Nodes: proxycfg.TestUpstreamNodes(t, "service"),
+					},
+				}})
+			},
+		},
+		{
+			name: "api-gateway-with-http-route-timeoutfilter-one-set",
+			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
+				return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) {
+					entry.Listeners = []structs.APIGatewayListener{
+						{
+							Name:     "listener",
+							Protocol: structs.ListenerProtocolHTTP,
+							Port:     8080,
+						},
+					}
+					bound.Listeners = []structs.BoundAPIGatewayListener{
+						{
+							Name: "listener",
+							Certificates: []structs.ResourceReference{{
+								Kind: structs.InlineCertificate,
+								Name: "certificate",
+							}},
+							Routes: []structs.ResourceReference{{
+								Kind: structs.HTTPRoute,
+								Name: "route",
+							}},
+						},
+					}
+				}, []structs.BoundRoute{
+					&structs.HTTPRouteConfigEntry{
+						Kind: structs.HTTPRoute,
+						Name: "route",
+						Rules: []structs.HTTPRouteRule{{
+							Filters: structs.HTTPFilters{
+								Headers: []structs.HTTPHeaderFilter{
+									{
+										Add: map[string]string{
+											"X-Header-Add": "added",
+										},
+										Set: map[string]string{
+											"X-Header-Set": "set",
+										},
+										Remove: []string{"X-Header-Remove"},
+									},
+								},
+								TimeoutFilter: &structs.TimeoutFilter{
+									IdleTimeout: time.Second * 30,
+								},
 							},
 							Services: []structs.HTTPService{{
 								Name: "service",
diff --git a/agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
new file mode 100644
index 000000000000..f18e7e0d9766
--- /dev/null
+++ b/agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
@@ -0,0 +1,55 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {},
+          "resourceApiVersion": "V3"
+        }
+      },
+      "connectTimeout": "5s",
+      "circuitBreakers": {},
+      "outlierDetection": {},
+      "commonLbConfig": {
+        "healthyPanicThreshold": {}
+      },
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "tlsParams": {},
+            "tlsCertificates": [
+              {
+                "certificateChain": {
+                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                },
+                "privateKey": {
+                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                }
+              }
+            ],
+            "validationContext": {
+              "trustedCa": {
+                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+              },
+              "matchSubjectAltNames": [
+                {
+                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service"
+                }
+              ]
+            }
+          },
+          "sni": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+        }
+      }
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/endpoints/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
new file mode 100644
index 000000000000..bda159302a84
--- /dev/null
+++ b/agent/xds/testdata/endpoints/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
@@ -0,0 +1,41 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+      "clusterName": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "endpoints": [
+        {
+          "lbEndpoints": [
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.1",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            },
+            {
+              "endpoint": {
+                "address": {
+                  "socketAddress": {
+                    "address": "10.10.1.2",
+                    "portValue": 8080
+                  }
+                }
+              },
+              "healthStatus": "HEALTHY",
+              "loadBalancingWeight": 1
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/listeners/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
new file mode 100644
index 000000000000..935e330a5983
--- /dev/null
+++ b/agent/xds/testdata/listeners/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
@@ -0,0 +1,85 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "http:1.2.3.4:8080",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8080
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "ingress_upstream_certificate",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
+                  },
+                  "routeConfigName": "8080"
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
+              }
+            }
+          ],
+          "transportSocket": {
+            "name": "tls",
+            "typedConfig": {
+              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
+              "commonTlsContext": {
+                "tlsParams": {},
+                "tlsCertificates": [
+                  {
+                    "certificateChain": {
+                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICljCCAX4CCQCQMDsYO8FrPjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJV\nUzAeFw0yMjEyMjAxNzUwMjVaFw0yNzEyMTkxNzUwMjVaMA0xCzAJBgNVBAYTAlVT\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx95Opa6t4lGEpiTUogEB\nptqOdam2ch4BHQGhNhX/MrDwwuZQhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2\njQlhqTodElkbsd5vWY8R/bxJWQSoNvVE12TlzECxGpJEiHt4W0r8pGffk+rvplji\nUyCfnT1kGF3znOSjK1hRMTn6RKWCyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409\ng9X5VU88/Bmmrz4cMyxce86Kc2ug5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftr\nXOvuCbO5IBRHMOBHiHTZ4rtGuhMaIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+W\nmQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfCqoUIdPf/HGSbOorPyZWbyizNtHJ\nGL7x9cAeIYxpI5Y/WcO1o5v94lvrgm3FNfJoGKbV66+JxOge731FrfMpHplhar1Z\nRahYIzNLRBTLrwadLAZkApUpZvB8qDK4knsTWFYujNsylCww2A6ajzIMFNU4GkUK\nNtyHRuD+KYRmjXtyX1yHNqfGN3vOQmwavHq2R8wHYuBSc6LAHHV9vG+j0VsgMELO\nqwxn8SmLkSKbf2+MsQVzLCXXN5u+D8Yv+4py+oKP4EQ5aFZuDEx+r/G/31rTthww\nAAJAMaoXmoYVdgXV+CPuBb2M4XCpuzLu3bcA2PXm5ipSyIgntMKwXV7r\n-----END CERTIFICATE-----\n"
+                    },
+                    "privateKey": {
+                      "inlineString": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAx95Opa6t4lGEpiTUogEBptqOdam2ch4BHQGhNhX/MrDwwuZQ\nhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2jQlhqTodElkbsd5vWY8R/bxJWQSo\nNvVE12TlzECxGpJEiHt4W0r8pGffk+rvpljiUyCfnT1kGF3znOSjK1hRMTn6RKWC\nyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409g9X5VU88/Bmmrz4cMyxce86Kc2ug\n5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftrXOvuCbO5IBRHMOBHiHTZ4rtGuhMa\nIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+WmQIDAQABAoIBACYvceUzp2MK4gYA\nGWPOP2uKbBdM0l+hHeNV0WAM+dHMfmMuL4pkT36ucqt0ySOLjw6rQyOZG5nmA6t9\nsv0g4ae2eCMlyDIeNi1Yavu4Wt6YX4cTXbQKThm83C6W2X9THKbauBbxD621bsDK\n7PhiGPN60yPue7YwFQAPqqD4YaK+s22HFIzk9gwM/rkvAUNwRv7SyHMiFe4Igc1C\nEev7iHWzvj5Heoz6XfF+XNF9DU+TieSUAdjd56VyUb8XL4+uBTOhHwLiXvAmfaMR\nHvpcxeKnYZusS6NaOxcUHiJnsLNWrxmJj9WEGgQzuLxcLjTe4vVmELVZD8t3QUKj\nPAxu8tUCgYEA7KIWVn9dfVpokReorFym+J8FzLwSktP9RZYEMonJo00i8aii3K9s\nu/aSwRWQSCzmON1ZcxZzWhwQF9usz6kGCk//9+4hlVW90GtNK0RD+j7sp4aT2JI8\n9eLEjTG+xSXa7XWe98QncjjL9lu/yrRncSTxHs13q/XP198nn2aYuQ8CgYEA2Dnt\nsRBzv0fFEvzzFv7G/5f85mouN38TUYvxNRTjBLCXl9DeKjDkOVZ2b6qlfQnYXIru\nH+W+v+AZEb6fySXc8FRab7lkgTMrwE+aeI4rkW7asVwtclv01QJ5wMnyT84AgDD/\nDgt/RThFaHgtU9TW5GOZveL+l9fVPn7vKFdTJdcCgYEArJ99zjHxwJ1whNAOk1av\n09UmRPm6TvRo4heTDk8oEoIWCNatoHI0z1YMLuENNSnT9Q280FFDayvnrY/qnD7A\nkktT/sjwJOG8q8trKzIMqQS4XWm2dxoPcIyyOBJfCbEY6XuRsUuePxwh5qF942EB\nyS9a2s6nC4Ix0lgPrqAIr48CgYBgS/Q6riwOXSU8nqCYdiEkBYlhCJrKpnJxF9T1\nofa0yPzKZP/8ZEfP7VzTwHjxJehQ1qLUW9pG08P2biH1UEKEWdzo8vT6wVJT1F/k\nHtTycR8+a+Hlk2SHVRHqNUYQGpuIe8mrdJ1as4Pd0d/F/P0zO9Rlh+mAsGPM8HUM\nT0+9gwKBgHDoerX7NTskg0H0t8O+iSMevdxpEWp34ZYa9gHiftTQGyrRgERCa7Gj\nnZPAxKb2JoWyfnu3v7G5gZ8fhDFsiOxLbZv6UZJBbUIh1MjJISpXrForDrC2QNLX\nkHrHfwBFDB3KMudhQknsJzEJKCL/KmFH6o0MvsoaT9yzEl3K+ah/\n-----END RSA PRIVATE KEY-----\n"
+                    }
+                  }
+                ],
+                "alpnProtocols": [
+                  "http/1.1"
+                ]
+              },
+              "requireClientCertificate": false
+            }
+          }
+        }
+      ],
+      "listenerFilters": [
+        {
+          "name": "envoy.filters.listener.tls_inspector",
+          "typedConfig": {
+            "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
+          }
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
new file mode 100644
index 000000000000..4a41a6d6dfb1
--- /dev/null
+++ b/agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
@@ -0,0 +1,51 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name": "8080",
+      "virtualHosts": [
+        {
+          "name": "api-gateway-listener-9b9265b",
+          "domains": [
+            "*",
+            "*:8080"
+          ],
+          "routes": [
+            {
+              "match": {
+                "prefix": "/"
+              },
+              "route": {
+                "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+                "idleTimeout": "30s"
+              },
+              "requestHeadersToAdd": [
+                {
+                  "header": {
+                    "key": "X-Header-Add",
+                    "value": "added"
+                  },
+                  "append": true
+                },
+                {
+                  "header": {
+                    "key": "X-Header-Set",
+                    "value": "set"
+                  },
+                  "append": false
+                }
+              ],
+              "requestHeadersToRemove": [
+                "X-Header-Remove"
+              ]
+            }
+          ]
+        }
+      ],
+      "validateClusters": true
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden
index e921201831a7..c79697246fc7 100644
--- a/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden
+++ b/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden
@@ -1,50 +1,59 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name":  "8080",
-      "virtualHosts":  [
+      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name": "8080",
+      "virtualHosts": [
         {
-          "name":  "api-gateway-listener-9b9265b",
-          "domains":  [
+          "name": "api-gateway-listener-9b9265b",
+          "domains": [
             "*",
             "*:8080"
           ],
-          "routes":  [
+          "routes": [
             {
-              "match":  {
-                "prefix":  "/"
+              "match": {
+                "prefix": "/"
               },
-              "route":  {
-                "cluster":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+              "route": {
+                "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+                "timeout": "30s",
+                "idleTimeout": "30s",
+                "retryPolicy": {
+                  "retryOn": "cancelled,connect-failure,retriable-status-codes",
+                  "numRetries": 3,
+                  "retriableStatusCodes": [
+                    500
+                  ]
+                }
               },
-              "requestHeadersToAdd":  [
+              "requestHeadersToAdd": [
                 {
-                  "header":  {
-                    "key":  "X-Header-Add",
-                    "value":  "added"
+                  "header": {
+                    "key": "X-Header-Add",
+                    "value": "added"
                   },
-                  "append":  true
+                  "append": true
                 },
                 {
-                  "header":  {
-                    "key":  "X-Header-Set",
-                    "value":  "set"
+                  "header": {
+                    "key": "X-Header-Set",
+                    "value": "set"
                   },
-                  "append":  false
+                  "append": false
                 }
               ],
-              "requestHeadersToRemove":  [
+              "requestHeadersToRemove": [
                 "X-Header-Remove"
               ]
             }
           ]
         }
       ],
-      "validateClusters":  true
+      "validateClusters": true
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/secrets/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
new file mode 100644
index 000000000000..95612291de70
--- /dev/null
+++ b/agent/xds/testdata/secrets/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
@@ -0,0 +1,5 @@
+{
+  "versionInfo": "00000001",
+  "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/api/config_entry_routes.go b/api/config_entry_routes.go
index cfea394535db..cd1c2aeb5281 100644
--- a/api/config_entry_routes.go
+++ b/api/config_entry_routes.go
@@ -3,6 +3,8 @@
 
 package api
 
+import "time"
+
 // TCPRouteConfigEntry -- TODO stub
 type TCPRouteConfigEntry struct {
 	// Kind of the config entry. This should be set to api.TCPRoute.
@@ -195,8 +197,10 @@ type HTTPQueryMatch struct {
 // HTTPFilters specifies a list of filters used to modify a request
 // before it is routed to an upstream.
 type HTTPFilters struct {
-	Headers    []HTTPHeaderFilter
-	URLRewrite *URLRewrite
+	Headers       []HTTPHeaderFilter
+	URLRewrite    *URLRewrite
+	RetryFilter   *RetryFilter
+	TimeoutFilter *TimeoutFilter
 }
 
 // HTTPHeaderFilter specifies how HTTP headers should be modified.
@@ -210,6 +214,18 @@ type URLRewrite struct {
 	Path string
 }
 
+type RetryFilter struct {
+	NumRetries            *uint32
+	RetryOn               []string
+	RetryOnStatusCodes    []uint32
+	RetryOnConnectFailure *bool
+}
+
+type TimeoutFilter struct {
+	RequestTimeout time.Duration
+	IdleTimeout    time.Duration
+}
+
 // HTTPRouteRule specifies the routing rules used to determine what upstream
 // service an HTTP request is routed to.
 type HTTPRouteRule struct {
diff --git a/go.mod b/go.mod
index 4c8a76b7fbf8..8d50bf61d752 100644
--- a/go.mod
+++ b/go.mod
@@ -118,6 +118,7 @@ require (
 	k8s.io/api v0.26.2
 	k8s.io/apimachinery v0.26.2
 	k8s.io/client-go v0.26.2
+	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5
 )
 
 require (
@@ -257,7 +258,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.90.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
-	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
diff --git a/proto/private/pbconfigentry/config_entry.gen.go b/proto/private/pbconfigentry/config_entry.gen.go
index ca75146af425..fe87fae26f02 100644
--- a/proto/private/pbconfigentry/config_entry.gen.go
+++ b/proto/private/pbconfigentry/config_entry.gen.go
@@ -369,6 +369,16 @@ func HTTPFiltersToStructs(s *HTTPFilters, t *structs.HTTPFilters) {
 		URLRewriteToStructs(s.URLRewrite, &x)
 		t.URLRewrite = &x
 	}
+	if s.RetryFilter != nil {
+		var x structs.RetryFilter
+		RetryFilterToStructs(s.RetryFilter, &x)
+		t.RetryFilter = &x
+	}
+	if s.TimeoutFilter != nil {
+		var x structs.TimeoutFilter
+		TimeoutFilterToStructs(s.TimeoutFilter, &x)
+		t.TimeoutFilter = &x
+	}
 }
 func HTTPFiltersFromStructs(t *structs.HTTPFilters, s *HTTPFilters) {
 	if s == nil {
@@ -389,6 +399,16 @@ func HTTPFiltersFromStructs(t *structs.HTTPFilters, s *HTTPFilters) {
 		URLRewriteFromStructs(t.URLRewrite, &x)
 		s.URLRewrite = &x
 	}
+	if t.RetryFilter != nil {
+		var x RetryFilter
+		RetryFilterFromStructs(t.RetryFilter, &x)
+		s.RetryFilter = &x
+	}
+	if t.TimeoutFilter != nil {
+		var x TimeoutFilter
+		TimeoutFilterFromStructs(t.TimeoutFilter, &x)
+		s.TimeoutFilter = &x
+	}
 }
 func HTTPHeaderFilterToStructs(s *HTTPHeaderFilter, t *structs.HTTPHeaderFilter) {
 	if s == nil {
@@ -1650,6 +1670,24 @@ func ResourceReferenceFromStructs(t *structs.ResourceReference, s *ResourceRefer
 	s.SectionName = t.SectionName
 	s.EnterpriseMeta = enterpriseMetaFromStructs(t.EnterpriseMeta)
 }
+func RetryFilterToStructs(s *RetryFilter, t *structs.RetryFilter) {
+	if s == nil {
+		return
+	}
+	t.NumRetries = &s.NumRetries
+	t.RetryOn = s.RetryOn
+	t.RetryOnStatusCodes = s.RetryOnStatusCodes
+	t.RetryOnConnectFailure = &s.RetryOnConnectFailure
+}
+func RetryFilterFromStructs(t *structs.RetryFilter, s *RetryFilter) {
+	if s == nil {
+		return
+	}
+	s.NumRetries = *t.NumRetries
+	s.RetryOn = t.RetryOn
+	s.RetryOnStatusCodes = t.RetryOnStatusCodes
+	s.RetryOnConnectFailure = *t.RetryOnConnectFailure
+}
 func RetryPolicyBackOffToStructs(s *RetryPolicyBackOff, t *structs.RetryPolicyBackOff) {
 	if s == nil {
 		return
@@ -2224,6 +2262,20 @@ func TCPServiceFromStructs(t *structs.TCPService, s *TCPService) {
 	s.Name = t.Name
 	s.EnterpriseMeta = enterpriseMetaFromStructs(t.EnterpriseMeta)
 }
+func TimeoutFilterToStructs(s *TimeoutFilter, t *structs.TimeoutFilter) {
+	if s == nil {
+		return
+	}
+	t.RequestTimeout = structs.DurationFromProto(s.RequestTimeout)
+	t.IdleTimeout = structs.DurationFromProto(s.IdleTimeout)
+}
+func TimeoutFilterFromStructs(t *structs.TimeoutFilter, s *TimeoutFilter) {
+	if s == nil {
+		return
+	}
+	s.RequestTimeout = structs.DurationToProto(t.RequestTimeout)
+	s.IdleTimeout = structs.DurationToProto(t.IdleTimeout)
+}
 func TransparentProxyConfigToStructs(s *TransparentProxyConfig, t *structs.TransparentProxyConfig) {
 	if s == nil {
 		return
diff --git a/proto/private/pbconfigentry/config_entry.pb.binary.go b/proto/private/pbconfigentry/config_entry.pb.binary.go
index bd9bac6c7e76..22890d7f37ac 100644
--- a/proto/private/pbconfigentry/config_entry.pb.binary.go
+++ b/proto/private/pbconfigentry/config_entry.pb.binary.go
@@ -627,6 +627,26 @@ func (msg *URLRewrite) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
 
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *RetryFilter) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *RetryFilter) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *TimeoutFilter) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *TimeoutFilter) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
 // MarshalBinary implements encoding.BinaryMarshaler
 func (msg *HTTPHeaderFilter) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
diff --git a/proto/private/pbconfigentry/config_entry.pb.go b/proto/private/pbconfigentry/config_entry.pb.go
index 2977d593f824..ce8f97d03652 100644
--- a/proto/private/pbconfigentry/config_entry.pb.go
+++ b/proto/private/pbconfigentry/config_entry.pb.go
@@ -5386,8 +5386,10 @@ type HTTPFilters struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Headers    []*HTTPHeaderFilter `protobuf:"bytes,1,rep,name=Headers,proto3" json:"Headers,omitempty"`
-	URLRewrite *URLRewrite         `protobuf:"bytes,2,opt,name=URLRewrite,proto3" json:"URLRewrite,omitempty"`
+	Headers       []*HTTPHeaderFilter `protobuf:"bytes,1,rep,name=Headers,proto3" json:"Headers,omitempty"`
+	URLRewrite    *URLRewrite         `protobuf:"bytes,2,opt,name=URLRewrite,proto3" json:"URLRewrite,omitempty"`
+	RetryFilter   *RetryFilter        `protobuf:"bytes,3,opt,name=RetryFilter,proto3" json:"RetryFilter,omitempty"`
+	TimeoutFilter *TimeoutFilter      `protobuf:"bytes,4,opt,name=TimeoutFilter,proto3" json:"TimeoutFilter,omitempty"`
 }
 
 func (x *HTTPFilters) Reset() {
@@ -5436,6 +5438,20 @@ func (x *HTTPFilters) GetURLRewrite() *URLRewrite {
 	return nil
 }
 
+func (x *HTTPFilters) GetRetryFilter() *RetryFilter {
+	if x != nil {
+		return x.RetryFilter
+	}
+	return nil
+}
+
+func (x *HTTPFilters) GetTimeoutFilter() *TimeoutFilter {
+	if x != nil {
+		return x.TimeoutFilter
+	}
+	return nil
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.URLRewrite
@@ -5488,6 +5504,144 @@ func (x *URLRewrite) GetPath() string {
 	return ""
 }
 
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.RetryFilter
+// output=config_entry.gen.go
+// name=Structs
+type RetryFilter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	NumRetries            uint32   `protobuf:"varint,1,opt,name=NumRetries,proto3" json:"NumRetries,omitempty"`
+	RetryOn               []string `protobuf:"bytes,2,rep,name=RetryOn,proto3" json:"RetryOn,omitempty"`
+	RetryOnStatusCodes    []uint32 `protobuf:"varint,3,rep,packed,name=RetryOnStatusCodes,proto3" json:"RetryOnStatusCodes,omitempty"`
+	RetryOnConnectFailure bool     `protobuf:"varint,4,opt,name=RetryOnConnectFailure,proto3" json:"RetryOnConnectFailure,omitempty"`
+}
+
+func (x *RetryFilter) Reset() {
+	*x = RetryFilter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RetryFilter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RetryFilter) ProtoMessage() {}
+
+func (x *RetryFilter) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RetryFilter.ProtoReflect.Descriptor instead.
+func (*RetryFilter) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{62}
+}
+
+func (x *RetryFilter) GetNumRetries() uint32 {
+	if x != nil {
+		return x.NumRetries
+	}
+	return 0
+}
+
+func (x *RetryFilter) GetRetryOn() []string {
+	if x != nil {
+		return x.RetryOn
+	}
+	return nil
+}
+
+func (x *RetryFilter) GetRetryOnStatusCodes() []uint32 {
+	if x != nil {
+		return x.RetryOnStatusCodes
+	}
+	return nil
+}
+
+func (x *RetryFilter) GetRetryOnConnectFailure() bool {
+	if x != nil {
+		return x.RetryOnConnectFailure
+	}
+	return false
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.TimeoutFilter
+// output=config_entry.gen.go
+// name=Structs
+type TimeoutFilter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
+	RequestTimeout *durationpb.Duration `protobuf:"bytes,1,opt,name=RequestTimeout,proto3" json:"RequestTimeout,omitempty"`
+	// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
+	IdleTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=IdleTimeout,proto3" json:"IdleTimeout,omitempty"`
+}
+
+func (x *TimeoutFilter) Reset() {
+	*x = TimeoutFilter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TimeoutFilter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TimeoutFilter) ProtoMessage() {}
+
+func (x *TimeoutFilter) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TimeoutFilter.ProtoReflect.Descriptor instead.
+func (*TimeoutFilter) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{63}
+}
+
+func (x *TimeoutFilter) GetRequestTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.RequestTimeout
+	}
+	return nil
+}
+
+func (x *TimeoutFilter) GetIdleTimeout() *durationpb.Duration {
+	if x != nil {
+		return x.IdleTimeout
+	}
+	return nil
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.HTTPHeaderFilter
@@ -5506,7 +5660,7 @@ type HTTPHeaderFilter struct {
 func (x *HTTPHeaderFilter) Reset() {
 	*x = HTTPHeaderFilter{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5519,7 +5673,7 @@ func (x *HTTPHeaderFilter) String() string {
 func (*HTTPHeaderFilter) ProtoMessage() {}
 
 func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5532,7 +5686,7 @@ func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPHeaderFilter.ProtoReflect.Descriptor instead.
 func (*HTTPHeaderFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{62}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{64}
 }
 
 func (x *HTTPHeaderFilter) GetAdd() map[string]string {
@@ -5577,7 +5731,7 @@ type HTTPService struct {
 func (x *HTTPService) Reset() {
 	*x = HTTPService{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5590,7 +5744,7 @@ func (x *HTTPService) String() string {
 func (*HTTPService) ProtoMessage() {}
 
 func (x *HTTPService) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5603,7 +5757,7 @@ func (x *HTTPService) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPService.ProtoReflect.Descriptor instead.
 func (*HTTPService) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{63}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{65}
 }
 
 func (x *HTTPService) GetName() string {
@@ -5654,7 +5808,7 @@ type TCPRoute struct {
 func (x *TCPRoute) Reset() {
 	*x = TCPRoute{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5667,7 +5821,7 @@ func (x *TCPRoute) String() string {
 func (*TCPRoute) ProtoMessage() {}
 
 func (x *TCPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5680,7 +5834,7 @@ func (x *TCPRoute) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TCPRoute.ProtoReflect.Descriptor instead.
 func (*TCPRoute) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{64}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{66}
 }
 
 func (x *TCPRoute) GetMeta() map[string]string {
@@ -5729,7 +5883,7 @@ type TCPService struct {
 func (x *TCPService) Reset() {
 	*x = TCPService{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5742,7 +5896,7 @@ func (x *TCPService) String() string {
 func (*TCPService) ProtoMessage() {}
 
 func (x *TCPService) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5755,7 +5909,7 @@ func (x *TCPService) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TCPService.ProtoReflect.Descriptor instead.
 func (*TCPService) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{65}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{67}
 }
 
 func (x *TCPService) GetName() string {
@@ -5795,7 +5949,7 @@ type SamenessGroup struct {
 func (x *SamenessGroup) Reset() {
 	*x = SamenessGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5808,7 +5962,7 @@ func (x *SamenessGroup) String() string {
 func (*SamenessGroup) ProtoMessage() {}
 
 func (x *SamenessGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5821,7 +5975,7 @@ func (x *SamenessGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SamenessGroup.ProtoReflect.Descriptor instead.
 func (*SamenessGroup) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{66}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{68}
 }
 
 func (x *SamenessGroup) GetName() string {
@@ -5883,7 +6037,7 @@ type SamenessGroupMember struct {
 func (x *SamenessGroupMember) Reset() {
 	*x = SamenessGroupMember{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5896,7 +6050,7 @@ func (x *SamenessGroupMember) String() string {
 func (*SamenessGroupMember) ProtoMessage() {}
 
 func (x *SamenessGroupMember) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5909,7 +6063,7 @@ func (x *SamenessGroupMember) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SamenessGroupMember.ProtoReflect.Descriptor instead.
 func (*SamenessGroupMember) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{67}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{69}
 }
 
 func (x *SamenessGroupMember) GetPartition() string {
@@ -5951,7 +6105,7 @@ type JWTProvider struct {
 func (x *JWTProvider) Reset() {
 	*x = JWTProvider{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5964,7 +6118,7 @@ func (x *JWTProvider) String() string {
 func (*JWTProvider) ProtoMessage() {}
 
 func (x *JWTProvider) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5977,7 +6131,7 @@ func (x *JWTProvider) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTProvider.ProtoReflect.Descriptor instead.
 func (*JWTProvider) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{68}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{70}
 }
 
 func (x *JWTProvider) GetJSONWebKeySet() *JSONWebKeySet {
@@ -6053,7 +6207,7 @@ type JSONWebKeySet struct {
 func (x *JSONWebKeySet) Reset() {
 	*x = JSONWebKeySet{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6066,7 +6220,7 @@ func (x *JSONWebKeySet) String() string {
 func (*JSONWebKeySet) ProtoMessage() {}
 
 func (x *JSONWebKeySet) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6079,7 +6233,7 @@ func (x *JSONWebKeySet) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JSONWebKeySet.ProtoReflect.Descriptor instead.
 func (*JSONWebKeySet) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{69}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{71}
 }
 
 func (x *JSONWebKeySet) GetLocal() *LocalJWKS {
@@ -6113,7 +6267,7 @@ type LocalJWKS struct {
 func (x *LocalJWKS) Reset() {
 	*x = LocalJWKS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6126,7 +6280,7 @@ func (x *LocalJWKS) String() string {
 func (*LocalJWKS) ProtoMessage() {}
 
 func (x *LocalJWKS) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6139,7 +6293,7 @@ func (x *LocalJWKS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LocalJWKS.ProtoReflect.Descriptor instead.
 func (*LocalJWKS) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{70}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
 }
 
 func (x *LocalJWKS) GetJWKS() string {
@@ -6179,7 +6333,7 @@ type RemoteJWKS struct {
 func (x *RemoteJWKS) Reset() {
 	*x = RemoteJWKS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6192,7 +6346,7 @@ func (x *RemoteJWKS) String() string {
 func (*RemoteJWKS) ProtoMessage() {}
 
 func (x *RemoteJWKS) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6205,7 +6359,7 @@ func (x *RemoteJWKS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RemoteJWKS.ProtoReflect.Descriptor instead.
 func (*RemoteJWKS) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{71}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
 }
 
 func (x *RemoteJWKS) GetURI() string {
@@ -6269,7 +6423,7 @@ type JWKSCluster struct {
 func (x *JWKSCluster) Reset() {
 	*x = JWKSCluster{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6282,7 +6436,7 @@ func (x *JWKSCluster) String() string {
 func (*JWKSCluster) ProtoMessage() {}
 
 func (x *JWKSCluster) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6295,7 +6449,7 @@ func (x *JWKSCluster) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSCluster.ProtoReflect.Descriptor instead.
 func (*JWKSCluster) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
 }
 
 func (x *JWKSCluster) GetDiscoveryType() string {
@@ -6336,7 +6490,7 @@ type JWKSTLSCertificate struct {
 func (x *JWKSTLSCertificate) Reset() {
 	*x = JWKSTLSCertificate{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6349,7 +6503,7 @@ func (x *JWKSTLSCertificate) String() string {
 func (*JWKSTLSCertificate) ProtoMessage() {}
 
 func (x *JWKSTLSCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6362,7 +6516,7 @@ func (x *JWKSTLSCertificate) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertificate.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertificate) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
 }
 
 func (x *JWKSTLSCertificate) GetCaCertificateProviderInstance() *JWKSTLSCertProviderInstance {
@@ -6396,7 +6550,7 @@ type JWKSTLSCertProviderInstance struct {
 func (x *JWKSTLSCertProviderInstance) Reset() {
 	*x = JWKSTLSCertProviderInstance{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6409,7 +6563,7 @@ func (x *JWKSTLSCertProviderInstance) String() string {
 func (*JWKSTLSCertProviderInstance) ProtoMessage() {}
 
 func (x *JWKSTLSCertProviderInstance) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6422,7 +6576,7 @@ func (x *JWKSTLSCertProviderInstance) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertProviderInstance.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertProviderInstance) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
 }
 
 func (x *JWKSTLSCertProviderInstance) GetInstanceName() string {
@@ -6458,7 +6612,7 @@ type JWKSTLSCertTrustedCA struct {
 func (x *JWKSTLSCertTrustedCA) Reset() {
 	*x = JWKSTLSCertTrustedCA{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6471,7 +6625,7 @@ func (x *JWKSTLSCertTrustedCA) String() string {
 func (*JWKSTLSCertTrustedCA) ProtoMessage() {}
 
 func (x *JWKSTLSCertTrustedCA) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6484,7 +6638,7 @@ func (x *JWKSTLSCertTrustedCA) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertTrustedCA.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertTrustedCA) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
 }
 
 func (x *JWKSTLSCertTrustedCA) GetFilename() string {
@@ -6533,7 +6687,7 @@ type JWKSRetryPolicy struct {
 func (x *JWKSRetryPolicy) Reset() {
 	*x = JWKSRetryPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6546,7 +6700,7 @@ func (x *JWKSRetryPolicy) String() string {
 func (*JWKSRetryPolicy) ProtoMessage() {}
 
 func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6559,7 +6713,7 @@ func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSRetryPolicy.ProtoReflect.Descriptor instead.
 func (*JWKSRetryPolicy) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
 }
 
 func (x *JWKSRetryPolicy) GetNumRetries() int32 {
@@ -6595,7 +6749,7 @@ type RetryPolicyBackOff struct {
 func (x *RetryPolicyBackOff) Reset() {
 	*x = RetryPolicyBackOff{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6608,7 +6762,7 @@ func (x *RetryPolicyBackOff) String() string {
 func (*RetryPolicyBackOff) ProtoMessage() {}
 
 func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6621,7 +6775,7 @@ func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RetryPolicyBackOff.ProtoReflect.Descriptor instead.
 func (*RetryPolicyBackOff) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
 }
 
 func (x *RetryPolicyBackOff) GetBaseInterval() *durationpb.Duration {
@@ -6656,7 +6810,7 @@ type JWTLocation struct {
 func (x *JWTLocation) Reset() {
 	*x = JWTLocation{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6669,7 +6823,7 @@ func (x *JWTLocation) String() string {
 func (*JWTLocation) ProtoMessage() {}
 
 func (x *JWTLocation) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6682,7 +6836,7 @@ func (x *JWTLocation) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocation.ProtoReflect.Descriptor instead.
 func (*JWTLocation) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{80}
 }
 
 func (x *JWTLocation) GetHeader() *JWTLocationHeader {
@@ -6724,7 +6878,7 @@ type JWTLocationHeader struct {
 func (x *JWTLocationHeader) Reset() {
 	*x = JWTLocationHeader{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6737,7 +6891,7 @@ func (x *JWTLocationHeader) String() string {
 func (*JWTLocationHeader) ProtoMessage() {}
 
 func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6750,7 +6904,7 @@ func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationHeader.ProtoReflect.Descriptor instead.
 func (*JWTLocationHeader) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{81}
 }
 
 func (x *JWTLocationHeader) GetName() string {
@@ -6790,7 +6944,7 @@ type JWTLocationQueryParam struct {
 func (x *JWTLocationQueryParam) Reset() {
 	*x = JWTLocationQueryParam{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6803,7 +6957,7 @@ func (x *JWTLocationQueryParam) String() string {
 func (*JWTLocationQueryParam) ProtoMessage() {}
 
 func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6816,7 +6970,7 @@ func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationQueryParam.ProtoReflect.Descriptor instead.
 func (*JWTLocationQueryParam) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{80}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{82}
 }
 
 func (x *JWTLocationQueryParam) GetName() string {
@@ -6842,7 +6996,7 @@ type JWTLocationCookie struct {
 func (x *JWTLocationCookie) Reset() {
 	*x = JWTLocationCookie{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6855,7 +7009,7 @@ func (x *JWTLocationCookie) String() string {
 func (*JWTLocationCookie) ProtoMessage() {}
 
 func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6868,7 +7022,7 @@ func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationCookie.ProtoReflect.Descriptor instead.
 func (*JWTLocationCookie) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{81}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{83}
 }
 
 func (x *JWTLocationCookie) GetName() string {
@@ -6895,7 +7049,7 @@ type JWTForwardingConfig struct {
 func (x *JWTForwardingConfig) Reset() {
 	*x = JWTForwardingConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6908,7 +7062,7 @@ func (x *JWTForwardingConfig) String() string {
 func (*JWTForwardingConfig) ProtoMessage() {}
 
 func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6921,7 +7075,7 @@ func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTForwardingConfig.ProtoReflect.Descriptor instead.
 func (*JWTForwardingConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{82}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{84}
 }
 
 func (x *JWTForwardingConfig) GetHeaderName() string {
@@ -6955,7 +7109,7 @@ type JWTCacheConfig struct {
 func (x *JWTCacheConfig) Reset() {
 	*x = JWTCacheConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6968,7 +7122,7 @@ func (x *JWTCacheConfig) String() string {
 func (*JWTCacheConfig) ProtoMessage() {}
 
 func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6981,7 +7135,7 @@ func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTCacheConfig.ProtoReflect.Descriptor instead.
 func (*JWTCacheConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{83}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{85}
 }
 
 func (x *JWTCacheConfig) GetSize() int32 {
@@ -8052,7 +8206,7 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12,
 	0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61,
 	0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xb3, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54,
+	0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xe5, 0x02, 0x0a, 0x0b, 0x48, 0x54, 0x54,
 	0x50, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64,
 	0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
@@ -8063,396 +8217,427 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
 	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
 	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69,
-	0x74, 0x65, 0x52, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0x20,
-	0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04,
-	0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68,
-	0x22, 0xc2, 0x02, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46,
-	0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x52, 0x0a, 0x03, 0x41, 0x64, 0x64, 0x18, 0x01, 0x20, 0x03,
+	0x74, 0x65, 0x52, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x54,
+	0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72,
+	0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69,
+	0x6c, 0x74, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46,
+	0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65,
+	0x72, 0x52, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72,
+	0x22, 0x20, 0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x12,
+	0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61,
+	0x74, 0x68, 0x22, 0xad, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74,
+	0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69,
+	0x65, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x2e, 0x0a, 0x12,
+	0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64,
+	0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f,
+	0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x15,
+	0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61,
+	0x69, 0x6c, 0x75, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x52, 0x65, 0x74,
+	0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61, 0x69, 0x6c, 0x75,
+	0x72, 0x65, 0x22, 0x8f, 0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69,
+	0x6c, 0x74, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x3b, 0x0a, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d,
+	0x65, 0x6f, 0x75, 0x74, 0x22, 0xc2, 0x02, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x52, 0x0a, 0x03, 0x41, 0x64, 0x64,
+	0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48,
+	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e,
+	0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x16, 0x0a,
+	0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x52,
+	0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x52, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x03, 0x20, 0x03,
 	0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
 	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x41, 0x64, 0x64, 0x45,
-	0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x6d,
-	0x6f, 0x76, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76,
-	0x65, 0x12, 0x52, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79,
-	0x52, 0x03, 0x53, 0x65, 0x74, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
-	0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a,
-	0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xe1, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65,
-	0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x57, 0x65, 0x69,
-	0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68,
-	0x74, 0x12, 0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46,
-	0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12,
-	0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74,
-	0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72,
-	0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72,
-	0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfc, 0x02, 0x0a, 0x08, 0x54, 0x43,
-	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50,
-	0x52, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
-	0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73,
-	0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x45,
+	0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x53, 0x65, 0x74, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64,
+	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
+	0x01, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a,
+	0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12,
+	0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xe1, 0x01, 0x0a, 0x0b, 0x48, 0x54,
+	0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a,
+	0x06, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x57,
+	0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52,
-	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
-	0x52, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x53, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48,
+	0x54, 0x54, 0x50, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74,
+	0x65, 0x72, 0x73, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73,
+	0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08,
-	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfc, 0x02,
+	0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x4d, 0x65,
+	0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
 	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a,
+	0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72,
+	0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
+	0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72,
+	0x65, 0x6e, 0x63, 0x65, 0x52, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4d, 0x0a,
+	0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x52, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61,
+	0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b,
+	0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x7a, 0x0a, 0x0a,
+	0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
+	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58,
+	0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70,
+	0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70,
+	0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xb4, 0x03, 0x0a, 0x0d, 0x53, 0x61, 0x6d,
+	0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
+	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e,
+	0x0a, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c,
+	0x6f, 0x76, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x44, 0x65, 0x66, 0x61,
+	0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x22,
+	0x0a, 0x0c, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63,
+	0x61, 0x6c, 0x12, 0x54, 0x0a, 0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65,
+	0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x52,
+	0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x12, 0x52, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61,
+	0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53,
+	0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4d, 0x65, 0x74,
+	0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e,
+	0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
+	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
+	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22,
+	0x47, 0x0a, 0x13, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70,
+	0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x22, 0xdd, 0x04, 0x0a, 0x0b, 0x4a, 0x57, 0x54,
+	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e,
+	0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b,
+	0x65, 0x79, 0x53, 0x65, 0x74, 0x52, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65,
+	0x79, 0x53, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09,
+	0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52,
+	0x09, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x09, 0x4c, 0x6f,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0a,
+	0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77,
+	0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x46, 0x6f,
+	0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x57, 0x0a, 0x0b, 0x43, 0x61, 0x63, 0x68,
+	0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x12, 0x50, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69,
+	0x64, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d,
+	0x65, 0x74, 0x61, 0x12, 0x2a, 0x0a, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77,
+	0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43,
+	0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x1a,
 	0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
 	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14,
 	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x7a, 0x0a, 0x0a, 0x54, 0x43, 0x50, 0x53,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65,
-	0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65,
-	0x4d, 0x65, 0x74, 0x61, 0x22, 0xb4, 0x03, 0x0a, 0x0d, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73,
-	0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e, 0x0a, 0x12, 0x44, 0x65,
-	0x66, 0x61, 0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x46,
-	0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e,
-	0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x0c, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x54,
-	0x0a, 0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x52, 0x07, 0x4d, 0x65, 0x6d,
-	0x62, 0x65, 0x72, 0x73, 0x12, 0x52, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e,
-	0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74,
-	0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65,
-	0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
-	0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
-	0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
-	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x47, 0x0a, 0x13, 0x53,
-	0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62,
-	0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x50, 0x65, 0x65, 0x72, 0x22, 0xdd, 0x04, 0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76,
-	0x69, 0x64, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b,
-	0x65, 0x79, 0x53, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65,
-	0x74, 0x52, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74,
-	0x12, 0x16, 0x0a, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x75, 0x64, 0x69,
-	0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x41, 0x75, 0x64,
-	0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa2, 0x01, 0x0a, 0x0d, 0x4a, 0x53, 0x4f,
+	0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x46, 0x0a, 0x05, 0x4c, 0x6f,
+	0x63, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x4c,
-	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0a, 0x46, 0x6f, 0x72, 0x77,
-	0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69,
-	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72,
-	0x64, 0x69, 0x6e, 0x67, 0x12, 0x57, 0x0a, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x05, 0x4c, 0x6f, 0x63,
+	0x61, 0x6c, 0x12, 0x49, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74,
+	0x65, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x22, 0x3b, 0x0a,
+	0x09, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x4a, 0x57,
+	0x4b, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x1a,
+	0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xed, 0x02, 0x0a, 0x0a, 0x52,
+	0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x49,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x2a, 0x0a, 0x10, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69,
+	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x12, 0x3f, 0x0a, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x13, 0x46, 0x65, 0x74, 0x63,
+	0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e,
+	0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x12, 0x58, 0x0a, 0x0b, 0x52, 0x65,
+	0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72,
+	0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x12, 0x54, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73,
+	0x74, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x52, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x50, 0x0a,
-	0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e,
-	0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12,
-	0x2a, 0x0a, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f,
-	0x6e, 0x64, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b,
-	0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d,
-	0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x3a, 0x02, 0x38, 0x01, 0x22, 0xa2, 0x01, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62,
-	0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x46, 0x0a, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f,
-	0x63, 0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x49,
-	0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57, 0x4b,
-	0x53, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x22, 0x3b, 0x0a, 0x09, 0x4c, 0x6f, 0x63,
-	0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69,
-	0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69,
-	0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xed, 0x02, 0x0a, 0x0a, 0x52, 0x65, 0x6d, 0x6f, 0x74,
-	0x65, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x2a, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x05, 0x52, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75,
-	0x74, 0x4d, 0x73, 0x12, 0x3f, 0x0a, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79,
-	0x6e, 0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68, 0x72, 0x6f,
-	0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x12, 0x58, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x12, 0x54, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18,
-	0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57,
-	0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
-	0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x44,
-	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x63, 0x0a, 0x0f,
-	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57,
-	0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x52, 0x0f, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x73, 0x12, 0x41, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65,
-	0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d,
-	0x65, 0x6f, 0x75, 0x74, 0x22, 0xfa, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x88, 0x01, 0x0a, 0x1d,
-	0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f,
-	0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53,
-	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49,
-	0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x1d, 0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69,
-	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e,
-	0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x59, 0x0a, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65,
-	0x64, 0x43, 0x41, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x4a,
+	0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0b, 0x4a,
+	0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x69,
+	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65,
+	0x12, 0x63, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75,
-	0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x52, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43,
-	0x41, 0x22, 0x6b, 0x0a, 0x1b, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74,
-	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
-	0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
-	0x4e, 0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x43,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xaa,
-	0x01, 0x0a, 0x14, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72,
-	0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
-	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65,
-	0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72,
-	0x69, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x53,
-	0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x6c,
-	0x69, 0x6e, 0x65, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x49, 0x6e, 0x6c,
-	0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b,
-	0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x0f,
-	0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12,
-	0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12,
-	0x69, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61,
-	0x63, 0x6b, 0x4f, 0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42,
-	0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22, 0x90, 0x01, 0x0a, 0x12, 0x52,
-	0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66,
-	0x66, 0x12, 0x3d, 0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
-	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c,
-	0x12, 0x3b, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x22, 0x8f, 0x02,
-	0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a,
-	0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e,
+	0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x52, 0x0f, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x41, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0xfa, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x4b,
+	0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12,
+	0x88, 0x01, 0x0a, 0x1d, 0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
+	0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69,
+	0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x1d, 0x43, 0x61, 0x43,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
+	0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x59, 0x0a, 0x09, 0x54, 0x72,
+	0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e,
 	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
 	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12,
-	0x5c, 0x0a, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72,
+	0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x52, 0x09, 0x54, 0x72, 0x75, 0x73,
+	0x74, 0x65, 0x64, 0x43, 0x41, 0x22, 0x6b, 0x0a, 0x1b, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53,
+	0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74,
+	0x61, 0x6e, 0x63, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
+	0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x73, 0x74,
+	0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61,
+	0x6d, 0x65, 0x22, 0xaa, 0x01, 0x0a, 0x14, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65,
+	0x72, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x12, 0x1a, 0x0a, 0x08, 0x46,
+	0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46,
+	0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72,
+	0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e,
+	0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x6c,
+	0x69, 0x6e, 0x65, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a,
+	0x0b, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x0c, 0x52, 0x0b, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22,
+	0x9c, 0x01, 0x0a, 0x0f, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65,
+	0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72,
+	0x69, 0x65, 0x73, 0x12, 0x69, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72,
+	0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22, 0x90,
+	0x01, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61,
+	0x63, 0x6b, 0x4f, 0x66, 0x66, 0x12, 0x3d, 0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74,
+	0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65,
+	0x72, 0x76, 0x61, 0x6c, 0x12, 0x3b, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72,
+	0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
+	0x6c, 0x22, 0x8f, 0x02, 0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x50, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x12, 0x5c, 0x0a, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61,
+	0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
+	0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79,
+	0x50, 0x61, 0x72, 0x61, 0x6d, 0x52, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61,
+	0x6d, 0x12, 0x50, 0x0a, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f, 0x6f,
+	0x6b, 0x69, 0x65, 0x22, 0x63, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0b, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18,
+	0x0a, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x07, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54, 0x4c,
 	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61,
-	0x6d, 0x52, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x50, 0x0a,
-	0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22,
-	0x63, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x56, 0x61, 0x6c, 0x75,
-	0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x46, 0x6f,
-	0x72, 0x77, 0x61, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x46, 0x6f, 0x72,
-	0x77, 0x61, 0x72, 0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x12, 0x0a,
-	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d,
-	0x65, 0x22, 0x27, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x6f, 0x0a, 0x13, 0x4a, 0x57,
-	0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d,
-	0x65, 0x12, 0x38, 0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50,
-	0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61,
-	0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0e, 0x4a,
-	0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a,
-	0x04, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x53, 0x69, 0x7a,
-	0x65, 0x2a, 0xa9, 0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69,
-	0x6e, 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b,
-	0x69, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x01, 0x12,
-	0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65,
-	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64,
-	0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x03,
-	0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49,
-	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x4b,
-	0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c,
-	0x74, 0x73, 0x10, 0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x6c, 0x69,
-	0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x10, 0x06, 0x12,
-	0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
-	0x79, 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x42, 0x6f, 0x75, 0x6e, 0x64,
-	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d,
-	0x4b, 0x69, 0x6e, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x09, 0x12,
-	0x10, 0x0a, 0x0c, 0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10,
-	0x0a, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73,
-	0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x69, 0x6e, 0x64,
-	0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x10, 0x0c, 0x2a, 0x26, 0x0a,
-	0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0x08, 0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x6c,
-	0x6c, 0x6f, 0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69,
-	0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78,
-	0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
-	0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x50,
-	0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72,
-	0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
-	0x64, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5f, 0x0a, 0x0d, 0x4d, 0x75,
-	0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4d,
-	0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61,
-	0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54,
-	0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x1b,
-	0x0a, 0x17, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x50,
-	0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02, 0x2a, 0x7b, 0x0a, 0x0f, 0x4d,
-	0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a,
-	0x0a, 0x16, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64,
-	0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x65,
-	0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4e, 0x6f, 0x6e,
-	0x65, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77,
-	0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x10, 0x02, 0x12, 0x19, 0x0a,
-	0x15, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65,
-	0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47,
-	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72,
-	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
-	0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00,
-	0x12, 0x17, 0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74,
-	0x6f, 0x63, 0x6f, 0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92, 0x02, 0x0a, 0x0f, 0x48, 0x54,
-	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x16, 0x0a,
-	0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x41, 0x6c, 0x6c, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10,
-	0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12,
-	0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x47,
-	0x65, 0x74, 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64, 0x10, 0x04, 0x12, 0x1a, 0x0a,
-	0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54,
-	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x61, 0x74, 0x63,
-	0x68, 0x10, 0x06, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10, 0x07, 0x12, 0x16, 0x0a, 0x12,
-	0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50,
-	0x75, 0x74, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63, 0x65, 0x10, 0x09, 0x2a, 0xa7,
-	0x01, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00,
-	0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x48,
-	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72,
-	0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20, 0x48, 0x54, 0x54, 0x50, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61,
-	0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x12, 0x19, 0x0a,
-	0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a, 0x11, 0x48, 0x54, 0x54, 0x50,
-	0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a,
-	0x12, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78,
-	0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74,
-	0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x22,
-	0x0a, 0x1e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52,
-	0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
-	0x10, 0x03, 0x2a, 0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50,
-	0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10,
-	0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f,
-	0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65,
+	0x6d, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x27, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
+	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x6f,
+	0x0a, 0x13, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77,
+	0x61, 0x72, 0x64, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61,
+	0x72, 0x64, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22,
+	0x24, 0x0a, 0x0e, 0x4a, 0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x04, 0x53, 0x69, 0x7a, 0x65, 0x2a, 0xa9, 0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f,
+	0x0a, 0x0b, 0x4b, 0x69, 0x6e, 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12,
+	0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12,
+	0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77,
+	0x61, 0x79, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12,
+	0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65,
+	0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x10, 0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64,
+	0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x10, 0x06, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61,
+	0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x42,
+	0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x08,
+	0x12, 0x11, 0x0a, 0x0d, 0x4b, 0x69, 0x6e, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74,
+	0x65, 0x10, 0x09, 0x12, 0x10, 0x0a, 0x0c, 0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x10, 0x0a, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61, 0x6d,
+	0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f,
+	0x4b, 0x69, 0x6e, 0x64, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x10,
+	0x0c, 0x2a, 0x26, 0x0a, 0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09,
+	0x0a, 0x05, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65,
+	0x12, 0x0a, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a, 0x09,
+	0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72, 0x6f,
+	0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12,
+	0x18, 0x0a, 0x14, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61, 0x6e,
+	0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f,
+	0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5f,
+	0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12,
+	0x18, 0x0a, 0x14, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65,
+	0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75, 0x74,
+	0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63, 0x74,
+	0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d,
+	0x6f, 0x64, 0x65, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02, 0x2a,
+	0x7b, 0x0a, 0x0f, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f,
+	0x64, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
+	0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17,
+	0x0a, 0x13, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64,
+	0x65, 0x4e, 0x6f, 0x6e, 0x65, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x47,
+	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x10,
+	0x02, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
+	0x4d, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x1a,
+	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
+	0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x69,
+	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48, 0x54,
+	0x54, 0x50, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92, 0x02,
+	0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f,
+	0x64, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x41, 0x6c, 0x6c, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54,
+	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x02,
+	0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74,
+	0x68, 0x6f, 0x64, 0x47, 0x65, 0x74, 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64, 0x10,
+	0x04, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18, 0x0a,
+	0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x50, 0x61, 0x74, 0x63, 0x68, 0x10, 0x06, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10, 0x07,
+	0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74,
+	0x68, 0x6f, 0x64, 0x50, 0x75, 0x74, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63, 0x65,
+	0x10, 0x09, 0x2a, 0xa7, 0x01, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54,
+	0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61,
+	0x63, 0x74, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12,
+	0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20, 0x48,
+	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65,
 	0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10,
-	0x03, 0x42, 0xae, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42,
-	0x10, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74,
-	0x6f, 0x50, 0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70,
-	0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x04, 0x48,
-	0x43, 0x49, 0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, 0x25, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d,
-	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x03, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a, 0x11,
+	0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70,
+	0x65, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54,
+	0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78,
+	0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73,
+	0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x2a, 0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75,
+	0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13,
+	0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78,
+	0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65,
+	0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01,
+	0x12, 0x23, 0x0a, 0x1f, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73,
+	0x69, 0x6f, 0x6e, 0x10, 0x03, 0x42, 0xae, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x42, 0x10, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61,
+	0x74, 0x65, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca,
+	0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c,
+	0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a,
+	0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -8468,7 +8653,7 @@ func file_private_pbconfigentry_config_entry_proto_rawDescGZIP() []byte {
 }
 
 var file_private_pbconfigentry_config_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 11)
-var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 104)
+var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 106)
 var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(Kind)(0),                                   // 0: hashicorp.consul.internal.configentry.Kind
 	(IntentionAction)(0),                        // 1: hashicorp.consul.internal.configentry.IntentionAction
@@ -8543,58 +8728,60 @@ var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(*HTTPQueryMatch)(nil),                      // 70: hashicorp.consul.internal.configentry.HTTPQueryMatch
 	(*HTTPFilters)(nil),                         // 71: hashicorp.consul.internal.configentry.HTTPFilters
 	(*URLRewrite)(nil),                          // 72: hashicorp.consul.internal.configentry.URLRewrite
-	(*HTTPHeaderFilter)(nil),                    // 73: hashicorp.consul.internal.configentry.HTTPHeaderFilter
-	(*HTTPService)(nil),                         // 74: hashicorp.consul.internal.configentry.HTTPService
-	(*TCPRoute)(nil),                            // 75: hashicorp.consul.internal.configentry.TCPRoute
-	(*TCPService)(nil),                          // 76: hashicorp.consul.internal.configentry.TCPService
-	(*SamenessGroup)(nil),                       // 77: hashicorp.consul.internal.configentry.SamenessGroup
-	(*SamenessGroupMember)(nil),                 // 78: hashicorp.consul.internal.configentry.SamenessGroupMember
-	(*JWTProvider)(nil),                         // 79: hashicorp.consul.internal.configentry.JWTProvider
-	(*JSONWebKeySet)(nil),                       // 80: hashicorp.consul.internal.configentry.JSONWebKeySet
-	(*LocalJWKS)(nil),                           // 81: hashicorp.consul.internal.configentry.LocalJWKS
-	(*RemoteJWKS)(nil),                          // 82: hashicorp.consul.internal.configentry.RemoteJWKS
-	(*JWKSCluster)(nil),                         // 83: hashicorp.consul.internal.configentry.JWKSCluster
-	(*JWKSTLSCertificate)(nil),                  // 84: hashicorp.consul.internal.configentry.JWKSTLSCertificate
-	(*JWKSTLSCertProviderInstance)(nil),         // 85: hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
-	(*JWKSTLSCertTrustedCA)(nil),                // 86: hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
-	(*JWKSRetryPolicy)(nil),                     // 87: hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	(*RetryPolicyBackOff)(nil),                  // 88: hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	(*JWTLocation)(nil),                         // 89: hashicorp.consul.internal.configentry.JWTLocation
-	(*JWTLocationHeader)(nil),                   // 90: hashicorp.consul.internal.configentry.JWTLocationHeader
-	(*JWTLocationQueryParam)(nil),               // 91: hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	(*JWTLocationCookie)(nil),                   // 92: hashicorp.consul.internal.configentry.JWTLocationCookie
-	(*JWTForwardingConfig)(nil),                 // 93: hashicorp.consul.internal.configentry.JWTForwardingConfig
-	(*JWTCacheConfig)(nil),                      // 94: hashicorp.consul.internal.configentry.JWTCacheConfig
-	nil,                                         // 95: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
-	nil,                                         // 96: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
-	nil,                                         // 97: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	nil,                                         // 98: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	nil,                                         // 99: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
-	nil,                                         // 100: hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	nil,                                         // 101: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	nil,                                         // 102: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
-	nil,                                         // 103: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
-	nil,                                         // 104: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	nil,                                         // 105: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	nil,                                         // 106: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
-	nil,                                         // 107: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
-	nil,                                         // 108: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	nil,                                         // 109: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
-	nil,                                         // 110: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	nil,                                         // 111: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
-	nil,                                         // 112: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
-	nil,                                         // 113: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	nil,                                         // 114: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
-	(*pbcommon.EnterpriseMeta)(nil),             // 115: hashicorp.consul.internal.common.EnterpriseMeta
-	(*pbcommon.RaftIndex)(nil),                  // 116: hashicorp.consul.internal.common.RaftIndex
-	(*durationpb.Duration)(nil),                 // 117: google.protobuf.Duration
-	(*timestamppb.Timestamp)(nil),               // 118: google.protobuf.Timestamp
-	(*pbcommon.EnvoyExtension)(nil),             // 119: hashicorp.consul.internal.common.EnvoyExtension
+	(*RetryFilter)(nil),                         // 73: hashicorp.consul.internal.configentry.RetryFilter
+	(*TimeoutFilter)(nil),                       // 74: hashicorp.consul.internal.configentry.TimeoutFilter
+	(*HTTPHeaderFilter)(nil),                    // 75: hashicorp.consul.internal.configentry.HTTPHeaderFilter
+	(*HTTPService)(nil),                         // 76: hashicorp.consul.internal.configentry.HTTPService
+	(*TCPRoute)(nil),                            // 77: hashicorp.consul.internal.configentry.TCPRoute
+	(*TCPService)(nil),                          // 78: hashicorp.consul.internal.configentry.TCPService
+	(*SamenessGroup)(nil),                       // 79: hashicorp.consul.internal.configentry.SamenessGroup
+	(*SamenessGroupMember)(nil),                 // 80: hashicorp.consul.internal.configentry.SamenessGroupMember
+	(*JWTProvider)(nil),                         // 81: hashicorp.consul.internal.configentry.JWTProvider
+	(*JSONWebKeySet)(nil),                       // 82: hashicorp.consul.internal.configentry.JSONWebKeySet
+	(*LocalJWKS)(nil),                           // 83: hashicorp.consul.internal.configentry.LocalJWKS
+	(*RemoteJWKS)(nil),                          // 84: hashicorp.consul.internal.configentry.RemoteJWKS
+	(*JWKSCluster)(nil),                         // 85: hashicorp.consul.internal.configentry.JWKSCluster
+	(*JWKSTLSCertificate)(nil),                  // 86: hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	(*JWKSTLSCertProviderInstance)(nil),         // 87: hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	(*JWKSTLSCertTrustedCA)(nil),                // 88: hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	(*JWKSRetryPolicy)(nil),                     // 89: hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	(*RetryPolicyBackOff)(nil),                  // 90: hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	(*JWTLocation)(nil),                         // 91: hashicorp.consul.internal.configentry.JWTLocation
+	(*JWTLocationHeader)(nil),                   // 92: hashicorp.consul.internal.configentry.JWTLocationHeader
+	(*JWTLocationQueryParam)(nil),               // 93: hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	(*JWTLocationCookie)(nil),                   // 94: hashicorp.consul.internal.configentry.JWTLocationCookie
+	(*JWTForwardingConfig)(nil),                 // 95: hashicorp.consul.internal.configentry.JWTForwardingConfig
+	(*JWTCacheConfig)(nil),                      // 96: hashicorp.consul.internal.configentry.JWTCacheConfig
+	nil,                                         // 97: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	nil,                                         // 98: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	nil,                                         // 99: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	nil,                                         // 100: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	nil,                                         // 101: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	nil,                                         // 102: hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	nil,                                         // 103: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	nil,                                         // 104: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	nil,                                         // 105: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	nil,                                         // 106: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	nil,                                         // 107: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	nil,                                         // 108: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	nil,                                         // 109: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	nil,                                         // 110: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	nil,                                         // 111: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	nil,                                         // 112: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	nil,                                         // 113: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	nil,                                         // 114: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	nil,                                         // 115: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	nil,                                         // 116: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	(*pbcommon.EnterpriseMeta)(nil),             // 117: hashicorp.consul.internal.common.EnterpriseMeta
+	(*pbcommon.RaftIndex)(nil),                  // 118: hashicorp.consul.internal.common.RaftIndex
+	(*durationpb.Duration)(nil),                 // 119: google.protobuf.Duration
+	(*timestamppb.Timestamp)(nil),               // 120: google.protobuf.Timestamp
+	(*pbcommon.EnvoyExtension)(nil),             // 121: hashicorp.consul.internal.common.EnvoyExtension
 }
 var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	0,   // 0: hashicorp.consul.internal.configentry.ConfigEntry.Kind:type_name -> hashicorp.consul.internal.configentry.Kind
-	115, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	116, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
+	117, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	118, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
 	12,  // 3: hashicorp.consul.internal.configentry.ConfigEntry.MeshConfig:type_name -> hashicorp.consul.internal.configentry.MeshConfig
 	18,  // 4: hashicorp.consul.internal.configentry.ConfigEntry.ServiceResolver:type_name -> hashicorp.consul.internal.configentry.ServiceResolver
 	30,  // 5: hashicorp.consul.internal.configentry.ConfigEntry.IngressGateway:type_name -> hashicorp.consul.internal.configentry.IngressGateway
@@ -8602,25 +8789,25 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	46,  // 7: hashicorp.consul.internal.configentry.ConfigEntry.ServiceDefaults:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults
 	56,  // 8: hashicorp.consul.internal.configentry.ConfigEntry.APIGateway:type_name -> hashicorp.consul.internal.configentry.APIGateway
 	62,  // 9: hashicorp.consul.internal.configentry.ConfigEntry.BoundAPIGateway:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway
-	75,  // 10: hashicorp.consul.internal.configentry.ConfigEntry.TCPRoute:type_name -> hashicorp.consul.internal.configentry.TCPRoute
+	77,  // 10: hashicorp.consul.internal.configentry.ConfigEntry.TCPRoute:type_name -> hashicorp.consul.internal.configentry.TCPRoute
 	65,  // 11: hashicorp.consul.internal.configentry.ConfigEntry.HTTPRoute:type_name -> hashicorp.consul.internal.configentry.HTTPRoute
 	64,  // 12: hashicorp.consul.internal.configentry.ConfigEntry.InlineCertificate:type_name -> hashicorp.consul.internal.configentry.InlineCertificate
-	77,  // 13: hashicorp.consul.internal.configentry.ConfigEntry.SamenessGroup:type_name -> hashicorp.consul.internal.configentry.SamenessGroup
-	79,  // 14: hashicorp.consul.internal.configentry.ConfigEntry.JWTProvider:type_name -> hashicorp.consul.internal.configentry.JWTProvider
+	79,  // 13: hashicorp.consul.internal.configentry.ConfigEntry.SamenessGroup:type_name -> hashicorp.consul.internal.configentry.SamenessGroup
+	81,  // 14: hashicorp.consul.internal.configentry.ConfigEntry.JWTProvider:type_name -> hashicorp.consul.internal.configentry.JWTProvider
 	13,  // 15: hashicorp.consul.internal.configentry.MeshConfig.TransparentProxy:type_name -> hashicorp.consul.internal.configentry.TransparentProxyMeshConfig
 	14,  // 16: hashicorp.consul.internal.configentry.MeshConfig.TLS:type_name -> hashicorp.consul.internal.configentry.MeshTLSConfig
 	16,  // 17: hashicorp.consul.internal.configentry.MeshConfig.HTTP:type_name -> hashicorp.consul.internal.configentry.MeshHTTPConfig
-	95,  // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	97,  // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
 	17,  // 19: hashicorp.consul.internal.configentry.MeshConfig.Peering:type_name -> hashicorp.consul.internal.configentry.PeeringMeshConfig
 	15,  // 20: hashicorp.consul.internal.configentry.MeshTLSConfig.Incoming:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
 	15,  // 21: hashicorp.consul.internal.configentry.MeshTLSConfig.Outgoing:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
-	96,  // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	98,  // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
 	20,  // 23: hashicorp.consul.internal.configentry.ServiceResolver.Redirect:type_name -> hashicorp.consul.internal.configentry.ServiceResolverRedirect
-	97,  // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	117, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
+	99,  // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	119, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
 	25,  // 26: hashicorp.consul.internal.configentry.ServiceResolver.LoadBalancer:type_name -> hashicorp.consul.internal.configentry.LoadBalancer
-	98,  // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	117, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
+	100, // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	119, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
 	23,  // 29: hashicorp.consul.internal.configentry.ServiceResolver.PrioritizeByLocality:type_name -> hashicorp.consul.internal.configentry.ServiceResolverPrioritizeByLocality
 	24,  // 30: hashicorp.consul.internal.configentry.ServiceResolverFailover.Targets:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverTarget
 	22,  // 31: hashicorp.consul.internal.configentry.ServiceResolverFailover.Policy:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverPolicy
@@ -8628,10 +8815,10 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	27,  // 33: hashicorp.consul.internal.configentry.LoadBalancer.LeastRequestConfig:type_name -> hashicorp.consul.internal.configentry.LeastRequestConfig
 	28,  // 34: hashicorp.consul.internal.configentry.LoadBalancer.HashPolicies:type_name -> hashicorp.consul.internal.configentry.HashPolicy
 	29,  // 35: hashicorp.consul.internal.configentry.HashPolicy.CookieConfig:type_name -> hashicorp.consul.internal.configentry.CookieConfig
-	117, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
+	119, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
 	32,  // 37: hashicorp.consul.internal.configentry.IngressGateway.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig
 	34,  // 38: hashicorp.consul.internal.configentry.IngressGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.IngressListener
-	99,  // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	101, // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
 	31,  // 40: hashicorp.consul.internal.configentry.IngressGateway.Defaults:type_name -> hashicorp.consul.internal.configentry.IngressServiceConfig
 	54,  // 41: hashicorp.consul.internal.configentry.IngressServiceConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 42: hashicorp.consul.internal.configentry.GatewayTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
@@ -8640,24 +8827,24 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	36,  // 45: hashicorp.consul.internal.configentry.IngressService.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayServiceTLSConfig
 	37,  // 46: hashicorp.consul.internal.configentry.IngressService.RequestHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
 	37,  // 47: hashicorp.consul.internal.configentry.IngressService.ResponseHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
-	100, // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	115, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	102, // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	117, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	54,  // 50: hashicorp.consul.internal.configentry.IngressService.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 51: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
-	101, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	102, // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	103, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	104, // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
 	42,  // 54: hashicorp.consul.internal.configentry.ServiceIntentions.Sources:type_name -> hashicorp.consul.internal.configentry.SourceIntention
-	103, // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	105, // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
 	39,  // 56: hashicorp.consul.internal.configentry.ServiceIntentions.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
 	40,  // 57: hashicorp.consul.internal.configentry.IntentionJWTRequirement.Providers:type_name -> hashicorp.consul.internal.configentry.IntentionJWTProvider
 	41,  // 58: hashicorp.consul.internal.configentry.IntentionJWTProvider.VerifyClaims:type_name -> hashicorp.consul.internal.configentry.IntentionJWTClaimVerification
 	1,   // 59: hashicorp.consul.internal.configentry.SourceIntention.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	43,  // 60: hashicorp.consul.internal.configentry.SourceIntention.Permissions:type_name -> hashicorp.consul.internal.configentry.IntentionPermission
 	2,   // 61: hashicorp.consul.internal.configentry.SourceIntention.Type:type_name -> hashicorp.consul.internal.configentry.IntentionSourceType
-	104, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	118, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
-	118, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
-	115, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	106, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	120, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
+	120, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
+	117, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	1,   // 66: hashicorp.consul.internal.configentry.IntentionPermission.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	44,  // 67: hashicorp.consul.internal.configentry.IntentionPermission.HTTP:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPPermission
 	39,  // 68: hashicorp.consul.internal.configentry.IntentionPermission.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
@@ -8668,41 +8855,41 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	49,  // 73: hashicorp.consul.internal.configentry.ServiceDefaults.Expose:type_name -> hashicorp.consul.internal.configentry.ExposeConfig
 	51,  // 74: hashicorp.consul.internal.configentry.ServiceDefaults.UpstreamConfig:type_name -> hashicorp.consul.internal.configentry.UpstreamConfiguration
 	55,  // 75: hashicorp.consul.internal.configentry.ServiceDefaults.Destination:type_name -> hashicorp.consul.internal.configentry.DestinationConfig
-	105, // 76: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	119, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
+	107, // 76: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	121, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
 	4,   // 78: hashicorp.consul.internal.configentry.ServiceDefaults.MutualTLSMode:type_name -> hashicorp.consul.internal.configentry.MutualTLSMode
 	5,   // 79: hashicorp.consul.internal.configentry.MeshGatewayConfig.Mode:type_name -> hashicorp.consul.internal.configentry.MeshGatewayMode
 	50,  // 80: hashicorp.consul.internal.configentry.ExposeConfig.Paths:type_name -> hashicorp.consul.internal.configentry.ExposePath
 	52,  // 81: hashicorp.consul.internal.configentry.UpstreamConfiguration.Overrides:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
 	52,  // 82: hashicorp.consul.internal.configentry.UpstreamConfiguration.Defaults:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
-	115, // 83: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	117, // 83: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	53,  // 84: hashicorp.consul.internal.configentry.UpstreamConfig.Limits:type_name -> hashicorp.consul.internal.configentry.UpstreamLimits
 	54,  // 85: hashicorp.consul.internal.configentry.UpstreamConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	48,  // 86: hashicorp.consul.internal.configentry.UpstreamConfig.MeshGateway:type_name -> hashicorp.consul.internal.configentry.MeshGatewayConfig
-	117, // 87: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
-	117, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
-	106, // 89: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	119, // 87: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
+	119, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
+	108, // 89: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
 	59,  // 90: hashicorp.consul.internal.configentry.APIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.APIGatewayListener
 	57,  // 91: hashicorp.consul.internal.configentry.APIGateway.Status:type_name -> hashicorp.consul.internal.configentry.Status
 	58,  // 92: hashicorp.consul.internal.configentry.Status.Conditions:type_name -> hashicorp.consul.internal.configentry.Condition
 	61,  // 93: hashicorp.consul.internal.configentry.Condition.Resource:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	118, // 94: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
+	120, // 94: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
 	6,   // 95: hashicorp.consul.internal.configentry.APIGatewayListener.Protocol:type_name -> hashicorp.consul.internal.configentry.APIGatewayListenerProtocol
 	60,  // 96: hashicorp.consul.internal.configentry.APIGatewayListener.TLS:type_name -> hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
 	61,  // 97: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	115, // 98: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	107, // 99: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	117, // 98: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	109, // 99: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
 	63,  // 100: hashicorp.consul.internal.configentry.BoundAPIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.BoundAPIGatewayListener
 	61,  // 101: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
 	61,  // 102: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Routes:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	108, // 103: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	109, // 104: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	110, // 103: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	111, // 104: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
 	61,  // 105: hashicorp.consul.internal.configentry.HTTPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
 	66,  // 106: hashicorp.consul.internal.configentry.HTTPRoute.Rules:type_name -> hashicorp.consul.internal.configentry.HTTPRouteRule
 	57,  // 107: hashicorp.consul.internal.configentry.HTTPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
 	71,  // 108: hashicorp.consul.internal.configentry.HTTPRouteRule.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
 	67,  // 109: hashicorp.consul.internal.configentry.HTTPRouteRule.Matches:type_name -> hashicorp.consul.internal.configentry.HTTPMatch
-	74,  // 110: hashicorp.consul.internal.configentry.HTTPRouteRule.Services:type_name -> hashicorp.consul.internal.configentry.HTTPService
+	76,  // 110: hashicorp.consul.internal.configentry.HTTPRouteRule.Services:type_name -> hashicorp.consul.internal.configentry.HTTPService
 	68,  // 111: hashicorp.consul.internal.configentry.HTTPMatch.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatch
 	7,   // 112: hashicorp.consul.internal.configentry.HTTPMatch.Method:type_name -> hashicorp.consul.internal.configentry.HTTPMatchMethod
 	69,  // 113: hashicorp.consul.internal.configentry.HTTPMatch.Path:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatch
@@ -8710,47 +8897,51 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	8,   // 115: hashicorp.consul.internal.configentry.HTTPHeaderMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatchType
 	9,   // 116: hashicorp.consul.internal.configentry.HTTPPathMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatchType
 	10,  // 117: hashicorp.consul.internal.configentry.HTTPQueryMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatchType
-	73,  // 118: hashicorp.consul.internal.configentry.HTTPFilters.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter
+	75,  // 118: hashicorp.consul.internal.configentry.HTTPFilters.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter
 	72,  // 119: hashicorp.consul.internal.configentry.HTTPFilters.URLRewrite:type_name -> hashicorp.consul.internal.configentry.URLRewrite
-	110, // 120: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	111, // 121: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
-	71,  // 122: hashicorp.consul.internal.configentry.HTTPService.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
-	115, // 123: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	112, // 124: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
-	61,  // 125: hashicorp.consul.internal.configentry.TCPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	76,  // 126: hashicorp.consul.internal.configentry.TCPRoute.Services:type_name -> hashicorp.consul.internal.configentry.TCPService
-	57,  // 127: hashicorp.consul.internal.configentry.TCPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
-	115, // 128: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	78,  // 129: hashicorp.consul.internal.configentry.SamenessGroup.Members:type_name -> hashicorp.consul.internal.configentry.SamenessGroupMember
-	113, // 130: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	115, // 131: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	80,  // 132: hashicorp.consul.internal.configentry.JWTProvider.JSONWebKeySet:type_name -> hashicorp.consul.internal.configentry.JSONWebKeySet
-	89,  // 133: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
-	93,  // 134: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
-	94,  // 135: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
-	114, // 136: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
-	81,  // 137: hashicorp.consul.internal.configentry.JSONWebKeySet.Local:type_name -> hashicorp.consul.internal.configentry.LocalJWKS
-	82,  // 138: hashicorp.consul.internal.configentry.JSONWebKeySet.Remote:type_name -> hashicorp.consul.internal.configentry.RemoteJWKS
-	117, // 139: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
-	87,  // 140: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	83,  // 141: hashicorp.consul.internal.configentry.RemoteJWKS.JWKSCluster:type_name -> hashicorp.consul.internal.configentry.JWKSCluster
-	84,  // 142: hashicorp.consul.internal.configentry.JWKSCluster.TLSCertificates:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertificate
-	117, // 143: hashicorp.consul.internal.configentry.JWKSCluster.ConnectTimeout:type_name -> google.protobuf.Duration
-	85,  // 144: hashicorp.consul.internal.configentry.JWKSTLSCertificate.CaCertificateProviderInstance:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
-	86,  // 145: hashicorp.consul.internal.configentry.JWKSTLSCertificate.TrustedCA:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
-	88,  // 146: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	117, // 147: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
-	117, // 148: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
-	90,  // 149: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
-	91,  // 150: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	92,  // 151: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
-	19,  // 152: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
-	21,  // 153: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
-	154, // [154:154] is the sub-list for method output_type
-	154, // [154:154] is the sub-list for method input_type
-	154, // [154:154] is the sub-list for extension type_name
-	154, // [154:154] is the sub-list for extension extendee
-	0,   // [0:154] is the sub-list for field type_name
+	73,  // 120: hashicorp.consul.internal.configentry.HTTPFilters.RetryFilter:type_name -> hashicorp.consul.internal.configentry.RetryFilter
+	74,  // 121: hashicorp.consul.internal.configentry.HTTPFilters.TimeoutFilter:type_name -> hashicorp.consul.internal.configentry.TimeoutFilter
+	119, // 122: hashicorp.consul.internal.configentry.TimeoutFilter.RequestTimeout:type_name -> google.protobuf.Duration
+	119, // 123: hashicorp.consul.internal.configentry.TimeoutFilter.IdleTimeout:type_name -> google.protobuf.Duration
+	112, // 124: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	113, // 125: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	71,  // 126: hashicorp.consul.internal.configentry.HTTPService.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
+	117, // 127: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	114, // 128: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	61,  // 129: hashicorp.consul.internal.configentry.TCPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	78,  // 130: hashicorp.consul.internal.configentry.TCPRoute.Services:type_name -> hashicorp.consul.internal.configentry.TCPService
+	57,  // 131: hashicorp.consul.internal.configentry.TCPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
+	117, // 132: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	80,  // 133: hashicorp.consul.internal.configentry.SamenessGroup.Members:type_name -> hashicorp.consul.internal.configentry.SamenessGroupMember
+	115, // 134: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	117, // 135: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	82,  // 136: hashicorp.consul.internal.configentry.JWTProvider.JSONWebKeySet:type_name -> hashicorp.consul.internal.configentry.JSONWebKeySet
+	91,  // 137: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
+	95,  // 138: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
+	96,  // 139: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
+	116, // 140: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	83,  // 141: hashicorp.consul.internal.configentry.JSONWebKeySet.Local:type_name -> hashicorp.consul.internal.configentry.LocalJWKS
+	84,  // 142: hashicorp.consul.internal.configentry.JSONWebKeySet.Remote:type_name -> hashicorp.consul.internal.configentry.RemoteJWKS
+	119, // 143: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
+	89,  // 144: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	85,  // 145: hashicorp.consul.internal.configentry.RemoteJWKS.JWKSCluster:type_name -> hashicorp.consul.internal.configentry.JWKSCluster
+	86,  // 146: hashicorp.consul.internal.configentry.JWKSCluster.TLSCertificates:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	119, // 147: hashicorp.consul.internal.configentry.JWKSCluster.ConnectTimeout:type_name -> google.protobuf.Duration
+	87,  // 148: hashicorp.consul.internal.configentry.JWKSTLSCertificate.CaCertificateProviderInstance:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	88,  // 149: hashicorp.consul.internal.configentry.JWKSTLSCertificate.TrustedCA:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	90,  // 150: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	119, // 151: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
+	119, // 152: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
+	92,  // 153: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
+	93,  // 154: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	94,  // 155: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
+	19,  // 156: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
+	21,  // 157: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
+	158, // [158:158] is the sub-list for method output_type
+	158, // [158:158] is the sub-list for method input_type
+	158, // [158:158] is the sub-list for extension type_name
+	158, // [158:158] is the sub-list for extension extendee
+	0,   // [0:158] is the sub-list for field type_name
 }
 
 func init() { file_private_pbconfigentry_config_entry_proto_init() }
@@ -9504,7 +9695,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[62].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPHeaderFilter); i {
+			switch v := v.(*RetryFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9516,7 +9707,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[63].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPService); i {
+			switch v := v.(*TimeoutFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9528,7 +9719,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[64].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPRoute); i {
+			switch v := v.(*HTTPHeaderFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9540,7 +9731,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[65].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPService); i {
+			switch v := v.(*HTTPService); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9552,7 +9743,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[66].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SamenessGroup); i {
+			switch v := v.(*TCPRoute); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9564,7 +9755,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[67].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SamenessGroupMember); i {
+			switch v := v.(*TCPService); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9576,7 +9767,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[68].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTProvider); i {
+			switch v := v.(*SamenessGroup); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9588,7 +9779,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[69].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JSONWebKeySet); i {
+			switch v := v.(*SamenessGroupMember); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9600,7 +9791,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[70].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LocalJWKS); i {
+			switch v := v.(*JWTProvider); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9612,7 +9803,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[71].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RemoteJWKS); i {
+			switch v := v.(*JSONWebKeySet); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9624,7 +9815,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[72].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSCluster); i {
+			switch v := v.(*LocalJWKS); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9636,7 +9827,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[73].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertificate); i {
+			switch v := v.(*RemoteJWKS); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9648,7 +9839,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[74].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertProviderInstance); i {
+			switch v := v.(*JWKSCluster); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9660,7 +9851,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[75].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertTrustedCA); i {
+			switch v := v.(*JWKSTLSCertificate); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9672,7 +9863,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[76].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSRetryPolicy); i {
+			switch v := v.(*JWKSTLSCertProviderInstance); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9684,7 +9875,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[77].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RetryPolicyBackOff); i {
+			switch v := v.(*JWKSTLSCertTrustedCA); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9696,7 +9887,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[78].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocation); i {
+			switch v := v.(*JWKSRetryPolicy); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9708,7 +9899,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[79].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationHeader); i {
+			switch v := v.(*RetryPolicyBackOff); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9720,7 +9911,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[80].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationQueryParam); i {
+			switch v := v.(*JWTLocation); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9732,7 +9923,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[81].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationCookie); i {
+			switch v := v.(*JWTLocationHeader); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9744,7 +9935,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[82].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTForwardingConfig); i {
+			switch v := v.(*JWTLocationQueryParam); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9756,6 +9947,30 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[83].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTLocationCookie); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[84].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTForwardingConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[85].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTCacheConfig); i {
 			case 0:
 				return &v.state
@@ -9788,7 +10003,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_private_pbconfigentry_config_entry_proto_rawDesc,
 			NumEnums:      11,
-			NumMessages:   104,
+			NumMessages:   106,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto/private/pbconfigentry/config_entry.proto b/proto/private/pbconfigentry/config_entry.proto
index 5c675ec16c0c..ff59a3cfcc41 100644
--- a/proto/private/pbconfigentry/config_entry.proto
+++ b/proto/private/pbconfigentry/config_entry.proto
@@ -884,6 +884,8 @@ message HTTPQueryMatch {
 message HTTPFilters {
   repeated HTTPHeaderFilter Headers = 1;
   URLRewrite URLRewrite = 2;
+  RetryFilter RetryFilter = 3;
+  TimeoutFilter TimeoutFilter = 4;
 }
 
 // mog annotation:
@@ -895,6 +897,30 @@ message URLRewrite {
   string Path = 1;
 }
 
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.RetryFilter
+// output=config_entry.gen.go
+// name=Structs
+message RetryFilter {
+  uint32 NumRetries = 1;
+  repeated string RetryOn = 2;
+  repeated uint32 RetryOnStatusCodes = 3;
+  bool RetryOnConnectFailure = 4;
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.TimeoutFilter
+// output=config_entry.gen.go
+// name=Structs
+message TimeoutFilter {
+  // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
+  google.protobuf.Duration RequestTimeout = 1;
+  // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
+  google.protobuf.Duration IdleTimeout = 2;
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.HTTPHeaderFilter

From 42efc11b4eaf33551b659a1144d506ee757649e7 Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Wed, 9 Aug 2023 11:02:17 -0500
Subject: [PATCH 262/359] catalog: adding a controller to reconcile
 FailoverPolicy resources (#18399)

Add most of the semantic cross-resource validation for FailoverPolicy resources using a new controller.
---
 internal/catalog/exports.go                   |  25 ++
 .../controllers/failover/controller.go        | 276 ++++++++++++++++++
 .../controllers/failover/controller_test.go   | 268 +++++++++++++++++
 .../internal/controllers/failover/status.go   |  84 ++++++
 .../catalog/internal/controllers/register.go  |   3 +
 .../mappers/failovermapper/failover_mapper.go |  60 ++++
 .../failovermapper/failover_mapper_test.go    | 190 ++++++++++++
 internal/resource/decode.go                   |  21 ++
 internal/resource/decode_test.go              |  47 +++
 proto/private/prototest/testing.go            |   1 +
 10 files changed, 975 insertions(+)
 create mode 100644 internal/catalog/internal/controllers/failover/controller.go
 create mode 100644 internal/catalog/internal/controllers/failover/controller_test.go
 create mode 100644 internal/catalog/internal/controllers/failover/status.go
 create mode 100644 internal/catalog/internal/mappers/failovermapper/failover_mapper.go
 create mode 100644 internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go

diff --git a/internal/catalog/exports.go b/internal/catalog/exports.go
index 463b11e16ef2..d5723ddb3892 100644
--- a/internal/catalog/exports.go
+++ b/internal/catalog/exports.go
@@ -6,14 +6,17 @@ package catalog
 import (
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers"
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers/endpoints"
+	"github.com/hashicorp/consul/internal/catalog/internal/controllers/failover"
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers/nodehealth"
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers/workloadhealth"
+	"github.com/hashicorp/consul/internal/catalog/internal/mappers/failovermapper"
 	"github.com/hashicorp/consul/internal/catalog/internal/mappers/nodemapper"
 	"github.com/hashicorp/consul/internal/catalog/internal/mappers/selectiontracker"
 	"github.com/hashicorp/consul/internal/catalog/internal/types"
 	"github.com/hashicorp/consul/internal/controller"
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 var (
@@ -73,6 +76,15 @@ var (
 	EndpointsStatusConditionEndpointsManaged = endpoints.StatusConditionEndpointsManaged
 	EndpointsStatusConditionManaged          = endpoints.ConditionManaged
 	EndpointsStatusConditionUnmanaged        = endpoints.ConditionUnmanaged
+
+	FailoverStatusKey                                              = failover.StatusKey
+	FailoverStatusConditionAccepted                                = failover.StatusConditionAccepted
+	FailoverStatusConditionAcceptedOKReason                        = failover.OKReason
+	FailoverStatusConditionAcceptedMissingServiceReason            = failover.MissingServiceReason
+	FailoverStatusConditionAcceptedUnknownPortReason               = failover.UnknownPortReason
+	FailoverStatusConditionAcceptedMissingDestinationServiceReason = failover.MissingDestinationServiceReason
+	FailoverStatusConditionAcceptedUnknownDestinationPortReason    = failover.UnknownDestinationPortReason
+	FailoverStatusConditionAcceptedUsingMeshDestinationPortReason  = failover.UsingMeshDestinationPortReason
 )
 
 // RegisterTypes adds all resource types within the "catalog" API group
@@ -87,6 +99,7 @@ func DefaultControllerDependencies() ControllerDependencies {
 	return ControllerDependencies{
 		WorkloadHealthNodeMapper: nodemapper.New(),
 		EndpointsWorkloadMapper:  selectiontracker.New(),
+		FailoverMapper:           failovermapper.New(),
 	}
 }
 
@@ -101,3 +114,15 @@ func RegisterControllers(mgr *controller.Manager, deps ControllerDependencies) {
 func SimplifyFailoverPolicy(svc *pbcatalog.Service, failover *pbcatalog.FailoverPolicy) *pbcatalog.FailoverPolicy {
 	return types.SimplifyFailoverPolicy(svc, failover)
 }
+
+// FailoverPolicyMapper maintains the bidirectional tracking relationship of a
+// FailoverPolicy to the Services related to it.
+type FailoverPolicyMapper interface {
+	TrackFailover(failover *resource.DecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy])
+	UntrackFailover(failoverID *pbresource.ID)
+	FailoverIDsByService(svcID *pbresource.ID) []*pbresource.ID
+}
+
+func NewFailoverPolicyMapper() FailoverPolicyMapper {
+	return failovermapper.New()
+}
diff --git a/internal/catalog/internal/controllers/failover/controller.go b/internal/catalog/internal/controllers/failover/controller.go
new file mode 100644
index 000000000000..ecb04b6d8f82
--- /dev/null
+++ b/internal/catalog/internal/controllers/failover/controller.go
@@ -0,0 +1,276 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package failover
+
+import (
+	"context"
+
+	"github.com/hashicorp/consul/internal/catalog/internal/types"
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/resource"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+// FailoverMapper tracks the relationship between a FailoverPolicy an a Service
+// it references whether due to name-alignment or from a reference in a
+// FailoverDestination leg.
+type FailoverMapper interface {
+	// TrackFailover extracts all Service references from the provided
+	// FailoverPolicy and indexes them so that MapService can turn Service
+	// events into FailoverPolicy events properly.
+	TrackFailover(failover *resource.DecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy])
+
+	// UntrackFailover forgets the links inserted by TrackFailover for the
+	// provided FailoverPolicyID.
+	UntrackFailover(failoverID *pbresource.ID)
+
+	// MapService will take a Service resource and return controller requests
+	// for all FailoverPolicies associated with the Service.
+	MapService(ctx context.Context, rt controller.Runtime, res *pbresource.Resource) ([]controller.Request, error)
+}
+
+func FailoverPolicyController(mapper FailoverMapper) controller.Controller {
+	if mapper == nil {
+		panic("No FailoverMapper was provided to the FailoverPolicyController constructor")
+	}
+	return controller.ForType(types.FailoverPolicyType).
+		WithWatch(types.ServiceType, mapper.MapService).
+		WithReconciler(newFailoverPolicyReconciler(mapper))
+}
+
+type failoverPolicyReconciler struct {
+	mapper FailoverMapper
+}
+
+func newFailoverPolicyReconciler(mapper FailoverMapper) *failoverPolicyReconciler {
+	return &failoverPolicyReconciler{
+		mapper: mapper,
+	}
+}
+
+func (r *failoverPolicyReconciler) Reconcile(ctx context.Context, rt controller.Runtime, req controller.Request) error {
+	// The runtime is passed by value so replacing it here for the remainder of this
+	// reconciliation request processing will not affect future invocations.
+	rt.Logger = rt.Logger.With("resource-id", req.ID, "controller", StatusKey)
+
+	rt.Logger.Trace("reconciling failover policy")
+
+	failoverPolicyID := req.ID
+
+	failoverPolicy, err := getFailoverPolicy(ctx, rt, failoverPolicyID)
+	if err != nil {
+		rt.Logger.Error("error retrieving failover policy", "error", err)
+		return err
+	}
+	if failoverPolicy == nil {
+		r.mapper.UntrackFailover(failoverPolicyID)
+
+		// Either the failover policy was deleted, or it doesn't exist but an
+		// update to a Service came through and we can ignore it.
+		return nil
+	}
+
+	r.mapper.TrackFailover(failoverPolicy)
+
+	// FailoverPolicy is name-aligned with the Service it controls.
+	serviceID := &pbresource.ID{
+		Type:    types.ServiceType,
+		Tenancy: failoverPolicyID.Tenancy,
+		Name:    failoverPolicyID.Name,
+	}
+
+	service, err := getService(ctx, rt, serviceID)
+	if err != nil {
+		rt.Logger.Error("error retrieving corresponding service", "error", err)
+		return err
+	}
+	destServices := make(map[resource.ReferenceKey]*resource.DecodedResource[pbcatalog.Service, *pbcatalog.Service])
+	if service != nil {
+		destServices[resource.NewReferenceKey(serviceID)] = service
+	}
+
+	// Denorm the ports and stuff. After this we have no empty ports.
+	if service != nil {
+		failoverPolicy.Data = types.SimplifyFailoverPolicy(
+			service.Data,
+			failoverPolicy.Data,
+		)
+	}
+
+	// Fetch services.
+	for _, dest := range failoverPolicy.Data.GetUnderlyingDestinations() {
+		if dest.Ref == nil || !isServiceType(dest.Ref.Type) || dest.Ref.Section != "" {
+			continue // invalid, not possible due to validation hook
+		}
+
+		key := resource.NewReferenceKey(dest.Ref)
+
+		if _, ok := destServices[key]; ok {
+			continue
+		}
+
+		destID := resource.IDFromReference(dest.Ref)
+
+		destService, err := getService(ctx, rt, destID)
+		if err != nil {
+			rt.Logger.Error("error retrieving destination service", "service", key, "error", err)
+			return err
+		}
+
+		if destService != nil {
+			destServices[key] = destService
+		}
+	}
+
+	newStatus := computeNewStatus(failoverPolicy, service, destServices)
+
+	if resource.EqualStatus(failoverPolicy.Resource.Status[StatusKey], newStatus, false) {
+		rt.Logger.Trace("resource's failover policy status is unchanged",
+			"conditions", newStatus.Conditions)
+		return nil
+	}
+
+	_, err = rt.Client.WriteStatus(ctx, &pbresource.WriteStatusRequest{
+		Id:     failoverPolicy.Resource.Id,
+		Key:    StatusKey,
+		Status: newStatus,
+	})
+
+	if err != nil {
+		rt.Logger.Error("error encountered when attempting to update the resource's failover policy status", "error", err)
+		return err
+	}
+
+	rt.Logger.Trace("resource's failover policy status was updated",
+		"conditions", newStatus.Conditions)
+	return nil
+}
+
+func getFailoverPolicy(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*resource.DecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy], error) {
+	return resource.GetDecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](ctx, rt.Client, id)
+}
+
+func getService(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*resource.DecodedResource[pbcatalog.Service, *pbcatalog.Service], error) {
+	return resource.GetDecodedResource[pbcatalog.Service, *pbcatalog.Service](ctx, rt.Client, id)
+}
+
+func computeNewStatus(
+	failoverPolicy *resource.DecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy],
+	service *resource.DecodedResource[pbcatalog.Service, *pbcatalog.Service],
+	destServices map[resource.ReferenceKey]*resource.DecodedResource[pbcatalog.Service, *pbcatalog.Service],
+) *pbresource.Status {
+	if service == nil {
+		return &pbresource.Status{
+			ObservedGeneration: failoverPolicy.Resource.Generation,
+			Conditions: []*pbresource.Condition{
+				ConditionMissingService,
+			},
+		}
+	}
+
+	allowedPortProtocols := make(map[string]pbcatalog.Protocol)
+	for _, port := range service.Data.Ports {
+		if port.Protocol == pbcatalog.Protocol_PROTOCOL_MESH {
+			continue // skip
+		}
+		allowedPortProtocols[port.TargetPort] = port.Protocol
+	}
+
+	var conditions []*pbresource.Condition
+
+	if failoverPolicy.Data.Config != nil {
+		for _, dest := range failoverPolicy.Data.Config.Destinations {
+			// We know from validation that a Ref must be set, and the type it
+			// points to is a Service.
+			//
+			// Rather than do additional validation, just do a quick
+			// belt-and-suspenders check-and-skip if something looks weird.
+			if dest.Ref == nil || !isServiceType(dest.Ref.Type) {
+				continue
+			}
+
+			if cond := serviceHasPort(dest, destServices); cond != nil {
+				conditions = append(conditions, cond)
+			}
+		}
+		// TODO: validate that referenced sameness groups exist
+	}
+
+	for port, pc := range failoverPolicy.Data.PortConfigs {
+		if _, ok := allowedPortProtocols[port]; !ok {
+			conditions = append(conditions, ConditionUnknownPort(port))
+		}
+
+		for _, dest := range pc.Destinations {
+			// We know from validation that a Ref must be set, and the type it
+			// points to is a Service.
+			//
+			// Rather than do additional validation, just do a quick
+			// belt-and-suspenders check-and-skip if something looks weird.
+			if dest.Ref == nil || !isServiceType(dest.Ref.Type) {
+				continue
+			}
+
+			if cond := serviceHasPort(dest, destServices); cond != nil {
+				conditions = append(conditions, cond)
+			}
+		}
+
+		// TODO: validate that referenced sameness groups exist
+	}
+
+	if len(conditions) > 0 {
+		return &pbresource.Status{
+			ObservedGeneration: failoverPolicy.Resource.Generation,
+			Conditions:         conditions,
+		}
+	}
+
+	return &pbresource.Status{
+		ObservedGeneration: failoverPolicy.Resource.Generation,
+		Conditions: []*pbresource.Condition{
+			ConditionOK,
+		},
+	}
+}
+
+func serviceHasPort(
+	dest *pbcatalog.FailoverDestination,
+	destServices map[resource.ReferenceKey]*resource.DecodedResource[pbcatalog.Service, *pbcatalog.Service],
+) *pbresource.Condition {
+	key := resource.NewReferenceKey(dest.Ref)
+	destService, ok := destServices[key]
+	if !ok {
+		return ConditionMissingDestinationService(dest.Ref)
+	}
+
+	found := false
+	mesh := false
+	for _, port := range destService.Data.Ports {
+		if port.TargetPort == dest.Port {
+			found = true
+			if port.Protocol == pbcatalog.Protocol_PROTOCOL_MESH {
+				mesh = true
+			}
+			break
+		}
+	}
+
+	if !found {
+		return ConditionUnknownDestinationPort(dest.Ref, dest.Port)
+	} else if mesh {
+		return ConditionUsingMeshDestinationPort(dest.Ref, dest.Port)
+	}
+
+	return nil
+}
+
+func isServiceType(typ *pbresource.Type) bool {
+	switch {
+	case resource.EqualType(typ, types.ServiceType):
+		return true
+	}
+	return false
+}
diff --git a/internal/catalog/internal/controllers/failover/controller_test.go b/internal/catalog/internal/controllers/failover/controller_test.go
new file mode 100644
index 000000000000..a53a9f8af41e
--- /dev/null
+++ b/internal/catalog/internal/controllers/failover/controller_test.go
@@ -0,0 +1,268 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package failover
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+
+	svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing"
+	"github.com/hashicorp/consul/internal/catalog/internal/mappers/failovermapper"
+	"github.com/hashicorp/consul/internal/catalog/internal/types"
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/resource"
+	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/sdk/testutil"
+)
+
+type controllerSuite struct {
+	suite.Suite
+
+	ctx    context.Context
+	client *rtest.Client
+	rt     controller.Runtime
+
+	failoverMapper FailoverMapper
+
+	ctl failoverPolicyReconciler
+}
+
+func (suite *controllerSuite) SetupTest() {
+	suite.ctx = testutil.TestContext(suite.T())
+	client := svctest.RunResourceService(suite.T(), types.Register)
+	suite.rt = controller.Runtime{
+		Client: client,
+		Logger: testutil.Logger(suite.T()),
+	}
+	suite.client = rtest.NewClient(client)
+
+	suite.failoverMapper = failovermapper.New()
+}
+
+func (suite *controllerSuite) TestController() {
+	// This test's purpose is to exercise the controller in a halfway realistic
+	// way, verifying the event triggers work in the live code.
+
+	// Run the controller manager
+	mgr := controller.NewManager(suite.client, suite.rt.Logger)
+	mgr.Register(FailoverPolicyController(suite.failoverMapper))
+	mgr.SetRaftLeader(true)
+	go mgr.Run(suite.ctx)
+
+	// Create an advance pointer to some services.
+	apiServiceRef := resource.Reference(rtest.Resource(types.ServiceType, "api").ID(), "")
+	otherServiceRef := resource.Reference(rtest.Resource(types.ServiceType, "other").ID(), "")
+
+	// create a failover without any services
+	failoverData := &pbcatalog.FailoverPolicy{
+		Config: &pbcatalog.FailoverConfig{
+			Destinations: []*pbcatalog.FailoverDestination{{
+				Ref: apiServiceRef,
+			}},
+		},
+	}
+	failover := rtest.Resource(types.FailoverPolicyType, "api").
+		WithData(suite.T(), failoverData).
+		Write(suite.T(), suite.client)
+
+	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionMissingService)
+
+	// Provide the service.
+	apiServiceData := &pbcatalog.Service{
+		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
+		Ports: []*pbcatalog.ServicePort{{
+			TargetPort: "http",
+			Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+		}},
+	}
+	_ = rtest.Resource(types.ServiceType, "api").
+		WithData(suite.T(), apiServiceData).
+		Write(suite.T(), suite.client)
+	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK)
+
+	// Update the failover to reference an unknown port
+	failoverData = &pbcatalog.FailoverPolicy{
+		PortConfigs: map[string]*pbcatalog.FailoverConfig{
+			"http": {
+				Destinations: []*pbcatalog.FailoverDestination{{
+					Ref:  apiServiceRef,
+					Port: "http",
+				}},
+			},
+			"admin": {
+				Destinations: []*pbcatalog.FailoverDestination{{
+					Ref:  apiServiceRef,
+					Port: "admin",
+				}},
+			},
+		},
+	}
+	_ = rtest.Resource(types.FailoverPolicyType, "api").
+		WithData(suite.T(), failoverData).
+		Write(suite.T(), suite.client)
+	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownPort("admin"))
+
+	// update the service to fix the stray reference, but point to a mesh port
+	apiServiceData = &pbcatalog.Service{
+		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
+		Ports: []*pbcatalog.ServicePort{
+			{
+				TargetPort: "http",
+				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+			},
+			{
+				TargetPort: "admin",
+				Protocol:   pbcatalog.Protocol_PROTOCOL_MESH,
+			},
+		},
+	}
+	_ = rtest.Resource(types.ServiceType, "api").
+		WithData(suite.T(), apiServiceData).
+		Write(suite.T(), suite.client)
+	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUsingMeshDestinationPort(apiServiceRef, "admin"))
+
+	// update the service to fix the stray reference to not be a mesh port
+	apiServiceData = &pbcatalog.Service{
+		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
+		Ports: []*pbcatalog.ServicePort{
+			{
+				TargetPort: "http",
+				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+			},
+			{
+				TargetPort: "admin",
+				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+			},
+		},
+	}
+	_ = rtest.Resource(types.ServiceType, "api").
+		WithData(suite.T(), apiServiceData).
+		Write(suite.T(), suite.client)
+	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK)
+
+	// change failover leg to point to missing service
+	failoverData = &pbcatalog.FailoverPolicy{
+		PortConfigs: map[string]*pbcatalog.FailoverConfig{
+			"http": {
+				Destinations: []*pbcatalog.FailoverDestination{{
+					Ref:  apiServiceRef,
+					Port: "http",
+				}},
+			},
+			"admin": {
+				Destinations: []*pbcatalog.FailoverDestination{{
+					Ref:  otherServiceRef,
+					Port: "admin",
+				}},
+			},
+		},
+	}
+	_ = rtest.Resource(types.FailoverPolicyType, "api").
+		WithData(suite.T(), failoverData).
+		Write(suite.T(), suite.client)
+	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionMissingDestinationService(otherServiceRef))
+
+	// Create the missing service, but forget the port.
+	otherServiceData := &pbcatalog.Service{
+		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}},
+		Ports: []*pbcatalog.ServicePort{{
+			TargetPort: "http",
+			Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+		}},
+	}
+	_ = rtest.Resource(types.ServiceType, "other").
+		WithData(suite.T(), otherServiceData).
+		Write(suite.T(), suite.client)
+	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownDestinationPort(otherServiceRef, "admin"))
+
+	// fix the destination leg's port
+	otherServiceData = &pbcatalog.Service{
+		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}},
+		Ports: []*pbcatalog.ServicePort{
+			{
+				TargetPort: "http",
+				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+			},
+			{
+				TargetPort: "admin",
+				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+			},
+		},
+	}
+	_ = rtest.Resource(types.ServiceType, "other").
+		WithData(suite.T(), otherServiceData).
+		Write(suite.T(), suite.client)
+	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK)
+
+	// Update the two services to use differnet port names so the easy path doesn't work
+	apiServiceData = &pbcatalog.Service{
+		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
+		Ports: []*pbcatalog.ServicePort{
+			{
+				TargetPort: "foo",
+				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+			},
+			{
+				TargetPort: "bar",
+				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+			},
+		},
+	}
+	_ = rtest.Resource(types.ServiceType, "api").
+		WithData(suite.T(), apiServiceData).
+		Write(suite.T(), suite.client)
+
+	otherServiceData = &pbcatalog.Service{
+		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}},
+		Ports: []*pbcatalog.ServicePort{
+			{
+				TargetPort: "foo",
+				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+			},
+			{
+				TargetPort: "baz",
+				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+			},
+		},
+	}
+	_ = rtest.Resource(types.ServiceType, "other").
+		WithData(suite.T(), otherServiceData).
+		Write(suite.T(), suite.client)
+
+	failoverData = &pbcatalog.FailoverPolicy{
+		Config: &pbcatalog.FailoverConfig{
+			Destinations: []*pbcatalog.FailoverDestination{{
+				Ref: otherServiceRef,
+			}},
+		},
+	}
+	failover = rtest.Resource(types.FailoverPolicyType, "api").
+		WithData(suite.T(), failoverData).
+		Write(suite.T(), suite.client)
+
+	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownDestinationPort(otherServiceRef, "bar"))
+
+	// and fix it the silly way by removing it from api+failover
+	apiServiceData = &pbcatalog.Service{
+		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
+		Ports: []*pbcatalog.ServicePort{
+			{
+				TargetPort: "foo",
+				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
+			},
+		},
+	}
+	_ = rtest.Resource(types.ServiceType, "api").
+		WithData(suite.T(), apiServiceData).
+		Write(suite.T(), suite.client)
+
+	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK)
+}
+
+func TestFailoverController(t *testing.T) {
+	suite.Run(t, new(controllerSuite))
+}
diff --git a/internal/catalog/internal/controllers/failover/status.go b/internal/catalog/internal/controllers/failover/status.go
new file mode 100644
index 000000000000..10e5a472bd05
--- /dev/null
+++ b/internal/catalog/internal/controllers/failover/status.go
@@ -0,0 +1,84 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package failover
+
+import (
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const (
+	StatusKey               = "consul.io/failover-policy"
+	StatusConditionAccepted = "accepted"
+
+	OKReason  = "Ok"
+	OKMessage = "failover policy was accepted"
+
+	MissingServiceReason  = "MissingService"
+	MissingServiceMessage = "service for failover policy does not exist"
+
+	UnknownPortReason        = "UnknownPort"
+	UnknownPortMessagePrefix = "port is not defined on service: "
+
+	MissingDestinationServiceReason        = "MissingDestinationService"
+	MissingDestinationServiceMessagePrefix = "destination service for failover policy does not exist: "
+
+	UnknownDestinationPortReason        = "UnknownDestinationPort"
+	UnknownDestinationPortMessagePrefix = "port is not defined on destination service: "
+
+	UsingMeshDestinationPortReason        = "UsingMeshDestinationPort"
+	UsingMeshDestinationPortMessagePrefix = "port is a special unroutable mesh port on destination service: "
+)
+
+var (
+	ConditionOK = &pbresource.Condition{
+		Type:    StatusConditionAccepted,
+		State:   pbresource.Condition_STATE_TRUE,
+		Reason:  OKReason,
+		Message: OKMessage,
+	}
+
+	ConditionMissingService = &pbresource.Condition{
+		Type:    StatusConditionAccepted,
+		State:   pbresource.Condition_STATE_FALSE,
+		Reason:  MissingServiceReason,
+		Message: MissingServiceMessage,
+	}
+)
+
+func ConditionUnknownPort(port string) *pbresource.Condition {
+	return &pbresource.Condition{
+		Type:    StatusConditionAccepted,
+		State:   pbresource.Condition_STATE_FALSE,
+		Reason:  UnknownPortReason,
+		Message: UnknownPortMessagePrefix + port,
+	}
+}
+
+func ConditionMissingDestinationService(ref *pbresource.Reference) *pbresource.Condition {
+	return &pbresource.Condition{
+		Type:    StatusConditionAccepted,
+		State:   pbresource.Condition_STATE_FALSE,
+		Reason:  MissingDestinationServiceReason,
+		Message: MissingDestinationServiceMessagePrefix + resource.ReferenceToString(ref),
+	}
+}
+
+func ConditionUnknownDestinationPort(ref *pbresource.Reference, port string) *pbresource.Condition {
+	return &pbresource.Condition{
+		Type:    StatusConditionAccepted,
+		State:   pbresource.Condition_STATE_FALSE,
+		Reason:  UnknownDestinationPortReason,
+		Message: UnknownDestinationPortMessagePrefix + port + " on " + resource.ReferenceToString(ref),
+	}
+}
+
+func ConditionUsingMeshDestinationPort(ref *pbresource.Reference, port string) *pbresource.Condition {
+	return &pbresource.Condition{
+		Type:    StatusConditionAccepted,
+		State:   pbresource.Condition_STATE_FALSE,
+		Reason:  UnknownDestinationPortReason,
+		Message: UnknownDestinationPortMessagePrefix + port + " on " + resource.ReferenceToString(ref),
+	}
+}
diff --git a/internal/catalog/internal/controllers/register.go b/internal/catalog/internal/controllers/register.go
index 5f7fc631a543..78a0f1316a5f 100644
--- a/internal/catalog/internal/controllers/register.go
+++ b/internal/catalog/internal/controllers/register.go
@@ -5,6 +5,7 @@ package controllers
 
 import (
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers/endpoints"
+	"github.com/hashicorp/consul/internal/catalog/internal/controllers/failover"
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers/nodehealth"
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers/workloadhealth"
 	"github.com/hashicorp/consul/internal/controller"
@@ -13,10 +14,12 @@ import (
 type Dependencies struct {
 	WorkloadHealthNodeMapper workloadhealth.NodeMapper
 	EndpointsWorkloadMapper  endpoints.WorkloadMapper
+	FailoverMapper           failover.FailoverMapper
 }
 
 func Register(mgr *controller.Manager, deps Dependencies) {
 	mgr.Register(nodehealth.NodeHealthController())
 	mgr.Register(workloadhealth.WorkloadHealthController(deps.WorkloadHealthNodeMapper))
 	mgr.Register(endpoints.ServiceEndpointsController(deps.EndpointsWorkloadMapper))
+	mgr.Register(failover.FailoverPolicyController(deps.FailoverMapper))
 }
diff --git a/internal/catalog/internal/mappers/failovermapper/failover_mapper.go b/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
new file mode 100644
index 000000000000..61da20a348f6
--- /dev/null
+++ b/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
@@ -0,0 +1,60 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package failovermapper
+
+import (
+	"context"
+
+	"github.com/hashicorp/consul/internal/catalog/internal/types"
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/resource/mappers/bimapper"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+// Mapper tracks the relationship between a FailoverPolicy an a Service it
+// references whether due to name-alignment or from a reference in a
+// FailoverDestination leg.
+type Mapper struct {
+	b *bimapper.Mapper
+}
+
+// New creates a new Mapper.
+func New() *Mapper {
+	return &Mapper{
+		b: bimapper.New(types.FailoverPolicyType, types.ServiceType),
+	}
+}
+
+// TrackFailover extracts all Service references from the provided
+// FailoverPolicy and indexes them so that MapService can turn Service events
+// into FailoverPolicy events properly.
+func (m *Mapper) TrackFailover(failover *resource.DecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy]) {
+	destRefs := failover.Data.GetUnderlyingDestinationRefs()
+	destRefs = append(destRefs, &pbresource.Reference{
+		Type:    types.ServiceType,
+		Tenancy: failover.Resource.Id.Tenancy,
+		Name:    failover.Resource.Id.Name,
+	})
+	m.trackFailover(failover.Resource.Id, destRefs)
+}
+
+func (m *Mapper) trackFailover(failover *pbresource.ID, services []*pbresource.Reference) {
+	m.b.TrackItem(failover, services)
+}
+
+// UntrackFailover forgets the links inserted by TrackFailover for the provided
+// FailoverPolicyID.
+func (m *Mapper) UntrackFailover(failoverID *pbresource.ID) {
+	m.b.UntrackItem(failoverID)
+}
+
+func (m *Mapper) MapService(ctx context.Context, rt controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) {
+	return m.b.MapLink(ctx, rt, res)
+}
+
+func (m *Mapper) FailoverIDsByService(svcID *pbresource.ID) []*pbresource.ID {
+	return m.b.ItemsForLink(svcID)
+}
diff --git a/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go b/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go
new file mode 100644
index 000000000000..41621d8d2143
--- /dev/null
+++ b/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go
@@ -0,0 +1,190 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package failovermapper
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/internal/catalog/internal/types"
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/resource"
+	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/proto/private/prototest"
+)
+
+func TestMapper_Tracking(t *testing.T) {
+	registry := resource.NewRegistry()
+	types.Register(registry)
+
+	// Create an advance pointer to some services.
+	randoSvc := rtest.Resource(types.ServiceType, "rando").
+		WithData(t, &pbcatalog.Service{}).
+		Build()
+	rtest.ValidateAndNormalize(t, registry, randoSvc)
+
+	apiSvc := rtest.Resource(types.ServiceType, "api").
+		WithData(t, &pbcatalog.Service{}).
+		Build()
+	rtest.ValidateAndNormalize(t, registry, apiSvc)
+
+	fooSvc := rtest.Resource(types.ServiceType, "foo").
+		WithData(t, &pbcatalog.Service{}).
+		Build()
+	rtest.ValidateAndNormalize(t, registry, fooSvc)
+
+	barSvc := rtest.Resource(types.ServiceType, "bar").
+		WithData(t, &pbcatalog.Service{}).
+		Build()
+	rtest.ValidateAndNormalize(t, registry, barSvc)
+
+	wwwSvc := rtest.Resource(types.ServiceType, "www").
+		WithData(t, &pbcatalog.Service{}).
+		Build()
+	rtest.ValidateAndNormalize(t, registry, wwwSvc)
+
+	fail1 := rtest.Resource(types.FailoverPolicyType, "api").
+		WithData(t, &pbcatalog.FailoverPolicy{
+			Config: &pbcatalog.FailoverConfig{
+				Destinations: []*pbcatalog.FailoverDestination{
+					{Ref: newRef(types.ServiceType, "foo")},
+					{Ref: newRef(types.ServiceType, "bar")},
+				},
+			},
+		}).
+		Build()
+	rtest.ValidateAndNormalize(t, registry, fail1)
+	failDec1 := rtest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, fail1)
+
+	fail2 := rtest.Resource(types.FailoverPolicyType, "www").
+		WithData(t, &pbcatalog.FailoverPolicy{
+			Config: &pbcatalog.FailoverConfig{
+				Destinations: []*pbcatalog.FailoverDestination{
+					{Ref: newRef(types.ServiceType, "www"), Datacenter: "dc2"},
+					{Ref: newRef(types.ServiceType, "foo")},
+				},
+			},
+		}).
+		Build()
+	rtest.ValidateAndNormalize(t, registry, fail2)
+	failDec2 := rtest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, fail2)
+
+	fail1_updated := rtest.Resource(types.FailoverPolicyType, "api").
+		WithData(t, &pbcatalog.FailoverPolicy{
+			Config: &pbcatalog.FailoverConfig{
+				Destinations: []*pbcatalog.FailoverDestination{
+					{Ref: newRef(types.ServiceType, "bar")},
+				},
+			},
+		}).
+		Build()
+	rtest.ValidateAndNormalize(t, registry, fail1_updated)
+	failDec1_updated := rtest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, fail1_updated)
+
+	m := New()
+
+	// Nothing tracked yet so we assume nothing.
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc)
+	requireServicesTracked(t, m, fooSvc)
+	requireServicesTracked(t, m, barSvc)
+	requireServicesTracked(t, m, wwwSvc)
+
+	// no-ops
+	m.UntrackFailover(fail1.Id)
+
+	// still nothing
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc)
+	requireServicesTracked(t, m, fooSvc)
+	requireServicesTracked(t, m, barSvc)
+	requireServicesTracked(t, m, wwwSvc)
+
+	// Actually insert some data.
+	m.TrackFailover(failDec1)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc, fail1.Id)
+	requireServicesTracked(t, m, fooSvc, fail1.Id)
+	requireServicesTracked(t, m, barSvc, fail1.Id)
+	requireServicesTracked(t, m, wwwSvc)
+
+	// track it again, no change
+	m.TrackFailover(failDec1)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc, fail1.Id)
+	requireServicesTracked(t, m, fooSvc, fail1.Id)
+	requireServicesTracked(t, m, barSvc, fail1.Id)
+	requireServicesTracked(t, m, wwwSvc)
+
+	// track new one that overlaps slightly
+	m.TrackFailover(failDec2)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc, fail1.Id)
+	requireServicesTracked(t, m, fooSvc, fail1.Id, fail2.Id)
+	requireServicesTracked(t, m, barSvc, fail1.Id)
+	requireServicesTracked(t, m, wwwSvc, fail2.Id)
+
+	// update the original to change it
+	m.TrackFailover(failDec1_updated)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc, fail1.Id)
+	requireServicesTracked(t, m, fooSvc, fail2.Id)
+	requireServicesTracked(t, m, barSvc, fail1.Id)
+	requireServicesTracked(t, m, wwwSvc, fail2.Id)
+
+	// delete the original
+	m.UntrackFailover(fail1.Id)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc)
+	requireServicesTracked(t, m, fooSvc, fail2.Id)
+	requireServicesTracked(t, m, barSvc)
+	requireServicesTracked(t, m, wwwSvc, fail2.Id)
+
+	// delete the other one
+	m.UntrackFailover(fail2.Id)
+
+	requireServicesTracked(t, m, randoSvc)
+	requireServicesTracked(t, m, apiSvc)
+	requireServicesTracked(t, m, fooSvc)
+	requireServicesTracked(t, m, barSvc)
+	requireServicesTracked(t, m, wwwSvc)
+}
+
+func requireServicesTracked(t *testing.T, mapper *Mapper, svc *pbresource.Resource, failovers ...*pbresource.ID) {
+	t.Helper()
+
+	reqs, err := mapper.MapService(
+		context.Background(),
+		controller.Runtime{},
+		svc,
+	)
+	require.NoError(t, err)
+
+	require.Len(t, reqs, len(failovers))
+
+	for _, failover := range failovers {
+		prototest.AssertContainsElement(t, reqs, controller.Request{ID: failover})
+	}
+}
+
+func newRef(typ *pbresource.Type, name string) *pbresource.Reference {
+	return rtest.Resource(typ, name).Reference("")
+}
+
+func defaultTenancy() *pbresource.Tenancy {
+	return &pbresource.Tenancy{
+		Partition: "default",
+		Namespace: "default",
+		PeerName:  "local",
+	}
+}
diff --git a/internal/resource/decode.go b/internal/resource/decode.go
index b93b799c52de..7d9142ceb7d3 100644
--- a/internal/resource/decode.go
+++ b/internal/resource/decode.go
@@ -4,6 +4,10 @@
 package resource
 
 import (
+	"context"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/proto"
 
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -36,3 +40,20 @@ func Decode[V any, PV interface {
 		Data:     data,
 	}, nil
 }
+
+// GetDecodedResource will generically read the requested resource using the
+// client and either return nil on a NotFound or decode the response value.
+func GetDecodedResource[V any, PV interface {
+	proto.Message
+	*V
+}](ctx context.Context, client pbresource.ResourceServiceClient, id *pbresource.ID) (*DecodedResource[V, PV], error) {
+	rsp, err := client.Read(ctx, &pbresource.ReadRequest{Id: id})
+	switch {
+	case status.Code(err) == codes.NotFound:
+		return nil, nil
+	case err != nil:
+		return nil, err
+	}
+
+	return Decode[V, PV](rsp.Resource)
+}
diff --git a/internal/resource/decode_test.go b/internal/resource/decode_test.go
index 10b61cfa14c2..e5b079156e26 100644
--- a/internal/resource/decode_test.go
+++ b/internal/resource/decode_test.go
@@ -10,13 +10,60 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/anypb"
 
+	svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing"
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
+	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	pbdemo "github.com/hashicorp/consul/proto/private/pbdemo/v2"
 	"github.com/hashicorp/consul/proto/private/prototest"
+	"github.com/hashicorp/consul/sdk/testutil"
 )
 
+func TestGetDecodedResource(t *testing.T) {
+	var (
+		baseClient = svctest.RunResourceService(t, demo.RegisterTypes)
+		client     = rtest.NewClient(baseClient)
+		ctx        = testutil.TestContext(t)
+	)
+
+	babypantsID := &pbresource.ID{
+		Type:    demo.TypeV2Artist,
+		Tenancy: demo.TenancyDefault,
+		Name:    "babypants",
+	}
+
+	testutil.RunStep(t, "not found", func(t *testing.T) {
+		got, err := resource.GetDecodedResource[pbdemo.Artist, *pbdemo.Artist](ctx, client, babypantsID)
+		require.NoError(t, err)
+		require.Nil(t, got)
+	})
+
+	testutil.RunStep(t, "found", func(t *testing.T) {
+		data := &pbdemo.Artist{
+			Name: "caspar babypants",
+		}
+		res := rtest.Resource(demo.TypeV2Artist, "babypants").
+			WithData(t, data).
+			Write(t, client)
+
+		got, err := resource.GetDecodedResource[pbdemo.Artist, *pbdemo.Artist](ctx, client, babypantsID)
+		require.NoError(t, err)
+		require.NotNil(t, got)
+
+		// Clone generated fields over.
+		res.Id.Uid = got.Resource.Id.Uid
+		res.Version = got.Resource.Version
+		res.Generation = got.Resource.Generation
+
+		// Clone defaulted fields over
+		data.Genre = pbdemo.Genre_GENRE_DISCO
+
+		prototest.AssertDeepEqual(t, res, got.Resource)
+		prototest.AssertDeepEqual(t, data, got.Data)
+	})
+}
+
 func TestDecode(t *testing.T) {
 	t.Run("good", func(t *testing.T) {
 		fooData := &pbdemo.Artist{
diff --git a/proto/private/prototest/testing.go b/proto/private/prototest/testing.go
index b423478155d1..cc1d1e014171 100644
--- a/proto/private/prototest/testing.go
+++ b/proto/private/prototest/testing.go
@@ -32,6 +32,7 @@ func AssertDeepEqual(t TestingT, x, y interface{}, opts ...cmp.Option) {
 func AssertElementsMatch[V any](
 	t TestingT, listX, listY []V, opts ...cmp.Option,
 ) {
+	t.Helper()
 	diff := diffElements(listX, listY, opts...)
 	if diff != "" {
 		t.Fatalf("assertion failed: slices do not have matching elements\n--- expected\n+++ actual\n%v", diff)

From facd5b0ec14d6acc63cbc3190ccc3f9d39913b26 Mon Sep 17 00:00:00 2001
From: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com>
Date: Wed, 9 Aug 2023 09:36:58 -0700
Subject: [PATCH 263/359] fix the error in ent repo (#18421)

fix the error in ent repo
---
 agent/agent_endpoint_test.go |  8 ++++++--
 agent/agent_test.go          | 20 +++++++++++++++-----
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go
index 152a9b954015..6df5275a1769 100644
--- a/agent/agent_endpoint_test.go
+++ b/agent/agent_endpoint_test.go
@@ -1629,7 +1629,9 @@ func TestHTTPHandlers_AgentMetricsStream_ACLDeny(t *testing.T) {
 	bd.MetricsConfig = &lib.MetricsConfig{
 		Handler: sink,
 	}
-	d := fakeResolveTokenDelegate{delegate: &delegateMock{}, authorizer: acl.DenyAll()}
+	mockDelegate := delegateMock{}
+	mockDelegate.On("LicenseCheck").Return()
+	d := fakeResolveTokenDelegate{delegate: &mockDelegate, authorizer: acl.DenyAll()}
 	agent := &Agent{
 		baseDeps: bd,
 		delegate: d,
@@ -1658,7 +1660,9 @@ func TestHTTPHandlers_AgentMetricsStream(t *testing.T) {
 	bd.MetricsConfig = &lib.MetricsConfig{
 		Handler: sink,
 	}
-	d := fakeResolveTokenDelegate{delegate: &delegateMock{}, authorizer: acl.ManageAll()}
+	mockDelegate := delegateMock{}
+	mockDelegate.On("LicenseCheck").Return()
+	d := fakeResolveTokenDelegate{delegate: &mockDelegate, authorizer: acl.ManageAll()}
 	agent := &Agent{
 		baseDeps: bd,
 		delegate: d,
diff --git a/agent/agent_test.go b/agent/agent_test.go
index 646cc340595a..495d58c95a46 100644
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@@ -346,7 +346,9 @@ func TestAgent_HTTPMaxHeaderBytes(t *testing.T) {
 			require.NoError(t, err)
 
 			a, err := New(bd)
-			a.delegate = &delegateMock{}
+			mockDelegate := delegateMock{}
+			mockDelegate.On("LicenseCheck").Return()
+			a.delegate = &mockDelegate
 			require.NoError(t, err)
 
 			a.startLicenseManager(testutil.TestContext(t))
@@ -5503,7 +5505,9 @@ func TestAgent_ListenHTTP_MultipleAddresses(t *testing.T) {
 	require.NoError(t, err)
 
 	agent, err := New(bd)
-	agent.delegate = &delegateMock{}
+	mockDelegate := delegateMock{}
+	mockDelegate.On("LicenseCheck").Return()
+	agent.delegate = &mockDelegate
 	require.NoError(t, err)
 
 	agent.startLicenseManager(testutil.TestContext(t))
@@ -6097,7 +6101,9 @@ func TestAgent_startListeners(t *testing.T) {
 	require.NoError(t, err)
 
 	agent, err := New(bd)
-	agent.delegate = &delegateMock{}
+	mockDelegate := delegateMock{}
+	mockDelegate.On("LicenseCheck").Return()
+	agent.delegate = &mockDelegate
 	require.NoError(t, err)
 
 	// use up an address
@@ -6238,7 +6244,9 @@ func TestAgent_startListeners_scada(t *testing.T) {
 	require.NoError(t, err)
 
 	agent, err := New(bd)
-	agent.delegate = &delegateMock{}
+	mockDelegate := delegateMock{}
+	mockDelegate.On("LicenseCheck").Return()
+	agent.delegate = &mockDelegate
 	require.NoError(t, err)
 
 	_, err = agent.startListeners([]net.Addr{c})
@@ -6294,7 +6302,9 @@ func TestAgent_checkServerLastSeen(t *testing.T) {
 		Config:      leafcert.Config{},
 	})
 	agent, err := New(bd)
-	agent.delegate = &delegateMock{}
+	mockDelegate := delegateMock{}
+	mockDelegate.On("LicenseCheck").Return()
+	agent.delegate = &mockDelegate
 	require.NoError(t, err)
 
 	// Test that an ErrNotExist OS error is treated as ok.

From 948ce8bc23db9b1f486ea728e336e782c51ac5b2 Mon Sep 17 00:00:00 2001
From: Dan Stough <dan.stough@hashicorp.com>
Date: Wed, 9 Aug 2023 17:12:34 -0400
Subject: [PATCH 264/359] build: updates for 1.16.1 release (#18415)

* build: updates for 1.16.1 release

* build: fix missing replace directive for envoyextensions

* build: go mod tidy testing/deployer
---
 CHANGELOG.md                             | 136 +++++++++++++++++++++++
 api/go.mod                               |   2 +-
 envoyextensions/go.mod                   |   9 +-
 envoyextensions/go.sum                   |   2 -
 go.mod                                   |  10 +-
 test-integ/go.mod                        |   8 +-
 test/integration/consul-container/go.mod |   8 +-
 testing/deployer/go.mod                  |   5 +-
 testing/deployer/go.sum                  |   9 +-
 troubleshoot/go.mod                      |   4 +-
 10 files changed, 164 insertions(+), 29 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 14435d09bb93..9cd1efb50646 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,139 @@
+## 1.16.1 (August 8, 2023)
+
+SECURITY:
+
+* Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
+* Upgrade golang.org/x/net to address [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406) [[GH-18186](https://github.com/hashicorp/consul/issues/18186)]
+* Upgrade to use Go 1.20.6.
+This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`) for uses of the standard library.
+A separate change updates dependencies on `golang.org/x/net` to use `0.12.0`. [[GH-18190](https://github.com/hashicorp/consul/issues/18190)]
+* Upgrade to use Go 1.20.7.
+This resolves vulnerability [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
+
+FEATURES:
+
+* cli: `consul members` command uses `-filter` expression to filter members based on bexpr. [[GH-18223](https://github.com/hashicorp/consul/issues/18223)]
+* cli: `consul operator raft list-peers` command shows the number of commits each follower is trailing the leader by to aid in troubleshooting. [[GH-17582](https://github.com/hashicorp/consul/issues/17582)]
+* cli: `consul watch` command uses `-filter` expression to filter response from checks, services, nodes, and service. [[GH-17780](https://github.com/hashicorp/consul/issues/17780)]
+* reloadable config: Made enable_debug config reloadable and enable pprof command to work when config toggles to true [[GH-17565](https://github.com/hashicorp/consul/issues/17565)]
+* ui: consul version is displayed in nodes list with filtering and sorting based on versions [[GH-17754](https://github.com/hashicorp/consul/issues/17754)]
+
+IMPROVEMENTS:
+
+* Fix some typos in metrics docs [[GH-18080](https://github.com/hashicorp/consul/issues/18080)]
+* acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only) [[GH-18319](https://github.com/hashicorp/consul/issues/18319)]
+* acl: allow for a single slash character in policy names [[GH-18319](https://github.com/hashicorp/consul/issues/18319)]
+* connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [[GH-17888](https://github.com/hashicorp/consul/issues/17888)]
+* connect: Improve transparent proxy support for virtual services and failovers. [[GH-17757](https://github.com/hashicorp/consul/issues/17757)]
+* connect: update supported envoy versions to 1.23.12, 1.24.10, 1.25.9, 1.26.4 [[GH-18303](https://github.com/hashicorp/consul/issues/18303)]
+* debug: change default setting of consul debug command. now default duration is 5ms and default log level is 'TRACE' [[GH-17596](https://github.com/hashicorp/consul/issues/17596)]
+* extensions: Improve validation and error feedback for `property-override` builtin Envoy extension [[GH-17759](https://github.com/hashicorp/consul/issues/17759)]
+* hcp: Add dynamic configuration support for the export of server metrics to HCP. [[GH-18168](https://github.com/hashicorp/consul/issues/18168)]
+* hcp: Removes requirement for HCP to provide a management token [[GH-18140](https://github.com/hashicorp/consul/issues/18140)]
+* http: GET API `operator/usage` endpoint now returns node count
+cli: `consul operator usage` command now returns node count [[GH-17939](https://github.com/hashicorp/consul/issues/17939)]
+* mesh: Expose remote jwks cluster configuration through jwt-provider config entry [[GH-17978](https://github.com/hashicorp/consul/issues/17978)]
+* mesh: Stop jwt providers referenced by intentions from being deleted. [[GH-17755](https://github.com/hashicorp/consul/issues/17755)]
+* ui: the topology view now properly displays services with mixed connect and non-connect instances. [[GH-13023](https://github.com/hashicorp/consul/issues/13023)]
+* xds: Explicitly enable WebSocket connection upgrades in HTTP connection manager [[GH-18150](https://github.com/hashicorp/consul/issues/18150)]
+
+BUG FIXES:
+
+* Fix a bug that wrongly trims domains when there is an overlap with DC name. [[GH-17160](https://github.com/hashicorp/consul/issues/17160)]
+* api-gateway: fix race condition in proxy config generation when Consul is notified of the bound-api-gateway config entry before it is notified of the api-gateway config entry. [[GH-18291](https://github.com/hashicorp/consul/issues/18291)]
+* api: Fix client deserialization errors by marking new Enterprise-only prepared query fields as omit empty [[GH-18184](https://github.com/hashicorp/consul/issues/18184)]
+* ca: Fixes a Vault CA provider bug where updating RootPKIPath but not IntermediatePKIPath would not renew leaf signing certificates [[GH-18112](https://github.com/hashicorp/consul/issues/18112)]
+* connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters [[GH-17846](https://github.com/hashicorp/consul/issues/17846)]
+* connect: **(Enterprise only)** Fix bug where intentions referencing sameness groups would not always apply to members properly.
+* connect: Fix incorrect protocol config merging for transparent proxy implicit upstreams. [[GH-17894](https://github.com/hashicorp/consul/issues/17894)]
+* connect: Removes the default health check from the `consul connect envoy` command when starting an API Gateway.
+This health check would always fail. [[GH-18011](https://github.com/hashicorp/consul/issues/18011)]
+* connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-18024](https://github.com/hashicorp/consul/issues/18024)]
+* gateway: Fixes a bug where envoy would silently reject RSA keys that are smaller than 2048 bits,
+we now reject those earlier in the process when we validate the certificate. [[GH-17911](https://github.com/hashicorp/consul/issues/17911)]
+* http: fixed API endpoint `PUT /acl/token/:AccessorID` (update token), no longer requires `AccessorID` in the request body. Web UI can now update tokens. [[GH-17739](https://github.com/hashicorp/consul/issues/17739)]
+* mesh: **(Enterprise Only)** Require that `jwt-provider` config entries are created in the `default` namespace. [[GH-18325](https://github.com/hashicorp/consul/issues/18325)]
+* snapshot: fix access denied and handle is invalid when we call snapshot save on windows - skip sync() for folders in windows in
+https://github.com/rboyer/safeio/pull/3 [[GH-18302](https://github.com/hashicorp/consul/issues/18302)]
+* xds: Prevent partial application of non-Required Envoy extensions in the case of failure. [[GH-18068](https://github.com/hashicorp/consul/issues/18068)]
+
+## 1.15.5 (August 8, 2023)
+
+SECURITY:
+
+* Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
+* Upgrade golang.org/x/net to address [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406) [[GH-18186](https://github.com/hashicorp/consul/issues/18186)]
+* Upgrade to use Go 1.20.6.
+This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`) for uses of the standard library.
+A separate change updates dependencies on `golang.org/x/net` to use `0.12.0`. [[GH-18190](https://github.com/hashicorp/consul/issues/18190)]
+* Upgrade to use Go 1.20.7.
+This resolves vulnerability [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
+
+FEATURES:
+
+* cli: `consul members` command uses `-filter` expression to filter members based on bexpr. [[GH-18223](https://github.com/hashicorp/consul/issues/18223)]
+* cli: `consul watch` command uses `-filter` expression to filter response from checks, services, nodes, and service. [[GH-17780](https://github.com/hashicorp/consul/issues/17780)]
+* reloadable config: Made enable_debug config reloadable and enable pprof command to work when config toggles to true [[GH-17565](https://github.com/hashicorp/consul/issues/17565)]
+
+IMPROVEMENTS:
+
+* Fix some typos in metrics docs [[GH-18080](https://github.com/hashicorp/consul/issues/18080)]
+* acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only) [[GH-18319](https://github.com/hashicorp/consul/issues/18319)]
+* acl: allow for a single slash character in policy names [[GH-18319](https://github.com/hashicorp/consul/issues/18319)]
+* connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [[GH-17888](https://github.com/hashicorp/consul/issues/17888)]
+* connect: update supported envoy versions to 1.22.11, 1.23.12, 1.24.10, 1.25.9 [[GH-18304](https://github.com/hashicorp/consul/issues/18304)]
+* hcp: Add dynamic configuration support for the export of server metrics to HCP. [[GH-18168](https://github.com/hashicorp/consul/issues/18168)]
+* hcp: Removes requirement for HCP to provide a management token [[GH-18140](https://github.com/hashicorp/consul/issues/18140)]
+* xds: Explicitly enable WebSocket connection upgrades in HTTP connection manager [[GH-18150](https://github.com/hashicorp/consul/issues/18150)]
+
+BUG FIXES:
+
+* Fix a bug that wrongly trims domains when there is an overlap with DC name. [[GH-17160](https://github.com/hashicorp/consul/issues/17160)]
+* api-gateway: fix race condition in proxy config generation when Consul is notified of the bound-api-gateway config entry before it is notified of the api-gateway config entry. [[GH-18291](https://github.com/hashicorp/consul/issues/18291)]
+* connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters [[GH-17846](https://github.com/hashicorp/consul/issues/17846)]
+* connect: Fix incorrect protocol config merging for transparent proxy implicit upstreams. [[GH-17894](https://github.com/hashicorp/consul/issues/17894)]
+* connect: Removes the default health check from the `consul connect envoy` command when starting an API Gateway.
+This health check would always fail. [[GH-18011](https://github.com/hashicorp/consul/issues/18011)]
+* connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-18024](https://github.com/hashicorp/consul/issues/18024)]
+* snapshot: fix access denied and handle is invalid when we call snapshot save on windows - skip sync() for folders in windows in
+https://github.com/rboyer/safeio/pull/3 [[GH-18302](https://github.com/hashicorp/consul/issues/18302)]
+
+## 1.14.9 (August 8, 2023)
+
+SECURITY:
+
+* Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
+* Upgrade golang.org/x/net to address [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406) [[GH-18186](https://github.com/hashicorp/consul/issues/18186)]
+* Upgrade to use Go 1.20.6.
+This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`) for uses of the standard library. 
+A separate change updates dependencies on `golang.org/x/net` to use `0.12.0`. [[GH-18190](https://github.com/hashicorp/consul/issues/18190)]
+* Upgrade to use Go 1.20.7.
+This resolves vulnerability [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
+
+FEATURES:
+
+* cli: `consul members` command uses `-filter` expression to filter members based on bexpr. [[GH-18223](https://github.com/hashicorp/consul/issues/18223)]
+* cli: `consul watch` command uses `-filter` expression to filter response from checks, services, nodes, and service. [[GH-17780](https://github.com/hashicorp/consul/issues/17780)]
+* reloadable config: Made enable_debug config reloadable and enable pprof command to work when config toggles to true [[GH-17565](https://github.com/hashicorp/consul/issues/17565)]
+
+IMPROVEMENTS:
+
+* Fix some typos in metrics docs [[GH-18080](https://github.com/hashicorp/consul/issues/18080)]
+* acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only) [[GH-18319](https://github.com/hashicorp/consul/issues/18319)]
+* acl: allow for a single slash character in policy names [[GH-18319](https://github.com/hashicorp/consul/issues/18319)]
+* connect: update supported envoy versions to 1.21.6, 1.22.11, 1.23.12, 1.24.10 [[GH-18305](https://github.com/hashicorp/consul/issues/18305)]
+* hcp: Removes requirement for HCP to provide a management token [[GH-18140](https://github.com/hashicorp/consul/issues/18140)]
+* xds: Explicitly enable WebSocket connection upgrades in HTTP connection manager [[GH-18150](https://github.com/hashicorp/consul/issues/18150)]
+
+BUG FIXES:
+
+* Fix a bug that wrongly trims domains when there is an overlap with DC name. [[GH-17160](https://github.com/hashicorp/consul/issues/17160)]
+* connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters [[GH-17846](https://github.com/hashicorp/consul/issues/17846)]
+* connect: Fix incorrect protocol config merging for transparent proxy implicit upstreams. [[GH-17894](https://github.com/hashicorp/consul/issues/17894)]
+* connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-18024](https://github.com/hashicorp/consul/issues/18024)]
+* snapshot: fix access denied and handle is invalid when we call snapshot save on windows - skip sync() for folders in windows in
+https://github.com/rboyer/safeio/pull/3 [[GH-18302](https://github.com/hashicorp/consul/issues/18302)]
+
 ## 1.16.0 (June 26, 2023)
 
 BREAKING CHANGES:
diff --git a/api/go.mod b/api/go.mod
index 0c85ba4715ae..238515f62f29 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -6,7 +6,7 @@ replace github.com/hashicorp/consul/sdk => ../sdk
 
 require (
 	github.com/google/go-cmp v0.5.9
-	github.com/hashicorp/consul/sdk v0.14.0
+	github.com/hashicorp/consul/sdk v0.14.1
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hashicorp/go-rootcerts v1.0.2
diff --git a/envoyextensions/go.mod b/envoyextensions/go.mod
index 77e93bb31d40..5d90d18653ad 100644
--- a/envoyextensions/go.mod
+++ b/envoyextensions/go.mod
@@ -2,13 +2,16 @@ module github.com/hashicorp/consul/envoyextensions
 
 go 1.20
 
-replace github.com/hashicorp/consul/api => ../api
+replace (
+	github.com/hashicorp/consul/api => ../api
+	github.com/hashicorp/consul/sdk => ../sdk
+)
 
 require (
 	github.com/envoyproxy/go-control-plane v0.11.0
 	github.com/google/go-cmp v0.5.9
-	github.com/hashicorp/consul/api v1.22.0
-	github.com/hashicorp/consul/sdk v0.14.0
+	github.com/hashicorp/consul/api v1.24.0
+	github.com/hashicorp/consul/sdk v0.14.1
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-version v1.2.1
diff --git a/envoyextensions/go.sum b/envoyextensions/go.sum
index ffb9566775e0..77c098c2c2bf 100644
--- a/envoyextensions/go.sum
+++ b/envoyextensions/go.sum
@@ -62,8 +62,6 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/hashicorp/consul/sdk v0.14.0 h1:Hly+BMNMssVzoWddbBnBFi3W+Fzytvm0haSkihhj3GU=
-github.com/hashicorp/consul/sdk v0.14.0/go.mod h1:gHYeuDa0+0qRAD6Wwr6yznMBvBwHKoxSBoW5l73+saE=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
diff --git a/go.mod b/go.mod
index 8d50bf61d752..0d2de3f6b391 100644
--- a/go.mod
+++ b/go.mod
@@ -38,11 +38,11 @@ require (
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
 	github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706
 	github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69
-	github.com/hashicorp/consul/api v1.22.0
-	github.com/hashicorp/consul/envoyextensions v0.3.0
-	github.com/hashicorp/consul/proto-public v0.4.0
-	github.com/hashicorp/consul/sdk v0.14.0
-	github.com/hashicorp/consul/troubleshoot v0.3.0
+	github.com/hashicorp/consul/api v1.24.0
+	github.com/hashicorp/consul/envoyextensions v0.4.1
+	github.com/hashicorp/consul/proto-public v0.4.1
+	github.com/hashicorp/consul/sdk v0.14.1
+	github.com/hashicorp/consul/troubleshoot v0.3.1
 	github.com/hashicorp/go-bexpr v0.1.2
 	github.com/hashicorp/go-checkpoint v0.5.0
 	github.com/hashicorp/go-cleanhttp v0.5.2
diff --git a/test-integ/go.mod b/test-integ/go.mod
index e1a62dbdaadb..df38ac3f2f1b 100644
--- a/test-integ/go.mod
+++ b/test-integ/go.mod
@@ -3,8 +3,8 @@ module github.com/hashicorp/consul/test-integ
 go 1.20
 
 require (
-	github.com/hashicorp/consul/api v1.22.0
-	github.com/hashicorp/consul/sdk v0.14.0
+	github.com/hashicorp/consul/api v1.24.0
+	github.com/hashicorp/consul/sdk v0.14.1
 	github.com/hashicorp/consul/test/integration/consul-container v0.0.0-20230628201853-bdf4fad7c5a5
 	github.com/hashicorp/consul/testing/deployer v0.0.0-00010101000000-000000000000
 	github.com/hashicorp/go-cleanhttp v0.5.2
@@ -93,8 +93,8 @@ require (
 	github.com/hashicorp/consul v0.0.0-00010101000000-000000000000 // indirect
 	github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 // indirect
 	github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 // indirect
-	github.com/hashicorp/consul/envoyextensions v0.3.0 // indirect
-	github.com/hashicorp/consul/proto-public v0.4.0 // indirect
+	github.com/hashicorp/consul/envoyextensions v0.4.1 // indirect
+	github.com/hashicorp/consul/proto-public v0.4.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-bexpr v0.1.2 // indirect
 	github.com/hashicorp/go-connlimit v0.3.0 // indirect
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index 3a1fe15feaaf..f7b3ab9b4774 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -10,10 +10,10 @@ require (
 	github.com/evanphx/json-patch v4.12.0+incompatible
 	github.com/go-jose/go-jose/v3 v3.0.0
 	github.com/hashicorp/consul v0.0.0-00010101000000-000000000000
-	github.com/hashicorp/consul/api v1.22.0
-	github.com/hashicorp/consul/envoyextensions v0.3.0
-	github.com/hashicorp/consul/proto-public v0.4.0
-	github.com/hashicorp/consul/sdk v0.14.0
+	github.com/hashicorp/consul/api v1.24.0
+	github.com/hashicorp/consul/envoyextensions v0.4.1
+	github.com/hashicorp/consul/proto-public v0.4.1
+	github.com/hashicorp/consul/sdk v0.14.1
 	github.com/hashicorp/consul/testing/deployer v0.0.0-00010101000000-000000000000
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-multierror v1.1.1
diff --git a/testing/deployer/go.mod b/testing/deployer/go.mod
index c94643e830f2..9bf70b9cc146 100644
--- a/testing/deployer/go.mod
+++ b/testing/deployer/go.mod
@@ -4,8 +4,8 @@ go 1.20
 
 require (
 	github.com/google/go-cmp v0.5.9
-	github.com/hashicorp/consul/api v1.22.0
-	github.com/hashicorp/consul/sdk v0.14.0
+	github.com/hashicorp/consul/api v1.24.0
+	github.com/hashicorp/consul/sdk v0.14.1
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hashicorp/go-multierror v1.1.1
@@ -39,7 +39,6 @@ require (
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/zclconf/go-cty v1.12.1 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/net v0.13.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect
 	golang.org/x/text v0.11.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/testing/deployer/go.sum b/testing/deployer/go.sum
index 57896354907f..603dbfb8d6c8 100644
--- a/testing/deployer/go.sum
+++ b/testing/deployer/go.sum
@@ -46,10 +46,10 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/hashicorp/consul/api v1.22.0 h1:ydEvDooB/A0c/xpsBd8GSt7P2/zYPBui4KrNip0xGjE=
-github.com/hashicorp/consul/api v1.22.0/go.mod h1:zHpYgZ7TeYqS6zaszjwSt128OwESRpnhU9aGa6ue3Eg=
-github.com/hashicorp/consul/sdk v0.14.0 h1:Hly+BMNMssVzoWddbBnBFi3W+Fzytvm0haSkihhj3GU=
-github.com/hashicorp/consul/sdk v0.14.0/go.mod h1:gHYeuDa0+0qRAD6Wwr6yznMBvBwHKoxSBoW5l73+saE=
+github.com/hashicorp/consul/api v1.24.0 h1:u2XyStA2j0jnCiVUU7Qyrt8idjRn4ORhK6DlvZ3bWhA=
+github.com/hashicorp/consul/api v1.24.0/go.mod h1:NZJGRFYruc/80wYowkPFCp1LbGmJC9L8izrwfyVx/Wg=
+github.com/hashicorp/consul/sdk v0.14.1 h1:ZiwE2bKb+zro68sWzZ1SgHF3kRMBZ94TwOCFRF4ylPs=
+github.com/hashicorp/consul/sdk v0.14.1/go.mod h1:vFt03juSzocLRFo59NkeQHHmQa6+g7oU0pfzdI1mUhg=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -196,7 +196,6 @@ golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
 golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
-golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
diff --git a/troubleshoot/go.mod b/troubleshoot/go.mod
index 75666de18b31..986a55d38f16 100644
--- a/troubleshoot/go.mod
+++ b/troubleshoot/go.mod
@@ -14,8 +14,8 @@ exclude (
 require (
 	github.com/envoyproxy/go-control-plane v0.11.0
 	github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfbe53e
-	github.com/hashicorp/consul/api v1.22.0
-	github.com/hashicorp/consul/envoyextensions v0.3.0
+	github.com/hashicorp/consul/api v1.24.0
+	github.com/hashicorp/consul/envoyextensions v0.4.1
 	github.com/stretchr/testify v1.8.3
 	google.golang.org/protobuf v1.30.0
 )

From bb1a288b74e811084eec08b3c729134405053af9 Mon Sep 17 00:00:00 2001
From: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>
Date: Wed, 9 Aug 2023 16:14:17 -0500
Subject: [PATCH 265/359] update ECS links (#18419)

---
 website/content/docs/ecs/index.mdx | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/website/content/docs/ecs/index.mdx b/website/content/docs/ecs/index.mdx
index 4ec719bcac9b..963604188aef 100644
--- a/website/content/docs/ecs/index.mdx
+++ b/website/content/docs/ecs/index.mdx
@@ -30,8 +30,7 @@ For a detailed architecture overview, see the [Architecture](/consul/docs/ecs/ar
 
 There are several ways to get started with Consul with ECS.
 
-- The [Serverless Consul Service Mesh with ECS and HCP](/consul/tutorials/cloud-production/consul-ecs-hcp?utm_source=docs) learn guide shows how to use Terraform to run Consul service mesh applications on ECS with managed Consul servers running in HashiCorp Cloud Platform (HCP).
-- The [Service Mesh with ECS and Consul on EC2](/consul/tutorials/cloud-integrations/consul-ecs-ec2?utm_source=docs) learn guide shows how to use Terraform to run Consul service mesh applications on ECS with Consul servers running on EC2 instances.
+- The [Integrate your AWS ECS services into Consul service mesh](/consul/tutorials/cloud-integrations/consul-ecs) tutorial shows how to use Terraform to run Consul service mesh applications on ECS with self-managed Consul or HCP-managed Consul.
 - The [Consul with Dev Server on Fargate](https://registry.terraform.io/modules/hashicorp/consul-ecs/aws/latest/examples/dev-server-fargate) example installation deploys a sample application in ECS using the Fargate launch type.
 - The [Consul with Dev Server on EC2](https://registry.terraform.io/modules/hashicorp/consul-ecs/aws/latest/examples/dev-server-ec2) example installation deploys a sample application in ECS using the EC2 launch type.
 

From 10f69d86d068f81bc29a632ef9518fa25d22c191 Mon Sep 17 00:00:00 2001
From: Gerard Nguyen <gerard@hashicorp.com>
Date: Thu, 10 Aug 2023 10:33:19 +1000
Subject: [PATCH 266/359] docs: fix incorrect proxy-defaults config in Lua
 Envoy extension (#18418)

fix incorrect proxy-defaults config
---
 .../connect/proxies/envoy-extensions/usage/lua.mdx   | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx
index da9e4c9b0f10..08fb6b05d0b4 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx
@@ -42,15 +42,17 @@ The following example configures the Lua Envoy extension on every service by usi
 <CodeBlockConfig filename="lua-envoy-extension-proxy-defaults.hcl">
 
 ```hcl
-Kind     = "proxy-defaults"
-Name     = "global"
-Protocol = "http"
+Kind = "proxy-defaults"
+Name = "global"
+Config {
+  protocol = "http"
+}
 EnvoyExtensions {
   Name = "builtin/lua"
   Arguments = {
     ProxyType = "connect-proxy"
     Listener  = "inbound"
-    Script    = <<-EOS
+    Script    = <<-EOF
 function envoy_on_request(request_handle)
   meta = request_handle:streamInfo():dynamicMetadata()
   m = meta:get("consul")
@@ -59,7 +61,7 @@ function envoy_on_request(request_handle)
   request_handle:headers():add("x-consul-datacenter", m["datacenter"])
   request_handle:headers():add("x-consul-trust-domain", m["trust-domain"])
 end
-EOS
+ EOF
   }
 }
 ```

From bee12c6b1f6330e5002598972b5e8c8de013458a Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Thu, 10 Aug 2023 09:53:38 -0500
Subject: [PATCH 267/359] resource: Make resource write tenancy aware (#18423)

---
 agent/consul/tenancy_bridge_oss.go            |  16 +-
 .../grpc-external/services/resource/delete.go |   4 +-
 .../services/resource/mock_TenancyBridge.go   |  48 +++
 agent/grpc-external/services/resource/read.go |   2 +-
 .../services/resource/read_test.go            |  10 +-
 .../grpc-external/services/resource/server.go |  35 +-
 .../services/resource/server_test.go          |   2 +
 .../services/resource/testing/testing.go      |   2 +
 .../grpc-external/services/resource/write.go  |  52 ++-
 .../services/resource/write_test.go           | 299 ++++++++++++++----
 .../internal/types/proxy_state_template.go    |   4 +-
 internal/resource/demo/demo.go                |  14 +-
 internal/resource/registry.go                 |   6 +-
 internal/resource/registry_test.go            |   4 +-
 internal/resource/tenancy.go                  |  29 +-
 15 files changed, 412 insertions(+), 115 deletions(-)

diff --git a/agent/consul/tenancy_bridge_oss.go b/agent/consul/tenancy_bridge_oss.go
index 09004c2ba603..2272af74cec6 100644
--- a/agent/consul/tenancy_bridge_oss.go
+++ b/agent/consul/tenancy_bridge_oss.go
@@ -6,16 +6,24 @@
 
 package consul
 
-func (b *V1TenancyBridge) NamespaceExists(partition, namespace string) (bool, error) {
-	if partition == "default" && namespace == "default" {
+func (b *V1TenancyBridge) PartitionExists(partition string) (bool, error) {
+	if partition == "default" {
 		return true, nil
 	}
 	return false, nil
 }
 
-func (b *V1TenancyBridge) PartitionExists(partition string) (bool, error) {
-	if partition == "default" {
+func (b *V1TenancyBridge) IsPartitionMarkedForDeletion(partition string) (bool, error) {
+	return false, nil
+}
+
+func (b *V1TenancyBridge) NamespaceExists(partition, namespace string) (bool, error) {
+	if partition == "default" && namespace == "default" {
 		return true, nil
 	}
 	return false, nil
 }
+
+func (b *V1TenancyBridge) IsNamespaceMarkedForDeletion(partition, namespace string) (bool, error) {
+	return false, nil
+}
diff --git a/agent/grpc-external/services/resource/delete.go b/agent/grpc-external/services/resource/delete.go
index 597d184d2d6b..459f97f28a17 100644
--- a/agent/grpc-external/services/resource/delete.go
+++ b/agent/grpc-external/services/resource/delete.go
@@ -37,7 +37,7 @@ func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pb
 	}
 
 	// TODO(spatel): Refactor _ and entMeta in NET-4919
-	authz, _, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
+	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
 	if err != nil {
 		return nil, err
 	}
@@ -58,7 +58,7 @@ func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pb
 	}
 
 	// Check ACLs
-	err = reg.ACLs.Write(authz, existing)
+	err = reg.ACLs.Write(authz, authzContext, existing)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return nil, status.Error(codes.PermissionDenied, err.Error())
diff --git a/agent/grpc-external/services/resource/mock_TenancyBridge.go b/agent/grpc-external/services/resource/mock_TenancyBridge.go
index f2dcc6e0b46a..662b4004b99f 100644
--- a/agent/grpc-external/services/resource/mock_TenancyBridge.go
+++ b/agent/grpc-external/services/resource/mock_TenancyBridge.go
@@ -9,6 +9,54 @@ type MockTenancyBridge struct {
 	mock.Mock
 }
 
+// IsNamespaceMarkedForDeletion provides a mock function with given fields: partition, namespace
+func (_m *MockTenancyBridge) IsNamespaceMarkedForDeletion(partition string, namespace string) (bool, error) {
+	ret := _m.Called(partition, namespace)
+
+	var r0 bool
+	var r1 error
+	if rf, ok := ret.Get(0).(func(string, string) (bool, error)); ok {
+		return rf(partition, namespace)
+	}
+	if rf, ok := ret.Get(0).(func(string, string) bool); ok {
+		r0 = rf(partition, namespace)
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+
+	if rf, ok := ret.Get(1).(func(string, string) error); ok {
+		r1 = rf(partition, namespace)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// IsPartitionMarkedForDeletion provides a mock function with given fields: partition
+func (_m *MockTenancyBridge) IsPartitionMarkedForDeletion(partition string) (bool, error) {
+	ret := _m.Called(partition)
+
+	var r0 bool
+	var r1 error
+	if rf, ok := ret.Get(0).(func(string) (bool, error)); ok {
+		return rf(partition)
+	}
+	if rf, ok := ret.Get(0).(func(string) bool); ok {
+		r0 = rf(partition)
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+
+	if rf, ok := ret.Get(1).(func(string) error); ok {
+		r1 = rf(partition)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
 // NamespaceExists provides a mock function with given fields: partition, namespace
 func (_m *MockTenancyBridge) NamespaceExists(partition string, namespace string) (bool, error) {
 	ret := _m.Called(partition, namespace)
diff --git a/agent/grpc-external/services/resource/read.go b/agent/grpc-external/services/resource/read.go
index 490909114b3f..ca248cd962a7 100644
--- a/agent/grpc-external/services/resource/read.go
+++ b/agent/grpc-external/services/resource/read.go
@@ -54,7 +54,7 @@ func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbreso
 	}
 
 	// Check V1 tenancy exists for the V2 resource.
-	if err = v1TenancyExists(reg, s.V1TenancyBridge, req.Id.Tenancy); err != nil {
+	if err = v1TenancyExists(reg, s.V1TenancyBridge, req.Id.Tenancy, codes.NotFound); err != nil {
 		return nil, err
 	}
 
diff --git a/agent/grpc-external/services/resource/read_test.go b/agent/grpc-external/services/resource/read_test.go
index 82085b451ff5..4b93f210e34d 100644
--- a/agent/grpc-external/services/resource/read_test.go
+++ b/agent/grpc-external/services/resource/read_test.go
@@ -161,20 +161,20 @@ func TestRead_Success(t *testing.T) {
 				"namespaced resource provides nonempty partition and namespace": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID {
 					return artistId
 				},
-				"namespaced resource provides uppercase namespace and partition": func(artistId, _ *pbresource.ID) *pbresource.ID {
+				"namespaced resource provides uppercase partition and namespace": func(artistId, _ *pbresource.ID) *pbresource.ID {
 					id := clone(artistId)
 					id.Tenancy.Partition = strings.ToUpper(artistId.Tenancy.Partition)
 					id.Tenancy.Namespace = strings.ToUpper(artistId.Tenancy.Namespace)
 					return id
 				},
-				"namespaced resource inherits tokens namespace when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
+				"namespaced resource inherits tokens partition when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
 					id := clone(artistId)
-					id.Tenancy.Namespace = ""
+					id.Tenancy.Partition = ""
 					return id
 				},
-				"namespaced resource inherits tokens partition when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
+				"namespaced resource inherits tokens namespace when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
 					id := clone(artistId)
-					id.Tenancy.Partition = ""
+					id.Tenancy.Namespace = ""
 					return id
 				},
 				"namespaced resource inherits tokens partition and namespace when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
diff --git a/agent/grpc-external/services/resource/server.go b/agent/grpc-external/services/resource/server.go
index e011c81c0fd0..64ac47e6ddc2 100644
--- a/agent/grpc-external/services/resource/server.go
+++ b/agent/grpc-external/services/resource/server.go
@@ -54,7 +54,9 @@ type ACLResolver interface {
 //go:generate mockery --name TenancyBridge --inpackage
 type TenancyBridge interface {
 	PartitionExists(partition string) (bool, error)
-	NamespaceExists(partition string, namespace string) (bool, error)
+	IsPartitionMarkedForDeletion(partition string) (bool, error)
+	NamespaceExists(partition, namespace string) (bool, error)
+	IsNamespaceMarkedForDeletion(partition, namespace string) (bool, error)
 }
 
 func NewServer(cfg Config) *Server {
@@ -145,14 +147,15 @@ func validateId(id *pbresource.ID, errorPrefix string) error {
 	return nil
 }
 
-func v1TenancyExists(reg *resource.Registration, v1Bridge TenancyBridge, tenancy *pbresource.Tenancy) error {
+// v1TenancyExists return an error with the passed in gRPC status code when tenancy partition or namespace do not exist.
+func v1TenancyExists(reg *resource.Registration, v1Bridge TenancyBridge, tenancy *pbresource.Tenancy, errCode codes.Code) error {
 	if reg.Scope == resource.ScopePartition || reg.Scope == resource.ScopeNamespace {
 		exists, err := v1Bridge.PartitionExists(tenancy.Partition)
 		switch {
 		case err != nil:
 			return err
 		case !exists:
-			return status.Errorf(codes.NotFound, "partition resource not found: %v", tenancy.Partition)
+			return status.Errorf(errCode, "partition resource not found: %v", tenancy.Partition)
 		}
 	}
 
@@ -162,7 +165,31 @@ func v1TenancyExists(reg *resource.Registration, v1Bridge TenancyBridge, tenancy
 		case err != nil:
 			return err
 		case !exists:
-			return status.Errorf(codes.NotFound, "namespace resource not found: %v", tenancy.Namespace)
+			return status.Errorf(errCode, "namespace resource not found: %v", tenancy.Namespace)
+		}
+	}
+	return nil
+}
+
+// v1TenancyMarkedForDeletion returns a gRPC InvalidArgument when either partition or namespace is marked for deletion.
+func v1TenancyMarkedForDeletion(reg *resource.Registration, v1Bridge TenancyBridge, tenancy *pbresource.Tenancy) error {
+	if reg.Scope == resource.ScopePartition || reg.Scope == resource.ScopeNamespace {
+		marked, err := v1Bridge.IsPartitionMarkedForDeletion(tenancy.Partition)
+		switch {
+		case err != nil:
+			return err
+		case marked:
+			return status.Errorf(codes.InvalidArgument, "partition marked for deletion: %v", tenancy.Partition)
+		}
+	}
+
+	if reg.Scope == resource.ScopeNamespace {
+		marked, err := v1Bridge.IsNamespaceMarkedForDeletion(tenancy.Partition, tenancy.Namespace)
+		switch {
+		case err != nil:
+			return err
+		case marked:
+			return status.Errorf(codes.InvalidArgument, "namespace marked for deletion: %v", tenancy.Namespace)
 		}
 	}
 	return nil
diff --git a/agent/grpc-external/services/resource/server_test.go b/agent/grpc-external/services/resource/server_test.go
index 0e14f73292d2..0530f51a2a3f 100644
--- a/agent/grpc-external/services/resource/server_test.go
+++ b/agent/grpc-external/services/resource/server_test.go
@@ -80,6 +80,8 @@ func testServer(t *testing.T) *Server {
 	mockTenancyBridge.On("NamespaceExists", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(true, nil)
 	mockTenancyBridge.On("PartitionExists", mock.Anything).Return(false, nil)
 	mockTenancyBridge.On("NamespaceExists", mock.Anything, mock.Anything).Return(false, nil)
+	mockTenancyBridge.On("IsPartitionMarkedForDeletion", resource.DefaultPartitionName).Return(false, nil)
+	mockTenancyBridge.On("IsNamespaceMarkedForDeletion", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(false, nil)
 
 	return NewServer(Config{
 		Logger:          testutil.Logger(t),
diff --git a/agent/grpc-external/services/resource/testing/testing.go b/agent/grpc-external/services/resource/testing/testing.go
index d6eb6c069200..b35a9491f37b 100644
--- a/agent/grpc-external/services/resource/testing/testing.go
+++ b/agent/grpc-external/services/resource/testing/testing.go
@@ -72,6 +72,8 @@ func RunResourceServiceWithACL(t *testing.T, aclResolver svc.ACLResolver, regist
 	mockTenancyBridge := &svc.MockTenancyBridge{}
 	mockTenancyBridge.On("PartitionExists", resource.DefaultPartitionName).Return(true, nil)
 	mockTenancyBridge.On("NamespaceExists", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(true, nil)
+	mockTenancyBridge.On("IsPartitionMarkedForDeletion", resource.DefaultPartitionName).Return(false, nil)
+	mockTenancyBridge.On("IsNamespaceMarkedForDeletion", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(false, nil)
 
 	svc.NewServer(svc.Config{
 		Backend:         backend,
diff --git a/agent/grpc-external/services/resource/write.go b/agent/grpc-external/services/resource/write.go
index f55645ae945d..b85b33ef237f 100644
--- a/agent/grpc-external/services/resource/write.go
+++ b/agent/grpc-external/services/resource/write.go
@@ -37,23 +37,20 @@ import (
 var errUseWriteStatus = status.Error(codes.InvalidArgument, "resource.status can only be set using the WriteStatus endpoint")
 
 func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbresource.WriteResponse, error) {
-	if err := validateWriteRequest(req); err != nil {
-		return nil, err
-	}
-
-	reg, err := s.resolveType(req.Resource.Id.Type)
+	reg, err := s.validateWriteRequest(req)
 	if err != nil {
 		return nil, err
 	}
 
-	// TODO(spatel): Refactor _ and entMeta as part of NET-4911
-	authz, _, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
+	v1EntMeta := v2TenancyToV1EntMeta(req.Resource.Id.Tenancy)
+	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), v1EntMeta)
 	if err != nil {
 		return nil, err
 	}
+	v1EntMetaToV2Tenancy(reg, v1EntMeta, req.Resource.Id.Tenancy)
 
-	// check acls
-	err = reg.ACLs.Write(authz, req.Resource)
+	// ACL check comes before tenancy existence checks to not leak tenancy "existence".
+	err = reg.ACLs.Write(authz, authzContext, req.Resource)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return nil, status.Error(codes.PermissionDenied, err.Error())
@@ -73,6 +70,16 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre
 		)
 	}
 
+	// Check V1 tenancy exists for the V2 resource
+	if err = v1TenancyExists(reg, s.V1TenancyBridge, req.Resource.Id.Tenancy, codes.InvalidArgument); err != nil {
+		return nil, err
+	}
+
+	// Check V1 tenancy not marked for deletion.
+	if err = v1TenancyMarkedForDeletion(reg, s.V1TenancyBridge, req.Resource.Id.Tenancy); err != nil {
+		return nil, err
+	}
+
 	if err = reg.Mutate(req.Resource); err != nil {
 		return nil, status.Errorf(codes.Internal, "failed mutate hook: %v", err.Error())
 	}
@@ -258,7 +265,7 @@ func (s *Server) retryCAS(ctx context.Context, vsn string, cas func() error) err
 	return err
 }
 
-func validateWriteRequest(req *pbresource.WriteRequest) error {
+func (s *Server) validateWriteRequest(req *pbresource.WriteRequest) (*resource.Registration, error) {
 	var field string
 	switch {
 	case req.Resource == nil:
@@ -270,17 +277,34 @@ func validateWriteRequest(req *pbresource.WriteRequest) error {
 	}
 
 	if field != "" {
-		return status.Errorf(codes.InvalidArgument, "%s is required", field)
+		return nil, status.Errorf(codes.InvalidArgument, "%s is required", field)
 	}
 
 	if err := validateId(req.Resource.Id, "resource.id"); err != nil {
-		return err
+		return nil, err
 	}
 
 	if req.Resource.Owner != nil {
 		if err := validateId(req.Resource.Owner, "resource.owner"); err != nil {
-			return err
+			return nil, err
 		}
 	}
-	return nil
+
+	// Check type exists.
+	reg, err := s.resolveType(req.Resource.Id.Type)
+	if err != nil {
+		return nil, err
+	}
+
+	// Check scope
+	if reg.Scope == resource.ScopePartition && req.Resource.Id.Tenancy.Namespace != "" {
+		return nil, status.Errorf(
+			codes.InvalidArgument,
+			"partition scoped resource %s cannot have a namespace. got: %s",
+			resource.ToGVK(req.Resource.Id.Type),
+			req.Resource.Id.Tenancy.Namespace,
+		)
+	}
+
+	return reg, nil
 }
diff --git a/agent/grpc-external/services/resource/write_test.go b/agent/grpc-external/services/resource/write_test.go
index 8c886d9bf876..fbd1ed2b5074 100644
--- a/agent/grpc-external/services/resource/write_test.go
+++ b/agent/grpc-external/services/resource/write_test.go
@@ -5,6 +5,7 @@ package resource
 
 import (
 	"context"
+	"strings"
 	"sync/atomic"
 	"testing"
 
@@ -16,11 +17,13 @@ import (
 	"google.golang.org/protobuf/types/known/anypb"
 
 	"github.com/hashicorp/consul/acl/resolver"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	pbdemov1 "github.com/hashicorp/consul/proto/private/pbdemo/v1"
 	pbdemov2 "github.com/hashicorp/consul/proto/private/pbdemo/v2"
+	"github.com/hashicorp/consul/proto/private/prototest"
 )
 
 func TestWrite_InputValidation(t *testing.T) {
@@ -29,49 +32,56 @@ func TestWrite_InputValidation(t *testing.T) {
 
 	demo.RegisterTypes(server.Registry)
 
-	testCases := map[string]func(*pbresource.WriteRequest){
-		"no resource": func(req *pbresource.WriteRequest) { req.Resource = nil },
-		"no id":       func(req *pbresource.WriteRequest) { req.Resource.Id = nil },
-		"no type":     func(req *pbresource.WriteRequest) { req.Resource.Id.Type = nil },
-		"no tenancy":  func(req *pbresource.WriteRequest) { req.Resource.Id.Tenancy = nil },
-		"no name":     func(req *pbresource.WriteRequest) { req.Resource.Id.Name = "" },
-		"no data":     func(req *pbresource.WriteRequest) { req.Resource.Data = nil },
-
-		// TODO(spatel): Refactor tenancy as part of NET-4911
-		//
-		// // clone necessary to not pollute DefaultTenancy
-		// "tenancy partition not default": func(req *pbresource.WriteRequest) {
-		// 	req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
-		// 	req.Resource.Id.Tenancy.Partition = ""
-		// },
-		// "tenancy namespace not default": func(req *pbresource.WriteRequest) {
-		// 	req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
-		// 	req.Resource.Id.Tenancy.Namespace = ""
-		// },
-		// "tenancy peername not local": func(req *pbresource.WriteRequest) {
-		// 	req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
-		// 	req.Resource.Id.Tenancy.PeerName = ""
-		// },
-		"wrong data type": func(req *pbresource.WriteRequest) {
+	testCases := map[string]func(artist, recordLabel *pbresource.Resource) *pbresource.Resource{
+		"no resource": func(artist, recordLabel *pbresource.Resource) *pbresource.Resource { return nil },
+		"no id": func(artist, _ *pbresource.Resource) *pbresource.Resource {
+			artist.Id = nil
+			return artist
+		},
+		"no type": func(artist, _ *pbresource.Resource) *pbresource.Resource {
+			artist.Id.Type = nil
+			return artist
+		},
+		"no tenancy": func(artist, _ *pbresource.Resource) *pbresource.Resource {
+			artist.Id.Tenancy = nil
+			return artist
+		},
+		"no name": func(artist, _ *pbresource.Resource) *pbresource.Resource {
+			artist.Id.Name = ""
+			return artist
+		},
+		"no data": func(artist, _ *pbresource.Resource) *pbresource.Resource {
+			artist.Data = nil
+			return artist
+		},
+		"wrong data type": func(artist, _ *pbresource.Resource) *pbresource.Resource {
 			var err error
-			req.Resource.Data, err = anypb.New(&pbdemov2.Album{})
+			artist.Data, err = anypb.New(&pbdemov2.Album{})
 			require.NoError(t, err)
+			return artist
+		},
+		"fail validation hook": func(artist, _ *pbresource.Resource) *pbresource.Resource {
+			buffer := &pbdemov2.Artist{}
+			require.NoError(t, artist.Data.UnmarshalTo(buffer))
+			buffer.Name = "" // name cannot be empty
+			require.NoError(t, artist.Data.MarshalFrom(buffer))
+			return artist
 		},
-		"fail validation hook": func(req *pbresource.WriteRequest) {
-			artist := &pbdemov2.Artist{}
-			require.NoError(t, req.Resource.Data.UnmarshalTo(artist))
-			artist.Name = "" // name cannot be empty
-			require.NoError(t, req.Resource.Data.MarshalFrom(artist))
+		"partition scope with non-empty namespace": func(_, recordLabel *pbresource.Resource) *pbresource.Resource {
+			recordLabel.Id.Tenancy.Namespace = "bogus"
+			return recordLabel
 		},
+		// TODO(spatel): add cluster scope tests when we have an actual cluster scoped resource (e.g. partition)
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
-			res, err := demo.GenerateV2Artist()
+			artist, err := demo.GenerateV2Artist()
 			require.NoError(t, err)
 
-			req := &pbresource.WriteRequest{Resource: res}
-			modFn(req)
+			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
+			require.NoError(t, err)
 
+			req := &pbresource.WriteRequest{Resource: modFn(artist, recordLabel)}
 			_, err = client.Write(testContext(t), req)
 			require.Error(t, err)
 			require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
@@ -102,31 +112,6 @@ func TestWrite_OwnerValidation(t *testing.T) {
 			modReqFn:      func(req *pbresource.WriteRequest) { req.Resource.Owner.Name = "" },
 			errorContains: "resource.owner.name",
 		},
-
-		// TODO(spatel): Refactor tenancy as part of NET-4911
-		//
-		// // clone necessary to not pollute DefaultTenancy
-		// "owner tenancy partition not default": {
-		// 	modReqFn: func(req *pbresource.WriteRequest) {
-		// 		req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
-		// 		req.Resource.Owner.Tenancy.Partition = ""
-		// 	},
-		// 	errorContains: "resource.owner.tenancy.partition",
-		// },
-		// "owner tenancy namespace not default": {
-		// 	modReqFn: func(req *pbresource.WriteRequest) {
-		// 		req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
-		// 		req.Resource.Owner.Tenancy.Namespace = ""
-		// 	},
-		// 	errorContains: "resource.owner.tenancy.namespace",
-		// },
-		// "owner tenancy peername not local": {
-		// 	modReqFn: func(req *pbresource.WriteRequest) {
-		// 		req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
-		// 		req.Resource.Owner.Tenancy.PeerName = ""
-		// 	},
-		// 	errorContains: "resource.owner.tenancy.peername",
-		// },
 	}
 	for desc, tc := range testCases {
 		t.Run(desc, func(t *testing.T) {
@@ -227,20 +212,196 @@ func TestWrite_Mutate(t *testing.T) {
 	require.Equal(t, pbdemov2.Genre_GENRE_DISCO, artistData.Genre)
 }
 
-func TestWrite_ResourceCreation_Success(t *testing.T) {
-	server := testServer(t)
-	client := testClient(t, server)
+func TestWrite_Create_Success(t *testing.T) {
+	testCases := map[string]struct {
+		modFn           func(artist, recordLabel *pbresource.Resource) *pbresource.Resource
+		expectedTenancy *pbresource.Tenancy
+	}{
+		"namespaced resource provides nonempty partition and namespace": {
+			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
+				return artist
+			},
+			expectedTenancy: resource.DefaultNamespacedTenancy(),
+		},
+		"namespaced resource provides uppercase partition and namespace": {
+			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
+				artist.Id.Tenancy.Partition = strings.ToUpper(artist.Id.Tenancy.Partition)
+				artist.Id.Tenancy.Namespace = strings.ToUpper(artist.Id.Tenancy.Namespace)
+				return artist
+			},
+			expectedTenancy: resource.DefaultNamespacedTenancy(),
+		},
+		"namespaced resource inherits tokens partition when empty": {
+			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
+				artist.Id.Tenancy.Partition = ""
+				return artist
+			},
+			expectedTenancy: resource.DefaultNamespacedTenancy(),
+		},
+		"namespaced resource inherits tokens namespace when empty": {
+			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
+				artist.Id.Tenancy.Namespace = ""
+				return artist
+			},
+			expectedTenancy: resource.DefaultNamespacedTenancy(),
+		},
+		"namespaced resource inherits tokens partition and namespace when empty": {
+			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
+				artist.Id.Tenancy.Partition = ""
+				artist.Id.Tenancy.Namespace = ""
+				return artist
+			},
+			expectedTenancy: resource.DefaultNamespacedTenancy(),
+		},
+		"partitioned resource provides nonempty partition": {
+			modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource {
+				return recordLabel
+			},
+			expectedTenancy: resource.DefaultPartitionedTenancy(),
+		},
+		"partitioned resource provides uppercase partition": {
+			modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource {
+				recordLabel.Id.Tenancy.Partition = strings.ToUpper(recordLabel.Id.Tenancy.Partition)
+				return recordLabel
+			},
+			expectedTenancy: resource.DefaultPartitionedTenancy(),
+		},
+		"partitioned resource inherits tokens partition when empty": {
+			modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource {
+				recordLabel.Id.Tenancy.Partition = ""
+				return recordLabel
+			},
+			expectedTenancy: resource.DefaultPartitionedTenancy(),
+		},
+		// TODO(spatel): Add cluster scope tests when we have an actual cluster scoped resource (e.g. partition)
+	}
+	for desc, tc := range testCases {
+		t.Run(desc, func(t *testing.T) {
+			server := testServer(t)
+			client := testClient(t, server)
+			demo.RegisterTypes(server.Registry)
 
-	demo.RegisterTypes(server.Registry)
+			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
+			require.NoError(t, err)
 
-	res, err := demo.GenerateV2Artist()
-	require.NoError(t, err)
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
 
-	rsp, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: res})
-	require.NoError(t, err)
-	require.NotEmpty(t, rsp.Resource.Version, "resource should have version")
-	require.NotEmpty(t, rsp.Resource.Id.Uid, "resource id should have uid")
-	require.NotEmpty(t, rsp.Resource.Generation, "resource should have generation")
+			rsp, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: tc.modFn(artist, recordLabel)})
+			require.NoError(t, err)
+			require.NotEmpty(t, rsp.Resource.Version, "resource should have version")
+			require.NotEmpty(t, rsp.Resource.Id.Uid, "resource id should have uid")
+			require.NotEmpty(t, rsp.Resource.Generation, "resource should have generation")
+			prototest.AssertDeepEqual(t, tc.expectedTenancy, rsp.Resource.Id.Tenancy)
+		})
+	}
+}
+
+func TestWrite_Create_Invalid_Tenancy(t *testing.T) {
+	testCases := map[string]struct {
+		modFn       func(artist, recordLabel *pbresource.Resource) *pbresource.Resource
+		errCode     codes.Code
+		errContains string
+	}{
+		"namespaced resource provides nonexistant partition": {
+			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
+				artist.Id.Tenancy.Partition = "boguspartition"
+				return artist
+			},
+			errCode:     codes.InvalidArgument,
+			errContains: "partition",
+		},
+		"namespaced resource provides nonexistant namespace": {
+			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
+				artist.Id.Tenancy.Namespace = "bogusnamespace"
+				return artist
+			},
+			errCode:     codes.InvalidArgument,
+			errContains: "namespace",
+		},
+		"partitioned resource provides nonexistant partition": {
+			modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource {
+				recordLabel.Id.Tenancy.Partition = "boguspartition"
+				return recordLabel
+			},
+			errCode:     codes.InvalidArgument,
+			errContains: "partition",
+		},
+	}
+	for desc, tc := range testCases {
+		t.Run(desc, func(t *testing.T) {
+			server := testServer(t)
+			client := testClient(t, server)
+			demo.RegisterTypes(server.Registry)
+
+			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
+			require.NoError(t, err)
+
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
+
+			_, err = client.Write(testContext(t), &pbresource.WriteRequest{Resource: tc.modFn(artist, recordLabel)})
+			require.Error(t, err)
+			require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
+			require.Contains(t, err.Error(), tc.errContains)
+		})
+	}
+}
+
+func TestWrite_Tenancy_MarkedForDeletion(t *testing.T) {
+	// Verify resource write fails when its partition or namespace is marked for deletion.
+	testCases := map[string]struct {
+		modFn       func(artist, recordLabel *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource
+		errContains string
+	}{
+		"namespaced resources partition marked for deletion": {
+			modFn: func(artist, _ *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource {
+				mockTenancyBridge.On("IsPartitionMarkedForDeletion", "part1").Return(true, nil)
+				return artist
+			},
+			errContains: "partition marked for deletion",
+		},
+		"namespaced resources namespace marked for deletion": {
+			modFn: func(artist, _ *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource {
+				mockTenancyBridge.On("IsPartitionMarkedForDeletion", "part1").Return(false, nil)
+				mockTenancyBridge.On("IsNamespaceMarkedForDeletion", "part1", "ns1").Return(true, nil)
+				return artist
+			},
+			errContains: "namespace marked for deletion",
+		},
+		"partitioned resources partition marked for deletion": {
+			modFn: func(_, recordLabel *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource {
+				mockTenancyBridge.On("IsPartitionMarkedForDeletion", "part1").Return(true, nil)
+				return recordLabel
+			},
+			errContains: "partition marked for deletion",
+		},
+	}
+	for desc, tc := range testCases {
+		t.Run(desc, func(t *testing.T) {
+			server := testServer(t)
+			client := testClient(t, server)
+			demo.RegisterTypes(server.Registry)
+			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
+			require.NoError(t, err)
+			recordLabel.Id.Tenancy.Partition = "part1"
+
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
+			artist.Id.Tenancy.Partition = "part1"
+			artist.Id.Tenancy.Namespace = "ns1"
+
+			mockTenancyBridge := &MockTenancyBridge{}
+			mockTenancyBridge.On("PartitionExists", "part1").Return(true, nil)
+			mockTenancyBridge.On("NamespaceExists", "part1", "ns1").Return(true, nil)
+			server.V1TenancyBridge = mockTenancyBridge
+
+			_, err = client.Write(testContext(t), &pbresource.WriteRequest{Resource: tc.modFn(artist, recordLabel, mockTenancyBridge)})
+			require.Error(t, err)
+			require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
+			require.Contains(t, err.Error(), tc.errContains)
+		})
+	}
 }
 
 func TestWrite_CASUpdate_Success(t *testing.T) {
diff --git a/internal/mesh/internal/types/proxy_state_template.go b/internal/mesh/internal/types/proxy_state_template.go
index 84195ed2c665..2637a53a6dbb 100644
--- a/internal/mesh/internal/types/proxy_state_template.go
+++ b/internal/mesh/internal/types/proxy_state_template.go
@@ -44,10 +44,10 @@ func RegisterProxyStateTemplate(r resource.Registry) {
 
 				return nil
 			},
-			Write: func(authorizer acl.Authorizer, p *pbresource.Resource) error {
+			Write: func(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, p *pbresource.Resource) error {
 				// Require operator:write only for "break-glass" scenarios as this resource should be mostly
 				// managed by a controller.
-				return authorizer.ToAllowAuthorizer().OperatorWriteAllowed(resource.AuthorizerContext(p.Id.Tenancy))
+				return authorizer.ToAllowAuthorizer().OperatorWriteAllowed(authzContext)
 			},
 			List: func(authorizer acl.Authorizer, tenancy *pbresource.Tenancy) error {
 				// No-op List permission as we want to default to filtering resources
diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go
index 6fd79f0b6cfb..a7901dd12826 100644
--- a/internal/resource/demo/demo.go
+++ b/internal/resource/demo/demo.go
@@ -85,7 +85,7 @@ func RegisterTypes(r resource.Registry) {
 		return authz.ToAllowAuthorizer().KeyReadAllowed(key, authzContext)
 	}
 
-	writeACL := func(authz acl.Authorizer, res *pbresource.Resource) error {
+	writeACL := func(authz acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error {
 		key := fmt.Sprintf("resource/%s/%s", resource.ToGVK(res.Id.Type), res.Id.Name)
 		return authz.ToAllowAuthorizer().KeyWriteAllowed(key, &acl.AuthorizerContext{})
 	}
@@ -200,11 +200,9 @@ func GenerateV1RecordLabel(name string) (*pbresource.Resource, error) {
 
 	return &pbresource.Resource{
 		Id: &pbresource.ID{
-			Type: TypeV1RecordLabel,
-			Tenancy: &pbresource.Tenancy{
-				Partition: resource.DefaultPartitionName,
-			},
-			Name: name,
+			Type:    TypeV1RecordLabel,
+			Tenancy: resource.DefaultPartitionedTenancy(),
+			Name:    name,
 		},
 		Data: data,
 		Metadata: map[string]string{
@@ -236,7 +234,7 @@ func GenerateV2Artist() (*pbresource.Resource, error) {
 	return &pbresource.Resource{
 		Id: &pbresource.ID{
 			Type:    TypeV2Artist,
-			Tenancy: TenancyDefault,
+			Tenancy: resource.DefaultNamespacedTenancy(),
 			Name:    fmt.Sprintf("%s-%s", strings.ToLower(adjective), strings.ToLower(noun)),
 		},
 		Data: data,
@@ -279,7 +277,7 @@ func generateV2Album(artistID *pbresource.ID, rand *rand.Rand) (*pbresource.Reso
 	return &pbresource.Resource{
 		Id: &pbresource.ID{
 			Type:    TypeV2Album,
-			Tenancy: artistID.Tenancy,
+			Tenancy: clone(artistID.Tenancy),
 			Name:    fmt.Sprintf("%s/%s-%s", artistID.Name, strings.ToLower(adjective), strings.ToLower(noun)),
 		},
 		Owner: artistID,
diff --git a/internal/resource/registry.go b/internal/resource/registry.go
index afc3f25bcd4c..9ebb13f9c96b 100644
--- a/internal/resource/registry.go
+++ b/internal/resource/registry.go
@@ -62,7 +62,7 @@ type ACLHooks struct {
 	// Write is used to authorize Write and Delete RPCs.
 	//
 	// If it is omitted, `operator:write` permission is assumed.
-	Write func(acl.Authorizer, *pbresource.Resource) error
+	Write func(acl.Authorizer, *acl.AuthorizerContext, *pbresource.Resource) error
 
 	// List is used to authorize List RPCs.
 	//
@@ -124,8 +124,8 @@ func (r *TypeRegistry) Register(registration Registration) {
 		}
 	}
 	if registration.ACLs.Write == nil {
-		registration.ACLs.Write = func(authz acl.Authorizer, id *pbresource.Resource) error {
-			return authz.ToAllowAuthorizer().OperatorWriteAllowed(&acl.AuthorizerContext{})
+		registration.ACLs.Write = func(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.Resource) error {
+			return authz.ToAllowAuthorizer().OperatorWriteAllowed(authzContext)
 		}
 	}
 	if registration.ACLs.List == nil {
diff --git a/internal/resource/registry_test.go b/internal/resource/registry_test.go
index d717f46f59ce..9ab00f84140b 100644
--- a/internal/resource/registry_test.go
+++ b/internal/resource/registry_test.go
@@ -47,8 +47,8 @@ func TestRegister_Defaults(t *testing.T) {
 	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Read(testutils.ACLNoPermissions(t), nil, artist.Id)))
 
 	// verify default write hook requires operator:write
-	require.NoError(t, reg.ACLs.Write(testutils.ACLOperatorWrite(t), artist))
-	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Write(testutils.ACLNoPermissions(t), artist)))
+	require.NoError(t, reg.ACLs.Write(testutils.ACLOperatorWrite(t), nil, artist))
+	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Write(testutils.ACLNoPermissions(t), nil, artist)))
 
 	// verify default list hook requires operator:read
 	require.NoError(t, reg.ACLs.List(testutils.ACLOperatorRead(t), artist.Id.Tenancy))
diff --git a/internal/resource/tenancy.go b/internal/resource/tenancy.go
index e783a004fc3f..fd29f617254a 100644
--- a/internal/resource/tenancy.go
+++ b/internal/resource/tenancy.go
@@ -43,7 +43,7 @@ func (s Scope) String() string {
 	panic(fmt.Sprintf("string mapping missing for scope %v", int(s)))
 }
 
-// Normalize lowercases partition and namespace.
+// Normalize lowercases the partition and namespace.
 func Normalize(tenancy *pbresource.Tenancy) {
 	if tenancy == nil {
 		return
@@ -51,3 +51,30 @@ func Normalize(tenancy *pbresource.Tenancy) {
 	tenancy.Partition = strings.ToLower(tenancy.Partition)
 	tenancy.Namespace = strings.ToLower(tenancy.Namespace)
 }
+
+// DefaultClusteredTenancy returns the default tenancy for a cluster scoped resource.
+func DefaultClusteredTenancy() *pbresource.Tenancy {
+	return &pbresource.Tenancy{
+		// TODO(spatel): Remove as part of "peer is not part of tenancy" ADR
+		PeerName: "local",
+	}
+}
+
+// DefaultPartitionedTenancy returns the default tenancy for a partition scoped resource.
+func DefaultPartitionedTenancy() *pbresource.Tenancy {
+	return &pbresource.Tenancy{
+		Partition: DefaultPartitionName,
+		// TODO(spatel): Remove as part of "peer is not part of tenancy" ADR
+		PeerName: "local",
+	}
+}
+
+// DefaultNamespedTenancy returns the default tenancy for a namespace scoped resource.
+func DefaultNamespacedTenancy() *pbresource.Tenancy {
+	return &pbresource.Tenancy{
+		Partition: DefaultPartitionName,
+		Namespace: DefaultNamespaceName,
+		// TODO(spatel): Remove as part of "peer is not part of tenancy" ADR
+		PeerName: "local",
+	}
+}

From 05604eeec1186a4c8a6156e7519a579171659c1a Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Thu, 10 Aug 2023 14:00:44 -0400
Subject: [PATCH 268/359] [NET-5217] [OSS] Derive sidecar proxy locality from
 parent service (#18437)

* Add logging to locality policy application

In OSS, this is currently a no-op.

* Inherit locality when registering sidecars

When sidecar locality is not explicitly configured, inherit locality
from the proxied service.
---
 .changelog/18437.txt                |   3 +
 agent/sidecar_service.go            |   6 ++
 agent/sidecar_service_test.go       |  69 ++++++++++--
 agent/xds/endpoints.go              |  14 ++-
 agent/xds/endpoints_test.go         |   3 +
 agent/xds/locality_policy.go        |   6 +-
 agent/xds/locality_policy_oss.go    |   3 +-
 command/connect/envoy/envoy.go      | 156 +++++++++++++++-------------
 command/connect/envoy/envoy_test.go |  77 ++++++++++++++
 command/connect/proxy/proxy.go      |  35 ++++---
 10 files changed, 273 insertions(+), 99 deletions(-)
 create mode 100644 .changelog/18437.txt

diff --git a/.changelog/18437.txt b/.changelog/18437.txt
new file mode 100644
index 000000000000..2ae3c5bdda23
--- /dev/null
+++ b/.changelog/18437.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+Inherit locality from services when registering sidecar proxies.
+```
diff --git a/agent/sidecar_service.go b/agent/sidecar_service.go
index 1769e549e361..7dfb067b50ef 100644
--- a/agent/sidecar_service.go
+++ b/agent/sidecar_service.go
@@ -81,6 +81,12 @@ func sidecarServiceFromNodeService(ns *structs.NodeService, token string) (*stru
 		sidecar.Tags = append(sidecar.Tags, ns.Tags...)
 	}
 
+	// Copy the locality from the original service if locality was not provided
+	if sidecar.Locality == nil && ns.Locality != nil {
+		tmp := *ns.Locality
+		sidecar.Locality = &tmp
+	}
+
 	// Flag this as a sidecar - this is not persisted in catalog but only needed
 	// in local agent state to disambiguate lineage when deregistering the parent
 	// service later.
diff --git a/agent/sidecar_service_test.go b/agent/sidecar_service_test.go
index c060e365d4d0..4960dd73d054 100644
--- a/agent/sidecar_service_test.go
+++ b/agent/sidecar_service_test.go
@@ -134,25 +134,78 @@ func TestAgent_sidecarServiceFromNodeService(t *testing.T) {
 			wantToken: "custom-token",
 		},
 		{
-			name: "inherit tags and meta",
+			name: "inherit locality, tags and meta",
 			sd: &structs.ServiceDefinition{
 				ID:   "web1",
 				Name: "web",
 				Port: 1111,
 				Tags: []string{"foo"},
 				Meta: map[string]string{"foo": "bar"},
+				Locality: &structs.Locality{
+					Region: "us-east-1",
+					Zone:   "us-east-1a",
+				},
 				Connect: &structs.ServiceConnect{
 					SidecarService: &structs.ServiceDefinition{},
 				},
 			},
 			wantNS: &structs.NodeService{
-				EnterpriseMeta:             *structs.DefaultEnterpriseMetaInDefaultPartition(),
-				Kind:                       structs.ServiceKindConnectProxy,
-				ID:                         "web1-sidecar-proxy",
-				Service:                    "web-sidecar-proxy",
-				Port:                       0,
-				Tags:                       []string{"foo"},
-				Meta:                       map[string]string{"foo": "bar"},
+				EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
+				Kind:           structs.ServiceKindConnectProxy,
+				ID:             "web1-sidecar-proxy",
+				Service:        "web-sidecar-proxy",
+				Port:           0,
+				Tags:           []string{"foo"},
+				Meta:           map[string]string{"foo": "bar"},
+				Locality: &structs.Locality{
+					Region: "us-east-1",
+					Zone:   "us-east-1a",
+				},
+				LocallyRegisteredAsSidecar: true,
+				Proxy: structs.ConnectProxyConfig{
+					DestinationServiceName: "web",
+					DestinationServiceID:   "web1",
+					LocalServiceAddress:    "127.0.0.1",
+					LocalServicePort:       1111,
+				},
+			},
+			wantChecks: nil,
+		},
+		{
+			name: "retain locality, tags and meta if explicitly configured",
+			sd: &structs.ServiceDefinition{
+				ID:   "web1",
+				Name: "web",
+				Port: 1111,
+				Tags: []string{"foo"},
+				Meta: map[string]string{"foo": "bar"},
+				Locality: &structs.Locality{
+					Region: "us-east-1",
+					Zone:   "us-east-1a",
+				},
+				Connect: &structs.ServiceConnect{
+					SidecarService: &structs.ServiceDefinition{
+						Tags: []string{"bar"},
+						Meta: map[string]string{"baz": "qux"},
+						Locality: &structs.Locality{
+							Region: "us-east-2",
+							Zone:   "us-east-2a",
+						},
+					},
+				},
+			},
+			wantNS: &structs.NodeService{
+				EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
+				Kind:           structs.ServiceKindConnectProxy,
+				ID:             "web1-sidecar-proxy",
+				Service:        "web-sidecar-proxy",
+				Port:           0,
+				Tags:           []string{"bar"},
+				Meta:           map[string]string{"baz": "qux"},
+				Locality: &structs.Locality{
+					Region: "us-east-2",
+					Zone:   "us-east-2a",
+				},
 				LocallyRegisteredAsSidecar: true,
 				Proxy: structs.ConnectProxyConfig{
 					DestinationServiceName: "web",
diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go
index 45361b534e18..c24f48df4baa 100644
--- a/agent/xds/endpoints.go
+++ b/agent/xds/endpoints.go
@@ -6,6 +6,7 @@ package xds
 import (
 	"errors"
 	"fmt"
+	"github.com/hashicorp/go-hclog"
 	"strconv"
 
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
@@ -136,6 +137,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg.
 		endpoints, ok := cfgSnap.ConnectProxy.PreparedQueryEndpoints[uid]
 		if ok {
 			la := makeLoadAssignment(
+				s.Logger,
 				cfgSnap,
 				clusterName,
 				nil,
@@ -161,6 +163,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg.
 			endpoints, ok := cfgSnap.ConnectProxy.DestinationGateways.Get(uid)
 			if ok {
 				la := makeLoadAssignment(
+					s.Logger,
 					cfgSnap,
 					name,
 					nil,
@@ -229,6 +232,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 			clusterName := connect.GatewaySNI(key.Datacenter, key.Partition, cfgSnap.Roots.TrustDomain)
 
 			la := makeLoadAssignment(
+				s.Logger,
 				cfgSnap,
 				clusterName,
 				nil,
@@ -246,6 +250,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 
 			clusterName := cfgSnap.ServerSNIFn(key.Datacenter, "")
 			la := makeLoadAssignment(
+				s.Logger,
 				cfgSnap,
 				clusterName,
 				nil,
@@ -418,6 +423,7 @@ func (s *ResourceGenerator) endpointsFromServicesAndResolvers(
 		for subsetName, groups := range clusterEndpoints {
 			clusterName := connect.ServiceSNI(svc.Name, subsetName, svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
 			la := makeLoadAssignment(
+				s.Logger,
 				cfgSnap,
 				clusterName,
 				nil,
@@ -455,6 +461,7 @@ func (s *ResourceGenerator) makeEndpointsForOutgoingPeeredServices(
 			groups := []loadAssignmentEndpointGroup{{Endpoints: serviceGroup.Nodes, OnlyPassing: false}}
 
 			la := makeLoadAssignment(
+				s.Logger,
 				cfgSnap,
 				clusterName,
 				nil,
@@ -619,6 +626,7 @@ func (s *ResourceGenerator) makeUpstreamLoadAssignmentForPeerService(
 			return la, nil
 		}
 		la = makeLoadAssignment(
+			s.Logger,
 			cfgSnap,
 			clusterName,
 			nil,
@@ -641,6 +649,7 @@ func (s *ResourceGenerator) makeUpstreamLoadAssignmentForPeerService(
 		return nil, nil
 	}
 	la = makeLoadAssignment(
+		s.Logger,
 		cfgSnap,
 		clusterName,
 		nil,
@@ -773,6 +782,7 @@ func (s *ResourceGenerator) endpointsFromDiscoveryChain(
 			}
 
 			la := makeLoadAssignment(
+				s.Logger,
 				cfgSnap,
 				clusterName,
 				ti.PrioritizeByLocality,
@@ -861,7 +871,7 @@ type loadAssignmentEndpointGroup struct {
 	OverrideHealth envoy_core_v3.HealthStatus
 }
 
-func makeLoadAssignment(cfgSnap *proxycfg.ConfigSnapshot, clusterName string, policy *structs.DiscoveryPrioritizeByLocality, endpointGroups []loadAssignmentEndpointGroup, localKey proxycfg.GatewayKey) *envoy_endpoint_v3.ClusterLoadAssignment {
+func makeLoadAssignment(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot, clusterName string, policy *structs.DiscoveryPrioritizeByLocality, endpointGroups []loadAssignmentEndpointGroup, localKey proxycfg.GatewayKey) *envoy_endpoint_v3.ClusterLoadAssignment {
 	cla := &envoy_endpoint_v3.ClusterLoadAssignment{
 		ClusterName: clusterName,
 		Endpoints:   make([]*envoy_endpoint_v3.LocalityLbEndpoints, 0, len(endpointGroups)),
@@ -878,7 +888,7 @@ func makeLoadAssignment(cfgSnap *proxycfg.ConfigSnapshot, clusterName string, po
 	var priority uint32
 
 	for _, endpointGroup := range endpointGroups {
-		endpointsByLocality, err := groupedEndpoints(cfgSnap.ServiceLocality, policy, endpointGroup.Endpoints)
+		endpointsByLocality, err := groupedEndpoints(logger, cfgSnap.ServiceLocality, policy, endpointGroup.Endpoints)
 
 		if err != nil {
 			continue
diff --git a/agent/xds/endpoints_test.go b/agent/xds/endpoints_test.go
index 0a9524332980..59a8b698de7f 100644
--- a/agent/xds/endpoints_test.go
+++ b/agent/xds/endpoints_test.go
@@ -4,6 +4,7 @@
 package xds
 
 import (
+	"github.com/hashicorp/go-hclog"
 	"path/filepath"
 	"sort"
 	"testing"
@@ -213,6 +214,7 @@ func Test_makeLoadAssignment(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := makeLoadAssignment(
+				hclog.NewNullLogger(),
 				&proxycfg.ConfigSnapshot{ServiceLocality: tt.locality},
 				tt.clusterName,
 				nil,
@@ -223,6 +225,7 @@ func Test_makeLoadAssignment(t *testing.T) {
 
 			if tt.locality == nil {
 				got := makeLoadAssignment(
+					hclog.NewNullLogger(),
 					&proxycfg.ConfigSnapshot{ServiceLocality: &structs.Locality{Region: "us-west-1", Zone: "us-west-1a"}},
 					tt.clusterName,
 					nil,
diff --git a/agent/xds/locality_policy.go b/agent/xds/locality_policy.go
index d2dd977f1ae7..4d221f293b0e 100644
--- a/agent/xds/locality_policy.go
+++ b/agent/xds/locality_policy.go
@@ -5,16 +5,18 @@ package xds
 
 import (
 	"fmt"
+	"github.com/hashicorp/go-hclog"
 
 	"github.com/hashicorp/consul/agent/structs"
 )
 
-func groupedEndpoints(locality *structs.Locality, policy *structs.DiscoveryPrioritizeByLocality, csns structs.CheckServiceNodes) ([]structs.CheckServiceNodes, error) {
+func groupedEndpoints(logger hclog.Logger, locality *structs.Locality, policy *structs.DiscoveryPrioritizeByLocality, csns structs.CheckServiceNodes) ([]structs.CheckServiceNodes, error) {
 	switch {
 	case policy == nil || policy.Mode == "" || policy.Mode == "none":
 		return []structs.CheckServiceNodes{csns}, nil
 	case policy.Mode == "failover":
-		return prioritizeByLocalityFailover(locality, csns), nil
+		log := logger.Named("locality")
+		return prioritizeByLocalityFailover(log, locality, csns), nil
 	default:
 		return nil, fmt.Errorf("unexpected priortize-by-locality mode %q", policy.Mode)
 	}
diff --git a/agent/xds/locality_policy_oss.go b/agent/xds/locality_policy_oss.go
index 16147aeb0c0d..3db948b026a6 100644
--- a/agent/xds/locality_policy_oss.go
+++ b/agent/xds/locality_policy_oss.go
@@ -8,8 +8,9 @@ package xds
 
 import (
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/go-hclog"
 )
 
-func prioritizeByLocalityFailover(locality *structs.Locality, csns structs.CheckServiceNodes) []structs.CheckServiceNodes {
+func prioritizeByLocalityFailover(_ hclog.Logger, _ *structs.Locality, _ structs.CheckServiceNodes) []structs.CheckServiceNodes {
 	return nil
 }
diff --git a/command/connect/envoy/envoy.go b/command/connect/envoy/envoy.go
index 48ee199c1a5e..948412febf93 100644
--- a/command/connect/envoy/envoy.go
+++ b/command/connect/envoy/envoy.go
@@ -344,15 +344,16 @@ func (c *cmd) run(args []string) int {
 		}
 	}
 
+	var svcForSidecar api.AgentService
 	if c.proxyID == "" {
 		switch {
 		case c.sidecarFor != "":
-			proxyID, err := proxyCmd.LookupProxyIDForSidecar(c.client, c.sidecarFor)
+			svcForSidecar, err := proxyCmd.LookupServiceForSidecar(c.client, c.sidecarFor)
 			if err != nil {
 				c.UI.Error(err.Error())
 				return 1
 			}
-			c.proxyID = proxyID
+			c.proxyID = svcForSidecar.ID
 
 		case c.gateway != "" && !c.register:
 			gatewaySvc, err := proxyCmd.LookupGatewayProxy(c.client, c.gatewayKind)
@@ -394,77 +395,13 @@ func (c *cmd) run(args []string) int {
 			return 1
 		}
 
-		taggedAddrs := make(map[string]api.ServiceAddress)
-		lanAddr := c.lanAddress.Value()
-		if lanAddr.Address != "" {
-			taggedAddrs[structs.TaggedAddressLAN] = lanAddr
-		}
-
-		wanAddr := c.wanAddress.Value()
-		if wanAddr.Address != "" {
-			taggedAddrs[structs.TaggedAddressWAN] = wanAddr
-		}
-
-		tcpCheckAddr := lanAddr.Address
-		if tcpCheckAddr == "" {
-			// fallback to localhost as the gateway has to reside in the same network namespace
-			// as the agent
-			tcpCheckAddr = "127.0.0.1"
-		}
-
-		var proxyConf *api.AgentServiceConnectProxyConfig
-		if len(c.bindAddresses.value) > 0 {
-			// override all default binding rules and just bind to the user-supplied addresses
-			proxyConf = &api.AgentServiceConnectProxyConfig{
-				Config: map[string]interface{}{
-					"envoy_gateway_no_default_bind": true,
-					"envoy_gateway_bind_addresses":  c.bindAddresses.value,
-				},
-			}
-		} else if canBind(lanAddr) && canBind(wanAddr) {
-			// when both addresses are bindable then we bind to the tagged addresses
-			// for creating the envoy listeners
-			proxyConf = &api.AgentServiceConnectProxyConfig{
-				Config: map[string]interface{}{
-					"envoy_gateway_no_default_bind":       true,
-					"envoy_gateway_bind_tagged_addresses": true,
-				},
-			}
-		} else if !canBind(lanAddr) && lanAddr.Address != "" {
-			c.UI.Error(fmt.Sprintf("The LAN address %q will not be bindable. Either set a bindable address or override the bind addresses with -bind-address", lanAddr.Address))
+		svc, err := c.proxyRegistration(&svcForSidecar)
+		if err != nil {
+			c.UI.Error(err.Error())
 			return 1
 		}
 
-		var meta map[string]string
-		if c.exposeServers {
-			meta = map[string]string{structs.MetaWANFederationKey: "1"}
-		}
-
-		// API gateways do not have a default listener or ready endpoint,
-		// so adding any check to the registration will fail
-		var check *api.AgentServiceCheck
-		if c.gatewayKind != api.ServiceKindAPIGateway {
-			check = &api.AgentServiceCheck{
-				Name:                           fmt.Sprintf("%s listening", c.gatewayKind),
-				TCP:                            ipaddr.FormatAddressPort(tcpCheckAddr, lanAddr.Port),
-				Interval:                       "10s",
-				DeregisterCriticalServiceAfter: c.deregAfterCritical,
-			}
-		}
-
-		svc := api.AgentServiceRegistration{
-			Kind:            c.gatewayKind,
-			Name:            c.gatewaySvcName,
-			ID:              c.proxyID,
-			Address:         lanAddr.Address,
-			Port:            lanAddr.Port,
-			Meta:            meta,
-			TaggedAddresses: taggedAddrs,
-			Proxy:           proxyConf,
-			Check:           check,
-		}
-
-		if err := c.client.Agent().ServiceRegister(&svc); err != nil {
+		if err := c.client.Agent().ServiceRegister(svc); err != nil {
 			c.UI.Error(fmt.Sprintf("Error registering service %q: %s", svc.Name, err))
 			return 1
 		}
@@ -542,6 +479,85 @@ func (c *cmd) run(args []string) int {
 	return 0
 }
 
+func (c *cmd) proxyRegistration(svcForSidecar *api.AgentService) (*api.AgentServiceRegistration, error) {
+	taggedAddrs := make(map[string]api.ServiceAddress)
+	lanAddr := c.lanAddress.Value()
+	if lanAddr.Address != "" {
+		taggedAddrs[structs.TaggedAddressLAN] = lanAddr
+	}
+
+	wanAddr := c.wanAddress.Value()
+	if wanAddr.Address != "" {
+		taggedAddrs[structs.TaggedAddressWAN] = wanAddr
+	}
+
+	tcpCheckAddr := lanAddr.Address
+	if tcpCheckAddr == "" {
+		// fallback to localhost as the gateway has to reside in the same network namespace
+		// as the agent
+		tcpCheckAddr = "127.0.0.1"
+	}
+
+	var proxyConf *api.AgentServiceConnectProxyConfig
+	if len(c.bindAddresses.value) > 0 {
+		// override all default binding rules and just bind to the user-supplied addresses
+		proxyConf = &api.AgentServiceConnectProxyConfig{
+			Config: map[string]interface{}{
+				"envoy_gateway_no_default_bind": true,
+				"envoy_gateway_bind_addresses":  c.bindAddresses.value,
+			},
+		}
+	} else if canBind(lanAddr) && canBind(wanAddr) {
+		// when both addresses are bindable then we bind to the tagged addresses
+		// for creating the envoy listeners
+		proxyConf = &api.AgentServiceConnectProxyConfig{
+			Config: map[string]interface{}{
+				"envoy_gateway_no_default_bind":       true,
+				"envoy_gateway_bind_tagged_addresses": true,
+			},
+		}
+	} else if !canBind(lanAddr) && lanAddr.Address != "" {
+		return nil, fmt.Errorf("The LAN address %q will not be bindable. Either set a bindable address or override the bind addresses with -bind-address", lanAddr.Address)
+	}
+
+	var meta map[string]string
+	if c.exposeServers {
+		meta = map[string]string{structs.MetaWANFederationKey: "1"}
+	}
+
+	// API gateways do not have a default listener or ready endpoint,
+	// so adding any check to the registration will fail
+	var check *api.AgentServiceCheck
+	if c.gatewayKind != api.ServiceKindAPIGateway {
+		check = &api.AgentServiceCheck{
+			Name:                           fmt.Sprintf("%s listening", c.gatewayKind),
+			TCP:                            ipaddr.FormatAddressPort(tcpCheckAddr, lanAddr.Port),
+			Interval:                       "10s",
+			DeregisterCriticalServiceAfter: c.deregAfterCritical,
+		}
+	}
+
+	// If registering a sidecar for an existing service, inherit the
+	// locality of that service if it was explicitly configured.
+	var locality *api.Locality
+	if c.sidecarFor != "" {
+		locality = svcForSidecar.Locality
+	}
+
+	return &api.AgentServiceRegistration{
+		Kind:            c.gatewayKind,
+		Name:            c.gatewaySvcName,
+		ID:              c.proxyID,
+		Address:         lanAddr.Address,
+		Port:            lanAddr.Port,
+		Meta:            meta,
+		TaggedAddresses: taggedAddrs,
+		Proxy:           proxyConf,
+		Check:           check,
+		Locality:        locality,
+	}, nil
+}
+
 var errUnsupportedOS = errors.New("envoy: not implemented on this operating system")
 
 func (c *cmd) findBinary() (string, error) {
diff --git a/command/connect/envoy/envoy_test.go b/command/connect/envoy/envoy_test.go
index 86c48a8e39ee..517108e0330c 100644
--- a/command/connect/envoy/envoy_test.go
+++ b/command/connect/envoy/envoy_test.go
@@ -1399,6 +1399,83 @@ func TestEnvoy_GatewayRegistration(t *testing.T) {
 	}
 }
 
+func TestEnvoy_proxyRegistration(t *testing.T) {
+	t.Parallel()
+
+	type args struct {
+		svcForProxy api.AgentService
+		cmdFn       func(*cmd)
+	}
+
+	cases := []struct {
+		name   string
+		args   args
+		testFn func(*testing.T, args, *api.AgentServiceRegistration)
+	}{
+		{
+			"locality is inherited from proxied service if configured and using sidecarFor",
+			args{
+				svcForProxy: api.AgentService{
+					ID: "my-svc",
+					Locality: &api.Locality{
+						Region: "us-east-1",
+						Zone:   "us-east-1a",
+					},
+				},
+				cmdFn: func(c *cmd) {
+					c.sidecarFor = "my-svc"
+				},
+			},
+			func(t *testing.T, args args, r *api.AgentServiceRegistration) {
+				assert.NotNil(t, r.Locality)
+				assert.Equal(t, args.svcForProxy.Locality, r.Locality)
+			},
+		},
+		{
+			"locality is not inherited if not using sidecarFor",
+			args{
+				svcForProxy: api.AgentService{
+					ID: "my-svc",
+					Locality: &api.Locality{
+						Region: "us-east-1",
+						Zone:   "us-east-1a",
+					},
+				},
+			},
+			func(t *testing.T, args args, r *api.AgentServiceRegistration) {
+				assert.Nil(t, r.Locality)
+			},
+		},
+		{
+			"locality is not set if not configured for proxied service",
+			args{
+				svcForProxy: api.AgentService{},
+				cmdFn: func(c *cmd) {
+					c.sidecarFor = "my-svc"
+				},
+			},
+			func(t *testing.T, args args, r *api.AgentServiceRegistration) {
+				assert.Nil(t, r.Locality)
+			},
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			ui := cli.NewMockUi()
+			c := New(ui)
+
+			if tc.args.cmdFn != nil {
+				tc.args.cmdFn(c)
+			}
+
+			result, err := c.proxyRegistration(&tc.args.svcForProxy)
+			assert.NoError(t, err)
+			tc.testFn(t, tc.args, result)
+		})
+	}
+}
+
 // testMockAgent combines testMockAgentProxyConfig and testMockAgentSelf,
 // routing /agent/service/... requests to testMockAgentProxyConfig,
 // routing /catalog/node-services/... requests to testMockCatalogNodeServiceList
diff --git a/command/connect/proxy/proxy.go b/command/connect/proxy/proxy.go
index 5cbaa7963eb5..3585d798abee 100644
--- a/command/connect/proxy/proxy.go
+++ b/command/connect/proxy/proxy.go
@@ -215,40 +215,42 @@ func (c *cmd) Run(args []string) int {
 	return 0
 }
 
-func (c *cmd) lookupProxyIDForSidecar(client *api.Client) (string, error) {
-	return LookupProxyIDForSidecar(client, c.sidecarFor)
+func (c *cmd) lookupServiceForSidecar(client *api.Client) (*api.AgentService, error) {
+	return LookupServiceForSidecar(client, c.sidecarFor)
 }
 
-// LookupProxyIDForSidecar finds candidate local proxy registrations that are a
-// sidecar for the given service. It will return an ID if and only if there is
-// exactly one registered connect proxy with `Proxy.DestinationServiceID` set to
+// LookupServiceForSidecar finds candidate local proxy registrations that are a
+// sidecar for the given service. It will return that service if and only if there
+// is exactly one registered connect proxy with `Proxy.DestinationServiceID` set to
 // the specified service ID.
 //
 // This is exported to share it with the connect envoy command.
-func LookupProxyIDForSidecar(client *api.Client, sidecarFor string) (string, error) {
+func LookupServiceForSidecar(client *api.Client, sidecarFor string) (*api.AgentService, error) {
 	svcs, err := client.Agent().Services()
 	if err != nil {
-		return "", fmt.Errorf("Failed looking up sidecar proxy info for %s: %s",
+		return nil, fmt.Errorf("Failed looking up sidecar proxy info for %s: %s",
 			sidecarFor, err)
 	}
 
-	var proxyIDs []string
+	var matched []*api.AgentService
+	var matchedProxyIDs []string
 	for _, svc := range svcs {
 		if svc.Kind == api.ServiceKindConnectProxy && svc.Proxy != nil &&
 			strings.EqualFold(svc.Proxy.DestinationServiceID, sidecarFor) {
-			proxyIDs = append(proxyIDs, svc.ID)
+			matched = append(matched, svc)
+			matchedProxyIDs = append(matchedProxyIDs, svc.ID)
 		}
 	}
 
-	if len(proxyIDs) == 0 {
-		return "", fmt.Errorf("No sidecar proxy registered for %s", sidecarFor)
+	if len(matched) == 0 {
+		return nil, fmt.Errorf("No sidecar proxy registered for %s", sidecarFor)
 	}
-	if len(proxyIDs) > 1 {
-		return "", fmt.Errorf("More than one sidecar proxy registered for %s.\n"+
+	if len(matched) > 1 {
+		return nil, fmt.Errorf("More than one sidecar proxy registered for %s.\n"+
 			"    Start proxy with -proxy-id and one of the following IDs: %s",
-			sidecarFor, strings.Join(proxyIDs, ", "))
+			sidecarFor, strings.Join(matchedProxyIDs, ", "))
 	}
-	return proxyIDs[0], nil
+	return matched[0], nil
 }
 
 // LookupGatewayProxy finds the gateway service registered with the local
@@ -285,10 +287,11 @@ func (c *cmd) configWatcher(client *api.Client) (proxyImpl.ConfigWatcher, error)
 		// Running as a sidecar, we need to find the proxy-id for the requested
 		// service
 		var err error
-		c.proxyID, err = c.lookupProxyIDForSidecar(client)
+		svc, err := c.lookupServiceForSidecar(client)
 		if err != nil {
 			return nil, err
 		}
+		c.proxyID = svc.ID
 
 		c.UI.Info("Configuration mode: Agent API")
 		c.UI.Info(fmt.Sprintf("    Sidecar for ID: %s", c.sidecarFor))

From 6c8ca0f89d99b29c2cc680ebfdadd218d78e9b26 Mon Sep 17 00:00:00 2001
From: John Maguire <john.maguire@hashicorp.com>
Date: Thu, 10 Aug 2023 15:49:51 -0400
Subject: [PATCH 269/359] NET-4984: Update APIGW Config Entries for JWT Auth
 (#18366)

* Added oss config entries for Policy and JWT on APIGW

* Updated structs for config entry

* Updated comments, ran deep-copy

* Move JWT configuration into OSS file

* Add in the config entry OSS file for jwts

* Added changelog

* fixing proto spacing

* Moved to using manually written deep copy method

* Use pointers for override/default fields in apigw config entries

* Run gen scripts for changed types
---
 .changelog/_18366.txt                         |    3 +
 agent/structs/config_entry_apigw_jwt_oss.go   |   10 +
 agent/structs/config_entry_gateways.go        |   11 +
 agent/structs/config_entry_oss.go             |    2 +
 agent/structs/structs.deepcopy.go             |   14 +
 agent/structs/structs.deepcopy_oss.go         |    6 +
 api/config_entry_gateways.go                  |   40 +
 api/config_entry_gateways_test.go             |  147 ++
 command/helpers/helpers.go                    |   16 +-
 .../private/pbconfigentry/config_entry.gen.go |   32 +
 .../pbconfigentry/config_entry.pb.binary.go   |   40 +
 .../private/pbconfigentry/config_entry.pb.go  | 2036 ++++++++++-------
 .../private/pbconfigentry/config_entry.proto  |   26 +
 .../private/pbconfigentry/config_entry_oss.go |   17 +
 14 files changed, 1539 insertions(+), 861 deletions(-)
 create mode 100644 .changelog/_18366.txt
 create mode 100644 agent/structs/config_entry_apigw_jwt_oss.go
 create mode 100644 agent/structs/structs.deepcopy_oss.go
 create mode 100644 proto/private/pbconfigentry/config_entry_oss.go

diff --git a/.changelog/_18366.txt b/.changelog/_18366.txt
new file mode 100644
index 000000000000..02a3599c2c27
--- /dev/null
+++ b/.changelog/_18366.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+config-entry(api-gateway): (Enterprise only) Add GatewayPolicy to APIGateway Config Entry listeners
+```
diff --git a/agent/structs/config_entry_apigw_jwt_oss.go b/agent/structs/config_entry_apigw_jwt_oss.go
new file mode 100644
index 000000000000..ce921787ff13
--- /dev/null
+++ b/agent/structs/config_entry_apigw_jwt_oss.go
@@ -0,0 +1,10 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+//go:build !consulent
+// +build !consulent
+
+package structs
+
+// APIGatewayJWTRequirement holds the list of JWT providers to be verified against
+type APIGatewayJWTRequirement struct{}
diff --git a/agent/structs/config_entry_gateways.go b/agent/structs/config_entry_gateways.go
index 0be410d19870..caffddcf2138 100644
--- a/agent/structs/config_entry_gateways.go
+++ b/agent/structs/config_entry_gateways.go
@@ -887,6 +887,17 @@ type APIGatewayListener struct {
 	Protocol APIGatewayListenerProtocol
 	// TLS is the TLS settings for the listener.
 	TLS APIGatewayTLSConfiguration
+
+	// Override is the policy that overrides all other policy and route specific configuration
+	Override *APIGatewayPolicy `json:",omitempty"`
+	// Default is the policy that is the default for the listener and route, routes can override this behavior
+	Default *APIGatewayPolicy `json:",omitempty"`
+}
+
+// APIGatewayPolicy holds the policy that configures the gateway listener, this is used in the `Override` and `Default` fields of a listener
+type APIGatewayPolicy struct {
+	// JWT holds the JWT configuration for the Listener
+	JWT *APIGatewayJWTRequirement `json:",omitempty"`
 }
 
 func (l APIGatewayListener) GetHostname() string {
diff --git a/agent/structs/config_entry_oss.go b/agent/structs/config_entry_oss.go
index 2977075bff1b..c6b033f37083 100644
--- a/agent/structs/config_entry_oss.go
+++ b/agent/structs/config_entry_oss.go
@@ -30,6 +30,8 @@ func validateUnusedKeys(unused []string) error {
 			// to exist on the target.
 		case strings.HasSuffix(strings.ToLower(k), "namespace"):
 			err = multierror.Append(err, fmt.Errorf("invalid config key %q, namespaces are a consul enterprise feature", k))
+		case strings.Contains(strings.ToLower(k), "jwt"):
+			err = multierror.Append(err, fmt.Errorf("invalid config key %q, api-gateway jwt validation is a consul enterprise feature", k))
 		default:
 			err = multierror.Append(err, fmt.Errorf("invalid config key %q", k))
 		}
diff --git a/agent/structs/structs.deepcopy.go b/agent/structs/structs.deepcopy.go
index c9a9783c935c..01d9ef10c29a 100644
--- a/agent/structs/structs.deepcopy.go
+++ b/agent/structs/structs.deepcopy.go
@@ -18,6 +18,20 @@ func (o *APIGatewayListener) DeepCopy() *APIGatewayListener {
 		cp.TLS.CipherSuites = make([]types.TLSCipherSuite, len(o.TLS.CipherSuites))
 		copy(cp.TLS.CipherSuites, o.TLS.CipherSuites)
 	}
+	if o.Override != nil {
+		cp.Override = new(APIGatewayPolicy)
+		*cp.Override = *o.Override
+		if o.Override.JWT != nil {
+			cp.Override.JWT = o.Override.JWT.DeepCopy()
+		}
+	}
+	if o.Default != nil {
+		cp.Default = new(APIGatewayPolicy)
+		*cp.Default = *o.Default
+		if o.Default.JWT != nil {
+			cp.Default.JWT = o.Default.JWT.DeepCopy()
+		}
+	}
 	return &cp
 }
 
diff --git a/agent/structs/structs.deepcopy_oss.go b/agent/structs/structs.deepcopy_oss.go
new file mode 100644
index 000000000000..88e78130f9d1
--- /dev/null
+++ b/agent/structs/structs.deepcopy_oss.go
@@ -0,0 +1,6 @@
+package structs
+
+// DeepCopy generates a deep copy of *APIGatewayJWTRequirement
+func (o *APIGatewayJWTRequirement) DeepCopy() *APIGatewayJWTRequirement {
+	return new(APIGatewayJWTRequirement)
+}
diff --git a/api/config_entry_gateways.go b/api/config_entry_gateways.go
index b59f1c0621ff..baf274e2da02 100644
--- a/api/config_entry_gateways.go
+++ b/api/config_entry_gateways.go
@@ -284,6 +284,10 @@ type APIGatewayListener struct {
 	Protocol string
 	// TLS is the TLS settings for the listener.
 	TLS APIGatewayTLSConfiguration
+	// Override is the policy that overrides all other policy and route specific configuration
+	Override *APIGatewayPolicy `json:",omitempty"`
+	// Default is the policy that is the default for the listener and route, routes can override this behavior
+	Default *APIGatewayPolicy `json:",omitempty"`
 }
 
 // APIGatewayTLSConfiguration specifies the configuration of a listener’s
@@ -302,3 +306,39 @@ type APIGatewayTLSConfiguration struct {
 	// Only applicable to connections negotiated via TLS 1.2 or earlier
 	CipherSuites []string `json:",omitempty" alias:"cipher_suites"`
 }
+
+// APIGatewayPolicy holds the policy that configures the gateway listener, this is used in the `Override` and `Default` fields of a listener
+type APIGatewayPolicy struct {
+	// JWT holds the JWT configuration for the Listener
+	JWT *APIGatewayJWTRequirement `json:",omitempty"`
+}
+
+// APIGatewayJWTRequirement holds the list of JWT providers to be verified against
+type APIGatewayJWTRequirement struct {
+	// Providers is a list of providers to consider when verifying a JWT.
+	Providers []*APIGatewayJWTProvider `json:",omitempty"`
+}
+
+// APIGatewayJWTProvider holds the provider and claim verification information
+type APIGatewayJWTProvider struct {
+	// Name is the name of the JWT provider. There MUST be a corresponding
+	// "jwt-provider" config entry with this name.
+	Name string `json:",omitempty"`
+
+	// VerifyClaims is a list of additional claims to verify in a JWT's payload.
+	VerifyClaims []*APIGatewayJWTClaimVerification `json:",omitempty" alias:"verify_claims"`
+}
+
+// APIGatewayJWTClaimVerification holds the actual claim information to be verified
+type APIGatewayJWTClaimVerification struct {
+	// Path is the path to the claim in the token JSON.
+	Path []string `json:",omitempty"`
+
+	// Value is the expected value at the given path:
+	// - If the type at the path is a list then we verify
+	//   that this value is contained in the list.
+	//
+	// - If the type at the path is a string then we verify
+	//   that this value matches.
+	Value string `json:",omitempty"`
+}
diff --git a/api/config_entry_gateways_test.go b/api/config_entry_gateways_test.go
index 421a6283a216..081e698dccc8 100644
--- a/api/config_entry_gateways_test.go
+++ b/api/config_entry_gateways_test.go
@@ -348,3 +348,150 @@ func TestAPI_ConfigEntries_TerminatingGateway(t *testing.T) {
 	_, _, err = configEntries.Get(TerminatingGateway, "foo", nil)
 	require.Error(t, err)
 }
+
+func TestAPI_ConfigEntries_APIGateway(t *testing.T) {
+	t.Parallel()
+	c, s := makeClient(t)
+	defer s.Stop()
+
+	configEntries := c.ConfigEntries()
+	listener1 := APIGatewayListener{
+		Name:     "listener1",
+		Hostname: "host.com",
+		Port:     3360,
+		Protocol: "http",
+	}
+
+	listener2 := APIGatewayListener{
+		Name:     "listener2",
+		Hostname: "host2.com",
+		Port:     3362,
+		Protocol: "http",
+	}
+
+	apigw1 := &APIGatewayConfigEntry{
+		Kind: APIGateway,
+		Name: "foo",
+		Meta: map[string]string{
+			"foo": "bar",
+			"gir": "zim",
+		},
+		Listeners: []APIGatewayListener{listener1},
+	}
+
+	apigw2 := &APIGatewayConfigEntry{
+		Kind:      APIGateway,
+		Name:      "bar",
+		Listeners: []APIGatewayListener{listener2},
+	}
+
+	// set it
+	_, wm, err := configEntries.Set(apigw1, nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+
+	// also set the second one
+	_, wm, err = configEntries.Set(apigw2, nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+
+	// get it
+	entry, qm, err := configEntries.Get(APIGateway, "foo", nil)
+	require.NoError(t, err)
+	require.NotNil(t, qm)
+	require.NotEqual(t, 0, qm.RequestTime)
+
+	// verify it
+	readGW, ok := entry.(*APIGatewayConfigEntry)
+	require.True(t, ok)
+	require.Equal(t, apigw1.Kind, readGW.Kind)
+	require.Equal(t, apigw1.Name, readGW.Name)
+	require.Equal(t, apigw1.Meta, readGW.Meta)
+	require.Equal(t, apigw1.Meta, readGW.GetMeta())
+
+	// update it
+	apigw1.Listeners = []APIGatewayListener{
+		listener1,
+		{
+			Name:     "listener3",
+			Hostname: "host3.com",
+			Port:     3363,
+			Protocol: "http",
+		},
+	}
+
+	// CAS fail
+	written, _, err := configEntries.CAS(apigw1, 0, nil)
+	require.NoError(t, err)
+	require.False(t, written)
+
+	// CAS success
+	written, wm, err = configEntries.CAS(apigw1, readGW.ModifyIndex, nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+	require.True(t, written)
+
+	// re-setting should not yield an error
+	_, wm, err = configEntries.Set(apigw1, nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+
+	apigw2.Listeners = []APIGatewayListener{
+		listener2,
+		{
+			Name:     "listener4",
+			Hostname: "host4.com",
+			Port:     3364,
+			Protocol: "http",
+		},
+	}
+
+	_, wm, err = configEntries.Set(apigw2, nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+
+	// list them
+	entries, qm, err := configEntries.List(APIGateway, nil)
+	require.NoError(t, err)
+	require.NotNil(t, qm)
+	require.NotEqual(t, 0, qm.RequestTime)
+	require.Len(t, entries, 2)
+
+	for _, entry = range entries {
+		switch entry.GetName() {
+		case "foo":
+			// this also verifies that the update value was persisted and
+			// the updated values are seen
+			readGW, ok = entry.(*APIGatewayConfigEntry)
+			require.True(t, ok)
+			require.Equal(t, apigw1.Kind, readGW.Kind)
+			require.Equal(t, apigw1.Name, readGW.Name)
+			require.Len(t, readGW.Listeners, 2)
+
+			require.Equal(t, apigw1.Listeners, readGW.Listeners)
+		case "bar":
+			readGW, ok = entry.(*APIGatewayConfigEntry)
+			require.True(t, ok)
+			require.Equal(t, apigw2.Kind, readGW.Kind)
+			require.Equal(t, apigw2.Name, readGW.Name)
+			require.Len(t, readGW.Listeners, 2)
+
+			require.Equal(t, apigw2.Listeners, readGW.Listeners)
+		}
+	}
+
+	// delete it
+	wm, err = configEntries.Delete(APIGateway, "foo", nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+
+	// verify deletion
+	_, _, err = configEntries.Get(APIGateway, "foo", nil)
+	require.Error(t, err)
+}
diff --git a/command/helpers/helpers.go b/command/helpers/helpers.go
index 3720439df387..0238c72da6f4 100644
--- a/command/helpers/helpers.go
+++ b/command/helpers/helpers.go
@@ -8,12 +8,14 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"strings"
 	"time"
 
+	"github.com/mitchellh/mapstructure"
+
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/lib/decode"
 	"github.com/hashicorp/go-multierror"
-	"github.com/mitchellh/mapstructure"
 )
 
 func loadFromFile(path string) (string, error) {
@@ -124,13 +126,19 @@ func newDecodeConfigEntry(raw map[string]interface{}) (api.ConfigEntry, error) {
 	}
 
 	for _, k := range md.Unused {
-		switch k {
-		case "kind", "Kind":
+		switch {
+		case strings.ToLower(k) == "kind":
 			// The kind field is used to determine the target, but doesn't need
 			// to exist on the target.
 			continue
+
+		case strings.HasSuffix(strings.ToLower(k), "namespace"):
+			err = multierror.Append(err, fmt.Errorf("invalid config key %q, namespaces are a consul enterprise feature", k))
+		case strings.Contains(strings.ToLower(k), "jwt"):
+			err = multierror.Append(err, fmt.Errorf("invalid config key %q, api-gateway jwt validation is a consul enterprise feature", k))
+		default:
+			err = multierror.Append(err, fmt.Errorf("invalid config key %q", k))
 		}
-		err = multierror.Append(err, fmt.Errorf("invalid config key %q", k))
 	}
 	if err != nil {
 		return nil, err
diff --git a/proto/private/pbconfigentry/config_entry.gen.go b/proto/private/pbconfigentry/config_entry.gen.go
index fe87fae26f02..8eb5750e47e2 100644
--- a/proto/private/pbconfigentry/config_entry.gen.go
+++ b/proto/private/pbconfigentry/config_entry.gen.go
@@ -53,6 +53,16 @@ func APIGatewayListenerToStructs(s *APIGatewayListener, t *structs.APIGatewayLis
 	if s.TLS != nil {
 		APIGatewayTLSConfigurationToStructs(s.TLS, &t.TLS)
 	}
+	if s.Override != nil {
+		var x structs.APIGatewayPolicy
+		APIGatewayPolicyToStructs(s.Override, &x)
+		t.Override = &x
+	}
+	if s.Default != nil {
+		var x structs.APIGatewayPolicy
+		APIGatewayPolicyToStructs(s.Default, &x)
+		t.Default = &x
+	}
 }
 func APIGatewayListenerFromStructs(t *structs.APIGatewayListener, s *APIGatewayListener) {
 	if s == nil {
@@ -67,6 +77,28 @@ func APIGatewayListenerFromStructs(t *structs.APIGatewayListener, s *APIGatewayL
 		APIGatewayTLSConfigurationFromStructs(&t.TLS, &x)
 		s.TLS = &x
 	}
+	if t.Override != nil {
+		var x APIGatewayPolicy
+		APIGatewayPolicyFromStructs(t.Override, &x)
+		s.Override = &x
+	}
+	if t.Default != nil {
+		var x APIGatewayPolicy
+		APIGatewayPolicyFromStructs(t.Default, &x)
+		s.Default = &x
+	}
+}
+func APIGatewayPolicyToStructs(s *APIGatewayPolicy, t *structs.APIGatewayPolicy) {
+	if s == nil {
+		return
+	}
+	t.JWT = gwJWTRequirementToStructs(s.JWT)
+}
+func APIGatewayPolicyFromStructs(t *structs.APIGatewayPolicy, s *APIGatewayPolicy) {
+	if s == nil {
+		return
+	}
+	s.JWT = gwJWTRequirementFromStructs(t.JWT)
 }
 func APIGatewayTLSConfigurationToStructs(s *APIGatewayTLSConfiguration, t *structs.APIGatewayTLSConfiguration) {
 	if s == nil {
diff --git a/proto/private/pbconfigentry/config_entry.pb.binary.go b/proto/private/pbconfigentry/config_entry.pb.binary.go
index 22890d7f37ac..a856741a7586 100644
--- a/proto/private/pbconfigentry/config_entry.pb.binary.go
+++ b/proto/private/pbconfigentry/config_entry.pb.binary.go
@@ -507,6 +507,46 @@ func (msg *APIGatewayTLSConfiguration) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
 
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *APIGatewayPolicy) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *APIGatewayPolicy) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *APIGatewayJWTRequirement) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *APIGatewayJWTRequirement) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *APIGatewayJWTProvider) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *APIGatewayJWTProvider) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *APIGatewayJWTClaimVerification) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *APIGatewayJWTClaimVerification) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
 // MarshalBinary implements encoding.BinaryMarshaler
 func (msg *ResourceReference) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
diff --git a/proto/private/pbconfigentry/config_entry.pb.go b/proto/private/pbconfigentry/config_entry.pb.go
index ce8f97d03652..21791ba566e7 100644
--- a/proto/private/pbconfigentry/config_entry.pb.go
+++ b/proto/private/pbconfigentry/config_entry.pb.go
@@ -4524,6 +4524,8 @@ type APIGatewayListener struct {
 	// mog: func-to=apiGatewayProtocolToStructs func-from=apiGatewayProtocolFromStructs
 	Protocol APIGatewayListenerProtocol  `protobuf:"varint,4,opt,name=Protocol,proto3,enum=hashicorp.consul.internal.configentry.APIGatewayListenerProtocol" json:"Protocol,omitempty"`
 	TLS      *APIGatewayTLSConfiguration `protobuf:"bytes,5,opt,name=TLS,proto3" json:"TLS,omitempty"`
+	Override *APIGatewayPolicy           `protobuf:"bytes,6,opt,name=Override,proto3" json:"Override,omitempty"`
+	Default  *APIGatewayPolicy           `protobuf:"bytes,7,opt,name=Default,proto3" json:"Default,omitempty"`
 }
 
 func (x *APIGatewayListener) Reset() {
@@ -4593,6 +4595,20 @@ func (x *APIGatewayListener) GetTLS() *APIGatewayTLSConfiguration {
 	return nil
 }
 
+func (x *APIGatewayListener) GetOverride() *APIGatewayPolicy {
+	if x != nil {
+		return x.Override
+	}
+	return nil
+}
+
+func (x *APIGatewayListener) GetDefault() *APIGatewayPolicy {
+	if x != nil {
+		return x.Default
+	}
+	return nil
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.APIGatewayTLSConfiguration
@@ -4672,6 +4688,216 @@ func (x *APIGatewayTLSConfiguration) GetCipherSuites() []string {
 	return nil
 }
 
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.APIGatewayPolicy
+// output=config_entry.gen.go
+// name=Structs
+type APIGatewayPolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// mog: func-to=gwJWTRequirementToStructs func-from=gwJWTRequirementFromStructs
+	JWT *APIGatewayJWTRequirement `protobuf:"bytes,1,opt,name=JWT,proto3" json:"JWT,omitempty"`
+}
+
+func (x *APIGatewayPolicy) Reset() {
+	*x = APIGatewayPolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *APIGatewayPolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*APIGatewayPolicy) ProtoMessage() {}
+
+func (x *APIGatewayPolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use APIGatewayPolicy.ProtoReflect.Descriptor instead.
+func (*APIGatewayPolicy) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{50}
+}
+
+func (x *APIGatewayPolicy) GetJWT() *APIGatewayJWTRequirement {
+	if x != nil {
+		return x.JWT
+	}
+	return nil
+}
+
+type APIGatewayJWTRequirement struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Providers []*APIGatewayJWTProvider `protobuf:"bytes,1,rep,name=Providers,proto3" json:"Providers,omitempty"`
+}
+
+func (x *APIGatewayJWTRequirement) Reset() {
+	*x = APIGatewayJWTRequirement{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *APIGatewayJWTRequirement) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*APIGatewayJWTRequirement) ProtoMessage() {}
+
+func (x *APIGatewayJWTRequirement) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use APIGatewayJWTRequirement.ProtoReflect.Descriptor instead.
+func (*APIGatewayJWTRequirement) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{51}
+}
+
+func (x *APIGatewayJWTRequirement) GetProviders() []*APIGatewayJWTProvider {
+	if x != nil {
+		return x.Providers
+	}
+	return nil
+}
+
+type APIGatewayJWTProvider struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name         string                            `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
+	VerifyClaims []*APIGatewayJWTClaimVerification `protobuf:"bytes,2,rep,name=VerifyClaims,proto3" json:"VerifyClaims,omitempty"`
+}
+
+func (x *APIGatewayJWTProvider) Reset() {
+	*x = APIGatewayJWTProvider{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *APIGatewayJWTProvider) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*APIGatewayJWTProvider) ProtoMessage() {}
+
+func (x *APIGatewayJWTProvider) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use APIGatewayJWTProvider.ProtoReflect.Descriptor instead.
+func (*APIGatewayJWTProvider) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{52}
+}
+
+func (x *APIGatewayJWTProvider) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *APIGatewayJWTProvider) GetVerifyClaims() []*APIGatewayJWTClaimVerification {
+	if x != nil {
+		return x.VerifyClaims
+	}
+	return nil
+}
+
+type APIGatewayJWTClaimVerification struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Path  []string `protobuf:"bytes,1,rep,name=Path,proto3" json:"Path,omitempty"`
+	Value string   `protobuf:"bytes,2,opt,name=Value,proto3" json:"Value,omitempty"`
+}
+
+func (x *APIGatewayJWTClaimVerification) Reset() {
+	*x = APIGatewayJWTClaimVerification{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *APIGatewayJWTClaimVerification) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*APIGatewayJWTClaimVerification) ProtoMessage() {}
+
+func (x *APIGatewayJWTClaimVerification) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use APIGatewayJWTClaimVerification.ProtoReflect.Descriptor instead.
+func (*APIGatewayJWTClaimVerification) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{53}
+}
+
+func (x *APIGatewayJWTClaimVerification) GetPath() []string {
+	if x != nil {
+		return x.Path
+	}
+	return nil
+}
+
+func (x *APIGatewayJWTClaimVerification) GetValue() string {
+	if x != nil {
+		return x.Value
+	}
+	return ""
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.ResourceReference
@@ -4692,7 +4918,7 @@ type ResourceReference struct {
 func (x *ResourceReference) Reset() {
 	*x = ResourceReference{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4705,7 +4931,7 @@ func (x *ResourceReference) String() string {
 func (*ResourceReference) ProtoMessage() {}
 
 func (x *ResourceReference) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4718,7 +4944,7 @@ func (x *ResourceReference) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ResourceReference.ProtoReflect.Descriptor instead.
 func (*ResourceReference) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{50}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{54}
 }
 
 func (x *ResourceReference) GetKind() string {
@@ -4767,7 +4993,7 @@ type BoundAPIGateway struct {
 func (x *BoundAPIGateway) Reset() {
 	*x = BoundAPIGateway{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4780,7 +5006,7 @@ func (x *BoundAPIGateway) String() string {
 func (*BoundAPIGateway) ProtoMessage() {}
 
 func (x *BoundAPIGateway) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4793,7 +5019,7 @@ func (x *BoundAPIGateway) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use BoundAPIGateway.ProtoReflect.Descriptor instead.
 func (*BoundAPIGateway) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{51}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{55}
 }
 
 func (x *BoundAPIGateway) GetMeta() map[string]string {
@@ -4828,7 +5054,7 @@ type BoundAPIGatewayListener struct {
 func (x *BoundAPIGatewayListener) Reset() {
 	*x = BoundAPIGatewayListener{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4841,7 +5067,7 @@ func (x *BoundAPIGatewayListener) String() string {
 func (*BoundAPIGatewayListener) ProtoMessage() {}
 
 func (x *BoundAPIGatewayListener) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4854,7 +5080,7 @@ func (x *BoundAPIGatewayListener) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use BoundAPIGatewayListener.ProtoReflect.Descriptor instead.
 func (*BoundAPIGatewayListener) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{52}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{56}
 }
 
 func (x *BoundAPIGatewayListener) GetName() string {
@@ -4897,7 +5123,7 @@ type InlineCertificate struct {
 func (x *InlineCertificate) Reset() {
 	*x = InlineCertificate{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4910,7 +5136,7 @@ func (x *InlineCertificate) String() string {
 func (*InlineCertificate) ProtoMessage() {}
 
 func (x *InlineCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4923,7 +5149,7 @@ func (x *InlineCertificate) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use InlineCertificate.ProtoReflect.Descriptor instead.
 func (*InlineCertificate) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{53}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{57}
 }
 
 func (x *InlineCertificate) GetMeta() map[string]string {
@@ -4968,7 +5194,7 @@ type HTTPRoute struct {
 func (x *HTTPRoute) Reset() {
 	*x = HTTPRoute{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4981,7 +5207,7 @@ func (x *HTTPRoute) String() string {
 func (*HTTPRoute) ProtoMessage() {}
 
 func (x *HTTPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4994,7 +5220,7 @@ func (x *HTTPRoute) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPRoute.ProtoReflect.Descriptor instead.
 func (*HTTPRoute) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{54}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{58}
 }
 
 func (x *HTTPRoute) GetMeta() map[string]string {
@@ -5050,7 +5276,7 @@ type HTTPRouteRule struct {
 func (x *HTTPRouteRule) Reset() {
 	*x = HTTPRouteRule{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5063,7 +5289,7 @@ func (x *HTTPRouteRule) String() string {
 func (*HTTPRouteRule) ProtoMessage() {}
 
 func (x *HTTPRouteRule) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5076,7 +5302,7 @@ func (x *HTTPRouteRule) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPRouteRule.ProtoReflect.Descriptor instead.
 func (*HTTPRouteRule) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{55}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{59}
 }
 
 func (x *HTTPRouteRule) GetFilters() *HTTPFilters {
@@ -5120,7 +5346,7 @@ type HTTPMatch struct {
 func (x *HTTPMatch) Reset() {
 	*x = HTTPMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5133,7 +5359,7 @@ func (x *HTTPMatch) String() string {
 func (*HTTPMatch) ProtoMessage() {}
 
 func (x *HTTPMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5146,7 +5372,7 @@ func (x *HTTPMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPMatch.ProtoReflect.Descriptor instead.
 func (*HTTPMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{56}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{60}
 }
 
 func (x *HTTPMatch) GetHeaders() []*HTTPHeaderMatch {
@@ -5196,7 +5422,7 @@ type HTTPHeaderMatch struct {
 func (x *HTTPHeaderMatch) Reset() {
 	*x = HTTPHeaderMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5209,7 +5435,7 @@ func (x *HTTPHeaderMatch) String() string {
 func (*HTTPHeaderMatch) ProtoMessage() {}
 
 func (x *HTTPHeaderMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5222,7 +5448,7 @@ func (x *HTTPHeaderMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPHeaderMatch.ProtoReflect.Descriptor instead.
 func (*HTTPHeaderMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{57}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{61}
 }
 
 func (x *HTTPHeaderMatch) GetMatch() HTTPHeaderMatchType {
@@ -5264,7 +5490,7 @@ type HTTPPathMatch struct {
 func (x *HTTPPathMatch) Reset() {
 	*x = HTTPPathMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5277,7 +5503,7 @@ func (x *HTTPPathMatch) String() string {
 func (*HTTPPathMatch) ProtoMessage() {}
 
 func (x *HTTPPathMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5290,7 +5516,7 @@ func (x *HTTPPathMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPPathMatch.ProtoReflect.Descriptor instead.
 func (*HTTPPathMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{58}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{62}
 }
 
 func (x *HTTPPathMatch) GetMatch() HTTPPathMatchType {
@@ -5326,7 +5552,7 @@ type HTTPQueryMatch struct {
 func (x *HTTPQueryMatch) Reset() {
 	*x = HTTPQueryMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5339,7 +5565,7 @@ func (x *HTTPQueryMatch) String() string {
 func (*HTTPQueryMatch) ProtoMessage() {}
 
 func (x *HTTPQueryMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5352,7 +5578,7 @@ func (x *HTTPQueryMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPQueryMatch.ProtoReflect.Descriptor instead.
 func (*HTTPQueryMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{59}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{63}
 }
 
 func (x *HTTPQueryMatch) GetMatch() HTTPQueryMatchType {
@@ -5395,7 +5621,7 @@ type HTTPFilters struct {
 func (x *HTTPFilters) Reset() {
 	*x = HTTPFilters{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5408,7 +5634,7 @@ func (x *HTTPFilters) String() string {
 func (*HTTPFilters) ProtoMessage() {}
 
 func (x *HTTPFilters) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5421,7 +5647,7 @@ func (x *HTTPFilters) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPFilters.ProtoReflect.Descriptor instead.
 func (*HTTPFilters) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{60}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{64}
 }
 
 func (x *HTTPFilters) GetHeaders() []*HTTPHeaderFilter {
@@ -5468,7 +5694,7 @@ type URLRewrite struct {
 func (x *URLRewrite) Reset() {
 	*x = URLRewrite{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5481,7 +5707,7 @@ func (x *URLRewrite) String() string {
 func (*URLRewrite) ProtoMessage() {}
 
 func (x *URLRewrite) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5494,7 +5720,7 @@ func (x *URLRewrite) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use URLRewrite.ProtoReflect.Descriptor instead.
 func (*URLRewrite) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{61}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{65}
 }
 
 func (x *URLRewrite) GetPath() string {
@@ -5523,7 +5749,7 @@ type RetryFilter struct {
 func (x *RetryFilter) Reset() {
 	*x = RetryFilter{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5536,7 +5762,7 @@ func (x *RetryFilter) String() string {
 func (*RetryFilter) ProtoMessage() {}
 
 func (x *RetryFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5549,7 +5775,7 @@ func (x *RetryFilter) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RetryFilter.ProtoReflect.Descriptor instead.
 func (*RetryFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{62}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{66}
 }
 
 func (x *RetryFilter) GetNumRetries() uint32 {
@@ -5599,7 +5825,7 @@ type TimeoutFilter struct {
 func (x *TimeoutFilter) Reset() {
 	*x = TimeoutFilter{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5612,7 +5838,7 @@ func (x *TimeoutFilter) String() string {
 func (*TimeoutFilter) ProtoMessage() {}
 
 func (x *TimeoutFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5625,7 +5851,7 @@ func (x *TimeoutFilter) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TimeoutFilter.ProtoReflect.Descriptor instead.
 func (*TimeoutFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{63}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{67}
 }
 
 func (x *TimeoutFilter) GetRequestTimeout() *durationpb.Duration {
@@ -5660,7 +5886,7 @@ type HTTPHeaderFilter struct {
 func (x *HTTPHeaderFilter) Reset() {
 	*x = HTTPHeaderFilter{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5673,7 +5899,7 @@ func (x *HTTPHeaderFilter) String() string {
 func (*HTTPHeaderFilter) ProtoMessage() {}
 
 func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5686,7 +5912,7 @@ func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPHeaderFilter.ProtoReflect.Descriptor instead.
 func (*HTTPHeaderFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{64}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{68}
 }
 
 func (x *HTTPHeaderFilter) GetAdd() map[string]string {
@@ -5731,7 +5957,7 @@ type HTTPService struct {
 func (x *HTTPService) Reset() {
 	*x = HTTPService{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5744,7 +5970,7 @@ func (x *HTTPService) String() string {
 func (*HTTPService) ProtoMessage() {}
 
 func (x *HTTPService) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5757,7 +5983,7 @@ func (x *HTTPService) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPService.ProtoReflect.Descriptor instead.
 func (*HTTPService) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{65}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{69}
 }
 
 func (x *HTTPService) GetName() string {
@@ -5808,7 +6034,7 @@ type TCPRoute struct {
 func (x *TCPRoute) Reset() {
 	*x = TCPRoute{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5821,7 +6047,7 @@ func (x *TCPRoute) String() string {
 func (*TCPRoute) ProtoMessage() {}
 
 func (x *TCPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5834,7 +6060,7 @@ func (x *TCPRoute) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TCPRoute.ProtoReflect.Descriptor instead.
 func (*TCPRoute) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{66}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{70}
 }
 
 func (x *TCPRoute) GetMeta() map[string]string {
@@ -5883,7 +6109,7 @@ type TCPService struct {
 func (x *TCPService) Reset() {
 	*x = TCPService{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5896,7 +6122,7 @@ func (x *TCPService) String() string {
 func (*TCPService) ProtoMessage() {}
 
 func (x *TCPService) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5909,7 +6135,7 @@ func (x *TCPService) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TCPService.ProtoReflect.Descriptor instead.
 func (*TCPService) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{67}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{71}
 }
 
 func (x *TCPService) GetName() string {
@@ -5949,7 +6175,7 @@ type SamenessGroup struct {
 func (x *SamenessGroup) Reset() {
 	*x = SamenessGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5962,7 +6188,7 @@ func (x *SamenessGroup) String() string {
 func (*SamenessGroup) ProtoMessage() {}
 
 func (x *SamenessGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5975,7 +6201,7 @@ func (x *SamenessGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SamenessGroup.ProtoReflect.Descriptor instead.
 func (*SamenessGroup) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{68}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
 }
 
 func (x *SamenessGroup) GetName() string {
@@ -6037,7 +6263,7 @@ type SamenessGroupMember struct {
 func (x *SamenessGroupMember) Reset() {
 	*x = SamenessGroupMember{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6050,7 +6276,7 @@ func (x *SamenessGroupMember) String() string {
 func (*SamenessGroupMember) ProtoMessage() {}
 
 func (x *SamenessGroupMember) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6063,7 +6289,7 @@ func (x *SamenessGroupMember) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SamenessGroupMember.ProtoReflect.Descriptor instead.
 func (*SamenessGroupMember) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{69}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
 }
 
 func (x *SamenessGroupMember) GetPartition() string {
@@ -6105,7 +6331,7 @@ type JWTProvider struct {
 func (x *JWTProvider) Reset() {
 	*x = JWTProvider{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6118,7 +6344,7 @@ func (x *JWTProvider) String() string {
 func (*JWTProvider) ProtoMessage() {}
 
 func (x *JWTProvider) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6131,7 +6357,7 @@ func (x *JWTProvider) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTProvider.ProtoReflect.Descriptor instead.
 func (*JWTProvider) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{70}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
 }
 
 func (x *JWTProvider) GetJSONWebKeySet() *JSONWebKeySet {
@@ -6207,7 +6433,7 @@ type JSONWebKeySet struct {
 func (x *JSONWebKeySet) Reset() {
 	*x = JSONWebKeySet{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6220,7 +6446,7 @@ func (x *JSONWebKeySet) String() string {
 func (*JSONWebKeySet) ProtoMessage() {}
 
 func (x *JSONWebKeySet) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6233,7 +6459,7 @@ func (x *JSONWebKeySet) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JSONWebKeySet.ProtoReflect.Descriptor instead.
 func (*JSONWebKeySet) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{71}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
 }
 
 func (x *JSONWebKeySet) GetLocal() *LocalJWKS {
@@ -6267,7 +6493,7 @@ type LocalJWKS struct {
 func (x *LocalJWKS) Reset() {
 	*x = LocalJWKS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6280,7 +6506,7 @@ func (x *LocalJWKS) String() string {
 func (*LocalJWKS) ProtoMessage() {}
 
 func (x *LocalJWKS) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6293,7 +6519,7 @@ func (x *LocalJWKS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LocalJWKS.ProtoReflect.Descriptor instead.
 func (*LocalJWKS) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
 }
 
 func (x *LocalJWKS) GetJWKS() string {
@@ -6333,7 +6559,7 @@ type RemoteJWKS struct {
 func (x *RemoteJWKS) Reset() {
 	*x = RemoteJWKS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6346,7 +6572,7 @@ func (x *RemoteJWKS) String() string {
 func (*RemoteJWKS) ProtoMessage() {}
 
 func (x *RemoteJWKS) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6359,7 +6585,7 @@ func (x *RemoteJWKS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RemoteJWKS.ProtoReflect.Descriptor instead.
 func (*RemoteJWKS) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
 }
 
 func (x *RemoteJWKS) GetURI() string {
@@ -6423,7 +6649,7 @@ type JWKSCluster struct {
 func (x *JWKSCluster) Reset() {
 	*x = JWKSCluster{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6436,7 +6662,7 @@ func (x *JWKSCluster) String() string {
 func (*JWKSCluster) ProtoMessage() {}
 
 func (x *JWKSCluster) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6449,7 +6675,7 @@ func (x *JWKSCluster) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSCluster.ProtoReflect.Descriptor instead.
 func (*JWKSCluster) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
 }
 
 func (x *JWKSCluster) GetDiscoveryType() string {
@@ -6490,7 +6716,7 @@ type JWKSTLSCertificate struct {
 func (x *JWKSTLSCertificate) Reset() {
 	*x = JWKSTLSCertificate{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6503,7 +6729,7 @@ func (x *JWKSTLSCertificate) String() string {
 func (*JWKSTLSCertificate) ProtoMessage() {}
 
 func (x *JWKSTLSCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6516,7 +6742,7 @@ func (x *JWKSTLSCertificate) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertificate.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertificate) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
 }
 
 func (x *JWKSTLSCertificate) GetCaCertificateProviderInstance() *JWKSTLSCertProviderInstance {
@@ -6550,7 +6776,7 @@ type JWKSTLSCertProviderInstance struct {
 func (x *JWKSTLSCertProviderInstance) Reset() {
 	*x = JWKSTLSCertProviderInstance{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6563,7 +6789,7 @@ func (x *JWKSTLSCertProviderInstance) String() string {
 func (*JWKSTLSCertProviderInstance) ProtoMessage() {}
 
 func (x *JWKSTLSCertProviderInstance) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6576,7 +6802,7 @@ func (x *JWKSTLSCertProviderInstance) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertProviderInstance.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertProviderInstance) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{80}
 }
 
 func (x *JWKSTLSCertProviderInstance) GetInstanceName() string {
@@ -6612,7 +6838,7 @@ type JWKSTLSCertTrustedCA struct {
 func (x *JWKSTLSCertTrustedCA) Reset() {
 	*x = JWKSTLSCertTrustedCA{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6625,7 +6851,7 @@ func (x *JWKSTLSCertTrustedCA) String() string {
 func (*JWKSTLSCertTrustedCA) ProtoMessage() {}
 
 func (x *JWKSTLSCertTrustedCA) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6638,7 +6864,7 @@ func (x *JWKSTLSCertTrustedCA) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertTrustedCA.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertTrustedCA) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{81}
 }
 
 func (x *JWKSTLSCertTrustedCA) GetFilename() string {
@@ -6687,7 +6913,7 @@ type JWKSRetryPolicy struct {
 func (x *JWKSRetryPolicy) Reset() {
 	*x = JWKSRetryPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6700,7 +6926,7 @@ func (x *JWKSRetryPolicy) String() string {
 func (*JWKSRetryPolicy) ProtoMessage() {}
 
 func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6713,7 +6939,7 @@ func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSRetryPolicy.ProtoReflect.Descriptor instead.
 func (*JWKSRetryPolicy) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{82}
 }
 
 func (x *JWKSRetryPolicy) GetNumRetries() int32 {
@@ -6749,7 +6975,7 @@ type RetryPolicyBackOff struct {
 func (x *RetryPolicyBackOff) Reset() {
 	*x = RetryPolicyBackOff{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6762,7 +6988,7 @@ func (x *RetryPolicyBackOff) String() string {
 func (*RetryPolicyBackOff) ProtoMessage() {}
 
 func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6775,7 +7001,7 @@ func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RetryPolicyBackOff.ProtoReflect.Descriptor instead.
 func (*RetryPolicyBackOff) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{83}
 }
 
 func (x *RetryPolicyBackOff) GetBaseInterval() *durationpb.Duration {
@@ -6810,7 +7036,7 @@ type JWTLocation struct {
 func (x *JWTLocation) Reset() {
 	*x = JWTLocation{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6823,7 +7049,7 @@ func (x *JWTLocation) String() string {
 func (*JWTLocation) ProtoMessage() {}
 
 func (x *JWTLocation) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6836,7 +7062,7 @@ func (x *JWTLocation) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocation.ProtoReflect.Descriptor instead.
 func (*JWTLocation) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{80}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{84}
 }
 
 func (x *JWTLocation) GetHeader() *JWTLocationHeader {
@@ -6878,7 +7104,7 @@ type JWTLocationHeader struct {
 func (x *JWTLocationHeader) Reset() {
 	*x = JWTLocationHeader{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6891,7 +7117,7 @@ func (x *JWTLocationHeader) String() string {
 func (*JWTLocationHeader) ProtoMessage() {}
 
 func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6904,7 +7130,7 @@ func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationHeader.ProtoReflect.Descriptor instead.
 func (*JWTLocationHeader) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{81}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{85}
 }
 
 func (x *JWTLocationHeader) GetName() string {
@@ -6944,7 +7170,7 @@ type JWTLocationQueryParam struct {
 func (x *JWTLocationQueryParam) Reset() {
 	*x = JWTLocationQueryParam{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6957,7 +7183,7 @@ func (x *JWTLocationQueryParam) String() string {
 func (*JWTLocationQueryParam) ProtoMessage() {}
 
 func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6970,7 +7196,7 @@ func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationQueryParam.ProtoReflect.Descriptor instead.
 func (*JWTLocationQueryParam) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{82}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{86}
 }
 
 func (x *JWTLocationQueryParam) GetName() string {
@@ -6996,7 +7222,7 @@ type JWTLocationCookie struct {
 func (x *JWTLocationCookie) Reset() {
 	*x = JWTLocationCookie{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7009,7 +7235,7 @@ func (x *JWTLocationCookie) String() string {
 func (*JWTLocationCookie) ProtoMessage() {}
 
 func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7022,7 +7248,7 @@ func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationCookie.ProtoReflect.Descriptor instead.
 func (*JWTLocationCookie) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{83}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{87}
 }
 
 func (x *JWTLocationCookie) GetName() string {
@@ -7049,7 +7275,7 @@ type JWTForwardingConfig struct {
 func (x *JWTForwardingConfig) Reset() {
 	*x = JWTForwardingConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7062,7 +7288,7 @@ func (x *JWTForwardingConfig) String() string {
 func (*JWTForwardingConfig) ProtoMessage() {}
 
 func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7075,7 +7301,7 @@ func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTForwardingConfig.ProtoReflect.Descriptor instead.
 func (*JWTForwardingConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{84}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{88}
 }
 
 func (x *JWTForwardingConfig) GetHeaderName() string {
@@ -7109,7 +7335,7 @@ type JWTCacheConfig struct {
 func (x *JWTCacheConfig) Reset() {
 	*x = JWTCacheConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7122,7 +7348,7 @@ func (x *JWTCacheConfig) String() string {
 func (*JWTCacheConfig) ProtoMessage() {}
 
 func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7135,7 +7361,7 @@ func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTCacheConfig.ProtoReflect.Descriptor instead.
 func (*JWTCacheConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{85}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{89}
 }
 
 func (x *JWTCacheConfig) GetSize() int32 {
@@ -8032,7 +8258,7 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
 	0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x12, 0x4c, 0x61,
 	0x73, 0x74, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65,
-	0x22, 0x8c, 0x02, 0x0a, 0x12, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c,
+	0x22, 0xb4, 0x03, 0x0a, 0x12, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c,
 	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18,
 	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x48,
 	0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x48,
@@ -8048,596 +8274,635 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
 	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
 	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x22,
-	0xde, 0x01, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c,
-	0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5c,
-	0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0c,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a,
-	0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a,
-	0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0a, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c,
-	0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03,
-	0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73,
-	0x22, 0xb7, 0x01, 0x0a, 0x11, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66,
-	0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
-	0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20,
-	0x0a, 0x0b, 0x53, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65,
-	0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
-	0x74, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65,
-	0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65,
-	0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfe, 0x01, 0x0a, 0x0f, 0x42,
-	0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x54,
-	0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68,
+	0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12,
+	0x53, 0x0a, 0x08, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74,
+	0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x08, 0x4f, 0x76, 0x65, 0x72,
+	0x72, 0x69, 0x64, 0x65, 0x12, 0x51, 0x0a, 0x07, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18,
+	0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50,
+	0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x07,
+	0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x22, 0xde, 0x01, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47,
+	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5c, 0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68,
 	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
 	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74,
-	0x65, 0x77, 0x61, 0x79, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04,
-	0x4d, 0x65, 0x74, 0x61, 0x12, 0x5c, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
-	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65,
-	0x72, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
-	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdd, 0x01, 0x0a, 0x17,
-	0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x5c, 0x0a, 0x0c, 0x43,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72,
-	0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0c, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x06, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66,
+	0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75,
+	0x69, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, 0x70, 0x68,
+	0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x65, 0x0a, 0x10, 0x41, 0x50, 0x49, 0x47,
+	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x51, 0x0a, 0x03,
+	0x4a, 0x57, 0x54, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65,
-	0x6e, 0x63, 0x65, 0x52, 0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0xe6, 0x01, 0x0a, 0x11,
-	0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x12, 0x56, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x50,
-	0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0a, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x1a, 0x37, 0x0a, 0x09, 0x4d,
-	0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x3a, 0x02, 0x38, 0x01, 0x22, 0x99, 0x03, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x12, 0x4e, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65,
-	0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54, 0x52,
+	0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x03, 0x4a, 0x57, 0x54, 0x22,
+	0x76, 0x0a, 0x18, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54,
+	0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x5a, 0x0a, 0x09, 0x50,
+	0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
+	0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x09, 0x50, 0x72,
+	0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x22, 0x96, 0x01, 0x0a, 0x15, 0x41, 0x50, 0x49, 0x47,
+	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
+	0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x69, 0x0a, 0x0c, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43,
+	0x6c, 0x61, 0x69, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57,
+	0x54, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x0c, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73,
+	0x22, 0x4a, 0x0a, 0x1e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57,
+	0x54, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09,
+	0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xb7, 0x01, 0x0a,
+	0x11, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e,
+	0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0b, 0x53, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e,
+	0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
+	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
+	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfe, 0x01, 0x0a, 0x0f, 0x42, 0x6f, 0x75, 0x6e, 0x64,
+	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x54, 0x0a, 0x04, 0x4d, 0x65,
+	0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0x2e, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
+	0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61,
+	0x12, 0x5c, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
 	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f,
-	0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x07, 0x50,
-	0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4a, 0x0a, 0x05, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x18,
-	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x42, 0x6f, 0x75, 0x6e,
+	0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65,
+	0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x1a, 0x37,
+	0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b,
+	0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdd, 0x01, 0x0a, 0x17, 0x42, 0x6f, 0x75, 0x6e,
+	0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65,
+	0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x5c, 0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65,
+	0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x18,
+	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
 	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54,
-	0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x52, 0x75, 0x6c,
-	0x65, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18,
-	0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73,
-	0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
-	0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52,
+	0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0xe6, 0x01, 0x0a, 0x11, 0x49, 0x6e, 0x6c, 0x69,
+	0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x56, 0x0a,
+	0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
+	0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, 0x65, 0x72, 0x74,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x72, 0x69, 0x76, 0x61,
+	0x74, 0x65, 0x4b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x50, 0x72, 0x69,
+	0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45,
 	0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
 	0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
 	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
-	0x22, 0xf9, 0x01, 0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75,
-	0x6c, 0x65, 0x12, 0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50,
-	0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73,
-	0x12, 0x4a, 0x0a, 0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x22, 0x99, 0x03, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x4e,
+	0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x4d,
+	0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x52,
+	0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e,
+	0x74, 0x73, 0x12, 0x4a, 0x0a, 0x05, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
 	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x52, 0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x4e, 0x0a, 0x08,
-	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x52, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x22, 0xc4, 0x02, 0x0a,
-	0x09, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x07, 0x48, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x52, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x4e, 0x0a, 0x06,
-	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x1c,
+	0x0a, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28,
+	0x09, 0x52, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68,
 	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
 	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x48, 0x0a, 0x04,
-	0x50, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61,
+	0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b,
+	0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf9, 0x01, 0x0a,
+	0x0d, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x4c,
+	0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c, 0x74,
+	0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4a, 0x0a, 0x07,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52,
+	0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x4e, 0x0a, 0x08, 0x53, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73,
 	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
 	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x4b, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x18,
-	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54,
-	0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x51, 0x75,
-	0x65, 0x72, 0x79, 0x22, 0x8d, 0x01, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x22, 0xc4, 0x02, 0x0a, 0x09, 0x48, 0x54, 0x54,
+	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
+	0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52,
+	0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x4e, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68,
+	0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x48, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
 	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48,
-	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79,
-	0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d,
-	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a,
-	0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x22, 0x75, 0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x12, 0x4e, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50,
-	0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x8b, 0x01, 0x0a, 0x0e, 0x48,
-	0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x4f, 0x0a,
-	0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12,
-	0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61,
-	0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xe5, 0x02, 0x0a, 0x0b, 0x48, 0x54, 0x54,
-	0x50, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74,
-	0x65, 0x72, 0x52, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0a, 0x55,
-	0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x04, 0x50, 0x61,
+	0x74, 0x68, 0x12, 0x4b, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x18, 0x04, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75,
+	0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x22,
+	0x8d, 0x01, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22,
+	0x75, 0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x12, 0x4e, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32,
+	0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
 	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69,
-	0x74, 0x65, 0x52, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x54,
-	0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72,
-	0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69,
-	0x6c, 0x74, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46,
-	0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x8b, 0x01, 0x0a, 0x0e, 0x48, 0x54, 0x54, 0x50, 0x51,
+	0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x4f, 0x0a, 0x05, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0x2e, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54,
+	0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
+	0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14,
+	0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x22, 0xe5, 0x02, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c,
+	0x74, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54,
+	0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x07,
+	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65,
+	0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
 	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65,
-	0x72, 0x52, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72,
-	0x22, 0x20, 0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x12,
-	0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61,
-	0x74, 0x68, 0x22, 0xad, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74,
-	0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69,
-	0x65, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x18, 0x02, 0x20,
-	0x03, 0x28, 0x09, 0x52, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x2e, 0x0a, 0x12,
-	0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64,
-	0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f,
-	0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x15,
-	0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61,
-	0x69, 0x6c, 0x75, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x52, 0x65, 0x74,
-	0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61, 0x69, 0x6c, 0x75,
-	0x72, 0x65, 0x22, 0x8f, 0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69,
-	0x6c, 0x74, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54,
-	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x3b, 0x0a, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54,
-	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d,
-	0x65, 0x6f, 0x75, 0x74, 0x22, 0xc2, 0x02, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x52, 0x0a, 0x03, 0x41, 0x64, 0x64,
-	0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48,
-	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e,
-	0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x16, 0x0a,
-	0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x52,
-	0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x52, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x03, 0x20, 0x03,
+	0x74, 0x72, 0x79, 0x2e, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x52, 0x0a,
+	0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x54, 0x0a, 0x0b, 0x52, 0x65,
+	0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c,
+	0x74, 0x65, 0x72, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72,
+	0x12, 0x5a, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65,
+	0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
+	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0d, 0x54,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x22, 0x20, 0x0a, 0x0a,
+	0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61,
+	0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x22, 0xad,
+	0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x1e,
+	0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0d, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x18,
+	0x0a, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52,
+	0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x2e, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72,
+	0x79, 0x4f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x18, 0x03,
+	0x20, 0x03, 0x28, 0x0d, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x53, 0x74, 0x61,
+	0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x15, 0x52, 0x65, 0x74, 0x72,
+	0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72,
+	0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x22, 0x8f,
+	0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72,
+	0x12, 0x41, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x12, 0x3b, 0x0a, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
+	0x22, 0xc2, 0x02, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46,
+	0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x52, 0x0a, 0x03, 0x41, 0x64, 0x64, 0x18, 0x01, 0x20, 0x03,
 	0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
 	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x45,
-	0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x53, 0x65, 0x74, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64,
-	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
-	0x01, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a,
-	0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12,
-	0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xe1, 0x01, 0x0a, 0x0b, 0x48, 0x54,
-	0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a,
-	0x06, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x57,
-	0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x41, 0x64, 0x64, 0x45,
+	0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x6d,
+	0x6f, 0x76, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76,
+	0x65, 0x12, 0x52, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x52, 0x03, 0x53, 0x65, 0x74, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
+	0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a,
+	0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xe1, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65,
+	0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x57, 0x65, 0x69,
+	0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68,
+	0x74, 0x12, 0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46,
+	0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12,
+	0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74,
+	0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72,
+	0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72,
+	0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfc, 0x02, 0x0a, 0x08, 0x54, 0x43,
+	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50,
+	0x52, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
+	0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73,
+	0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48,
-	0x54, 0x54, 0x50, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74,
-	0x65, 0x72, 0x73, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73,
-	0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52,
+	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
+	0x52, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45,
-	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45,
-	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfc, 0x02,
-	0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x4d, 0x65,
-	0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
 	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72,
-	0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72,
-	0x65, 0x6e, 0x63, 0x65, 0x52, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4d, 0x0a,
-	0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x52, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79,
-	0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b,
-	0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x7a, 0x0a, 0x0a,
-	0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
-	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58,
-	0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70,
-	0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70,
-	0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xb4, 0x03, 0x0a, 0x0d, 0x53, 0x61, 0x6d,
-	0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
-	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e,
-	0x0a, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c,
-	0x6f, 0x76, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x44, 0x65, 0x66, 0x61,
-	0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x22,
-	0x0a, 0x0c, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63,
-	0x61, 0x6c, 0x12, 0x54, 0x0a, 0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65,
-	0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x52,
-	0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x12, 0x52, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61,
-	0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53,
-	0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4d, 0x65, 0x74,
-	0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e,
-	0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
-	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
-	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22,
-	0x47, 0x0a, 0x13, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70,
-	0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x22, 0xdd, 0x04, 0x0a, 0x0b, 0x4a, 0x57, 0x54,
-	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e,
-	0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b,
-	0x65, 0x79, 0x53, 0x65, 0x74, 0x52, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65,
-	0x79, 0x53, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09,
-	0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52,
-	0x09, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x09, 0x4c, 0x6f,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0a,
-	0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77,
-	0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x46, 0x6f,
-	0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x57, 0x0a, 0x0b, 0x43, 0x61, 0x63, 0x68,
-	0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x12, 0x50, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69,
-	0x64, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d,
-	0x65, 0x74, 0x61, 0x12, 0x2a, 0x0a, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77,
-	0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43,
-	0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x1a,
+	0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a,
 	0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
 	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14,
 	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa2, 0x01, 0x0a, 0x0d, 0x4a, 0x53, 0x4f,
-	0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x46, 0x0a, 0x05, 0x4c, 0x6f,
-	0x63, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x05, 0x4c, 0x6f, 0x63,
-	0x61, 0x6c, 0x12, 0x49, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x7a, 0x0a, 0x0a, 0x54, 0x43, 0x50, 0x53,
+	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e,
+	0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74,
-	0x65, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x22, 0x3b, 0x0a,
-	0x09, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x4a, 0x57,
-	0x4b, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x1a,
-	0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xed, 0x02, 0x0a, 0x0a, 0x52,
-	0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x49,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x2a, 0x0a, 0x10, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69,
-	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x12, 0x3f, 0x0a, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x13, 0x46, 0x65, 0x74, 0x63,
-	0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e,
-	0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x12, 0x58, 0x0a, 0x0b, 0x52, 0x65,
-	0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65,
+	0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65,
+	0x4d, 0x65, 0x74, 0x61, 0x22, 0xb4, 0x03, 0x0a, 0x0d, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73,
+	0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e, 0x0a, 0x12, 0x44, 0x65,
+	0x66, 0x61, 0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x46,
+	0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e,
+	0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x0c, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x54,
+	0x0a, 0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
 	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72,
-	0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x12, 0x54, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73,
-	0x74, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73,
+	0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x52, 0x07, 0x4d, 0x65, 0x6d,
+	0x62, 0x65, 0x72, 0x73, 0x12, 0x52, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e,
+	0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74,
+	0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65,
+	0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
+	0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
+	0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
+	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
+	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x47, 0x0a, 0x13, 0x53,
+	0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62,
+	0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x50, 0x65, 0x65, 0x72, 0x22, 0xdd, 0x04, 0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76,
+	0x69, 0x64, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b,
+	0x65, 0x79, 0x53, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65,
+	0x74, 0x52, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74,
+	0x12, 0x16, 0x0a, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x75, 0x64, 0x69,
+	0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x41, 0x75, 0x64,
+	0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x4a,
-	0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0b, 0x4a,
-	0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x69,
-	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65,
-	0x12, 0x63, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x4c,
+	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0a, 0x46, 0x6f, 0x72, 0x77,
+	0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69,
+	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72,
+	0x64, 0x69, 0x6e, 0x67, 0x12, 0x57, 0x0a, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x52, 0x0f, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x41, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0xfa, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x4b,
-	0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12,
-	0x88, 0x01, 0x0a, 0x1d, 0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69,
-	0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x1d, 0x43, 0x61, 0x43,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
-	0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x59, 0x0a, 0x09, 0x54, 0x72,
-	0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e,
+	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x52, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x50, 0x0a,
+	0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e,
+	0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12,
+	0x2a, 0x0a, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f,
+	0x6e, 0x64, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b,
+	0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d,
+	0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x3a, 0x02, 0x38, 0x01, 0x22, 0xa2, 0x01, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62,
+	0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x46, 0x0a, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f,
+	0x63, 0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x49,
+	0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57, 0x4b,
+	0x53, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x22, 0x3b, 0x0a, 0x09, 0x4c, 0x6f, 0x63,
+	0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69,
+	0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69,
+	0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xed, 0x02, 0x0a, 0x0a, 0x52, 0x65, 0x6d, 0x6f, 0x74,
+	0x65, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x2a, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x05, 0x52, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75,
+	0x74, 0x4d, 0x73, 0x12, 0x3f, 0x0a, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79,
+	0x6e, 0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68, 0x72, 0x6f,
+	0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x12, 0x58, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x12, 0x54, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57,
+	0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
+	0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x44,
+	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x63, 0x0a, 0x0f,
+	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57,
+	0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x52, 0x0f, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x73, 0x12, 0x41, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d,
+	0x65, 0x6f, 0x75, 0x74, 0x22, 0xfa, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x88, 0x01, 0x0a, 0x1d,
+	0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f,
+	0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53,
+	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49,
+	0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x1d, 0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e,
+	0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x59, 0x0a, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65,
+	0x64, 0x43, 0x41, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75,
+	0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x52, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43,
+	0x41, 0x22, 0x6b, 0x0a, 0x1b, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74,
+	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
+	0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
+	0x4e, 0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x43,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xaa,
+	0x01, 0x0a, 0x14, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72,
+	0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65,
+	0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72,
+	0x69, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x53,
+	0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x6c,
+	0x69, 0x6e, 0x65, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x49, 0x6e, 0x6c,
+	0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b,
+	0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x0f,
+	0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12,
+	0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x05, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12,
+	0x69, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61,
+	0x63, 0x6b, 0x4f, 0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42,
+	0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22, 0x90, 0x01, 0x0a, 0x12, 0x52,
+	0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66,
+	0x66, 0x12, 0x3d, 0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
+	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c,
+	0x12, 0x3b, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x22, 0x8f, 0x02,
+	0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a,
+	0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e,
 	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
 	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72,
-	0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x52, 0x09, 0x54, 0x72, 0x75, 0x73,
-	0x74, 0x65, 0x64, 0x43, 0x41, 0x22, 0x6b, 0x0a, 0x1b, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53,
-	0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74,
-	0x61, 0x6e, 0x63, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
-	0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x73, 0x74,
-	0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61,
-	0x6d, 0x65, 0x22, 0xaa, 0x01, 0x0a, 0x14, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65,
-	0x72, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x12, 0x1a, 0x0a, 0x08, 0x46,
-	0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46,
-	0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72,
-	0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e,
-	0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x6c,
-	0x69, 0x6e, 0x65, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a,
-	0x0b, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x0c, 0x52, 0x0b, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22,
-	0x9c, 0x01, 0x0a, 0x0f, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65,
-	0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72,
-	0x69, 0x65, 0x73, 0x12, 0x69, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72,
-	0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22, 0x90,
-	0x01, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61,
-	0x63, 0x6b, 0x4f, 0x66, 0x66, 0x12, 0x3d, 0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74,
-	0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65,
-	0x72, 0x76, 0x61, 0x6c, 0x12, 0x3b, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72,
-	0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
-	0x6c, 0x22, 0x8f, 0x02, 0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x12, 0x50, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x12, 0x5c, 0x0a, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61,
-	0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79,
-	0x50, 0x61, 0x72, 0x61, 0x6d, 0x52, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61,
-	0x6d, 0x12, 0x50, 0x0a, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f, 0x6f,
-	0x6b, 0x69, 0x65, 0x22, 0x63, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b,
-	0x56, 0x61, 0x6c, 0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0b, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18,
-	0x0a, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x07, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54, 0x4c,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12,
+	0x5c, 0x0a, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c,
 	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61,
-	0x6d, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x27, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
-	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x6f,
-	0x0a, 0x13, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e,
-	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77,
-	0x61, 0x72, 0x64, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61,
-	0x72, 0x64, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22,
-	0x24, 0x0a, 0x0e, 0x4a, 0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52,
-	0x04, 0x53, 0x69, 0x7a, 0x65, 0x2a, 0xa9, 0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f,
-	0x0a, 0x0b, 0x4b, 0x69, 0x6e, 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12,
-	0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12,
-	0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77,
-	0x61, 0x79, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12,
-	0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65,
-	0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x10, 0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64,
-	0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x10, 0x06, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61,
-	0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x42,
-	0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x08,
-	0x12, 0x11, 0x0a, 0x0d, 0x4b, 0x69, 0x6e, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74,
-	0x65, 0x10, 0x09, 0x12, 0x10, 0x0a, 0x0c, 0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f,
-	0x75, 0x74, 0x65, 0x10, 0x0a, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61, 0x6d,
-	0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f,
-	0x4b, 0x69, 0x6e, 0x64, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x10,
-	0x0c, 0x2a, 0x26, 0x0a, 0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09,
-	0x0a, 0x05, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74,
-	0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65,
-	0x12, 0x0a, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a, 0x09,
-	0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72, 0x6f,
-	0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12,
-	0x18, 0x0a, 0x14, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61, 0x6e,
-	0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f,
-	0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5f,
-	0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12,
-	0x18, 0x0a, 0x14, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65,
-	0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75, 0x74,
-	0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63, 0x74,
-	0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d,
-	0x6f, 0x64, 0x65, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02, 0x2a,
-	0x7b, 0x0a, 0x0f, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f,
-	0x64, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
-	0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17,
-	0x0a, 0x13, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64,
-	0x65, 0x4e, 0x6f, 0x6e, 0x65, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x47,
-	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x10,
-	0x02, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
-	0x4d, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x1a,
-	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
-	0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x69,
-	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48, 0x54,
-	0x54, 0x50, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
-	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92, 0x02,
-	0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f,
-	0x64, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x41, 0x6c, 0x6c, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54,
-	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x02,
-	0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74,
-	0x68, 0x6f, 0x64, 0x47, 0x65, 0x74, 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64, 0x10,
-	0x04, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18, 0x0a,
-	0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x50, 0x61, 0x74, 0x63, 0x68, 0x10, 0x06, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10, 0x07,
-	0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74,
-	0x68, 0x6f, 0x64, 0x50, 0x75, 0x74, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63, 0x65,
-	0x10, 0x09, 0x2a, 0xa7, 0x01, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54,
-	0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61,
-	0x63, 0x74, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12,
-	0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20, 0x48,
-	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65,
+	0x6d, 0x52, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x50, 0x0a,
+	0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22,
+	0x63, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x46, 0x6f,
+	0x72, 0x77, 0x61, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x46, 0x6f, 0x72,
+	0x77, 0x61, 0x72, 0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x12, 0x0a,
+	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d,
+	0x65, 0x22, 0x27, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x6f, 0x0a, 0x13, 0x4a, 0x57,
+	0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d,
+	0x65, 0x12, 0x38, 0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50,
+	0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61,
+	0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0e, 0x4a,
+	0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a,
+	0x04, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x53, 0x69, 0x7a,
+	0x65, 0x2a, 0xa9, 0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69,
+	0x6e, 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b,
+	0x69, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x01, 0x12,
+	0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65,
+	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64,
+	0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x03,
+	0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49,
+	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x4b,
+	0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c,
+	0x74, 0x73, 0x10, 0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x6c, 0x69,
+	0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x10, 0x06, 0x12,
+	0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
+	0x79, 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x42, 0x6f, 0x75, 0x6e, 0x64,
+	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d,
+	0x4b, 0x69, 0x6e, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x09, 0x12,
+	0x10, 0x0a, 0x0c, 0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10,
+	0x0a, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73,
+	0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x69, 0x6e, 0x64,
+	0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x10, 0x0c, 0x2a, 0x26, 0x0a,
+	0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x08, 0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x6c,
+	0x6c, 0x6f, 0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69,
+	0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78,
+	0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
+	0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x50,
+	0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72,
+	0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
+	0x64, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5f, 0x0a, 0x0d, 0x4d, 0x75,
+	0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4d,
+	0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61,
+	0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54,
+	0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x1b,
+	0x0a, 0x17, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x50,
+	0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02, 0x2a, 0x7b, 0x0a, 0x0f, 0x4d,
+	0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a,
+	0x0a, 0x16, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64,
+	0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x65,
+	0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4e, 0x6f, 0x6e,
+	0x65, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77,
+	0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x10, 0x02, 0x12, 0x19, 0x0a,
+	0x15, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65,
+	0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47,
+	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
+	0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00,
+	0x12, 0x17, 0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92, 0x02, 0x0a, 0x0f, 0x48, 0x54,
+	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x16, 0x0a,
+	0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x41, 0x6c, 0x6c, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10,
+	0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12,
+	0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x47,
+	0x65, 0x74, 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64, 0x10, 0x04, 0x12, 0x1a, 0x0a,
+	0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54,
+	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x61, 0x74, 0x63,
+	0x68, 0x10, 0x06, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10, 0x07, 0x12, 0x16, 0x0a, 0x12,
+	0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50,
+	0x75, 0x74, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63, 0x65, 0x10, 0x09, 0x2a, 0xa7,
+	0x01, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00,
+	0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x48,
+	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72,
+	0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20, 0x48, 0x54, 0x54, 0x50, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61,
+	0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x12, 0x19, 0x0a,
+	0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a, 0x11, 0x48, 0x54, 0x54, 0x50,
+	0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a,
+	0x12, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78,
+	0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74,
+	0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x22,
+	0x0a, 0x1e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52,
+	0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
+	0x10, 0x03, 0x2a, 0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50,
+	0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10,
+	0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f,
+	0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65,
 	0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10,
-	0x03, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a, 0x11,
-	0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70,
-	0x65, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54,
-	0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78,
-	0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73,
-	0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x2a, 0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75,
-	0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13,
-	0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78,
-	0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65,
-	0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01,
-	0x12, 0x23, 0x0a, 0x1f, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73,
-	0x69, 0x6f, 0x6e, 0x10, 0x03, 0x42, 0xae, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x42, 0x10, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79,
-	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
-	0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61,
-	0x74, 0x65, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca,
-	0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c,
-	0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a,
-	0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x03, 0x42, 0xae, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42,
+	0x10, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x50, 0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70,
+	0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x04, 0x48,
+	0x43, 0x49, 0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, 0x25, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
+	0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -8653,7 +8918,7 @@ func file_private_pbconfigentry_config_entry_proto_rawDescGZIP() []byte {
 }
 
 var file_private_pbconfigentry_config_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 11)
-var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 106)
+var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 110)
 var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(Kind)(0),                                   // 0: hashicorp.consul.internal.configentry.Kind
 	(IntentionAction)(0),                        // 1: hashicorp.consul.internal.configentry.IntentionAction
@@ -8716,98 +8981,102 @@ var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(*Condition)(nil),                           // 58: hashicorp.consul.internal.configentry.Condition
 	(*APIGatewayListener)(nil),                  // 59: hashicorp.consul.internal.configentry.APIGatewayListener
 	(*APIGatewayTLSConfiguration)(nil),          // 60: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
-	(*ResourceReference)(nil),                   // 61: hashicorp.consul.internal.configentry.ResourceReference
-	(*BoundAPIGateway)(nil),                     // 62: hashicorp.consul.internal.configentry.BoundAPIGateway
-	(*BoundAPIGatewayListener)(nil),             // 63: hashicorp.consul.internal.configentry.BoundAPIGatewayListener
-	(*InlineCertificate)(nil),                   // 64: hashicorp.consul.internal.configentry.InlineCertificate
-	(*HTTPRoute)(nil),                           // 65: hashicorp.consul.internal.configentry.HTTPRoute
-	(*HTTPRouteRule)(nil),                       // 66: hashicorp.consul.internal.configentry.HTTPRouteRule
-	(*HTTPMatch)(nil),                           // 67: hashicorp.consul.internal.configentry.HTTPMatch
-	(*HTTPHeaderMatch)(nil),                     // 68: hashicorp.consul.internal.configentry.HTTPHeaderMatch
-	(*HTTPPathMatch)(nil),                       // 69: hashicorp.consul.internal.configentry.HTTPPathMatch
-	(*HTTPQueryMatch)(nil),                      // 70: hashicorp.consul.internal.configentry.HTTPQueryMatch
-	(*HTTPFilters)(nil),                         // 71: hashicorp.consul.internal.configentry.HTTPFilters
-	(*URLRewrite)(nil),                          // 72: hashicorp.consul.internal.configentry.URLRewrite
-	(*RetryFilter)(nil),                         // 73: hashicorp.consul.internal.configentry.RetryFilter
-	(*TimeoutFilter)(nil),                       // 74: hashicorp.consul.internal.configentry.TimeoutFilter
-	(*HTTPHeaderFilter)(nil),                    // 75: hashicorp.consul.internal.configentry.HTTPHeaderFilter
-	(*HTTPService)(nil),                         // 76: hashicorp.consul.internal.configentry.HTTPService
-	(*TCPRoute)(nil),                            // 77: hashicorp.consul.internal.configentry.TCPRoute
-	(*TCPService)(nil),                          // 78: hashicorp.consul.internal.configentry.TCPService
-	(*SamenessGroup)(nil),                       // 79: hashicorp.consul.internal.configentry.SamenessGroup
-	(*SamenessGroupMember)(nil),                 // 80: hashicorp.consul.internal.configentry.SamenessGroupMember
-	(*JWTProvider)(nil),                         // 81: hashicorp.consul.internal.configentry.JWTProvider
-	(*JSONWebKeySet)(nil),                       // 82: hashicorp.consul.internal.configentry.JSONWebKeySet
-	(*LocalJWKS)(nil),                           // 83: hashicorp.consul.internal.configentry.LocalJWKS
-	(*RemoteJWKS)(nil),                          // 84: hashicorp.consul.internal.configentry.RemoteJWKS
-	(*JWKSCluster)(nil),                         // 85: hashicorp.consul.internal.configentry.JWKSCluster
-	(*JWKSTLSCertificate)(nil),                  // 86: hashicorp.consul.internal.configentry.JWKSTLSCertificate
-	(*JWKSTLSCertProviderInstance)(nil),         // 87: hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
-	(*JWKSTLSCertTrustedCA)(nil),                // 88: hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
-	(*JWKSRetryPolicy)(nil),                     // 89: hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	(*RetryPolicyBackOff)(nil),                  // 90: hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	(*JWTLocation)(nil),                         // 91: hashicorp.consul.internal.configentry.JWTLocation
-	(*JWTLocationHeader)(nil),                   // 92: hashicorp.consul.internal.configentry.JWTLocationHeader
-	(*JWTLocationQueryParam)(nil),               // 93: hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	(*JWTLocationCookie)(nil),                   // 94: hashicorp.consul.internal.configentry.JWTLocationCookie
-	(*JWTForwardingConfig)(nil),                 // 95: hashicorp.consul.internal.configentry.JWTForwardingConfig
-	(*JWTCacheConfig)(nil),                      // 96: hashicorp.consul.internal.configentry.JWTCacheConfig
-	nil,                                         // 97: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
-	nil,                                         // 98: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
-	nil,                                         // 99: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	nil,                                         // 100: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	nil,                                         // 101: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
-	nil,                                         // 102: hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	nil,                                         // 103: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	nil,                                         // 104: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
-	nil,                                         // 105: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
-	nil,                                         // 106: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	nil,                                         // 107: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	nil,                                         // 108: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
-	nil,                                         // 109: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
-	nil,                                         // 110: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	nil,                                         // 111: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
-	nil,                                         // 112: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	nil,                                         // 113: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
-	nil,                                         // 114: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
-	nil,                                         // 115: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	nil,                                         // 116: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
-	(*pbcommon.EnterpriseMeta)(nil),             // 117: hashicorp.consul.internal.common.EnterpriseMeta
-	(*pbcommon.RaftIndex)(nil),                  // 118: hashicorp.consul.internal.common.RaftIndex
-	(*durationpb.Duration)(nil),                 // 119: google.protobuf.Duration
-	(*timestamppb.Timestamp)(nil),               // 120: google.protobuf.Timestamp
-	(*pbcommon.EnvoyExtension)(nil),             // 121: hashicorp.consul.internal.common.EnvoyExtension
+	(*APIGatewayPolicy)(nil),                    // 61: hashicorp.consul.internal.configentry.APIGatewayPolicy
+	(*APIGatewayJWTRequirement)(nil),            // 62: hashicorp.consul.internal.configentry.APIGatewayJWTRequirement
+	(*APIGatewayJWTProvider)(nil),               // 63: hashicorp.consul.internal.configentry.APIGatewayJWTProvider
+	(*APIGatewayJWTClaimVerification)(nil),      // 64: hashicorp.consul.internal.configentry.APIGatewayJWTClaimVerification
+	(*ResourceReference)(nil),                   // 65: hashicorp.consul.internal.configentry.ResourceReference
+	(*BoundAPIGateway)(nil),                     // 66: hashicorp.consul.internal.configentry.BoundAPIGateway
+	(*BoundAPIGatewayListener)(nil),             // 67: hashicorp.consul.internal.configentry.BoundAPIGatewayListener
+	(*InlineCertificate)(nil),                   // 68: hashicorp.consul.internal.configentry.InlineCertificate
+	(*HTTPRoute)(nil),                           // 69: hashicorp.consul.internal.configentry.HTTPRoute
+	(*HTTPRouteRule)(nil),                       // 70: hashicorp.consul.internal.configentry.HTTPRouteRule
+	(*HTTPMatch)(nil),                           // 71: hashicorp.consul.internal.configentry.HTTPMatch
+	(*HTTPHeaderMatch)(nil),                     // 72: hashicorp.consul.internal.configentry.HTTPHeaderMatch
+	(*HTTPPathMatch)(nil),                       // 73: hashicorp.consul.internal.configentry.HTTPPathMatch
+	(*HTTPQueryMatch)(nil),                      // 74: hashicorp.consul.internal.configentry.HTTPQueryMatch
+	(*HTTPFilters)(nil),                         // 75: hashicorp.consul.internal.configentry.HTTPFilters
+	(*URLRewrite)(nil),                          // 76: hashicorp.consul.internal.configentry.URLRewrite
+	(*RetryFilter)(nil),                         // 77: hashicorp.consul.internal.configentry.RetryFilter
+	(*TimeoutFilter)(nil),                       // 78: hashicorp.consul.internal.configentry.TimeoutFilter
+	(*HTTPHeaderFilter)(nil),                    // 79: hashicorp.consul.internal.configentry.HTTPHeaderFilter
+	(*HTTPService)(nil),                         // 80: hashicorp.consul.internal.configentry.HTTPService
+	(*TCPRoute)(nil),                            // 81: hashicorp.consul.internal.configentry.TCPRoute
+	(*TCPService)(nil),                          // 82: hashicorp.consul.internal.configentry.TCPService
+	(*SamenessGroup)(nil),                       // 83: hashicorp.consul.internal.configentry.SamenessGroup
+	(*SamenessGroupMember)(nil),                 // 84: hashicorp.consul.internal.configentry.SamenessGroupMember
+	(*JWTProvider)(nil),                         // 85: hashicorp.consul.internal.configentry.JWTProvider
+	(*JSONWebKeySet)(nil),                       // 86: hashicorp.consul.internal.configentry.JSONWebKeySet
+	(*LocalJWKS)(nil),                           // 87: hashicorp.consul.internal.configentry.LocalJWKS
+	(*RemoteJWKS)(nil),                          // 88: hashicorp.consul.internal.configentry.RemoteJWKS
+	(*JWKSCluster)(nil),                         // 89: hashicorp.consul.internal.configentry.JWKSCluster
+	(*JWKSTLSCertificate)(nil),                  // 90: hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	(*JWKSTLSCertProviderInstance)(nil),         // 91: hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	(*JWKSTLSCertTrustedCA)(nil),                // 92: hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	(*JWKSRetryPolicy)(nil),                     // 93: hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	(*RetryPolicyBackOff)(nil),                  // 94: hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	(*JWTLocation)(nil),                         // 95: hashicorp.consul.internal.configentry.JWTLocation
+	(*JWTLocationHeader)(nil),                   // 96: hashicorp.consul.internal.configentry.JWTLocationHeader
+	(*JWTLocationQueryParam)(nil),               // 97: hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	(*JWTLocationCookie)(nil),                   // 98: hashicorp.consul.internal.configentry.JWTLocationCookie
+	(*JWTForwardingConfig)(nil),                 // 99: hashicorp.consul.internal.configentry.JWTForwardingConfig
+	(*JWTCacheConfig)(nil),                      // 100: hashicorp.consul.internal.configentry.JWTCacheConfig
+	nil,                                         // 101: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	nil,                                         // 102: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	nil,                                         // 103: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	nil,                                         // 104: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	nil,                                         // 105: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	nil,                                         // 106: hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	nil,                                         // 107: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	nil,                                         // 108: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	nil,                                         // 109: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	nil,                                         // 110: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	nil,                                         // 111: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	nil,                                         // 112: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	nil,                                         // 113: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	nil,                                         // 114: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	nil,                                         // 115: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	nil,                                         // 116: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	nil,                                         // 117: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	nil,                                         // 118: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	nil,                                         // 119: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	nil,                                         // 120: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	(*pbcommon.EnterpriseMeta)(nil),             // 121: hashicorp.consul.internal.common.EnterpriseMeta
+	(*pbcommon.RaftIndex)(nil),                  // 122: hashicorp.consul.internal.common.RaftIndex
+	(*durationpb.Duration)(nil),                 // 123: google.protobuf.Duration
+	(*timestamppb.Timestamp)(nil),               // 124: google.protobuf.Timestamp
+	(*pbcommon.EnvoyExtension)(nil),             // 125: hashicorp.consul.internal.common.EnvoyExtension
 }
 var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	0,   // 0: hashicorp.consul.internal.configentry.ConfigEntry.Kind:type_name -> hashicorp.consul.internal.configentry.Kind
-	117, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	118, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
+	121, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	122, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
 	12,  // 3: hashicorp.consul.internal.configentry.ConfigEntry.MeshConfig:type_name -> hashicorp.consul.internal.configentry.MeshConfig
 	18,  // 4: hashicorp.consul.internal.configentry.ConfigEntry.ServiceResolver:type_name -> hashicorp.consul.internal.configentry.ServiceResolver
 	30,  // 5: hashicorp.consul.internal.configentry.ConfigEntry.IngressGateway:type_name -> hashicorp.consul.internal.configentry.IngressGateway
 	38,  // 6: hashicorp.consul.internal.configentry.ConfigEntry.ServiceIntentions:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions
 	46,  // 7: hashicorp.consul.internal.configentry.ConfigEntry.ServiceDefaults:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults
 	56,  // 8: hashicorp.consul.internal.configentry.ConfigEntry.APIGateway:type_name -> hashicorp.consul.internal.configentry.APIGateway
-	62,  // 9: hashicorp.consul.internal.configentry.ConfigEntry.BoundAPIGateway:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway
-	77,  // 10: hashicorp.consul.internal.configentry.ConfigEntry.TCPRoute:type_name -> hashicorp.consul.internal.configentry.TCPRoute
-	65,  // 11: hashicorp.consul.internal.configentry.ConfigEntry.HTTPRoute:type_name -> hashicorp.consul.internal.configentry.HTTPRoute
-	64,  // 12: hashicorp.consul.internal.configentry.ConfigEntry.InlineCertificate:type_name -> hashicorp.consul.internal.configentry.InlineCertificate
-	79,  // 13: hashicorp.consul.internal.configentry.ConfigEntry.SamenessGroup:type_name -> hashicorp.consul.internal.configentry.SamenessGroup
-	81,  // 14: hashicorp.consul.internal.configentry.ConfigEntry.JWTProvider:type_name -> hashicorp.consul.internal.configentry.JWTProvider
+	66,  // 9: hashicorp.consul.internal.configentry.ConfigEntry.BoundAPIGateway:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway
+	81,  // 10: hashicorp.consul.internal.configentry.ConfigEntry.TCPRoute:type_name -> hashicorp.consul.internal.configentry.TCPRoute
+	69,  // 11: hashicorp.consul.internal.configentry.ConfigEntry.HTTPRoute:type_name -> hashicorp.consul.internal.configentry.HTTPRoute
+	68,  // 12: hashicorp.consul.internal.configentry.ConfigEntry.InlineCertificate:type_name -> hashicorp.consul.internal.configentry.InlineCertificate
+	83,  // 13: hashicorp.consul.internal.configentry.ConfigEntry.SamenessGroup:type_name -> hashicorp.consul.internal.configentry.SamenessGroup
+	85,  // 14: hashicorp.consul.internal.configentry.ConfigEntry.JWTProvider:type_name -> hashicorp.consul.internal.configentry.JWTProvider
 	13,  // 15: hashicorp.consul.internal.configentry.MeshConfig.TransparentProxy:type_name -> hashicorp.consul.internal.configentry.TransparentProxyMeshConfig
 	14,  // 16: hashicorp.consul.internal.configentry.MeshConfig.TLS:type_name -> hashicorp.consul.internal.configentry.MeshTLSConfig
 	16,  // 17: hashicorp.consul.internal.configentry.MeshConfig.HTTP:type_name -> hashicorp.consul.internal.configentry.MeshHTTPConfig
-	97,  // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	101, // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
 	17,  // 19: hashicorp.consul.internal.configentry.MeshConfig.Peering:type_name -> hashicorp.consul.internal.configentry.PeeringMeshConfig
 	15,  // 20: hashicorp.consul.internal.configentry.MeshTLSConfig.Incoming:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
 	15,  // 21: hashicorp.consul.internal.configentry.MeshTLSConfig.Outgoing:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
-	98,  // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	102, // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
 	20,  // 23: hashicorp.consul.internal.configentry.ServiceResolver.Redirect:type_name -> hashicorp.consul.internal.configentry.ServiceResolverRedirect
-	99,  // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	119, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
+	103, // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	123, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
 	25,  // 26: hashicorp.consul.internal.configentry.ServiceResolver.LoadBalancer:type_name -> hashicorp.consul.internal.configentry.LoadBalancer
-	100, // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	119, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
+	104, // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	123, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
 	23,  // 29: hashicorp.consul.internal.configentry.ServiceResolver.PrioritizeByLocality:type_name -> hashicorp.consul.internal.configentry.ServiceResolverPrioritizeByLocality
 	24,  // 30: hashicorp.consul.internal.configentry.ServiceResolverFailover.Targets:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverTarget
 	22,  // 31: hashicorp.consul.internal.configentry.ServiceResolverFailover.Policy:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverPolicy
@@ -8815,10 +9084,10 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	27,  // 33: hashicorp.consul.internal.configentry.LoadBalancer.LeastRequestConfig:type_name -> hashicorp.consul.internal.configentry.LeastRequestConfig
 	28,  // 34: hashicorp.consul.internal.configentry.LoadBalancer.HashPolicies:type_name -> hashicorp.consul.internal.configentry.HashPolicy
 	29,  // 35: hashicorp.consul.internal.configentry.HashPolicy.CookieConfig:type_name -> hashicorp.consul.internal.configentry.CookieConfig
-	119, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
+	123, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
 	32,  // 37: hashicorp.consul.internal.configentry.IngressGateway.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig
 	34,  // 38: hashicorp.consul.internal.configentry.IngressGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.IngressListener
-	101, // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	105, // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
 	31,  // 40: hashicorp.consul.internal.configentry.IngressGateway.Defaults:type_name -> hashicorp.consul.internal.configentry.IngressServiceConfig
 	54,  // 41: hashicorp.consul.internal.configentry.IngressServiceConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 42: hashicorp.consul.internal.configentry.GatewayTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
@@ -8827,24 +9096,24 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	36,  // 45: hashicorp.consul.internal.configentry.IngressService.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayServiceTLSConfig
 	37,  // 46: hashicorp.consul.internal.configentry.IngressService.RequestHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
 	37,  // 47: hashicorp.consul.internal.configentry.IngressService.ResponseHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
-	102, // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	117, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	106, // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	121, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	54,  // 50: hashicorp.consul.internal.configentry.IngressService.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 51: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
-	103, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	104, // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	107, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	108, // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
 	42,  // 54: hashicorp.consul.internal.configentry.ServiceIntentions.Sources:type_name -> hashicorp.consul.internal.configentry.SourceIntention
-	105, // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	109, // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
 	39,  // 56: hashicorp.consul.internal.configentry.ServiceIntentions.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
 	40,  // 57: hashicorp.consul.internal.configentry.IntentionJWTRequirement.Providers:type_name -> hashicorp.consul.internal.configentry.IntentionJWTProvider
 	41,  // 58: hashicorp.consul.internal.configentry.IntentionJWTProvider.VerifyClaims:type_name -> hashicorp.consul.internal.configentry.IntentionJWTClaimVerification
 	1,   // 59: hashicorp.consul.internal.configentry.SourceIntention.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	43,  // 60: hashicorp.consul.internal.configentry.SourceIntention.Permissions:type_name -> hashicorp.consul.internal.configentry.IntentionPermission
 	2,   // 61: hashicorp.consul.internal.configentry.SourceIntention.Type:type_name -> hashicorp.consul.internal.configentry.IntentionSourceType
-	106, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	120, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
-	120, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
-	117, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	110, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	124, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
+	124, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
+	121, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	1,   // 66: hashicorp.consul.internal.configentry.IntentionPermission.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	44,  // 67: hashicorp.consul.internal.configentry.IntentionPermission.HTTP:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPPermission
 	39,  // 68: hashicorp.consul.internal.configentry.IntentionPermission.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
@@ -8855,93 +9124,98 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	49,  // 73: hashicorp.consul.internal.configentry.ServiceDefaults.Expose:type_name -> hashicorp.consul.internal.configentry.ExposeConfig
 	51,  // 74: hashicorp.consul.internal.configentry.ServiceDefaults.UpstreamConfig:type_name -> hashicorp.consul.internal.configentry.UpstreamConfiguration
 	55,  // 75: hashicorp.consul.internal.configentry.ServiceDefaults.Destination:type_name -> hashicorp.consul.internal.configentry.DestinationConfig
-	107, // 76: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	121, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
+	111, // 76: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	125, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
 	4,   // 78: hashicorp.consul.internal.configentry.ServiceDefaults.MutualTLSMode:type_name -> hashicorp.consul.internal.configentry.MutualTLSMode
 	5,   // 79: hashicorp.consul.internal.configentry.MeshGatewayConfig.Mode:type_name -> hashicorp.consul.internal.configentry.MeshGatewayMode
 	50,  // 80: hashicorp.consul.internal.configentry.ExposeConfig.Paths:type_name -> hashicorp.consul.internal.configentry.ExposePath
 	52,  // 81: hashicorp.consul.internal.configentry.UpstreamConfiguration.Overrides:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
 	52,  // 82: hashicorp.consul.internal.configentry.UpstreamConfiguration.Defaults:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
-	117, // 83: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	121, // 83: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	53,  // 84: hashicorp.consul.internal.configentry.UpstreamConfig.Limits:type_name -> hashicorp.consul.internal.configentry.UpstreamLimits
 	54,  // 85: hashicorp.consul.internal.configentry.UpstreamConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	48,  // 86: hashicorp.consul.internal.configentry.UpstreamConfig.MeshGateway:type_name -> hashicorp.consul.internal.configentry.MeshGatewayConfig
-	119, // 87: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
-	119, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
-	108, // 89: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	123, // 87: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
+	123, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
+	112, // 89: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
 	59,  // 90: hashicorp.consul.internal.configentry.APIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.APIGatewayListener
 	57,  // 91: hashicorp.consul.internal.configentry.APIGateway.Status:type_name -> hashicorp.consul.internal.configentry.Status
 	58,  // 92: hashicorp.consul.internal.configentry.Status.Conditions:type_name -> hashicorp.consul.internal.configentry.Condition
-	61,  // 93: hashicorp.consul.internal.configentry.Condition.Resource:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	120, // 94: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
+	65,  // 93: hashicorp.consul.internal.configentry.Condition.Resource:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	124, // 94: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
 	6,   // 95: hashicorp.consul.internal.configentry.APIGatewayListener.Protocol:type_name -> hashicorp.consul.internal.configentry.APIGatewayListenerProtocol
 	60,  // 96: hashicorp.consul.internal.configentry.APIGatewayListener.TLS:type_name -> hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
-	61,  // 97: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	117, // 98: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	109, // 99: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
-	63,  // 100: hashicorp.consul.internal.configentry.BoundAPIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.BoundAPIGatewayListener
-	61,  // 101: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	61,  // 102: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Routes:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	110, // 103: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	111, // 104: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
-	61,  // 105: hashicorp.consul.internal.configentry.HTTPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	66,  // 106: hashicorp.consul.internal.configentry.HTTPRoute.Rules:type_name -> hashicorp.consul.internal.configentry.HTTPRouteRule
-	57,  // 107: hashicorp.consul.internal.configentry.HTTPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
-	71,  // 108: hashicorp.consul.internal.configentry.HTTPRouteRule.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
-	67,  // 109: hashicorp.consul.internal.configentry.HTTPRouteRule.Matches:type_name -> hashicorp.consul.internal.configentry.HTTPMatch
-	76,  // 110: hashicorp.consul.internal.configentry.HTTPRouteRule.Services:type_name -> hashicorp.consul.internal.configentry.HTTPService
-	68,  // 111: hashicorp.consul.internal.configentry.HTTPMatch.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatch
-	7,   // 112: hashicorp.consul.internal.configentry.HTTPMatch.Method:type_name -> hashicorp.consul.internal.configentry.HTTPMatchMethod
-	69,  // 113: hashicorp.consul.internal.configentry.HTTPMatch.Path:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatch
-	70,  // 114: hashicorp.consul.internal.configentry.HTTPMatch.Query:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatch
-	8,   // 115: hashicorp.consul.internal.configentry.HTTPHeaderMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatchType
-	9,   // 116: hashicorp.consul.internal.configentry.HTTPPathMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatchType
-	10,  // 117: hashicorp.consul.internal.configentry.HTTPQueryMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatchType
-	75,  // 118: hashicorp.consul.internal.configentry.HTTPFilters.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter
-	72,  // 119: hashicorp.consul.internal.configentry.HTTPFilters.URLRewrite:type_name -> hashicorp.consul.internal.configentry.URLRewrite
-	73,  // 120: hashicorp.consul.internal.configentry.HTTPFilters.RetryFilter:type_name -> hashicorp.consul.internal.configentry.RetryFilter
-	74,  // 121: hashicorp.consul.internal.configentry.HTTPFilters.TimeoutFilter:type_name -> hashicorp.consul.internal.configentry.TimeoutFilter
-	119, // 122: hashicorp.consul.internal.configentry.TimeoutFilter.RequestTimeout:type_name -> google.protobuf.Duration
-	119, // 123: hashicorp.consul.internal.configentry.TimeoutFilter.IdleTimeout:type_name -> google.protobuf.Duration
-	112, // 124: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	113, // 125: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
-	71,  // 126: hashicorp.consul.internal.configentry.HTTPService.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
-	117, // 127: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	114, // 128: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
-	61,  // 129: hashicorp.consul.internal.configentry.TCPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	78,  // 130: hashicorp.consul.internal.configentry.TCPRoute.Services:type_name -> hashicorp.consul.internal.configentry.TCPService
-	57,  // 131: hashicorp.consul.internal.configentry.TCPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
-	117, // 132: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	80,  // 133: hashicorp.consul.internal.configentry.SamenessGroup.Members:type_name -> hashicorp.consul.internal.configentry.SamenessGroupMember
-	115, // 134: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	117, // 135: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	82,  // 136: hashicorp.consul.internal.configentry.JWTProvider.JSONWebKeySet:type_name -> hashicorp.consul.internal.configentry.JSONWebKeySet
-	91,  // 137: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
-	95,  // 138: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
-	96,  // 139: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
-	116, // 140: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
-	83,  // 141: hashicorp.consul.internal.configentry.JSONWebKeySet.Local:type_name -> hashicorp.consul.internal.configentry.LocalJWKS
-	84,  // 142: hashicorp.consul.internal.configentry.JSONWebKeySet.Remote:type_name -> hashicorp.consul.internal.configentry.RemoteJWKS
-	119, // 143: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
-	89,  // 144: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	85,  // 145: hashicorp.consul.internal.configentry.RemoteJWKS.JWKSCluster:type_name -> hashicorp.consul.internal.configentry.JWKSCluster
-	86,  // 146: hashicorp.consul.internal.configentry.JWKSCluster.TLSCertificates:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertificate
-	119, // 147: hashicorp.consul.internal.configentry.JWKSCluster.ConnectTimeout:type_name -> google.protobuf.Duration
-	87,  // 148: hashicorp.consul.internal.configentry.JWKSTLSCertificate.CaCertificateProviderInstance:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
-	88,  // 149: hashicorp.consul.internal.configentry.JWKSTLSCertificate.TrustedCA:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
-	90,  // 150: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	119, // 151: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
-	119, // 152: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
-	92,  // 153: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
-	93,  // 154: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	94,  // 155: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
-	19,  // 156: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
-	21,  // 157: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
-	158, // [158:158] is the sub-list for method output_type
-	158, // [158:158] is the sub-list for method input_type
-	158, // [158:158] is the sub-list for extension type_name
-	158, // [158:158] is the sub-list for extension extendee
-	0,   // [0:158] is the sub-list for field type_name
+	61,  // 97: hashicorp.consul.internal.configentry.APIGatewayListener.Override:type_name -> hashicorp.consul.internal.configentry.APIGatewayPolicy
+	61,  // 98: hashicorp.consul.internal.configentry.APIGatewayListener.Default:type_name -> hashicorp.consul.internal.configentry.APIGatewayPolicy
+	65,  // 99: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	62,  // 100: hashicorp.consul.internal.configentry.APIGatewayPolicy.JWT:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTRequirement
+	63,  // 101: hashicorp.consul.internal.configentry.APIGatewayJWTRequirement.Providers:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTProvider
+	64,  // 102: hashicorp.consul.internal.configentry.APIGatewayJWTProvider.VerifyClaims:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTClaimVerification
+	121, // 103: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	113, // 104: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	67,  // 105: hashicorp.consul.internal.configentry.BoundAPIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.BoundAPIGatewayListener
+	65,  // 106: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	65,  // 107: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Routes:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	114, // 108: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	115, // 109: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	65,  // 110: hashicorp.consul.internal.configentry.HTTPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	70,  // 111: hashicorp.consul.internal.configentry.HTTPRoute.Rules:type_name -> hashicorp.consul.internal.configentry.HTTPRouteRule
+	57,  // 112: hashicorp.consul.internal.configentry.HTTPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
+	75,  // 113: hashicorp.consul.internal.configentry.HTTPRouteRule.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
+	71,  // 114: hashicorp.consul.internal.configentry.HTTPRouteRule.Matches:type_name -> hashicorp.consul.internal.configentry.HTTPMatch
+	80,  // 115: hashicorp.consul.internal.configentry.HTTPRouteRule.Services:type_name -> hashicorp.consul.internal.configentry.HTTPService
+	72,  // 116: hashicorp.consul.internal.configentry.HTTPMatch.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatch
+	7,   // 117: hashicorp.consul.internal.configentry.HTTPMatch.Method:type_name -> hashicorp.consul.internal.configentry.HTTPMatchMethod
+	73,  // 118: hashicorp.consul.internal.configentry.HTTPMatch.Path:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatch
+	74,  // 119: hashicorp.consul.internal.configentry.HTTPMatch.Query:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatch
+	8,   // 120: hashicorp.consul.internal.configentry.HTTPHeaderMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatchType
+	9,   // 121: hashicorp.consul.internal.configentry.HTTPPathMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatchType
+	10,  // 122: hashicorp.consul.internal.configentry.HTTPQueryMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatchType
+	79,  // 123: hashicorp.consul.internal.configentry.HTTPFilters.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter
+	76,  // 124: hashicorp.consul.internal.configentry.HTTPFilters.URLRewrite:type_name -> hashicorp.consul.internal.configentry.URLRewrite
+	77,  // 125: hashicorp.consul.internal.configentry.HTTPFilters.RetryFilter:type_name -> hashicorp.consul.internal.configentry.RetryFilter
+	78,  // 126: hashicorp.consul.internal.configentry.HTTPFilters.TimeoutFilter:type_name -> hashicorp.consul.internal.configentry.TimeoutFilter
+	123, // 127: hashicorp.consul.internal.configentry.TimeoutFilter.RequestTimeout:type_name -> google.protobuf.Duration
+	123, // 128: hashicorp.consul.internal.configentry.TimeoutFilter.IdleTimeout:type_name -> google.protobuf.Duration
+	116, // 129: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	117, // 130: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	75,  // 131: hashicorp.consul.internal.configentry.HTTPService.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
+	121, // 132: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	118, // 133: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	65,  // 134: hashicorp.consul.internal.configentry.TCPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	82,  // 135: hashicorp.consul.internal.configentry.TCPRoute.Services:type_name -> hashicorp.consul.internal.configentry.TCPService
+	57,  // 136: hashicorp.consul.internal.configentry.TCPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
+	121, // 137: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	84,  // 138: hashicorp.consul.internal.configentry.SamenessGroup.Members:type_name -> hashicorp.consul.internal.configentry.SamenessGroupMember
+	119, // 139: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	121, // 140: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	86,  // 141: hashicorp.consul.internal.configentry.JWTProvider.JSONWebKeySet:type_name -> hashicorp.consul.internal.configentry.JSONWebKeySet
+	95,  // 142: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
+	99,  // 143: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
+	100, // 144: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
+	120, // 145: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	87,  // 146: hashicorp.consul.internal.configentry.JSONWebKeySet.Local:type_name -> hashicorp.consul.internal.configentry.LocalJWKS
+	88,  // 147: hashicorp.consul.internal.configentry.JSONWebKeySet.Remote:type_name -> hashicorp.consul.internal.configentry.RemoteJWKS
+	123, // 148: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
+	93,  // 149: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	89,  // 150: hashicorp.consul.internal.configentry.RemoteJWKS.JWKSCluster:type_name -> hashicorp.consul.internal.configentry.JWKSCluster
+	90,  // 151: hashicorp.consul.internal.configentry.JWKSCluster.TLSCertificates:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	123, // 152: hashicorp.consul.internal.configentry.JWKSCluster.ConnectTimeout:type_name -> google.protobuf.Duration
+	91,  // 153: hashicorp.consul.internal.configentry.JWKSTLSCertificate.CaCertificateProviderInstance:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	92,  // 154: hashicorp.consul.internal.configentry.JWKSTLSCertificate.TrustedCA:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	94,  // 155: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	123, // 156: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
+	123, // 157: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
+	96,  // 158: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
+	97,  // 159: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	98,  // 160: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
+	19,  // 161: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
+	21,  // 162: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
+	163, // [163:163] is the sub-list for method output_type
+	163, // [163:163] is the sub-list for method input_type
+	163, // [163:163] is the sub-list for extension type_name
+	163, // [163:163] is the sub-list for extension extendee
+	0,   // [0:163] is the sub-list for field type_name
 }
 
 func init() { file_private_pbconfigentry_config_entry_proto_init() }
@@ -9551,7 +9825,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[50].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ResourceReference); i {
+			switch v := v.(*APIGatewayPolicy); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9563,7 +9837,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[51].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*BoundAPIGateway); i {
+			switch v := v.(*APIGatewayJWTRequirement); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9575,7 +9849,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[52].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*BoundAPIGatewayListener); i {
+			switch v := v.(*APIGatewayJWTProvider); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9587,7 +9861,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[53].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InlineCertificate); i {
+			switch v := v.(*APIGatewayJWTClaimVerification); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9599,7 +9873,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[54].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPRoute); i {
+			switch v := v.(*ResourceReference); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9611,7 +9885,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[55].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPRouteRule); i {
+			switch v := v.(*BoundAPIGateway); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9623,7 +9897,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[56].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPMatch); i {
+			switch v := v.(*BoundAPIGatewayListener); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9635,7 +9909,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[57].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPHeaderMatch); i {
+			switch v := v.(*InlineCertificate); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9647,7 +9921,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[58].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPPathMatch); i {
+			switch v := v.(*HTTPRoute); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9659,7 +9933,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[59].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPQueryMatch); i {
+			switch v := v.(*HTTPRouteRule); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9671,7 +9945,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[60].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPFilters); i {
+			switch v := v.(*HTTPMatch); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9683,7 +9957,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[61].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*URLRewrite); i {
+			switch v := v.(*HTTPHeaderMatch); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9695,7 +9969,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[62].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RetryFilter); i {
+			switch v := v.(*HTTPPathMatch); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9707,7 +9981,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[63].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TimeoutFilter); i {
+			switch v := v.(*HTTPQueryMatch); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9719,7 +9993,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[64].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPHeaderFilter); i {
+			switch v := v.(*HTTPFilters); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9731,7 +10005,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[65].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPService); i {
+			switch v := v.(*URLRewrite); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9743,7 +10017,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[66].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPRoute); i {
+			switch v := v.(*RetryFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9755,7 +10029,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[67].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPService); i {
+			switch v := v.(*TimeoutFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9767,7 +10041,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[68].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SamenessGroup); i {
+			switch v := v.(*HTTPHeaderFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9779,7 +10053,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[69].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SamenessGroupMember); i {
+			switch v := v.(*HTTPService); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9791,7 +10065,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[70].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTProvider); i {
+			switch v := v.(*TCPRoute); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9803,7 +10077,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[71].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JSONWebKeySet); i {
+			switch v := v.(*TCPService); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9815,7 +10089,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[72].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LocalJWKS); i {
+			switch v := v.(*SamenessGroup); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9827,7 +10101,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[73].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RemoteJWKS); i {
+			switch v := v.(*SamenessGroupMember); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9839,7 +10113,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[74].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSCluster); i {
+			switch v := v.(*JWTProvider); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9851,7 +10125,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[75].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertificate); i {
+			switch v := v.(*JSONWebKeySet); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9863,7 +10137,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[76].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertProviderInstance); i {
+			switch v := v.(*LocalJWKS); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9875,7 +10149,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[77].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertTrustedCA); i {
+			switch v := v.(*RemoteJWKS); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9887,7 +10161,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[78].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSRetryPolicy); i {
+			switch v := v.(*JWKSCluster); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9899,7 +10173,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[79].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RetryPolicyBackOff); i {
+			switch v := v.(*JWKSTLSCertificate); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9911,7 +10185,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[80].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocation); i {
+			switch v := v.(*JWKSTLSCertProviderInstance); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9923,7 +10197,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[81].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationHeader); i {
+			switch v := v.(*JWKSTLSCertTrustedCA); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9935,7 +10209,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[82].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationQueryParam); i {
+			switch v := v.(*JWKSRetryPolicy); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9947,7 +10221,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[83].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationCookie); i {
+			switch v := v.(*RetryPolicyBackOff); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9959,7 +10233,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[84].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTForwardingConfig); i {
+			switch v := v.(*JWTLocation); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9971,6 +10245,54 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[85].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTLocationHeader); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[86].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTLocationQueryParam); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[87].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTLocationCookie); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[88].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTForwardingConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[89].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTCacheConfig); i {
 			case 0:
 				return &v.state
@@ -10003,7 +10325,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_private_pbconfigentry_config_entry_proto_rawDesc,
 			NumEnums:      11,
-			NumMessages:   106,
+			NumMessages:   110,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto/private/pbconfigentry/config_entry.proto b/proto/private/pbconfigentry/config_entry.proto
index ff59a3cfcc41..c3b6baaa6743 100644
--- a/proto/private/pbconfigentry/config_entry.proto
+++ b/proto/private/pbconfigentry/config_entry.proto
@@ -706,6 +706,8 @@ message APIGatewayListener {
   // mog: func-to=apiGatewayProtocolToStructs func-from=apiGatewayProtocolFromStructs
   APIGatewayListenerProtocol Protocol = 4;
   APIGatewayTLSConfiguration TLS = 5;
+  APIGatewayPolicy Override = 6;
+  APIGatewayPolicy Default = 7;
 }
 
 // mog annotation:
@@ -723,6 +725,30 @@ message APIGatewayTLSConfiguration {
   repeated string CipherSuites = 4;
 }
 
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.APIGatewayPolicy
+// output=config_entry.gen.go
+// name=Structs
+message APIGatewayPolicy {
+  // mog: func-to=gwJWTRequirementToStructs func-from=gwJWTRequirementFromStructs
+  APIGatewayJWTRequirement JWT = 1;
+}
+
+message APIGatewayJWTRequirement {
+  repeated APIGatewayJWTProvider Providers = 1;
+}
+
+message APIGatewayJWTProvider {
+  string Name = 1;
+  repeated APIGatewayJWTClaimVerification VerifyClaims = 2;
+}
+
+message APIGatewayJWTClaimVerification {
+  repeated string Path = 1;
+  string Value = 2;
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.ResourceReference
diff --git a/proto/private/pbconfigentry/config_entry_oss.go b/proto/private/pbconfigentry/config_entry_oss.go
new file mode 100644
index 000000000000..09e9ea18cd51
--- /dev/null
+++ b/proto/private/pbconfigentry/config_entry_oss.go
@@ -0,0 +1,17 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+//go:build !consulent
+// +build !consulent
+
+package pbconfigentry
+
+import "github.com/hashicorp/consul/agent/structs"
+
+func gwJWTRequirementToStructs(m *APIGatewayJWTRequirement) *structs.APIGatewayJWTRequirement {
+	return &structs.APIGatewayJWTRequirement{}
+}
+
+func gwJWTRequirementFromStructs(*structs.APIGatewayJWTRequirement) *APIGatewayJWTRequirement {
+	return &APIGatewayJWTRequirement{}
+}

From 698165858505eab8b0df029a9c2b551d891b9c92 Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Thu, 10 Aug 2023 13:33:01 -0700
Subject: [PATCH 270/359] k8s compat - Openshift versions (#18307)

* Update compatibility.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
---
 website/content/docs/k8s/compatibility.mdx | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/website/content/docs/k8s/compatibility.mdx b/website/content/docs/k8s/compatibility.mdx
index 1ad8a365e7eb..60932c0cb105 100644
--- a/website/content/docs/k8s/compatibility.mdx
+++ b/website/content/docs/k8s/compatibility.mdx
@@ -13,11 +13,11 @@ For every release of Consul on Kubernetes, a Helm chart, `consul-k8s-control-pla
 
 Consul Kubernetes versions all of its components (`consul-k8s` CLI, `consul-k8s-control-plane`, and Helm chart) with a single semantic version. When installing or upgrading to a specific versions, ensure that you are using the correct Consul version with the compatible Helm chart or `consul-k8s` CLI.
 
-| Consul version | Compatible `consul-k8s` versions | Compatible Kubernetes versions |
-| -------------- | -------------------------------- | -------------------------------|
-| 1.16.x         | 1.2.x                            | 1.24.x - 1.27.x                |
-| 1.15.x         | 1.1.x                            | 1.23.x - 1.26.x                |
-| 1.14.x         | 1.0.x                            | 1.22.x - 1.25.x                |
+| Consul version | Compatible `consul-k8s` versions | Compatible Kubernetes versions | Compatible OpenShift versions |
+| -------------- | -------------------------------- | -------------------------------| ----------------------------- |
+| 1.16.x         | 1.2.x                            | 1.24.x - 1.27.x                | 4.11.x - 4.14.x               |
+| 1.15.x         | 1.1.x                            | 1.23.x - 1.26.x                | 4.10.x - 4.13.x               |
+| 1.14.x         | 1.0.x                            | 1.22.x - 1.25.x                | 4.9.x - 4.12.x                |
 
 ### Version-specific upgrade requirements
 
@@ -41,9 +41,7 @@ Starting with Consul K8s 0.39.0 and Consul 1.11.x, Consul Kubernetes supports th
 
 ### Red Hat OpenShift
 
-Consul Kubernetes delivered Red Hat OpenShift support starting with Consul Helm chart version 0.25.0 for Consul 1.8.4. Please note the following details regarding OpenShift support.
-
-- Red Hat OpenShift is only supported for OpenShift 4.4.x and above.
+You can enable support for Red Hat OpenShift by setting `enabled: true` in the `global.openshift` stanza. Refer to the [Deploy Consul on RedHat OpenShift tutorial](https://developer.hashicorp.com/consul/tutorials/kubernetes/kubernetes-openshift-red-hat) for instructions on deploying to OpenShift. 
 - Only the default CNI Plugin, [OpenShift SDN CNI Plugin](https://docs.openshift.com/container-platform/4.9/networking/openshift_sdn/about-openshift-sdn.html) is currently supported.
 
 ### VMware Tanzu Kubernetes Grid and Tanzu Kubernetes Grid Integrated Edition

From df11e4e7b4117075a6d07f037568bdebd1d6c656 Mon Sep 17 00:00:00 2001
From: John Maguire <john.maguire@hashicorp.com>
Date: Thu, 10 Aug 2023 17:23:42 -0400
Subject: [PATCH 271/359] APIGW: Update HTTPRouteConfigEntry for JWT Auth
 (#18422)

* Updated httproute config entry for JWT Filters

* Added manual deepcopy method for httproute jwt filter

* Fix test

* Update JWTFilter to be in oss file

* Add changelog

* Add build tags for deepcopy oss file
---
 .changelog/_18422.txt                         |    3 +
 agent/structs/config_entry_apigw_jwt_oss.go   |    3 +
 agent/structs/config_entry_routes.go          |    1 +
 agent/structs/structs.deepcopy.go             |    6 +
 agent/structs/structs.deepcopy_oss.go         |   11 +
 api/config_entry_routes.go                    |    6 +
 api/config_entry_routes_test.go               |  134 ++
 .../private/pbconfigentry/config_entry.gen.go |    2 +
 .../pbconfigentry/config_entry.pb.binary.go   |   10 +
 .../private/pbconfigentry/config_entry.pb.go  | 1300 +++++++++--------
 .../private/pbconfigentry/config_entry.proto  |    6 +
 .../private/pbconfigentry/config_entry_oss.go |    8 +
 12 files changed, 881 insertions(+), 609 deletions(-)
 create mode 100644 .changelog/_18422.txt
 create mode 100644 api/config_entry_routes_test.go

diff --git a/.changelog/_18422.txt b/.changelog/_18422.txt
new file mode 100644
index 000000000000..4f0efbbe3b27
--- /dev/null
+++ b/.changelog/_18422.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+config-entry(api-gateway): (Enterprise only) Add JWTFilter to HTTPRoute Filters
+```
diff --git a/agent/structs/config_entry_apigw_jwt_oss.go b/agent/structs/config_entry_apigw_jwt_oss.go
index ce921787ff13..b2caa520ef51 100644
--- a/agent/structs/config_entry_apigw_jwt_oss.go
+++ b/agent/structs/config_entry_apigw_jwt_oss.go
@@ -8,3 +8,6 @@ package structs
 
 // APIGatewayJWTRequirement holds the list of JWT providers to be verified against
 type APIGatewayJWTRequirement struct{}
+
+// JWTFilter holds the JWT Filter configuration for an HTTPRoute
+type JWTFilter struct{}
diff --git a/agent/structs/config_entry_routes.go b/agent/structs/config_entry_routes.go
index a897759012e5..cab7d98d6441 100644
--- a/agent/structs/config_entry_routes.go
+++ b/agent/structs/config_entry_routes.go
@@ -422,6 +422,7 @@ type HTTPFilters struct {
 	URLRewrite    *URLRewrite
 	RetryFilter   *RetryFilter
 	TimeoutFilter *TimeoutFilter
+	JWT           *JWTFilter
 }
 
 // HTTPHeaderFilter specifies how HTTP headers should be modified.
diff --git a/agent/structs/structs.deepcopy.go b/agent/structs/structs.deepcopy.go
index 01d9ef10c29a..35dd20062817 100644
--- a/agent/structs/structs.deepcopy.go
+++ b/agent/structs/structs.deepcopy.go
@@ -421,6 +421,9 @@ func (o *HTTPRouteConfigEntry) DeepCopy() *HTTPRouteConfigEntry {
 				cp.Rules[i2].Filters.TimeoutFilter = new(TimeoutFilter)
 				*cp.Rules[i2].Filters.TimeoutFilter = *o.Rules[i2].Filters.TimeoutFilter
 			}
+			if o.Rules[i2].Filters.JWT != nil {
+				cp.Rules[i2].Filters.JWT = o.Rules[i2].Filters.JWT.DeepCopy()
+			}
 			if o.Rules[i2].Matches != nil {
 				cp.Rules[i2].Matches = make([]HTTPMatch, len(o.Rules[i2].Matches))
 				copy(cp.Rules[i2].Matches, o.Rules[i2].Matches)
@@ -489,6 +492,9 @@ func (o *HTTPRouteConfigEntry) DeepCopy() *HTTPRouteConfigEntry {
 						cp.Rules[i2].Services[i4].Filters.TimeoutFilter = new(TimeoutFilter)
 						*cp.Rules[i2].Services[i4].Filters.TimeoutFilter = *o.Rules[i2].Services[i4].Filters.TimeoutFilter
 					}
+					if o.Rules[i2].Services[i4].Filters.JWT != nil {
+						cp.Rules[i2].Services[i4].Filters.JWT = o.Rules[i2].Services[i4].Filters.JWT.DeepCopy()
+					}
 				}
 			}
 		}
diff --git a/agent/structs/structs.deepcopy_oss.go b/agent/structs/structs.deepcopy_oss.go
index 88e78130f9d1..552f00c97f2c 100644
--- a/agent/structs/structs.deepcopy_oss.go
+++ b/agent/structs/structs.deepcopy_oss.go
@@ -1,6 +1,17 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+//go:build !consulent
+// +build !consulent
+
 package structs
 
 // DeepCopy generates a deep copy of *APIGatewayJWTRequirement
 func (o *APIGatewayJWTRequirement) DeepCopy() *APIGatewayJWTRequirement {
 	return new(APIGatewayJWTRequirement)
 }
+
+// DeepCopy generates a deep copy of *JWTFilter
+func (o *JWTFilter) DeepCopy() *JWTFilter {
+	return new(JWTFilter)
+}
diff --git a/api/config_entry_routes.go b/api/config_entry_routes.go
index cd1c2aeb5281..8df367093fe2 100644
--- a/api/config_entry_routes.go
+++ b/api/config_entry_routes.go
@@ -201,6 +201,7 @@ type HTTPFilters struct {
 	URLRewrite    *URLRewrite
 	RetryFilter   *RetryFilter
 	TimeoutFilter *TimeoutFilter
+	JWT           *JWTFilter
 }
 
 // HTTPHeaderFilter specifies how HTTP headers should be modified.
@@ -226,6 +227,11 @@ type TimeoutFilter struct {
 	IdleTimeout    time.Duration
 }
 
+// JWTFilter specifies the JWT configuration for a route
+type JWTFilter struct {
+	Providers []*APIGatewayJWTProvider `json:",omitempty"`
+}
+
 // HTTPRouteRule specifies the routing rules used to determine what upstream
 // service an HTTP request is routed to.
 type HTTPRouteRule struct {
diff --git a/api/config_entry_routes_test.go b/api/config_entry_routes_test.go
new file mode 100644
index 000000000000..b878612e907e
--- /dev/null
+++ b/api/config_entry_routes_test.go
@@ -0,0 +1,134 @@
+package api
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestAPI_ConfigEntries_HTTPRoute(t *testing.T) {
+	t.Parallel()
+	c, s := makeClient(t)
+	defer s.Stop()
+
+	configEntries := c.ConfigEntries()
+	route1 := &HTTPRouteConfigEntry{
+		Kind: HTTPRoute,
+		Name: "route1",
+	}
+
+	route2 := &HTTPRouteConfigEntry{
+		Kind: HTTPRoute,
+		Name: "route2",
+	}
+
+	// set it
+	_, wm, err := configEntries.Set(route1, nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+
+	// also set the second one
+	_, wm, err = configEntries.Set(route2, nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+
+	// get it
+	entry, qm, err := configEntries.Get(HTTPRoute, "route1", nil)
+	require.NoError(t, err)
+	require.NotNil(t, qm)
+	require.NotEqual(t, 0, qm.RequestTime)
+
+	// verify it
+	readRoute, ok := entry.(*HTTPRouteConfigEntry)
+	require.True(t, ok)
+	require.Equal(t, route1.Kind, readRoute.Kind)
+	require.Equal(t, route1.Name, readRoute.Name)
+	require.Equal(t, route1.Meta, readRoute.Meta)
+	require.Equal(t, route1.Meta, readRoute.GetMeta())
+
+	// update it
+	route1.Rules = []HTTPRouteRule{
+		{
+			Filters: HTTPFilters{
+				URLRewrite: &URLRewrite{
+					Path: "abc",
+				},
+			},
+		},
+	}
+
+	// CAS fail
+	written, _, err := configEntries.CAS(route1, 0, nil)
+	require.NoError(t, err)
+	require.False(t, written)
+
+	// CAS success
+	written, wm, err = configEntries.CAS(route1, readRoute.ModifyIndex, nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+	require.True(t, written)
+
+	// re-setting should not yield an error
+	_, wm, err = configEntries.Set(route1, nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+
+	route2.Rules = []HTTPRouteRule{
+		{
+			Filters: HTTPFilters{
+				URLRewrite: &URLRewrite{
+					Path: "def",
+				},
+			},
+		},
+	}
+
+	_, wm, err = configEntries.Set(route2, nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+
+	// list them
+	entries, qm, err := configEntries.List(HTTPRoute, nil)
+	require.NoError(t, err)
+	require.NotNil(t, qm)
+	require.NotEqual(t, 0, qm.RequestTime)
+	require.Len(t, entries, 2)
+
+	for _, entry = range entries {
+		switch entry.GetName() {
+		case "route1":
+			// this also verifies that the update value was persisted and
+			// the updated values are seen
+			readRoute, ok = entry.(*HTTPRouteConfigEntry)
+			require.True(t, ok)
+			require.Equal(t, route1.Kind, readRoute.Kind)
+			require.Equal(t, route1.Name, readRoute.Name)
+			require.Len(t, readRoute.Rules, 1)
+
+			require.Equal(t, route1.Rules, readRoute.Rules)
+		case "route2":
+			readRoute, ok = entry.(*HTTPRouteConfigEntry)
+			require.True(t, ok)
+			require.Equal(t, route2.Kind, readRoute.Kind)
+			require.Equal(t, route2.Name, readRoute.Name)
+			require.Len(t, readRoute.Rules, 1)
+
+			require.Equal(t, route2.Rules, readRoute.Rules)
+		}
+	}
+
+	// delete it
+	wm, err = configEntries.Delete(HTTPRoute, "route1", nil)
+	require.NoError(t, err)
+	require.NotNil(t, wm)
+	require.NotEqual(t, 0, wm.RequestTime)
+
+	// verify deletion
+	_, _, err = configEntries.Get(HTTPRoute, "route1", nil)
+	require.Error(t, err)
+}
diff --git a/proto/private/pbconfigentry/config_entry.gen.go b/proto/private/pbconfigentry/config_entry.gen.go
index 8eb5750e47e2..ed5d9fcf78fe 100644
--- a/proto/private/pbconfigentry/config_entry.gen.go
+++ b/proto/private/pbconfigentry/config_entry.gen.go
@@ -411,6 +411,7 @@ func HTTPFiltersToStructs(s *HTTPFilters, t *structs.HTTPFilters) {
 		TimeoutFilterToStructs(s.TimeoutFilter, &x)
 		t.TimeoutFilter = &x
 	}
+	t.JWT = routeJWTFilterToStructs(s.JWT)
 }
 func HTTPFiltersFromStructs(t *structs.HTTPFilters, s *HTTPFilters) {
 	if s == nil {
@@ -441,6 +442,7 @@ func HTTPFiltersFromStructs(t *structs.HTTPFilters, s *HTTPFilters) {
 		TimeoutFilterFromStructs(t.TimeoutFilter, &x)
 		s.TimeoutFilter = &x
 	}
+	s.JWT = routeJWTFilterFromStructs(t.JWT)
 }
 func HTTPHeaderFilterToStructs(s *HTTPHeaderFilter, t *structs.HTTPHeaderFilter) {
 	if s == nil {
diff --git a/proto/private/pbconfigentry/config_entry.pb.binary.go b/proto/private/pbconfigentry/config_entry.pb.binary.go
index a856741a7586..ee73e24eed85 100644
--- a/proto/private/pbconfigentry/config_entry.pb.binary.go
+++ b/proto/private/pbconfigentry/config_entry.pb.binary.go
@@ -687,6 +687,16 @@ func (msg *TimeoutFilter) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
 
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *JWTFilter) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *JWTFilter) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
 // MarshalBinary implements encoding.BinaryMarshaler
 func (msg *HTTPHeaderFilter) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
diff --git a/proto/private/pbconfigentry/config_entry.pb.go b/proto/private/pbconfigentry/config_entry.pb.go
index 21791ba566e7..7ba920b75c60 100644
--- a/proto/private/pbconfigentry/config_entry.pb.go
+++ b/proto/private/pbconfigentry/config_entry.pb.go
@@ -5616,6 +5616,8 @@ type HTTPFilters struct {
 	URLRewrite    *URLRewrite         `protobuf:"bytes,2,opt,name=URLRewrite,proto3" json:"URLRewrite,omitempty"`
 	RetryFilter   *RetryFilter        `protobuf:"bytes,3,opt,name=RetryFilter,proto3" json:"RetryFilter,omitempty"`
 	TimeoutFilter *TimeoutFilter      `protobuf:"bytes,4,opt,name=TimeoutFilter,proto3" json:"TimeoutFilter,omitempty"`
+	// mog: func-to=routeJWTFilterToStructs func-from=routeJWTFilterFromStructs
+	JWT *JWTFilter `protobuf:"bytes,5,opt,name=JWT,proto3" json:"JWT,omitempty"`
 }
 
 func (x *HTTPFilters) Reset() {
@@ -5678,6 +5680,13 @@ func (x *HTTPFilters) GetTimeoutFilter() *TimeoutFilter {
 	return nil
 }
 
+func (x *HTTPFilters) GetJWT() *JWTFilter {
+	if x != nil {
+		return x.JWT
+	}
+	return nil
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.URLRewrite
@@ -5868,6 +5877,53 @@ func (x *TimeoutFilter) GetIdleTimeout() *durationpb.Duration {
 	return nil
 }
 
+type JWTFilter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Providers []*APIGatewayJWTProvider `protobuf:"bytes,1,rep,name=Providers,proto3" json:"Providers,omitempty"`
+}
+
+func (x *JWTFilter) Reset() {
+	*x = JWTFilter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *JWTFilter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*JWTFilter) ProtoMessage() {}
+
+func (x *JWTFilter) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use JWTFilter.ProtoReflect.Descriptor instead.
+func (*JWTFilter) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{68}
+}
+
+func (x *JWTFilter) GetProviders() []*APIGatewayJWTProvider {
+	if x != nil {
+		return x.Providers
+	}
+	return nil
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.HTTPHeaderFilter
@@ -5886,7 +5942,7 @@ type HTTPHeaderFilter struct {
 func (x *HTTPHeaderFilter) Reset() {
 	*x = HTTPHeaderFilter{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5899,7 +5955,7 @@ func (x *HTTPHeaderFilter) String() string {
 func (*HTTPHeaderFilter) ProtoMessage() {}
 
 func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5912,7 +5968,7 @@ func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPHeaderFilter.ProtoReflect.Descriptor instead.
 func (*HTTPHeaderFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{68}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{69}
 }
 
 func (x *HTTPHeaderFilter) GetAdd() map[string]string {
@@ -5957,7 +6013,7 @@ type HTTPService struct {
 func (x *HTTPService) Reset() {
 	*x = HTTPService{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5970,7 +6026,7 @@ func (x *HTTPService) String() string {
 func (*HTTPService) ProtoMessage() {}
 
 func (x *HTTPService) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5983,7 +6039,7 @@ func (x *HTTPService) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPService.ProtoReflect.Descriptor instead.
 func (*HTTPService) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{69}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{70}
 }
 
 func (x *HTTPService) GetName() string {
@@ -6034,7 +6090,7 @@ type TCPRoute struct {
 func (x *TCPRoute) Reset() {
 	*x = TCPRoute{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6047,7 +6103,7 @@ func (x *TCPRoute) String() string {
 func (*TCPRoute) ProtoMessage() {}
 
 func (x *TCPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6060,7 +6116,7 @@ func (x *TCPRoute) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TCPRoute.ProtoReflect.Descriptor instead.
 func (*TCPRoute) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{70}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{71}
 }
 
 func (x *TCPRoute) GetMeta() map[string]string {
@@ -6109,7 +6165,7 @@ type TCPService struct {
 func (x *TCPService) Reset() {
 	*x = TCPService{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6122,7 +6178,7 @@ func (x *TCPService) String() string {
 func (*TCPService) ProtoMessage() {}
 
 func (x *TCPService) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6135,7 +6191,7 @@ func (x *TCPService) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TCPService.ProtoReflect.Descriptor instead.
 func (*TCPService) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{71}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
 }
 
 func (x *TCPService) GetName() string {
@@ -6175,7 +6231,7 @@ type SamenessGroup struct {
 func (x *SamenessGroup) Reset() {
 	*x = SamenessGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6188,7 +6244,7 @@ func (x *SamenessGroup) String() string {
 func (*SamenessGroup) ProtoMessage() {}
 
 func (x *SamenessGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6201,7 +6257,7 @@ func (x *SamenessGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SamenessGroup.ProtoReflect.Descriptor instead.
 func (*SamenessGroup) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
 }
 
 func (x *SamenessGroup) GetName() string {
@@ -6263,7 +6319,7 @@ type SamenessGroupMember struct {
 func (x *SamenessGroupMember) Reset() {
 	*x = SamenessGroupMember{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6276,7 +6332,7 @@ func (x *SamenessGroupMember) String() string {
 func (*SamenessGroupMember) ProtoMessage() {}
 
 func (x *SamenessGroupMember) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6289,7 +6345,7 @@ func (x *SamenessGroupMember) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SamenessGroupMember.ProtoReflect.Descriptor instead.
 func (*SamenessGroupMember) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
 }
 
 func (x *SamenessGroupMember) GetPartition() string {
@@ -6331,7 +6387,7 @@ type JWTProvider struct {
 func (x *JWTProvider) Reset() {
 	*x = JWTProvider{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6344,7 +6400,7 @@ func (x *JWTProvider) String() string {
 func (*JWTProvider) ProtoMessage() {}
 
 func (x *JWTProvider) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6357,7 +6413,7 @@ func (x *JWTProvider) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTProvider.ProtoReflect.Descriptor instead.
 func (*JWTProvider) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
 }
 
 func (x *JWTProvider) GetJSONWebKeySet() *JSONWebKeySet {
@@ -6433,7 +6489,7 @@ type JSONWebKeySet struct {
 func (x *JSONWebKeySet) Reset() {
 	*x = JSONWebKeySet{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6446,7 +6502,7 @@ func (x *JSONWebKeySet) String() string {
 func (*JSONWebKeySet) ProtoMessage() {}
 
 func (x *JSONWebKeySet) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6459,7 +6515,7 @@ func (x *JSONWebKeySet) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JSONWebKeySet.ProtoReflect.Descriptor instead.
 func (*JSONWebKeySet) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
 }
 
 func (x *JSONWebKeySet) GetLocal() *LocalJWKS {
@@ -6493,7 +6549,7 @@ type LocalJWKS struct {
 func (x *LocalJWKS) Reset() {
 	*x = LocalJWKS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6506,7 +6562,7 @@ func (x *LocalJWKS) String() string {
 func (*LocalJWKS) ProtoMessage() {}
 
 func (x *LocalJWKS) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6519,7 +6575,7 @@ func (x *LocalJWKS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LocalJWKS.ProtoReflect.Descriptor instead.
 func (*LocalJWKS) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
 }
 
 func (x *LocalJWKS) GetJWKS() string {
@@ -6559,7 +6615,7 @@ type RemoteJWKS struct {
 func (x *RemoteJWKS) Reset() {
 	*x = RemoteJWKS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6572,7 +6628,7 @@ func (x *RemoteJWKS) String() string {
 func (*RemoteJWKS) ProtoMessage() {}
 
 func (x *RemoteJWKS) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6585,7 +6641,7 @@ func (x *RemoteJWKS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RemoteJWKS.ProtoReflect.Descriptor instead.
 func (*RemoteJWKS) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
 }
 
 func (x *RemoteJWKS) GetURI() string {
@@ -6649,7 +6705,7 @@ type JWKSCluster struct {
 func (x *JWKSCluster) Reset() {
 	*x = JWKSCluster{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6662,7 +6718,7 @@ func (x *JWKSCluster) String() string {
 func (*JWKSCluster) ProtoMessage() {}
 
 func (x *JWKSCluster) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6675,7 +6731,7 @@ func (x *JWKSCluster) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSCluster.ProtoReflect.Descriptor instead.
 func (*JWKSCluster) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
 }
 
 func (x *JWKSCluster) GetDiscoveryType() string {
@@ -6716,7 +6772,7 @@ type JWKSTLSCertificate struct {
 func (x *JWKSTLSCertificate) Reset() {
 	*x = JWKSTLSCertificate{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6729,7 +6785,7 @@ func (x *JWKSTLSCertificate) String() string {
 func (*JWKSTLSCertificate) ProtoMessage() {}
 
 func (x *JWKSTLSCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6742,7 +6798,7 @@ func (x *JWKSTLSCertificate) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertificate.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertificate) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{80}
 }
 
 func (x *JWKSTLSCertificate) GetCaCertificateProviderInstance() *JWKSTLSCertProviderInstance {
@@ -6776,7 +6832,7 @@ type JWKSTLSCertProviderInstance struct {
 func (x *JWKSTLSCertProviderInstance) Reset() {
 	*x = JWKSTLSCertProviderInstance{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6789,7 +6845,7 @@ func (x *JWKSTLSCertProviderInstance) String() string {
 func (*JWKSTLSCertProviderInstance) ProtoMessage() {}
 
 func (x *JWKSTLSCertProviderInstance) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6802,7 +6858,7 @@ func (x *JWKSTLSCertProviderInstance) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertProviderInstance.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertProviderInstance) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{80}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{81}
 }
 
 func (x *JWKSTLSCertProviderInstance) GetInstanceName() string {
@@ -6838,7 +6894,7 @@ type JWKSTLSCertTrustedCA struct {
 func (x *JWKSTLSCertTrustedCA) Reset() {
 	*x = JWKSTLSCertTrustedCA{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6851,7 +6907,7 @@ func (x *JWKSTLSCertTrustedCA) String() string {
 func (*JWKSTLSCertTrustedCA) ProtoMessage() {}
 
 func (x *JWKSTLSCertTrustedCA) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6864,7 +6920,7 @@ func (x *JWKSTLSCertTrustedCA) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertTrustedCA.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertTrustedCA) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{81}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{82}
 }
 
 func (x *JWKSTLSCertTrustedCA) GetFilename() string {
@@ -6913,7 +6969,7 @@ type JWKSRetryPolicy struct {
 func (x *JWKSRetryPolicy) Reset() {
 	*x = JWKSRetryPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6926,7 +6982,7 @@ func (x *JWKSRetryPolicy) String() string {
 func (*JWKSRetryPolicy) ProtoMessage() {}
 
 func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6939,7 +6995,7 @@ func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSRetryPolicy.ProtoReflect.Descriptor instead.
 func (*JWKSRetryPolicy) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{82}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{83}
 }
 
 func (x *JWKSRetryPolicy) GetNumRetries() int32 {
@@ -6975,7 +7031,7 @@ type RetryPolicyBackOff struct {
 func (x *RetryPolicyBackOff) Reset() {
 	*x = RetryPolicyBackOff{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6988,7 +7044,7 @@ func (x *RetryPolicyBackOff) String() string {
 func (*RetryPolicyBackOff) ProtoMessage() {}
 
 func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7001,7 +7057,7 @@ func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RetryPolicyBackOff.ProtoReflect.Descriptor instead.
 func (*RetryPolicyBackOff) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{83}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{84}
 }
 
 func (x *RetryPolicyBackOff) GetBaseInterval() *durationpb.Duration {
@@ -7036,7 +7092,7 @@ type JWTLocation struct {
 func (x *JWTLocation) Reset() {
 	*x = JWTLocation{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7049,7 +7105,7 @@ func (x *JWTLocation) String() string {
 func (*JWTLocation) ProtoMessage() {}
 
 func (x *JWTLocation) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7062,7 +7118,7 @@ func (x *JWTLocation) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocation.ProtoReflect.Descriptor instead.
 func (*JWTLocation) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{84}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{85}
 }
 
 func (x *JWTLocation) GetHeader() *JWTLocationHeader {
@@ -7104,7 +7160,7 @@ type JWTLocationHeader struct {
 func (x *JWTLocationHeader) Reset() {
 	*x = JWTLocationHeader{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7117,7 +7173,7 @@ func (x *JWTLocationHeader) String() string {
 func (*JWTLocationHeader) ProtoMessage() {}
 
 func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7130,7 +7186,7 @@ func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationHeader.ProtoReflect.Descriptor instead.
 func (*JWTLocationHeader) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{85}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{86}
 }
 
 func (x *JWTLocationHeader) GetName() string {
@@ -7170,7 +7226,7 @@ type JWTLocationQueryParam struct {
 func (x *JWTLocationQueryParam) Reset() {
 	*x = JWTLocationQueryParam{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7183,7 +7239,7 @@ func (x *JWTLocationQueryParam) String() string {
 func (*JWTLocationQueryParam) ProtoMessage() {}
 
 func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7196,7 +7252,7 @@ func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationQueryParam.ProtoReflect.Descriptor instead.
 func (*JWTLocationQueryParam) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{86}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{87}
 }
 
 func (x *JWTLocationQueryParam) GetName() string {
@@ -7222,7 +7278,7 @@ type JWTLocationCookie struct {
 func (x *JWTLocationCookie) Reset() {
 	*x = JWTLocationCookie{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7235,7 +7291,7 @@ func (x *JWTLocationCookie) String() string {
 func (*JWTLocationCookie) ProtoMessage() {}
 
 func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7248,7 +7304,7 @@ func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationCookie.ProtoReflect.Descriptor instead.
 func (*JWTLocationCookie) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{87}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{88}
 }
 
 func (x *JWTLocationCookie) GetName() string {
@@ -7275,7 +7331,7 @@ type JWTForwardingConfig struct {
 func (x *JWTForwardingConfig) Reset() {
 	*x = JWTForwardingConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7288,7 +7344,7 @@ func (x *JWTForwardingConfig) String() string {
 func (*JWTForwardingConfig) ProtoMessage() {}
 
 func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7301,7 +7357,7 @@ func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTForwardingConfig.ProtoReflect.Descriptor instead.
 func (*JWTForwardingConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{88}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{89}
 }
 
 func (x *JWTForwardingConfig) GetHeaderName() string {
@@ -7335,7 +7391,7 @@ type JWTCacheConfig struct {
 func (x *JWTCacheConfig) Reset() {
 	*x = JWTCacheConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[90]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7348,7 +7404,7 @@ func (x *JWTCacheConfig) String() string {
 func (*JWTCacheConfig) ProtoMessage() {}
 
 func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[90]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7361,7 +7417,7 @@ func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTCacheConfig.ProtoReflect.Descriptor instead.
 func (*JWTCacheConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{89}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{90}
 }
 
 func (x *JWTCacheConfig) GetSize() int32 {
@@ -8471,7 +8527,7 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
 	0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14,
 	0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x22, 0xe5, 0x02, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c,
+	0x61, 0x6c, 0x75, 0x65, 0x22, 0xa9, 0x03, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c,
 	0x74, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18,
 	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
 	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
@@ -8493,416 +8549,427 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
 	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
 	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0d, 0x54,
-	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x22, 0x20, 0x0a, 0x0a,
-	0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61,
-	0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x22, 0xad,
-	0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x1e,
-	0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0d, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x18,
-	0x0a, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52,
-	0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x2e, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72,
-	0x79, 0x4f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x18, 0x03,
-	0x20, 0x03, 0x28, 0x0d, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x15, 0x52, 0x65, 0x74, 0x72,
-	0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72,
-	0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e,
-	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x22, 0x8f,
-	0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72,
-	0x12, 0x41, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f,
-	0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65,
-	0x6f, 0x75, 0x74, 0x12, 0x3b, 0x0a, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f,
-	0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
-	0x22, 0xc2, 0x02, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46,
-	0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x52, 0x0a, 0x03, 0x41, 0x64, 0x64, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x41, 0x64, 0x64, 0x45,
-	0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x6d,
-	0x6f, 0x76, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76,
-	0x65, 0x12, 0x52, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79,
-	0x52, 0x03, 0x53, 0x65, 0x74, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
-	0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a,
-	0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xe1, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65,
-	0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x57, 0x65, 0x69,
-	0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68,
-	0x74, 0x12, 0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46,
-	0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12,
-	0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74,
-	0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72,
-	0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72,
-	0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfc, 0x02, 0x0a, 0x08, 0x54, 0x43,
-	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x03,
+	0x4a, 0x57, 0x54, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x03, 0x4a, 0x57, 0x54,
+	0x22, 0x20, 0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x12,
+	0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61,
+	0x74, 0x68, 0x22, 0xad, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74,
+	0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69,
+	0x65, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x2e, 0x0a, 0x12,
+	0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64,
+	0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f,
+	0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x15,
+	0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61,
+	0x69, 0x6c, 0x75, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x52, 0x65, 0x74,
+	0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61, 0x69, 0x6c, 0x75,
+	0x72, 0x65, 0x22, 0x8f, 0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69,
+	0x6c, 0x74, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x3b, 0x0a, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d,
+	0x65, 0x6f, 0x75, 0x74, 0x22, 0x67, 0x0a, 0x09, 0x4a, 0x57, 0x54, 0x46, 0x69, 0x6c, 0x74, 0x65,
+	0x72, 0x12, 0x5a, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
 	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50,
-	0x52, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
-	0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73,
-	0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52,
-	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
-	0x52, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x53, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
+	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49,
+	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
+	0x65, 0x72, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x22, 0xc2, 0x02,
+	0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74,
+	0x65, 0x72, 0x12, 0x52, 0x0a, 0x03, 0x41, 0x64, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65,
+	0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x52,
+	0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
 	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08,
-	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69,
+	0x6c, 0x74, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x53,
+	0x65, 0x74, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
+	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
+	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65,
+	0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02,
+	0x38, 0x01, 0x22, 0xe1, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x4c,
+	0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c, 0x74,
+	0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x58, 0x0a, 0x0e,
+	0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
+	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
+	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfc, 0x02, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65,
+	0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x07, 0x50,
+	0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
 	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a,
+	0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a, 0x09,
+	0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x7a, 0x0a, 0x0a, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72,
+	0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d,
+	0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74,
+	0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74,
+	0x61, 0x22, 0xb4, 0x03, 0x0a, 0x0d, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72,
+	0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e, 0x0a, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75,
+	0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46,
+	0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x63, 0x6c, 0x75,
+	0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x49,
+	0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x54, 0x0a, 0x07, 0x4d,
+	0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f,
+	0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x52, 0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72,
+	0x73, 0x12, 0x52, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73,
+	0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
+	0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+	0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52,
+	0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x1a,
 	0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
 	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14,
 	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x7a, 0x0a, 0x0a, 0x54, 0x43, 0x50, 0x53,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65,
-	0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65,
-	0x4d, 0x65, 0x74, 0x61, 0x22, 0xb4, 0x03, 0x0a, 0x0d, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73,
-	0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e, 0x0a, 0x12, 0x44, 0x65,
-	0x66, 0x61, 0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x46,
-	0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e,
-	0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x0c, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x54,
-	0x0a, 0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x52, 0x07, 0x4d, 0x65, 0x6d,
-	0x62, 0x65, 0x72, 0x73, 0x12, 0x52, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e,
-	0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74,
-	0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65,
-	0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
-	0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
-	0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
-	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x47, 0x0a, 0x13, 0x53,
-	0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62,
-	0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x50, 0x65, 0x65, 0x72, 0x22, 0xdd, 0x04, 0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76,
-	0x69, 0x64, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b,
-	0x65, 0x79, 0x53, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65,
-	0x74, 0x52, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74,
-	0x12, 0x16, 0x0a, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x75, 0x64, 0x69,
-	0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x41, 0x75, 0x64,
-	0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x4c,
-	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0a, 0x46, 0x6f, 0x72, 0x77,
-	0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69,
-	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72,
-	0x64, 0x69, 0x6e, 0x67, 0x12, 0x57, 0x0a, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x52, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x50, 0x0a,
-	0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e,
-	0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12,
-	0x2a, 0x0a, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f,
-	0x6e, 0x64, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b,
-	0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d,
-	0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x3a, 0x02, 0x38, 0x01, 0x22, 0xa2, 0x01, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62,
-	0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x46, 0x0a, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f,
-	0x63, 0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x49,
-	0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57, 0x4b,
-	0x53, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x22, 0x3b, 0x0a, 0x09, 0x4c, 0x6f, 0x63,
-	0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69,
-	0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69,
-	0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xed, 0x02, 0x0a, 0x0a, 0x52, 0x65, 0x6d, 0x6f, 0x74,
-	0x65, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x2a, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x05, 0x52, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75,
-	0x74, 0x4d, 0x73, 0x12, 0x3f, 0x0a, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79,
-	0x6e, 0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68, 0x72, 0x6f,
-	0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x12, 0x58, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x12, 0x54, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18,
-	0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57,
-	0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
-	0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x44,
-	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x63, 0x0a, 0x0f,
-	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57,
-	0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x52, 0x0f, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x73, 0x12, 0x41, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65,
-	0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d,
-	0x65, 0x6f, 0x75, 0x74, 0x22, 0xfa, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x88, 0x01, 0x0a, 0x1d,
-	0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f,
-	0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53,
-	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49,
-	0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x1d, 0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69,
-	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e,
-	0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x59, 0x0a, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65,
-	0x64, 0x43, 0x41, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x47, 0x0a, 0x13, 0x53, 0x61, 0x6d, 0x65,
+	0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x12,
+	0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a,
+	0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65, 0x65,
+	0x72, 0x22, 0xdd, 0x04, 0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
+	0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53,
+	0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x52, 0x0d,
+	0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x16, 0x0a,
+	0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x49,
+	0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63,
+	0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e,
+	0x63, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a,
+	0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x4c, 0x6f, 0x63, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64,
+	0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75,
-	0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x52, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43,
-	0x41, 0x22, 0x6b, 0x0a, 0x1b, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74,
-	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
-	0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
-	0x4e, 0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x43,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xaa,
-	0x01, 0x0a, 0x14, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72,
-	0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
-	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65,
-	0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72,
-	0x69, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x53,
-	0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x6c,
-	0x69, 0x6e, 0x65, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x49, 0x6e, 0x6c,
-	0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b,
-	0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x0f,
-	0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12,
-	0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12,
-	0x69, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61,
-	0x63, 0x6b, 0x4f, 0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61,
+	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e,
+	0x67, 0x12, 0x57, 0x0a, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a,
+	0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x43,
+	0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x50, 0x0a, 0x04, 0x4d, 0x65,
+	0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0x2e, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74,
+	0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2a, 0x0a, 0x10,
+	0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73,
+	0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65,
+	0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61,
+	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
+	0x01, 0x22, 0xa2, 0x01, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79,
+	0x53, 0x65, 0x74, 0x12, 0x46, 0x0a, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c,
+	0x4a, 0x57, 0x4b, 0x53, 0x52, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x49, 0x0a, 0x06, 0x52,
+	0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
 	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42,
-	0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22, 0x90, 0x01, 0x0a, 0x12, 0x52,
-	0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66,
-	0x66, 0x12, 0x3d, 0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
-	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x06,
+	0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x22, 0x3b, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4a,
+	0x57, 0x4b, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
+	0x61, 0x6d, 0x65, 0x22, 0xed, 0x02, 0x0a, 0x0a, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57,
+	0x4b, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x03, 0x55, 0x52, 0x49, 0x12, 0x2a, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73,
+	0x12, 0x3f, 0x0a, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
 	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c,
-	0x12, 0x3b, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x22, 0x8f, 0x02,
-	0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a,
-	0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12,
-	0x5c, 0x0a, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c,
-	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61,
-	0x6d, 0x52, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x50, 0x0a,
-	0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22,
-	0x63, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x56, 0x61, 0x6c, 0x75,
-	0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x46, 0x6f,
-	0x72, 0x77, 0x61, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x46, 0x6f, 0x72,
-	0x77, 0x61, 0x72, 0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x12, 0x0a,
-	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d,
-	0x65, 0x22, 0x27, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x6f, 0x0a, 0x13, 0x4a, 0x57,
-	0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d,
-	0x65, 0x12, 0x38, 0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50,
-	0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61,
-	0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0e, 0x4a,
-	0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a,
-	0x04, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x53, 0x69, 0x7a,
-	0x65, 0x2a, 0xa9, 0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69,
-	0x6e, 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b,
-	0x69, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x01, 0x12,
-	0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65,
-	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64,
-	0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x03,
-	0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49,
-	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x4b,
-	0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c,
-	0x74, 0x73, 0x10, 0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x6c, 0x69,
-	0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x10, 0x06, 0x12,
-	0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
-	0x79, 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x42, 0x6f, 0x75, 0x6e, 0x64,
-	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d,
-	0x4b, 0x69, 0x6e, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x09, 0x12,
-	0x10, 0x0a, 0x0c, 0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10,
-	0x0a, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73,
-	0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x69, 0x6e, 0x64,
-	0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x10, 0x0c, 0x2a, 0x26, 0x0a,
-	0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0x08, 0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x6c,
-	0x6c, 0x6f, 0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69,
-	0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78,
-	0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
-	0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x50,
-	0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72,
-	0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
-	0x64, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5f, 0x0a, 0x0d, 0x4d, 0x75,
-	0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4d,
-	0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61,
-	0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54,
-	0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x1b,
-	0x0a, 0x17, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x50,
-	0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02, 0x2a, 0x7b, 0x0a, 0x0f, 0x4d,
-	0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a,
-	0x0a, 0x16, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64,
-	0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x65,
-	0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4e, 0x6f, 0x6e,
-	0x65, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77,
-	0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x10, 0x02, 0x12, 0x19, 0x0a,
-	0x15, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65,
-	0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47,
-	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72,
-	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
-	0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00,
-	0x12, 0x17, 0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74,
-	0x6f, 0x63, 0x6f, 0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92, 0x02, 0x0a, 0x0f, 0x48, 0x54,
-	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x16, 0x0a,
-	0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x41, 0x6c, 0x6c, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10,
-	0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12,
-	0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x47,
-	0x65, 0x74, 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64, 0x10, 0x04, 0x12, 0x1a, 0x0a,
-	0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54,
-	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x61, 0x74, 0x63,
-	0x68, 0x10, 0x06, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10, 0x07, 0x12, 0x16, 0x0a, 0x12,
-	0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50,
-	0x75, 0x74, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63, 0x65, 0x10, 0x09, 0x2a, 0xa7,
-	0x01, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00,
-	0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x48,
-	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72,
-	0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20, 0x48, 0x54, 0x54, 0x50, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61,
-	0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x12, 0x19, 0x0a,
+	0x6f, 0x6e, 0x52, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x30, 0x0a, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68,
+	0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13,
+	0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75,
+	0x73, 0x6c, 0x79, 0x12, 0x58, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x54, 0x0a,
+	0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x43,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73,
+	0x74, 0x65, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73,
+	0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79,
+	0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x44, 0x69, 0x73, 0x63,
+	0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x63, 0x0a, 0x0f, 0x54, 0x4c, 0x53,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54,
+	0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x0f, 0x54,
+	0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x41,
+	0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75,
+	0x74, 0x22, 0xfa, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x88, 0x01, 0x0a, 0x1d, 0x43, 0x61, 0x43,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
+	0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53,
+	0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74,
+	0x61, 0x6e, 0x63, 0x65, 0x52, 0x1d, 0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61,
+	0x6e, 0x63, 0x65, 0x12, 0x59, 0x0a, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a,
+	0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65,
+	0x64, 0x43, 0x41, 0x52, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x22, 0x6b,
+	0x0a, 0x1b, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f,
+	0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x22, 0x0a,
+	0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d,
+	0x65, 0x12, 0x28, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x43, 0x65, 0x72, 0x74,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xaa, 0x01, 0x0a, 0x14,
+	0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74,
+	0x65, 0x64, 0x43, 0x41, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65,
+	0x12, 0x30, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56,
+	0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x45,
+	0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62,
+	0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x72, 0x69,
+	0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65,
+	0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65,
+	0x42, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x49, 0x6e, 0x6c,
+	0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x0f, 0x4a, 0x57, 0x4b,
+	0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1e, 0x0a, 0x0a,
+	0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05,
+	0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x69, 0x0a, 0x12,
+	0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f,
+	0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b,
+	0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22, 0x90, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72,
+	0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x12, 0x3d,
+	0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x3b, 0x0a,
+	0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x4d,
+	0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x22, 0x8f, 0x02, 0x0a, 0x0b, 0x4a,
+	0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x06, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
+	0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x5c, 0x0a, 0x0a,
+	0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x52, 0x0a,
+	0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x50, 0x0a, 0x06, 0x43, 0x6f,
+	0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
+	0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
+	0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22, 0x63, 0x0a, 0x11,
+	0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x50, 0x72,
+	0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61,
+	0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72,
+	0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
+	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x27,
+	0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6f,
+	0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x6f, 0x0a, 0x13, 0x4a, 0x57, 0x54, 0x46, 0x6f,
+	0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1e,
+	0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x38,
+	0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61, 0x79, 0x6c,
+	0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61, 0x79, 0x6c, 0x6f,
+	0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0e, 0x4a, 0x57, 0x54, 0x43,
+	0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x69,
+	0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x53, 0x69, 0x7a, 0x65, 0x2a, 0xa9,
+	0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69, 0x6e, 0x64, 0x55,
+	0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64,
+	0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13,
+	0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c,
+	0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x67,
+	0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x03, 0x12, 0x19, 0x0a,
+	0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x10,
+	0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x10, 0x06, 0x12, 0x12, 0x0a, 0x0e,
+	0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x07,
+	0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49,
+	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d, 0x4b, 0x69, 0x6e,
+	0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x09, 0x12, 0x10, 0x0a, 0x0c,
+	0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x0a, 0x12, 0x15,
+	0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72,
+	0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x69, 0x6e, 0x64, 0x4a, 0x57, 0x54,
+	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x10, 0x0c, 0x2a, 0x26, 0x0a, 0x0f, 0x49, 0x6e,
+	0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a,
+	0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x6c, 0x6c, 0x6f, 0x77,
+	0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x53,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
+	0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44,
+	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x50, 0x72, 0x6f, 0x78,
+	0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
+	0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44,
+	0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5f, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61,
+	0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x75, 0x74, 0x75,
+	0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d,
+	0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x4d,
+	0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x50, 0x65, 0x72, 0x6d,
+	0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02, 0x2a, 0x7b, 0x0a, 0x0f, 0x4d, 0x65, 0x73, 0x68,
+	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x4d,
+	0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65,
+	0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x65, 0x73, 0x68, 0x47,
+	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4e, 0x6f, 0x6e, 0x65, 0x10, 0x01,
+	0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d,
+	0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x65,
+	0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x6d,
+	0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65,
+	0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x17, 0x0a,
+	0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
+	0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92, 0x02, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54,
+	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x41, 0x6c, 0x6c,
+	0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d,
+	0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10, 0x01, 0x12, 0x19,
+	0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f,
+	0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54,
+	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x47, 0x65, 0x74, 0x10,
+	0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64, 0x10, 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54,
+	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x61, 0x74, 0x63, 0x68, 0x10, 0x06,
+	0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74,
+	0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10, 0x07, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54,
+	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x75, 0x74, 0x10,
+	0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63, 0x65, 0x10, 0x09, 0x2a, 0xa7, 0x01, 0x0a, 0x13,
+	0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54,
+	0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x19, 0x0a,
 	0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a, 0x11, 0x48, 0x54, 0x54, 0x50,
-	0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a,
-	0x12, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78,
-	0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74,
-	0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x22,
-	0x0a, 0x1e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52,
-	0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
-	0x10, 0x03, 0x2a, 0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50,
-	0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10,
-	0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f,
-	0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65,
-	0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10,
-	0x03, 0x42, 0xae, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42,
-	0x10, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74,
-	0x6f, 0x50, 0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70,
-	0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x04, 0x48,
-	0x43, 0x49, 0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, 0x25, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d,
-	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50,
+	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65,
+	0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78,
+	0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54,
+	0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x53, 0x75, 0x66,
+	0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a, 0x11, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74,
+	0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54,
+	0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74,
+	0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x48,
+	0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75,
+	0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x2a,
+	0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65,
+	0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x19,
+	0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x48, 0x54, 0x54,
+	0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c,
+	0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x42, 0xae,
+	0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x10, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01,
+	0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x62, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x43,
+	0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
+	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -8918,7 +8985,7 @@ func file_private_pbconfigentry_config_entry_proto_rawDescGZIP() []byte {
 }
 
 var file_private_pbconfigentry_config_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 11)
-var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 110)
+var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 111)
 var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(Kind)(0),                                   // 0: hashicorp.consul.internal.configentry.Kind
 	(IntentionAction)(0),                        // 1: hashicorp.consul.internal.configentry.IntentionAction
@@ -8999,58 +9066,59 @@ var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(*URLRewrite)(nil),                          // 76: hashicorp.consul.internal.configentry.URLRewrite
 	(*RetryFilter)(nil),                         // 77: hashicorp.consul.internal.configentry.RetryFilter
 	(*TimeoutFilter)(nil),                       // 78: hashicorp.consul.internal.configentry.TimeoutFilter
-	(*HTTPHeaderFilter)(nil),                    // 79: hashicorp.consul.internal.configentry.HTTPHeaderFilter
-	(*HTTPService)(nil),                         // 80: hashicorp.consul.internal.configentry.HTTPService
-	(*TCPRoute)(nil),                            // 81: hashicorp.consul.internal.configentry.TCPRoute
-	(*TCPService)(nil),                          // 82: hashicorp.consul.internal.configentry.TCPService
-	(*SamenessGroup)(nil),                       // 83: hashicorp.consul.internal.configentry.SamenessGroup
-	(*SamenessGroupMember)(nil),                 // 84: hashicorp.consul.internal.configentry.SamenessGroupMember
-	(*JWTProvider)(nil),                         // 85: hashicorp.consul.internal.configentry.JWTProvider
-	(*JSONWebKeySet)(nil),                       // 86: hashicorp.consul.internal.configentry.JSONWebKeySet
-	(*LocalJWKS)(nil),                           // 87: hashicorp.consul.internal.configentry.LocalJWKS
-	(*RemoteJWKS)(nil),                          // 88: hashicorp.consul.internal.configentry.RemoteJWKS
-	(*JWKSCluster)(nil),                         // 89: hashicorp.consul.internal.configentry.JWKSCluster
-	(*JWKSTLSCertificate)(nil),                  // 90: hashicorp.consul.internal.configentry.JWKSTLSCertificate
-	(*JWKSTLSCertProviderInstance)(nil),         // 91: hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
-	(*JWKSTLSCertTrustedCA)(nil),                // 92: hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
-	(*JWKSRetryPolicy)(nil),                     // 93: hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	(*RetryPolicyBackOff)(nil),                  // 94: hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	(*JWTLocation)(nil),                         // 95: hashicorp.consul.internal.configentry.JWTLocation
-	(*JWTLocationHeader)(nil),                   // 96: hashicorp.consul.internal.configentry.JWTLocationHeader
-	(*JWTLocationQueryParam)(nil),               // 97: hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	(*JWTLocationCookie)(nil),                   // 98: hashicorp.consul.internal.configentry.JWTLocationCookie
-	(*JWTForwardingConfig)(nil),                 // 99: hashicorp.consul.internal.configentry.JWTForwardingConfig
-	(*JWTCacheConfig)(nil),                      // 100: hashicorp.consul.internal.configentry.JWTCacheConfig
-	nil,                                         // 101: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
-	nil,                                         // 102: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
-	nil,                                         // 103: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	nil,                                         // 104: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	nil,                                         // 105: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
-	nil,                                         // 106: hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	nil,                                         // 107: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	nil,                                         // 108: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
-	nil,                                         // 109: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
-	nil,                                         // 110: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	nil,                                         // 111: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	nil,                                         // 112: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
-	nil,                                         // 113: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
-	nil,                                         // 114: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	nil,                                         // 115: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
-	nil,                                         // 116: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	nil,                                         // 117: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
-	nil,                                         // 118: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
-	nil,                                         // 119: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	nil,                                         // 120: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
-	(*pbcommon.EnterpriseMeta)(nil),             // 121: hashicorp.consul.internal.common.EnterpriseMeta
-	(*pbcommon.RaftIndex)(nil),                  // 122: hashicorp.consul.internal.common.RaftIndex
-	(*durationpb.Duration)(nil),                 // 123: google.protobuf.Duration
-	(*timestamppb.Timestamp)(nil),               // 124: google.protobuf.Timestamp
-	(*pbcommon.EnvoyExtension)(nil),             // 125: hashicorp.consul.internal.common.EnvoyExtension
+	(*JWTFilter)(nil),                           // 79: hashicorp.consul.internal.configentry.JWTFilter
+	(*HTTPHeaderFilter)(nil),                    // 80: hashicorp.consul.internal.configentry.HTTPHeaderFilter
+	(*HTTPService)(nil),                         // 81: hashicorp.consul.internal.configentry.HTTPService
+	(*TCPRoute)(nil),                            // 82: hashicorp.consul.internal.configentry.TCPRoute
+	(*TCPService)(nil),                          // 83: hashicorp.consul.internal.configentry.TCPService
+	(*SamenessGroup)(nil),                       // 84: hashicorp.consul.internal.configentry.SamenessGroup
+	(*SamenessGroupMember)(nil),                 // 85: hashicorp.consul.internal.configentry.SamenessGroupMember
+	(*JWTProvider)(nil),                         // 86: hashicorp.consul.internal.configentry.JWTProvider
+	(*JSONWebKeySet)(nil),                       // 87: hashicorp.consul.internal.configentry.JSONWebKeySet
+	(*LocalJWKS)(nil),                           // 88: hashicorp.consul.internal.configentry.LocalJWKS
+	(*RemoteJWKS)(nil),                          // 89: hashicorp.consul.internal.configentry.RemoteJWKS
+	(*JWKSCluster)(nil),                         // 90: hashicorp.consul.internal.configentry.JWKSCluster
+	(*JWKSTLSCertificate)(nil),                  // 91: hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	(*JWKSTLSCertProviderInstance)(nil),         // 92: hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	(*JWKSTLSCertTrustedCA)(nil),                // 93: hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	(*JWKSRetryPolicy)(nil),                     // 94: hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	(*RetryPolicyBackOff)(nil),                  // 95: hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	(*JWTLocation)(nil),                         // 96: hashicorp.consul.internal.configentry.JWTLocation
+	(*JWTLocationHeader)(nil),                   // 97: hashicorp.consul.internal.configentry.JWTLocationHeader
+	(*JWTLocationQueryParam)(nil),               // 98: hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	(*JWTLocationCookie)(nil),                   // 99: hashicorp.consul.internal.configentry.JWTLocationCookie
+	(*JWTForwardingConfig)(nil),                 // 100: hashicorp.consul.internal.configentry.JWTForwardingConfig
+	(*JWTCacheConfig)(nil),                      // 101: hashicorp.consul.internal.configentry.JWTCacheConfig
+	nil,                                         // 102: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	nil,                                         // 103: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	nil,                                         // 104: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	nil,                                         // 105: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	nil,                                         // 106: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	nil,                                         // 107: hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	nil,                                         // 108: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	nil,                                         // 109: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	nil,                                         // 110: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	nil,                                         // 111: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	nil,                                         // 112: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	nil,                                         // 113: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	nil,                                         // 114: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	nil,                                         // 115: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	nil,                                         // 116: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	nil,                                         // 117: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	nil,                                         // 118: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	nil,                                         // 119: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	nil,                                         // 120: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	nil,                                         // 121: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	(*pbcommon.EnterpriseMeta)(nil),             // 122: hashicorp.consul.internal.common.EnterpriseMeta
+	(*pbcommon.RaftIndex)(nil),                  // 123: hashicorp.consul.internal.common.RaftIndex
+	(*durationpb.Duration)(nil),                 // 124: google.protobuf.Duration
+	(*timestamppb.Timestamp)(nil),               // 125: google.protobuf.Timestamp
+	(*pbcommon.EnvoyExtension)(nil),             // 126: hashicorp.consul.internal.common.EnvoyExtension
 }
 var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	0,   // 0: hashicorp.consul.internal.configentry.ConfigEntry.Kind:type_name -> hashicorp.consul.internal.configentry.Kind
-	121, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	122, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
+	122, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	123, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
 	12,  // 3: hashicorp.consul.internal.configentry.ConfigEntry.MeshConfig:type_name -> hashicorp.consul.internal.configentry.MeshConfig
 	18,  // 4: hashicorp.consul.internal.configentry.ConfigEntry.ServiceResolver:type_name -> hashicorp.consul.internal.configentry.ServiceResolver
 	30,  // 5: hashicorp.consul.internal.configentry.ConfigEntry.IngressGateway:type_name -> hashicorp.consul.internal.configentry.IngressGateway
@@ -9058,25 +9126,25 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	46,  // 7: hashicorp.consul.internal.configentry.ConfigEntry.ServiceDefaults:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults
 	56,  // 8: hashicorp.consul.internal.configentry.ConfigEntry.APIGateway:type_name -> hashicorp.consul.internal.configentry.APIGateway
 	66,  // 9: hashicorp.consul.internal.configentry.ConfigEntry.BoundAPIGateway:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway
-	81,  // 10: hashicorp.consul.internal.configentry.ConfigEntry.TCPRoute:type_name -> hashicorp.consul.internal.configentry.TCPRoute
+	82,  // 10: hashicorp.consul.internal.configentry.ConfigEntry.TCPRoute:type_name -> hashicorp.consul.internal.configentry.TCPRoute
 	69,  // 11: hashicorp.consul.internal.configentry.ConfigEntry.HTTPRoute:type_name -> hashicorp.consul.internal.configentry.HTTPRoute
 	68,  // 12: hashicorp.consul.internal.configentry.ConfigEntry.InlineCertificate:type_name -> hashicorp.consul.internal.configentry.InlineCertificate
-	83,  // 13: hashicorp.consul.internal.configentry.ConfigEntry.SamenessGroup:type_name -> hashicorp.consul.internal.configentry.SamenessGroup
-	85,  // 14: hashicorp.consul.internal.configentry.ConfigEntry.JWTProvider:type_name -> hashicorp.consul.internal.configentry.JWTProvider
+	84,  // 13: hashicorp.consul.internal.configentry.ConfigEntry.SamenessGroup:type_name -> hashicorp.consul.internal.configentry.SamenessGroup
+	86,  // 14: hashicorp.consul.internal.configentry.ConfigEntry.JWTProvider:type_name -> hashicorp.consul.internal.configentry.JWTProvider
 	13,  // 15: hashicorp.consul.internal.configentry.MeshConfig.TransparentProxy:type_name -> hashicorp.consul.internal.configentry.TransparentProxyMeshConfig
 	14,  // 16: hashicorp.consul.internal.configentry.MeshConfig.TLS:type_name -> hashicorp.consul.internal.configentry.MeshTLSConfig
 	16,  // 17: hashicorp.consul.internal.configentry.MeshConfig.HTTP:type_name -> hashicorp.consul.internal.configentry.MeshHTTPConfig
-	101, // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	102, // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
 	17,  // 19: hashicorp.consul.internal.configentry.MeshConfig.Peering:type_name -> hashicorp.consul.internal.configentry.PeeringMeshConfig
 	15,  // 20: hashicorp.consul.internal.configentry.MeshTLSConfig.Incoming:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
 	15,  // 21: hashicorp.consul.internal.configentry.MeshTLSConfig.Outgoing:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
-	102, // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	103, // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
 	20,  // 23: hashicorp.consul.internal.configentry.ServiceResolver.Redirect:type_name -> hashicorp.consul.internal.configentry.ServiceResolverRedirect
-	103, // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	123, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
+	104, // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	124, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
 	25,  // 26: hashicorp.consul.internal.configentry.ServiceResolver.LoadBalancer:type_name -> hashicorp.consul.internal.configentry.LoadBalancer
-	104, // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	123, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
+	105, // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	124, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
 	23,  // 29: hashicorp.consul.internal.configentry.ServiceResolver.PrioritizeByLocality:type_name -> hashicorp.consul.internal.configentry.ServiceResolverPrioritizeByLocality
 	24,  // 30: hashicorp.consul.internal.configentry.ServiceResolverFailover.Targets:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverTarget
 	22,  // 31: hashicorp.consul.internal.configentry.ServiceResolverFailover.Policy:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverPolicy
@@ -9084,10 +9152,10 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	27,  // 33: hashicorp.consul.internal.configentry.LoadBalancer.LeastRequestConfig:type_name -> hashicorp.consul.internal.configentry.LeastRequestConfig
 	28,  // 34: hashicorp.consul.internal.configentry.LoadBalancer.HashPolicies:type_name -> hashicorp.consul.internal.configentry.HashPolicy
 	29,  // 35: hashicorp.consul.internal.configentry.HashPolicy.CookieConfig:type_name -> hashicorp.consul.internal.configentry.CookieConfig
-	123, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
+	124, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
 	32,  // 37: hashicorp.consul.internal.configentry.IngressGateway.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig
 	34,  // 38: hashicorp.consul.internal.configentry.IngressGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.IngressListener
-	105, // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	106, // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
 	31,  // 40: hashicorp.consul.internal.configentry.IngressGateway.Defaults:type_name -> hashicorp.consul.internal.configentry.IngressServiceConfig
 	54,  // 41: hashicorp.consul.internal.configentry.IngressServiceConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 42: hashicorp.consul.internal.configentry.GatewayTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
@@ -9096,24 +9164,24 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	36,  // 45: hashicorp.consul.internal.configentry.IngressService.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayServiceTLSConfig
 	37,  // 46: hashicorp.consul.internal.configentry.IngressService.RequestHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
 	37,  // 47: hashicorp.consul.internal.configentry.IngressService.ResponseHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
-	106, // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	121, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	107, // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	122, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	54,  // 50: hashicorp.consul.internal.configentry.IngressService.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 51: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
-	107, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	108, // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	108, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	109, // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
 	42,  // 54: hashicorp.consul.internal.configentry.ServiceIntentions.Sources:type_name -> hashicorp.consul.internal.configentry.SourceIntention
-	109, // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	110, // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
 	39,  // 56: hashicorp.consul.internal.configentry.ServiceIntentions.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
 	40,  // 57: hashicorp.consul.internal.configentry.IntentionJWTRequirement.Providers:type_name -> hashicorp.consul.internal.configentry.IntentionJWTProvider
 	41,  // 58: hashicorp.consul.internal.configentry.IntentionJWTProvider.VerifyClaims:type_name -> hashicorp.consul.internal.configentry.IntentionJWTClaimVerification
 	1,   // 59: hashicorp.consul.internal.configentry.SourceIntention.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	43,  // 60: hashicorp.consul.internal.configentry.SourceIntention.Permissions:type_name -> hashicorp.consul.internal.configentry.IntentionPermission
 	2,   // 61: hashicorp.consul.internal.configentry.SourceIntention.Type:type_name -> hashicorp.consul.internal.configentry.IntentionSourceType
-	110, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	124, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
-	124, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
-	121, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	111, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	125, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
+	125, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
+	122, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	1,   // 66: hashicorp.consul.internal.configentry.IntentionPermission.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	44,  // 67: hashicorp.consul.internal.configentry.IntentionPermission.HTTP:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPPermission
 	39,  // 68: hashicorp.consul.internal.configentry.IntentionPermission.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
@@ -9124,25 +9192,25 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	49,  // 73: hashicorp.consul.internal.configentry.ServiceDefaults.Expose:type_name -> hashicorp.consul.internal.configentry.ExposeConfig
 	51,  // 74: hashicorp.consul.internal.configentry.ServiceDefaults.UpstreamConfig:type_name -> hashicorp.consul.internal.configentry.UpstreamConfiguration
 	55,  // 75: hashicorp.consul.internal.configentry.ServiceDefaults.Destination:type_name -> hashicorp.consul.internal.configentry.DestinationConfig
-	111, // 76: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	125, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
+	112, // 76: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	126, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
 	4,   // 78: hashicorp.consul.internal.configentry.ServiceDefaults.MutualTLSMode:type_name -> hashicorp.consul.internal.configentry.MutualTLSMode
 	5,   // 79: hashicorp.consul.internal.configentry.MeshGatewayConfig.Mode:type_name -> hashicorp.consul.internal.configentry.MeshGatewayMode
 	50,  // 80: hashicorp.consul.internal.configentry.ExposeConfig.Paths:type_name -> hashicorp.consul.internal.configentry.ExposePath
 	52,  // 81: hashicorp.consul.internal.configentry.UpstreamConfiguration.Overrides:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
 	52,  // 82: hashicorp.consul.internal.configentry.UpstreamConfiguration.Defaults:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
-	121, // 83: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	122, // 83: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	53,  // 84: hashicorp.consul.internal.configentry.UpstreamConfig.Limits:type_name -> hashicorp.consul.internal.configentry.UpstreamLimits
 	54,  // 85: hashicorp.consul.internal.configentry.UpstreamConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	48,  // 86: hashicorp.consul.internal.configentry.UpstreamConfig.MeshGateway:type_name -> hashicorp.consul.internal.configentry.MeshGatewayConfig
-	123, // 87: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
-	123, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
-	112, // 89: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	124, // 87: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
+	124, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
+	113, // 89: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
 	59,  // 90: hashicorp.consul.internal.configentry.APIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.APIGatewayListener
 	57,  // 91: hashicorp.consul.internal.configentry.APIGateway.Status:type_name -> hashicorp.consul.internal.configentry.Status
 	58,  // 92: hashicorp.consul.internal.configentry.Status.Conditions:type_name -> hashicorp.consul.internal.configentry.Condition
 	65,  // 93: hashicorp.consul.internal.configentry.Condition.Resource:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	124, // 94: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
+	125, // 94: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
 	6,   // 95: hashicorp.consul.internal.configentry.APIGatewayListener.Protocol:type_name -> hashicorp.consul.internal.configentry.APIGatewayListenerProtocol
 	60,  // 96: hashicorp.consul.internal.configentry.APIGatewayListener.TLS:type_name -> hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
 	61,  // 97: hashicorp.consul.internal.configentry.APIGatewayListener.Override:type_name -> hashicorp.consul.internal.configentry.APIGatewayPolicy
@@ -9151,19 +9219,19 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	62,  // 100: hashicorp.consul.internal.configentry.APIGatewayPolicy.JWT:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTRequirement
 	63,  // 101: hashicorp.consul.internal.configentry.APIGatewayJWTRequirement.Providers:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTProvider
 	64,  // 102: hashicorp.consul.internal.configentry.APIGatewayJWTProvider.VerifyClaims:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTClaimVerification
-	121, // 103: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	113, // 104: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	122, // 103: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	114, // 104: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
 	67,  // 105: hashicorp.consul.internal.configentry.BoundAPIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.BoundAPIGatewayListener
 	65,  // 106: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
 	65,  // 107: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Routes:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	114, // 108: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	115, // 109: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	115, // 108: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	116, // 109: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
 	65,  // 110: hashicorp.consul.internal.configentry.HTTPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
 	70,  // 111: hashicorp.consul.internal.configentry.HTTPRoute.Rules:type_name -> hashicorp.consul.internal.configentry.HTTPRouteRule
 	57,  // 112: hashicorp.consul.internal.configentry.HTTPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
 	75,  // 113: hashicorp.consul.internal.configentry.HTTPRouteRule.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
 	71,  // 114: hashicorp.consul.internal.configentry.HTTPRouteRule.Matches:type_name -> hashicorp.consul.internal.configentry.HTTPMatch
-	80,  // 115: hashicorp.consul.internal.configentry.HTTPRouteRule.Services:type_name -> hashicorp.consul.internal.configentry.HTTPService
+	81,  // 115: hashicorp.consul.internal.configentry.HTTPRouteRule.Services:type_name -> hashicorp.consul.internal.configentry.HTTPService
 	72,  // 116: hashicorp.consul.internal.configentry.HTTPMatch.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatch
 	7,   // 117: hashicorp.consul.internal.configentry.HTTPMatch.Method:type_name -> hashicorp.consul.internal.configentry.HTTPMatchMethod
 	73,  // 118: hashicorp.consul.internal.configentry.HTTPMatch.Path:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatch
@@ -9171,51 +9239,53 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	8,   // 120: hashicorp.consul.internal.configentry.HTTPHeaderMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatchType
 	9,   // 121: hashicorp.consul.internal.configentry.HTTPPathMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatchType
 	10,  // 122: hashicorp.consul.internal.configentry.HTTPQueryMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatchType
-	79,  // 123: hashicorp.consul.internal.configentry.HTTPFilters.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter
+	80,  // 123: hashicorp.consul.internal.configentry.HTTPFilters.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter
 	76,  // 124: hashicorp.consul.internal.configentry.HTTPFilters.URLRewrite:type_name -> hashicorp.consul.internal.configentry.URLRewrite
 	77,  // 125: hashicorp.consul.internal.configentry.HTTPFilters.RetryFilter:type_name -> hashicorp.consul.internal.configentry.RetryFilter
 	78,  // 126: hashicorp.consul.internal.configentry.HTTPFilters.TimeoutFilter:type_name -> hashicorp.consul.internal.configentry.TimeoutFilter
-	123, // 127: hashicorp.consul.internal.configentry.TimeoutFilter.RequestTimeout:type_name -> google.protobuf.Duration
-	123, // 128: hashicorp.consul.internal.configentry.TimeoutFilter.IdleTimeout:type_name -> google.protobuf.Duration
-	116, // 129: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	117, // 130: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
-	75,  // 131: hashicorp.consul.internal.configentry.HTTPService.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
-	121, // 132: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	118, // 133: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
-	65,  // 134: hashicorp.consul.internal.configentry.TCPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	82,  // 135: hashicorp.consul.internal.configentry.TCPRoute.Services:type_name -> hashicorp.consul.internal.configentry.TCPService
-	57,  // 136: hashicorp.consul.internal.configentry.TCPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
-	121, // 137: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	84,  // 138: hashicorp.consul.internal.configentry.SamenessGroup.Members:type_name -> hashicorp.consul.internal.configentry.SamenessGroupMember
-	119, // 139: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	121, // 140: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	86,  // 141: hashicorp.consul.internal.configentry.JWTProvider.JSONWebKeySet:type_name -> hashicorp.consul.internal.configentry.JSONWebKeySet
-	95,  // 142: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
-	99,  // 143: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
-	100, // 144: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
-	120, // 145: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
-	87,  // 146: hashicorp.consul.internal.configentry.JSONWebKeySet.Local:type_name -> hashicorp.consul.internal.configentry.LocalJWKS
-	88,  // 147: hashicorp.consul.internal.configentry.JSONWebKeySet.Remote:type_name -> hashicorp.consul.internal.configentry.RemoteJWKS
-	123, // 148: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
-	93,  // 149: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	89,  // 150: hashicorp.consul.internal.configentry.RemoteJWKS.JWKSCluster:type_name -> hashicorp.consul.internal.configentry.JWKSCluster
-	90,  // 151: hashicorp.consul.internal.configentry.JWKSCluster.TLSCertificates:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertificate
-	123, // 152: hashicorp.consul.internal.configentry.JWKSCluster.ConnectTimeout:type_name -> google.protobuf.Duration
-	91,  // 153: hashicorp.consul.internal.configentry.JWKSTLSCertificate.CaCertificateProviderInstance:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
-	92,  // 154: hashicorp.consul.internal.configentry.JWKSTLSCertificate.TrustedCA:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
-	94,  // 155: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	123, // 156: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
-	123, // 157: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
-	96,  // 158: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
-	97,  // 159: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	98,  // 160: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
-	19,  // 161: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
-	21,  // 162: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
-	163, // [163:163] is the sub-list for method output_type
-	163, // [163:163] is the sub-list for method input_type
-	163, // [163:163] is the sub-list for extension type_name
-	163, // [163:163] is the sub-list for extension extendee
-	0,   // [0:163] is the sub-list for field type_name
+	79,  // 127: hashicorp.consul.internal.configentry.HTTPFilters.JWT:type_name -> hashicorp.consul.internal.configentry.JWTFilter
+	124, // 128: hashicorp.consul.internal.configentry.TimeoutFilter.RequestTimeout:type_name -> google.protobuf.Duration
+	124, // 129: hashicorp.consul.internal.configentry.TimeoutFilter.IdleTimeout:type_name -> google.protobuf.Duration
+	63,  // 130: hashicorp.consul.internal.configentry.JWTFilter.Providers:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTProvider
+	117, // 131: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	118, // 132: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	75,  // 133: hashicorp.consul.internal.configentry.HTTPService.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
+	122, // 134: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	119, // 135: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	65,  // 136: hashicorp.consul.internal.configentry.TCPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	83,  // 137: hashicorp.consul.internal.configentry.TCPRoute.Services:type_name -> hashicorp.consul.internal.configentry.TCPService
+	57,  // 138: hashicorp.consul.internal.configentry.TCPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
+	122, // 139: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	85,  // 140: hashicorp.consul.internal.configentry.SamenessGroup.Members:type_name -> hashicorp.consul.internal.configentry.SamenessGroupMember
+	120, // 141: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	122, // 142: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	87,  // 143: hashicorp.consul.internal.configentry.JWTProvider.JSONWebKeySet:type_name -> hashicorp.consul.internal.configentry.JSONWebKeySet
+	96,  // 144: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
+	100, // 145: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
+	101, // 146: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
+	121, // 147: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	88,  // 148: hashicorp.consul.internal.configentry.JSONWebKeySet.Local:type_name -> hashicorp.consul.internal.configentry.LocalJWKS
+	89,  // 149: hashicorp.consul.internal.configentry.JSONWebKeySet.Remote:type_name -> hashicorp.consul.internal.configentry.RemoteJWKS
+	124, // 150: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
+	94,  // 151: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	90,  // 152: hashicorp.consul.internal.configentry.RemoteJWKS.JWKSCluster:type_name -> hashicorp.consul.internal.configentry.JWKSCluster
+	91,  // 153: hashicorp.consul.internal.configentry.JWKSCluster.TLSCertificates:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	124, // 154: hashicorp.consul.internal.configentry.JWKSCluster.ConnectTimeout:type_name -> google.protobuf.Duration
+	92,  // 155: hashicorp.consul.internal.configentry.JWKSTLSCertificate.CaCertificateProviderInstance:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	93,  // 156: hashicorp.consul.internal.configentry.JWKSTLSCertificate.TrustedCA:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	95,  // 157: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	124, // 158: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
+	124, // 159: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
+	97,  // 160: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
+	98,  // 161: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	99,  // 162: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
+	19,  // 163: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
+	21,  // 164: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
+	165, // [165:165] is the sub-list for method output_type
+	165, // [165:165] is the sub-list for method input_type
+	165, // [165:165] is the sub-list for extension type_name
+	165, // [165:165] is the sub-list for extension extendee
+	0,   // [0:165] is the sub-list for field type_name
 }
 
 func init() { file_private_pbconfigentry_config_entry_proto_init() }
@@ -10041,7 +10111,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[68].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPHeaderFilter); i {
+			switch v := v.(*JWTFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10053,7 +10123,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[69].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPService); i {
+			switch v := v.(*HTTPHeaderFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10065,7 +10135,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[70].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPRoute); i {
+			switch v := v.(*HTTPService); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10077,7 +10147,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[71].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPService); i {
+			switch v := v.(*TCPRoute); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10089,7 +10159,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[72].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SamenessGroup); i {
+			switch v := v.(*TCPService); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10101,7 +10171,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[73].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SamenessGroupMember); i {
+			switch v := v.(*SamenessGroup); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10113,7 +10183,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[74].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTProvider); i {
+			switch v := v.(*SamenessGroupMember); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10125,7 +10195,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[75].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JSONWebKeySet); i {
+			switch v := v.(*JWTProvider); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10137,7 +10207,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[76].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LocalJWKS); i {
+			switch v := v.(*JSONWebKeySet); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10149,7 +10219,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[77].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RemoteJWKS); i {
+			switch v := v.(*LocalJWKS); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10161,7 +10231,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[78].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSCluster); i {
+			switch v := v.(*RemoteJWKS); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10173,7 +10243,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[79].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertificate); i {
+			switch v := v.(*JWKSCluster); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10185,7 +10255,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[80].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertProviderInstance); i {
+			switch v := v.(*JWKSTLSCertificate); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10197,7 +10267,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[81].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertTrustedCA); i {
+			switch v := v.(*JWKSTLSCertProviderInstance); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10209,7 +10279,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[82].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSRetryPolicy); i {
+			switch v := v.(*JWKSTLSCertTrustedCA); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10221,7 +10291,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[83].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RetryPolicyBackOff); i {
+			switch v := v.(*JWKSRetryPolicy); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10233,7 +10303,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[84].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocation); i {
+			switch v := v.(*RetryPolicyBackOff); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10245,7 +10315,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[85].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationHeader); i {
+			switch v := v.(*JWTLocation); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10257,7 +10327,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[86].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationQueryParam); i {
+			switch v := v.(*JWTLocationHeader); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10269,7 +10339,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[87].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationCookie); i {
+			switch v := v.(*JWTLocationQueryParam); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10281,7 +10351,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[88].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTForwardingConfig); i {
+			switch v := v.(*JWTLocationCookie); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10293,6 +10363,18 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[89].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTForwardingConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[90].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTCacheConfig); i {
 			case 0:
 				return &v.state
@@ -10325,7 +10407,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_private_pbconfigentry_config_entry_proto_rawDesc,
 			NumEnums:      11,
-			NumMessages:   110,
+			NumMessages:   111,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto/private/pbconfigentry/config_entry.proto b/proto/private/pbconfigentry/config_entry.proto
index c3b6baaa6743..d053ff181421 100644
--- a/proto/private/pbconfigentry/config_entry.proto
+++ b/proto/private/pbconfigentry/config_entry.proto
@@ -912,6 +912,8 @@ message HTTPFilters {
   URLRewrite URLRewrite = 2;
   RetryFilter RetryFilter = 3;
   TimeoutFilter TimeoutFilter = 4;
+  // mog: func-to=routeJWTFilterToStructs func-from=routeJWTFilterFromStructs
+  JWTFilter JWT = 5;
 }
 
 // mog annotation:
@@ -947,6 +949,10 @@ message TimeoutFilter {
   google.protobuf.Duration IdleTimeout = 2;
 }
 
+message JWTFilter {
+  repeated APIGatewayJWTProvider Providers = 1;
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.HTTPHeaderFilter
diff --git a/proto/private/pbconfigentry/config_entry_oss.go b/proto/private/pbconfigentry/config_entry_oss.go
index 09e9ea18cd51..26cd931299e8 100644
--- a/proto/private/pbconfigentry/config_entry_oss.go
+++ b/proto/private/pbconfigentry/config_entry_oss.go
@@ -15,3 +15,11 @@ func gwJWTRequirementToStructs(m *APIGatewayJWTRequirement) *structs.APIGatewayJ
 func gwJWTRequirementFromStructs(*structs.APIGatewayJWTRequirement) *APIGatewayJWTRequirement {
 	return &APIGatewayJWTRequirement{}
 }
+
+func routeJWTFilterToStructs(m *JWTFilter) *structs.JWTFilter {
+	return &structs.JWTFilter{}
+}
+
+func routeJWTFilterFromStructs(*structs.JWTFilter) *JWTFilter {
+	return &JWTFilter{}
+}

From 5fb9df1640cfa1aaf96228da1f44b31ecd6b825a Mon Sep 17 00:00:00 2001
From: "hashicorp-copywrite[bot]"
 <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Date: Fri, 11 Aug 2023 09:12:13 -0400
Subject: [PATCH 272/359] [COMPLIANCE] License changes (#18443)

* Adding explicit MPL license for sub-package

This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.

* Adding explicit MPL license for sub-package

This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.

* Updating the license from MPL to Business Source License

Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl.

* add missing license headers

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

---------

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
---
 .copywrite.hcl                                |   6 +-
 .github/ISSUE_TEMPLATE/config.yml             |   2 +-
 .github/dependabot.yml                        |   2 +-
 .github/pr-labeler.yml                        |   2 +-
 .github/scripts/changelog_checker.sh          |   2 +-
 .github/scripts/get_runner_classes.sh         |   2 +-
 .github/scripts/get_runner_classes_windows.sh |   2 +-
 .github/scripts/metrics_checker.sh            |   2 +-
 .github/scripts/notify_slack.sh               |   2 +-
 .github/scripts/rerun_fails_report.sh         |   2 +-
 .github/scripts/set_test_package_matrix.sh    |   2 +-
 .github/scripts/verify_artifact.sh            |   2 +-
 .github/scripts/verify_bin.sh                 |   2 +-
 .github/scripts/verify_deb.sh                 |   2 +-
 .github/scripts/verify_docker.sh              |   2 +-
 .github/scripts/verify_envoy_version.sh       |   2 +-
 .github/scripts/verify_rpm.sh                 |   2 +-
 .golangci.yml                                 |   2 +-
 .release/ci.hcl                               |   2 +-
 .release/docker/docker-entrypoint-ubi.sh      |   2 +-
 .release/docker/docker-entrypoint-windows.sh  |   3 +
 .release/docker/docker-entrypoint.sh          |   2 +-
 .../linux/package/etc/consul.d/consul.hcl     |   2 +-
 .release/release-metadata.hcl                 |   2 +-
 .release/security-scan.hcl                    |   2 +-
 Dockerfile                                    |   2 +-
 LICENSE                                       | 417 +++---------------
 acl/MockAuthorizer.go                         |   2 +-
 acl/acl.go                                    |   2 +-
 acl/acl_oss.go                                |   2 +-
 acl/acl_test.go                               |   2 +-
 acl/authorizer.go                             |   2 +-
 acl/authorizer_oss.go                         |   2 +-
 acl/authorizer_test.go                        |   2 +-
 acl/chained_authorizer.go                     |   2 +-
 acl/chained_authorizer_test.go                |   2 +-
 acl/enterprisemeta_oss.go                     |   2 +-
 acl/errors.go                                 |   2 +-
 acl/errors_oss.go                             |   2 +-
 acl/errors_test.go                            |   2 +-
 acl/policy.go                                 |   2 +-
 acl/policy_authorizer.go                      |   2 +-
 acl/policy_authorizer_oss.go                  |   2 +-
 acl/policy_authorizer_test.go                 |   2 +-
 acl/policy_merger.go                          |   2 +-
 acl/policy_merger_oss.go                      |   2 +-
 acl/policy_oss.go                             |   2 +-
 acl/policy_test.go                            |   2 +-
 acl/resolver/danger.go                        |   2 +-
 acl/resolver/result.go                        |   2 +-
 acl/static_authorizer.go                      |   2 +-
 acl/static_authorizer_test.go                 |   2 +-
 acl/testing.go                                |   2 +-
 acl/validation.go                             |   2 +-
 acl/validation_test.go                        |   2 +-
 agent/acl.go                                  |   2 +-
 agent/acl_endpoint.go                         |   2 +-
 agent/acl_endpoint_test.go                    |   2 +-
 agent/acl_oss.go                              |   2 +-
 agent/acl_test.go                             |   2 +-
 agent/ae/ae.go                                |   2 +-
 agent/ae/ae_test.go                           |   2 +-
 agent/ae/trigger.go                           |   2 +-
 agent/agent.go                                |   2 +-
 agent/agent_endpoint.go                       |   2 +-
 agent/agent_endpoint_oss.go                   |   2 +-
 agent/agent_endpoint_oss_test.go              |   2 +-
 agent/agent_endpoint_test.go                  |   2 +-
 agent/agent_oss.go                            |   2 +-
 agent/agent_oss_test.go                       |   2 +-
 agent/agent_test.go                           |   2 +-
 agent/apiserver.go                            |   2 +-
 agent/apiserver_test.go                       |   2 +-
 agent/auto-config/auto_config.go              |   2 +-
 agent/auto-config/auto_config_oss.go          |   2 +-
 agent/auto-config/auto_config_oss_test.go     |   2 +-
 agent/auto-config/auto_config_test.go         |   2 +-
 agent/auto-config/auto_encrypt.go             |   2 +-
 agent/auto-config/auto_encrypt_test.go        |   2 +-
 agent/auto-config/config.go                   |   2 +-
 agent/auto-config/config_oss.go               |   2 +-
 agent/auto-config/config_translate.go         |   2 +-
 agent/auto-config/config_translate_test.go    |   2 +-
 agent/auto-config/mock_oss_test.go            |   2 +-
 agent/auto-config/mock_test.go                |   2 +-
 agent/auto-config/persist.go                  |   2 +-
 agent/auto-config/run.go                      |   2 +-
 agent/auto-config/server_addr.go              |   2 +-
 agent/auto-config/tls.go                      |   2 +-
 agent/auto-config/tls_test.go                 |   2 +-
 agent/blockingquery/blockingquery.go          |   3 +
 agent/blockingquery/blockingquery_test.go     |   3 +
 agent/cache-types/catalog_datacenters.go      |   2 +-
 agent/cache-types/catalog_datacenters_test.go |   2 +-
 agent/cache-types/catalog_list_services.go    |   2 +-
 .../cache-types/catalog_list_services_test.go |   2 +-
 agent/cache-types/catalog_service_list.go     |   2 +-
 .../cache-types/catalog_service_list_test.go  |   2 +-
 agent/cache-types/catalog_services.go         |   2 +-
 agent/cache-types/catalog_services_test.go    |   2 +-
 agent/cache-types/config_entry.go             |   2 +-
 agent/cache-types/config_entry_test.go        |   2 +-
 agent/cache-types/connect_ca_root.go          |   2 +-
 agent/cache-types/connect_ca_root_test.go     |   2 +-
 agent/cache-types/discovery_chain.go          |   2 +-
 agent/cache-types/discovery_chain_test.go     |   2 +-
 agent/cache-types/exported_peered_services.go |   2 +-
 .../exported_peered_services_test.go          |   2 +-
 .../federation_state_list_gateways.go         |   2 +-
 .../federation_state_list_gateways_test.go    |   2 +-
 agent/cache-types/gateway_services.go         |   2 +-
 agent/cache-types/gateway_services_test.go    |   2 +-
 agent/cache-types/health_services.go          |   2 +-
 agent/cache-types/health_services_test.go     |   2 +-
 agent/cache-types/intention_match.go          |   2 +-
 agent/cache-types/intention_match_test.go     |   2 +-
 agent/cache-types/intention_upstreams.go      |   2 +-
 .../intention_upstreams_destination.go        |   2 +-
 .../intention_upstreams_destination_test.go   |   2 +-
 agent/cache-types/intention_upstreams_test.go |   2 +-
 agent/cache-types/node_services.go            |   2 +-
 agent/cache-types/node_services_test.go       |   2 +-
 agent/cache-types/options.go                  |   2 +-
 agent/cache-types/peered_upstreams.go         |   2 +-
 agent/cache-types/peered_upstreams_test.go    |   2 +-
 agent/cache-types/peerings.go                 |   2 +-
 agent/cache-types/peerings_test.go            |   2 +-
 agent/cache-types/prepared_query.go           |   2 +-
 agent/cache-types/prepared_query_test.go      |   2 +-
 agent/cache-types/resolved_service_config.go  |   2 +-
 .../resolved_service_config_test.go           |   2 +-
 agent/cache-types/rpc.go                      |   2 +-
 agent/cache-types/service_checks.go           |   2 +-
 agent/cache-types/service_checks_test.go      |   2 +-
 agent/cache-types/service_dump.go             |   2 +-
 agent/cache-types/service_dump_test.go        |   2 +-
 agent/cache-types/service_gateways.go         |   2 +-
 agent/cache-types/service_gateways_test.go    |   2 +-
 agent/cache-types/testing.go                  |   2 +-
 agent/cache-types/trust_bundle.go             |   2 +-
 agent/cache-types/trust_bundle_test.go        |   2 +-
 agent/cache-types/trust_bundles.go            |   2 +-
 agent/cache-types/trust_bundles_test.go       |   2 +-
 agent/cache/cache.go                          |   2 +-
 agent/cache/cache_test.go                     |   2 +-
 agent/cache/entry.go                          |   2 +-
 agent/cache/request.go                        |   2 +-
 agent/cache/testing.go                        |   2 +-
 agent/cache/type.go                           |   2 +-
 agent/cache/watch.go                          |   2 +-
 agent/cache/watch_test.go                     |   2 +-
 agent/catalog_endpoint.go                     |   2 +-
 agent/catalog_endpoint_oss.go                 |   2 +-
 agent/catalog_endpoint_test.go                |   2 +-
 agent/check.go                                |   2 +-
 agent/checks/alias.go                         |   2 +-
 agent/checks/alias_test.go                    |   2 +-
 agent/checks/check.go                         |   2 +-
 agent/checks/check_test.go                    |   2 +-
 agent/checks/check_windows_test.go            |   2 +-
 agent/checks/docker.go                        |   2 +-
 agent/checks/docker_unix.go                   |   2 +-
 agent/checks/docker_windows.go                |   2 +-
 agent/checks/grpc.go                          |   2 +-
 agent/checks/grpc_test.go                     |   2 +-
 agent/checks/os_service.go                    |   2 +-
 agent/checks/os_service_unix.go               |   2 +-
 agent/checks/os_service_windows.go            |   2 +-
 agent/config/agent_limits.go                  |   2 +-
 agent/config/builder.go                       |   2 +-
 agent/config/builder_oss.go                   |   2 +-
 agent/config/builder_oss_test.go              |   2 +-
 agent/config/builder_test.go                  |   2 +-
 agent/config/config.go                        |   2 +-
 agent/config/config_oss.go                    |   2 +-
 agent/config/default.go                       |   2 +-
 agent/config/default_oss.go                   |   2 +-
 agent/config/deprecated.go                    |   2 +-
 agent/config/deprecated_test.go               |   2 +-
 agent/config/doc.go                           |   2 +-
 agent/config/file_watcher.go                  |   2 +-
 agent/config/file_watcher_test.go             |   2 +-
 agent/config/flags.go                         |   2 +-
 agent/config/flags_test.go                    |   2 +-
 agent/config/flagset.go                       |   2 +-
 agent/config/golden_test.go                   |   2 +-
 agent/config/limits.go                        |   2 +-
 agent/config/limits_windows.go                |   2 +-
 agent/config/merge.go                         |   2 +-
 agent/config/merge_test.go                    |   2 +-
 agent/config/ratelimited_file_watcher.go      |   2 +-
 agent/config/ratelimited_file_watcher_test.go |   2 +-
 agent/config/runtime.go                       |   2 +-
 agent/config/runtime_oss.go                   |   2 +-
 agent/config/runtime_oss_test.go              |   2 +-
 agent/config/runtime_test.go                  |   2 +-
 agent/config/segment_oss.go                   |   2 +-
 agent/config/segment_oss_test.go              |   2 +-
 agent/config/testdata/full-config.hcl         |   2 +-
 agent/config_endpoint.go                      |   2 +-
 agent/config_endpoint_test.go                 |   2 +-
 agent/configentry/compare.go                  |   3 +
 agent/configentry/compare_test.go             |   3 +
 agent/configentry/config_entry.go             |   2 +-
 agent/configentry/discoverychain.go           |   2 +-
 agent/configentry/doc.go                      |   2 +-
 agent/configentry/merge_service_config.go     |   2 +-
 .../configentry/merge_service_config_test.go  |   2 +-
 agent/configentry/resolve.go                  |   2 +-
 agent/configentry/resolve_test.go             |   2 +-
 agent/configentry/service_config.go           |   2 +-
 agent/connect/authz.go                        |   2 +-
 agent/connect/authz_test.go                   |   2 +-
 agent/connect/ca/common.go                    |   2 +-
 agent/connect/ca/provider.go                  |   2 +-
 agent/connect/ca/provider_aws.go              |   2 +-
 agent/connect/ca/provider_aws_test.go         |   2 +-
 agent/connect/ca/provider_consul.go           |   2 +-
 agent/connect/ca/provider_consul_config.go    |   2 +-
 agent/connect/ca/provider_consul_test.go      |   2 +-
 agent/connect/ca/provider_test.go             |   2 +-
 agent/connect/ca/provider_vault.go            |   2 +-
 agent/connect/ca/provider_vault_auth.go       |   2 +-
 .../ca/provider_vault_auth_alicloud.go        |   2 +-
 .../connect/ca/provider_vault_auth_approle.go |   2 +-
 agent/connect/ca/provider_vault_auth_aws.go   |   2 +-
 agent/connect/ca/provider_vault_auth_azure.go |   2 +-
 agent/connect/ca/provider_vault_auth_gcp.go   |   2 +-
 agent/connect/ca/provider_vault_auth_jwt.go   |   2 +-
 agent/connect/ca/provider_vault_auth_k8s.go   |   2 +-
 agent/connect/ca/provider_vault_auth_test.go  |   2 +-
 agent/connect/ca/provider_vault_test.go       |   2 +-
 agent/connect/ca/testing.go                   |   2 +-
 agent/connect/common_names.go                 |   2 +-
 agent/connect/csr.go                          |   2 +-
 agent/connect/csr_test.go                     |   2 +-
 agent/connect/generate.go                     |   2 +-
 agent/connect/generate_test.go                |   2 +-
 agent/connect/parsing.go                      |   2 +-
 agent/connect/sni.go                          |   2 +-
 agent/connect/sni_test.go                     |   2 +-
 agent/connect/testing_ca.go                   |   2 +-
 agent/connect/testing_ca_test.go              |   2 +-
 agent/connect/testing_spiffe.go               |   2 +-
 agent/connect/uri.go                          |   2 +-
 agent/connect/uri_agent.go                    |   2 +-
 agent/connect/uri_agent_oss.go                |   2 +-
 agent/connect/uri_agent_oss_test.go           |   2 +-
 agent/connect/uri_mesh_gateway.go             |   2 +-
 agent/connect/uri_mesh_gateway_oss.go         |   2 +-
 agent/connect/uri_mesh_gateway_oss_test.go    |   2 +-
 agent/connect/uri_server.go                   |   2 +-
 agent/connect/uri_service.go                  |   2 +-
 agent/connect/uri_service_oss.go              |   2 +-
 agent/connect/uri_service_oss_test.go         |   2 +-
 agent/connect/uri_signing.go                  |   2 +-
 agent/connect/uri_signing_test.go             |   2 +-
 agent/connect/uri_test.go                     |   2 +-
 agent/connect/x509_patch.go                   |   2 +-
 agent/connect/x509_patch_test.go              |   2 +-
 agent/connect_auth.go                         |   2 +-
 agent/connect_ca_endpoint.go                  |   2 +-
 agent/connect_ca_endpoint_test.go             |   2 +-
 agent/consul/acl.go                           |   2 +-
 agent/consul/acl_authmethod.go                |   2 +-
 agent/consul/acl_authmethod_oss.go            |   2 +-
 agent/consul/acl_client.go                    |   2 +-
 agent/consul/acl_endpoint.go                  |   2 +-
 agent/consul/acl_endpoint_oss.go              |   2 +-
 agent/consul/acl_endpoint_test.go             |   2 +-
 agent/consul/acl_oss.go                       |   2 +-
 agent/consul/acl_oss_test.go                  |   2 +-
 agent/consul/acl_replication.go               |   2 +-
 agent/consul/acl_replication_test.go          |   2 +-
 agent/consul/acl_replication_types.go         |   2 +-
 agent/consul/acl_server.go                    |   2 +-
 agent/consul/acl_server_oss.go                |   2 +-
 agent/consul/acl_test.go                      |   2 +-
 agent/consul/acl_token_exp.go                 |   2 +-
 agent/consul/acl_token_exp_test.go            |   2 +-
 agent/consul/auth/binder.go                   |   2 +-
 agent/consul/auth/binder_oss.go               |   2 +-
 agent/consul/auth/binder_test.go              |   2 +-
 agent/consul/auth/login.go                    |   2 +-
 agent/consul/auth/token_writer.go             |   2 +-
 agent/consul/auth/token_writer_oss.go         |   2 +-
 agent/consul/auth/token_writer_test.go        |   2 +-
 agent/consul/authmethod/authmethods.go        |   2 +-
 agent/consul/authmethod/authmethods_oss.go    |   2 +-
 agent/consul/authmethod/awsauth/aws.go        |   2 +-
 agent/consul/authmethod/awsauth/aws_test.go   |   2 +-
 agent/consul/authmethod/kubeauth/k8s.go       |   2 +-
 agent/consul/authmethod/kubeauth/k8s_oss.go   |   2 +-
 agent/consul/authmethod/kubeauth/k8s_test.go  |   2 +-
 agent/consul/authmethod/kubeauth/testing.go   |   2 +-
 agent/consul/authmethod/ssoauth/sso.go        |   2 +-
 agent/consul/authmethod/ssoauth/sso_oss.go    |   2 +-
 agent/consul/authmethod/ssoauth/sso_test.go   |   2 +-
 agent/consul/authmethod/testauth/testing.go   |   2 +-
 .../consul/authmethod/testauth/testing_oss.go |   2 +-
 agent/consul/authmethod/testing.go            |   2 +-
 agent/consul/auto_config_backend.go           |   2 +-
 agent/consul/auto_config_backend_test.go      |   2 +-
 agent/consul/auto_config_endpoint.go          |   2 +-
 agent/consul/auto_config_endpoint_test.go     |   2 +-
 agent/consul/auto_encrypt_endpoint.go         |   2 +-
 agent/consul/auto_encrypt_endpoint_test.go    |   2 +-
 agent/consul/autopilot.go                     |   2 +-
 agent/consul/autopilot_oss.go                 |   2 +-
 agent/consul/autopilot_test.go                |   2 +-
 .../autopilotevents/ready_servers_events.go   |   2 +-
 .../ready_servers_events_test.go              |   2 +-
 agent/consul/catalog_endpoint.go              |   2 +-
 agent/consul/catalog_endpoint_test.go         |   2 +-
 agent/consul/client.go                        |   2 +-
 agent/consul/client_serf.go                   |   2 +-
 agent/consul/client_test.go                   |   2 +-
 agent/consul/cluster_test.go                  |   2 +-
 agent/consul/config.go                        |   2 +-
 agent/consul/config_cloud.go                  |   3 +
 agent/consul/config_endpoint.go               |   2 +-
 agent/consul/config_endpoint_test.go          |   2 +-
 agent/consul/config_oss.go                    |   2 +-
 agent/consul/config_replication.go            |   2 +-
 agent/consul/config_replication_test.go       |   2 +-
 agent/consul/config_test.go                   |   2 +-
 agent/consul/connect_ca_endpoint.go           |   2 +-
 agent/consul/connect_ca_endpoint_test.go      |   2 +-
 agent/consul/context.go                       |   2 +-
 agent/consul/context_test.go                  |   2 +-
 agent/consul/controller/controller.go         |   2 +-
 agent/consul/controller/controller_test.go    |   2 +-
 agent/consul/controller/doc.go                |   2 +-
 agent/consul/controller/queue/defer.go        |   2 +-
 agent/consul/controller/queue/queue.go        |   2 +-
 agent/consul/controller/queue/rate.go         |   2 +-
 agent/consul/controller/queue/rate_test.go    |   2 +-
 agent/consul/controller/queue_test.go         |   2 +-
 agent/consul/controller/reconciler.go         |   2 +-
 agent/consul/controller/reconciler_test.go    |   2 +-
 agent/consul/coordinate_endpoint.go           |   2 +-
 agent/consul/coordinate_endpoint_test.go      |   2 +-
 agent/consul/discovery_chain_endpoint.go      |   2 +-
 agent/consul/discovery_chain_endpoint_test.go |   2 +-
 agent/consul/discoverychain/compile.go        |   2 +-
 agent/consul/discoverychain/compile_oss.go    |   2 +-
 agent/consul/discoverychain/compile_test.go   |   2 +-
 agent/consul/discoverychain/gateway.go        |   2 +-
 .../discoverychain/gateway_httproute.go       |   2 +-
 .../consul/discoverychain/gateway_tcproute.go |   2 +-
 agent/consul/discoverychain/gateway_test.go   |   2 +-
 agent/consul/discoverychain/string_stack.go   |   2 +-
 .../discoverychain/string_stack_test.go       |   2 +-
 agent/consul/discoverychain/testing.go        |   2 +-
 agent/consul/enterprise_client_oss.go         |   2 +-
 agent/consul/enterprise_config_oss.go         |   2 +-
 agent/consul/enterprise_server_oss.go         |   2 +-
 agent/consul/enterprise_server_oss_test.go    |   2 +-
 agent/consul/federation_state_endpoint.go     |   2 +-
 .../consul/federation_state_endpoint_test.go  |   2 +-
 agent/consul/federation_state_replication.go  |   2 +-
 .../federation_state_replication_test.go      |   2 +-
 agent/consul/filter.go                        |   2 +-
 agent/consul/filter_test.go                   |   2 +-
 agent/consul/flood.go                         |   2 +-
 agent/consul/fsm/commands_oss.go              |   2 +-
 agent/consul/fsm/commands_oss_test.go         |   2 +-
 agent/consul/fsm/fsm.go                       |   2 +-
 agent/consul/fsm/fsm_test.go                  |   2 +-
 .../fsm/log_verification_chunking_shim.go     |   2 +-
 agent/consul/fsm/snapshot.go                  |   2 +-
 agent/consul/fsm/snapshot_oss.go              |   2 +-
 agent/consul/fsm/snapshot_oss_test.go         |   2 +-
 agent/consul/fsm/snapshot_test.go             |   2 +-
 agent/consul/gateway_locator.go               |   2 +-
 agent/consul/gateway_locator_test.go          |   2 +-
 agent/consul/gateways/controller_gateways.go  |   2 +-
 .../gateways/controller_gateways_test.go      |   2 +-
 agent/consul/grpc_integration_test.go         |   2 +-
 agent/consul/health_endpoint.go               |   2 +-
 agent/consul/health_endpoint_test.go          |   2 +-
 agent/consul/helper_test.go                   |   2 +-
 agent/consul/intention_endpoint.go            |   2 +-
 agent/consul/intention_endpoint_test.go       |   2 +-
 agent/consul/internal_endpoint.go             |   2 +-
 agent/consul/internal_endpoint_test.go        |   2 +-
 agent/consul/issue_test.go                    |   2 +-
 agent/consul/kvs_endpoint.go                  |   2 +-
 agent/consul/kvs_endpoint_test.go             |   2 +-
 agent/consul/leader.go                        |   2 +-
 agent/consul/leader_connect.go                |   2 +-
 agent/consul/leader_connect_ca.go             |   2 +-
 agent/consul/leader_connect_ca_test.go        |   2 +-
 agent/consul/leader_connect_test.go           |   2 +-
 agent/consul/leader_federation_state_ae.go    |   2 +-
 .../consul/leader_federation_state_ae_test.go |   2 +-
 agent/consul/leader_intentions.go             |   2 +-
 agent/consul/leader_intentions_oss.go         |   2 +-
 agent/consul/leader_intentions_oss_test.go    |   2 +-
 agent/consul/leader_intentions_test.go        |   2 +-
 agent/consul/leader_log_verification.go       |   2 +-
 agent/consul/leader_metrics.go                |   2 +-
 agent/consul/leader_metrics_test.go           |   2 +-
 agent/consul/leader_oss_test.go               |   2 +-
 agent/consul/leader_peering.go                |   2 +-
 agent/consul/leader_peering_test.go           |   2 +-
 agent/consul/leader_test.go                   |   2 +-
 agent/consul/logging.go                       |   2 +-
 agent/consul/logging_test.go                  |   2 +-
 agent/consul/merge.go                         |   2 +-
 agent/consul/merge_oss.go                     |   2 +-
 agent/consul/merge_oss_test.go                |   2 +-
 agent/consul/merge_test.go                    |   2 +-
 agent/consul/multilimiter/multilimiter.go     |   2 +-
 .../consul/multilimiter/multilimiter_test.go  |   2 +-
 agent/consul/operator_autopilot_endpoint.go   |   2 +-
 .../operator_autopilot_endpoint_test.go       |   2 +-
 agent/consul/operator_backend.go              |   2 +-
 agent/consul/operator_backend_test.go         |   2 +-
 agent/consul/operator_endpoint.go             |   2 +-
 agent/consul/operator_raft_endpoint.go        |   2 +-
 agent/consul/operator_raft_endpoint_test.go   |   2 +-
 agent/consul/operator_usage_endpoint.go       |   2 +-
 agent/consul/options.go                       |   2 +-
 agent/consul/options_oss.go                   |   2 +-
 agent/consul/peering_backend.go               |   2 +-
 agent/consul/peering_backend_oss.go           |   2 +-
 agent/consul/peering_backend_oss_test.go      |   2 +-
 agent/consul/peering_backend_test.go          |   2 +-
 agent/consul/prepared_query/template.go       |   2 +-
 agent/consul/prepared_query/template_test.go  |   2 +-
 agent/consul/prepared_query/walk.go           |   2 +-
 agent/consul/prepared_query/walk_oss_test.go  |   2 +-
 agent/consul/prepared_query/walk_test.go      |   2 +-
 agent/consul/prepared_query_endpoint.go       |   2 +-
 agent/consul/prepared_query_endpoint_oss.go   |   2 +-
 .../prepared_query_endpoint_oss_test.go       |   2 +-
 agent/consul/prepared_query_endpoint_test.go  |   2 +-
 agent/consul/raft_handle.go                   |   2 +-
 agent/consul/raft_rpc.go                      |   2 +-
 agent/consul/rate/handler.go                  |   2 +-
 agent/consul/rate/handler_oss.go              |   2 +-
 agent/consul/rate/handler_test.go             |   2 +-
 agent/consul/rate/metrics.go                  |   2 +-
 agent/consul/replication.go                   |   2 +-
 agent/consul/replication_test.go              |   2 +-
 agent/consul/reporting/reporting.go           |   2 +-
 agent/consul/reporting/reporting_oss.go       |   2 +-
 agent/consul/rpc.go                           |   2 +-
 agent/consul/rpc_test.go                      |   2 +-
 agent/consul/rtt.go                           |   2 +-
 agent/consul/rtt_test.go                      |   2 +-
 agent/consul/segment_oss.go                   |   2 +-
 agent/consul/serf_filter.go                   |   2 +-
 agent/consul/serf_test.go                     |   2 +-
 agent/consul/server.go                        |   2 +-
 agent/consul/server_connect.go                |   2 +-
 agent/consul/server_log_verification.go       |   2 +-
 agent/consul/server_lookup.go                 |   2 +-
 agent/consul/server_lookup_test.go            |   2 +-
 agent/consul/server_metadata.go               |   2 +-
 agent/consul/server_metadata_test.go          |   2 +-
 agent/consul/server_oss.go                    |   2 +-
 agent/consul/server_oss_test.go               |   2 +-
 agent/consul/server_overview.go               |   2 +-
 agent/consul/server_overview_test.go          |   2 +-
 agent/consul/server_register.go               |   2 +-
 agent/consul/server_serf.go                   |   2 +-
 agent/consul/server_test.go                   |   2 +-
 agent/consul/servercert/manager.go            |   2 +-
 agent/consul/servercert/manager_test.go       |   2 +-
 agent/consul/session_endpoint.go              |   2 +-
 agent/consul/session_endpoint_test.go         |   2 +-
 agent/consul/session_timers.go                |   2 +-
 agent/consul/session_timers_test.go           |   2 +-
 agent/consul/session_ttl.go                   |   2 +-
 agent/consul/session_ttl_test.go              |   2 +-
 agent/consul/snapshot_endpoint.go             |   2 +-
 agent/consul/snapshot_endpoint_test.go        |   2 +-
 agent/consul/state/acl.go                     |   2 +-
 agent/consul/state/acl_events.go              |   2 +-
 agent/consul/state/acl_events_test.go         |   2 +-
 agent/consul/state/acl_oss.go                 |   2 +-
 agent/consul/state/acl_oss_test.go            |   2 +-
 agent/consul/state/acl_schema.go              |   2 +-
 agent/consul/state/acl_test.go                |   2 +-
 agent/consul/state/autopilot.go               |   2 +-
 agent/consul/state/autopilot_test.go          |   2 +-
 agent/consul/state/catalog.go                 |   2 +-
 agent/consul/state/catalog_events.go          |   2 +-
 agent/consul/state/catalog_events_oss.go      |   2 +-
 agent/consul/state/catalog_events_oss_test.go |   2 +-
 agent/consul/state/catalog_events_test.go     |   2 +-
 agent/consul/state/catalog_oss.go             |   2 +-
 agent/consul/state/catalog_oss_test.go        |   2 +-
 agent/consul/state/catalog_schema.deepcopy.go |   3 +
 agent/consul/state/catalog_schema.go          |   2 +-
 agent/consul/state/catalog_test.go            |   2 +-
 agent/consul/state/config_entry.go            |   2 +-
 agent/consul/state/config_entry_events.go     |   2 +-
 .../consul/state/config_entry_events_test.go  |   2 +-
 .../state/config_entry_exported_services.go   |   2 +-
 .../config_entry_exported_services_oss.go     |   2 +-
 agent/consul/state/config_entry_intention.go  |   2 +-
 .../state/config_entry_intention_oss.go       |   2 +-
 agent/consul/state/config_entry_oss.go        |   2 +-
 agent/consul/state/config_entry_oss_test.go   |   2 +-
 .../state/config_entry_sameness_group.go      |   3 +
 .../state/config_entry_sameness_group_oss.go  |   2 +-
 .../config_entry_sameness_group_oss_test.go   |   2 +-
 agent/consul/state/config_entry_schema.go     |   2 +-
 agent/consul/state/config_entry_test.go       |   2 +-
 agent/consul/state/connect_ca.go              |   2 +-
 agent/consul/state/connect_ca_events.go       |   2 +-
 agent/consul/state/connect_ca_events_test.go  |   2 +-
 agent/consul/state/connect_ca_test.go         |   2 +-
 agent/consul/state/coordinate.go              |   2 +-
 agent/consul/state/coordinate_oss.go          |   2 +-
 agent/consul/state/coordinate_oss_test.go     |   2 +-
 agent/consul/state/coordinate_test.go         |   2 +-
 agent/consul/state/deep-copy.sh               |   3 +
 agent/consul/state/delay_oss.go               |   2 +-
 agent/consul/state/delay_test.go              |   2 +-
 agent/consul/state/events.go                  |   2 +-
 agent/consul/state/events_test.go             |   2 +-
 agent/consul/state/federation_state.go        |   2 +-
 agent/consul/state/graveyard.go               |   2 +-
 agent/consul/state/graveyard_oss.go           |   2 +-
 agent/consul/state/graveyard_test.go          |   2 +-
 agent/consul/state/index_connect_test.go      |   2 +-
 agent/consul/state/indexer.go                 |   2 +-
 agent/consul/state/intention.go               |   2 +-
 agent/consul/state/intention_oss.go           |   2 +-
 agent/consul/state/intention_test.go          |   2 +-
 agent/consul/state/kvs.go                     |   2 +-
 agent/consul/state/kvs_oss.go                 |   2 +-
 agent/consul/state/kvs_oss_test.go            |   2 +-
 agent/consul/state/kvs_test.go                |   2 +-
 agent/consul/state/memdb.go                   |   2 +-
 agent/consul/state/memdb_test.go              |   2 +-
 agent/consul/state/operations_oss.go          |   2 +-
 agent/consul/state/peering.go                 |   2 +-
 agent/consul/state/peering_oss.go             |   2 +-
 agent/consul/state/peering_oss_test.go        |   2 +-
 agent/consul/state/peering_test.go            |   2 +-
 agent/consul/state/prepared_query.go          |   2 +-
 agent/consul/state/prepared_query_index.go    |   2 +-
 .../consul/state/prepared_query_index_test.go |   2 +-
 agent/consul/state/prepared_query_test.go     |   2 +-
 agent/consul/state/query.go                   |   2 +-
 agent/consul/state/query_oss.go               |   2 +-
 agent/consul/state/schema.go                  |   2 +-
 agent/consul/state/schema_oss.go              |   2 +-
 agent/consul/state/schema_oss_test.go         |   2 +-
 agent/consul/state/schema_test.go             |   2 +-
 agent/consul/state/session.go                 |   2 +-
 agent/consul/state/session_oss.go             |   2 +-
 agent/consul/state/session_test.go            |   2 +-
 agent/consul/state/state_store.go             |   2 +-
 agent/consul/state/state_store_oss_test.go    |   2 +-
 agent/consul/state/state_store_test.go        |   2 +-
 agent/consul/state/store_integration_test.go  |   2 +-
 agent/consul/state/system_metadata.go         |   2 +-
 agent/consul/state/system_metadata_test.go    |   2 +-
 agent/consul/state/tombstone_gc.go            |   2 +-
 agent/consul/state/tombstone_gc_test.go       |   2 +-
 agent/consul/state/txn.go                     |   2 +-
 agent/consul/state/txn_test.go                |   2 +-
 agent/consul/state/usage.go                   |   2 +-
 agent/consul/state/usage_oss.go               |   2 +-
 agent/consul/state/usage_test.go              |   2 +-
 agent/consul/stats_fetcher.go                 |   2 +-
 agent/consul/stats_fetcher_test.go            |   2 +-
 agent/consul/status_endpoint.go               |   2 +-
 agent/consul/status_endpoint_test.go          |   2 +-
 agent/consul/stream/event.go                  |   2 +-
 agent/consul/stream/event_buffer.go           |   2 +-
 agent/consul/stream/event_buffer_test.go      |   2 +-
 agent/consul/stream/event_publisher.go        |   2 +-
 agent/consul/stream/event_publisher_test.go   |   2 +-
 agent/consul/stream/event_snapshot.go         |   2 +-
 agent/consul/stream/event_snapshot_test.go    |   2 +-
 agent/consul/stream/event_test.go             |   2 +-
 agent/consul/stream/noop.go                   |   2 +-
 agent/consul/stream/string_types.go           |   2 +-
 agent/consul/stream/subscription.go           |   2 +-
 agent/consul/stream/subscription_test.go      |   2 +-
 agent/consul/subscribe_backend.go             |   2 +-
 agent/consul/subscribe_backend_test.go        |   2 +-
 agent/consul/system_metadata.go               |   2 +-
 agent/consul/system_metadata_test.go          |   2 +-
 agent/consul/tenancy_bridge.go                |   2 +-
 agent/consul/tenancy_bridge_oss.go            |   2 +-
 agent/consul/txn_endpoint.go                  |   2 +-
 agent/consul/txn_endpoint_test.go             |   2 +-
 agent/consul/type_registry.go                 |   3 +
 agent/consul/usagemetrics/usagemetrics.go     |   2 +-
 agent/consul/usagemetrics/usagemetrics_oss.go |   2 +-
 .../usagemetrics/usagemetrics_oss_test.go     |   2 +-
 .../consul/usagemetrics/usagemetrics_test.go  |   2 +-
 agent/consul/util.go                          |   2 +-
 agent/consul/util_test.go                     |   2 +-
 agent/consul/wanfed/pool.go                   |   2 +-
 agent/consul/wanfed/wanfed.go                 |   2 +-
 agent/consul/wanfed/wanfed_test.go            |   2 +-
 agent/consul/watch/server_local.go            |   2 +-
 agent/consul/watch/server_local_test.go       |   2 +-
 agent/consul/xdscapacity/capacity.go          |   2 +-
 agent/consul/xdscapacity/capacity_test.go     |   2 +-
 agent/coordinate_endpoint.go                  |   2 +-
 agent/coordinate_endpoint_test.go             |   2 +-
 agent/debug/host.go                           |   2 +-
 agent/debug/host_test.go                      |   2 +-
 agent/delegate_mock_test.go                   |   2 +-
 agent/denylist.go                             |   2 +-
 agent/denylist_test.go                        |   2 +-
 agent/discovery_chain_endpoint.go             |   2 +-
 agent/discovery_chain_endpoint_test.go        |   2 +-
 agent/dns.go                                  |   2 +-
 agent/dns/dns.go                              |   2 +-
 agent/dns/dns_test.go                         |   2 +-
 agent/dns/validation.go                       |   2 +-
 agent/dns/validation_test.go                  |   2 +-
 agent/dns_oss.go                              |   2 +-
 agent/dns_oss_test.go                         |   2 +-
 agent/dns_test.go                             |   2 +-
 agent/enterprise_delegate_oss.go              |   2 +-
 .../builtin/aws-lambda/aws_lambda.go          |   2 +-
 .../builtin/aws-lambda/aws_lambda_test.go     |   2 +-
 .../builtin/ext-authz/ext_authz.go            |   2 +-
 .../builtin/ext-authz/ext_authz_test.go       |   2 +-
 .../builtin/ext-authz/structs.go              |   2 +-
 agent/envoyextensions/builtin/lua/lua.go      |   2 +-
 agent/envoyextensions/builtin/lua/lua_test.go |   2 +-
 .../property-override/property_override.go    |   3 +
 .../property_override_test.go                 |   3 +
 .../property-override/structpatcher.go        |   3 +
 .../property-override/structpatcher_test.go   |   3 +
 agent/envoyextensions/builtin/wasm/structs.go |   2 +-
 agent/envoyextensions/builtin/wasm/wasm.go    |   2 +-
 .../envoyextensions/builtin/wasm/wasm_test.go |   2 +-
 .../envoyextensions/registered_extensions.go  |   2 +-
 .../registered_extensions_test.go             |   2 +-
 agent/event_endpoint.go                       |   2 +-
 agent/event_endpoint_test.go                  |   2 +-
 agent/exec/exec.go                            |   2 +-
 agent/exec/exec_unix.go                       |   2 +-
 agent/exec/exec_windows.go                    |   2 +-
 agent/federation_state_endpoint.go            |   2 +-
 agent/grpc-external/forward.go                |   2 +-
 agent/grpc-external/limiter/limiter.go        |   2 +-
 agent/grpc-external/limiter/limiter_test.go   |   2 +-
 agent/grpc-external/options.go                |   2 +-
 agent/grpc-external/options_test.go           |   2 +-
 agent/grpc-external/querymeta.go              |   3 +
 agent/grpc-external/querymeta_test.go         |   3 +
 agent/grpc-external/server.go                 |   2 +-
 agent/grpc-external/services/acl/login.go     |   2 +-
 .../grpc-external/services/acl/login_test.go  |   2 +-
 agent/grpc-external/services/acl/logout.go    |   2 +-
 .../grpc-external/services/acl/logout_test.go |   2 +-
 agent/grpc-external/services/acl/server.go    |   2 +-
 .../grpc-external/services/acl/server_test.go |   2 +-
 .../services/connectca/server.go              |   2 +-
 .../services/connectca/server_test.go         |   2 +-
 .../grpc-external/services/connectca/sign.go  |   2 +-
 .../services/connectca/sign_test.go           |   2 +-
 .../services/connectca/watch_roots.go         |   2 +-
 .../services/connectca/watch_roots_test.go    |   2 +-
 .../dataplane/get_envoy_bootstrap_params.go   |   2 +-
 .../get_envoy_bootstrap_params_test.go        |   2 +-
 .../dataplane/get_supported_features.go       |   2 +-
 .../dataplane/get_supported_features_test.go  |   2 +-
 .../services/dataplane/server.go              |   2 +-
 .../services/dataplane/server_test.go         |   2 +-
 agent/grpc-external/services/dns/server.go    |   2 +-
 .../grpc-external/services/dns/server_test.go |   2 +-
 .../services/peerstream/health_snapshot.go    |   2 +-
 .../peerstream/health_snapshot_test.go        |   2 +-
 .../services/peerstream/replication.go        |   2 +-
 .../services/peerstream/server.go             |   2 +-
 .../services/peerstream/server_test.go        |   2 +-
 .../services/peerstream/stream_resources.go   |   2 +-
 .../services/peerstream/stream_test.go        |   2 +-
 .../services/peerstream/stream_tracker.go     |   2 +-
 .../peerstream/stream_tracker_test.go         |   2 +-
 .../peerstream/subscription_blocking.go       |   2 +-
 .../peerstream/subscription_manager.go        |   2 +-
 .../peerstream/subscription_manager_test.go   |   2 +-
 .../services/peerstream/subscription_state.go |   2 +-
 .../peerstream/subscription_state_test.go     |   2 +-
 .../services/peerstream/subscription_view.go  |   2 +-
 .../peerstream/subscription_view_test.go      |   2 +-
 .../services/peerstream/testing.go            |   2 +-
 .../grpc-external/services/resource/delete.go |   2 +-
 .../services/resource/delete_test.go          |   2 +-
 agent/grpc-external/services/resource/list.go |   2 +-
 .../services/resource/list_by_owner.go        |   2 +-
 .../services/resource/list_by_owner_test.go   |   2 +-
 .../services/resource/list_test.go            |   2 +-
 agent/grpc-external/services/resource/read.go |   2 +-
 .../services/resource/read_test.go            |   2 +-
 .../grpc-external/services/resource/server.go |   2 +-
 .../services/resource/server_oss.go           |   2 +-
 .../services/resource/server_oss_test.go      |   2 +-
 .../services/resource/server_test.go          |   2 +-
 .../services/resource/testing/testing.go      |   3 +
 .../grpc-external/services/resource/watch.go  |   2 +-
 .../services/resource/watch_test.go           |   2 +-
 .../grpc-external/services/resource/write.go  |   2 +-
 .../services/resource/write_status.go         |   2 +-
 .../services/resource/write_status_test.go    |   2 +-
 .../services/resource/write_test.go           |   2 +-
 .../services/serverdiscovery/server.go        |   2 +-
 .../services/serverdiscovery/server_test.go   |   2 +-
 .../services/serverdiscovery/watch_servers.go |   2 +-
 .../serverdiscovery/watch_servers_test.go     |   2 +-
 agent/grpc-external/stats_test.go             |   2 +-
 agent/grpc-external/testutils/acl.go          |   2 +-
 agent/grpc-external/testutils/fsm.go          |   2 +-
 agent/grpc-external/testutils/server.go       |   2 +-
 agent/grpc-external/utils.go                  |   2 +-
 agent/grpc-internal/balancer/balancer.go      |   2 +-
 agent/grpc-internal/balancer/balancer_test.go |   2 +-
 agent/grpc-internal/balancer/registry.go      |   2 +-
 agent/grpc-internal/client.go                 |   2 +-
 agent/grpc-internal/client_test.go            |   2 +-
 agent/grpc-internal/handler.go                |   2 +-
 agent/grpc-internal/handler_test.go           |   2 +-
 agent/grpc-internal/listener.go               |   2 +-
 agent/grpc-internal/pipe.go                   |   2 +-
 agent/grpc-internal/pipe_test.go              |   2 +-
 agent/grpc-internal/resolver/registry.go      |   2 +-
 agent/grpc-internal/resolver/resolver.go      |   2 +-
 agent/grpc-internal/resolver/resolver_test.go |   3 +
 agent/grpc-internal/server_test.go            |   2 +-
 .../services/subscribe/logger.go              |   2 +-
 .../services/subscribe/subscribe.go           |   2 +-
 .../services/subscribe/subscribe_test.go      |   2 +-
 agent/grpc-internal/stats_test.go             |   2 +-
 agent/grpc-internal/tracker.go                |   2 +-
 agent/grpc-middleware/auth_interceptor.go     |   2 +-
 .../grpc-middleware/auth_interceptor_test.go  |   2 +-
 agent/grpc-middleware/handshake.go            |   2 +-
 agent/grpc-middleware/handshake_test.go       |   2 +-
 agent/grpc-middleware/rate.go                 |   2 +-
 agent/grpc-middleware/rate_test.go            |   2 +-
 agent/grpc-middleware/recovery.go             |   2 +-
 agent/grpc-middleware/stats.go                |   2 +-
 agent/grpc-middleware/testutil/fake_sink.go   |   2 +-
 .../testutil/testservice/buf.gen.yaml         |   2 +-
 .../testutil/testservice/fake_service.go      |   2 +-
 .../testutil/testservice/simple.pb.go         |   2 +-
 .../testutil/testservice/simple.proto         |   2 +-
 agent/hcp/bootstrap/bootstrap.go              |   2 +-
 agent/hcp/bootstrap/bootstrap_test.go         |   3 +
 agent/hcp/bootstrap/testing.go                |   2 +-
 agent/hcp/client/client.go                    |   2 +-
 agent/hcp/client/client_test.go               |   3 +
 agent/hcp/client/metrics_client.go            |   3 +
 agent/hcp/client/metrics_client_test.go       |   3 +
 agent/hcp/client/mock_CloudConfig.go          |   3 +
 agent/hcp/client/telemetry_config.go          |   3 +
 agent/hcp/client/telemetry_config_test.go     |   3 +
 agent/hcp/config/config.go                    |   2 +-
 agent/hcp/deps.go                             |   2 +-
 agent/hcp/deps_test.go                        |   3 +
 agent/hcp/discover/discover.go                |   2 +-
 agent/hcp/manager.go                          |   2 +-
 agent/hcp/manager_test.go                     |   2 +-
 agent/hcp/scada/capabilities.go               |   2 +-
 agent/hcp/scada/scada.go                      |   2 +-
 agent/hcp/telemetry/custom_metrics.go         |   3 +
 agent/hcp/telemetry/doc.go                    |   3 +
 agent/hcp/telemetry/gauge_store.go            |   3 +
 agent/hcp/telemetry/gauge_store_test.go       |   3 +
 agent/hcp/telemetry/otel_exporter.go          |   3 +
 agent/hcp/telemetry/otel_exporter_test.go     |   3 +
 agent/hcp/telemetry/otel_sink.go              |   3 +
 agent/hcp/telemetry/otel_sink_test.go         |   3 +
 agent/hcp/telemetry/otlp_transform.go         |   3 +
 agent/hcp/telemetry/otlp_transform_test.go    |   3 +
 agent/hcp/telemetry_provider.go               |   3 +
 agent/hcp/telemetry_provider_test.go          |   3 +
 agent/hcp/testing.go                          |   2 +-
 agent/hcp/testserver/main.go                  |   2 +-
 agent/health_endpoint.go                      |   2 +-
 agent/health_endpoint_test.go                 |   2 +-
 agent/http.go                                 |   2 +-
 agent/http_decode_test.go                     |   2 +-
 agent/http_oss.go                             |   2 +-
 agent/http_oss_test.go                        |   2 +-
 agent/http_register.go                        |   2 +-
 agent/http_test.go                            |   2 +-
 agent/intentions_endpoint.go                  |   2 +-
 agent/intentions_endpoint_oss_test.go         |   2 +-
 agent/intentions_endpoint_test.go             |   2 +-
 agent/keyring.go                              |   2 +-
 agent/keyring_test.go                         |   2 +-
 agent/kvs_endpoint.go                         |   2 +-
 agent/kvs_endpoint_test.go                    |   2 +-
 agent/leafcert/cached_roots.go                |   3 +
 agent/leafcert/cert.go                        |   3 +
 agent/leafcert/generate.go                    |   3 +
 agent/leafcert/leafcert.go                    |   3 +
 agent/leafcert/leafcert_test.go               |   3 +
 agent/leafcert/roots.go                       |   3 +
 agent/leafcert/signer_netrpc.go               |   3 +
 agent/leafcert/signer_test.go                 |   3 +
 agent/leafcert/structs.go                     |   3 +
 agent/leafcert/structs_test.go                |   3 +
 agent/leafcert/util.go                        |   3 +
 agent/leafcert/util_test.go                   |   3 +
 agent/leafcert/watch.go                       |   3 +
 agent/local/state.go                          |   2 +-
 agent/local/state_internal_test.go            |   2 +-
 agent/local/state_test.go                     |   2 +-
 agent/local/testing.go                        |   2 +-
 agent/log-drop/log-drop.go                    |   2 +-
 agent/log-drop/log-drop_test.go               |   2 +-
 agent/metadata/build.go                       |   2 +-
 agent/metadata/build_test.go                  |   2 +-
 agent/metadata/server.go                      |   2 +-
 agent/metadata/server_internal_test.go        |   2 +-
 agent/metadata/server_test.go                 |   2 +-
 agent/metrics.go                              |   2 +-
 agent/metrics/testing.go                      |   2 +-
 agent/metrics_test.go                         |   2 +-
 agent/mock/notify.go                          |   2 +-
 agent/nodeid.go                               |   2 +-
 agent/nodeid_test.go                          |   2 +-
 agent/notify.go                               |   2 +-
 agent/notify_test.go                          |   2 +-
 agent/operator_endpoint.go                    |   2 +-
 agent/operator_endpoint_oss.go                |   2 +-
 agent/operator_endpoint_oss_test.go           |   2 +-
 agent/operator_endpoint_test.go               |   2 +-
 agent/peering_endpoint.go                     |   2 +-
 agent/peering_endpoint_oss_test.go            |   2 +-
 agent/peering_endpoint_test.go                |   2 +-
 agent/pool/conn.go                            |   2 +-
 agent/pool/peek.go                            |   2 +-
 agent/pool/peek_test.go                       |   2 +-
 agent/pool/pool.go                            |   2 +-
 agent/prepared_query_endpoint.go              |   2 +-
 agent/prepared_query_endpoint_test.go         |   2 +-
 agent/proxycfg-glue/config_entry.go           |   2 +-
 agent/proxycfg-glue/discovery_chain.go        |   2 +-
 agent/proxycfg-glue/discovery_chain_test.go   |   2 +-
 .../proxycfg-glue/exported_peered_services.go |   2 +-
 .../exported_peered_services_test.go          |   2 +-
 .../federation_state_list_mesh_gateways.go    |   2 +-
 ...ederation_state_list_mesh_gateways_test.go |   2 +-
 agent/proxycfg-glue/gateway_services.go       |   2 +-
 agent/proxycfg-glue/gateway_services_test.go  |   2 +-
 agent/proxycfg-glue/glue.go                   |   2 +-
 agent/proxycfg-glue/health.go                 |   2 +-
 agent/proxycfg-glue/health_blocking.go        |   2 +-
 agent/proxycfg-glue/health_blocking_test.go   |   3 +
 agent/proxycfg-glue/health_test.go            |   2 +-
 agent/proxycfg-glue/helpers_test.go           |   2 +-
 agent/proxycfg-glue/intention_upstreams.go    |   2 +-
 .../proxycfg-glue/intention_upstreams_test.go |   2 +-
 agent/proxycfg-glue/intentions.go             |   2 +-
 agent/proxycfg-glue/intentions_oss.go         |   2 +-
 agent/proxycfg-glue/intentions_test.go        |   2 +-
 agent/proxycfg-glue/internal_service_dump.go  |   2 +-
 .../internal_service_dump_test.go             |   2 +-
 agent/proxycfg-glue/leafcerts.go              |   2 +-
 agent/proxycfg-glue/peered_upstreams.go       |   2 +-
 agent/proxycfg-glue/peered_upstreams_test.go  |   2 +-
 agent/proxycfg-glue/peering_list.go           |   2 +-
 agent/proxycfg-glue/peering_list_test.go      |   2 +-
 .../proxycfg-glue/resolved_service_config.go  |   2 +-
 .../resolved_service_config_test.go           |   2 +-
 agent/proxycfg-glue/service_http_checks.go    |   2 +-
 .../proxycfg-glue/service_http_checks_test.go |   2 +-
 agent/proxycfg-glue/service_list.go           |   2 +-
 agent/proxycfg-glue/service_list_test.go      |   2 +-
 agent/proxycfg-glue/trust_bundle.go           |   2 +-
 agent/proxycfg-glue/trust_bundle_test.go      |   2 +-
 .../proxycfg-sources/catalog/config_source.go |   2 +-
 .../catalog/config_source_test.go             |   2 +-
 agent/proxycfg-sources/local/config_source.go |   2 +-
 agent/proxycfg-sources/local/local.go         |   2 +-
 agent/proxycfg-sources/local/sync.go          |   2 +-
 agent/proxycfg-sources/local/sync_test.go     |   2 +-
 agent/proxycfg/api_gateway.go                 |   2 +-
 agent/proxycfg/connect_proxy.go               |   2 +-
 agent/proxycfg/data_sources.go                |   2 +-
 agent/proxycfg/data_sources_oss.go            |   2 +-
 agent/proxycfg/deep-copy.sh                   |   2 +-
 agent/proxycfg/ingress_gateway.go             |   2 +-
 agent/proxycfg/internal/watch/watchmap.go     |   2 +-
 .../proxycfg/internal/watch/watchmap_test.go  |   2 +-
 agent/proxycfg/manager.go                     |   2 +-
 agent/proxycfg/manager_test.go                |   2 +-
 agent/proxycfg/mesh_gateway.go                |   2 +-
 agent/proxycfg/mesh_gateway_oss.go            |   2 +-
 agent/proxycfg/naming.go                      |   2 +-
 agent/proxycfg/naming_oss.go                  |   2 +-
 agent/proxycfg/naming_test.go                 |   2 +-
 agent/proxycfg/proxycfg.go                    |   2 +-
 agent/proxycfg/snapshot.go                    |   2 +-
 agent/proxycfg/snapshot_test.go               |   2 +-
 agent/proxycfg/state.go                       |   2 +-
 agent/proxycfg/state_oss_test.go              |   2 +-
 agent/proxycfg/state_test.go                  |   2 +-
 agent/proxycfg/terminating_gateway.go         |   2 +-
 agent/proxycfg/testing.go                     |   2 +-
 agent/proxycfg/testing_api_gateway.go         |   2 +-
 agent/proxycfg/testing_connect_proxy.go       |   2 +-
 agent/proxycfg/testing_ingress_gateway.go     |   2 +-
 agent/proxycfg/testing_mesh_gateway.go        |   2 +-
 agent/proxycfg/testing_oss.go                 |   2 +-
 agent/proxycfg/testing_peering.go             |   2 +-
 agent/proxycfg/testing_terminating_gateway.go |   2 +-
 agent/proxycfg/testing_tproxy.go              |   2 +-
 agent/proxycfg/testing_upstreams.go           |   2 +-
 agent/proxycfg/testing_upstreams_oss.go       |   2 +-
 agent/proxycfg/upstreams.go                   |   2 +-
 agent/proxycfg_test.go                        |   2 +-
 agent/reload.go                               |   2 +-
 agent/remote_exec.go                          |   2 +-
 agent/remote_exec_test.go                     |   2 +-
 agent/retry_join.go                           |   2 +-
 agent/retry_join_test.go                      |   2 +-
 agent/router/grpc.go                          |   2 +-
 agent/router/manager.go                       |   2 +-
 agent/router/manager_internal_test.go         |   2 +-
 agent/router/manager_test.go                  |   2 +-
 agent/router/router.go                        |   2 +-
 agent/router/router_test.go                   |   2 +-
 agent/router/serf_adapter.go                  |   2 +-
 agent/router/serf_flooder.go                  |   2 +-
 agent/routine-leak-checker/leak_test.go       |   2 +-
 agent/rpc/middleware/interceptors.go          |   2 +-
 agent/rpc/middleware/interceptors_test.go     |   2 +-
 agent/rpc/middleware/rate_limit_mappings.go   |   2 +-
 agent/rpc/middleware/recovery.go              |   2 +-
 agent/rpc/operator/service.go                 |   2 +-
 agent/rpc/operator/service_test.go            |   2 +-
 agent/rpc/peering/service.go                  |   2 +-
 agent/rpc/peering/service_oss_test.go         |   2 +-
 agent/rpc/peering/service_test.go             |   2 +-
 agent/rpc/peering/testing.go                  |   2 +-
 agent/rpc/peering/testutil_oss_test.go        |   2 +-
 agent/rpc/peering/validate.go                 |   2 +-
 agent/rpc/peering/validate_test.go            |   2 +-
 agent/rpcclient/common.go                     |   2 +-
 agent/rpcclient/configentry/configentry.go    |   2 +-
 .../rpcclient/configentry/configentry_test.go |   2 +-
 agent/rpcclient/configentry/view.go           |   2 +-
 agent/rpcclient/configentry/view_test.go      |   2 +-
 agent/rpcclient/health/health.go              |   2 +-
 agent/rpcclient/health/health_test.go         |   2 +-
 agent/rpcclient/health/streaming_test.go      |   2 +-
 agent/rpcclient/health/view.go                |   2 +-
 agent/rpcclient/health/view_test.go           |   2 +-
 agent/service_checks_test.go                  |   2 +-
 agent/service_manager.go                      |   2 +-
 agent/service_manager_test.go                 |   2 +-
 agent/session_endpoint.go                     |   2 +-
 agent/session_endpoint_test.go                |   2 +-
 agent/setup.go                                |   2 +-
 agent/setup_oss.go                            |   2 +-
 agent/sidecar_service.go                      |   2 +-
 agent/sidecar_service_test.go                 |   2 +-
 agent/signal_unix.go                          |   2 +-
 agent/signal_windows.go                       |   2 +-
 agent/snapshot_endpoint.go                    |   2 +-
 agent/snapshot_endpoint_test.go               |   2 +-
 agent/status_endpoint.go                      |   2 +-
 agent/status_endpoint_test.go                 |   2 +-
 agent/streaming_test.go                       |   2 +-
 agent/structs/acl.go                          |   2 +-
 agent/structs/acl_cache.go                    |   2 +-
 agent/structs/acl_cache_test.go               |   2 +-
 agent/structs/acl_oss.go                      |   2 +-
 agent/structs/acl_test.go                     |   2 +-
 agent/structs/aclfilter/filter.go             |   2 +-
 agent/structs/aclfilter/filter_test.go        |   2 +-
 agent/structs/auto_encrypt.go                 |   2 +-
 agent/structs/autopilot.go                    |   2 +-
 agent/structs/autopilot_oss.go                |   2 +-
 agent/structs/catalog.go                      |   2 +-
 agent/structs/catalog_oss.go                  |   2 +-
 agent/structs/check_definition.go             |   2 +-
 agent/structs/check_definition_test.go        |   2 +-
 agent/structs/check_type.go                   |   2 +-
 agent/structs/config_entry.go                 |   2 +-
 agent/structs/config_entry_apigw_jwt_oss.go   |   2 +-
 agent/structs/config_entry_discoverychain.go  |   2 +-
 .../config_entry_discoverychain_oss.go        |   2 +-
 .../config_entry_discoverychain_oss_test.go   |   2 +-
 .../config_entry_discoverychain_test.go       |   2 +-
 agent/structs/config_entry_exports.go         |   2 +-
 agent/structs/config_entry_exports_oss.go     |   2 +-
 .../structs/config_entry_exports_oss_test.go  |   2 +-
 agent/structs/config_entry_exports_test.go    |   2 +-
 agent/structs/config_entry_gateways.go        |   2 +-
 agent/structs/config_entry_gateways_test.go   |   2 +-
 .../config_entry_inline_certificate.go        |   2 +-
 .../config_entry_inline_certificate_test.go   |   2 +-
 agent/structs/config_entry_intentions.go      |   2 +-
 agent/structs/config_entry_intentions_oss.go  |   2 +-
 .../config_entry_intentions_oss_test.go       |   2 +-
 agent/structs/config_entry_intentions_test.go |   2 +-
 agent/structs/config_entry_jwt_provider.go    |   2 +-
 .../structs/config_entry_jwt_provider_oss.go  |   2 +-
 .../structs/config_entry_jwt_provider_test.go |   2 +-
 agent/structs/config_entry_mesh.go            |   2 +-
 agent/structs/config_entry_mesh_oss.go        |   2 +-
 agent/structs/config_entry_mesh_test.go       |   2 +-
 agent/structs/config_entry_oss.go             |   2 +-
 agent/structs/config_entry_oss_test.go        |   2 +-
 agent/structs/config_entry_routes.go          |   2 +-
 agent/structs/config_entry_routes_test.go     |   2 +-
 agent/structs/config_entry_sameness_group.go  |   2 +-
 .../config_entry_sameness_group_oss.go        |   2 +-
 agent/structs/config_entry_status.go          |   2 +-
 agent/structs/config_entry_test.go            |   2 +-
 agent/structs/connect.go                      |   2 +-
 agent/structs/connect_ca.go                   |   2 +-
 agent/structs/connect_ca_test.go              |   2 +-
 agent/structs/connect_oss.go                  |   2 +-
 agent/structs/connect_proxy_config.go         |   2 +-
 agent/structs/connect_proxy_config_oss.go     |   2 +-
 agent/structs/connect_proxy_config_test.go    |   2 +-
 agent/structs/deep-copy.sh                    |   2 +-
 agent/structs/discovery_chain.go              |   2 +-
 agent/structs/discovery_chain_oss.go          |   2 +-
 agent/structs/envoy_extension.go              |   2 +-
 agent/structs/errors.go                       |   2 +-
 agent/structs/federation_state.go             |   2 +-
 agent/structs/identity.go                     |   2 +-
 agent/structs/intention.go                    |   2 +-
 agent/structs/intention_oss.go                |   2 +-
 agent/structs/intention_test.go               |   2 +-
 agent/structs/operator.go                     |   2 +-
 agent/structs/peering.go                      |   2 +-
 agent/structs/prepared_query.go               |   2 +-
 agent/structs/prepared_query_test.go          |   2 +-
 agent/structs/protobuf_compat.go              |   2 +-
 agent/structs/service_definition.go           |   2 +-
 agent/structs/service_definition_test.go      |   2 +-
 agent/structs/snapshot.go                     |   2 +-
 agent/structs/structs.deepcopy_oss.go         |   2 +-
 agent/structs/structs.go                      |   2 +-
 agent/structs/structs_ext_test.go             |   2 +-
 agent/structs/structs_filtering_test.go       |   2 +-
 agent/structs/structs_oss.go                  |   2 +-
 agent/structs/structs_oss_test.go             |   2 +-
 agent/structs/structs_test.go                 |   2 +-
 agent/structs/system_metadata.go              |   2 +-
 agent/structs/testing.go                      |   2 +-
 agent/structs/testing_catalog.go              |   2 +-
 agent/structs/testing_connect_proxy_config.go |   2 +-
 agent/structs/testing_intention.go            |   2 +-
 agent/structs/testing_service_definition.go   |   2 +-
 agent/structs/txn.go                          |   2 +-
 agent/submatview/handler.go                   |   2 +-
 agent/submatview/local_materializer.go        |   2 +-
 agent/submatview/local_materializer_test.go   |   2 +-
 agent/submatview/materializer.go              |   2 +-
 agent/submatview/rpc_materializer.go          |   2 +-
 agent/submatview/store.go                     |   2 +-
 agent/submatview/store_integration_test.go    |   2 +-
 agent/submatview/store_test.go                |   2 +-
 agent/submatview/streaming_test.go            |   2 +-
 agent/systemd/notify.go                       |   2 +-
 agent/testagent.go                            |   2 +-
 agent/testagent_test.go                       |   2 +-
 agent/token/persistence.go                    |   2 +-
 agent/token/persistence_test.go               |   2 +-
 agent/token/store.go                          |   2 +-
 agent/token/store_oss.go                      |   2 +-
 agent/token/store_test.go                     |   2 +-
 agent/translate_addr.go                       |   2 +-
 agent/txn_endpoint.go                         |   2 +-
 agent/txn_endpoint_test.go                    |   2 +-
 agent/ui_endpoint.go                          |   2 +-
 agent/ui_endpoint_oss_test.go                 |   2 +-
 agent/ui_endpoint_test.go                     |   2 +-
 agent/uiserver/buf_index_fs.go                |   2 +-
 agent/uiserver/buffered_file.go               |   2 +-
 agent/uiserver/redirect_fs.go                 |   2 +-
 agent/uiserver/ui_template_data.go            |   2 +-
 agent/uiserver/uiserver.go                    |   2 +-
 agent/uiserver/uiserver_test.go               |   2 +-
 agent/user_event.go                           |   2 +-
 agent/user_event_test.go                      |   2 +-
 agent/util.go                                 |   2 +-
 agent/util_test.go                            |   2 +-
 agent/watch_handler.go                        |   2 +-
 agent/watch_handler_test.go                   |   2 +-
 agent/xds/accesslogs/accesslogs.go            |   2 +-
 agent/xds/clusters.go                         |   2 +-
 agent/xds/clusters_test.go                    |   2 +-
 agent/xds/config.go                           |   2 +-
 agent/xds/config_test.go                      |   2 +-
 agent/xds/delta.go                            |   2 +-
 agent/xds/delta_envoy_extender_oss_test.go    |   2 +-
 agent/xds/delta_envoy_extender_test.go        |   2 +-
 agent/xds/delta_test.go                       |   2 +-
 agent/xds/endpoints.go                        |   2 +-
 agent/xds/endpoints_test.go                   |   2 +-
 agent/xds/extensionruntime/runtime_config.go  |   2 +-
 .../runtime_config_oss_test.go                |   2 +-
 agent/xds/failover_policy.go                  |   2 +-
 agent/xds/failover_policy_oss.go              |   2 +-
 agent/xds/golden_test.go                      |   2 +-
 agent/xds/jwt_authn.go                        |   2 +-
 agent/xds/jwt_authn_test.go                   |   2 +-
 agent/xds/listeners.go                        |   2 +-
 agent/xds/listeners_apigateway.go             |   2 +-
 agent/xds/listeners_ingress.go                |   2 +-
 agent/xds/listeners_test.go                   |   2 +-
 agent/xds/locality_policy.go                  |   2 +-
 agent/xds/locality_policy_oss.go              |   2 +-
 agent/xds/naming.go                           |   2 +-
 agent/xds/net_fallback.go                     |   2 +-
 agent/xds/net_linux.go                        |   2 +-
 agent/xds/protocol_trace.go                   |   2 +-
 agent/xds/rbac.go                             |   2 +-
 agent/xds/rbac_test.go                        |   2 +-
 agent/xds/resources.go                        |   2 +-
 agent/xds/resources_oss_test.go               |   2 +-
 agent/xds/resources_test.go                   |   2 +-
 agent/xds/response.go                         |   2 +-
 agent/xds/routes.go                           |   2 +-
 agent/xds/routes_test.go                      |   2 +-
 agent/xds/secrets.go                          |   2 +-
 agent/xds/server.go                           |   2 +-
 agent/xds/server_oss.go                       |   2 +-
 agent/xds/testcommon/testcommon.go            |   2 +-
 agent/xds/testing.go                          |   2 +-
 .../validateupstream_test.go                  |   2 +-
 agent/xds/xds.go                              |   2 +-
 agent/xds/xds_protocol_helpers_test.go        |   2 +-
 agent/xds/z_xds_packages_test.go              |   2 +-
 api/LICENSE                                   | 365 +++++++++++++++
 buf.work.yaml                                 |   2 +-
 build-support/docker/Build-Go.dockerfile      |   2 +-
 build-support/docker/Build-UI.dockerfile      |   2 +-
 .../docker/Consul-Dev-Dbg.dockerfile          |   2 +-
 .../docker/Consul-Dev-Multiarch.dockerfile    |   2 +-
 build-support/docker/Consul-Dev.dockerfile    |   2 +-
 build-support/functions/00-vars.sh            |   2 +-
 build-support/functions/10-util.sh            |   2 +-
 build-support/functions/20-build.sh           |   2 +-
 build-support/functions/30-release.sh         |   2 +-
 build-support/scripts/build-date.sh           |   2 +-
 build-support/scripts/build-docker.sh         |   2 +-
 .../scripts/check-allowed-imports.sh          |   2 +-
 build-support/scripts/devtools.sh             |   2 +-
 build-support/scripts/functions.sh            |   2 +-
 build-support/scripts/protobuf.sh             |   2 +-
 build-support/scripts/release.sh              |   2 +-
 build-support/scripts/version.sh              |   2 +-
 .../windows/build-consul-dev-image.sh         |   3 +
 .../windows/build-consul-local-images.sh      |   3 +
 .../windows/build-test-sds-server-image.sh    |   3 +
 command/acl/acl.go                            |   2 +-
 command/acl/acl_helpers.go                    |   2 +-
 command/acl/acl_test.go                       |   2 +-
 command/acl/agenttokens/agent_tokens.go       |   2 +-
 command/acl/agenttokens/agent_tokens_test.go  |   2 +-
 command/acl/authmethod/authmethod.go          |   2 +-
 .../authmethod/create/authmethod_create.go    |   2 +-
 .../create/authmethod_create_oss.go           |   2 +-
 .../create/authmethod_create_test.go          |   2 +-
 .../authmethod/delete/authmethod_delete.go    |   2 +-
 .../delete/authmethod_delete_test.go          |   2 +-
 command/acl/authmethod/formatter.go           |   2 +-
 .../acl/authmethod/list/authmethod_list.go    |   2 +-
 .../authmethod/list/authmethod_list_test.go   |   2 +-
 .../acl/authmethod/read/authmethod_read.go    |   2 +-
 .../authmethod/read/authmethod_read_test.go   |   2 +-
 .../authmethod/update/authmethod_update.go    |   2 +-
 .../update/authmethod_update_oss.go           |   2 +-
 .../update/authmethod_update_test.go          |   2 +-
 command/acl/bindingrule/bindingrule.go        |   2 +-
 .../bindingrule/create/bindingrule_create.go  |   2 +-
 .../create/bindingrule_create_test.go         |   2 +-
 .../bindingrule/delete/bindingrule_delete.go  |   2 +-
 .../delete/bindingrule_delete_test.go         |   2 +-
 command/acl/bindingrule/formatter.go          |   2 +-
 .../acl/bindingrule/list/bindingrule_list.go  |   2 +-
 .../bindingrule/list/bindingrule_list_test.go |   2 +-
 .../acl/bindingrule/read/bindingrule_read.go  |   2 +-
 .../bindingrule/read/bindingrule_read_test.go |   2 +-
 .../bindingrule/update/bindingrule_update.go  |   2 +-
 .../update/bindingrule_update_test.go         |   2 +-
 command/acl/bootstrap/bootstrap.go            |   2 +-
 command/acl/bootstrap/bootstrap_test.go       |   2 +-
 command/acl/policy/create/policy_create.go    |   2 +-
 .../acl/policy/create/policy_create_test.go   |   2 +-
 command/acl/policy/delete/policy_delete.go    |   2 +-
 .../acl/policy/delete/policy_delete_test.go   |   2 +-
 command/acl/policy/formatter.go               |   2 +-
 command/acl/policy/list/policy_list.go        |   2 +-
 command/acl/policy/list/policy_list_test.go   |   2 +-
 command/acl/policy/policy.go                  |   2 +-
 command/acl/policy/read/policy_read.go        |   2 +-
 command/acl/policy/read/policy_read_test.go   |   2 +-
 command/acl/policy/update/policy_update.go    |   2 +-
 .../acl/policy/update/policy_update_test.go   |   2 +-
 command/acl/role/create/role_create.go        |   2 +-
 command/acl/role/create/role_create_test.go   |   2 +-
 command/acl/role/delete/role_delete.go        |   2 +-
 command/acl/role/delete/role_delete_test.go   |   2 +-
 command/acl/role/formatter.go                 |   2 +-
 command/acl/role/formatter_test.go            |   2 +-
 command/acl/role/list/role_list.go            |   2 +-
 command/acl/role/list/role_list_test.go       |   2 +-
 command/acl/role/read/role_read.go            |   2 +-
 command/acl/role/read/role_read_test.go       |   2 +-
 command/acl/role/role.go                      |   2 +-
 command/acl/role/update/role_update.go        |   2 +-
 command/acl/role/update/role_update_test.go   |   2 +-
 command/acl/token/clone/token_clone.go        |   2 +-
 command/acl/token/clone/token_clone_test.go   |   2 +-
 command/acl/token/create/token_create.go      |   2 +-
 command/acl/token/create/token_create_test.go |   2 +-
 command/acl/token/delete/token_delete.go      |   2 +-
 command/acl/token/delete/token_delete_test.go |   2 +-
 command/acl/token/formatter.go                |   2 +-
 command/acl/token/formatter_oss_test.go       |   2 +-
 command/acl/token/formatter_test.go           |   2 +-
 command/acl/token/list/token_list.go          |   2 +-
 command/acl/token/list/token_list_test.go     |   2 +-
 command/acl/token/read/token_read.go          |   2 +-
 command/acl/token/read/token_read_test.go     |   2 +-
 command/acl/token/token.go                    |   2 +-
 command/acl/token/update/token_update.go      |   2 +-
 command/acl/token/update/token_update_test.go |   2 +-
 command/agent/agent.go                        |   2 +-
 command/agent/agent_test.go                   |   2 +-
 command/agent/startup_logger.go               |   2 +-
 command/catalog/catalog.go                    |   2 +-
 command/catalog/catalog_test.go               |   2 +-
 command/catalog/helpers.go                    |   2 +-
 command/catalog/helpers_oss.go                |   2 +-
 .../list/dc/catalog_list_datacenters.go       |   2 +-
 .../list/dc/catalog_list_datacenters_test.go  |   2 +-
 .../catalog/list/nodes/catalog_list_nodes.go  |   2 +-
 .../list/nodes/catalog_list_nodes_test.go     |   2 +-
 .../list/services/catalog_list_services.go    |   2 +-
 .../services/catalog_list_services_test.go    |   2 +-
 command/cli/cli.go                            |   2 +-
 command/cli/formatting.go                     |   2 +-
 command/config/config.go                      |   2 +-
 command/config/delete/config_delete.go        |   2 +-
 command/config/delete/config_delete_test.go   |   2 +-
 command/config/list/config_list.go            |   2 +-
 command/config/list/config_list_test.go       |   2 +-
 command/config/read/config_read.go            |   2 +-
 command/config/read/config_read_test.go       |   2 +-
 command/config/write/config_write.go          |   2 +-
 command/config/write/config_write_test.go     |   2 +-
 command/connect/ca/ca.go                      |   2 +-
 command/connect/ca/ca_test.go                 |   2 +-
 command/connect/ca/get/connect_ca_get.go      |   2 +-
 command/connect/ca/get/connect_ca_get_test.go |   2 +-
 command/connect/ca/set/connect_ca_set.go      |   2 +-
 command/connect/ca/set/connect_ca_set_test.go |   2 +-
 command/connect/connect.go                    |   2 +-
 command/connect/connect_test.go               |   2 +-
 command/connect/envoy/bootstrap_config.go     |   2 +-
 .../connect/envoy/bootstrap_config_test.go    |   2 +-
 command/connect/envoy/bootstrap_tpl.go        |   2 +-
 command/connect/envoy/envoy.go                |   2 +-
 command/connect/envoy/envoy_oss_test.go       |   2 +-
 command/connect/envoy/envoy_test.go           |   2 +-
 command/connect/envoy/exec.go                 |   2 +-
 command/connect/envoy/exec_supported.go       |   3 +
 command/connect/envoy/exec_test.go            |   2 +-
 command/connect/envoy/exec_unix.go            |   2 +-
 command/connect/envoy/exec_unsupported.go     |   2 +-
 command/connect/envoy/exec_windows.go         |   3 +
 command/connect/envoy/flags.go                |   2 +-
 command/connect/envoy/flags_test.go           |   2 +-
 .../connect_envoy_pipe-bootstrap.go           |   2 +-
 .../connect_envoy_pipe-bootstrap_test.go      |   2 +-
 command/connect/expose/expose.go              |   2 +-
 command/connect/expose/expose_test.go         |   2 +-
 command/connect/proxy/flag_upstreams.go       |   2 +-
 command/connect/proxy/flag_upstreams_test.go  |   2 +-
 command/connect/proxy/proxy.go                |   2 +-
 command/connect/proxy/proxy_test.go           |   2 +-
 command/connect/proxy/register.go             |   2 +-
 command/connect/proxy/register_test.go        |   2 +-
 .../redirecttraffic/redirect_traffic.go       |   2 +-
 .../redirecttraffic/redirect_traffic_test.go  |   2 +-
 command/debug/debug.go                        |   2 +-
 command/debug/debug_test.go                   |   2 +-
 command/event/event.go                        |   2 +-
 command/event/event_test.go                   |   2 +-
 command/exec/exec.go                          |   2 +-
 command/exec/exec_test.go                     |   2 +-
 command/flags/config.go                       |   2 +-
 command/flags/config_test.go                  |   2 +-
 command/flags/flag_map_value.go               |   2 +-
 command/flags/flag_map_value_test.go          |   2 +-
 command/flags/flag_slice_value.go             |   2 +-
 command/flags/flag_slice_value_test.go        |   2 +-
 command/flags/http.go                         |   2 +-
 command/flags/http_test.go                    |   2 +-
 command/flags/merge.go                        |   2 +-
 command/flags/usage.go                        |   2 +-
 command/forceleave/forceleave.go              |   2 +-
 command/forceleave/forceleave_test.go         |   2 +-
 command/helpers/decode_shim.go                |   2 +-
 command/helpers/helpers.go                    |   2 +-
 command/helpers/helpers_test.go               |   2 +-
 command/info/info.go                          |   2 +-
 command/info/info_test.go                     |   2 +-
 command/intention/check/check.go              |   2 +-
 command/intention/check/check_test.go         |   2 +-
 command/intention/create/create.go            |   2 +-
 command/intention/create/create_test.go       |   2 +-
 command/intention/delete/delete.go            |   2 +-
 command/intention/delete/delete_test.go       |   2 +-
 command/intention/format.go                   |   2 +-
 command/intention/get/get.go                  |   2 +-
 command/intention/get/get_test.go             |   2 +-
 command/intention/helpers.go                  |   2 +-
 command/intention/helpers_test.go             |   2 +-
 command/intention/intention.go                |   2 +-
 command/intention/intention_test.go           |   2 +-
 command/intention/list/intention_list.go      |   2 +-
 command/intention/list/intention_list_test.go |   2 +-
 command/intention/match/match.go              |   2 +-
 command/intention/match/match_test.go         |   2 +-
 command/join/join.go                          |   2 +-
 command/join/join_test.go                     |   2 +-
 command/keygen/keygen.go                      |   2 +-
 command/keygen/keygen_test.go                 |   2 +-
 command/keyring/keyring.go                    |   2 +-
 command/keyring/keyring_test.go               |   2 +-
 command/kv/del/kv_delete.go                   |   2 +-
 command/kv/del/kv_delete_test.go              |   2 +-
 command/kv/exp/kv_export.go                   |   2 +-
 command/kv/exp/kv_export_test.go              |   2 +-
 command/kv/get/kv_get.go                      |   2 +-
 command/kv/get/kv_get_test.go                 |   2 +-
 command/kv/imp/kv_import.go                   |   2 +-
 command/kv/imp/kv_import_test.go              |   2 +-
 command/kv/impexp/kvimpexp.go                 |   2 +-
 command/kv/kv.go                              |   2 +-
 command/kv/kv_test.go                         |   2 +-
 command/kv/put/kv_put.go                      |   2 +-
 command/kv/put/kv_put_test.go                 |   2 +-
 command/leave/leave.go                        |   2 +-
 command/leave/leave_test.go                   |   2 +-
 command/lock/lock.go                          |   2 +-
 command/lock/lock_test.go                     |   2 +-
 command/lock/util_unix.go                     |   2 +-
 command/lock/util_windows.go                  |   2 +-
 command/login/aws.go                          |   2 +-
 command/login/login.go                        |   2 +-
 command/login/login_oss.go                    |   2 +-
 command/login/login_test.go                   |   2 +-
 command/logout/logout.go                      |   2 +-
 command/logout/logout_test.go                 |   2 +-
 command/maint/maint.go                        |   2 +-
 command/maint/maint_test.go                   |   2 +-
 command/members/members.go                    |   2 +-
 command/members/members_test.go               |   2 +-
 command/monitor/monitor.go                    |   2 +-
 command/monitor/monitor_test.go               |   2 +-
 .../autopilot/get/operator_autopilot_get.go   |   2 +-
 .../get/operator_autopilot_get_test.go        |   2 +-
 .../operator/autopilot/operator_autopilot.go  |   2 +-
 .../autopilot/operator_autopilot_test.go      |   2 +-
 .../autopilot/set/operator_autopilot_set.go   |   2 +-
 .../set/operator_autopilot_set_test.go        |   2 +-
 command/operator/autopilot/state/formatter.go |   2 +-
 .../state/operator_autopilot_state.go         |   2 +-
 .../state/operator_autopilot_state_test.go    |   2 +-
 command/operator/operator.go                  |   2 +-
 command/operator/operator_test.go             |   2 +-
 .../raft/listpeers/operator_raft_list.go      |   2 +-
 .../raft/listpeers/operator_raft_list_test.go |   2 +-
 command/operator/raft/operator_raft.go        |   2 +-
 command/operator/raft/operator_raft_test.go   |   2 +-
 .../raft/removepeer/operator_raft_remove.go   |   2 +-
 .../removepeer/operator_raft_remove_test.go   |   2 +-
 .../raft/transferleader/transfer_leader.go    |   2 +-
 .../transferleader/transfer_leader_test.go    |   2 +-
 .../usage/instances/usage_instances.go        |   2 +-
 .../usage/instances/usage_instances_oss.go    |   2 +-
 .../instances/usage_instances_oss_test.go     |   2 +-
 .../usage/instances/usage_instances_test.go   |   2 +-
 command/operator/usage/usage.go               |   2 +-
 command/peering/delete/delete.go              |   2 +-
 command/peering/delete/delete_test.go         |   2 +-
 command/peering/establish/establish.go        |   2 +-
 command/peering/establish/establish_test.go   |   2 +-
 command/peering/generate/generate.go          |   2 +-
 command/peering/generate/generate_test.go     |   2 +-
 command/peering/list/list.go                  |   2 +-
 command/peering/list/list_test.go             |   2 +-
 command/peering/peering.go                    |   2 +-
 command/peering/read/read.go                  |   2 +-
 command/peering/read/read_test.go             |   2 +-
 command/registry.go                           |   2 +-
 command/registry_oss.go                       |   2 +-
 command/reload/reload.go                      |   2 +-
 command/reload/reload_test.go                 |   2 +-
 command/rtt/rtt.go                            |   2 +-
 command/rtt/rtt_test.go                       |   2 +-
 command/services/config.go                    |   2 +-
 command/services/config_test.go               |   2 +-
 command/services/deregister/deregister.go     |   2 +-
 .../services/deregister/deregister_test.go    |   2 +-
 command/services/export/export.go             |   3 +
 command/services/export/export_test.go        |   3 +
 command/services/register/register.go         |   2 +-
 command/services/register/register_test.go    |   2 +-
 command/services/services.go                  |   2 +-
 command/services/services_test.go             |   2 +-
 command/snapshot/inspect/formatter.go         |   2 +-
 command/snapshot/inspect/formatter_test.go    |   2 +-
 command/snapshot/inspect/snapshot_inspect.go  |   2 +-
 .../snapshot/inspect/snapshot_inspect_test.go |   2 +-
 command/snapshot/restore/snapshot_restore.go  |   2 +-
 .../snapshot/restore/snapshot_restore_test.go |   2 +-
 command/snapshot/save/snapshot_save.go        |   2 +-
 command/snapshot/save/snapshot_save_test.go   |   2 +-
 command/snapshot/snapshot_command.go          |   2 +-
 command/snapshot/snapshot_command_test.go     |   2 +-
 command/tls/ca/create/tls_ca_create.go        |   2 +-
 command/tls/ca/create/tls_ca_create_test.go   |   2 +-
 command/tls/ca/tls_ca.go                      |   2 +-
 command/tls/ca/tls_ca_test.go                 |   2 +-
 command/tls/cert/create/tls_cert_create.go    |   2 +-
 .../tls/cert/create/tls_cert_create_test.go   |   2 +-
 command/tls/cert/tls_cert.go                  |   2 +-
 command/tls/cert/tls_cert_test.go             |   2 +-
 command/tls/tls.go                            |   2 +-
 command/tls/tls_test.go                       |   2 +-
 .../troubleshoot/proxy/troubleshoot_proxy.go  |   2 +-
 command/troubleshoot/troubleshoot.go          |   2 +-
 command/troubleshoot/troubleshoot_test.go     |   2 +-
 .../upstreams/troubleshoot_upstreams.go       |   2 +-
 command/validate/validate.go                  |   2 +-
 command/validate/validate_test.go             |   2 +-
 command/version/formatter.go                  |   2 +-
 command/version/formatter_test.go             |   2 +-
 command/version/version.go                    |   2 +-
 command/version/version_test.go               |   2 +-
 command/watch/watch.go                        |   2 +-
 command/watch/watch_test.go                   |   2 +-
 connect/certgen/certgen.go                    |   2 +-
 connect/example_test.go                       |   2 +-
 connect/proxy/config.go                       |   2 +-
 connect/proxy/config_test.go                  |   2 +-
 connect/proxy/conn.go                         |   2 +-
 connect/proxy/conn_test.go                    |   2 +-
 connect/proxy/listener.go                     |   2 +-
 connect/proxy/listener_test.go                |   2 +-
 connect/proxy/proxy.go                        |   2 +-
 connect/proxy/proxy_test.go                   |   2 +-
 connect/proxy/testing.go                      |   2 +-
 connect/resolver.go                           |   2 +-
 connect/resolver_test.go                      |   2 +-
 connect/service.go                            |   2 +-
 connect/service_test.go                       |   2 +-
 connect/testing.go                            |   2 +-
 connect/tls.go                                |   2 +-
 connect/tls_test.go                           |   2 +-
 .../extensioncommon/basic_envoy_extender.go   |   2 +-
 .../basic_extension_adapter.go                |   2 +-
 .../extensioncommon/envoy_extender.go         |   2 +-
 .../extensioncommon/envoy_extender_test.go    |   3 +
 envoyextensions/extensioncommon/resources.go  |   2 +-
 .../extensioncommon/resources_test.go         |   2 +-
 .../extensioncommon/runtime_config.go         |   2 +-
 .../extensioncommon/runtime_config_test.go    |   2 +-
 .../upstream_envoy_extender.go                |   2 +-
 envoyextensions/xdscommon/envoy_versioning.go |   2 +-
 .../xdscommon/envoy_versioning_test.go        |   2 +-
 envoyextensions/xdscommon/proxysupport.go     |   2 +-
 .../xdscommon/proxysupport_test.go            |   2 +-
 envoyextensions/xdscommon/xdscommon.go        |   2 +-
 envoyextensions/xdscommon/xdscommon_test.go   |   3 +
 fixup_acl_move.sh                             |   2 +-
 internal/catalog/catalogtest/run_test.go      |   3 +
 .../catalogtest/test_integration_v1alpha1.go  |   3 +
 .../catalogtest/test_lifecycle_v1alpha1.go    |   3 +
 internal/catalog/exports.go                   |   2 +-
 .../controllers/endpoints/controller.go       |   2 +-
 .../controllers/endpoints/controller_test.go  |   3 +
 .../endpoints/reconciliation_data.go          |   3 +
 .../endpoints/reconciliation_data_test.go     |   3 +
 .../internal/controllers/endpoints/status.go  |   2 +-
 .../controllers/failover/controller.go        |   2 +-
 .../controllers/failover/controller_test.go   |   2 +-
 .../internal/controllers/failover/status.go   |   2 +-
 .../controllers/nodehealth/controller.go      |   2 +-
 .../controllers/nodehealth/controller_test.go |   2 +-
 .../internal/controllers/nodehealth/status.go |   2 +-
 .../catalog/internal/controllers/register.go  |   2 +-
 .../controllers/workloadhealth/controller.go  |   3 +
 .../workloadhealth/controller_test.go         |   2 +-
 .../controllers/workloadhealth/status.go      |   3 +
 .../mappers/failovermapper/failover_mapper.go |   2 +-
 .../failovermapper/failover_mapper_test.go    |   2 +-
 .../mappers/nodemapper/node_mapper.go         |   3 +
 .../mappers/nodemapper/node_mapper_test.go    |   3 +
 .../selectiontracker/selection_tracker.go     |   2 +-
 .../selection_tracker_test.go                 |   3 +
 internal/catalog/internal/types/dns_policy.go |   2 +-
 .../catalog/internal/types/dns_policy_test.go |   2 +-
 internal/catalog/internal/types/errors.go     |   2 +-
 .../catalog/internal/types/errors_test.go     |   2 +-
 .../catalog/internal/types/failover_policy.go |   2 +-
 .../internal/types/failover_policy_test.go    |   2 +-
 .../catalog/internal/types/health_checks.go   |   2 +-
 .../internal/types/health_checks_test.go      |   2 +-
 .../catalog/internal/types/health_status.go   |   2 +-
 .../internal/types/health_status_test.go      |   2 +-
 internal/catalog/internal/types/node.go       |   2 +-
 internal/catalog/internal/types/node_test.go  |   2 +-
 internal/catalog/internal/types/service.go    |   2 +-
 .../internal/types/service_endpoints.go       |   2 +-
 .../internal/types/service_endpoints_test.go  |   2 +-
 .../catalog/internal/types/service_test.go    |   2 +-
 internal/catalog/internal/types/types.go      |   2 +-
 internal/catalog/internal/types/types_test.go |   2 +-
 internal/catalog/internal/types/validators.go |   2 +-
 .../catalog/internal/types/validators_test.go |   2 +-
 .../catalog/internal/types/virtual_ips.go     |   2 +-
 .../internal/types/virtual_ips_test.go        |   2 +-
 internal/catalog/internal/types/workload.go   |   2 +-
 .../catalog/internal/types/workload_test.go   |   2 +-
 internal/controller/api.go                    |   2 +-
 internal/controller/api_test.go               |   2 +-
 internal/controller/controller.go             |   2 +-
 internal/controller/dependency_mappers.go     |   3 +
 .../controller/dependency_mappers_test.go     |   3 +
 internal/controller/doc.go                    |   2 +-
 internal/controller/lease.go                  |   3 +
 internal/controller/manager.go                |   3 +
 internal/controller/supervisor.go             |   3 +
 internal/controller/supervisor_test.go        |   3 +
 internal/go-sso/oidcauth/auth.go              |   2 +-
 internal/go-sso/oidcauth/config.go            |   2 +-
 internal/go-sso/oidcauth/config_test.go       |   2 +-
 .../go-sso/oidcauth/internal/strutil/util.go  |   2 +-
 .../oidcauth/internal/strutil/util_test.go    |   2 +-
 internal/go-sso/oidcauth/jwt.go               |   2 +-
 internal/go-sso/oidcauth/jwt_test.go          |   2 +-
 internal/go-sso/oidcauth/oidc.go              |   2 +-
 internal/go-sso/oidcauth/oidc_test.go         |   2 +-
 .../go-sso/oidcauth/oidcauthtest/testing.go   |   2 +-
 internal/go-sso/oidcauth/oidcjwt.go           |   2 +-
 internal/go-sso/oidcauth/oidcjwt_test.go      |   2 +-
 internal/go-sso/oidcauth/util.go              |   2 +-
 internal/go-sso/oidcauth/util_test.go         |   2 +-
 internal/mesh/exports.go                      |   2 +-
 .../mesh/internal/types/computed_routes.go    |   2 +-
 .../mesh/internal/types/destination_policy.go |   2 +-
 internal/mesh/internal/types/grpc_route.go    |   2 +-
 internal/mesh/internal/types/http_route.go    |   2 +-
 .../internal/types/proxy_configuration.go     |   2 +-
 .../internal/types/proxy_state_template.go    |   3 +
 internal/mesh/internal/types/tcp_route.go     |   2 +-
 internal/mesh/internal/types/types.go         |   2 +-
 internal/mesh/internal/types/types_test.go    |   2 +-
 internal/mesh/internal/types/upstreams.go     |   2 +-
 .../internal/types/upstreams_configuration.go |   2 +-
 internal/radix/doc.go                         |   3 +
 internal/radix/radix.go                       |   3 +
 internal/radix/radix_test.go                  |   3 +
 internal/resource/authz_oss.go                |   2 +-
 internal/resource/decode.go                   |   2 +-
 internal/resource/decode_test.go              |   2 +-
 internal/resource/demo/controller.go          |   2 +-
 internal/resource/demo/controller_test.go     |   2 +-
 internal/resource/demo/demo.go                |   2 +-
 internal/resource/equality.go                 |   2 +-
 internal/resource/equality_test.go            |   2 +-
 internal/resource/errors.go                   |   2 +-
 internal/resource/errors_test.go              |   2 +-
 internal/resource/http/http.go                |   3 +
 internal/resource/http/http_test.go           |   3 +
 .../resource/mappers/bimapper/bimapper.go     |   2 +-
 .../mappers/bimapper/bimapper_test.go         |   2 +-
 internal/resource/reaper/controller.go        |   2 +-
 internal/resource/reaper/controller_test.go   |   2 +-
 internal/resource/reference.go                |   2 +-
 internal/resource/refkey.go                   |   2 +-
 internal/resource/refkey_test.go              |   2 +-
 internal/resource/registry.go                 |   2 +-
 internal/resource/registry_test.go            |   2 +-
 internal/resource/resourcetest/builder.go     |   2 +-
 internal/resource/resourcetest/client.go      |   2 +-
 internal/resource/resourcetest/decode.go      |   2 +-
 internal/resource/resourcetest/fs.go          |   3 +
 internal/resource/resourcetest/require.go     |   3 +
 internal/resource/resourcetest/testing.go     |   3 +
 internal/resource/resourcetest/validation.go  |   2 +-
 internal/resource/stringer.go                 |   2 +-
 internal/resource/tenancy.go                  |   2 +-
 internal/resource/tombstone.go                |   3 +
 internal/storage/conformance/conformance.go   |   2 +-
 internal/storage/inmem/backend.go             |   2 +-
 internal/storage/inmem/backend_test.go        |   2 +-
 internal/storage/inmem/event_index.go         |   2 +-
 internal/storage/inmem/schema.go              |   2 +-
 internal/storage/inmem/snapshot.go            |   2 +-
 internal/storage/inmem/snapshot_test.go       |   2 +-
 internal/storage/inmem/store.go               |   2 +-
 internal/storage/inmem/watch.go               |   2 +-
 internal/storage/raft/backend.go              |   2 +-
 internal/storage/raft/conformance_test.go     |   2 +-
 internal/storage/raft/forwarding.go           |   2 +-
 internal/storage/storage.go                   |   2 +-
 internal/testing/golden/golden.go             |   2 +-
 .../e2e/consul/agent/structs/structs.go       |   2 +-
 .../e2e/consul/proto/pbcommon/common.go       |   2 +-
 .../tools/proto-gen-rpc-glue/e2e/source.pb.go |   2 +-
 internal/tools/proto-gen-rpc-glue/main.go     |   2 +-
 .../tools/proto-gen-rpc-glue/main_test.go     |   2 +-
 .../protoc-gen-consul-rate-limit/main.go      |   2 +-
 .../postprocess/main.go                       |   2 +-
 ipaddr/detect.go                              |   2 +-
 ipaddr/detect_test.go                         |   2 +-
 ipaddr/ipaddr.go                              |   2 +-
 ipaddr/ipaddr_test.go                         |   2 +-
 lib/cluster.go                                |   2 +-
 lib/cluster_test.go                           |   2 +-
 lib/decode/decode.go                          |   2 +-
 lib/decode/decode_test.go                     |   2 +-
 lib/eof.go                                    |   2 +-
 lib/eof_test.go                               |   2 +-
 lib/file/atomic.go                            |   2 +-
 lib/file/atomic_test.go                       |   2 +-
 lib/hoststats/collector.go                    |   3 +
 lib/hoststats/cpu.go                          |   3 +
 lib/hoststats/cpu_test.go                     |   3 +
 lib/hoststats/host.go                         |   3 +
 lib/hoststats/metrics.go                      |   3 +
 lib/json.go                                   |   2 +-
 lib/map_walker.go                             |   2 +-
 lib/map_walker_test.go                        |   2 +-
 lib/maps/maps.go                              |   2 +-
 lib/maps/maps_test.go                         |   2 +-
 lib/math.go                                   |   2 +-
 lib/math_test.go                              |   2 +-
 lib/mutex/mutex.go                            |   2 +-
 lib/mutex/mutex_test.go                       |   2 +-
 lib/path.go                                   |   2 +-
 lib/retry/retry.go                            |   2 +-
 lib/retry/retry_test.go                       |   2 +-
 lib/routine/routine.go                        |   2 +-
 lib/routine/routine_test.go                   |   2 +-
 lib/rtt.go                                    |   2 +-
 lib/rtt_test.go                               |   2 +-
 lib/semaphore/semaphore.go                    |   2 +-
 lib/semaphore/semaphore_test.go               |   2 +-
 lib/serf/serf.go                              |   2 +-
 lib/stop_context.go                           |   2 +-
 lib/stop_context_test.go                      |   2 +-
 lib/strings.go                                |   2 +-
 lib/stringslice/stringslice.go                |   2 +-
 lib/stringslice/stringslice_test.go           |   2 +-
 lib/telemetry.go                              |   2 +-
 lib/telemetry_test.go                         |   2 +-
 lib/template/hil.go                           |   2 +-
 lib/template/hil_test.go                      |   2 +-
 lib/translate.go                              |   2 +-
 lib/translate_test.go                         |   2 +-
 lib/ttlcache/eviction.go                      |   2 +-
 lib/ttlcache/eviction_test.go                 |   2 +-
 lib/useragent.go                              |   2 +-
 lib/useragent_test.go                         |   2 +-
 lib/uuid.go                                   |   2 +-
 logging/gated_writer.go                       |   2 +-
 logging/gated_writer_test.go                  |   2 +-
 logging/grpc.go                               |   2 +-
 logging/grpc_test.go                          |   2 +-
 logging/log_levels.go                         |   2 +-
 logging/logfile.go                            |   2 +-
 logging/logfile_test.go                       |   2 +-
 logging/logger.go                             |   2 +-
 logging/logger_test.go                        |   2 +-
 logging/monitor/monitor.go                    |   2 +-
 logging/monitor/monitor_test.go               |   2 +-
 logging/names.go                              |   2 +-
 logging/syslog.go                             |   2 +-
 logging/syslog_test.go                        |   2 +-
 logging/syslog_unsupported_test.go            |   2 +-
 main.go                                       |   2 +-
 .../annotations/ratelimit/ratelimit.pb.go     |   2 +-
 .../annotations/ratelimit/ratelimit.proto     |   2 +-
 proto-public/buf.gen.yaml                     |   2 +-
 proto-public/buf.yaml                         |   2 +-
 proto-public/pbacl/acl.pb.go                  |   2 +-
 proto-public/pbacl/acl.proto                  |   2 +-
 proto-public/pbcatalog/v1alpha1/dns.pb.go     |   2 +-
 proto-public/pbcatalog/v1alpha1/dns.proto     |   2 +-
 .../pbcatalog/v1alpha1/failover_policy.pb.go  |   2 +-
 .../pbcatalog/v1alpha1/failover_policy.proto  |   2 +-
 .../v1alpha1/failover_policy_extras.go        |   2 +-
 .../v1alpha1/failover_policy_extras_test.go   |   2 +-
 proto-public/pbcatalog/v1alpha1/health.pb.go  |   2 +-
 proto-public/pbcatalog/v1alpha1/health.proto  |   2 +-
 proto-public/pbcatalog/v1alpha1/node.pb.go    |   2 +-
 proto-public/pbcatalog/v1alpha1/node.proto    |   2 +-
 .../pbcatalog/v1alpha1/protocol.pb.go         |   2 +-
 .../pbcatalog/v1alpha1/protocol.proto         |   2 +-
 .../pbcatalog/v1alpha1/selector.pb.go         |   2 +-
 .../pbcatalog/v1alpha1/selector.proto         |   2 +-
 proto-public/pbcatalog/v1alpha1/service.pb.go |   2 +-
 proto-public/pbcatalog/v1alpha1/service.proto |   2 +-
 .../v1alpha1/service_endpoints.pb.go          |   2 +-
 .../v1alpha1/service_endpoints.proto          |   2 +-
 proto-public/pbcatalog/v1alpha1/vip.pb.go     |   2 +-
 proto-public/pbcatalog/v1alpha1/vip.proto     |   2 +-
 .../pbcatalog/v1alpha1/workload.pb.go         |   2 +-
 .../pbcatalog/v1alpha1/workload.proto         |   2 +-
 proto-public/pbconnectca/ca.pb.go             |   2 +-
 proto-public/pbconnectca/ca.proto             |   2 +-
 proto-public/pbdataplane/dataplane.pb.go      |   2 +-
 proto-public/pbdataplane/dataplane.proto      |   2 +-
 proto-public/pbdns/dns.pb.go                  |   2 +-
 proto-public/pbdns/dns.proto                  |   2 +-
 proto-public/pbmesh/v1alpha1/common.pb.go     |   2 +-
 proto-public/pbmesh/v1alpha1/common.proto     |   2 +-
 .../pbmesh/v1alpha1/computed_routes.pb.go     |   2 +-
 .../pbmesh/v1alpha1/computed_routes.proto     |   2 +-
 proto-public/pbmesh/v1alpha1/connection.pb.go |   2 +-
 proto-public/pbmesh/v1alpha1/connection.proto |   2 +-
 .../pbmesh/v1alpha1/destination_policy.pb.go  |   2 +-
 .../pbmesh/v1alpha1/destination_policy.proto  |   2 +-
 proto-public/pbmesh/v1alpha1/expose.pb.go     |   2 +-
 proto-public/pbmesh/v1alpha1/expose.proto     |   2 +-
 proto-public/pbmesh/v1alpha1/grpc_route.pb.go |   2 +-
 proto-public/pbmesh/v1alpha1/grpc_route.proto |   2 +-
 proto-public/pbmesh/v1alpha1/http_route.pb.go |   2 +-
 proto-public/pbmesh/v1alpha1/http_route.proto |   2 +-
 .../pbmesh/v1alpha1/http_route_retries.pb.go  |   2 +-
 .../pbmesh/v1alpha1/http_route_retries.proto  |   2 +-
 .../pbmesh/v1alpha1/http_route_timeouts.pb.go |   2 +-
 .../pbmesh/v1alpha1/http_route_timeouts.proto |   2 +-
 .../v1alpha1/pbproxystate/access_logs.pb.go   |   2 +-
 .../v1alpha1/pbproxystate/access_logs.proto   |   2 +-
 .../v1alpha1/pbproxystate/address.pb.go       |   2 +-
 .../v1alpha1/pbproxystate/address.proto       |   2 +-
 .../v1alpha1/pbproxystate/cluster.pb.go       |   2 +-
 .../v1alpha1/pbproxystate/cluster.proto       |   2 +-
 .../v1alpha1/pbproxystate/endpoints.pb.go     |   2 +-
 .../v1alpha1/pbproxystate/endpoints.proto     |   2 +-
 .../pbproxystate/escape_hatches.pb.go         |   2 +-
 .../pbproxystate/escape_hatches.proto         |   2 +-
 .../pbproxystate/header_mutations.pb.go       |   2 +-
 .../pbproxystate/header_mutations.proto       |   2 +-
 .../v1alpha1/pbproxystate/intentions.pb.go    |   2 +-
 .../v1alpha1/pbproxystate/intentions.proto    |   2 +-
 .../v1alpha1/pbproxystate/listener.pb.go      |   2 +-
 .../v1alpha1/pbproxystate/listener.proto      |   2 +-
 .../v1alpha1/pbproxystate/references.pb.go    |   2 +-
 .../v1alpha1/pbproxystate/references.proto    |   2 +-
 .../pbmesh/v1alpha1/pbproxystate/route.pb.go  |   2 +-
 .../pbmesh/v1alpha1/pbproxystate/route.proto  |   2 +-
 .../pbproxystate/transport_socket.pb.go       |   2 +-
 .../pbproxystate/transport_socket.proto       |   2 +-
 .../pbmesh/v1alpha1/proxy_configuration.pb.go |   2 +-
 .../pbmesh/v1alpha1/proxy_configuration.proto |   2 +-
 .../pbmesh/v1alpha1/proxy_state.pb.go         |   2 +-
 .../pbmesh/v1alpha1/proxy_state.proto         |   2 +-
 proto-public/pbmesh/v1alpha1/routing.pb.go    |   2 +-
 proto-public/pbmesh/v1alpha1/routing.proto    |   2 +-
 proto-public/pbmesh/v1alpha1/tcp_route.pb.go  |   2 +-
 proto-public/pbmesh/v1alpha1/tcp_route.proto  |   2 +-
 proto-public/pbmesh/v1alpha1/upstreams.pb.go  |   2 +-
 proto-public/pbmesh/v1alpha1/upstreams.proto  |   2 +-
 .../v1alpha1/upstreams_configuration.pb.go    |   2 +-
 .../v1alpha1/upstreams_configuration.proto    |   2 +-
 proto-public/pbresource/resource.pb.go        |   2 +-
 proto-public/pbresource/resource.proto        |   2 +-
 .../pbserverdiscovery/serverdiscovery.pb.go   |   2 +-
 .../pbserverdiscovery/serverdiscovery.proto   |   2 +-
 proto/buf.gen.yaml                            |   2 +-
 proto/buf.yaml                                |   2 +-
 proto/private/pbacl/acl.go                    |   2 +-
 proto/private/pbacl/acl.pb.go                 |   2 +-
 proto/private/pbacl/acl.proto                 |   2 +-
 proto/private/pbautoconf/auto_config.go       |   2 +-
 proto/private/pbautoconf/auto_config.pb.go    |   2 +-
 proto/private/pbautoconf/auto_config.proto    |   2 +-
 proto/private/pbautoconf/auto_config_oss.go   |   2 +-
 proto/private/pbcommon/common.go              |   2 +-
 proto/private/pbcommon/common.pb.go           |   2 +-
 proto/private/pbcommon/common.proto           |   2 +-
 proto/private/pbcommon/common_oss.go          |   2 +-
 proto/private/pbcommon/convert_pbstruct.go    |   2 +-
 .../private/pbcommon/convert_pbstruct_test.go |   2 +-
 proto/private/pbconfig/config.pb.go           |   2 +-
 proto/private/pbconfig/config.proto           |   2 +-
 proto/private/pbconfigentry/config_entry.go   |   2 +-
 .../private/pbconfigentry/config_entry.pb.go  |   2 +-
 .../private/pbconfigentry/config_entry.proto  |   2 +-
 .../private/pbconfigentry/config_entry_oss.go |   2 +-
 proto/private/pbconnect/connect.go            |   2 +-
 proto/private/pbconnect/connect.pb.go         |   2 +-
 proto/private/pbconnect/connect.proto         |   2 +-
 proto/private/pbdemo/v1/demo.pb.go            |   2 +-
 proto/private/pbdemo/v1/demo.proto            |   2 +-
 proto/private/pbdemo/v2/demo.pb.go            |   2 +-
 proto/private/pbdemo/v2/demo.proto            |   2 +-
 proto/private/pboperator/operator.pb.go       |   2 +-
 proto/private/pboperator/operator.proto       |   2 +-
 proto/private/pbpeering/peering.go            |   2 +-
 proto/private/pbpeering/peering.pb.go         |   2 +-
 proto/private/pbpeering/peering.proto         |   2 +-
 proto/private/pbpeering/peering_oss.go        |   2 +-
 proto/private/pbpeerstream/convert.go         |   2 +-
 proto/private/pbpeerstream/peerstream.go      |   2 +-
 proto/private/pbpeerstream/peerstream.pb.go   |   2 +-
 proto/private/pbpeerstream/peerstream.proto   |   2 +-
 proto/private/pbpeerstream/types.go           |   2 +-
 proto/private/pbservice/convert.go            |   2 +-
 proto/private/pbservice/convert_oss.go        |   2 +-
 proto/private/pbservice/convert_oss_test.go   |   2 +-
 proto/private/pbservice/convert_test.go       |   2 +-
 proto/private/pbservice/healthcheck.pb.go     |   2 +-
 proto/private/pbservice/healthcheck.proto     |   2 +-
 proto/private/pbservice/ids.go                |   2 +-
 proto/private/pbservice/ids_test.go           |   2 +-
 proto/private/pbservice/node.pb.go            |   2 +-
 proto/private/pbservice/node.proto            |   2 +-
 proto/private/pbservice/service.pb.go         |   2 +-
 proto/private/pbservice/service.proto         |   2 +-
 proto/private/pbstorage/raft.pb.go            |   2 +-
 proto/private/pbstorage/raft.proto            |   2 +-
 proto/private/pbsubscribe/subscribe.go        |   2 +-
 proto/private/pbsubscribe/subscribe.pb.go     |   2 +-
 proto/private/pbsubscribe/subscribe.proto     |   2 +-
 proto/private/prototest/testing.go            |   2 +-
 proto/private/prototest/testing_test.go       |   3 +
 sdk/LICENSE                                   | 365 +++++++++++++++
 sentinel/evaluator.go                         |   2 +-
 sentinel/scope.go                             |   2 +-
 sentinel/sentinel_oss.go                      |   2 +-
 service_os/service.go                         |   2 +-
 service_os/service_windows.go                 |   2 +-
 snapshot/archive.go                           |   2 +-
 snapshot/archive_test.go                      |   2 +-
 snapshot/snapshot.go                          |   2 +-
 snapshot/snapshot_test.go                     |   2 +-
 .../peering_commontopo/ac1_basic_test.go      |   3 +
 .../ac2_disco_chain_test.go                   |   3 +
 .../ac3_service_defaults_upstream_test.go     |   3 +
 .../ac4_proxy_defaults_test.go                |   3 +
 .../ac5_1_no_svc_mesh_test.go                 |   3 +
 .../ac5_2_pq_failover_test.go                 |   3 +
 .../peering_commontopo/ac6_failovers_test.go  |   3 +
 .../ac7_1_rotate_gw_test.go                   |   3 +
 .../ac7_2_rotate_leader_test.go               |   3 +
 test-integ/peering_commontopo/asserter.go     |   3 +
 test-integ/peering_commontopo/commontopo.go   |   3 +
 .../peering_commontopo/sharedtopology_test.go |   3 +
 test/bin/cluster.bash                         |   2 +-
 test/ca/generate.sh                           |   2 +-
 test/client_certs/generate.sh                 |   2 +-
 test/hostname/generate.sh                     |   2 +-
 .../capture.sh                                |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../case-api-gateway-http-hostnames/setup.sh  |   2 +-
 .../case-api-gateway-http-hostnames/vars.sh   |   2 +-
 .../case-api-gateway-http-simple/capture.sh   |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../case-api-gateway-http-simple/setup.sh     |   2 +-
 .../case-api-gateway-http-simple/vars.sh      |   2 +-
 .../capture.sh                                |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../service_s3.hcl                            |   2 +-
 .../setup.sh                                  |   2 +-
 .../vars.sh                                   |   2 +-
 .../capture.sh                                |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../setup.sh                                  |   2 +-
 .../vars.sh                                   |   2 +-
 .../capture.sh                                |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../case-api-gateway-tcp-conflicted/setup.sh  |   2 +-
 .../case-api-gateway-tcp-conflicted/vars.sh   |   2 +-
 .../case-api-gateway-tcp-simple/capture.sh    |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../case-api-gateway-tcp-simple/setup.sh      |   2 +-
 .../envoy/case-api-gateway-tcp-simple/vars.sh |   2 +-
 .../capture.sh                                |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../setup.sh                                  |   2 +-
 .../vars.sh                                   |   2 +-
 .../connect/envoy/case-badauthz/capture.sh    |   2 +-
 .../connect/envoy/case-badauthz/setup.sh      |   2 +-
 .../connect/envoy/case-basic/capture.sh       |   2 +-
 .../connect/envoy/case-basic/setup.sh         |   2 +-
 .../connect/envoy/case-centralconf/capture.sh |   2 +-
 .../envoy/case-centralconf/service_s1.hcl     |   2 +-
 .../envoy/case-centralconf/service_s2.hcl     |   2 +-
 .../connect/envoy/case-centralconf/setup.sh   |   2 +-
 .../alpha/base.hcl                            |   2 +-
 .../alpha/service_gateway.hcl                 |   2 +-
 .../alpha/service_s1.hcl                      |   2 +-
 .../alpha/service_s2.hcl                      |   2 +-
 .../alpha/setup.sh                            |   2 +-
 .../bind.hcl                                  |   2 +-
 .../capture.sh                                |   2 +-
 .../primary/base.hcl                          |   2 +-
 .../primary/service_s1.hcl                    |   2 +-
 .../primary/service_s2.hcl                    |   2 +-
 .../primary/setup.sh                          |   2 +-
 .../vars.sh                                   |   2 +-
 .../bind.hcl                                  |   2 +-
 .../capture.sh                                |   2 +-
 .../primary/setup.sh                          |   2 +-
 .../secondary/join.hcl                        |   2 +-
 .../secondary/service_gateway.hcl             |   2 +-
 .../secondary/service_s1.hcl                  |   2 +-
 .../secondary/setup.sh                        |   2 +-
 .../vars.sh                                   |   2 +-
 .../bind.hcl                                  |   2 +-
 .../capture.sh                                |   2 +-
 .../primary/setup.sh                          |   2 +-
 .../secondary/join.hcl                        |   2 +-
 .../secondary/service_gateway.hcl             |   2 +-
 .../secondary/service_s1.hcl                  |   2 +-
 .../secondary/setup.sh                        |   2 +-
 .../vars.sh                                   |   2 +-
 .../service_s2-v1.hcl                         |   2 +-
 .../service_s2-v2.hcl                         |   2 +-
 .../case-cfg-resolver-defaultsubset/setup.sh  |   2 +-
 .../case-cfg-resolver-defaultsubset/vars.sh   |   2 +-
 .../case-cfg-resolver-features/capture.sh     |   2 +-
 .../service_s2-v1.hcl                         |   2 +-
 .../service_s2-v2.hcl                         |   2 +-
 .../envoy/case-cfg-resolver-features/setup.sh |   2 +-
 .../envoy/case-cfg-resolver-features/vars.sh  |   2 +-
 .../service_s2-v1.hcl                         |   2 +-
 .../setup.sh                                  |   2 +-
 .../vars.sh                                   |   2 +-
 .../service_s3-v1.hcl                         |   2 +-
 .../service_s3-v2.hcl                         |   2 +-
 .../service_s3.hcl                            |   2 +-
 .../setup.sh                                  |   2 +-
 .../case-cfg-resolver-subset-redirect/vars.sh |   2 +-
 .../service_s3-v1.hcl                         |   2 +-
 .../service_s3-v2.hcl                         |   2 +-
 .../service_s3.hcl                            |   2 +-
 .../case-cfg-resolver-svc-failover/setup.sh   |   2 +-
 .../case-cfg-resolver-svc-failover/vars.sh    |   2 +-
 .../service_s3.hcl                            |   2 +-
 .../setup.sh                                  |   2 +-
 .../vars.sh                                   |   2 +-
 .../service_s3.hcl                            |   2 +-
 .../setup.sh                                  |   2 +-
 .../vars.sh                                   |   2 +-
 .../envoy/case-cfg-router-features/capture.sh |   2 +-
 .../service_s2-v1.hcl                         |   2 +-
 .../service_s2-v2.hcl                         |   2 +-
 .../envoy/case-cfg-router-features/setup.sh   |   2 +-
 .../envoy/case-cfg-router-features/vars.sh    |   2 +-
 .../alpha/base.hcl                            |   2 +-
 .../alpha/service_gateway.hcl                 |   2 +-
 .../alpha/service_s1.hcl                      |   2 +-
 .../alpha/service_s2.hcl                      |   2 +-
 .../alpha/setup.sh                            |   2 +-
 .../bind.hcl                                  |   2 +-
 .../capture.sh                                |   2 +-
 .../primary/base.hcl                          |   2 +-
 .../primary/service_s1.hcl                    |   2 +-
 .../primary/service_s2.hcl                    |   2 +-
 .../primary/setup.sh                          |   2 +-
 .../case-cfg-splitter-cluster-peering/vars.sh |   2 +-
 .../case-cfg-splitter-features/capture.sh     |   2 +-
 .../service_s2-v1.hcl                         |   2 +-
 .../service_s2-v2.hcl                         |   2 +-
 .../envoy/case-cfg-splitter-features/setup.sh |   2 +-
 .../envoy/case-cfg-splitter-features/vars.sh  |   2 +-
 .../alpha/base.hcl                            |   2 +-
 .../alpha/service_gateway.hcl                 |   2 +-
 .../alpha/service_s1.hcl                      |   2 +-
 .../alpha/service_s2.hcl                      |   2 +-
 .../alpha/setup.sh                            |   2 +-
 .../bind.hcl                                  |   2 +-
 .../capture.sh                                |   2 +-
 .../primary/base.hcl                          |   2 +-
 .../primary/service_ingress.hcl               |   2 +-
 .../primary/setup.sh                          |   2 +-
 .../vars.sh                                   |   2 +-
 .../connect/envoy/case-consul-exec/setup.sh   |   2 +-
 .../connect/envoy/case-consul-exec/vars.sh    |   2 +-
 .../alpha/base.hcl                            |   2 +-
 .../alpha/service_gateway.hcl                 |   2 +-
 .../alpha/service_s1.hcl                      |   2 +-
 .../alpha/service_s2.hcl                      |   2 +-
 .../alpha/setup.sh                            |   2 +-
 .../bind.hcl                                  |   2 +-
 .../capture.sh                                |   2 +-
 .../primary/base.hcl                          |   2 +-
 .../primary/service_gateway.hcl               |   2 +-
 .../primary/service_s1.hcl                    |   2 +-
 .../primary/service_s2.hcl                    |   2 +-
 .../primary/setup.sh                          |   2 +-
 .../case-cross-peer-control-plane-mgw/vars.sh |   2 +-
 .../alpha/base.hcl                            |   2 +-
 .../alpha/service_gateway.hcl                 |   2 +-
 .../alpha/service_s1.hcl                      |   2 +-
 .../alpha/service_s2.hcl                      |   2 +-
 .../alpha/service_s3.hcl                      |   2 +-
 .../alpha/setup.sh                            |   2 +-
 .../case-cross-peers-http-router/bind.hcl     |   2 +-
 .../case-cross-peers-http-router/capture.sh   |   2 +-
 .../primary/base.hcl                          |   2 +-
 .../primary/service_gateway.hcl               |   2 +-
 .../primary/service_s1.hcl                    |   2 +-
 .../primary/service_s2.hcl                    |   2 +-
 .../primary/setup.sh                          |   2 +-
 .../case-cross-peers-http-router/vars.sh      |   2 +-
 .../case-cross-peers-http/alpha/base.hcl      |   2 +-
 .../alpha/service_gateway.hcl                 |   2 +-
 .../alpha/service_s1.hcl                      |   2 +-
 .../alpha/service_s2.hcl                      |   2 +-
 .../case-cross-peers-http/alpha/setup.sh      |   2 +-
 .../envoy/case-cross-peers-http/bind.hcl      |   2 +-
 .../envoy/case-cross-peers-http/capture.sh    |   2 +-
 .../case-cross-peers-http/primary/base.hcl    |   2 +-
 .../primary/service_gateway.hcl               |   2 +-
 .../primary/service_s1.hcl                    |   2 +-
 .../primary/service_s2.hcl                    |   2 +-
 .../case-cross-peers-http/primary/setup.sh    |   2 +-
 .../envoy/case-cross-peers-http/vars.sh       |   2 +-
 .../alpha/base.hcl                            |   2 +-
 .../alpha/service_gateway.hcl                 |   2 +-
 .../alpha/service_s1.hcl                      |   2 +-
 .../alpha/service_s2.hcl                      |   2 +-
 .../alpha/service_s3.hcl                      |   2 +-
 .../alpha/setup.sh                            |   2 +-
 .../bind.hcl                                  |   2 +-
 .../capture.sh                                |   2 +-
 .../primary/base.hcl                          |   2 +-
 .../primary/service_gateway.hcl               |   2 +-
 .../primary/service_s1.hcl                    |   2 +-
 .../primary/service_s2.hcl                    |   2 +-
 .../primary/setup.sh                          |   2 +-
 .../vars.sh                                   |   2 +-
 .../envoy/case-cross-peers/alpha/base.hcl     |   2 +-
 .../alpha/service_gateway.hcl                 |   2 +-
 .../case-cross-peers/alpha/service_s1.hcl     |   2 +-
 .../case-cross-peers/alpha/service_s2.hcl     |   2 +-
 .../envoy/case-cross-peers/alpha/setup.sh     |   2 +-
 .../connect/envoy/case-cross-peers/bind.hcl   |   2 +-
 .../connect/envoy/case-cross-peers/capture.sh |   2 +-
 .../envoy/case-cross-peers/primary/base.hcl   |   2 +-
 .../primary/service_gateway.hcl               |   2 +-
 .../case-cross-peers/primary/service_s1.hcl   |   2 +-
 .../case-cross-peers/primary/service_s2.hcl   |   2 +-
 .../envoy/case-cross-peers/primary/setup.sh   |   2 +-
 .../connect/envoy/case-cross-peers/vars.sh    |   2 +-
 .../envoy/case-dogstatsd-udp/service_s1.hcl   |   2 +-
 .../connect/envoy/case-dogstatsd-udp/setup.sh |   2 +-
 .../connect/envoy/case-dogstatsd-udp/vars.sh  |   2 +-
 .../envoy/case-expose-checks/capture.sh       |   2 +-
 .../envoy/case-expose-checks/service_s1.hcl   |   2 +-
 .../envoy/case-expose-checks/service_s2.hcl   |   2 +-
 .../connect/envoy/case-expose-checks/setup.sh |   2 +-
 .../case-gateway-without-services/bind.hcl    |   2 +-
 .../case-gateway-without-services/capture.sh  |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../service_s1.hcl                            |   2 +-
 .../service_s2.hcl                            |   2 +-
 .../case-gateway-without-services/setup.sh    |   2 +-
 .../case-gateway-without-services/vars.sh     |   2 +-
 .../envoy/case-gateways-local/bind.hcl        |   2 +-
 .../envoy/case-gateways-local/capture.sh      |   2 +-
 .../primary/service_gateway.hcl               |   2 +-
 .../primary/service_s1.hcl                    |   2 +-
 .../primary/service_s2.hcl                    |   2 +-
 .../case-gateways-local/primary/setup.sh      |   2 +-
 .../case-gateways-local/secondary/join.hcl    |   2 +-
 .../secondary/service_gateway.hcl             |   2 +-
 .../secondary/service_s1.hcl                  |   2 +-
 .../case-gateways-local/secondary/setup.sh    |   2 +-
 .../connect/envoy/case-gateways-local/vars.sh |   2 +-
 .../envoy/case-gateways-remote/bind.hcl       |   2 +-
 .../envoy/case-gateways-remote/capture.sh     |   2 +-
 .../primary/service_s1.hcl                    |   2 +-
 .../primary/service_s2.hcl                    |   2 +-
 .../case-gateways-remote/primary/setup.sh     |   2 +-
 .../case-gateways-remote/secondary/join.hcl   |   2 +-
 .../secondary/service_gateway.hcl             |   2 +-
 .../secondary/service_s1.hcl                  |   2 +-
 .../case-gateways-remote/secondary/setup.sh   |   2 +-
 .../envoy/case-gateways-remote/vars.sh        |   2 +-
 .../connect/envoy/case-grpc/service_s1.hcl    |   2 +-
 .../connect/envoy/case-grpc/service_s2.hcl    |   2 +-
 .../connect/envoy/case-grpc/setup.sh          |   2 +-
 .../connect/envoy/case-grpc/vars.sh           |   2 +-
 .../envoy/case-http-badauthz/capture.sh       |   2 +-
 .../envoy/case-http-badauthz/service_s1.hcl   |   2 +-
 .../envoy/case-http-badauthz/service_s2.hcl   |   2 +-
 .../connect/envoy/case-http-badauthz/setup.sh |   2 +-
 .../connect/envoy/case-http/capture.sh        |   2 +-
 .../connect/envoy/case-http/service_s1.hcl    |   2 +-
 .../connect/envoy/case-http/service_s2.hcl    |   2 +-
 .../connect/envoy/case-http/setup.sh          |   2 +-
 .../case-ingress-gateway-grpc/capture.sh      |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../case-ingress-gateway-grpc/service_s1.hcl  |   2 +-
 .../envoy/case-ingress-gateway-grpc/setup.sh  |   2 +-
 .../envoy/case-ingress-gateway-grpc/vars.sh   |   2 +-
 .../case-ingress-gateway-http/capture.sh      |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../envoy/case-ingress-gateway-http/setup.sh  |   2 +-
 .../envoy/case-ingress-gateway-http/vars.sh   |   2 +-
 .../capture.sh                                |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../setup.sh                                  |   2 +-
 .../vars.sh                                   |   2 +-
 .../alpha/base.hcl                            |   2 +-
 .../alpha/service_gateway.hcl                 |   2 +-
 .../alpha/service_s1.hcl                      |   2 +-
 .../alpha/service_s2.hcl                      |   2 +-
 .../alpha/setup.sh                            |   2 +-
 .../bind.hcl                                  |   2 +-
 .../capture.sh                                |   2 +-
 .../primary/base.hcl                          |   2 +-
 .../primary/service_ingress.hcl               |   2 +-
 .../primary/service_s1.hcl                    |   2 +-
 .../primary/service_s2.hcl                    |   2 +-
 .../primary/setup.sh                          |   2 +-
 .../vars.sh                                   |   2 +-
 .../envoy/case-ingress-gateway-sds/capture.sh |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../envoy/case-ingress-gateway-sds/setup.sh   |   2 +-
 .../envoy/case-ingress-gateway-sds/vars.sh    |   2 +-
 .../case-ingress-gateway-simple/capture.sh    |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../case-ingress-gateway-simple/setup.sh      |   2 +-
 .../envoy/case-ingress-gateway-simple/vars.sh |   2 +-
 .../envoy/case-ingress-gateway-tls/capture.sh |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../envoy/case-ingress-gateway-tls/setup.sh   |   2 +-
 .../envoy/case-ingress-gateway-tls/vars.sh    |   2 +-
 .../bind.hcl                                  |   2 +-
 .../capture.sh                                |   2 +-
 .../primary/service_gateway.hcl               |   2 +-
 .../primary/service_ingress.hcl               |   2 +-
 .../primary/service_s1.hcl                    |   2 +-
 .../primary/service_s2.hcl                    |   2 +-
 .../primary/setup.sh                          |   2 +-
 .../secondary/join.hcl                        |   2 +-
 .../secondary/service_gateway.hcl             |   2 +-
 .../secondary/setup.sh                        |   2 +-
 .../vars.sh                                   |   2 +-
 .../connect/envoy/case-l7-intentions/acl.hcl  |   2 +-
 .../envoy/case-l7-intentions/capture.sh       |   2 +-
 .../connect/envoy/case-l7-intentions/setup.sh |   2 +-
 .../connect/envoy/case-lua/capture.sh         |   2 +-
 .../connect/envoy/case-lua/service_s1.hcl     |   2 +-
 .../connect/envoy/case-lua/service_s2.hcl     |   2 +-
 .../connect/envoy/case-lua/setup.sh           |   2 +-
 .../connect/envoy/case-lua/vars.sh            |   2 +-
 .../envoy/case-mesh-to-lambda/capture.sh      |   2 +-
 .../case-mesh-to-lambda/service_gateway.hcl   |   2 +-
 .../envoy/case-mesh-to-lambda/service_s1.hcl  |   2 +-
 .../envoy/case-mesh-to-lambda/setup.sh        |   2 +-
 .../connect/envoy/case-mesh-to-lambda/vars.sh |   2 +-
 .../envoy/case-multidc-rsa-ca/bind.hcl        |   2 +-
 .../envoy/case-multidc-rsa-ca/ca_config.hcl   |   2 +-
 .../envoy/case-multidc-rsa-ca/capture.sh      |   2 +-
 .../primary/service_s1.hcl                    |   2 +-
 .../primary/service_s2.hcl                    |   2 +-
 .../case-multidc-rsa-ca/primary/setup.sh      |   2 +-
 .../case-multidc-rsa-ca/secondary/join.hcl    |   2 +-
 .../secondary/service_s1.hcl                  |   2 +-
 .../case-multidc-rsa-ca/secondary/setup.sh    |   2 +-
 .../connect/envoy/case-multidc-rsa-ca/vars.sh |   2 +-
 .../connect/envoy/case-prometheus/capture.sh  |   2 +-
 .../envoy/case-prometheus/service_s1.hcl      |   2 +-
 .../envoy/case-prometheus/service_s2.hcl      |   2 +-
 .../connect/envoy/case-prometheus/setup.sh    |   2 +-
 .../envoy/case-property-override/capture.sh   |   2 +-
 .../case-property-override/service_s1.hcl     |   2 +-
 .../case-property-override/service_s2.hcl     |   2 +-
 .../case-property-override/service_s3.hcl     |   2 +-
 .../envoy/case-property-override/setup.sh     |   2 +-
 .../envoy/case-property-override/vars.sh      |   2 +-
 .../envoy/case-stats-proxy/service_s1.hcl     |   2 +-
 .../envoy/case-stats-proxy/service_s2.hcl     |   2 +-
 .../connect/envoy/case-stats-proxy/setup.sh   |   2 +-
 .../envoy/case-statsd-udp/service_s1.hcl      |   2 +-
 .../connect/envoy/case-statsd-udp/setup.sh    |   2 +-
 .../connect/envoy/case-statsd-udp/vars.sh     |   2 +-
 .../capture.sh                                |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../service_s1.hcl                            |   2 +-
 .../service_s4.hcl                            |   2 +-
 .../setup.sh                                  |   2 +-
 .../vars.sh                                   |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../case-terminating-gateway-simple/setup.sh  |   2 +-
 .../case-terminating-gateway-simple/vars.sh   |   2 +-
 .../capture.sh                                |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../service_s2-v1.hcl                         |   2 +-
 .../service_s2-v2.hcl                         |   2 +-
 .../service_s3.hcl                            |   2 +-
 .../case-terminating-gateway-subsets/setup.sh |   2 +-
 .../case-terminating-gateway-subsets/vars.sh  |   2 +-
 .../bind.hcl                                  |   2 +-
 .../service_gateway.hcl                       |   2 +-
 .../service_s1.hcl                            |   2 +-
 .../service_s2.hcl                            |   2 +-
 .../setup.sh                                  |   2 +-
 .../vars.sh                                   |   2 +-
 .../envoy/case-upstream-config/service_s1.hcl |   2 +-
 .../envoy/case-upstream-config/service_s2.hcl |   2 +-
 .../envoy/case-upstream-config/setup.sh       |   2 +-
 .../connect/envoy/case-wanfed-gw/bind.hcl     |   2 +-
 .../connect/envoy/case-wanfed-gw/capture.sh   |   2 +-
 .../case-wanfed-gw/global-setup-windows.sh    |   3 +
 .../envoy/case-wanfed-gw/global-setup.sh      |   2 +-
 .../envoy/case-wanfed-gw/primary/common.hcl   |   2 +-
 .../envoy/case-wanfed-gw/primary/server.hcl   |   2 +-
 .../primary/service_gateway.hcl               |   2 +-
 .../case-wanfed-gw/primary/service_s1.hcl     |   2 +-
 .../case-wanfed-gw/primary/service_s2.hcl     |   2 +-
 .../envoy/case-wanfed-gw/primary/setup.sh     |   2 +-
 .../envoy/case-wanfed-gw/secondary/common.hcl |   2 +-
 .../envoy/case-wanfed-gw/secondary/server.hcl |   2 +-
 .../secondary/service_gateway.hcl             |   2 +-
 .../case-wanfed-gw/secondary/service_s1.hcl   |   2 +-
 .../case-wanfed-gw/secondary/service_s2.hcl   |   2 +-
 .../envoy/case-wanfed-gw/secondary/setup.sh   |   2 +-
 .../connect/envoy/case-wanfed-gw/vars.sh      |   2 +-
 .../connect/envoy/case-wasm/capture.sh        |   2 +-
 .../connect/envoy/case-wasm/service_s1.hcl    |   2 +-
 .../connect/envoy/case-wasm/service_s2.hcl    |   2 +-
 .../connect/envoy/case-wasm/setup.sh          |   2 +-
 .../connect/envoy/case-wasm/vars.sh           |   2 +-
 .../connect/envoy/case-zipkin/service_s1.hcl  |   2 +-
 .../connect/envoy/case-zipkin/service_s2.hcl  |   2 +-
 .../connect/envoy/case-zipkin/setup.sh        |   2 +-
 .../connect/envoy/case-zipkin/vars.sh         |   2 +-
 .../connect/envoy/consul-base-cfg/base.hcl    |   2 +-
 .../envoy/consul-base-cfg/service_s1.hcl      |   2 +-
 .../envoy/consul-base-cfg/service_s2.hcl      |   2 +-
 test/integration/connect/envoy/defaults.sh    |   2 +-
 test/integration/connect/envoy/down.sh        |   2 +-
 test/integration/connect/envoy/helpers.bash   |   2 +-
 .../connect/envoy/helpers.windows.bash        |   3 +
 test/integration/connect/envoy/main_test.go   |   2 +-
 test/integration/connect/envoy/run-tests.sh   |   2 +-
 .../connect/envoy/run-tests.windows.sh        |   3 +
 .../connect/envoy/test-sds-server/Dockerfile  |   2 +-
 .../envoy/test-sds-server/certs/gen-certs.sh  |   2 +-
 .../connect/envoy/test-sds-server/sds.go      |   2 +-
 .../consul-container/assets/tproxy-startup.sh |   3 +
 .../consul-container/libs/assert/common.go    |   2 +-
 .../consul-container/libs/assert/envoy.go     |   2 +-
 .../consul-container/libs/assert/grpc.go      |   2 +-
 .../consul-container/libs/assert/peering.go   |   2 +-
 .../consul-container/libs/assert/service.go   |   2 +-
 .../consul-container/libs/cluster/agent.go    |   2 +-
 .../consul-container/libs/cluster/app.go      |   2 +-
 .../consul-container/libs/cluster/builder.go  |   2 +-
 .../consul-container/libs/cluster/cluster.go  |   2 +-
 .../consul-container/libs/cluster/config.go   |   2 +-
 .../libs/cluster/container.go                 |   2 +-
 .../libs/cluster/encryption.go                |   2 +-
 .../consul-container/libs/cluster/log.go      |   2 +-
 .../consul-container/libs/cluster/network.go  |   2 +-
 .../consul-container/libs/service/common.go   |   2 +-
 .../consul-container/libs/service/connect.go  |   2 +-
 .../consul-container/libs/service/examples.go |   2 +-
 .../consul-container/libs/service/gateway.go  |   2 +-
 .../consul-container/libs/service/helpers.go  |   2 +-
 .../consul-container/libs/service/log.go      |   2 +-
 .../consul-container/libs/service/service.go  |   2 +-
 .../libs/topology/peering_topology.go         |   2 +-
 .../libs/topology/service_topology.go         |   2 +-
 .../consul-container/libs/utils/debug.go      |   2 +-
 .../consul-container/libs/utils/defer.go      |   2 +-
 .../consul-container/libs/utils/docker.go     |   2 +-
 .../consul-container/libs/utils/helpers.go    |   2 +-
 .../consul-container/libs/utils/retry.go      |   2 +-
 .../consul-container/libs/utils/tenancy.go    |   3 +
 .../consul-container/libs/utils/utils.go      |   2 +-
 .../consul-container/libs/utils/version.go    |   2 +-
 .../libs/utils/version_oss.go                 |   2 +-
 .../test/basic/connect_service_test.go        |   2 +-
 .../test/catalog/catalog_test.go              |   3 +
 .../consul_envoy_version.go                   |   2 +-
 .../test/envoy_extensions/ext_authz_test.go   |   2 +-
 .../testdata/wasm_test_files/Dockerfile       |   3 +
 .../testdata/wasm_test_files/build.sh         |   3 +
 .../wasm_test_files/wasm_add_header.go        |   3 +
 .../test/envoy_extensions/wasm_test.go        |   3 +
 .../test/gateways/gateway_endpoint_test.go    |   2 +-
 .../test/gateways/http_route_test.go          |   2 +-
 .../test/gateways/ingress_gateway_test.go     |   2 +-
 .../test/gateways/tenancy_oss.go              |   3 +
 .../test/jwtauth/jwt_auth_test.go             |   2 +-
 .../test/observability/access_logs_test.go    |   2 +-
 .../test/observability/metrics_leader_test.go |   2 +-
 .../rotate_server_and_ca_then_fail_test.go    |   2 +-
 .../test/ratelimit/ratelimit_test.go          |   2 +-
 .../test/snapshot/snapshot_restore_test.go    |   2 +-
 .../test/tproxy/tproxy_test.go                |   2 +-
 .../test/troubleshoot/troubleshoot_test.go    |   2 +-
 .../test/upgrade/acl_node_test.go             |   2 +-
 .../test/upgrade/basic/basic_test.go          |   2 +-
 .../upgrade/basic/fullstopupgrade_test.go     |   2 +-
 .../test/upgrade/basic/healthcheck_test.go    |   2 +-
 .../test/upgrade/catalog/catalog_test.go      |   2 +-
 .../consul-container/test/upgrade/common.go   |   3 +
 .../test/upgrade/ingress_gateway_grpc_test.go |   2 +-
 .../test/upgrade/ingress_gateway_sds_test.go  |   2 +-
 .../test/upgrade/ingress_gateway_test.go      |   2 +-
 .../resolver_default_subset_test.go           |   2 +-
 .../peering/peering_control_plane_mgw_test.go |   2 +-
 .../test/upgrade/peering/peering_http_test.go |   2 +-
 .../wanfed/acl_bootstrap_replication_test.go  |   2 +-
 .../test/wanfed/wanfed_peering_test.go        |   2 +-
 test/load/packer/consul-ami/consul.pkr.hcl    |   2 +-
 test/load/packer/consul-ami/scripts/conf.yaml |   2 +-
 .../packer/consul-ami/scripts/datadog.yaml    |   2 +-
 .../packer/consul-ami/scripts/move-files.sh   |   2 +-
 .../load/packer/loadtest-ami/loadtest.pkr.hcl |   2 +-
 .../packer/loadtest-ami/scripts/install-k6.sh |   2 +-
 .../packer/loadtest-ami/scripts/loadtest.js   |   2 +-
 test/load/terraform/consul.tf                 |   2 +-
 test/load/terraform/main.tf                   |   2 +-
 test/load/terraform/outputs.tf                |   2 +-
 test/load/terraform/providers.tf              |   2 +-
 test/load/terraform/test-servers.tf           |   2 +-
 test/load/terraform/user-data-client.sh       |   2 +-
 test/load/terraform/user-data-server.sh       |   2 +-
 test/load/terraform/variables.tf              |   2 +-
 testing/deployer/sprawl/acl.go                |   3 +
 testing/deployer/sprawl/acl_rules.go          |   3 +
 testing/deployer/sprawl/boot.go               |   3 +
 testing/deployer/sprawl/catalog.go            |   3 +
 testing/deployer/sprawl/configentries.go      |   3 +
 testing/deployer/sprawl/consul.go             |   3 +
 testing/deployer/sprawl/debug.go              |   3 +
 testing/deployer/sprawl/details.go            |   3 +
 testing/deployer/sprawl/ent.go                |   3 +
 testing/deployer/sprawl/helpers.go            |   3 +
 .../deployer/sprawl/internal/build/docker.go  |   3 +
 .../deployer/sprawl/internal/runner/exec.go   |   3 +
 .../deployer/sprawl/internal/secrets/store.go |   3 +
 .../deployer/sprawl/internal/tfgen/agent.go   |   3 +
 .../deployer/sprawl/internal/tfgen/digest.go  |   3 +
 testing/deployer/sprawl/internal/tfgen/dns.go |   3 +
 .../deployer/sprawl/internal/tfgen/docker.go  |   3 +
 .../sprawl/internal/tfgen/docker_test.go      |   3 +
 testing/deployer/sprawl/internal/tfgen/gen.go |   3 +
 testing/deployer/sprawl/internal/tfgen/io.go  |   3 +
 .../deployer/sprawl/internal/tfgen/nodes.go   |   3 +
 .../deployer/sprawl/internal/tfgen/prelude.go |   3 +
 .../deployer/sprawl/internal/tfgen/proxy.go   |   3 +
 testing/deployer/sprawl/internal/tfgen/res.go |   3 +
 .../deployer/sprawl/internal/tfgen/tfgen.go   |   3 +
 testing/deployer/sprawl/peering.go            |   3 +
 testing/deployer/sprawl/sprawl.go             |   3 +
 .../deployer/sprawl/sprawltest/sprawltest.go  |   3 +
 .../deployer/sprawl/sprawltest/test_test.go   |   3 +
 testing/deployer/sprawl/tls.go                |   3 +
 testing/deployer/topology/compile.go          |   3 +
 testing/deployer/topology/default_cdp.go      |   3 +
 testing/deployer/topology/default_consul.go   |   3 +
 testing/deployer/topology/default_envoy.go    |   3 +
 testing/deployer/topology/ids.go              |   3 +
 testing/deployer/topology/images.go           |   3 +
 testing/deployer/topology/images_test.go      |   3 +
 testing/deployer/topology/topology.go         |   3 +
 testing/deployer/topology/util.go             |   3 +
 testing/deployer/topology/util_test.go        |   3 +
 testing/deployer/util/consul.go               |   3 +
 testing/deployer/util/files.go                |   3 +
 .../deployer/util/internal/ipamutils/utils.go |   3 +
 .../util/internal/ipamutils/utils_test.go     |   3 +
 testing/deployer/util/net.go                  |   3 +
 testrpc/wait.go                               |   2 +-
 tlsutil/config.go                             |   2 +-
 tlsutil/config_test.go                        |   2 +-
 tlsutil/generate.go                           |   2 +-
 tlsutil/generate_test.go                      |   2 +-
 tools/internal-grpc-proxy/main.go             |   2 +-
 troubleshoot/proxy/certs.go                   |   2 +-
 troubleshoot/proxy/certs_test.go              |   2 +-
 troubleshoot/proxy/stats.go                   |   2 +-
 troubleshoot/proxy/troubleshoot_proxy.go      |   2 +-
 troubleshoot/proxy/upstreams.go               |   2 +-
 troubleshoot/proxy/upstreams_test.go          |   2 +-
 troubleshoot/proxy/utils.go                   |   2 +-
 troubleshoot/proxy/validateupstream.go        |   2 +-
 troubleshoot/proxy/validateupstream_test.go   |   2 +-
 troubleshoot/validate/validate.go             |   2 +-
 troubleshoot/validate/validate_test.go        |   2 +-
 types/area.go                                 |   2 +-
 types/checks.go                               |   2 +-
 types/node_id.go                              |   2 +-
 types/tls.go                                  |   2 +-
 types/tls_test.go                             |   2 +-
 .../components/consul/acl/selector/index.hbs  |   2 +-
 .../consul/token/selector/index.hbs           |   2 +-
 .../components/consul/token/selector/index.js |   2 +-
 .../consul-acls/vendor/consul-acls/routes.js  |   2 +-
 .../vendor/consul-acls/services.js            |   2 +-
 .../app/components/consul/hcp/home/index.hbs  |   2 +-
 .../app/components/consul/hcp/home/index.scss |   2 +-
 .../components/consul/hcp/home/index.test.js  |   2 +-
 .../consul-hcp/vendor/consul-hcp/routes.js    |   2 +-
 .../consul-hcp/vendor/consul-hcp/services.js  |   2 +-
 .../consul/lock-session/form/index.hbs        |   2 +-
 .../consul/lock-session/form/index.scss       |   2 +-
 .../consul/lock-session/list/index.hbs        |   2 +-
 .../consul/lock-session/list/index.scss       |   2 +-
 .../lock-session/notifications/index.hbs      |   2 +-
 .../app/templates/dc/nodes/show/sessions.hbs  |   2 +-
 .../vendor/consul-lock-sessions/routes.js     |   2 +-
 .../vendor/consul-lock-sessions/services.js   |   2 +-
 .../components/consul/nspace/form/index.hbs   |   2 +-
 .../components/consul/nspace/form/index.js    |   2 +-
 .../components/consul/nspace/list/index.hbs   |   2 +-
 .../consul/nspace/list/pageobject.js          |   2 +-
 .../consul/nspace/notifications/index.hbs     |   2 +-
 .../consul/nspace/search-bar/index.hbs        |   2 +-
 .../consul/nspace/selector/index.hbs          |   2 +-
 .../app/templates/dc/nspaces/edit.hbs         |   2 +-
 .../app/templates/dc/nspaces/index.hbs        |   2 +-
 .../vendor/consul-nspaces/routes.js           |   2 +-
 .../vendor/consul-nspaces/services.js         |   2 +-
 .../consul/partition/form/index.hbs           |   2 +-
 .../consul/partition/list/index.hbs           |   2 +-
 .../consul/partition/list/test-support.js     |   2 +-
 .../consul/partition/notifications/index.hbs  |   2 +-
 .../consul/partition/search-bar/index.hbs     |   2 +-
 .../consul/partition/selector/index.hbs       |   2 +-
 .../app/templates/dc/partitions/edit.hbs      |   2 +-
 .../app/templates/dc/partitions/index.hbs     |   2 +-
 .../vendor/consul-partitions/routes.js        |   2 +-
 .../vendor/consul-partitions/services.js      |   2 +-
 .../consul/peer/address/list/index.hbs        |   2 +-
 .../consul/peer/address/list/index.scss       |   2 +-
 .../consul/peer/bento-box/index.hbs           |   2 +-
 .../components/consul/peer/components.scss    |   2 +-
 .../consul/peer/form/chart.xstate.js          |   2 +-
 .../peer/form/generate/actions/index.hbs      |   2 +-
 .../consul/peer/form/generate/chart.xstate.js |   2 +-
 .../peer/form/generate/fieldsets/index.hbs    |   2 +-
 .../peer/form/generate/fieldsets/index.js     |   2 +-
 .../consul/peer/form/generate/index.hbs       |   2 +-
 .../app/components/consul/peer/form/index.hbs |   2 +-
 .../components/consul/peer/form/index.scss    |   2 +-
 .../peer/form/initiate/actions/index.hbs      |   2 +-
 .../peer/form/initiate/fieldsets/index.hbs    |   2 +-
 .../consul/peer/form/initiate/index.hbs       |   2 +-
 .../consul/peer/form/token/actions/index.hbs  |   2 +-
 .../peer/form/token/fieldsets/index.hbs       |   2 +-
 .../app/components/consul/peer/index.scss     |   2 +-
 .../app/components/consul/peer/list/index.hbs |   2 +-
 .../consul/peer/list/test-support.js          |   2 +-
 .../consul/peer/notifications/index.hbs       |   2 +-
 .../consul/peer/search-bar/index.hbs          |   2 +-
 .../consul/peer/search-bar/index.scss         |   2 +-
 .../components/consul/peer/selector/index.hbs |   2 +-
 .../app/controllers/dc/peers/index.js         |   2 +-
 .../app/controllers/dc/peers/show/exported.js |   2 +-
 .../app/controllers/dc/peers/show/index.js    |   2 +-
 .../app/templates/dc/peers/index.hbs          |   2 +-
 .../app/templates/dc/peers/show.hbs           |   2 +-
 .../app/templates/dc/peers/show/addresses.hbs |   2 +-
 .../app/templates/dc/peers/show/exported.hbs  |   2 +-
 .../app/templates/dc/peers/show/imported.hbs  |   2 +-
 .../app/templates/dc/peers/show/index.hbs     |   2 +-
 .../vendor/consul-peerings/routes.js          |   2 +-
 .../vendor/consul-peerings/services.js        |   2 +-
 ui/packages/consul-ui/.docfy-config.js        |   2 +-
 ui/packages/consul-ui/.eslintrc.js            |   2 +-
 ui/packages/consul-ui/.istanbul.yml           |   2 +-
 ui/packages/consul-ui/.prettierrc.js          |   2 +-
 ui/packages/consul-ui/.template-lintrc.js     |   2 +-
 ui/packages/consul-ui/app/abilities/acl.js    |   2 +-
 .../consul-ui/app/abilities/auth-method.js    |   2 +-
 ui/packages/consul-ui/app/abilities/base.js   |   2 +-
 .../consul-ui/app/abilities/intention.js      |   2 +-
 ui/packages/consul-ui/app/abilities/kv.js     |   2 +-
 .../consul-ui/app/abilities/license.js        |   2 +-
 ui/packages/consul-ui/app/abilities/node.js   |   2 +-
 ui/packages/consul-ui/app/abilities/nspace.js |   2 +-
 .../consul-ui/app/abilities/overview.js       |   2 +-
 .../consul-ui/app/abilities/partition.js      |   2 +-
 ui/packages/consul-ui/app/abilities/peer.js   |   2 +-
 .../consul-ui/app/abilities/permission.js     |   2 +-
 ui/packages/consul-ui/app/abilities/policy.js |   2 +-
 ui/packages/consul-ui/app/abilities/role.js   |   2 +-
 ui/packages/consul-ui/app/abilities/server.js |   2 +-
 .../app/abilities/service-instance.js         |   2 +-
 .../consul-ui/app/abilities/session.js        |   2 +-
 ui/packages/consul-ui/app/abilities/token.js  |   2 +-
 .../consul-ui/app/abilities/upstream.js       |   2 +-
 .../consul-ui/app/abilities/zervice.js        |   2 +-
 ui/packages/consul-ui/app/abilities/zone.js   |   2 +-
 .../consul-ui/app/adapters/application.js     |   2 +-
 .../consul-ui/app/adapters/auth-method.js     |   2 +-
 .../consul-ui/app/adapters/binding-rule.js    |   2 +-
 .../consul-ui/app/adapters/coordinate.js      |   2 +-
 .../consul-ui/app/adapters/discovery-chain.js |   2 +-
 ui/packages/consul-ui/app/adapters/http.js    |   2 +-
 .../consul-ui/app/adapters/intention.js       |   2 +-
 ui/packages/consul-ui/app/adapters/kv.js      |   2 +-
 ui/packages/consul-ui/app/adapters/node.js    |   2 +-
 ui/packages/consul-ui/app/adapters/nspace.js  |   2 +-
 .../consul-ui/app/adapters/oidc-provider.js   |   2 +-
 .../consul-ui/app/adapters/partition.js       |   2 +-
 .../consul-ui/app/adapters/permission.js      |   2 +-
 ui/packages/consul-ui/app/adapters/policy.js  |   2 +-
 ui/packages/consul-ui/app/adapters/proxy.js   |   2 +-
 ui/packages/consul-ui/app/adapters/role.js    |   2 +-
 .../app/adapters/service-instance.js          |   2 +-
 ui/packages/consul-ui/app/adapters/service.js |   2 +-
 ui/packages/consul-ui/app/adapters/session.js |   2 +-
 ui/packages/consul-ui/app/adapters/token.js   |   2 +-
 .../consul-ui/app/adapters/topology.js        |   2 +-
 ui/packages/consul-ui/app/app.js              |   2 +-
 .../consul-ui/app/components/action/index.hbs |   2 +-
 .../app/components/anchors/index.scss         |   2 +-
 .../app/components/anchors/skin.scss          |   2 +-
 .../app/components/anonymous/index.hbs        |   2 +-
 .../app/components/anonymous/index.js         |   2 +-
 .../app/components/app-error/index.hbs        |   2 +-
 .../app/components/app-view/index.hbs         |   2 +-
 .../app/components/app-view/index.js          |   2 +-
 .../app/components/app-view/index.scss        |   2 +-
 .../app/components/app-view/layout.scss       |   2 +-
 .../app/components/app-view/skin.scss         |   2 +-
 .../consul-ui/app/components/app/index.hbs    |   2 +-
 .../consul-ui/app/components/app/index.js     |   2 +-
 .../consul-ui/app/components/app/index.scss   |   2 +-
 .../app/components/app/notification/index.hbs |   2 +-
 .../app/components/aria-menu/index.hbs        |   2 +-
 .../app/components/aria-menu/index.js         |   2 +-
 .../components/auth-dialog/chart.xstate.js    |   2 +-
 .../app/components/auth-dialog/index.hbs      |   2 +-
 .../app/components/auth-dialog/index.js       |   2 +-
 .../app/components/auth-form/chart.xstate.js  |   2 +-
 .../app/components/auth-form/index.hbs        |   2 +-
 .../app/components/auth-form/index.js         |   2 +-
 .../app/components/auth-form/index.scss       |   2 +-
 .../app/components/auth-form/layout.scss      |   2 +-
 .../app/components/auth-form/pageobject.js    |   2 +-
 .../app/components/auth-form/skin.scss        |   2 +-
 .../app/components/auth-form/tabs.xstate.js   |   2 +-
 .../app/components/auth-modal/index.scss      |   2 +-
 .../app/components/auth-modal/layout.scss     |   2 +-
 .../app/components/auth-modal/skin.scss       |   2 +-
 .../app/components/auth-profile/index.hbs     |   2 +-
 .../app/components/auth-profile/index.scss    |   2 +-
 .../consul-ui/app/components/badge/debug.scss |   2 +-
 .../consul-ui/app/components/badge/index.scss |   2 +-
 .../app/components/brand-loader/index.scss    |   2 +-
 .../app/components/brand-loader/layout.scss   |   2 +-
 .../app/components/brand-loader/skin.scss     |   2 +-
 .../app/components/breadcrumbs/index.scss     |   2 +-
 .../app/components/breadcrumbs/layout.scss    |   2 +-
 .../app/components/breadcrumbs/skin.scss      |   2 +-
 .../app/components/buttons/index.scss         |   2 +-
 .../app/components/buttons/layout.scss        |   2 +-
 .../app/components/buttons/skin.scss          |   2 +-
 .../consul-ui/app/components/card/index.scss  |   2 +-
 .../consul-ui/app/components/card/layout.scss |   2 +-
 .../consul-ui/app/components/card/skin.scss   |   2 +-
 .../app/components/checkbox-group/index.scss  |   2 +-
 .../app/components/checkbox-group/layout.scss |   2 +-
 .../app/components/checkbox-group/skin.scss   |   2 +-
 .../app/components/child-selector/index.hbs   |   2 +-
 .../app/components/child-selector/index.js    |   2 +-
 .../app/components/code-editor/index.hbs      |   2 +-
 .../app/components/code-editor/index.js       |   2 +-
 .../app/components/code-editor/index.scss     |   2 +-
 .../app/components/code-editor/layout.scss    |   2 +-
 .../app/components/code-editor/skin.scss      |   2 +-
 .../app/components/composite-row/index.scss   |   2 +-
 .../app/components/composite-row/layout.scss  |   2 +-
 .../components/confirmation-alert/index.hbs   |   2 +-
 .../components/confirmation-alert/index.js    |   2 +-
 .../components/confirmation-dialog/index.hbs  |   2 +-
 .../components/confirmation-dialog/index.js   |   2 +-
 .../components/confirmation-dialog/index.scss |   2 +-
 .../confirmation-dialog/layout.scss           |   2 +-
 .../components/confirmation-dialog/skin.scss  |   2 +-
 .../components/consul/acl/disabled/index.hbs  |   2 +-
 .../consul/auth-method/binding-list/index.hbs |   2 +-
 .../components/consul/auth-method/index.scss  |   2 +-
 .../consul/auth-method/list/index.hbs         |   2 +-
 .../consul/auth-method/list/pageobject.js     |   2 +-
 .../consul/auth-method/nspace-list/index.hbs  |   2 +-
 .../consul/auth-method/search-bar/index.hbs   |   2 +-
 .../consul/auth-method/type/index.hbs         |   2 +-
 .../consul/auth-method/view/index.hbs         |   2 +-
 .../components/consul/bucket/list/index.hbs   |   2 +-
 .../components/consul/bucket/list/index.js    |   2 +-
 .../components/consul/bucket/list/index.scss  |   2 +-
 .../consul/datacenter/selector/index.hbs      |   2 +-
 .../consul/discovery-chain/index.hbs          |   2 +-
 .../consul/discovery-chain/index.js           |   2 +-
 .../consul/discovery-chain/index.scss         |   2 +-
 .../consul/discovery-chain/layout.scss        |   2 +-
 .../discovery-chain/resolver-card/index.hbs   |   2 +-
 .../discovery-chain/route-card/index.hbs      |   2 +-
 .../discovery-chain/route-card/index.js       |   2 +-
 .../consul/discovery-chain/skin.scss          |   2 +-
 .../discovery-chain/splitter-card/index.hbs   |   2 +-
 .../consul/discovery-chain/utils.js           |   2 +-
 .../consul/exposed-path/list/index.hbs        |   2 +-
 .../consul/exposed-path/list/index.scss       |   2 +-
 .../consul/external-source/index.hbs          |   2 +-
 .../consul/external-source/index.scss         |   2 +-
 .../consul/health-check/list/index.hbs        |   2 +-
 .../consul/health-check/list/index.scss       |   2 +-
 .../consul/health-check/list/layout.scss      |   2 +-
 .../consul/health-check/list/pageobject.js    |   2 +-
 .../consul/health-check/list/skin.scss        |   2 +-
 .../consul/health-check/search-bar/index.hbs  |   2 +-
 .../consul/instance-checks/index.hbs          |   2 +-
 .../consul/instance-checks/index.scss         |   2 +-
 .../consul/intention/components.scss          |   2 +-
 .../consul/intention/form/fieldsets/index.hbs |   2 +-
 .../consul/intention/form/fieldsets/index.js  |   2 +-
 .../intention/form/fieldsets/index.scss       |   2 +-
 .../intention/form/fieldsets/layout.scss      |   2 +-
 .../consul/intention/form/fieldsets/skin.scss |   2 +-
 .../consul/intention/form/index.hbs           |   2 +-
 .../components/consul/intention/form/index.js |   2 +-
 .../consul/intention/form/index.scss          |   2 +-
 .../components/consul/intention/index.scss    |   2 +-
 .../consul/intention/list/check/index.hbs     |   2 +-
 .../consul/intention/list/components.scss     |   2 +-
 .../consul/intention/list/index.hbs           |   2 +-
 .../components/consul/intention/list/index.js |   2 +-
 .../consul/intention/list/index.scss          |   2 +-
 .../consul/intention/list/layout.scss         |   2 +-
 .../consul/intention/list/pageobject.js       |   2 +-
 .../consul/intention/list/skin.scss           |   2 +-
 .../consul/intention/list/table/index.hbs     |   2 +-
 .../consul/intention/list/table/index.scss    |   2 +-
 .../notice/custom-resource/index.hbs          |   2 +-
 .../intention/notice/permissions/index.hbs    |   2 +-
 .../consul/intention/notifications/index.hbs  |   2 +-
 .../intention/permission/form/index.hbs       |   2 +-
 .../consul/intention/permission/form/index.js |   2 +-
 .../intention/permission/form/index.scss      |   2 +-
 .../intention/permission/form/layout.scss     |   2 +-
 .../intention/permission/form/pageobject.js   |   2 +-
 .../intention/permission/form/skin.scss       |   2 +-
 .../permission/header/form/index.hbs          |   2 +-
 .../intention/permission/header/form/index.js |   2 +-
 .../permission/header/form/pageobject.js      |   2 +-
 .../permission/header/list/index.hbs          |   2 +-
 .../intention/permission/header/list/index.js |   2 +-
 .../permission/header/list/index.scss         |   2 +-
 .../permission/header/list/layout.scss        |   2 +-
 .../permission/header/list/pageobject.js      |   2 +-
 .../permission/header/list/skin.scss          |   2 +-
 .../intention/permission/list/index.hbs       |   2 +-
 .../consul/intention/permission/list/index.js |   2 +-
 .../intention/permission/list/index.scss      |   2 +-
 .../intention/permission/list/layout.scss     |   2 +-
 .../intention/permission/list/pageobject.js   |   2 +-
 .../intention/permission/list/skin.scss       |   2 +-
 .../consul/intention/search-bar/index.hbs     |   2 +-
 .../consul/intention/search-bar/index.scss    |   2 +-
 .../consul/intention/view/index.hbs           |   2 +-
 .../components/consul/intention/view/index.js |   2 +-
 .../app/components/consul/kind/index.hbs      |   2 +-
 .../app/components/consul/kind/index.js       |   2 +-
 .../app/components/consul/kind/index.scss     |   2 +-
 .../app/components/consul/kv/form/index.hbs   |   2 +-
 .../app/components/consul/kv/form/index.js    |   2 +-
 .../app/components/consul/kv/list/index.hbs   |   2 +-
 .../components/consul/kv/list/pageobject.js   |   2 +-
 .../components/consul/kv/search-bar/index.hbs |   2 +-
 .../app/components/consul/loader/index.hbs    |   2 +-
 .../app/components/consul/loader/index.scss   |   2 +-
 .../app/components/consul/loader/layout.scss  |   2 +-
 .../app/components/consul/loader/skin.scss    |   2 +-
 .../components/consul/metadata/list/index.hbs |   2 +-
 .../components/consul/metadata/list/index.js  |   2 +-
 .../consul/node-identity/template/index.hbs   |   2 +-
 .../consul/node/agentless-notice/index.hbs    |   2 +-
 .../consul/node/agentless-notice/index.js     |   2 +-
 .../consul/node/agentless-notice/index.scss   |   2 +-
 .../app/components/consul/node/list/index.hbs |   2 +-
 .../consul/node/peer-info/index.hbs           |   2 +-
 .../consul/node/peer-info/index.scss          |   2 +-
 .../consul/node/search-bar/index.hbs          |   2 +-
 .../app/components/consul/peer/info/index.hbs |   2 +-
 .../components/consul/peer/info/index.scss    |   2 +-
 .../components/consul/peer/list/index.scss    |   2 +-
 .../components/consul/policy/list/index.hbs   |   2 +-
 .../consul/policy/list/pageobject.js          |   2 +-
 .../consul/policy/notifications/index.hbs     |   2 +-
 .../consul/policy/search-bar/index.hbs        |   2 +-
 .../consul/policy/search-bar/index.js         |   2 +-
 .../app/components/consul/role/list/index.hbs |   2 +-
 .../components/consul/role/list/pageobject.js |   2 +-
 .../consul/role/notifications/index.hbs       |   2 +-
 .../consul/role/search-bar/index.hbs          |   2 +-
 .../components/consul/server/card/index.hbs   |   2 +-
 .../components/consul/server/card/index.scss  |   2 +-
 .../components/consul/server/card/layout.scss |   2 +-
 .../components/consul/server/card/skin.scss   |   2 +-
 .../components/consul/server/list/index.hbs   |   2 +-
 .../components/consul/server/list/index.scss  |   2 +-
 .../service-identity/template/index.hbs       |   2 +-
 .../consul/service-instance/list/index.hbs    |   2 +-
 .../consul/service-instance/list/index.js     |   2 +-
 .../service-instance/search-bar/index.hbs     |   2 +-
 .../components/consul/service/list/index.hbs  |   2 +-
 .../consul/service/search-bar/index.hbs       |   2 +-
 .../consul/service/search-bar/index.js        |   2 +-
 .../app/components/consul/source/index.hbs    |   2 +-
 .../app/components/consul/source/index.scss   |   2 +-
 .../consul/sources-select/index.hbs           |   2 +-
 .../components/consul/token/list/index.hbs    |   2 +-
 .../consul/token/list/pageobject.js           |   2 +-
 .../consul/token/notifications/index.hbs      |   2 +-
 .../consul/token/ruleset/list/index.hbs       |   2 +-
 .../consul/token/ruleset/list/index.js        |   2 +-
 .../consul/token/search-bar/index.hbs         |   2 +-
 .../consul/tomography/graph/index.hbs         |   2 +-
 .../consul/tomography/graph/index.js          |   2 +-
 .../consul/tomography/graph/index.scss        |   2 +-
 .../consul/transparent-proxy/index.hbs        |   2 +-
 .../consul/upstream-instance/list/index.hbs   |   2 +-
 .../consul/upstream-instance/list/index.scss  |   2 +-
 .../upstream-instance/list/pageobject.js      |   2 +-
 .../upstream-instance/search-bar/index.hbs    |   2 +-
 .../components/consul/upstream/list/index.hbs |   2 +-
 .../consul/upstream/list/index.scss           |   2 +-
 .../consul/upstream/search-bar/index.hbs      |   2 +-
 .../components/copy-button/chart.xstate.js    |   2 +-
 .../app/components/copy-button/index.hbs      |   2 +-
 .../app/components/copy-button/index.js       |   2 +-
 .../app/components/copy-button/index.scss     |   2 +-
 .../app/components/copy-button/layout.scss    |   2 +-
 .../app/components/copy-button/skin.scss      |   2 +-
 .../app/components/copyable-code/index.hbs    |   2 +-
 .../app/components/copyable-code/index.scss   |   2 +-
 .../app/components/csv-list/debug.scss        |   2 +-
 .../app/components/csv-list/index.scss        |   2 +-
 .../app/components/data-collection/index.hbs  |   2 +-
 .../app/components/data-collection/index.js   |   2 +-
 .../app/components/data-form/index.hbs        |   2 +-
 .../app/components/data-form/index.js         |   2 +-
 .../components/data-loader/chart.xstate.js    |   2 +-
 .../app/components/data-loader/index.hbs      |   2 +-
 .../app/components/data-loader/index.js       |   2 +-
 .../app/components/data-sink/index.hbs        |   2 +-
 .../app/components/data-sink/index.js         |   2 +-
 .../app/components/data-source/index.hbs      |   2 +-
 .../app/components/data-source/index.js       |   2 +-
 .../components/data-writer/chart.xstate.js    |   2 +-
 .../app/components/data-writer/index.hbs      |   2 +-
 .../app/components/data-writer/index.js       |   2 +-
 .../app/components/debug/navigation/index.hbs |   2 +-
 .../components/definition-table/debug.scss    |   2 +-
 .../components/definition-table/index.scss    |   2 +-
 .../components/definition-table/layout.scss   |   2 +-
 .../app/components/definition-table/skin.scss |   2 +-
 .../components/delete-confirmation/index.hbs  |   2 +-
 .../components/delete-confirmation/index.js   |   2 +-
 .../disclosure-menu/action/index.hbs          |   2 +-
 .../app/components/disclosure-menu/index.hbs  |   2 +-
 .../app/components/disclosure-menu/index.scss |   2 +-
 .../components/disclosure-menu/menu/index.hbs |   2 +-
 .../components/disclosure/action/index.hbs    |   2 +-
 .../components/disclosure/details/index.hbs   |   2 +-
 .../app/components/disclosure/index.hbs       |   2 +-
 .../app/components/disclosure/index.js        |   2 +-
 .../app/components/display-toggle/index.scss  |   2 +-
 .../app/components/display-toggle/layout.scss |   2 +-
 .../app/components/display-toggle/skin.scss   |   2 +-
 .../components/dom-recycling-table/index.scss |   2 +-
 .../dom-recycling-table/layout.scss           |   2 +-
 .../app/components/empty-state/index.hbs      |   2 +-
 .../app/components/empty-state/index.js       |   2 +-
 .../app/components/empty-state/index.scss     |   2 +-
 .../app/components/empty-state/layout.scss    |   2 +-
 .../app/components/empty-state/pageobject.js  |   2 +-
 .../app/components/empty-state/skin.scss      |   2 +-
 .../app/components/error-state/index.hbs      |   2 +-
 .../app/components/event-source/index.hbs     |   2 +-
 .../app/components/event-source/index.js      |   2 +-
 .../expanded-single-select/index.scss         |   2 +-
 .../expanded-single-select/layout.scss        |   2 +-
 .../expanded-single-select/skin.scss          |   2 +-
 .../app/components/filter-bar/index.scss      |   2 +-
 .../app/components/filter-bar/layout.scss     |   2 +-
 .../app/components/filter-bar/skin.scss       |   2 +-
 .../app/components/form-component/index.hbs   |   2 +-
 .../app/components/form-component/index.js    |   2 +-
 .../app/components/form-elements/index.scss   |   2 +-
 .../app/components/form-elements/layout.scss  |   2 +-
 .../app/components/form-elements/skin.scss    |   2 +-
 .../form-group/element/checkbox/index.hbs     |   2 +-
 .../form-group/element/error/index.hbs        |   2 +-
 .../components/form-group/element/index.hbs   |   2 +-
 .../components/form-group/element/index.js    |   2 +-
 .../form-group/element/label/index.hbs        |   2 +-
 .../form-group/element/radio/index.hbs        |   2 +-
 .../form-group/element/text/index.hbs         |   2 +-
 .../app/components/form-group/index.hbs       |   2 +-
 .../app/components/form-group/index.js        |   2 +-
 .../app/components/form-input/index.hbs       |   2 +-
 .../app/components/freetext-filter/index.hbs  |   2 +-
 .../app/components/freetext-filter/index.js   |   2 +-
 .../app/components/freetext-filter/index.scss |   2 +-
 .../components/freetext-filter/layout.scss    |   2 +-
 .../components/freetext-filter/pageobject.js  |   2 +-
 .../app/components/freetext-filter/skin.scss  |   2 +-
 .../app/components/hashicorp-consul/index.hbs |   2 +-
 .../app/components/hashicorp-consul/index.js  |   2 +-
 .../components/hashicorp-consul/index.scss    |   2 +-
 .../components/horizontal-kv-list/debug.scss  |   2 +-
 .../components/horizontal-kv-list/index.scss  |   2 +-
 .../components/horizontal-kv-list/layout.scss |   2 +-
 .../components/horizontal-kv-list/skin.scss   |   2 +-
 .../app/components/icon-definition/debug.scss |   2 +-
 .../app/components/icon-definition/index.scss |   2 +-
 .../app/components/informed-action/index.hbs  |   2 +-
 .../app/components/informed-action/index.scss |   2 +-
 .../components/informed-action/layout.scss    |   2 +-
 .../app/components/informed-action/skin.scss  |   2 +-
 .../app/components/inline-alert/debug.scss    |   2 +-
 .../app/components/inline-alert/index.scss    |   2 +-
 .../app/components/inline-alert/layout.scss   |   2 +-
 .../app/components/inline-alert/skin.scss     |   2 +-
 .../app/components/inline-code/index.scss     |   2 +-
 .../app/components/inline-code/layout.scss    |   2 +-
 .../app/components/inline-code/skin.scss      |   2 +-
 .../app/components/jwt-source/index.js        |   2 +-
 .../app/components/list-collection/index.hbs  |   2 +-
 .../app/components/list-collection/index.js   |   2 +-
 .../app/components/list-collection/index.scss |   2 +-
 .../components/list-collection/layout.scss    |   2 +-
 .../app/components/list-collection/skin.scss  |   2 +-
 .../app/components/list-row/index.scss        |   2 +-
 .../app/components/list-row/layout.scss       |   2 +-
 .../app/components/list-row/skin.scss         |   2 +-
 .../main-header-horizontal/index.scss         |   2 +-
 .../main-header-horizontal/layout.scss        |   2 +-
 .../main-header-horizontal/skin.scss          |   2 +-
 .../components/main-nav-horizontal/index.scss |   2 +-
 .../main-nav-horizontal/layout.scss           |   2 +-
 .../components/main-nav-horizontal/skin.scss  |   2 +-
 .../components/main-nav-vertical/debug.scss   |   2 +-
 .../components/main-nav-vertical/index.scss   |   2 +-
 .../components/main-nav-vertical/layout.scss  |   2 +-
 .../components/main-nav-vertical/skin.scss    |   2 +-
 .../app/components/menu-panel/deprecated.scss |   2 +-
 .../app/components/menu-panel/index.hbs       |   2 +-
 .../app/components/menu-panel/index.js        |   2 +-
 .../app/components/menu-panel/index.scss      |   2 +-
 .../app/components/menu-panel/layout.scss     |   2 +-
 .../app/components/menu-panel/skin.scss       |   2 +-
 .../app/components/menu/action/index.hbs      |   2 +-
 .../consul-ui/app/components/menu/index.hbs   |   2 +-
 .../app/components/menu/item/index.hbs        |   2 +-
 .../app/components/menu/separator/index.hbs   |   2 +-
 .../app/components/modal-dialog/index.hbs     |   2 +-
 .../app/components/modal-dialog/index.js      |   2 +-
 .../app/components/modal-dialog/index.scss    |   2 +-
 .../app/components/modal-dialog/layout.scss   |   2 +-
 .../app/components/modal-dialog/skin.scss     |   2 +-
 .../app/components/modal-layer/index.hbs      |   2 +-
 .../components/more-popover-menu/index.hbs    |   2 +-
 .../app/components/more-popover-menu/index.js |   2 +-
 .../components/more-popover-menu/index.scss   |   2 +-
 .../more-popover-menu/pageobject.js           |   2 +-
 .../components/oidc-select/chart.xstate.js    |   2 +-
 .../app/components/oidc-select/index.hbs      |   2 +-
 .../app/components/oidc-select/index.js       |   2 +-
 .../app/components/oidc-select/index.scss     |   2 +-
 .../app/components/oidc-select/layout.scss    |   2 +-
 .../app/components/oidc-select/skin.scss      |   2 +-
 .../app/components/option-input/index.hbs     |   2 +-
 .../consul-ui/app/components/outlet/index.hbs |   2 +-
 .../consul-ui/app/components/outlet/index.js  |   2 +-
 .../app/components/overlay/index.scss         |   2 +-
 .../app/components/overlay/none.scss          |   2 +-
 .../app/components/overlay/square-tail.scss   |   2 +-
 .../app/components/paged-collection/index.hbs |   2 +-
 .../app/components/paged-collection/index.js  |   2 +-
 .../components/paged-collection/index.scss    |   2 +-
 .../consul-ui/app/components/panel/debug.scss |   2 +-
 .../app/components/panel/index.css.js         |   2 +-
 .../consul-ui/app/components/panel/index.scss |   2 +-
 .../app/components/panel/layout.scss          |   2 +-
 .../consul-ui/app/components/panel/skin.scss  |   2 +-
 .../components/peerings/badge/icon/index.hbs  |   2 +-
 .../app/components/peerings/badge/index.hbs   |   2 +-
 .../app/components/peerings/badge/index.js    |   2 +-
 .../app/components/peerings/badge/index.scss  |   2 +-
 .../components/peerings/provider/index.hbs    |   2 +-
 .../app/components/peerings/provider/index.js |   2 +-
 .../consul-ui/app/components/pill/index.scss  |   2 +-
 .../consul-ui/app/components/pill/layout.scss |   2 +-
 .../consul-ui/app/components/pill/skin.scss   |   2 +-
 .../app/components/policy-form/index.hbs      |   2 +-
 .../app/components/policy-form/index.js       |   2 +-
 .../app/components/policy-form/pageobject.js  |   2 +-
 .../app/components/policy-selector/index.hbs  |   2 +-
 .../app/components/policy-selector/index.js   |   2 +-
 .../components/policy-selector/pageobject.js  |   2 +-
 .../app/components/popover-menu/index.hbs     |   2 +-
 .../app/components/popover-menu/index.js      |   2 +-
 .../app/components/popover-menu/index.scss    |   2 +-
 .../app/components/popover-menu/layout.scss   |   2 +-
 .../popover-menu/menu-item/index.hbs          |   2 +-
 .../popover-menu/menu-item/index.js           |   2 +-
 .../popover-menu/menu-separator/index.hbs     |   2 +-
 .../popover-menu/menu-separator/index.js      |   2 +-
 .../app/components/popover-menu/skin.scss     |   2 +-
 .../app/components/popover-select/index.hbs   |   2 +-
 .../app/components/popover-select/index.js    |   2 +-
 .../app/components/popover-select/index.scss  |   2 +-
 .../popover-select/optgroup/index.hbs         |   2 +-
 .../popover-select/option/index.hbs           |   2 +-
 .../components/popover-select/option/index.js |   2 +-
 .../components/popover-select/pageobject.js   |   2 +-
 .../app/components/power-select/pageobject.js |   2 +-
 .../app/components/progress/index.hbs         |   2 +-
 .../app/components/progress/index.scss        |   2 +-
 .../app/components/progress/layout.scss       |   2 +-
 .../app/components/progress/skin.scss         |   2 +-
 .../components/providers/dimension/index.hbs  |   2 +-
 .../components/providers/dimension/index.js   |   2 +-
 .../app/components/providers/search/index.hbs |   2 +-
 .../app/components/providers/search/index.js  |   2 +-
 .../app/components/radio-card/index.hbs       |   2 +-
 .../app/components/radio-card/index.js        |   2 +-
 .../app/components/radio-card/index.scss      |   2 +-
 .../app/components/radio-card/layout.scss     |   2 +-
 .../app/components/radio-card/skin.scss       |   2 +-
 .../app/components/radio-group/index.hbs      |   2 +-
 .../app/components/radio-group/index.js       |   2 +-
 .../app/components/radio-group/index.scss     |   2 +-
 .../app/components/radio-group/layout.scss    |   2 +-
 .../app/components/radio-group/pageobject.js  |   2 +-
 .../app/components/radio-group/skin.scss      |   2 +-
 .../consul-ui/app/components/ref/index.js     |   2 +-
 .../app/components/role-form/index.hbs        |   2 +-
 .../app/components/role-form/index.js         |   2 +-
 .../app/components/role-form/pageobject.js    |   2 +-
 .../app/components/role-selector/index.hbs    |   2 +-
 .../app/components/role-selector/index.js     |   2 +-
 .../app/components/role-selector/index.scss   |   2 +-
 .../components/role-selector/pageobject.js    |   2 +-
 .../app/components/route/announcer/index.hbs  |   2 +-
 .../consul-ui/app/components/route/index.hbs  |   2 +-
 .../consul-ui/app/components/route/index.js   |   2 +-
 .../app/components/route/title/index.hbs      |   2 +-
 .../app/components/route/title/index.scss     |   2 +-
 .../app/components/search-bar/index.hbs       |   2 +-
 .../app/components/search-bar/index.js        |   2 +-
 .../app/components/search-bar/index.scss      |   2 +-
 .../search-bar/remove-filter/index.hbs        |   2 +-
 .../app/components/search-bar/utils.js        |   2 +-
 .../app/components/skip-links/index.scss      |   2 +-
 .../app/components/skip-links/layout.scss     |   2 +-
 .../app/components/skip-links/skin.scss       |   2 +-
 .../app/components/sliding-toggle/index.scss  |   2 +-
 .../app/components/sliding-toggle/layout.scss |   2 +-
 .../app/components/sliding-toggle/skin.scss   |   2 +-
 .../components/state-chart/action/index.hbs   |   2 +-
 .../components/state-chart/action/index.js    |   2 +-
 .../components/state-chart/guard/index.hbs    |   2 +-
 .../app/components/state-chart/guard/index.js |   2 +-
 .../app/components/state-chart/index.hbs      |   2 +-
 .../app/components/state-chart/index.js       |   2 +-
 .../app/components/state-machine/index.hbs    |   2 +-
 .../app/components/state-machine/index.js     |   2 +-
 .../consul-ui/app/components/state/index.hbs  |   2 +-
 .../consul-ui/app/components/state/index.js   |   2 +-
 .../app/components/tab-nav/index.hbs          |   2 +-
 .../consul-ui/app/components/tab-nav/index.js |   2 +-
 .../app/components/tab-nav/index.scss         |   2 +-
 .../app/components/tab-nav/layout.scss        |   2 +-
 .../app/components/tab-nav/pageobject.js      |   2 +-
 .../app/components/tab-nav/skin.scss          |   2 +-
 .../consul-ui/app/components/table/index.scss |   2 +-
 .../app/components/table/layout.scss          |   2 +-
 .../consul-ui/app/components/table/skin.scss  |   2 +-
 .../components/tabular-collection/index.hbs   |   2 +-
 .../components/tabular-collection/index.js    |   2 +-
 .../components/tabular-collection/index.scss  |   2 +-
 .../app/components/tabular-details/index.hbs  |   2 +-
 .../app/components/tabular-details/index.js   |   2 +-
 .../app/components/tabular-details/index.scss |   2 +-
 .../components/tabular-details/layout.scss    |   2 +-
 .../app/components/tabular-details/skin.scss  |   2 +-
 .../app/components/tabular-dl/index.scss      |   2 +-
 .../app/components/tabular-dl/layout.scss     |   2 +-
 .../app/components/tabular-dl/skin.scss       |   2 +-
 .../app/components/tag-list/index.hbs         |   2 +-
 .../app/components/tag-list/index.scss        |   2 +-
 .../app/components/text-input/index.hbs       |   2 +-
 .../consul-ui/app/components/tile/debug.scss  |   2 +-
 .../consul-ui/app/components/tile/index.scss  |   2 +-
 .../app/components/toggle-button/index.hbs    |   2 +-
 .../app/components/toggle-button/index.js     |   2 +-
 .../app/components/toggle-button/index.scss   |   2 +-
 .../app/components/toggle-button/layout.scss  |   2 +-
 .../app/components/toggle-button/skin.scss    |   2 +-
 .../app/components/token-list/index.hbs       |   2 +-
 .../app/components/token-list/index.js        |   2 +-
 .../app/components/token-list/pageobject.js   |   2 +-
 .../components/token-source/chart.xstate.js   |   2 +-
 .../app/components/token-source/index.hbs     |   2 +-
 .../app/components/token-source/index.js      |   2 +-
 .../app/components/tooltip-panel/index.scss   |   2 +-
 .../app/components/tooltip-panel/layout.scss  |   2 +-
 .../app/components/tooltip-panel/skin.scss    |   2 +-
 .../app/components/tooltip/index.hbs          |   2 +-
 .../app/components/tooltip/index.scss         |   2 +-
 .../topology-metrics/card/index.hbs           |   2 +-
 .../components/topology-metrics/card/index.js |   2 +-
 .../topology-metrics/card/index.scss          |   2 +-
 .../topology-metrics/down-lines/index.hbs     |   2 +-
 .../topology-metrics/down-lines/index.js      |   2 +-
 .../app/components/topology-metrics/index.hbs |   2 +-
 .../app/components/topology-metrics/index.js  |   2 +-
 .../components/topology-metrics/index.scss    |   2 +-
 .../components/topology-metrics/layout.scss   |   2 +-
 .../topology-metrics/notifications/index.hbs  |   2 +-
 .../topology-metrics/popover/index.hbs        |   2 +-
 .../topology-metrics/popover/index.js         |   2 +-
 .../topology-metrics/popover/index.scss       |   2 +-
 .../topology-metrics/series/index.hbs         |   2 +-
 .../topology-metrics/series/index.js          |   2 +-
 .../topology-metrics/series/index.scss        |   2 +-
 .../topology-metrics/series/layout.scss       |   2 +-
 .../topology-metrics/series/skin.scss         |   2 +-
 .../app/components/topology-metrics/skin.scss |   2 +-
 .../topology-metrics/source-type/index.hbs    |   2 +-
 .../topology-metrics/source-type/index.scss   |   2 +-
 .../topology-metrics/stats/index.hbs          |   2 +-
 .../topology-metrics/stats/index.js           |   2 +-
 .../topology-metrics/stats/index.scss         |   2 +-
 .../topology-metrics/status/index.hbs         |   2 +-
 .../topology-metrics/status/index.scss        |   2 +-
 .../topology-metrics/up-lines/index.hbs       |   2 +-
 .../topology-metrics/up-lines/index.js        |   2 +-
 .../app/components/watcher/index.hbs          |   2 +-
 .../consul-ui/app/components/watcher/index.js |   2 +-
 .../consul-ui/app/components/yield/index.hbs  |   2 +-
 .../app/controllers/_peered-resource.js       |   2 +-
 .../consul-ui/app/controllers/application.js  |   2 +-
 .../controllers/dc/acls/policies/create.js    |   2 +-
 .../app/controllers/dc/acls/policies/edit.js  |   2 +-
 .../app/controllers/dc/acls/roles/create.js   |   2 +-
 .../app/controllers/dc/acls/roles/edit.js     |   2 +-
 .../app/controllers/dc/acls/tokens/create.js  |   2 +-
 .../app/controllers/dc/acls/tokens/edit.js    |   2 +-
 .../app/controllers/dc/nodes/index.js         |   2 +-
 .../app/controllers/dc/services/index.js      |   2 +-
 .../dc/services/instance/healthchecks.js      |   2 +-
 .../consul-ui/app/decorators/data-source.js   |   2 +-
 .../consul-ui/app/decorators/replace.js       |   2 +-
 ui/packages/consul-ui/app/env.js              |   2 +-
 .../app/filter/predicates/auth-method.js      |   2 +-
 .../app/filter/predicates/health-check.js     |   2 +-
 .../app/filter/predicates/intention.js        |   2 +-
 .../consul-ui/app/filter/predicates/kv.js     |   2 +-
 .../consul-ui/app/filter/predicates/node.js   |   2 +-
 .../consul-ui/app/filter/predicates/peer.js   |   2 +-
 .../consul-ui/app/filter/predicates/policy.js |   2 +-
 .../app/filter/predicates/service-instance.js |   2 +-
 .../app/filter/predicates/service.js          |   2 +-
 .../consul-ui/app/filter/predicates/token.js  |   2 +-
 ui/packages/consul-ui/app/formats.js          |   2 +-
 ui/packages/consul-ui/app/forms/intention.js  |   2 +-
 ui/packages/consul-ui/app/forms/kv.js         |   2 +-
 ui/packages/consul-ui/app/forms/policy.js     |   2 +-
 ui/packages/consul-ui/app/forms/role.js       |   2 +-
 ui/packages/consul-ui/app/forms/token.js      |   2 +-
 .../consul-ui/app/helpers/adopt-styles.js     |   2 +-
 ui/packages/consul-ui/app/helpers/atob.js     |   2 +-
 .../consul-ui/app/helpers/cached-model.js     |   2 +-
 .../consul-ui/app/helpers/class-map.js        |   2 +-
 .../consul-ui/app/helpers/collection.js       |   2 +-
 ui/packages/consul-ui/app/helpers/css-map.js  |   2 +-
 ui/packages/consul-ui/app/helpers/css.js      |   2 +-
 .../consul-ui/app/helpers/document-attrs.js   |   2 +-
 .../consul-ui/app/helpers/dom-position.js     |   2 +-
 .../consul-ui/app/helpers/duration-from.js    |   2 +-
 ui/packages/consul-ui/app/helpers/env.js      |   2 +-
 .../consul-ui/app/helpers/flatten-property.js |   2 +-
 .../app/helpers/format-short-time.js          |   2 +-
 ui/packages/consul-ui/app/helpers/href-to.js  |   2 +-
 .../consul-ui/app/helpers/icon-mapping.js     |   2 +-
 .../consul-ui/app/helpers/icons-debug.js      |   2 +-
 ui/packages/consul-ui/app/helpers/is-href.js  |   2 +-
 ui/packages/consul-ui/app/helpers/is.js       |   2 +-
 .../consul-ui/app/helpers/json-stringify.js   |   2 +-
 ui/packages/consul-ui/app/helpers/last.js     |   2 +-
 .../consul-ui/app/helpers/left-trim.js        |   2 +-
 .../consul-ui/app/helpers/merge-checks.js     |   2 +-
 .../consul-ui/app/helpers/percentage-of.js    |   2 +-
 .../app/helpers/policy/datacenters.js         |   2 +-
 .../consul-ui/app/helpers/policy/group.js     |   2 +-
 .../consul-ui/app/helpers/policy/typeof.js    |   2 +-
 .../consul-ui/app/helpers/refresh-route.js    |   2 +-
 .../consul-ui/app/helpers/render-template.js  |   2 +-
 ui/packages/consul-ui/app/helpers/require.js  |   2 +-
 .../consul-ui/app/helpers/right-trim.js       |   2 +-
 .../consul-ui/app/helpers/route-match.js      |   2 +-
 .../app/helpers/service/card-permissions.js   |   2 +-
 .../app/helpers/service/external-source.js    |   2 +-
 .../app/helpers/service/health-percentage.js  |   2 +-
 ui/packages/consul-ui/app/helpers/slugify.js  |   2 +-
 .../app/helpers/smart-date-format.js          |   2 +-
 ui/packages/consul-ui/app/helpers/split.js    |   2 +-
 .../consul-ui/app/helpers/state-chart.js      |   2 +-
 .../consul-ui/app/helpers/state-matches.js    |   2 +-
 .../consul-ui/app/helpers/style-map.js        |   2 +-
 ui/packages/consul-ui/app/helpers/substr.js   |   2 +-
 .../consul-ui/app/helpers/svg-curve.js        |   2 +-
 .../consul-ui/app/helpers/temporal-format.js  |   2 +-
 .../consul-ui/app/helpers/temporal-within.js  |   2 +-
 ui/packages/consul-ui/app/helpers/test.js     |   2 +-
 ui/packages/consul-ui/app/helpers/to-hash.js  |   2 +-
 ui/packages/consul-ui/app/helpers/to-route.js |   2 +-
 .../app/helpers/token/is-anonymous.js         |   2 +-
 .../consul-ui/app/helpers/token/is-legacy.js  |   2 +-
 ui/packages/consul-ui/app/helpers/tween-to.js |   2 +-
 ui/packages/consul-ui/app/helpers/uniq-by.js  |   2 +-
 .../consul-ui/app/helpers/unique-id.js        |   2 +-
 ui/packages/consul-ui/app/helpers/uri.js      |   2 +-
 ui/packages/consul-ui/app/index.html          |   2 +-
 .../app/instance-initializers/container.js    |   2 +-
 .../app/instance-initializers/href-to.js      |   2 +-
 .../instance-initializers/ivy-codemirror.js   |   2 +-
 .../app/instance-initializers/selection.js    |   2 +-
 .../app/locations/fsm-with-optional-test.js   |   2 +-
 .../app/locations/fsm-with-optional.js        |   2 +-
 ui/packages/consul-ui/app/locations/fsm.js    |   2 +-
 .../consul-ui/app/machines/boolean.xstate.js  |   2 +-
 .../consul-ui/app/machines/validate.xstate.js |   2 +-
 .../consul-ui/app/mixins/policy/as-many.js    |   2 +-
 .../consul-ui/app/mixins/role/as-many.js      |   2 +-
 .../app/mixins/with-blocking-actions.js       |   2 +-
 .../consul-ui/app/models/auth-method.js       |   2 +-
 .../consul-ui/app/models/binding-rule.js      |   2 +-
 .../consul-ui/app/models/coordinate.js        |   2 +-
 ui/packages/consul-ui/app/models/dc.js        |   2 +-
 .../consul-ui/app/models/discovery-chain.js   |   2 +-
 .../consul-ui/app/models/gateway-config.js    |   2 +-
 .../consul-ui/app/models/health-check.js      |   2 +-
 .../intention-permission-http-header.js       |   2 +-
 .../app/models/intention-permission-http.js   |   2 +-
 .../app/models/intention-permission.js        |   2 +-
 ui/packages/consul-ui/app/models/intention.js |   2 +-
 ui/packages/consul-ui/app/models/kv.js        |   2 +-
 ui/packages/consul-ui/app/models/license.js   |   2 +-
 ui/packages/consul-ui/app/models/node.js      |   2 +-
 ui/packages/consul-ui/app/models/nspace.js    |   2 +-
 .../consul-ui/app/models/oidc-provider.js     |   2 +-
 ui/packages/consul-ui/app/models/partition.js |   2 +-
 ui/packages/consul-ui/app/models/peer.js      |   2 +-
 .../consul-ui/app/models/permission.js        |   2 +-
 ui/packages/consul-ui/app/models/policy.js    |   2 +-
 ui/packages/consul-ui/app/models/proxy.js     |   2 +-
 ui/packages/consul-ui/app/models/role.js      |   2 +-
 .../consul-ui/app/models/service-instance.js  |   2 +-
 ui/packages/consul-ui/app/models/service.js   |   2 +-
 ui/packages/consul-ui/app/models/session.js   |   2 +-
 ui/packages/consul-ui/app/models/token.js     |   2 +-
 ui/packages/consul-ui/app/models/topology.js  |   2 +-
 .../consul-ui/app/modifiers/aria-menu.js      |   2 +-
 .../consul-ui/app/modifiers/css-prop.js       |   2 +-
 .../consul-ui/app/modifiers/css-props.js      |   2 +-
 .../consul-ui/app/modifiers/did-upsert.js     |   2 +-
 .../consul-ui/app/modifiers/disabled.js       |   2 +-
 .../consul-ui/app/modifiers/notification.js   |   2 +-
 .../consul-ui/app/modifiers/on-outside.js     |   2 +-
 ui/packages/consul-ui/app/modifiers/style.js  |   2 +-
 .../consul-ui/app/modifiers/tooltip.js        |   2 +-
 .../consul-ui/app/modifiers/validate.js       |   2 +-
 .../consul-ui/app/modifiers/with-copyable.js  |   2 +-
 .../consul-ui/app/modifiers/with-overlay.js   |   2 +-
 ui/packages/consul-ui/app/router.js           |   2 +-
 .../consul-ui/app/routes/application.js       |   2 +-
 ui/packages/consul-ui/app/routes/dc.js        |   2 +-
 .../app/routes/dc/acls/auth-methods/index.js  |   2 +-
 .../routes/dc/acls/auth-methods/show/index.js |   2 +-
 .../app/routes/dc/acls/policies/create.js     |   2 +-
 .../app/routes/dc/acls/policies/edit.js       |   2 +-
 .../app/routes/dc/acls/policies/index.js      |   2 +-
 .../app/routes/dc/acls/roles/create.js        |   2 +-
 .../app/routes/dc/acls/roles/edit.js          |   2 +-
 .../app/routes/dc/acls/roles/index.js         |   2 +-
 .../app/routes/dc/acls/tokens/create.js       |   2 +-
 .../app/routes/dc/acls/tokens/edit.js         |   2 +-
 .../app/routes/dc/acls/tokens/index.js        |   2 +-
 .../consul-ui/app/routes/dc/kv/folder.js      |   2 +-
 .../consul-ui/app/routes/dc/kv/index.js       |   2 +-
 .../app/routes/dc/services/notfound.js        |   2 +-
 .../app/routes/dc/services/show/topology.js   |   2 +-
 .../app/routing/application-debug.js          |   2 +-
 ui/packages/consul-ui/app/routing/route.js    |   2 +-
 ui/packages/consul-ui/app/routing/single.js   |   2 +-
 .../consul-ui/app/search/predicates/acl.js    |   2 +-
 .../app/search/predicates/auth-method.js      |   2 +-
 .../app/search/predicates/health-check.js     |   2 +-
 .../app/search/predicates/intention.js        |   2 +-
 .../consul-ui/app/search/predicates/kv.js     |   2 +-
 .../consul-ui/app/search/predicates/node.js   |   2 +-
 .../consul-ui/app/search/predicates/nspace.js |   2 +-
 .../consul-ui/app/search/predicates/peer.js   |   2 +-
 .../consul-ui/app/search/predicates/policy.js |   2 +-
 .../consul-ui/app/search/predicates/role.js   |   2 +-
 .../app/search/predicates/service-instance.js |   2 +-
 .../app/search/predicates/service.js          |   2 +-
 .../consul-ui/app/search/predicates/token.js  |   2 +-
 .../search/predicates/upstream-instance.js    |   2 +-
 .../consul-ui/app/serializers/application.js  |   2 +-
 .../consul-ui/app/serializers/auth-method.js  |   2 +-
 .../consul-ui/app/serializers/binding-rule.js |   2 +-
 .../consul-ui/app/serializers/coordinate.js   |   2 +-
 .../app/serializers/discovery-chain.js        |   2 +-
 ui/packages/consul-ui/app/serializers/http.js |   2 +-
 .../consul-ui/app/serializers/intention.js    |   2 +-
 ui/packages/consul-ui/app/serializers/kv.js   |   2 +-
 ui/packages/consul-ui/app/serializers/node.js |   2 +-
 .../consul-ui/app/serializers/nspace.js       |   2 +-
 .../app/serializers/oidc-provider.js          |   2 +-
 .../consul-ui/app/serializers/partition.js    |   2 +-
 .../consul-ui/app/serializers/permission.js   |   2 +-
 .../consul-ui/app/serializers/policy.js       |   2 +-
 .../consul-ui/app/serializers/proxy.js        |   2 +-
 ui/packages/consul-ui/app/serializers/role.js |   2 +-
 .../app/serializers/service-instance.js       |   2 +-
 .../consul-ui/app/serializers/service.js      |   2 +-
 .../consul-ui/app/serializers/session.js      |   2 +-
 .../consul-ui/app/serializers/token.js        |   2 +-
 .../consul-ui/app/serializers/topology.js     |   2 +-
 .../consul-ui/app/services/abilities.js       |   2 +-
 ui/packages/consul-ui/app/services/atob.js    |   2 +-
 .../oauth2-code-with-url-provider.js          |   2 +-
 ui/packages/consul-ui/app/services/btoa.js    |   2 +-
 ui/packages/consul-ui/app/services/change.js  |   2 +-
 .../app/services/client/connections.js        |   2 +-
 .../consul-ui/app/services/client/http.js     |   2 +-
 .../app/services/client/transports/xhr.js     |   2 +-
 .../app/services/clipboard/local-storage.js   |   2 +-
 .../consul-ui/app/services/clipboard/os.js    |   2 +-
 .../app/services/code-mirror/linter.js        |   2 +-
 .../consul-ui/app/services/container.js       |   2 +-
 .../app/services/data-sink/protocols/http.js  |   2 +-
 .../data-sink/protocols/local-storage.js      |   2 +-
 .../app/services/data-sink/service.js         |   2 +-
 .../services/data-source/protocols/http.js    |   2 +-
 .../data-source/protocols/http/blocking.js    |   2 +-
 .../data-source/protocols/http/promise.js     |   2 +-
 .../data-source/protocols/local-storage.js    |   2 +-
 .../app/services/data-source/service.js       |   2 +-
 .../consul-ui/app/services/data-structs.js    |   2 +-
 ui/packages/consul-ui/app/services/dom.js     |   2 +-
 ui/packages/consul-ui/app/services/encoder.js |   2 +-
 ui/packages/consul-ui/app/services/env.js     |   2 +-
 .../consul-ui/app/services/feedback.js        |   2 +-
 ui/packages/consul-ui/app/services/filter.js  |   2 +-
 ui/packages/consul-ui/app/services/form.js    |   2 +-
 ui/packages/consul-ui/app/services/hcp.js     |   2 +-
 .../consul-ui/app/services/i18n-debug.js      |   2 +-
 .../consul-ui/app/services/local-storage.js   |   2 +-
 ui/packages/consul-ui/app/services/logger.js  |   2 +-
 .../consul-ui/app/services/repository.js      |   2 +-
 .../app/services/repository/auth-method.js    |   2 +-
 .../app/services/repository/binding-rule.js   |   2 +-
 .../app/services/repository/coordinate.js     |   2 +-
 .../consul-ui/app/services/repository/dc.js   |   2 +-
 .../services/repository/discovery-chain.js    |   2 +-
 .../intention-permission-http-header.js       |   2 +-
 .../repository/intention-permission.js        |   2 +-
 .../app/services/repository/intention.js      |   2 +-
 .../consul-ui/app/services/repository/kv.js   |   2 +-
 .../app/services/repository/license.js        |   2 +-
 .../app/services/repository/metrics.js        |   2 +-
 .../consul-ui/app/services/repository/node.js |   2 +-
 .../app/services/repository/nspace.js         |   2 +-
 .../app/services/repository/oidc-provider.js  |   2 +-
 .../app/services/repository/partition.js      |   2 +-
 .../consul-ui/app/services/repository/peer.js |   2 +-
 .../app/services/repository/permission.js     |   2 +-
 .../app/services/repository/policy.js         |   2 +-
 .../app/services/repository/proxy.js          |   2 +-
 .../consul-ui/app/services/repository/role.js |   2 +-
 .../services/repository/service-instance.js   |   2 +-
 .../app/services/repository/service.js        |   2 +-
 .../app/services/repository/session.js        |   2 +-
 .../app/services/repository/token.js          |   2 +-
 .../app/services/repository/topology.js       |   2 +-
 ui/packages/consul-ui/app/services/routlet.js |   2 +-
 ui/packages/consul-ui/app/services/schema.js  |   2 +-
 ui/packages/consul-ui/app/services/search.js  |   2 +-
 .../consul-ui/app/services/settings.js        |   2 +-
 ui/packages/consul-ui/app/services/sort.js    |   2 +-
 .../app/services/state-with-charts.js         |   2 +-
 ui/packages/consul-ui/app/services/state.js   |   2 +-
 ui/packages/consul-ui/app/services/store.js   |   2 +-
 .../consul-ui/app/services/temporal.js        |   2 +-
 ui/packages/consul-ui/app/services/ticker.js  |   2 +-
 ui/packages/consul-ui/app/services/timeout.js |   2 +-
 .../consul-ui/app/services/ui-config.js       |   2 +-
 .../app/sort/comparators/auth-method.js       |   2 +-
 .../app/sort/comparators/health-check.js      |   2 +-
 .../app/sort/comparators/intention.js         |   2 +-
 .../consul-ui/app/sort/comparators/kv.js      |   2 +-
 .../consul-ui/app/sort/comparators/node.js    |   2 +-
 .../consul-ui/app/sort/comparators/nspace.js  |   2 +-
 .../app/sort/comparators/partition.js         |   2 +-
 .../consul-ui/app/sort/comparators/peer.js    |   2 +-
 .../consul-ui/app/sort/comparators/policy.js  |   2 +-
 .../consul-ui/app/sort/comparators/role.js    |   2 +-
 .../app/sort/comparators/service-instance.js  |   2 +-
 .../consul-ui/app/sort/comparators/service.js |   2 +-
 .../consul-ui/app/sort/comparators/token.js   |   2 +-
 .../app/sort/comparators/upstream-instance.js |   2 +-
 ui/packages/consul-ui/app/storages/base.js    |   2 +-
 ui/packages/consul-ui/app/storages/notices.js |   2 +-
 ui/packages/consul-ui/app/styles/app.scss     |   2 +-
 .../app/styles/base/animation/index.scss      |   2 +-
 .../app/styles/base/color/index.scss          |   2 +-
 .../styles/base/color/semantic-variables.scss |   2 +-
 .../base/color/ui/frame-placeholders.scss     |   2 +-
 .../app/styles/base/color/ui/index.scss       |   2 +-
 .../app/styles/base/component/index.scss      |   2 +-
 .../base/decoration/base-placeholders.scss    |   2 +-
 .../base/decoration/base-variables.scss       |   2 +-
 .../app/styles/base/decoration/index.scss     |   2 +-
 .../base/decoration/visually-hidden.css.js    |   2 +-
 .../styles/base/icons/base-keyframes.css.js   |   2 +-
 .../app/styles/base/icons/base-keyframes.scss |   2 +-
 .../styles/base/icons/base-placeholders.scss  |   2 +-
 .../app/styles/base/icons/debug.scss          |   2 +-
 .../base/icons/icons/activity/index.scss      |   2 +-
 .../base/icons/icons/activity/keyframes.scss  |   2 +-
 .../icons/icons/activity/placeholders.scss    |   2 +-
 .../icons/icons/activity/property-16.scss     |   2 +-
 .../icons/icons/activity/property-24.scss     |   2 +-
 .../icons/icons/alert-circle-fill/index.scss  |   2 +-
 .../icons/alert-circle-fill/keyframes.scss    |   2 +-
 .../icons/alert-circle-fill/placeholders.scss |   2 +-
 .../icons/alert-circle-fill/property-16.scss  |   2 +-
 .../icons/alert-circle-fill/property-24.scss  |   2 +-
 .../icons/alert-circle-outline/index.scss     |   2 +-
 .../icons/alert-circle-outline/keyframes.scss |   2 +-
 .../alert-circle-outline/placeholders.scss    |   2 +-
 .../base/icons/icons/alert-circle/index.scss  |   2 +-
 .../icons/icons/alert-circle/keyframes.scss   |   2 +-
 .../icons/alert-circle/placeholders.scss      |   2 +-
 .../icons/icons/alert-circle/property-16.scss |   2 +-
 .../icons/icons/alert-circle/property-24.scss |   2 +-
 .../icons/icons/alert-octagon-fill/index.scss |   2 +-
 .../icons/alert-octagon-fill/keyframes.scss   |   2 +-
 .../alert-octagon-fill/placeholders.scss      |   2 +-
 .../icons/alert-octagon-fill/property-16.scss |   2 +-
 .../icons/alert-octagon-fill/property-24.scss |   2 +-
 .../base/icons/icons/alert-octagon/index.scss |   2 +-
 .../icons/icons/alert-octagon/keyframes.scss  |   2 +-
 .../icons/alert-octagon/placeholders.scss     |   2 +-
 .../icons/alert-octagon/property-16.scss      |   2 +-
 .../icons/alert-octagon/property-24.scss      |   2 +-
 .../icons/alert-triangle-fill/index.scss      |   2 +-
 .../icons/alert-triangle-fill/keyframes.scss  |   2 +-
 .../alert-triangle-fill/placeholders.scss     |   2 +-
 .../alert-triangle-fill/property-16.scss      |   2 +-
 .../alert-triangle-fill/property-24.scss      |   2 +-
 .../icons/icons/alert-triangle/index.scss     |   2 +-
 .../icons/icons/alert-triangle/keyframes.scss |   2 +-
 .../icons/alert-triangle/placeholders.scss    |   2 +-
 .../icons/alert-triangle/property-16.scss     |   2 +-
 .../icons/alert-triangle/property-24.scss     |   2 +-
 .../base/icons/icons/alibaba-color/index.scss |   2 +-
 .../icons/icons/alibaba-color/keyframes.scss  |   2 +-
 .../icons/alibaba-color/placeholders.scss     |   2 +-
 .../icons/alibaba-color/property-16.scss      |   2 +-
 .../icons/alibaba-color/property-24.scss      |   2 +-
 .../base/icons/icons/alibaba/index.scss       |   2 +-
 .../base/icons/icons/alibaba/keyframes.scss   |   2 +-
 .../icons/icons/alibaba/placeholders.scss     |   2 +-
 .../base/icons/icons/alibaba/property-16.scss |   2 +-
 .../base/icons/icons/alibaba/property-24.scss |   2 +-
 .../base/icons/icons/align-center/index.scss  |   2 +-
 .../icons/icons/align-center/keyframes.scss   |   2 +-
 .../icons/align-center/placeholders.scss      |   2 +-
 .../icons/icons/align-center/property-16.scss |   2 +-
 .../icons/icons/align-center/property-24.scss |   2 +-
 .../base/icons/icons/align-justify/index.scss |   2 +-
 .../icons/icons/align-justify/keyframes.scss  |   2 +-
 .../icons/align-justify/placeholders.scss     |   2 +-
 .../icons/align-justify/property-16.scss      |   2 +-
 .../icons/align-justify/property-24.scss      |   2 +-
 .../base/icons/icons/align-left/index.scss    |   2 +-
 .../icons/icons/align-left/keyframes.scss     |   2 +-
 .../icons/icons/align-left/placeholders.scss  |   2 +-
 .../icons/icons/align-left/property-16.scss   |   2 +-
 .../icons/icons/align-left/property-24.scss   |   2 +-
 .../base/icons/icons/align-right/index.scss   |   2 +-
 .../icons/icons/align-right/keyframes.scss    |   2 +-
 .../icons/icons/align-right/placeholders.scss |   2 +-
 .../icons/icons/align-right/property-16.scss  |   2 +-
 .../icons/icons/align-right/property-24.scss  |   2 +-
 .../icons/icons/amazon-eks-color/index.scss   |   2 +-
 .../icons/amazon-eks-color/keyframes.scss     |   2 +-
 .../icons/amazon-eks-color/placeholders.scss  |   2 +-
 .../icons/amazon-eks-color/property-16.scss   |   2 +-
 .../icons/amazon-eks-color/property-24.scss   |   2 +-
 .../base/icons/icons/amazon-eks/index.scss    |   2 +-
 .../icons/icons/amazon-eks/keyframes.scss     |   2 +-
 .../icons/icons/amazon-eks/placeholders.scss  |   2 +-
 .../icons/icons/amazon-eks/property-16.scss   |   2 +-
 .../icons/icons/amazon-eks/property-24.scss   |   2 +-
 .../base/icons/icons/apple-color/index.scss   |   2 +-
 .../icons/icons/apple-color/keyframes.scss    |   2 +-
 .../icons/icons/apple-color/placeholders.scss |   2 +-
 .../icons/icons/apple-color/property-16.scss  |   2 +-
 .../icons/icons/apple-color/property-24.scss  |   2 +-
 .../styles/base/icons/icons/apple/index.scss  |   2 +-
 .../base/icons/icons/apple/keyframes.scss     |   2 +-
 .../base/icons/icons/apple/placeholders.scss  |   2 +-
 .../base/icons/icons/apple/property-16.scss   |   2 +-
 .../base/icons/icons/apple/property-24.scss   |   2 +-
 .../base/icons/icons/archive/index.scss       |   2 +-
 .../base/icons/icons/archive/keyframes.scss   |   2 +-
 .../icons/icons/archive/placeholders.scss     |   2 +-
 .../base/icons/icons/archive/property-16.scss |   2 +-
 .../base/icons/icons/archive/property-24.scss |   2 +-
 .../icons/icons/arrow-down-circle/index.scss  |   2 +-
 .../icons/arrow-down-circle/keyframes.scss    |   2 +-
 .../icons/arrow-down-circle/placeholders.scss |   2 +-
 .../icons/arrow-down-circle/property-16.scss  |   2 +-
 .../icons/arrow-down-circle/property-24.scss  |   2 +-
 .../icons/icons/arrow-down-left/index.scss    |   2 +-
 .../icons/arrow-down-left/keyframes.scss      |   2 +-
 .../icons/arrow-down-left/placeholders.scss   |   2 +-
 .../icons/arrow-down-left/property-16.scss    |   2 +-
 .../icons/arrow-down-left/property-24.scss    |   2 +-
 .../icons/icons/arrow-down-right/index.scss   |   2 +-
 .../icons/arrow-down-right/keyframes.scss     |   2 +-
 .../icons/arrow-down-right/placeholders.scss  |   2 +-
 .../icons/arrow-down-right/property-16.scss   |   2 +-
 .../icons/arrow-down-right/property-24.scss   |   2 +-
 .../base/icons/icons/arrow-down/index.scss    |   2 +-
 .../icons/icons/arrow-down/keyframes.scss     |   2 +-
 .../icons/icons/arrow-down/placeholders.scss  |   2 +-
 .../icons/icons/arrow-down/property-16.scss   |   2 +-
 .../icons/icons/arrow-down/property-24.scss   |   2 +-
 .../icons/icons/arrow-left-circle/index.scss  |   2 +-
 .../icons/arrow-left-circle/keyframes.scss    |   2 +-
 .../icons/arrow-left-circle/placeholders.scss |   2 +-
 .../icons/arrow-left-circle/property-16.scss  |   2 +-
 .../icons/arrow-left-circle/property-24.scss  |   2 +-
 .../base/icons/icons/arrow-left/index.scss    |   2 +-
 .../icons/icons/arrow-left/keyframes.scss     |   2 +-
 .../icons/icons/arrow-left/placeholders.scss  |   2 +-
 .../icons/icons/arrow-left/property-16.scss   |   2 +-
 .../icons/icons/arrow-left/property-24.scss   |   2 +-
 .../icons/icons/arrow-right-circle/index.scss |   2 +-
 .../icons/arrow-right-circle/keyframes.scss   |   2 +-
 .../arrow-right-circle/placeholders.scss      |   2 +-
 .../icons/arrow-right-circle/property-16.scss |   2 +-
 .../icons/arrow-right-circle/property-24.scss |   2 +-
 .../base/icons/icons/arrow-right/index.scss   |   2 +-
 .../icons/icons/arrow-right/keyframes.scss    |   2 +-
 .../icons/icons/arrow-right/placeholders.scss |   2 +-
 .../icons/icons/arrow-right/property-16.scss  |   2 +-
 .../icons/icons/arrow-right/property-24.scss  |   2 +-
 .../icons/icons/arrow-up-circle/index.scss    |   2 +-
 .../icons/arrow-up-circle/keyframes.scss      |   2 +-
 .../icons/arrow-up-circle/placeholders.scss   |   2 +-
 .../icons/arrow-up-circle/property-16.scss    |   2 +-
 .../icons/arrow-up-circle/property-24.scss    |   2 +-
 .../base/icons/icons/arrow-up-left/index.scss |   2 +-
 .../icons/icons/arrow-up-left/keyframes.scss  |   2 +-
 .../icons/arrow-up-left/placeholders.scss     |   2 +-
 .../icons/arrow-up-left/property-16.scss      |   2 +-
 .../icons/arrow-up-left/property-24.scss      |   2 +-
 .../icons/icons/arrow-up-right/index.scss     |   2 +-
 .../icons/icons/arrow-up-right/keyframes.scss |   2 +-
 .../icons/arrow-up-right/placeholders.scss    |   2 +-
 .../icons/arrow-up-right/property-16.scss     |   2 +-
 .../icons/arrow-up-right/property-24.scss     |   2 +-
 .../base/icons/icons/arrow-up/index.scss      |   2 +-
 .../base/icons/icons/arrow-up/keyframes.scss  |   2 +-
 .../icons/icons/arrow-up/placeholders.scss    |   2 +-
 .../icons/icons/arrow-up/property-16.scss     |   2 +-
 .../icons/icons/arrow-up/property-24.scss     |   2 +-
 .../base/icons/icons/at-sign/index.scss       |   2 +-
 .../base/icons/icons/at-sign/keyframes.scss   |   2 +-
 .../icons/icons/at-sign/placeholders.scss     |   2 +-
 .../base/icons/icons/at-sign/property-16.scss |   2 +-
 .../base/icons/icons/at-sign/property-24.scss |   2 +-
 .../base/icons/icons/auth0-color/index.scss   |   2 +-
 .../icons/icons/auth0-color/keyframes.scss    |   2 +-
 .../icons/icons/auth0-color/placeholders.scss |   2 +-
 .../icons/icons/auth0-color/property-16.scss  |   2 +-
 .../icons/icons/auth0-color/property-24.scss  |   2 +-
 .../styles/base/icons/icons/auth0/index.scss  |   2 +-
 .../base/icons/icons/auth0/keyframes.scss     |   2 +-
 .../base/icons/icons/auth0/placeholders.scss  |   2 +-
 .../base/icons/icons/auth0/property-16.scss   |   2 +-
 .../base/icons/icons/auth0/property-24.scss   |   2 +-
 .../base/icons/icons/auto-apply/index.scss    |   2 +-
 .../icons/icons/auto-apply/keyframes.scss     |   2 +-
 .../icons/icons/auto-apply/placeholders.scss  |   2 +-
 .../icons/icons/auto-apply/property-16.scss   |   2 +-
 .../icons/icons/auto-apply/property-24.scss   |   2 +-
 .../styles/base/icons/icons/award/index.scss  |   2 +-
 .../base/icons/icons/award/keyframes.scss     |   2 +-
 .../base/icons/icons/award/placeholders.scss  |   2 +-
 .../base/icons/icons/award/property-16.scss   |   2 +-
 .../base/icons/icons/award/property-24.scss   |   2 +-
 .../base/icons/icons/azure-color/index.scss   |   2 +-
 .../icons/icons/azure-color/keyframes.scss    |   2 +-
 .../icons/icons/azure-color/placeholders.scss |   2 +-
 .../icons/icons/azure-color/property-16.scss  |   2 +-
 .../icons/icons/azure-color/property-24.scss  |   2 +-
 .../icons/icons/azure-devops-color/index.scss |   2 +-
 .../icons/azure-devops-color/keyframes.scss   |   2 +-
 .../azure-devops-color/placeholders.scss      |   2 +-
 .../icons/azure-devops-color/property-16.scss |   2 +-
 .../icons/azure-devops-color/property-24.scss |   2 +-
 .../base/icons/icons/azure-devops/index.scss  |   2 +-
 .../icons/icons/azure-devops/keyframes.scss   |   2 +-
 .../icons/azure-devops/placeholders.scss      |   2 +-
 .../icons/icons/azure-devops/property-16.scss |   2 +-
 .../icons/icons/azure-devops/property-24.scss |   2 +-
 .../styles/base/icons/icons/azure/index.scss  |   2 +-
 .../base/icons/icons/azure/keyframes.scss     |   2 +-
 .../base/icons/icons/azure/placeholders.scss  |   2 +-
 .../base/icons/icons/azure/property-16.scss   |   2 +-
 .../base/icons/icons/azure/property-24.scss   |   2 +-
 .../base/icons/icons/bank-vault/index.scss    |   2 +-
 .../icons/icons/bank-vault/keyframes.scss     |   2 +-
 .../icons/icons/bank-vault/placeholders.scss  |   2 +-
 .../icons/icons/bank-vault/property-16.scss   |   2 +-
 .../icons/icons/bank-vault/property-24.scss   |   2 +-
 .../base/icons/icons/bar-chart-alt/index.scss |   2 +-
 .../icons/icons/bar-chart-alt/keyframes.scss  |   2 +-
 .../icons/bar-chart-alt/placeholders.scss     |   2 +-
 .../icons/bar-chart-alt/property-16.scss      |   2 +-
 .../icons/bar-chart-alt/property-24.scss      |   2 +-
 .../base/icons/icons/bar-chart/index.scss     |   2 +-
 .../base/icons/icons/bar-chart/keyframes.scss |   2 +-
 .../icons/icons/bar-chart/placeholders.scss   |   2 +-
 .../icons/icons/bar-chart/property-16.scss    |   2 +-
 .../icons/icons/bar-chart/property-24.scss    |   2 +-
 .../icons/icons/battery-charging/index.scss   |   2 +-
 .../icons/battery-charging/keyframes.scss     |   2 +-
 .../icons/battery-charging/placeholders.scss  |   2 +-
 .../icons/battery-charging/property-16.scss   |   2 +-
 .../icons/battery-charging/property-24.scss   |   2 +-
 .../base/icons/icons/battery/index.scss       |   2 +-
 .../base/icons/icons/battery/keyframes.scss   |   2 +-
 .../icons/icons/battery/placeholders.scss     |   2 +-
 .../base/icons/icons/battery/property-16.scss |   2 +-
 .../base/icons/icons/battery/property-24.scss |   2 +-
 .../styles/base/icons/icons/beaker/index.scss |   2 +-
 .../base/icons/icons/beaker/keyframes.scss    |   2 +-
 .../base/icons/icons/beaker/placeholders.scss |   2 +-
 .../base/icons/icons/beaker/property-16.scss  |   2 +-
 .../base/icons/icons/beaker/property-24.scss  |   2 +-
 .../icons/icons/bell-active-fill/index.scss   |   2 +-
 .../icons/bell-active-fill/keyframes.scss     |   2 +-
 .../icons/bell-active-fill/placeholders.scss  |   2 +-
 .../icons/bell-active-fill/property-16.scss   |   2 +-
 .../icons/bell-active-fill/property-24.scss   |   2 +-
 .../base/icons/icons/bell-active/index.scss   |   2 +-
 .../icons/icons/bell-active/keyframes.scss    |   2 +-
 .../icons/icons/bell-active/placeholders.scss |   2 +-
 .../icons/icons/bell-active/property-16.scss  |   2 +-
 .../icons/icons/bell-active/property-24.scss  |   2 +-
 .../base/icons/icons/bell-off/index.scss      |   2 +-
 .../base/icons/icons/bell-off/keyframes.scss  |   2 +-
 .../icons/icons/bell-off/placeholders.scss    |   2 +-
 .../icons/icons/bell-off/property-16.scss     |   2 +-
 .../icons/icons/bell-off/property-24.scss     |   2 +-
 .../styles/base/icons/icons/bell/index.scss   |   2 +-
 .../base/icons/icons/bell/keyframes.scss      |   2 +-
 .../base/icons/icons/bell/placeholders.scss   |   2 +-
 .../base/icons/icons/bell/property-16.scss    |   2 +-
 .../base/icons/icons/bell/property-24.scss    |   2 +-
 .../icons/icons/bitbucket-color/index.scss    |   2 +-
 .../icons/bitbucket-color/keyframes.scss      |   2 +-
 .../icons/bitbucket-color/placeholders.scss   |   2 +-
 .../icons/bitbucket-color/property-16.scss    |   2 +-
 .../icons/bitbucket-color/property-24.scss    |   2 +-
 .../base/icons/icons/bitbucket/index.scss     |   2 +-
 .../base/icons/icons/bitbucket/keyframes.scss |   2 +-
 .../icons/icons/bitbucket/placeholders.scss   |   2 +-
 .../icons/icons/bitbucket/property-16.scss    |   2 +-
 .../icons/icons/bitbucket/property-24.scss    |   2 +-
 .../styles/base/icons/icons/bolt/index.scss   |   2 +-
 .../base/icons/icons/bolt/keyframes.scss      |   2 +-
 .../base/icons/icons/bolt/placeholders.scss   |   2 +-
 .../icons/icons/bookmark-add-fill/index.scss  |   2 +-
 .../icons/bookmark-add-fill/keyframes.scss    |   2 +-
 .../icons/bookmark-add-fill/placeholders.scss |   2 +-
 .../icons/bookmark-add-fill/property-16.scss  |   2 +-
 .../icons/bookmark-add-fill/property-24.scss  |   2 +-
 .../base/icons/icons/bookmark-add/index.scss  |   2 +-
 .../icons/icons/bookmark-add/keyframes.scss   |   2 +-
 .../icons/bookmark-add/placeholders.scss      |   2 +-
 .../icons/icons/bookmark-add/property-16.scss |   2 +-
 .../icons/icons/bookmark-add/property-24.scss |   2 +-
 .../base/icons/icons/bookmark-fill/index.scss |   2 +-
 .../icons/icons/bookmark-fill/keyframes.scss  |   2 +-
 .../icons/bookmark-fill/placeholders.scss     |   2 +-
 .../icons/bookmark-fill/property-16.scss      |   2 +-
 .../icons/bookmark-fill/property-24.scss      |   2 +-
 .../icons/bookmark-remove-fill/index.scss     |   2 +-
 .../icons/bookmark-remove-fill/keyframes.scss |   2 +-
 .../bookmark-remove-fill/placeholders.scss    |   2 +-
 .../bookmark-remove-fill/property-16.scss     |   2 +-
 .../bookmark-remove-fill/property-24.scss     |   2 +-
 .../icons/icons/bookmark-remove/index.scss    |   2 +-
 .../icons/bookmark-remove/keyframes.scss      |   2 +-
 .../icons/bookmark-remove/placeholders.scss   |   2 +-
 .../icons/bookmark-remove/property-16.scss    |   2 +-
 .../icons/bookmark-remove/property-24.scss    |   2 +-
 .../base/icons/icons/bookmark/index.scss      |   2 +-
 .../base/icons/icons/bookmark/keyframes.scss  |   2 +-
 .../icons/icons/bookmark/placeholders.scss    |   2 +-
 .../icons/icons/bookmark/property-16.scss     |   2 +-
 .../icons/icons/bookmark/property-24.scss     |   2 +-
 .../styles/base/icons/icons/bottom/index.scss |   2 +-
 .../base/icons/icons/bottom/keyframes.scss    |   2 +-
 .../base/icons/icons/bottom/placeholders.scss |   2 +-
 .../base/icons/icons/bottom/property-16.scss  |   2 +-
 .../base/icons/icons/bottom/property-24.scss  |   2 +-
 .../icons/icons/boundary-color/index.scss     |   2 +-
 .../icons/icons/boundary-color/keyframes.scss |   2 +-
 .../icons/boundary-color/placeholders.scss    |   2 +-
 .../icons/boundary-color/property-16.scss     |   2 +-
 .../icons/boundary-color/property-24.scss     |   2 +-
 .../base/icons/icons/boundary/index.scss      |   2 +-
 .../base/icons/icons/boundary/keyframes.scss  |   2 +-
 .../icons/icons/boundary/placeholders.scss    |   2 +-
 .../icons/icons/boundary/property-16.scss     |   2 +-
 .../icons/icons/boundary/property-24.scss     |   2 +-
 .../icons/icons/box-check-fill/index.scss     |   2 +-
 .../icons/icons/box-check-fill/keyframes.scss |   2 +-
 .../icons/box-check-fill/placeholders.scss    |   2 +-
 .../base/icons/icons/box-outline/index.scss   |   2 +-
 .../icons/icons/box-outline/keyframes.scss    |   2 +-
 .../icons/icons/box-outline/placeholders.scss |   2 +-
 .../styles/base/icons/icons/box/index.scss    |   2 +-
 .../base/icons/icons/box/keyframes.scss       |   2 +-
 .../base/icons/icons/box/placeholders.scss    |   2 +-
 .../base/icons/icons/box/property-16.scss     |   2 +-
 .../base/icons/icons/box/property-24.scss     |   2 +-
 .../base/icons/icons/briefcase/index.scss     |   2 +-
 .../base/icons/icons/briefcase/keyframes.scss |   2 +-
 .../icons/icons/briefcase/placeholders.scss   |   2 +-
 .../icons/icons/briefcase/property-16.scss    |   2 +-
 .../icons/icons/briefcase/property-24.scss    |   2 +-
 .../base/icons/icons/broadcast/index.scss     |   2 +-
 .../base/icons/icons/broadcast/keyframes.scss |   2 +-
 .../icons/icons/broadcast/placeholders.scss   |   2 +-
 .../styles/base/icons/icons/bug/index.scss    |   2 +-
 .../base/icons/icons/bug/keyframes.scss       |   2 +-
 .../base/icons/icons/bug/placeholders.scss    |   2 +-
 .../base/icons/icons/bug/property-16.scss     |   2 +-
 .../base/icons/icons/bug/property-24.scss     |   2 +-
 .../styles/base/icons/icons/build/index.scss  |   2 +-
 .../base/icons/icons/build/keyframes.scss     |   2 +-
 .../base/icons/icons/build/placeholders.scss  |   2 +-
 .../base/icons/icons/build/property-16.scss   |   2 +-
 .../base/icons/icons/build/property-24.scss   |   2 +-
 .../styles/base/icons/icons/bulb/index.scss   |   2 +-
 .../base/icons/icons/bulb/keyframes.scss      |   2 +-
 .../base/icons/icons/bulb/placeholders.scss   |   2 +-
 .../base/icons/icons/bulb/property-16.scss    |   2 +-
 .../base/icons/icons/bulb/property-24.scss    |   2 +-
 .../base/icons/icons/calendar/index.scss      |   2 +-
 .../base/icons/icons/calendar/keyframes.scss  |   2 +-
 .../icons/icons/calendar/placeholders.scss    |   2 +-
 .../icons/icons/calendar/property-16.scss     |   2 +-
 .../icons/icons/calendar/property-24.scss     |   2 +-
 .../base/icons/icons/camera-off/index.scss    |   2 +-
 .../icons/icons/camera-off/keyframes.scss     |   2 +-
 .../icons/icons/camera-off/placeholders.scss  |   2 +-
 .../icons/icons/camera-off/property-16.scss   |   2 +-
 .../icons/icons/camera-off/property-24.scss   |   2 +-
 .../styles/base/icons/icons/camera/index.scss |   2 +-
 .../base/icons/icons/camera/keyframes.scss    |   2 +-
 .../base/icons/icons/camera/placeholders.scss |   2 +-
 .../base/icons/icons/camera/property-16.scss  |   2 +-
 .../base/icons/icons/camera/property-24.scss  |   2 +-
 .../icons/icons/cancel-circle-fill/index.scss |   2 +-
 .../icons/cancel-circle-fill/keyframes.scss   |   2 +-
 .../cancel-circle-fill/placeholders.scss      |   2 +-
 .../icons/cancel-circle-outline/index.scss    |   2 +-
 .../cancel-circle-outline/keyframes.scss      |   2 +-
 .../cancel-circle-outline/placeholders.scss   |   2 +-
 .../base/icons/icons/cancel-plain/index.scss  |   2 +-
 .../icons/icons/cancel-plain/keyframes.scss   |   2 +-
 .../icons/cancel-plain/placeholders.scss      |   2 +-
 .../icons/icons/cancel-square-fill/index.scss |   2 +-
 .../icons/cancel-square-fill/keyframes.scss   |   2 +-
 .../cancel-square-fill/placeholders.scss      |   2 +-
 .../icons/cancel-square-outline/index.scss    |   2 +-
 .../cancel-square-outline/keyframes.scss      |   2 +-
 .../cancel-square-outline/placeholders.scss   |   2 +-
 .../base/icons/icons/caret-down/index.scss    |   2 +-
 .../icons/icons/caret-down/keyframes.scss     |   2 +-
 .../icons/icons/caret-down/placeholders.scss  |   2 +-
 .../base/icons/icons/caret-up/index.scss      |   2 +-
 .../base/icons/icons/caret-up/keyframes.scss  |   2 +-
 .../icons/icons/caret-up/placeholders.scss    |   2 +-
 .../styles/base/icons/icons/caret/index.scss  |   2 +-
 .../base/icons/icons/caret/keyframes.scss     |   2 +-
 .../base/icons/icons/caret/placeholders.scss  |   2 +-
 .../base/icons/icons/caret/property-16.scss   |   2 +-
 .../base/icons/icons/caret/property-24.scss   |   2 +-
 .../styles/base/icons/icons/cast/index.scss   |   2 +-
 .../base/icons/icons/cast/keyframes.scss      |   2 +-
 .../base/icons/icons/cast/placeholders.scss   |   2 +-
 .../base/icons/icons/cast/property-16.scss    |   2 +-
 .../base/icons/icons/cast/property-24.scss    |   2 +-
 .../base/icons/icons/certificate/index.scss   |   2 +-
 .../icons/icons/certificate/keyframes.scss    |   2 +-
 .../icons/icons/certificate/placeholders.scss |   2 +-
 .../icons/icons/certificate/property-16.scss  |   2 +-
 .../icons/icons/certificate/property-24.scss  |   2 +-
 .../base/icons/icons/change-circle/index.scss |   2 +-
 .../icons/icons/change-circle/keyframes.scss  |   2 +-
 .../icons/change-circle/placeholders.scss     |   2 +-
 .../icons/change-circle/property-16.scss      |   2 +-
 .../icons/change-circle/property-24.scss      |   2 +-
 .../base/icons/icons/change-square/index.scss |   2 +-
 .../icons/icons/change-square/keyframes.scss  |   2 +-
 .../icons/change-square/placeholders.scss     |   2 +-
 .../icons/change-square/property-16.scss      |   2 +-
 .../icons/change-square/property-24.scss      |   2 +-
 .../styles/base/icons/icons/change/index.scss |   2 +-
 .../base/icons/icons/change/keyframes.scss    |   2 +-
 .../base/icons/icons/change/placeholders.scss |   2 +-
 .../base/icons/icons/change/property-16.scss  |   2 +-
 .../base/icons/icons/change/property-24.scss  |   2 +-
 .../icons/icons/check-circle-fill/index.scss  |   2 +-
 .../icons/check-circle-fill/keyframes.scss    |   2 +-
 .../icons/check-circle-fill/placeholders.scss |   2 +-
 .../icons/check-circle-fill/property-16.scss  |   2 +-
 .../icons/check-circle-fill/property-24.scss  |   2 +-
 .../icons/check-circle-outline/index.scss     |   2 +-
 .../icons/check-circle-outline/keyframes.scss |   2 +-
 .../check-circle-outline/placeholders.scss    |   2 +-
 .../base/icons/icons/check-circle/index.scss  |   2 +-
 .../icons/icons/check-circle/keyframes.scss   |   2 +-
 .../icons/check-circle/placeholders.scss      |   2 +-
 .../icons/icons/check-circle/property-16.scss |   2 +-
 .../icons/icons/check-circle/property-24.scss |   2 +-
 .../icons/icons/check-diamond-fill/index.scss |   2 +-
 .../icons/check-diamond-fill/keyframes.scss   |   2 +-
 .../check-diamond-fill/placeholders.scss      |   2 +-
 .../icons/check-diamond-fill/property-16.scss |   2 +-
 .../icons/check-diamond-fill/property-24.scss |   2 +-
 .../base/icons/icons/check-diamond/index.scss |   2 +-
 .../icons/icons/check-diamond/keyframes.scss  |   2 +-
 .../icons/check-diamond/placeholders.scss     |   2 +-
 .../icons/check-diamond/property-16.scss      |   2 +-
 .../icons/check-diamond/property-24.scss      |   2 +-
 .../icons/icons/check-hexagon-fill/index.scss |   2 +-
 .../icons/check-hexagon-fill/keyframes.scss   |   2 +-
 .../check-hexagon-fill/placeholders.scss      |   2 +-
 .../icons/check-hexagon-fill/property-16.scss |   2 +-
 .../icons/check-hexagon-fill/property-24.scss |   2 +-
 .../base/icons/icons/check-hexagon/index.scss |   2 +-
 .../icons/icons/check-hexagon/keyframes.scss  |   2 +-
 .../icons/check-hexagon/placeholders.scss     |   2 +-
 .../icons/check-hexagon/property-16.scss      |   2 +-
 .../icons/check-hexagon/property-24.scss      |   2 +-
 .../base/icons/icons/check-plain/index.scss   |   2 +-
 .../icons/icons/check-plain/keyframes.scss    |   2 +-
 .../icons/icons/check-plain/placeholders.scss |   2 +-
 .../icons/icons/check-square-fill/index.scss  |   2 +-
 .../icons/check-square-fill/keyframes.scss    |   2 +-
 .../icons/check-square-fill/placeholders.scss |   2 +-
 .../icons/check-square-fill/property-16.scss  |   2 +-
 .../icons/check-square-fill/property-24.scss  |   2 +-
 .../base/icons/icons/check-square/index.scss  |   2 +-
 .../icons/icons/check-square/keyframes.scss   |   2 +-
 .../icons/check-square/placeholders.scss      |   2 +-
 .../icons/icons/check-square/property-16.scss |   2 +-
 .../icons/icons/check-square/property-24.scss |   2 +-
 .../styles/base/icons/icons/check/index.scss  |   2 +-
 .../base/icons/icons/check/keyframes.scss     |   2 +-
 .../base/icons/icons/check/placeholders.scss  |   2 +-
 .../base/icons/icons/check/property-16.scss   |   2 +-
 .../base/icons/icons/check/property-24.scss   |   2 +-
 .../base/icons/icons/chevron-down/index.scss  |   2 +-
 .../icons/icons/chevron-down/keyframes.scss   |   2 +-
 .../icons/chevron-down/placeholders.scss      |   2 +-
 .../icons/icons/chevron-down/property-16.scss |   2 +-
 .../icons/icons/chevron-down/property-24.scss |   2 +-
 .../base/icons/icons/chevron-left/index.scss  |   2 +-
 .../icons/icons/chevron-left/keyframes.scss   |   2 +-
 .../icons/chevron-left/placeholders.scss      |   2 +-
 .../icons/icons/chevron-left/property-16.scss |   2 +-
 .../icons/icons/chevron-left/property-24.scss |   2 +-
 .../base/icons/icons/chevron-right/index.scss |   2 +-
 .../icons/icons/chevron-right/keyframes.scss  |   2 +-
 .../icons/chevron-right/placeholders.scss     |   2 +-
 .../icons/chevron-right/property-16.scss      |   2 +-
 .../icons/chevron-right/property-24.scss      |   2 +-
 .../base/icons/icons/chevron-up/index.scss    |   2 +-
 .../icons/icons/chevron-up/keyframes.scss     |   2 +-
 .../icons/icons/chevron-up/placeholders.scss  |   2 +-
 .../icons/icons/chevron-up/property-16.scss   |   2 +-
 .../icons/icons/chevron-up/property-24.scss   |   2 +-
 .../base/icons/icons/chevrons-down/index.scss |   2 +-
 .../icons/icons/chevrons-down/keyframes.scss  |   2 +-
 .../icons/chevrons-down/placeholders.scss     |   2 +-
 .../icons/chevrons-down/property-16.scss      |   2 +-
 .../icons/chevrons-down/property-24.scss      |   2 +-
 .../base/icons/icons/chevrons-left/index.scss |   2 +-
 .../icons/icons/chevrons-left/keyframes.scss  |   2 +-
 .../icons/chevrons-left/placeholders.scss     |   2 +-
 .../icons/chevrons-left/property-16.scss      |   2 +-
 .../icons/chevrons-left/property-24.scss      |   2 +-
 .../icons/icons/chevrons-right/index.scss     |   2 +-
 .../icons/icons/chevrons-right/keyframes.scss |   2 +-
 .../icons/chevrons-right/placeholders.scss    |   2 +-
 .../icons/chevrons-right/property-16.scss     |   2 +-
 .../icons/chevrons-right/property-24.scss     |   2 +-
 .../base/icons/icons/chevrons-up/index.scss   |   2 +-
 .../icons/icons/chevrons-up/keyframes.scss    |   2 +-
 .../icons/icons/chevrons-up/placeholders.scss |   2 +-
 .../icons/icons/chevrons-up/property-16.scss  |   2 +-
 .../icons/icons/chevrons-up/property-24.scss  |   2 +-
 .../base/icons/icons/circle-dot/index.scss    |   2 +-
 .../icons/icons/circle-dot/keyframes.scss     |   2 +-
 .../icons/icons/circle-dot/placeholders.scss  |   2 +-
 .../icons/icons/circle-dot/property-16.scss   |   2 +-
 .../icons/icons/circle-dot/property-24.scss   |   2 +-
 .../base/icons/icons/circle-fill/index.scss   |   2 +-
 .../icons/icons/circle-fill/keyframes.scss    |   2 +-
 .../icons/icons/circle-fill/placeholders.scss |   2 +-
 .../icons/icons/circle-fill/property-16.scss  |   2 +-
 .../icons/icons/circle-fill/property-24.scss  |   2 +-
 .../base/icons/icons/circle-half/index.scss   |   2 +-
 .../icons/icons/circle-half/keyframes.scss    |   2 +-
 .../icons/icons/circle-half/placeholders.scss |   2 +-
 .../icons/icons/circle-half/property-16.scss  |   2 +-
 .../icons/icons/circle-half/property-24.scss  |   2 +-
 .../styles/base/icons/icons/circle/index.scss |   2 +-
 .../base/icons/icons/circle/keyframes.scss    |   2 +-
 .../base/icons/icons/circle/placeholders.scss |   2 +-
 .../base/icons/icons/circle/property-16.scss  |   2 +-
 .../base/icons/icons/circle/property-24.scss  |   2 +-
 .../icons/icons/clipboard-checked/index.scss  |   2 +-
 .../icons/clipboard-checked/keyframes.scss    |   2 +-
 .../icons/clipboard-checked/placeholders.scss |   2 +-
 .../icons/clipboard-checked/property-16.scss  |   2 +-
 .../icons/clipboard-checked/property-24.scss  |   2 +-
 .../icons/icons/clipboard-copy/index.scss     |   2 +-
 .../icons/icons/clipboard-copy/keyframes.scss |   2 +-
 .../icons/clipboard-copy/placeholders.scss    |   2 +-
 .../icons/clipboard-copy/property-16.scss     |   2 +-
 .../icons/clipboard-copy/property-24.scss     |   2 +-
 .../base/icons/icons/clipboard/index.scss     |   2 +-
 .../base/icons/icons/clipboard/keyframes.scss |   2 +-
 .../icons/icons/clipboard/placeholders.scss   |   2 +-
 .../icons/icons/clipboard/property-16.scss    |   2 +-
 .../icons/icons/clipboard/property-24.scss    |   2 +-
 .../base/icons/icons/clock-fill/index.scss    |   2 +-
 .../icons/icons/clock-fill/keyframes.scss     |   2 +-
 .../icons/icons/clock-fill/placeholders.scss  |   2 +-
 .../base/icons/icons/clock-outline/index.scss |   2 +-
 .../icons/icons/clock-outline/keyframes.scss  |   2 +-
 .../icons/clock-outline/placeholders.scss     |   2 +-
 .../styles/base/icons/icons/clock/index.scss  |   2 +-
 .../base/icons/icons/clock/keyframes.scss     |   2 +-
 .../base/icons/icons/clock/placeholders.scss  |   2 +-
 .../base/icons/icons/clock/property-16.scss   |   2 +-
 .../base/icons/icons/clock/property-24.scss   |   2 +-
 .../base/icons/icons/cloud-check/index.scss   |   2 +-
 .../icons/icons/cloud-check/keyframes.scss    |   2 +-
 .../icons/icons/cloud-check/placeholders.scss |   2 +-
 .../icons/icons/cloud-check/property-16.scss  |   2 +-
 .../icons/icons/cloud-check/property-24.scss  |   2 +-
 .../base/icons/icons/cloud-cross/index.scss   |   2 +-
 .../icons/icons/cloud-cross/keyframes.scss    |   2 +-
 .../icons/icons/cloud-cross/placeholders.scss |   2 +-
 .../icons/icons/cloud-cross/property-16.scss  |   2 +-
 .../icons/icons/cloud-cross/property-24.scss  |   2 +-
 .../icons/icons/cloud-download/index.scss     |   2 +-
 .../icons/icons/cloud-download/keyframes.scss |   2 +-
 .../icons/cloud-download/placeholders.scss    |   2 +-
 .../icons/cloud-download/property-16.scss     |   2 +-
 .../icons/cloud-download/property-24.scss     |   2 +-
 .../icons/icons/cloud-lightning/index.scss    |   2 +-
 .../icons/cloud-lightning/keyframes.scss      |   2 +-
 .../icons/cloud-lightning/placeholders.scss   |   2 +-
 .../icons/cloud-lightning/property-16.scss    |   2 +-
 .../icons/cloud-lightning/property-24.scss    |   2 +-
 .../base/icons/icons/cloud-lock/index.scss    |   2 +-
 .../icons/icons/cloud-lock/keyframes.scss     |   2 +-
 .../icons/icons/cloud-lock/placeholders.scss  |   2 +-
 .../icons/icons/cloud-lock/property-16.scss   |   2 +-
 .../icons/icons/cloud-lock/property-24.scss   |   2 +-
 .../base/icons/icons/cloud-off/index.scss     |   2 +-
 .../base/icons/icons/cloud-off/keyframes.scss |   2 +-
 .../icons/icons/cloud-off/placeholders.scss   |   2 +-
 .../icons/icons/cloud-off/property-16.scss    |   2 +-
 .../icons/icons/cloud-off/property-24.scss    |   2 +-
 .../base/icons/icons/cloud-upload/index.scss  |   2 +-
 .../icons/icons/cloud-upload/keyframes.scss   |   2 +-
 .../icons/cloud-upload/placeholders.scss      |   2 +-
 .../icons/icons/cloud-upload/property-16.scss |   2 +-
 .../icons/icons/cloud-upload/property-24.scss |   2 +-
 .../base/icons/icons/cloud-x/index.scss       |   2 +-
 .../base/icons/icons/cloud-x/keyframes.scss   |   2 +-
 .../icons/icons/cloud-x/placeholders.scss     |   2 +-
 .../base/icons/icons/cloud-x/property-16.scss |   2 +-
 .../base/icons/icons/cloud-x/property-24.scss |   2 +-
 .../styles/base/icons/icons/cloud/index.scss  |   2 +-
 .../base/icons/icons/cloud/keyframes.scss     |   2 +-
 .../base/icons/icons/cloud/placeholders.scss  |   2 +-
 .../base/icons/icons/cloud/property-16.scss   |   2 +-
 .../base/icons/icons/cloud/property-24.scss   |   2 +-
 .../styles/base/icons/icons/code/index.scss   |   2 +-
 .../base/icons/icons/code/keyframes.scss      |   2 +-
 .../base/icons/icons/code/placeholders.scss   |   2 +-
 .../base/icons/icons/code/property-16.scss    |   2 +-
 .../base/icons/icons/code/property-24.scss    |   2 +-
 .../base/icons/icons/codepen-color/index.scss |   2 +-
 .../icons/icons/codepen-color/keyframes.scss  |   2 +-
 .../icons/codepen-color/placeholders.scss     |   2 +-
 .../icons/codepen-color/property-16.scss      |   2 +-
 .../icons/codepen-color/property-24.scss      |   2 +-
 .../base/icons/icons/codepen/index.scss       |   2 +-
 .../base/icons/icons/codepen/keyframes.scss   |   2 +-
 .../icons/icons/codepen/placeholders.scss     |   2 +-
 .../base/icons/icons/codepen/property-16.scss |   2 +-
 .../base/icons/icons/codepen/property-24.scss |   2 +-
 .../base/icons/icons/collections/index.scss   |   2 +-
 .../icons/icons/collections/keyframes.scss    |   2 +-
 .../icons/icons/collections/placeholders.scss |   2 +-
 .../icons/icons/collections/property-16.scss  |   2 +-
 .../icons/icons/collections/property-24.scss  |   2 +-
 .../base/icons/icons/command/index.scss       |   2 +-
 .../base/icons/icons/command/keyframes.scss   |   2 +-
 .../icons/icons/command/placeholders.scss     |   2 +-
 .../base/icons/icons/command/property-16.scss |   2 +-
 .../base/icons/icons/command/property-24.scss |   2 +-
 .../base/icons/icons/compass/index.scss       |   2 +-
 .../base/icons/icons/compass/keyframes.scss   |   2 +-
 .../icons/icons/compass/placeholders.scss     |   2 +-
 .../base/icons/icons/compass/property-16.scss |   2 +-
 .../base/icons/icons/compass/property-24.scss |   2 +-
 .../icons/icons/connection-gateway/index.scss |   2 +-
 .../icons/connection-gateway/keyframes.scss   |   2 +-
 .../connection-gateway/placeholders.scss      |   2 +-
 .../icons/connection-gateway/property-16.scss |   2 +-
 .../icons/connection-gateway/property-24.scss |   2 +-
 .../base/icons/icons/connection/index.scss    |   2 +-
 .../icons/icons/connection/keyframes.scss     |   2 +-
 .../icons/icons/connection/placeholders.scss  |   2 +-
 .../icons/icons/connection/property-16.scss   |   2 +-
 .../icons/icons/connection/property-24.scss   |   2 +-
 .../base/icons/icons/console/index.scss       |   2 +-
 .../base/icons/icons/console/keyframes.scss   |   2 +-
 .../icons/icons/console/placeholders.scss     |   2 +-
 .../base/icons/icons/copy-action/index.scss   |   2 +-
 .../icons/icons/copy-action/keyframes.scss    |   2 +-
 .../icons/icons/copy-action/placeholders.scss |   2 +-
 .../base/icons/icons/copy-success/index.scss  |   2 +-
 .../icons/icons/copy-success/keyframes.scss   |   2 +-
 .../icons/copy-success/placeholders.scss      |   2 +-
 .../icons/icons/corner-down-left/index.scss   |   2 +-
 .../icons/corner-down-left/keyframes.scss     |   2 +-
 .../icons/corner-down-left/placeholders.scss  |   2 +-
 .../icons/corner-down-left/property-16.scss   |   2 +-
 .../icons/corner-down-left/property-24.scss   |   2 +-
 .../icons/icons/corner-down-right/index.scss  |   2 +-
 .../icons/corner-down-right/keyframes.scss    |   2 +-
 .../icons/corner-down-right/placeholders.scss |   2 +-
 .../icons/corner-down-right/property-16.scss  |   2 +-
 .../icons/corner-down-right/property-24.scss  |   2 +-
 .../icons/icons/corner-left-down/index.scss   |   2 +-
 .../icons/corner-left-down/keyframes.scss     |   2 +-
 .../icons/corner-left-down/placeholders.scss  |   2 +-
 .../icons/corner-left-down/property-16.scss   |   2 +-
 .../icons/corner-left-down/property-24.scss   |   2 +-
 .../icons/icons/corner-left-up/index.scss     |   2 +-
 .../icons/icons/corner-left-up/keyframes.scss |   2 +-
 .../icons/corner-left-up/placeholders.scss    |   2 +-
 .../icons/corner-left-up/property-16.scss     |   2 +-
 .../icons/corner-left-up/property-24.scss     |   2 +-
 .../icons/icons/corner-right-down/index.scss  |   2 +-
 .../icons/corner-right-down/keyframes.scss    |   2 +-
 .../icons/corner-right-down/placeholders.scss |   2 +-
 .../icons/corner-right-down/property-16.scss  |   2 +-
 .../icons/corner-right-down/property-24.scss  |   2 +-
 .../icons/icons/corner-right-up/index.scss    |   2 +-
 .../icons/corner-right-up/keyframes.scss      |   2 +-
 .../icons/corner-right-up/placeholders.scss   |   2 +-
 .../icons/corner-right-up/property-16.scss    |   2 +-
 .../icons/corner-right-up/property-24.scss    |   2 +-
 .../icons/icons/corner-up-left/index.scss     |   2 +-
 .../icons/icons/corner-up-left/keyframes.scss |   2 +-
 .../icons/corner-up-left/placeholders.scss    |   2 +-
 .../icons/corner-up-left/property-16.scss     |   2 +-
 .../icons/corner-up-left/property-24.scss     |   2 +-
 .../icons/icons/corner-up-right/index.scss    |   2 +-
 .../icons/corner-up-right/keyframes.scss      |   2 +-
 .../icons/corner-up-right/placeholders.scss   |   2 +-
 .../icons/corner-up-right/property-16.scss    |   2 +-
 .../icons/corner-up-right/property-24.scss    |   2 +-
 .../styles/base/icons/icons/cpu/index.scss    |   2 +-
 .../base/icons/icons/cpu/keyframes.scss       |   2 +-
 .../base/icons/icons/cpu/placeholders.scss    |   2 +-
 .../base/icons/icons/cpu/property-16.scss     |   2 +-
 .../base/icons/icons/cpu/property-24.scss     |   2 +-
 .../base/icons/icons/credit-card/index.scss   |   2 +-
 .../icons/icons/credit-card/keyframes.scss    |   2 +-
 .../icons/icons/credit-card/placeholders.scss |   2 +-
 .../icons/icons/credit-card/property-16.scss  |   2 +-
 .../icons/icons/credit-card/property-24.scss  |   2 +-
 .../styles/base/icons/icons/crop/index.scss   |   2 +-
 .../base/icons/icons/crop/keyframes.scss      |   2 +-
 .../base/icons/icons/crop/placeholders.scss   |   2 +-
 .../base/icons/icons/crop/property-16.scss    |   2 +-
 .../base/icons/icons/crop/property-24.scss    |   2 +-
 .../base/icons/icons/crosshair/index.scss     |   2 +-
 .../base/icons/icons/crosshair/keyframes.scss |   2 +-
 .../icons/icons/crosshair/placeholders.scss   |   2 +-
 .../icons/icons/crosshair/property-16.scss    |   2 +-
 .../icons/icons/crosshair/property-24.scss    |   2 +-
 .../base/icons/icons/dashboard/index.scss     |   2 +-
 .../base/icons/icons/dashboard/keyframes.scss |   2 +-
 .../icons/icons/dashboard/placeholders.scss   |   2 +-
 .../icons/icons/dashboard/property-16.scss    |   2 +-
 .../icons/icons/dashboard/property-24.scss    |   2 +-
 .../base/icons/icons/database/index.scss      |   2 +-
 .../base/icons/icons/database/keyframes.scss  |   2 +-
 .../icons/icons/database/placeholders.scss    |   2 +-
 .../icons/icons/database/property-16.scss     |   2 +-
 .../icons/icons/database/property-24.scss     |   2 +-
 .../styles/base/icons/icons/delay/index.scss  |   2 +-
 .../base/icons/icons/delay/keyframes.scss     |   2 +-
 .../base/icons/icons/delay/placeholders.scss  |   2 +-
 .../base/icons/icons/delay/property-16.scss   |   2 +-
 .../base/icons/icons/delay/property-24.scss   |   2 +-
 .../styles/base/icons/icons/delete/index.scss |   2 +-
 .../base/icons/icons/delete/keyframes.scss    |   2 +-
 .../base/icons/icons/delete/placeholders.scss |   2 +-
 .../base/icons/icons/delete/property-16.scss  |   2 +-
 .../base/icons/icons/delete/property-24.scss  |   2 +-
 .../base/icons/icons/deny-alt/index.scss      |   2 +-
 .../base/icons/icons/deny-alt/keyframes.scss  |   2 +-
 .../icons/icons/deny-alt/placeholders.scss    |   2 +-
 .../base/icons/icons/deny-color/index.scss    |   2 +-
 .../icons/icons/deny-color/keyframes.scss     |   2 +-
 .../icons/icons/deny-color/placeholders.scss  |   2 +-
 .../icons/icons/deny-color/property-16.scss   |   2 +-
 .../icons/icons/deny-color/property-24.scss   |   2 +-
 .../base/icons/icons/deny-default/index.scss  |   2 +-
 .../icons/icons/deny-default/keyframes.scss   |   2 +-
 .../icons/deny-default/placeholders.scss      |   2 +-
 .../base/icons/icons/diamond-fill/index.scss  |   2 +-
 .../icons/icons/diamond-fill/keyframes.scss   |   2 +-
 .../icons/diamond-fill/placeholders.scss      |   2 +-
 .../icons/icons/diamond-fill/property-16.scss |   2 +-
 .../icons/icons/diamond-fill/property-24.scss |   2 +-
 .../base/icons/icons/diamond/index.scss       |   2 +-
 .../base/icons/icons/diamond/keyframes.scss   |   2 +-
 .../icons/icons/diamond/placeholders.scss     |   2 +-
 .../base/icons/icons/diamond/property-16.scss |   2 +-
 .../base/icons/icons/diamond/property-24.scss |   2 +-
 .../base/icons/icons/disabled/index.scss      |   2 +-
 .../base/icons/icons/disabled/keyframes.scss  |   2 +-
 .../icons/icons/disabled/placeholders.scss    |   2 +-
 .../styles/base/icons/icons/disc/index.scss   |   2 +-
 .../base/icons/icons/disc/keyframes.scss      |   2 +-
 .../base/icons/icons/disc/placeholders.scss   |   2 +-
 .../base/icons/icons/disc/property-16.scss    |   2 +-
 .../base/icons/icons/disc/property-24.scss    |   2 +-
 .../icons/icons/discussion-circle/index.scss  |   2 +-
 .../icons/discussion-circle/keyframes.scss    |   2 +-
 .../icons/discussion-circle/placeholders.scss |   2 +-
 .../icons/discussion-circle/property-16.scss  |   2 +-
 .../icons/discussion-circle/property-24.scss  |   2 +-
 .../icons/icons/discussion-square/index.scss  |   2 +-
 .../icons/discussion-square/keyframes.scss    |   2 +-
 .../icons/discussion-square/placeholders.scss |   2 +-
 .../icons/discussion-square/property-16.scss  |   2 +-
 .../icons/discussion-square/property-24.scss  |   2 +-
 .../base/icons/icons/docker-color/index.scss  |   2 +-
 .../icons/icons/docker-color/keyframes.scss   |   2 +-
 .../icons/docker-color/placeholders.scss      |   2 +-
 .../icons/icons/docker-color/property-16.scss |   2 +-
 .../icons/icons/docker-color/property-24.scss |   2 +-
 .../styles/base/icons/icons/docker/index.scss |   2 +-
 .../base/icons/icons/docker/keyframes.scss    |   2 +-
 .../base/icons/icons/docker/placeholders.scss |   2 +-
 .../base/icons/icons/docker/property-16.scss  |   2 +-
 .../base/icons/icons/docker/property-24.scss  |   2 +-
 .../base/icons/icons/docs-download/index.scss |   2 +-
 .../icons/icons/docs-download/keyframes.scss  |   2 +-
 .../icons/docs-download/placeholders.scss     |   2 +-
 .../icons/docs-download/property-16.scss      |   2 +-
 .../icons/docs-download/property-24.scss      |   2 +-
 .../base/icons/icons/docs-link/index.scss     |   2 +-
 .../base/icons/icons/docs-link/keyframes.scss |   2 +-
 .../icons/icons/docs-link/placeholders.scss   |   2 +-
 .../icons/icons/docs-link/property-16.scss    |   2 +-
 .../icons/icons/docs-link/property-24.scss    |   2 +-
 .../styles/base/icons/icons/docs/index.scss   |   2 +-
 .../base/icons/icons/docs/keyframes.scss      |   2 +-
 .../base/icons/icons/docs/placeholders.scss   |   2 +-
 .../base/icons/icons/docs/property-16.scss    |   2 +-
 .../base/icons/icons/docs/property-24.scss    |   2 +-
 .../base/icons/icons/dollar-sign/index.scss   |   2 +-
 .../icons/icons/dollar-sign/keyframes.scss    |   2 +-
 .../icons/icons/dollar-sign/placeholders.scss |   2 +-
 .../icons/icons/dollar-sign/property-16.scss  |   2 +-
 .../icons/icons/dollar-sign/property-24.scss  |   2 +-
 .../base/icons/icons/dot-half/index.scss      |   2 +-
 .../base/icons/icons/dot-half/keyframes.scss  |   2 +-
 .../icons/icons/dot-half/placeholders.scss    |   2 +-
 .../icons/icons/dot-half/property-16.scss     |   2 +-
 .../icons/icons/dot-half/property-24.scss     |   2 +-
 .../styles/base/icons/icons/dot/index.scss    |   2 +-
 .../base/icons/icons/dot/keyframes.scss       |   2 +-
 .../base/icons/icons/dot/placeholders.scss    |   2 +-
 .../base/icons/icons/dot/property-16.scss     |   2 +-
 .../base/icons/icons/dot/property-24.scss     |   2 +-
 .../base/icons/icons/download/index.scss      |   2 +-
 .../base/icons/icons/download/keyframes.scss  |   2 +-
 .../icons/icons/download/placeholders.scss    |   2 +-
 .../icons/icons/download/property-16.scss     |   2 +-
 .../icons/icons/download/property-24.scss     |   2 +-
 .../base/icons/icons/droplet/index.scss       |   2 +-
 .../base/icons/icons/droplet/keyframes.scss   |   2 +-
 .../icons/icons/droplet/placeholders.scss     |   2 +-
 .../base/icons/icons/droplet/property-16.scss |   2 +-
 .../base/icons/icons/droplet/property-24.scss |   2 +-
 .../base/icons/icons/duplicate/index.scss     |   2 +-
 .../base/icons/icons/duplicate/keyframes.scss |   2 +-
 .../icons/icons/duplicate/placeholders.scss   |   2 +-
 .../icons/icons/duplicate/property-16.scss    |   2 +-
 .../icons/icons/duplicate/property-24.scss    |   2 +-
 .../styles/base/icons/icons/edit/index.scss   |   2 +-
 .../base/icons/icons/edit/keyframes.scss      |   2 +-
 .../base/icons/icons/edit/placeholders.scss   |   2 +-
 .../base/icons/icons/edit/property-16.scss    |   2 +-
 .../base/icons/icons/edit/property-24.scss    |   2 +-
 .../base/icons/icons/enterprise/index.scss    |   2 +-
 .../icons/icons/enterprise/keyframes.scss     |   2 +-
 .../icons/icons/enterprise/placeholders.scss  |   2 +-
 .../icons/icons/enterprise/property-16.scss   |   2 +-
 .../icons/icons/enterprise/property-24.scss   |   2 +-
 .../base/icons/icons/entry-point/index.scss   |   2 +-
 .../icons/icons/entry-point/keyframes.scss    |   2 +-
 .../icons/icons/entry-point/placeholders.scss |   2 +-
 .../icons/icons/entry-point/property-16.scss  |   2 +-
 .../icons/icons/entry-point/property-24.scss  |   2 +-
 .../icons/envelope-sealed-fill/index.scss     |   2 +-
 .../icons/envelope-sealed-fill/keyframes.scss |   2 +-
 .../envelope-sealed-fill/placeholders.scss    |   2 +-
 .../icons/envelope-sealed-outline/index.scss  |   2 +-
 .../envelope-sealed-outline/keyframes.scss    |   2 +-
 .../envelope-sealed-outline/placeholders.scss |   2 +-
 .../envelope-unsealed--outline/index.scss     |   2 +-
 .../envelope-unsealed--outline/keyframes.scss |   2 +-
 .../placeholders.scss                         |   2 +-
 .../icons/envelope-unsealed-fill/index.scss   |   2 +-
 .../envelope-unsealed-fill/keyframes.scss     |   2 +-
 .../envelope-unsealed-fill/placeholders.scss  |   2 +-
 .../styles/base/icons/icons/event/index.scss  |   2 +-
 .../base/icons/icons/event/keyframes.scss     |   2 +-
 .../base/icons/icons/event/placeholders.scss  |   2 +-
 .../base/icons/icons/event/property-16.scss   |   2 +-
 .../base/icons/icons/event/property-24.scss   |   2 +-
 .../base/icons/icons/exit-point/index.scss    |   2 +-
 .../icons/icons/exit-point/keyframes.scss     |   2 +-
 .../icons/icons/exit-point/placeholders.scss  |   2 +-
 .../icons/icons/exit-point/property-16.scss   |   2 +-
 .../icons/icons/exit-point/property-24.scss   |   2 +-
 .../styles/base/icons/icons/exit/index.scss   |   2 +-
 .../base/icons/icons/exit/keyframes.scss      |   2 +-
 .../base/icons/icons/exit/placeholders.scss   |   2 +-
 .../base/icons/icons/expand-less/index.scss   |   2 +-
 .../icons/icons/expand-less/keyframes.scss    |   2 +-
 .../icons/icons/expand-less/placeholders.scss |   2 +-
 .../base/icons/icons/expand-more/index.scss   |   2 +-
 .../icons/icons/expand-more/keyframes.scss    |   2 +-
 .../icons/icons/expand-more/placeholders.scss |   2 +-
 .../base/icons/icons/external-link/index.scss |   2 +-
 .../icons/icons/external-link/keyframes.scss  |   2 +-
 .../icons/external-link/placeholders.scss     |   2 +-
 .../icons/external-link/property-16.scss      |   2 +-
 .../icons/external-link/property-24.scss      |   2 +-
 .../base/icons/icons/eye-off/index.scss       |   2 +-
 .../base/icons/icons/eye-off/keyframes.scss   |   2 +-
 .../icons/icons/eye-off/placeholders.scss     |   2 +-
 .../base/icons/icons/eye-off/property-16.scss |   2 +-
 .../base/icons/icons/eye-off/property-24.scss |   2 +-
 .../styles/base/icons/icons/eye/index.scss    |   2 +-
 .../base/icons/icons/eye/keyframes.scss       |   2 +-
 .../base/icons/icons/eye/placeholders.scss    |   2 +-
 .../base/icons/icons/eye/property-16.scss     |   2 +-
 .../base/icons/icons/eye/property-24.scss     |   2 +-
 .../base/icons/icons/f5-color/index.scss      |   2 +-
 .../base/icons/icons/f5-color/keyframes.scss  |   2 +-
 .../icons/icons/f5-color/placeholders.scss    |   2 +-
 .../icons/icons/f5-color/property-16.scss     |   2 +-
 .../icons/icons/f5-color/property-24.scss     |   2 +-
 .../app/styles/base/icons/icons/f5/index.scss |   2 +-
 .../styles/base/icons/icons/f5/keyframes.scss |   2 +-
 .../base/icons/icons/f5/placeholders.scss     |   2 +-
 .../base/icons/icons/f5/property-16.scss      |   2 +-
 .../base/icons/icons/f5/property-24.scss      |   2 +-
 .../icons/icons/facebook-color/index.scss     |   2 +-
 .../icons/icons/facebook-color/keyframes.scss |   2 +-
 .../icons/facebook-color/placeholders.scss    |   2 +-
 .../icons/facebook-color/property-16.scss     |   2 +-
 .../icons/facebook-color/property-24.scss     |   2 +-
 .../base/icons/icons/facebook/index.scss      |   2 +-
 .../base/icons/icons/facebook/keyframes.scss  |   2 +-
 .../icons/icons/facebook/placeholders.scss    |   2 +-
 .../icons/icons/facebook/property-16.scss     |   2 +-
 .../icons/icons/facebook/property-24.scss     |   2 +-
 .../base/icons/icons/fast-forward/index.scss  |   2 +-
 .../icons/icons/fast-forward/keyframes.scss   |   2 +-
 .../icons/fast-forward/placeholders.scss      |   2 +-
 .../icons/icons/fast-forward/property-16.scss |   2 +-
 .../icons/icons/fast-forward/property-24.scss |   2 +-
 .../base/icons/icons/file-change/index.scss   |   2 +-
 .../icons/icons/file-change/keyframes.scss    |   2 +-
 .../icons/icons/file-change/placeholders.scss |   2 +-
 .../icons/icons/file-change/property-16.scss  |   2 +-
 .../icons/icons/file-change/property-24.scss  |   2 +-
 .../base/icons/icons/file-check/index.scss    |   2 +-
 .../icons/icons/file-check/keyframes.scss     |   2 +-
 .../icons/icons/file-check/placeholders.scss  |   2 +-
 .../icons/icons/file-check/property-16.scss   |   2 +-
 .../icons/icons/file-check/property-24.scss   |   2 +-
 .../base/icons/icons/file-diff/index.scss     |   2 +-
 .../base/icons/icons/file-diff/keyframes.scss |   2 +-
 .../icons/icons/file-diff/placeholders.scss   |   2 +-
 .../icons/icons/file-diff/property-16.scss    |   2 +-
 .../icons/icons/file-diff/property-24.scss    |   2 +-
 .../base/icons/icons/file-fill/index.scss     |   2 +-
 .../base/icons/icons/file-fill/keyframes.scss |   2 +-
 .../icons/icons/file-fill/placeholders.scss   |   2 +-
 .../base/icons/icons/file-minus/index.scss    |   2 +-
 .../icons/icons/file-minus/keyframes.scss     |   2 +-
 .../icons/icons/file-minus/placeholders.scss  |   2 +-
 .../icons/icons/file-minus/property-16.scss   |   2 +-
 .../icons/icons/file-minus/property-24.scss   |   2 +-
 .../base/icons/icons/file-outline/index.scss  |   2 +-
 .../icons/icons/file-outline/keyframes.scss   |   2 +-
 .../icons/file-outline/placeholders.scss      |   2 +-
 .../base/icons/icons/file-plus/index.scss     |   2 +-
 .../base/icons/icons/file-plus/keyframes.scss |   2 +-
 .../icons/icons/file-plus/placeholders.scss   |   2 +-
 .../icons/icons/file-plus/property-16.scss    |   2 +-
 .../icons/icons/file-plus/property-24.scss    |   2 +-
 .../base/icons/icons/file-source/index.scss   |   2 +-
 .../icons/icons/file-source/keyframes.scss    |   2 +-
 .../icons/icons/file-source/placeholders.scss |   2 +-
 .../icons/icons/file-source/property-16.scss  |   2 +-
 .../icons/icons/file-source/property-24.scss  |   2 +-
 .../base/icons/icons/file-text/index.scss     |   2 +-
 .../base/icons/icons/file-text/keyframes.scss |   2 +-
 .../icons/icons/file-text/placeholders.scss   |   2 +-
 .../icons/icons/file-text/property-16.scss    |   2 +-
 .../icons/icons/file-text/property-24.scss    |   2 +-
 .../styles/base/icons/icons/file-x/index.scss |   2 +-
 .../base/icons/icons/file-x/keyframes.scss    |   2 +-
 .../base/icons/icons/file-x/placeholders.scss |   2 +-
 .../base/icons/icons/file-x/property-16.scss  |   2 +-
 .../base/icons/icons/file-x/property-24.scss  |   2 +-
 .../styles/base/icons/icons/file/index.scss   |   2 +-
 .../base/icons/icons/file/keyframes.scss      |   2 +-
 .../base/icons/icons/file/placeholders.scss   |   2 +-
 .../base/icons/icons/file/property-16.scss    |   2 +-
 .../base/icons/icons/file/property-24.scss    |   2 +-
 .../styles/base/icons/icons/files/index.scss  |   2 +-
 .../base/icons/icons/files/keyframes.scss     |   2 +-
 .../base/icons/icons/files/placeholders.scss  |   2 +-
 .../base/icons/icons/files/property-16.scss   |   2 +-
 .../base/icons/icons/files/property-24.scss   |   2 +-
 .../styles/base/icons/icons/film/index.scss   |   2 +-
 .../base/icons/icons/film/keyframes.scss      |   2 +-
 .../base/icons/icons/film/placeholders.scss   |   2 +-
 .../base/icons/icons/film/property-16.scss    |   2 +-
 .../base/icons/icons/film/property-24.scss    |   2 +-
 .../base/icons/icons/filter-circle/index.scss |   2 +-
 .../icons/icons/filter-circle/keyframes.scss  |   2 +-
 .../icons/filter-circle/placeholders.scss     |   2 +-
 .../icons/filter-circle/property-16.scss      |   2 +-
 .../icons/filter-circle/property-24.scss      |   2 +-
 .../base/icons/icons/filter-fill/index.scss   |   2 +-
 .../icons/icons/filter-fill/keyframes.scss    |   2 +-
 .../icons/icons/filter-fill/placeholders.scss |   2 +-
 .../icons/icons/filter-fill/property-16.scss  |   2 +-
 .../icons/icons/filter-fill/property-24.scss  |   2 +-
 .../styles/base/icons/icons/filter/index.scss |   2 +-
 .../base/icons/icons/filter/keyframes.scss    |   2 +-
 .../base/icons/icons/filter/placeholders.scss |   2 +-
 .../base/icons/icons/filter/property-16.scss  |   2 +-
 .../base/icons/icons/filter/property-24.scss  |   2 +-
 .../base/icons/icons/fingerprint/index.scss   |   2 +-
 .../icons/icons/fingerprint/keyframes.scss    |   2 +-
 .../icons/icons/fingerprint/placeholders.scss |   2 +-
 .../icons/icons/fingerprint/property-16.scss  |   2 +-
 .../icons/icons/fingerprint/property-24.scss  |   2 +-
 .../styles/base/icons/icons/flag/index.scss   |   2 +-
 .../base/icons/icons/flag/keyframes.scss      |   2 +-
 .../base/icons/icons/flag/placeholders.scss   |   2 +-
 .../base/icons/icons/flag/property-16.scss    |   2 +-
 .../base/icons/icons/flag/property-24.scss    |   2 +-
 .../base/icons/icons/folder-fill/index.scss   |   2 +-
 .../icons/icons/folder-fill/keyframes.scss    |   2 +-
 .../icons/icons/folder-fill/placeholders.scss |   2 +-
 .../icons/icons/folder-fill/property-16.scss  |   2 +-
 .../icons/icons/folder-fill/property-24.scss  |   2 +-
 .../icons/icons/folder-minus-fill/index.scss  |   2 +-
 .../icons/folder-minus-fill/keyframes.scss    |   2 +-
 .../icons/folder-minus-fill/placeholders.scss |   2 +-
 .../icons/folder-minus-fill/property-16.scss  |   2 +-
 .../icons/folder-minus-fill/property-24.scss  |   2 +-
 .../base/icons/icons/folder-minus/index.scss  |   2 +-
 .../icons/icons/folder-minus/keyframes.scss   |   2 +-
 .../icons/folder-minus/placeholders.scss      |   2 +-
 .../icons/icons/folder-minus/property-16.scss |   2 +-
 .../icons/icons/folder-minus/property-24.scss |   2 +-
 .../icons/icons/folder-outline/index.scss     |   2 +-
 .../icons/icons/folder-outline/keyframes.scss |   2 +-
 .../icons/folder-outline/placeholders.scss    |   2 +-
 .../icons/icons/folder-plus-fill/index.scss   |   2 +-
 .../icons/folder-plus-fill/keyframes.scss     |   2 +-
 .../icons/folder-plus-fill/placeholders.scss  |   2 +-
 .../icons/folder-plus-fill/property-16.scss   |   2 +-
 .../icons/folder-plus-fill/property-24.scss   |   2 +-
 .../base/icons/icons/folder-plus/index.scss   |   2 +-
 .../icons/icons/folder-plus/keyframes.scss    |   2 +-
 .../icons/icons/folder-plus/placeholders.scss |   2 +-
 .../icons/icons/folder-plus/property-16.scss  |   2 +-
 .../icons/icons/folder-plus/property-24.scss  |   2 +-
 .../base/icons/icons/folder-star/index.scss   |   2 +-
 .../icons/icons/folder-star/keyframes.scss    |   2 +-
 .../icons/icons/folder-star/placeholders.scss |   2 +-
 .../icons/icons/folder-star/property-16.scss  |   2 +-
 .../icons/icons/folder-star/property-24.scss  |   2 +-
 .../base/icons/icons/folder-users/index.scss  |   2 +-
 .../icons/icons/folder-users/keyframes.scss   |   2 +-
 .../icons/folder-users/placeholders.scss      |   2 +-
 .../icons/icons/folder-users/property-16.scss |   2 +-
 .../icons/icons/folder-users/property-24.scss |   2 +-
 .../styles/base/icons/icons/folder/index.scss |   2 +-
 .../base/icons/icons/folder/keyframes.scss    |   2 +-
 .../base/icons/icons/folder/placeholders.scss |   2 +-
 .../base/icons/icons/folder/property-16.scss  |   2 +-
 .../base/icons/icons/folder/property-24.scss  |   2 +-
 .../styles/base/icons/icons/frown/index.scss  |   2 +-
 .../base/icons/icons/frown/keyframes.scss     |   2 +-
 .../base/icons/icons/frown/placeholders.scss  |   2 +-
 .../base/icons/icons/frown/property-16.scss   |   2 +-
 .../base/icons/icons/frown/property-24.scss   |   2 +-
 .../base/icons/icons/gateway/index.scss       |   2 +-
 .../base/icons/icons/gateway/keyframes.scss   |   2 +-
 .../icons/icons/gateway/placeholders.scss     |   2 +-
 .../base/icons/icons/gateway/property-16.scss |   2 +-
 .../base/icons/icons/gateway/property-24.scss |   2 +-
 .../base/icons/icons/gcp-color/index.scss     |   2 +-
 .../base/icons/icons/gcp-color/keyframes.scss |   2 +-
 .../icons/icons/gcp-color/placeholders.scss   |   2 +-
 .../icons/icons/gcp-color/property-16.scss    |   2 +-
 .../icons/icons/gcp-color/property-24.scss    |   2 +-
 .../styles/base/icons/icons/gcp/index.scss    |   2 +-
 .../base/icons/icons/gcp/keyframes.scss       |   2 +-
 .../base/icons/icons/gcp/placeholders.scss    |   2 +-
 .../base/icons/icons/gcp/property-16.scss     |   2 +-
 .../base/icons/icons/gcp/property-24.scss     |   2 +-
 .../base/icons/icons/gift-fill/index.scss     |   2 +-
 .../base/icons/icons/gift-fill/keyframes.scss |   2 +-
 .../icons/icons/gift-fill/placeholders.scss   |   2 +-
 .../base/icons/icons/gift-outline/index.scss  |   2 +-
 .../icons/icons/gift-outline/keyframes.scss   |   2 +-
 .../icons/gift-outline/placeholders.scss      |   2 +-
 .../styles/base/icons/icons/gift/index.scss   |   2 +-
 .../base/icons/icons/gift/keyframes.scss      |   2 +-
 .../base/icons/icons/gift/placeholders.scss   |   2 +-
 .../base/icons/icons/gift/property-16.scss    |   2 +-
 .../base/icons/icons/gift/property-24.scss    |   2 +-
 .../base/icons/icons/git-branch/index.scss    |   2 +-
 .../icons/icons/git-branch/keyframes.scss     |   2 +-
 .../icons/icons/git-branch/placeholders.scss  |   2 +-
 .../icons/icons/git-branch/property-16.scss   |   2 +-
 .../icons/icons/git-branch/property-24.scss   |   2 +-
 .../base/icons/icons/git-commit/index.scss    |   2 +-
 .../icons/icons/git-commit/keyframes.scss     |   2 +-
 .../icons/icons/git-commit/placeholders.scss  |   2 +-
 .../icons/icons/git-commit/property-16.scss   |   2 +-
 .../icons/icons/git-commit/property-24.scss   |   2 +-
 .../base/icons/icons/git-merge/index.scss     |   2 +-
 .../base/icons/icons/git-merge/keyframes.scss |   2 +-
 .../icons/icons/git-merge/placeholders.scss   |   2 +-
 .../icons/icons/git-merge/property-16.scss    |   2 +-
 .../icons/icons/git-merge/property-24.scss    |   2 +-
 .../icons/icons/git-pull-request/index.scss   |   2 +-
 .../icons/git-pull-request/keyframes.scss     |   2 +-
 .../icons/git-pull-request/placeholders.scss  |   2 +-
 .../icons/git-pull-request/property-16.scss   |   2 +-
 .../icons/git-pull-request/property-24.scss   |   2 +-
 .../base/icons/icons/git-repo/index.scss      |   2 +-
 .../base/icons/icons/git-repo/keyframes.scss  |   2 +-
 .../icons/icons/git-repo/placeholders.scss    |   2 +-
 .../icons/icons/git-repo/property-16.scss     |   2 +-
 .../icons/icons/git-repo/property-24.scss     |   2 +-
 .../icons/icons/git-repository/index.scss     |   2 +-
 .../icons/icons/git-repository/keyframes.scss |   2 +-
 .../icons/git-repository/placeholders.scss    |   2 +-
 .../base/icons/icons/github-color/index.scss  |   2 +-
 .../icons/icons/github-color/keyframes.scss   |   2 +-
 .../icons/github-color/placeholders.scss      |   2 +-
 .../icons/icons/github-color/property-16.scss |   2 +-
 .../icons/icons/github-color/property-24.scss |   2 +-
 .../styles/base/icons/icons/github/index.scss |   2 +-
 .../base/icons/icons/github/keyframes.scss    |   2 +-
 .../base/icons/icons/github/placeholders.scss |   2 +-
 .../base/icons/icons/github/property-16.scss  |   2 +-
 .../base/icons/icons/github/property-24.scss  |   2 +-
 .../base/icons/icons/gitlab-color/index.scss  |   2 +-
 .../icons/icons/gitlab-color/keyframes.scss   |   2 +-
 .../icons/gitlab-color/placeholders.scss      |   2 +-
 .../icons/icons/gitlab-color/property-16.scss |   2 +-
 .../icons/icons/gitlab-color/property-24.scss |   2 +-
 .../styles/base/icons/icons/gitlab/index.scss |   2 +-
 .../base/icons/icons/gitlab/keyframes.scss    |   2 +-
 .../base/icons/icons/gitlab/placeholders.scss |   2 +-
 .../base/icons/icons/gitlab/property-16.scss  |   2 +-
 .../base/icons/icons/gitlab/property-24.scss  |   2 +-
 .../base/icons/icons/globe-private/index.scss |   2 +-
 .../icons/icons/globe-private/keyframes.scss  |   2 +-
 .../icons/globe-private/placeholders.scss     |   2 +-
 .../icons/globe-private/property-16.scss      |   2 +-
 .../icons/globe-private/property-24.scss      |   2 +-
 .../styles/base/icons/icons/globe/index.scss  |   2 +-
 .../base/icons/icons/globe/keyframes.scss     |   2 +-
 .../base/icons/icons/globe/placeholders.scss  |   2 +-
 .../base/icons/icons/globe/property-16.scss   |   2 +-
 .../base/icons/icons/globe/property-24.scss   |   2 +-
 .../base/icons/icons/google-color/index.scss  |   2 +-
 .../icons/icons/google-color/keyframes.scss   |   2 +-
 .../icons/google-color/placeholders.scss      |   2 +-
 .../icons/icons/google-color/property-16.scss |   2 +-
 .../icons/icons/google-color/property-24.scss |   2 +-
 .../styles/base/icons/icons/google/index.scss |   2 +-
 .../base/icons/icons/google/keyframes.scss    |   2 +-
 .../base/icons/icons/google/placeholders.scss |   2 +-
 .../base/icons/icons/google/property-16.scss  |   2 +-
 .../base/icons/icons/google/property-24.scss  |   2 +-
 .../base/icons/icons/grid-alt/index.scss      |   2 +-
 .../base/icons/icons/grid-alt/keyframes.scss  |   2 +-
 .../icons/icons/grid-alt/placeholders.scss    |   2 +-
 .../icons/icons/grid-alt/property-16.scss     |   2 +-
 .../icons/icons/grid-alt/property-24.scss     |   2 +-
 .../styles/base/icons/icons/grid/index.scss   |   2 +-
 .../base/icons/icons/grid/keyframes.scss      |   2 +-
 .../base/icons/icons/grid/placeholders.scss   |   2 +-
 .../base/icons/icons/grid/property-16.scss    |   2 +-
 .../base/icons/icons/grid/property-24.scss    |   2 +-
 .../base/icons/icons/guide-link/index.scss    |   2 +-
 .../icons/icons/guide-link/keyframes.scss     |   2 +-
 .../icons/icons/guide-link/placeholders.scss  |   2 +-
 .../icons/icons/guide-link/property-16.scss   |   2 +-
 .../icons/icons/guide-link/property-24.scss   |   2 +-
 .../styles/base/icons/icons/guide/index.scss  |   2 +-
 .../base/icons/icons/guide/keyframes.scss     |   2 +-
 .../base/icons/icons/guide/placeholders.scss  |   2 +-
 .../base/icons/icons/guide/property-16.scss   |   2 +-
 .../base/icons/icons/guide/property-24.scss   |   2 +-
 .../styles/base/icons/icons/hammer/index.scss |   2 +-
 .../base/icons/icons/hammer/keyframes.scss    |   2 +-
 .../base/icons/icons/hammer/placeholders.scss |   2 +-
 .../base/icons/icons/hammer/property-16.scss  |   2 +-
 .../base/icons/icons/hammer/property-24.scss  |   2 +-
 .../base/icons/icons/handshake/index.scss     |   2 +-
 .../base/icons/icons/handshake/keyframes.scss |   2 +-
 .../icons/icons/handshake/placeholders.scss   |   2 +-
 .../icons/icons/handshake/property-16.scss    |   2 +-
 .../icons/icons/handshake/property-24.scss    |   2 +-
 .../base/icons/icons/hard-drive/index.scss    |   2 +-
 .../icons/icons/hard-drive/keyframes.scss     |   2 +-
 .../icons/icons/hard-drive/placeholders.scss  |   2 +-
 .../icons/icons/hard-drive/property-16.scss   |   2 +-
 .../icons/icons/hard-drive/property-24.scss   |   2 +-
 .../styles/base/icons/icons/hash/index.scss   |   2 +-
 .../base/icons/icons/hash/keyframes.scss      |   2 +-
 .../base/icons/icons/hash/placeholders.scss   |   2 +-
 .../base/icons/icons/hash/property-16.scss    |   2 +-
 .../base/icons/icons/hash/property-24.scss    |   2 +-
 .../icons/icons/hashicorp-color/index.scss    |   2 +-
 .../icons/hashicorp-color/keyframes.scss      |   2 +-
 .../icons/hashicorp-color/placeholders.scss   |   2 +-
 .../icons/hashicorp-color/property-16.scss    |   2 +-
 .../icons/hashicorp-color/property-24.scss    |   2 +-
 .../base/icons/icons/hashicorp/index.scss     |   2 +-
 .../base/icons/icons/hashicorp/keyframes.scss |   2 +-
 .../icons/icons/hashicorp/placeholders.scss   |   2 +-
 .../icons/icons/hashicorp/property-16.scss    |   2 +-
 .../icons/icons/hashicorp/property-24.scss    |   2 +-
 .../base/icons/icons/hcp-color/index.scss     |   2 +-
 .../base/icons/icons/hcp-color/keyframes.scss |   2 +-
 .../icons/icons/hcp-color/placeholders.scss   |   2 +-
 .../icons/icons/hcp-color/property-16.scss    |   2 +-
 .../icons/icons/hcp-color/property-24.scss    |   2 +-
 .../styles/base/icons/icons/hcp/index.scss    |   2 +-
 .../base/icons/icons/hcp/keyframes.scss       |   2 +-
 .../base/icons/icons/hcp/placeholders.scss    |   2 +-
 .../base/icons/icons/hcp/property-16.scss     |   2 +-
 .../base/icons/icons/hcp/property-24.scss     |   2 +-
 .../base/icons/icons/headphones/index.scss    |   2 +-
 .../icons/icons/headphones/keyframes.scss     |   2 +-
 .../icons/icons/headphones/placeholders.scss  |   2 +-
 .../icons/icons/headphones/property-16.scss   |   2 +-
 .../icons/icons/headphones/property-24.scss   |   2 +-
 .../styles/base/icons/icons/health/index.scss |   2 +-
 .../base/icons/icons/health/keyframes.scss    |   2 +-
 .../base/icons/icons/health/placeholders.scss |   2 +-
 .../base/icons/icons/heart-fill/index.scss    |   2 +-
 .../icons/icons/heart-fill/keyframes.scss     |   2 +-
 .../icons/icons/heart-fill/placeholders.scss  |   2 +-
 .../icons/icons/heart-fill/property-16.scss   |   2 +-
 .../icons/icons/heart-fill/property-24.scss   |   2 +-
 .../base/icons/icons/heart-off/index.scss     |   2 +-
 .../base/icons/icons/heart-off/keyframes.scss |   2 +-
 .../icons/icons/heart-off/placeholders.scss   |   2 +-
 .../icons/icons/heart-off/property-16.scss    |   2 +-
 .../icons/icons/heart-off/property-24.scss    |   2 +-
 .../styles/base/icons/icons/heart/index.scss  |   2 +-
 .../base/icons/icons/heart/keyframes.scss     |   2 +-
 .../base/icons/icons/heart/placeholders.scss  |   2 +-
 .../base/icons/icons/heart/property-16.scss   |   2 +-
 .../base/icons/icons/heart/property-24.scss   |   2 +-
 .../icons/icons/help-circle-fill/index.scss   |   2 +-
 .../icons/help-circle-fill/keyframes.scss     |   2 +-
 .../icons/help-circle-fill/placeholders.scss  |   2 +-
 .../icons/help-circle-outline/index.scss      |   2 +-
 .../icons/help-circle-outline/keyframes.scss  |   2 +-
 .../help-circle-outline/placeholders.scss     |   2 +-
 .../styles/base/icons/icons/help/index.scss   |   2 +-
 .../base/icons/icons/help/keyframes.scss      |   2 +-
 .../base/icons/icons/help/placeholders.scss   |   2 +-
 .../base/icons/icons/help/property-16.scss    |   2 +-
 .../base/icons/icons/help/property-24.scss    |   2 +-
 .../base/icons/icons/hexagon-fill/index.scss  |   2 +-
 .../icons/icons/hexagon-fill/keyframes.scss   |   2 +-
 .../icons/hexagon-fill/placeholders.scss      |   2 +-
 .../icons/icons/hexagon-fill/property-16.scss |   2 +-
 .../icons/icons/hexagon-fill/property-24.scss |   2 +-
 .../base/icons/icons/hexagon/index.scss       |   2 +-
 .../base/icons/icons/hexagon/keyframes.scss   |   2 +-
 .../icons/icons/hexagon/placeholders.scss     |   2 +-
 .../base/icons/icons/hexagon/property-16.scss |   2 +-
 .../base/icons/icons/hexagon/property-24.scss |   2 +-
 .../base/icons/icons/history/index.scss       |   2 +-
 .../base/icons/icons/history/keyframes.scss   |   2 +-
 .../icons/icons/history/placeholders.scss     |   2 +-
 .../base/icons/icons/history/property-16.scss |   2 +-
 .../base/icons/icons/history/property-24.scss |   2 +-
 .../styles/base/icons/icons/home/index.scss   |   2 +-
 .../base/icons/icons/home/keyframes.scss      |   2 +-
 .../base/icons/icons/home/placeholders.scss   |   2 +-
 .../base/icons/icons/home/property-16.scss    |   2 +-
 .../base/icons/icons/home/property-24.scss    |   2 +-
 .../base/icons/icons/hourglass/index.scss     |   2 +-
 .../base/icons/icons/hourglass/keyframes.scss |   2 +-
 .../icons/icons/hourglass/placeholders.scss   |   2 +-
 .../icons/icons/hourglass/property-16.scss    |   2 +-
 .../icons/icons/hourglass/property-24.scss    |   2 +-
 .../icons/icons/identity-service/index.scss   |   2 +-
 .../icons/identity-service/keyframes.scss     |   2 +-
 .../icons/identity-service/placeholders.scss  |   2 +-
 .../icons/identity-service/property-16.scss   |   2 +-
 .../icons/identity-service/property-24.scss   |   2 +-
 .../base/icons/icons/identity-user/index.scss |   2 +-
 .../icons/icons/identity-user/keyframes.scss  |   2 +-
 .../icons/identity-user/placeholders.scss     |   2 +-
 .../icons/identity-user/property-16.scss      |   2 +-
 .../icons/identity-user/property-24.scss      |   2 +-
 .../styles/base/icons/icons/image/index.scss  |   2 +-
 .../base/icons/icons/image/keyframes.scss     |   2 +-
 .../base/icons/icons/image/placeholders.scss  |   2 +-
 .../base/icons/icons/image/property-16.scss   |   2 +-
 .../base/icons/icons/image/property-24.scss   |   2 +-
 .../styles/base/icons/icons/inbox/index.scss  |   2 +-
 .../base/icons/icons/inbox/keyframes.scss     |   2 +-
 .../base/icons/icons/inbox/placeholders.scss  |   2 +-
 .../base/icons/icons/inbox/property-16.scss   |   2 +-
 .../base/icons/icons/inbox/property-24.scss   |   2 +-
 .../app/styles/base/icons/icons/index.scss    |   2 +-
 .../icons/icons/info-circle-fill/index.scss   |   2 +-
 .../icons/info-circle-fill/keyframes.scss     |   2 +-
 .../icons/info-circle-fill/placeholders.scss  |   2 +-
 .../icons/info-circle-outline/index.scss      |   2 +-
 .../icons/info-circle-outline/keyframes.scss  |   2 +-
 .../info-circle-outline/placeholders.scss     |   2 +-
 .../styles/base/icons/icons/info/index.scss   |   2 +-
 .../base/icons/icons/info/keyframes.scss      |   2 +-
 .../base/icons/icons/info/placeholders.scss   |   2 +-
 .../base/icons/icons/info/property-16.scss    |   2 +-
 .../base/icons/icons/info/property-24.scss    |   2 +-
 .../base/icons/icons/jump-link/index.scss     |   2 +-
 .../base/icons/icons/jump-link/keyframes.scss |   2 +-
 .../icons/icons/jump-link/placeholders.scss   |   2 +-
 .../icons/icons/jump-link/property-16.scss    |   2 +-
 .../icons/icons/jump-link/property-24.scss    |   2 +-
 .../base/icons/icons/key-values/index.scss    |   2 +-
 .../icons/icons/key-values/keyframes.scss     |   2 +-
 .../icons/icons/key-values/placeholders.scss  |   2 +-
 .../icons/icons/key-values/property-16.scss   |   2 +-
 .../icons/icons/key-values/property-24.scss   |   2 +-
 .../styles/base/icons/icons/key/index.scss    |   2 +-
 .../base/icons/icons/key/keyframes.scss       |   2 +-
 .../base/icons/icons/key/placeholders.scss    |   2 +-
 .../base/icons/icons/key/property-16.scss     |   2 +-
 .../base/icons/icons/key/property-24.scss     |   2 +-
 .../base/icons/icons/keychain/index.scss      |   2 +-
 .../base/icons/icons/keychain/keyframes.scss  |   2 +-
 .../icons/icons/keychain/placeholders.scss    |   2 +-
 .../icons/icons/keychain/property-16.scss     |   2 +-
 .../icons/icons/keychain/property-24.scss     |   2 +-
 .../icons/icons/kubernetes-color/index.scss   |   2 +-
 .../icons/kubernetes-color/keyframes.scss     |   2 +-
 .../icons/kubernetes-color/placeholders.scss  |   2 +-
 .../icons/kubernetes-color/property-16.scss   |   2 +-
 .../icons/kubernetes-color/property-24.scss   |   2 +-
 .../base/icons/icons/kubernetes/index.scss    |   2 +-
 .../icons/icons/kubernetes/keyframes.scss     |   2 +-
 .../icons/icons/kubernetes/placeholders.scss  |   2 +-
 .../icons/icons/kubernetes/property-16.scss   |   2 +-
 .../icons/icons/kubernetes/property-24.scss   |   2 +-
 .../base/icons/icons/labyrinth/index.scss     |   2 +-
 .../base/icons/icons/labyrinth/keyframes.scss |   2 +-
 .../icons/icons/labyrinth/placeholders.scss   |   2 +-
 .../icons/icons/labyrinth/property-16.scss    |   2 +-
 .../icons/icons/labyrinth/property-24.scss    |   2 +-
 .../styles/base/icons/icons/layers/index.scss |   2 +-
 .../base/icons/icons/layers/keyframes.scss    |   2 +-
 .../base/icons/icons/layers/placeholders.scss |   2 +-
 .../base/icons/icons/layers/property-16.scss  |   2 +-
 .../base/icons/icons/layers/property-24.scss  |   2 +-
 .../styles/base/icons/icons/layout/index.scss |   2 +-
 .../base/icons/icons/layout/keyframes.scss    |   2 +-
 .../base/icons/icons/layout/placeholders.scss |   2 +-
 .../base/icons/icons/layout/property-16.scss  |   2 +-
 .../base/icons/icons/layout/property-24.scss  |   2 +-
 .../base/icons/icons/learn-link/index.scss    |   2 +-
 .../icons/icons/learn-link/keyframes.scss     |   2 +-
 .../icons/icons/learn-link/placeholders.scss  |   2 +-
 .../icons/icons/learn-link/property-16.scss   |   2 +-
 .../icons/icons/learn-link/property-24.scss   |   2 +-
 .../styles/base/icons/icons/learn/index.scss  |   2 +-
 .../base/icons/icons/learn/keyframes.scss     |   2 +-
 .../base/icons/icons/learn/placeholders.scss  |   2 +-
 .../base/icons/icons/learn/property-16.scss   |   2 +-
 .../base/icons/icons/learn/property-24.scss   |   2 +-
 .../base/icons/icons/line-chart-up/index.scss |   2 +-
 .../icons/icons/line-chart-up/keyframes.scss  |   2 +-
 .../icons/line-chart-up/placeholders.scss     |   2 +-
 .../icons/line-chart-up/property-16.scss      |   2 +-
 .../icons/line-chart-up/property-24.scss      |   2 +-
 .../base/icons/icons/line-chart/index.scss    |   2 +-
 .../icons/icons/line-chart/keyframes.scss     |   2 +-
 .../icons/icons/line-chart/placeholders.scss  |   2 +-
 .../icons/icons/line-chart/property-16.scss   |   2 +-
 .../icons/icons/line-chart/property-24.scss   |   2 +-
 .../styles/base/icons/icons/link/index.scss   |   2 +-
 .../base/icons/icons/link/keyframes.scss      |   2 +-
 .../base/icons/icons/link/placeholders.scss   |   2 +-
 .../base/icons/icons/link/property-16.scss    |   2 +-
 .../base/icons/icons/link/property-24.scss    |   2 +-
 .../icons/icons/linkedin-color/index.scss     |   2 +-
 .../icons/icons/linkedin-color/keyframes.scss |   2 +-
 .../icons/linkedin-color/placeholders.scss    |   2 +-
 .../icons/linkedin-color/property-16.scss     |   2 +-
 .../icons/linkedin-color/property-24.scss     |   2 +-
 .../base/icons/icons/linkedin/index.scss      |   2 +-
 .../base/icons/icons/linkedin/keyframes.scss  |   2 +-
 .../icons/icons/linkedin/placeholders.scss    |   2 +-
 .../icons/icons/linkedin/property-16.scss     |   2 +-
 .../icons/icons/linkedin/property-24.scss     |   2 +-
 .../styles/base/icons/icons/list/index.scss   |   2 +-
 .../base/icons/icons/list/keyframes.scss      |   2 +-
 .../base/icons/icons/list/placeholders.scss   |   2 +-
 .../base/icons/icons/list/property-16.scss    |   2 +-
 .../base/icons/icons/list/property-24.scss    |   2 +-
 .../base/icons/icons/load-balancer/index.scss |   2 +-
 .../icons/icons/load-balancer/keyframes.scss  |   2 +-
 .../icons/load-balancer/placeholders.scss     |   2 +-
 .../icons/load-balancer/property-16.scss      |   2 +-
 .../icons/load-balancer/property-24.scss      |   2 +-
 .../icons/icons/loading-motion/index.scss     |   2 +-
 .../icons/icons/loading-motion/keyframes.scss |   2 +-
 .../icons/loading-motion/placeholders.scss    |   2 +-
 .../icons/loading-motion/property-16.scss     |   2 +-
 .../icons/loading-motion/property-24.scss     |   2 +-
 .../base/icons/icons/loading/index.scss       |   2 +-
 .../base/icons/icons/loading/keyframes.scss   |   2 +-
 .../icons/icons/loading/placeholders.scss     |   2 +-
 .../base/icons/icons/loading/property-16.scss |   2 +-
 .../base/icons/icons/loading/property-24.scss |   2 +-
 .../icons/icons/lock-closed-fill/index.scss   |   2 +-
 .../icons/lock-closed-fill/keyframes.scss     |   2 +-
 .../icons/lock-closed-fill/placeholders.scss  |   2 +-
 .../icons/lock-closed-outline/index.scss      |   2 +-
 .../icons/lock-closed-outline/keyframes.scss  |   2 +-
 .../lock-closed-outline/placeholders.scss     |   2 +-
 .../base/icons/icons/lock-closed/index.scss   |   2 +-
 .../icons/icons/lock-closed/keyframes.scss    |   2 +-
 .../icons/icons/lock-closed/placeholders.scss |   2 +-
 .../base/icons/icons/lock-disabled/index.scss |   2 +-
 .../icons/icons/lock-disabled/keyframes.scss  |   2 +-
 .../icons/lock-disabled/placeholders.scss     |   2 +-
 .../base/icons/icons/lock-fill/index.scss     |   2 +-
 .../base/icons/icons/lock-fill/keyframes.scss |   2 +-
 .../icons/icons/lock-fill/placeholders.scss   |   2 +-
 .../icons/icons/lock-fill/property-16.scss    |   2 +-
 .../icons/icons/lock-fill/property-24.scss    |   2 +-
 .../base/icons/icons/lock-off/index.scss      |   2 +-
 .../base/icons/icons/lock-off/keyframes.scss  |   2 +-
 .../icons/icons/lock-off/placeholders.scss    |   2 +-
 .../icons/icons/lock-off/property-16.scss     |   2 +-
 .../icons/icons/lock-off/property-24.scss     |   2 +-
 .../base/icons/icons/lock-open/index.scss     |   2 +-
 .../base/icons/icons/lock-open/keyframes.scss |   2 +-
 .../icons/icons/lock-open/placeholders.scss   |   2 +-
 .../styles/base/icons/icons/lock/index.scss   |   2 +-
 .../base/icons/icons/lock/keyframes.scss      |   2 +-
 .../base/icons/icons/lock/placeholders.scss   |   2 +-
 .../base/icons/icons/lock/property-16.scss    |   2 +-
 .../base/icons/icons/lock/property-24.scss    |   2 +-
 .../icons/logo-alicloud-color/index.scss      |   2 +-
 .../icons/logo-alicloud-color/keyframes.scss  |   2 +-
 .../logo-alicloud-color/placeholders.scss     |   2 +-
 .../icons/logo-alicloud-monochrome/index.scss |   2 +-
 .../logo-alicloud-monochrome/keyframes.scss   |   2 +-
 .../placeholders.scss                         |   2 +-
 .../icons/icons/logo-auth0-color/index.scss   |   2 +-
 .../icons/logo-auth0-color/keyframes.scss     |   2 +-
 .../icons/logo-auth0-color/placeholders.scss  |   2 +-
 .../icons/icons/logo-aws-color/index.scss     |   2 +-
 .../icons/icons/logo-aws-color/keyframes.scss |   2 +-
 .../icons/logo-aws-color/placeholders.scss    |   2 +-
 .../icons/logo-aws-monochrome/index.scss      |   2 +-
 .../icons/logo-aws-monochrome/keyframes.scss  |   2 +-
 .../logo-aws-monochrome/placeholders.scss     |   2 +-
 .../icons/icons/logo-azure-color/index.scss   |   2 +-
 .../icons/logo-azure-color/keyframes.scss     |   2 +-
 .../icons/logo-azure-color/placeholders.scss  |   2 +-
 .../icons/logo-azure-dev-ops-color/index.scss |   2 +-
 .../logo-azure-dev-ops-color/keyframes.scss   |   2 +-
 .../placeholders.scss                         |   2 +-
 .../logo-azure-dev-ops-monochrome/index.scss  |   2 +-
 .../keyframes.scss                            |   2 +-
 .../placeholders.scss                         |   2 +-
 .../icons/logo-azure-monochrome/index.scss    |   2 +-
 .../logo-azure-monochrome/keyframes.scss      |   2 +-
 .../logo-azure-monochrome/placeholders.scss   |   2 +-
 .../icons/logo-bitbucket-color/index.scss     |   2 +-
 .../icons/logo-bitbucket-color/keyframes.scss |   2 +-
 .../logo-bitbucket-color/placeholders.scss    |   2 +-
 .../logo-bitbucket-monochrome/index.scss      |   2 +-
 .../logo-bitbucket-monochrome/keyframes.scss  |   2 +-
 .../placeholders.scss                         |   2 +-
 .../icons/logo-ember-circle-color/index.scss  |   2 +-
 .../logo-ember-circle-color/keyframes.scss    |   2 +-
 .../logo-ember-circle-color/placeholders.scss |   2 +-
 .../logo-ember-circle-color/property-16.scss  |   2 +-
 .../logo-ember-circle-color/property-24.scss  |   2 +-
 .../icons/icons/logo-gcp-color/index.scss     |   2 +-
 .../icons/icons/logo-gcp-color/keyframes.scss |   2 +-
 .../icons/logo-gcp-color/placeholders.scss    |   2 +-
 .../icons/logo-gcp-monochrome/index.scss      |   2 +-
 .../icons/logo-gcp-monochrome/keyframes.scss  |   2 +-
 .../logo-gcp-monochrome/placeholders.scss     |   2 +-
 .../icons/icons/logo-github-color/index.scss  |   2 +-
 .../icons/logo-github-color/keyframes.scss    |   2 +-
 .../icons/logo-github-color/placeholders.scss |   2 +-
 .../icons/logo-github-monochrome/index.scss   |   2 +-
 .../logo-github-monochrome/keyframes.scss     |   2 +-
 .../logo-github-monochrome/placeholders.scss  |   2 +-
 .../icons/icons/logo-gitlab-color/index.scss  |   2 +-
 .../icons/logo-gitlab-color/keyframes.scss    |   2 +-
 .../icons/logo-gitlab-color/placeholders.scss |   2 +-
 .../icons/logo-gitlab-monochrome/index.scss   |   2 +-
 .../logo-gitlab-monochrome/keyframes.scss     |   2 +-
 .../logo-gitlab-monochrome/placeholders.scss  |   2 +-
 .../icons/icons/logo-glimmer-color/index.scss |   2 +-
 .../icons/logo-glimmer-color/keyframes.scss   |   2 +-
 .../logo-glimmer-color/placeholders.scss      |   2 +-
 .../icons/logo-glimmer-color/property-16.scss |   2 +-
 .../icons/logo-glimmer-color/property-24.scss |   2 +-
 .../icons/icons/logo-google-color/index.scss  |   2 +-
 .../icons/logo-google-color/keyframes.scss    |   2 +-
 .../icons/logo-google-color/placeholders.scss |   2 +-
 .../icons/logo-google-monochrome/index.scss   |   2 +-
 .../logo-google-monochrome/keyframes.scss     |   2 +-
 .../logo-google-monochrome/placeholders.scss  |   2 +-
 .../icons/logo-hashicorp-color/index.scss     |   2 +-
 .../icons/logo-hashicorp-color/keyframes.scss |   2 +-
 .../logo-hashicorp-color/placeholders.scss    |   2 +-
 .../logo-hashicorp-color/property-16.scss     |   2 +-
 .../logo-hashicorp-color/property-24.scss     |   2 +-
 .../icons/icons/logo-jwt-color/index.scss     |   2 +-
 .../icons/icons/logo-jwt-color/keyframes.scss |   2 +-
 .../icons/logo-jwt-color/placeholders.scss    |   2 +-
 .../icons/logo-jwt-color/property-16.scss     |   2 +-
 .../icons/logo-jwt-color/property-24.scss     |   2 +-
 .../icons/logo-kubernetes-color/index.scss    |   2 +-
 .../logo-kubernetes-color/keyframes.scss      |   2 +-
 .../logo-kubernetes-color/placeholders.scss   |   2 +-
 .../logo-kubernetes-monochrome/index.scss     |   2 +-
 .../logo-kubernetes-monochrome/keyframes.scss |   2 +-
 .../placeholders.scss                         |   2 +-
 .../icons/logo-microsoft-color/index.scss     |   2 +-
 .../icons/logo-microsoft-color/keyframes.scss |   2 +-
 .../logo-microsoft-color/placeholders.scss    |   2 +-
 .../icons/icons/logo-oidc-color/index.scss    |   2 +-
 .../icons/logo-oidc-color/keyframes.scss      |   2 +-
 .../icons/logo-oidc-color/placeholders.scss   |   2 +-
 .../icons/logo-oidc-color/property-16.scss    |   2 +-
 .../icons/logo-oidc-color/property-24.scss    |   2 +-
 .../icons/icons/logo-okta-color/index.scss    |   2 +-
 .../icons/logo-okta-color/keyframes.scss      |   2 +-
 .../icons/logo-okta-color/placeholders.scss   |   2 +-
 .../icons/icons/logo-oracle-color/index.scss  |   2 +-
 .../icons/logo-oracle-color/keyframes.scss    |   2 +-
 .../icons/logo-oracle-color/placeholders.scss |   2 +-
 .../icons/logo-oracle-monochrome/index.scss   |   2 +-
 .../logo-oracle-monochrome/keyframes.scss     |   2 +-
 .../logo-oracle-monochrome/placeholders.scss  |   2 +-
 .../icons/icons/logo-slack-color/index.scss   |   2 +-
 .../icons/logo-slack-color/keyframes.scss     |   2 +-
 .../icons/logo-slack-color/placeholders.scss  |   2 +-
 .../icons/logo-slack-monochrome/index.scss    |   2 +-
 .../logo-slack-monochrome/keyframes.scss      |   2 +-
 .../logo-slack-monochrome/placeholders.scss   |   2 +-
 .../icons/icons/logo-vmware-color/index.scss  |   2 +-
 .../icons/logo-vmware-color/keyframes.scss    |   2 +-
 .../icons/logo-vmware-color/placeholders.scss |   2 +-
 .../icons/logo-vmware-monochrome/index.scss   |   2 +-
 .../logo-vmware-monochrome/keyframes.scss     |   2 +-
 .../logo-vmware-monochrome/placeholders.scss  |   2 +-
 .../base/icons/icons/mail-open/index.scss     |   2 +-
 .../base/icons/icons/mail-open/keyframes.scss |   2 +-
 .../icons/icons/mail-open/placeholders.scss   |   2 +-
 .../icons/icons/mail-open/property-16.scss    |   2 +-
 .../icons/icons/mail-open/property-24.scss    |   2 +-
 .../styles/base/icons/icons/mail/index.scss   |   2 +-
 .../base/icons/icons/mail/keyframes.scss      |   2 +-
 .../base/icons/icons/mail/placeholders.scss   |   2 +-
 .../base/icons/icons/mail/property-16.scss    |   2 +-
 .../base/icons/icons/mail/property-24.scss    |   2 +-
 .../base/icons/icons/mainframe/index.scss     |   2 +-
 .../base/icons/icons/mainframe/keyframes.scss |   2 +-
 .../icons/icons/mainframe/placeholders.scss   |   2 +-
 .../icons/icons/mainframe/property-16.scss    |   2 +-
 .../icons/icons/mainframe/property-24.scss    |   2 +-
 .../base/icons/icons/map-pin/index.scss       |   2 +-
 .../base/icons/icons/map-pin/keyframes.scss   |   2 +-
 .../icons/icons/map-pin/placeholders.scss     |   2 +-
 .../base/icons/icons/map-pin/property-16.scss |   2 +-
 .../base/icons/icons/map-pin/property-24.scss |   2 +-
 .../styles/base/icons/icons/map/index.scss    |   2 +-
 .../base/icons/icons/map/keyframes.scss       |   2 +-
 .../base/icons/icons/map/placeholders.scss    |   2 +-
 .../base/icons/icons/map/property-16.scss     |   2 +-
 .../base/icons/icons/map/property-24.scss     |   2 +-
 .../base/icons/icons/maximize-alt/index.scss  |   2 +-
 .../icons/icons/maximize-alt/keyframes.scss   |   2 +-
 .../icons/maximize-alt/placeholders.scss      |   2 +-
 .../icons/icons/maximize-alt/property-16.scss |   2 +-
 .../icons/icons/maximize-alt/property-24.scss |   2 +-
 .../base/icons/icons/maximize/index.scss      |   2 +-
 .../base/icons/icons/maximize/keyframes.scss  |   2 +-
 .../icons/icons/maximize/placeholders.scss    |   2 +-
 .../icons/icons/maximize/property-16.scss     |   2 +-
 .../icons/icons/maximize/property-24.scss     |   2 +-
 .../styles/base/icons/icons/meh/index.scss    |   2 +-
 .../base/icons/icons/meh/keyframes.scss       |   2 +-
 .../base/icons/icons/meh/placeholders.scss    |   2 +-
 .../base/icons/icons/meh/property-16.scss     |   2 +-
 .../base/icons/icons/meh/property-24.scss     |   2 +-
 .../styles/base/icons/icons/menu/index.scss   |   2 +-
 .../base/icons/icons/menu/keyframes.scss      |   2 +-
 .../base/icons/icons/menu/placeholders.scss   |   2 +-
 .../base/icons/icons/menu/property-16.scss    |   2 +-
 .../base/icons/icons/menu/property-24.scss    |   2 +-
 .../styles/base/icons/icons/mesh/index.scss   |   2 +-
 .../base/icons/icons/mesh/keyframes.scss      |   2 +-
 .../base/icons/icons/mesh/placeholders.scss   |   2 +-
 .../base/icons/icons/mesh/property-16.scss    |   2 +-
 .../base/icons/icons/mesh/property-24.scss    |   2 +-
 .../icons/message-circle-fill/index.scss      |   2 +-
 .../icons/message-circle-fill/keyframes.scss  |   2 +-
 .../message-circle-fill/placeholders.scss     |   2 +-
 .../message-circle-fill/property-16.scss      |   2 +-
 .../message-circle-fill/property-24.scss      |   2 +-
 .../icons/icons/message-circle/index.scss     |   2 +-
 .../icons/icons/message-circle/keyframes.scss |   2 +-
 .../icons/message-circle/placeholders.scss    |   2 +-
 .../icons/message-circle/property-16.scss     |   2 +-
 .../icons/message-circle/property-24.scss     |   2 +-
 .../icons/message-square-fill/index.scss      |   2 +-
 .../icons/message-square-fill/keyframes.scss  |   2 +-
 .../message-square-fill/placeholders.scss     |   2 +-
 .../message-square-fill/property-16.scss      |   2 +-
 .../message-square-fill/property-24.scss      |   2 +-
 .../icons/icons/message-square/index.scss     |   2 +-
 .../icons/icons/message-square/keyframes.scss |   2 +-
 .../icons/message-square/placeholders.scss    |   2 +-
 .../icons/message-square/property-16.scss     |   2 +-
 .../icons/message-square/property-24.scss     |   2 +-
 .../base/icons/icons/message/index.scss       |   2 +-
 .../base/icons/icons/message/keyframes.scss   |   2 +-
 .../icons/icons/message/placeholders.scss     |   2 +-
 .../base/icons/icons/mic-off/index.scss       |   2 +-
 .../base/icons/icons/mic-off/keyframes.scss   |   2 +-
 .../icons/icons/mic-off/placeholders.scss     |   2 +-
 .../base/icons/icons/mic-off/property-16.scss |   2 +-
 .../base/icons/icons/mic-off/property-24.scss |   2 +-
 .../styles/base/icons/icons/mic/index.scss    |   2 +-
 .../base/icons/icons/mic/keyframes.scss       |   2 +-
 .../base/icons/icons/mic/placeholders.scss    |   2 +-
 .../base/icons/icons/mic/property-16.scss     |   2 +-
 .../base/icons/icons/mic/property-24.scss     |   2 +-
 .../icons/icons/microsoft-color/index.scss    |   2 +-
 .../icons/microsoft-color/keyframes.scss      |   2 +-
 .../icons/microsoft-color/placeholders.scss   |   2 +-
 .../icons/microsoft-color/property-16.scss    |   2 +-
 .../icons/microsoft-color/property-24.scss    |   2 +-
 .../base/icons/icons/microsoft/index.scss     |   2 +-
 .../base/icons/icons/microsoft/keyframes.scss |   2 +-
 .../icons/icons/microsoft/placeholders.scss   |   2 +-
 .../icons/icons/microsoft/property-16.scss    |   2 +-
 .../icons/icons/microsoft/property-24.scss    |   2 +-
 .../base/icons/icons/migrate/index.scss       |   2 +-
 .../base/icons/icons/migrate/keyframes.scss   |   2 +-
 .../icons/icons/migrate/placeholders.scss     |   2 +-
 .../base/icons/icons/migrate/property-16.scss |   2 +-
 .../base/icons/icons/migrate/property-24.scss |   2 +-
 .../base/icons/icons/minimize-alt/index.scss  |   2 +-
 .../icons/icons/minimize-alt/keyframes.scss   |   2 +-
 .../icons/minimize-alt/placeholders.scss      |   2 +-
 .../icons/icons/minimize-alt/property-16.scss |   2 +-
 .../icons/icons/minimize-alt/property-24.scss |   2 +-
 .../base/icons/icons/minimize/index.scss      |   2 +-
 .../base/icons/icons/minimize/keyframes.scss  |   2 +-
 .../icons/icons/minimize/placeholders.scss    |   2 +-
 .../icons/icons/minimize/property-16.scss     |   2 +-
 .../icons/icons/minimize/property-24.scss     |   2 +-
 .../icons/icons/minus-circle-fill/index.scss  |   2 +-
 .../icons/minus-circle-fill/keyframes.scss    |   2 +-
 .../icons/minus-circle-fill/placeholders.scss |   2 +-
 .../icons/minus-circle-outline/index.scss     |   2 +-
 .../icons/minus-circle-outline/keyframes.scss |   2 +-
 .../minus-circle-outline/placeholders.scss    |   2 +-
 .../base/icons/icons/minus-circle/index.scss  |   2 +-
 .../icons/icons/minus-circle/keyframes.scss   |   2 +-
 .../icons/minus-circle/placeholders.scss      |   2 +-
 .../icons/icons/minus-circle/property-16.scss |   2 +-
 .../icons/icons/minus-circle/property-24.scss |   2 +-
 .../base/icons/icons/minus-plain/index.scss   |   2 +-
 .../icons/icons/minus-plain/keyframes.scss    |   2 +-
 .../icons/icons/minus-plain/placeholders.scss |   2 +-
 .../icons/icons/minus-plus-circle/index.scss  |   2 +-
 .../icons/minus-plus-circle/keyframes.scss    |   2 +-
 .../icons/minus-plus-circle/placeholders.scss |   2 +-
 .../icons/minus-plus-circle/property-16.scss  |   2 +-
 .../icons/minus-plus-circle/property-24.scss  |   2 +-
 .../icons/icons/minus-plus-square/index.scss  |   2 +-
 .../icons/minus-plus-square/keyframes.scss    |   2 +-
 .../icons/minus-plus-square/placeholders.scss |   2 +-
 .../icons/minus-plus-square/property-16.scss  |   2 +-
 .../icons/minus-plus-square/property-24.scss  |   2 +-
 .../base/icons/icons/minus-plus/index.scss    |   2 +-
 .../icons/icons/minus-plus/keyframes.scss     |   2 +-
 .../icons/icons/minus-plus/placeholders.scss  |   2 +-
 .../icons/icons/minus-plus/property-16.scss   |   2 +-
 .../icons/icons/minus-plus/property-24.scss   |   2 +-
 .../icons/icons/minus-square-fill/index.scss  |   2 +-
 .../icons/minus-square-fill/keyframes.scss    |   2 +-
 .../icons/minus-square-fill/placeholders.scss |   2 +-
 .../base/icons/icons/minus-square/index.scss  |   2 +-
 .../icons/icons/minus-square/keyframes.scss   |   2 +-
 .../icons/minus-square/placeholders.scss      |   2 +-
 .../icons/icons/minus-square/property-16.scss |   2 +-
 .../icons/icons/minus-square/property-24.scss |   2 +-
 .../styles/base/icons/icons/minus/index.scss  |   2 +-
 .../base/icons/icons/minus/keyframes.scss     |   2 +-
 .../base/icons/icons/minus/placeholders.scss  |   2 +-
 .../base/icons/icons/minus/property-16.scss   |   2 +-
 .../base/icons/icons/minus/property-24.scss   |   2 +-
 .../styles/base/icons/icons/module/index.scss |   2 +-
 .../base/icons/icons/module/keyframes.scss    |   2 +-
 .../base/icons/icons/module/placeholders.scss |   2 +-
 .../base/icons/icons/module/property-16.scss  |   2 +-
 .../base/icons/icons/module/property-24.scss  |   2 +-
 .../base/icons/icons/monitor/index.scss       |   2 +-
 .../base/icons/icons/monitor/keyframes.scss   |   2 +-
 .../icons/icons/monitor/placeholders.scss     |   2 +-
 .../base/icons/icons/monitor/property-16.scss |   2 +-
 .../base/icons/icons/monitor/property-24.scss |   2 +-
 .../styles/base/icons/icons/moon/index.scss   |   2 +-
 .../base/icons/icons/moon/keyframes.scss      |   2 +-
 .../base/icons/icons/moon/placeholders.scss   |   2 +-
 .../base/icons/icons/moon/property-16.scss    |   2 +-
 .../base/icons/icons/moon/property-24.scss    |   2 +-
 .../icons/icons/more-horizontal/index.scss    |   2 +-
 .../icons/more-horizontal/keyframes.scss      |   2 +-
 .../icons/more-horizontal/placeholders.scss   |   2 +-
 .../icons/more-horizontal/property-16.scss    |   2 +-
 .../icons/more-horizontal/property-24.scss    |   2 +-
 .../base/icons/icons/more-vertical/index.scss |   2 +-
 .../icons/icons/more-vertical/keyframes.scss  |   2 +-
 .../icons/more-vertical/placeholders.scss     |   2 +-
 .../icons/more-vertical/property-16.scss      |   2 +-
 .../icons/more-vertical/property-24.scss      |   2 +-
 .../base/icons/icons/mouse-pointer/index.scss |   2 +-
 .../icons/icons/mouse-pointer/keyframes.scss  |   2 +-
 .../icons/mouse-pointer/placeholders.scss     |   2 +-
 .../icons/mouse-pointer/property-16.scss      |   2 +-
 .../icons/mouse-pointer/property-24.scss      |   2 +-
 .../styles/base/icons/icons/move/index.scss   |   2 +-
 .../base/icons/icons/move/keyframes.scss      |   2 +-
 .../base/icons/icons/move/placeholders.scss   |   2 +-
 .../base/icons/icons/move/property-16.scss    |   2 +-
 .../base/icons/icons/move/property-24.scss    |   2 +-
 .../styles/base/icons/icons/music/index.scss  |   2 +-
 .../base/icons/icons/music/keyframes.scss     |   2 +-
 .../base/icons/icons/music/placeholders.scss  |   2 +-
 .../base/icons/icons/music/property-16.scss   |   2 +-
 .../base/icons/icons/music/property-24.scss   |   2 +-
 .../icons/icons/navigation-alt/index.scss     |   2 +-
 .../icons/icons/navigation-alt/keyframes.scss |   2 +-
 .../icons/navigation-alt/placeholders.scss    |   2 +-
 .../icons/navigation-alt/property-16.scss     |   2 +-
 .../icons/navigation-alt/property-24.scss     |   2 +-
 .../base/icons/icons/navigation/index.scss    |   2 +-
 .../icons/icons/navigation/keyframes.scss     |   2 +-
 .../icons/icons/navigation/placeholders.scss  |   2 +-
 .../icons/icons/navigation/property-16.scss   |   2 +-
 .../icons/icons/navigation/property-24.scss   |   2 +-
 .../base/icons/icons/network-alt/index.scss   |   2 +-
 .../icons/icons/network-alt/keyframes.scss    |   2 +-
 .../icons/icons/network-alt/placeholders.scss |   2 +-
 .../icons/icons/network-alt/property-16.scss  |   2 +-
 .../icons/icons/network-alt/property-24.scss  |   2 +-
 .../base/icons/icons/network/index.scss       |   2 +-
 .../base/icons/icons/network/keyframes.scss   |   2 +-
 .../icons/icons/network/placeholders.scss     |   2 +-
 .../base/icons/icons/network/property-16.scss |   2 +-
 .../base/icons/icons/network/property-24.scss |   2 +-
 .../base/icons/icons/newspaper/index.scss     |   2 +-
 .../base/icons/icons/newspaper/keyframes.scss |   2 +-
 .../icons/icons/newspaper/placeholders.scss   |   2 +-
 .../icons/icons/newspaper/property-16.scss    |   2 +-
 .../icons/icons/newspaper/property-24.scss    |   2 +-
 .../styles/base/icons/icons/node/index.scss   |   2 +-
 .../base/icons/icons/node/keyframes.scss      |   2 +-
 .../base/icons/icons/node/placeholders.scss   |   2 +-
 .../base/icons/icons/node/property-16.scss    |   2 +-
 .../base/icons/icons/node/property-24.scss    |   2 +-
 .../base/icons/icons/nomad-color/index.scss   |   2 +-
 .../icons/icons/nomad-color/keyframes.scss    |   2 +-
 .../icons/icons/nomad-color/placeholders.scss |   2 +-
 .../icons/icons/nomad-color/property-16.scss  |   2 +-
 .../icons/icons/nomad-color/property-24.scss  |   2 +-
 .../styles/base/icons/icons/nomad/index.scss  |   2 +-
 .../base/icons/icons/nomad/keyframes.scss     |   2 +-
 .../base/icons/icons/nomad/placeholders.scss  |   2 +-
 .../base/icons/icons/nomad/property-16.scss   |   2 +-
 .../base/icons/icons/nomad/property-24.scss   |   2 +-
 .../icons/notification-disabled/index.scss    |   2 +-
 .../notification-disabled/keyframes.scss      |   2 +-
 .../notification-disabled/placeholders.scss   |   2 +-
 .../icons/icons/notification-fill/index.scss  |   2 +-
 .../icons/notification-fill/keyframes.scss    |   2 +-
 .../icons/notification-fill/placeholders.scss |   2 +-
 .../icons/notification-outline/index.scss     |   2 +-
 .../icons/notification-outline/keyframes.scss |   2 +-
 .../notification-outline/placeholders.scss    |   2 +-
 .../base/icons/icons/octagon/index.scss       |   2 +-
 .../base/icons/icons/octagon/keyframes.scss   |   2 +-
 .../icons/icons/octagon/placeholders.scss     |   2 +-
 .../base/icons/icons/octagon/property-16.scss |   2 +-
 .../base/icons/icons/octagon/property-24.scss |   2 +-
 .../base/icons/icons/okta-color/index.scss    |   2 +-
 .../icons/icons/okta-color/keyframes.scss     |   2 +-
 .../icons/icons/okta-color/placeholders.scss  |   2 +-
 .../icons/icons/okta-color/property-16.scss   |   2 +-
 .../icons/icons/okta-color/property-24.scss   |   2 +-
 .../styles/base/icons/icons/okta/index.scss   |   2 +-
 .../base/icons/icons/okta/keyframes.scss      |   2 +-
 .../base/icons/icons/okta/placeholders.scss   |   2 +-
 .../base/icons/icons/okta/property-16.scss    |   2 +-
 .../base/icons/icons/okta/property-24.scss    |   2 +-
 .../base/icons/icons/oracle-color/index.scss  |   2 +-
 .../icons/icons/oracle-color/keyframes.scss   |   2 +-
 .../icons/oracle-color/placeholders.scss      |   2 +-
 .../icons/icons/oracle-color/property-16.scss |   2 +-
 .../icons/icons/oracle-color/property-24.scss |   2 +-
 .../styles/base/icons/icons/oracle/index.scss |   2 +-
 .../base/icons/icons/oracle/keyframes.scss    |   2 +-
 .../base/icons/icons/oracle/placeholders.scss |   2 +-
 .../base/icons/icons/oracle/property-16.scss  |   2 +-
 .../base/icons/icons/oracle/property-24.scss  |   2 +-
 .../styles/base/icons/icons/org/index.scss    |   2 +-
 .../base/icons/icons/org/keyframes.scss       |   2 +-
 .../base/icons/icons/org/placeholders.scss    |   2 +-
 .../base/icons/icons/org/property-16.scss     |   2 +-
 .../base/icons/icons/org/property-24.scss     |   2 +-
 .../base/icons/icons/outline/index.scss       |   2 +-
 .../base/icons/icons/outline/keyframes.scss   |   2 +-
 .../icons/icons/outline/placeholders.scss     |   2 +-
 .../base/icons/icons/outline/property-16.scss |   2 +-
 .../base/icons/icons/outline/property-24.scss |   2 +-
 .../base/icons/icons/pack-color/index.scss    |   2 +-
 .../icons/icons/pack-color/keyframes.scss     |   2 +-
 .../icons/icons/pack-color/placeholders.scss  |   2 +-
 .../icons/icons/pack-color/property-16.scss   |   2 +-
 .../icons/icons/pack-color/property-24.scss   |   2 +-
 .../styles/base/icons/icons/pack/index.scss   |   2 +-
 .../base/icons/icons/pack/keyframes.scss      |   2 +-
 .../base/icons/icons/pack/placeholders.scss   |   2 +-
 .../base/icons/icons/pack/property-16.scss    |   2 +-
 .../base/icons/icons/pack/property-24.scss    |   2 +-
 .../base/icons/icons/package/index.scss       |   2 +-
 .../base/icons/icons/package/keyframes.scss   |   2 +-
 .../icons/icons/package/placeholders.scss     |   2 +-
 .../base/icons/icons/package/property-16.scss |   2 +-
 .../base/icons/icons/package/property-24.scss |   2 +-
 .../base/icons/icons/packer-color/index.scss  |   2 +-
 .../icons/icons/packer-color/keyframes.scss   |   2 +-
 .../icons/packer-color/placeholders.scss      |   2 +-
 .../icons/icons/packer-color/property-16.scss |   2 +-
 .../icons/icons/packer-color/property-24.scss |   2 +-
 .../styles/base/icons/icons/packer/index.scss |   2 +-
 .../base/icons/icons/packer/keyframes.scss    |   2 +-
 .../base/icons/icons/packer/placeholders.scss |   2 +-
 .../base/icons/icons/packer/property-16.scss  |   2 +-
 .../base/icons/icons/packer/property-24.scss  |   2 +-
 .../base/icons/icons/page-outline/index.scss  |   2 +-
 .../icons/icons/page-outline/keyframes.scss   |   2 +-
 .../icons/page-outline/placeholders.scss      |   2 +-
 .../base/icons/icons/paperclip/index.scss     |   2 +-
 .../base/icons/icons/paperclip/keyframes.scss |   2 +-
 .../icons/icons/paperclip/placeholders.scss   |   2 +-
 .../icons/icons/paperclip/property-16.scss    |   2 +-
 .../icons/icons/paperclip/property-24.scss    |   2 +-
 .../base/icons/icons/partner/index.scss       |   2 +-
 .../base/icons/icons/partner/keyframes.scss   |   2 +-
 .../icons/icons/partner/placeholders.scss     |   2 +-
 .../styles/base/icons/icons/path/index.scss   |   2 +-
 .../base/icons/icons/path/keyframes.scss      |   2 +-
 .../base/icons/icons/path/placeholders.scss   |   2 +-
 .../base/icons/icons/path/property-16.scss    |   2 +-
 .../base/icons/icons/path/property-24.scss    |   2 +-
 .../base/icons/icons/pause-circle/index.scss  |   2 +-
 .../icons/icons/pause-circle/keyframes.scss   |   2 +-
 .../icons/pause-circle/placeholders.scss      |   2 +-
 .../icons/icons/pause-circle/property-16.scss |   2 +-
 .../icons/icons/pause-circle/property-24.scss |   2 +-
 .../styles/base/icons/icons/pause/index.scss  |   2 +-
 .../base/icons/icons/pause/keyframes.scss     |   2 +-
 .../base/icons/icons/pause/placeholders.scss  |   2 +-
 .../base/icons/icons/pause/property-16.scss   |   2 +-
 .../base/icons/icons/pause/property-24.scss   |   2 +-
 .../base/icons/icons/pen-tool/index.scss      |   2 +-
 .../base/icons/icons/pen-tool/keyframes.scss  |   2 +-
 .../icons/icons/pen-tool/placeholders.scss    |   2 +-
 .../icons/icons/pen-tool/property-16.scss     |   2 +-
 .../icons/icons/pen-tool/property-24.scss     |   2 +-
 .../base/icons/icons/pencil-tool/index.scss   |   2 +-
 .../icons/icons/pencil-tool/keyframes.scss    |   2 +-
 .../icons/icons/pencil-tool/placeholders.scss |   2 +-
 .../icons/icons/pencil-tool/property-16.scss  |   2 +-
 .../icons/icons/pencil-tool/property-24.scss  |   2 +-
 .../base/icons/icons/phone-call/index.scss    |   2 +-
 .../icons/icons/phone-call/keyframes.scss     |   2 +-
 .../icons/icons/phone-call/placeholders.scss  |   2 +-
 .../icons/icons/phone-call/property-16.scss   |   2 +-
 .../icons/icons/phone-call/property-24.scss   |   2 +-
 .../base/icons/icons/phone-off/index.scss     |   2 +-
 .../base/icons/icons/phone-off/keyframes.scss |   2 +-
 .../icons/icons/phone-off/placeholders.scss   |   2 +-
 .../icons/icons/phone-off/property-16.scss    |   2 +-
 .../icons/icons/phone-off/property-24.scss    |   2 +-
 .../styles/base/icons/icons/phone/index.scss  |   2 +-
 .../base/icons/icons/phone/keyframes.scss     |   2 +-
 .../base/icons/icons/phone/placeholders.scss  |   2 +-
 .../base/icons/icons/phone/property-16.scss   |   2 +-
 .../base/icons/icons/phone/property-24.scss   |   2 +-
 .../base/icons/icons/pie-chart/index.scss     |   2 +-
 .../base/icons/icons/pie-chart/keyframes.scss |   2 +-
 .../icons/icons/pie-chart/placeholders.scss   |   2 +-
 .../icons/icons/pie-chart/property-16.scss    |   2 +-
 .../icons/icons/pie-chart/property-24.scss    |   2 +-
 .../styles/base/icons/icons/pin/index.scss    |   2 +-
 .../base/icons/icons/pin/keyframes.scss       |   2 +-
 .../base/icons/icons/pin/placeholders.scss    |   2 +-
 .../base/icons/icons/pin/property-16.scss     |   2 +-
 .../base/icons/icons/pin/property-24.scss     |   2 +-
 .../base/icons/icons/play-circle/index.scss   |   2 +-
 .../icons/icons/play-circle/keyframes.scss    |   2 +-
 .../icons/icons/play-circle/placeholders.scss |   2 +-
 .../icons/icons/play-circle/property-16.scss  |   2 +-
 .../icons/icons/play-circle/property-24.scss  |   2 +-
 .../base/icons/icons/play-fill/index.scss     |   2 +-
 .../base/icons/icons/play-fill/keyframes.scss |   2 +-
 .../icons/icons/play-fill/placeholders.scss   |   2 +-
 .../base/icons/icons/play-outline/index.scss  |   2 +-
 .../icons/icons/play-outline/keyframes.scss   |   2 +-
 .../icons/play-outline/placeholders.scss      |   2 +-
 .../base/icons/icons/play-plain/index.scss    |   2 +-
 .../icons/icons/play-plain/keyframes.scss     |   2 +-
 .../icons/icons/play-plain/placeholders.scss  |   2 +-
 .../styles/base/icons/icons/play/index.scss   |   2 +-
 .../base/icons/icons/play/keyframes.scss      |   2 +-
 .../base/icons/icons/play/placeholders.scss   |   2 +-
 .../base/icons/icons/play/property-16.scss    |   2 +-
 .../base/icons/icons/play/property-24.scss    |   2 +-
 .../icons/icons/plus-circle-fill/index.scss   |   2 +-
 .../icons/plus-circle-fill/keyframes.scss     |   2 +-
 .../icons/plus-circle-fill/placeholders.scss  |   2 +-
 .../icons/plus-circle-outline/index.scss      |   2 +-
 .../icons/plus-circle-outline/keyframes.scss  |   2 +-
 .../plus-circle-outline/placeholders.scss     |   2 +-
 .../base/icons/icons/plus-circle/index.scss   |   2 +-
 .../icons/icons/plus-circle/keyframes.scss    |   2 +-
 .../icons/icons/plus-circle/placeholders.scss |   2 +-
 .../icons/icons/plus-circle/property-16.scss  |   2 +-
 .../icons/icons/plus-circle/property-24.scss  |   2 +-
 .../base/icons/icons/plus-plain/index.scss    |   2 +-
 .../icons/icons/plus-plain/keyframes.scss     |   2 +-
 .../icons/icons/plus-plain/placeholders.scss  |   2 +-
 .../icons/icons/plus-square-fill/index.scss   |   2 +-
 .../icons/plus-square-fill/keyframes.scss     |   2 +-
 .../icons/plus-square-fill/placeholders.scss  |   2 +-
 .../base/icons/icons/plus-square/index.scss   |   2 +-
 .../icons/icons/plus-square/keyframes.scss    |   2 +-
 .../icons/icons/plus-square/placeholders.scss |   2 +-
 .../icons/icons/plus-square/property-16.scss  |   2 +-
 .../icons/icons/plus-square/property-24.scss  |   2 +-
 .../styles/base/icons/icons/plus/index.scss   |   2 +-
 .../base/icons/icons/plus/keyframes.scss      |   2 +-
 .../base/icons/icons/plus/placeholders.scss   |   2 +-
 .../base/icons/icons/plus/property-16.scss    |   2 +-
 .../base/icons/icons/plus/property-24.scss    |   2 +-
 .../styles/base/icons/icons/port/index.scss   |   2 +-
 .../base/icons/icons/port/keyframes.scss      |   2 +-
 .../base/icons/icons/port/placeholders.scss   |   2 +-
 .../base/icons/icons/port/property-16.scss    |   2 +-
 .../base/icons/icons/port/property-24.scss    |   2 +-
 .../styles/base/icons/icons/power/index.scss  |   2 +-
 .../base/icons/icons/power/keyframes.scss     |   2 +-
 .../base/icons/icons/power/placeholders.scss  |   2 +-
 .../base/icons/icons/power/property-16.scss   |   2 +-
 .../base/icons/icons/power/property-24.scss   |   2 +-
 .../base/icons/icons/printer/index.scss       |   2 +-
 .../base/icons/icons/printer/keyframes.scss   |   2 +-
 .../icons/icons/printer/placeholders.scss     |   2 +-
 .../base/icons/icons/printer/property-16.scss |   2 +-
 .../base/icons/icons/printer/property-24.scss |   2 +-
 .../base/icons/icons/protocol/index.scss      |   2 +-
 .../base/icons/icons/protocol/keyframes.scss  |   2 +-
 .../icons/icons/protocol/placeholders.scss    |   2 +-
 .../icons/icons/protocol/property-16.scss     |   2 +-
 .../icons/icons/protocol/property-24.scss     |   2 +-
 .../base/icons/icons/provider/index.scss      |   2 +-
 .../base/icons/icons/provider/keyframes.scss  |   2 +-
 .../icons/icons/provider/placeholders.scss    |   2 +-
 .../icons/icons/provider/property-16.scss     |   2 +-
 .../icons/icons/provider/property-24.scss     |   2 +-
 .../icons/icons/public-default/index.scss     |   2 +-
 .../icons/icons/public-default/keyframes.scss |   2 +-
 .../icons/public-default/placeholders.scss    |   2 +-
 .../base/icons/icons/public-locked/index.scss |   2 +-
 .../icons/icons/public-locked/keyframes.scss  |   2 +-
 .../icons/public-locked/placeholders.scss     |   2 +-
 .../styles/base/icons/icons/queue/index.scss  |   2 +-
 .../base/icons/icons/queue/keyframes.scss     |   2 +-
 .../base/icons/icons/queue/placeholders.scss  |   2 +-
 .../base/icons/icons/queue/property-16.scss   |   2 +-
 .../base/icons/icons/queue/property-24.scss   |   2 +-
 .../icons/radio-button-checked/index.scss     |   2 +-
 .../icons/radio-button-checked/keyframes.scss |   2 +-
 .../radio-button-checked/placeholders.scss    |   2 +-
 .../icons/radio-button-unchecked/index.scss   |   2 +-
 .../radio-button-unchecked/keyframes.scss     |   2 +-
 .../radio-button-unchecked/placeholders.scss  |   2 +-
 .../styles/base/icons/icons/radio/index.scss  |   2 +-
 .../base/icons/icons/radio/keyframes.scss     |   2 +-
 .../base/icons/icons/radio/placeholders.scss  |   2 +-
 .../base/icons/icons/radio/property-16.scss   |   2 +-
 .../base/icons/icons/radio/property-24.scss   |   2 +-
 .../styles/base/icons/icons/random/index.scss |   2 +-
 .../base/icons/icons/random/keyframes.scss    |   2 +-
 .../base/icons/icons/random/placeholders.scss |   2 +-
 .../base/icons/icons/random/property-16.scss  |   2 +-
 .../base/icons/icons/random/property-24.scss  |   2 +-
 .../base/icons/icons/redirect/index.scss      |   2 +-
 .../base/icons/icons/redirect/keyframes.scss  |   2 +-
 .../icons/icons/redirect/placeholders.scss    |   2 +-
 .../icons/icons/redirect/property-16.scss     |   2 +-
 .../icons/icons/redirect/property-24.scss     |   2 +-
 .../base/icons/icons/refresh-alert/index.scss |   2 +-
 .../icons/icons/refresh-alert/keyframes.scss  |   2 +-
 .../icons/refresh-alert/placeholders.scss     |   2 +-
 .../icons/icons/refresh-default/index.scss    |   2 +-
 .../icons/refresh-default/keyframes.scss      |   2 +-
 .../icons/refresh-default/placeholders.scss   |   2 +-
 .../styles/base/icons/icons/reload/index.scss |   2 +-
 .../base/icons/icons/reload/keyframes.scss    |   2 +-
 .../base/icons/icons/reload/placeholders.scss |   2 +-
 .../base/icons/icons/reload/property-16.scss  |   2 +-
 .../base/icons/icons/reload/property-24.scss  |   2 +-
 .../styles/base/icons/icons/remix/index.scss  |   2 +-
 .../base/icons/icons/remix/keyframes.scss     |   2 +-
 .../base/icons/icons/remix/placeholders.scss  |   2 +-
 .../styles/base/icons/icons/repeat/index.scss |   2 +-
 .../base/icons/icons/repeat/keyframes.scss    |   2 +-
 .../base/icons/icons/repeat/placeholders.scss |   2 +-
 .../base/icons/icons/repeat/property-16.scss  |   2 +-
 .../base/icons/icons/repeat/property-24.scss  |   2 +-
 .../icons/icons/replication-direct/index.scss |   2 +-
 .../icons/replication-direct/keyframes.scss   |   2 +-
 .../replication-direct/placeholders.scss      |   2 +-
 .../icons/replication-direct/property-16.scss |   2 +-
 .../icons/replication-direct/property-24.scss |   2 +-
 .../icons/icons/replication-perf/index.scss   |   2 +-
 .../icons/replication-perf/keyframes.scss     |   2 +-
 .../icons/replication-perf/placeholders.scss  |   2 +-
 .../icons/replication-perf/property-16.scss   |   2 +-
 .../icons/replication-perf/property-24.scss   |   2 +-
 .../styles/base/icons/icons/rewind/index.scss |   2 +-
 .../base/icons/icons/rewind/keyframes.scss    |   2 +-
 .../base/icons/icons/rewind/placeholders.scss |   2 +-
 .../base/icons/icons/rewind/property-16.scss  |   2 +-
 .../base/icons/icons/rewind/property-24.scss  |   2 +-
 .../styles/base/icons/icons/ribbon/index.scss |   2 +-
 .../base/icons/icons/ribbon/keyframes.scss    |   2 +-
 .../base/icons/icons/ribbon/placeholders.scss |   2 +-
 .../styles/base/icons/icons/rocket/index.scss |   2 +-
 .../base/icons/icons/rocket/keyframes.scss    |   2 +-
 .../base/icons/icons/rocket/placeholders.scss |   2 +-
 .../base/icons/icons/rocket/property-16.scss  |   2 +-
 .../base/icons/icons/rocket/property-24.scss  |   2 +-
 .../base/icons/icons/rotate-ccw/index.scss    |   2 +-
 .../icons/icons/rotate-ccw/keyframes.scss     |   2 +-
 .../icons/icons/rotate-ccw/placeholders.scss  |   2 +-
 .../icons/icons/rotate-ccw/property-16.scss   |   2 +-
 .../icons/icons/rotate-ccw/property-24.scss   |   2 +-
 .../base/icons/icons/rotate-cw/index.scss     |   2 +-
 .../base/icons/icons/rotate-cw/keyframes.scss |   2 +-
 .../icons/icons/rotate-cw/placeholders.scss   |   2 +-
 .../icons/icons/rotate-cw/property-16.scss    |   2 +-
 .../icons/icons/rotate-cw/property-24.scss    |   2 +-
 .../styles/base/icons/icons/rss/index.scss    |   2 +-
 .../base/icons/icons/rss/keyframes.scss       |   2 +-
 .../base/icons/icons/rss/placeholders.scss    |   2 +-
 .../base/icons/icons/rss/property-16.scss     |   2 +-
 .../base/icons/icons/rss/property-24.scss     |   2 +-
 .../styles/base/icons/icons/run/index.scss    |   2 +-
 .../base/icons/icons/run/keyframes.scss       |   2 +-
 .../base/icons/icons/run/placeholders.scss    |   2 +-
 .../base/icons/icons/run/property-16.scss     |   2 +-
 .../base/icons/icons/run/property-24.scss     |   2 +-
 .../base/icons/icons/running/index.scss       |   2 +-
 .../base/icons/icons/running/keyframes.scss   |   2 +-
 .../icons/icons/running/placeholders.scss     |   2 +-
 .../base/icons/icons/running/property-16.scss |   2 +-
 .../base/icons/icons/running/property-24.scss |   2 +-
 .../styles/base/icons/icons/save/index.scss   |   2 +-
 .../base/icons/icons/save/keyframes.scss      |   2 +-
 .../base/icons/icons/save/placeholders.scss   |   2 +-
 .../base/icons/icons/save/property-16.scss    |   2 +-
 .../base/icons/icons/save/property-24.scss    |   2 +-
 .../base/icons/icons/scissors/index.scss      |   2 +-
 .../base/icons/icons/scissors/keyframes.scss  |   2 +-
 .../icons/icons/scissors/placeholders.scss    |   2 +-
 .../icons/icons/scissors/property-16.scss     |   2 +-
 .../icons/icons/scissors/property-24.scss     |   2 +-
 .../base/icons/icons/search-color/index.scss  |   2 +-
 .../icons/icons/search-color/keyframes.scss   |   2 +-
 .../icons/search-color/placeholders.scss      |   2 +-
 .../icons/icons/search-color/property-16.scss |   2 +-
 .../icons/icons/search-color/property-24.scss |   2 +-
 .../styles/base/icons/icons/search/index.scss |   2 +-
 .../base/icons/icons/search/keyframes.scss    |   2 +-
 .../base/icons/icons/search/placeholders.scss |   2 +-
 .../base/icons/icons/search/property-16.scss  |   2 +-
 .../base/icons/icons/search/property-24.scss  |   2 +-
 .../styles/base/icons/icons/send/index.scss   |   2 +-
 .../base/icons/icons/send/keyframes.scss      |   2 +-
 .../base/icons/icons/send/placeholders.scss   |   2 +-
 .../base/icons/icons/send/property-16.scss    |   2 +-
 .../base/icons/icons/send/property-24.scss    |   2 +-
 .../icons/icons/server-cluster/index.scss     |   2 +-
 .../icons/icons/server-cluster/keyframes.scss |   2 +-
 .../icons/server-cluster/placeholders.scss    |   2 +-
 .../icons/server-cluster/property-16.scss     |   2 +-
 .../icons/server-cluster/property-24.scss     |   2 +-
 .../styles/base/icons/icons/server/index.scss |   2 +-
 .../base/icons/icons/server/keyframes.scss    |   2 +-
 .../base/icons/icons/server/placeholders.scss |   2 +-
 .../base/icons/icons/server/property-16.scss  |   2 +-
 .../base/icons/icons/server/property-24.scss  |   2 +-
 .../base/icons/icons/serverless/index.scss    |   2 +-
 .../icons/icons/serverless/keyframes.scss     |   2 +-
 .../icons/icons/serverless/placeholders.scss  |   2 +-
 .../icons/icons/serverless/property-16.scss   |   2 +-
 .../icons/icons/serverless/property-24.scss   |   2 +-
 .../base/icons/icons/settings/index.scss      |   2 +-
 .../base/icons/icons/settings/keyframes.scss  |   2 +-
 .../icons/icons/settings/placeholders.scss    |   2 +-
 .../icons/icons/settings/property-16.scss     |   2 +-
 .../icons/icons/settings/property-24.scss     |   2 +-
 .../styles/base/icons/icons/share/index.scss  |   2 +-
 .../base/icons/icons/share/keyframes.scss     |   2 +-
 .../base/icons/icons/share/placeholders.scss  |   2 +-
 .../base/icons/icons/share/property-16.scss   |   2 +-
 .../base/icons/icons/share/property-24.scss   |   2 +-
 .../base/icons/icons/shield-alert/index.scss  |   2 +-
 .../icons/icons/shield-alert/keyframes.scss   |   2 +-
 .../icons/shield-alert/placeholders.scss      |   2 +-
 .../icons/icons/shield-alert/property-16.scss |   2 +-
 .../icons/icons/shield-alert/property-24.scss |   2 +-
 .../base/icons/icons/shield-check/index.scss  |   2 +-
 .../icons/icons/shield-check/keyframes.scss   |   2 +-
 .../icons/shield-check/placeholders.scss      |   2 +-
 .../icons/icons/shield-check/property-16.scss |   2 +-
 .../icons/icons/shield-check/property-24.scss |   2 +-
 .../base/icons/icons/shield-off/index.scss    |   2 +-
 .../icons/icons/shield-off/keyframes.scss     |   2 +-
 .../icons/icons/shield-off/placeholders.scss  |   2 +-
 .../icons/icons/shield-off/property-16.scss   |   2 +-
 .../icons/icons/shield-off/property-24.scss   |   2 +-
 .../base/icons/icons/shield-x/index.scss      |   2 +-
 .../base/icons/icons/shield-x/keyframes.scss  |   2 +-
 .../icons/icons/shield-x/placeholders.scss    |   2 +-
 .../icons/icons/shield-x/property-16.scss     |   2 +-
 .../icons/icons/shield-x/property-24.scss     |   2 +-
 .../styles/base/icons/icons/shield/index.scss |   2 +-
 .../base/icons/icons/shield/keyframes.scss    |   2 +-
 .../base/icons/icons/shield/placeholders.scss |   2 +-
 .../base/icons/icons/shield/property-16.scss  |   2 +-
 .../base/icons/icons/shield/property-24.scss  |   2 +-
 .../base/icons/icons/shopping-bag/index.scss  |   2 +-
 .../icons/icons/shopping-bag/keyframes.scss   |   2 +-
 .../icons/shopping-bag/placeholders.scss      |   2 +-
 .../icons/icons/shopping-bag/property-16.scss |   2 +-
 .../icons/icons/shopping-bag/property-24.scss |   2 +-
 .../base/icons/icons/shopping-cart/index.scss |   2 +-
 .../icons/icons/shopping-cart/keyframes.scss  |   2 +-
 .../icons/shopping-cart/placeholders.scss     |   2 +-
 .../icons/shopping-cart/property-16.scss      |   2 +-
 .../icons/shopping-cart/property-24.scss      |   2 +-
 .../base/icons/icons/shuffle/index.scss       |   2 +-
 .../base/icons/icons/shuffle/keyframes.scss   |   2 +-
 .../icons/icons/shuffle/placeholders.scss     |   2 +-
 .../base/icons/icons/shuffle/property-16.scss |   2 +-
 .../base/icons/icons/shuffle/property-24.scss |   2 +-
 .../base/icons/icons/sidebar-hide/index.scss  |   2 +-
 .../icons/icons/sidebar-hide/keyframes.scss   |   2 +-
 .../icons/sidebar-hide/placeholders.scss      |   2 +-
 .../icons/icons/sidebar-hide/property-16.scss |   2 +-
 .../icons/icons/sidebar-hide/property-24.scss |   2 +-
 .../base/icons/icons/sidebar-show/index.scss  |   2 +-
 .../icons/icons/sidebar-show/keyframes.scss   |   2 +-
 .../icons/sidebar-show/placeholders.scss      |   2 +-
 .../icons/icons/sidebar-show/property-16.scss |   2 +-
 .../icons/icons/sidebar-show/property-24.scss |   2 +-
 .../base/icons/icons/sidebar/index.scss       |   2 +-
 .../base/icons/icons/sidebar/keyframes.scss   |   2 +-
 .../icons/icons/sidebar/placeholders.scss     |   2 +-
 .../base/icons/icons/sidebar/property-16.scss |   2 +-
 .../base/icons/icons/sidebar/property-24.scss |   2 +-
 .../base/icons/icons/sign-in/index.scss       |   2 +-
 .../base/icons/icons/sign-in/keyframes.scss   |   2 +-
 .../icons/icons/sign-in/placeholders.scss     |   2 +-
 .../base/icons/icons/sign-in/property-16.scss |   2 +-
 .../base/icons/icons/sign-in/property-24.scss |   2 +-
 .../base/icons/icons/sign-out/index.scss      |   2 +-
 .../base/icons/icons/sign-out/keyframes.scss  |   2 +-
 .../icons/icons/sign-out/placeholders.scss    |   2 +-
 .../icons/icons/sign-out/property-16.scss     |   2 +-
 .../icons/icons/sign-out/property-24.scss     |   2 +-
 .../base/icons/icons/skip-back/index.scss     |   2 +-
 .../base/icons/icons/skip-back/keyframes.scss |   2 +-
 .../icons/icons/skip-back/placeholders.scss   |   2 +-
 .../icons/icons/skip-back/property-16.scss    |   2 +-
 .../icons/icons/skip-back/property-24.scss    |   2 +-
 .../base/icons/icons/skip-forward/index.scss  |   2 +-
 .../icons/icons/skip-forward/keyframes.scss   |   2 +-
 .../icons/skip-forward/placeholders.scss      |   2 +-
 .../icons/icons/skip-forward/property-16.scss |   2 +-
 .../icons/icons/skip-forward/property-24.scss |   2 +-
 .../styles/base/icons/icons/skip/index.scss   |   2 +-
 .../base/icons/icons/skip/keyframes.scss      |   2 +-
 .../base/icons/icons/skip/placeholders.scss   |   2 +-
 .../base/icons/icons/skip/property-16.scss    |   2 +-
 .../base/icons/icons/skip/property-24.scss    |   2 +-
 .../base/icons/icons/slack-color/index.scss   |   2 +-
 .../icons/icons/slack-color/keyframes.scss    |   2 +-
 .../icons/icons/slack-color/placeholders.scss |   2 +-
 .../icons/icons/slack-color/property-16.scss  |   2 +-
 .../icons/icons/slack-color/property-24.scss  |   2 +-
 .../styles/base/icons/icons/slack/index.scss  |   2 +-
 .../base/icons/icons/slack/keyframes.scss     |   2 +-
 .../base/icons/icons/slack/placeholders.scss  |   2 +-
 .../base/icons/icons/slack/property-16.scss   |   2 +-
 .../base/icons/icons/slack/property-24.scss   |   2 +-
 .../base/icons/icons/slash-square/index.scss  |   2 +-
 .../icons/icons/slash-square/keyframes.scss   |   2 +-
 .../icons/slash-square/placeholders.scss      |   2 +-
 .../icons/icons/slash-square/property-16.scss |   2 +-
 .../icons/icons/slash-square/property-24.scss |   2 +-
 .../styles/base/icons/icons/slash/index.scss  |   2 +-
 .../base/icons/icons/slash/keyframes.scss     |   2 +-
 .../base/icons/icons/slash/placeholders.scss  |   2 +-
 .../base/icons/icons/slash/property-16.scss   |   2 +-
 .../base/icons/icons/slash/property-24.scss   |   2 +-
 .../base/icons/icons/sliders/index.scss       |   2 +-
 .../base/icons/icons/sliders/keyframes.scss   |   2 +-
 .../icons/icons/sliders/placeholders.scss     |   2 +-
 .../base/icons/icons/sliders/property-16.scss |   2 +-
 .../base/icons/icons/sliders/property-24.scss |   2 +-
 .../base/icons/icons/smartphone/index.scss    |   2 +-
 .../icons/icons/smartphone/keyframes.scss     |   2 +-
 .../icons/icons/smartphone/placeholders.scss  |   2 +-
 .../icons/icons/smartphone/property-16.scss   |   2 +-
 .../icons/icons/smartphone/property-24.scss   |   2 +-
 .../styles/base/icons/icons/smile/index.scss  |   2 +-
 .../base/icons/icons/smile/keyframes.scss     |   2 +-
 .../base/icons/icons/smile/placeholders.scss  |   2 +-
 .../base/icons/icons/smile/property-16.scss   |   2 +-
 .../base/icons/icons/smile/property-24.scss   |   2 +-
 .../styles/base/icons/icons/socket/index.scss |   2 +-
 .../base/icons/icons/socket/keyframes.scss    |   2 +-
 .../base/icons/icons/socket/placeholders.scss |   2 +-
 .../base/icons/icons/socket/property-16.scss  |   2 +-
 .../base/icons/icons/socket/property-24.scss  |   2 +-
 .../base/icons/icons/sort-asc/index.scss      |   2 +-
 .../base/icons/icons/sort-asc/keyframes.scss  |   2 +-
 .../icons/icons/sort-asc/placeholders.scss    |   2 +-
 .../icons/icons/sort-asc/property-16.scss     |   2 +-
 .../icons/icons/sort-asc/property-24.scss     |   2 +-
 .../base/icons/icons/sort-desc/index.scss     |   2 +-
 .../base/icons/icons/sort-desc/keyframes.scss |   2 +-
 .../icons/icons/sort-desc/placeholders.scss   |   2 +-
 .../icons/icons/sort-desc/property-16.scss    |   2 +-
 .../icons/icons/sort-desc/property-24.scss    |   2 +-
 .../styles/base/icons/icons/sort/index.scss   |   2 +-
 .../base/icons/icons/sort/keyframes.scss      |   2 +-
 .../base/icons/icons/sort/placeholders.scss   |   2 +-
 .../base/icons/icons/source-file/index.scss   |   2 +-
 .../icons/icons/source-file/keyframes.scss    |   2 +-
 .../icons/icons/source-file/placeholders.scss |   2 +-
 .../base/icons/icons/speaker/index.scss       |   2 +-
 .../base/icons/icons/speaker/keyframes.scss   |   2 +-
 .../icons/icons/speaker/placeholders.scss     |   2 +-
 .../base/icons/icons/speaker/property-16.scss |   2 +-
 .../base/icons/icons/speaker/property-24.scss |   2 +-
 .../base/icons/icons/square-fill/index.scss   |   2 +-
 .../icons/icons/square-fill/keyframes.scss    |   2 +-
 .../icons/icons/square-fill/placeholders.scss |   2 +-
 .../icons/icons/square-fill/property-16.scss  |   2 +-
 .../icons/icons/square-fill/property-24.scss  |   2 +-
 .../styles/base/icons/icons/square/index.scss |   2 +-
 .../base/icons/icons/square/keyframes.scss    |   2 +-
 .../base/icons/icons/square/placeholders.scss |   2 +-
 .../base/icons/icons/square/property-16.scss  |   2 +-
 .../base/icons/icons/square/property-24.scss  |   2 +-
 .../base/icons/icons/star-circle/index.scss   |   2 +-
 .../icons/icons/star-circle/keyframes.scss    |   2 +-
 .../icons/icons/star-circle/placeholders.scss |   2 +-
 .../icons/icons/star-circle/property-16.scss  |   2 +-
 .../icons/icons/star-circle/property-24.scss  |   2 +-
 .../base/icons/icons/star-fill/index.scss     |   2 +-
 .../base/icons/icons/star-fill/keyframes.scss |   2 +-
 .../icons/icons/star-fill/placeholders.scss   |   2 +-
 .../icons/icons/star-fill/property-16.scss    |   2 +-
 .../icons/icons/star-fill/property-24.scss    |   2 +-
 .../base/icons/icons/star-off/index.scss      |   2 +-
 .../base/icons/icons/star-off/keyframes.scss  |   2 +-
 .../icons/icons/star-off/placeholders.scss    |   2 +-
 .../icons/icons/star-off/property-16.scss     |   2 +-
 .../icons/icons/star-off/property-24.scss     |   2 +-
 .../base/icons/icons/star-outline/index.scss  |   2 +-
 .../icons/icons/star-outline/keyframes.scss   |   2 +-
 .../icons/star-outline/placeholders.scss      |   2 +-
 .../styles/base/icons/icons/star/index.scss   |   2 +-
 .../base/icons/icons/star/keyframes.scss      |   2 +-
 .../base/icons/icons/star/placeholders.scss   |   2 +-
 .../base/icons/icons/star/property-16.scss    |   2 +-
 .../base/icons/icons/star/property-24.scss    |   2 +-
 .../base/icons/icons/stop-circle/index.scss   |   2 +-
 .../icons/icons/stop-circle/keyframes.scss    |   2 +-
 .../icons/icons/stop-circle/placeholders.scss |   2 +-
 .../icons/icons/stop-circle/property-16.scss  |   2 +-
 .../icons/icons/stop-circle/property-24.scss  |   2 +-
 .../base/icons/icons/sub-left/index.scss      |   2 +-
 .../base/icons/icons/sub-left/keyframes.scss  |   2 +-
 .../icons/icons/sub-left/placeholders.scss    |   2 +-
 .../base/icons/icons/sub-right/index.scss     |   2 +-
 .../base/icons/icons/sub-right/keyframes.scss |   2 +-
 .../icons/icons/sub-right/placeholders.scss   |   2 +-
 .../styles/base/icons/icons/sun/index.scss    |   2 +-
 .../base/icons/icons/sun/keyframes.scss       |   2 +-
 .../base/icons/icons/sun/placeholders.scss    |   2 +-
 .../base/icons/icons/sun/property-16.scss     |   2 +-
 .../base/icons/icons/sun/property-24.scss     |   2 +-
 .../base/icons/icons/support/index.scss       |   2 +-
 .../base/icons/icons/support/keyframes.scss   |   2 +-
 .../icons/icons/support/placeholders.scss     |   2 +-
 .../base/icons/icons/support/property-16.scss |   2 +-
 .../base/icons/icons/support/property-24.scss |   2 +-
 .../icons/icons/swap-horizontal/index.scss    |   2 +-
 .../icons/swap-horizontal/keyframes.scss      |   2 +-
 .../icons/swap-horizontal/placeholders.scss   |   2 +-
 .../icons/swap-horizontal/property-16.scss    |   2 +-
 .../icons/swap-horizontal/property-24.scss    |   2 +-
 .../base/icons/icons/swap-vertical/index.scss |   2 +-
 .../icons/icons/swap-vertical/keyframes.scss  |   2 +-
 .../icons/swap-vertical/placeholders.scss     |   2 +-
 .../icons/swap-vertical/property-16.scss      |   2 +-
 .../icons/swap-vertical/property-24.scss      |   2 +-
 .../base/icons/icons/switcher/index.scss      |   2 +-
 .../base/icons/icons/switcher/keyframes.scss  |   2 +-
 .../icons/icons/switcher/placeholders.scss    |   2 +-
 .../icons/icons/switcher/property-16.scss     |   2 +-
 .../icons/icons/switcher/property-24.scss     |   2 +-
 .../base/icons/icons/sync-alert/index.scss    |   2 +-
 .../icons/icons/sync-alert/keyframes.scss     |   2 +-
 .../icons/icons/sync-alert/placeholders.scss  |   2 +-
 .../icons/icons/sync-alert/property-16.scss   |   2 +-
 .../icons/icons/sync-alert/property-24.scss   |   2 +-
 .../base/icons/icons/sync-reverse/index.scss  |   2 +-
 .../icons/icons/sync-reverse/keyframes.scss   |   2 +-
 .../icons/sync-reverse/placeholders.scss      |   2 +-
 .../icons/icons/sync-reverse/property-16.scss |   2 +-
 .../icons/icons/sync-reverse/property-24.scss |   2 +-
 .../styles/base/icons/icons/sync/index.scss   |   2 +-
 .../base/icons/icons/sync/keyframes.scss      |   2 +-
 .../base/icons/icons/sync/placeholders.scss   |   2 +-
 .../base/icons/icons/sync/property-16.scss    |   2 +-
 .../base/icons/icons/sync/property-24.scss    |   2 +-
 .../styles/base/icons/icons/tablet/index.scss |   2 +-
 .../base/icons/icons/tablet/keyframes.scss    |   2 +-
 .../base/icons/icons/tablet/placeholders.scss |   2 +-
 .../base/icons/icons/tablet/property-16.scss  |   2 +-
 .../base/icons/icons/tablet/property-24.scss  |   2 +-
 .../styles/base/icons/icons/tag/index.scss    |   2 +-
 .../base/icons/icons/tag/keyframes.scss       |   2 +-
 .../base/icons/icons/tag/placeholders.scss    |   2 +-
 .../base/icons/icons/tag/property-16.scss     |   2 +-
 .../base/icons/icons/tag/property-24.scss     |   2 +-
 .../styles/base/icons/icons/target/index.scss |   2 +-
 .../base/icons/icons/target/keyframes.scss    |   2 +-
 .../base/icons/icons/target/placeholders.scss |   2 +-
 .../base/icons/icons/target/property-16.scss  |   2 +-
 .../base/icons/icons/target/property-24.scss  |   2 +-
 .../icons/icons/terminal-screen/index.scss    |   2 +-
 .../icons/terminal-screen/keyframes.scss      |   2 +-
 .../icons/terminal-screen/placeholders.scss   |   2 +-
 .../icons/terminal-screen/property-16.scss    |   2 +-
 .../icons/terminal-screen/property-24.scss    |   2 +-
 .../base/icons/icons/terminal/index.scss      |   2 +-
 .../base/icons/icons/terminal/keyframes.scss  |   2 +-
 .../icons/icons/terminal/placeholders.scss    |   2 +-
 .../icons/icons/terminal/property-16.scss     |   2 +-
 .../icons/icons/terminal/property-24.scss     |   2 +-
 .../icons/icons/terraform-color/index.scss    |   2 +-
 .../icons/terraform-color/keyframes.scss      |   2 +-
 .../icons/terraform-color/placeholders.scss   |   2 +-
 .../icons/terraform-color/property-16.scss    |   2 +-
 .../icons/terraform-color/property-24.scss    |   2 +-
 .../base/icons/icons/terraform/index.scss     |   2 +-
 .../base/icons/icons/terraform/keyframes.scss |   2 +-
 .../icons/icons/terraform/placeholders.scss   |   2 +-
 .../icons/icons/terraform/property-16.scss    |   2 +-
 .../icons/icons/terraform/property-24.scss    |   2 +-
 .../base/icons/icons/thumbs-down/index.scss   |   2 +-
 .../icons/icons/thumbs-down/keyframes.scss    |   2 +-
 .../icons/icons/thumbs-down/placeholders.scss |   2 +-
 .../icons/icons/thumbs-down/property-16.scss  |   2 +-
 .../icons/icons/thumbs-down/property-24.scss  |   2 +-
 .../base/icons/icons/thumbs-up/index.scss     |   2 +-
 .../base/icons/icons/thumbs-up/keyframes.scss |   2 +-
 .../icons/icons/thumbs-up/placeholders.scss   |   2 +-
 .../icons/icons/thumbs-up/property-16.scss    |   2 +-
 .../icons/icons/thumbs-up/property-24.scss    |   2 +-
 .../base/icons/icons/toggle-left/index.scss   |   2 +-
 .../icons/icons/toggle-left/keyframes.scss    |   2 +-
 .../icons/icons/toggle-left/placeholders.scss |   2 +-
 .../icons/icons/toggle-left/property-16.scss  |   2 +-
 .../icons/icons/toggle-left/property-24.scss  |   2 +-
 .../base/icons/icons/toggle-right/index.scss  |   2 +-
 .../icons/icons/toggle-right/keyframes.scss   |   2 +-
 .../icons/toggle-right/placeholders.scss      |   2 +-
 .../icons/icons/toggle-right/property-16.scss |   2 +-
 .../icons/icons/toggle-right/property-24.scss |   2 +-
 .../styles/base/icons/icons/token/index.scss  |   2 +-
 .../base/icons/icons/token/keyframes.scss     |   2 +-
 .../base/icons/icons/token/placeholders.scss  |   2 +-
 .../base/icons/icons/token/property-16.scss   |   2 +-
 .../base/icons/icons/token/property-24.scss   |   2 +-
 .../styles/base/icons/icons/tools/index.scss  |   2 +-
 .../base/icons/icons/tools/keyframes.scss     |   2 +-
 .../base/icons/icons/tools/placeholders.scss  |   2 +-
 .../base/icons/icons/tools/property-16.scss   |   2 +-
 .../base/icons/icons/tools/property-24.scss   |   2 +-
 .../styles/base/icons/icons/top/index.scss    |   2 +-
 .../base/icons/icons/top/keyframes.scss       |   2 +-
 .../base/icons/icons/top/placeholders.scss    |   2 +-
 .../base/icons/icons/top/property-16.scss     |   2 +-
 .../base/icons/icons/top/property-24.scss     |   2 +-
 .../styles/base/icons/icons/trash/index.scss  |   2 +-
 .../base/icons/icons/trash/keyframes.scss     |   2 +-
 .../base/icons/icons/trash/placeholders.scss  |   2 +-
 .../base/icons/icons/trash/property-16.scss   |   2 +-
 .../base/icons/icons/trash/property-24.scss   |   2 +-
 .../base/icons/icons/trend-down/index.scss    |   2 +-
 .../icons/icons/trend-down/keyframes.scss     |   2 +-
 .../icons/icons/trend-down/placeholders.scss  |   2 +-
 .../icons/icons/trend-down/property-16.scss   |   2 +-
 .../icons/icons/trend-down/property-24.scss   |   2 +-
 .../base/icons/icons/trend-up/index.scss      |   2 +-
 .../base/icons/icons/trend-up/keyframes.scss  |   2 +-
 .../icons/icons/trend-up/placeholders.scss    |   2 +-
 .../icons/icons/trend-up/property-16.scss     |   2 +-
 .../icons/icons/trend-up/property-24.scss     |   2 +-
 .../base/icons/icons/triangle-fill/index.scss |   2 +-
 .../icons/icons/triangle-fill/keyframes.scss  |   2 +-
 .../icons/triangle-fill/placeholders.scss     |   2 +-
 .../icons/triangle-fill/property-16.scss      |   2 +-
 .../icons/triangle-fill/property-24.scss      |   2 +-
 .../base/icons/icons/triangle/index.scss      |   2 +-
 .../base/icons/icons/triangle/keyframes.scss  |   2 +-
 .../icons/icons/triangle/placeholders.scss    |   2 +-
 .../icons/icons/triangle/property-16.scss     |   2 +-
 .../icons/icons/triangle/property-24.scss     |   2 +-
 .../styles/base/icons/icons/truck/index.scss  |   2 +-
 .../base/icons/icons/truck/keyframes.scss     |   2 +-
 .../base/icons/icons/truck/placeholders.scss  |   2 +-
 .../base/icons/icons/truck/property-16.scss   |   2 +-
 .../base/icons/icons/truck/property-24.scss   |   2 +-
 .../styles/base/icons/icons/tune/index.scss   |   2 +-
 .../base/icons/icons/tune/keyframes.scss      |   2 +-
 .../base/icons/icons/tune/placeholders.scss   |   2 +-
 .../app/styles/base/icons/icons/tv/index.scss |   2 +-
 .../styles/base/icons/icons/tv/keyframes.scss |   2 +-
 .../base/icons/icons/tv/placeholders.scss     |   2 +-
 .../base/icons/icons/tv/property-16.scss      |   2 +-
 .../base/icons/icons/tv/property-24.scss      |   2 +-
 .../base/icons/icons/twitch-color/index.scss  |   2 +-
 .../icons/icons/twitch-color/keyframes.scss   |   2 +-
 .../icons/twitch-color/placeholders.scss      |   2 +-
 .../icons/icons/twitch-color/property-16.scss |   2 +-
 .../icons/icons/twitch-color/property-24.scss |   2 +-
 .../styles/base/icons/icons/twitch/index.scss |   2 +-
 .../base/icons/icons/twitch/keyframes.scss    |   2 +-
 .../base/icons/icons/twitch/placeholders.scss |   2 +-
 .../base/icons/icons/twitch/property-16.scss  |   2 +-
 .../base/icons/icons/twitch/property-24.scss  |   2 +-
 .../base/icons/icons/twitter-color/index.scss |   2 +-
 .../icons/icons/twitter-color/keyframes.scss  |   2 +-
 .../icons/twitter-color/placeholders.scss     |   2 +-
 .../icons/twitter-color/property-16.scss      |   2 +-
 .../icons/twitter-color/property-24.scss      |   2 +-
 .../base/icons/icons/twitter/index.scss       |   2 +-
 .../base/icons/icons/twitter/keyframes.scss   |   2 +-
 .../icons/icons/twitter/placeholders.scss     |   2 +-
 .../base/icons/icons/twitter/property-16.scss |   2 +-
 .../base/icons/icons/twitter/property-24.scss |   2 +-
 .../styles/base/icons/icons/type/index.scss   |   2 +-
 .../base/icons/icons/type/keyframes.scss      |   2 +-
 .../base/icons/icons/type/placeholders.scss   |   2 +-
 .../base/icons/icons/type/property-16.scss    |   2 +-
 .../base/icons/icons/type/property-24.scss    |   2 +-
 .../base/icons/icons/unfold-close/index.scss  |   2 +-
 .../icons/icons/unfold-close/keyframes.scss   |   2 +-
 .../icons/unfold-close/placeholders.scss      |   2 +-
 .../icons/icons/unfold-close/property-16.scss |   2 +-
 .../icons/icons/unfold-close/property-24.scss |   2 +-
 .../base/icons/icons/unfold-less/index.scss   |   2 +-
 .../icons/icons/unfold-less/keyframes.scss    |   2 +-
 .../icons/icons/unfold-less/placeholders.scss |   2 +-
 .../base/icons/icons/unfold-more/index.scss   |   2 +-
 .../icons/icons/unfold-more/keyframes.scss    |   2 +-
 .../icons/icons/unfold-more/placeholders.scss |   2 +-
 .../base/icons/icons/unfold-open/index.scss   |   2 +-
 .../icons/icons/unfold-open/keyframes.scss    |   2 +-
 .../icons/icons/unfold-open/placeholders.scss |   2 +-
 .../icons/icons/unfold-open/property-16.scss  |   2 +-
 .../icons/icons/unfold-open/property-24.scss  |   2 +-
 .../styles/base/icons/icons/union/index.scss  |   2 +-
 .../base/icons/icons/union/keyframes.scss     |   2 +-
 .../base/icons/icons/union/placeholders.scss  |   2 +-
 .../base/icons/icons/union/property-16.scss   |   2 +-
 .../base/icons/icons/union/property-24.scss   |   2 +-
 .../styles/base/icons/icons/unlock/index.scss |   2 +-
 .../base/icons/icons/unlock/keyframes.scss    |   2 +-
 .../base/icons/icons/unlock/placeholders.scss |   2 +-
 .../base/icons/icons/unlock/property-16.scss  |   2 +-
 .../base/icons/icons/unlock/property-24.scss  |   2 +-
 .../styles/base/icons/icons/upload/index.scss |   2 +-
 .../base/icons/icons/upload/keyframes.scss    |   2 +-
 .../base/icons/icons/upload/placeholders.scss |   2 +-
 .../base/icons/icons/upload/property-16.scss  |   2 +-
 .../base/icons/icons/upload/property-24.scss  |   2 +-
 .../base/icons/icons/user-add/index.scss      |   2 +-
 .../base/icons/icons/user-add/keyframes.scss  |   2 +-
 .../icons/icons/user-add/placeholders.scss    |   2 +-
 .../base/icons/icons/user-check/index.scss    |   2 +-
 .../icons/icons/user-check/keyframes.scss     |   2 +-
 .../icons/icons/user-check/placeholders.scss  |   2 +-
 .../icons/icons/user-check/property-16.scss   |   2 +-
 .../icons/icons/user-check/property-24.scss   |   2 +-
 .../icons/icons/user-circle-fill/index.scss   |   2 +-
 .../icons/user-circle-fill/keyframes.scss     |   2 +-
 .../icons/user-circle-fill/placeholders.scss  |   2 +-
 .../icons/user-circle-fill/property-16.scss   |   2 +-
 .../icons/user-circle-fill/property-24.scss   |   2 +-
 .../base/icons/icons/user-circle/index.scss   |   2 +-
 .../icons/icons/user-circle/keyframes.scss    |   2 +-
 .../icons/icons/user-circle/placeholders.scss |   2 +-
 .../icons/icons/user-circle/property-16.scss  |   2 +-
 .../icons/icons/user-circle/property-24.scss  |   2 +-
 .../base/icons/icons/user-minus/index.scss    |   2 +-
 .../icons/icons/user-minus/keyframes.scss     |   2 +-
 .../icons/icons/user-minus/placeholders.scss  |   2 +-
 .../icons/icons/user-minus/property-16.scss   |   2 +-
 .../icons/icons/user-minus/property-24.scss   |   2 +-
 .../icons/icons/user-organization/index.scss  |   2 +-
 .../icons/user-organization/keyframes.scss    |   2 +-
 .../icons/user-organization/placeholders.scss |   2 +-
 .../base/icons/icons/user-plain/index.scss    |   2 +-
 .../icons/icons/user-plain/keyframes.scss     |   2 +-
 .../icons/icons/user-plain/placeholders.scss  |   2 +-
 .../base/icons/icons/user-plus/index.scss     |   2 +-
 .../base/icons/icons/user-plus/keyframes.scss |   2 +-
 .../icons/icons/user-plus/placeholders.scss   |   2 +-
 .../icons/icons/user-plus/property-16.scss    |   2 +-
 .../icons/icons/user-plus/property-24.scss    |   2 +-
 .../icons/icons/user-square-fill/index.scss   |   2 +-
 .../icons/user-square-fill/keyframes.scss     |   2 +-
 .../icons/user-square-fill/placeholders.scss  |   2 +-
 .../icons/user-square-outline/index.scss      |   2 +-
 .../icons/user-square-outline/keyframes.scss  |   2 +-
 .../user-square-outline/placeholders.scss     |   2 +-
 .../base/icons/icons/user-team/index.scss     |   2 +-
 .../base/icons/icons/user-team/keyframes.scss |   2 +-
 .../icons/icons/user-team/placeholders.scss   |   2 +-
 .../styles/base/icons/icons/user-x/index.scss |   2 +-
 .../base/icons/icons/user-x/keyframes.scss    |   2 +-
 .../base/icons/icons/user-x/placeholders.scss |   2 +-
 .../base/icons/icons/user-x/property-16.scss  |   2 +-
 .../base/icons/icons/user-x/property-24.scss  |   2 +-
 .../styles/base/icons/icons/user/index.scss   |   2 +-
 .../base/icons/icons/user/keyframes.scss      |   2 +-
 .../base/icons/icons/user/placeholders.scss   |   2 +-
 .../base/icons/icons/user/property-16.scss    |   2 +-
 .../base/icons/icons/user/property-24.scss    |   2 +-
 .../styles/base/icons/icons/users/index.scss  |   2 +-
 .../base/icons/icons/users/keyframes.scss     |   2 +-
 .../base/icons/icons/users/placeholders.scss  |   2 +-
 .../base/icons/icons/users/property-16.scss   |   2 +-
 .../base/icons/icons/users/property-24.scss   |   2 +-
 .../base/icons/icons/vagrant-color/index.scss |   2 +-
 .../icons/icons/vagrant-color/keyframes.scss  |   2 +-
 .../icons/vagrant-color/placeholders.scss     |   2 +-
 .../icons/vagrant-color/property-16.scss      |   2 +-
 .../icons/vagrant-color/property-24.scss      |   2 +-
 .../base/icons/icons/vagrant/index.scss       |   2 +-
 .../base/icons/icons/vagrant/keyframes.scss   |   2 +-
 .../icons/icons/vagrant/placeholders.scss     |   2 +-
 .../base/icons/icons/vagrant/property-16.scss |   2 +-
 .../base/icons/icons/vagrant/property-24.scss |   2 +-
 .../base/icons/icons/vault-color/index.scss   |   2 +-
 .../icons/icons/vault-color/keyframes.scss    |   2 +-
 .../icons/icons/vault-color/placeholders.scss |   2 +-
 .../icons/icons/vault-color/property-16.scss  |   2 +-
 .../icons/icons/vault-color/property-24.scss  |   2 +-
 .../styles/base/icons/icons/vault/index.scss  |   2 +-
 .../base/icons/icons/vault/keyframes.scss     |   2 +-
 .../base/icons/icons/vault/placeholders.scss  |   2 +-
 .../base/icons/icons/vault/property-16.scss   |   2 +-
 .../base/icons/icons/vault/property-24.scss   |   2 +-
 .../base/icons/icons/verified/index.scss      |   2 +-
 .../base/icons/icons/verified/keyframes.scss  |   2 +-
 .../icons/icons/verified/placeholders.scss    |   2 +-
 .../icons/icons/verified/property-16.scss     |   2 +-
 .../icons/icons/verified/property-24.scss     |   2 +-
 .../base/icons/icons/video-off/index.scss     |   2 +-
 .../base/icons/icons/video-off/keyframes.scss |   2 +-
 .../icons/icons/video-off/placeholders.scss   |   2 +-
 .../icons/icons/video-off/property-16.scss    |   2 +-
 .../icons/icons/video-off/property-24.scss    |   2 +-
 .../styles/base/icons/icons/video/index.scss  |   2 +-
 .../base/icons/icons/video/keyframes.scss     |   2 +-
 .../base/icons/icons/video/placeholders.scss  |   2 +-
 .../base/icons/icons/video/property-16.scss   |   2 +-
 .../base/icons/icons/video/property-24.scss   |   2 +-
 .../icons/icons/visibility-hide/index.scss    |   2 +-
 .../icons/visibility-hide/keyframes.scss      |   2 +-
 .../icons/visibility-hide/placeholders.scss   |   2 +-
 .../icons/icons/visibility-show/index.scss    |   2 +-
 .../icons/visibility-show/keyframes.scss      |   2 +-
 .../icons/visibility-show/placeholders.scss   |   2 +-
 .../base/icons/icons/vmware-color/index.scss  |   2 +-
 .../icons/icons/vmware-color/keyframes.scss   |   2 +-
 .../icons/vmware-color/placeholders.scss      |   2 +-
 .../icons/icons/vmware-color/property-16.scss |   2 +-
 .../icons/icons/vmware-color/property-24.scss |   2 +-
 .../styles/base/icons/icons/vmware/index.scss |   2 +-
 .../base/icons/icons/vmware/keyframes.scss    |   2 +-
 .../base/icons/icons/vmware/placeholders.scss |   2 +-
 .../base/icons/icons/vmware/property-16.scss  |   2 +-
 .../base/icons/icons/vmware/property-24.scss  |   2 +-
 .../base/icons/icons/volume-2/index.scss      |   2 +-
 .../base/icons/icons/volume-2/keyframes.scss  |   2 +-
 .../icons/icons/volume-2/placeholders.scss    |   2 +-
 .../icons/icons/volume-2/property-16.scss     |   2 +-
 .../icons/icons/volume-2/property-24.scss     |   2 +-
 .../base/icons/icons/volume-down/index.scss   |   2 +-
 .../icons/icons/volume-down/keyframes.scss    |   2 +-
 .../icons/icons/volume-down/placeholders.scss |   2 +-
 .../icons/icons/volume-down/property-16.scss  |   2 +-
 .../icons/icons/volume-down/property-24.scss  |   2 +-
 .../base/icons/icons/volume-x/index.scss      |   2 +-
 .../base/icons/icons/volume-x/keyframes.scss  |   2 +-
 .../icons/icons/volume-x/placeholders.scss    |   2 +-
 .../icons/icons/volume-x/property-16.scss     |   2 +-
 .../icons/icons/volume-x/property-24.scss     |   2 +-
 .../styles/base/icons/icons/volume/index.scss |   2 +-
 .../base/icons/icons/volume/keyframes.scss    |   2 +-
 .../base/icons/icons/volume/placeholders.scss |   2 +-
 .../base/icons/icons/volume/property-16.scss  |   2 +-
 .../base/icons/icons/volume/property-24.scss  |   2 +-
 .../styles/base/icons/icons/wall/index.scss   |   2 +-
 .../base/icons/icons/wall/keyframes.scss      |   2 +-
 .../base/icons/icons/wall/placeholders.scss   |   2 +-
 .../base/icons/icons/wall/property-16.scss    |   2 +-
 .../base/icons/icons/wall/property-24.scss    |   2 +-
 .../styles/base/icons/icons/wand/index.scss   |   2 +-
 .../base/icons/icons/wand/keyframes.scss      |   2 +-
 .../base/icons/icons/wand/placeholders.scss   |   2 +-
 .../base/icons/icons/wand/property-16.scss    |   2 +-
 .../base/icons/icons/wand/property-24.scss    |   2 +-
 .../styles/base/icons/icons/watch/index.scss  |   2 +-
 .../base/icons/icons/watch/keyframes.scss     |   2 +-
 .../base/icons/icons/watch/placeholders.scss  |   2 +-
 .../base/icons/icons/watch/property-16.scss   |   2 +-
 .../base/icons/icons/watch/property-24.scss   |   2 +-
 .../icons/icons/waypoint-color/index.scss     |   2 +-
 .../icons/icons/waypoint-color/keyframes.scss |   2 +-
 .../icons/waypoint-color/placeholders.scss    |   2 +-
 .../icons/waypoint-color/property-16.scss     |   2 +-
 .../icons/waypoint-color/property-24.scss     |   2 +-
 .../base/icons/icons/waypoint/index.scss      |   2 +-
 .../base/icons/icons/waypoint/keyframes.scss  |   2 +-
 .../icons/icons/waypoint/placeholders.scss    |   2 +-
 .../icons/icons/waypoint/property-16.scss     |   2 +-
 .../icons/icons/waypoint/property-24.scss     |   2 +-
 .../base/icons/icons/webhook/index.scss       |   2 +-
 .../base/icons/icons/webhook/keyframes.scss   |   2 +-
 .../icons/icons/webhook/placeholders.scss     |   2 +-
 .../base/icons/icons/webhook/property-16.scss |   2 +-
 .../base/icons/icons/webhook/property-24.scss |   2 +-
 .../base/icons/icons/wifi-off/index.scss      |   2 +-
 .../base/icons/icons/wifi-off/keyframes.scss  |   2 +-
 .../icons/icons/wifi-off/placeholders.scss    |   2 +-
 .../icons/icons/wifi-off/property-16.scss     |   2 +-
 .../icons/icons/wifi-off/property-24.scss     |   2 +-
 .../styles/base/icons/icons/wifi/index.scss   |   2 +-
 .../base/icons/icons/wifi/keyframes.scss      |   2 +-
 .../base/icons/icons/wifi/placeholders.scss   |   2 +-
 .../base/icons/icons/wifi/property-16.scss    |   2 +-
 .../base/icons/icons/wifi/property-24.scss    |   2 +-
 .../styles/base/icons/icons/wrench/index.scss |   2 +-
 .../base/icons/icons/wrench/keyframes.scss    |   2 +-
 .../base/icons/icons/wrench/placeholders.scss |   2 +-
 .../base/icons/icons/wrench/property-16.scss  |   2 +-
 .../base/icons/icons/wrench/property-24.scss  |   2 +-
 .../base/icons/icons/x-circle-fill/index.scss |   2 +-
 .../icons/icons/x-circle-fill/keyframes.scss  |   2 +-
 .../icons/x-circle-fill/placeholders.scss     |   2 +-
 .../icons/x-circle-fill/property-16.scss      |   2 +-
 .../icons/x-circle-fill/property-24.scss      |   2 +-
 .../base/icons/icons/x-circle/index.scss      |   2 +-
 .../base/icons/icons/x-circle/keyframes.scss  |   2 +-
 .../icons/icons/x-circle/placeholders.scss    |   2 +-
 .../icons/icons/x-circle/property-16.scss     |   2 +-
 .../icons/icons/x-circle/property-24.scss     |   2 +-
 .../icons/icons/x-diamond-fill/index.scss     |   2 +-
 .../icons/icons/x-diamond-fill/keyframes.scss |   2 +-
 .../icons/x-diamond-fill/placeholders.scss    |   2 +-
 .../icons/x-diamond-fill/property-16.scss     |   2 +-
 .../icons/x-diamond-fill/property-24.scss     |   2 +-
 .../base/icons/icons/x-diamond/index.scss     |   2 +-
 .../base/icons/icons/x-diamond/keyframes.scss |   2 +-
 .../icons/icons/x-diamond/placeholders.scss   |   2 +-
 .../icons/icons/x-diamond/property-16.scss    |   2 +-
 .../icons/icons/x-diamond/property-24.scss    |   2 +-
 .../icons/icons/x-hexagon-fill/index.scss     |   2 +-
 .../icons/icons/x-hexagon-fill/keyframes.scss |   2 +-
 .../icons/x-hexagon-fill/placeholders.scss    |   2 +-
 .../icons/x-hexagon-fill/property-16.scss     |   2 +-
 .../icons/x-hexagon-fill/property-24.scss     |   2 +-
 .../base/icons/icons/x-hexagon/index.scss     |   2 +-
 .../base/icons/icons/x-hexagon/keyframes.scss |   2 +-
 .../icons/icons/x-hexagon/placeholders.scss   |   2 +-
 .../icons/icons/x-hexagon/property-16.scss    |   2 +-
 .../icons/icons/x-hexagon/property-24.scss    |   2 +-
 .../base/icons/icons/x-square-fill/index.scss |   2 +-
 .../icons/icons/x-square-fill/keyframes.scss  |   2 +-
 .../icons/x-square-fill/placeholders.scss     |   2 +-
 .../icons/x-square-fill/property-16.scss      |   2 +-
 .../icons/x-square-fill/property-24.scss      |   2 +-
 .../base/icons/icons/x-square/index.scss      |   2 +-
 .../base/icons/icons/x-square/keyframes.scss  |   2 +-
 .../icons/icons/x-square/placeholders.scss    |   2 +-
 .../icons/icons/x-square/property-16.scss     |   2 +-
 .../icons/icons/x-square/property-24.scss     |   2 +-
 .../app/styles/base/icons/icons/x/index.scss  |   2 +-
 .../styles/base/icons/icons/x/keyframes.scss  |   2 +-
 .../base/icons/icons/x/placeholders.scss      |   2 +-
 .../base/icons/icons/x/property-16.scss       |   2 +-
 .../base/icons/icons/x/property-24.scss       |   2 +-
 .../base/icons/icons/youtube-color/index.scss |   2 +-
 .../icons/icons/youtube-color/keyframes.scss  |   2 +-
 .../icons/youtube-color/placeholders.scss     |   2 +-
 .../icons/youtube-color/property-16.scss      |   2 +-
 .../icons/youtube-color/property-24.scss      |   2 +-
 .../base/icons/icons/youtube/index.scss       |   2 +-
 .../base/icons/icons/youtube/keyframes.scss   |   2 +-
 .../icons/icons/youtube/placeholders.scss     |   2 +-
 .../base/icons/icons/youtube/property-16.scss |   2 +-
 .../base/icons/icons/youtube/property-24.scss |   2 +-
 .../base/icons/icons/zap-off/index.scss       |   2 +-
 .../base/icons/icons/zap-off/keyframes.scss   |   2 +-
 .../icons/icons/zap-off/placeholders.scss     |   2 +-
 .../base/icons/icons/zap-off/property-16.scss |   2 +-
 .../base/icons/icons/zap-off/property-24.scss |   2 +-
 .../styles/base/icons/icons/zap/index.scss    |   2 +-
 .../base/icons/icons/zap/keyframes.scss       |   2 +-
 .../base/icons/icons/zap/placeholders.scss    |   2 +-
 .../base/icons/icons/zap/property-16.scss     |   2 +-
 .../base/icons/icons/zap/property-24.scss     |   2 +-
 .../base/icons/icons/zoom-in/index.scss       |   2 +-
 .../base/icons/icons/zoom-in/keyframes.scss   |   2 +-
 .../icons/icons/zoom-in/placeholders.scss     |   2 +-
 .../base/icons/icons/zoom-in/property-16.scss |   2 +-
 .../base/icons/icons/zoom-in/property-24.scss |   2 +-
 .../base/icons/icons/zoom-out/index.scss      |   2 +-
 .../base/icons/icons/zoom-out/keyframes.scss  |   2 +-
 .../icons/icons/zoom-out/placeholders.scss    |   2 +-
 .../icons/icons/zoom-out/property-16.scss     |   2 +-
 .../icons/icons/zoom-out/property-24.scss     |   2 +-
 .../app/styles/base/icons/index.scss          |   2 +-
 .../app/styles/base/icons/overrides.scss      |   2 +-
 .../consul-ui/app/styles/base/index.scss      |   2 +-
 .../app/styles/base/reset/base-variables.scss |   2 +-
 .../app/styles/base/reset/index.scss          |   2 +-
 .../app/styles/base/reset/minireset.scss      |   2 +-
 .../app/styles/base/reset/system.scss         |   2 +-
 .../base/typography/base-keyframes.scss       |   2 +-
 .../base/typography/base-placeholders.scss    |   2 +-
 .../app/styles/base/typography/index.scss     |   2 +-
 .../consul-ui/app/styles/components.scss      |   2 +-
 ui/packages/consul-ui/app/styles/debug.scss   |   2 +-
 ui/packages/consul-ui/app/styles/icons.scss   |   2 +-
 ui/packages/consul-ui/app/styles/layout.scss  |   2 +-
 .../consul-ui/app/styles/layouts/index.scss   |   2 +-
 .../app/styles/prism-coldark-cold.scss        |   2 +-
 .../app/styles/prism-coldark-dark.scss        |   2 +-
 ui/packages/consul-ui/app/styles/routes.scss  |   2 +-
 .../app/styles/routes/dc/acls/index.scss      |   2 +-
 .../styles/routes/dc/intentions/index.scss    |   2 +-
 .../app/styles/routes/dc/kv/index.scss        |   2 +-
 .../app/styles/routes/dc/nodes/index.scss     |   2 +-
 .../styles/routes/dc/overview/license.scss    |   2 +-
 .../routes/dc/overview/serverstatus.scss      |   2 +-
 .../app/styles/routes/dc/services/index.scss  |   2 +-
 .../consul-ui/app/styles/tailwind.scss        |   2 +-
 ui/packages/consul-ui/app/styles/themes.scss  |   2 +-
 .../consul-ui/app/styles/typography.scss      |   2 +-
 .../consul-ui/app/styles/variables.scss       |   2 +-
 .../app/styles/variables/custom-query.scss    |   2 +-
 .../app/styles/variables/layout.scss          |   2 +-
 .../consul-ui/app/styles/variables/skin.scss  |   2 +-
 .../consul-ui/app/templates/application.hbs   |   2 +-
 ui/packages/consul-ui/app/templates/dc.hbs    |   2 +-
 .../consul-ui/app/templates/dc/acls.hbs       |   2 +-
 .../templates/dc/acls/auth-methods/index.hbs  |   2 +-
 .../templates/dc/acls/auth-methods/show.hbs   |   2 +-
 .../dc/acls/auth-methods/show/auth-method.hbs |   2 +-
 .../acls/auth-methods/show/binding-rules.hbs  |   2 +-
 .../acls/auth-methods/show/nspace-rules.hbs   |   2 +-
 .../consul-ui/app/templates/dc/acls/index.hbs |   2 +-
 .../app/templates/dc/acls/policies/-form.hbs  |   2 +-
 .../app/templates/dc/acls/policies/edit.hbs   |   2 +-
 .../app/templates/dc/acls/policies/index.hbs  |   2 +-
 .../app/templates/dc/acls/roles/-form.hbs     |   2 +-
 .../app/templates/dc/acls/roles/edit.hbs      |   2 +-
 .../app/templates/dc/acls/roles/index.hbs     |   2 +-
 .../dc/acls/tokens/-fieldsets-legacy.hbs      |   2 +-
 .../templates/dc/acls/tokens/-fieldsets.hbs   |   2 +-
 .../app/templates/dc/acls/tokens/-form.hbs    |   2 +-
 .../app/templates/dc/acls/tokens/edit.hbs     |   2 +-
 .../app/templates/dc/acls/tokens/index.hbs    |   2 +-
 .../app/templates/dc/intentions/edit.hbs      |   2 +-
 .../app/templates/dc/intentions/index.hbs     |   2 +-
 .../consul-ui/app/templates/dc/kv/edit.hbs    |   2 +-
 .../consul-ui/app/templates/dc/kv/index.hbs   |   2 +-
 .../app/templates/dc/nodes/index.hbs          |   2 +-
 .../consul-ui/app/templates/dc/nodes/show.hbs |   2 +-
 .../templates/dc/nodes/show/healthchecks.hbs  |   2 +-
 .../app/templates/dc/nodes/show/index.hbs     |   2 +-
 .../app/templates/dc/nodes/show/metadata.hbs  |   2 +-
 .../app/templates/dc/nodes/show/rtt.hbs       |   2 +-
 .../app/templates/dc/nodes/show/services.hbs  |   2 +-
 .../app/templates/dc/routing-config.hbs       |   2 +-
 .../app/templates/dc/services/index.hbs       |   2 +-
 .../app/templates/dc/services/instance.hbs    |   2 +-
 .../dc/services/instance/addresses.hbs        |   2 +-
 .../dc/services/instance/exposedpaths.hbs     |   2 +-
 .../dc/services/instance/healthchecks.hbs     |   2 +-
 .../dc/services/instance/metadata.hbs         |   2 +-
 .../dc/services/instance/upstreams.hbs        |   2 +-
 .../app/templates/dc/services/show.hbs        |   2 +-
 .../app/templates/dc/services/show/index.hbs  |   2 +-
 .../templates/dc/services/show/instances.hbs  |   2 +-
 .../templates/dc/services/show/intentions.hbs |   2 +-
 .../dc/services/show/intentions/edit.hbs      |   2 +-
 .../dc/services/show/intentions/index.hbs     |   2 +-
 .../templates/dc/services/show/routing.hbs    |   2 +-
 .../templates/dc/services/show/services.hbs   |   2 +-
 .../app/templates/dc/services/show/tags.hbs   |   2 +-
 .../templates/dc/services/show/topology.hbs   |   2 +-
 .../templates/dc/services/show/upstreams.hbs  |   2 +-
 .../consul-ui/app/templates/dc/show.hbs       |   2 +-
 .../consul-ui/app/templates/dc/show/index.hbs |   2 +-
 .../app/templates/dc/show/license.hbs         |   2 +-
 .../app/templates/dc/show/serverstatus.hbs    |   2 +-
 ui/packages/consul-ui/app/templates/debug.hbs |   2 +-
 ui/packages/consul-ui/app/templates/error.hbs |   2 +-
 ui/packages/consul-ui/app/templates/index.hbs |   2 +-
 .../consul-ui/app/templates/loading.hbs       |   2 +-
 .../consul-ui/app/templates/notfound.hbs      |   2 +-
 .../app/templates/oauth-provider-debug.hbs    |   2 +-
 .../consul-ui/app/templates/settings.hbs      |   2 +-
 ui/packages/consul-ui/app/utils/ascend.js     |   2 +-
 ui/packages/consul-ui/app/utils/atob.js       |   2 +-
 ui/packages/consul-ui/app/utils/btoa.js       |   2 +-
 .../consul-ui/app/utils/callable-type.js      |   2 +-
 .../app/utils/create-fingerprinter.js         |   2 +-
 ui/packages/consul-ui/app/utils/distance.js   |   2 +-
 .../app/utils/dom/click-first-anchor.js       |   2 +-
 .../consul-ui/app/utils/dom/closest.js        |   2 +-
 .../app/utils/dom/create-listeners.js         |   2 +-
 .../app/utils/dom/event-source/blocking.js    |   2 +-
 .../app/utils/dom/event-source/cache.js       |   2 +-
 .../app/utils/dom/event-source/callable.js    |   2 +-
 .../app/utils/dom/event-source/index.js       |   2 +-
 .../app/utils/dom/event-source/openable.js    |   2 +-
 .../app/utils/dom/event-source/proxy.js       |   2 +-
 .../app/utils/dom/event-source/resolver.js    |   2 +-
 .../app/utils/dom/event-source/storage.js     |   2 +-
 .../app/utils/dom/get-component-factory.js    |   2 +-
 .../consul-ui/app/utils/dom/is-outside.js     |   2 +-
 .../app/utils/dom/normalize-event.js          |   2 +-
 .../consul-ui/app/utils/dom/qsa-factory.js    |   2 +-
 .../consul-ui/app/utils/dom/sibling.js        |   2 +-
 .../consul-ui/app/utils/editor/lint.js        |   2 +-
 .../consul-ui/app/utils/filter/index.js       |   2 +-
 .../consul-ui/app/utils/form/builder.js       |   2 +-
 .../consul-ui/app/utils/form/changeset.js     |   2 +-
 .../consul-ui/app/utils/get-environment.js    |   2 +-
 .../app/utils/get-form-name-property.js       |   2 +-
 .../app/utils/helpers/call-if-type.js         |   2 +-
 .../consul-ui/app/utils/http/consul.js        |   2 +-
 .../app/utils/http/create-headers.js          |   2 +-
 .../app/utils/http/create-query-params.js     |   2 +-
 .../consul-ui/app/utils/http/create-url.js    |   2 +-
 ui/packages/consul-ui/app/utils/http/error.js |   2 +-
 .../consul-ui/app/utils/http/headers.js       |   2 +-
 .../consul-ui/app/utils/http/method.js        |   2 +-
 .../consul-ui/app/utils/http/request.js       |   2 +-
 .../consul-ui/app/utils/http/status.js        |   2 +-
 ui/packages/consul-ui/app/utils/http/xhr.js   |   2 +-
 .../app/utils/intl/missing-message.js         |   2 +-
 ui/packages/consul-ui/app/utils/isFolder.js   |   2 +-
 ui/packages/consul-ui/app/utils/keyToArray.js |   2 +-
 ui/packages/consul-ui/app/utils/left-trim.js  |   2 +-
 ui/packages/consul-ui/app/utils/maybe-call.js |   2 +-
 .../consul-ui/app/utils/merge-checks.js       |   2 +-
 .../consul-ui/app/utils/minimizeModel.js      |   2 +-
 .../consul-ui/app/utils/non-empty-set.js      |   2 +-
 .../consul-ui/app/utils/path/resolve.js       |   2 +-
 .../consul-ui/app/utils/promisedTimeout.js    |   2 +-
 ui/packages/consul-ui/app/utils/right-trim.js |   2 +-
 .../app/utils/routing/redirect-to.js          |   2 +-
 .../app/utils/routing/transitionable.js       |   2 +-
 .../consul-ui/app/utils/routing/walk.js       |   2 +-
 .../consul-ui/app/utils/routing/wildcard.js   |   2 +-
 .../consul-ui/app/utils/search/exact.js       |   2 +-
 .../consul-ui/app/utils/search/fuzzy.js       |   2 +-
 .../consul-ui/app/utils/search/predicate.js   |   2 +-
 .../consul-ui/app/utils/search/regexp.js      |   2 +-
 .../app/utils/storage/local-storage.js        |   2 +-
 ui/packages/consul-ui/app/utils/templatize.js |   2 +-
 .../consul-ui/app/utils/ticker/index.js       |   2 +-
 ui/packages/consul-ui/app/utils/tomography.js |   2 +-
 ui/packages/consul-ui/app/utils/ucfirst.js    |   2 +-
 .../app/utils/update-array-object.js          |   2 +-
 .../intention-permission-http-header.js       |   2 +-
 .../app/validations/intention-permission.js   |   2 +-
 .../consul-ui/app/validations/intention.js    |   2 +-
 ui/packages/consul-ui/app/validations/kv.js   |   2 +-
 .../consul-ui/app/validations/policy.js       |   2 +-
 ui/packages/consul-ui/app/validations/role.js |   2 +-
 .../consul-ui/app/validations/sometimes.js    |   2 +-
 .../consul-ui/app/validations/token.js        |   2 +-
 .../blueprints/adapter-test/index.js          |   2 +-
 .../__path__/integration/adapters/__test__.js |   2 +-
 .../__path__/unit/adapters/__test__.js        |   2 +-
 .../files/__root__/__path__/__name__.js       |   2 +-
 .../consul-ui/blueprints/adapter/index.js     |   2 +-
 .../__templatepath__/__templatename__.hbs     |   2 +-
 .../consul-ui/blueprints/component/index.js   |   2 +-
 .../files/__root__/__path__/__name__.scss     |   2 +-
 .../__root__/__path__/__name__/index.scss     |   2 +-
 .../__root__/__path__/__name__/layout.scss    |   2 +-
 .../__root__/__path__/__name__/skin.scss      |   2 +-
 .../blueprints/css-component/index.js         |   2 +-
 .../consul-ui/blueprints/model-test/index.js  |   2 +-
 .../__root__/__path__/unit/models/__test__.js |   2 +-
 .../model/files/__root__/__path__/__name__.js |   2 +-
 .../consul-ui/blueprints/model/index.js       |   2 +-
 .../blueprints/repository-test/index.js       |   2 +-
 .../services/repository/__test__.js           |   2 +-
 .../unit/services/repository/__test__.js      |   2 +-
 .../files/__root__/__path__/__name__.js       |   2 +-
 .../consul-ui/blueprints/repository/index.js  |   2 +-
 .../consul-ui/blueprints/route-test/index.js  |   2 +-
 .../consul-ui/blueprints/route/index.js       |   2 +-
 .../__templatepath__/__templatename__.hbs     |   2 +-
 .../blueprints/serializer-test/index.js       |   2 +-
 .../integration/serializers/__test__.js       |   2 +-
 .../__path__/unit/serializers/__test__.js     |   2 +-
 .../files/__root__/__path__/__name__.js       |   2 +-
 .../consul-ui/blueprints/serializer/index.js  |   2 +-
 .../consul-ui/config/deprecation-workflow.js  |   2 +-
 ui/packages/consul-ui/config/ember-intl.js    |   2 +-
 ui/packages/consul-ui/config/environment.js   |   2 +-
 ui/packages/consul-ui/config/targets.js       |   2 +-
 ui/packages/consul-ui/config/utils.js         |   2 +-
 ui/packages/consul-ui/ember-cli-build.js      |   2 +-
 ui/packages/consul-ui/lib/.eslintrc.js        |   2 +-
 .../lib/colocated-components/index.js         |   2 +-
 .../consul-ui/lib/commands/bin/list.js        |   2 +-
 ui/packages/consul-ui/lib/commands/index.js   |   2 +-
 .../consul-ui/lib/commands/lib/list.js        |   2 +-
 .../consul-ui/lib/custom-element/index.js     |   2 +-
 ui/packages/consul-ui/lib/startup/index.js    |   2 +-
 .../lib/startup/templates/body.html.js        |   2 +-
 .../lib/startup/templates/head.html.js        |   2 +-
 .../node-tests/config/environment.js          |   2 +-
 .../consul-ui/node-tests/config/utils.js      |   2 +-
 ui/packages/consul-ui/server/index.js         |   2 +-
 ui/packages/consul-ui/tailwind.config.js      |   2 +-
 ui/packages/consul-ui/testem.js               |   2 +-
 .../tests/acceptance/hcp-login-test.js        |   2 +-
 .../acceptance/steps/api-prefix-steps.js      |   2 +-
 .../steps/components/acl-filter-steps.js      |   2 +-
 .../steps/components/catalog-filter-steps.js  |   2 +-
 .../steps/components/catalog-toolbar-steps.js |   2 +-
 .../steps/components/copy-button-steps.js     |   2 +-
 .../steps/components/kv-filter-steps.js       |   2 +-
 .../steps/components/text-input-steps.js      |   2 +-
 .../acceptance/steps/dc/acls/access-steps.js  |   2 +-
 .../steps/dc/acls/auth-methods/index-steps.js |   2 +-
 .../dc/acls/auth-methods/navigation-steps.js  |   2 +-
 .../dc/acls/auth-methods/sorting-steps.js     |   2 +-
 .../acceptance/steps/dc/acls/index-steps.js   |   2 +-
 .../steps/dc/acls/list-order-steps.js         |   2 +-
 .../policies/as-many/add-existing-steps.js    |   2 +-
 .../dc/acls/policies/as-many/add-new-steps.js |   2 +-
 .../dc/acls/policies/as-many/list-steps.js    |   2 +-
 .../dc/acls/policies/as-many/nspaces-steps.js |   2 +-
 .../dc/acls/policies/as-many/remove-steps.js  |   2 +-
 .../dc/acls/policies/as-many/reset-steps.js   |   2 +-
 .../steps/dc/acls/policies/create-steps.js    |   2 +-
 .../steps/dc/acls/policies/delete-steps.js    |   2 +-
 .../steps/dc/acls/policies/index-steps.js     |   2 +-
 .../dc/acls/policies/navigation-steps.js      |   2 +-
 .../steps/dc/acls/policies/sorting-steps.js   |   2 +-
 .../steps/dc/acls/policies/update-steps.js    |   2 +-
 .../dc/acls/policies/view-management-steps.js |   2 +-
 .../acls/roles/as-many/add-existing-steps.js  |   2 +-
 .../dc/acls/roles/as-many/add-new-steps.js    |   2 +-
 .../steps/dc/acls/roles/as-many/list-steps.js |   2 +-
 .../dc/acls/roles/as-many/remove-steps.js     |   2 +-
 .../steps/dc/acls/roles/create-steps.js       |   2 +-
 .../steps/dc/acls/roles/index-steps.js        |   2 +-
 .../steps/dc/acls/roles/navigation-steps.js   |   2 +-
 .../steps/dc/acls/roles/sorting-steps.js      |   2 +-
 .../steps/dc/acls/roles/update-steps.js       |   2 +-
 .../acls/tokens/anonymous-no-delete-steps.js  |   2 +-
 .../steps/dc/acls/tokens/clone-steps.js       |   2 +-
 .../steps/dc/acls/tokens/create-steps.js      |   2 +-
 .../steps/dc/acls/tokens/index-steps.js       |   2 +-
 .../dc/acls/tokens/legacy/update-steps.js     |   2 +-
 .../dc/acls/tokens/login-errors-steps.js      |   2 +-
 .../steps/dc/acls/tokens/login-steps.js       |   2 +-
 .../steps/dc/acls/tokens/navigation-steps.js  |   2 +-
 .../dc/acls/tokens/own-no-delete-steps.js     |   2 +-
 .../steps/dc/acls/tokens/sorting-steps.js     |   2 +-
 .../steps/dc/acls/tokens/update-steps.js      |   2 +-
 .../steps/dc/acls/tokens/use-steps.js         |   2 +-
 .../acceptance/steps/dc/acls/update-steps.js  |   2 +-
 .../acceptance/steps/dc/acls/use-steps.js     |   2 +-
 .../tests/acceptance/steps/dc/error-steps.js  |   2 +-
 .../acceptance/steps/dc/forwarding-steps.js   |   2 +-
 .../tests/acceptance/steps/dc/index-steps.js  |   2 +-
 .../steps/dc/intentions/create-steps.js       |   2 +-
 .../steps/dc/intentions/delete-steps.js       |   2 +-
 .../dc/intentions/filtered-select-steps.js    |   2 +-
 .../steps/dc/intentions/form-select-steps.js  |   2 +-
 .../steps/dc/intentions/index-steps.js        |   2 +-
 .../steps/dc/intentions/navigation-steps.js   |   2 +-
 .../dc/intentions/permissions/create-steps.js |   2 +-
 .../dc/intentions/permissions/warn-steps.js   |   2 +-
 .../steps/dc/intentions/read-only-steps.js    |   2 +-
 .../steps/dc/intentions/sorting-steps.js      |   2 +-
 .../steps/dc/intentions/update-steps.js       |   2 +-
 .../steps/dc/kv/index/view-kvs-steps.js       |   2 +-
 .../acceptance/steps/dc/kvs/create-steps.js   |   2 +-
 .../acceptance/steps/dc/kvs/delete-steps.js   |   2 +-
 .../acceptance/steps/dc/kvs/edit-steps.js     |   2 +-
 .../acceptance/steps/dc/kvs/index-steps.js    |   2 +-
 .../steps/dc/kvs/list-order-steps.js          |   2 +-
 .../steps/dc/kvs/sessions/invalidate-steps.js |   2 +-
 .../steps/dc/kvs/trailing-slash-steps.js      |   2 +-
 .../acceptance/steps/dc/kvs/update-steps.js   |   2 +-
 .../steps/dc/list-blocking-steps.js           |   2 +-
 .../tests/acceptance/steps/dc/list-steps.js   |   2 +-
 .../steps/dc/nodes/empty-ids-steps.js         |   2 +-
 .../acceptance/steps/dc/nodes/index-steps.js  |   2 +-
 .../steps/dc/nodes/index/view-nodes-steps.js  |   2 +-
 .../steps/dc/nodes/navigation-steps.js        |   2 +-
 .../steps/dc/nodes/no-leader-steps.js         |   2 +-
 .../steps/dc/nodes/services/list-steps.js     |   2 +-
 .../dc/nodes/sessions/invalidate-steps.js     |   2 +-
 .../steps/dc/nodes/sessions/list-steps.js     |   2 +-
 .../acceptance/steps/dc/nodes/show-steps.js   |   2 +-
 .../dc/nodes/show/health-checks-steps.js      |   2 +-
 .../steps/dc/nodes/sorting-steps.js           |   2 +-
 .../steps/dc/nspaces/create-steps.js          |   2 +-
 .../steps/dc/nspaces/delete-steps.js          |   2 +-
 .../steps/dc/nspaces/index-steps.js           |   2 +-
 .../steps/dc/nspaces/manage-steps.js          |   2 +-
 .../steps/dc/nspaces/sorting-steps.js         |   2 +-
 .../steps/dc/nspaces/update-steps.js          |   2 +-
 .../acceptance/steps/dc/peers/create-steps.js |   2 +-
 .../acceptance/steps/dc/peers/delete-steps.js |   2 +-
 .../steps/dc/peers/establish-steps.js         |   2 +-
 .../acceptance/steps/dc/peers/index-steps.js  |   2 +-
 .../steps/dc/peers/regenerate-steps.js        |   2 +-
 .../acceptance/steps/dc/peers/show-steps.js   |   2 +-
 .../steps/dc/routing-config-steps.js          |   2 +-
 .../steps/dc/services/dc-switch-steps.js      |   2 +-
 .../steps/dc/services/error-steps.js          |   2 +-
 .../steps/dc/services/index-steps.js          |   2 +-
 .../dc/services/index/view-services-steps.js  |   2 +-
 .../dc/services/instances/error-steps.js      |   2 +-
 .../services/instances/exposed-paths-steps.js |   2 +-
 .../dc/services/instances/gateway-steps.js    |   2 +-
 .../services/instances/health-checks-steps.js |   2 +-
 .../dc/services/instances/navigation-steps.js |   2 +-
 .../dc/services/instances/proxy-steps.js      |   2 +-
 .../steps/dc/services/instances/show-steps.js |   2 +-
 .../services/instances/sidecar-proxy-steps.js |   2 +-
 .../dc/services/instances/upstreams-steps.js  |   2 +-
 .../dc/services/instances/with-proxy-steps.js |   2 +-
 .../services/instances/with-sidecar-steps.js  |   2 +-
 .../steps/dc/services/list-blocking-steps.js  |   2 +-
 .../steps/dc/services/list-steps.js           |   2 +-
 .../steps/dc/services/navigation-steps.js     |   2 +-
 .../steps/dc/services/show-routing-steps.js   |   2 +-
 .../steps/dc/services/show-steps.js           |   2 +-
 .../dc/services/show-with-slashes-steps.js    |   2 +-
 .../steps/dc/services/show/dc-switch-steps.js |   2 +-
 .../services/show/intentions-error-steps.js   |   2 +-
 .../services/show/intentions/create-steps.js  |   2 +-
 .../services/show/intentions/index-steps.js   |   2 +-
 .../dc/services/show/navigation-steps.js      |   2 +-
 .../steps/dc/services/show/services-steps.js  |   2 +-
 .../steps/dc/services/show/tags-steps.js      |   2 +-
 .../dc/services/show/topology/empty-steps.js  |   2 +-
 .../dc/services/show/topology/index-steps.js  |   2 +-
 .../show/topology/intentions-steps.js         |   2 +-
 .../services/show/topology/metrics-steps.js   |   2 +-
 .../services/show/topology/notices-steps.js   |   2 +-
 .../show/topology/routing-config-steps.js     |   2 +-
 .../dc/services/show/topology/stats-steps.js  |   2 +-
 .../steps/dc/services/show/upstreams-steps.js |   2 +-
 .../steps/dc/services/sorting-steps.js        |   2 +-
 .../tests/acceptance/steps/deleting-steps.js  |   2 +-
 .../steps/index-forwarding-steps.js           |   2 +-
 .../acceptance/steps/login-errors-steps.js    |   2 +-
 .../tests/acceptance/steps/login-steps.js     |   2 +-
 .../steps/navigation-links-steps.js           |   2 +-
 .../acceptance/steps/nodes/sorting-steps.js   |   2 +-
 .../acceptance/steps/page-navigation-steps.js |   2 +-
 .../acceptance/steps/settings/show-steps.js   |   2 +-
 .../acceptance/steps/settings/update-steps.js |   2 +-
 .../tests/acceptance/steps/startup-steps.js   |   2 +-
 .../consul-ui/tests/acceptance/steps/steps.js |   2 +-
 .../acceptance/steps/submit-blank-steps.js    |   2 +-
 .../acceptance/steps/token-header-steps.js    |   2 +-
 ui/packages/consul-ui/tests/dictionary.js     |   2 +-
 ui/packages/consul-ui/tests/helpers/api.js    |   2 +-
 .../consul-ui/tests/helpers/destroy-app.js    |   2 +-
 .../consul-ui/tests/helpers/flash-message.js  |   2 +-
 .../tests/helpers/get-nspace-runner.js        |   2 +-
 .../consul-ui/tests/helpers/measure.js        |   2 +-
 .../tests/helpers/module-for-acceptance.js    |   2 +-
 .../consul-ui/tests/helpers/normalizers.js    |   2 +-
 ui/packages/consul-ui/tests/helpers/page.js   |   2 +-
 ui/packages/consul-ui/tests/helpers/repo.js   |   2 +-
 .../consul-ui/tests/helpers/set-cookies.js    |   2 +-
 .../consul-ui/tests/helpers/stub-super.js     |   2 +-
 .../consul-ui/tests/helpers/type-to-url.js    |   2 +-
 .../tests/helpers/yadda-annotations.js        |   2 +-
 ui/packages/consul-ui/tests/index.html        |   2 +-
 .../integration/adapters/auth-method-test.js  |   2 +-
 .../integration/adapters/binding-rule-test.js |   2 +-
 .../integration/adapters/coordinate-test.js   |   2 +-
 .../adapters/discovery-chain-test.js          |   2 +-
 .../integration/adapters/intention-test.js    |   2 +-
 .../tests/integration/adapters/kv-test.js     |   2 +-
 .../tests/integration/adapters/node-test.js   |   2 +-
 .../tests/integration/adapters/nspace-test.js |   2 +-
 .../adapters/oidc-provider-test.js            |   2 +-
 .../integration/adapters/partition-test.js    |   2 +-
 .../integration/adapters/permission-test.js   |   2 +-
 .../tests/integration/adapters/policy-test.js |   2 +-
 .../tests/integration/adapters/role-test.js   |   2 +-
 .../adapters/service-instance-test.js         |   2 +-
 .../integration/adapters/service-test.js      |   2 +-
 .../integration/adapters/session-test.js      |   2 +-
 .../tests/integration/adapters/token-test.js  |   2 +-
 .../integration/adapters/topology-test.js     |   2 +-
 .../integration/components/app-view-test.js   |   2 +-
 .../integration/components/aria-menu-test.js  |   2 +-
 .../components/auth-profile-test.js           |   2 +-
 .../components/code-editor-test.js            |   2 +-
 .../components/confirmation-dialog-test.js    |   2 +-
 .../components/consul/bucket/list-test.js     |   2 +-
 .../consul/datacenter/selector-test.js        |   2 +-
 .../components/consul/discovery-chain-test.js |   2 +-
 .../components/consul/hcp/home-test.js        |   2 +-
 .../consul/intention/permission/form-test.js  |   2 +-
 .../intention/permission/header/form-test.js  |   2 +-
 .../consul/node/agentless-notice-test.js      |   2 +-
 .../components/data-collection-test.js        |   2 +-
 .../components/data-source-test.js            |   2 +-
 .../components/delete-confirmation-test.js    |   2 +-
 .../components/event-source-test.js           |   2 +-
 .../components/freetext-filter-test.js        |   2 +-
 .../components/hashicorp-consul-test.js       |   2 +-
 .../integration/components/jwt-source-test.js |   2 +-
 .../components/list-collection-test.js        |   2 +-
 .../components/oidc-select-test.js            |   2 +-
 .../components/popover-menu-test.js           |   2 +-
 .../components/radio-group-test.js            |   2 +-
 .../tests/integration/components/ref-test.js  |   2 +-
 .../components/resolver-card-test.js          |   2 +-
 .../integration/components/route-card-test.js |   2 +-
 .../components/splitter-card-test.js          |   2 +-
 .../integration/components/state-test.js      |   2 +-
 .../integration/components/tab-nav-test.js    |   2 +-
 .../components/tabular-collection-test.js     |   2 +-
 .../components/tabular-details-test.js        |   2 +-
 .../integration/components/tag-list-test.js   |   2 +-
 .../components/toggle-button-test.js          |   2 +-
 .../integration/components/token-list-test.js |   2 +-
 .../tests/integration/helpers/atob-test.js    |   2 +-
 .../integration/helpers/dom-position-test.js  |   2 +-
 .../integration/helpers/duration-from-test.js |   2 +-
 .../helpers/format-short-time-test.js         |   2 +-
 .../tests/integration/helpers/is-href-test.js |   2 +-
 .../tests/integration/helpers/last-test.js    |   2 +-
 .../integration/helpers/left-trim-test.js     |   2 +-
 .../helpers/policy/datacenters-test.js        |   2 +-
 .../integration/helpers/policy/typeof-test.js |   2 +-
 .../helpers/render-template-test.js           |   2 +-
 .../integration/helpers/right-trim-test.js    |   2 +-
 .../integration/helpers/route-match-test.js   |   2 +-
 .../integration/helpers/searchable-test.js    |   2 +-
 .../helpers/service/card-permissions-test.js  |   2 +-
 .../helpers/service/external-source-test.js   |   2 +-
 .../helpers/service/health-percentage-test.js |   2 +-
 .../tests/integration/helpers/slugify-test.js |   2 +-
 .../tests/integration/helpers/split-test.js   |   2 +-
 .../integration/helpers/state-matches-test.js |   2 +-
 .../tests/integration/helpers/substr-test.js  |   2 +-
 .../integration/helpers/svg-curve-test.js     |   2 +-
 .../helpers/token/is-anonymous-test.js        |   2 +-
 .../helpers/token/is-legacy-test.js           |   2 +-
 .../integration/helpers/tween-to-test.js      |   2 +-
 .../serializers/auth-method-test.js           |   2 +-
 .../serializers/binding-rule-test.js          |   2 +-
 .../serializers/coordinate-test.js            |   2 +-
 .../serializers/discovery-chain-test.js       |   2 +-
 .../integration/serializers/intention-test.js |   2 +-
 .../tests/integration/serializers/kv-test.js  |   2 +-
 .../integration/serializers/node-test.js      |   2 +-
 .../integration/serializers/nspace-test.js    |   2 +-
 .../serializers/oidc-provider-test.js         |   2 +-
 .../integration/serializers/partition-test.js |   2 +-
 .../integration/serializers/policy-test.js    |   2 +-
 .../integration/serializers/role-test.js      |   2 +-
 .../serializers/service-instance-test.js      |   2 +-
 .../integration/serializers/service-test.js   |   2 +-
 .../integration/serializers/session-test.js   |   2 +-
 .../integration/serializers/token-test.js     |   2 +-
 .../integration/serializers/topology-test.js  |   2 +-
 .../services/repository/auth-method-test.js   |   2 +-
 .../services/repository/coordinate-test.js    |   2 +-
 .../services/repository/dc-test.js            |   2 +-
 .../repository/discovery-chain-test.js        |   2 +-
 .../services/repository/kv-test.js            |   2 +-
 .../services/repository/node-test.js          |   2 +-
 .../services/repository/policy-test.js        |   2 +-
 .../services/repository/role-test.js          |   2 +-
 .../services/repository/service-test.js       |   2 +-
 .../services/repository/session-test.js       |   2 +-
 .../services/repository/token-test.js         |   2 +-
 .../services/repository/topology-test.js      |   2 +-
 .../integration/services/routlet-test.js      |   2 +-
 .../utils/dom/event-source/callable-test.js   |   2 +-
 .../consul-ui/tests/lib/measure/getMeasure.js |   2 +-
 .../tests/lib/page-object/createCancelable.js |   2 +-
 .../tests/lib/page-object/createCreatable.js  |   2 +-
 .../tests/lib/page-object/createDeletable.js  |   2 +-
 .../tests/lib/page-object/createSubmitable.js |   2 +-
 .../consul-ui/tests/lib/page-object/index.js  |   2 +-
 .../tests/lib/page-object/visitable.js        |   2 +-
 ui/packages/consul-ui/tests/pages.js          |   2 +-
 ui/packages/consul-ui/tests/pages/dc.js       |   2 +-
 .../tests/pages/dc/acls/auth-methods/index.js |   2 +-
 .../consul-ui/tests/pages/dc/acls/edit.js     |   2 +-
 .../consul-ui/tests/pages/dc/acls/index.js    |   2 +-
 .../tests/pages/dc/acls/policies/edit.js      |   2 +-
 .../tests/pages/dc/acls/policies/index.js     |   2 +-
 .../tests/pages/dc/acls/roles/edit.js         |   2 +-
 .../tests/pages/dc/acls/roles/index.js        |   2 +-
 .../tests/pages/dc/acls/tokens/edit.js        |   2 +-
 .../tests/pages/dc/acls/tokens/index.js       |   2 +-
 .../tests/pages/dc/intentions/edit.js         |   2 +-
 .../tests/pages/dc/intentions/index.js        |   2 +-
 .../consul-ui/tests/pages/dc/kv/edit.js       |   2 +-
 .../consul-ui/tests/pages/dc/kv/index.js      |   2 +-
 .../consul-ui/tests/pages/dc/nodes/index.js   |   2 +-
 .../consul-ui/tests/pages/dc/nodes/show.js    |   2 +-
 .../consul-ui/tests/pages/dc/nspaces/edit.js  |   2 +-
 .../consul-ui/tests/pages/dc/nspaces/index.js |   2 +-
 .../consul-ui/tests/pages/dc/peers/index.js   |   2 +-
 .../consul-ui/tests/pages/dc/peers/show.js    |   2 +-
 .../tests/pages/dc/routing-config.js          |   2 +-
 .../tests/pages/dc/services/index.js          |   2 +-
 .../tests/pages/dc/services/instance.js       |   2 +-
 .../consul-ui/tests/pages/dc/services/show.js |   2 +-
 ui/packages/consul-ui/tests/pages/index.js    |   2 +-
 ui/packages/consul-ui/tests/pages/settings.js |   2 +-
 ui/packages/consul-ui/tests/steps.js          |   2 +-
 .../consul-ui/tests/steps/assertions/dom.js   |   2 +-
 .../consul-ui/tests/steps/assertions/form.js  |   2 +-
 .../consul-ui/tests/steps/assertions/http.js  |   2 +-
 .../consul-ui/tests/steps/assertions/model.js |   2 +-
 .../consul-ui/tests/steps/assertions/page.js  |   2 +-
 .../consul-ui/tests/steps/debug/index.js      |   2 +-
 .../consul-ui/tests/steps/doubles/http.js     |   2 +-
 .../consul-ui/tests/steps/doubles/model.js    |   2 +-
 .../tests/steps/interactions/click.js         |   2 +-
 .../tests/steps/interactions/form.js          |   2 +-
 .../tests/steps/interactions/visit.js         |   2 +-
 ui/packages/consul-ui/tests/test-helper.js    |   2 +-
 .../consul-ui/tests/unit/abilities/-test.js   |   2 +-
 .../tests/unit/adapters/application-test.js   |   2 +-
 .../tests/unit/adapters/auth-method-test.js   |   2 +-
 .../tests/unit/adapters/binding-rule-test.js  |   2 +-
 .../tests/unit/adapters/coordinate-test.js    |   2 +-
 .../unit/adapters/discovery-chain-test.js     |   2 +-
 .../tests/unit/adapters/http-test.js          |   2 +-
 .../tests/unit/adapters/intention-test.js     |   2 +-
 .../consul-ui/tests/unit/adapters/kv-test.js  |   2 +-
 .../tests/unit/adapters/node-test.js          |   2 +-
 .../tests/unit/adapters/nspace-test.js        |   2 +-
 .../tests/unit/adapters/oidc-provider-test.js |   2 +-
 .../tests/unit/adapters/partition-test.js     |   2 +-
 .../tests/unit/adapters/permission-test.js    |   2 +-
 .../tests/unit/adapters/policy-test.js        |   2 +-
 .../tests/unit/adapters/proxy-test.js         |   2 +-
 .../tests/unit/adapters/role-test.js          |   2 +-
 .../unit/adapters/service-instance-test.js    |   2 +-
 .../tests/unit/adapters/session-test.js       |   2 +-
 .../tests/unit/adapters/token-test.js         |   2 +-
 .../get-alternate-services-test.js            |   2 +-
 .../discovery-chain/get-resolvers-test.js     |   2 +-
 .../discovery-chain/get-splitters-test.js     |   2 +-
 .../components/search-bar/filters-test.js     |   2 +-
 .../unit/controllers/application-test.js      |   2 +-
 .../dc/acls/policies/create-test.js           |   2 +-
 .../controllers/dc/acls/policies/edit-test.js |   2 +-
 .../controllers/dc/acls/roles/create-test.js  |   2 +-
 .../controllers/dc/acls/roles/edit-test.js    |   2 +-
 .../controllers/dc/acls/tokens/create-test.js |   2 +-
 .../controllers/dc/acls/tokens/edit-test.js   |   2 +-
 .../unit/filter/predicates/intention-test.js  |   2 +-
 .../unit/filter/predicates/service-test.js    |   2 +-
 .../tests/unit/helpers/document-attrs-test.js |   2 +-
 .../unit/helpers/policy/datacenters-test.js   |   2 +-
 .../unit/helpers/token/is-anonymous-test.js   |   2 +-
 .../unit/helpers/token/is-legacy-test.js      |   2 +-
 .../tests/unit/mixins/policy/as-many-test.js  |   2 +-
 .../tests/unit/mixins/role/as-many-test.js    |   2 +-
 .../unit/mixins/with-blocking-actions-test.js |   2 +-
 .../tests/unit/models/auth-method-test.js     |   2 +-
 .../tests/unit/models/coordinate-test.js      |   2 +-
 .../consul-ui/tests/unit/models/dc-test.js    |   2 +-
 .../tests/unit/models/discovery-chain-test.js |   2 +-
 .../tests/unit/models/intention-test.js       |   2 +-
 .../consul-ui/tests/unit/models/kv-test.js    |   2 +-
 .../consul-ui/tests/unit/models/node-test.js  |   2 +-
 .../tests/unit/models/oidc-provider-test.js   |   2 +-
 .../tests/unit/models/partition-test.js       |   2 +-
 .../tests/unit/models/permission-test.js      |   2 +-
 .../tests/unit/models/policy-test.js          |   2 +-
 .../consul-ui/tests/unit/models/proxy-test.js |   2 +-
 .../consul-ui/tests/unit/models/role-test.js  |   2 +-
 .../unit/models/service-instance-test.js      |   2 +-
 .../tests/unit/models/service-test.js         |   2 +-
 .../tests/unit/models/session-test.js         |   2 +-
 .../consul-ui/tests/unit/models/token-test.js |   2 +-
 .../tests/unit/routes/application-test.js     |   2 +-
 .../consul-ui/tests/unit/routes/dc-test.js    |   2 +-
 .../routes/dc/acls/policies/create-test.js    |   2 +-
 .../unit/routes/dc/acls/policies/edit-test.js |   2 +-
 .../routes/dc/acls/policies/index-test.js     |   2 +-
 .../unit/routes/dc/acls/roles/create-test.js  |   2 +-
 .../unit/routes/dc/acls/roles/edit-test.js    |   2 +-
 .../unit/routes/dc/acls/roles/index-test.js   |   2 +-
 .../unit/routes/dc/acls/tokens/create-test.js |   2 +-
 .../unit/routes/dc/acls/tokens/edit-test.js   |   2 +-
 .../unit/routes/dc/acls/tokens/index-test.js  |   2 +-
 .../unit/search/predicates/intention-test.js  |   2 +-
 .../tests/unit/search/predicates/kv-test.js   |   2 +-
 .../tests/unit/search/predicates/node-test.js |   2 +-
 .../unit/search/predicates/policy-test.js     |   2 +-
 .../tests/unit/search/predicates/role-test.js |   2 +-
 .../unit/search/predicates/service-test.js    |   2 +-
 .../unit/search/predicates/token-test.js      |   2 +-
 .../unit/serializers/application-test.js      |   2 +-
 .../unit/serializers/auth-method-test.js      |   2 +-
 .../unit/serializers/binding-rule-test.js     |   2 +-
 .../tests/unit/serializers/coordinate-test.js |   2 +-
 .../unit/serializers/discovery-chain-test.js  |   2 +-
 .../tests/unit/serializers/intention-test.js  |   2 +-
 .../tests/unit/serializers/kv-test.js         |   2 +-
 .../tests/unit/serializers/node-test.js       |   2 +-
 .../tests/unit/serializers/nspace-test.js     |   2 +-
 .../unit/serializers/oidc-provider-test.js    |   2 +-
 .../tests/unit/serializers/partition-test.js  |   2 +-
 .../tests/unit/serializers/permission-test.js |   2 +-
 .../tests/unit/serializers/policy-test.js     |   2 +-
 .../tests/unit/serializers/proxy-test.js      |   2 +-
 .../tests/unit/serializers/role-test.js       |   2 +-
 .../unit/serializers/service-instance-test.js |   2 +-
 .../tests/unit/serializers/service-test.js    |   2 +-
 .../tests/unit/serializers/session-test.js    |   2 +-
 .../tests/unit/serializers/token-test.js      |   2 +-
 .../tests/unit/services/atob-test.js          |   2 +-
 .../tests/unit/services/btoa-test.js          |   2 +-
 .../unit/services/client/connections-test.js  |   2 +-
 .../tests/unit/services/client/http-test.js   |   2 +-
 .../services/client/transports/xhr-test.js    |   2 +-
 .../services/clipboard/local-storage-test.js  |   2 +-
 .../tests/unit/services/clipboard/os-test.js  |   2 +-
 .../unit/services/code-mirror/linter-test.js  |   2 +-
 .../data-source/protocols/http-test.js        |   2 +-
 .../protocols/local-storage-test.js           |   2 +-
 .../tests/unit/services/data-structs-test.js  |   2 +-
 .../consul-ui/tests/unit/services/dom-test.js |   2 +-
 .../tests/unit/services/encoder-test.js       |   2 +-
 .../consul-ui/tests/unit/services/env-test.js |   2 +-
 .../tests/unit/services/feedback-test.js      |   2 +-
 .../tests/unit/services/form-test.js          |   2 +-
 .../tests/unit/services/logger-test.js        |   2 +-
 .../tests/unit/services/repository-test.js    |   2 +-
 .../services/repository/auth-method-test.js   |   2 +-
 .../services/repository/coordinate-test.js    |   2 +-
 .../tests/unit/services/repository/dc-test.js |   2 +-
 .../repository/discovery-chain-test.js        |   2 +-
 .../services/repository/intention-test.js     |   2 +-
 .../tests/unit/services/repository/kv-test.js |   2 +-
 .../unit/services/repository/node-test.js     |   2 +-
 .../unit/services/repository/nspace-test.js   |   2 +-
 .../services/repository/oidc-provider-test.js |   2 +-
 .../services/repository/partition-test.js     |   2 +-
 .../services/repository/permission-test.js    |   2 +-
 .../unit/services/repository/policy-test.js   |   2 +-
 .../unit/services/repository/role-test.js     |   2 +-
 .../repository/service-instance-test.js       |   2 +-
 .../unit/services/repository/service-test.js  |   2 +-
 .../unit/services/repository/session-test.js  |   2 +-
 .../unit/services/repository/token-test.js    |   2 +-
 .../tests/unit/services/search-test.js        |   2 +-
 .../tests/unit/services/settings-test.js      |   2 +-
 .../tests/unit/services/sort-test.js          |   2 +-
 .../tests/unit/services/state-test.js         |   2 +-
 .../tests/unit/services/store-test.js         |   2 +-
 .../tests/unit/services/temporal-test.js      |   2 +-
 .../tests/unit/services/ticker-test.js        |   2 +-
 .../tests/unit/services/timeout-test.js       |   2 +-
 .../tests/unit/sort/comparators/node-test.js  |   2 +-
 .../unit/sort/comparators/service-test.js     |   2 +-
 .../consul-ui/tests/unit/utils/ascend-test.js |   2 +-
 .../consul-ui/tests/unit/utils/atob-test.js   |   2 +-
 .../consul-ui/tests/unit/utils/btoa-test.js   |   2 +-
 .../tests/unit/utils/callable-type-test.js    |   2 +-
 .../unit/utils/create-fingerprinter-test.js   |   2 +-
 .../unit/utils/dom/click-first-anchor-test.js |   2 +-
 .../tests/unit/utils/dom/closest-test.js      |   2 +-
 .../unit/utils/dom/create-listeners-test.js   |   2 +-
 .../utils/dom/event-source/blocking-test.js   |   2 +-
 .../unit/utils/dom/event-source/cache-test.js |   2 +-
 .../utils/dom/event-source/callable-test.js   |   2 +-
 .../unit/utils/dom/event-source/index-test.js |   2 +-
 .../utils/dom/event-source/openable-test.js   |   2 +-
 .../unit/utils/dom/event-source/proxy-test.js |   2 +-
 .../utils/dom/event-source/resolver-test.js   |   2 +-
 .../utils/dom/event-source/storage-test.js    |   2 +-
 .../unit/utils/dom/event-target/rsvp-test.js  |   2 +-
 .../utils/dom/get-component-factory-test.js   |   2 +-
 .../tests/unit/utils/dom/is-outside-test.js   |   2 +-
 .../unit/utils/dom/normalize-event-test.js    |   2 +-
 .../tests/unit/utils/dom/qsa-factory-test.js  |   2 +-
 .../tests/unit/utils/dom/sibling-test.js      |   2 +-
 .../tests/unit/utils/get-environment-test.js  |   2 +-
 .../unit/utils/get-form-name-property-test.js |   2 +-
 .../unit/utils/helpers/call-if-type-test.js   |   2 +-
 .../unit/utils/http/create-headers-test.js    |   2 +-
 .../utils/http/create-query-params-test.js    |   2 +-
 .../tests/unit/utils/http/create-url-test.js  |   2 +-
 .../tests/unit/utils/http/error-test.js       |   2 +-
 .../tests/unit/utils/http/request-test.js     |   2 +-
 .../tests/unit/utils/http/xhr-test.js         |   2 +-
 .../tests/unit/utils/isFolder-test.js         |   2 +-
 .../tests/unit/utils/keyToArray-test.js       |   2 +-
 .../tests/unit/utils/left-trim-test.js        |   2 +-
 .../tests/unit/utils/maybe-call-test.js       |   2 +-
 .../tests/unit/utils/merge-checks-test.js     |   2 +-
 .../tests/unit/utils/non-empty-set-test.js    |   2 +-
 .../tests/unit/utils/path/resolve-test.js     |   2 +-
 .../tests/unit/utils/promisedTimeout-test.js  |   2 +-
 .../tests/unit/utils/right-trim-test.js       |   2 +-
 .../unit/utils/routing/transitionable-test.js |   2 +-
 .../tests/unit/utils/routing/walk-test.js     |   2 +-
 .../tests/unit/utils/routing/wildcard-test.js |   2 +-
 .../unit/utils/storage/local-storage-test.js  |   2 +-
 .../tests/unit/utils/templatize-test.js       |   2 +-
 .../tests/unit/utils/ticker/index-test.js     |   2 +-
 .../tests/unit/utils/ucfirst-test.js          |   2 +-
 .../unit/utils/update-array-object-test.js    |   2 +-
 .../consul-ui/translations/common/en-us.yaml  |   2 +-
 .../translations/components/app/en-us.yaml    |   2 +-
 .../translations/components/consul/en-us.yaml |   2 +-
 .../components/copy-button/en-us.yaml         |   2 +-
 .../consul-ui/translations/models/en-us.yaml  |   2 +-
 .../consul-ui/translations/routes/en-us.yaml  |   2 +-
 .../vendor/consul-ui/routes-debug.js          |   2 +-
 .../consul-ui/vendor/consul-ui/routes.js      |   2 +-
 .../vendor/consul-ui/services-debug.js        |   2 +-
 .../consul-ui/vendor/consul-ui/services.js    |   2 +-
 ui/packages/consul-ui/vendor/init.js          |   2 +-
 .../vendor/metrics-providers/consul.js        |   2 +-
 .../vendor/metrics-providers/prometheus.js    |   2 +-
 version/fips.go                               |   3 +
 version/version.go                            |   2 +-
 version/version_test.go                       |   2 +-
 website/.eslintrc.js                          |   2 +-
 website/.stylelintrc.js                       |   2 +-
 website/prettier.config.js                    |   2 +-
 website/public/ie-warning.js                  |   2 +-
 website/redirects.js                          |   2 +-
 website/scripts/should-build.sh               |   2 +-
 website/scripts/website-build.sh              |   2 +-
 website/scripts/website-start.sh              |   2 +-
 6838 files changed, 7957 insertions(+), 7028 deletions(-)
 create mode 100644 api/LICENSE
 create mode 100644 sdk/LICENSE

diff --git a/.copywrite.hcl b/.copywrite.hcl
index fa06f76e2ac6..a609cc31084e 100644
--- a/.copywrite.hcl
+++ b/.copywrite.hcl
@@ -1,8 +1,8 @@
 schema_version = 1
 
 project {
-  license        = "MPL-2.0"
-  copyright_year = 2013
+  license        = "BUSL-1.1"
+  copyright_year = 2023
 
   # (OPTIONAL) A list of globs that should not have copyright/license headers.
   # Supports doublestar glob patterns for more flexibility in defining which
@@ -25,5 +25,7 @@ project {
     "agent/proxycfg/proxycfg.deepcopy.go",
     "agent/grpc-middleware/rate_limit_mappings.gen.go",
     "agent/uiserver/dist/**",
+    "sdk/**",
+    "api/**",
   ]
 }
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 36f9456693ff..16480bb6f4f9 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 blank_issues_enabled: false
 contact_links:
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 05387a7c9b80..d618028e100b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 version: 2
 updates:
diff --git a/.github/pr-labeler.yml b/.github/pr-labeler.yml
index e10f3c1376ef..fd39f2ccab42 100644
--- a/.github/pr-labeler.yml
+++ b/.github/pr-labeler.yml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 pr/dependencies:
     - vendor/**/*
diff --git a/.github/scripts/changelog_checker.sh b/.github/scripts/changelog_checker.sh
index e6b4d7f85dcc..a214ef247797 100755
--- a/.github/scripts/changelog_checker.sh
+++ b/.github/scripts/changelog_checker.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/.github/scripts/get_runner_classes.sh b/.github/scripts/get_runner_classes.sh
index 80980b7a8ffc..e78aa78f127b 100755
--- a/.github/scripts/get_runner_classes.sh
+++ b/.github/scripts/get_runner_classes.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 #
 # This script generates tag-sets that can be used as runs-on: values to select runners.
diff --git a/.github/scripts/get_runner_classes_windows.sh b/.github/scripts/get_runner_classes_windows.sh
index c2e424d1703c..6b26c6d86c58 100755
--- a/.github/scripts/get_runner_classes_windows.sh
+++ b/.github/scripts/get_runner_classes_windows.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 #
 # This script generates tag-sets that can be used as runs-on: values to select runners.
diff --git a/.github/scripts/metrics_checker.sh b/.github/scripts/metrics_checker.sh
index a34cdf12fbec..37659de4df8b 100755
--- a/.github/scripts/metrics_checker.sh
+++ b/.github/scripts/metrics_checker.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 set -uo pipefail
 
diff --git a/.github/scripts/notify_slack.sh b/.github/scripts/notify_slack.sh
index eacefaa91a43..f52e67f2fc26 100755
--- a/.github/scripts/notify_slack.sh
+++ b/.github/scripts/notify_slack.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -uo pipefail
diff --git a/.github/scripts/rerun_fails_report.sh b/.github/scripts/rerun_fails_report.sh
index ac6b7cf2ff9d..90bae7a03a59 100755
--- a/.github/scripts/rerun_fails_report.sh
+++ b/.github/scripts/rerun_fails_report.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 #
 # Add a comment on the github PR if there were any rerun tests.
diff --git a/.github/scripts/set_test_package_matrix.sh b/.github/scripts/set_test_package_matrix.sh
index 5608a8397402..da8b6d563c37 100755
--- a/.github/scripts/set_test_package_matrix.sh
+++ b/.github/scripts/set_test_package_matrix.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 set -euo pipefail
 export RUNNER_COUNT=$1
diff --git a/.github/scripts/verify_artifact.sh b/.github/scripts/verify_artifact.sh
index 48bfede1cb33..3aa9e0848dfb 100755
--- a/.github/scripts/verify_artifact.sh
+++ b/.github/scripts/verify_artifact.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/.github/scripts/verify_bin.sh b/.github/scripts/verify_bin.sh
index ff572d87fae9..dc5ac9f9f0e3 100755
--- a/.github/scripts/verify_bin.sh
+++ b/.github/scripts/verify_bin.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/.github/scripts/verify_deb.sh b/.github/scripts/verify_deb.sh
index 84a9a10c8563..c6b6926c5d1a 100755
--- a/.github/scripts/verify_deb.sh
+++ b/.github/scripts/verify_deb.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/.github/scripts/verify_docker.sh b/.github/scripts/verify_docker.sh
index fbbeb7dff464..ea9180920f8a 100755
--- a/.github/scripts/verify_docker.sh
+++ b/.github/scripts/verify_docker.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/.github/scripts/verify_envoy_version.sh b/.github/scripts/verify_envoy_version.sh
index 773431f50bc8..f9067eaa37f7 100755
--- a/.github/scripts/verify_envoy_version.sh
+++ b/.github/scripts/verify_envoy_version.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 set -euo pipefail
 
diff --git a/.github/scripts/verify_rpm.sh b/.github/scripts/verify_rpm.sh
index 17709a1d90e1..96cd658eef3d 100755
--- a/.github/scripts/verify_rpm.sh
+++ b/.github/scripts/verify_rpm.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/.golangci.yml b/.golangci.yml
index bac9b716a3b4..bb7c03550918 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 linters:
   disable-all: true
diff --git a/.release/ci.hcl b/.release/ci.hcl
index dfe69d2fc1eb..d11983b46057 100644
--- a/.release/ci.hcl
+++ b/.release/ci.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 schema = "1"
 
diff --git a/.release/docker/docker-entrypoint-ubi.sh b/.release/docker/docker-entrypoint-ubi.sh
index a932ad7286e2..96e70df92567 100755
--- a/.release/docker/docker-entrypoint-ubi.sh
+++ b/.release/docker/docker-entrypoint-ubi.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/dumb-init /bin/sh
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 set -e
 
diff --git a/.release/docker/docker-entrypoint-windows.sh b/.release/docker/docker-entrypoint-windows.sh
index 776b8113ced3..f6aac9afaeca 100644
--- a/.release/docker/docker-entrypoint-windows.sh
+++ b/.release/docker/docker-entrypoint-windows.sh
@@ -1,4 +1,7 @@
 #!/usr/bin/dumb-init /bin/sh
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 set -e
 
 # Note above that we run dumb-init as PID 1 in order to reap zombie processes
diff --git a/.release/docker/docker-entrypoint.sh b/.release/docker/docker-entrypoint.sh
index c169576b6cf8..a544809643e0 100755
--- a/.release/docker/docker-entrypoint.sh
+++ b/.release/docker/docker-entrypoint.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/dumb-init /bin/sh
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 set -e
 
diff --git a/.release/linux/package/etc/consul.d/consul.hcl b/.release/linux/package/etc/consul.d/consul.hcl
index b54644b2f9cc..b25f18685856 100644
--- a/.release/linux/package/etc/consul.d/consul.hcl
+++ b/.release/linux/package/etc/consul.d/consul.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # Full configuration options can be found at https://www.consul.io/docs/agent/config
 
diff --git a/.release/release-metadata.hcl b/.release/release-metadata.hcl
index 8de2623fdee4..963192fc4b80 100644
--- a/.release/release-metadata.hcl
+++ b/.release/release-metadata.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 url_docker_registry_dockerhub = "https://hub.docker.com/r/hashicorp/consul"
 url_docker_registry_ecr = "https://gallery.ecr.aws/hashicorp/consul"
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 3352890686ae..34c1c672b38d 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 container {
 	dependencies = true
diff --git a/Dockerfile b/Dockerfile
index 7599ec7b35b8..1926c521299a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # This Dockerfile contains multiple targets.
 # Use 'docker build --target=<name> .' to build one.
diff --git a/LICENSE b/LICENSE
index c72625e4cc88..2ecf202e3057 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,356 +1,61 @@
-Copyright (c) 2013 HashiCorp, Inc.
-
-Mozilla Public License, version 2.0
-
-1. Definitions
-
-1.1. “Contributor”
-
-     means each individual or legal entity that creates, contributes to the
-     creation of, or owns Covered Software.
-
-1.2. “Contributor Version”
-
-     means the combination of the Contributions of others (if any) used by a
-     Contributor and that particular Contributor’s Contribution.
-
-1.3. “Contribution”
-
-     means Covered Software of a particular Contributor.
-
-1.4. “Covered Software”
-
-     means Source Code Form to which the initial Contributor has attached the
-     notice in Exhibit A, the Executable Form of such Source Code Form, and
-     Modifications of such Source Code Form, in each case including portions
-     thereof.
-
-1.5. “Incompatible With Secondary Licenses”
-     means
-
-     a. that the initial Contributor has attached the notice described in
-        Exhibit B to the Covered Software; or
-
-     b. that the Covered Software was made available under the terms of version
-        1.1 or earlier of the License, but not also under the terms of a
-        Secondary License.
-
-1.6. “Executable Form”
-
-     means any form of the work other than Source Code Form.
-
-1.7. “Larger Work”
-
-     means a work that combines Covered Software with other material, in a separate
-     file or files, that is not Covered Software.
-
-1.8. “License”
-
-     means this document.
-
-1.9. “Licensable”
-
-     means having the right to grant, to the maximum extent possible, whether at the
-     time of the initial grant or subsequently, any and all of the rights conveyed by
-     this License.
-
-1.10. “Modifications”
-
-     means any of the following:
-
-     a. any file in Source Code Form that results from an addition to, deletion
-        from, or modification of the contents of Covered Software; or
-
-     b. any new file in Source Code Form that contains any Covered Software.
-
-1.11. “Patent Claims” of a Contributor
-
-      means any patent claim(s), including without limitation, method, process,
-      and apparatus claims, in any patent Licensable by such Contributor that
-      would be infringed, but for the grant of the License, by the making,
-      using, selling, offering for sale, having made, import, or transfer of
-      either its Contributions or its Contributor Version.
-
-1.12. “Secondary License”
-
-      means either the GNU General Public License, Version 2.0, the GNU Lesser
-      General Public License, Version 2.1, the GNU Affero General Public
-      License, Version 3.0, or any later versions of those licenses.
-
-1.13. “Source Code Form”
-
-      means the form of the work preferred for making modifications.
-
-1.14. “You” (or “Your”)
-
-      means an individual or a legal entity exercising rights under this
-      License. For legal entities, “You” includes any entity that controls, is
-      controlled by, or is under common control with You. For purposes of this
-      definition, “control” means (a) the power, direct or indirect, to cause
-      the direction or management of such entity, whether by contract or
-      otherwise, or (b) ownership of more than fifty percent (50%) of the
-      outstanding shares or beneficial ownership of such entity.
-
-
-2. License Grants and Conditions
-
-2.1. Grants
-
-     Each Contributor hereby grants You a world-wide, royalty-free,
-     non-exclusive license:
-
-     a. under intellectual property rights (other than patent or trademark)
-        Licensable by such Contributor to use, reproduce, make available,
-        modify, display, perform, distribute, and otherwise exploit its
-        Contributions, either on an unmodified basis, with Modifications, or as
-        part of a Larger Work; and
-
-     b. under Patent Claims of such Contributor to make, use, sell, offer for
-        sale, have made, import, and otherwise transfer either its Contributions
-        or its Contributor Version.
-
-2.2. Effective Date
-
-     The licenses granted in Section 2.1 with respect to any Contribution become
-     effective for each Contribution on the date the Contributor first distributes
-     such Contribution.
-
-2.3. Limitations on Grant Scope
-
-     The licenses granted in this Section 2 are the only rights granted under this
-     License. No additional rights or licenses will be implied from the distribution
-     or licensing of Covered Software under this License. Notwithstanding Section
-     2.1(b) above, no patent license is granted by a Contributor:
-
-     a. for any code that a Contributor has removed from Covered Software; or
-
-     b. for infringements caused by: (i) Your and any other third party’s
-        modifications of Covered Software, or (ii) the combination of its
-        Contributions with other software (except as part of its Contributor
-        Version); or
-
-     c. under Patent Claims infringed by Covered Software in the absence of its
-        Contributions.
-
-     This License does not grant any rights in the trademarks, service marks, or
-     logos of any Contributor (except as may be necessary to comply with the
-     notice requirements in Section 3.4).
-
-2.4. Subsequent Licenses
-
-     No Contributor makes additional grants as a result of Your choice to
-     distribute the Covered Software under a subsequent version of this License
-     (see Section 10.2) or under the terms of a Secondary License (if permitted
-     under the terms of Section 3.3).
-
-2.5. Representation
-
-     Each Contributor represents that the Contributor believes its Contributions
-     are its original creation(s) or it has sufficient rights to grant the
-     rights to its Contributions conveyed by this License.
-
-2.6. Fair Use
-
-     This License is not intended to limit any rights You have under applicable
-     copyright doctrines of fair use, fair dealing, or other equivalents.
-
-2.7. Conditions
-
-     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
-     Section 2.1.
-
-
-3. Responsibilities
-
-3.1. Distribution of Source Form
-
-     All distribution of Covered Software in Source Code Form, including any
-     Modifications that You create or to which You contribute, must be under the
-     terms of this License. You must inform recipients that the Source Code Form
-     of the Covered Software is governed by the terms of this License, and how
-     they can obtain a copy of this License. You may not attempt to alter or
-     restrict the recipients’ rights in the Source Code Form.
-
-3.2. Distribution of Executable Form
-
-     If You distribute Covered Software in Executable Form then:
-
-     a. such Covered Software must also be made available in Source Code Form,
-        as described in Section 3.1, and You must inform recipients of the
-        Executable Form how they can obtain a copy of such Source Code Form by
-        reasonable means in a timely manner, at a charge no more than the cost
-        of distribution to the recipient; and
-
-     b. You may distribute such Executable Form under the terms of this License,
-        or sublicense it under different terms, provided that the license for
-        the Executable Form does not attempt to limit or alter the recipients’
-        rights in the Source Code Form under this License.
-
-3.3. Distribution of a Larger Work
-
-     You may create and distribute a Larger Work under terms of Your choice,
-     provided that You also comply with the requirements of this License for the
-     Covered Software. If the Larger Work is a combination of Covered Software
-     with a work governed by one or more Secondary Licenses, and the Covered
-     Software is not Incompatible With Secondary Licenses, this License permits
-     You to additionally distribute such Covered Software under the terms of
-     such Secondary License(s), so that the recipient of the Larger Work may, at
-     their option, further distribute the Covered Software under the terms of
-     either this License or such Secondary License(s).
-
-3.4. Notices
-
-     You may not remove or alter the substance of any license notices (including
-     copyright notices, patent notices, disclaimers of warranty, or limitations
-     of liability) contained within the Source Code Form of the Covered
-     Software, except that You may alter any license notices to the extent
-     required to remedy known factual inaccuracies.
-
-3.5. Application of Additional Terms
-
-     You may choose to offer, and to charge a fee for, warranty, support,
-     indemnity or liability obligations to one or more recipients of Covered
-     Software. However, You may do so only on Your own behalf, and not on behalf
-     of any Contributor. You must make it absolutely clear that any such
-     warranty, support, indemnity, or liability obligation is offered by You
-     alone, and You hereby agree to indemnify every Contributor for any
-     liability incurred by such Contributor as a result of warranty, support,
-     indemnity or liability terms You offer. You may include additional
-     disclaimers of warranty and limitations of liability specific to any
-     jurisdiction.
-
-4. Inability to Comply Due to Statute or Regulation
-
-   If it is impossible for You to comply with any of the terms of this License
-   with respect to some or all of the Covered Software due to statute, judicial
-   order, or regulation then You must: (a) comply with the terms of this License
-   to the maximum extent possible; and (b) describe the limitations and the code
-   they affect. Such description must be placed in a text file included with all
-   distributions of the Covered Software under this License. Except to the
-   extent prohibited by statute or regulation, such description must be
-   sufficiently detailed for a recipient of ordinary skill to be able to
-   understand it.
-
-5. Termination
-
-5.1. The rights granted under this License will terminate automatically if You
-     fail to comply with any of its terms. However, if You become compliant,
-     then the rights granted under this License from a particular Contributor
-     are reinstated (a) provisionally, unless and until such Contributor
-     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
-     if such Contributor fails to notify You of the non-compliance by some
-     reasonable means prior to 60 days after You have come back into compliance.
-     Moreover, Your grants from a particular Contributor are reinstated on an
-     ongoing basis if such Contributor notifies You of the non-compliance by
-     some reasonable means, this is the first time You have received notice of
-     non-compliance with this License from such Contributor, and You become
-     compliant prior to 30 days after Your receipt of the notice.
-
-5.2. If You initiate litigation against any entity by asserting a patent
-     infringement claim (excluding declaratory judgment actions, counter-claims,
-     and cross-claims) alleging that a Contributor Version directly or
-     indirectly infringes any patent, then the rights granted to You by any and
-     all Contributors for the Covered Software under Section 2.1 of this License
-     shall terminate.
-
-5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
-     license agreements (excluding distributors and resellers) which have been
-     validly granted by You or Your distributors under this License prior to
-     termination shall survive termination.
-
-6. Disclaimer of Warranty
-
-   Covered Software is provided under this License on an “as is” basis, without
-   warranty of any kind, either expressed, implied, or statutory, including,
-   without limitation, warranties that the Covered Software is free of defects,
-   merchantable, fit for a particular purpose or non-infringing. The entire
-   risk as to the quality and performance of the Covered Software is with You.
-   Should any Covered Software prove defective in any respect, You (not any
-   Contributor) assume the cost of any necessary servicing, repair, or
-   correction. This disclaimer of warranty constitutes an essential part of this
-   License. No use of  any Covered Software is authorized under this License
-   except under this disclaimer.
-
-7. Limitation of Liability
-
-   Under no circumstances and under no legal theory, whether tort (including
-   negligence), contract, or otherwise, shall any Contributor, or anyone who
-   distributes Covered Software as permitted above, be liable to You for any
-   direct, indirect, special, incidental, or consequential damages of any
-   character including, without limitation, damages for lost profits, loss of
-   goodwill, work stoppage, computer failure or malfunction, or any and all
-   other commercial damages or losses, even if such party shall have been
-   informed of the possibility of such damages. This limitation of liability
-   shall not apply to liability for death or personal injury resulting from such
-   party’s negligence to the extent applicable law prohibits such limitation.
-   Some jurisdictions do not allow the exclusion or limitation of incidental or
-   consequential damages, so this exclusion and limitation may not apply to You.
-
-8. Litigation
-
-   Any litigation relating to this License may be brought only in the courts of
-   a jurisdiction where the defendant maintains its principal place of business
-   and such litigation shall be governed by laws of that jurisdiction, without
-   reference to its conflict-of-law provisions. Nothing in this Section shall
-   prevent a party’s ability to bring cross-claims or counter-claims.
-
-9. Miscellaneous
-
-   This License represents the complete agreement concerning the subject matter
-   hereof. If any provision of this License is held to be unenforceable, such
-   provision shall be reformed only to the extent necessary to make it
-   enforceable. Any law or regulation which provides that the language of a
-   contract shall be construed against the drafter shall not be used to construe
-   this License against a Contributor.
-
-
-10. Versions of the License
-
-10.1. New Versions
-
-      Mozilla Foundation is the license steward. Except as provided in Section
-      10.3, no one other than the license steward has the right to modify or
-      publish new versions of this License. Each version will be given a
-      distinguishing version number.
-
-10.2. Effect of New Versions
-
-      You may distribute the Covered Software under the terms of the version of
-      the License under which You originally received the Covered Software, or
-      under the terms of any subsequent version published by the license
-      steward.
-
-10.3. Modified Versions
-
-      If you create software not governed by this License, and you want to
-      create a new license for such software, you may create and use a modified
-      version of this License if you rename the license and remove any
-      references to the name of the license steward (except to note that such
-      modified license differs from this License).
-
-10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
-      If You choose to distribute Source Code Form that is Incompatible With
-      Secondary Licenses under the terms of this version of the License, the
-      notice described in Exhibit B of this License must be attached.
-
-Exhibit A - Source Code Form License Notice
-
-      This Source Code Form is subject to the
-      terms of the Mozilla Public License, v.
-      2.0. If a copy of the MPL was not
-      distributed with this file, You can
-      obtain one at
-      http://mozilla.org/MPL/2.0/.
-
-If it is not possible or desirable to put the notice in a particular file, then
-You may include the notice in a location (such as a LICENSE file in a relevant
-directory) where a recipient would be likely to look for such a notice.
-
-You may add additional accurate notices of copyright ownership.
-
-Exhibit B - “Incompatible With Secondary Licenses” Notice
-
-      This Source Code Form is “Incompatible
-      With Secondary Licenses”, as defined by
-      the Mozilla Public License, v. 2.0.
-
+License text copyright (c) 2020 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+Parameters
+
+Licensor:             HashiCorp, Inc.
+Licensed Work:        The Licensed Work is (c) 2023 HashiCorp, Inc.
+Additional Use Grant: You may make production use of the Licensed Work,
+                      provided such use does not include offering the Licensed Work
+                      to third parties on a hosted or embedded basis which is
+                      competitive with HashiCorp's products.
+Change Date:          Four years from the date the Licensed Work is published.
+Change License:       MPL 2.0
+
+For information about alternative licensing arrangements for the Licensed Work,
+please contact licensing@hashicorp.com.
+
+Notice
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
diff --git a/acl/MockAuthorizer.go b/acl/MockAuthorizer.go
index 01afb5fea665..cabdf1b81243 100644
--- a/acl/MockAuthorizer.go
+++ b/acl/MockAuthorizer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/acl.go b/acl/acl.go
index 75789dd17498..753db01516e8 100644
--- a/acl/acl.go
+++ b/acl/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/acl_oss.go b/acl/acl_oss.go
index 8c8b24eaa3aa..7c92275ec83a 100644
--- a/acl/acl_oss.go
+++ b/acl/acl_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/acl_test.go b/acl/acl_test.go
index 3734eb1572fd..de95e91f1264 100644
--- a/acl/acl_test.go
+++ b/acl/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/authorizer.go b/acl/authorizer.go
index f4515f11c92a..21a7dbc80170 100644
--- a/acl/authorizer.go
+++ b/acl/authorizer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/authorizer_oss.go b/acl/authorizer_oss.go
index ed77d5e81d3f..06ec22dae7b4 100644
--- a/acl/authorizer_oss.go
+++ b/acl/authorizer_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/authorizer_test.go b/acl/authorizer_test.go
index 20774841ba8d..09cba85fa6b5 100644
--- a/acl/authorizer_test.go
+++ b/acl/authorizer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/chained_authorizer.go b/acl/chained_authorizer.go
index 9a681187bc1e..333ad7e90fd0 100644
--- a/acl/chained_authorizer.go
+++ b/acl/chained_authorizer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/chained_authorizer_test.go b/acl/chained_authorizer_test.go
index c17cbc907bf5..a198ab67788b 100644
--- a/acl/chained_authorizer_test.go
+++ b/acl/chained_authorizer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/enterprisemeta_oss.go b/acl/enterprisemeta_oss.go
index 8b93fd680796..791776e09b13 100644
--- a/acl/enterprisemeta_oss.go
+++ b/acl/enterprisemeta_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/errors.go b/acl/errors.go
index 7302e0392f17..7f4548ed95d6 100644
--- a/acl/errors.go
+++ b/acl/errors.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/errors_oss.go b/acl/errors_oss.go
index 8c2e84ac5c41..57b0eb32479d 100644
--- a/acl/errors_oss.go
+++ b/acl/errors_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/errors_test.go b/acl/errors_test.go
index 4988f695994f..b4e645c07312 100644
--- a/acl/errors_test.go
+++ b/acl/errors_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/policy.go b/acl/policy.go
index e26c8871314c..ef821563b0ad 100644
--- a/acl/policy.go
+++ b/acl/policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/policy_authorizer.go b/acl/policy_authorizer.go
index e87635a036df..9043dc40cdbf 100644
--- a/acl/policy_authorizer.go
+++ b/acl/policy_authorizer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/policy_authorizer_oss.go b/acl/policy_authorizer_oss.go
index 89708a5be9c3..ccdb2e758557 100644
--- a/acl/policy_authorizer_oss.go
+++ b/acl/policy_authorizer_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/policy_authorizer_test.go b/acl/policy_authorizer_test.go
index 1c6959527899..d144bc8d8cce 100644
--- a/acl/policy_authorizer_test.go
+++ b/acl/policy_authorizer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/policy_merger.go b/acl/policy_merger.go
index df065a9cb1b9..7707c4f9a51e 100644
--- a/acl/policy_merger.go
+++ b/acl/policy_merger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/policy_merger_oss.go b/acl/policy_merger_oss.go
index b221f2587539..207051f3482a 100644
--- a/acl/policy_merger_oss.go
+++ b/acl/policy_merger_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/policy_oss.go b/acl/policy_oss.go
index b33c3243364b..ed7eed9917ce 100644
--- a/acl/policy_oss.go
+++ b/acl/policy_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/policy_test.go b/acl/policy_test.go
index ac23e3c0df3b..2ce0b32892fb 100644
--- a/acl/policy_test.go
+++ b/acl/policy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/resolver/danger.go b/acl/resolver/danger.go
index a72efa927844..c2ae1a3c40c7 100644
--- a/acl/resolver/danger.go
+++ b/acl/resolver/danger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resolver
 
diff --git a/acl/resolver/result.go b/acl/resolver/result.go
index 190d15eca5b8..1e52b1c57316 100644
--- a/acl/resolver/result.go
+++ b/acl/resolver/result.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resolver
 
diff --git a/acl/static_authorizer.go b/acl/static_authorizer.go
index a6678925695c..2b62320b0a11 100644
--- a/acl/static_authorizer.go
+++ b/acl/static_authorizer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/static_authorizer_test.go b/acl/static_authorizer_test.go
index e94ac44e500f..cdaf91ef7102 100644
--- a/acl/static_authorizer_test.go
+++ b/acl/static_authorizer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/testing.go b/acl/testing.go
index 1c67458b174f..ef4d0343c6b9 100644
--- a/acl/testing.go
+++ b/acl/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/validation.go b/acl/validation.go
index 96119dcc0fba..c0017effa15d 100644
--- a/acl/validation.go
+++ b/acl/validation.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/acl/validation_test.go b/acl/validation_test.go
index d5d01e0e9054..3bf14719b12a 100644
--- a/acl/validation_test.go
+++ b/acl/validation_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/agent/acl.go b/agent/acl.go
index 381f2c028e4f..0f64ee62c79e 100644
--- a/agent/acl.go
+++ b/agent/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/acl_endpoint.go b/agent/acl_endpoint.go
index 60aa13a1490c..9f38f41f15db 100644
--- a/agent/acl_endpoint.go
+++ b/agent/acl_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go
index 4a84ef3155fd..82b2a9574fcf 100644
--- a/agent/acl_endpoint_test.go
+++ b/agent/acl_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/acl_oss.go b/agent/acl_oss.go
index aa505da1ef49..32d076fe1ed1 100644
--- a/agent/acl_oss.go
+++ b/agent/acl_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/acl_test.go b/agent/acl_test.go
index 5e5969dd6472..0958db8db6fb 100644
--- a/agent/acl_test.go
+++ b/agent/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/ae/ae.go b/agent/ae/ae.go
index 8c4d8c997296..65b38e00e4b4 100644
--- a/agent/ae/ae.go
+++ b/agent/ae/ae.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package ae provides tools to synchronize state between local and remote consul servers.
 package ae
diff --git a/agent/ae/ae_test.go b/agent/ae/ae_test.go
index 873cd4128db3..9e9593f4f92d 100644
--- a/agent/ae/ae_test.go
+++ b/agent/ae/ae_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ae
 
diff --git a/agent/ae/trigger.go b/agent/ae/trigger.go
index a320bda526d1..29bdd988907e 100644
--- a/agent/ae/trigger.go
+++ b/agent/ae/trigger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ae
 
diff --git a/agent/agent.go b/agent/agent.go
index ef6559235205..dc98aafbf50c 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go
index 9ee6e41e1c85..96857409ce77 100644
--- a/agent/agent_endpoint.go
+++ b/agent/agent_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/agent_endpoint_oss.go b/agent/agent_endpoint_oss.go
index 48b9c439cac4..cf2984ab5f1d 100644
--- a/agent/agent_endpoint_oss.go
+++ b/agent/agent_endpoint_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/agent_endpoint_oss_test.go b/agent/agent_endpoint_oss_test.go
index 763a5a006049..6608f40f4041 100644
--- a/agent/agent_endpoint_oss_test.go
+++ b/agent/agent_endpoint_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go
index 6df5275a1769..32516a76cb46 100644
--- a/agent/agent_endpoint_test.go
+++ b/agent/agent_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/agent_oss.go b/agent/agent_oss.go
index e8cfea681b3c..37a1804fe270 100644
--- a/agent/agent_oss.go
+++ b/agent/agent_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/agent_oss_test.go b/agent/agent_oss_test.go
index ceb90beb0634..07882c7b1eed 100644
--- a/agent/agent_oss_test.go
+++ b/agent/agent_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/agent_test.go b/agent/agent_test.go
index 495d58c95a46..96dd1de12555 100644
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/apiserver.go b/agent/apiserver.go
index a45e16a630b1..1f386e3f6b17 100644
--- a/agent/apiserver.go
+++ b/agent/apiserver.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/apiserver_test.go b/agent/apiserver_test.go
index 69188c424817..848487a78154 100644
--- a/agent/apiserver_test.go
+++ b/agent/apiserver_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/auto-config/auto_config.go b/agent/auto-config/auto_config.go
index b73951df70d1..a1a5848f623f 100644
--- a/agent/auto-config/auto_config.go
+++ b/agent/auto-config/auto_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/auto_config_oss.go b/agent/auto-config/auto_config_oss.go
index 7944ea5d2d67..ed3d85123350 100644
--- a/agent/auto-config/auto_config_oss.go
+++ b/agent/auto-config/auto_config_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/auto-config/auto_config_oss_test.go b/agent/auto-config/auto_config_oss_test.go
index b075ca7686b6..ff7cbf7472f4 100644
--- a/agent/auto-config/auto_config_oss_test.go
+++ b/agent/auto-config/auto_config_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/auto-config/auto_config_test.go b/agent/auto-config/auto_config_test.go
index a5ab97e0f45d..7c5c629be2f7 100644
--- a/agent/auto-config/auto_config_test.go
+++ b/agent/auto-config/auto_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/auto_encrypt.go b/agent/auto-config/auto_encrypt.go
index 59af662ee033..1b77c089f6f6 100644
--- a/agent/auto-config/auto_encrypt.go
+++ b/agent/auto-config/auto_encrypt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/auto_encrypt_test.go b/agent/auto-config/auto_encrypt_test.go
index 2c94b6a5540a..10a7c8da4688 100644
--- a/agent/auto-config/auto_encrypt_test.go
+++ b/agent/auto-config/auto_encrypt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/config.go b/agent/auto-config/config.go
index d0f1670ab73a..69eee08bc061 100644
--- a/agent/auto-config/config.go
+++ b/agent/auto-config/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/config_oss.go b/agent/auto-config/config_oss.go
index a51d30c6cb28..946051d04375 100644
--- a/agent/auto-config/config_oss.go
+++ b/agent/auto-config/config_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/auto-config/config_translate.go b/agent/auto-config/config_translate.go
index 31aeb7cbdb22..b60b3388eb2a 100644
--- a/agent/auto-config/config_translate.go
+++ b/agent/auto-config/config_translate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/config_translate_test.go b/agent/auto-config/config_translate_test.go
index 9b37c9870e31..8e2cef8c46ea 100644
--- a/agent/auto-config/config_translate_test.go
+++ b/agent/auto-config/config_translate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/mock_oss_test.go b/agent/auto-config/mock_oss_test.go
index 6f10f99726e4..a0d2ff785978 100644
--- a/agent/auto-config/mock_oss_test.go
+++ b/agent/auto-config/mock_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/auto-config/mock_test.go b/agent/auto-config/mock_test.go
index 263befae112c..0ef5084af264 100644
--- a/agent/auto-config/mock_test.go
+++ b/agent/auto-config/mock_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/persist.go b/agent/auto-config/persist.go
index 0abaa235451d..66cda1c41438 100644
--- a/agent/auto-config/persist.go
+++ b/agent/auto-config/persist.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/run.go b/agent/auto-config/run.go
index 74a78fde9f0d..ed3389c1880c 100644
--- a/agent/auto-config/run.go
+++ b/agent/auto-config/run.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/server_addr.go b/agent/auto-config/server_addr.go
index c70a6431fb33..6bca15d42fb8 100644
--- a/agent/auto-config/server_addr.go
+++ b/agent/auto-config/server_addr.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/tls.go b/agent/auto-config/tls.go
index e39022bc959b..8142a1eeb809 100644
--- a/agent/auto-config/tls.go
+++ b/agent/auto-config/tls.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/auto-config/tls_test.go b/agent/auto-config/tls_test.go
index b09ee295e60b..667c7dfa96e5 100644
--- a/agent/auto-config/tls_test.go
+++ b/agent/auto-config/tls_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autoconf
 
diff --git a/agent/blockingquery/blockingquery.go b/agent/blockingquery/blockingquery.go
index cb46110222de..3e073a1ffab2 100644
--- a/agent/blockingquery/blockingquery.go
+++ b/agent/blockingquery/blockingquery.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package blockingquery
 
 import (
diff --git a/agent/blockingquery/blockingquery_test.go b/agent/blockingquery/blockingquery_test.go
index 6cfc07c114aa..5861ed399164 100644
--- a/agent/blockingquery/blockingquery_test.go
+++ b/agent/blockingquery/blockingquery_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package blockingquery
 
 // TODO: move tests from the consul package, rpc_test.go, TestServer_blockingQuery
diff --git a/agent/cache-types/catalog_datacenters.go b/agent/cache-types/catalog_datacenters.go
index 12da6e9878e3..2a4e64c9e5c1 100644
--- a/agent/cache-types/catalog_datacenters.go
+++ b/agent/cache-types/catalog_datacenters.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_datacenters_test.go b/agent/cache-types/catalog_datacenters_test.go
index bef374d131cd..f04bfb4c7b42 100644
--- a/agent/cache-types/catalog_datacenters_test.go
+++ b/agent/cache-types/catalog_datacenters_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_list_services.go b/agent/cache-types/catalog_list_services.go
index a605c7431388..0a14ed3ef120 100644
--- a/agent/cache-types/catalog_list_services.go
+++ b/agent/cache-types/catalog_list_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_list_services_test.go b/agent/cache-types/catalog_list_services_test.go
index b5da270f962d..623cda2cee3c 100644
--- a/agent/cache-types/catalog_list_services_test.go
+++ b/agent/cache-types/catalog_list_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_service_list.go b/agent/cache-types/catalog_service_list.go
index 521ed1d3b1ad..37ac4ba0f813 100644
--- a/agent/cache-types/catalog_service_list.go
+++ b/agent/cache-types/catalog_service_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_service_list_test.go b/agent/cache-types/catalog_service_list_test.go
index 995f7e8b6c8c..eb686193cc3c 100644
--- a/agent/cache-types/catalog_service_list_test.go
+++ b/agent/cache-types/catalog_service_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_services.go b/agent/cache-types/catalog_services.go
index 21b472ba3124..8e04997b9f62 100644
--- a/agent/cache-types/catalog_services.go
+++ b/agent/cache-types/catalog_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_services_test.go b/agent/cache-types/catalog_services_test.go
index 8723b9015d71..c084de67ccaa 100644
--- a/agent/cache-types/catalog_services_test.go
+++ b/agent/cache-types/catalog_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/config_entry.go b/agent/cache-types/config_entry.go
index 9748c176d103..98443363c1b8 100644
--- a/agent/cache-types/config_entry.go
+++ b/agent/cache-types/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/config_entry_test.go b/agent/cache-types/config_entry_test.go
index 11b109d6634a..d892b069e4c7 100644
--- a/agent/cache-types/config_entry_test.go
+++ b/agent/cache-types/config_entry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/connect_ca_root.go b/agent/cache-types/connect_ca_root.go
index 0d6c8b700ca7..1df3f7c78d83 100644
--- a/agent/cache-types/connect_ca_root.go
+++ b/agent/cache-types/connect_ca_root.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/connect_ca_root_test.go b/agent/cache-types/connect_ca_root_test.go
index c1e906a8b810..74aa53c31a4c 100644
--- a/agent/cache-types/connect_ca_root_test.go
+++ b/agent/cache-types/connect_ca_root_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/discovery_chain.go b/agent/cache-types/discovery_chain.go
index 8f0f17791488..e27b621061e1 100644
--- a/agent/cache-types/discovery_chain.go
+++ b/agent/cache-types/discovery_chain.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/discovery_chain_test.go b/agent/cache-types/discovery_chain_test.go
index b2b279faf7dd..a9c9783e882b 100644
--- a/agent/cache-types/discovery_chain_test.go
+++ b/agent/cache-types/discovery_chain_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/exported_peered_services.go b/agent/cache-types/exported_peered_services.go
index 3e8f33628144..69bd2d92ba71 100644
--- a/agent/cache-types/exported_peered_services.go
+++ b/agent/cache-types/exported_peered_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/exported_peered_services_test.go b/agent/cache-types/exported_peered_services_test.go
index 4848c2fce9db..a2d618bb60c5 100644
--- a/agent/cache-types/exported_peered_services_test.go
+++ b/agent/cache-types/exported_peered_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/federation_state_list_gateways.go b/agent/cache-types/federation_state_list_gateways.go
index 50658777b8d8..501a8bcead28 100644
--- a/agent/cache-types/federation_state_list_gateways.go
+++ b/agent/cache-types/federation_state_list_gateways.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/federation_state_list_gateways_test.go b/agent/cache-types/federation_state_list_gateways_test.go
index 7aaad80ed3b2..04bd661e80fc 100644
--- a/agent/cache-types/federation_state_list_gateways_test.go
+++ b/agent/cache-types/federation_state_list_gateways_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/gateway_services.go b/agent/cache-types/gateway_services.go
index 030cec59ef88..9c13800beeee 100644
--- a/agent/cache-types/gateway_services.go
+++ b/agent/cache-types/gateway_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/gateway_services_test.go b/agent/cache-types/gateway_services_test.go
index babc30ead3c1..49be4edf4780 100644
--- a/agent/cache-types/gateway_services_test.go
+++ b/agent/cache-types/gateway_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/health_services.go b/agent/cache-types/health_services.go
index dc1a5e6648ad..ae8369364743 100644
--- a/agent/cache-types/health_services.go
+++ b/agent/cache-types/health_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/health_services_test.go b/agent/cache-types/health_services_test.go
index e3680eb2d5ad..6e83ec9a4018 100644
--- a/agent/cache-types/health_services_test.go
+++ b/agent/cache-types/health_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/intention_match.go b/agent/cache-types/intention_match.go
index 16671328fd2d..fd69eab65c75 100644
--- a/agent/cache-types/intention_match.go
+++ b/agent/cache-types/intention_match.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/intention_match_test.go b/agent/cache-types/intention_match_test.go
index 68a467a29d51..26788b679bef 100644
--- a/agent/cache-types/intention_match_test.go
+++ b/agent/cache-types/intention_match_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/intention_upstreams.go b/agent/cache-types/intention_upstreams.go
index b918a553526c..a0e1ea0c0fd3 100644
--- a/agent/cache-types/intention_upstreams.go
+++ b/agent/cache-types/intention_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/intention_upstreams_destination.go b/agent/cache-types/intention_upstreams_destination.go
index 8adba2d7e742..1b5200a163c2 100644
--- a/agent/cache-types/intention_upstreams_destination.go
+++ b/agent/cache-types/intention_upstreams_destination.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/intention_upstreams_destination_test.go b/agent/cache-types/intention_upstreams_destination_test.go
index d4f8602c7d7e..32852891846f 100644
--- a/agent/cache-types/intention_upstreams_destination_test.go
+++ b/agent/cache-types/intention_upstreams_destination_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/intention_upstreams_test.go b/agent/cache-types/intention_upstreams_test.go
index 6f695576d063..3259969f03a8 100644
--- a/agent/cache-types/intention_upstreams_test.go
+++ b/agent/cache-types/intention_upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/node_services.go b/agent/cache-types/node_services.go
index 2b51de9f62f8..44dd5624f565 100644
--- a/agent/cache-types/node_services.go
+++ b/agent/cache-types/node_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/node_services_test.go b/agent/cache-types/node_services_test.go
index a1412bbe935b..6f16f93d5d61 100644
--- a/agent/cache-types/node_services_test.go
+++ b/agent/cache-types/node_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/options.go b/agent/cache-types/options.go
index cbfa2ff178ef..cd46060f8bce 100644
--- a/agent/cache-types/options.go
+++ b/agent/cache-types/options.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/peered_upstreams.go b/agent/cache-types/peered_upstreams.go
index 49997ecdf967..964b350eb150 100644
--- a/agent/cache-types/peered_upstreams.go
+++ b/agent/cache-types/peered_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/peered_upstreams_test.go b/agent/cache-types/peered_upstreams_test.go
index 1e9dc29fdf4a..07be6e418808 100644
--- a/agent/cache-types/peered_upstreams_test.go
+++ b/agent/cache-types/peered_upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/peerings.go b/agent/cache-types/peerings.go
index e72b43d56312..53138e5512d8 100644
--- a/agent/cache-types/peerings.go
+++ b/agent/cache-types/peerings.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/peerings_test.go b/agent/cache-types/peerings_test.go
index 75fc21371eb7..088a077c4f50 100644
--- a/agent/cache-types/peerings_test.go
+++ b/agent/cache-types/peerings_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/prepared_query.go b/agent/cache-types/prepared_query.go
index 995214a1b45b..8a9ec7720959 100644
--- a/agent/cache-types/prepared_query.go
+++ b/agent/cache-types/prepared_query.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/prepared_query_test.go b/agent/cache-types/prepared_query_test.go
index 26ea4d4c0b02..50850c20fe9b 100644
--- a/agent/cache-types/prepared_query_test.go
+++ b/agent/cache-types/prepared_query_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/resolved_service_config.go b/agent/cache-types/resolved_service_config.go
index 589afbcc6bd1..76c333840f5d 100644
--- a/agent/cache-types/resolved_service_config.go
+++ b/agent/cache-types/resolved_service_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/resolved_service_config_test.go b/agent/cache-types/resolved_service_config_test.go
index 4c8376447ad5..a71cdb783436 100644
--- a/agent/cache-types/resolved_service_config_test.go
+++ b/agent/cache-types/resolved_service_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/rpc.go b/agent/cache-types/rpc.go
index 905547d20fe8..13bfdb3e5a5d 100644
--- a/agent/cache-types/rpc.go
+++ b/agent/cache-types/rpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/service_checks.go b/agent/cache-types/service_checks.go
index 88a065c94b86..55ea3896f33c 100644
--- a/agent/cache-types/service_checks.go
+++ b/agent/cache-types/service_checks.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/service_checks_test.go b/agent/cache-types/service_checks_test.go
index b936990d91a3..898ea4aa9c93 100644
--- a/agent/cache-types/service_checks_test.go
+++ b/agent/cache-types/service_checks_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/service_dump.go b/agent/cache-types/service_dump.go
index 3bab11239f04..60c2895aff1f 100644
--- a/agent/cache-types/service_dump.go
+++ b/agent/cache-types/service_dump.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/service_dump_test.go b/agent/cache-types/service_dump_test.go
index 8fe39e63b268..3570fc9720a1 100644
--- a/agent/cache-types/service_dump_test.go
+++ b/agent/cache-types/service_dump_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/service_gateways.go b/agent/cache-types/service_gateways.go
index d096d136fa2f..a080fc77451c 100644
--- a/agent/cache-types/service_gateways.go
+++ b/agent/cache-types/service_gateways.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/service_gateways_test.go b/agent/cache-types/service_gateways_test.go
index c8c62e7c9ad5..9f615162b6fb 100644
--- a/agent/cache-types/service_gateways_test.go
+++ b/agent/cache-types/service_gateways_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/testing.go b/agent/cache-types/testing.go
index 459feaba9fa3..3789eff4e2a5 100644
--- a/agent/cache-types/testing.go
+++ b/agent/cache-types/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/trust_bundle.go b/agent/cache-types/trust_bundle.go
index 301b18977d95..0bac27e2b8c2 100644
--- a/agent/cache-types/trust_bundle.go
+++ b/agent/cache-types/trust_bundle.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/trust_bundle_test.go b/agent/cache-types/trust_bundle_test.go
index dc39c3555bd5..f39a15bdc662 100644
--- a/agent/cache-types/trust_bundle_test.go
+++ b/agent/cache-types/trust_bundle_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/trust_bundles.go b/agent/cache-types/trust_bundles.go
index a485ee53414c..7098c01af47a 100644
--- a/agent/cache-types/trust_bundles.go
+++ b/agent/cache-types/trust_bundles.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache-types/trust_bundles_test.go b/agent/cache-types/trust_bundles_test.go
index 373ba2a8d71f..f565bab18fdb 100644
--- a/agent/cache-types/trust_bundles_test.go
+++ b/agent/cache-types/trust_bundles_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cachetype
 
diff --git a/agent/cache/cache.go b/agent/cache/cache.go
index ed1e4f911ada..29f1296f79b9 100644
--- a/agent/cache/cache.go
+++ b/agent/cache/cache.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package cache provides caching features for data from a Consul server.
 //
diff --git a/agent/cache/cache_test.go b/agent/cache/cache_test.go
index 4ab66a29d0bf..6a4216c85929 100644
--- a/agent/cache/cache_test.go
+++ b/agent/cache/cache_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cache
 
diff --git a/agent/cache/entry.go b/agent/cache/entry.go
index fb8008d8c15e..9ee1fc0007fa 100644
--- a/agent/cache/entry.go
+++ b/agent/cache/entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cache
 
diff --git a/agent/cache/request.go b/agent/cache/request.go
index 7f66f4ce5881..9af73d99687b 100644
--- a/agent/cache/request.go
+++ b/agent/cache/request.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cache
 
diff --git a/agent/cache/testing.go b/agent/cache/testing.go
index 7f0df113bc83..b754dae3e76a 100644
--- a/agent/cache/testing.go
+++ b/agent/cache/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cache
 
diff --git a/agent/cache/type.go b/agent/cache/type.go
index d58362fd470d..ccab3216ca83 100644
--- a/agent/cache/type.go
+++ b/agent/cache/type.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cache
 
diff --git a/agent/cache/watch.go b/agent/cache/watch.go
index d8693ad032f9..300001240312 100644
--- a/agent/cache/watch.go
+++ b/agent/cache/watch.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cache
 
diff --git a/agent/cache/watch_test.go b/agent/cache/watch_test.go
index e6a5848f4ccd..41c30f4dbb5c 100644
--- a/agent/cache/watch_test.go
+++ b/agent/cache/watch_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cache
 
diff --git a/agent/catalog_endpoint.go b/agent/catalog_endpoint.go
index ad72c4b47f35..1dac61befa47 100644
--- a/agent/catalog_endpoint.go
+++ b/agent/catalog_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/catalog_endpoint_oss.go b/agent/catalog_endpoint_oss.go
index fcd8311356d8..a3c8595fbe27 100644
--- a/agent/catalog_endpoint_oss.go
+++ b/agent/catalog_endpoint_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/catalog_endpoint_test.go b/agent/catalog_endpoint_test.go
index da65097dbb58..1b92e29a84d2 100644
--- a/agent/catalog_endpoint_test.go
+++ b/agent/catalog_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/check.go b/agent/check.go
index 79c030d93242..078361be6601 100644
--- a/agent/check.go
+++ b/agent/check.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/checks/alias.go b/agent/checks/alias.go
index 5e394105cf1c..f75c05b9580b 100644
--- a/agent/checks/alias.go
+++ b/agent/checks/alias.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package checks
 
diff --git a/agent/checks/alias_test.go b/agent/checks/alias_test.go
index 70a301d1180f..1f5662019929 100644
--- a/agent/checks/alias_test.go
+++ b/agent/checks/alias_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package checks
 
diff --git a/agent/checks/check.go b/agent/checks/check.go
index 3d8b58489656..0c730b510942 100644
--- a/agent/checks/check.go
+++ b/agent/checks/check.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package checks
 
diff --git a/agent/checks/check_test.go b/agent/checks/check_test.go
index 389b4cb14100..ae53b477f555 100644
--- a/agent/checks/check_test.go
+++ b/agent/checks/check_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package checks
 
diff --git a/agent/checks/check_windows_test.go b/agent/checks/check_windows_test.go
index b7c14dd18e85..05643539be51 100644
--- a/agent/checks/check_windows_test.go
+++ b/agent/checks/check_windows_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build windows
 // +build windows
diff --git a/agent/checks/docker.go b/agent/checks/docker.go
index 11bcac7e01c8..e3483e073b03 100644
--- a/agent/checks/docker.go
+++ b/agent/checks/docker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package checks
 
diff --git a/agent/checks/docker_unix.go b/agent/checks/docker_unix.go
index 33c8a2b81722..976344aa82d2 100644
--- a/agent/checks/docker_unix.go
+++ b/agent/checks/docker_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !windows
 // +build !windows
diff --git a/agent/checks/docker_windows.go b/agent/checks/docker_windows.go
index edcb4f380a98..6008b695ba1b 100644
--- a/agent/checks/docker_windows.go
+++ b/agent/checks/docker_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package checks
 
diff --git a/agent/checks/grpc.go b/agent/checks/grpc.go
index 87378521c9df..b3bcba20b5a6 100644
--- a/agent/checks/grpc.go
+++ b/agent/checks/grpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package checks
 
diff --git a/agent/checks/grpc_test.go b/agent/checks/grpc_test.go
index 4500bcd67f3b..e67b453bda62 100644
--- a/agent/checks/grpc_test.go
+++ b/agent/checks/grpc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package checks
 
diff --git a/agent/checks/os_service.go b/agent/checks/os_service.go
index af4e9b03ee87..3350c73a2c3b 100644
--- a/agent/checks/os_service.go
+++ b/agent/checks/os_service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package checks
 
diff --git a/agent/checks/os_service_unix.go b/agent/checks/os_service_unix.go
index ab004e29fd9c..a02c8b54a741 100644
--- a/agent/checks/os_service_unix.go
+++ b/agent/checks/os_service_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !windows
 // +build !windows
diff --git a/agent/checks/os_service_windows.go b/agent/checks/os_service_windows.go
index 8b73ce4ad209..fd9cc1bd33ec 100644
--- a/agent/checks/os_service_windows.go
+++ b/agent/checks/os_service_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build windows
 // +build windows
diff --git a/agent/config/agent_limits.go b/agent/config/agent_limits.go
index fff5e267f203..7abbb075d316 100644
--- a/agent/config/agent_limits.go
+++ b/agent/config/agent_limits.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/builder.go b/agent/config/builder.go
index 98bac1711cac..a3ca1abfd0c1 100644
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/builder_oss.go b/agent/config/builder_oss.go
index fa715a38a3e2..7f94a06093b6 100644
--- a/agent/config/builder_oss.go
+++ b/agent/config/builder_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/builder_oss_test.go b/agent/config/builder_oss_test.go
index 100f905859da..3b3a220278c7 100644
--- a/agent/config/builder_oss_test.go
+++ b/agent/config/builder_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/builder_test.go b/agent/config/builder_test.go
index 3eb81fdee4de..2cc3e3148c37 100644
--- a/agent/config/builder_test.go
+++ b/agent/config/builder_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/config.go b/agent/config/config.go
index 8917a60858d6..baaa1805191a 100644
--- a/agent/config/config.go
+++ b/agent/config/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/config_oss.go b/agent/config/config_oss.go
index 2fc8da58e6da..aaf743919b97 100644
--- a/agent/config/config_oss.go
+++ b/agent/config/config_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/default.go b/agent/config/default.go
index 536ac7ac3340..275a32a33fd6 100644
--- a/agent/config/default.go
+++ b/agent/config/default.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/default_oss.go b/agent/config/default_oss.go
index f91bb9c7d360..4f5adf0de724 100644
--- a/agent/config/default_oss.go
+++ b/agent/config/default_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/deprecated.go b/agent/config/deprecated.go
index 597095f8e264..921e3329ffa6 100644
--- a/agent/config/deprecated.go
+++ b/agent/config/deprecated.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/deprecated_test.go b/agent/config/deprecated_test.go
index 785c9555084f..8d03e431f7af 100644
--- a/agent/config/deprecated_test.go
+++ b/agent/config/deprecated_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/doc.go b/agent/config/doc.go
index 4cbc2c41cfdc..5bfc77d90252 100644
--- a/agent/config/doc.go
+++ b/agent/config/doc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package config contains the command line and config file code for the
 // consul agent.
diff --git a/agent/config/file_watcher.go b/agent/config/file_watcher.go
index c91bb1dd50cc..2afe19b1a659 100644
--- a/agent/config/file_watcher.go
+++ b/agent/config/file_watcher.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/file_watcher_test.go b/agent/config/file_watcher_test.go
index 02b1cd14117b..f937d1401195 100644
--- a/agent/config/file_watcher_test.go
+++ b/agent/config/file_watcher_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/flags.go b/agent/config/flags.go
index 21e1ac612a53..b56a162287c0 100644
--- a/agent/config/flags.go
+++ b/agent/config/flags.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/flags_test.go b/agent/config/flags_test.go
index 10df0d6d7f00..a6c9ee23bd4a 100644
--- a/agent/config/flags_test.go
+++ b/agent/config/flags_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/flagset.go b/agent/config/flagset.go
index 3b2abe6fdf9a..af1b06d70ce9 100644
--- a/agent/config/flagset.go
+++ b/agent/config/flagset.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/golden_test.go b/agent/config/golden_test.go
index fb4401efbf4d..a9ce20d7bd1a 100644
--- a/agent/config/golden_test.go
+++ b/agent/config/golden_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/limits.go b/agent/config/limits.go
index 6b5d466ab639..46b6d45a1e52 100644
--- a/agent/config/limits.go
+++ b/agent/config/limits.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !windows
 // +build !windows
diff --git a/agent/config/limits_windows.go b/agent/config/limits_windows.go
index d9d3499397b5..538d84721f4f 100644
--- a/agent/config/limits_windows.go
+++ b/agent/config/limits_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build windows
 // +build windows
diff --git a/agent/config/merge.go b/agent/config/merge.go
index f40efdaa8779..64c7c1e97496 100644
--- a/agent/config/merge.go
+++ b/agent/config/merge.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/merge_test.go b/agent/config/merge_test.go
index 13e3cbb186ec..9c2e2a1a0736 100644
--- a/agent/config/merge_test.go
+++ b/agent/config/merge_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/ratelimited_file_watcher.go b/agent/config/ratelimited_file_watcher.go
index 33de08cf2b62..41f894837035 100644
--- a/agent/config/ratelimited_file_watcher.go
+++ b/agent/config/ratelimited_file_watcher.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/ratelimited_file_watcher_test.go b/agent/config/ratelimited_file_watcher_test.go
index d6a43b6be82b..8e4415aaa871 100644
--- a/agent/config/ratelimited_file_watcher_test.go
+++ b/agent/config/ratelimited_file_watcher_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/runtime.go b/agent/config/runtime.go
index 1a8dc13794d3..18278b08b1ac 100644
--- a/agent/config/runtime.go
+++ b/agent/config/runtime.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/runtime_oss.go b/agent/config/runtime_oss.go
index 94a6b7fa6a62..ccc139a86b04 100644
--- a/agent/config/runtime_oss.go
+++ b/agent/config/runtime_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/runtime_oss_test.go b/agent/config/runtime_oss_test.go
index 06801ac83529..f52aee3b3830 100644
--- a/agent/config/runtime_oss_test.go
+++ b/agent/config/runtime_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go
index b18a63162484..54074bc19561 100644
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/config/segment_oss.go b/agent/config/segment_oss.go
index 5f8e8cff7d8f..3baee7076b14 100644
--- a/agent/config/segment_oss.go
+++ b/agent/config/segment_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/segment_oss_test.go b/agent/config/segment_oss_test.go
index 6dbb60645afa..7fde44100c85 100644
--- a/agent/config/segment_oss_test.go
+++ b/agent/config/segment_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/testdata/full-config.hcl b/agent/config/testdata/full-config.hcl
index 6029d2ea2e6b..1c1fb0158aa5 100644
--- a/agent/config/testdata/full-config.hcl
+++ b/agent/config/testdata/full-config.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 acl_agent_master_token = "furuQD0b"
 acl_agent_token = "cOshLOQ2"
diff --git a/agent/config_endpoint.go b/agent/config_endpoint.go
index 396215d78d99..e1b3f0eeef41 100644
--- a/agent/config_endpoint.go
+++ b/agent/config_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/config_endpoint_test.go b/agent/config_endpoint_test.go
index f8c0c01e329a..141e1e8f4d0d 100644
--- a/agent/config_endpoint_test.go
+++ b/agent/config_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/configentry/compare.go b/agent/configentry/compare.go
index f28d5c9b03d9..3bf761dba828 100644
--- a/agent/configentry/compare.go
+++ b/agent/configentry/compare.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package configentry
 
 import (
diff --git a/agent/configentry/compare_test.go b/agent/configentry/compare_test.go
index fcb63d0fa86e..eeeec32f853b 100644
--- a/agent/configentry/compare_test.go
+++ b/agent/configentry/compare_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package configentry
 
 import (
diff --git a/agent/configentry/config_entry.go b/agent/configentry/config_entry.go
index a4ebb254e040..b10989aa95d7 100644
--- a/agent/configentry/config_entry.go
+++ b/agent/configentry/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package configentry
 
diff --git a/agent/configentry/discoverychain.go b/agent/configentry/discoverychain.go
index d66b6590e0a4..58bdb81fc20c 100644
--- a/agent/configentry/discoverychain.go
+++ b/agent/configentry/discoverychain.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package configentry
 
diff --git a/agent/configentry/doc.go b/agent/configentry/doc.go
index 18fd1405ab18..7dff4a06621b 100644
--- a/agent/configentry/doc.go
+++ b/agent/configentry/doc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package configentry contains structs and logic related to the Configuration
 // Entry subsystem. Currently this is restricted to structs used during
diff --git a/agent/configentry/merge_service_config.go b/agent/configentry/merge_service_config.go
index cc692e789b37..d0d33b0d6527 100644
--- a/agent/configentry/merge_service_config.go
+++ b/agent/configentry/merge_service_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package configentry
 
diff --git a/agent/configentry/merge_service_config_test.go b/agent/configentry/merge_service_config_test.go
index 4f6dbb55488a..e8ed84ad7b16 100644
--- a/agent/configentry/merge_service_config_test.go
+++ b/agent/configentry/merge_service_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package configentry
 
diff --git a/agent/configentry/resolve.go b/agent/configentry/resolve.go
index 882f1d16b548..76ea794dee5e 100644
--- a/agent/configentry/resolve.go
+++ b/agent/configentry/resolve.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package configentry
 
diff --git a/agent/configentry/resolve_test.go b/agent/configentry/resolve_test.go
index f0457730eaa0..f93649df8ae7 100644
--- a/agent/configentry/resolve_test.go
+++ b/agent/configentry/resolve_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package configentry
 
diff --git a/agent/configentry/service_config.go b/agent/configentry/service_config.go
index 4b7e5e2a27c1..83e24e27c390 100644
--- a/agent/configentry/service_config.go
+++ b/agent/configentry/service_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package configentry
 
diff --git a/agent/connect/authz.go b/agent/connect/authz.go
index 74b306354faf..cc14dd0cb61d 100644
--- a/agent/connect/authz.go
+++ b/agent/connect/authz.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/authz_test.go b/agent/connect/authz_test.go
index 6428acfc4722..1cbf17517d81 100644
--- a/agent/connect/authz_test.go
+++ b/agent/connect/authz_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/ca/common.go b/agent/connect/ca/common.go
index b83a196a8a23..f52b030ed977 100644
--- a/agent/connect/ca/common.go
+++ b/agent/connect/ca/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider.go b/agent/connect/ca/provider.go
index d8061005e9d9..898da46af729 100644
--- a/agent/connect/ca/provider.go
+++ b/agent/connect/ca/provider.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_aws.go b/agent/connect/ca/provider_aws.go
index d45f3295a8e7..1ce5a5eba57d 100644
--- a/agent/connect/ca/provider_aws.go
+++ b/agent/connect/ca/provider_aws.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_aws_test.go b/agent/connect/ca/provider_aws_test.go
index cba2897fa26a..d46221af1fce 100644
--- a/agent/connect/ca/provider_aws_test.go
+++ b/agent/connect/ca/provider_aws_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_consul.go b/agent/connect/ca/provider_consul.go
index 01c4987e07d8..a4aba91942bf 100644
--- a/agent/connect/ca/provider_consul.go
+++ b/agent/connect/ca/provider_consul.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_consul_config.go b/agent/connect/ca/provider_consul_config.go
index b0998a0aa11b..c7e8b0346cdb 100644
--- a/agent/connect/ca/provider_consul_config.go
+++ b/agent/connect/ca/provider_consul_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_consul_test.go b/agent/connect/ca/provider_consul_test.go
index 0c6959c7f5d4..658a97d39bd9 100644
--- a/agent/connect/ca/provider_consul_test.go
+++ b/agent/connect/ca/provider_consul_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_test.go b/agent/connect/ca/provider_test.go
index 1ff4af397767..85deedbf4cb5 100644
--- a/agent/connect/ca/provider_test.go
+++ b/agent/connect/ca/provider_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go
index 59b983dbecc4..8c77f032e83d 100644
--- a/agent/connect/ca/provider_vault.go
+++ b/agent/connect/ca/provider_vault.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth.go b/agent/connect/ca/provider_vault_auth.go
index ddfbde34070c..70176cc3c328 100644
--- a/agent/connect/ca/provider_vault_auth.go
+++ b/agent/connect/ca/provider_vault_auth.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_alicloud.go b/agent/connect/ca/provider_vault_auth_alicloud.go
index 1c3058317925..d6ae5b185ed3 100644
--- a/agent/connect/ca/provider_vault_auth_alicloud.go
+++ b/agent/connect/ca/provider_vault_auth_alicloud.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_approle.go b/agent/connect/ca/provider_vault_auth_approle.go
index 150c463aea9a..c3d7d8f9c8ac 100644
--- a/agent/connect/ca/provider_vault_auth_approle.go
+++ b/agent/connect/ca/provider_vault_auth_approle.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_aws.go b/agent/connect/ca/provider_vault_auth_aws.go
index 02abf39824cb..61762b36fd61 100644
--- a/agent/connect/ca/provider_vault_auth_aws.go
+++ b/agent/connect/ca/provider_vault_auth_aws.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_azure.go b/agent/connect/ca/provider_vault_auth_azure.go
index 8025977007f4..ac8d326b3279 100644
--- a/agent/connect/ca/provider_vault_auth_azure.go
+++ b/agent/connect/ca/provider_vault_auth_azure.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_gcp.go b/agent/connect/ca/provider_vault_auth_gcp.go
index 5eefc7143663..10dfbf4b294a 100644
--- a/agent/connect/ca/provider_vault_auth_gcp.go
+++ b/agent/connect/ca/provider_vault_auth_gcp.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_jwt.go b/agent/connect/ca/provider_vault_auth_jwt.go
index 2560f856d82a..e80751cd59c3 100644
--- a/agent/connect/ca/provider_vault_auth_jwt.go
+++ b/agent/connect/ca/provider_vault_auth_jwt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_k8s.go b/agent/connect/ca/provider_vault_auth_k8s.go
index c3a69c6ccd44..acd6f68bc5dd 100644
--- a/agent/connect/ca/provider_vault_auth_k8s.go
+++ b/agent/connect/ca/provider_vault_auth_k8s.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_test.go b/agent/connect/ca/provider_vault_auth_test.go
index 74507acb39e7..361d89400e22 100644
--- a/agent/connect/ca/provider_vault_auth_test.go
+++ b/agent/connect/ca/provider_vault_auth_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go
index 008afa6081aa..c76ea1c28a6c 100644
--- a/agent/connect/ca/provider_vault_test.go
+++ b/agent/connect/ca/provider_vault_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/ca/testing.go b/agent/connect/ca/testing.go
index d7458bcda8d6..28d077e34e5a 100644
--- a/agent/connect/ca/testing.go
+++ b/agent/connect/ca/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/agent/connect/common_names.go b/agent/connect/common_names.go
index 3c4c30633d53..c52df9f10fb4 100644
--- a/agent/connect/common_names.go
+++ b/agent/connect/common_names.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/csr.go b/agent/connect/csr.go
index 9cf0d884dea7..0a491b0b6552 100644
--- a/agent/connect/csr.go
+++ b/agent/connect/csr.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/csr_test.go b/agent/connect/csr_test.go
index 6aef985f006f..1833b78a7798 100644
--- a/agent/connect/csr_test.go
+++ b/agent/connect/csr_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/generate.go b/agent/connect/generate.go
index 819428d147a9..84c91a246846 100644
--- a/agent/connect/generate.go
+++ b/agent/connect/generate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/generate_test.go b/agent/connect/generate_test.go
index 67be6081fe08..ca956b702f16 100644
--- a/agent/connect/generate_test.go
+++ b/agent/connect/generate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/parsing.go b/agent/connect/parsing.go
index d0eb55d7b0dd..f1e89fe0255b 100644
--- a/agent/connect/parsing.go
+++ b/agent/connect/parsing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/sni.go b/agent/connect/sni.go
index b9eb8a14b2ef..534eeaa0e2b2 100644
--- a/agent/connect/sni.go
+++ b/agent/connect/sni.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/sni_test.go b/agent/connect/sni_test.go
index acbfd49ce028..ed0bd0728041 100644
--- a/agent/connect/sni_test.go
+++ b/agent/connect/sni_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/testing_ca.go b/agent/connect/testing_ca.go
index 7b30d8517647..a852d9130c87 100644
--- a/agent/connect/testing_ca.go
+++ b/agent/connect/testing_ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/testing_ca_test.go b/agent/connect/testing_ca_test.go
index 492ca9e32d93..9b62a2baee54 100644
--- a/agent/connect/testing_ca_test.go
+++ b/agent/connect/testing_ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/testing_spiffe.go b/agent/connect/testing_spiffe.go
index f48222c443f9..fdbff5eda67d 100644
--- a/agent/connect/testing_spiffe.go
+++ b/agent/connect/testing_spiffe.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/uri.go b/agent/connect/uri.go
index ce44967432f6..d9d5aa037d8a 100644
--- a/agent/connect/uri.go
+++ b/agent/connect/uri.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/uri_agent.go b/agent/connect/uri_agent.go
index c3d3a86bf115..1babf9987380 100644
--- a/agent/connect/uri_agent.go
+++ b/agent/connect/uri_agent.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/uri_agent_oss.go b/agent/connect/uri_agent_oss.go
index e7d4262346aa..89418ca39528 100644
--- a/agent/connect/uri_agent_oss.go
+++ b/agent/connect/uri_agent_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_agent_oss_test.go b/agent/connect/uri_agent_oss_test.go
index 57f1286fd1e1..241d804841d5 100644
--- a/agent/connect/uri_agent_oss_test.go
+++ b/agent/connect/uri_agent_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_mesh_gateway.go b/agent/connect/uri_mesh_gateway.go
index ec474efa4085..d5cf155bf8d7 100644
--- a/agent/connect/uri_mesh_gateway.go
+++ b/agent/connect/uri_mesh_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/uri_mesh_gateway_oss.go b/agent/connect/uri_mesh_gateway_oss.go
index 6ac369ddd83c..ea5cad20920e 100644
--- a/agent/connect/uri_mesh_gateway_oss.go
+++ b/agent/connect/uri_mesh_gateway_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_mesh_gateway_oss_test.go b/agent/connect/uri_mesh_gateway_oss_test.go
index 593de8ef3105..4a8e8ada3701 100644
--- a/agent/connect/uri_mesh_gateway_oss_test.go
+++ b/agent/connect/uri_mesh_gateway_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_server.go b/agent/connect/uri_server.go
index 894ad63784bf..5a2b9c242928 100644
--- a/agent/connect/uri_server.go
+++ b/agent/connect/uri_server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/uri_service.go b/agent/connect/uri_service.go
index 5f5f5c9bc8a9..04eff0d72d21 100644
--- a/agent/connect/uri_service.go
+++ b/agent/connect/uri_service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/uri_service_oss.go b/agent/connect/uri_service_oss.go
index 7323055ad8dc..59761239ea15 100644
--- a/agent/connect/uri_service_oss.go
+++ b/agent/connect/uri_service_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_service_oss_test.go b/agent/connect/uri_service_oss_test.go
index 7d73151edc03..774632063e94 100644
--- a/agent/connect/uri_service_oss_test.go
+++ b/agent/connect/uri_service_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_signing.go b/agent/connect/uri_signing.go
index 24330a3d70b1..4c4dd6ef67e8 100644
--- a/agent/connect/uri_signing.go
+++ b/agent/connect/uri_signing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/uri_signing_test.go b/agent/connect/uri_signing_test.go
index ba426173160e..edd3d468931b 100644
--- a/agent/connect/uri_signing_test.go
+++ b/agent/connect/uri_signing_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/uri_test.go b/agent/connect/uri_test.go
index 2ea439f53668..fcbcf42ab3a2 100644
--- a/agent/connect/uri_test.go
+++ b/agent/connect/uri_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/x509_patch.go b/agent/connect/x509_patch.go
index f448154f8d9f..54a33ce07834 100644
--- a/agent/connect/x509_patch.go
+++ b/agent/connect/x509_patch.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect/x509_patch_test.go b/agent/connect/x509_patch_test.go
index 1447802a5b87..bdcb99045b57 100644
--- a/agent/connect/x509_patch_test.go
+++ b/agent/connect/x509_patch_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/agent/connect_auth.go b/agent/connect_auth.go
index 7060d10b599f..3b07013d3919 100644
--- a/agent/connect_auth.go
+++ b/agent/connect_auth.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/connect_ca_endpoint.go b/agent/connect_ca_endpoint.go
index 913836f8c875..0a60f3766247 100644
--- a/agent/connect_ca_endpoint.go
+++ b/agent/connect_ca_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/connect_ca_endpoint_test.go b/agent/connect_ca_endpoint_test.go
index 575250de4cad..f83d7328863c 100644
--- a/agent/connect_ca_endpoint_test.go
+++ b/agent/connect_ca_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/consul/acl.go b/agent/consul/acl.go
index c0107a6aa5a2..84646912a5fd 100644
--- a/agent/consul/acl.go
+++ b/agent/consul/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/acl_authmethod.go b/agent/consul/acl_authmethod.go
index 42f5b6e2404d..217007f2b5ee 100644
--- a/agent/consul/acl_authmethod.go
+++ b/agent/consul/acl_authmethod.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/acl_authmethod_oss.go b/agent/consul/acl_authmethod_oss.go
index 94bf78bd2569..0587d0dc2a63 100644
--- a/agent/consul/acl_authmethod_oss.go
+++ b/agent/consul/acl_authmethod_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/acl_client.go b/agent/consul/acl_client.go
index d133807604bf..e6ff70720cfc 100644
--- a/agent/consul/acl_client.go
+++ b/agent/consul/acl_client.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go
index 7d2d1028cc85..97189bb45d27 100644
--- a/agent/consul/acl_endpoint.go
+++ b/agent/consul/acl_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/acl_endpoint_oss.go b/agent/consul/acl_endpoint_oss.go
index 9d45f0fd7d89..75a6c84ed36e 100644
--- a/agent/consul/acl_endpoint_oss.go
+++ b/agent/consul/acl_endpoint_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go
index 20deb56aa4b0..73f7f6230d67 100644
--- a/agent/consul/acl_endpoint_test.go
+++ b/agent/consul/acl_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/acl_oss.go b/agent/consul/acl_oss.go
index 496b6cb553a4..e99085250fad 100644
--- a/agent/consul/acl_oss.go
+++ b/agent/consul/acl_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/acl_oss_test.go b/agent/consul/acl_oss_test.go
index 69660f9da804..27f55a0efc05 100644
--- a/agent/consul/acl_oss_test.go
+++ b/agent/consul/acl_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/acl_replication.go b/agent/consul/acl_replication.go
index 849e81adf697..79e4e5d7a7d8 100644
--- a/agent/consul/acl_replication.go
+++ b/agent/consul/acl_replication.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/acl_replication_test.go b/agent/consul/acl_replication_test.go
index a81bfca03912..7a8e8efa12cb 100644
--- a/agent/consul/acl_replication_test.go
+++ b/agent/consul/acl_replication_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/acl_replication_types.go b/agent/consul/acl_replication_types.go
index c5aeaaead293..de9e8cf763a0 100644
--- a/agent/consul/acl_replication_types.go
+++ b/agent/consul/acl_replication_types.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/acl_server.go b/agent/consul/acl_server.go
index f91cb7762023..8fe1f45fd098 100644
--- a/agent/consul/acl_server.go
+++ b/agent/consul/acl_server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/acl_server_oss.go b/agent/consul/acl_server_oss.go
index f2de1486a28a..bd7f34e776fc 100644
--- a/agent/consul/acl_server_oss.go
+++ b/agent/consul/acl_server_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/acl_test.go b/agent/consul/acl_test.go
index 386c60e38e39..275316786bbf 100644
--- a/agent/consul/acl_test.go
+++ b/agent/consul/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/acl_token_exp.go b/agent/consul/acl_token_exp.go
index 7f5de395c7a9..06559ce71d56 100644
--- a/agent/consul/acl_token_exp.go
+++ b/agent/consul/acl_token_exp.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/acl_token_exp_test.go b/agent/consul/acl_token_exp_test.go
index 949d54510ba5..031c150dabb0 100644
--- a/agent/consul/acl_token_exp_test.go
+++ b/agent/consul/acl_token_exp_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/auth/binder.go b/agent/consul/auth/binder.go
index 354fedc8f185..aed1e0f371ac 100644
--- a/agent/consul/auth/binder.go
+++ b/agent/consul/auth/binder.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package auth
 
diff --git a/agent/consul/auth/binder_oss.go b/agent/consul/auth/binder_oss.go
index f6fa5e5e841c..19528ffedb17 100644
--- a/agent/consul/auth/binder_oss.go
+++ b/agent/consul/auth/binder_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/auth/binder_test.go b/agent/consul/auth/binder_test.go
index b86d4526dd00..7eedc89afcd8 100644
--- a/agent/consul/auth/binder_test.go
+++ b/agent/consul/auth/binder_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package auth
 
diff --git a/agent/consul/auth/login.go b/agent/consul/auth/login.go
index 9592e5a841d6..7ca1f70d3431 100644
--- a/agent/consul/auth/login.go
+++ b/agent/consul/auth/login.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package auth
 
diff --git a/agent/consul/auth/token_writer.go b/agent/consul/auth/token_writer.go
index 857a2e3d1321..8321b7861022 100644
--- a/agent/consul/auth/token_writer.go
+++ b/agent/consul/auth/token_writer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package auth
 
diff --git a/agent/consul/auth/token_writer_oss.go b/agent/consul/auth/token_writer_oss.go
index b0ad9e833bb0..224eee669ad8 100644
--- a/agent/consul/auth/token_writer_oss.go
+++ b/agent/consul/auth/token_writer_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/auth/token_writer_test.go b/agent/consul/auth/token_writer_test.go
index 51a2b3cc45a8..45cd4c99ce8d 100644
--- a/agent/consul/auth/token_writer_test.go
+++ b/agent/consul/auth/token_writer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package auth
 
diff --git a/agent/consul/authmethod/authmethods.go b/agent/consul/authmethod/authmethods.go
index 946fce927e69..d03e2b410cb4 100644
--- a/agent/consul/authmethod/authmethods.go
+++ b/agent/consul/authmethod/authmethods.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethod
 
diff --git a/agent/consul/authmethod/authmethods_oss.go b/agent/consul/authmethod/authmethods_oss.go
index 0839b4aba5a7..8eb430401a3e 100644
--- a/agent/consul/authmethod/authmethods_oss.go
+++ b/agent/consul/authmethod/authmethods_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/authmethod/awsauth/aws.go b/agent/consul/authmethod/awsauth/aws.go
index d2cd73482cde..3381a893fa5d 100644
--- a/agent/consul/authmethod/awsauth/aws.go
+++ b/agent/consul/authmethod/awsauth/aws.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package awsauth
 
diff --git a/agent/consul/authmethod/awsauth/aws_test.go b/agent/consul/authmethod/awsauth/aws_test.go
index 7a894cc21787..279e4b3e46d4 100644
--- a/agent/consul/authmethod/awsauth/aws_test.go
+++ b/agent/consul/authmethod/awsauth/aws_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package awsauth
 
diff --git a/agent/consul/authmethod/kubeauth/k8s.go b/agent/consul/authmethod/kubeauth/k8s.go
index f71157cbeccb..274dd2ec9d03 100644
--- a/agent/consul/authmethod/kubeauth/k8s.go
+++ b/agent/consul/authmethod/kubeauth/k8s.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package kubeauth
 
diff --git a/agent/consul/authmethod/kubeauth/k8s_oss.go b/agent/consul/authmethod/kubeauth/k8s_oss.go
index b2b7e8a2d871..e8ad4485069d 100644
--- a/agent/consul/authmethod/kubeauth/k8s_oss.go
+++ b/agent/consul/authmethod/kubeauth/k8s_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/authmethod/kubeauth/k8s_test.go b/agent/consul/authmethod/kubeauth/k8s_test.go
index 95decce11597..48ef6e61c483 100644
--- a/agent/consul/authmethod/kubeauth/k8s_test.go
+++ b/agent/consul/authmethod/kubeauth/k8s_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package kubeauth
 
diff --git a/agent/consul/authmethod/kubeauth/testing.go b/agent/consul/authmethod/kubeauth/testing.go
index e5538bb90998..38b7d9c330a3 100644
--- a/agent/consul/authmethod/kubeauth/testing.go
+++ b/agent/consul/authmethod/kubeauth/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package kubeauth
 
diff --git a/agent/consul/authmethod/ssoauth/sso.go b/agent/consul/authmethod/ssoauth/sso.go
index 6215c0eafe71..398f5689799b 100644
--- a/agent/consul/authmethod/ssoauth/sso.go
+++ b/agent/consul/authmethod/ssoauth/sso.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ssoauth
 
diff --git a/agent/consul/authmethod/ssoauth/sso_oss.go b/agent/consul/authmethod/ssoauth/sso_oss.go
index 74e3be3082cc..c8f760049f3d 100644
--- a/agent/consul/authmethod/ssoauth/sso_oss.go
+++ b/agent/consul/authmethod/ssoauth/sso_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/authmethod/ssoauth/sso_test.go b/agent/consul/authmethod/ssoauth/sso_test.go
index 840e37b86fd4..357612fad689 100644
--- a/agent/consul/authmethod/ssoauth/sso_test.go
+++ b/agent/consul/authmethod/ssoauth/sso_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ssoauth
 
diff --git a/agent/consul/authmethod/testauth/testing.go b/agent/consul/authmethod/testauth/testing.go
index 9f6c85ae23d5..ead9ae081a7e 100644
--- a/agent/consul/authmethod/testauth/testing.go
+++ b/agent/consul/authmethod/testauth/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package testauth
 
diff --git a/agent/consul/authmethod/testauth/testing_oss.go b/agent/consul/authmethod/testauth/testing_oss.go
index f4b909b4b812..6f38c0250298 100644
--- a/agent/consul/authmethod/testauth/testing_oss.go
+++ b/agent/consul/authmethod/testauth/testing_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/authmethod/testing.go b/agent/consul/authmethod/testing.go
index 933082a5b429..0f43e5e5201f 100644
--- a/agent/consul/authmethod/testing.go
+++ b/agent/consul/authmethod/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethod
 
diff --git a/agent/consul/auto_config_backend.go b/agent/consul/auto_config_backend.go
index f56e4249bdd7..0aaccfa35d99 100644
--- a/agent/consul/auto_config_backend.go
+++ b/agent/consul/auto_config_backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/auto_config_backend_test.go b/agent/consul/auto_config_backend_test.go
index 6a4a202fceb8..00c0dc10d80d 100644
--- a/agent/consul/auto_config_backend_test.go
+++ b/agent/consul/auto_config_backend_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/auto_config_endpoint.go b/agent/consul/auto_config_endpoint.go
index 808aa63304dc..f491bcbad832 100644
--- a/agent/consul/auto_config_endpoint.go
+++ b/agent/consul/auto_config_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/auto_config_endpoint_test.go b/agent/consul/auto_config_endpoint_test.go
index a3f485ee60c2..39c4f3a7a5ef 100644
--- a/agent/consul/auto_config_endpoint_test.go
+++ b/agent/consul/auto_config_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/auto_encrypt_endpoint.go b/agent/consul/auto_encrypt_endpoint.go
index b893e783215a..dbd39355cfbf 100644
--- a/agent/consul/auto_encrypt_endpoint.go
+++ b/agent/consul/auto_encrypt_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/auto_encrypt_endpoint_test.go b/agent/consul/auto_encrypt_endpoint_test.go
index d8124f9fb362..f3b232011634 100644
--- a/agent/consul/auto_encrypt_endpoint_test.go
+++ b/agent/consul/auto_encrypt_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/autopilot.go b/agent/consul/autopilot.go
index f682ffed6f16..70391f6b9910 100644
--- a/agent/consul/autopilot.go
+++ b/agent/consul/autopilot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/autopilot_oss.go b/agent/consul/autopilot_oss.go
index 92f9b4ccae41..e20b31a626f3 100644
--- a/agent/consul/autopilot_oss.go
+++ b/agent/consul/autopilot_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/autopilot_test.go b/agent/consul/autopilot_test.go
index 4429340eda5a..8d1d214b1710 100644
--- a/agent/consul/autopilot_test.go
+++ b/agent/consul/autopilot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/autopilotevents/ready_servers_events.go b/agent/consul/autopilotevents/ready_servers_events.go
index 404276f3ec2d..16e064aa7905 100644
--- a/agent/consul/autopilotevents/ready_servers_events.go
+++ b/agent/consul/autopilotevents/ready_servers_events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autopilotevents
 
diff --git a/agent/consul/autopilotevents/ready_servers_events_test.go b/agent/consul/autopilotevents/ready_servers_events_test.go
index 994020c290c0..16d78b52e3b5 100644
--- a/agent/consul/autopilotevents/ready_servers_events_test.go
+++ b/agent/consul/autopilotevents/ready_servers_events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autopilotevents
 
diff --git a/agent/consul/catalog_endpoint.go b/agent/consul/catalog_endpoint.go
index 32b8067e5a1f..1f5d6ae0f5e5 100644
--- a/agent/consul/catalog_endpoint.go
+++ b/agent/consul/catalog_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/catalog_endpoint_test.go b/agent/consul/catalog_endpoint_test.go
index 192a3d6d7d27..628ad83ae4db 100644
--- a/agent/consul/catalog_endpoint_test.go
+++ b/agent/consul/catalog_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/client.go b/agent/consul/client.go
index 690797bb082c..fa5f1239e134 100644
--- a/agent/consul/client.go
+++ b/agent/consul/client.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/client_serf.go b/agent/consul/client_serf.go
index 7d68b50395e4..c92fdd1726c3 100644
--- a/agent/consul/client_serf.go
+++ b/agent/consul/client_serf.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/client_test.go b/agent/consul/client_test.go
index 174820c0673a..9683d313041f 100644
--- a/agent/consul/client_test.go
+++ b/agent/consul/client_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/cluster_test.go b/agent/consul/cluster_test.go
index 925d32a61069..7cc266908198 100644
--- a/agent/consul/cluster_test.go
+++ b/agent/consul/cluster_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/config.go b/agent/consul/config.go
index eef4bc4376f4..cdda407c406c 100644
--- a/agent/consul/config.go
+++ b/agent/consul/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/config_cloud.go b/agent/consul/config_cloud.go
index b0780052f668..5b62574c811b 100644
--- a/agent/consul/config_cloud.go
+++ b/agent/consul/config_cloud.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package consul
 
 type CloudConfig struct {
diff --git a/agent/consul/config_endpoint.go b/agent/consul/config_endpoint.go
index 4108eb20b95c..a78859c35058 100644
--- a/agent/consul/config_endpoint.go
+++ b/agent/consul/config_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/config_endpoint_test.go b/agent/consul/config_endpoint_test.go
index 7dc7632fade7..49a10dce2179 100644
--- a/agent/consul/config_endpoint_test.go
+++ b/agent/consul/config_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/config_oss.go b/agent/consul/config_oss.go
index e91d0981e86e..bed1211696bd 100644
--- a/agent/consul/config_oss.go
+++ b/agent/consul/config_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/config_replication.go b/agent/consul/config_replication.go
index 1b9ac0284939..d9573ad58bf9 100644
--- a/agent/consul/config_replication.go
+++ b/agent/consul/config_replication.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/config_replication_test.go b/agent/consul/config_replication_test.go
index a0eb8cf52a6e..41ccf53362d5 100644
--- a/agent/consul/config_replication_test.go
+++ b/agent/consul/config_replication_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/config_test.go b/agent/consul/config_test.go
index e2706e00b406..8e61b8fe9680 100644
--- a/agent/consul/config_test.go
+++ b/agent/consul/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/connect_ca_endpoint.go b/agent/consul/connect_ca_endpoint.go
index 771eae2464b9..180f7ccc47b6 100644
--- a/agent/consul/connect_ca_endpoint.go
+++ b/agent/consul/connect_ca_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/connect_ca_endpoint_test.go b/agent/consul/connect_ca_endpoint_test.go
index 3911db192310..587ed42b5a10 100644
--- a/agent/consul/connect_ca_endpoint_test.go
+++ b/agent/consul/connect_ca_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/context.go b/agent/consul/context.go
index 7de4157d8f40..d85124f74881 100644
--- a/agent/consul/context.go
+++ b/agent/consul/context.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/context_test.go b/agent/consul/context_test.go
index 264dcdd98861..42e6feb74486 100644
--- a/agent/consul/context_test.go
+++ b/agent/consul/context_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/controller/controller.go b/agent/consul/controller/controller.go
index f8d6a50c7f82..1eccb7e7aba0 100644
--- a/agent/consul/controller/controller.go
+++ b/agent/consul/controller/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package controller
 
diff --git a/agent/consul/controller/controller_test.go b/agent/consul/controller/controller_test.go
index 97d110222b3e..1d1002e8abed 100644
--- a/agent/consul/controller/controller_test.go
+++ b/agent/consul/controller/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package controller
 
diff --git a/agent/consul/controller/doc.go b/agent/consul/controller/doc.go
index 638eb5c5d9a2..ba30d95a546f 100644
--- a/agent/consul/controller/doc.go
+++ b/agent/consul/controller/doc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package controller contains a re-implementation of the Kubernetes
 // [controller-runtime](https://github.com/kubernetes-sigs/controller-runtime)
diff --git a/agent/consul/controller/queue/defer.go b/agent/consul/controller/queue/defer.go
index 01666219c291..e9b8a9c3ad75 100644
--- a/agent/consul/controller/queue/defer.go
+++ b/agent/consul/controller/queue/defer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package queue
 
diff --git a/agent/consul/controller/queue/queue.go b/agent/consul/controller/queue/queue.go
index 6d9f0a657125..92c624cc2a73 100644
--- a/agent/consul/controller/queue/queue.go
+++ b/agent/consul/controller/queue/queue.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package queue
 
diff --git a/agent/consul/controller/queue/rate.go b/agent/consul/controller/queue/rate.go
index 471601f85a27..615047fdeb39 100644
--- a/agent/consul/controller/queue/rate.go
+++ b/agent/consul/controller/queue/rate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package queue
 
diff --git a/agent/consul/controller/queue/rate_test.go b/agent/consul/controller/queue/rate_test.go
index 40dc540138e2..166111d5c750 100644
--- a/agent/consul/controller/queue/rate_test.go
+++ b/agent/consul/controller/queue/rate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package queue
 
diff --git a/agent/consul/controller/queue_test.go b/agent/consul/controller/queue_test.go
index 11e1bc82b762..cb6f60982910 100644
--- a/agent/consul/controller/queue_test.go
+++ b/agent/consul/controller/queue_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package controller
 
diff --git a/agent/consul/controller/reconciler.go b/agent/consul/controller/reconciler.go
index dc4222508b57..fa948f81f6e6 100644
--- a/agent/consul/controller/reconciler.go
+++ b/agent/consul/controller/reconciler.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package controller
 
diff --git a/agent/consul/controller/reconciler_test.go b/agent/consul/controller/reconciler_test.go
index 56ae022ea263..c3b8a450b18b 100644
--- a/agent/consul/controller/reconciler_test.go
+++ b/agent/consul/controller/reconciler_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package controller
 
diff --git a/agent/consul/coordinate_endpoint.go b/agent/consul/coordinate_endpoint.go
index 28bf63b0bfd8..f0e69332ee68 100644
--- a/agent/consul/coordinate_endpoint.go
+++ b/agent/consul/coordinate_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/coordinate_endpoint_test.go b/agent/consul/coordinate_endpoint_test.go
index fbb3e13aa76d..1c693ba83bbf 100644
--- a/agent/consul/coordinate_endpoint_test.go
+++ b/agent/consul/coordinate_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/discovery_chain_endpoint.go b/agent/consul/discovery_chain_endpoint.go
index 4d1f9959c96e..c70cebb094e6 100644
--- a/agent/consul/discovery_chain_endpoint.go
+++ b/agent/consul/discovery_chain_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/discovery_chain_endpoint_test.go b/agent/consul/discovery_chain_endpoint_test.go
index b0197f00d493..62d90e9020af 100644
--- a/agent/consul/discovery_chain_endpoint_test.go
+++ b/agent/consul/discovery_chain_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/discoverychain/compile.go b/agent/consul/discoverychain/compile.go
index 20227db3ef19..32a6408be544 100644
--- a/agent/consul/discoverychain/compile.go
+++ b/agent/consul/discoverychain/compile.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/compile_oss.go b/agent/consul/discoverychain/compile_oss.go
index d980c71f38f0..2c280120b501 100644
--- a/agent/consul/discoverychain/compile_oss.go
+++ b/agent/consul/discoverychain/compile_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/discoverychain/compile_test.go b/agent/consul/discoverychain/compile_test.go
index ca39aa236fc9..dda28780431d 100644
--- a/agent/consul/discoverychain/compile_test.go
+++ b/agent/consul/discoverychain/compile_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/gateway.go b/agent/consul/discoverychain/gateway.go
index e43e4b631f61..559d17844f7b 100644
--- a/agent/consul/discoverychain/gateway.go
+++ b/agent/consul/discoverychain/gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/gateway_httproute.go b/agent/consul/discoverychain/gateway_httproute.go
index 84866f271740..100fe980acda 100644
--- a/agent/consul/discoverychain/gateway_httproute.go
+++ b/agent/consul/discoverychain/gateway_httproute.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/gateway_tcproute.go b/agent/consul/discoverychain/gateway_tcproute.go
index 21afef3ec184..910fd517551c 100644
--- a/agent/consul/discoverychain/gateway_tcproute.go
+++ b/agent/consul/discoverychain/gateway_tcproute.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/gateway_test.go b/agent/consul/discoverychain/gateway_test.go
index 42bbed65ebfb..4e56a3925463 100644
--- a/agent/consul/discoverychain/gateway_test.go
+++ b/agent/consul/discoverychain/gateway_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/string_stack.go b/agent/consul/discoverychain/string_stack.go
index e47743a3f386..d5f842f3dc61 100644
--- a/agent/consul/discoverychain/string_stack.go
+++ b/agent/consul/discoverychain/string_stack.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/string_stack_test.go b/agent/consul/discoverychain/string_stack_test.go
index 84f58203d43b..9867b9179520 100644
--- a/agent/consul/discoverychain/string_stack_test.go
+++ b/agent/consul/discoverychain/string_stack_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/testing.go b/agent/consul/discoverychain/testing.go
index 37a3bb4ec116..8992870f9c45 100644
--- a/agent/consul/discoverychain/testing.go
+++ b/agent/consul/discoverychain/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package discoverychain
 
diff --git a/agent/consul/enterprise_client_oss.go b/agent/consul/enterprise_client_oss.go
index 3d432213bd84..b19705f65b7e 100644
--- a/agent/consul/enterprise_client_oss.go
+++ b/agent/consul/enterprise_client_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/enterprise_config_oss.go b/agent/consul/enterprise_config_oss.go
index 15af4ea1603e..d057012af151 100644
--- a/agent/consul/enterprise_config_oss.go
+++ b/agent/consul/enterprise_config_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/enterprise_server_oss.go b/agent/consul/enterprise_server_oss.go
index 836b64e2b32d..9432172a181a 100644
--- a/agent/consul/enterprise_server_oss.go
+++ b/agent/consul/enterprise_server_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/enterprise_server_oss_test.go b/agent/consul/enterprise_server_oss_test.go
index 9bd3eb8c0c9b..bd49bae1b10b 100644
--- a/agent/consul/enterprise_server_oss_test.go
+++ b/agent/consul/enterprise_server_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/federation_state_endpoint.go b/agent/consul/federation_state_endpoint.go
index db842e666d65..4afa481a397b 100644
--- a/agent/consul/federation_state_endpoint.go
+++ b/agent/consul/federation_state_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/federation_state_endpoint_test.go b/agent/consul/federation_state_endpoint_test.go
index 977de1c9c193..2ada2fc17a46 100644
--- a/agent/consul/federation_state_endpoint_test.go
+++ b/agent/consul/federation_state_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/federation_state_replication.go b/agent/consul/federation_state_replication.go
index f56c3c6089c7..2f5a6dd150f3 100644
--- a/agent/consul/federation_state_replication.go
+++ b/agent/consul/federation_state_replication.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/federation_state_replication_test.go b/agent/consul/federation_state_replication_test.go
index 5100e45926a1..97a34b8dc8c1 100644
--- a/agent/consul/federation_state_replication_test.go
+++ b/agent/consul/federation_state_replication_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/filter.go b/agent/consul/filter.go
index 18643463690e..920b8e843676 100644
--- a/agent/consul/filter.go
+++ b/agent/consul/filter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/filter_test.go b/agent/consul/filter_test.go
index d8f6ba54c323..1ca34b0ed072 100644
--- a/agent/consul/filter_test.go
+++ b/agent/consul/filter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/flood.go b/agent/consul/flood.go
index ee7dfbc1dd5e..e01b5ed97eb8 100644
--- a/agent/consul/flood.go
+++ b/agent/consul/flood.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/fsm/commands_oss.go b/agent/consul/fsm/commands_oss.go
index e9f9f66e3361..c5e7fd968238 100644
--- a/agent/consul/fsm/commands_oss.go
+++ b/agent/consul/fsm/commands_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package fsm
 
diff --git a/agent/consul/fsm/commands_oss_test.go b/agent/consul/fsm/commands_oss_test.go
index cea6f05f54f3..445f4c019076 100644
--- a/agent/consul/fsm/commands_oss_test.go
+++ b/agent/consul/fsm/commands_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package fsm
 
diff --git a/agent/consul/fsm/fsm.go b/agent/consul/fsm/fsm.go
index d1ab112e174d..55e66b773809 100644
--- a/agent/consul/fsm/fsm.go
+++ b/agent/consul/fsm/fsm.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package fsm
 
diff --git a/agent/consul/fsm/fsm_test.go b/agent/consul/fsm/fsm_test.go
index aa31615a5aa7..839401014b52 100644
--- a/agent/consul/fsm/fsm_test.go
+++ b/agent/consul/fsm/fsm_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package fsm
 
diff --git a/agent/consul/fsm/log_verification_chunking_shim.go b/agent/consul/fsm/log_verification_chunking_shim.go
index a74b92b5684d..4f40c1820b74 100644
--- a/agent/consul/fsm/log_verification_chunking_shim.go
+++ b/agent/consul/fsm/log_verification_chunking_shim.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package fsm
 
diff --git a/agent/consul/fsm/snapshot.go b/agent/consul/fsm/snapshot.go
index c49cefd3a993..c01d2c9f2dd4 100644
--- a/agent/consul/fsm/snapshot.go
+++ b/agent/consul/fsm/snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package fsm
 
diff --git a/agent/consul/fsm/snapshot_oss.go b/agent/consul/fsm/snapshot_oss.go
index 16e4cc4606ba..1a98c53c0b94 100644
--- a/agent/consul/fsm/snapshot_oss.go
+++ b/agent/consul/fsm/snapshot_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package fsm
 
diff --git a/agent/consul/fsm/snapshot_oss_test.go b/agent/consul/fsm/snapshot_oss_test.go
index 76404f62f600..4229941177ff 100644
--- a/agent/consul/fsm/snapshot_oss_test.go
+++ b/agent/consul/fsm/snapshot_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/fsm/snapshot_test.go b/agent/consul/fsm/snapshot_test.go
index d95865b92cb3..71372f9f86b8 100644
--- a/agent/consul/fsm/snapshot_test.go
+++ b/agent/consul/fsm/snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package fsm
 
diff --git a/agent/consul/gateway_locator.go b/agent/consul/gateway_locator.go
index 8f8ca29fbb46..6503ca0c979d 100644
--- a/agent/consul/gateway_locator.go
+++ b/agent/consul/gateway_locator.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/gateway_locator_test.go b/agent/consul/gateway_locator_test.go
index f9b1daf26d82..a3e9da3d6900 100644
--- a/agent/consul/gateway_locator_test.go
+++ b/agent/consul/gateway_locator_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/gateways/controller_gateways.go b/agent/consul/gateways/controller_gateways.go
index cf4f25aa5d46..fe8ddbcedc6f 100644
--- a/agent/consul/gateways/controller_gateways.go
+++ b/agent/consul/gateways/controller_gateways.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package gateways
 
diff --git a/agent/consul/gateways/controller_gateways_test.go b/agent/consul/gateways/controller_gateways_test.go
index 07d85357acdc..7877ab357ed9 100644
--- a/agent/consul/gateways/controller_gateways_test.go
+++ b/agent/consul/gateways/controller_gateways_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package gateways
 
diff --git a/agent/consul/grpc_integration_test.go b/agent/consul/grpc_integration_test.go
index 678403a45040..6ae49e09fa3a 100644
--- a/agent/consul/grpc_integration_test.go
+++ b/agent/consul/grpc_integration_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/health_endpoint.go b/agent/consul/health_endpoint.go
index c1286cce172f..d26bbcd3b6f2 100644
--- a/agent/consul/health_endpoint.go
+++ b/agent/consul/health_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/health_endpoint_test.go b/agent/consul/health_endpoint_test.go
index 21a83ea90db2..b47159c22942 100644
--- a/agent/consul/health_endpoint_test.go
+++ b/agent/consul/health_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/helper_test.go b/agent/consul/helper_test.go
index 0619004c546e..d21523b8fecf 100644
--- a/agent/consul/helper_test.go
+++ b/agent/consul/helper_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/intention_endpoint.go b/agent/consul/intention_endpoint.go
index b00ebfbb46f0..a3e4ad678b1d 100644
--- a/agent/consul/intention_endpoint.go
+++ b/agent/consul/intention_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/intention_endpoint_test.go b/agent/consul/intention_endpoint_test.go
index fb7dcaebf573..d7e469b80326 100644
--- a/agent/consul/intention_endpoint_test.go
+++ b/agent/consul/intention_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/internal_endpoint.go b/agent/consul/internal_endpoint.go
index 16dab8c22f87..1a8a0fca3028 100644
--- a/agent/consul/internal_endpoint.go
+++ b/agent/consul/internal_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go
index d7da66244336..3f853df7ceb2 100644
--- a/agent/consul/internal_endpoint_test.go
+++ b/agent/consul/internal_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/issue_test.go b/agent/consul/issue_test.go
index 14928a9db99d..17624400fe3f 100644
--- a/agent/consul/issue_test.go
+++ b/agent/consul/issue_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/kvs_endpoint.go b/agent/consul/kvs_endpoint.go
index 183f95f7f8bf..65dc2cd56d40 100644
--- a/agent/consul/kvs_endpoint.go
+++ b/agent/consul/kvs_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/kvs_endpoint_test.go b/agent/consul/kvs_endpoint_test.go
index ca9960f4b6e4..dc4272c4bd55 100644
--- a/agent/consul/kvs_endpoint_test.go
+++ b/agent/consul/kvs_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader.go b/agent/consul/leader.go
index 17408d4ef441..fcbf794541f3 100644
--- a/agent/consul/leader.go
+++ b/agent/consul/leader.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_connect.go b/agent/consul/leader_connect.go
index f872508bbcf9..794820786f57 100644
--- a/agent/consul/leader_connect.go
+++ b/agent/consul/leader_connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go
index 717c9ff0b254..00b371202842 100644
--- a/agent/consul/leader_connect_ca.go
+++ b/agent/consul/leader_connect_ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_connect_ca_test.go b/agent/consul/leader_connect_ca_test.go
index e1c2cf8506c2..42dcdd447d49 100644
--- a/agent/consul/leader_connect_ca_test.go
+++ b/agent/consul/leader_connect_ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_connect_test.go b/agent/consul/leader_connect_test.go
index 539226b297d3..d9150c3a4545 100644
--- a/agent/consul/leader_connect_test.go
+++ b/agent/consul/leader_connect_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_federation_state_ae.go b/agent/consul/leader_federation_state_ae.go
index fa46bea770b3..870dc5460e2b 100644
--- a/agent/consul/leader_federation_state_ae.go
+++ b/agent/consul/leader_federation_state_ae.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_federation_state_ae_test.go b/agent/consul/leader_federation_state_ae_test.go
index ef3333da31da..ca5ac47b7a97 100644
--- a/agent/consul/leader_federation_state_ae_test.go
+++ b/agent/consul/leader_federation_state_ae_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_intentions.go b/agent/consul/leader_intentions.go
index cf0844d3ff5c..52736838aec8 100644
--- a/agent/consul/leader_intentions.go
+++ b/agent/consul/leader_intentions.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_intentions_oss.go b/agent/consul/leader_intentions_oss.go
index 76970f397558..c22e6a194044 100644
--- a/agent/consul/leader_intentions_oss.go
+++ b/agent/consul/leader_intentions_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/leader_intentions_oss_test.go b/agent/consul/leader_intentions_oss_test.go
index 7d144fb2e98e..3e689d40a806 100644
--- a/agent/consul/leader_intentions_oss_test.go
+++ b/agent/consul/leader_intentions_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/leader_intentions_test.go b/agent/consul/leader_intentions_test.go
index 2de1b97dd7e1..fc868bc747fc 100644
--- a/agent/consul/leader_intentions_test.go
+++ b/agent/consul/leader_intentions_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_log_verification.go b/agent/consul/leader_log_verification.go
index ef32ce17904e..32a23dd3f5c0 100644
--- a/agent/consul/leader_log_verification.go
+++ b/agent/consul/leader_log_verification.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_metrics.go b/agent/consul/leader_metrics.go
index 188e409e3bbd..e210b2ffd933 100644
--- a/agent/consul/leader_metrics.go
+++ b/agent/consul/leader_metrics.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_metrics_test.go b/agent/consul/leader_metrics_test.go
index 96e7a0d75d97..e3636e1bcf8c 100644
--- a/agent/consul/leader_metrics_test.go
+++ b/agent/consul/leader_metrics_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_oss_test.go b/agent/consul/leader_oss_test.go
index 7ff6f64ee193..9e5e2d34ffdd 100644
--- a/agent/consul/leader_oss_test.go
+++ b/agent/consul/leader_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/leader_peering.go b/agent/consul/leader_peering.go
index 32f220164b64..0f58ed08f491 100644
--- a/agent/consul/leader_peering.go
+++ b/agent/consul/leader_peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_peering_test.go b/agent/consul/leader_peering_test.go
index 0787115ca70a..8db496273d28 100644
--- a/agent/consul/leader_peering_test.go
+++ b/agent/consul/leader_peering_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/leader_test.go b/agent/consul/leader_test.go
index 8a5a158ce34a..6cd30f38c987 100644
--- a/agent/consul/leader_test.go
+++ b/agent/consul/leader_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/logging.go b/agent/consul/logging.go
index da07daa8febf..cfafe62b0d31 100644
--- a/agent/consul/logging.go
+++ b/agent/consul/logging.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/logging_test.go b/agent/consul/logging_test.go
index 7f090992a7a2..3b756c0bb622 100644
--- a/agent/consul/logging_test.go
+++ b/agent/consul/logging_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/merge.go b/agent/consul/merge.go
index 21b59f1aa92d..f6771d110f0c 100644
--- a/agent/consul/merge.go
+++ b/agent/consul/merge.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/merge_oss.go b/agent/consul/merge_oss.go
index 59704f653320..83e8f5343d4c 100644
--- a/agent/consul/merge_oss.go
+++ b/agent/consul/merge_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/merge_oss_test.go b/agent/consul/merge_oss_test.go
index aef74f7ba361..dcb82f718190 100644
--- a/agent/consul/merge_oss_test.go
+++ b/agent/consul/merge_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/merge_test.go b/agent/consul/merge_test.go
index f5f5c6d88ff1..bc9d1f2cb4da 100644
--- a/agent/consul/merge_test.go
+++ b/agent/consul/merge_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/multilimiter/multilimiter.go b/agent/consul/multilimiter/multilimiter.go
index f40e6c501abe..a0b9a6044f0d 100644
--- a/agent/consul/multilimiter/multilimiter.go
+++ b/agent/consul/multilimiter/multilimiter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package multilimiter
 
diff --git a/agent/consul/multilimiter/multilimiter_test.go b/agent/consul/multilimiter/multilimiter_test.go
index b649bdb6c9c9..e7cdab4e1482 100644
--- a/agent/consul/multilimiter/multilimiter_test.go
+++ b/agent/consul/multilimiter/multilimiter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package multilimiter
 
diff --git a/agent/consul/operator_autopilot_endpoint.go b/agent/consul/operator_autopilot_endpoint.go
index b6ef7d38e656..39bd5b648ddb 100644
--- a/agent/consul/operator_autopilot_endpoint.go
+++ b/agent/consul/operator_autopilot_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/operator_autopilot_endpoint_test.go b/agent/consul/operator_autopilot_endpoint_test.go
index c9258e9aa270..4cef3f0960d4 100644
--- a/agent/consul/operator_autopilot_endpoint_test.go
+++ b/agent/consul/operator_autopilot_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/operator_backend.go b/agent/consul/operator_backend.go
index a72128735ab3..136baa1a22ab 100644
--- a/agent/consul/operator_backend.go
+++ b/agent/consul/operator_backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/operator_backend_test.go b/agent/consul/operator_backend_test.go
index 2189fe00630c..0a4650359ec1 100644
--- a/agent/consul/operator_backend_test.go
+++ b/agent/consul/operator_backend_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/operator_endpoint.go b/agent/consul/operator_endpoint.go
index 33e73e6ee1df..67259c9408a9 100644
--- a/agent/consul/operator_endpoint.go
+++ b/agent/consul/operator_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/operator_raft_endpoint.go b/agent/consul/operator_raft_endpoint.go
index 7b0bcbc5cc03..b8a16fc2c3ec 100644
--- a/agent/consul/operator_raft_endpoint.go
+++ b/agent/consul/operator_raft_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/operator_raft_endpoint_test.go b/agent/consul/operator_raft_endpoint_test.go
index 7242c40e6c45..bb2dc88fc89e 100644
--- a/agent/consul/operator_raft_endpoint_test.go
+++ b/agent/consul/operator_raft_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/operator_usage_endpoint.go b/agent/consul/operator_usage_endpoint.go
index d23815b147c7..68f3137d0a61 100644
--- a/agent/consul/operator_usage_endpoint.go
+++ b/agent/consul/operator_usage_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/options.go b/agent/consul/options.go
index 4b1d088249cc..fa2781b83d09 100644
--- a/agent/consul/options.go
+++ b/agent/consul/options.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/options_oss.go b/agent/consul/options_oss.go
index 7604ddd87f92..0b4d04a66a74 100644
--- a/agent/consul/options_oss.go
+++ b/agent/consul/options_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/peering_backend.go b/agent/consul/peering_backend.go
index 1771be10fbaa..5a27bc6442a1 100644
--- a/agent/consul/peering_backend.go
+++ b/agent/consul/peering_backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/peering_backend_oss.go b/agent/consul/peering_backend_oss.go
index 81a133b3425a..7b00e1907b69 100644
--- a/agent/consul/peering_backend_oss.go
+++ b/agent/consul/peering_backend_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/peering_backend_oss_test.go b/agent/consul/peering_backend_oss_test.go
index 410bf5f23427..a8eae8f067de 100644
--- a/agent/consul/peering_backend_oss_test.go
+++ b/agent/consul/peering_backend_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/peering_backend_test.go b/agent/consul/peering_backend_test.go
index 648052b7a15f..adfe6fe228f9 100644
--- a/agent/consul/peering_backend_test.go
+++ b/agent/consul/peering_backend_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/prepared_query/template.go b/agent/consul/prepared_query/template.go
index ef2e2abd4cae..03cf9d2f5850 100644
--- a/agent/consul/prepared_query/template.go
+++ b/agent/consul/prepared_query/template.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package prepared_query
 
diff --git a/agent/consul/prepared_query/template_test.go b/agent/consul/prepared_query/template_test.go
index d4f78402140d..7c9b2f1a3af2 100644
--- a/agent/consul/prepared_query/template_test.go
+++ b/agent/consul/prepared_query/template_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package prepared_query
 
diff --git a/agent/consul/prepared_query/walk.go b/agent/consul/prepared_query/walk.go
index da53ce105b5f..72296c0c7fe6 100644
--- a/agent/consul/prepared_query/walk.go
+++ b/agent/consul/prepared_query/walk.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package prepared_query
 
diff --git a/agent/consul/prepared_query/walk_oss_test.go b/agent/consul/prepared_query/walk_oss_test.go
index dec84b241b0a..8d19b951c5bf 100644
--- a/agent/consul/prepared_query/walk_oss_test.go
+++ b/agent/consul/prepared_query/walk_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/prepared_query/walk_test.go b/agent/consul/prepared_query/walk_test.go
index 9ff380248bd2..b788571e4af5 100644
--- a/agent/consul/prepared_query/walk_test.go
+++ b/agent/consul/prepared_query/walk_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package prepared_query
 
diff --git a/agent/consul/prepared_query_endpoint.go b/agent/consul/prepared_query_endpoint.go
index 101839708ea2..139556bb1af8 100644
--- a/agent/consul/prepared_query_endpoint.go
+++ b/agent/consul/prepared_query_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/prepared_query_endpoint_oss.go b/agent/consul/prepared_query_endpoint_oss.go
index 612b81b2e688..4f7087806cfe 100644
--- a/agent/consul/prepared_query_endpoint_oss.go
+++ b/agent/consul/prepared_query_endpoint_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/prepared_query_endpoint_oss_test.go b/agent/consul/prepared_query_endpoint_oss_test.go
index ee96a7b2671a..10ecbb551d80 100644
--- a/agent/consul/prepared_query_endpoint_oss_test.go
+++ b/agent/consul/prepared_query_endpoint_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/prepared_query_endpoint_test.go b/agent/consul/prepared_query_endpoint_test.go
index f8dae39b0a5e..f0d63dc277c1 100644
--- a/agent/consul/prepared_query_endpoint_test.go
+++ b/agent/consul/prepared_query_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/raft_handle.go b/agent/consul/raft_handle.go
index bf38f0ee9e76..2906fe7115f1 100644
--- a/agent/consul/raft_handle.go
+++ b/agent/consul/raft_handle.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/raft_rpc.go b/agent/consul/raft_rpc.go
index 7928ad31e2b9..1a0d6caa64d4 100644
--- a/agent/consul/raft_rpc.go
+++ b/agent/consul/raft_rpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/rate/handler.go b/agent/consul/rate/handler.go
index c18ec85eddc8..bb3aef63931d 100644
--- a/agent/consul/rate/handler.go
+++ b/agent/consul/rate/handler.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package rate implements server-side RPC rate limiting.
 package rate
diff --git a/agent/consul/rate/handler_oss.go b/agent/consul/rate/handler_oss.go
index fc33a69487f8..b9ec451869a3 100644
--- a/agent/consul/rate/handler_oss.go
+++ b/agent/consul/rate/handler_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/rate/handler_test.go b/agent/consul/rate/handler_test.go
index 54a8b86a4b98..268568ce9599 100644
--- a/agent/consul/rate/handler_test.go
+++ b/agent/consul/rate/handler_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package rate
 
diff --git a/agent/consul/rate/metrics.go b/agent/consul/rate/metrics.go
index cbf796fa935c..ac69c1466177 100644
--- a/agent/consul/rate/metrics.go
+++ b/agent/consul/rate/metrics.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package rate
 
diff --git a/agent/consul/replication.go b/agent/consul/replication.go
index 0d85d082653c..08b8811129be 100644
--- a/agent/consul/replication.go
+++ b/agent/consul/replication.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/replication_test.go b/agent/consul/replication_test.go
index e37e19b1f293..27000fc563b7 100644
--- a/agent/consul/replication_test.go
+++ b/agent/consul/replication_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/reporting/reporting.go b/agent/consul/reporting/reporting.go
index fec7050f695b..d6c480f6bace 100644
--- a/agent/consul/reporting/reporting.go
+++ b/agent/consul/reporting/reporting.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package reporting
 
diff --git a/agent/consul/reporting/reporting_oss.go b/agent/consul/reporting/reporting_oss.go
index a1e95a177416..669ca264afdc 100644
--- a/agent/consul/reporting/reporting_oss.go
+++ b/agent/consul/reporting/reporting_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/rpc.go b/agent/consul/rpc.go
index f97a5ff88674..dbb781951e34 100644
--- a/agent/consul/rpc.go
+++ b/agent/consul/rpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/rpc_test.go b/agent/consul/rpc_test.go
index f1b05fa52828..39351c98ca92 100644
--- a/agent/consul/rpc_test.go
+++ b/agent/consul/rpc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/rtt.go b/agent/consul/rtt.go
index 5db0a634b435..1599301e158d 100644
--- a/agent/consul/rtt.go
+++ b/agent/consul/rtt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/rtt_test.go b/agent/consul/rtt_test.go
index 9420f36c8365..aeed0b66f50d 100644
--- a/agent/consul/rtt_test.go
+++ b/agent/consul/rtt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/segment_oss.go b/agent/consul/segment_oss.go
index 9dfd7a53fd7e..310835a23462 100644
--- a/agent/consul/segment_oss.go
+++ b/agent/consul/segment_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/serf_filter.go b/agent/consul/serf_filter.go
index fd6911bf0ab8..7b09c2b9e802 100644
--- a/agent/consul/serf_filter.go
+++ b/agent/consul/serf_filter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/serf_test.go b/agent/consul/serf_test.go
index 62cc6d0a0ba3..4d4bc4926a46 100644
--- a/agent/consul/serf_test.go
+++ b/agent/consul/serf_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server.go b/agent/consul/server.go
index fba8e8cfd919..4346bb613138 100644
--- a/agent/consul/server.go
+++ b/agent/consul/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server_connect.go b/agent/consul/server_connect.go
index 496d059cb494..d76e4fc8c425 100644
--- a/agent/consul/server_connect.go
+++ b/agent/consul/server_connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server_log_verification.go b/agent/consul/server_log_verification.go
index 5646e7876098..2bde7dbc81b4 100644
--- a/agent/consul/server_log_verification.go
+++ b/agent/consul/server_log_verification.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server_lookup.go b/agent/consul/server_lookup.go
index e1952d671d07..60b9c076bf14 100644
--- a/agent/consul/server_lookup.go
+++ b/agent/consul/server_lookup.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server_lookup_test.go b/agent/consul/server_lookup_test.go
index 5d3d3d4e0e42..52e3605de719 100644
--- a/agent/consul/server_lookup_test.go
+++ b/agent/consul/server_lookup_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server_metadata.go b/agent/consul/server_metadata.go
index 742391e0b6a1..03e4751a290c 100644
--- a/agent/consul/server_metadata.go
+++ b/agent/consul/server_metadata.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server_metadata_test.go b/agent/consul/server_metadata_test.go
index d091bfdf3630..bf993bc1be57 100644
--- a/agent/consul/server_metadata_test.go
+++ b/agent/consul/server_metadata_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server_oss.go b/agent/consul/server_oss.go
index e31539efb459..4c3dd838e07b 100644
--- a/agent/consul/server_oss.go
+++ b/agent/consul/server_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/server_oss_test.go b/agent/consul/server_oss_test.go
index c1760589a9e1..472560f2b925 100644
--- a/agent/consul/server_oss_test.go
+++ b/agent/consul/server_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/server_overview.go b/agent/consul/server_overview.go
index 62bdb3440612..a94749d53498 100644
--- a/agent/consul/server_overview.go
+++ b/agent/consul/server_overview.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server_overview_test.go b/agent/consul/server_overview_test.go
index ebb930a1e2bf..7780b5ce8396 100644
--- a/agent/consul/server_overview_test.go
+++ b/agent/consul/server_overview_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server_register.go b/agent/consul/server_register.go
index 61f1daefc7df..90d95f061956 100644
--- a/agent/consul/server_register.go
+++ b/agent/consul/server_register.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server_serf.go b/agent/consul/server_serf.go
index 1dc6c25b1cce..aea50aa6dd19 100644
--- a/agent/consul/server_serf.go
+++ b/agent/consul/server_serf.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go
index ebff789b14a5..1ad333c61321 100644
--- a/agent/consul/server_test.go
+++ b/agent/consul/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/servercert/manager.go b/agent/consul/servercert/manager.go
index 75c2a4f27608..664753439477 100644
--- a/agent/consul/servercert/manager.go
+++ b/agent/consul/servercert/manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package servercert
 
diff --git a/agent/consul/servercert/manager_test.go b/agent/consul/servercert/manager_test.go
index dfadfe4b953f..e9cc0c81c58c 100644
--- a/agent/consul/servercert/manager_test.go
+++ b/agent/consul/servercert/manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package servercert
 
diff --git a/agent/consul/session_endpoint.go b/agent/consul/session_endpoint.go
index 6e41138f983c..f2f8ab774023 100644
--- a/agent/consul/session_endpoint.go
+++ b/agent/consul/session_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/session_endpoint_test.go b/agent/consul/session_endpoint_test.go
index ae04d2658f9a..408cd7b058c5 100644
--- a/agent/consul/session_endpoint_test.go
+++ b/agent/consul/session_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/session_timers.go b/agent/consul/session_timers.go
index b4c1b425cb26..f1c62b08a819 100644
--- a/agent/consul/session_timers.go
+++ b/agent/consul/session_timers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/session_timers_test.go b/agent/consul/session_timers_test.go
index d44ed2b366fe..f944cc76745d 100644
--- a/agent/consul/session_timers_test.go
+++ b/agent/consul/session_timers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/session_ttl.go b/agent/consul/session_ttl.go
index 7866ec8fed19..8f5440e14dff 100644
--- a/agent/consul/session_ttl.go
+++ b/agent/consul/session_ttl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/session_ttl_test.go b/agent/consul/session_ttl_test.go
index 5cd720f3f893..e552f0ff6cdf 100644
--- a/agent/consul/session_ttl_test.go
+++ b/agent/consul/session_ttl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/snapshot_endpoint.go b/agent/consul/snapshot_endpoint.go
index 7e5f21113aeb..c9a6e9ace47c 100644
--- a/agent/consul/snapshot_endpoint.go
+++ b/agent/consul/snapshot_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // The snapshot endpoint is a special non-RPC endpoint that supports streaming
 // for taking and restoring snapshots for disaster recovery. This gets wired
diff --git a/agent/consul/snapshot_endpoint_test.go b/agent/consul/snapshot_endpoint_test.go
index f401bb72e38d..40bede914974 100644
--- a/agent/consul/snapshot_endpoint_test.go
+++ b/agent/consul/snapshot_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go
index 22c8a6164e42..f82b671b18b6 100644
--- a/agent/consul/state/acl.go
+++ b/agent/consul/state/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/acl_events.go b/agent/consul/state/acl_events.go
index 3767d2d2d154..d00062c23bac 100644
--- a/agent/consul/state/acl_events.go
+++ b/agent/consul/state/acl_events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/acl_events_test.go b/agent/consul/state/acl_events_test.go
index 303d54a25be1..3c6e3fdfab17 100644
--- a/agent/consul/state/acl_events_test.go
+++ b/agent/consul/state/acl_events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/acl_oss.go b/agent/consul/state/acl_oss.go
index 62bf5c1dc8fa..ee0a8eb5ee64 100644
--- a/agent/consul/state/acl_oss.go
+++ b/agent/consul/state/acl_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/acl_oss_test.go b/agent/consul/state/acl_oss_test.go
index 4d3bcdcfc00b..38cf2ebcda1f 100644
--- a/agent/consul/state/acl_oss_test.go
+++ b/agent/consul/state/acl_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/acl_schema.go b/agent/consul/state/acl_schema.go
index b4e7fc6dcd90..cdee3ed9fff4 100644
--- a/agent/consul/state/acl_schema.go
+++ b/agent/consul/state/acl_schema.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/acl_test.go b/agent/consul/state/acl_test.go
index 4bf42954dd20..330c0689aafc 100644
--- a/agent/consul/state/acl_test.go
+++ b/agent/consul/state/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/autopilot.go b/agent/consul/state/autopilot.go
index 472ce4bfc31c..608f08f5215c 100644
--- a/agent/consul/state/autopilot.go
+++ b/agent/consul/state/autopilot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/autopilot_test.go b/agent/consul/state/autopilot_test.go
index f26163bc4ec1..a2877e2df5ff 100644
--- a/agent/consul/state/autopilot_test.go
+++ b/agent/consul/state/autopilot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go
index 07e965d6b25c..f5007a893fd6 100644
--- a/agent/consul/state/catalog.go
+++ b/agent/consul/state/catalog.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/catalog_events.go b/agent/consul/state/catalog_events.go
index 6be12ec2a3ce..7b2057c6f43a 100644
--- a/agent/consul/state/catalog_events.go
+++ b/agent/consul/state/catalog_events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/catalog_events_oss.go b/agent/consul/state/catalog_events_oss.go
index 72e3993b5d56..25e9dc149b1a 100644
--- a/agent/consul/state/catalog_events_oss.go
+++ b/agent/consul/state/catalog_events_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/catalog_events_oss_test.go b/agent/consul/state/catalog_events_oss_test.go
index 91b4a6ab5652..e28d323b842b 100644
--- a/agent/consul/state/catalog_events_oss_test.go
+++ b/agent/consul/state/catalog_events_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/catalog_events_test.go b/agent/consul/state/catalog_events_test.go
index 46e0b269617f..94406e34f9ae 100644
--- a/agent/consul/state/catalog_events_test.go
+++ b/agent/consul/state/catalog_events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/catalog_oss.go b/agent/consul/state/catalog_oss.go
index 78acf8797b54..4107f5dbcd65 100644
--- a/agent/consul/state/catalog_oss.go
+++ b/agent/consul/state/catalog_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/catalog_oss_test.go b/agent/consul/state/catalog_oss_test.go
index e8c71812f860..f0ad6ffbc928 100644
--- a/agent/consul/state/catalog_oss_test.go
+++ b/agent/consul/state/catalog_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/catalog_schema.deepcopy.go b/agent/consul/state/catalog_schema.deepcopy.go
index 406a7fdce796..af4d430d2f97 100644
--- a/agent/consul/state/catalog_schema.deepcopy.go
+++ b/agent/consul/state/catalog_schema.deepcopy.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 // generated by deep-copy -pointer-receiver -o ./catalog_schema.deepcopy.go -type upstreamDownstream ./; DO NOT EDIT.
 
 package state
diff --git a/agent/consul/state/catalog_schema.go b/agent/consul/state/catalog_schema.go
index 8702cc2e0cf5..b8da7c099936 100644
--- a/agent/consul/state/catalog_schema.go
+++ b/agent/consul/state/catalog_schema.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/catalog_test.go b/agent/consul/state/catalog_test.go
index e6b279580b03..6fc79a5a7c0f 100644
--- a/agent/consul/state/catalog_test.go
+++ b/agent/consul/state/catalog_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/config_entry.go b/agent/consul/state/config_entry.go
index 9abaafc390d3..b298b6122080 100644
--- a/agent/consul/state/config_entry.go
+++ b/agent/consul/state/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/config_entry_events.go b/agent/consul/state/config_entry_events.go
index 5681362dbe16..c6c19fce3453 100644
--- a/agent/consul/state/config_entry_events.go
+++ b/agent/consul/state/config_entry_events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/config_entry_events_test.go b/agent/consul/state/config_entry_events_test.go
index 1ee92770bc65..e8ceb10f65d8 100644
--- a/agent/consul/state/config_entry_events_test.go
+++ b/agent/consul/state/config_entry_events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/config_entry_exported_services.go b/agent/consul/state/config_entry_exported_services.go
index b758adc09eaf..7534613ae137 100644
--- a/agent/consul/state/config_entry_exported_services.go
+++ b/agent/consul/state/config_entry_exported_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/config_entry_exported_services_oss.go b/agent/consul/state/config_entry_exported_services_oss.go
index 9dfc4751d2d6..0dfbf95ecf05 100644
--- a/agent/consul/state/config_entry_exported_services_oss.go
+++ b/agent/consul/state/config_entry_exported_services_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_intention.go b/agent/consul/state/config_entry_intention.go
index ef595e00ff9c..1999c5d6116c 100644
--- a/agent/consul/state/config_entry_intention.go
+++ b/agent/consul/state/config_entry_intention.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/config_entry_intention_oss.go b/agent/consul/state/config_entry_intention_oss.go
index 6d479f9ad6bf..b0eb69b355f9 100644
--- a/agent/consul/state/config_entry_intention_oss.go
+++ b/agent/consul/state/config_entry_intention_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_oss.go b/agent/consul/state/config_entry_oss.go
index 35b77972add3..cbf194e16d24 100644
--- a/agent/consul/state/config_entry_oss.go
+++ b/agent/consul/state/config_entry_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_oss_test.go b/agent/consul/state/config_entry_oss_test.go
index 02fb3be78a2c..736ede4e54fe 100644
--- a/agent/consul/state/config_entry_oss_test.go
+++ b/agent/consul/state/config_entry_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_sameness_group.go b/agent/consul/state/config_entry_sameness_group.go
index 7f02787b6553..d8308008dfbb 100644
--- a/agent/consul/state/config_entry_sameness_group.go
+++ b/agent/consul/state/config_entry_sameness_group.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package state
 
 import (
diff --git a/agent/consul/state/config_entry_sameness_group_oss.go b/agent/consul/state/config_entry_sameness_group_oss.go
index d1e4bdd61ea7..5eb39760b0c9 100644
--- a/agent/consul/state/config_entry_sameness_group_oss.go
+++ b/agent/consul/state/config_entry_sameness_group_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_sameness_group_oss_test.go b/agent/consul/state/config_entry_sameness_group_oss_test.go
index ce4aeb8394f8..6397e90699d0 100644
--- a/agent/consul/state/config_entry_sameness_group_oss_test.go
+++ b/agent/consul/state/config_entry_sameness_group_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_schema.go b/agent/consul/state/config_entry_schema.go
index e420d657cae8..c66241525296 100644
--- a/agent/consul/state/config_entry_schema.go
+++ b/agent/consul/state/config_entry_schema.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/config_entry_test.go b/agent/consul/state/config_entry_test.go
index d72f12c87689..af9dc0997156 100644
--- a/agent/consul/state/config_entry_test.go
+++ b/agent/consul/state/config_entry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/connect_ca.go b/agent/consul/state/connect_ca.go
index 99e99637b6aa..4b1eeeab783d 100644
--- a/agent/consul/state/connect_ca.go
+++ b/agent/consul/state/connect_ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/connect_ca_events.go b/agent/consul/state/connect_ca_events.go
index 554a867dcd59..a285b9d07cb7 100644
--- a/agent/consul/state/connect_ca_events.go
+++ b/agent/consul/state/connect_ca_events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/connect_ca_events_test.go b/agent/consul/state/connect_ca_events_test.go
index bf13eefcb937..79df8df5be87 100644
--- a/agent/consul/state/connect_ca_events_test.go
+++ b/agent/consul/state/connect_ca_events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/connect_ca_test.go b/agent/consul/state/connect_ca_test.go
index 124392cf1a43..2a49723d65cb 100644
--- a/agent/consul/state/connect_ca_test.go
+++ b/agent/consul/state/connect_ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/coordinate.go b/agent/consul/state/coordinate.go
index f2eb7b30425e..bcd71e5a0f08 100644
--- a/agent/consul/state/coordinate.go
+++ b/agent/consul/state/coordinate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/coordinate_oss.go b/agent/consul/state/coordinate_oss.go
index 17956e964eee..05568e40b09d 100644
--- a/agent/consul/state/coordinate_oss.go
+++ b/agent/consul/state/coordinate_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/coordinate_oss_test.go b/agent/consul/state/coordinate_oss_test.go
index a4608245060e..520f8b5d83f1 100644
--- a/agent/consul/state/coordinate_oss_test.go
+++ b/agent/consul/state/coordinate_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/coordinate_test.go b/agent/consul/state/coordinate_test.go
index 0fe582eab5aa..dad0ce3e32ec 100644
--- a/agent/consul/state/coordinate_test.go
+++ b/agent/consul/state/coordinate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/deep-copy.sh b/agent/consul/state/deep-copy.sh
index d976d921f3c8..809e20432b62 100755
--- a/agent/consul/state/deep-copy.sh
+++ b/agent/consul/state/deep-copy.sh
@@ -1,4 +1,7 @@
 #!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 
 readonly PACKAGE_DIR="$(dirname "${BASH_SOURCE[0]}")"
 cd $PACKAGE_DIR
diff --git a/agent/consul/state/delay_oss.go b/agent/consul/state/delay_oss.go
index a2471ae63624..ca55c465fd9f 100644
--- a/agent/consul/state/delay_oss.go
+++ b/agent/consul/state/delay_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/delay_test.go b/agent/consul/state/delay_test.go
index 40f1842efd67..6a2d0fa80c2d 100644
--- a/agent/consul/state/delay_test.go
+++ b/agent/consul/state/delay_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/events.go b/agent/consul/state/events.go
index 666dc60035d1..0d4f4eb4fe40 100644
--- a/agent/consul/state/events.go
+++ b/agent/consul/state/events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/events_test.go b/agent/consul/state/events_test.go
index 3da9a26549b2..c2a4ad399d64 100644
--- a/agent/consul/state/events_test.go
+++ b/agent/consul/state/events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/federation_state.go b/agent/consul/state/federation_state.go
index 556caa4b4854..a02a38ed3b53 100644
--- a/agent/consul/state/federation_state.go
+++ b/agent/consul/state/federation_state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/graveyard.go b/agent/consul/state/graveyard.go
index 5b6a95dafbaa..45398584356c 100644
--- a/agent/consul/state/graveyard.go
+++ b/agent/consul/state/graveyard.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/graveyard_oss.go b/agent/consul/state/graveyard_oss.go
index 963ed6632e5b..b02659b74c3f 100644
--- a/agent/consul/state/graveyard_oss.go
+++ b/agent/consul/state/graveyard_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/graveyard_test.go b/agent/consul/state/graveyard_test.go
index af50673e9e74..66aaaf92fb14 100644
--- a/agent/consul/state/graveyard_test.go
+++ b/agent/consul/state/graveyard_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/index_connect_test.go b/agent/consul/state/index_connect_test.go
index a598fab68ac4..7b5404b5b2a8 100644
--- a/agent/consul/state/index_connect_test.go
+++ b/agent/consul/state/index_connect_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/indexer.go b/agent/consul/state/indexer.go
index f360eb2befe9..c752b3af55cf 100644
--- a/agent/consul/state/indexer.go
+++ b/agent/consul/state/indexer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/intention.go b/agent/consul/state/intention.go
index 4341590e4ec2..f36055522858 100644
--- a/agent/consul/state/intention.go
+++ b/agent/consul/state/intention.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/intention_oss.go b/agent/consul/state/intention_oss.go
index e82177eb1a56..43b80a47ad45 100644
--- a/agent/consul/state/intention_oss.go
+++ b/agent/consul/state/intention_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/intention_test.go b/agent/consul/state/intention_test.go
index 3545527b790c..72455565d582 100644
--- a/agent/consul/state/intention_test.go
+++ b/agent/consul/state/intention_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/kvs.go b/agent/consul/state/kvs.go
index 0d0a419ae5c2..b0b4f6c1e52d 100644
--- a/agent/consul/state/kvs.go
+++ b/agent/consul/state/kvs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/kvs_oss.go b/agent/consul/state/kvs_oss.go
index 10528e3be6db..6243bbd71b06 100644
--- a/agent/consul/state/kvs_oss.go
+++ b/agent/consul/state/kvs_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/kvs_oss_test.go b/agent/consul/state/kvs_oss_test.go
index adf41fe7dbe8..a7a1034c6a8d 100644
--- a/agent/consul/state/kvs_oss_test.go
+++ b/agent/consul/state/kvs_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/kvs_test.go b/agent/consul/state/kvs_test.go
index 4ced02586f0c..b85a08f98d18 100644
--- a/agent/consul/state/kvs_test.go
+++ b/agent/consul/state/kvs_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/memdb.go b/agent/consul/state/memdb.go
index 0a3b66c6a627..93707d0e0751 100644
--- a/agent/consul/state/memdb.go
+++ b/agent/consul/state/memdb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/memdb_test.go b/agent/consul/state/memdb_test.go
index 7e893619be5d..e603fc5bb169 100644
--- a/agent/consul/state/memdb_test.go
+++ b/agent/consul/state/memdb_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/operations_oss.go b/agent/consul/state/operations_oss.go
index 08de08015b44..acf1cd38b801 100644
--- a/agent/consul/state/operations_oss.go
+++ b/agent/consul/state/operations_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/peering.go b/agent/consul/state/peering.go
index b8e2fd10c6ed..56f279051c5a 100644
--- a/agent/consul/state/peering.go
+++ b/agent/consul/state/peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/peering_oss.go b/agent/consul/state/peering_oss.go
index a54e2d37ddff..40e207729dfa 100644
--- a/agent/consul/state/peering_oss.go
+++ b/agent/consul/state/peering_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/peering_oss_test.go b/agent/consul/state/peering_oss_test.go
index 41d1bce452db..927fa1c71db9 100644
--- a/agent/consul/state/peering_oss_test.go
+++ b/agent/consul/state/peering_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/peering_test.go b/agent/consul/state/peering_test.go
index 8125b96860aa..764286bb77b8 100644
--- a/agent/consul/state/peering_test.go
+++ b/agent/consul/state/peering_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/prepared_query.go b/agent/consul/state/prepared_query.go
index 7638d925170f..62cf39588d17 100644
--- a/agent/consul/state/prepared_query.go
+++ b/agent/consul/state/prepared_query.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/prepared_query_index.go b/agent/consul/state/prepared_query_index.go
index ac7684636669..83bb5dc73825 100644
--- a/agent/consul/state/prepared_query_index.go
+++ b/agent/consul/state/prepared_query_index.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/prepared_query_index_test.go b/agent/consul/state/prepared_query_index_test.go
index a486047f57e3..aaaa62692f1c 100644
--- a/agent/consul/state/prepared_query_index_test.go
+++ b/agent/consul/state/prepared_query_index_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/prepared_query_test.go b/agent/consul/state/prepared_query_test.go
index f0b0cd95f446..dc902de4ad30 100644
--- a/agent/consul/state/prepared_query_test.go
+++ b/agent/consul/state/prepared_query_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/query.go b/agent/consul/state/query.go
index 2256aab995fb..288e715e8331 100644
--- a/agent/consul/state/query.go
+++ b/agent/consul/state/query.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/query_oss.go b/agent/consul/state/query_oss.go
index 98108d6ff02b..178dc60b77e1 100644
--- a/agent/consul/state/query_oss.go
+++ b/agent/consul/state/query_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/schema.go b/agent/consul/state/schema.go
index 9e0e6db2fee4..0934ca483e5e 100644
--- a/agent/consul/state/schema.go
+++ b/agent/consul/state/schema.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/schema_oss.go b/agent/consul/state/schema_oss.go
index eecde09aab61..15a3ec44788a 100644
--- a/agent/consul/state/schema_oss.go
+++ b/agent/consul/state/schema_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/schema_oss_test.go b/agent/consul/state/schema_oss_test.go
index 55fc3ee54c19..eb8a1e079574 100644
--- a/agent/consul/state/schema_oss_test.go
+++ b/agent/consul/state/schema_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/schema_test.go b/agent/consul/state/schema_test.go
index f67b18e8c3be..a0af2223e27c 100644
--- a/agent/consul/state/schema_test.go
+++ b/agent/consul/state/schema_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/session.go b/agent/consul/state/session.go
index 5e666f80fd89..d57b05947d39 100644
--- a/agent/consul/state/session.go
+++ b/agent/consul/state/session.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/session_oss.go b/agent/consul/state/session_oss.go
index 1854fb3e1448..6bd13c0132dc 100644
--- a/agent/consul/state/session_oss.go
+++ b/agent/consul/state/session_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/session_test.go b/agent/consul/state/session_test.go
index eab429958163..08f7ad09d0c1 100644
--- a/agent/consul/state/session_test.go
+++ b/agent/consul/state/session_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/state_store.go b/agent/consul/state/state_store.go
index fce3b3c96155..dff3441535bb 100644
--- a/agent/consul/state/state_store.go
+++ b/agent/consul/state/state_store.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/state_store_oss_test.go b/agent/consul/state/state_store_oss_test.go
index 5515b193f688..81f25ed1e8b2 100644
--- a/agent/consul/state/state_store_oss_test.go
+++ b/agent/consul/state/state_store_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/state_store_test.go b/agent/consul/state/state_store_test.go
index 587f15c03d94..751ecee779de 100644
--- a/agent/consul/state/state_store_test.go
+++ b/agent/consul/state/state_store_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/store_integration_test.go b/agent/consul/state/store_integration_test.go
index 9395aa1cb182..25a91c558646 100644
--- a/agent/consul/state/store_integration_test.go
+++ b/agent/consul/state/store_integration_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/system_metadata.go b/agent/consul/state/system_metadata.go
index ed802efbd1cd..06e2d3cc598b 100644
--- a/agent/consul/state/system_metadata.go
+++ b/agent/consul/state/system_metadata.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/system_metadata_test.go b/agent/consul/state/system_metadata_test.go
index 59f8bcd30c3e..c2ac97b390b8 100644
--- a/agent/consul/state/system_metadata_test.go
+++ b/agent/consul/state/system_metadata_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/tombstone_gc.go b/agent/consul/state/tombstone_gc.go
index 3fc19c5cd9cc..6eab5b6b5ba9 100644
--- a/agent/consul/state/tombstone_gc.go
+++ b/agent/consul/state/tombstone_gc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/tombstone_gc_test.go b/agent/consul/state/tombstone_gc_test.go
index d0fd11fa7c5a..def4c9af1972 100644
--- a/agent/consul/state/tombstone_gc_test.go
+++ b/agent/consul/state/tombstone_gc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/txn.go b/agent/consul/state/txn.go
index 81d8acd03929..30189fc1ed60 100644
--- a/agent/consul/state/txn.go
+++ b/agent/consul/state/txn.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/txn_test.go b/agent/consul/state/txn_test.go
index a128badf42e5..bda004a63a3b 100644
--- a/agent/consul/state/txn_test.go
+++ b/agent/consul/state/txn_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/usage.go b/agent/consul/state/usage.go
index 0893d25288b6..20515e2e7b0c 100644
--- a/agent/consul/state/usage.go
+++ b/agent/consul/state/usage.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/state/usage_oss.go b/agent/consul/state/usage_oss.go
index 1824cf12399a..3daad8b98657 100644
--- a/agent/consul/state/usage_oss.go
+++ b/agent/consul/state/usage_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/usage_test.go b/agent/consul/state/usage_test.go
index 68844ebc1140..4195779b8c03 100644
--- a/agent/consul/state/usage_test.go
+++ b/agent/consul/state/usage_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/agent/consul/stats_fetcher.go b/agent/consul/stats_fetcher.go
index d52930e85add..94e122f2b438 100644
--- a/agent/consul/stats_fetcher.go
+++ b/agent/consul/stats_fetcher.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/stats_fetcher_test.go b/agent/consul/stats_fetcher_test.go
index 783424393a79..8dc9ce9eb288 100644
--- a/agent/consul/stats_fetcher_test.go
+++ b/agent/consul/stats_fetcher_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/status_endpoint.go b/agent/consul/status_endpoint.go
index efa2fa2cf4fa..bca454e25eb0 100644
--- a/agent/consul/status_endpoint.go
+++ b/agent/consul/status_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/status_endpoint_test.go b/agent/consul/status_endpoint_test.go
index 6d95d7f6fd48..d4cf5cb7798b 100644
--- a/agent/consul/status_endpoint_test.go
+++ b/agent/consul/status_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/stream/event.go b/agent/consul/stream/event.go
index db6f3a6312f3..df8160d2dd36 100644
--- a/agent/consul/stream/event.go
+++ b/agent/consul/stream/event.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 /*
 Package stream provides a publish/subscribe system for events produced by changes
diff --git a/agent/consul/stream/event_buffer.go b/agent/consul/stream/event_buffer.go
index 1c7f8c2b956a..08060306e8d6 100644
--- a/agent/consul/stream/event_buffer.go
+++ b/agent/consul/stream/event_buffer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stream
 
diff --git a/agent/consul/stream/event_buffer_test.go b/agent/consul/stream/event_buffer_test.go
index b6ec48e1775e..892a14d733e1 100644
--- a/agent/consul/stream/event_buffer_test.go
+++ b/agent/consul/stream/event_buffer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stream
 
diff --git a/agent/consul/stream/event_publisher.go b/agent/consul/stream/event_publisher.go
index f39ea22869a0..bb6d87f8bacf 100644
--- a/agent/consul/stream/event_publisher.go
+++ b/agent/consul/stream/event_publisher.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stream
 
diff --git a/agent/consul/stream/event_publisher_test.go b/agent/consul/stream/event_publisher_test.go
index 13efd0fb564a..4ae53ebcbf8f 100644
--- a/agent/consul/stream/event_publisher_test.go
+++ b/agent/consul/stream/event_publisher_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stream
 
diff --git a/agent/consul/stream/event_snapshot.go b/agent/consul/stream/event_snapshot.go
index 6b4b693689b4..40c9f3d007d5 100644
--- a/agent/consul/stream/event_snapshot.go
+++ b/agent/consul/stream/event_snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stream
 
diff --git a/agent/consul/stream/event_snapshot_test.go b/agent/consul/stream/event_snapshot_test.go
index 0888b90c39c9..8a6d4e27c6bf 100644
--- a/agent/consul/stream/event_snapshot_test.go
+++ b/agent/consul/stream/event_snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stream
 
diff --git a/agent/consul/stream/event_test.go b/agent/consul/stream/event_test.go
index ff6f07c10ea8..22afe390de9c 100644
--- a/agent/consul/stream/event_test.go
+++ b/agent/consul/stream/event_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stream
 
diff --git a/agent/consul/stream/noop.go b/agent/consul/stream/noop.go
index 1cd35ea922eb..65fcbb3fb777 100644
--- a/agent/consul/stream/noop.go
+++ b/agent/consul/stream/noop.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stream
 
diff --git a/agent/consul/stream/string_types.go b/agent/consul/stream/string_types.go
index 6e6c4ef8e92f..2d0cb656777d 100644
--- a/agent/consul/stream/string_types.go
+++ b/agent/consul/stream/string_types.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stream
 
diff --git a/agent/consul/stream/subscription.go b/agent/consul/stream/subscription.go
index 40286768abe0..23911eff2e65 100644
--- a/agent/consul/stream/subscription.go
+++ b/agent/consul/stream/subscription.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stream
 
diff --git a/agent/consul/stream/subscription_test.go b/agent/consul/stream/subscription_test.go
index 9bf0b95b5d56..fd4af464ee53 100644
--- a/agent/consul/stream/subscription_test.go
+++ b/agent/consul/stream/subscription_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stream
 
diff --git a/agent/consul/subscribe_backend.go b/agent/consul/subscribe_backend.go
index 9afcd4fc567d..c73dea18136a 100644
--- a/agent/consul/subscribe_backend.go
+++ b/agent/consul/subscribe_backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/subscribe_backend_test.go b/agent/consul/subscribe_backend_test.go
index 833f049c9728..8d0f7a501ca1 100644
--- a/agent/consul/subscribe_backend_test.go
+++ b/agent/consul/subscribe_backend_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/system_metadata.go b/agent/consul/system_metadata.go
index 40185294b8d7..f110255aa2e0 100644
--- a/agent/consul/system_metadata.go
+++ b/agent/consul/system_metadata.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/system_metadata_test.go b/agent/consul/system_metadata_test.go
index 7c4eb30e4732..75e69786b8dd 100644
--- a/agent/consul/system_metadata_test.go
+++ b/agent/consul/system_metadata_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/tenancy_bridge.go b/agent/consul/tenancy_bridge.go
index 99f8ca660a3d..4573db2feb06 100644
--- a/agent/consul/tenancy_bridge.go
+++ b/agent/consul/tenancy_bridge.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/tenancy_bridge_oss.go b/agent/consul/tenancy_bridge_oss.go
index 2272af74cec6..03f87378e759 100644
--- a/agent/consul/tenancy_bridge_oss.go
+++ b/agent/consul/tenancy_bridge_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/txn_endpoint.go b/agent/consul/txn_endpoint.go
index e7e5d870875e..f39cd502cb17 100644
--- a/agent/consul/txn_endpoint.go
+++ b/agent/consul/txn_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/txn_endpoint_test.go b/agent/consul/txn_endpoint_test.go
index f5654fdc001d..ef2ecd13a3f8 100644
--- a/agent/consul/txn_endpoint_test.go
+++ b/agent/consul/txn_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/type_registry.go b/agent/consul/type_registry.go
index 1e5ba55a0ce9..90bf76576fcf 100644
--- a/agent/consul/type_registry.go
+++ b/agent/consul/type_registry.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package consul
 
 import (
diff --git a/agent/consul/usagemetrics/usagemetrics.go b/agent/consul/usagemetrics/usagemetrics.go
index 169238c375e1..7bd21b7d265b 100644
--- a/agent/consul/usagemetrics/usagemetrics.go
+++ b/agent/consul/usagemetrics/usagemetrics.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package usagemetrics
 
diff --git a/agent/consul/usagemetrics/usagemetrics_oss.go b/agent/consul/usagemetrics/usagemetrics_oss.go
index 17853b4fcf6e..7de677cc079c 100644
--- a/agent/consul/usagemetrics/usagemetrics_oss.go
+++ b/agent/consul/usagemetrics/usagemetrics_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/usagemetrics/usagemetrics_oss_test.go b/agent/consul/usagemetrics/usagemetrics_oss_test.go
index 8a4b511577c8..c25159343f43 100644
--- a/agent/consul/usagemetrics/usagemetrics_oss_test.go
+++ b/agent/consul/usagemetrics/usagemetrics_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/usagemetrics/usagemetrics_test.go b/agent/consul/usagemetrics/usagemetrics_test.go
index 7bdf396b2574..c97fb13be802 100644
--- a/agent/consul/usagemetrics/usagemetrics_test.go
+++ b/agent/consul/usagemetrics/usagemetrics_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package usagemetrics
 
diff --git a/agent/consul/util.go b/agent/consul/util.go
index 6fd6c77da33b..0fd88e14c8eb 100644
--- a/agent/consul/util.go
+++ b/agent/consul/util.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/util_test.go b/agent/consul/util_test.go
index c41b7748919f..d0a4fcb6842f 100644
--- a/agent/consul/util_test.go
+++ b/agent/consul/util_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package consul
 
diff --git a/agent/consul/wanfed/pool.go b/agent/consul/wanfed/pool.go
index 9320087b3f71..3d083019346d 100644
--- a/agent/consul/wanfed/pool.go
+++ b/agent/consul/wanfed/pool.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package wanfed
 
diff --git a/agent/consul/wanfed/wanfed.go b/agent/consul/wanfed/wanfed.go
index e82eddcfa88e..7732e05ad39a 100644
--- a/agent/consul/wanfed/wanfed.go
+++ b/agent/consul/wanfed/wanfed.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package wanfed
 
diff --git a/agent/consul/wanfed/wanfed_test.go b/agent/consul/wanfed/wanfed_test.go
index ef45c197c179..8254e9434b36 100644
--- a/agent/consul/wanfed/wanfed_test.go
+++ b/agent/consul/wanfed/wanfed_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package wanfed
 
diff --git a/agent/consul/watch/server_local.go b/agent/consul/watch/server_local.go
index 5937ba1c6a10..2bb98fe349df 100644
--- a/agent/consul/watch/server_local.go
+++ b/agent/consul/watch/server_local.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package watch
 
diff --git a/agent/consul/watch/server_local_test.go b/agent/consul/watch/server_local_test.go
index 1f96b1ec00d0..84ab8de5739a 100644
--- a/agent/consul/watch/server_local_test.go
+++ b/agent/consul/watch/server_local_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package watch
 
diff --git a/agent/consul/xdscapacity/capacity.go b/agent/consul/xdscapacity/capacity.go
index 6396841d63fe..bf3cf4ced02a 100644
--- a/agent/consul/xdscapacity/capacity.go
+++ b/agent/consul/xdscapacity/capacity.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xdscapacity
 
diff --git a/agent/consul/xdscapacity/capacity_test.go b/agent/consul/xdscapacity/capacity_test.go
index d26453feae60..b3a3935a8806 100644
--- a/agent/consul/xdscapacity/capacity_test.go
+++ b/agent/consul/xdscapacity/capacity_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xdscapacity
 
diff --git a/agent/coordinate_endpoint.go b/agent/coordinate_endpoint.go
index 744498c05533..60b69244afd5 100644
--- a/agent/coordinate_endpoint.go
+++ b/agent/coordinate_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/coordinate_endpoint_test.go b/agent/coordinate_endpoint_test.go
index fe6deeef9567..508f308d13c7 100644
--- a/agent/coordinate_endpoint_test.go
+++ b/agent/coordinate_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/debug/host.go b/agent/debug/host.go
index 5116bf7499f7..f863117e547b 100644
--- a/agent/debug/host.go
+++ b/agent/debug/host.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package debug
 
diff --git a/agent/debug/host_test.go b/agent/debug/host_test.go
index 1289e21b4f06..dce469b542f2 100644
--- a/agent/debug/host_test.go
+++ b/agent/debug/host_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package debug
 
diff --git a/agent/delegate_mock_test.go b/agent/delegate_mock_test.go
index 7f0593473e74..a75cf2d1e262 100644
--- a/agent/delegate_mock_test.go
+++ b/agent/delegate_mock_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/denylist.go b/agent/denylist.go
index b62146529814..5fdd8cc9f872 100644
--- a/agent/denylist.go
+++ b/agent/denylist.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/denylist_test.go b/agent/denylist_test.go
index f9370723a7c3..dd77e977d94d 100644
--- a/agent/denylist_test.go
+++ b/agent/denylist_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/discovery_chain_endpoint.go b/agent/discovery_chain_endpoint.go
index a3aaa421f938..69a5e668f46e 100644
--- a/agent/discovery_chain_endpoint.go
+++ b/agent/discovery_chain_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/discovery_chain_endpoint_test.go b/agent/discovery_chain_endpoint_test.go
index ed42ca0aede8..7e1e9a5524e4 100644
--- a/agent/discovery_chain_endpoint_test.go
+++ b/agent/discovery_chain_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/dns.go b/agent/dns.go
index 5804dc97dd8e..3ae9a18b673a 100644
--- a/agent/dns.go
+++ b/agent/dns.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/dns/dns.go b/agent/dns/dns.go
index 9f8e785a390b..1942a1fdd8d2 100644
--- a/agent/dns/dns.go
+++ b/agent/dns/dns.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dns
 
diff --git a/agent/dns/dns_test.go b/agent/dns/dns_test.go
index 91dc3ea72a91..3acd2260e0a7 100644
--- a/agent/dns/dns_test.go
+++ b/agent/dns/dns_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dns
 
diff --git a/agent/dns/validation.go b/agent/dns/validation.go
index cd66acf6fa8f..a88aaff2dbcb 100644
--- a/agent/dns/validation.go
+++ b/agent/dns/validation.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dns
 
diff --git a/agent/dns/validation_test.go b/agent/dns/validation_test.go
index bcb65adf14a2..8855e375c5f9 100644
--- a/agent/dns/validation_test.go
+++ b/agent/dns/validation_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dns_test
 
diff --git a/agent/dns_oss.go b/agent/dns_oss.go
index e7b6dbf8c262..b80900966506 100644
--- a/agent/dns_oss.go
+++ b/agent/dns_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/dns_oss_test.go b/agent/dns_oss_test.go
index 7bbe6fdd5019..32dbfa7785e7 100644
--- a/agent/dns_oss_test.go
+++ b/agent/dns_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/dns_test.go b/agent/dns_test.go
index ef5364964dd3..399899527218 100644
--- a/agent/dns_test.go
+++ b/agent/dns_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/enterprise_delegate_oss.go b/agent/enterprise_delegate_oss.go
index 20bfeec22092..5c455e243745 100644
--- a/agent/enterprise_delegate_oss.go
+++ b/agent/enterprise_delegate_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/envoyextensions/builtin/aws-lambda/aws_lambda.go b/agent/envoyextensions/builtin/aws-lambda/aws_lambda.go
index fa36d6fa500d..978fc5cf5552 100644
--- a/agent/envoyextensions/builtin/aws-lambda/aws_lambda.go
+++ b/agent/envoyextensions/builtin/aws-lambda/aws_lambda.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package awslambda
 
diff --git a/agent/envoyextensions/builtin/aws-lambda/aws_lambda_test.go b/agent/envoyextensions/builtin/aws-lambda/aws_lambda_test.go
index 26f49eef4bd1..3dda09e317a4 100644
--- a/agent/envoyextensions/builtin/aws-lambda/aws_lambda_test.go
+++ b/agent/envoyextensions/builtin/aws-lambda/aws_lambda_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package awslambda
 
diff --git a/agent/envoyextensions/builtin/ext-authz/ext_authz.go b/agent/envoyextensions/builtin/ext-authz/ext_authz.go
index 7400aef13a04..f5368c97ab8d 100644
--- a/agent/envoyextensions/builtin/ext-authz/ext_authz.go
+++ b/agent/envoyextensions/builtin/ext-authz/ext_authz.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extauthz
 
diff --git a/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go b/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go
index 88e87d7e9a8f..6db284476dd7 100644
--- a/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go
+++ b/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extauthz
 
diff --git a/agent/envoyextensions/builtin/ext-authz/structs.go b/agent/envoyextensions/builtin/ext-authz/structs.go
index a14cedd63a76..0a7e7dcce43a 100644
--- a/agent/envoyextensions/builtin/ext-authz/structs.go
+++ b/agent/envoyextensions/builtin/ext-authz/structs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extauthz
 
diff --git a/agent/envoyextensions/builtin/lua/lua.go b/agent/envoyextensions/builtin/lua/lua.go
index aefea37e6c49..ba08d9d286c0 100644
--- a/agent/envoyextensions/builtin/lua/lua.go
+++ b/agent/envoyextensions/builtin/lua/lua.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lua
 
diff --git a/agent/envoyextensions/builtin/lua/lua_test.go b/agent/envoyextensions/builtin/lua/lua_test.go
index 3ea2ba716c1d..afe65d067f43 100644
--- a/agent/envoyextensions/builtin/lua/lua_test.go
+++ b/agent/envoyextensions/builtin/lua/lua_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lua
 
diff --git a/agent/envoyextensions/builtin/property-override/property_override.go b/agent/envoyextensions/builtin/property-override/property_override.go
index 41e98074b7a2..70577a56e3d4 100644
--- a/agent/envoyextensions/builtin/property-override/property_override.go
+++ b/agent/envoyextensions/builtin/property-override/property_override.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package propertyoverride
 
 import (
diff --git a/agent/envoyextensions/builtin/property-override/property_override_test.go b/agent/envoyextensions/builtin/property-override/property_override_test.go
index 0e4317f9ddb7..20febc21074d 100644
--- a/agent/envoyextensions/builtin/property-override/property_override_test.go
+++ b/agent/envoyextensions/builtin/property-override/property_override_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package propertyoverride
 
 import (
diff --git a/agent/envoyextensions/builtin/property-override/structpatcher.go b/agent/envoyextensions/builtin/property-override/structpatcher.go
index 91de4cf7f86d..76fe3be1a857 100644
--- a/agent/envoyextensions/builtin/property-override/structpatcher.go
+++ b/agent/envoyextensions/builtin/property-override/structpatcher.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package propertyoverride
 
 import (
diff --git a/agent/envoyextensions/builtin/property-override/structpatcher_test.go b/agent/envoyextensions/builtin/property-override/structpatcher_test.go
index ac7379f9f186..4916f0c505c7 100644
--- a/agent/envoyextensions/builtin/property-override/structpatcher_test.go
+++ b/agent/envoyextensions/builtin/property-override/structpatcher_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package propertyoverride
 
 import (
diff --git a/agent/envoyextensions/builtin/wasm/structs.go b/agent/envoyextensions/builtin/wasm/structs.go
index 012099ab6203..67540fee56c9 100644
--- a/agent/envoyextensions/builtin/wasm/structs.go
+++ b/agent/envoyextensions/builtin/wasm/structs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package wasm
 
diff --git a/agent/envoyextensions/builtin/wasm/wasm.go b/agent/envoyextensions/builtin/wasm/wasm.go
index c16ac4da81c0..da1e0a7ceaa9 100644
--- a/agent/envoyextensions/builtin/wasm/wasm.go
+++ b/agent/envoyextensions/builtin/wasm/wasm.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package wasm
 
diff --git a/agent/envoyextensions/builtin/wasm/wasm_test.go b/agent/envoyextensions/builtin/wasm/wasm_test.go
index 93f3a4b5e0af..41769beecdc9 100644
--- a/agent/envoyextensions/builtin/wasm/wasm_test.go
+++ b/agent/envoyextensions/builtin/wasm/wasm_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package wasm
 
diff --git a/agent/envoyextensions/registered_extensions.go b/agent/envoyextensions/registered_extensions.go
index 7b0f2ae61da1..d9721b320b17 100644
--- a/agent/envoyextensions/registered_extensions.go
+++ b/agent/envoyextensions/registered_extensions.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package envoyextensions
 
diff --git a/agent/envoyextensions/registered_extensions_test.go b/agent/envoyextensions/registered_extensions_test.go
index 7f3cb6bbac7d..818db87fafea 100644
--- a/agent/envoyextensions/registered_extensions_test.go
+++ b/agent/envoyextensions/registered_extensions_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package envoyextensions
 
diff --git a/agent/event_endpoint.go b/agent/event_endpoint.go
index 034dec305619..da589632c75a 100644
--- a/agent/event_endpoint.go
+++ b/agent/event_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/event_endpoint_test.go b/agent/event_endpoint_test.go
index 4be21a6914b9..a041088c448c 100644
--- a/agent/event_endpoint_test.go
+++ b/agent/event_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/exec/exec.go b/agent/exec/exec.go
index d4b4bfafd1fe..408dc6bb8110 100644
--- a/agent/exec/exec.go
+++ b/agent/exec/exec.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package exec
 
diff --git a/agent/exec/exec_unix.go b/agent/exec/exec_unix.go
index 32ff23249e3b..b31e593163a0 100644
--- a/agent/exec/exec_unix.go
+++ b/agent/exec/exec_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !windows
 // +build !windows
diff --git a/agent/exec/exec_windows.go b/agent/exec/exec_windows.go
index 1a0cb4c82c80..aeb9b6a84781 100644
--- a/agent/exec/exec_windows.go
+++ b/agent/exec/exec_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build windows
 // +build windows
diff --git a/agent/federation_state_endpoint.go b/agent/federation_state_endpoint.go
index 0bec145ae60c..40a3df1ff1cd 100644
--- a/agent/federation_state_endpoint.go
+++ b/agent/federation_state_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/grpc-external/forward.go b/agent/grpc-external/forward.go
index c0ed064ac808..395fb6aa479d 100644
--- a/agent/grpc-external/forward.go
+++ b/agent/grpc-external/forward.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package external
 
diff --git a/agent/grpc-external/limiter/limiter.go b/agent/grpc-external/limiter/limiter.go
index f995f963049b..44aaac616f99 100644
--- a/agent/grpc-external/limiter/limiter.go
+++ b/agent/grpc-external/limiter/limiter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // package limiter provides primatives for limiting the number of concurrent
 // operations in-flight.
diff --git a/agent/grpc-external/limiter/limiter_test.go b/agent/grpc-external/limiter/limiter_test.go
index fa165a66706b..3cfa3ad26327 100644
--- a/agent/grpc-external/limiter/limiter_test.go
+++ b/agent/grpc-external/limiter/limiter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package limiter
 
diff --git a/agent/grpc-external/options.go b/agent/grpc-external/options.go
index a25a4482990f..04e5c10efb51 100644
--- a/agent/grpc-external/options.go
+++ b/agent/grpc-external/options.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package external
 
diff --git a/agent/grpc-external/options_test.go b/agent/grpc-external/options_test.go
index b2edb8fbf1f5..ccc0ad12fd69 100644
--- a/agent/grpc-external/options_test.go
+++ b/agent/grpc-external/options_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package external
 
diff --git a/agent/grpc-external/querymeta.go b/agent/grpc-external/querymeta.go
index 55b960255fff..0f4dd52adb86 100644
--- a/agent/grpc-external/querymeta.go
+++ b/agent/grpc-external/querymeta.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package external
 
 import (
diff --git a/agent/grpc-external/querymeta_test.go b/agent/grpc-external/querymeta_test.go
index 66c7136a3dd4..440692964817 100644
--- a/agent/grpc-external/querymeta_test.go
+++ b/agent/grpc-external/querymeta_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package external
 
 import (
diff --git a/agent/grpc-external/server.go b/agent/grpc-external/server.go
index 0513d22e223c..6090a8f31a15 100644
--- a/agent/grpc-external/server.go
+++ b/agent/grpc-external/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package external
 
diff --git a/agent/grpc-external/services/acl/login.go b/agent/grpc-external/services/acl/login.go
index c8c399d108be..1e44acf8a171 100644
--- a/agent/grpc-external/services/acl/login.go
+++ b/agent/grpc-external/services/acl/login.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/agent/grpc-external/services/acl/login_test.go b/agent/grpc-external/services/acl/login_test.go
index e858618a906b..3b956d7c8c71 100644
--- a/agent/grpc-external/services/acl/login_test.go
+++ b/agent/grpc-external/services/acl/login_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/agent/grpc-external/services/acl/logout.go b/agent/grpc-external/services/acl/logout.go
index bd3bb5e3e42a..691ac7b88894 100644
--- a/agent/grpc-external/services/acl/logout.go
+++ b/agent/grpc-external/services/acl/logout.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/agent/grpc-external/services/acl/logout_test.go b/agent/grpc-external/services/acl/logout_test.go
index 69491db5e3b0..df5c39628297 100644
--- a/agent/grpc-external/services/acl/logout_test.go
+++ b/agent/grpc-external/services/acl/logout_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/agent/grpc-external/services/acl/server.go b/agent/grpc-external/services/acl/server.go
index 5513950e02ec..2393f11aa106 100644
--- a/agent/grpc-external/services/acl/server.go
+++ b/agent/grpc-external/services/acl/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/agent/grpc-external/services/acl/server_test.go b/agent/grpc-external/services/acl/server_test.go
index 89c49bf226a1..1b6cd066001e 100644
--- a/agent/grpc-external/services/acl/server_test.go
+++ b/agent/grpc-external/services/acl/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/agent/grpc-external/services/connectca/server.go b/agent/grpc-external/services/connectca/server.go
index c90962e180c8..4ef91705f7a1 100644
--- a/agent/grpc-external/services/connectca/server.go
+++ b/agent/grpc-external/services/connectca/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connectca
 
diff --git a/agent/grpc-external/services/connectca/server_test.go b/agent/grpc-external/services/connectca/server_test.go
index 84636e9e7588..27c8d17c0c9d 100644
--- a/agent/grpc-external/services/connectca/server_test.go
+++ b/agent/grpc-external/services/connectca/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connectca
 
diff --git a/agent/grpc-external/services/connectca/sign.go b/agent/grpc-external/services/connectca/sign.go
index 59c1a6f28354..148bf675b057 100644
--- a/agent/grpc-external/services/connectca/sign.go
+++ b/agent/grpc-external/services/connectca/sign.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connectca
 
diff --git a/agent/grpc-external/services/connectca/sign_test.go b/agent/grpc-external/services/connectca/sign_test.go
index e43978e0b906..07be304081eb 100644
--- a/agent/grpc-external/services/connectca/sign_test.go
+++ b/agent/grpc-external/services/connectca/sign_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connectca
 
diff --git a/agent/grpc-external/services/connectca/watch_roots.go b/agent/grpc-external/services/connectca/watch_roots.go
index 14927e2188a1..ddd02ca56e0f 100644
--- a/agent/grpc-external/services/connectca/watch_roots.go
+++ b/agent/grpc-external/services/connectca/watch_roots.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connectca
 
diff --git a/agent/grpc-external/services/connectca/watch_roots_test.go b/agent/grpc-external/services/connectca/watch_roots_test.go
index bfdb76f33bdd..171e00324643 100644
--- a/agent/grpc-external/services/connectca/watch_roots_test.go
+++ b/agent/grpc-external/services/connectca/watch_roots_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connectca
 
diff --git a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go
index 13bbd1c9f94b..147f84d302e2 100644
--- a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go
+++ b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go
index 322d2f652745..03e968ba4221 100644
--- a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go
+++ b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dataplane/get_supported_features.go b/agent/grpc-external/services/dataplane/get_supported_features.go
index ea638715338a..214f0e249f30 100644
--- a/agent/grpc-external/services/dataplane/get_supported_features.go
+++ b/agent/grpc-external/services/dataplane/get_supported_features.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dataplane/get_supported_features_test.go b/agent/grpc-external/services/dataplane/get_supported_features_test.go
index 329b5df0f68f..4761ccb3cb38 100644
--- a/agent/grpc-external/services/dataplane/get_supported_features_test.go
+++ b/agent/grpc-external/services/dataplane/get_supported_features_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dataplane/server.go b/agent/grpc-external/services/dataplane/server.go
index 877289386384..88b586f459a4 100644
--- a/agent/grpc-external/services/dataplane/server.go
+++ b/agent/grpc-external/services/dataplane/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dataplane/server_test.go b/agent/grpc-external/services/dataplane/server_test.go
index 15ac272871e8..ec57396bcb79 100644
--- a/agent/grpc-external/services/dataplane/server_test.go
+++ b/agent/grpc-external/services/dataplane/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dns/server.go b/agent/grpc-external/services/dns/server.go
index a9733c40666b..a6f2249733c1 100644
--- a/agent/grpc-external/services/dns/server.go
+++ b/agent/grpc-external/services/dns/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dns
 
diff --git a/agent/grpc-external/services/dns/server_test.go b/agent/grpc-external/services/dns/server_test.go
index 0144eccc0cd1..a6576b51adcf 100644
--- a/agent/grpc-external/services/dns/server_test.go
+++ b/agent/grpc-external/services/dns/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dns
 
diff --git a/agent/grpc-external/services/peerstream/health_snapshot.go b/agent/grpc-external/services/peerstream/health_snapshot.go
index dd9a10c67469..efd60a7f1039 100644
--- a/agent/grpc-external/services/peerstream/health_snapshot.go
+++ b/agent/grpc-external/services/peerstream/health_snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/health_snapshot_test.go b/agent/grpc-external/services/peerstream/health_snapshot_test.go
index 7ea404f3854c..6759db252d2c 100644
--- a/agent/grpc-external/services/peerstream/health_snapshot_test.go
+++ b/agent/grpc-external/services/peerstream/health_snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/replication.go b/agent/grpc-external/services/peerstream/replication.go
index a0c1e4387f1c..692a475235be 100644
--- a/agent/grpc-external/services/peerstream/replication.go
+++ b/agent/grpc-external/services/peerstream/replication.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/server.go b/agent/grpc-external/services/peerstream/server.go
index 58e436bd1f5c..4127312fe72c 100644
--- a/agent/grpc-external/services/peerstream/server.go
+++ b/agent/grpc-external/services/peerstream/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/server_test.go b/agent/grpc-external/services/peerstream/server_test.go
index cb7c60e3cf0a..836b09d89b2b 100644
--- a/agent/grpc-external/services/peerstream/server_test.go
+++ b/agent/grpc-external/services/peerstream/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/stream_resources.go b/agent/grpc-external/services/peerstream/stream_resources.go
index 61c98d3f0789..9f2d9cf896f3 100644
--- a/agent/grpc-external/services/peerstream/stream_resources.go
+++ b/agent/grpc-external/services/peerstream/stream_resources.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/stream_test.go b/agent/grpc-external/services/peerstream/stream_test.go
index 2d8f6f3e1667..8c1e0783bd7b 100644
--- a/agent/grpc-external/services/peerstream/stream_test.go
+++ b/agent/grpc-external/services/peerstream/stream_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/stream_tracker.go b/agent/grpc-external/services/peerstream/stream_tracker.go
index abb5a003a399..c74a1b284f09 100644
--- a/agent/grpc-external/services/peerstream/stream_tracker.go
+++ b/agent/grpc-external/services/peerstream/stream_tracker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/stream_tracker_test.go b/agent/grpc-external/services/peerstream/stream_tracker_test.go
index d676587a2520..33ea536469d8 100644
--- a/agent/grpc-external/services/peerstream/stream_tracker_test.go
+++ b/agent/grpc-external/services/peerstream/stream_tracker_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_blocking.go b/agent/grpc-external/services/peerstream/subscription_blocking.go
index 7fa8bc1eff59..a1257d3d3381 100644
--- a/agent/grpc-external/services/peerstream/subscription_blocking.go
+++ b/agent/grpc-external/services/peerstream/subscription_blocking.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_manager.go b/agent/grpc-external/services/peerstream/subscription_manager.go
index 4fcd27635b81..bd2d36ffd942 100644
--- a/agent/grpc-external/services/peerstream/subscription_manager.go
+++ b/agent/grpc-external/services/peerstream/subscription_manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_manager_test.go b/agent/grpc-external/services/peerstream/subscription_manager_test.go
index 4ed912368e89..cc2afee0d54c 100644
--- a/agent/grpc-external/services/peerstream/subscription_manager_test.go
+++ b/agent/grpc-external/services/peerstream/subscription_manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_state.go b/agent/grpc-external/services/peerstream/subscription_state.go
index dba315370de7..a1a370a3ec4c 100644
--- a/agent/grpc-external/services/peerstream/subscription_state.go
+++ b/agent/grpc-external/services/peerstream/subscription_state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_state_test.go b/agent/grpc-external/services/peerstream/subscription_state_test.go
index 3cba66c9c2be..cc3e49ab4c9c 100644
--- a/agent/grpc-external/services/peerstream/subscription_state_test.go
+++ b/agent/grpc-external/services/peerstream/subscription_state_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_view.go b/agent/grpc-external/services/peerstream/subscription_view.go
index c85c82b15e5c..575729bc71df 100644
--- a/agent/grpc-external/services/peerstream/subscription_view.go
+++ b/agent/grpc-external/services/peerstream/subscription_view.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_view_test.go b/agent/grpc-external/services/peerstream/subscription_view_test.go
index a51ca57e2902..cd2f61e60feb 100644
--- a/agent/grpc-external/services/peerstream/subscription_view_test.go
+++ b/agent/grpc-external/services/peerstream/subscription_view_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/testing.go b/agent/grpc-external/services/peerstream/testing.go
index 2208249dc6fc..47cc8d1dbec6 100644
--- a/agent/grpc-external/services/peerstream/testing.go
+++ b/agent/grpc-external/services/peerstream/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peerstream
 
diff --git a/agent/grpc-external/services/resource/delete.go b/agent/grpc-external/services/resource/delete.go
index 459f97f28a17..0c5a86165487 100644
--- a/agent/grpc-external/services/resource/delete.go
+++ b/agent/grpc-external/services/resource/delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/delete_test.go b/agent/grpc-external/services/resource/delete_test.go
index fd74d427eec1..ee32a12a658d 100644
--- a/agent/grpc-external/services/resource/delete_test.go
+++ b/agent/grpc-external/services/resource/delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/list.go b/agent/grpc-external/services/resource/list.go
index 7332c0c8a0a2..803f64901b3e 100644
--- a/agent/grpc-external/services/resource/list.go
+++ b/agent/grpc-external/services/resource/list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/list_by_owner.go b/agent/grpc-external/services/resource/list_by_owner.go
index 02b513011fdd..8f1b4216a3ac 100644
--- a/agent/grpc-external/services/resource/list_by_owner.go
+++ b/agent/grpc-external/services/resource/list_by_owner.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/list_by_owner_test.go b/agent/grpc-external/services/resource/list_by_owner_test.go
index 218971a050da..5b2fe63975bf 100644
--- a/agent/grpc-external/services/resource/list_by_owner_test.go
+++ b/agent/grpc-external/services/resource/list_by_owner_test.go
@@ -1,5 +1,5 @@
 // // Copyright (c) HashiCorp, Inc.
-// // SPDX-License-Identifier: MPL-2.0
+// // SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/list_test.go b/agent/grpc-external/services/resource/list_test.go
index 4d6b50951b75..93a8d1c45ff3 100644
--- a/agent/grpc-external/services/resource/list_test.go
+++ b/agent/grpc-external/services/resource/list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/read.go b/agent/grpc-external/services/resource/read.go
index ca248cd962a7..4f247a72ac2d 100644
--- a/agent/grpc-external/services/resource/read.go
+++ b/agent/grpc-external/services/resource/read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/read_test.go b/agent/grpc-external/services/resource/read_test.go
index 4b93f210e34d..ac63d0a2687a 100644
--- a/agent/grpc-external/services/resource/read_test.go
+++ b/agent/grpc-external/services/resource/read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/server.go b/agent/grpc-external/services/resource/server.go
index 64ac47e6ddc2..29b18bd964c8 100644
--- a/agent/grpc-external/services/resource/server.go
+++ b/agent/grpc-external/services/resource/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/server_oss.go b/agent/grpc-external/services/resource/server_oss.go
index 1871aab205aa..562af973200f 100644
--- a/agent/grpc-external/services/resource/server_oss.go
+++ b/agent/grpc-external/services/resource/server_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/grpc-external/services/resource/server_oss_test.go b/agent/grpc-external/services/resource/server_oss_test.go
index 5f92f5226c74..9e155019ca01 100644
--- a/agent/grpc-external/services/resource/server_oss_test.go
+++ b/agent/grpc-external/services/resource/server_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/grpc-external/services/resource/server_test.go b/agent/grpc-external/services/resource/server_test.go
index 0530f51a2a3f..f2ee1512955a 100644
--- a/agent/grpc-external/services/resource/server_test.go
+++ b/agent/grpc-external/services/resource/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/testing/testing.go b/agent/grpc-external/services/resource/testing/testing.go
index b35a9491f37b..403263404fe2 100644
--- a/agent/grpc-external/services/resource/testing/testing.go
+++ b/agent/grpc-external/services/resource/testing/testing.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package testing
 
 import (
diff --git a/agent/grpc-external/services/resource/watch.go b/agent/grpc-external/services/resource/watch.go
index 140ff78fbdcb..17cc48c094a1 100644
--- a/agent/grpc-external/services/resource/watch.go
+++ b/agent/grpc-external/services/resource/watch.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/watch_test.go b/agent/grpc-external/services/resource/watch_test.go
index 95695f295ebd..7574c155daf6 100644
--- a/agent/grpc-external/services/resource/watch_test.go
+++ b/agent/grpc-external/services/resource/watch_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/write.go b/agent/grpc-external/services/resource/write.go
index b85b33ef237f..ec39f3a12a85 100644
--- a/agent/grpc-external/services/resource/write.go
+++ b/agent/grpc-external/services/resource/write.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/write_status.go b/agent/grpc-external/services/resource/write_status.go
index 67a2eff05387..d0dea6f16266 100644
--- a/agent/grpc-external/services/resource/write_status.go
+++ b/agent/grpc-external/services/resource/write_status.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/write_status_test.go b/agent/grpc-external/services/resource/write_status_test.go
index aa26330176df..8470f50d85c0 100644
--- a/agent/grpc-external/services/resource/write_status_test.go
+++ b/agent/grpc-external/services/resource/write_status_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/resource/write_test.go b/agent/grpc-external/services/resource/write_test.go
index fbd1ed2b5074..861f09951979 100644
--- a/agent/grpc-external/services/resource/write_test.go
+++ b/agent/grpc-external/services/resource/write_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/agent/grpc-external/services/serverdiscovery/server.go b/agent/grpc-external/services/serverdiscovery/server.go
index 477617122120..99011c6d076f 100644
--- a/agent/grpc-external/services/serverdiscovery/server.go
+++ b/agent/grpc-external/services/serverdiscovery/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package serverdiscovery
 
diff --git a/agent/grpc-external/services/serverdiscovery/server_test.go b/agent/grpc-external/services/serverdiscovery/server_test.go
index cac32bd31ee3..a9fd65b7cbdc 100644
--- a/agent/grpc-external/services/serverdiscovery/server_test.go
+++ b/agent/grpc-external/services/serverdiscovery/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package serverdiscovery
 
diff --git a/agent/grpc-external/services/serverdiscovery/watch_servers.go b/agent/grpc-external/services/serverdiscovery/watch_servers.go
index 31a2cb92c837..94ed7ac58aef 100644
--- a/agent/grpc-external/services/serverdiscovery/watch_servers.go
+++ b/agent/grpc-external/services/serverdiscovery/watch_servers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package serverdiscovery
 
diff --git a/agent/grpc-external/services/serverdiscovery/watch_servers_test.go b/agent/grpc-external/services/serverdiscovery/watch_servers_test.go
index d58d0be407c3..0df48f3bb35c 100644
--- a/agent/grpc-external/services/serverdiscovery/watch_servers_test.go
+++ b/agent/grpc-external/services/serverdiscovery/watch_servers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package serverdiscovery
 
diff --git a/agent/grpc-external/stats_test.go b/agent/grpc-external/stats_test.go
index eed834064e08..798c900148ba 100644
--- a/agent/grpc-external/stats_test.go
+++ b/agent/grpc-external/stats_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package external
 
diff --git a/agent/grpc-external/testutils/acl.go b/agent/grpc-external/testutils/acl.go
index 440a83768281..caa5c7ae81f5 100644
--- a/agent/grpc-external/testutils/acl.go
+++ b/agent/grpc-external/testutils/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package testutils
 
diff --git a/agent/grpc-external/testutils/fsm.go b/agent/grpc-external/testutils/fsm.go
index 0e7b645a65ec..fdec1b109ed3 100644
--- a/agent/grpc-external/testutils/fsm.go
+++ b/agent/grpc-external/testutils/fsm.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package testutils
 
diff --git a/agent/grpc-external/testutils/server.go b/agent/grpc-external/testutils/server.go
index eecb10bb954f..13cbb985e564 100644
--- a/agent/grpc-external/testutils/server.go
+++ b/agent/grpc-external/testutils/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package testutils
 
diff --git a/agent/grpc-external/utils.go b/agent/grpc-external/utils.go
index b3a3d3d20264..13c84c75c1ce 100644
--- a/agent/grpc-external/utils.go
+++ b/agent/grpc-external/utils.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package external
 
diff --git a/agent/grpc-internal/balancer/balancer.go b/agent/grpc-internal/balancer/balancer.go
index 4941a8087318..884c2a1dec3d 100644
--- a/agent/grpc-internal/balancer/balancer.go
+++ b/agent/grpc-internal/balancer/balancer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // package balancer implements a custom gRPC load balancer.
 //
diff --git a/agent/grpc-internal/balancer/balancer_test.go b/agent/grpc-internal/balancer/balancer_test.go
index 35912aab269a..f0c6db9f5329 100644
--- a/agent/grpc-internal/balancer/balancer_test.go
+++ b/agent/grpc-internal/balancer/balancer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package balancer
 
diff --git a/agent/grpc-internal/balancer/registry.go b/agent/grpc-internal/balancer/registry.go
index f11ea6c8cebe..53b2e6555ac3 100644
--- a/agent/grpc-internal/balancer/registry.go
+++ b/agent/grpc-internal/balancer/registry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package balancer
 
diff --git a/agent/grpc-internal/client.go b/agent/grpc-internal/client.go
index 98a6f1fd81c5..1d49bc23cdd3 100644
--- a/agent/grpc-internal/client.go
+++ b/agent/grpc-internal/client.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package internal
 
diff --git a/agent/grpc-internal/client_test.go b/agent/grpc-internal/client_test.go
index a3b99e78ad1b..134a62aa4aae 100644
--- a/agent/grpc-internal/client_test.go
+++ b/agent/grpc-internal/client_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package internal
 
diff --git a/agent/grpc-internal/handler.go b/agent/grpc-internal/handler.go
index 3278d744436f..b0eeaa8a4f0c 100644
--- a/agent/grpc-internal/handler.go
+++ b/agent/grpc-internal/handler.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package internal
 
diff --git a/agent/grpc-internal/handler_test.go b/agent/grpc-internal/handler_test.go
index 80c026113d1f..2027c055866d 100644
--- a/agent/grpc-internal/handler_test.go
+++ b/agent/grpc-internal/handler_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package internal
 
diff --git a/agent/grpc-internal/listener.go b/agent/grpc-internal/listener.go
index bcbf121c733e..a1c226613778 100644
--- a/agent/grpc-internal/listener.go
+++ b/agent/grpc-internal/listener.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package internal
 
diff --git a/agent/grpc-internal/pipe.go b/agent/grpc-internal/pipe.go
index 188defd085ed..555f6d2162aa 100644
--- a/agent/grpc-internal/pipe.go
+++ b/agent/grpc-internal/pipe.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package internal
 
diff --git a/agent/grpc-internal/pipe_test.go b/agent/grpc-internal/pipe_test.go
index e6ce286d1f86..f51d1581292b 100644
--- a/agent/grpc-internal/pipe_test.go
+++ b/agent/grpc-internal/pipe_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package internal
 
diff --git a/agent/grpc-internal/resolver/registry.go b/agent/grpc-internal/resolver/registry.go
index 5151cfd46ce0..aab369c50131 100644
--- a/agent/grpc-internal/resolver/registry.go
+++ b/agent/grpc-internal/resolver/registry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resolver
 
diff --git a/agent/grpc-internal/resolver/resolver.go b/agent/grpc-internal/resolver/resolver.go
index d04f1e657e61..8d1436bf7aff 100644
--- a/agent/grpc-internal/resolver/resolver.go
+++ b/agent/grpc-internal/resolver/resolver.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resolver
 
diff --git a/agent/grpc-internal/resolver/resolver_test.go b/agent/grpc-internal/resolver/resolver_test.go
index 2bd3f24f9936..0914eba147ba 100644
--- a/agent/grpc-internal/resolver/resolver_test.go
+++ b/agent/grpc-internal/resolver/resolver_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package resolver
 
 import (
diff --git a/agent/grpc-internal/server_test.go b/agent/grpc-internal/server_test.go
index 83774c712fc6..12f420979b6e 100644
--- a/agent/grpc-internal/server_test.go
+++ b/agent/grpc-internal/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package internal
 
diff --git a/agent/grpc-internal/services/subscribe/logger.go b/agent/grpc-internal/services/subscribe/logger.go
index faaa63ff8427..11c18f6adfa4 100644
--- a/agent/grpc-internal/services/subscribe/logger.go
+++ b/agent/grpc-internal/services/subscribe/logger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package subscribe
 
diff --git a/agent/grpc-internal/services/subscribe/subscribe.go b/agent/grpc-internal/services/subscribe/subscribe.go
index 08c501b6dd03..a728b0164c97 100644
--- a/agent/grpc-internal/services/subscribe/subscribe.go
+++ b/agent/grpc-internal/services/subscribe/subscribe.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package subscribe
 
diff --git a/agent/grpc-internal/services/subscribe/subscribe_test.go b/agent/grpc-internal/services/subscribe/subscribe_test.go
index 54a267f7c40d..910862d4cfbd 100644
--- a/agent/grpc-internal/services/subscribe/subscribe_test.go
+++ b/agent/grpc-internal/services/subscribe/subscribe_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package subscribe
 
diff --git a/agent/grpc-internal/stats_test.go b/agent/grpc-internal/stats_test.go
index 5da26f512ccb..d14c4c46bc45 100644
--- a/agent/grpc-internal/stats_test.go
+++ b/agent/grpc-internal/stats_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package internal
 
diff --git a/agent/grpc-internal/tracker.go b/agent/grpc-internal/tracker.go
index a313f88e5350..251fe48f9539 100644
--- a/agent/grpc-internal/tracker.go
+++ b/agent/grpc-internal/tracker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package internal
 
diff --git a/agent/grpc-middleware/auth_interceptor.go b/agent/grpc-middleware/auth_interceptor.go
index 0472b71f00ec..af85e5c6f94c 100644
--- a/agent/grpc-middleware/auth_interceptor.go
+++ b/agent/grpc-middleware/auth_interceptor.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/grpc-middleware/auth_interceptor_test.go b/agent/grpc-middleware/auth_interceptor_test.go
index 18f9334cc9b8..0c447499bcb2 100644
--- a/agent/grpc-middleware/auth_interceptor_test.go
+++ b/agent/grpc-middleware/auth_interceptor_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/grpc-middleware/handshake.go b/agent/grpc-middleware/handshake.go
index 82b352bb5ac3..893421e0e7f1 100644
--- a/agent/grpc-middleware/handshake.go
+++ b/agent/grpc-middleware/handshake.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/grpc-middleware/handshake_test.go b/agent/grpc-middleware/handshake_test.go
index f987a6689af2..178451a31464 100644
--- a/agent/grpc-middleware/handshake_test.go
+++ b/agent/grpc-middleware/handshake_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/grpc-middleware/rate.go b/agent/grpc-middleware/rate.go
index 6f84fd36c16e..bdb63cd244a9 100644
--- a/agent/grpc-middleware/rate.go
+++ b/agent/grpc-middleware/rate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/grpc-middleware/rate_test.go b/agent/grpc-middleware/rate_test.go
index 0a71d232465c..16c84734a9ed 100644
--- a/agent/grpc-middleware/rate_test.go
+++ b/agent/grpc-middleware/rate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/grpc-middleware/recovery.go b/agent/grpc-middleware/recovery.go
index cf1cbabe4e08..04b918ee9b3a 100644
--- a/agent/grpc-middleware/recovery.go
+++ b/agent/grpc-middleware/recovery.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/grpc-middleware/stats.go b/agent/grpc-middleware/stats.go
index 564d14a844b9..a6bf1d2c59be 100644
--- a/agent/grpc-middleware/stats.go
+++ b/agent/grpc-middleware/stats.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/grpc-middleware/testutil/fake_sink.go b/agent/grpc-middleware/testutil/fake_sink.go
index c121481ee24f..be7623c774a2 100644
--- a/agent/grpc-middleware/testutil/fake_sink.go
+++ b/agent/grpc-middleware/testutil/fake_sink.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package testutil
 
diff --git a/agent/grpc-middleware/testutil/testservice/buf.gen.yaml b/agent/grpc-middleware/testutil/testservice/buf.gen.yaml
index b8ba317a333a..8d8a6c7dbfc0 100644
--- a/agent/grpc-middleware/testutil/testservice/buf.gen.yaml
+++ b/agent/grpc-middleware/testutil/testservice/buf.gen.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 version: v1
 managed:
diff --git a/agent/grpc-middleware/testutil/testservice/fake_service.go b/agent/grpc-middleware/testutil/testservice/fake_service.go
index 4428e173740b..ca21d286f0b3 100644
--- a/agent/grpc-middleware/testutil/testservice/fake_service.go
+++ b/agent/grpc-middleware/testutil/testservice/fake_service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package testservice
 
diff --git a/agent/grpc-middleware/testutil/testservice/simple.pb.go b/agent/grpc-middleware/testutil/testservice/simple.pb.go
index 18022b3dad3d..b4f664bf1ca7 100644
--- a/agent/grpc-middleware/testutil/testservice/simple.pb.go
+++ b/agent/grpc-middleware/testutil/testservice/simple.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/agent/grpc-middleware/testutil/testservice/simple.proto b/agent/grpc-middleware/testutil/testservice/simple.proto
index c8ce3d58118d..d005a45aa113 100644
--- a/agent/grpc-middleware/testutil/testservice/simple.proto
+++ b/agent/grpc-middleware/testutil/testservice/simple.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/agent/hcp/bootstrap/bootstrap.go b/agent/hcp/bootstrap/bootstrap.go
index 191859ea002b..8e544bdec312 100644
--- a/agent/hcp/bootstrap/bootstrap.go
+++ b/agent/hcp/bootstrap/bootstrap.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package bootstrap handles bootstrapping an agent's config from HCP. It must be a
 // separate package from other HCP components because it has a dependency on
diff --git a/agent/hcp/bootstrap/bootstrap_test.go b/agent/hcp/bootstrap/bootstrap_test.go
index 74b57e5f50ab..b475223ff8cf 100644
--- a/agent/hcp/bootstrap/bootstrap_test.go
+++ b/agent/hcp/bootstrap/bootstrap_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package bootstrap
 
 import (
diff --git a/agent/hcp/bootstrap/testing.go b/agent/hcp/bootstrap/testing.go
index a10a5d2bc8ad..f073d1718344 100644
--- a/agent/hcp/bootstrap/testing.go
+++ b/agent/hcp/bootstrap/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bootstrap
 
diff --git a/agent/hcp/client/client.go b/agent/hcp/client/client.go
index f04767e983c7..c0526c0e4acf 100644
--- a/agent/hcp/client/client.go
+++ b/agent/hcp/client/client.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package client
 
diff --git a/agent/hcp/client/client_test.go b/agent/hcp/client/client_test.go
index d4bae2ae4cb5..5571630ad45a 100644
--- a/agent/hcp/client/client_test.go
+++ b/agent/hcp/client/client_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package client
 
 import (
diff --git a/agent/hcp/client/metrics_client.go b/agent/hcp/client/metrics_client.go
index 3c5b5c4fb9d6..b3c1c6a6b3dc 100644
--- a/agent/hcp/client/metrics_client.go
+++ b/agent/hcp/client/metrics_client.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package client
 
 import (
diff --git a/agent/hcp/client/metrics_client_test.go b/agent/hcp/client/metrics_client_test.go
index 4119e326e9dc..20a5f010ec4c 100644
--- a/agent/hcp/client/metrics_client_test.go
+++ b/agent/hcp/client/metrics_client_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package client
 
 import (
diff --git a/agent/hcp/client/mock_CloudConfig.go b/agent/hcp/client/mock_CloudConfig.go
index 5f2ef50046d7..574f83e55fd5 100644
--- a/agent/hcp/client/mock_CloudConfig.go
+++ b/agent/hcp/client/mock_CloudConfig.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package client
 
 import (
diff --git a/agent/hcp/client/telemetry_config.go b/agent/hcp/client/telemetry_config.go
index 55c226438030..4c5b27c58b4f 100644
--- a/agent/hcp/client/telemetry_config.go
+++ b/agent/hcp/client/telemetry_config.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package client
 
 import (
diff --git a/agent/hcp/client/telemetry_config_test.go b/agent/hcp/client/telemetry_config_test.go
index 42d3ee649802..1e6e2cb23a29 100644
--- a/agent/hcp/client/telemetry_config_test.go
+++ b/agent/hcp/client/telemetry_config_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package client
 
 import (
diff --git a/agent/hcp/config/config.go b/agent/hcp/config/config.go
index 319c39e40e94..59977ef46f37 100644
--- a/agent/hcp/config/config.go
+++ b/agent/hcp/config/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/agent/hcp/deps.go b/agent/hcp/deps.go
index 0d52c7b54ea5..503792d84c0a 100644
--- a/agent/hcp/deps.go
+++ b/agent/hcp/deps.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package hcp
 
diff --git a/agent/hcp/deps_test.go b/agent/hcp/deps_test.go
index 8bab66bac3f3..101fe076cb69 100644
--- a/agent/hcp/deps_test.go
+++ b/agent/hcp/deps_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package hcp
 
 import (
diff --git a/agent/hcp/discover/discover.go b/agent/hcp/discover/discover.go
index 12024b7dd6a0..981400c38b47 100644
--- a/agent/hcp/discover/discover.go
+++ b/agent/hcp/discover/discover.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package discover
 
diff --git a/agent/hcp/manager.go b/agent/hcp/manager.go
index 0dc9db95da29..a3664b0608df 100644
--- a/agent/hcp/manager.go
+++ b/agent/hcp/manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package hcp
 
diff --git a/agent/hcp/manager_test.go b/agent/hcp/manager_test.go
index 48ace166618b..8432e63ed528 100644
--- a/agent/hcp/manager_test.go
+++ b/agent/hcp/manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package hcp
 
diff --git a/agent/hcp/scada/capabilities.go b/agent/hcp/scada/capabilities.go
index c18192ae6e94..bbb6ea6266dc 100644
--- a/agent/hcp/scada/capabilities.go
+++ b/agent/hcp/scada/capabilities.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package scada
 
diff --git a/agent/hcp/scada/scada.go b/agent/hcp/scada/scada.go
index 5aba819bda49..151e1b6862ef 100644
--- a/agent/hcp/scada/scada.go
+++ b/agent/hcp/scada/scada.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package scada
 
diff --git a/agent/hcp/telemetry/custom_metrics.go b/agent/hcp/telemetry/custom_metrics.go
index d691dccde207..39df765b9204 100644
--- a/agent/hcp/telemetry/custom_metrics.go
+++ b/agent/hcp/telemetry/custom_metrics.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package telemetry
 
 // Keys for custom Go Metrics metrics emitted only for the OTEL
diff --git a/agent/hcp/telemetry/doc.go b/agent/hcp/telemetry/doc.go
index 4ef18f39bd30..d982a37c0f3e 100644
--- a/agent/hcp/telemetry/doc.go
+++ b/agent/hcp/telemetry/doc.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 // Package telemetry implements functionality to collect, aggregate, convert and export
 // telemetry data in OpenTelemetry Protocol (OTLP) format.
 //
diff --git a/agent/hcp/telemetry/gauge_store.go b/agent/hcp/telemetry/gauge_store.go
index 76dfb7806668..bb7030dae852 100644
--- a/agent/hcp/telemetry/gauge_store.go
+++ b/agent/hcp/telemetry/gauge_store.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package telemetry
 
 import (
diff --git a/agent/hcp/telemetry/gauge_store_test.go b/agent/hcp/telemetry/gauge_store_test.go
index 1171ee379c32..4ccac624dbd9 100644
--- a/agent/hcp/telemetry/gauge_store_test.go
+++ b/agent/hcp/telemetry/gauge_store_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package telemetry
 
 import (
diff --git a/agent/hcp/telemetry/otel_exporter.go b/agent/hcp/telemetry/otel_exporter.go
index 084657816e0c..23852f3539cf 100644
--- a/agent/hcp/telemetry/otel_exporter.go
+++ b/agent/hcp/telemetry/otel_exporter.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package telemetry
 
 import (
diff --git a/agent/hcp/telemetry/otel_exporter_test.go b/agent/hcp/telemetry/otel_exporter_test.go
index 53b7bd316094..09d848d3bee3 100644
--- a/agent/hcp/telemetry/otel_exporter_test.go
+++ b/agent/hcp/telemetry/otel_exporter_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package telemetry
 
 import (
diff --git a/agent/hcp/telemetry/otel_sink.go b/agent/hcp/telemetry/otel_sink.go
index 49a6d595076c..a25c549e23a4 100644
--- a/agent/hcp/telemetry/otel_sink.go
+++ b/agent/hcp/telemetry/otel_sink.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package telemetry
 
 import (
diff --git a/agent/hcp/telemetry/otel_sink_test.go b/agent/hcp/telemetry/otel_sink_test.go
index 509dde299d62..13c310b34ca0 100644
--- a/agent/hcp/telemetry/otel_sink_test.go
+++ b/agent/hcp/telemetry/otel_sink_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package telemetry
 
 import (
diff --git a/agent/hcp/telemetry/otlp_transform.go b/agent/hcp/telemetry/otlp_transform.go
index 76e20552a0d4..a244f0f1a5f6 100644
--- a/agent/hcp/telemetry/otlp_transform.go
+++ b/agent/hcp/telemetry/otlp_transform.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package telemetry
 
 import (
diff --git a/agent/hcp/telemetry/otlp_transform_test.go b/agent/hcp/telemetry/otlp_transform_test.go
index 8f6beb7d489d..04ff40382dda 100644
--- a/agent/hcp/telemetry/otlp_transform_test.go
+++ b/agent/hcp/telemetry/otlp_transform_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package telemetry
 
 import (
diff --git a/agent/hcp/telemetry_provider.go b/agent/hcp/telemetry_provider.go
index eb0f23e804f3..870d3b3685a4 100644
--- a/agent/hcp/telemetry_provider.go
+++ b/agent/hcp/telemetry_provider.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package hcp
 
 import (
diff --git a/agent/hcp/telemetry_provider_test.go b/agent/hcp/telemetry_provider_test.go
index 684593b4f38b..0c20a5742e42 100644
--- a/agent/hcp/telemetry_provider_test.go
+++ b/agent/hcp/telemetry_provider_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package hcp
 
 import (
diff --git a/agent/hcp/testing.go b/agent/hcp/testing.go
index 94f3122c33d2..30f7ba7bcdeb 100644
--- a/agent/hcp/testing.go
+++ b/agent/hcp/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package hcp
 
diff --git a/agent/hcp/testserver/main.go b/agent/hcp/testserver/main.go
index ffdd4cac51af..e0db7670ef99 100644
--- a/agent/hcp/testserver/main.go
+++ b/agent/hcp/testserver/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package main
 
diff --git a/agent/health_endpoint.go b/agent/health_endpoint.go
index ea3d315f6b8b..3b888988d273 100644
--- a/agent/health_endpoint.go
+++ b/agent/health_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/health_endpoint_test.go b/agent/health_endpoint_test.go
index 3a589be0d78b..021a269b8a09 100644
--- a/agent/health_endpoint_test.go
+++ b/agent/health_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/http.go b/agent/http.go
index 200f28c7559c..982e784c76b7 100644
--- a/agent/http.go
+++ b/agent/http.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/http_decode_test.go b/agent/http_decode_test.go
index 03d1b9191fa7..6aece784c0b2 100644
--- a/agent/http_decode_test.go
+++ b/agent/http_decode_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/http_oss.go b/agent/http_oss.go
index 6aafdaa2c200..8f6d81ca9841 100644
--- a/agent/http_oss.go
+++ b/agent/http_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/http_oss_test.go b/agent/http_oss_test.go
index 5ba36320f628..37b13d38c873 100644
--- a/agent/http_oss_test.go
+++ b/agent/http_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/http_register.go b/agent/http_register.go
index b3f0dfea3f3a..bc2551ec000d 100644
--- a/agent/http_register.go
+++ b/agent/http_register.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/http_test.go b/agent/http_test.go
index 99100c5fbc8e..83510d9c06e0 100644
--- a/agent/http_test.go
+++ b/agent/http_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/intentions_endpoint.go b/agent/intentions_endpoint.go
index 2353c5bdac2e..4f0b188a0cc4 100644
--- a/agent/intentions_endpoint.go
+++ b/agent/intentions_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/intentions_endpoint_oss_test.go b/agent/intentions_endpoint_oss_test.go
index 1eb8f829394d..a0dcfb692479 100644
--- a/agent/intentions_endpoint_oss_test.go
+++ b/agent/intentions_endpoint_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/intentions_endpoint_test.go b/agent/intentions_endpoint_test.go
index 161b8b5139d5..b1309feb9d2c 100644
--- a/agent/intentions_endpoint_test.go
+++ b/agent/intentions_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/keyring.go b/agent/keyring.go
index 3d96880f03aa..f30680774b34 100644
--- a/agent/keyring.go
+++ b/agent/keyring.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/keyring_test.go b/agent/keyring_test.go
index 7ce5d2cd4b93..1a9332a8a739 100644
--- a/agent/keyring_test.go
+++ b/agent/keyring_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/kvs_endpoint.go b/agent/kvs_endpoint.go
index d5ad8cabc3de..e60567cd5b80 100644
--- a/agent/kvs_endpoint.go
+++ b/agent/kvs_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/kvs_endpoint_test.go b/agent/kvs_endpoint_test.go
index 6ea5efced20d..2b3563000815 100644
--- a/agent/kvs_endpoint_test.go
+++ b/agent/kvs_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/leafcert/cached_roots.go b/agent/leafcert/cached_roots.go
index b973b6dc660c..aaf768a2fb8e 100644
--- a/agent/leafcert/cached_roots.go
+++ b/agent/leafcert/cached_roots.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/cert.go b/agent/leafcert/cert.go
index 023068573775..b6236a4a14ac 100644
--- a/agent/leafcert/cert.go
+++ b/agent/leafcert/cert.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/generate.go b/agent/leafcert/generate.go
index 0e397cdc2d52..9551e760b1fc 100644
--- a/agent/leafcert/generate.go
+++ b/agent/leafcert/generate.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/leafcert.go b/agent/leafcert/leafcert.go
index 9cd0c08db13d..5b1cd6b9be3b 100644
--- a/agent/leafcert/leafcert.go
+++ b/agent/leafcert/leafcert.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/leafcert_test.go b/agent/leafcert/leafcert_test.go
index 0db683a816e1..0b523523e473 100644
--- a/agent/leafcert/leafcert_test.go
+++ b/agent/leafcert/leafcert_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/roots.go b/agent/leafcert/roots.go
index 7f95e0578dcc..161b0d0a041c 100644
--- a/agent/leafcert/roots.go
+++ b/agent/leafcert/roots.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/signer_netrpc.go b/agent/leafcert/signer_netrpc.go
index 2d6b490a9ea8..0e1a7a7487f8 100644
--- a/agent/leafcert/signer_netrpc.go
+++ b/agent/leafcert/signer_netrpc.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/signer_test.go b/agent/leafcert/signer_test.go
index 21e3388f5a1c..ad385f8c72a1 100644
--- a/agent/leafcert/signer_test.go
+++ b/agent/leafcert/signer_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/structs.go b/agent/leafcert/structs.go
index 531d35c897e6..7ad11a0869a5 100644
--- a/agent/leafcert/structs.go
+++ b/agent/leafcert/structs.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/structs_test.go b/agent/leafcert/structs_test.go
index bb131f10ed7c..6a8e03470031 100644
--- a/agent/leafcert/structs_test.go
+++ b/agent/leafcert/structs_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/util.go b/agent/leafcert/util.go
index a7453df37b4f..795aa62ac11c 100644
--- a/agent/leafcert/util.go
+++ b/agent/leafcert/util.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/util_test.go b/agent/leafcert/util_test.go
index be89ad5936c1..0716a9af88f2 100644
--- a/agent/leafcert/util_test.go
+++ b/agent/leafcert/util_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/leafcert/watch.go b/agent/leafcert/watch.go
index 62a7260c4287..fe745f916d14 100644
--- a/agent/leafcert/watch.go
+++ b/agent/leafcert/watch.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package leafcert
 
 import (
diff --git a/agent/local/state.go b/agent/local/state.go
index 3e43ddc9a172..6a5fac9ff21c 100644
--- a/agent/local/state.go
+++ b/agent/local/state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package local
 
diff --git a/agent/local/state_internal_test.go b/agent/local/state_internal_test.go
index ba68e20f287a..61fc2c0273a8 100644
--- a/agent/local/state_internal_test.go
+++ b/agent/local/state_internal_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package local
 
diff --git a/agent/local/state_test.go b/agent/local/state_test.go
index 4751352ec1c8..ced73201e72b 100644
--- a/agent/local/state_test.go
+++ b/agent/local/state_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package local_test
 
diff --git a/agent/local/testing.go b/agent/local/testing.go
index 5303cb6b0c4a..5e9ae15ac376 100644
--- a/agent/local/testing.go
+++ b/agent/local/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package local
 
diff --git a/agent/log-drop/log-drop.go b/agent/log-drop/log-drop.go
index 54bc09c5a8c3..ea08f88d890b 100644
--- a/agent/log-drop/log-drop.go
+++ b/agent/log-drop/log-drop.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logdrop
 
diff --git a/agent/log-drop/log-drop_test.go b/agent/log-drop/log-drop_test.go
index fdb61a059e52..c050a734be4a 100644
--- a/agent/log-drop/log-drop_test.go
+++ b/agent/log-drop/log-drop_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logdrop
 
diff --git a/agent/metadata/build.go b/agent/metadata/build.go
index b50fa96acc7a..76a432d9a380 100644
--- a/agent/metadata/build.go
+++ b/agent/metadata/build.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package metadata
 
diff --git a/agent/metadata/build_test.go b/agent/metadata/build_test.go
index 4688db2e1850..888b9b0210c4 100644
--- a/agent/metadata/build_test.go
+++ b/agent/metadata/build_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package metadata
 
diff --git a/agent/metadata/server.go b/agent/metadata/server.go
index 64c993690989..2e626787bdff 100644
--- a/agent/metadata/server.go
+++ b/agent/metadata/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package metadata
 
diff --git a/agent/metadata/server_internal_test.go b/agent/metadata/server_internal_test.go
index 5f3d47724ee9..bb0561ab2d19 100644
--- a/agent/metadata/server_internal_test.go
+++ b/agent/metadata/server_internal_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package metadata
 
diff --git a/agent/metadata/server_test.go b/agent/metadata/server_test.go
index 8ee63fa3b413..78b16f2599b2 100644
--- a/agent/metadata/server_test.go
+++ b/agent/metadata/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package metadata_test
 
diff --git a/agent/metrics.go b/agent/metrics.go
index d9294eb25cb9..58f9e3c829e1 100644
--- a/agent/metrics.go
+++ b/agent/metrics.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/metrics/testing.go b/agent/metrics/testing.go
index 0fc3455ab5e7..3663d6834c16 100644
--- a/agent/metrics/testing.go
+++ b/agent/metrics/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package metrics
 
diff --git a/agent/metrics_test.go b/agent/metrics_test.go
index 76da0e55f292..41013b3c7069 100644
--- a/agent/metrics_test.go
+++ b/agent/metrics_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/mock/notify.go b/agent/mock/notify.go
index 1aa700b31d2d..00dc9a3864a7 100644
--- a/agent/mock/notify.go
+++ b/agent/mock/notify.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package mock
 
diff --git a/agent/nodeid.go b/agent/nodeid.go
index 1e5823aef7c6..c2192fac9123 100644
--- a/agent/nodeid.go
+++ b/agent/nodeid.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/nodeid_test.go b/agent/nodeid_test.go
index d48889bf6d8d..73ce601249db 100644
--- a/agent/nodeid_test.go
+++ b/agent/nodeid_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/notify.go b/agent/notify.go
index eec501f098ad..80a150b19413 100644
--- a/agent/notify.go
+++ b/agent/notify.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/notify_test.go b/agent/notify_test.go
index fe08800ae2ec..f256ee319ce7 100644
--- a/agent/notify_test.go
+++ b/agent/notify_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/operator_endpoint.go b/agent/operator_endpoint.go
index 099f3dcfe4b0..f669c13bd5ca 100644
--- a/agent/operator_endpoint.go
+++ b/agent/operator_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/operator_endpoint_oss.go b/agent/operator_endpoint_oss.go
index 366899cd96a6..51c382627a74 100644
--- a/agent/operator_endpoint_oss.go
+++ b/agent/operator_endpoint_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/operator_endpoint_oss_test.go b/agent/operator_endpoint_oss_test.go
index f4de46f9050c..0086a56065ca 100644
--- a/agent/operator_endpoint_oss_test.go
+++ b/agent/operator_endpoint_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/operator_endpoint_test.go b/agent/operator_endpoint_test.go
index 4d90dbb2249e..ffe5c1a53abe 100644
--- a/agent/operator_endpoint_test.go
+++ b/agent/operator_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/peering_endpoint.go b/agent/peering_endpoint.go
index 8372c94c2e2d..7527dc47966a 100644
--- a/agent/peering_endpoint.go
+++ b/agent/peering_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/peering_endpoint_oss_test.go b/agent/peering_endpoint_oss_test.go
index 997251580bef..c74cccf200b2 100644
--- a/agent/peering_endpoint_oss_test.go
+++ b/agent/peering_endpoint_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/peering_endpoint_test.go b/agent/peering_endpoint_test.go
index 7ec63c1cd73e..ba3b704b8b5a 100644
--- a/agent/peering_endpoint_test.go
+++ b/agent/peering_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/pool/conn.go b/agent/pool/conn.go
index 45a2c0948617..24d4c2cba4dc 100644
--- a/agent/pool/conn.go
+++ b/agent/pool/conn.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pool
 
diff --git a/agent/pool/peek.go b/agent/pool/peek.go
index d6557bb23db8..b631134341d9 100644
--- a/agent/pool/peek.go
+++ b/agent/pool/peek.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pool
 
diff --git a/agent/pool/peek_test.go b/agent/pool/peek_test.go
index cb53c421f9c2..29fbe9d4ab72 100644
--- a/agent/pool/peek_test.go
+++ b/agent/pool/peek_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pool
 
diff --git a/agent/pool/pool.go b/agent/pool/pool.go
index cadb0e4af4ec..899cefe2e974 100644
--- a/agent/pool/pool.go
+++ b/agent/pool/pool.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pool
 
diff --git a/agent/prepared_query_endpoint.go b/agent/prepared_query_endpoint.go
index 8d5f9fdc5313..15ab1005e48b 100644
--- a/agent/prepared_query_endpoint.go
+++ b/agent/prepared_query_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/prepared_query_endpoint_test.go b/agent/prepared_query_endpoint_test.go
index f96c43ad8b90..07e4b8e68c70 100644
--- a/agent/prepared_query_endpoint_test.go
+++ b/agent/prepared_query_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/proxycfg-glue/config_entry.go b/agent/proxycfg-glue/config_entry.go
index cd86d91e1e91..3a79e228277d 100644
--- a/agent/proxycfg-glue/config_entry.go
+++ b/agent/proxycfg-glue/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/discovery_chain.go b/agent/proxycfg-glue/discovery_chain.go
index 3b322e6b334f..518467492d7c 100644
--- a/agent/proxycfg-glue/discovery_chain.go
+++ b/agent/proxycfg-glue/discovery_chain.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/discovery_chain_test.go b/agent/proxycfg-glue/discovery_chain_test.go
index 60d48537c684..e4156667d36b 100644
--- a/agent/proxycfg-glue/discovery_chain_test.go
+++ b/agent/proxycfg-glue/discovery_chain_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/exported_peered_services.go b/agent/proxycfg-glue/exported_peered_services.go
index 8637891f1556..1b9260045171 100644
--- a/agent/proxycfg-glue/exported_peered_services.go
+++ b/agent/proxycfg-glue/exported_peered_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/exported_peered_services_test.go b/agent/proxycfg-glue/exported_peered_services_test.go
index a2b99d4d25b5..91b42323fab8 100644
--- a/agent/proxycfg-glue/exported_peered_services_test.go
+++ b/agent/proxycfg-glue/exported_peered_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/federation_state_list_mesh_gateways.go b/agent/proxycfg-glue/federation_state_list_mesh_gateways.go
index f5f32f1c01cb..c34303552c0a 100644
--- a/agent/proxycfg-glue/federation_state_list_mesh_gateways.go
+++ b/agent/proxycfg-glue/federation_state_list_mesh_gateways.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go b/agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go
index fd73e19aaf69..baf477f4340b 100644
--- a/agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go
+++ b/agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/gateway_services.go b/agent/proxycfg-glue/gateway_services.go
index 24f4087eea81..555b1d538535 100644
--- a/agent/proxycfg-glue/gateway_services.go
+++ b/agent/proxycfg-glue/gateway_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/gateway_services_test.go b/agent/proxycfg-glue/gateway_services_test.go
index eb853bd7b49e..ff89a62c92e4 100644
--- a/agent/proxycfg-glue/gateway_services_test.go
+++ b/agent/proxycfg-glue/gateway_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go
index d0363ec3b8e7..8f23bf458ea7 100644
--- a/agent/proxycfg-glue/glue.go
+++ b/agent/proxycfg-glue/glue.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/health.go b/agent/proxycfg-glue/health.go
index f0808da978ce..6acf5b702302 100644
--- a/agent/proxycfg-glue/health.go
+++ b/agent/proxycfg-glue/health.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/health_blocking.go b/agent/proxycfg-glue/health_blocking.go
index 0a47a920d157..181605298aa8 100644
--- a/agent/proxycfg-glue/health_blocking.go
+++ b/agent/proxycfg-glue/health_blocking.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/health_blocking_test.go b/agent/proxycfg-glue/health_blocking_test.go
index 3dcdaf17d614..c64381b7fd7f 100644
--- a/agent/proxycfg-glue/health_blocking_test.go
+++ b/agent/proxycfg-glue/health_blocking_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package proxycfgglue
 
 import (
diff --git a/agent/proxycfg-glue/health_test.go b/agent/proxycfg-glue/health_test.go
index 6f5702ca19c8..821e22a78908 100644
--- a/agent/proxycfg-glue/health_test.go
+++ b/agent/proxycfg-glue/health_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/helpers_test.go b/agent/proxycfg-glue/helpers_test.go
index 0d8bd8c9660d..3c7eb5b7ad15 100644
--- a/agent/proxycfg-glue/helpers_test.go
+++ b/agent/proxycfg-glue/helpers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/intention_upstreams.go b/agent/proxycfg-glue/intention_upstreams.go
index 07a12c4ddb6c..dc6731372271 100644
--- a/agent/proxycfg-glue/intention_upstreams.go
+++ b/agent/proxycfg-glue/intention_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/intention_upstreams_test.go b/agent/proxycfg-glue/intention_upstreams_test.go
index 3028524eb0f2..bfaeb55b3864 100644
--- a/agent/proxycfg-glue/intention_upstreams_test.go
+++ b/agent/proxycfg-glue/intention_upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/intentions.go b/agent/proxycfg-glue/intentions.go
index 517605432596..f3186c6689ab 100644
--- a/agent/proxycfg-glue/intentions.go
+++ b/agent/proxycfg-glue/intentions.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/intentions_oss.go b/agent/proxycfg-glue/intentions_oss.go
index bd1823adb192..d4bdef266e09 100644
--- a/agent/proxycfg-glue/intentions_oss.go
+++ b/agent/proxycfg-glue/intentions_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg-glue/intentions_test.go b/agent/proxycfg-glue/intentions_test.go
index 07d3a8067e34..0e1ab1091886 100644
--- a/agent/proxycfg-glue/intentions_test.go
+++ b/agent/proxycfg-glue/intentions_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/internal_service_dump.go b/agent/proxycfg-glue/internal_service_dump.go
index e41dc020b1d0..d1c701083d52 100644
--- a/agent/proxycfg-glue/internal_service_dump.go
+++ b/agent/proxycfg-glue/internal_service_dump.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/internal_service_dump_test.go b/agent/proxycfg-glue/internal_service_dump_test.go
index a6e6c3b02860..1eba4c043828 100644
--- a/agent/proxycfg-glue/internal_service_dump_test.go
+++ b/agent/proxycfg-glue/internal_service_dump_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/leafcerts.go b/agent/proxycfg-glue/leafcerts.go
index 24631ffc3113..b805586a154a 100644
--- a/agent/proxycfg-glue/leafcerts.go
+++ b/agent/proxycfg-glue/leafcerts.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/peered_upstreams.go b/agent/proxycfg-glue/peered_upstreams.go
index df38b3f0daf4..f345c26df572 100644
--- a/agent/proxycfg-glue/peered_upstreams.go
+++ b/agent/proxycfg-glue/peered_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/peered_upstreams_test.go b/agent/proxycfg-glue/peered_upstreams_test.go
index b0e7c0d8f83c..026fd67a3455 100644
--- a/agent/proxycfg-glue/peered_upstreams_test.go
+++ b/agent/proxycfg-glue/peered_upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/peering_list.go b/agent/proxycfg-glue/peering_list.go
index 219bf9b95529..6e7a78c707f1 100644
--- a/agent/proxycfg-glue/peering_list.go
+++ b/agent/proxycfg-glue/peering_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/peering_list_test.go b/agent/proxycfg-glue/peering_list_test.go
index f570dbbcc2a8..575d161b4e5d 100644
--- a/agent/proxycfg-glue/peering_list_test.go
+++ b/agent/proxycfg-glue/peering_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/resolved_service_config.go b/agent/proxycfg-glue/resolved_service_config.go
index 89611bbc0711..11654cd767b2 100644
--- a/agent/proxycfg-glue/resolved_service_config.go
+++ b/agent/proxycfg-glue/resolved_service_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/resolved_service_config_test.go b/agent/proxycfg-glue/resolved_service_config_test.go
index 60d39eec205f..248ab4eab363 100644
--- a/agent/proxycfg-glue/resolved_service_config_test.go
+++ b/agent/proxycfg-glue/resolved_service_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/service_http_checks.go b/agent/proxycfg-glue/service_http_checks.go
index 45521f712ae8..2d0a9dfcff51 100644
--- a/agent/proxycfg-glue/service_http_checks.go
+++ b/agent/proxycfg-glue/service_http_checks.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/service_http_checks_test.go b/agent/proxycfg-glue/service_http_checks_test.go
index cfe28c7e89f9..87bdfc7abe60 100644
--- a/agent/proxycfg-glue/service_http_checks_test.go
+++ b/agent/proxycfg-glue/service_http_checks_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/service_list.go b/agent/proxycfg-glue/service_list.go
index 418103aef6fe..f4a9380df715 100644
--- a/agent/proxycfg-glue/service_list.go
+++ b/agent/proxycfg-glue/service_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/service_list_test.go b/agent/proxycfg-glue/service_list_test.go
index 154c1300a327..c6372aaf4ea1 100644
--- a/agent/proxycfg-glue/service_list_test.go
+++ b/agent/proxycfg-glue/service_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/trust_bundle.go b/agent/proxycfg-glue/trust_bundle.go
index 108e7ea9f9ae..f623d2a5555c 100644
--- a/agent/proxycfg-glue/trust_bundle.go
+++ b/agent/proxycfg-glue/trust_bundle.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/trust_bundle_test.go b/agent/proxycfg-glue/trust_bundle_test.go
index da77e32a56e8..e2082e3d240b 100644
--- a/agent/proxycfg-glue/trust_bundle_test.go
+++ b/agent/proxycfg-glue/trust_bundle_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-sources/catalog/config_source.go b/agent/proxycfg-sources/catalog/config_source.go
index 3fbca88de508..fb1ceab31604 100644
--- a/agent/proxycfg-sources/catalog/config_source.go
+++ b/agent/proxycfg-sources/catalog/config_source.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package catalog
 
diff --git a/agent/proxycfg-sources/catalog/config_source_test.go b/agent/proxycfg-sources/catalog/config_source_test.go
index 661fae9c082b..0767466a6d60 100644
--- a/agent/proxycfg-sources/catalog/config_source_test.go
+++ b/agent/proxycfg-sources/catalog/config_source_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package catalog
 
diff --git a/agent/proxycfg-sources/local/config_source.go b/agent/proxycfg-sources/local/config_source.go
index 18b8a045c421..e104043bac60 100644
--- a/agent/proxycfg-sources/local/config_source.go
+++ b/agent/proxycfg-sources/local/config_source.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package local
 
diff --git a/agent/proxycfg-sources/local/local.go b/agent/proxycfg-sources/local/local.go
index 92eefe1eb85f..44867eb06751 100644
--- a/agent/proxycfg-sources/local/local.go
+++ b/agent/proxycfg-sources/local/local.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package local integrates the proxycfg Manager with the agent's local state.
 package local
diff --git a/agent/proxycfg-sources/local/sync.go b/agent/proxycfg-sources/local/sync.go
index 86427c9f005b..982e527f7934 100644
--- a/agent/proxycfg-sources/local/sync.go
+++ b/agent/proxycfg-sources/local/sync.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package local
 
diff --git a/agent/proxycfg-sources/local/sync_test.go b/agent/proxycfg-sources/local/sync_test.go
index 8fa488351819..5aa030db4cfc 100644
--- a/agent/proxycfg-sources/local/sync_test.go
+++ b/agent/proxycfg-sources/local/sync_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package local
 
diff --git a/agent/proxycfg/api_gateway.go b/agent/proxycfg/api_gateway.go
index b4954cd3973c..3ed39481204c 100644
--- a/agent/proxycfg/api_gateway.go
+++ b/agent/proxycfg/api_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go
index 7dcbe18e7195..0a8c1737923e 100644
--- a/agent/proxycfg/connect_proxy.go
+++ b/agent/proxycfg/connect_proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/data_sources.go b/agent/proxycfg/data_sources.go
index ee779dfb6c88..dfb9a70f357b 100644
--- a/agent/proxycfg/data_sources.go
+++ b/agent/proxycfg/data_sources.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/data_sources_oss.go b/agent/proxycfg/data_sources_oss.go
index 5a92e9486b0d..a4a4aaff7476 100644
--- a/agent/proxycfg/data_sources_oss.go
+++ b/agent/proxycfg/data_sources_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/deep-copy.sh b/agent/proxycfg/deep-copy.sh
index 17791e79b119..2e1f361dd710 100755
--- a/agent/proxycfg/deep-copy.sh
+++ b/agent/proxycfg/deep-copy.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 readonly PACKAGE_DIR="$(dirname "${BASH_SOURCE[0]}")"
diff --git a/agent/proxycfg/ingress_gateway.go b/agent/proxycfg/ingress_gateway.go
index efb774c9b17c..3ab5828add40 100644
--- a/agent/proxycfg/ingress_gateway.go
+++ b/agent/proxycfg/ingress_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/internal/watch/watchmap.go b/agent/proxycfg/internal/watch/watchmap.go
index c36ec3237cc6..d4fba2ea03eb 100644
--- a/agent/proxycfg/internal/watch/watchmap.go
+++ b/agent/proxycfg/internal/watch/watchmap.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package watch
 
diff --git a/agent/proxycfg/internal/watch/watchmap_test.go b/agent/proxycfg/internal/watch/watchmap_test.go
index c5bef8e47108..54fb51d4df9b 100644
--- a/agent/proxycfg/internal/watch/watchmap_test.go
+++ b/agent/proxycfg/internal/watch/watchmap_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package watch
 
diff --git a/agent/proxycfg/manager.go b/agent/proxycfg/manager.go
index a942fd1d1e14..ac87dddc1924 100644
--- a/agent/proxycfg/manager.go
+++ b/agent/proxycfg/manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go
index 13dd0f95420c..72deaa73ab28 100644
--- a/agent/proxycfg/manager_test.go
+++ b/agent/proxycfg/manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/mesh_gateway.go b/agent/proxycfg/mesh_gateway.go
index 80aa75b78317..0237e8423290 100644
--- a/agent/proxycfg/mesh_gateway.go
+++ b/agent/proxycfg/mesh_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/mesh_gateway_oss.go b/agent/proxycfg/mesh_gateway_oss.go
index 2959a8383a1e..0c302f27cd7b 100644
--- a/agent/proxycfg/mesh_gateway_oss.go
+++ b/agent/proxycfg/mesh_gateway_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/naming.go b/agent/proxycfg/naming.go
index 44c1c2cf40e5..3339cb8a5a06 100644
--- a/agent/proxycfg/naming.go
+++ b/agent/proxycfg/naming.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/naming_oss.go b/agent/proxycfg/naming_oss.go
index 858b8d3553df..a98204a8bbac 100644
--- a/agent/proxycfg/naming_oss.go
+++ b/agent/proxycfg/naming_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/naming_test.go b/agent/proxycfg/naming_test.go
index caf917f5d975..0615a8128182 100644
--- a/agent/proxycfg/naming_test.go
+++ b/agent/proxycfg/naming_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/proxycfg.go b/agent/proxycfg/proxycfg.go
index 759c0b733996..9b71156dfe5a 100644
--- a/agent/proxycfg/proxycfg.go
+++ b/agent/proxycfg/proxycfg.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package proxycfg contains components for sourcing the data required to
 // configure Connect proxies. The Manager provides an API with which proxy
diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go
index 1d06e5fd8c9c..974ba82fa7f1 100644
--- a/agent/proxycfg/snapshot.go
+++ b/agent/proxycfg/snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/snapshot_test.go b/agent/proxycfg/snapshot_test.go
index ea6700cd249d..b4b0ab57c957 100644
--- a/agent/proxycfg/snapshot_test.go
+++ b/agent/proxycfg/snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go
index 7bbb7f7b87c5..853dca5a9f1b 100644
--- a/agent/proxycfg/state.go
+++ b/agent/proxycfg/state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/state_oss_test.go b/agent/proxycfg/state_oss_test.go
index e817aeef0b13..36f2e07183e4 100644
--- a/agent/proxycfg/state_oss_test.go
+++ b/agent/proxycfg/state_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go
index 86957df4bd47..dad4465f13ce 100644
--- a/agent/proxycfg/state_test.go
+++ b/agent/proxycfg/state_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/terminating_gateway.go b/agent/proxycfg/terminating_gateway.go
index 7d29ee70501b..05085a6ab26d 100644
--- a/agent/proxycfg/terminating_gateway.go
+++ b/agent/proxycfg/terminating_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing.go b/agent/proxycfg/testing.go
index 4ec19469a98b..bdd565ec0454 100644
--- a/agent/proxycfg/testing.go
+++ b/agent/proxycfg/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing_api_gateway.go b/agent/proxycfg/testing_api_gateway.go
index f42875af8cc4..ddfa17dcf6ab 100644
--- a/agent/proxycfg/testing_api_gateway.go
+++ b/agent/proxycfg/testing_api_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing_connect_proxy.go b/agent/proxycfg/testing_connect_proxy.go
index 8a1583edd0f0..cf6f4a479b1e 100644
--- a/agent/proxycfg/testing_connect_proxy.go
+++ b/agent/proxycfg/testing_connect_proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing_ingress_gateway.go b/agent/proxycfg/testing_ingress_gateway.go
index 7c3599af203a..3967b5703654 100644
--- a/agent/proxycfg/testing_ingress_gateway.go
+++ b/agent/proxycfg/testing_ingress_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing_mesh_gateway.go b/agent/proxycfg/testing_mesh_gateway.go
index d6622699d0e3..865e219cd435 100644
--- a/agent/proxycfg/testing_mesh_gateway.go
+++ b/agent/proxycfg/testing_mesh_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing_oss.go b/agent/proxycfg/testing_oss.go
index 202252a3a733..6aa07588d4d1 100644
--- a/agent/proxycfg/testing_oss.go
+++ b/agent/proxycfg/testing_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/testing_peering.go b/agent/proxycfg/testing_peering.go
index 39d7363606fd..0af8bafa9f08 100644
--- a/agent/proxycfg/testing_peering.go
+++ b/agent/proxycfg/testing_peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing_terminating_gateway.go b/agent/proxycfg/testing_terminating_gateway.go
index 731c8e54b2d5..6a718779943f 100644
--- a/agent/proxycfg/testing_terminating_gateway.go
+++ b/agent/proxycfg/testing_terminating_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing_tproxy.go b/agent/proxycfg/testing_tproxy.go
index 52bbf2f5ec3e..9c1c0934e2b8 100644
--- a/agent/proxycfg/testing_tproxy.go
+++ b/agent/proxycfg/testing_tproxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing_upstreams.go b/agent/proxycfg/testing_upstreams.go
index c5c47ae72fe2..aa8c6c2e04d6 100644
--- a/agent/proxycfg/testing_upstreams.go
+++ b/agent/proxycfg/testing_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing_upstreams_oss.go b/agent/proxycfg/testing_upstreams_oss.go
index 3b8e22d0bda8..711a2794b630 100644
--- a/agent/proxycfg/testing_upstreams_oss.go
+++ b/agent/proxycfg/testing_upstreams_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/upstreams.go b/agent/proxycfg/upstreams.go
index 5e42072fac32..ff2cbd212aca 100644
--- a/agent/proxycfg/upstreams.go
+++ b/agent/proxycfg/upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxycfg
 
diff --git a/agent/proxycfg_test.go b/agent/proxycfg_test.go
index 334af2cca0ac..74584331ae7b 100644
--- a/agent/proxycfg_test.go
+++ b/agent/proxycfg_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/reload.go b/agent/reload.go
index ce31fd1a76c1..cf68481621bc 100644
--- a/agent/reload.go
+++ b/agent/reload.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/remote_exec.go b/agent/remote_exec.go
index 770221ed2622..876c1898620c 100644
--- a/agent/remote_exec.go
+++ b/agent/remote_exec.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/remote_exec_test.go b/agent/remote_exec_test.go
index 9994095078d1..f077de895a39 100644
--- a/agent/remote_exec_test.go
+++ b/agent/remote_exec_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/retry_join.go b/agent/retry_join.go
index a629aa04706e..eb010c0c22c4 100644
--- a/agent/retry_join.go
+++ b/agent/retry_join.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/retry_join_test.go b/agent/retry_join_test.go
index af90205965b2..4184ab0a9f3d 100644
--- a/agent/retry_join_test.go
+++ b/agent/retry_join_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/router/grpc.go b/agent/router/grpc.go
index 9fe6355d4dcf..ce3f079e86b9 100644
--- a/agent/router/grpc.go
+++ b/agent/router/grpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package router
 
diff --git a/agent/router/manager.go b/agent/router/manager.go
index cccbc27d081a..07d55127f3c8 100644
--- a/agent/router/manager.go
+++ b/agent/router/manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package servers provides a Manager interface for Manager managed
 // metadata.Server objects.  The servers package manages servers from a Consul
diff --git a/agent/router/manager_internal_test.go b/agent/router/manager_internal_test.go
index 0e1fa28189a6..120a5f012c63 100644
--- a/agent/router/manager_internal_test.go
+++ b/agent/router/manager_internal_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package router
 
diff --git a/agent/router/manager_test.go b/agent/router/manager_test.go
index 708bb620a0da..6490164fda10 100644
--- a/agent/router/manager_test.go
+++ b/agent/router/manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package router_test
 
diff --git a/agent/router/router.go b/agent/router/router.go
index bdba22f42d41..c261b6ed7cd5 100644
--- a/agent/router/router.go
+++ b/agent/router/router.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package router
 
diff --git a/agent/router/router_test.go b/agent/router/router_test.go
index 1064dea342a3..206b0befe811 100644
--- a/agent/router/router_test.go
+++ b/agent/router/router_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package router
 
diff --git a/agent/router/serf_adapter.go b/agent/router/serf_adapter.go
index f30449dc05df..d3a228ca3d5d 100644
--- a/agent/router/serf_adapter.go
+++ b/agent/router/serf_adapter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package router
 
diff --git a/agent/router/serf_flooder.go b/agent/router/serf_flooder.go
index 34ef318377fa..06d59d5c4a89 100644
--- a/agent/router/serf_flooder.go
+++ b/agent/router/serf_flooder.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package router
 
diff --git a/agent/routine-leak-checker/leak_test.go b/agent/routine-leak-checker/leak_test.go
index 91d84b071b3f..f6b3c2a74953 100644
--- a/agent/routine-leak-checker/leak_test.go
+++ b/agent/routine-leak-checker/leak_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package leakcheck
 
diff --git a/agent/rpc/middleware/interceptors.go b/agent/rpc/middleware/interceptors.go
index f614e06cea76..1e4a4e591fb2 100644
--- a/agent/rpc/middleware/interceptors.go
+++ b/agent/rpc/middleware/interceptors.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/rpc/middleware/interceptors_test.go b/agent/rpc/middleware/interceptors_test.go
index a22837fc6d95..a8e07c8d4d2b 100644
--- a/agent/rpc/middleware/interceptors_test.go
+++ b/agent/rpc/middleware/interceptors_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/rpc/middleware/rate_limit_mappings.go b/agent/rpc/middleware/rate_limit_mappings.go
index 0df249c93233..f9ca6a333301 100644
--- a/agent/rpc/middleware/rate_limit_mappings.go
+++ b/agent/rpc/middleware/rate_limit_mappings.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/rpc/middleware/recovery.go b/agent/rpc/middleware/recovery.go
index df37f969d412..6c23eb3ed3fa 100644
--- a/agent/rpc/middleware/recovery.go
+++ b/agent/rpc/middleware/recovery.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package middleware
 
diff --git a/agent/rpc/operator/service.go b/agent/rpc/operator/service.go
index 6b3302c9f2e4..697b0db25432 100644
--- a/agent/rpc/operator/service.go
+++ b/agent/rpc/operator/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package operator
 
diff --git a/agent/rpc/operator/service_test.go b/agent/rpc/operator/service_test.go
index 465a6d6428d2..3cc9e117d442 100644
--- a/agent/rpc/operator/service_test.go
+++ b/agent/rpc/operator/service_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package operator
 
diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go
index f8e89cabbd30..50e75a428fad 100644
--- a/agent/rpc/peering/service.go
+++ b/agent/rpc/peering/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peering
 
diff --git a/agent/rpc/peering/service_oss_test.go b/agent/rpc/peering/service_oss_test.go
index d4e5fab0ba40..92fb9fac45d2 100644
--- a/agent/rpc/peering/service_oss_test.go
+++ b/agent/rpc/peering/service_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go
index 0af92f531629..49bf97b19c7f 100644
--- a/agent/rpc/peering/service_test.go
+++ b/agent/rpc/peering/service_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peering_test
 
diff --git a/agent/rpc/peering/testing.go b/agent/rpc/peering/testing.go
index ddd9d43a8ad2..8989950ee29b 100644
--- a/agent/rpc/peering/testing.go
+++ b/agent/rpc/peering/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peering
 
diff --git a/agent/rpc/peering/testutil_oss_test.go b/agent/rpc/peering/testutil_oss_test.go
index d15d62e9f1cb..4602c01fc5ab 100644
--- a/agent/rpc/peering/testutil_oss_test.go
+++ b/agent/rpc/peering/testutil_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/rpc/peering/validate.go b/agent/rpc/peering/validate.go
index 1bd3f393bd74..2de6684d85ff 100644
--- a/agent/rpc/peering/validate.go
+++ b/agent/rpc/peering/validate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peering
 
diff --git a/agent/rpc/peering/validate_test.go b/agent/rpc/peering/validate_test.go
index c5b3c6c7bdb0..669baf41702f 100644
--- a/agent/rpc/peering/validate_test.go
+++ b/agent/rpc/peering/validate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peering
 
diff --git a/agent/rpcclient/common.go b/agent/rpcclient/common.go
index 8ff157399236..316fb341a935 100644
--- a/agent/rpcclient/common.go
+++ b/agent/rpcclient/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package rpcclient
 
diff --git a/agent/rpcclient/configentry/configentry.go b/agent/rpcclient/configentry/configentry.go
index ada7928dc1af..2b38455beb07 100644
--- a/agent/rpcclient/configentry/configentry.go
+++ b/agent/rpcclient/configentry/configentry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package configentry
 
diff --git a/agent/rpcclient/configentry/configentry_test.go b/agent/rpcclient/configentry/configentry_test.go
index 9f526892fd11..92e6f4b3c88a 100644
--- a/agent/rpcclient/configentry/configentry_test.go
+++ b/agent/rpcclient/configentry/configentry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package configentry
 
diff --git a/agent/rpcclient/configentry/view.go b/agent/rpcclient/configentry/view.go
index dae3208810bf..70271a9220e9 100644
--- a/agent/rpcclient/configentry/view.go
+++ b/agent/rpcclient/configentry/view.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package configentry
 
diff --git a/agent/rpcclient/configentry/view_test.go b/agent/rpcclient/configentry/view_test.go
index 37e642e5c36c..0209c898cafe 100644
--- a/agent/rpcclient/configentry/view_test.go
+++ b/agent/rpcclient/configentry/view_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package configentry
 
diff --git a/agent/rpcclient/health/health.go b/agent/rpcclient/health/health.go
index 8a65a50578aa..f062d2aac284 100644
--- a/agent/rpcclient/health/health.go
+++ b/agent/rpcclient/health/health.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package health
 
diff --git a/agent/rpcclient/health/health_test.go b/agent/rpcclient/health/health_test.go
index 2d8c57a3beba..30900bc04cc0 100644
--- a/agent/rpcclient/health/health_test.go
+++ b/agent/rpcclient/health/health_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package health
 
diff --git a/agent/rpcclient/health/streaming_test.go b/agent/rpcclient/health/streaming_test.go
index 3a0ba734ba9a..180b61f0eec6 100644
--- a/agent/rpcclient/health/streaming_test.go
+++ b/agent/rpcclient/health/streaming_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package health
 
diff --git a/agent/rpcclient/health/view.go b/agent/rpcclient/health/view.go
index e1fffd3e23de..8e08ba801e5f 100644
--- a/agent/rpcclient/health/view.go
+++ b/agent/rpcclient/health/view.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package health
 
diff --git a/agent/rpcclient/health/view_test.go b/agent/rpcclient/health/view_test.go
index 2324ba866c25..ce2af7cdac60 100644
--- a/agent/rpcclient/health/view_test.go
+++ b/agent/rpcclient/health/view_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package health
 
diff --git a/agent/service_checks_test.go b/agent/service_checks_test.go
index c567776587e3..41372cc47dbb 100644
--- a/agent/service_checks_test.go
+++ b/agent/service_checks_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/service_manager.go b/agent/service_manager.go
index b7e38b393ace..1c6041f8f0de 100644
--- a/agent/service_manager.go
+++ b/agent/service_manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/service_manager_test.go b/agent/service_manager_test.go
index 724022d42ad9..289503a51ede 100644
--- a/agent/service_manager_test.go
+++ b/agent/service_manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/session_endpoint.go b/agent/session_endpoint.go
index a9b9a6dee6ba..90c3fa32bae7 100644
--- a/agent/session_endpoint.go
+++ b/agent/session_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/session_endpoint_test.go b/agent/session_endpoint_test.go
index 5ce93db7a68f..ae5a492808d7 100644
--- a/agent/session_endpoint_test.go
+++ b/agent/session_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/setup.go b/agent/setup.go
index 7599668e33ed..4c1aaa1a9963 100644
--- a/agent/setup.go
+++ b/agent/setup.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/setup_oss.go b/agent/setup_oss.go
index 46c4b80eb4ef..af24a1515e6b 100644
--- a/agent/setup_oss.go
+++ b/agent/setup_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/sidecar_service.go b/agent/sidecar_service.go
index 7dfb067b50ef..8e57d5930bc1 100644
--- a/agent/sidecar_service.go
+++ b/agent/sidecar_service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/sidecar_service_test.go b/agent/sidecar_service_test.go
index 4960dd73d054..fd39a5a284a1 100644
--- a/agent/sidecar_service_test.go
+++ b/agent/sidecar_service_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/signal_unix.go b/agent/signal_unix.go
index bd0b3e7793cd..83e00f27b351 100644
--- a/agent/signal_unix.go
+++ b/agent/signal_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !windows
 // +build !windows
diff --git a/agent/signal_windows.go b/agent/signal_windows.go
index c6ea0c980ffb..cb49a169c09a 100644
--- a/agent/signal_windows.go
+++ b/agent/signal_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build windows
 // +build windows
diff --git a/agent/snapshot_endpoint.go b/agent/snapshot_endpoint.go
index 60d986256433..06805ae5f8c1 100644
--- a/agent/snapshot_endpoint.go
+++ b/agent/snapshot_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/snapshot_endpoint_test.go b/agent/snapshot_endpoint_test.go
index e68fb22f385f..a534fe025113 100644
--- a/agent/snapshot_endpoint_test.go
+++ b/agent/snapshot_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/status_endpoint.go b/agent/status_endpoint.go
index 86f9f1a5d019..4a40ec891027 100644
--- a/agent/status_endpoint.go
+++ b/agent/status_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/status_endpoint_test.go b/agent/status_endpoint_test.go
index 5be9d6be64a3..db231fbc9b83 100644
--- a/agent/status_endpoint_test.go
+++ b/agent/status_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/streaming_test.go b/agent/streaming_test.go
index 9074f66e8344..fed1e8126d41 100644
--- a/agent/streaming_test.go
+++ b/agent/streaming_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/structs/acl.go b/agent/structs/acl.go
index 981550694348..813a3b175843 100644
--- a/agent/structs/acl.go
+++ b/agent/structs/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/acl_cache.go b/agent/structs/acl_cache.go
index 46d4fdd28117..15f3a2edc3c2 100644
--- a/agent/structs/acl_cache.go
+++ b/agent/structs/acl_cache.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/acl_cache_test.go b/agent/structs/acl_cache_test.go
index e390da960f4e..57e218ff21e3 100644
--- a/agent/structs/acl_cache_test.go
+++ b/agent/structs/acl_cache_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/acl_oss.go b/agent/structs/acl_oss.go
index 9cc4e7813ce8..54062047606b 100644
--- a/agent/structs/acl_oss.go
+++ b/agent/structs/acl_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/acl_test.go b/agent/structs/acl_test.go
index 6658b8335021..e1fb35263b95 100644
--- a/agent/structs/acl_test.go
+++ b/agent/structs/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/aclfilter/filter.go b/agent/structs/aclfilter/filter.go
index ddd63db10e68..d59bf3c9c403 100644
--- a/agent/structs/aclfilter/filter.go
+++ b/agent/structs/aclfilter/filter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package aclfilter
 
diff --git a/agent/structs/aclfilter/filter_test.go b/agent/structs/aclfilter/filter_test.go
index 2339b0acd223..98f3bb63f291 100644
--- a/agent/structs/aclfilter/filter_test.go
+++ b/agent/structs/aclfilter/filter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package aclfilter
 
diff --git a/agent/structs/auto_encrypt.go b/agent/structs/auto_encrypt.go
index 2e9053f9a538..cce7c4effa1e 100644
--- a/agent/structs/auto_encrypt.go
+++ b/agent/structs/auto_encrypt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/autopilot.go b/agent/structs/autopilot.go
index a5a14684fa9e..431e2ad4d374 100644
--- a/agent/structs/autopilot.go
+++ b/agent/structs/autopilot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/autopilot_oss.go b/agent/structs/autopilot_oss.go
index 3098c0cf3cae..55420d23e19d 100644
--- a/agent/structs/autopilot_oss.go
+++ b/agent/structs/autopilot_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/catalog.go b/agent/structs/catalog.go
index f11af9f87801..84795ce47898 100644
--- a/agent/structs/catalog.go
+++ b/agent/structs/catalog.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/catalog_oss.go b/agent/structs/catalog_oss.go
index 91e08264b99d..ad5218bf80ae 100644
--- a/agent/structs/catalog_oss.go
+++ b/agent/structs/catalog_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/check_definition.go b/agent/structs/check_definition.go
index 600fc1f0502f..ec760832609a 100644
--- a/agent/structs/check_definition.go
+++ b/agent/structs/check_definition.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/check_definition_test.go b/agent/structs/check_definition_test.go
index 676499ef042a..5a51f377c0e8 100644
--- a/agent/structs/check_definition_test.go
+++ b/agent/structs/check_definition_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/check_type.go b/agent/structs/check_type.go
index 0f31a89bfb15..96254f62d86e 100644
--- a/agent/structs/check_type.go
+++ b/agent/structs/check_type.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go
index 1b433502541e..27ea020bd404 100644
--- a/agent/structs/config_entry.go
+++ b/agent/structs/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_apigw_jwt_oss.go b/agent/structs/config_entry_apigw_jwt_oss.go
index b2caa520ef51..5c0b40b5c8e1 100644
--- a/agent/structs/config_entry_apigw_jwt_oss.go
+++ b/agent/structs/config_entry_apigw_jwt_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_discoverychain.go b/agent/structs/config_entry_discoverychain.go
index 587d98561c4e..6dc0a05d8212 100644
--- a/agent/structs/config_entry_discoverychain.go
+++ b/agent/structs/config_entry_discoverychain.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_discoverychain_oss.go b/agent/structs/config_entry_discoverychain_oss.go
index d9a645ff2dcf..6ef43654a05a 100644
--- a/agent/structs/config_entry_discoverychain_oss.go
+++ b/agent/structs/config_entry_discoverychain_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_discoverychain_oss_test.go b/agent/structs/config_entry_discoverychain_oss_test.go
index ec816f07c2f9..40ac59f865da 100644
--- a/agent/structs/config_entry_discoverychain_oss_test.go
+++ b/agent/structs/config_entry_discoverychain_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_discoverychain_test.go b/agent/structs/config_entry_discoverychain_test.go
index 7378e20787fe..5961446d1fb7 100644
--- a/agent/structs/config_entry_discoverychain_test.go
+++ b/agent/structs/config_entry_discoverychain_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_exports.go b/agent/structs/config_entry_exports.go
index 631773072d0b..97e33dd6e705 100644
--- a/agent/structs/config_entry_exports.go
+++ b/agent/structs/config_entry_exports.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_exports_oss.go b/agent/structs/config_entry_exports_oss.go
index 9f9bb1cc0825..770139ee2ef9 100644
--- a/agent/structs/config_entry_exports_oss.go
+++ b/agent/structs/config_entry_exports_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_exports_oss_test.go b/agent/structs/config_entry_exports_oss_test.go
index 0c3982f737b1..cb1d5d4b3bbf 100644
--- a/agent/structs/config_entry_exports_oss_test.go
+++ b/agent/structs/config_entry_exports_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_exports_test.go b/agent/structs/config_entry_exports_test.go
index 7905b46009b7..62e5586a0dac 100644
--- a/agent/structs/config_entry_exports_test.go
+++ b/agent/structs/config_entry_exports_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_gateways.go b/agent/structs/config_entry_gateways.go
index caffddcf2138..00c2687d1ec9 100644
--- a/agent/structs/config_entry_gateways.go
+++ b/agent/structs/config_entry_gateways.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_gateways_test.go b/agent/structs/config_entry_gateways_test.go
index 16a18752d96a..03866f929d51 100644
--- a/agent/structs/config_entry_gateways_test.go
+++ b/agent/structs/config_entry_gateways_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_inline_certificate.go b/agent/structs/config_entry_inline_certificate.go
index de11f2c95045..f397ee2ba16e 100644
--- a/agent/structs/config_entry_inline_certificate.go
+++ b/agent/structs/config_entry_inline_certificate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_inline_certificate_test.go b/agent/structs/config_entry_inline_certificate_test.go
index b95f3b0e9694..3c537c059161 100644
--- a/agent/structs/config_entry_inline_certificate_test.go
+++ b/agent/structs/config_entry_inline_certificate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_intentions.go b/agent/structs/config_entry_intentions.go
index bc4d36863b56..f32aafa9a87d 100644
--- a/agent/structs/config_entry_intentions.go
+++ b/agent/structs/config_entry_intentions.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_intentions_oss.go b/agent/structs/config_entry_intentions_oss.go
index 3c97b55aac56..e11063b999d1 100644
--- a/agent/structs/config_entry_intentions_oss.go
+++ b/agent/structs/config_entry_intentions_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_intentions_oss_test.go b/agent/structs/config_entry_intentions_oss_test.go
index 23d4ded4d261..03f82075e5a6 100644
--- a/agent/structs/config_entry_intentions_oss_test.go
+++ b/agent/structs/config_entry_intentions_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_intentions_test.go b/agent/structs/config_entry_intentions_test.go
index 56c04bb21e3c..ea8703de05d8 100644
--- a/agent/structs/config_entry_intentions_test.go
+++ b/agent/structs/config_entry_intentions_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_jwt_provider.go b/agent/structs/config_entry_jwt_provider.go
index 7336027d7095..12bc7c89d9ed 100644
--- a/agent/structs/config_entry_jwt_provider.go
+++ b/agent/structs/config_entry_jwt_provider.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_jwt_provider_oss.go b/agent/structs/config_entry_jwt_provider_oss.go
index 533f349c01e5..1473cf95d98a 100644
--- a/agent/structs/config_entry_jwt_provider_oss.go
+++ b/agent/structs/config_entry_jwt_provider_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_jwt_provider_test.go b/agent/structs/config_entry_jwt_provider_test.go
index a63507663ce4..6a117fe5084f 100644
--- a/agent/structs/config_entry_jwt_provider_test.go
+++ b/agent/structs/config_entry_jwt_provider_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_mesh.go b/agent/structs/config_entry_mesh.go
index 249973c00b08..a531821650d8 100644
--- a/agent/structs/config_entry_mesh.go
+++ b/agent/structs/config_entry_mesh.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_mesh_oss.go b/agent/structs/config_entry_mesh_oss.go
index 1612d6568273..319bf6adc109 100644
--- a/agent/structs/config_entry_mesh_oss.go
+++ b/agent/structs/config_entry_mesh_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_mesh_test.go b/agent/structs/config_entry_mesh_test.go
index 6bdfaa15cae8..f6eaea9e9c54 100644
--- a/agent/structs/config_entry_mesh_test.go
+++ b/agent/structs/config_entry_mesh_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_oss.go b/agent/structs/config_entry_oss.go
index c6b033f37083..b95192bec22b 100644
--- a/agent/structs/config_entry_oss.go
+++ b/agent/structs/config_entry_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_oss_test.go b/agent/structs/config_entry_oss_test.go
index ce9ac5fad216..4ef11d04cd2b 100644
--- a/agent/structs/config_entry_oss_test.go
+++ b/agent/structs/config_entry_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_routes.go b/agent/structs/config_entry_routes.go
index cab7d98d6441..d285a4062443 100644
--- a/agent/structs/config_entry_routes.go
+++ b/agent/structs/config_entry_routes.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_routes_test.go b/agent/structs/config_entry_routes_test.go
index 476ce46eed05..5ab85e5977e9 100644
--- a/agent/structs/config_entry_routes_test.go
+++ b/agent/structs/config_entry_routes_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_sameness_group.go b/agent/structs/config_entry_sameness_group.go
index a1d0dccb3c7c..dd1b84aa85ed 100644
--- a/agent/structs/config_entry_sameness_group.go
+++ b/agent/structs/config_entry_sameness_group.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_sameness_group_oss.go b/agent/structs/config_entry_sameness_group_oss.go
index 0693ed0ee850..c1d888f4475c 100644
--- a/agent/structs/config_entry_sameness_group_oss.go
+++ b/agent/structs/config_entry_sameness_group_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_status.go b/agent/structs/config_entry_status.go
index fb91a0add374..749ba1596868 100644
--- a/agent/structs/config_entry_status.go
+++ b/agent/structs/config_entry_status.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/config_entry_test.go b/agent/structs/config_entry_test.go
index 9143dc05d993..b164e67b4f7d 100644
--- a/agent/structs/config_entry_test.go
+++ b/agent/structs/config_entry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/connect.go b/agent/structs/connect.go
index 227c2eb47270..4a6033efab57 100644
--- a/agent/structs/connect.go
+++ b/agent/structs/connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/connect_ca.go b/agent/structs/connect_ca.go
index c8a7cea1df8a..90e139fab0dc 100644
--- a/agent/structs/connect_ca.go
+++ b/agent/structs/connect_ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/connect_ca_test.go b/agent/structs/connect_ca_test.go
index d64efef375bf..5f224e04f76a 100644
--- a/agent/structs/connect_ca_test.go
+++ b/agent/structs/connect_ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/connect_oss.go b/agent/structs/connect_oss.go
index 9547c245148b..b78e8b4c6c23 100644
--- a/agent/structs/connect_oss.go
+++ b/agent/structs/connect_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/connect_proxy_config.go b/agent/structs/connect_proxy_config.go
index acca2ad1cbcd..3bd5276f8279 100644
--- a/agent/structs/connect_proxy_config.go
+++ b/agent/structs/connect_proxy_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/connect_proxy_config_oss.go b/agent/structs/connect_proxy_config_oss.go
index 898ca163a5c2..dfdc10bbadcf 100644
--- a/agent/structs/connect_proxy_config_oss.go
+++ b/agent/structs/connect_proxy_config_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/connect_proxy_config_test.go b/agent/structs/connect_proxy_config_test.go
index bcf43b2119ca..be16d17be6a3 100644
--- a/agent/structs/connect_proxy_config_test.go
+++ b/agent/structs/connect_proxy_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/deep-copy.sh b/agent/structs/deep-copy.sh
index e4ab69273a47..cbc1bdc42ae5 100755
--- a/agent/structs/deep-copy.sh
+++ b/agent/structs/deep-copy.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 readonly PACKAGE_DIR="$(dirname "${BASH_SOURCE[0]}")"
diff --git a/agent/structs/discovery_chain.go b/agent/structs/discovery_chain.go
index 029fc3b0a8be..c81dd1ec0836 100644
--- a/agent/structs/discovery_chain.go
+++ b/agent/structs/discovery_chain.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/discovery_chain_oss.go b/agent/structs/discovery_chain_oss.go
index febff8c7762a..b4a83b890445 100644
--- a/agent/structs/discovery_chain_oss.go
+++ b/agent/structs/discovery_chain_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/envoy_extension.go b/agent/structs/envoy_extension.go
index c788aedf37e8..ab9988bf21bc 100644
--- a/agent/structs/envoy_extension.go
+++ b/agent/structs/envoy_extension.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/errors.go b/agent/structs/errors.go
index 82e2b0b5f013..df8123dc60da 100644
--- a/agent/structs/errors.go
+++ b/agent/structs/errors.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/federation_state.go b/agent/structs/federation_state.go
index f123a0954be7..5a0e8eef6d04 100644
--- a/agent/structs/federation_state.go
+++ b/agent/structs/federation_state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/identity.go b/agent/structs/identity.go
index 286dd552a346..b55f6bb7ae51 100644
--- a/agent/structs/identity.go
+++ b/agent/structs/identity.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/intention.go b/agent/structs/intention.go
index 21d5432b4112..3bbc2584f70f 100644
--- a/agent/structs/intention.go
+++ b/agent/structs/intention.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/intention_oss.go b/agent/structs/intention_oss.go
index b6ae492dcd54..77deca9af32e 100644
--- a/agent/structs/intention_oss.go
+++ b/agent/structs/intention_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/intention_test.go b/agent/structs/intention_test.go
index 600f600729d1..077bef0f200d 100644
--- a/agent/structs/intention_test.go
+++ b/agent/structs/intention_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/operator.go b/agent/structs/operator.go
index 05862861e3f8..9d78cb92143f 100644
--- a/agent/structs/operator.go
+++ b/agent/structs/operator.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/peering.go b/agent/structs/peering.go
index 3ee7acb22402..927efabb34c2 100644
--- a/agent/structs/peering.go
+++ b/agent/structs/peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/prepared_query.go b/agent/structs/prepared_query.go
index bf1581975e1b..1c851c476ef0 100644
--- a/agent/structs/prepared_query.go
+++ b/agent/structs/prepared_query.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/prepared_query_test.go b/agent/structs/prepared_query_test.go
index a6d6e64849af..537c6b043818 100644
--- a/agent/structs/prepared_query_test.go
+++ b/agent/structs/prepared_query_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/protobuf_compat.go b/agent/structs/protobuf_compat.go
index 65ebf2eaf4ac..c52d85a32c29 100644
--- a/agent/structs/protobuf_compat.go
+++ b/agent/structs/protobuf_compat.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/service_definition.go b/agent/structs/service_definition.go
index 6ee81af0590c..9b9fec89e954 100644
--- a/agent/structs/service_definition.go
+++ b/agent/structs/service_definition.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/service_definition_test.go b/agent/structs/service_definition_test.go
index 023972092ff4..ec6d4fc5374e 100644
--- a/agent/structs/service_definition_test.go
+++ b/agent/structs/service_definition_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/snapshot.go b/agent/structs/snapshot.go
index 4f622216751f..3d71fb093d3c 100644
--- a/agent/structs/snapshot.go
+++ b/agent/structs/snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/structs.deepcopy_oss.go b/agent/structs/structs.deepcopy_oss.go
index 552f00c97f2c..d2e909bf49e8 100644
--- a/agent/structs/structs.deepcopy_oss.go
+++ b/agent/structs/structs.deepcopy_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/structs.go b/agent/structs/structs.go
index 096f767a4771..fbacb36ffe66 100644
--- a/agent/structs/structs.go
+++ b/agent/structs/structs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/structs_ext_test.go b/agent/structs/structs_ext_test.go
index 9bbc4ca0cb91..3b1cd6b6df1c 100644
--- a/agent/structs/structs_ext_test.go
+++ b/agent/structs/structs_ext_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs_test
 
diff --git a/agent/structs/structs_filtering_test.go b/agent/structs/structs_filtering_test.go
index 9739923e0e5a..3750adb16ce1 100644
--- a/agent/structs/structs_filtering_test.go
+++ b/agent/structs/structs_filtering_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/structs_oss.go b/agent/structs/structs_oss.go
index b1f051f21c56..f922b7fd720f 100644
--- a/agent/structs/structs_oss.go
+++ b/agent/structs/structs_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/structs_oss_test.go b/agent/structs/structs_oss_test.go
index 55e51a70088c..6ec8723ae5e1 100644
--- a/agent/structs/structs_oss_test.go
+++ b/agent/structs/structs_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/structs_test.go b/agent/structs/structs_test.go
index 20365e43bcdb..bf909aa41903 100644
--- a/agent/structs/structs_test.go
+++ b/agent/structs/structs_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/system_metadata.go b/agent/structs/system_metadata.go
index fa6f6cd0ae58..555756201a5d 100644
--- a/agent/structs/system_metadata.go
+++ b/agent/structs/system_metadata.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/testing.go b/agent/structs/testing.go
index ad8382b0ce3b..527da21c4e89 100644
--- a/agent/structs/testing.go
+++ b/agent/structs/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/testing_catalog.go b/agent/structs/testing_catalog.go
index 2706e71e360a..8047695bba56 100644
--- a/agent/structs/testing_catalog.go
+++ b/agent/structs/testing_catalog.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/testing_connect_proxy_config.go b/agent/structs/testing_connect_proxy_config.go
index c41cc9965111..971e355fba2d 100644
--- a/agent/structs/testing_connect_proxy_config.go
+++ b/agent/structs/testing_connect_proxy_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/testing_intention.go b/agent/structs/testing_intention.go
index 57c6f9d50154..974a103de1bd 100644
--- a/agent/structs/testing_intention.go
+++ b/agent/structs/testing_intention.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/testing_service_definition.go b/agent/structs/testing_service_definition.go
index 2707067262f5..da51014f4311 100644
--- a/agent/structs/testing_service_definition.go
+++ b/agent/structs/testing_service_definition.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/structs/txn.go b/agent/structs/txn.go
index a97b4733f5ed..efb11aa891ea 100644
--- a/agent/structs/txn.go
+++ b/agent/structs/txn.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/agent/submatview/handler.go b/agent/submatview/handler.go
index b3c900e69528..f33746a7f324 100644
--- a/agent/submatview/handler.go
+++ b/agent/submatview/handler.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package submatview
 
diff --git a/agent/submatview/local_materializer.go b/agent/submatview/local_materializer.go
index 5eeaefaa665a..4ee06a364029 100644
--- a/agent/submatview/local_materializer.go
+++ b/agent/submatview/local_materializer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package submatview
 
diff --git a/agent/submatview/local_materializer_test.go b/agent/submatview/local_materializer_test.go
index e6600a051620..fa7a01845034 100644
--- a/agent/submatview/local_materializer_test.go
+++ b/agent/submatview/local_materializer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package submatview
 
diff --git a/agent/submatview/materializer.go b/agent/submatview/materializer.go
index 240f6cfafbb4..42754c914da0 100644
--- a/agent/submatview/materializer.go
+++ b/agent/submatview/materializer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package submatview
 
diff --git a/agent/submatview/rpc_materializer.go b/agent/submatview/rpc_materializer.go
index 855576b1b339..dfeb90172a69 100644
--- a/agent/submatview/rpc_materializer.go
+++ b/agent/submatview/rpc_materializer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package submatview
 
diff --git a/agent/submatview/store.go b/agent/submatview/store.go
index 1f189121264c..ccfc319e2f4c 100644
--- a/agent/submatview/store.go
+++ b/agent/submatview/store.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package submatview
 
diff --git a/agent/submatview/store_integration_test.go b/agent/submatview/store_integration_test.go
index 3b6d9fbc2b57..45ba11d3cc3c 100644
--- a/agent/submatview/store_integration_test.go
+++ b/agent/submatview/store_integration_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package submatview_test
 
diff --git a/agent/submatview/store_test.go b/agent/submatview/store_test.go
index 36a92e7ec02b..c878654d89be 100644
--- a/agent/submatview/store_test.go
+++ b/agent/submatview/store_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package submatview
 
diff --git a/agent/submatview/streaming_test.go b/agent/submatview/streaming_test.go
index 223babf530b1..54b28d1abe6b 100644
--- a/agent/submatview/streaming_test.go
+++ b/agent/submatview/streaming_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package submatview
 
diff --git a/agent/systemd/notify.go b/agent/systemd/notify.go
index 88ce2c2ece95..60c71947dc8a 100644
--- a/agent/systemd/notify.go
+++ b/agent/systemd/notify.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package systemd
 
diff --git a/agent/testagent.go b/agent/testagent.go
index 57b9c1b11183..3d0e2c8038e8 100644
--- a/agent/testagent.go
+++ b/agent/testagent.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/testagent_test.go b/agent/testagent_test.go
index 66d1d61f01e5..266b6e864cc3 100644
--- a/agent/testagent_test.go
+++ b/agent/testagent_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/token/persistence.go b/agent/token/persistence.go
index 9d543b30edf9..117f72359d27 100644
--- a/agent/token/persistence.go
+++ b/agent/token/persistence.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package token
 
diff --git a/agent/token/persistence_test.go b/agent/token/persistence_test.go
index 093515f70e43..5d6e73f0d228 100644
--- a/agent/token/persistence_test.go
+++ b/agent/token/persistence_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package token
 
diff --git a/agent/token/store.go b/agent/token/store.go
index b0f9732a8cc6..a32475eb477e 100644
--- a/agent/token/store.go
+++ b/agent/token/store.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package token
 
diff --git a/agent/token/store_oss.go b/agent/token/store_oss.go
index bf2ff796f04c..98d291385aaf 100644
--- a/agent/token/store_oss.go
+++ b/agent/token/store_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/token/store_test.go b/agent/token/store_test.go
index 8d0992f229ca..c35c44a7b69f 100644
--- a/agent/token/store_test.go
+++ b/agent/token/store_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package token
 
diff --git a/agent/translate_addr.go b/agent/translate_addr.go
index 9be80ebc0f8c..1c0f8a400305 100644
--- a/agent/translate_addr.go
+++ b/agent/translate_addr.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/txn_endpoint.go b/agent/txn_endpoint.go
index faf9c9e72666..10117a53c500 100644
--- a/agent/txn_endpoint.go
+++ b/agent/txn_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/txn_endpoint_test.go b/agent/txn_endpoint_test.go
index 19c5925ba7a9..fe19ed825301 100644
--- a/agent/txn_endpoint_test.go
+++ b/agent/txn_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/ui_endpoint.go b/agent/ui_endpoint.go
index 20d6f8a4126e..d0cc8a5be832 100644
--- a/agent/ui_endpoint.go
+++ b/agent/ui_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/ui_endpoint_oss_test.go b/agent/ui_endpoint_oss_test.go
index 3e57fca667e8..82a16b765f5c 100644
--- a/agent/ui_endpoint_oss_test.go
+++ b/agent/ui_endpoint_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/ui_endpoint_test.go b/agent/ui_endpoint_test.go
index d2cda642f2aa..ab27d2ea8e0c 100644
--- a/agent/ui_endpoint_test.go
+++ b/agent/ui_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/uiserver/buf_index_fs.go b/agent/uiserver/buf_index_fs.go
index 9ea23316fb10..283616c36eda 100644
--- a/agent/uiserver/buf_index_fs.go
+++ b/agent/uiserver/buf_index_fs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package uiserver
 
diff --git a/agent/uiserver/buffered_file.go b/agent/uiserver/buffered_file.go
index 5c794dac2690..daa30c610d29 100644
--- a/agent/uiserver/buffered_file.go
+++ b/agent/uiserver/buffered_file.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package uiserver
 
diff --git a/agent/uiserver/redirect_fs.go b/agent/uiserver/redirect_fs.go
index 66b48e637fdc..4a61ba7b2c14 100644
--- a/agent/uiserver/redirect_fs.go
+++ b/agent/uiserver/redirect_fs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package uiserver
 
diff --git a/agent/uiserver/ui_template_data.go b/agent/uiserver/ui_template_data.go
index d8d5fc42ba4e..726207b148f0 100644
--- a/agent/uiserver/ui_template_data.go
+++ b/agent/uiserver/ui_template_data.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package uiserver
 
diff --git a/agent/uiserver/uiserver.go b/agent/uiserver/uiserver.go
index 8cabb8e3e0cd..0cd20c5fda0b 100644
--- a/agent/uiserver/uiserver.go
+++ b/agent/uiserver/uiserver.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package uiserver
 
diff --git a/agent/uiserver/uiserver_test.go b/agent/uiserver/uiserver_test.go
index c42792fe320b..ce649276546b 100644
--- a/agent/uiserver/uiserver_test.go
+++ b/agent/uiserver/uiserver_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package uiserver
 
diff --git a/agent/user_event.go b/agent/user_event.go
index 25be0dd88f42..23cbc90c336d 100644
--- a/agent/user_event.go
+++ b/agent/user_event.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/user_event_test.go b/agent/user_event_test.go
index ac807def924c..62ea5f4adca3 100644
--- a/agent/user_event_test.go
+++ b/agent/user_event_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/util.go b/agent/util.go
index 285ba91df948..1bcdbca01f1a 100644
--- a/agent/util.go
+++ b/agent/util.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/util_test.go b/agent/util_test.go
index 4c3ae5602d39..42aa745e70fa 100644
--- a/agent/util_test.go
+++ b/agent/util_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/watch_handler.go b/agent/watch_handler.go
index 518fd6c77c98..b926b7167505 100644
--- a/agent/watch_handler.go
+++ b/agent/watch_handler.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/watch_handler_test.go b/agent/watch_handler_test.go
index f97d4d3982d3..151e05e9c077 100644
--- a/agent/watch_handler_test.go
+++ b/agent/watch_handler_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/agent/xds/accesslogs/accesslogs.go b/agent/xds/accesslogs/accesslogs.go
index 84cbf55e64d8..25a3baf192fe 100644
--- a/agent/xds/accesslogs/accesslogs.go
+++ b/agent/xds/accesslogs/accesslogs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package accesslogs
 
diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go
index bcce1d01abb2..6907b9bc4686 100644
--- a/agent/xds/clusters.go
+++ b/agent/xds/clusters.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
index fa8e625fdde1..32723bf48143 100644
--- a/agent/xds/clusters_test.go
+++ b/agent/xds/clusters_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/config.go b/agent/xds/config.go
index 2b8da88939dd..958326afaabc 100644
--- a/agent/xds/config.go
+++ b/agent/xds/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/config_test.go b/agent/xds/config_test.go
index e544c30b393e..72ef0bb1e592 100644
--- a/agent/xds/config_test.go
+++ b/agent/xds/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/delta.go b/agent/xds/delta.go
index b59c03953277..d44b84fd4eb7 100644
--- a/agent/xds/delta.go
+++ b/agent/xds/delta.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/delta_envoy_extender_oss_test.go b/agent/xds/delta_envoy_extender_oss_test.go
index 10411e353cec..5f4b563b5992 100644
--- a/agent/xds/delta_envoy_extender_oss_test.go
+++ b/agent/xds/delta_envoy_extender_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/xds/delta_envoy_extender_test.go b/agent/xds/delta_envoy_extender_test.go
index 6cd57fa53a04..cfa762cb049e 100644
--- a/agent/xds/delta_envoy_extender_test.go
+++ b/agent/xds/delta_envoy_extender_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/delta_test.go b/agent/xds/delta_test.go
index 7d4b29463439..f324e9193460 100644
--- a/agent/xds/delta_test.go
+++ b/agent/xds/delta_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go
index c24f48df4baa..8903ba3e7cc6 100644
--- a/agent/xds/endpoints.go
+++ b/agent/xds/endpoints.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/endpoints_test.go b/agent/xds/endpoints_test.go
index 59a8b698de7f..a4757f00c534 100644
--- a/agent/xds/endpoints_test.go
+++ b/agent/xds/endpoints_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/extensionruntime/runtime_config.go b/agent/xds/extensionruntime/runtime_config.go
index 110e3db1df8b..924368ebdf2a 100644
--- a/agent/xds/extensionruntime/runtime_config.go
+++ b/agent/xds/extensionruntime/runtime_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extensionruntime
 
diff --git a/agent/xds/extensionruntime/runtime_config_oss_test.go b/agent/xds/extensionruntime/runtime_config_oss_test.go
index c70a3f47f4f3..1a38c044ef35 100644
--- a/agent/xds/extensionruntime/runtime_config_oss_test.go
+++ b/agent/xds/extensionruntime/runtime_config_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/xds/failover_policy.go b/agent/xds/failover_policy.go
index 562b43dad728..ab3e86f25d1d 100644
--- a/agent/xds/failover_policy.go
+++ b/agent/xds/failover_policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/failover_policy_oss.go b/agent/xds/failover_policy_oss.go
index e22d717e2a11..ac8d843e40ba 100644
--- a/agent/xds/failover_policy_oss.go
+++ b/agent/xds/failover_policy_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/xds/golden_test.go b/agent/xds/golden_test.go
index 9209678bb52e..d77ffda6a6a6 100644
--- a/agent/xds/golden_test.go
+++ b/agent/xds/golden_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/jwt_authn.go b/agent/xds/jwt_authn.go
index 17b34e5cd6ce..36b8e05cb30c 100644
--- a/agent/xds/jwt_authn.go
+++ b/agent/xds/jwt_authn.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/jwt_authn_test.go b/agent/xds/jwt_authn_test.go
index ab8665b1dc3a..834f62ad4c1a 100644
--- a/agent/xds/jwt_authn_test.go
+++ b/agent/xds/jwt_authn_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go
index 386fd00f17ba..b3b58bc2ad29 100644
--- a/agent/xds/listeners.go
+++ b/agent/xds/listeners.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/listeners_apigateway.go b/agent/xds/listeners_apigateway.go
index fcb1ee0829a3..3078c740a054 100644
--- a/agent/xds/listeners_apigateway.go
+++ b/agent/xds/listeners_apigateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/listeners_ingress.go b/agent/xds/listeners_ingress.go
index ea4c311cddbc..3dfd9705d96e 100644
--- a/agent/xds/listeners_ingress.go
+++ b/agent/xds/listeners_ingress.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go
index 499461bb3653..ab19ebc05600 100644
--- a/agent/xds/listeners_test.go
+++ b/agent/xds/listeners_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/locality_policy.go b/agent/xds/locality_policy.go
index 4d221f293b0e..c94ba95ea286 100644
--- a/agent/xds/locality_policy.go
+++ b/agent/xds/locality_policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/locality_policy_oss.go b/agent/xds/locality_policy_oss.go
index 3db948b026a6..fbc17775d689 100644
--- a/agent/xds/locality_policy_oss.go
+++ b/agent/xds/locality_policy_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/xds/naming.go b/agent/xds/naming.go
index ab9224f71ce8..d9a2de2c3265 100644
--- a/agent/xds/naming.go
+++ b/agent/xds/naming.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/net_fallback.go b/agent/xds/net_fallback.go
index 7230c18ef2e8..e35ed3c99a39 100644
--- a/agent/xds/net_fallback.go
+++ b/agent/xds/net_fallback.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !linux
 // +build !linux
diff --git a/agent/xds/net_linux.go b/agent/xds/net_linux.go
index 96932ca30730..59e535f6de45 100644
--- a/agent/xds/net_linux.go
+++ b/agent/xds/net_linux.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build linux
 // +build linux
diff --git a/agent/xds/protocol_trace.go b/agent/xds/protocol_trace.go
index 42d82d76012b..76d4e8e6ee5b 100644
--- a/agent/xds/protocol_trace.go
+++ b/agent/xds/protocol_trace.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/rbac.go b/agent/xds/rbac.go
index bfb0a39569c7..b3f9267eefb4 100644
--- a/agent/xds/rbac.go
+++ b/agent/xds/rbac.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/rbac_test.go b/agent/xds/rbac_test.go
index 6bc36028707a..9885052250aa 100644
--- a/agent/xds/rbac_test.go
+++ b/agent/xds/rbac_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/resources.go b/agent/xds/resources.go
index c7099e5cb50a..15378861f300 100644
--- a/agent/xds/resources.go
+++ b/agent/xds/resources.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/resources_oss_test.go b/agent/xds/resources_oss_test.go
index 5da963940ccb..fa7134817235 100644
--- a/agent/xds/resources_oss_test.go
+++ b/agent/xds/resources_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go
index f1ba3d5146c7..22ef50bc876d 100644
--- a/agent/xds/resources_test.go
+++ b/agent/xds/resources_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/response.go b/agent/xds/response.go
index e452e8a2f26e..92e0f9d0a890 100644
--- a/agent/xds/response.go
+++ b/agent/xds/response.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/routes.go b/agent/xds/routes.go
index e02e845bd927..92b7d6db0c75 100644
--- a/agent/xds/routes.go
+++ b/agent/xds/routes.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/routes_test.go b/agent/xds/routes_test.go
index 9496eca4b6d7..c691114b5e3a 100644
--- a/agent/xds/routes_test.go
+++ b/agent/xds/routes_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/secrets.go b/agent/xds/secrets.go
index d150a12dc161..628cec7905ba 100644
--- a/agent/xds/secrets.go
+++ b/agent/xds/secrets.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/server.go b/agent/xds/server.go
index 2e012a4cb6fd..c8a5fa1086de 100644
--- a/agent/xds/server.go
+++ b/agent/xds/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/server_oss.go b/agent/xds/server_oss.go
index c1d651c0ad59..a01e9bf493f7 100644
--- a/agent/xds/server_oss.go
+++ b/agent/xds/server_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/xds/testcommon/testcommon.go b/agent/xds/testcommon/testcommon.go
index 1b0d6ebcbf50..44d2cc3bbe6d 100644
--- a/agent/xds/testcommon/testcommon.go
+++ b/agent/xds/testcommon/testcommon.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package testcommon
 
diff --git a/agent/xds/testing.go b/agent/xds/testing.go
index 446f1a37a651..916bbd9b5077 100644
--- a/agent/xds/testing.go
+++ b/agent/xds/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/validateupstream-test/validateupstream_test.go b/agent/xds/validateupstream-test/validateupstream_test.go
index f2810bb1c02e..9c57bdf81aaf 100644
--- a/agent/xds/validateupstream-test/validateupstream_test.go
+++ b/agent/xds/validateupstream-test/validateupstream_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package validateupstream_test
 
diff --git a/agent/xds/xds.go b/agent/xds/xds.go
index 07fe1c473107..aab5bc7aaf14 100644
--- a/agent/xds/xds.go
+++ b/agent/xds/xds.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package xds provides an implementation of a gRPC service that exports Envoy's
 // xDS API for config discovery. Specifically we support the Aggregated
diff --git a/agent/xds/xds_protocol_helpers_test.go b/agent/xds/xds_protocol_helpers_test.go
index 958a27474c44..d609268a206b 100644
--- a/agent/xds/xds_protocol_helpers_test.go
+++ b/agent/xds/xds_protocol_helpers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/agent/xds/z_xds_packages_test.go b/agent/xds/z_xds_packages_test.go
index 149490678cf2..f5f043518933 100644
--- a/agent/xds/z_xds_packages_test.go
+++ b/agent/xds/z_xds_packages_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/api/LICENSE b/api/LICENSE
new file mode 100644
index 000000000000..7c5baa45e1c2
--- /dev/null
+++ b/api/LICENSE
@@ -0,0 +1,365 @@
+Copyright (c) 2020 HashiCorp, Inc.
+
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. "Contributor"
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+
+     means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the terms of
+        a Secondary License.
+
+1.6. "Executable Form"
+
+     means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+
+     means a work that combines Covered Software with other material, in a
+     separate file or files, that is not Covered Software.
+
+1.8. "License"
+
+     means this document.
+
+1.9. "Licensable"
+
+     means having the right to grant, to the maximum extent possible, whether
+     at the time of the initial grant or subsequently, any and all of the
+     rights conveyed by this License.
+
+1.10. "Modifications"
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. "Patent Claims" of a Contributor
+
+      means any patent claim(s), including without limitation, method,
+      process, and apparatus claims, in any patent Licensable by such
+      Contributor that would be infringed, but for the grant of the License,
+      by the making, using, selling, offering for sale, having made, import,
+      or transfer of either its Contributions or its Contributor Version.
+
+1.12. "Secondary License"
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. "Source Code Form"
+
+      means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, "You" includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, "control" means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or
+        as part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its
+        Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution
+     become effective for each Contribution on the date the Contributor first
+     distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under
+     this License. No additional rights or licenses will be implied from the
+     distribution or licensing of Covered Software under this License.
+     Notwithstanding Section 2.1(b) above, no patent license is granted by a
+     Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party's
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of
+        its Contributions.
+
+     This License does not grant any rights in the trademarks, service marks,
+     or logos of any Contributor (except as may be necessary to comply with
+     the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this
+     License (see Section 10.2) or under the terms of a Secondary License (if
+     permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its
+     Contributions are its original creation(s) or it has sufficient rights to
+     grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under
+     applicable copyright doctrines of fair use, fair dealing, or other
+     equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under
+     the terms of this License. You must inform recipients that the Source
+     Code Form of the Covered Software is governed by the terms of this
+     License, and how they can obtain a copy of this License. You may not
+     attempt to alter or restrict the recipients' rights in the Source Code
+     Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this
+        License, or sublicense it under different terms, provided that the
+        license for the Executable Form does not attempt to limit or alter the
+        recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for
+     the Covered Software. If the Larger Work is a combination of Covered
+     Software with a work governed by one or more Secondary Licenses, and the
+     Covered Software is not Incompatible With Secondary Licenses, this
+     License permits You to additionally distribute such Covered Software
+     under the terms of such Secondary License(s), so that the recipient of
+     the Larger Work may, at their option, further distribute the Covered
+     Software under the terms of either this License or such Secondary
+     License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices
+     (including copyright notices, patent notices, disclaimers of warranty, or
+     limitations of liability) contained within the Source Code Form of the
+     Covered Software, except that You may alter any license notices to the
+     extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on
+     behalf of any Contributor. You must make it absolutely clear that any
+     such warranty, support, indemnity, or liability obligation is offered by
+     You alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute,
+   judicial order, or regulation then You must: (a) comply with the terms of
+   this License to the maximum extent possible; and (b) describe the
+   limitations and the code they affect. Such description must be placed in a
+   text file included with all distributions of the Covered Software under
+   this License. Except to the extent prohibited by statute or regulation,
+   such description must be sufficiently detailed for a recipient of ordinary
+   skill to be able to understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing
+     basis, if such Contributor fails to notify You of the non-compliance by
+     some reasonable means prior to 60 days after You have come back into
+     compliance. Moreover, Your grants from a particular Contributor are
+     reinstated on an ongoing basis if such Contributor notifies You of the
+     non-compliance by some reasonable means, this is the first time You have
+     received notice of non-compliance with this License from such
+     Contributor, and You become compliant prior to 30 days after Your receipt
+     of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions,
+     counter-claims, and cross-claims) alleging that a Contributor Version
+     directly or indirectly infringes any patent, then the rights granted to
+     You by any and all Contributors for the Covered Software under Section
+     2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an "as is" basis,
+   without warranty of any kind, either expressed, implied, or statutory,
+   including, without limitation, warranties that the Covered Software is free
+   of defects, merchantable, fit for a particular purpose or non-infringing.
+   The entire risk as to the quality and performance of the Covered Software
+   is with You. Should any Covered Software prove defective in any respect,
+   You (not any Contributor) assume the cost of any necessary servicing,
+   repair, or correction. This disclaimer of warranty constitutes an essential
+   part of this License. No use of  any Covered Software is authorized under
+   this License except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from
+   such party's negligence to the extent applicable law prohibits such
+   limitation. Some jurisdictions do not allow the exclusion or limitation of
+   incidental or consequential damages, so this exclusion and limitation may
+   not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts
+   of a jurisdiction where the defendant maintains its principal place of
+   business and such litigation shall be governed by laws of that
+   jurisdiction, without reference to its conflict-of-law provisions. Nothing
+   in this Section shall prevent a party's ability to bring cross-claims or
+   counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject
+   matter hereof. If any provision of this License is held to be
+   unenforceable, such provision shall be reformed only to the extent
+   necessary to make it enforceable. Any law or regulation which provides that
+   the language of a contract shall be construed against the drafter shall not
+   be used to construe this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version
+      of the License under which You originally received the Covered Software,
+      or under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a
+      modified version of this License if you rename the license and remove
+      any references to the name of the license steward (except to note that
+      such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+      Licenses If You choose to distribute Source Code Form that is
+      Incompatible With Secondary Licenses under the terms of this version of
+      the License, the notice described in Exhibit B of this License must be
+      attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file,
+then You may include the notice in a location (such as a LICENSE file in a
+relevant directory) where a recipient would be likely to look for such a
+notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+
+      This Source Code Form is "Incompatible
+      With Secondary Licenses", as defined by
+      the Mozilla Public License, v. 2.0.
+
diff --git a/buf.work.yaml b/buf.work.yaml
index f89f53a2bd8a..5fab419b164b 100644
--- a/buf.work.yaml
+++ b/buf.work.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 version: v1
 directories:
diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile
index c5b3c8394ea3..2337a7270209 100644
--- a/build-support/docker/Build-Go.dockerfile
+++ b/build-support/docker/Build-Go.dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 ARG GOLANG_VERSION=1.20.7
 FROM golang:${GOLANG_VERSION}
diff --git a/build-support/docker/Build-UI.dockerfile b/build-support/docker/Build-UI.dockerfile
index 6682458137dc..9d646fb6ea69 100644
--- a/build-support/docker/Build-UI.dockerfile
+++ b/build-support/docker/Build-UI.dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 FROM docker.mirror.hashicorp.services/circleci/node:16-browsers
 
diff --git a/build-support/docker/Consul-Dev-Dbg.dockerfile b/build-support/docker/Consul-Dev-Dbg.dockerfile
index cf1ae388d1f7..488fb053264e 100644
--- a/build-support/docker/Consul-Dev-Dbg.dockerfile
+++ b/build-support/docker/Consul-Dev-Dbg.dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 FROM consul:local
 EXPOSE 4000
diff --git a/build-support/docker/Consul-Dev-Multiarch.dockerfile b/build-support/docker/Consul-Dev-Multiarch.dockerfile
index 265a1804cf11..e35a98d5f890 100644
--- a/build-support/docker/Consul-Dev-Multiarch.dockerfile
+++ b/build-support/docker/Consul-Dev-Multiarch.dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 ARG CONSUL_IMAGE_VERSION=latest
 FROM hashicorp/consul:${CONSUL_IMAGE_VERSION}
diff --git a/build-support/docker/Consul-Dev.dockerfile b/build-support/docker/Consul-Dev.dockerfile
index 122bc3192a7f..12f014969ab5 100644
--- a/build-support/docker/Consul-Dev.dockerfile
+++ b/build-support/docker/Consul-Dev.dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 ARG CONSUL_IMAGE_VERSION=latest
 FROM hashicorp/consul:${CONSUL_IMAGE_VERSION}
diff --git a/build-support/functions/00-vars.sh b/build-support/functions/00-vars.sh
index 69de94257e0c..50000f61ce23 100644
--- a/build-support/functions/00-vars.sh
+++ b/build-support/functions/00-vars.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # GPG Key ID to use for publically released builds
 HASHICORP_GPG_KEY="348FFC4C"
diff --git a/build-support/functions/10-util.sh b/build-support/functions/10-util.sh
index fdce50c5078a..9bdecd650374 100644
--- a/build-support/functions/10-util.sh
+++ b/build-support/functions/10-util.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 function err {
    if test "${COLORIZE}" -eq 1
diff --git a/build-support/functions/20-build.sh b/build-support/functions/20-build.sh
index 9f357884f1af..2788e3deeabf 100644
--- a/build-support/functions/20-build.sh
+++ b/build-support/functions/20-build.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 function supported_osarch {
    # Arguments:
diff --git a/build-support/functions/30-release.sh b/build-support/functions/30-release.sh
index d83d9f415503..26f7c1048995 100644
--- a/build-support/functions/30-release.sh
+++ b/build-support/functions/30-release.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 function tag_release {
    # Arguments:
diff --git a/build-support/scripts/build-date.sh b/build-support/scripts/build-date.sh
index 5b52bffa2647..49f3851bef47 100755
--- a/build-support/scripts/build-date.sh
+++ b/build-support/scripts/build-date.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
 readonly SCRIPT_DIR="$(dirname ${BASH_SOURCE[0]})"
diff --git a/build-support/scripts/build-docker.sh b/build-support/scripts/build-docker.sh
index 2b72aa5fb061..d36196e66bfd 100755
--- a/build-support/scripts/build-docker.sh
+++ b/build-support/scripts/build-docker.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
diff --git a/build-support/scripts/check-allowed-imports.sh b/build-support/scripts/check-allowed-imports.sh
index fb0280e6ff08..efba156c7937 100755
--- a/build-support/scripts/check-allowed-imports.sh
+++ b/build-support/scripts/check-allowed-imports.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
diff --git a/build-support/scripts/devtools.sh b/build-support/scripts/devtools.sh
index 82cf316cb334..edf4b83eae66 100755
--- a/build-support/scripts/devtools.sh
+++ b/build-support/scripts/devtools.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
diff --git a/build-support/scripts/functions.sh b/build-support/scripts/functions.sh
index 42fe385c012e..4db767f13c55 100755
--- a/build-support/scripts/functions.sh
+++ b/build-support/scripts/functions.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 #
 # NOTE: This file is meant to be sourced from other bash scripts/shells
diff --git a/build-support/scripts/protobuf.sh b/build-support/scripts/protobuf.sh
index f7b8ce559487..20d06c807763 100755
--- a/build-support/scripts/protobuf.sh
+++ b/build-support/scripts/protobuf.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
diff --git a/build-support/scripts/release.sh b/build-support/scripts/release.sh
index a8fbe84d8911..fa7e7c066d45 100755
--- a/build-support/scripts/release.sh
+++ b/build-support/scripts/release.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
diff --git a/build-support/scripts/version.sh b/build-support/scripts/version.sh
index 46630636bbfc..2bc9998813ed 100755
--- a/build-support/scripts/version.sh
+++ b/build-support/scripts/version.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
diff --git a/build-support/windows/build-consul-dev-image.sh b/build-support/windows/build-consul-dev-image.sh
index 4c03f2f9b007..ddc5e521d11a 100644
--- a/build-support/windows/build-consul-dev-image.sh
+++ b/build-support/windows/build-consul-dev-image.sh
@@ -1,4 +1,7 @@
 #!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 
 cd ../../
 rm -rf dist
diff --git a/build-support/windows/build-consul-local-images.sh b/build-support/windows/build-consul-local-images.sh
index eaa7cc10562c..8398e813bb17 100644
--- a/build-support/windows/build-consul-local-images.sh
+++ b/build-support/windows/build-consul-local-images.sh
@@ -1,4 +1,7 @@
 #!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 
 readonly HASHICORP_DOCKER_PROXY="docker.mirror.hashicorp.services"
 
diff --git a/build-support/windows/build-test-sds-server-image.sh b/build-support/windows/build-test-sds-server-image.sh
index 25de3dadbec7..6856c2f4394d 100644
--- a/build-support/windows/build-test-sds-server-image.sh
+++ b/build-support/windows/build-test-sds-server-image.sh
@@ -1,4 +1,7 @@
 #!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 
 cd ../../test/integration/connect/envoy
 
diff --git a/command/acl/acl.go b/command/acl/acl.go
index 71ef8c9a0617..745fa78175d5 100644
--- a/command/acl/acl.go
+++ b/command/acl/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/command/acl/acl_helpers.go b/command/acl/acl_helpers.go
index b0e65d224c75..3459228c61ed 100644
--- a/command/acl/acl_helpers.go
+++ b/command/acl/acl_helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/command/acl/acl_test.go b/command/acl/acl_test.go
index 2095795ff00b..c2a46f18b042 100644
--- a/command/acl/acl_test.go
+++ b/command/acl/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package acl
 
diff --git a/command/acl/agenttokens/agent_tokens.go b/command/acl/agenttokens/agent_tokens.go
index 4e4a359ace77..f4e0c496acf6 100644
--- a/command/acl/agenttokens/agent_tokens.go
+++ b/command/acl/agenttokens/agent_tokens.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agenttokens
 
diff --git a/command/acl/agenttokens/agent_tokens_test.go b/command/acl/agenttokens/agent_tokens_test.go
index d735b66d83a3..84f7fa335801 100644
--- a/command/acl/agenttokens/agent_tokens_test.go
+++ b/command/acl/agenttokens/agent_tokens_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agenttokens
 
diff --git a/command/acl/authmethod/authmethod.go b/command/acl/authmethod/authmethod.go
index 897498024c84..18b9e58c2633 100644
--- a/command/acl/authmethod/authmethod.go
+++ b/command/acl/authmethod/authmethod.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethod
 
diff --git a/command/acl/authmethod/create/authmethod_create.go b/command/acl/authmethod/create/authmethod_create.go
index 912a647d4115..17f328d2b8be 100644
--- a/command/acl/authmethod/create/authmethod_create.go
+++ b/command/acl/authmethod/create/authmethod_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethodcreate
 
diff --git a/command/acl/authmethod/create/authmethod_create_oss.go b/command/acl/authmethod/create/authmethod_create_oss.go
index ff2d488897ed..5c6ad2468393 100644
--- a/command/acl/authmethod/create/authmethod_create_oss.go
+++ b/command/acl/authmethod/create/authmethod_create_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/acl/authmethod/create/authmethod_create_test.go b/command/acl/authmethod/create/authmethod_create_test.go
index b0d6a8cfe181..b9392544929a 100644
--- a/command/acl/authmethod/create/authmethod_create_test.go
+++ b/command/acl/authmethod/create/authmethod_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethodcreate
 
diff --git a/command/acl/authmethod/delete/authmethod_delete.go b/command/acl/authmethod/delete/authmethod_delete.go
index 44548a598374..e3ccd0efdd01 100644
--- a/command/acl/authmethod/delete/authmethod_delete.go
+++ b/command/acl/authmethod/delete/authmethod_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethoddelete
 
diff --git a/command/acl/authmethod/delete/authmethod_delete_test.go b/command/acl/authmethod/delete/authmethod_delete_test.go
index 45bd3ac561cd..fc513fde7ebd 100644
--- a/command/acl/authmethod/delete/authmethod_delete_test.go
+++ b/command/acl/authmethod/delete/authmethod_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethoddelete
 
diff --git a/command/acl/authmethod/formatter.go b/command/acl/authmethod/formatter.go
index 3204af910b71..6a22443d58dd 100644
--- a/command/acl/authmethod/formatter.go
+++ b/command/acl/authmethod/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethod
 
diff --git a/command/acl/authmethod/list/authmethod_list.go b/command/acl/authmethod/list/authmethod_list.go
index 1bcf24b75a63..cae9916c12b2 100644
--- a/command/acl/authmethod/list/authmethod_list.go
+++ b/command/acl/authmethod/list/authmethod_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethodlist
 
diff --git a/command/acl/authmethod/list/authmethod_list_test.go b/command/acl/authmethod/list/authmethod_list_test.go
index 9064b252cd44..cd1aa2ac767b 100644
--- a/command/acl/authmethod/list/authmethod_list_test.go
+++ b/command/acl/authmethod/list/authmethod_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethodlist
 
diff --git a/command/acl/authmethod/read/authmethod_read.go b/command/acl/authmethod/read/authmethod_read.go
index b7860ca0660d..72d3a6f18163 100644
--- a/command/acl/authmethod/read/authmethod_read.go
+++ b/command/acl/authmethod/read/authmethod_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethodread
 
diff --git a/command/acl/authmethod/read/authmethod_read_test.go b/command/acl/authmethod/read/authmethod_read_test.go
index a24c1d2e55f2..20a18c76dfda 100644
--- a/command/acl/authmethod/read/authmethod_read_test.go
+++ b/command/acl/authmethod/read/authmethod_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethodread
 
diff --git a/command/acl/authmethod/update/authmethod_update.go b/command/acl/authmethod/update/authmethod_update.go
index 2798e6e6da8f..1c5422e88dea 100644
--- a/command/acl/authmethod/update/authmethod_update.go
+++ b/command/acl/authmethod/update/authmethod_update.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethodupdate
 
diff --git a/command/acl/authmethod/update/authmethod_update_oss.go b/command/acl/authmethod/update/authmethod_update_oss.go
index c1ea32042473..d2c10d45869e 100644
--- a/command/acl/authmethod/update/authmethod_update_oss.go
+++ b/command/acl/authmethod/update/authmethod_update_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/acl/authmethod/update/authmethod_update_test.go b/command/acl/authmethod/update/authmethod_update_test.go
index e85f270cdf69..87ddf2f2c0bc 100644
--- a/command/acl/authmethod/update/authmethod_update_test.go
+++ b/command/acl/authmethod/update/authmethod_update_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package authmethodupdate
 
diff --git a/command/acl/bindingrule/bindingrule.go b/command/acl/bindingrule/bindingrule.go
index 782041e1ac67..8d23e3ee37fa 100644
--- a/command/acl/bindingrule/bindingrule.go
+++ b/command/acl/bindingrule/bindingrule.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingrule
 
diff --git a/command/acl/bindingrule/create/bindingrule_create.go b/command/acl/bindingrule/create/bindingrule_create.go
index d5253c456e79..cdedbb744dbf 100644
--- a/command/acl/bindingrule/create/bindingrule_create.go
+++ b/command/acl/bindingrule/create/bindingrule_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingrulecreate
 
diff --git a/command/acl/bindingrule/create/bindingrule_create_test.go b/command/acl/bindingrule/create/bindingrule_create_test.go
index 43189f784c12..2985c41abf46 100644
--- a/command/acl/bindingrule/create/bindingrule_create_test.go
+++ b/command/acl/bindingrule/create/bindingrule_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingrulecreate
 
diff --git a/command/acl/bindingrule/delete/bindingrule_delete.go b/command/acl/bindingrule/delete/bindingrule_delete.go
index ffb22fc73d35..3fc02d788b4b 100644
--- a/command/acl/bindingrule/delete/bindingrule_delete.go
+++ b/command/acl/bindingrule/delete/bindingrule_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingruledelete
 
diff --git a/command/acl/bindingrule/delete/bindingrule_delete_test.go b/command/acl/bindingrule/delete/bindingrule_delete_test.go
index abd10f8add5d..9655fbb101a4 100644
--- a/command/acl/bindingrule/delete/bindingrule_delete_test.go
+++ b/command/acl/bindingrule/delete/bindingrule_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingruledelete
 
diff --git a/command/acl/bindingrule/formatter.go b/command/acl/bindingrule/formatter.go
index 1fb1feeafcc1..6d96f4b71b4e 100644
--- a/command/acl/bindingrule/formatter.go
+++ b/command/acl/bindingrule/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingrule
 
diff --git a/command/acl/bindingrule/list/bindingrule_list.go b/command/acl/bindingrule/list/bindingrule_list.go
index 2f6529af5d08..15f395afdf2f 100644
--- a/command/acl/bindingrule/list/bindingrule_list.go
+++ b/command/acl/bindingrule/list/bindingrule_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingrulelist
 
diff --git a/command/acl/bindingrule/list/bindingrule_list_test.go b/command/acl/bindingrule/list/bindingrule_list_test.go
index bbb1188f8a0f..22035341e424 100644
--- a/command/acl/bindingrule/list/bindingrule_list_test.go
+++ b/command/acl/bindingrule/list/bindingrule_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingrulelist
 
diff --git a/command/acl/bindingrule/read/bindingrule_read.go b/command/acl/bindingrule/read/bindingrule_read.go
index 25858d64851f..0ff55bd4ac2b 100644
--- a/command/acl/bindingrule/read/bindingrule_read.go
+++ b/command/acl/bindingrule/read/bindingrule_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingruleread
 
diff --git a/command/acl/bindingrule/read/bindingrule_read_test.go b/command/acl/bindingrule/read/bindingrule_read_test.go
index 9e1615e003b9..4a324edf2317 100644
--- a/command/acl/bindingrule/read/bindingrule_read_test.go
+++ b/command/acl/bindingrule/read/bindingrule_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingruleread
 
diff --git a/command/acl/bindingrule/update/bindingrule_update.go b/command/acl/bindingrule/update/bindingrule_update.go
index 59998059f476..071e2bdc01b2 100644
--- a/command/acl/bindingrule/update/bindingrule_update.go
+++ b/command/acl/bindingrule/update/bindingrule_update.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingruleupdate
 
diff --git a/command/acl/bindingrule/update/bindingrule_update_test.go b/command/acl/bindingrule/update/bindingrule_update_test.go
index 2f7437edcd33..6124e9df2dc8 100644
--- a/command/acl/bindingrule/update/bindingrule_update_test.go
+++ b/command/acl/bindingrule/update/bindingrule_update_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bindingruleupdate
 
diff --git a/command/acl/bootstrap/bootstrap.go b/command/acl/bootstrap/bootstrap.go
index 2f608bbdab34..2a2bfd3716d3 100644
--- a/command/acl/bootstrap/bootstrap.go
+++ b/command/acl/bootstrap/bootstrap.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bootstrap
 
diff --git a/command/acl/bootstrap/bootstrap_test.go b/command/acl/bootstrap/bootstrap_test.go
index ef5fcf41dc7a..e9a0e8cebee2 100644
--- a/command/acl/bootstrap/bootstrap_test.go
+++ b/command/acl/bootstrap/bootstrap_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bootstrap
 
diff --git a/command/acl/policy/create/policy_create.go b/command/acl/policy/create/policy_create.go
index 131d096b1cf2..03d836ee4ad8 100644
--- a/command/acl/policy/create/policy_create.go
+++ b/command/acl/policy/create/policy_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policycreate
 
diff --git a/command/acl/policy/create/policy_create_test.go b/command/acl/policy/create/policy_create_test.go
index 94ef7ac95f53..953dd978ed96 100644
--- a/command/acl/policy/create/policy_create_test.go
+++ b/command/acl/policy/create/policy_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policycreate
 
diff --git a/command/acl/policy/delete/policy_delete.go b/command/acl/policy/delete/policy_delete.go
index eb1fbfc83bcc..63c02a47ddd2 100644
--- a/command/acl/policy/delete/policy_delete.go
+++ b/command/acl/policy/delete/policy_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policydelete
 
diff --git a/command/acl/policy/delete/policy_delete_test.go b/command/acl/policy/delete/policy_delete_test.go
index 4e0b8ffbf627..33f121db981f 100644
--- a/command/acl/policy/delete/policy_delete_test.go
+++ b/command/acl/policy/delete/policy_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policydelete
 
diff --git a/command/acl/policy/formatter.go b/command/acl/policy/formatter.go
index 1e7897641207..dce79c390716 100644
--- a/command/acl/policy/formatter.go
+++ b/command/acl/policy/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policy
 
diff --git a/command/acl/policy/list/policy_list.go b/command/acl/policy/list/policy_list.go
index d88f57595030..44be10d6843d 100644
--- a/command/acl/policy/list/policy_list.go
+++ b/command/acl/policy/list/policy_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policylist
 
diff --git a/command/acl/policy/list/policy_list_test.go b/command/acl/policy/list/policy_list_test.go
index d9df5cc879a5..b0cc05b2a5cf 100644
--- a/command/acl/policy/list/policy_list_test.go
+++ b/command/acl/policy/list/policy_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policylist
 
diff --git a/command/acl/policy/policy.go b/command/acl/policy/policy.go
index 7a7b80cba8ff..565c67270646 100644
--- a/command/acl/policy/policy.go
+++ b/command/acl/policy/policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policy
 
diff --git a/command/acl/policy/read/policy_read.go b/command/acl/policy/read/policy_read.go
index e1b6b923df09..36f1e6534079 100644
--- a/command/acl/policy/read/policy_read.go
+++ b/command/acl/policy/read/policy_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policyread
 
diff --git a/command/acl/policy/read/policy_read_test.go b/command/acl/policy/read/policy_read_test.go
index 08fe5d1ce96c..70036457cebb 100644
--- a/command/acl/policy/read/policy_read_test.go
+++ b/command/acl/policy/read/policy_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policyread
 
diff --git a/command/acl/policy/update/policy_update.go b/command/acl/policy/update/policy_update.go
index ec0577ebb9a2..60b634073613 100644
--- a/command/acl/policy/update/policy_update.go
+++ b/command/acl/policy/update/policy_update.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policyupdate
 
diff --git a/command/acl/policy/update/policy_update_test.go b/command/acl/policy/update/policy_update_test.go
index 22fa8b4c89aa..4d77191d6433 100644
--- a/command/acl/policy/update/policy_update_test.go
+++ b/command/acl/policy/update/policy_update_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package policyupdate
 
diff --git a/command/acl/role/create/role_create.go b/command/acl/role/create/role_create.go
index 588b3a0cb659..b951367b2c5a 100644
--- a/command/acl/role/create/role_create.go
+++ b/command/acl/role/create/role_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package rolecreate
 
diff --git a/command/acl/role/create/role_create_test.go b/command/acl/role/create/role_create_test.go
index 40f15433a7bf..7094a76e6cc7 100644
--- a/command/acl/role/create/role_create_test.go
+++ b/command/acl/role/create/role_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package rolecreate
 
diff --git a/command/acl/role/delete/role_delete.go b/command/acl/role/delete/role_delete.go
index 21dc7c0d1b45..aaac306f01b2 100644
--- a/command/acl/role/delete/role_delete.go
+++ b/command/acl/role/delete/role_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package roledelete
 
diff --git a/command/acl/role/delete/role_delete_test.go b/command/acl/role/delete/role_delete_test.go
index 8a38cf2cfc3b..61897ca24557 100644
--- a/command/acl/role/delete/role_delete_test.go
+++ b/command/acl/role/delete/role_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package roledelete
 
diff --git a/command/acl/role/formatter.go b/command/acl/role/formatter.go
index 5df6085e46ac..0dba147fab0a 100644
--- a/command/acl/role/formatter.go
+++ b/command/acl/role/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package role
 
diff --git a/command/acl/role/formatter_test.go b/command/acl/role/formatter_test.go
index cd1ba90fe9a1..ac6be59b42e7 100644
--- a/command/acl/role/formatter_test.go
+++ b/command/acl/role/formatter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package role
 
diff --git a/command/acl/role/list/role_list.go b/command/acl/role/list/role_list.go
index 3582f9da63c2..558419e07067 100644
--- a/command/acl/role/list/role_list.go
+++ b/command/acl/role/list/role_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package rolelist
 
diff --git a/command/acl/role/list/role_list_test.go b/command/acl/role/list/role_list_test.go
index 651ab120278c..0a94d11a109d 100644
--- a/command/acl/role/list/role_list_test.go
+++ b/command/acl/role/list/role_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package rolelist
 
diff --git a/command/acl/role/read/role_read.go b/command/acl/role/read/role_read.go
index d6d06997ad13..027aaa80019f 100644
--- a/command/acl/role/read/role_read.go
+++ b/command/acl/role/read/role_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package roleread
 
diff --git a/command/acl/role/read/role_read_test.go b/command/acl/role/read/role_read_test.go
index c7be4cb4c037..bef1fab26016 100644
--- a/command/acl/role/read/role_read_test.go
+++ b/command/acl/role/read/role_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package roleread
 
diff --git a/command/acl/role/role.go b/command/acl/role/role.go
index 2ea085f76331..c1da51d86401 100644
--- a/command/acl/role/role.go
+++ b/command/acl/role/role.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package role
 
diff --git a/command/acl/role/update/role_update.go b/command/acl/role/update/role_update.go
index c42ab7ce9e61..731bfb1726d8 100644
--- a/command/acl/role/update/role_update.go
+++ b/command/acl/role/update/role_update.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package roleupdate
 
diff --git a/command/acl/role/update/role_update_test.go b/command/acl/role/update/role_update_test.go
index 18d611099688..07c4cb2d2da4 100644
--- a/command/acl/role/update/role_update_test.go
+++ b/command/acl/role/update/role_update_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package roleupdate
 
diff --git a/command/acl/token/clone/token_clone.go b/command/acl/token/clone/token_clone.go
index 0f4ed2473a97..127fca78762c 100644
--- a/command/acl/token/clone/token_clone.go
+++ b/command/acl/token/clone/token_clone.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokenclone
 
diff --git a/command/acl/token/clone/token_clone_test.go b/command/acl/token/clone/token_clone_test.go
index 0142db743795..7181ac0caec7 100644
--- a/command/acl/token/clone/token_clone_test.go
+++ b/command/acl/token/clone/token_clone_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokenclone
 
diff --git a/command/acl/token/create/token_create.go b/command/acl/token/create/token_create.go
index 4f33562908e8..25c00df60588 100644
--- a/command/acl/token/create/token_create.go
+++ b/command/acl/token/create/token_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokencreate
 
diff --git a/command/acl/token/create/token_create_test.go b/command/acl/token/create/token_create_test.go
index 747d9415171d..b92c64b0d154 100644
--- a/command/acl/token/create/token_create_test.go
+++ b/command/acl/token/create/token_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokencreate
 
diff --git a/command/acl/token/delete/token_delete.go b/command/acl/token/delete/token_delete.go
index 378c39911536..aa9f79903bb7 100644
--- a/command/acl/token/delete/token_delete.go
+++ b/command/acl/token/delete/token_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokendelete
 
diff --git a/command/acl/token/delete/token_delete_test.go b/command/acl/token/delete/token_delete_test.go
index 988e4afe24dc..29c1fe292d60 100644
--- a/command/acl/token/delete/token_delete_test.go
+++ b/command/acl/token/delete/token_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokendelete
 
diff --git a/command/acl/token/formatter.go b/command/acl/token/formatter.go
index dbe1a939fcec..6dec483aad61 100644
--- a/command/acl/token/formatter.go
+++ b/command/acl/token/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package token
 
diff --git a/command/acl/token/formatter_oss_test.go b/command/acl/token/formatter_oss_test.go
index 32f5b0164bff..07be7b7ef63a 100644
--- a/command/acl/token/formatter_oss_test.go
+++ b/command/acl/token/formatter_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/acl/token/formatter_test.go b/command/acl/token/formatter_test.go
index 2a5e5414d754..ba4c04981d78 100644
--- a/command/acl/token/formatter_test.go
+++ b/command/acl/token/formatter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package token
 
diff --git a/command/acl/token/list/token_list.go b/command/acl/token/list/token_list.go
index 4d7177dddf64..7f500426f336 100644
--- a/command/acl/token/list/token_list.go
+++ b/command/acl/token/list/token_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokenlist
 
diff --git a/command/acl/token/list/token_list_test.go b/command/acl/token/list/token_list_test.go
index 0a4441c47a56..c8586bde6b80 100644
--- a/command/acl/token/list/token_list_test.go
+++ b/command/acl/token/list/token_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokenlist
 
diff --git a/command/acl/token/read/token_read.go b/command/acl/token/read/token_read.go
index c5798a8b9b31..23496135bf72 100644
--- a/command/acl/token/read/token_read.go
+++ b/command/acl/token/read/token_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokenread
 
diff --git a/command/acl/token/read/token_read_test.go b/command/acl/token/read/token_read_test.go
index ea2317b79fd6..69df72e72917 100644
--- a/command/acl/token/read/token_read_test.go
+++ b/command/acl/token/read/token_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokenread
 
diff --git a/command/acl/token/token.go b/command/acl/token/token.go
index e8bb0cd420b6..db3771926ccc 100644
--- a/command/acl/token/token.go
+++ b/command/acl/token/token.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package token
 
diff --git a/command/acl/token/update/token_update.go b/command/acl/token/update/token_update.go
index 915c358d48ad..9d636ba215df 100644
--- a/command/acl/token/update/token_update.go
+++ b/command/acl/token/update/token_update.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokenupdate
 
diff --git a/command/acl/token/update/token_update_test.go b/command/acl/token/update/token_update_test.go
index b96d95d466e8..019b8554a592 100644
--- a/command/acl/token/update/token_update_test.go
+++ b/command/acl/token/update/token_update_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tokenupdate
 
diff --git a/command/agent/agent.go b/command/agent/agent.go
index c241fa2b7bc8..84515f2c94bd 100644
--- a/command/agent/agent.go
+++ b/command/agent/agent.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/command/agent/agent_test.go b/command/agent/agent_test.go
index a197c6ed4479..3fa5d1e1a31a 100644
--- a/command/agent/agent_test.go
+++ b/command/agent/agent_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/command/agent/startup_logger.go b/command/agent/startup_logger.go
index baa016a2a7b0..f324ac6c55c8 100644
--- a/command/agent/startup_logger.go
+++ b/command/agent/startup_logger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package agent
 
diff --git a/command/catalog/catalog.go b/command/catalog/catalog.go
index dbc229eb3522..f68551206007 100644
--- a/command/catalog/catalog.go
+++ b/command/catalog/catalog.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package catalog
 
diff --git a/command/catalog/catalog_test.go b/command/catalog/catalog_test.go
index 5ff5ac40e2e3..308da9452edf 100644
--- a/command/catalog/catalog_test.go
+++ b/command/catalog/catalog_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package catalog
 
diff --git a/command/catalog/helpers.go b/command/catalog/helpers.go
index 1d9ad1964d3d..f457d8f792ab 100644
--- a/command/catalog/helpers.go
+++ b/command/catalog/helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package catalog
 
diff --git a/command/catalog/helpers_oss.go b/command/catalog/helpers_oss.go
index 5f60fd9b1312..51e04218872f 100644
--- a/command/catalog/helpers_oss.go
+++ b/command/catalog/helpers_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/catalog/list/dc/catalog_list_datacenters.go b/command/catalog/list/dc/catalog_list_datacenters.go
index 7df18e7a8b70..c7531c916434 100644
--- a/command/catalog/list/dc/catalog_list_datacenters.go
+++ b/command/catalog/list/dc/catalog_list_datacenters.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dc
 
diff --git a/command/catalog/list/dc/catalog_list_datacenters_test.go b/command/catalog/list/dc/catalog_list_datacenters_test.go
index 6052db994117..68a8a8bc5055 100644
--- a/command/catalog/list/dc/catalog_list_datacenters_test.go
+++ b/command/catalog/list/dc/catalog_list_datacenters_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package dc
 
diff --git a/command/catalog/list/nodes/catalog_list_nodes.go b/command/catalog/list/nodes/catalog_list_nodes.go
index 44760182cd1b..1d1f3912f225 100644
--- a/command/catalog/list/nodes/catalog_list_nodes.go
+++ b/command/catalog/list/nodes/catalog_list_nodes.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package nodes
 
diff --git a/command/catalog/list/nodes/catalog_list_nodes_test.go b/command/catalog/list/nodes/catalog_list_nodes_test.go
index 0bef492b7b77..59db1c666bb6 100644
--- a/command/catalog/list/nodes/catalog_list_nodes_test.go
+++ b/command/catalog/list/nodes/catalog_list_nodes_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package nodes
 
diff --git a/command/catalog/list/services/catalog_list_services.go b/command/catalog/list/services/catalog_list_services.go
index 029c8bae94f4..4bbcce653295 100644
--- a/command/catalog/list/services/catalog_list_services.go
+++ b/command/catalog/list/services/catalog_list_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package services
 
diff --git a/command/catalog/list/services/catalog_list_services_test.go b/command/catalog/list/services/catalog_list_services_test.go
index 28c7c0652e89..905729410d95 100644
--- a/command/catalog/list/services/catalog_list_services_test.go
+++ b/command/catalog/list/services/catalog_list_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package services
 
diff --git a/command/cli/cli.go b/command/cli/cli.go
index 4afaeb279f66..a0bb5d78ddf7 100644
--- a/command/cli/cli.go
+++ b/command/cli/cli.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cli
 
diff --git a/command/cli/formatting.go b/command/cli/formatting.go
index 11ca247e900b..fec86797b057 100644
--- a/command/cli/formatting.go
+++ b/command/cli/formatting.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cli
 
diff --git a/command/config/config.go b/command/config/config.go
index e5fbe803a8dc..ed54954cbeb9 100644
--- a/command/config/config.go
+++ b/command/config/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package config
 
diff --git a/command/config/delete/config_delete.go b/command/config/delete/config_delete.go
index e9a9f97c7d83..baec168b172a 100644
--- a/command/config/delete/config_delete.go
+++ b/command/config/delete/config_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package delete
 
diff --git a/command/config/delete/config_delete_test.go b/command/config/delete/config_delete_test.go
index 66b5a47a71a2..d7d6d9226054 100644
--- a/command/config/delete/config_delete_test.go
+++ b/command/config/delete/config_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package delete
 
diff --git a/command/config/list/config_list.go b/command/config/list/config_list.go
index 978804a19199..4dd469590cff 100644
--- a/command/config/list/config_list.go
+++ b/command/config/list/config_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package list
 
diff --git a/command/config/list/config_list_test.go b/command/config/list/config_list_test.go
index bf188f51bd96..3e528a062fbb 100644
--- a/command/config/list/config_list_test.go
+++ b/command/config/list/config_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package list
 
diff --git a/command/config/read/config_read.go b/command/config/read/config_read.go
index 348d89373885..d3e3828817b5 100644
--- a/command/config/read/config_read.go
+++ b/command/config/read/config_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package read
 
diff --git a/command/config/read/config_read_test.go b/command/config/read/config_read_test.go
index 074c0ee30d3b..5fbf37885d0b 100644
--- a/command/config/read/config_read_test.go
+++ b/command/config/read/config_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package read
 
diff --git a/command/config/write/config_write.go b/command/config/write/config_write.go
index d8e8aff20ad8..4edfbed3bf0c 100644
--- a/command/config/write/config_write.go
+++ b/command/config/write/config_write.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package write
 
diff --git a/command/config/write/config_write_test.go b/command/config/write/config_write_test.go
index 3319084f4f21..15e7a4746532 100644
--- a/command/config/write/config_write_test.go
+++ b/command/config/write/config_write_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package write
 
diff --git a/command/connect/ca/ca.go b/command/connect/ca/ca.go
index f85ae17d6b8a..a5edd43dbc2e 100644
--- a/command/connect/ca/ca.go
+++ b/command/connect/ca/ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/command/connect/ca/ca_test.go b/command/connect/ca/ca_test.go
index eb20f57c220d..84ebe2873dd3 100644
--- a/command/connect/ca/ca_test.go
+++ b/command/connect/ca/ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/command/connect/ca/get/connect_ca_get.go b/command/connect/ca/get/connect_ca_get.go
index a2a7c6cb8b48..40b9b556a4bb 100644
--- a/command/connect/ca/get/connect_ca_get.go
+++ b/command/connect/ca/get/connect_ca_get.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package get
 
diff --git a/command/connect/ca/get/connect_ca_get_test.go b/command/connect/ca/get/connect_ca_get_test.go
index 7d628fb2940d..0e5545152c34 100644
--- a/command/connect/ca/get/connect_ca_get_test.go
+++ b/command/connect/ca/get/connect_ca_get_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package get
 
diff --git a/command/connect/ca/set/connect_ca_set.go b/command/connect/ca/set/connect_ca_set.go
index ca17f3e2129a..2c9af4ec6ea9 100644
--- a/command/connect/ca/set/connect_ca_set.go
+++ b/command/connect/ca/set/connect_ca_set.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package set
 
diff --git a/command/connect/ca/set/connect_ca_set_test.go b/command/connect/ca/set/connect_ca_set_test.go
index 1928a7dbd43f..4193d718f0dd 100644
--- a/command/connect/ca/set/connect_ca_set_test.go
+++ b/command/connect/ca/set/connect_ca_set_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package set
 
diff --git a/command/connect/connect.go b/command/connect/connect.go
index 675017291692..c92481a723ab 100644
--- a/command/connect/connect.go
+++ b/command/connect/connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/command/connect/connect_test.go b/command/connect/connect_test.go
index 452207a96b65..3098962dc4ef 100644
--- a/command/connect/connect_test.go
+++ b/command/connect/connect_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/command/connect/envoy/bootstrap_config.go b/command/connect/envoy/bootstrap_config.go
index 2a0e21c4d25d..452d3679d6f2 100644
--- a/command/connect/envoy/bootstrap_config.go
+++ b/command/connect/envoy/bootstrap_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package envoy
 
diff --git a/command/connect/envoy/bootstrap_config_test.go b/command/connect/envoy/bootstrap_config_test.go
index 293aee660091..ed00e0d9140c 100644
--- a/command/connect/envoy/bootstrap_config_test.go
+++ b/command/connect/envoy/bootstrap_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package envoy
 
diff --git a/command/connect/envoy/bootstrap_tpl.go b/command/connect/envoy/bootstrap_tpl.go
index 6d1946c90df4..4b4bbc8db77f 100644
--- a/command/connect/envoy/bootstrap_tpl.go
+++ b/command/connect/envoy/bootstrap_tpl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package envoy
 
diff --git a/command/connect/envoy/envoy.go b/command/connect/envoy/envoy.go
index 948412febf93..3489f1017a65 100644
--- a/command/connect/envoy/envoy.go
+++ b/command/connect/envoy/envoy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package envoy
 
diff --git a/command/connect/envoy/envoy_oss_test.go b/command/connect/envoy/envoy_oss_test.go
index 89e3fd303efe..9e97516cf5d2 100644
--- a/command/connect/envoy/envoy_oss_test.go
+++ b/command/connect/envoy/envoy_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/connect/envoy/envoy_test.go b/command/connect/envoy/envoy_test.go
index 517108e0330c..0e61eea1865a 100644
--- a/command/connect/envoy/envoy_test.go
+++ b/command/connect/envoy/envoy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package envoy
 
diff --git a/command/connect/envoy/exec.go b/command/connect/envoy/exec.go
index ffece038f71b..71f903c10643 100644
--- a/command/connect/envoy/exec.go
+++ b/command/connect/envoy/exec.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package envoy
 
diff --git a/command/connect/envoy/exec_supported.go b/command/connect/envoy/exec_supported.go
index 09dbf895bb12..d61cbc850781 100644
--- a/command/connect/envoy/exec_supported.go
+++ b/command/connect/envoy/exec_supported.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 //go:build linux || darwin || windows
 // +build linux darwin windows
 
diff --git a/command/connect/envoy/exec_test.go b/command/connect/envoy/exec_test.go
index 3ffc89e2f24d..0dbab3c6a035 100644
--- a/command/connect/envoy/exec_test.go
+++ b/command/connect/envoy/exec_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build linux || darwin
 // +build linux darwin
diff --git a/command/connect/envoy/exec_unix.go b/command/connect/envoy/exec_unix.go
index e3d07e2af36d..49d340483c5a 100644
--- a/command/connect/envoy/exec_unix.go
+++ b/command/connect/envoy/exec_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build linux || darwin
 // +build linux darwin
diff --git a/command/connect/envoy/exec_unsupported.go b/command/connect/envoy/exec_unsupported.go
index ebbce2dfa25f..87f45ec7afb8 100644
--- a/command/connect/envoy/exec_unsupported.go
+++ b/command/connect/envoy/exec_unsupported.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !linux && !darwin && !windows
 // +build !linux,!darwin,!windows
diff --git a/command/connect/envoy/exec_windows.go b/command/connect/envoy/exec_windows.go
index e70108794ca0..1ae4f0cddb7b 100644
--- a/command/connect/envoy/exec_windows.go
+++ b/command/connect/envoy/exec_windows.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 //go:build windows
 // +build windows
 
diff --git a/command/connect/envoy/flags.go b/command/connect/envoy/flags.go
index eed9698c72fa..4d7994ccd45d 100644
--- a/command/connect/envoy/flags.go
+++ b/command/connect/envoy/flags.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package envoy
 
diff --git a/command/connect/envoy/flags_test.go b/command/connect/envoy/flags_test.go
index 617f85269125..596c0fa1a22f 100644
--- a/command/connect/envoy/flags_test.go
+++ b/command/connect/envoy/flags_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package envoy
 
diff --git a/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go b/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go
index 48cec90b8145..e6dbc33db1eb 100644
--- a/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go
+++ b/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pipebootstrap
 
diff --git a/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap_test.go b/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap_test.go
index 8e8b982f61f8..4f271b6e7403 100644
--- a/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap_test.go
+++ b/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pipebootstrap
 
diff --git a/command/connect/expose/expose.go b/command/connect/expose/expose.go
index 0fe3e3de74a6..569ab46bab4a 100644
--- a/command/connect/expose/expose.go
+++ b/command/connect/expose/expose.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package expose
 
diff --git a/command/connect/expose/expose_test.go b/command/connect/expose/expose_test.go
index 9db76a765e82..511a495640fb 100644
--- a/command/connect/expose/expose_test.go
+++ b/command/connect/expose/expose_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package expose
 
diff --git a/command/connect/proxy/flag_upstreams.go b/command/connect/proxy/flag_upstreams.go
index 21a70c9b3c6b..47bbb730ae86 100644
--- a/command/connect/proxy/flag_upstreams.go
+++ b/command/connect/proxy/flag_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/command/connect/proxy/flag_upstreams_test.go b/command/connect/proxy/flag_upstreams_test.go
index 42647c98396d..7e47a9ad7950 100644
--- a/command/connect/proxy/flag_upstreams_test.go
+++ b/command/connect/proxy/flag_upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/command/connect/proxy/proxy.go b/command/connect/proxy/proxy.go
index 3585d798abee..9b352dab5d0c 100644
--- a/command/connect/proxy/proxy.go
+++ b/command/connect/proxy/proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/command/connect/proxy/proxy_test.go b/command/connect/proxy/proxy_test.go
index fc55eadcc9b4..f17b04f5f8e8 100644
--- a/command/connect/proxy/proxy_test.go
+++ b/command/connect/proxy/proxy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/command/connect/proxy/register.go b/command/connect/proxy/register.go
index c3051e0f9dd1..87d6dbb9a2d3 100644
--- a/command/connect/proxy/register.go
+++ b/command/connect/proxy/register.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/command/connect/proxy/register_test.go b/command/connect/proxy/register_test.go
index c1845ac6256e..823b11d23c1b 100644
--- a/command/connect/proxy/register_test.go
+++ b/command/connect/proxy/register_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/command/connect/redirecttraffic/redirect_traffic.go b/command/connect/redirecttraffic/redirect_traffic.go
index 5e92193f0b00..8a597696b7f0 100644
--- a/command/connect/redirecttraffic/redirect_traffic.go
+++ b/command/connect/redirecttraffic/redirect_traffic.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package redirecttraffic
 
diff --git a/command/connect/redirecttraffic/redirect_traffic_test.go b/command/connect/redirecttraffic/redirect_traffic_test.go
index 209cfcc35d8a..de9b362416c2 100644
--- a/command/connect/redirecttraffic/redirect_traffic_test.go
+++ b/command/connect/redirecttraffic/redirect_traffic_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package redirecttraffic
 
diff --git a/command/debug/debug.go b/command/debug/debug.go
index 0c3fcca57a83..291e0d79e86b 100644
--- a/command/debug/debug.go
+++ b/command/debug/debug.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package debug
 
diff --git a/command/debug/debug_test.go b/command/debug/debug_test.go
index e916ee9e7f0d..1340ed057f8d 100644
--- a/command/debug/debug_test.go
+++ b/command/debug/debug_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package debug
 
diff --git a/command/event/event.go b/command/event/event.go
index 5882b6005f68..73c19b6c5f77 100644
--- a/command/event/event.go
+++ b/command/event/event.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package event
 
diff --git a/command/event/event_test.go b/command/event/event_test.go
index b267e8920a75..349cb0daa816 100644
--- a/command/event/event_test.go
+++ b/command/event/event_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package event
 
diff --git a/command/exec/exec.go b/command/exec/exec.go
index 140cdea300eb..53026a6f8c87 100644
--- a/command/exec/exec.go
+++ b/command/exec/exec.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package exec
 
diff --git a/command/exec/exec_test.go b/command/exec/exec_test.go
index 74f446d11ca7..d8335160f28a 100644
--- a/command/exec/exec_test.go
+++ b/command/exec/exec_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package exec
 
diff --git a/command/flags/config.go b/command/flags/config.go
index 162ffea5a22c..39c615554d67 100644
--- a/command/flags/config.go
+++ b/command/flags/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package flags
 
diff --git a/command/flags/config_test.go b/command/flags/config_test.go
index bc718f1dc5b9..1a6d69ca4b57 100644
--- a/command/flags/config_test.go
+++ b/command/flags/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package flags
 
diff --git a/command/flags/flag_map_value.go b/command/flags/flag_map_value.go
index 58afc9f5c365..af5fec436dd5 100644
--- a/command/flags/flag_map_value.go
+++ b/command/flags/flag_map_value.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package flags
 
diff --git a/command/flags/flag_map_value_test.go b/command/flags/flag_map_value_test.go
index 4177f452afac..d04342a01b34 100644
--- a/command/flags/flag_map_value_test.go
+++ b/command/flags/flag_map_value_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package flags
 
diff --git a/command/flags/flag_slice_value.go b/command/flags/flag_slice_value.go
index b965b7654679..58428e58ce9c 100644
--- a/command/flags/flag_slice_value.go
+++ b/command/flags/flag_slice_value.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package flags
 
diff --git a/command/flags/flag_slice_value_test.go b/command/flags/flag_slice_value_test.go
index 84421f0f958a..24187f3f4183 100644
--- a/command/flags/flag_slice_value_test.go
+++ b/command/flags/flag_slice_value_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package flags
 
diff --git a/command/flags/http.go b/command/flags/http.go
index 82e59431ae71..16157adc8a1b 100644
--- a/command/flags/http.go
+++ b/command/flags/http.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package flags
 
diff --git a/command/flags/http_test.go b/command/flags/http_test.go
index baf4ac231c8d..f8b48f80cbab 100644
--- a/command/flags/http_test.go
+++ b/command/flags/http_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package flags
 
diff --git a/command/flags/merge.go b/command/flags/merge.go
index c7a475b4b1d5..251698e320fc 100644
--- a/command/flags/merge.go
+++ b/command/flags/merge.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package flags
 
diff --git a/command/flags/usage.go b/command/flags/usage.go
index 245cfd67c018..3583620bd9f6 100644
--- a/command/flags/usage.go
+++ b/command/flags/usage.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package flags
 
diff --git a/command/forceleave/forceleave.go b/command/forceleave/forceleave.go
index 1b3aac559f17..2c9e2ceb1def 100644
--- a/command/forceleave/forceleave.go
+++ b/command/forceleave/forceleave.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package forceleave
 
diff --git a/command/forceleave/forceleave_test.go b/command/forceleave/forceleave_test.go
index c29d2996b812..05d490777575 100644
--- a/command/forceleave/forceleave_test.go
+++ b/command/forceleave/forceleave_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package forceleave
 
diff --git a/command/helpers/decode_shim.go b/command/helpers/decode_shim.go
index 20ca1faeaaa8..d2a73895a57f 100644
--- a/command/helpers/decode_shim.go
+++ b/command/helpers/decode_shim.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package helpers
 
diff --git a/command/helpers/helpers.go b/command/helpers/helpers.go
index 0238c72da6f4..bc990f76fa02 100644
--- a/command/helpers/helpers.go
+++ b/command/helpers/helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package helpers
 
diff --git a/command/helpers/helpers_test.go b/command/helpers/helpers_test.go
index 8d8b2164f7e7..6479386747ba 100644
--- a/command/helpers/helpers_test.go
+++ b/command/helpers/helpers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package helpers
 
diff --git a/command/info/info.go b/command/info/info.go
index de17a53dd0d5..5bbad23eabbe 100644
--- a/command/info/info.go
+++ b/command/info/info.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package info
 
diff --git a/command/info/info_test.go b/command/info/info_test.go
index 5e046df8c484..0faac3acc660 100644
--- a/command/info/info_test.go
+++ b/command/info/info_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package info
 
diff --git a/command/intention/check/check.go b/command/intention/check/check.go
index ed8119170f47..dce63c75bc06 100644
--- a/command/intention/check/check.go
+++ b/command/intention/check/check.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package check
 
diff --git a/command/intention/check/check_test.go b/command/intention/check/check_test.go
index 7ecac4a92f53..666d44d80c55 100644
--- a/command/intention/check/check_test.go
+++ b/command/intention/check/check_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package check
 
diff --git a/command/intention/create/create.go b/command/intention/create/create.go
index c1eab7b0f12c..df92dfe302a2 100644
--- a/command/intention/create/create.go
+++ b/command/intention/create/create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package create
 
diff --git a/command/intention/create/create_test.go b/command/intention/create/create_test.go
index e74c87c2bb67..90250368ef2b 100644
--- a/command/intention/create/create_test.go
+++ b/command/intention/create/create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package create
 
diff --git a/command/intention/delete/delete.go b/command/intention/delete/delete.go
index b63029d91d86..a58ee163e687 100644
--- a/command/intention/delete/delete.go
+++ b/command/intention/delete/delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package delete
 
diff --git a/command/intention/delete/delete_test.go b/command/intention/delete/delete_test.go
index dedcf8ff2e7d..51e59c8b52db 100644
--- a/command/intention/delete/delete_test.go
+++ b/command/intention/delete/delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package delete
 
diff --git a/command/intention/format.go b/command/intention/format.go
index 868306320758..bd202cfa5081 100644
--- a/command/intention/format.go
+++ b/command/intention/format.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package intention
 
diff --git a/command/intention/get/get.go b/command/intention/get/get.go
index 1c2437962627..64dd2c8441c4 100644
--- a/command/intention/get/get.go
+++ b/command/intention/get/get.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package get
 
diff --git a/command/intention/get/get_test.go b/command/intention/get/get_test.go
index 6f6f31ee9e8b..7559a3611849 100644
--- a/command/intention/get/get_test.go
+++ b/command/intention/get/get_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package get
 
diff --git a/command/intention/helpers.go b/command/intention/helpers.go
index 60774da85c9f..abc7c21e73a1 100644
--- a/command/intention/helpers.go
+++ b/command/intention/helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package intention
 
diff --git a/command/intention/helpers_test.go b/command/intention/helpers_test.go
index 11dff93b108b..cd2db64c6911 100644
--- a/command/intention/helpers_test.go
+++ b/command/intention/helpers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package intention
 
diff --git a/command/intention/intention.go b/command/intention/intention.go
index 450ec630a49e..77ba5e2f5eae 100644
--- a/command/intention/intention.go
+++ b/command/intention/intention.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package intention
 
diff --git a/command/intention/intention_test.go b/command/intention/intention_test.go
index 098fecfa938e..3a728fc028f9 100644
--- a/command/intention/intention_test.go
+++ b/command/intention/intention_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package intention
 
diff --git a/command/intention/list/intention_list.go b/command/intention/list/intention_list.go
index f79f454dc79c..408f9d8dcd09 100644
--- a/command/intention/list/intention_list.go
+++ b/command/intention/list/intention_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package list
 
diff --git a/command/intention/list/intention_list_test.go b/command/intention/list/intention_list_test.go
index 2227c1c508e3..ccd6faefe3c1 100644
--- a/command/intention/list/intention_list_test.go
+++ b/command/intention/list/intention_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package list
 
diff --git a/command/intention/match/match.go b/command/intention/match/match.go
index b6f00d1a0e88..ee115a7b1ad8 100644
--- a/command/intention/match/match.go
+++ b/command/intention/match/match.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package match
 
diff --git a/command/intention/match/match_test.go b/command/intention/match/match_test.go
index d2a69ceada58..6715c7eba8d3 100644
--- a/command/intention/match/match_test.go
+++ b/command/intention/match/match_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package match
 
diff --git a/command/join/join.go b/command/join/join.go
index 074813993d6a..f5d041ed4b4d 100644
--- a/command/join/join.go
+++ b/command/join/join.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package join
 
diff --git a/command/join/join_test.go b/command/join/join_test.go
index e5d43c7cdea9..828cb46b6e31 100644
--- a/command/join/join_test.go
+++ b/command/join/join_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package join
 
diff --git a/command/keygen/keygen.go b/command/keygen/keygen.go
index c7ab5337c02c..e2907bda0c0d 100644
--- a/command/keygen/keygen.go
+++ b/command/keygen/keygen.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package keygen
 
diff --git a/command/keygen/keygen_test.go b/command/keygen/keygen_test.go
index a78a07cfedf7..59edb12896bd 100644
--- a/command/keygen/keygen_test.go
+++ b/command/keygen/keygen_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package keygen
 
diff --git a/command/keyring/keyring.go b/command/keyring/keyring.go
index 2f9d96f0e266..0e4756f6191f 100644
--- a/command/keyring/keyring.go
+++ b/command/keyring/keyring.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package keyring
 
diff --git a/command/keyring/keyring_test.go b/command/keyring/keyring_test.go
index 5ee1b1a8752f..68c5e7f98219 100644
--- a/command/keyring/keyring_test.go
+++ b/command/keyring/keyring_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package keyring
 
diff --git a/command/kv/del/kv_delete.go b/command/kv/del/kv_delete.go
index 89bdde4508c0..e58e4a229661 100644
--- a/command/kv/del/kv_delete.go
+++ b/command/kv/del/kv_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package del
 
diff --git a/command/kv/del/kv_delete_test.go b/command/kv/del/kv_delete_test.go
index 29d9b7bb98c4..254fb4aa5097 100644
--- a/command/kv/del/kv_delete_test.go
+++ b/command/kv/del/kv_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package del
 
diff --git a/command/kv/exp/kv_export.go b/command/kv/exp/kv_export.go
index c14acd4424d4..2f2e835bd42d 100644
--- a/command/kv/exp/kv_export.go
+++ b/command/kv/exp/kv_export.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package exp
 
diff --git a/command/kv/exp/kv_export_test.go b/command/kv/exp/kv_export_test.go
index 96e1d469113f..76da13dcd4e6 100644
--- a/command/kv/exp/kv_export_test.go
+++ b/command/kv/exp/kv_export_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package exp
 
diff --git a/command/kv/get/kv_get.go b/command/kv/get/kv_get.go
index b53173c04863..4abf0251751e 100644
--- a/command/kv/get/kv_get.go
+++ b/command/kv/get/kv_get.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package get
 
diff --git a/command/kv/get/kv_get_test.go b/command/kv/get/kv_get_test.go
index 92b6675b80a5..56318586de43 100644
--- a/command/kv/get/kv_get_test.go
+++ b/command/kv/get/kv_get_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package get
 
diff --git a/command/kv/imp/kv_import.go b/command/kv/imp/kv_import.go
index b1e6841060e6..1d91d281df84 100644
--- a/command/kv/imp/kv_import.go
+++ b/command/kv/imp/kv_import.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package imp
 
diff --git a/command/kv/imp/kv_import_test.go b/command/kv/imp/kv_import_test.go
index 3528c2119abb..6bed5684cebd 100644
--- a/command/kv/imp/kv_import_test.go
+++ b/command/kv/imp/kv_import_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package imp
 
diff --git a/command/kv/impexp/kvimpexp.go b/command/kv/impexp/kvimpexp.go
index 3235439ee539..0dc4b394e068 100644
--- a/command/kv/impexp/kvimpexp.go
+++ b/command/kv/impexp/kvimpexp.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package impexp
 
diff --git a/command/kv/kv.go b/command/kv/kv.go
index 3d98b63bdba3..86d8c258e058 100644
--- a/command/kv/kv.go
+++ b/command/kv/kv.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package kv
 
diff --git a/command/kv/kv_test.go b/command/kv/kv_test.go
index 56ee94fa7e2d..85195ee9acba 100644
--- a/command/kv/kv_test.go
+++ b/command/kv/kv_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package kv
 
diff --git a/command/kv/put/kv_put.go b/command/kv/put/kv_put.go
index 13e6ee4b9e8e..5f0580ce1431 100644
--- a/command/kv/put/kv_put.go
+++ b/command/kv/put/kv_put.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package put
 
diff --git a/command/kv/put/kv_put_test.go b/command/kv/put/kv_put_test.go
index bd07f5aab38f..1f0245c8e0f2 100644
--- a/command/kv/put/kv_put_test.go
+++ b/command/kv/put/kv_put_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package put
 
diff --git a/command/leave/leave.go b/command/leave/leave.go
index d822b5fedc54..8d997fb83c8d 100644
--- a/command/leave/leave.go
+++ b/command/leave/leave.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package leave
 
diff --git a/command/leave/leave_test.go b/command/leave/leave_test.go
index 67f16fefb74a..317a6862b91e 100644
--- a/command/leave/leave_test.go
+++ b/command/leave/leave_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package leave
 
diff --git a/command/lock/lock.go b/command/lock/lock.go
index f1acfd4f9093..a662babe041f 100644
--- a/command/lock/lock.go
+++ b/command/lock/lock.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lock
 
diff --git a/command/lock/lock_test.go b/command/lock/lock_test.go
index d90a7c0826c9..f32de5bc5e46 100644
--- a/command/lock/lock_test.go
+++ b/command/lock/lock_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lock
 
diff --git a/command/lock/util_unix.go b/command/lock/util_unix.go
index 3c754560b4e1..d2c9bf1dd41d 100644
--- a/command/lock/util_unix.go
+++ b/command/lock/util_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !windows
 // +build !windows
diff --git a/command/lock/util_windows.go b/command/lock/util_windows.go
index 9a271af66d1d..12f148fa00c1 100644
--- a/command/lock/util_windows.go
+++ b/command/lock/util_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build windows
 // +build windows
diff --git a/command/login/aws.go b/command/login/aws.go
index 99230679c13d..e7fb6af58eef 100644
--- a/command/login/aws.go
+++ b/command/login/aws.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package login
 
diff --git a/command/login/login.go b/command/login/login.go
index 18f2762c9954..0ab523785292 100644
--- a/command/login/login.go
+++ b/command/login/login.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package login
 
diff --git a/command/login/login_oss.go b/command/login/login_oss.go
index 365d89dfd5de..34f935177816 100644
--- a/command/login/login_oss.go
+++ b/command/login/login_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/login/login_test.go b/command/login/login_test.go
index 918e1fcbff2f..c3bf11767617 100644
--- a/command/login/login_test.go
+++ b/command/login/login_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package login
 
diff --git a/command/logout/logout.go b/command/logout/logout.go
index 8ff8fb677892..35365f446954 100644
--- a/command/logout/logout.go
+++ b/command/logout/logout.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logout
 
diff --git a/command/logout/logout_test.go b/command/logout/logout_test.go
index 1e3890bb8acb..7228def746b8 100644
--- a/command/logout/logout_test.go
+++ b/command/logout/logout_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logout
 
diff --git a/command/maint/maint.go b/command/maint/maint.go
index e9d189157b1f..252aa1de46a7 100644
--- a/command/maint/maint.go
+++ b/command/maint/maint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package maint
 
diff --git a/command/maint/maint_test.go b/command/maint/maint_test.go
index c182ecbdf3ab..eabd173a623f 100644
--- a/command/maint/maint_test.go
+++ b/command/maint/maint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package maint
 
diff --git a/command/members/members.go b/command/members/members.go
index 9895837f6484..7b10612643b0 100644
--- a/command/members/members.go
+++ b/command/members/members.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package members
 
diff --git a/command/members/members_test.go b/command/members/members_test.go
index 646c51ec6248..76e3bbe1260d 100644
--- a/command/members/members_test.go
+++ b/command/members/members_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package members
 
diff --git a/command/monitor/monitor.go b/command/monitor/monitor.go
index 0703b34a0512..e1d0e8597d50 100644
--- a/command/monitor/monitor.go
+++ b/command/monitor/monitor.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package monitor
 
diff --git a/command/monitor/monitor_test.go b/command/monitor/monitor_test.go
index 61abfb6c9bf0..e9eacdda4caf 100644
--- a/command/monitor/monitor_test.go
+++ b/command/monitor/monitor_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package monitor
 
diff --git a/command/operator/autopilot/get/operator_autopilot_get.go b/command/operator/autopilot/get/operator_autopilot_get.go
index d89167278267..5cc2dc351e34 100644
--- a/command/operator/autopilot/get/operator_autopilot_get.go
+++ b/command/operator/autopilot/get/operator_autopilot_get.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package get
 
diff --git a/command/operator/autopilot/get/operator_autopilot_get_test.go b/command/operator/autopilot/get/operator_autopilot_get_test.go
index fc5e0f12e1ae..264706ea2445 100644
--- a/command/operator/autopilot/get/operator_autopilot_get_test.go
+++ b/command/operator/autopilot/get/operator_autopilot_get_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package get
 
diff --git a/command/operator/autopilot/operator_autopilot.go b/command/operator/autopilot/operator_autopilot.go
index 38d51641eb59..d1de582fbecf 100644
--- a/command/operator/autopilot/operator_autopilot.go
+++ b/command/operator/autopilot/operator_autopilot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autopilot
 
diff --git a/command/operator/autopilot/operator_autopilot_test.go b/command/operator/autopilot/operator_autopilot_test.go
index 9fa91f988b2f..9861749b172a 100644
--- a/command/operator/autopilot/operator_autopilot_test.go
+++ b/command/operator/autopilot/operator_autopilot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package autopilot
 
diff --git a/command/operator/autopilot/set/operator_autopilot_set.go b/command/operator/autopilot/set/operator_autopilot_set.go
index c396dd5d966c..6a8dd5fec9ae 100644
--- a/command/operator/autopilot/set/operator_autopilot_set.go
+++ b/command/operator/autopilot/set/operator_autopilot_set.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package set
 
diff --git a/command/operator/autopilot/set/operator_autopilot_set_test.go b/command/operator/autopilot/set/operator_autopilot_set_test.go
index c8d757bdbbc7..b92e7ef4b4fd 100644
--- a/command/operator/autopilot/set/operator_autopilot_set_test.go
+++ b/command/operator/autopilot/set/operator_autopilot_set_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package set
 
diff --git a/command/operator/autopilot/state/formatter.go b/command/operator/autopilot/state/formatter.go
index f4e42a6578ed..11cec09c6a16 100644
--- a/command/operator/autopilot/state/formatter.go
+++ b/command/operator/autopilot/state/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/command/operator/autopilot/state/operator_autopilot_state.go b/command/operator/autopilot/state/operator_autopilot_state.go
index b5fd6d071886..be85fdb3ccf1 100644
--- a/command/operator/autopilot/state/operator_autopilot_state.go
+++ b/command/operator/autopilot/state/operator_autopilot_state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/command/operator/autopilot/state/operator_autopilot_state_test.go b/command/operator/autopilot/state/operator_autopilot_state_test.go
index b18db7836d24..a2d51438a6e3 100644
--- a/command/operator/autopilot/state/operator_autopilot_state_test.go
+++ b/command/operator/autopilot/state/operator_autopilot_state_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package state
 
diff --git a/command/operator/operator.go b/command/operator/operator.go
index b66924d3cb71..06c8c7622e48 100644
--- a/command/operator/operator.go
+++ b/command/operator/operator.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package operator
 
diff --git a/command/operator/operator_test.go b/command/operator/operator_test.go
index 822ffc52347d..d25f4fc4f8d3 100644
--- a/command/operator/operator_test.go
+++ b/command/operator/operator_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package operator
 
diff --git a/command/operator/raft/listpeers/operator_raft_list.go b/command/operator/raft/listpeers/operator_raft_list.go
index 29643a87cf33..abe682c10371 100644
--- a/command/operator/raft/listpeers/operator_raft_list.go
+++ b/command/operator/raft/listpeers/operator_raft_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package listpeers
 
diff --git a/command/operator/raft/listpeers/operator_raft_list_test.go b/command/operator/raft/listpeers/operator_raft_list_test.go
index 0694e0dd1046..c29ed9d418e9 100644
--- a/command/operator/raft/listpeers/operator_raft_list_test.go
+++ b/command/operator/raft/listpeers/operator_raft_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package listpeers
 
diff --git a/command/operator/raft/operator_raft.go b/command/operator/raft/operator_raft.go
index 42b6175e974d..52bcb446f9b1 100644
--- a/command/operator/raft/operator_raft.go
+++ b/command/operator/raft/operator_raft.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package raft
 
diff --git a/command/operator/raft/operator_raft_test.go b/command/operator/raft/operator_raft_test.go
index 275606ab5aec..cac0545fa511 100644
--- a/command/operator/raft/operator_raft_test.go
+++ b/command/operator/raft/operator_raft_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package raft
 
diff --git a/command/operator/raft/removepeer/operator_raft_remove.go b/command/operator/raft/removepeer/operator_raft_remove.go
index eea10a045d9a..12692d4d5225 100644
--- a/command/operator/raft/removepeer/operator_raft_remove.go
+++ b/command/operator/raft/removepeer/operator_raft_remove.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package removepeer
 
diff --git a/command/operator/raft/removepeer/operator_raft_remove_test.go b/command/operator/raft/removepeer/operator_raft_remove_test.go
index e81fc1474a38..e7647712647d 100644
--- a/command/operator/raft/removepeer/operator_raft_remove_test.go
+++ b/command/operator/raft/removepeer/operator_raft_remove_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package removepeer
 
diff --git a/command/operator/raft/transferleader/transfer_leader.go b/command/operator/raft/transferleader/transfer_leader.go
index 9e3630c05601..ebeb77dfc82c 100644
--- a/command/operator/raft/transferleader/transfer_leader.go
+++ b/command/operator/raft/transferleader/transfer_leader.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package transferleader
 
diff --git a/command/operator/raft/transferleader/transfer_leader_test.go b/command/operator/raft/transferleader/transfer_leader_test.go
index 7c0fc4115dbc..2b56fe1d784f 100644
--- a/command/operator/raft/transferleader/transfer_leader_test.go
+++ b/command/operator/raft/transferleader/transfer_leader_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package transferleader
 
diff --git a/command/operator/usage/instances/usage_instances.go b/command/operator/usage/instances/usage_instances.go
index 1ac90dce8d36..83231db0a1d4 100644
--- a/command/operator/usage/instances/usage_instances.go
+++ b/command/operator/usage/instances/usage_instances.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package instances
 
diff --git a/command/operator/usage/instances/usage_instances_oss.go b/command/operator/usage/instances/usage_instances_oss.go
index dc9511b32ce2..ef614edfac26 100644
--- a/command/operator/usage/instances/usage_instances_oss.go
+++ b/command/operator/usage/instances/usage_instances_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/operator/usage/instances/usage_instances_oss_test.go b/command/operator/usage/instances/usage_instances_oss_test.go
index 478b9f42118b..a064828a45f3 100644
--- a/command/operator/usage/instances/usage_instances_oss_test.go
+++ b/command/operator/usage/instances/usage_instances_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/operator/usage/instances/usage_instances_test.go b/command/operator/usage/instances/usage_instances_test.go
index 8ad38e1b0c53..7dac04dd3e32 100644
--- a/command/operator/usage/instances/usage_instances_test.go
+++ b/command/operator/usage/instances/usage_instances_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package instances
 
diff --git a/command/operator/usage/usage.go b/command/operator/usage/usage.go
index 3d733f8f36ff..6e7cde57e4bf 100644
--- a/command/operator/usage/usage.go
+++ b/command/operator/usage/usage.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package usage
 
diff --git a/command/peering/delete/delete.go b/command/peering/delete/delete.go
index f4399b73ce2f..039ace539188 100644
--- a/command/peering/delete/delete.go
+++ b/command/peering/delete/delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package delete
 
diff --git a/command/peering/delete/delete_test.go b/command/peering/delete/delete_test.go
index 56d0d495a897..5aa299b78d52 100644
--- a/command/peering/delete/delete_test.go
+++ b/command/peering/delete/delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package delete
 
diff --git a/command/peering/establish/establish.go b/command/peering/establish/establish.go
index ef5178eecf8a..42178f149040 100644
--- a/command/peering/establish/establish.go
+++ b/command/peering/establish/establish.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package establish
 
diff --git a/command/peering/establish/establish_test.go b/command/peering/establish/establish_test.go
index 515b727f78b6..25abae316bc4 100644
--- a/command/peering/establish/establish_test.go
+++ b/command/peering/establish/establish_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package establish
 
diff --git a/command/peering/generate/generate.go b/command/peering/generate/generate.go
index 26410480f517..e2122aa7aa09 100644
--- a/command/peering/generate/generate.go
+++ b/command/peering/generate/generate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package generate
 
diff --git a/command/peering/generate/generate_test.go b/command/peering/generate/generate_test.go
index 529f46aacdf6..863b266ed15e 100644
--- a/command/peering/generate/generate_test.go
+++ b/command/peering/generate/generate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package generate
 
diff --git a/command/peering/list/list.go b/command/peering/list/list.go
index 87fb6bade599..10e85d9b582f 100644
--- a/command/peering/list/list.go
+++ b/command/peering/list/list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package list
 
diff --git a/command/peering/list/list_test.go b/command/peering/list/list_test.go
index f923e6d2b761..43da9684728e 100644
--- a/command/peering/list/list_test.go
+++ b/command/peering/list/list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package list
 
diff --git a/command/peering/peering.go b/command/peering/peering.go
index 2a4834e514c2..157dd42c63d7 100644
--- a/command/peering/peering.go
+++ b/command/peering/peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peering
 
diff --git a/command/peering/read/read.go b/command/peering/read/read.go
index ddd44cb4fe8b..8d15210fcfaa 100644
--- a/command/peering/read/read.go
+++ b/command/peering/read/read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package read
 
diff --git a/command/peering/read/read_test.go b/command/peering/read/read_test.go
index 42b354466175..90a2ac879244 100644
--- a/command/peering/read/read_test.go
+++ b/command/peering/read/read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package read
 
diff --git a/command/registry.go b/command/registry.go
index b370f14bc872..f01e3a108041 100644
--- a/command/registry.go
+++ b/command/registry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package command
 
diff --git a/command/registry_oss.go b/command/registry_oss.go
index 2a7708221022..7ea2f73a12f9 100644
--- a/command/registry_oss.go
+++ b/command/registry_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/reload/reload.go b/command/reload/reload.go
index b0989817fdc0..458b90cbf6a8 100644
--- a/command/reload/reload.go
+++ b/command/reload/reload.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package reload
 
diff --git a/command/reload/reload_test.go b/command/reload/reload_test.go
index d75712c53934..11313fb13841 100644
--- a/command/reload/reload_test.go
+++ b/command/reload/reload_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package reload
 
diff --git a/command/rtt/rtt.go b/command/rtt/rtt.go
index f7a7414511d6..db9e3efd06be 100644
--- a/command/rtt/rtt.go
+++ b/command/rtt/rtt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package rtt
 
diff --git a/command/rtt/rtt_test.go b/command/rtt/rtt_test.go
index 8534fc1a59bc..4b0621cfe33f 100644
--- a/command/rtt/rtt_test.go
+++ b/command/rtt/rtt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package rtt
 
diff --git a/command/services/config.go b/command/services/config.go
index f881778956d6..1a173078d6f0 100644
--- a/command/services/config.go
+++ b/command/services/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package services
 
diff --git a/command/services/config_test.go b/command/services/config_test.go
index e8770337d4d9..b8a2207fb9e8 100644
--- a/command/services/config_test.go
+++ b/command/services/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package services
 
diff --git a/command/services/deregister/deregister.go b/command/services/deregister/deregister.go
index 69a4ef9437d7..bff2c972704a 100644
--- a/command/services/deregister/deregister.go
+++ b/command/services/deregister/deregister.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package deregister
 
diff --git a/command/services/deregister/deregister_test.go b/command/services/deregister/deregister_test.go
index 15d9ffddb22b..2ee9d8de5fab 100644
--- a/command/services/deregister/deregister_test.go
+++ b/command/services/deregister/deregister_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package deregister
 
diff --git a/command/services/export/export.go b/command/services/export/export.go
index 637553f93e6c..49a575660200 100644
--- a/command/services/export/export.go
+++ b/command/services/export/export.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package export
 
 import (
diff --git a/command/services/export/export_test.go b/command/services/export/export_test.go
index 6a2dfa9d67b0..aa13aff63c23 100644
--- a/command/services/export/export_test.go
+++ b/command/services/export/export_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package export
 
 import (
diff --git a/command/services/register/register.go b/command/services/register/register.go
index 6e5f7a0fcfa5..33599dda0132 100644
--- a/command/services/register/register.go
+++ b/command/services/register/register.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package register
 
diff --git a/command/services/register/register_test.go b/command/services/register/register_test.go
index 2004610cf50d..24d5f4fb87ea 100644
--- a/command/services/register/register_test.go
+++ b/command/services/register/register_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package register
 
diff --git a/command/services/services.go b/command/services/services.go
index 9c12445def7e..521092f063ae 100644
--- a/command/services/services.go
+++ b/command/services/services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package services
 
diff --git a/command/services/services_test.go b/command/services/services_test.go
index 11a31cd16dbe..a2d4b45262be 100644
--- a/command/services/services_test.go
+++ b/command/services/services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package services
 
diff --git a/command/snapshot/inspect/formatter.go b/command/snapshot/inspect/formatter.go
index 2898bf174fb0..53da998b25c8 100644
--- a/command/snapshot/inspect/formatter.go
+++ b/command/snapshot/inspect/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inspect
 
diff --git a/command/snapshot/inspect/formatter_test.go b/command/snapshot/inspect/formatter_test.go
index b55ea6b972a2..48b8d1da4d96 100644
--- a/command/snapshot/inspect/formatter_test.go
+++ b/command/snapshot/inspect/formatter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inspect
 
diff --git a/command/snapshot/inspect/snapshot_inspect.go b/command/snapshot/inspect/snapshot_inspect.go
index 018d3f3dec34..483e937eb481 100644
--- a/command/snapshot/inspect/snapshot_inspect.go
+++ b/command/snapshot/inspect/snapshot_inspect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inspect
 
diff --git a/command/snapshot/inspect/snapshot_inspect_test.go b/command/snapshot/inspect/snapshot_inspect_test.go
index f6a799078368..1f7ff69f1bc3 100644
--- a/command/snapshot/inspect/snapshot_inspect_test.go
+++ b/command/snapshot/inspect/snapshot_inspect_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inspect
 
diff --git a/command/snapshot/restore/snapshot_restore.go b/command/snapshot/restore/snapshot_restore.go
index 170e77685dc2..aaa08a162d7a 100644
--- a/command/snapshot/restore/snapshot_restore.go
+++ b/command/snapshot/restore/snapshot_restore.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package restore
 
diff --git a/command/snapshot/restore/snapshot_restore_test.go b/command/snapshot/restore/snapshot_restore_test.go
index 076df99a6bdd..61c8b2bed0d6 100644
--- a/command/snapshot/restore/snapshot_restore_test.go
+++ b/command/snapshot/restore/snapshot_restore_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package restore
 
diff --git a/command/snapshot/save/snapshot_save.go b/command/snapshot/save/snapshot_save.go
index f250202be897..2395a4f3a038 100644
--- a/command/snapshot/save/snapshot_save.go
+++ b/command/snapshot/save/snapshot_save.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package save
 
diff --git a/command/snapshot/save/snapshot_save_test.go b/command/snapshot/save/snapshot_save_test.go
index 915ba5e5f5ee..a95b537e9475 100644
--- a/command/snapshot/save/snapshot_save_test.go
+++ b/command/snapshot/save/snapshot_save_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package save
 
diff --git a/command/snapshot/snapshot_command.go b/command/snapshot/snapshot_command.go
index 7378f5449f29..2e96550e191f 100644
--- a/command/snapshot/snapshot_command.go
+++ b/command/snapshot/snapshot_command.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package snapshot
 
diff --git a/command/snapshot/snapshot_command_test.go b/command/snapshot/snapshot_command_test.go
index 99db9533a31d..d38f5cde9271 100644
--- a/command/snapshot/snapshot_command_test.go
+++ b/command/snapshot/snapshot_command_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package snapshot
 
diff --git a/command/tls/ca/create/tls_ca_create.go b/command/tls/ca/create/tls_ca_create.go
index 4c25f8aec7a2..43a9c249f154 100644
--- a/command/tls/ca/create/tls_ca_create.go
+++ b/command/tls/ca/create/tls_ca_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package create
 
diff --git a/command/tls/ca/create/tls_ca_create_test.go b/command/tls/ca/create/tls_ca_create_test.go
index d9e837e56d7f..aee2b69062cf 100644
--- a/command/tls/ca/create/tls_ca_create_test.go
+++ b/command/tls/ca/create/tls_ca_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package create
 
diff --git a/command/tls/ca/tls_ca.go b/command/tls/ca/tls_ca.go
index 65207c0dc8ba..ef943a4fbfe0 100644
--- a/command/tls/ca/tls_ca.go
+++ b/command/tls/ca/tls_ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/command/tls/ca/tls_ca_test.go b/command/tls/ca/tls_ca_test.go
index 74cd8de37da4..d24c15665f30 100644
--- a/command/tls/ca/tls_ca_test.go
+++ b/command/tls/ca/tls_ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ca
 
diff --git a/command/tls/cert/create/tls_cert_create.go b/command/tls/cert/create/tls_cert_create.go
index 7af36bc986cd..9e0f92173bd1 100644
--- a/command/tls/cert/create/tls_cert_create.go
+++ b/command/tls/cert/create/tls_cert_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package create
 
diff --git a/command/tls/cert/create/tls_cert_create_test.go b/command/tls/cert/create/tls_cert_create_test.go
index 9f9fa1385a21..6e807d4a4fc7 100644
--- a/command/tls/cert/create/tls_cert_create_test.go
+++ b/command/tls/cert/create/tls_cert_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package create
 
diff --git a/command/tls/cert/tls_cert.go b/command/tls/cert/tls_cert.go
index 17795507e431..38551ef6c621 100644
--- a/command/tls/cert/tls_cert.go
+++ b/command/tls/cert/tls_cert.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cert
 
diff --git a/command/tls/cert/tls_cert_test.go b/command/tls/cert/tls_cert_test.go
index ab5144813de6..912ff3e58e4b 100644
--- a/command/tls/cert/tls_cert_test.go
+++ b/command/tls/cert/tls_cert_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cert
 
diff --git a/command/tls/tls.go b/command/tls/tls.go
index fda3c4a12331..a25a313ed02e 100644
--- a/command/tls/tls.go
+++ b/command/tls/tls.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tls
 
diff --git a/command/tls/tls_test.go b/command/tls/tls_test.go
index dd34df10fd28..7bd99fd4c11c 100644
--- a/command/tls/tls_test.go
+++ b/command/tls/tls_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tls
 
diff --git a/command/troubleshoot/proxy/troubleshoot_proxy.go b/command/troubleshoot/proxy/troubleshoot_proxy.go
index 08928b9e5453..1f513043fb17 100644
--- a/command/troubleshoot/proxy/troubleshoot_proxy.go
+++ b/command/troubleshoot/proxy/troubleshoot_proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/command/troubleshoot/troubleshoot.go b/command/troubleshoot/troubleshoot.go
index 431c671ee732..36c77ff10435 100644
--- a/command/troubleshoot/troubleshoot.go
+++ b/command/troubleshoot/troubleshoot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/command/troubleshoot/troubleshoot_test.go b/command/troubleshoot/troubleshoot_test.go
index 9ec2f68665a3..a0e3f1c06957 100644
--- a/command/troubleshoot/troubleshoot_test.go
+++ b/command/troubleshoot/troubleshoot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/command/troubleshoot/upstreams/troubleshoot_upstreams.go b/command/troubleshoot/upstreams/troubleshoot_upstreams.go
index 19737c735330..5796dac58376 100644
--- a/command/troubleshoot/upstreams/troubleshoot_upstreams.go
+++ b/command/troubleshoot/upstreams/troubleshoot_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package upstreams
 
diff --git a/command/validate/validate.go b/command/validate/validate.go
index a44120a89f8b..1a9630c65f47 100644
--- a/command/validate/validate.go
+++ b/command/validate/validate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package validate
 
diff --git a/command/validate/validate_test.go b/command/validate/validate_test.go
index fdd0c7b2f2ff..dc5b519dbe31 100644
--- a/command/validate/validate_test.go
+++ b/command/validate/validate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package validate
 
diff --git a/command/version/formatter.go b/command/version/formatter.go
index c7c16da4419b..612c305a7985 100644
--- a/command/version/formatter.go
+++ b/command/version/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package version
 
diff --git a/command/version/formatter_test.go b/command/version/formatter_test.go
index b5c0bd2482b9..45e4019dfb5c 100644
--- a/command/version/formatter_test.go
+++ b/command/version/formatter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package version
 
diff --git a/command/version/version.go b/command/version/version.go
index 1c2157a8eae8..da8978c3e72f 100644
--- a/command/version/version.go
+++ b/command/version/version.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package version
 
diff --git a/command/version/version_test.go b/command/version/version_test.go
index 45bd4fc6ac4c..d0af11506e38 100644
--- a/command/version/version_test.go
+++ b/command/version/version_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package version
 
diff --git a/command/watch/watch.go b/command/watch/watch.go
index b187fa369ab4..205ff3fb083d 100644
--- a/command/watch/watch.go
+++ b/command/watch/watch.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package watch
 
diff --git a/command/watch/watch_test.go b/command/watch/watch_test.go
index ed830a2aa7f3..ba29c2731a8c 100644
--- a/command/watch/watch_test.go
+++ b/command/watch/watch_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package watch
 
diff --git a/connect/certgen/certgen.go b/connect/certgen/certgen.go
index ced3720cd81b..509e7f8df4f3 100644
--- a/connect/certgen/certgen.go
+++ b/connect/certgen/certgen.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // certgen: a tool for generating test certificates on disk for use as
 // test-fixtures and for end-to-end testing and local development.
diff --git a/connect/example_test.go b/connect/example_test.go
index 666f2f09db6d..51571bf1818c 100644
--- a/connect/example_test.go
+++ b/connect/example_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/connect/proxy/config.go b/connect/proxy/config.go
index 9d5e85bf4dee..19476d48d49f 100644
--- a/connect/proxy/config.go
+++ b/connect/proxy/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/connect/proxy/config_test.go b/connect/proxy/config_test.go
index 55bd64e1b18a..a19695831681 100644
--- a/connect/proxy/config_test.go
+++ b/connect/proxy/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/connect/proxy/conn.go b/connect/proxy/conn.go
index 2c9314642ee2..acc1a49eb4b7 100644
--- a/connect/proxy/conn.go
+++ b/connect/proxy/conn.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/connect/proxy/conn_test.go b/connect/proxy/conn_test.go
index 95836af0d9e4..b5be7952d0ee 100644
--- a/connect/proxy/conn_test.go
+++ b/connect/proxy/conn_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/connect/proxy/listener.go b/connect/proxy/listener.go
index 97d607c751f6..fc823d271284 100644
--- a/connect/proxy/listener.go
+++ b/connect/proxy/listener.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/connect/proxy/listener_test.go b/connect/proxy/listener_test.go
index 9b4e573a4aa1..5554ecf353a6 100644
--- a/connect/proxy/listener_test.go
+++ b/connect/proxy/listener_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/connect/proxy/proxy.go b/connect/proxy/proxy.go
index f5e7f913460f..c365862ad8ec 100644
--- a/connect/proxy/proxy.go
+++ b/connect/proxy/proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/connect/proxy/proxy_test.go b/connect/proxy/proxy_test.go
index 876a91c81a4d..20b4cdd55efe 100644
--- a/connect/proxy/proxy_test.go
+++ b/connect/proxy/proxy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/connect/proxy/testing.go b/connect/proxy/testing.go
index 7f8604394af7..6756f16a2567 100644
--- a/connect/proxy/testing.go
+++ b/connect/proxy/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxy
 
diff --git a/connect/resolver.go b/connect/resolver.go
index eb68b1c12335..fa89bc36d33d 100644
--- a/connect/resolver.go
+++ b/connect/resolver.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/connect/resolver_test.go b/connect/resolver_test.go
index 51bc13ee28d4..3aece268b5dc 100644
--- a/connect/resolver_test.go
+++ b/connect/resolver_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/connect/service.go b/connect/service.go
index 1260b065a068..ea38dd59b2e5 100644
--- a/connect/service.go
+++ b/connect/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/connect/service_test.go b/connect/service_test.go
index 87f522214cee..0f6ed51a8b45 100644
--- a/connect/service_test.go
+++ b/connect/service_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/connect/testing.go b/connect/testing.go
index 4fe1a54f6e09..1017ee15f5e7 100644
--- a/connect/testing.go
+++ b/connect/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/connect/tls.go b/connect/tls.go
index ed34b3315b51..3d29cf48e1c0 100644
--- a/connect/tls.go
+++ b/connect/tls.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/connect/tls_test.go b/connect/tls_test.go
index 5c96371c9443..74609b1740e3 100644
--- a/connect/tls_test.go
+++ b/connect/tls_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package connect
 
diff --git a/envoyextensions/extensioncommon/basic_envoy_extender.go b/envoyextensions/extensioncommon/basic_envoy_extender.go
index a99d7439fea8..86cee8f14a4e 100644
--- a/envoyextensions/extensioncommon/basic_envoy_extender.go
+++ b/envoyextensions/extensioncommon/basic_envoy_extender.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/basic_extension_adapter.go b/envoyextensions/extensioncommon/basic_extension_adapter.go
index fbf73f34c298..39e1e8c8363b 100644
--- a/envoyextensions/extensioncommon/basic_extension_adapter.go
+++ b/envoyextensions/extensioncommon/basic_extension_adapter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/envoy_extender.go b/envoyextensions/extensioncommon/envoy_extender.go
index 8b713f00bad7..269f01acd6de 100644
--- a/envoyextensions/extensioncommon/envoy_extender.go
+++ b/envoyextensions/extensioncommon/envoy_extender.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/envoy_extender_test.go b/envoyextensions/extensioncommon/envoy_extender_test.go
index 48e338ed896f..9fe6b49aeb33 100644
--- a/envoyextensions/extensioncommon/envoy_extender_test.go
+++ b/envoyextensions/extensioncommon/envoy_extender_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package extensioncommon
 
 import (
diff --git a/envoyextensions/extensioncommon/resources.go b/envoyextensions/extensioncommon/resources.go
index 22c6c3ffa9ee..989c35dba739 100644
--- a/envoyextensions/extensioncommon/resources.go
+++ b/envoyextensions/extensioncommon/resources.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/resources_test.go b/envoyextensions/extensioncommon/resources_test.go
index 659da8770ea6..477e66494ce5 100644
--- a/envoyextensions/extensioncommon/resources_test.go
+++ b/envoyextensions/extensioncommon/resources_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/runtime_config.go b/envoyextensions/extensioncommon/runtime_config.go
index a20e4ed04e64..2a5e7d60077b 100644
--- a/envoyextensions/extensioncommon/runtime_config.go
+++ b/envoyextensions/extensioncommon/runtime_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/runtime_config_test.go b/envoyextensions/extensioncommon/runtime_config_test.go
index fa2ac8df5f42..8c4c9bed6eb6 100644
--- a/envoyextensions/extensioncommon/runtime_config_test.go
+++ b/envoyextensions/extensioncommon/runtime_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/upstream_envoy_extender.go b/envoyextensions/extensioncommon/upstream_envoy_extender.go
index 135aca3f82e7..35cebe2fa530 100644
--- a/envoyextensions/extensioncommon/upstream_envoy_extender.go
+++ b/envoyextensions/extensioncommon/upstream_envoy_extender.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package extensioncommon
 
diff --git a/envoyextensions/xdscommon/envoy_versioning.go b/envoyextensions/xdscommon/envoy_versioning.go
index 393a96bf9e80..c5f9d4798c10 100644
--- a/envoyextensions/xdscommon/envoy_versioning.go
+++ b/envoyextensions/xdscommon/envoy_versioning.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xdscommon
 
diff --git a/envoyextensions/xdscommon/envoy_versioning_test.go b/envoyextensions/xdscommon/envoy_versioning_test.go
index 8cf3948f8ad1..bc02e9c4aadc 100644
--- a/envoyextensions/xdscommon/envoy_versioning_test.go
+++ b/envoyextensions/xdscommon/envoy_versioning_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xdscommon
 
diff --git a/envoyextensions/xdscommon/proxysupport.go b/envoyextensions/xdscommon/proxysupport.go
index 290d4e03b86d..764d967616f6 100644
--- a/envoyextensions/xdscommon/proxysupport.go
+++ b/envoyextensions/xdscommon/proxysupport.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xdscommon
 
diff --git a/envoyextensions/xdscommon/proxysupport_test.go b/envoyextensions/xdscommon/proxysupport_test.go
index 042ab5ad874e..cc90b726c9d9 100644
--- a/envoyextensions/xdscommon/proxysupport_test.go
+++ b/envoyextensions/xdscommon/proxysupport_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xdscommon
 
diff --git a/envoyextensions/xdscommon/xdscommon.go b/envoyextensions/xdscommon/xdscommon.go
index 30c82de9ae56..efc2c5a87dd5 100644
--- a/envoyextensions/xdscommon/xdscommon.go
+++ b/envoyextensions/xdscommon/xdscommon.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xdscommon
 
diff --git a/envoyextensions/xdscommon/xdscommon_test.go b/envoyextensions/xdscommon/xdscommon_test.go
index 5cca6e13a619..2d1aec40b54f 100644
--- a/envoyextensions/xdscommon/xdscommon_test.go
+++ b/envoyextensions/xdscommon/xdscommon_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package xdscommon
 
 import (
diff --git a/fixup_acl_move.sh b/fixup_acl_move.sh
index 2dbc9c6aefe7..ac57c8c7e933 100644
--- a/fixup_acl_move.sh
+++ b/fixup_acl_move.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 GOIMPORTS=~/go/bin/goimports
diff --git a/internal/catalog/catalogtest/run_test.go b/internal/catalog/catalogtest/run_test.go
index defaad2a16d6..7e4d56aa90af 100644
--- a/internal/catalog/catalogtest/run_test.go
+++ b/internal/catalog/catalogtest/run_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package catalogtest
 
 import (
diff --git a/internal/catalog/catalogtest/test_integration_v1alpha1.go b/internal/catalog/catalogtest/test_integration_v1alpha1.go
index 19be6d7a4846..e034502c4503 100644
--- a/internal/catalog/catalogtest/test_integration_v1alpha1.go
+++ b/internal/catalog/catalogtest/test_integration_v1alpha1.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package catalogtest
 
 import (
diff --git a/internal/catalog/catalogtest/test_lifecycle_v1alpha1.go b/internal/catalog/catalogtest/test_lifecycle_v1alpha1.go
index d7529a6ec48c..55e9d2bbe28f 100644
--- a/internal/catalog/catalogtest/test_lifecycle_v1alpha1.go
+++ b/internal/catalog/catalogtest/test_lifecycle_v1alpha1.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package catalogtest
 
 import (
diff --git a/internal/catalog/exports.go b/internal/catalog/exports.go
index d5723ddb3892..4019fbeb51ac 100644
--- a/internal/catalog/exports.go
+++ b/internal/catalog/exports.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package catalog
 
diff --git a/internal/catalog/internal/controllers/endpoints/controller.go b/internal/catalog/internal/controllers/endpoints/controller.go
index 1be2a3fd2fad..af10d40d3baa 100644
--- a/internal/catalog/internal/controllers/endpoints/controller.go
+++ b/internal/catalog/internal/controllers/endpoints/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package endpoints
 
diff --git a/internal/catalog/internal/controllers/endpoints/controller_test.go b/internal/catalog/internal/controllers/endpoints/controller_test.go
index ff53509057a2..646bb288d353 100644
--- a/internal/catalog/internal/controllers/endpoints/controller_test.go
+++ b/internal/catalog/internal/controllers/endpoints/controller_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package endpoints
 
 import (
diff --git a/internal/catalog/internal/controllers/endpoints/reconciliation_data.go b/internal/catalog/internal/controllers/endpoints/reconciliation_data.go
index f00ac1595a21..0194d471b0c2 100644
--- a/internal/catalog/internal/controllers/endpoints/reconciliation_data.go
+++ b/internal/catalog/internal/controllers/endpoints/reconciliation_data.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package endpoints
 
 import (
diff --git a/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go b/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go
index c0c83deda98d..b16223827069 100644
--- a/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go
+++ b/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package endpoints
 
 import (
diff --git a/internal/catalog/internal/controllers/endpoints/status.go b/internal/catalog/internal/controllers/endpoints/status.go
index 5388a0fda912..75066978361c 100644
--- a/internal/catalog/internal/controllers/endpoints/status.go
+++ b/internal/catalog/internal/controllers/endpoints/status.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package endpoints
 
diff --git a/internal/catalog/internal/controllers/failover/controller.go b/internal/catalog/internal/controllers/failover/controller.go
index ecb04b6d8f82..ea6efa992d9f 100644
--- a/internal/catalog/internal/controllers/failover/controller.go
+++ b/internal/catalog/internal/controllers/failover/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package failover
 
diff --git a/internal/catalog/internal/controllers/failover/controller_test.go b/internal/catalog/internal/controllers/failover/controller_test.go
index a53a9f8af41e..de42844ae6b2 100644
--- a/internal/catalog/internal/controllers/failover/controller_test.go
+++ b/internal/catalog/internal/controllers/failover/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package failover
 
diff --git a/internal/catalog/internal/controllers/failover/status.go b/internal/catalog/internal/controllers/failover/status.go
index 10e5a472bd05..b2801c41ed93 100644
--- a/internal/catalog/internal/controllers/failover/status.go
+++ b/internal/catalog/internal/controllers/failover/status.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package failover
 
diff --git a/internal/catalog/internal/controllers/nodehealth/controller.go b/internal/catalog/internal/controllers/nodehealth/controller.go
index 4e3aff9993ba..362ac1578c81 100644
--- a/internal/catalog/internal/controllers/nodehealth/controller.go
+++ b/internal/catalog/internal/controllers/nodehealth/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package nodehealth
 
diff --git a/internal/catalog/internal/controllers/nodehealth/controller_test.go b/internal/catalog/internal/controllers/nodehealth/controller_test.go
index 8150fe0bdda3..9723dabf9320 100644
--- a/internal/catalog/internal/controllers/nodehealth/controller_test.go
+++ b/internal/catalog/internal/controllers/nodehealth/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package nodehealth
 
diff --git a/internal/catalog/internal/controllers/nodehealth/status.go b/internal/catalog/internal/controllers/nodehealth/status.go
index 14a3151484b5..d3cf0d8a8dc1 100644
--- a/internal/catalog/internal/controllers/nodehealth/status.go
+++ b/internal/catalog/internal/controllers/nodehealth/status.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package nodehealth
 
diff --git a/internal/catalog/internal/controllers/register.go b/internal/catalog/internal/controllers/register.go
index 78a0f1316a5f..df1f7c88c7b2 100644
--- a/internal/catalog/internal/controllers/register.go
+++ b/internal/catalog/internal/controllers/register.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package controllers
 
diff --git a/internal/catalog/internal/controllers/workloadhealth/controller.go b/internal/catalog/internal/controllers/workloadhealth/controller.go
index 77009697bcd7..d8a33c922236 100644
--- a/internal/catalog/internal/controllers/workloadhealth/controller.go
+++ b/internal/catalog/internal/controllers/workloadhealth/controller.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package workloadhealth
 
 import (
diff --git a/internal/catalog/internal/controllers/workloadhealth/controller_test.go b/internal/catalog/internal/controllers/workloadhealth/controller_test.go
index 29d93f088d45..1afb06243a6e 100644
--- a/internal/catalog/internal/controllers/workloadhealth/controller_test.go
+++ b/internal/catalog/internal/controllers/workloadhealth/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package workloadhealth
 
diff --git a/internal/catalog/internal/controllers/workloadhealth/status.go b/internal/catalog/internal/controllers/workloadhealth/status.go
index 05cc989ddd93..f7bf000da273 100644
--- a/internal/catalog/internal/controllers/workloadhealth/status.go
+++ b/internal/catalog/internal/controllers/workloadhealth/status.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package workloadhealth
 
 import (
diff --git a/internal/catalog/internal/mappers/failovermapper/failover_mapper.go b/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
index 61da20a348f6..def0e1c6cd07 100644
--- a/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
+++ b/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package failovermapper
 
diff --git a/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go b/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go
index 41621d8d2143..8a4ac2d7227d 100644
--- a/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go
+++ b/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package failovermapper
 
diff --git a/internal/catalog/internal/mappers/nodemapper/node_mapper.go b/internal/catalog/internal/mappers/nodemapper/node_mapper.go
index 8eea26dd08ca..11e575f30752 100644
--- a/internal/catalog/internal/mappers/nodemapper/node_mapper.go
+++ b/internal/catalog/internal/mappers/nodemapper/node_mapper.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package nodemapper
 
 import (
diff --git a/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go b/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go
index acfe67cf6b10..763e192ebf16 100644
--- a/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go
+++ b/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package nodemapper
 
 import (
diff --git a/internal/catalog/internal/mappers/selectiontracker/selection_tracker.go b/internal/catalog/internal/mappers/selectiontracker/selection_tracker.go
index 3bf229bff65e..3cfe0489dd3f 100644
--- a/internal/catalog/internal/mappers/selectiontracker/selection_tracker.go
+++ b/internal/catalog/internal/mappers/selectiontracker/selection_tracker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package selectiontracker
 
diff --git a/internal/catalog/internal/mappers/selectiontracker/selection_tracker_test.go b/internal/catalog/internal/mappers/selectiontracker/selection_tracker_test.go
index 75fa0967c94b..be4f7121d321 100644
--- a/internal/catalog/internal/mappers/selectiontracker/selection_tracker_test.go
+++ b/internal/catalog/internal/mappers/selectiontracker/selection_tracker_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package selectiontracker
 
 import (
diff --git a/internal/catalog/internal/types/dns_policy.go b/internal/catalog/internal/types/dns_policy.go
index 4c3456027667..d2b6001b5dbc 100644
--- a/internal/catalog/internal/types/dns_policy.go
+++ b/internal/catalog/internal/types/dns_policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/dns_policy_test.go b/internal/catalog/internal/types/dns_policy_test.go
index b4c2da3c78aa..93ee62804197 100644
--- a/internal/catalog/internal/types/dns_policy_test.go
+++ b/internal/catalog/internal/types/dns_policy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/errors.go b/internal/catalog/internal/types/errors.go
index 6f0b44c1b378..3b331a9a6302 100644
--- a/internal/catalog/internal/types/errors.go
+++ b/internal/catalog/internal/types/errors.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/errors_test.go b/internal/catalog/internal/types/errors_test.go
index 7a8157727350..08f227166aa2 100644
--- a/internal/catalog/internal/types/errors_test.go
+++ b/internal/catalog/internal/types/errors_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/failover_policy.go b/internal/catalog/internal/types/failover_policy.go
index 49d38674bb9b..761bb3241916 100644
--- a/internal/catalog/internal/types/failover_policy.go
+++ b/internal/catalog/internal/types/failover_policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/failover_policy_test.go b/internal/catalog/internal/types/failover_policy_test.go
index 3d41cb25fcb0..8f2ad9717298 100644
--- a/internal/catalog/internal/types/failover_policy_test.go
+++ b/internal/catalog/internal/types/failover_policy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/health_checks.go b/internal/catalog/internal/types/health_checks.go
index 7df200ec28eb..f22f9bea97f8 100644
--- a/internal/catalog/internal/types/health_checks.go
+++ b/internal/catalog/internal/types/health_checks.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/health_checks_test.go b/internal/catalog/internal/types/health_checks_test.go
index 12c13d3c1a22..8ae722959e60 100644
--- a/internal/catalog/internal/types/health_checks_test.go
+++ b/internal/catalog/internal/types/health_checks_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/health_status.go b/internal/catalog/internal/types/health_status.go
index 5e5a659475d8..29c4094f9a0a 100644
--- a/internal/catalog/internal/types/health_status.go
+++ b/internal/catalog/internal/types/health_status.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/health_status_test.go b/internal/catalog/internal/types/health_status_test.go
index be9d30d50115..d504b64b76a2 100644
--- a/internal/catalog/internal/types/health_status_test.go
+++ b/internal/catalog/internal/types/health_status_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/node.go b/internal/catalog/internal/types/node.go
index 0d2c795abaa5..2d9bc6e821d1 100644
--- a/internal/catalog/internal/types/node.go
+++ b/internal/catalog/internal/types/node.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/node_test.go b/internal/catalog/internal/types/node_test.go
index 93e5ecea329a..4f3ca2c0a598 100644
--- a/internal/catalog/internal/types/node_test.go
+++ b/internal/catalog/internal/types/node_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/service.go b/internal/catalog/internal/types/service.go
index 27e13530e5f3..9f933c53b950 100644
--- a/internal/catalog/internal/types/service.go
+++ b/internal/catalog/internal/types/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/service_endpoints.go b/internal/catalog/internal/types/service_endpoints.go
index be3475103172..294ca09fabd4 100644
--- a/internal/catalog/internal/types/service_endpoints.go
+++ b/internal/catalog/internal/types/service_endpoints.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/service_endpoints_test.go b/internal/catalog/internal/types/service_endpoints_test.go
index 25492577d390..ac835c9c70d1 100644
--- a/internal/catalog/internal/types/service_endpoints_test.go
+++ b/internal/catalog/internal/types/service_endpoints_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/service_test.go b/internal/catalog/internal/types/service_test.go
index 1a0a035d9161..a2bdf2360ae8 100644
--- a/internal/catalog/internal/types/service_test.go
+++ b/internal/catalog/internal/types/service_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/types.go b/internal/catalog/internal/types/types.go
index 3eb76d296f5b..4d64f2137cc8 100644
--- a/internal/catalog/internal/types/types.go
+++ b/internal/catalog/internal/types/types.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/types_test.go b/internal/catalog/internal/types/types_test.go
index d40fc42dd07c..e63fd044eae6 100644
--- a/internal/catalog/internal/types/types_test.go
+++ b/internal/catalog/internal/types/types_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/validators.go b/internal/catalog/internal/types/validators.go
index e9fc08562784..602ad71174bb 100644
--- a/internal/catalog/internal/types/validators.go
+++ b/internal/catalog/internal/types/validators.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/validators_test.go b/internal/catalog/internal/types/validators_test.go
index cd3a12c5c074..d1f5e85d2bf8 100644
--- a/internal/catalog/internal/types/validators_test.go
+++ b/internal/catalog/internal/types/validators_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/virtual_ips.go b/internal/catalog/internal/types/virtual_ips.go
index a27f08df0a77..73cb4855d42c 100644
--- a/internal/catalog/internal/types/virtual_ips.go
+++ b/internal/catalog/internal/types/virtual_ips.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/virtual_ips_test.go b/internal/catalog/internal/types/virtual_ips_test.go
index 76d55e7ecd74..16edac73ce32 100644
--- a/internal/catalog/internal/types/virtual_ips_test.go
+++ b/internal/catalog/internal/types/virtual_ips_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/workload.go b/internal/catalog/internal/types/workload.go
index a0dc7142d1e0..8560abfe8753 100644
--- a/internal/catalog/internal/types/workload.go
+++ b/internal/catalog/internal/types/workload.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/catalog/internal/types/workload_test.go b/internal/catalog/internal/types/workload_test.go
index 03662472f225..6c4d6708c2b4 100644
--- a/internal/catalog/internal/types/workload_test.go
+++ b/internal/catalog/internal/types/workload_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/controller/api.go b/internal/controller/api.go
index 8f5d873368b5..17dfa8ef0ae7 100644
--- a/internal/controller/api.go
+++ b/internal/controller/api.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package controller
 
diff --git a/internal/controller/api_test.go b/internal/controller/api_test.go
index e80a2d7d7133..215063d87c77 100644
--- a/internal/controller/api_test.go
+++ b/internal/controller/api_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package controller_test
 
diff --git a/internal/controller/controller.go b/internal/controller/controller.go
index 54d5c57386a3..f6a064853c73 100644
--- a/internal/controller/controller.go
+++ b/internal/controller/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package controller
 
diff --git a/internal/controller/dependency_mappers.go b/internal/controller/dependency_mappers.go
index c054c4369e94..e66e4b50e5d3 100644
--- a/internal/controller/dependency_mappers.go
+++ b/internal/controller/dependency_mappers.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package controller
 
 import (
diff --git a/internal/controller/dependency_mappers_test.go b/internal/controller/dependency_mappers_test.go
index b5300bfb9ac9..b9956cdb71f4 100644
--- a/internal/controller/dependency_mappers_test.go
+++ b/internal/controller/dependency_mappers_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package controller
 
 import (
diff --git a/internal/controller/doc.go b/internal/controller/doc.go
index 28953791525c..db7d944e932e 100644
--- a/internal/controller/doc.go
+++ b/internal/controller/doc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package controller provides an API for implementing control loops on top of
 // Consul resources. It is heavily inspired by [Kubebuilder] and the Kubernetes
diff --git a/internal/controller/lease.go b/internal/controller/lease.go
index 2cb00d133019..596bd2546bce 100644
--- a/internal/controller/lease.go
+++ b/internal/controller/lease.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package controller
 
 // Lease is used to ensure controllers are run as singletons (i.e. one leader-
diff --git a/internal/controller/manager.go b/internal/controller/manager.go
index 92c5829c581e..1e7e91021061 100644
--- a/internal/controller/manager.go
+++ b/internal/controller/manager.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package controller
 
 import (
diff --git a/internal/controller/supervisor.go b/internal/controller/supervisor.go
index 5983ff4c4b7b..4abb841f60e0 100644
--- a/internal/controller/supervisor.go
+++ b/internal/controller/supervisor.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package controller
 
 import (
diff --git a/internal/controller/supervisor_test.go b/internal/controller/supervisor_test.go
index 1792b8b95c21..e455565d88b7 100644
--- a/internal/controller/supervisor_test.go
+++ b/internal/controller/supervisor_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package controller
 
 import (
diff --git a/internal/go-sso/oidcauth/auth.go b/internal/go-sso/oidcauth/auth.go
index c50940780e77..a2f35763a3d0 100644
--- a/internal/go-sso/oidcauth/auth.go
+++ b/internal/go-sso/oidcauth/auth.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // package oidcauth bundles up an opinionated approach to authentication using
 // both the OIDC authorization code workflow and simple JWT decoding (via
diff --git a/internal/go-sso/oidcauth/config.go b/internal/go-sso/oidcauth/config.go
index 3d51aff19f9b..84bbac9e0cbe 100644
--- a/internal/go-sso/oidcauth/config.go
+++ b/internal/go-sso/oidcauth/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/config_test.go b/internal/go-sso/oidcauth/config_test.go
index 0ef4abcd69e5..c72a69e0845f 100644
--- a/internal/go-sso/oidcauth/config_test.go
+++ b/internal/go-sso/oidcauth/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/internal/strutil/util.go b/internal/go-sso/oidcauth/internal/strutil/util.go
index 50cd24c32491..9cdc0b1acb1c 100644
--- a/internal/go-sso/oidcauth/internal/strutil/util.go
+++ b/internal/go-sso/oidcauth/internal/strutil/util.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package strutil
 
diff --git a/internal/go-sso/oidcauth/internal/strutil/util_test.go b/internal/go-sso/oidcauth/internal/strutil/util_test.go
index 2e3fd1919aca..06d76a6c69d5 100644
--- a/internal/go-sso/oidcauth/internal/strutil/util_test.go
+++ b/internal/go-sso/oidcauth/internal/strutil/util_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package strutil
 
diff --git a/internal/go-sso/oidcauth/jwt.go b/internal/go-sso/oidcauth/jwt.go
index 0695a60c5527..fbb6a31669c8 100644
--- a/internal/go-sso/oidcauth/jwt.go
+++ b/internal/go-sso/oidcauth/jwt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/jwt_test.go b/internal/go-sso/oidcauth/jwt_test.go
index 9a8d9cf07ed1..621fb6660b53 100644
--- a/internal/go-sso/oidcauth/jwt_test.go
+++ b/internal/go-sso/oidcauth/jwt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/oidc.go b/internal/go-sso/oidcauth/oidc.go
index dbbf22582abf..df00dfcc25f6 100644
--- a/internal/go-sso/oidcauth/oidc.go
+++ b/internal/go-sso/oidcauth/oidc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/oidc_test.go b/internal/go-sso/oidcauth/oidc_test.go
index 288c704d0838..48de99b64181 100644
--- a/internal/go-sso/oidcauth/oidc_test.go
+++ b/internal/go-sso/oidcauth/oidc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/oidcauthtest/testing.go b/internal/go-sso/oidcauth/oidcauthtest/testing.go
index 432bcae333e4..0956673c0515 100644
--- a/internal/go-sso/oidcauth/oidcauthtest/testing.go
+++ b/internal/go-sso/oidcauth/oidcauthtest/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // package oidcauthtest exposes tools to assist in writing unit tests of OIDC
 // and JWT authentication workflows.
diff --git a/internal/go-sso/oidcauth/oidcjwt.go b/internal/go-sso/oidcauth/oidcjwt.go
index fec78dae232e..14a6b4def2ad 100644
--- a/internal/go-sso/oidcauth/oidcjwt.go
+++ b/internal/go-sso/oidcauth/oidcjwt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/oidcjwt_test.go b/internal/go-sso/oidcauth/oidcjwt_test.go
index e1bd0cd919b2..49574856332a 100644
--- a/internal/go-sso/oidcauth/oidcjwt_test.go
+++ b/internal/go-sso/oidcauth/oidcjwt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/util.go b/internal/go-sso/oidcauth/util.go
index 06cc9054b89c..709798dee635 100644
--- a/internal/go-sso/oidcauth/util.go
+++ b/internal/go-sso/oidcauth/util.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/util_test.go b/internal/go-sso/oidcauth/util_test.go
index 1bef6d51c6ae..6cf8bae1b3bd 100644
--- a/internal/go-sso/oidcauth/util_test.go
+++ b/internal/go-sso/oidcauth/util_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package oidcauth
 
diff --git a/internal/mesh/exports.go b/internal/mesh/exports.go
index f0edd1ff45ec..2e40e0589307 100644
--- a/internal/mesh/exports.go
+++ b/internal/mesh/exports.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package mesh
 
diff --git a/internal/mesh/internal/types/computed_routes.go b/internal/mesh/internal/types/computed_routes.go
index aca627d554fa..8314a2cc2e28 100644
--- a/internal/mesh/internal/types/computed_routes.go
+++ b/internal/mesh/internal/types/computed_routes.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/mesh/internal/types/destination_policy.go b/internal/mesh/internal/types/destination_policy.go
index f92dbabdae03..e3f6bfbd0120 100644
--- a/internal/mesh/internal/types/destination_policy.go
+++ b/internal/mesh/internal/types/destination_policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/mesh/internal/types/grpc_route.go b/internal/mesh/internal/types/grpc_route.go
index eacf5a245b0f..cdd4669bca6f 100644
--- a/internal/mesh/internal/types/grpc_route.go
+++ b/internal/mesh/internal/types/grpc_route.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/mesh/internal/types/http_route.go b/internal/mesh/internal/types/http_route.go
index bd2a4a43f846..6f5f284ed901 100644
--- a/internal/mesh/internal/types/http_route.go
+++ b/internal/mesh/internal/types/http_route.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/mesh/internal/types/proxy_configuration.go b/internal/mesh/internal/types/proxy_configuration.go
index 3349090b524a..29b43ce7a3f1 100644
--- a/internal/mesh/internal/types/proxy_configuration.go
+++ b/internal/mesh/internal/types/proxy_configuration.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/mesh/internal/types/proxy_state_template.go b/internal/mesh/internal/types/proxy_state_template.go
index 2637a53a6dbb..404237717df1 100644
--- a/internal/mesh/internal/types/proxy_state_template.go
+++ b/internal/mesh/internal/types/proxy_state_template.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package types
 
 import (
diff --git a/internal/mesh/internal/types/tcp_route.go b/internal/mesh/internal/types/tcp_route.go
index dcd1eca4a491..e217d07490bd 100644
--- a/internal/mesh/internal/types/tcp_route.go
+++ b/internal/mesh/internal/types/tcp_route.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/mesh/internal/types/types.go b/internal/mesh/internal/types/types.go
index 4fc36c11b243..3b800f36d7dc 100644
--- a/internal/mesh/internal/types/types.go
+++ b/internal/mesh/internal/types/types.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/mesh/internal/types/types_test.go b/internal/mesh/internal/types/types_test.go
index 4324e8707830..b481a75d0ad5 100644
--- a/internal/mesh/internal/types/types_test.go
+++ b/internal/mesh/internal/types/types_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/mesh/internal/types/upstreams.go b/internal/mesh/internal/types/upstreams.go
index 8ccb1554593b..f96e40d1ff41 100644
--- a/internal/mesh/internal/types/upstreams.go
+++ b/internal/mesh/internal/types/upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/mesh/internal/types/upstreams_configuration.go b/internal/mesh/internal/types/upstreams_configuration.go
index 0f4db27d96e7..ae7ba0d5b073 100644
--- a/internal/mesh/internal/types/upstreams_configuration.go
+++ b/internal/mesh/internal/types/upstreams_configuration.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/internal/radix/doc.go b/internal/radix/doc.go
index 47e8961d0d0a..f69f68a2d6b0 100644
--- a/internal/radix/doc.go
+++ b/internal/radix/doc.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 // This packages contents were originally copied from github.com/armon/go-radix.
 // After the intial copy all the data structures were made to use Go 1.18 generics
 // instead of relying on the use of interface{} or the any type.
diff --git a/internal/radix/radix.go b/internal/radix/radix.go
index 0f1d8d772ac7..c2b7ee838935 100644
--- a/internal/radix/radix.go
+++ b/internal/radix/radix.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package radix
 
 import (
diff --git a/internal/radix/radix_test.go b/internal/radix/radix_test.go
index 9f616b73f438..ea7015dc29c2 100644
--- a/internal/radix/radix_test.go
+++ b/internal/radix/radix_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package radix
 
 import (
diff --git a/internal/resource/authz_oss.go b/internal/resource/authz_oss.go
index 014318f22897..4d68ccd6b98a 100644
--- a/internal/resource/authz_oss.go
+++ b/internal/resource/authz_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/internal/resource/decode.go b/internal/resource/decode.go
index 7d9142ceb7d3..7b1fb7b36450 100644
--- a/internal/resource/decode.go
+++ b/internal/resource/decode.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/internal/resource/decode_test.go b/internal/resource/decode_test.go
index e5b079156e26..31ebe47c64bf 100644
--- a/internal/resource/decode_test.go
+++ b/internal/resource/decode_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource_test
 
diff --git a/internal/resource/demo/controller.go b/internal/resource/demo/controller.go
index 11afc3bac5e6..7f1bba902ea5 100644
--- a/internal/resource/demo/controller.go
+++ b/internal/resource/demo/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package demo
 
diff --git a/internal/resource/demo/controller_test.go b/internal/resource/demo/controller_test.go
index 8d4ee79c73e0..a8c2640d615a 100644
--- a/internal/resource/demo/controller_test.go
+++ b/internal/resource/demo/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package demo
 
diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go
index a7901dd12826..56d40d5ae855 100644
--- a/internal/resource/demo/demo.go
+++ b/internal/resource/demo/demo.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package demo includes fake resource types for working on Consul's generic
 // state storage without having to refer to specific features.
diff --git a/internal/resource/equality.go b/internal/resource/equality.go
index 20c65e2fce86..5a9023ac2432 100644
--- a/internal/resource/equality.go
+++ b/internal/resource/equality.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/internal/resource/equality_test.go b/internal/resource/equality_test.go
index 7a0ec72f3ccd..841390560638 100644
--- a/internal/resource/equality_test.go
+++ b/internal/resource/equality_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource_test
 
diff --git a/internal/resource/errors.go b/internal/resource/errors.go
index 8eaf9e2259c1..dbb624c8d004 100644
--- a/internal/resource/errors.go
+++ b/internal/resource/errors.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/internal/resource/errors_test.go b/internal/resource/errors_test.go
index 990a91607723..e6739bd7fd80 100644
--- a/internal/resource/errors_test.go
+++ b/internal/resource/errors_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/internal/resource/http/http.go b/internal/resource/http/http.go
index 532a91cfcaf8..26ae55a943cf 100644
--- a/internal/resource/http/http.go
+++ b/internal/resource/http/http.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package http
 
 import (
diff --git a/internal/resource/http/http_test.go b/internal/resource/http/http_test.go
index 80e506cd92de..65b9ce6ba9c8 100644
--- a/internal/resource/http/http_test.go
+++ b/internal/resource/http/http_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package http
 
 import (
diff --git a/internal/resource/mappers/bimapper/bimapper.go b/internal/resource/mappers/bimapper/bimapper.go
index 714b825b6cdc..5fee1e38917e 100644
--- a/internal/resource/mappers/bimapper/bimapper.go
+++ b/internal/resource/mappers/bimapper/bimapper.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bimapper
 
diff --git a/internal/resource/mappers/bimapper/bimapper_test.go b/internal/resource/mappers/bimapper/bimapper_test.go
index 747a0021a24e..d1d6be846ea1 100644
--- a/internal/resource/mappers/bimapper/bimapper_test.go
+++ b/internal/resource/mappers/bimapper/bimapper_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package bimapper
 
diff --git a/internal/resource/reaper/controller.go b/internal/resource/reaper/controller.go
index 7a7789f986a0..f8de86f92196 100644
--- a/internal/resource/reaper/controller.go
+++ b/internal/resource/reaper/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package reaper
 
diff --git a/internal/resource/reaper/controller_test.go b/internal/resource/reaper/controller_test.go
index 9e6f0f3d5a07..c06ccedab582 100644
--- a/internal/resource/reaper/controller_test.go
+++ b/internal/resource/reaper/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package reaper
 
diff --git a/internal/resource/reference.go b/internal/resource/reference.go
index 7610f6288d83..47c2a0da2ded 100644
--- a/internal/resource/reference.go
+++ b/internal/resource/reference.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/internal/resource/refkey.go b/internal/resource/refkey.go
index d6ddcac6a191..44f0765c206c 100644
--- a/internal/resource/refkey.go
+++ b/internal/resource/refkey.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/internal/resource/refkey_test.go b/internal/resource/refkey_test.go
index f5f1a7796f0c..8c4b5eaf92b2 100644
--- a/internal/resource/refkey_test.go
+++ b/internal/resource/refkey_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource_test
 
diff --git a/internal/resource/registry.go b/internal/resource/registry.go
index 9ebb13f9c96b..27b966f8288c 100644
--- a/internal/resource/registry.go
+++ b/internal/resource/registry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/internal/resource/registry_test.go b/internal/resource/registry_test.go
index 9ab00f84140b..1e89c9957bb7 100644
--- a/internal/resource/registry_test.go
+++ b/internal/resource/registry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource_test
 
diff --git a/internal/resource/resourcetest/builder.go b/internal/resource/resourcetest/builder.go
index 11e82c07839c..86294ce57105 100644
--- a/internal/resource/resourcetest/builder.go
+++ b/internal/resource/resourcetest/builder.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resourcetest
 
diff --git a/internal/resource/resourcetest/client.go b/internal/resource/resourcetest/client.go
index 17d621884e7d..f3b3bd799fe2 100644
--- a/internal/resource/resourcetest/client.go
+++ b/internal/resource/resourcetest/client.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resourcetest
 
diff --git a/internal/resource/resourcetest/decode.go b/internal/resource/resourcetest/decode.go
index 3bdb35cc02bd..077bbc0dd514 100644
--- a/internal/resource/resourcetest/decode.go
+++ b/internal/resource/resourcetest/decode.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resourcetest
 
diff --git a/internal/resource/resourcetest/fs.go b/internal/resource/resourcetest/fs.go
index e7a1417a5908..a31ac0f10c4b 100644
--- a/internal/resource/resourcetest/fs.go
+++ b/internal/resource/resourcetest/fs.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package resourcetest
 
 import (
diff --git a/internal/resource/resourcetest/require.go b/internal/resource/resourcetest/require.go
index 8e102398fa87..b57bab8b2e3a 100644
--- a/internal/resource/resourcetest/require.go
+++ b/internal/resource/resourcetest/require.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package resourcetest
 
 import (
diff --git a/internal/resource/resourcetest/testing.go b/internal/resource/resourcetest/testing.go
index 1c774082b369..1be9947226bd 100644
--- a/internal/resource/resourcetest/testing.go
+++ b/internal/resource/resourcetest/testing.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package resourcetest
 
 // T represents the subset of testing.T methods that will be used
diff --git a/internal/resource/resourcetest/validation.go b/internal/resource/resourcetest/validation.go
index e8f3ee22180a..d7588221186f 100644
--- a/internal/resource/resourcetest/validation.go
+++ b/internal/resource/resourcetest/validation.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resourcetest
 
diff --git a/internal/resource/stringer.go b/internal/resource/stringer.go
index 927a86f2ba47..075c08ac0d9c 100644
--- a/internal/resource/stringer.go
+++ b/internal/resource/stringer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/internal/resource/tenancy.go b/internal/resource/tenancy.go
index fd29f617254a..16032205badd 100644
--- a/internal/resource/tenancy.go
+++ b/internal/resource/tenancy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package resource
 
diff --git a/internal/resource/tombstone.go b/internal/resource/tombstone.go
index 6d0285c602de..d86ae96ec4d5 100644
--- a/internal/resource/tombstone.go
+++ b/internal/resource/tombstone.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package resource
 
 import "github.com/hashicorp/consul/proto-public/pbresource"
diff --git a/internal/storage/conformance/conformance.go b/internal/storage/conformance/conformance.go
index 22356a88a9c1..543a574fb5a6 100644
--- a/internal/storage/conformance/conformance.go
+++ b/internal/storage/conformance/conformance.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package conformance
 
diff --git a/internal/storage/inmem/backend.go b/internal/storage/inmem/backend.go
index fc22aa5ace81..bf256e508f4d 100644
--- a/internal/storage/inmem/backend.go
+++ b/internal/storage/inmem/backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inmem
 
diff --git a/internal/storage/inmem/backend_test.go b/internal/storage/inmem/backend_test.go
index e37de15afab4..7978dcdf2993 100644
--- a/internal/storage/inmem/backend_test.go
+++ b/internal/storage/inmem/backend_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inmem_test
 
diff --git a/internal/storage/inmem/event_index.go b/internal/storage/inmem/event_index.go
index 68d9ec13b142..f71e809289ac 100644
--- a/internal/storage/inmem/event_index.go
+++ b/internal/storage/inmem/event_index.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inmem
 
diff --git a/internal/storage/inmem/schema.go b/internal/storage/inmem/schema.go
index 6a58eacd586b..37e39dbc5707 100644
--- a/internal/storage/inmem/schema.go
+++ b/internal/storage/inmem/schema.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inmem
 
diff --git a/internal/storage/inmem/snapshot.go b/internal/storage/inmem/snapshot.go
index 6233f4d30bfe..36739ac65b20 100644
--- a/internal/storage/inmem/snapshot.go
+++ b/internal/storage/inmem/snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inmem
 
diff --git a/internal/storage/inmem/snapshot_test.go b/internal/storage/inmem/snapshot_test.go
index b703495d2c7f..f3e1bdbaa79e 100644
--- a/internal/storage/inmem/snapshot_test.go
+++ b/internal/storage/inmem/snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inmem_test
 
diff --git a/internal/storage/inmem/store.go b/internal/storage/inmem/store.go
index 5c50b1c138a3..d9c27d339fa3 100644
--- a/internal/storage/inmem/store.go
+++ b/internal/storage/inmem/store.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inmem
 
diff --git a/internal/storage/inmem/watch.go b/internal/storage/inmem/watch.go
index 85c657e3a3c6..bdab0fc5ee86 100644
--- a/internal/storage/inmem/watch.go
+++ b/internal/storage/inmem/watch.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package inmem
 
diff --git a/internal/storage/raft/backend.go b/internal/storage/raft/backend.go
index 4e1cd05bbb18..8a7a973c3e7c 100644
--- a/internal/storage/raft/backend.go
+++ b/internal/storage/raft/backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package raft
 
diff --git a/internal/storage/raft/conformance_test.go b/internal/storage/raft/conformance_test.go
index ef79087e171d..6c75e462d21c 100644
--- a/internal/storage/raft/conformance_test.go
+++ b/internal/storage/raft/conformance_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package raft_test
 
diff --git a/internal/storage/raft/forwarding.go b/internal/storage/raft/forwarding.go
index 798ca58465d5..2700339afbe5 100644
--- a/internal/storage/raft/forwarding.go
+++ b/internal/storage/raft/forwarding.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package raft
 
diff --git a/internal/storage/storage.go b/internal/storage/storage.go
index 24a763e39547..2a86a769fee9 100644
--- a/internal/storage/storage.go
+++ b/internal/storage/storage.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package storage
 
diff --git a/internal/testing/golden/golden.go b/internal/testing/golden/golden.go
index 079f69f02aa5..4466ad4cbcff 100644
--- a/internal/testing/golden/golden.go
+++ b/internal/testing/golden/golden.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package golden
 
diff --git a/internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go b/internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go
index 59d2a19b8c9b..6e76027299de 100644
--- a/internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go
+++ b/internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package structs
 
diff --git a/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go b/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go
index 5c1b497e5518..1395e682edd3 100644
--- a/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go
+++ b/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbcommon
 
diff --git a/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go b/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go
index 3a83b8431752..c69dac63b5c0 100644
--- a/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go
+++ b/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build example
 // +build example
diff --git a/internal/tools/proto-gen-rpc-glue/main.go b/internal/tools/proto-gen-rpc-glue/main.go
index 65a25122bc70..2412c3386208 100644
--- a/internal/tools/proto-gen-rpc-glue/main.go
+++ b/internal/tools/proto-gen-rpc-glue/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package main
 
diff --git a/internal/tools/proto-gen-rpc-glue/main_test.go b/internal/tools/proto-gen-rpc-glue/main_test.go
index 87ed4e3917ed..01eb28e92a31 100644
--- a/internal/tools/proto-gen-rpc-glue/main_test.go
+++ b/internal/tools/proto-gen-rpc-glue/main_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package main
 
diff --git a/internal/tools/protoc-gen-consul-rate-limit/main.go b/internal/tools/protoc-gen-consul-rate-limit/main.go
index b4bf5711584a..349c371c28e9 100644
--- a/internal/tools/protoc-gen-consul-rate-limit/main.go
+++ b/internal/tools/protoc-gen-consul-rate-limit/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // protoc-gen-consul-rate-limit
 // This protoc plugin maintains the mapping of gRPC method names to
diff --git a/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go b/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go
index 12c18097f9b1..cf0685a37849 100644
--- a/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go
+++ b/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package main
 
diff --git a/ipaddr/detect.go b/ipaddr/detect.go
index e208b13ed5be..bc2bf56c350c 100644
--- a/ipaddr/detect.go
+++ b/ipaddr/detect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ipaddr
 
diff --git a/ipaddr/detect_test.go b/ipaddr/detect_test.go
index 865421e10cf0..c199492c174f 100644
--- a/ipaddr/detect_test.go
+++ b/ipaddr/detect_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ipaddr
 
diff --git a/ipaddr/ipaddr.go b/ipaddr/ipaddr.go
index 92a04e80181d..89f8c70a4ceb 100644
--- a/ipaddr/ipaddr.go
+++ b/ipaddr/ipaddr.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ipaddr
 
diff --git a/ipaddr/ipaddr_test.go b/ipaddr/ipaddr_test.go
index a8aae7f32dde..009144c2de25 100644
--- a/ipaddr/ipaddr_test.go
+++ b/ipaddr/ipaddr_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ipaddr
 
diff --git a/lib/cluster.go b/lib/cluster.go
index 3b121da59835..a97ceea722e9 100644
--- a/lib/cluster.go
+++ b/lib/cluster.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/cluster_test.go b/lib/cluster_test.go
index 44b77332dfec..3493a6fb39f1 100644
--- a/lib/cluster_test.go
+++ b/lib/cluster_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/decode/decode.go b/lib/decode/decode.go
index fc1558a9f789..645916d2d665 100644
--- a/lib/decode/decode.go
+++ b/lib/decode/decode.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 /*
 Package decode provides tools for customizing the decoding of configuration,
diff --git a/lib/decode/decode_test.go b/lib/decode/decode_test.go
index b1250ebcc81a..3219e96b4bf9 100644
--- a/lib/decode/decode_test.go
+++ b/lib/decode/decode_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package decode
 
diff --git a/lib/eof.go b/lib/eof.go
index b8f6ac0e240e..e208ca73d753 100644
--- a/lib/eof.go
+++ b/lib/eof.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/eof_test.go b/lib/eof_test.go
index 373846a72c94..330a1152a8eb 100644
--- a/lib/eof_test.go
+++ b/lib/eof_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/file/atomic.go b/lib/file/atomic.go
index 3fa5890052c8..4053f443d8b3 100644
--- a/lib/file/atomic.go
+++ b/lib/file/atomic.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package file
 
diff --git a/lib/file/atomic_test.go b/lib/file/atomic_test.go
index a74b2d2ecd49..baf4bc1771f8 100644
--- a/lib/file/atomic_test.go
+++ b/lib/file/atomic_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package file
 
diff --git a/lib/hoststats/collector.go b/lib/hoststats/collector.go
index c4c57b35c5c2..fb316e0dce38 100644
--- a/lib/hoststats/collector.go
+++ b/lib/hoststats/collector.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package hoststats
 
 import (
diff --git a/lib/hoststats/cpu.go b/lib/hoststats/cpu.go
index 45633b40df06..420a80ef9424 100644
--- a/lib/hoststats/cpu.go
+++ b/lib/hoststats/cpu.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package hoststats
 
 import (
diff --git a/lib/hoststats/cpu_test.go b/lib/hoststats/cpu_test.go
index 5d5efbe9769a..dcc1df9aab50 100644
--- a/lib/hoststats/cpu_test.go
+++ b/lib/hoststats/cpu_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package hoststats
 
 import (
diff --git a/lib/hoststats/host.go b/lib/hoststats/host.go
index 426cf43ea21e..3a44618d20f1 100644
--- a/lib/hoststats/host.go
+++ b/lib/hoststats/host.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package hoststats
 
 import (
diff --git a/lib/hoststats/metrics.go b/lib/hoststats/metrics.go
index c89d40b813ff..95055cea43fb 100644
--- a/lib/hoststats/metrics.go
+++ b/lib/hoststats/metrics.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package hoststats
 
 import (
diff --git a/lib/json.go b/lib/json.go
index c5ae22b2f90c..7e58942a823d 100644
--- a/lib/json.go
+++ b/lib/json.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/map_walker.go b/lib/map_walker.go
index 3e8cec77ca64..1be33b61f15f 100644
--- a/lib/map_walker.go
+++ b/lib/map_walker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/map_walker_test.go b/lib/map_walker_test.go
index 2a3b4c189d9e..6156abe4624f 100644
--- a/lib/map_walker_test.go
+++ b/lib/map_walker_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/maps/maps.go b/lib/maps/maps.go
index 1996d5f4cd9a..ae19d030a2c0 100644
--- a/lib/maps/maps.go
+++ b/lib/maps/maps.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package maps
 
diff --git a/lib/maps/maps_test.go b/lib/maps/maps_test.go
index bebb9afb5f15..5d0f4edbc44e 100644
--- a/lib/maps/maps_test.go
+++ b/lib/maps/maps_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package maps
 
diff --git a/lib/math.go b/lib/math.go
index 75859a2a6580..673dfb84e99c 100644
--- a/lib/math.go
+++ b/lib/math.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/math_test.go b/lib/math_test.go
index 7ac4141a268c..2ce631fe75dc 100644
--- a/lib/math_test.go
+++ b/lib/math_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib_test
 
diff --git a/lib/mutex/mutex.go b/lib/mutex/mutex.go
index a28290c0b3b4..8101204c2e00 100644
--- a/lib/mutex/mutex.go
+++ b/lib/mutex/mutex.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 /*
 Package mutex implements the sync.Locker interface using x/sync/semaphore. It
diff --git a/lib/mutex/mutex_test.go b/lib/mutex/mutex_test.go
index 000681d03e86..2d51706e4e85 100644
--- a/lib/mutex/mutex_test.go
+++ b/lib/mutex/mutex_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package mutex
 
diff --git a/lib/path.go b/lib/path.go
index 347de0cbde09..fd45378ec180 100644
--- a/lib/path.go
+++ b/lib/path.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/retry/retry.go b/lib/retry/retry.go
index ee9a8b2354e6..e0605f89c4a8 100644
--- a/lib/retry/retry.go
+++ b/lib/retry/retry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package retry
 
diff --git a/lib/retry/retry_test.go b/lib/retry/retry_test.go
index 74bb982b91ed..d8a822f6b606 100644
--- a/lib/retry/retry_test.go
+++ b/lib/retry/retry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package retry
 
diff --git a/lib/routine/routine.go b/lib/routine/routine.go
index 3bcbd1fbee45..b5ebe85e22f1 100644
--- a/lib/routine/routine.go
+++ b/lib/routine/routine.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package routine
 
diff --git a/lib/routine/routine_test.go b/lib/routine/routine_test.go
index cfb98d98c3c8..c04311ac59f4 100644
--- a/lib/routine/routine_test.go
+++ b/lib/routine/routine_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package routine
 
diff --git a/lib/rtt.go b/lib/rtt.go
index 5d90431f5d65..d716e6fcbe1c 100644
--- a/lib/rtt.go
+++ b/lib/rtt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/rtt_test.go b/lib/rtt_test.go
index a8a6786ecf62..1e7779b9adde 100644
--- a/lib/rtt_test.go
+++ b/lib/rtt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/semaphore/semaphore.go b/lib/semaphore/semaphore.go
index 662d21152868..fdfbbb34db02 100644
--- a/lib/semaphore/semaphore.go
+++ b/lib/semaphore/semaphore.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package semaphore implements a simple semaphore that is based on
 // golang.org/x/sync/semaphore but doesn't support weights. It's advantage over
diff --git a/lib/semaphore/semaphore_test.go b/lib/semaphore/semaphore_test.go
index d7da1979b00f..b3182e1107af 100644
--- a/lib/semaphore/semaphore_test.go
+++ b/lib/semaphore/semaphore_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package semaphore
 
diff --git a/lib/serf/serf.go b/lib/serf/serf.go
index ad5297e58b61..932fed427ba9 100644
--- a/lib/serf/serf.go
+++ b/lib/serf/serf.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package serf
 
diff --git a/lib/stop_context.go b/lib/stop_context.go
index ea560e0929e9..98bde25e452b 100644
--- a/lib/stop_context.go
+++ b/lib/stop_context.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/stop_context_test.go b/lib/stop_context_test.go
index 6da3a6fc61ae..b62749513f2f 100644
--- a/lib/stop_context_test.go
+++ b/lib/stop_context_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/strings.go b/lib/strings.go
index d268845acc9c..7213a9325914 100644
--- a/lib/strings.go
+++ b/lib/strings.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/stringslice/stringslice.go b/lib/stringslice/stringslice.go
index 325f603d778d..7c32864b9458 100644
--- a/lib/stringslice/stringslice.go
+++ b/lib/stringslice/stringslice.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stringslice
 
diff --git a/lib/stringslice/stringslice_test.go b/lib/stringslice/stringslice_test.go
index 975fe34976ec..dd2507175744 100644
--- a/lib/stringslice/stringslice_test.go
+++ b/lib/stringslice/stringslice_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package stringslice
 
diff --git a/lib/telemetry.go b/lib/telemetry.go
index b66ec721b1dc..e06341eefb05 100644
--- a/lib/telemetry.go
+++ b/lib/telemetry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/telemetry_test.go b/lib/telemetry_test.go
index a2c0075598ec..ab0f7e5b9141 100644
--- a/lib/telemetry_test.go
+++ b/lib/telemetry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/template/hil.go b/lib/template/hil.go
index 5b9cc0e2cf14..502f10d258b2 100644
--- a/lib/template/hil.go
+++ b/lib/template/hil.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package template
 
diff --git a/lib/template/hil_test.go b/lib/template/hil_test.go
index 84f3558a4a6a..4f582f61d168 100644
--- a/lib/template/hil_test.go
+++ b/lib/template/hil_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package template
 
diff --git a/lib/translate.go b/lib/translate.go
index adb58539c0fd..6fd49010fc81 100644
--- a/lib/translate.go
+++ b/lib/translate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/translate_test.go b/lib/translate_test.go
index 36d113004a74..f36588b7404b 100644
--- a/lib/translate_test.go
+++ b/lib/translate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/ttlcache/eviction.go b/lib/ttlcache/eviction.go
index 3e20bb09b627..5d5012e7dbac 100644
--- a/lib/ttlcache/eviction.go
+++ b/lib/ttlcache/eviction.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 /*
 Package ttlcache provides an ExpiryHeap that can be used by a cache to track the
diff --git a/lib/ttlcache/eviction_test.go b/lib/ttlcache/eviction_test.go
index fe55b68cf176..18bf2fbbc78b 100644
--- a/lib/ttlcache/eviction_test.go
+++ b/lib/ttlcache/eviction_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ttlcache
 
diff --git a/lib/useragent.go b/lib/useragent.go
index c3f74e5c6bf7..1837a4622feb 100644
--- a/lib/useragent.go
+++ b/lib/useragent.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/useragent_test.go b/lib/useragent_test.go
index 4890e454a598..23df537c9d4a 100644
--- a/lib/useragent_test.go
+++ b/lib/useragent_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/lib/uuid.go b/lib/uuid.go
index 8db9517d7022..2c0d657f5b06 100644
--- a/lib/uuid.go
+++ b/lib/uuid.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package lib
 
diff --git a/logging/gated_writer.go b/logging/gated_writer.go
index 2e0023369a77..5a28c8cf5233 100644
--- a/logging/gated_writer.go
+++ b/logging/gated_writer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logging
 
diff --git a/logging/gated_writer_test.go b/logging/gated_writer_test.go
index f0adc8de85a1..cc44ad04b2b9 100644
--- a/logging/gated_writer_test.go
+++ b/logging/gated_writer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logging
 
diff --git a/logging/grpc.go b/logging/grpc.go
index f565b865fbd9..ebe2207e454b 100644
--- a/logging/grpc.go
+++ b/logging/grpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logging
 
diff --git a/logging/grpc_test.go b/logging/grpc_test.go
index 29f1c976e555..0a90f1106609 100644
--- a/logging/grpc_test.go
+++ b/logging/grpc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logging
 
diff --git a/logging/log_levels.go b/logging/log_levels.go
index dc3bb8b530b8..5ed830ee3050 100644
--- a/logging/log_levels.go
+++ b/logging/log_levels.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logging
 
diff --git a/logging/logfile.go b/logging/logfile.go
index c836a73f9d99..bc7b38d91c26 100644
--- a/logging/logfile.go
+++ b/logging/logfile.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logging
 
diff --git a/logging/logfile_test.go b/logging/logfile_test.go
index 7412938be861..ae9d8fb1b0cd 100644
--- a/logging/logfile_test.go
+++ b/logging/logfile_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logging
 
diff --git a/logging/logger.go b/logging/logger.go
index fb5128790fd0..8d63ed7e15eb 100644
--- a/logging/logger.go
+++ b/logging/logger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logging
 
diff --git a/logging/logger_test.go b/logging/logger_test.go
index ca5f1eecd248..5cb0c1e44189 100644
--- a/logging/logger_test.go
+++ b/logging/logger_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logging
 
diff --git a/logging/monitor/monitor.go b/logging/monitor/monitor.go
index 7440a6586f63..6a812a879f64 100644
--- a/logging/monitor/monitor.go
+++ b/logging/monitor/monitor.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package monitor
 
diff --git a/logging/monitor/monitor_test.go b/logging/monitor/monitor_test.go
index ba77eab36fdd..5f834f4f2322 100644
--- a/logging/monitor/monitor_test.go
+++ b/logging/monitor/monitor_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package monitor
 
diff --git a/logging/names.go b/logging/names.go
index 1c7ecc448787..69a859443cfb 100644
--- a/logging/names.go
+++ b/logging/names.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logging
 
diff --git a/logging/syslog.go b/logging/syslog.go
index 8eb1391fcb3b..ceb0ae0ac2f2 100644
--- a/logging/syslog.go
+++ b/logging/syslog.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package logging
 
diff --git a/logging/syslog_test.go b/logging/syslog_test.go
index fdef92b5284b..1b3d66feba0c 100644
--- a/logging/syslog_test.go
+++ b/logging/syslog_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build linux || darwin || dragonfly || freebsd || netbsd || openbsd || solaris
 // +build linux darwin dragonfly freebsd netbsd openbsd solaris
diff --git a/logging/syslog_unsupported_test.go b/logging/syslog_unsupported_test.go
index d616580d2f22..dab3d47d72fc 100644
--- a/logging/syslog_unsupported_test.go
+++ b/logging/syslog_unsupported_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build windows || plan9 || nacl
 // +build windows plan9 nacl
diff --git a/main.go b/main.go
index 63f5a4f26dd8..d29454035b12 100644
--- a/main.go
+++ b/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package main
 
diff --git a/proto-public/annotations/ratelimit/ratelimit.pb.go b/proto-public/annotations/ratelimit/ratelimit.pb.go
index 3514d47ceb29..3faa4db3b6f4 100644
--- a/proto-public/annotations/ratelimit/ratelimit.pb.go
+++ b/proto-public/annotations/ratelimit/ratelimit.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/annotations/ratelimit/ratelimit.proto b/proto-public/annotations/ratelimit/ratelimit.proto
index 9869d86f8538..4ce40cffa383 100644
--- a/proto-public/annotations/ratelimit/ratelimit.proto
+++ b/proto-public/annotations/ratelimit/ratelimit.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/buf.gen.yaml b/proto-public/buf.gen.yaml
index 738828ad87ac..943e30a2ebd2 100644
--- a/proto-public/buf.gen.yaml
+++ b/proto-public/buf.gen.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 version: v1
 managed:
diff --git a/proto-public/buf.yaml b/proto-public/buf.yaml
index 878225723ea3..e60ce31aba4e 100644
--- a/proto-public/buf.yaml
+++ b/proto-public/buf.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 version: v1
 name: buf.build/hashicorp/consul
diff --git a/proto-public/pbacl/acl.pb.go b/proto-public/pbacl/acl.pb.go
index f85a9e0b48e8..56d2ea26aa5b 100644
--- a/proto-public/pbacl/acl.pb.go
+++ b/proto-public/pbacl/acl.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbacl/acl.proto b/proto-public/pbacl/acl.proto
index bfb71ad4f2e0..f57436c51149 100644
--- a/proto-public/pbacl/acl.proto
+++ b/proto-public/pbacl/acl.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/dns.pb.go b/proto-public/pbcatalog/v1alpha1/dns.pb.go
index 9f6ed584dfcc..347781e14a68 100644
--- a/proto-public/pbcatalog/v1alpha1/dns.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/dns.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/dns.proto b/proto-public/pbcatalog/v1alpha1/dns.proto
index 35ca336b11fd..0936c343106c 100644
--- a/proto-public/pbcatalog/v1alpha1/dns.proto
+++ b/proto-public/pbcatalog/v1alpha1/dns.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go b/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
index 568405a1cd53..a0128c4c2d9f 100644
--- a/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy.proto b/proto-public/pbcatalog/v1alpha1/failover_policy.proto
index 69dcec0d973d..2b8e18c82907 100644
--- a/proto-public/pbcatalog/v1alpha1/failover_policy.proto
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go b/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
index 8c1f2d104cae..4111e8943346 100644
--- a/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package catalogv1alpha1
 
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go b/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go
index f9fe3e879dca..8849d4a022f6 100644
--- a/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package catalogv1alpha1
 
diff --git a/proto-public/pbcatalog/v1alpha1/health.pb.go b/proto-public/pbcatalog/v1alpha1/health.pb.go
index 071c405d9941..58709a57bec1 100644
--- a/proto-public/pbcatalog/v1alpha1/health.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/health.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/health.proto b/proto-public/pbcatalog/v1alpha1/health.proto
index 477aa15fc517..9b302208b665 100644
--- a/proto-public/pbcatalog/v1alpha1/health.proto
+++ b/proto-public/pbcatalog/v1alpha1/health.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/node.pb.go b/proto-public/pbcatalog/v1alpha1/node.pb.go
index b59d03bb9131..69346e9dffe5 100644
--- a/proto-public/pbcatalog/v1alpha1/node.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/node.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/node.proto b/proto-public/pbcatalog/v1alpha1/node.proto
index 56a7ce3a2cfa..5367ec05aa3e 100644
--- a/proto-public/pbcatalog/v1alpha1/node.proto
+++ b/proto-public/pbcatalog/v1alpha1/node.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/protocol.pb.go b/proto-public/pbcatalog/v1alpha1/protocol.pb.go
index 71e89aab4aa5..07e6efb76756 100644
--- a/proto-public/pbcatalog/v1alpha1/protocol.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/protocol.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/protocol.proto b/proto-public/pbcatalog/v1alpha1/protocol.proto
index a18351c5d6d8..d57803f8ab65 100644
--- a/proto-public/pbcatalog/v1alpha1/protocol.proto
+++ b/proto-public/pbcatalog/v1alpha1/protocol.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/selector.pb.go b/proto-public/pbcatalog/v1alpha1/selector.pb.go
index 8caf0f51d6c8..12d1210edec8 100644
--- a/proto-public/pbcatalog/v1alpha1/selector.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/selector.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/selector.proto b/proto-public/pbcatalog/v1alpha1/selector.proto
index 1b5aa366e07f..fce4d85d0d5e 100644
--- a/proto-public/pbcatalog/v1alpha1/selector.proto
+++ b/proto-public/pbcatalog/v1alpha1/selector.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/service.pb.go b/proto-public/pbcatalog/v1alpha1/service.pb.go
index cd72ccf268ff..3be2d077d1e3 100644
--- a/proto-public/pbcatalog/v1alpha1/service.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/service.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/service.proto b/proto-public/pbcatalog/v1alpha1/service.proto
index 4d4d681308d9..3b9abc4b5762 100644
--- a/proto-public/pbcatalog/v1alpha1/service.proto
+++ b/proto-public/pbcatalog/v1alpha1/service.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/service_endpoints.pb.go b/proto-public/pbcatalog/v1alpha1/service_endpoints.pb.go
index 903de0706bf2..2ec7c9a191d8 100644
--- a/proto-public/pbcatalog/v1alpha1/service_endpoints.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/service_endpoints.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/service_endpoints.proto b/proto-public/pbcatalog/v1alpha1/service_endpoints.proto
index df3c70e0312f..49de36bb011d 100644
--- a/proto-public/pbcatalog/v1alpha1/service_endpoints.proto
+++ b/proto-public/pbcatalog/v1alpha1/service_endpoints.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/vip.pb.go b/proto-public/pbcatalog/v1alpha1/vip.pb.go
index 7ba05aa85096..88995afaa00a 100644
--- a/proto-public/pbcatalog/v1alpha1/vip.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/vip.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/vip.proto b/proto-public/pbcatalog/v1alpha1/vip.proto
index 5efee624fcaa..3ffa15211481 100644
--- a/proto-public/pbcatalog/v1alpha1/vip.proto
+++ b/proto-public/pbcatalog/v1alpha1/vip.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/workload.pb.go b/proto-public/pbcatalog/v1alpha1/workload.pb.go
index e1f75d810cb8..f0f8d807d531 100644
--- a/proto-public/pbcatalog/v1alpha1/workload.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/workload.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/workload.proto b/proto-public/pbcatalog/v1alpha1/workload.proto
index 00c82b8eebd3..ee64b72637b6 100644
--- a/proto-public/pbcatalog/v1alpha1/workload.proto
+++ b/proto-public/pbcatalog/v1alpha1/workload.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbconnectca/ca.pb.go b/proto-public/pbconnectca/ca.pb.go
index b4312816f310..289acf7bd53c 100644
--- a/proto-public/pbconnectca/ca.pb.go
+++ b/proto-public/pbconnectca/ca.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbconnectca/ca.proto b/proto-public/pbconnectca/ca.proto
index 9458e83478d9..7fe821b244b6 100644
--- a/proto-public/pbconnectca/ca.proto
+++ b/proto-public/pbconnectca/ca.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbdataplane/dataplane.pb.go b/proto-public/pbdataplane/dataplane.pb.go
index eeecbc2bd02b..8507fd37f303 100644
--- a/proto-public/pbdataplane/dataplane.pb.go
+++ b/proto-public/pbdataplane/dataplane.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package dataplane provides a service on Consul servers for the Consul Dataplane
 
diff --git a/proto-public/pbdataplane/dataplane.proto b/proto-public/pbdataplane/dataplane.proto
index 98a0a750fbfa..ced1b334eb49 100644
--- a/proto-public/pbdataplane/dataplane.proto
+++ b/proto-public/pbdataplane/dataplane.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package dataplane provides a service on Consul servers for the Consul Dataplane
 
diff --git a/proto-public/pbdns/dns.pb.go b/proto-public/pbdns/dns.pb.go
index c3825d68e9e4..8d0d58d7d530 100644
--- a/proto-public/pbdns/dns.pb.go
+++ b/proto-public/pbdns/dns.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbdns/dns.proto b/proto-public/pbdns/dns.proto
index 126b1cc4eb65..5771350ce3cc 100644
--- a/proto-public/pbdns/dns.proto
+++ b/proto-public/pbdns/dns.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/common.pb.go b/proto-public/pbmesh/v1alpha1/common.pb.go
index 4262d3872c3d..680539c99db8 100644
--- a/proto-public/pbmesh/v1alpha1/common.pb.go
+++ b/proto-public/pbmesh/v1alpha1/common.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/common.proto b/proto-public/pbmesh/v1alpha1/common.proto
index 48668e59dd5a..63110429c6e6 100644
--- a/proto-public/pbmesh/v1alpha1/common.proto
+++ b/proto-public/pbmesh/v1alpha1/common.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/computed_routes.pb.go b/proto-public/pbmesh/v1alpha1/computed_routes.pb.go
index 605e4fbd679e..da04a618ec5e 100644
--- a/proto-public/pbmesh/v1alpha1/computed_routes.pb.go
+++ b/proto-public/pbmesh/v1alpha1/computed_routes.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/computed_routes.proto b/proto-public/pbmesh/v1alpha1/computed_routes.proto
index d48d417d6823..3cc898f2e6db 100644
--- a/proto-public/pbmesh/v1alpha1/computed_routes.proto
+++ b/proto-public/pbmesh/v1alpha1/computed_routes.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/connection.pb.go b/proto-public/pbmesh/v1alpha1/connection.pb.go
index 221845b26dbb..e3595a72480a 100644
--- a/proto-public/pbmesh/v1alpha1/connection.pb.go
+++ b/proto-public/pbmesh/v1alpha1/connection.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/connection.proto b/proto-public/pbmesh/v1alpha1/connection.proto
index 8cae7c1c1099..52c9f4563224 100644
--- a/proto-public/pbmesh/v1alpha1/connection.proto
+++ b/proto-public/pbmesh/v1alpha1/connection.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/destination_policy.pb.go b/proto-public/pbmesh/v1alpha1/destination_policy.pb.go
index 44a3049d5eb2..0d7048e836c0 100644
--- a/proto-public/pbmesh/v1alpha1/destination_policy.pb.go
+++ b/proto-public/pbmesh/v1alpha1/destination_policy.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/destination_policy.proto b/proto-public/pbmesh/v1alpha1/destination_policy.proto
index cc03f38d8c05..a1be9d9a307b 100644
--- a/proto-public/pbmesh/v1alpha1/destination_policy.proto
+++ b/proto-public/pbmesh/v1alpha1/destination_policy.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/expose.pb.go b/proto-public/pbmesh/v1alpha1/expose.pb.go
index c5e13ecf0020..4d346add84ea 100644
--- a/proto-public/pbmesh/v1alpha1/expose.pb.go
+++ b/proto-public/pbmesh/v1alpha1/expose.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/expose.proto b/proto-public/pbmesh/v1alpha1/expose.proto
index bf8591f20d74..33663db881c2 100644
--- a/proto-public/pbmesh/v1alpha1/expose.proto
+++ b/proto-public/pbmesh/v1alpha1/expose.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/grpc_route.pb.go b/proto-public/pbmesh/v1alpha1/grpc_route.pb.go
index 2f25aae654e7..a9f043d58182 100644
--- a/proto-public/pbmesh/v1alpha1/grpc_route.pb.go
+++ b/proto-public/pbmesh/v1alpha1/grpc_route.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/grpc_route.proto b/proto-public/pbmesh/v1alpha1/grpc_route.proto
index ce4ca4d917ca..98369980a510 100644
--- a/proto-public/pbmesh/v1alpha1/grpc_route.proto
+++ b/proto-public/pbmesh/v1alpha1/grpc_route.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/http_route.pb.go b/proto-public/pbmesh/v1alpha1/http_route.pb.go
index f69b84f22656..94af113814c2 100644
--- a/proto-public/pbmesh/v1alpha1/http_route.pb.go
+++ b/proto-public/pbmesh/v1alpha1/http_route.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/http_route.proto b/proto-public/pbmesh/v1alpha1/http_route.proto
index ea14176b1b7c..595a5ae3e76c 100644
--- a/proto-public/pbmesh/v1alpha1/http_route.proto
+++ b/proto-public/pbmesh/v1alpha1/http_route.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go b/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
index 5a34d26a3260..6a3e5142daec 100644
--- a/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
+++ b/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/http_route_retries.proto b/proto-public/pbmesh/v1alpha1/http_route_retries.proto
index 3ea112027abe..594ea8a119b3 100644
--- a/proto-public/pbmesh/v1alpha1/http_route_retries.proto
+++ b/proto-public/pbmesh/v1alpha1/http_route_retries.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go b/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
index 0fc421e43e5b..27b3cfdb5117 100644
--- a/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
+++ b/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto b/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
index f33587496b55..b627d2f1cac5 100644
--- a/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
+++ b/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
index bedb5f988072..c7bc160ae4ea 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
index 00770c0c146e..f02c63ff3b38 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
index 0afb768f4aa4..0f954be1236c 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
index 2d08199a0ecc..ac6384879cc4 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
index 59d800a4664f..9cbfe4ad6943 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
index 6fd7dba82845..9b4194d981f0 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
index ce14e15f722d..10e306c8a345 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
index 28ff53b7eec1..09feada9cf31 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
index 9250341dbef5..03d095abdf46 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
index ab8871182780..3e6049459a20 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
index 71d0b5dc3c02..da94adbc546c 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
index ca3bd6ee79cc..0359c144ca8f 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
index 171c5f357f37..1b54eee4ae09 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
index 37f009cc3039..d47c5bc04727 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
index 24c6f5fc8ce5..962c109388ed 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
index d4a4dcda9f35..66f23651b0ff 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
index cee7c44bc46b..666e2a91acb6 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
index 3e2c1ddd45ca..168a25a49e06 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
index c6840dd18aaa..3256ab8c2ef6 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
index 2ec10f3737d1..084b52d2d7af 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
index c5615447b041..9801e29c3c70 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
index df7d70602720..4e53326183f9 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
index 0072714553da..6795d42ae8e6 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/proxy_configuration.proto b/proto-public/pbmesh/v1alpha1/proxy_configuration.proto
index c20ff3d47c44..6d64ba37d254 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_configuration.proto
+++ b/proto-public/pbmesh/v1alpha1/proxy_configuration.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
index cb858b6d1d78..4f8fc7914ac6 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.proto b/proto-public/pbmesh/v1alpha1/proxy_state.proto
index 46ef458e5711..94280a261fa2 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.proto
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/routing.pb.go b/proto-public/pbmesh/v1alpha1/routing.pb.go
index 19f6a7d1c1b3..cccbd6ff7714 100644
--- a/proto-public/pbmesh/v1alpha1/routing.pb.go
+++ b/proto-public/pbmesh/v1alpha1/routing.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/routing.proto b/proto-public/pbmesh/v1alpha1/routing.proto
index d2b1cdd8b095..cbd15e3997fb 100644
--- a/proto-public/pbmesh/v1alpha1/routing.proto
+++ b/proto-public/pbmesh/v1alpha1/routing.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/tcp_route.pb.go b/proto-public/pbmesh/v1alpha1/tcp_route.pb.go
index 6a8cf5700fc4..80cd8ca96333 100644
--- a/proto-public/pbmesh/v1alpha1/tcp_route.pb.go
+++ b/proto-public/pbmesh/v1alpha1/tcp_route.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/tcp_route.proto b/proto-public/pbmesh/v1alpha1/tcp_route.proto
index 0a6c974c046b..bd3e46ca5bc0 100644
--- a/proto-public/pbmesh/v1alpha1/tcp_route.proto
+++ b/proto-public/pbmesh/v1alpha1/tcp_route.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.pb.go b/proto-public/pbmesh/v1alpha1/upstreams.pb.go
index e8e9e4f9cf89..bc50e8627246 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.pb.go
+++ b/proto-public/pbmesh/v1alpha1/upstreams.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.proto b/proto-public/pbmesh/v1alpha1/upstreams.proto
index a78d8c3f9792..3b8550208723 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.proto
+++ b/proto-public/pbmesh/v1alpha1/upstreams.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
index 61f9709cdcd1..10527dd3b7e8 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
+++ b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto b/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
index 81bbbf5f8269..5452e95ee267 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
+++ b/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbresource/resource.pb.go b/proto-public/pbresource/resource.pb.go
index 889a0314af31..9ff9f6f0d86f 100644
--- a/proto-public/pbresource/resource.pb.go
+++ b/proto-public/pbresource/resource.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbresource/resource.proto b/proto-public/pbresource/resource.proto
index 9e65647587b7..1f4bfb305956 100644
--- a/proto-public/pbresource/resource.proto
+++ b/proto-public/pbresource/resource.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto-public/pbserverdiscovery/serverdiscovery.pb.go b/proto-public/pbserverdiscovery/serverdiscovery.pb.go
index 37b3b592e7d8..2ef18a5b44d5 100644
--- a/proto-public/pbserverdiscovery/serverdiscovery.pb.go
+++ b/proto-public/pbserverdiscovery/serverdiscovery.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package serverdiscovery provides a service on Consul servers to discover the set of servers
 // currently able to handle incoming requests.
diff --git a/proto-public/pbserverdiscovery/serverdiscovery.proto b/proto-public/pbserverdiscovery/serverdiscovery.proto
index c2c06aed7256..9c4f9e96a76c 100644
--- a/proto-public/pbserverdiscovery/serverdiscovery.proto
+++ b/proto-public/pbserverdiscovery/serverdiscovery.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Package serverdiscovery provides a service on Consul servers to discover the set of servers
 // currently able to handle incoming requests.
diff --git a/proto/buf.gen.yaml b/proto/buf.gen.yaml
index e8a1a956ab86..efb9703b10ba 100644
--- a/proto/buf.gen.yaml
+++ b/proto/buf.gen.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 version: v1
 managed:
diff --git a/proto/buf.yaml b/proto/buf.yaml
index de63034c3c1b..a8aa50196486 100644
--- a/proto/buf.yaml
+++ b/proto/buf.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 version: v1
 lint:
diff --git a/proto/private/pbacl/acl.go b/proto/private/pbacl/acl.go
index 3d3b8de5204a..5c9cc6285e6c 100644
--- a/proto/private/pbacl/acl.go
+++ b/proto/private/pbacl/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbacl
 
diff --git a/proto/private/pbacl/acl.pb.go b/proto/private/pbacl/acl.pb.go
index e8d0719e8d6b..f6aa5c3418cf 100644
--- a/proto/private/pbacl/acl.pb.go
+++ b/proto/private/pbacl/acl.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbacl/acl.proto b/proto/private/pbacl/acl.proto
index 4a96f2671c31..0fa9ecd89dc6 100644
--- a/proto/private/pbacl/acl.proto
+++ b/proto/private/pbacl/acl.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbautoconf/auto_config.go b/proto/private/pbautoconf/auto_config.go
index e2de2f18d9cc..39d37d1dc8b0 100644
--- a/proto/private/pbautoconf/auto_config.go
+++ b/proto/private/pbautoconf/auto_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbautoconf
 
diff --git a/proto/private/pbautoconf/auto_config.pb.go b/proto/private/pbautoconf/auto_config.pb.go
index 55da1b07f972..a9b4c2c89168 100644
--- a/proto/private/pbautoconf/auto_config.pb.go
+++ b/proto/private/pbautoconf/auto_config.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbautoconf/auto_config.proto b/proto/private/pbautoconf/auto_config.proto
index a16710765593..a0f4440d7904 100644
--- a/proto/private/pbautoconf/auto_config.proto
+++ b/proto/private/pbautoconf/auto_config.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbautoconf/auto_config_oss.go b/proto/private/pbautoconf/auto_config_oss.go
index 1cab31f171c3..032ca67ba3c7 100644
--- a/proto/private/pbautoconf/auto_config_oss.go
+++ b/proto/private/pbautoconf/auto_config_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/proto/private/pbcommon/common.go b/proto/private/pbcommon/common.go
index e05c0a970a88..ecf935d75f14 100644
--- a/proto/private/pbcommon/common.go
+++ b/proto/private/pbcommon/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbcommon
 
diff --git a/proto/private/pbcommon/common.pb.go b/proto/private/pbcommon/common.pb.go
index dd6240ad85e9..fc6928184132 100644
--- a/proto/private/pbcommon/common.pb.go
+++ b/proto/private/pbcommon/common.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbcommon/common.proto b/proto/private/pbcommon/common.proto
index a86aa2dde53d..2296dc69d628 100644
--- a/proto/private/pbcommon/common.proto
+++ b/proto/private/pbcommon/common.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbcommon/common_oss.go b/proto/private/pbcommon/common_oss.go
index c0ce9b27f850..94aef583a1a2 100644
--- a/proto/private/pbcommon/common_oss.go
+++ b/proto/private/pbcommon/common_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/proto/private/pbcommon/convert_pbstruct.go b/proto/private/pbcommon/convert_pbstruct.go
index e48dce9ae6e0..f21d9a40ed49 100644
--- a/proto/private/pbcommon/convert_pbstruct.go
+++ b/proto/private/pbcommon/convert_pbstruct.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbcommon
 
diff --git a/proto/private/pbcommon/convert_pbstruct_test.go b/proto/private/pbcommon/convert_pbstruct_test.go
index 543129fdfd2f..82f52c699288 100644
--- a/proto/private/pbcommon/convert_pbstruct_test.go
+++ b/proto/private/pbcommon/convert_pbstruct_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbcommon
 
diff --git a/proto/private/pbconfig/config.pb.go b/proto/private/pbconfig/config.pb.go
index 61c394944f7a..ce8e43c7ce91 100644
--- a/proto/private/pbconfig/config.pb.go
+++ b/proto/private/pbconfig/config.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbconfig/config.proto b/proto/private/pbconfig/config.proto
index 79b4a3669e8b..96a0f1cae04e 100644
--- a/proto/private/pbconfig/config.proto
+++ b/proto/private/pbconfig/config.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbconfigentry/config_entry.go b/proto/private/pbconfigentry/config_entry.go
index 705c87d0131e..8ddfde8cccfb 100644
--- a/proto/private/pbconfigentry/config_entry.go
+++ b/proto/private/pbconfigentry/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbconfigentry
 
diff --git a/proto/private/pbconfigentry/config_entry.pb.go b/proto/private/pbconfigentry/config_entry.pb.go
index 7ba920b75c60..8ec7635b3ad1 100644
--- a/proto/private/pbconfigentry/config_entry.pb.go
+++ b/proto/private/pbconfigentry/config_entry.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbconfigentry/config_entry.proto b/proto/private/pbconfigentry/config_entry.proto
index d053ff181421..3c698aab37a3 100644
--- a/proto/private/pbconfigentry/config_entry.proto
+++ b/proto/private/pbconfigentry/config_entry.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbconfigentry/config_entry_oss.go b/proto/private/pbconfigentry/config_entry_oss.go
index 26cd931299e8..b81e07686136 100644
--- a/proto/private/pbconfigentry/config_entry_oss.go
+++ b/proto/private/pbconfigentry/config_entry_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/proto/private/pbconnect/connect.go b/proto/private/pbconnect/connect.go
index 85f8a35b7d37..9c3ed9d7355e 100644
--- a/proto/private/pbconnect/connect.go
+++ b/proto/private/pbconnect/connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbconnect
 
diff --git a/proto/private/pbconnect/connect.pb.go b/proto/private/pbconnect/connect.pb.go
index 278114b3b4aa..18942ff7dea5 100644
--- a/proto/private/pbconnect/connect.pb.go
+++ b/proto/private/pbconnect/connect.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbconnect/connect.proto b/proto/private/pbconnect/connect.proto
index afd1a4e1a4dd..f829dd22629a 100644
--- a/proto/private/pbconnect/connect.proto
+++ b/proto/private/pbconnect/connect.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbdemo/v1/demo.pb.go b/proto/private/pbdemo/v1/demo.pb.go
index a69008fce767..ebc5bc3700ae 100644
--- a/proto/private/pbdemo/v1/demo.pb.go
+++ b/proto/private/pbdemo/v1/demo.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbdemo/v1/demo.proto b/proto/private/pbdemo/v1/demo.proto
index 4fcbe7155c48..a0498cbd4fe3 100644
--- a/proto/private/pbdemo/v1/demo.proto
+++ b/proto/private/pbdemo/v1/demo.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbdemo/v2/demo.pb.go b/proto/private/pbdemo/v2/demo.pb.go
index 2ffed20dcc6f..a4c52a99d6a6 100644
--- a/proto/private/pbdemo/v2/demo.pb.go
+++ b/proto/private/pbdemo/v2/demo.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbdemo/v2/demo.proto b/proto/private/pbdemo/v2/demo.proto
index b208324801c1..546cfe697261 100644
--- a/proto/private/pbdemo/v2/demo.proto
+++ b/proto/private/pbdemo/v2/demo.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pboperator/operator.pb.go b/proto/private/pboperator/operator.pb.go
index 5f264c53937a..e7e457bc7389 100644
--- a/proto/private/pboperator/operator.pb.go
+++ b/proto/private/pboperator/operator.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pboperator/operator.proto b/proto/private/pboperator/operator.proto
index 4f8b99358d4e..8669f03041fd 100644
--- a/proto/private/pboperator/operator.proto
+++ b/proto/private/pboperator/operator.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbpeering/peering.go b/proto/private/pbpeering/peering.go
index 0fec964c46b1..5759061afce2 100644
--- a/proto/private/pbpeering/peering.go
+++ b/proto/private/pbpeering/peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbpeering
 
diff --git a/proto/private/pbpeering/peering.pb.go b/proto/private/pbpeering/peering.pb.go
index 69af206ca4b2..a0c7bd21676d 100644
--- a/proto/private/pbpeering/peering.pb.go
+++ b/proto/private/pbpeering/peering.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbpeering/peering.proto b/proto/private/pbpeering/peering.proto
index e72d5eb76803..02fddbf17fea 100644
--- a/proto/private/pbpeering/peering.proto
+++ b/proto/private/pbpeering/peering.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbpeering/peering_oss.go b/proto/private/pbpeering/peering_oss.go
index 04d1107d02c8..4c4dd959e8a7 100644
--- a/proto/private/pbpeering/peering_oss.go
+++ b/proto/private/pbpeering/peering_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/proto/private/pbpeerstream/convert.go b/proto/private/pbpeerstream/convert.go
index 27848e0e399e..d71dc5d3b15f 100644
--- a/proto/private/pbpeerstream/convert.go
+++ b/proto/private/pbpeerstream/convert.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbpeerstream
 
diff --git a/proto/private/pbpeerstream/peerstream.go b/proto/private/pbpeerstream/peerstream.go
index 85d44785d04e..3dc6aa6093d8 100644
--- a/proto/private/pbpeerstream/peerstream.go
+++ b/proto/private/pbpeerstream/peerstream.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbpeerstream
 
diff --git a/proto/private/pbpeerstream/peerstream.pb.go b/proto/private/pbpeerstream/peerstream.pb.go
index f20496642d30..aeb1bdb22082 100644
--- a/proto/private/pbpeerstream/peerstream.pb.go
+++ b/proto/private/pbpeerstream/peerstream.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbpeerstream/peerstream.proto b/proto/private/pbpeerstream/peerstream.proto
index a66e823e049e..b46fcf2270db 100644
--- a/proto/private/pbpeerstream/peerstream.proto
+++ b/proto/private/pbpeerstream/peerstream.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbpeerstream/types.go b/proto/private/pbpeerstream/types.go
index 6b55bfb42566..bf2250c64dd9 100644
--- a/proto/private/pbpeerstream/types.go
+++ b/proto/private/pbpeerstream/types.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbpeerstream
 
diff --git a/proto/private/pbservice/convert.go b/proto/private/pbservice/convert.go
index 973369f03dcd..8396ff7c649f 100644
--- a/proto/private/pbservice/convert.go
+++ b/proto/private/pbservice/convert.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbservice
 
diff --git a/proto/private/pbservice/convert_oss.go b/proto/private/pbservice/convert_oss.go
index 938495b96b77..482a2640c74a 100644
--- a/proto/private/pbservice/convert_oss.go
+++ b/proto/private/pbservice/convert_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/proto/private/pbservice/convert_oss_test.go b/proto/private/pbservice/convert_oss_test.go
index 2367f3e73aeb..59a29c6ca762 100644
--- a/proto/private/pbservice/convert_oss_test.go
+++ b/proto/private/pbservice/convert_oss_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/proto/private/pbservice/convert_test.go b/proto/private/pbservice/convert_test.go
index 0093a76dd9fb..5b3c97680ef6 100644
--- a/proto/private/pbservice/convert_test.go
+++ b/proto/private/pbservice/convert_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbservice
 
diff --git a/proto/private/pbservice/healthcheck.pb.go b/proto/private/pbservice/healthcheck.pb.go
index aa7a4c73253a..ba0edbde9d64 100644
--- a/proto/private/pbservice/healthcheck.pb.go
+++ b/proto/private/pbservice/healthcheck.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbservice/healthcheck.proto b/proto/private/pbservice/healthcheck.proto
index 5800a04191d2..b3cbf050448b 100644
--- a/proto/private/pbservice/healthcheck.proto
+++ b/proto/private/pbservice/healthcheck.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbservice/ids.go b/proto/private/pbservice/ids.go
index 8ab248c3e8d5..bac74d6f7e80 100644
--- a/proto/private/pbservice/ids.go
+++ b/proto/private/pbservice/ids.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbservice
 
diff --git a/proto/private/pbservice/ids_test.go b/proto/private/pbservice/ids_test.go
index 9a56604ee8c1..9477bb8d9bb7 100644
--- a/proto/private/pbservice/ids_test.go
+++ b/proto/private/pbservice/ids_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbservice
 
diff --git a/proto/private/pbservice/node.pb.go b/proto/private/pbservice/node.pb.go
index 7b8fa6a3345b..3d562fe31f71 100644
--- a/proto/private/pbservice/node.pb.go
+++ b/proto/private/pbservice/node.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbservice/node.proto b/proto/private/pbservice/node.proto
index 85e82de7082e..6b81f0b6c06d 100644
--- a/proto/private/pbservice/node.proto
+++ b/proto/private/pbservice/node.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbservice/service.pb.go b/proto/private/pbservice/service.pb.go
index 13826aa752ea..871b6a04118c 100644
--- a/proto/private/pbservice/service.pb.go
+++ b/proto/private/pbservice/service.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbservice/service.proto b/proto/private/pbservice/service.proto
index 4573a920a6eb..b89f1717b17c 100644
--- a/proto/private/pbservice/service.proto
+++ b/proto/private/pbservice/service.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbstorage/raft.pb.go b/proto/private/pbstorage/raft.pb.go
index 8ae22a6aba91..6efa5c8f8fb1 100644
--- a/proto/private/pbstorage/raft.pb.go
+++ b/proto/private/pbstorage/raft.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbstorage/raft.proto b/proto/private/pbstorage/raft.proto
index 1dbae409e28a..ed7954a8690e 100644
--- a/proto/private/pbstorage/raft.proto
+++ b/proto/private/pbstorage/raft.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 syntax = "proto3";
 
diff --git a/proto/private/pbsubscribe/subscribe.go b/proto/private/pbsubscribe/subscribe.go
index 53b708124536..918c3d298078 100644
--- a/proto/private/pbsubscribe/subscribe.go
+++ b/proto/private/pbsubscribe/subscribe.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package pbsubscribe
 
diff --git a/proto/private/pbsubscribe/subscribe.pb.go b/proto/private/pbsubscribe/subscribe.pb.go
index f71a855107c5..796f581f3f78 100644
--- a/proto/private/pbsubscribe/subscribe.pb.go
+++ b/proto/private/pbsubscribe/subscribe.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //
 // Package event provides a service for subscribing to state change events.
diff --git a/proto/private/pbsubscribe/subscribe.proto b/proto/private/pbsubscribe/subscribe.proto
index 37124b5d0277..c327c92c7f02 100644
--- a/proto/private/pbsubscribe/subscribe.proto
+++ b/proto/private/pbsubscribe/subscribe.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 /*
    Package event provides a service for subscribing to state change events.
diff --git a/proto/private/prototest/testing.go b/proto/private/prototest/testing.go
index cc1d1e014171..6b6e81a4a174 100644
--- a/proto/private/prototest/testing.go
+++ b/proto/private/prototest/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package prototest
 
diff --git a/proto/private/prototest/testing_test.go b/proto/private/prototest/testing_test.go
index 22c1848821dd..2ee383baa1da 100644
--- a/proto/private/prototest/testing_test.go
+++ b/proto/private/prototest/testing_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package prototest
 
 import (
diff --git a/sdk/LICENSE b/sdk/LICENSE
new file mode 100644
index 000000000000..7c5baa45e1c2
--- /dev/null
+++ b/sdk/LICENSE
@@ -0,0 +1,365 @@
+Copyright (c) 2020 HashiCorp, Inc.
+
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. "Contributor"
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+
+     means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the terms of
+        a Secondary License.
+
+1.6. "Executable Form"
+
+     means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+
+     means a work that combines Covered Software with other material, in a
+     separate file or files, that is not Covered Software.
+
+1.8. "License"
+
+     means this document.
+
+1.9. "Licensable"
+
+     means having the right to grant, to the maximum extent possible, whether
+     at the time of the initial grant or subsequently, any and all of the
+     rights conveyed by this License.
+
+1.10. "Modifications"
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. "Patent Claims" of a Contributor
+
+      means any patent claim(s), including without limitation, method,
+      process, and apparatus claims, in any patent Licensable by such
+      Contributor that would be infringed, but for the grant of the License,
+      by the making, using, selling, offering for sale, having made, import,
+      or transfer of either its Contributions or its Contributor Version.
+
+1.12. "Secondary License"
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. "Source Code Form"
+
+      means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, "You" includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, "control" means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or
+        as part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its
+        Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution
+     become effective for each Contribution on the date the Contributor first
+     distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under
+     this License. No additional rights or licenses will be implied from the
+     distribution or licensing of Covered Software under this License.
+     Notwithstanding Section 2.1(b) above, no patent license is granted by a
+     Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party's
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of
+        its Contributions.
+
+     This License does not grant any rights in the trademarks, service marks,
+     or logos of any Contributor (except as may be necessary to comply with
+     the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this
+     License (see Section 10.2) or under the terms of a Secondary License (if
+     permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its
+     Contributions are its original creation(s) or it has sufficient rights to
+     grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under
+     applicable copyright doctrines of fair use, fair dealing, or other
+     equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under
+     the terms of this License. You must inform recipients that the Source
+     Code Form of the Covered Software is governed by the terms of this
+     License, and how they can obtain a copy of this License. You may not
+     attempt to alter or restrict the recipients' rights in the Source Code
+     Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this
+        License, or sublicense it under different terms, provided that the
+        license for the Executable Form does not attempt to limit or alter the
+        recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for
+     the Covered Software. If the Larger Work is a combination of Covered
+     Software with a work governed by one or more Secondary Licenses, and the
+     Covered Software is not Incompatible With Secondary Licenses, this
+     License permits You to additionally distribute such Covered Software
+     under the terms of such Secondary License(s), so that the recipient of
+     the Larger Work may, at their option, further distribute the Covered
+     Software under the terms of either this License or such Secondary
+     License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices
+     (including copyright notices, patent notices, disclaimers of warranty, or
+     limitations of liability) contained within the Source Code Form of the
+     Covered Software, except that You may alter any license notices to the
+     extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on
+     behalf of any Contributor. You must make it absolutely clear that any
+     such warranty, support, indemnity, or liability obligation is offered by
+     You alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute,
+   judicial order, or regulation then You must: (a) comply with the terms of
+   this License to the maximum extent possible; and (b) describe the
+   limitations and the code they affect. Such description must be placed in a
+   text file included with all distributions of the Covered Software under
+   this License. Except to the extent prohibited by statute or regulation,
+   such description must be sufficiently detailed for a recipient of ordinary
+   skill to be able to understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing
+     basis, if such Contributor fails to notify You of the non-compliance by
+     some reasonable means prior to 60 days after You have come back into
+     compliance. Moreover, Your grants from a particular Contributor are
+     reinstated on an ongoing basis if such Contributor notifies You of the
+     non-compliance by some reasonable means, this is the first time You have
+     received notice of non-compliance with this License from such
+     Contributor, and You become compliant prior to 30 days after Your receipt
+     of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions,
+     counter-claims, and cross-claims) alleging that a Contributor Version
+     directly or indirectly infringes any patent, then the rights granted to
+     You by any and all Contributors for the Covered Software under Section
+     2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an "as is" basis,
+   without warranty of any kind, either expressed, implied, or statutory,
+   including, without limitation, warranties that the Covered Software is free
+   of defects, merchantable, fit for a particular purpose or non-infringing.
+   The entire risk as to the quality and performance of the Covered Software
+   is with You. Should any Covered Software prove defective in any respect,
+   You (not any Contributor) assume the cost of any necessary servicing,
+   repair, or correction. This disclaimer of warranty constitutes an essential
+   part of this License. No use of  any Covered Software is authorized under
+   this License except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from
+   such party's negligence to the extent applicable law prohibits such
+   limitation. Some jurisdictions do not allow the exclusion or limitation of
+   incidental or consequential damages, so this exclusion and limitation may
+   not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts
+   of a jurisdiction where the defendant maintains its principal place of
+   business and such litigation shall be governed by laws of that
+   jurisdiction, without reference to its conflict-of-law provisions. Nothing
+   in this Section shall prevent a party's ability to bring cross-claims or
+   counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject
+   matter hereof. If any provision of this License is held to be
+   unenforceable, such provision shall be reformed only to the extent
+   necessary to make it enforceable. Any law or regulation which provides that
+   the language of a contract shall be construed against the drafter shall not
+   be used to construe this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version
+      of the License under which You originally received the Covered Software,
+      or under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a
+      modified version of this License if you rename the license and remove
+      any references to the name of the license steward (except to note that
+      such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+      Licenses If You choose to distribute Source Code Form that is
+      Incompatible With Secondary Licenses under the terms of this version of
+      the License, the notice described in Exhibit B of this License must be
+      attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file,
+then You may include the notice in a location (such as a LICENSE file in a
+relevant directory) where a recipient would be likely to look for such a
+notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+
+      This Source Code Form is "Incompatible
+      With Secondary Licenses", as defined by
+      the Mozilla Public License, v. 2.0.
+
diff --git a/sentinel/evaluator.go b/sentinel/evaluator.go
index d37a82704e61..fd609fff9009 100644
--- a/sentinel/evaluator.go
+++ b/sentinel/evaluator.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package sentinel
 
diff --git a/sentinel/scope.go b/sentinel/scope.go
index 7f2fb5d721ef..4a6a87e146ab 100644
--- a/sentinel/scope.go
+++ b/sentinel/scope.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package sentinel
 
diff --git a/sentinel/sentinel_oss.go b/sentinel/sentinel_oss.go
index fc688bcb933e..9b21607c431b 100644
--- a/sentinel/sentinel_oss.go
+++ b/sentinel/sentinel_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/service_os/service.go b/service_os/service.go
index cba71b23acf9..8a23c093475a 100644
--- a/service_os/service.go
+++ b/service_os/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package service_os
 
diff --git a/service_os/service_windows.go b/service_os/service_windows.go
index 0ff9f2e7c968..6a9ca4386a68 100644
--- a/service_os/service_windows.go
+++ b/service_os/service_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build windows
 // +build windows
diff --git a/snapshot/archive.go b/snapshot/archive.go
index 3560e0ac2319..38aad441bf0a 100644
--- a/snapshot/archive.go
+++ b/snapshot/archive.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // The archive utilities manage the internal format of a snapshot, which is a
 // tar file with the following contents:
diff --git a/snapshot/archive_test.go b/snapshot/archive_test.go
index d7568edb80ce..74148b84e8f6 100644
--- a/snapshot/archive_test.go
+++ b/snapshot/archive_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package snapshot
 
diff --git a/snapshot/snapshot.go b/snapshot/snapshot.go
index a1deee9153dc..f09f8870e325 100644
--- a/snapshot/snapshot.go
+++ b/snapshot/snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 // snapshot manages the interactions between Consul and Raft in order to take
 // and restore snapshots for disaster recovery. The internal format of a
diff --git a/snapshot/snapshot_test.go b/snapshot/snapshot_test.go
index d59061e9eab6..4e9701360dfa 100644
--- a/snapshot/snapshot_test.go
+++ b/snapshot/snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package snapshot
 
diff --git a/test-integ/peering_commontopo/ac1_basic_test.go b/test-integ/peering_commontopo/ac1_basic_test.go
index a8fed4f6575b..85aaee4e6b55 100644
--- a/test-integ/peering_commontopo/ac1_basic_test.go
+++ b/test-integ/peering_commontopo/ac1_basic_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test-integ/peering_commontopo/ac2_disco_chain_test.go b/test-integ/peering_commontopo/ac2_disco_chain_test.go
index c8081015c5f6..448ab2840bfe 100644
--- a/test-integ/peering_commontopo/ac2_disco_chain_test.go
+++ b/test-integ/peering_commontopo/ac2_disco_chain_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go b/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go
index c61070e63a54..586103c11127 100644
--- a/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go
+++ b/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test-integ/peering_commontopo/ac4_proxy_defaults_test.go b/test-integ/peering_commontopo/ac4_proxy_defaults_test.go
index b20986eebae0..c413820c6f2b 100644
--- a/test-integ/peering_commontopo/ac4_proxy_defaults_test.go
+++ b/test-integ/peering_commontopo/ac4_proxy_defaults_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go b/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go
index d22118e2d8de..9706eba63ca9 100644
--- a/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go
+++ b/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test-integ/peering_commontopo/ac5_2_pq_failover_test.go b/test-integ/peering_commontopo/ac5_2_pq_failover_test.go
index 4833173e82a8..94930647408f 100644
--- a/test-integ/peering_commontopo/ac5_2_pq_failover_test.go
+++ b/test-integ/peering_commontopo/ac5_2_pq_failover_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test-integ/peering_commontopo/ac6_failovers_test.go b/test-integ/peering_commontopo/ac6_failovers_test.go
index cdee093ec591..aeeeba0fba86 100644
--- a/test-integ/peering_commontopo/ac6_failovers_test.go
+++ b/test-integ/peering_commontopo/ac6_failovers_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go b/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go
index 275310968776..b8da4e34bf99 100644
--- a/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go
+++ b/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go b/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go
index dd0bf04c2f5f..986e015a0244 100644
--- a/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go
+++ b/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test-integ/peering_commontopo/asserter.go b/test-integ/peering_commontopo/asserter.go
index 77404a222a37..1fa1b81ef1f4 100644
--- a/test-integ/peering_commontopo/asserter.go
+++ b/test-integ/peering_commontopo/asserter.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test-integ/peering_commontopo/commontopo.go b/test-integ/peering_commontopo/commontopo.go
index 09eebafffb85..79969afbb3f9 100644
--- a/test-integ/peering_commontopo/commontopo.go
+++ b/test-integ/peering_commontopo/commontopo.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test-integ/peering_commontopo/sharedtopology_test.go b/test-integ/peering_commontopo/sharedtopology_test.go
index 75532e5d56a0..f51b05e41ef7 100644
--- a/test-integ/peering_commontopo/sharedtopology_test.go
+++ b/test-integ/peering_commontopo/sharedtopology_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package peering
 
 import (
diff --git a/test/bin/cluster.bash b/test/bin/cluster.bash
index 8b856c4a2c9a..a6bc7d336f11 100755
--- a/test/bin/cluster.bash
+++ b/test/bin/cluster.bash
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 #
 # Script for bringing up an N node consul cluster
diff --git a/test/ca/generate.sh b/test/ca/generate.sh
index 897071dda8a0..7159431f4c49 100755
--- a/test/ca/generate.sh
+++ b/test/ca/generate.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 set -e
 
diff --git a/test/client_certs/generate.sh b/test/client_certs/generate.sh
index e93f568dcb12..f5c645d7bbb7 100755
--- a/test/client_certs/generate.sh
+++ b/test/client_certs/generate.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/hostname/generate.sh b/test/hostname/generate.sh
index 61febd2a3675..8e43dbee4e8a 100755
--- a/test/hostname/generate.sh
+++ b/test/hostname/generate.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-http-hostnames/capture.sh b/test/integration/connect/envoy/case-api-gateway-http-hostnames/capture.sh
index 13eb01ba5f82..92123f3f4c07 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-hostnames/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-hostnames/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-http-hostnames/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-http-hostnames/service_gateway.hcl
index c0af862f92e3..1d0d5fffe26b 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-hostnames/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-http-hostnames/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-hostnames/setup.sh b/test/integration/connect/envoy/case-api-gateway-http-hostnames/setup.sh
index 754e461f847e..3b3db8326891 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-hostnames/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-hostnames/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-http-hostnames/vars.sh b/test/integration/connect/envoy/case-api-gateway-http-hostnames/vars.sh
index 87f668072e22..1456b6a5ad02 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-hostnames/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-hostnames/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-simple/capture.sh b/test/integration/connect/envoy/case-api-gateway-http-simple/capture.sh
index 13eb01ba5f82..92123f3f4c07 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-simple/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-simple/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-http-simple/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-http-simple/service_gateway.hcl
index c0af862f92e3..1d0d5fffe26b 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-simple/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-http-simple/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-simple/setup.sh b/test/integration/connect/envoy/case-api-gateway-http-simple/setup.sh
index 350eea0c5fde..e25e92ba0011 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-simple/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-simple/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-http-simple/vars.sh b/test/integration/connect/envoy/case-api-gateway-http-simple/vars.sh
index 87f668072e22..1456b6a5ad02 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-simple/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-simple/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/capture.sh b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/capture.sh
index 13eb01ba5f82..92123f3f4c07 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_gateway.hcl
index c0af862f92e3..1d0d5fffe26b 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_s3.hcl b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_s3.hcl
index 3b11b245d4fd..b41ec0349862 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_s3.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s3"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/setup.sh b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/setup.sh
index da74ff07c123..622df90c297a 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/vars.sh b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/vars.sh
index 87f668072e22..1456b6a5ad02 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/capture.sh b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/capture.sh
index 13eb01ba5f82..92123f3f4c07 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/service_gateway.hcl
index c0af862f92e3..1d0d5fffe26b 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/setup.sh b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/setup.sh
index bb058d96fd75..23076cd00e28 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/vars.sh b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/vars.sh
index 87f668072e22..1456b6a5ad02 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/capture.sh b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/capture.sh
index 13eb01ba5f82..92123f3f4c07 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/service_gateway.hcl
index c0af862f92e3..1d0d5fffe26b 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh
index 35d01c8bb931..a4529b6772ed 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/vars.sh b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/vars.sh
index 87f668072e22..1456b6a5ad02 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-simple/capture.sh b/test/integration/connect/envoy/case-api-gateway-tcp-simple/capture.sh
index 13eb01ba5f82..92123f3f4c07 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-simple/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-simple/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-simple/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-tcp-simple/service_gateway.hcl
index c0af862f92e3..1d0d5fffe26b 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-simple/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-simple/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh b/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh
index 82504d09f509..152e0772104e 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-simple/vars.sh b/test/integration/connect/envoy/case-api-gateway-tcp-simple/vars.sh
index 87f668072e22..1456b6a5ad02 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-simple/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-simple/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/capture.sh b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/capture.sh
index 13eb01ba5f82..92123f3f4c07 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/service_gateway.hcl
index c0af862f92e3..1d0d5fffe26b 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/setup.sh b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/setup.sh
index a4be961ebb5b..ca9568e34884 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/vars.sh b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/vars.sh
index 87f668072e22..1456b6a5ad02 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-badauthz/capture.sh b/test/integration/connect/envoy/case-badauthz/capture.sh
index 94c0278ce256..c6b9e36ed1df 100644
--- a/test/integration/connect/envoy/case-badauthz/capture.sh
+++ b/test/integration/connect/envoy/case-badauthz/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 || true
diff --git a/test/integration/connect/envoy/case-badauthz/setup.sh b/test/integration/connect/envoy/case-badauthz/setup.sh
index 6bd91b1f4e66..1aa0962cf6fb 100644
--- a/test/integration/connect/envoy/case-badauthz/setup.sh
+++ b/test/integration/connect/envoy/case-badauthz/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-basic/capture.sh b/test/integration/connect/envoy/case-basic/capture.sh
index 5268305f8ff6..14dc00afc65b 100644
--- a/test/integration/connect/envoy/case-basic/capture.sh
+++ b/test/integration/connect/envoy/case-basic/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-basic/setup.sh b/test/integration/connect/envoy/case-basic/setup.sh
index b88cc9012968..3fb3ade6c5fb 100644
--- a/test/integration/connect/envoy/case-basic/setup.sh
+++ b/test/integration/connect/envoy/case-basic/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-centralconf/capture.sh b/test/integration/connect/envoy/case-centralconf/capture.sh
index 21ebba78787b..8bc4413d09f9 100644
--- a/test/integration/connect/envoy/case-centralconf/capture.sh
+++ b/test/integration/connect/envoy/case-centralconf/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-centralconf/service_s1.hcl b/test/integration/connect/envoy/case-centralconf/service_s1.hcl
index 6eaca129855b..54c6ac6501b4 100644
--- a/test/integration/connect/envoy/case-centralconf/service_s1.hcl
+++ b/test/integration/connect/envoy/case-centralconf/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-centralconf/service_s2.hcl b/test/integration/connect/envoy/case-centralconf/service_s2.hcl
index dfb92edce636..1a89f855944d 100644
--- a/test/integration/connect/envoy/case-centralconf/service_s2.hcl
+++ b/test/integration/connect/envoy/case-centralconf/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-centralconf/setup.sh b/test/integration/connect/envoy/case-centralconf/setup.sh
index 10038488c8c2..934ea006fddb 100644
--- a/test/integration/connect/envoy/case-centralconf/setup.sh
+++ b/test/integration/connect/envoy/case-centralconf/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/base.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/base.hcl
index 899e81705a4c..8cd6db14878a 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_gateway.hcl
index 82ddd559eb3a..640b9b6ce753 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s1.hcl
index 11acde14f427..b065abc9055e 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s2.hcl
index 42252eb82f68..90d2315f4d2c 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/setup.sh
index 917d0ba6c125..af71eccb8e18 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/bind.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/bind.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/capture.sh b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/capture.sh
index e1b411ab9517..0921d3c32a0e 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/base.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/base.hcl
index 189b8e0ccf72..55c268b37e78 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s1.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s1.hcl
index c9da404077ff..63dfc2994f3d 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s2.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s2.hcl
index 42252eb82f68..90d2315f4d2c 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/setup.sh
index 830ecb23b73c..d84fe0a86991 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/vars.sh
index 9d1f5c977a9b..41b95915331d 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy s2-alpha s2-sidecar-proxy-alpha gateway-alpha tcpdump-primary tcpdump-alpha"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/bind.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/bind.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/capture.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/capture.sh
index 93352a5228b9..0ee4884a1521 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/primary/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/primary/setup.sh
index e9a9055ab6a5..8b24664564cb 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/join.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/join.hcl
index 0f63220d549f..f0bd3fbd4ac7 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_gateway.hcl
index 8c2315b9ae36..4f91a740182a 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_s1.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_s1.hcl
index 06af757cd68e..8b4d4a83a42d 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # we don't want an s1 service in the secondary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/setup.sh
index 1af35392b9c2..ed13954a1f5e 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/vars.sh
index e33bd22ca618..11e14176e389 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/bind.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/bind.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/capture.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/capture.sh
index 93352a5228b9..0ee4884a1521 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/primary/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/primary/setup.sh
index 33a1a035c53a..25a7c173f08b 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/join.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/join.hcl
index 0f63220d549f..f0bd3fbd4ac7 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_gateway.hcl
index 8c2315b9ae36..4f91a740182a 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_s1.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_s1.hcl
index 06af757cd68e..8b4d4a83a42d 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # we don't want an s1 service in the secondary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/setup.sh
index 1af35392b9c2..ed13954a1f5e 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/vars.sh
index e33bd22ca618..11e14176e389 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v1.hcl b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v1.hcl
index 9dd3cb782fd3..b96b473cf4fb 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v2.hcl b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v2.hcl
index 451f835e8688..d642e71fa31b 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s2-v2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/setup.sh
index 20dd92172327..043dd7f7fc66 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/vars.sh
index 50c5f8f67f9b..358c95541fda 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-features/capture.sh b/test/integration/connect/envoy/case-cfg-resolver-features/capture.sh
index 39878041c367..b1782df01e27 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-features/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-features/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v1.hcl b/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v1.hcl
index 9dd3cb782fd3..b96b473cf4fb 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v2.hcl b/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v2.hcl
index 451f835e8688..d642e71fa31b 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s2-v2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-features/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-features/setup.sh
index c3f2fa3a1d4f..2e3078edc872 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-features/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-features/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-features/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-features/vars.sh
index 50c5f8f67f9b..358c95541fda 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-features/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-features/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/service_s2-v1.hcl b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/service_s2-v1.hcl
index 551db8a322a9..d45b1462723f 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/setup.sh
index 229247da4f51..606cadd8f1fb 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/vars.sh
index 9f9b54a8e9eb..aab3c8c39ea5 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v1.hcl b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v1.hcl
index af20754d254d..d9a050a16f65 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s3-v1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v2.hcl b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v2.hcl
index 22a40609e19e..19e2c7cac150 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s3-v2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3.hcl b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3.hcl
index 82db490a879b..973e69b01c89 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/setup.sh
index e1fb33c3dca3..7d02158a6325 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/vars.sh
index f76eb49ceb2d..a9a2bcd57188 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v1.hcl b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v1.hcl
index af20754d254d..d9a050a16f65 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s3-v1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v2.hcl b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v2.hcl
index 22a40609e19e..19e2c7cac150 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s3-v2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3.hcl b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3.hcl
index 82db490a879b..973e69b01c89 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/setup.sh
index b4472fd8a207..eae9bd4feaf1 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/vars.sh
index f76eb49ceb2d..a9a2bcd57188 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/service_s3.hcl b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/service_s3.hcl
index 59209aab121c..94e31c3df895 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/setup.sh
index 640e1519ea47..097f1fa75666 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/vars.sh
index bbc811fa66db..63c854f959c9 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES s3 s3-sidecar-proxy"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/service_s3.hcl b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/service_s3.hcl
index 59209aab121c..94e31c3df895 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/setup.sh
index 9ce5a82f7546..fd106032bf2e 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/vars.sh
index bbc811fa66db..63c854f959c9 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES s3 s3-sidecar-proxy"
diff --git a/test/integration/connect/envoy/case-cfg-router-features/capture.sh b/test/integration/connect/envoy/case-cfg-router-features/capture.sh
index 39878041c367..b1782df01e27 100644
--- a/test/integration/connect/envoy/case-cfg-router-features/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-router-features/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-router-features/service_s2-v1.hcl b/test/integration/connect/envoy/case-cfg-router-features/service_s2-v1.hcl
index 9dd3cb782fd3..b96b473cf4fb 100644
--- a/test/integration/connect/envoy/case-cfg-router-features/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-router-features/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-cfg-router-features/service_s2-v2.hcl b/test/integration/connect/envoy/case-cfg-router-features/service_s2-v2.hcl
index 451f835e8688..d642e71fa31b 100644
--- a/test/integration/connect/envoy/case-cfg-router-features/service_s2-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-router-features/service_s2-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s2-v2"
diff --git a/test/integration/connect/envoy/case-cfg-router-features/setup.sh b/test/integration/connect/envoy/case-cfg-router-features/setup.sh
index 247bc00c33be..577b3512b4fe 100644
--- a/test/integration/connect/envoy/case-cfg-router-features/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-router-features/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-router-features/vars.sh b/test/integration/connect/envoy/case-cfg-router-features/vars.sh
index 50c5f8f67f9b..358c95541fda 100644
--- a/test/integration/connect/envoy/case-cfg-router-features/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-router-features/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/base.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/base.hcl
index 899e81705a4c..8cd6db14878a 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_gateway.hcl
index 82ddd559eb3a..640b9b6ce753 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s1.hcl
index 11acde14f427..b065abc9055e 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s2.hcl
index 6666a63ba257..26b5f481f377 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/setup.sh b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/setup.sh
index 5aabbbbee0e5..99c4eb46f218 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/bind.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/bind.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/capture.sh b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/capture.sh
index e1b411ab9517..0921d3c32a0e 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/base.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/base.hcl
index 189b8e0ccf72..55c268b37e78 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s1.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s1.hcl
index 70caaaebc900..d50d8cb04979 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s2.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s2.hcl
index 6666a63ba257..26b5f481f377 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/setup.sh b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/setup.sh
index 8bc36b6d0229..9b274b375f87 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/vars.sh b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/vars.sh
index 17f98153dd14..7c231bcfad68 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy s2-alpha s2-sidecar-proxy-alpha gateway-alpha"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-features/capture.sh b/test/integration/connect/envoy/case-cfg-splitter-features/capture.sh
index 39878041c367..b1782df01e27 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-features/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-features/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v1.hcl b/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v1.hcl
index 9dd3cb782fd3..b96b473cf4fb 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v2.hcl b/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v2.hcl
index 451f835e8688..d642e71fa31b 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s2-v2"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-features/setup.sh b/test/integration/connect/envoy/case-cfg-splitter-features/setup.sh
index 68c8ac0a6cb4..311799fccfbc 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-features/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-features/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-splitter-features/vars.sh b/test/integration/connect/envoy/case-cfg-splitter-features/vars.sh
index 50c5f8f67f9b..358c95541fda 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-features/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-features/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/base.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/base.hcl
index 899e81705a4c..8cd6db14878a 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_gateway.hcl
index 82ddd559eb3a..640b9b6ce753 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s1.hcl
index 976e0e993d4d..ca196db64f0f 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s2.hcl
index 6666a63ba257..26b5f481f377 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/setup.sh b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/setup.sh
index 8c24708aebe2..47127ab03d48 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/bind.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/bind.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/capture.sh b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/capture.sh
index a3dd69ed05b8..965f136de682 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/base.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/base.hcl
index 189b8e0ccf72..55c268b37e78 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/service_ingress.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/service_ingress.hcl
index fbb1d402f986..a1324f7f8379 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/service_ingress.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/service_ingress.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/setup.sh b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/setup.sh
index d69a26f1d89c..ed0da099d652 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/vars.sh b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/vars.sh
index 2a2aa6fb1e9c..e5b080741aa2 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s1-alpha s1-sidecar-proxy-alpha s2-alpha s2-sidecar-proxy-alpha gateway-alpha ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-consul-exec/setup.sh b/test/integration/connect/envoy/case-consul-exec/setup.sh
index fe3505623b54..7e869b53f17a 100644
--- a/test/integration/connect/envoy/case-consul-exec/setup.sh
+++ b/test/integration/connect/envoy/case-consul-exec/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-consul-exec/vars.sh b/test/integration/connect/envoy/case-consul-exec/vars.sh
index 4af0cb775d38..81ee77741457 100644
--- a/test/integration/connect/envoy/case-consul-exec/vars.sh
+++ b/test/integration/connect/envoy/case-consul-exec/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 # Bring up s1 and it's proxy as well because the check that it has a cert causes
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/base.hcl
index 899e81705a4c..8cd6db14878a 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_gateway.hcl
index 82ddd559eb3a..640b9b6ce753 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s1.hcl
index 11acde14f427..b065abc9055e 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s2.hcl
index 42252eb82f68..90d2315f4d2c 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/setup.sh b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/setup.sh
index a7fb502a2815..ca05659843d7 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/bind.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/bind.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/capture.sh b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/capture.sh
index 8168b3de6416..b4316246f3ab 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/capture.sh
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19001 mesh-gateway primary || true
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/base.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/base.hcl
index 189b8e0ccf72..55c268b37e78 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_gateway.hcl
index 9ea00427e9e7..a6b33968ad02 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s1.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s1.hcl
index b8bd0f20be46..b3230f6dcfa1 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s2.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s2.hcl
index acd65faf3d61..d0f6294f7280 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/setup.sh b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/setup.sh
index cf57a59db873..d107c44ea6f3 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/vars.sh b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/vars.sh
index 475b7f231278..93ac3281f128 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/vars.sh
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-alpha s2-sidecar-proxy-alpha gateway-alpha"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl
index 899e81705a4c..8cd6db14878a 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_gateway.hcl
index 82ddd559eb3a..640b9b6ce753 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s1.hcl
index 11acde14f427..b065abc9055e 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s2.hcl
index 42252eb82f68..90d2315f4d2c 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s3.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s3.hcl
index 59209aab121c..94e31c3df895 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/setup.sh b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/setup.sh
index e852ef7d3d26..00ab68e36144 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/bind.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/bind.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/capture.sh b/test/integration/connect/envoy/case-cross-peers-http-router/capture.sh
index bcea1e921c6d..be4068fd193b 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/capture.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl
index 189b8e0ccf72..55c268b37e78 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_gateway.hcl
index 9ea00427e9e7..a6b33968ad02 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s1.hcl
index 026636c814f7..ec6c29b8e158 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s2.hcl
index acd65faf3d61..d0f6294f7280 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/setup.sh b/test/integration/connect/envoy/case-cross-peers-http-router/primary/setup.sh
index 2a06124a7d60..47c9eff11432 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/vars.sh b/test/integration/connect/envoy/case-cross-peers-http-router/vars.sh
index 44ed49bb7961..b11c21c52407 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/vars.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-alpha s2-sidecar-proxy-alpha s3-alpha s3-sidecar-proxy-alpha gateway-alpha tcpdump-primary tcpdump-alpha"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl
index 899e81705a4c..8cd6db14878a 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_gateway.hcl
index 82ddd559eb3a..640b9b6ce753 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s1.hcl
index 11acde14f427..b065abc9055e 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s2.hcl
index 42252eb82f68..90d2315f4d2c 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/setup.sh b/test/integration/connect/envoy/case-cross-peers-http/alpha/setup.sh
index f7ac96c41a7a..267d9403dba7 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-http/bind.hcl b/test/integration/connect/envoy/case-cross-peers-http/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/bind.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-http/capture.sh b/test/integration/connect/envoy/case-cross-peers-http/capture.sh
index 62c8c60d702c..3e81bd44657f 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/capture.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl
index 189b8e0ccf72..55c268b37e78 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-http/primary/service_gateway.hcl
index 9ea00427e9e7..a6b33968ad02 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-http/primary/service_s1.hcl
index 026636c814f7..ec6c29b8e158 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-http/primary/service_s2.hcl
index acd65faf3d61..d0f6294f7280 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/setup.sh b/test/integration/connect/envoy/case-cross-peers-http/primary/setup.sh
index 997bb504f62d..7c5ac5fdb8ba 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-http/vars.sh b/test/integration/connect/envoy/case-cross-peers-http/vars.sh
index 0c1c07b28b9c..d999e45dd263 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/vars.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-alpha s2-sidecar-proxy-alpha gateway-alpha tcpdump-primary tcpdump-alpha"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl
index 899e81705a4c..8cd6db14878a 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_gateway.hcl
index 82ddd559eb3a..640b9b6ce753 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s1.hcl
index 11acde14f427..b065abc9055e 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s2.hcl
index 42252eb82f68..90d2315f4d2c 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s3.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s3.hcl
index 59209aab121c..94e31c3df895 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/setup.sh b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/setup.sh
index 6574ecf873a6..3cc1a2eb2de8 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/bind.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/bind.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/capture.sh b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/capture.sh
index bcea1e921c6d..be4068fd193b 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/capture.sh
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl
index 189b8e0ccf72..55c268b37e78 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_gateway.hcl
index 9ea00427e9e7..a6b33968ad02 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s1.hcl
index 026636c814f7..ec6c29b8e158 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s2.hcl
index acd65faf3d61..d0f6294f7280 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/setup.sh b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/setup.sh
index ad70bad80a86..d72b0798f5d8 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/vars.sh b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/vars.sh
index 44ed49bb7961..b11c21c52407 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/vars.sh
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-alpha s2-sidecar-proxy-alpha s3-alpha s3-sidecar-proxy-alpha gateway-alpha tcpdump-primary tcpdump-alpha"
diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl
index 899e81705a4c..8cd6db14878a 100644
--- a/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers/alpha/service_gateway.hcl
index 82ddd559eb3a..640b9b6ce753 100644
--- a/test/integration/connect/envoy/case-cross-peers/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers/alpha/service_s1.hcl
index 11acde14f427..b065abc9055e 100644
--- a/test/integration/connect/envoy/case-cross-peers/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers/alpha/service_s2.hcl
index 42252eb82f68..90d2315f4d2c 100644
--- a/test/integration/connect/envoy/case-cross-peers/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/setup.sh b/test/integration/connect/envoy/case-cross-peers/alpha/setup.sh
index afaa580684a7..f5fd3d003aa6 100644
--- a/test/integration/connect/envoy/case-cross-peers/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers/bind.hcl b/test/integration/connect/envoy/case-cross-peers/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-cross-peers/bind.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers/capture.sh b/test/integration/connect/envoy/case-cross-peers/capture.sh
index 62c8c60d702c..3e81bd44657f 100644
--- a/test/integration/connect/envoy/case-cross-peers/capture.sh
+++ b/test/integration/connect/envoy/case-cross-peers/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cross-peers/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers/primary/base.hcl
index 189b8e0ccf72..55c268b37e78 100644
--- a/test/integration/connect/envoy/case-cross-peers/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cross-peers/primary/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers/primary/service_gateway.hcl
index 9ea00427e9e7..a6b33968ad02 100644
--- a/test/integration/connect/envoy/case-cross-peers/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers/primary/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers/primary/service_s1.hcl
index b8bd0f20be46..b3230f6dcfa1 100644
--- a/test/integration/connect/envoy/case-cross-peers/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cross-peers/primary/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers/primary/service_s2.hcl
index acd65faf3d61..d0f6294f7280 100644
--- a/test/integration/connect/envoy/case-cross-peers/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers/primary/setup.sh b/test/integration/connect/envoy/case-cross-peers/primary/setup.sh
index ad70bad80a86..d72b0798f5d8 100644
--- a/test/integration/connect/envoy/case-cross-peers/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers/vars.sh b/test/integration/connect/envoy/case-cross-peers/vars.sh
index 0c1c07b28b9c..d999e45dd263 100644
--- a/test/integration/connect/envoy/case-cross-peers/vars.sh
+++ b/test/integration/connect/envoy/case-cross-peers/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-alpha s2-sidecar-proxy-alpha gateway-alpha tcpdump-primary tcpdump-alpha"
diff --git a/test/integration/connect/envoy/case-dogstatsd-udp/service_s1.hcl b/test/integration/connect/envoy/case-dogstatsd-udp/service_s1.hcl
index a75675751d52..a4e91f3aa41b 100644
--- a/test/integration/connect/envoy/case-dogstatsd-udp/service_s1.hcl
+++ b/test/integration/connect/envoy/case-dogstatsd-udp/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-dogstatsd-udp/setup.sh b/test/integration/connect/envoy/case-dogstatsd-udp/setup.sh
index b88cc9012968..3fb3ade6c5fb 100644
--- a/test/integration/connect/envoy/case-dogstatsd-udp/setup.sh
+++ b/test/integration/connect/envoy/case-dogstatsd-udp/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-dogstatsd-udp/vars.sh b/test/integration/connect/envoy/case-dogstatsd-udp/vars.sh
index c599f12e8232..7fa5a238ce93 100644
--- a/test/integration/connect/envoy/case-dogstatsd-udp/vars.sh
+++ b/test/integration/connect/envoy/case-dogstatsd-udp/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES fake-statsd"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-expose-checks/capture.sh b/test/integration/connect/envoy/case-expose-checks/capture.sh
index 94c0278ce256..c6b9e36ed1df 100644
--- a/test/integration/connect/envoy/case-expose-checks/capture.sh
+++ b/test/integration/connect/envoy/case-expose-checks/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 || true
diff --git a/test/integration/connect/envoy/case-expose-checks/service_s1.hcl b/test/integration/connect/envoy/case-expose-checks/service_s1.hcl
index 9a883739e4fa..b2b685c08abe 100644
--- a/test/integration/connect/envoy/case-expose-checks/service_s1.hcl
+++ b/test/integration/connect/envoy/case-expose-checks/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-expose-checks/service_s2.hcl b/test/integration/connect/envoy/case-expose-checks/service_s2.hcl
index b09d152fc5f0..f5cb3fb0374c 100644
--- a/test/integration/connect/envoy/case-expose-checks/service_s2.hcl
+++ b/test/integration/connect/envoy/case-expose-checks/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-expose-checks/setup.sh b/test/integration/connect/envoy/case-expose-checks/setup.sh
index b88cc9012968..3fb3ade6c5fb 100644
--- a/test/integration/connect/envoy/case-expose-checks/setup.sh
+++ b/test/integration/connect/envoy/case-expose-checks/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-gateway-without-services/bind.hcl b/test/integration/connect/envoy/case-gateway-without-services/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/bind.hcl
+++ b/test/integration/connect/envoy/case-gateway-without-services/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateway-without-services/capture.sh b/test/integration/connect/envoy/case-gateway-without-services/capture.sh
index fc5238fb6d6b..ad74026c7ace 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/capture.sh
+++ b/test/integration/connect/envoy/case-gateway-without-services/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 mesh-gateway primary || true
diff --git a/test/integration/connect/envoy/case-gateway-without-services/service_gateway.hcl b/test/integration/connect/envoy/case-gateway-without-services/service_gateway.hcl
index 446a2698e595..2026fb2a94b8 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-gateway-without-services/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-gateway-without-services/service_s1.hcl b/test/integration/connect/envoy/case-gateway-without-services/service_s1.hcl
index f74a67a5aef0..0891eebceb9c 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/service_s1.hcl
+++ b/test/integration/connect/envoy/case-gateway-without-services/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service
diff --git a/test/integration/connect/envoy/case-gateway-without-services/service_s2.hcl b/test/integration/connect/envoy/case-gateway-without-services/service_s2.hcl
index 1f3f2edd4789..ca644bb3ffa2 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/service_s2.hcl
+++ b/test/integration/connect/envoy/case-gateway-without-services/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service
diff --git a/test/integration/connect/envoy/case-gateway-without-services/setup.sh b/test/integration/connect/envoy/case-gateway-without-services/setup.sh
index 002ef312bc34..6e4f5d8ee9bf 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/setup.sh
+++ b/test/integration/connect/envoy/case-gateway-without-services/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-gateway-without-services/vars.sh b/test/integration/connect/envoy/case-gateway-without-services/vars.sh
index 2d42d0baf5d3..21ab024ab537 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/vars.sh
+++ b/test/integration/connect/envoy/case-gateway-without-services/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="gateway-primary"
diff --git a/test/integration/connect/envoy/case-gateways-local/bind.hcl b/test/integration/connect/envoy/case-gateways-local/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-gateways-local/bind.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-local/capture.sh b/test/integration/connect/envoy/case-gateways-local/capture.sh
index f7ca8e958648..f4727b52c72a 100644
--- a/test/integration/connect/envoy/case-gateways-local/capture.sh
+++ b/test/integration/connect/envoy/case-gateways-local/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-gateways-local/primary/service_gateway.hcl b/test/integration/connect/envoy/case-gateways-local/primary/service_gateway.hcl
index 446a2698e595..2026fb2a94b8 100644
--- a/test/integration/connect/envoy/case-gateways-local/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-gateways-local/primary/service_s1.hcl b/test/integration/connect/envoy/case-gateways-local/primary/service_s1.hcl
index a759b590b07c..75fa1acc0e7e 100644
--- a/test/integration/connect/envoy/case-gateways-local/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-gateways-local/primary/service_s2.hcl b/test/integration/connect/envoy/case-gateways-local/primary/service_s2.hcl
index acd65faf3d61..d0f6294f7280 100644
--- a/test/integration/connect/envoy/case-gateways-local/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-local/primary/setup.sh b/test/integration/connect/envoy/case-gateways-local/primary/setup.sh
index a8bfb7c9ffe5..29720753ba51 100644
--- a/test/integration/connect/envoy/case-gateways-local/primary/setup.sh
+++ b/test/integration/connect/envoy/case-gateways-local/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-gateways-local/secondary/join.hcl b/test/integration/connect/envoy/case-gateways-local/secondary/join.hcl
index 0f63220d549f..f0bd3fbd4ac7 100644
--- a/test/integration/connect/envoy/case-gateways-local/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-gateways-local/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-gateways-local/secondary/service_gateway.hcl
index 8c2315b9ae36..4f91a740182a 100644
--- a/test/integration/connect/envoy/case-gateways-local/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-gateways-local/secondary/service_s1.hcl b/test/integration/connect/envoy/case-gateways-local/secondary/service_s1.hcl
index 06af757cd68e..8b4d4a83a42d 100644
--- a/test/integration/connect/envoy/case-gateways-local/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # we don't want an s1 service in the secondary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh b/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh
index 68fd765ad029..ede2b4c4b9f7 100644
--- a/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-gateways-local/vars.sh b/test/integration/connect/envoy/case-gateways-local/vars.sh
index c5ab45789beb..d9a319933f8d 100644
--- a/test/integration/connect/envoy/case-gateways-local/vars.sh
+++ b/test/integration/connect/envoy/case-gateways-local/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-secondary s2-sidecar-proxy-secondary gateway-secondary"
diff --git a/test/integration/connect/envoy/case-gateways-remote/bind.hcl b/test/integration/connect/envoy/case-gateways-remote/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-gateways-remote/bind.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-remote/capture.sh b/test/integration/connect/envoy/case-gateways-remote/capture.sh
index f7ca8e958648..f4727b52c72a 100644
--- a/test/integration/connect/envoy/case-gateways-remote/capture.sh
+++ b/test/integration/connect/envoy/case-gateways-remote/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-gateways-remote/primary/service_s1.hcl b/test/integration/connect/envoy/case-gateways-remote/primary/service_s1.hcl
index 789717ee5229..4cb4fbc41d1e 100644
--- a/test/integration/connect/envoy/case-gateways-remote/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-gateways-remote/primary/service_s2.hcl b/test/integration/connect/envoy/case-gateways-remote/primary/service_s2.hcl
index acd65faf3d61..d0f6294f7280 100644
--- a/test/integration/connect/envoy/case-gateways-remote/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-remote/primary/setup.sh b/test/integration/connect/envoy/case-gateways-remote/primary/setup.sh
index f79f346477e4..6dd0f0622bd3 100644
--- a/test/integration/connect/envoy/case-gateways-remote/primary/setup.sh
+++ b/test/integration/connect/envoy/case-gateways-remote/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-gateways-remote/secondary/join.hcl b/test/integration/connect/envoy/case-gateways-remote/secondary/join.hcl
index 0f63220d549f..f0bd3fbd4ac7 100644
--- a/test/integration/connect/envoy/case-gateways-remote/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-gateways-remote/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-gateways-remote/secondary/service_gateway.hcl
index 8c2315b9ae36..4f91a740182a 100644
--- a/test/integration/connect/envoy/case-gateways-remote/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-gateways-remote/secondary/service_s1.hcl b/test/integration/connect/envoy/case-gateways-remote/secondary/service_s1.hcl
index 06af757cd68e..8b4d4a83a42d 100644
--- a/test/integration/connect/envoy/case-gateways-remote/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # we don't want an s1 service in the secondary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-remote/secondary/setup.sh b/test/integration/connect/envoy/case-gateways-remote/secondary/setup.sh
index 938135c9f4ff..43a4c713cee9 100644
--- a/test/integration/connect/envoy/case-gateways-remote/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-gateways-remote/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-gateways-remote/vars.sh b/test/integration/connect/envoy/case-gateways-remote/vars.sh
index c5ab45789beb..d9a319933f8d 100644
--- a/test/integration/connect/envoy/case-gateways-remote/vars.sh
+++ b/test/integration/connect/envoy/case-gateways-remote/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-secondary s2-sidecar-proxy-secondary gateway-secondary"
diff --git a/test/integration/connect/envoy/case-grpc/service_s1.hcl b/test/integration/connect/envoy/case-grpc/service_s1.hcl
index 1a7295424011..7d7814800c4d 100644
--- a/test/integration/connect/envoy/case-grpc/service_s1.hcl
+++ b/test/integration/connect/envoy/case-grpc/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-grpc/service_s2.hcl b/test/integration/connect/envoy/case-grpc/service_s2.hcl
index f7d7a267343d..aaebecf62732 100644
--- a/test/integration/connect/envoy/case-grpc/service_s2.hcl
+++ b/test/integration/connect/envoy/case-grpc/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-grpc/setup.sh b/test/integration/connect/envoy/case-grpc/setup.sh
index b88cc9012968..3fb3ade6c5fb 100644
--- a/test/integration/connect/envoy/case-grpc/setup.sh
+++ b/test/integration/connect/envoy/case-grpc/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-grpc/vars.sh b/test/integration/connect/envoy/case-grpc/vars.sh
index c599f12e8232..7fa5a238ce93 100644
--- a/test/integration/connect/envoy/case-grpc/vars.sh
+++ b/test/integration/connect/envoy/case-grpc/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES fake-statsd"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-http-badauthz/capture.sh b/test/integration/connect/envoy/case-http-badauthz/capture.sh
index 94c0278ce256..c6b9e36ed1df 100644
--- a/test/integration/connect/envoy/case-http-badauthz/capture.sh
+++ b/test/integration/connect/envoy/case-http-badauthz/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 || true
diff --git a/test/integration/connect/envoy/case-http-badauthz/service_s1.hcl b/test/integration/connect/envoy/case-http-badauthz/service_s1.hcl
index 96f67dcf4099..25d2c1e380f2 100644
--- a/test/integration/connect/envoy/case-http-badauthz/service_s1.hcl
+++ b/test/integration/connect/envoy/case-http-badauthz/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-http-badauthz/service_s2.hcl b/test/integration/connect/envoy/case-http-badauthz/service_s2.hcl
index 4b6632beb836..fb857d005ee9 100644
--- a/test/integration/connect/envoy/case-http-badauthz/service_s2.hcl
+++ b/test/integration/connect/envoy/case-http-badauthz/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-http-badauthz/setup.sh b/test/integration/connect/envoy/case-http-badauthz/setup.sh
index 66a58741297d..d15f836e6584 100644
--- a/test/integration/connect/envoy/case-http-badauthz/setup.sh
+++ b/test/integration/connect/envoy/case-http-badauthz/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-http/capture.sh b/test/integration/connect/envoy/case-http/capture.sh
index 5268305f8ff6..14dc00afc65b 100644
--- a/test/integration/connect/envoy/case-http/capture.sh
+++ b/test/integration/connect/envoy/case-http/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-http/service_s1.hcl b/test/integration/connect/envoy/case-http/service_s1.hcl
index 0c3f594fbc7d..42a62acfb9f6 100644
--- a/test/integration/connect/envoy/case-http/service_s1.hcl
+++ b/test/integration/connect/envoy/case-http/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-http/service_s2.hcl b/test/integration/connect/envoy/case-http/service_s2.hcl
index 4b6632beb836..fb857d005ee9 100644
--- a/test/integration/connect/envoy/case-http/service_s2.hcl
+++ b/test/integration/connect/envoy/case-http/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-http/setup.sh b/test/integration/connect/envoy/case-http/setup.sh
index b88cc9012968..3fb3ade6c5fb 100644
--- a/test/integration/connect/envoy/case-http/setup.sh
+++ b/test/integration/connect/envoy/case-http/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-grpc/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-grpc/capture.sh
index 1c244823aba8..4214ba8274aa 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-grpc/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-grpc/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
diff --git a/test/integration/connect/envoy/case-ingress-gateway-grpc/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-grpc/service_gateway.hcl
index fbb1d402f986..a1324f7f8379 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-grpc/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-grpc/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-grpc/service_s1.hcl b/test/integration/connect/envoy/case-ingress-gateway-grpc/service_s1.hcl
index ff23e6fea3a0..f525d48868ce 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-grpc/service_s1.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-grpc/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-grpc/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-grpc/setup.sh
index 40e2802f02cc..387d079e3bd2 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-grpc/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-grpc/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-grpc/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-grpc/vars.sh
index 32dc504c49ce..8b34fe36ef2a 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-grpc/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-grpc/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-http/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-http/capture.sh
index ab02875e6135..c2b55d229a59 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-http/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-http/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-http/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-http/service_gateway.hcl
index fbb1d402f986..a1324f7f8379 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-http/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-http/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-http/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-http/setup.sh
index 03f2184e6d06..33d06b516c72 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-http/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-http/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-http/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-http/vars.sh
index 32dc504c49ce..8b34fe36ef2a 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-http/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-http/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/capture.sh
index ab02875e6135..c2b55d229a59 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/service_gateway.hcl
index fbb1d402f986..a1324f7f8379 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/setup.sh
index f80e42cb7332..858d2f9ce53a 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/vars.sh
index 32dc504c49ce..8b34fe36ef2a 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/base.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/base.hcl
index 899e81705a4c..8cd6db14878a 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_gateway.hcl
index 82ddd559eb3a..640b9b6ce753 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s1.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s1.hcl
index 11acde14f427..b065abc9055e 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s2.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s2.hcl
index 6666a63ba257..26b5f481f377 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/setup.sh
index 5aabbbbee0e5..99c4eb46f218 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/bind.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/bind.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/capture.sh
index 20ad858ecdb6..ca10f2773107 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/base.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/base.hcl
index 189b8e0ccf72..55c268b37e78 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/base.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_ingress.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_ingress.hcl
index fbb1d402f986..a1324f7f8379 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_ingress.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_ingress.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s1.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s1.hcl
index 85f8da974002..18be60cdbf96 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't need an s1 because requests go through the gateway and not a sidecar.
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s2.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s2.hcl
index 6666a63ba257..26b5f481f377 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/setup.sh
index 58f12866948f..b4a8dd736fee 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/vars.sh
index 08bfe96a9d3b..8f9ac12cb1e3 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s2 s2-sidecar-proxy s2-alpha s2-sidecar-proxy-alpha gateway-alpha ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-sds/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-sds/capture.sh
index ab02875e6135..c2b55d229a59 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-sds/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-sds/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-sds/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-sds/service_gateway.hcl
index 176a66f1afef..1ffa476e6ff9 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-sds/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-sds/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-sds/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-sds/setup.sh
index fb98b05aad30..fbef09b014cf 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-sds/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-sds/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-sds/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-sds/vars.sh
index 0c98c8fe0450..6bbbcfd6fe52 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-sds/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-sds/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary test-sds-server"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-simple/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-simple/capture.sh
index ab02875e6135..c2b55d229a59 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-simple/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-simple/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-simple/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-simple/service_gateway.hcl
index fbb1d402f986..a1324f7f8379 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-simple/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-simple/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-simple/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-simple/setup.sh
index 8bcd42aa5075..aaaa4d91cb4d 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-simple/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-simple/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-simple/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-simple/vars.sh
index 32dc504c49ce..8b34fe36ef2a 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-simple/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-simple/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-tls/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-tls/capture.sh
index ab02875e6135..c2b55d229a59 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-tls/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-tls/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-tls/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-tls/service_gateway.hcl
index fbb1d402f986..a1324f7f8379 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-tls/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-tls/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-tls/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-tls/setup.sh
index accafeb7353e..a485eeaa5b29 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-tls/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-tls/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-tls/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-tls/vars.sh
index 32dc504c49ce..8b34fe36ef2a 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-tls/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-tls/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/bind.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/bind.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/capture.sh b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/capture.sh
index 556a296756f0..3bbc13144aa2 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_gateway.hcl
index 446a2698e595..2026fb2a94b8 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_ingress.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_ingress.hcl
index fbb1d402f986..a1324f7f8379 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_ingress.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_ingress.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s1.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s1.hcl
index b9772c7da862..e6f778e5c811 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service in the primary dc
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s2.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s2.hcl
index acd65faf3d61..d0f6294f7280 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/setup.sh b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/setup.sh
index 72025d4f8efe..f7e31ac0db5a 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/join.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/join.hcl
index 0f63220d549f..f0bd3fbd4ac7 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/service_gateway.hcl
index 8c2315b9ae36..4f91a740182a 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/setup.sh b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/setup.sh
index a012c03b9e96..59f303a5eafd 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/vars.sh b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/vars.sh
index 8d492ea3af8d..85c791704a87 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="gateway-primary s1-secondary s1-sidecar-proxy-secondary s2-secondary s2-sidecar-proxy-secondary gateway-secondary ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-l7-intentions/acl.hcl b/test/integration/connect/envoy/case-l7-intentions/acl.hcl
index 41e2b1995359..3d80d4f69420 100644
--- a/test/integration/connect/envoy/case-l7-intentions/acl.hcl
+++ b/test/integration/connect/envoy/case-l7-intentions/acl.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 acl {
   default_policy = "deny"
diff --git a/test/integration/connect/envoy/case-l7-intentions/capture.sh b/test/integration/connect/envoy/case-l7-intentions/capture.sh
index c93e4c6cea95..d588be9381ea 100644
--- a/test/integration/connect/envoy/case-l7-intentions/capture.sh
+++ b/test/integration/connect/envoy/case-l7-intentions/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-l7-intentions/setup.sh b/test/integration/connect/envoy/case-l7-intentions/setup.sh
index 705eac06255b..6946ce3263a9 100644
--- a/test/integration/connect/envoy/case-l7-intentions/setup.sh
+++ b/test/integration/connect/envoy/case-l7-intentions/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-lua/capture.sh b/test/integration/connect/envoy/case-lua/capture.sh
index 5268305f8ff6..14dc00afc65b 100644
--- a/test/integration/connect/envoy/case-lua/capture.sh
+++ b/test/integration/connect/envoy/case-lua/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-lua/service_s1.hcl b/test/integration/connect/envoy/case-lua/service_s1.hcl
index 6eaca129855b..54c6ac6501b4 100644
--- a/test/integration/connect/envoy/case-lua/service_s1.hcl
+++ b/test/integration/connect/envoy/case-lua/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-lua/service_s2.hcl b/test/integration/connect/envoy/case-lua/service_s2.hcl
index c01f4b2fefe5..a16737977662 100644
--- a/test/integration/connect/envoy/case-lua/service_s2.hcl
+++ b/test/integration/connect/envoy/case-lua/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-lua/setup.sh b/test/integration/connect/envoy/case-lua/setup.sh
index e6b7e3eca3dd..56a668c0ac06 100644
--- a/test/integration/connect/envoy/case-lua/setup.sh
+++ b/test/integration/connect/envoy/case-lua/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-lua/vars.sh b/test/integration/connect/envoy/case-lua/vars.sh
index 091a358e13df..ac0664606f93 100644
--- a/test/integration/connect/envoy/case-lua/vars.sh
+++ b/test/integration/connect/envoy/case-lua/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy"
diff --git a/test/integration/connect/envoy/case-mesh-to-lambda/capture.sh b/test/integration/connect/envoy/case-mesh-to-lambda/capture.sh
index 3c3c6a928a0c..b64ad4d05a9c 100644
--- a/test/integration/connect/envoy/case-mesh-to-lambda/capture.sh
+++ b/test/integration/connect/envoy/case-mesh-to-lambda/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-mesh-to-lambda/service_gateway.hcl b/test/integration/connect/envoy/case-mesh-to-lambda/service_gateway.hcl
index e1b3ea8a8fde..63c212da3ace 100644
--- a/test/integration/connect/envoy/case-mesh-to-lambda/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-mesh-to-lambda/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "terminating-gateway"
diff --git a/test/integration/connect/envoy/case-mesh-to-lambda/service_s1.hcl b/test/integration/connect/envoy/case-mesh-to-lambda/service_s1.hcl
index 9bc567caa0a9..11e8328a82fa 100644
--- a/test/integration/connect/envoy/case-mesh-to-lambda/service_s1.hcl
+++ b/test/integration/connect/envoy/case-mesh-to-lambda/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-mesh-to-lambda/setup.sh b/test/integration/connect/envoy/case-mesh-to-lambda/setup.sh
index 359fbd863fc4..406914e3cf5a 100644
--- a/test/integration/connect/envoy/case-mesh-to-lambda/setup.sh
+++ b/test/integration/connect/envoy/case-mesh-to-lambda/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-mesh-to-lambda/vars.sh b/test/integration/connect/envoy/case-mesh-to-lambda/vars.sh
index fbe042a40b47..8643eead0d26 100644
--- a/test/integration/connect/envoy/case-mesh-to-lambda/vars.sh
+++ b/test/integration/connect/envoy/case-mesh-to-lambda/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 # Ensure that the environment variables required to configure and invoke the Lambda function are present, otherwise skip.
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/bind.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/bind.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/ca_config.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/ca_config.hcl
index e5db7ec1b885..0f8d98ac6be5 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/ca_config.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/ca_config.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 connect {
   enabled = true
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/capture.sh b/test/integration/connect/envoy/case-multidc-rsa-ca/capture.sh
index 170c0e3cdfb6..daf25ad57495 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/capture.sh
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s1.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s1.hcl
index e4f73b127142..b4eb4b1f04fd 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s2.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s2.hcl
index acd65faf3d61..d0f6294f7280 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/setup.sh b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/setup.sh
index efbac1091d62..de07522f12f7 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/setup.sh
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/join.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/join.hcl
index 0f63220d549f..f0bd3fbd4ac7 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/service_s1.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/service_s1.hcl
index 06af757cd68e..8b4d4a83a42d 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # we don't want an s1 service in the secondary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/setup.sh b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/setup.sh
index 17d9cecd2a02..712cdd5e7945 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/vars.sh b/test/integration/connect/envoy/case-multidc-rsa-ca/vars.sh
index f49887ddcdfa..7bf4a264a204 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/vars.sh
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2-secondary s2-sidecar-proxy-secondary"
diff --git a/test/integration/connect/envoy/case-prometheus/capture.sh b/test/integration/connect/envoy/case-prometheus/capture.sh
index 21ebba78787b..8bc4413d09f9 100644
--- a/test/integration/connect/envoy/case-prometheus/capture.sh
+++ b/test/integration/connect/envoy/case-prometheus/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-prometheus/service_s1.hcl b/test/integration/connect/envoy/case-prometheus/service_s1.hcl
index d318f786c107..4ac588d9a2a0 100644
--- a/test/integration/connect/envoy/case-prometheus/service_s1.hcl
+++ b/test/integration/connect/envoy/case-prometheus/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-prometheus/service_s2.hcl b/test/integration/connect/envoy/case-prometheus/service_s2.hcl
index 4b6632beb836..fb857d005ee9 100644
--- a/test/integration/connect/envoy/case-prometheus/service_s2.hcl
+++ b/test/integration/connect/envoy/case-prometheus/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-prometheus/setup.sh b/test/integration/connect/envoy/case-prometheus/setup.sh
index b88cc9012968..3fb3ade6c5fb 100644
--- a/test/integration/connect/envoy/case-prometheus/setup.sh
+++ b/test/integration/connect/envoy/case-prometheus/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-property-override/capture.sh b/test/integration/connect/envoy/case-property-override/capture.sh
index 88f1dd6465f2..bc1ac2dcf172 100644
--- a/test/integration/connect/envoy/case-property-override/capture.sh
+++ b/test/integration/connect/envoy/case-property-override/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-property-override/service_s1.hcl b/test/integration/connect/envoy/case-property-override/service_s1.hcl
index 6bacecf91617..a1f811b52742 100644
--- a/test/integration/connect/envoy/case-property-override/service_s1.hcl
+++ b/test/integration/connect/envoy/case-property-override/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-property-override/service_s2.hcl b/test/integration/connect/envoy/case-property-override/service_s2.hcl
index c01f4b2fefe5..a16737977662 100644
--- a/test/integration/connect/envoy/case-property-override/service_s2.hcl
+++ b/test/integration/connect/envoy/case-property-override/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-property-override/service_s3.hcl b/test/integration/connect/envoy/case-property-override/service_s3.hcl
index d616906e4c67..4e5c7cb78e03 100644
--- a/test/integration/connect/envoy/case-property-override/service_s3.hcl
+++ b/test/integration/connect/envoy/case-property-override/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-property-override/setup.sh b/test/integration/connect/envoy/case-property-override/setup.sh
index 744055f94966..dd82af3487d8 100644
--- a/test/integration/connect/envoy/case-property-override/setup.sh
+++ b/test/integration/connect/envoy/case-property-override/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-property-override/vars.sh b/test/integration/connect/envoy/case-property-override/vars.sh
index 358866872a13..172824ba73d1 100644
--- a/test/integration/connect/envoy/case-property-override/vars.sh
+++ b/test/integration/connect/envoy/case-property-override/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy s3 s3-sidecar-proxy"
diff --git a/test/integration/connect/envoy/case-stats-proxy/service_s1.hcl b/test/integration/connect/envoy/case-stats-proxy/service_s1.hcl
index 25d959520cfe..3be3803cb488 100644
--- a/test/integration/connect/envoy/case-stats-proxy/service_s1.hcl
+++ b/test/integration/connect/envoy/case-stats-proxy/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-stats-proxy/service_s2.hcl b/test/integration/connect/envoy/case-stats-proxy/service_s2.hcl
index 4b6632beb836..fb857d005ee9 100644
--- a/test/integration/connect/envoy/case-stats-proxy/service_s2.hcl
+++ b/test/integration/connect/envoy/case-stats-proxy/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-stats-proxy/setup.sh b/test/integration/connect/envoy/case-stats-proxy/setup.sh
index b88cc9012968..3fb3ade6c5fb 100644
--- a/test/integration/connect/envoy/case-stats-proxy/setup.sh
+++ b/test/integration/connect/envoy/case-stats-proxy/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-statsd-udp/service_s1.hcl b/test/integration/connect/envoy/case-statsd-udp/service_s1.hcl
index 2748dc59b084..a416ce25a0ce 100644
--- a/test/integration/connect/envoy/case-statsd-udp/service_s1.hcl
+++ b/test/integration/connect/envoy/case-statsd-udp/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-statsd-udp/setup.sh b/test/integration/connect/envoy/case-statsd-udp/setup.sh
index 66e5af830037..883c78e1eb7f 100644
--- a/test/integration/connect/envoy/case-statsd-udp/setup.sh
+++ b/test/integration/connect/envoy/case-statsd-udp/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-statsd-udp/vars.sh b/test/integration/connect/envoy/case-statsd-udp/vars.sh
index c599f12e8232..7fa5a238ce93 100644
--- a/test/integration/connect/envoy/case-statsd-udp/vars.sh
+++ b/test/integration/connect/envoy/case-statsd-udp/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES fake-statsd"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/capture.sh b/test/integration/connect/envoy/case-terminating-gateway-hostnames/capture.sh
index fbfd74951abf..f5515165d799 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/capture.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 terminating-gateway primary || true
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_gateway.hcl b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_gateway.hcl
index e1b3ea8a8fde..63c212da3ace 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "terminating-gateway"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s1.hcl b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s1.hcl
index a0f80d75676c..da98b2729cbf 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s1.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s4.hcl b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s4.hcl
index ce8a7bbcf67a..3fba0f792ebd 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s4.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s4.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s4"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/setup.sh b/test/integration/connect/envoy/case-terminating-gateway-hostnames/setup.sh
index bca191d6d11d..919f9cfd1e9a 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/setup.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/vars.sh b/test/integration/connect/envoy/case-terminating-gateway-hostnames/vars.sh
index e4e3560ceea5..a86dca2e7e31 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/vars.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 # There is no sidecar proxy for s2, since the terminating gateway acts as the proxy
diff --git a/test/integration/connect/envoy/case-terminating-gateway-simple/service_gateway.hcl b/test/integration/connect/envoy/case-terminating-gateway-simple/service_gateway.hcl
index e1b3ea8a8fde..63c212da3ace 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-simple/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-simple/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "terminating-gateway"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-simple/setup.sh b/test/integration/connect/envoy/case-terminating-gateway-simple/setup.sh
index c4d33d8fe1df..f8638925a4a1 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-simple/setup.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-simple/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-terminating-gateway-simple/vars.sh b/test/integration/connect/envoy/case-terminating-gateway-simple/vars.sh
index 12cb3aa9ae1f..02ed45703c1e 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-simple/vars.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-simple/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 # There is no sidecar proxy for s2, since the terminating gateway acts as the proxy
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/capture.sh b/test/integration/connect/envoy/case-terminating-gateway-subsets/capture.sh
index 30d597a96aa5..8a28a10f3a6d 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/capture.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:20000 terminating-gateway primary || true
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_gateway.hcl b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_gateway.hcl
index b9af6a07093d..f294b64e6966 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "terminating-gateway"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v1.hcl b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v1.hcl
index 4812ba8db390..2191385000f6 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v2.hcl b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v2.hcl
index aa8f453a17e6..cc7df98777eb 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v2.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id   = "s2-v2"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s3.hcl b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s3.hcl
index 30b3f9e6658b..3269b33a8117 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s3.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   id = "s3"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/setup.sh b/test/integration/connect/envoy/case-terminating-gateway-subsets/setup.sh
index 63e0708aca59..ec38097fd273 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/setup.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/vars.sh b/test/integration/connect/envoy/case-terminating-gateway-subsets/vars.sh
index 0dd7176570f2..e6d96721e4c5 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/vars.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 # There is no sidecar proxy for s2-v1, since the terminating gateway acts as the proxy
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/bind.hcl b/test/integration/connect/envoy/case-terminating-gateway-without-services/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/bind.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_gateway.hcl b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_gateway.hcl
index 4f784aab291b..fee3bb25b00b 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "terminating-gateway"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s1.hcl b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s1.hcl
index f74a67a5aef0..0891eebceb9c 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s1.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s2.hcl b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s2.hcl
index 1f3f2edd4789..ca644bb3ffa2 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s2.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/setup.sh b/test/integration/connect/envoy/case-terminating-gateway-without-services/setup.sh
index 4192820bd514..91f82633b3d5 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/setup.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/vars.sh b/test/integration/connect/envoy/case-terminating-gateway-without-services/vars.sh
index d6e7573ffff2..a8d23fead535 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/vars.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="terminating-gateway-primary"
diff --git a/test/integration/connect/envoy/case-upstream-config/service_s1.hcl b/test/integration/connect/envoy/case-upstream-config/service_s1.hcl
index 6d3da674ed96..3bfcb906db70 100644
--- a/test/integration/connect/envoy/case-upstream-config/service_s1.hcl
+++ b/test/integration/connect/envoy/case-upstream-config/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-upstream-config/service_s2.hcl b/test/integration/connect/envoy/case-upstream-config/service_s2.hcl
index c01f4b2fefe5..a16737977662 100644
--- a/test/integration/connect/envoy/case-upstream-config/service_s2.hcl
+++ b/test/integration/connect/envoy/case-upstream-config/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-upstream-config/setup.sh b/test/integration/connect/envoy/case-upstream-config/setup.sh
index b88cc9012968..3fb3ade6c5fb 100644
--- a/test/integration/connect/envoy/case-upstream-config/setup.sh
+++ b/test/integration/connect/envoy/case-upstream-config/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-wanfed-gw/bind.hcl b/test/integration/connect/envoy/case-wanfed-gw/bind.hcl
index 057e0e727f66..e54caa47a492 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/bind.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-wanfed-gw/capture.sh b/test/integration/connect/envoy/case-wanfed-gw/capture.sh
index 17a53a432040..5c24811d1172 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/capture.sh
+++ b/test/integration/connect/envoy/case-wanfed-gw/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 mesh-gateway primary || true
diff --git a/test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh b/test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh
index c63b12a12fe6..080d5abf94f1 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh
+++ b/test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh
@@ -1,4 +1,7 @@
 #!/bin/bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 
 # initialize the outputs for each dc
 for dc in primary secondary; do
diff --git a/test/integration/connect/envoy/case-wanfed-gw/global-setup.sh b/test/integration/connect/envoy/case-wanfed-gw/global-setup.sh
index 50625daf0787..0e21aef6893a 100755
--- a/test/integration/connect/envoy/case-wanfed-gw/global-setup.sh
+++ b/test/integration/connect/envoy/case-wanfed-gw/global-setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 # initialize the outputs for each dc
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl
index d30c465429cc..06ad70b29aaf 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 tls {
   internal_rpc {
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl
index ee2d77e48637..e694d94c441e 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 node_name = "pri"
 connect {
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/service_gateway.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/service_gateway.hcl
index 31c8747b9308..0a33536b9c8d 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/service_s1.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/service_s1.hcl
index f74a67a5aef0..0891eebceb9c 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/service_s2.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/service_s2.hcl
index 1f3f2edd4789..ca644bb3ffa2 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/setup.sh b/test/integration/connect/envoy/case-wanfed-gw/primary/setup.sh
index f39cf66dd009..11d5abf14d59 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/setup.sh
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl b/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl
index 570fa9d0594e..6b76d377d821 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 tls {
   internal_rpc {
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/server.hcl b/test/integration/connect/envoy/case-wanfed-gw/secondary/server.hcl
index 6265b917445e..027174bf632d 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/server.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/server.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 node_name = "sec"
 connect {
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_gateway.hcl
index c010c4d4e4a2..bba04fd97146 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s1.hcl b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s1.hcl
index f74a67a5aef0..0891eebceb9c 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s1 service
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s2.hcl b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s2.hcl
index 1f3f2edd4789..ca644bb3ffa2 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # We don't want an s2 service
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/setup.sh b/test/integration/connect/envoy/case-wanfed-gw/secondary/setup.sh
index ef5032115a59..0f4313108c8c 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-wanfed-gw/vars.sh b/test/integration/connect/envoy/case-wanfed-gw/vars.sh
index 79007fcfe8d2..4de3b552dcf8 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/vars.sh
+++ b/test/integration/connect/envoy/case-wanfed-gw/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="gateway-primary gateway-secondary"
diff --git a/test/integration/connect/envoy/case-wasm/capture.sh b/test/integration/connect/envoy/case-wasm/capture.sh
index 5268305f8ff6..14dc00afc65b 100644
--- a/test/integration/connect/envoy/case-wasm/capture.sh
+++ b/test/integration/connect/envoy/case-wasm/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-wasm/service_s1.hcl b/test/integration/connect/envoy/case-wasm/service_s1.hcl
index 6eaca129855b..54c6ac6501b4 100644
--- a/test/integration/connect/envoy/case-wasm/service_s1.hcl
+++ b/test/integration/connect/envoy/case-wasm/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-wasm/service_s2.hcl b/test/integration/connect/envoy/case-wasm/service_s2.hcl
index c01f4b2fefe5..a16737977662 100644
--- a/test/integration/connect/envoy/case-wasm/service_s2.hcl
+++ b/test/integration/connect/envoy/case-wasm/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-wasm/setup.sh b/test/integration/connect/envoy/case-wasm/setup.sh
index d491aa92fc1d..54ab4d4c72ce 100644
--- a/test/integration/connect/envoy/case-wasm/setup.sh
+++ b/test/integration/connect/envoy/case-wasm/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-wasm/vars.sh b/test/integration/connect/envoy/case-wasm/vars.sh
index 091a358e13df..ac0664606f93 100644
--- a/test/integration/connect/envoy/case-wasm/vars.sh
+++ b/test/integration/connect/envoy/case-wasm/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy"
diff --git a/test/integration/connect/envoy/case-zipkin/service_s1.hcl b/test/integration/connect/envoy/case-zipkin/service_s1.hcl
index 7adcedd7db9e..5f6935fedfbf 100644
--- a/test/integration/connect/envoy/case-zipkin/service_s1.hcl
+++ b/test/integration/connect/envoy/case-zipkin/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-zipkin/service_s2.hcl b/test/integration/connect/envoy/case-zipkin/service_s2.hcl
index a537840dff69..21b8f859b8f2 100644
--- a/test/integration/connect/envoy/case-zipkin/service_s2.hcl
+++ b/test/integration/connect/envoy/case-zipkin/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-zipkin/setup.sh b/test/integration/connect/envoy/case-zipkin/setup.sh
index b88cc9012968..3fb3ade6c5fb 100644
--- a/test/integration/connect/envoy/case-zipkin/setup.sh
+++ b/test/integration/connect/envoy/case-zipkin/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-zipkin/vars.sh b/test/integration/connect/envoy/case-zipkin/vars.sh
index c4221f8b1aca..7f4fb54ac6d7 100644
--- a/test/integration/connect/envoy/case-zipkin/vars.sh
+++ b/test/integration/connect/envoy/case-zipkin/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES jaeger"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/consul-base-cfg/base.hcl b/test/integration/connect/envoy/consul-base-cfg/base.hcl
index 49116ea6e9b0..941f68aa26f6 100644
--- a/test/integration/connect/envoy/consul-base-cfg/base.hcl
+++ b/test/integration/connect/envoy/consul-base-cfg/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 primary_datacenter = "primary"
 log_level          = "trace"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/consul-base-cfg/service_s1.hcl b/test/integration/connect/envoy/consul-base-cfg/service_s1.hcl
index 9a883739e4fa..b2b685c08abe 100644
--- a/test/integration/connect/envoy/consul-base-cfg/service_s1.hcl
+++ b/test/integration/connect/envoy/consul-base-cfg/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/consul-base-cfg/service_s2.hcl b/test/integration/connect/envoy/consul-base-cfg/service_s2.hcl
index 0869e74f2406..73d779829781 100644
--- a/test/integration/connect/envoy/consul-base-cfg/service_s2.hcl
+++ b/test/integration/connect/envoy/consul-base-cfg/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/defaults.sh b/test/integration/connect/envoy/defaults.sh
index ad428e49eaf5..f92c2cfb1fa9 100644
--- a/test/integration/connect/envoy/defaults.sh
+++ b/test/integration/connect/envoy/defaults.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 export DEFAULT_REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy"
diff --git a/test/integration/connect/envoy/down.sh b/test/integration/connect/envoy/down.sh
index d9b27bd4aedb..28b159358d1e 100755
--- a/test/integration/connect/envoy/down.sh
+++ b/test/integration/connect/envoy/down.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/helpers.bash b/test/integration/connect/envoy/helpers.bash
index 009c88cd90d8..cb10a345a314 100755
--- a/test/integration/connect/envoy/helpers.bash
+++ b/test/integration/connect/envoy/helpers.bash
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 # retry based on
diff --git a/test/integration/connect/envoy/helpers.windows.bash b/test/integration/connect/envoy/helpers.windows.bash
index 2e4a5d4fac2b..f455244205eb 100644
--- a/test/integration/connect/envoy/helpers.windows.bash
+++ b/test/integration/connect/envoy/helpers.windows.bash
@@ -1,4 +1,7 @@
 #!/bin/bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 
 CONSUL_HOSTNAME=""
 MOD_ARG=""
diff --git a/test/integration/connect/envoy/main_test.go b/test/integration/connect/envoy/main_test.go
index a03528055345..7769877efe63 100644
--- a/test/integration/connect/envoy/main_test.go
+++ b/test/integration/connect/envoy/main_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build integration
 // +build integration
diff --git a/test/integration/connect/envoy/run-tests.sh b/test/integration/connect/envoy/run-tests.sh
index ba0d6fa81090..99c918a6ee59 100755
--- a/test/integration/connect/envoy/run-tests.sh
+++ b/test/integration/connect/envoy/run-tests.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/run-tests.windows.sh b/test/integration/connect/envoy/run-tests.windows.sh
index 2388bcd5b6f6..b8ba4a1ee64d 100644
--- a/test/integration/connect/envoy/run-tests.windows.sh
+++ b/test/integration/connect/envoy/run-tests.windows.sh
@@ -1,4 +1,7 @@
 #!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 
 if [ $2 != "false" ]
 then
diff --git a/test/integration/connect/envoy/test-sds-server/Dockerfile b/test/integration/connect/envoy/test-sds-server/Dockerfile
index 5ea87089c704..73f72667b95a 100644
--- a/test/integration/connect/envoy/test-sds-server/Dockerfile
+++ b/test/integration/connect/envoy/test-sds-server/Dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 FROM golang:latest
 
diff --git a/test/integration/connect/envoy/test-sds-server/certs/gen-certs.sh b/test/integration/connect/envoy/test-sds-server/certs/gen-certs.sh
index bf46e5da0abf..2c416ad146db 100755
--- a/test/integration/connect/envoy/test-sds-server/certs/gen-certs.sh
+++ b/test/integration/connect/envoy/test-sds-server/certs/gen-certs.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/test-sds-server/sds.go b/test/integration/connect/envoy/test-sds-server/sds.go
index 6c1ed208cd52..6223d894449d 100644
--- a/test/integration/connect/envoy/test-sds-server/sds.go
+++ b/test/integration/connect/envoy/test-sds-server/sds.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package main
 
diff --git a/test/integration/consul-container/assets/tproxy-startup.sh b/test/integration/consul-container/assets/tproxy-startup.sh
index 1e5963fe9fe9..974d9368cbfd 100644
--- a/test/integration/consul-container/assets/tproxy-startup.sh
+++ b/test/integration/consul-container/assets/tproxy-startup.sh
@@ -1,4 +1,7 @@
 #!/usr/bin/env sh
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 
 set -ex
 
diff --git a/test/integration/consul-container/libs/assert/common.go b/test/integration/consul-container/libs/assert/common.go
index 5f2431f6ff2f..c10cb7b9b479 100644
--- a/test/integration/consul-container/libs/assert/common.go
+++ b/test/integration/consul-container/libs/assert/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package assert
 
diff --git a/test/integration/consul-container/libs/assert/envoy.go b/test/integration/consul-container/libs/assert/envoy.go
index 13632aaf4af2..05add74c92b0 100644
--- a/test/integration/consul-container/libs/assert/envoy.go
+++ b/test/integration/consul-container/libs/assert/envoy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package assert
 
diff --git a/test/integration/consul-container/libs/assert/grpc.go b/test/integration/consul-container/libs/assert/grpc.go
index 27b8ff989b2b..a41ef65af620 100644
--- a/test/integration/consul-container/libs/assert/grpc.go
+++ b/test/integration/consul-container/libs/assert/grpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package assert
 
diff --git a/test/integration/consul-container/libs/assert/peering.go b/test/integration/consul-container/libs/assert/peering.go
index 5b9d4ee4b43a..ab000268d790 100644
--- a/test/integration/consul-container/libs/assert/peering.go
+++ b/test/integration/consul-container/libs/assert/peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package assert
 
diff --git a/test/integration/consul-container/libs/assert/service.go b/test/integration/consul-container/libs/assert/service.go
index f325c8e37280..ba08649b2758 100644
--- a/test/integration/consul-container/libs/assert/service.go
+++ b/test/integration/consul-container/libs/assert/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package assert
 
diff --git a/test/integration/consul-container/libs/cluster/agent.go b/test/integration/consul-container/libs/cluster/agent.go
index 653ef89eb066..6ffc4d4f8c28 100644
--- a/test/integration/consul-container/libs/cluster/agent.go
+++ b/test/integration/consul-container/libs/cluster/agent.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/app.go b/test/integration/consul-container/libs/cluster/app.go
index f434fcff135b..001880b85f43 100644
--- a/test/integration/consul-container/libs/cluster/app.go
+++ b/test/integration/consul-container/libs/cluster/app.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/builder.go b/test/integration/consul-container/libs/cluster/builder.go
index 72228a26d613..945b2bcd9ea0 100644
--- a/test/integration/consul-container/libs/cluster/builder.go
+++ b/test/integration/consul-container/libs/cluster/builder.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/cluster.go b/test/integration/consul-container/libs/cluster/cluster.go
index aedf0ac9267a..66e9ac5c2ddb 100644
--- a/test/integration/consul-container/libs/cluster/cluster.go
+++ b/test/integration/consul-container/libs/cluster/cluster.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/config.go b/test/integration/consul-container/libs/cluster/config.go
index 505811d35e7f..f46be0429541 100644
--- a/test/integration/consul-container/libs/cluster/config.go
+++ b/test/integration/consul-container/libs/cluster/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/container.go b/test/integration/consul-container/libs/cluster/container.go
index 4002c9c301b5..d44416236473 100644
--- a/test/integration/consul-container/libs/cluster/container.go
+++ b/test/integration/consul-container/libs/cluster/container.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/encryption.go b/test/integration/consul-container/libs/cluster/encryption.go
index 3adb5a317700..79e7133fbbd0 100644
--- a/test/integration/consul-container/libs/cluster/encryption.go
+++ b/test/integration/consul-container/libs/cluster/encryption.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/log.go b/test/integration/consul-container/libs/cluster/log.go
index f2a185d532f4..59e69a64efda 100644
--- a/test/integration/consul-container/libs/cluster/log.go
+++ b/test/integration/consul-container/libs/cluster/log.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/network.go b/test/integration/consul-container/libs/cluster/network.go
index 6e170b3dabc1..be6f34c77983 100644
--- a/test/integration/consul-container/libs/cluster/network.go
+++ b/test/integration/consul-container/libs/cluster/network.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/service/common.go b/test/integration/consul-container/libs/service/common.go
index add9f1395d24..0e0e2739571b 100644
--- a/test/integration/consul-container/libs/service/common.go
+++ b/test/integration/consul-container/libs/service/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package service
 
diff --git a/test/integration/consul-container/libs/service/connect.go b/test/integration/consul-container/libs/service/connect.go
index 36df4e09f769..5b467845bed5 100644
--- a/test/integration/consul-container/libs/service/connect.go
+++ b/test/integration/consul-container/libs/service/connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package service
 
diff --git a/test/integration/consul-container/libs/service/examples.go b/test/integration/consul-container/libs/service/examples.go
index b77869e15b7f..cc37cdb0a750 100644
--- a/test/integration/consul-container/libs/service/examples.go
+++ b/test/integration/consul-container/libs/service/examples.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package service
 
diff --git a/test/integration/consul-container/libs/service/gateway.go b/test/integration/consul-container/libs/service/gateway.go
index fda7b7a92693..61bc4d31503a 100644
--- a/test/integration/consul-container/libs/service/gateway.go
+++ b/test/integration/consul-container/libs/service/gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package service
 
diff --git a/test/integration/consul-container/libs/service/helpers.go b/test/integration/consul-container/libs/service/helpers.go
index d4f866aeb403..da4b718f432e 100644
--- a/test/integration/consul-container/libs/service/helpers.go
+++ b/test/integration/consul-container/libs/service/helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package service
 
diff --git a/test/integration/consul-container/libs/service/log.go b/test/integration/consul-container/libs/service/log.go
index 86e10a3fc719..4e64bb7e54bb 100644
--- a/test/integration/consul-container/libs/service/log.go
+++ b/test/integration/consul-container/libs/service/log.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package service
 
diff --git a/test/integration/consul-container/libs/service/service.go b/test/integration/consul-container/libs/service/service.go
index 5e1af3ab14c7..ca186849728c 100644
--- a/test/integration/consul-container/libs/service/service.go
+++ b/test/integration/consul-container/libs/service/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package service
 
diff --git a/test/integration/consul-container/libs/topology/peering_topology.go b/test/integration/consul-container/libs/topology/peering_topology.go
index 3d7fa7870eea..3a4952102616 100644
--- a/test/integration/consul-container/libs/topology/peering_topology.go
+++ b/test/integration/consul-container/libs/topology/peering_topology.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package topology
 
diff --git a/test/integration/consul-container/libs/topology/service_topology.go b/test/integration/consul-container/libs/topology/service_topology.go
index 06a1c8475549..5898a57ec1c3 100644
--- a/test/integration/consul-container/libs/topology/service_topology.go
+++ b/test/integration/consul-container/libs/topology/service_topology.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package topology
 
diff --git a/test/integration/consul-container/libs/utils/debug.go b/test/integration/consul-container/libs/utils/debug.go
index 146a7e4cacdd..fac44c4e2e00 100644
--- a/test/integration/consul-container/libs/utils/debug.go
+++ b/test/integration/consul-container/libs/utils/debug.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/defer.go b/test/integration/consul-container/libs/utils/defer.go
index 867de61972a9..85d913c7dba2 100644
--- a/test/integration/consul-container/libs/utils/defer.go
+++ b/test/integration/consul-container/libs/utils/defer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/docker.go b/test/integration/consul-container/libs/utils/docker.go
index 6be46d91aee1..b807cf66fae2 100644
--- a/test/integration/consul-container/libs/utils/docker.go
+++ b/test/integration/consul-container/libs/utils/docker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/helpers.go b/test/integration/consul-container/libs/utils/helpers.go
index 5f75e3e4b3f7..7f08b27b9ffe 100644
--- a/test/integration/consul-container/libs/utils/helpers.go
+++ b/test/integration/consul-container/libs/utils/helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/retry.go b/test/integration/consul-container/libs/utils/retry.go
index 651a195cf116..cfe5ade347cd 100644
--- a/test/integration/consul-container/libs/utils/retry.go
+++ b/test/integration/consul-container/libs/utils/retry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/tenancy.go b/test/integration/consul-container/libs/utils/tenancy.go
index 2254341ab59d..f8a803bc82c7 100644
--- a/test/integration/consul-container/libs/utils/tenancy.go
+++ b/test/integration/consul-container/libs/utils/tenancy.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package utils
 
 import "github.com/hashicorp/consul/api"
diff --git a/test/integration/consul-container/libs/utils/utils.go b/test/integration/consul-container/libs/utils/utils.go
index 7be336eb8d50..b3d8382ed45a 100644
--- a/test/integration/consul-container/libs/utils/utils.go
+++ b/test/integration/consul-container/libs/utils/utils.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/version.go b/test/integration/consul-container/libs/utils/version.go
index b906f9167826..c81f7e00e35d 100644
--- a/test/integration/consul-container/libs/utils/version.go
+++ b/test/integration/consul-container/libs/utils/version.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/version_oss.go b/test/integration/consul-container/libs/utils/version_oss.go
index 9fefeebf4dde..afe5f6c4172c 100644
--- a/test/integration/consul-container/libs/utils/version_oss.go
+++ b/test/integration/consul-container/libs/utils/version_oss.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/test/integration/consul-container/test/basic/connect_service_test.go b/test/integration/consul-container/test/basic/connect_service_test.go
index 7ad6f4f9cce7..ee045f1286d3 100644
--- a/test/integration/consul-container/test/basic/connect_service_test.go
+++ b/test/integration/consul-container/test/basic/connect_service_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package basic
 
diff --git a/test/integration/consul-container/test/catalog/catalog_test.go b/test/integration/consul-container/test/catalog/catalog_test.go
index 8520e5a647e8..a2f4216c1c45 100644
--- a/test/integration/consul-container/test/catalog/catalog_test.go
+++ b/test/integration/consul-container/test/catalog/catalog_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package catalog
 
 import (
diff --git a/test/integration/consul-container/test/consul_envoy_version/consul_envoy_version.go b/test/integration/consul-container/test/consul_envoy_version/consul_envoy_version.go
index 72c4964ffbf4..c37dfc811664 100644
--- a/test/integration/consul-container/test/consul_envoy_version/consul_envoy_version.go
+++ b/test/integration/consul-container/test/consul_envoy_version/consul_envoy_version.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package main
 
diff --git a/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go b/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
index 938981c60f51..38c700a5a039 100644
--- a/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
+++ b/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package envoyextensions
 
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile
index 6c5d77a16052..31e2dd93d042 100644
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 FROM tinygo/tinygo:sha-598cb1e4ddce53d85600a1b7724ed39eea80e119
 COPY ./build.sh /
 ENTRYPOINT ["/build.sh"]
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh
index 1bedc2b52038..6affddf298eb 100755
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh
@@ -1,3 +1,6 @@
 #!/bin/sh
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 cd /wasm
 tinygo build -o /wasm/wasm_add_header.wasm -scheduler=none -target=wasi /wasm/wasm_add_header.go
\ No newline at end of file
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go
index 86a4af214211..91aeae695676 100644
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go
+++ b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package main
 
 import (
diff --git a/test/integration/consul-container/test/envoy_extensions/wasm_test.go b/test/integration/consul-container/test/envoy_extensions/wasm_test.go
index 2a9a17ff1742..fee0675c50a7 100644
--- a/test/integration/consul-container/test/envoy_extensions/wasm_test.go
+++ b/test/integration/consul-container/test/envoy_extensions/wasm_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package envoyextensions
 
 import (
diff --git a/test/integration/consul-container/test/gateways/gateway_endpoint_test.go b/test/integration/consul-container/test/gateways/gateway_endpoint_test.go
index 659fc4e3fdfe..42cccef121a2 100644
--- a/test/integration/consul-container/test/gateways/gateway_endpoint_test.go
+++ b/test/integration/consul-container/test/gateways/gateway_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package gateways
 
diff --git a/test/integration/consul-container/test/gateways/http_route_test.go b/test/integration/consul-container/test/gateways/http_route_test.go
index fcdbb7ce1c96..e3a975c15042 100644
--- a/test/integration/consul-container/test/gateways/http_route_test.go
+++ b/test/integration/consul-container/test/gateways/http_route_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package gateways
 
diff --git a/test/integration/consul-container/test/gateways/ingress_gateway_test.go b/test/integration/consul-container/test/gateways/ingress_gateway_test.go
index 2757e5d1eef9..fb616232995f 100644
--- a/test/integration/consul-container/test/gateways/ingress_gateway_test.go
+++ b/test/integration/consul-container/test/gateways/ingress_gateway_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package gateways
 
diff --git a/test/integration/consul-container/test/gateways/tenancy_oss.go b/test/integration/consul-container/test/gateways/tenancy_oss.go
index 19d82d39db17..ebf59c40d961 100644
--- a/test/integration/consul-container/test/gateways/tenancy_oss.go
+++ b/test/integration/consul-container/test/gateways/tenancy_oss.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 //go:build !consulent
 // +build !consulent
 
diff --git a/test/integration/consul-container/test/jwtauth/jwt_auth_test.go b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
index 2ff3938f92d6..3de8a07e74a4 100644
--- a/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
+++ b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package jwtauth
 
diff --git a/test/integration/consul-container/test/observability/access_logs_test.go b/test/integration/consul-container/test/observability/access_logs_test.go
index 66747e6322aa..e48b05a1254d 100644
--- a/test/integration/consul-container/test/observability/access_logs_test.go
+++ b/test/integration/consul-container/test/observability/access_logs_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package observability
 
diff --git a/test/integration/consul-container/test/observability/metrics_leader_test.go b/test/integration/consul-container/test/observability/metrics_leader_test.go
index 4d3a024e9b60..781e657a9f35 100644
--- a/test/integration/consul-container/test/observability/metrics_leader_test.go
+++ b/test/integration/consul-container/test/observability/metrics_leader_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package observability
 
diff --git a/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go b/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go
index 86285f2c605a..77639b78d1a7 100644
--- a/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go
+++ b/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package peering
 
diff --git a/test/integration/consul-container/test/ratelimit/ratelimit_test.go b/test/integration/consul-container/test/ratelimit/ratelimit_test.go
index e3aa20e5ba84..ed35bcf64646 100644
--- a/test/integration/consul-container/test/ratelimit/ratelimit_test.go
+++ b/test/integration/consul-container/test/ratelimit/ratelimit_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package ratelimit
 
diff --git a/test/integration/consul-container/test/snapshot/snapshot_restore_test.go b/test/integration/consul-container/test/snapshot/snapshot_restore_test.go
index 70fa0d2d4143..91fcec05bb02 100644
--- a/test/integration/consul-container/test/snapshot/snapshot_restore_test.go
+++ b/test/integration/consul-container/test/snapshot/snapshot_restore_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package snapshot
 
diff --git a/test/integration/consul-container/test/tproxy/tproxy_test.go b/test/integration/consul-container/test/tproxy/tproxy_test.go
index 3ace4102f0c3..978d211aa923 100644
--- a/test/integration/consul-container/test/tproxy/tproxy_test.go
+++ b/test/integration/consul-container/test/tproxy/tproxy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tproxy
 
diff --git a/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go b/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go
index cb9c9125b543..538f4f2c2779 100644
--- a/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go
+++ b/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/test/integration/consul-container/test/upgrade/acl_node_test.go b/test/integration/consul-container/test/upgrade/acl_node_test.go
index 94886a4e27a4..67b5fa12ad17 100644
--- a/test/integration/consul-container/test/upgrade/acl_node_test.go
+++ b/test/integration/consul-container/test/upgrade/acl_node_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/basic/basic_test.go b/test/integration/consul-container/test/upgrade/basic/basic_test.go
index 40406caebeef..fe9f28fa2240 100644
--- a/test/integration/consul-container/test/upgrade/basic/basic_test.go
+++ b/test/integration/consul-container/test/upgrade/basic/basic_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go b/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go
index 6b4a047952bc..75ae754fd5b9 100644
--- a/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go
+++ b/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/basic/healthcheck_test.go b/test/integration/consul-container/test/upgrade/basic/healthcheck_test.go
index fde78c182ea3..b0988cd280c2 100644
--- a/test/integration/consul-container/test/upgrade/basic/healthcheck_test.go
+++ b/test/integration/consul-container/test/upgrade/basic/healthcheck_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/catalog/catalog_test.go b/test/integration/consul-container/test/upgrade/catalog/catalog_test.go
index ef2de3edeb24..73f94d4687bc 100644
--- a/test/integration/consul-container/test/upgrade/catalog/catalog_test.go
+++ b/test/integration/consul-container/test/upgrade/catalog/catalog_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package catalog
 
diff --git a/test/integration/consul-container/test/upgrade/common.go b/test/integration/consul-container/test/upgrade/common.go
index abba2b425ad5..cbbf9aea35af 100644
--- a/test/integration/consul-container/test/upgrade/common.go
+++ b/test/integration/consul-container/test/upgrade/common.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package upgrade
 
 import (
diff --git a/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go b/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go
index 873eabcf0e4f..75f52688b2d8 100644
--- a/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go
+++ b/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/ingress_gateway_sds_test.go b/test/integration/consul-container/test/upgrade/ingress_gateway_sds_test.go
index c31f8007b2e3..a237bd98b230 100644
--- a/test/integration/consul-container/test/upgrade/ingress_gateway_sds_test.go
+++ b/test/integration/consul-container/test/upgrade/ingress_gateway_sds_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/ingress_gateway_test.go b/test/integration/consul-container/test/upgrade/ingress_gateway_test.go
index c0acfeb775b5..e4bc12629fe5 100644
--- a/test/integration/consul-container/test/upgrade/ingress_gateway_test.go
+++ b/test/integration/consul-container/test/upgrade/ingress_gateway_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go b/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
index 70b81e964a99..dcc78e683ec1 100644
--- a/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
+++ b/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go b/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go
index ef245c7c2bf7..fc104b488fa8 100644
--- a/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go
+++ b/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/peering/peering_http_test.go b/test/integration/consul-container/test/upgrade/peering/peering_http_test.go
index 08471eb7d2f6..60a74afb5b5f 100644
--- a/test/integration/consul-container/test/upgrade/peering/peering_http_test.go
+++ b/test/integration/consul-container/test/upgrade/peering/peering_http_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/wanfed/acl_bootstrap_replication_test.go b/test/integration/consul-container/test/wanfed/acl_bootstrap_replication_test.go
index 0caddbc302e3..7eedc158d133 100644
--- a/test/integration/consul-container/test/wanfed/acl_bootstrap_replication_test.go
+++ b/test/integration/consul-container/test/wanfed/acl_bootstrap_replication_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package wanfed
 
diff --git a/test/integration/consul-container/test/wanfed/wanfed_peering_test.go b/test/integration/consul-container/test/wanfed/wanfed_peering_test.go
index f40b6a60d007..4107fd726f96 100644
--- a/test/integration/consul-container/test/wanfed/wanfed_peering_test.go
+++ b/test/integration/consul-container/test/wanfed/wanfed_peering_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package wanfed
 
diff --git a/test/load/packer/consul-ami/consul.pkr.hcl b/test/load/packer/consul-ami/consul.pkr.hcl
index 7290845ef0c5..d24ef7b9cbc6 100644
--- a/test/load/packer/consul-ami/consul.pkr.hcl
+++ b/test/load/packer/consul-ami/consul.pkr.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 packer {
   required_version = ">= 1.5.4"
diff --git a/test/load/packer/consul-ami/scripts/conf.yaml b/test/load/packer/consul-ami/scripts/conf.yaml
index 04c9dd2e292b..e61a9b94ef1d 100755
--- a/test/load/packer/consul-ami/scripts/conf.yaml
+++ b/test/load/packer/consul-ami/scripts/conf.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 init_config:
 
diff --git a/test/load/packer/consul-ami/scripts/datadog.yaml b/test/load/packer/consul-ami/scripts/datadog.yaml
index e64cf4d9cd6b..bfe671563d96 100755
--- a/test/load/packer/consul-ami/scripts/datadog.yaml
+++ b/test/load/packer/consul-ami/scripts/datadog.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 #########################
 ## Basic Configuration ##
diff --git a/test/load/packer/consul-ami/scripts/move-files.sh b/test/load/packer/consul-ami/scripts/move-files.sh
index e5773ef195f7..8b695ac83c6f 100644
--- a/test/load/packer/consul-ami/scripts/move-files.sh
+++ b/test/load/packer/consul-ami/scripts/move-files.sh
@@ -1,6 +1,6 @@
 #!/bin/bash -e
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 ##Move datadog files
diff --git a/test/load/packer/loadtest-ami/loadtest.pkr.hcl b/test/load/packer/loadtest-ami/loadtest.pkr.hcl
index 1a0a3db90751..e7deb402e3ef 100644
--- a/test/load/packer/loadtest-ami/loadtest.pkr.hcl
+++ b/test/load/packer/loadtest-ami/loadtest.pkr.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 packer {
   required_version = ">= 1.5.4"
diff --git a/test/load/packer/loadtest-ami/scripts/install-k6.sh b/test/load/packer/loadtest-ami/scripts/install-k6.sh
index e0fa57b064d4..fce98cea6254 100644
--- a/test/load/packer/loadtest-ami/scripts/install-k6.sh
+++ b/test/load/packer/loadtest-ami/scripts/install-k6.sh
@@ -1,6 +1,6 @@
 #!/bin/bash -e
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 # set new limit
diff --git a/test/load/packer/loadtest-ami/scripts/loadtest.js b/test/load/packer/loadtest-ami/scripts/loadtest.js
index 975191d3c09c..e048b0e307fc 100644
--- a/test/load/packer/loadtest-ami/scripts/loadtest.js
+++ b/test/load/packer/loadtest-ami/scripts/loadtest.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import http from 'k6/http';
diff --git a/test/load/terraform/consul.tf b/test/load/terraform/consul.tf
index 4ba0eb7a9acf..969ccd58fc4a 100644
--- a/test/load/terraform/consul.tf
+++ b/test/load/terraform/consul.tf
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 data "aws_ami" "consul" {
   most_recent = true
diff --git a/test/load/terraform/main.tf b/test/load/terraform/main.tf
index 216b6eb83613..76f0c81286ff 100644
--- a/test/load/terraform/main.tf
+++ b/test/load/terraform/main.tf
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 terraform {
   required_version = ">= 0.13"
diff --git a/test/load/terraform/outputs.tf b/test/load/terraform/outputs.tf
index 48753c8fa7d4..80e213f4282e 100644
--- a/test/load/terraform/outputs.tf
+++ b/test/load/terraform/outputs.tf
@@ -1,3 +1,3 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
diff --git a/test/load/terraform/providers.tf b/test/load/terraform/providers.tf
index 8c1541cb5131..87b6bf51e97d 100644
--- a/test/load/terraform/providers.tf
+++ b/test/load/terraform/providers.tf
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 terraform {
   required_providers {
diff --git a/test/load/terraform/test-servers.tf b/test/load/terraform/test-servers.tf
index 78c757e35ac1..4d4b0a6acc3f 100644
--- a/test/load/terraform/test-servers.tf
+++ b/test/load/terraform/test-servers.tf
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 data "aws_ami" "test" {
   most_recent = true
diff --git a/test/load/terraform/user-data-client.sh b/test/load/terraform/user-data-client.sh
index 9ed15e89ab29..27a14004a54d 100644
--- a/test/load/terraform/user-data-client.sh
+++ b/test/load/terraform/user-data-client.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # SOURCE: GRUNTWORKS
 # This script is meant to be run in the User Data of each EC2 Instance while it's booting. The script uses the
diff --git a/test/load/terraform/user-data-server.sh b/test/load/terraform/user-data-server.sh
index f6e0b7452c37..0d743f57ab68 100755
--- a/test/load/terraform/user-data-server.sh
+++ b/test/load/terraform/user-data-server.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # SOURCE: GRUNTWORKS
 # This script is meant to be run in the User Data of each EC2 Instance while it's booting. The script uses the
diff --git a/test/load/terraform/variables.tf b/test/load/terraform/variables.tf
index 9d93fa17773b..8d5d82e1ca02 100644
--- a/test/load/terraform/variables.tf
+++ b/test/load/terraform/variables.tf
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 # ---------------------------------------------------------------------------------------------------------------------
 # ENVIRONMENT VARIABLES
diff --git a/testing/deployer/sprawl/acl.go b/testing/deployer/sprawl/acl.go
index 54f9c9a98a01..63d86220d9ff 100644
--- a/testing/deployer/sprawl/acl.go
+++ b/testing/deployer/sprawl/acl.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import (
diff --git a/testing/deployer/sprawl/acl_rules.go b/testing/deployer/sprawl/acl_rules.go
index b024ceab539e..036149cdfd6c 100644
--- a/testing/deployer/sprawl/acl_rules.go
+++ b/testing/deployer/sprawl/acl_rules.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import (
diff --git a/testing/deployer/sprawl/boot.go b/testing/deployer/sprawl/boot.go
index 415788726307..6f16f928f5d1 100644
--- a/testing/deployer/sprawl/boot.go
+++ b/testing/deployer/sprawl/boot.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import (
diff --git a/testing/deployer/sprawl/catalog.go b/testing/deployer/sprawl/catalog.go
index 5da32cc51318..eb355739a6cf 100644
--- a/testing/deployer/sprawl/catalog.go
+++ b/testing/deployer/sprawl/catalog.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import (
diff --git a/testing/deployer/sprawl/configentries.go b/testing/deployer/sprawl/configentries.go
index ff84f0eb1a45..90ca2bb4cda2 100644
--- a/testing/deployer/sprawl/configentries.go
+++ b/testing/deployer/sprawl/configentries.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import (
diff --git a/testing/deployer/sprawl/consul.go b/testing/deployer/sprawl/consul.go
index 5abb68ac8cc1..e92fe218846e 100644
--- a/testing/deployer/sprawl/consul.go
+++ b/testing/deployer/sprawl/consul.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import (
diff --git a/testing/deployer/sprawl/debug.go b/testing/deployer/sprawl/debug.go
index e02c3eefc95f..df11f96c3c8b 100644
--- a/testing/deployer/sprawl/debug.go
+++ b/testing/deployer/sprawl/debug.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import "encoding/json"
diff --git a/testing/deployer/sprawl/details.go b/testing/deployer/sprawl/details.go
index 401cc3b9d75c..1c896598b4a9 100644
--- a/testing/deployer/sprawl/details.go
+++ b/testing/deployer/sprawl/details.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import (
diff --git a/testing/deployer/sprawl/ent.go b/testing/deployer/sprawl/ent.go
index f6d73e0e0eae..8ec2925ef163 100644
--- a/testing/deployer/sprawl/ent.go
+++ b/testing/deployer/sprawl/ent.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import (
diff --git a/testing/deployer/sprawl/helpers.go b/testing/deployer/sprawl/helpers.go
index ce546afed623..941311a1c118 100644
--- a/testing/deployer/sprawl/helpers.go
+++ b/testing/deployer/sprawl/helpers.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 // Deprecated: remove
diff --git a/testing/deployer/sprawl/internal/build/docker.go b/testing/deployer/sprawl/internal/build/docker.go
index 88e763061e93..7007d44c844a 100644
--- a/testing/deployer/sprawl/internal/build/docker.go
+++ b/testing/deployer/sprawl/internal/build/docker.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package build
 
 import (
diff --git a/testing/deployer/sprawl/internal/runner/exec.go b/testing/deployer/sprawl/internal/runner/exec.go
index 896d8f0d79b5..1c2a8a1d311b 100644
--- a/testing/deployer/sprawl/internal/runner/exec.go
+++ b/testing/deployer/sprawl/internal/runner/exec.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package runner
 
 import (
diff --git a/testing/deployer/sprawl/internal/secrets/store.go b/testing/deployer/sprawl/internal/secrets/store.go
index 4430686cb28a..0cacf88b256e 100644
--- a/testing/deployer/sprawl/internal/secrets/store.go
+++ b/testing/deployer/sprawl/internal/secrets/store.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package secrets
 
 import (
diff --git a/testing/deployer/sprawl/internal/tfgen/agent.go b/testing/deployer/sprawl/internal/tfgen/agent.go
index 43e1fe1db17d..d884d200d2e9 100644
--- a/testing/deployer/sprawl/internal/tfgen/agent.go
+++ b/testing/deployer/sprawl/internal/tfgen/agent.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 import (
diff --git a/testing/deployer/sprawl/internal/tfgen/digest.go b/testing/deployer/sprawl/internal/tfgen/digest.go
index 28e364417bce..e840f91ee67b 100644
--- a/testing/deployer/sprawl/internal/tfgen/digest.go
+++ b/testing/deployer/sprawl/internal/tfgen/digest.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 import (
diff --git a/testing/deployer/sprawl/internal/tfgen/dns.go b/testing/deployer/sprawl/internal/tfgen/dns.go
index c60a19bb0c28..6c3e5ca62469 100644
--- a/testing/deployer/sprawl/internal/tfgen/dns.go
+++ b/testing/deployer/sprawl/internal/tfgen/dns.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 import (
diff --git a/testing/deployer/sprawl/internal/tfgen/docker.go b/testing/deployer/sprawl/internal/tfgen/docker.go
index f2a655feccd0..bc8bd657563d 100644
--- a/testing/deployer/sprawl/internal/tfgen/docker.go
+++ b/testing/deployer/sprawl/internal/tfgen/docker.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 import (
diff --git a/testing/deployer/sprawl/internal/tfgen/docker_test.go b/testing/deployer/sprawl/internal/tfgen/docker_test.go
index 97f38bc530cd..942b87189fca 100644
--- a/testing/deployer/sprawl/internal/tfgen/docker_test.go
+++ b/testing/deployer/sprawl/internal/tfgen/docker_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 import (
diff --git a/testing/deployer/sprawl/internal/tfgen/gen.go b/testing/deployer/sprawl/internal/tfgen/gen.go
index 9e34edacdd1c..b576f2c93e59 100644
--- a/testing/deployer/sprawl/internal/tfgen/gen.go
+++ b/testing/deployer/sprawl/internal/tfgen/gen.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 import (
diff --git a/testing/deployer/sprawl/internal/tfgen/io.go b/testing/deployer/sprawl/internal/tfgen/io.go
index cd622536455b..160e85be316b 100644
--- a/testing/deployer/sprawl/internal/tfgen/io.go
+++ b/testing/deployer/sprawl/internal/tfgen/io.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 import (
diff --git a/testing/deployer/sprawl/internal/tfgen/nodes.go b/testing/deployer/sprawl/internal/tfgen/nodes.go
index 1c521f21c25b..7b7addfb207b 100644
--- a/testing/deployer/sprawl/internal/tfgen/nodes.go
+++ b/testing/deployer/sprawl/internal/tfgen/nodes.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 import (
diff --git a/testing/deployer/sprawl/internal/tfgen/prelude.go b/testing/deployer/sprawl/internal/tfgen/prelude.go
index 7a10c8c5da25..2e9a01cb0805 100644
--- a/testing/deployer/sprawl/internal/tfgen/prelude.go
+++ b/testing/deployer/sprawl/internal/tfgen/prelude.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 const terraformPrelude = `provider "docker" {
diff --git a/testing/deployer/sprawl/internal/tfgen/proxy.go b/testing/deployer/sprawl/internal/tfgen/proxy.go
index 9c4c6bb4575a..0fafa9b925e9 100644
--- a/testing/deployer/sprawl/internal/tfgen/proxy.go
+++ b/testing/deployer/sprawl/internal/tfgen/proxy.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 import (
diff --git a/testing/deployer/sprawl/internal/tfgen/res.go b/testing/deployer/sprawl/internal/tfgen/res.go
index c48cd7d8f216..a45c460793d2 100644
--- a/testing/deployer/sprawl/internal/tfgen/res.go
+++ b/testing/deployer/sprawl/internal/tfgen/res.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 import (
diff --git a/testing/deployer/sprawl/internal/tfgen/tfgen.go b/testing/deployer/sprawl/internal/tfgen/tfgen.go
index 7eeb84b16789..e752528ef161 100644
--- a/testing/deployer/sprawl/internal/tfgen/tfgen.go
+++ b/testing/deployer/sprawl/internal/tfgen/tfgen.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package tfgen
 
 import (
diff --git a/testing/deployer/sprawl/peering.go b/testing/deployer/sprawl/peering.go
index e88786a1b0d4..5275161cfd9a 100644
--- a/testing/deployer/sprawl/peering.go
+++ b/testing/deployer/sprawl/peering.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import (
diff --git a/testing/deployer/sprawl/sprawl.go b/testing/deployer/sprawl/sprawl.go
index 7a3335bc0a1f..a4b27597626e 100644
--- a/testing/deployer/sprawl/sprawl.go
+++ b/testing/deployer/sprawl/sprawl.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import (
diff --git a/testing/deployer/sprawl/sprawltest/sprawltest.go b/testing/deployer/sprawl/sprawltest/sprawltest.go
index 23ff44779b2c..2fe10537459c 100644
--- a/testing/deployer/sprawl/sprawltest/sprawltest.go
+++ b/testing/deployer/sprawl/sprawltest/sprawltest.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawltest
 
 import (
diff --git a/testing/deployer/sprawl/sprawltest/test_test.go b/testing/deployer/sprawl/sprawltest/test_test.go
index cdbeb4be52e5..1bb69ea77efe 100644
--- a/testing/deployer/sprawl/sprawltest/test_test.go
+++ b/testing/deployer/sprawl/sprawltest/test_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawltest_test
 
 import (
diff --git a/testing/deployer/sprawl/tls.go b/testing/deployer/sprawl/tls.go
index 748e85dd6b6f..4ba26432f1e1 100644
--- a/testing/deployer/sprawl/tls.go
+++ b/testing/deployer/sprawl/tls.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package sprawl
 
 import (
diff --git a/testing/deployer/topology/compile.go b/testing/deployer/topology/compile.go
index 2bdf9ad2c2bc..2fa90912ed0a 100644
--- a/testing/deployer/topology/compile.go
+++ b/testing/deployer/topology/compile.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package topology
 
 import (
diff --git a/testing/deployer/topology/default_cdp.go b/testing/deployer/topology/default_cdp.go
index eb3aa5bd20be..22424d2dd121 100644
--- a/testing/deployer/topology/default_cdp.go
+++ b/testing/deployer/topology/default_cdp.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package topology
 
 const DefaultDataplaneImage = "hashicorp/consul-dataplane:1.1.0"
diff --git a/testing/deployer/topology/default_consul.go b/testing/deployer/topology/default_consul.go
index e65b42cfd8b1..f9542f16643d 100644
--- a/testing/deployer/topology/default_consul.go
+++ b/testing/deployer/topology/default_consul.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package topology
 
 const DefaultConsulImage = "hashicorp/consul:1.15.2"
diff --git a/testing/deployer/topology/default_envoy.go b/testing/deployer/topology/default_envoy.go
index 05ee5d5e5ad1..c557a318a17f 100644
--- a/testing/deployer/topology/default_envoy.go
+++ b/testing/deployer/topology/default_envoy.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package topology
 
 const DefaultEnvoyImage = "envoyproxy/envoy:v1.25.1"
diff --git a/testing/deployer/topology/ids.go b/testing/deployer/topology/ids.go
index 372bccec36a3..b3268d517f68 100644
--- a/testing/deployer/topology/ids.go
+++ b/testing/deployer/topology/ids.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package topology
 
 import (
diff --git a/testing/deployer/topology/images.go b/testing/deployer/topology/images.go
index 25901de66f02..ce265b397437 100644
--- a/testing/deployer/topology/images.go
+++ b/testing/deployer/topology/images.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package topology
 
 import (
diff --git a/testing/deployer/topology/images_test.go b/testing/deployer/topology/images_test.go
index a8af9029d1a9..d3ea2136e260 100644
--- a/testing/deployer/topology/images_test.go
+++ b/testing/deployer/topology/images_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package topology
 
 import (
diff --git a/testing/deployer/topology/topology.go b/testing/deployer/topology/topology.go
index fbdf2605d53f..b48543661268 100644
--- a/testing/deployer/topology/topology.go
+++ b/testing/deployer/topology/topology.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package topology
 
 import (
diff --git a/testing/deployer/topology/util.go b/testing/deployer/topology/util.go
index c09021763368..a6d6670c2655 100644
--- a/testing/deployer/topology/util.go
+++ b/testing/deployer/topology/util.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package topology
 
 func MergeSlices[V any](x, y []V) []V {
diff --git a/testing/deployer/topology/util_test.go b/testing/deployer/topology/util_test.go
index fa0b6670f369..a858a4e69814 100644
--- a/testing/deployer/topology/util_test.go
+++ b/testing/deployer/topology/util_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package topology
 
 import (
diff --git a/testing/deployer/util/consul.go b/testing/deployer/util/consul.go
index 5fe7a460e408..d3ebc037a9fe 100644
--- a/testing/deployer/util/consul.go
+++ b/testing/deployer/util/consul.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package util
 
 import (
diff --git a/testing/deployer/util/files.go b/testing/deployer/util/files.go
index fad1109d3207..5929f227e501 100644
--- a/testing/deployer/util/files.go
+++ b/testing/deployer/util/files.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package util
 
 import (
diff --git a/testing/deployer/util/internal/ipamutils/utils.go b/testing/deployer/util/internal/ipamutils/utils.go
index a0bf403c0f4e..11367cc176bb 100644
--- a/testing/deployer/util/internal/ipamutils/utils.go
+++ b/testing/deployer/util/internal/ipamutils/utils.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 // Package ipamutils provides utility functions for ipam management
 package ipamutils
 
diff --git a/testing/deployer/util/internal/ipamutils/utils_test.go b/testing/deployer/util/internal/ipamutils/utils_test.go
index dd3c0e701504..e91ae258cb91 100644
--- a/testing/deployer/util/internal/ipamutils/utils_test.go
+++ b/testing/deployer/util/internal/ipamutils/utils_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package ipamutils
 
 import (
diff --git a/testing/deployer/util/net.go b/testing/deployer/util/net.go
index 0ca297d2051a..83ca01761b48 100644
--- a/testing/deployer/util/net.go
+++ b/testing/deployer/util/net.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package util
 
 import (
diff --git a/testrpc/wait.go b/testrpc/wait.go
index acd9524d78f3..ca315d28539e 100644
--- a/testrpc/wait.go
+++ b/testrpc/wait.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package testrpc
 
diff --git a/tlsutil/config.go b/tlsutil/config.go
index a52d6b6ad829..5cba2597f19d 100644
--- a/tlsutil/config.go
+++ b/tlsutil/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tlsutil
 
diff --git a/tlsutil/config_test.go b/tlsutil/config_test.go
index 721198afe83b..8054b08ecd92 100644
--- a/tlsutil/config_test.go
+++ b/tlsutil/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 //go:build !fips
 // +build !fips
 
diff --git a/tlsutil/generate.go b/tlsutil/generate.go
index a92f76f9201c..907d7ba99694 100644
--- a/tlsutil/generate.go
+++ b/tlsutil/generate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tlsutil
 
diff --git a/tlsutil/generate_test.go b/tlsutil/generate_test.go
index ddceefe2cd5a..da3fd29af1f9 100644
--- a/tlsutil/generate_test.go
+++ b/tlsutil/generate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package tlsutil
 
diff --git a/tools/internal-grpc-proxy/main.go b/tools/internal-grpc-proxy/main.go
index fda3d2f04446..5a4218e8fa46 100644
--- a/tools/internal-grpc-proxy/main.go
+++ b/tools/internal-grpc-proxy/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package main
 
diff --git a/troubleshoot/proxy/certs.go b/troubleshoot/proxy/certs.go
index 083f1873b528..8f0c09b0293e 100644
--- a/troubleshoot/proxy/certs.go
+++ b/troubleshoot/proxy/certs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/certs_test.go b/troubleshoot/proxy/certs_test.go
index ec3ead7e0227..e3db4dc009c5 100644
--- a/troubleshoot/proxy/certs_test.go
+++ b/troubleshoot/proxy/certs_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/stats.go b/troubleshoot/proxy/stats.go
index 0ae4f68c8d10..249dce07db04 100644
--- a/troubleshoot/proxy/stats.go
+++ b/troubleshoot/proxy/stats.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/troubleshoot_proxy.go b/troubleshoot/proxy/troubleshoot_proxy.go
index 5dac26752e43..4cd422b0d4b8 100644
--- a/troubleshoot/proxy/troubleshoot_proxy.go
+++ b/troubleshoot/proxy/troubleshoot_proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/upstreams.go b/troubleshoot/proxy/upstreams.go
index c42f6b971665..62f08572059a 100644
--- a/troubleshoot/proxy/upstreams.go
+++ b/troubleshoot/proxy/upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/upstreams_test.go b/troubleshoot/proxy/upstreams_test.go
index a000738acde0..a2f0bf60b08e 100644
--- a/troubleshoot/proxy/upstreams_test.go
+++ b/troubleshoot/proxy/upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/utils.go b/troubleshoot/proxy/utils.go
index b812272942c6..78fadaed119e 100644
--- a/troubleshoot/proxy/utils.go
+++ b/troubleshoot/proxy/utils.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/validateupstream.go b/troubleshoot/proxy/validateupstream.go
index 64be9d02e172..02c355f40e70 100644
--- a/troubleshoot/proxy/validateupstream.go
+++ b/troubleshoot/proxy/validateupstream.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/validateupstream_test.go b/troubleshoot/proxy/validateupstream_test.go
index 8709c42d9212..ddeca9b1cd72 100644
--- a/troubleshoot/proxy/validateupstream_test.go
+++ b/troubleshoot/proxy/validateupstream_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package troubleshoot
 
diff --git a/troubleshoot/validate/validate.go b/troubleshoot/validate/validate.go
index f7c6299f9984..93d26bb42ed1 100644
--- a/troubleshoot/validate/validate.go
+++ b/troubleshoot/validate/validate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package validate
 
diff --git a/troubleshoot/validate/validate_test.go b/troubleshoot/validate/validate_test.go
index 9d779c48f466..b9e2aeed611f 100644
--- a/troubleshoot/validate/validate_test.go
+++ b/troubleshoot/validate/validate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package validate
 
diff --git a/types/area.go b/types/area.go
index 30207cd2c388..7cd0af35fb5c 100644
--- a/types/area.go
+++ b/types/area.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/types/checks.go b/types/checks.go
index 172330267db6..d119319f413e 100644
--- a/types/checks.go
+++ b/types/checks.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/types/node_id.go b/types/node_id.go
index c404b02bea35..868dbf52a9a0 100644
--- a/types/node_id.go
+++ b/types/node_id.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/types/tls.go b/types/tls.go
index b113c29030a7..e4788819b8c3 100644
--- a/types/tls.go
+++ b/types/tls.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/types/tls_test.go b/types/tls_test.go
index a41817af32cd..a988cfbc9fb7 100644
--- a/types/tls_test.go
+++ b/types/tls_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package types
 
diff --git a/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs b/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs
index afee0962633f..a13efa37c19d 100644
--- a/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs
+++ b/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <li 
diff --git a/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs b/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs
index 81de70779c25..1ded54b9434d 100644
--- a/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs
+++ b/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (can 'use acls')}}
diff --git a/ui/packages/consul-acls/app/components/consul/token/selector/index.js b/ui/packages/consul-acls/app/components/consul/token/selector/index.js
index ca302abf2d39..3fa73eac0ee9 100644
--- a/ui/packages/consul-acls/app/components/consul/token/selector/index.js
+++ b/ui/packages/consul-acls/app/components/consul/token/selector/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-acls/vendor/consul-acls/routes.js b/ui/packages/consul-acls/vendor/consul-acls/routes.js
index 4db571e9cbaf..ff26d766d7bf 100644
--- a/ui/packages/consul-acls/vendor/consul-acls/routes.js
+++ b/ui/packages/consul-acls/vendor/consul-acls/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (routes => routes({
diff --git a/ui/packages/consul-acls/vendor/consul-acls/services.js b/ui/packages/consul-acls/vendor/consul-acls/services.js
index 74e67ac3a2b8..1654b41eeea7 100644
--- a/ui/packages/consul-acls/vendor/consul-acls/services.js
+++ b/ui/packages/consul-acls/vendor/consul-acls/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (services => services({
diff --git a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs
index 55c6531d2be4..bb5a1fc32a98 100644
--- a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs
+++ b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.scss b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.scss
index a5ad90b5799f..5d268de6dd6d 100644
--- a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.scss
+++ b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-hcp-home {
diff --git a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js
index a94b9beeb965..962a7c7c4a8a 100644
--- a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js
+++ b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-hcp/vendor/consul-hcp/routes.js b/ui/packages/consul-hcp/vendor/consul-hcp/routes.js
index 34534c8bc146..ab573dea56ad 100644
--- a/ui/packages/consul-hcp/vendor/consul-hcp/routes.js
+++ b/ui/packages/consul-hcp/vendor/consul-hcp/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (routes => routes({
diff --git a/ui/packages/consul-hcp/vendor/consul-hcp/services.js b/ui/packages/consul-hcp/vendor/consul-hcp/services.js
index c95daf828c76..d1c7820f7da5 100644
--- a/ui/packages/consul-hcp/vendor/consul-hcp/services.js
+++ b/ui/packages/consul-hcp/vendor/consul-hcp/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (services => services({
diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.hbs b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.hbs
index f7cffddd8b77..d84292c72fba 100644
--- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.hbs
+++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.scss b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.scss
index bf8e39036772..b34e73f03db2 100644
--- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.scss
+++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-lock-session-form {
diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs
index 69abb15637a9..247b0dd8fc9d 100644
--- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs
+++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.scss b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.scss
index 5182136a3b53..503e5192f473 100644
--- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.scss
+++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-lock-session-list ul > li:not(:first-child) {
diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/index.hbs b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/index.hbs
index 5f2847d11f01..12c1391161b9 100644
--- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/index.hbs
+++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (eq @type 'remove')}}
diff --git a/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs b/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs
index 6f18f84b2885..61c679aa2f1f 100644
--- a/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs
+++ b/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/routes.js b/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/routes.js
index 9da5bcaddff2..102e9ffe0736 100644
--- a/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/routes.js
+++ b/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (routes => routes({
diff --git a/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/services.js b/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/services.js
index 74e67ac3a2b8..1654b41eeea7 100644
--- a/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/services.js
+++ b/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (services => services({
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.hbs b/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.hbs
index 6621cf73f8ea..52b39bd9df59 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.hbs
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div class="consul-nspace-form" ...attributes>
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.js b/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.js
index 42fb75ecdbd9..df8978572e59 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.js
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from "@glimmer/component";
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/list/index.hbs b/ui/packages/consul-nspaces/app/components/consul/nspace/list/index.hbs
index b1677012e108..b503aefa0efd 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/list/index.hbs
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/list/pageobject.js b/ui/packages/consul-nspaces/app/components/consul/nspace/list/pageobject.js
index 63bdfb57675e..b46f42af8a43 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/list/pageobject.js
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (collection, clickable, attribute, text, actions) => () => {
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/notifications/index.hbs b/ui/packages/consul-nspaces/app/components/consul/nspace/notifications/index.hbs
index 4f8269aa52a5..67d44210f207 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/notifications/index.hbs
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (eq @type 'remove')}}
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/search-bar/index.hbs b/ui/packages/consul-nspaces/app/components/consul/nspace/search-bar/index.hbs
index 49819ebb9b91..f438d18dce2a 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/search-bar/index.hbs
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs b/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs
index 6c78dd652c8c..8ddb666e13c5 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (can "use nspaces")}}
diff --git a/ui/packages/consul-nspaces/app/templates/dc/nspaces/edit.hbs b/ui/packages/consul-nspaces/app/templates/dc/nspaces/edit.hbs
index 75f8d10c7141..cae8066f0ec6 100644
--- a/ui/packages/consul-nspaces/app/templates/dc/nspaces/edit.hbs
+++ b/ui/packages/consul-nspaces/app/templates/dc/nspaces/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-nspaces/app/templates/dc/nspaces/index.hbs b/ui/packages/consul-nspaces/app/templates/dc/nspaces/index.hbs
index 9082d49f13d9..00a0ccc97818 100644
--- a/ui/packages/consul-nspaces/app/templates/dc/nspaces/index.hbs
+++ b/ui/packages/consul-nspaces/app/templates/dc/nspaces/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-nspaces/vendor/consul-nspaces/routes.js b/ui/packages/consul-nspaces/vendor/consul-nspaces/routes.js
index cf17f5cbc0a8..5c43e6f6a431 100644
--- a/ui/packages/consul-nspaces/vendor/consul-nspaces/routes.js
+++ b/ui/packages/consul-nspaces/vendor/consul-nspaces/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (routes => routes({
diff --git a/ui/packages/consul-nspaces/vendor/consul-nspaces/services.js b/ui/packages/consul-nspaces/vendor/consul-nspaces/services.js
index 74e67ac3a2b8..1654b41eeea7 100644
--- a/ui/packages/consul-nspaces/vendor/consul-nspaces/services.js
+++ b/ui/packages/consul-nspaces/vendor/consul-nspaces/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (services => services({
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/form/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/form/index.hbs
index b9e16298a014..03119b64106d 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/form/index.hbs
+++ b/ui/packages/consul-partitions/app/components/consul/partition/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/list/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/list/index.hbs
index 437f17959a8e..47f3707b6312 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/list/index.hbs
+++ b/ui/packages/consul-partitions/app/components/consul/partition/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/list/test-support.js b/ui/packages/consul-partitions/app/components/consul/partition/list/test-support.js
index 5ab93a38e495..2524ce36c579 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/list/test-support.js
+++ b/ui/packages/consul-partitions/app/components/consul/partition/list/test-support.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export const selectors = () => ({
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/notifications/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/notifications/index.hbs
index 082fcf652cfb..d97ff184f965 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/notifications/index.hbs
+++ b/ui/packages/consul-partitions/app/components/consul/partition/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (eq @type 'remove')}}
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs
index 77e4d6b27d21..56fa44084a7b 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs
+++ b/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs
index 6897391efa88..b9727a9de96e 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs
+++ b/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let
diff --git a/ui/packages/consul-partitions/app/templates/dc/partitions/edit.hbs b/ui/packages/consul-partitions/app/templates/dc/partitions/edit.hbs
index 4414ba3c8ed3..d08246cd8fc0 100644
--- a/ui/packages/consul-partitions/app/templates/dc/partitions/edit.hbs
+++ b/ui/packages/consul-partitions/app/templates/dc/partitions/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-partitions/app/templates/dc/partitions/index.hbs b/ui/packages/consul-partitions/app/templates/dc/partitions/index.hbs
index 5495ed18ae4b..ed9c8a521d33 100644
--- a/ui/packages/consul-partitions/app/templates/dc/partitions/index.hbs
+++ b/ui/packages/consul-partitions/app/templates/dc/partitions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-partitions/vendor/consul-partitions/routes.js b/ui/packages/consul-partitions/vendor/consul-partitions/routes.js
index e560c822fbc1..a373e914e541 100644
--- a/ui/packages/consul-partitions/vendor/consul-partitions/routes.js
+++ b/ui/packages/consul-partitions/vendor/consul-partitions/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (routes => routes({
diff --git a/ui/packages/consul-partitions/vendor/consul-partitions/services.js b/ui/packages/consul-partitions/vendor/consul-partitions/services.js
index 8c9440bce3cd..1cf59ee066ca 100644
--- a/ui/packages/consul-partitions/vendor/consul-partitions/services.js
+++ b/ui/packages/consul-partitions/vendor/consul-partitions/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (services => services({
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs
index eccac17174b6..bc6294e015f0 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Providers::Dimension as |p|>
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.scss
index 3c4951829bc0..6816f4934f59 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.scss
+++ b/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .border-bottom-primary {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/bento-box/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/bento-box/index.hbs
index b949548612b3..b0f633718ec2 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/bento-box/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/bento-box/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Hds::Card::Container @level="base" @hasBorder={{true}} class="mt-6 mb-3">
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/components.scss b/ui/packages/consul-peerings/app/components/consul/peer/components.scss
index 1e20d8b236fe..ad5f5cd29691 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/components.scss
+++ b/ui/packages/consul-peerings/app/components/consul/peer/components.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %pill-pending::before,
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js b/ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js
index af8a7570225a..2380c523b4ce 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs
index f5f66960bb48..1c16d1d533dc 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Hds::Button
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js
index 34d2297899b1..504b2c5a7ea5 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs
index ff7442cdfa61..d17bc34a7279 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div class={{class-map "consul-peer-form-generate-fieldsets"}} ...attributes>
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.js b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.js
index 708b52fd8b11..a037015d1d85 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.js
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs
index 217818abd2a3..d6493c895c6d 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div class={{class-map "consul-peer-form-generate"}} ...attributes>
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs
index a0e151f2f64e..031ffead3ccc 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div class={{class-map "consul-peer-form"}} ...attributes>
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss
index bca9acedd661..830cced098ae 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-peer-form {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs
index 2aba71c1a0b0..f5f4c4864f4b 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Hds::Button
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs
index 124996fe1810..28228a8c8d0d 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs
index 1a8f534ec720..c26d91956c1c 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div class={{class-map "consul-peer-form-initiate"}} ...attributes>
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs
index b3f455833a4e..feb85bf4a25e 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
index 6568638a3224..3c881cd1ed1b 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if @regenerate}}
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/index.scss
index db9d677688a4..c7e6b20eaf06 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/index.scss
+++ b/ui/packages/consul-peerings/app/components/consul/peer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './components';
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/list/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/list/index.hbs
index a1af71ce11eb..b0d10e1f8a74 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/list/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/list/test-support.js b/ui/packages/consul-peerings/app/components/consul/peer/list/test-support.js
index 01d89268e454..4edc13caf176 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/list/test-support.js
+++ b/ui/packages/consul-peerings/app/components/consul/peer/list/test-support.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export const selectors = {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/notifications/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/notifications/index.hbs
index 7c919f8c856c..782b755a8075 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/notifications/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (eq @type 'remove')}}
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.hbs
index e7e895a316c7..475c8a2b5a1d 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.scss
index 73e32faff874..aa288d06710f 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.scss
+++ b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-peer-search-bar {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs
index 3d86da42fd48..2fe51c760c68 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <li 
diff --git a/ui/packages/consul-peerings/app/controllers/dc/peers/index.js b/ui/packages/consul-peerings/app/controllers/dc/peers/index.js
index 82b35ae69732..2cf68beb7cab 100644
--- a/ui/packages/consul-peerings/app/controllers/dc/peers/index.js
+++ b/ui/packages/consul-peerings/app/controllers/dc/peers/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Controller from "@ember/controller";
diff --git a/ui/packages/consul-peerings/app/controllers/dc/peers/show/exported.js b/ui/packages/consul-peerings/app/controllers/dc/peers/show/exported.js
index 612e958e9e9a..33b2a8ceb42d 100644
--- a/ui/packages/consul-peerings/app/controllers/dc/peers/show/exported.js
+++ b/ui/packages/consul-peerings/app/controllers/dc/peers/show/exported.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Controller from "@ember/controller";
diff --git a/ui/packages/consul-peerings/app/controllers/dc/peers/show/index.js b/ui/packages/consul-peerings/app/controllers/dc/peers/show/index.js
index 8044c8c021d3..ddef44c025a1 100644
--- a/ui/packages/consul-peerings/app/controllers/dc/peers/show/index.js
+++ b/ui/packages/consul-peerings/app/controllers/dc/peers/show/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Controller from "@ember/controller";
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/index.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/index.hbs
index 0a3448704459..76a2847b3890 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/index.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/show.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/show.hbs
index 93df6f79c7a1..843c54adf8ef 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/show.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/show.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/show/addresses.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/show/addresses.hbs
index a8d46aeee7dd..5845f97f5456 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/show/addresses.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/show/addresses.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/show/exported.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/show/exported.hbs
index b25af6128fd6..35198bfe8df3 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/show/exported.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/show/exported.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs
index 05832b1c5480..c7d32b3b16db 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/show/index.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/show/index.hbs
index acdf7641c14a..9a077304e400 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/show/index.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/show/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/vendor/consul-peerings/routes.js b/ui/packages/consul-peerings/vendor/consul-peerings/routes.js
index a8748cec3a3e..4ce314ba540d 100644
--- a/ui/packages/consul-peerings/vendor/consul-peerings/routes.js
+++ b/ui/packages/consul-peerings/vendor/consul-peerings/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 ((routes) =>
diff --git a/ui/packages/consul-peerings/vendor/consul-peerings/services.js b/ui/packages/consul-peerings/vendor/consul-peerings/services.js
index 2601489b0bcf..afad1c0e8446 100644
--- a/ui/packages/consul-peerings/vendor/consul-peerings/services.js
+++ b/ui/packages/consul-peerings/vendor/consul-peerings/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (services => services({
diff --git a/ui/packages/consul-ui/.docfy-config.js b/ui/packages/consul-ui/.docfy-config.js
index c8308a5854c2..65bfd7401ff5 100644
--- a/ui/packages/consul-ui/.docfy-config.js
+++ b/ui/packages/consul-ui/.docfy-config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 const path = require('path');
diff --git a/ui/packages/consul-ui/.eslintrc.js b/ui/packages/consul-ui/.eslintrc.js
index c8397263b5ea..114ea2c2f7d3 100644
--- a/ui/packages/consul-ui/.eslintrc.js
+++ b/ui/packages/consul-ui/.eslintrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 module.exports = {
diff --git a/ui/packages/consul-ui/.istanbul.yml b/ui/packages/consul-ui/.istanbul.yml
index 45e59c85a107..636bf0e77b0a 100644
--- a/ui/packages/consul-ui/.istanbul.yml
+++ b/ui/packages/consul-ui/.istanbul.yml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 instrumentation:
   excludes: [
diff --git a/ui/packages/consul-ui/.prettierrc.js b/ui/packages/consul-ui/.prettierrc.js
index cd0cb10db33a..4833e3531de5 100644
--- a/ui/packages/consul-ui/.prettierrc.js
+++ b/ui/packages/consul-ui/.prettierrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/.template-lintrc.js b/ui/packages/consul-ui/.template-lintrc.js
index 2acbc36ee99f..868e880ed35a 100644
--- a/ui/packages/consul-ui/.template-lintrc.js
+++ b/ui/packages/consul-ui/.template-lintrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/app/abilities/acl.js b/ui/packages/consul-ui/app/abilities/acl.js
index c8667d6e72d0..32701965184f 100644
--- a/ui/packages/consul-ui/app/abilities/acl.js
+++ b/ui/packages/consul-ui/app/abilities/acl.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/auth-method.js b/ui/packages/consul-ui/app/abilities/auth-method.js
index 92e805cc7d26..de92c39c259d 100644
--- a/ui/packages/consul-ui/app/abilities/auth-method.js
+++ b/ui/packages/consul-ui/app/abilities/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/base.js b/ui/packages/consul-ui/app/abilities/base.js
index 663b107d6392..c2f58ab7b485 100644
--- a/ui/packages/consul-ui/app/abilities/base.js
+++ b/ui/packages/consul-ui/app/abilities/base.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/abilities/intention.js b/ui/packages/consul-ui/app/abilities/intention.js
index 0ae68551b922..27c7dc50c3e7 100644
--- a/ui/packages/consul-ui/app/abilities/intention.js
+++ b/ui/packages/consul-ui/app/abilities/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/kv.js b/ui/packages/consul-ui/app/abilities/kv.js
index 7b32d1b4d9ca..bfcaca43fd9a 100644
--- a/ui/packages/consul-ui/app/abilities/kv.js
+++ b/ui/packages/consul-ui/app/abilities/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility, { ACCESS_LIST } from './base';
diff --git a/ui/packages/consul-ui/app/abilities/license.js b/ui/packages/consul-ui/app/abilities/license.js
index a1cd4f96982a..82affe7cff2c 100644
--- a/ui/packages/consul-ui/app/abilities/license.js
+++ b/ui/packages/consul-ui/app/abilities/license.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/node.js b/ui/packages/consul-ui/app/abilities/node.js
index aaf63243d52f..51b92aa131f2 100644
--- a/ui/packages/consul-ui/app/abilities/node.js
+++ b/ui/packages/consul-ui/app/abilities/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/nspace.js b/ui/packages/consul-ui/app/abilities/nspace.js
index b561700b18db..994b51f41de3 100644
--- a/ui/packages/consul-ui/app/abilities/nspace.js
+++ b/ui/packages/consul-ui/app/abilities/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/overview.js b/ui/packages/consul-ui/app/abilities/overview.js
index cbd6ecd8606a..4381ecf537ae 100644
--- a/ui/packages/consul-ui/app/abilities/overview.js
+++ b/ui/packages/consul-ui/app/abilities/overview.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/partition.js b/ui/packages/consul-ui/app/abilities/partition.js
index 3dade71b7714..b884e058498a 100644
--- a/ui/packages/consul-ui/app/abilities/partition.js
+++ b/ui/packages/consul-ui/app/abilities/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from 'consul-ui/abilities/base';
diff --git a/ui/packages/consul-ui/app/abilities/peer.js b/ui/packages/consul-ui/app/abilities/peer.js
index b564c731d5b6..7a52ed430091 100644
--- a/ui/packages/consul-ui/app/abilities/peer.js
+++ b/ui/packages/consul-ui/app/abilities/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from 'consul-ui/abilities/base';
diff --git a/ui/packages/consul-ui/app/abilities/permission.js b/ui/packages/consul-ui/app/abilities/permission.js
index 8856b4c1bc19..41b2e5a7076f 100644
--- a/ui/packages/consul-ui/app/abilities/permission.js
+++ b/ui/packages/consul-ui/app/abilities/permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/policy.js b/ui/packages/consul-ui/app/abilities/policy.js
index 38c15963ed87..4c7ee5a32d9f 100644
--- a/ui/packages/consul-ui/app/abilities/policy.js
+++ b/ui/packages/consul-ui/app/abilities/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/role.js b/ui/packages/consul-ui/app/abilities/role.js
index 19ab731169ac..457fb1bea9cc 100644
--- a/ui/packages/consul-ui/app/abilities/role.js
+++ b/ui/packages/consul-ui/app/abilities/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/server.js b/ui/packages/consul-ui/app/abilities/server.js
index 55cee3bbd04c..b6acef100cc7 100644
--- a/ui/packages/consul-ui/app/abilities/server.js
+++ b/ui/packages/consul-ui/app/abilities/server.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/service-instance.js b/ui/packages/consul-ui/app/abilities/service-instance.js
index e424bb608f74..2f00b9857fcb 100644
--- a/ui/packages/consul-ui/app/abilities/service-instance.js
+++ b/ui/packages/consul-ui/app/abilities/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility, { ACCESS_READ, ACCESS_WRITE } from './base';
diff --git a/ui/packages/consul-ui/app/abilities/session.js b/ui/packages/consul-ui/app/abilities/session.js
index 6a9554ae902b..dd505eea2d06 100644
--- a/ui/packages/consul-ui/app/abilities/session.js
+++ b/ui/packages/consul-ui/app/abilities/session.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/token.js b/ui/packages/consul-ui/app/abilities/token.js
index d09692e42f5f..e8880daf6c43 100644
--- a/ui/packages/consul-ui/app/abilities/token.js
+++ b/ui/packages/consul-ui/app/abilities/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/upstream.js b/ui/packages/consul-ui/app/abilities/upstream.js
index d8e5090b505c..55cf1d0d0ebc 100644
--- a/ui/packages/consul-ui/app/abilities/upstream.js
+++ b/ui/packages/consul-ui/app/abilities/upstream.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/zervice.js b/ui/packages/consul-ui/app/abilities/zervice.js
index 0b143c5b8fbc..0fadbcb7c6e7 100644
--- a/ui/packages/consul-ui/app/abilities/zervice.js
+++ b/ui/packages/consul-ui/app/abilities/zervice.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/zone.js b/ui/packages/consul-ui/app/abilities/zone.js
index 18a1bf4d71b9..3f141319f911 100644
--- a/ui/packages/consul-ui/app/abilities/zone.js
+++ b/ui/packages/consul-ui/app/abilities/zone.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/adapters/application.js b/ui/packages/consul-ui/app/adapters/application.js
index 1154b2473278..d0010c784b3a 100644
--- a/ui/packages/consul-ui/app/adapters/application.js
+++ b/ui/packages/consul-ui/app/adapters/application.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './http';
diff --git a/ui/packages/consul-ui/app/adapters/auth-method.js b/ui/packages/consul-ui/app/adapters/auth-method.js
index 6d3fbfeb2bf8..97153a3fcbe8 100644
--- a/ui/packages/consul-ui/app/adapters/auth-method.js
+++ b/ui/packages/consul-ui/app/adapters/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/binding-rule.js b/ui/packages/consul-ui/app/adapters/binding-rule.js
index 026674c7584c..49029ce7a724 100644
--- a/ui/packages/consul-ui/app/adapters/binding-rule.js
+++ b/ui/packages/consul-ui/app/adapters/binding-rule.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/coordinate.js b/ui/packages/consul-ui/app/adapters/coordinate.js
index a7a0b286c862..fc5eba788cc7 100644
--- a/ui/packages/consul-ui/app/adapters/coordinate.js
+++ b/ui/packages/consul-ui/app/adapters/coordinate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/discovery-chain.js b/ui/packages/consul-ui/app/adapters/discovery-chain.js
index 37879323b20c..6ce0020c6e85 100644
--- a/ui/packages/consul-ui/app/adapters/discovery-chain.js
+++ b/ui/packages/consul-ui/app/adapters/discovery-chain.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/http.js b/ui/packages/consul-ui/app/adapters/http.js
index 89b7f11da4b7..5e9acc62fec8 100644
--- a/ui/packages/consul-ui/app/adapters/http.js
+++ b/ui/packages/consul-ui/app/adapters/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/adapters/intention.js b/ui/packages/consul-ui/app/adapters/intention.js
index 3ea6925470ae..b47d179b8446 100644
--- a/ui/packages/consul-ui/app/adapters/intention.js
+++ b/ui/packages/consul-ui/app/adapters/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/kv.js b/ui/packages/consul-ui/app/adapters/kv.js
index e512723702e5..bb29fff4d969 100644
--- a/ui/packages/consul-ui/app/adapters/kv.js
+++ b/ui/packages/consul-ui/app/adapters/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/node.js b/ui/packages/consul-ui/app/adapters/node.js
index be0799a10d6d..5ac1a936005a 100644
--- a/ui/packages/consul-ui/app/adapters/node.js
+++ b/ui/packages/consul-ui/app/adapters/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/nspace.js b/ui/packages/consul-ui/app/adapters/nspace.js
index 3636a363c655..6e9f27dde0a7 100644
--- a/ui/packages/consul-ui/app/adapters/nspace.js
+++ b/ui/packages/consul-ui/app/adapters/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/oidc-provider.js b/ui/packages/consul-ui/app/adapters/oidc-provider.js
index c758a49dcd0a..6fafe51a8569 100644
--- a/ui/packages/consul-ui/app/adapters/oidc-provider.js
+++ b/ui/packages/consul-ui/app/adapters/oidc-provider.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/partition.js b/ui/packages/consul-ui/app/adapters/partition.js
index 4ba23078afb6..b2ec2178de14 100644
--- a/ui/packages/consul-ui/app/adapters/partition.js
+++ b/ui/packages/consul-ui/app/adapters/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/permission.js b/ui/packages/consul-ui/app/adapters/permission.js
index 23b5a2725075..806ed5a3c304 100644
--- a/ui/packages/consul-ui/app/adapters/permission.js
+++ b/ui/packages/consul-ui/app/adapters/permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/policy.js b/ui/packages/consul-ui/app/adapters/policy.js
index 9d1415f3a349..6c959df2d8a4 100644
--- a/ui/packages/consul-ui/app/adapters/policy.js
+++ b/ui/packages/consul-ui/app/adapters/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/proxy.js b/ui/packages/consul-ui/app/adapters/proxy.js
index 782c9e1b7db9..6f37be654011 100644
--- a/ui/packages/consul-ui/app/adapters/proxy.js
+++ b/ui/packages/consul-ui/app/adapters/proxy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/role.js b/ui/packages/consul-ui/app/adapters/role.js
index a64d3db366d2..8773fddeac17 100644
--- a/ui/packages/consul-ui/app/adapters/role.js
+++ b/ui/packages/consul-ui/app/adapters/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/service-instance.js b/ui/packages/consul-ui/app/adapters/service-instance.js
index d02295d898de..e61efc818803 100644
--- a/ui/packages/consul-ui/app/adapters/service-instance.js
+++ b/ui/packages/consul-ui/app/adapters/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/service.js b/ui/packages/consul-ui/app/adapters/service.js
index c3acb927e0dd..c8e6adf82698 100644
--- a/ui/packages/consul-ui/app/adapters/service.js
+++ b/ui/packages/consul-ui/app/adapters/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/session.js b/ui/packages/consul-ui/app/adapters/session.js
index c0c2c5437c8a..3f42ac4bb97c 100644
--- a/ui/packages/consul-ui/app/adapters/session.js
+++ b/ui/packages/consul-ui/app/adapters/session.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/token.js b/ui/packages/consul-ui/app/adapters/token.js
index 555b334e5e5b..7e8e46dacb1b 100644
--- a/ui/packages/consul-ui/app/adapters/token.js
+++ b/ui/packages/consul-ui/app/adapters/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/topology.js b/ui/packages/consul-ui/app/adapters/topology.js
index b12ffc3f9dbf..8ed49fea40fd 100644
--- a/ui/packages/consul-ui/app/adapters/topology.js
+++ b/ui/packages/consul-ui/app/adapters/topology.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/app.js b/ui/packages/consul-ui/app/app.js
index de6711919bb8..43db29bdd35e 100644
--- a/ui/packages/consul-ui/app/app.js
+++ b/ui/packages/consul-ui/app/app.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Application from '@ember/application';
diff --git a/ui/packages/consul-ui/app/components/action/index.hbs b/ui/packages/consul-ui/app/components/action/index.hbs
index 97119fdd477a..ad405278bfc7 100644
--- a/ui/packages/consul-ui/app/components/action/index.hbs
+++ b/ui/packages/consul-ui/app/components/action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if @for~}}
diff --git a/ui/packages/consul-ui/app/components/anchors/index.scss b/ui/packages/consul-ui/app/components/anchors/index.scss
index 9fe7e5079d42..0de89716dbe1 100644
--- a/ui/packages/consul-ui/app/components/anchors/index.scss
+++ b/ui/packages/consul-ui/app/components/anchors/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/anchors/skin.scss b/ui/packages/consul-ui/app/components/anchors/skin.scss
index a34e5becc9e4..53fb0d94617a 100644
--- a/ui/packages/consul-ui/app/components/anchors/skin.scss
+++ b/ui/packages/consul-ui/app/components/anchors/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %anchor-decoration,
diff --git a/ui/packages/consul-ui/app/components/anonymous/index.hbs b/ui/packages/consul-ui/app/components/anonymous/index.hbs
index 0566ddf99b46..8709fc4b8b77 100644
--- a/ui/packages/consul-ui/app/components/anonymous/index.hbs
+++ b/ui/packages/consul-ui/app/components/anonymous/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/anonymous/index.js b/ui/packages/consul-ui/app/components/anonymous/index.js
index 8f027b69f0e0..d99599ac3039 100644
--- a/ui/packages/consul-ui/app/components/anonymous/index.js
+++ b/ui/packages/consul-ui/app/components/anonymous/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/app-error/index.hbs b/ui/packages/consul-ui/app/components/app-error/index.hbs
index 0c087cdd4d97..ca65502f5939 100644
--- a/ui/packages/consul-ui/app/components/app-error/index.hbs
+++ b/ui/packages/consul-ui/app/components/app-error/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <AppView>
diff --git a/ui/packages/consul-ui/app/components/app-view/index.hbs b/ui/packages/consul-ui/app/components/app-view/index.hbs
index 53cf7113b247..3b6ebb26e138 100644
--- a/ui/packages/consul-ui/app/components/app-view/index.hbs
+++ b/ui/packages/consul-ui/app/components/app-view/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/app-view/index.js b/ui/packages/consul-ui/app/components/app-view/index.js
index 6743e59592cd..fad33e6bdfe8 100644
--- a/ui/packages/consul-ui/app/components/app-view/index.js
+++ b/ui/packages/consul-ui/app/components/app-view/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/app-view/index.scss b/ui/packages/consul-ui/app/components/app-view/index.scss
index 9a4d8fc5cd0e..434898ade93e 100644
--- a/ui/packages/consul-ui/app/components/app-view/index.scss
+++ b/ui/packages/consul-ui/app/components/app-view/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/app-view/layout.scss b/ui/packages/consul-ui/app/components/app-view/layout.scss
index c2f074ed06f4..1e3a95aa0eac 100644
--- a/ui/packages/consul-ui/app/components/app-view/layout.scss
+++ b/ui/packages/consul-ui/app/components/app-view/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* layout */
diff --git a/ui/packages/consul-ui/app/components/app-view/skin.scss b/ui/packages/consul-ui/app/components/app-view/skin.scss
index b88b2ec96220..937ce012fa79 100644
--- a/ui/packages/consul-ui/app/components/app-view/skin.scss
+++ b/ui/packages/consul-ui/app/components/app-view/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %app-view-title {
diff --git a/ui/packages/consul-ui/app/components/app/index.hbs b/ui/packages/consul-ui/app/components/app/index.hbs
index bcda82c46fe8..ba7daf4be232 100644
--- a/ui/packages/consul-ui/app/components/app/index.hbs
+++ b/ui/packages/consul-ui/app/components/app/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let (hash
diff --git a/ui/packages/consul-ui/app/components/app/index.js b/ui/packages/consul-ui/app/components/app/index.js
index 16e171e2d637..d5c47a02b3f1 100644
--- a/ui/packages/consul-ui/app/components/app/index.js
+++ b/ui/packages/consul-ui/app/components/app/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/app/index.scss b/ui/packages/consul-ui/app/components/app/index.scss
index 73d266bdb3ed..7de7fa108413 100644
--- a/ui/packages/consul-ui/app/components/app/index.scss
+++ b/ui/packages/consul-ui/app/components/app/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .app .skip-links {
diff --git a/ui/packages/consul-ui/app/components/app/notification/index.hbs b/ui/packages/consul-ui/app/components/app/notification/index.hbs
index 389dfa50dad7..f7777b43bca9 100644
--- a/ui/packages/consul-ui/app/components/app/notification/index.hbs
+++ b/ui/packages/consul-ui/app/components/app/notification/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/aria-menu/index.hbs b/ui/packages/consul-ui/app/components/aria-menu/index.hbs
index 004eb072e123..aa942d4accd3 100644
--- a/ui/packages/consul-ui/app/components/aria-menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/aria-menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield
diff --git a/ui/packages/consul-ui/app/components/aria-menu/index.js b/ui/packages/consul-ui/app/components/aria-menu/index.js
index d8c9ac0f1ce7..cd3fe673a877 100644
--- a/ui/packages/consul-ui/app/components/aria-menu/index.js
+++ b/ui/packages/consul-ui/app/components/aria-menu/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/auth-dialog/chart.xstate.js b/ui/packages/consul-ui/app/components/auth-dialog/chart.xstate.js
index 74f671cdff4e..26cbcb152e1e 100644
--- a/ui/packages/consul-ui/app/components/auth-dialog/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/auth-dialog/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/auth-dialog/index.hbs b/ui/packages/consul-ui/app/components/auth-dialog/index.hbs
index dec875b16f3a..b6df0330525f 100644
--- a/ui/packages/consul-ui/app/components/auth-dialog/index.hbs
+++ b/ui/packages/consul-ui/app/components/auth-dialog/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <StateChart
diff --git a/ui/packages/consul-ui/app/components/auth-dialog/index.js b/ui/packages/consul-ui/app/components/auth-dialog/index.js
index 52a7eac2393e..fad84e83ac81 100644
--- a/ui/packages/consul-ui/app/components/auth-dialog/index.js
+++ b/ui/packages/consul-ui/app/components/auth-dialog/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/auth-form/chart.xstate.js b/ui/packages/consul-ui/app/components/auth-form/chart.xstate.js
index e1b582b7c7c1..6f81e382641b 100644
--- a/ui/packages/consul-ui/app/components/auth-form/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/auth-form/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/auth-form/index.hbs b/ui/packages/consul-ui/app/components/auth-form/index.hbs
index cf99747d92cf..608709b04890 100644
--- a/ui/packages/consul-ui/app/components/auth-form/index.hbs
+++ b/ui/packages/consul-ui/app/components/auth-form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <StateChart @src={{this.chart}} as |State Guard ChartAction dispatch state|>
diff --git a/ui/packages/consul-ui/app/components/auth-form/index.js b/ui/packages/consul-ui/app/components/auth-form/index.js
index 4c861ad527cb..0cd05cc4c29b 100644
--- a/ui/packages/consul-ui/app/components/auth-form/index.js
+++ b/ui/packages/consul-ui/app/components/auth-form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/auth-form/index.scss b/ui/packages/consul-ui/app/components/auth-form/index.scss
index 49051008b08d..1a5c5afff988 100644
--- a/ui/packages/consul-ui/app/components/auth-form/index.scss
+++ b/ui/packages/consul-ui/app/components/auth-form/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/auth-form/layout.scss b/ui/packages/consul-ui/app/components/auth-form/layout.scss
index 2889b700d09d..60ea16642b5a 100644
--- a/ui/packages/consul-ui/app/components/auth-form/layout.scss
+++ b/ui/packages/consul-ui/app/components/auth-form/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %auth-form {
diff --git a/ui/packages/consul-ui/app/components/auth-form/pageobject.js b/ui/packages/consul-ui/app/components/auth-form/pageobject.js
index 3ad553f2ad10..f3812d638f90 100644
--- a/ui/packages/consul-ui/app/components/auth-form/pageobject.js
+++ b/ui/packages/consul-ui/app/components/auth-form/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (submitable, clickable, attribute) =>
diff --git a/ui/packages/consul-ui/app/components/auth-form/skin.scss b/ui/packages/consul-ui/app/components/auth-form/skin.scss
index 18ff35fead26..341c0928fc8c 100644
--- a/ui/packages/consul-ui/app/components/auth-form/skin.scss
+++ b/ui/packages/consul-ui/app/components/auth-form/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %auth-form em {
diff --git a/ui/packages/consul-ui/app/components/auth-form/tabs.xstate.js b/ui/packages/consul-ui/app/components/auth-form/tabs.xstate.js
index c0fcf889a92c..e25cc0d3e719 100644
--- a/ui/packages/consul-ui/app/components/auth-form/tabs.xstate.js
+++ b/ui/packages/consul-ui/app/components/auth-form/tabs.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/auth-modal/index.scss b/ui/packages/consul-ui/app/components/auth-modal/index.scss
index c9d0eac52460..24f3ba363a48 100644
--- a/ui/packages/consul-ui/app/components/auth-modal/index.scss
+++ b/ui/packages/consul-ui/app/components/auth-modal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*TODO: This is a different style of modal dialog */
diff --git a/ui/packages/consul-ui/app/components/auth-modal/layout.scss b/ui/packages/consul-ui/app/components/auth-modal/layout.scss
index dcdcede01072..0f38371bbaa2 100644
--- a/ui/packages/consul-ui/app/components/auth-modal/layout.scss
+++ b/ui/packages/consul-ui/app/components/auth-modal/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %auth-modal footer {
diff --git a/ui/packages/consul-ui/app/components/auth-modal/skin.scss b/ui/packages/consul-ui/app/components/auth-modal/skin.scss
index b88fad1e54c6..ac930a2dd619 100644
--- a/ui/packages/consul-ui/app/components/auth-modal/skin.scss
+++ b/ui/packages/consul-ui/app/components/auth-modal/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %auth-modal footer button::after {
diff --git a/ui/packages/consul-ui/app/components/auth-profile/index.hbs b/ui/packages/consul-ui/app/components/auth-profile/index.hbs
index 3a7f4e5256b6..324a657bbe43 100644
--- a/ui/packages/consul-ui/app/components/auth-profile/index.hbs
+++ b/ui/packages/consul-ui/app/components/auth-profile/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <dl
diff --git a/ui/packages/consul-ui/app/components/auth-profile/index.scss b/ui/packages/consul-ui/app/components/auth-profile/index.scss
index cc749d474487..09b154b4a51c 100644
--- a/ui/packages/consul-ui/app/components/auth-profile/index.scss
+++ b/ui/packages/consul-ui/app/components/auth-profile/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .auth-profile {
diff --git a/ui/packages/consul-ui/app/components/badge/debug.scss b/ui/packages/consul-ui/app/components/badge/debug.scss
index 107eb00d2fb0..08f9cce2507a 100644
--- a/ui/packages/consul-ui/app/components/badge/debug.scss
+++ b/ui/packages/consul-ui/app/components/badge/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 #docfy-demo-preview-badge {
diff --git a/ui/packages/consul-ui/app/components/badge/index.scss b/ui/packages/consul-ui/app/components/badge/index.scss
index cd7148f3b806..513ef1f42237 100644
--- a/ui/packages/consul-ui/app/components/badge/index.scss
+++ b/ui/packages/consul-ui/app/components/badge/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %badge {
diff --git a/ui/packages/consul-ui/app/components/brand-loader/index.scss b/ui/packages/consul-ui/app/components/brand-loader/index.scss
index 2d29edba2192..ed46a5cb4c0f 100644
--- a/ui/packages/consul-ui/app/components/brand-loader/index.scss
+++ b/ui/packages/consul-ui/app/components/brand-loader/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/brand-loader/layout.scss b/ui/packages/consul-ui/app/components/brand-loader/layout.scss
index 992dac136855..725fe38be1ce 100644
--- a/ui/packages/consul-ui/app/components/brand-loader/layout.scss
+++ b/ui/packages/consul-ui/app/components/brand-loader/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %brand-loader {
diff --git a/ui/packages/consul-ui/app/components/brand-loader/skin.scss b/ui/packages/consul-ui/app/components/brand-loader/skin.scss
index 25bf4df27487..f24f44f39bea 100644
--- a/ui/packages/consul-ui/app/components/brand-loader/skin.scss
+++ b/ui/packages/consul-ui/app/components/brand-loader/skin.scss
@@ -1,5 +1,5 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
diff --git a/ui/packages/consul-ui/app/components/breadcrumbs/index.scss b/ui/packages/consul-ui/app/components/breadcrumbs/index.scss
index 5541fda6f5c0..7ffd948f3e98 100644
--- a/ui/packages/consul-ui/app/components/breadcrumbs/index.scss
+++ b/ui/packages/consul-ui/app/components/breadcrumbs/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/breadcrumbs/layout.scss b/ui/packages/consul-ui/app/components/breadcrumbs/layout.scss
index b8063d7eb99e..47c08cb7f5bf 100644
--- a/ui/packages/consul-ui/app/components/breadcrumbs/layout.scss
+++ b/ui/packages/consul-ui/app/components/breadcrumbs/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %breadcrumbs {
diff --git a/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss b/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss
index f7fcedf06ff1..14f6b43f3b03 100644
--- a/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss
+++ b/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %crumbs {
diff --git a/ui/packages/consul-ui/app/components/buttons/index.scss b/ui/packages/consul-ui/app/components/buttons/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/buttons/index.scss
+++ b/ui/packages/consul-ui/app/components/buttons/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/buttons/layout.scss b/ui/packages/consul-ui/app/components/buttons/layout.scss
index 43115558dd9f..53abc11475ff 100644
--- a/ui/packages/consul-ui/app/components/buttons/layout.scss
+++ b/ui/packages/consul-ui/app/components/buttons/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %button {
diff --git a/ui/packages/consul-ui/app/components/buttons/skin.scss b/ui/packages/consul-ui/app/components/buttons/skin.scss
index 0abba2214023..ceb41311bdaa 100644
--- a/ui/packages/consul-ui/app/components/buttons/skin.scss
+++ b/ui/packages/consul-ui/app/components/buttons/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* decor */
diff --git a/ui/packages/consul-ui/app/components/card/index.scss b/ui/packages/consul-ui/app/components/card/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/card/index.scss
+++ b/ui/packages/consul-ui/app/components/card/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/card/layout.scss b/ui/packages/consul-ui/app/components/card/layout.scss
index f70e5d53d40e..6a4d18a4da4c 100644
--- a/ui/packages/consul-ui/app/components/card/layout.scss
+++ b/ui/packages/consul-ui/app/components/card/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %card {
diff --git a/ui/packages/consul-ui/app/components/card/skin.scss b/ui/packages/consul-ui/app/components/card/skin.scss
index 49c3835fd7e2..3d71ca3bd607 100644
--- a/ui/packages/consul-ui/app/components/card/skin.scss
+++ b/ui/packages/consul-ui/app/components/card/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %card:hover,
diff --git a/ui/packages/consul-ui/app/components/checkbox-group/index.scss b/ui/packages/consul-ui/app/components/checkbox-group/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/checkbox-group/index.scss
+++ b/ui/packages/consul-ui/app/components/checkbox-group/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/checkbox-group/layout.scss b/ui/packages/consul-ui/app/components/checkbox-group/layout.scss
index 65cae5fdc5db..04fcea0a8066 100644
--- a/ui/packages/consul-ui/app/components/checkbox-group/layout.scss
+++ b/ui/packages/consul-ui/app/components/checkbox-group/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* TODO: This is positioning the group */
diff --git a/ui/packages/consul-ui/app/components/checkbox-group/skin.scss b/ui/packages/consul-ui/app/components/checkbox-group/skin.scss
index ab54006f2d84..02a43a198f41 100644
--- a/ui/packages/consul-ui/app/components/checkbox-group/skin.scss
+++ b/ui/packages/consul-ui/app/components/checkbox-group/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %checkbox-group label {
diff --git a/ui/packages/consul-ui/app/components/child-selector/index.hbs b/ui/packages/consul-ui/app/components/child-selector/index.hbs
index af1fd2739825..9693f9e1a803 100644
--- a/ui/packages/consul-ui/app/components/child-selector/index.hbs
+++ b/ui/packages/consul-ui/app/components/child-selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/child-selector/index.js b/ui/packages/consul-ui/app/components/child-selector/index.js
index 24cd68246ea5..190fda4dd07b 100644
--- a/ui/packages/consul-ui/app/components/child-selector/index.js
+++ b/ui/packages/consul-ui/app/components/child-selector/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/code-editor/index.hbs b/ui/packages/consul-ui/app/components/code-editor/index.hbs
index 0ba860e6ddff..03487d32f0bb 100644
--- a/ui/packages/consul-ui/app/components/code-editor/index.hbs
+++ b/ui/packages/consul-ui/app/components/code-editor/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div class="toolbar-container">
diff --git a/ui/packages/consul-ui/app/components/code-editor/index.js b/ui/packages/consul-ui/app/components/code-editor/index.js
index 52203ac22a0e..72e3abf8eb8a 100644
--- a/ui/packages/consul-ui/app/components/code-editor/index.js
+++ b/ui/packages/consul-ui/app/components/code-editor/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/code-editor/index.scss b/ui/packages/consul-ui/app/components/code-editor/index.scss
index 559533e42a84..58c7c66596cc 100644
--- a/ui/packages/consul-ui/app/components/code-editor/index.scss
+++ b/ui/packages/consul-ui/app/components/code-editor/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/code-editor/layout.scss b/ui/packages/consul-ui/app/components/code-editor/layout.scss
index 285fda57a35f..b8194d850bc9 100644
--- a/ui/packages/consul-ui/app/components/code-editor/layout.scss
+++ b/ui/packages/consul-ui/app/components/code-editor/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %code-editor {
diff --git a/ui/packages/consul-ui/app/components/code-editor/skin.scss b/ui/packages/consul-ui/app/components/code-editor/skin.scss
index db0f52bc0d29..0a8dafc65dde 100644
--- a/ui/packages/consul-ui/app/components/code-editor/skin.scss
+++ b/ui/packages/consul-ui/app/components/code-editor/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 $syntax-consul: #69499a;
diff --git a/ui/packages/consul-ui/app/components/composite-row/index.scss b/ui/packages/consul-ui/app/components/composite-row/index.scss
index 255a2a67c6ca..e9db145da19d 100644
--- a/ui/packages/consul-ui/app/components/composite-row/index.scss
+++ b/ui/packages/consul-ui/app/components/composite-row/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './layout';
diff --git a/ui/packages/consul-ui/app/components/composite-row/layout.scss b/ui/packages/consul-ui/app/components/composite-row/layout.scss
index dfc3860b501f..819c41f9504f 100644
--- a/ui/packages/consul-ui/app/components/composite-row/layout.scss
+++ b/ui/packages/consul-ui/app/components/composite-row/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %composite-row {
diff --git a/ui/packages/consul-ui/app/components/confirmation-alert/index.hbs b/ui/packages/consul-ui/app/components/confirmation-alert/index.hbs
index cf5a0c403c67..95f243a89233 100644
--- a/ui/packages/consul-ui/app/components/confirmation-alert/index.hbs
+++ b/ui/packages/consul-ui/app/components/confirmation-alert/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/confirmation-alert/index.js b/ui/packages/consul-ui/app/components/confirmation-alert/index.js
index 8f027b69f0e0..d99599ac3039 100644
--- a/ui/packages/consul-ui/app/components/confirmation-alert/index.js
+++ b/ui/packages/consul-ui/app/components/confirmation-alert/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/confirmation-dialog/index.hbs b/ui/packages/consul-ui/app/components/confirmation-dialog/index.hbs
index 07826204afe4..da4c7660efbf 100644
--- a/ui/packages/consul-ui/app/components/confirmation-dialog/index.hbs
+++ b/ui/packages/consul-ui/app/components/confirmation-dialog/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div class={{concat "with-confirmation" (if confirming " confirming" "")}} ...attributes>
diff --git a/ui/packages/consul-ui/app/components/confirmation-dialog/index.js b/ui/packages/consul-ui/app/components/confirmation-dialog/index.js
index b60850d50a26..e10782f579d4 100644
--- a/ui/packages/consul-ui/app/components/confirmation-dialog/index.js
+++ b/ui/packages/consul-ui/app/components/confirmation-dialog/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*eslint ember/closure-actions: "warn"*/
diff --git a/ui/packages/consul-ui/app/components/confirmation-dialog/index.scss b/ui/packages/consul-ui/app/components/confirmation-dialog/index.scss
index 67ae530a98ea..65914fb02576 100644
--- a/ui/packages/consul-ui/app/components/confirmation-dialog/index.scss
+++ b/ui/packages/consul-ui/app/components/confirmation-dialog/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/confirmation-dialog/layout.scss b/ui/packages/consul-ui/app/components/confirmation-dialog/layout.scss
index 82773a342339..9538794833b1 100644
--- a/ui/packages/consul-ui/app/components/confirmation-dialog/layout.scss
+++ b/ui/packages/consul-ui/app/components/confirmation-dialog/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %confirmation-dialog {
diff --git a/ui/packages/consul-ui/app/components/confirmation-dialog/skin.scss b/ui/packages/consul-ui/app/components/confirmation-dialog/skin.scss
index 248c7c9950e7..4509c4b3fdc5 100644
--- a/ui/packages/consul-ui/app/components/confirmation-dialog/skin.scss
+++ b/ui/packages/consul-ui/app/components/confirmation-dialog/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 table div.with-confirmation.confirming {
diff --git a/ui/packages/consul-ui/app/components/consul/acl/disabled/index.hbs b/ui/packages/consul-ui/app/components/consul/acl/disabled/index.hbs
index 77e8dba8fecc..23e6271820d2 100644
--- a/ui/packages/consul-ui/app/components/consul/acl/disabled/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/acl/disabled/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <AppView>
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/binding-list/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/binding-list/index.hbs
index d0ab9b8ae62a..44e351e45284 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/binding-list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/binding-list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div class="consul-auth-method-binding-list">
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/index.scss b/ui/packages/consul-ui/app/components/consul/auth-method/index.scss
index 266174687f49..7e6ffe2de8c0 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // List
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/list/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/list/index.hbs
index 2f15936b42cf..160e38bd9ce5 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/auth-method/list/pageobject.js
index e8a8044e0649..39a94fedd96f 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (collection, clickable, text) => () => {
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/nspace-list/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/nspace-list/index.hbs
index ec47712ec380..cb617ad0660f 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/nspace-list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/nspace-list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div class="consul-auth-method-nspace-list">
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs
index 5a0a5949a571..63e9f11be2f6 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar class='consul-auth-method-search-bar' ...attributes @filter={{@filter}}>
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/type/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/type/index.hbs
index b28adf846054..a21db4f39264 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/type/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/type/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let (icon-mapping @item.Type) as |flightIcon|}}
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs
index 00b0169679fc..eab0fa48399c 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
   <div class="consul-auth-method-view">
diff --git a/ui/packages/consul-ui/app/components/consul/bucket/list/index.hbs b/ui/packages/consul-ui/app/components/consul/bucket/list/index.hbs
index 0c82141ca5b0..21d598d64ff5 100644
--- a/ui/packages/consul-ui/app/components/consul/bucket/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/bucket/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if this.itemsToDisplay.length}}
diff --git a/ui/packages/consul-ui/app/components/consul/bucket/list/index.js b/ui/packages/consul-ui/app/components/consul/bucket/list/index.js
index 387d04f1721f..0268cb6d22ef 100644
--- a/ui/packages/consul-ui/app/components/consul/bucket/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/bucket/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/bucket/list/index.scss b/ui/packages/consul-ui/app/components/consul/bucket/list/index.scss
index 710f6a3593bf..996323841f58 100644
--- a/ui/packages/consul-ui/app/components/consul/bucket/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/bucket/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %consul-bucket-list {
diff --git a/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs b/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs
index ecc4f51f1a6b..767422e4b9b1 100644
--- a/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <li class='dcs' data-test-datacenter-menu>
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.hbs b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.hbs
index 59d584606174..e25096f849cd 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <style>
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.js b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.js
index 71cbf6d6363b..0abbf310429b 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.js
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.scss b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.scss
index 9185b3634514..e1a4b2a77eda 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/layout.scss b/ui/packages/consul-ui/app/components/consul/discovery-chain/layout.scss
index 0dcd40dd5cfe..d21170aefb45 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %discovery-chain .resolvers,
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/resolver-card/index.hbs b/ui/packages/consul-ui/app/components/consul/discovery-chain/resolver-card/index.hbs
index 5ffc76f961bb..e7d61c03c11e 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/resolver-card/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/resolver-card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.hbs b/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.hbs
index 3a3c83839bcc..938620165444 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <a
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.js b/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.js
index 5088fe194bbb..8000faaac68e 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.js
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/skin.scss b/ui/packages/consul-ui/app/components/consul/discovery-chain/skin.scss
index cac17f50699c..02fd85a89928 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* CSS active states are partly added at the top of */
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/splitter-card/index.hbs b/ui/packages/consul-ui/app/components/consul/discovery-chain/splitter-card/index.hbs
index e2382dc23b1e..7984f3960362 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/splitter-card/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/splitter-card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/utils.js b/ui/packages/consul-ui/app/components/consul/discovery-chain/utils.js
index 3b5806d58328..6976a6a930f5 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/utils.js
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/utils.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 const getNodesByType = function (nodes = {}, type) {
diff --git a/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.hbs b/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.hbs
index 9ece2eddb044..fa38bcc90e08 100644
--- a/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.scss b/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.scss
index c24d05e3f2ec..31d21cfb9614 100644
--- a/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-exposed-path-list {
diff --git a/ui/packages/consul-ui/app/components/consul/external-source/index.hbs b/ui/packages/consul-ui/app/components/consul/external-source/index.hbs
index eda30bac6b5c..c0a8de9f8bfd 100644
--- a/ui/packages/consul-ui/app/components/consul/external-source/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/external-source/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if @item}}
diff --git a/ui/packages/consul-ui/app/components/consul/external-source/index.scss b/ui/packages/consul-ui/app/components/consul/external-source/index.scss
index 4c0b07e38226..d318d534c6e0 100644
--- a/ui/packages/consul-ui/app/components/consul/external-source/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/external-source/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-external-source {
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/list/index.hbs b/ui/packages/consul-ui/app/components/consul/health-check/list/index.hbs
index b49691ddc5e8..f5e065cec718 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/health-check/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/list/index.scss b/ui/packages/consul-ui/app/components/consul/health-check/list/index.scss
index 1028a51f5aeb..5995a4ecce86 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/health-check/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/list/layout.scss b/ui/packages/consul-ui/app/components/consul/health-check/list/layout.scss
index 438597a1107b..ef5dd6155dac 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/list/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/health-check/list/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %healthcheck-output {
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/health-check/list/pageobject.js
index 098235bafea9..d7040294a0f5 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/health-check/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (collection, text) =>
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/list/skin.scss b/ui/packages/consul-ui/app/components/consul/health-check/list/skin.scss
index 99f01729defe..8c493b3c580e 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/list/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/health-check/list/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %healthcheck-output {
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs
index 65547672d2c6..e24adef16560 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/instance-checks/index.hbs b/ui/packages/consul-ui/app/components/consul/instance-checks/index.hbs
index 10a182c7f474..965425dee8e1 100644
--- a/ui/packages/consul-ui/app/components/consul/instance-checks/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/instance-checks/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let
diff --git a/ui/packages/consul-ui/app/components/consul/instance-checks/index.scss b/ui/packages/consul-ui/app/components/consul/instance-checks/index.scss
index d817a9d758d4..e384f9fe05e2 100644
--- a/ui/packages/consul-ui/app/components/consul/instance-checks/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/instance-checks/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-instance-checks {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/components.scss b/ui/packages/consul-ui/app/components/consul/intention/components.scss
index 0bcef73f340a..47f1afb66a03 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/components.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/components.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %pill-allow::before,
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.hbs
index 56d8dffb7d58..0aa7f4d02df3 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.js b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.js
index 569ba439139f..94c00927c8ec 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.scss b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/layout.scss b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/layout.scss
index b1b253998a56..18db183ceeb0 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-fieldsets {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/skin.scss b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/skin.scss
index 0c46918f314e..9c7d77c36eff 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-fieldsets {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/form/index.hbs
index 4703d1545c45..cdc983c37b16 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/index.js b/ui/packages/consul-ui/app/components/consul/intention/form/index.js
index 496f3068658d..b794057a4aff 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/index.scss b/ui/packages/consul-ui/app/components/consul/intention/form/index.scss
index e6a2e3f8b9c9..bc4bc4bb4917 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-action-warn-modal {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/index.scss b/ui/packages/consul-ui/app/components/consul/intention/index.scss
index 04727a3208a9..38d47141e3c9 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './components';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/check/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/list/check/index.hbs
index f7cc510df3b9..aaef28195062 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/check/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/check/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/components.scss b/ui/packages/consul-ui/app/components/consul/intention/list/components.scss
index f2559a377da8..7d59af6889a1 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/components.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/components.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/list/index.hbs
index bbb45b75ed5b..edd21659cc25 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/index.js b/ui/packages/consul-ui/app/components/consul/intention/list/index.js
index c189f1324a1a..fe7d629ef2e4 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/index.scss b/ui/packages/consul-ui/app/components/consul/intention/list/index.scss
index 8fea66d3379e..97eba35619fb 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './components';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/layout.scss b/ui/packages/consul-ui/app/components/consul/intention/list/layout.scss
index 1f4e437073f5..22f392166712 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/intention/list/pageobject.js
index 01dcdb8a7941..815977c7e3c3 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (collection, clickable, attribute, isPresent, deletable) =>
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/skin.scss b/ui/packages/consul-ui/app/components/consul/intention/list/skin.scss
index 22a21c00c631..8cdce558c610 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %consul-intention-list td.permissions {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs
index fdc610dd0c68..427002d4f747 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <TabularCollection
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/table/index.scss b/ui/packages/consul-ui/app/components/consul/intention/list/table/index.scss
index 214f8d59f13c..8cfe7da9d6e7 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/table/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/table/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-list-table__meta-info {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/notice/custom-resource/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/notice/custom-resource/index.hbs
index 79dcc5dcbdb6..7f0e03edff71 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/notice/custom-resource/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/notice/custom-resource/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Hds::Alert @type='inline' @color={{or @type "neutral"}} class='mb-2 mt-2 consul-intention-notice-custom-resource' as |A|>
diff --git a/ui/packages/consul-ui/app/components/consul/intention/notice/permissions/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/notice/permissions/index.hbs
index b12347cf15f5..fa6dd5d9da53 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/notice/permissions/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/notice/permissions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Hds::Alert @type="inline" class="mb-3 mt-2" as |A|>
diff --git a/ui/packages/consul-ui/app/components/consul/intention/notifications/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/notifications/index.hbs
index d9638d0acb88..76cfbf90101d 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/notifications/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (eq @type 'create')}}
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.hbs
index 35299ef0b54d..ce4621a7aaff 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.js b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.js
index b84e8dadba46..30c73f4d4abb 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/layout.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/form/layout.scss
index 78ff7e864219..9d085f532703 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-permission-form {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/pageobject.js b/ui/packages/consul-ui/app/components/consul/intention/permission/form/pageobject.js
index 59acd1868e64..d57ae8855c2a 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { clickable } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/skin.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/form/skin.scss
index ea2872261d01..51135a8de2a5 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-permission-form {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.hbs
index 05068998ebe6..3ae87f1be1b6 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.js b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.js
index 1f669f633ec3..ddbbc20eb5b0 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/pageobject.js b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/pageobject.js
index 7ac6dccc74be..c142a4c8b7d6 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { input } from 'consul-ui/tests/lib/page-object';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.hbs
index 057835c9d74d..f97a6019dc76 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (gt items.length 0)}}
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.js b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.js
index 8f027b69f0e0..d99599ac3039 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.scss
index 2ac41904a566..a0eeb03eea68 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/layout.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/layout.scss
index 7340c8af599e..4d1a2b40d2de 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-permission-header-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/pageobject.js
index cf28d36a6fee..4eeaca912bc1 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { collection } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/skin.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/skin.scss
index 17b6445d5ec6..43430a62dd2b 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-permission-header-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.hbs
index 4ede0cb520fb..e469974b0bdd 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (gt items.length 0)}}
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.js b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.js
index 8f027b69f0e0..d99599ac3039 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.scss
index 8ead609c8456..d5e2d29a110c 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/layout.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/list/layout.scss
index 085ee970420e..770c9a951a7d 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-permission-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/intention/permission/list/pageobject.js
index d8463b79d0dd..0a8bfe0f2c90 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { collection } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/skin.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/list/skin.scss
index c06fc2284654..68a73b774551 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-permission-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.hbs
index 43cb851e5545..c89521228129 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.scss b/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.scss
index 7abf158e5b9f..00fa3077a7bc 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-intention-search-bar {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/view/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/view/index.hbs
index cb5e78ab8afb..e17194365800 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/view/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/view/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/view/index.js b/ui/packages/consul-ui/app/components/consul/intention/view/index.js
index 8f027b69f0e0..d99599ac3039 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/view/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/view/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/kind/index.hbs b/ui/packages/consul-ui/app/components/consul/kind/index.hbs
index 3e480d8f182f..c5ab5fd1ddb5 100644
--- a/ui/packages/consul-ui/app/components/consul/kind/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/kind/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if item.Kind}}
diff --git a/ui/packages/consul-ui/app/components/consul/kind/index.js b/ui/packages/consul-ui/app/components/consul/kind/index.js
index 47887b34344f..2e9b17815162 100644
--- a/ui/packages/consul-ui/app/components/consul/kind/index.js
+++ b/ui/packages/consul-ui/app/components/consul/kind/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/kind/index.scss b/ui/packages/consul-ui/app/components/consul/kind/index.scss
index 173ffac92114..6195c48ba591 100644
--- a/ui/packages/consul-ui/app/components/consul/kind/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/kind/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-kind {
diff --git a/ui/packages/consul-ui/app/components/consul/kv/form/index.hbs b/ui/packages/consul-ui/app/components/consul/kv/form/index.hbs
index 2807c2329523..5351bd6a4b3f 100644
--- a/ui/packages/consul-ui/app/components/consul/kv/form/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/kv/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <DataForm
diff --git a/ui/packages/consul-ui/app/components/consul/kv/form/index.js b/ui/packages/consul-ui/app/components/consul/kv/form/index.js
index 1d5ae5d7de56..c9348001f857 100644
--- a/ui/packages/consul-ui/app/components/consul/kv/form/index.js
+++ b/ui/packages/consul-ui/app/components/consul/kv/form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/kv/list/index.hbs b/ui/packages/consul-ui/app/components/consul/kv/list/index.hbs
index ef27a38fc615..e12b7978b392 100644
--- a/ui/packages/consul-ui/app/components/consul/kv/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/kv/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <TabularCollection
diff --git a/ui/packages/consul-ui/app/components/consul/kv/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/kv/list/pageobject.js
index 4babb225671d..55d52a911414 100644
--- a/ui/packages/consul-ui/app/components/consul/kv/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/kv/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (collection, clickable, attribute, deletable) => () => {
diff --git a/ui/packages/consul-ui/app/components/consul/kv/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/kv/search-bar/index.hbs
index 2232e1f29e36..343cb68f6e7c 100644
--- a/ui/packages/consul-ui/app/components/consul/kv/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/kv/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/loader/index.hbs b/ui/packages/consul-ui/app/components/consul/loader/index.hbs
index 3fdc23371471..5902d6531d2e 100644
--- a/ui/packages/consul-ui/app/components/consul/loader/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/loader/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/loader/index.scss b/ui/packages/consul-ui/app/components/consul/loader/index.scss
index a1fec8466eb0..785f2e742c29 100644
--- a/ui/packages/consul-ui/app/components/consul/loader/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/loader/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/loader/layout.scss b/ui/packages/consul-ui/app/components/consul/loader/layout.scss
index ca33c1d7ffa1..f1c01acf2e83 100644
--- a/ui/packages/consul-ui/app/components/consul/loader/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/loader/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* blobs / %ui-loader ? */
diff --git a/ui/packages/consul-ui/app/components/consul/loader/skin.scss b/ui/packages/consul-ui/app/components/consul/loader/skin.scss
index fb223ec53f46..0a06530fb7d9 100644
--- a/ui/packages/consul-ui/app/components/consul/loader/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/loader/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %loader circle {
diff --git a/ui/packages/consul-ui/app/components/consul/metadata/list/index.hbs b/ui/packages/consul-ui/app/components/consul/metadata/list/index.hbs
index 0d24f6e3875c..8bcee62aea2e 100644
--- a/ui/packages/consul-ui/app/components/consul/metadata/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/metadata/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <TabularCollection
diff --git a/ui/packages/consul-ui/app/components/consul/metadata/list/index.js b/ui/packages/consul-ui/app/components/consul/metadata/list/index.js
index 8f027b69f0e0..d99599ac3039 100644
--- a/ui/packages/consul-ui/app/components/consul/metadata/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/metadata/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/node-identity/template/index.hbs b/ui/packages/consul-ui/app/components/consul/node-identity/template/index.hbs
index 614807f0773c..301559b31e4b 100644
--- a/ui/packages/consul-ui/app/components/consul/node-identity/template/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node-identity/template/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (can "use partitions")~}}
diff --git a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.hbs b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.hbs
index 67e5aa37fb12..53679b731f06 100644
--- a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if isVisible}}
diff --git a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.js b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.js
index db8e2612e8d8..927ccb1b365e 100644
--- a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.js
+++ b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.scss b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.scss
index 45ef85f86265..dad8702cc28d 100644
--- a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .agentless-node-notice .hds-alert__title {
diff --git a/ui/packages/consul-ui/app/components/consul/node/list/index.hbs b/ui/packages/consul-ui/app/components/consul/node/list/index.hbs
index f57d7d5ab052..86ee73c2c687 100644
--- a/ui/packages/consul-ui/app/components/consul/node/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/node/peer-info/index.hbs b/ui/packages/consul-ui/app/components/consul/node/peer-info/index.hbs
index a27216ea54c5..735f4e37a144 100644
--- a/ui/packages/consul-ui/app/components/consul/node/peer-info/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node/peer-info/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if @item.PeerName}}
diff --git a/ui/packages/consul-ui/app/components/consul/node/peer-info/index.scss b/ui/packages/consul-ui/app/components/consul/node/peer-info/index.scss
index 6b21eb6a6e5d..8175ded101c6 100644
--- a/ui/packages/consul-ui/app/components/consul/node/peer-info/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/node/peer-info/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-node-peer-info {
diff --git a/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs
index 995f9e773bcb..d7bdde58a593 100644
--- a/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/peer/info/index.hbs b/ui/packages/consul-ui/app/components/consul/peer/info/index.hbs
index c140eedec0eb..a84d698cf1ab 100644
--- a/ui/packages/consul-ui/app/components/consul/peer/info/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/peer/info/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if @item.PeerName}}
diff --git a/ui/packages/consul-ui/app/components/consul/peer/info/index.scss b/ui/packages/consul-ui/app/components/consul/peer/info/index.scss
index c37f28f31811..a33e37bebafb 100644
--- a/ui/packages/consul-ui/app/components/consul/peer/info/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/peer/info/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-peer-info {
diff --git a/ui/packages/consul-ui/app/components/consul/peer/list/index.scss b/ui/packages/consul-ui/app/components/consul/peer/list/index.scss
index dc2ef0b1e2f0..ed2d9ffb0194 100644
--- a/ui/packages/consul-ui/app/components/consul/peer/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/peer/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .peers__list__peer-detail {
diff --git a/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs b/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs
index f9869dae0d2b..2674f0884968 100644
--- a/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/policy/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/policy/list/pageobject.js
index 367680fdf440..eaaed90a14ba 100644
--- a/ui/packages/consul-ui/app/components/consul/policy/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/policy/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (collection, clickable, attribute, text, actions) => () => {
diff --git a/ui/packages/consul-ui/app/components/consul/policy/notifications/index.hbs b/ui/packages/consul-ui/app/components/consul/policy/notifications/index.hbs
index bc317b7a64f2..89b4bc14b296 100644
--- a/ui/packages/consul-ui/app/components/consul/policy/notifications/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/policy/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (eq @type 'create')}}
diff --git a/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.hbs
index 24e5bd0a73f1..0563e1f1d237 100644
--- a/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.js b/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.js
index 522cce68abfc..6cbf4d52f6bd 100644
--- a/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.js
+++ b/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/role/list/index.hbs b/ui/packages/consul-ui/app/components/consul/role/list/index.hbs
index 43206c56bd5b..5f0474ae4042 100644
--- a/ui/packages/consul-ui/app/components/consul/role/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/role/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/role/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/role/list/pageobject.js
index 12c6367090ad..f858d1117c72 100644
--- a/ui/packages/consul-ui/app/components/consul/role/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/role/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (collection, clickable, attribute, text, actions) => () => {
diff --git a/ui/packages/consul-ui/app/components/consul/role/notifications/index.hbs b/ui/packages/consul-ui/app/components/consul/role/notifications/index.hbs
index 3a19f40ca94f..8335a50b4f40 100644
--- a/ui/packages/consul-ui/app/components/consul/role/notifications/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/role/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (eq @type 'create')}}
diff --git a/ui/packages/consul-ui/app/components/consul/role/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/role/search-bar/index.hbs
index 3736f291af83..e58979f54ca5 100644
--- a/ui/packages/consul-ui/app/components/consul/role/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/role/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/server/card/index.hbs b/ui/packages/consul-ui/app/components/consul/server/card/index.hbs
index c65e791f48dd..f3d3254c40a5 100644
--- a/ui/packages/consul-ui/app/components/consul/server/card/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/server/card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/server/card/index.scss b/ui/packages/consul-ui/app/components/consul/server/card/index.scss
index f29243c381fe..8498e4ce5866 100644
--- a/ui/packages/consul-ui/app/components/consul/server/card/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/server/card/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/server/card/layout.scss b/ui/packages/consul-ui/app/components/consul/server/card/layout.scss
index f36140610695..5492c8ffe703 100644
--- a/ui/packages/consul-ui/app/components/consul/server/card/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/server/card/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %consul-server-card {
diff --git a/ui/packages/consul-ui/app/components/consul/server/card/skin.scss b/ui/packages/consul-ui/app/components/consul/server/card/skin.scss
index 125d3b9d6d55..5b849fdcf2ce 100644
--- a/ui/packages/consul-ui/app/components/consul/server/card/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/server/card/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %consul-server-card dt:not(.name) {
diff --git a/ui/packages/consul-ui/app/components/consul/server/list/index.hbs b/ui/packages/consul-ui/app/components/consul/server/list/index.hbs
index 9ade0abd1133..34d9287451de 100644
--- a/ui/packages/consul-ui/app/components/consul/server/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/server/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/server/list/index.scss b/ui/packages/consul-ui/app/components/consul/server/list/index.scss
index 5f42cead5cd6..dc193ee0312e 100644
--- a/ui/packages/consul-ui/app/components/consul/server/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/server/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %consul-server-list ul {
diff --git a/ui/packages/consul-ui/app/components/consul/service-identity/template/index.hbs b/ui/packages/consul-ui/app/components/consul/service-identity/template/index.hbs
index 66be947abffc..b822316bd598 100644
--- a/ui/packages/consul-ui/app/components/consul/service-identity/template/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/service-identity/template/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (can "use partitions")}}
diff --git a/ui/packages/consul-ui/app/components/consul/service-instance/list/index.hbs b/ui/packages/consul-ui/app/components/consul/service-instance/list/index.hbs
index 643814580993..e341dcf29edf 100644
--- a/ui/packages/consul-ui/app/components/consul/service-instance/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/service-instance/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let
diff --git a/ui/packages/consul-ui/app/components/consul/service-instance/list/index.js b/ui/packages/consul-ui/app/components/consul/service-instance/list/index.js
index 09e592fb74ce..08faa68ebe89 100644
--- a/ui/packages/consul-ui/app/components/consul/service-instance/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/service-instance/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/service-instance/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/service-instance/search-bar/index.hbs
index 7cb899513bb0..c01b478f19f6 100644
--- a/ui/packages/consul-ui/app/components/consul/service-instance/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/service-instance/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar class='consul-service-instance-search-bar' ...attributes @filter={{@filter}}>
diff --git a/ui/packages/consul-ui/app/components/consul/service/list/index.hbs b/ui/packages/consul-ui/app/components/consul/service/list/index.hbs
index aeb78cf642d0..2dc1b4742b04 100644
--- a/ui/packages/consul-ui/app/components/consul/service/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/service/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/service/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/service/search-bar/index.hbs
index ffe6ae7274f8..339d0264b29d 100644
--- a/ui/packages/consul-ui/app/components/consul/service/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/service/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar class='consul-service-search-bar' ...attributes @filter={{@filter}}>
diff --git a/ui/packages/consul-ui/app/components/consul/service/search-bar/index.js b/ui/packages/consul-ui/app/components/consul/service/search-bar/index.js
index 01968aa96ecf..56ba4a02eb21 100644
--- a/ui/packages/consul-ui/app/components/consul/service/search-bar/index.js
+++ b/ui/packages/consul-ui/app/components/consul/service/search-bar/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/source/index.hbs b/ui/packages/consul-ui/app/components/consul/source/index.hbs
index 83573a17a6b1..64598149dbd7 100644
--- a/ui/packages/consul-ui/app/components/consul/source/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/source/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <dl class="tooltip-panel">
diff --git a/ui/packages/consul-ui/app/components/consul/source/index.scss b/ui/packages/consul-ui/app/components/consul/source/index.scss
index 0590740aa869..87d5e9b0dd9f 100644
--- a/ui/packages/consul-ui/app/components/consul/source/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/source/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .consul-source {
diff --git a/ui/packages/consul-ui/app/components/consul/sources-select/index.hbs b/ui/packages/consul-ui/app/components/consul/sources-select/index.hbs
index 023279404c42..7ee4aa9261a9 100644
--- a/ui/packages/consul-ui/app/components/consul/sources-select/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/sources-select/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (gt @sources.length 0)}}
diff --git a/ui/packages/consul-ui/app/components/consul/token/list/index.hbs b/ui/packages/consul-ui/app/components/consul/token/list/index.hbs
index d9df7e8849b2..fc370bb32c60 100644
--- a/ui/packages/consul-ui/app/components/consul/token/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/token/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/token/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/token/list/pageobject.js
index 61f5babcf65b..f6fd0a2b213d 100644
--- a/ui/packages/consul-ui/app/components/consul/token/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/token/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (collection, clickable, attribute, text, actions) => () => {
diff --git a/ui/packages/consul-ui/app/components/consul/token/notifications/index.hbs b/ui/packages/consul-ui/app/components/consul/token/notifications/index.hbs
index fa1a97eae788..2f90f6f66025 100644
--- a/ui/packages/consul-ui/app/components/consul/token/notifications/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/token/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (eq @type 'create')}}
diff --git a/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.hbs b/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.hbs
index 0218d0640dcd..101551020251 100644
--- a/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let (policy/group (or item.Policies item.ACLs.PolicyDefaults (array))) as |policies|}}
diff --git a/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.js b/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.js
index 8f027b69f0e0..d99599ac3039 100644
--- a/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/token/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/token/search-bar/index.hbs
index b29026d10ba6..a55ba4ce6924 100644
--- a/ui/packages/consul-ui/app/components/consul/token/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/token/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.hbs b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.hbs
index d362c9a2f70d..e3876ca4bf02 100644
--- a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.js b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.js
index f281b693eb97..598effd0980d 100644
--- a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.js
+++ b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.scss b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.scss
index 51ca74694cba..e4bb90d77b24 100644
--- a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .tomography-graph {
diff --git a/ui/packages/consul-ui/app/components/consul/transparent-proxy/index.hbs b/ui/packages/consul-ui/app/components/consul/transparent-proxy/index.hbs
index 5cfd8c74d746..0f92bfe49436 100644
--- a/ui/packages/consul-ui/app/components/consul/transparent-proxy/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/transparent-proxy/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <span class="consul-transparent-proxy">
diff --git a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.hbs b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.hbs
index a723620c035e..cfc61a00d362 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.scss b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.scss
index 412d78ed69ee..b904dddd05b1 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %consul-upstream-instance-list {
diff --git a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/pageobject.js
index 6083866bca4f..274ffda5b587 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (collection, text) =>
diff --git a/ui/packages/consul-ui/app/components/consul/upstream-instance/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/upstream-instance/search-bar/index.hbs
index 454973904842..e16b89f81028 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream-instance/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/upstream-instance/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/upstream/list/index.hbs b/ui/packages/consul-ui/app/components/consul/upstream/list/index.hbs
index 8fb51a475afb..fd9e20422ea4 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/upstream/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/upstream/list/index.scss b/ui/packages/consul-ui/app/components/consul/upstream/list/index.scss
index 40d216446b35..8a0aafdf9920 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/upstream/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %consul-upstream-list {
diff --git a/ui/packages/consul-ui/app/components/consul/upstream/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/upstream/search-bar/index.hbs
index 82038d671064..5600efc17264 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/upstream/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/copy-button/chart.xstate.js b/ui/packages/consul-ui/app/components/copy-button/chart.xstate.js
index 74aa788d6c7a..2c7e1ecf54ee 100644
--- a/ui/packages/consul-ui/app/components/copy-button/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/copy-button/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/copy-button/index.hbs b/ui/packages/consul-ui/app/components/copy-button/index.hbs
index 766e3801a199..ed3b42388cd3 100644
--- a/ui/packages/consul-ui/app/components/copy-button/index.hbs
+++ b/ui/packages/consul-ui/app/components/copy-button/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <StateChart
diff --git a/ui/packages/consul-ui/app/components/copy-button/index.js b/ui/packages/consul-ui/app/components/copy-button/index.js
index 989ebe35346b..b2663c87fbe3 100644
--- a/ui/packages/consul-ui/app/components/copy-button/index.js
+++ b/ui/packages/consul-ui/app/components/copy-button/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/copy-button/index.scss b/ui/packages/consul-ui/app/components/copy-button/index.scss
index 94b3ad320690..f5488aae0312 100644
--- a/ui/packages/consul-ui/app/components/copy-button/index.scss
+++ b/ui/packages/consul-ui/app/components/copy-button/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/copy-button/layout.scss b/ui/packages/consul-ui/app/components/copy-button/layout.scss
index 2eb0832155a0..310794271d0d 100644
--- a/ui/packages/consul-ui/app/components/copy-button/layout.scss
+++ b/ui/packages/consul-ui/app/components/copy-button/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %copy-button {
diff --git a/ui/packages/consul-ui/app/components/copy-button/skin.scss b/ui/packages/consul-ui/app/components/copy-button/skin.scss
index 374e5fba8ff1..ff04a0dbd80a 100644
--- a/ui/packages/consul-ui/app/components/copy-button/skin.scss
+++ b/ui/packages/consul-ui/app/components/copy-button/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %copy-button {
diff --git a/ui/packages/consul-ui/app/components/copyable-code/index.hbs b/ui/packages/consul-ui/app/components/copyable-code/index.hbs
index 39c60c9d1537..35560c5bc44c 100644
--- a/ui/packages/consul-ui/app/components/copyable-code/index.hbs
+++ b/ui/packages/consul-ui/app/components/copyable-code/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/copyable-code/index.scss b/ui/packages/consul-ui/app/components/copyable-code/index.scss
index 14cfaedd0e39..c77ab76ff019 100644
--- a/ui/packages/consul-ui/app/components/copyable-code/index.scss
+++ b/ui/packages/consul-ui/app/components/copyable-code/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .copyable-code {
diff --git a/ui/packages/consul-ui/app/components/csv-list/debug.scss b/ui/packages/consul-ui/app/components/csv-list/debug.scss
index f53ec046b118..1dbb566db983 100644
--- a/ui/packages/consul-ui/app/components/csv-list/debug.scss
+++ b/ui/packages/consul-ui/app/components/csv-list/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 [id^=docfy-demo-preview-csv-list] {
diff --git a/ui/packages/consul-ui/app/components/csv-list/index.scss b/ui/packages/consul-ui/app/components/csv-list/index.scss
index bae0f0bf7caa..7d9d2b0ef67a 100644
--- a/ui/packages/consul-ui/app/components/csv-list/index.scss
+++ b/ui/packages/consul-ui/app/components/csv-list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/components/data-collection/index.hbs b/ui/packages/consul-ui/app/components/data-collection/index.hbs
index b568323da833..3c301a49f7f5 100644
--- a/ui/packages/consul-ui/app/components/data-collection/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-collection/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{did-update (action (fn (set this 'term') '') @search)}}
diff --git a/ui/packages/consul-ui/app/components/data-collection/index.js b/ui/packages/consul-ui/app/components/data-collection/index.js
index 6bdba36c5157..152454dffe2d 100644
--- a/ui/packages/consul-ui/app/components/data-collection/index.js
+++ b/ui/packages/consul-ui/app/components/data-collection/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/data-form/index.hbs b/ui/packages/consul-ui/app/components/data-form/index.hbs
index a73a8c3a071e..7545b2f602ca 100644
--- a/ui/packages/consul-ui/app/components/data-form/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <DataLoader
diff --git a/ui/packages/consul-ui/app/components/data-form/index.js b/ui/packages/consul-ui/app/components/data-form/index.js
index ba6dca5f4cfa..191cd1f1919e 100644
--- a/ui/packages/consul-ui/app/components/data-form/index.js
+++ b/ui/packages/consul-ui/app/components/data-form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js b/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js
index aab23f9758ee..ec31f731bfce 100644
--- a/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/data-loader/index.hbs b/ui/packages/consul-ui/app/components/data-loader/index.hbs
index 7208097c5178..7a894117b94f 100644
--- a/ui/packages/consul-ui/app/components/data-loader/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-loader/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/data-loader/index.js b/ui/packages/consul-ui/app/components/data-loader/index.js
index a85b36648c12..9db0f6cff31a 100644
--- a/ui/packages/consul-ui/app/components/data-loader/index.js
+++ b/ui/packages/consul-ui/app/components/data-loader/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/data-sink/index.hbs b/ui/packages/consul-ui/app/components/data-sink/index.hbs
index 7bf4d0fbe590..2517542ff9b5 100644
--- a/ui/packages/consul-ui/app/components/data-sink/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-sink/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield (hash
diff --git a/ui/packages/consul-ui/app/components/data-sink/index.js b/ui/packages/consul-ui/app/components/data-sink/index.js
index 377d289db4f6..5bc54e0e160f 100644
--- a/ui/packages/consul-ui/app/components/data-sink/index.js
+++ b/ui/packages/consul-ui/app/components/data-sink/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/data-source/index.hbs b/ui/packages/consul-ui/app/components/data-source/index.hbs
index df57e6910d79..65d006801626 100644
--- a/ui/packages/consul-ui/app/components/data-source/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-source/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (not this.disabled)}}
diff --git a/ui/packages/consul-ui/app/components/data-source/index.js b/ui/packages/consul-ui/app/components/data-source/index.js
index d10ea3aad952..cf2894738e7a 100644
--- a/ui/packages/consul-ui/app/components/data-source/index.js
+++ b/ui/packages/consul-ui/app/components/data-source/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint no-console: ["error", { allow: ["debug"] }] */
diff --git a/ui/packages/consul-ui/app/components/data-writer/chart.xstate.js b/ui/packages/consul-ui/app/components/data-writer/chart.xstate.js
index c8fe6d023654..875456aaad93 100644
--- a/ui/packages/consul-ui/app/components/data-writer/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/data-writer/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/data-writer/index.hbs b/ui/packages/consul-ui/app/components/data-writer/index.hbs
index c336c1c96661..60f1324ea5eb 100644
--- a/ui/packages/consul-ui/app/components/data-writer/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-writer/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <StateChart @src={{chart}} as |State Guard Action dispatch state|>
diff --git a/ui/packages/consul-ui/app/components/data-writer/index.js b/ui/packages/consul-ui/app/components/data-writer/index.js
index b626ceb04fe1..173afb6746ce 100644
--- a/ui/packages/consul-ui/app/components/data-writer/index.js
+++ b/ui/packages/consul-ui/app/components/data-writer/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/debug/navigation/index.hbs b/ui/packages/consul-ui/app/components/debug/navigation/index.hbs
index 72c815c2fc58..d7373afe9912 100644
--- a/ui/packages/consul-ui/app/components/debug/navigation/index.hbs
+++ b/ui/packages/consul-ui/app/components/debug/navigation/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
   <li>
diff --git a/ui/packages/consul-ui/app/components/definition-table/debug.scss b/ui/packages/consul-ui/app/components/definition-table/debug.scss
index b164b50f8b0e..f9fd2d557d02 100644
--- a/ui/packages/consul-ui/app/components/definition-table/debug.scss
+++ b/ui/packages/consul-ui/app/components/definition-table/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 [id^='docfy-demo-preview-definition-table'] {
diff --git a/ui/packages/consul-ui/app/components/definition-table/index.scss b/ui/packages/consul-ui/app/components/definition-table/index.scss
index 039c1f4fcc5e..7ae5d96ccdd5 100644
--- a/ui/packages/consul-ui/app/components/definition-table/index.scss
+++ b/ui/packages/consul-ui/app/components/definition-table/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/definition-table/layout.scss b/ui/packages/consul-ui/app/components/definition-table/layout.scss
index b59176fdf702..5a954ee9b722 100644
--- a/ui/packages/consul-ui/app/components/definition-table/layout.scss
+++ b/ui/packages/consul-ui/app/components/definition-table/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %definition-table > dl {
diff --git a/ui/packages/consul-ui/app/components/definition-table/skin.scss b/ui/packages/consul-ui/app/components/definition-table/skin.scss
index f5068c90a64b..6a5c2bc446e3 100644
--- a/ui/packages/consul-ui/app/components/definition-table/skin.scss
+++ b/ui/packages/consul-ui/app/components/definition-table/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %definition-table {
diff --git a/ui/packages/consul-ui/app/components/delete-confirmation/index.hbs b/ui/packages/consul-ui/app/components/delete-confirmation/index.hbs
index 8169ad971bcb..e7a23c39d77d 100644
--- a/ui/packages/consul-ui/app/components/delete-confirmation/index.hbs
+++ b/ui/packages/consul-ui/app/components/delete-confirmation/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <p>
diff --git a/ui/packages/consul-ui/app/components/delete-confirmation/index.js b/ui/packages/consul-ui/app/components/delete-confirmation/index.js
index 08a37f713bcc..fa7c11260214 100644
--- a/ui/packages/consul-ui/app/components/delete-confirmation/index.js
+++ b/ui/packages/consul-ui/app/components/delete-confirmation/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/disclosure-menu/action/index.hbs b/ui/packages/consul-ui/app/components/disclosure-menu/action/index.hbs
index 62a62f562840..fed93c5d9467 100644
--- a/ui/packages/consul-ui/app/components/disclosure-menu/action/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure-menu/action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <@disclosure.Action
diff --git a/ui/packages/consul-ui/app/components/disclosure-menu/index.hbs b/ui/packages/consul-ui/app/components/disclosure-menu/index.hbs
index 524034ac99cf..0e869364e164 100644
--- a/ui/packages/consul-ui/app/components/disclosure-menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure-menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/disclosure-menu/index.scss b/ui/packages/consul-ui/app/components/disclosure-menu/index.scss
index 041ca2da3e49..aaded7b370b8 100644
--- a/ui/packages/consul-ui/app/components/disclosure-menu/index.scss
+++ b/ui/packages/consul-ui/app/components/disclosure-menu/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .disclosure-menu {
diff --git a/ui/packages/consul-ui/app/components/disclosure-menu/menu/index.hbs b/ui/packages/consul-ui/app/components/disclosure-menu/menu/index.hbs
index 18bb010640e8..8ad9a72ab319 100644
--- a/ui/packages/consul-ui/app/components/disclosure-menu/menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure-menu/menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <@disclosure.Details as |details|>
diff --git a/ui/packages/consul-ui/app/components/disclosure/action/index.hbs b/ui/packages/consul-ui/app/components/disclosure/action/index.hbs
index 239e30455008..a3d0cf849edb 100644
--- a/ui/packages/consul-ui/app/components/disclosure/action/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure/action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Action
diff --git a/ui/packages/consul-ui/app/components/disclosure/details/index.hbs b/ui/packages/consul-ui/app/components/disclosure/details/index.hbs
index cf7b8239dec6..3ecfdb6ee4ea 100644
--- a/ui/packages/consul-ui/app/components/disclosure/details/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure/details/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let
diff --git a/ui/packages/consul-ui/app/components/disclosure/index.hbs b/ui/packages/consul-ui/app/components/disclosure/index.hbs
index 2f06da8e116e..5632f83f2f72 100644
--- a/ui/packages/consul-ui/app/components/disclosure/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <StateChart
diff --git a/ui/packages/consul-ui/app/components/disclosure/index.js b/ui/packages/consul-ui/app/components/disclosure/index.js
index 44e4f3d4e28a..dd47bdc76c39 100644
--- a/ui/packages/consul-ui/app/components/disclosure/index.js
+++ b/ui/packages/consul-ui/app/components/disclosure/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/display-toggle/index.scss b/ui/packages/consul-ui/app/components/display-toggle/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/display-toggle/index.scss
+++ b/ui/packages/consul-ui/app/components/display-toggle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/display-toggle/layout.scss b/ui/packages/consul-ui/app/components/display-toggle/layout.scss
index d7f6a7c8af04..71c483481ddd 100644
--- a/ui/packages/consul-ui/app/components/display-toggle/layout.scss
+++ b/ui/packages/consul-ui/app/components/display-toggle/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %display-toggle-siblings,
diff --git a/ui/packages/consul-ui/app/components/display-toggle/skin.scss b/ui/packages/consul-ui/app/components/display-toggle/skin.scss
index 46102bc1abf2..7c52b8373629 100644
--- a/ui/packages/consul-ui/app/components/display-toggle/skin.scss
+++ b/ui/packages/consul-ui/app/components/display-toggle/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %display-toggle-siblings ~ label {
diff --git a/ui/packages/consul-ui/app/components/dom-recycling-table/index.scss b/ui/packages/consul-ui/app/components/dom-recycling-table/index.scss
index a079c22dc7aa..65c474196a83 100644
--- a/ui/packages/consul-ui/app/components/dom-recycling-table/index.scss
+++ b/ui/packages/consul-ui/app/components/dom-recycling-table/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './layout';
diff --git a/ui/packages/consul-ui/app/components/dom-recycling-table/layout.scss b/ui/packages/consul-ui/app/components/dom-recycling-table/layout.scss
index 3256ff1af125..277c49c53e3d 100644
--- a/ui/packages/consul-ui/app/components/dom-recycling-table/layout.scss
+++ b/ui/packages/consul-ui/app/components/dom-recycling-table/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %dom-recycling-table {
diff --git a/ui/packages/consul-ui/app/components/empty-state/index.hbs b/ui/packages/consul-ui/app/components/empty-state/index.hbs
index 7f5d35cc8af3..8c1a458a05a3 100644
--- a/ui/packages/consul-ui/app/components/empty-state/index.hbs
+++ b/ui/packages/consul-ui/app/components/empty-state/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/empty-state/index.js b/ui/packages/consul-ui/app/components/empty-state/index.js
index 3a6ff02f451f..f96e9c0722af 100644
--- a/ui/packages/consul-ui/app/components/empty-state/index.js
+++ b/ui/packages/consul-ui/app/components/empty-state/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/empty-state/index.scss b/ui/packages/consul-ui/app/components/empty-state/index.scss
index ccd741e293bb..a2c0d5ae396a 100644
--- a/ui/packages/consul-ui/app/components/empty-state/index.scss
+++ b/ui/packages/consul-ui/app/components/empty-state/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './layout';
diff --git a/ui/packages/consul-ui/app/components/empty-state/layout.scss b/ui/packages/consul-ui/app/components/empty-state/layout.scss
index 4c6e5c5c7ace..39ccf3650419 100644
--- a/ui/packages/consul-ui/app/components/empty-state/layout.scss
+++ b/ui/packages/consul-ui/app/components/empty-state/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %empty-state,
diff --git a/ui/packages/consul-ui/app/components/empty-state/pageobject.js b/ui/packages/consul-ui/app/components/empty-state/pageobject.js
index 6db257f8b587..220c7f9e83e1 100644
--- a/ui/packages/consul-ui/app/components/empty-state/pageobject.js
+++ b/ui/packages/consul-ui/app/components/empty-state/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (present) =>
diff --git a/ui/packages/consul-ui/app/components/empty-state/skin.scss b/ui/packages/consul-ui/app/components/empty-state/skin.scss
index a60638368304..b953ee9678a7 100644
--- a/ui/packages/consul-ui/app/components/empty-state/skin.scss
+++ b/ui/packages/consul-ui/app/components/empty-state/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %empty-state {
diff --git a/ui/packages/consul-ui/app/components/error-state/index.hbs b/ui/packages/consul-ui/app/components/error-state/index.hbs
index e1c8fc0846aa..a04e3293a11c 100644
--- a/ui/packages/consul-ui/app/components/error-state/index.hbs
+++ b/ui/packages/consul-ui/app/components/error-state/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (not-eq @error.status "403")}}
diff --git a/ui/packages/consul-ui/app/components/event-source/index.hbs b/ui/packages/consul-ui/app/components/event-source/index.hbs
index 42d9f1bcb589..c9ca83481674 100644
--- a/ui/packages/consul-ui/app/components/event-source/index.hbs
+++ b/ui/packages/consul-ui/app/components/event-source/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield (hash
diff --git a/ui/packages/consul-ui/app/components/event-source/index.js b/ui/packages/consul-ui/app/components/event-source/index.js
index ff898b6b0d4e..20d29fc82be4 100644
--- a/ui/packages/consul-ui/app/components/event-source/index.js
+++ b/ui/packages/consul-ui/app/components/event-source/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/expanded-single-select/index.scss b/ui/packages/consul-ui/app/components/expanded-single-select/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/expanded-single-select/index.scss
+++ b/ui/packages/consul-ui/app/components/expanded-single-select/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/expanded-single-select/layout.scss b/ui/packages/consul-ui/app/components/expanded-single-select/layout.scss
index 8fd8cd8d9810..428377c3aa49 100644
--- a/ui/packages/consul-ui/app/components/expanded-single-select/layout.scss
+++ b/ui/packages/consul-ui/app/components/expanded-single-select/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @media #{$--horizontal-selects} {
diff --git a/ui/packages/consul-ui/app/components/expanded-single-select/skin.scss b/ui/packages/consul-ui/app/components/expanded-single-select/skin.scss
index b56e4d93b539..ea8ab52e56ed 100644
--- a/ui/packages/consul-ui/app/components/expanded-single-select/skin.scss
+++ b/ui/packages/consul-ui/app/components/expanded-single-select/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %expanded-single-select {
diff --git a/ui/packages/consul-ui/app/components/filter-bar/index.scss b/ui/packages/consul-ui/app/components/filter-bar/index.scss
index 69db98743287..373ae718eba7 100644
--- a/ui/packages/consul-ui/app/components/filter-bar/index.scss
+++ b/ui/packages/consul-ui/app/components/filter-bar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/filter-bar/layout.scss b/ui/packages/consul-ui/app/components/filter-bar/layout.scss
index d6c14c37773d..1ebc5c1605ba 100644
--- a/ui/packages/consul-ui/app/components/filter-bar/layout.scss
+++ b/ui/packages/consul-ui/app/components/filter-bar/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .filter-bar {
diff --git a/ui/packages/consul-ui/app/components/filter-bar/skin.scss b/ui/packages/consul-ui/app/components/filter-bar/skin.scss
index da8690fb6835..37c47b933404 100644
--- a/ui/packages/consul-ui/app/components/filter-bar/skin.scss
+++ b/ui/packages/consul-ui/app/components/filter-bar/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .filter-bar {
diff --git a/ui/packages/consul-ui/app/components/form-component/index.hbs b/ui/packages/consul-ui/app/components/form-component/index.hbs
index 0566ddf99b46..8709fc4b8b77 100644
--- a/ui/packages/consul-ui/app/components/form-component/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-component/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/form-component/index.js b/ui/packages/consul-ui/app/components/form-component/index.js
index 520e3eba372c..39614c54245c 100644
--- a/ui/packages/consul-ui/app/components/form-component/index.js
+++ b/ui/packages/consul-ui/app/components/form-component/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/form-elements/index.scss b/ui/packages/consul-ui/app/components/form-elements/index.scss
index 67b2339d6f1a..270cba0709d7 100644
--- a/ui/packages/consul-ui/app/components/form-elements/index.scss
+++ b/ui/packages/consul-ui/app/components/form-elements/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/form-elements/layout.scss b/ui/packages/consul-ui/app/components/form-elements/layout.scss
index 9b0212784238..3a4f11aa0be6 100644
--- a/ui/packages/consul-ui/app/components/form-elements/layout.scss
+++ b/ui/packages/consul-ui/app/components/form-elements/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %form-element,
diff --git a/ui/packages/consul-ui/app/components/form-elements/skin.scss b/ui/packages/consul-ui/app/components/form-elements/skin.scss
index e5fc1b6a1ade..aaebd04597c7 100644
--- a/ui/packages/consul-ui/app/components/form-elements/skin.scss
+++ b/ui/packages/consul-ui/app/components/form-elements/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %form-element-text-input {
diff --git a/ui/packages/consul-ui/app/components/form-group/element/checkbox/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/checkbox/index.hbs
index be64e766a9cd..07c9d1c152f0 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/checkbox/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/checkbox/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <input
diff --git a/ui/packages/consul-ui/app/components/form-group/element/error/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/error/index.hbs
index 288ee045de48..38b2913ded7d 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/error/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/error/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <strong
diff --git a/ui/packages/consul-ui/app/components/form-group/element/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/index.hbs
index d4f4487691e1..34f3e40145ab 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let (hash
diff --git a/ui/packages/consul-ui/app/components/form-group/element/index.js b/ui/packages/consul-ui/app/components/form-group/element/index.js
index cd133a52b896..86c2ac8944b7 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/index.js
+++ b/ui/packages/consul-ui/app/components/form-group/element/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/form-group/element/label/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/label/index.hbs
index 2fc091c35afe..53db30ab900b 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/label/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/label/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <span
diff --git a/ui/packages/consul-ui/app/components/form-group/element/radio/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/radio/index.hbs
index c34376e6bd44..45db5499d754 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/radio/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/radio/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <input
diff --git a/ui/packages/consul-ui/app/components/form-group/element/text/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/text/index.hbs
index 19fe924556c0..2b6335df4bfb 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/text/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/text/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <input
diff --git a/ui/packages/consul-ui/app/components/form-group/index.hbs b/ui/packages/consul-ui/app/components/form-group/index.hbs
index 8786a6476ba6..56db7f48d378 100644
--- a/ui/packages/consul-ui/app/components/form-group/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield (hash
diff --git a/ui/packages/consul-ui/app/components/form-group/index.js b/ui/packages/consul-ui/app/components/form-group/index.js
index 1c4368e6373b..31951309ccd1 100644
--- a/ui/packages/consul-ui/app/components/form-group/index.js
+++ b/ui/packages/consul-ui/app/components/form-group/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/form-input/index.hbs b/ui/packages/consul-ui/app/components/form-input/index.hbs
index 431dd8cd80c8..c9098acba6f8 100644
--- a/ui/packages/consul-ui/app/components/form-input/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-input/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <label
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/index.hbs b/ui/packages/consul-ui/app/components/freetext-filter/index.hbs
index e9e1698fee48..e9dd7f4f9962 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/index.hbs
+++ b/ui/packages/consul-ui/app/components/freetext-filter/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/index.js b/ui/packages/consul-ui/app/components/freetext-filter/index.js
index 6cc39c961018..92b7d62dec5e 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/index.js
+++ b/ui/packages/consul-ui/app/components/freetext-filter/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/index.scss b/ui/packages/consul-ui/app/components/freetext-filter/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/index.scss
+++ b/ui/packages/consul-ui/app/components/freetext-filter/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/layout.scss b/ui/packages/consul-ui/app/components/freetext-filter/layout.scss
index 488282375661..e2b958836067 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/layout.scss
+++ b/ui/packages/consul-ui/app/components/freetext-filter/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .freetext-filter {
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/pageobject.js b/ui/packages/consul-ui/app/components/freetext-filter/pageobject.js
index 5300649405a4..d362ed290994 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/pageobject.js
+++ b/ui/packages/consul-ui/app/components/freetext-filter/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (triggerable) => () => {
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/skin.scss b/ui/packages/consul-ui/app/components/freetext-filter/skin.scss
index b7b335c1b436..d7f5f63af9df 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/skin.scss
+++ b/ui/packages/consul-ui/app/components/freetext-filter/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .freetext-filter {
diff --git a/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs b/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs
index 485e54a55fb4..af5a3d3f6af7 100644
--- a/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs
+++ b/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <App class='hashicorp-consul' ...attributes>
diff --git a/ui/packages/consul-ui/app/components/hashicorp-consul/index.js b/ui/packages/consul-ui/app/components/hashicorp-consul/index.js
index 7046cccaeb15..6b5135a1bee4 100644
--- a/ui/packages/consul-ui/app/components/hashicorp-consul/index.js
+++ b/ui/packages/consul-ui/app/components/hashicorp-consul/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/hashicorp-consul/index.scss b/ui/packages/consul-ui/app/components/hashicorp-consul/index.scss
index 3424f79cb75f..c825656d1140 100644
--- a/ui/packages/consul-ui/app/components/hashicorp-consul/index.scss
+++ b/ui/packages/consul-ui/app/components/hashicorp-consul/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %hashicorp-consul {
diff --git a/ui/packages/consul-ui/app/components/horizontal-kv-list/debug.scss b/ui/packages/consul-ui/app/components/horizontal-kv-list/debug.scss
index d3fe72e65b37..e36c2aa1fe9a 100644
--- a/ui/packages/consul-ui/app/components/horizontal-kv-list/debug.scss
+++ b/ui/packages/consul-ui/app/components/horizontal-kv-list/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 [id^='docfy-demo-preview-horizontal-kv-list'] {
diff --git a/ui/packages/consul-ui/app/components/horizontal-kv-list/index.scss b/ui/packages/consul-ui/app/components/horizontal-kv-list/index.scss
index d51ee5777998..fcc2477cada9 100644
--- a/ui/packages/consul-ui/app/components/horizontal-kv-list/index.scss
+++ b/ui/packages/consul-ui/app/components/horizontal-kv-list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/horizontal-kv-list/layout.scss b/ui/packages/consul-ui/app/components/horizontal-kv-list/layout.scss
index 4e95363417d7..59636c58642d 100644
--- a/ui/packages/consul-ui/app/components/horizontal-kv-list/layout.scss
+++ b/ui/packages/consul-ui/app/components/horizontal-kv-list/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %horizontal-kv-list {
diff --git a/ui/packages/consul-ui/app/components/horizontal-kv-list/skin.scss b/ui/packages/consul-ui/app/components/horizontal-kv-list/skin.scss
index cc1c088c9087..2119a28ce03c 100644
--- a/ui/packages/consul-ui/app/components/horizontal-kv-list/skin.scss
+++ b/ui/packages/consul-ui/app/components/horizontal-kv-list/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %horizontal-kv-list-visible-title::after {
diff --git a/ui/packages/consul-ui/app/components/icon-definition/debug.scss b/ui/packages/consul-ui/app/components/icon-definition/debug.scss
index b96608743eb3..548d7a702613 100644
--- a/ui/packages/consul-ui/app/components/icon-definition/debug.scss
+++ b/ui/packages/consul-ui/app/components/icon-definition/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 #docfy-demo-preview-icon-definition {
diff --git a/ui/packages/consul-ui/app/components/icon-definition/index.scss b/ui/packages/consul-ui/app/components/icon-definition/index.scss
index a05d49cafc5a..93acc97f2e48 100644
--- a/ui/packages/consul-ui/app/components/icon-definition/index.scss
+++ b/ui/packages/consul-ui/app/components/icon-definition/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %icon-definition {
diff --git a/ui/packages/consul-ui/app/components/informed-action/index.hbs b/ui/packages/consul-ui/app/components/informed-action/index.hbs
index 6cf97b8fa7bb..34aa6bac37e0 100644
--- a/ui/packages/consul-ui/app/components/informed-action/index.hbs
+++ b/ui/packages/consul-ui/app/components/informed-action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/informed-action/index.scss b/ui/packages/consul-ui/app/components/informed-action/index.scss
index 1599ce999c13..955b07aef67e 100644
--- a/ui/packages/consul-ui/app/components/informed-action/index.scss
+++ b/ui/packages/consul-ui/app/components/informed-action/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/informed-action/layout.scss b/ui/packages/consul-ui/app/components/informed-action/layout.scss
index cc06d1ee45d9..666f84a7ac13 100644
--- a/ui/packages/consul-ui/app/components/informed-action/layout.scss
+++ b/ui/packages/consul-ui/app/components/informed-action/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %informed-action {
diff --git a/ui/packages/consul-ui/app/components/informed-action/skin.scss b/ui/packages/consul-ui/app/components/informed-action/skin.scss
index 837459d56f0a..f18e303fcbd6 100644
--- a/ui/packages/consul-ui/app/components/informed-action/skin.scss
+++ b/ui/packages/consul-ui/app/components/informed-action/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %informed-action {
diff --git a/ui/packages/consul-ui/app/components/inline-alert/debug.scss b/ui/packages/consul-ui/app/components/inline-alert/debug.scss
index d6615bf12d70..62652e1a8da4 100644
--- a/ui/packages/consul-ui/app/components/inline-alert/debug.scss
+++ b/ui/packages/consul-ui/app/components/inline-alert/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 [id^='docfy-demo-preview-inline-alert'] {
diff --git a/ui/packages/consul-ui/app/components/inline-alert/index.scss b/ui/packages/consul-ui/app/components/inline-alert/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/inline-alert/index.scss
+++ b/ui/packages/consul-ui/app/components/inline-alert/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/inline-alert/layout.scss b/ui/packages/consul-ui/app/components/inline-alert/layout.scss
index e2a8f01b58c8..a9dd6d9c3de1 100644
--- a/ui/packages/consul-ui/app/components/inline-alert/layout.scss
+++ b/ui/packages/consul-ui/app/components/inline-alert/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %inline-alert {
diff --git a/ui/packages/consul-ui/app/components/inline-alert/skin.scss b/ui/packages/consul-ui/app/components/inline-alert/skin.scss
index 8534bdf52e3b..b6c1ae37f0f0 100644
--- a/ui/packages/consul-ui/app/components/inline-alert/skin.scss
+++ b/ui/packages/consul-ui/app/components/inline-alert/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %inline-alert {
diff --git a/ui/packages/consul-ui/app/components/inline-code/index.scss b/ui/packages/consul-ui/app/components/inline-code/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/inline-code/index.scss
+++ b/ui/packages/consul-ui/app/components/inline-code/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/inline-code/layout.scss b/ui/packages/consul-ui/app/components/inline-code/layout.scss
index 1b9799278cea..311f6ad902fc 100644
--- a/ui/packages/consul-ui/app/components/inline-code/layout.scss
+++ b/ui/packages/consul-ui/app/components/inline-code/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %inline-code {
diff --git a/ui/packages/consul-ui/app/components/inline-code/skin.scss b/ui/packages/consul-ui/app/components/inline-code/skin.scss
index c2d404a84e8c..d1ce59a88e57 100644
--- a/ui/packages/consul-ui/app/components/inline-code/skin.scss
+++ b/ui/packages/consul-ui/app/components/inline-code/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %block-code,
diff --git a/ui/packages/consul-ui/app/components/jwt-source/index.js b/ui/packages/consul-ui/app/components/jwt-source/index.js
index 8844ea84d83c..a4d91801fb79 100644
--- a/ui/packages/consul-ui/app/components/jwt-source/index.js
+++ b/ui/packages/consul-ui/app/components/jwt-source/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/list-collection/index.hbs b/ui/packages/consul-ui/app/components/list-collection/index.hbs
index e99511bb636a..5988cc14986b 100644
--- a/ui/packages/consul-ui/app/components/list-collection/index.hbs
+++ b/ui/packages/consul-ui/app/components/list-collection/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/list-collection/index.js b/ui/packages/consul-ui/app/components/list-collection/index.js
index bd3fa340b465..f4391838c45c 100644
--- a/ui/packages/consul-ui/app/components/list-collection/index.js
+++ b/ui/packages/consul-ui/app/components/list-collection/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/components/list-collection/index.scss b/ui/packages/consul-ui/app/components/list-collection/index.scss
index f2fc9e2a03e8..f42d68aa9575 100644
--- a/ui/packages/consul-ui/app/components/list-collection/index.scss
+++ b/ui/packages/consul-ui/app/components/list-collection/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/list-collection/layout.scss b/ui/packages/consul-ui/app/components/list-collection/layout.scss
index 9d80a22859df..7b1804b3f760 100644
--- a/ui/packages/consul-ui/app/components/list-collection/layout.scss
+++ b/ui/packages/consul-ui/app/components/list-collection/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %list-collection > ul > li,
diff --git a/ui/packages/consul-ui/app/components/list-collection/skin.scss b/ui/packages/consul-ui/app/components/list-collection/skin.scss
index 854abb37d14e..48702631bd1d 100644
--- a/ui/packages/consul-ui/app/components/list-collection/skin.scss
+++ b/ui/packages/consul-ui/app/components/list-collection/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %list-collection > ul {
diff --git a/ui/packages/consul-ui/app/components/list-row/index.scss b/ui/packages/consul-ui/app/components/list-row/index.scss
index 8f2c6afcbd46..65968d570f0f 100644
--- a/ui/packages/consul-ui/app/components/list-row/index.scss
+++ b/ui/packages/consul-ui/app/components/list-row/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/list-row/layout.scss b/ui/packages/consul-ui/app/components/list-row/layout.scss
index 11e46544bfe4..fc4971e21f6f 100644
--- a/ui/packages/consul-ui/app/components/list-row/layout.scss
+++ b/ui/packages/consul-ui/app/components/list-row/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %list-row {
diff --git a/ui/packages/consul-ui/app/components/list-row/skin.scss b/ui/packages/consul-ui/app/components/list-row/skin.scss
index 2d54791643e5..9f490d871c8d 100644
--- a/ui/packages/consul-ui/app/components/list-row/skin.scss
+++ b/ui/packages/consul-ui/app/components/list-row/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %list-row {
diff --git a/ui/packages/consul-ui/app/components/main-header-horizontal/index.scss b/ui/packages/consul-ui/app/components/main-header-horizontal/index.scss
index 6436a1f9115b..7b885758df3a 100644
--- a/ui/packages/consul-ui/app/components/main-header-horizontal/index.scss
+++ b/ui/packages/consul-ui/app/components/main-header-horizontal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin.scss';
diff --git a/ui/packages/consul-ui/app/components/main-header-horizontal/layout.scss b/ui/packages/consul-ui/app/components/main-header-horizontal/layout.scss
index f3106c1b05cc..6e46b9b88c67 100644
--- a/ui/packages/consul-ui/app/components/main-header-horizontal/layout.scss
+++ b/ui/packages/consul-ui/app/components/main-header-horizontal/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %main-header-horizontal {
diff --git a/ui/packages/consul-ui/app/components/main-header-horizontal/skin.scss b/ui/packages/consul-ui/app/components/main-header-horizontal/skin.scss
index bebf92eb0e39..b75cfe98dfd7 100644
--- a/ui/packages/consul-ui/app/components/main-header-horizontal/skin.scss
+++ b/ui/packages/consul-ui/app/components/main-header-horizontal/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %main-header-horizontal::before {
diff --git a/ui/packages/consul-ui/app/components/main-nav-horizontal/index.scss b/ui/packages/consul-ui/app/components/main-nav-horizontal/index.scss
index bd63cfb1dc1e..218935679676 100644
--- a/ui/packages/consul-ui/app/components/main-nav-horizontal/index.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-horizontal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/main-nav-horizontal/layout.scss b/ui/packages/consul-ui/app/components/main-nav-horizontal/layout.scss
index 48e1bc20612f..0db5e63ea0e1 100644
--- a/ui/packages/consul-ui/app/components/main-nav-horizontal/layout.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-horizontal/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %main-nav-horizontal > ul,
diff --git a/ui/packages/consul-ui/app/components/main-nav-horizontal/skin.scss b/ui/packages/consul-ui/app/components/main-nav-horizontal/skin.scss
index 5ece648a46c1..8cd1c1e64688 100644
--- a/ui/packages/consul-ui/app/components/main-nav-horizontal/skin.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-horizontal/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %main-nav-horizontal-action {
diff --git a/ui/packages/consul-ui/app/components/main-nav-vertical/debug.scss b/ui/packages/consul-ui/app/components/main-nav-vertical/debug.scss
index 0049d728d554..f277042b42d8 100644
--- a/ui/packages/consul-ui/app/components/main-nav-vertical/debug.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-vertical/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 #docfy-demo-preview-main-nav-vertical {
diff --git a/ui/packages/consul-ui/app/components/main-nav-vertical/index.scss b/ui/packages/consul-ui/app/components/main-nav-vertical/index.scss
index 0867b4a16bf3..fd8f7cf4b562 100644
--- a/ui/packages/consul-ui/app/components/main-nav-vertical/index.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-vertical/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/main-nav-vertical/layout.scss b/ui/packages/consul-ui/app/components/main-nav-vertical/layout.scss
index 4a35de781f34..a63b82f951c7 100644
--- a/ui/packages/consul-ui/app/components/main-nav-vertical/layout.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-vertical/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %main-nav-vertical {
diff --git a/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss b/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss
index 57a402b49b69..bda8a2110177 100644
--- a/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %main-nav-vertical-action {
diff --git a/ui/packages/consul-ui/app/components/menu-panel/deprecated.scss b/ui/packages/consul-ui/app/components/menu-panel/deprecated.scss
index 325c8bf5b0af..219f74069df5 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/deprecated.scss
+++ b/ui/packages/consul-ui/app/components/menu-panel/deprecated.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* old stuff */
diff --git a/ui/packages/consul-ui/app/components/menu-panel/index.hbs b/ui/packages/consul-ui/app/components/menu-panel/index.hbs
index 6513b3f3d0e7..c7582dbd601a 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/index.hbs
+++ b/ui/packages/consul-ui/app/components/menu-panel/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/menu-panel/index.js b/ui/packages/consul-ui/app/components/menu-panel/index.js
index 8ce7494d5aaa..4a7833b14f74 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/index.js
+++ b/ui/packages/consul-ui/app/components/menu-panel/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/menu-panel/index.scss b/ui/packages/consul-ui/app/components/menu-panel/index.scss
index e3babd0e7579..3e298a143c61 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/index.scss
+++ b/ui/packages/consul-ui/app/components/menu-panel/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/menu-panel/layout.scss b/ui/packages/consul-ui/app/components/menu-panel/layout.scss
index d014e79be326..870c667d5f80 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/layout.scss
+++ b/ui/packages/consul-ui/app/components/menu-panel/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %menu-panel-header {
diff --git a/ui/packages/consul-ui/app/components/menu-panel/skin.scss b/ui/packages/consul-ui/app/components/menu-panel/skin.scss
index 8d3b26e6f934..b3b55f386398 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/skin.scss
+++ b/ui/packages/consul-ui/app/components/menu-panel/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %menu-panel-button-selected::after {
diff --git a/ui/packages/consul-ui/app/components/menu/action/index.hbs b/ui/packages/consul-ui/app/components/menu/action/index.hbs
index 298da6ec8d87..0b76c287d759 100644
--- a/ui/packages/consul-ui/app/components/menu/action/index.hbs
+++ b/ui/packages/consul-ui/app/components/menu/action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Action
diff --git a/ui/packages/consul-ui/app/components/menu/index.hbs b/ui/packages/consul-ui/app/components/menu/index.hbs
index 953d342b26c6..34c8b5cc0841 100644
--- a/ui/packages/consul-ui/app/components/menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ul
diff --git a/ui/packages/consul-ui/app/components/menu/item/index.hbs b/ui/packages/consul-ui/app/components/menu/item/index.hbs
index 83504168ebfb..a21058e79df3 100644
--- a/ui/packages/consul-ui/app/components/menu/item/index.hbs
+++ b/ui/packages/consul-ui/app/components/menu/item/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <li
diff --git a/ui/packages/consul-ui/app/components/menu/separator/index.hbs b/ui/packages/consul-ui/app/components/menu/separator/index.hbs
index f6d448ba3405..b893690383ff 100644
--- a/ui/packages/consul-ui/app/components/menu/separator/index.hbs
+++ b/ui/packages/consul-ui/app/components/menu/separator/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <li
diff --git a/ui/packages/consul-ui/app/components/modal-dialog/index.hbs b/ui/packages/consul-ui/app/components/modal-dialog/index.hbs
index fd1c315e3ddb..4aed448d5d35 100644
--- a/ui/packages/consul-ui/app/components/modal-dialog/index.hbs
+++ b/ui/packages/consul-ui/app/components/modal-dialog/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let (hash
diff --git a/ui/packages/consul-ui/app/components/modal-dialog/index.js b/ui/packages/consul-ui/app/components/modal-dialog/index.js
index 65671fa1cf52..07002606c1f8 100644
--- a/ui/packages/consul-ui/app/components/modal-dialog/index.js
+++ b/ui/packages/consul-ui/app/components/modal-dialog/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/modal-dialog/index.scss b/ui/packages/consul-ui/app/components/modal-dialog/index.scss
index e8663e7c8b91..dc8f0a045a65 100644
--- a/ui/packages/consul-ui/app/components/modal-dialog/index.scss
+++ b/ui/packages/consul-ui/app/components/modal-dialog/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/modal-dialog/layout.scss b/ui/packages/consul-ui/app/components/modal-dialog/layout.scss
index fffb48099aeb..71b46eb90319 100644
--- a/ui/packages/consul-ui/app/components/modal-dialog/layout.scss
+++ b/ui/packages/consul-ui/app/components/modal-dialog/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %modal-layer {
diff --git a/ui/packages/consul-ui/app/components/modal-dialog/skin.scss b/ui/packages/consul-ui/app/components/modal-dialog/skin.scss
index 32185dbfbd9a..8524f687739a 100644
--- a/ui/packages/consul-ui/app/components/modal-dialog/skin.scss
+++ b/ui/packages/consul-ui/app/components/modal-dialog/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %modal-dialog.warning header {
diff --git a/ui/packages/consul-ui/app/components/modal-layer/index.hbs b/ui/packages/consul-ui/app/components/modal-layer/index.hbs
index 8cc453fd0150..a76e270011fe 100644
--- a/ui/packages/consul-ui/app/components/modal-layer/index.hbs
+++ b/ui/packages/consul-ui/app/components/modal-layer/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/more-popover-menu/index.hbs b/ui/packages/consul-ui/app/components/more-popover-menu/index.hbs
index 3eaf0aa239a6..35b2c1524b15 100644
--- a/ui/packages/consul-ui/app/components/more-popover-menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/more-popover-menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/more-popover-menu/index.js b/ui/packages/consul-ui/app/components/more-popover-menu/index.js
index 8f027b69f0e0..d99599ac3039 100644
--- a/ui/packages/consul-ui/app/components/more-popover-menu/index.js
+++ b/ui/packages/consul-ui/app/components/more-popover-menu/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/more-popover-menu/index.scss b/ui/packages/consul-ui/app/components/more-popover-menu/index.scss
index 563faad84979..12c640d4b6b3 100644
--- a/ui/packages/consul-ui/app/components/more-popover-menu/index.scss
+++ b/ui/packages/consul-ui/app/components/more-popover-menu/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .more-popover-menu {
diff --git a/ui/packages/consul-ui/app/components/more-popover-menu/pageobject.js b/ui/packages/consul-ui/app/components/more-popover-menu/pageobject.js
index 7fb79c814142..4a0bc35ca3ae 100644
--- a/ui/packages/consul-ui/app/components/more-popover-menu/pageobject.js
+++ b/ui/packages/consul-ui/app/components/more-popover-menu/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (clickable, confirmation) => (actions, scope) => {
diff --git a/ui/packages/consul-ui/app/components/oidc-select/chart.xstate.js b/ui/packages/consul-ui/app/components/oidc-select/chart.xstate.js
index 6a938aeed205..bd2ee43bd0a2 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/oidc-select/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/oidc-select/index.hbs b/ui/packages/consul-ui/app/components/oidc-select/index.hbs
index 0f729f9d03c6..d5baea36ee52 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/index.hbs
+++ b/ui/packages/consul-ui/app/components/oidc-select/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <StateChart @src={{chart}} as |State Guard ChartAction dispatch state|>
diff --git a/ui/packages/consul-ui/app/components/oidc-select/index.js b/ui/packages/consul-ui/app/components/oidc-select/index.js
index 2ac232d13476..4c55b12967ed 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/index.js
+++ b/ui/packages/consul-ui/app/components/oidc-select/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/oidc-select/index.scss b/ui/packages/consul-ui/app/components/oidc-select/index.scss
index a844e6f16a4c..23d85f90bf54 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/index.scss
+++ b/ui/packages/consul-ui/app/components/oidc-select/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/oidc-select/layout.scss b/ui/packages/consul-ui/app/components/oidc-select/layout.scss
index 44ebea01e0a5..ab1ccd686c08 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/layout.scss
+++ b/ui/packages/consul-ui/app/components/oidc-select/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %oidc-select li,
diff --git a/ui/packages/consul-ui/app/components/oidc-select/skin.scss b/ui/packages/consul-ui/app/components/oidc-select/skin.scss
index 438850e06ad9..c4f548f97ae8 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/skin.scss
+++ b/ui/packages/consul-ui/app/components/oidc-select/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %oidc-select [class$='-oidc-provider']::before {
diff --git a/ui/packages/consul-ui/app/components/option-input/index.hbs b/ui/packages/consul-ui/app/components/option-input/index.hbs
index 2b65eada6966..f8906f529c91 100644
--- a/ui/packages/consul-ui/app/components/option-input/index.hbs
+++ b/ui/packages/consul-ui/app/components/option-input/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <FormInput
diff --git a/ui/packages/consul-ui/app/components/outlet/index.hbs b/ui/packages/consul-ui/app/components/outlet/index.hbs
index d27c003d4611..321793757150 100644
--- a/ui/packages/consul-ui/app/components/outlet/index.hbs
+++ b/ui/packages/consul-ui/app/components/outlet/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{did-insert this.connect}}
diff --git a/ui/packages/consul-ui/app/components/outlet/index.js b/ui/packages/consul-ui/app/components/outlet/index.js
index 5a58cd3b7801..1ffcb8c4f39d 100644
--- a/ui/packages/consul-ui/app/components/outlet/index.js
+++ b/ui/packages/consul-ui/app/components/outlet/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/overlay/index.scss b/ui/packages/consul-ui/app/components/overlay/index.scss
index e64254ea0beb..99e8dd43df87 100644
--- a/ui/packages/consul-ui/app/components/overlay/index.scss
+++ b/ui/packages/consul-ui/app/components/overlay/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './none.scss';
diff --git a/ui/packages/consul-ui/app/components/overlay/none.scss b/ui/packages/consul-ui/app/components/overlay/none.scss
index eb22bcbde700..60b147c382ba 100644
--- a/ui/packages/consul-ui/app/components/overlay/none.scss
+++ b/ui/packages/consul-ui/app/components/overlay/none.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .tippy-box {
diff --git a/ui/packages/consul-ui/app/components/overlay/square-tail.scss b/ui/packages/consul-ui/app/components/overlay/square-tail.scss
index ba8fa2abe463..1d221851d492 100644
--- a/ui/packages/consul-ui/app/components/overlay/square-tail.scss
+++ b/ui/packages/consul-ui/app/components/overlay/square-tail.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 [data-theme~='square-tail'] {
diff --git a/ui/packages/consul-ui/app/components/paged-collection/index.hbs b/ui/packages/consul-ui/app/components/paged-collection/index.hbs
index 8003a88f24a2..c21d9104d63c 100644
--- a/ui/packages/consul-ui/app/components/paged-collection/index.hbs
+++ b/ui/packages/consul-ui/app/components/paged-collection/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield (hash
diff --git a/ui/packages/consul-ui/app/components/paged-collection/index.js b/ui/packages/consul-ui/app/components/paged-collection/index.js
index e6f851b813e7..7a9bfbbf2680 100644
--- a/ui/packages/consul-ui/app/components/paged-collection/index.js
+++ b/ui/packages/consul-ui/app/components/paged-collection/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/paged-collection/index.scss b/ui/packages/consul-ui/app/components/paged-collection/index.scss
index e6943f079fa8..5b274087347a 100644
--- a/ui/packages/consul-ui/app/components/paged-collection/index.scss
+++ b/ui/packages/consul-ui/app/components/paged-collection/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %paged-collection-scroll {
diff --git a/ui/packages/consul-ui/app/components/panel/debug.scss b/ui/packages/consul-ui/app/components/panel/debug.scss
index 9dab5559a7d8..b193883ad9b4 100644
--- a/ui/packages/consul-ui/app/components/panel/debug.scss
+++ b/ui/packages/consul-ui/app/components/panel/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 #docfy-demo-preview-panel {
diff --git a/ui/packages/consul-ui/app/components/panel/index.css.js b/ui/packages/consul-ui/app/components/panel/index.css.js
index 2de8022cd194..c3f86fb942a4 100644
--- a/ui/packages/consul-ui/app/components/panel/index.css.js
+++ b/ui/packages/consul-ui/app/components/panel/index.css.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (css) => css`
diff --git a/ui/packages/consul-ui/app/components/panel/index.scss b/ui/packages/consul-ui/app/components/panel/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/panel/index.scss
+++ b/ui/packages/consul-ui/app/components/panel/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/panel/layout.scss b/ui/packages/consul-ui/app/components/panel/layout.scss
index 27ac195ccb51..a8ec607b1ce9 100644
--- a/ui/packages/consul-ui/app/components/panel/layout.scss
+++ b/ui/packages/consul-ui/app/components/panel/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %panel {
diff --git a/ui/packages/consul-ui/app/components/panel/skin.scss b/ui/packages/consul-ui/app/components/panel/skin.scss
index 82463ad09e36..68d92e2866e6 100644
--- a/ui/packages/consul-ui/app/components/panel/skin.scss
+++ b/ui/packages/consul-ui/app/components/panel/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %panel {
diff --git a/ui/packages/consul-ui/app/components/peerings/badge/icon/index.hbs b/ui/packages/consul-ui/app/components/peerings/badge/icon/index.hbs
index facfa881de00..a856fd8069ee 100644
--- a/ui/packages/consul-ui/app/components/peerings/badge/icon/index.hbs
+++ b/ui/packages/consul-ui/app/components/peerings/badge/icon/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (or (eq @state "PENDING") (eq @state "ESTABLISHING"))}}
diff --git a/ui/packages/consul-ui/app/components/peerings/badge/index.hbs b/ui/packages/consul-ui/app/components/peerings/badge/index.hbs
index aa416d87ed12..437b0f416273 100644
--- a/ui/packages/consul-ui/app/components/peerings/badge/index.hbs
+++ b/ui/packages/consul-ui/app/components/peerings/badge/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if @peering.State}}
diff --git a/ui/packages/consul-ui/app/components/peerings/badge/index.js b/ui/packages/consul-ui/app/components/peerings/badge/index.js
index 5a4ea379c760..dad8bfba791a 100644
--- a/ui/packages/consul-ui/app/components/peerings/badge/index.js
+++ b/ui/packages/consul-ui/app/components/peerings/badge/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/peerings/badge/index.scss b/ui/packages/consul-ui/app/components/peerings/badge/index.scss
index 677f5e620694..40874651ea50 100644
--- a/ui/packages/consul-ui/app/components/peerings/badge/index.scss
+++ b/ui/packages/consul-ui/app/components/peerings/badge/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .peerings-badge {
diff --git a/ui/packages/consul-ui/app/components/peerings/provider/index.hbs b/ui/packages/consul-ui/app/components/peerings/provider/index.hbs
index e3a0426b0351..070c4ab2630d 100644
--- a/ui/packages/consul-ui/app/components/peerings/provider/index.hbs
+++ b/ui/packages/consul-ui/app/components/peerings/provider/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield (hash data=this.data)}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/peerings/provider/index.js b/ui/packages/consul-ui/app/components/peerings/provider/index.js
index e4c0cce043f9..5bc42c1e74a6 100644
--- a/ui/packages/consul-ui/app/components/peerings/provider/index.js
+++ b/ui/packages/consul-ui/app/components/peerings/provider/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/pill/index.scss b/ui/packages/consul-ui/app/components/pill/index.scss
index 10b352ad2b14..de699508c30b 100644
--- a/ui/packages/consul-ui/app/components/pill/index.scss
+++ b/ui/packages/consul-ui/app/components/pill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/pill/layout.scss b/ui/packages/consul-ui/app/components/pill/layout.scss
index 56424ede9434..3dc7ed6a30d1 100644
--- a/ui/packages/consul-ui/app/components/pill/layout.scss
+++ b/ui/packages/consul-ui/app/components/pill/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %pill {
diff --git a/ui/packages/consul-ui/app/components/pill/skin.scss b/ui/packages/consul-ui/app/components/pill/skin.scss
index 562a0a101457..c6a92c00bab2 100644
--- a/ui/packages/consul-ui/app/components/pill/skin.scss
+++ b/ui/packages/consul-ui/app/components/pill/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %pill {
diff --git a/ui/packages/consul-ui/app/components/policy-form/index.hbs b/ui/packages/consul-ui/app/components/policy-form/index.hbs
index 5004da0a1810..98f85069be4e 100644
--- a/ui/packages/consul-ui/app/components/policy-form/index.hbs
+++ b/ui/packages/consul-ui/app/components/policy-form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/policy-form/index.js b/ui/packages/consul-ui/app/components/policy-form/index.js
index 7328dd17bed5..116aae672450 100644
--- a/ui/packages/consul-ui/app/components/policy-form/index.js
+++ b/ui/packages/consul-ui/app/components/policy-form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import FormComponent from '../form-component/index';
diff --git a/ui/packages/consul-ui/app/components/policy-form/pageobject.js b/ui/packages/consul-ui/app/components/policy-form/pageobject.js
index 479448dedddc..5ac782b11605 100644
--- a/ui/packages/consul-ui/app/components/policy-form/pageobject.js
+++ b/ui/packages/consul-ui/app/components/policy-form/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (submitable, cancelable, radiogroup, text) =>
diff --git a/ui/packages/consul-ui/app/components/policy-selector/index.hbs b/ui/packages/consul-ui/app/components/policy-selector/index.hbs
index 53388e0fc9ab..286f6bc4f7c2 100644
--- a/ui/packages/consul-ui/app/components/policy-selector/index.hbs
+++ b/ui/packages/consul-ui/app/components/policy-selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ChildSelector
diff --git a/ui/packages/consul-ui/app/components/policy-selector/index.js b/ui/packages/consul-ui/app/components/policy-selector/index.js
index 060cb572daca..3a8d14fdeeac 100644
--- a/ui/packages/consul-ui/app/components/policy-selector/index.js
+++ b/ui/packages/consul-ui/app/components/policy-selector/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import ChildSelectorComponent from '../child-selector/index';
diff --git a/ui/packages/consul-ui/app/components/policy-selector/pageobject.js b/ui/packages/consul-ui/app/components/policy-selector/pageobject.js
index 6bc118404890..b6471faea0ef 100644
--- a/ui/packages/consul-ui/app/components/policy-selector/pageobject.js
+++ b/ui/packages/consul-ui/app/components/policy-selector/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (clickable, deletable, collection, alias, policyForm) =>
diff --git a/ui/packages/consul-ui/app/components/popover-menu/index.hbs b/ui/packages/consul-ui/app/components/popover-menu/index.hbs
index d8f259763614..166536a55b50 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/popover-menu/index.js b/ui/packages/consul-ui/app/components/popover-menu/index.js
index 00ffa0923fbd..f37321af97c5 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/index.js
+++ b/ui/packages/consul-ui/app/components/popover-menu/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*eslint ember/closure-actions: "warn"*/
diff --git a/ui/packages/consul-ui/app/components/popover-menu/index.scss b/ui/packages/consul-ui/app/components/popover-menu/index.scss
index e6b220e261f2..29070a0155a8 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/index.scss
+++ b/ui/packages/consul-ui/app/components/popover-menu/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/popover-menu/layout.scss b/ui/packages/consul-ui/app/components/popover-menu/layout.scss
index 59f8ff343053..daccc1e8a125 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/layout.scss
+++ b/ui/packages/consul-ui/app/components/popover-menu/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %popover-menu {
diff --git a/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.hbs b/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.hbs
index 7f0d663b5eae..aa6649c7d003 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.js b/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.js
index 34618049bb63..7762956fe7bf 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.js
+++ b/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.hbs b/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.hbs
index d6c48ff87e48..b3ec79aed5b2 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.js b/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.js
index 7d105b492251..2e3ae5dc90cc 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.js
+++ b/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/popover-menu/skin.scss b/ui/packages/consul-ui/app/components/popover-menu/skin.scss
index 0a5746cd58e7..0fb07b441da1 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/skin.scss
+++ b/ui/packages/consul-ui/app/components/popover-menu/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %popover-menu-trigger > * {
diff --git a/ui/packages/consul-ui/app/components/popover-select/index.hbs b/ui/packages/consul-ui/app/components/popover-select/index.hbs
index a7e91679329d..313d720bf62e 100644
--- a/ui/packages/consul-ui/app/components/popover-select/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-select/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <PopoverMenu
diff --git a/ui/packages/consul-ui/app/components/popover-select/index.js b/ui/packages/consul-ui/app/components/popover-select/index.js
index a8569bebf027..97a24805ac5a 100644
--- a/ui/packages/consul-ui/app/components/popover-select/index.js
+++ b/ui/packages/consul-ui/app/components/popover-select/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/popover-select/index.scss b/ui/packages/consul-ui/app/components/popover-select/index.scss
index 2ac8ca4b6790..3e997ee2aeed 100644
--- a/ui/packages/consul-ui/app/components/popover-select/index.scss
+++ b/ui/packages/consul-ui/app/components/popover-select/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .popover-select {
diff --git a/ui/packages/consul-ui/app/components/popover-select/optgroup/index.hbs b/ui/packages/consul-ui/app/components/popover-select/optgroup/index.hbs
index df03944e3547..772294c9fa91 100644
--- a/ui/packages/consul-ui/app/components/popover-select/optgroup/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-select/optgroup/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let @components.MenuSeparator as |MenuSeparator|}}
diff --git a/ui/packages/consul-ui/app/components/popover-select/option/index.hbs b/ui/packages/consul-ui/app/components/popover-select/option/index.hbs
index 6bb0fef09989..66f4875c979c 100644
--- a/ui/packages/consul-ui/app/components/popover-select/option/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-select/option/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let @components.MenuItem as |MenuItem|}}
diff --git a/ui/packages/consul-ui/app/components/popover-select/option/index.js b/ui/packages/consul-ui/app/components/popover-select/option/index.js
index cb4f0593be8d..f32de8c100ad 100644
--- a/ui/packages/consul-ui/app/components/popover-select/option/index.js
+++ b/ui/packages/consul-ui/app/components/popover-select/option/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/popover-select/pageobject.js b/ui/packages/consul-ui/app/components/popover-select/pageobject.js
index f7ccdee6bfe5..66a8f554fc3d 100644
--- a/ui/packages/consul-ui/app/components/popover-select/pageobject.js
+++ b/ui/packages/consul-ui/app/components/popover-select/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (clickable, collection) =>
diff --git a/ui/packages/consul-ui/app/components/power-select/pageobject.js b/ui/packages/consul-ui/app/components/power-select/pageobject.js
index 6924fcf4145f..380dd849cc35 100644
--- a/ui/packages/consul-ui/app/components/power-select/pageobject.js
+++ b/ui/packages/consul-ui/app/components/power-select/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { clickable, isPresent } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/progress/index.hbs b/ui/packages/consul-ui/app/components/progress/index.hbs
index 57bbf0d5aa9a..b424417b9084 100644
--- a/ui/packages/consul-ui/app/components/progress/index.hbs
+++ b/ui/packages/consul-ui/app/components/progress/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/progress/index.scss b/ui/packages/consul-ui/app/components/progress/index.scss
index 39439da83e63..7ede4f18c89e 100644
--- a/ui/packages/consul-ui/app/components/progress/index.scss
+++ b/ui/packages/consul-ui/app/components/progress/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/progress/layout.scss b/ui/packages/consul-ui/app/components/progress/layout.scss
index c13db0fa238d..9ba54527c385 100644
--- a/ui/packages/consul-ui/app/components/progress/layout.scss
+++ b/ui/packages/consul-ui/app/components/progress/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %progress-native {
diff --git a/ui/packages/consul-ui/app/components/progress/skin.scss b/ui/packages/consul-ui/app/components/progress/skin.scss
index b2da3aafbb01..d5ea5f1da11d 100644
--- a/ui/packages/consul-ui/app/components/progress/skin.scss
+++ b/ui/packages/consul-ui/app/components/progress/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %progress-indeterminate {
diff --git a/ui/packages/consul-ui/app/components/providers/dimension/index.hbs b/ui/packages/consul-ui/app/components/providers/dimension/index.hbs
index 41ba4511b9f6..195001597748 100644
--- a/ui/packages/consul-ui/app/components/providers/dimension/index.hbs
+++ b/ui/packages/consul-ui/app/components/providers/dimension/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div {{create-ref 'element'}} {{did-insert this.measureDimensions}}>
diff --git a/ui/packages/consul-ui/app/components/providers/dimension/index.js b/ui/packages/consul-ui/app/components/providers/dimension/index.js
index d3b50c5e9bcf..838dde1a4361 100644
--- a/ui/packages/consul-ui/app/components/providers/dimension/index.js
+++ b/ui/packages/consul-ui/app/components/providers/dimension/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/providers/search/index.hbs b/ui/packages/consul-ui/app/components/providers/search/index.hbs
index e3a0426b0351..070c4ab2630d 100644
--- a/ui/packages/consul-ui/app/components/providers/search/index.hbs
+++ b/ui/packages/consul-ui/app/components/providers/search/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield (hash data=this.data)}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/providers/search/index.js b/ui/packages/consul-ui/app/components/providers/search/index.js
index 2ea94636b61a..b711d88db060 100644
--- a/ui/packages/consul-ui/app/components/providers/search/index.js
+++ b/ui/packages/consul-ui/app/components/providers/search/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/radio-card/index.hbs b/ui/packages/consul-ui/app/components/radio-card/index.hbs
index 44a6383c1dad..2d5ca49caae8 100644
--- a/ui/packages/consul-ui/app/components/radio-card/index.hbs
+++ b/ui/packages/consul-ui/app/components/radio-card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <label
diff --git a/ui/packages/consul-ui/app/components/radio-card/index.js b/ui/packages/consul-ui/app/components/radio-card/index.js
index 8f027b69f0e0..d99599ac3039 100644
--- a/ui/packages/consul-ui/app/components/radio-card/index.js
+++ b/ui/packages/consul-ui/app/components/radio-card/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/radio-card/index.scss b/ui/packages/consul-ui/app/components/radio-card/index.scss
index 61d58ddab352..ab559ed57247 100644
--- a/ui/packages/consul-ui/app/components/radio-card/index.scss
+++ b/ui/packages/consul-ui/app/components/radio-card/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/radio-card/layout.scss b/ui/packages/consul-ui/app/components/radio-card/layout.scss
index 18afe3c7a36d..8bceb70aa431 100644
--- a/ui/packages/consul-ui/app/components/radio-card/layout.scss
+++ b/ui/packages/consul-ui/app/components/radio-card/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %radio-card {
diff --git a/ui/packages/consul-ui/app/components/radio-card/skin.scss b/ui/packages/consul-ui/app/components/radio-card/skin.scss
index 50cc581cdafe..687009c37f66 100644
--- a/ui/packages/consul-ui/app/components/radio-card/skin.scss
+++ b/ui/packages/consul-ui/app/components/radio-card/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %radio-card {
diff --git a/ui/packages/consul-ui/app/components/radio-group/index.hbs b/ui/packages/consul-ui/app/components/radio-group/index.hbs
index 82a1cb116ec4..897d2966eb06 100644
--- a/ui/packages/consul-ui/app/components/radio-group/index.hbs
+++ b/ui/packages/consul-ui/app/components/radio-group/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <fieldset>
diff --git a/ui/packages/consul-ui/app/components/radio-group/index.js b/ui/packages/consul-ui/app/components/radio-group/index.js
index e361259095dc..d6722204007b 100644
--- a/ui/packages/consul-ui/app/components/radio-group/index.js
+++ b/ui/packages/consul-ui/app/components/radio-group/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/radio-group/index.scss b/ui/packages/consul-ui/app/components/radio-group/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/radio-group/index.scss
+++ b/ui/packages/consul-ui/app/components/radio-group/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/radio-group/layout.scss b/ui/packages/consul-ui/app/components/radio-group/layout.scss
index b168304a61ad..ad7486e7975b 100644
--- a/ui/packages/consul-ui/app/components/radio-group/layout.scss
+++ b/ui/packages/consul-ui/app/components/radio-group/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %radio-group {
diff --git a/ui/packages/consul-ui/app/components/radio-group/pageobject.js b/ui/packages/consul-ui/app/components/radio-group/pageobject.js
index 4f86e48a9750..398711a4bd25 100644
--- a/ui/packages/consul-ui/app/components/radio-group/pageobject.js
+++ b/ui/packages/consul-ui/app/components/radio-group/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { is, clickable } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/radio-group/skin.scss b/ui/packages/consul-ui/app/components/radio-group/skin.scss
index 25bf4df27487..f24f44f39bea 100644
--- a/ui/packages/consul-ui/app/components/radio-group/skin.scss
+++ b/ui/packages/consul-ui/app/components/radio-group/skin.scss
@@ -1,5 +1,5 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
diff --git a/ui/packages/consul-ui/app/components/ref/index.js b/ui/packages/consul-ui/app/components/ref/index.js
index 5969761efe54..795cfcb57afa 100644
--- a/ui/packages/consul-ui/app/components/ref/index.js
+++ b/ui/packages/consul-ui/app/components/ref/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/role-form/index.hbs b/ui/packages/consul-ui/app/components/role-form/index.hbs
index 933cc9cdc92c..fbae60a3dd8f 100644
--- a/ui/packages/consul-ui/app/components/role-form/index.hbs
+++ b/ui/packages/consul-ui/app/components/role-form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/role-form/index.js b/ui/packages/consul-ui/app/components/role-form/index.js
index 49eb31e4394d..365d219fa9b1 100644
--- a/ui/packages/consul-ui/app/components/role-form/index.js
+++ b/ui/packages/consul-ui/app/components/role-form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import FormComponent from '../form-component/index';
diff --git a/ui/packages/consul-ui/app/components/role-form/pageobject.js b/ui/packages/consul-ui/app/components/role-form/pageobject.js
index 0c9a8f2c3766..71392a011607 100644
--- a/ui/packages/consul-ui/app/components/role-form/pageobject.js
+++ b/ui/packages/consul-ui/app/components/role-form/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (submitable, cancelable, policySelector) => () => {
diff --git a/ui/packages/consul-ui/app/components/role-selector/index.hbs b/ui/packages/consul-ui/app/components/role-selector/index.hbs
index 8db8d5e21604..beba5ebb4c8d 100644
--- a/ui/packages/consul-ui/app/components/role-selector/index.hbs
+++ b/ui/packages/consul-ui/app/components/role-selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <ModalDialog
diff --git a/ui/packages/consul-ui/app/components/role-selector/index.js b/ui/packages/consul-ui/app/components/role-selector/index.js
index 930106687da1..ac9e5f7140b7 100644
--- a/ui/packages/consul-ui/app/components/role-selector/index.js
+++ b/ui/packages/consul-ui/app/components/role-selector/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import ChildSelectorComponent from '../child-selector/index';
diff --git a/ui/packages/consul-ui/app/components/role-selector/index.scss b/ui/packages/consul-ui/app/components/role-selector/index.scss
index 6f18a1aa2d43..05bf5c20f42c 100644
--- a/ui/packages/consul-ui/app/components/role-selector/index.scss
+++ b/ui/packages/consul-ui/app/components/role-selector/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .role-selector {
diff --git a/ui/packages/consul-ui/app/components/role-selector/pageobject.js b/ui/packages/consul-ui/app/components/role-selector/pageobject.js
index 64b535f5c0c2..b6749a3693af 100644
--- a/ui/packages/consul-ui/app/components/role-selector/pageobject.js
+++ b/ui/packages/consul-ui/app/components/role-selector/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (clickable, deletable, collection, alias, roleForm) =>
diff --git a/ui/packages/consul-ui/app/components/route/announcer/index.hbs b/ui/packages/consul-ui/app/components/route/announcer/index.hbs
index e17750dfa242..04df63b8d797 100644
--- a/ui/packages/consul-ui/app/components/route/announcer/index.hbs
+++ b/ui/packages/consul-ui/app/components/route/announcer/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{page-title @title separator=(or @separator ' - ')}}
diff --git a/ui/packages/consul-ui/app/components/route/index.hbs b/ui/packages/consul-ui/app/components/route/index.hbs
index 1ca4f6b52dd3..6745d7d55d2e 100644
--- a/ui/packages/consul-ui/app/components/route/index.hbs
+++ b/ui/packages/consul-ui/app/components/route/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{did-insert this.connect}}
diff --git a/ui/packages/consul-ui/app/components/route/index.js b/ui/packages/consul-ui/app/components/route/index.js
index f9d1be3abb18..ef7865688aa3 100644
--- a/ui/packages/consul-ui/app/components/route/index.js
+++ b/ui/packages/consul-ui/app/components/route/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/route/title/index.hbs b/ui/packages/consul-ui/app/components/route/title/index.hbs
index bcc5d263d0a3..5b64397a4ba8 100644
--- a/ui/packages/consul-ui/app/components/route/title/index.hbs
+++ b/ui/packages/consul-ui/app/components/route/title/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{page-title @title separator=@separator}}
diff --git a/ui/packages/consul-ui/app/components/route/title/index.scss b/ui/packages/consul-ui/app/components/route/title/index.scss
index cab51cdbe865..62e3a148d0ba 100644
--- a/ui/packages/consul-ui/app/components/route/title/index.scss
+++ b/ui/packages/consul-ui/app/components/route/title/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %route-title {
diff --git a/ui/packages/consul-ui/app/components/search-bar/index.hbs b/ui/packages/consul-ui/app/components/search-bar/index.hbs
index 571020d7beb2..1dc265d86a0c 100644
--- a/ui/packages/consul-ui/app/components/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/search-bar/index.js b/ui/packages/consul-ui/app/components/search-bar/index.js
index 5c2fe867d4c1..a3164cf3176d 100644
--- a/ui/packages/consul-ui/app/components/search-bar/index.js
+++ b/ui/packages/consul-ui/app/components/search-bar/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/search-bar/index.scss b/ui/packages/consul-ui/app/components/search-bar/index.scss
index 5a1ab1d671e3..9d135c967f3a 100644
--- a/ui/packages/consul-ui/app/components/search-bar/index.scss
+++ b/ui/packages/consul-ui/app/components/search-bar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .search-bar {
diff --git a/ui/packages/consul-ui/app/components/search-bar/remove-filter/index.hbs b/ui/packages/consul-ui/app/components/search-bar/remove-filter/index.hbs
index cd9683e64c94..616dc2c5b578 100644
--- a/ui/packages/consul-ui/app/components/search-bar/remove-filter/index.hbs
+++ b/ui/packages/consul-ui/app/components/search-bar/remove-filter/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <li>
diff --git a/ui/packages/consul-ui/app/components/search-bar/utils.js b/ui/packages/consul-ui/app/components/search-bar/utils.js
index c6ebf0ec856e..3027e02ba399 100644
--- a/ui/packages/consul-ui/app/components/search-bar/utils.js
+++ b/ui/packages/consul-ui/app/components/search-bar/utils.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export const diff = (a, b) => {
diff --git a/ui/packages/consul-ui/app/components/skip-links/index.scss b/ui/packages/consul-ui/app/components/skip-links/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/skip-links/index.scss
+++ b/ui/packages/consul-ui/app/components/skip-links/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/skip-links/layout.scss b/ui/packages/consul-ui/app/components/skip-links/layout.scss
index 7477ae5027d3..a1ce1bfddaad 100644
--- a/ui/packages/consul-ui/app/components/skip-links/layout.scss
+++ b/ui/packages/consul-ui/app/components/skip-links/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %skip-links {
diff --git a/ui/packages/consul-ui/app/components/skip-links/skin.scss b/ui/packages/consul-ui/app/components/skip-links/skin.scss
index 1782e4727da6..6d1f759a38d2 100644
--- a/ui/packages/consul-ui/app/components/skip-links/skin.scss
+++ b/ui/packages/consul-ui/app/components/skip-links/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %skip-links {
diff --git a/ui/packages/consul-ui/app/components/sliding-toggle/index.scss b/ui/packages/consul-ui/app/components/sliding-toggle/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/sliding-toggle/index.scss
+++ b/ui/packages/consul-ui/app/components/sliding-toggle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/sliding-toggle/layout.scss b/ui/packages/consul-ui/app/components/sliding-toggle/layout.scss
index 9fda060a1f9d..f5db6d4f5714 100644
--- a/ui/packages/consul-ui/app/components/sliding-toggle/layout.scss
+++ b/ui/packages/consul-ui/app/components/sliding-toggle/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %sliding-toggle label {
diff --git a/ui/packages/consul-ui/app/components/sliding-toggle/skin.scss b/ui/packages/consul-ui/app/components/sliding-toggle/skin.scss
index 5e6aaf5d0fa0..bf34ca335c1e 100644
--- a/ui/packages/consul-ui/app/components/sliding-toggle/skin.scss
+++ b/ui/packages/consul-ui/app/components/sliding-toggle/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* TODO: Maybe move this to reset? */
diff --git a/ui/packages/consul-ui/app/components/state-chart/action/index.hbs b/ui/packages/consul-ui/app/components/state-chart/action/index.hbs
index 0566ddf99b46..8709fc4b8b77 100644
--- a/ui/packages/consul-ui/app/components/state-chart/action/index.hbs
+++ b/ui/packages/consul-ui/app/components/state-chart/action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/state-chart/action/index.js b/ui/packages/consul-ui/app/components/state-chart/action/index.js
index 65bd7f6aac6f..5c026134271e 100644
--- a/ui/packages/consul-ui/app/components/state-chart/action/index.js
+++ b/ui/packages/consul-ui/app/components/state-chart/action/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/state-chart/guard/index.hbs b/ui/packages/consul-ui/app/components/state-chart/guard/index.hbs
index 0566ddf99b46..8709fc4b8b77 100644
--- a/ui/packages/consul-ui/app/components/state-chart/guard/index.hbs
+++ b/ui/packages/consul-ui/app/components/state-chart/guard/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/state-chart/guard/index.js b/ui/packages/consul-ui/app/components/state-chart/guard/index.js
index bfc00ffac4ad..d304691ac85f 100644
--- a/ui/packages/consul-ui/app/components/state-chart/guard/index.js
+++ b/ui/packages/consul-ui/app/components/state-chart/guard/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/state-chart/index.hbs b/ui/packages/consul-ui/app/components/state-chart/index.hbs
index c13fdf0f122c..4c31d338fcbb 100644
--- a/ui/packages/consul-ui/app/components/state-chart/index.hbs
+++ b/ui/packages/consul-ui/app/components/state-chart/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield
diff --git a/ui/packages/consul-ui/app/components/state-chart/index.js b/ui/packages/consul-ui/app/components/state-chart/index.js
index 489a5484d32e..7fc138315749 100644
--- a/ui/packages/consul-ui/app/components/state-chart/index.js
+++ b/ui/packages/consul-ui/app/components/state-chart/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/state-machine/index.hbs b/ui/packages/consul-ui/app/components/state-machine/index.hbs
index f13655007252..b48102117b6b 100644
--- a/ui/packages/consul-ui/app/components/state-machine/index.hbs
+++ b/ui/packages/consul-ui/app/components/state-machine/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield
diff --git a/ui/packages/consul-ui/app/components/state-machine/index.js b/ui/packages/consul-ui/app/components/state-machine/index.js
index 8f6636fc4adf..578519ed381b 100644
--- a/ui/packages/consul-ui/app/components/state-machine/index.js
+++ b/ui/packages/consul-ui/app/components/state-machine/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '../state-chart/index';
diff --git a/ui/packages/consul-ui/app/components/state/index.hbs b/ui/packages/consul-ui/app/components/state/index.hbs
index 71d85ff01c24..7ae0359d90b1 100644
--- a/ui/packages/consul-ui/app/components/state/index.hbs
+++ b/ui/packages/consul-ui/app/components/state/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{did-insert this.attributeChanged @state @matches @notMatches}}
diff --git a/ui/packages/consul-ui/app/components/state/index.js b/ui/packages/consul-ui/app/components/state/index.js
index 5323f2401696..2a0b92c3b5df 100644
--- a/ui/packages/consul-ui/app/components/state/index.js
+++ b/ui/packages/consul-ui/app/components/state/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/tab-nav/index.hbs b/ui/packages/consul-ui/app/components/tab-nav/index.hbs
index ec5f2e79b9f1..c77284a213f9 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/index.hbs
+++ b/ui/packages/consul-ui/app/components/tab-nav/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let (dom-position (set this 'style') offset=true) 'tab' as |select name|}}
diff --git a/ui/packages/consul-ui/app/components/tab-nav/index.js b/ui/packages/consul-ui/app/components/tab-nav/index.js
index ba8b65aa191e..305589924e31 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/index.js
+++ b/ui/packages/consul-ui/app/components/tab-nav/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/tab-nav/index.scss b/ui/packages/consul-ui/app/components/tab-nav/index.scss
index acfc5d38407b..b41787d26e0a 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/index.scss
+++ b/ui/packages/consul-ui/app/components/tab-nav/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/tab-nav/layout.scss b/ui/packages/consul-ui/app/components/tab-nav/layout.scss
index 4e318a390f91..624b39efd4fb 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/layout.scss
+++ b/ui/packages/consul-ui/app/components/tab-nav/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %tab-nav {
diff --git a/ui/packages/consul-ui/app/components/tab-nav/pageobject.js b/ui/packages/consul-ui/app/components/tab-nav/pageobject.js
index 4a074c972a77..4f4f26e00e9d 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/pageobject.js
+++ b/ui/packages/consul-ui/app/components/tab-nav/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { is, clickable, attribute, isVisible } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/tab-nav/skin.scss b/ui/packages/consul-ui/app/components/tab-nav/skin.scss
index b9cae78fbd0b..bb45eb78485b 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/skin.scss
+++ b/ui/packages/consul-ui/app/components/tab-nav/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %tab-nav ul {
diff --git a/ui/packages/consul-ui/app/components/table/index.scss b/ui/packages/consul-ui/app/components/table/index.scss
index 479192388314..11e5928e1704 100644
--- a/ui/packages/consul-ui/app/components/table/index.scss
+++ b/ui/packages/consul-ui/app/components/table/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/table/layout.scss b/ui/packages/consul-ui/app/components/table/layout.scss
index 18204d15b124..a89681831573 100644
--- a/ui/packages/consul-ui/app/components/table/layout.scss
+++ b/ui/packages/consul-ui/app/components/table/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %table {
diff --git a/ui/packages/consul-ui/app/components/table/skin.scss b/ui/packages/consul-ui/app/components/table/skin.scss
index c8b03fe31981..0169990a556b 100644
--- a/ui/packages/consul-ui/app/components/table/skin.scss
+++ b/ui/packages/consul-ui/app/components/table/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %table th,
diff --git a/ui/packages/consul-ui/app/components/tabular-collection/index.hbs b/ui/packages/consul-ui/app/components/tabular-collection/index.hbs
index 388305aad084..8b25e831a163 100644
--- a/ui/packages/consul-ui/app/components/tabular-collection/index.hbs
+++ b/ui/packages/consul-ui/app/components/tabular-collection/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <table
diff --git a/ui/packages/consul-ui/app/components/tabular-collection/index.js b/ui/packages/consul-ui/app/components/tabular-collection/index.js
index 6fe96984e25a..63ef74c5c284 100644
--- a/ui/packages/consul-ui/app/components/tabular-collection/index.js
+++ b/ui/packages/consul-ui/app/components/tabular-collection/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/components/tabular-collection/index.scss b/ui/packages/consul-ui/app/components/tabular-collection/index.scss
index d3e7ec1ead7b..5ce730997621 100644
--- a/ui/packages/consul-ui/app/components/tabular-collection/index.scss
+++ b/ui/packages/consul-ui/app/components/tabular-collection/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 table.dom-recycling {
diff --git a/ui/packages/consul-ui/app/components/tabular-details/index.hbs b/ui/packages/consul-ui/app/components/tabular-details/index.hbs
index 30a9ff36caf9..293787f0bf4f 100644
--- a/ui/packages/consul-ui/app/components/tabular-details/index.hbs
+++ b/ui/packages/consul-ui/app/components/tabular-details/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/tabular-details/index.js b/ui/packages/consul-ui/app/components/tabular-details/index.js
index 2fb1369907f7..5611235f53a3 100644
--- a/ui/packages/consul-ui/app/components/tabular-details/index.js
+++ b/ui/packages/consul-ui/app/components/tabular-details/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/tabular-details/index.scss b/ui/packages/consul-ui/app/components/tabular-details/index.scss
index 4fee503ba6f5..b0bc79ba5510 100644
--- a/ui/packages/consul-ui/app/components/tabular-details/index.scss
+++ b/ui/packages/consul-ui/app/components/tabular-details/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/tabular-details/layout.scss b/ui/packages/consul-ui/app/components/tabular-details/layout.scss
index 8d941bf162dd..911a7e1db2c6 100644
--- a/ui/packages/consul-ui/app/components/tabular-details/layout.scss
+++ b/ui/packages/consul-ui/app/components/tabular-details/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* TODO: rename: %details-table */
diff --git a/ui/packages/consul-ui/app/components/tabular-details/skin.scss b/ui/packages/consul-ui/app/components/tabular-details/skin.scss
index 88d32eb97029..80d6d292a06d 100644
--- a/ui/packages/consul-ui/app/components/tabular-details/skin.scss
+++ b/ui/packages/consul-ui/app/components/tabular-details/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %tabular-details-toggle-button::before {
diff --git a/ui/packages/consul-ui/app/components/tabular-dl/index.scss b/ui/packages/consul-ui/app/components/tabular-dl/index.scss
index ade3815190d5..be2b3f025ff3 100644
--- a/ui/packages/consul-ui/app/components/tabular-dl/index.scss
+++ b/ui/packages/consul-ui/app/components/tabular-dl/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './layout';
diff --git a/ui/packages/consul-ui/app/components/tabular-dl/layout.scss b/ui/packages/consul-ui/app/components/tabular-dl/layout.scss
index 5a6b4d6b5de5..c8e6bbd98bfe 100644
--- a/ui/packages/consul-ui/app/components/tabular-dl/layout.scss
+++ b/ui/packages/consul-ui/app/components/tabular-dl/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %tabular-dl {
diff --git a/ui/packages/consul-ui/app/components/tabular-dl/skin.scss b/ui/packages/consul-ui/app/components/tabular-dl/skin.scss
index 9bd4ac16db31..9829eb517b54 100644
--- a/ui/packages/consul-ui/app/components/tabular-dl/skin.scss
+++ b/ui/packages/consul-ui/app/components/tabular-dl/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %tabular-dl {
diff --git a/ui/packages/consul-ui/app/components/tag-list/index.hbs b/ui/packages/consul-ui/app/components/tag-list/index.hbs
index 9c971bc96245..a52376cfb1f0 100644
--- a/ui/packages/consul-ui/app/components/tag-list/index.hbs
+++ b/ui/packages/consul-ui/app/components/tag-list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#let (union (or @item.Tags (array)) (or @tags (array))) as |tags|}}
diff --git a/ui/packages/consul-ui/app/components/tag-list/index.scss b/ui/packages/consul-ui/app/components/tag-list/index.scss
index 3c151eddf00f..14b0231d8496 100644
--- a/ui/packages/consul-ui/app/components/tag-list/index.scss
+++ b/ui/packages/consul-ui/app/components/tag-list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .tag-list,
diff --git a/ui/packages/consul-ui/app/components/text-input/index.hbs b/ui/packages/consul-ui/app/components/text-input/index.hbs
index 875989b5a2ee..89ba7826f5b2 100644
--- a/ui/packages/consul-ui/app/components/text-input/index.hbs
+++ b/ui/packages/consul-ui/app/components/text-input/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <FormInput
diff --git a/ui/packages/consul-ui/app/components/tile/debug.scss b/ui/packages/consul-ui/app/components/tile/debug.scss
index 1ca9e44ef04d..02f417455ad7 100644
--- a/ui/packages/consul-ui/app/components/tile/debug.scss
+++ b/ui/packages/consul-ui/app/components/tile/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 #docfy-demo-preview-tile {
diff --git a/ui/packages/consul-ui/app/components/tile/index.scss b/ui/packages/consul-ui/app/components/tile/index.scss
index 9be914651928..2bef99777d76 100644
--- a/ui/packages/consul-ui/app/components/tile/index.scss
+++ b/ui/packages/consul-ui/app/components/tile/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %with-tile {
diff --git a/ui/packages/consul-ui/app/components/toggle-button/index.hbs b/ui/packages/consul-ui/app/components/toggle-button/index.hbs
index 196954e13827..e19120529553 100644
--- a/ui/packages/consul-ui/app/components/toggle-button/index.hbs
+++ b/ui/packages/consul-ui/app/components/toggle-button/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <input
diff --git a/ui/packages/consul-ui/app/components/toggle-button/index.js b/ui/packages/consul-ui/app/components/toggle-button/index.js
index 0593e89cb229..3902709e7bb4 100644
--- a/ui/packages/consul-ui/app/components/toggle-button/index.js
+++ b/ui/packages/consul-ui/app/components/toggle-button/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/toggle-button/index.scss b/ui/packages/consul-ui/app/components/toggle-button/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/toggle-button/index.scss
+++ b/ui/packages/consul-ui/app/components/toggle-button/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/toggle-button/layout.scss b/ui/packages/consul-ui/app/components/toggle-button/layout.scss
index 77691824719f..1004fbbe37f1 100644
--- a/ui/packages/consul-ui/app/components/toggle-button/layout.scss
+++ b/ui/packages/consul-ui/app/components/toggle-button/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* TODO: This should be merged with ghost-button*/
diff --git a/ui/packages/consul-ui/app/components/toggle-button/skin.scss b/ui/packages/consul-ui/app/components/toggle-button/skin.scss
index 00f820792b4b..3f34040e0637 100644
--- a/ui/packages/consul-ui/app/components/toggle-button/skin.scss
+++ b/ui/packages/consul-ui/app/components/toggle-button/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %toggle-button {
diff --git a/ui/packages/consul-ui/app/components/token-list/index.hbs b/ui/packages/consul-ui/app/components/token-list/index.hbs
index 07ef9257c311..556b93efdc38 100644
--- a/ui/packages/consul-ui/app/components/token-list/index.hbs
+++ b/ui/packages/consul-ui/app/components/token-list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/token-list/index.js b/ui/packages/consul-ui/app/components/token-list/index.js
index feb20a03d8a2..363946d6d405 100644
--- a/ui/packages/consul-ui/app/components/token-list/index.js
+++ b/ui/packages/consul-ui/app/components/token-list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/token-list/pageobject.js b/ui/packages/consul-ui/app/components/token-list/pageobject.js
index 7204ea8f3453..9c79de4e977e 100644
--- a/ui/packages/consul-ui/app/components/token-list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/token-list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (clickable, attribute, collection, deletable) => () => {
diff --git a/ui/packages/consul-ui/app/components/token-source/chart.xstate.js b/ui/packages/consul-ui/app/components/token-source/chart.xstate.js
index 9874737faf8e..af193cd80fa1 100644
--- a/ui/packages/consul-ui/app/components/token-source/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/token-source/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/token-source/index.hbs b/ui/packages/consul-ui/app/components/token-source/index.hbs
index 03f3d9888ee7..626dd7ab0548 100644
--- a/ui/packages/consul-ui/app/components/token-source/index.hbs
+++ b/ui/packages/consul-ui/app/components/token-source/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <StateChart
diff --git a/ui/packages/consul-ui/app/components/token-source/index.js b/ui/packages/consul-ui/app/components/token-source/index.js
index 5e5979feb2ef..d4e3c79f1dd2 100644
--- a/ui/packages/consul-ui/app/components/token-source/index.js
+++ b/ui/packages/consul-ui/app/components/token-source/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/tooltip-panel/index.scss b/ui/packages/consul-ui/app/components/tooltip-panel/index.scss
index ccf27df641b2..59a040e93bee 100644
--- a/ui/packages/consul-ui/app/components/tooltip-panel/index.scss
+++ b/ui/packages/consul-ui/app/components/tooltip-panel/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/tooltip-panel/layout.scss b/ui/packages/consul-ui/app/components/tooltip-panel/layout.scss
index 081cae0a062a..dd681dddbf46 100644
--- a/ui/packages/consul-ui/app/components/tooltip-panel/layout.scss
+++ b/ui/packages/consul-ui/app/components/tooltip-panel/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %tooltip-panel,
diff --git a/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss b/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss
index 8fb1c0ed2b4b..1e5ba6bab170 100644
--- a/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss
+++ b/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %tooltip-panel dt {
diff --git a/ui/packages/consul-ui/app/components/tooltip/index.hbs b/ui/packages/consul-ui/app/components/tooltip/index.hbs
index e6c115ffa04f..9af44ec479e5 100644
--- a/ui/packages/consul-ui/app/components/tooltip/index.hbs
+++ b/ui/packages/consul-ui/app/components/tooltip/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/tooltip/index.scss b/ui/packages/consul-ui/app/components/tooltip/index.scss
index 53d1ced3e2a1..2b0679953586 100644
--- a/ui/packages/consul-ui/app/components/tooltip/index.scss
+++ b/ui/packages/consul-ui/app/components/tooltip/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .tippy-box[data-theme~='tooltip'] {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/card/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/card/index.hbs
index 6ea8c7f16b5a..0dba1c016aa8 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/card/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (eq @item.Datacenter '')}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/card/index.js b/ui/packages/consul-ui/app/components/topology-metrics/card/index.js
index ee9e7b36bbd4..9b115e837113 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/card/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/card/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/card/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/card/index.scss
index bc2e4dc21f0d..42e05f833217 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/card/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/card/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 #upstream-container .topology-metrics-card:not(:last-child),
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.hbs
index a52e1f6ba4e7..a073ec424d97 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (gt @lines.length 0)}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.js b/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.js
index 7d42f4d8443b..afcf62def644 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/index.hbs
index 3aceaa0206e6..46f8dc9e01d0 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/index.js b/ui/packages/consul-ui/app/components/topology-metrics/index.js
index 72e00310a2dc..587668c6df1f 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/layout.scss b/ui/packages/consul-ui/app/components/topology-metrics/layout.scss
index 4f4c8e00f99b..b6500fe80045 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/layout.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .topology-notices {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/notifications/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/notifications/index.hbs
index b6a23565213a..ee763cb60990 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/notifications/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (eq @type 'create')}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.hbs
index 59b5462bc290..244e3a36180b 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.js b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.js
index e479cdc9b3e5..ef14df32b4d9 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.scss
index 5932b7e7e039..c0724c23b1d0 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .topology-metrics-popover {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/series/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/series/index.hbs
index f0bb9cf4db3a..a48b3a260cd3 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/series/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/series/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (not @noMetricsReason)}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/series/index.js b/ui/packages/consul-ui/app/components/topology-metrics/series/index.js
index c920955adbfd..696f074e46b5 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/series/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/series/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/series/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/series/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/series/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/series/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/series/layout.scss b/ui/packages/consul-ui/app/components/topology-metrics/series/layout.scss
index 56ae6dd44785..1900cdcc2901 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/series/layout.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/series/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 #metrics-container div .sparkline-wrapper {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/series/skin.scss b/ui/packages/consul-ui/app/components/topology-metrics/series/skin.scss
index 14b20e8688a3..85db80be0b4d 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/series/skin.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/series/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 #metrics-container .sparkline-wrapper {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/skin.scss b/ui/packages/consul-ui/app/components/topology-metrics/skin.scss
index 7930bfc46a8d..9a04815e4467 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/skin.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .topology-notices {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.hbs
index 3b3859c25030..56a118e4f458 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <span
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.scss
index f158f41fb8d4..7c27347db735 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .topology-metrics-source-type {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.hbs
index 4c3433d8e307..7309e8eca088 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (not @noMetricsReason)}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.js b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.js
index 94723e9b5ae0..ab547f7fd4fe 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.scss
index cbe3d2c74130..d3836797113b 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .topology-metrics-stats {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/status/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/status/index.hbs
index be1d183d9aa6..f147c8ee5210 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/status/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/status/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (or @noMetricsReason @error)}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/status/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/status/index.scss
index 9f9e25db8204..21be3b6f6ebc 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/status/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/status/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .topology-metrics-status-error,
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.hbs
index c08ae20350c3..c2d6de1975df 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if (gt @lines.length 0)}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.js b/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.js
index 2e266ef2ffb3..1cd610a4e41e 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/watcher/index.hbs b/ui/packages/consul-ui/app/components/watcher/index.hbs
index b326ee79d4ba..43bc6c3ae450 100644
--- a/ui/packages/consul-ui/app/components/watcher/index.hbs
+++ b/ui/packages/consul-ui/app/components/watcher/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield (hash
diff --git a/ui/packages/consul-ui/app/components/watcher/index.js b/ui/packages/consul-ui/app/components/watcher/index.js
index 68e6827e4d42..868d59f7e663 100644
--- a/ui/packages/consul-ui/app/components/watcher/index.js
+++ b/ui/packages/consul-ui/app/components/watcher/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/yield/index.hbs b/ui/packages/consul-ui/app/components/yield/index.hbs
index fca792f507c0..4c7b4919504a 100644
--- a/ui/packages/consul-ui/app/components/yield/index.hbs
+++ b/ui/packages/consul-ui/app/components/yield/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/controllers/_peered-resource.js b/ui/packages/consul-ui/app/controllers/_peered-resource.js
index 70f2c5294a44..e0b588a36040 100644
--- a/ui/packages/consul-ui/app/controllers/_peered-resource.js
+++ b/ui/packages/consul-ui/app/controllers/_peered-resource.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Controller from '@ember/controller';
diff --git a/ui/packages/consul-ui/app/controllers/application.js b/ui/packages/consul-ui/app/controllers/application.js
index 84ad92a8231e..9180761dcd99 100644
--- a/ui/packages/consul-ui/app/controllers/application.js
+++ b/ui/packages/consul-ui/app/controllers/application.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/policies/create.js b/ui/packages/consul-ui/app/controllers/dc/acls/policies/create.js
index 53e7ed003936..2ff44f72fe85 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/policies/create.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/policies/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Controller from './edit';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/policies/edit.js b/ui/packages/consul-ui/app/controllers/dc/acls/policies/edit.js
index ab816beb3168..8aa847e20219 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/policies/edit.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/policies/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/roles/create.js b/ui/packages/consul-ui/app/controllers/dc/acls/roles/create.js
index 53e7ed003936..2ff44f72fe85 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/roles/create.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/roles/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Controller from './edit';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/roles/edit.js b/ui/packages/consul-ui/app/controllers/dc/acls/roles/edit.js
index 380c0c1688b7..04778c6f34cc 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/roles/edit.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/roles/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/tokens/create.js b/ui/packages/consul-ui/app/controllers/dc/acls/tokens/create.js
index 53e7ed003936..2ff44f72fe85 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/tokens/create.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/tokens/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Controller from './edit';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/tokens/edit.js b/ui/packages/consul-ui/app/controllers/dc/acls/tokens/edit.js
index 14222ddb089e..81628de627b1 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/tokens/edit.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/tokens/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Controller from '@ember/controller';
diff --git a/ui/packages/consul-ui/app/controllers/dc/nodes/index.js b/ui/packages/consul-ui/app/controllers/dc/nodes/index.js
index 89eaa2f1833a..fe5889e4792a 100644
--- a/ui/packages/consul-ui/app/controllers/dc/nodes/index.js
+++ b/ui/packages/consul-ui/app/controllers/dc/nodes/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import PeeredResourceController from 'consul-ui/controllers/_peered-resource';
diff --git a/ui/packages/consul-ui/app/controllers/dc/services/index.js b/ui/packages/consul-ui/app/controllers/dc/services/index.js
index 77c99c0c8977..2d98940be925 100644
--- a/ui/packages/consul-ui/app/controllers/dc/services/index.js
+++ b/ui/packages/consul-ui/app/controllers/dc/services/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import PeeredResourceController from 'consul-ui/controllers/_peered-resource';
diff --git a/ui/packages/consul-ui/app/controllers/dc/services/instance/healthchecks.js b/ui/packages/consul-ui/app/controllers/dc/services/instance/healthchecks.js
index f4d3e6afd45d..1e274ba3d47d 100644
--- a/ui/packages/consul-ui/app/controllers/dc/services/instance/healthchecks.js
+++ b/ui/packages/consul-ui/app/controllers/dc/services/instance/healthchecks.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Controller from '@ember/controller';
diff --git a/ui/packages/consul-ui/app/decorators/data-source.js b/ui/packages/consul-ui/app/decorators/data-source.js
index a0e1c7970d5b..228f62991745 100644
--- a/ui/packages/consul-ui/app/decorators/data-source.js
+++ b/ui/packages/consul-ui/app/decorators/data-source.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { runInDebug } from '@ember/debug';
diff --git a/ui/packages/consul-ui/app/decorators/replace.js b/ui/packages/consul-ui/app/decorators/replace.js
index 62c762ce06ad..1521b24a0d33 100644
--- a/ui/packages/consul-ui/app/decorators/replace.js
+++ b/ui/packages/consul-ui/app/decorators/replace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/env.js b/ui/packages/consul-ui/app/env.js
index 1671ce111065..7a832d320f73 100644
--- a/ui/packages/consul-ui/app/env.js
+++ b/ui/packages/consul-ui/app/env.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import config from './config/environment';
diff --git a/ui/packages/consul-ui/app/filter/predicates/auth-method.js b/ui/packages/consul-ui/app/filter/predicates/auth-method.js
index 22ba3bfaed78..e2d4b5598d25 100644
--- a/ui/packages/consul-ui/app/filter/predicates/auth-method.js
+++ b/ui/packages/consul-ui/app/filter/predicates/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/filter/predicates/health-check.js b/ui/packages/consul-ui/app/filter/predicates/health-check.js
index af6a478a2839..7cb0ed7d5d06 100644
--- a/ui/packages/consul-ui/app/filter/predicates/health-check.js
+++ b/ui/packages/consul-ui/app/filter/predicates/health-check.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/filter/predicates/intention.js b/ui/packages/consul-ui/app/filter/predicates/intention.js
index f3c3173dca33..a3f37c04b79b 100644
--- a/ui/packages/consul-ui/app/filter/predicates/intention.js
+++ b/ui/packages/consul-ui/app/filter/predicates/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/filter/predicates/kv.js b/ui/packages/consul-ui/app/filter/predicates/kv.js
index e80d5cb3798f..eab8616fed19 100644
--- a/ui/packages/consul-ui/app/filter/predicates/kv.js
+++ b/ui/packages/consul-ui/app/filter/predicates/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/filter/predicates/node.js b/ui/packages/consul-ui/app/filter/predicates/node.js
index 4927078bf988..99d22784d27a 100644
--- a/ui/packages/consul-ui/app/filter/predicates/node.js
+++ b/ui/packages/consul-ui/app/filter/predicates/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/filter/predicates/peer.js b/ui/packages/consul-ui/app/filter/predicates/peer.js
index 26cf3bb944e6..c2686e934cd8 100644
--- a/ui/packages/consul-ui/app/filter/predicates/peer.js
+++ b/ui/packages/consul-ui/app/filter/predicates/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/filter/predicates/policy.js b/ui/packages/consul-ui/app/filter/predicates/policy.js
index 4b26d77b4b65..78c47b8b0af6 100644
--- a/ui/packages/consul-ui/app/filter/predicates/policy.js
+++ b/ui/packages/consul-ui/app/filter/predicates/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import setHelpers from 'mnemonist/set';
diff --git a/ui/packages/consul-ui/app/filter/predicates/service-instance.js b/ui/packages/consul-ui/app/filter/predicates/service-instance.js
index b91d337585b3..1b75a845d916 100644
--- a/ui/packages/consul-ui/app/filter/predicates/service-instance.js
+++ b/ui/packages/consul-ui/app/filter/predicates/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import setHelpers from 'mnemonist/set';
diff --git a/ui/packages/consul-ui/app/filter/predicates/service.js b/ui/packages/consul-ui/app/filter/predicates/service.js
index 00d7fe884ca8..220a6ca358cb 100644
--- a/ui/packages/consul-ui/app/filter/predicates/service.js
+++ b/ui/packages/consul-ui/app/filter/predicates/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import setHelpers from 'mnemonist/set';
diff --git a/ui/packages/consul-ui/app/filter/predicates/token.js b/ui/packages/consul-ui/app/filter/predicates/token.js
index 43a4dd9d5072..fab338739092 100644
--- a/ui/packages/consul-ui/app/filter/predicates/token.js
+++ b/ui/packages/consul-ui/app/filter/predicates/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/formats.js b/ui/packages/consul-ui/app/formats.js
index 065168b91657..e791c1efc972 100644
--- a/ui/packages/consul-ui/app/formats.js
+++ b/ui/packages/consul-ui/app/formats.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/forms/intention.js b/ui/packages/consul-ui/app/forms/intention.js
index 770ea540fdd3..ee665bc77b35 100644
--- a/ui/packages/consul-ui/app/forms/intention.js
+++ b/ui/packages/consul-ui/app/forms/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import validations from 'consul-ui/validations/intention';
diff --git a/ui/packages/consul-ui/app/forms/kv.js b/ui/packages/consul-ui/app/forms/kv.js
index 412be65d57cf..3f15fec0f902 100644
--- a/ui/packages/consul-ui/app/forms/kv.js
+++ b/ui/packages/consul-ui/app/forms/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import validations from 'consul-ui/validations/kv';
diff --git a/ui/packages/consul-ui/app/forms/policy.js b/ui/packages/consul-ui/app/forms/policy.js
index e063df30f92b..ef48fcf891cc 100644
--- a/ui/packages/consul-ui/app/forms/policy.js
+++ b/ui/packages/consul-ui/app/forms/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import validations from 'consul-ui/validations/policy';
diff --git a/ui/packages/consul-ui/app/forms/role.js b/ui/packages/consul-ui/app/forms/role.js
index 8616e212ae32..3116cbe57f67 100644
--- a/ui/packages/consul-ui/app/forms/role.js
+++ b/ui/packages/consul-ui/app/forms/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import validations from 'consul-ui/validations/role';
diff --git a/ui/packages/consul-ui/app/forms/token.js b/ui/packages/consul-ui/app/forms/token.js
index 5e085fdc2cac..59932a765cd2 100644
--- a/ui/packages/consul-ui/app/forms/token.js
+++ b/ui/packages/consul-ui/app/forms/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import validations from 'consul-ui/validations/token';
diff --git a/ui/packages/consul-ui/app/helpers/adopt-styles.js b/ui/packages/consul-ui/app/helpers/adopt-styles.js
index 0de5a69dc373..4dc31bce25b0 100644
--- a/ui/packages/consul-ui/app/helpers/adopt-styles.js
+++ b/ui/packages/consul-ui/app/helpers/adopt-styles.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/atob.js b/ui/packages/consul-ui/app/helpers/atob.js
index 0cc945a2482e..988ba8ae0a97 100644
--- a/ui/packages/consul-ui/app/helpers/atob.js
+++ b/ui/packages/consul-ui/app/helpers/atob.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/cached-model.js b/ui/packages/consul-ui/app/helpers/cached-model.js
index bd0f529c0144..cd2d8785e5b4 100644
--- a/ui/packages/consul-ui/app/helpers/cached-model.js
+++ b/ui/packages/consul-ui/app/helpers/cached-model.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/class-map.js b/ui/packages/consul-ui/app/helpers/class-map.js
index 54ede84d3862..a38cc2d8f09d 100644
--- a/ui/packages/consul-ui/app/helpers/class-map.js
+++ b/ui/packages/consul-ui/app/helpers/class-map.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/collection.js b/ui/packages/consul-ui/app/helpers/collection.js
index 475be048ab6d..18b08dd202d7 100644
--- a/ui/packages/consul-ui/app/helpers/collection.js
+++ b/ui/packages/consul-ui/app/helpers/collection.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/css-map.js b/ui/packages/consul-ui/app/helpers/css-map.js
index f69fc3a187a1..1a098f078f7d 100644
--- a/ui/packages/consul-ui/app/helpers/css-map.js
+++ b/ui/packages/consul-ui/app/helpers/css-map.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/css.js b/ui/packages/consul-ui/app/helpers/css.js
index 448b4d279241..de2dc35d154b 100644
--- a/ui/packages/consul-ui/app/helpers/css.js
+++ b/ui/packages/consul-ui/app/helpers/css.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/document-attrs.js b/ui/packages/consul-ui/app/helpers/document-attrs.js
index 3165f428446d..7b62abbb9139 100644
--- a/ui/packages/consul-ui/app/helpers/document-attrs.js
+++ b/ui/packages/consul-ui/app/helpers/document-attrs.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/dom-position.js b/ui/packages/consul-ui/app/helpers/dom-position.js
index e4e0e71b6ff3..6398edcf3cf8 100644
--- a/ui/packages/consul-ui/app/helpers/dom-position.js
+++ b/ui/packages/consul-ui/app/helpers/dom-position.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/duration-from.js b/ui/packages/consul-ui/app/helpers/duration-from.js
index bf01761ff042..0a5e349feade 100644
--- a/ui/packages/consul-ui/app/helpers/duration-from.js
+++ b/ui/packages/consul-ui/app/helpers/duration-from.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/env.js b/ui/packages/consul-ui/app/helpers/env.js
index 626eb681315f..c96394152693 100644
--- a/ui/packages/consul-ui/app/helpers/env.js
+++ b/ui/packages/consul-ui/app/helpers/env.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/flatten-property.js b/ui/packages/consul-ui/app/helpers/flatten-property.js
index 7d9775ad71b3..d738fa73c8a8 100644
--- a/ui/packages/consul-ui/app/helpers/flatten-property.js
+++ b/ui/packages/consul-ui/app/helpers/flatten-property.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/format-short-time.js b/ui/packages/consul-ui/app/helpers/format-short-time.js
index 7b6e7261e8dc..ad3d87c5459c 100644
--- a/ui/packages/consul-ui/app/helpers/format-short-time.js
+++ b/ui/packages/consul-ui/app/helpers/format-short-time.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/href-to.js b/ui/packages/consul-ui/app/helpers/href-to.js
index 7e089e59edc9..4bc91c8a6183 100644
--- a/ui/packages/consul-ui/app/helpers/href-to.js
+++ b/ui/packages/consul-ui/app/helpers/href-to.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // This helper requires `ember-href-to` for the moment at least
diff --git a/ui/packages/consul-ui/app/helpers/icon-mapping.js b/ui/packages/consul-ui/app/helpers/icon-mapping.js
index 21bbc33d173b..c0fce79bc22a 100644
--- a/ui/packages/consul-ui/app/helpers/icon-mapping.js
+++ b/ui/packages/consul-ui/app/helpers/icon-mapping.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/icons-debug.js b/ui/packages/consul-ui/app/helpers/icons-debug.js
index 472e0a11cfa9..8cbd5484cb4d 100644
--- a/ui/packages/consul-ui/app/helpers/icons-debug.js
+++ b/ui/packages/consul-ui/app/helpers/icons-debug.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/is-href.js b/ui/packages/consul-ui/app/helpers/is-href.js
index fc59d8a7d86f..2080185f2c04 100644
--- a/ui/packages/consul-ui/app/helpers/is-href.js
+++ b/ui/packages/consul-ui/app/helpers/is-href.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/is.js b/ui/packages/consul-ui/app/helpers/is.js
index 9fd915672f94..2fd830ca071b 100644
--- a/ui/packages/consul-ui/app/helpers/is.js
+++ b/ui/packages/consul-ui/app/helpers/is.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from 'ember-can/helpers/can';
diff --git a/ui/packages/consul-ui/app/helpers/json-stringify.js b/ui/packages/consul-ui/app/helpers/json-stringify.js
index e3a5297f51e9..5e00326803f5 100644
--- a/ui/packages/consul-ui/app/helpers/json-stringify.js
+++ b/ui/packages/consul-ui/app/helpers/json-stringify.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/last.js b/ui/packages/consul-ui/app/helpers/last.js
index a6df31626ace..533432eabb40 100644
--- a/ui/packages/consul-ui/app/helpers/last.js
+++ b/ui/packages/consul-ui/app/helpers/last.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/left-trim.js b/ui/packages/consul-ui/app/helpers/left-trim.js
index 0d6b31e46467..870eab3074b5 100644
--- a/ui/packages/consul-ui/app/helpers/left-trim.js
+++ b/ui/packages/consul-ui/app/helpers/left-trim.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/merge-checks.js b/ui/packages/consul-ui/app/helpers/merge-checks.js
index 32c5c3ae8c42..5edd0a7f3bf7 100644
--- a/ui/packages/consul-ui/app/helpers/merge-checks.js
+++ b/ui/packages/consul-ui/app/helpers/merge-checks.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/percentage-of.js b/ui/packages/consul-ui/app/helpers/percentage-of.js
index 4950305516d4..72a7e114d58a 100644
--- a/ui/packages/consul-ui/app/helpers/percentage-of.js
+++ b/ui/packages/consul-ui/app/helpers/percentage-of.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/policy/datacenters.js b/ui/packages/consul-ui/app/helpers/policy/datacenters.js
index 304832a375db..576e79b94a9c 100644
--- a/ui/packages/consul-ui/app/helpers/policy/datacenters.js
+++ b/ui/packages/consul-ui/app/helpers/policy/datacenters.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/policy/group.js b/ui/packages/consul-ui/app/helpers/policy/group.js
index 448e754cccc3..0e53863ded00 100644
--- a/ui/packages/consul-ui/app/helpers/policy/group.js
+++ b/ui/packages/consul-ui/app/helpers/policy/group.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/policy/typeof.js b/ui/packages/consul-ui/app/helpers/policy/typeof.js
index 859e613e78bf..b2d1c3d5cb90 100644
--- a/ui/packages/consul-ui/app/helpers/policy/typeof.js
+++ b/ui/packages/consul-ui/app/helpers/policy/typeof.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/refresh-route.js b/ui/packages/consul-ui/app/helpers/refresh-route.js
index 44074ee44c26..4a703ee05dd3 100644
--- a/ui/packages/consul-ui/app/helpers/refresh-route.js
+++ b/ui/packages/consul-ui/app/helpers/refresh-route.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/render-template.js b/ui/packages/consul-ui/app/helpers/render-template.js
index 3e2d0c9750b7..6ea4e065aa03 100644
--- a/ui/packages/consul-ui/app/helpers/render-template.js
+++ b/ui/packages/consul-ui/app/helpers/render-template.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/require.js b/ui/packages/consul-ui/app/helpers/require.js
index a0df527286f8..86b2d0839341 100644
--- a/ui/packages/consul-ui/app/helpers/require.js
+++ b/ui/packages/consul-ui/app/helpers/require.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/right-trim.js b/ui/packages/consul-ui/app/helpers/right-trim.js
index 934ff9977783..fbc0585cb393 100644
--- a/ui/packages/consul-ui/app/helpers/right-trim.js
+++ b/ui/packages/consul-ui/app/helpers/right-trim.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/route-match.js b/ui/packages/consul-ui/app/helpers/route-match.js
index 4615f579870c..479a3832778b 100644
--- a/ui/packages/consul-ui/app/helpers/route-match.js
+++ b/ui/packages/consul-ui/app/helpers/route-match.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/service/card-permissions.js b/ui/packages/consul-ui/app/helpers/service/card-permissions.js
index 3d43e3417a90..15a2abae1504 100644
--- a/ui/packages/consul-ui/app/helpers/service/card-permissions.js
+++ b/ui/packages/consul-ui/app/helpers/service/card-permissions.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/service/external-source.js b/ui/packages/consul-ui/app/helpers/service/external-source.js
index e73b192b2605..1fd88f8ea6a9 100644
--- a/ui/packages/consul-ui/app/helpers/service/external-source.js
+++ b/ui/packages/consul-ui/app/helpers/service/external-source.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/service/health-percentage.js b/ui/packages/consul-ui/app/helpers/service/health-percentage.js
index 9bf25795aebc..2a9d2cda0680 100644
--- a/ui/packages/consul-ui/app/helpers/service/health-percentage.js
+++ b/ui/packages/consul-ui/app/helpers/service/health-percentage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/slugify.js b/ui/packages/consul-ui/app/helpers/slugify.js
index b37c3d8c25d7..455c60931862 100644
--- a/ui/packages/consul-ui/app/helpers/slugify.js
+++ b/ui/packages/consul-ui/app/helpers/slugify.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/smart-date-format.js b/ui/packages/consul-ui/app/helpers/smart-date-format.js
index eea6dd38d05e..5473d13bdcd9 100644
--- a/ui/packages/consul-ui/app/helpers/smart-date-format.js
+++ b/ui/packages/consul-ui/app/helpers/smart-date-format.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/split.js b/ui/packages/consul-ui/app/helpers/split.js
index 71d9b1ee4c80..d44a335bdc95 100644
--- a/ui/packages/consul-ui/app/helpers/split.js
+++ b/ui/packages/consul-ui/app/helpers/split.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/state-chart.js b/ui/packages/consul-ui/app/helpers/state-chart.js
index d10ab5553771..5a94bae1aa2a 100644
--- a/ui/packages/consul-ui/app/helpers/state-chart.js
+++ b/ui/packages/consul-ui/app/helpers/state-chart.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/state-matches.js b/ui/packages/consul-ui/app/helpers/state-matches.js
index bfe54f6743b8..8f0d21e99bb0 100644
--- a/ui/packages/consul-ui/app/helpers/state-matches.js
+++ b/ui/packages/consul-ui/app/helpers/state-matches.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/style-map.js b/ui/packages/consul-ui/app/helpers/style-map.js
index b82bc674e57f..b85aa30c9257 100644
--- a/ui/packages/consul-ui/app/helpers/style-map.js
+++ b/ui/packages/consul-ui/app/helpers/style-map.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/substr.js b/ui/packages/consul-ui/app/helpers/substr.js
index c7abad921a2f..b5dc785dd9f1 100644
--- a/ui/packages/consul-ui/app/helpers/substr.js
+++ b/ui/packages/consul-ui/app/helpers/substr.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/svg-curve.js b/ui/packages/consul-ui/app/helpers/svg-curve.js
index 0f4c7f5d43d1..a1715331a975 100644
--- a/ui/packages/consul-ui/app/helpers/svg-curve.js
+++ b/ui/packages/consul-ui/app/helpers/svg-curve.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/temporal-format.js b/ui/packages/consul-ui/app/helpers/temporal-format.js
index ea7b55ca4873..35d42495b103 100644
--- a/ui/packages/consul-ui/app/helpers/temporal-format.js
+++ b/ui/packages/consul-ui/app/helpers/temporal-format.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/temporal-within.js b/ui/packages/consul-ui/app/helpers/temporal-within.js
index 66f8bf133e9d..28ee4a18962b 100644
--- a/ui/packages/consul-ui/app/helpers/temporal-within.js
+++ b/ui/packages/consul-ui/app/helpers/temporal-within.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/test.js b/ui/packages/consul-ui/app/helpers/test.js
index b1748dc6c620..d95fac5efa6a 100644
--- a/ui/packages/consul-ui/app/helpers/test.js
+++ b/ui/packages/consul-ui/app/helpers/test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from './can';
diff --git a/ui/packages/consul-ui/app/helpers/to-hash.js b/ui/packages/consul-ui/app/helpers/to-hash.js
index 7932e0e56605..62c526ed2607 100644
--- a/ui/packages/consul-ui/app/helpers/to-hash.js
+++ b/ui/packages/consul-ui/app/helpers/to-hash.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/to-route.js b/ui/packages/consul-ui/app/helpers/to-route.js
index 32fb95f67d6d..1fb16cc545c6 100644
--- a/ui/packages/consul-ui/app/helpers/to-route.js
+++ b/ui/packages/consul-ui/app/helpers/to-route.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/token/is-anonymous.js b/ui/packages/consul-ui/app/helpers/token/is-anonymous.js
index 068c89045b5a..601917b0f180 100644
--- a/ui/packages/consul-ui/app/helpers/token/is-anonymous.js
+++ b/ui/packages/consul-ui/app/helpers/token/is-anonymous.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/token/is-legacy.js b/ui/packages/consul-ui/app/helpers/token/is-legacy.js
index cd2519e34d51..530c4b96bc9c 100644
--- a/ui/packages/consul-ui/app/helpers/token/is-legacy.js
+++ b/ui/packages/consul-ui/app/helpers/token/is-legacy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/tween-to.js b/ui/packages/consul-ui/app/helpers/tween-to.js
index 21ffc57a54f9..b1a9f56d2a50 100644
--- a/ui/packages/consul-ui/app/helpers/tween-to.js
+++ b/ui/packages/consul-ui/app/helpers/tween-to.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/uniq-by.js b/ui/packages/consul-ui/app/helpers/uniq-by.js
index f665cdb8b4f0..d348eaad5cb9 100644
--- a/ui/packages/consul-ui/app/helpers/uniq-by.js
+++ b/ui/packages/consul-ui/app/helpers/uniq-by.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/unique-id.js b/ui/packages/consul-ui/app/helpers/unique-id.js
index 08f5cd4502bd..180dc188d5a9 100644
--- a/ui/packages/consul-ui/app/helpers/unique-id.js
+++ b/ui/packages/consul-ui/app/helpers/unique-id.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/uri.js b/ui/packages/consul-ui/app/helpers/uri.js
index 307b7231aba4..ff133c630cd1 100644
--- a/ui/packages/consul-ui/app/helpers/uri.js
+++ b/ui/packages/consul-ui/app/helpers/uri.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/index.html b/ui/packages/consul-ui/app/index.html
index 9f9f55adf83e..77b9ca89095d 100644
--- a/ui/packages/consul-ui/app/index.html
+++ b/ui/packages/consul-ui/app/index.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <!--
  Copyright (c) HashiCorp, Inc.
- SPDX-License-Identifier: MPL-2.0
+ SPDX-License-Identifier: BUSL-1.1
 -->
 
 <html lang="en" class="{{content-for "root-class"}}">
diff --git a/ui/packages/consul-ui/app/instance-initializers/container.js b/ui/packages/consul-ui/app/instance-initializers/container.js
index 2602e2050e93..ced0fd4d7e19 100644
--- a/ui/packages/consul-ui/app/instance-initializers/container.js
+++ b/ui/packages/consul-ui/app/instance-initializers/container.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { runInDebug } from '@ember/debug';
diff --git a/ui/packages/consul-ui/app/instance-initializers/href-to.js b/ui/packages/consul-ui/app/instance-initializers/href-to.js
index 5764ac732d86..2e15b7fd22d8 100644
--- a/ui/packages/consul-ui/app/instance-initializers/href-to.js
+++ b/ui/packages/consul-ui/app/instance-initializers/href-to.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import LinkComponent from '@ember/routing/link-component';
diff --git a/ui/packages/consul-ui/app/instance-initializers/ivy-codemirror.js b/ui/packages/consul-ui/app/instance-initializers/ivy-codemirror.js
index 90cb2866434f..43ab72509106 100644
--- a/ui/packages/consul-ui/app/instance-initializers/ivy-codemirror.js
+++ b/ui/packages/consul-ui/app/instance-initializers/ivy-codemirror.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* globals CodeMirror */
diff --git a/ui/packages/consul-ui/app/instance-initializers/selection.js b/ui/packages/consul-ui/app/instance-initializers/selection.js
index 3f92a911a314..9d9106a69e53 100644
--- a/ui/packages/consul-ui/app/instance-initializers/selection.js
+++ b/ui/packages/consul-ui/app/instance-initializers/selection.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { env } from 'consul-ui/env';
diff --git a/ui/packages/consul-ui/app/locations/fsm-with-optional-test.js b/ui/packages/consul-ui/app/locations/fsm-with-optional-test.js
index 9720829e47f3..15af5434ff6c 100644
--- a/ui/packages/consul-ui/app/locations/fsm-with-optional-test.js
+++ b/ui/packages/consul-ui/app/locations/fsm-with-optional-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import FSMWithOptionalLocation from './fsm-with-optional';
diff --git a/ui/packages/consul-ui/app/locations/fsm-with-optional.js b/ui/packages/consul-ui/app/locations/fsm-with-optional.js
index ef713decfb5a..68a57b66e563 100644
--- a/ui/packages/consul-ui/app/locations/fsm-with-optional.js
+++ b/ui/packages/consul-ui/app/locations/fsm-with-optional.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { env } from 'consul-ui/env';
diff --git a/ui/packages/consul-ui/app/locations/fsm.js b/ui/packages/consul-ui/app/locations/fsm.js
index 10726eedc730..9296e03f8f40 100644
--- a/ui/packages/consul-ui/app/locations/fsm.js
+++ b/ui/packages/consul-ui/app/locations/fsm.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // a simple state machine that the History API happens to more or less implement
diff --git a/ui/packages/consul-ui/app/machines/boolean.xstate.js b/ui/packages/consul-ui/app/machines/boolean.xstate.js
index 911b37018718..8d11cba1a543 100644
--- a/ui/packages/consul-ui/app/machines/boolean.xstate.js
+++ b/ui/packages/consul-ui/app/machines/boolean.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/machines/validate.xstate.js b/ui/packages/consul-ui/app/machines/validate.xstate.js
index 43de58a8fe0f..542720beccc6 100644
--- a/ui/packages/consul-ui/app/machines/validate.xstate.js
+++ b/ui/packages/consul-ui/app/machines/validate.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/mixins/policy/as-many.js b/ui/packages/consul-ui/app/mixins/policy/as-many.js
index 6573944ec5e8..714c20e7758a 100644
--- a/ui/packages/consul-ui/app/mixins/policy/as-many.js
+++ b/ui/packages/consul-ui/app/mixins/policy/as-many.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Mixin from '@ember/object/mixin';
diff --git a/ui/packages/consul-ui/app/mixins/role/as-many.js b/ui/packages/consul-ui/app/mixins/role/as-many.js
index 5e26e8acc7de..2aed7fd47d6a 100644
--- a/ui/packages/consul-ui/app/mixins/role/as-many.js
+++ b/ui/packages/consul-ui/app/mixins/role/as-many.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Mixin from '@ember/object/mixin';
diff --git a/ui/packages/consul-ui/app/mixins/with-blocking-actions.js b/ui/packages/consul-ui/app/mixins/with-blocking-actions.js
index eb6bd0d4ef9c..1e034addac87 100644
--- a/ui/packages/consul-ui/app/mixins/with-blocking-actions.js
+++ b/ui/packages/consul-ui/app/mixins/with-blocking-actions.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Mixin from '@ember/object/mixin';
diff --git a/ui/packages/consul-ui/app/models/auth-method.js b/ui/packages/consul-ui/app/models/auth-method.js
index 8262a89f48b4..852a08f0fc62 100644
--- a/ui/packages/consul-ui/app/models/auth-method.js
+++ b/ui/packages/consul-ui/app/models/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/binding-rule.js b/ui/packages/consul-ui/app/models/binding-rule.js
index 80c4782c3fc9..004b3ce22ad2 100644
--- a/ui/packages/consul-ui/app/models/binding-rule.js
+++ b/ui/packages/consul-ui/app/models/binding-rule.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/coordinate.js b/ui/packages/consul-ui/app/models/coordinate.js
index a5c888937fc1..10de884913a0 100644
--- a/ui/packages/consul-ui/app/models/coordinate.js
+++ b/ui/packages/consul-ui/app/models/coordinate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/dc.js b/ui/packages/consul-ui/app/models/dc.js
index e72c89241392..b0a41f8f5f7a 100644
--- a/ui/packages/consul-ui/app/models/dc.js
+++ b/ui/packages/consul-ui/app/models/dc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/discovery-chain.js b/ui/packages/consul-ui/app/models/discovery-chain.js
index c5fda81a3b7e..1fbda2837266 100644
--- a/ui/packages/consul-ui/app/models/discovery-chain.js
+++ b/ui/packages/consul-ui/app/models/discovery-chain.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/gateway-config.js b/ui/packages/consul-ui/app/models/gateway-config.js
index 93208bf6ffe3..e102e0ef084e 100644
--- a/ui/packages/consul-ui/app/models/gateway-config.js
+++ b/ui/packages/consul-ui/app/models/gateway-config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Fragment from 'ember-data-model-fragments/fragment';
diff --git a/ui/packages/consul-ui/app/models/health-check.js b/ui/packages/consul-ui/app/models/health-check.js
index 44d485015582..8a639025b6da 100644
--- a/ui/packages/consul-ui/app/models/health-check.js
+++ b/ui/packages/consul-ui/app/models/health-check.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Fragment from 'ember-data-model-fragments/fragment';
diff --git a/ui/packages/consul-ui/app/models/intention-permission-http-header.js b/ui/packages/consul-ui/app/models/intention-permission-http-header.js
index 33af007944b3..b327ff91ab1e 100644
--- a/ui/packages/consul-ui/app/models/intention-permission-http-header.js
+++ b/ui/packages/consul-ui/app/models/intention-permission-http-header.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Fragment from 'ember-data-model-fragments/fragment';
diff --git a/ui/packages/consul-ui/app/models/intention-permission-http.js b/ui/packages/consul-ui/app/models/intention-permission-http.js
index 92ad9dfd7cea..715bc00cdebc 100644
--- a/ui/packages/consul-ui/app/models/intention-permission-http.js
+++ b/ui/packages/consul-ui/app/models/intention-permission-http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Fragment from 'ember-data-model-fragments/fragment';
diff --git a/ui/packages/consul-ui/app/models/intention-permission.js b/ui/packages/consul-ui/app/models/intention-permission.js
index db5cdad36efb..ded3dcb7434b 100644
--- a/ui/packages/consul-ui/app/models/intention-permission.js
+++ b/ui/packages/consul-ui/app/models/intention-permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Fragment from 'ember-data-model-fragments/fragment';
diff --git a/ui/packages/consul-ui/app/models/intention.js b/ui/packages/consul-ui/app/models/intention.js
index 3acae053da01..e186178ab299 100644
--- a/ui/packages/consul-ui/app/models/intention.js
+++ b/ui/packages/consul-ui/app/models/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/kv.js b/ui/packages/consul-ui/app/models/kv.js
index 29a984a93cea..7270bfa5ef98 100644
--- a/ui/packages/consul-ui/app/models/kv.js
+++ b/ui/packages/consul-ui/app/models/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/license.js b/ui/packages/consul-ui/app/models/license.js
index 30c39b3ad77c..9a95f307f894 100644
--- a/ui/packages/consul-ui/app/models/license.js
+++ b/ui/packages/consul-ui/app/models/license.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/node.js b/ui/packages/consul-ui/app/models/node.js
index b95ec283050a..798c2a810cfc 100644
--- a/ui/packages/consul-ui/app/models/node.js
+++ b/ui/packages/consul-ui/app/models/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr, hasMany } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/nspace.js b/ui/packages/consul-ui/app/models/nspace.js
index 5f3b82c25b05..b4d14a5341b0 100644
--- a/ui/packages/consul-ui/app/models/nspace.js
+++ b/ui/packages/consul-ui/app/models/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/oidc-provider.js b/ui/packages/consul-ui/app/models/oidc-provider.js
index 2617d05890a7..97529b370544 100644
--- a/ui/packages/consul-ui/app/models/oidc-provider.js
+++ b/ui/packages/consul-ui/app/models/oidc-provider.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/partition.js b/ui/packages/consul-ui/app/models/partition.js
index 2511943c96b9..98c80f5adaf6 100644
--- a/ui/packages/consul-ui/app/models/partition.js
+++ b/ui/packages/consul-ui/app/models/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/peer.js b/ui/packages/consul-ui/app/models/peer.js
index 660dd5cfad57..128945a932b0 100644
--- a/ui/packages/consul-ui/app/models/peer.js
+++ b/ui/packages/consul-ui/app/models/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/permission.js b/ui/packages/consul-ui/app/models/permission.js
index c8e526c8de96..8d8fab36be47 100644
--- a/ui/packages/consul-ui/app/models/permission.js
+++ b/ui/packages/consul-ui/app/models/permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/policy.js b/ui/packages/consul-ui/app/models/policy.js
index 6d4d674d8cef..68357dcfa4a3 100644
--- a/ui/packages/consul-ui/app/models/policy.js
+++ b/ui/packages/consul-ui/app/models/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/proxy.js b/ui/packages/consul-ui/app/models/proxy.js
index 28f69734207c..c18a08803fdc 100644
--- a/ui/packages/consul-ui/app/models/proxy.js
+++ b/ui/packages/consul-ui/app/models/proxy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/role.js b/ui/packages/consul-ui/app/models/role.js
index 6bf6e3b81b9b..861512c67dd4 100644
--- a/ui/packages/consul-ui/app/models/role.js
+++ b/ui/packages/consul-ui/app/models/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/service-instance.js b/ui/packages/consul-ui/app/models/service-instance.js
index e52f49f6d929..a991be63dbea 100644
--- a/ui/packages/consul-ui/app/models/service-instance.js
+++ b/ui/packages/consul-ui/app/models/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/service.js b/ui/packages/consul-ui/app/models/service.js
index cff07f116b11..61e38d6b86b8 100644
--- a/ui/packages/consul-ui/app/models/service.js
+++ b/ui/packages/consul-ui/app/models/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr, belongsTo } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/session.js b/ui/packages/consul-ui/app/models/session.js
index 364db7892b04..7d846790cc45 100644
--- a/ui/packages/consul-ui/app/models/session.js
+++ b/ui/packages/consul-ui/app/models/session.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/token.js b/ui/packages/consul-ui/app/models/token.js
index fb8feed40ff0..4301510f0d16 100644
--- a/ui/packages/consul-ui/app/models/token.js
+++ b/ui/packages/consul-ui/app/models/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/topology.js b/ui/packages/consul-ui/app/models/topology.js
index ebb30e7e682b..9eeee0c60345 100644
--- a/ui/packages/consul-ui/app/models/topology.js
+++ b/ui/packages/consul-ui/app/models/topology.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/modifiers/aria-menu.js b/ui/packages/consul-ui/app/modifiers/aria-menu.js
index 3cbc9670e4eb..cc9f0dec6a19 100644
--- a/ui/packages/consul-ui/app/modifiers/aria-menu.js
+++ b/ui/packages/consul-ui/app/modifiers/aria-menu.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/css-prop.js b/ui/packages/consul-ui/app/modifiers/css-prop.js
index c6b0f4e1602b..b986cd2452b2 100644
--- a/ui/packages/consul-ui/app/modifiers/css-prop.js
+++ b/ui/packages/consul-ui/app/modifiers/css-prop.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/css-props.js b/ui/packages/consul-ui/app/modifiers/css-props.js
index f61b870e2f98..6b94cce487f3 100644
--- a/ui/packages/consul-ui/app/modifiers/css-props.js
+++ b/ui/packages/consul-ui/app/modifiers/css-props.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { modifier } from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/did-upsert.js b/ui/packages/consul-ui/app/modifiers/did-upsert.js
index ab039588b17b..7a3330497f35 100644
--- a/ui/packages/consul-ui/app/modifiers/did-upsert.js
+++ b/ui/packages/consul-ui/app/modifiers/did-upsert.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { setModifierManager, capabilities } from '@ember/modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/disabled.js b/ui/packages/consul-ui/app/modifiers/disabled.js
index 6ff5bd15bc26..2d95295aa05b 100644
--- a/ui/packages/consul-ui/app/modifiers/disabled.js
+++ b/ui/packages/consul-ui/app/modifiers/disabled.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { modifier } from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/notification.js b/ui/packages/consul-ui/app/modifiers/notification.js
index 7631bec4f8db..1da17f4fb447 100644
--- a/ui/packages/consul-ui/app/modifiers/notification.js
+++ b/ui/packages/consul-ui/app/modifiers/notification.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/on-outside.js b/ui/packages/consul-ui/app/modifiers/on-outside.js
index cc389d70aa64..56095b385e0f 100644
--- a/ui/packages/consul-ui/app/modifiers/on-outside.js
+++ b/ui/packages/consul-ui/app/modifiers/on-outside.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/style.js b/ui/packages/consul-ui/app/modifiers/style.js
index 6e368b25e150..337b56dc5bc8 100644
--- a/ui/packages/consul-ui/app/modifiers/style.js
+++ b/ui/packages/consul-ui/app/modifiers/style.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/tooltip.js b/ui/packages/consul-ui/app/modifiers/tooltip.js
index e9c7622907a6..6731829d148f 100644
--- a/ui/packages/consul-ui/app/modifiers/tooltip.js
+++ b/ui/packages/consul-ui/app/modifiers/tooltip.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { modifier } from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/validate.js b/ui/packages/consul-ui/app/modifiers/validate.js
index 982908131af5..a840ba8cba01 100644
--- a/ui/packages/consul-ui/app/modifiers/validate.js
+++ b/ui/packages/consul-ui/app/modifiers/validate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/with-copyable.js b/ui/packages/consul-ui/app/modifiers/with-copyable.js
index 4e39de855d2e..6ffc49187e96 100644
--- a/ui/packages/consul-ui/app/modifiers/with-copyable.js
+++ b/ui/packages/consul-ui/app/modifiers/with-copyable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/with-overlay.js b/ui/packages/consul-ui/app/modifiers/with-overlay.js
index fea5961c9016..a5007fe4427d 100644
--- a/ui/packages/consul-ui/app/modifiers/with-overlay.js
+++ b/ui/packages/consul-ui/app/modifiers/with-overlay.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { modifier } from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/router.js b/ui/packages/consul-ui/app/router.js
index 661942d176de..8ff1fe0c23f1 100644
--- a/ui/packages/consul-ui/app/router.js
+++ b/ui/packages/consul-ui/app/router.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* globals requirejs */
diff --git a/ui/packages/consul-ui/app/routes/application.js b/ui/packages/consul-ui/app/routes/application.js
index e2b4caff0638..40dce7153366 100644
--- a/ui/packages/consul-ui/app/routes/application.js
+++ b/ui/packages/consul-ui/app/routes/application.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc.js b/ui/packages/consul-ui/app/routes/dc.js
index 13503728fbf5..6525d4551bc0 100644
--- a/ui/packages/consul-ui/app/routes/dc.js
+++ b/ui/packages/consul-ui/app/routes/dc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/index.js b/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/index.js
index 49598a5b5c7b..d05214477dcd 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/show/index.js b/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/show/index.js
index a8894c78c4be..8b2449096df2 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/show/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/show/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/policies/create.js b/ui/packages/consul-ui/app/routes/dc/acls/policies/create.js
index 2c51f3e2af2f..a4b56634e4b0 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/policies/create.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/policies/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from './edit';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/policies/edit.js b/ui/packages/consul-ui/app/routes/dc/acls/policies/edit.js
index 993d00506a52..23568af0c7cb 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/policies/edit.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/policies/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/policies/index.js b/ui/packages/consul-ui/app/routes/dc/acls/policies/index.js
index 15d4741edabe..0047876fd4d9 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/policies/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/policies/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/roles/create.js b/ui/packages/consul-ui/app/routes/dc/acls/roles/create.js
index 3f49e89ebb7a..fae9874e1538 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/roles/create.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/roles/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from './edit';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/roles/edit.js b/ui/packages/consul-ui/app/routes/dc/acls/roles/edit.js
index e8b0ed9dbd97..d9be734a2aa5 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/roles/edit.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/roles/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/roles/index.js b/ui/packages/consul-ui/app/routes/dc/acls/roles/index.js
index ec1f1ba00339..e2b76ba0892d 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/roles/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/roles/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/tokens/create.js b/ui/packages/consul-ui/app/routes/dc/acls/tokens/create.js
index fd239cac75ce..34c9e0eff78c 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/tokens/create.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/tokens/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from './edit';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/tokens/edit.js b/ui/packages/consul-ui/app/routes/dc/acls/tokens/edit.js
index 39fbe15e6f01..45303da97b8f 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/tokens/edit.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/tokens/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/tokens/index.js b/ui/packages/consul-ui/app/routes/dc/acls/tokens/index.js
index 5709c774b4a2..e2285d02584a 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/tokens/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/tokens/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/kv/folder.js b/ui/packages/consul-ui/app/routes/dc/kv/folder.js
index 4a9ee58bf284..319ca2480b89 100644
--- a/ui/packages/consul-ui/app/routes/dc/kv/folder.js
+++ b/ui/packages/consul-ui/app/routes/dc/kv/folder.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from './index';
diff --git a/ui/packages/consul-ui/app/routes/dc/kv/index.js b/ui/packages/consul-ui/app/routes/dc/kv/index.js
index e12d1805906d..86b703e65c2e 100644
--- a/ui/packages/consul-ui/app/routes/dc/kv/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/kv/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/services/notfound.js b/ui/packages/consul-ui/app/routes/dc/services/notfound.js
index 6cf84a2e41ac..81794f99ddbc 100644
--- a/ui/packages/consul-ui/app/routes/dc/services/notfound.js
+++ b/ui/packages/consul-ui/app/routes/dc/services/notfound.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/services/show/topology.js b/ui/packages/consul-ui/app/routes/dc/services/show/topology.js
index d2caa8ac0e7c..89b0603df008 100644
--- a/ui/packages/consul-ui/app/routes/dc/services/show/topology.js
+++ b/ui/packages/consul-ui/app/routes/dc/services/show/topology.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routing/application-debug.js b/ui/packages/consul-ui/app/routing/application-debug.js
index 2662e9528c56..f37b9b8b68e3 100644
--- a/ui/packages/consul-ui/app/routing/application-debug.js
+++ b/ui/packages/consul-ui/app/routing/application-debug.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import ApplicationRoute from '../routes/application';
diff --git a/ui/packages/consul-ui/app/routing/route.js b/ui/packages/consul-ui/app/routing/route.js
index 12d6063b3d72..2e340bd7b20f 100644
--- a/ui/packages/consul-ui/app/routing/route.js
+++ b/ui/packages/consul-ui/app/routing/route.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from '@ember/routing/route';
diff --git a/ui/packages/consul-ui/app/routing/single.js b/ui/packages/consul-ui/app/routing/single.js
index 877f3e3109c7..2809de3414ad 100644
--- a/ui/packages/consul-ui/app/routing/single.js
+++ b/ui/packages/consul-ui/app/routing/single.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/search/predicates/acl.js b/ui/packages/consul-ui/app/search/predicates/acl.js
index 5d34b0de13d0..54d0f07b962f 100644
--- a/ui/packages/consul-ui/app/search/predicates/acl.js
+++ b/ui/packages/consul-ui/app/search/predicates/acl.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/auth-method.js b/ui/packages/consul-ui/app/search/predicates/auth-method.js
index f0bcebb7bb09..bd3e02a0123c 100644
--- a/ui/packages/consul-ui/app/search/predicates/auth-method.js
+++ b/ui/packages/consul-ui/app/search/predicates/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/health-check.js b/ui/packages/consul-ui/app/search/predicates/health-check.js
index 4565801946fa..46805d89fde1 100644
--- a/ui/packages/consul-ui/app/search/predicates/health-check.js
+++ b/ui/packages/consul-ui/app/search/predicates/health-check.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 const asArray = function (arr) {
diff --git a/ui/packages/consul-ui/app/search/predicates/intention.js b/ui/packages/consul-ui/app/search/predicates/intention.js
index 6f7667d7a346..486344383696 100644
--- a/ui/packages/consul-ui/app/search/predicates/intention.js
+++ b/ui/packages/consul-ui/app/search/predicates/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 const allLabel = 'All Services (*)';
diff --git a/ui/packages/consul-ui/app/search/predicates/kv.js b/ui/packages/consul-ui/app/search/predicates/kv.js
index 2b64bd296ac1..4818ae4ba071 100644
--- a/ui/packages/consul-ui/app/search/predicates/kv.js
+++ b/ui/packages/consul-ui/app/search/predicates/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import rightTrim from 'consul-ui/utils/right-trim';
diff --git a/ui/packages/consul-ui/app/search/predicates/node.js b/ui/packages/consul-ui/app/search/predicates/node.js
index e86c5a2244a8..2e76a75a4efa 100644
--- a/ui/packages/consul-ui/app/search/predicates/node.js
+++ b/ui/packages/consul-ui/app/search/predicates/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/nspace.js b/ui/packages/consul-ui/app/search/predicates/nspace.js
index e0303fafe05d..f72eddbe1193 100644
--- a/ui/packages/consul-ui/app/search/predicates/nspace.js
+++ b/ui/packages/consul-ui/app/search/predicates/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/peer.js b/ui/packages/consul-ui/app/search/predicates/peer.js
index 4ec843ff0f5b..42aa0b593ad9 100644
--- a/ui/packages/consul-ui/app/search/predicates/peer.js
+++ b/ui/packages/consul-ui/app/search/predicates/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/policy.js b/ui/packages/consul-ui/app/search/predicates/policy.js
index 854207ed3b9e..37a1d2ce4513 100644
--- a/ui/packages/consul-ui/app/search/predicates/policy.js
+++ b/ui/packages/consul-ui/app/search/predicates/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/role.js b/ui/packages/consul-ui/app/search/predicates/role.js
index aeae127817c6..2872827d325b 100644
--- a/ui/packages/consul-ui/app/search/predicates/role.js
+++ b/ui/packages/consul-ui/app/search/predicates/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/service-instance.js b/ui/packages/consul-ui/app/search/predicates/service-instance.js
index a41adbd644f7..a92d029dcb31 100644
--- a/ui/packages/consul-ui/app/search/predicates/service-instance.js
+++ b/ui/packages/consul-ui/app/search/predicates/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/service.js b/ui/packages/consul-ui/app/search/predicates/service.js
index 14f80bb46c2e..15d7bc3f1d0d 100644
--- a/ui/packages/consul-ui/app/search/predicates/service.js
+++ b/ui/packages/consul-ui/app/search/predicates/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/token.js b/ui/packages/consul-ui/app/search/predicates/token.js
index ef33db2535f7..5765bc0af3da 100644
--- a/ui/packages/consul-ui/app/search/predicates/token.js
+++ b/ui/packages/consul-ui/app/search/predicates/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/upstream-instance.js b/ui/packages/consul-ui/app/search/predicates/upstream-instance.js
index dcee6f509c54..43b6ceb48487 100644
--- a/ui/packages/consul-ui/app/search/predicates/upstream-instance.js
+++ b/ui/packages/consul-ui/app/search/predicates/upstream-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/serializers/application.js b/ui/packages/consul-ui/app/serializers/application.js
index d9e58b0ab0bb..6230554f7caa 100644
--- a/ui/packages/consul-ui/app/serializers/application.js
+++ b/ui/packages/consul-ui/app/serializers/application.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './http';
diff --git a/ui/packages/consul-ui/app/serializers/auth-method.js b/ui/packages/consul-ui/app/serializers/auth-method.js
index 08a28cb0882f..6fc0ec6b6791 100644
--- a/ui/packages/consul-ui/app/serializers/auth-method.js
+++ b/ui/packages/consul-ui/app/serializers/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/binding-rule.js b/ui/packages/consul-ui/app/serializers/binding-rule.js
index a01f31173f89..961c958b8c4b 100644
--- a/ui/packages/consul-ui/app/serializers/binding-rule.js
+++ b/ui/packages/consul-ui/app/serializers/binding-rule.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/coordinate.js b/ui/packages/consul-ui/app/serializers/coordinate.js
index 879b8baf163e..60065fc298a5 100644
--- a/ui/packages/consul-ui/app/serializers/coordinate.js
+++ b/ui/packages/consul-ui/app/serializers/coordinate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/discovery-chain.js b/ui/packages/consul-ui/app/serializers/discovery-chain.js
index ca2356e8f952..26b5d6c80c48 100644
--- a/ui/packages/consul-ui/app/serializers/discovery-chain.js
+++ b/ui/packages/consul-ui/app/serializers/discovery-chain.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/http.js b/ui/packages/consul-ui/app/serializers/http.js
index d24c4b54c26f..103e30378f02 100644
--- a/ui/packages/consul-ui/app/serializers/http.js
+++ b/ui/packages/consul-ui/app/serializers/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from '@ember-data/serializer/rest';
diff --git a/ui/packages/consul-ui/app/serializers/intention.js b/ui/packages/consul-ui/app/serializers/intention.js
index 0381eecc012d..b1c15d966645 100644
--- a/ui/packages/consul-ui/app/serializers/intention.js
+++ b/ui/packages/consul-ui/app/serializers/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/kv.js b/ui/packages/consul-ui/app/serializers/kv.js
index 62e7ef6ff63d..c610728d45fa 100644
--- a/ui/packages/consul-ui/app/serializers/kv.js
+++ b/ui/packages/consul-ui/app/serializers/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/node.js b/ui/packages/consul-ui/app/serializers/node.js
index 59336d86223c..0236a2b0059b 100644
--- a/ui/packages/consul-ui/app/serializers/node.js
+++ b/ui/packages/consul-ui/app/serializers/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/nspace.js b/ui/packages/consul-ui/app/serializers/nspace.js
index 34a71e7e304d..b066305688d3 100644
--- a/ui/packages/consul-ui/app/serializers/nspace.js
+++ b/ui/packages/consul-ui/app/serializers/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/oidc-provider.js b/ui/packages/consul-ui/app/serializers/oidc-provider.js
index f9fcac4f5cb9..54f078f36767 100644
--- a/ui/packages/consul-ui/app/serializers/oidc-provider.js
+++ b/ui/packages/consul-ui/app/serializers/oidc-provider.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/partition.js b/ui/packages/consul-ui/app/serializers/partition.js
index a512ef1058d0..866165332db5 100644
--- a/ui/packages/consul-ui/app/serializers/partition.js
+++ b/ui/packages/consul-ui/app/serializers/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/permission.js b/ui/packages/consul-ui/app/serializers/permission.js
index 124578334983..e900e037c10e 100644
--- a/ui/packages/consul-ui/app/serializers/permission.js
+++ b/ui/packages/consul-ui/app/serializers/permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/policy.js b/ui/packages/consul-ui/app/serializers/policy.js
index f46e8975ec76..aa9c26ae4f07 100644
--- a/ui/packages/consul-ui/app/serializers/policy.js
+++ b/ui/packages/consul-ui/app/serializers/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/proxy.js b/ui/packages/consul-ui/app/serializers/proxy.js
index 81b045840f8b..d5b033e2e411 100644
--- a/ui/packages/consul-ui/app/serializers/proxy.js
+++ b/ui/packages/consul-ui/app/serializers/proxy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/role.js b/ui/packages/consul-ui/app/serializers/role.js
index 47246652b491..a717030bd2d1 100644
--- a/ui/packages/consul-ui/app/serializers/role.js
+++ b/ui/packages/consul-ui/app/serializers/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/service-instance.js b/ui/packages/consul-ui/app/serializers/service-instance.js
index 45562c4af0bb..6d4e4911df91 100644
--- a/ui/packages/consul-ui/app/serializers/service-instance.js
+++ b/ui/packages/consul-ui/app/serializers/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/service.js b/ui/packages/consul-ui/app/serializers/service.js
index 17d2b15e0304..06befdbbbaaa 100644
--- a/ui/packages/consul-ui/app/serializers/service.js
+++ b/ui/packages/consul-ui/app/serializers/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/session.js b/ui/packages/consul-ui/app/serializers/session.js
index 84299da6742a..0a21aa65de32 100644
--- a/ui/packages/consul-ui/app/serializers/session.js
+++ b/ui/packages/consul-ui/app/serializers/session.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/token.js b/ui/packages/consul-ui/app/serializers/token.js
index 38933315101a..af70b3d5033a 100644
--- a/ui/packages/consul-ui/app/serializers/token.js
+++ b/ui/packages/consul-ui/app/serializers/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/topology.js b/ui/packages/consul-ui/app/serializers/topology.js
index 0e63d12fe845..6e049264ae06 100644
--- a/ui/packages/consul-ui/app/serializers/topology.js
+++ b/ui/packages/consul-ui/app/serializers/topology.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/services/abilities.js b/ui/packages/consul-ui/app/services/abilities.js
index cc24a2e48679..75c22ce6d79c 100644
--- a/ui/packages/consul-ui/app/services/abilities.js
+++ b/ui/packages/consul-ui/app/services/abilities.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from 'ember-can/services/can';
diff --git a/ui/packages/consul-ui/app/services/atob.js b/ui/packages/consul-ui/app/services/atob.js
index 486c8a9b5deb..df96d5c566aa 100644
--- a/ui/packages/consul-ui/app/services/atob.js
+++ b/ui/packages/consul-ui/app/services/atob.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/auth-providers/oauth2-code-with-url-provider.js b/ui/packages/consul-ui/app/services/auth-providers/oauth2-code-with-url-provider.js
index 2328411a595a..b0266ece0693 100644
--- a/ui/packages/consul-ui/app/services/auth-providers/oauth2-code-with-url-provider.js
+++ b/ui/packages/consul-ui/app/services/auth-providers/oauth2-code-with-url-provider.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import OAuth2CodeProvider from 'torii/providers/oauth2-code';
diff --git a/ui/packages/consul-ui/app/services/btoa.js b/ui/packages/consul-ui/app/services/btoa.js
index 5b9edc08c771..edd31abeedb4 100644
--- a/ui/packages/consul-ui/app/services/btoa.js
+++ b/ui/packages/consul-ui/app/services/btoa.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/change.js b/ui/packages/consul-ui/app/services/change.js
index 4798dfd95303..9115909c8247 100644
--- a/ui/packages/consul-ui/app/services/change.js
+++ b/ui/packages/consul-ui/app/services/change.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/client/connections.js b/ui/packages/consul-ui/app/services/client/connections.js
index 105d835e77de..36ff2ac7e4fd 100644
--- a/ui/packages/consul-ui/app/services/client/connections.js
+++ b/ui/packages/consul-ui/app/services/client/connections.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/client/http.js b/ui/packages/consul-ui/app/services/client/http.js
index a9aa3072c470..0d4677e6cfb6 100644
--- a/ui/packages/consul-ui/app/services/client/http.js
+++ b/ui/packages/consul-ui/app/services/client/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/client/transports/xhr.js b/ui/packages/consul-ui/app/services/client/transports/xhr.js
index b82daf226578..c64bb5c6a4d2 100644
--- a/ui/packages/consul-ui/app/services/client/transports/xhr.js
+++ b/ui/packages/consul-ui/app/services/client/transports/xhr.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/clipboard/local-storage.js b/ui/packages/consul-ui/app/services/clipboard/local-storage.js
index 51dd00073e95..23515938be0c 100644
--- a/ui/packages/consul-ui/app/services/clipboard/local-storage.js
+++ b/ui/packages/consul-ui/app/services/clipboard/local-storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/clipboard/os.js b/ui/packages/consul-ui/app/services/clipboard/os.js
index 0b1b091914c6..5a1790724b79 100644
--- a/ui/packages/consul-ui/app/services/clipboard/os.js
+++ b/ui/packages/consul-ui/app/services/clipboard/os.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/code-mirror/linter.js b/ui/packages/consul-ui/app/services/code-mirror/linter.js
index 406d6de1c410..66b4a3dc4d36 100644
--- a/ui/packages/consul-ui/app/services/code-mirror/linter.js
+++ b/ui/packages/consul-ui/app/services/code-mirror/linter.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/container.js b/ui/packages/consul-ui/app/services/container.js
index 1ad3afe57468..ca5152cfc853 100644
--- a/ui/packages/consul-ui/app/services/container.js
+++ b/ui/packages/consul-ui/app/services/container.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-sink/protocols/http.js b/ui/packages/consul-ui/app/services/data-sink/protocols/http.js
index 14ac8318d07b..c89a655780f0 100644
--- a/ui/packages/consul-ui/app/services/data-sink/protocols/http.js
+++ b/ui/packages/consul-ui/app/services/data-sink/protocols/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-sink/protocols/local-storage.js b/ui/packages/consul-ui/app/services/data-sink/protocols/local-storage.js
index 2222b628450e..f2d727f8cb3f 100644
--- a/ui/packages/consul-ui/app/services/data-sink/protocols/local-storage.js
+++ b/ui/packages/consul-ui/app/services/data-sink/protocols/local-storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-sink/service.js b/ui/packages/consul-ui/app/services/data-sink/service.js
index da66c6c91738..928ccc9c56d6 100644
--- a/ui/packages/consul-ui/app/services/data-sink/service.js
+++ b/ui/packages/consul-ui/app/services/data-sink/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-source/protocols/http.js b/ui/packages/consul-ui/app/services/data-source/protocols/http.js
index 55f81414b7c6..91b09d9428ec 100644
--- a/ui/packages/consul-ui/app/services/data-source/protocols/http.js
+++ b/ui/packages/consul-ui/app/services/data-source/protocols/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-source/protocols/http/blocking.js b/ui/packages/consul-ui/app/services/data-source/protocols/http/blocking.js
index 079f935abb61..9f733af3c7ca 100644
--- a/ui/packages/consul-ui/app/services/data-source/protocols/http/blocking.js
+++ b/ui/packages/consul-ui/app/services/data-source/protocols/http/blocking.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-source/protocols/http/promise.js b/ui/packages/consul-ui/app/services/data-source/protocols/http/promise.js
index 7e6ffaba6f29..e48ab5d32cc7 100644
--- a/ui/packages/consul-ui/app/services/data-source/protocols/http/promise.js
+++ b/ui/packages/consul-ui/app/services/data-source/protocols/http/promise.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-source/protocols/local-storage.js b/ui/packages/consul-ui/app/services/data-source/protocols/local-storage.js
index a0c626e3b760..aa95b3f906c8 100644
--- a/ui/packages/consul-ui/app/services/data-source/protocols/local-storage.js
+++ b/ui/packages/consul-ui/app/services/data-source/protocols/local-storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-source/service.js b/ui/packages/consul-ui/app/services/data-source/service.js
index 1e89e91535cf..af737bb0eedc 100644
--- a/ui/packages/consul-ui/app/services/data-source/service.js
+++ b/ui/packages/consul-ui/app/services/data-source/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-structs.js b/ui/packages/consul-ui/app/services/data-structs.js
index a0f31e56a5e0..5ae21c28b84c 100644
--- a/ui/packages/consul-ui/app/services/data-structs.js
+++ b/ui/packages/consul-ui/app/services/data-structs.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/dom.js b/ui/packages/consul-ui/app/services/dom.js
index d1efc5c176d4..6d69898f577c 100644
--- a/ui/packages/consul-ui/app/services/dom.js
+++ b/ui/packages/consul-ui/app/services/dom.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/encoder.js b/ui/packages/consul-ui/app/services/encoder.js
index c8e7189f4d9c..4f26dac33907 100644
--- a/ui/packages/consul-ui/app/services/encoder.js
+++ b/ui/packages/consul-ui/app/services/encoder.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/env.js b/ui/packages/consul-ui/app/services/env.js
index 1cd5d4f00613..450206b15fed 100644
--- a/ui/packages/consul-ui/app/services/env.js
+++ b/ui/packages/consul-ui/app/services/env.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/feedback.js b/ui/packages/consul-ui/app/services/feedback.js
index 3076e07fb26e..e2781e1ea3ca 100644
--- a/ui/packages/consul-ui/app/services/feedback.js
+++ b/ui/packages/consul-ui/app/services/feedback.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/filter.js b/ui/packages/consul-ui/app/services/filter.js
index 64105e638d89..13ec90085f97 100644
--- a/ui/packages/consul-ui/app/services/filter.js
+++ b/ui/packages/consul-ui/app/services/filter.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/form.js b/ui/packages/consul-ui/app/services/form.js
index 95c2929afe3f..b8a649b5aa9a 100644
--- a/ui/packages/consul-ui/app/services/form.js
+++ b/ui/packages/consul-ui/app/services/form.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/hcp.js b/ui/packages/consul-ui/app/services/hcp.js
index f74dd3579fb4..33a6650f15ef 100644
--- a/ui/packages/consul-ui/app/services/hcp.js
+++ b/ui/packages/consul-ui/app/services/hcp.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/i18n-debug.js b/ui/packages/consul-ui/app/services/i18n-debug.js
index cf78ddd715d4..5521bdd2bb9d 100644
--- a/ui/packages/consul-ui/app/services/i18n-debug.js
+++ b/ui/packages/consul-ui/app/services/i18n-debug.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import I18nService, { formatOptionsSymbol } from 'consul-ui/services/i18n';
diff --git a/ui/packages/consul-ui/app/services/local-storage.js b/ui/packages/consul-ui/app/services/local-storage.js
index 97113f597e26..384efa701522 100644
--- a/ui/packages/consul-ui/app/services/local-storage.js
+++ b/ui/packages/consul-ui/app/services/local-storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/logger.js b/ui/packages/consul-ui/app/services/logger.js
index c3d538886dd4..990059ec449a 100644
--- a/ui/packages/consul-ui/app/services/logger.js
+++ b/ui/packages/consul-ui/app/services/logger.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository.js b/ui/packages/consul-ui/app/services/repository.js
index a9edc8c3c917..52180ce56a11 100644
--- a/ui/packages/consul-ui/app/services/repository.js
+++ b/ui/packages/consul-ui/app/services/repository.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/auth-method.js b/ui/packages/consul-ui/app/services/repository/auth-method.js
index ae69596864dc..cd5154d8428e 100644
--- a/ui/packages/consul-ui/app/services/repository/auth-method.js
+++ b/ui/packages/consul-ui/app/services/repository/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/binding-rule.js b/ui/packages/consul-ui/app/services/repository/binding-rule.js
index 69c41f6b52a9..a0baaabbc4f9 100644
--- a/ui/packages/consul-ui/app/services/repository/binding-rule.js
+++ b/ui/packages/consul-ui/app/services/repository/binding-rule.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/coordinate.js b/ui/packages/consul-ui/app/services/repository/coordinate.js
index 11aa8f9c77ff..5d6eaceab82f 100644
--- a/ui/packages/consul-ui/app/services/repository/coordinate.js
+++ b/ui/packages/consul-ui/app/services/repository/coordinate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/dc.js b/ui/packages/consul-ui/app/services/repository/dc.js
index 1f9b191e5f30..a757af041128 100644
--- a/ui/packages/consul-ui/app/services/repository/dc.js
+++ b/ui/packages/consul-ui/app/services/repository/dc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Error from '@ember/error';
diff --git a/ui/packages/consul-ui/app/services/repository/discovery-chain.js b/ui/packages/consul-ui/app/services/repository/discovery-chain.js
index 27db1a966bd5..d4d1036d3519 100644
--- a/ui/packages/consul-ui/app/services/repository/discovery-chain.js
+++ b/ui/packages/consul-ui/app/services/repository/discovery-chain.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/intention-permission-http-header.js b/ui/packages/consul-ui/app/services/repository/intention-permission-http-header.js
index ea7715af9e84..4a66d0235fc8 100644
--- a/ui/packages/consul-ui/app/services/repository/intention-permission-http-header.js
+++ b/ui/packages/consul-ui/app/services/repository/intention-permission-http-header.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/intention-permission.js b/ui/packages/consul-ui/app/services/repository/intention-permission.js
index 927996757429..b707af220b4b 100644
--- a/ui/packages/consul-ui/app/services/repository/intention-permission.js
+++ b/ui/packages/consul-ui/app/services/repository/intention-permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/intention.js b/ui/packages/consul-ui/app/services/repository/intention.js
index 77ace26f5d52..affeb21a0d53 100644
--- a/ui/packages/consul-ui/app/services/repository/intention.js
+++ b/ui/packages/consul-ui/app/services/repository/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { set, get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/services/repository/kv.js b/ui/packages/consul-ui/app/services/repository/kv.js
index 74d46d4e4f50..c618cff5f2ca 100644
--- a/ui/packages/consul-ui/app/services/repository/kv.js
+++ b/ui/packages/consul-ui/app/services/repository/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/license.js b/ui/packages/consul-ui/app/services/repository/license.js
index cf897f96d03e..6f711fb90604 100644
--- a/ui/packages/consul-ui/app/services/repository/license.js
+++ b/ui/packages/consul-ui/app/services/repository/license.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/metrics.js b/ui/packages/consul-ui/app/services/repository/metrics.js
index 2520d349a4ce..e3c9d835e548 100644
--- a/ui/packages/consul-ui/app/services/repository/metrics.js
+++ b/ui/packages/consul-ui/app/services/repository/metrics.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/node.js b/ui/packages/consul-ui/app/services/repository/node.js
index 441359e7f371..7b389842888d 100644
--- a/ui/packages/consul-ui/app/services/repository/node.js
+++ b/ui/packages/consul-ui/app/services/repository/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/nspace.js b/ui/packages/consul-ui/app/services/repository/nspace.js
index a75500a3c0b8..e7130be09c9d 100644
--- a/ui/packages/consul-ui/app/services/repository/nspace.js
+++ b/ui/packages/consul-ui/app/services/repository/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/oidc-provider.js b/ui/packages/consul-ui/app/services/repository/oidc-provider.js
index 7fee7a8d827c..3d18c8d83850 100644
--- a/ui/packages/consul-ui/app/services/repository/oidc-provider.js
+++ b/ui/packages/consul-ui/app/services/repository/oidc-provider.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/partition.js b/ui/packages/consul-ui/app/services/repository/partition.js
index e0469575944d..75098cb5d004 100644
--- a/ui/packages/consul-ui/app/services/repository/partition.js
+++ b/ui/packages/consul-ui/app/services/repository/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/peer.js b/ui/packages/consul-ui/app/services/repository/peer.js
index 90e40e7b79ea..23ecbaee925d 100644
--- a/ui/packages/consul-ui/app/services/repository/peer.js
+++ b/ui/packages/consul-ui/app/services/repository/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/permission.js b/ui/packages/consul-ui/app/services/repository/permission.js
index a0a1798612fe..3f9b25984611 100644
--- a/ui/packages/consul-ui/app/services/repository/permission.js
+++ b/ui/packages/consul-ui/app/services/repository/permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/policy.js b/ui/packages/consul-ui/app/services/repository/policy.js
index a0a9b4582352..db499fbde514 100644
--- a/ui/packages/consul-ui/app/services/repository/policy.js
+++ b/ui/packages/consul-ui/app/services/repository/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/proxy.js b/ui/packages/consul-ui/app/services/repository/proxy.js
index 1c2ccd015338..f70bae5b2eb5 100644
--- a/ui/packages/consul-ui/app/services/repository/proxy.js
+++ b/ui/packages/consul-ui/app/services/repository/proxy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/role.js b/ui/packages/consul-ui/app/services/repository/role.js
index c098eddc4827..1750f886ce47 100644
--- a/ui/packages/consul-ui/app/services/repository/role.js
+++ b/ui/packages/consul-ui/app/services/repository/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/service-instance.js b/ui/packages/consul-ui/app/services/repository/service-instance.js
index b35f2a8a97e8..4d256cd66ac1 100644
--- a/ui/packages/consul-ui/app/services/repository/service-instance.js
+++ b/ui/packages/consul-ui/app/services/repository/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/service.js b/ui/packages/consul-ui/app/services/repository/service.js
index af76065d4b28..34388a4d4eb9 100644
--- a/ui/packages/consul-ui/app/services/repository/service.js
+++ b/ui/packages/consul-ui/app/services/repository/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/session.js b/ui/packages/consul-ui/app/services/repository/session.js
index 969e9bba3f40..08b5f15ce02a 100644
--- a/ui/packages/consul-ui/app/services/repository/session.js
+++ b/ui/packages/consul-ui/app/services/repository/session.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/token.js b/ui/packages/consul-ui/app/services/repository/token.js
index 21f0d22d578e..dc4f83f82701 100644
--- a/ui/packages/consul-ui/app/services/repository/token.js
+++ b/ui/packages/consul-ui/app/services/repository/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/topology.js b/ui/packages/consul-ui/app/services/repository/topology.js
index db7540a30e23..b7835f95942e 100644
--- a/ui/packages/consul-ui/app/services/repository/topology.js
+++ b/ui/packages/consul-ui/app/services/repository/topology.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/routlet.js b/ui/packages/consul-ui/app/services/routlet.js
index 865aaf01526f..5c37bc30a1e7 100644
--- a/ui/packages/consul-ui/app/services/routlet.js
+++ b/ui/packages/consul-ui/app/services/routlet.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/schema.js b/ui/packages/consul-ui/app/services/schema.js
index 922c0bae8e5e..d8b73133ea15 100644
--- a/ui/packages/consul-ui/app/services/schema.js
+++ b/ui/packages/consul-ui/app/services/schema.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/search.js b/ui/packages/consul-ui/app/services/search.js
index 619653313713..ccb39447b8f0 100644
--- a/ui/packages/consul-ui/app/services/search.js
+++ b/ui/packages/consul-ui/app/services/search.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/settings.js b/ui/packages/consul-ui/app/services/settings.js
index 9f06ca2c242b..22146df593b7 100644
--- a/ui/packages/consul-ui/app/services/settings.js
+++ b/ui/packages/consul-ui/app/services/settings.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/sort.js b/ui/packages/consul-ui/app/services/sort.js
index 430cec838426..fe03b457c6a8 100644
--- a/ui/packages/consul-ui/app/services/sort.js
+++ b/ui/packages/consul-ui/app/services/sort.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/state-with-charts.js b/ui/packages/consul-ui/app/services/state-with-charts.js
index 5d5df349ce2c..e58d84f385be 100644
--- a/ui/packages/consul-ui/app/services/state-with-charts.js
+++ b/ui/packages/consul-ui/app/services/state-with-charts.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import StateService from 'consul-ui/services/state';
diff --git a/ui/packages/consul-ui/app/services/state.js b/ui/packages/consul-ui/app/services/state.js
index 1b2e90f35cdb..5b4ddc627985 100644
--- a/ui/packages/consul-ui/app/services/state.js
+++ b/ui/packages/consul-ui/app/services/state.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/store.js b/ui/packages/consul-ui/app/services/store.js
index 99a173a48f88..326c392177bc 100644
--- a/ui/packages/consul-ui/app/services/store.js
+++ b/ui/packages/consul-ui/app/services/store.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/temporal.js b/ui/packages/consul-ui/app/services/temporal.js
index 38d04cc6dc7a..661ff547d0af 100644
--- a/ui/packages/consul-ui/app/services/temporal.js
+++ b/ui/packages/consul-ui/app/services/temporal.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import format from 'pretty-ms';
diff --git a/ui/packages/consul-ui/app/services/ticker.js b/ui/packages/consul-ui/app/services/ticker.js
index e8fa1b549917..6a0ad1de089e 100644
--- a/ui/packages/consul-ui/app/services/ticker.js
+++ b/ui/packages/consul-ui/app/services/ticker.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/timeout.js b/ui/packages/consul-ui/app/services/timeout.js
index 548b1986a8d4..60eaa3e2d409 100644
--- a/ui/packages/consul-ui/app/services/timeout.js
+++ b/ui/packages/consul-ui/app/services/timeout.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/ui-config.js b/ui/packages/consul-ui/app/services/ui-config.js
index 896fb18f6962..f5ec6aaf6a11 100644
--- a/ui/packages/consul-ui/app/services/ui-config.js
+++ b/ui/packages/consul-ui/app/services/ui-config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/sort/comparators/auth-method.js b/ui/packages/consul-ui/app/sort/comparators/auth-method.js
index 67eb90358e90..6a3889573a58 100644
--- a/ui/packages/consul-ui/app/sort/comparators/auth-method.js
+++ b/ui/packages/consul-ui/app/sort/comparators/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/health-check.js b/ui/packages/consul-ui/app/sort/comparators/health-check.js
index f40bec4b9397..f921b52740b6 100644
--- a/ui/packages/consul-ui/app/sort/comparators/health-check.js
+++ b/ui/packages/consul-ui/app/sort/comparators/health-check.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/intention.js b/ui/packages/consul-ui/app/sort/comparators/intention.js
index 4fd798cfe97c..d36f65275b92 100644
--- a/ui/packages/consul-ui/app/sort/comparators/intention.js
+++ b/ui/packages/consul-ui/app/sort/comparators/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default () => (key) => {
diff --git a/ui/packages/consul-ui/app/sort/comparators/kv.js b/ui/packages/consul-ui/app/sort/comparators/kv.js
index e924a0a528da..3b479a60625f 100644
--- a/ui/packages/consul-ui/app/sort/comparators/kv.js
+++ b/ui/packages/consul-ui/app/sort/comparators/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/node.js b/ui/packages/consul-ui/app/sort/comparators/node.js
index fb70550750ea..291259068097 100644
--- a/ui/packages/consul-ui/app/sort/comparators/node.js
+++ b/ui/packages/consul-ui/app/sort/comparators/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/nspace.js b/ui/packages/consul-ui/app/sort/comparators/nspace.js
index fdf6b7ad6826..5cfcec52de31 100644
--- a/ui/packages/consul-ui/app/sort/comparators/nspace.js
+++ b/ui/packages/consul-ui/app/sort/comparators/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/partition.js b/ui/packages/consul-ui/app/sort/comparators/partition.js
index fdf6b7ad6826..5cfcec52de31 100644
--- a/ui/packages/consul-ui/app/sort/comparators/partition.js
+++ b/ui/packages/consul-ui/app/sort/comparators/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/peer.js b/ui/packages/consul-ui/app/sort/comparators/peer.js
index b1646c96df98..a8f067f4bd82 100644
--- a/ui/packages/consul-ui/app/sort/comparators/peer.js
+++ b/ui/packages/consul-ui/app/sort/comparators/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { schema } from 'consul-ui/models/peer';
diff --git a/ui/packages/consul-ui/app/sort/comparators/policy.js b/ui/packages/consul-ui/app/sort/comparators/policy.js
index 73039e329b8a..f6bf39a991d8 100644
--- a/ui/packages/consul-ui/app/sort/comparators/policy.js
+++ b/ui/packages/consul-ui/app/sort/comparators/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/role.js b/ui/packages/consul-ui/app/sort/comparators/role.js
index f620970e0613..392ca2b5e8cb 100644
--- a/ui/packages/consul-ui/app/sort/comparators/role.js
+++ b/ui/packages/consul-ui/app/sort/comparators/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/service-instance.js b/ui/packages/consul-ui/app/sort/comparators/service-instance.js
index ffc7e7daaa4f..3a7c5addf1d1 100644
--- a/ui/packages/consul-ui/app/sort/comparators/service-instance.js
+++ b/ui/packages/consul-ui/app/sort/comparators/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/service.js b/ui/packages/consul-ui/app/sort/comparators/service.js
index 7ef05b2f44ca..1ac95e927cd3 100644
--- a/ui/packages/consul-ui/app/sort/comparators/service.js
+++ b/ui/packages/consul-ui/app/sort/comparators/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/token.js b/ui/packages/consul-ui/app/sort/comparators/token.js
index 04e2b54a8388..ec2638a5e789 100644
--- a/ui/packages/consul-ui/app/sort/comparators/token.js
+++ b/ui/packages/consul-ui/app/sort/comparators/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/upstream-instance.js b/ui/packages/consul-ui/app/sort/comparators/upstream-instance.js
index 73d02d7740ec..8bedc8a0944f 100644
--- a/ui/packages/consul-ui/app/sort/comparators/upstream-instance.js
+++ b/ui/packages/consul-ui/app/sort/comparators/upstream-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/storages/base.js b/ui/packages/consul-ui/app/storages/base.js
index 4645bec35a69..c4bd743205b9 100644
--- a/ui/packages/consul-ui/app/storages/base.js
+++ b/ui/packages/consul-ui/app/storages/base.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default class Storage {
diff --git a/ui/packages/consul-ui/app/storages/notices.js b/ui/packages/consul-ui/app/storages/notices.js
index 47656c75f0f2..db0f2b6c4124 100644
--- a/ui/packages/consul-ui/app/storages/notices.js
+++ b/ui/packages/consul-ui/app/storages/notices.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { TrackedArray } from 'tracked-built-ins';
diff --git a/ui/packages/consul-ui/app/styles/app.scss b/ui/packages/consul-ui/app/styles/app.scss
index 370df7d8db38..f51022ed3ddb 100644
--- a/ui/packages/consul-ui/app/styles/app.scss
+++ b/ui/packages/consul-ui/app/styles/app.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @charset 'utf-8';
diff --git a/ui/packages/consul-ui/app/styles/base/animation/index.scss b/ui/packages/consul-ui/app/styles/base/animation/index.scss
index f335aeb1f000..0c0114cbb7c2 100644
--- a/ui/packages/consul-ui/app/styles/base/animation/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/animation/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %with-transition-500 {
diff --git a/ui/packages/consul-ui/app/styles/base/color/index.scss b/ui/packages/consul-ui/app/styles/base/color/index.scss
index 31f62f1d7b5a..9b15c0b3187a 100644
--- a/ui/packages/consul-ui/app/styles/base/color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './ui/index';
diff --git a/ui/packages/consul-ui/app/styles/base/color/semantic-variables.scss b/ui/packages/consul-ui/app/styles/base/color/semantic-variables.scss
index 7545b487869c..80b8d21826ee 100644
--- a/ui/packages/consul-ui/app/styles/base/color/semantic-variables.scss
+++ b/ui/packages/consul-ui/app/styles/base/color/semantic-variables.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/color/ui/frame-placeholders.scss b/ui/packages/consul-ui/app/styles/base/color/ui/frame-placeholders.scss
index e6643cb1062e..9b368f76c9fe 100644
--- a/ui/packages/consul-ui/app/styles/base/color/ui/frame-placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/color/ui/frame-placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*TODO: Move this to the reset */
diff --git a/ui/packages/consul-ui/app/styles/base/color/ui/index.scss b/ui/packages/consul-ui/app/styles/base/color/ui/index.scss
index 8ee89d099347..9d300033e4e2 100644
--- a/ui/packages/consul-ui/app/styles/base/color/ui/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/color/ui/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './frame-placeholders';
diff --git a/ui/packages/consul-ui/app/styles/base/component/index.scss b/ui/packages/consul-ui/app/styles/base/component/index.scss
index 7c3a9586ae86..3077240e435b 100644
--- a/ui/packages/consul-ui/app/styles/base/component/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/component/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* allows easy application of animation-name based composition */
diff --git a/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss b/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss
index 6b08af29f19b..484c32fd368d 100644
--- a/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %visually-hidden {
diff --git a/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss b/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss
index b5599fbe1edf..f8e942df358f 100644
--- a/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss
+++ b/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/decoration/index.scss b/ui/packages/consul-ui/app/styles/base/decoration/index.scss
index 69c19e62707b..646b4f597b90 100644
--- a/ui/packages/consul-ui/app/styles/base/decoration/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/decoration/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './base-variables';
diff --git a/ui/packages/consul-ui/app/styles/base/decoration/visually-hidden.css.js b/ui/packages/consul-ui/app/styles/base/decoration/visually-hidden.css.js
index 09554cc65e12..9e95bfa190dd 100644
--- a/ui/packages/consul-ui/app/styles/base/decoration/visually-hidden.css.js
+++ b/ui/packages/consul-ui/app/styles/base/decoration/visually-hidden.css.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (css) => {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.css.js b/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.css.js
index 913913223cf7..3ee12dbddd9a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.css.js
+++ b/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.css.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default (css) => css`
diff --git a/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss
index 26a151d19e5f..00bc8b1c632b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 *::before, *::after {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/base-placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/base-placeholders.scss
index dc5fd5faeeb5..5d01d2d8e110 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/base-placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/base-placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %with-glyph-icon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/debug.scss b/ui/packages/consul-ui/app/styles/base/icons/debug.scss
index 0131fa7ba788..2e2833ddc3f1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/debug.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 .debug-with-activity-16-mask-before::before,
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/keyframes.scss
index ae58e19b81c6..074925d3a1c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-activity {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/placeholders.scss
index 250566bc9e03..353d2b53fb42 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-16.scss
index cd6a28488011..dce1097b80f3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-24.scss
index 75545dbbb146..6f638c62f545 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/keyframes.scss
index 6b759e35cc38..7df06b493020 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-alert-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/placeholders.scss
index bb1b2336f660..dd2358cb4436 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-16.scss
index 8ba44d020bcd..8dbda2cc3813 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-24.scss
index c1dce29db203..731ced512d11 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/index.scss
index b52f72976c3d..af5c4324542b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/keyframes.scss
index bf492d476fa5..03f54bfc67ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-alert-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/placeholders.scss
index cd28db21bc89..5f5e18a08b52 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/keyframes.scss
index d994532cc037..37de8fbcd127 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-alert-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/placeholders.scss
index 438a03dfb540..1931b4b78234 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-16.scss
index dfcb01a47d92..a2c76cf4f912 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-24.scss
index 59a7ae45ee4c..62c36b49f742 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/keyframes.scss
index d96dcd96f080..79bbdb1a568a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-alert-octagon-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/placeholders.scss
index c22387b6f175..8e3908508b2f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-16.scss
index 36f78073b2f0..10efe0035e38 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-24.scss
index c3ba379acdbc..57fb6c803ce6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/keyframes.scss
index 19e4fc9d4f50..d83d3ffbf58a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-alert-octagon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/placeholders.scss
index 9caa6a0cb06e..11096098fb8f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-16.scss
index e8bd7027f721..1a1dd2c66500 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-24.scss
index f2793037173c..255763984f19 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/keyframes.scss
index 6e1b0d881f6f..f905f1de7899 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-alert-triangle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/placeholders.scss
index 2e89681597a6..4c1999b027a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-16.scss
index 8ae7906203e5..272856492983 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-24.scss
index 09ff8eaae22a..5df243045bd8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/keyframes.scss
index a7d350e171bb..ba6b56df5108 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-alert-triangle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/placeholders.scss
index 756824e275df..effdaa4aa79f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-16.scss
index d6d18782c470..6f9133117b67 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-24.scss
index ef3409605fe2..1823b18480a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/keyframes.scss
index 089106c8910a..8bc2692b7122 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-alibaba-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/placeholders.scss
index d446e7251faf..3d1c44740a24 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-16.scss
index 3ccc015fdba9..aea61c94d75f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-24.scss
index 27654234be3d..5d5ef033a3fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/index.scss
index f7a6620e852a..2051613154e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/keyframes.scss
index 6bbc0ef63589..68525c080d2d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-alibaba {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/placeholders.scss
index ab7f97952d0f..65007a25e70f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-16.scss
index c633a11c6c66..895dd9dc835b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-24.scss
index 502e22a7cd46..3173067c11c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/keyframes.scss
index 42075b4c6361..edc7d9618a02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-align-center {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/placeholders.scss
index d68605615231..b38872d54289 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-16.scss
index 6c4e3facda3c..1e24871c2649 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-24.scss
index 5b79eb471593..9ead0327c973 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/keyframes.scss
index a77fa182b7d5..a5977db7a085 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-align-justify {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/placeholders.scss
index 97795f179196..a7dea6c414b1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-16.scss
index e22c27edac0d..b89a196023f7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-24.scss
index ce57b1316fd6..adfb20f2a12c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/keyframes.scss
index 538adc5b5e14..777c8c5e1b8f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-align-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/placeholders.scss
index 8e2aa30b8c00..482de99da500 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-16.scss
index 5ac3ba3f6ac3..7f53fb6a6882 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-24.scss
index c8e8c9d07738..ea94ac1dff3a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/keyframes.scss
index 9260c7a74c52..d51ac3b28234 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-align-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/placeholders.scss
index 3223226f85e3..7fa5b875f693 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-16.scss
index b9eeaa778900..9ace1f2418a2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-24.scss
index 655f56737ded..4de0b2468e46 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/keyframes.scss
index de58952127fa..91c9b2851b22 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-amazon-eks-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/placeholders.scss
index b2920c738169..bd9915d1c85b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-16.scss
index 78b49a21dc87..17ff1beb921e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-24.scss
index 6f7b1f6596f2..dde776e55484 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/index.scss
index 575d42adce42..92dad310a6e8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/keyframes.scss
index 3ba69b991f20..1ee88e61dc0e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-amazon-eks {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/placeholders.scss
index 3431a2e9a564..0858d1d4e202 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-16.scss
index 5224a7a4dca2..5dc2502d09b9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-24.scss
index cee99b98672d..e418a9fc0a32 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/keyframes.scss
index 4bdd75fdef58..c79789effac6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-apple-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/placeholders.scss
index cc873c3eeebd..0ae9f9435956 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-16.scss
index c140d36aa8e2..524052bd7dc8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-24.scss
index e14880dfd1f8..944b67bdcbd8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/index.scss
index a93218e05257..e55c818644a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/keyframes.scss
index 8a4d53c9b767..94f7cd9dd938 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-apple {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/placeholders.scss
index ee5d05f187bc..996fdebe1cc8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-16.scss
index 34fd6002b029..993d6ed37906 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-24.scss
index a971bb0818f5..8c8141c22e72 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/keyframes.scss
index fa50db95b099..95098f8503cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-archive {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/placeholders.scss
index 05185c7a9b07..0c834ef06833 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-16.scss
index 64237bd8b8e4..06a1ce159f3b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-24.scss
index 404ed2fa28d0..35675791ffa6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/keyframes.scss
index 9e163693216d..4d5495cb0b11 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-down-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/placeholders.scss
index f08dae390218..680342cd98dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-16.scss
index c7f3c7e8102c..f36a7adf0743 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-24.scss
index 18d2f7c8b381..15164b014057 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/keyframes.scss
index 650834d6c5cf..010b3d572ff9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-down-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/placeholders.scss
index 162e96ef78c2..f16d564e0346 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-16.scss
index b0e1400899d2..57cb58bd63ca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-24.scss
index 59d29169f71b..08dfc0fa9928 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/keyframes.scss
index 43ae014908ea..ad42f83c97f8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-down-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/placeholders.scss
index 1c56664f7963..cd5b824e97ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-16.scss
index 6770a43e81d6..805f53e04858 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-24.scss
index a8dd4f8e0690..51336e9e8df2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/keyframes.scss
index 66ae7837b812..1e25289d07e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/placeholders.scss
index 9e4e377c97cb..d2b8aa62a9c2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-16.scss
index d1ead1bb5486..2e71c1bb295d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-24.scss
index 1526cb4c9e73..4429d66fb30b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/keyframes.scss
index 288e7a113bd5..f6361c4e96a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-left-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/placeholders.scss
index 60afbbf7bc7f..f5b6ca5d0272 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-16.scss
index b129861a3887..b5d08eb3ecf7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-24.scss
index e6ac52eab589..9d4c4b16ae8b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/keyframes.scss
index 4d3b134ba06f..902828c38d73 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/placeholders.scss
index 4913edc59c45..2b0cf709d475 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-16.scss
index 552fc7a49b9b..fcd0cb23a8b9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-24.scss
index 8e70e55dc0d0..1b9b7c0d0987 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/keyframes.scss
index 5a30b053abbb..fb6d8b938dc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-right-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/placeholders.scss
index 83f28918cfe3..510f507f7a4d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-16.scss
index d02e72de3ee4..6d20469ee459 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-24.scss
index 2c301cf74248..bebc2f5e8535 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/keyframes.scss
index ed9dc51b686b..bbc7a11c134c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/placeholders.scss
index 02382cac4035..88adae804335 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-16.scss
index 5dd980fb2870..8ef46620930f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-24.scss
index 5402109713ce..d9b9335b9e09 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/keyframes.scss
index 7a69ea30563f..6d84ba167024 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-up-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/placeholders.scss
index a1a7bd6aa132..b4f5359ccf95 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-16.scss
index 9619f71e44c0..9fd862889387 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-24.scss
index 1ab45c00d5a0..f5aed4d76d83 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/keyframes.scss
index ae1de7e4d642..8f93cbe52b87 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-up-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/placeholders.scss
index 17b70aa534b1..a22d049e1f31 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-16.scss
index 5a77fca93de6..67e30b276fa9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-24.scss
index 859594dbee3e..ea769da9c720 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/keyframes.scss
index 6c1e698d6bcb..17d3439af3a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-up-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/placeholders.scss
index 0fac6954667d..c9102a076cae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-16.scss
index ad33f5362bac..ee72eed7f5b3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-24.scss
index a7015b96d314..2748d0ba5daa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/keyframes.scss
index dc405fa8350e..3f939b96d38c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-arrow-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/placeholders.scss
index 6f0d6e9f103f..d6337f564dc6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-16.scss
index aa34bfae2ef9..7698ca7a5f86 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-24.scss
index e304695237f3..004aadb9b58b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/keyframes.scss
index 382171b3066e..af0cc5a2d0bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-at-sign {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/placeholders.scss
index ef4249e8de0c..4b6e792f8b4f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-16.scss
index f0b0967fa731..35ca543c0717 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-24.scss
index 7cf9239708c6..a80a2e275d4d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/keyframes.scss
index f344039bc5db..f61a9ec361d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-auth0-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/placeholders.scss
index 047e5e904eb3..d33b504c31ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-16.scss
index 635bf4fa3ca4..ba821cc98806 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-24.scss
index d9c916eea88e..ce38c8a2d648 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/index.scss
index 2ac024093997..60fbff8e53ef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/keyframes.scss
index d7bf4bc27b04..dac71af5818f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-auth0 {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/placeholders.scss
index 823b6540ca41..d91cea78255f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-16.scss
index 635bf4fa3ca4..ba821cc98806 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-24.scss
index f4d304879e72..469bcc8786fc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/keyframes.scss
index fc5bb6faec91..4e3f9eed858b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-auto-apply {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/placeholders.scss
index ae320b2fb1a2..2096dbb22ad9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-16.scss
index 19c3073c8280..93fcb9ffd223 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-24.scss
index c8d871ef2f39..39c3f4e3afaf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/award/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/award/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/award/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/award/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/award/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/award/keyframes.scss
index 7a96af339dd9..ec6af6883ed0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/award/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/award/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-award {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/award/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/award/placeholders.scss
index 46461d4b4b59..5a6e3db614f6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/award/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/award/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-16.scss
index 77c3521583b1..c479e6b41cb8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-24.scss
index 9b447831e51a..b10d05cf89fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/keyframes.scss
index f4c9c7f6c4bc..3e3a3a02fac0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-azure-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/placeholders.scss
index c838fb0003f4..affacac1a20d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-16.scss
index 06413e5e626d..4026e8685c49 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-24.scss
index ed6444c2994e..62ac5a5c6132 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/keyframes.scss
index 05377a2261de..52a9cf76f962 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-azure-devops-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/placeholders.scss
index 99d1dd1271b5..70cf0b138a14 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-16.scss
index 51f1ef9169d9..1d340b9e53da 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-24.scss
index 189de379b50c..81ee63569fa1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/index.scss
index a469817aefd6..90d05644b089 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/keyframes.scss
index 00f72b8f6b27..bf4994065c46 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-azure-devops {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/placeholders.scss
index fc36d2342ee9..df11a00bb39d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-16.scss
index e9c17de6b8c0..c758b8a951ec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-24.scss
index 9a9992daac50..ab4b2678eeaa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/index.scss
index 460bb93ca44c..57796cbe4d4c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/keyframes.scss
index 26050f772396..d6b5215fd1cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-azure {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/placeholders.scss
index 909c7e0c896f..cf4ce5203e14 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-16.scss
index 49180ae4dfba..5fb44f6d83ca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-24.scss
index 5d6e621898a4..2e9a8bc64649 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/keyframes.scss
index 937f60bd1c37..1198e82ae9b9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bank-vault {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/placeholders.scss
index 0d590e9f68a5..f1e01cbc53db 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-16.scss
index 3920d3ca4a88..ec7e4fc6576e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-24.scss
index 5b880b5b4621..175a50ba19a2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/keyframes.scss
index 24d454814637..3d267e2be42a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bar-chart-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/placeholders.scss
index 10b6a8163586..c6fe294ab63c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-16.scss
index 4bd046c45d6a..99047afeb3ff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-24.scss
index fd36ec0c9a04..b3e0126d5e7a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/keyframes.scss
index 436bf7f8df4f..5934a161a9dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bar-chart {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/placeholders.scss
index 6b8d83da54ef..6dbb0aa1a845 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-16.scss
index dc3af3fe66a7..19400e36910c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-24.scss
index eb872294e8ed..7520ec578656 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/keyframes.scss
index 2d478adebec4..2910f6ba28cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-battery-charging {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/placeholders.scss
index eee2cda5332a..169c4b03e85a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-16.scss
index 97748d66cd26..c569483aeb5d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-24.scss
index 898a082d9ad3..1b8ed8ab1fe8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/keyframes.scss
index 506bf682b76d..4f560185c8b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-battery {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/placeholders.scss
index a67cbfddce77..f4a9d06343e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-16.scss
index a7e7a1519b6e..5d3fe714935f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-24.scss
index 673ee4ec9d22..90465435e3fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/keyframes.scss
index f9dbc2c45b8e..20b75d92d1fe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-beaker {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/placeholders.scss
index bf2af4a632b8..5fcbe9b7af54 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-16.scss
index 7432b00b1867..b847897d1d6c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-24.scss
index 7d6dd84a320b..7269f26cb491 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/keyframes.scss
index 9e84ab705777..72fabd95531c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bell-active-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/placeholders.scss
index f225005fabc5..0d7bc721a48f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-16.scss
index 89379e6f64a8..42ee89888486 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-24.scss
index 5e651edb6aa3..5e2c36ecd05c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/keyframes.scss
index e8738e2cbca1..526357d7e742 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bell-active {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/placeholders.scss
index de4dcea80dfb..dd612ae22b80 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-16.scss
index 68a82216b640..df673f629149 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-24.scss
index 9cddf53f2373..60afe0f69e61 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/keyframes.scss
index 349aca465bdf..aeb34d45883f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bell-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/placeholders.scss
index 6a5a67144146..b812218eafe0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-16.scss
index 7b0743bb75b6..524306acee97 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-24.scss
index 768b78de1774..ef2bf9f25fdc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/keyframes.scss
index 164f172d1cfe..65babffb06ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bell {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/placeholders.scss
index ed9e27ee4d4a..d7ed65bc02d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-16.scss
index 5d5234bf2706..426e72c313ba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-24.scss
index 2d23120bbd35..7401f1a83d0d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/keyframes.scss
index 5dc4d9288dff..a27dd84dee0f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bitbucket-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/placeholders.scss
index 7f9ebeff4c2a..f95ba8704fc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-16.scss
index 4fe71101cf65..35f421bb85d6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-24.scss
index 109c80d9fba6..4d9ac52acf16 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/index.scss
index be18ada7ed24..b2a50e60e596 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/keyframes.scss
index 5f6cc9685b9f..0ed7d11559f5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bitbucket {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/placeholders.scss
index 1336423c6bf4..cf6287cadf7b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-16.scss
index 161953edf4de..2d0a025fedaa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-24.scss
index 5110a7389636..043b8af3e980 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/index.scss
index c8fff7727b72..258ef25a3a53 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/keyframes.scss
index df57265e5ae5..7e71046efd04 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bolt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/placeholders.scss
index e96f8f1aaa8f..a85661559a59 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/keyframes.scss
index 8af48284c922..1cc6a76002f1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bookmark-add-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/placeholders.scss
index e3ed647d0a53..f605a1beeb9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-16.scss
index 7156d2bc7e38..fca2fbf0705d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-24.scss
index 81de585acad0..7eb9073997f8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/keyframes.scss
index add4513273ba..072715ec8e20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bookmark-add {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/placeholders.scss
index d6ebdccb012b..9d406d44a942 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-16.scss
index ca7190f27f57..0831acd7eeeb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-24.scss
index 78c72c6998f3..ee196c218b3d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/keyframes.scss
index ea87d18f520f..40a4ca56eb17 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bookmark-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/placeholders.scss
index 69b40d1bf048..04383c211c56 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-16.scss
index 2c1f32ffaa0f..a42b84e81f7d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-24.scss
index 1b22db36a5c7..f6543df57dcd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/keyframes.scss
index dbfaf2ce931e..70168716a364 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bookmark-remove-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/placeholders.scss
index c7672c7bf059..f4112415447a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-16.scss
index 2fc7946cad4a..e4a0bd7259a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-24.scss
index e362472e4097..29a86fb19532 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/keyframes.scss
index 05a9c5b43509..5a418587969d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bookmark-remove {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/placeholders.scss
index 47d627892314..28c0e1143f23 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-16.scss
index ae3b53355097..2f27a25c08ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-24.scss
index 2f752aecf786..7f4f59117bb8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/keyframes.scss
index a3c73dada875..49eb3962720c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bookmark {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/placeholders.scss
index 9b2c548e8a41..f64a0b99701a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-16.scss
index 8f6424b8f716..82b656d31bf0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-24.scss
index bf0c907d8080..c75694b1fae1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/keyframes.scss
index a4a4c9c6652c..406d0ebd5c5b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bottom {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/placeholders.scss
index 29ae545ada14..a9556e8d38e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-16.scss
index 34502324cf6f..c80674dbd38d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-24.scss
index 5925d6fd37f5..df2c87152d29 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/keyframes.scss
index 3395756ddeb2..7c3a047780bd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-boundary-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/placeholders.scss
index 727c9c9f5249..80485e1d107f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-16.scss
index b13396ce0c4a..3e4159d11a3d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-24.scss
index fff277b31325..da2046ae44fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/index.scss
index 0ce950660eb5..bfb0b2d3da5f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/keyframes.scss
index b840a6532593..4bc10d76f2f7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-boundary {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/placeholders.scss
index 79494d07ff1a..3cb0d44af026 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-16.scss
index 803ca4154583..2f86f4fdadcc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-24.scss
index 791c947fa3e1..78c984366ac9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/index.scss
index ac45fbe51acd..61a22d9daf6b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/keyframes.scss
index e1647a25bcbd..df95628c3676 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-box-check-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/placeholders.scss
index 5107a22d4f29..3a0e96eb537f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/index.scss
index a3f64e1e4817..c236b51d8996 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/keyframes.scss
index 4999d9bfa346..c15d858d016c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-box-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/placeholders.scss
index 056eeaa19ab2..5d75afb541f3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box/keyframes.scss
index b659319096eb..e404a9a7e914 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-box {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box/placeholders.scss
index ce461f40b5ce..ac00eccd6de2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-16.scss
index 559b755bbded..b609887261c5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-24.scss
index 53c5bf5b9af4..451a7c3b15a3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/keyframes.scss
index 6a16ccad6c2c..b5e2b49f0af4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-briefcase {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/placeholders.scss
index fde71a037222..147322aef8bd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-16.scss
index 081897cc0426..7698e6d4613e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-24.scss
index 070630879733..b1b080b29f9c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/index.scss
index f0105891e718..8f5c8bd54752 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/keyframes.scss
index 3a9c3ca2ffbd..62d74700fc3e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-broadcast {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/placeholders.scss
index aaeba80b64e3..9e794c7bd6e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/keyframes.scss
index d9e671d229dd..5bb58e73b9dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bug {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/placeholders.scss
index 87dedfcf46bf..850f693711f9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-16.scss
index 11e8f0ed7060..193d67da721b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-24.scss
index 0ad80ae61443..c499e234655e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/build/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/build/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/build/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/build/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/build/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/build/keyframes.scss
index 48abcaaf1c7f..4acc8d3f4033 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/build/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/build/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-build {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/build/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/build/placeholders.scss
index 487fbda3c700..5472b5863829 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/build/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/build/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-16.scss
index 6b9502a7d399..cb7e0517d9c5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-24.scss
index dc1e72ee53fc..c7384bd17e7b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/keyframes.scss
index 920b209a7544..bbc09aeefcba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-bulb {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/placeholders.scss
index 60e45fee3d03..0413ffc33151 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-16.scss
index 6b3137eb9981..bd37e7ceaa0a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-24.scss
index be2bfbea63c2..43c3a4f4c610 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/keyframes.scss
index a7af1b3830a4..6014ea73d683 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-calendar {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/placeholders.scss
index c98cfb22c942..b6772f9091ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-16.scss
index 53347f5288e1..78731e521150 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-24.scss
index 8fb47768e69b..7176f024b37b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/keyframes.scss
index 9cf2cec6d0d1..05baf891cb6d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-camera-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/placeholders.scss
index be09b92e86e7..053eb0bd2f98 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-16.scss
index 502be31fa0d0..c4f251374936 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-24.scss
index 59e66c9ee876..d058c197b2d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/keyframes.scss
index 7562890121a4..f53f121015f6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-camera {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/placeholders.scss
index c3d861976380..10c19eb67358 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-16.scss
index ec5370b04414..0f37a42b1d2c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-24.scss
index 16d821faf9ec..b7f4d719ed18 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/index.scss
index 2e6a0d76d742..a306b7916907 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/keyframes.scss
index dad37a13d5a4..02a363cbf2a3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cancel-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/placeholders.scss
index 319364a19e0e..c1731f0459d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/index.scss
index ab3ee1f5c526..943585eade34 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/keyframes.scss
index 70c0b1196158..8870216eb5a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cancel-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/placeholders.scss
index d1f3b3fbbee6..a9b3362c578e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/index.scss
index fe09ef6bb2ef..d6a6d1120e8f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/keyframes.scss
index fa6a2866bd28..9410d029bf18 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cancel-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/placeholders.scss
index 16a964854ad7..d18d5e629c6b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/index.scss
index 0c34b11ff5ff..a40930d8c385 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/keyframes.scss
index da9df57194a8..33e30a5dda88 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cancel-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/placeholders.scss
index 018bb3e9e428..fb1c456e56dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/index.scss
index 0f7eb12f7ad1..2b7072c6d383 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/keyframes.scss
index c8e7ea4fcc1f..6b7e30122167 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cancel-square-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/placeholders.scss
index ce05a72eff1f..835f77d367e7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/index.scss
index 9ce54e80df36..2613539e2b75 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/keyframes.scss
index a5f8fd6491fb..7f0a5e729210 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-caret-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/placeholders.scss
index 1cbfbf4385d9..42f57e4ea139 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/index.scss
index f726896c0ff7..886eaecdea35 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/keyframes.scss
index 23633ae8d229..45542629ec0b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-caret-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/placeholders.scss
index 34bc49188392..cb2121b7117b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/keyframes.scss
index 9134c301c33d..10e1b9f31e4d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-caret {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/placeholders.scss
index 8aedb4c3c6c6..0fdd86953cdd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-16.scss
index e92751e020ab..334628669100 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-24.scss
index 54a79a5448b5..11e94eb7391f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/keyframes.scss
index a5b04c2e125c..daeab71f2e30 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cast {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/placeholders.scss
index 1998cda4a79f..7ed224f3e356 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-16.scss
index 5500f0d3ff41..2c752b53ba40 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-24.scss
index e7297c802269..9a9f65f69a17 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/keyframes.scss
index ea7094844fca..23531ccc3d2a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-certificate {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/placeholders.scss
index 67ce5f89ca4c..e232f0da141a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-16.scss
index 8ad944bf8a8a..f603611d17c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-24.scss
index fc1860f45b4a..47cbeaf168b9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/keyframes.scss
index 84be1cfc2b45..6ef069458128 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-change-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/placeholders.scss
index 663945b54558..274604f1c802 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-16.scss
index c68d22b5eb77..b749a5a4cbf7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-24.scss
index fd62070ca492..b465691aa603 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/keyframes.scss
index cb8fa81c0e76..9de36907831d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-change-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/placeholders.scss
index 70b96218d45e..6e34cc11945a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-16.scss
index 11ca7a9e0644..415d77f39d1f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-24.scss
index 96fc1bdff69c..0066ef360406 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change/keyframes.scss
index 88dc35b796d8..264f62bafd36 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-change {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change/placeholders.scss
index 861813e50ec0..2838965fd3ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-16.scss
index 50f0f2e7ddee..d811a2d843ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-24.scss
index 43f20a875968..40a98e485263 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/keyframes.scss
index 45f67999fee7..092a990afb3e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-check-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/placeholders.scss
index deace71627f0..207490ccf438 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-16.scss
index 5c48aea6ab64..992644f8d33f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-24.scss
index e9b5434e4d57..930e429704ca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/index.scss
index 671b9d7ba708..6039ff04ce02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/keyframes.scss
index 46dbd5772946..2147b60243fd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-check-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/placeholders.scss
index 235aedfa0ae6..099aeb1c676f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/keyframes.scss
index 2ef8f40d52d0..78cc472f4829 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-check-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/placeholders.scss
index 070a71e0b949..ba97e52aa2ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-16.scss
index e22680fa57c3..1b3553f06192 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-24.scss
index 104de1fa2965..0275305f18f1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/keyframes.scss
index 95a3f7c65389..49cd93a90b35 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-check-diamond-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/placeholders.scss
index 6deb8e2bdc40..ce0bb6977729 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-16.scss
index 2a0671516d11..2e49014a5a2c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-24.scss
index 206a4224f707..4708f3bbcbd1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/keyframes.scss
index 8fe7fd97d4d5..a4ad1b13a447 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-check-diamond {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/placeholders.scss
index 1e2f9ce3d8e9..eb2d1a198d7c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-16.scss
index 4852a37af042..31c9a12c9beb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-24.scss
index 8f40c2de9b8f..01cfd56efebc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/keyframes.scss
index 8b19f1b0f9ed..1555190c8aff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-check-hexagon-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/placeholders.scss
index 04b73f5190a7..f0fb86ea9157 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-16.scss
index e3bb499a746d..93ee5fcaa593 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-24.scss
index 95519a5e0cb6..7b778df31d35 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/keyframes.scss
index 0b8e7a06f80a..acc469b09fac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-check-hexagon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/placeholders.scss
index 6eb8c2bb1aec..346df5f51a82 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-16.scss
index 17b897ee1770..09198c201e9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-24.scss
index 54e5c201905b..d0ebe79bdaf0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/index.scss
index cc27b8155ff4..502a76f09ae2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/keyframes.scss
index 593753e80f7e..c05b22a2d5c9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-check-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/placeholders.scss
index ca5a2dfc0b3f..34209368c729 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/keyframes.scss
index 3c8fd9da3cac..e8e9eeb7d2e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-check-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/placeholders.scss
index d4cfdfcc8269..9a68eead4f95 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-16.scss
index 86f0bf05647a..6529447dd5cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-24.scss
index d4e4b8e4e0b2..371876a4a9b7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/keyframes.scss
index 4a58dacf7dd6..37ab1f690606 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-check-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/placeholders.scss
index a339e1fec001..d4eed4741e12 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-16.scss
index d31670b9c505..15e5c90df4d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-24.scss
index c955ee7e49e9..3bf7b8a60267 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check/keyframes.scss
index c8e79d923454..d88d13a6b534 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-check {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check/placeholders.scss
index daadc803571b..dae1f446843b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-16.scss
index 12e0aedd543b..b3e5c4e1ecec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-24.scss
index ff171f6b05c8..c0a1ec6b1e01 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/keyframes.scss
index 4b0f7260865d..a95151cab6d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-chevron-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/placeholders.scss
index 4748bd4d9ee9..2da5d4d1e2ff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-16.scss
index 7070b934d7b8..013b7b74038d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-24.scss
index 5f50ce25ad28..2065384b88cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/keyframes.scss
index 327b1f93ff35..d0ad75dfba7b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-chevron-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/placeholders.scss
index 0b1572b9d8ee..e1944b3e1747 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-16.scss
index 126cb39ccb52..c79595989092 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-24.scss
index 9a7432db400c..00becb368d96 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/keyframes.scss
index c4379fd3160a..3e639e0a87d3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-chevron-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/placeholders.scss
index e9c3f703a8fb..6228295a8c0b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-16.scss
index 7d16aa12862e..0043debb3af4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-24.scss
index 1443f4bcae40..689d4a06b5c5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/keyframes.scss
index 3eb5d9be9c0a..cae405e4339c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-chevron-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/placeholders.scss
index ede17a02748c..07bae126a608 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-16.scss
index 24158d5e003a..e31ab6d3cc78 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-24.scss
index 8e674db191d7..a64a1049484a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/keyframes.scss
index 46835d57bd8a..e5eb2c2f9ed2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-chevrons-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/placeholders.scss
index 01462aa7a2d2..2cc4b5cce08d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-16.scss
index 0084a21b9dd5..2e5945cd7544 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-24.scss
index 718faa523d33..e62b38f7a891 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/keyframes.scss
index 90cd13e1fcc1..5f419179315d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-chevrons-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/placeholders.scss
index 0beb5ee37787..5fe31cfe471a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-16.scss
index ced3bd163583..503f0ec58954 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-24.scss
index a38e05798f91..f009003e7714 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/keyframes.scss
index cff862e01c72..3a2f91d95fc8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-chevrons-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/placeholders.scss
index 4e0dc96b1df1..5ccfcb9cd29c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-16.scss
index 46c3c5ba9274..13048869e205 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-24.scss
index 9e31049e0433..6f56394bca5b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/keyframes.scss
index 612f1dabe558..3b296d85b5e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-chevrons-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/placeholders.scss
index 0d9a728013a6..7e2911475f95 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-16.scss
index bbf71a6b1b9a..a9d777f7d1b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-24.scss
index d281824a0fc3..76d5809be632 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/keyframes.scss
index ecb4c94c6d53..b170f1eadacc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-circle-dot {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/placeholders.scss
index f1659e1cdd04..4f707b2a46ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-16.scss
index 4dbcfde5c355..290a3b17e9cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-24.scss
index 1a152aa23eda..86a5a6d7edc1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/keyframes.scss
index f3d78a1c3500..ed03b157b154 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/placeholders.scss
index 68510756cdd6..9896797133c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-16.scss
index cd55d9c6957d..ec4450fb9fb8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-24.scss
index 93426c0d7333..20b62203c94a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/keyframes.scss
index 5467146df88e..05fc2a97d66b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-circle-half {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/placeholders.scss
index cdc802df43d4..47aa3ae7fb59 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-16.scss
index 47e667dba7be..5c6acf5f2643 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-24.scss
index 3fef93c9e663..786353a7576c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/keyframes.scss
index bba969335613..20f40ad7a24d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/placeholders.scss
index ad7ffdc920af..b32f0d456fa2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-16.scss
index 0c66bf49d282..444e9325038c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-24.scss
index baf19bb2f7c4..85f173521ea9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/keyframes.scss
index a294fdb40e47..24e18162537a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-clipboard-checked {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/placeholders.scss
index 7197d30f3884..dc006b361e76 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-16.scss
index 31358730121c..df29d6faa794 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-24.scss
index 87421260b339..a504c5e232f1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/keyframes.scss
index 77bb7c292bb5..503e2ba38bed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-clipboard-copy {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/placeholders.scss
index fb6a298cc37d..c6ff8d5379d6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-16.scss
index 59479eddf942..c8eb7a05f6f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-24.scss
index 44e9b23a55c6..a0402f41f110 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/keyframes.scss
index 65c50edcaf80..05c01b9ad99f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-clipboard {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/placeholders.scss
index 7596e9395026..a61b52ba0d4e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-16.scss
index 45853b8a6054..bec5f233060a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-24.scss
index 35f167109d50..8a3e33e25d01 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/index.scss
index e9e5a13d0115..d97ec2a16f2f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/keyframes.scss
index d7999225c52e..71b5c4ac6317 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-clock-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/placeholders.scss
index 60342374542a..24e977e2feff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/index.scss
index e9e5a13d0115..d97ec2a16f2f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/keyframes.scss
index 3c8d87485022..417eea8bfbc0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-clock-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/placeholders.scss
index ddc8803c65a7..b3fc5057eadb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/keyframes.scss
index 914875f9c209..f8bf669085da 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-clock {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/placeholders.scss
index 1c830034c806..c88ca54a2e01 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-16.scss
index ebefcca9abe9..03f7caed237a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-24.scss
index 942482c280b6..fabfaea6e5e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/keyframes.scss
index 210ac33e287e..e8079eb87784 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cloud-check {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/placeholders.scss
index aa6db2eccb67..03913343539a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-16.scss
index 6bdc6e0bba0e..e58b60f0aa97 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-24.scss
index 511a878cc487..d5456e702a22 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/keyframes.scss
index 58369c3acb28..75b06e09bda6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cloud-cross {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/placeholders.scss
index 08c67367f65c..7366c6894a82 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-16.scss
index 8a08b6017366..4a693d141681 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-24.scss
index 793687062234..fe0a427f5a29 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/keyframes.scss
index 843c075cf058..8f09605bb09a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cloud-download {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/placeholders.scss
index 6b4eb54b58da..f8c20917bec2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-16.scss
index d83d00b51a8a..2f7d4f9b58c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-24.scss
index e82ef479a43f..3d8decc0d773 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/keyframes.scss
index 90361ecaffa7..b115bb955921 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cloud-lightning {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/placeholders.scss
index a5644c5d564d..7e1065d6619f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-16.scss
index c02cd40bed9e..cf7ab446233d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-24.scss
index 0935b3d17b9a..711aa09ebd71 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/keyframes.scss
index 5db241e13003..dc6bfde5bbfc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cloud-lock {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/placeholders.scss
index b49a0d0a147c..9c3e8f54fb14 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-16.scss
index 25fc4632a06f..998d7578507d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-24.scss
index f7c649f2fe75..15a03c367e88 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/keyframes.scss
index 734979cc4ecd..f84372b8cc52 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cloud-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/placeholders.scss
index 4c5efd21b96d..028667d9b6d4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-16.scss
index 68946b513252..52d3c03165b2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-24.scss
index 54c221a71894..8b6c0e739fbd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/keyframes.scss
index 75076c8a1d8d..ca527549abdb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cloud-upload {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/placeholders.scss
index 69b48ae799b4..b2c92bfe986f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-16.scss
index 00875c16b300..d349a8c06488 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-24.scss
index 677e5a2ae423..9e5e0421aa05 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/keyframes.scss
index 772030dc572d..bc10ffebde30 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cloud-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/placeholders.scss
index 29caa9759013..85daed15f23e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-16.scss
index 9c8fa1cf9f02..d2491888b2b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-24.scss
index bdbe1ec41e17..d8877db457ec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/keyframes.scss
index 462d2787fa88..d9b1f22cc917 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cloud {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/placeholders.scss
index ffc10227f944..36f36fde3b9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-16.scss
index d0c78fc6bd77..e8709ffdd7bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-24.scss
index dfc70f94c311..d55cd0c291fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/code/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/code/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/code/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/code/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/code/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/code/keyframes.scss
index 8d3efb925bfe..7316a6a4e22e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/code/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/code/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-code {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/code/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/code/placeholders.scss
index 13be5cc0d74c..d22bad7eff5d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/code/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/code/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-16.scss
index c47972496381..01baf8c4551c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-24.scss
index 858000b337a5..3b35f27689e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/keyframes.scss
index 5cd82484c47c..07dc4dd5408c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-codepen-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/placeholders.scss
index 93b3557ecbf6..603e44debc8c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-16.scss
index 2249d3c13b72..4d4d00b0535c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-24.scss
index f805e57e8b23..2502772d2b13 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/index.scss
index bd1528d9bbb4..9c744beec155 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/keyframes.scss
index 2817538914c0..d169089f6cb6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-codepen {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/placeholders.scss
index 14827a545d65..03698eb044dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-16.scss
index 2fae5290e4f0..9af0bcb23e41 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-24.scss
index 5f785b8d2dff..8dc4a976ee7c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/keyframes.scss
index dea5344409bc..27fea855627a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-collections {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/placeholders.scss
index b337c4309b2c..38a0a9dbac8d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-16.scss
index 159ec0d78831..7cd7b02fe9c5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-24.scss
index 3d272a7bbc2d..ee71f7a86b2e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/command/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/command/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/command/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/command/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/command/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/command/keyframes.scss
index 4c82aeb0663c..c864cd504a4b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/command/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/command/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-command {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/command/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/command/placeholders.scss
index b92214588fc4..2ffa3f276e1c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/command/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/command/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-16.scss
index e19158bd0cd8..1b5926c246ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-24.scss
index 0aa7197b338b..89c9476130b9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/keyframes.scss
index f8b5b8186ce4..06a0464264c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-compass {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/placeholders.scss
index c871dc9f891d..010f9631456e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-16.scss
index 40917ba684d7..ea8483b1f182 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-24.scss
index bc4255dda367..7825860b6c09 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/keyframes.scss
index 893951078fea..282565e26d7e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-connection-gateway {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/placeholders.scss
index 12fdac2c6b30..aa9679abff1b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-16.scss
index 62c78dd0a643..804a1c2b8ee9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-24.scss
index b14caa1137ae..70d1c1b28c60 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/keyframes.scss
index c06f12b69d34..125953b3cd8a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-connection {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/placeholders.scss
index 89c850cf40af..94186586fbc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-16.scss
index 6c50354671bc..657c0727f9bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-24.scss
index 8fd1d0072869..6154cafce297 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/console/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/console/index.scss
index ee75e1eb800c..f6ba69102e6f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/console/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/console/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/console/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/console/keyframes.scss
index 2ad71a5840b8..375899de9afd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/console/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/console/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-console {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/console/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/console/placeholders.scss
index bf387838d9ed..fc1c3c2c66bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/console/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/console/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/index.scss
index ba1a5f5a4cba..a4a92af0263e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/keyframes.scss
index f58b03f20ac3..fddf122a5494 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-copy-action {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/placeholders.scss
index afea92a4572a..6bbe5845eb2c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/index.scss
index e0e0d9a46c18..68c80e049cf5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/keyframes.scss
index 61b820c3f151..ef0e5386841e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-copy-success {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/placeholders.scss
index 25490a59d656..dc73f8738166 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/keyframes.scss
index 2bbc9508e2ce..e18860cead89 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-corner-down-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/placeholders.scss
index b54e73cb6706..07f80c2e75ca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-16.scss
index 51c557aa2859..0472d584d750 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-24.scss
index c8318b4b9692..2e2c8b7abcc6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/keyframes.scss
index d0e38ab54682..88ae1f5f71e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-corner-down-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/placeholders.scss
index 4317e7d3594f..9a3f8ccf7e02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-16.scss
index ecba0e99ec13..1962ef6c129c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-24.scss
index 198c093d902b..cc97d82de1ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/keyframes.scss
index 1dcecb40b31e..0da09fe92c7e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-corner-left-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/placeholders.scss
index 98fcaf604906..a0aabd008279 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-16.scss
index 42c8764914f8..84829386c423 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-24.scss
index f237311ac2bb..c6e0d67ddc75 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/keyframes.scss
index f670fe1a1cdd..7cb1cdc097a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-corner-left-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/placeholders.scss
index 17277e98b79e..1557c8e78e1b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-16.scss
index 5af46ea8d19c..4695f58efda9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-24.scss
index 5ea069d3317c..a6b37889cd8a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/keyframes.scss
index 97e94ef81039..4c85a2870d09 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-corner-right-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/placeholders.scss
index 85dbc4737f55..55d075864b86 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-16.scss
index 03380737ab74..c7201f7f10e7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-24.scss
index b45a05ee2167..cb53df88b159 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/keyframes.scss
index 325b6137e254..24f57abdd56c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-corner-right-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/placeholders.scss
index 4bd75ad6e430..d425febeb488 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-16.scss
index 729f4cf2c019..0acc68cc19b9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-24.scss
index 2c6f67231d01..5d3dc496ff87 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/keyframes.scss
index 2778ee47a25e..02c83a403a71 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-corner-up-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/placeholders.scss
index 30456959cb7d..f27be2758dbf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-16.scss
index 6f9f1abf1511..cea15d3680a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-24.scss
index 5b7751736536..13624e2057a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/keyframes.scss
index eb65fb8d3ebe..58aef68d24da 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-corner-up-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/placeholders.scss
index 5700eb3551e8..da2ed0022e50 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-16.scss
index 97761793e3f0..9497546c202d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-24.scss
index 1c655b3edc52..4bfecfb0b8d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/keyframes.scss
index bb1fb0353087..3d23b2b24693 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-cpu {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/placeholders.scss
index 2f651706bc09..659ad6ca2a30 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-16.scss
index 78ea7a69fe26..fbe5328b8bd7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-24.scss
index 459ef683de23..15cb71fe9cde 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/keyframes.scss
index 02ced0a55a56..58b44eb4a9f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-credit-card {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/placeholders.scss
index bdd681aa59d0..03e0af456565 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-16.scss
index b47b99f56947..d2a6d4201ebc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-24.scss
index 56699c270961..112bfd21a925 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/keyframes.scss
index f1faf8b89850..b5bc24baf616 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-crop {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/placeholders.scss
index 0893c16852b0..7ed6ffa89aff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-16.scss
index e2345bb101ba..93c7ff52b3ca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-24.scss
index d01a1e294dc1..5c7048ddfc89 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/keyframes.scss
index 7706fa974712..71e03453145d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-crosshair {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/placeholders.scss
index a6bba5321197..392c4a7b3e52 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-16.scss
index 00317093ed82..03e2ca326eb1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-24.scss
index ffc13a52bc6a..c5ab672210ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/keyframes.scss
index c69d89d260af..61587aa9202a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-dashboard {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/placeholders.scss
index a57c427425b6..5d80eb5f9294 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-16.scss
index 400350ed5102..2a727b5b465c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-24.scss
index 16ff225f1681..d718b458c77a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/database/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/database/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/database/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/database/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/database/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/database/keyframes.scss
index 946110520c7f..6ac397e34b9e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/database/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/database/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-database {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/database/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/database/placeholders.scss
index 9de9c3fa5a67..1c09804257bd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/database/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/database/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-16.scss
index c64adc4f07c0..0f8451e8dfc2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-24.scss
index da33e1694bae..91526ee99ded 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/index.scss
index 124567b0f3e5..697dbe244a10 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/keyframes.scss
index 354c9c69ebf0..e8e4f95bf7ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-delay {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/placeholders.scss
index 08aecb6d553b..97bc08af04cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-16.scss
index 632d58a2e547..d1adb5a82048 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-24.scss
index 31583c804714..33d994421c68 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/keyframes.scss
index 73a7190db0c9..9e797ef6d4c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-delete {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/placeholders.scss
index 22de85135852..2c91d8064a49 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-16.scss
index 8b3e6daa4e62..1896fdd2a028 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-24.scss
index 98ed05e0f466..23bd4b3aa058 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/index.scss
index 5a514b645d20..be14875b8ccc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/keyframes.scss
index e96d93394c70..6c2dc64457ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-deny-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/placeholders.scss
index b16466ff9db7..56a74ff67ab2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/keyframes.scss
index bef6b9ce23e8..7dab4dd64b50 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-deny-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/placeholders.scss
index fc17cad67efa..67077476079e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-16.scss
index e7da045e34da..151982c72d97 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-24.scss
index 15a64fc85632..02153dd3e8a3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/index.scss
index 5a514b645d20..be14875b8ccc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/keyframes.scss
index bb5815f37fe8..220017b6d631 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-deny-default {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/placeholders.scss
index e3cf18e6f7aa..826d52ad13d3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/keyframes.scss
index 61d973a80ff5..56ecfee7f29a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-diamond-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/placeholders.scss
index 61336f0c9a81..6700fdd9dbca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-16.scss
index 918ace30d31f..a5c21434389f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-24.scss
index 9fb6f3749cd7..7cc146fb1f5e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/keyframes.scss
index 92508076a2b5..f1b31dd15385 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-diamond {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/placeholders.scss
index e6ef5ddd7ba6..401402999a73 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-16.scss
index 6bf4a744e1e8..e767f7b4e354 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-24.scss
index 41d991ef6d04..5eac31abdfc8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/index.scss
index 5a514b645d20..be14875b8ccc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/keyframes.scss
index 73acbd16afa3..1c0a37b7f80f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-disabled {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/placeholders.scss
index a4e17e030de8..1296d6741f56 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/keyframes.scss
index 78c01cc0f9d7..c03325b9eb0e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-disc {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/placeholders.scss
index 02b0ac21520e..c459b169e9d6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-16.scss
index 73b9da71f3a8..9999cb801d71 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-24.scss
index 220504c2a75f..716d1919e040 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/keyframes.scss
index 6843ecabffb5..b50087758fd5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-discussion-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/placeholders.scss
index e1e52089249d..71652ab0af7a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-16.scss
index 466c80ded73e..ef062f2b61c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-24.scss
index d21104a30cfe..4c313fde1619 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/keyframes.scss
index 23fee0044d01..94d9c9a96028 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-discussion-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/placeholders.scss
index 76e18477f7d9..7c0da08f71d3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-16.scss
index c4838d46e418..abc82c5c1263 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-24.scss
index 80d16bd612ec..06efed084c65 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/keyframes.scss
index bcb3cd9bb407..293ed3979521 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-docker-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/placeholders.scss
index de6c1527d7a8..ebe0ec009df9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-16.scss
index 72d87e31a79d..14b9b608da21 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-24.scss
index c0ecd40c261c..c90f3fbf5376 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/index.scss
index 3486c911b3a2..376473a4bd13 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/keyframes.scss
index 19702010fd79..36a678d38377 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-docker {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/placeholders.scss
index a9c176614c19..9e6125cf370f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-16.scss
index ceb61e0f19b5..6c13aa52fff1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-24.scss
index dff5252a58c1..8eff80d16461 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/keyframes.scss
index 12a32f8f5e91..9b24d22bab08 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-docs-download {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/placeholders.scss
index 1ecc1ed23547..47c5568d3d8d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-16.scss
index bc225cc59829..52e3dbe84826 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-24.scss
index d9fd00f9f8ce..85be282ad2ba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/keyframes.scss
index 03e25eaf26df..5e0b9126f531 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-docs-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/placeholders.scss
index cd7cf58945cf..4ba318009437 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-16.scss
index 8069062def42..7bad1cccc1a3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-24.scss
index 1ed0354638d5..8bb235a45583 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/keyframes.scss
index f50751cf0f36..498eb6cbcb27 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-docs {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/placeholders.scss
index 50ead76ca93c..4d4425217585 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-16.scss
index b4aa16374685..e8d19fb6bb32 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-24.scss
index ef9f8b9adcb0..2e12846edc26 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/keyframes.scss
index 4c1242cf5a2a..d1c851821243 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-dollar-sign {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/placeholders.scss
index bb0c980d5fe1..f367d1b4cdfb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-16.scss
index 230d437252f0..bf2a6ec85819 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-24.scss
index 02f580cbdf5d..ce6b376ca60e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/keyframes.scss
index ea396df85148..caed49e2f5fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-dot-half {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/placeholders.scss
index fff2300a96d1..589cb4186787 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-16.scss
index 1e0b24f45840..3677d8dccdea 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-24.scss
index 6a71483f8a07..9f82e922dc5d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/keyframes.scss
index 836d20636a28..056ad2907aaa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-dot {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/placeholders.scss
index 0708504803ec..3dbda34b8323 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-16.scss
index c62c128cbbfd..5863d2455fae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-24.scss
index 0eb08af46180..501f7f08202b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/download/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/download/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/download/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/download/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/download/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/download/keyframes.scss
index 781570c5c9e7..92901acf604b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/download/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/download/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-download {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/download/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/download/placeholders.scss
index 5362b2243d59..60a5d8059d5b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/download/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/download/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-16.scss
index 7585228efbfb..f9a073ccef75 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-24.scss
index acf708a76b7a..697f7b9ec065 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/keyframes.scss
index 0ee31a9d41f8..32f4cd8cec69 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-droplet {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/placeholders.scss
index 4befbddeafa6..b7fb3db1655c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-16.scss
index 438800e634bf..6147e8a8e3aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-24.scss
index 02edf724b1a5..6ca0fc8c0904 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/keyframes.scss
index 295302c6a31f..4f23fecbd689 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-duplicate {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/placeholders.scss
index 1be1b990325c..a6393e3edd2c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-16.scss
index 7e2219d13251..3df2d5f19d35 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-24.scss
index ef364bc54751..9d5667121772 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/keyframes.scss
index 5f53b347fd8e..88462df16630 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-edit {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/placeholders.scss
index ffc4cb28be49..a61da660c94c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-16.scss
index a8f8fca31e82..5ad3a811b307 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-24.scss
index 803b17dc96b6..ea153b4e703f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/keyframes.scss
index 728236cbf372..8c0f597ac990 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-enterprise {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/placeholders.scss
index 9e75b234562a..f4944575e1fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-16.scss
index 9c8a4da5421f..478577965df6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-24.scss
index 0025a80e1331..7ede64b8a1d3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/keyframes.scss
index 6c070d2d0752..15f408a1db96 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-entry-point {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/placeholders.scss
index fbfbb62e5303..beea7812561d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-16.scss
index 1d8c074d0c83..6f46c7fe0097 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-24.scss
index dd82bca43f2f..0ab869c3ccae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/index.scss
index ad8391483d06..e17674543b73 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/keyframes.scss
index 660471fe35b3..06ba4dd20336 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-envelope-sealed-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/placeholders.scss
index b34146960b41..ab5fb27700b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/index.scss
index ad8391483d06..e17674543b73 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/keyframes.scss
index 7bb53fd3e7a2..93a542c1a6c5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-envelope-sealed-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/placeholders.scss
index b33888952461..c1634f7f5f00 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/index.scss
index fae6fe4b652c..b8387d4f754d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/keyframes.scss
index b9391d9e7eb1..d231c5788d42 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-envelope-unsealed--outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/placeholders.scss
index cd4137a3fe10..8740d578f853 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/index.scss
index fae6fe4b652c..b8387d4f754d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/keyframes.scss
index 3e849dd30e2c..599507024c85 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-envelope-unsealed-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/placeholders.scss
index d941e0285717..7dd1c9663b25 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/event/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/event/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/event/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/event/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/event/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/event/keyframes.scss
index f398878aea64..3ddc5c6d5262 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/event/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/event/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-event {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/event/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/event/placeholders.scss
index c16dd12e63a4..7b5b94d853a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/event/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/event/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-16.scss
index 9b3eb5865138..94bab3647a9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-24.scss
index bc3f46887aff..a339945d2202 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/keyframes.scss
index 4fbd554781ae..c2dba0ef8a13 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-exit-point {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/placeholders.scss
index 0714f7434676..99ba2be5cba6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-16.scss
index fd4fef788c45..eb736a351dbb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-24.scss
index 48c3adfc6adc..3336e099dd76 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/index.scss
index 7801b19bcf0d..f17b235aabf6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/keyframes.scss
index 2df367e96d89..595f7cbcd569 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-exit {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/placeholders.scss
index 78fcd0f9c7e0..184edbd33d35 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/index.scss
index dece00c3e0ba..f17fa1328b50 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/keyframes.scss
index df888d59bfd5..0bdbe631888e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-expand-less {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/placeholders.scss
index 8cb020134487..403f7f1ac1ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/index.scss
index 5cfe7ce13681..8d12c28cdac2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/keyframes.scss
index 357f15762d7d..0b6e8d53a2ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-expand-more {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/placeholders.scss
index 501f3908dc69..ab27a1247330 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/keyframes.scss
index d40ee84b04d3..f9633da7fc96 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-external-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/placeholders.scss
index 65283c1ede38..2c5dc26011d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-16.scss
index f1d5db3de0f5..4bb26d15ce48 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-24.scss
index f083e47e7911..b94c4fc3b8d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/keyframes.scss
index dac8e8054a12..80f6a15ed2e4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-eye-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/placeholders.scss
index 510b6ab2c2db..e40476cdd4dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-16.scss
index e61613406792..950f9ac4b462 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-24.scss
index 713872661a7a..659746965ca3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/keyframes.scss
index 81fb28def26a..6669d8278212 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-eye {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/placeholders.scss
index da7cb50a9d42..89488d29b5c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-16.scss
index ed32dd684490..f991360579d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-24.scss
index f09195f33da2..b0061092ca1c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/keyframes.scss
index 06d7f04dc651..77131b7b7d6b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-f5-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/placeholders.scss
index 53de6c3bdcac..cf7d7e7ead2c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-16.scss
index cb47f21379c4..d94a12826828 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-24.scss
index 8fe089c403c9..508c90ed5e0c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/index.scss
index 26c8a5b01a3e..e6785447b9a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/keyframes.scss
index 93364020b64b..788b0956165e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-f5 {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/placeholders.scss
index c2e039bfa91e..42457af5a2f7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-16.scss
index 66747bf8cda5..f699b1b908ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-24.scss
index 3297f45b8060..a24f3bbf3fff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/keyframes.scss
index a4cd444052fc..2174e4d9fff7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-facebook-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/placeholders.scss
index f77d4fe0487a..5bd1fad7e8b9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-16.scss
index f3c80262263e..7912356ced2f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-24.scss
index db78e7cff858..267156ca4e08 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/index.scss
index 553d6f017b02..a3c214581529 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/keyframes.scss
index f19294e1818c..aec8d48f3dd9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-facebook {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/placeholders.scss
index b950e49b5708..155145534ec6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-16.scss
index 0e02bfff462e..e1fa10f2a753 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-24.scss
index 3511227a15fe..a18511589c8f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/keyframes.scss
index 0881778ccb55..377b4fb7fb4e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-fast-forward {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/placeholders.scss
index 5590c3ecdea2..37cc9d074170 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-16.scss
index 6f0321f2fe92..55b390f1491c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-24.scss
index 34d11c413853..6b5946657af5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/keyframes.scss
index d12fff65f638..3191e4e2d1bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-file-change {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/placeholders.scss
index 569f4ebc1d13..19c4f1efd7d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-16.scss
index 5bb11a653c99..a8f658887abb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-24.scss
index f26a7165a2b8..798d7c0a37d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/keyframes.scss
index a61e36b03dbe..417881cc2e71 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-file-check {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/placeholders.scss
index 8d67cf17c482..e9d396a94d1d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-16.scss
index a20bdc755205..32373860fe07 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-24.scss
index b82a1e0cfed6..2ecb19122adf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/keyframes.scss
index 4c42232d98af..62dd7da76781 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-file-diff {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/placeholders.scss
index 3ae32653d970..57250db01502 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-16.scss
index 623c65ddc1d2..351bc0d1ce1c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-24.scss
index 76e30111ef95..21d795f45823 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/index.scss
index 13b06aba3f9f..748b7562e2c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/keyframes.scss
index b1ae4651124a..90ea1d969b3b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-file-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/placeholders.scss
index cc3af422f910..7de1be4f9a7d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/keyframes.scss
index 23bd40c09692..5772a0ae96f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-file-minus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/placeholders.scss
index d7b477234818..bc4543b50cce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-16.scss
index 6a0ca1ec34cc..94e3eeb5d3d6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-24.scss
index 393f57d71fad..aad072cdc631 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/index.scss
index 13b06aba3f9f..748b7562e2c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/keyframes.scss
index d61ddb5cd422..7338da7442fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-file-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/placeholders.scss
index fdae940f8a0e..1ab2f44bbab2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/keyframes.scss
index b8e82e002f1e..862d3e2a74de 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-file-plus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/placeholders.scss
index eca9654de165..f8b9552a1105 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-16.scss
index ace89c578628..6c9f12f0dc0f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-24.scss
index 49d05da86374..f96cd70a39fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/keyframes.scss
index 94d939cd01fc..4bcc12df5f64 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-file-source {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/placeholders.scss
index 406f1794996d..969ea1ff02de 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-16.scss
index 07cc588e4f68..48ca6875dce9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-24.scss
index 302f3140f365..8bbc0401a078 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/keyframes.scss
index 706fce6badfb..4fd8742fc2f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-file-text {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/placeholders.scss
index 2f4d8672926d..dd41281a2bbc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-16.scss
index 27c8926bb419..96cf2b3ef5f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-24.scss
index f2c3d49f9081..3deda9e1fc80 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/keyframes.scss
index 7a0335b8de2f..7244e202b4db 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-file-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/placeholders.scss
index 9d9e02661d6c..0d2fbbefc050 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-16.scss
index e08e76430324..6c21c3166ecb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-24.scss
index 2de9763b5ff4..f8d7709523b1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file/keyframes.scss
index ee9455e17486..f67dbc5a4537 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-file {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file/placeholders.scss
index 51060b68ae14..2c9a4bdba0fd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-16.scss
index 3f88dfffbc8b..35fd0dde7d5d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-24.scss
index 554ac94a9ded..7b1d8c19d4ca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/files/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/files/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/files/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/files/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/files/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/files/keyframes.scss
index aea21481a110..13e305b7dfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/files/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/files/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-files {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/files/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/files/placeholders.scss
index f8c41e38a126..09c139e52e20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/files/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/files/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-16.scss
index 28a3fc6973ce..293b9e43d59a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-24.scss
index c53e18093707..b8972ef08115 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/film/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/film/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/film/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/film/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/film/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/film/keyframes.scss
index 648d6bc61643..b62d66422c15 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/film/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/film/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-film {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/film/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/film/placeholders.scss
index 3b686ce47ed3..7d75a4c073b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/film/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/film/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-16.scss
index a4e5f9d7b704..545e8c07ebd4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-24.scss
index 59e9c38e3fc1..87d567dbc2f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/keyframes.scss
index d53ea13cbfbc..3caaa6a840da 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-filter-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/placeholders.scss
index d5f4e667154a..8e85ec440d2c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-16.scss
index cf955cdad619..039d79b5e663 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-24.scss
index a81335ba4814..151d74ad97f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/keyframes.scss
index 153cecf6f7f9..043206acfded 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-filter-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/placeholders.scss
index 8985f88022b7..88c4c071335f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-16.scss
index 37808c463355..caced658cdd0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-24.scss
index de8edd87647c..ed97d8a434bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/keyframes.scss
index f516e69f858c..8d3b9fd9a366 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-filter {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/placeholders.scss
index db64e2201a36..ab377d4458b3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-16.scss
index a2951f282ec7..9cb5ede6b5a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-24.scss
index 224285b9c470..70cc4420453d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/keyframes.scss
index cf482dee7e90..3a257aa6790c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-fingerprint {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/placeholders.scss
index c010121c7b59..d3425e509022 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-16.scss
index 77cdcfde6a95..38801c1d8409 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-24.scss
index d4b77b54a36c..a7a16819906e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/keyframes.scss
index b3348713dbe3..622516c046f6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-flag {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/placeholders.scss
index 219fd10db08c..ba6a52ec6b37 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-16.scss
index 39c61aec2bdc..fb856a64230c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-24.scss
index 17a8fd5d0a54..7c9c29a2c68c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/keyframes.scss
index d47c8075e600..43e98f61c2a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-folder-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/placeholders.scss
index 40ba91468500..5c996188b762 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-16.scss
index 88f9882d79d8..82a5859c805d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-24.scss
index 1e9a2cd99a80..7046204cd9f1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/keyframes.scss
index 65f131438141..e03901ef9a73 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-folder-minus-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/placeholders.scss
index edd92e584cef..1e623b98938d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-16.scss
index ff4e12b56ba8..4512f7d416cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-24.scss
index c350d8a2d6a8..dc348df5cef4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/keyframes.scss
index 99e0415069fe..e0ecfa366df1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-folder-minus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/placeholders.scss
index 7d2cd4028e32..653bec9db758 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-16.scss
index 0cf894514171..7821f43f61d1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-24.scss
index 856cfdea7d26..277c48ef7436 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/index.scss
index dc81703e6bee..9426da463d58 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/keyframes.scss
index 4b23e00d3c26..f7aee43d2226 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-folder-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/placeholders.scss
index 173072cf42f0..78b484aa4f64 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/keyframes.scss
index 19c617deac52..f1fb442b576e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-folder-plus-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/placeholders.scss
index 2c5ed48b9721..7883b05fae11 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-16.scss
index 35f7113050bb..2a065b1ceca3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-24.scss
index 82137cd50a39..41eaf13e8261 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/keyframes.scss
index a53e580ff327..9f1137336a83 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-folder-plus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/placeholders.scss
index 7875c05a466b..7b8bdd56708b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-16.scss
index 54a06f497c9f..c8795e3f900f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-24.scss
index be7b288d2ec6..8681395ae5ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/keyframes.scss
index ca11569fc905..15c58217d6c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-folder-star {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/placeholders.scss
index 0d20ce471adc..f7fa3ab30672 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-16.scss
index 7594977c86f1..c1119141a454 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-24.scss
index ac260f06f742..4d129091a2fe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/keyframes.scss
index 54db05c7ef95..a9fe6640a9ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-folder-users {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/placeholders.scss
index fd907c1efcba..cf1234d678a1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-16.scss
index 73acbb0149db..b097c57dd889 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-24.scss
index 110cb959ae9e..79a261a1ef62 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/keyframes.scss
index 3512d1d899a1..632a1ed26c4e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-folder {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/placeholders.scss
index a2024eedce62..fe85203a59fc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-16.scss
index 711b133ee09c..4f6774ca8cbd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-24.scss
index 4d27a0a0ea47..c0c17a98b585 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/keyframes.scss
index 637439e6775f..e00b83cf816a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-frown {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/placeholders.scss
index 6802d640fce1..76759ff9fe13 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-16.scss
index bfb474d2f956..b45b02db00fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-24.scss
index 328b1c2bd390..3af57d574c9b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/index.scss
index 076be0e1ee40..07b3d7750dfb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/keyframes.scss
index d3ce2d931f49..60bffa2685b9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-gateway {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/placeholders.scss
index 3bd829434c98..1f739550c549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-16.scss
index 9e098dfc5927..9652d3430aef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-24.scss
index def972e35562..f416b83a4483 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/keyframes.scss
index 73de0826a3bb..fb5cd47b21c9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-gcp-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/placeholders.scss
index 6c18a41a9d2c..54b28f7d2914 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-16.scss
index 86ff554837fa..b9c4ed735b37 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-24.scss
index 36b598a34f0b..ef3387d101ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/index.scss
index a52900f9f4a2..375f6387caa7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/keyframes.scss
index bfa37bab0dd4..a99a1a3d93cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-gcp {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/placeholders.scss
index 44cac90876c1..d4d1886cf0dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-16.scss
index 0d7e897621b3..7f870e04519c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-24.scss
index c88eb1c7dd6c..80566744d39e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/index.scss
index bd9513d87597..eda101cbc343 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/keyframes.scss
index 6d8af193e0fe..3963775f5400 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-gift-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/placeholders.scss
index 61b0bbb9a4a6..9b51cf488b90 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/index.scss
index bd9513d87597..eda101cbc343 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/keyframes.scss
index 4b6736047adf..f8c1ad532345 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-gift-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/placeholders.scss
index e20a74bea108..30daa8938caf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/keyframes.scss
index 923743d3d204..2fd7966b85a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-gift {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/placeholders.scss
index 7b96ae2fdef6..9504cccc0084 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-16.scss
index 4674a7783c7e..b0815495e3b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-24.scss
index 49276844a581..a87cf47a1fd9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/keyframes.scss
index bbddb84c2faa..ef50cc253c3d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-git-branch {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/placeholders.scss
index bd9b82bf6571..d4ec7d033b63 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-16.scss
index c559043dd93f..a3d15b49ba29 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-24.scss
index e370b665da91..74292b9bcf74 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/keyframes.scss
index f2b92277530f..e7e8f0575d22 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-git-commit {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/placeholders.scss
index a4a02980cf54..bb712d5358ba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-16.scss
index 5033ece2f856..de22b059973a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-24.scss
index 5ea779e97299..d2824e5bc669 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/keyframes.scss
index 0899bf288967..34560bba14e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-git-merge {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/placeholders.scss
index cf2a14f4607b..e631288b2426 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-16.scss
index b24060bd4d29..5c2a44d9ee5f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-24.scss
index 029da0d40986..f3345fdb0288 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/keyframes.scss
index d1ac06188a47..4d4517bcb66a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-git-pull-request {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/placeholders.scss
index 768eb55e899a..1e59dad58aa3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-16.scss
index 227320048ccd..2bf1b56e782e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-24.scss
index 022d41d4f4f2..cc2c3371ab01 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/keyframes.scss
index 347bf680c52a..bd476d2e9b84 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-git-repo {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/placeholders.scss
index 0c292ceef122..3975d93c3717 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-16.scss
index 381672e961c5..1025efbce857 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-24.scss
index 695a28a2fb15..903948128dac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/index.scss
index 839daacd8e07..6cb0181d50a3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/keyframes.scss
index f8fc8d88563e..21b819b375aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-git-repository {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/placeholders.scss
index 80c59cb36d45..13e026e168d4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/keyframes.scss
index 7bb0254b9bbe..d2b75fd7adf2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-github-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/placeholders.scss
index cd6f08f8bb67..6014226c0773 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-16.scss
index a0b287423398..8f7aff4653b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-24.scss
index 25c4ce8b4cf7..97aeaccbfbbc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github/index.scss
index f59a6e3f09cf..216229d36af0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github/keyframes.scss
index 9d3f23b42250..ccd4bce3f450 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-github {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github/placeholders.scss
index 740d15b971c0..41a45cf1ff4d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-16.scss
index 53f929fe3c8f..5a71a52801a9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-24.scss
index acfbb8d1367c..c85a428d1ba0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/keyframes.scss
index f0fad4e8de34..278549df0b91 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-gitlab-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/placeholders.scss
index ea2feec696e0..9cc178358c78 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-16.scss
index 5acd3a14272d..e780477b65b9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-24.scss
index 5bda074bb0d4..95a52708023f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/index.scss
index 9489fd7bef75..6bd234749ffb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/keyframes.scss
index 1526b69a6ce1..0bfb6daba402 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-gitlab {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/placeholders.scss
index 2751bf348e4c..5b79ea8a029e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-16.scss
index 2fe8a0c03e5e..6d4370784a56 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-24.scss
index 65f000bdbc3f..dcfdaf904805 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/keyframes.scss
index b40138073515..a9e1891bcd98 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-globe-private {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/placeholders.scss
index bb6ae9cac8b1..3a8672b0d4e8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-16.scss
index 9e3c4d9d2541..a9f1e7db559f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-24.scss
index e193c96c5ef1..45adccb89c1b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/keyframes.scss
index b8dfca5d77a8..5248093acd5f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-globe {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/placeholders.scss
index e6022601386e..8108a9a32052 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-16.scss
index 7b88f607575a..cf0713a7a246 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-24.scss
index 0ca7785c22dc..d421492a1d0d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/keyframes.scss
index e7e15c9aa6d5..486ab7e9c82e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-google-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/placeholders.scss
index 8c6a832786a7..28d9983a7fed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-16.scss
index 630614cbf8c7..9fd8eaac5620 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-24.scss
index 33197faf5e09..060a2ed1e6a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google/index.scss
index b6154bcd4b54..ad75e34e7bbf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google/keyframes.scss
index 6dc28599819e..5653005b8332 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-google {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google/placeholders.scss
index 4eb703568b21..f84ff96fddb3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-16.scss
index 34f8aa01bf9e..6a66e9e5627d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-24.scss
index 827bcafc11e5..779132912dd5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/keyframes.scss
index 68be6c374ccb..84b3c915b60d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-grid-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/placeholders.scss
index 46c56455484d..70e12606534a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-16.scss
index c7121cfde53d..ac43c105c7d6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-24.scss
index ce398705f896..7b7fb31fbc2a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/keyframes.scss
index b7d12fd884cb..945894b90e9b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-grid {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/placeholders.scss
index 3e0b4187ccf9..5d3bd9ffe3fc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-16.scss
index 87276ec9f03f..ff933ac52ebc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-24.scss
index 7105dcf10097..cd2afcb53736 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/keyframes.scss
index a76d7bd8b832..2d4b97c30b30 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-guide-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/placeholders.scss
index 7d84cca72621..eb717d09ae63 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-16.scss
index b5cd2f1b6047..5bdea2eeb32e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-24.scss
index 4a952c85ff8c..231d101111fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/keyframes.scss
index c6396058e545..691c71168975 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-guide {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/placeholders.scss
index 54f25ddc3e5f..ac8b54b5a41c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-16.scss
index c530c372a1e2..d2848eb7df43 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-24.scss
index f3b1d9c56f6f..8c53acf70960 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/keyframes.scss
index 19c03df53f87..a206dd0c84e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-hammer {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/placeholders.scss
index b57dffdeea46..fb5da4e894a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-16.scss
index 2dcb99262ffb..621061cbd91b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-24.scss
index 87492f3ffb3b..de070ad6420e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/keyframes.scss
index 8e45cfd26a1b..67d433da6a57 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-handshake {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/placeholders.scss
index 42d79b440003..86ffdbb8110d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-16.scss
index b5608ff5d7ce..5286e6ce6e2b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-24.scss
index 0fe523d639ee..d30db94bfe5f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/keyframes.scss
index e899496689ec..f49a7c3f112c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-hard-drive {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/placeholders.scss
index 164c3575e0f3..d328b592f425 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-16.scss
index 9fb15e02d448..be5900d16c02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-24.scss
index c42200a64824..a4ddb8dab03a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/keyframes.scss
index 026c739361f8..165edf21089a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-hash {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/placeholders.scss
index 70567b290075..1c6b1b97dbcf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-16.scss
index a20696544fc2..90b2084969cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-24.scss
index 9df52133ac2e..af7ef66fc138 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/keyframes.scss
index e1ff2415e1ab..3f31cb8616ff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-hashicorp-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/placeholders.scss
index b65234a7386a..d16fb7ba3331 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-16.scss
index 2b8a70681404..061c97479c1f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-24.scss
index 7058aba61b59..2798d255fbb3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/index.scss
index a58e7fb135e0..3e47faf5d2dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/keyframes.scss
index c37445d0cbcf..eae0e6a18c4f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-hashicorp {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/placeholders.scss
index 50b80f6555ad..18d08c5cd72e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-16.scss
index b9c7ad812695..1e67440e3bb1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-24.scss
index 6f5b9394b295..ca09edf8ed98 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/keyframes.scss
index d578858bf790..ed900e8047c5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-hcp-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/placeholders.scss
index bc48b61938bc..e10d7099cd96 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-16.scss
index 831afc11b3a7..d8ad5feaa00c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-24.scss
index 338669ed7910..7ffb0f111824 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/index.scss
index 96645ac56212..99632f89e04c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/keyframes.scss
index d6872947f50d..75c3821a9155 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-hcp {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/placeholders.scss
index b1251d861a7e..8a9100b8c6b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-16.scss
index 9b0eb2b6e314..db4e7f2a9faf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-24.scss
index d64184574a7c..b9e362b84848 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/keyframes.scss
index ef6af9899b7d..12ed387d8e2b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-headphones {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/placeholders.scss
index 4c868a6cd4bf..7f34831fbda3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-16.scss
index ca23612a1765..2a23ebe2e4a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-24.scss
index 854b083cf6a8..01a2766c7094 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/health/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/health/index.scss
index fb5829f99f9d..3bf99810ebdb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/health/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/health/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/health/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/health/keyframes.scss
index bee34acc76d8..2b2d02ced597 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/health/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/health/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-health {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/health/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/health/placeholders.scss
index 1331176a8f70..09c652661ebb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/health/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/health/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/keyframes.scss
index 4a18f6c09b78..679ede1fcede 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-heart-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/placeholders.scss
index 3e75b731a6b8..3dec6f6d632e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-16.scss
index 1c1a84a9e073..0ea88ffc6f78 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-24.scss
index 281c9aef980a..0b58756cbb8e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/keyframes.scss
index ece9f8cdc33d..f042d4da0efa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-heart-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/placeholders.scss
index 16b21e9ab168..7740a8e4f59b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-16.scss
index f55e5f6dd425..05fcbc46b87a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-24.scss
index 07116d03d64a..46caedfa6081 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/keyframes.scss
index f8a7781937d8..37bc5f004395 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-heart {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/placeholders.scss
index eca4ccb94383..ec41f80351c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-16.scss
index c68d36a10bb2..b7300cd11403 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-24.scss
index d8c96b5cd833..d6cbf53f5641 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/index.scss
index ba709a504a51..682c384d9e3b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/keyframes.scss
index e1abab8809e6..8ce4e9c2cfc5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-help-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/placeholders.scss
index 3a99dc4e2bba..bb77040d5e28 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/index.scss
index ba709a504a51..682c384d9e3b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/keyframes.scss
index 9f09215fae86..d5ff0a9996d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-help-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/placeholders.scss
index 13383034c1ad..54269d795e4d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help/keyframes.scss
index f6ec125afa25..53149f0df4aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-help {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help/placeholders.scss
index 65f291e8abbd..adabc26b02b2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-16.scss
index 60172a23b8f2..376fb89f7e2d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-24.scss
index 7b27bec41a82..ac6480aeeeb6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/keyframes.scss
index 28280fbaabc8..172378cb6d32 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-hexagon-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/placeholders.scss
index 71af51ee458f..5ae53c824fa3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-16.scss
index c39126d0530a..6894d3cc2dc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-24.scss
index 95c372bb33e7..535dd35beed8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/keyframes.scss
index c174baf24fb5..d656dbc26a32 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-hexagon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/placeholders.scss
index 44740337a13f..6ce5d7d3499e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-16.scss
index c62dd361bc6a..e699113c7c76 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-24.scss
index a1f744a9b015..074f9fa03fb1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/history/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/history/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/history/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/history/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/history/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/history/keyframes.scss
index 215ce1ce26e9..26aa7a6acb35 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/history/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/history/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-history {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/history/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/history/placeholders.scss
index a88d52014435..2e07b43dd56f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/history/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/history/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-16.scss
index 6545d5b70df7..4995274bb0e9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-24.scss
index b0df6a2ad492..678bd5402718 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/home/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/home/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/home/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/home/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/home/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/home/keyframes.scss
index 2d7978a0ee25..a8cb08832f8f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/home/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/home/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-home {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/home/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/home/placeholders.scss
index 5bc73dbbb495..7beb34e2d8a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/home/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/home/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-16.scss
index 5fffa4e479fa..fe49abc3a31b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-24.scss
index 4a5a6389afd6..8407424c1d6a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/keyframes.scss
index 6bbcc707be3e..9618b3089c20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-hourglass {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/placeholders.scss
index 7c857c4789ed..f838f33961f5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-16.scss
index 797a15a2380c..dc8447d3b2e2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-24.scss
index aa8cec0afc47..d3781e32f3a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/keyframes.scss
index 356848f9b595..0124a7359ee5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-identity-service {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/placeholders.scss
index f870e8c21337..a2fddd493181 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-16.scss
index 3833bb2bfee9..93059f88a334 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-24.scss
index 4b44108db8a6..f730670c55c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/keyframes.scss
index 76f2e4384f5b..4829e9fd04ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-identity-user {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/placeholders.scss
index 5d565b1d1b1a..13b394770b14 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-16.scss
index 579281c54ff7..c8651b46d55c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-24.scss
index d594c926420e..42ee606def60 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/image/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/image/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/image/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/image/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/image/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/image/keyframes.scss
index 09f96cd6e5ea..a14dcbbe4602 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/image/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/image/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-image {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/image/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/image/placeholders.scss
index 98d72a8f9b2f..59dd2316de97 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/image/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/image/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-16.scss
index 0a638ef4d632..8ae7880bcf02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-24.scss
index a3eb28c99ee7..906561350db3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/keyframes.scss
index ad456c60af98..b9f6f2323480 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-inbox {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/placeholders.scss
index e5b4935be667..439ecce6acff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-16.scss
index 9973f108ed1a..7ead23ffb707 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-24.scss
index b8539f1b765b..83d8658c3b04 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss
index 06161f3a57f5..60f9113fe27f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // @import './alert-circle-fill/index.scss';
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/index.scss
index 91f7d3a8f41b..effd7dc669a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/keyframes.scss
index c63080bd341b..bec6bb7c618f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-info-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/placeholders.scss
index b5583676b512..25d037f4e91f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/index.scss
index 91f7d3a8f41b..effd7dc669a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/keyframes.scss
index dac351c218ec..8a97355092e2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-info-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/placeholders.scss
index f6cb4f80daa6..c22c34f8326a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info/keyframes.scss
index af1aa3fad051..3a44fc11fc4b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-info {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info/placeholders.scss
index 90287ae552ea..6c295074b8a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-16.scss
index 13fe13345ebc..04ad914e781c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-24.scss
index c5dd6bf63346..8ca56b4713ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/keyframes.scss
index 06ddd7007874..96cac19c245e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-jump-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/placeholders.scss
index cc2669a9a3fc..ae264ca3bd37 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-16.scss
index 688d5f55378a..4298c4a5d222 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-24.scss
index c09282160818..e41a1e8ff586 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/keyframes.scss
index ecbda3024ca8..e3bac6c29d97 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-key-values {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/placeholders.scss
index e7766852dff9..8088cb42aaa5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-16.scss
index 4fdbfec7fd46..870f397f876a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-24.scss
index a4696bb2e4cc..36c6e6ebbd77 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key/keyframes.scss
index 8454156eede9..7cbe23bb711e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-key {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key/placeholders.scss
index bf1ab095ab71..75602b6b3e36 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-16.scss
index 9ac08c0f09bd..4cdd4be56e6d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-24.scss
index a02523a5c4b6..4f84f5bb189a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/keyframes.scss
index 2b0be81e3dea..928bf5874023 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-keychain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/placeholders.scss
index bcfc72c0580a..603db4bd157b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-16.scss
index 6d1f304261be..b008be4fca8e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-24.scss
index 0646413892e5..2cb960e4f01f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/keyframes.scss
index d2a10358fc9c..91aff0f429e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-kubernetes-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/placeholders.scss
index a8fe2393684d..b539a99d40f8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-16.scss
index fb9cd5b55202..84fd156cac1c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-24.scss
index 25ec89f4663d..8006da3cab0f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/index.scss
index 85548024f58f..52c677225505 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/keyframes.scss
index 794cbfef7c8d..c2a9eb5bbfbd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-kubernetes {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/placeholders.scss
index 519ffae8f920..84ed7d5a7e6b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-16.scss
index 8d486dc144c4..1c3be7ac886b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-24.scss
index 2d12e73e5b76..87edb7b27fa4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/keyframes.scss
index f9577095503a..c892686888fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-labyrinth {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/placeholders.scss
index bab95b47ed86..0112c32ae86a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-16.scss
index e556556a5441..f023de2b48a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-24.scss
index bfbd4b619576..2ad7916d01b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/index.scss
index ee32d83073c5..6978954c4526 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/keyframes.scss
index 8a0b2871e77f..4a4594b46ebe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-layers {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/placeholders.scss
index fceb6b8fae1a..e1f737c26f62 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-16.scss
index 807135ffe4ed..314a738700a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-24.scss
index faeab14b0fa4..3ca8e7207385 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/keyframes.scss
index 656de24f9323..0c4e58e0fbe3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-layout {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/placeholders.scss
index 8e773c647873..1edf58d8a9cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-16.scss
index 5e320cbe4109..839545bf9fe3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-24.scss
index 8b32ed3671f4..260de64d168b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/keyframes.scss
index 407057a1416a..96fe539b683a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-learn-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/placeholders.scss
index b858dfa361d5..f4ca3ccacdd8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-16.scss
index fb3ce1387027..678229de2b3e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-24.scss
index 8cb4f7a87867..f3ab12182d89 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/keyframes.scss
index 24d1912339b0..05f3e40a61e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-learn {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/placeholders.scss
index 00e99ad14a51..1dccf3b78be5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-16.scss
index 81066fec1f93..9e96ca32e7a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-24.scss
index 3b0b0e839d78..6667656ff5d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/keyframes.scss
index 988c37e836e4..93bed97bfd20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-line-chart-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/placeholders.scss
index 93e37ec26a37..103f834c7335 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-16.scss
index ff30393185ec..49f2545decd6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-24.scss
index 578375fa094c..56380bc8cbab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/keyframes.scss
index 0f05fe571b02..3a4b0be46198 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-line-chart {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/placeholders.scss
index 95134df77a9c..ddcfe7abfda5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-16.scss
index 75a11335d36e..fc1e33b14f43 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-24.scss
index 7ea2d7155bac..0443397ccafe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/link/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/link/keyframes.scss
index 79df1573ade3..eeb7ba240105 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/link/placeholders.scss
index fc8bd1a7abf9..3a234d231f5c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-16.scss
index f6d468317ea8..32e2fecce43b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-24.scss
index 9546cb3a9382..6f874595e4d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/keyframes.scss
index 75edffe9ef3b..9908888f8b9b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-linkedin-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/placeholders.scss
index df8d32a9bf25..337d10a63db9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-16.scss
index 4431326debfa..ae0bccb8c3c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-24.scss
index ada34f29bece..718219d4997e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/index.scss
index 6b9d16daf179..2350c257e551 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/keyframes.scss
index 9acc5e4ad343..8e23083746b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-linkedin {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/placeholders.scss
index f9ca6a078fad..17a84f66e8f9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-16.scss
index de3b83d1270b..3df10a751af4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-24.scss
index b9b11df6738a..ad4ad56e1ae6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/list/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/list/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/list/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/list/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/list/keyframes.scss
index 4e36a05c76c4..e4b56cc50af4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/list/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/list/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-list {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/list/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/list/placeholders.scss
index 3cbd586213f6..1a315226fc56 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/list/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/list/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-16.scss
index 4a9efd5473a4..a35c2685d79e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-24.scss
index 605968d2a1aa..79178a942f2d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/keyframes.scss
index 1d7f394d5526..5da95fb50864 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-load-balancer {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/placeholders.scss
index 11a7b757f54a..453ab18d9134 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-16.scss
index 5cb47b6ab4c2..4a05e67e89e9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-24.scss
index ec33b3a13c0a..52b21e4c71b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/keyframes.scss
index 86508bdb2768..9f87466a6298 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-loading-motion {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/placeholders.scss
index c457400a8059..f38cc7117d52 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-16.scss
index 73eff7396673..4a20bfc12c68 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-24.scss
index 81b79de44e76..77bf1db49c6c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/keyframes.scss
index a4d0b69a5acb..e8d1ddde7fdb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-loading {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/placeholders.scss
index 842c745378e3..e0f5a720eb3d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-16.scss
index fd57f0ef10bc..9e027c7ab073 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-24.scss
index 6bc33bea5806..dc6e6ca49c0a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/index.scss
index ad851795046d..0051698c04bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/keyframes.scss
index ef20640a3767..16e5ac7962e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-lock-closed-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/placeholders.scss
index ffdc1ee89750..a86e222782c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/index.scss
index 773292cd0a44..24f22faa5e09 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/keyframes.scss
index 2f418c9e4f66..592ce84adeca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-lock-closed-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/placeholders.scss
index 41bd0bc6d9ac..30fdcaddc48f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/index.scss
index ad851795046d..0051698c04bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/keyframes.scss
index ab0ba3ab1895..3e34c56c2d73 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-lock-closed {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/placeholders.scss
index 9324021ca5f2..3e891f46fd74 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/index.scss
index 9d5384be45e4..956a01cb8f9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/keyframes.scss
index 5d28f08768dd..4f66c0c1931e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-lock-disabled {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/placeholders.scss
index 7d2056bf544b..ab4e5ca5ebdb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/keyframes.scss
index ad3c9e1acf10..f71400e3b5ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-lock-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/placeholders.scss
index 766bc214bf02..8640401e8d1d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-16.scss
index 61f7a595bb04..6761798695e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-24.scss
index db9e06e3afde..de3bbbe54efa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/keyframes.scss
index 81f6b680c392..267261444777 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-lock-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/placeholders.scss
index 3da0f3debf7c..731a5576ecde 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-16.scss
index 25db8a2fe86d..cec8252b93d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-24.scss
index 342959ec33c6..482b9fc53276 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/index.scss
index 8fc7be697f60..3bcee27f3448 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/keyframes.scss
index 8d4ab444b3ce..37fbc56af582 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-lock-open {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/placeholders.scss
index 0337b5802cb3..81eb8a7ddc35 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/keyframes.scss
index 47ad1475c8cf..261a7fe67dcc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-lock {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/placeholders.scss
index a267634cde61..167b602b6ab8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-16.scss
index 9c9fb6681326..732659b14289 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-24.scss
index 2199ebe81e65..bb3348d8de68 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/index.scss
index f7a6620e852a..2051613154e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/keyframes.scss
index 27fe58218193..fa127aedd87b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-alicloud-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/placeholders.scss
index 119821df0593..f659c832c867 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/index.scss
index f7a6620e852a..2051613154e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/keyframes.scss
index e3660feee298..764007745e23 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-alicloud-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/placeholders.scss
index 5e96dcbf46b6..28290ae519ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/index.scss
index 2ac024093997..60fbff8e53ef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/keyframes.scss
index 22dfbdab9fb1..7fa6ce9d0fe8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-auth0-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/placeholders.scss
index a5c6f49df79d..46bedea369ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/index.scss
index 43ccd0c483bd..3f3329abe1c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/keyframes.scss
index 455596fc8dce..c231e2561035 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-aws-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/placeholders.scss
index 96626bcf4de4..7fa2df38f721 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/index.scss
index 43ccd0c483bd..3f3329abe1c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/keyframes.scss
index 26f4bd62b8cf..c47a1c3b590e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-aws-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/placeholders.scss
index 4b5b11d60d03..67f507732b67 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/index.scss
index 460bb93ca44c..57796cbe4d4c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/keyframes.scss
index 8be86ee5a3a6..5ad75e7e9946 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-azure-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/placeholders.scss
index 48f5d94cce9f..4241fc9703d3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/index.scss
index a469817aefd6..90d05644b089 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/keyframes.scss
index 2bd0c4e92392..70b4a7cbf170 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-azure-dev-ops-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/placeholders.scss
index ed9b354b5ce6..b80e076464b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/index.scss
index a469817aefd6..90d05644b089 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/keyframes.scss
index 34ce85298a02..0ce77ebb0918 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-azure-dev-ops-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/placeholders.scss
index d94a3ef7d20b..400af7d53372 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/index.scss
index 460bb93ca44c..57796cbe4d4c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/keyframes.scss
index 4376645598e0..52f399aee187 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-azure-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/placeholders.scss
index 7d330ebaeab8..76d16bebdeb2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/index.scss
index be18ada7ed24..b2a50e60e596 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/keyframes.scss
index dfd568eb1664..b1c1c9651aa4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-bitbucket-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/placeholders.scss
index 73593ec9ba4d..1867c8d88a2d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/index.scss
index be18ada7ed24..b2a50e60e596 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/keyframes.scss
index e3706a3d97f0..20eefc84f3c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-bitbucket-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/placeholders.scss
index ee387cbe4ead..a193f6c7ab46 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/keyframes.scss
index 1a8db6415a74..f3750b48c4e7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-ember-circle-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/placeholders.scss
index 2319cbe7d6c4..e187d4728c4d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-16.scss
index 623b5d2c4c51..ae5f5cf6dc71 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-24.scss
index dfc8f9d04417..435882973cc6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/index.scss
index a52900f9f4a2..375f6387caa7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/keyframes.scss
index 73e499ab5baf..b69da99c5876 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-gcp-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/placeholders.scss
index fd22df1a38b0..e0f38ffaab11 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/index.scss
index a52900f9f4a2..375f6387caa7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/keyframes.scss
index 68568cfddc5e..4a66f2920eba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-gcp-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/placeholders.scss
index 5229b379f57d..5df72dda7ead 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/index.scss
index f59a6e3f09cf..216229d36af0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/keyframes.scss
index cc2fc90ce0ef..a12b86a92ae0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-github-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/placeholders.scss
index 29b7ae976b2d..1c3054513e0d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/index.scss
index f59a6e3f09cf..216229d36af0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/keyframes.scss
index 86877c01e9bb..478ae3f8189e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-github-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/placeholders.scss
index 66c1e2325b69..a2921acc9e8b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/index.scss
index 9489fd7bef75..6bd234749ffb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/keyframes.scss
index 2b30396034db..78f7bdd89f71 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-gitlab-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/placeholders.scss
index 93a66b2e1946..109c5de93d39 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/index.scss
index 9489fd7bef75..6bd234749ffb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/keyframes.scss
index b816ba87d597..624e0de2c5a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-gitlab-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/placeholders.scss
index f59335004cc3..1e91f47d5508 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/keyframes.scss
index 3959da6c9b00..a694ae996af3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-glimmer-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/placeholders.scss
index 0efc9638c290..f4fb8e8f7307 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-16.scss
index 4eaa363efef9..c6a73418ac60 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-24.scss
index 2583b1bf5092..4e8a03cb998b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/index.scss
index b6154bcd4b54..ad75e34e7bbf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/keyframes.scss
index c00d05c56847..54122607a2ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-google-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/placeholders.scss
index dc05834dbde7..c388144fe48e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/index.scss
index b6154bcd4b54..ad75e34e7bbf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/keyframes.scss
index 5301d0d883ad..595f69d464fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-google-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/placeholders.scss
index a609da147aa6..8a73dc4ae580 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/keyframes.scss
index 40f90b8f0cab..afc224a6425c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-hashicorp-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/placeholders.scss
index 16312baf3d44..35990ce96cb2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-16.scss
index 4103de543ee2..9e9b31bccb74 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-24.scss
index ae97ad2befa5..be0771afec90 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/keyframes.scss
index 889856f60567..37a6dc5bcc5a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-jwt-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/placeholders.scss
index afe5dfbd03d7..3f0b946a93bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-16.scss
index 0e6e4b012ab2..54af7ba9852f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-24.scss
index 2498a7435209..4bb1a49c22ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/index.scss
index 85548024f58f..52c677225505 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/keyframes.scss
index 7fe772bc4434..c58c487748a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-kubernetes-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/placeholders.scss
index f33bd15ae868..e7b0dd9fa012 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/index.scss
index 85548024f58f..52c677225505 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/keyframes.scss
index 90e45bf3deeb..ac7248d1dbc0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-kubernetes-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/placeholders.scss
index 326d7c2125cb..5a1021078d64 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/index.scss
index 60412c33be5e..1d0f168db8a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/keyframes.scss
index 75623bc4d9cc..9d88ac514f79 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-microsoft-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/placeholders.scss
index 3b50b27e1e9c..c1177500cb58 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/keyframes.scss
index 1d238565d78c..62a5a8e9316e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-oidc-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/placeholders.scss
index 9ce224975c1e..8e656f676cf4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-16.scss
index fbffb6972ee8..42eb646d9223 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-24.scss
index c4a3bed95f3e..6100e2635847 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/index.scss
index 8091ea83d05c..b5d6bca7954c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/keyframes.scss
index a0fe054910f0..3e4387046861 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-okta-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/placeholders.scss
index cd52b9a2193d..6dbf1a10910d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/index.scss
index 1d5d54c6512a..045606220406 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/keyframes.scss
index fba0f3038403..2542dec9a3b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-oracle-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/placeholders.scss
index 5127f651f99b..1a2b6a8d1f75 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/index.scss
index 1d5d54c6512a..045606220406 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/keyframes.scss
index 6bd633afa7a3..2790c319ff4b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-oracle-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/placeholders.scss
index 15334d375011..a8b6c02a2375 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/index.scss
index d47232a40508..5f6d67206d99 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/keyframes.scss
index d4d786d9aae1..e0753a953441 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-slack-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/placeholders.scss
index 74d2dec1e031..08010c868e84 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/index.scss
index d47232a40508..5f6d67206d99 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/keyframes.scss
index 1ea8cad32a66..e9f39445fc06 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-slack-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/placeholders.scss
index 685340068b94..e3e47ca8b36c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/index.scss
index 8fb3c6cb8ab6..5058ca3046cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/keyframes.scss
index 7730d1964ae9..120f79285349 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-vmware-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/placeholders.scss
index 6f6a32ba758e..9fa29e061ced 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/index.scss
index 8fb3c6cb8ab6..5058ca3046cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/keyframes.scss
index 40c8cb82f779..d8b2aecae412 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-logo-vmware-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/placeholders.scss
index 9b7923d18751..ca61c03413e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/keyframes.scss
index a1698c950aae..5037965f95cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-mail-open {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/placeholders.scss
index 4a63d84759f2..116bbd539cfe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-16.scss
index dbdc3480d93d..91e3c72bef65 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-24.scss
index 166e1fed376e..562fd4c12e2c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/keyframes.scss
index aa79b27a0c7e..98710b1b03e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-mail {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/placeholders.scss
index 57244270e5a1..a31012bad853 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-16.scss
index 56202e77ea26..68c23c5b5ae1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-24.scss
index 3be4a42915f3..166eb9a91a68 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/keyframes.scss
index f9e5e6f2d96b..373159cc4b25 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-mainframe {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/placeholders.scss
index f0bbab2e636c..9b52a8d139d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-16.scss
index 4f86b0d95cf1..27bcdbefb31d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-24.scss
index 6151ef8762d1..adce965a0b8e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/keyframes.scss
index ab2e14e19731..11cc6ea5d18b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-map-pin {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/placeholders.scss
index 81dd40e3442b..38d8db4dea43 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-16.scss
index bd612f68ef1e..6a43a8457d98 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-24.scss
index b1c0f480e6b7..61311f1f16a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map/keyframes.scss
index 2753aafb2d6b..2a23162471dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-map {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map/placeholders.scss
index 5a4763e9b259..0f954e6453b8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-16.scss
index 09881c8ee1ee..fb4fcd1c2025 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-24.scss
index 8769c937d539..e22fd708184e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/keyframes.scss
index e8de5b2039bc..7c996508041b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-maximize-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/placeholders.scss
index 124eb62b8573..13170571b8a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-16.scss
index 72165a66355a..d5690a4b7a00 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-24.scss
index 98e788784495..6907b89555d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/keyframes.scss
index 005b58daad56..affcffedd481 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-maximize {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/placeholders.scss
index 7cf32d33a159..34958dc7f91e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-16.scss
index b665392693fd..3ee235c0ddbf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-24.scss
index 7fa1d96b28e6..f5c0fad5a7ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/keyframes.scss
index 9b26898bc0c7..cc3d4d61a563 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-meh {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/placeholders.scss
index dc51674e42c6..40ea7b57f301 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-16.scss
index 7a9c6ec80c48..d6d7dd256ab8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-24.scss
index 49d0561d208e..75bce823cdb0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/keyframes.scss
index 45614f3f4f00..b38e34c75a40 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-menu {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/placeholders.scss
index 993d7b05930e..976c99edceb6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-16.scss
index 9edcdbc807bf..305d61f0b1b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-24.scss
index 65d0b5e66c9b..aff1b4f03ed9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/index.scss
index dbb1761fd586..fe9b53f7a427 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/keyframes.scss
index 30d7f7c76805..5d653f2748ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-mesh {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/placeholders.scss
index fafc6d37d705..4c30f8d64ce7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-16.scss
index 73c68cb51ee5..f91764974612 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-24.scss
index fe3e95b3035c..ff6519be6c88 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/keyframes.scss
index 280ebc7272cd..7316bdf5a2cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-message-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/placeholders.scss
index 7c5d38f5d586..21b1db2b6de6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-16.scss
index 1bfb9690ea0a..d9899a06029a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-24.scss
index be43ac132cce..c14abe2e5c05 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/keyframes.scss
index c1fcb655b641..c20e9b1cc3e9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-message-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/placeholders.scss
index a9f1cdf17202..1e0c1b8ae54b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-16.scss
index d4517ebc4134..94ef541bb23d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-24.scss
index 66f88c003b79..fda338d5ee04 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/keyframes.scss
index 853884bdb792..ff80f2fd0ada 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-message-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/placeholders.scss
index f462b084a496..26a1687611e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-16.scss
index 0d2c4d548f1d..bc534e9634c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-24.scss
index 7df9b89cca31..5470d4460447 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/keyframes.scss
index 0380a49ff340..58d6c38a1baf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-message-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/placeholders.scss
index 495ef3c37512..825519c2b35e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-16.scss
index f102e2698d38..449c0974f495 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-24.scss
index 7e857e23c340..824e331d44fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message/index.scss
index 5726e7fdbe25..e8eae6da84b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message/keyframes.scss
index 68dec967ba10..55eaac733679 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-message {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message/placeholders.scss
index bfe1ac2dbd81..3a96d9f62199 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/keyframes.scss
index 88a956f73cec..31e269b4da27 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-mic-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/placeholders.scss
index 1db43f06dba8..04075c8320cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-16.scss
index aac8691dc140..d272748bcce2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-24.scss
index f14f12aed161..dec38608419e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/keyframes.scss
index a0e624b006c3..132ac5a926d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-mic {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/placeholders.scss
index 455de5e2d551..ec31fcebe4cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-16.scss
index 9c6b8b898323..1b05e1a06edf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-24.scss
index 540911211220..1e458021d347 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/keyframes.scss
index c0cd468c031b..f3ef1fe01fd8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-microsoft-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/placeholders.scss
index 67d37ab5a3d1..f3b3d206a284 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-16.scss
index 986844d956ae..e8cbbbc4c5cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-24.scss
index 08e67ccf62b4..d077c8590387 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/index.scss
index 60412c33be5e..1d0f168db8a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/keyframes.scss
index c49f146151f3..01b666d7deee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-microsoft {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/placeholders.scss
index fd729915e27c..a03f65f2c9b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-16.scss
index 3c63317c498e..daee1aaebf7e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-24.scss
index a793b71f24da..bd58125734fd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/keyframes.scss
index 0848ed6ec649..28b5821f8319 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-migrate {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/placeholders.scss
index 11e168da2c8d..724b0e06b339 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-16.scss
index f8d74020755a..8d4e5e58e54a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-24.scss
index 20550887e7f2..d8d69193599d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/keyframes.scss
index fe3af12a5ce6..fb8264386224 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minimize-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/placeholders.scss
index 40a2581d8abe..476d22e471b1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-16.scss
index 1a14d6c7d9f0..59522e422c23 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-24.scss
index 1285670fac4c..a55cae4faba9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/keyframes.scss
index d447c1c1e9ac..8a057192ff25 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minimize {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/placeholders.scss
index 8ed666ef7d18..964125d947f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-16.scss
index d0dcc1d6cfc5..21a9fc97ad73 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-24.scss
index af9df60e65fd..93b2183f08b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/index.scss
index 8f260c81b7d9..9151048bc109 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/keyframes.scss
index 681388000728..1e59143c7d11 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minus-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/placeholders.scss
index a2a780d4c668..c7663fd1460e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/index.scss
index 8f260c81b7d9..9151048bc109 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/keyframes.scss
index 82d64b495b39..0506ec376ca2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minus-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/placeholders.scss
index 09d3448adc95..49d07ef25a62 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/keyframes.scss
index a0d852547ab5..8e3466aebd84 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minus-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/placeholders.scss
index c81a32cb7f4c..958924b1d4db 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-16.scss
index d9297704c35c..d7d2716fdbe6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-24.scss
index be2284030995..d4a944760003 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/index.scss
index 1f534a9bf0dd..e5afc3bb11e9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/keyframes.scss
index 446cd2299de3..afd3686ce649 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minus-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/placeholders.scss
index 42dd87293427..5f1350ed00bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/keyframes.scss
index 5345c407db07..8968c6a6195c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minus-plus-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/placeholders.scss
index 47cce73c03e8..07121b91d5b7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-16.scss
index 0def1dbe3ee4..48b3849865b2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-24.scss
index 3644ab2e2530..beaf0f468c04 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/keyframes.scss
index d40bd68e1212..7d190ea55d72 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minus-plus-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/placeholders.scss
index ae3c823e0030..7e3866ca3c06 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-16.scss
index c3c5c46a72e0..14009a3c0e9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-24.scss
index b9599808d22c..6a01c85c354b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/keyframes.scss
index 3295d8c4174c..bb583302c0c5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minus-plus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/placeholders.scss
index 71c7e3cbac0d..d4fe5a72e9ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-16.scss
index 98f4ae5a23f5..02b9fbb8c21c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-24.scss
index 3cbda4fbe929..f2d8e87eb9a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/index.scss
index 722335de42f6..977d381076d1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/keyframes.scss
index 7fe5157beee4..34dbbb26dab9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minus-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/placeholders.scss
index abb0ef03bce4..4cad6f4b9bce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/keyframes.scss
index 4a0e39991d23..637b5fbdb96f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minus-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/placeholders.scss
index 8b5ee5f5065e..bd38fd73d406 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-16.scss
index 3789ebfcc79f..ac85321cdf30 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-24.scss
index 13db9357f595..e04d4436666a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/keyframes.scss
index 2ef203222495..531e0f6e1a4f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-minus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/placeholders.scss
index d686d5f1c5fb..79a79acf63fd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-16.scss
index c202f858e03d..0e3a11e9ddae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-24.scss
index f17fd92e9f69..d92a0fce760b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/module/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/module/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/module/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/module/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/module/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/module/keyframes.scss
index 3bb0d684a598..0de28aa0c906 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/module/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/module/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-module {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/module/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/module/placeholders.scss
index a25a8c27fa57..ad73739cc35e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/module/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/module/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-16.scss
index f7e2ded45af4..452cf4778dc8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-24.scss
index 98c634ed3abe..8cd6abf8bfe7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/keyframes.scss
index 2d462fb932af..574e7ad2f0cf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-monitor {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/placeholders.scss
index 8142929e8f6a..ca75a82de615 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-16.scss
index c93f4a827415..d7c67b896d42 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-24.scss
index 0dc3027eebbe..f46c6ea82626 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/keyframes.scss
index f4835047e598..cec3ea2235db 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-moon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/placeholders.scss
index f5fac08ad5d7..89e5e9b912e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-16.scss
index 85247652f3dd..572d6805337d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-24.scss
index 51d24c7d4845..6d889b0b3e42 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/keyframes.scss
index 7291abfc4de1..9dcbc4bfea25 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-more-horizontal {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/placeholders.scss
index 71dd591d94fa..073af72d985f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-16.scss
index f4382b012ab2..6c3e801d19e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-24.scss
index b92f659dd2cd..ab29c8c97c34 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/keyframes.scss
index 3f3c80b2d853..8e3d2a911786 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-more-vertical {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/placeholders.scss
index 78dc86b31465..6c5295e4b456 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-16.scss
index 80144ea10952..2bea9135278f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-24.scss
index 172da241fc54..ace38d60cd87 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/keyframes.scss
index 2b571b818668..28bcb094022c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-mouse-pointer {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/placeholders.scss
index 24b531804161..40fe306ff647 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-16.scss
index 2492b2b74e1f..9f7fdae159ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-24.scss
index 5dd5c5e10d94..5b01c65bc015 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/move/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/move/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/move/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/move/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/move/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/move/keyframes.scss
index 7e5112a457ed..659a1cf456ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/move/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/move/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-move {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/move/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/move/placeholders.scss
index 606a658bb4f4..ad5254364f54 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/move/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/move/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-16.scss
index c7bb9cb41d13..f93ab3e34b50 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-24.scss
index 6727717f01fc..5f3d30704243 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/music/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/music/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/music/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/music/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/music/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/music/keyframes.scss
index e19bd8cc8880..13eca52ebd4c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/music/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/music/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-music {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/music/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/music/placeholders.scss
index 1fcc645803dd..c567d4d6f547 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/music/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/music/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-16.scss
index a1d3f833b662..592e4e58f9a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-24.scss
index 487c0d7bb2aa..229d36fe6162 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/keyframes.scss
index 8bfe719917b5..e90a4aceba69 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-navigation-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/placeholders.scss
index 8b66f5d94c39..25d7c0749d21 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-16.scss
index 378b32d3c9f7..dccb5475404f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-24.scss
index 53608fed2195..9ce7bbf310aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/keyframes.scss
index 5ff02f90efcc..06b35e37da9e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-navigation {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/placeholders.scss
index 3b1ae0644589..1cd22eaa35e8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-16.scss
index af610225f1f9..19344bfa8962 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-24.scss
index 77af8d37b238..992a7b451e08 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/keyframes.scss
index e243617bd858..222fc37534dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-network-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/placeholders.scss
index 7e0e50fc5a07..0d90bc8159fc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-16.scss
index e46547dc7668..988842aad520 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-24.scss
index e4fe65244205..c33617f018d3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network/keyframes.scss
index ce5c0351f79d..494a3913b19a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-network {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network/placeholders.scss
index c24d791166de..12ca73332e9e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-16.scss
index f84ffdd4682a..a77ca41f405a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-24.scss
index 77af1e315825..ff48ca8e75a1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/keyframes.scss
index 92f4a7bf3400..5636f50dfa32 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-newspaper {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/placeholders.scss
index 100dabd15396..bb633250b900 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-16.scss
index 0b8db3256b1e..c0f021dca720 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-24.scss
index 78a370396b1c..1f4417646122 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/node/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/node/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/node/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/node/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/node/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/node/keyframes.scss
index 1197cf9f6caa..db81da4252af 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/node/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/node/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-node {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/node/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/node/placeholders.scss
index 8bd1d7ee831f..75a4b4a9a05b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/node/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/node/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-16.scss
index e6f4c5f7a8d8..d6bdab2e6f17 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-24.scss
index 5b7152acec01..64772bbc42d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/keyframes.scss
index 9989aae5d39f..b1e7268ec6b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-nomad-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/placeholders.scss
index 0555e80541b0..9efacab91b94 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-16.scss
index cbd4fc62ac17..e5444c37c166 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-24.scss
index 3f33fe7bc467..e262a5ca7eb2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/index.scss
index bd7b67d9d576..bb3c95b80e0a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/keyframes.scss
index 5f133858374a..701eedd62f7d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-nomad {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/placeholders.scss
index 4b20eccd70e3..784ce621e099 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-16.scss
index 6a8ce85f33f5..acf043e94e23 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-24.scss
index 0e05aa0e2998..6995cc4fdb4d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/index.scss
index aacd2d0de701..600428534279 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/keyframes.scss
index 6b1750d22120..71b0396efa4c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-notification-disabled {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/placeholders.scss
index fcd2531e97dc..5604921f5eb6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/index.scss
index f36f490f6d99..157b2e18802a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/keyframes.scss
index 6d0c51dd39b0..11ff2fb503ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-notification-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/placeholders.scss
index b1f27b9b80fa..da460e6a85ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/index.scss
index 0e4a6c6c5420..1b63ab5fd2a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/keyframes.scss
index 1ca008c0a374..347046857458 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-notification-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/placeholders.scss
index 3a01fc8cdd67..adc0495d4bef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/keyframes.scss
index 63de97bbd4bf..9eb43f6c47ef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-octagon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/placeholders.scss
index be768eb26649..490f99bcb5ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-16.scss
index 56f9e6469056..9aa4ecfc7530 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-24.scss
index bd73668b460e..5da705660c58 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/keyframes.scss
index 14bf0b451936..925d1c9ed5ef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-okta-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/placeholders.scss
index a3d1e7588e91..1249beb09453 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-16.scss
index ae37a318e1d6..a8ff6a225572 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-24.scss
index d77216bc9b48..eeb4677de1a1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/index.scss
index 8091ea83d05c..b5d6bca7954c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/keyframes.scss
index 74ea1fa747a1..66c72f82e825 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-okta {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/placeholders.scss
index c5f33450d264..6eb5adc515be 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-16.scss
index 062d3b1febd8..96ea736318d0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-24.scss
index c7796bddead3..abecb86ddea7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/keyframes.scss
index 5db854d868e0..85ef76ba2a7e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-oracle-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/placeholders.scss
index fa1c6efb2ab4..daf31ac53642 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-16.scss
index 1cda40a72ad8..c48cbbfe7a4b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-24.scss
index 4b657e89b1e1..55c12f3cf34a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/index.scss
index 1d5d54c6512a..045606220406 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/keyframes.scss
index e190220a2ad5..e7fd6f57599d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-oracle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/placeholders.scss
index 2b4af32d0c6e..92a732057015 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-16.scss
index ceaad271570d..1a370a20b4e8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-24.scss
index 4f07bd3ce907..9676d531ec60 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/org/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/org/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/org/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/org/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/org/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/org/keyframes.scss
index e90fdab724f4..846420a2e94f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/org/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/org/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-org {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/org/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/org/placeholders.scss
index f4b592e689b4..ac05dc90b405 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/org/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/org/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-16.scss
index 6010dd7a9be5..6f852d0b01ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-24.scss
index 70a603a39999..d25f4b95838d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/keyframes.scss
index f128c42a9cd8..e041c1bb5c2d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/placeholders.scss
index aba882baa349..1aa2f1cf6647 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-16.scss
index b638b776cd51..51d25abd0293 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-24.scss
index 29da411d96cc..a98c5e55f311 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/keyframes.scss
index acd87d9fe4e2..ad23b96700b8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-pack-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/placeholders.scss
index 8ad3bdf2cff3..10af94bef10e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-16.scss
index 55140e04f5df..3f4c6c262506 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-24.scss
index b5e813cde744..a4ff38522840 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/index.scss
index aaa346be9a27..57e84bcfd7cf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/keyframes.scss
index 4ba21cc0ecfe..d7b0441461b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-pack {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/placeholders.scss
index 156c74e27c10..0fed67727455 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-16.scss
index 2d7f9cab84c8..7848d83a4d49 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-24.scss
index fbf9aca1859f..781d6e27d613 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/package/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/package/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/package/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/package/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/package/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/package/keyframes.scss
index 97becc7d5740..ae5de5fe96a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/package/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/package/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-package {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/package/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/package/placeholders.scss
index 14f5b7e7f872..37db308ddb95 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/package/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/package/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-16.scss
index ac1623ab414e..7173e4844694 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-24.scss
index de8626f57f25..85db99efdbd8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/keyframes.scss
index 2f9bbf0c88a4..679525371315 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-packer-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/placeholders.scss
index 15b07c725ae9..456c8a04bb3c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-16.scss
index 03962abba4d2..d51763368186 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-24.scss
index 45cd018ca6c0..7ef3092e1984 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/index.scss
index 6e3d5a9e7737..d233de6f112a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/keyframes.scss
index acf3b3c9eafa..b121ea3fe055 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-packer {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/placeholders.scss
index fec05796f9ec..360da0a01d27 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-16.scss
index 3f130d9681e5..63c9df0aad8e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-24.scss
index 8a3921f4825c..23f6223fc6f9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/index.scss
index bf26dce25192..62ee44557a53 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/keyframes.scss
index d217d5c7eaca..e57e96c93827 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-page-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/placeholders.scss
index c29b10e617e7..18eb382e1f22 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/keyframes.scss
index 42441b2d5879..b5f4ad1c59a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-paperclip {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/placeholders.scss
index a8058399c937..95138794386f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-16.scss
index d21140e1a054..67fed1aa87b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-24.scss
index 96004d03a308..2e1112f51122 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/index.scss
index 32097f54289f..b4f45864ee92 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/keyframes.scss
index caf7066af2a8..57a9b71308c9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-partner {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/placeholders.scss
index 2d757c9e2993..3dbf386c68e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/path/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/path/index.scss
index 45e457544053..c3868c817a3f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/path/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/path/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/path/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/path/keyframes.scss
index 289703a935f7..e680d1f8e274 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/path/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/path/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-path {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/path/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/path/placeholders.scss
index b73e9bb7ef00..07dd69e724ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/path/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/path/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-16.scss
index 3ba7afd52dfb..c9acc9befcc9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-24.scss
index 5a124f7bcf8a..56ce28c4d74c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/keyframes.scss
index 956757c82baf..b833177b101a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-pause-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/placeholders.scss
index 1077e534e1de..82bd27931769 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-16.scss
index 81d222af629b..6acad0df33a9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-24.scss
index 6678e62c6f64..8b4a4a5a4ddd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/keyframes.scss
index 7fd3d0cf9ef9..92499643c042 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-pause {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/placeholders.scss
index 88a2945867e0..f565c5164e91 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-16.scss
index 640cbdc57e00..75e4d5cb7af7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-24.scss
index a7022dfd6c8a..2db3b587602a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/keyframes.scss
index 35c6ee3dc724..d788e746ced5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-pen-tool {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/placeholders.scss
index 13c2188be1b3..498efc0df247 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-16.scss
index 6eaa48d2a02c..f54ab9808764 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-24.scss
index 84701d028f7b..837e97b2b139 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/keyframes.scss
index de9b3a31f512..646e42eb3175 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-pencil-tool {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/placeholders.scss
index 568f9d1f4981..b9d8ba69095a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-16.scss
index 5a90e34c4355..d4f73d9539d3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-24.scss
index 79485462fb31..180d19491ef5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/keyframes.scss
index 415d5c3e385f..3e038a07d63f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-phone-call {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/placeholders.scss
index 3845451ce1f4..3586373ee3f8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-16.scss
index 4ef9b1c49471..d31275849fe4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-24.scss
index e1826184d568..cdd4017eb74f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/keyframes.scss
index 399850ba7c20..0e574ca94b42 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-phone-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/placeholders.scss
index 68be68ea3374..9064650294d1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-16.scss
index e4eaac5a31fb..225f7e0e8535 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-24.scss
index 080e4835ed43..087a5b98f6ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/keyframes.scss
index 7053dd0ded7c..9fe4b3c2c975 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-phone {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/placeholders.scss
index 32a78dd21d93..243e0a22680b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-16.scss
index a324e3aa528d..374fe528662f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-24.scss
index 19fc131a5db0..e8344216433a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/keyframes.scss
index 651545dff246..712a2e6b548a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-pie-chart {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/placeholders.scss
index 92def3ad115c..59a848703d5f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-16.scss
index 52082dce0bda..a5f03832ced0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-24.scss
index d6717429d4e9..1c4a629712fe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/keyframes.scss
index 679747285839..328e3d8a204f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-pin {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/placeholders.scss
index 8e86cc48c009..7d908ecad63b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-16.scss
index 421729d863c2..1e9eebd2ac22 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-24.scss
index 74f47034195a..311f6a4391d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/keyframes.scss
index a7f7c06e97b0..59820a960263 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-play-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/placeholders.scss
index 9553f316cf24..00d55d5668ef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-16.scss
index 3b253aeb1468..6b9d3602ada9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-24.scss
index 0bad1fc44c85..a4e4850275a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/index.scss
index 03853b94929f..d6584f5fa54d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/keyframes.scss
index ebb483864ceb..b7a3b4d05cd5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-play-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/placeholders.scss
index 597e7246c436..a6ef89b6ac14 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/index.scss
index 03853b94929f..d6584f5fa54d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/keyframes.scss
index c302978ebd65..73b91bc1fd0f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-play-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/placeholders.scss
index 2bc4769b61ef..ec071673b97a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/index.scss
index 0fefa4c33e4e..38fed16d9014 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/keyframes.scss
index 7a75fe084d38..aebe36d8744e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-play-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/placeholders.scss
index 466ba1ec3795..4486b90d59f7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play/keyframes.scss
index c57f8364894f..0cb95615e41b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-play {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play/placeholders.scss
index d675485c629d..0ac8c7c3a591 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-16.scss
index b2239d297390..be2d0de18d8a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-24.scss
index 77489c224ecb..cb0d57b43e1a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/index.scss
index 2e9244543fcf..8755344932ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/keyframes.scss
index cc4180313a14..9353a6590d8c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-plus-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/placeholders.scss
index d000dd2d78ab..cc6bee24d0ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/index.scss
index 2e9244543fcf..8755344932ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/keyframes.scss
index 4f5d5151f44d..ff509f6b59eb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-plus-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/placeholders.scss
index f776d408edf1..1c072165836c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/keyframes.scss
index e121bd986919..2dcc99ac8007 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-plus-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/placeholders.scss
index 7f247b3a5a23..252075b51c0e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-16.scss
index 8649893c3fce..64c118000a0d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-24.scss
index eeee24a8c83a..6c6b0d286295 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/index.scss
index ee5ed720593f..0f31faf723c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/keyframes.scss
index be926c77de0c..0cc7ee720e12 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-plus-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/placeholders.scss
index ccf1a2e87398..38c9218e1118 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/index.scss
index 32bd6d47c5cd..27c62d7ad9b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/keyframes.scss
index c38c30488049..d70e927c71a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-plus-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/placeholders.scss
index 41bb331fee07..667dd5fb49af 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/keyframes.scss
index 23336a59d1a6..53915f751c57 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-plus-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/placeholders.scss
index 826ac71a57bd..a7a9d197dea7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-16.scss
index 59afc378c108..4aa637b799cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-24.scss
index 0aaf8d53accc..eca14e99b5e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/keyframes.scss
index 298c658101c8..8a008cd2312a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-plus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/placeholders.scss
index 15a52f76ae8f..21700330932c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-16.scss
index 75514f8a0e26..9cf4c7e2cc33 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-24.scss
index bd2a0c21e21f..ab03a9db66bd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/port/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/port/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/port/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/port/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/port/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/port/keyframes.scss
index d0191a37484a..7651c699b9c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/port/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/port/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-port {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/port/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/port/placeholders.scss
index d6e3b1fa0475..f1a471012e10 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/port/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/port/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-16.scss
index b6c6b4543c84..41c5b8b33e84 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-24.scss
index cee2a3cb745a..15f93e4bb036 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/power/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/power/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/power/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/power/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/power/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/power/keyframes.scss
index 98bebe97dd0f..bd5ac4370710 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/power/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/power/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-power {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/power/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/power/placeholders.scss
index b74331ac1759..4887acf45f27 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/power/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/power/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-16.scss
index 1c6f5ff56d4f..31634672dbbf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-24.scss
index af4c55c4403f..4b1d015c9d0d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/keyframes.scss
index 6cdde31eed9f..92787c2ad191 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-printer {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/placeholders.scss
index 6c55236c52ab..c85d1c3d9a1c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-16.scss
index 2bf896f8b752..dae378a01284 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-24.scss
index 2f60cee44ba2..0265ccdc4080 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/keyframes.scss
index 158431de067c..102d0fba432d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-protocol {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/placeholders.scss
index 6bd2de0ddcf9..2665c94fe2fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-16.scss
index f83ace8687d7..880318ec9386 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-24.scss
index f3f0f24f8cb2..d48af2fa5b7f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/keyframes.scss
index 054d28135076..11dcd294092f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-provider {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/placeholders.scss
index 2aa05d0ffe16..37ac3cd37a53 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-16.scss
index 35ae89ecd29e..0498acdc529c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-24.scss
index a7e51f44292c..c2d7dc825288 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/index.scss
index b69b4fb027c3..709d7210b62b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/keyframes.scss
index 748c362bb2c1..339fa162bf0f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-public-default {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/placeholders.scss
index 9c071396fde4..7a38074d8e2a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/index.scss
index d9ffb9ca9e35..96b8e3f08ea9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/keyframes.scss
index 659d3b6de39a..fa64b5ef70b1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-public-locked {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/placeholders.scss
index f385f6bd0aae..60933a605ea9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/keyframes.scss
index 5e8482e2c97a..4a4989c16991 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-queue {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/placeholders.scss
index b3a660315377..9b7cc48d7b72 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-16.scss
index 7243843a6a16..268867f29282 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-24.scss
index a667e7d49909..51c62a6f1e6b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/index.scss
index 75fd6baf88bc..c65a7d6ba296 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/keyframes.scss
index 6c663467a72c..02bf9523c026 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-radio-button-checked {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/placeholders.scss
index 052f7d96a695..eba2bd8d9165 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/index.scss
index 425ee64d515e..fbad05507ede 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/keyframes.scss
index c7761a0e4c09..3e24048aed20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-radio-button-unchecked {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/placeholders.scss
index 8cace59f2392..24bc67c03a65 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/keyframes.scss
index ed7a7fb7614b..5d957ea2f495 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-radio {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/placeholders.scss
index 814d5372e2e3..ccbf03e81489 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-16.scss
index cc2379beb2c7..3efa46ed569a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-24.scss
index 991fa5650fc1..95976f71941b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/random/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/random/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/random/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/random/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/random/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/random/keyframes.scss
index efecb7daf937..5f53a76648bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/random/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/random/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-random {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/random/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/random/placeholders.scss
index 474a83d8f943..22cbd39c8121 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/random/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/random/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-16.scss
index f6dbde9e84cc..54bdeffa37b7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-24.scss
index fed5f052cec1..5cb8cb5c6c76 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/index.scss
index 0e88ce4410aa..06bae6e9c52b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/keyframes.scss
index d90a9e235e0d..4ac8f52d1ef0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-redirect {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/placeholders.scss
index 09349c70ebd8..f5f79ef820cf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-16.scss
index 5d35c5b4eada..351e3b2936b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-24.scss
index 2d14fbd83cc8..920dd4f97159 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/index.scss
index 60ba9b005c64..51302b8df13c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/keyframes.scss
index 81bb1ad90474..20934523f1ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-refresh-alert {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/placeholders.scss
index 9d7c72684882..0721860b3489 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/index.scss
index b23653b40c26..74f747e184d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/keyframes.scss
index c7b44921945f..bcac7d733231 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-refresh-default {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/placeholders.scss
index af03f488010d..1e1db0b6ec1c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/keyframes.scss
index 8fe4bc9291be..321237777274 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-reload {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/placeholders.scss
index 9edb05e899f1..b1fa1fbf6c12 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-16.scss
index 0b80cf0253f7..b9521afb208e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-24.scss
index 188d5c2dbad9..f29f5de4f484 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/index.scss
index 7221cb67c2a5..8a03c3edb4a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/keyframes.scss
index 61eaf623cd13..50d9fc06c693 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-remix {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/placeholders.scss
index 491c6dd3da6e..f5f3930e5ab3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/keyframes.scss
index 96004c5e6dfa..9e11b074dccf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-repeat {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/placeholders.scss
index 5dae2fb761b3..a3cc213f9f06 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-16.scss
index 52a83af46e85..aa3edd7629e8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-24.scss
index 1a7e39e06034..557199b51f94 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/keyframes.scss
index 98243854bdd5..a15438d5b164 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-replication-direct {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/placeholders.scss
index 8c4d46fd4c38..98c56dc34ec8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-16.scss
index 7957ad06d4a1..f82f48c10cde 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-24.scss
index 6f7ae4e230ec..3f103841fc89 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/keyframes.scss
index 6cd8f0b2345c..7718af7baacd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-replication-perf {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/placeholders.scss
index f8489ca7cff7..49741648a9dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-16.scss
index befb4000bfaf..394e372cfdf0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-24.scss
index d26d8c73e954..be0f767aa548 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/keyframes.scss
index f25f181af784..bbb0c590229f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-rewind {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/placeholders.scss
index cbe91731fe45..098d081d38ba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-16.scss
index a5daa977977f..39ee1ded2032 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-24.scss
index 1ff25de382e3..80eb1ff355ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/index.scss
index b3149c340701..c9943fe4762c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/keyframes.scss
index 701e1c180a20..9a7d03cfcbb9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-ribbon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/placeholders.scss
index d4ed07fd1f9d..19b8b4ab27b3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/keyframes.scss
index 0a48149d27ee..2fec5714f5b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-rocket {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/placeholders.scss
index 331407e54ff1..9e0c2128814a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-16.scss
index 901ae93cf73a..8c05eafa443e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-24.scss
index 4d6d043b796a..0223ff56a098 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/keyframes.scss
index 88c1f53f36c6..4495ab5d8844 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-rotate-ccw {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/placeholders.scss
index 3dabca68ac1e..68539a4ce65c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-16.scss
index 2d65cff5d0c8..654a6dd07b86 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-24.scss
index 680928556ec6..79e1f6017bc3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/keyframes.scss
index 7fd33f34c557..c3433e3af418 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-rotate-cw {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/placeholders.scss
index 2430439c9bf8..1c6ef6c3c22c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-16.scss
index 2549528a6ce0..42e7b0664303 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-24.scss
index 4a3085b2358a..9d660218199a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/keyframes.scss
index c792e0ad4e27..13e9a4f4fa15 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-rss {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/placeholders.scss
index bcc06de96f4d..729fdbc98201 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-16.scss
index baf162590ffd..6af684d8f761 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-24.scss
index 33ef78272037..1c719c2fc380 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/run/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/run/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/run/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/run/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/run/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/run/keyframes.scss
index 68acdbd445d4..fe9207eaf9ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/run/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/run/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-run {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/run/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/run/placeholders.scss
index b3e8443f0ba9..fae4ba28c3f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/run/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/run/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-16.scss
index 1f7d14e5c2b5..b9bd1760f944 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-24.scss
index d8b55c7f97f5..05c54a326fd3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/running/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/running/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/running/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/running/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/running/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/running/keyframes.scss
index 7036a97daa08..bb209f31f146 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/running/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/running/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-running {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/running/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/running/placeholders.scss
index bd877f1785fa..47a73f3e9994 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/running/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/running/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-16.scss
index f82142bee71b..e912059a46c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-24.scss
index 10a569c750c4..2b51d6383802 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/save/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/save/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/save/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/save/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/save/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/save/keyframes.scss
index 37689691b0c3..4672c17caab5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/save/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/save/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-save {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/save/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/save/placeholders.scss
index cb42647fd3fb..9b69856c22f7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/save/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/save/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-16.scss
index 60713ff9d3f0..dca1c0d57a46 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-24.scss
index 60cdedd6e736..0396d2eeca6b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/keyframes.scss
index fd981786a11d..052602767382 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-scissors {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/placeholders.scss
index f3417c95e279..f9d9a254699b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-16.scss
index 20a58d5de4cd..07fd93696107 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-24.scss
index f53c5094239e..1777b49bfefe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/keyframes.scss
index b1985050aef7..9dbb4a4906d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-search-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/placeholders.scss
index 66a365d8943d..2e0ad3ef80d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-16.scss
index 913af1f3dc36..54dffaefc979 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-24.scss
index 2c7dbf3cb41e..e00e993eb291 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search/keyframes.scss
index f70f2879f20d..b485b74f0a12 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-search {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search/placeholders.scss
index 27cc390b8f76..c5ecdcf97d0e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-16.scss
index e3edb45eb25c..61be5fd80449 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-24.scss
index fb519b8dabdd..9deb33a08af3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/send/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/send/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/send/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/send/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/send/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/send/keyframes.scss
index 3ec118ffe869..dfd9ac76a6fe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/send/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/send/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-send {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/send/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/send/placeholders.scss
index 3441e8aca27a..580c920dc3c2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/send/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/send/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-16.scss
index 188e703516dd..20db356e37c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-24.scss
index fd6940188fb7..617aecc4c104 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/keyframes.scss
index 882d876a1d73..2feae09ea56e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-server-cluster {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/placeholders.scss
index 5d14f1ab5af0..efaf63c18f1d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-16.scss
index 178eb2197e0c..de959d1a85d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-24.scss
index e01202f4d204..8e6783b7c4a1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server/keyframes.scss
index 0a6970c30e91..a93df2473bd1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-server {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server/placeholders.scss
index 8a4360428c7c..a329c1de83aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-16.scss
index 7ae1f4cdb884..2a94d5ed7efe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-24.scss
index 0b16c53d7342..1706b1124613 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/keyframes.scss
index 584b6ffa45df..105fe87ccbfb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-serverless {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/placeholders.scss
index ed01b6a9ae9b..7f41e42ea0f6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-16.scss
index 295dfdd49428..d390fdbeeba4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-24.scss
index 345c05cfeeda..17bf265c0996 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/keyframes.scss
index 69616e46ec65..7a8ae5850fa2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-settings {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/placeholders.scss
index 67b4d3868655..8029c31c134f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-16.scss
index 5ba0770b8b6f..d6bda6b29036 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-24.scss
index 65179f581d3f..f8e0489a77d0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/share/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/share/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/share/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/share/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/share/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/share/keyframes.scss
index 1a86bfa2ef71..69b37af0fce1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/share/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/share/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-share {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/share/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/share/placeholders.scss
index e94108c1d254..8f73fb22cf59 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/share/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/share/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-16.scss
index 8cbb1c3925d4..b84cbac71df3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-24.scss
index 1b0203d5c247..53f2b6331285 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/keyframes.scss
index 1e2547a1cfc7..1c14a245d937 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-shield-alert {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/placeholders.scss
index f1d4605ec44d..f31696cbedf0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-16.scss
index 938ff352d4df..2373db5f6bb0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-24.scss
index cb3051ea6bee..81dabd8e762a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/keyframes.scss
index f302a492c954..551cea8e5002 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-shield-check {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/placeholders.scss
index 48bacf0f60fd..bb61d022dacb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-16.scss
index 3e5c673de4c4..6bcf74f66058 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-24.scss
index 4e9a6d5ee0dc..24590bc922ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/keyframes.scss
index b02fe787c459..e4ccff6df755 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-shield-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/placeholders.scss
index 6e1590e7b839..c99ed4c3c10f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-16.scss
index d930892d9a0a..e326dc30b044 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-24.scss
index 4a913a074b01..7a19268ed638 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/keyframes.scss
index 117d0dd0509e..d55afb87ab6a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-shield-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/placeholders.scss
index afa13938d1ed..d8e37f6419de 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-16.scss
index ff8a0bf30eaf..aa11c5665099 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-24.scss
index c3d7231b9a8e..0dbf33f64c67 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/keyframes.scss
index 37b1b0f8c044..2c494f8f3710 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-shield {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/placeholders.scss
index 7195c468285c..7ca85bc2ce57 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-16.scss
index 049a5260fb80..5476fa5f4f2d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-24.scss
index 443e28dfdb93..9aeb6684c60f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/keyframes.scss
index 6faf13c98ffc..0cb11d01dddd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-shopping-bag {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/placeholders.scss
index 8da0e309c508..0a835bba0b2d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-16.scss
index e56d3a9f7a64..3ff31dcd8230 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-24.scss
index 2338e70bdd6c..ea3654c56bcf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/keyframes.scss
index 338cf17a1c60..5c63bcc4d9fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-shopping-cart {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/placeholders.scss
index 058a45649dc1..7261b6c41f45 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-16.scss
index fb2d3d8ffafd..ba03c75bafdf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-24.scss
index 75f91c2bed84..c0f0169ead16 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/keyframes.scss
index 7f9d90cb68aa..e158a4db975e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-shuffle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/placeholders.scss
index 9628d00e7bf5..a498d62aed1d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-16.scss
index fdbba45480fc..df29638f2848 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-24.scss
index bd99c120a6fc..5a59d34c0daa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/keyframes.scss
index 76bbc182a357..99209d476dab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sidebar-hide {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/placeholders.scss
index 6f94e0f3866a..04885874c04b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-16.scss
index ba5380432237..fb8a0645990b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-24.scss
index a1e5f94bf476..0e2a900e86ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/keyframes.scss
index 2bf51c8d434a..1bd5ff943966 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sidebar-show {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/placeholders.scss
index bc09521c7a4d..28f6c1ac1975 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-16.scss
index 2935bca81bb0..fdcdbbff3c29 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-24.scss
index 127fc7c60534..747b2b8ded6c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/keyframes.scss
index 15f6d37d3372..8c781c54e829 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sidebar {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/placeholders.scss
index 970e7fa72e38..2987647a9d64 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-16.scss
index 70de5c2e50b8..13cfb06c6e38 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-24.scss
index 59a4b9538e84..aaff7ac5696f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/keyframes.scss
index 4dcfa68635d8..85c53234fe0e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sign-in {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/placeholders.scss
index 573c7749ca9a..520fe5731dcc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-16.scss
index 8bc343aebe82..cb4aa756455f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-24.scss
index acabb9de1df9..87da560f66fe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/keyframes.scss
index eff26b5c6ca3..283c8de338a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sign-out {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/placeholders.scss
index adcf6327f7e2..6bb347a41bda 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-16.scss
index 6c6cccd6bca5..65af41065665 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-24.scss
index 758e2021243d..61f83c3960f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/keyframes.scss
index bf023c2abfab..9b02a01fc136 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-skip-back {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/placeholders.scss
index 9d1a1df1959b..70c635c3cac7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-16.scss
index 07699438ce4f..d37c2509a3f3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-24.scss
index 8b5d0c1335e3..56950842e354 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/keyframes.scss
index 8a8da876e821..1e3fdce68caf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-skip-forward {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/placeholders.scss
index 63123231caf7..b0125b36d7f8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-16.scss
index d32ab0e3024a..a7c66d287217 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-24.scss
index b83dc8fd534f..9d5b2195298f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/keyframes.scss
index a3f80a83b85d..6262aea22dd1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-skip {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/placeholders.scss
index 39f92385bd1b..696a11ef6382 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-16.scss
index 3267603643f1..3c43d44b125d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-24.scss
index 6c2d68484ccf..fb14507ea84a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/keyframes.scss
index 7e38ad268c0d..bebc5bcc80c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-slack-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/placeholders.scss
index a61f4a55c4e3..1187031d6949 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-16.scss
index 8582c49124bb..bbcbac7c831f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-24.scss
index c1353440bbd9..1e33093c4f3f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/index.scss
index d47232a40508..5f6d67206d99 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/keyframes.scss
index 0897563fde3f..7361945509b2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-slack {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/placeholders.scss
index 88d3d33068d6..0bef9e9ad2c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-16.scss
index a10b4fc5d50a..7835c5de18c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-24.scss
index 127f51d1efc9..bd80f6313d26 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/keyframes.scss
index eacc5e062ddf..fe73ae34ab9b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-slash-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/placeholders.scss
index 2431f35b90bb..dc4e88ce5f96 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-16.scss
index 234d6dd82394..c78e5d2d2e59 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-24.scss
index 70793067104c..5a7c99559282 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/keyframes.scss
index 13f85e2534ca..568821db6bfe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-slash {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/placeholders.scss
index 01d183a5a9d7..ef3a47cf2af8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-16.scss
index f3f5000f0f07..c2cb53b7695d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-24.scss
index a71ba08999e2..3ba9886037ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/keyframes.scss
index 7522fd09d3a1..d30295c9584f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sliders {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/placeholders.scss
index 1fc4a91f00fd..7a39f8739adc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-16.scss
index d16ed6a3529b..1b118daeb0ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-24.scss
index 7a474ddaf51a..373d691d38ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/keyframes.scss
index 4634595f887b..d887984e4fe3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-smartphone {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/placeholders.scss
index ed7b5d2e39b4..f2f772b975c1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-16.scss
index 53ea2b441d59..7dee9c4c3374 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-24.scss
index 06960d48be7f..3c2764c7d482 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/keyframes.scss
index 1facbc852da0..719a3d41ac25 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-smile {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/placeholders.scss
index fbafcec3bb3f..d747c5ff1ebf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-16.scss
index e1e73648f818..601090c9ccc1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-24.scss
index b20d1b4e2593..b702195482a9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/keyframes.scss
index c4bbb8993272..3d433204f108 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-socket {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/placeholders.scss
index d2e066d6c37c..51db9c4944eb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-16.scss
index 72bf0d5fb97e..e4a4c72cfe90 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-24.scss
index 76adf5ee1761..b5cf8e404df8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/keyframes.scss
index 38b938edff19..832f945bd470 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sort-asc {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/placeholders.scss
index bbdb67fc97f2..2477ad9dcd47 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-16.scss
index d37e7505d297..69e668a20841 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-24.scss
index 54f7f82316ce..f3562470c206 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/keyframes.scss
index cddfa8a326f3..87b9bd61ad74 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sort-desc {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/placeholders.scss
index fe43362497bd..d9d748be3358 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-16.scss
index b4f035f5f0ed..d8d6845c22e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-24.scss
index 6798ddd1a08c..1ba065e499ff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/index.scss
index d12cf20579df..fd0be5abf58d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/keyframes.scss
index 60f811dd86f0..93dfdc5f0fe2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sort {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/placeholders.scss
index 1e3050d43430..041b707338d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/index.scss
index 2c48a575e9da..987136c0f962 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/keyframes.scss
index 9488c0fe51b8..015a96447e94 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-source-file {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/placeholders.scss
index ac8ffb706e87..f846465a18cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/keyframes.scss
index 7f891ee3cc0e..bdddd856e193 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-speaker {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/placeholders.scss
index a6d6e0a7db41..eecbc0c14b36 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-16.scss
index b2adf4e3831b..701a8e70e6f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-24.scss
index 185c11a915d3..8a27be4742a2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/keyframes.scss
index f24eb12a3ffb..9889014a499b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/placeholders.scss
index 7f7b97cbfc62..c4efbc766b1f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-16.scss
index ad65b8dde8fe..842f8d5cbfc8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-24.scss
index 6a9a1b1821b4..21af2dabf14a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square/keyframes.scss
index d86f6219e3d5..766187730b75 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square/placeholders.scss
index 53e04172e7f1..66e458af3023 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-16.scss
index 57544067d30d..cecf89ba1cea 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-24.scss
index 9a8ad5ee2fce..b7b610458a62 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/keyframes.scss
index ccfa8d142550..ae280e5b6e6a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-star-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/placeholders.scss
index 79a690837763..937ac0535992 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-16.scss
index cc4dede45231..11a2bfb6153b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-24.scss
index 8ba0ec82357c..0284a9426c27 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/keyframes.scss
index dbd8bb23ded8..c057f0160b99 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-star-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/placeholders.scss
index 28ddb552a842..38d5af82b083 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-16.scss
index 4462617a4f27..dd277638f511 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-24.scss
index b3cf149ddb54..f26ce7239270 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/keyframes.scss
index f1162c103c84..e9ab81d0c474 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-star-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/placeholders.scss
index 85f160ad0f68..5555475eaecb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-16.scss
index aa8402c47916..ea74e31d53b9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-24.scss
index e617d7c4dfc1..45583efc772e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/index.scss
index 33d332e49b4e..f8b673f44d7a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/keyframes.scss
index ba9dc49dcc20..2f4f2d3b2905 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-star-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/placeholders.scss
index 070f9f889534..0dc594ee5410 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star/keyframes.scss
index 47b47f5b84c2..ba5a726333d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-star {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star/placeholders.scss
index 309fa701bd2e..b3e9c21638a9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-16.scss
index 9e67c2576be4..730e590e5687 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-24.scss
index e1510ab875d0..6d8f629078b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/keyframes.scss
index 9cd33864b1a2..36ea3801b90d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-stop-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/placeholders.scss
index 260b329580bc..3ce16e7c7094 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-16.scss
index 16708b9ddc65..8e86413b0933 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-24.scss
index 9826d1def26e..3a2cf62ed2c2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/index.scss
index 494f577c3784..e3d0042ae49a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/keyframes.scss
index 06546d969f14..660e3db945aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sub-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/placeholders.scss
index 804c5809127f..8ddc0a5893e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/index.scss
index 722299ed8ce1..e7e87da0c739 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/keyframes.scss
index acaaf5b45e69..9d5a1a9fb885 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sub-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/placeholders.scss
index f3a3ad50345a..148933991d43 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/keyframes.scss
index 84dada778703..5b29f6617acf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sun {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/placeholders.scss
index 22618c027289..60ec5477c961 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-16.scss
index f534d381f6c1..fb343d86ce79 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-24.scss
index 25729ebfa07f..101a79a148f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/support/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/support/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/support/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/support/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/support/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/support/keyframes.scss
index 79627347b594..b8d01836540c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/support/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/support/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-support {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/support/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/support/placeholders.scss
index 79cf1143d356..2f611e5a89fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/support/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/support/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-16.scss
index 3fead7590215..ccc8cdf50ca1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-24.scss
index e4475f6ba333..6fc1aa2c68e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/keyframes.scss
index df7bf5f3ecd8..27c0af948ae5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-swap-horizontal {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/placeholders.scss
index bdda13937c43..87c1a4c56556 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-16.scss
index 0b3423261602..569d12fb670e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-24.scss
index d7268ca864ac..838be24c5eae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/keyframes.scss
index a4821825b61b..8162548e9e83 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-swap-vertical {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/placeholders.scss
index c200906f9872..2636992ece96 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-16.scss
index 1fdb0641c043..0e94ad6b5f5e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-24.scss
index edaac9ddbe3b..ec381d2a37ec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/keyframes.scss
index bf031c47aaa1..6c409498f5dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-switcher {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/placeholders.scss
index bd595c8d9827..75e3df32db91 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-16.scss
index 48324ad3d16e..d73821952080 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-24.scss
index 8eac7740d7aa..7b909cd5c66d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/keyframes.scss
index 70de2fb4beba..93a9a29bf78c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sync-alert {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/placeholders.scss
index deb31f0f46ac..3a73734aef0e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-16.scss
index e484c83236c4..4f2c7a9df1d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-24.scss
index a83be4271c9d..7a866948d653 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/keyframes.scss
index f0d3a033a8df..58f8d7a2c3d0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sync-reverse {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/placeholders.scss
index 3be51db30ae7..841667e81538 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-16.scss
index f7911387c9fb..69bed783da0d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-24.scss
index c6acd935774a..139ec5879f90 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/keyframes.scss
index 1cd851a870c3..f12bdb52152a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-sync {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/placeholders.scss
index 40fe853e423f..21da24c04799 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-16.scss
index 45891ada63a0..46653b9d06a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-24.scss
index ad34bff6d5c9..b41df2abe8bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/keyframes.scss
index 5b7e51943df9..742b407c0cf1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-tablet {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/placeholders.scss
index 1585e9655719..27472f8fe30b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-16.scss
index ef603a2615e6..09af9e1ea036 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-24.scss
index ea3f3e4b2a8a..67a8680901ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/index.scss
index ad1d2b1dccde..223ad543c737 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/keyframes.scss
index 691b25a6dfde..f5a454099f6a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-tag {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/placeholders.scss
index 9b2ca92c0f2d..f245b557ed48 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-16.scss
index ef7f0accdbe0..fcf4dc90b7b3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-24.scss
index 549a71607a02..a86760d5cb84 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/target/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/target/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/target/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/target/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/target/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/target/keyframes.scss
index 491e7c475765..587a4ef618ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/target/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/target/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-target {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/target/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/target/placeholders.scss
index 83fd6e1f1a94..1cd9da6e2359 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/target/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/target/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-16.scss
index 3e2b0126f181..9fb510d5089a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-24.scss
index 57019aa29d19..605ddeb8b19c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/keyframes.scss
index 9744c5c8370c..65cb4b25f46c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-terminal-screen {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/placeholders.scss
index 5f9dc7157d26..2891d8cdb9fd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-16.scss
index 51b0a5f73b31..d5c20bb29a9b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-24.scss
index 333da3b8ac75..eccf647f31e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/keyframes.scss
index 747237e78766..476e78b70205 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-terminal {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/placeholders.scss
index ecb85eda0d82..3cb83e26f2c5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-16.scss
index 6cd03f3dd8f4..4c3726f5602a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-24.scss
index af11b842ef61..a8e5203ce73b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/keyframes.scss
index a631bf061d57..f3bfe2c4fbea 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-terraform-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/placeholders.scss
index 811716831a31..82e25e953d29 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-16.scss
index 865416446c80..5c4c1c6c2f3c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-24.scss
index 08d2c5946c44..074d11eb88cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/index.scss
index b1e11e2ef0e3..d00816879440 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/keyframes.scss
index c23f0ffb59df..fdbc5f2e59be 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-terraform {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/placeholders.scss
index 96429044eb2f..0fe3c6c0f26a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-16.scss
index 225107e576d8..d6424bb01948 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-24.scss
index 5a46d5918927..52f3c951586f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/keyframes.scss
index 88744a17235e..c20546402d29 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-thumbs-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/placeholders.scss
index 3adbc23f3ae1..fa3f288a85ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-16.scss
index dcd9ea3f0dc2..ae34fd68e92c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-24.scss
index 601d50fd430e..6cbe0c321135 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/keyframes.scss
index d33f39b3780e..bd7312b8870a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-thumbs-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/placeholders.scss
index 4e59caf011d2..dd06caec82e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-16.scss
index 5b76f031a9b7..987c95869f9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-24.scss
index d97ad46a3fd0..2465a6f43efd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/keyframes.scss
index c0b89612a696..729960ce4188 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-toggle-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/placeholders.scss
index 210ef75bb969..0b07b786c1d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-16.scss
index bbe603f07af2..1ac16b2343fe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-24.scss
index 221c87192b46..a837d629fe17 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/keyframes.scss
index 655b7ccf38b2..b3349eb8bee4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-toggle-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/placeholders.scss
index 8d4f093bd50c..6473d2778b90 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-16.scss
index 23ca4124df77..9aa767b85e8c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-24.scss
index d12006334d4a..2520aa610fee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/token/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/token/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/token/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/token/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/token/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/token/keyframes.scss
index f9dced123f9b..b08e3d680667 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/token/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/token/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-token {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/token/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/token/placeholders.scss
index 0637a48a4283..55896ec406ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/token/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/token/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-16.scss
index 0a1d3cae0b48..4ae5d21e3d60 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-24.scss
index 65c615b2ba5f..8aaf6aa7c531 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/keyframes.scss
index 8bdea329b5c8..2286e6417543 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-tools {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/placeholders.scss
index 88fe9288c947..ea541c95a11c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-16.scss
index acb8614de77a..a85cf1b94a41 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-24.scss
index 3ca5731ae0c8..9520e1fd88fe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/top/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/top/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/top/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/top/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/top/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/top/keyframes.scss
index eb2197a4b355..8a92c5bd4213 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/top/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/top/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-top {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/top/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/top/placeholders.scss
index fa22732fd43e..a7cb89edc803 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/top/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/top/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-16.scss
index 12fe1d6410fa..cd277acdb380 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-24.scss
index 437bdbc3183c..08fd4efc35cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/keyframes.scss
index 20b806ccf7d7..6985c66751f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-trash {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/placeholders.scss
index 13e8f508c0af..c3056c5997e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-16.scss
index 0a20d4c775bb..1323334adf32 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-24.scss
index 04268f88fc05..ff725a7ba8c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/keyframes.scss
index 3a53a2e9ddc1..2e1c47d1e9a9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-trend-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/placeholders.scss
index 92103c185951..12552f716789 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-16.scss
index 613db4f137be..2aca1c3e9964 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-24.scss
index 6e47fbebaf7a..5179ad2e82f5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/keyframes.scss
index aff9dd63eac5..d44bdcde5a3a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-trend-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/placeholders.scss
index 52fc2a2866d9..c7c24018a06e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-16.scss
index 62137b9a1300..b9ffc4664863 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-24.scss
index 3a1354b5b233..9c49de52be74 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/keyframes.scss
index 1fe89fb18c2b..4c6d222714ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-triangle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/placeholders.scss
index d8070e6403da..b1b794f28e6a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-16.scss
index fa4089391585..a08031d09adb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-24.scss
index fff932616d06..7875fd88a779 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/keyframes.scss
index 5d79a2917636..dbfbbd67bf59 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-triangle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/placeholders.scss
index 2b6331587b05..6d1e6eff5b3b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-16.scss
index 443c7ccdcf53..70211277cfe2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-24.scss
index 33ccfd00747b..9904dc0f6e9a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/keyframes.scss
index 21da4df8db3c..b5e95cea4a6a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-truck {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/placeholders.scss
index c378e98f5481..22f04eab3ed7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-16.scss
index 4d23e0b58820..1eee5961745a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-24.scss
index 0fbd3fb0b6f7..ce55155e1369 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/index.scss
index 519332d66f04..dda8ce20e945 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/keyframes.scss
index 6fbe08ccc83e..47e3b87379da 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-tune {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/placeholders.scss
index 691b2c18e8bf..3e6c69d2c3c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/keyframes.scss
index 1bbe2744420e..05b4e4a37ebb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-tv {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/placeholders.scss
index ae4fad80b30b..5abc9ec87078 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-16.scss
index 01337fe19307..b3cb4a465448 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-24.scss
index 11017e01bd18..a6b0e8bbb56e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/keyframes.scss
index 6663efeb7c46..7a70f86ed6c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-twitch-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/placeholders.scss
index 60db3026f48d..ba612afdf269 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-16.scss
index 5bd446d55303..c20cd16965a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-24.scss
index ed6c2dca782d..18d3cbed4714 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/index.scss
index 8e30d896764f..962d20aecbc9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/keyframes.scss
index 0efc17d84b81..dfd15fe0cf3d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-twitch {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/placeholders.scss
index 372e1556f28c..30937ed81db2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-16.scss
index 1c1136e7e0d4..0c6269e4c30c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-24.scss
index 164e95ac369e..ea679aff1089 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/keyframes.scss
index 293b29a2d4e1..0e2d58e64546 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-twitter-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/placeholders.scss
index f949e4bf7121..2fd51e6ff5d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-16.scss
index 30f5e11fcf29..21cb39a034d1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-24.scss
index 1948f0e3f940..af2d4f0897d6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/index.scss
index ead1b2d38b2f..f9f080ad2142 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/keyframes.scss
index eb36903bea1c..4e6680be0c34 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-twitter {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/placeholders.scss
index 3a1e86551002..18ba55c5d379 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-16.scss
index 9f0be454c108..d6d194ac8d49 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-24.scss
index 8e3454406ae9..60ea7e9356f9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/type/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/type/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/type/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/type/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/type/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/type/keyframes.scss
index 53498428caf7..51324f781ae3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/type/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/type/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-type {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/type/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/type/placeholders.scss
index b970fc6ca725..3c2fd1585b03 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/type/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/type/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-16.scss
index bfcda4608f5b..67e66ad7f93b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-24.scss
index b5b05e38221d..07906e083c41 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/keyframes.scss
index 4a94e909d74c..ab2b76426865 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-unfold-close {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/placeholders.scss
index 87e554931745..f482568d4302 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-16.scss
index 9024488256dc..8a84a6e8ff21 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-24.scss
index 609623ec8054..4a67fdb2a208 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/index.scss
index 2ea9c523f56f..b9cbc8778c8f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/keyframes.scss
index ff2d9650404e..bc9fddc57e81 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-unfold-less {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/placeholders.scss
index 48e7c8ead5af..da2492183e17 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/index.scss
index 7faef923f56a..4c5aff0294c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/keyframes.scss
index a6ab9ad900fa..50c7cdb91b10 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-unfold-more {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/placeholders.scss
index ca421a5ed8fa..879a857906c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/keyframes.scss
index 53bd33b653f2..43fa474d20f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-unfold-open {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/placeholders.scss
index b385b68c818b..6432019547f9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-16.scss
index 45ff813d089a..51d0d6dc2416 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-24.scss
index 2ac9400f8194..0418b3d04900 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/union/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/union/index.scss
index 8b3fe9b7ced8..68293edadf9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/union/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/union/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/union/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/union/keyframes.scss
index 16c6c4ca0384..b4a9c02fde9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/union/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/union/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-union {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/union/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/union/placeholders.scss
index 3d7b8edfdfb8..1f4b33fe9a4d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/union/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/union/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-16.scss
index ce4c0e2987f2..dfd30b075328 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-24.scss
index 3ab9887d3b6c..fe679d2fb7ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/keyframes.scss
index 8a86ec678313..503c763474e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-unlock {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/placeholders.scss
index ff87f20334d2..af8cde2570cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-16.scss
index 92a4ea8ea2ff..ed58fbcff3b3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-24.scss
index 310f95642cae..33e13627418d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/keyframes.scss
index b82ffcd8be28..afcbe1d0aa93 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-upload {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/placeholders.scss
index c0d897fb2df5..f9ce3ed9fda2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-16.scss
index 90e263e64b59..bd3ec7e8b8f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-24.scss
index c600145cb8a0..bc2d0cdcef4f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/index.scss
index e2e740f05f75..5f2cdb956186 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/keyframes.scss
index b7611274bdb1..784197674b8d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-add {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/placeholders.scss
index 27ba087df883..ae176d12110f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/keyframes.scss
index 8be27609d947..ca4f24d3b377 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-check {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/placeholders.scss
index 85cf76804c9a..c09c453baa5a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-16.scss
index 325c253797a4..8b9c792e4c87 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-24.scss
index e88cb417033f..e2f6a66df91d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/keyframes.scss
index e42e9c425284..684449a27c8a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/placeholders.scss
index 32f884022b80..29603757f470 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-16.scss
index 0ab3e3621cd9..88ae5c06143f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-24.scss
index 4f4ddd1f99b5..a193a328bc74 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/keyframes.scss
index 25a1afe9312f..6fa9a8acaee2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/placeholders.scss
index 165195439f05..3426fb51d93f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-16.scss
index 54e758f87825..ea277ac9048f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-24.scss
index 2ed3b6aa8f15..38c50de77561 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/keyframes.scss
index 18f43c0e9dfa..a49f31bdc5b8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-minus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/placeholders.scss
index 0033b568cf8b..24b88c45f548 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-16.scss
index 7d3f33bf5031..c631f80061dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-24.scss
index ca8b57645568..661f6e04bb79 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/index.scss
index cb6619a58612..83cff19dd7b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/keyframes.scss
index 38eadf6609b9..b2ab84432193 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-organization {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/placeholders.scss
index ae6c0c6e0846..c458a3c9fc3c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/index.scss
index 4d58aaed9395..6db7a950f343 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/keyframes.scss
index 5d8b71c62f4b..43f11fd67f72 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/placeholders.scss
index cf93991a4314..b40a473c75d6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/keyframes.scss
index d6ceca4f5952..a05bf722efb5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-plus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/placeholders.scss
index 603370ae6844..ab2a931d695f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-16.scss
index a697e9a4ab4b..2c7b4d9fdc21 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-24.scss
index de6d53f0b3e0..d6116a9aef9c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/index.scss
index 6278d3ddf934..125ad097364b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/keyframes.scss
index 52780c41e1f1..30f7c5209e48 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/placeholders.scss
index a2808eab682a..576167627aa2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/index.scss
index 0e9e4ddcd24b..c886827f40aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/keyframes.scss
index 371580758627..99a7462fa2f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-square-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/placeholders.scss
index ec75c0f94d6a..129d95771801 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/index.scss
index aaa78b46f453..73fd36573c8c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/keyframes.scss
index d94bf8c10e9e..b6283e9a398b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-team {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/placeholders.scss
index c640e2cd3eca..bc83a3b61682 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/keyframes.scss
index c61a2a4eeb00..225f53e99c12 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/placeholders.scss
index d2000ccdc317..023c5becfa6c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-16.scss
index c4eb74841bea..99b8de4bf67a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-24.scss
index 9f0424a53593..e832ec22934c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user/keyframes.scss
index 8240cea581dd..5a2912244c02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-user {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user/placeholders.scss
index 8554f57e1415..0720df48b7ba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-16.scss
index 93b26ca59082..48a18c6002a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-24.scss
index b8032e5243c7..f703df6c034f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/users/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/users/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/users/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/users/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/users/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/users/keyframes.scss
index 533c1e8a77f4..5ae77a0d5313 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/users/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/users/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-users {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/users/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/users/placeholders.scss
index 4443430a2a5a..0b57fe19db88 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/users/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/users/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-16.scss
index 4d3b51ca96e8..fa3dc4cd641d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-24.scss
index 959b56d53a5e..875cf9bc9d5a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/keyframes.scss
index e48e8e675590..a3c5ee2f0dfa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-vagrant-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/placeholders.scss
index c7174f9c9fcc..f0ae6452159c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-16.scss
index 834fc69eaa03..31fd40931e8e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-24.scss
index c9ee238a11f9..053265ab6371 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/index.scss
index d1d73fb55589..1525999371cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/keyframes.scss
index 69ce695d0f69..4252a8a2696e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-vagrant {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/placeholders.scss
index 0e5165a25023..e86f1ea56675 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-16.scss
index 170c95997395..9d49f05909f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-24.scss
index 4ac365de19a6..78f54de336de 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/keyframes.scss
index d1b30b6ba176..24770cf5c5ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-vault-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/placeholders.scss
index 4598744b8b9d..1f4b4295c98a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-16.scss
index 0c720843c7ed..9373592c9737 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-24.scss
index 70ec2c674478..655d4ba2b339 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/index.scss
index ee56d1b57adc..e41aea05fa49 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/keyframes.scss
index e092852c3d94..636c78c8342b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-vault {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/placeholders.scss
index 1aa630436b37..4f40e3c32fe2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-16.scss
index d0b3dbd355a3..f5046702ae1d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-24.scss
index dcaea985ce49..2199a89b6f3c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/keyframes.scss
index 0ef779f6353a..5545eef120a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-verified {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/placeholders.scss
index 26687027df98..c58ecbe47bf1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-16.scss
index 2bd549425f4e..66c84e314e6e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-24.scss
index a733dd864fe8..c598613c0a4a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/keyframes.scss
index afbb49f6ba37..3b9e0c92c692 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-video-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/placeholders.scss
index 7a8e8f830fe2..e36e35a71af8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-16.scss
index 54333a309e58..fa16ba9defe5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-24.scss
index eaddd2ebb702..15e7b822b5ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video/keyframes.scss
index 0cd243c26163..17f1a5d359ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-video {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video/placeholders.scss
index 5f1b8017ae0b..2b26528c16be 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-16.scss
index 372a1ccbf669..d40ecf530224 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-24.scss
index 0604df73abfe..74d3c50079a3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/index.scss
index c152864a9af4..4fa32e6813cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/keyframes.scss
index d8283cb31933..ab98a2f54d84 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-visibility-hide {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/placeholders.scss
index 10fb7aa0b9f9..3ee61904adc9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/index.scss
index 59620c464862..6d2d4ebcc3b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/keyframes.scss
index 78000f0b783e..d7b309a2b63c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-visibility-show {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/placeholders.scss
index 3a08def051f8..cb1bfb4e30bd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/keyframes.scss
index 37961da2f266..3b5287fdc99b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-vmware-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/placeholders.scss
index 9d07d62ad704..0bdaef42eae4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-16.scss
index e6569c3f13c7..6b1c191bd215 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-24.scss
index e142cc100174..0b01835b1a19 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/index.scss
index 8fb3c6cb8ab6..5058ca3046cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/keyframes.scss
index ab962b168c15..e50cb6c39712 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-vmware {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/placeholders.scss
index 35526023a5c4..ee92baac7940 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-16.scss
index cc931d9f7aa4..842ea362e229 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-24.scss
index effc542761e9..c43869fbdd7e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/keyframes.scss
index 7ebdc2505a03..fd1d7a1877d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-volume-2 {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/placeholders.scss
index 539d9263400e..80f997e07b37 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-16.scss
index 8be6f81b6f0e..ffebfd22f4c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-24.scss
index 13adf65e02c6..02175de2b190 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/keyframes.scss
index 59a05dd691ab..84e30b1bf134 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-volume-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/placeholders.scss
index 17eed4201c5d..e360b5776015 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-16.scss
index 954eaa280589..9e92d8e4aa99 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-24.scss
index c88b60e67b1a..4248c72b42dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/keyframes.scss
index 8ce604fd9fe3..011b90efcdb1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-volume-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/placeholders.scss
index 2cc9e8f96e15..19ea59b8dba2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-16.scss
index 79aa90529b11..bedf98676132 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-24.scss
index de2d7dfe9ec8..c831cf2eccf4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/keyframes.scss
index 0731bf859e6b..d2516189e0e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-volume {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/placeholders.scss
index 6e7142e4d71c..98b1ac92611f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-16.scss
index f6f7acaed053..906a420346ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-24.scss
index b13586be8844..f09d9f1da374 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/keyframes.scss
index 217755c516e2..f92ac586f3b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-wall {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/placeholders.scss
index 48e43e2ad510..f6f38e086ddd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-16.scss
index 4d227b7fa780..079bc79f5250 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-24.scss
index 697d3fdd44ba..d326d39121bd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/keyframes.scss
index 212a2ea2f34a..3e10ff9a7570 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-wand {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/placeholders.scss
index b1a3feb4d7e2..3e4c14cbc91c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-16.scss
index cc5289b3da2f..f57ecdd1c7e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-24.scss
index b55e2e604973..48acce94a99d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/keyframes.scss
index 4c039e5722e1..3c9eb0cba0f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-watch {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/placeholders.scss
index b679bf74eac2..6bd02b2d3a33 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-16.scss
index d0933443dd3b..9f7fab4c3dc6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-24.scss
index 346d44bc53a0..da63eb64d92c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/keyframes.scss
index 221bf06ffda7..a731fa1f074e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-waypoint-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/placeholders.scss
index 214a6f2a3631..50e27ad6e674 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-16.scss
index 16b317865970..c4ec749b978b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-24.scss
index 75e7c8d6453d..c7d7af6c0be0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/index.scss
index f8a88bde68e9..34b53ee6da1a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/keyframes.scss
index dba02b558747..6a93e273b3df 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-waypoint {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/placeholders.scss
index db6bb888e0f4..2ca77b7391b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-16.scss
index 503e2afdcf77..676b66188a92 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-24.scss
index 3961233883c9..d85370042956 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/keyframes.scss
index 389d4f23ac2a..85f3ebedec43 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-webhook {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/placeholders.scss
index bc584274aa03..4467374cbbe0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-16.scss
index 3744bab8872c..4994d8688baf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-24.scss
index 5b4c52d4767d..54604d759e9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/keyframes.scss
index 695dacf787cd..d704759dabc1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-wifi-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/placeholders.scss
index 47f5f74daf3a..772825b2e351 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-16.scss
index 27705b8c2d83..1879beb27469 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-24.scss
index bd07a0c773f0..690824abdc82 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/keyframes.scss
index 34a90a7a1242..aaa9e215dc23 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-wifi {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/placeholders.scss
index 0d0b3aeef325..4679089a0e09 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-16.scss
index 421cd366a191..7367f5d4106f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-24.scss
index ed3648af1d15..9da4b7ec85c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/keyframes.scss
index 34937c583273..943ca2b4cb68 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-wrench {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/placeholders.scss
index ce3874abbf3b..1802b7336733 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-16.scss
index 557fe1b4c2d7..8983fcf5b205 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-24.scss
index 59c10a88d540..a95e7a08fe1a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/keyframes.scss
index ea6968ebbbd2..b188cddf010c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-x-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/placeholders.scss
index 96c577dc9583..354b81252819 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-16.scss
index 07e62462b687..1ff7e9177dca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-24.scss
index 376591ef6da4..03d635c53e7a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/keyframes.scss
index f484624997a3..855ebcf8deaa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-x-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/placeholders.scss
index 9a728e0f6928..f2e12e620dc5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-16.scss
index 0236d0c8a5cc..83066351ac86 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-24.scss
index 993a2f70ab6e..e9c138b7603d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/keyframes.scss
index be31a5562b15..f58bed0909ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-x-diamond-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/placeholders.scss
index a0d6631ea388..d3117ad9f158 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-16.scss
index cdf6f8673b11..cac0e04c53ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-24.scss
index cca9022a6eea..782517eadcb3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/keyframes.scss
index 3c12ade8d38e..444074c37f22 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-x-diamond {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/placeholders.scss
index 3d0cba1238b0..8d2de2b540d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-16.scss
index fd1493c4328f..9f9df096ebf2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-24.scss
index a6c12dfcc1d1..0af6196bfe3f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/keyframes.scss
index 6d5669fe9f90..db1fd08c3de5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-x-hexagon-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/placeholders.scss
index aa880904fb6b..57cb2cb11502 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-16.scss
index ca3c1eb11b26..d24dcd290dcd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-24.scss
index 06c93c69c52f..0e77178056ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/keyframes.scss
index c202789085de..d21a8ee93400 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-x-hexagon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/placeholders.scss
index 3330698416e5..f770aefddee1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-16.scss
index 6ffc6896bd61..83b1671fb15b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-24.scss
index e53e9cac68be..702b0d6ebeaa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/keyframes.scss
index 6a8833ab248e..435414882fa1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-x-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/placeholders.scss
index a0ed1882ae8e..205cb360c2ca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-16.scss
index d1910fc9cb4e..9c08ba70d751 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-24.scss
index 91351e7f5f60..30a1056e78ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/keyframes.scss
index aec782d8d50c..a7c16b0d4d24 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-x-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/placeholders.scss
index 9d1ae0addfcc..b9e78d224c4b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-16.scss
index 4d843fcd66de..3957e075a362 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-24.scss
index b533a5d13d8d..ad1ab859b50c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x/keyframes.scss
index 9969836fee20..5f8be89485bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x/placeholders.scss
index 0b0f403cb827..68bf5b15e112 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-16.scss
index 7a2e8acd3d90..87ba4f65f156 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-24.scss
index f2f7e91ffe18..d4fc1bd48e02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/keyframes.scss
index f71c802a0218..5d4ce4e9160a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-youtube-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/placeholders.scss
index a94e40e600b2..c0e7c80c2e2d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-16.scss
index be772a093b77..a3738fc3665a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-24.scss
index 2a1f75400969..167f2239acc7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/index.scss
index ec36ee0ff100..1edaae143fe3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/keyframes.scss
index 99778d3947c0..06c76bcb9b7d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-youtube {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/placeholders.scss
index b1ba10af4392..a66946982348 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-16.scss
index 506303470917..d93b8fea5c20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-24.scss
index a617870758c6..9a3b65c5208f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/keyframes.scss
index b5b4bce9eff5..e45a66bf4120 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-zap-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/placeholders.scss
index bddad9b98849..2e0fa51aa1e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-16.scss
index 6ffb66e4bf20..893cd4ee2944 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-24.scss
index f1aa71511a6f..6d510810d71e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/keyframes.scss
index 2b4b4687fc28..44b0f424a8b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-zap {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/placeholders.scss
index a87fb212fa92..75817e99d5e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-16.scss
index 42202d2b465f..e6bea26b279c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-24.scss
index 06fd6bdf6548..c6f6c6ebc16e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/keyframes.scss
index fa5409efee0c..66af845acd40 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-zoom-in {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/placeholders.scss
index 21f607f1b434..c59403a4fc50 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-16.scss
index e74f4aae4129..36ff59104568 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-24.scss
index 3c2bb41de95e..96fe29dd050f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/index.scss
index 6d714e109549..0cf5474ebfc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/keyframes.scss
index 848334137749..4992c364f73e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes icon-zoom-out {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/placeholders.scss
index f206ac8b22f5..784a44724717 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-16.scss
index 568ec75766c4..94405ff34495 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-24.scss
index d60a6681c096..80295aa67eaa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/index.scss b/ui/packages/consul-ui/app/styles/base/icons/index.scss
index fb097649f75a..3827b3f406c5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './base-keyframes';
diff --git a/ui/packages/consul-ui/app/styles/base/icons/overrides.scss b/ui/packages/consul-ui/app/styles/base/icons/overrides.scss
index 9853578ce374..e923d75442d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/overrides.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/overrides.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %without-mask {
diff --git a/ui/packages/consul-ui/app/styles/base/index.scss b/ui/packages/consul-ui/app/styles/base/index.scss
index d8a77db6d5fb..b26472480431 100644
--- a/ui/packages/consul-ui/app/styles/base/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './component/index';
diff --git a/ui/packages/consul-ui/app/styles/base/reset/base-variables.scss b/ui/packages/consul-ui/app/styles/base/reset/base-variables.scss
index c05ca231fd42..5908b64e82c8 100644
--- a/ui/packages/consul-ui/app/styles/base/reset/base-variables.scss
+++ b/ui/packages/consul-ui/app/styles/base/reset/base-variables.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %reset-margin {
diff --git a/ui/packages/consul-ui/app/styles/base/reset/index.scss b/ui/packages/consul-ui/app/styles/base/reset/index.scss
index ef28f2932915..e60669bbccca 100644
--- a/ui/packages/consul-ui/app/styles/base/reset/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/reset/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './base-variables';
diff --git a/ui/packages/consul-ui/app/styles/base/reset/minireset.scss b/ui/packages/consul-ui/app/styles/base/reset/minireset.scss
index a0438a027bfc..43b1e0fa6f24 100644
--- a/ui/packages/consul-ui/app/styles/base/reset/minireset.scss
+++ b/ui/packages/consul-ui/app/styles/base/reset/minireset.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 html,
diff --git a/ui/packages/consul-ui/app/styles/base/reset/system.scss b/ui/packages/consul-ui/app/styles/base/reset/system.scss
index 7a40b2c8f082..42b03d9e00c2 100644
--- a/ui/packages/consul-ui/app/styles/base/reset/system.scss
+++ b/ui/packages/consul-ui/app/styles/base/reset/system.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 a {
diff --git a/ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss b/ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss
index b1d21d3074e0..0e331ac1fe87 100644
--- a/ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @keyframes typo-truncate {
diff --git a/ui/packages/consul-ui/app/styles/base/typography/base-placeholders.scss b/ui/packages/consul-ui/app/styles/base/typography/base-placeholders.scss
index 9b7fa8c5d6d1..404ba9ff390b 100644
--- a/ui/packages/consul-ui/app/styles/base/typography/base-placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/typography/base-placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %display-500-bold {
diff --git a/ui/packages/consul-ui/app/styles/base/typography/index.scss b/ui/packages/consul-ui/app/styles/base/typography/index.scss
index 261f3ce9fbce..a846f0f2e900 100644
--- a/ui/packages/consul-ui/app/styles/base/typography/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/typography/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './base-keyframes';
diff --git a/ui/packages/consul-ui/app/styles/components.scss b/ui/packages/consul-ui/app/styles/components.scss
index de51715283d6..d4e1c39e824e 100644
--- a/ui/packages/consul-ui/app/styles/components.scss
+++ b/ui/packages/consul-ui/app/styles/components.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import 'ember-power-select';
diff --git a/ui/packages/consul-ui/app/styles/debug.scss b/ui/packages/consul-ui/app/styles/debug.scss
index 2e7ec816f662..23ae675cb1ba 100644
--- a/ui/packages/consul-ui/app/styles/debug.scss
+++ b/ui/packages/consul-ui/app/styles/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import 'prism-coldark-dark';
diff --git a/ui/packages/consul-ui/app/styles/icons.scss b/ui/packages/consul-ui/app/styles/icons.scss
index 1b4923455f10..713d1576c2d8 100644
--- a/ui/packages/consul-ui/app/styles/icons.scss
+++ b/ui/packages/consul-ui/app/styles/icons.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/layout.scss b/ui/packages/consul-ui/app/styles/layout.scss
index a04075cbb162..75f42c71551b 100644
--- a/ui/packages/consul-ui/app/styles/layout.scss
+++ b/ui/packages/consul-ui/app/styles/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import 'layouts/index';
diff --git a/ui/packages/consul-ui/app/styles/layouts/index.scss b/ui/packages/consul-ui/app/styles/layouts/index.scss
index 14b86acea80c..4970da98d8cf 100644
--- a/ui/packages/consul-ui/app/styles/layouts/index.scss
+++ b/ui/packages/consul-ui/app/styles/layouts/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // workaround bulma's sweeping box-sizing
diff --git a/ui/packages/consul-ui/app/styles/prism-coldark-cold.scss b/ui/packages/consul-ui/app/styles/prism-coldark-cold.scss
index e61ac5f2b02a..8608926b2247 100644
--- a/ui/packages/consul-ui/app/styles/prism-coldark-cold.scss
+++ b/ui/packages/consul-ui/app/styles/prism-coldark-cold.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/styles/prism-coldark-dark.scss b/ui/packages/consul-ui/app/styles/prism-coldark-dark.scss
index e4b8d569f67c..98033b9b30d0 100644
--- a/ui/packages/consul-ui/app/styles/prism-coldark-dark.scss
+++ b/ui/packages/consul-ui/app/styles/prism-coldark-dark.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/styles/routes.scss b/ui/packages/consul-ui/app/styles/routes.scss
index 0b9818e0276e..9b8ad0b0d871 100644
--- a/ui/packages/consul-ui/app/styles/routes.scss
+++ b/ui/packages/consul-ui/app/styles/routes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import 'routes/dc/services/index';
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/acls/index.scss b/ui/packages/consul-ui/app/styles/routes/dc/acls/index.scss
index 090f39d82cb3..d4d46c09742d 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/acls/index.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/acls/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 html[data-route^='dc.acls.index'] main td strong {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/intentions/index.scss b/ui/packages/consul-ui/app/styles/routes/dc/intentions/index.scss
index d4634f7f1f9a..68bebc3a5b3f 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/intentions/index.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/intentions/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 html[data-route^='dc.intentions.edit'] .definition-table {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/kv/index.scss b/ui/packages/consul-ui/app/styles/routes/dc/kv/index.scss
index 2a85b0e3d609..a8c5b0bc85ec 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/kv/index.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/kv/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 html[data-route^='dc.kv'] .type-toggle {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/nodes/index.scss b/ui/packages/consul-ui/app/styles/routes/dc/nodes/index.scss
index 040d6c46035f..3513f73da779 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/nodes/index.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/nodes/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 html[data-route^='dc.nodes.show.metadata'] table tr {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss b/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss
index 73ac353add73..bedd44ab8142 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 section[data-route='dc.show.license'] {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss b/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss
index 38e0519c6bd1..9ba150dbc546 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 section[data-route='dc.show.serverstatus'] {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/services/index.scss b/ui/packages/consul-ui/app/styles/routes/dc/services/index.scss
index 80828acd3776..3065579e1107 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/services/index.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/services/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* drop the external dashboard button down if it exists */
diff --git a/ui/packages/consul-ui/app/styles/tailwind.scss b/ui/packages/consul-ui/app/styles/tailwind.scss
index ed5da1fc5ed1..c03d22ee28d9 100644
--- a/ui/packages/consul-ui/app/styles/tailwind.scss
+++ b/ui/packages/consul-ui/app/styles/tailwind.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @tailwind base;
diff --git a/ui/packages/consul-ui/app/styles/themes.scss b/ui/packages/consul-ui/app/styles/themes.scss
index 2d180b292c72..56bee00761c1 100644
--- a/ui/packages/consul-ui/app/styles/themes.scss
+++ b/ui/packages/consul-ui/app/styles/themes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './base/color/ui/index';
diff --git a/ui/packages/consul-ui/app/styles/typography.scss b/ui/packages/consul-ui/app/styles/typography.scss
index f1e5a47d05ea..b0dac04edb3b 100644
--- a/ui/packages/consul-ui/app/styles/typography.scss
+++ b/ui/packages/consul-ui/app/styles/typography.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 body,
diff --git a/ui/packages/consul-ui/app/styles/variables.scss b/ui/packages/consul-ui/app/styles/variables.scss
index 952c22c2d500..d857778f16e1 100644
--- a/ui/packages/consul-ui/app/styles/variables.scss
+++ b/ui/packages/consul-ui/app/styles/variables.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './base/reset/index';
diff --git a/ui/packages/consul-ui/app/styles/variables/custom-query.scss b/ui/packages/consul-ui/app/styles/variables/custom-query.scss
index 865924c352c7..77c31f86f4eb 100644
--- a/ui/packages/consul-ui/app/styles/variables/custom-query.scss
+++ b/ui/packages/consul-ui/app/styles/variables/custom-query.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 $ideal-width: 1260px;
diff --git a/ui/packages/consul-ui/app/styles/variables/layout.scss b/ui/packages/consul-ui/app/styles/variables/layout.scss
index 8233827b2f9e..e4f4252a43a7 100644
--- a/ui/packages/consul-ui/app/styles/variables/layout.scss
+++ b/ui/packages/consul-ui/app/styles/variables/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/variables/skin.scss b/ui/packages/consul-ui/app/styles/variables/skin.scss
index 2551b453de4d..2644344c4c30 100644
--- a/ui/packages/consul-ui/app/styles/variables/skin.scss
+++ b/ui/packages/consul-ui/app/styles/variables/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './custom-query';
diff --git a/ui/packages/consul-ui/app/templates/application.hbs b/ui/packages/consul-ui/app/templates/application.hbs
index 6e7537d43d67..7be739bf64b8 100644
--- a/ui/packages/consul-ui/app/templates/application.hbs
+++ b/ui/packages/consul-ui/app/templates/application.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-ui/app/templates/dc.hbs b/ui/packages/consul-ui/app/templates/dc.hbs
index 5974acfca33e..ad4664bcd38c 100644
--- a/ui/packages/consul-ui/app/templates/dc.hbs
+++ b/ui/packages/consul-ui/app/templates/dc.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls.hbs b/ui/packages/consul-ui/app/templates/dc/acls.hbs
index 5974acfca33e..ad4664bcd38c 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs
index c24d2bfc7a37..d221d5e819ee 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show.hbs
index 6e66613c3cd9..efa683681ca9 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs
index ebbd020033a6..f2a687d38559 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs
index b7c8f92d2f34..8f155eeabc94 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs
index ac8fea7a3c2f..d0a8529a44b7 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/index.hbs
index dc88f53b2786..8ef6f6e32425 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/policies/-form.hbs b/ui/packages/consul-ui/app/templates/dc/acls/policies/-form.hbs
index 39ff3543dbdc..687f5ec8e1d7 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/policies/-form.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/policies/-form.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <form>
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs b/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs
index 208bcdcb7653..230723e74635 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs
index d00fd781c2ea..1ac23da4350c 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/roles/-form.hbs b/ui/packages/consul-ui/app/templates/dc/acls/roles/-form.hbs
index e0f8324e6e74..a703f1d571ac 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/roles/-form.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/roles/-form.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <form>
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/roles/edit.hbs b/ui/packages/consul-ui/app/templates/dc/acls/roles/edit.hbs
index ece864ccdca7..78168a73cc05 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/roles/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/roles/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs
index 825c28881f41..2a83e8224a5b 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets-legacy.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets-legacy.hbs
index de0db32b2035..dbe188fc2ff7 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets-legacy.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets-legacy.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
     <fieldset
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets.hbs
index b3d36ffec1d8..89ea6bd3c1e0 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <fieldset
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-form.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-form.hbs
index 6cb1cfc46d3b..de6b9dccf1ae 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-form.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-form.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <form>
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs
index caa75e3d65a6..4960fdc1a1e1 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs
index 70e4c98c45e8..9fb37f50fa0a 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/intentions/edit.hbs b/ui/packages/consul-ui/app/templates/dc/intentions/edit.hbs
index ef29038efd35..8f44fe34fd54 100644
--- a/ui/packages/consul-ui/app/templates/dc/intentions/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/intentions/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs b/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs
index e34928e2f99b..b4d12269ca16 100644
--- a/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/kv/edit.hbs b/ui/packages/consul-ui/app/templates/dc/kv/edit.hbs
index 7d09254f9546..3278a55ea2a4 100644
--- a/ui/packages/consul-ui/app/templates/dc/kv/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/kv/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/kv/index.hbs b/ui/packages/consul-ui/app/templates/dc/kv/index.hbs
index 147fbd704e86..c730f719b6d0 100644
--- a/ui/packages/consul-ui/app/templates/dc/kv/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/kv/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs
index 56f7676c4924..9e9f14d9be9c 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show.hbs
index 3c64b67d8da6..5b8aba956730 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs
index d1dbf3d8ecab..d073bd889eb4 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/index.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/index.hbs
index 966db68ffec4..9cecd7e83193 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/metadata.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/metadata.hbs
index cfb3589d7485..89cc3e12f4ff 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show/metadata.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/metadata.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/rtt.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/rtt.hbs
index 4280bfaefb6f..3ce2159ca5ea 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show/rtt.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/rtt.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs
index 41926f6e3e50..05499d8141c9 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/routing-config.hbs b/ui/packages/consul-ui/app/templates/dc/routing-config.hbs
index b9cc67f9bf0c..a141aad42450 100644
--- a/ui/packages/consul-ui/app/templates/dc/routing-config.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/routing-config.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/index.hbs b/ui/packages/consul-ui/app/templates/dc/services/index.hbs
index 1e2a5d6604cd..37a73c419f7f 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance.hbs
index 6c70f45c981f..4926bbd609f8 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/addresses.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/addresses.hbs
index 4b0a9edae5f9..1dcc4819a629 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance/addresses.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance/addresses.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs
index 34c5d9ed1c6d..0f04962d89f6 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/healthchecks.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/healthchecks.hbs
index baf404891767..c709bd91a201 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance/healthchecks.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance/healthchecks.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/metadata.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/metadata.hbs
index 56cfcf4c4c4d..1b69aab03c8b 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance/metadata.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance/metadata.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs
index 45a282b59edf..7db110dd36db 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show.hbs b/ui/packages/consul-ui/app/templates/dc/services/show.hbs
index b96a15c7b1cb..18fa606c71f9 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/index.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/index.hbs
index 18260dcfd931..391a2fc70a06 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs
index 5525034df4de..8ea481e651a4 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/intentions.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/intentions.hbs
index 5974acfca33e..ad4664bcd38c 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/intentions.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/intentions.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/intentions/edit.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/intentions/edit.hbs
index 40569d418e7c..e8bd180c3051 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/intentions/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/intentions/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs
index 5e1c794d9c9f..92429b9abb97 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/routing.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/routing.hbs
index afa6a186783e..20e0c5c98240 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/routing.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/routing.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs
index 67e75d9dbf57..337490004596 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs
index e7b12d1a827c..8d2e1f661ae7 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/topology.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/topology.hbs
index 84db9e5edbf9..4354e1e3a887 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/topology.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/topology.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs
index 590da6ce9288..661c7e77b09e 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/show.hbs b/ui/packages/consul-ui/app/templates/dc/show.hbs
index f574aa5ffa03..7d9b7462c4cf 100644
--- a/ui/packages/consul-ui/app/templates/dc/show.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/show.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/show/index.hbs b/ui/packages/consul-ui/app/templates/dc/show/index.hbs
index d4d7ac9d3262..fe7d8ceb78e5 100644
--- a/ui/packages/consul-ui/app/templates/dc/show/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/show/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/show/license.hbs b/ui/packages/consul-ui/app/templates/dc/show/license.hbs
index 88d5dc7a1d60..669abf7fb0d4 100644
--- a/ui/packages/consul-ui/app/templates/dc/show/license.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/show/license.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs b/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs
index 1fee372ecabe..7f4ae6bb5ffe 100644
--- a/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/debug.hbs b/ui/packages/consul-ui/app/templates/debug.hbs
index d63d176957a1..dbdff5ff8e5d 100644
--- a/ui/packages/consul-ui/app/templates/debug.hbs
+++ b/ui/packages/consul-ui/app/templates/debug.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{page-title 'Engineering Docs - Consul' separator=' - '}}
diff --git a/ui/packages/consul-ui/app/templates/error.hbs b/ui/packages/consul-ui/app/templates/error.hbs
index 65f6b6c954bb..196b78779640 100644
--- a/ui/packages/consul-ui/app/templates/error.hbs
+++ b/ui/packages/consul-ui/app/templates/error.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{#if error}}
diff --git a/ui/packages/consul-ui/app/templates/index.hbs b/ui/packages/consul-ui/app/templates/index.hbs
index 5974acfca33e..ad4664bcd38c 100644
--- a/ui/packages/consul-ui/app/templates/index.hbs
+++ b/ui/packages/consul-ui/app/templates/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/loading.hbs b/ui/packages/consul-ui/app/templates/loading.hbs
index 5b30daf796e7..c7faa82f2bb8 100644
--- a/ui/packages/consul-ui/app/templates/loading.hbs
+++ b/ui/packages/consul-ui/app/templates/loading.hbs
@@ -1,5 +1,5 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
diff --git a/ui/packages/consul-ui/app/templates/notfound.hbs b/ui/packages/consul-ui/app/templates/notfound.hbs
index ff16db6c209e..9e9a350a3f5a 100644
--- a/ui/packages/consul-ui/app/templates/notfound.hbs
+++ b/ui/packages/consul-ui/app/templates/notfound.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/oauth-provider-debug.hbs b/ui/packages/consul-ui/app/templates/oauth-provider-debug.hbs
index 04eeac3d91a6..ea9f223fdc2f 100644
--- a/ui/packages/consul-ui/app/templates/oauth-provider-debug.hbs
+++ b/ui/packages/consul-ui/app/templates/oauth-provider-debug.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/settings.hbs b/ui/packages/consul-ui/app/templates/settings.hbs
index 658744961197..66251636dcce 100644
--- a/ui/packages/consul-ui/app/templates/settings.hbs
+++ b/ui/packages/consul-ui/app/templates/settings.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/utils/ascend.js b/ui/packages/consul-ui/app/utils/ascend.js
index 95f3e79131d9..0c7fe354d261 100644
--- a/ui/packages/consul-ui/app/utils/ascend.js
+++ b/ui/packages/consul-ui/app/utils/ascend.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (path, num) {
diff --git a/ui/packages/consul-ui/app/utils/atob.js b/ui/packages/consul-ui/app/utils/atob.js
index d6849c3d8a79..4afb5cfe471f 100644
--- a/ui/packages/consul-ui/app/utils/atob.js
+++ b/ui/packages/consul-ui/app/utils/atob.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import base64js from 'base64-js';
diff --git a/ui/packages/consul-ui/app/utils/btoa.js b/ui/packages/consul-ui/app/utils/btoa.js
index fb24fd9bd1c7..ff7abdabc630 100644
--- a/ui/packages/consul-ui/app/utils/btoa.js
+++ b/ui/packages/consul-ui/app/utils/btoa.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import base64js from 'base64-js';
diff --git a/ui/packages/consul-ui/app/utils/callable-type.js b/ui/packages/consul-ui/app/utils/callable-type.js
index e222f45b824e..33a5f5fd2023 100644
--- a/ui/packages/consul-ui/app/utils/callable-type.js
+++ b/ui/packages/consul-ui/app/utils/callable-type.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (obj) {
diff --git a/ui/packages/consul-ui/app/utils/create-fingerprinter.js b/ui/packages/consul-ui/app/utils/create-fingerprinter.js
index 644cce6e7c8d..54f2fa7d6d7c 100644
--- a/ui/packages/consul-ui/app/utils/create-fingerprinter.js
+++ b/ui/packages/consul-ui/app/utils/create-fingerprinter.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/distance.js b/ui/packages/consul-ui/app/utils/distance.js
index 9b2f1c0e252e..099f9e8e1711 100644
--- a/ui/packages/consul-ui/app/utils/distance.js
+++ b/ui/packages/consul-ui/app/utils/distance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // TODO: Istanbul is ignored for the moment as it's not mine,
diff --git a/ui/packages/consul-ui/app/utils/dom/click-first-anchor.js b/ui/packages/consul-ui/app/utils/dom/click-first-anchor.js
index 57f808073195..2f27a8c427c7 100644
--- a/ui/packages/consul-ui/app/utils/dom/click-first-anchor.js
+++ b/ui/packages/consul-ui/app/utils/dom/click-first-anchor.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 const clickEvent = function ($el) {
diff --git a/ui/packages/consul-ui/app/utils/dom/closest.js b/ui/packages/consul-ui/app/utils/dom/closest.js
index 625e95ffd238..eaabea413418 100644
--- a/ui/packages/consul-ui/app/utils/dom/closest.js
+++ b/ui/packages/consul-ui/app/utils/dom/closest.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (sel, el) {
diff --git a/ui/packages/consul-ui/app/utils/dom/create-listeners.js b/ui/packages/consul-ui/app/utils/dom/create-listeners.js
index 9d9d240ead3a..81d48ca23946 100644
--- a/ui/packages/consul-ui/app/utils/dom/create-listeners.js
+++ b/ui/packages/consul-ui/app/utils/dom/create-listeners.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 class Listeners {
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/blocking.js b/ui/packages/consul-ui/app/utils/dom/event-source/blocking.js
index 69781b89c3a5..c5cf8c47b1fd 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/blocking.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/blocking.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/cache.js b/ui/packages/consul-ui/app/utils/dom/event-source/cache.js
index 35d7f88aedca..5427a72b49af 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/cache.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/cache.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (source, DefaultEventSource, P = Promise) {
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/callable.js b/ui/packages/consul-ui/app/utils/dom/event-source/callable.js
index 83ffce264f35..d96b40e79d47 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/callable.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/callable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export const defaultRunner = function (target, configuration, isClosed) {
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/index.js b/ui/packages/consul-ui/app/utils/dom/event-source/index.js
index 9448c9325f34..f8b3dcffa82c 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/index.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import ObjectProxy from '@ember/object/proxy';
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/openable.js b/ui/packages/consul-ui/app/utils/dom/event-source/openable.js
index f5972cf1991c..0611663abe26 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/openable.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/openable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/proxy.js b/ui/packages/consul-ui/app/utils/dom/event-source/proxy.js
index 8b9fc08c608b..963a7401c6d1 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/proxy.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/proxy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { get, set } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/resolver.js b/ui/packages/consul-ui/app/utils/dom/event-source/resolver.js
index 37d05dab0084..52560b9f318b 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/resolver.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/resolver.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (P = Promise) {
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/storage.js b/ui/packages/consul-ui/app/utils/dom/event-source/storage.js
index 273203626de9..66f56581f331 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/storage.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (EventTarget, P = Promise) {
diff --git a/ui/packages/consul-ui/app/utils/dom/get-component-factory.js b/ui/packages/consul-ui/app/utils/dom/get-component-factory.js
index 71605d9d55c8..d10c486646fb 100644
--- a/ui/packages/consul-ui/app/utils/dom/get-component-factory.js
+++ b/ui/packages/consul-ui/app/utils/dom/get-component-factory.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (owner, key = '-view-registry:main') {
diff --git a/ui/packages/consul-ui/app/utils/dom/is-outside.js b/ui/packages/consul-ui/app/utils/dom/is-outside.js
index b1434e418757..ea52f0492851 100644
--- a/ui/packages/consul-ui/app/utils/dom/is-outside.js
+++ b/ui/packages/consul-ui/app/utils/dom/is-outside.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (el, target, doc = document) {
diff --git a/ui/packages/consul-ui/app/utils/dom/normalize-event.js b/ui/packages/consul-ui/app/utils/dom/normalize-event.js
index 6bfd0c6a7d45..206fcee9dc5b 100644
--- a/ui/packages/consul-ui/app/utils/dom/normalize-event.js
+++ b/ui/packages/consul-ui/app/utils/dom/normalize-event.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (e, value, target = {}) {
diff --git a/ui/packages/consul-ui/app/utils/dom/qsa-factory.js b/ui/packages/consul-ui/app/utils/dom/qsa-factory.js
index e694d3bce358..fdaa675e9d89 100644
--- a/ui/packages/consul-ui/app/utils/dom/qsa-factory.js
+++ b/ui/packages/consul-ui/app/utils/dom/qsa-factory.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (doc = document) {
diff --git a/ui/packages/consul-ui/app/utils/dom/sibling.js b/ui/packages/consul-ui/app/utils/dom/sibling.js
index f0c4c7a39a7a..cd39e82ebb20 100644
--- a/ui/packages/consul-ui/app/utils/dom/sibling.js
+++ b/ui/packages/consul-ui/app/utils/dom/sibling.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (el, name) {
diff --git a/ui/packages/consul-ui/app/utils/editor/lint.js b/ui/packages/consul-ui/app/utils/editor/lint.js
index a1ed2aa254a2..4c3e824e44bb 100644
--- a/ui/packages/consul-ui/app/utils/editor/lint.js
+++ b/ui/packages/consul-ui/app/utils/editor/lint.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*global CodeMirror*/
diff --git a/ui/packages/consul-ui/app/utils/filter/index.js b/ui/packages/consul-ui/app/utils/filter/index.js
index 11e8f6f6f423..c46ec8452ca1 100644
--- a/ui/packages/consul-ui/app/utils/filter/index.js
+++ b/ui/packages/consul-ui/app/utils/filter/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import setHelpers from 'mnemonist/set';
diff --git a/ui/packages/consul-ui/app/utils/form/builder.js b/ui/packages/consul-ui/app/utils/form/builder.js
index ee9ad69bf47e..0d9572ec9c44 100644
--- a/ui/packages/consul-ui/app/utils/form/builder.js
+++ b/ui/packages/consul-ui/app/utils/form/builder.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { get, set } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/form/changeset.js b/ui/packages/consul-ui/app/utils/form/changeset.js
index 64f517f31762..0fd007267904 100644
--- a/ui/packages/consul-ui/app/utils/form/changeset.js
+++ b/ui/packages/consul-ui/app/utils/form/changeset.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/get-environment.js b/ui/packages/consul-ui/app/utils/get-environment.js
index 7c32f66ea218..a4284a24f7d4 100644
--- a/ui/packages/consul-ui/app/utils/get-environment.js
+++ b/ui/packages/consul-ui/app/utils/get-environment.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { runInDebug } from '@ember/debug';
diff --git a/ui/packages/consul-ui/app/utils/get-form-name-property.js b/ui/packages/consul-ui/app/utils/get-form-name-property.js
index f4fe82a9c418..b67f0a0c5d36 100644
--- a/ui/packages/consul-ui/app/utils/get-form-name-property.js
+++ b/ui/packages/consul-ui/app/utils/get-form-name-property.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (name) {
diff --git a/ui/packages/consul-ui/app/utils/helpers/call-if-type.js b/ui/packages/consul-ui/app/utils/helpers/call-if-type.js
index ce1d32dc8c78..440daab7d88c 100644
--- a/ui/packages/consul-ui/app/utils/helpers/call-if-type.js
+++ b/ui/packages/consul-ui/app/utils/helpers/call-if-type.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (type) {
diff --git a/ui/packages/consul-ui/app/utils/http/consul.js b/ui/packages/consul-ui/app/utils/http/consul.js
index 48de335bbf1e..6e30b4cb09c5 100644
--- a/ui/packages/consul-ui/app/utils/http/consul.js
+++ b/ui/packages/consul-ui/app/utils/http/consul.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // TODO: Need to make all these headers capital case
diff --git a/ui/packages/consul-ui/app/utils/http/create-headers.js b/ui/packages/consul-ui/app/utils/http/create-headers.js
index 72bf9a9e3ba0..842e80895278 100644
--- a/ui/packages/consul-ui/app/utils/http/create-headers.js
+++ b/ui/packages/consul-ui/app/utils/http/create-headers.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function () {
diff --git a/ui/packages/consul-ui/app/utils/http/create-query-params.js b/ui/packages/consul-ui/app/utils/http/create-query-params.js
index 9141c02dde28..54c6b5486416 100644
--- a/ui/packages/consul-ui/app/utils/http/create-query-params.js
+++ b/ui/packages/consul-ui/app/utils/http/create-query-params.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (encode = encodeURIComponent) {
diff --git a/ui/packages/consul-ui/app/utils/http/create-url.js b/ui/packages/consul-ui/app/utils/http/create-url.js
index ecf7fef7b82b..ad7e40d1c544 100644
--- a/ui/packages/consul-ui/app/utils/http/create-url.js
+++ b/ui/packages/consul-ui/app/utils/http/create-url.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // const METHOD_PARSING = 0;
diff --git a/ui/packages/consul-ui/app/utils/http/error.js b/ui/packages/consul-ui/app/utils/http/error.js
index 8e4b0ff49ac3..7bfbddb8a50d 100644
--- a/ui/packages/consul-ui/app/utils/http/error.js
+++ b/ui/packages/consul-ui/app/utils/http/error.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default class extends Error {
diff --git a/ui/packages/consul-ui/app/utils/http/headers.js b/ui/packages/consul-ui/app/utils/http/headers.js
index 90cd85627f31..bdd5802ed608 100644
--- a/ui/packages/consul-ui/app/utils/http/headers.js
+++ b/ui/packages/consul-ui/app/utils/http/headers.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export const CACHE_CONTROL = 'Cache-Control';
diff --git a/ui/packages/consul-ui/app/utils/http/method.js b/ui/packages/consul-ui/app/utils/http/method.js
index fdf2d319082f..9ed76983133d 100644
--- a/ui/packages/consul-ui/app/utils/http/method.js
+++ b/ui/packages/consul-ui/app/utils/http/method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export const PUT = 'PUT';
diff --git a/ui/packages/consul-ui/app/utils/http/request.js b/ui/packages/consul-ui/app/utils/http/request.js
index 6933fd0c35e3..3388566d861e 100644
--- a/ui/packages/consul-ui/app/utils/http/request.js
+++ b/ui/packages/consul-ui/app/utils/http/request.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import EventTarget from 'consul-ui/utils/dom/event-target/rsvp';
diff --git a/ui/packages/consul-ui/app/utils/http/status.js b/ui/packages/consul-ui/app/utils/http/status.js
index 8d5f59d43511..be6816ee2a55 100644
--- a/ui/packages/consul-ui/app/utils/http/status.js
+++ b/ui/packages/consul-ui/app/utils/http/status.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export const OK = 200;
diff --git a/ui/packages/consul-ui/app/utils/http/xhr.js b/ui/packages/consul-ui/app/utils/http/xhr.js
index 0698f54e0520..fcb688ed9c60 100644
--- a/ui/packages/consul-ui/app/utils/http/xhr.js
+++ b/ui/packages/consul-ui/app/utils/http/xhr.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (parseHeaders, XHR) {
diff --git a/ui/packages/consul-ui/app/utils/intl/missing-message.js b/ui/packages/consul-ui/app/utils/intl/missing-message.js
index 17a78fea9919..a638cb7eddcf 100644
--- a/ui/packages/consul-ui/app/utils/intl/missing-message.js
+++ b/ui/packages/consul-ui/app/utils/intl/missing-message.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint no-console: ["error", { allow: ["debug"] }] */
diff --git a/ui/packages/consul-ui/app/utils/isFolder.js b/ui/packages/consul-ui/app/utils/isFolder.js
index 7b507b394111..55e8379c8c6e 100644
--- a/ui/packages/consul-ui/app/utils/isFolder.js
+++ b/ui/packages/consul-ui/app/utils/isFolder.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // Boolean if the key is a "folder" or not, i.e is a nested key
diff --git a/ui/packages/consul-ui/app/utils/keyToArray.js b/ui/packages/consul-ui/app/utils/keyToArray.js
index 632cf56a1ef9..763075ca3151 100644
--- a/ui/packages/consul-ui/app/utils/keyToArray.js
+++ b/ui/packages/consul-ui/app/utils/keyToArray.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/utils/left-trim.js b/ui/packages/consul-ui/app/utils/left-trim.js
index 1014e0cc7529..324412d83151 100644
--- a/ui/packages/consul-ui/app/utils/left-trim.js
+++ b/ui/packages/consul-ui/app/utils/left-trim.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function leftTrim(str = '', search = '') {
diff --git a/ui/packages/consul-ui/app/utils/maybe-call.js b/ui/packages/consul-ui/app/utils/maybe-call.js
index 54629d5f1b5b..c91bb3db8ea4 100644
--- a/ui/packages/consul-ui/app/utils/maybe-call.js
+++ b/ui/packages/consul-ui/app/utils/maybe-call.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/utils/merge-checks.js b/ui/packages/consul-ui/app/utils/merge-checks.js
index 2c8b69996ba1..ec26d0496c4e 100644
--- a/ui/packages/consul-ui/app/utils/merge-checks.js
+++ b/ui/packages/consul-ui/app/utils/merge-checks.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { get, set } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/minimizeModel.js b/ui/packages/consul-ui/app/utils/minimizeModel.js
index f3a11020c1e5..cec582a6f4ea 100644
--- a/ui/packages/consul-ui/app/utils/minimizeModel.js
+++ b/ui/packages/consul-ui/app/utils/minimizeModel.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/non-empty-set.js b/ui/packages/consul-ui/app/utils/non-empty-set.js
index 195db7ba26fe..62767b5876fc 100644
--- a/ui/packages/consul-ui/app/utils/non-empty-set.js
+++ b/ui/packages/consul-ui/app/utils/non-empty-set.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (prop) {
diff --git a/ui/packages/consul-ui/app/utils/path/resolve.js b/ui/packages/consul-ui/app/utils/path/resolve.js
index 71e40e62f33d..358e21e927f0 100644
--- a/ui/packages/consul-ui/app/utils/path/resolve.js
+++ b/ui/packages/consul-ui/app/utils/path/resolve.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/utils/promisedTimeout.js b/ui/packages/consul-ui/app/utils/promisedTimeout.js
index 12f9cc5dc317..5fc9b2d349e9 100644
--- a/ui/packages/consul-ui/app/utils/promisedTimeout.js
+++ b/ui/packages/consul-ui/app/utils/promisedTimeout.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (P = Promise, timeout = setTimeout) {
diff --git a/ui/packages/consul-ui/app/utils/right-trim.js b/ui/packages/consul-ui/app/utils/right-trim.js
index 1b388fc75328..9377126f5320 100644
--- a/ui/packages/consul-ui/app/utils/right-trim.js
+++ b/ui/packages/consul-ui/app/utils/right-trim.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function rightTrim(str = '', search = '') {
diff --git a/ui/packages/consul-ui/app/utils/routing/redirect-to.js b/ui/packages/consul-ui/app/utils/routing/redirect-to.js
index 8feceb97aefb..d8c3584af8f0 100644
--- a/ui/packages/consul-ui/app/utils/routing/redirect-to.js
+++ b/ui/packages/consul-ui/app/utils/routing/redirect-to.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (to, route) {
diff --git a/ui/packages/consul-ui/app/utils/routing/transitionable.js b/ui/packages/consul-ui/app/utils/routing/transitionable.js
index 48469f27b6ba..559d03e282ee 100644
--- a/ui/packages/consul-ui/app/utils/routing/transitionable.js
+++ b/ui/packages/consul-ui/app/utils/routing/transitionable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 const filter = function (routeName, atts, params) {
diff --git a/ui/packages/consul-ui/app/utils/routing/walk.js b/ui/packages/consul-ui/app/utils/routing/walk.js
index 516d03336c89..52320146ba0e 100644
--- a/ui/packages/consul-ui/app/utils/routing/walk.js
+++ b/ui/packages/consul-ui/app/utils/routing/walk.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { runInDebug } from '@ember/debug';
diff --git a/ui/packages/consul-ui/app/utils/routing/wildcard.js b/ui/packages/consul-ui/app/utils/routing/wildcard.js
index effe9d52dbeb..327bdcd24f70 100644
--- a/ui/packages/consul-ui/app/utils/routing/wildcard.js
+++ b/ui/packages/consul-ui/app/utils/routing/wildcard.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/search/exact.js b/ui/packages/consul-ui/app/utils/search/exact.js
index 63bf94950204..5c75251379fb 100644
--- a/ui/packages/consul-ui/app/utils/search/exact.js
+++ b/ui/packages/consul-ui/app/utils/search/exact.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import PredicateSearch from './predicate';
diff --git a/ui/packages/consul-ui/app/utils/search/fuzzy.js b/ui/packages/consul-ui/app/utils/search/fuzzy.js
index 6fcd85bf5758..670f10eda1e1 100644
--- a/ui/packages/consul-ui/app/utils/search/fuzzy.js
+++ b/ui/packages/consul-ui/app/utils/search/fuzzy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Fuse from 'fuse.js';
diff --git a/ui/packages/consul-ui/app/utils/search/predicate.js b/ui/packages/consul-ui/app/utils/search/predicate.js
index 81f88f197df6..5f8e0fe7ba5a 100644
--- a/ui/packages/consul-ui/app/utils/search/predicate.js
+++ b/ui/packages/consul-ui/app/utils/search/predicate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default class PredicateSearch {
diff --git a/ui/packages/consul-ui/app/utils/search/regexp.js b/ui/packages/consul-ui/app/utils/search/regexp.js
index 594b3158f282..bec9f5c95fc9 100644
--- a/ui/packages/consul-ui/app/utils/search/regexp.js
+++ b/ui/packages/consul-ui/app/utils/search/regexp.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import PredicateSearch from './predicate';
diff --git a/ui/packages/consul-ui/app/utils/storage/local-storage.js b/ui/packages/consul-ui/app/utils/storage/local-storage.js
index b9da10a9ce62..8da8946aa524 100644
--- a/ui/packages/consul-ui/app/utils/storage/local-storage.js
+++ b/ui/packages/consul-ui/app/utils/storage/local-storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/app/utils/templatize.js b/ui/packages/consul-ui/app/utils/templatize.js
index 439a8509b50c..9cd9cb1c5970 100644
--- a/ui/packages/consul-ui/app/utils/templatize.js
+++ b/ui/packages/consul-ui/app/utils/templatize.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (arr = []) {
diff --git a/ui/packages/consul-ui/app/utils/ticker/index.js b/ui/packages/consul-ui/app/utils/ticker/index.js
index 98e6f5e3d408..7c478ad9c513 100644
--- a/ui/packages/consul-ui/app/utils/ticker/index.js
+++ b/ui/packages/consul-ui/app/utils/ticker/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import EventTarget from 'consul-ui/utils/dom/event-target/rsvp';
diff --git a/ui/packages/consul-ui/app/utils/tomography.js b/ui/packages/consul-ui/app/utils/tomography.js
index d8550ef31717..0ebf422220a3 100644
--- a/ui/packages/consul-ui/app/utils/tomography.js
+++ b/ui/packages/consul-ui/app/utils/tomography.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // TODO: Istanbul is ignored for the moment as it's not mine,
diff --git a/ui/packages/consul-ui/app/utils/ucfirst.js b/ui/packages/consul-ui/app/utils/ucfirst.js
index 2a107007b8f6..ca55892670bd 100644
--- a/ui/packages/consul-ui/app/utils/ucfirst.js
+++ b/ui/packages/consul-ui/app/utils/ucfirst.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (str) {
diff --git a/ui/packages/consul-ui/app/utils/update-array-object.js b/ui/packages/consul-ui/app/utils/update-array-object.js
index 07034b5aaff8..4a98f9980fdd 100644
--- a/ui/packages/consul-ui/app/utils/update-array-object.js
+++ b/ui/packages/consul-ui/app/utils/update-array-object.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { get, set } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/validations/intention-permission-http-header.js b/ui/packages/consul-ui/app/validations/intention-permission-http-header.js
index ab561f0e40ad..931529a585ab 100644
--- a/ui/packages/consul-ui/app/validations/intention-permission-http-header.js
+++ b/ui/packages/consul-ui/app/validations/intention-permission-http-header.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { validatePresence } from 'ember-changeset-validations/validators';
diff --git a/ui/packages/consul-ui/app/validations/intention-permission.js b/ui/packages/consul-ui/app/validations/intention-permission.js
index c577da2b5b85..9e2194e7917d 100644
--- a/ui/packages/consul-ui/app/validations/intention-permission.js
+++ b/ui/packages/consul-ui/app/validations/intention-permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import {
diff --git a/ui/packages/consul-ui/app/validations/intention.js b/ui/packages/consul-ui/app/validations/intention.js
index 1029901056dd..bfc0960b1f7e 100644
--- a/ui/packages/consul-ui/app/validations/intention.js
+++ b/ui/packages/consul-ui/app/validations/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { validatePresence, validateLength } from 'ember-changeset-validations/validators';
diff --git a/ui/packages/consul-ui/app/validations/kv.js b/ui/packages/consul-ui/app/validations/kv.js
index 459ea5292670..ffccec1d76ed 100644
--- a/ui/packages/consul-ui/app/validations/kv.js
+++ b/ui/packages/consul-ui/app/validations/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { validatePresence, validateLength } from 'ember-changeset-validations/validators';
diff --git a/ui/packages/consul-ui/app/validations/policy.js b/ui/packages/consul-ui/app/validations/policy.js
index bf43615580cc..4c0b1ba50bb0 100644
--- a/ui/packages/consul-ui/app/validations/policy.js
+++ b/ui/packages/consul-ui/app/validations/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { validateFormat } from 'ember-changeset-validations/validators';
diff --git a/ui/packages/consul-ui/app/validations/role.js b/ui/packages/consul-ui/app/validations/role.js
index 01898d2ab07a..e7fb655999d5 100644
--- a/ui/packages/consul-ui/app/validations/role.js
+++ b/ui/packages/consul-ui/app/validations/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { validateFormat } from 'ember-changeset-validations/validators';
diff --git a/ui/packages/consul-ui/app/validations/sometimes.js b/ui/packages/consul-ui/app/validations/sometimes.js
index 7aaf58fd503a..d32ee3e9dffa 100644
--- a/ui/packages/consul-ui/app/validations/sometimes.js
+++ b/ui/packages/consul-ui/app/validations/sometimes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint-disable no-prototype-builtins */
diff --git a/ui/packages/consul-ui/app/validations/token.js b/ui/packages/consul-ui/app/validations/token.js
index 092ac8f54e88..21717bcb3fdd 100644
--- a/ui/packages/consul-ui/app/validations/token.js
+++ b/ui/packages/consul-ui/app/validations/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default {};
diff --git a/ui/packages/consul-ui/blueprints/adapter-test/index.js b/ui/packages/consul-ui/blueprints/adapter-test/index.js
index 0ce9928190e3..8f832005f3ff 100644
--- a/ui/packages/consul-ui/blueprints/adapter-test/index.js
+++ b/ui/packages/consul-ui/blueprints/adapter-test/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/integration/adapters/__test__.js b/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/integration/adapters/__test__.js
index 2742ef8596b7..ad0ab0b79806 100644
--- a/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/integration/adapters/__test__.js
+++ b/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/integration/adapters/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/unit/adapters/__test__.js b/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/unit/adapters/__test__.js
index 904be2bfcc77..89a2c27facbc 100644
--- a/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/unit/adapters/__test__.js
+++ b/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/unit/adapters/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/adapter/files/__root__/__path__/__name__.js b/ui/packages/consul-ui/blueprints/adapter/files/__root__/__path__/__name__.js
index 9639e65b306e..c3d1b3a58df4 100644
--- a/ui/packages/consul-ui/blueprints/adapter/files/__root__/__path__/__name__.js
+++ b/ui/packages/consul-ui/blueprints/adapter/files/__root__/__path__/__name__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/blueprints/adapter/index.js b/ui/packages/consul-ui/blueprints/adapter/index.js
index 95dae5d4c66b..6abbb5cd75bf 100644
--- a/ui/packages/consul-ui/blueprints/adapter/index.js
+++ b/ui/packages/consul-ui/blueprints/adapter/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/blueprints/component/files/__root__/__templatepath__/__templatename__.hbs b/ui/packages/consul-ui/blueprints/component/files/__root__/__templatepath__/__templatename__.hbs
index fca792f507c0..4c7b4919504a 100644
--- a/ui/packages/consul-ui/blueprints/component/files/__root__/__templatepath__/__templatename__.hbs
+++ b/ui/packages/consul-ui/blueprints/component/files/__root__/__templatepath__/__templatename__.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/blueprints/component/index.js b/ui/packages/consul-ui/blueprints/component/index.js
index e8a9a5843541..d09784b46b09 100644
--- a/ui/packages/consul-ui/blueprints/component/index.js
+++ b/ui/packages/consul-ui/blueprints/component/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 module.exports = Object.assign(require('ember-source/blueprints/component/index.js'));
diff --git a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__.scss b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__.scss
index d300819f788e..f3b2523ee741 100644
--- a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__.scss
+++ b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './<%= dasherizedModuleName %>/index';
diff --git a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/index.scss b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/index.scss
index c447606291f2..981c57196e01 100644
--- a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/index.scss
+++ b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/layout.scss b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/layout.scss
index b3eb6ad825ac..0937c16e84de 100644
--- a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/layout.scss
+++ b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %<%= dasherizedModuleName %> {
diff --git a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/skin.scss b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/skin.scss
index bb4874940a05..dbdca6fcf179 100644
--- a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/skin.scss
+++ b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 %<%= dasherizedModuleName %> {
diff --git a/ui/packages/consul-ui/blueprints/css-component/index.js b/ui/packages/consul-ui/blueprints/css-component/index.js
index d1b2d2f2108e..7c78cda38cce 100644
--- a/ui/packages/consul-ui/blueprints/css-component/index.js
+++ b/ui/packages/consul-ui/blueprints/css-component/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/blueprints/model-test/index.js b/ui/packages/consul-ui/blueprints/model-test/index.js
index 48b8fc51b8f0..f150de2c13eb 100644
--- a/ui/packages/consul-ui/blueprints/model-test/index.js
+++ b/ui/packages/consul-ui/blueprints/model-test/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/blueprints/model-test/qunit-files/__root__/__path__/unit/models/__test__.js b/ui/packages/consul-ui/blueprints/model-test/qunit-files/__root__/__path__/unit/models/__test__.js
index 57afdbaa9281..d59a0b3f0042 100644
--- a/ui/packages/consul-ui/blueprints/model-test/qunit-files/__root__/__path__/unit/models/__test__.js
+++ b/ui/packages/consul-ui/blueprints/model-test/qunit-files/__root__/__path__/unit/models/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/model/files/__root__/__path__/__name__.js b/ui/packages/consul-ui/blueprints/model/files/__root__/__path__/__name__.js
index 54491b6032e1..9a5f9b0e8d78 100644
--- a/ui/packages/consul-ui/blueprints/model/files/__root__/__path__/__name__.js
+++ b/ui/packages/consul-ui/blueprints/model/files/__root__/__path__/__name__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Model from 'ember-data/model';
diff --git a/ui/packages/consul-ui/blueprints/model/index.js b/ui/packages/consul-ui/blueprints/model/index.js
index 5d29eb715a99..8e6dbb641b8e 100644
--- a/ui/packages/consul-ui/blueprints/model/index.js
+++ b/ui/packages/consul-ui/blueprints/model/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/blueprints/repository-test/index.js b/ui/packages/consul-ui/blueprints/repository-test/index.js
index caec388bcaa3..31299be1fd09 100644
--- a/ui/packages/consul-ui/blueprints/repository-test/index.js
+++ b/ui/packages/consul-ui/blueprints/repository-test/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/integration/services/repository/__test__.js b/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/integration/services/repository/__test__.js
index 2e49a974ec68..c35831f7cb98 100644
--- a/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/integration/services/repository/__test__.js
+++ b/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/integration/services/repository/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { moduleFor, test } from 'ember-qunit';
diff --git a/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/unit/services/repository/__test__.js b/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/unit/services/repository/__test__.js
index e0cbd6ca16d9..0c5c7cf4ec92 100644
--- a/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/unit/services/repository/__test__.js
+++ b/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/unit/services/repository/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/repository/files/__root__/__path__/__name__.js b/ui/packages/consul-ui/blueprints/repository/files/__root__/__path__/__name__.js
index 5467bd951ae0..56f8263c0de6 100644
--- a/ui/packages/consul-ui/blueprints/repository/files/__root__/__path__/__name__.js
+++ b/ui/packages/consul-ui/blueprints/repository/files/__root__/__path__/__name__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/blueprints/repository/index.js b/ui/packages/consul-ui/blueprints/repository/index.js
index dc6e16b271e2..6c1dd01abc74 100644
--- a/ui/packages/consul-ui/blueprints/repository/index.js
+++ b/ui/packages/consul-ui/blueprints/repository/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/blueprints/route-test/index.js b/ui/packages/consul-ui/blueprints/route-test/index.js
index 3af54990cca0..8474fc5b600b 100644
--- a/ui/packages/consul-ui/blueprints/route-test/index.js
+++ b/ui/packages/consul-ui/blueprints/route-test/index.js
@@ -1,4 +1,4 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
diff --git a/ui/packages/consul-ui/blueprints/route/index.js b/ui/packages/consul-ui/blueprints/route/index.js
index fd258728874d..aaa76f8c46c1 100644
--- a/ui/packages/consul-ui/blueprints/route/index.js
+++ b/ui/packages/consul-ui/blueprints/route/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint-env node */
diff --git a/ui/packages/consul-ui/blueprints/route/native-files/__root__/__templatepath__/__templatename__.hbs b/ui/packages/consul-ui/blueprints/route/native-files/__root__/__templatepath__/__templatename__.hbs
index 643b356c88b8..864de38d70cb 100644
--- a/ui/packages/consul-ui/blueprints/route/native-files/__root__/__templatepath__/__templatename__.hbs
+++ b/ui/packages/consul-ui/blueprints/route/native-files/__root__/__templatepath__/__templatename__.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: MPL-2.0
+  SPDX-License-Identifier: BUSL-1.1
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/blueprints/serializer-test/index.js b/ui/packages/consul-ui/blueprints/serializer-test/index.js
index 98400441bb67..15fb83f02939 100644
--- a/ui/packages/consul-ui/blueprints/serializer-test/index.js
+++ b/ui/packages/consul-ui/blueprints/serializer-test/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/integration/serializers/__test__.js b/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/integration/serializers/__test__.js
index 412fc70c816d..836591cad32e 100644
--- a/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/integration/serializers/__test__.js
+++ b/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/integration/serializers/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/unit/serializers/__test__.js b/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/unit/serializers/__test__.js
index 8a65c26d50da..1335f1c0c877 100644
--- a/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/unit/serializers/__test__.js
+++ b/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/unit/serializers/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/serializer/files/__root__/__path__/__name__.js b/ui/packages/consul-ui/blueprints/serializer/files/__root__/__path__/__name__.js
index dd9dd41a097d..ea3d43baa6e6 100644
--- a/ui/packages/consul-ui/blueprints/serializer/files/__root__/__path__/__name__.js
+++ b/ui/packages/consul-ui/blueprints/serializer/files/__root__/__path__/__name__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/blueprints/serializer/index.js b/ui/packages/consul-ui/blueprints/serializer/index.js
index 024ba58bf19a..7109e43af70b 100644
--- a/ui/packages/consul-ui/blueprints/serializer/index.js
+++ b/ui/packages/consul-ui/blueprints/serializer/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/config/deprecation-workflow.js b/ui/packages/consul-ui/config/deprecation-workflow.js
index fa35fd3fe93f..b0b4d1299d0b 100644
--- a/ui/packages/consul-ui/config/deprecation-workflow.js
+++ b/ui/packages/consul-ui/config/deprecation-workflow.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint-disable no-undef */
diff --git a/ui/packages/consul-ui/config/ember-intl.js b/ui/packages/consul-ui/config/ember-intl.js
index ecb20e0adb9b..e8cf4f4c7564 100644
--- a/ui/packages/consul-ui/config/ember-intl.js
+++ b/ui/packages/consul-ui/config/ember-intl.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* jshint node:true */
diff --git a/ui/packages/consul-ui/config/environment.js b/ui/packages/consul-ui/config/environment.js
index 7bdcac9e0508..66551a9ec2b0 100644
--- a/ui/packages/consul-ui/config/environment.js
+++ b/ui/packages/consul-ui/config/environment.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // All of the configuration here is shared between buildtime and runtime and
diff --git a/ui/packages/consul-ui/config/targets.js b/ui/packages/consul-ui/config/targets.js
index 97bbb306de4e..0eaba1021893 100644
--- a/ui/packages/consul-ui/config/targets.js
+++ b/ui/packages/consul-ui/config/targets.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/config/utils.js b/ui/packages/consul-ui/config/utils.js
index aebed969fbaa..0b43caee75bb 100644
--- a/ui/packages/consul-ui/config/utils.js
+++ b/ui/packages/consul-ui/config/utils.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 const read = require('fs').readFileSync;
diff --git a/ui/packages/consul-ui/ember-cli-build.js b/ui/packages/consul-ui/ember-cli-build.js
index 9bbe5dc0bf0a..c483cbf678aa 100644
--- a/ui/packages/consul-ui/ember-cli-build.js
+++ b/ui/packages/consul-ui/ember-cli-build.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*eslint ember/no-jquery: "off", ember/no-global-jquery: "off"*/
diff --git a/ui/packages/consul-ui/lib/.eslintrc.js b/ui/packages/consul-ui/lib/.eslintrc.js
index d9cd7d7b77a6..44a958908fe4 100644
--- a/ui/packages/consul-ui/lib/.eslintrc.js
+++ b/ui/packages/consul-ui/lib/.eslintrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 module.exports = {
diff --git a/ui/packages/consul-ui/lib/colocated-components/index.js b/ui/packages/consul-ui/lib/colocated-components/index.js
index fe162a843a88..b388833dce2a 100644
--- a/ui/packages/consul-ui/lib/colocated-components/index.js
+++ b/ui/packages/consul-ui/lib/colocated-components/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/lib/commands/bin/list.js b/ui/packages/consul-ui/lib/commands/bin/list.js
index 5d81554b34a5..a4b9c575b8ec 100755
--- a/ui/packages/consul-ui/lib/commands/bin/list.js
+++ b/ui/packages/consul-ui/lib/commands/bin/list.js
@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 require('../lib/list.js')(`${process.cwd()}/tests/steps.js`);
diff --git a/ui/packages/consul-ui/lib/commands/index.js b/ui/packages/consul-ui/lib/commands/index.js
index 24af425f7155..7a5249938942 100644
--- a/ui/packages/consul-ui/lib/commands/index.js
+++ b/ui/packages/consul-ui/lib/commands/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint no-console: "off" */
diff --git a/ui/packages/consul-ui/lib/commands/lib/list.js b/ui/packages/consul-ui/lib/commands/lib/list.js
index 35569b29a5da..ce067d41785e 100644
--- a/ui/packages/consul-ui/lib/commands/lib/list.js
+++ b/ui/packages/consul-ui/lib/commands/lib/list.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint no-console: "off" */
diff --git a/ui/packages/consul-ui/lib/custom-element/index.js b/ui/packages/consul-ui/lib/custom-element/index.js
index 0744fcf7aa29..0029bd6e1cf0 100644
--- a/ui/packages/consul-ui/lib/custom-element/index.js
+++ b/ui/packages/consul-ui/lib/custom-element/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/lib/startup/index.js b/ui/packages/consul-ui/lib/startup/index.js
index e7947fb19ced..c35697b23ef8 100644
--- a/ui/packages/consul-ui/lib/startup/index.js
+++ b/ui/packages/consul-ui/lib/startup/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint-env node */
diff --git a/ui/packages/consul-ui/lib/startup/templates/body.html.js b/ui/packages/consul-ui/lib/startup/templates/body.html.js
index f8312009db59..93d25f96018b 100644
--- a/ui/packages/consul-ui/lib/startup/templates/body.html.js
+++ b/ui/packages/consul-ui/lib/startup/templates/body.html.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // rootURL in production equals `{{.ContentPath}}` and therefore is replaced
diff --git a/ui/packages/consul-ui/lib/startup/templates/head.html.js b/ui/packages/consul-ui/lib/startup/templates/head.html.js
index 22e6006f8adc..2b5f8424d7e9 100644
--- a/ui/packages/consul-ui/lib/startup/templates/head.html.js
+++ b/ui/packages/consul-ui/lib/startup/templates/head.html.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // rootURL in production equals `{{.ContentPath}}` and therefore is replaced
diff --git a/ui/packages/consul-ui/node-tests/config/environment.js b/ui/packages/consul-ui/node-tests/config/environment.js
index 60eecbbae87c..4779500d63ac 100644
--- a/ui/packages/consul-ui/node-tests/config/environment.js
+++ b/ui/packages/consul-ui/node-tests/config/environment.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint-env node */
diff --git a/ui/packages/consul-ui/node-tests/config/utils.js b/ui/packages/consul-ui/node-tests/config/utils.js
index eb072ada1bf5..76050e5bf3cf 100644
--- a/ui/packages/consul-ui/node-tests/config/utils.js
+++ b/ui/packages/consul-ui/node-tests/config/utils.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint-env node */
diff --git a/ui/packages/consul-ui/server/index.js b/ui/packages/consul-ui/server/index.js
index 009aade9afba..f708225412d2 100644
--- a/ui/packages/consul-ui/server/index.js
+++ b/ui/packages/consul-ui/server/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/tailwind.config.js b/ui/packages/consul-ui/tailwind.config.js
index 73179891f503..fce13d56ec38 100644
--- a/ui/packages/consul-ui/tailwind.config.js
+++ b/ui/packages/consul-ui/tailwind.config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /** @type {import('tailwindcss').Config} */
diff --git a/ui/packages/consul-ui/testem.js b/ui/packages/consul-ui/testem.js
index 07f94acd6a54..f1eb56984053 100644
--- a/ui/packages/consul-ui/testem.js
+++ b/ui/packages/consul-ui/testem.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 module.exports = {
diff --git a/ui/packages/consul-ui/tests/acceptance/hcp-login-test.js b/ui/packages/consul-ui/tests/acceptance/hcp-login-test.js
index 3914de0e254e..4c401f80ce38 100644
--- a/ui/packages/consul-ui/tests/acceptance/hcp-login-test.js
+++ b/ui/packages/consul-ui/tests/acceptance/hcp-login-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/api-prefix-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/api-prefix-steps.js
index e3966b705609..34f897464f31 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/api-prefix-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/api-prefix-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/acl-filter-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/acl-filter-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/acl-filter-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/acl-filter-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-filter-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-filter-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-filter-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-filter-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-toolbar-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-toolbar-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-toolbar-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-toolbar-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/copy-button-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/copy-button-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/copy-button-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/copy-button-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/kv-filter-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/kv-filter-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/kv-filter-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/kv-filter-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/text-input-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/text-input-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/text-input-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/text-input-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/access-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/access-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/access-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/access-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/index-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/navigation-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/sorting-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/index-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/list-order-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/list-order-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/list-order-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/list-order-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-existing-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-existing-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-existing-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-existing-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-new-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-new-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-new-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-new-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/list-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/nspaces-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/nspaces-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/nspaces-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/nspaces-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/remove-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/remove-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/remove-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/remove-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/reset-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/reset-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/reset-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/reset-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/create-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/delete-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/index-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/navigation-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/sorting-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/update-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-management-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-management-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-management-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-management-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-existing-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-existing-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-existing-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-existing-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-new-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-new-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-new-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-new-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/list-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/remove-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/remove-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/remove-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/remove-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/create-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/index-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/navigation-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/sorting-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/update-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/anonymous-no-delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/anonymous-no-delete-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/anonymous-no-delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/anonymous-no-delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/clone-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/clone-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/clone-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/clone-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/create-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/index-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/legacy/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/legacy/update-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/legacy/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/legacy/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-errors-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-errors-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-errors-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-errors-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/navigation-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/own-no-delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/own-no-delete-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/own-no-delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/own-no-delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/sorting-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/update-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/use-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/use-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/use-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/use-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/update-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/use-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/use-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/use-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/use-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/error-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/error-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/error-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/error-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/forwarding-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/forwarding-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/forwarding-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/forwarding-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/index-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/create-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/delete-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/filtered-select-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/filtered-select-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/filtered-select-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/filtered-select-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/form-select-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/form-select-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/form-select-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/form-select-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/index-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/navigation-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/create-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/warn-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/warn-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/warn-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/warn-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/read-only-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/read-only-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/read-only-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/read-only-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/sorting-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/update-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kv/index/view-kvs-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kv/index/view-kvs-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kv/index/view-kvs-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kv/index/view-kvs-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/create-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/delete-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/edit-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/edit-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/edit-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/edit-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/index-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/list-order-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/list-order-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/list-order-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/list-order-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/sessions/invalidate-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/sessions/invalidate-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/sessions/invalidate-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/sessions/invalidate-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/trailing-slash-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/trailing-slash-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/trailing-slash-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/trailing-slash-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/update-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/list-blocking-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/list-blocking-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/list-blocking-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/list-blocking-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/list-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/empty-ids-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/empty-ids-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/empty-ids-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/empty-ids-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index/view-nodes-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index/view-nodes-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index/view-nodes-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index/view-nodes-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/navigation-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/no-leader-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/no-leader-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/no-leader-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/no-leader-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/services/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/services/list-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/services/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/services/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/invalidate-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/invalidate-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/invalidate-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/invalidate-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/list-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show/health-checks-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show/health-checks-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show/health-checks-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show/health-checks-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sorting-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/create-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/delete-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/index-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/manage-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/manage-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/manage-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/manage-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/sorting-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/update-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/create-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/delete-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/establish-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/establish-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/establish-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/establish-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/index-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/regenerate-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/regenerate-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/regenerate-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/regenerate-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/show-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/show-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/show-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/show-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/routing-config-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/routing-config-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/routing-config-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/routing-config-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/dc-switch-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/dc-switch-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/dc-switch-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/dc-switch-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/error-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/error-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/error-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/error-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index/view-services-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index/view-services-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index/view-services-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index/view-services-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/error-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/error-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/error-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/error-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/exposed-paths-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/exposed-paths-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/exposed-paths-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/exposed-paths-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/gateway-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/gateway-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/gateway-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/gateway-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/health-checks-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/health-checks-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/health-checks-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/health-checks-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/navigation-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/proxy-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/proxy-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/proxy-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/proxy-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/show-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/show-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/show-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/show-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/sidecar-proxy-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/sidecar-proxy-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/sidecar-proxy-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/sidecar-proxy-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/upstreams-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/upstreams-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/upstreams-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/upstreams-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-proxy-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-proxy-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-proxy-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-proxy-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-sidecar-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-sidecar-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-sidecar-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-sidecar-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-blocking-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-blocking-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-blocking-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-blocking-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/navigation-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-routing-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-routing-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-routing-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-routing-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-with-slashes-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-with-slashes-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-with-slashes-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-with-slashes-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/dc-switch-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/dc-switch-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/dc-switch-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/dc-switch-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions-error-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions-error-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions-error-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions-error-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/create-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/index-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/navigation-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/services-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/services-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/services-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/services-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/tags-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/tags-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/tags-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/tags-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/empty-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/empty-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/empty-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/empty-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/index-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/intentions-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/intentions-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/intentions-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/intentions-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/metrics-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/metrics-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/metrics-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/metrics-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/notices-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/notices-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/notices-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/notices-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/routing-config-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/routing-config-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/routing-config-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/routing-config-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/stats-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/stats-steps.js
index 3b01da22552d..34a533faf8b7 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/stats-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/stats-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/upstreams-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/upstreams-steps.js
index dfa44050f9d6..34296881e74e 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/upstreams-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/upstreams-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/sorting-steps.js
index 1973b839ea10..f97b73cd6602 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/deleting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/deleting-steps.js
index e3966b705609..34f897464f31 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/deleting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/deleting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/index-forwarding-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/index-forwarding-steps.js
index e3966b705609..34f897464f31 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/index-forwarding-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/index-forwarding-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/login-errors-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/login-errors-steps.js
index e3966b705609..34f897464f31 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/login-errors-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/login-errors-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/login-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/login-steps.js
index e3966b705609..34f897464f31 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/login-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/login-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/navigation-links-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/navigation-links-steps.js
index e3966b705609..34f897464f31 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/navigation-links-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/navigation-links-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/nodes/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/nodes/sorting-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/nodes/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/nodes/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/page-navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/page-navigation-steps.js
index e3966b705609..34f897464f31 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/page-navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/page-navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/settings/show-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/settings/show-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/settings/show-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/settings/show-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/settings/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/settings/update-steps.js
index 01ce73ca5ade..9f2f33024ba5 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/settings/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/settings/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/startup-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/startup-steps.js
index e3966b705609..34f897464f31 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/startup-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/startup-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/steps.js b/ui/packages/consul-ui/tests/acceptance/steps/steps.js
index fa5253b88d0b..290749139962 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Inflector from 'ember-inflector';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/submit-blank-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/submit-blank-steps.js
index e3966b705609..34f897464f31 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/submit-blank-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/submit-blank-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/token-header-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/token-header-steps.js
index e3966b705609..34f897464f31 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/token-header-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/token-header-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/dictionary.js b/ui/packages/consul-ui/tests/dictionary.js
index a9f52342157f..0d39f99a32ea 100644
--- a/ui/packages/consul-ui/tests/dictionary.js
+++ b/ui/packages/consul-ui/tests/dictionary.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint no-control-regex: "off" */
diff --git a/ui/packages/consul-ui/tests/helpers/api.js b/ui/packages/consul-ui/tests/helpers/api.js
index ff91fc74b34a..5d70913364f0 100644
--- a/ui/packages/consul-ui/tests/helpers/api.js
+++ b/ui/packages/consul-ui/tests/helpers/api.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import config from 'consul-ui/config/environment';
diff --git a/ui/packages/consul-ui/tests/helpers/destroy-app.js b/ui/packages/consul-ui/tests/helpers/destroy-app.js
index 43f7c95cfeb5..797ac5c748b4 100644
--- a/ui/packages/consul-ui/tests/helpers/destroy-app.js
+++ b/ui/packages/consul-ui/tests/helpers/destroy-app.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { run } from '@ember/runloop';
diff --git a/ui/packages/consul-ui/tests/helpers/flash-message.js b/ui/packages/consul-ui/tests/helpers/flash-message.js
index f98432d4e46b..fe35b65a9fca 100644
--- a/ui/packages/consul-ui/tests/helpers/flash-message.js
+++ b/ui/packages/consul-ui/tests/helpers/flash-message.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import FlashObject from 'ember-cli-flash/flash/object';
diff --git a/ui/packages/consul-ui/tests/helpers/get-nspace-runner.js b/ui/packages/consul-ui/tests/helpers/get-nspace-runner.js
index d2a44f1ae4d2..74fd2c18bb66 100644
--- a/ui/packages/consul-ui/tests/helpers/get-nspace-runner.js
+++ b/ui/packages/consul-ui/tests/helpers/get-nspace-runner.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (type) {
diff --git a/ui/packages/consul-ui/tests/helpers/measure.js b/ui/packages/consul-ui/tests/helpers/measure.js
index 7c2b49449303..6a4f36214cee 100644
--- a/ui/packages/consul-ui/tests/helpers/measure.js
+++ b/ui/packages/consul-ui/tests/helpers/measure.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint no-console: "off" */
diff --git a/ui/packages/consul-ui/tests/helpers/module-for-acceptance.js b/ui/packages/consul-ui/tests/helpers/module-for-acceptance.js
index 3c500cf97b8e..0f9c096ffd13 100644
--- a/ui/packages/consul-ui/tests/helpers/module-for-acceptance.js
+++ b/ui/packages/consul-ui/tests/helpers/module-for-acceptance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/helpers/normalizers.js b/ui/packages/consul-ui/tests/helpers/normalizers.js
index 51013adb111b..cd887d3028bd 100644
--- a/ui/packages/consul-ui/tests/helpers/normalizers.js
+++ b/ui/packages/consul-ui/tests/helpers/normalizers.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export const createPolicies = function (item) {
diff --git a/ui/packages/consul-ui/tests/helpers/page.js b/ui/packages/consul-ui/tests/helpers/page.js
index 5c4e372c47e6..b8b1d0b25092 100644
--- a/ui/packages/consul-ui/tests/helpers/page.js
+++ b/ui/packages/consul-ui/tests/helpers/page.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 const mb = function (path) {
diff --git a/ui/packages/consul-ui/tests/helpers/repo.js b/ui/packages/consul-ui/tests/helpers/repo.js
index 2e6e213d6b42..736f004ad983 100644
--- a/ui/packages/consul-ui/tests/helpers/repo.js
+++ b/ui/packages/consul-ui/tests/helpers/repo.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { get as httpGet } from 'consul-ui/tests/helpers/api';
diff --git a/ui/packages/consul-ui/tests/helpers/set-cookies.js b/ui/packages/consul-ui/tests/helpers/set-cookies.js
index 58f53f5cb691..c8fc40cb8735 100644
--- a/ui/packages/consul-ui/tests/helpers/set-cookies.js
+++ b/ui/packages/consul-ui/tests/helpers/set-cookies.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (type, value, doc = document) {
diff --git a/ui/packages/consul-ui/tests/helpers/stub-super.js b/ui/packages/consul-ui/tests/helpers/stub-super.js
index 86341c46540b..3be402e32684 100644
--- a/ui/packages/consul-ui/tests/helpers/stub-super.js
+++ b/ui/packages/consul-ui/tests/helpers/stub-super.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /**
diff --git a/ui/packages/consul-ui/tests/helpers/type-to-url.js b/ui/packages/consul-ui/tests/helpers/type-to-url.js
index 43c8a6e76406..328851bad134 100644
--- a/ui/packages/consul-ui/tests/helpers/type-to-url.js
+++ b/ui/packages/consul-ui/tests/helpers/type-to-url.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (type) {
diff --git a/ui/packages/consul-ui/tests/helpers/yadda-annotations.js b/ui/packages/consul-ui/tests/helpers/yadda-annotations.js
index f1c5d7fe9e6c..4a991b08c92e 100644
--- a/ui/packages/consul-ui/tests/helpers/yadda-annotations.js
+++ b/ui/packages/consul-ui/tests/helpers/yadda-annotations.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/index.html b/ui/packages/consul-ui/tests/index.html
index b1582c0408e4..67721753d4f5 100644
--- a/ui/packages/consul-ui/tests/index.html
+++ b/ui/packages/consul-ui/tests/index.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <!--
  Copyright (c) HashiCorp, Inc.
- SPDX-License-Identifier: MPL-2.0
+ SPDX-License-Identifier: BUSL-1.1
 -->
 
 <html class="{{content-for "root-class"}}">
diff --git a/ui/packages/consul-ui/tests/integration/adapters/auth-method-test.js b/ui/packages/consul-ui/tests/integration/adapters/auth-method-test.js
index fbec9c25c32a..a0ec88808219 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/binding-rule-test.js b/ui/packages/consul-ui/tests/integration/adapters/binding-rule-test.js
index 8988a520ad47..bc86968ee9eb 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/binding-rule-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/binding-rule-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/coordinate-test.js b/ui/packages/consul-ui/tests/integration/adapters/coordinate-test.js
index e43abd01fb38..769e0dcef0e5 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/discovery-chain-test.js b/ui/packages/consul-ui/tests/integration/adapters/discovery-chain-test.js
index e5462a584589..4726c9df64d7 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/intention-test.js b/ui/packages/consul-ui/tests/integration/adapters/intention-test.js
index 577abfea8a7f..821914ab86d5 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/intention-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/kv-test.js b/ui/packages/consul-ui/tests/integration/adapters/kv-test.js
index a2e0afc7fc3b..539f353e889e 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/kv-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/node-test.js b/ui/packages/consul-ui/tests/integration/adapters/node-test.js
index 74a1978f94e7..dd30d7872918 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/node-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/nspace-test.js b/ui/packages/consul-ui/tests/integration/adapters/nspace-test.js
index 531d5ab169f6..47ad8f581077 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/nspace-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/nspace-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/oidc-provider-test.js b/ui/packages/consul-ui/tests/integration/adapters/oidc-provider-test.js
index eab308e3cdd1..d9995384e5a1 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/partition-test.js b/ui/packages/consul-ui/tests/integration/adapters/partition-test.js
index 7c436c6f3f88..949a1589291d 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/partition-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/permission-test.js b/ui/packages/consul-ui/tests/integration/adapters/permission-test.js
index 7a1e867f2e0f..a3ca0fe738be 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/permission-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/permission-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/policy-test.js b/ui/packages/consul-ui/tests/integration/adapters/policy-test.js
index 990d85d07128..542ba3d25f14 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/policy-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/role-test.js b/ui/packages/consul-ui/tests/integration/adapters/role-test.js
index f19802652360..6a0eea75f280 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/role-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/service-instance-test.js b/ui/packages/consul-ui/tests/integration/adapters/service-instance-test.js
index 5dc072668fd9..69b743d4a600 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/service-test.js b/ui/packages/consul-ui/tests/integration/adapters/service-test.js
index a7663cd6eeef..a2638cfc9692 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/service-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/session-test.js b/ui/packages/consul-ui/tests/integration/adapters/session-test.js
index da3cf3e45832..917889eb84bf 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/session-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/token-test.js b/ui/packages/consul-ui/tests/integration/adapters/token-test.js
index 518f4bc86160..0b32c1165f24 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/token-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/topology-test.js b/ui/packages/consul-ui/tests/integration/adapters/topology-test.js
index 1129655bf9a0..67904b2cbf1e 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/topology-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/topology-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/app-view-test.js b/ui/packages/consul-ui/tests/integration/components/app-view-test.js
index 7e05ddc21a46..f6dca3bd043d 100644
--- a/ui/packages/consul-ui/tests/integration/components/app-view-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/app-view-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/aria-menu-test.js b/ui/packages/consul-ui/tests/integration/components/aria-menu-test.js
index 191d00ef9f50..69e34cb0191a 100644
--- a/ui/packages/consul-ui/tests/integration/components/aria-menu-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/aria-menu-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/auth-profile-test.js b/ui/packages/consul-ui/tests/integration/components/auth-profile-test.js
index 0b69051fd98b..59f6173d954d 100644
--- a/ui/packages/consul-ui/tests/integration/components/auth-profile-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/auth-profile-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/code-editor-test.js b/ui/packages/consul-ui/tests/integration/components/code-editor-test.js
index 055e52f5841f..f0a5d9d2cbcc 100644
--- a/ui/packages/consul-ui/tests/integration/components/code-editor-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/code-editor-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/confirmation-dialog-test.js b/ui/packages/consul-ui/tests/integration/components/confirmation-dialog-test.js
index 82cb36d371c8..26e47951fb96 100644
--- a/ui/packages/consul-ui/tests/integration/components/confirmation-dialog-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/confirmation-dialog-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js b/ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js
index 609fae5d32c3..a8ba14b15943 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js b/ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js
index 21e276debb14..2394e3a16e9b 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/discovery-chain-test.js b/ui/packages/consul-ui/tests/integration/components/consul/discovery-chain-test.js
index 6e2b6bbc741c..32b49533a833 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/hcp/home-test.js b/ui/packages/consul-ui/tests/integration/components/consul/hcp/home-test.js
index 1cd839bf53da..99ac5e6e4a8d 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/hcp/home-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/hcp/home-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // temporary import until we are running as separate applications
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/form-test.js b/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/form-test.js
index 96d54eb975a4..8625b2d5c044 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/form-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/form-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/header/form-test.js b/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/header/form-test.js
index 518d2d269640..6d8ed7fb0dff 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/header/form-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/header/form-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/node/agentless-notice-test.js b/ui/packages/consul-ui/tests/integration/components/consul/node/agentless-notice-test.js
index 6c780bb1ca39..ce8daa2f84d7 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/node/agentless-notice-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/node/agentless-notice-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/data-collection-test.js b/ui/packages/consul-ui/tests/integration/components/data-collection-test.js
index 53a109092f57..8b79275829fe 100644
--- a/ui/packages/consul-ui/tests/integration/components/data-collection-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/data-collection-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/data-source-test.js b/ui/packages/consul-ui/tests/integration/components/data-source-test.js
index fc19b4277949..8007ae61c120 100644
--- a/ui/packages/consul-ui/tests/integration/components/data-source-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/data-source-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/delete-confirmation-test.js b/ui/packages/consul-ui/tests/integration/components/delete-confirmation-test.js
index b0c7592b3c4e..e662ca0c3693 100644
--- a/ui/packages/consul-ui/tests/integration/components/delete-confirmation-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/delete-confirmation-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/event-source-test.js b/ui/packages/consul-ui/tests/integration/components/event-source-test.js
index c17bc72ecb25..54af26cf76b2 100644
--- a/ui/packages/consul-ui/tests/integration/components/event-source-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/event-source-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/freetext-filter-test.js b/ui/packages/consul-ui/tests/integration/components/freetext-filter-test.js
index 7f4abd832476..9a665721ec64 100644
--- a/ui/packages/consul-ui/tests/integration/components/freetext-filter-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/freetext-filter-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js b/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js
index a893b7058794..7fb039532634 100644
--- a/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/jwt-source-test.js b/ui/packages/consul-ui/tests/integration/components/jwt-source-test.js
index a7101dd5c16e..21b82fc0826a 100644
--- a/ui/packages/consul-ui/tests/integration/components/jwt-source-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/jwt-source-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/list-collection-test.js b/ui/packages/consul-ui/tests/integration/components/list-collection-test.js
index 7d082b1b672c..6c951a96f67e 100644
--- a/ui/packages/consul-ui/tests/integration/components/list-collection-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/list-collection-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/oidc-select-test.js b/ui/packages/consul-ui/tests/integration/components/oidc-select-test.js
index 879db1c05a89..d662f4b105cc 100644
--- a/ui/packages/consul-ui/tests/integration/components/oidc-select-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/oidc-select-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/popover-menu-test.js b/ui/packages/consul-ui/tests/integration/components/popover-menu-test.js
index b187f459ba7e..b609aad0dc72 100644
--- a/ui/packages/consul-ui/tests/integration/components/popover-menu-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/popover-menu-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/radio-group-test.js b/ui/packages/consul-ui/tests/integration/components/radio-group-test.js
index 08bfa3fbd2e5..1e58f3926558 100644
--- a/ui/packages/consul-ui/tests/integration/components/radio-group-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/radio-group-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/ref-test.js b/ui/packages/consul-ui/tests/integration/components/ref-test.js
index 7d249d7e74cb..13bb955c7786 100644
--- a/ui/packages/consul-ui/tests/integration/components/ref-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/ref-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/resolver-card-test.js b/ui/packages/consul-ui/tests/integration/components/resolver-card-test.js
index ac3b8db22515..b8c48f25cb88 100644
--- a/ui/packages/consul-ui/tests/integration/components/resolver-card-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/resolver-card-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/route-card-test.js b/ui/packages/consul-ui/tests/integration/components/route-card-test.js
index de023a321928..36b6d7baf5b9 100644
--- a/ui/packages/consul-ui/tests/integration/components/route-card-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/route-card-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/splitter-card-test.js b/ui/packages/consul-ui/tests/integration/components/splitter-card-test.js
index 3d4b1933e3b3..2bf1a8b8e899 100644
--- a/ui/packages/consul-ui/tests/integration/components/splitter-card-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/splitter-card-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/state-test.js b/ui/packages/consul-ui/tests/integration/components/state-test.js
index a5b937ddc164..f93c60b5d09d 100644
--- a/ui/packages/consul-ui/tests/integration/components/state-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/state-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/tab-nav-test.js b/ui/packages/consul-ui/tests/integration/components/tab-nav-test.js
index 56ebcbfc5b79..992d051c1b67 100644
--- a/ui/packages/consul-ui/tests/integration/components/tab-nav-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/tab-nav-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/tabular-collection-test.js b/ui/packages/consul-ui/tests/integration/components/tabular-collection-test.js
index 6249df374b1b..1e1436270284 100644
--- a/ui/packages/consul-ui/tests/integration/components/tabular-collection-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/tabular-collection-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/tabular-details-test.js b/ui/packages/consul-ui/tests/integration/components/tabular-details-test.js
index c3a5979c5980..f3930e93a992 100644
--- a/ui/packages/consul-ui/tests/integration/components/tabular-details-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/tabular-details-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/tag-list-test.js b/ui/packages/consul-ui/tests/integration/components/tag-list-test.js
index 819a66ee84ac..6c6bda573dd4 100644
--- a/ui/packages/consul-ui/tests/integration/components/tag-list-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/tag-list-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/toggle-button-test.js b/ui/packages/consul-ui/tests/integration/components/toggle-button-test.js
index 8934f4c625fb..6bb68165401c 100644
--- a/ui/packages/consul-ui/tests/integration/components/toggle-button-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/toggle-button-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/token-list-test.js b/ui/packages/consul-ui/tests/integration/components/token-list-test.js
index f9e9042a96ee..60b71eca2aaa 100644
--- a/ui/packages/consul-ui/tests/integration/components/token-list-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/token-list-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/atob-test.js b/ui/packages/consul-ui/tests/integration/helpers/atob-test.js
index 6a3c15f4f783..fa1dc1f6a5d0 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/atob-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/atob-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/dom-position-test.js b/ui/packages/consul-ui/tests/integration/helpers/dom-position-test.js
index c6f45aabd5a8..b0d51b970756 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/dom-position-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/dom-position-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/duration-from-test.js b/ui/packages/consul-ui/tests/integration/helpers/duration-from-test.js
index c9b0be396366..2628d98b3bbb 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/duration-from-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/duration-from-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/format-short-time-test.js b/ui/packages/consul-ui/tests/integration/helpers/format-short-time-test.js
index 9c56efdc2673..be58137709c5 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/format-short-time-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/format-short-time-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/is-href-test.js b/ui/packages/consul-ui/tests/integration/helpers/is-href-test.js
index 6237fd0cd8f3..da95294b58d9 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/is-href-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/is-href-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/last-test.js b/ui/packages/consul-ui/tests/integration/helpers/last-test.js
index 979a59a6ad94..9ae69538ef89 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/last-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/last-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/left-trim-test.js b/ui/packages/consul-ui/tests/integration/helpers/left-trim-test.js
index ae27cf327f9a..bed82a171a6f 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/left-trim-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/left-trim-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/policy/datacenters-test.js b/ui/packages/consul-ui/tests/integration/helpers/policy/datacenters-test.js
index 8493a61bb8ba..8e2a0fed97ab 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/policy/datacenters-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/policy/datacenters-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js b/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js
index 44d2dec68289..e230744cae23 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/render-template-test.js b/ui/packages/consul-ui/tests/integration/helpers/render-template-test.js
index 82a9a45e9f77..74cc7586840c 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/render-template-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/render-template-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/right-trim-test.js b/ui/packages/consul-ui/tests/integration/helpers/right-trim-test.js
index 7233b7323267..289a27302b66 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/right-trim-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/right-trim-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/route-match-test.js b/ui/packages/consul-ui/tests/integration/helpers/route-match-test.js
index a5ed30edb7a9..9437d05773ac 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/route-match-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/route-match-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/searchable-test.js b/ui/packages/consul-ui/tests/integration/helpers/searchable-test.js
index 88ba0cf9a4df..e976e6216ae5 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/searchable-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/searchable-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/service/card-permissions-test.js b/ui/packages/consul-ui/tests/integration/helpers/service/card-permissions-test.js
index ee2c0c7643a2..b537f6c70573 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/service/card-permissions-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/service/card-permissions-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/service/external-source-test.js b/ui/packages/consul-ui/tests/integration/helpers/service/external-source-test.js
index 10e46f07e179..de1e810a0b8a 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/service/external-source-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/service/external-source-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/service/health-percentage-test.js b/ui/packages/consul-ui/tests/integration/helpers/service/health-percentage-test.js
index a6cfb3221c57..37ef964cf29d 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/service/health-percentage-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/service/health-percentage-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/slugify-test.js b/ui/packages/consul-ui/tests/integration/helpers/slugify-test.js
index 489d13433ba0..29548eb1d3ad 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/slugify-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/slugify-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/split-test.js b/ui/packages/consul-ui/tests/integration/helpers/split-test.js
index 9b0d698870f4..f355c6d39b78 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/split-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/split-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/state-matches-test.js b/ui/packages/consul-ui/tests/integration/helpers/state-matches-test.js
index 2e77c486acc9..c89779226bd6 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/state-matches-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/state-matches-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/substr-test.js b/ui/packages/consul-ui/tests/integration/helpers/substr-test.js
index d8a454f8d65d..fcdc14131dd4 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/substr-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/substr-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/svg-curve-test.js b/ui/packages/consul-ui/tests/integration/helpers/svg-curve-test.js
index 46dd3f4a45ca..d7aabd055a56 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/svg-curve-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/svg-curve-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/token/is-anonymous-test.js b/ui/packages/consul-ui/tests/integration/helpers/token/is-anonymous-test.js
index 2a9017d9dd9b..5b3d0b0ea78b 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/token/is-anonymous-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/token/is-anonymous-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/token/is-legacy-test.js b/ui/packages/consul-ui/tests/integration/helpers/token/is-legacy-test.js
index a454ee5ea1f5..cc7cb336e807 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/token/is-legacy-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/token/is-legacy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/tween-to-test.js b/ui/packages/consul-ui/tests/integration/helpers/tween-to-test.js
index d20def058a26..c0a2ca553d0b 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/tween-to-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/tween-to-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/auth-method-test.js b/ui/packages/consul-ui/tests/integration/serializers/auth-method-test.js
index d4b824ceb30f..2314f715e6f5 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/binding-rule-test.js b/ui/packages/consul-ui/tests/integration/serializers/binding-rule-test.js
index 4a20ae1888d3..f1d1cee779e0 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/binding-rule-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/binding-rule-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/coordinate-test.js b/ui/packages/consul-ui/tests/integration/serializers/coordinate-test.js
index 46974e694c04..5a3d6ff3fa04 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/discovery-chain-test.js b/ui/packages/consul-ui/tests/integration/serializers/discovery-chain-test.js
index 097079eee6d2..9b807c30eef1 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/intention-test.js b/ui/packages/consul-ui/tests/integration/serializers/intention-test.js
index fa82704cf7e8..e15aa8380367 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/intention-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/kv-test.js b/ui/packages/consul-ui/tests/integration/serializers/kv-test.js
index d3767b0819e2..17b23ea75a5b 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/kv-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/node-test.js b/ui/packages/consul-ui/tests/integration/serializers/node-test.js
index 3a2a964f2e44..8f574cce3fdd 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/node-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/nspace-test.js b/ui/packages/consul-ui/tests/integration/serializers/nspace-test.js
index d93526d6960f..60993001409e 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/nspace-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/nspace-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/oidc-provider-test.js b/ui/packages/consul-ui/tests/integration/serializers/oidc-provider-test.js
index c9e68e91176a..beb6ed17d519 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/partition-test.js b/ui/packages/consul-ui/tests/integration/serializers/partition-test.js
index e6be8761846c..3b400ac70cb0 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/partition-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/policy-test.js b/ui/packages/consul-ui/tests/integration/serializers/policy-test.js
index 659c1128021d..f6b68b7db211 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/policy-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/role-test.js b/ui/packages/consul-ui/tests/integration/serializers/role-test.js
index 2e6c8faace9e..0f7b754d1c96 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/role-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/service-instance-test.js b/ui/packages/consul-ui/tests/integration/serializers/service-instance-test.js
index 01356933d51e..b47bba9aedb8 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/service-test.js b/ui/packages/consul-ui/tests/integration/serializers/service-test.js
index 51a5efafa695..56b089ee1b86 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/service-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/session-test.js b/ui/packages/consul-ui/tests/integration/serializers/session-test.js
index 94fd716215f5..07d72aebdb4b 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/session-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/token-test.js b/ui/packages/consul-ui/tests/integration/serializers/token-test.js
index 6d52441a4d2a..71931326192c 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/token-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/topology-test.js b/ui/packages/consul-ui/tests/integration/serializers/topology-test.js
index 55b042ac7b90..09ae55d93d10 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/topology-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/topology-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/auth-method-test.js b/ui/packages/consul-ui/tests/integration/services/repository/auth-method-test.js
index 1eb498f85741..7fb802b224d0 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { setupTest } from 'ember-qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/coordinate-test.js b/ui/packages/consul-ui/tests/integration/services/repository/coordinate-test.js
index 1f4c28fc478a..8809684758da 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { setupTest } from 'ember-qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/dc-test.js b/ui/packages/consul-ui/tests/integration/services/repository/dc-test.js
index 964bd927c9e7..06b7b267e40e 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/dc-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/dc-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { setupTest } from 'ember-qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/discovery-chain-test.js b/ui/packages/consul-ui/tests/integration/services/repository/discovery-chain-test.js
index 82185e5197ed..cc877f770662 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/kv-test.js b/ui/packages/consul-ui/tests/integration/services/repository/kv-test.js
index c5250e191608..3604d46c186e 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/kv-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/node-test.js b/ui/packages/consul-ui/tests/integration/services/repository/node-test.js
index acf8a60931c5..ed309ca0336d 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/node-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { setupTest } from 'ember-qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/policy-test.js b/ui/packages/consul-ui/tests/integration/services/repository/policy-test.js
index 98e2835c4230..c6782ca5e479 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/policy-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/role-test.js b/ui/packages/consul-ui/tests/integration/services/repository/role-test.js
index f76d53198c4f..be101abf849d 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/role-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/service-test.js b/ui/packages/consul-ui/tests/integration/services/repository/service-test.js
index 2fb982dce2b3..68dc7267bdba 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/service-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/session-test.js b/ui/packages/consul-ui/tests/integration/services/repository/session-test.js
index 5ab084435320..7c9cb0d34e39 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/session-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/token-test.js b/ui/packages/consul-ui/tests/integration/services/repository/token-test.js
index ede204432a0b..f822eefc2eed 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/token-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/topology-test.js b/ui/packages/consul-ui/tests/integration/services/repository/topology-test.js
index 75f400b7c75b..ca16a925734f 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/topology-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/topology-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/routlet-test.js b/ui/packages/consul-ui/tests/integration/services/routlet-test.js
index 891e58716f97..006473b850a8 100644
--- a/ui/packages/consul-ui/tests/integration/services/routlet-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/routlet-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/utils/dom/event-source/callable-test.js b/ui/packages/consul-ui/tests/integration/utils/dom/event-source/callable-test.js
index bae55450b58f..f02b89830ae4 100644
--- a/ui/packages/consul-ui/tests/integration/utils/dom/event-source/callable-test.js
+++ b/ui/packages/consul-ui/tests/integration/utils/dom/event-source/callable-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domEventSourceCallable from 'consul-ui/utils/dom/event-source/callable';
diff --git a/ui/packages/consul-ui/tests/lib/measure/getMeasure.js b/ui/packages/consul-ui/tests/lib/measure/getMeasure.js
index 641179b59ab9..b39313bdce5b 100644
--- a/ui/packages/consul-ui/tests/lib/measure/getMeasure.js
+++ b/ui/packages/consul-ui/tests/lib/measure/getMeasure.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint no-console: "off" */
diff --git a/ui/packages/consul-ui/tests/lib/page-object/createCancelable.js b/ui/packages/consul-ui/tests/lib/page-object/createCancelable.js
index c15e64a110a2..ba9ba39e9c7e 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/createCancelable.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/createCancelable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (clickable, is) {
diff --git a/ui/packages/consul-ui/tests/lib/page-object/createCreatable.js b/ui/packages/consul-ui/tests/lib/page-object/createCreatable.js
index a9cbbadfce26..da0f5b6e197a 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/createCreatable.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/createCreatable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (clickable, is) {
diff --git a/ui/packages/consul-ui/tests/lib/page-object/createDeletable.js b/ui/packages/consul-ui/tests/lib/page-object/createDeletable.js
index fc267a12fbdc..c02e9fb66995 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/createDeletable.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/createDeletable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (clickable) {
diff --git a/ui/packages/consul-ui/tests/lib/page-object/createSubmitable.js b/ui/packages/consul-ui/tests/lib/page-object/createSubmitable.js
index cef2ad1558c5..4655e460e94e 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/createSubmitable.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/createSubmitable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (clickable, is) {
diff --git a/ui/packages/consul-ui/tests/lib/page-object/index.js b/ui/packages/consul-ui/tests/lib/page-object/index.js
index a4f87b317cc8..156ebb8a26bd 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/index.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { isPresent as present, fillable, clickable, property } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/tests/lib/page-object/visitable.js b/ui/packages/consul-ui/tests/lib/page-object/visitable.js
index e959d453a0b1..fc6db1554909 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/visitable.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/visitable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { getContext } from '@ember/test-helpers';
diff --git a/ui/packages/consul-ui/tests/pages.js b/ui/packages/consul-ui/tests/pages.js
index e0ae1428df95..8d85b5e562fa 100644
--- a/ui/packages/consul-ui/tests/pages.js
+++ b/ui/packages/consul-ui/tests/pages.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import {
diff --git a/ui/packages/consul-ui/tests/pages/dc.js b/ui/packages/consul-ui/tests/pages/dc.js
index 3b662cccc88e..3b6839acab5e 100644
--- a/ui/packages/consul-ui/tests/pages/dc.js
+++ b/ui/packages/consul-ui/tests/pages/dc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, clickable, attribute, collection) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/auth-methods/index.js b/ui/packages/consul-ui/tests/pages/dc/acls/auth-methods/index.js
index 25579734c24d..6e9b3c1c439e 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/auth-methods/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/auth-methods/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, creatable, authMethods, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/edit.js b/ui/packages/consul-ui/tests/pages/dc/acls/edit.js
index c51bcd871a2f..37e525a250e7 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, submitable, deletable, cancelable, clickable) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/index.js b/ui/packages/consul-ui/tests/pages/dc/acls/index.js
index a2b65cc9f3bb..e43331028e2c 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, deletable, creatable, clickable, attribute, collection) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/policies/edit.js b/ui/packages/consul-ui/tests/pages/dc/acls/policies/edit.js
index 0289bbde9404..40705227d626 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/policies/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/policies/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, submitable, deletable, cancelable, clickable, tokenList) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/policies/index.js b/ui/packages/consul-ui/tests/pages/dc/acls/policies/index.js
index 5d9d2d5c9c4a..93409130e889 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/policies/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/policies/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, creatable, policies, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/roles/edit.js b/ui/packages/consul-ui/tests/pages/dc/acls/roles/edit.js
index e20f0b907bd3..56463a0de0e2 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/roles/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/roles/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, submitable, deletable, cancelable, policySelector, tokenList) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/roles/index.js b/ui/packages/consul-ui/tests/pages/dc/acls/roles/index.js
index 8ec14fe15dca..c219441cc89b 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/roles/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/roles/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, creatable, roles, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/tokens/edit.js b/ui/packages/consul-ui/tests/pages/dc/acls/tokens/edit.js
index f859734e797c..a5d98fd035f8 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/tokens/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/tokens/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/tokens/index.js b/ui/packages/consul-ui/tests/pages/dc/acls/tokens/index.js
index 12b3196685b9..7cd031c33c92 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/tokens/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/tokens/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, creatable, text, tokens, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/intentions/edit.js b/ui/packages/consul-ui/tests/pages/dc/intentions/edit.js
index cd7082d8d9fa..ae19b36d4d5b 100644
--- a/ui/packages/consul-ui/tests/pages/dc/intentions/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/intentions/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/intentions/index.js b/ui/packages/consul-ui/tests/pages/dc/intentions/index.js
index 34ba75af4105..0ea000bc9d47 100644
--- a/ui/packages/consul-ui/tests/pages/dc/intentions/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/intentions/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, creatable, clickable, intentions, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/kv/edit.js b/ui/packages/consul-ui/tests/pages/dc/kv/edit.js
index 2fb0a415a6fc..2df838575be2 100644
--- a/ui/packages/consul-ui/tests/pages/dc/kv/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/kv/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, attribute, present, submitable, deletable, cancelable) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/kv/index.js b/ui/packages/consul-ui/tests/pages/dc/kv/index.js
index 065bd620f7e1..1c54fdabb509 100644
--- a/ui/packages/consul-ui/tests/pages/dc/kv/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/kv/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, creatable, kvs) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/nodes/index.js b/ui/packages/consul-ui/tests/pages/dc/nodes/index.js
index 36217877921e..17aebadf3c83 100644
--- a/ui/packages/consul-ui/tests/pages/dc/nodes/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/nodes/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, text, clickable, attribute, collection, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/nodes/show.js b/ui/packages/consul-ui/tests/pages/dc/nodes/show.js
index aecdd282740e..9795a603d431 100644
--- a/ui/packages/consul-ui/tests/pages/dc/nodes/show.js
+++ b/ui/packages/consul-ui/tests/pages/dc/nodes/show.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/nspaces/edit.js b/ui/packages/consul-ui/tests/pages/dc/nspaces/edit.js
index 96cc1313701a..b936af285bbd 100644
--- a/ui/packages/consul-ui/tests/pages/dc/nspaces/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/nspaces/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/nspaces/index.js b/ui/packages/consul-ui/tests/pages/dc/nspaces/index.js
index 00e0acf35597..86b5b9d7133c 100644
--- a/ui/packages/consul-ui/tests/pages/dc/nspaces/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/nspaces/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, creatable, nspaces, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/peers/index.js b/ui/packages/consul-ui/tests/pages/dc/peers/index.js
index a91a5007e351..bec77adff832 100644
--- a/ui/packages/consul-ui/tests/pages/dc/peers/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/peers/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import tabgroup from 'consul-ui/components/tab-nav/pageobject';
diff --git a/ui/packages/consul-ui/tests/pages/dc/peers/show.js b/ui/packages/consul-ui/tests/pages/dc/peers/show.js
index f806d5cb3d33..3cb0fa43ab69 100644
--- a/ui/packages/consul-ui/tests/pages/dc/peers/show.js
+++ b/ui/packages/consul-ui/tests/pages/dc/peers/show.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/routing-config.js b/ui/packages/consul-ui/tests/pages/dc/routing-config.js
index 90f01db5e6a1..c962811be99f 100644
--- a/ui/packages/consul-ui/tests/pages/dc/routing-config.js
+++ b/ui/packages/consul-ui/tests/pages/dc/routing-config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { text } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/tests/pages/dc/services/index.js b/ui/packages/consul-ui/tests/pages/dc/services/index.js
index 74d00a047595..8ae98effe057 100644
--- a/ui/packages/consul-ui/tests/pages/dc/services/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/services/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/services/instance.js b/ui/packages/consul-ui/tests/pages/dc/services/instance.js
index 65f9611d0b39..923b7f2c7551 100644
--- a/ui/packages/consul-ui/tests/pages/dc/services/instance.js
+++ b/ui/packages/consul-ui/tests/pages/dc/services/instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/services/show.js b/ui/packages/consul-ui/tests/pages/dc/services/show.js
index f6279d059ef8..5d92ff9f55a4 100644
--- a/ui/packages/consul-ui/tests/pages/dc/services/show.js
+++ b/ui/packages/consul-ui/tests/pages/dc/services/show.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/index.js b/ui/packages/consul-ui/tests/pages/index.js
index f6d275dac8d9..b0fb04d78939 100644
--- a/ui/packages/consul-ui/tests/pages/index.js
+++ b/ui/packages/consul-ui/tests/pages/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, collection) {
diff --git a/ui/packages/consul-ui/tests/pages/settings.js b/ui/packages/consul-ui/tests/pages/settings.js
index 1e949858dc81..ebebad25ca77 100644
--- a/ui/packages/consul-ui/tests/pages/settings.js
+++ b/ui/packages/consul-ui/tests/pages/settings.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (visitable, submitable, isPresent) {
diff --git a/ui/packages/consul-ui/tests/steps.js b/ui/packages/consul-ui/tests/steps.js
index 74093a60a101..aa08f356f0f7 100644
--- a/ui/packages/consul-ui/tests/steps.js
+++ b/ui/packages/consul-ui/tests/steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // This files export is executed from 2 places:
diff --git a/ui/packages/consul-ui/tests/steps/assertions/dom.js b/ui/packages/consul-ui/tests/steps/assertions/dom.js
index 082f1b3f22e1..0aabc73cfb8b 100644
--- a/ui/packages/consul-ui/tests/steps/assertions/dom.js
+++ b/ui/packages/consul-ui/tests/steps/assertions/dom.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 const dont = `( don't| shouldn't| can't)?`;
diff --git a/ui/packages/consul-ui/tests/steps/assertions/form.js b/ui/packages/consul-ui/tests/steps/assertions/form.js
index 5d8f14ef94fe..1b7ef6f85f5d 100644
--- a/ui/packages/consul-ui/tests/steps/assertions/form.js
+++ b/ui/packages/consul-ui/tests/steps/assertions/form.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (scenario, assert, find, currentPage) {
diff --git a/ui/packages/consul-ui/tests/steps/assertions/http.js b/ui/packages/consul-ui/tests/steps/assertions/http.js
index 320b9b697519..b42eb3afcccf 100644
--- a/ui/packages/consul-ui/tests/steps/assertions/http.js
+++ b/ui/packages/consul-ui/tests/steps/assertions/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 const not = `(n't| not)?`;
diff --git a/ui/packages/consul-ui/tests/steps/assertions/model.js b/ui/packages/consul-ui/tests/steps/assertions/model.js
index c7224f0796b0..4355aa941957 100644
--- a/ui/packages/consul-ui/tests/steps/assertions/model.js
+++ b/ui/packages/consul-ui/tests/steps/assertions/model.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (scenario, assert, find, currentPage, pauseUntil, pluralize) {
diff --git a/ui/packages/consul-ui/tests/steps/assertions/page.js b/ui/packages/consul-ui/tests/steps/assertions/page.js
index 428a95d98045..731ff6e3c891 100644
--- a/ui/packages/consul-ui/tests/steps/assertions/page.js
+++ b/ui/packages/consul-ui/tests/steps/assertions/page.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*eslint no-console: "off", ember/no-jquery: "off", ember/no-global-jquery: "off"*/
diff --git a/ui/packages/consul-ui/tests/steps/debug/index.js b/ui/packages/consul-ui/tests/steps/debug/index.js
index e23bd35c92cf..5bf042eee881 100644
--- a/ui/packages/consul-ui/tests/steps/debug/index.js
+++ b/ui/packages/consul-ui/tests/steps/debug/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* eslint no-console: "off" */
diff --git a/ui/packages/consul-ui/tests/steps/doubles/http.js b/ui/packages/consul-ui/tests/steps/doubles/http.js
index 66427a734b1e..1eb8e9bced5e 100644
--- a/ui/packages/consul-ui/tests/steps/doubles/http.js
+++ b/ui/packages/consul-ui/tests/steps/doubles/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (scenario, respondWith, set, oidc) {
diff --git a/ui/packages/consul-ui/tests/steps/doubles/model.js b/ui/packages/consul-ui/tests/steps/doubles/model.js
index 0c2be73b9906..95828cb15cf8 100644
--- a/ui/packages/consul-ui/tests/steps/doubles/model.js
+++ b/ui/packages/consul-ui/tests/steps/doubles/model.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (scenario, create, set, win = window, doc = document) {
diff --git a/ui/packages/consul-ui/tests/steps/interactions/click.js b/ui/packages/consul-ui/tests/steps/interactions/click.js
index fcb51f49d100..6d98bba341ab 100644
--- a/ui/packages/consul-ui/tests/steps/interactions/click.js
+++ b/ui/packages/consul-ui/tests/steps/interactions/click.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (scenario, find, click) {
diff --git a/ui/packages/consul-ui/tests/steps/interactions/form.js b/ui/packages/consul-ui/tests/steps/interactions/form.js
index 726a6623542e..bdd14a539616 100644
--- a/ui/packages/consul-ui/tests/steps/interactions/form.js
+++ b/ui/packages/consul-ui/tests/steps/interactions/form.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 export default function (scenario, find, fillIn, triggerKeyEvent, currentPage) {
diff --git a/ui/packages/consul-ui/tests/steps/interactions/visit.js b/ui/packages/consul-ui/tests/steps/interactions/visit.js
index fbe9468a4105..64639281b853 100644
--- a/ui/packages/consul-ui/tests/steps/interactions/visit.js
+++ b/ui/packages/consul-ui/tests/steps/interactions/visit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { visit } from '@ember/test-helpers';
diff --git a/ui/packages/consul-ui/tests/test-helper.js b/ui/packages/consul-ui/tests/test-helper.js
index 671be7d6f74b..661a3f0c08b3 100644
--- a/ui/packages/consul-ui/tests/test-helper.js
+++ b/ui/packages/consul-ui/tests/test-helper.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import Application from 'consul-ui/app';
diff --git a/ui/packages/consul-ui/tests/unit/abilities/-test.js b/ui/packages/consul-ui/tests/unit/abilities/-test.js
index 8d38dcaf1f6d..f64d514a61d4 100644
--- a/ui/packages/consul-ui/tests/unit/abilities/-test.js
+++ b/ui/packages/consul-ui/tests/unit/abilities/-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /* globals requirejs */
diff --git a/ui/packages/consul-ui/tests/unit/adapters/application-test.js b/ui/packages/consul-ui/tests/unit/adapters/application-test.js
index 97ca4f7e7c84..42f0be04a572 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/application-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/application-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/auth-method-test.js b/ui/packages/consul-ui/tests/unit/adapters/auth-method-test.js
index 8d8e7296db09..10da2545d204 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/binding-rule-test.js b/ui/packages/consul-ui/tests/unit/adapters/binding-rule-test.js
index 27786b09f075..67ae7ab97692 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/binding-rule-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/binding-rule-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/coordinate-test.js b/ui/packages/consul-ui/tests/unit/adapters/coordinate-test.js
index 3d1ad1850770..506e1a3fa0d2 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/discovery-chain-test.js b/ui/packages/consul-ui/tests/unit/adapters/discovery-chain-test.js
index 6499909ea449..b0a207a63dd5 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/http-test.js b/ui/packages/consul-ui/tests/unit/adapters/http-test.js
index a486f2788ee9..62e04efce715 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/http-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/http-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/intention-test.js b/ui/packages/consul-ui/tests/unit/adapters/intention-test.js
index 73faaf8549b1..322a71cac13c 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/kv-test.js b/ui/packages/consul-ui/tests/unit/adapters/kv-test.js
index 6bfd78811c2b..ea846b3af9ed 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/kv-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/node-test.js b/ui/packages/consul-ui/tests/unit/adapters/node-test.js
index b8a117f7aed3..41f226f6851a 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/nspace-test.js b/ui/packages/consul-ui/tests/unit/adapters/nspace-test.js
index f07cd980a929..5f25b46b5cf3 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/nspace-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/nspace-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/oidc-provider-test.js b/ui/packages/consul-ui/tests/unit/adapters/oidc-provider-test.js
index 47b366c889b2..f9aedea83527 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/partition-test.js b/ui/packages/consul-ui/tests/unit/adapters/partition-test.js
index ae9376d1bb42..a6418f7ca32a 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/partition-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/permission-test.js b/ui/packages/consul-ui/tests/unit/adapters/permission-test.js
index 425e128eef60..6c4a4ffc7b14 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/permission-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/permission-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/policy-test.js b/ui/packages/consul-ui/tests/unit/adapters/policy-test.js
index d4f2ba570f00..df60ec979ce6 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/policy-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/proxy-test.js b/ui/packages/consul-ui/tests/unit/adapters/proxy-test.js
index c44edfd8a25c..1bd140b21ad9 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/proxy-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/proxy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/role-test.js b/ui/packages/consul-ui/tests/unit/adapters/role-test.js
index 99fdcf1b9762..33e7490968c1 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/role-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/service-instance-test.js b/ui/packages/consul-ui/tests/unit/adapters/service-instance-test.js
index fa8fe8bf9035..99cba66655f7 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/session-test.js b/ui/packages/consul-ui/tests/unit/adapters/session-test.js
index dd2017e13337..db5c71692d22 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/session-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/token-test.js b/ui/packages/consul-ui/tests/unit/adapters/token-test.js
index b3ce51ce1787..d18e04b9fc7b 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/token-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-alternate-services-test.js b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-alternate-services-test.js
index d9a7b0fb3adb..f3175f1d79cc 100644
--- a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-alternate-services-test.js
+++ b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-alternate-services-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { getAlternateServices } from 'consul-ui/components/consul/discovery-chain/utils';
diff --git a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-resolvers-test.js b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-resolvers-test.js
index 292f5684e186..d79af58a009f 100644
--- a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-resolvers-test.js
+++ b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-resolvers-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { getResolvers } from 'consul-ui/components/consul/discovery-chain/utils';
diff --git a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-splitters-test.js b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-splitters-test.js
index 4e811f4600c8..274faf0aa37f 100644
--- a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-splitters-test.js
+++ b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-splitters-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { getSplitters } from 'consul-ui/components/consul/discovery-chain/utils';
diff --git a/ui/packages/consul-ui/tests/unit/components/search-bar/filters-test.js b/ui/packages/consul-ui/tests/unit/components/search-bar/filters-test.js
index 9c6d220022f9..4cb8c2f47ee5 100644
--- a/ui/packages/consul-ui/tests/unit/components/search-bar/filters-test.js
+++ b/ui/packages/consul-ui/tests/unit/components/search-bar/filters-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { filters } from 'consul-ui/components/search-bar/utils';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/application-test.js b/ui/packages/consul-ui/tests/unit/controllers/application-test.js
index 77536bac6bb9..24b5d637b5b1 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/application-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/application-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/create-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/create-test.js
index d2523d425460..4d9696bbc77b 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/edit-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/edit-test.js
index f80c923ced3c..14692ed7727a 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/create-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/create-test.js
index dbd1d72bd697..c729fabfd7ca 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/edit-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/edit-test.js
index 0b950b1903d3..c09fe6ff8a47 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/create-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/create-test.js
index e4490d10f65d..aacd287523dc 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/edit-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/edit-test.js
index d66cb946ca9f..441490f35161 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/filter/predicates/intention-test.js b/ui/packages/consul-ui/tests/unit/filter/predicates/intention-test.js
index d23f24e664da..c07a58f78965 100644
--- a/ui/packages/consul-ui/tests/unit/filter/predicates/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/filter/predicates/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { andOr } from 'consul-ui/utils/filter';
diff --git a/ui/packages/consul-ui/tests/unit/filter/predicates/service-test.js b/ui/packages/consul-ui/tests/unit/filter/predicates/service-test.js
index 3b490fb53f29..851a7b0dd761 100644
--- a/ui/packages/consul-ui/tests/unit/filter/predicates/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/filter/predicates/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import predicates from 'consul-ui/filter/predicates/service';
diff --git a/ui/packages/consul-ui/tests/unit/helpers/document-attrs-test.js b/ui/packages/consul-ui/tests/unit/helpers/document-attrs-test.js
index 0f083c55cbc0..61e581301b1e 100644
--- a/ui/packages/consul-ui/tests/unit/helpers/document-attrs-test.js
+++ b/ui/packages/consul-ui/tests/unit/helpers/document-attrs-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/helpers/policy/datacenters-test.js b/ui/packages/consul-ui/tests/unit/helpers/policy/datacenters-test.js
index 7ee732cda633..0c55c5bda015 100644
--- a/ui/packages/consul-ui/tests/unit/helpers/policy/datacenters-test.js
+++ b/ui/packages/consul-ui/tests/unit/helpers/policy/datacenters-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { datacenters } from 'consul-ui/helpers/policy/datacenters';
diff --git a/ui/packages/consul-ui/tests/unit/helpers/token/is-anonymous-test.js b/ui/packages/consul-ui/tests/unit/helpers/token/is-anonymous-test.js
index 939e9361ea7c..1ba0bd952cfb 100644
--- a/ui/packages/consul-ui/tests/unit/helpers/token/is-anonymous-test.js
+++ b/ui/packages/consul-ui/tests/unit/helpers/token/is-anonymous-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { isAnonymous } from 'consul-ui/helpers/token/is-anonymous';
diff --git a/ui/packages/consul-ui/tests/unit/helpers/token/is-legacy-test.js b/ui/packages/consul-ui/tests/unit/helpers/token/is-legacy-test.js
index d4095b717bfa..fa698e188045 100644
--- a/ui/packages/consul-ui/tests/unit/helpers/token/is-legacy-test.js
+++ b/ui/packages/consul-ui/tests/unit/helpers/token/is-legacy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { isLegacy } from 'consul-ui/helpers/token/is-legacy';
diff --git a/ui/packages/consul-ui/tests/unit/mixins/policy/as-many-test.js b/ui/packages/consul-ui/tests/unit/mixins/policy/as-many-test.js
index adc5770f6bd8..93e6a5cf5069 100644
--- a/ui/packages/consul-ui/tests/unit/mixins/policy/as-many-test.js
+++ b/ui/packages/consul-ui/tests/unit/mixins/policy/as-many-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import EmberObject from '@ember/object';
diff --git a/ui/packages/consul-ui/tests/unit/mixins/role/as-many-test.js b/ui/packages/consul-ui/tests/unit/mixins/role/as-many-test.js
index 1757bc87ecf0..214429e2f886 100644
--- a/ui/packages/consul-ui/tests/unit/mixins/role/as-many-test.js
+++ b/ui/packages/consul-ui/tests/unit/mixins/role/as-many-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import EmberObject from '@ember/object';
diff --git a/ui/packages/consul-ui/tests/unit/mixins/with-blocking-actions-test.js b/ui/packages/consul-ui/tests/unit/mixins/with-blocking-actions-test.js
index ff7bb62f3f70..191db25a4bd9 100644
--- a/ui/packages/consul-ui/tests/unit/mixins/with-blocking-actions-test.js
+++ b/ui/packages/consul-ui/tests/unit/mixins/with-blocking-actions-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/auth-method-test.js b/ui/packages/consul-ui/tests/unit/models/auth-method-test.js
index 6b6d438c3a8a..5c4ac9609904 100644
--- a/ui/packages/consul-ui/tests/unit/models/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/coordinate-test.js b/ui/packages/consul-ui/tests/unit/models/coordinate-test.js
index 0a798b44ca66..9171e4f83a01 100644
--- a/ui/packages/consul-ui/tests/unit/models/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/dc-test.js b/ui/packages/consul-ui/tests/unit/models/dc-test.js
index 7de25a5d12f3..bcb9165ba3d3 100644
--- a/ui/packages/consul-ui/tests/unit/models/dc-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/dc-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/discovery-chain-test.js b/ui/packages/consul-ui/tests/unit/models/discovery-chain-test.js
index c36c8a3336b3..6b1916bcfcc6 100644
--- a/ui/packages/consul-ui/tests/unit/models/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/intention-test.js b/ui/packages/consul-ui/tests/unit/models/intention-test.js
index 92107c0a4038..85f0215004bd 100644
--- a/ui/packages/consul-ui/tests/unit/models/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/kv-test.js b/ui/packages/consul-ui/tests/unit/models/kv-test.js
index 1a7e5773c01a..f9ad4d780212 100644
--- a/ui/packages/consul-ui/tests/unit/models/kv-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/node-test.js b/ui/packages/consul-ui/tests/unit/models/node-test.js
index c81915a06461..19e5956599cc 100644
--- a/ui/packages/consul-ui/tests/unit/models/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/oidc-provider-test.js b/ui/packages/consul-ui/tests/unit/models/oidc-provider-test.js
index 06303cb75d1b..9ad475e7703b 100644
--- a/ui/packages/consul-ui/tests/unit/models/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/partition-test.js b/ui/packages/consul-ui/tests/unit/models/partition-test.js
index 75430ce68f89..e5e214f27206 100644
--- a/ui/packages/consul-ui/tests/unit/models/partition-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/permission-test.js b/ui/packages/consul-ui/tests/unit/models/permission-test.js
index 60f1f7417597..b5dd6fb21c38 100644
--- a/ui/packages/consul-ui/tests/unit/models/permission-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/permission-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/policy-test.js b/ui/packages/consul-ui/tests/unit/models/policy-test.js
index fc84bd9683aa..76bc9c3e6eb3 100644
--- a/ui/packages/consul-ui/tests/unit/models/policy-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/proxy-test.js b/ui/packages/consul-ui/tests/unit/models/proxy-test.js
index c5e92e2e6b2a..f2dc810cc3ef 100644
--- a/ui/packages/consul-ui/tests/unit/models/proxy-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/proxy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/role-test.js b/ui/packages/consul-ui/tests/unit/models/role-test.js
index 01bbb16e16cf..93aebe689b83 100644
--- a/ui/packages/consul-ui/tests/unit/models/role-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/service-instance-test.js b/ui/packages/consul-ui/tests/unit/models/service-instance-test.js
index ffc7147978d9..d0d1139363e8 100644
--- a/ui/packages/consul-ui/tests/unit/models/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/service-test.js b/ui/packages/consul-ui/tests/unit/models/service-test.js
index 05ffd0859527..68548e9d734d 100644
--- a/ui/packages/consul-ui/tests/unit/models/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/session-test.js b/ui/packages/consul-ui/tests/unit/models/session-test.js
index 102649b88713..51eab61ddb03 100644
--- a/ui/packages/consul-ui/tests/unit/models/session-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/token-test.js b/ui/packages/consul-ui/tests/unit/models/token-test.js
index c1bea15d2c3b..c7cd395a857c 100644
--- a/ui/packages/consul-ui/tests/unit/models/token-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/application-test.js b/ui/packages/consul-ui/tests/unit/routes/application-test.js
index 2c5338aba5ca..a070afbfe9d7 100644
--- a/ui/packages/consul-ui/tests/unit/routes/application-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/application-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc-test.js b/ui/packages/consul-ui/tests/unit/routes/dc-test.js
index 84823af993d7..024b96804ca0 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/create-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/create-test.js
index a5f24711c2c2..25ba0db161d2 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/edit-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/edit-test.js
index 46f44bc2157d..d0c5a5be5a85 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/index-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/index-test.js
index 83ce8860ac2e..694a3aedde4a 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/index-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/index-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/create-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/create-test.js
index b909f7f6c69b..33c934e6c0de 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/edit-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/edit-test.js
index 901faa8354e1..a915006a670e 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/index-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/index-test.js
index 7a27803ff305..71cf811b8711 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/index-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/index-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/create-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/create-test.js
index 2013496ecf39..faa8f76ea373 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/edit-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/edit-test.js
index 0ccc24848c35..a79c35a52784 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/index-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/index-test.js
index 6fc4e3e979e7..4f9cf1437263 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/index-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/index-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/intention-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/intention-test.js
index 527df797951f..48b41cb91bf6 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/kv-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/kv-test.js
index a07c6a23d1f8..7c4fef714643 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/kv-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/node-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/node-test.js
index 77b6017e25e4..4ebfc0f88b91 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/policy-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/policy-test.js
index 06e934031c49..7af816c19ee0 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/policy-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/role-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/role-test.js
index c39a8aaebea3..8159fc899a50 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/role-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/service-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/service-test.js
index 6331acf64138..55a7bb65d773 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/token-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/token-test.js
index de7572bd58af..dceab57d8d16 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/token-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/application-test.js b/ui/packages/consul-ui/tests/unit/serializers/application-test.js
index 4733e38d6ac9..d50bf81d3fae 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/application-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/application-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/auth-method-test.js b/ui/packages/consul-ui/tests/unit/serializers/auth-method-test.js
index 7613eb76714a..966140c5198a 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/binding-rule-test.js b/ui/packages/consul-ui/tests/unit/serializers/binding-rule-test.js
index 33c5e6187687..32167e1f91fd 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/binding-rule-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/binding-rule-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/coordinate-test.js b/ui/packages/consul-ui/tests/unit/serializers/coordinate-test.js
index 580e1d1a94ac..e113e4741ce8 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/discovery-chain-test.js b/ui/packages/consul-ui/tests/unit/serializers/discovery-chain-test.js
index 63eb75fda79b..abaf69a1f5b3 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/intention-test.js b/ui/packages/consul-ui/tests/unit/serializers/intention-test.js
index 448786753929..69b499526992 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/kv-test.js b/ui/packages/consul-ui/tests/unit/serializers/kv-test.js
index c299286b056f..6ca2c6501163 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/kv-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/node-test.js b/ui/packages/consul-ui/tests/unit/serializers/node-test.js
index 6c1a7ea814bb..5f9447b269ce 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/nspace-test.js b/ui/packages/consul-ui/tests/unit/serializers/nspace-test.js
index d89421edfa7b..13df59b8df00 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/nspace-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/nspace-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/oidc-provider-test.js b/ui/packages/consul-ui/tests/unit/serializers/oidc-provider-test.js
index 93e060e6be45..724aaf4701cd 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/partition-test.js b/ui/packages/consul-ui/tests/unit/serializers/partition-test.js
index da56321c1dd9..d20a20d520c9 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/partition-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/permission-test.js b/ui/packages/consul-ui/tests/unit/serializers/permission-test.js
index dd7c63fadc23..62b12040a909 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/permission-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/permission-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/policy-test.js b/ui/packages/consul-ui/tests/unit/serializers/policy-test.js
index 3ae12a681ce0..92ec70d25537 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/policy-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/proxy-test.js b/ui/packages/consul-ui/tests/unit/serializers/proxy-test.js
index cad3cffa1cf6..41c96cfe373a 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/proxy-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/proxy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/role-test.js b/ui/packages/consul-ui/tests/unit/serializers/role-test.js
index fe9532506788..1b3480406b17 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/role-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/service-instance-test.js b/ui/packages/consul-ui/tests/unit/serializers/service-instance-test.js
index 9270daf5d8ae..1243f801a0dc 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/service-test.js b/ui/packages/consul-ui/tests/unit/serializers/service-test.js
index b36e2cdb88bf..cb86999c71dc 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/session-test.js b/ui/packages/consul-ui/tests/unit/serializers/session-test.js
index e75af66a70ee..8a84cfd0acf1 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/session-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/token-test.js b/ui/packages/consul-ui/tests/unit/serializers/token-test.js
index 2c05d27387bb..5c74e5de982a 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/token-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/atob-test.js b/ui/packages/consul-ui/tests/unit/services/atob-test.js
index 97ddf0248438..81efeab86abe 100644
--- a/ui/packages/consul-ui/tests/unit/services/atob-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/atob-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/btoa-test.js b/ui/packages/consul-ui/tests/unit/services/btoa-test.js
index 1c3ed8fcae32..a2a33048d3e8 100644
--- a/ui/packages/consul-ui/tests/unit/services/btoa-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/btoa-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/client/connections-test.js b/ui/packages/consul-ui/tests/unit/services/client/connections-test.js
index f17453879c4d..9ec6eb986aac 100644
--- a/ui/packages/consul-ui/tests/unit/services/client/connections-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/client/connections-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/client/http-test.js b/ui/packages/consul-ui/tests/unit/services/client/http-test.js
index 89736e196116..daeb9c2c90e0 100644
--- a/ui/packages/consul-ui/tests/unit/services/client/http-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/client/http-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/client/transports/xhr-test.js b/ui/packages/consul-ui/tests/unit/services/client/transports/xhr-test.js
index 49db5f56f21b..7666345c5350 100644
--- a/ui/packages/consul-ui/tests/unit/services/client/transports/xhr-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/client/transports/xhr-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/clipboard/local-storage-test.js b/ui/packages/consul-ui/tests/unit/services/clipboard/local-storage-test.js
index dabdd6fe86a0..8145897d1f5c 100644
--- a/ui/packages/consul-ui/tests/unit/services/clipboard/local-storage-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/clipboard/local-storage-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/clipboard/os-test.js b/ui/packages/consul-ui/tests/unit/services/clipboard/os-test.js
index d4e09a8eb9d4..d2daeb5d9355 100644
--- a/ui/packages/consul-ui/tests/unit/services/clipboard/os-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/clipboard/os-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/code-mirror/linter-test.js b/ui/packages/consul-ui/tests/unit/services/code-mirror/linter-test.js
index 9df3aa6cfbd2..ec7c35002e39 100644
--- a/ui/packages/consul-ui/tests/unit/services/code-mirror/linter-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/code-mirror/linter-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/data-source/protocols/http-test.js b/ui/packages/consul-ui/tests/unit/services/data-source/protocols/http-test.js
index 8648e1800404..b36d8662bb0e 100644
--- a/ui/packages/consul-ui/tests/unit/services/data-source/protocols/http-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/data-source/protocols/http-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/data-source/protocols/local-storage-test.js b/ui/packages/consul-ui/tests/unit/services/data-source/protocols/local-storage-test.js
index 5e71a167fc18..6989f1224bd2 100644
--- a/ui/packages/consul-ui/tests/unit/services/data-source/protocols/local-storage-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/data-source/protocols/local-storage-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/data-structs-test.js b/ui/packages/consul-ui/tests/unit/services/data-structs-test.js
index d6ade0fceb69..5605bf213d78 100644
--- a/ui/packages/consul-ui/tests/unit/services/data-structs-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/data-structs-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/dom-test.js b/ui/packages/consul-ui/tests/unit/services/dom-test.js
index 99e2677355e8..f59fe47988cd 100644
--- a/ui/packages/consul-ui/tests/unit/services/dom-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/dom-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/encoder-test.js b/ui/packages/consul-ui/tests/unit/services/encoder-test.js
index 9bd28f2ad4aa..69217f9a145c 100644
--- a/ui/packages/consul-ui/tests/unit/services/encoder-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/encoder-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/env-test.js b/ui/packages/consul-ui/tests/unit/services/env-test.js
index 188883dcb5a2..f8227a0debdd 100644
--- a/ui/packages/consul-ui/tests/unit/services/env-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/env-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/feedback-test.js b/ui/packages/consul-ui/tests/unit/services/feedback-test.js
index 43a5c18f1f7c..c0198fb80bf5 100644
--- a/ui/packages/consul-ui/tests/unit/services/feedback-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/feedback-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/form-test.js b/ui/packages/consul-ui/tests/unit/services/form-test.js
index 4bd70b07fa3d..c0da3021c267 100644
--- a/ui/packages/consul-ui/tests/unit/services/form-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/form-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/logger-test.js b/ui/packages/consul-ui/tests/unit/services/logger-test.js
index 8ff46e15c0b0..baa4c0d6c288 100644
--- a/ui/packages/consul-ui/tests/unit/services/logger-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/logger-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository-test.js b/ui/packages/consul-ui/tests/unit/services/repository-test.js
index c968d81d32c1..8a2a0ee71634 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/auth-method-test.js b/ui/packages/consul-ui/tests/unit/services/repository/auth-method-test.js
index adb1126f5c72..45680b4ff2c8 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/coordinate-test.js b/ui/packages/consul-ui/tests/unit/services/repository/coordinate-test.js
index d7ceb6b98ea4..583df58d65d6 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/dc-test.js b/ui/packages/consul-ui/tests/unit/services/repository/dc-test.js
index 95cda6e13b3e..b140b3782fdf 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/dc-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/dc-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/discovery-chain-test.js b/ui/packages/consul-ui/tests/unit/services/repository/discovery-chain-test.js
index f950d712244f..764f06fd3d4e 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/intention-test.js b/ui/packages/consul-ui/tests/unit/services/repository/intention-test.js
index 7caeae2ee19e..dd820573721b 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/kv-test.js b/ui/packages/consul-ui/tests/unit/services/repository/kv-test.js
index e6da38fecdf1..d556f3281577 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/kv-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/node-test.js b/ui/packages/consul-ui/tests/unit/services/repository/node-test.js
index 81cb7180d3bd..a82cf48de3d1 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/nspace-test.js b/ui/packages/consul-ui/tests/unit/services/repository/nspace-test.js
index c70c28730a12..9b586e59778e 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/nspace-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/nspace-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/oidc-provider-test.js b/ui/packages/consul-ui/tests/unit/services/repository/oidc-provider-test.js
index eaf6704f807d..f6ed9caec446 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/partition-test.js b/ui/packages/consul-ui/tests/unit/services/repository/partition-test.js
index 1eb005bcb697..24508b765c7d 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/partition-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/permission-test.js b/ui/packages/consul-ui/tests/unit/services/repository/permission-test.js
index 13ac3c854e4e..8f938aff7d05 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/permission-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/permission-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/policy-test.js b/ui/packages/consul-ui/tests/unit/services/repository/policy-test.js
index dc1b4da9e18a..e3ca6725ec46 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/policy-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/role-test.js b/ui/packages/consul-ui/tests/unit/services/repository/role-test.js
index 38f3daaf533c..45e2f155ff6a 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/role-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/service-instance-test.js b/ui/packages/consul-ui/tests/unit/services/repository/service-instance-test.js
index 3128e116eb8f..2b7282e9108c 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/service-test.js b/ui/packages/consul-ui/tests/unit/services/repository/service-test.js
index e4021e95987e..2005c7b51a30 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/session-test.js b/ui/packages/consul-ui/tests/unit/services/repository/session-test.js
index d2ecc8e80257..ae574013b210 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/session-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/token-test.js b/ui/packages/consul-ui/tests/unit/services/repository/token-test.js
index d5fc08a36b94..bc254bbda92d 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/token-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/search-test.js b/ui/packages/consul-ui/tests/unit/services/search-test.js
index f4ee9d60a446..7d6f3394543d 100644
--- a/ui/packages/consul-ui/tests/unit/services/search-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/search-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/settings-test.js b/ui/packages/consul-ui/tests/unit/services/settings-test.js
index 6c1f4bac1d5f..c55715de12c5 100644
--- a/ui/packages/consul-ui/tests/unit/services/settings-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/settings-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/sort-test.js b/ui/packages/consul-ui/tests/unit/services/sort-test.js
index b9a4f90a5750..2d5aaff2fe3d 100644
--- a/ui/packages/consul-ui/tests/unit/services/sort-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/sort-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/state-test.js b/ui/packages/consul-ui/tests/unit/services/state-test.js
index 8f7d158df75e..66d646dd4bbc 100644
--- a/ui/packages/consul-ui/tests/unit/services/state-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/state-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/store-test.js b/ui/packages/consul-ui/tests/unit/services/store-test.js
index 317b511ab724..49ba4efd3b2b 100644
--- a/ui/packages/consul-ui/tests/unit/services/store-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/store-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/temporal-test.js b/ui/packages/consul-ui/tests/unit/services/temporal-test.js
index f5dbf8eb54aa..f593dff693f0 100644
--- a/ui/packages/consul-ui/tests/unit/services/temporal-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/temporal-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/ticker-test.js b/ui/packages/consul-ui/tests/unit/services/ticker-test.js
index 2127ae0b04b5..69e73eaf7b6f 100644
--- a/ui/packages/consul-ui/tests/unit/services/ticker-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/ticker-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/timeout-test.js b/ui/packages/consul-ui/tests/unit/services/timeout-test.js
index dfdcdb010708..b057e79d6eda 100644
--- a/ui/packages/consul-ui/tests/unit/services/timeout-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/timeout-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js b/ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js
index 9b5c5ea75680..2d8eaa6bd85c 100644
--- a/ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import comparators from 'consul-ui/sort/comparators/node';
diff --git a/ui/packages/consul-ui/tests/unit/sort/comparators/service-test.js b/ui/packages/consul-ui/tests/unit/sort/comparators/service-test.js
index 99cd69eb410a..f40ae6da6499 100644
--- a/ui/packages/consul-ui/tests/unit/sort/comparators/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/sort/comparators/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import comparators from 'consul-ui/sort/comparators/service';
diff --git a/ui/packages/consul-ui/tests/unit/utils/ascend-test.js b/ui/packages/consul-ui/tests/unit/utils/ascend-test.js
index ae73cb890151..d9dca4ef6125 100644
--- a/ui/packages/consul-ui/tests/unit/utils/ascend-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/ascend-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/atob-test.js b/ui/packages/consul-ui/tests/unit/utils/atob-test.js
index 6205f2929bba..d18c751460f6 100644
--- a/ui/packages/consul-ui/tests/unit/utils/atob-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/atob-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/btoa-test.js b/ui/packages/consul-ui/tests/unit/utils/btoa-test.js
index ae112557bd94..c70a7824035f 100644
--- a/ui/packages/consul-ui/tests/unit/utils/btoa-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/btoa-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/callable-type-test.js b/ui/packages/consul-ui/tests/unit/utils/callable-type-test.js
index c2de0f0b39ee..f82517c36373 100644
--- a/ui/packages/consul-ui/tests/unit/utils/callable-type-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/callable-type-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import callableType from 'consul-ui/utils/callable-type';
diff --git a/ui/packages/consul-ui/tests/unit/utils/create-fingerprinter-test.js b/ui/packages/consul-ui/tests/unit/utils/create-fingerprinter-test.js
index a72d50ed1cc0..cc885604eec7 100644
--- a/ui/packages/consul-ui/tests/unit/utils/create-fingerprinter-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/create-fingerprinter-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import createFingerprinter from 'consul-ui/utils/create-fingerprinter';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/click-first-anchor-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/click-first-anchor-test.js
index 81b6daf54f02..002f7a74f629 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/click-first-anchor-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/click-first-anchor-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domClickFirstAnchor from 'consul-ui/utils/dom/click-first-anchor';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/closest-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/closest-test.js
index 60bd5747161a..f91f3464dd4b 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/closest-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/closest-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domClosest from 'consul-ui/utils/dom/closest';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/create-listeners-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/create-listeners-test.js
index a3f995e4a3d6..cc9e787d2af3 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/create-listeners-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/create-listeners-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import createListeners from 'consul-ui/utils/dom/create-listeners';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/blocking-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/blocking-test.js
index b6158356cea6..88e2a45c832c 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/blocking-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/blocking-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domEventSourceBlocking, {
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/cache-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/cache-test.js
index 8b8bc23b0b2d..bc77a11e03e3 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/cache-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/cache-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domEventSourceCache from 'consul-ui/utils/dom/event-source/cache';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/callable-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/callable-test.js
index fdb822eaa9fc..d08d6f2153fc 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/callable-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/callable-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domEventSourceCallable, { defaultRunner } from 'consul-ui/utils/dom/event-source/callable';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/index-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/index-test.js
index ee95d3db41e2..e5bfb1885a83 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/index-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/index-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import {
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/openable-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/openable-test.js
index 6531fcd184ea..7146351d338e 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/openable-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/openable-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domEventSourceOpenable from 'consul-ui/utils/dom/event-source/openable';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/proxy-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/proxy-test.js
index c62d19627729..0ed911a62822 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/proxy-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/proxy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domEventSourceProxy from 'consul-ui/utils/dom/event-source/proxy';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/resolver-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/resolver-test.js
index c2487919b272..92bdb2fb0f30 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/resolver-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/resolver-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domEventSourceResolver from 'consul-ui/utils/dom/event-source/resolver';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/storage-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/storage-test.js
index 86dc9f1ef61b..40bfd2ec3a59 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/storage-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/storage-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domEventSourceStorage from 'consul-ui/utils/dom/event-source/storage';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-target/rsvp-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-target/rsvp-test.js
index e8c07a618bba..792819a4a128 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-target/rsvp-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-target/rsvp-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domEventTargetRsvp from 'consul-ui/utils/dom/event-target/rsvp';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/get-component-factory-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/get-component-factory-test.js
index 13b83f583e5a..9f36ac1e5dd0 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/get-component-factory-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/get-component-factory-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import getComponentFactory from 'consul-ui/utils/dom/get-component-factory';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/is-outside-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/is-outside-test.js
index 2c0632472ad3..deb701a31cc5 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/is-outside-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/is-outside-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domIsOutside from 'consul-ui/utils/dom/is-outside';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/normalize-event-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/normalize-event-test.js
index bc55cf10ab72..393aed012a35 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/normalize-event-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/normalize-event-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domNormalizeEvent from 'consul-ui/utils/dom/normalize-event';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/qsa-factory-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/qsa-factory-test.js
index 66006a847754..16c46f6287cc 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/qsa-factory-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/qsa-factory-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import qsaFactory from 'consul-ui/utils/dom/qsa-factory';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/sibling-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/sibling-test.js
index 7f90adba2ae5..41657164df69 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/sibling-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/sibling-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import domSibling from 'consul-ui/utils/dom/sibling';
diff --git a/ui/packages/consul-ui/tests/unit/utils/get-environment-test.js b/ui/packages/consul-ui/tests/unit/utils/get-environment-test.js
index ccf28a58e1e8..e83f898629ae 100644
--- a/ui/packages/consul-ui/tests/unit/utils/get-environment-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/get-environment-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import getEnvironment from 'consul-ui/utils/get-environment';
diff --git a/ui/packages/consul-ui/tests/unit/utils/get-form-name-property-test.js b/ui/packages/consul-ui/tests/unit/utils/get-form-name-property-test.js
index 7c994078ba52..988c393986ba 100644
--- a/ui/packages/consul-ui/tests/unit/utils/get-form-name-property-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/get-form-name-property-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import getFormNameProperty from 'consul-ui/utils/get-form-name-property';
diff --git a/ui/packages/consul-ui/tests/unit/utils/helpers/call-if-type-test.js b/ui/packages/consul-ui/tests/unit/utils/helpers/call-if-type-test.js
index 27601378e4ff..25a2f9978f54 100644
--- a/ui/packages/consul-ui/tests/unit/utils/helpers/call-if-type-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/helpers/call-if-type-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import callIfType from 'consul-ui/utils/helpers/call-if-type';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/create-headers-test.js b/ui/packages/consul-ui/tests/unit/utils/http/create-headers-test.js
index 5876fa8281f9..281c74e94c14 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/create-headers-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/create-headers-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import createHeaders from 'consul-ui/utils/http/create-headers';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/create-query-params-test.js b/ui/packages/consul-ui/tests/unit/utils/http/create-query-params-test.js
index 6b4ab71b215c..d933545f6b23 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/create-query-params-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/create-query-params-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import createQueryParams from 'consul-ui/utils/http/create-query-params';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/create-url-test.js b/ui/packages/consul-ui/tests/unit/utils/http/create-url-test.js
index 0cc517a2d3d3..adcb66470b85 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/create-url-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/create-url-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/error-test.js b/ui/packages/consul-ui/tests/unit/utils/http/error-test.js
index 73c92f19cd2a..1a0ae840ec44 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/error-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/error-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import HttpError from 'consul-ui/utils/http/error';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/request-test.js b/ui/packages/consul-ui/tests/unit/utils/http/request-test.js
index 6c2c8a4905cc..8ddc0f416446 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/request-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/request-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import httpRequest from 'consul-ui/utils/http/request';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/xhr-test.js b/ui/packages/consul-ui/tests/unit/utils/http/xhr-test.js
index 566425b26acc..eaf08a35b5be 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/xhr-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/xhr-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import httpXhr from 'consul-ui/utils/http/xhr';
diff --git a/ui/packages/consul-ui/tests/unit/utils/isFolder-test.js b/ui/packages/consul-ui/tests/unit/utils/isFolder-test.js
index fb24076b0d3a..f609ad5ef635 100644
--- a/ui/packages/consul-ui/tests/unit/utils/isFolder-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/isFolder-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/keyToArray-test.js b/ui/packages/consul-ui/tests/unit/utils/keyToArray-test.js
index f8f91b390c0e..919805eb5831 100644
--- a/ui/packages/consul-ui/tests/unit/utils/keyToArray-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/keyToArray-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/left-trim-test.js b/ui/packages/consul-ui/tests/unit/utils/left-trim-test.js
index 9be942f459e3..b3b11c312910 100644
--- a/ui/packages/consul-ui/tests/unit/utils/left-trim-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/left-trim-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/maybe-call-test.js b/ui/packages/consul-ui/tests/unit/utils/maybe-call-test.js
index ef3943cd9f56..ed46c61233f1 100644
--- a/ui/packages/consul-ui/tests/unit/utils/maybe-call-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/maybe-call-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import maybeCall from 'consul-ui/utils/maybe-call';
diff --git a/ui/packages/consul-ui/tests/unit/utils/merge-checks-test.js b/ui/packages/consul-ui/tests/unit/utils/merge-checks-test.js
index 0a51a4c1fa93..743a7e1ca77f 100644
--- a/ui/packages/consul-ui/tests/unit/utils/merge-checks-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/merge-checks-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import mergeChecks from 'consul-ui/utils/merge-checks';
diff --git a/ui/packages/consul-ui/tests/unit/utils/non-empty-set-test.js b/ui/packages/consul-ui/tests/unit/utils/non-empty-set-test.js
index 6da9f31d338a..c8babd8a07c0 100644
--- a/ui/packages/consul-ui/tests/unit/utils/non-empty-set-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/non-empty-set-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import nonEmptySet from 'consul-ui/utils/non-empty-set';
diff --git a/ui/packages/consul-ui/tests/unit/utils/path/resolve-test.js b/ui/packages/consul-ui/tests/unit/utils/path/resolve-test.js
index 9f7bb419eb87..62fdd9ba417e 100644
--- a/ui/packages/consul-ui/tests/unit/utils/path/resolve-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/path/resolve-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import resolve from 'consul-ui/utils/path/resolve';
diff --git a/ui/packages/consul-ui/tests/unit/utils/promisedTimeout-test.js b/ui/packages/consul-ui/tests/unit/utils/promisedTimeout-test.js
index 6820941a4a24..646f670fd358 100644
--- a/ui/packages/consul-ui/tests/unit/utils/promisedTimeout-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/promisedTimeout-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/right-trim-test.js b/ui/packages/consul-ui/tests/unit/utils/right-trim-test.js
index fdf9152bdbf2..e2367a582d68 100644
--- a/ui/packages/consul-ui/tests/unit/utils/right-trim-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/right-trim-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/routing/transitionable-test.js b/ui/packages/consul-ui/tests/unit/utils/routing/transitionable-test.js
index e82ce9afe8c9..ffb5be1fb3ee 100644
--- a/ui/packages/consul-ui/tests/unit/utils/routing/transitionable-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/routing/transitionable-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import transitionable from 'consul-ui/utils/routing/transitionable';
diff --git a/ui/packages/consul-ui/tests/unit/utils/routing/walk-test.js b/ui/packages/consul-ui/tests/unit/utils/routing/walk-test.js
index 40dfc70305e3..6449b3d267e5 100644
--- a/ui/packages/consul-ui/tests/unit/utils/routing/walk-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/routing/walk-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { walk } from 'consul-ui/utils/routing/walk';
diff --git a/ui/packages/consul-ui/tests/unit/utils/routing/wildcard-test.js b/ui/packages/consul-ui/tests/unit/utils/routing/wildcard-test.js
index 70dc7be124b0..1b186ea495f6 100644
--- a/ui/packages/consul-ui/tests/unit/utils/routing/wildcard-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/routing/wildcard-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import wildcard from 'consul-ui/utils/routing/wildcard';
diff --git a/ui/packages/consul-ui/tests/unit/utils/storage/local-storage-test.js b/ui/packages/consul-ui/tests/unit/utils/storage/local-storage-test.js
index 086206304d5f..9dc567b2a13d 100644
--- a/ui/packages/consul-ui/tests/unit/utils/storage/local-storage-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/storage/local-storage-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import localStorage from 'consul-ui/utils/storage/local-storage';
diff --git a/ui/packages/consul-ui/tests/unit/utils/templatize-test.js b/ui/packages/consul-ui/tests/unit/utils/templatize-test.js
index 0152a37f2910..3d523fe7dd36 100644
--- a/ui/packages/consul-ui/tests/unit/utils/templatize-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/templatize-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import templatize from 'consul-ui/utils/templatize';
diff --git a/ui/packages/consul-ui/tests/unit/utils/ticker/index-test.js b/ui/packages/consul-ui/tests/unit/utils/ticker/index-test.js
index db8d28758df4..11a8adf83b09 100644
--- a/ui/packages/consul-ui/tests/unit/utils/ticker/index-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/ticker/index-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import tickerIndex from 'consul-ui/utils/ticker/index';
diff --git a/ui/packages/consul-ui/tests/unit/utils/ucfirst-test.js b/ui/packages/consul-ui/tests/unit/utils/ucfirst-test.js
index 9a5c6995d2fa..0d4641777bc8 100644
--- a/ui/packages/consul-ui/tests/unit/utils/ucfirst-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/ucfirst-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/update-array-object-test.js b/ui/packages/consul-ui/tests/unit/utils/update-array-object-test.js
index a62268675f9a..11ac8a3f2b2e 100644
--- a/ui/packages/consul-ui/tests/unit/utils/update-array-object-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/update-array-object-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 import updateArrayObject from 'consul-ui/utils/update-array-object';
diff --git a/ui/packages/consul-ui/translations/common/en-us.yaml b/ui/packages/consul-ui/translations/common/en-us.yaml
index b0dc3bffeeda..87e617e90c15 100644
--- a/ui/packages/consul-ui/translations/common/en-us.yaml
+++ b/ui/packages/consul-ui/translations/common/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 brand:
   consul: Consul
diff --git a/ui/packages/consul-ui/translations/components/app/en-us.yaml b/ui/packages/consul-ui/translations/components/app/en-us.yaml
index e586505bb9de..b636cd2c687c 100644
--- a/ui/packages/consul-ui/translations/components/app/en-us.yaml
+++ b/ui/packages/consul-ui/translations/components/app/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 skip_to_content: Skip to Content
 toggle_menu: Toggle Menu
diff --git a/ui/packages/consul-ui/translations/components/consul/en-us.yaml b/ui/packages/consul-ui/translations/components/consul/en-us.yaml
index c7e94db563c5..647d96f7f90e 100644
--- a/ui/packages/consul-ui/translations/components/consul/en-us.yaml
+++ b/ui/packages/consul-ui/translations/components/consul/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 peer:
   search-bar:
diff --git a/ui/packages/consul-ui/translations/components/copy-button/en-us.yaml b/ui/packages/consul-ui/translations/components/copy-button/en-us.yaml
index e9402b4a98df..c9d8b01c428c 100644
--- a/ui/packages/consul-ui/translations/components/copy-button/en-us.yaml
+++ b/ui/packages/consul-ui/translations/components/copy-button/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 title: Copy {name} to the clipboard
 success: Copied {name}
diff --git a/ui/packages/consul-ui/translations/models/en-us.yaml b/ui/packages/consul-ui/translations/models/en-us.yaml
index 88183f7d5db6..bab5f63ef819 100644
--- a/ui/packages/consul-ui/translations/models/en-us.yaml
+++ b/ui/packages/consul-ui/translations/models/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 auth-method:
   Description: Description
diff --git a/ui/packages/consul-ui/translations/routes/en-us.yaml b/ui/packages/consul-ui/translations/routes/en-us.yaml
index 129686384002..0989aed2e7a3 100644
--- a/ui/packages/consul-ui/translations/routes/en-us.yaml
+++ b/ui/packages/consul-ui/translations/routes/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 dc:
   show:
diff --git a/ui/packages/consul-ui/vendor/consul-ui/routes-debug.js b/ui/packages/consul-ui/vendor/consul-ui/routes-debug.js
index 0c91ae320638..9b253336c674 100644
--- a/ui/packages/consul-ui/vendor/consul-ui/routes-debug.js
+++ b/ui/packages/consul-ui/vendor/consul-ui/routes-debug.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (routes =>
diff --git a/ui/packages/consul-ui/vendor/consul-ui/routes.js b/ui/packages/consul-ui/vendor/consul-ui/routes.js
index ec25fb0a2428..07abd5c1b701 100644
--- a/ui/packages/consul-ui/vendor/consul-ui/routes.js
+++ b/ui/packages/consul-ui/vendor/consul-ui/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (routes =>
diff --git a/ui/packages/consul-ui/vendor/consul-ui/services-debug.js b/ui/packages/consul-ui/vendor/consul-ui/services-debug.js
index 9370e6bcd73e..7bd4a8e4c01c 100644
--- a/ui/packages/consul-ui/vendor/consul-ui/services-debug.js
+++ b/ui/packages/consul-ui/vendor/consul-ui/services-debug.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (services =>
diff --git a/ui/packages/consul-ui/vendor/consul-ui/services.js b/ui/packages/consul-ui/vendor/consul-ui/services.js
index 6f5f1c2a4121..e325871a9391 100644
--- a/ui/packages/consul-ui/vendor/consul-ui/services.js
+++ b/ui/packages/consul-ui/vendor/consul-ui/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (services =>
diff --git a/ui/packages/consul-ui/vendor/init.js b/ui/packages/consul-ui/vendor/init.js
index 350ca0327a54..5bdf4d3166a6 100644
--- a/ui/packages/consul-ui/vendor/init.js
+++ b/ui/packages/consul-ui/vendor/init.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (function(doc, appName) {
diff --git a/ui/packages/consul-ui/vendor/metrics-providers/consul.js b/ui/packages/consul-ui/vendor/metrics-providers/consul.js
index ded572e2912e..a14b606f8e3d 100644
--- a/ui/packages/consul-ui/vendor/metrics-providers/consul.js
+++ b/ui/packages/consul-ui/vendor/metrics-providers/consul.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 (function(global) {
diff --git a/ui/packages/consul-ui/vendor/metrics-providers/prometheus.js b/ui/packages/consul-ui/vendor/metrics-providers/prometheus.js
index f88eaf95df7a..56f33b299607 100644
--- a/ui/packages/consul-ui/vendor/metrics-providers/prometheus.js
+++ b/ui/packages/consul-ui/vendor/metrics-providers/prometheus.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 /*eslint no-console: "off"*/
diff --git a/version/fips.go b/version/fips.go
index 4700bc6813de..922d60644f2e 100644
--- a/version/fips.go
+++ b/version/fips.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 //go:build !fips
 
 package version
diff --git a/version/version.go b/version/version.go
index 0b81e19d2bc5..ea52f0ff89d2 100644
--- a/version/version.go
+++ b/version/version.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package version
 
diff --git a/version/version_test.go b/version/version_test.go
index afc517e00683..f295602f7517 100644
--- a/version/version_test.go
+++ b/version/version_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package version
 
diff --git a/website/.eslintrc.js b/website/.eslintrc.js
index 15da27e48c4a..32359e4f8d0d 100644
--- a/website/.eslintrc.js
+++ b/website/.eslintrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 module.exports = {
diff --git a/website/.stylelintrc.js b/website/.stylelintrc.js
index 01d3cc17031a..b651a8460930 100644
--- a/website/.stylelintrc.js
+++ b/website/.stylelintrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 module.exports = {
diff --git a/website/prettier.config.js b/website/prettier.config.js
index e8334791b83d..6cedcca48f42 100644
--- a/website/prettier.config.js
+++ b/website/prettier.config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 module.exports = {
diff --git a/website/public/ie-warning.js b/website/public/ie-warning.js
index 08d1060444bc..87109b2ed536 100644
--- a/website/public/ie-warning.js
+++ b/website/public/ie-warning.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 !(function () {
diff --git a/website/redirects.js b/website/redirects.js
index e5ca3e8775ee..bfb3cb693d74 100644
--- a/website/redirects.js
+++ b/website/redirects.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: MPL-2.0
+ * SPDX-License-Identifier: BUSL-1.1
  */
 
 // REDIRECTS FILE
diff --git a/website/scripts/should-build.sh b/website/scripts/should-build.sh
index b653682c52af..b9ce35e4715b 100644
--- a/website/scripts/should-build.sh
+++ b/website/scripts/should-build.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 
 ######################################################
diff --git a/website/scripts/website-build.sh b/website/scripts/website-build.sh
index 691b13f0df75..9d504653802b 100755
--- a/website/scripts/website-build.sh
+++ b/website/scripts/website-build.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 ######################################################
 # NOTE: This file is managed by the Digital Team's   #
diff --git a/website/scripts/website-start.sh b/website/scripts/website-start.sh
index 7831562084da..e6d639fb397a 100755
--- a/website/scripts/website-start.sh
+++ b/website/scripts/website-start.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
+# SPDX-License-Identifier: BUSL-1.1
 
 ######################################################
 # NOTE: This file is managed by the Digital Team's   #

From 5717cbd4666e7598ffad9e1b14cb080371597678 Mon Sep 17 00:00:00 2001
From: Poonam Jadhav <poonam.jadhav@hashicorp.com>
Date: Fri, 11 Aug 2023 09:22:30 -0400
Subject: [PATCH 273/359] Net-2708/delete resource endpoint (#18420)

* feat: add http delete endpoint for resource service

* refactor: clean up
---
 internal/resource/http/http.go      |  35 +++++++--
 internal/resource/http/http_test.go | 109 +++++++++++++++++++++++++++-
 2 files changed, 136 insertions(+), 8 deletions(-)

diff --git a/internal/resource/http/http.go b/internal/resource/http/http.go
index 26ae55a943cf..b6a018c40578 100644
--- a/internal/resource/http/http.go
+++ b/internal/resource/http/http.go
@@ -59,6 +59,8 @@ func (h *resourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case http.MethodPut:
 		h.handleWrite(w, r, ctx)
+	case http.MethodDelete:
+		h.handleDelete(w, r, ctx)
 	default:
 		w.WriteHeader(http.StatusMethodNotAllowed)
 		return
@@ -86,7 +88,7 @@ func (h *resourceHandler) handleWrite(w http.ResponseWriter, r *http.Request, ct
 		return
 	}
 
-	tenancyInfo, resourceName, version := checkURL(r)
+	tenancyInfo, resourceName, version := parseParams(r)
 
 	rsp, err := h.client.Write(ctx, &pbresource.WriteRequest{
 		Resource: &pbresource.Resource{
@@ -115,7 +117,7 @@ func (h *resourceHandler) handleWrite(w http.ResponseWriter, r *http.Request, ct
 	w.Write(output)
 }
 
-func checkURL(r *http.Request) (tenancy *pbresource.Tenancy, resourceName string, version string) {
+func parseParams(r *http.Request) (tenancy *pbresource.Tenancy, resourceName string, version string) {
 	params := r.URL.Query()
 	tenancy = &pbresource.Tenancy{
 		Partition: params.Get("partition"),
@@ -154,20 +156,39 @@ func handleResponseError(err error, w http.ResponseWriter, h *resourceHandler) {
 			h.logger.Info("User has mal-formed request", "error", err)
 		case codes.NotFound:
 			w.WriteHeader(http.StatusNotFound)
-			h.logger.Info("Failed to write to GRPC resource: Not found", "error", err)
+			h.logger.Info("Received error from resource service: Not found", "error", err)
 		case codes.PermissionDenied:
 			w.WriteHeader(http.StatusForbidden)
-			h.logger.Info("Failed to write to GRPC resource: User not authenticated", "error", err)
+			h.logger.Info("Received error from resource service: User not authenticated", "error", err)
 		case codes.Aborted:
 			w.WriteHeader(http.StatusConflict)
-			h.logger.Info("Failed to write to GRPC resource: the request conflict with the current state of the target resource", "error", err)
+			h.logger.Info("Received error from resource service: the request conflict with the current state of the target resource", "error", err)
 		default:
 			w.WriteHeader(http.StatusInternalServerError)
-			h.logger.Error("Failed to write to GRPC resource", "error", err)
+			h.logger.Error("Received error from resource service", "error", err)
 		}
 	} else {
 		w.WriteHeader(http.StatusInternalServerError)
-		h.logger.Error("Failed to write to GRPC resource: not able to parse error returned", "error", err)
+		h.logger.Error("Received error from resource service: not able to parse error returned", "error", err)
 	}
 	w.Write([]byte(err.Error()))
 }
+
+// Note: The HTTP endpoints do not accept UID since it is quite unlikely that the user will have access to it
+func (h *resourceHandler) handleDelete(w http.ResponseWriter, r *http.Request, ctx context.Context) {
+	tenancyInfo, resourceName, version := parseParams(r)
+	_, err := h.client.Delete(ctx, &pbresource.DeleteRequest{
+		Id: &pbresource.ID{
+			Type:    h.reg.Type,
+			Tenancy: tenancyInfo,
+			Name:    resourceName,
+		},
+		Version: version,
+	})
+	if err != nil {
+		handleResponseError(err, w, h)
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+	w.Write([]byte("{}"))
+}
diff --git a/internal/resource/http/http_test.go b/internal/resource/http/http_test.go
index 65b9ce6ba9c8..6747fb251a5a 100644
--- a/internal/resource/http/http_test.go
+++ b/internal/resource/http/http_test.go
@@ -29,7 +29,7 @@ const testACLTokenArtistReadPolicy = "00000000-0000-0000-0000-000000000001"
 const testACLTokenArtistWritePolicy = "00000000-0000-0000-0000-000000000002"
 
 func parseToken(req *http.Request, token *string) {
-	*token = req.Header.Get("X-Consul-Token")
+	*token = req.Header.Get("x-consul-token")
 }
 
 func TestResourceHandler_InputValidation(t *testing.T) {
@@ -83,6 +83,12 @@ func TestResourceHandler_InputValidation(t *testing.T) {
 			response:             httptest.NewRecorder(),
 			expectedResponseCode: http.StatusBadRequest,
 		},
+		{
+			description:          "no id",
+			request:              httptest.NewRequest("DELETE", "/?partition=default&peer_name=local&namespace=default", strings.NewReader("")),
+			response:             httptest.NewRecorder(),
+			expectedResponseCode: http.StatusBadRequest,
+		},
 	}
 
 	for _, tc := range testCases {
@@ -284,3 +290,104 @@ func TestResourceWriteHandler(t *testing.T) {
 		require.Equal(t, "Keith Urban V1", artist.Name)
 	})
 }
+
+func createResource(t *testing.T, artistHandler resourceHandler) {
+	rsp := httptest.NewRecorder()
+	req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(`
+		{
+			"metadata": {
+				"foo": "bar"
+			},
+			"data": {
+				"name": "Keith Urban",
+				"genre": "GENRE_COUNTRY"
+			}
+		}
+	`))
+
+	req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
+
+	artistHandler.ServeHTTP(rsp, req)
+	require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
+}
+
+func TestResourceDeleteHandler(t *testing.T) {
+	aclResolver := &resourceSvc.MockACLResolver{}
+	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything).
+		Return(svctest.AuthorizerFrom(t, demo.ArtistV2ReadPolicy), nil)
+	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything).
+		Return(svctest.AuthorizerFrom(t, demo.ArtistV2WritePolicy), nil)
+
+	client := svctest.RunResourceServiceWithACL(t, aclResolver, demo.RegisterTypes)
+
+	v2ArtistHandler := resourceHandler{
+		resource.Registration{
+			Type:  demo.TypeV2Artist,
+			Proto: &pbdemov2.Artist{},
+		},
+		client,
+		parseToken,
+		hclog.NewNullLogger(),
+	}
+
+	t.Run("should surface PermissionDenied error from resource service", func(t *testing.T) {
+		createResource(t, v2ArtistHandler)
+
+		deleteRsp := httptest.NewRecorder()
+		deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
+
+		deletReq.Header.Add("x-consul-token", testACLTokenArtistReadPolicy)
+
+		v2ArtistHandler.ServeHTTP(deleteRsp, deletReq)
+
+		require.Equal(t, http.StatusForbidden, deleteRsp.Result().StatusCode)
+	})
+
+	t.Run("should delete a resource without version", func(t *testing.T) {
+		createResource(t, v2ArtistHandler)
+
+		deleteRsp := httptest.NewRecorder()
+		deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
+
+		deletReq.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
+
+		v2ArtistHandler.ServeHTTP(deleteRsp, deletReq)
+
+		require.Equal(t, http.StatusNoContent, deleteRsp.Result().StatusCode)
+
+		var result map[string]any
+		require.NoError(t, json.NewDecoder(deleteRsp.Body).Decode(&result))
+		require.Empty(t, result)
+
+		_, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
+			Id: &pbresource.ID{
+				Type:    demo.TypeV2Artist,
+				Tenancy: demo.TenancyDefault,
+				Name:    "keith-urban",
+			},
+		})
+		require.ErrorContains(t, err, "resource not found")
+	})
+
+	t.Run("should delete a resource with version", func(t *testing.T) {
+		createResource(t, v2ArtistHandler)
+
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=1", strings.NewReader(""))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
+
+		v2ArtistHandler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusNoContent, rsp.Result().StatusCode)
+
+		_, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
+			Id: &pbresource.ID{
+				Type:    demo.TypeV2Artist,
+				Tenancy: demo.TenancyDefault,
+				Name:    "keith-urban",
+			},
+		})
+		require.ErrorContains(t, err, "resource not found")
+	})
+}

From b4cdfbbc12e94e58d1660f3a4b0a603cb25da9e8 Mon Sep 17 00:00:00 2001
From: Matt Keeler <mkeeler@users.noreply.github.com>
Date: Fri, 11 Aug 2023 10:15:45 -0400
Subject: [PATCH 274/359] Disable deep-copy codegen verification for now.
 (#18446)

Once we figure out what to do with license headers for these files we should re-enable this check.
---
 .github/workflows/go-tests.yml | 48 ++++++++++++++++++----------------
 1 file changed, 25 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index bc9b985d5e31..561c7e1e3dbd 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -76,28 +76,29 @@ jobs:
     - name: Notify Slack
       if: ${{ failure() }}
       run: .github/scripts/notify_slack.sh
-  check-generated-deep-copy:
-    needs:
-    - setup
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
-    steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-    # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
-    - name: Setup Git
-      if: ${{ endsWith(github.repository, '-enterprise') }}
-      run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-      with:
-        go-version-file: 'go.mod'
-    - run: make --always-make deep-copy
-    - run: |
-        if ! git diff --exit-code; then
-          echo "Generated code was not updated correctly"
-          exit 1
-        fi
-    - name: Notify Slack
-      if: ${{ failure() }}
-      run: .github/scripts/notify_slack.sh
+  # Temporarily changing until the situation with license headers in the generated code can be worked out
+  # check-generated-deep-copy:
+  #   needs:
+  #   - setup
+  #   runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
+  #   steps:
+  #   - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+  #   # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
+  #   - name: Setup Git
+  #     if: ${{ endsWith(github.repository, '-enterprise') }}
+  #     run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
+  #   - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+  #     with:
+  #       go-version-file: 'go.mod'
+  #   - run: make --always-make deep-copy
+  #   - run: |
+  #       if ! git diff --exit-code; then
+  #         echo "Generated code was not updated correctly"
+  #         exit 1
+  #       fi
+  #   - name: Notify Slack
+  #     if: ${{ failure() }}
+  #     run: .github/scripts/notify_slack.sh
 
   lint-enums:
     needs:
@@ -464,7 +465,8 @@ jobs:
   go-tests-success:
     needs:
     - setup
-    - check-generated-deep-copy
+    # Reenable later
+    #- check-generated-deep-copy
     - check-generated-protobuf
     - check-go-mod
     - lint-consul-retry

From 66bcaa3c8f20650baec1304c2a2f83822160d710 Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Fri, 11 Aug 2023 10:04:44 -0500
Subject: [PATCH 275/359] build: upgrade to latest buf v1.26.0 (#18426)

---
 Makefile                                  | 2 +-
 proto/buf.yaml                            | 2 ++
 proto/private/pbsubscribe/subscribe.pb.go | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 4f9cedddea3c..1fe0d1b75afd 100644
--- a/Makefile
+++ b/Makefile
@@ -12,7 +12,7 @@ GO_MODULES := $(shell find . -name go.mod -exec dirname {} \; | grep -v "proto-g
 ###
 GOLANGCI_LINT_VERSION='v1.51.1'
 MOCKERY_VERSION='v2.20.0'
-BUF_VERSION='v1.14.0'
+BUF_VERSION='v1.26.0'
 
 PROTOC_GEN_GO_GRPC_VERSION="v1.2.0"
 MOG_VERSION='v0.4.0'
diff --git a/proto/buf.yaml b/proto/buf.yaml
index a8aa50196486..d367418c824b 100644
--- a/proto/buf.yaml
+++ b/proto/buf.yaml
@@ -2,6 +2,8 @@
 # SPDX-License-Identifier: BUSL-1.1
 
 version: v1
+deps:
+  - buf.build/hashicorp/consul
 lint:
   use:
     - DEFAULT
diff --git a/proto/private/pbsubscribe/subscribe.pb.go b/proto/private/pbsubscribe/subscribe.pb.go
index 796f581f3f78..93dcf9c21c23 100644
--- a/proto/private/pbsubscribe/subscribe.pb.go
+++ b/proto/private/pbsubscribe/subscribe.pb.go
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: BUSL-1.1
 
 //
-// Package event provides a service for subscribing to state change events.
+//Package event provides a service for subscribing to state change events.
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:

From 4a0afb5d1373845e8d57d2e32859ea62b3855946 Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Fri, 11 Aug 2023 13:11:06 -0400
Subject: [PATCH 276/359] NET-4952 Add docs for export command (#18425)

* Init file for services export command docs

* Add link for export command to nav

* Add export to list of subcommands for services

* Add usage and basic command options

* Add API options using includes

* Add section for enterprise options

* Include argument value in flag format

* Add examples

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---
 website/content/commands/services/export.mdx | 64 ++++++++++++++++++++
 website/content/commands/services/index.mdx  |  1 +
 website/data/commands-nav-data.json          |  4 ++
 3 files changed, 69 insertions(+)
 create mode 100644 website/content/commands/services/export.mdx

diff --git a/website/content/commands/services/export.mdx b/website/content/commands/services/export.mdx
new file mode 100644
index 000000000000..281d5f23e7d7
--- /dev/null
+++ b/website/content/commands/services/export.mdx
@@ -0,0 +1,64 @@
+---
+layout: commands
+page_title: 'Commands: Services Export'
+description: |
+  The `consul services export` command exports a service from one peer or admin partition to another.
+---
+
+# Consul Services Export
+
+Command: `consul services export`
+
+The `services export` command exports a service from one admin partition
+or cluster peer to another. This command can be used in lieu of creating or updating the corresponding
+`exported-services` configuration entry. Running the command multiple times with the same
+arguments results in a no-op.
+
+```text
+Usage: consul services export [options] -name <service name> -consumer-peers <other cluster name>
+
+  Export a service to a peered cluster.
+
+      $ consul services export -name=web -consumer-peers=other-cluster
+
+  Use the -consumer-partitions flag instead of -consumer-peers to export to a different partition in the same cluster.
+
+      $ consul services export -name=web -consumer-partitions=other-partition
+
+  Additional flags and more advanced use cases are detailed below.
+```
+
+#### Command options
+
+- `-name=<string>` - (Required) The name of the service to export.
+
+- `-consumer-peers=<string>` - (Required) A comma-separated list of cluster peers to export the service to.
+  In Consul Enterprise, this flag is optional when `-consumer-partitions` is specified.
+
+#### Enterprise options
+
+- `-consumer-partitions=<string>` - A comma-separated list of admin partitions within the
+  same datacenter to export the service to. This flag is optional when `-consumer-peers` is specified.
+
+@include 'http_api_partition_options.mdx'
+
+@include 'http_api_namespace_options.mdx'
+
+#### API options
+
+@include 'http_api_options_client.mdx'
+
+## Examples
+
+In the following example, the `consul services export` command makes the `web` service available to services running in a cluster named `dc2` that has a previously-established cluster peering connection.
+
+```shell-session hideClipboard
+$ consul services export -name=web -consumer-peers=dc2
+```
+
+In the following example, the `consul services export` command makes the `web` service located in the
+namespace `ns1` and the admin partition `alpha` to other admin partitions named `beta` and `delta`.
+
+```shell-session hideClipboard
+$ consul services export -name=web -namespace=ns1 -partition=alpha -consumer-partitions=beta,delta
+```
diff --git a/website/content/commands/services/index.mdx b/website/content/commands/services/index.mdx
index ec26946c580a..f511ffe2efce 100644
--- a/website/content/commands/services/index.mdx
+++ b/website/content/commands/services/index.mdx
@@ -31,6 +31,7 @@ Usage: consul services <subcommand> [options] [args]
 Subcommands:
     deregister    Deregister services with the local agent
     register      Register services with the local agent
+    export        Export services from one cluster peer or admin partition to another
 ```
 
 For more information, examples, and usage about a subcommand, click on the name
diff --git a/website/data/commands-nav-data.json b/website/data/commands-nav-data.json
index ee491e9dfa7b..dd38459a9012 100644
--- a/website/data/commands-nav-data.json
+++ b/website/data/commands-nav-data.json
@@ -487,6 +487,10 @@
       {
         "title": "deregister",
         "path": "services/deregister"
+      },
+      {
+        "title": "export",
+        "path": "services/export"
       }
     ]
   },

From 559c61e6b6f93270bb50944e9fb063c94bdf92e8 Mon Sep 17 00:00:00 2001
From: Poonam Jadhav <poonam.jadhav@hashicorp.com>
Date: Fri, 11 Aug 2023 15:52:51 -0400
Subject: [PATCH 277/359] Net-2712/resource hcl parsing (#18250)

* Initial protohcl implementation

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Daniel Upton <daniel@floppy.co>

* resourcehcl: implement resource decoding on top of protohcl

Co-authored-by: Daniel Upton <daniel@floppy.co>

* fix: resolve ci failures

* test: add additional unmarshalling tests

* refactor: update function test to clean protohcl package imports

---------

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Daniel Upton <daniel@floppy.co>
---
 go.mod                                        |   6 +
 go.sum                                        |  23 +
 internal/protohcl/any.go                      | 114 ++
 internal/protohcl/attributes.go               | 154 +++
 internal/protohcl/blocks.go                   | 112 ++
 internal/protohcl/cty.go                      | 146 +++
 internal/protohcl/decoder.go                  | 284 +++++
 internal/protohcl/doc.go                      |  76 ++
 internal/protohcl/naming.go                   |  18 +
 internal/protohcl/oneof.go                    |  51 +
 internal/protohcl/primitives.go               | 138 +++
 internal/protohcl/testproto/buf.gen.yaml      |   9 +
 internal/protohcl/testproto/example.pb.go     | 994 ++++++++++++++++++
 internal/protohcl/testproto/example.proto     |  74 ++
 internal/protohcl/unmarshal.go                | 134 +++
 internal/protohcl/unmarshal_test.go           | 557 ++++++++++
 internal/protohcl/well_known_types.go         | 418 ++++++++
 internal/resource/registry.go                 |  13 +
 internal/resourcehcl/any.go                   |  46 +
 internal/resourcehcl/naming.go                |  35 +
 .../testdata/gvk-no-arguments.error           |   1 +
 .../resourcehcl/testdata/gvk-no-arguments.hcl |   4 +
 .../resourcehcl/testdata/invalid-group.error  |   1 +
 .../resourcehcl/testdata/invalid-group.hcl    |   8 +
 .../resourcehcl/testdata/invalid-gvk.error    |   1 +
 internal/resourcehcl/testdata/invalid-gvk.hcl |   4 +
 .../testdata/invalid-metadata.error           |   1 +
 .../resourcehcl/testdata/invalid-metadata.hcl |   8 +
 .../resourcehcl/testdata/invalid-name.error   |   1 +
 .../resourcehcl/testdata/invalid-name.hcl     |   4 +
 .../testdata/no-blocks-any-first.golden       |   1 +
 .../testdata/no-blocks-any-first.hcl          |   8 +
 .../resourcehcl/testdata/no-blocks.golden     |   1 +
 internal/resourcehcl/testdata/no-blocks.hcl   |  33 +
 internal/resourcehcl/testdata/owner.golden    |   1 +
 internal/resourcehcl/testdata/owner.hcl       |   9 +
 .../resourcehcl/testdata/simple-gvk.golden    |   1 +
 internal/resourcehcl/testdata/simple-gvk.hcl  |  13 +
 .../resourcehcl/testdata/type-block.golden    |   1 +
 internal/resourcehcl/testdata/type-block.hcl  |   8 +
 .../testdata/unknown-field-block.error        |   1 +
 .../testdata/unknown-field-block.hcl          |   3 +
 .../testdata/unknown-field-object.error       |   1 +
 .../testdata/unknown-field-object.hcl         |   3 +
 .../resourcehcl/testdata/unknown-type.error   |   1 +
 .../resourcehcl/testdata/unknown-type.hcl     |   8 +
 .../resourcehcl/testdata/upstreams.golden     |   1 +
 internal/resourcehcl/testdata/upstreams.hcl   |  25 +
 internal/resourcehcl/unmarshal.go             |  52 +
 internal/resourcehcl/unmarshal_test.go        | 103 ++
 50 files changed, 3709 insertions(+)
 create mode 100644 internal/protohcl/any.go
 create mode 100644 internal/protohcl/attributes.go
 create mode 100644 internal/protohcl/blocks.go
 create mode 100644 internal/protohcl/cty.go
 create mode 100644 internal/protohcl/decoder.go
 create mode 100644 internal/protohcl/doc.go
 create mode 100644 internal/protohcl/naming.go
 create mode 100644 internal/protohcl/oneof.go
 create mode 100644 internal/protohcl/primitives.go
 create mode 100644 internal/protohcl/testproto/buf.gen.yaml
 create mode 100644 internal/protohcl/testproto/example.pb.go
 create mode 100644 internal/protohcl/testproto/example.proto
 create mode 100644 internal/protohcl/unmarshal.go
 create mode 100644 internal/protohcl/unmarshal_test.go
 create mode 100644 internal/protohcl/well_known_types.go
 create mode 100644 internal/resourcehcl/any.go
 create mode 100644 internal/resourcehcl/naming.go
 create mode 100644 internal/resourcehcl/testdata/gvk-no-arguments.error
 create mode 100644 internal/resourcehcl/testdata/gvk-no-arguments.hcl
 create mode 100644 internal/resourcehcl/testdata/invalid-group.error
 create mode 100644 internal/resourcehcl/testdata/invalid-group.hcl
 create mode 100644 internal/resourcehcl/testdata/invalid-gvk.error
 create mode 100644 internal/resourcehcl/testdata/invalid-gvk.hcl
 create mode 100644 internal/resourcehcl/testdata/invalid-metadata.error
 create mode 100644 internal/resourcehcl/testdata/invalid-metadata.hcl
 create mode 100644 internal/resourcehcl/testdata/invalid-name.error
 create mode 100644 internal/resourcehcl/testdata/invalid-name.hcl
 create mode 100644 internal/resourcehcl/testdata/no-blocks-any-first.golden
 create mode 100644 internal/resourcehcl/testdata/no-blocks-any-first.hcl
 create mode 100644 internal/resourcehcl/testdata/no-blocks.golden
 create mode 100644 internal/resourcehcl/testdata/no-blocks.hcl
 create mode 100644 internal/resourcehcl/testdata/owner.golden
 create mode 100644 internal/resourcehcl/testdata/owner.hcl
 create mode 100644 internal/resourcehcl/testdata/simple-gvk.golden
 create mode 100644 internal/resourcehcl/testdata/simple-gvk.hcl
 create mode 100644 internal/resourcehcl/testdata/type-block.golden
 create mode 100644 internal/resourcehcl/testdata/type-block.hcl
 create mode 100644 internal/resourcehcl/testdata/unknown-field-block.error
 create mode 100644 internal/resourcehcl/testdata/unknown-field-block.hcl
 create mode 100644 internal/resourcehcl/testdata/unknown-field-object.error
 create mode 100644 internal/resourcehcl/testdata/unknown-field-object.hcl
 create mode 100644 internal/resourcehcl/testdata/unknown-type.error
 create mode 100644 internal/resourcehcl/testdata/unknown-type.hcl
 create mode 100644 internal/resourcehcl/testdata/upstreams.golden
 create mode 100644 internal/resourcehcl/testdata/upstreams.hcl
 create mode 100644 internal/resourcehcl/unmarshal.go
 create mode 100644 internal/resourcehcl/unmarshal_test.go

diff --git a/go.mod b/go.mod
index 0d2de3f6b391..4e5b45443455 100644
--- a/go.mod
+++ b/go.mod
@@ -61,6 +61,7 @@ require (
 	github.com/hashicorp/go-version v1.2.1
 	github.com/hashicorp/golang-lru v0.5.4
 	github.com/hashicorp/hcl v1.0.0
+	github.com/hashicorp/hcl/v2 v2.6.0
 	github.com/hashicorp/hcp-scada-provider v0.2.3
 	github.com/hashicorp/hcp-sdk-go v0.55.0
 	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038
@@ -96,6 +97,7 @@ require (
 	github.com/ryanuber/columnize v2.1.2+incompatible
 	github.com/shirou/gopsutil/v3 v3.22.8
 	github.com/stretchr/testify v1.8.3
+	github.com/zclconf/go-cty v1.2.0
 	go.etcd.io/bbolt v1.3.7
 	go.opentelemetry.io/otel v1.16.0
 	go.opentelemetry.io/otel/metric v1.16.0
@@ -138,6 +140,9 @@ require (
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/agext/levenshtein v1.2.1 // indirect
+	github.com/apparentlymart/go-textseg v1.0.0 // indirect
+	github.com/apparentlymart/go-textseg/v12 v12.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/benbjohnson/immutable v0.4.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -207,6 +212,7 @@ require (
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
diff --git a/go.sum b/go.sum
index 5ca08d3b9460..690c27b8af7c 100644
--- a/go.sum
+++ b/go.sum
@@ -111,6 +111,8 @@ github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdko
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af h1:DBNMBMuMiWYu0b+8KMJuWmfCkcxl09JwdlqwDZZ6U14=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw=
+github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
+github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -118,6 +120,11 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 h1:K4N91T1+RlSlx+t2dujeDviy4ehSGVjEltluDgmeHS4=
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.156/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
+github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0=
+github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
+github.com/apparentlymart/go-textseg/v12 v12.0.0 h1:bNEQyAGak9tojivJNkoqWErVCQbjdL7GzRt3F8NvfJ0=
+github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e h1:QEF07wC0T1rKkctt1RINW/+RMTVmiwxETico2l3gxJA=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
@@ -312,6 +319,7 @@ github.com/go-ozzo/ozzo-validation v3.6.0+incompatible/go.mod h1:gsEKFIVnabGBt6m
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
+github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
 github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
@@ -367,6 +375,7 @@ github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71
 github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -552,6 +561,8 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/hcl/v2 v2.6.0 h1:3krZOfGY6SziUXa6H9PJU6TyohHn7I+ARYnhbeNBz+o=
+github.com/hashicorp/hcl/v2 v2.6.0/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY=
 github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
 github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
 github.com/hashicorp/hcp-sdk-go v0.55.0 h1:T4sQtgQfQJOD0uucT4hS+GZI1FmoHAQMADj277W++xw=
@@ -653,6 +664,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
+github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/linode/linodego v0.7.1/go.mod h1:ga11n3ivecUrPCHN0rANxKmfWBJVkOXfLMZinAbj2sY=
 github.com/linode/linodego v0.10.0 h1:AMdb82HVgY8o3mjBXJcUv9B+fnJjfDMn2rNRGbX+jvM=
@@ -710,6 +723,8 @@ github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-testing-interface v1.14.0 h1:/x0XQ6h+3U3nAyk1yx+bHPURrKa9sVVvYbuqZ7pIAtI=
 github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
+github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 h1:hOY53G+kBFhbYFpRVxHl5eS7laP6B1+Cq+Z9Dry1iMU=
 github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ=
@@ -847,6 +862,7 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUt
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM=
 github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/shirou/gopsutil/v3 v3.22.8 h1:a4s3hXogo5mE2PfdfJIonDbstO/P+9JszdfhAHSzD9Y=
 github.com/shirou/gopsutil/v3 v3.22.8/go.mod h1:s648gW4IywYzUfE/KjXxUsqrqx/T2xO5VqOXxONeRfI=
 github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
@@ -871,6 +887,7 @@ github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -912,6 +929,7 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK
 github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
+github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/vmware/govmomi v0.18.0 h1:f7QxSmP7meCtoAmiKZogvVbLInT+CZx6Px6K5rYsJZo=
 github.com/vmware/govmomi v0.18.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
@@ -930,6 +948,8 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
 github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
+github.com/zclconf/go-cty v1.2.0 h1:sPHsy7ADcIZQP3vILvTjrh74ZA175TFP5vqiNK1UmlI=
+github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
@@ -974,6 +994,7 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -1035,6 +1056,7 @@ golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180611182652-db08ff08e862/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1137,6 +1159,7 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/internal/protohcl/any.go b/internal/protohcl/any.go
new file mode 100644
index 000000000000..bc2a8c6faaa1
--- /dev/null
+++ b/internal/protohcl/any.go
@@ -0,0 +1,114 @@
+package protohcl
+
+import (
+	"fmt"
+	"strings"
+
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/reflect/protoregistry"
+	"google.golang.org/protobuf/types/known/anypb"
+)
+
+const wellKnownTypeAny = "google.protobuf.Any"
+
+type AnyTypeProvider interface {
+	AnyType(*UnmarshalContext, MessageDecoder) (protoreflect.FullName, MessageDecoder, error)
+}
+
+type AnyTypeURLProvider struct {
+	TypeURLFieldName string
+}
+
+func (p *AnyTypeURLProvider) AnyType(ctx *UnmarshalContext, decoder MessageDecoder) (protoreflect.FullName, MessageDecoder, error) {
+	typeURLFieldName := "type_url"
+	if p != nil {
+		typeURLFieldName = p.TypeURLFieldName
+	}
+
+	var typeURL *IterField
+	err := decoder.EachField(FieldIterator{
+		Desc: (&anypb.Any{}).ProtoReflect().Descriptor(),
+		Func: func(field *IterField) error {
+			if field.Name == typeURLFieldName {
+				typeURL = field
+			}
+			return nil
+		},
+		IgnoreUnknown: true,
+	})
+	if err != nil {
+		return "", nil, err
+	}
+
+	if typeURL == nil || typeURL.Val == nil {
+		return "", nil, fmt.Errorf("%s field is required to decode Any", typeURLFieldName)
+	}
+
+	url, err := stringFromCty(*typeURL.Val)
+	if err != nil {
+		return "", nil, err
+	}
+
+	slashIdx := strings.LastIndex(url, "/")
+	typeName := url
+	// strip all "hostname" parts of the URL path
+	if slashIdx > 1 && slashIdx+1 < len(url) {
+		typeName = url[slashIdx+1:]
+	}
+
+	return protoreflect.FullName(typeName), decoder.SkipFields(typeURLFieldName), nil
+}
+
+func (u UnmarshalOptions) decodeAny(ctx *UnmarshalContext, decoder MessageDecoder, msg protoreflect.Message) error {
+	var typeProvider AnyTypeProvider = &AnyTypeURLProvider{TypeURLFieldName: "type_url"}
+	if u.AnyTypeProvider != nil {
+		typeProvider = u.AnyTypeProvider
+	}
+
+	var (
+		typeName protoreflect.FullName
+		err      error
+	)
+	typeName, decoder, err = typeProvider.AnyType(ctx, decoder)
+	if err != nil {
+		return fmt.Errorf("error getting type for Any field: %w", err)
+	}
+
+	// the type.googleapis.come/ should be optional
+	mt, err := protoregistry.GlobalTypes.FindMessageByName(typeName)
+	if err != nil {
+		return fmt.Errorf("error looking up type information for %s: %w", typeName, err)
+	}
+
+	newMsg := mt.New()
+
+	err = u.decodeMessage(&UnmarshalContext{
+		Parent:  ctx.Parent,
+		Name:    ctx.Name,
+		Message: newMsg,
+	}, decoder, newMsg)
+	if err != nil {
+		return err
+	}
+
+	enc, err := proto.Marshal(newMsg.Interface())
+	if err != nil {
+		return fmt.Errorf("error marshalling Any data as protobuf value: %w", err)
+	}
+
+	anyValue := msg.Interface().(*anypb.Any)
+
+	// This will look like <proto package>.<proto Message name> and not quite like a full URL with a path
+	anyValue.TypeUrl = string(newMsg.Descriptor().FullName())
+	anyValue.Value = enc
+
+	return nil
+}
+
+func isAnyField(desc protoreflect.FieldDescriptor) bool {
+	if desc.Kind() != protoreflect.MessageKind {
+		return false
+	}
+	return desc.Message().FullName() == wellKnownTypeAny
+}
diff --git a/internal/protohcl/attributes.go b/internal/protohcl/attributes.go
new file mode 100644
index 000000000000..1339a3be22c8
--- /dev/null
+++ b/internal/protohcl/attributes.go
@@ -0,0 +1,154 @@
+package protohcl
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+	"github.com/zclconf/go-cty/cty"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+)
+
+func (u UnmarshalOptions) decodeAttribute(ctx *UnmarshalContext, newMessage newMessageFn, f protoreflect.FieldDescriptor, val cty.Value, listAllowed bool) (protoreflect.Value, error) {
+	if f.IsMap() {
+		return u.decodeAttributeToMap(ctx, newMessage, f, val)
+	}
+
+	if f.IsList() && listAllowed {
+		return u.decodeAttributeToList(ctx, newMessage, f, val)
+	}
+
+	ok, value, err := decodeAttributeToWellKnownType(f, val)
+	if ok {
+		return value, errors.Wrapf(err, "%s: Failed to unmarshal argument %s", ctx.ErrorRange(), ctx.Name)
+	}
+
+	ok, value, err = u.decodeAttributeToMessage(ctx, newMessage, f, val)
+	if ok {
+		return value, err
+	}
+
+	value, err = decodeAttributeToPrimitive(f, val)
+	if err != nil {
+		return value, errors.Wrapf(err, "%s: Failed to unmarshal argument %s", ctx.ErrorRange(), ctx.Name)
+	}
+	return value, nil
+}
+
+func (u UnmarshalOptions) decodeAttributeToMessage(ctx *UnmarshalContext, newMessage newMessageFn, desc protoreflect.FieldDescriptor, val cty.Value) (bool, protoreflect.Value, error) {
+	if desc.Kind() != protoreflect.MessageKind {
+		return false, protoreflect.Value{}, nil
+	}
+
+	msg := newMessage().Message()
+
+	ctx = &UnmarshalContext{
+		Parent:  ctx.Parent,
+		Name:    ctx.Name,
+		Message: msg,
+		Range:   ctx.Range,
+	}
+
+	// We have limited support for HCL functions, essentially just those that
+	// return a protobuf message (like the resource `gvk` function) in which
+	// case, the message will be wrapped in a cty capsule.
+	if val.Type().IsCapsuleType() {
+		msg, ok := val.EncapsulatedValue().(proto.Message)
+		if ok {
+			return true, protoreflect.ValueOf(msg.ProtoReflect()), nil
+		} else {
+			return true, protoreflect.Value{}, fmt.Errorf("expected encapsulated value to be a message, actual type: %T", val.EncapsulatedValue())
+		}
+	}
+
+	if !val.Type().IsObjectType() {
+		return false, protoreflect.Value{}, nil
+	}
+
+	decoder := newObjectDecoder(val, u.FieldNamer, ctx.ErrorRange())
+
+	if err := u.decodeMessage(ctx, decoder, msg); err != nil {
+		return true, protoreflect.Value{}, err
+	}
+	return true, protoreflect.ValueOf(msg), nil
+}
+
+func (u UnmarshalOptions) decodeAttributeToList(ctx *UnmarshalContext, newMessage newMessageFn, desc protoreflect.FieldDescriptor, value cty.Value) (protoreflect.Value, error) {
+	if value.IsNull() {
+		return protoreflect.Value{}, nil
+	}
+
+	valueType := value.Type()
+	if !valueType.IsListType() && !valueType.IsTupleType() {
+		return protoreflect.Value{}, fmt.Errorf("expected list/tuple type after HCL decode but the actual type was %s", valueType.FriendlyName())
+	}
+
+	if value.LengthInt() < 1 {
+		return protoreflect.Value{}, nil
+	}
+
+	protoList := newMessage().List()
+
+	var err error
+	var idx int
+	value.ForEachElement(func(_ cty.Value, val cty.Value) bool {
+		var protoVal protoreflect.Value
+		protoVal, err = u.decodeAttribute(&UnmarshalContext{
+			Parent: ctx,
+			Name:   fmt.Sprintf("%s[%d]", u.FieldNamer.NameField(desc), idx),
+		}, protoList.NewElement, desc, val, false)
+		if err != nil {
+			return true
+		}
+
+		idx++
+		protoList.Append(protoVal)
+		return false
+	})
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+
+	return protoreflect.ValueOfList(protoList), nil
+}
+
+func (u UnmarshalOptions) decodeAttributeToMap(ctx *UnmarshalContext, newMessage newMessageFn, desc protoreflect.FieldDescriptor, value cty.Value) (protoreflect.Value, error) {
+	if value.IsNull() {
+		return protoreflect.Value{}, nil
+	}
+
+	valueType := value.Type()
+	if !valueType.IsMapType() && !valueType.IsObjectType() {
+		return protoreflect.Value{}, fmt.Errorf("expected map/object type after HCL decode but the actual type was %s", valueType.FriendlyName())
+	}
+
+	if value.LengthInt() < 1 {
+		return protoreflect.Value{}, nil
+	}
+
+	protoMap := newMessage().Map()
+	protoValueDesc := desc.MapValue()
+	var err error
+
+	value.ForEachElement(func(key cty.Value, val cty.Value) (stop bool) {
+		var protoVal protoreflect.Value
+		protoVal, err = u.decodeAttribute(&UnmarshalContext{
+			Parent:  ctx,
+			Name:    fmt.Sprintf("%s[%q]", u.FieldNamer.NameField(desc), key.AsString()),
+			Message: nil, // TODO: what should this really be?
+		}, protoMap.NewValue, protoValueDesc, val, false)
+		if err != nil {
+			return true
+		}
+		if protoVal.IsValid() {
+			// HCL doesn't support non-string keyed maps so we blindly use string keys
+			protoMap.Set(protoreflect.ValueOfString(key.AsString()).MapKey(), protoVal)
+		}
+		return false
+	})
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+
+	return protoreflect.ValueOfMap(protoMap), nil
+}
diff --git a/internal/protohcl/blocks.go b/internal/protohcl/blocks.go
new file mode 100644
index 000000000000..dd156f29a400
--- /dev/null
+++ b/internal/protohcl/blocks.go
@@ -0,0 +1,112 @@
+package protohcl
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/hcl/v2"
+	"google.golang.org/protobuf/reflect/protoreflect"
+)
+
+func (u UnmarshalOptions) decodeBlocks(ctx *UnmarshalContext, blocks hcl.Blocks, msg protoreflect.Message, f protoreflect.FieldDescriptor) (protoreflect.Value, error) {
+	if f.Kind() != protoreflect.MessageKind {
+		return protoreflect.Value{}, fmt.Errorf("only protobuf message kinds can use HCL block syntax")
+	}
+
+	if f.IsMap() {
+		return u.decodeBlocksToMap(ctx, blocks, msg, f)
+	}
+
+	if f.IsList() {
+		return u.decodeBlocksToList(ctx, blocks, msg, f)
+	}
+
+	return u.decodeBlocksToMessage(ctx, blocks, msg, f)
+}
+
+func (u UnmarshalOptions) decodeBlocksToMap(ctx *UnmarshalContext, blocks hcl.Blocks, msg protoreflect.Message, f protoreflect.FieldDescriptor) (protoreflect.Value, error) {
+	val := msg.NewField(f)
+	mapVal := val.Map()
+
+	for _, block := range blocks {
+		if len(block.Labels) != 1 {
+			return protoreflect.Value{}, fmt.Errorf("protobuf map fields must have 1 HCL block label")
+		}
+
+		key := protoreflect.ValueOfString(block.Labels[0])
+		value := mapVal.NewValue()
+		msgVal := value.Message()
+
+		err := u.decodeMessage(
+			&UnmarshalContext{
+				Parent:  ctx,
+				Name:    fmt.Sprintf("%s[%q]", u.FieldNamer.NameField(f), block.Labels[0]),
+				Message: msgVal,
+				Range:   block.DefRange,
+			},
+			u.bodyDecoder(block.Body),
+			msgVal,
+		)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+
+		mapVal.Set(key.MapKey(), value)
+	}
+	return val, nil
+}
+
+func (u UnmarshalOptions) decodeBlocksToList(ctx *UnmarshalContext, blocks hcl.Blocks, msg protoreflect.Message, f protoreflect.FieldDescriptor) (protoreflect.Value, error) {
+	val := msg.NewField(f)
+	listVal := val.List()
+
+	var err error
+	for idx, block := range blocks {
+		if len(block.Labels) > 0 {
+			return protoreflect.Value{}, fmt.Errorf("repeated protobuf fields must not have HCL block labels")
+		}
+		elem := listVal.NewElement()
+		elemMsg := elem.Message()
+
+		err = u.decodeMessage(
+			&UnmarshalContext{
+				Parent:  ctx,
+				Name:    fmt.Sprintf("%s[%d]", u.FieldNamer.NameField(f), idx),
+				Message: elemMsg,
+				Range:   block.DefRange,
+			},
+			u.bodyDecoder(block.Body),
+			elemMsg,
+		)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		listVal.Append(elem)
+	}
+
+	return val, nil
+}
+
+func (u UnmarshalOptions) decodeBlocksToMessage(ctx *UnmarshalContext, blocks hcl.Blocks, msg protoreflect.Message, f protoreflect.FieldDescriptor) (protoreflect.Value, error) {
+	if len(blocks) > 1 {
+		return protoreflect.Value{}, fmt.Errorf("only one HCL block may be specified for a non-repeated protobuf Message")
+	}
+
+	val := msg.NewField(f)
+	valMsg := val.Message()
+
+	err := u.decodeMessage(
+		&UnmarshalContext{
+			Parent:  ctx,
+			Name:    blocks[0].Type,
+			Message: valMsg,
+			Range:   blocks[0].DefRange,
+		},
+		u.bodyDecoder(blocks[0].Body),
+		valMsg,
+	)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+
+	return val, nil
+}
diff --git a/internal/protohcl/cty.go b/internal/protohcl/cty.go
new file mode 100644
index 000000000000..2a0ec9ba24b3
--- /dev/null
+++ b/internal/protohcl/cty.go
@@ -0,0 +1,146 @@
+package protohcl
+
+import (
+	"encoding/base64"
+	"fmt"
+
+	"github.com/zclconf/go-cty/cty"
+	"github.com/zclconf/go-cty/cty/gocty"
+)
+
+func boolFromCty(val cty.Value) (bool, error) {
+	if val.Type() != cty.Bool {
+		return false, fmt.Errorf("expected value of type %s but actual type is %s", cty.Bool.FriendlyName(), val.Type().FriendlyName())
+	}
+
+	if val.IsNull() {
+		return false, nil
+	}
+
+	return val.True(), nil
+}
+
+func int32FromCty(val cty.Value) (int32, error) {
+	if val.Type() != cty.Number {
+		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
+	}
+
+	if val.IsNull() {
+		return 0, nil
+	}
+
+	var goVal int32
+	if err := gocty.FromCtyValue(val, &goVal); err != nil {
+		return 0, fmt.Errorf("error converting cty value of type %s to int32: %w", val.Type().FriendlyName(), err)
+	}
+	return goVal, nil
+}
+
+func uint32FromCty(val cty.Value) (uint32, error) {
+	if val.Type() != cty.Number {
+		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
+	}
+
+	if val.IsNull() {
+		return 0, nil
+	}
+
+	var goVal uint32
+	if err := gocty.FromCtyValue(val, &goVal); err != nil {
+		return 0, fmt.Errorf("error converting cty value of type %s to uint32: %w", val.Type().FriendlyName(), err)
+	}
+	return goVal, nil
+}
+
+func int64FromCty(val cty.Value) (int64, error) {
+	if val.Type() != cty.Number {
+		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
+	}
+
+	if val.IsNull() {
+		return 0, nil
+	}
+
+	var goVal int64
+	if err := gocty.FromCtyValue(val, &goVal); err != nil {
+		return 0, fmt.Errorf("error converting cty value of type %s to int64: %w", val.Type().FriendlyName(), err)
+	}
+	return goVal, nil
+}
+
+func uint64FromCty(val cty.Value) (uint64, error) {
+	if val.Type() != cty.Number {
+		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
+	}
+
+	if val.IsNull() {
+		return 0, nil
+	}
+
+	var goVal uint64
+	if err := gocty.FromCtyValue(val, &goVal); err != nil {
+		return 0, fmt.Errorf("error converting cty value of type %s to uint64: %w", val.Type().FriendlyName(), err)
+	}
+	return goVal, nil
+}
+
+func floatFromCty(val cty.Value) (float32, error) {
+	if val.Type() != cty.Number {
+		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
+	}
+
+	if val.IsNull() {
+		return 0, nil
+	}
+
+	var goVal float32
+	if err := gocty.FromCtyValue(val, &goVal); err != nil {
+		return 0, fmt.Errorf("error converting cty value of type %s to float32: %w", val.Type().FriendlyName(), err)
+	}
+	return goVal, nil
+}
+
+func doubleFromCty(val cty.Value) (float64, error) {
+	if val.Type() != cty.Number {
+		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
+	}
+
+	if val.IsNull() {
+		return 0, nil
+	}
+
+	var goVal float64
+	if err := gocty.FromCtyValue(val, &goVal); err != nil {
+		return 0, fmt.Errorf("error converting cty value of type %s to float64: %w", val.Type().FriendlyName(), err)
+	}
+	return goVal, nil
+}
+
+func stringFromCty(val cty.Value) (string, error) {
+	if val.Type() != cty.String {
+		return "", fmt.Errorf("expected value of type %s but actual type is %s", cty.String.FriendlyName(), val.Type().FriendlyName())
+	}
+
+	if val.IsNull() {
+		return "", nil
+	}
+	return val.AsString(), nil
+}
+
+func bytesFromCty(val cty.Value) ([]byte, error) {
+	if val.Type() != cty.String {
+		return nil, fmt.Errorf("expected value of type %s but actual type is %s", cty.String.FriendlyName(), val.Type().FriendlyName())
+	}
+
+	if val.IsNull() {
+		return nil, nil
+	}
+
+	encoded := val.AsString()
+	decoded, err := base64.StdEncoding.DecodeString(encoded)
+	if err != nil {
+		return nil, fmt.Errorf("error base64 decoding byte string: %w", err)
+	}
+
+	return decoded, nil
+}
diff --git a/internal/protohcl/decoder.go b/internal/protohcl/decoder.go
new file mode 100644
index 000000000000..23735acd717b
--- /dev/null
+++ b/internal/protohcl/decoder.go
@@ -0,0 +1,284 @@
+package protohcl
+
+import (
+	"fmt"
+	"sort"
+
+	"github.com/hashicorp/hcl/v2"
+	"github.com/zclconf/go-cty/cty"
+	"github.com/zclconf/go-cty/cty/function"
+	"google.golang.org/protobuf/reflect/protoreflect"
+)
+
+// MessageDecoder provides an abstract way to decode protobuf messages from HCL
+// blocks or objects.
+type MessageDecoder interface {
+	// EachField calls the given iterator for each field provided in the HCL source.
+	EachField(iter FieldIterator) error
+
+	// SkipFields returns a MessageDecoder that skips over the given fields. It is
+	// primarily used for doing two-pass decoding of protobuf `Any` fields.
+	SkipFields(fields ...string) MessageDecoder
+}
+
+// IterField represents a field discovered by the MessageDecoder.
+type IterField struct {
+	// Name is the HCL name of the field.
+	Name string
+
+	// Desc is the protobuf field descriptor.
+	Desc protoreflect.FieldDescriptor
+
+	// Val is the field value, only if it was given using HCL attribute syntax.
+	Val *cty.Value
+
+	// Blocks contains the HCL blocks that were given for this field.
+	Blocks []*hcl.Block
+
+	// Range determines where in the HCL source the field was given, it is useful
+	// for error messages.
+	Range hcl.Range
+}
+
+// FieldIterator is given to MessageDecoder.EachField to iterate over all of the
+// fields in a given HCL block or object.
+type FieldIterator struct {
+	// IgnoreUnknown instructs the MessageDecoder to skip over any fields not
+	// included in Desc.
+	IgnoreUnknown bool
+
+	// Desc is the protobuf descriptor for the message the caller is decoding into.
+	// It is used to determine which fields are valid.
+	Desc protoreflect.MessageDescriptor
+
+	// Func is called for each field in the given HCL block or object.
+	Func func(field *IterField) error
+}
+
+func newBodyDecoder(
+	body hcl.Body,
+	namer FieldNamer,
+	functions map[string]function.Function,
+) MessageDecoder {
+	return bodyDecoder{
+		body:       body,
+		namer:      namer,
+		functions:  functions,
+		skipFields: make(map[string]struct{}),
+	}
+}
+
+type bodyDecoder struct {
+	body       hcl.Body
+	namer      FieldNamer
+	functions  map[string]function.Function
+	skipFields map[string]struct{}
+}
+
+func (bd bodyDecoder) EachField(iter FieldIterator) error {
+	schema, err := bd.schema(iter.Desc)
+	if err != nil {
+		return err
+	}
+
+	var (
+		content *hcl.BodyContent
+		diags   hcl.Diagnostics
+	)
+	if iter.IgnoreUnknown {
+		content, _, diags = bd.body.PartialContent(schema)
+	} else {
+		content, diags = bd.body.Content(schema)
+	}
+	if diags.HasErrors() {
+		return diags
+	}
+
+	fields := make([]*IterField, 0)
+
+	for _, attr := range content.Attributes {
+		if _, ok := bd.skipFields[attr.Name]; ok {
+			continue
+		}
+
+		desc := bd.namer.GetField(iter.Desc.Fields(), attr.Name)
+
+		val, err := attr.Expr.Value(&hcl.EvalContext{Functions: bd.functions})
+		if err != nil {
+			return err
+		}
+
+		fields = append(fields, &IterField{
+			Name:  attr.Name,
+			Desc:  desc,
+			Val:   &val,
+			Range: attr.Expr.Range(),
+		})
+	}
+
+	for blockType, blocks := range content.Blocks.ByType() {
+		if _, ok := bd.skipFields[blockType]; ok {
+			continue
+		}
+
+		desc := bd.namer.GetField(iter.Desc.Fields(), blockType)
+
+		fields = append(fields, &IterField{
+			Name:   blockType,
+			Desc:   desc,
+			Blocks: blocks,
+		})
+	}
+
+	// Always handle Any fields last, as decoding them may require type information
+	// gathered from other fields (e.g. as in the case of Resource GVKs).
+	sort.Slice(fields, func(a, b int) bool {
+		if isAnyField(fields[b].Desc) && !isAnyField(fields[a].Desc) {
+			return true
+		}
+		return a < b
+	})
+
+	for _, field := range fields {
+		if err := iter.Func(field); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (bd bodyDecoder) SkipFields(fields ...string) MessageDecoder {
+	skip := make(map[string]struct{}, len(fields)+len(bd.skipFields))
+	for k, v := range bd.skipFields {
+		skip[k] = v
+	}
+	for _, field := range fields {
+		skip[field] = struct{}{}
+	}
+
+	// Note: we rely on the fact bd isn't a pointer to copy the struct here.
+	bd.skipFields = skip
+	return bd
+}
+
+func (bd bodyDecoder) schema(desc protoreflect.MessageDescriptor) (*hcl.BodySchema, error) {
+	var schema hcl.BodySchema
+
+	fields := desc.Fields()
+	for i := 0; i < fields.Len(); i++ {
+		f := fields.Get(i)
+
+		kind := f.Kind()
+		// maps are special and whether they use block or attribute syntax depends
+		// on the value type
+		if f.IsMap() {
+			valueDesc := f.MapValue()
+			valueKind := valueDesc.Kind()
+
+			wktHint := wellKnownTypeSchemaHint(valueDesc)
+
+			// Message types should generally be encoded as blocks unless its a special Well Known Type
+			// that should use attribute encoding
+			if valueKind == protoreflect.MessageKind && wktHint != wellKnownAttribute {
+				schema.Blocks = append(schema.Blocks, hcl.BlockHeaderSchema{
+					Type:       bd.namer.NameField(f),
+					LabelNames: []string{"key"},
+				})
+				continue
+			}
+
+			// non-message types or Well Known Message types that need attribute encoding
+			// get decoded as attributes
+			schema.Attributes = append(schema.Attributes, hcl.AttributeSchema{
+				Name: bd.namer.NameField(f),
+			})
+			continue
+		}
+
+		wktHint := wellKnownTypeSchemaHint(f)
+
+		// message types generally will use block syntax unless its a well known
+		// message type that requires attribute syntax specifically.
+		if kind == protoreflect.MessageKind && wktHint != wellKnownAttribute {
+			schema.Blocks = append(schema.Blocks, hcl.BlockHeaderSchema{
+				Type: bd.namer.NameField(f),
+			})
+		}
+
+		// by default use attribute encoding
+		// - primitives
+		// - repeated primitives
+		// - Well Known Types requiring attribute syntax
+		// - repeated Well Known Types requiring attribute syntax
+		schema.Attributes = append(schema.Attributes, hcl.AttributeSchema{
+			Name: bd.namer.NameField(f),
+		})
+		continue
+	}
+
+	// Add skipped fields to the schema so HCL doesn't throw an error when it finds them.
+	for field := range bd.skipFields {
+		schema.Attributes = append(schema.Attributes, hcl.AttributeSchema{Name: field})
+		schema.Blocks = append(schema.Blocks, hcl.BlockHeaderSchema{Type: field})
+	}
+
+	return &schema, nil
+}
+
+func newObjectDecoder(object cty.Value, namer FieldNamer, rng hcl.Range) MessageDecoder {
+	return objectDecoder{
+		object:     object,
+		namer:      namer,
+		rng:        rng,
+		skipFields: make(map[string]struct{}),
+	}
+}
+
+type objectDecoder struct {
+	object     cty.Value
+	namer      FieldNamer
+	rng        hcl.Range
+	skipFields map[string]struct{}
+}
+
+func (od objectDecoder) EachField(iter FieldIterator) error {
+	for attr := range od.object.Type().AttributeTypes() {
+		if _, ok := od.skipFields[attr]; ok {
+			continue
+		}
+
+		desc := od.namer.GetField(iter.Desc.Fields(), attr)
+		if desc == nil {
+			if iter.IgnoreUnknown {
+				continue
+			} else {
+				return fmt.Errorf("%s: Unsupported argument; An argument named %q is not expected here.", od.rng, attr)
+			}
+		}
+
+		val := od.object.GetAttr(attr)
+		if err := iter.Func(&IterField{
+			Name: attr,
+			Desc: desc,
+			Val:  &val,
+		}); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (od objectDecoder) SkipFields(fields ...string) MessageDecoder {
+	skip := make(map[string]struct{}, len(fields)+len(od.skipFields))
+	for k, v := range od.skipFields {
+		skip[k] = v
+	}
+	for _, field := range fields {
+		skip[field] = struct{}{}
+	}
+
+	// Note: we rely on the fact od isn't a pointer to copy the struct here.
+	od.skipFields = skip
+	return od
+}
diff --git a/internal/protohcl/doc.go b/internal/protohcl/doc.go
new file mode 100644
index 000000000000..aef25a109e4c
--- /dev/null
+++ b/internal/protohcl/doc.go
@@ -0,0 +1,76 @@
+// The protohcl package aims to define a canonical way to translate between
+// protobuf and HCL encodings of data.
+//
+// Similar to google.golang.org/protobuf/encoding/protojson it intends to be
+// opinionated about what the canonical HCL representation of a protobuf type
+// should be.
+//
+// As HCL is a user centric data format as opposed to JSON/Protobuf which
+// are intended to be used more by machines, efficiency is not a primary goal
+// of this package as it is expected that users are either doing the encoding to and
+// decoding from HCL at the edge (such as within the Consul CLI) or that even
+// when done on servers, the rate that servers perform these translations should
+// be low enough to have any inefficiency produce a tangible performance impact.
+//
+// HCL has two different syntaxes that could be used to represent data: attribute and block
+//
+// This implementation chooses to represent primitive values, enums and the well known wrapper types and
+// collections of these values (maps and repeated fields) with attribute syntax. Other messages and collections
+// with message value types will be represented with block syntax for example
+//
+// message Foo {
+//    map<string, int32> map_of_ints = 1;
+//	   map<string, OtherMessage> map_of_messages = 2;
+// }
+//
+// would have HCL like:
+//
+// map_of_ints = {
+//    "foo": 1,
+//    "bar": 2,
+// }
+// map_of_messages "foo" {
+//    ...other fields
+// }
+// map_of_messages "bar" {
+//    ...other fields
+// }
+//
+// Similar goes for list of primitives vs list of messages (except the block syntax uses no labels). The differences
+// between primitive fields outside of a collection and a message field really just amounts to not having to specify
+// the "=" between the field name and the "{" character.
+//
+// Field Mapping
+// | proto3                 | HCL Type      | example | notes                                                                           |
+// |------------------------+---------------+---------+---------------------------------------------------------------------------------+
+// | message                | Object        |         | Represented as a block                                                          |
+// | enum                   | String        |         |                                                                                 |
+// | map<K,V>               | Map           |         | All keys are converted to/from strings.                                         |
+// | repeated V             | List          |         |                                                                                 |
+// | bool                   | Bool          |         |                                                                                 |
+// | string                 | String        |         |                                                                                 |
+// | bytes                  | base64 String |         |                                                                                 |
+// | int32, fixed32, uint32 | Number        |         |                                                                                 |
+// | int64, fixed64, uint64 | Number        |         |                                                                                 |
+// | float, double          | Number        |         |                                                                                 |
+//
+// ----- Well Known Types -----
+//
+// | Any                    | Object        |         |                                                                                 |
+// | Timestamp              | String        |         | RFC 3339 compliant                                                              |
+// | Duration               | String        |         | String form is what would be accepted by time.ParseDuration                     |
+// | Struct                 | Map           |         |                                                                                 |
+// | Empty                  | Object        |         | An object with no fields                                                        |
+// | BoolValue              | Bool          |         | Mostly the same as a regular bool except null values in the HCL are preserved   |
+// | BytesValue             | Bytes         |         | Mostly the same as a regular bytes except null values in the HCL are preserved  |
+// | StringValue            | String        |         | Mostly the same as a regular string except null values in the HCL are preserved |
+// | FloatValue             | Number        |         | Mostly the same as a regular float except null values in the HCL are preserved  |
+// | DoubleValue            | Number        |         | Mostly the same as a regular double except null values in the HCL are preserved |
+// | Int32Value             | Number        |         | Mostly the same as a regular int32 except null values in the HCL are preserved  |
+// | UInt32Value            | Number        |         | Mostly the same as a regular uint32 except null values in the HCL are preserved |
+// | Int64Value             | Number        |         | Mostly the same as a regular int64 except null values in the HCL are preserved  |
+// | UInt64Value            | Number        |         | Mostly the same as a regular uint64 except null values in the HCL are preserved |
+// | FieldMask              | String        |         | Each string of the FieldMask will be joined with a '.'                          |
+//
+
+package protohcl
diff --git a/internal/protohcl/naming.go b/internal/protohcl/naming.go
new file mode 100644
index 000000000000..14f83f1f4860
--- /dev/null
+++ b/internal/protohcl/naming.go
@@ -0,0 +1,18 @@
+package protohcl
+
+import "google.golang.org/protobuf/reflect/protoreflect"
+
+type FieldNamer interface {
+	NameField(protoreflect.FieldDescriptor) string
+	GetField(protoreflect.FieldDescriptors, string) protoreflect.FieldDescriptor
+}
+
+type textFieldNamer struct{}
+
+func (textFieldNamer) NameField(fd protoreflect.FieldDescriptor) string {
+	return fd.TextName()
+}
+
+func (textFieldNamer) GetField(fds protoreflect.FieldDescriptors, name string) protoreflect.FieldDescriptor {
+	return fds.ByTextName(name)
+}
diff --git a/internal/protohcl/oneof.go b/internal/protohcl/oneof.go
new file mode 100644
index 000000000000..798c3a78d64f
--- /dev/null
+++ b/internal/protohcl/oneof.go
@@ -0,0 +1,51 @@
+package protohcl
+
+import (
+	"fmt"
+	"strings"
+
+	"google.golang.org/protobuf/reflect/protoreflect"
+)
+
+type oneOfTracker struct {
+	namer FieldNamer
+	set   map[protoreflect.FullName]string
+}
+
+func newOneOfTracker(namer FieldNamer) *oneOfTracker {
+	return &oneOfTracker{
+		namer: namer,
+		set:   make(map[protoreflect.FullName]string),
+	}
+}
+
+func (o *oneOfTracker) markFieldAsSet(desc protoreflect.FieldDescriptor) error {
+	oneof := desc.ContainingOneof()
+	if oneof == nil {
+		return nil
+	}
+
+	oneOfName := oneof.FullName()
+
+	if otherFieldName, ok := o.set[oneOfName]; ok {
+		oneOfFields := oneof.Fields()
+		var builder strings.Builder
+
+		for i := 0; i < oneOfFields.Len(); i++ {
+			name := o.namer.NameField(oneOfFields.Get(i))
+
+			if i == oneOfFields.Len()-1 {
+				builder.WriteString(fmt.Sprintf("%q", name))
+			} else if i == oneOfFields.Len()-2 {
+				builder.WriteString(fmt.Sprintf("%q and ", name))
+			} else {
+				builder.WriteString(fmt.Sprintf("%q, ", name))
+			}
+		}
+
+		return fmt.Errorf("Cannot set %q because %q was previously set. Only one of %s may be set.", o.namer.NameField(desc), otherFieldName, builder.String())
+	}
+
+	o.set[oneOfName] = o.namer.NameField(desc)
+	return nil
+}
diff --git a/internal/protohcl/primitives.go b/internal/protohcl/primitives.go
new file mode 100644
index 000000000000..8d2f1c025056
--- /dev/null
+++ b/internal/protohcl/primitives.go
@@ -0,0 +1,138 @@
+package protohcl
+
+import (
+	"fmt"
+
+	"github.com/zclconf/go-cty/cty"
+	"google.golang.org/protobuf/reflect/protoreflect"
+)
+
+func decodeAttributeToPrimitive(desc protoreflect.FieldDescriptor, val cty.Value) (protoreflect.Value, error) {
+	switch kind := desc.Kind(); kind {
+	case protoreflect.BoolKind:
+		return protoBoolFromCty(val)
+	case protoreflect.EnumKind:
+		return protoEnumFromCty(desc, val)
+	case protoreflect.Int32Kind:
+		return protoInt32FromCty(val)
+	case protoreflect.Sint32Kind:
+		return protoInt32FromCty(val)
+	case protoreflect.Uint32Kind:
+		return protoUint32FromCty(val)
+	case protoreflect.Int64Kind:
+		return protoInt64FromCty(val)
+	case protoreflect.Sint64Kind:
+		return protoInt64FromCty(val)
+	case protoreflect.Uint64Kind:
+		return protoUint64FromCty(val)
+	case protoreflect.Sfixed32Kind:
+		return protoInt32FromCty(val)
+	case protoreflect.Fixed32Kind:
+		return protoUint32FromCty(val)
+	case protoreflect.FloatKind:
+		return protoFloatFromCty(val)
+	case protoreflect.Sfixed64Kind:
+		return protoInt64FromCty(val)
+	case protoreflect.Fixed64Kind:
+		return protoUint64FromCty(val)
+	case protoreflect.DoubleKind:
+		return protoDoubleFromCty(val)
+	case protoreflect.StringKind:
+		return protoStringFromCty(val)
+	case protoreflect.BytesKind:
+		return protoBytesFromCty(val)
+	default:
+		return protoreflect.Value{}, fmt.Errorf("unknown primitive protobuf kind: %q", kind.String())
+	}
+}
+
+func protoBoolFromCty(val cty.Value) (protoreflect.Value, error) {
+	goVal, err := boolFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoreflect.ValueOfBool(goVal), nil
+}
+
+func protoEnumFromCty(desc protoreflect.FieldDescriptor, val cty.Value) (protoreflect.Value, error) {
+	if val.Type() != cty.String {
+		return protoreflect.Value{}, fmt.Errorf("expected value of type %s but actual type is %s", cty.String.FriendlyName(), val.Type().FriendlyName())
+	}
+
+	if val.IsNull() {
+		defaultValDesc := desc.DefaultEnumValue()
+		return protoreflect.ValueOfEnum(defaultValDesc.Number()), nil
+	}
+
+	valDesc := desc.Enum().Values().ByName(protoreflect.Name(val.AsString()))
+	if valDesc == nil {
+		defaultValDesc := desc.DefaultEnumValue()
+		return protoreflect.ValueOfEnum(defaultValDesc.Number()), nil
+	}
+
+	return protoreflect.ValueOfEnum(valDesc.Number()), nil
+}
+
+func protoInt32FromCty(val cty.Value) (protoreflect.Value, error) {
+	goVal, err := int32FromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoreflect.ValueOfInt32(goVal), nil
+}
+
+func protoUint32FromCty(val cty.Value) (protoreflect.Value, error) {
+	goVal, err := uint32FromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoreflect.ValueOfUint32(goVal), nil
+}
+
+func protoInt64FromCty(val cty.Value) (protoreflect.Value, error) {
+	goVal, err := int64FromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoreflect.ValueOfInt64(goVal), nil
+}
+
+func protoUint64FromCty(val cty.Value) (protoreflect.Value, error) {
+	goVal, err := uint64FromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoreflect.ValueOfUint64(goVal), nil
+}
+
+func protoFloatFromCty(val cty.Value) (protoreflect.Value, error) {
+	goVal, err := floatFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoreflect.ValueOfFloat32(goVal), nil
+}
+
+func protoDoubleFromCty(val cty.Value) (protoreflect.Value, error) {
+	goVal, err := doubleFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoreflect.ValueOfFloat64(goVal), nil
+}
+
+func protoStringFromCty(val cty.Value) (protoreflect.Value, error) {
+	goVal, err := stringFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoreflect.ValueOfString(goVal), nil
+}
+
+func protoBytesFromCty(val cty.Value) (protoreflect.Value, error) {
+	goVal, err := bytesFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoreflect.ValueOfBytes(goVal), nil
+}
diff --git a/internal/protohcl/testproto/buf.gen.yaml b/internal/protohcl/testproto/buf.gen.yaml
new file mode 100644
index 000000000000..1adab9847c87
--- /dev/null
+++ b/internal/protohcl/testproto/buf.gen.yaml
@@ -0,0 +1,9 @@
+version: v1
+managed:
+  enabled: true
+  go_package_prefix:
+    default: github.com/hashicorp/consul/internal/protohcl/testproto
+plugins:
+  - name: go
+    out: .
+    opt: paths=source_relative
diff --git a/internal/protohcl/testproto/example.pb.go b/internal/protohcl/testproto/example.pb.go
new file mode 100644
index 000000000000..06aba98dab45
--- /dev/null
+++ b/internal/protohcl/testproto/example.pb.go
@@ -0,0 +1,994 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: example.proto
+
+package testproto
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	anypb "google.golang.org/protobuf/types/known/anypb"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
+	emptypb "google.golang.org/protobuf/types/known/emptypb"
+	structpb "google.golang.org/protobuf/types/known/structpb"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type Protocol int32
+
+const (
+	Protocol_PROTOCOL_UNSPECIFIED Protocol = 0
+	Protocol_PROTOCOL_TCP         Protocol = 1
+	Protocol_PROTOCOL_UDP         Protocol = 2
+)
+
+// Enum value maps for Protocol.
+var (
+	Protocol_name = map[int32]string{
+		0: "PROTOCOL_UNSPECIFIED",
+		1: "PROTOCOL_TCP",
+		2: "PROTOCOL_UDP",
+	}
+	Protocol_value = map[string]int32{
+		"PROTOCOL_UNSPECIFIED": 0,
+		"PROTOCOL_TCP":         1,
+		"PROTOCOL_UDP":         2,
+	}
+)
+
+func (x Protocol) Enum() *Protocol {
+	p := new(Protocol)
+	*p = x
+	return p
+}
+
+func (x Protocol) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Protocol) Descriptor() protoreflect.EnumDescriptor {
+	return file_example_proto_enumTypes[0].Descriptor()
+}
+
+func (Protocol) Type() protoreflect.EnumType {
+	return &file_example_proto_enumTypes[0]
+}
+
+func (x Protocol) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Protocol.Descriptor instead.
+func (Protocol) EnumDescriptor() ([]byte, []int) {
+	return file_example_proto_rawDescGZIP(), []int{0}
+}
+
+type Primitives struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	DoubleVal   float64 `protobuf:"fixed64,1,opt,name=double_val,json=doubleVal,proto3" json:"double_val,omitempty"`
+	FloatVal    float32 `protobuf:"fixed32,2,opt,name=float_val,json=floatVal,proto3" json:"float_val,omitempty"`
+	Int32Val    int32   `protobuf:"varint,3,opt,name=int32_val,json=int32Val,proto3" json:"int32_val,omitempty"`
+	Int64Val    int64   `protobuf:"varint,4,opt,name=int64_val,json=int64Val,proto3" json:"int64_val,omitempty"`
+	Uint32Val   uint32  `protobuf:"varint,5,opt,name=uint32_val,json=uint32Val,proto3" json:"uint32_val,omitempty"`
+	Uint64Val   uint64  `protobuf:"varint,6,opt,name=uint64_val,json=uint64Val,proto3" json:"uint64_val,omitempty"`
+	Sint32Val   int32   `protobuf:"zigzag32,7,opt,name=sint32_val,json=sint32Val,proto3" json:"sint32_val,omitempty"`
+	Sint64Val   int64   `protobuf:"zigzag64,8,opt,name=sint64_val,json=sint64Val,proto3" json:"sint64_val,omitempty"`
+	Fixed32Val  uint32  `protobuf:"fixed32,9,opt,name=fixed32_val,json=fixed32Val,proto3" json:"fixed32_val,omitempty"`
+	Fixed64Val  uint64  `protobuf:"fixed64,10,opt,name=fixed64_val,json=fixed64Val,proto3" json:"fixed64_val,omitempty"`
+	Sfixed32Val int32   `protobuf:"fixed32,11,opt,name=sfixed32_val,json=sfixed32Val,proto3" json:"sfixed32_val,omitempty"`
+	Sfixed64Val int64   `protobuf:"fixed64,12,opt,name=sfixed64_val,json=sfixed64Val,proto3" json:"sfixed64_val,omitempty"`
+	BoolVal     bool    `protobuf:"varint,13,opt,name=bool_val,json=boolVal,proto3" json:"bool_val,omitempty"`
+	StringVal   string  `protobuf:"bytes,14,opt,name=string_val,json=stringVal,proto3" json:"string_val,omitempty"`
+	ByteVal     []byte  `protobuf:"bytes,15,opt,name=byte_val,json=byteVal,proto3" json:"byte_val,omitempty"`
+}
+
+func (x *Primitives) Reset() {
+	*x = Primitives{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_example_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Primitives) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Primitives) ProtoMessage() {}
+
+func (x *Primitives) ProtoReflect() protoreflect.Message {
+	mi := &file_example_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Primitives.ProtoReflect.Descriptor instead.
+func (*Primitives) Descriptor() ([]byte, []int) {
+	return file_example_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Primitives) GetDoubleVal() float64 {
+	if x != nil {
+		return x.DoubleVal
+	}
+	return 0
+}
+
+func (x *Primitives) GetFloatVal() float32 {
+	if x != nil {
+		return x.FloatVal
+	}
+	return 0
+}
+
+func (x *Primitives) GetInt32Val() int32 {
+	if x != nil {
+		return x.Int32Val
+	}
+	return 0
+}
+
+func (x *Primitives) GetInt64Val() int64 {
+	if x != nil {
+		return x.Int64Val
+	}
+	return 0
+}
+
+func (x *Primitives) GetUint32Val() uint32 {
+	if x != nil {
+		return x.Uint32Val
+	}
+	return 0
+}
+
+func (x *Primitives) GetUint64Val() uint64 {
+	if x != nil {
+		return x.Uint64Val
+	}
+	return 0
+}
+
+func (x *Primitives) GetSint32Val() int32 {
+	if x != nil {
+		return x.Sint32Val
+	}
+	return 0
+}
+
+func (x *Primitives) GetSint64Val() int64 {
+	if x != nil {
+		return x.Sint64Val
+	}
+	return 0
+}
+
+func (x *Primitives) GetFixed32Val() uint32 {
+	if x != nil {
+		return x.Fixed32Val
+	}
+	return 0
+}
+
+func (x *Primitives) GetFixed64Val() uint64 {
+	if x != nil {
+		return x.Fixed64Val
+	}
+	return 0
+}
+
+func (x *Primitives) GetSfixed32Val() int32 {
+	if x != nil {
+		return x.Sfixed32Val
+	}
+	return 0
+}
+
+func (x *Primitives) GetSfixed64Val() int64 {
+	if x != nil {
+		return x.Sfixed64Val
+	}
+	return 0
+}
+
+func (x *Primitives) GetBoolVal() bool {
+	if x != nil {
+		return x.BoolVal
+	}
+	return false
+}
+
+func (x *Primitives) GetStringVal() string {
+	if x != nil {
+		return x.StringVal
+	}
+	return ""
+}
+
+func (x *Primitives) GetByteVal() []byte {
+	if x != nil {
+		return x.ByteVal
+	}
+	return nil
+}
+
+type NestedAndCollections struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Primitives     *Primitives            `protobuf:"bytes,1,opt,name=primitives,proto3" json:"primitives,omitempty"`
+	PrimitivesList []*Primitives          `protobuf:"bytes,2,rep,name=primitives_list,json=primitivesList,proto3" json:"primitives_list,omitempty"`
+	PrimitivesMap  map[string]*Primitives `protobuf:"bytes,3,rep,name=primitives_map,json=primitivesMap,proto3" json:"primitives_map,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	ProtocolMap    map[string]Protocol    `protobuf:"bytes,4,rep,name=protocol_map,json=protocolMap,proto3" json:"protocol_map,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3,enum=hashicorp.consul.internal.protohcl.testproto.Protocol"`
+	IntList        []int32                `protobuf:"varint,5,rep,packed,name=int_list,json=intList,proto3" json:"int_list,omitempty"`
+}
+
+func (x *NestedAndCollections) Reset() {
+	*x = NestedAndCollections{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_example_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NestedAndCollections) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NestedAndCollections) ProtoMessage() {}
+
+func (x *NestedAndCollections) ProtoReflect() protoreflect.Message {
+	mi := &file_example_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NestedAndCollections.ProtoReflect.Descriptor instead.
+func (*NestedAndCollections) Descriptor() ([]byte, []int) {
+	return file_example_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *NestedAndCollections) GetPrimitives() *Primitives {
+	if x != nil {
+		return x.Primitives
+	}
+	return nil
+}
+
+func (x *NestedAndCollections) GetPrimitivesList() []*Primitives {
+	if x != nil {
+		return x.PrimitivesList
+	}
+	return nil
+}
+
+func (x *NestedAndCollections) GetPrimitivesMap() map[string]*Primitives {
+	if x != nil {
+		return x.PrimitivesMap
+	}
+	return nil
+}
+
+func (x *NestedAndCollections) GetProtocolMap() map[string]Protocol {
+	if x != nil {
+		return x.ProtocolMap
+	}
+	return nil
+}
+
+func (x *NestedAndCollections) GetIntList() []int32 {
+	if x != nil {
+		return x.IntList
+	}
+	return nil
+}
+
+type Wrappers struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	DoubleVal *wrapperspb.DoubleValue `protobuf:"bytes,1,opt,name=double_val,json=doubleVal,proto3" json:"double_val,omitempty"`
+	FloatVal  *wrapperspb.FloatValue  `protobuf:"bytes,2,opt,name=float_val,json=floatVal,proto3" json:"float_val,omitempty"`
+	Int32Val  *wrapperspb.Int32Value  `protobuf:"bytes,3,opt,name=int32_val,json=int32Val,proto3" json:"int32_val,omitempty"`
+	Int64Val  *wrapperspb.Int64Value  `protobuf:"bytes,4,opt,name=int64_val,json=int64Val,proto3" json:"int64_val,omitempty"`
+	Uint32Val *wrapperspb.UInt32Value `protobuf:"bytes,5,opt,name=uint32_val,json=uint32Val,proto3" json:"uint32_val,omitempty"`
+	Uint64Val *wrapperspb.UInt64Value `protobuf:"bytes,6,opt,name=uint64_val,json=uint64Val,proto3" json:"uint64_val,omitempty"`
+	BoolVal   *wrapperspb.BoolValue   `protobuf:"bytes,13,opt,name=bool_val,json=boolVal,proto3" json:"bool_val,omitempty"`
+	StringVal *wrapperspb.StringValue `protobuf:"bytes,14,opt,name=string_val,json=stringVal,proto3" json:"string_val,omitempty"`
+	BytesVal  *wrapperspb.BytesValue  `protobuf:"bytes,15,opt,name=bytes_val,json=bytesVal,proto3" json:"bytes_val,omitempty"`
+}
+
+func (x *Wrappers) Reset() {
+	*x = Wrappers{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_example_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Wrappers) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Wrappers) ProtoMessage() {}
+
+func (x *Wrappers) ProtoReflect() protoreflect.Message {
+	mi := &file_example_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Wrappers.ProtoReflect.Descriptor instead.
+func (*Wrappers) Descriptor() ([]byte, []int) {
+	return file_example_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Wrappers) GetDoubleVal() *wrapperspb.DoubleValue {
+	if x != nil {
+		return x.DoubleVal
+	}
+	return nil
+}
+
+func (x *Wrappers) GetFloatVal() *wrapperspb.FloatValue {
+	if x != nil {
+		return x.FloatVal
+	}
+	return nil
+}
+
+func (x *Wrappers) GetInt32Val() *wrapperspb.Int32Value {
+	if x != nil {
+		return x.Int32Val
+	}
+	return nil
+}
+
+func (x *Wrappers) GetInt64Val() *wrapperspb.Int64Value {
+	if x != nil {
+		return x.Int64Val
+	}
+	return nil
+}
+
+func (x *Wrappers) GetUint32Val() *wrapperspb.UInt32Value {
+	if x != nil {
+		return x.Uint32Val
+	}
+	return nil
+}
+
+func (x *Wrappers) GetUint64Val() *wrapperspb.UInt64Value {
+	if x != nil {
+		return x.Uint64Val
+	}
+	return nil
+}
+
+func (x *Wrappers) GetBoolVal() *wrapperspb.BoolValue {
+	if x != nil {
+		return x.BoolVal
+	}
+	return nil
+}
+
+func (x *Wrappers) GetStringVal() *wrapperspb.StringValue {
+	if x != nil {
+		return x.StringVal
+	}
+	return nil
+}
+
+func (x *Wrappers) GetBytesVal() *wrapperspb.BytesValue {
+	if x != nil {
+		return x.BytesVal
+	}
+	return nil
+}
+
+type OneOf struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Data:
+	//
+	//	*OneOf_Int32Val
+	//	*OneOf_Primitives
+	Data isOneOf_Data `protobuf_oneof:"data"`
+}
+
+func (x *OneOf) Reset() {
+	*x = OneOf{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_example_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OneOf) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OneOf) ProtoMessage() {}
+
+func (x *OneOf) ProtoReflect() protoreflect.Message {
+	mi := &file_example_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OneOf.ProtoReflect.Descriptor instead.
+func (*OneOf) Descriptor() ([]byte, []int) {
+	return file_example_proto_rawDescGZIP(), []int{3}
+}
+
+func (m *OneOf) GetData() isOneOf_Data {
+	if m != nil {
+		return m.Data
+	}
+	return nil
+}
+
+func (x *OneOf) GetInt32Val() int32 {
+	if x, ok := x.GetData().(*OneOf_Int32Val); ok {
+		return x.Int32Val
+	}
+	return 0
+}
+
+func (x *OneOf) GetPrimitives() *Primitives {
+	if x, ok := x.GetData().(*OneOf_Primitives); ok {
+		return x.Primitives
+	}
+	return nil
+}
+
+type isOneOf_Data interface {
+	isOneOf_Data()
+}
+
+type OneOf_Int32Val struct {
+	Int32Val int32 `protobuf:"varint,1,opt,name=int32_val,json=int32Val,proto3,oneof"`
+}
+
+type OneOf_Primitives struct {
+	Primitives *Primitives `protobuf:"bytes,2,opt,name=primitives,proto3,oneof"` // note repeated fields (including maps) are not allowed in oneofs
+}
+
+func (*OneOf_Int32Val) isOneOf_Data() {}
+
+func (*OneOf_Primitives) isOneOf_Data() {}
+
+type NonDynamicWellKnown struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	EmptyVal     *emptypb.Empty         `protobuf:"bytes,1,opt,name=empty_val,json=emptyVal,proto3" json:"empty_val,omitempty"`
+	TimestampVal *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=timestamp_val,json=timestampVal,proto3" json:"timestamp_val,omitempty"`
+	DurationVal  *durationpb.Duration   `protobuf:"bytes,3,opt,name=duration_val,json=durationVal,proto3" json:"duration_val,omitempty"`
+}
+
+func (x *NonDynamicWellKnown) Reset() {
+	*x = NonDynamicWellKnown{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_example_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NonDynamicWellKnown) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NonDynamicWellKnown) ProtoMessage() {}
+
+func (x *NonDynamicWellKnown) ProtoReflect() protoreflect.Message {
+	mi := &file_example_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NonDynamicWellKnown.ProtoReflect.Descriptor instead.
+func (*NonDynamicWellKnown) Descriptor() ([]byte, []int) {
+	return file_example_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *NonDynamicWellKnown) GetEmptyVal() *emptypb.Empty {
+	if x != nil {
+		return x.EmptyVal
+	}
+	return nil
+}
+
+func (x *NonDynamicWellKnown) GetTimestampVal() *timestamppb.Timestamp {
+	if x != nil {
+		return x.TimestampVal
+	}
+	return nil
+}
+
+func (x *NonDynamicWellKnown) GetDurationVal() *durationpb.Duration {
+	if x != nil {
+		return x.DurationVal
+	}
+	return nil
+}
+
+type DynamicWellKnown struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AnyVal    *anypb.Any       `protobuf:"bytes,1,opt,name=any_val,json=anyVal,proto3" json:"any_val,omitempty"`
+	StructVal *structpb.Struct `protobuf:"bytes,2,opt,name=struct_val,json=structVal,proto3" json:"struct_val,omitempty"`
+	AnyList   []*anypb.Any     `protobuf:"bytes,3,rep,name=any_list,json=anyList,proto3" json:"any_list,omitempty"`
+}
+
+func (x *DynamicWellKnown) Reset() {
+	*x = DynamicWellKnown{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_example_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DynamicWellKnown) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DynamicWellKnown) ProtoMessage() {}
+
+func (x *DynamicWellKnown) ProtoReflect() protoreflect.Message {
+	mi := &file_example_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DynamicWellKnown.ProtoReflect.Descriptor instead.
+func (*DynamicWellKnown) Descriptor() ([]byte, []int) {
+	return file_example_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *DynamicWellKnown) GetAnyVal() *anypb.Any {
+	if x != nil {
+		return x.AnyVal
+	}
+	return nil
+}
+
+func (x *DynamicWellKnown) GetStructVal() *structpb.Struct {
+	if x != nil {
+		return x.StructVal
+	}
+	return nil
+}
+
+func (x *DynamicWellKnown) GetAnyList() []*anypb.Any {
+	if x != nil {
+		return x.AnyList
+	}
+	return nil
+}
+
+var File_example_proto protoreflect.FileDescriptor
+
+var file_example_proto_rawDesc = []byte{
+	0x0a, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x2c, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65,
+	0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61,
+	0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x22, 0xdb, 0x03, 0x0a, 0x0a, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69,
+	0x76, 0x65, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61,
+	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56,
+	0x61, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x08, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x56, 0x61, 0x6c, 0x12,
+	0x1b, 0x0a, 0x09, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x05, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x1b, 0x0a, 0x09,
+	0x69, 0x6e, 0x74, 0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52,
+	0x08, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x69, 0x6e,
+	0x74, 0x33, 0x32, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x75,
+	0x69, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x69, 0x6e, 0x74,
+	0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x75, 0x69,
+	0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x69, 0x6e, 0x74, 0x33,
+	0x32, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x11, 0x52, 0x09, 0x73, 0x69, 0x6e,
+	0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x69, 0x6e, 0x74, 0x36, 0x34,
+	0x5f, 0x76, 0x61, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x12, 0x52, 0x09, 0x73, 0x69, 0x6e, 0x74,
+	0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x69, 0x78, 0x65, 0x64, 0x33, 0x32,
+	0x5f, 0x76, 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x07, 0x52, 0x0a, 0x66, 0x69, 0x78, 0x65,
+	0x64, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x69, 0x78, 0x65, 0x64, 0x36,
+	0x34, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x06, 0x52, 0x0a, 0x66, 0x69, 0x78,
+	0x65, 0x64, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x66, 0x69, 0x78, 0x65,
+	0x64, 0x33, 0x32, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0f, 0x52, 0x0b, 0x73,
+	0x66, 0x69, 0x78, 0x65, 0x64, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x66,
+	0x69, 0x78, 0x65, 0x64, 0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x10,
+	0x52, 0x0b, 0x73, 0x66, 0x69, 0x78, 0x65, 0x64, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x19, 0x0a,
+	0x08, 0x62, 0x6f, 0x6f, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x07, 0x62, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x72, 0x69,
+	0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74,
+	0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x79, 0x74, 0x65, 0x5f,
+	0x76, 0x61, 0x6c, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x62, 0x79, 0x74, 0x65, 0x56,
+	0x61, 0x6c, 0x22, 0xd8, 0x05, 0x0a, 0x14, 0x4e, 0x65, 0x73, 0x74, 0x65, 0x64, 0x41, 0x6e, 0x64,
+	0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x0a, 0x70,
+	0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x50,
+	0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6d, 0x69,
+	0x74, 0x69, 0x76, 0x65, 0x73, 0x12, 0x61, 0x0a, 0x0f, 0x70, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69,
+	0x76, 0x65, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x50, 0x72,
+	0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x52, 0x0e, 0x70, 0x72, 0x69, 0x6d, 0x69, 0x74,
+	0x69, 0x76, 0x65, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x7c, 0x0a, 0x0e, 0x70, 0x72, 0x69, 0x6d,
+	0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x55, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x4e, 0x65, 0x73, 0x74, 0x65, 0x64, 0x41, 0x6e, 0x64, 0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x4d,
+	0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, 0x70, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69,
+	0x76, 0x65, 0x73, 0x4d, 0x61, 0x70, 0x12, 0x76, 0x0a, 0x0c, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63,
+	0x6f, 0x6c, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x53, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63,
+	0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4e, 0x65, 0x73, 0x74,
+	0x65, 0x64, 0x41, 0x6e, 0x64, 0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x4d, 0x61, 0x70, 0x12, 0x19,
+	0x0a, 0x08, 0x69, 0x6e, 0x74, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x05, 0x20, 0x03, 0x28, 0x05,
+	0x52, 0x07, 0x69, 0x6e, 0x74, 0x4c, 0x69, 0x73, 0x74, 0x1a, 0x7a, 0x0a, 0x12, 0x50, 0x72, 0x69,
+	0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
+	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
+	0x79, 0x12, 0x4e, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x76, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
+	0x6c, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x4c, 0x0a, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e,
+	0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
+	0x6f, 0x6c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x9d, 0x04,
+	0x0a, 0x08, 0x57, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x12, 0x3b, 0x0a, 0x0a, 0x64, 0x6f,
+	0x75, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x44, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x64, 0x6f,
+	0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x12, 0x38, 0x0a, 0x09, 0x66, 0x6c, 0x6f, 0x61, 0x74,
+	0x5f, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x6c, 0x6f,
+	0x61, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x56, 0x61,
+	0x6c, 0x12, 0x38, 0x0a, 0x09, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x38, 0x0a, 0x09, 0x69,
+	0x6e, 0x74, 0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x69, 0x6e, 0x74,
+	0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x3b, 0x0a, 0x0a, 0x75, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x5f,
+	0x76, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74,
+	0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x75, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x56,
+	0x61, 0x6c, 0x12, 0x3b, 0x0a, 0x0a, 0x75, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x75, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x12,
+	0x35, 0x0a, 0x08, 0x62, 0x6f, 0x6f, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x62,
+	0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x12, 0x3b, 0x0a, 0x0a, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67,
+	0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72,
+	0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67,
+	0x56, 0x61, 0x6c, 0x12, 0x38, 0x0a, 0x09, 0x62, 0x79, 0x74, 0x65, 0x73, 0x5f, 0x76, 0x61, 0x6c,
+	0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x79, 0x74, 0x65, 0x73, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x52, 0x08, 0x62, 0x79, 0x74, 0x65, 0x73, 0x56, 0x61, 0x6c, 0x22, 0x8a, 0x01,
+	0x0a, 0x05, 0x4f, 0x6e, 0x65, 0x4f, 0x66, 0x12, 0x1d, 0x0a, 0x09, 0x69, 0x6e, 0x74, 0x33, 0x32,
+	0x5f, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x48, 0x00, 0x52, 0x08, 0x69, 0x6e,
+	0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x5a, 0x0a, 0x0a, 0x70, 0x72, 0x69, 0x6d, 0x69, 0x74,
+	0x69, 0x76, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e,
+	0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74,
+	0x69, 0x76, 0x65, 0x73, 0x48, 0x00, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76,
+	0x65, 0x73, 0x42, 0x06, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0xc9, 0x01, 0x0a, 0x13, 0x4e,
+	0x6f, 0x6e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f,
+	0x77, 0x6e, 0x12, 0x33, 0x0a, 0x09, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x5f, 0x76, 0x61, 0x6c, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x52, 0x08, 0x65,
+	0x6d, 0x70, 0x74, 0x79, 0x56, 0x61, 0x6c, 0x12, 0x3f, 0x0a, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x73,
+	0x74, 0x61, 0x6d, 0x70, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x74, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x56, 0x61, 0x6c, 0x12, 0x3c, 0x0a, 0x0c, 0x64, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x64, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x22, 0xaa, 0x01, 0x0a, 0x10, 0x44, 0x79, 0x6e, 0x61, 0x6d,
+	0x69, 0x63, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x12, 0x2d, 0x0a, 0x07, 0x61,
+	0x6e, 0x79, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41,
+	0x6e, 0x79, 0x52, 0x06, 0x61, 0x6e, 0x79, 0x56, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x0a, 0x73, 0x74,
+	0x72, 0x75, 0x63, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x09, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x56,
+	0x61, 0x6c, 0x12, 0x2f, 0x0a, 0x08, 0x61, 0x6e, 0x79, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x03,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x61, 0x6e, 0x79, 0x4c,
+	0x69, 0x73, 0x74, 0x2a, 0x48, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12,
+	0x18, 0x0a, 0x14, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x55, 0x4e, 0x53, 0x50,
+	0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f,
+	0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x54, 0x43, 0x50, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x50,
+	0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x55, 0x44, 0x50, 0x10, 0x02, 0x42, 0xcf, 0x02,
+	0x0a, 0x30, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x42, 0x0c, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x50, 0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63,
+	0x6c, 0x2f, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0xa2, 0x02, 0x05, 0x48, 0x43,
+	0x49, 0x50, 0x54, 0xaa, 0x02, 0x2c, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e, 0x54, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0xca, 0x02, 0x2c, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x5c, 0x54, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0xe2, 0x02, 0x38, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x5c, 0x54, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x30, 0x48,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x68, 0x63, 0x6c, 0x3a, 0x3a, 0x54, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_example_proto_rawDescOnce sync.Once
+	file_example_proto_rawDescData = file_example_proto_rawDesc
+)
+
+func file_example_proto_rawDescGZIP() []byte {
+	file_example_proto_rawDescOnce.Do(func() {
+		file_example_proto_rawDescData = protoimpl.X.CompressGZIP(file_example_proto_rawDescData)
+	})
+	return file_example_proto_rawDescData
+}
+
+var file_example_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_example_proto_msgTypes = make([]protoimpl.MessageInfo, 8)
+var file_example_proto_goTypes = []interface{}{
+	(Protocol)(0),                  // 0: hashicorp.consul.internal.protohcl.testproto.Protocol
+	(*Primitives)(nil),             // 1: hashicorp.consul.internal.protohcl.testproto.Primitives
+	(*NestedAndCollections)(nil),   // 2: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections
+	(*Wrappers)(nil),               // 3: hashicorp.consul.internal.protohcl.testproto.Wrappers
+	(*OneOf)(nil),                  // 4: hashicorp.consul.internal.protohcl.testproto.OneOf
+	(*NonDynamicWellKnown)(nil),    // 5: hashicorp.consul.internal.protohcl.testproto.NonDynamicWellKnown
+	(*DynamicWellKnown)(nil),       // 6: hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown
+	nil,                            // 7: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.PrimitivesMapEntry
+	nil,                            // 8: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.ProtocolMapEntry
+	(*wrapperspb.DoubleValue)(nil), // 9: google.protobuf.DoubleValue
+	(*wrapperspb.FloatValue)(nil),  // 10: google.protobuf.FloatValue
+	(*wrapperspb.Int32Value)(nil),  // 11: google.protobuf.Int32Value
+	(*wrapperspb.Int64Value)(nil),  // 12: google.protobuf.Int64Value
+	(*wrapperspb.UInt32Value)(nil), // 13: google.protobuf.UInt32Value
+	(*wrapperspb.UInt64Value)(nil), // 14: google.protobuf.UInt64Value
+	(*wrapperspb.BoolValue)(nil),   // 15: google.protobuf.BoolValue
+	(*wrapperspb.StringValue)(nil), // 16: google.protobuf.StringValue
+	(*wrapperspb.BytesValue)(nil),  // 17: google.protobuf.BytesValue
+	(*emptypb.Empty)(nil),          // 18: google.protobuf.Empty
+	(*timestamppb.Timestamp)(nil),  // 19: google.protobuf.Timestamp
+	(*durationpb.Duration)(nil),    // 20: google.protobuf.Duration
+	(*anypb.Any)(nil),              // 21: google.protobuf.Any
+	(*structpb.Struct)(nil),        // 22: google.protobuf.Struct
+}
+var file_example_proto_depIdxs = []int32{
+	1,  // 0: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.primitives:type_name -> hashicorp.consul.internal.protohcl.testproto.Primitives
+	1,  // 1: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.primitives_list:type_name -> hashicorp.consul.internal.protohcl.testproto.Primitives
+	7,  // 2: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.primitives_map:type_name -> hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.PrimitivesMapEntry
+	8,  // 3: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.protocol_map:type_name -> hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.ProtocolMapEntry
+	9,  // 4: hashicorp.consul.internal.protohcl.testproto.Wrappers.double_val:type_name -> google.protobuf.DoubleValue
+	10, // 5: hashicorp.consul.internal.protohcl.testproto.Wrappers.float_val:type_name -> google.protobuf.FloatValue
+	11, // 6: hashicorp.consul.internal.protohcl.testproto.Wrappers.int32_val:type_name -> google.protobuf.Int32Value
+	12, // 7: hashicorp.consul.internal.protohcl.testproto.Wrappers.int64_val:type_name -> google.protobuf.Int64Value
+	13, // 8: hashicorp.consul.internal.protohcl.testproto.Wrappers.uint32_val:type_name -> google.protobuf.UInt32Value
+	14, // 9: hashicorp.consul.internal.protohcl.testproto.Wrappers.uint64_val:type_name -> google.protobuf.UInt64Value
+	15, // 10: hashicorp.consul.internal.protohcl.testproto.Wrappers.bool_val:type_name -> google.protobuf.BoolValue
+	16, // 11: hashicorp.consul.internal.protohcl.testproto.Wrappers.string_val:type_name -> google.protobuf.StringValue
+	17, // 12: hashicorp.consul.internal.protohcl.testproto.Wrappers.bytes_val:type_name -> google.protobuf.BytesValue
+	1,  // 13: hashicorp.consul.internal.protohcl.testproto.OneOf.primitives:type_name -> hashicorp.consul.internal.protohcl.testproto.Primitives
+	18, // 14: hashicorp.consul.internal.protohcl.testproto.NonDynamicWellKnown.empty_val:type_name -> google.protobuf.Empty
+	19, // 15: hashicorp.consul.internal.protohcl.testproto.NonDynamicWellKnown.timestamp_val:type_name -> google.protobuf.Timestamp
+	20, // 16: hashicorp.consul.internal.protohcl.testproto.NonDynamicWellKnown.duration_val:type_name -> google.protobuf.Duration
+	21, // 17: hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown.any_val:type_name -> google.protobuf.Any
+	22, // 18: hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown.struct_val:type_name -> google.protobuf.Struct
+	21, // 19: hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown.any_list:type_name -> google.protobuf.Any
+	1,  // 20: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.PrimitivesMapEntry.value:type_name -> hashicorp.consul.internal.protohcl.testproto.Primitives
+	0,  // 21: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.ProtocolMapEntry.value:type_name -> hashicorp.consul.internal.protohcl.testproto.Protocol
+	22, // [22:22] is the sub-list for method output_type
+	22, // [22:22] is the sub-list for method input_type
+	22, // [22:22] is the sub-list for extension type_name
+	22, // [22:22] is the sub-list for extension extendee
+	0,  // [0:22] is the sub-list for field type_name
+}
+
+func init() { file_example_proto_init() }
+func file_example_proto_init() {
+	if File_example_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_example_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Primitives); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_example_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NestedAndCollections); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_example_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Wrappers); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_example_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OneOf); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_example_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NonDynamicWellKnown); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_example_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DynamicWellKnown); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_example_proto_msgTypes[3].OneofWrappers = []interface{}{
+		(*OneOf_Int32Val)(nil),
+		(*OneOf_Primitives)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_example_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   8,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_example_proto_goTypes,
+		DependencyIndexes: file_example_proto_depIdxs,
+		EnumInfos:         file_example_proto_enumTypes,
+		MessageInfos:      file_example_proto_msgTypes,
+	}.Build()
+	File_example_proto = out.File
+	file_example_proto_rawDesc = nil
+	file_example_proto_goTypes = nil
+	file_example_proto_depIdxs = nil
+}
diff --git a/internal/protohcl/testproto/example.proto b/internal/protohcl/testproto/example.proto
new file mode 100644
index 000000000000..9a0633cd6050
--- /dev/null
+++ b/internal/protohcl/testproto/example.proto
@@ -0,0 +1,74 @@
+syntax = "proto3";
+
+package hashicorp.consul.internal.protohcl.testproto;
+
+import "google/protobuf/duration.proto";
+import "google/protobuf/empty.proto";
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/wrappers.proto";
+import "google/protobuf/any.proto";
+import "google/protobuf/struct.proto";
+
+message Primitives {
+  double double_val = 1;
+  float float_val = 2;
+  int32 int32_val = 3;
+  int64 int64_val = 4;
+  uint32 uint32_val = 5;
+  uint64 uint64_val = 6;
+  sint32 sint32_val = 7;
+  sint64 sint64_val = 8;
+  fixed32 fixed32_val = 9;
+  fixed64 fixed64_val = 10;
+  sfixed32 sfixed32_val = 11;
+  sfixed64 sfixed64_val = 12;
+  bool bool_val = 13;
+  string string_val = 14;
+  bytes byte_val = 15;
+}
+
+enum Protocol {
+  PROTOCOL_UNSPECIFIED = 0;
+  PROTOCOL_TCP = 1;
+  PROTOCOL_UDP = 2;
+}
+
+message NestedAndCollections {
+  Primitives primitives = 1;
+  repeated Primitives primitives_list = 2;
+  map<string, Primitives> primitives_map = 3;
+  map<string, Protocol> protocol_map = 4;
+  repeated int32 int_list = 5;
+}
+
+message Wrappers {
+  google.protobuf.DoubleValue double_val = 1;
+  google.protobuf.FloatValue float_val = 2;
+  google.protobuf.Int32Value int32_val = 3;
+  google.protobuf.Int64Value int64_val = 4;
+  google.protobuf.UInt32Value uint32_val = 5;
+  google.protobuf.UInt64Value uint64_val = 6;
+  google.protobuf.BoolValue bool_val = 13;
+  google.protobuf.StringValue string_val = 14;
+  google.protobuf.BytesValue bytes_val = 15;
+}
+
+message OneOf {
+  oneof data {
+    int32 int32_val = 1;
+    Primitives primitives = 2;
+    // note repeated fields (including maps) are not allowed in oneofs
+  }
+}
+
+message NonDynamicWellKnown {
+  google.protobuf.Empty empty_val = 1;
+  google.protobuf.Timestamp timestamp_val = 2;
+  google.protobuf.Duration duration_val = 3;
+}
+
+message DynamicWellKnown {
+  google.protobuf.Any any_val = 1;
+  google.protobuf.Struct struct_val = 2;
+  repeated google.protobuf.Any any_list = 3;
+}
diff --git a/internal/protohcl/unmarshal.go b/internal/protohcl/unmarshal.go
new file mode 100644
index 000000000000..5423651b3e02
--- /dev/null
+++ b/internal/protohcl/unmarshal.go
@@ -0,0 +1,134 @@
+package protohcl
+
+import (
+	"github.com/hashicorp/hcl/v2"
+	"github.com/hashicorp/hcl/v2/hclparse"
+	"github.com/zclconf/go-cty/cty/function"
+	"google.golang.org/protobuf/reflect/protoreflect"
+)
+
+// UnmarshalContext provides information about the context in which we are
+// unmarshalling HCL. It is primarily used for decoding Any fields based on
+// surrounding information (e.g. the resource Type block).
+type UnmarshalContext struct {
+	// Parent context.
+	Parent *UnmarshalContext
+
+	// Name of the field that we are unmarshalling.
+	Name string
+
+	// Message is the protobuf message that we are unmarshalling into (may be nil).
+	Message protoreflect.Message
+
+	// Range of where this field was in the HCL source.
+	Range hcl.Range
+}
+
+// ErrorRange returns a range that can be used in error messages.
+func (ctx *UnmarshalContext) ErrorRange() hcl.Range {
+	for {
+		if !ctx.Range.Empty() || ctx.Parent == nil {
+			return ctx.Range
+		}
+		ctx = ctx.Parent
+	}
+}
+
+func Unmarshal(src []byte, dest protoreflect.ProtoMessage) error {
+	return UnmarshalOptions{}.Unmarshal(src, dest)
+}
+
+type UnmarshalOptions struct {
+	AnyTypeProvider AnyTypeProvider
+	SourceFileName  string
+	FieldNamer      FieldNamer
+	Functions       map[string]function.Function
+}
+
+func (u UnmarshalOptions) Unmarshal(src []byte, dest protoreflect.ProtoMessage) error {
+	rmsg := dest.ProtoReflect()
+
+	file, diags := hclparse.NewParser().ParseHCL(src, u.SourceFileName)
+
+	// error performing basic HCL parsing
+	if diags.HasErrors() {
+		return diags
+	}
+
+	u.clearAll(rmsg)
+
+	if u.FieldNamer == nil {
+		u.FieldNamer = textFieldNamer{}
+	}
+
+	return u.decodeMessage(
+		&UnmarshalContext{Message: rmsg},
+		u.bodyDecoder(file.Body),
+		rmsg,
+	)
+}
+
+func (u UnmarshalOptions) bodyDecoder(body hcl.Body) MessageDecoder {
+	return newBodyDecoder(body, u.FieldNamer, u.Functions)
+}
+
+func (u UnmarshalOptions) decodeMessage(ctx *UnmarshalContext, decoder MessageDecoder, msg protoreflect.Message) error {
+	desc := msg.Descriptor()
+
+	if desc.FullName() == wellKnownTypeAny {
+		return u.decodeAny(ctx, decoder, msg)
+	}
+
+	tracker := newOneOfTracker(u.FieldNamer)
+
+	return decoder.EachField(FieldIterator{
+		Desc: desc,
+		Func: func(field *IterField) error {
+			if err := tracker.markFieldAsSet(field.Desc); err != nil {
+				return err
+			}
+
+			var (
+				protoVal protoreflect.Value
+				err      error
+			)
+			switch {
+			case field.Val != nil:
+				protoVal, err = u.decodeAttribute(
+					&UnmarshalContext{
+						Parent: ctx,
+						Name:   field.Name,
+						Range:  field.Range,
+					},
+					func() protoreflect.Value { return msg.NewField(field.Desc) },
+					field.Desc,
+					*field.Val,
+					true,
+				)
+			case len(field.Blocks) != 0:
+				protoVal, err = u.decodeBlocks(ctx, field.Blocks, msg, field.Desc)
+			default:
+				panic("decoder yielded no blocks or attributes")
+			}
+			if err != nil {
+				return err
+			}
+
+			if protoVal.IsValid() {
+				msg.Set(field.Desc, protoVal)
+			}
+
+			return nil
+		},
+	})
+}
+
+type newMessageFn func() protoreflect.Value
+
+func (u UnmarshalOptions) clearAll(msg protoreflect.Message) {
+	fields := msg.Descriptor().Fields()
+
+	for i := 0; i < fields.Len(); i++ {
+		msg.Clear(fields.Get(i))
+	}
+}
diff --git a/internal/protohcl/unmarshal_test.go b/internal/protohcl/unmarshal_test.go
new file mode 100644
index 000000000000..5f0eb9b18098
--- /dev/null
+++ b/internal/protohcl/unmarshal_test.go
@@ -0,0 +1,557 @@
+package protohcl
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+	"github.com/zclconf/go-cty/cty"
+	"github.com/zclconf/go-cty/cty/function"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
+
+	"github.com/hashicorp/consul/internal/protohcl/testproto"
+	"github.com/hashicorp/hcl/v2/hclparse"
+)
+
+func TestPrimitives(t *testing.T) {
+	hcl := `
+		double_val = 1.234
+  		float_val = 2.345
+  		int32_val = 536870912
+  		int64_val = 25769803776
+  		uint32_val = 2148532224
+  		uint64_val = 9223372041149743104
+  		sint32_val = 536870912
+  		sint64_val = 25769803776
+  		fixed32_val = 2148532224
+  		fixed64_val = 9223372041149743104
+  		sfixed32_val = 536870912
+  		sfixed64_val = 25769803776
+  		bool_val = true
+  		string_val = "foo"
+		// This is base64 encoded "bar"
+  		byte_val = "YmFy"
+	`
+
+	var out testproto.Primitives
+
+	err := Unmarshal([]byte(hcl), &out)
+	require.NoError(t, err)
+
+	require.Equal(t, out.DoubleVal, float64(1.234))
+	require.Equal(t, out.FloatVal, float32(2.345))
+	require.Equal(t, out.Int32Val, int32(536870912))
+	require.Equal(t, out.Int64Val, int64(25769803776))
+	require.Equal(t, out.Uint32Val, uint32(2148532224))
+	require.Equal(t, out.Uint64Val, uint64(9223372041149743104))
+	require.Equal(t, out.Sint32Val, int32(536870912))
+	require.Equal(t, out.Sint64Val, int64(25769803776))
+	require.Equal(t, out.Fixed32Val, uint32(2148532224))
+	require.Equal(t, out.Fixed64Val, uint64(9223372041149743104))
+	require.Equal(t, out.Sfixed32Val, int32(536870912))
+	require.Equal(t, out.Sfixed64Val, int64(25769803776))
+	require.Equal(t, out.BoolVal, true)
+	require.Equal(t, out.StringVal, "foo")
+	require.Equal(t, out.ByteVal, []byte("bar"))
+}
+
+func TestNestedAndCollections(t *testing.T) {
+	hcl := `
+		primitives {
+			uint32_val = 42
+		}
+		
+		primitives_map "foo" {
+			uint32_val = 42
+		}
+		
+		protocol_map = {
+			"foo" = "PROTOCOL_TCP"
+		}
+		
+		primitives_list {
+			uint32_val = 42
+		}
+		
+		primitives_list {
+			uint32_val = 56
+		}
+		
+		int_list = [
+			1,
+			2
+		]
+	
+	`
+
+	var out testproto.NestedAndCollections
+
+	err := Unmarshal([]byte(hcl), &out)
+	require.NoError(t, err)
+
+	require.NotNil(t, out.Primitives)
+	require.Equal(t, out.Primitives.Uint32Val, uint32(42))
+	require.NotNil(t, out.PrimitivesMap)
+	require.Equal(t, out.PrimitivesMap["foo"].Uint32Val, uint32(42))
+	require.NotNil(t, out.ProtocolMap)
+	require.Equal(t, out.ProtocolMap["foo"], testproto.Protocol_PROTOCOL_TCP)
+	require.Len(t, out.PrimitivesList, 2)
+	require.Equal(t, out.PrimitivesList[0].Uint32Val, uint32(42))
+	require.Equal(t, out.PrimitivesList[1].Uint32Val, uint32(56))
+	require.Len(t, out.IntList, 2)
+	require.Equal(t, out.IntList[1], int32(2))
+}
+
+func TestPrimitiveWrappers(t *testing.T) {
+	hcl := `
+		double_val = 1.234
+  		float_val = 2.345
+  		int32_val = 536870912
+  		int64_val = 25769803776
+  		uint32_val = 2148532224
+  		uint64_val = 9223372041149743104
+  		bool_val = true
+  		string_val = "foo"
+		// This is base64 encoded "bar"
+  		bytes_val = "YmFy"
+	`
+	var out testproto.Wrappers
+
+	err := Unmarshal([]byte(hcl), &out)
+	require.NoError(t, err)
+	require.Equal(t, out.DoubleVal.Value, float64(1.234))
+	require.Equal(t, out.FloatVal.Value, float32(2.345))
+	require.Equal(t, out.Int32Val.Value, int32(536870912))
+	require.Equal(t, out.Int64Val.Value, int64(25769803776))
+	require.Equal(t, out.Uint32Val.Value, uint32(2148532224))
+	require.Equal(t, out.Uint64Val.Value, uint64(9223372041149743104))
+	require.Equal(t, out.BoolVal.Value, true)
+	require.Equal(t, out.StringVal.Value, "foo")
+	require.Equal(t, out.BytesVal.Value, []byte("bar"))
+}
+
+func TestNonDynamicWellKnown(t *testing.T) {
+	hcl := `
+		empty_val = {}
+		timestamp_val = "2023-02-27T12:34:56.789Z"
+		duration_val = "12s"
+	`
+	var out testproto.NonDynamicWellKnown
+
+	err := Unmarshal([]byte(hcl), &out)
+	require.NoError(t, err)
+	require.NotNil(t, out.EmptyVal)
+	require.NotNil(t, out.TimestampVal)
+	require.Equal(t, out.TimestampVal.AsTime(), time.Date(2023, 2, 27, 12, 34, 56, 789000000, time.UTC))
+	require.NotNil(t, out.DurationVal)
+	require.Equal(t, out.DurationVal.AsDuration(), time.Second*12)
+}
+
+func TestInvalidTimestamp(t *testing.T) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	t.Parallel()
+
+	cases := map[string]struct {
+		hcl       string
+		expectXDS bool
+	}{
+		"invalid": {
+			hcl: `
+				timestamp_val = "Sat Jun 12 2023 14:59:57 GMT+0200"
+			`,
+		},
+		"range error": {
+			hcl: `
+				timestamp_val = "2023-02-27T25:34:56.789Z"
+			`,
+		},
+	}
+
+	for name, tc := range cases {
+		tc := tc
+		var out testproto.NonDynamicWellKnown
+		t.Run(name, func(t *testing.T) {
+
+			err := Unmarshal([]byte(tc.hcl), &out)
+			require.Error(t, err)
+			require.Nil(t, out.TimestampVal)
+			require.ErrorContains(t, err, "error parsing timestamp")
+		})
+	}
+}
+
+func TestInvalidDuration(t *testing.T) {
+	hcl := `
+		duration_val = "abc"
+	`
+	var out testproto.NonDynamicWellKnown
+
+	err := Unmarshal([]byte(hcl), &out)
+	require.ErrorContains(t, err, "error parsing string duration:")
+	require.Nil(t, out.DurationVal)
+}
+
+func TestOneOf(t *testing.T) {
+	hcl1 := `
+		int32_val = 3
+	`
+
+	hcl2 := `
+		primitives {
+			int32_val = 3
+		}
+	`
+
+	hcl3 := `
+		int32_val = 3
+		primitives {
+			int32_val = 4
+		}
+	`
+
+	var out testproto.OneOf
+
+	err := Unmarshal([]byte(hcl1), &out)
+	require.NoError(t, err)
+	require.Equal(t, out.GetInt32Val(), int32(3))
+
+	err = Unmarshal([]byte(hcl2), &out)
+	require.NoError(t, err)
+	primitives := out.GetPrimitives()
+	require.NotNil(t, primitives)
+	require.Equal(t, primitives.Int32Val, int32(3))
+
+	err = Unmarshal([]byte(hcl3), &out)
+	require.Error(t, err)
+}
+
+func TestAny(t *testing.T) {
+	hcl := `
+		any_val {
+		    type_url = "hashicorp.consul.internal.protohcl.testproto.Primitives"
+		    uint32_val = 42
+		}
+
+		any_list = [
+			{
+				type_url = "hashicorp.consul.internal.protohcl.testproto.Primitives"
+				uint32_val = 123
+			},
+			{
+				type_url = "hashicorp.consul.internal.protohcl.testproto.Wrappers"
+				uint32_val = 321
+			}
+		]
+	`
+	var out testproto.DynamicWellKnown
+
+	err := Unmarshal([]byte(hcl), &out)
+	require.NoError(t, err)
+	require.NotNil(t, out.AnyVal)
+	require.Equal(t, out.AnyVal.TypeUrl, "hashicorp.consul.internal.protohcl.testproto.Primitives")
+
+	raw, err := anypb.UnmarshalNew(out.AnyVal, proto.UnmarshalOptions{})
+	require.NoError(t, err)
+	require.NotNil(t, raw)
+
+	primitives, ok := raw.(*testproto.Primitives)
+	require.True(t, ok)
+	require.Equal(t, primitives.Uint32Val, uint32(42))
+}
+
+func TestAnyTypeDynamicWellKnown(t *testing.T) {
+	hcl := `
+		any_val {
+			type_url = "hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown"
+		    any_val {
+				type_url = "hashicorp.consul.internal.protohcl.testproto.Primitives"
+				uint32_val = 42
+			}
+		}
+	`
+	var out testproto.DynamicWellKnown
+
+	err := Unmarshal([]byte(hcl), &out)
+	require.NoError(t, err)
+	require.NotNil(t, out.AnyVal)
+	require.Equal(t, out.AnyVal.TypeUrl, "hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown")
+
+	raw, err := anypb.UnmarshalNew(out.AnyVal, proto.UnmarshalOptions{})
+	require.NoError(t, err)
+	require.NotNil(t, raw)
+
+	anyVal, ok := raw.(*testproto.DynamicWellKnown)
+	require.True(t, ok)
+
+	res, err := anypb.UnmarshalNew(anyVal.AnyVal, proto.UnmarshalOptions{})
+	require.NoError(t, err)
+	require.NotNil(t, res)
+
+	primitives, ok := res.(*testproto.Primitives)
+	require.True(t, ok)
+	require.Equal(t, primitives.Uint32Val, uint32(42))
+}
+
+func TestAnyTypeNestedAndCollections(t *testing.T) {
+	hcl := `
+		any_val {
+			type_url = "hashicorp.consul.internal.protohcl.testproto.NestedAndCollections"
+		    primitives {
+				uint32_val = 42
+			}
+		}
+	`
+	var out testproto.DynamicWellKnown
+
+	err := Unmarshal([]byte(hcl), &out)
+	require.NoError(t, err)
+	require.NotNil(t, out.AnyVal)
+	require.Equal(t, out.AnyVal.TypeUrl, "hashicorp.consul.internal.protohcl.testproto.NestedAndCollections")
+
+	raw, err := anypb.UnmarshalNew(out.AnyVal, proto.UnmarshalOptions{})
+	require.NoError(t, err)
+	require.NotNil(t, raw)
+
+	nestedCollections, ok := raw.(*testproto.NestedAndCollections)
+	require.True(t, ok)
+	require.NotNil(t, nestedCollections.Primitives)
+	require.Equal(t, nestedCollections.Primitives.Uint32Val, uint32(42))
+}
+
+func TestAnyTypeErrors(t *testing.T) {
+	type testCase struct {
+		description string
+		hcl         string
+		error       string
+	}
+	testCases := []testCase{
+		{
+			description: "type_url is expected",
+			hcl: `
+			  any_val {
+				uint32_val = 42
+			}
+			`,
+			error: "type_url field is required to decode Any",
+		},
+		{
+			description: "type_url is unknown",
+			hcl: `
+			  any_val {
+				type_url = "hashicorp.consul.internal.protohcl.testproto.Integer"
+				uint32_val = 42
+			}
+			`,
+			error: "error looking up type information for hashicorp.consul.internal.protohcl.testproto.Integer",
+		},
+		{
+			description: "unknown field",
+			hcl: `
+			  any_val {
+				type_url = "hashicorp.consul.internal.protohcl.testproto.Primitives"
+				int_val = 42
+			}
+			`,
+			error: "Unsupported argument; An argument named \"int_val\" is not expected here",
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.description, func(t *testing.T) {
+			t.Parallel()
+			var out testproto.DynamicWellKnown
+
+			err := Unmarshal([]byte(tc.hcl), &out)
+			require.Error(t, err)
+			require.Contains(t, err.Error(), tc.error)
+		})
+	}
+}
+
+func TestStruct(t *testing.T) {
+	hcl := `
+		struct_val = {
+			"null"= null
+			"bool"= true
+			"foo" = "bar"
+			"baz" = 1.234
+			"nested" = {
+				"foo" = 12,
+				"bar" = "something"
+			}
+		}
+	`
+
+	var out testproto.DynamicWellKnown
+
+	err := Unmarshal([]byte(hcl), &out)
+	require.NoError(t, err)
+	require.NotNil(t, out.StructVal)
+
+	valMap := out.StructVal.AsMap()
+	jsonVal, err := json.Marshal(valMap)
+	require.NoError(t, err)
+
+	expected := `{
+		"null": null,
+		"bool": true,
+		"foo": "bar",
+		"baz": 1.234,
+		"nested": {
+			"foo": 12,
+			"bar": "something"
+		}
+	}
+	`
+	require.JSONEq(t, expected, string(jsonVal))
+}
+
+func TestStructList(t *testing.T) {
+	hcl := `
+		struct_val = {
+			"list_int" = [
+				1,
+				2,
+				3,
+			]
+			"list_string": [
+				"abc",
+				"def"
+			]
+			"list_bool": [
+				true,
+				false
+			]
+			"list_maps" = [
+				{
+					"arrr" = "matey"
+				},
+				{
+					"hoist" = "the colors"
+				}
+			]
+			"list_list" = [
+				[
+					"hello",
+					"world",
+					null
+				]
+			]
+		}
+	`
+
+	var out testproto.DynamicWellKnown
+
+	err := Unmarshal([]byte(hcl), &out)
+	require.NoError(t, err)
+	require.NotNil(t, out.StructVal)
+
+	valMap := out.StructVal.AsMap()
+	jsonVal, err := json.Marshal(valMap)
+	require.NoError(t, err)
+
+	expected := `{
+		"list_int": [
+			1,
+			2,
+			3
+		],
+		"list_string": [
+			"abc",
+			"def"
+		],
+		"list_bool": [
+			true,
+			false
+		],
+		"list_maps": [
+			{
+				"arrr": "matey"
+			},
+			{
+				"hoist": "the colors"
+			}
+		],
+		"list_list": [
+			[
+				"hello",
+				"world",
+				null
+			]
+		]
+	}
+	`
+	require.JSONEq(t, expected, string(jsonVal))
+}
+
+func TestFunctionExecution(t *testing.T) {
+	hcl := `
+		primitives = primitive_defaults()
+	`
+
+	var out testproto.NestedAndCollections
+
+	var (
+		testType = cty.Capsule("type", reflect.TypeOf(testproto.Primitives{}))
+
+		test = function.New(&function.Spec{
+			Params: []function.Parameter{},
+			Type:   function.StaticReturnType(testType),
+			Impl: func(args []cty.Value, _ cty.Type) (cty.Value, error) {
+				t := &testproto.Primitives{
+					StringVal: "test",
+					Int32Val:  10,
+					BoolVal:   false,
+				}
+				return cty.CapsuleVal(testType, t), nil
+			},
+		})
+	)
+
+	err := UnmarshalOptions{
+		Functions: map[string]function.Function{"primitive_defaults": test},
+	}.Unmarshal([]byte(hcl), &out)
+
+	require.NoError(t, err)
+
+	require.NotNil(t, out.Primitives)
+	require.Equal(t, out.Primitives.StringVal, "test")
+	require.Equal(t, out.Primitives.Int32Val, int32(10))
+	require.Equal(t, out.Primitives.BoolVal, false)
+}
+
+func TestSkipFields(t *testing.T) {
+
+	u := UnmarshalOptions{}
+
+	hcl := `
+		any_val {
+			type_url = "hashicorp.consul.internal.protohcl.testproto.Primitives"
+			uint32_val = 10
+		}`
+
+	file, diags := hclparse.NewParser().ParseHCL([]byte(hcl), "")
+
+	require.False(t, diags.HasErrors())
+
+	decoder := u.bodyDecoder(file.Body)
+
+	decoder = decoder.SkipFields("type_url")
+
+	decoder = decoder.SkipFields("type_url", "uint32_val")
+
+	expected := map[string]struct{}{
+		"type_url":   {},
+		"uint32_val": {},
+	}
+
+	require.Contains(t, fmt.Sprintf("%v", decoder), fmt.Sprintf("%v", expected))
+}
diff --git a/internal/protohcl/well_known_types.go b/internal/protohcl/well_known_types.go
new file mode 100644
index 000000000000..508d9dfffedd
--- /dev/null
+++ b/internal/protohcl/well_known_types.go
@@ -0,0 +1,418 @@
+package protohcl
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/zclconf/go-cty/cty"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/emptypb"
+	"google.golang.org/protobuf/types/known/structpb"
+	"google.golang.org/protobuf/types/known/timestamppb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
+)
+
+const (
+	// maximum time in seconds that a time.Time which comes from
+	// an RFC 3339 timestamp can represent
+	maxTimestampSeconds = 253402300799
+	// minimum time in seconds that a time.Time which comes from
+	// an RFC 3339 timestamp can represent. This is negative
+	// because RFC 3339 base time is year 0001 whereas time.Time
+	// starts in 1970
+	minTimestampSeconds = -62135596800
+)
+
+var (
+	// minTime is the earliest time representable as both an
+	// RFC 3339 timestamp and a time.Time value
+	minTime = time.Unix(minTimestampSeconds, 0)
+	// maxTime is the latest time respresentable as both an
+	// RFC 3339 timestamp and a time.Time value
+	maxTime = time.Unix(maxTimestampSeconds, 999999999)
+)
+
+type wktSchemaHint int
+
+const (
+	notWellKnownType wktSchemaHint = iota
+	wellKnownBlock
+	wellKnownAttribute
+)
+
+// wellKnownTypeSchemaHint returns what sort of syntax should be used to represent
+// the well known type field.
+//
+// NotWellKnownType - use attribute block syntax based on other information
+// WellKnownAttribute - use attribute syntax
+// WellKnownBlock - use block syntax
+func wellKnownTypeSchemaHint(desc protoreflect.FieldDescriptor) wktSchemaHint {
+	if desc.Kind() != protoreflect.MessageKind {
+		return notWellKnownType
+	}
+
+	switch desc.Message().FullName() {
+	case "google.protobuf.DoubleValue":
+		return wellKnownAttribute
+	case "google.protobuf.FloatValue":
+		return wellKnownAttribute
+	case "google.protobuf.Int32Value":
+		return wellKnownAttribute
+	case "google.protobuf.Int64Value":
+		return wellKnownAttribute
+	case "google.protobuf.UInt32Value":
+		return wellKnownAttribute
+	case "google.protobuf.UInt64Value":
+		return wellKnownAttribute
+	case "google.protobuf.BoolValue":
+		return wellKnownAttribute
+	case "google.protobuf.StringValue":
+		return wellKnownAttribute
+	case "google.protobuf.BytesValue":
+		return wellKnownAttribute
+	case "google.protobuf.Empty":
+		// block syntax is used for Empty to allow transitioning to using
+		// a different proto message with fields in the future.
+		return wellKnownBlock
+	case "google.protobuf.Timestamp":
+		return wellKnownAttribute
+	case "google.protobuf.Duration":
+		return wellKnownAttribute
+	case "google.protobuf.Struct":
+		// as the Struct has completely free form fields that we cannot
+		// know about in advance we cannot use block syntax
+		return wellKnownAttribute
+	case "google.protobuf.Any":
+		return wellKnownBlock
+	default:
+		return notWellKnownType
+	}
+}
+
+func decodeAttributeToWellKnownType(desc protoreflect.FieldDescriptor, val cty.Value) (bool, protoreflect.Value, error) {
+	if desc.Kind() != protoreflect.MessageKind {
+		return false, protoreflect.Value{}, nil
+	}
+
+	switch desc.Message().FullName() {
+	case "google.protobuf.DoubleValue":
+		protoVal, err := protoDoubleWrapperFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.FloatValue":
+		protoVal, err := protoFloatWrapperFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.Int32Value":
+		protoVal, err := protoInt32WrapperFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.Int64Value":
+		protoVal, err := protoInt64WrapperFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.UInt32Value":
+		protoVal, err := protoUint32WrapperFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.UInt64Value":
+		protoVal, err := protoUint64WrapperFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.BoolValue":
+		protoVal, err := protoBoolWrapperFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.StringValue":
+		protoVal, err := protoStringWrapperFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.BytesValue":
+		protoVal, err := protoBytesWrapperFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.Empty":
+		protoVal, err := protoEmptyFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.Timestamp":
+		protoVal, err := protoTimestampFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.Duration":
+		protoVal, err := protoDurationFromCty(val)
+		return true, protoVal, err
+	case "google.protobuf.Struct":
+		protoVal, err := protoStructFromCty(val)
+		return true, protoVal, err
+	default:
+		return false, protoreflect.Value{}, nil
+	}
+}
+
+func protoWrapperFromBool(v bool) protoreflect.Value {
+	return protoreflect.ValueOfMessage(wrapperspb.Bool(v).ProtoReflect())
+}
+func protoWrapperFromInt32(v int32) protoreflect.Value {
+	return protoreflect.ValueOfMessage(wrapperspb.Int32(v).ProtoReflect())
+}
+func protoWrapperFromInt64(v int64) protoreflect.Value {
+	return protoreflect.ValueOfMessage(wrapperspb.Int64(v).ProtoReflect())
+}
+func protoWrapperFromUint32(v uint32) protoreflect.Value {
+	return protoreflect.ValueOfMessage(wrapperspb.UInt32(v).ProtoReflect())
+}
+func protoWrapperFromUint64(v uint64) protoreflect.Value {
+	return protoreflect.ValueOfMessage(wrapperspb.UInt64(v).ProtoReflect())
+}
+func protoWrapperFromFloat(v float32) protoreflect.Value {
+	return protoreflect.ValueOfMessage(wrapperspb.Float(v).ProtoReflect())
+}
+func protoWrapperFromDouble(v float64) protoreflect.Value {
+	return protoreflect.ValueOfMessage(wrapperspb.Double(v).ProtoReflect())
+}
+func protoWrapperFromString(v string) protoreflect.Value {
+	return protoreflect.ValueOfMessage(wrapperspb.String(v).ProtoReflect())
+}
+func protoWrapperFromBytes(v []byte) protoreflect.Value {
+	return protoreflect.ValueOfMessage(wrapperspb.Bytes(v).ProtoReflect())
+}
+
+func protoBoolWrapperFromCty(val cty.Value) (protoreflect.Value, error) {
+	v, err := boolFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoWrapperFromBool(v), nil
+}
+func protoInt32WrapperFromCty(val cty.Value) (protoreflect.Value, error) {
+	v, err := int32FromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoWrapperFromInt32(v), nil
+}
+func protoInt64WrapperFromCty(val cty.Value) (protoreflect.Value, error) {
+	v, err := int64FromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoWrapperFromInt64(v), nil
+}
+func protoUint32WrapperFromCty(val cty.Value) (protoreflect.Value, error) {
+	v, err := uint32FromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoWrapperFromUint32(v), nil
+}
+func protoUint64WrapperFromCty(val cty.Value) (protoreflect.Value, error) {
+	v, err := uint64FromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoWrapperFromUint64(v), nil
+}
+func protoFloatWrapperFromCty(val cty.Value) (protoreflect.Value, error) {
+	v, err := floatFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoWrapperFromFloat(v), nil
+}
+func protoDoubleWrapperFromCty(val cty.Value) (protoreflect.Value, error) {
+	v, err := doubleFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoWrapperFromDouble(v), nil
+}
+func protoStringWrapperFromCty(val cty.Value) (protoreflect.Value, error) {
+	v, err := stringFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoWrapperFromString(v), nil
+}
+func protoBytesWrapperFromCty(val cty.Value) (protoreflect.Value, error) {
+	v, err := bytesFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+	return protoWrapperFromBytes(v), nil
+}
+
+func protoEmptyFromCty(val cty.Value) (protoreflect.Value, error) {
+	var e emptypb.Empty
+	if val.IsNull() {
+		return protoreflect.Value{}, nil
+	}
+
+	valType := val.Type()
+	if (valType.IsObjectType() || valType.IsMapType()) && val.LengthInt() == 0 {
+		return protoreflect.ValueOfMessage(e.ProtoReflect()), nil
+	}
+
+	return protoreflect.Value{}, fmt.Errorf("well known empty type can only be represented as an hcl map/object - actual type %q", valType.FriendlyName())
+}
+
+func protoTimestampFromCty(val cty.Value) (protoreflect.Value, error) {
+	v, err := stringFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+
+	t, err := time.Parse(time.RFC3339Nano, v)
+	if err != nil {
+		return protoreflect.Value{}, fmt.Errorf("error parsing timestamp: %w", err)
+	}
+
+	if t.Before(minTime) || t.After(maxTime) {
+		return protoreflect.Value{}, fmt.Errorf("time is out of range %s to %s - %s", minTime.String(), maxTime.String(), v)
+	}
+
+	return protoreflect.ValueOfMessage(timestamppb.New(t).ProtoReflect()), nil
+}
+
+func protoDurationFromCty(val cty.Value) (protoreflect.Value, error) {
+	v, err := stringFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+
+	d, err := time.ParseDuration(v)
+	if err != nil {
+		return protoreflect.Value{}, fmt.Errorf("error parsing string duration: %w", err)
+	}
+
+	return protoreflect.ValueOfMessage(durationpb.New(d).ProtoReflect()), nil
+}
+
+func protoStructFromCty(val cty.Value) (protoreflect.Value, error) {
+	s, err := protoStructObjectFromCty(val)
+	if err != nil {
+		return protoreflect.Value{}, err
+	}
+
+	return protoreflect.ValueOfMessage(s.ProtoReflect()), nil
+}
+
+func protoStructObjectFromCty(val cty.Value) (*structpb.Struct, error) {
+	valType := val.Type()
+	if !valType.IsObjectType() && !valType.IsMapType() {
+		return nil, fmt.Errorf("Struct type must be either an object or map type")
+	}
+
+	structValues := make(map[string]*structpb.Value)
+
+	for k, v := range val.AsValueMap() {
+		vType := v.Type()
+
+		if v.IsNull() {
+			structValues[k] = structpb.NewNullValue()
+		} else if vType.IsListType() || vType.IsSetType() || vType.IsTupleType() {
+			listVal, err := protoStructListValueFromCty(v)
+			if err != nil {
+				return nil, err
+			}
+			structValues[k] = structpb.NewListValue(listVal)
+		} else if vType.IsMapType() || vType.IsObjectType() {
+			objVal, err := protoStructObjectFromCty(v)
+			if err != nil {
+				return nil, err
+			}
+			structValues[k] = structpb.NewStructValue(objVal)
+		} else if vType.IsPrimitiveType() {
+			switch vType {
+			case cty.String:
+				stringVal, err := stringFromCty(v)
+				if err != nil {
+					return nil, err
+				}
+
+				structValues[k] = structpb.NewStringValue(stringVal)
+			case cty.Bool:
+				boolVal, err := boolFromCty(v)
+				if err != nil {
+					return nil, err
+				}
+
+				structValues[k] = structpb.NewBoolValue(boolVal)
+			case cty.Number:
+				doubleVal, err := doubleFromCty(v)
+				if err != nil {
+					return nil, err
+				}
+
+				structValues[k] = structpb.NewNumberValue(doubleVal)
+			default:
+				return nil, fmt.Errorf("unknown cty primitive type: %s", vType.FriendlyName())
+			}
+		} else {
+			return nil, fmt.Errorf("unsupported cty type: %s", vType.FriendlyName())
+		}
+	}
+
+	return &structpb.Struct{
+		Fields: structValues,
+	}, nil
+}
+
+func protoStructListValueFromCty(val cty.Value) (*structpb.ListValue, error) {
+	var values []*structpb.Value
+
+	var err error
+	val.ForEachElement(func(_ cty.Value, value cty.Value) bool {
+		vType := value.Type()
+
+		if value.IsNull() {
+			values = append(values, structpb.NewNullValue())
+		} else if vType.IsListType() || vType.IsSetType() || vType.IsTupleType() {
+			var listVal *structpb.ListValue
+			listVal, err = protoStructListValueFromCty(value)
+			if err != nil {
+				return true
+			}
+			values = append(values, structpb.NewListValue(listVal))
+		} else if vType.IsMapType() || vType.IsObjectType() {
+			var objVal *structpb.Struct
+			objVal, err = protoStructObjectFromCty(value)
+			if err != nil {
+				return true
+			}
+			values = append(values, structpb.NewStructValue(objVal))
+		} else if vType.IsPrimitiveType() {
+			switch vType {
+			case cty.String:
+				var stringVal string
+				stringVal, err = stringFromCty(value)
+				if err != nil {
+					return true
+				}
+
+				values = append(values, structpb.NewStringValue(stringVal))
+			case cty.Bool:
+				var boolVal bool
+				boolVal, err = boolFromCty(value)
+				if err != nil {
+					return true
+				}
+
+				values = append(values, structpb.NewBoolValue(boolVal))
+			case cty.Number:
+				var doubleVal float64
+				doubleVal, err = doubleFromCty(value)
+				if err != nil {
+					return true
+				}
+
+				values = append(values, structpb.NewNumberValue(doubleVal))
+			default:
+				err = fmt.Errorf("unknown cty primitive type: %s", vType.FriendlyName())
+				return true
+			}
+		} else {
+			err = fmt.Errorf("unsupported cty type: %s", vType.FriendlyName())
+			return true
+		}
+		return false
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &structpb.ListValue{
+		Values: values,
+	}, nil
+}
diff --git a/internal/resource/registry.go b/internal/resource/registry.go
index 27b966f8288c..84f889ed1c0d 100644
--- a/internal/resource/registry.go
+++ b/internal/resource/registry.go
@@ -6,6 +6,7 @@ package resource
 import (
 	"fmt"
 	"regexp"
+	"strings"
 	"sync"
 
 	"google.golang.org/protobuf/proto"
@@ -171,3 +172,15 @@ func (r *TypeRegistry) Types() []Registration {
 func ToGVK(resourceType *pbresource.Type) string {
 	return fmt.Sprintf("%s.%s.%s", resourceType.Group, resourceType.GroupVersion, resourceType.Kind)
 }
+
+func ParseGVK(gvk string) (*pbresource.Type, error) {
+	parts := strings.Split(gvk, ".")
+	if len(parts) != 3 {
+		return nil, fmt.Errorf("GVK string must be in the form <Group>.<GroupVersion>.<Kind>, got: %s", gvk)
+	}
+	return &pbresource.Type{
+		Group:        parts[0],
+		GroupVersion: parts[1],
+		Kind:         parts[2],
+	}, nil
+}
diff --git a/internal/resourcehcl/any.go b/internal/resourcehcl/any.go
new file mode 100644
index 000000000000..0f2d657d15a4
--- /dev/null
+++ b/internal/resourcehcl/any.go
@@ -0,0 +1,46 @@
+package resourcehcl
+
+import (
+	"errors"
+	"fmt"
+
+	"google.golang.org/protobuf/reflect/protoreflect"
+
+	"github.com/hashicorp/consul/internal/protohcl"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+// anyProvider implements protohcl.AnyTypeProvider to infer the `Data` block
+// type from `ID.Type`.
+type anyProvider struct {
+	base protohcl.AnyTypeProvider
+	reg  resource.Registry
+}
+
+func (p anyProvider) AnyType(ctx *protohcl.UnmarshalContext, decoder protohcl.MessageDecoder) (protoreflect.FullName, protohcl.MessageDecoder, error) {
+	if ctx.Name != "Data" {
+		return p.base.AnyType(ctx, decoder)
+	}
+
+	if ctx.Parent == nil || ctx.Parent.Message == nil {
+		return p.base.AnyType(ctx, decoder)
+	}
+
+	res, isResource := ctx.Parent.Message.Interface().(*pbresource.Resource)
+	if !isResource {
+		return p.base.AnyType(ctx, decoder)
+	}
+
+	resourceType := res.GetId().GetType()
+	if res == nil {
+		return "", nil, errors.New("ID.Type not found")
+	}
+
+	reg, ok := p.reg.Resolve(resourceType)
+	if !ok {
+		return "", nil, fmt.Errorf("unknown resource type: %s", resource.ToGVK(resourceType))
+	}
+
+	return reg.Proto.ProtoReflect().Descriptor().FullName(), decoder, nil
+}
diff --git a/internal/resourcehcl/naming.go b/internal/resourcehcl/naming.go
new file mode 100644
index 000000000000..7c714bb5b60c
--- /dev/null
+++ b/internal/resourcehcl/naming.go
@@ -0,0 +1,35 @@
+package resourcehcl
+
+import (
+	"strings"
+
+	"google.golang.org/protobuf/reflect/protoreflect"
+)
+
+// fieldNamer implements protohcl.FieldNamer to name fields using PascalCase
+// with support for acroynms (e.g. ID, TCP).
+type fieldNamer struct{ acroynms []string }
+
+func (n fieldNamer) NameField(fd protoreflect.FieldDescriptor) string {
+	camel := fd.JSONName()
+	upper := strings.ToUpper(camel)
+
+	for _, a := range n.acroynms {
+		if upper == a {
+			return a
+		}
+	}
+
+	return strings.ToUpper(camel[:1]) + camel[1:]
+}
+
+func (n fieldNamer) GetField(fds protoreflect.FieldDescriptors, name string) protoreflect.FieldDescriptor {
+	for _, a := range n.acroynms {
+		if name == a {
+			return fds.ByJSONName(strings.ToLower(a))
+		}
+	}
+
+	camel := strings.ToLower(name[:1]) + name[1:]
+	return fds.ByJSONName(camel)
+}
diff --git a/internal/resourcehcl/testdata/gvk-no-arguments.error b/internal/resourcehcl/testdata/gvk-no-arguments.error
new file mode 100644
index 000000000000..1c290dd3d613
--- /dev/null
+++ b/internal/resourcehcl/testdata/gvk-no-arguments.error
@@ -0,0 +1 @@
+gvk-no-arguments.hcl:2,14-15: Not enough function arguments; Function "gvk" expects 1 argument(s). Missing value for "GVK String".
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/gvk-no-arguments.hcl b/internal/resourcehcl/testdata/gvk-no-arguments.hcl
new file mode 100644
index 000000000000..69aee02b2cfa
--- /dev/null
+++ b/internal/resourcehcl/testdata/gvk-no-arguments.hcl
@@ -0,0 +1,4 @@
+ID {
+  Type = gvk()
+  Name = "foo"
+}
diff --git a/internal/resourcehcl/testdata/invalid-group.error b/internal/resourcehcl/testdata/invalid-group.error
new file mode 100644
index 000000000000..6db3a339c2a1
--- /dev/null
+++ b/internal/resourcehcl/testdata/invalid-group.error
@@ -0,0 +1 @@
+invalid-group.hcl:3,13-17: Failed to unmarshal argument Group: expected value of type string but actual type is number
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/invalid-group.hcl b/internal/resourcehcl/testdata/invalid-group.hcl
new file mode 100644
index 000000000000..ca6920163ecc
--- /dev/null
+++ b/internal/resourcehcl/testdata/invalid-group.hcl
@@ -0,0 +1,8 @@
+ID {
+  Type {
+    Group = 1234
+    GroupVersion = "v1"
+    Kind = "Artist"
+  }
+  Name = "foo"
+}
diff --git a/internal/resourcehcl/testdata/invalid-gvk.error b/internal/resourcehcl/testdata/invalid-gvk.error
new file mode 100644
index 000000000000..92ebca5eb0c1
--- /dev/null
+++ b/internal/resourcehcl/testdata/invalid-gvk.error
@@ -0,0 +1 @@
+invalid-gvk.hcl:2,10-14: Error in function call; Call to function "gvk" failed: GVK string must be in the form <Group>.<GroupVersion>.<Kind>, got: nope.
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/invalid-gvk.hcl b/internal/resourcehcl/testdata/invalid-gvk.hcl
new file mode 100644
index 000000000000..565a4cc3f9c8
--- /dev/null
+++ b/internal/resourcehcl/testdata/invalid-gvk.hcl
@@ -0,0 +1,4 @@
+ID {
+  Type = gvk("nope")
+  Name = "foo"
+}
diff --git a/internal/resourcehcl/testdata/invalid-metadata.error b/internal/resourcehcl/testdata/invalid-metadata.error
new file mode 100644
index 000000000000..352f2ffa056c
--- /dev/null
+++ b/internal/resourcehcl/testdata/invalid-metadata.error
@@ -0,0 +1 @@
+invalid-metadata.hcl:6,12-8,2: Failed to unmarshal argument Metadata["foo"]: expected value of type string but actual type is tuple
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/invalid-metadata.hcl b/internal/resourcehcl/testdata/invalid-metadata.hcl
new file mode 100644
index 000000000000..aa10b5686e7f
--- /dev/null
+++ b/internal/resourcehcl/testdata/invalid-metadata.hcl
@@ -0,0 +1,8 @@
+ID {
+  Type = gvk("demo.v1.Artist")
+  Name = "korn"
+}
+
+Metadata = {
+  "foo" = ["bar"]
+}
diff --git a/internal/resourcehcl/testdata/invalid-name.error b/internal/resourcehcl/testdata/invalid-name.error
new file mode 100644
index 000000000000..ba977a2e279c
--- /dev/null
+++ b/internal/resourcehcl/testdata/invalid-name.error
@@ -0,0 +1 @@
+invalid-name.hcl:3,10-14: Failed to unmarshal argument Name: expected value of type string but actual type is number
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/invalid-name.hcl b/internal/resourcehcl/testdata/invalid-name.hcl
new file mode 100644
index 000000000000..54ca6b186bbc
--- /dev/null
+++ b/internal/resourcehcl/testdata/invalid-name.hcl
@@ -0,0 +1,4 @@
+ID {
+  Type = gvk("demo.v1.Artist")
+  Name = 1234
+}
diff --git a/internal/resourcehcl/testdata/no-blocks-any-first.golden b/internal/resourcehcl/testdata/no-blocks-any-first.golden
new file mode 100644
index 000000000000..18a7cfd9aeec
--- /dev/null
+++ b/internal/resourcehcl/testdata/no-blocks-any-first.golden
@@ -0,0 +1 @@
+{"id":{"name":"korn","type":{"group":"demo","groupVersion":"v1","kind":"Artist"}},"data":{"@type":"hashicorp.consul.internal.demo.v1.Artist","name":"Korn"}}
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/no-blocks-any-first.hcl b/internal/resourcehcl/testdata/no-blocks-any-first.hcl
new file mode 100644
index 000000000000..8eb8d75f4317
--- /dev/null
+++ b/internal/resourcehcl/testdata/no-blocks-any-first.hcl
@@ -0,0 +1,8 @@
+Data = {
+  Name = "Korn"
+}
+
+ID = {
+  Type = gvk("demo.v1.Artist")
+  Name = "korn"
+}
diff --git a/internal/resourcehcl/testdata/no-blocks.golden b/internal/resourcehcl/testdata/no-blocks.golden
new file mode 100644
index 000000000000..c7243ad16163
--- /dev/null
+++ b/internal/resourcehcl/testdata/no-blocks.golden
@@ -0,0 +1 @@
+{"id":{"type":{"group":"mesh","groupVersion":"v1alpha1","kind":"Upstreams"}},"data":{"@type":"hashicorp.consul.mesh.v1alpha1.Upstreams","workloads":{"prefixes":["api"]},"upstreams":[{"destinationRef":{"name":"db","type":{"group":"catalog","groupVersion":"v1alpha1","kind":"Service"}},"destinationPort":"tcp","ipPort":{"port":1234}}]}}
diff --git a/internal/resourcehcl/testdata/no-blocks.hcl b/internal/resourcehcl/testdata/no-blocks.hcl
new file mode 100644
index 000000000000..b134e8124621
--- /dev/null
+++ b/internal/resourcehcl/testdata/no-blocks.hcl
@@ -0,0 +1,33 @@
+ID = {
+  Type = {
+    Group = "mesh"
+    GroupVersion = "v1alpha1"
+    Kind = "Upstreams"
+  }
+}
+
+Data = {
+  Workloads = {
+    Prefixes = ["api"]
+  }
+
+  Upstreams = [
+    {
+      DestinationRef = {
+        Type = {
+          Group = "catalog"
+          GroupVersion = "v1alpha1"
+          Kind = "Service"
+        }
+
+        Name = "db"
+      }
+
+      DestinationPort = "tcp"
+
+      IpPort = {
+        Port = 1234
+      }
+    }
+  ]
+}
diff --git a/internal/resourcehcl/testdata/owner.golden b/internal/resourcehcl/testdata/owner.golden
new file mode 100644
index 000000000000..9054db09bfd3
--- /dev/null
+++ b/internal/resourcehcl/testdata/owner.golden
@@ -0,0 +1 @@
+{"id":{"name":"twisted-transistor","type":{"group":"demo","groupVersion":"v1","kind":"Album"}},"owner":{"name":"korn","type":{"group":"demo","groupVersion":"v1","kind":"Artist"}}}
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/owner.hcl b/internal/resourcehcl/testdata/owner.hcl
new file mode 100644
index 000000000000..2cc65e4c6658
--- /dev/null
+++ b/internal/resourcehcl/testdata/owner.hcl
@@ -0,0 +1,9 @@
+ID {
+  Type = gvk("demo.v1.Album")
+  Name = "twisted-transistor"
+}
+
+Owner {
+  Type = gvk("demo.v1.Artist")
+  Name = "korn"
+}
diff --git a/internal/resourcehcl/testdata/simple-gvk.golden b/internal/resourcehcl/testdata/simple-gvk.golden
new file mode 100644
index 000000000000..ba3fddcd6d17
--- /dev/null
+++ b/internal/resourcehcl/testdata/simple-gvk.golden
@@ -0,0 +1 @@
+{"id":{"name":"korn","type":{"group":"demo","groupVersion":"v1","kind":"Artist"}},"metadata":{"foo":"bar"},"data":{"@type":"hashicorp.consul.internal.demo.v1.Artist","name":"Korn","genre":"GENRE_METAL"}}
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/simple-gvk.hcl b/internal/resourcehcl/testdata/simple-gvk.hcl
new file mode 100644
index 000000000000..adddcd42c8c1
--- /dev/null
+++ b/internal/resourcehcl/testdata/simple-gvk.hcl
@@ -0,0 +1,13 @@
+ID {
+  Type = gvk("demo.v1.Artist")
+  Name = "korn"
+}
+
+Data {
+  Name = "Korn"
+  Genre = "GENRE_METAL"
+}
+
+Metadata = {
+  "foo" = "bar"
+}
diff --git a/internal/resourcehcl/testdata/type-block.golden b/internal/resourcehcl/testdata/type-block.golden
new file mode 100644
index 000000000000..963695616bee
--- /dev/null
+++ b/internal/resourcehcl/testdata/type-block.golden
@@ -0,0 +1 @@
+{"id":{"name":"korn","type":{"group":"demo","groupVersion":"v1","kind":"Artist"}}}
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/type-block.hcl b/internal/resourcehcl/testdata/type-block.hcl
new file mode 100644
index 000000000000..f927fbe2fe61
--- /dev/null
+++ b/internal/resourcehcl/testdata/type-block.hcl
@@ -0,0 +1,8 @@
+ID {
+  Type {
+    Group = "demo"
+    GroupVersion = "v1"
+    Kind = "Artist"
+  }
+  Name = "korn"
+}
diff --git a/internal/resourcehcl/testdata/unknown-field-block.error b/internal/resourcehcl/testdata/unknown-field-block.error
new file mode 100644
index 000000000000..602212543d66
--- /dev/null
+++ b/internal/resourcehcl/testdata/unknown-field-block.error
@@ -0,0 +1 @@
+unknown-field-block.hcl:2,3-6: Unsupported argument; An argument named "Foo" is not expected here.
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/unknown-field-block.hcl b/internal/resourcehcl/testdata/unknown-field-block.hcl
new file mode 100644
index 000000000000..534fdb11b8d2
--- /dev/null
+++ b/internal/resourcehcl/testdata/unknown-field-block.hcl
@@ -0,0 +1,3 @@
+ID {
+  Foo = "bar"
+}
diff --git a/internal/resourcehcl/testdata/unknown-field-object.error b/internal/resourcehcl/testdata/unknown-field-object.error
new file mode 100644
index 000000000000..b7651d5eb0d5
--- /dev/null
+++ b/internal/resourcehcl/testdata/unknown-field-object.error
@@ -0,0 +1 @@
+unknown-field-object.hcl:1,6-3,2: Unsupported argument; An argument named "Foo" is not expected here.
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/unknown-field-object.hcl b/internal/resourcehcl/testdata/unknown-field-object.hcl
new file mode 100644
index 000000000000..43220099bb0a
--- /dev/null
+++ b/internal/resourcehcl/testdata/unknown-field-object.hcl
@@ -0,0 +1,3 @@
+ID = {
+  Foo = "bar"
+}
diff --git a/internal/resourcehcl/testdata/unknown-type.error b/internal/resourcehcl/testdata/unknown-type.error
new file mode 100644
index 000000000000..81e0ea1c8159
--- /dev/null
+++ b/internal/resourcehcl/testdata/unknown-type.error
@@ -0,0 +1 @@
+error getting type for Any field: unknown resource type: foo.bar.Baz
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/unknown-type.hcl b/internal/resourcehcl/testdata/unknown-type.hcl
new file mode 100644
index 000000000000..f1669b8ba882
--- /dev/null
+++ b/internal/resourcehcl/testdata/unknown-type.hcl
@@ -0,0 +1,8 @@
+ID {
+  Type = gvk("foo.bar.Baz")
+  Name = "qux"
+}
+
+Data {
+  Foo = "bar"
+}
diff --git a/internal/resourcehcl/testdata/upstreams.golden b/internal/resourcehcl/testdata/upstreams.golden
new file mode 100644
index 000000000000..26608ae3d5d7
--- /dev/null
+++ b/internal/resourcehcl/testdata/upstreams.golden
@@ -0,0 +1 @@
+{"id":{"name":"api","type":{"group":"mesh","groupVersion":"v1alpha1","kind":"Upstreams"}},"data":{"@type":"hashicorp.consul.mesh.v1alpha1.Upstreams","workloads":{"prefixes":["api"]},"upstreams":[{"destinationRef":{"name":"db","type":{"group":"catalog","groupVersion":"v1alpha1","kind":"Service"}},"destinationPort":"tcp","ipPort":{"port":1234}}]}}
diff --git a/internal/resourcehcl/testdata/upstreams.hcl b/internal/resourcehcl/testdata/upstreams.hcl
new file mode 100644
index 000000000000..c0993e4d5bac
--- /dev/null
+++ b/internal/resourcehcl/testdata/upstreams.hcl
@@ -0,0 +1,25 @@
+ID {
+  Type = gvk("mesh.v1alpha1.Upstreams")
+  Name = "api"
+}
+
+Data {
+  Workloads {
+    Prefixes = ["api"]
+  }
+
+  Upstreams = [
+    {
+      DestinationRef = {
+        Type = gvk("catalog.v1alpha1.Service")
+        Name = "db"
+      }
+
+      DestinationPort = "tcp"
+
+      IpPort = {
+        Port = 1234
+      }
+    }
+  ]
+}
diff --git a/internal/resourcehcl/unmarshal.go b/internal/resourcehcl/unmarshal.go
new file mode 100644
index 000000000000..fba8bbdb53e0
--- /dev/null
+++ b/internal/resourcehcl/unmarshal.go
@@ -0,0 +1,52 @@
+package resourcehcl
+
+import (
+	"reflect"
+
+	"github.com/zclconf/go-cty/cty"
+	"github.com/zclconf/go-cty/cty/function"
+
+	"github.com/hashicorp/consul/internal/protohcl"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+// Unmarshal the given HCL source into a resource.
+func Unmarshal(src []byte, reg resource.Registry) (*pbresource.Resource, error) {
+	return UnmarshalOptions{}.Unmarshal(src, reg)
+}
+
+type UnmarshalOptions struct{ SourceFileName string }
+
+// Unmarshal the given HCL source into a resource.
+func (u UnmarshalOptions) Unmarshal(src []byte, reg resource.Registry) (*pbresource.Resource, error) {
+	var out pbresource.Resource
+	err := (protohcl.UnmarshalOptions{
+		SourceFileName: u.SourceFileName,
+		AnyTypeProvider: anyProvider{
+			base: &protohcl.AnyTypeURLProvider{TypeURLFieldName: "Type"},
+			reg:  reg,
+		},
+		FieldNamer: fieldNamer{acroynms: []string{"ID", "TCP", "UDP", "HTTP"}},
+		Functions:  map[string]function.Function{"gvk": gvk},
+	}).Unmarshal(src, &out)
+	return &out, err
+}
+
+var (
+	typeType = cty.Capsule("type", reflect.TypeOf(pbresource.Type{}))
+
+	gvk = function.New(&function.Spec{
+		Params: []function.Parameter{
+			{Name: "GVK String", Type: cty.String},
+		},
+		Type: function.StaticReturnType(typeType),
+		Impl: func(args []cty.Value, _ cty.Type) (cty.Value, error) {
+			t, err := resource.ParseGVK(args[0].AsString())
+			if err != nil {
+				return cty.NilVal, err
+			}
+			return cty.CapsuleVal(typeType, t), nil
+		},
+	})
+)
diff --git a/internal/resourcehcl/unmarshal_test.go b/internal/resourcehcl/unmarshal_test.go
new file mode 100644
index 000000000000..a47d3c805ce2
--- /dev/null
+++ b/internal/resourcehcl/unmarshal_test.go
@@ -0,0 +1,103 @@
+package resourcehcl_test
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"path"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/encoding/protojson"
+
+	"github.com/hashicorp/consul/internal/mesh"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/resource/demo"
+	"github.com/hashicorp/consul/internal/resourcehcl"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/proto/private/prototest"
+)
+
+var update = flag.Bool("update", false, "update golden files")
+
+func TestUnmarshal(t *testing.T) {
+	entries, err := os.ReadDir("./testdata")
+	require.NoError(t, err)
+
+	read := func(t *testing.T, path string) ([]byte, bool) {
+		t.Helper()
+
+		bytes, err := os.ReadFile(fmt.Sprintf("./testdata/%s", path))
+		switch {
+		case err == nil:
+			return bytes, true
+		case os.IsNotExist(err):
+			return nil, false
+		}
+
+		t.Fatalf("failed to read file %s %v", path, err)
+		return nil, false
+	}
+
+	write := func(t *testing.T, path string, src []byte) {
+		t.Helper()
+
+		require.NoError(t, os.WriteFile(fmt.Sprintf("./testdata/%s", path), src, 0o600))
+	}
+
+	for _, entry := range entries {
+		name := entry.Name()
+		ext := path.Ext(name)
+
+		if ext != ".hcl" {
+			continue
+		}
+
+		base := name[0 : len(name)-len(ext)]
+
+		t.Run(base, func(t *testing.T) {
+			input, _ := read(t, name)
+
+			registry := resource.NewRegistry()
+			demo.RegisterTypes(registry)
+			mesh.RegisterTypes(registry)
+
+			output, err := resourcehcl.UnmarshalOptions{SourceFileName: name}.
+				Unmarshal(input, registry)
+
+			if *update {
+				if err == nil {
+					json, err := protojson.Marshal(output)
+					require.NoError(t, err)
+					write(t, base+".golden", json)
+				} else {
+					write(t, base+".error", []byte(err.Error()))
+				}
+			}
+
+			goldenJSON, haveGoldenJSON := read(t, base+".golden")
+			goldenError, haveGoldenError := read(t, base+".error")
+
+			if haveGoldenError && haveGoldenJSON {
+				t.Fatalf("both %s.golden and %s.error exist, delete one", base, base)
+			}
+
+			if !haveGoldenError && !haveGoldenJSON && !*update {
+				t.Fatalf("neither %s.golden or %s.error exist, run the tests again with the -update flag to create one", base, base)
+			}
+
+			if haveGoldenError {
+				require.Error(t, err)
+				require.Equal(t, string(goldenError), err.Error())
+			}
+
+			if haveGoldenJSON {
+				require.NoError(t, err)
+
+				var exp pbresource.Resource
+				require.NoError(t, protojson.Unmarshal(goldenJSON, &exp))
+				prototest.AssertDeepEqual(t, &exp, output)
+			}
+		})
+	}
+}

From cda884ac819783b9c148de019444e45a5bab6669 Mon Sep 17 00:00:00 2001
From: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com>
Date: Fri, 11 Aug 2023 14:11:11 -0700
Subject: [PATCH 278/359] read endpoint (#18268)

implement http read endpoint to expose resource grpc service read method
---
 internal/resource/http/http.go      |  94 +++++++++++++++-------
 internal/resource/http/http_test.go | 119 ++++++++++++++++++----------
 2 files changed, 144 insertions(+), 69 deletions(-)

diff --git a/internal/resource/http/http.go b/internal/resource/http/http.go
index b6a018c40578..569f143e2fd5 100644
--- a/internal/resource/http/http.go
+++ b/internal/resource/http/http.go
@@ -59,6 +59,8 @@ func (h *resourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case http.MethodPut:
 		h.handleWrite(w, r, ctx)
+	case http.MethodGet:
+		h.handleRead(w, r, ctx)
 	case http.MethodDelete:
 		h.handleDelete(w, r, ctx)
 	default:
@@ -88,17 +90,17 @@ func (h *resourceHandler) handleWrite(w http.ResponseWriter, r *http.Request, ct
 		return
 	}
 
-	tenancyInfo, resourceName, version := parseParams(r)
+	tenancyInfo, params := parseParams(r)
 
 	rsp, err := h.client.Write(ctx, &pbresource.WriteRequest{
 		Resource: &pbresource.Resource{
 			Id: &pbresource.ID{
 				Type:    h.reg.Type,
 				Tenancy: tenancyInfo,
-				Name:    resourceName,
+				Name:    params["resourceName"],
 			},
 			Owner:    req.Owner,
-			Version:  version,
+			Version:  params["version"],
 			Metadata: req.Metadata,
 			Data:     anyProtoMsg,
 		},
@@ -117,18 +119,71 @@ func (h *resourceHandler) handleWrite(w http.ResponseWriter, r *http.Request, ct
 	w.Write(output)
 }
 
-func parseParams(r *http.Request) (tenancy *pbresource.Tenancy, resourceName string, version string) {
-	params := r.URL.Query()
+func (h *resourceHandler) handleRead(w http.ResponseWriter, r *http.Request, ctx context.Context) {
+	tenancyInfo, params := parseParams(r)
+	if params["consistent"] != "" {
+		ctx = metadata.AppendToOutgoingContext(ctx, "x-consul-consistency-mode", "consistent")
+	}
+
+	rsp, err := h.client.Read(ctx, &pbresource.ReadRequest{
+		Id: &pbresource.ID{
+			Type:    h.reg.Type,
+			Tenancy: tenancyInfo,
+			Name:    params["resourceName"],
+		},
+	})
+	if err != nil {
+		handleResponseError(err, w, h)
+		return
+	}
+
+	output, err := jsonMarshal(rsp.Resource)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		h.logger.Error("Failed to unmarshal GRPC resource response", "error", err)
+		return
+	}
+	w.Write(output)
+}
+
+// Note: The HTTP endpoints do not accept UID since it is quite unlikely that the user will have access to it
+func (h *resourceHandler) handleDelete(w http.ResponseWriter, r *http.Request, ctx context.Context) {
+	tenancyInfo, params := parseParams(r)
+	_, err := h.client.Delete(ctx, &pbresource.DeleteRequest{
+		Id: &pbresource.ID{
+			Type:    h.reg.Type,
+			Tenancy: tenancyInfo,
+			Name:    params["resourceName"],
+		},
+		Version: params["version"],
+	})
+	if err != nil {
+		handleResponseError(err, w, h)
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+	w.Write([]byte("{}"))
+}
+
+func parseParams(r *http.Request) (tenancy *pbresource.Tenancy, params map[string]string) {
+	query := r.URL.Query()
 	tenancy = &pbresource.Tenancy{
-		Partition: params.Get("partition"),
-		PeerName:  params.Get("peer_name"),
-		Namespace: params.Get("namespace"),
+		Partition: query.Get("partition"),
+		PeerName:  query.Get("peer_name"),
+		Namespace: query.Get("namespace"),
 	}
-	resourceName = path.Base(r.URL.Path)
+
+	resourceName := path.Base(r.URL.Path)
 	if resourceName == "." || resourceName == "/" {
 		resourceName = ""
 	}
-	version = params.Get("version")
+
+	params = make(map[string]string)
+	params["resourceName"] = resourceName
+	params["version"] = query.Get("version")
+	if _, ok := query["consistent"]; ok {
+		params["consistent"] = "true"
+	}
 
 	return
 }
@@ -173,22 +228,3 @@ func handleResponseError(err error, w http.ResponseWriter, h *resourceHandler) {
 	}
 	w.Write([]byte(err.Error()))
 }
-
-// Note: The HTTP endpoints do not accept UID since it is quite unlikely that the user will have access to it
-func (h *resourceHandler) handleDelete(w http.ResponseWriter, r *http.Request, ctx context.Context) {
-	tenancyInfo, resourceName, version := parseParams(r)
-	_, err := h.client.Delete(ctx, &pbresource.DeleteRequest{
-		Id: &pbresource.ID{
-			Type:    h.reg.Type,
-			Tenancy: tenancyInfo,
-			Name:    resourceName,
-		},
-		Version: version,
-	})
-	if err != nil {
-		handleResponseError(err, w, h)
-		return
-	}
-	w.WriteHeader(http.StatusNoContent)
-	w.Write([]byte("{}"))
-}
diff --git a/internal/resource/http/http_test.go b/internal/resource/http/http_test.go
index 6747fb251a5a..07c2b9dbc821 100644
--- a/internal/resource/http/http_test.go
+++ b/internal/resource/http/http_test.go
@@ -27,6 +27,7 @@ import (
 
 const testACLTokenArtistReadPolicy = "00000000-0000-0000-0000-000000000001"
 const testACLTokenArtistWritePolicy = "00000000-0000-0000-0000-000000000002"
+const fakeToken = "fake-token"
 
 func parseToken(req *http.Request, token *string) {
 	*token = req.Header.Get("x-consul-token")
@@ -109,25 +110,9 @@ func TestResourceWriteHandler(t *testing.T) {
 
 	client := svctest.RunResourceServiceWithACL(t, aclResolver, demo.RegisterTypes)
 
-	v1ArtistHandler := resourceHandler{
-		resource.Registration{
-			Type:  demo.TypeV1Artist,
-			Proto: &pbdemov1.Artist{},
-		},
-		client,
-		parseToken,
-		hclog.NewNullLogger(),
-	}
-
-	v2ArtistHandler := resourceHandler{
-		resource.Registration{
-			Type:  demo.TypeV2Artist,
-			Proto: &pbdemov2.Artist{},
-		},
-		client,
-		parseToken,
-		hclog.NewNullLogger(),
-	}
+	r := resource.NewRegistry()
+	demo.RegisterTypes(r)
+	handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
 
 	t.Run("should be blocked if the token is not authorized", func(t *testing.T) {
 		rsp := httptest.NewRecorder()
@@ -145,7 +130,7 @@ func TestResourceWriteHandler(t *testing.T) {
 
 		req.Header.Add("x-consul-token", testACLTokenArtistReadPolicy)
 
-		v2ArtistHandler.ServeHTTP(rsp, req)
+		handler.ServeHTTP(rsp, req)
 
 		require.Equal(t, http.StatusForbidden, rsp.Result().StatusCode)
 	})
@@ -166,7 +151,7 @@ func TestResourceWriteHandler(t *testing.T) {
 
 		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
 
-		v2ArtistHandler.ServeHTTP(rsp, req)
+		handler.ServeHTTP(rsp, req)
 
 		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
 
@@ -206,7 +191,7 @@ func TestResourceWriteHandler(t *testing.T) {
 
 		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
 
-		v2ArtistHandler.ServeHTTP(rsp, req)
+		handler.ServeHTTP(rsp, req)
 
 		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
 		var result map[string]any
@@ -231,7 +216,7 @@ func TestResourceWriteHandler(t *testing.T) {
 
 		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
 
-		v2ArtistHandler.ServeHTTP(rsp, req)
+		handler.ServeHTTP(rsp, req)
 
 		require.Equal(t, http.StatusConflict, rsp.Result().StatusCode)
 	})
@@ -265,7 +250,7 @@ func TestResourceWriteHandler(t *testing.T) {
 
 		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
 
-		v1ArtistHandler.ServeHTTP(rsp, req)
+		handler.ServeHTTP(rsp, req)
 
 		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
 
@@ -291,7 +276,7 @@ func TestResourceWriteHandler(t *testing.T) {
 	})
 }
 
-func createResource(t *testing.T, artistHandler resourceHandler) {
+func createResource(t *testing.T, artistHandler http.Handler) map[string]any {
 	rsp := httptest.NewRecorder()
 	req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(`
 		{
@@ -309,6 +294,65 @@ func createResource(t *testing.T, artistHandler resourceHandler) {
 
 	artistHandler.ServeHTTP(rsp, req)
 	require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
+
+	var result map[string]any
+	require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
+	return result
+}
+
+func TestResourceReadHandler(t *testing.T) {
+	aclResolver := &resourceSvc.MockACLResolver{}
+	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything).
+		Return(svctest.AuthorizerFrom(t, demo.ArtistV1ReadPolicy, demo.ArtistV2ReadPolicy), nil)
+	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything).
+		Return(svctest.AuthorizerFrom(t, demo.ArtistV1WritePolicy, demo.ArtistV2WritePolicy), nil)
+	aclResolver.On("ResolveTokenAndDefaultMeta", fakeToken, mock.Anything, mock.Anything).
+		Return(svctest.AuthorizerFrom(t, ""), nil)
+
+	client := svctest.RunResourceServiceWithACL(t, aclResolver, demo.RegisterTypes)
+
+	r := resource.NewRegistry()
+	demo.RegisterTypes(r)
+	handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
+
+	createdResource := createResource(t, handler)
+
+	t.Run("Read resource", func(t *testing.T) {
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("GET", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&consistent", nil)
+
+		req.Header.Add("x-consul-token", testACLTokenArtistReadPolicy)
+
+		handler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
+
+		var result map[string]any
+		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
+		require.Equal(t, result, createdResource)
+	})
+
+	t.Run("should not be found if resource not exist", func(t *testing.T) {
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("GET", "/demo/v2/artist/keith-not-exist?partition=default&peer_name=local&namespace=default&consistent", nil)
+
+		req.Header.Add("x-consul-token", testACLTokenArtistReadPolicy)
+
+		handler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusNotFound, rsp.Result().StatusCode)
+	})
+
+	t.Run("should be blocked if the token is not authorized", func(t *testing.T) {
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("GET", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&consistent", nil)
+
+		req.Header.Add("x-consul-token", fakeToken)
+
+		handler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusForbidden, rsp.Result().StatusCode)
+	})
 }
 
 func TestResourceDeleteHandler(t *testing.T) {
@@ -320,38 +364,33 @@ func TestResourceDeleteHandler(t *testing.T) {
 
 	client := svctest.RunResourceServiceWithACL(t, aclResolver, demo.RegisterTypes)
 
-	v2ArtistHandler := resourceHandler{
-		resource.Registration{
-			Type:  demo.TypeV2Artist,
-			Proto: &pbdemov2.Artist{},
-		},
-		client,
-		parseToken,
-		hclog.NewNullLogger(),
-	}
+	r := resource.NewRegistry()
+	demo.RegisterTypes(r)
+
+	handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
 
 	t.Run("should surface PermissionDenied error from resource service", func(t *testing.T) {
-		createResource(t, v2ArtistHandler)
+		createResource(t, handler)
 
 		deleteRsp := httptest.NewRecorder()
 		deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
 
 		deletReq.Header.Add("x-consul-token", testACLTokenArtistReadPolicy)
 
-		v2ArtistHandler.ServeHTTP(deleteRsp, deletReq)
+		handler.ServeHTTP(deleteRsp, deletReq)
 
 		require.Equal(t, http.StatusForbidden, deleteRsp.Result().StatusCode)
 	})
 
 	t.Run("should delete a resource without version", func(t *testing.T) {
-		createResource(t, v2ArtistHandler)
+		createResource(t, handler)
 
 		deleteRsp := httptest.NewRecorder()
 		deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
 
 		deletReq.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
 
-		v2ArtistHandler.ServeHTTP(deleteRsp, deletReq)
+		handler.ServeHTTP(deleteRsp, deletReq)
 
 		require.Equal(t, http.StatusNoContent, deleteRsp.Result().StatusCode)
 
@@ -370,14 +409,14 @@ func TestResourceDeleteHandler(t *testing.T) {
 	})
 
 	t.Run("should delete a resource with version", func(t *testing.T) {
-		createResource(t, v2ArtistHandler)
+		createResource(t, handler)
 
 		rsp := httptest.NewRecorder()
 		req := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=1", strings.NewReader(""))
 
 		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
 
-		v2ArtistHandler.ServeHTTP(rsp, req)
+		handler.ServeHTTP(rsp, req)
 
 		require.Equal(t, http.StatusNoContent, rsp.Result().StatusCode)
 

From f88d4fe28f0f346ced6ddc3483c387fa5739b8b2 Mon Sep 17 00:00:00 2001
From: Poonam Jadhav <poonam.jadhav@hashicorp.com>
Date: Tue, 15 Aug 2023 09:11:50 -0400
Subject: [PATCH 279/359] Net-2707/list resource endpoint (#18444)

feat: list resources endpoint
---
 internal/resource/http/http.go      |  92 +++++++++++---
 internal/resource/http/http_test.go | 178 ++++++++++++++++++++++++++--
 2 files changed, 249 insertions(+), 21 deletions(-)

diff --git a/internal/resource/http/http.go b/internal/resource/http/http.go
index 569f143e2fd5..2a5cfce1fb2b 100644
--- a/internal/resource/http/http.go
+++ b/internal/resource/http/http.go
@@ -23,6 +23,11 @@ import (
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
+const (
+	HeaderConsulToken     = "x-consul-token"
+	HeaderConsistencyMode = "x-consul-consistency-mode"
+)
+
 func NewHandler(
 	client pbresource.ResourceServiceClient,
 	registry resource.Registry,
@@ -30,8 +35,12 @@ func NewHandler(
 	logger hclog.Logger) http.Handler {
 	mux := http.NewServeMux()
 	for _, t := range registry.Types() {
-		// Individual Resource Endpoints.
-		prefix := strings.ToLower(fmt.Sprintf("/%s/%s/%s/", t.Type.Group, t.Type.GroupVersion, t.Type.Kind))
+		// List Endpoint
+		base := strings.ToLower(fmt.Sprintf("/%s/%s/%s", t.Type.Group, t.Type.GroupVersion, t.Type.Kind))
+		mux.Handle(base, http.StripPrefix(base, &listHandler{t, client, parseToken, logger}))
+
+		// Individual Resource Endpoints
+		prefix := strings.ToLower(fmt.Sprintf("%s/", base))
 		logger.Info("Registered resource endpoint", "endpoint", prefix)
 		mux.Handle(prefix, http.StripPrefix(prefix, &resourceHandler{t, client, parseToken, logger}))
 	}
@@ -55,7 +64,7 @@ type resourceHandler struct {
 func (h *resourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	var token string
 	h.parseToken(r, &token)
-	ctx := metadata.AppendToOutgoingContext(r.Context(), "x-consul-token", token)
+	ctx := metadata.AppendToOutgoingContext(r.Context(), HeaderConsulToken, token)
 	switch r.Method {
 	case http.MethodPut:
 		h.handleWrite(w, r, ctx)
@@ -106,7 +115,7 @@ func (h *resourceHandler) handleWrite(w http.ResponseWriter, r *http.Request, ct
 		},
 	})
 	if err != nil {
-		handleResponseError(err, w, h)
+		handleResponseError(err, w, h.logger)
 		return
 	}
 
@@ -133,7 +142,7 @@ func (h *resourceHandler) handleRead(w http.ResponseWriter, r *http.Request, ctx
 		},
 	})
 	if err != nil {
-		handleResponseError(err, w, h)
+		handleResponseError(err, w, h.logger)
 		return
 	}
 
@@ -158,7 +167,7 @@ func (h *resourceHandler) handleDelete(w http.ResponseWriter, r *http.Request, c
 		Version: params["version"],
 	})
 	if err != nil {
-		handleResponseError(err, w, h)
+		handleResponseError(err, w, h.logger)
 		return
 	}
 	w.WriteHeader(http.StatusNoContent)
@@ -181,11 +190,12 @@ func parseParams(r *http.Request) (tenancy *pbresource.Tenancy, params map[strin
 	params = make(map[string]string)
 	params["resourceName"] = resourceName
 	params["version"] = query.Get("version")
+	params["namePrefix"] = query.Get("name_prefix")
 	if _, ok := query["consistent"]; ok {
 		params["consistent"] = "true"
 	}
 
-	return
+	return tenancy, params
 }
 
 func jsonMarshal(res *pbresource.Resource) ([]byte, error) {
@@ -203,28 +213,82 @@ func jsonMarshal(res *pbresource.Resource) ([]byte, error) {
 	return json.MarshalIndent(stuff, "", "  ")
 }
 
-func handleResponseError(err error, w http.ResponseWriter, h *resourceHandler) {
+func handleResponseError(err error, w http.ResponseWriter, logger hclog.Logger) {
 	if e, ok := status.FromError(err); ok {
 		switch e.Code() {
 		case codes.InvalidArgument:
 			w.WriteHeader(http.StatusBadRequest)
-			h.logger.Info("User has mal-formed request", "error", err)
+			logger.Info("User has mal-formed request", "error", err)
 		case codes.NotFound:
 			w.WriteHeader(http.StatusNotFound)
-			h.logger.Info("Received error from resource service: Not found", "error", err)
+			logger.Info("Received error from resource service: Not found", "error", err)
 		case codes.PermissionDenied:
 			w.WriteHeader(http.StatusForbidden)
-			h.logger.Info("Received error from resource service: User not authenticated", "error", err)
+			logger.Info("Received error from resource service: User not authenticated", "error", err)
 		case codes.Aborted:
 			w.WriteHeader(http.StatusConflict)
-			h.logger.Info("Received error from resource service: the request conflict with the current state of the target resource", "error", err)
+			logger.Info("Received error from resource service: the request conflict with the current state of the target resource", "error", err)
 		default:
 			w.WriteHeader(http.StatusInternalServerError)
-			h.logger.Error("Received error from resource service", "error", err)
+			logger.Error("Received error from resource service", "error", err)
 		}
 	} else {
 		w.WriteHeader(http.StatusInternalServerError)
-		h.logger.Error("Received error from resource service: not able to parse error returned", "error", err)
+		logger.Error("Received error from resource service: not able to parse error returned", "error", err)
 	}
 	w.Write([]byte(err.Error()))
 }
+
+type listHandler struct {
+	reg        resource.Registration
+	client     pbresource.ResourceServiceClient
+	parseToken func(req *http.Request, token *string)
+	logger     hclog.Logger
+}
+
+func (h *listHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		return
+	}
+
+	var token string
+	h.parseToken(r, &token)
+	ctx := metadata.AppendToOutgoingContext(r.Context(), HeaderConsulToken, token)
+
+	tenancyInfo, params := parseParams(r)
+	if params["consistent"] == "true" {
+		ctx = metadata.AppendToOutgoingContext(ctx, HeaderConsistencyMode, "consistent")
+	}
+
+	rsp, err := h.client.List(ctx, &pbresource.ListRequest{
+		Type:       h.reg.Type,
+		Tenancy:    tenancyInfo,
+		NamePrefix: params["namePrefix"],
+	})
+	if err != nil {
+		handleResponseError(err, w, h.logger)
+		return
+	}
+
+	output := make([]json.RawMessage, len(rsp.Resources))
+	for idx, res := range rsp.Resources {
+		b, err := jsonMarshal(res)
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			h.logger.Error("Failed to unmarshal GRPC resource response", "error", err)
+			return
+		}
+		output[idx] = b
+	}
+
+	b, err := json.MarshalIndent(struct {
+		Resources []json.RawMessage `json:"resources"`
+	}{output}, "", "  ")
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		h.logger.Error("Failed to correctly format the list response", "error", err)
+		return
+	}
+	w.Write(b)
+}
diff --git a/internal/resource/http/http_test.go b/internal/resource/http/http_test.go
index 07c2b9dbc821..1edef161fb26 100644
--- a/internal/resource/http/http_test.go
+++ b/internal/resource/http/http_test.go
@@ -5,6 +5,7 @@ package http
 
 import (
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -27,6 +28,7 @@ import (
 
 const testACLTokenArtistReadPolicy = "00000000-0000-0000-0000-000000000001"
 const testACLTokenArtistWritePolicy = "00000000-0000-0000-0000-000000000002"
+const testACLTokenArtistListPolicy = "00000000-0000-0000-0000-000000000003"
 const fakeToken = "fake-token"
 
 func parseToken(req *http.Request, token *string) {
@@ -276,15 +278,27 @@ func TestResourceWriteHandler(t *testing.T) {
 	})
 }
 
-func createResource(t *testing.T, artistHandler http.Handler) map[string]any {
+type ResourceUri struct {
+	group        string
+	version      string
+	kind         string
+	resourceName string
+}
+
+func createResource(t *testing.T, artistHandler http.Handler, resourceUri *ResourceUri) map[string]any {
 	rsp := httptest.NewRecorder()
-	req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(`
+
+	if resourceUri == nil {
+		resourceUri = &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "keith-urban"}
+	}
+
+	req := httptest.NewRequest("PUT", fmt.Sprintf("/%s/%s/%s/%s?partition=default&peer_name=local&namespace=default", resourceUri.group, resourceUri.version, resourceUri.kind, resourceUri.resourceName), strings.NewReader(`
 		{
 			"metadata": {
 				"foo": "bar"
 			},
 			"data": {
-				"name": "Keith Urban",
+				"name": "test",
 				"genre": "GENRE_COUNTRY"
 			}
 		}
@@ -300,6 +314,21 @@ func createResource(t *testing.T, artistHandler http.Handler) map[string]any {
 	return result
 }
 
+func deleteResource(t *testing.T, artistHandler http.Handler, resourceUri *ResourceUri) {
+	rsp := httptest.NewRecorder()
+
+	if resourceUri == nil {
+		resourceUri = &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "keith-urban"}
+	}
+
+	req := httptest.NewRequest("DELETE", fmt.Sprintf("/%s/%s/%s/%s?partition=default&peer_name=local&namespace=default", resourceUri.group, resourceUri.version, resourceUri.kind, resourceUri.resourceName), strings.NewReader(""))
+
+	req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
+
+	artistHandler.ServeHTTP(rsp, req)
+	require.Equal(t, http.StatusNoContent, rsp.Result().StatusCode)
+}
+
 func TestResourceReadHandler(t *testing.T) {
 	aclResolver := &resourceSvc.MockACLResolver{}
 	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything).
@@ -315,7 +344,7 @@ func TestResourceReadHandler(t *testing.T) {
 	demo.RegisterTypes(r)
 	handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
 
-	createdResource := createResource(t, handler)
+	createdResource := createResource(t, handler, nil)
 
 	t.Run("Read resource", func(t *testing.T) {
 		rsp := httptest.NewRecorder()
@@ -370,7 +399,7 @@ func TestResourceDeleteHandler(t *testing.T) {
 	handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
 
 	t.Run("should surface PermissionDenied error from resource service", func(t *testing.T) {
-		createResource(t, handler)
+		createResource(t, handler, nil)
 
 		deleteRsp := httptest.NewRecorder()
 		deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
@@ -383,7 +412,7 @@ func TestResourceDeleteHandler(t *testing.T) {
 	})
 
 	t.Run("should delete a resource without version", func(t *testing.T) {
-		createResource(t, handler)
+		createResource(t, handler, nil)
 
 		deleteRsp := httptest.NewRecorder()
 		deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
@@ -409,12 +438,13 @@ func TestResourceDeleteHandler(t *testing.T) {
 	})
 
 	t.Run("should delete a resource with version", func(t *testing.T) {
-		createResource(t, handler)
+		createResource(t, handler, nil)
 
 		rsp := httptest.NewRecorder()
 		req := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=1", strings.NewReader(""))
 
 		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
+		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
 
 		handler.ServeHTTP(rsp, req)
 
@@ -430,3 +460,137 @@ func TestResourceDeleteHandler(t *testing.T) {
 		require.ErrorContains(t, err, "resource not found")
 	})
 }
+
+func TestResourceListHandler(t *testing.T) {
+	aclResolver := &resourceSvc.MockACLResolver{}
+	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistListPolicy, mock.Anything, mock.Anything).
+		Return(svctest.AuthorizerFrom(t, demo.ArtistV2ListPolicy), nil)
+	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything).
+		Return(svctest.AuthorizerFrom(t, demo.ArtistV2WritePolicy), nil)
+
+	client := svctest.RunResourceServiceWithACL(t, aclResolver, demo.RegisterTypes)
+
+	r := resource.NewRegistry()
+	demo.RegisterTypes(r)
+
+	handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
+
+	t.Run("should return MethodNotAllowed", func(t *testing.T) {
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("PUT", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
+
+		handler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusMethodNotAllowed, rsp.Result().StatusCode)
+	})
+
+	t.Run("should be blocked if the token is not authorized", func(t *testing.T) {
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
+
+		handler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusForbidden, rsp.Result().StatusCode)
+	})
+
+	t.Run("should return list of resources", func(t *testing.T) {
+		resourceUri1 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "steve"}
+		resource1 := createResource(t, handler, resourceUri1)
+		resourceUri2 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "elvis"}
+		resource2 := createResource(t, handler, resourceUri2)
+
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
+
+		handler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
+
+		var result map[string]any
+		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
+
+		resources, _ := result["resources"].([]any)
+		require.Len(t, resources, 2)
+
+		expected := []map[string]any{resource1, resource2}
+		require.Contains(t, expected, resources[0])
+		require.Contains(t, expected, resources[1])
+
+		// clean up
+		deleteResource(t, handler, resourceUri1)
+		deleteResource(t, handler, resourceUri2)
+	})
+
+	t.Run("should return empty list when no resources are found", func(t *testing.T) {
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
+
+		handler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
+
+		var result map[string]any
+		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
+
+		resources, _ := result["resources"].([]any)
+		require.Len(t, resources, 0)
+	})
+
+	t.Run("should return empty list when name prefix matches don't match", func(t *testing.T) {
+		createResource(t, handler, nil)
+
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default&name_prefix=noname", strings.NewReader(""))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
+
+		handler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
+
+		var result map[string]any
+		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
+
+		resources, _ := result["resources"].([]any)
+		require.Len(t, resources, 0)
+
+		// clean up
+		deleteResource(t, handler, nil)
+	})
+
+	t.Run("should return list of resources matching name prefix", func(t *testing.T) {
+		resourceUri1 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "steve"}
+		resource1 := createResource(t, handler, resourceUri1)
+		resourceUri2 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "elvis"}
+		createResource(t, handler, resourceUri2)
+
+		rsp := httptest.NewRecorder()
+		req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default&name_prefix=steve", strings.NewReader(""))
+
+		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
+
+		handler.ServeHTTP(rsp, req)
+
+		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
+
+		var result map[string]any
+		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
+
+		resources, _ := result["resources"].([]any)
+		require.Len(t, resources, 1)
+
+		require.Equal(t, resource1, resources[0])
+
+		// clean up
+		deleteResource(t, handler, resourceUri1)
+		deleteResource(t, handler, resourceUri2)
+	})
+}

From d565056fb0352f67b110fdba2c3948822624be9d Mon Sep 17 00:00:00 2001
From: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Date: Tue, 15 Aug 2023 08:04:21 -0700
Subject: [PATCH 280/359] Fix incorrect yaml in examples (#18463)

---
 .../connect/config-entries/service-intentions.mdx    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/website/content/docs/connect/config-entries/service-intentions.mdx b/website/content/docs/connect/config-entries/service-intentions.mdx
index b03fa555a30f..8d7572c7721a 100644
--- a/website/content/docs/connect/config-entries/service-intentions.mdx
+++ b/website/content/docs/connect/config-entries/service-intentions.mdx
@@ -209,7 +209,7 @@ spec:
                 path: [<aud>]
                 value: <api.apps.organization.com>
   sources:
-    name: <name of service sending traffic>
+  - name: <name of service sending traffic>
     peer: <name of cluster containing source service>
     namespace: <namespace containing source service>
     partition: <sources-partition>
@@ -1509,15 +1509,15 @@ Sources = [
     name: backend
   spec:
     sources:
-      name: frontend
+    - name: frontend
       permissions:
-        http:
+      - http:
           pathExact: /admin
         jwt:
           providers:
-            name: okta
+          - name: okta
             verifyClaims:
-              path: 
+            - path: 
                 - perms
                 - role
               value: admin
@@ -1564,4 +1564,4 @@ Sources = [
 }
 ```
 
-</CodeTabs>
\ No newline at end of file
+</CodeTabs>

From 0e94f48ce025313ef882c8dc39080ded3ca1a2cc Mon Sep 17 00:00:00 2001
From: Anita Akaeze <anita.akaeze@hashicorp.com>
Date: Tue, 15 Aug 2023 12:34:02 -0400
Subject: [PATCH 281/359] NET-5187: Upgrade test timeout due to log producer
 errors (#18461)

Stop log producer before restarting container
---
 .../consul-container/libs/service/connect.go  | 24 +++++++++++++++----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/test/integration/consul-container/libs/service/connect.go b/test/integration/consul-container/libs/service/connect.go
index 5b467845bed5..4d72bc9ffb83 100644
--- a/test/integration/consul-container/libs/service/connect.go
+++ b/test/integration/consul-container/libs/service/connect.go
@@ -68,14 +68,17 @@ func (g ConnectContainer) GetPort(port int) (int, error) {
 }
 
 func (g ConnectContainer) Restart() error {
-	_, err := g.GetStatus()
-	if err != nil {
-		return fmt.Errorf("error fetching sidecar container state %s", err)
+	var deferClean utils.ResettableDefer
+	defer deferClean.Execute()
+
+	if utils.FollowLog {
+		if err := g.container.StopLogProducer(); err != nil {
+			return fmt.Errorf("stopping log producer: %w", err)
+		}
 	}
 
 	fmt.Printf("Stopping container: %s\n", g.GetName())
-	err = g.container.Stop(g.ctx, nil)
-
+	err := g.container.Stop(g.ctx, nil)
 	if err != nil {
 		return fmt.Errorf("error stopping sidecar container %s", err)
 	}
@@ -85,6 +88,17 @@ func (g ConnectContainer) Restart() error {
 	if err != nil {
 		return fmt.Errorf("error starting sidecar container %s", err)
 	}
+
+	if utils.FollowLog {
+		if err := g.container.StartLogProducer(g.ctx); err != nil {
+			return fmt.Errorf("starting log producer: %w", err)
+		}
+		g.container.FollowOutput(&LogConsumer{})
+		deferClean.Add(func() {
+			_ = g.container.StopLogProducer()
+		})
+	}
+
 	return nil
 }
 

From 6b7ccd06cfd6e2bfa5b277614a5d7821899d6beb Mon Sep 17 00:00:00 2001
From: Nitya Dhanushkodi <nitya@hashicorp.com>
Date: Tue, 15 Aug 2023 11:57:07 -0700
Subject: [PATCH 282/359] [NET-4799] [OSS] xdsv2: listeners L4 support for
 connect proxies (#18436)

* refactor to avoid future import cycles
---
 agent/xds/clusters.go                         |   22 +-
 agent/xds/{ => config}/config.go              |    2 +-
 agent/xds/{ => config}/config_test.go         |    2 +-
 agent/xds/configfetcher/config_fetcher.go     |    7 +
 agent/xds/listeners.go                        |   33 +-
 agent/xds/listeners_apigateway.go             |    3 +-
 agent/xds/listeners_ingress.go                |    3 +-
 agent/xds/listeners_test.go                   |  115 +-
 agent/xds/{ => naming}/naming.go              |   12 +-
 agent/xds/{ => platform}/net_fallback.go      |    4 +-
 agent/xds/{ => platform}/net_linux.go         |    4 +-
 agent/xds/proxystateconverter/clusters.go     |   74 +
 agent/xds/proxystateconverter/converter.go    |  118 ++
 agent/xds/proxystateconverter/listeners.go    | 1694 +++++++++++++++++
 agent/xds/resources.go                        |    5 +-
 agent/xds/routes.go                           |    5 +-
 agent/xds/server.go                           |   18 +-
 agent/xdsv2/cluster_resources.go              |    6 +
 agent/xdsv2/listener_resources.go             |  967 ++++++++++
 agent/xdsv2/resources.go                      |   69 +
 agent/xdsv2/route_resources.go                |   20 +
 .../pbmesh/v1alpha1/proxy_state.pb.go         |    3 +-
 .../pbmesh/v1alpha1/proxy_state.proto         |    3 +-
 test/integration/connect/envoy/helpers.bash   |    2 +-
 .../connect/envoy/helpers.windows.bash        |    2 +-
 25 files changed, 3104 insertions(+), 89 deletions(-)
 rename agent/xds/{ => config}/config.go (99%)
 rename agent/xds/{ => config}/config_test.go (99%)
 create mode 100644 agent/xds/configfetcher/config_fetcher.go
 rename agent/xds/{ => naming}/naming.go (52%)
 rename agent/xds/{ => platform}/net_fallback.go (70%)
 rename agent/xds/{ => platform}/net_linux.go (92%)
 create mode 100644 agent/xds/proxystateconverter/clusters.go
 create mode 100644 agent/xds/proxystateconverter/converter.go
 create mode 100644 agent/xds/proxystateconverter/listeners.go
 create mode 100644 agent/xdsv2/cluster_resources.go
 create mode 100644 agent/xdsv2/listener_resources.go
 create mode 100644 agent/xdsv2/resources.go
 create mode 100644 agent/xdsv2/route_resources.go

diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go
index 6907b9bc4686..f56700c02a91 100644
--- a/agent/xds/clusters.go
+++ b/agent/xds/clusters.go
@@ -19,6 +19,8 @@ import (
 	envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
 	envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
 	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
+	"github.com/hashicorp/consul/agent/xds/config"
+	"github.com/hashicorp/consul/agent/xds/naming"
 
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/protobuf/encoding/protojson"
@@ -366,7 +368,7 @@ func makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message,
 		!meshConf.TransparentProxy.MeshDestinationsOnly {
 
 		clusters = append(clusters, &envoy_cluster_v3.Cluster{
-			Name: OriginalDestinationClusterName,
+			Name: naming.OriginalDestinationClusterName,
 			ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{
 				Type: envoy_cluster_v3.Cluster_ORIGINAL_DST,
 			},
@@ -1041,7 +1043,7 @@ func (s *ResourceGenerator) configIngressUpstreamCluster(c *envoy_cluster_v3.Clu
 	if svc != nil {
 		override = svc.PassiveHealthCheck
 	}
-	outlierDetection := ToOutlierDetection(cfgSnap.IngressGateway.Defaults.PassiveHealthCheck, override, false)
+	outlierDetection := config.ToOutlierDetection(cfgSnap.IngressGateway.Defaults.PassiveHealthCheck, override, false)
 
 	c.OutlierDetection = outlierDetection
 }
@@ -1050,7 +1052,7 @@ func (s *ResourceGenerator) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, nam
 	var c *envoy_cluster_v3.Cluster
 	var err error
 
-	cfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
+	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1144,7 +1146,7 @@ func (s *ResourceGenerator) makeUpstreamClusterForPeerService(
 
 	clusterName := generatePeeredClusterName(uid, tbs)
 
-	outlierDetection := ToOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true)
+	outlierDetection := config.ToOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true)
 	// We can't rely on health checks for services on cluster peers because they
 	// don't take into account service resolvers, splitters and routers. Setting
 	// MaxEjectionPercent too 100% gives outlier detection the power to eject the
@@ -1279,7 +1281,7 @@ func (s *ResourceGenerator) makeUpstreamClusterForPreparedQuery(upstream structs
 			CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{
 				Thresholds: makeThresholdsIfNeeded(cfg.Limits),
 			},
-			OutlierDetection: ToOutlierDetection(cfg.PassiveHealthCheck, nil, true),
+			OutlierDetection: config.ToOutlierDetection(cfg.PassiveHealthCheck, nil, true),
 		}
 		if cfg.Protocol == "http2" || cfg.Protocol == "grpc" {
 			if err := s.setHttp2ProtocolOptions(c); err != nil {
@@ -1499,7 +1501,7 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain(
 				CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{
 					Thresholds: makeThresholdsIfNeeded(upstreamConfig.Limits),
 				},
-				OutlierDetection: ToOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true),
+				OutlierDetection: config.ToOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true),
 			}
 
 			var lb *structs.LoadBalancer
@@ -1676,7 +1678,7 @@ type clusterOpts struct {
 
 // makeGatewayCluster creates an Envoy cluster for a mesh or terminating gateway
 func (s *ResourceGenerator) makeGatewayCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster {
-	cfg, err := ParseGatewayConfig(snap.Proxy.Config)
+	cfg, err := config.ParseGatewayConfig(snap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1819,7 +1821,7 @@ func configureClusterWithHostnames(
 // makeExternalIPCluster creates an Envoy cluster for routing to IP addresses outside of Consul
 // This is used by terminating gateways for Destinations
 func (s *ResourceGenerator) makeExternalIPCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster {
-	cfg, err := ParseGatewayConfig(snap.Proxy.Config)
+	cfg, err := config.ParseGatewayConfig(snap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1858,7 +1860,7 @@ func (s *ResourceGenerator) makeExternalIPCluster(snap *proxycfg.ConfigSnapshot,
 // makeExternalHostnameCluster creates an Envoy cluster for hostname endpoints that will be resolved with DNS
 // This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffice
 func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster {
-	cfg, err := ParseGatewayConfig(snap.Proxy.Config)
+	cfg, err := config.ParseGatewayConfig(snap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -2044,7 +2046,7 @@ func (s *ResourceGenerator) getTargetClusterName(upstreamsSnapshot *proxycfg.Con
 
 		clusterName = generatePeeredClusterName(targetUID, tbs)
 	}
-	clusterName = CustomizeClusterName(clusterName, chain)
+	clusterName = naming.CustomizeClusterName(clusterName, chain)
 	if forMeshGateway {
 		clusterName = meshGatewayExportedClusterNamePrefix + clusterName
 	}
diff --git a/agent/xds/config.go b/agent/xds/config/config.go
similarity index 99%
rename from agent/xds/config.go
rename to agent/xds/config/config.go
index 958326afaabc..32c46d07d3ef 100644
--- a/agent/xds/config.go
+++ b/agent/xds/config/config.go
@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 
-package xds
+package config
 
 import (
 	"strings"
diff --git a/agent/xds/config_test.go b/agent/xds/config/config_test.go
similarity index 99%
rename from agent/xds/config_test.go
rename to agent/xds/config/config_test.go
index 72ef0bb1e592..72e9a0e61461 100644
--- a/agent/xds/config_test.go
+++ b/agent/xds/config/config_test.go
@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 
-package xds
+package config
 
 import (
 	"testing"
diff --git a/agent/xds/configfetcher/config_fetcher.go b/agent/xds/configfetcher/config_fetcher.go
new file mode 100644
index 000000000000..8d4d311caf7a
--- /dev/null
+++ b/agent/xds/configfetcher/config_fetcher.go
@@ -0,0 +1,7 @@
+package configfetcher
+
+// ConfigFetcher is the interface the agent needs to expose
+// for the xDS server to fetch agent config, currently only one field is fetched
+type ConfigFetcher interface {
+	AdvertiseAddrLAN() string
+}
diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go
index b3b58bc2ad29..68c7ebdfadab 100644
--- a/agent/xds/listeners.go
+++ b/agent/xds/listeners.go
@@ -29,6 +29,9 @@ import (
 	envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3"
 	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
 	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
+	"github.com/hashicorp/consul/agent/xds/config"
+	"github.com/hashicorp/consul/agent/xds/naming"
+	"github.com/hashicorp/consul/agent/xds/platform"
 
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/protobuf/encoding/protojson"
@@ -50,8 +53,6 @@ import (
 	"github.com/hashicorp/consul/types"
 )
 
-const virtualIPTag = "virtual"
-
 // listenersFromSnapshot returns the xDS API representation of the "listeners" in the snapshot.
 func (s *ResourceGenerator) listenersFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) {
 	if cfgSnap == nil {
@@ -118,7 +119,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
 		}
 	}
 
-	proxyCfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
+	proxyCfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -258,7 +259,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
 			// We only match on this virtual IP if the upstream is in the proxy's partition.
 			// This is because the IP is not guaranteed to be unique across k8s clusters.
 			if acl.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) {
-				if vip := e.Service.TaggedAddresses[virtualIPTag]; vip.Address != "" {
+				if vip := e.Service.TaggedAddresses[naming.VirtualIPTag]; vip.Address != "" {
 					uniqueAddrs[vip.Address] = struct{}{}
 				}
 			}
@@ -462,7 +463,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
 			// The virtualIPTag is used by consul-k8s to store the ClusterIP for a service.
 			// For services imported from a peer,the partition will be equal in all cases.
 			if acl.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) {
-				if vip := e.Service.TaggedAddresses[virtualIPTag]; vip.Address != "" {
+				if vip := e.Service.TaggedAddresses[naming.VirtualIPTag]; vip.Address != "" {
 					uniqueAddrs[vip.Address] = struct{}{}
 				}
 			}
@@ -552,8 +553,8 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
 
 			filterChain, err := s.makeUpstreamFilterChain(filterChainOpts{
 				accessLogs:  &cfgSnap.Proxy.AccessLogs,
-				clusterName: OriginalDestinationClusterName,
-				filterName:  OriginalDestinationClusterName,
+				clusterName: naming.OriginalDestinationClusterName,
+				filterName:  naming.OriginalDestinationClusterName,
 				protocol:    "tcp",
 			})
 			if err != nil {
@@ -787,7 +788,7 @@ func parseCheckPath(check structs.CheckType) (structs.ExposePath, error) {
 
 // listenersFromSnapshotGateway returns the "listener" for a terminating-gateway or mesh-gateway service
 func (s *ResourceGenerator) listenersFromSnapshotGateway(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) {
-	cfg, err := ParseGatewayConfig(cfgSnap.Proxy.Config)
+	cfg, err := config.ParseGatewayConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1171,7 +1172,7 @@ func createDownstreamTransportSocketForConnectTLS(cfgSnap *proxycfg.ConfigSnapsh
 
 	// Determine listener protocol type from configured service protocol. Don't hard fail on a config typo,
 	//The parse func returns default config if there is an error, so it's safe to continue.
-	cfg, _ := ParseProxyConfig(cfgSnap.Proxy.Config)
+	cfg, _ := config.ParseProxyConfig(cfgSnap.Proxy.Config)
 
 	// Create TLS validation context for mTLS with leaf certificate and root certs.
 	tlsContext := makeCommonTLSContext(
@@ -1263,7 +1264,7 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot
 	var l *envoy_listener_v3.Listener
 	var err error
 
-	cfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
+	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1513,7 +1514,7 @@ func (s *ResourceGenerator) finalizePublicListenerFromConfig(l *envoy_listener_v
 }
 
 func (s *ResourceGenerator) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSnapshot, cluster string, path structs.ExposePath) (proto.Message, error) {
-	cfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
+	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1588,7 +1589,7 @@ func (s *ResourceGenerator) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSna
 			&envoy_core_v3.CidrRange{AddressPrefix: advertise, PrefixLen: &wrapperspb.UInt32Value{Value: uint32(advertiseLen)}},
 		)
 
-		if ok, err := kernelSupportsIPv6(); err != nil {
+		if ok, err := platform.SupportsIPv6(); err != nil {
 			return nil, err
 		} else if ok {
 			ranges = append(ranges,
@@ -1639,7 +1640,7 @@ func (s *ResourceGenerator) makeTerminatingGatewayListener(
 		intentions := cfgSnap.TerminatingGateway.Intentions[svc]
 		svcConfig := cfgSnap.TerminatingGateway.ServiceConfigs[svc]
 
-		cfg, err := ParseProxyConfig(svcConfig.ProxyConfig)
+		cfg, err := config.ParseProxyConfig(svcConfig.ProxyConfig)
 		if err != nil {
 			// Don't hard fail on a config typo, just warn. The parse func returns
 			// default config if there is an error so it's safe to continue.
@@ -1683,7 +1684,7 @@ func (s *ResourceGenerator) makeTerminatingGatewayListener(
 		intentions := cfgSnap.TerminatingGateway.Intentions[svc]
 		svcConfig := cfgSnap.TerminatingGateway.ServiceConfigs[svc]
 
-		cfg, err := ParseProxyConfig(svcConfig.ProxyConfig)
+		cfg, err := config.ParseProxyConfig(svcConfig.ProxyConfig)
 		if err != nil {
 			// Don't hard fail on a config typo, just warn. The parse func returns
 			// default config if there is an error so it's safe to continue.
@@ -1807,7 +1808,7 @@ func (s *ResourceGenerator) makeFilterChainTerminatingGateway(cfgSnap *proxycfg.
 		filterChain.Filters = append(filterChain.Filters, authFilter)
 	}
 
-	proxyCfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
+	proxyCfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -2128,7 +2129,7 @@ func (s *ResourceGenerator) makeMeshGatewayPeerFilterChain(
 		if err != nil {
 			return nil, err
 		}
-		clusterName = meshGatewayExportedClusterNamePrefix + CustomizeClusterName(target.Name, chain)
+		clusterName = meshGatewayExportedClusterNamePrefix + naming.CustomizeClusterName(target.Name, chain)
 	}
 
 	uid := proxycfg.NewUpstreamIDFromServiceName(svc)
diff --git a/agent/xds/listeners_apigateway.go b/agent/xds/listeners_apigateway.go
index 3078c740a054..07566017cea9 100644
--- a/agent/xds/listeners_apigateway.go
+++ b/agent/xds/listeners_apigateway.go
@@ -9,6 +9,7 @@ import (
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
+	"github.com/hashicorp/consul/agent/xds/naming"
 
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/wrapperspb"
@@ -70,7 +71,7 @@ func (s *ResourceGenerator) makeAPIGatewayListeners(address string, cfgSnap *pro
 				if err != nil {
 					return nil, err
 				}
-				clusterName = CustomizeClusterName(target.Name, chain)
+				clusterName = naming.CustomizeClusterName(target.Name, chain)
 			}
 
 			filterName := fmt.Sprintf("%s.%s.%s.%s", chain.ServiceName, chain.Namespace, chain.Partition, chain.Datacenter)
diff --git a/agent/xds/listeners_ingress.go b/agent/xds/listeners_ingress.go
index 3dfd9705d96e..61ef21d76ae7 100644
--- a/agent/xds/listeners_ingress.go
+++ b/agent/xds/listeners_ingress.go
@@ -9,6 +9,7 @@ import (
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
+	"github.com/hashicorp/consul/agent/xds/naming"
 
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/durationpb"
@@ -62,7 +63,7 @@ func (s *ResourceGenerator) makeIngressGatewayListeners(address string, cfgSnap
 				if err != nil {
 					return nil, err
 				}
-				clusterName = CustomizeClusterName(target.Name, chain)
+				clusterName = naming.CustomizeClusterName(target.Name, chain)
 			}
 
 			filterName := fmt.Sprintf("%s.%s.%s.%s", chain.ServiceName, chain.Namespace, chain.Partition, chain.Datacenter)
diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go
index ab19ebc05600..b5d6c66f0008 100644
--- a/agent/xds/listeners_test.go
+++ b/agent/xds/listeners_test.go
@@ -11,8 +11,7 @@ import (
 	"text/template"
 
 	"github.com/stretchr/testify/assert"
-
-	"github.com/hashicorp/consul/agent/xds/testcommon"
+	"google.golang.org/protobuf/proto"
 
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	testinf "github.com/mitchellh/go-testing-interface"
@@ -20,6 +19,10 @@ import (
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/configfetcher"
+	"github.com/hashicorp/consul/agent/xds/proxystateconverter"
+	"github.com/hashicorp/consul/agent/xds/testcommon"
+	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/types"
@@ -33,6 +36,7 @@ type listenerTestCase struct {
 	// test input.
 	overrideGoldenName string
 	generatorSetup     func(*ResourceGenerator)
+	alsoRunTestForV2   bool
 }
 
 func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase {
@@ -70,6 +74,7 @@ func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-http-chain",
@@ -118,6 +123,7 @@ func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-overrides",
@@ -130,12 +136,14 @@ func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-jwt-config-entry-with-local",
@@ -226,6 +234,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-incoming-min-version",
@@ -245,6 +254,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-incoming-max-version",
@@ -264,6 +274,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-incoming-cipher-suites",
@@ -286,6 +297,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "grpc-public-listener",
@@ -302,6 +314,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["bind_address"] = "127.0.0.2"
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "listener-bind-port",
@@ -310,6 +323,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["bind_port"] = 8888
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "listener-bind-address-port",
@@ -319,6 +333,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["bind_port"] = 8888
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "listener-unix-domain-socket",
@@ -330,6 +345,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Upstreams[0].LocalBindSocketMode = "0640"
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "listener-max-inbound-connections",
@@ -338,6 +354,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["max_inbound_connections"] = 222
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "http2-public-listener",
@@ -354,6 +371,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["balance_inbound_connections"] = "exact_balance"
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "listener-balance-outbound-connections-bind-port",
@@ -362,6 +380,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Upstreams[0].Config["balance_outbound_connections"] = "exact_balance"
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "http-public-listener",
@@ -559,7 +578,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 		},
 		{
 			// NOTE: if IPv6 is not supported in the kernel per
-			// kernelSupportsIPv6() then this test will fail because the golden
+			// platform.SupportsIPv6() then this test will fail because the golden
 			// files were generated assuming ipv6 support was present
 			name:   "expose-checks-http",
 			create: proxycfg.TestConfigSnapshotExposeChecks,
@@ -571,7 +590,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 		},
 		{
 			// NOTE: if IPv6 is not supported in the kernel per
-			// kernelSupportsIPv6() then this test will fail because the golden
+			// platform.SupportsIPv6() then this test will fail because the golden
 			// files were generated assuming ipv6 support was present
 			name:   "expose-checks-http-with-bind-override",
 			create: proxycfg.TestConfigSnapshotExposeChecksWithBindOverride,
@@ -583,7 +602,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 		},
 		{
 			// NOTE: if IPv6 is not supported in the kernel per
-			// kernelSupportsIPv6() then this test will fail because the golden
+			// platform.SupportsIPv6() then this test will fail because the golden
 			// files were generated assuming ipv6 support was present
 			name:   "expose-checks-grpc",
 			create: proxycfg.TestConfigSnapshotExposeChecksGRPC,
@@ -1170,16 +1189,19 @@ func TestListenersFromSnapshot(t *testing.T) {
 			create: proxycfg.TestConfigSnapshotTransparentProxyResolverRedirectUpstream,
 		},
 		{
-			name:   "transparent-proxy-catalog-destinations-only",
-			create: proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly,
+			name:             "transparent-proxy-catalog-destinations-only",
+			create:           proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly,
+			alsoRunTestForV2: true,
 		},
 		{
-			name:   "transparent-proxy-dial-instances-directly",
-			create: proxycfg.TestConfigSnapshotTransparentProxyDialDirectly,
+			name:             "transparent-proxy-dial-instances-directly",
+			create:           proxycfg.TestConfigSnapshotTransparentProxyDialDirectly,
+			alsoRunTestForV2: true,
 		},
 		{
-			name:   "transparent-proxy-terminating-gateway",
-			create: proxycfg.TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly,
+			name:             "transparent-proxy-terminating-gateway",
+			create:           proxycfg.TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly,
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-trace-listener",
@@ -1242,6 +1264,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 				},
 					nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-without-tproxy-and-permissive-mtls",
@@ -1251,6 +1274,7 @@ func TestListenersFromSnapshot(t *testing.T) {
 				},
 					nil)
 			},
+			alsoRunTestForV2: true,
 		},
 	}
 
@@ -1275,26 +1299,26 @@ func TestListenersFromSnapshot(t *testing.T) {
 					// golder files for every test case and so not be any use!
 					testcommon.SetupTLSRootsAndLeaf(t, snap)
 
-					// Need server just for logger dependency
-					g := NewResourceGenerator(testutil.Logger(t), nil, false)
-					g.ProxyFeatures = sf
-					if tt.generatorSetup != nil {
-						tt.generatorSetup(g)
-					}
-
-					listeners, err := g.listenersFromSnapshot(snap)
-					require.NoError(t, err)
+					var listeners []proto.Message
 
-					// The order of listeners returned via LDS isn't relevant, so it's safe
-					// to sort these for the purposes of test comparisons.
-					sort.Slice(listeners, func(i, j int) bool {
-						return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name
-					})
+					t.Run("current-xdsv1", func(t *testing.T) {
+						// Need server just for logger dependency
+						g := NewResourceGenerator(testutil.Logger(t), nil, false)
+						g.ProxyFeatures = sf
+						if tt.generatorSetup != nil {
+							tt.generatorSetup(g)
+						}
+						listeners, err = g.listenersFromSnapshot(snap)
+						require.NoError(t, err)
+						// The order of listeners returned via LDS isn't relevant, so it's safe
+						// to sort these for the purposes of test comparisons.
+						sort.Slice(listeners, func(i, j int) bool {
+							return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name
+						})
 
-					r, err := createResponse(xdscommon.ListenerType, "00000001", "00000001", listeners)
-					require.NoError(t, err)
+						r, err := createResponse(xdscommon.ListenerType, "00000001", "00000001", listeners)
+						require.NoError(t, err)
 
-					t.Run("current", func(t *testing.T) {
 						gotJSON := protoToJSON(t, r)
 
 						gName := tt.name
@@ -1305,6 +1329,39 @@ func TestListenersFromSnapshot(t *testing.T) {
 						expectedJSON := goldenEnvoy(t, filepath.Join("listeners", gName), envoyVersion, latestEnvoyVersion, gotJSON)
 						require.JSONEq(t, expectedJSON, gotJSON)
 					})
+
+					if tt.alsoRunTestForV2 {
+						t.Run("current-xdsv2", func(t *testing.T) {
+							generator := xdsv2.NewResourceGenerator(testutil.Logger(t))
+							converter := proxystateconverter.NewConverter(testutil.Logger(t), nil)
+							proxyState, err := converter.ProxyStateFromSnapshot(snap)
+							require.NoError(t, err)
+
+							res, err := generator.AllResourcesFromIR(proxyState)
+							require.NoError(t, err)
+
+							listeners = res[xdscommon.ListenerType]
+							// The order of listeners returned via LDS isn't relevant, so it's safe
+							// to sort these for the purposes of test comparisons.
+							sort.Slice(listeners, func(i, j int) bool {
+								return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name
+							})
+
+							r, err := createResponse(xdscommon.ListenerType, "00000001", "00000001", listeners)
+							require.NoError(t, err)
+
+							gotJSON := protoToJSON(t, r)
+
+							gName := tt.name
+							if tt.overrideGoldenName != "" {
+								gName = tt.overrideGoldenName
+							}
+
+							expectedJSON := goldenEnvoy(t, filepath.Join("listeners", gName), envoyVersion, latestEnvoyVersion, gotJSON)
+							require.JSONEq(t, expectedJSON, gotJSON)
+						})
+					}
+
 				})
 			}
 		})
@@ -1462,7 +1519,7 @@ func customTraceJSON(t testinf.T) string {
 
 type configFetcherFunc func() string
 
-var _ ConfigFetcher = (configFetcherFunc)(nil)
+var _ configfetcher.ConfigFetcher = (configFetcherFunc)(nil)
 
 func (f configFetcherFunc) AdvertiseAddrLAN() string {
 	return f()
diff --git a/agent/xds/naming.go b/agent/xds/naming/naming.go
similarity index 52%
rename from agent/xds/naming.go
rename to agent/xds/naming/naming.go
index d9a2de2c3265..3e19d9327003 100644
--- a/agent/xds/naming.go
+++ b/agent/xds/naming/naming.go
@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 
-package xds
+package naming
 
 import (
 	"fmt"
@@ -9,6 +9,16 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 )
 
+const (
+	// OriginalDestinationClusterName is the name we give to the passthrough
+	// cluster which redirects transparently-proxied requests to their original
+	// destination outside the mesh. This cluster prevents Consul from blocking
+	// connections to destinations outside of the catalog when in transparent
+	// proxy mode.
+	OriginalDestinationClusterName = "original-destination"
+	VirtualIPTag                   = "virtual"
+)
+
 func CustomizeClusterName(clusterName string, chain *structs.CompiledDiscoveryChain) string {
 	if chain == nil || chain.CustomizationHash == "" {
 		return clusterName
diff --git a/agent/xds/net_fallback.go b/agent/xds/platform/net_fallback.go
similarity index 70%
rename from agent/xds/net_fallback.go
rename to agent/xds/platform/net_fallback.go
index e35ed3c99a39..e37c97633b28 100644
--- a/agent/xds/net_fallback.go
+++ b/agent/xds/platform/net_fallback.go
@@ -4,8 +4,8 @@
 //go:build !linux
 // +build !linux
 
-package xds
+package platform
 
-func kernelSupportsIPv6() (bool, error) {
+func SupportsIPv6() (bool, error) {
 	return true, nil
 }
diff --git a/agent/xds/net_linux.go b/agent/xds/platform/net_linux.go
similarity index 92%
rename from agent/xds/net_linux.go
rename to agent/xds/platform/net_linux.go
index 59e535f6de45..acf8c53a85e4 100644
--- a/agent/xds/net_linux.go
+++ b/agent/xds/platform/net_linux.go
@@ -4,7 +4,7 @@
 //go:build linux
 // +build linux
 
-package xds
+package platform
 
 import (
 	"fmt"
@@ -20,7 +20,7 @@ var (
 	ipv6SupportedErr error
 )
 
-func kernelSupportsIPv6() (bool, error) {
+func SupportsIPv6() (bool, error) {
 	ipv6SupportOnce.Do(func() {
 		ipv6Supported, ipv6SupportedErr = checkIfKernelSupportsIPv6()
 	})
diff --git a/agent/xds/proxystateconverter/clusters.go b/agent/xds/proxystateconverter/clusters.go
new file mode 100644
index 000000000000..b5f10bf32e03
--- /dev/null
+++ b/agent/xds/proxystateconverter/clusters.go
@@ -0,0 +1,74 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package proxystateconverter
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/naming"
+	"github.com/hashicorp/consul/proto/private/pbpeering"
+)
+
+const (
+	meshGatewayExportedClusterNamePrefix = "exported~"
+)
+
+func makeExposeClusterName(destinationPort int) string {
+	return fmt.Sprintf("exposed_cluster_%d", destinationPort)
+}
+
+func clusterNameForDestination(cfgSnap *proxycfg.ConfigSnapshot, name string, address string, namespace string, partition string) string {
+	name = destinationSpecificServiceName(name, address)
+	sni := connect.ServiceSNI(name, "", namespace, partition, cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
+
+	// Prefixed with destination to distinguish from non-passthrough clusters for the same upstream.
+	return "destination." + sni
+}
+
+func destinationSpecificServiceName(name string, address string) string {
+	address = strings.ReplaceAll(address, ":", "-")
+	address = strings.ReplaceAll(address, ".", "-")
+	return fmt.Sprintf("%s.%s", address, name)
+}
+
+// generatePeeredClusterName returns an SNI-like cluster name which mimics PeeredServiceSNI
+// but excludes partition information which could be ambiguous (local vs remote partition).
+func generatePeeredClusterName(uid proxycfg.UpstreamID, tb *pbpeering.PeeringTrustBundle) string {
+	return strings.Join([]string{
+		uid.Name,
+		uid.NamespaceOrDefault(),
+		uid.Peer,
+		"external",
+		tb.TrustDomain,
+	}, ".")
+}
+
+func (s *Converter) getTargetClusterName(upstreamsSnapshot *proxycfg.ConfigSnapshotUpstreams, chain *structs.CompiledDiscoveryChain, tid string, forMeshGateway bool) string {
+	target := chain.Targets[tid]
+	clusterName := target.Name
+	targetUID := proxycfg.NewUpstreamIDFromTargetID(tid)
+	if targetUID.Peer != "" {
+		tbs, ok := upstreamsSnapshot.UpstreamPeerTrustBundles.Get(targetUID.Peer)
+		// We can't generate cluster on peers without the trust bundle. The
+		// trust bundle should be ready soon.
+		if !ok {
+			s.Logger.Debug("peer trust bundle not ready for discovery chain target",
+				"peer", targetUID.Peer,
+				"target", tid,
+			)
+			return ""
+		}
+
+		clusterName = generatePeeredClusterName(targetUID, tbs)
+	}
+	clusterName = naming.CustomizeClusterName(clusterName, chain)
+	if forMeshGateway {
+		clusterName = meshGatewayExportedClusterNamePrefix + clusterName
+	}
+	return clusterName
+}
diff --git a/agent/xds/proxystateconverter/converter.go b/agent/xds/proxystateconverter/converter.go
new file mode 100644
index 000000000000..3a8037b44b1c
--- /dev/null
+++ b/agent/xds/proxystateconverter/converter.go
@@ -0,0 +1,118 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package proxystateconverter
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/go-hclog"
+
+	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/configfetcher"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+)
+
+// Converter converts a single snapshot into a ProxyState.
+type Converter struct {
+	Logger     hclog.Logger
+	CfgFetcher configfetcher.ConfigFetcher
+	proxyState *pbmesh.ProxyState
+}
+
+func NewConverter(
+	logger hclog.Logger,
+	cfgFetcher configfetcher.ConfigFetcher,
+) *Converter {
+	return &Converter{
+		Logger:     logger,
+		CfgFetcher: cfgFetcher,
+		proxyState: &pbmesh.ProxyState{
+			Listeners: make([]*pbproxystate.Listener, 0),
+			Clusters:  make(map[string]*pbproxystate.Cluster),
+			Routes:    make(map[string]*pbproxystate.Route),
+			Endpoints: make(map[string]*pbproxystate.Endpoints),
+		},
+	}
+}
+
+func (g *Converter) ProxyStateFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) (*pbmesh.ProxyState, error) {
+	err := g.resourcesFromSnapshot(cfgSnap)
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate FullProxyState: %v", err)
+	}
+
+	return g.proxyState, nil
+}
+
+func (g *Converter) resourcesFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
+	err := g.tlsConfigFromSnapshot(cfgSnap)
+	if err != nil {
+		return err
+	}
+
+	err = g.listenersFromSnapshot(cfgSnap)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+const localPeerKey = "local"
+
+func (g *Converter) tlsConfigFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
+	proxyStateTLS := &pbproxystate.TLS{}
+	g.proxyState.TrustBundles = make(map[string]*pbproxystate.TrustBundle)
+	g.proxyState.LeafCertificates = make(map[string]*pbproxystate.LeafCertificate)
+
+	// Set the TLS in the top level proxyState
+	g.proxyState.Tls = proxyStateTLS
+
+	// Add local trust bundle
+	g.proxyState.TrustBundles[localPeerKey] = &pbproxystate.TrustBundle{
+		TrustDomain: cfgSnap.Roots.TrustDomain,
+		Roots:       []string{cfgSnap.RootPEMs()},
+	}
+
+	// Add peered trust bundles for remote peers that will dial this proxy.
+	for _, peeringTrustBundle := range cfgSnap.PeeringTrustBundles() {
+		g.proxyState.TrustBundles[peeringTrustBundle.PeerName] = &pbproxystate.TrustBundle{
+			TrustDomain: peeringTrustBundle.GetTrustDomain(),
+			Roots:       peeringTrustBundle.RootPEMs,
+		}
+	}
+
+	// Add upstream peer trust bundles for dialing upstreams in remote peers.
+	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
+	if err != nil {
+		if !(cfgSnap.Kind == structs.ServiceKindMeshGateway || cfgSnap.Kind == structs.ServiceKindTerminatingGateway) {
+			return err
+		}
+	}
+	if upstreamsSnapshot != nil {
+		upstreamsSnapshot.UpstreamPeerTrustBundles.ForEachKeyE(func(k proxycfg.PeerName) error {
+			tbs, ok := upstreamsSnapshot.UpstreamPeerTrustBundles.Get(k)
+			if ok {
+				g.proxyState.TrustBundles[k] = &pbproxystate.TrustBundle{
+					TrustDomain: tbs.TrustDomain,
+					Roots:       tbs.RootPEMs,
+				}
+			}
+			return nil
+		})
+	}
+
+	if cfgSnap.MeshConfigTLSOutgoing() != nil {
+		proxyStateTLS.OutboundTlsParameters = makeTLSParametersFromTLSConfig(cfgSnap.MeshConfigTLSOutgoing().TLSMinVersion,
+			cfgSnap.MeshConfigTLSOutgoing().TLSMaxVersion, cfgSnap.MeshConfigTLSOutgoing().CipherSuites)
+	}
+
+	if cfgSnap.MeshConfigTLSIncoming() != nil {
+		proxyStateTLS.InboundTlsParameters = makeTLSParametersFromTLSConfig(cfgSnap.MeshConfigTLSIncoming().TLSMinVersion,
+			cfgSnap.MeshConfigTLSIncoming().TLSMaxVersion, cfgSnap.MeshConfigTLSIncoming().CipherSuites)
+	}
+
+	return nil
+}
diff --git a/agent/xds/proxystateconverter/listeners.go b/agent/xds/proxystateconverter/listeners.go
new file mode 100644
index 000000000000..a530fbf4fe96
--- /dev/null
+++ b/agent/xds/proxystateconverter/listeners.go
@@ -0,0 +1,1694 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package proxystateconverter
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"net/url"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
+	"github.com/hashicorp/go-uuid"
+
+	"github.com/hashicorp/consul/agent/xds/config"
+	"github.com/hashicorp/consul/agent/xds/naming"
+	"github.com/hashicorp/consul/agent/xds/platform"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+
+	"github.com/hashicorp/go-hclog"
+	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
+
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/sdk/iptables"
+	"github.com/hashicorp/consul/types"
+)
+
+// listenersFromSnapshot adds listeners to pbmesh.ProxyState using the config snapshot.
+func (s *Converter) listenersFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
+	if cfgSnap == nil {
+		return errors.New("nil config given")
+	}
+
+	switch cfgSnap.Kind {
+	case structs.ServiceKindConnectProxy:
+		return s.listenersFromSnapshotConnectProxy(cfgSnap)
+	case structs.ServiceKindTerminatingGateway,
+		structs.ServiceKindMeshGateway,
+		structs.ServiceKindIngressGateway,
+		structs.ServiceKindAPIGateway:
+		// TODO(proxystate): gateway support will be added in the future
+		//return s.listenersFromSnapshotGateway(cfgSnap)
+	default:
+		return fmt.Errorf("Invalid service kind: %v", cfgSnap.Kind)
+	}
+	return nil
+}
+
+// listenersFromSnapshotConnectProxy returns the "listeners" for a connect proxy service
+func (s *Converter) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) error {
+	// This is the list of listeners we add to. It will be empty to start.
+	listeners := s.proxyState.Listeners
+	var err error
+
+	// Configure inbound listener.
+	inboundListener, err := s.makeInboundListener(cfgSnap, xdscommon.PublicListenerName)
+	if err != nil {
+		return err
+	}
+	listeners = append(listeners, inboundListener)
+
+	// This outboundListener is exclusively used when transparent proxy mode is active.
+	// In that situation there is a single listener where we are redirecting outbound traffic,
+	// and each upstream gets a filter chain attached to that listener.
+	var outboundListener *pbproxystate.Listener
+
+	if cfgSnap.Proxy.Mode == structs.ProxyModeTransparent {
+		port := iptables.DefaultTProxyOutboundPort
+		if cfgSnap.Proxy.TransparentProxy.OutboundListenerPort != 0 {
+			port = cfgSnap.Proxy.TransparentProxy.OutboundListenerPort
+		}
+
+		opts := makeListenerOpts{
+			name: xdscommon.OutboundListenerName,
+			//accessLogs: cfgSnap.Proxy.AccessLogs,
+			addr:      "127.0.0.1",
+			port:      port,
+			direction: pbproxystate.Direction_DIRECTION_OUTBOUND,
+			logger:    s.Logger,
+		}
+		outboundListener = makeListener(opts)
+		if outboundListener.Capabilities == nil {
+			outboundListener.Capabilities = []pbproxystate.Capability{}
+		}
+		outboundListener.Capabilities = append(outboundListener.Capabilities, pbproxystate.Capability_CAPABILITY_TRANSPARENT)
+	}
+
+	// TODO(proxystate): tracing escape hatch will be added in the future. It will be added to the top level in proxystate, and used in xds generation.
+	//proxyCfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	//if err != nil {
+	//	// Don't hard fail on a config typo, just warn. The parse func returns
+	//	// default config if there is an error so it's safe to continue.
+	//	s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
+	//}
+	//var tracing *envoy_http_v3.HttpConnectionManager_Tracing
+	//if proxyCfg.ListenerTracingJSON != "" {
+	//	if tracing, err = makeTracingFromUserConfig(proxyCfg.ListenerTracingJSON); err != nil {
+	//		s.Logger.Warn("failed to parse ListenerTracingJSON config", "error", err)
+	//	}
+	//}
+
+	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
+	if err != nil {
+		return err
+	}
+
+	for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
+		upstreamCfg, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
+		if skip {
+			// Discovery chain is not associated with a known explicit or implicit upstream so it is skipped.
+			continue
+		}
+
+		cfg := s.getAndModifyUpstreamConfigForListener(uid, upstreamCfg, chain)
+
+		// If escape hatch is present, create a listener from it and move on to the next
+		if cfg.EnvoyListenerJSON != "" {
+			upstreamListener := &pbproxystate.Listener{
+				EscapeHatchListener: cfg.EnvoyListenerJSON,
+			}
+			listeners = append(listeners, upstreamListener)
+			continue
+		}
+
+		// RDS, Envoy's Route Discovery Service, is only used for HTTP services with a customized discovery chain.
+		useRDS := chain.Protocol != "tcp" && !chain.Default
+
+		var clusterName string
+		if !useRDS {
+			// When not using RDS we must generate a cluster name to attach to the filter chain.
+			// With RDS, cluster names get attached to the dynamic routes instead.
+			target, err := simpleChainTarget(chain)
+			if err != nil {
+				return err
+			}
+
+			clusterName = s.getTargetClusterName(upstreamsSnapshot, chain, target.ID, false)
+			if clusterName == "" {
+				continue
+			}
+		}
+
+		filterName := fmt.Sprintf("%s.%s.%s.%s", chain.ServiceName, chain.Namespace, chain.Partition, chain.Datacenter)
+
+		// Generate the upstream listeners for when they are explicitly set with a local bind port or socket path
+		if upstreamCfg != nil && upstreamCfg.HasLocalPortOrSocket() {
+			router, err := s.makeUpstreamRouter(routerOpts{
+				// TODO(proxystate): access logs and tracing will be added in the future.
+				//accessLogs:  &cfgSnap.Proxy.AccessLogs,
+				routeName:   uid.EnvoyID(),
+				clusterName: clusterName,
+				filterName:  filterName,
+				protocol:    cfg.Protocol,
+				useRDS:      useRDS,
+				//tracing:     tracing,
+			})
+			if err != nil {
+				return err
+			}
+
+			opts := makeListenerOpts{
+				name: uid.EnvoyID(),
+				//accessLogs: cfgSnap.Proxy.AccessLogs,
+				direction: pbproxystate.Direction_DIRECTION_OUTBOUND,
+				logger:    s.Logger,
+				upstream:  upstreamCfg,
+			}
+			upstreamListener := makeListener(opts)
+			upstreamListener.BalanceConnections = balanceConnections[cfg.BalanceOutboundConnections]
+
+			upstreamListener.Routers = append(upstreamListener.Routers, router)
+			listeners = append(listeners, upstreamListener)
+
+			// Avoid creating filter chains below for upstreams that have dedicated listeners
+			continue
+		}
+
+		// The rest of this loop is used exclusively for transparent proxies.
+		// Below we create a filter chain per upstream, rather than a listener per upstream
+		// as we do for explicit upstreams above.
+
+		upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
+			//accessLogs:  &cfgSnap.Proxy.AccessLogs,
+			routeName:   uid.EnvoyID(),
+			clusterName: clusterName,
+			filterName:  filterName,
+			protocol:    cfg.Protocol,
+			useRDS:      useRDS,
+			//tracing:     tracing,
+		})
+		if err != nil {
+			return err
+		}
+
+		endpoints := cfgSnap.ConnectProxy.WatchedUpstreamEndpoints[uid][chain.ID()]
+		uniqueAddrs := make(map[string]struct{})
+
+		if chain.Partition == cfgSnap.ProxyID.PartitionOrDefault() {
+			for _, ip := range chain.AutoVirtualIPs {
+				uniqueAddrs[ip] = struct{}{}
+			}
+			for _, ip := range chain.ManualVirtualIPs {
+				uniqueAddrs[ip] = struct{}{}
+			}
+		}
+
+		// Match on the virtual IP for the upstream service (identified by the chain's ID).
+		// We do not match on all endpoints here since it would lead to load balancing across
+		// all instances when any instance address is dialed.
+		for _, e := range endpoints {
+			if e.Service.Kind == structs.ServiceKind(structs.TerminatingGateway) {
+				key := structs.ServiceGatewayVirtualIPTag(chain.CompoundServiceName())
+
+				if vip := e.Service.TaggedAddresses[key]; vip.Address != "" {
+					uniqueAddrs[vip.Address] = struct{}{}
+				}
+
+				continue
+			}
+			if vip := e.Service.TaggedAddresses[structs.TaggedAddressVirtualIP]; vip.Address != "" {
+				uniqueAddrs[vip.Address] = struct{}{}
+			}
+
+			// The virtualIPTag is used by consul-k8s to store the ClusterIP for a service.
+			// We only match on this virtual IP if the upstream is in the proxy's partition.
+			// This is because the IP is not guaranteed to be unique across k8s clusters.
+			if acl.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) {
+				if vip := e.Service.TaggedAddresses[naming.VirtualIPTag]; vip.Address != "" {
+					uniqueAddrs[vip.Address] = struct{}{}
+				}
+			}
+		}
+		if len(uniqueAddrs) > 2 {
+			s.Logger.Debug("detected multiple virtual IPs for an upstream, all will be used to match traffic",
+				"upstream", uid, "ip_count", len(uniqueAddrs))
+		}
+
+		// For every potential address we collected, create the appropriate address prefix to match on.
+		// In this case we are matching on exact addresses, so the prefix is the address itself,
+		// and the prefix length is based on whether it's IPv4 or IPv6.
+		upstreamRouter.Match = makeRouterMatchFromAddrs(uniqueAddrs)
+
+		// Only attach the filter chain if there are addresses to match on
+		if upstreamRouter.Match != nil && len(upstreamRouter.Match.PrefixRanges) > 0 {
+			outboundListener.Routers = append(outboundListener.Routers, upstreamRouter)
+		}
+	}
+	requiresTLSInspector := false
+	requiresHTTPInspector := false
+
+	configuredPorts := make(map[int]interface{})
+	err = cfgSnap.ConnectProxy.DestinationsUpstream.ForEachKeyE(func(uid proxycfg.UpstreamID) error {
+		svcConfig, ok := cfgSnap.ConnectProxy.DestinationsUpstream.Get(uid)
+		if !ok || svcConfig == nil {
+			return nil
+		}
+
+		if structs.IsProtocolHTTPLike(svcConfig.Protocol) {
+			if _, ok := configuredPorts[svcConfig.Destination.Port]; ok {
+				return nil
+			}
+			configuredPorts[svcConfig.Destination.Port] = struct{}{}
+			const name = "~http" // name used for the shared route name
+			routeName := clusterNameForDestination(cfgSnap, name, fmt.Sprintf("%d", svcConfig.Destination.Port), svcConfig.NamespaceOrDefault(), svcConfig.PartitionOrDefault())
+			upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
+				//accessLogs: &cfgSnap.Proxy.AccessLogs,
+				routeName:  routeName,
+				filterName: routeName,
+				protocol:   svcConfig.Protocol,
+				useRDS:     true,
+				//tracing:    tracing,
+			})
+			if err != nil {
+				return err
+			}
+			upstreamRouter.Match = makeRouterMatchFromAddressWithPort("", svcConfig.Destination.Port)
+			outboundListener.Routers = append(outboundListener.Routers, upstreamRouter)
+			requiresHTTPInspector = true
+		} else {
+			for _, address := range svcConfig.Destination.Addresses {
+				clusterName := clusterNameForDestination(cfgSnap, uid.Name, address, uid.NamespaceOrDefault(), uid.PartitionOrDefault())
+
+				upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
+					//accessLogs:  &cfgSnap.Proxy.AccessLogs,
+					routeName:   uid.EnvoyID(),
+					clusterName: clusterName,
+					filterName:  clusterName,
+					protocol:    svcConfig.Protocol,
+					//tracing:     tracing,
+				})
+				if err != nil {
+					return err
+				}
+
+				upstreamRouter.Match = makeRouterMatchFromAddressWithPort(address, svcConfig.Destination.Port)
+				outboundListener.Routers = append(outboundListener.Routers, upstreamRouter)
+
+				requiresTLSInspector = len(upstreamRouter.Match.ServerNames) != 0 || requiresTLSInspector
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	if requiresTLSInspector {
+		outboundListener.Capabilities = append(outboundListener.Capabilities, pbproxystate.Capability_CAPABILITY_L4_TLS_INSPECTION)
+	}
+
+	if requiresHTTPInspector {
+		outboundListener.Capabilities = append(outboundListener.Capabilities, pbproxystate.Capability_CAPABILITY_L7_PROTOCOL_INSPECTION)
+	}
+
+	// Looping over explicit and implicit upstreams is only needed for cross-peer
+	// because they do not have discovery chains.
+	for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() {
+		upstreamCfg, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
+		if skip {
+			// Not associated with a known explicit or implicit upstream so it is skipped.
+			continue
+		}
+
+		peerMeta, found := cfgSnap.ConnectProxy.UpstreamPeerMeta(uid)
+		if !found {
+			s.Logger.Warn("failed to fetch upstream peering metadata for listener", "uid", uid)
+		}
+		cfg := s.getAndModifyUpstreamConfigForPeeredListener(uid, upstreamCfg, peerMeta)
+
+		// If escape hatch is present, create a listener from it and move on to the next
+		if cfg.EnvoyListenerJSON != "" {
+			upstreamListener := &pbproxystate.Listener{
+				EscapeHatchListener: cfg.EnvoyListenerJSON,
+			}
+			listeners = append(listeners, upstreamListener)
+			continue
+		}
+
+		tbs, ok := cfgSnap.ConnectProxy.UpstreamPeerTrustBundles.Get(uid.Peer)
+		if !ok {
+			// this should never happen since we loop through upstreams with
+			// set trust bundles
+			return fmt.Errorf("trust bundle not ready for peer %s", uid.Peer)
+		}
+
+		clusterName := generatePeeredClusterName(uid, tbs)
+
+		// Generate the upstream listeners for when they are explicitly set with a local bind port or socket path
+		if upstreamCfg != nil && upstreamCfg.HasLocalPortOrSocket() {
+			upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
+				//accessLogs:  &cfgSnap.Proxy.AccessLogs,
+				clusterName: clusterName,
+				filterName: fmt.Sprintf("%s.%s.%s",
+					upstreamCfg.DestinationName,
+					upstreamCfg.DestinationNamespace,
+					upstreamCfg.DestinationPeer),
+				routeName:  uid.EnvoyID(),
+				protocol:   cfg.Protocol,
+				useRDS:     false,
+				statPrefix: "upstream_peered.",
+			})
+			if err != nil {
+				return err
+			}
+
+			opts := makeListenerOpts{
+				name: uid.EnvoyID(),
+				//accessLogs: cfgSnap.Proxy.AccessLogs,
+				direction: pbproxystate.Direction_DIRECTION_OUTBOUND,
+				logger:    s.Logger,
+				upstream:  upstreamCfg,
+			}
+			upstreamListener := makeListener(opts)
+			upstreamListener.BalanceConnections = balanceConnections[cfg.BalanceOutboundConnections]
+
+			upstreamListener.Routers = []*pbproxystate.Router{
+				upstreamRouter,
+			}
+			listeners = append(listeners, upstreamListener)
+
+			// Avoid creating filter chains below for upstreams that have dedicated listeners
+			continue
+		}
+
+		// The rest of this loop is used exclusively for transparent proxies.
+		// Below we create a filter chain per upstream, rather than a listener per upstream
+		// as we do for explicit upstreams above.
+
+		upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
+			//accessLogs:  &cfgSnap.Proxy.AccessLogs,
+			routeName:   uid.EnvoyID(),
+			clusterName: clusterName,
+			filterName: fmt.Sprintf("%s.%s.%s",
+				uid.Name,
+				uid.NamespaceOrDefault(),
+				uid.Peer),
+			protocol:   cfg.Protocol,
+			useRDS:     false,
+			statPrefix: "upstream_peered.",
+			//tracing:    tracing,
+		})
+		if err != nil {
+			return err
+		}
+
+		endpoints, _ := cfgSnap.ConnectProxy.PeerUpstreamEndpoints.Get(uid)
+		uniqueAddrs := make(map[string]struct{})
+
+		// Match on the virtual IP for the upstream service (identified by the chain's ID).
+		// We do not match on all endpoints here since it would lead to load balancing across
+		// all instances when any instance address is dialed.
+		for _, e := range endpoints {
+			if vip := e.Service.TaggedAddresses[structs.TaggedAddressVirtualIP]; vip.Address != "" {
+				uniqueAddrs[vip.Address] = struct{}{}
+			}
+
+			// The virtualIPTag is used by consul-k8s to store the ClusterIP for a service.
+			// For services imported from a peer,the partition will be equal in all cases.
+			if acl.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) {
+				if vip := e.Service.TaggedAddresses[naming.VirtualIPTag]; vip.Address != "" {
+					uniqueAddrs[vip.Address] = struct{}{}
+				}
+			}
+		}
+		if len(uniqueAddrs) > 2 {
+			s.Logger.Debug("detected multiple virtual IPs for an upstream, all will be used to match traffic",
+				"upstream", uid, "ip_count", len(uniqueAddrs))
+		}
+
+		// For every potential address we collected, create the appropriate address prefix to match on.
+		// In this case we are matching on exact addresses, so the prefix is the address itself,
+		// and the prefix length is based on whether it's IPv4 or IPv6.
+		upstreamRouter.Match = makeRouterMatchFromAddrs(uniqueAddrs)
+
+		// Only attach the filter chain if there are addresses to match on
+		if upstreamRouter.Match != nil && len(upstreamRouter.Match.PrefixRanges) > 0 {
+			outboundListener.Routers = append(outboundListener.Routers, upstreamRouter)
+		}
+
+	}
+
+	if outboundListener != nil {
+		// Add a passthrough for every mesh endpoint that can be dialed directly,
+		// as opposed to via a virtual IP.
+		var passthroughRouters []*pbproxystate.Router
+
+		for _, targets := range cfgSnap.ConnectProxy.PassthroughUpstreams {
+			for tid, addrs := range targets {
+				uid := proxycfg.NewUpstreamIDFromTargetID(tid)
+
+				sni := connect.ServiceSNI(
+					uid.Name, "", uid.NamespaceOrDefault(), uid.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
+
+				routerName := fmt.Sprintf("%s.%s.%s.%s", uid.Name, uid.NamespaceOrDefault(), uid.PartitionOrDefault(), cfgSnap.Datacenter)
+
+				upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
+					//accessLogs:  &cfgSnap.Proxy.AccessLogs,
+					clusterName: "passthrough~" + sni,
+					filterName:  routerName,
+					protocol:    "tcp",
+				})
+				if err != nil {
+					return err
+				}
+				upstreamRouter.Match = makeRouterMatchFromAddrs(addrs)
+
+				passthroughRouters = append(passthroughRouters, upstreamRouter)
+			}
+		}
+
+		outboundListener.Routers = append(outboundListener.Routers, passthroughRouters...)
+
+		// Add a catch-all filter chain that acts as a TCP proxy to destinations outside the mesh
+		if meshConf := cfgSnap.MeshConfig(); meshConf == nil ||
+			!meshConf.TransparentProxy.MeshDestinationsOnly {
+
+			upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
+				//accessLogs:  &cfgSnap.Proxy.AccessLogs,
+				clusterName: naming.OriginalDestinationClusterName,
+				filterName:  naming.OriginalDestinationClusterName,
+				protocol:    "tcp",
+			})
+			if err != nil {
+				return err
+			}
+			outboundListener.DefaultRouter = upstreamRouter
+		}
+
+		// Only add the outbound listener if configured.
+		if len(outboundListener.Routers) > 0 || outboundListener.DefaultRouter != nil {
+			listeners = append(listeners, outboundListener)
+
+		}
+	}
+
+	// Looping over explicit upstreams is only needed for prepared queries because they do not have discovery chains
+	for uid, u := range cfgSnap.ConnectProxy.UpstreamConfig {
+		if u.DestinationType != structs.UpstreamDestTypePreparedQuery {
+			continue
+		}
+
+		cfg, err := structs.ParseUpstreamConfig(u.Config)
+		if err != nil {
+			// Don't hard fail on a config typo, just warn. The parse func returns
+			// default config if there is an error so it's safe to continue.
+			s.Logger.Warn("failed to parse", "upstream", uid, "error", err)
+		}
+
+		// If escape hatch is present, create a listener from it and move on to the next
+		if cfg.EnvoyListenerJSON != "" {
+			upstreamListener := &pbproxystate.Listener{
+				EscapeHatchListener: cfg.EnvoyListenerJSON,
+			}
+			listeners = append(listeners, upstreamListener)
+			continue
+		}
+
+		opts := makeListenerOpts{
+			name: uid.EnvoyID(),
+			//accessLogs: cfgSnap.Proxy.AccessLogs,
+			direction: pbproxystate.Direction_DIRECTION_OUTBOUND,
+			logger:    s.Logger,
+			upstream:  u,
+		}
+		upstreamListener := makeListener(opts)
+		upstreamListener.BalanceConnections = balanceConnections[cfg.BalanceOutboundConnections]
+
+		upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
+			// TODO (SNI partition) add partition for upstream SNI
+			//accessLogs:  &cfgSnap.Proxy.AccessLogs,
+			clusterName: connect.UpstreamSNI(u, "", cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain),
+			filterName:  uid.EnvoyID(),
+			routeName:   uid.EnvoyID(),
+			protocol:    cfg.Protocol,
+			//tracing:     tracing,
+		})
+		if err != nil {
+			return err
+		}
+		upstreamListener.Routers = []*pbproxystate.Router{
+			upstreamRouter,
+		}
+		listeners = append(listeners, upstreamListener)
+	}
+
+	cfgSnap.Proxy.Expose.Finalize()
+	paths := cfgSnap.Proxy.Expose.Paths
+
+	// Add service health checks to the list of paths to create listeners for if needed
+	if cfgSnap.Proxy.Expose.Checks {
+		psid := structs.NewServiceID(cfgSnap.Proxy.DestinationServiceID, &cfgSnap.ProxyID.EnterpriseMeta)
+		for _, check := range cfgSnap.ConnectProxy.WatchedServiceChecks[psid] {
+			p, err := parseCheckPath(check)
+			if err != nil {
+				s.Logger.Warn("failed to create listener for", "check", check.CheckID, "error", err)
+				continue
+			}
+			paths = append(paths, p)
+		}
+	}
+
+	// Configure additional listener for exposed check paths
+	for _, path := range paths {
+		clusterName := xdscommon.LocalAppClusterName
+		if path.LocalPathPort != cfgSnap.Proxy.LocalServicePort {
+			clusterName = makeExposeClusterName(path.LocalPathPort)
+		}
+
+		l, err := s.makeExposedCheckListener(cfgSnap, clusterName, path)
+		if err != nil {
+			return err
+		}
+		listeners = append(listeners, l)
+	}
+
+	// Set listeners on the proxy state.
+	s.proxyState.Listeners = listeners
+
+	return nil
+}
+
+func makeRouterMatchFromAddrs(addrs map[string]struct{}) *pbproxystate.Match {
+	ranges := make([]*pbproxystate.CidrRange, 0)
+
+	for addr := range addrs {
+		ip := net.ParseIP(addr)
+		if ip == nil {
+			continue
+		}
+
+		pfxLen := uint32(32)
+		if ip.To4() == nil {
+			pfxLen = 128
+		}
+		ranges = append(ranges, &pbproxystate.CidrRange{
+			AddressPrefix: addr,
+			PrefixLen:     &wrapperspb.UInt32Value{Value: pfxLen},
+		})
+	}
+
+	return &pbproxystate.Match{
+		PrefixRanges: ranges,
+	}
+}
+
+func makeRouterMatchFromAddressWithPort(address string, port int) *pbproxystate.Match {
+	ranges := make([]*pbproxystate.CidrRange, 0)
+
+	ip := net.ParseIP(address)
+	if ip == nil {
+		if address != "" {
+			return &pbproxystate.Match{
+				ServerNames:     []string{address},
+				DestinationPort: &wrapperspb.UInt32Value{Value: uint32(port)},
+			}
+		}
+		return &pbproxystate.Match{
+			DestinationPort: &wrapperspb.UInt32Value{Value: uint32(port)},
+		}
+	}
+
+	pfxLen := uint32(32)
+	if ip.To4() == nil {
+		pfxLen = 128
+	}
+	ranges = append(ranges, &pbproxystate.CidrRange{
+		AddressPrefix: address,
+		PrefixLen:     &wrapperspb.UInt32Value{Value: pfxLen},
+	})
+
+	return &pbproxystate.Match{
+		PrefixRanges:    ranges,
+		DestinationPort: &wrapperspb.UInt32Value{Value: uint32(port)},
+	}
+}
+
+func parseCheckPath(check structs.CheckType) (structs.ExposePath, error) {
+	var path structs.ExposePath
+
+	if check.HTTP != "" {
+		path.Protocol = "http"
+
+		// Get path and local port from original HTTP target
+		u, err := url.Parse(check.HTTP)
+		if err != nil {
+			return path, fmt.Errorf("failed to parse url '%s': %v", check.HTTP, err)
+		}
+		path.Path = u.Path
+
+		_, portStr, err := net.SplitHostPort(u.Host)
+		if err != nil {
+			return path, fmt.Errorf("failed to parse port from '%s': %v", check.HTTP, err)
+		}
+		path.LocalPathPort, err = strconv.Atoi(portStr)
+		if err != nil {
+			return path, fmt.Errorf("failed to parse port from '%s': %v", check.HTTP, err)
+		}
+
+		// Get listener port from proxied HTTP target
+		u, err = url.Parse(check.ProxyHTTP)
+		if err != nil {
+			return path, fmt.Errorf("failed to parse url '%s': %v", check.ProxyHTTP, err)
+		}
+
+		_, portStr, err = net.SplitHostPort(u.Host)
+		if err != nil {
+			return path, fmt.Errorf("failed to parse port from '%s': %v", check.ProxyHTTP, err)
+		}
+		path.ListenerPort, err = strconv.Atoi(portStr)
+		if err != nil {
+			return path, fmt.Errorf("failed to parse port from '%s': %v", check.ProxyHTTP, err)
+		}
+	}
+
+	if check.GRPC != "" {
+		path.Path = "/grpc.health.v1.Health/Check"
+		path.Protocol = "http2"
+
+		// Get local port from original GRPC target of the form: host/service
+		proxyServerAndService := strings.SplitN(check.GRPC, "/", 2)
+		_, portStr, err := net.SplitHostPort(proxyServerAndService[0])
+		if err != nil {
+			return path, fmt.Errorf("failed to split host/port from '%s': %v", check.GRPC, err)
+		}
+		path.LocalPathPort, err = strconv.Atoi(portStr)
+		if err != nil {
+			return path, fmt.Errorf("failed to parse port from '%s': %v", check.GRPC, err)
+		}
+
+		// Get listener port from proxied GRPC target of the form: host/service
+		proxyServerAndService = strings.SplitN(check.ProxyGRPC, "/", 2)
+		_, portStr, err = net.SplitHostPort(proxyServerAndService[0])
+		if err != nil {
+			return path, fmt.Errorf("failed to split host/port from '%s': %v", check.ProxyGRPC, err)
+		}
+		path.ListenerPort, err = strconv.Atoi(portStr)
+		if err != nil {
+			return path, fmt.Errorf("failed to parse port from '%s': %v", check.ProxyGRPC, err)
+		}
+	}
+
+	path.ParsedFromCheck = true
+
+	return path, nil
+}
+
+// TODO(proxystate): Gateway support will be added in the future.
+// Functions to add from agent/xds/listeners.go:
+// func listenersFromSnapshotGateway
+
+// makeListener returns a listener with name and bind details set. Routers and destinations
+// must be added before it's useful.
+//
+// Note on names: Envoy listeners attempt graceful transitions of connections
+// when their config changes but that means they can't have their bind address
+// or port changed in a running instance. Since our users might choose to change
+// a bind address or port for the public or upstream listeners, we need to
+// encode those into the unique name for the listener such that if the user
+// changes them, we actually create a whole new listener on the new address and
+// port. Envoy should take care of closing the old one once it sees it's no
+// longer in the config.
+type makeListenerOpts struct {
+	addr string
+	//accessLogs structs.AccessLogsConfig
+	logger    hclog.Logger
+	mode      string
+	name      string
+	path      string
+	port      int
+	direction pbproxystate.Direction
+	upstream  *structs.Upstream
+}
+
+func makeListener(opts makeListenerOpts) *pbproxystate.Listener {
+	if opts.upstream != nil && opts.upstream.LocalBindPort == 0 && opts.upstream.LocalBindSocketPath != "" {
+		opts.path = opts.upstream.LocalBindSocketPath
+		opts.mode = opts.upstream.LocalBindSocketMode
+		return makePipeListener(opts)
+	}
+	if opts.upstream != nil {
+		opts.port = opts.upstream.LocalBindPort
+		opts.addr = opts.upstream.LocalBindAddress
+		return makeListenerWithDefault(opts)
+	}
+
+	return makeListenerWithDefault(opts)
+}
+
+func makeListenerWithDefault(opts makeListenerOpts) *pbproxystate.Listener {
+	if opts.addr == "" {
+		opts.addr = "127.0.0.1"
+	}
+	// TODO(proxystate): Access logs will be added in the future. It will be added to top level IR, and used by xds code generation.
+	//accessLog, err := accesslogs.MakeAccessLogs(&opts.accessLogs, true)
+	//if err != nil && opts.logger != nil {
+	//	// Since access logging is non-essential for routing, warn and move on
+	//	opts.logger.Warn("error generating access log xds", err)
+	//}
+	return &pbproxystate.Listener{
+		Name: fmt.Sprintf("%s:%s:%d", opts.name, opts.addr, opts.port),
+		//AccessLog:        accessLog,
+		BindAddress: &pbproxystate.Listener_HostPort{
+			HostPort: &pbproxystate.HostPortAddress{
+				Host: opts.addr,
+				Port: uint32(opts.port),
+			},
+		},
+		Direction: opts.direction,
+	}
+}
+
+func makePipeListener(opts makeListenerOpts) *pbproxystate.Listener {
+	// TODO(proxystate): Access logs will be added in the future. It will be added to top level IR, and used by xds code generation.
+	//accessLog, err := accesslogs.MakeAccessLogs(&opts.accessLogs, true)
+	//if err != nil && opts.logger != nil {
+	//	// Since access logging is non-essential for routing, warn and move on
+	//	opts.logger.Warn("error generating access log xds", err)
+	//}
+	return &pbproxystate.Listener{
+		Name: fmt.Sprintf("%s:%s", opts.name, opts.path),
+		//AccessLog:        accessLog,
+		BindAddress: &pbproxystate.Listener_UnixSocket{
+			UnixSocket: &pbproxystate.UnixSocketAddress{Path: opts.path, Mode: opts.mode},
+		},
+		Direction: opts.direction,
+	}
+}
+
+// TODO(proxystate): Escape hatches will be added in the future.
+// Functions to add from agent/xds/listeners.go:
+// func makeListenerFromUserConfig
+
+// TODO(proxystate): Intentions will be added in the future
+// Functions to add from agent/xds/listeners.go:
+// func injectConnectFilters
+
+// TODO(proxystate): httpConnectionManager constants will need to be added when used for listeners L7 in the future.
+// Constants to add from agent/xds/listeners.go:
+// const httpConnectionManagerOldName
+// const httpConnectionManagerNewName
+
+// TODO(proxystate): Extracting RDS resource names will be used when wiring up xds v2 server in the future.
+// Functions to add from agent/xds/listeners.go:
+// func extractRdsResourceNames
+
+// TODO(proxystate): Intentions will be added in the future.
+// Functions to add from agent/xds/listeners.go:
+// func injectHTTPFilterOnFilterChains
+
+// NOTE: This method MUST only be used for connect proxy public listeners,
+// since TLS validation will be done against root certs for all peers
+// that might dial this proxy.
+func (s *Converter) injectConnectTLSForPublicListener(cfgSnap *proxycfg.ConfigSnapshot, listener *pbproxystate.Listener) error {
+	transportSocket, err := s.createInboundMeshMTLS(cfgSnap)
+	if err != nil {
+		return err
+	}
+
+	for idx := range listener.Routers {
+		listener.Routers[idx].InboundTls = transportSocket
+	}
+	return nil
+}
+
+func getAlpnProtocols(protocol string) []string {
+	var alpnProtocols []string
+
+	switch protocol {
+	case "grpc", "http2":
+		alpnProtocols = append(alpnProtocols, "h2", "http/1.1")
+	case "http":
+		alpnProtocols = append(alpnProtocols, "http/1.1")
+	}
+
+	return alpnProtocols
+}
+
+func (s *Converter) createInboundMeshMTLS(cfgSnap *proxycfg.ConfigSnapshot) (*pbproxystate.TransportSocket, error) {
+	switch cfgSnap.Kind {
+	case structs.ServiceKindConnectProxy:
+	case structs.ServiceKindMeshGateway:
+	default:
+		return nil, fmt.Errorf("cannot inject peering trust bundles for kind %q", cfgSnap.Kind)
+	}
+
+	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	if err != nil {
+		// Don't hard fail on a config typo, just warn. The parse func returns
+		// default config if there is an error so it's safe to continue.
+		s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
+	}
+
+	// Add all trust bundle peer names, including local.
+	trustBundlePeerNames := []string{"local"}
+	for _, tb := range cfgSnap.PeeringTrustBundles() {
+		trustBundlePeerNames = append(trustBundlePeerNames, tb.PeerName)
+	}
+	// Arbitrary UUID to reference the identity by.
+	uuid, err := uuid.GenerateUUID()
+	if err != nil {
+		return nil, err
+	}
+	// Create the transport socket
+	ts := &pbproxystate.TransportSocket{}
+	ts.ConnectionTls = &pbproxystate.TransportSocket_InboundMesh{
+		InboundMesh: &pbproxystate.InboundMeshMTLS{
+			IdentityKey: uuid,
+			ValidationContext: &pbproxystate.MeshInboundValidationContext{
+				TrustBundlePeerNameKeys: trustBundlePeerNames,
+			},
+		},
+	}
+	s.proxyState.LeafCertificates[uuid] = &pbproxystate.LeafCertificate{
+		Cert: cfgSnap.Leaf().CertPEM,
+		Key:  cfgSnap.Leaf().PrivateKeyPEM,
+	}
+	ts.TlsParameters = makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSIncoming())
+	ts.AlpnProtocols = getAlpnProtocols(cfg.Protocol)
+
+	return ts, nil
+}
+
+func (s *Converter) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot, name string) (*pbproxystate.Listener, error) {
+	l := &pbproxystate.Listener{}
+	l.Routers = make([]*pbproxystate.Router, 0)
+	var err error
+
+	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	if err != nil {
+		// Don't hard fail on a config typo, just warn. The parse func returns
+		// default config if there is an error so it's safe to continue.
+		s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
+	}
+
+	// This controls if we do L4 or L7 intention checks.
+	useHTTPFilter := structs.IsProtocolHTTPLike(cfg.Protocol)
+
+	// TODO(proxystate): Escape hatches will be added in the future. This one is a top level escape hatch.
+	// Generate and return custom public listener from config if one was provided.
+	//if cfg.PublicListenerJSON != "" {
+	//	l, err = makeListenerFromUserConfig(cfg.PublicListenerJSON)
+	//	if err != nil {
+	//		return nil, err
+	//	}
+	//
+	//	// For HTTP-like services attach an RBAC http filter and do a best-effort insert
+	//	if useHTTPFilter {
+	//		httpAuthzFilter, err := makeRBACHTTPFilter(
+	//			cfgSnap.ConnectProxy.Intentions,
+	//			cfgSnap.IntentionDefaultAllow,
+	//			rbacLocalInfo{
+	//				trustDomain: cfgSnap.Roots.TrustDomain,
+	//				datacenter:  cfgSnap.Datacenter,
+	//				partition:   cfgSnap.ProxyID.PartitionOrDefault(),
+	//			},
+	//			cfgSnap.ConnectProxy.InboundPeerTrustBundles,
+	//		)
+	//		if err != nil {
+	//			return nil, err
+	//		}
+	//
+	//		// Try our best to inject the HTTP RBAC filter.
+	//		if err := injectHTTPFilterOnFilterChains(l, httpAuthzFilter); err != nil {
+	//			s.Logger.Warn(
+	//				"could not inject the HTTP RBAC filter to enforce intentions on user-provided "+
+	//					"'envoy_public_listener_json' config; falling back on the RBAC network filter instead",
+	//				"proxy", cfgSnap.ProxyID,
+	//				"error", err,
+	//			)
+	//
+	//			// If we get an error inject the RBAC network filter instead.
+	//			useHTTPFilter = false
+	//		}
+	//	}
+	//
+	//	err := s.finalizePublicListenerFromConfig(l, cfgSnap, useHTTPFilter)
+	//	if err != nil {
+	//		return nil, fmt.Errorf("failed to attach Consul filters and TLS context to custom public listener: %v", err)
+	//	}
+	//	return l, nil
+	//}
+
+	// No JSON user config, use default listener address
+	// Default to listening on all addresses, but override with bind address if one is set.
+	addr := cfgSnap.Address
+	if addr == "" {
+		addr = "0.0.0.0"
+	}
+	if cfg.BindAddress != "" {
+		addr = cfg.BindAddress
+	}
+
+	// Override with bind port if one is set, otherwise default to
+	// proxy service's address
+	port := cfgSnap.Port
+	if cfg.BindPort != 0 {
+		port = cfg.BindPort
+	}
+
+	opts := makeListenerOpts{
+		name: name,
+		//accessLogs: cfgSnap.Proxy.AccessLogs,
+		addr:      addr,
+		port:      port,
+		direction: pbproxystate.Direction_DIRECTION_INBOUND,
+		logger:    s.Logger,
+	}
+	l = makeListener(opts)
+	l.BalanceConnections = balanceConnections[cfg.BalanceInboundConnections]
+
+	// TODO(proxystate): Escape hatches will be added in the future. This one is a top level escape hatch.
+	//var tracing *envoy_http_v3.HttpConnectionManager_Tracing
+	//if cfg.ListenerTracingJSON != "" {
+	//	if tracing, err = makeTracingFromUserConfig(cfg.ListenerTracingJSON); err != nil {
+	//		s.Logger.Warn("failed to parse ListenerTracingJSON config", "error", err)
+	//	}
+	//}
+
+	// make local app cluster router
+	localAppRouter := &pbproxystate.Router{}
+
+	destOpts := destinationOpts{
+		protocol:         cfg.Protocol,
+		filterName:       name,
+		routeName:        name,
+		cluster:          xdscommon.LocalAppClusterName,
+		requestTimeoutMs: cfg.LocalRequestTimeoutMs,
+		idleTimeoutMs:    cfg.LocalIdleTimeoutMs,
+		//tracing:          tracing,
+		//accessLogs:       &cfgSnap.Proxy.AccessLogs,
+		logger: s.Logger,
+	}
+
+	err = s.addRouterDestination(destOpts, localAppRouter)
+	if err != nil {
+		return nil, err
+	}
+
+	if useHTTPFilter {
+		l7Dest := localAppRouter.GetL7()
+		if l7Dest == nil {
+			return nil, fmt.Errorf("l7 destination on inbound listener should not be empty")
+		}
+		l7Dest.AddEmptyIntention = true
+
+		// TODO(proxystate): L7 Intentions and JWT Auth will be added in the future.
+		//jwtFilter, jwtFilterErr := makeJWTAuthFilter(cfgSnap.JWTProviders, cfgSnap.ConnectProxy.Intentions)
+		//if jwtFilterErr != nil {
+		//	return nil, jwtFilterErr
+		//}
+		//rbacFilter, err := makeRBACHTTPFilter(
+		//	cfgSnap.ConnectProxy.Intentions,
+		//	cfgSnap.IntentionDefaultAllow,
+		//	rbacLocalInfo{
+		//		trustDomain: cfgSnap.Roots.TrustDomain,
+		//		datacenter:  cfgSnap.Datacenter,
+		//		partition:   cfgSnap.ProxyID.PartitionOrDefault(),
+		//	},
+		//	cfgSnap.ConnectProxy.InboundPeerTrustBundles,
+		//)
+		//if err != nil {
+		//	return nil, err
+		//}
+		//
+		//filterOpts.httpAuthzFilters = []*envoy_http_v3.HttpFilter{rbacFilter}
+		//
+		//if jwtFilter != nil {
+		//	filterOpts.httpAuthzFilters = append(filterOpts.httpAuthzFilters, jwtFilter)
+		//}
+
+		meshConfig := cfgSnap.MeshConfig()
+		includeXFCC := meshConfig == nil || meshConfig.HTTP == nil || !meshConfig.HTTP.SanitizeXForwardedClientCert
+		l7Dest.IncludeXfcc = includeXFCC
+		l7Dest.Protocol = l7Protocols[cfg.Protocol]
+		if cfg.MaxInboundConnections > 0 {
+			l7Dest.MaxInboundConnections = uint64(cfg.MaxInboundConnections)
+		}
+	} else {
+		l4Dest := localAppRouter.GetL4()
+		if l4Dest == nil {
+			return nil, fmt.Errorf("l4 destination on inbound listener should not be empty")
+		}
+
+		if cfg.MaxInboundConnections > 0 {
+			l4Dest.MaxInboundConnections = uint64(cfg.MaxInboundConnections)
+		}
+
+		// TODO(proxystate): Intentions will be added to l4 destination in the future. This is currently done in finalizePublicListenerFromConfig.
+		l4Dest.AddEmptyIntention = true
+	}
+	l.Routers = append(l.Routers, localAppRouter)
+
+	err = s.finalizePublicListenerFromConfig(l, cfgSnap)
+	if err != nil {
+		return nil, fmt.Errorf("failed to attach Consul filters and TLS context to custom public listener: %v", err)
+	}
+
+	// When permissive mTLS mode is enabled, include an additional router
+	// that matches on the `destination_port == <service port>`. Traffic sent
+	// directly to the service port is passed through to the application
+	// unmodified.
+	if cfgSnap.Proxy.Mode == structs.ProxyModeTransparent &&
+		cfgSnap.Proxy.MutualTLSMode == structs.MutualTLSModePermissive {
+		router, err := makePermissiveRouter(cfgSnap, destOpts)
+		if err != nil {
+			return nil, fmt.Errorf("unable to add permissive mtls router: %w", err)
+		}
+		if router == nil {
+			s.Logger.Debug("no service port defined for service in permissive mTLS mode; not adding filter chain for non-mTLS traffic")
+		} else {
+			l.Routers = append(l.Routers, router)
+
+			// With tproxy, the REDIRECT iptables target rewrites the destination ip/port
+			// to the proxy ip/port (e.g. 127.0.0.1:20000) for incoming packets.
+			// We need the original_dst filter to recover the original destination address.
+			l.Capabilities = append(l.Capabilities, pbproxystate.Capability_CAPABILITY_TRANSPARENT)
+		}
+	}
+	return l, err
+}
+
+func makePermissiveRouter(cfgSnap *proxycfg.ConfigSnapshot, opts destinationOpts) (*pbproxystate.Router, error) {
+	servicePort := cfgSnap.Proxy.LocalServicePort
+	if servicePort <= 0 {
+		// No service port means the service does not accept incoming traffic, so
+		// the connect proxy does not need to listen for incoming non-mTLS traffic.
+		return nil, nil
+	}
+
+	opts.statPrefix += "permissive_"
+	dest, err := makeL4Destination(opts)
+	if err != nil {
+		return nil, err
+	}
+
+	router := &pbproxystate.Router{
+		Match: &pbproxystate.Match{
+			DestinationPort: &wrapperspb.UInt32Value{Value: uint32(servicePort)},
+		},
+		Destination: &pbproxystate.Router_L4{L4: dest},
+	}
+	return router, nil
+}
+
+// finalizePublicListenerFromConfig is used for best-effort injection of L4 intentions and TLS onto listeners.
+func (s *Converter) finalizePublicListenerFromConfig(l *pbproxystate.Listener, cfgSnap *proxycfg.ConfigSnapshot) error {
+	// TODO(proxystate): L4 intentions will be added in the future.
+	//if !useHTTPFilter {
+	//	// Best-effort injection of L4 intentions
+	//	if err := s.injectConnectFilters(cfgSnap, l); err != nil {
+	//		return nil
+	//	}
+	//}
+
+	// Always apply TLS certificates
+	if err := s.injectConnectTLSForPublicListener(cfgSnap, l); err != nil {
+		return nil
+	}
+
+	return nil
+}
+
+func (s *Converter) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSnapshot, cluster string, path structs.ExposePath) (*pbproxystate.Listener, error) {
+	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	if err != nil {
+		// Don't hard fail on a config typo, just warn. The parse func returns
+		// default config if there is an error so it's safe to continue.
+		s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
+	}
+
+	// No user config, use default listener
+	addr := cfgSnap.Address
+
+	// Override with bind address if one is set, otherwise default to 0.0.0.0
+	if cfg.BindAddress != "" {
+		addr = cfg.BindAddress
+	} else if addr == "" {
+		addr = "0.0.0.0"
+	}
+
+	// Strip any special characters from path to make a valid and hopefully unique name
+	r := regexp.MustCompile(`[^a-zA-Z0-9]+`)
+	strippedPath := r.ReplaceAllString(path.Path, "")
+	listenerName := fmt.Sprintf("exposed_path_%s", strippedPath)
+
+	listenerOpts := makeListenerOpts{
+		name: listenerName,
+		//accessLogs: cfgSnap.Proxy.AccessLogs,
+		addr:      addr,
+		port:      path.ListenerPort,
+		direction: pbproxystate.Direction_DIRECTION_INBOUND,
+		logger:    s.Logger,
+	}
+	l := makeListener(listenerOpts)
+
+	filterName := fmt.Sprintf("exposed_path_filter_%s_%d", strippedPath, path.ListenerPort)
+
+	destOpts := destinationOpts{
+		useRDS:           false,
+		protocol:         path.Protocol,
+		filterName:       filterName,
+		routeName:        filterName,
+		cluster:          cluster,
+		statPrefix:       "",
+		routePath:        path.Path,
+		httpAuthzFilters: nil,
+		//accessLogs:       &cfgSnap.Proxy.AccessLogs,
+		logger: s.Logger,
+		// in the exposed check listener we don't set the tracing configuration
+	}
+
+	router := &pbproxystate.Router{}
+	err = s.addRouterDestination(destOpts, router)
+	if err != nil {
+		return nil, err
+	}
+
+	// For registered checks restrict traffic sources to localhost and Consul's advertise addr
+	if path.ParsedFromCheck {
+
+		// For the advertise addr we use a CidrRange that only matches one address
+		advertise := s.CfgFetcher.AdvertiseAddrLAN()
+
+		// Get prefix length based on whether address is ipv4 (32 bits) or ipv6 (128 bits)
+		advertiseLen := 32
+		ip := net.ParseIP(advertise)
+		if ip != nil && strings.Contains(advertise, ":") {
+			advertiseLen = 128
+		}
+
+		ranges := make([]*pbproxystate.CidrRange, 0, 3)
+		ranges = append(ranges,
+			&pbproxystate.CidrRange{AddressPrefix: "127.0.0.1", PrefixLen: &wrapperspb.UInt32Value{Value: 8}},
+			&pbproxystate.CidrRange{AddressPrefix: advertise, PrefixLen: &wrapperspb.UInt32Value{Value: uint32(advertiseLen)}},
+		)
+
+		if ok, err := platform.SupportsIPv6(); err != nil {
+			return nil, err
+		} else if ok {
+			ranges = append(ranges,
+				&pbproxystate.CidrRange{AddressPrefix: "::1", PrefixLen: &wrapperspb.UInt32Value{Value: 128}},
+			)
+		}
+
+		router.Match = &pbproxystate.Match{
+			SourcePrefixRanges: ranges,
+		}
+	}
+
+	l.Routers = []*pbproxystate.Router{router}
+
+	return l, err
+}
+
+// TODO(proxystate): Gateway support will be added in the future.
+// Functions and types to convert from agent/xds/listeners.go:
+// func makeTerminatingGatewayListener
+// type terminatingGatewayFilterChainOpts
+// func makeFilterChainTerminatingGateway
+// func makeMeshGatewayListener
+// func makeMeshGatewayPeerFilterChain
+
+type routerOpts struct {
+	//accessLogs           *structs.AccessLogsConfig
+	routeName   string
+	clusterName string
+	filterName  string
+	protocol    string
+	useRDS      bool
+	statPrefix  string
+	//forwardClientDetails bool
+	//forwardClientPolicy  envoy_http_v3.HttpConnectionManager_ForwardClientCertDetails
+	//tracing              *envoy_http_v3.HttpConnectionManager_Tracing
+}
+
+func (g *Converter) makeUpstreamRouter(opts routerOpts) (*pbproxystate.Router, error) {
+	if opts.statPrefix == "" {
+		opts.statPrefix = "upstream."
+	}
+
+	router := &pbproxystate.Router{}
+
+	err := g.addRouterDestination(destinationOpts{
+		useRDS:     opts.useRDS,
+		protocol:   opts.protocol,
+		filterName: opts.filterName,
+		routeName:  opts.routeName,
+		cluster:    opts.clusterName,
+		statPrefix: opts.statPrefix,
+		//forwardClientDetails: opts.forwardClientDetails,
+		//forwardClientPolicy:  opts.forwardClientPolicy,
+		//tracing:              opts.tracing,
+		//accessLogs:           opts.accessLogs,
+		logger: g.Logger,
+	}, router)
+	if err != nil {
+		return nil, err
+	}
+
+	return router, nil
+}
+
+// simpleChainTarget returns the discovery target for a chain with a single node.
+// A chain can have a single target if it is for a TCP service or an HTTP service without
+// multiple splits/routes/failovers.
+func simpleChainTarget(chain *structs.CompiledDiscoveryChain) (*structs.DiscoveryTarget, error) {
+	startNode := chain.Nodes[chain.StartNode]
+	if startNode == nil {
+		return nil, fmt.Errorf("missing first node in compiled discovery chain for: %s", chain.ServiceName)
+	}
+	if startNode.Type != structs.DiscoveryGraphNodeTypeResolver {
+		return nil, fmt.Errorf("expected discovery chain with single node, found unexpected start node: %s", startNode.Type)
+	}
+	targetID := startNode.Resolver.Target
+	return chain.Targets[targetID], nil
+}
+
+func (s *Converter) getAndModifyUpstreamConfigForListener(
+	uid proxycfg.UpstreamID,
+	u *structs.Upstream,
+	chain *structs.CompiledDiscoveryChain,
+) structs.UpstreamConfig {
+	var (
+		cfg structs.UpstreamConfig
+		err error
+	)
+
+	configMap := make(map[string]interface{})
+	if u != nil {
+		configMap = u.Config
+	}
+	if chain == nil || chain.Default {
+		cfg, err = structs.ParseUpstreamConfigNoDefaults(configMap)
+		if err != nil {
+			// Don't hard fail on a config typo, just warn. The parse func returns
+			// default config if there is an error so it's safe to continue.
+			s.Logger.Warn("failed to parse", "upstream", uid, "error", err)
+		}
+	} else {
+		// Use NoDefaults here so that we can set the protocol to the chain
+		// protocol if necessary
+		cfg, err = structs.ParseUpstreamConfigNoDefaults(configMap)
+		if err != nil {
+			// Don't hard fail on a config typo, just warn. The parse func returns
+			// default config if there is an error so it's safe to continue.
+			s.Logger.Warn("failed to parse", "upstream", uid, "error", err)
+		}
+
+		if cfg.EnvoyListenerJSON != "" {
+			s.Logger.Warn("ignoring escape hatch setting because already configured for",
+				"discovery chain", chain.ServiceName, "upstream", uid, "config", "envoy_listener_json")
+
+			// Remove from config struct so we don't use it later on
+			cfg.EnvoyListenerJSON = ""
+		}
+	}
+	protocol := cfg.Protocol
+	if chain != nil {
+		if protocol == "" {
+			protocol = chain.Protocol
+		}
+		if protocol == "" {
+			protocol = "tcp"
+		}
+	} else {
+		protocol = "tcp"
+	}
+
+	// set back on the config so that we can use it from return value
+	cfg.Protocol = protocol
+
+	return cfg
+}
+
+func (s *Converter) getAndModifyUpstreamConfigForPeeredListener(
+	uid proxycfg.UpstreamID,
+	u *structs.Upstream,
+	peerMeta structs.PeeringServiceMeta,
+) structs.UpstreamConfig {
+	var (
+		cfg structs.UpstreamConfig
+		err error
+	)
+
+	configMap := make(map[string]interface{})
+	if u != nil {
+		configMap = u.Config
+	}
+
+	cfg, err = structs.ParseUpstreamConfigNoDefaults(configMap)
+	if err != nil {
+		// Don't hard fail on a config typo, just warn. The parse func returns
+		// default config if there is an error so it's safe to continue.
+		s.Logger.Warn("failed to parse", "upstream", uid, "error", err)
+	}
+
+	// Ignore the configured protocol for peer upstreams, since it is defined by the remote
+	// cluster, which we cannot control.
+	protocol := peerMeta.Protocol
+	if protocol == "" {
+		protocol = "tcp"
+	}
+
+	// set back on the config so that we can use it from return value
+	cfg.Protocol = protocol
+
+	if cfg.ConnectTimeoutMs == 0 {
+		cfg.ConnectTimeoutMs = 5000
+	}
+
+	if cfg.MeshGateway.Mode == "" && u != nil {
+		cfg.MeshGateway = u.MeshGateway
+	}
+
+	return cfg
+}
+
+type destinationOpts struct {
+	// All listener filters
+	// TODO(proxystate): access logs support will be added later
+	//accessLogs *structs.AccessLogsConfig
+	cluster    string
+	filterName string
+	logger     hclog.Logger
+	protocol   string
+	statPrefix string
+
+	// HTTP listener filter options
+	forwardClientDetails bool
+	forwardClientPolicy  envoy_http_v3.HttpConnectionManager_ForwardClientCertDetails
+	httpAuthzFilters     []*envoy_http_v3.HttpFilter
+	idleTimeoutMs        *int
+	requestTimeoutMs     *int
+	routeName            string
+	routePath            string
+	// TODO(proxystate): tracing support will be added later
+	//tracing              *envoy_http_v3.HttpConnectionManager_Tracing
+	useRDS bool
+}
+
+func (g *Converter) addRouterDestination(opts destinationOpts, router *pbproxystate.Router) error {
+	switch opts.protocol {
+	case "grpc", "http2", "http":
+		dest, err := g.makeL7Destination(opts)
+		if err != nil {
+			return err
+		}
+		router.Destination = &pbproxystate.Router_L7{
+			L7: dest,
+		}
+		return nil
+	case "tcp":
+		fallthrough
+	default:
+		if opts.useRDS {
+			return fmt.Errorf("RDS is not compatible with the tcp proxy filter")
+		} else if opts.cluster == "" {
+			return fmt.Errorf("cluster name is required for a tcp proxy filter")
+		}
+		dest, err := makeL4Destination(opts)
+		if err != nil {
+			return err
+		}
+		router.Destination = &pbproxystate.Router_L4{
+			L4: dest,
+		}
+		return nil
+	}
+}
+
+func makeL4Destination(opts destinationOpts) (*pbproxystate.L4Destination, error) {
+	// TODO(proxystate): implement access logs at top level
+	//accessLogs, err := accesslogs.MakeAccessLogs(opts.accessLogs, false)
+	//if err != nil && opts.logger != nil {
+	//	opts.logger.Warn("could not make access log xds for tcp proxy", err)
+	//}
+
+	l4Dest := &pbproxystate.L4Destination{
+		//AccessLog:        accessLogs,
+		Name:       opts.cluster,
+		StatPrefix: makeStatPrefix(opts.statPrefix, opts.filterName),
+	}
+	return l4Dest, nil
+}
+
+func makeStatPrefix(prefix, filterName string) string {
+	// Replace colons here because Envoy does that in the metrics for the actual
+	// clusters but doesn't in the stat prefix here while dashboards assume they
+	// will match.
+	return fmt.Sprintf("%s%s", prefix, strings.Replace(filterName, ":", "_", -1))
+}
+
+func (g *Converter) makeL7Destination(opts destinationOpts) (*pbproxystate.L7Destination, error) {
+	dest := &pbproxystate.L7Destination{}
+
+	// TODO(proxystate) access logs will be added to proxystate top level and in xds generation
+	//accessLogs, err := accesslogs.MakeAccessLogs(opts.accessLogs, false)
+	//if err != nil && opts.logger != nil {
+	//	opts.logger.Warn("could not make access log xds for http connection manager", err)
+	//}
+
+	// An L7 Destination's name will be the route name, so during xds generation the route can be looked up.
+	dest.Name = opts.routeName
+	dest.StatPrefix = makeStatPrefix(opts.statPrefix, opts.filterName)
+
+	// TODO(proxystate) tracing will be added at the top level proxystate and xds generation
+	//if opts.tracing != nil {
+	//	cfg.Tracing = opts.tracing
+	//}
+
+	if opts.useRDS {
+		if opts.cluster != "" {
+			return nil, fmt.Errorf("cannot specify cluster name when using RDS")
+		}
+	} else {
+		dest.StaticRoute = true
+
+		if opts.cluster == "" {
+			return nil, fmt.Errorf("must specify cluster name when not using RDS")
+		}
+
+		routeRule := &pbproxystate.RouteRule{
+			Match: &pbproxystate.RouteMatch{
+				PathMatch: &pbproxystate.PathMatch{
+					PathMatch: &pbproxystate.PathMatch_Prefix{
+						Prefix: "/",
+					},
+				},
+				// TODO(banks) Envoy supports matching only valid GRPC
+				// requests which might be nice to add here for gRPC services
+				// but it's not supported in our current envoy SDK version
+				// although docs say it was supported by 1.8.0. Going to defer
+				// that until we've updated the deps.
+			},
+			Destination: &pbproxystate.RouteDestination{
+				Destination: &pbproxystate.RouteDestination_Cluster{
+					Cluster: &pbproxystate.DestinationCluster{
+						Name: opts.cluster,
+					},
+				},
+			},
+		}
+
+		var timeoutCfg *pbproxystate.TimeoutConfig
+		r := routeRule.GetDestination()
+
+		if opts.requestTimeoutMs != nil {
+			if timeoutCfg == nil {
+				timeoutCfg = &pbproxystate.TimeoutConfig{}
+			}
+			timeoutCfg.Timeout = durationpb.New(time.Duration(*opts.requestTimeoutMs) * time.Millisecond)
+		}
+
+		if opts.idleTimeoutMs != nil {
+			if timeoutCfg == nil {
+				timeoutCfg = &pbproxystate.TimeoutConfig{}
+			}
+			timeoutCfg.IdleTimeout = durationpb.New(time.Duration(*opts.idleTimeoutMs) * time.Millisecond)
+		}
+		r.DestinationConfiguration = &pbproxystate.DestinationConfiguration{
+			TimeoutConfig: timeoutCfg,
+		}
+
+		// If a path is provided, do not match on a catch-all prefix
+		if opts.routePath != "" {
+			routeRule.Match.PathMatch = &pbproxystate.PathMatch{
+				PathMatch: &pbproxystate.PathMatch_Exact{
+					Exact: opts.routePath,
+				},
+			}
+		}
+
+		// Create static route object
+		route := &pbproxystate.Route{
+			VirtualHosts: []*pbproxystate.VirtualHost{
+				{
+					Name:    opts.filterName,
+					Domains: []string{"*"},
+					RouteRules: []*pbproxystate.RouteRule{
+						routeRule,
+					},
+				},
+			},
+		}
+		// Save the route to proxy state.
+		g.proxyState.Routes[opts.routeName] = route
+	}
+
+	dest.Protocol = l7Protocols[opts.protocol]
+
+	// TODO(proxystate) need to include xfcc policy in future L7 task
+	//// Note the default leads to setting HttpConnectionManager_SANITIZE
+	//if opts.forwardClientDetails {
+	//	cfg.ForwardClientCertDetails = opts.forwardClientPolicy
+	//	cfg.SetCurrentClientCertDetails = &envoy_http_v3.HttpConnectionManager_SetCurrentClientCertDetails{
+	//		Subject: &wrapperspb.BoolValue{Value: true},
+	//		Cert:    true,
+	//		Chain:   true,
+	//		Dns:     true,
+	//		Uri:     true,
+	//	}
+	//}
+
+	// Like injectConnectFilters for L4, here we ensure that the first filter
+	// (other than the "envoy.grpc_http1_bridge" filter) in the http filter
+	// chain of a public listener is the authz filter to prevent unauthorized
+	// access and that every filter chain uses our TLS certs.
+	if len(opts.httpAuthzFilters) > 0 {
+		// TODO(proxystate) support intentions in the future
+		dest.Intentions = make([]*pbproxystate.L7Intention, 0)
+		//cfg.HttpFilters = append(opts.httpAuthzFilters, cfg.HttpFilters...)
+	}
+
+	// TODO(proxystate) add grpc http filters in xds in future L7 task
+	//if opts.protocol == "grpc" {
+	//	grpcHttp1Bridge, err := makeEnvoyHTTPFilter(
+	//		"envoy.filters.http.grpc_http1_bridge",
+	//		&envoy_grpc_http1_bridge_v3.Config{},
+	//	)
+	//	if err != nil {
+	//		return nil, err
+	//	}
+	//
+	//	// In envoy 1.14.x the default value "stats_for_all_methods=true" was
+	//	// deprecated, and was changed to "false" in 1.18.x. Avoid using the
+	//	// default. TODO: we may want to expose this to users somehow easily.
+	//	grpcStatsFilter, err := makeEnvoyHTTPFilter(
+	//		"envoy.filters.http.grpc_stats",
+	//		&envoy_grpc_stats_v3.FilterConfig{
+	//			PerMethodStatSpecifier: &envoy_grpc_stats_v3.FilterConfig_StatsForAllMethods{
+	//				StatsForAllMethods: makeBoolValue(true),
+	//			},
+	//		},
+	//	)
+	//	if err != nil {
+	//		return nil, err
+	//	}
+	//
+	//	// Add grpc bridge before router and authz, and the stats in front of that.
+	//	cfg.HttpFilters = append([]*envoy_http_v3.HttpFilter{
+	//		grpcStatsFilter,
+	//		grpcHttp1Bridge,
+	//	}, cfg.HttpFilters...)
+	//}
+
+	return dest, nil
+}
+
+var tlsVersionsWithConfigurableCipherSuites = map[types.TLSVersion]struct{}{
+	// Remove these two if Envoy ever sets TLS 1.3 as default minimum
+	types.TLSVersionUnspecified: {},
+	types.TLSVersionAuto:        {},
+
+	types.TLSv1_0: {},
+	types.TLSv1_1: {},
+	types.TLSv1_2: {},
+}
+
+func makeTLSParametersFromProxyTLSConfig(tlsConf *structs.MeshDirectionalTLSConfig) *pbproxystate.TLSParameters {
+	if tlsConf == nil {
+		return &pbproxystate.TLSParameters{}
+	}
+
+	return makeTLSParametersFromTLSConfig(tlsConf.TLSMinVersion, tlsConf.TLSMaxVersion, tlsConf.CipherSuites)
+}
+
+func makeTLSParametersFromTLSConfig(
+	tlsMinVersion types.TLSVersion,
+	tlsMaxVersion types.TLSVersion,
+	cipherSuites []types.TLSCipherSuite,
+) *pbproxystate.TLSParameters {
+	tlsParams := pbproxystate.TLSParameters{}
+
+	if tlsMinVersion != types.TLSVersionUnspecified {
+		tlsParams.MinVersion = tlsVersions[tlsMinVersion]
+	}
+	if tlsMaxVersion != types.TLSVersionUnspecified {
+		tlsParams.MaxVersion = tlsVersions[tlsMaxVersion]
+	}
+	if len(cipherSuites) != 0 {
+		var suites []pbproxystate.TLSCipherSuite
+		for _, cs := range cipherSuites {
+			suites = append(suites, tlsCipherSuites[cs])
+		}
+		tlsParams.CipherSuites = suites
+	}
+
+	return &tlsParams
+}
+
+var tlsVersions = map[types.TLSVersion]pbproxystate.TLSVersion{
+	types.TLSVersionAuto: pbproxystate.TLSVersion_TLS_VERSION_AUTO,
+	types.TLSv1_0:        pbproxystate.TLSVersion_TLS_VERSION_1_0,
+	types.TLSv1_1:        pbproxystate.TLSVersion_TLS_VERSION_1_1,
+	types.TLSv1_2:        pbproxystate.TLSVersion_TLS_VERSION_1_2,
+	types.TLSv1_3:        pbproxystate.TLSVersion_TLS_VERSION_1_3,
+}
+
+var tlsCipherSuites = map[types.TLSCipherSuite]pbproxystate.TLSCipherSuite{
+	types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:       pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256,
+	types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305,
+	types.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:         pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256,
+	types.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:   pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305,
+	types.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:          pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA,
+	types.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:            pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA,
+	types.TLS_RSA_WITH_AES_128_GCM_SHA256:               pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES128_GCM_SHA256,
+	types.TLS_RSA_WITH_AES_128_CBC_SHA:                  pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES128_SHA,
+	types.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:       pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384,
+	types.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:         pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384,
+	types.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:          pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA,
+	types.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:            pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA,
+	types.TLS_RSA_WITH_AES_256_GCM_SHA384:               pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES256_GCM_SHA384,
+	types.TLS_RSA_WITH_AES_256_CBC_SHA:                  pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES256_SHA,
+}
+
+var l7Protocols = map[string]pbproxystate.L7Protocol{
+	"http":  pbproxystate.L7Protocol_L7_PROTOCOL_HTTP,
+	"http2": pbproxystate.L7Protocol_L7_PROTOCOL_HTTP2,
+	"grpc":  pbproxystate.L7Protocol_L7_PROTOCOL_GRPC,
+}
+
+var balanceConnections = map[string]pbproxystate.BalanceConnections{
+	"":                             pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_DEFAULT,
+	structs.ConnectionExactBalance: pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_EXACT,
+}
diff --git a/agent/xds/resources.go b/agent/xds/resources.go
index 15378861f300..fc761040029c 100644
--- a/agent/xds/resources.go
+++ b/agent/xds/resources.go
@@ -6,6 +6,7 @@ package xds
 import (
 	"fmt"
 
+	"github.com/hashicorp/consul/agent/xds/configfetcher"
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/protobuf/proto"
 
@@ -18,7 +19,7 @@ import (
 // resources for a single client.
 type ResourceGenerator struct {
 	Logger         hclog.Logger
-	CfgFetcher     ConfigFetcher
+	CfgFetcher     configfetcher.ConfigFetcher
 	IncrementalXDS bool
 
 	ProxyFeatures xdscommon.SupportedProxyFeatures
@@ -26,7 +27,7 @@ type ResourceGenerator struct {
 
 func NewResourceGenerator(
 	logger hclog.Logger,
-	cfgFetcher ConfigFetcher,
+	cfgFetcher configfetcher.ConfigFetcher,
 	incrementalXDS bool,
 ) *ResourceGenerator {
 	return &ResourceGenerator{
diff --git a/agent/xds/routes.go b/agent/xds/routes.go
index 92b7d6db0c75..31b1c4a93241 100644
--- a/agent/xds/routes.go
+++ b/agent/xds/routes.go
@@ -22,6 +22,7 @@ import (
 	"github.com/hashicorp/consul/agent/consul/discoverychain"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/config"
 )
 
 // routesFromSnapshot returns the xDS API representation of the "routes" in the
@@ -140,7 +141,7 @@ func (s *ResourceGenerator) routesForTerminatingGateway(cfgSnap *proxycfg.Config
 	var resources []proto.Message
 	for _, svc := range cfgSnap.TerminatingGateway.ValidServices() {
 		clusterName := connect.ServiceSNI(svc.Name, "", svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
-		cfg, err := ParseProxyConfig(cfgSnap.TerminatingGateway.ServiceConfigs[svc].ProxyConfig)
+		cfg, err := config.ParseProxyConfig(cfgSnap.TerminatingGateway.ServiceConfigs[svc].ProxyConfig)
 		if err != nil {
 			// Don't hard fail on a config typo, just warn. The parse func returns
 			// default config if there is an error so it's safe to continue.
@@ -168,7 +169,7 @@ func (s *ResourceGenerator) routesForTerminatingGateway(cfgSnap *proxycfg.Config
 
 		for _, address := range svcConfig.Destination.Addresses {
 			clusterName := clusterNameForDestination(cfgSnap, svc.Name, address, svc.NamespaceOrDefault(), svc.PartitionOrDefault())
-			cfg, err := ParseProxyConfig(cfgSnap.TerminatingGateway.ServiceConfigs[svc].ProxyConfig)
+			cfg, err := config.ParseProxyConfig(cfgSnap.TerminatingGateway.ServiceConfigs[svc].ProxyConfig)
 			if err != nil {
 				// Don't hard fail on a config typo, just warn. The parse func returns
 				// default config if there is an error so it's safe to continue.
diff --git a/agent/xds/server.go b/agent/xds/server.go
index c8a5fa1086de..c8ffeef842dd 100644
--- a/agent/xds/server.go
+++ b/agent/xds/server.go
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
+	"github.com/hashicorp/consul/agent/xds/configfetcher"
 
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 
@@ -70,13 +71,6 @@ const (
 	// services named "local_agent" in the future.
 	LocalAgentClusterName = "local_agent"
 
-	// OriginalDestinationClusterName is the name we give to the passthrough
-	// cluster which redirects transparently-proxied requests to their original
-	// destination outside the mesh. This cluster prevents Consul from blocking
-	// connections to destinations outside of the catalog when in transparent
-	// proxy mode.
-	OriginalDestinationClusterName = "original-destination"
-
 	// DefaultAuthCheckFrequency is the default value for
 	// Server.AuthCheckFrequency to use when the zero value is provided.
 	DefaultAuthCheckFrequency = 5 * time.Minute
@@ -88,12 +82,6 @@ const (
 // coupling this to the agent.
 type ACLResolverFunc func(id string) (acl.Authorizer, error)
 
-// ConfigFetcher is the interface the agent needs to expose
-// for the xDS server to fetch agent config, currently only one field is fetched
-type ConfigFetcher interface {
-	AdvertiseAddrLAN() string
-}
-
 // ProxyConfigSource is the interface xds.Server requires to consume proxy
 // config updates.
 type ProxyConfigSource interface {
@@ -110,7 +98,7 @@ type Server struct {
 	Logger       hclog.Logger
 	CfgSrc       ProxyConfigSource
 	ResolveToken ACLResolverFunc
-	CfgFetcher   ConfigFetcher
+	CfgFetcher   configfetcher.ConfigFetcher
 
 	// AuthCheckFrequency is how often we should re-check the credentials used
 	// during a long-lived gRPC Stream after it has been initially established.
@@ -161,7 +149,7 @@ func NewServer(
 	logger hclog.Logger,
 	cfgMgr ProxyConfigSource,
 	resolveTokenSecret ACLResolverFunc,
-	cfgFetcher ConfigFetcher,
+	cfgFetcher configfetcher.ConfigFetcher,
 ) *Server {
 	return &Server{
 		NodeName:           nodeName,
diff --git a/agent/xdsv2/cluster_resources.go b/agent/xdsv2/cluster_resources.go
new file mode 100644
index 000000000000..c162d05c8d84
--- /dev/null
+++ b/agent/xdsv2/cluster_resources.go
@@ -0,0 +1,6 @@
+package xdsv2
+
+// TODO(proxystate): In a future PR this will create clusters and add it to ProxyResources.proxyState
+func (pr *ProxyResources) makeCluster(name string) error {
+	return nil
+}
diff --git a/agent/xdsv2/listener_resources.go b/agent/xdsv2/listener_resources.go
new file mode 100644
index 000000000000..6d6ce7c8002e
--- /dev/null
+++ b/agent/xdsv2/listener_resources.go
@@ -0,0 +1,967 @@
+package xdsv2
+
+import (
+	"fmt"
+	"sort"
+	"strconv"
+
+	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
+	envoy_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3"
+	envoy_grpc_http1_bridge_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_http1_bridge/v3"
+	envoy_grpc_stats_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_stats/v3"
+	envoy_http_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3"
+	envoy_extensions_filters_listener_http_inspector_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/http_inspector/v3"
+	envoy_original_dst_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_dst/v3"
+	envoy_tls_inspector_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3"
+	envoy_connection_limit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/connection_limit/v3"
+	envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
+	envoy_network_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rbac/v3"
+	envoy_sni_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_cluster/v3"
+	envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3"
+	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
+	envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
+	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
+	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
+
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/lib"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+)
+
+const (
+	envoyNetworkFilterName                     = "envoy.filters.network.tcp_proxy"
+	envoyOriginalDestinationListenerFilterName = "envoy.filters.listener.original_dst"
+	envoyTLSInspectorListenerFilterName        = "envoy.filters.listener.tls_inspector"
+	envoyHttpInspectorListenerFilterName       = "envoy.filters.listener.http_inspector"
+	envoyHttpConnectionManagerFilterName       = "envoy.filters.network.http_connection_manager"
+)
+
+func (pr *ProxyResources) makeListener(listener *pbproxystate.Listener) (*envoy_listener_v3.Listener, error) {
+	envoyListener := &envoy_listener_v3.Listener{}
+
+	// Listener Address
+	var address *envoy_core_v3.Address
+	switch listener.BindAddress.(type) {
+	case *pbproxystate.Listener_HostPort:
+		address = makeIpPortEnvoyAddress(listener.BindAddress.(*pbproxystate.Listener_HostPort))
+	case *pbproxystate.Listener_UnixSocket:
+		address = makeUnixSocketEnvoyAddress(listener.BindAddress.(*pbproxystate.Listener_UnixSocket))
+	default:
+		// This should be impossible to reach because we're using protobufs.
+		return nil, fmt.Errorf("invalid listener bind address type: %t", listener.BindAddress)
+	}
+	envoyListener.Address = address
+
+	// Listener Direction
+	var direction envoy_core_v3.TrafficDirection
+	switch listener.Direction {
+	case pbproxystate.Direction_DIRECTION_OUTBOUND:
+		direction = envoy_core_v3.TrafficDirection_OUTBOUND
+	case pbproxystate.Direction_DIRECTION_INBOUND:
+		direction = envoy_core_v3.TrafficDirection_INBOUND
+	case pbproxystate.Direction_DIRECTION_UNSPECIFIED:
+		direction = envoy_core_v3.TrafficDirection_UNSPECIFIED
+	default:
+		return nil, fmt.Errorf("no direction for listener %+v", listener.Name)
+	}
+	envoyListener.TrafficDirection = direction
+
+	// Before creating the filter chains, sort routers by match to avoid draining if the list is provided out of order.
+	sortRouters(listener.Routers)
+
+	// Listener filter chains
+	for _, r := range listener.Routers {
+		filterChain, err := pr.makeEnvoyListenerFilterChain(r)
+		if err != nil {
+			return nil, fmt.Errorf("could not make filter chain: %w", err)
+		}
+		envoyListener.FilterChains = append(envoyListener.FilterChains, filterChain)
+	}
+
+	if listener.DefaultRouter != nil {
+		defaultFilterChain, err := pr.makeEnvoyListenerFilterChain(listener.DefaultRouter)
+		if err != nil {
+			return nil, fmt.Errorf("could not make filter chain: %w", err)
+		}
+		envoyListener.DefaultFilterChain = defaultFilterChain
+	}
+
+	// Envoy builtin listener filters
+	for _, c := range listener.Capabilities {
+		listenerFilter, err := makeEnvoyListenerFilter(c)
+		if err != nil {
+			return nil, fmt.Errorf("could not make listener filter: %w", err)
+		}
+		envoyListener.ListenerFilters = append(envoyListener.ListenerFilters, listenerFilter)
+	}
+
+	err := addEnvoyListenerConnectionBalanceConfig(listener.BalanceConnections, envoyListener)
+	if err != nil {
+		return nil, err
+	}
+
+	envoyListener.Name = listener.Name
+	envoyListener.Address = address
+	envoyListener.TrafficDirection = direction
+
+	return envoyListener, nil
+}
+
+func makeEnvoyConnectionLimitFilter(maxInboundConns uint64) (*envoy_listener_v3.Filter, error) {
+	cfg := &envoy_connection_limit_v3.ConnectionLimit{
+		StatPrefix:     "inbound_connection_limit",
+		MaxConnections: wrapperspb.UInt64(maxInboundConns),
+	}
+
+	return makeEnvoyFilter("envoy.filters.network.connection_limit", cfg)
+}
+
+func addEnvoyListenerConnectionBalanceConfig(balanceType pbproxystate.BalanceConnections, listener *envoy_listener_v3.Listener) error {
+	switch balanceType {
+	case pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_DEFAULT:
+		// Default with no balancing.
+		return nil
+	case pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_EXACT:
+		listener.ConnectionBalanceConfig = &envoy_listener_v3.Listener_ConnectionBalanceConfig{
+			BalanceType: &envoy_listener_v3.Listener_ConnectionBalanceConfig_ExactBalance_{},
+		}
+		return nil
+	default:
+		// This should be impossible using protobufs.
+		return fmt.Errorf("unsupported connection balance option: %+v", balanceType)
+	}
+}
+
+func makeIpPortEnvoyAddress(address *pbproxystate.Listener_HostPort) *envoy_core_v3.Address {
+	return &envoy_core_v3.Address{
+		Address: &envoy_core_v3.Address_SocketAddress{
+			SocketAddress: &envoy_core_v3.SocketAddress{
+				Address: address.HostPort.Host,
+				PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{
+					PortValue: address.HostPort.Port,
+				},
+			},
+		},
+	}
+}
+
+func makeUnixSocketEnvoyAddress(address *pbproxystate.Listener_UnixSocket) *envoy_core_v3.Address {
+	modeInt, err := strconv.ParseUint(address.UnixSocket.Mode, 0, 32)
+	if err != nil {
+		modeInt = 0
+	}
+	return &envoy_core_v3.Address{
+		Address: &envoy_core_v3.Address_Pipe{
+			Pipe: &envoy_core_v3.Pipe{
+				Path: address.UnixSocket.Path,
+				Mode: uint32(modeInt),
+			},
+		},
+	}
+}
+
+func (pr *ProxyResources) makeEnvoyListenerFilterChain(router *pbproxystate.Router) (*envoy_listener_v3.FilterChain, error) {
+	envoyFilterChain := &envoy_listener_v3.FilterChain{}
+
+	if router == nil {
+		return nil, fmt.Errorf("no router to create filter chain")
+	}
+
+	// Router Match
+	match := makeEnvoyFilterChainMatch(router.Match)
+	if match != nil {
+		envoyFilterChain.FilterChainMatch = match
+	}
+
+	// Router Destination
+	var envoyFilters []*envoy_listener_v3.Filter
+	switch router.Destination.(type) {
+	case *pbproxystate.Router_L4:
+		l4Filters, err := pr.makeEnvoyResourcesForL4Destination(router.Destination.(*pbproxystate.Router_L4))
+		if err != nil {
+			return nil, err
+		}
+		envoyFilters = append(envoyFilters, l4Filters...)
+	case *pbproxystate.Router_L7:
+		l7 := router.Destination.(*pbproxystate.Router_L7)
+		l7Filters, err := pr.makeEnvoyResourcesForL7Destination(l7)
+		if err != nil {
+			return nil, err
+		}
+
+		// Inject ALPN protocols to router's TLS if destination is L7
+		if router.InboundTls != nil {
+			router.InboundTls.AlpnProtocols = getAlpnProtocols(l7.L7.Protocol)
+		}
+		envoyFilters = append(envoyFilters, l7Filters...)
+	case *pbproxystate.Router_Sni:
+		sniFilters, err := pr.makeEnvoyResourcesForSNIDestination(router.Destination.(*pbproxystate.Router_Sni))
+		if err != nil {
+			return nil, err
+		}
+		envoyFilters = append(envoyFilters, sniFilters...)
+	default:
+		// This should be impossible using protobufs.
+		return nil, fmt.Errorf("unsupported destination type: %t", router.Destination)
+
+	}
+
+	// Router TLS
+	ts, err := pr.makeEnvoyTransportSocket(router.InboundTls)
+	if err != nil {
+		return nil, err
+	}
+	envoyFilterChain.TransportSocket = ts
+
+	envoyFilterChain.Filters = envoyFilters
+	return envoyFilterChain, err
+}
+
+func makeEnvoyFilterChainMatch(routerMatch *pbproxystate.Match) *envoy_listener_v3.FilterChainMatch {
+	var envoyFilterChainMatch *envoy_listener_v3.FilterChainMatch
+	if routerMatch != nil {
+		envoyFilterChainMatch = &envoy_listener_v3.FilterChainMatch{}
+
+		envoyFilterChainMatch.DestinationPort = routerMatch.DestinationPort
+
+		if len(routerMatch.ServerNames) > 0 {
+			var serverNames []string
+			for _, n := range routerMatch.ServerNames {
+				serverNames = append(serverNames, n)
+			}
+			envoyFilterChainMatch.ServerNames = serverNames
+		}
+		if len(routerMatch.PrefixRanges) > 0 {
+			sortPrefixRanges(routerMatch.PrefixRanges)
+			var ranges []*envoy_core_v3.CidrRange
+			for _, r := range routerMatch.PrefixRanges {
+				cidrRange := &envoy_core_v3.CidrRange{
+					PrefixLen:     r.PrefixLen,
+					AddressPrefix: r.AddressPrefix,
+				}
+				ranges = append(ranges, cidrRange)
+			}
+			envoyFilterChainMatch.PrefixRanges = ranges
+		}
+		if len(routerMatch.SourcePrefixRanges) > 0 {
+			var ranges []*envoy_core_v3.CidrRange
+			for _, r := range routerMatch.SourcePrefixRanges {
+				cidrRange := &envoy_core_v3.CidrRange{
+					PrefixLen:     r.PrefixLen,
+					AddressPrefix: r.AddressPrefix,
+				}
+				ranges = append(ranges, cidrRange)
+			}
+			envoyFilterChainMatch.SourcePrefixRanges = ranges
+		}
+	}
+	return envoyFilterChainMatch
+}
+
+func (pr *ProxyResources) makeEnvoyResourcesForSNIDestination(sni *pbproxystate.Router_Sni) ([]*envoy_listener_v3.Filter, error) {
+	var envoyFilters []*envoy_listener_v3.Filter
+	sniFilter, err := makeEnvoyFilter("envoy.filters.network.sni_cluster", &envoy_sni_cluster_v3.SniCluster{})
+	if err != nil {
+		return nil, err
+	}
+	tcp := &envoy_tcp_proxy_v3.TcpProxy{
+		StatPrefix:       sni.Sni.StatPrefix,
+		ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_Cluster{Cluster: ""},
+	}
+	tcpFilter, err := makeEnvoyFilter(envoyNetworkFilterName, tcp)
+	if err != nil {
+		return nil, err
+	}
+	envoyFilters = append(envoyFilters, sniFilter, tcpFilter)
+	return envoyFilters, err
+}
+
+func (pr *ProxyResources) makeEnvoyResourcesForL4Destination(l4 *pbproxystate.Router_L4) ([]*envoy_listener_v3.Filter, error) {
+	err := pr.makeCluster(l4.L4.Name)
+	if err != nil {
+		return nil, err
+	}
+	envoyFilters, err := makeL4Filters(l4.L4)
+	return envoyFilters, err
+}
+
+func (pr *ProxyResources) makeEnvoyResourcesForL7Destination(l7 *pbproxystate.Router_L7) ([]*envoy_listener_v3.Filter, error) {
+	envoyFilters, err := pr.makeL7Filters(l7.L7)
+	if err != nil {
+		return nil, err
+	}
+	return envoyFilters, err
+}
+
+func getAlpnProtocols(protocol pbproxystate.L7Protocol) []string {
+	var alpnProtocols []string
+
+	switch protocol {
+	case pbproxystate.L7Protocol_L7_PROTOCOL_GRPC, pbproxystate.L7Protocol_L7_PROTOCOL_HTTP2:
+		alpnProtocols = append(alpnProtocols, "h2", "http/1.1")
+	case pbproxystate.L7Protocol_L7_PROTOCOL_HTTP:
+		alpnProtocols = append(alpnProtocols, "http/1.1")
+	}
+
+	return alpnProtocols
+}
+
+func makeL4Filters(l4 *pbproxystate.L4Destination) ([]*envoy_listener_v3.Filter, error) {
+	var envoyFilters []*envoy_listener_v3.Filter
+	if l4 != nil {
+		// Add rbac filter. RBAC filter needs to be added first so any
+		// unauthorized connections will get rejected.
+		// TODO(proxystate): Intentions will be added in the future.
+		if l4.AddEmptyIntention {
+			rbacFilter, err := makeEmptyRBACNetworkFilter()
+			if err != nil {
+				return nil, err
+			}
+			envoyFilters = append(envoyFilters, rbacFilter)
+		}
+
+		if l4.MaxInboundConnections > 0 {
+			connectionLimitFilter, err := makeEnvoyConnectionLimitFilter(l4.MaxInboundConnections)
+			if err != nil {
+				return nil, err
+			}
+			envoyFilters = append(envoyFilters, connectionLimitFilter)
+		}
+
+		// Add tcp proxy filter
+		tcp := &envoy_tcp_proxy_v3.TcpProxy{
+			ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_Cluster{Cluster: l4.Name},
+			StatPrefix:       l4.StatPrefix,
+		}
+		tcpFilter, err := makeEnvoyFilter(envoyNetworkFilterName, tcp)
+		if err != nil {
+			return nil, err
+		}
+		envoyFilters = append(envoyFilters, tcpFilter)
+	}
+	return envoyFilters, nil
+
+}
+
+func makeEmptyRBACNetworkFilter() (*envoy_listener_v3.Filter, error) {
+	cfg := &envoy_network_rbac_v3.RBAC{
+		StatPrefix: "connect_authz",
+		Rules:      &envoy_rbac_v3.RBAC{},
+	}
+	filter, err := makeEnvoyFilter("envoy.filters.network.rbac", cfg)
+	if err != nil {
+		return nil, err
+	}
+	return filter, nil
+}
+
+// TODO: Forward client cert details will be added as part of L7 listeners task.
+func (pr *ProxyResources) makeL7Filters(l7 *pbproxystate.L7Destination) ([]*envoy_listener_v3.Filter, error) {
+	var envoyFilters []*envoy_listener_v3.Filter
+	var httpConnMgr *envoy_http_v3.HttpConnectionManager
+
+	if l7 != nil {
+		// TODO: Intentions will be added in the future.
+		if l7.MaxInboundConnections > 0 {
+			connLimitFilter, err := makeEnvoyConnectionLimitFilter(l7.MaxInboundConnections)
+			if err != nil {
+				return nil, err
+			}
+			envoyFilters = append(envoyFilters, connLimitFilter)
+		}
+		envoyHttpRouter, err := makeEnvoyHTTPFilter("envoy.filters.http.router", &envoy_http_router_v3.Router{})
+		if err != nil {
+			return nil, err
+		}
+
+		httpConnMgr = &envoy_http_v3.HttpConnectionManager{
+			StatPrefix: l7.StatPrefix,
+			CodecType:  envoy_http_v3.HttpConnectionManager_AUTO,
+			HttpFilters: []*envoy_http_v3.HttpFilter{
+				envoyHttpRouter,
+			},
+			Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{
+				// Don't trace any requests by default unless the client application
+				// explicitly propagates trace headers that indicate this should be
+				// sampled.
+				RandomSampling: &envoy_type_v3.Percent{Value: 0.0},
+			},
+			// Explicitly enable WebSocket upgrades for all HTTP listeners
+			UpgradeConfigs: []*envoy_http_v3.HttpConnectionManager_UpgradeConfig{
+				{UpgradeType: "websocket"},
+			},
+		}
+
+		routeConfig, err := pr.makeRoute(l7.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		if l7.StaticRoute {
+			httpConnMgr.RouteSpecifier = &envoy_http_v3.HttpConnectionManager_RouteConfig{
+				RouteConfig: routeConfig,
+			}
+		} else {
+			// Add Envoy route under the route resource since it's not inlined.
+			pr.envoyResources[xdscommon.RouteType] = append(pr.envoyResources[xdscommon.RouteType], routeConfig)
+
+			httpConnMgr.RouteSpecifier = &envoy_http_v3.HttpConnectionManager_Rds{
+				Rds: &envoy_http_v3.Rds{
+					RouteConfigName: l7.Name,
+					ConfigSource: &envoy_core_v3.ConfigSource{
+						ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
+						ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{
+							Ads: &envoy_core_v3.AggregatedConfigSource{},
+						},
+					},
+				},
+			}
+		}
+
+		// Add http2 protocol options
+		if l7.Protocol == pbproxystate.L7Protocol_L7_PROTOCOL_HTTP2 || l7.Protocol == pbproxystate.L7Protocol_L7_PROTOCOL_GRPC {
+			httpConnMgr.Http2ProtocolOptions = &envoy_core_v3.Http2ProtocolOptions{}
+		}
+
+		// Add grpc envoy http filters.
+		if l7.Protocol == pbproxystate.L7Protocol_L7_PROTOCOL_GRPC {
+			grpcHttp1Bridge, err := makeEnvoyHTTPFilter(
+				"envoy.filters.http.grpc_http1_bridge",
+				&envoy_grpc_http1_bridge_v3.Config{},
+			)
+			if err != nil {
+				return nil, err
+			}
+
+			// In envoy 1.14.x the default value "stats_for_all_methods=true" was
+			// deprecated, and was changed to "false" in 1.18.x. Avoid using the
+			// default. TODO: we may want to expose this to users somehow easily.
+			grpcStatsFilter, err := makeEnvoyHTTPFilter(
+				"envoy.filters.http.grpc_stats",
+				&envoy_grpc_stats_v3.FilterConfig{
+					PerMethodStatSpecifier: &envoy_grpc_stats_v3.FilterConfig_StatsForAllMethods{
+						StatsForAllMethods: &wrapperspb.BoolValue{Value: true},
+					},
+				},
+			)
+			if err != nil {
+				return nil, err
+			}
+
+			// Add grpc bridge before envoyRouter and authz, and the stats in front of that.
+			httpConnMgr.HttpFilters = append([]*envoy_http_v3.HttpFilter{
+				grpcStatsFilter,
+				grpcHttp1Bridge,
+			}, httpConnMgr.HttpFilters...)
+		}
+
+		httpFilter, err := makeEnvoyFilter(envoyHttpConnectionManagerFilterName, httpConnMgr)
+		if err != nil {
+			return nil, err
+		}
+		envoyFilters = append(envoyFilters, httpFilter)
+	}
+	return envoyFilters, nil
+}
+
+func (pr *ProxyResources) makeEnvoyTLSParameters(defaultParams *pbproxystate.TLSParameters, overrideParams *pbproxystate.TLSParameters) *envoy_tls_v3.TlsParameters {
+	tlsParams := &envoy_tls_v3.TlsParameters{}
+
+	if overrideParams != nil {
+		if overrideParams.MinVersion != pbproxystate.TLSVersion_TLS_VERSION_UNSPECIFIED {
+			if minVersion, ok := envoyTLSVersions[overrideParams.MinVersion]; ok {
+				tlsParams.TlsMinimumProtocolVersion = minVersion
+			}
+		}
+		if overrideParams.MaxVersion != pbproxystate.TLSVersion_TLS_VERSION_UNSPECIFIED {
+			if maxVersion, ok := envoyTLSVersions[overrideParams.MaxVersion]; ok {
+				tlsParams.TlsMaximumProtocolVersion = maxVersion
+			}
+		}
+		if len(overrideParams.CipherSuites) != 0 {
+			tlsParams.CipherSuites = marshalEnvoyTLSCipherSuiteStrings(overrideParams.CipherSuites)
+		}
+		return tlsParams
+	}
+
+	if defaultParams != nil {
+		if defaultParams.MinVersion != pbproxystate.TLSVersion_TLS_VERSION_UNSPECIFIED {
+			if minVersion, ok := envoyTLSVersions[defaultParams.MinVersion]; ok {
+				tlsParams.TlsMinimumProtocolVersion = minVersion
+			}
+		}
+		if defaultParams.MaxVersion != pbproxystate.TLSVersion_TLS_VERSION_UNSPECIFIED {
+			if maxVersion, ok := envoyTLSVersions[defaultParams.MaxVersion]; ok {
+				tlsParams.TlsMaximumProtocolVersion = maxVersion
+			}
+		}
+		if len(defaultParams.CipherSuites) != 0 {
+			tlsParams.CipherSuites = marshalEnvoyTLSCipherSuiteStrings(defaultParams.CipherSuites)
+		}
+		return tlsParams
+	}
+
+	return tlsParams
+
+}
+
+func (pr *ProxyResources) makeEnvoyTransportSocket(ts *pbproxystate.TransportSocket) (*envoy_core_v3.TransportSocket, error) {
+	if ts == nil {
+		return nil, nil
+	}
+	commonTLSContext := &envoy_tls_v3.CommonTlsContext{}
+
+	// Create connection TLS. Listeners should only look at inbound TLS.
+	switch ts.ConnectionTls.(type) {
+	case *pbproxystate.TransportSocket_InboundMesh:
+		downstreamContext := &envoy_tls_v3.DownstreamTlsContext{}
+		downstreamContext.CommonTlsContext = commonTLSContext
+		// Set TLS Parameters.
+		tlsParams := pr.makeEnvoyTLSParameters(pr.proxyState.Tls.InboundTlsParameters, ts.TlsParameters)
+		commonTLSContext.TlsParams = tlsParams
+
+		// Set the certificate config on the tls context.
+		// For inbound mesh, we need to add the identity certificate
+		// and the validation context for the mesh depending on the provided trust bundle names.
+		if pr.proxyState.Tls == nil {
+			// if tls is nil but connection tls is provided, then the proxy state is misconfigured
+			return nil, fmt.Errorf("proxyState.Tls is required to generate router's transport socket")
+		}
+		im := ts.ConnectionTls.(*pbproxystate.TransportSocket_InboundMesh).InboundMesh
+		leaf, ok := pr.proxyState.LeafCertificates[im.IdentityKey]
+		if !ok {
+			return nil, fmt.Errorf("failed to create transport socket: leaf certificate %q not found", im.IdentityKey)
+		}
+		err := pr.makeEnvoyCertConfig(commonTLSContext, leaf)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create transport socket: %w", err)
+		}
+
+		// Create validation context.
+		// When there's only one trust bundle name, we create a simple validation context
+		if len(im.ValidationContext.TrustBundlePeerNameKeys) == 1 {
+			peerName := im.ValidationContext.TrustBundlePeerNameKeys[0]
+			tb, ok := pr.proxyState.TrustBundles[peerName]
+			if !ok {
+				return nil, fmt.Errorf("failed to create transport socket: provided trust bundle name does not exist in proxystate trust bundle map: %s", peerName)
+			}
+			commonTLSContext.ValidationContextType = &envoy_tls_v3.CommonTlsContext_ValidationContext{
+				ValidationContext: &envoy_tls_v3.CertificateValidationContext{
+					// TODO(banks): later for L7 support we may need to configure ALPN here.
+					TrustedCa: &envoy_core_v3.DataSource{
+						Specifier: &envoy_core_v3.DataSource_InlineString{
+							InlineString: RootPEMsAsString(tb.Roots),
+						},
+					},
+				},
+			}
+		} else if len(im.ValidationContext.TrustBundlePeerNameKeys) > 1 {
+			cfg := &envoy_tls_v3.SPIFFECertValidatorConfig{
+				TrustDomains: make([]*envoy_tls_v3.SPIFFECertValidatorConfig_TrustDomain, 0, len(im.ValidationContext.TrustBundlePeerNameKeys)),
+			}
+
+			for _, peerName := range im.ValidationContext.TrustBundlePeerNameKeys {
+				// Look up the trust bundle ca in the map.
+				tb, ok := pr.proxyState.TrustBundles[peerName]
+				if !ok {
+					return nil, fmt.Errorf("failed to create transport socket: provided bundle name does not exist in trust bundle map: %s", peerName)
+				}
+				cfg.TrustDomains = append(cfg.TrustDomains, &envoy_tls_v3.SPIFFECertValidatorConfig_TrustDomain{
+					Name: tb.TrustDomain,
+					TrustBundle: &envoy_core_v3.DataSource{
+						Specifier: &envoy_core_v3.DataSource_InlineString{
+							InlineString: RootPEMsAsString(tb.Roots),
+						},
+					},
+				})
+			}
+			// Sort the trust domains so the output is stable.
+			sortTrustDomains(cfg.TrustDomains)
+
+			spiffeConfig, err := anypb.New(cfg)
+			if err != nil {
+				return nil, err
+			}
+			commonTLSContext.ValidationContextType = &envoy_tls_v3.CommonTlsContext_ValidationContext{
+				ValidationContext: &envoy_tls_v3.CertificateValidationContext{
+					CustomValidatorConfig: &envoy_core_v3.TypedExtensionConfig{
+						// The typed config name is hard-coded because it is not available as a wellknown var in the control plane lib.
+						Name:        "envoy.tls.cert_validator.spiffe",
+						TypedConfig: spiffeConfig,
+					},
+				},
+			}
+		}
+		// Always require client certificate
+		downstreamContext.RequireClientCertificate = &wrapperspb.BoolValue{Value: true}
+		transportSocket, err := makeTransportSocket("tls", downstreamContext)
+		if err != nil {
+			return nil, err
+		}
+		return transportSocket, nil
+	case *pbproxystate.TransportSocket_InboundNonMesh:
+		downstreamContext := &envoy_tls_v3.DownstreamTlsContext{}
+		downstreamContext.CommonTlsContext = commonTLSContext
+		// Set TLS Parameters
+		tlsParams := pr.makeEnvoyTLSParameters(pr.proxyState.Tls.InboundTlsParameters, ts.TlsParameters)
+		commonTLSContext.TlsParams = tlsParams
+		// For non-mesh, we don't care about validation context as currently we don't support mTLS for non-mesh connections.
+		nonMeshTLS := ts.ConnectionTls.(*pbproxystate.TransportSocket_InboundNonMesh).InboundNonMesh
+		err := pr.addNonMeshCertConfig(commonTLSContext, nonMeshTLS)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create transport socket: %w", err)
+		}
+		transportSocket, err := makeTransportSocket("tls", downstreamContext)
+		if err != nil {
+			return nil, err
+		}
+		return transportSocket, nil
+	case *pbproxystate.TransportSocket_OutboundMesh:
+		upstreamContext := &envoy_tls_v3.UpstreamTlsContext{}
+		upstreamContext.CommonTlsContext = commonTLSContext
+		// Set TLS Parameters
+		tlsParams := pr.makeEnvoyTLSParameters(pr.proxyState.Tls.OutboundTlsParameters, ts.TlsParameters)
+		commonTLSContext.TlsParams = tlsParams
+		// For outbound mesh, we need to insert the mesh identity certificate
+		// and the validation context for the mesh depending on the provided trust bundle names.
+		if pr.proxyState.Tls == nil {
+			// if tls is nil but connection tls is provided, then the proxy state is misconfigured
+			return nil, fmt.Errorf("proxyState.Tls is required to generate router's transport socket")
+		}
+		om := ts.ConnectionTls.(*pbproxystate.TransportSocket_OutboundMesh).OutboundMesh
+		leaf, ok := pr.proxyState.LeafCertificates[om.IdentityKey]
+		if !ok {
+			return nil, fmt.Errorf("leaf %s not found in proxyState", om.IdentityKey)
+		}
+		err := pr.makeEnvoyCertConfig(commonTLSContext, leaf)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create transport socket: %w", err)
+		}
+
+		// Create validation context
+		peerName := om.ValidationContext.TrustBundlePeerNameKey
+		tb, ok := pr.proxyState.TrustBundles[peerName]
+		if !ok {
+			return nil, fmt.Errorf("failed to create transport socket: provided peer name does not exist in trust bundle map: %s", peerName)
+		}
+
+		var matchers []*envoy_matcher_v3.StringMatcher
+		if len(om.ValidationContext.SpiffeIds) > 0 {
+			matchers = make([]*envoy_matcher_v3.StringMatcher, 0)
+			for _, m := range om.ValidationContext.SpiffeIds {
+				matchers = append(matchers, &envoy_matcher_v3.StringMatcher{
+					MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{
+						Exact: m,
+					},
+				})
+			}
+		}
+		commonTLSContext.ValidationContextType = &envoy_tls_v3.CommonTlsContext_ValidationContext{
+			ValidationContext: &envoy_tls_v3.CertificateValidationContext{
+				// TODO(banks): later for L7 support we may need to configure ALPN here.
+				TrustedCa: &envoy_core_v3.DataSource{
+					Specifier: &envoy_core_v3.DataSource_InlineString{
+						InlineString: RootPEMsAsString(tb.Roots),
+					},
+				},
+				MatchSubjectAltNames: matchers,
+			},
+		}
+
+		upstreamContext.Sni = om.Sni
+		transportSocket, err := makeTransportSocket("tls", upstreamContext)
+		if err != nil {
+			return nil, err
+		}
+		return transportSocket, nil
+	default:
+		return nil, nil
+	}
+
+}
+
+func (pr *ProxyResources) makeEnvoyCertConfig(common *envoy_tls_v3.CommonTlsContext, certificate *pbproxystate.LeafCertificate) error {
+	if certificate == nil {
+		return fmt.Errorf("no leaf certificate provided")
+	}
+	common.TlsCertificates = []*envoy_tls_v3.TlsCertificate{
+		{
+			CertificateChain: &envoy_core_v3.DataSource{
+				Specifier: &envoy_core_v3.DataSource_InlineString{
+					InlineString: lib.EnsureTrailingNewline(certificate.Cert),
+				},
+			},
+			PrivateKey: &envoy_core_v3.DataSource{
+				Specifier: &envoy_core_v3.DataSource_InlineString{
+					InlineString: lib.EnsureTrailingNewline(certificate.Key),
+				},
+			},
+		},
+	}
+	return nil
+}
+
+func (pr *ProxyResources) makeEnvoySDSCertConfig(common *envoy_tls_v3.CommonTlsContext, certificate *pbproxystate.SDSCertificate) error {
+	if certificate == nil {
+		return fmt.Errorf("no SDS certificate provided")
+	}
+	common.TlsCertificateSdsSecretConfigs = []*envoy_tls_v3.SdsSecretConfig{
+		{
+			Name: certificate.CertResource,
+			SdsConfig: &envoy_core_v3.ConfigSource{
+				ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{
+					ApiConfigSource: &envoy_core_v3.ApiConfigSource{
+						ApiType:             envoy_core_v3.ApiConfigSource_GRPC,
+						TransportApiVersion: envoy_core_v3.ApiVersion_V3,
+						// Note ClusterNames can't be set here - that's only for REST type
+						// we need a full GRPC config instead.
+						GrpcServices: []*envoy_core_v3.GrpcService{
+							{
+								TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{
+									EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{
+										ClusterName: certificate.ClusterName,
+									},
+								},
+								Timeout: &durationpb.Duration{Seconds: 5},
+							},
+						},
+					},
+				},
+				ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
+			},
+		},
+	}
+	return nil
+}
+
+func (pr *ProxyResources) addNonMeshCertConfig(common *envoy_tls_v3.CommonTlsContext, tls *pbproxystate.InboundNonMeshTLS) error {
+	if tls == nil {
+		return fmt.Errorf("no inbound non-mesh TLS provided")
+	}
+
+	switch tls.Identity.(type) {
+	case *pbproxystate.InboundNonMeshTLS_LeafKey:
+		leafKey := tls.Identity.(*pbproxystate.InboundNonMeshTLS_LeafKey).LeafKey
+		leaf, ok := pr.proxyState.LeafCertificates[leafKey]
+		if !ok {
+			return fmt.Errorf("leaf key %s not found in leaf certificate map", leafKey)
+		}
+		common.TlsCertificates = []*envoy_tls_v3.TlsCertificate{
+			{
+				CertificateChain: &envoy_core_v3.DataSource{
+					Specifier: &envoy_core_v3.DataSource_InlineString{
+						InlineString: lib.EnsureTrailingNewline(leaf.Cert),
+					},
+				},
+				PrivateKey: &envoy_core_v3.DataSource{
+					Specifier: &envoy_core_v3.DataSource_InlineString{
+						InlineString: lib.EnsureTrailingNewline(leaf.Key),
+					},
+				},
+			},
+		}
+	case *pbproxystate.InboundNonMeshTLS_Sds:
+		c := tls.Identity.(*pbproxystate.InboundNonMeshTLS_Sds).Sds
+		common.TlsCertificateSdsSecretConfigs = []*envoy_tls_v3.SdsSecretConfig{
+			{
+				Name: c.CertResource,
+				SdsConfig: &envoy_core_v3.ConfigSource{
+					ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{
+						ApiConfigSource: &envoy_core_v3.ApiConfigSource{
+							ApiType:             envoy_core_v3.ApiConfigSource_GRPC,
+							TransportApiVersion: envoy_core_v3.ApiVersion_V3,
+							// Note ClusterNames can't be set here - that's only for REST type
+							// we need a full GRPC config instead.
+							GrpcServices: []*envoy_core_v3.GrpcService{
+								{
+									TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{
+										EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{
+											ClusterName: c.ClusterName,
+										},
+									},
+									Timeout: &durationpb.Duration{Seconds: 5},
+								},
+							},
+						},
+					},
+					ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
+				},
+			},
+		}
+	}
+
+	return nil
+}
+
+func makeTransportSocket(name string, config proto.Message) (*envoy_core_v3.TransportSocket, error) {
+	any, err := anypb.New(config)
+	if err != nil {
+		return nil, err
+	}
+	return &envoy_core_v3.TransportSocket{
+		Name: name,
+		ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{
+			TypedConfig: any,
+		},
+	}, nil
+}
+
+func makeEnvoyListenerFilter(c pbproxystate.Capability) (*envoy_listener_v3.ListenerFilter, error) {
+	var lf proto.Message
+	var name string
+
+	switch c {
+	case pbproxystate.Capability_CAPABILITY_TRANSPARENT:
+		lf = &envoy_original_dst_v3.OriginalDst{}
+		name = envoyOriginalDestinationListenerFilterName
+	case pbproxystate.Capability_CAPABILITY_L4_TLS_INSPECTION:
+		name = envoyTLSInspectorListenerFilterName
+		lf = &envoy_tls_inspector_v3.TlsInspector{}
+	case pbproxystate.Capability_CAPABILITY_L7_PROTOCOL_INSPECTION:
+		name = envoyHttpInspectorListenerFilterName
+		lf = &envoy_extensions_filters_listener_http_inspector_v3.HttpInspector{}
+	default:
+		return nil, fmt.Errorf("unsupported listener captability: %s", c)
+	}
+	lfAsAny, err := anypb.New(lf)
+	if err != nil {
+		return nil, err
+	}
+
+	return &envoy_listener_v3.ListenerFilter{
+		Name:       name,
+		ConfigType: &envoy_listener_v3.ListenerFilter_TypedConfig{TypedConfig: lfAsAny},
+	}, nil
+}
+
+func makeEnvoyFilter(name string, cfg proto.Message) (*envoy_listener_v3.Filter, error) {
+	any, err := anypb.New(cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	return &envoy_listener_v3.Filter{
+		Name:       name,
+		ConfigType: &envoy_listener_v3.Filter_TypedConfig{TypedConfig: any},
+	}, nil
+}
+
+func makeEnvoyHTTPFilter(name string, cfg proto.Message) (*envoy_http_v3.HttpFilter, error) {
+	any, err := anypb.New(cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	return &envoy_http_v3.HttpFilter{
+		Name:       name,
+		ConfigType: &envoy_http_v3.HttpFilter_TypedConfig{TypedConfig: any},
+	}, nil
+}
+
+func RootPEMsAsString(rootPEMs []string) string {
+	var rootPEMsString string
+	for _, root := range rootPEMs {
+		rootPEMsString += lib.EnsureTrailingNewline(root)
+	}
+	return rootPEMsString
+}
+
+func marshalEnvoyTLSCipherSuiteStrings(cipherSuites []pbproxystate.TLSCipherSuite) []string {
+	envoyTLSCipherSuiteStrings := map[pbproxystate.TLSCipherSuite]string{
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256: "ECDHE-ECDSA-AES128-GCM-SHA256",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305: "ECDHE-ECDSA-CHACHA20-POLY1305",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256:   "ECDHE-RSA-AES128-GCM-SHA256",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305:   "ECDHE-RSA-CHACHA20-POLY1305",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA:        "ECDHE-ECDSA-AES128-SHA",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA:          "ECDHE-RSA-AES128-SHA",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES128_GCM_SHA256:             "AES128-GCM-SHA256",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES128_SHA:                    "AES128-SHA",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384: "ECDHE-ECDSA-AES256-GCM-SHA384",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384:   "ECDHE-RSA-AES256-GCM-SHA384",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA:        "ECDHE-ECDSA-AES256-SHA",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA:          "ECDHE-RSA-AES256-SHA",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES256_GCM_SHA384:             "AES256-GCM-SHA384",
+		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES256_SHA:                    "AES256-SHA",
+	}
+
+	var cipherSuiteStrings []string
+
+	for _, c := range cipherSuites {
+		if s, ok := envoyTLSCipherSuiteStrings[c]; ok {
+			cipherSuiteStrings = append(cipherSuiteStrings, s)
+		}
+	}
+
+	return cipherSuiteStrings
+}
+
+var envoyTLSVersions = map[pbproxystate.TLSVersion]envoy_tls_v3.TlsParameters_TlsProtocol{
+	pbproxystate.TLSVersion_TLS_VERSION_AUTO: envoy_tls_v3.TlsParameters_TLS_AUTO,
+	pbproxystate.TLSVersion_TLS_VERSION_1_0:  envoy_tls_v3.TlsParameters_TLSv1_0,
+	pbproxystate.TLSVersion_TLS_VERSION_1_1:  envoy_tls_v3.TlsParameters_TLSv1_1,
+	pbproxystate.TLSVersion_TLS_VERSION_1_2:  envoy_tls_v3.TlsParameters_TLSv1_2,
+	pbproxystate.TLSVersion_TLS_VERSION_1_3:  envoy_tls_v3.TlsParameters_TLSv1_3,
+}
+
+// Sort the trust domains so that the output is stable.
+// This benefits tests but also prevents Envoy from mistakenly thinking the listener
+// changed and needs to be drained only because this ordering is different.
+func sortTrustDomains(trustDomains []*envoy_tls_v3.SPIFFECertValidatorConfig_TrustDomain) {
+	sort.Slice(trustDomains, func(i int, j int) bool {
+		return trustDomains[i].Name < trustDomains[j].Name
+	})
+}
+
+// sortRouters stable sorts routers with a Match to avoid draining if the list is provided out of order.
+// xdsv1 used to sort the filter chains on outbound listeners, so this adds that functionality by sorting routers with matches.
+func sortRouters(routers []*pbproxystate.Router) {
+	if routers == nil {
+		return
+	}
+	sort.SliceStable(routers, func(i, j int) bool {
+		si := ""
+		sj := ""
+		if routers[i].Match != nil {
+			if len(routers[i].Match.PrefixRanges) > 0 {
+				si += routers[i].Match.PrefixRanges[0].AddressPrefix +
+					"/" + routers[i].Match.PrefixRanges[0].PrefixLen.String() +
+					":" + routers[i].Match.DestinationPort.String()
+			}
+			if len(routers[i].Match.ServerNames) > 0 {
+				si += routers[i].Match.ServerNames[0] +
+					":" + routers[i].Match.DestinationPort.String()
+			} else {
+				si += routers[i].Match.DestinationPort.String()
+			}
+		}
+
+		if routers[j].Match != nil {
+			if len(routers[j].Match.PrefixRanges) > 0 {
+				sj += routers[j].Match.PrefixRanges[0].AddressPrefix +
+					"/" + routers[j].Match.PrefixRanges[0].PrefixLen.String() +
+					":" + routers[j].Match.DestinationPort.String()
+			}
+			if len(routers[j].Match.ServerNames) > 0 {
+				sj += routers[j].Match.ServerNames[0] +
+					":" + routers[j].Match.DestinationPort.String()
+			} else {
+				sj += routers[j].Match.DestinationPort.String()
+			}
+		}
+
+		return si < sj
+	})
+}
+
+func sortPrefixRanges(prefixRanges []*pbproxystate.CidrRange) {
+	if prefixRanges == nil {
+		return
+	}
+	sort.SliceStable(prefixRanges, func(i, j int) bool {
+		return prefixRanges[i].AddressPrefix < prefixRanges[j].AddressPrefix
+	})
+}
diff --git a/agent/xdsv2/resources.go b/agent/xdsv2/resources.go
new file mode 100644
index 000000000000..6bc1df58c664
--- /dev/null
+++ b/agent/xdsv2/resources.go
@@ -0,0 +1,69 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package xdsv2
+
+import (
+	"fmt"
+
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/go-hclog"
+	"google.golang.org/protobuf/proto"
+
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+)
+
+// ResourceGenerator is associated with a single gRPC stream and creates xDS
+// resources for a single client.
+type ResourceGenerator struct {
+	Logger        hclog.Logger
+	ProxyFeatures xdscommon.SupportedProxyFeatures
+}
+
+func NewResourceGenerator(
+	logger hclog.Logger,
+) *ResourceGenerator {
+	return &ResourceGenerator{
+		Logger: logger,
+	}
+}
+
+type ProxyResources struct {
+	proxyState     *pbmesh.ProxyState
+	envoyResources map[string][]proto.Message
+}
+
+func (g *ResourceGenerator) AllResourcesFromIR(proxyState *pbmesh.ProxyState) (map[string][]proto.Message, error) {
+	pr := &ProxyResources{
+		proxyState:     proxyState,
+		envoyResources: make(map[string][]proto.Message),
+	}
+	err := pr.generateXDSResources()
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate xDS resources for ProxyState: %v", err)
+	}
+	return pr.envoyResources, nil
+}
+
+func (pr *ProxyResources) generateXDSResources() error {
+	listeners := make([]proto.Message, 0)
+	clusters := make([]proto.Message, 0)
+	routes := make([]proto.Message, 0)
+	endpoints := make([]proto.Message, 0)
+
+	for _, l := range pr.proxyState.Listeners {
+		protoListener, err := pr.makeListener(l)
+		// TODO: aggregate errors for listeners and still return any properly formed listeners.
+		if err != nil {
+			return err
+		}
+		listeners = append(listeners, protoListener)
+	}
+
+	pr.envoyResources[xdscommon.ListenerType] = listeners
+	pr.envoyResources[xdscommon.ClusterType] = clusters
+	pr.envoyResources[xdscommon.RouteType] = routes
+	pr.envoyResources[xdscommon.EndpointType] = endpoints
+
+	return nil
+}
diff --git a/agent/xdsv2/route_resources.go b/agent/xdsv2/route_resources.go
new file mode 100644
index 000000000000..1433534e8f0a
--- /dev/null
+++ b/agent/xdsv2/route_resources.go
@@ -0,0 +1,20 @@
+package xdsv2
+
+import (
+	"fmt"
+
+	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
+)
+
+func (pr *ProxyResources) makeRoute(name string) (*envoy_route_v3.RouteConfiguration, error) {
+	var route *envoy_route_v3.RouteConfiguration
+	// TODO(proxystate): This will make routes in the future. This function should distinguish between static routes
+	// inlined into listeners and non-static routes that should be added as top level Envoy resources.
+	_, ok := pr.proxyState.Routes[name]
+	if !ok {
+		// This should not happen with a valid proxy state.
+		return nil, fmt.Errorf("could not find route in ProxyState: %s", name)
+
+	}
+	return route, nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
index 4f8fc7914ac6..193050474c28 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
@@ -105,8 +105,7 @@ type ProxyState struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// id is this proxy's identity. This should correspond to the workload identity that this proxy of
-	// the workload this proxy represents.
+	// identity is a reference to the WorkloadIdentity associated with this proxy.
 	Identity *pbresource.Reference `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
 	// listeners is a list of listeners for this proxy.
 	Listeners []*pbproxystate.Listener `protobuf:"bytes,2,rep,name=listeners,proto3" json:"listeners,omitempty"`
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.proto b/proto-public/pbmesh/v1alpha1/proxy_state.proto
index 94280a261fa2..756d7dd307c8 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.proto
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.proto
@@ -30,8 +30,7 @@ message ProxyStateTemplate {
 }
 
 message ProxyState {
-  // id is this proxy's identity. This should correspond to the workload identity that this proxy of
-  // the workload this proxy represents.
+  // identity is a reference to the WorkloadIdentity associated with this proxy.
   hashicorp.consul.resource.Reference identity = 1;
   // listeners is a list of listeners for this proxy.
   repeated pbproxystate.Listener listeners = 2;
diff --git a/test/integration/connect/envoy/helpers.bash b/test/integration/connect/envoy/helpers.bash
index cb10a345a314..01e59b6c2846 100755
--- a/test/integration/connect/envoy/helpers.bash
+++ b/test/integration/connect/envoy/helpers.bash
@@ -210,7 +210,7 @@ function assert_envoy_expose_checks_listener_count {
   RANGES=$(echo "$BODY" | jq '.active_state.listener.filter_chains[0].filter_chain_match.source_prefix_ranges | length')
   echo "RANGES = $RANGES (expect 3)"
   # note: if IPv6 is not supported in the kernel per
-  # agent/xds:kernelSupportsIPv6() then this will only be 2
+  # agent/xds/platform:SupportsIPv6() then this will only be 2
   [ "${RANGES:-0}" -eq 3 ]
 
   HCM=$(echo "$BODY" | jq '.active_state.listener.filter_chains[0].filters[0]')
diff --git a/test/integration/connect/envoy/helpers.windows.bash b/test/integration/connect/envoy/helpers.windows.bash
index f455244205eb..5b6969ca8557 100644
--- a/test/integration/connect/envoy/helpers.windows.bash
+++ b/test/integration/connect/envoy/helpers.windows.bash
@@ -255,7 +255,7 @@ function assert_envoy_expose_checks_listener_count {
   RANGES=$(echo "$BODY" | jq '.active_state.listener.filter_chains[0].filter_chain_match.source_prefix_ranges | length')
   echo "RANGES = $RANGES (expect 3)"
   # note: if IPv6 is not supported in the kernel per
-  # agent/xds:kernelSupportsIPv6() then this will only be 2
+  # agent/xds/platform:SupportsIPv6() then this will only be 2
   [ "${RANGES:-0}" -eq 3 ]
 
   HCM=$(echo "$BODY" | jq '.active_state.listener.filter_chains[0].filters[0]')

From 217107f6276f26ada3cca2fedcd1a8fb50180e17 Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Tue, 15 Aug 2023 16:57:59 -0500
Subject: [PATCH 283/359] resource: Make resource list tenancy aware (#18475)

---
 agent/grpc-external/services/resource/list.go |  64 ++++++---
 .../services/resource/list_test.go            | 127 +++++++++++++++++-
 .../grpc-external/services/resource/watch.go  |   2 +-
 .../internal/types/proxy_state_template.go    |   2 +-
 internal/resource/demo/demo.go                |   8 +-
 internal/resource/registry.go                 |   4 +-
 internal/resource/registry_test.go            |   4 +-
 7 files changed, 181 insertions(+), 30 deletions(-)

diff --git a/agent/grpc-external/services/resource/list.go b/agent/grpc-external/services/resource/list.go
index 803f64901b3e..cc2b19026a11 100644
--- a/agent/grpc-external/services/resource/list.go
+++ b/agent/grpc-external/services/resource/list.go
@@ -10,29 +10,27 @@ import (
 	"google.golang.org/grpc/status"
 
 	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbresource.ListResponse, error) {
-	if err := validateListRequest(req); err != nil {
-		return nil, err
-	}
-
-	// check type
-	reg, err := s.resolveType(req.Type)
+	reg, err := s.validateListRequest(req)
 	if err != nil {
 		return nil, err
 	}
 
-	// TODO(spatel): Refactor _ and entMeta in NET-4915
-	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
+	// v1 ACL subsystem is "wildcard" aware so just pass on through.
+	entMeta := v2TenancyToV1EntMeta(req.Tenancy)
+	token := tokenFromContext(ctx)
+	authz, authzContext, err := s.getAuthorizer(token, entMeta)
 	if err != nil {
 		return nil, err
 	}
 
-	// check acls
-	err = reg.ACLs.List(authz, req.Tenancy)
+	// Check ACLs.
+	err = reg.ACLs.List(authz, authzContext)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return nil, status.Error(codes.PermissionDenied, err.Error())
@@ -40,6 +38,9 @@ func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbreso
 		return nil, status.Errorf(codes.Internal, "failed list acl: %v", err)
 	}
 
+	// Ensure we're defaulting correctly when request tenancy units are empty.
+	v1EntMetaToV2Tenancy(reg, entMeta, req.Tenancy)
+
 	resources, err := s.Backend.List(
 		ctx,
 		readConsistencyFrom(ctx),
@@ -53,12 +54,21 @@ func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbreso
 
 	result := make([]*pbresource.Resource, 0)
 	for _, resource := range resources {
-		// filter out non-matching GroupVersion
+		// Filter out non-matching GroupVersion.
 		if resource.Id.Type.GroupVersion != req.Type.GroupVersion {
 			continue
 		}
 
-		// filter out items that don't pass read ACLs
+		// Need to rebuild authorizer per resource since wildcard inputs may
+		// result in different tenancies. Consider caching per tenancy if this
+		// is deemed expensive.
+		entMeta = v2TenancyToV1EntMeta(resource.Id.Tenancy)
+		authz, authzContext, err = s.getAuthorizer(token, entMeta)
+		if err != nil {
+			return nil, err
+		}
+
+		// Filter out items that don't pass read ACLs.
 		err = reg.ACLs.Read(authz, authzContext, resource.Id)
 		switch {
 		case acl.IsErrPermissionDenied(err):
@@ -71,15 +81,37 @@ func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbreso
 	return &pbresource.ListResponse{Resources: result}, nil
 }
 
-func validateListRequest(req *pbresource.ListRequest) error {
+func (s *Server) validateListRequest(req *pbresource.ListRequest) (*resource.Registration, error) {
 	var field string
 	switch {
 	case req.Type == nil:
 		field = "type"
 	case req.Tenancy == nil:
 		field = "tenancy"
-	default:
-		return nil
 	}
-	return status.Errorf(codes.InvalidArgument, "%s is required", field)
+
+	if field != "" {
+		return nil, status.Errorf(codes.InvalidArgument, "%s is required", field)
+	}
+
+	// Check type exists.
+	reg, err := s.resolveType(req.Type)
+	if err != nil {
+		return nil, err
+	}
+
+	// Lowercase
+	resource.Normalize(req.Tenancy)
+
+	// Error when partition scoped and namespace not empty.
+	if reg.Scope == resource.ScopePartition && req.Tenancy.Namespace != "" {
+		return nil, status.Errorf(
+			codes.InvalidArgument,
+			"partition scoped type %s cannot have a namespace. got: %s",
+			resource.ToGVK(req.Type),
+			req.Tenancy.Namespace,
+		)
+	}
+
+	return reg, nil
 }
diff --git a/agent/grpc-external/services/resource/list_test.go b/agent/grpc-external/services/resource/list_test.go
index 93a8d1c45ff3..e640e389217e 100644
--- a/agent/grpc-external/services/resource/list_test.go
+++ b/agent/grpc-external/services/resource/list_test.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/grpc-external/testutils"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -31,12 +32,16 @@ func TestList_InputValidation(t *testing.T) {
 	testCases := map[string]func(*pbresource.ListRequest){
 		"no type":    func(req *pbresource.ListRequest) { req.Type = nil },
 		"no tenancy": func(req *pbresource.ListRequest) { req.Tenancy = nil },
+		"partitioned resource provides non-empty namespace": func(req *pbresource.ListRequest) {
+			req.Type = demo.TypeV1RecordLabel
+			req.Tenancy.Namespace = "bad"
+		},
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
 			req := &pbresource.ListRequest{
 				Type:    demo.TypeV2Album,
-				Tenancy: demo.TenancyDefault,
+				Tenancy: resource.DefaultNamespacedTenancy(),
 			}
 			modFn(req)
 
@@ -53,7 +58,7 @@ func TestList_TypeNotFound(t *testing.T) {
 
 	_, err := client.List(context.Background(), &pbresource.ListRequest{
 		Type:       demo.TypeV2Artist,
-		Tenancy:    demo.TenancyDefault,
+		Tenancy:    resource.DefaultNamespacedTenancy(),
 		NamePrefix: "",
 	})
 	require.Error(t, err)
@@ -70,7 +75,7 @@ func TestList_Empty(t *testing.T) {
 
 			rsp, err := client.List(tc.ctx, &pbresource.ListRequest{
 				Type:       demo.TypeV1Artist,
-				Tenancy:    demo.TenancyDefault,
+				Tenancy:    resource.DefaultNamespacedTenancy(),
 				NamePrefix: "",
 			})
 			require.NoError(t, err)
@@ -102,7 +107,7 @@ func TestList_Many(t *testing.T) {
 
 			rsp, err := client.List(tc.ctx, &pbresource.ListRequest{
 				Type:       demo.TypeV2Artist,
-				Tenancy:    demo.TenancyDefault,
+				Tenancy:    resource.DefaultNamespacedTenancy(),
 				NamePrefix: "",
 			})
 			require.NoError(t, err)
@@ -111,6 +116,120 @@ func TestList_Many(t *testing.T) {
 	}
 }
 
+func TestList_Tenancy_Defaults_And_Normalization(t *testing.T) {
+	// Test units of tenancy get defaulted correctly when empty.
+	ctx := context.Background()
+	testCases := map[string]struct {
+		typ     *pbresource.Type
+		tenancy *pbresource.Tenancy
+	}{
+		"namespaced type with empty partition": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: "",
+				Namespace: resource.DefaultNamespaceName,
+				PeerName:  "local",
+			},
+		},
+		"namespaced type with empty namespace": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: resource.DefaultPartitionName,
+				Namespace: "",
+				PeerName:  "local",
+			},
+		},
+		"namespaced type with empty partition and namespace": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: "",
+				Namespace: "",
+				PeerName:  "local",
+			},
+		},
+		"namespaced type with uppercase partition and namespace": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: "DEFAULT",
+				Namespace: "DEFAULT",
+				PeerName:  "local",
+			},
+		},
+		"namespaced type with wildcard partition and empty namespace": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: "*",
+				Namespace: "",
+				PeerName:  "local",
+			},
+		},
+		"namespaced type with empty partition and wildcard namespace": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: "",
+				Namespace: "*",
+				PeerName:  "local",
+			},
+		},
+		"partitioned type with empty partition": {
+			typ: demo.TypeV1RecordLabel,
+			tenancy: &pbresource.Tenancy{
+				Partition: "",
+				Namespace: "",
+				PeerName:  "local",
+			},
+		},
+		"partitioned type with uppercase partition": {
+			typ: demo.TypeV1RecordLabel,
+			tenancy: &pbresource.Tenancy{
+				Partition: "DEFAULT",
+				Namespace: "",
+				PeerName:  "local",
+			},
+		},
+		"partitioned type with wildcard partition": {
+			typ: demo.TypeV1RecordLabel,
+			tenancy: &pbresource.Tenancy{
+				Partition: "*",
+				PeerName:  "local",
+			},
+		},
+	}
+	for desc, tc := range testCases {
+		t.Run(desc, func(t *testing.T) {
+			server := testServer(t)
+			demo.RegisterTypes(server.Registry)
+			client := testClient(t, server)
+
+			// Write partition scoped record label
+			recordLabel, err := demo.GenerateV1RecordLabel("LooneyTunes")
+			require.NoError(t, err)
+			recordLabelRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: recordLabel})
+			require.NoError(t, err)
+
+			// Write namespace scoped artist
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
+			artistRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: artist})
+			require.NoError(t, err)
+
+			// List and verify correct resource returned for empty tenancy units.
+			listRsp, err := client.List(ctx, &pbresource.ListRequest{
+				Type:    tc.typ,
+				Tenancy: tc.tenancy,
+			})
+			require.NoError(t, err)
+			require.Len(t, listRsp.Resources, 1)
+			if tc.typ == demo.TypeV1RecordLabel {
+				prototest.AssertDeepEqual(t, recordLabelRsp.Resource, listRsp.Resources[0])
+			} else {
+				prototest.AssertDeepEqual(t, artistRsp.Resource, listRsp.Resources[0])
+			}
+		})
+
+	}
+}
+
 func TestList_GroupVersionMismatch(t *testing.T) {
 	for desc, tc := range listTestCases() {
 		t.Run(desc, func(t *testing.T) {
diff --git a/agent/grpc-external/services/resource/watch.go b/agent/grpc-external/services/resource/watch.go
index 17cc48c094a1..6f321fbc1ab8 100644
--- a/agent/grpc-external/services/resource/watch.go
+++ b/agent/grpc-external/services/resource/watch.go
@@ -32,7 +32,7 @@ func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.R
 	}
 
 	// check acls
-	err = reg.ACLs.List(authz, req.Tenancy)
+	err = reg.ACLs.List(authz, authzContext)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return status.Error(codes.PermissionDenied, err.Error())
diff --git a/internal/mesh/internal/types/proxy_state_template.go b/internal/mesh/internal/types/proxy_state_template.go
index 404237717df1..526e0e48cb5a 100644
--- a/internal/mesh/internal/types/proxy_state_template.go
+++ b/internal/mesh/internal/types/proxy_state_template.go
@@ -52,7 +52,7 @@ func RegisterProxyStateTemplate(r resource.Registry) {
 				// managed by a controller.
 				return authorizer.ToAllowAuthorizer().OperatorWriteAllowed(authzContext)
 			},
-			List: func(authorizer acl.Authorizer, tenancy *pbresource.Tenancy) error {
+			List: func(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error {
 				// No-op List permission as we want to default to filtering resources
 				// from the list using the Read enforcement.
 				return nil
diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go
index 56d40d5ae855..c47d7e31e676 100644
--- a/internal/resource/demo/demo.go
+++ b/internal/resource/demo/demo.go
@@ -87,13 +87,13 @@ func RegisterTypes(r resource.Registry) {
 
 	writeACL := func(authz acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error {
 		key := fmt.Sprintf("resource/%s/%s", resource.ToGVK(res.Id.Type), res.Id.Name)
-		return authz.ToAllowAuthorizer().KeyWriteAllowed(key, &acl.AuthorizerContext{})
+		return authz.ToAllowAuthorizer().KeyWriteAllowed(key, authzContext)
 	}
 
-	makeListACL := func(typ *pbresource.Type) func(acl.Authorizer, *pbresource.Tenancy) error {
-		return func(authz acl.Authorizer, tenancy *pbresource.Tenancy) error {
+	makeListACL := func(typ *pbresource.Type) func(acl.Authorizer, *acl.AuthorizerContext) error {
+		return func(authz acl.Authorizer, authzContext *acl.AuthorizerContext) error {
 			key := fmt.Sprintf("resource/%s", resource.ToGVK(typ))
-			return authz.ToAllowAuthorizer().KeyListAllowed(key, &acl.AuthorizerContext{})
+			return authz.ToAllowAuthorizer().KeyListAllowed(key, authzContext)
 		}
 	}
 
diff --git a/internal/resource/registry.go b/internal/resource/registry.go
index 84f889ed1c0d..575bf6feafdc 100644
--- a/internal/resource/registry.go
+++ b/internal/resource/registry.go
@@ -68,7 +68,7 @@ type ACLHooks struct {
 	// List is used to authorize List RPCs.
 	//
 	// If it is omitted, we only filter the results using Read.
-	List func(acl.Authorizer, *pbresource.Tenancy) error
+	List func(acl.Authorizer, *acl.AuthorizerContext) error
 }
 
 // Resource type registry
@@ -130,7 +130,7 @@ func (r *TypeRegistry) Register(registration Registration) {
 		}
 	}
 	if registration.ACLs.List == nil {
-		registration.ACLs.List = func(authz acl.Authorizer, tenancy *pbresource.Tenancy) error {
+		registration.ACLs.List = func(authz acl.Authorizer, authzContext *acl.AuthorizerContext) error {
 			return authz.ToAllowAuthorizer().OperatorReadAllowed(&acl.AuthorizerContext{})
 		}
 	}
diff --git a/internal/resource/registry_test.go b/internal/resource/registry_test.go
index 1e89c9957bb7..a7d3ec6a1187 100644
--- a/internal/resource/registry_test.go
+++ b/internal/resource/registry_test.go
@@ -51,8 +51,8 @@ func TestRegister_Defaults(t *testing.T) {
 	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Write(testutils.ACLNoPermissions(t), nil, artist)))
 
 	// verify default list hook requires operator:read
-	require.NoError(t, reg.ACLs.List(testutils.ACLOperatorRead(t), artist.Id.Tenancy))
-	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.List(testutils.ACLNoPermissions(t), artist.Id.Tenancy)))
+	require.NoError(t, reg.ACLs.List(testutils.ACLOperatorRead(t), nil))
+	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.List(testutils.ACLNoPermissions(t), nil)))
 
 	// verify default validate is a no-op
 	require.NoError(t, reg.Validate(nil))

From adf8ddbab8ed6bbf97785e1738e1f1231cb2a0fa Mon Sep 17 00:00:00 2001
From: "hashicorp-copywrite[bot]"
 <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Date: Wed, 16 Aug 2023 09:42:07 -0500
Subject: [PATCH 284/359] [COMPLIANCE] License update (#18479)

Update BUSL LICENSE to include licensed product and version.

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
---
 .copywrite.hcl | 2 ++
 LICENSE        | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.copywrite.hcl b/.copywrite.hcl
index a609cc31084e..1562a9f12754 100644
--- a/.copywrite.hcl
+++ b/.copywrite.hcl
@@ -25,6 +25,8 @@ project {
     "agent/proxycfg/proxycfg.deepcopy.go",
     "agent/grpc-middleware/rate_limit_mappings.gen.go",
     "agent/uiserver/dist/**",
+    # licensed under MPL - ignoring for now until the copywrite tool can support
+    # multiple licenses per repo.
     "sdk/**",
     "api/**",
   ]
diff --git a/LICENSE b/LICENSE
index 2ecf202e3057..1f38fcdd11e2 100644
--- a/LICENSE
+++ b/LICENSE
@@ -4,7 +4,7 @@ License text copyright (c) 2020 MariaDB Corporation Ab, All Rights Reserved.
 Parameters
 
 Licensor:             HashiCorp, Inc.
-Licensed Work:        The Licensed Work is (c) 2023 HashiCorp, Inc.
+Licensed Work:        Consul 1.17.0. The Licensed Work is (c) 2023 HashiCorp, Inc.
 Additional Use Grant: You may make production use of the Licensed Work,
                       provided such use does not include offering the Licensed Work
                       to third parties on a hosted or embedded basis which is

From b8acd78bfdb76b245a075029688d27f9532c67cd Mon Sep 17 00:00:00 2001
From: Dan Bond <danbond@protonmail.com>
Date: Wed, 16 Aug 2023 08:45:44 -0700
Subject: [PATCH 285/359] docs: specify manual server metadata intervention
 (#18477)

---
 .../docs/agent/config/config-files.mdx        | 21 ++++++++++---------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx
index 2d91c6e8a7be..1dc9ae220cd4 100644
--- a/website/content/docs/agent/config/config-files.mdx
+++ b/website/content/docs/agent/config/config-files.mdx
@@ -548,9 +548,9 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
   - `https_handshake_timeout` - Configures the limit for how long the HTTPS server in both client and server agents will wait for a client to complete a TLS handshake. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). Default value is `5s`.
   - `request_limits` - This object specifies configurations that limit the rate of RPC and gRPC requests on the Consul server. Limiting the rate of gRPC and RPC requests also limits HTTP requests to the Consul server.
     - `mode` - String value that specifies an action to take if the rate of requests exceeds the limit. You can specify the following values:
-      - `permissive`: The server continues to allow requests and records an error in the logs. 
-      - `enforcing`: The server stops accepting requests and records an error in the logs. 
-      - `disabled`: Limits are not enforced or tracked. This is the default value for `mode`.    
+      - `permissive`: The server continues to allow requests and records an error in the logs.
+      - `enforcing`: The server stops accepting requests and records an error in the logs.
+      - `disabled`: Limits are not enforced or tracked. This is the default value for `mode`.
     - `read_rate` - Integer value that specifies the number of read requests per second. Default is `-1` which represents infinity.
     - `write_rate` - Integer value that specifies the number of write requests per second. Default is `-1` which represents infinity.
   - `rpc_handshake_timeout` - Configures the limit for how long servers will wait after a client TCP connection is established before they complete the connection handshake. When TLS is used, the same timeout applies to the TLS handshake separately from the initial protocol negotiation. All Consul clients should perform this immediately on establishing a new connection. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). When `verify_incoming` is true on servers, this limits how long the connection socket and associated goroutines will be held open before the client successfully authenticates. Default value is `5s`.
@@ -740,8 +740,9 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
 - `server` Equivalent to the [`-server` command-line flag](/consul/docs/agent/config/cli-flags#_server).
 
 - `server_rejoin_age_max` - controls the allowed maximum age of a stale server attempting to rejoin a cluster.
-  If a server is not running for this period, then it will refuse to start up again until an operator intervenes. This is to protect
-  clusters from instability caused by decommissioned servers accidentally being started again.
+  If the server has not ran during this period, it will refuse to start up again until an operator intervenes by manually deleting the `server_metadata.json`
+  file located in the data dir.
+  This is to protect clusters from instability caused by decommissioned servers accidentally being started again.
   Note: the default value is 168h (equal to 7d) and the minimum value is 6h.
 
 - `non_voting_server` - **This field is deprecated in Consul 1.9.1. See the [`read_replica`](#read_replica) field instead.**
@@ -2094,11 +2095,11 @@ specially crafted certificate signed by the CA can be used to gain full access t
       * `TLSv1_2` (default)
       * `TLSv1_3`
 
-    - `verify_server_hostname` ((#tls_internal_rpc_verify_server_hostname)) When 
-      set to true, Consul verifies the TLS certificate presented by the servers 
-      match the hostname `server.<datacenter>.<domain>`. By default this is false, 
-      and Consul does not verify the hostname of the certificate, only that it 
-      is signed by a trusted CA. 
+    - `verify_server_hostname` ((#tls_internal_rpc_verify_server_hostname)) When
+      set to true, Consul verifies the TLS certificate presented by the servers
+      match the hostname `server.<datacenter>.<domain>`. By default this is false,
+      and Consul does not verify the hostname of the certificate, only that it
+      is signed by a trusted CA.
 
       **WARNING: TLS 1.1 and lower are generally considered less secure and
       should not be used if possible.**

From 5ca8cd67e8ffe6c10c4a8c4d654b3bdcca324a12 Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Wed, 16 Aug 2023 09:10:02 -0700
Subject: [PATCH 286/359] docs: Update OpenShift compatibility  (#18478)

Update compatibility.mdx
---
 website/content/docs/k8s/compatibility.mdx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/website/content/docs/k8s/compatibility.mdx b/website/content/docs/k8s/compatibility.mdx
index 60932c0cb105..637e2ef05185 100644
--- a/website/content/docs/k8s/compatibility.mdx
+++ b/website/content/docs/k8s/compatibility.mdx
@@ -42,7 +42,6 @@ Starting with Consul K8s 0.39.0 and Consul 1.11.x, Consul Kubernetes supports th
 ### Red Hat OpenShift
 
 You can enable support for Red Hat OpenShift by setting `enabled: true` in the `global.openshift` stanza. Refer to the [Deploy Consul on RedHat OpenShift tutorial](https://developer.hashicorp.com/consul/tutorials/kubernetes/kubernetes-openshift-red-hat) for instructions on deploying to OpenShift. 
-- Only the default CNI Plugin, [OpenShift SDN CNI Plugin](https://docs.openshift.com/container-platform/4.9/networking/openshift_sdn/about-openshift-sdn.html) is currently supported.
 
 ### VMware Tanzu Kubernetes Grid and Tanzu Kubernetes Grid Integrated Edition
 

From e6c1c479b73fd6fdfe27946db7ba2fadf4e1163c Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Wed, 16 Aug 2023 11:44:10 -0500
Subject: [PATCH 287/359] resource: Make resource delete tenancy aware (#18476)

resource: Make resource delete tenancy awarae
---
 .../grpc-external/services/resource/delete.go |  38 ++++--
 .../services/resource/delete_test.go          | 120 ++++++++++--------
 .../services/resource/read_test.go            |  43 +------
 .../services/resource/server_test.go          |  48 +++++++
 4 files changed, 144 insertions(+), 105 deletions(-)

diff --git a/agent/grpc-external/services/resource/delete.go b/agent/grpc-external/services/resource/delete.go
index 0c5a86165487..123ffac35b38 100644
--- a/agent/grpc-external/services/resource/delete.go
+++ b/agent/grpc-external/services/resource/delete.go
@@ -27,17 +27,13 @@ import (
 // - Errors with Aborted if the requested Version does not match the stored Version.
 // - Errors with PermissionDenied if ACL check fails
 func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pbresource.DeleteResponse, error) {
-	if err := validateDeleteRequest(req); err != nil {
-		return nil, err
-	}
-
-	reg, err := s.resolveType(req.Id.Type)
+	reg, err := s.validateDeleteRequest(req)
 	if err != nil {
 		return nil, err
 	}
 
-	// TODO(spatel): Refactor _ and entMeta in NET-4919
-	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
+	entMeta := v2TenancyToV1EntMeta(req.Id.Tenancy)
+	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), entMeta)
 	if err != nil {
 		return nil, err
 	}
@@ -48,6 +44,10 @@ func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pb
 	if req.Version == "" || req.Id.Uid == "" {
 		consistency = storage.StrongConsistency
 	}
+
+	// Apply defaults when tenancy units empty.
+	v1EntMetaToV2Tenancy(reg, entMeta, req.Id.Tenancy)
+
 	existing, err := s.Backend.Read(ctx, consistency, req.Id)
 	switch {
 	case errors.Is(err, storage.ErrNotFound):
@@ -144,15 +144,31 @@ func (s *Server) maybeCreateTombstone(ctx context.Context, deleteId *pbresource.
 	}
 }
 
-func validateDeleteRequest(req *pbresource.DeleteRequest) error {
+func (s *Server) validateDeleteRequest(req *pbresource.DeleteRequest) (*resource.Registration, error) {
 	if req.Id == nil {
-		return status.Errorf(codes.InvalidArgument, "id is required")
+		return nil, status.Errorf(codes.InvalidArgument, "id is required")
 	}
 
 	if err := validateId(req.Id, "id"); err != nil {
-		return err
+		return nil, err
 	}
-	return nil
+
+	reg, err := s.resolveType(req.Id.Type)
+	if err != nil {
+		return nil, err
+	}
+
+	// Check scope
+	if reg.Scope == resource.ScopePartition && req.Id.Tenancy.Namespace != "" {
+		return nil, status.Errorf(
+			codes.InvalidArgument,
+			"partition scoped resource %s cannot have a namespace. got: %s",
+			resource.ToGVK(req.Id.Type),
+			req.Id.Tenancy.Namespace,
+		)
+	}
+
+	return reg, nil
 }
 
 // Maintains a deterministic mapping between a resource and it's tombstone's
diff --git a/agent/grpc-external/services/resource/delete_test.go b/agent/grpc-external/services/resource/delete_test.go
index ee32a12a658d..3b8a8099021d 100644
--- a/agent/grpc-external/services/resource/delete_test.go
+++ b/agent/grpc-external/services/resource/delete_test.go
@@ -11,6 +11,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
 
 	"github.com/hashicorp/consul/acl/resolver"
 	"github.com/hashicorp/consul/internal/resource"
@@ -25,35 +26,36 @@ func TestDelete_InputValidation(t *testing.T) {
 
 	demo.RegisterTypes(server.Registry)
 
-	testCases := map[string]func(*pbresource.DeleteRequest){
-		"no id":      func(req *pbresource.DeleteRequest) { req.Id = nil },
-		"no type":    func(req *pbresource.DeleteRequest) { req.Id.Type = nil },
-		"no tenancy": func(req *pbresource.DeleteRequest) { req.Id.Tenancy = nil },
-		"no name":    func(req *pbresource.DeleteRequest) { req.Id.Name = "" },
-
-		// TODO(spatel): Refactor tenancy as part of NET-4919
-		//
-		// clone necessary to not pollute DefaultTenancy
-		// "tenancy partition not default": func(req *pbresource.DeleteRequest) {
-		// 	req.Id.Tenancy = clone(req.Id.Tenancy)
-		// 	req.Id.Tenancy.Partition = ""
-		// },
-		// "tenancy namespace not default": func(req *pbresource.DeleteRequest) {
-		// 	req.Id.Tenancy = clone(req.Id.Tenancy)
-		// 	req.Id.Tenancy.Namespace = ""
-		// },
-		// "tenancy peername not local": func(req *pbresource.DeleteRequest) {
-		// 	req.Id.Tenancy = clone(req.Id.Tenancy)
-		// 	req.Id.Tenancy.PeerName = ""
-		// },
+	testCases := map[string]func(artistId, recordLabelId *pbresource.ID) *pbresource.ID{
+		"no id": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID {
+			return nil
+		},
+		"no type": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			artistId.Type = nil
+			return artistId
+		},
+		"no tenancy": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			artistId.Tenancy = nil
+			return artistId
+		},
+		"no name": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			artistId.Name = ""
+			return artistId
+		},
+		"partition scoped resource with namespace": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
+			recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace"
+			return recordLabelId
+		},
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
-			res, err := demo.GenerateV2Artist()
+			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
 			require.NoError(t, err)
 
-			req := &pbresource.DeleteRequest{Id: res.Id, Version: ""}
-			modFn(req)
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
+
+			req := &pbresource.DeleteRequest{Id: modFn(artist.Id, recordLabel.Id), Version: ""}
 
 			_, err = client.Delete(testContext(t), req)
 			require.Error(t, err)
@@ -125,34 +127,48 @@ func TestDelete_Success(t *testing.T) {
 
 	for desc, tc := range deleteTestCases() {
 		t.Run(desc, func(t *testing.T) {
-			server, client, ctx := testDeps(t)
-			demo.RegisterTypes(server.Registry)
-			artist, err := demo.GenerateV2Artist()
-			require.NoError(t, err)
-
-			rsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: artist})
-			require.NoError(t, err)
-			artistId := clone(rsp.Resource.Id)
-			artist = rsp.Resource
-
-			// delete
-			_, err = client.Delete(ctx, tc.deleteReqFn(artist))
-			require.NoError(t, err)
-
-			// verify deleted
-			_, err = server.Backend.Read(ctx, storage.StrongConsistency, artistId)
-			require.Error(t, err)
-			require.ErrorIs(t, err, storage.ErrNotFound)
-
-			// verify tombstone created
-			_, err = client.Read(ctx, &pbresource.ReadRequest{
-				Id: &pbresource.ID{
-					Name:    tombstoneName(artistId),
-					Type:    resource.TypeV1Tombstone,
-					Tenancy: artist.Id.Tenancy,
-				},
-			})
-			require.NoError(t, err)
+			for tenancyDesc, modFn := range tenancyCases() {
+				t.Run(tenancyDesc, func(t *testing.T) {
+					server, client, ctx := testDeps(t)
+					demo.RegisterTypes(server.Registry)
+
+					recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
+					require.NoError(t, err)
+					recordLabel, err = server.Backend.WriteCAS(ctx, recordLabel)
+					require.NoError(t, err)
+
+					artist, err := demo.GenerateV2Artist()
+					require.NoError(t, err)
+					artist, err = server.Backend.WriteCAS(ctx, artist)
+					require.NoError(t, err)
+
+					// Pick the resource to be deleted based on type's scope
+					deleteId := modFn(artist.Id, recordLabel.Id)
+					deleteReq := tc.deleteReqFn(recordLabel)
+					if proto.Equal(deleteId.Type, demo.TypeV2Artist) {
+						deleteReq = tc.deleteReqFn(artist)
+					}
+
+					// Delete
+					_, err = client.Delete(ctx, deleteReq)
+					require.NoError(t, err)
+
+					// Verify deleted
+					_, err = server.Backend.Read(ctx, storage.StrongConsistency, deleteId)
+					require.Error(t, err)
+					require.ErrorIs(t, err, storage.ErrNotFound)
+
+					// Verify tombstone created
+					_, err = client.Read(ctx, &pbresource.ReadRequest{
+						Id: &pbresource.ID{
+							Name:    tombstoneName(deleteReq.Id),
+							Type:    resource.TypeV1Tombstone,
+							Tenancy: deleteReq.Id.Tenancy,
+						},
+					})
+					require.NoError(t, err, "expected tombstome to be found")
+				})
+			}
 		})
 	}
 }
diff --git a/agent/grpc-external/services/resource/read_test.go b/agent/grpc-external/services/resource/read_test.go
index ac63d0a2687a..ff312c82ca00 100644
--- a/agent/grpc-external/services/resource/read_test.go
+++ b/agent/grpc-external/services/resource/read_test.go
@@ -5,7 +5,6 @@ package resource
 
 import (
 	"context"
-	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/mock"
@@ -157,47 +156,7 @@ func TestRead_GroupVersionMismatch(t *testing.T) {
 func TestRead_Success(t *testing.T) {
 	for desc, tc := range readTestCases() {
 		t.Run(desc, func(t *testing.T) {
-			tenancyCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
-				"namespaced resource provides nonempty partition and namespace": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID {
-					return artistId
-				},
-				"namespaced resource provides uppercase partition and namespace": func(artistId, _ *pbresource.ID) *pbresource.ID {
-					id := clone(artistId)
-					id.Tenancy.Partition = strings.ToUpper(artistId.Tenancy.Partition)
-					id.Tenancy.Namespace = strings.ToUpper(artistId.Tenancy.Namespace)
-					return id
-				},
-				"namespaced resource inherits tokens partition when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
-					id := clone(artistId)
-					id.Tenancy.Partition = ""
-					return id
-				},
-				"namespaced resource inherits tokens namespace when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
-					id := clone(artistId)
-					id.Tenancy.Namespace = ""
-					return id
-				},
-				"namespaced resource inherits tokens partition and namespace when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
-					id := clone(artistId)
-					id.Tenancy.Partition = ""
-					id.Tenancy.Namespace = ""
-					return id
-				},
-				"partitioned resource provides nonempty partition": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
-					return recordLabelId
-				},
-				"partitioned resource provides uppercase partition": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
-					id := clone(recordLabelId)
-					id.Tenancy.Partition = strings.ToUpper(recordLabelId.Tenancy.Partition)
-					return id
-				},
-				"partitioned resource inherits tokens partition when empty": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
-					id := clone(recordLabelId)
-					id.Tenancy.Partition = ""
-					return id
-				},
-			}
-			for tenancyDesc, modFn := range tenancyCases {
+			for tenancyDesc, modFn := range tenancyCases() {
 				t.Run(tenancyDesc, func(t *testing.T) {
 					server := testServer(t)
 					demo.RegisterTypes(server.Registry)
diff --git a/agent/grpc-external/services/resource/server_test.go b/agent/grpc-external/services/resource/server_test.go
index f2ee1512955a..629c90f9226d 100644
--- a/agent/grpc-external/services/resource/server_test.go
+++ b/agent/grpc-external/services/resource/server_test.go
@@ -6,6 +6,7 @@ package resource
 import (
 	"context"
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/mock"
@@ -129,3 +130,50 @@ func modifyArtist(t *testing.T, res *pbresource.Resource) *pbresource.Resource {
 	res.Data = data
 	return res
 }
+
+// tenancyCases returns permutations of valid tenancy structs in a resource id to use as inputs.
+// - the id is for a recordLabel when the resource is partition scoped
+// - the id is for an artist when the resource is namespace scoped
+func tenancyCases() map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID {
+	tenancyCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
+		"namespaced resource provides nonempty partition and namespace": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID {
+			return artistId
+		},
+		"namespaced resource provides uppercase partition and namespace": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			id := clone(artistId)
+			id.Tenancy.Partition = strings.ToUpper(artistId.Tenancy.Partition)
+			id.Tenancy.Namespace = strings.ToUpper(artistId.Tenancy.Namespace)
+			return id
+		},
+		"namespaced resource inherits tokens partition when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			id := clone(artistId)
+			id.Tenancy.Partition = ""
+			return id
+		},
+		"namespaced resource inherits tokens namespace when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			id := clone(artistId)
+			id.Tenancy.Namespace = ""
+			return id
+		},
+		"namespaced resource inherits tokens partition and namespace when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			id := clone(artistId)
+			id.Tenancy.Partition = ""
+			id.Tenancy.Namespace = ""
+			return id
+		},
+		"partitioned resource provides nonempty partition": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
+			return recordLabelId
+		},
+		"partitioned resource provides uppercase partition": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
+			id := clone(recordLabelId)
+			id.Tenancy.Partition = strings.ToUpper(recordLabelId.Tenancy.Partition)
+			return id
+		},
+		"partitioned resource inherits tokens partition when empty": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
+			id := clone(recordLabelId)
+			id.Tenancy.Partition = ""
+			return id
+		},
+	}
+	return tenancyCases
+}

From 9e9800e8ce9db7b4654833a11254b3a984dfb928 Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Wed, 16 Aug 2023 14:31:33 -0400
Subject: [PATCH 288/359] Add license-checker action that fails when any
 backported file contains BUSL header (#18485)

* Add license-checker action that fails when any backported file contains BUSL header

* Quote echoed variable to retain line breaks

* Add ticket to reference for more details
---
 .github/scripts/license_checker.sh    | 16 ++++++++++++++++
 .github/workflows/license-checker.yml | 27 +++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100755 .github/scripts/license_checker.sh
 create mode 100644 .github/workflows/license-checker.yml

diff --git a/.github/scripts/license_checker.sh b/.github/scripts/license_checker.sh
new file mode 100755
index 000000000000..fb1ac4194d72
--- /dev/null
+++ b/.github/scripts/license_checker.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+
+busl_files=$(grep -r 'SPDX-License-Identifier: BUSL' --exclude=./.github/scripts/license_checker.sh .)
+
+# If we do not find a file in .changelog/, we fail the check
+if [ -n "$busl_files" ]; then
+    echo "Found BUSL occurrences in the PR branch! (See NET-5258 for details)"
+    echo -n "$busl_files"
+    exit 1
+else
+    echo "Did not find any occurrences of BUSL in the PR branch"
+    exit 0
+fi
diff --git a/.github/workflows/license-checker.yml b/.github/workflows/license-checker.yml
new file mode 100644
index 000000000000..13a2135804e3
--- /dev/null
+++ b/.github/workflows/license-checker.yml
@@ -0,0 +1,27 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+# This workflow checks that the BUSL license is not mentioned anywhere in
+# a PR targeting a release that should maintain the MPL-2.0 license.
+name: License Checker
+
+on:
+  pull_request:
+    types: [opened]
+    branches:
+      - release/1.14.*
+      - release/1.15.*
+      - release/1.16.*
+
+jobs:
+  # checks that the diff does not contain any reference to
+  # the BUSL license and thus retains the MPL-2.0 license
+  license-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0 # by default the checkout action doesn't checkout all branches
+      - name: Check for BUSL text in diff
+        run: ./.github/scripts/license_checker.sh

From aa21b1232177aabcb4de61cbce34f23f033b4ac3 Mon Sep 17 00:00:00 2001
From: Blake Covarrubias <blake@covarrubi.as>
Date: Wed, 16 Aug 2023 13:35:44 -0700
Subject: [PATCH 289/359] docs: Update K8s TGW tutorial to reliably obtain role
 ID (#18474)

The `grep` command used to obtain the ID for the terminating gateway
role is not reliable in all scenarios. For example, if there is a
similarly named role, the command may return the wrong role ID for the
active terminating gateway instance.

This commit updates the command to use jq to obtain the role ID. If
multiple roles are found, jq will raise an error informing the user
that it cannot reliably determine the role ID.
---
 .../docs/k8s/connect/terminating-gateways.mdx | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/website/content/docs/k8s/connect/terminating-gateways.mdx b/website/content/docs/k8s/connect/terminating-gateways.mdx
index 1da48d0a5425..319fedf71dd3 100644
--- a/website/content/docs/k8s/connect/terminating-gateways.mdx
+++ b/website/content/docs/k8s/connect/terminating-gateways.mdx
@@ -40,7 +40,7 @@ terminatingGateways:
 The Helm chart may be deployed using the [Consul on Kubernetes CLI](/consul/docs/k8s/k8s-cli).
 
 ```shell-session
-$ consul-k8s install -f values.yaml
+$ consul-k8s install --config-file values.yaml
 ```
 
 ## Accessing the Consul agent
@@ -52,7 +52,7 @@ You can access the Consul server directly from your host by running `kubectl por
 <Tab heading="Without TLS">
 
 ```shell-session
-$ kubectl port-forward consul-server-0 8500 &
+$ kubectl port-forward service/consul-server 8500 &
 ```
 
 ```shell-session
@@ -65,7 +65,7 @@ $ export CONSUL_HTTP_ADDR=http://localhost:8500
 If TLS is enabled use port 8501:
 
 ```shell-session
-$ kubectl port-forward consul-server-0 8501 &
+$ kubectl port-forward service/consul-server 8501 &
 ```
 
 ```shell-session
@@ -102,6 +102,7 @@ you may register the service as a node in the Consul catalog.
 <Tab heading="Using ServiceDefaults and TransparentProxy">
 
 The [`destination`](/consul/docs/connect/config-entries/service-defaults#terminating-gateway-destination) field of the `ServiceDefaults` Custom Resource Definition (CRD) allows clients to dial an external service directly. For this method to work, [`TransparentProxy`](/consul/docs/connect/transparent-proxy) must be enabled.
+
 The following table describes traffic behaviors when using the `destination` field to route traffic through a terminating gateway:
 
 | <nobr>External Services Layer</nobr> | <nobr>Client dials</nobr> | <nobr>Client uses TLS</nobr> | Allowed                  | Notes                                                                                         |
@@ -205,7 +206,7 @@ true
 
 ### Update terminating gateway ACL role if ACLs are enabled
 
-If ACLs are enabled, update the terminating gateway acl role to have `service: write` permissions on all of the services
+If ACLs are enabled, update the terminating gateway ACL role to have `service:write` permissions on all of the services
 being represented by the gateway.
 
 Create a new policy that includes the write permission for the service you created.
@@ -232,15 +233,14 @@ service "example-https" {
 }
 ```
 
-Fetch the ID of the terminating gateway token.
+Obtain the ID of the terminating gateway role.
 
 ```shell-session
-consul acl role list | grep -B 6 -- "- RELEASE_NAME-terminating-gateway-policy" | grep ID
-
-ID:       <role id>
+$ consul acl role list -format=json | jq --raw-output '[.[] | select(.Name | endswith("-terminating-gateway-acl-role"))] | if (. | length) == 1 then (. | first | .ID) else "Unable to determine the role ID because there are multiple roles matching this name.\n" | halt_error end'
+<role id>
 ```
 
-Update the terminating gateway ACL token with the new policy.
+Update the terminating gateway ACL role with the new policy.
 
 ```shell-session
 $ consul acl role update -id <role id> -policy-name example-https-write-policy
@@ -379,7 +379,7 @@ deployment "static-client" successfully rolled out
 You can verify connectivity of the static-client and terminating gateway via a curl command.
 
 <Tabs>
-<Tab heading="Registered with `ServiceDefaults` destinations">
+<Tab heading="Registered with ServiceDefaults destinations">
 
 ```shell-session
 $ kubectl exec deploy/static-client -- curl -vvvs https://example.com/

From d488fc79a9d622cb7506486d171457c991e864fe Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Wed, 16 Aug 2023 16:48:14 -0400
Subject: [PATCH 290/359] NET-5371 License checker pt2 (#18491)

* Update grep command to work on ubuntu

* Run license checker when new commits are pushed to PR
---
 .github/scripts/license_checker.sh    | 2 +-
 .github/workflows/license-checker.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/scripts/license_checker.sh b/.github/scripts/license_checker.sh
index fb1ac4194d72..6ba026f04fdd 100755
--- a/.github/scripts/license_checker.sh
+++ b/.github/scripts/license_checker.sh
@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: BUSL-1.1
 
 
-busl_files=$(grep -r 'SPDX-License-Identifier: BUSL' --exclude=./.github/scripts/license_checker.sh .)
+busl_files=$(grep -r 'SPDX-License-Identifier: BUSL' . --exclude-dir .github)
 
 # If we do not find a file in .changelog/, we fail the check
 if [ -n "$busl_files" ]; then
diff --git a/.github/workflows/license-checker.yml b/.github/workflows/license-checker.yml
index 13a2135804e3..747f81490e6a 100644
--- a/.github/workflows/license-checker.yml
+++ b/.github/workflows/license-checker.yml
@@ -7,7 +7,7 @@ name: License Checker
 
 on:
   pull_request:
-    types: [opened]
+    types: [opened, synchronize]
     branches:
       - release/1.14.*
       - release/1.15.*

From ea7b419b6f5104432939bdb0743983d0a2623ad6 Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Wed, 16 Aug 2023 16:12:55 -0700
Subject: [PATCH 291/359] README - Update KV use case to Dynamic App
 Configuration  (#18301)

* Update README.md
* Update kv.mdx
* Add BUSL badge
---
 README.md                                      | 8 ++++----
 website/content/docs/dynamic-app-config/kv.mdx | 4 ++++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 6874819733b8..002c0c603cb4 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,8 @@
   <span>Consul</span>
 </h1>
 
-[![Docker Pulls](https://img.shields.io/docker/pulls/_/consul.svg)](https://hub.docker.com/_/consul)
+[![Docker Pulls](https://img.shields.io/docker/pulls/hashicorp/consul.svg)](https://hub.docker.com/hashicorp/consul)
+[![License: BUSL-1.1](https://img.shields.io/badge/License-BUSL--1.1-yellow.svg)](LICENSE)
 [![Go Report Card](https://goreportcard.com/badge/github.com/hashicorp/consul)](https://goreportcard.com/report/github.com/hashicorp/consul)
 
 Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
@@ -31,9 +32,8 @@ Consul provides several key features:
   discovery prevents routing traffic to unhealthy hosts and enables service
   level circuit breakers.
 
-* **Key/Value Storage** - A flexible key/value store enables storing
-  dynamic configuration, feature flagging, coordination, leader election and
-  more. The simple HTTP API makes it easy to use anywhere.
+* **Dynamic App Configuration** - An HTTP API that allows users to store indexed objects within Consul,
+  for storing configuration parameters and application metadata.
 
 Consul runs on Linux, macOS, FreeBSD, Solaris, and Windows and includes an
 optional [browser based UI](https://demo.consul.io). A commercial version
diff --git a/website/content/docs/dynamic-app-config/kv.mdx b/website/content/docs/dynamic-app-config/kv.mdx
index 80da28e9e48f..982c7729380d 100644
--- a/website/content/docs/dynamic-app-config/kv.mdx
+++ b/website/content/docs/dynamic-app-config/kv.mdx
@@ -7,6 +7,10 @@ description: >-
 
 # Key/Value (KV) Store Overview
 
+<Note>
+The Consul KV API, CLI, and UI are now considered feature complete and no new feature development is planned for future releases.
+</Note>
+
 Consul KV is a core feature of Consul and is installed with the Consul agent.
 Once installed with the agent, it will have reasonable defaults. Consul KV allows
 users to store indexed objects, though its main uses are storing configuration

From cbedbc080fba3d7031fad32807036dff65c539fe Mon Sep 17 00:00:00 2001
From: David Yu <dyu@hashicorp.com>
Date: Wed, 16 Aug 2023 18:41:43 -0700
Subject: [PATCH 292/359] README - re-order badges and update hub link (#18498)

Update README.md
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 002c0c603cb4..870e00f76c76 100644
--- a/README.md
+++ b/README.md
@@ -3,8 +3,8 @@
   <span>Consul</span>
 </h1>
 
-[![Docker Pulls](https://img.shields.io/docker/pulls/hashicorp/consul.svg)](https://hub.docker.com/hashicorp/consul)
 [![License: BUSL-1.1](https://img.shields.io/badge/License-BUSL--1.1-yellow.svg)](LICENSE)
+[![Docker Pulls](https://img.shields.io/docker/pulls/hashicorp/consul.svg)](https://hub.docker.com/r/hashicorp/consul)
 [![Go Report Card](https://goreportcard.com/badge/github.com/hashicorp/consul)](https://goreportcard.com/report/github.com/hashicorp/consul)
 
 Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

From 61b7c0d76ff33f883dfad875d1a39bfd115b332b Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Thu, 17 Aug 2023 09:41:29 -0400
Subject: [PATCH 293/359] [NET-5163] Support locality testing in
 consul-container (#18484)

* Support locality testing in consul-container

Support including locality in client sidecar config.

Also align test config structs with Ent to avoid future conflicts.

* Refactor consul-container fortio helpers

Refactor fortio test helpers to separate HTTP retries from waiting on
fortio result changes due to e.g. service startup and failovers.
---
 sdk/testutil/retry/timer.go                   |  6 ++
 .../consul-container/libs/assert/service.go   | 62 ++++++++++++++++---
 .../consul-container/libs/service/connect.go  |  3 +-
 .../consul-container/libs/service/helpers.go  | 34 +++++++++-
 .../libs/topology/peering_topology.go         |  2 +-
 .../libs/topology/service_topology.go         |  2 +-
 .../test/envoy_extensions/ext_authz_test.go   |  2 +-
 .../test/envoy_extensions/wasm_test.go        |  2 +-
 .../test/jwtauth/jwt_auth_test.go             |  2 +-
 .../test/tproxy/tproxy_test.go                |  2 +-
 .../test/upgrade/ingress_gateway_grpc_test.go |  2 +-
 .../resolver_default_subset_test.go           |  2 +-
 .../peering/peering_control_plane_mgw_test.go |  2 +-
 .../test/upgrade/peering/peering_http_test.go | 15 +++--
 .../test/wanfed/wanfed_peering_test.go        |  2 +-
 15 files changed, 114 insertions(+), 26 deletions(-)

diff --git a/sdk/testutil/retry/timer.go b/sdk/testutil/retry/timer.go
index a26593ddd72e..16433e9ec7b0 100644
--- a/sdk/testutil/retry/timer.go
+++ b/sdk/testutil/retry/timer.go
@@ -2,6 +2,12 @@ package retry
 
 import "time"
 
+// ThirtySeconds repeats an operation for thirty seconds and waits 500ms in between.
+// Best for known slower operations like waiting on eventually consistent state.
+func ThirtySeconds() *Timer {
+	return &Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond}
+}
+
 // TwoSeconds repeats an operation for two seconds and waits 25ms in between.
 func TwoSeconds() *Timer {
 	return &Timer{Timeout: 2 * time.Second, Wait: 25 * time.Millisecond}
diff --git a/test/integration/consul-container/libs/assert/service.go b/test/integration/consul-container/libs/assert/service.go
index ba08649b2758..35fad6bfb15b 100644
--- a/test/integration/consul-container/libs/assert/service.go
+++ b/test/integration/consul-container/libs/assert/service.go
@@ -216,7 +216,54 @@ func AssertFortioName(t *testing.T, urlbase string, name string, reqHost string)
 // client must be a custom http.Client
 func AssertFortioNameWithClient(t *testing.T, urlbase string, name string, reqHost string, client *http.Client) {
 	t.Helper()
-	var fortioNameRE = regexp.MustCompile(("\nFORTIO_NAME=(.+)\n"))
+	foundName, err := FortioNameWithClient(t, urlbase, name, reqHost, client)
+	require.NoError(t, err)
+	t.Logf("got response from server name %q expect %q", foundName, name)
+	assert.Equal(t, name, foundName)
+}
+
+// WaitForFortioName is a convenience function for [WaitForFortioNameWithClient], using a [cleanhttp.DefaultClient()]
+func WaitForFortioName(t *testing.T, r retry.Retryer, urlbase string, name string, reqHost string) {
+	t.Helper()
+	client := cleanhttp.DefaultClient()
+	WaitForFortioNameWithClient(t, r, urlbase, name, reqHost, client)
+}
+
+// WaitForFortioNameWithClient enables waiting for FortioNameWithClient to return a specific
+// value. It uses the provided Retryer to wait for the expected name and only fails when
+// retries are exhausted.
+//
+// This is useful when performing failovers in tests and in other eventual consistency
+// scenarios that may take multiple seconds to resolve.
+//
+// Note that the underlying FortioNameWithClient has its own retry for successfully making
+// an HTTP request, which will be counted against the timeout of the provided Retryer if it
+// is a Timer, or incorporated into each attempt if it is a Counter.
+func WaitForFortioNameWithClient(t *testing.T, r retry.Retryer, urlbase string, name string, reqHost string, client *http.Client) {
+	t.Helper()
+	retry.RunWith(r, t, func(r *retry.R) {
+		actual, err := FortioNameWithClient(r, urlbase, name, reqHost, client)
+		require.NoError(r, err)
+		if name != actual {
+			r.Errorf("name %s did not match expected %s", name, actual)
+		}
+	})
+}
+
+// FortioNameWithClient returns the `FORTIO_NAME` returned by the fortio service at
+// urlbase/debug. This can be used to validate that the client is sending traffic to
+// the right envoy proxy.
+//
+// If reqHost is set, the Host field of the HTTP request will be set to its value.
+//
+// It retries with timeout defaultHTTPTimeout and wait defaultHTTPWait.
+//
+// client must be a custom http.Client
+func FortioNameWithClient(t retry.Failer, urlbase string, name string, reqHost string, client *http.Client) (string, error) {
+	t.Helper()
+	var fortioNameRE = regexp.MustCompile("\nFORTIO_NAME=(.+)\n")
+	var body []byte
+
 	retry.RunWith(&retry.Timer{Timeout: defaultHTTPTimeout, Wait: defaultHTTPWait}, t, func(r *retry.R) {
 		fullurl := fmt.Sprintf("%s/debug?env=dump", urlbase)
 		req, err := http.NewRequest("GET", fullurl, nil)
@@ -236,16 +283,17 @@ func AssertFortioNameWithClient(t *testing.T, urlbase string, name string, reqHo
 			r.Fatalf("could not make request to %q: status %d", fullurl, resp.StatusCode)
 		}
 
-		body, err := io.ReadAll(resp.Body)
+		body, err = io.ReadAll(resp.Body)
 		if err != nil {
 			r.Fatalf("failed to read response body from %q: %v", fullurl, err)
 		}
-
-		m := fortioNameRE.FindStringSubmatch(string(body))
-		require.GreaterOrEqual(r, len(m), 2)
-		t.Logf("got response from server name %q expect %q", m[1], name)
-		assert.Equal(r, name, m[1])
 	})
+
+	m := fortioNameRE.FindStringSubmatch(string(body))
+	if len(m) < 2 {
+		return "", fmt.Errorf("fortio name not found %s", name)
+	}
+	return m[1], nil
 }
 
 // AssertContainerState validates service container status
diff --git a/test/integration/consul-container/libs/service/connect.go b/test/integration/consul-container/libs/service/connect.go
index 4d72bc9ffb83..6d283eac67d9 100644
--- a/test/integration/consul-container/libs/service/connect.go
+++ b/test/integration/consul-container/libs/service/connect.go
@@ -163,8 +163,9 @@ func (g ConnectContainer) GetStatus() (string, error) {
 type SidecarConfig struct {
 	Name         string
 	ServiceID    string
-	Namespace    string
 	EnableTProxy bool
+	Namespace    string
+	Partition    string
 }
 
 // NewConnectService returns a container that runs envoy sidecar, launched by
diff --git a/test/integration/consul-container/libs/service/helpers.go b/test/integration/consul-container/libs/service/helpers.go
index da4b718f432e..a524d9c040bf 100644
--- a/test/integration/consul-container/libs/service/helpers.go
+++ b/test/integration/consul-container/libs/service/helpers.go
@@ -47,6 +47,7 @@ type ServiceOpts struct {
 	Checks       Checks
 	Connect      SidecarService
 	Namespace    string
+	Partition    string
 	Locality     *api.Locality
 }
 
@@ -73,6 +74,7 @@ func createAndRegisterStaticServerAndSidecar(node libcluster.Agent, httpPort int
 		Name:      fmt.Sprintf("%s-sidecar", svc.ID),
 		ServiceID: svc.ID,
 		Namespace: svc.Namespace,
+		Partition: svc.Partition,
 		EnableTProxy: svc.Connect != nil &&
 			svc.Connect.SidecarService != nil &&
 			svc.Connect.SidecarService.Proxy != nil &&
@@ -174,6 +176,8 @@ func CreateAndRegisterCustomServiceAndSidecar(node libcluster.Agent,
 			},
 		},
 		Namespace: serviceOpts.Namespace,
+		Partition: serviceOpts.Partition,
+		Locality:  serviceOpts.Locality,
 		Meta:      serviceOpts.Meta,
 		Check:     &agentCheck,
 	}
@@ -214,9 +218,10 @@ func CreateAndRegisterStaticServerAndSidecarWithCustomContainerConfig(node libcl
 			},
 		},
 		Namespace: serviceOpts.Namespace,
+		Partition: serviceOpts.Partition,
+		Locality:  serviceOpts.Locality,
 		Meta:      serviceOpts.Meta,
 		Check:     &agentCheck,
-		Locality:  serviceOpts.Locality,
 	}
 	return createAndRegisterStaticServerAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req, customContainerCfg, containerArgs...)
 }
@@ -246,7 +251,10 @@ func CreateAndRegisterStaticServerAndSidecarWithChecks(node libcluster.Agent, se
 				TTL:  serviceOpts.Checks.TTL,
 			},
 		},
-		Meta: serviceOpts.Meta,
+		Meta:      serviceOpts.Meta,
+		Namespace: serviceOpts.Namespace,
+		Partition: serviceOpts.Partition,
+		Locality:  serviceOpts.Locality,
 	}
 
 	return createAndRegisterStaticServerAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req, nil)
@@ -257,6 +265,7 @@ func CreateAndRegisterStaticClientSidecar(
 	peerName string,
 	localMeshGateway bool,
 	enableTProxy bool,
+	serviceOpts *ServiceOpts,
 ) (*ConnectContainer, error) {
 	// Do some trickery to ensure that partial completion is correctly torn
 	// down, but successful execution is not.
@@ -298,6 +307,27 @@ func CreateAndRegisterStaticClientSidecar(
 		},
 	}
 
+	// Set relevant fields for static client if opts are provided
+	if serviceOpts != nil {
+		if serviceOpts.Connect.Proxy.Mode != "" {
+			return nil, fmt.Errorf("this helper does not support directly setting connect proxy mode; use enableTProxy and/or localMeshGateway instead")
+		}
+		// These options are defaulted above, so only set them as overrides
+		if serviceOpts.Name != "" {
+			req.Name = serviceOpts.Name
+		}
+		if serviceOpts.HTTPPort != 0 {
+			req.Port = serviceOpts.HTTPPort
+		}
+		if serviceOpts.Connect.Port != 0 {
+			req.Connect.SidecarService.Port = serviceOpts.Connect.Port
+		}
+		req.Meta = serviceOpts.Meta
+		req.Namespace = serviceOpts.Namespace
+		req.Partition = serviceOpts.Partition
+		req.Locality = serviceOpts.Locality
+	}
+
 	if err := node.GetClient().Agent().ServiceRegister(req); err != nil {
 		return nil, err
 	}
diff --git a/test/integration/consul-container/libs/topology/peering_topology.go b/test/integration/consul-container/libs/topology/peering_topology.go
index 3a4952102616..1d11851753a2 100644
--- a/test/integration/consul-container/libs/topology/peering_topology.go
+++ b/test/integration/consul-container/libs/topology/peering_topology.go
@@ -151,7 +151,7 @@ func BasicPeeringTwoClustersSetup(
 
 		// Create a service and proxy instance
 		var err error
-		clientSidecarService, err = libservice.CreateAndRegisterStaticClientSidecar(clientNode, DialingPeerName, true, false)
+		clientSidecarService, err = libservice.CreateAndRegisterStaticClientSidecar(clientNode, DialingPeerName, true, false, nil)
 		require.NoError(t, err)
 
 		libassert.CatalogServiceExists(t, dialingClient, "static-client-sidecar-proxy", nil)
diff --git a/test/integration/consul-container/libs/topology/service_topology.go b/test/integration/consul-container/libs/topology/service_topology.go
index 5898a57ec1c3..be0af12cf086 100644
--- a/test/integration/consul-container/libs/topology/service_topology.go
+++ b/test/integration/consul-container/libs/topology/service_topology.go
@@ -51,7 +51,7 @@ func CreateServices(t *testing.T, cluster *libcluster.Cluster, protocol string)
 	libassert.CatalogServiceExists(t, client, libservice.StaticServerServiceName, nil)
 
 	// Create a client proxy instance with the server as an upstream
-	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false)
+	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false, nil)
 	require.NoError(t, err)
 
 	libassert.CatalogServiceExists(t, client, fmt.Sprintf("%s-sidecar-proxy", libservice.StaticClientServiceName), nil)
diff --git a/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go b/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
index 38c700a5a039..cf00105345fa 100644
--- a/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
+++ b/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
@@ -110,7 +110,7 @@ func createServices(t *testing.T, cluster *libcluster.Cluster) libservice.Servic
 	libassert.CatalogServiceExists(t, client, libservice.StaticServerServiceName, nil)
 
 	// Create a client proxy instance with the server as an upstream
-	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false)
+	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false, nil)
 	require.NoError(t, err)
 
 	libassert.CatalogServiceExists(t, client, "static-client-sidecar-proxy", nil)
diff --git a/test/integration/consul-container/test/envoy_extensions/wasm_test.go b/test/integration/consul-container/test/envoy_extensions/wasm_test.go
index fee0675c50a7..ae5cf3b3d5b7 100644
--- a/test/integration/consul-container/test/envoy_extensions/wasm_test.go
+++ b/test/integration/consul-container/test/envoy_extensions/wasm_test.go
@@ -311,7 +311,7 @@ func createTestServices(t *testing.T, cluster *libcluster.Cluster) (libservice.S
 
 	// Create a client proxy instance with the server as an upstream
 
-	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false)
+	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false, nil)
 	require.NoError(t, err)
 
 	libassert.CatalogServiceExists(t, client, "static-client-sidecar-proxy", nil)
diff --git a/test/integration/consul-container/test/jwtauth/jwt_auth_test.go b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
index 3de8a07e74a4..939dec13882b 100644
--- a/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
+++ b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
@@ -130,7 +130,7 @@ func createServices(t *testing.T, cluster *libcluster.Cluster) libservice.Servic
 	libassert.CatalogServiceExists(t, client, libservice.StaticServerServiceName, apiOpts)
 
 	// Create a client proxy instance with the server as an upstream
-	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false)
+	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false, nil)
 	require.NoError(t, err)
 
 	libassert.CatalogServiceExists(t, client, "static-client-sidecar-proxy", apiOpts)
diff --git a/test/integration/consul-container/test/tproxy/tproxy_test.go b/test/integration/consul-container/test/tproxy/tproxy_test.go
index 978d211aa923..15eae0c21090 100644
--- a/test/integration/consul-container/test/tproxy/tproxy_test.go
+++ b/test/integration/consul-container/test/tproxy/tproxy_test.go
@@ -215,7 +215,7 @@ func createServices(t *testing.T, cluster *libcluster.Cluster) libservice.Servic
 		client := node.GetClient()
 
 		// Create a client proxy instance with the server as an upstream
-		clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, true)
+		clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, true, nil)
 		require.NoError(t, err)
 
 		libassert.CatalogServiceExists(t, client, "static-client-sidecar-proxy", nil)
diff --git a/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go b/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go
index 75f52688b2d8..174769d53170 100644
--- a/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go
+++ b/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go
@@ -92,7 +92,7 @@ func TestIngressGateway_GRPC_UpgradeToTarget_fromLatest(t *testing.T) {
 	serverNodes := cluster.Servers()
 	require.NoError(t, err)
 	require.True(t, len(serverNodes) > 0)
-	staticClientSvcSidecar, err := libservice.CreateAndRegisterStaticClientSidecar(serverNodes[0], "", true, false)
+	staticClientSvcSidecar, err := libservice.CreateAndRegisterStaticClientSidecar(serverNodes[0], "", true, false, nil)
 	require.NoError(t, err)
 
 	tests := func(t *testing.T) {
diff --git a/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go b/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
index dcc78e683ec1..9feb9d82092a 100644
--- a/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
+++ b/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
@@ -349,7 +349,7 @@ func setup(t *testing.T) (*libcluster.Cluster, libservice.Service, libservice.Se
 	require.NoError(t, err)
 
 	// Create a client proxy instance with the server as an upstream
-	staticClientProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false)
+	staticClientProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false, nil)
 	require.NoError(t, err)
 
 	require.NoError(t, err)
diff --git a/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go b/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go
index fc104b488fa8..b88781bd790a 100644
--- a/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go
+++ b/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go
@@ -87,7 +87,7 @@ func TestPeering_ControlPlaneMGW(t *testing.T) {
 		"upstream_cx_total", 1)
 	require.NoError(t, accepting.Gateway.Start())
 
-	clientSidecarService, err := libservice.CreateAndRegisterStaticClientSidecar(dialingCluster.Servers()[0], libtopology.DialingPeerName, true, false)
+	clientSidecarService, err := libservice.CreateAndRegisterStaticClientSidecar(dialingCluster.Servers()[0], libtopology.DialingPeerName, true, false, nil)
 	require.NoError(t, err)
 	_, port := clientSidecarService.GetAddr()
 	_, adminPort := clientSidecarService.GetAdminAddr()
diff --git a/test/integration/consul-container/test/upgrade/peering/peering_http_test.go b/test/integration/consul-container/test/upgrade/peering/peering_http_test.go
index 60a74afb5b5f..9c48727d83a6 100644
--- a/test/integration/consul-container/test/upgrade/peering/peering_http_test.go
+++ b/test/integration/consul-container/test/upgrade/peering/peering_http_test.go
@@ -7,10 +7,12 @@ import (
 	"context"
 	"fmt"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/require"
 
 	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
 	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
 	libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service"
 	libtopology "github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
@@ -83,13 +85,13 @@ func TestPeering_HTTPRouter(t *testing.T) {
 	}
 	require.NoError(t, acceptingCluster.ConfigEntryWrite(routerConfigEntry))
 	_, appPort := dialing.Container.GetAddr()
-	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d/static-server-2", appPort), "static-server-2", "")
+	libassert.WaitForFortioName(t, retry.ThirtySeconds(), fmt.Sprintf("http://localhost:%d/static-server-2", appPort), "static-server-2", "")
 
 	peeringUpgrade(t, accepting, dialing, utils.TargetVersion)
 
 	peeringPostUpgradeValidation(t, dialing)
 	// TODO: restart static-server-2's sidecar
-	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d/static-server-2", appPort), "static-server-2", "")
+	libassert.WaitForFortioName(t, retry.ThirtySeconds(), fmt.Sprintf("http://localhost:%d/static-server-2", appPort), "static-server-2", "")
 }
 
 // Verify resolver and failover can direct traffic to server in peered cluster
@@ -171,11 +173,12 @@ func TestPeering_HTTPResolverAndFailover(t *testing.T) {
 
 	assertionAdditionalResources := func() {
 		// assert traffic can fail-over to static-server in peered cluster and restor to local static-server
-		libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", appPorts[0]), "static-server-dialing", "")
+		// timeouts in this segment of the test reflect previously implicit retries in fortio name assertions for parity
+		libassert.WaitForFortioName(t, &retry.Timer{Timeout: 2 * time.Minute, Wait: 500 * time.Millisecond}, fmt.Sprintf("http://localhost:%d", appPorts[0]), "static-server-dialing", "")
 		require.NoError(t, serverConnectProxy.Stop())
-		libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", appPorts[0]), libservice.StaticServerServiceName, "")
+		libassert.WaitForFortioName(t, &retry.Timer{Timeout: 2 * time.Minute, Wait: 500 * time.Millisecond}, fmt.Sprintf("http://localhost:%d", appPorts[0]), libservice.StaticServerServiceName, "")
 		require.NoError(t, serverConnectProxy.Start())
-		libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", appPorts[0]), "static-server-dialing", "")
+		libassert.WaitForFortioName(t, &retry.Timer{Timeout: 2 * time.Minute, Wait: 500 * time.Millisecond}, fmt.Sprintf("http://localhost:%d", appPorts[0]), "static-server-dialing", "")
 
 		// assert peer-static-server resolves to static-server in peered cluster
 		libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", appPorts[1]), libservice.StaticServerServiceName, "")
@@ -352,7 +355,7 @@ func peeringUpgrade(t *testing.T, accepting, dialing *libtopology.BuiltCluster,
 func peeringPostUpgradeValidation(t *testing.T, dialing *libtopology.BuiltCluster) {
 	t.Helper()
 
-	clientSidecarService, err := libservice.CreateAndRegisterStaticClientSidecar(dialing.Cluster.Servers()[0], libtopology.DialingPeerName, true, false)
+	clientSidecarService, err := libservice.CreateAndRegisterStaticClientSidecar(dialing.Cluster.Servers()[0], libtopology.DialingPeerName, true, false, nil)
 	require.NoError(t, err)
 	_, port := clientSidecarService.GetAddr()
 	_, adminPort := clientSidecarService.GetAdminAddr()
diff --git a/test/integration/consul-container/test/wanfed/wanfed_peering_test.go b/test/integration/consul-container/test/wanfed/wanfed_peering_test.go
index 4107fd726f96..41d6854e2832 100644
--- a/test/integration/consul-container/test/wanfed/wanfed_peering_test.go
+++ b/test/integration/consul-container/test/wanfed/wanfed_peering_test.go
@@ -57,7 +57,7 @@ func TestPeering_WanFedSecondaryDC(t *testing.T) {
 		require.NoError(t, service.Export("default", "alpha-to-secondary", c3Agent.GetClient()))
 
 		// Create a testing sidecar to proxy requests through
-		clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(c2Agent, "secondary-to-alpha", false, false)
+		clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(c2Agent, "secondary-to-alpha", false, false, nil)
 		require.NoError(t, err)
 		libassert.CatalogServiceExists(t, c2Agent.GetClient(), "static-client-sidecar-proxy", nil)
 

From b80c5258faa1119029b72889f86498c2caeb44ab Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Thu, 17 Aug 2023 12:43:21 -0600
Subject: [PATCH 294/359] NET-4853 - xds v2 - implement base connect proxy
 functionality for clusters (#18499)

---
 agent/xds/clusters.go                         |   25 +-
 agent/xds/clusters_test.go                    |  219 ++-
 agent/xds/delta_envoy_extender_oss_test.go    |    6 +-
 agent/xds/endpoints.go                        |   21 +-
 agent/xds/endpoints_test.go                   |   30 +-
 agent/xds/listeners.go                        |    7 +-
 agent/xds/listeners_test.go                   |   63 +-
 agent/xds/proxystateconverter/clusters.go     | 1183 ++++++++++++++++-
 agent/xds/proxystateconverter/converter.go    |    6 +-
 agent/xds/proxystateconverter/endpoints.go    |   85 ++
 .../proxystateconverter/failover_policy.go    |  158 +++
 .../failover_policy_oss.go                    |   15 +
 agent/xds/proxystateconverter/listeners.go    |   11 +-
 agent/xds/rbac.go                             |   11 +-
 agent/xds/resources_test.go                   |    3 +-
 agent/xds/{ => response}/response.go          |   14 +-
 agent/xds/routes.go                           |   33 +-
 agent/xds/routes_test.go                      |    3 +-
 agent/xds/xds_protocol_helpers_test.go        |   23 +-
 agent/xdsv2/cluster_resources.go              |  327 ++++-
 agent/xdsv2/endpoint_resources.go             |   41 +
 agent/xdsv2/listener_resources.go             |    7 +-
 agent/xdsv2/resources.go                      |    8 +-
 agent/xdsv2/route_resources.go                |    3 +
 .../v1alpha1/pbproxystate/cluster.pb.go       |   26 +-
 .../v1alpha1/pbproxystate/cluster.proto       |    4 +
 .../pbproxystate/transport_socket.pb.go       |  414 +++---
 .../pbproxystate/transport_socket.proto       |   14 +-
 28 files changed, 2410 insertions(+), 350 deletions(-)
 create mode 100644 agent/xds/proxystateconverter/endpoints.go
 create mode 100644 agent/xds/proxystateconverter/failover_policy.go
 create mode 100644 agent/xds/proxystateconverter/failover_policy_oss.go
 rename agent/xds/{ => response}/response.go (82%)
 create mode 100644 agent/xdsv2/endpoint_resources.go

diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go
index f56700c02a91..908aa746bc9c 100644
--- a/agent/xds/clusters.go
+++ b/agent/xds/clusters.go
@@ -32,6 +32,7 @@ import (
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 )
@@ -1008,11 +1009,11 @@ func (s *ResourceGenerator) configIngressUpstreamCluster(c *envoy_cluster_v3.Clu
 
 		switch limitType {
 		case "max_connections":
-			threshold.MaxConnections = makeUint32Value(limit)
+			threshold.MaxConnections = response.MakeUint32Value(limit)
 		case "max_pending_requests":
-			threshold.MaxPendingRequests = makeUint32Value(limit)
+			threshold.MaxPendingRequests = response.MakeUint32Value(limit)
 		case "max_requests":
-			threshold.MaxRequests = makeUint32Value(limit)
+			threshold.MaxRequests = response.MakeUint32Value(limit)
 		}
 	}
 
@@ -1103,7 +1104,7 @@ func (s *ResourceGenerator) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, nam
 		c.CircuitBreakers = &envoy_cluster_v3.CircuitBreakers{
 			Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{
 				{
-					MaxConnections: makeUint32Value(cfg.MaxInboundConnections),
+					MaxConnections: response.MakeUint32Value(cfg.MaxInboundConnections),
 				},
 			},
 		}
@@ -1708,13 +1709,13 @@ func (s *ResourceGenerator) makeGatewayCluster(snap *proxycfg.ConfigSnapshot, op
 			TcpKeepalive: &envoy_core_v3.TcpKeepalive{},
 		}
 		if cfg.TcpKeepaliveTime != 0 {
-			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveTime = makeUint32Value(cfg.TcpKeepaliveTime)
+			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveTime = response.MakeUint32Value(cfg.TcpKeepaliveTime)
 		}
 		if cfg.TcpKeepaliveInterval != 0 {
-			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveInterval = makeUint32Value(cfg.TcpKeepaliveInterval)
+			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveInterval = response.MakeUint32Value(cfg.TcpKeepaliveInterval)
 		}
 		if cfg.TcpKeepaliveProbes != 0 {
-			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveProbes = makeUint32Value(cfg.TcpKeepaliveProbes)
+			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveProbes = response.MakeUint32Value(cfg.TcpKeepaliveProbes)
 		}
 	}
 
@@ -1884,7 +1885,7 @@ func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSna
 	endpoints := make([]*envoy_endpoint_v3.LbEndpoint, 0, len(opts.addresses))
 
 	for _, pair := range opts.addresses {
-		address := makeAddress(pair.Address, pair.Port)
+		address := response.MakeAddress(pair.Address, pair.Port)
 
 		endpoint := &envoy_endpoint_v3.LbEndpoint{
 			HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
@@ -1917,13 +1918,13 @@ func makeThresholdsIfNeeded(limits *structs.UpstreamLimits) []*envoy_cluster_v3.
 	// Likewise, make sure to not set any threshold values on the zero-value in
 	// order to rely on Envoy defaults
 	if limits.MaxConnections != nil {
-		threshold.MaxConnections = makeUint32Value(*limits.MaxConnections)
+		threshold.MaxConnections = response.MakeUint32Value(*limits.MaxConnections)
 	}
 	if limits.MaxPendingRequests != nil {
-		threshold.MaxPendingRequests = makeUint32Value(*limits.MaxPendingRequests)
+		threshold.MaxPendingRequests = response.MakeUint32Value(*limits.MaxPendingRequests)
 	}
 	if limits.MaxConcurrentRequests != nil {
-		threshold.MaxRequests = makeUint32Value(*limits.MaxConcurrentRequests)
+		threshold.MaxRequests = response.MakeUint32Value(*limits.MaxConcurrentRequests)
 	}
 
 	return []*envoy_cluster_v3.CircuitBreakers_Thresholds{threshold}
@@ -1946,7 +1947,7 @@ func makeLbEndpoint(addr string, port int, health envoy_core_v3.HealthStatus, we
 			},
 		},
 		HealthStatus:        health,
-		LoadBalancingWeight: makeUint32Value(weight),
+		LoadBalancingWeight: response.MakeUint32Value(weight),
 	}
 }
 
diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
index 32723bf48143..2651d77c2844 100644
--- a/agent/xds/clusters_test.go
+++ b/agent/xds/clusters_test.go
@@ -20,16 +20,28 @@ import (
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/proxystateconverter"
+	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/agent/xds/testcommon"
+	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/types"
 )
 
+type mockCfgFetcher struct {
+	addressLan string
+}
+
+func (s *mockCfgFetcher) AdvertiseAddrLAN() string {
+	return s.addressLan
+}
+
 type clusterTestCase struct {
 	name               string
 	create             func(t testinf.T) *proxycfg.ConfigSnapshot
 	overrideGoldenName string
+	alsoRunTestForV2   bool
 }
 
 func uint32ptr(i uint32) *uint32 {
@@ -52,12 +64,15 @@ func makeClusterDiscoChainTests(enterprise bool) []clusterTestCase {
 						})
 				}, nil)
 			},
+			// TODO(proxystate): requires custom cluster work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-chain",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-http2",
@@ -66,84 +81,111 @@ func makeClusterDiscoChainTests(enterprise bool) []clusterTestCase {
 					ns.Proxy.Upstreams[0].Config["protocol"] = "http2"
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-external-sni",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
 			},
+			//TODO(proxystate): this requires terminating gateway work
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-overrides",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-chain-and-failover",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway-triggered", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway-triggered", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway-triggered", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway-triggered", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "splitter-with-resolver-redirect",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-lb-in-resolver",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 	}
 }
@@ -175,6 +217,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-outgoing-min-version",
@@ -194,6 +237,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-outgoing-max-version",
@@ -213,6 +257,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-outgoing-cipher-suites",
@@ -235,6 +280,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-jwt-config-entry-with-local",
@@ -258,6 +304,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			// TODO(proxystate): jwt work will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-jwt-config-entry-with-remote-jwks",
@@ -292,6 +340,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			// TODO(proxystate): jwt work will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "custom-local-app",
@@ -303,6 +353,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 						})
 				}, nil)
 			},
+			// TODO(proxystate): requires custom cluster work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "custom-upstream",
@@ -314,6 +366,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 						})
 				}, nil)
 			},
+			// TODO(proxystate): requires custom cluster work
+			alsoRunTestForV2: false,
 		},
 		{
 			name:               "custom-upstream-ignores-tls",
@@ -328,6 +382,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 						})
 				}, nil)
 			},
+			// TODO(proxystate): requires custom cluster work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "custom-upstream-with-prepared-query",
@@ -364,6 +420,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				}, nil)
 			},
+			// TODO(proxystate): requires custom cluster work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "custom-timeouts",
@@ -373,6 +431,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 					ns.Proxy.Upstreams[0].Config["connect_timeout_ms"] = 2345
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-passive-healthcheck",
@@ -387,6 +446,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-passive-healthcheck-zero-consecutive_5xx",
@@ -401,6 +461,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-max-inbound-connections",
@@ -409,6 +470,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["max_inbound_connections"] = 3456
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-limits-max-connections-only",
@@ -429,6 +491,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-limits-set-to-zero",
@@ -447,6 +510,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-limits",
@@ -465,12 +529,14 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "expose-paths-local-app-paths",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotExposeConfig(t, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "downstream-service-with-unix-sockets",
@@ -483,6 +549,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 					ns.Proxy.LocalServiceSocketPath = "/tmp/downstream_proxy.sock"
 				}, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "expose-paths-new-cluster-http2",
@@ -496,68 +563,89 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				})
 			},
+			alsoRunTestForV2: true,
 		},
 		{
-			name:   "expose-checks",
-			create: proxycfg.TestConfigSnapshotExposeChecks,
+			name:             "expose-checks",
+			create:           proxycfg.TestConfigSnapshotExposeChecks,
+			alsoRunTestForV2: true,
 		},
 		{
-			name:   "expose-paths-grpc-new-cluster-http1",
-			create: proxycfg.TestConfigSnapshotGRPCExposeHTTP1,
+			name:             "expose-paths-grpc-new-cluster-http1",
+			create:           proxycfg.TestConfigSnapshotGRPCExposeHTTP1,
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "mesh-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "default", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-using-federation-states",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-using-federation-control-plane",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-no-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-service-subsets",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "service-subsets", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-ignore-extra-resolvers",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "ignore-extra-resolvers", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-service-timeouts",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "service-timeouts", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-non-hash-lb-injected",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "non-hash-lb-injected", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-hash-lb-ignored",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "hash-lb-ignored", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-tcp-keepalives",
@@ -569,6 +657,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_probes"] = 7
 				}, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway",
@@ -576,12 +666,16 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"default", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-nil-config-entry",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-with-tls-outgoing-min-version",
@@ -601,6 +695,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-with-tls-outgoing-max-version",
@@ -620,6 +716,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-with-tls-outgoing-cipher-suites",
@@ -642,6 +740,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-no-services",
@@ -649,6 +749,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp",
 					"default", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain",
@@ -656,6 +758,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"simple", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-service-max-connections",
@@ -666,6 +770,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 						entry.Listeners[0].Services[0].MaxConnections = 4096
 					}, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-defaults-service-max-connections",
@@ -680,6 +786,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 						}
 					}, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-overwrite-defaults-service-max-connections",
@@ -695,6 +803,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 						entry.Listeners[0].Services[0].MaxPendingRequests = 2048
 					}, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-service-passive-health-check",
@@ -710,6 +820,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 						}
 					}, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-defaults-passive-health-check",
@@ -731,6 +843,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 						}
 					}, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-overwrite-defaults-passive-health-check",
@@ -759,6 +873,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 						}
 					}, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-external-sni",
@@ -766,6 +882,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"external-sni", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-failover",
@@ -773,6 +891,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-failover-to-cluster-peer",
@@ -780,6 +900,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-to-cluster-peer", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-remote-gateway",
@@ -787,6 +909,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-remote-gateway", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-remote-gateway-triggered",
@@ -794,6 +918,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-remote-gateway-triggered", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-remote-gateway",
@@ -801,6 +927,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-remote-gateway", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered",
@@ -808,6 +936,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-remote-gateway-triggered", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-local-gateway",
@@ -815,6 +945,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-local-gateway", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-local-gateway-triggered",
@@ -822,6 +954,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-local-gateway-triggered", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-local-gateway",
@@ -829,6 +963,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-local-gateway", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-local-gateway-triggered",
@@ -836,6 +972,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-local-gateway-triggered", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-splitter-with-resolver-redirect",
@@ -843,6 +981,8 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"splitter-with-resolver-redirect-multidc", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-lb-in-resolver",
@@ -850,46 +990,66 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"lb-resolver", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "terminating-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, nil)
 			},
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "terminating-gateway-no-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotTerminatingGateway(t, false, nil, nil)
 			},
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-service-subsets",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayServiceSubsetsWebAndCache,
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-hostname-service-subsets",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayHostnameSubsets,
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-sni",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewaySNI,
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-http2-upstream",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayHTTP2,
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-http2-upstream-subsets",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewaySubsetsHTTP2,
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-ignore-extra-resolvers",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers,
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-lb-config",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayLBConfigNoHashPolicies,
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "terminating-gateway-tcp-keepalives",
@@ -904,18 +1064,24 @@ func TestClustersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_probes"] = 5
 				}, nil)
 			},
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "ingress-multiple-listeners-duplicate-service",
 			create: proxycfg.TestConfigSnapshotIngress_MultipleListenersDuplicateService,
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
-			name:   "transparent-proxy-catalog-destinations-only",
-			create: proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly,
+			name:             "transparent-proxy-catalog-destinations-only",
+			create:           proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly,
+			alsoRunTestForV2: true,
 		},
 		{
-			name:   "transparent-proxy-dial-instances-directly",
-			create: proxycfg.TestConfigSnapshotTransparentProxyDialDirectly,
+			name:             "transparent-proxy-dial-instances-directly",
+			create:           proxycfg.TestConfigSnapshotTransparentProxyDialDirectly,
+			alsoRunTestForV2: true,
 		},
 	}
 
@@ -947,10 +1113,10 @@ func TestClustersFromSnapshot(t *testing.T) {
 						return clusters[i].(*envoy_cluster_v3.Cluster).Name < clusters[j].(*envoy_cluster_v3.Cluster).Name
 					})
 
-					r, err := createResponse(xdscommon.ClusterType, "00000001", "00000001", clusters)
+					r, err := response.CreateResponse(xdscommon.ClusterType, "00000001", "00000001", clusters)
 					require.NoError(t, err)
 
-					t.Run("current", func(t *testing.T) {
+					t.Run("current-xdsv1", func(t *testing.T) {
 						gotJSON := protoToJSON(t, r)
 
 						gName := tt.name
@@ -960,6 +1126,39 @@ func TestClustersFromSnapshot(t *testing.T) {
 
 						require.JSONEq(t, goldenEnvoy(t, filepath.Join("clusters", gName), envoyVersion, latestEnvoyVersion, gotJSON), gotJSON)
 					})
+
+					if tt.alsoRunTestForV2 {
+						generator := xdsv2.NewResourceGenerator(testutil.Logger(t))
+
+						converter := proxystateconverter.NewConverter(testutil.Logger(t), &mockCfgFetcher{addressLan: "10.10.10.10"})
+						proxyState, err := converter.ProxyStateFromSnapshot(snap)
+						require.NoError(t, err)
+
+						res, err := generator.AllResourcesFromIR(proxyState)
+						require.NoError(t, err)
+
+						clusters = res[xdscommon.ClusterType]
+						// The order of clusters returned via CDS isn't relevant, so it's safe
+						// to sort these for the purposes of test comparisons.
+						sort.Slice(clusters, func(i, j int) bool {
+							return clusters[i].(*envoy_cluster_v3.Cluster).Name < clusters[j].(*envoy_cluster_v3.Cluster).Name
+						})
+
+						r, err := response.CreateResponse(xdscommon.ClusterType, "00000001", "00000001", clusters)
+						require.NoError(t, err)
+
+						t.Run("current-xdsv2", func(t *testing.T) {
+							gotJSON := protoToJSON(t, r)
+
+							gName := tt.name
+							if tt.overrideGoldenName != "" {
+								gName = tt.overrideGoldenName
+							}
+
+							expectedJSON := goldenEnvoy(t, filepath.Join("clusters", gName), envoyVersion, latestEnvoyVersion, gotJSON)
+							require.JSONEq(t, expectedJSON, gotJSON)
+						})
+					}
 				})
 			}
 		})
diff --git a/agent/xds/delta_envoy_extender_oss_test.go b/agent/xds/delta_envoy_extender_oss_test.go
index 5f4b563b5992..0607919ef5a5 100644
--- a/agent/xds/delta_envoy_extender_oss_test.go
+++ b/agent/xds/delta_envoy_extender_oss_test.go
@@ -21,12 +21,12 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/proto"
 
-	"github.com/hashicorp/consul/agent/xds/testcommon"
-
 	propertyoverride "github.com/hashicorp/consul/agent/envoyextensions/builtin/property-override"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/extensionruntime"
+	"github.com/hashicorp/consul/agent/xds/response"
+	"github.com/hashicorp/consul/agent/xds/testcommon"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
@@ -803,7 +803,7 @@ end`,
 						}
 
 						sort.Slice(msgs, entity.sorter(msgs))
-						r, err := createResponse(entity.key, "00000001", "00000001", msgs)
+						r, err := response.CreateResponse(entity.key, "00000001", "00000001", msgs)
 						require.NoError(t, err)
 
 						t.Run(entity.name, func(t *testing.T) {
diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go
index 8903ba3e7cc6..a2c36f06bdc2 100644
--- a/agent/xds/endpoints.go
+++ b/agent/xds/endpoints.go
@@ -6,21 +6,22 @@ package xds
 import (
 	"errors"
 	"fmt"
-	"github.com/hashicorp/go-hclog"
 	"strconv"
 
+	"github.com/hashicorp/go-hclog"
+
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 	"github.com/hashicorp/go-bexpr"
 	"google.golang.org/protobuf/proto"
 
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 )
 
 const (
@@ -278,7 +279,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 			lbEndpoint := &envoy_endpoint_v3.LbEndpoint{
 				HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 					Endpoint: &envoy_endpoint_v3.Endpoint{
-						Address: makeAddress(addr, port),
+						Address: response.MakeAddress(addr, port),
 					},
 				},
 				HealthStatus: envoy_core_v3.HealthStatus_UNKNOWN,
@@ -335,7 +336,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 			serverEndpoints = append(serverEndpoints, &envoy_endpoint_v3.LbEndpoint{
 				HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 					Endpoint: &envoy_endpoint_v3.Endpoint{
-						Address: makeAddress(addr, port),
+						Address: response.MakeAddress(addr, port),
 					},
 				},
 			})
@@ -584,7 +585,7 @@ func makeEndpoint(host string, port int) *envoy_endpoint_v3.LbEndpoint {
 	return &envoy_endpoint_v3.LbEndpoint{
 		HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 			Endpoint: &envoy_endpoint_v3.Endpoint{
-				Address: makeAddress(host, port),
+				Address: response.MakeAddress(host, port),
 			},
 		},
 	}
@@ -594,7 +595,7 @@ func makePipeEndpoint(path string) *envoy_endpoint_v3.LbEndpoint {
 	return &envoy_endpoint_v3.LbEndpoint{
 		HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 			Endpoint: &envoy_endpoint_v3.Endpoint{
-				Address: makePipeAddress(path, 0),
+				Address: response.MakePipeAddress(path, 0),
 			},
 		},
 	}
@@ -881,7 +882,7 @@ func makeLoadAssignment(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot, c
 		cla.Policy = &envoy_endpoint_v3.ClusterLoadAssignment_Policy{
 			// We choose such a large value here that the failover math should
 			// in effect not happen until zero instances are healthy.
-			OverprovisioningFactor: makeUint32Value(100000),
+			OverprovisioningFactor: response.MakeUint32Value(100000),
 		}
 	}
 
@@ -907,14 +908,14 @@ func makeLoadAssignment(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot, c
 				}
 
 				endpoint := &envoy_endpoint_v3.Endpoint{
-					Address: makeAddress(addr, port),
+					Address: response.MakeAddress(addr, port),
 				}
 				es = append(es, &envoy_endpoint_v3.LbEndpoint{
 					HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 						Endpoint: endpoint,
 					},
 					HealthStatus:        healthStatus,
-					LoadBalancingWeight: makeUint32Value(weight),
+					LoadBalancingWeight: response.MakeUint32Value(weight),
 				})
 			}
 
diff --git a/agent/xds/endpoints_test.go b/agent/xds/endpoints_test.go
index a4757f00c534..3156685934d5 100644
--- a/agent/xds/endpoints_test.go
+++ b/agent/xds/endpoints_test.go
@@ -4,11 +4,12 @@
 package xds
 
 import (
-	"github.com/hashicorp/go-hclog"
 	"path/filepath"
 	"sort"
 	"testing"
 
+	"github.com/hashicorp/go-hclog"
+
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 
@@ -20,6 +21,7 @@ import (
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
@@ -133,18 +135,18 @@ func Test_makeLoadAssignment(t *testing.T) {
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: makeAddress("10.10.10.10", 1234),
+									Address: response.MakeAddress("10.10.10.10", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_HEALTHY,
-							LoadBalancingWeight: makeUint32Value(1),
+							LoadBalancingWeight: response.MakeUint32Value(1),
 						},
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: makeAddress("10.10.10.20", 1234),
+									Address: response.MakeAddress("10.10.10.20", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_HEALTHY,
-							LoadBalancingWeight: makeUint32Value(1),
+							LoadBalancingWeight: response.MakeUint32Value(1),
 						},
 					},
 				}},
@@ -163,18 +165,18 @@ func Test_makeLoadAssignment(t *testing.T) {
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: makeAddress("10.10.10.10", 1234),
+									Address: response.MakeAddress("10.10.10.10", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_HEALTHY,
-							LoadBalancingWeight: makeUint32Value(10),
+							LoadBalancingWeight: response.MakeUint32Value(10),
 						},
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: makeAddress("10.10.10.20", 1234),
+									Address: response.MakeAddress("10.10.10.20", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_HEALTHY,
-							LoadBalancingWeight: makeUint32Value(5),
+							LoadBalancingWeight: response.MakeUint32Value(5),
 						},
 					},
 				}},
@@ -193,18 +195,18 @@ func Test_makeLoadAssignment(t *testing.T) {
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: makeAddress("10.10.10.10", 1234),
+									Address: response.MakeAddress("10.10.10.10", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_HEALTHY,
-							LoadBalancingWeight: makeUint32Value(1),
+							LoadBalancingWeight: response.MakeUint32Value(1),
 						},
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: makeAddress("10.10.10.20", 1234),
+									Address: response.MakeAddress("10.10.10.20", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_UNHEALTHY,
-							LoadBalancingWeight: makeUint32Value(1),
+							LoadBalancingWeight: response.MakeUint32Value(1),
 						},
 					},
 				}},
@@ -559,7 +561,7 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 					sort.Slice(endpoints, func(i, j int) bool {
 						return endpoints[i].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName < endpoints[j].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName
 					})
-					r, err := createResponse(xdscommon.EndpointType, "00000001", "00000001", endpoints)
+					r, err := response.CreateResponse(xdscommon.EndpointType, "00000001", "00000001", endpoints)
 					require.NoError(t, err)
 
 					t.Run("current", func(t *testing.T) {
diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go
index 68c7ebdfadab..846cbf6d536f 100644
--- a/agent/xds/listeners.go
+++ b/agent/xds/listeners.go
@@ -45,6 +45,7 @@ import (
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/accesslogs"
+	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/lib/stringslice"
@@ -936,7 +937,7 @@ func makeListenerWithDefault(opts makeListenerOpts) *envoy_listener_v3.Listener
 	return &envoy_listener_v3.Listener{
 		Name:             fmt.Sprintf("%s:%s:%d", opts.name, opts.addr, opts.port),
 		AccessLog:        accessLog,
-		Address:          makeAddress(opts.addr, opts.port),
+		Address:          response.MakeAddress(opts.addr, opts.port),
 		TrafficDirection: opts.direction,
 	}
 }
@@ -955,7 +956,7 @@ func makePipeListener(opts makeListenerOpts) *envoy_listener_v3.Listener {
 	return &envoy_listener_v3.Listener{
 		Name:             fmt.Sprintf("%s:%s", opts.name, opts.path),
 		AccessLog:        accessLog,
-		Address:          makePipeAddress(opts.path, uint32(modeInt)),
+		Address:          response.MakePipeAddress(opts.path, uint32(modeInt)),
 		TrafficDirection: opts.direction,
 	}
 }
@@ -2592,7 +2593,7 @@ func makeHTTPFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error)
 			"envoy.filters.http.grpc_stats",
 			&envoy_grpc_stats_v3.FilterConfig{
 				PerMethodStatSpecifier: &envoy_grpc_stats_v3.FilterConfig_StatsForAllMethods{
-					StatsForAllMethods: makeBoolValue(true),
+					StatsForAllMethods: response.MakeBoolValue(true),
 				},
 			},
 		)
diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go
index b5d6c66f0008..130f2234517e 100644
--- a/agent/xds/listeners_test.go
+++ b/agent/xds/listeners_test.go
@@ -21,6 +21,7 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/configfetcher"
 	"github.com/hashicorp/consul/agent/xds/proxystateconverter"
+	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/agent/xds/testcommon"
 	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
@@ -1301,24 +1302,24 @@ func TestListenersFromSnapshot(t *testing.T) {
 
 					var listeners []proto.Message
 
-					t.Run("current-xdsv1", func(t *testing.T) {
-						// Need server just for logger dependency
-						g := NewResourceGenerator(testutil.Logger(t), nil, false)
-						g.ProxyFeatures = sf
-						if tt.generatorSetup != nil {
-							tt.generatorSetup(g)
-						}
-						listeners, err = g.listenersFromSnapshot(snap)
-						require.NoError(t, err)
-						// The order of listeners returned via LDS isn't relevant, so it's safe
-						// to sort these for the purposes of test comparisons.
-						sort.Slice(listeners, func(i, j int) bool {
-							return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name
-						})
+					// Need server just for logger dependency
+					g := NewResourceGenerator(testutil.Logger(t), nil, false)
+					g.ProxyFeatures = sf
+					if tt.generatorSetup != nil {
+						tt.generatorSetup(g)
+					}
+					listeners, err = g.listenersFromSnapshot(snap)
+					require.NoError(t, err)
+					// The order of listeners returned via LDS isn't relevant, so it's safe
+					// to sort these for the purposes of test comparisons.
+					sort.Slice(listeners, func(i, j int) bool {
+						return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name
+					})
 
-						r, err := createResponse(xdscommon.ListenerType, "00000001", "00000001", listeners)
-						require.NoError(t, err)
+					r, err := response.CreateResponse(xdscommon.ListenerType, "00000001", "00000001", listeners)
+					require.NoError(t, err)
 
+					t.Run("current-xdsv1", func(t *testing.T) {
 						gotJSON := protoToJSON(t, r)
 
 						gName := tt.name
@@ -1331,25 +1332,25 @@ func TestListenersFromSnapshot(t *testing.T) {
 					})
 
 					if tt.alsoRunTestForV2 {
-						t.Run("current-xdsv2", func(t *testing.T) {
-							generator := xdsv2.NewResourceGenerator(testutil.Logger(t))
-							converter := proxystateconverter.NewConverter(testutil.Logger(t), nil)
-							proxyState, err := converter.ProxyStateFromSnapshot(snap)
-							require.NoError(t, err)
+						generator := xdsv2.NewResourceGenerator(testutil.Logger(t))
+						converter := proxystateconverter.NewConverter(testutil.Logger(t), nil)
+						proxyState, err := converter.ProxyStateFromSnapshot(snap)
+						require.NoError(t, err)
 
-							res, err := generator.AllResourcesFromIR(proxyState)
-							require.NoError(t, err)
+						res, err := generator.AllResourcesFromIR(proxyState)
+						require.NoError(t, err)
 
-							listeners = res[xdscommon.ListenerType]
-							// The order of listeners returned via LDS isn't relevant, so it's safe
-							// to sort these for the purposes of test comparisons.
-							sort.Slice(listeners, func(i, j int) bool {
-								return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name
-							})
+						listeners = res[xdscommon.ListenerType]
+						// The order of listeners returned via LDS isn't relevant, so it's safe
+						// to sort these for the purposes of test comparisons.
+						sort.Slice(listeners, func(i, j int) bool {
+							return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name
+						})
 
-							r, err := createResponse(xdscommon.ListenerType, "00000001", "00000001", listeners)
-							require.NoError(t, err)
+						r, err := response.CreateResponse(xdscommon.ListenerType, "00000001", "00000001", listeners)
+						require.NoError(t, err)
 
+						t.Run("current-xdsv2", func(t *testing.T) {
 							gotJSON := protoToJSON(t, r)
 
 							gName := tt.name
diff --git a/agent/xds/proxystateconverter/clusters.go b/agent/xds/proxystateconverter/clusters.go
index b5f10bf32e03..2a43d6eb049c 100644
--- a/agent/xds/proxystateconverter/clusters.go
+++ b/agent/xds/proxystateconverter/clusters.go
@@ -1,16 +1,28 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxystateconverter
 
 import (
+	"errors"
 	"fmt"
+	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/go-uuid"
 	"strings"
+	"time"
+
+	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
 
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/config"
 	"github.com/hashicorp/consul/agent/xds/naming"
+	"github.com/hashicorp/consul/agent/xds/response"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 )
 
@@ -18,15 +30,333 @@ const (
 	meshGatewayExportedClusterNamePrefix = "exported~"
 )
 
+type namedCluster struct {
+	name    string
+	cluster *pbproxystate.Cluster
+}
+
+// clustersFromSnapshot returns the xDS API representation of the "clusters" in the snapshot.
+func (s *Converter) clustersFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
+	if cfgSnap == nil {
+		return errors.New("nil config given")
+	}
+
+	switch cfgSnap.Kind {
+	case structs.ServiceKindConnectProxy:
+		return s.clustersFromSnapshotConnectProxy(cfgSnap)
+	// TODO(proxystate): Terminating Gateways will be added in the future.
+	//case structs.ServiceKindTerminatingGateway:
+	//	err := s.clustersFromSnapshotTerminatingGateway(cfgSnap)
+	//	if err != nil {
+	//		return err
+	//	}
+	//	return nil
+	// TODO(proxystate): Mesh Gateways will be added in the future.
+	//case structs.ServiceKindMeshGateway:
+	//	err := s.clustersFromSnapshotMeshGateway(cfgSnap)
+	//	if err != nil {
+	//		return err
+	//	}
+	//	return nil
+	// TODO(proxystate): Ingress Gateways will be added in the future.
+	//case structs.ServiceKindIngressGateway:
+	//	err := s.clustersFromSnapshotIngressGateway(cfgSnap)
+	//	if err != nil {
+	//		return err
+	//	}
+	//	return nil
+	// TODO(proxystate): API Gateways will be added in the future.
+	//case structs.ServiceKindAPIGateway:
+	//	res, err := s.clustersFromSnapshotAPIGateway(cfgSnap)
+	//	if err != nil {
+	//		return err
+	//	}
+	//	return nil
+	default:
+		return fmt.Errorf("Invalid service kind: %v", cfgSnap.Kind)
+	}
+}
+
+// clustersFromSnapshot returns the xDS API representation of the "clusters"
+// (upstreams) in the snapshot.
+func (s *Converter) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) error {
+	// This is the list of listeners we add to. It will be empty to start.
+	clusters := s.proxyState.Clusters
+	var err error
+
+	// Include the "app" cluster for the public listener
+	appCluster, err := s.makeAppCluster(cfgSnap, xdscommon.LocalAppClusterName, "", cfgSnap.Proxy.LocalServicePort)
+	if err != nil {
+		return err
+	}
+	clusters[appCluster.name] = appCluster.cluster
+
+	if cfgSnap.Proxy.Mode == structs.ProxyModeTransparent {
+		passthroughs, err := s.makePassthroughClusters(cfgSnap)
+		if err != nil {
+			return fmt.Errorf("failed to make passthrough clusters for transparent proxy: %v", err)
+		}
+		for clusterName, cluster := range passthroughs {
+			clusters[clusterName] = cluster
+		}
+	}
+
+	// NOTE: Any time we skip a chain below we MUST also skip that discovery chain in endpoints.go
+	// so that the sets of endpoints generated matches the sets of clusters.
+	for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
+		upstream, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
+		if skip {
+			continue
+		}
+
+		upstreamClusters, err := s.makeUpstreamClustersForDiscoveryChain(
+			uid,
+			upstream,
+			chain,
+			cfgSnap,
+			false,
+		)
+		if err != nil {
+			return err
+		}
+
+		for name, cluster := range upstreamClusters {
+			clusters[name] = cluster
+		}
+	}
+
+	// TODO(proxystate): peering will be added in the future.
+	//// NOTE: Any time we skip an upstream below we MUST also skip that same
+	//// upstream in endpoints.go so that the sets of endpoints generated matches
+	//// the sets of clusters.
+	//for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() {
+	//	upstream, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
+	//	if skip {
+	//		continue
+	//	}
+	//
+	//	peerMeta, found := cfgSnap.ConnectProxy.UpstreamPeerMeta(uid)
+	//	if !found {
+	//		s.Logger.Warn("failed to fetch upstream peering metadata for cluster", "uid", uid)
+	//	}
+	//	cfg := s.getAndModifyUpstreamConfigForPeeredListener(uid, upstream, peerMeta)
+	//
+	//	upstreamCluster, err := s.makeUpstreamClusterForPeerService(uid, cfg, peerMeta, cfgSnap)
+	//	if err != nil {
+	//		return nil, err
+	//	}
+	//	clusters = append(clusters, upstreamCluster)
+	//}
+
+	// TODO(proxystate): L7 Intentions and JWT Auth will be added in the future.
+	//// add clusters for jwt-providers
+	//for _, prov := range cfgSnap.JWTProviders {
+	//	//skip cluster creation for local providers
+	//	if prov.JSONWebKeySet == nil || prov.JSONWebKeySet.Remote == nil {
+	//		continue
+	//	}
+	//
+	//	cluster, err := makeJWTProviderCluster(prov)
+	//	if err != nil {
+	//		s.Logger.Warn("failed to make jwt-provider cluster", "provider name", prov.Name, "error", err)
+	//		continue
+	//	}
+	//
+	//	clusters[cluster.GetName()] = cluster
+	//}
+
+	for _, u := range cfgSnap.Proxy.Upstreams {
+		if u.DestinationType != structs.UpstreamDestTypePreparedQuery {
+			continue
+		}
+
+		upstreamCluster, err := s.makeUpstreamClusterForPreparedQuery(u, cfgSnap)
+		if err != nil {
+			return err
+		}
+		clusters[upstreamCluster.name] = upstreamCluster.cluster
+	}
+
+	cfgSnap.Proxy.Expose.Finalize()
+	paths := cfgSnap.Proxy.Expose.Paths
+
+	// Add service health checks to the list of paths to create clusters for if needed
+	if cfgSnap.Proxy.Expose.Checks {
+		psid := structs.NewServiceID(cfgSnap.Proxy.DestinationServiceID, &cfgSnap.ProxyID.EnterpriseMeta)
+		for _, check := range cfgSnap.ConnectProxy.WatchedServiceChecks[psid] {
+			p, err := parseCheckPath(check)
+			if err != nil {
+				s.Logger.Warn("failed to create cluster for", "check", check.CheckID, "error", err)
+				continue
+			}
+			paths = append(paths, p)
+		}
+	}
+
+	// Create a new cluster if we need to expose a port that is different from the service port
+	for _, path := range paths {
+		if path.LocalPathPort == cfgSnap.Proxy.LocalServicePort {
+			continue
+		}
+		c, err := s.makeAppCluster(cfgSnap, makeExposeClusterName(path.LocalPathPort), path.Protocol, path.LocalPathPort)
+		if err != nil {
+			s.Logger.Warn("failed to make local cluster", "path", path.Path, "error", err)
+			continue
+		}
+		clusters[c.name] = c.cluster
+	}
+
+	return nil
+}
+
+// TODO(proxystate): L7 Intentions and JWT Auth will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func makeJWTProviderCluster
+// func makeJWKSDiscoveryClusterType
+// func makeJWTCertValidationContext
+// func parseJWTRemoteURL
+
 func makeExposeClusterName(destinationPort int) string {
 	return fmt.Sprintf("exposed_cluster_%d", destinationPort)
 }
 
-func clusterNameForDestination(cfgSnap *proxycfg.ConfigSnapshot, name string, address string, namespace string, partition string) string {
+// In transparent proxy mode there are potentially multiple passthrough clusters added.
+// The first is for destinations outside of Consul's catalog. This is for a plain TCP proxy.
+// All of these use Envoy's ORIGINAL_DST listener filter, which forwards to the original
+// destination address (before the iptables redirection).
+// The rest are for destinations inside the mesh, which require certificates for mTLS.
+func (s *Converter) makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) (map[string]*pbproxystate.Cluster, error) {
+	// This size is an upper bound.
+	clusters := make(map[string]*pbproxystate.Cluster, 0)
+	if meshConf := cfgSnap.MeshConfig(); meshConf == nil ||
+		!meshConf.TransparentProxy.MeshDestinationsOnly {
+
+		clusters[naming.OriginalDestinationClusterName] = &pbproxystate.Cluster{
+			Group: &pbproxystate.Cluster_EndpointGroup{
+				EndpointGroup: &pbproxystate.EndpointGroup{
+					Group: &pbproxystate.EndpointGroup_Passthrough{
+						Passthrough: &pbproxystate.PassthroughEndpointGroup{
+							Config: &pbproxystate.PassthroughEndpointGroupConfig{
+								ConnectTimeout: durationpb.New(5 * time.Second),
+							},
+						},
+					},
+				},
+			},
+		}
+	}
+
+	for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
+		targetMap, ok := cfgSnap.ConnectProxy.PassthroughUpstreams[uid]
+		if !ok {
+			continue
+		}
+
+		for targetID := range targetMap {
+			uid := proxycfg.NewUpstreamIDFromTargetID(targetID)
+
+			sni := connect.ServiceSNI(
+				uid.Name, "", uid.NamespaceOrDefault(),
+				uid.PartitionOrDefault(), cfgSnap.Datacenter,
+				cfgSnap.Roots.TrustDomain)
+
+			// Prefixed with passthrough to distinguish from non-passthrough clusters for the same upstream.
+			name := "passthrough~" + sni
+
+			c := pbproxystate.Cluster{
+				Group: &pbproxystate.Cluster_EndpointGroup{
+					EndpointGroup: &pbproxystate.EndpointGroup{
+						Group: &pbproxystate.EndpointGroup_Passthrough{
+							Passthrough: &pbproxystate.PassthroughEndpointGroup{
+								Config: &pbproxystate.PassthroughEndpointGroupConfig{
+									ConnectTimeout: durationpb.New(5 * time.Second),
+								},
+							},
+						},
+					},
+				},
+			}
+
+			if discoTarget, ok := chain.Targets[targetID]; ok && discoTarget.ConnectTimeout > 0 {
+				c.GetEndpointGroup().GetPassthrough().GetConfig().
+					ConnectTimeout = durationpb.New(discoTarget.ConnectTimeout)
+			}
+
+			transportSocket, err := s.createOutboundMeshMTLS(cfgSnap, []string{getSpiffeID(cfgSnap, uid)}, sni)
+			if err != nil {
+				return nil, err
+			}
+			c.GetEndpointGroup().GetPassthrough().OutboundTls = transportSocket
+
+			clusters[name] = &c
+		}
+	}
+
+	err := cfgSnap.ConnectProxy.DestinationsUpstream.ForEachKeyE(func(uid proxycfg.UpstreamID) error {
+		svcConfig, ok := cfgSnap.ConnectProxy.DestinationsUpstream.Get(uid)
+		if !ok || svcConfig.Destination == nil {
+			return nil
+		}
+
+		// One Cluster per Destination Address
+		for _, address := range svcConfig.Destination.Addresses {
+			name := clusterNameForDestination(cfgSnap, uid.Name, address, uid.NamespaceOrDefault(), uid.PartitionOrDefault())
+
+			c := &pbproxystate.Cluster{
+				AltStatName: name,
+				Group: &pbproxystate.Cluster_EndpointGroup{
+					EndpointGroup: &pbproxystate.EndpointGroup{
+						Group: &pbproxystate.EndpointGroup_Dynamic{
+							Dynamic: &pbproxystate.DynamicEndpointGroup{
+								Config: &pbproxystate.DynamicEndpointGroupConfig{
+									ConnectTimeout: durationpb.New(5 * time.Second),
+									// Endpoints are managed separately by EDS
+									// Having an empty config enables outlier detection with default config.
+									OutlierDetection: &pbproxystate.OutlierDetection{},
+								},
+							},
+						},
+					},
+				},
+			}
+			sni := connect.ServiceSNI(
+				uid.Name, "", uid.NamespaceOrDefault(),
+				uid.PartitionOrDefault(), cfgSnap.Datacenter,
+				cfgSnap.Roots.TrustDomain)
+			transportSocket, err := s.createOutboundMeshMTLS(cfgSnap, []string{getSpiffeID(cfgSnap, uid)}, sni)
+			if err != nil {
+				return err
+			}
+			c.GetEndpointGroup().GetDynamic().OutboundTls = transportSocket
+			clusters[name] = c
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return clusters, nil
+}
+
+func getSpiffeID(cfgSnap *proxycfg.ConfigSnapshot, uid proxycfg.UpstreamID) string {
+	spiffeIDService := &connect.SpiffeIDService{
+		Host:       cfgSnap.Roots.TrustDomain,
+		Partition:  uid.PartitionOrDefault(),
+		Namespace:  uid.NamespaceOrDefault(),
+		Datacenter: cfgSnap.Datacenter,
+		Service:    uid.Name,
+	}
+	return spiffeIDService.URI().String()
+}
+func clusterNameForDestination(cfgSnap *proxycfg.ConfigSnapshot, name string,
+	address string, namespace string, partition string) string {
 	name = destinationSpecificServiceName(name, address)
-	sni := connect.ServiceSNI(name, "", namespace, partition, cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
+	sni := connect.ServiceSNI(name, "", namespace, partition,
+		cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
 
-	// Prefixed with destination to distinguish from non-passthrough clusters for the same upstream.
+	// Prefixed with destination to distinguish from non-passthrough clusters
+	// for the same upstream.
 	return "destination." + sni
 }
 
@@ -36,6 +366,785 @@ func destinationSpecificServiceName(name string, address string) string {
 	return fmt.Sprintf("%s.%s", address, name)
 }
 
+// TODO(proxystate): Mesh Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func clustersFromSnapshotMeshGateway
+// func haveVoters
+
+// TODO(proxystate): Peering will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func makePeerServerClusters
+
+// TODO(proxystate): Terminating Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func clustersFromSnapshotTerminatingGateway
+
+// TODO(proxystate): Mesh Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func makeGatewayServiceClusters
+
+// TODO(proxystate): Cluster Peering will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func makeGatewayOutgoingClusterPeeringServiceClusters
+
+// TODO(proxystate): Terminating Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func makeDestinationClusters
+
+// TODO(proxystate): Mesh Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func injectGatewayServiceAddons
+
+// TODO(proxystate): Terminating Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func injectGatewayDestinationAddons
+
+// TODO(proxystate): Ingress Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func clustersFromSnapshotIngressGateway
+
+// TODO(proxystate): API Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func clustersFromSnapshotAPIGateway
+
+// TODO(proxystate): Ingress Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func configIngressUpstreamCluster
+
+func (s *Converter) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, name, pathProtocol string, port int) (*namedCluster, error) {
+	var err error
+	namedCluster := &namedCluster{}
+
+	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	if err != nil {
+		// Don't hard fail on a config typo, just warn. The parse func returns
+		// default config if there is an error so it's safe to continue.
+		s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
+	}
+
+	//// If we have overridden local cluster config try to parse it into an Envoy cluster
+	//if cfg.LocalClusterJSON != "" {
+	//	return makeClusterFromUserConfig(cfg.LocalClusterJSON)
+	//}
+
+	var endpoint *pbproxystate.Endpoint
+	if cfgSnap.Proxy.LocalServiceSocketPath != "" {
+		endpoint = makeUnixSocketEndpoint(cfgSnap.Proxy.LocalServiceSocketPath)
+	} else {
+		addr := cfgSnap.Proxy.LocalServiceAddress
+		if addr == "" {
+			addr = "127.0.0.1"
+		}
+		endpoint = makeHostPortEndpoint(addr, port)
+	}
+	s.proxyState.Endpoints[name] = &pbproxystate.Endpoints{
+		Endpoints: []*pbproxystate.Endpoint{endpoint},
+	}
+
+	namedCluster.name = name
+	namedCluster.cluster = &pbproxystate.Cluster{
+		Group: &pbproxystate.Cluster_EndpointGroup{
+			EndpointGroup: &pbproxystate.EndpointGroup{
+				Group: &pbproxystate.EndpointGroup_Static{
+					Static: &pbproxystate.StaticEndpointGroup{
+						Config: &pbproxystate.StaticEndpointGroupConfig{
+							ConnectTimeout: durationpb.New(time.Duration(cfg.LocalConnectTimeoutMs) * time.Millisecond),
+						},
+					},
+				},
+			},
+		},
+	}
+	protocol := pathProtocol
+	if protocol == "" {
+		protocol = cfg.Protocol
+	}
+	namedCluster.cluster.Protocol = protocol
+	if cfg.MaxInboundConnections > 0 {
+		namedCluster.cluster.GetEndpointGroup().GetStatic().GetConfig().
+			CircuitBreakers = &pbproxystate.CircuitBreakers{
+			UpstreamLimits: &pbproxystate.UpstreamLimits{
+				MaxConnections: response.MakeUint32Value(cfg.MaxInboundConnections),
+			},
+		}
+	}
+
+	return namedCluster, err
+}
+
+func (s *Converter) makeUpstreamClusterForPeerService(
+	uid proxycfg.UpstreamID,
+	upstreamConfig structs.UpstreamConfig,
+	peerMeta structs.PeeringServiceMeta,
+	cfgSnap *proxycfg.ConfigSnapshot,
+) (string, *pbproxystate.Cluster, *pbproxystate.Endpoints, error) {
+	var (
+		c   *pbproxystate.Cluster
+		e   *pbproxystate.Endpoints
+		err error
+	)
+
+	// TODO(proxystate): escapeHatches will be implemented in the future
+	//if upstreamConfig.EnvoyClusterJSON != "" {
+	//	c, err = makeClusterFromUserConfig(upstreamConfig.EnvoyClusterJSON)
+	//	if err != nil {
+	//		return "", c, e, err
+	//	}
+	//	// In the happy path don't return yet as we need to inject TLS config still.
+	//}
+
+	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
+
+	if err != nil {
+		return "", c, e, err
+	}
+
+	tbs, ok := upstreamsSnapshot.UpstreamPeerTrustBundles.Get(uid.Peer)
+	if !ok {
+		// this should never happen since we loop through upstreams with
+		// set trust bundles
+		return "", c, e, fmt.Errorf("trust bundle not ready for peer %s", uid.Peer)
+	}
+
+	clusterName := generatePeeredClusterName(uid, tbs)
+
+	outlierDetection := makeOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true)
+	// We can't rely on health checks for services on cluster peers because they
+	// don't take into account service resolvers, splitters and routers. Setting
+	// MaxEjectionPercent too 100% gives outlier detection the power to eject the
+	// entire cluster.
+	outlierDetection.MaxEjectionPercent = &wrapperspb.UInt32Value{Value: 100}
+
+	s.Logger.Trace("generating cluster for", "cluster", clusterName)
+	if c == nil {
+		c = &pbproxystate.Cluster{}
+
+		useEDS := true
+		if _, ok := cfgSnap.ConnectProxy.PeerUpstreamEndpointsUseHostnames[uid]; ok {
+			// If we're using local mesh gw, the fact that upstreams use hostnames don't matter.
+			// If we're not using local mesh gw, then resort to CDS.
+			if upstreamConfig.MeshGateway.Mode != structs.MeshGatewayModeLocal {
+				useEDS = false
+			}
+		}
+
+		// If none of the service instances are addressed by a hostname we
+		// provide the endpoint IP addresses via EDS
+		if useEDS {
+			d := &pbproxystate.DynamicEndpointGroup{
+				Config: &pbproxystate.DynamicEndpointGroupConfig{
+					UseAltStatName:        false,
+					ConnectTimeout:        durationpb.New(time.Duration(upstreamConfig.ConnectTimeoutMs) * time.Millisecond),
+					DisablePanicThreshold: true,
+					CircuitBreakers: &pbproxystate.CircuitBreakers{
+						UpstreamLimits: makeUpstreamLimitsIfNeeded(upstreamConfig.Limits),
+					},
+					OutlierDetection: outlierDetection,
+				},
+			}
+			c.Group = &pbproxystate.Cluster_EndpointGroup{
+				EndpointGroup: &pbproxystate.EndpointGroup{
+					Group: &pbproxystate.EndpointGroup_Dynamic{
+						Dynamic: d,
+					},
+				},
+			}
+			transportSocket := &pbproxystate.TransportSocket{
+				ConnectionTls: &pbproxystate.TransportSocket_OutboundMesh{
+					OutboundMesh: &pbproxystate.OutboundMeshMTLS{
+						ValidationContext: &pbproxystate.MeshOutboundValidationContext{
+							SpiffeIds:              peerMeta.SpiffeID,
+							TrustBundlePeerNameKey: uid.Peer,
+						},
+						Sni: peerMeta.PrimarySNI(),
+					},
+				},
+			}
+			d.OutboundTls = transportSocket
+		} else {
+			d := &pbproxystate.DNSEndpointGroup{
+				Config: &pbproxystate.DNSEndpointGroupConfig{
+					UseAltStatName:        false,
+					ConnectTimeout:        durationpb.New(time.Duration(upstreamConfig.ConnectTimeoutMs) * time.Millisecond),
+					DisablePanicThreshold: true,
+					CircuitBreakers: &pbproxystate.CircuitBreakers{
+						UpstreamLimits: makeUpstreamLimitsIfNeeded(upstreamConfig.Limits),
+					},
+					OutlierDetection: outlierDetection,
+				},
+			}
+			c.Group = &pbproxystate.Cluster_EndpointGroup{
+				EndpointGroup: &pbproxystate.EndpointGroup{
+					Group: &pbproxystate.EndpointGroup_Dns{
+						Dns: d,
+					},
+				},
+			}
+			e = &pbproxystate.Endpoints{
+				Endpoints: make([]*pbproxystate.Endpoint, 0),
+			}
+
+			ep, _ := cfgSnap.ConnectProxy.PeerUpstreamEndpoints.Get(uid)
+			configureClusterWithHostnames(
+				s.Logger,
+				d,
+				e,
+				"", /*TODO:make configurable?*/
+				ep,
+				true,  /*isRemote*/
+				false, /*onlyPassing*/
+			)
+			transportSocket := &pbproxystate.TransportSocket{
+				ConnectionTls: &pbproxystate.TransportSocket_OutboundMesh{
+					OutboundMesh: &pbproxystate.OutboundMeshMTLS{
+						ValidationContext: &pbproxystate.MeshOutboundValidationContext{
+							SpiffeIds:              peerMeta.SpiffeID,
+							TrustBundlePeerNameKey: uid.Peer,
+						},
+						Sni: peerMeta.PrimarySNI(),
+					},
+				},
+			}
+			d.OutboundTls = transportSocket
+		}
+	}
+
+	return clusterName, c, e, nil
+}
+
+func (s *Converter) makeUpstreamClusterForPreparedQuery(upstream structs.Upstream, cfgSnap *proxycfg.ConfigSnapshot) (*namedCluster, error) {
+	var c *pbproxystate.Cluster
+	var err error
+
+	uid := proxycfg.NewUpstreamID(&upstream)
+
+	dc := upstream.Datacenter
+	if dc == "" {
+		dc = cfgSnap.Datacenter
+	}
+	sni := connect.UpstreamSNI(&upstream, "", dc, cfgSnap.Roots.TrustDomain)
+
+	cfg, _ := structs.ParseUpstreamConfig(upstream.Config)
+	// TODO(proxystate): add logger and enable this
+	//if err != nil {
+	// Don't hard fail on a config typo, just warn. The parse func returns
+	// default config if there is an error so it's safe to continue.
+	//s.Logger.Warn("failed to parse", "upstream", uid, "error", err)
+	//}
+
+	// TODO(proxystate): escapeHatches will be implemented in the future
+	//if cfg.EnvoyClusterJSON != "" {
+	//	c, err = makeClusterFromUserConfig(cfg.EnvoyClusterJSON)
+	//	if err != nil {
+	//		return c, err
+	//	}
+	//	// In the happy path don't return yet as we need to inject TLS config still.
+	//}
+
+	if c == nil {
+		c = &pbproxystate.Cluster{
+			Protocol: cfg.Protocol,
+			Group: &pbproxystate.Cluster_EndpointGroup{
+				EndpointGroup: &pbproxystate.EndpointGroup{
+					Group: &pbproxystate.EndpointGroup_Dynamic{
+						Dynamic: &pbproxystate.DynamicEndpointGroup{
+							Config: &pbproxystate.DynamicEndpointGroupConfig{
+								ConnectTimeout: durationpb.New(time.Duration(cfg.ConnectTimeoutMs) * time.Millisecond),
+								// Endpoints are managed separately by EDS
+								// Having an empty config enables outlier detection with default config.
+								OutlierDetection:      makeOutlierDetection(cfg.PassiveHealthCheck, nil, true),
+								DisablePanicThreshold: true,
+								CircuitBreakers: &pbproxystate.CircuitBreakers{
+									UpstreamLimits: makeUpstreamLimitsIfNeeded(cfg.Limits),
+								},
+							},
+						},
+					},
+				},
+			},
+		}
+	}
+
+	endpoints := cfgSnap.ConnectProxy.PreparedQueryEndpoints[uid]
+	var (
+		spiffeIDs = make([]string, 0)
+		seen      = make(map[string]struct{})
+	)
+	for _, e := range endpoints {
+		id := fmt.Sprintf("%s/%s", e.Node.Datacenter, e.Service.CompoundServiceName())
+		if _, ok := seen[id]; ok {
+			continue
+		}
+		seen[id] = struct{}{}
+
+		name := e.Service.Proxy.DestinationServiceName
+		if e.Service.Connect.Native {
+			name = e.Service.Service
+		}
+
+		spiffeIDs = append(spiffeIDs, connect.SpiffeIDService{
+			Host:       cfgSnap.Roots.TrustDomain,
+			Namespace:  e.Service.NamespaceOrDefault(),
+			Partition:  e.Service.PartitionOrDefault(),
+			Datacenter: e.Node.Datacenter,
+			Service:    name,
+		}.URI().String())
+	}
+
+	transportSocket, err := s.createOutboundMeshMTLS(cfgSnap, spiffeIDs, sni)
+	if err != nil {
+		return nil, err
+	}
+	c.GetEndpointGroup().GetDynamic().OutboundTls = transportSocket
+
+	return &namedCluster{name: sni, cluster: c}, nil
+}
+
+func finalizeUpstreamConfig(cfg structs.UpstreamConfig, chain *structs.CompiledDiscoveryChain, connectTimeout time.Duration) structs.UpstreamConfig {
+	if cfg.Protocol == "" {
+		cfg.Protocol = chain.Protocol
+	}
+
+	if cfg.Protocol == "" {
+		cfg.Protocol = "tcp"
+	}
+
+	if cfg.ConnectTimeoutMs == 0 {
+		cfg.ConnectTimeoutMs = int(connectTimeout / time.Millisecond)
+	}
+	return cfg
+}
+
+func (s *Converter) createOutboundMeshMTLS(cfgSnap *proxycfg.ConfigSnapshot, spiffeIDs []string, sni string) (*pbproxystate.TransportSocket, error) {
+	switch cfgSnap.Kind {
+	case structs.ServiceKindConnectProxy:
+	case structs.ServiceKindMeshGateway:
+	default:
+		return nil, fmt.Errorf("cannot inject peering trust bundles for kind %q", cfgSnap.Kind)
+	}
+
+	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	if err != nil {
+		// Don't hard fail on a config typo, just warn. The parse func returns
+		// default config if there is an error so it's safe to continue.
+		s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
+	}
+
+	// Add all trust bundle peer names, including local.
+	trustBundlePeerNames := []string{"local"}
+	for _, tb := range cfgSnap.PeeringTrustBundles() {
+		trustBundlePeerNames = append(trustBundlePeerNames, tb.PeerName)
+	}
+	// Arbitrary UUID to reference the identity by.
+	uuid, err := uuid.GenerateUUID()
+	if err != nil {
+		return nil, err
+	}
+	// Create the transport socket
+	ts := &pbproxystate.TransportSocket{}
+
+	ts.ConnectionTls = &pbproxystate.TransportSocket_OutboundMesh{
+		OutboundMesh: &pbproxystate.OutboundMeshMTLS{
+			IdentityKey: uuid,
+			ValidationContext: &pbproxystate.MeshOutboundValidationContext{
+				TrustBundlePeerNameKey: trustBundlePeerNames[0],
+				SpiffeIds:              spiffeIDs,
+			},
+			Sni: sni,
+		},
+	}
+	s.proxyState.LeafCertificates[uuid] = &pbproxystate.LeafCertificate{
+		Cert: cfgSnap.Leaf().CertPEM,
+		Key:  cfgSnap.Leaf().PrivateKeyPEM,
+	}
+	ts.TlsParameters = makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing())
+	ts.AlpnProtocols = getAlpnProtocols(cfg.Protocol)
+
+	return ts, nil
+}
+func (s *Converter) makeUpstreamClustersForDiscoveryChain(
+	uid proxycfg.UpstreamID,
+	upstream *structs.Upstream,
+	chain *structs.CompiledDiscoveryChain,
+	cfgSnap *proxycfg.ConfigSnapshot,
+	forMeshGateway bool,
+) (map[string]*pbproxystate.Cluster, error) {
+	if chain == nil {
+		return nil, fmt.Errorf("cannot create upstream cluster without discovery chain for %s", uid)
+	}
+
+	if uid.Peer != "" && forMeshGateway {
+		return nil, fmt.Errorf("impossible to get a peer discovery chain in a mesh gateway")
+	}
+
+	upstreamConfigMap := make(map[string]interface{})
+	if upstream != nil {
+		upstreamConfigMap = upstream.Config
+	}
+
+	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
+
+	// Mesh gateways are exempt because upstreamsSnapshot is only used for
+	// cluster peering targets and transative failover/redirects are unsupported.
+	if err != nil && !forMeshGateway {
+		return nil, err
+	}
+
+	rawUpstreamConfig, err := structs.ParseUpstreamConfigNoDefaults(upstreamConfigMap)
+	if err != nil {
+		// Don't hard fail on a config typo, just warn. The parse func returns
+		// default config if there is an error so it's safe to continue.
+		s.Logger.Warn("failed to parse", "upstream", uid,
+			"error", err)
+	}
+
+	// TODO(proxystate): escapeHatches will be implemented in the future
+	//var escapeHatchCluster *pbproxystate.Cluster
+	//if !forMeshGateway {
+	//	if rawUpstreamConfig.EnvoyClusterJSON != "" {
+	//		if chain.Default {
+	//			// If you haven't done anything to setup the discovery chain, then
+	//			// you can use the envoy_cluster_json escape hatch.
+	//			escapeHatchCluster = &pbproxystate.Cluster{
+	//				EscapeHatchClusterJson: rawUpstreamConfig.EnvoyClusterJSON,
+	//			}
+	//		} else {
+	//			s.Logger.Warn("ignoring escape hatch setting, because a discovery chain is configured for",
+	//				"discovery chain", chain.ServiceName, "upstream", uid,
+	//				"envoy_cluster_json", chain.ServiceName)
+	//		}
+	//	}
+	//}
+
+	out := make(map[string]*pbproxystate.Cluster)
+	for _, node := range chain.Nodes {
+		switch {
+		case node == nil:
+			return nil, fmt.Errorf("impossible to process a nil node")
+		case node.Type != structs.DiscoveryGraphNodeTypeResolver:
+			continue
+		case node.Resolver == nil:
+			return nil, fmt.Errorf("impossible to process a non-resolver node")
+		}
+		// These variables are prefixed with primary to avoid shaddowing bugs.
+		primaryTargetID := node.Resolver.Target
+		primaryTarget := chain.Targets[primaryTargetID]
+		primaryTargetClusterName := s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway)
+		if primaryTargetClusterName == "" {
+			continue
+		}
+		if forMeshGateway && !cfgSnap.Locality.Matches(primaryTarget.Datacenter, primaryTarget.Partition) {
+			s.Logger.Warn("ignoring discovery chain target that crosses a datacenter or partition boundary in a mesh gateway",
+				"target", primaryTarget,
+				"gatewayLocality", cfgSnap.Locality,
+			)
+			continue
+		}
+
+		upstreamConfig := finalizeUpstreamConfig(rawUpstreamConfig, chain, node.Resolver.ConnectTimeout)
+
+		mappedTargets, err := s.mapDiscoChainTargets(cfgSnap, chain, node, upstreamConfig, forMeshGateway)
+		if err != nil {
+			return nil, err
+		}
+
+		targetGroups, err := mappedTargets.groupedTargets()
+		if err != nil {
+			return nil, err
+		}
+
+		var failoverGroup *pbproxystate.FailoverGroup
+		endpointGroups := make([]*pbproxystate.EndpointGroup, 0)
+		if mappedTargets.failover {
+			// Create a failover group. The endpoint groups that are part of this failover group are created by the loop
+			// below.
+			failoverGroup = &pbproxystate.FailoverGroup{
+				Config: &pbproxystate.FailoverGroupConfig{
+					ConnectTimeout: durationpb.New(node.Resolver.ConnectTimeout),
+				},
+			}
+		}
+
+		// Construct the target dynamic endpoint groups. If these are not part of a failover group, they will get added
+		// directly to the map of pbproxystate.Cluster, if they are a part of a failover group, they will be added to
+		// the failover group.
+		for _, groupedTarget := range targetGroups {
+			s.Logger.Debug("generating cluster for", "cluster", groupedTarget.ClusterName)
+			dynamic := &pbproxystate.DynamicEndpointGroup{
+				Config: &pbproxystate.DynamicEndpointGroupConfig{
+					UseAltStatName: true,
+					ConnectTimeout: durationpb.New(node.Resolver.ConnectTimeout),
+					// TODO(peering): make circuit breakers or outlier detection work?
+					CircuitBreakers: &pbproxystate.CircuitBreakers{
+						UpstreamLimits: makeUpstreamLimitsIfNeeded(upstreamConfig.Limits),
+					},
+					OutlierDetection: makeOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true),
+				},
+			}
+			ti := groupedTarget.Targets[0]
+			transportSocket, err := s.createOutboundMeshMTLS(cfgSnap, ti.SpiffeIDs, ti.SNI)
+			if err != nil {
+				return nil, err
+			}
+			dynamic.OutboundTls = transportSocket
+
+			var lb *structs.LoadBalancer
+			if node.LoadBalancer != nil {
+				lb = node.LoadBalancer
+			}
+			if err := injectLBToCluster(lb, dynamic.Config); err != nil {
+				return nil, fmt.Errorf("failed to apply load balancer configuration to cluster %q: %v", groupedTarget.ClusterName, err)
+			}
+
+			// TODO: IR: http2 options not currently supported
+			//if upstreamConfig.Protocol == "http2" || upstreamConfig.Protocol == "grpc" {
+			//	if err := s.setHttp2ProtocolOptions(c); err != nil {
+			//		return nil, err
+			//	}
+			//}
+
+			switch len(groupedTarget.Targets) {
+			case 0:
+				continue
+			case 1:
+				// We expect one target so this passes through to continue setting the cluster up.
+			default:
+				return nil, fmt.Errorf("cannot have more than one target")
+			}
+
+			if targetInfo := groupedTarget.Targets[0]; targetInfo.TransportSocket != nil {
+				dynamic.OutboundTls = targetInfo.TransportSocket
+			}
+
+			// If the endpoint group is part of a failover group, add it to the failover group. Otherwise add it
+			// directly to the clusters.
+			if failoverGroup != nil {
+				eg := &pbproxystate.EndpointGroup{
+					Group: &pbproxystate.EndpointGroup_Dynamic{
+						Dynamic: dynamic,
+					},
+				}
+				endpointGroups = append(endpointGroups, eg)
+			} else {
+				cluster := &pbproxystate.Cluster{
+					AltStatName: mappedTargets.baseClusterName,
+					Protocol:    upstreamConfig.Protocol,
+					Group: &pbproxystate.Cluster_EndpointGroup{
+						EndpointGroup: &pbproxystate.EndpointGroup{
+							Group: &pbproxystate.EndpointGroup_Dynamic{
+								Dynamic: dynamic,
+							},
+						},
+					},
+				}
+
+				out[mappedTargets.baseClusterName] = cluster
+			}
+		}
+
+		// If there's a failover group, we only add the failover group to the top level list of clusters. Its endpoint
+		// groups are inlined.
+		if failoverGroup != nil {
+			failoverGroup.EndpointGroups = endpointGroups
+			cluster := &pbproxystate.Cluster{
+				AltStatName: mappedTargets.baseClusterName,
+				Protocol:    upstreamConfig.Protocol,
+				Group: &pbproxystate.Cluster_FailoverGroup{
+					FailoverGroup: failoverGroup,
+				},
+			}
+			out[mappedTargets.baseClusterName] = cluster
+		}
+	}
+
+	//if escapeHatchCluster != nil {
+	//	if len(out) != 1 {
+	//		return nil, fmt.Errorf("cannot inject escape hatch cluster when discovery chain had no nodes")
+	//	}
+	//	var defaultCluster *pbproxystate.Cluster
+	//	for _, k := range out {
+	//		defaultCluster = k
+	//		break
+	//	}
+	//
+	//	// Overlay what the user provided.
+	//	escapeHatchCluster.GetEndpointGroup().GetDynamic().OutboundTls.ConnectionTls =
+	//		defaultCluster.GetEndpointGroup().GetDynamic().OutboundTls.ConnectionTls
+	//
+	//	out = append(out, escapeHatchCluster)
+	//}
+
+	return out, nil
+}
+
+// TODO(proxystate): Mesh Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func makeExportedUpstreamClustersForMeshGateway
+
+// makeClusterFromUserConfig returns the listener config decoded from an
+// arbitrary proto3 json format string or an error if it's invalid.
+//
+// For now we only support embedding in JSON strings because of the hcl parsing
+// pain (see Background section in the comment for decode.HookWeakDecodeFromSlice).
+// This may be fixed in decode.HookWeakDecodeFromSlice in the future.
+//
+// When we do that we can support just nesting the config directly into the
+// JSON/hcl naturally but this is a stop-gap that gets us an escape hatch
+// immediately. It's also probably not a bad thing to support long-term since
+// any config generated by other systems will likely be in canonical protobuf
+// from rather than our slight variant in JSON/hcl.
+
+// TODO(proxystate): Mesh and Terminating Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func makeGatewayCluster
+
+func configureClusterWithHostnames(
+	logger hclog.Logger,
+	dnsEndpointGroup *pbproxystate.DNSEndpointGroup,
+	endpointList *pbproxystate.Endpoints,
+	dnsDiscoveryType string,
+	// hostnameEndpoints is a list of endpoints with a hostname as their address
+	hostnameEndpoints structs.CheckServiceNodes,
+	// isRemote determines whether the cluster is in a remote DC or partition and we should prefer a WAN address
+	isRemote bool,
+	// onlyPassing determines whether endpoints that do not have a passing status should be considered unhealthy
+	onlyPassing bool,
+) {
+	// When a service instance is addressed by a hostname we have Envoy do the DNS resolution
+	// by setting a DNS cluster type and passing the hostname endpoints via CDS.
+	if dnsEndpointGroup.Config == nil {
+		dnsEndpointGroup.Config = &pbproxystate.DNSEndpointGroupConfig{}
+	}
+	dnsEndpointGroup.Config.DiscoveryType = pbproxystate.DiscoveryType_DISCOVERY_TYPE_LOGICAL
+	if dnsDiscoveryType == "strict_dns" {
+		dnsEndpointGroup.Config.DiscoveryType = pbproxystate.DiscoveryType_DISCOVERY_TYPE_STRICT
+	}
+
+	endpoints := make([]*envoy_endpoint_v3.LbEndpoint, 0, 1)
+	uniqueHostnames := make(map[string]bool)
+
+	var (
+		hostname string
+		idx      int
+		fallback *pbproxystate.Endpoint
+	)
+	for i, e := range hostnameEndpoints {
+		_, addr, port := e.BestAddress(isRemote)
+		uniqueHostnames[addr] = true
+
+		health, weight := calculateEndpointHealthAndWeight(e, onlyPassing)
+		if health == pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY {
+			fallback = makeLbEndpoint(addr, port, health, weight)
+			continue
+		}
+
+		if len(endpoints) == 0 {
+			endpointList.Endpoints = append(endpointList.Endpoints, makeLbEndpoint(addr, port, health, weight))
+
+			hostname = addr
+			idx = i
+			break
+		}
+	}
+
+	dc := hostnameEndpoints[idx].Node.Datacenter
+	service := hostnameEndpoints[idx].Service.CompoundServiceName()
+
+	// Fall back to last unhealthy endpoint if none were healthy
+	if len(endpoints) == 0 {
+		logger.Warn("upstream service does not contain any healthy instances",
+			"dc", dc, "service", service.String())
+
+		//endpoints = append(endpoints, fallback)
+		endpointList.Endpoints = append(endpointList.Endpoints, fallback)
+	}
+	if len(uniqueHostnames) > 1 {
+		logger.Warn(fmt.Sprintf("service contains instances with more than one unique hostname; only %q be resolved by Envoy", hostname),
+			"dc", dc, "service", service.String())
+	}
+
+}
+
+// TODO(proxystate): Terminating Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func makeExternalIPCluster
+
+// TODO(proxystate): Terminating Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func makeExternalHostnameCluster
+
+func makeUpstreamLimitsIfNeeded(limits *structs.UpstreamLimits) *pbproxystate.UpstreamLimits {
+	if limits == nil {
+		return nil
+	}
+
+	upstreamLimits := &pbproxystate.UpstreamLimits{}
+
+	// Likewise, make sure to not set any threshold values on the zero-value in
+	// order to rely on Envoy defaults
+	if limits.MaxConnections != nil {
+		upstreamLimits.MaxConnections = response.MakeUint32Value(*limits.MaxConnections)
+	}
+	if limits.MaxPendingRequests != nil {
+		upstreamLimits.MaxPendingRequests = response.MakeUint32Value(*limits.MaxPendingRequests)
+	}
+	if limits.MaxConcurrentRequests != nil {
+		upstreamLimits.MaxConcurrentRequests = response.MakeUint32Value(*limits.MaxConcurrentRequests)
+	}
+
+	return upstreamLimits
+}
+
+func injectLBToCluster(ec *structs.LoadBalancer, dc *pbproxystate.DynamicEndpointGroupConfig) error {
+	if ec == nil {
+		return nil
+	}
+
+	switch ec.Policy {
+	case "":
+		return nil
+	case structs.LBPolicyLeastRequest:
+		lr := &pbproxystate.DynamicEndpointGroupConfig_LeastRequest{
+			LeastRequest: &pbproxystate.LBPolicyLeastRequest{},
+		}
+
+		dc.LbPolicy = lr
+
+		if ec.LeastRequestConfig != nil {
+			lr.LeastRequest.ChoiceCount = &wrapperspb.UInt32Value{Value: ec.LeastRequestConfig.ChoiceCount}
+		}
+	case structs.LBPolicyRoundRobin:
+		dc.LbPolicy = &pbproxystate.DynamicEndpointGroupConfig_RoundRobin{
+			RoundRobin: &pbproxystate.LBPolicyRoundRobin{},
+		}
+
+	case structs.LBPolicyRandom:
+		dc.LbPolicy = &pbproxystate.DynamicEndpointGroupConfig_Random{
+			Random: &pbproxystate.LBPolicyRandom{},
+		}
+
+	case structs.LBPolicyRingHash:
+		rh := &pbproxystate.DynamicEndpointGroupConfig_RingHash{
+			RingHash: &pbproxystate.LBPolicyRingHash{},
+		}
+
+		dc.LbPolicy = rh
+
+		if ec.RingHashConfig != nil {
+			rh.RingHash.MinimumRingSize = &wrapperspb.UInt64Value{Value: ec.RingHashConfig.MinimumRingSize}
+			rh.RingHash.MaximumRingSize = &wrapperspb.UInt64Value{Value: ec.RingHashConfig.MaximumRingSize}
+		}
+	case structs.LBPolicyMaglev:
+		dc.LbPolicy = &pbproxystate.DynamicEndpointGroupConfig_Maglev{
+			Maglev: &pbproxystate.LBPolicyMaglev{},
+		}
+
+	default:
+		return fmt.Errorf("unsupported load balancer policy %q", ec.Policy)
+	}
+	return nil
+}
+
 // generatePeeredClusterName returns an SNI-like cluster name which mimics PeeredServiceSNI
 // but excludes partition information which could be ambiguous (local vs remote partition).
 func generatePeeredClusterName(uid proxycfg.UpstreamID, tb *pbpeering.PeeringTrustBundle) string {
@@ -72,3 +1181,69 @@ func (s *Converter) getTargetClusterName(upstreamsSnapshot *proxycfg.ConfigSnaps
 	}
 	return clusterName
 }
+
+// Return an pbproxystate.OutlierDetection populated by the values from structs.PassiveHealthCheck.
+// If all values are zero a default empty OutlierDetection will be returned to
+// enable outlier detection with default values.
+//   - If override is not nil, it will overwrite the values from p, e.g., ingress gateway defaults
+//   - allowZero is added to handle the legacy case where connect-proxy and mesh gateway can set 0
+//     for EnforcingConsecutive5xx. Due to the definition of proto of PassiveHealthCheck, ingress
+//     gateway's EnforcingConsecutive5xx must be > 0.
+func makeOutlierDetection(p *structs.PassiveHealthCheck, override *structs.PassiveHealthCheck, allowZero bool) *pbproxystate.OutlierDetection {
+	od := &pbproxystate.OutlierDetection{}
+	if p != nil {
+
+		if p.Interval != 0 {
+			od.Interval = durationpb.New(p.Interval)
+		}
+		if p.MaxFailures != 0 {
+			od.Consecutive_5Xx = &wrapperspb.UInt32Value{Value: p.MaxFailures}
+		}
+
+		if p.EnforcingConsecutive5xx != nil {
+			// NOTE: EnforcingConsecutive5xx must be greater than 0 for ingress-gateway
+			if *p.EnforcingConsecutive5xx != 0 {
+				od.EnforcingConsecutive_5Xx = &wrapperspb.UInt32Value{Value: *p.EnforcingConsecutive5xx}
+			} else if allowZero {
+				od.EnforcingConsecutive_5Xx = &wrapperspb.UInt32Value{Value: *p.EnforcingConsecutive5xx}
+			}
+		}
+
+		if p.MaxEjectionPercent != nil {
+			od.MaxEjectionPercent = &wrapperspb.UInt32Value{Value: *p.MaxEjectionPercent}
+		}
+		if p.BaseEjectionTime != nil {
+			od.BaseEjectionTime = durationpb.New(*p.BaseEjectionTime)
+		}
+	}
+
+	if override == nil {
+		return od
+	}
+
+	// override the default outlier detection value
+	if override.Interval != 0 {
+		od.Interval = durationpb.New(override.Interval)
+	}
+	if override.MaxFailures != 0 {
+		od.Consecutive_5Xx = &wrapperspb.UInt32Value{Value: override.MaxFailures}
+	}
+
+	if override.EnforcingConsecutive5xx != nil {
+		// NOTE: EnforcingConsecutive5xx must be great than 0 for ingress-gateway
+		if *override.EnforcingConsecutive5xx != 0 {
+			od.EnforcingConsecutive_5Xx = &wrapperspb.UInt32Value{Value: *override.EnforcingConsecutive5xx}
+		}
+		// Because only ingress gateways have overrides and they cannot have a value of 0, there is no allowZero
+		// override case to handle
+	}
+
+	if override.MaxEjectionPercent != nil {
+		od.MaxEjectionPercent = &wrapperspb.UInt32Value{Value: *override.MaxEjectionPercent}
+	}
+	if override.BaseEjectionTime != nil {
+		od.BaseEjectionTime = durationpb.New(*override.BaseEjectionTime)
+	}
+
+	return od
+}
diff --git a/agent/xds/proxystateconverter/converter.go b/agent/xds/proxystateconverter/converter.go
index 3a8037b44b1c..061a59d6e93e 100644
--- a/agent/xds/proxystateconverter/converter.go
+++ b/agent/xds/proxystateconverter/converter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxystateconverter
 
@@ -57,6 +57,10 @@ func (g *Converter) resourcesFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) erro
 	if err != nil {
 		return err
 	}
+	//g.routesFromSnapshot(cfgSnap)
+	g.clustersFromSnapshot(cfgSnap)
+	//g.endpointsFromSnapshot(cfgSnap)
+	//g.secretsFromSnapshot(cfgSnap)
 	return nil
 }
 
diff --git a/agent/xds/proxystateconverter/endpoints.go b/agent/xds/proxystateconverter/endpoints.go
new file mode 100644
index 000000000000..5a5dc3708098
--- /dev/null
+++ b/agent/xds/proxystateconverter/endpoints.go
@@ -0,0 +1,85 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package proxystateconverter
+
+import (
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+	"google.golang.org/protobuf/types/known/wrapperspb"
+)
+
+func makeLbEndpoint(addr string, port int, health pbproxystate.HealthStatus, weight int) *pbproxystate.Endpoint {
+	ep := &pbproxystate.Endpoint{
+		Address: &pbproxystate.Endpoint_HostPort{
+			HostPort: &pbproxystate.HostPortAddress{
+				Host: addr,
+				Port: uint32(port),
+			},
+		},
+	}
+	ep.HealthStatus = health
+	ep.LoadBalancingWeight = &wrapperspb.UInt32Value{Value: uint32(weight)}
+	return ep
+}
+
+// used in clusters.go
+func makeHostPortEndpoint(host string, port int) *pbproxystate.Endpoint {
+	return &pbproxystate.Endpoint{
+		Address: &pbproxystate.Endpoint_HostPort{
+			HostPort: &pbproxystate.HostPortAddress{
+				Host: host,
+				Port: uint32(port),
+			},
+		},
+	}
+}
+
+func makeUnixSocketEndpoint(path string) *pbproxystate.Endpoint {
+	return &pbproxystate.Endpoint{
+		Address: &pbproxystate.Endpoint_UnixSocket{
+			UnixSocket: &pbproxystate.UnixSocketAddress{
+				Path: path,
+				// envoy's mode is particular to a pipe address and is uint32.
+				// it also says "The mode for the Pipe. Not applicable for abstract sockets."
+				// https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-pipe
+				Mode: "0",
+			},
+		},
+	}
+}
+
+func calculateEndpointHealthAndWeight(
+	ep structs.CheckServiceNode,
+	onlyPassing bool,
+) (pbproxystate.HealthStatus, int) {
+	healthStatus := pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY
+	weight := 1
+	if ep.Service.Weights != nil {
+		weight = ep.Service.Weights.Passing
+	}
+
+	for _, chk := range ep.Checks {
+		if chk.Status == api.HealthCritical {
+			healthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
+		}
+		if onlyPassing && chk.Status != api.HealthPassing {
+			healthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
+		}
+		if chk.Status == api.HealthWarning && ep.Service.Weights != nil {
+			weight = ep.Service.Weights.Warning
+		}
+	}
+	// Make weights fit Envoy's limits. A zero weight means that either Warning
+	// (likely) or Passing (weirdly) weight has been set to 0 effectively making
+	// this instance unhealthy and should not be sent traffic.
+	if weight < 1 {
+		healthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
+		weight = 1
+	}
+	if weight > 128 {
+		weight = 128
+	}
+	return healthStatus, weight
+}
diff --git a/agent/xds/proxystateconverter/failover_policy.go b/agent/xds/proxystateconverter/failover_policy.go
new file mode 100644
index 000000000000..6ae120eaf941
--- /dev/null
+++ b/agent/xds/proxystateconverter/failover_policy.go
@@ -0,0 +1,158 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package proxystateconverter
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+)
+
+type discoChainTargets struct {
+	baseClusterName string
+	targets         []targetInfo
+	failover        bool
+	failoverPolicy  structs.ServiceResolverFailoverPolicy
+}
+
+type targetInfo struct {
+	TargetID        string
+	TransportSocket *pbproxystate.TransportSocket
+	SNI             string
+	RootPEMs        string
+	SpiffeIDs       []string
+	Region          *string
+
+	PrioritizeByLocality *structs.DiscoveryPrioritizeByLocality
+}
+
+type discoChainTargetGroup struct {
+	Targets     []targetInfo
+	ClusterName string
+}
+
+func (ft discoChainTargets) groupedTargets() ([]discoChainTargetGroup, error) {
+	var targetGroups []discoChainTargetGroup
+
+	if !ft.failover {
+		targetGroups = append(targetGroups, discoChainTargetGroup{
+			ClusterName: ft.baseClusterName,
+			Targets:     ft.targets,
+		})
+		return targetGroups, nil
+	}
+
+	switch ft.failoverPolicy.Mode {
+	case "sequential", "":
+		return ft.sequential()
+	case "order-by-locality":
+		return ft.orderByLocality()
+	default:
+		return targetGroups, fmt.Errorf("unexpected failover policy")
+	}
+}
+
+func (s *Converter) mapDiscoChainTargets(cfgSnap *proxycfg.ConfigSnapshot, chain *structs.CompiledDiscoveryChain, node *structs.DiscoveryGraphNode, upstreamConfig structs.UpstreamConfig, forMeshGateway bool) (discoChainTargets, error) {
+	failoverTargets := discoChainTargets{}
+
+	if node.Resolver == nil {
+		return discoChainTargets{}, fmt.Errorf("impossible to process a non-resolver node")
+	}
+
+	primaryTargetID := node.Resolver.Target
+	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
+	if err != nil && !forMeshGateway {
+		return discoChainTargets{}, err
+	}
+
+	failoverTargets.baseClusterName = s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway)
+
+	tids := []string{primaryTargetID}
+	failover := node.Resolver.Failover
+	if failover != nil && !forMeshGateway {
+		tids = append(tids, failover.Targets...)
+		failoverTargets.failover = true
+		if failover.Policy == nil {
+			failoverTargets.failoverPolicy = structs.ServiceResolverFailoverPolicy{}
+		} else {
+			failoverTargets.failoverPolicy = *failover.Policy
+		}
+	}
+
+	for _, tid := range tids {
+		target := chain.Targets[tid]
+		targetUID := proxycfg.NewUpstreamIDFromTargetID(tid)
+		ti := targetInfo{TargetID: tid, PrioritizeByLocality: target.PrioritizeByLocality}
+
+		configureTLS := true
+		if forMeshGateway {
+			// We only initiate TLS if we're doing an L7 proxy.
+			configureTLS = structs.IsProtocolHTTPLike(upstreamConfig.Protocol)
+		}
+
+		if !configureTLS {
+			failoverTargets.targets = append(failoverTargets.targets, ti)
+			continue
+		}
+
+		if targetUID.Peer != "" {
+			tbs, _ := upstreamsSnapshot.UpstreamPeerTrustBundles.Get(targetUID.Peer)
+
+			peerMeta, found := upstreamsSnapshot.UpstreamPeerMeta(targetUID)
+			if !found {
+				s.Logger.Warn("failed to fetch upstream peering metadata", "target", targetUID)
+				continue
+			}
+			ti.SNI = peerMeta.PrimarySNI()
+			ti.SpiffeIDs = peerMeta.SpiffeID
+			region := target.Locality.GetRegion()
+			ti.Region = &region
+			ti.RootPEMs = tbs.ConcatenatedRootPEMs()
+		} else {
+			ti.SNI = target.SNI
+			ti.RootPEMs = cfgSnap.RootPEMs()
+			ti.SpiffeIDs = []string{connect.SpiffeIDService{
+				Host:       cfgSnap.Roots.TrustDomain,
+				Namespace:  target.Namespace,
+				Partition:  target.Partition,
+				Datacenter: target.Datacenter,
+				Service:    target.Service,
+			}.URI().String()}
+		}
+		//commonTLSContext := makeCommonTLSContext(
+		//	cfgSnap.Leaf(),
+		//	rootPEMs,
+		//	makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()),
+		//)
+		//
+		//err := injectSANMatcher(commonTLSContext, spiffeIDs...)
+		//if err != nil {
+		//	return failoverTargets, fmt.Errorf("failed to inject SAN matcher rules for cluster %q: %v", sni, err)
+		//}
+
+		//tlsContext := &envoy_tls_v3.UpstreamTlsContext{
+		//	CommonTlsContext: commonTLSContext,
+		//	Sni:              sni,
+		//}
+		//ti.TLSContext = tlsContext
+		failoverTargets.targets = append(failoverTargets.targets, ti)
+	}
+
+	return failoverTargets, nil
+}
+
+func (ft discoChainTargets) sequential() ([]discoChainTargetGroup, error) {
+	var targetGroups []discoChainTargetGroup
+	for i, t := range ft.targets {
+		targetGroups = append(targetGroups, discoChainTargetGroup{
+			ClusterName: fmt.Sprintf("%s%d~%s", xdscommon.FailoverClusterNamePrefix, i, ft.baseClusterName),
+			Targets:     []targetInfo{t},
+		})
+	}
+	return targetGroups, nil
+}
diff --git a/agent/xds/proxystateconverter/failover_policy_oss.go b/agent/xds/proxystateconverter/failover_policy_oss.go
new file mode 100644
index 000000000000..a9b2ec24843c
--- /dev/null
+++ b/agent/xds/proxystateconverter/failover_policy_oss.go
@@ -0,0 +1,15 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+//go:build !consulent
+// +build !consulent
+
+package proxystateconverter
+
+import (
+	"fmt"
+)
+
+func (ft discoChainTargets) orderByLocality() ([]discoChainTargetGroup, error) {
+	return nil, fmt.Errorf("order-by-locality is a Consul Enterprise feature")
+}
diff --git a/agent/xds/proxystateconverter/listeners.go b/agent/xds/proxystateconverter/listeners.go
index a530fbf4fe96..7e21819260ee 100644
--- a/agent/xds/proxystateconverter/listeners.go
+++ b/agent/xds/proxystateconverter/listeners.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxystateconverter
 
@@ -16,11 +16,6 @@ import (
 	envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
 	"github.com/hashicorp/go-uuid"
 
-	"github.com/hashicorp/consul/agent/xds/config"
-	"github.com/hashicorp/consul/agent/xds/naming"
-	"github.com/hashicorp/consul/agent/xds/platform"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
@@ -29,7 +24,11 @@ import (
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/config"
+	"github.com/hashicorp/consul/agent/xds/naming"
+	"github.com/hashicorp/consul/agent/xds/platform"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
 	"github.com/hashicorp/consul/sdk/iptables"
 	"github.com/hashicorp/consul/types"
 )
diff --git a/agent/xds/rbac.go b/agent/xds/rbac.go
index b3f9267eefb4..0c00cb92cb0c 100644
--- a/agent/xds/rbac.go
+++ b/agent/xds/rbac.go
@@ -19,6 +19,7 @@ import (
 
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 )
 
@@ -987,7 +988,7 @@ func authenticatedPatternPrincipal(pattern string) *envoy_rbac_v3.Principal {
 			Authenticated: &envoy_rbac_v3.Principal_Authenticated{
 				PrincipalName: &envoy_matcher_v3.StringMatcher{
 					MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
-						SafeRegex: makeEnvoyRegexMatch(pattern),
+						SafeRegex: response.MakeEnvoyRegexMatch(pattern),
 					},
 				},
 			},
@@ -1019,7 +1020,7 @@ func xfccPrincipal(src rbacService) *envoy_rbac_v3.Principal {
 				HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{
 					StringMatch: &envoy_matcher_v3.StringMatcher{
 						MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
-							SafeRegex: makeEnvoyRegexMatch(pattern),
+							SafeRegex: response.MakeEnvoyRegexMatch(pattern),
 						},
 					},
 				},
@@ -1224,7 +1225,7 @@ func convertPermission(perm *structs.IntentionPermission) *envoy_rbac_v3.Permiss
 					Rule: &envoy_matcher_v3.PathMatcher_Path{
 						Path: &envoy_matcher_v3.StringMatcher{
 							MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
-								SafeRegex: makeEnvoyRegexMatch(perm.HTTP.PathRegex),
+								SafeRegex: response.MakeEnvoyRegexMatch(perm.HTTP.PathRegex),
 							},
 						},
 					},
@@ -1245,7 +1246,7 @@ func convertPermission(perm *structs.IntentionPermission) *envoy_rbac_v3.Permiss
 			}
 		case hdr.Regex != "":
 			eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
-				SafeRegexMatch: makeEnvoyRegexMatch(hdr.Regex),
+				SafeRegexMatch: response.MakeEnvoyRegexMatch(hdr.Regex),
 			}
 		case hdr.Prefix != "":
 			eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PrefixMatch{
@@ -1280,7 +1281,7 @@ func convertPermission(perm *structs.IntentionPermission) *envoy_rbac_v3.Permiss
 		eh := &envoy_route_v3.HeaderMatcher{
 			Name: ":method",
 			HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
-				SafeRegexMatch: makeEnvoyRegexMatch(methodHeaderRegex),
+				SafeRegexMatch: response.MakeEnvoyRegexMatch(methodHeaderRegex),
 			},
 		}
 
diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go
index 22ef50bc876d..926c44fab86e 100644
--- a/agent/xds/resources_test.go
+++ b/agent/xds/resources_test.go
@@ -27,6 +27,7 @@ import (
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
 
@@ -120,7 +121,7 @@ func TestAllResourcesFromSnapshot(t *testing.T) {
 					}
 				})
 
-				r, err := createResponse(typeUrl, "00000001", "00000001", items)
+				r, err := response.CreateResponse(typeUrl, "00000001", "00000001", items)
 				require.NoError(t, err)
 
 				gotJSON := protoToJSON(t, r)
diff --git a/agent/xds/response.go b/agent/xds/response/response.go
similarity index 82%
rename from agent/xds/response.go
rename to agent/xds/response/response.go
index 92e0f9d0a890..91ce6d739738 100644
--- a/agent/xds/response.go
+++ b/agent/xds/response/response.go
@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 
-package xds
+package response
 
 import (
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
@@ -13,7 +13,7 @@ import (
 	"google.golang.org/protobuf/types/known/wrapperspb"
 )
 
-func createResponse(typeURL string, version, nonce string, resources []proto.Message) (*envoy_discovery_v3.DiscoveryResponse, error) {
+func CreateResponse(typeURL string, version, nonce string, resources []proto.Message) (*envoy_discovery_v3.DiscoveryResponse, error) {
 	anys := make([]*anypb.Any, 0, len(resources))
 	for _, r := range resources {
 		if r == nil {
@@ -41,7 +41,7 @@ func createResponse(typeURL string, version, nonce string, resources []proto.Mes
 	return resp, nil
 }
 
-func makePipeAddress(path string, mode uint32) *envoy_core_v3.Address {
+func MakePipeAddress(path string, mode uint32) *envoy_core_v3.Address {
 	return &envoy_core_v3.Address{
 		Address: &envoy_core_v3.Address_Pipe{
 			Pipe: &envoy_core_v3.Pipe{
@@ -52,7 +52,7 @@ func makePipeAddress(path string, mode uint32) *envoy_core_v3.Address {
 	}
 }
 
-func makeAddress(ip string, port int) *envoy_core_v3.Address {
+func MakeAddress(ip string, port int) *envoy_core_v3.Address {
 	return &envoy_core_v3.Address{
 		Address: &envoy_core_v3.Address_SocketAddress{
 			SocketAddress: &envoy_core_v3.SocketAddress{
@@ -65,15 +65,15 @@ func makeAddress(ip string, port int) *envoy_core_v3.Address {
 	}
 }
 
-func makeUint32Value(n int) *wrapperspb.UInt32Value {
+func MakeUint32Value(n int) *wrapperspb.UInt32Value {
 	return &wrapperspb.UInt32Value{Value: uint32(n)}
 }
 
-func makeBoolValue(n bool) *wrapperspb.BoolValue {
+func MakeBoolValue(n bool) *wrapperspb.BoolValue {
 	return &wrapperspb.BoolValue{Value: n}
 }
 
-func makeEnvoyRegexMatch(patt string) *envoy_matcher_v3.RegexMatcher {
+func MakeEnvoyRegexMatch(patt string) *envoy_matcher_v3.RegexMatcher {
 	return &envoy_matcher_v3.RegexMatcher{
 		EngineType: &envoy_matcher_v3.RegexMatcher_GoogleRe2{
 			GoogleRe2: &envoy_matcher_v3.RegexMatcher_GoogleRE2{},
diff --git a/agent/xds/routes.go b/agent/xds/routes.go
index 31b1c4a93241..6f0d18b05dcb 100644
--- a/agent/xds/routes.go
+++ b/agent/xds/routes.go
@@ -23,6 +23,7 @@ import (
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/config"
+	"github.com/hashicorp/consul/agent/xds/response"
 )
 
 // routesFromSnapshot returns the xDS API representation of the "routes" in the
@@ -71,7 +72,7 @@ func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapsh
 			// ValidateClusters defaults to true when defined statically and false
 			// when done via RDS. Re-set the reasonable value of true to prevent
 			// null-routing traffic.
-			ValidateClusters: makeBoolValue(true),
+			ValidateClusters: response.MakeBoolValue(true),
 		}
 		resources = append(resources, route)
 	}
@@ -268,7 +269,7 @@ func (s *ResourceGenerator) routesForMeshGateway(cfgSnap *proxycfg.ConfigSnapsho
 			// ValidateClusters defaults to true when defined statically and false
 			// when done via RDS. Re-set the reasonable value of true to prevent
 			// null-routing traffic.
-			ValidateClusters: makeBoolValue(true),
+			ValidateClusters: response.MakeBoolValue(true),
 		}
 		resources = append(resources, route)
 	}
@@ -286,7 +287,7 @@ func makeNamedDefaultRouteWithLB(clusterName string, lb *structs.LoadBalancer, t
 	// Configure Envoy to rewrite Host header
 	if autoHostRewrite {
 		action.Route.HostRewriteSpecifier = &envoy_route_v3.RouteAction_AutoHostRewrite{
-			AutoHostRewrite: makeBoolValue(true),
+			AutoHostRewrite: response.MakeBoolValue(true),
 		}
 	}
 
@@ -311,7 +312,7 @@ func makeNamedDefaultRouteWithLB(clusterName string, lb *structs.LoadBalancer, t
 		// ValidateClusters defaults to true when defined statically and false
 		// when done via RDS. Re-set the reasonable value of true to prevent
 		// null-routing traffic.
-		ValidateClusters: makeBoolValue(true),
+		ValidateClusters: response.MakeBoolValue(true),
 	}, nil
 }
 
@@ -321,7 +322,7 @@ func makeNamedAddressesRoute(routeName string, addresses map[string]string) (*en
 		// ValidateClusters defaults to true when defined statically and false
 		// when done via RDS. Re-set the reasonable value of true to prevent
 		// null-routing traffic.
-		ValidateClusters: makeBoolValue(true),
+		ValidateClusters: response.MakeBoolValue(true),
 	}
 	for clusterName, address := range addresses {
 		action := makeRouteActionFromName(clusterName)
@@ -363,7 +364,7 @@ func (s *ResourceGenerator) routesForIngressGateway(cfgSnap *proxycfg.ConfigSnap
 			// ValidateClusters defaults to true when defined statically and false
 			// when done via RDS. Re-set the reasonable value of true to prevent
 			// null-routing traffic.
-			ValidateClusters: makeBoolValue(true),
+			ValidateClusters: response.MakeBoolValue(true),
 		}
 
 		for _, u := range upstreams {
@@ -412,7 +413,7 @@ func (s *ResourceGenerator) routesForIngressGateway(cfgSnap *proxycfg.ConfigSnap
 			} else {
 				svcRoute := &envoy_route_v3.RouteConfiguration{
 					Name:             svcRouteName,
-					ValidateClusters: makeBoolValue(true),
+					ValidateClusters: response.MakeBoolValue(true),
 					VirtualHosts:     []*envoy_route_v3.VirtualHost{virtualHost},
 				}
 				result = append(result, svcRoute)
@@ -448,7 +449,7 @@ func (s *ResourceGenerator) routesForAPIGateway(cfgSnap *proxycfg.ConfigSnapshot
 			// ValidateClusters defaults to true when defined statically and false
 			// when done via RDS. Re-set the reasonable value of true to prevent
 			// null-routing traffic.
-			ValidateClusters: makeBoolValue(true),
+			ValidateClusters: response.MakeBoolValue(true),
 		}
 
 		route, ok := cfgSnap.APIGateway.HTTPRoutes.Get(routeRef)
@@ -515,7 +516,7 @@ func makeHeadersValueOptions(vals map[string]string, add bool) []*envoy_core_v3.
 				Key:   k,
 				Value: v,
 			},
-			Append: makeBoolValue(add),
+			Append: response.MakeBoolValue(add),
 		}
 		opts = append(opts, o)
 	}
@@ -752,7 +753,7 @@ func (s *ResourceGenerator) makeUpstreamRouteForDiscoveryChain(
 func getRetryPolicyForDestination(destination *structs.ServiceRouteDestination) *envoy_route_v3.RetryPolicy {
 	retryPolicy := &envoy_route_v3.RetryPolicy{}
 	if destination.NumRetries > 0 {
-		retryPolicy.NumRetries = makeUint32Value(int(destination.NumRetries))
+		retryPolicy.NumRetries = response.MakeUint32Value(int(destination.NumRetries))
 	}
 
 	// The RetryOn magic values come from: https://www.envoyproxy.io/docs/envoy/v1.10.0/configuration/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on
@@ -805,7 +806,7 @@ func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *en
 		}
 	case match.HTTP.PathRegex != "":
 		em.PathSpecifier = &envoy_route_v3.RouteMatch_SafeRegex{
-			SafeRegex: makeEnvoyRegexMatch(match.HTTP.PathRegex),
+			SafeRegex: response.MakeEnvoyRegexMatch(match.HTTP.PathRegex),
 		}
 	default:
 		em.PathSpecifier = &envoy_route_v3.RouteMatch_Prefix{
@@ -827,7 +828,7 @@ func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *en
 				}
 			case hdr.Regex != "":
 				eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
-					SafeRegexMatch: makeEnvoyRegexMatch(hdr.Regex),
+					SafeRegexMatch: response.MakeEnvoyRegexMatch(hdr.Regex),
 				}
 			case hdr.Prefix != "":
 				eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PrefixMatch{
@@ -859,7 +860,7 @@ func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *en
 		eh := &envoy_route_v3.HeaderMatcher{
 			Name: ":method",
 			HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
-				SafeRegexMatch: makeEnvoyRegexMatch(methodHeaderRegex),
+				SafeRegexMatch: response.MakeEnvoyRegexMatch(methodHeaderRegex),
 			},
 		}
 
@@ -886,7 +887,7 @@ func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *en
 				eq.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{
 					StringMatch: &envoy_matcher_v3.StringMatcher{
 						MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
-							SafeRegex: makeEnvoyRegexMatch(qm.Regex),
+							SafeRegex: response.MakeEnvoyRegexMatch(qm.Regex),
 						},
 					},
 				}
@@ -967,7 +968,7 @@ func (s *ResourceGenerator) makeRouteActionForSplitter(
 		weight := int(split.Weight * 100)
 		totalWeight += weight
 		cw := &envoy_route_v3.WeightedCluster_ClusterWeight{
-			Weight: makeUint32Value(weight),
+			Weight: response.MakeUint32Value(weight),
 			Name:   clusterName,
 		}
 		if err := injectHeaderManipToWeightedCluster(split.Definition, cw); err != nil {
@@ -983,7 +984,7 @@ func (s *ResourceGenerator) makeRouteActionForSplitter(
 
 	var envoyWeightScale *wrapperspb.UInt32Value
 	if totalWeight == 10000 {
-		envoyWeightScale = makeUint32Value(10000)
+		envoyWeightScale = response.MakeUint32Value(10000)
 	}
 
 	return &envoy_route_v3.Route_Route{
diff --git a/agent/xds/routes_test.go b/agent/xds/routes_test.go
index c691114b5e3a..8b7345d88a52 100644
--- a/agent/xds/routes_test.go
+++ b/agent/xds/routes_test.go
@@ -16,6 +16,7 @@ import (
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/agent/xds/testcommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
@@ -241,7 +242,7 @@ func TestRoutesFromSnapshot(t *testing.T) {
 					sort.Slice(routes, func(i, j int) bool {
 						return routes[i].(*envoy_route_v3.RouteConfiguration).Name < routes[j].(*envoy_route_v3.RouteConfiguration).Name
 					})
-					r, err := createResponse(xdscommon.RouteType, "00000001", "00000001", routes)
+					r, err := response.CreateResponse(xdscommon.RouteType, "00000001", "00000001", routes)
 					require.NoError(t, err)
 
 					t.Run("current", func(t *testing.T) {
diff --git a/agent/xds/xds_protocol_helpers_test.go b/agent/xds/xds_protocol_helpers_test.go
index d609268a206b..bf632217d7ee 100644
--- a/agent/xds/xds_protocol_helpers_test.go
+++ b/agent/xds/xds_protocol_helpers_test.go
@@ -4,6 +4,7 @@
 package xds
 
 import (
+	"github.com/hashicorp/consul/agent/xds/response"
 	"sort"
 	"sync"
 	"testing"
@@ -228,7 +229,7 @@ func xdsNewEndpoint(ip string, port int) *envoy_endpoint_v3.LbEndpoint {
 	return &envoy_endpoint_v3.LbEndpoint{
 		HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 			Endpoint: &envoy_endpoint_v3.Endpoint{
-				Address: makeAddress(ip, port),
+				Address: response.MakeAddress(ip, port),
 			},
 		},
 	}
@@ -237,7 +238,7 @@ func xdsNewEndpoint(ip string, port int) *envoy_endpoint_v3.LbEndpoint {
 func xdsNewEndpointWithHealth(ip string, port int, health envoy_core_v3.HealthStatus, weight int) *envoy_endpoint_v3.LbEndpoint {
 	ep := xdsNewEndpoint(ip, port)
 	ep.HealthStatus = health
-	ep.LoadBalancingWeight = makeUint32Value(weight)
+	ep.LoadBalancingWeight = response.MakeUint32Value(weight)
 	return ep
 }
 
@@ -297,7 +298,7 @@ func xdsNewTransportSocket(
 	if downstream {
 		var requireClientCertPB *wrapperspb.BoolValue
 		if requireClientCert {
-			requireClientCertPB = makeBoolValue(true)
+			requireClientCertPB = response.MakeBoolValue(true)
 		}
 
 		tlsContext = &envoy_tls_v3.DownstreamTlsContext{
@@ -597,7 +598,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 		return &envoy_listener_v3.Listener{
 			// Envoy can't bind to port 1
 			Name:             "public_listener:0.0.0.0:1",
-			Address:          makeAddress("0.0.0.0", 1),
+			Address:          response.MakeAddress("0.0.0.0", 1),
 			TrafficDirection: envoy_core_v3.TrafficDirection_INBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -620,7 +621,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "tcp:public_listener":
 		return &envoy_listener_v3.Listener{
 			Name:             "public_listener:0.0.0.0:9999",
-			Address:          makeAddress("0.0.0.0", 9999),
+			Address:          response.MakeAddress("0.0.0.0", 9999),
 			TrafficDirection: envoy_core_v3.TrafficDirection_INBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -643,7 +644,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "tcp:db":
 		return &envoy_listener_v3.Listener{
 			Name:             "db:127.0.0.1:9191",
-			Address:          makeAddress("127.0.0.1", 9191),
+			Address:          response.MakeAddress("127.0.0.1", 9191),
 			TrafficDirection: envoy_core_v3.TrafficDirection_OUTBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -661,7 +662,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "http2:db":
 		return &envoy_listener_v3.Listener{
 			Name:             "db:127.0.0.1:9191",
-			Address:          makeAddress("127.0.0.1", 9191),
+			Address:          response.MakeAddress("127.0.0.1", 9191),
 			TrafficDirection: envoy_core_v3.TrafficDirection_OUTBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -689,7 +690,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "http2:db:rds":
 		return &envoy_listener_v3.Listener{
 			Name:             "db:127.0.0.1:9191",
-			Address:          makeAddress("127.0.0.1", 9191),
+			Address:          response.MakeAddress("127.0.0.1", 9191),
 			TrafficDirection: envoy_core_v3.TrafficDirection_OUTBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -720,7 +721,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "http:db:rds":
 		return &envoy_listener_v3.Listener{
 			Name:             "db:127.0.0.1:9191",
-			Address:          makeAddress("127.0.0.1", 9191),
+			Address:          response.MakeAddress("127.0.0.1", 9191),
 			TrafficDirection: envoy_core_v3.TrafficDirection_OUTBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -751,7 +752,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "tcp:geo-cache":
 		return &envoy_listener_v3.Listener{
 			Name:             "prepared_query:geo-cache:127.10.10.10:8181",
-			Address:          makeAddress("127.10.10.10", 8181),
+			Address:          response.MakeAddress("127.10.10.10", 8181),
 			TrafficDirection: envoy_core_v3.TrafficDirection_OUTBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -777,7 +778,7 @@ func makeTestRoute(t *testing.T, fixtureName string) *envoy_route_v3.RouteConfig
 	case "http2:db", "http:db":
 		return &envoy_route_v3.RouteConfiguration{
 			Name:             "db",
-			ValidateClusters: makeBoolValue(true),
+			ValidateClusters: response.MakeBoolValue(true),
 			VirtualHosts: []*envoy_route_v3.VirtualHost{
 				{
 					Name:    "db",
diff --git a/agent/xdsv2/cluster_resources.go b/agent/xdsv2/cluster_resources.go
index c162d05c8d84..4c1573d5db3d 100644
--- a/agent/xdsv2/cluster_resources.go
+++ b/agent/xdsv2/cluster_resources.go
@@ -1,6 +1,331 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package xdsv2
 
+import (
+	"errors"
+	"fmt"
+
+	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
+	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+	envoy_aggregate_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/aggregate/v3"
+	envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
+	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
+)
+
+func (pr *ProxyResources) makeXDSClusters() ([]proto.Message, error) {
+	clusters := make([]proto.Message, 0)
+
+	for clusterName := range pr.proxyState.Clusters {
+		protoCluster, err := pr.makeClusters(clusterName)
+		// TODO: aggregate errors for clusters and still return any properly formed clusters.
+		if err != nil {
+			return nil, err
+		}
+		clusters = append(clusters, protoCluster...)
+	}
+
+	return clusters, nil
+}
+
+func (pr *ProxyResources) makeClusters(name string) ([]proto.Message, error) {
+	clusters := make([]proto.Message, 0)
+	proxyStateCluster, ok := pr.proxyState.Clusters[name]
+	if !ok {
+		return nil, fmt.Errorf("cluster %q not found", name)
+	}
+
+	switch proxyStateCluster.Group.(type) {
+	case *pbproxystate.Cluster_FailoverGroup:
+		fg := proxyStateCluster.GetFailoverGroup()
+		clusters, err := pr.makeEnvoyAggregateCluster(name, proxyStateCluster.Protocol, fg)
+		if err != nil {
+			return nil, err
+		}
+		for _, c := range clusters {
+			clusters = append(clusters, c)
+		}
+
+	case *pbproxystate.Cluster_EndpointGroup:
+		eg := proxyStateCluster.GetEndpointGroup()
+		cluster, err := pr.makeEnvoyCluster(name, proxyStateCluster.Protocol, eg)
+		if err != nil {
+			return nil, err
+		}
+		clusters = append(clusters, cluster)
+
+	default:
+		return nil, errors.New("cluster group type should be Endpoint Group or Failover Group")
+	}
+	return clusters, nil
+}
+
+func (pr *ProxyResources) makeEnvoyCluster(name string, protocol string, eg *pbproxystate.EndpointGroup) (*envoy_cluster_v3.Cluster, error) {
+	if eg != nil {
+		switch t := eg.Group.(type) {
+		case *pbproxystate.EndpointGroup_Dynamic:
+			dynamic := eg.GetDynamic()
+			return pr.makeEnvoyDynamicCluster(name, protocol, dynamic)
+		case *pbproxystate.EndpointGroup_Static:
+			static := eg.GetStatic()
+			return pr.makeEnvoyStaticCluster(name, protocol, static)
+		case *pbproxystate.EndpointGroup_Dns:
+			dns := eg.GetDns()
+			return pr.makeEnvoyDnsCluster(name, protocol, dns)
+		case *pbproxystate.EndpointGroup_Passthrough:
+			passthrough := eg.GetPassthrough()
+			return pr.makeEnvoyPassthroughCluster(name, protocol, passthrough)
+		default:
+			return nil, fmt.Errorf("unsupported endpoint group type: %s", t)
+		}
+	}
+	return nil, fmt.Errorf("no endpoint group")
+}
+
+func (pr *ProxyResources) makeEnvoyDynamicCluster(name string, protocol string, dynamic *pbproxystate.DynamicEndpointGroup) (*envoy_cluster_v3.Cluster, error) {
+	cluster := &envoy_cluster_v3.Cluster{
+		Name:                 name,
+		ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_EDS},
+		EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{
+			EdsConfig: &envoy_core_v3.ConfigSource{
+				ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
+				ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{
+					Ads: &envoy_core_v3.AggregatedConfigSource{},
+				},
+			},
+		},
+	}
+	err := addHttpProtocolOptions(protocol, cluster)
+	if err != nil {
+		return nil, err
+	}
+	if dynamic.Config != nil {
+		if dynamic.Config.UseAltStatName {
+			cluster.AltStatName = name
+		}
+		cluster.ConnectTimeout = dynamic.Config.ConnectTimeout
+		if !dynamic.Config.DisablePanicThreshold {
+			cluster.CommonLbConfig = &envoy_cluster_v3.Cluster_CommonLbConfig{
+				HealthyPanicThreshold: &envoy_type_v3.Percent{
+					Value: 0, // disable panic threshold
+				},
+			}
+		}
+		addEnvoyCircuitBreakers(dynamic.Config.CircuitBreakers, cluster)
+		addEnvoyOutlierDetection(dynamic.Config.OutlierDetection, cluster)
+
+		err := addEnvoyLBToCluster(dynamic.Config, cluster)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if dynamic.OutboundTls != nil {
+		envoyTransportSocket, err := pr.makeEnvoyTransportSocket(dynamic.OutboundTls)
+		if err != nil {
+			return nil, err
+		}
+		cluster.TransportSocket = envoyTransportSocket
+	}
+
+	return cluster, nil
+
+}
+
+func (pr *ProxyResources) makeEnvoyStaticCluster(name string, protocol string, static *pbproxystate.StaticEndpointGroup) (*envoy_cluster_v3.Cluster, error) {
+	endpointList, ok := pr.proxyState.Endpoints[name]
+	if !ok || endpointList == nil {
+		return nil, fmt.Errorf("static cluster %q is missing endpoints", name)
+	}
+	cluster := &envoy_cluster_v3.Cluster{
+		Name:                 name,
+		ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STATIC},
+		LoadAssignment:       makeEnvoyClusterLoadAssignment(name, endpointList.Endpoints),
+	}
+	err := addHttpProtocolOptions(protocol, cluster)
+	if err != nil {
+		return nil, err
+	}
+
+	if static.Config != nil {
+		cluster.ConnectTimeout = static.Config.ConnectTimeout
+		addEnvoyCircuitBreakers(static.GetConfig().CircuitBreakers, cluster)
+	}
+	return cluster, nil
+}
+func (pr *ProxyResources) makeEnvoyDnsCluster(name string, protocol string, dns *pbproxystate.DNSEndpointGroup) (*envoy_cluster_v3.Cluster, error) {
+	return nil, nil
+}
+func (pr *ProxyResources) makeEnvoyPassthroughCluster(name string, protocol string, passthrough *pbproxystate.PassthroughEndpointGroup) (*envoy_cluster_v3.Cluster, error) {
+	cluster := &envoy_cluster_v3.Cluster{
+		Name:                 name,
+		ConnectTimeout:       passthrough.Config.ConnectTimeout,
+		LbPolicy:             envoy_cluster_v3.Cluster_CLUSTER_PROVIDED,
+		ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_ORIGINAL_DST},
+	}
+	if passthrough.OutboundTls != nil {
+		envoyTransportSocket, err := pr.makeEnvoyTransportSocket(passthrough.OutboundTls)
+		if err != nil {
+			return nil, err
+		}
+		cluster.TransportSocket = envoyTransportSocket
+	}
+	err := addHttpProtocolOptions(protocol, cluster)
+	if err != nil {
+		return nil, err
+	}
+	return cluster, nil
+}
+
+func (pr *ProxyResources) makeEnvoyAggregateCluster(name string, protocol string, fg *pbproxystate.FailoverGroup) ([]*envoy_cluster_v3.Cluster, error) {
+	var clusters []*envoy_cluster_v3.Cluster
+	if fg != nil {
+
+		var egNames []string
+		for _, eg := range fg.EndpointGroups {
+			cluster, err := pr.makeEnvoyCluster(name, protocol, eg)
+			if err != nil {
+				return nil, err
+			}
+			egNames = append(egNames, cluster.Name)
+			clusters = append(clusters, cluster)
+		}
+		aggregateClusterConfig, err := anypb.New(&envoy_aggregate_cluster_v3.ClusterConfig{
+			Clusters: egNames,
+		})
+
+		if err != nil {
+			return nil, err
+		}
+
+		c := &envoy_cluster_v3.Cluster{
+			Name:           name,
+			AltStatName:    name,
+			ConnectTimeout: fg.Config.ConnectTimeout,
+			LbPolicy:       envoy_cluster_v3.Cluster_CLUSTER_PROVIDED,
+			ClusterDiscoveryType: &envoy_cluster_v3.Cluster_ClusterType{
+				ClusterType: &envoy_cluster_v3.Cluster_CustomClusterType{
+					Name:        "envoy.clusters.aggregate",
+					TypedConfig: aggregateClusterConfig,
+				},
+			},
+		}
+		err = addHttpProtocolOptions(protocol, c)
+		if err != nil {
+			return nil, err
+		}
+		clusters = append(clusters, c)
+	}
+	return clusters, nil
+}
+
+func addHttpProtocolOptions(protocol string, c *envoy_cluster_v3.Cluster) error {
+	if !(protocol == "http2" || protocol == "grpc") {
+		// do not error.  returning nil means it won't get set.
+		return nil
+	}
+	cfg := &envoy_upstreams_v3.HttpProtocolOptions{
+		UpstreamProtocolOptions: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_{
+			ExplicitHttpConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig{
+				ProtocolConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{
+					Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{},
+				},
+			},
+		},
+	}
+	any, err := anypb.New(cfg)
+	if err != nil {
+		return err
+	}
+	c.TypedExtensionProtocolOptions = map[string]*anypb.Any{
+		"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": any,
+	}
+	return nil
+}
+
+// addEnvoyOutlierDetection will add outlier detection config to the cluster, and if nil, add empty OutlierDetection to
+// enable it with default values
+func addEnvoyOutlierDetection(outlierDetection *pbproxystate.OutlierDetection, c *envoy_cluster_v3.Cluster) {
+	if outlierDetection == nil {
+		return
+	}
+	od := &envoy_cluster_v3.OutlierDetection{
+		BaseEjectionTime:         outlierDetection.GetBaseEjectionTime(),
+		Consecutive_5Xx:          outlierDetection.GetConsecutive_5Xx(),
+		EnforcingConsecutive_5Xx: outlierDetection.GetEnforcingConsecutive_5Xx(),
+		Interval:                 outlierDetection.GetInterval(),
+		MaxEjectionPercent:       outlierDetection.GetMaxEjectionPercent(),
+	}
+	c.OutlierDetection = od
+
+}
+
+func addEnvoyCircuitBreakers(circuitBreakers *pbproxystate.CircuitBreakers, c *envoy_cluster_v3.Cluster) {
+	if circuitBreakers != nil {
+		if circuitBreakers.UpstreamLimits == nil {
+			c.CircuitBreakers = &envoy_cluster_v3.CircuitBreakers{}
+			return
+		}
+		threshold := &envoy_cluster_v3.CircuitBreakers_Thresholds{}
+		threshold.MaxConnections = circuitBreakers.UpstreamLimits.MaxConnections
+		threshold.MaxPendingRequests = circuitBreakers.UpstreamLimits.MaxPendingRequests
+		threshold.MaxRequests = circuitBreakers.UpstreamLimits.MaxConcurrentRequests
+
+		c.CircuitBreakers = &envoy_cluster_v3.CircuitBreakers{
+			Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{threshold},
+		}
+	}
+}
+
+func addEnvoyLBToCluster(dynamicConfig *pbproxystate.DynamicEndpointGroupConfig, c *envoy_cluster_v3.Cluster) error {
+	if dynamicConfig == nil || dynamicConfig.LbPolicy == nil {
+		return nil
+	}
+
+	switch d := dynamicConfig.LbPolicy.(type) {
+	case *pbproxystate.DynamicEndpointGroupConfig_LeastRequest:
+		c.LbPolicy = envoy_cluster_v3.Cluster_LEAST_REQUEST
+
+		lb := dynamicConfig.LbPolicy.(*pbproxystate.DynamicEndpointGroupConfig_LeastRequest)
+		if lb.LeastRequest != nil {
+			c.LbConfig = &envoy_cluster_v3.Cluster_LeastRequestLbConfig_{
+				LeastRequestLbConfig: &envoy_cluster_v3.Cluster_LeastRequestLbConfig{
+					ChoiceCount: lb.LeastRequest.ChoiceCount,
+				},
+			}
+		}
+	case *pbproxystate.DynamicEndpointGroupConfig_RoundRobin:
+		c.LbPolicy = envoy_cluster_v3.Cluster_ROUND_ROBIN
+
+	case *pbproxystate.DynamicEndpointGroupConfig_Random:
+		c.LbPolicy = envoy_cluster_v3.Cluster_RANDOM
+
+	case *pbproxystate.DynamicEndpointGroupConfig_RingHash:
+		c.LbPolicy = envoy_cluster_v3.Cluster_RING_HASH
+
+		lb := dynamicConfig.LbPolicy.(*pbproxystate.DynamicEndpointGroupConfig_RingHash)
+		if lb.RingHash != nil {
+			c.LbConfig = &envoy_cluster_v3.Cluster_RingHashLbConfig_{
+				RingHashLbConfig: &envoy_cluster_v3.Cluster_RingHashLbConfig{
+					MinimumRingSize: lb.RingHash.MinimumRingSize,
+					MaximumRingSize: lb.RingHash.MaximumRingSize,
+				},
+			}
+		}
+	case *pbproxystate.DynamicEndpointGroupConfig_Maglev:
+		c.LbPolicy = envoy_cluster_v3.Cluster_MAGLEV
+
+	default:
+		return fmt.Errorf("unsupported load balancer policy %q for cluster %q", d, c.Name)
+	}
+	return nil
+}
+
 // TODO(proxystate): In a future PR this will create clusters and add it to ProxyResources.proxyState
-func (pr *ProxyResources) makeCluster(name string) error {
+func (pr *ProxyResources) makeEnvoyClusterFromL4Destination(name string) error {
 	return nil
 }
diff --git a/agent/xdsv2/endpoint_resources.go b/agent/xdsv2/endpoint_resources.go
new file mode 100644
index 000000000000..f5fd1b9c5d09
--- /dev/null
+++ b/agent/xdsv2/endpoint_resources.go
@@ -0,0 +1,41 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package xdsv2
+
+import (
+	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
+	"github.com/hashicorp/consul/agent/xds/response"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+)
+
+func makeEnvoyEndpoint(endpoint *pbproxystate.Endpoint) *envoy_endpoint_v3.LbEndpoint {
+	var address *envoy_core_v3.Address
+	if endpoint.GetUnixSocket() != nil {
+		address = response.MakePipeAddress(endpoint.GetUnixSocket().GetPath(), 0)
+	} else {
+		address = response.MakeAddress(endpoint.GetHostPort().GetHost(), int(endpoint.GetHostPort().Port))
+	}
+	return &envoy_endpoint_v3.LbEndpoint{
+		HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
+			Endpoint: &envoy_endpoint_v3.Endpoint{
+				Address: address,
+			},
+		},
+	}
+}
+
+func makeEnvoyClusterLoadAssignment(clusterName string, endpoints []*pbproxystate.Endpoint) *envoy_endpoint_v3.ClusterLoadAssignment {
+	localityLbEndpoints := make([]*envoy_endpoint_v3.LocalityLbEndpoints, 0, len(endpoints))
+	for _, endpoint := range endpoints {
+		localityLbEndpoints = append(localityLbEndpoints, &envoy_endpoint_v3.LocalityLbEndpoints{
+			LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{makeEnvoyEndpoint(endpoint)},
+		})
+	}
+	return &envoy_endpoint_v3.ClusterLoadAssignment{
+		ClusterName: clusterName,
+		Endpoints:   localityLbEndpoints,
+	}
+
+}
diff --git a/agent/xdsv2/listener_resources.go b/agent/xdsv2/listener_resources.go
index 6d6ce7c8002e..2d3bf5d60da5 100644
--- a/agent/xdsv2/listener_resources.go
+++ b/agent/xdsv2/listener_resources.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package xdsv2
 
 import (
@@ -281,7 +284,7 @@ func (pr *ProxyResources) makeEnvoyResourcesForSNIDestination(sni *pbproxystate.
 }
 
 func (pr *ProxyResources) makeEnvoyResourcesForL4Destination(l4 *pbproxystate.Router_L4) ([]*envoy_listener_v3.Filter, error) {
-	err := pr.makeCluster(l4.L4.Name)
+	err := pr.makeEnvoyClusterFromL4Destination(l4.L4.Name)
 	if err != nil {
 		return nil, err
 	}
@@ -632,7 +635,7 @@ func (pr *ProxyResources) makeEnvoyTransportSocket(ts *pbproxystate.TransportSoc
 			// if tls is nil but connection tls is provided, then the proxy state is misconfigured
 			return nil, fmt.Errorf("proxyState.Tls is required to generate router's transport socket")
 		}
-		om := ts.ConnectionTls.(*pbproxystate.TransportSocket_OutboundMesh).OutboundMesh
+		om := ts.GetOutboundMesh()
 		leaf, ok := pr.proxyState.LeafCertificates[om.IdentityKey]
 		if !ok {
 			return nil, fmt.Errorf("leaf %s not found in proxyState", om.IdentityKey)
diff --git a/agent/xdsv2/resources.go b/agent/xdsv2/resources.go
index 6bc1df58c664..6082f7dd56b5 100644
--- a/agent/xdsv2/resources.go
+++ b/agent/xdsv2/resources.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xdsv2
 
@@ -47,7 +47,6 @@ func (g *ResourceGenerator) AllResourcesFromIR(proxyState *pbmesh.ProxyState) (m
 
 func (pr *ProxyResources) generateXDSResources() error {
 	listeners := make([]proto.Message, 0)
-	clusters := make([]proto.Message, 0)
 	routes := make([]proto.Message, 0)
 	endpoints := make([]proto.Message, 0)
 
@@ -60,6 +59,11 @@ func (pr *ProxyResources) generateXDSResources() error {
 		listeners = append(listeners, protoListener)
 	}
 
+	clusters, err := pr.makeXDSClusters()
+	if err != nil {
+		return err
+	}
+
 	pr.envoyResources[xdscommon.ListenerType] = listeners
 	pr.envoyResources[xdscommon.ClusterType] = clusters
 	pr.envoyResources[xdscommon.RouteType] = routes
diff --git a/agent/xdsv2/route_resources.go b/agent/xdsv2/route_resources.go
index 1433534e8f0a..86d82a5d306f 100644
--- a/agent/xdsv2/route_resources.go
+++ b/agent/xdsv2/route_resources.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package xdsv2
 
 import (
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
index 9cbfe4ad6943..671e25f4ca04 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
@@ -86,6 +86,10 @@ type Cluster struct {
 	Group isCluster_Group `protobuf_oneof:"group"`
 	// escape_hatch_cluster_json configures a user configured escape hatch cluster.
 	EscapeHatchClusterJson string `protobuf:"bytes,3,opt,name=escape_hatch_cluster_json,json=escapeHatchClusterJson,proto3" json:"escape_hatch_cluster_json,omitempty"`
+	// alt_stat_name is the name used for observability in place of cluster name if provided.
+	AltStatName string `protobuf:"bytes,4,opt,name=alt_stat_name,json=altStatName,proto3" json:"alt_stat_name,omitempty"`
+	// protocol is the local path protocol or the service protocol.
+	Protocol string `protobuf:"bytes,5,opt,name=protocol,proto3" json:"protocol,omitempty"`
 }
 
 func (x *Cluster) Reset() {
@@ -148,6 +152,20 @@ func (x *Cluster) GetEscapeHatchClusterJson() string {
 	return ""
 }
 
+func (x *Cluster) GetAltStatName() string {
+	if x != nil {
+		return x.AltStatName
+	}
+	return ""
+}
+
+func (x *Cluster) GetProtocol() string {
+	if x != nil {
+		return x.Protocol
+	}
+	return ""
+}
+
 type isCluster_Group interface {
 	isCluster_Group()
 }
@@ -1679,7 +1697,7 @@ var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDesc = []byte{
 	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
 	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x74, 0x72, 0x61,
 	0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x22, 0x97, 0x02, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12,
+	0x6f, 0x74, 0x6f, 0x22, 0xd7, 0x02, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12,
 	0x63, 0x0a, 0x0e, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x67, 0x72, 0x6f, 0x75,
 	0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
 	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
@@ -1696,7 +1714,11 @@ var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDesc = []byte{
 	0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65,
 	0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x65, 0x73,
 	0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
-	0x4a, 0x73, 0x6f, 0x6e, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xce, 0x01,
+	0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0d, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x6c, 0x74,
+	0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xce, 0x01,
 	0x0a, 0x0d, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12,
 	0x63, 0x0a, 0x0f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75,
 	0x70, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
index 9b4194d981f0..860ebf2a5cbf 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
@@ -18,6 +18,10 @@ message Cluster {
   }
   // escape_hatch_cluster_json configures a user configured escape hatch cluster.
   string escape_hatch_cluster_json = 3;
+  // alt_stat_name is the name used for observability in place of cluster name if provided.
+  string alt_stat_name = 4;
+  // protocol is the local path protocol or the service protocol.
+  string protocol = 5;
 }
 
 message FailoverGroup {
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
index 9801e29c3c70..59317396be4a 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
@@ -231,6 +231,8 @@ type TransportSocket struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
+	// name of the transport socket
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// Types that are assignable to ConnectionTls:
 	//
 	//	*TransportSocket_InboundMesh
@@ -239,8 +241,8 @@ type TransportSocket struct {
 	//	*TransportSocket_OutboundNonMesh
 	ConnectionTls isTransportSocket_ConnectionTls `protobuf_oneof:"connection_tls"`
 	// tls_parameters can override any top level tls parameters that are configured.
-	TlsParameters *TLSParameters `protobuf:"bytes,5,opt,name=tls_parameters,json=tlsParameters,proto3" json:"tls_parameters,omitempty"`
-	AlpnProtocols []string       `protobuf:"bytes,6,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"`
+	TlsParameters *TLSParameters `protobuf:"bytes,6,opt,name=tls_parameters,json=tlsParameters,proto3" json:"tls_parameters,omitempty"`
+	AlpnProtocols []string       `protobuf:"bytes,7,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"`
 }
 
 func (x *TransportSocket) Reset() {
@@ -275,6 +277,13 @@ func (*TransportSocket) Descriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{1}
 }
 
+func (x *TransportSocket) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
 func (m *TransportSocket) GetConnectionTls() isTransportSocket_ConnectionTls {
 	if m != nil {
 		return m.ConnectionTls
@@ -330,22 +339,22 @@ type isTransportSocket_ConnectionTls interface {
 
 type TransportSocket_InboundMesh struct {
 	// inbound_mesh is for incoming connections FROM the mesh.
-	InboundMesh *InboundMeshMTLS `protobuf:"bytes,1,opt,name=inbound_mesh,json=inboundMesh,proto3,oneof"`
+	InboundMesh *InboundMeshMTLS `protobuf:"bytes,2,opt,name=inbound_mesh,json=inboundMesh,proto3,oneof"`
 }
 
 type TransportSocket_OutboundMesh struct {
 	// outbound_mesh is for outbound connections TO mesh destinations.
-	OutboundMesh *OutboundMeshMTLS `protobuf:"bytes,2,opt,name=outbound_mesh,json=outboundMesh,proto3,oneof"`
+	OutboundMesh *OutboundMeshMTLS `protobuf:"bytes,3,opt,name=outbound_mesh,json=outboundMesh,proto3,oneof"`
 }
 
 type TransportSocket_InboundNonMesh struct {
 	// inbound_non_mesh is for incoming connections FROM non mesh.
-	InboundNonMesh *InboundNonMeshTLS `protobuf:"bytes,3,opt,name=inbound_non_mesh,json=inboundNonMesh,proto3,oneof"`
+	InboundNonMesh *InboundNonMeshTLS `protobuf:"bytes,4,opt,name=inbound_non_mesh,json=inboundNonMesh,proto3,oneof"`
 }
 
 type TransportSocket_OutboundNonMesh struct {
 	// outbound_non_mesh is for outbound connections TO non mesh destinations.
-	OutboundNonMesh *OutboundNonMeshTLS `protobuf:"bytes,4,opt,name=outbound_non_mesh,json=outboundNonMesh,proto3,oneof"`
+	OutboundNonMesh *OutboundNonMeshTLS `protobuf:"bytes,5,opt,name=outbound_non_mesh,json=outboundNonMesh,proto3,oneof"`
 }
 
 func (*TransportSocket_InboundMesh) isTransportSocket_ConnectionTls() {}
@@ -1038,213 +1047,214 @@ var file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDesc = []byte{
 	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x50,
 	0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f,
 	0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73,
-	0x22, 0xd1, 0x04, 0x0a, 0x0f, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f,
-	0x63, 0x6b, 0x65, 0x74, 0x12, 0x61, 0x0a, 0x0c, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f,
-	0x6d, 0x65, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64,
-	0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0b, 0x69, 0x6e, 0x62, 0x6f,
-	0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x64, 0x0a, 0x0d, 0x6f, 0x75, 0x74, 0x62, 0x6f,
-	0x75, 0x6e, 0x64, 0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d,
+	0x22, 0xe5, 0x04, 0x0a, 0x0f, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f,
+	0x63, 0x6b, 0x65, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x61, 0x0a, 0x0c, 0x69, 0x6e, 0x62, 0x6f,
+	0x75, 0x6e, 0x64, 0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c,
 	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
 	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52,
-	0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x6a, 0x0a,
-	0x10, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x73,
-	0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e,
-	0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0e, 0x69, 0x6e, 0x62, 0x6f, 0x75,
-	0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x6d, 0x0a, 0x11, 0x6f, 0x75, 0x74,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x49, 0x6e, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0b,
+	0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x64, 0x0a, 0x0d, 0x6f,
+	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c,
+	0x53, 0x48, 0x00, 0x52, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73,
+	0x68, 0x12, 0x6a, 0x0a, 0x10, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e,
+	0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e,
+	0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0e, 0x69,
+	0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x6d, 0x0a,
+	0x11, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x5f, 0x6d, 0x65,
+	0x73, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e,
+	0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0f, 0x6f, 0x75, 0x74,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x61, 0x0a, 0x0e,
+	0x74, 0x6c, 0x73, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
 	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
 	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65,
-	0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0f, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e,
-	0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x61, 0x0a, 0x0e, 0x74, 0x6c, 0x73, 0x5f,
-	0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54,
-	0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x0d, 0x74, 0x6c,
-	0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x61,
-	0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x06, 0x20,
-	0x03, 0x28, 0x09, 0x52, 0x0d, 0x61, 0x6c, 0x70, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
-	0x6c, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x5f, 0x74, 0x6c, 0x73, 0x22, 0xae, 0x01, 0x0a, 0x0f, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64,
-	0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x64, 0x65, 0x6e,
-	0x74, 0x69, 0x74, 0x79, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
-	0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x78, 0x0a, 0x12, 0x76,
-	0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78,
-	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e,
-	0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65,
-	0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
-	0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0xc2, 0x01, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75,
-	0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x64,
-	0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x79, 0x0a,
+	0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73,
+	0x52, 0x0d, 0x74, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12,
+	0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
+	0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x61, 0x6c, 0x70, 0x6e, 0x50, 0x72, 0x6f,
+	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x22, 0xae, 0x01, 0x0a, 0x0f, 0x49, 0x6e, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x12, 0x21, 0x0a, 0x0c,
+	0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x4b, 0x65, 0x79, 0x12,
+	0x78, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f,
+	0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x49, 0x6e,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43,
+	0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0xc2, 0x01, 0x0a, 0x10, 0x4f, 0x75,
+	0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x12, 0x21,
+	0x0a, 0x0c, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x4b, 0x65,
+	0x79, 0x12, 0x79, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
+	0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68,
+	0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x10, 0x0a, 0x03,
+	0x73, 0x6e, 0x69, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x22, 0x8d,
+	0x01, 0x0a, 0x11, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73,
+	0x68, 0x54, 0x4c, 0x53, 0x12, 0x1b, 0x0a, 0x08, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x6b, 0x65, 0x79,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x07, 0x6c, 0x65, 0x61, 0x66, 0x4b, 0x65,
+	0x79, 0x12, 0x4f, 0x0a, 0x03, 0x73, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x44, 0x53,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x03, 0x73,
+	0x64, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0xca,
+	0x01, 0x0a, 0x12, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65,
+	0x73, 0x68, 0x54, 0x4c, 0x53, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69,
+	0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x65, 0x72, 0x74, 0x46, 0x69,
+	0x6c, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x7c, 0x0a,
 	0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74,
-	0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4d, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
 	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x62,
-	0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
-	0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x22, 0x8d, 0x01, 0x0a, 0x11, 0x49,
-	0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53,
-	0x12, 0x1b, 0x0a, 0x08, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x48, 0x00, 0x52, 0x07, 0x6c, 0x65, 0x61, 0x66, 0x4b, 0x65, 0x79, 0x12, 0x4f, 0x0a,
-	0x03, 0x73, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x44, 0x53, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x03, 0x73, 0x64, 0x73, 0x42, 0x0a,
-	0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0xca, 0x01, 0x0a, 0x12, 0x4f,
-	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c,
-	0x53, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x65, 0x72, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x19,
-	0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x07, 0x6b, 0x65, 0x79, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x7c, 0x0a, 0x12, 0x76, 0x61, 0x6c,
-	0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0x2e, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x62, 0x6f,
-	0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e,
-	0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x5c, 0x0a, 0x1c, 0x4d, 0x65, 0x73, 0x68, 0x49,
-	0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3c, 0x0a, 0x1b, 0x74, 0x72, 0x75, 0x73, 0x74,
-	0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x74, 0x72,
-	0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d,
-	0x65, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x7a, 0x0a, 0x1d, 0x4d, 0x65, 0x73, 0x68, 0x4f, 0x75, 0x74,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43,
-	0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3a, 0x0a, 0x1a, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f,
-	0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
-	0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x74, 0x72, 0x75, 0x73,
-	0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x4b,
-	0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x73,
-	0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64,
-	0x73, 0x22, 0x3b, 0x0a, 0x20, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x62,
-	0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
-	0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x5f, 0x66, 0x69, 0x6c, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x63, 0x61, 0x46, 0x69, 0x6c, 0x65, 0x22, 0x58,
-	0x0a, 0x0e, 0x53, 0x44, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4e,
-	0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x72, 0x65, 0x73, 0x6f,
-	0x75, 0x72, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x65, 0x72, 0x74,
-	0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0xa5, 0x02, 0x0a, 0x0d, 0x54, 0x4c, 0x53,
-	0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x58, 0x0a, 0x0b, 0x6d, 0x69,
-	0x6e, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32,
-	0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c,
-	0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x6d, 0x69, 0x6e, 0x56, 0x65, 0x72,
-	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x58, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f, 0x76, 0x65, 0x72, 0x73,
-	0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x4f,
+	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x5c, 0x0a, 0x1c, 0x4d,
+	0x65, 0x73, 0x68, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3c, 0x0a, 0x1b, 0x74,
+	0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09,
+	0x52, 0x17, 0x74, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65,
+	0x72, 0x4e, 0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x7a, 0x0a, 0x1d, 0x4d, 0x65, 0x73,
+	0x68, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3a, 0x0a, 0x1a, 0x74, 0x72,
+	0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16,
+	0x74, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65, 0x72, 0x4e,
+	0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65,
+	0x5f, 0x69, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x70, 0x69, 0x66,
+	0x66, 0x65, 0x49, 0x64, 0x73, 0x22, 0x3b, 0x0a, 0x20, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68,
+	0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x5f,
+	0x66, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x63, 0x61, 0x46, 0x69,
+	0x6c, 0x65, 0x22, 0x58, 0x0a, 0x0e, 0x53, 0x44, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6c, 0x75, 0x73,
+	0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x65, 0x72, 0x74, 0x5f,
+	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c,
+	0x63, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0xa5, 0x02, 0x0a,
+	0x0d, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x58,
+	0x0a, 0x0b, 0x6d, 0x69, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x6d, 0x69,
+	0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x58, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f,
+	0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x37, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x56,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x12, 0x60, 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69,
+	0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
 	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69,
-	0x6f, 0x6e, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x60,
-	0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18,
-	0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69,
-	0x74, 0x65, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73,
-	0x22, 0x37, 0x0a, 0x0f, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x22, 0x46, 0x0a, 0x0b, 0x54, 0x72, 0x75,
-	0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x72, 0x75, 0x73,
-	0x74, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x72,
-	0x6f, 0x6f, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x72, 0x6f, 0x6f, 0x74,
-	0x73, 0x2a, 0xac, 0x01, 0x0a, 0x0a, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
-	0x12, 0x14, 0x0a, 0x10, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f,
-	0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45,
-	0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x54,
-	0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x31, 0x10, 0x02,
-	0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f,
-	0x31, 0x5f, 0x32, 0x10, 0x03, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52,
-	0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x4c,
-	0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49,
-	0x44, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49,
-	0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x06,
-	0x2a, 0x84, 0x05, 0x0a, 0x0e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75,
-	0x69, 0x74, 0x65, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
-	0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43,
-	0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53,
-	0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x00, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43,
+	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68, 0x65,
+	0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75,
+	0x69, 0x74, 0x65, 0x73, 0x22, 0x37, 0x0a, 0x0f, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6b,
+	0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x22, 0x46, 0x0a,
+	0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x21, 0x0a, 0x0c,
+	0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12,
+	0x14, 0x0a, 0x05, 0x72, 0x6f, 0x6f, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05,
+	0x72, 0x6f, 0x6f, 0x74, 0x73, 0x2a, 0xac, 0x01, 0x0a, 0x0a, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53,
+	0x49, 0x4f, 0x4e, 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c,
+	0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12,
+	0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31,
+	0x5f, 0x31, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53,
+	0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x32, 0x10, 0x03, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53,
+	0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x12, 0x17,
+	0x0a, 0x13, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x49, 0x4e,
+	0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x54, 0x4c, 0x53, 0x5f, 0x56,
+	0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x10, 0x06, 0x2a, 0x84, 0x05, 0x0a, 0x0e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68,
+	0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43,
 	0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48,
-	0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30,
-	0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x10, 0x01, 0x12, 0x30, 0x0a, 0x2c, 0x54,
+	0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x47,
+	0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x00, 0x12, 0x32, 0x0a, 0x2e, 0x54,
 	0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f,
-	0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38,
-	0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x02, 0x12, 0x30, 0x0a,
-	0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54,
-	0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x43, 0x48, 0x41, 0x43,
-	0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x10, 0x03, 0x12,
-	0x2b, 0x0a, 0x27, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55,
-	0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f,
-	0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x04, 0x12, 0x29, 0x0a, 0x25,
-	0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45,
-	0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32,
-	0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x05, 0x12, 0x26, 0x0a, 0x22, 0x54, 0x4c, 0x53, 0x5f, 0x43,
-	0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x31,
-	0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x06, 0x12,
-	0x1f, 0x0a, 0x1b, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55,
-	0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x07,
-	0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53,
-	0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41,
-	0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33,
-	0x38, 0x34, 0x10, 0x08, 0x12, 0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48,
-	0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52,
-	0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48,
-	0x41, 0x33, 0x38, 0x34, 0x10, 0x09, 0x12, 0x2b, 0x0a, 0x27, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49,
-	0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45,
-	0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48,
-	0x41, 0x10, 0x0a, 0x12, 0x29, 0x0a, 0x25, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
-	0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53,
-	0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0b, 0x12, 0x26,
-	0x0a, 0x22, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49,
-	0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48,
-	0x41, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49,
-	0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35,
-	0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0d, 0x42, 0xe0, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x14, 0x54, 0x72, 0x61,
-	0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x74,
-	0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62,
-	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d,
-	0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02,
-	0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c,
-	0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42,
-	0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65,
-	0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x33,
+	0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x43, 0x48, 0x41, 0x43,
+	0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x10, 0x01, 0x12,
+	0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55,
+	0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45,
+	0x53, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10,
+	0x02, 0x12, 0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f,
+	0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f,
+	0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30,
+	0x35, 0x10, 0x03, 0x12, 0x2b, 0x0a, 0x27, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
+	0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43,
+	0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x04,
+	0x12, 0x29, 0x0a, 0x25, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53,
+	0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41,
+	0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x05, 0x12, 0x26, 0x0a, 0x22, 0x54,
+	0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f,
+	0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35,
+	0x36, 0x10, 0x06, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
+	0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53,
+	0x48, 0x41, 0x10, 0x07, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48,
+	0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45,
+	0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f,
+	0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x08, 0x12, 0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f,
+	0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44,
+	0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43,
+	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x09, 0x12, 0x2b, 0x0a, 0x27, 0x54, 0x4c,
+	0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45,
+	0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35,
+	0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0a, 0x12, 0x29, 0x0a, 0x25, 0x54, 0x4c, 0x53, 0x5f, 0x43,
+	0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48,
+	0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41,
+	0x10, 0x0b, 0x12, 0x26, 0x0a, 0x22, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52,
+	0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43,
+	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x4c,
+	0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41,
+	0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0d, 0x42, 0xe0, 0x02, 0x0a, 0x2f,
+	0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42,
+	0x14, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69,
+	0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02,
+	0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
index 4e53326183f9..d5173f59a5e8 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
@@ -14,19 +14,21 @@ message TLS {
 }
 
 message TransportSocket {
+  // name of the transport socket
+  string name = 1;
   oneof connection_tls {
     // inbound_mesh is for incoming connections FROM the mesh.
-    InboundMeshMTLS inbound_mesh = 1;
+    InboundMeshMTLS inbound_mesh = 2;
     // outbound_mesh is for outbound connections TO mesh destinations.
-    OutboundMeshMTLS outbound_mesh = 2;
+    OutboundMeshMTLS outbound_mesh = 3;
     // inbound_non_mesh is for incoming connections FROM non mesh.
-    InboundNonMeshTLS inbound_non_mesh = 3;
+    InboundNonMeshTLS inbound_non_mesh = 4;
     // outbound_non_mesh is for outbound connections TO non mesh destinations.
-    OutboundNonMeshTLS outbound_non_mesh = 4;
+    OutboundNonMeshTLS outbound_non_mesh = 5;
   }
   // tls_parameters can override any top level tls parameters that are configured.
-  TLSParameters tls_parameters = 5;
-  repeated string alpn_protocols = 6;
+  TLSParameters tls_parameters = 6;
+  repeated string alpn_protocols = 7;
 }
 
 message InboundMeshMTLS {

From c533a51ec36d8039ecec06a251c494bcd335db67 Mon Sep 17 00:00:00 2001
From: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Date: Thu, 17 Aug 2023 12:52:42 -0700
Subject: [PATCH 295/359] Fix HCL (#18513)

* Fix HCL

* Update create-sameness-groups.mdx
---
 .../usage/create-sameness-groups.mdx          | 68 ++++++++++---------
 1 file changed, 37 insertions(+), 31 deletions(-)

diff --git a/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx b/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx
index 4cc584b443c3..1afae3a9c94f 100644
--- a/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx
+++ b/website/content/docs/connect/cluster-peering/usage/create-sameness-groups.mdx
@@ -224,53 +224,59 @@ The following example demonstrates how to format three different `service-intent
 
 <CodeTabs tabs={[ "dc1-partition-1", "dc1-partition-2", "dc2-partition-1" ]}>
 
-<CodeBlockConfig hideClipboard lineNumbers highlight="3-4,6-9">
+<CodeBlockConfig hideClipboard lineNumbers highlight="3-4,6-11">
 
 
 ```hcl
-Kind = "service-intentions"
-Name = "api"
-Namespace= "store"
-Partition="partition-1"
-Sources = [
-  Name = "api"
-  Action = "allow"
-  Namespace = "store"
-  SamenessGroup = "sameness-group-a"
+Kind      = "service-intentions"
+Name      = "api"
+Namespace = "store"
+Partition = "partition-1"
+Sources   = [
+  {
+    Name          = "api"
+    Action        = "allow"
+    Namespace     = "store"
+    SamenessGroup = "sameness-group-a"
+  }
 ]
 ```
 
 </CodeBlockConfig>
 
-<CodeBlockConfig hideClipboard lineNumbers highlight="3-4,6-9">
+<CodeBlockConfig hideClipboard lineNumbers highlight="3-4,6-11">
 
 ```hcl
-Kind = "service-intentions"
-Name = "api"
-Namespace= "store"
-Partition= "partition-2"
-Sources = [
-  Name = "api"
-  Action = "allow"
-  Namespace = "store"
-  SamenessGroup = "sameness-group-a"
+Kind      = "service-intentions"
+Name      = "api"
+Namespace = "store"
+Partition = "partition-2"
+Sources   = [
+  {
+    Name          = "api"
+    Action        = "allow"
+    Namespace     = "store"
+    SamenessGroup = "sameness-group-a"
+  }
 ]
 ```
 
 </CodeBlockConfig>
 
-<CodeBlockConfig hideClipboard lineNumbers highlight="3-4,6-9">
+<CodeBlockConfig hideClipboard lineNumbers highlight="3-4,6-11">
 
 ```hcl
-Kind = "service-intentions"
-Name = "api"
-Namespace= "store"
-Partition= "partition-1"
-Sources = [
-  Name = "api"
-  Action = "allow"
-  Namespace = "store"
-  SamenessGroup = "sameness-group-a"
+Kind      = "service-intentions"
+Name      = "api"
+Namespace = "store"
+Partition = "partition-1"
+Sources   = [
+  {
+    Name          = "api"
+    Action        = "allow"
+    Namespace     = "store"
+    SamenessGroup = "sameness-group-a"
+  }
 ]
 ```
 
@@ -298,4 +304,4 @@ After creating a sameness group, you can use them with static Consul DNS lookups
 
 - [Static Consul DNS lookups](/consul/docs/services/discovery/dns-static-lookups)
 - [Dynamic Consul DNS lookups](/consul/docs/services/discovery/dns-dynamic-lookups)
-- [Failover overview](/consul/docs/connect/failover)
\ No newline at end of file
+- [Failover overview](/consul/docs/connect/failover)

From 92cfb4a07ef4e03533f7d71bf3c8a4260cb7a9af Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Thu, 17 Aug 2023 13:55:54 -0600
Subject: [PATCH 296/359] NET-4932 - xds v2 - implement base connect proxy
 functionality for endpoints (#18500)

* NET-4853 - xds v2 - implement base connect proxy functionality for clusters

* NET-4853 - xds v2 - implement base connect proxy functionality for clusters

* NET-4932 - xds v2 - implement base connect proxy functionality for endpoints

* Update endpoints_test.go

* gofmt

* Update naming.go
---
 agent/xds/clusters_test.go                    |   3 +-
 agent/xds/endpoints_test.go                   | 128 +++-
 agent/xds/proxystateconverter/clusters.go     |   5 +-
 agent/xds/proxystateconverter/converter.go    |  16 +-
 agent/xds/proxystateconverter/endpoints.go    | 586 ++++++++++++++++++
 .../proxystateconverter/locality_policy.go    |  21 +
 .../locality_policy_oss.go                    |  15 +
 agent/xdsv2/endpoint_resources.go             |  45 +-
 agent/xdsv2/resources.go                      |  14 +-
 9 files changed, 800 insertions(+), 33 deletions(-)
 create mode 100644 agent/xds/proxystateconverter/locality_policy.go
 create mode 100644 agent/xds/proxystateconverter/locality_policy_oss.go

diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
index 2651d77c2844..0c7cc323cc56 100644
--- a/agent/xds/clusters_test.go
+++ b/agent/xds/clusters_test.go
@@ -5,6 +5,7 @@ package xds
 
 import (
 	"bytes"
+	"github.com/hashicorp/consul/types"
 	"path/filepath"
 	"sort"
 	"testing"
@@ -26,7 +27,6 @@ import (
 	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
-	"github.com/hashicorp/consul/types"
 )
 
 type mockCfgFetcher struct {
@@ -1138,6 +1138,7 @@ func TestClustersFromSnapshot(t *testing.T) {
 						require.NoError(t, err)
 
 						clusters = res[xdscommon.ClusterType]
+
 						// The order of clusters returned via CDS isn't relevant, so it's safe
 						// to sort these for the purposes of test comparisons.
 						sort.Slice(clusters, func(i, j int) bool {
diff --git a/agent/xds/endpoints_test.go b/agent/xds/endpoints_test.go
index 3156685934d5..1be4f1fc8884 100644
--- a/agent/xds/endpoints_test.go
+++ b/agent/xds/endpoints_test.go
@@ -8,22 +8,21 @@ import (
 	"sort"
 	"testing"
 
-	"github.com/hashicorp/go-hclog"
-
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
-
-	"github.com/hashicorp/consul/agent/xds/testcommon"
-
-	"github.com/mitchellh/copystructure"
-	testinf "github.com/mitchellh/go-testing-interface"
-	"github.com/stretchr/testify/require"
-
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+
+	"github.com/hashicorp/consul/agent/xds/proxystateconverter"
 	"github.com/hashicorp/consul/agent/xds/response"
+	"github.com/hashicorp/consul/agent/xds/testcommon"
+	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/go-hclog"
+	"github.com/mitchellh/copystructure"
+	testinf "github.com/mitchellh/go-testing-interface"
+	"github.com/stretchr/testify/require"
 )
 
 func Test_makeLoadAssignment(t *testing.T) {
@@ -244,6 +243,7 @@ type endpointTestCase struct {
 	name               string
 	create             func(t testinf.T) *proxycfg.ConfigSnapshot
 	overrideGoldenName string
+	alsoRunTestForV2   bool
 }
 
 func makeEndpointDiscoChainTests(enterprise bool) []endpointTestCase {
@@ -253,72 +253,85 @@ func makeEndpointDiscoChainTests(enterprise bool) []endpointTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-external-sni",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-overrides",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-chain-and-failover",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway-triggered", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway-triggered", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway-triggered", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway-triggered", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-default-chain-and-custom-cluster",
@@ -330,12 +343,16 @@ func makeEndpointDiscoChainTests(enterprise bool) []endpointTestCase {
 						})
 				}, nil)
 			},
+			// TODO(proxystate): requires custom cluster work
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "splitter-with-resolver-redirect",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
 			},
+			// TODO(proxystate): requires routes work
+			alsoRunTestForV2: false,
 		},
 	}
 }
@@ -354,48 +371,64 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "default", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-using-federation-states",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-newer-information-in-federation-states",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "newer-info-in-federation-states", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-using-federation-control-plane",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-older-information-in-federation-states",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "older-info-in-federation-states", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-no-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-service-subsets",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "service-subsets2", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-default-service-subset",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "default-service-subsets2", nil, nil)
 			},
+			// TODO(proxystate): mesh gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway",
@@ -403,12 +436,16 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"default", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-nil-config-entry",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-no-services",
@@ -416,6 +453,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp",
 					"default", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain",
@@ -423,6 +462,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"simple", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-external-sni",
@@ -430,6 +471,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"external-sni", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-failover",
@@ -437,6 +480,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-failover-to-cluster-peer",
@@ -444,6 +489,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-to-cluster-peer", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-remote-gateway",
@@ -451,6 +498,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-remote-gateway", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-remote-gateway-triggered",
@@ -458,6 +507,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-remote-gateway-triggered", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-remote-gateway",
@@ -465,6 +516,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-remote-gateway", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered",
@@ -472,6 +525,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-remote-gateway-triggered", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-local-gateway",
@@ -479,6 +534,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-local-gateway", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-local-gateway-triggered",
@@ -486,6 +543,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-local-gateway-triggered", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-local-gateway",
@@ -493,6 +552,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-local-gateway", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-local-gateway-triggered",
@@ -500,6 +561,8 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-local-gateway-triggered", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-splitter-with-resolver-redirect",
@@ -507,30 +570,42 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"splitter-with-resolver-redirect-multidc", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "terminating-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, nil)
 			},
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "terminating-gateway-no-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotTerminatingGateway(t, false, nil, nil)
 			},
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-service-subsets",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayServiceSubsets,
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-default-service-subset",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayDefaultServiceSubset,
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "ingress-multiple-listeners-duplicate-service",
 			create: proxycfg.TestConfigSnapshotIngress_MultipleListenersDuplicateService,
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 	}
 
@@ -564,7 +639,7 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 					r, err := response.CreateResponse(xdscommon.EndpointType, "00000001", "00000001", endpoints)
 					require.NoError(t, err)
 
-					t.Run("current", func(t *testing.T) {
+					t.Run("current-xdsv1", func(t *testing.T) {
 						gotJSON := protoToJSON(t, r)
 
 						gName := tt.name
@@ -574,6 +649,39 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 
 						require.JSONEq(t, goldenEnvoy(t, filepath.Join("endpoints", gName), envoyVersion, latestEnvoyVersion, gotJSON), gotJSON)
 					})
+
+					if tt.alsoRunTestForV2 {
+						generator := xdsv2.NewResourceGenerator(testutil.Logger(t))
+
+						converter := proxystateconverter.NewConverter(testutil.Logger(t), &mockCfgFetcher{addressLan: "10.10.10.10"})
+						proxyState, err := converter.ProxyStateFromSnapshot(snap)
+						require.NoError(t, err)
+
+						res, err := generator.AllResourcesFromIR(proxyState)
+						require.NoError(t, err)
+
+						endpoints = res[xdscommon.EndpointType]
+						// The order of listeners returned via LDS isn't relevant, so it's safe
+						// to sort these for the purposes of test comparisons.
+						sort.Slice(endpoints, func(i, j int) bool {
+							return endpoints[i].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName < endpoints[j].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName
+						})
+
+						r, err := response.CreateResponse(xdscommon.EndpointType, "00000001", "00000001", endpoints)
+						require.NoError(t, err)
+
+						t.Run("current-xdsv2", func(t *testing.T) {
+							gotJSON := protoToJSON(t, r)
+
+							gName := tt.name
+							if tt.overrideGoldenName != "" {
+								gName = tt.overrideGoldenName
+							}
+
+							expectedJSON := goldenEnvoy(t, filepath.Join("endpoints", gName), envoyVersion, latestEnvoyVersion, gotJSON)
+							require.JSONEq(t, expectedJSON, gotJSON)
+						})
+					}
 				})
 			}
 		})
diff --git a/agent/xds/proxystateconverter/clusters.go b/agent/xds/proxystateconverter/clusters.go
index 2a43d6eb049c..2e640b15121d 100644
--- a/agent/xds/proxystateconverter/clusters.go
+++ b/agent/xds/proxystateconverter/clusters.go
@@ -6,7 +6,6 @@ package proxystateconverter
 import (
 	"errors"
 	"fmt"
-	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-uuid"
 	"strings"
@@ -455,6 +454,7 @@ func (s *Converter) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, name, pathP
 			},
 		},
 	}
+
 	protocol := pathProtocol
 	if protocol == "" {
 		protocol = cfg.Protocol
@@ -740,6 +740,7 @@ func (s *Converter) createOutboundMeshMTLS(cfgSnap *proxycfg.ConfigSnapshot, spi
 	if err != nil {
 		return nil, err
 	}
+
 	// Create the transport socket
 	ts := &pbproxystate.TransportSocket{}
 
@@ -1020,7 +1021,7 @@ func configureClusterWithHostnames(
 		dnsEndpointGroup.Config.DiscoveryType = pbproxystate.DiscoveryType_DISCOVERY_TYPE_STRICT
 	}
 
-	endpoints := make([]*envoy_endpoint_v3.LbEndpoint, 0, 1)
+	endpoints := make([]*pbproxystate.Endpoint, 0, 1)
 	uniqueHostnames := make(map[string]bool)
 
 	var (
diff --git a/agent/xds/proxystateconverter/converter.go b/agent/xds/proxystateconverter/converter.go
index 061a59d6e93e..f4e9e26f0f5e 100644
--- a/agent/xds/proxystateconverter/converter.go
+++ b/agent/xds/proxystateconverter/converter.go
@@ -57,9 +57,19 @@ func (g *Converter) resourcesFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) erro
 	if err != nil {
 		return err
 	}
-	//g.routesFromSnapshot(cfgSnap)
-	g.clustersFromSnapshot(cfgSnap)
-	//g.endpointsFromSnapshot(cfgSnap)
+
+	err = g.endpointsFromSnapshot(cfgSnap)
+	if err != nil {
+		return err
+	}
+	err = g.clustersFromSnapshot(cfgSnap)
+	if err != nil {
+		return err
+	}
+	//err = g.routesFromSnapshot(cfgSnap)
+	//if err != nil {
+	//	return err
+	//}
 	//g.secretsFromSnapshot(cfgSnap)
 	return nil
 }
diff --git a/agent/xds/proxystateconverter/endpoints.go b/agent/xds/proxystateconverter/endpoints.go
index 5a5dc3708098..28156a9b034f 100644
--- a/agent/xds/proxystateconverter/endpoints.go
+++ b/agent/xds/proxystateconverter/endpoints.go
@@ -4,9 +4,17 @@
 package proxystateconverter
 
 import (
+	"errors"
+	"fmt"
+
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+	"github.com/hashicorp/go-bexpr"
+
 	"google.golang.org/protobuf/types/known/wrapperspb"
 )
 
@@ -24,6 +32,273 @@ func makeLbEndpoint(addr string, port int, health pbproxystate.HealthStatus, wei
 	return ep
 }
 
+// endpointsFromSnapshot returns the mesh API representation of the "routes" in the snapshot.
+func (s *Converter) endpointsFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
+
+	if cfgSnap == nil {
+		return errors.New("nil config given")
+	}
+
+	switch cfgSnap.Kind {
+	case structs.ServiceKindConnectProxy:
+		return s.endpointsFromSnapshotConnectProxy(cfgSnap)
+	//case structs.ServiceKindTerminatingGateway:
+	//	return s.endpointsFromSnapshotTerminatingGateway(cfgSnap)
+	//case structs.ServiceKindMeshGateway:
+	//	return s.endpointsFromSnapshotMeshGateway(cfgSnap)
+	//case structs.ServiceKindIngressGateway:
+	//	return s.endpointsFromSnapshotIngressGateway(cfgSnap)
+	//case structs.ServiceKindAPIGateway:
+	//	return s.endpointsFromSnapshotAPIGateway(cfgSnap)
+	default:
+		return fmt.Errorf("Invalid service kind: %v", cfgSnap.Kind)
+	}
+}
+
+// endpointsFromSnapshotConnectProxy returns the xDS API representation of the "endpoints"
+// (upstream instances) in the snapshot.
+func (s *Converter) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) error {
+	eps := make(map[string]*pbproxystate.Endpoints)
+
+	// NOTE: Any time we skip a chain below we MUST also skip that discovery chain in clusters.go
+	// so that the sets of endpoints generated matches the sets of clusters.
+	for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
+		upstream, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
+		if skip {
+			// Discovery chain is not associated with a known explicit or implicit upstream so it is skipped.
+			continue
+		}
+
+		var upstreamConfigMap map[string]interface{}
+		if upstream != nil {
+			upstreamConfigMap = upstream.Config
+		}
+
+		es, err := s.endpointsFromDiscoveryChain(
+			uid,
+			chain,
+			cfgSnap,
+			cfgSnap.Locality,
+			upstreamConfigMap,
+			cfgSnap.ConnectProxy.WatchedUpstreamEndpoints[uid],
+			cfgSnap.ConnectProxy.WatchedGatewayEndpoints[uid],
+			false,
+		)
+		if err != nil {
+			return err
+		}
+
+		for clusterName, endpoints := range es {
+			eps[clusterName] = &pbproxystate.Endpoints{
+				Endpoints: endpoints,
+			}
+
+		}
+	}
+
+	// NOTE: Any time we skip an upstream below we MUST also skip that same
+	// upstream in clusters.go so that the sets of endpoints generated matches
+	// the sets of clusters.
+	for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() {
+		upstream, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
+		if skip {
+			// Discovery chain is not associated with a known explicit or implicit upstream so it is skipped.
+			continue
+		}
+
+		tbs, ok := cfgSnap.ConnectProxy.UpstreamPeerTrustBundles.Get(uid.Peer)
+		if !ok {
+			// this should never happen since we loop through upstreams with
+			// set trust bundles
+			return fmt.Errorf("trust bundle not ready for peer %s", uid.Peer)
+		}
+
+		clusterName := generatePeeredClusterName(uid, tbs)
+
+		mgwMode := structs.MeshGatewayModeDefault
+		if upstream != nil {
+			mgwMode = upstream.MeshGateway.Mode
+		}
+		peerServiceEndpoints, err := s.makeEndpointsForPeerService(cfgSnap, uid, mgwMode)
+		if err != nil {
+			return err
+		}
+
+		if peerServiceEndpoints != nil {
+			pbEndpoints := &pbproxystate.Endpoints{
+				Endpoints: peerServiceEndpoints,
+			}
+
+			eps[clusterName] = pbEndpoints
+		}
+	}
+
+	// Looping over explicit upstreams is only needed for prepared queries because they do not have discovery chains
+	for _, u := range cfgSnap.Proxy.Upstreams {
+		if u.DestinationType != structs.UpstreamDestTypePreparedQuery {
+			continue
+		}
+		uid := proxycfg.NewUpstreamID(&u)
+
+		dc := u.Datacenter
+		if dc == "" {
+			dc = cfgSnap.Datacenter
+		}
+		clusterName := connect.UpstreamSNI(&u, "", dc, cfgSnap.Roots.TrustDomain)
+
+		endpoints, ok := cfgSnap.ConnectProxy.PreparedQueryEndpoints[uid]
+		if ok {
+			epts := makeEndpointsForLoadAssignment(
+				cfgSnap,
+				nil,
+				[]loadAssignmentEndpointGroup{
+					{Endpoints: endpoints},
+				},
+				cfgSnap.Locality,
+			)
+			pbEndpoints := &pbproxystate.Endpoints{
+				Endpoints: epts,
+			}
+
+			eps[clusterName] = pbEndpoints
+		}
+	}
+
+	// Loop over potential destinations in the mesh, then grab the gateway nodes associated with each
+	cfgSnap.ConnectProxy.DestinationsUpstream.ForEachKey(func(uid proxycfg.UpstreamID) bool {
+		svcConfig, ok := cfgSnap.ConnectProxy.DestinationsUpstream.Get(uid)
+		if !ok || svcConfig.Destination == nil {
+			return true
+		}
+
+		for _, address := range svcConfig.Destination.Addresses {
+			clusterName := clusterNameForDestination(cfgSnap, uid.Name, address, uid.NamespaceOrDefault(), uid.PartitionOrDefault())
+
+			endpoints, ok := cfgSnap.ConnectProxy.DestinationGateways.Get(uid)
+			if ok {
+				epts := makeEndpointsForLoadAssignment(
+					cfgSnap,
+					nil,
+					[]loadAssignmentEndpointGroup{
+						{Endpoints: endpoints},
+					},
+					proxycfg.GatewayKey{ /*empty so it never matches*/ },
+				)
+				pbEndpoints := &pbproxystate.Endpoints{
+					Endpoints: epts,
+				}
+				eps[clusterName] = pbEndpoints
+			}
+		}
+
+		return true
+	})
+
+	s.proxyState.Endpoints = eps
+	return nil
+}
+
+func (s *Converter) makeEndpointsForPeerService(
+	cfgSnap *proxycfg.ConfigSnapshot,
+	uid proxycfg.UpstreamID,
+	upstreamGatewayMode structs.MeshGatewayMode,
+) ([]*pbproxystate.Endpoint, error) {
+	var eps []*pbproxystate.Endpoint
+
+	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
+	if err != nil {
+		return eps, err
+	}
+
+	if upstreamGatewayMode == structs.MeshGatewayModeNone {
+		s.Logger.Warn(fmt.Sprintf("invalid mesh gateway mode 'none', defaulting to 'remote' for %q", uid))
+	}
+
+	// If an upstream is configured with local mesh gw mode, we make a load assignment
+	// from the gateway endpoints instead of those of the upstreams.
+	if upstreamGatewayMode == structs.MeshGatewayModeLocal {
+		localGw, ok := cfgSnap.ConnectProxy.WatchedLocalGWEndpoints.Get(cfgSnap.Locality.String())
+		if !ok {
+			// local GW is not ready; return early
+			return eps, nil
+		}
+		eps = makeEndpointsForLoadAssignment(
+			cfgSnap,
+			nil,
+			[]loadAssignmentEndpointGroup{
+				{Endpoints: localGw},
+			},
+			cfgSnap.Locality,
+		)
+		return eps, nil
+	}
+
+	// Also skip peer instances with a hostname as their address. EDS
+	// cannot resolve hostnames, so we provide them through CDS instead.
+	if _, ok := upstreamsSnapshot.PeerUpstreamEndpointsUseHostnames[uid]; ok {
+		return eps, nil
+	}
+
+	endpoints, ok := upstreamsSnapshot.PeerUpstreamEndpoints.Get(uid)
+	if !ok {
+		return nil, nil
+	}
+	eps = makeEndpointsForLoadAssignment(
+		cfgSnap,
+		nil,
+		[]loadAssignmentEndpointGroup{
+			{Endpoints: endpoints},
+		},
+		proxycfg.GatewayKey{ /*empty so it never matches*/ },
+	)
+	return eps, nil
+}
+
+func (s *Converter) filterSubsetEndpoints(subset *structs.ServiceResolverSubset, endpoints structs.CheckServiceNodes) (structs.CheckServiceNodes, error) {
+	// locally execute the subsets filter
+	if subset.Filter != "" {
+		filter, err := bexpr.CreateFilter(subset.Filter, nil, endpoints)
+		if err != nil {
+			return nil, err
+		}
+
+		raw, err := filter.Execute(endpoints)
+		if err != nil {
+			return nil, err
+		}
+		return raw.(structs.CheckServiceNodes), nil
+	}
+	return endpoints, nil
+}
+
+// TODO(proxystate): Terminating Gateway will be added in the future.
+// Functions to add from agent/xds/endpoints.go:
+// func endpointsFromSnapshotTerminatingGateway
+
+// TODO(proxystate): Mesh Gateway will be added in the future.
+// Functions to add from agent/xds/endpoints.go:
+// func endpointsFromSnapshotMeshGateway
+
+// TODO(proxystate): Cluster Peering will be added in the future.
+// Functions to add from agent/xds/endpoints.go:
+// func makeEndpointsForOutgoingPeeredServices
+
+// TODO(proxystate): Mesh Gateway will be added in the future.
+// Functions to add from agent/xds/endpoints.go:
+// func endpointsFromServicesAndResolvers
+
+// TODO(proxystate): Mesh Gateway will be added in the future.
+// Functions to add from agent/xds/endpoints.go:
+// func makePeerServerEndpointsForMeshGateway
+
+// TODO(proxystate): Ingress Gateway will be added in the future.
+// Functions to add from agent/xds/endpoints.go:
+// func endpointsFromSnapshotIngressGateway
+
+// TODO(proxystate): API Gateway will be added in the future.
+// Functions to add from agent/xds/endpoints.go:
+// func endpointsFromSnapshotAPIGateway
+
 // used in clusters.go
 func makeHostPortEndpoint(host string, port int) *pbproxystate.Endpoint {
 	return &pbproxystate.Endpoint{
@@ -50,6 +325,317 @@ func makeUnixSocketEndpoint(path string) *pbproxystate.Endpoint {
 	}
 }
 
+func (s *Converter) makeUpstreamLoadAssignmentEndpointForPeerService(
+	cfgSnap *proxycfg.ConfigSnapshot,
+	uid proxycfg.UpstreamID,
+	upstreamGatewayMode structs.MeshGatewayMode,
+) ([]*pbproxystate.Endpoint, error) {
+	var eps []*pbproxystate.Endpoint
+
+	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
+	if err != nil {
+		return eps, err
+	}
+
+	if upstreamGatewayMode == structs.MeshGatewayModeNone {
+		s.Logger.Warn(fmt.Sprintf("invalid mesh gateway mode 'none', defaulting to 'remote' for %q", uid))
+	}
+
+	// If an upstream is configured with local mesh gw mode, we make a load assignment
+	// from the gateway endpoints instead of those of the upstreams.
+	if upstreamGatewayMode == structs.MeshGatewayModeLocal {
+		localGw, ok := cfgSnap.ConnectProxy.WatchedLocalGWEndpoints.Get(cfgSnap.Locality.String())
+		if !ok {
+			// local GW is not ready; return early
+			return eps, nil
+		}
+		eps = makeEndpointsForLoadAssignment(
+			cfgSnap,
+			nil,
+			[]loadAssignmentEndpointGroup{
+				{Endpoints: localGw},
+			},
+			cfgSnap.Locality,
+		)
+		return eps, nil
+	}
+
+	// Also skip peer instances with a hostname as their address. EDS
+	// cannot resolve hostnames, so we provide them through CDS instead.
+	if _, ok := upstreamsSnapshot.PeerUpstreamEndpointsUseHostnames[uid]; ok {
+		return eps, nil
+	}
+
+	endpoints, ok := upstreamsSnapshot.PeerUpstreamEndpoints.Get(uid)
+	if !ok {
+		return nil, nil
+	}
+	eps = makeEndpointsForLoadAssignment(
+		cfgSnap,
+		nil,
+		[]loadAssignmentEndpointGroup{
+			{Endpoints: endpoints},
+		},
+		proxycfg.GatewayKey{ /*empty so it never matches*/ },
+	)
+	return eps, nil
+}
+
+func (s *Converter) endpointsFromDiscoveryChain(
+	uid proxycfg.UpstreamID,
+	chain *structs.CompiledDiscoveryChain,
+	cfgSnap *proxycfg.ConfigSnapshot,
+	gatewayKey proxycfg.GatewayKey,
+	upstreamConfigMap map[string]interface{},
+	upstreamEndpoints map[string]structs.CheckServiceNodes,
+	gatewayEndpoints map[string]structs.CheckServiceNodes,
+	forMeshGateway bool,
+) (map[string][]*pbproxystate.Endpoint, error) {
+	if chain == nil {
+		if forMeshGateway {
+			return nil, fmt.Errorf("missing discovery chain for %s", uid)
+		}
+		return nil, nil
+	}
+
+	if upstreamConfigMap == nil {
+		upstreamConfigMap = make(map[string]interface{}) // TODO:needed?
+	}
+
+	clusterEndpoints := make(map[string][]*pbproxystate.Endpoint)
+
+	// TODO(jm): escape hatches will be implemented in the future
+	//var escapeHatchCluster *pbproxystate.Cluster
+	//if !forMeshGateway {
+
+	//cfg, err := structs.ParseUpstreamConfigNoDefaults(upstreamConfigMap)
+	//if err != nil {
+	//	// Don't hard fail on a config typo, just warn. The parse func returns
+	//	// default config if there is an error so it's safe to continue.
+	//	s.Logger.Warn("failed to parse", "upstream", uid,
+	//		"error", err)
+	//}
+
+	//if cfg.EnvoyClusterJSON != "" {
+	//	if chain.Default {
+	//		// If you haven't done anything to setup the discovery chain, then
+	//		// you can use the envoy_cluster_json escape hatch.
+	//		escapeHatchCluster, err = makeClusterFromUserConfig(cfg.EnvoyClusterJSON)
+	//		if err != nil {
+	//			return ce, nil
+	//		}
+	//	} else {
+	//		s.Logger.Warn("ignoring escape hatch setting, because a discovery chain is configued for",
+	//			"discovery chain", chain.ServiceName, "upstream", uid,
+	//			"envoy_cluster_json", chain.ServiceName)
+	//	}
+	//}
+	//}
+
+	mgwMode := structs.MeshGatewayModeDefault
+	if upstream, _ := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta); upstream != nil {
+		mgwMode = upstream.MeshGateway.Mode
+	}
+
+	// Find all resolver nodes.
+	for _, node := range chain.Nodes {
+		switch {
+		case node == nil:
+			return nil, fmt.Errorf("impossible to process a nil node")
+		case node.Type != structs.DiscoveryGraphNodeTypeResolver:
+			continue
+		case node.Resolver == nil:
+			return nil, fmt.Errorf("impossible to process a non-resolver node")
+		}
+		rawUpstreamConfig, err := structs.ParseUpstreamConfigNoDefaults(upstreamConfigMap)
+		if err != nil {
+			return nil, err
+		}
+		upstreamConfig := finalizeUpstreamConfig(rawUpstreamConfig, chain, node.Resolver.ConnectTimeout)
+
+		mappedTargets, err := s.mapDiscoChainTargets(cfgSnap, chain, node, upstreamConfig, forMeshGateway)
+		if err != nil {
+			return nil, err
+		}
+
+		targetGroups, err := mappedTargets.groupedTargets()
+		if err != nil {
+			return nil, err
+		}
+
+		for _, groupedTarget := range targetGroups {
+			clusterName := groupedTarget.ClusterName
+			// TODO(jm): escape hatches will be implemented in the future
+			//if escapeHatchCluster != nil {
+			//	clusterName = escapeHatchCluster.Name
+			//}
+			switch len(groupedTarget.Targets) {
+			case 0:
+				continue
+			case 1:
+				// We expect one target so this passes through to continue setting the load assignment up.
+			default:
+				return nil, fmt.Errorf("cannot have more than one target")
+			}
+			ti := groupedTarget.Targets[0]
+			s.Logger.Debug("generating endpoints for", "cluster", clusterName, "targetID", ti.TargetID)
+			targetUID := proxycfg.NewUpstreamIDFromTargetID(ti.TargetID)
+			if targetUID.Peer != "" {
+				peerServiceEndpoints, err := s.makeEndpointsForPeerService(cfgSnap, targetUID, mgwMode)
+				if err != nil {
+					return nil, err
+				}
+				if peerServiceEndpoints != nil {
+					clusterEndpoints[clusterName] = peerServiceEndpoints
+				}
+				continue
+			}
+
+			endpointGroup, valid := makeLoadAssignmentEndpointGroup(
+				chain.Targets,
+				upstreamEndpoints,
+				gatewayEndpoints,
+				ti.TargetID,
+				gatewayKey,
+				forMeshGateway,
+			)
+			if !valid {
+				continue // skip the cluster if we're still populating the snapshot
+			}
+
+			epts := makeEndpointsForLoadAssignment(
+				cfgSnap,
+				ti.PrioritizeByLocality,
+				[]loadAssignmentEndpointGroup{endpointGroup},
+				gatewayKey,
+			)
+			clusterEndpoints[clusterName] = epts
+		}
+	}
+
+	return clusterEndpoints, nil
+}
+
+// TODO(proxystate): Mesh Gateway will be added in the future.
+// Functions to add from agent/xds/endpoints.go:
+// func makeExportedUpstreamEndpointsForMeshGateway
+
+type loadAssignmentEndpointGroup struct {
+	Endpoints      structs.CheckServiceNodes
+	OnlyPassing    bool
+	OverrideHealth pbproxystate.HealthStatus
+}
+
+func makeEndpointsForLoadAssignment(cfgSnap *proxycfg.ConfigSnapshot,
+	policy *structs.DiscoveryPrioritizeByLocality,
+	endpointGroups []loadAssignmentEndpointGroup,
+	localKey proxycfg.GatewayKey) []*pbproxystate.Endpoint {
+	pbEndpoints := make([]*pbproxystate.Endpoint, 0, len(endpointGroups))
+
+	// TODO(jm): make this work in xdsv2
+	//if len(endpointGroups) > 1 {
+	//	cla.Policy = &envoy_endpoint_v3.ClusterLoadAssignment_Policy{
+	//		// We choose such a large value here that the failover math should
+	//		// in effect not happen until zero instances are healthy.
+	//		OverprovisioningFactor: response.MakeUint32Value(100000),
+	//	}
+	//}
+
+	var priority uint32
+
+	for _, endpointGroup := range endpointGroups {
+		endpointsByLocality, err := groupedEndpoints(cfgSnap.ServiceLocality, policy, endpointGroup.Endpoints)
+
+		if err != nil {
+			continue
+		}
+
+		for _, endpoints := range endpointsByLocality {
+			for _, ep := range endpoints {
+				// TODO (mesh-gateway) - should we respect the translate_wan_addrs configuration here or just always use the wan for cross-dc?
+				_, addr, port := ep.BestAddress(!localKey.Matches(ep.Node.Datacenter, ep.Node.PartitionOrDefault()))
+				healthStatus, weight := calculateEndpointHealthAndWeight(ep, endpointGroup.OnlyPassing)
+
+				if endpointGroup.OverrideHealth != pbproxystate.HealthStatus_HEALTH_STATUS_UNKNOWN {
+					healthStatus = endpointGroup.OverrideHealth
+				}
+
+				endpoint := makeHostPortEndpoint(addr, port)
+				endpoint.HealthStatus = healthStatus
+				endpoint.LoadBalancingWeight = response.MakeUint32Value(weight)
+
+				pbEndpoints = append(pbEndpoints, endpoint)
+			}
+
+			// TODO(jm): what do we do about priority downstream?
+			//cla.Endpoints = append(cla.Endpoints, &envoy_endpoint_v3.LocalityLbEndpoints{
+			//	Priority:    priority,
+			//	LbEndpoints: es,
+			//})
+
+			priority++
+		}
+	}
+
+	return pbEndpoints
+}
+
+func makeLoadAssignmentEndpointGroup(
+	targets map[string]*structs.DiscoveryTarget,
+	targetHealth map[string]structs.CheckServiceNodes,
+	gatewayHealth map[string]structs.CheckServiceNodes,
+	targetID string,
+	localKey proxycfg.GatewayKey,
+	forMeshGateway bool,
+) (loadAssignmentEndpointGroup, bool) {
+	realEndpoints, ok := targetHealth[targetID]
+	if !ok {
+		// skip the cluster if we're still populating the snapshot
+		return loadAssignmentEndpointGroup{}, false
+	}
+	target := targets[targetID]
+
+	var gatewayKey proxycfg.GatewayKey
+
+	switch target.MeshGateway.Mode {
+	case structs.MeshGatewayModeRemote:
+		gatewayKey.Datacenter = target.Datacenter
+		gatewayKey.Partition = target.Partition
+	case structs.MeshGatewayModeLocal:
+		gatewayKey = localKey
+	}
+
+	if forMeshGateway || gatewayKey.IsEmpty() || localKey.Matches(target.Datacenter, target.Partition) {
+		// Gateways are not needed if the request isn't for a remote DC or partition.
+		return loadAssignmentEndpointGroup{
+			Endpoints:   realEndpoints,
+			OnlyPassing: target.Subset.OnlyPassing,
+		}, true
+	}
+
+	// If using a mesh gateway we need to pull those endpoints instead.
+	gatewayEndpoints, ok := gatewayHealth[gatewayKey.String()]
+	if !ok {
+		// skip the cluster if we're still populating the snapshot
+		return loadAssignmentEndpointGroup{}, false
+	}
+
+	// But we will use the health from the actual backend service.
+	overallHealth := pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
+	for _, ep := range realEndpoints {
+		health, _ := calculateEndpointHealthAndWeight(ep, target.Subset.OnlyPassing)
+		if health == pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY {
+			overallHealth = pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY
+			break
+		}
+	}
+
+	return loadAssignmentEndpointGroup{
+		Endpoints:      gatewayEndpoints,
+		OverrideHealth: overallHealth,
+	}, true
+}
+
 func calculateEndpointHealthAndWeight(
 	ep structs.CheckServiceNode,
 	onlyPassing bool,
diff --git a/agent/xds/proxystateconverter/locality_policy.go b/agent/xds/proxystateconverter/locality_policy.go
new file mode 100644
index 000000000000..db62e63f5f95
--- /dev/null
+++ b/agent/xds/proxystateconverter/locality_policy.go
@@ -0,0 +1,21 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package proxystateconverter
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+func groupedEndpoints(locality *structs.Locality, policy *structs.DiscoveryPrioritizeByLocality, csns structs.CheckServiceNodes) ([]structs.CheckServiceNodes, error) {
+	switch {
+	case policy == nil || policy.Mode == "" || policy.Mode == "none":
+		return []structs.CheckServiceNodes{csns}, nil
+	case policy.Mode == "failover":
+		return prioritizeByLocalityFailover(locality, csns), nil
+	default:
+		return nil, fmt.Errorf("unexpected priortize-by-locality mode %q", policy.Mode)
+	}
+}
diff --git a/agent/xds/proxystateconverter/locality_policy_oss.go b/agent/xds/proxystateconverter/locality_policy_oss.go
new file mode 100644
index 000000000000..007501ffab7b
--- /dev/null
+++ b/agent/xds/proxystateconverter/locality_policy_oss.go
@@ -0,0 +1,15 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+//go:build !consulent
+// +build !consulent
+
+package proxystateconverter
+
+import (
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+func prioritizeByLocalityFailover(locality *structs.Locality, csns structs.CheckServiceNodes) []structs.CheckServiceNodes {
+	return nil
+}
diff --git a/agent/xdsv2/endpoint_resources.go b/agent/xdsv2/endpoint_resources.go
index f5fd1b9c5d09..c493c48f640d 100644
--- a/agent/xdsv2/endpoint_resources.go
+++ b/agent/xdsv2/endpoint_resources.go
@@ -7,35 +7,56 @@ import (
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 	"github.com/hashicorp/consul/agent/xds/response"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+	"google.golang.org/protobuf/proto"
 )
 
-func makeEnvoyEndpoint(endpoint *pbproxystate.Endpoint) *envoy_endpoint_v3.LbEndpoint {
+func makeEnvoyLbEndpoint(endpoint *pbproxystate.Endpoint) *envoy_endpoint_v3.LbEndpoint {
+	hs := int32(endpoint.GetHealthStatus().Number())
+	return &envoy_endpoint_v3.LbEndpoint{
+		HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
+			Endpoint: makeEnvoyEndpoint(endpoint),
+		},
+		HealthStatus:        envoy_core_v3.HealthStatus(hs),
+		LoadBalancingWeight: endpoint.GetLoadBalancingWeight(),
+	}
+}
+
+func makeEnvoyEndpoint(endpoint *pbproxystate.Endpoint) *envoy_endpoint_v3.Endpoint {
 	var address *envoy_core_v3.Address
 	if endpoint.GetUnixSocket() != nil {
 		address = response.MakePipeAddress(endpoint.GetUnixSocket().GetPath(), 0)
 	} else {
 		address = response.MakeAddress(endpoint.GetHostPort().GetHost(), int(endpoint.GetHostPort().Port))
 	}
-	return &envoy_endpoint_v3.LbEndpoint{
-		HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
-			Endpoint: &envoy_endpoint_v3.Endpoint{
-				Address: address,
-			},
-		},
+
+	return &envoy_endpoint_v3.Endpoint{
+		Address: address,
 	}
 }
 
 func makeEnvoyClusterLoadAssignment(clusterName string, endpoints []*pbproxystate.Endpoint) *envoy_endpoint_v3.ClusterLoadAssignment {
-	localityLbEndpoints := make([]*envoy_endpoint_v3.LocalityLbEndpoints, 0, len(endpoints))
+	localityLbEndpoints := &envoy_endpoint_v3.LocalityLbEndpoints{}
 	for _, endpoint := range endpoints {
-		localityLbEndpoints = append(localityLbEndpoints, &envoy_endpoint_v3.LocalityLbEndpoints{
-			LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{makeEnvoyEndpoint(endpoint)},
-		})
+		localityLbEndpoints.LbEndpoints = append(localityLbEndpoints.LbEndpoints, makeEnvoyLbEndpoint(endpoint))
 	}
 	return &envoy_endpoint_v3.ClusterLoadAssignment{
 		ClusterName: clusterName,
-		Endpoints:   localityLbEndpoints,
+		Endpoints:   []*envoy_endpoint_v3.LocalityLbEndpoints{localityLbEndpoints},
+	}
+}
+
+func (pr *ProxyResources) makeXDSEndpoints() ([]proto.Message, error) {
+	endpoints := make([]proto.Message, 0)
+
+	for clusterName, eps := range pr.proxyState.GetEndpoints() {
+		// TODO(jm):  this does not seem like the best way.
+		if clusterName != xdscommon.LocalAppClusterName {
+			protoEndpoint := makeEnvoyClusterLoadAssignment(clusterName, eps.Endpoints)
+			endpoints = append(endpoints, protoEndpoint)
+		}
 	}
 
+	return endpoints, nil
 }
diff --git a/agent/xdsv2/resources.go b/agent/xdsv2/resources.go
index 6082f7dd56b5..d56b5331451c 100644
--- a/agent/xdsv2/resources.go
+++ b/agent/xdsv2/resources.go
@@ -5,7 +5,6 @@ package xdsv2
 
 import (
 	"fmt"
-
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/protobuf/proto"
@@ -48,7 +47,6 @@ func (g *ResourceGenerator) AllResourcesFromIR(proxyState *pbmesh.ProxyState) (m
 func (pr *ProxyResources) generateXDSResources() error {
 	listeners := make([]proto.Message, 0)
 	routes := make([]proto.Message, 0)
-	endpoints := make([]proto.Message, 0)
 
 	for _, l := range pr.proxyState.Listeners {
 		protoListener, err := pr.makeListener(l)
@@ -59,15 +57,21 @@ func (pr *ProxyResources) generateXDSResources() error {
 		listeners = append(listeners, protoListener)
 	}
 
+	pr.envoyResources[xdscommon.ListenerType] = listeners
+
 	clusters, err := pr.makeXDSClusters()
 	if err != nil {
 		return err
 	}
-
-	pr.envoyResources[xdscommon.ListenerType] = listeners
 	pr.envoyResources[xdscommon.ClusterType] = clusters
-	pr.envoyResources[xdscommon.RouteType] = routes
+
+	endpoints, err := pr.makeXDSEndpoints()
+	if err != nil {
+		return err
+	}
 	pr.envoyResources[xdscommon.EndpointType] = endpoints
 
+	pr.envoyResources[xdscommon.RouteType] = routes
+
 	return nil
 }

From 97b41d946f53413519b66384688dd4247b7ebd8c Mon Sep 17 00:00:00 2001
From: Ashwin Venkatesh <ashwin@hashicorp.com>
Date: Thu, 17 Aug 2023 16:34:18 -0400
Subject: [PATCH 297/359] Support custom watches on controller (#18439)

* Support custom watches on controller
* refactor mapper methods
---
 .changelog/18439.txt                      |  3 +
 internal/controller/api.go                | 70 ++++++++++++++--
 internal/controller/api_test.go           | 46 +++++++++++
 internal/controller/controller.go         | 98 +++++++++++++++++------
 internal/controller/dependency_mappers.go |  8 ++
 5 files changed, 195 insertions(+), 30 deletions(-)
 create mode 100644 .changelog/18439.txt

diff --git a/.changelog/18439.txt b/.changelog/18439.txt
new file mode 100644
index 000000000000..dd12738d5c38
--- /dev/null
+++ b/.changelog/18439.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+Support custom watches on the Consul Controller framework.
+```
diff --git a/internal/controller/api.go b/internal/controller/api.go
index 17dfa8ef0ae7..5c2fc2e78271 100644
--- a/internal/controller/api.go
+++ b/internal/controller/api.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/hashicorp/go-hclog"
 
+	"github.com/hashicorp/consul/agent/consul/controller/queue"
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
@@ -46,6 +47,21 @@ func (c Controller) WithWatch(watchedType *pbresource.Type, mapper DependencyMap
 	return c
 }
 
+// WithCustomWatch adds a custom watch on the given dependency to the controller. Custom mapper
+// will be called to map events produced by source to the controller's watched type.
+func (c Controller) WithCustomWatch(source *Source, mapper CustomDependencyMapper) Controller {
+	if source == nil {
+		panic("source must not be nil")
+	}
+
+	if mapper == nil {
+		panic("mapper must not be nil")
+	}
+
+	c.customWatches = append(c.customWatches, customWatch{source, mapper})
+	return c
+}
+
 // WithLogger changes the controller's logger.
 func (c Controller) WithLogger(logger hclog.Logger) Controller {
 	if logger == nil {
@@ -107,13 +123,14 @@ func (c Controller) backoff() (time.Duration, time.Duration) {
 // Use the builder methods in this package (starting with ForType) to construct
 // a controller, and then pass it to a Manager to be executed.
 type Controller struct {
-	managedType *pbresource.Type
-	reconciler  Reconciler
-	logger      hclog.Logger
-	watches     []watch
-	baseBackoff time.Duration
-	maxBackoff  time.Duration
-	placement   Placement
+	managedType   *pbresource.Type
+	reconciler    Reconciler
+	logger        hclog.Logger
+	watches       []watch
+	customWatches []customWatch
+	baseBackoff   time.Duration
+	maxBackoff    time.Duration
+	placement     Placement
 }
 
 type watch struct {
@@ -121,6 +138,45 @@ type watch struct {
 	mapper      DependencyMapper
 }
 
+// Watch is responsible for watching for custom events from source and adding them to
+// the event queue.
+func (s *Source) Watch(ctx context.Context, add func(e Event)) error {
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		case evt, ok := <-s.Source:
+			if !ok {
+				return nil
+			}
+			add(evt)
+		}
+	}
+}
+
+// Source is used as a generic source of events. This can be used when events aren't coming from resources
+// stored by the resource API.
+type Source struct {
+	Source <-chan Event
+}
+
+// Event captures an event in the system which the API can choose to respond to.
+type Event struct {
+	Obj queue.ItemType
+}
+
+// Key returns a string that will be used to de-duplicate items in the queue.
+func (e Event) Key() string {
+	return e.Obj.Key()
+}
+
+// customWatch represent a Watch on a custom Event source and a Mapper to map said
+// Events into Requests that the controller can respond to.
+type customWatch struct {
+	source *Source
+	mapper CustomDependencyMapper
+}
+
 // Request represents a request to reconcile the resource with the given ID.
 type Request struct {
 	// ID of the resource that needs to be reconciled.
diff --git a/internal/controller/api_test.go b/internal/controller/api_test.go
index 215063d87c77..40d3ec99bebd 100644
--- a/internal/controller/api_test.go
+++ b/internal/controller/api_test.go
@@ -25,9 +25,20 @@ func TestController_API(t *testing.T) {
 	rec := newTestReconciler()
 	client := svctest.RunResourceService(t, demo.RegisterTypes)
 
+	concertsChan := make(chan controller.Event)
+	defer close(concertsChan)
+	concertSource := &controller.Source{Source: concertsChan}
+	concertMapper := func(ctx context.Context, rt controller.Runtime, event controller.Event) ([]controller.Request, error) {
+		artistID := event.Obj.(*Concert).artistID
+		var requests []controller.Request
+		requests = append(requests, controller.Request{ID: artistID})
+		return requests, nil
+	}
+
 	ctrl := controller.
 		ForType(demo.TypeV2Artist).
 		WithWatch(demo.TypeV2Album, controller.MapOwner).
+		WithCustomWatch(concertSource, concertMapper).
 		WithBackoff(10*time.Millisecond, 100*time.Millisecond).
 		WithReconciler(rec)
 
@@ -69,6 +80,32 @@ func TestController_API(t *testing.T) {
 		prototest.AssertDeepEqual(t, rsp.Resource.Id, req.ID)
 	})
 
+	t.Run("custom watched resource type", func(t *testing.T) {
+		res, err := demo.GenerateV2Artist()
+		require.NoError(t, err)
+
+		rsp, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: res})
+		require.NoError(t, err)
+
+		req := rec.wait(t)
+		prototest.AssertDeepEqual(t, rsp.Resource.Id, req.ID)
+
+		rec.expectNoRequest(t, 500*time.Millisecond)
+
+		concertsChan <- controller.Event{Obj: &Concert{name: "test-concert", artistID: rsp.Resource.Id}}
+
+		watchedReq := rec.wait(t)
+		prototest.AssertDeepEqual(t, req.ID, watchedReq.ID)
+
+		otherArtist, err := demo.GenerateV2Artist()
+		require.NoError(t, err)
+
+		concertsChan <- controller.Event{Obj: &Concert{name: "test-concert", artistID: otherArtist.Id}}
+
+		watchedReq = rec.wait(t)
+		prototest.AssertDeepEqual(t, otherArtist.Id, watchedReq.ID)
+	})
+
 	t.Run("error retries", func(t *testing.T) {
 		rec.failNext(errors.New("KABOOM"))
 
@@ -266,3 +303,12 @@ func testContext(t *testing.T) context.Context {
 
 	return ctx
 }
+
+type Concert struct {
+	name     string
+	artistID *pbresource.ID
+}
+
+func (c Concert) Key() string {
+	return c.name
+}
diff --git a/internal/controller/controller.go b/internal/controller/controller.go
index f6a064853c73..ac901d355b6e 100644
--- a/internal/controller/controller.go
+++ b/internal/controller/controller.go
@@ -40,20 +40,39 @@ func (c *controllerRunner) run(ctx context.Context) error {
 		})
 	})
 
-	for _, watch := range c.ctrl.watches {
-		watch := watch
+	for _, w := range c.ctrl.watches {
 		mapQueue := runQueue[mapperRequest](groupCtx, c.ctrl)
-
+		watcher := w
 		// Watched Type Events → Mapper Queue
 		group.Go(func() error {
-			return c.watch(groupCtx, watch.watchedType, func(res *pbresource.Resource) {
+			return c.watch(groupCtx, watcher.watchedType, func(res *pbresource.Resource) {
 				mapQueue.Add(mapperRequest{res: res})
 			})
 		})
 
 		// Mapper Queue → Mapper → Reconciliation Queue
 		group.Go(func() error {
-			return c.runMapper(groupCtx, watch, mapQueue, recQueue)
+			return c.runMapper(groupCtx, watcher, mapQueue, recQueue, func(ctx context.Context, runtime Runtime, itemType queue.ItemType) ([]Request, error) {
+				return watcher.mapper(ctx, runtime, itemType.(mapperRequest).res)
+			})
+		})
+	}
+
+	for _, cw := range c.ctrl.customWatches {
+		customMapQueue := runQueue[Event](groupCtx, c.ctrl)
+		watcher := cw
+		// Custom Events → Mapper Queue
+		group.Go(func() error {
+			return watcher.source.Watch(groupCtx, func(e Event) {
+				customMapQueue.Add(e)
+			})
+		})
+
+		// Mapper Queue → Mapper → Reconciliation Queue
+		group.Go(func() error {
+			return c.runCustomMapper(groupCtx, watcher, customMapQueue, recQueue, func(ctx context.Context, runtime Runtime, itemType queue.ItemType) ([]Request, error) {
+				return watcher.mapper(ctx, runtime, itemType.(Event))
+			})
 		})
 	}
 
@@ -71,7 +90,7 @@ func runQueue[T queue.ItemType](ctx context.Context, ctrl Controller) queue.Work
 }
 
 func (c *controllerRunner) watch(ctx context.Context, typ *pbresource.Type, add func(*pbresource.Resource)) error {
-	watch, err := c.client.WatchList(ctx, &pbresource.WatchListRequest{
+	wl, err := c.client.WatchList(ctx, &pbresource.WatchListRequest{
 		Type: typ,
 		Tenancy: &pbresource.Tenancy{
 			Partition: storage.Wildcard,
@@ -85,7 +104,7 @@ func (c *controllerRunner) watch(ctx context.Context, typ *pbresource.Type, add
 	}
 
 	for {
-		event, err := watch.Recv()
+		event, err := wl.Recv()
 		if err != nil {
 			c.logger.Warn("error received from watch", "error", err)
 			return err
@@ -99,6 +118,7 @@ func (c *controllerRunner) runMapper(
 	w watch,
 	from queue.WorkQueue[mapperRequest],
 	to queue.WorkQueue[Request],
+	mapper func(ctx context.Context, runtime Runtime, itemType queue.ItemType) ([]Request, error),
 ) error {
 	logger := c.logger.With("watched_resource_type", resource.ToGVK(w.watchedType))
 
@@ -108,27 +128,36 @@ func (c *controllerRunner) runMapper(
 			return nil
 		}
 
-		var reqs []Request
-		err := c.handlePanic(func() error {
-			var err error
-			reqs, err = w.mapper(ctx, c.runtime(), item.res)
-			return err
-		})
-		if err != nil {
+		if err := c.doMap(ctx, mapper, to, item, logger); err != nil {
 			from.AddRateLimited(item)
 			from.Done(item)
 			continue
 		}
 
-		for _, r := range reqs {
-			if !resource.EqualType(r.ID.Type, c.ctrl.managedType) {
-				logger.Error("dependency mapper returned request for a resource of the wrong type",
-					"type_expected", resource.ToGVK(c.ctrl.managedType),
-					"type_got", resource.ToGVK(r.ID.Type),
-				)
-				continue
-			}
-			to.Add(r)
+		from.Forget(item)
+		from.Done(item)
+	}
+}
+
+func (c *controllerRunner) runCustomMapper(
+	ctx context.Context,
+	cw customWatch,
+	from queue.WorkQueue[Event],
+	to queue.WorkQueue[Request],
+	mapper func(ctx context.Context, runtime Runtime, itemType queue.ItemType) ([]Request, error),
+) error {
+	logger := c.logger.With("watched_event", cw.source)
+
+	for {
+		item, shutdown := from.Get()
+		if shutdown {
+			return nil
+		}
+
+		if err := c.doMap(ctx, mapper, to, item, logger); err != nil {
+			from.AddRateLimited(item)
+			from.Done(item)
+			continue
 		}
 
 		from.Forget(item)
@@ -136,6 +165,29 @@ func (c *controllerRunner) runMapper(
 	}
 }
 
+func (c *controllerRunner) doMap(ctx context.Context, mapper func(ctx context.Context, runtime Runtime, itemType queue.ItemType) ([]Request, error), to queue.WorkQueue[Request], item queue.ItemType, logger hclog.Logger) error {
+	var reqs []Request
+	if err := c.handlePanic(func() error {
+		var err error
+		reqs, err = mapper(ctx, c.runtime(), item)
+		return err
+	}); err != nil {
+		return err
+	}
+
+	for _, r := range reqs {
+		if !resource.EqualType(r.ID.Type, c.ctrl.managedType) {
+			logger.Error("dependency mapper returned request for a resource of the wrong type",
+				"type_expected", resource.ToGVK(c.ctrl.managedType),
+				"type_got", resource.ToGVK(r.ID.Type),
+			)
+			continue
+		}
+		to.Add(r)
+	}
+	return nil
+}
+
 func (c *controllerRunner) runReconciler(ctx context.Context, queue queue.WorkQueue[Request]) error {
 	for {
 		req, shutdown := queue.Get()
diff --git a/internal/controller/dependency_mappers.go b/internal/controller/dependency_mappers.go
index e66e4b50e5d3..1ac331ffafdd 100644
--- a/internal/controller/dependency_mappers.go
+++ b/internal/controller/dependency_mappers.go
@@ -18,6 +18,14 @@ type DependencyMapper func(
 	res *pbresource.Resource,
 ) ([]Request, error)
 
+// CustomDependencyMapper is called when an Event occurs to determine which of the
+// controller's managed resources need to be reconciled.
+type CustomDependencyMapper func(
+	ctx context.Context,
+	rt Runtime,
+	event Event,
+) ([]Request, error)
+
 // MapOwner implements a DependencyMapper that returns the updated resource's owner.
 func MapOwner(_ context.Context, _ Runtime, res *pbresource.Resource) ([]Request, error) {
 	var reqs []Request

From 9ea182f6ad44aad37b73981d8ae1a43334e56600 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Thu, 17 Aug 2023 15:04:53 -0600
Subject: [PATCH 298/359] NET-4858 - xds v2 - implement base connect proxy
 functionality for routes (#18501)

* NET-4853 - xds v2 - implement base connect proxy functionality for clusters

* NET-4853 - xds v2 - implement base connect proxy functionality for clusters

* NET-4932 - xds v2 - implement base connect proxy functionality for endpoints

* Update endpoints_test.go

* gofmt

* NET-4858 - Make connect proxy route tests pass using xds v2

* Update endpoints_test.go

* Update naming.go

* use alsoRunTestForV2

* remove unused makeAddress

* gofmt

* fixing clusters
---
 agent/xds/clusters_test.go                    |   9 +-
 agent/xds/endpoints_test.go                   |   7 +-
 agent/xds/proxystateconverter/clusters.go     |   3 +-
 agent/xds/proxystateconverter/converter.go    |  10 +-
 agent/xds/proxystateconverter/routes.go       | 777 ++++++++++++++++++
 agent/xds/routes_test.go                      |  83 +-
 agent/xdsv2/cluster_resources.go              |  17 +
 agent/xdsv2/listener_resources.go             |  16 +-
 agent/xdsv2/resources.go                      |  18 +-
 agent/xdsv2/route_resources.go                | 504 +++++++++++-
 .../v1alpha1/pbproxystate/cluster.pb.go       | 754 ++++++++---------
 .../v1alpha1/pbproxystate/cluster.proto       |  12 +-
 .../pbmesh/v1alpha1/proxy_state.pb.go         |   2 +-
 .../pbmesh/v1alpha1/proxy_state.proto         |   2 +-
 14 files changed, 1806 insertions(+), 408 deletions(-)
 create mode 100644 agent/xds/proxystateconverter/routes.go

diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
index 0c7cc323cc56..adeb2b57374f 100644
--- a/agent/xds/clusters_test.go
+++ b/agent/xds/clusters_test.go
@@ -96,8 +96,7 @@ func makeClusterDiscoChainTests(enterprise bool) []clusterTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-failover",
@@ -176,16 +175,14 @@ func makeClusterDiscoChainTests(enterprise bool) []clusterTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-lb-in-resolver",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
+			alsoRunTestForV2: true,
 		},
 	}
 }
diff --git a/agent/xds/endpoints_test.go b/agent/xds/endpoints_test.go
index 1be4f1fc8884..9daf5b31f55b 100644
--- a/agent/xds/endpoints_test.go
+++ b/agent/xds/endpoints_test.go
@@ -12,7 +12,6 @@ import (
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
-
 	"github.com/hashicorp/consul/agent/xds/proxystateconverter"
 	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/agent/xds/testcommon"
@@ -267,8 +266,7 @@ func makeEndpointDiscoChainTests(enterprise bool) []endpointTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-failover",
@@ -351,8 +349,7 @@ func makeEndpointDiscoChainTests(enterprise bool) []endpointTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
+			alsoRunTestForV2: true,
 		},
 	}
 }
diff --git a/agent/xds/proxystateconverter/clusters.go b/agent/xds/proxystateconverter/clusters.go
index 2e640b15121d..e12211f67078 100644
--- a/agent/xds/proxystateconverter/clusters.go
+++ b/agent/xds/proxystateconverter/clusters.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"
 
+	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
 
@@ -1021,7 +1022,7 @@ func configureClusterWithHostnames(
 		dnsEndpointGroup.Config.DiscoveryType = pbproxystate.DiscoveryType_DISCOVERY_TYPE_STRICT
 	}
 
-	endpoints := make([]*pbproxystate.Endpoint, 0, 1)
+	endpoints := make([]*envoy_endpoint_v3.LbEndpoint, 0, 1)
 	uniqueHostnames := make(map[string]bool)
 
 	var (
diff --git a/agent/xds/proxystateconverter/converter.go b/agent/xds/proxystateconverter/converter.go
index f4e9e26f0f5e..4cf9b95151c8 100644
--- a/agent/xds/proxystateconverter/converter.go
+++ b/agent/xds/proxystateconverter/converter.go
@@ -66,10 +66,12 @@ func (g *Converter) resourcesFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) erro
 	if err != nil {
 		return err
 	}
-	//err = g.routesFromSnapshot(cfgSnap)
-	//if err != nil {
-	//	return err
-	//}
+
+	err = g.routesFromSnapshot(cfgSnap)
+	if err != nil {
+		return err
+	}
+
 	//g.secretsFromSnapshot(cfgSnap)
 	return nil
 }
diff --git a/agent/xds/proxystateconverter/routes.go b/agent/xds/proxystateconverter/routes.go
new file mode 100644
index 000000000000..f9559f7878a8
--- /dev/null
+++ b/agent/xds/proxystateconverter/routes.go
@@ -0,0 +1,777 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package proxystateconverter
+
+import (
+	"errors"
+	"fmt"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/consul/agent/xds/response"
+
+	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/structs"
+	"google.golang.org/protobuf/types/known/durationpb"
+)
+
+// routesFromSnapshot returns the xDS API representation of the "routes" in the
+// snapshot.
+func (s *Converter) routesFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
+	if cfgSnap == nil {
+		return errors.New("nil config given")
+	}
+
+	switch cfgSnap.Kind {
+	case structs.ServiceKindConnectProxy:
+		return s.routesForConnectProxy(cfgSnap)
+	// TODO(proxystate): Ingress Gateways will be added in the future.
+	//case structs.ServiceKindIngressGateway:
+	//	return s.routesForIngressGateway(cfgSnap)
+	// TODO(proxystate): API Gateways will be added in the future.
+	//case structs.ServiceKindAPIGateway:
+	//	return s.routesForAPIGateway(cfgSnap)
+	// TODO(proxystate): Terminating Gateways will be added in the future.
+	//case structs.ServiceKindTerminatingGateway:
+	//	return s.routesForTerminatingGateway(cfgSnap)
+	// TODO(proxystate): Mesh Gateways will be added in the future.
+	//case structs.ServiceKindMeshGateway:
+	//	return s.routesForMeshGateway(cfgSnap)
+	default:
+		return fmt.Errorf("Invalid service kind: %v", cfgSnap.Kind)
+	}
+}
+
+// routesFromSnapshotConnectProxy returns the xDS API representation of the
+// "routes" in the snapshot.
+func (s *Converter) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) error {
+	for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
+		if chain.Default {
+			continue
+		}
+
+		virtualHost, err := s.makeUpstreamHostForDiscoveryChain(cfgSnap, uid, chain, []string{"*"}, false)
+		if err != nil {
+			return err
+		}
+		if virtualHost == nil {
+			continue
+		}
+
+		route := &pbproxystate.Route{
+			VirtualHosts: []*pbproxystate.VirtualHost{virtualHost},
+		}
+		s.proxyState.Routes[uid.EnvoyID()] = route
+	}
+	addressesMap := make(map[string]map[string]string)
+	err := cfgSnap.ConnectProxy.DestinationsUpstream.ForEachKeyE(func(uid proxycfg.UpstreamID) error {
+		svcConfig, ok := cfgSnap.ConnectProxy.DestinationsUpstream.Get(uid)
+		if !ok || svcConfig == nil {
+			return nil
+		}
+		if !structs.IsProtocolHTTPLike(svcConfig.Protocol) {
+			// Routes can only be defined for HTTP services
+			return nil
+		}
+
+		for _, address := range svcConfig.Destination.Addresses {
+
+			routeName := clusterNameForDestination(cfgSnap, "~http", fmt.Sprintf("%d", svcConfig.Destination.Port), svcConfig.NamespaceOrDefault(), svcConfig.PartitionOrDefault())
+			if _, ok := addressesMap[routeName]; !ok {
+				addressesMap[routeName] = make(map[string]string)
+			}
+			// cluster name is unique per address/port so we should not be doing any override here
+			clusterName := clusterNameForDestination(cfgSnap, svcConfig.Name, address, svcConfig.NamespaceOrDefault(), svcConfig.PartitionOrDefault())
+			addressesMap[routeName][clusterName] = address
+		}
+		return nil
+	})
+
+	if err != nil {
+		return err
+	}
+
+	for routeName, clusters := range addressesMap {
+		route, err := s.makeRouteForAddresses(clusters)
+		if err != nil {
+			return err
+		}
+		if route != nil {
+			s.proxyState.Routes[routeName] = route
+		}
+	}
+
+	// TODO(rb): make sure we don't generate an empty result
+	return nil
+}
+
+func (s *Converter) makeRouteForAddresses(addresses map[string]string) (*pbproxystate.Route, error) {
+	route, err := makeAddressesRoute(addresses)
+	if err != nil {
+		s.Logger.Error("failed to make route", "cluster", "error", err)
+		return nil, err
+	}
+
+	return route, nil
+}
+
+// TODO(proxystate): Terminating Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func routesForTerminatingGateway
+
+// TODO(proxystate): Mesh Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func routesForMeshGateway
+
+func makeAddressesRoute(addresses map[string]string) (*pbproxystate.Route, error) {
+	route := &pbproxystate.Route{}
+	for clusterName, address := range addresses {
+		destination := makeRouteDestinationFromName(clusterName)
+		virtualHost := &pbproxystate.VirtualHost{
+			Name:    clusterName,
+			Domains: []string{address},
+			RouteRules: []*pbproxystate.RouteRule{
+				{
+					Match:       makeDefaultRouteMatch(),
+					Destination: destination,
+				},
+			},
+		}
+		route.VirtualHosts = append(route.VirtualHosts, virtualHost)
+	}
+
+	// sort virtual hosts to have a stable order
+	sort.SliceStable(route.VirtualHosts, func(i, j int) bool {
+		return route.VirtualHosts[i].Name > route.VirtualHosts[j].Name
+	})
+	return route, nil
+}
+
+// makeRouteDestinationFromName (fka makeRouteActionFromName)
+func makeRouteDestinationFromName(clusterName string) *pbproxystate.RouteDestination {
+	return &pbproxystate.RouteDestination{
+		Destination: &pbproxystate.RouteDestination_Cluster{
+			Cluster: &pbproxystate.DestinationCluster{
+				Name: clusterName,
+			},
+		},
+	}
+}
+
+// TODO(proxystate): Ingress Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func routesForIngressGateway
+
+// TODO(proxystate): API Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func routesForAPIGateway
+// func buildHTTPRouteUpstream
+
+// TODO(proxystate): Ingress Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func findIngressServiceMatchingUpstream
+
+// TODO(proxystate): Ingress Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func generateUpstreamIngressDomains
+
+// TODO(proxystate): Ingress Gateways will be added in the future.
+// Functions to add from agent/xds/clusters.go:
+// func generateUpstreamAPIsDomains
+
+func (s *Converter) makeUpstreamHostForDiscoveryChain(
+	cfgSnap *proxycfg.ConfigSnapshot,
+	uid proxycfg.UpstreamID,
+	chain *structs.CompiledDiscoveryChain,
+	serviceDomains []string,
+	forMeshGateway bool,
+) (*pbproxystate.VirtualHost, error) {
+	var routeRules []*pbproxystate.RouteRule
+
+	startNode := chain.Nodes[chain.StartNode]
+	if startNode == nil {
+		return nil, fmt.Errorf("missing first node in compiled discovery chain for: %s", chain.ServiceName)
+	}
+
+	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
+	if err != nil && !forMeshGateway {
+		return nil, err
+	}
+
+	switch startNode.Type {
+	case structs.DiscoveryGraphNodeTypeRouter:
+		routeRules = make([]*pbproxystate.RouteRule, 0, len(startNode.Routes))
+
+		for _, discoveryRoute := range startNode.Routes {
+			routeMatch := makeRouteMatchForDiscoveryRoute(discoveryRoute)
+
+			var (
+				routeDestination *pbproxystate.RouteDestination
+				err              error
+			)
+
+			nextNode := chain.Nodes[discoveryRoute.NextNode]
+
+			var lb *structs.LoadBalancer
+			if nextNode.LoadBalancer != nil {
+				lb = nextNode.LoadBalancer
+			}
+
+			switch nextNode.Type {
+			case structs.DiscoveryGraphNodeTypeSplitter:
+				routeDestination, err = s.makeRouteDestinationForSplitter(upstreamsSnapshot, nextNode.Splits, chain, forMeshGateway)
+				if err != nil {
+					return nil, err
+				}
+
+			case structs.DiscoveryGraphNodeTypeResolver:
+				rd, ok := s.makeRouteDestinationForChainCluster(upstreamsSnapshot, nextNode.Resolver.Target, chain, forMeshGateway)
+				if !ok {
+					continue
+				}
+				routeDestination = rd
+
+			default:
+				return nil, fmt.Errorf("unexpected graph node after route %q", nextNode.Type)
+			}
+
+			routeDestination.DestinationConfiguration = &pbproxystate.DestinationConfiguration{}
+			if err := injectLBToDestinationConfiguration(lb, routeDestination.DestinationConfiguration); err != nil {
+				return nil, fmt.Errorf("failed to apply load balancer configuration to route action: %v", err)
+			}
+
+			// TODO(rb): Better help handle the envoy case where you need (prefix=/foo/,rewrite=/) and (exact=/foo,rewrite=/) to do a full rewrite
+
+			destination := discoveryRoute.Definition.Destination
+
+			routeRule := &pbproxystate.RouteRule{}
+
+			if destination != nil {
+				configHandle := routeDestination.DestinationConfiguration
+				if destination.PrefixRewrite != "" {
+					configHandle.PrefixRewrite = destination.PrefixRewrite
+				}
+
+				if destination.RequestTimeout > 0 || destination.IdleTimeout > 0 {
+					configHandle.TimeoutConfig = &pbproxystate.TimeoutConfig{}
+				}
+				if destination.RequestTimeout > 0 {
+					configHandle.TimeoutConfig.Timeout = durationpb.New(destination.RequestTimeout)
+				}
+				if destination.IdleTimeout > 0 {
+					configHandle.TimeoutConfig.IdleTimeout = durationpb.New(destination.IdleTimeout)
+				}
+
+				if destination.HasRetryFeatures() {
+					configHandle.RetryPolicy = getRetryPolicyForDestination(destination)
+				}
+
+				if err := injectHeaderManipToRoute(destination, routeRule); err != nil {
+					return nil, fmt.Errorf("failed to apply header manipulation configuration to route: %v", err)
+				}
+			}
+
+			routeRule.Match = routeMatch
+			routeRule.Destination = routeDestination
+
+			routeRules = append(routeRules, routeRule)
+		}
+
+	case structs.DiscoveryGraphNodeTypeSplitter:
+		routeDestination, err := s.makeRouteDestinationForSplitter(upstreamsSnapshot, startNode.Splits, chain, forMeshGateway)
+		if err != nil {
+			return nil, err
+		}
+		var lb *structs.LoadBalancer
+		if startNode.LoadBalancer != nil {
+			lb = startNode.LoadBalancer
+		}
+		routeDestination.DestinationConfiguration = &pbproxystate.DestinationConfiguration{}
+		if err := injectLBToDestinationConfiguration(lb, routeDestination.DestinationConfiguration); err != nil {
+			return nil, fmt.Errorf("failed to apply load balancer configuration to route action: %v", err)
+		}
+
+		defaultRoute := &pbproxystate.RouteRule{
+			Match:       makeDefaultRouteMatch(),
+			Destination: routeDestination,
+		}
+
+		routeRules = []*pbproxystate.RouteRule{defaultRoute}
+
+	case structs.DiscoveryGraphNodeTypeResolver:
+		routeDestination, ok := s.makeRouteDestinationForChainCluster(upstreamsSnapshot, startNode.Resolver.Target, chain, forMeshGateway)
+		if !ok {
+			break
+		}
+		var lb *structs.LoadBalancer
+		if startNode.LoadBalancer != nil {
+			lb = startNode.LoadBalancer
+		}
+		routeDestination.DestinationConfiguration = &pbproxystate.DestinationConfiguration{}
+		if err := injectLBToDestinationConfiguration(lb, routeDestination.DestinationConfiguration); err != nil {
+			return nil, fmt.Errorf("failed to apply load balancer configuration to route action: %v", err)
+		}
+
+		if startNode.Resolver.RequestTimeout > 0 {
+			to := &pbproxystate.TimeoutConfig{
+				Timeout: durationpb.New(startNode.Resolver.RequestTimeout),
+			}
+			routeDestination.DestinationConfiguration.TimeoutConfig = to
+		}
+		defaultRoute := &pbproxystate.RouteRule{
+			Match:       makeDefaultRouteMatch(),
+			Destination: routeDestination,
+		}
+
+		routeRules = []*pbproxystate.RouteRule{defaultRoute}
+
+	default:
+		return nil, fmt.Errorf("unknown first node in discovery chain of type: %s", startNode.Type)
+	}
+
+	host := &pbproxystate.VirtualHost{
+		Name:       uid.EnvoyID(),
+		Domains:    serviceDomains,
+		RouteRules: routeRules,
+	}
+
+	return host, nil
+}
+
+func getRetryPolicyForDestination(destination *structs.ServiceRouteDestination) *pbproxystate.RetryPolicy {
+	retryPolicy := &pbproxystate.RetryPolicy{}
+	if destination.NumRetries > 0 {
+		retryPolicy.NumRetries = response.MakeUint32Value(int(destination.NumRetries))
+	}
+
+	// The RetryOn magic values come from: https://www.envoyproxy.io/docs/envoy/v1.10.0/configuration/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on
+	var retryStrings []string
+
+	if len(destination.RetryOn) > 0 {
+		retryStrings = append(retryStrings, destination.RetryOn...)
+	}
+
+	if destination.RetryOnConnectFailure {
+		// connect-failure can be enabled by either adding connect-failure to the RetryOn list or by using the legacy RetryOnConnectFailure option
+		// Check that it's not already in the RetryOn list, so we don't set it twice
+		connectFailureExists := false
+		for _, r := range retryStrings {
+			if r == "connect-failure" {
+				connectFailureExists = true
+			}
+		}
+		if !connectFailureExists {
+			retryStrings = append(retryStrings, "connect-failure")
+		}
+	}
+
+	if len(destination.RetryOnStatusCodes) > 0 {
+		retryStrings = append(retryStrings, "retriable-status-codes")
+		retryPolicy.RetriableStatusCodes = destination.RetryOnStatusCodes
+	}
+
+	retryPolicy.RetryOn = strings.Join(retryStrings, ",")
+
+	return retryPolicy
+}
+
+func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *pbproxystate.RouteMatch {
+	match := discoveryRoute.Definition.Match
+	if match == nil || match.IsEmpty() {
+		return makeDefaultRouteMatch()
+	}
+
+	routeMatch := &pbproxystate.RouteMatch{}
+
+	switch {
+	case match.HTTP.PathExact != "":
+		routeMatch.PathMatch = &pbproxystate.PathMatch{
+			PathMatch: &pbproxystate.PathMatch_Exact{
+				Exact: match.HTTP.PathExact,
+			},
+		}
+	case match.HTTP.PathPrefix != "":
+		routeMatch.PathMatch = &pbproxystate.PathMatch{
+			PathMatch: &pbproxystate.PathMatch_Prefix{
+				Prefix: match.HTTP.PathPrefix,
+			},
+		}
+	case match.HTTP.PathRegex != "":
+		routeMatch.PathMatch = &pbproxystate.PathMatch{
+			PathMatch: &pbproxystate.PathMatch_Regex{
+				Regex: match.HTTP.PathRegex,
+			},
+		}
+	default:
+		routeMatch.PathMatch = &pbproxystate.PathMatch{
+			PathMatch: &pbproxystate.PathMatch_Prefix{
+				Prefix: "/",
+			},
+		}
+	}
+
+	if len(match.HTTP.Header) > 0 {
+		routeMatch.HeaderMatches = make([]*pbproxystate.HeaderMatch, 0, len(match.HTTP.Header))
+		for _, hdr := range match.HTTP.Header {
+			headerMatch := &pbproxystate.HeaderMatch{
+				Name: hdr.Name,
+			}
+
+			switch {
+			case hdr.Exact != "":
+				headerMatch.Match = &pbproxystate.HeaderMatch_Exact{
+					Exact: hdr.Exact,
+				}
+			case hdr.Regex != "":
+				headerMatch.Match = &pbproxystate.HeaderMatch_Regex{
+					Regex: hdr.Regex,
+				}
+			case hdr.Prefix != "":
+				headerMatch.Match = &pbproxystate.HeaderMatch_Prefix{
+					Prefix: hdr.Prefix,
+				}
+			case hdr.Suffix != "":
+				headerMatch.Match = &pbproxystate.HeaderMatch_Suffix{
+					Suffix: hdr.Suffix,
+				}
+			case hdr.Present:
+				headerMatch.Match = &pbproxystate.HeaderMatch_Present{
+					Present: true,
+				}
+			default:
+				continue // skip this impossible situation
+			}
+
+			if hdr.Invert {
+				headerMatch.InvertMatch = true
+			}
+
+			routeMatch.HeaderMatches = append(routeMatch.HeaderMatches, headerMatch)
+		}
+	}
+
+	if len(match.HTTP.Methods) > 0 {
+		routeMatch.MethodMatches = append(routeMatch.MethodMatches, match.HTTP.Methods...)
+	}
+
+	if len(match.HTTP.QueryParam) > 0 {
+		routeMatch.QueryParameterMatches = make([]*pbproxystate.QueryParameterMatch, 0, len(match.HTTP.QueryParam))
+		for _, qm := range match.HTTP.QueryParam {
+
+			queryMatcher := &pbproxystate.QueryParameterMatch{
+				Name: qm.Name,
+			}
+
+			switch {
+			case qm.Exact != "":
+				queryMatcher.Match = &pbproxystate.QueryParameterMatch_Exact{
+					Exact: qm.Exact,
+				}
+			case qm.Regex != "":
+				queryMatcher.Match = &pbproxystate.QueryParameterMatch_Regex{
+					Regex: qm.Regex,
+				}
+			case qm.Present:
+				queryMatcher.Match = &pbproxystate.QueryParameterMatch_Present{
+					Present: true,
+				}
+			default:
+				continue // skip this impossible situation
+			}
+
+			routeMatch.QueryParameterMatches = append(routeMatch.QueryParameterMatches, queryMatcher)
+		}
+	}
+
+	return routeMatch
+}
+
+func makeDefaultRouteMatch() *pbproxystate.RouteMatch {
+	return &pbproxystate.RouteMatch{
+		PathMatch: &pbproxystate.PathMatch{
+			PathMatch: &pbproxystate.PathMatch_Prefix{
+				Prefix: "/",
+			},
+		},
+		// TODO(banks) Envoy supports matching only valid GRPC
+		// requests which might be nice to add here for gRPC services
+		// but it's not supported in our current envoy SDK version
+		// although docs say it was supported by 1.8.0. Going to defer
+		// that until we've updated the deps.
+	}
+}
+
+func (s *Converter) makeRouteDestinationForChainCluster(
+	upstreamsSnapshot *proxycfg.ConfigSnapshotUpstreams,
+	targetID string,
+	chain *structs.CompiledDiscoveryChain,
+	forMeshGateway bool,
+) (*pbproxystate.RouteDestination, bool) {
+	clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway)
+	if clusterName == "" {
+		return nil, false
+	}
+	return makeRouteDestinationFromName(clusterName), true
+}
+
+func (s *Converter) makeRouteDestinationForSplitter(
+	upstreamsSnapshot *proxycfg.ConfigSnapshotUpstreams,
+	splits []*structs.DiscoverySplit,
+	chain *structs.CompiledDiscoveryChain,
+	forMeshGateway bool,
+) (*pbproxystate.RouteDestination, error) {
+	clusters := make([]*pbproxystate.L7WeightedDestinationCluster, 0, len(splits))
+	for _, split := range splits {
+		nextNode := chain.Nodes[split.NextNode]
+
+		if nextNode.Type != structs.DiscoveryGraphNodeTypeResolver {
+			return nil, fmt.Errorf("unexpected splitter destination node type: %s", nextNode.Type)
+		}
+		targetID := nextNode.Resolver.Target
+
+		clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway)
+		if clusterName == "" {
+			continue
+		}
+
+		// The smallest representable weight is 1/10000 or .01% but envoy
+		// deals with integers so scale everything up by 100x.
+		weight := int(split.Weight * 100)
+
+		clusterWeight := &pbproxystate.L7WeightedDestinationCluster{
+			Name:   clusterName,
+			Weight: response.MakeUint32Value(weight),
+		}
+		if err := injectHeaderManipToWeightedCluster(split.Definition, clusterWeight); err != nil {
+			return nil, err
+		}
+
+		clusters = append(clusters, clusterWeight)
+	}
+
+	if len(clusters) <= 0 {
+		return nil, fmt.Errorf("number of clusters in splitter must be > 0; got %d", len(clusters))
+	}
+
+	return &pbproxystate.RouteDestination{
+		Destination: &pbproxystate.RouteDestination_WeightedClusters{
+			WeightedClusters: &pbproxystate.L7WeightedClusterGroup{
+				Clusters: clusters,
+			},
+		},
+	}, nil
+}
+
+func injectLBToDestinationConfiguration(lb *structs.LoadBalancer, destinationConfig *pbproxystate.DestinationConfiguration) error {
+	if lb == nil || !lb.IsHashBased() {
+		return nil
+	}
+
+	result := make([]*pbproxystate.LoadBalancerHashPolicy, 0, len(lb.HashPolicies))
+	for _, policy := range lb.HashPolicies {
+		if policy.SourceIP {
+			p := &pbproxystate.LoadBalancerHashPolicy{
+				Policy: &pbproxystate.LoadBalancerHashPolicy_ConnectionProperties{
+					ConnectionProperties: &pbproxystate.ConnectionPropertiesPolicy{
+						SourceIp: true,
+						Terminal: policy.Terminal,
+					},
+				},
+			}
+			result = append(result, p)
+			continue
+		}
+
+		switch policy.Field {
+		case structs.HashPolicyHeader:
+			p := &pbproxystate.LoadBalancerHashPolicy{
+				Policy: &pbproxystate.LoadBalancerHashPolicy_Header{
+					Header: &pbproxystate.HeaderPolicy{
+						Name:     policy.FieldValue,
+						Terminal: policy.Terminal,
+					},
+				},
+			}
+			result = append(result, p)
+
+		case structs.HashPolicyCookie:
+
+			cookie := &pbproxystate.CookiePolicy{
+				Name:     policy.FieldValue,
+				Terminal: policy.Terminal,
+			}
+			if policy.CookieConfig != nil {
+				cookie.Path = policy.CookieConfig.Path
+
+				if policy.CookieConfig.TTL != 0*time.Second {
+					cookie.Ttl = durationpb.New(policy.CookieConfig.TTL)
+				}
+
+				// Envoy will generate a session cookie if the ttl is present and zero.
+				if policy.CookieConfig.Session {
+					cookie.Ttl = durationpb.New(0 * time.Second)
+				}
+			}
+			p := &pbproxystate.LoadBalancerHashPolicy{
+				Policy: &pbproxystate.LoadBalancerHashPolicy_Cookie{
+					Cookie: cookie,
+				},
+			}
+			result = append(result, p)
+
+		case structs.HashPolicyQueryParam:
+			p := &pbproxystate.LoadBalancerHashPolicy{
+				Policy: &pbproxystate.LoadBalancerHashPolicy_QueryParameter{
+					QueryParameter: &pbproxystate.QueryParameterPolicy{
+						Name:     policy.FieldValue,
+						Terminal: policy.Terminal,
+					},
+				},
+			}
+			result = append(result, p)
+
+		default:
+			return fmt.Errorf("unsupported load balancer hash policy field: %v", policy.Field)
+		}
+	}
+
+	destinationConfig.HashPolicies = result
+	return nil
+}
+
+func injectHeaderManipToRoute(dest *structs.ServiceRouteDestination, r *pbproxystate.RouteRule) error {
+	if !dest.RequestHeaders.IsZero() {
+		r.HeaderMutations = append(
+			r.HeaderMutations,
+			makeRequestHeaderAdd(dest.RequestHeaders.Add, true)...,
+		)
+		r.HeaderMutations = append(
+			r.HeaderMutations,
+			makeRequestHeaderAdd(dest.RequestHeaders.Set, false)...,
+		)
+		r.HeaderMutations = append(
+			r.HeaderMutations,
+			makeRequestHeaderRemove(dest.RequestHeaders.Remove),
+		)
+	}
+	if !dest.ResponseHeaders.IsZero() {
+		r.HeaderMutations = append(
+			r.HeaderMutations,
+			makeResponseHeaderAdd(dest.ResponseHeaders.Add, true)...,
+		)
+		r.HeaderMutations = append(
+			r.HeaderMutations,
+			makeResponseHeaderAdd(dest.ResponseHeaders.Set, false)...,
+		)
+		r.HeaderMutations = append(
+			r.HeaderMutations,
+			makeResponseHeaderRemove(dest.ResponseHeaders.Remove),
+		)
+	}
+	return nil
+}
+
+func injectHeaderManipToWeightedCluster(split *structs.ServiceSplit, c *pbproxystate.L7WeightedDestinationCluster) error {
+	if !split.RequestHeaders.IsZero() {
+		c.HeaderMutations = append(
+			c.HeaderMutations,
+			makeRequestHeaderAdd(split.RequestHeaders.Add, true)...,
+		)
+		c.HeaderMutations = append(
+			c.HeaderMutations,
+			makeRequestHeaderAdd(split.RequestHeaders.Set, false)...,
+		)
+		c.HeaderMutations = append(
+			c.HeaderMutations,
+			makeRequestHeaderRemove(split.RequestHeaders.Remove),
+		)
+	}
+	if !split.ResponseHeaders.IsZero() {
+		c.HeaderMutations = append(
+			c.HeaderMutations,
+			makeResponseHeaderAdd(split.ResponseHeaders.Add, true)...,
+		)
+		c.HeaderMutations = append(
+			c.HeaderMutations,
+			makeResponseHeaderAdd(split.ResponseHeaders.Set, false)...,
+		)
+		c.HeaderMutations = append(
+			c.HeaderMutations,
+			makeResponseHeaderRemove(split.ResponseHeaders.Remove),
+		)
+	}
+	return nil
+}
+
+func makeRequestHeaderAdd(vals map[string]string, add bool) []*pbproxystate.HeaderMutation {
+	mutations := make([]*pbproxystate.HeaderMutation, 0, len(vals))
+
+	appendAction := pbproxystate.AppendAction_APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD
+	if add {
+		appendAction = pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+	}
+
+	for k, v := range vals {
+		m := &pbproxystate.HeaderMutation{
+			Action: &pbproxystate.HeaderMutation_RequestHeaderAdd{
+				RequestHeaderAdd: &pbproxystate.RequestHeaderAdd{
+					Header: &pbproxystate.Header{
+						Key:   k,
+						Value: v,
+					},
+					AppendAction: appendAction,
+				},
+			},
+		}
+		mutations = append(mutations, m)
+	}
+	return mutations
+}
+
+func makeRequestHeaderRemove(values []string) *pbproxystate.HeaderMutation {
+	return &pbproxystate.HeaderMutation{
+		Action: &pbproxystate.HeaderMutation_RequestHeaderRemove{
+			RequestHeaderRemove: &pbproxystate.RequestHeaderRemove{
+				HeaderKeys: values,
+			},
+		},
+	}
+}
+
+func makeResponseHeaderAdd(vals map[string]string, add bool) []*pbproxystate.HeaderMutation {
+	mutations := make([]*pbproxystate.HeaderMutation, 0, len(vals))
+
+	appendAction := pbproxystate.AppendAction_APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD
+	if add {
+		appendAction = pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+	}
+
+	for k, v := range vals {
+		m := &pbproxystate.HeaderMutation{
+			Action: &pbproxystate.HeaderMutation_ResponseHeaderAdd{
+				ResponseHeaderAdd: &pbproxystate.ResponseHeaderAdd{
+					Header: &pbproxystate.Header{
+						Key:   k,
+						Value: v,
+					},
+					AppendAction: appendAction,
+				},
+			},
+		}
+		mutations = append(mutations, m)
+	}
+	return mutations
+}
+
+func makeResponseHeaderRemove(values []string) *pbproxystate.HeaderMutation {
+	return &pbproxystate.HeaderMutation{
+		Action: &pbproxystate.HeaderMutation_ResponseHeaderRemove{
+			ResponseHeaderRemove: &pbproxystate.ResponseHeaderRemove{
+				HeaderKeys: values,
+			},
+		},
+	}
+}
diff --git a/agent/xds/routes_test.go b/agent/xds/routes_test.go
index 8b7345d88a52..e2f7d73b5e7c 100644
--- a/agent/xds/routes_test.go
+++ b/agent/xds/routes_test.go
@@ -16,8 +16,10 @@ import (
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/proxystateconverter"
 	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/agent/xds/testcommon"
+	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
@@ -26,6 +28,7 @@ type routeTestCase struct {
 	name               string
 	create             func(t testinf.T) *proxycfg.ConfigSnapshot
 	overrideGoldenName string
+	alsoRunTestForV2   bool
 }
 
 func makeRouteDiscoChainTests(enterprise bool) []routeTestCase {
@@ -35,66 +38,77 @@ func makeRouteDiscoChainTests(enterprise bool) []routeTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-external-sni",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-splitter-overweight",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-overweight", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-overrides",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "splitter-with-resolver-redirect",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-splitter",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-splitter", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-grpc-router",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "grpc-router", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-router",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-router", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-lb-in-resolver",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-route-to-lb-resolver",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "redirect-to-lb-node", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-resolver-with-lb",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "resolver-with-lb", enterprise, nil, nil)
 			},
+			alsoRunTestForV2: true,
 		},
 	}
 }
@@ -115,6 +129,8 @@ func TestRoutesFromSnapshot(t *testing.T) {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-defaults-no-chain",
@@ -122,6 +138,8 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp",
 					"default", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain",
@@ -129,6 +147,8 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"simple", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-external-sni",
@@ -136,6 +156,8 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"external-sni", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-splitter-with-resolver-redirect",
@@ -143,6 +165,8 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"splitter-with-resolver-redirect-multidc", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-splitter",
@@ -150,6 +174,8 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"chain-and-splitter", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-grpc-router",
@@ -157,6 +183,8 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"grpc-router", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-router",
@@ -164,6 +192,8 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"chain-and-router", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-lb-in-resolver",
@@ -171,48 +201,66 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"lb-resolver", nil, nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "ingress-http-multiple-services",
 			create: proxycfg.TestConfigSnapshotIngress_HTTPMultipleServices,
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "ingress-grpc-multiple-services",
 			create: proxycfg.TestConfigSnapshotIngress_GRPCMultipleServices,
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-router-header-manip",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "router-header-manip", nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-sds-listener-level",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-listener-level", nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-sds-listener-level-wildcard",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-listener-level-wildcard", nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-sds-service-level",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-service-level", nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-sds-service-level-mixed-tls",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-service-level-mixed-tls", nil, nil)
 			},
+			// TODO(proxystate): ingress gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-lb-config",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayLBConfig,
+			// TODO(proxystate): terminating gateway will come at a later time
+			alsoRunTestForV2: false,
 		},
 	}
 
@@ -245,7 +293,7 @@ func TestRoutesFromSnapshot(t *testing.T) {
 					r, err := response.CreateResponse(xdscommon.RouteType, "00000001", "00000001", routes)
 					require.NoError(t, err)
 
-					t.Run("current", func(t *testing.T) {
+					t.Run("current-xdsv1", func(t *testing.T) {
 						gotJSON := protoToJSON(t, r)
 
 						gName := tt.name
@@ -255,6 +303,39 @@ func TestRoutesFromSnapshot(t *testing.T) {
 
 						require.JSONEq(t, goldenEnvoy(t, filepath.Join("routes", gName), envoyVersion, latestEnvoyVersion, gotJSON), gotJSON)
 					})
+
+					if tt.alsoRunTestForV2 {
+						generator := xdsv2.NewResourceGenerator(testutil.Logger(t))
+
+						converter := proxystateconverter.NewConverter(testutil.Logger(t), &mockCfgFetcher{addressLan: "10.10.10.10"})
+						proxyState, err := converter.ProxyStateFromSnapshot(snap)
+						require.NoError(t, err)
+
+						res, err := generator.AllResourcesFromIR(proxyState)
+						require.NoError(t, err)
+
+						routes = res[xdscommon.RouteType]
+						// The order of routes returned via RDS isn't relevant, so it's safe
+						// to sort these for the purposes of test comparisons.
+						sort.Slice(routes, func(i, j int) bool {
+							return routes[i].(*envoy_route_v3.Route).Name < routes[j].(*envoy_route_v3.Route).Name
+						})
+
+						r, err := response.CreateResponse(xdscommon.RouteType, "00000001", "00000001", routes)
+						require.NoError(t, err)
+
+						t.Run("current-xdsv2", func(t *testing.T) {
+							gotJSON := protoToJSON(t, r)
+
+							gName := tt.name
+							if tt.overrideGoldenName != "" {
+								gName = tt.overrideGoldenName
+							}
+
+							expectedJSON := goldenEnvoy(t, filepath.Join("routes", gName), envoyVersion, latestEnvoyVersion, gotJSON)
+							require.JSONEq(t, expectedJSON, gotJSON)
+						})
+					}
 				})
 			}
 		})
diff --git a/agent/xdsv2/cluster_resources.go b/agent/xdsv2/cluster_resources.go
index 4c1573d5db3d..5eedd1f21f37 100644
--- a/agent/xdsv2/cluster_resources.go
+++ b/agent/xdsv2/cluster_resources.go
@@ -12,11 +12,23 @@ import (
 	envoy_aggregate_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/aggregate/v3"
 	envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
 	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
+
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/anypb"
 )
 
+func (pr *ProxyResources) doesEnvoyClusterAlreadyExist(name string) bool {
+	// TODO(proxystate): consider using a map instead of [] for this kind of lookup
+	for _, envoyCluster := range pr.envoyResources[xdscommon.ClusterType] {
+		if envoyCluster.(*envoy_cluster_v3.Cluster).Name == name {
+			return true
+		}
+	}
+	return false
+}
+
 func (pr *ProxyResources) makeXDSClusters() ([]proto.Message, error) {
 	clusters := make([]proto.Message, 0)
 
@@ -39,6 +51,11 @@ func (pr *ProxyResources) makeClusters(name string) ([]proto.Message, error) {
 		return nil, fmt.Errorf("cluster %q not found", name)
 	}
 
+	if pr.doesEnvoyClusterAlreadyExist(name) {
+		// don't error
+		return []proto.Message{}, nil
+	}
+
 	switch proxyStateCluster.Group.(type) {
 	case *pbproxystate.Cluster_FailoverGroup:
 		fg := proxyStateCluster.GetFailoverGroup()
diff --git a/agent/xdsv2/listener_resources.go b/agent/xdsv2/listener_resources.go
index 2d3bf5d60da5..f3a241f0cbe3 100644
--- a/agent/xdsv2/listener_resources.go
+++ b/agent/xdsv2/listener_resources.go
@@ -43,6 +43,20 @@ const (
 	envoyHttpConnectionManagerFilterName       = "envoy.filters.network.http_connection_manager"
 )
 
+func (pr *ProxyResources) makeXDSListeners() ([]proto.Message, error) {
+	listeners := make([]proto.Message, 0)
+
+	for _, l := range pr.proxyState.Listeners {
+		protoListener, err := pr.makeListener(l)
+		// TODO: aggregate errors for listeners and still return any properly formed listeners.
+		if err != nil {
+			return nil, err
+		}
+		listeners = append(listeners, protoListener)
+	}
+	return listeners, nil
+}
+
 func (pr *ProxyResources) makeListener(listener *pbproxystate.Listener) (*envoy_listener_v3.Listener, error) {
 	envoyListener := &envoy_listener_v3.Listener{}
 
@@ -399,7 +413,7 @@ func (pr *ProxyResources) makeL7Filters(l7 *pbproxystate.L7Destination) ([]*envo
 			},
 		}
 
-		routeConfig, err := pr.makeRoute(l7.Name)
+		routeConfig, err := pr.makeEnvoyRoute(l7.Name)
 		if err != nil {
 			return nil, err
 		}
diff --git a/agent/xdsv2/resources.go b/agent/xdsv2/resources.go
index d56b5331451c..46bdd08d6c50 100644
--- a/agent/xdsv2/resources.go
+++ b/agent/xdsv2/resources.go
@@ -45,17 +45,11 @@ func (g *ResourceGenerator) AllResourcesFromIR(proxyState *pbmesh.ProxyState) (m
 }
 
 func (pr *ProxyResources) generateXDSResources() error {
-	listeners := make([]proto.Message, 0)
-	routes := make([]proto.Message, 0)
-
-	for _, l := range pr.proxyState.Listeners {
-		protoListener, err := pr.makeListener(l)
-		// TODO: aggregate errors for listeners and still return any properly formed listeners.
-		if err != nil {
-			return err
-		}
-		listeners = append(listeners, protoListener)
+	listeners, err := pr.makeXDSListeners()
+	if err != nil {
+		return err
 	}
+	pr.envoyResources[xdscommon.ListenerType] = listeners
 
 	pr.envoyResources[xdscommon.ListenerType] = listeners
 
@@ -71,6 +65,10 @@ func (pr *ProxyResources) generateXDSResources() error {
 	}
 	pr.envoyResources[xdscommon.EndpointType] = endpoints
 
+	routes, err := pr.makeXDSRoutes()
+	if err != nil {
+		return err
+	}
 	pr.envoyResources[xdscommon.RouteType] = routes
 
 	return nil
diff --git a/agent/xdsv2/route_resources.go b/agent/xdsv2/route_resources.go
index 86d82a5d306f..931d48f26078 100644
--- a/agent/xdsv2/route_resources.go
+++ b/agent/xdsv2/route_resources.go
@@ -5,11 +5,31 @@ package xdsv2
 
 import (
 	"fmt"
+	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+	envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
+	"github.com/hashicorp/consul/agent/xds/response"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+	"google.golang.org/protobuf/types/known/wrapperspb"
+	"strings"
 
 	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
+	"google.golang.org/protobuf/proto"
 )
 
-func (pr *ProxyResources) makeRoute(name string) (*envoy_route_v3.RouteConfiguration, error) {
+func (pr *ProxyResources) makeXDSRoutes() ([]proto.Message, error) {
+	routes := make([]proto.Message, 0)
+
+	for name, r := range pr.proxyState.Routes {
+		protoRoute := pr.makeEnvoyRouteConfigFromProxystateRoute(name, r)
+		// TODO: aggregate errors for routes and still return any properly formed routes.
+		routes = append(routes, protoRoute)
+	}
+
+	return routes, nil
+}
+
+func (pr *ProxyResources) makeEnvoyRoute(name string) (*envoy_route_v3.RouteConfiguration, error) {
 	var route *envoy_route_v3.RouteConfiguration
 	// TODO(proxystate): This will make routes in the future. This function should distinguish between static routes
 	// inlined into listeners and non-static routes that should be added as top level Envoy resources.
@@ -21,3 +41,485 @@ func (pr *ProxyResources) makeRoute(name string) (*envoy_route_v3.RouteConfigura
 	}
 	return route, nil
 }
+
+// makeEnvoyRouteConfigFromProxystateRoute converts the proxystate representation of a Route into Envoy proto message
+// form. We don't throw any errors here, since the proxystate has already been validated.
+func (pr *ProxyResources) makeEnvoyRouteConfigFromProxystateRoute(name string, psRoute *pbproxystate.Route) *envoy_route_v3.RouteConfiguration {
+
+	envoyRouteConfig := &envoy_route_v3.RouteConfiguration{
+		Name: name,
+		// ValidateClusters defaults to true when defined statically and false
+		// when done via RDS. Re-set the reasonable value of true to prevent
+		// null-routing traffic.
+		ValidateClusters: response.MakeBoolValue(true),
+	}
+
+	for _, vh := range psRoute.GetVirtualHosts() {
+		envoyRouteConfig.VirtualHosts = append(envoyRouteConfig.VirtualHosts, pr.makeEnvoyVHFromProxystateVH(vh))
+	}
+
+	return envoyRouteConfig
+}
+
+func (pr *ProxyResources) makeEnvoyVHFromProxystateVH(psVirtualHost *pbproxystate.VirtualHost) *envoy_route_v3.VirtualHost {
+	envoyVirtualHost := &envoy_route_v3.VirtualHost{
+		Name:    psVirtualHost.Name,
+		Domains: psVirtualHost.GetDomains(),
+	}
+
+	for _, rr := range psVirtualHost.GetRouteRules() {
+		envoyVirtualHost.Routes = append(envoyVirtualHost.Routes, pr.makeEnvoyRouteFromProxystateRouteRule(rr))
+	}
+
+	for _, hm := range psVirtualHost.GetHeaderMutations() {
+		injectEnvoyVirtualHostWithProxystateHeaderMutation(envoyVirtualHost, hm)
+	}
+
+	return envoyVirtualHost
+}
+
+func (pr *ProxyResources) makeEnvoyRouteFromProxystateRouteRule(psRouteRule *pbproxystate.RouteRule) *envoy_route_v3.Route {
+	envoyRouteRule := &envoy_route_v3.Route{
+		Match:  makeEnvoyRouteMatchFromProxystateRouteMatch(psRouteRule.GetMatch()),
+		Action: pr.makeEnvoyRouteActionFromProxystateRouteDestination(psRouteRule.GetDestination()),
+	}
+
+	for _, hm := range psRouteRule.GetHeaderMutations() {
+		injectEnvoyRouteRuleWithProxystateHeaderMutation(envoyRouteRule, hm)
+	}
+
+	return envoyRouteRule
+}
+
+func makeEnvoyRouteMatchFromProxystateRouteMatch(psRouteMatch *pbproxystate.RouteMatch) *envoy_route_v3.RouteMatch {
+	envoyRouteMatch := &envoy_route_v3.RouteMatch{}
+
+	switch psRouteMatch.PathMatch.GetPathMatch().(type) {
+	case *pbproxystate.PathMatch_Exact:
+		envoyRouteMatch.PathSpecifier = &envoy_route_v3.RouteMatch_Path{
+			Path: psRouteMatch.PathMatch.GetExact(),
+		}
+	case *pbproxystate.PathMatch_Prefix:
+		envoyRouteMatch.PathSpecifier = &envoy_route_v3.RouteMatch_Prefix{
+			Prefix: psRouteMatch.PathMatch.GetPrefix(),
+		}
+	case *pbproxystate.PathMatch_Regex:
+		envoyRouteMatch.PathSpecifier = &envoy_route_v3.RouteMatch_SafeRegex{
+			SafeRegex: makeEnvoyRegexMatch(psRouteMatch.PathMatch.GetRegex()),
+		}
+	default:
+		// This shouldn't be possible considering the types of PathMatch
+		return nil
+	}
+
+	if len(psRouteMatch.GetHeaderMatches()) > 0 {
+		envoyRouteMatch.Headers = make([]*envoy_route_v3.HeaderMatcher, 0, len(psRouteMatch.GetHeaderMatches()))
+	}
+	for _, psHM := range psRouteMatch.GetHeaderMatches() {
+		envoyRouteMatch.Headers = append(envoyRouteMatch.Headers, makeEnvoyHeaderMatcherFromProxystateHeaderMatch(psHM))
+	}
+
+	if len(psRouteMatch.MethodMatches) > 0 {
+		methodHeaderRegex := strings.Join(psRouteMatch.MethodMatches, "|")
+
+		eh := &envoy_route_v3.HeaderMatcher{
+			Name: ":method",
+			HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
+				SafeRegexMatch: makeEnvoyRegexMatch(methodHeaderRegex),
+			},
+		}
+
+		envoyRouteMatch.Headers = append(envoyRouteMatch.Headers, eh)
+	}
+
+	if len(psRouteMatch.GetQueryParameterMatches()) > 0 {
+		envoyRouteMatch.QueryParameters = make([]*envoy_route_v3.QueryParameterMatcher, 0, len(psRouteMatch.GetQueryParameterMatches()))
+	}
+	for _, psQM := range psRouteMatch.GetQueryParameterMatches() {
+		envoyRouteMatch.QueryParameters = append(envoyRouteMatch.QueryParameters, makeEnvoyQueryParamFromProxystateQueryMatch(psQM))
+	}
+
+	return envoyRouteMatch
+}
+
+func makeEnvoyRegexMatch(pattern string) *envoy_matcher_v3.RegexMatcher {
+	return &envoy_matcher_v3.RegexMatcher{
+		EngineType: &envoy_matcher_v3.RegexMatcher_GoogleRe2{
+			GoogleRe2: &envoy_matcher_v3.RegexMatcher_GoogleRE2{},
+		},
+		Regex: pattern,
+	}
+}
+
+func makeEnvoyHeaderMatcherFromProxystateHeaderMatch(psMatch *pbproxystate.HeaderMatch) *envoy_route_v3.HeaderMatcher {
+	envoyHeaderMatcher := &envoy_route_v3.HeaderMatcher{
+		Name: psMatch.Name,
+	}
+
+	switch psMatch.Match.(type) {
+	case *pbproxystate.HeaderMatch_Exact:
+		envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_ExactMatch{
+			ExactMatch: psMatch.GetExact(),
+		}
+	case *pbproxystate.HeaderMatch_Regex:
+		envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
+			SafeRegexMatch: makeEnvoyRegexMatch(psMatch.GetRegex()),
+		}
+	case *pbproxystate.HeaderMatch_Prefix:
+		envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PrefixMatch{
+			PrefixMatch: psMatch.GetPrefix(),
+		}
+	case *pbproxystate.HeaderMatch_Suffix:
+		envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SuffixMatch{
+			SuffixMatch: psMatch.GetSuffix(),
+		}
+	case *pbproxystate.HeaderMatch_Present:
+		envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PresentMatch{
+			PresentMatch: true,
+		}
+	default:
+		// This shouldn't be possible considering the types of HeaderMatch
+		return nil
+	}
+
+	if psMatch.GetInvertMatch() {
+		envoyHeaderMatcher.InvertMatch = true
+	}
+
+	return envoyHeaderMatcher
+}
+
+func makeEnvoyQueryParamFromProxystateQueryMatch(psMatch *pbproxystate.QueryParameterMatch) *envoy_route_v3.QueryParameterMatcher {
+	envoyQueryParamMatcher := &envoy_route_v3.QueryParameterMatcher{
+		Name: psMatch.Name,
+	}
+
+	switch psMatch.Match.(type) {
+	case *pbproxystate.QueryParameterMatch_Exact:
+		envoyQueryParamMatcher.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{
+			StringMatch: &envoy_matcher_v3.StringMatcher{
+				MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{
+					Exact: psMatch.GetExact(),
+				},
+			},
+		}
+
+	case *pbproxystate.QueryParameterMatch_Regex:
+		envoyQueryParamMatcher.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{
+			StringMatch: &envoy_matcher_v3.StringMatcher{
+				MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
+					SafeRegex: makeEnvoyRegexMatch(psMatch.GetRegex()),
+				},
+			},
+		}
+	case *pbproxystate.QueryParameterMatch_Present:
+		envoyQueryParamMatcher.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_PresentMatch{
+			PresentMatch: true,
+		}
+	default:
+		// This shouldn't be possible considering the types of QueryMatch
+		return nil
+	}
+
+	return envoyQueryParamMatcher
+}
+
+// TODO (dans): Will this always be envoy_route_v3.Route_Route?
+// Definitely for connect proxies this is the only option.
+func (pr *ProxyResources) makeEnvoyRouteActionFromProxystateRouteDestination(psRouteDestination *pbproxystate.RouteDestination) *envoy_route_v3.Route_Route {
+	envoyRouteRoute := &envoy_route_v3.Route_Route{
+		Route: &envoy_route_v3.RouteAction{},
+	}
+
+	switch psRouteDestination.Destination.(type) {
+	case *pbproxystate.RouteDestination_Cluster:
+		psCluster := psRouteDestination.GetCluster()
+		envoyRouteRoute.Route.ClusterSpecifier = &envoy_route_v3.RouteAction_Cluster{
+			Cluster: psCluster.GetName(),
+		}
+		clusters, _ := pr.makeClusters(psCluster.Name)
+		pr.envoyResources[xdscommon.ClusterType] = append(pr.envoyResources[xdscommon.ClusterType], clusters...)
+
+	case *pbproxystate.RouteDestination_WeightedClusters:
+		psWeightedClusters := psRouteDestination.GetWeightedClusters()
+		envoyClusters := make([]*envoy_route_v3.WeightedCluster_ClusterWeight, 0, len(psWeightedClusters.GetClusters()))
+		totalWeight := 0
+		for _, psCluster := range psWeightedClusters.GetClusters() {
+			clusters, _ := pr.makeClusters(psCluster.Name)
+			pr.envoyResources[xdscommon.ClusterType] = append(pr.envoyResources[xdscommon.ClusterType], clusters...)
+			totalWeight += int(psCluster.Weight.GetValue())
+			envoyClusters = append(envoyClusters, makeEnvoyClusterWeightFromProxystateWeightedCluster(psCluster))
+		}
+		var envoyWeightScale *wrapperspb.UInt32Value
+		if totalWeight == 10000 {
+			envoyWeightScale = response.MakeUint32Value(10000)
+		}
+
+		envoyRouteRoute.Route.ClusterSpecifier = &envoy_route_v3.RouteAction_WeightedClusters{
+			WeightedClusters: &envoy_route_v3.WeightedCluster{
+				Clusters:    envoyClusters,
+				TotalWeight: envoyWeightScale,
+			},
+		}
+	default:
+		// This shouldn't be possible considering the types of Destination
+		return nil
+	}
+
+	injectEnvoyRouteActionWithProxystateDestinationConfig(envoyRouteRoute.Route, psRouteDestination.GetDestinationConfiguration())
+
+	if psRouteDestination.GetDestinationConfiguration() != nil {
+		config := psRouteDestination.GetDestinationConfiguration()
+		action := envoyRouteRoute.Route
+
+		action.PrefixRewrite = config.GetPrefixRewrite()
+
+		if config.GetTimeoutConfig().GetTimeout() != nil {
+			action.Timeout = config.GetTimeoutConfig().GetTimeout()
+		}
+
+		if config.GetTimeoutConfig().GetTimeout() != nil {
+			action.Timeout = config.GetTimeoutConfig().GetTimeout()
+		}
+
+		if config.GetTimeoutConfig().GetIdleTimeout() != nil {
+			action.IdleTimeout = config.GetTimeoutConfig().GetIdleTimeout()
+		}
+
+		if config.GetRetryPolicy() != nil {
+			action.RetryPolicy = makeEnvoyRetryPolicyFromProxystateRetryPolicy(config.GetRetryPolicy())
+		}
+	}
+
+	return envoyRouteRoute
+}
+
+func makeEnvoyClusterWeightFromProxystateWeightedCluster(cluster *pbproxystate.L7WeightedDestinationCluster) *envoy_route_v3.WeightedCluster_ClusterWeight {
+	envoyClusterWeight := &envoy_route_v3.WeightedCluster_ClusterWeight{
+		Name:   cluster.GetName(),
+		Weight: cluster.GetWeight(),
+	}
+
+	for _, hm := range cluster.GetHeaderMutations() {
+		injectEnvoyClusterWeightWithProxystateHeaderMutation(envoyClusterWeight, hm)
+	}
+
+	return envoyClusterWeight
+}
+
+func injectEnvoyClusterWeightWithProxystateHeaderMutation(envoyClusterWeight *envoy_route_v3.WeightedCluster_ClusterWeight, mutation *pbproxystate.HeaderMutation) {
+
+	mutation.GetAction()
+	switch mutation.GetAction().(type) {
+	case *pbproxystate.HeaderMutation_RequestHeaderAdd:
+		action := mutation.GetRequestHeaderAdd()
+		header := action.GetHeader()
+		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+
+		hvo := &envoy_core_v3.HeaderValueOption{
+			Header: &envoy_core_v3.HeaderValue{
+				Key:   header.GetKey(),
+				Value: header.GetValue(),
+			},
+			Append: response.MakeBoolValue(app),
+		}
+		envoyClusterWeight.RequestHeadersToAdd = append(envoyClusterWeight.RequestHeadersToAdd, hvo)
+
+	case *pbproxystate.HeaderMutation_RequestHeaderRemove:
+		action := mutation.GetRequestHeaderRemove()
+		envoyClusterWeight.RequestHeadersToRemove = append(envoyClusterWeight.RequestHeadersToRemove, action.GetHeaderKeys()...)
+
+	case *pbproxystate.HeaderMutation_ResponseHeaderAdd:
+		action := mutation.GetResponseHeaderAdd()
+		header := action.GetHeader()
+		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+
+		hvo := &envoy_core_v3.HeaderValueOption{
+			Header: &envoy_core_v3.HeaderValue{
+				Key:   header.GetKey(),
+				Value: header.GetValue(),
+			},
+			Append: response.MakeBoolValue(app),
+		}
+		envoyClusterWeight.ResponseHeadersToAdd = append(envoyClusterWeight.ResponseHeadersToAdd, hvo)
+
+	case *pbproxystate.HeaderMutation_ResponseHeaderRemove:
+		action := mutation.GetResponseHeaderRemove()
+		envoyClusterWeight.ResponseHeadersToRemove = append(envoyClusterWeight.ResponseHeadersToRemove, action.GetHeaderKeys()...)
+
+	default:
+		// This shouldn't be possible considering the types of Destination
+		return
+	}
+}
+
+func injectEnvoyRouteActionWithProxystateDestinationConfig(envoyAction *envoy_route_v3.RouteAction, config *pbproxystate.DestinationConfiguration) {
+	if config == nil {
+		return
+	}
+
+	if len(config.GetHashPolicies()) > 0 {
+		envoyAction.HashPolicy = make([]*envoy_route_v3.RouteAction_HashPolicy, 0, len(config.GetHashPolicies()))
+	}
+	for _, policy := range config.GetHashPolicies() {
+		envoyPolicy := makeEnvoyHashPolicyFromProxystateLBHashPolicy(policy)
+		envoyAction.HashPolicy = append(envoyAction.HashPolicy, envoyPolicy)
+	}
+
+	if config.AutoHostRewrite != nil {
+		envoyAction.HostRewriteSpecifier = &envoy_route_v3.RouteAction_AutoHostRewrite{
+			AutoHostRewrite: config.AutoHostRewrite,
+		}
+	}
+}
+
+func makeEnvoyHashPolicyFromProxystateLBHashPolicy(psPolicy *pbproxystate.LoadBalancerHashPolicy) *envoy_route_v3.RouteAction_HashPolicy {
+
+	switch psPolicy.GetPolicy().(type) {
+	case *pbproxystate.LoadBalancerHashPolicy_ConnectionProperties:
+		return &envoy_route_v3.RouteAction_HashPolicy{
+			PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties_{
+				ConnectionProperties: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties{
+					SourceIp: true, // always true
+				},
+			},
+			Terminal: psPolicy.GetConnectionProperties().GetTerminal(),
+		}
+
+	case *pbproxystate.LoadBalancerHashPolicy_Header:
+		return &envoy_route_v3.RouteAction_HashPolicy{
+			PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Header_{
+				Header: &envoy_route_v3.RouteAction_HashPolicy_Header{
+					HeaderName: psPolicy.GetHeader().GetName(),
+				},
+			},
+			Terminal: psPolicy.GetHeader().GetTerminal(),
+		}
+
+	case *pbproxystate.LoadBalancerHashPolicy_Cookie:
+		cookie := &envoy_route_v3.RouteAction_HashPolicy_Cookie{
+			Name: psPolicy.GetCookie().GetName(),
+			Path: psPolicy.GetCookie().GetPath(),
+			Ttl:  psPolicy.GetCookie().GetTtl(),
+		}
+
+		return &envoy_route_v3.RouteAction_HashPolicy{
+			PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{
+				Cookie: cookie,
+			},
+			Terminal: psPolicy.GetCookie().GetTerminal(),
+		}
+
+	case *pbproxystate.LoadBalancerHashPolicy_QueryParameter:
+		return &envoy_route_v3.RouteAction_HashPolicy{
+			PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter_{
+				QueryParameter: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter{
+					Name: psPolicy.GetQueryParameter().GetName(),
+				},
+			},
+			Terminal: psPolicy.GetQueryParameter().GetTerminal(),
+		}
+	}
+	// This shouldn't be possible considering the types of LoadBalancerPolicy
+	return nil
+}
+
+func makeEnvoyRetryPolicyFromProxystateRetryPolicy(psRetryPolicy *pbproxystate.RetryPolicy) *envoy_route_v3.RetryPolicy {
+	return &envoy_route_v3.RetryPolicy{
+		NumRetries:           psRetryPolicy.GetNumRetries(),
+		RetriableStatusCodes: psRetryPolicy.GetRetriableStatusCodes(),
+		RetryOn:              psRetryPolicy.GetRetryOn(),
+	}
+}
+
+func injectEnvoyRouteRuleWithProxystateHeaderMutation(envoyRouteRule *envoy_route_v3.Route, mutation *pbproxystate.HeaderMutation) {
+
+	mutation.GetAction()
+	switch mutation.GetAction().(type) {
+	case *pbproxystate.HeaderMutation_RequestHeaderAdd:
+		action := mutation.GetRequestHeaderAdd()
+		header := action.GetHeader()
+		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+
+		hvo := &envoy_core_v3.HeaderValueOption{
+			Header: &envoy_core_v3.HeaderValue{
+				Key:   header.GetKey(),
+				Value: header.GetValue(),
+			},
+			Append: response.MakeBoolValue(app),
+		}
+		envoyRouteRule.RequestHeadersToAdd = append(envoyRouteRule.RequestHeadersToAdd, hvo)
+
+	case *pbproxystate.HeaderMutation_RequestHeaderRemove:
+		action := mutation.GetRequestHeaderRemove()
+		envoyRouteRule.RequestHeadersToRemove = append(envoyRouteRule.RequestHeadersToRemove, action.GetHeaderKeys()...)
+
+	case *pbproxystate.HeaderMutation_ResponseHeaderAdd:
+		action := mutation.GetResponseHeaderAdd()
+		header := action.GetHeader()
+		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+
+		hvo := &envoy_core_v3.HeaderValueOption{
+			Header: &envoy_core_v3.HeaderValue{
+				Key:   header.GetKey(),
+				Value: header.GetValue(),
+			},
+			Append: response.MakeBoolValue(app),
+		}
+		envoyRouteRule.ResponseHeadersToAdd = append(envoyRouteRule.ResponseHeadersToAdd, hvo)
+
+	case *pbproxystate.HeaderMutation_ResponseHeaderRemove:
+		action := mutation.GetResponseHeaderRemove()
+		envoyRouteRule.ResponseHeadersToRemove = append(envoyRouteRule.ResponseHeadersToRemove, action.GetHeaderKeys()...)
+
+	default:
+		// This shouldn't be possible considering the types of Destination
+		return
+	}
+}
+
+func injectEnvoyVirtualHostWithProxystateHeaderMutation(envoyVirtualHost *envoy_route_v3.VirtualHost, mutation *pbproxystate.HeaderMutation) {
+
+	mutation.GetAction()
+	switch mutation.GetAction().(type) {
+	case *pbproxystate.HeaderMutation_RequestHeaderAdd:
+		action := mutation.GetRequestHeaderAdd()
+		header := action.GetHeader()
+		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+
+		hvo := &envoy_core_v3.HeaderValueOption{
+			Header: &envoy_core_v3.HeaderValue{
+				Key:   header.GetKey(),
+				Value: header.GetValue(),
+			},
+			Append: response.MakeBoolValue(app),
+		}
+		envoyVirtualHost.RequestHeadersToAdd = append(envoyVirtualHost.RequestHeadersToAdd, hvo)
+
+	case *pbproxystate.HeaderMutation_RequestHeaderRemove:
+		action := mutation.GetRequestHeaderRemove()
+		envoyVirtualHost.RequestHeadersToRemove = append(envoyVirtualHost.RequestHeadersToRemove, action.GetHeaderKeys()...)
+
+	case *pbproxystate.HeaderMutation_ResponseHeaderAdd:
+		action := mutation.GetResponseHeaderAdd()
+		header := action.GetHeader()
+		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
+
+		hvo := &envoy_core_v3.HeaderValueOption{
+			Header: &envoy_core_v3.HeaderValue{
+				Key:   header.GetKey(),
+				Value: header.GetValue(),
+			},
+			Append: response.MakeBoolValue(app),
+		}
+		envoyVirtualHost.ResponseHeadersToAdd = append(envoyVirtualHost.ResponseHeadersToAdd, hvo)
+
+	case *pbproxystate.HeaderMutation_ResponseHeaderRemove:
+		action := mutation.GetResponseHeaderRemove()
+		envoyVirtualHost.ResponseHeadersToRemove = append(envoyVirtualHost.ResponseHeadersToRemove, action.GetHeaderKeys()...)
+
+	default:
+		// This shouldn't be possible considering the types of Destination
+		return
+	}
+}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
index 671e25f4ca04..ab573377aac2 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
@@ -77,6 +77,8 @@ type Cluster struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
+	// name is the name of the cluster.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// group is either a failover group or endpoint group. If this cluster needs to failover to other clusters, use the failover group. If this cluster routes directly to endpoints, use the endpoint group.
 	//
 	// Types that are assignable to Group:
@@ -85,11 +87,11 @@ type Cluster struct {
 	//	*Cluster_EndpointGroup
 	Group isCluster_Group `protobuf_oneof:"group"`
 	// escape_hatch_cluster_json configures a user configured escape hatch cluster.
-	EscapeHatchClusterJson string `protobuf:"bytes,3,opt,name=escape_hatch_cluster_json,json=escapeHatchClusterJson,proto3" json:"escape_hatch_cluster_json,omitempty"`
+	EscapeHatchClusterJson string `protobuf:"bytes,4,opt,name=escape_hatch_cluster_json,json=escapeHatchClusterJson,proto3" json:"escape_hatch_cluster_json,omitempty"`
 	// alt_stat_name is the name used for observability in place of cluster name if provided.
-	AltStatName string `protobuf:"bytes,4,opt,name=alt_stat_name,json=altStatName,proto3" json:"alt_stat_name,omitempty"`
+	AltStatName string `protobuf:"bytes,5,opt,name=alt_stat_name,json=altStatName,proto3" json:"alt_stat_name,omitempty"`
 	// protocol is the local path protocol or the service protocol.
-	Protocol string `protobuf:"bytes,5,opt,name=protocol,proto3" json:"protocol,omitempty"`
+	Protocol string `protobuf:"bytes,6,opt,name=protocol,proto3" json:"protocol,omitempty"`
 }
 
 func (x *Cluster) Reset() {
@@ -124,6 +126,13 @@ func (*Cluster) Descriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{0}
 }
 
+func (x *Cluster) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
 func (m *Cluster) GetGroup() isCluster_Group {
 	if m != nil {
 		return m.Group
@@ -171,11 +180,11 @@ type isCluster_Group interface {
 }
 
 type Cluster_FailoverGroup struct {
-	FailoverGroup *FailoverGroup `protobuf:"bytes,1,opt,name=failover_group,json=failoverGroup,proto3,oneof"`
+	FailoverGroup *FailoverGroup `protobuf:"bytes,2,opt,name=failover_group,json=failoverGroup,proto3,oneof"`
 }
 
 type Cluster_EndpointGroup struct {
-	EndpointGroup *EndpointGroup `protobuf:"bytes,2,opt,name=endpoint_group,json=endpointGroup,proto3,oneof"`
+	EndpointGroup *EndpointGroup `protobuf:"bytes,3,opt,name=endpoint_group,json=endpointGroup,proto3,oneof"`
 }
 
 func (*Cluster_FailoverGroup) isCluster_Group() {}
@@ -1697,395 +1706,396 @@ var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDesc = []byte{
 	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
 	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x74, 0x72, 0x61,
 	0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x22, 0xd7, 0x02, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12,
-	0x63, 0x0a, 0x0e, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x67, 0x72, 0x6f, 0x75,
-	0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72,
-	0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47,
-	0x72, 0x6f, 0x75, 0x70, 0x12, 0x63, 0x0a, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
-	0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
+	0x6f, 0x74, 0x6f, 0x22, 0xeb, 0x02, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12,
+	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x63, 0x0a, 0x0e, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f,
+	0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76,
+	0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d, 0x66, 0x61, 0x69, 0x6c, 0x6f,
+	0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x63, 0x0a, 0x0e, 0x65, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45,
+	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d,
+	0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x39, 0x0a,
+	0x19, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x63, 0x6c,
+	0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x16, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6c, 0x75,
+	0x73, 0x74, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0d, 0x61, 0x6c, 0x74, 0x5f,
+	0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0b, 0x61, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75,
+	0x70, 0x22, 0xce, 0x01, 0x0a, 0x0d, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72,
+	0x6f, 0x75, 0x70, 0x12, 0x63, 0x0a, 0x0f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f,
+	0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
 	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
 	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
 	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d, 0x65, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x39, 0x0a, 0x19, 0x65, 0x73, 0x63,
-	0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65,
-	0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x65, 0x73,
-	0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
-	0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0d, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74,
-	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x6c, 0x74,
-	0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x63, 0x6f, 0x6c, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xce, 0x01,
-	0x0a, 0x0d, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12,
-	0x63, 0x0a, 0x0f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75,
-	0x70, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47,
-	0x72, 0x6f, 0x75, 0x70, 0x52, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72,
-	0x6f, 0x75, 0x70, 0x73, 0x12, 0x58, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x84,
-	0x01, 0x0a, 0x13, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c,
-	0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d,
-	0x65, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d,
-	0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69,
-	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x91, 0x03, 0x0a, 0x0d, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69,
-	0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5d, 0x0a, 0x07, 0x64, 0x79, 0x6e, 0x61, 0x6d,
-	0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69,
+	0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x58, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
 	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e,
-	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x07, 0x64,
-	0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x12, 0x5a, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74,
-	0x69, 0x63, 0x12, 0x51, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x4e,
-	0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00,
-	0x52, 0x03, 0x64, 0x6e, 0x73, 0x12, 0x69, 0x0a, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72,
-	0x6f, 0x75, 0x67, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72,
-	0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75,
-	0x70, 0x48, 0x00, 0x52, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68,
-	0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xd8, 0x01, 0x0a, 0x14, 0x44, 0x79,
-	0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f,
-	0x75, 0x70, 0x12, 0x5f, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x47, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f,
-	0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72,
-	0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e,
-	0x64, 0x54, 0x6c, 0x73, 0x22, 0xe0, 0x01, 0x0a, 0x18, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72,
-	0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75,
-	0x70, 0x12, 0x63, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x4b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
-	0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75,
-	0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73,
-	0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62,
-	0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0xd0, 0x01, 0x0a, 0x10, 0x44, 0x4e, 0x53, 0x45,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5b, 0x0a, 0x06,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68,
+	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47,
+	0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x22, 0x84, 0x01, 0x0a, 0x13, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47,
+	0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73,
+	0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61,
+	0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x91, 0x03, 0x0a, 0x0d, 0x45, 0x6e,
+	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5d, 0x0a, 0x07, 0x64,
+	0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68,
 	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
 	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x4e, 0x53, 0x45, 0x6e,
-	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a, 0x0c, 0x6f, 0x75, 0x74,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72,
-	0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f,
-	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0x75, 0x0a, 0x13, 0x53, 0x74,
-	0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75,
-	0x70, 0x12, 0x5e, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
-	0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72,
-	0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x22, 0x7f, 0x0a, 0x16, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x65, 0x0a, 0x08, 0x63,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x34, 0x57, 0x65,
-	0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65,
-	0x72, 0x73, 0x22, 0x7f, 0x0a, 0x16, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64,
-	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x65, 0x0a, 0x08,
-	0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37, 0x57,
-	0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74,
-	0x65, 0x72, 0x73, 0x22, 0x68, 0x0a, 0x1c, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65,
-	0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73,
-	0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68,
-	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32,
-	0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0xd0, 0x01,
-	0x0a, 0x1c, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74,
-	0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12,
-	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x66, 0x0a, 0x10, 0x68, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x22, 0x88, 0x08, 0x0a, 0x1a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
-	0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f,
-	0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65,
-	0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x70,
-	0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x61, 0x6e,
-	0x69, 0x63, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x68, 0x0a, 0x0d, 0x6c,
-	0x65, 0x61, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x62, 0x0a, 0x0b, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x72,
-	0x6f, 0x62, 0x69, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d,
+	0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48,
+	0x00, 0x52, 0x07, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x12, 0x5a, 0x0a, 0x06, 0x73, 0x74,
+	0x61, 0x74, 0x69, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73,
 	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
 	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63,
-	0x79, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x72,
-	0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x12, 0x55, 0x0a, 0x06, 0x72, 0x61, 0x6e,
-	0x64, 0x6f, 0x6d, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x48, 0x00, 0x52, 0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d,
-	0x12, 0x5c, 0x0a, 0x09, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45,
+	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x06,
+	0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x12, 0x51, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x03, 0x20,
 	0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
 	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
 	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61,
-	0x73, 0x68, 0x48, 0x00, 0x52, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x55,
-	0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b,
+	0x65, 0x2e, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f,
+	0x75, 0x70, 0x48, 0x00, 0x52, 0x03, 0x64, 0x6e, 0x73, 0x12, 0x69, 0x0a, 0x0b, 0x70, 0x61, 0x73,
+	0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45,
 	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
 	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x48, 0x00, 0x52, 0x06, 0x6d,
-	0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, 0x67, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74,
-	0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69,
-	0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63,
-	0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x6a,
-	0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44,
-	0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65,
-	0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x86, 0x01, 0x0a, 0x1b, 0x75,
-	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x73,
+	0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72,
+	0x6f, 0x75, 0x67, 0x68, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xd8, 0x01,
+	0x0a, 0x14, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e,
+	0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5f, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x47, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
+	0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f,
+	0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e,
+	0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0xe0, 0x01, 0x0a, 0x18, 0x50, 0x61, 0x73,
+	0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x63, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45,
+	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a, 0x0c, 0x6f, 0x75,
+	0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
 	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55,
-	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65,
-	0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73,
-	0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e,
-	0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x0b,
-	0x0a, 0x09, 0x6c, 0x62, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x57, 0x0a, 0x14, 0x4c,
-	0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x0c, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6f,
-	0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74,
-	0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x22, 0x14, 0x0a, 0x12, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x52, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42,
-	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x22, 0xa6, 0x01, 0x0a,
-	0x10, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73,
-	0x68, 0x12, 0x48, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e,
-	0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55,
-	0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69,
-	0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x48, 0x0a, 0x11, 0x6d,
-	0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e,
-	0x67, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63,
-	0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x22, 0x77, 0x0a, 0x0f, 0x43, 0x69, 0x72, 0x63, 0x75,
-	0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x64, 0x0a, 0x0f, 0x75, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54,
+	0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b,
+	0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0xd0, 0x01, 0x0a, 0x10,
+	0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70,
+	0x12, 0x5b, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44,
+	0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a,
+	0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
 	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
 	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73,
-	0x52, 0x0e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73,
-	0x22, 0xfd, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d,
-	0x69, 0x74, 0x73, 0x12, 0x45, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55,
-	0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4e, 0x0a, 0x14, 0x6d, 0x61,
-	0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33,
-	0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69,
-	0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x54, 0x0a, 0x17, 0x6d, 0x61,
-	0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f,
+	0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65,
+	0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0x75,
+	0x0a, 0x13, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5e, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69,
+	0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x7f, 0x0a, 0x16, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68,
+	0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12,
+	0x65, 0x0a, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x49, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
+	0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c,
+	0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x22, 0x7f, 0x0a, 0x16, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67,
+	0x68, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70,
+	0x12, 0x65, 0x0a, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x49, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69,
+	0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x22, 0x68, 0x0a, 0x1c, 0x4c, 0x34, 0x57, 0x65, 0x69,
+	0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77,
+	0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f,
 	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49,
-	0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f,
-	0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73,
-	0x22, 0x83, 0x03, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
-	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x45, 0x0a, 0x0f,
-	0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65,
-	0x35, 0x78, 0x78, 0x12, 0x58, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67,
-	0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68,
+	0x74, 0x22, 0xd0, 0x01, 0x0a, 0x1c, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64,
+	0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74,
+	0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
 	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43,
-	0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x12, 0x4e, 0x0a,
-	0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x65,
-	0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49,
-	0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x45, 0x6a,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x47, 0x0a,
-	0x12, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74,
-	0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x8b, 0x02, 0x0a, 0x19, 0x55, 0x70, 0x73, 0x74, 0x72,
-	0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4a, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70,
-	0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10,
-	0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x54, 0x69, 0x6d, 0x65,
-	0x12, 0x52, 0x0a, 0x16, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76,
-	0x65, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x14,
-	0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x49, 0x6e, 0x74, 0x65,
-	0x72, 0x76, 0x61, 0x6c, 0x12, 0x4e, 0x0a, 0x14, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70,
-	0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x52, 0x12, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x50, 0x72,
-	0x6f, 0x62, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x1e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f,
-	0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x80, 0x05, 0x0a, 0x16, 0x44,
-	0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73,
-	0x61, 0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73,
-	0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61,
-	0x62, 0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c,
-	0x64, 0x12, 0x61, 0x0a, 0x0e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x74,
-	0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72,
-	0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0d, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79,
-	0x54, 0x79, 0x70, 0x65, 0x12, 0x67, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x5f,
-	0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c,
+	0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x66, 0x0a, 0x10,
+	0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x22, 0x88, 0x08, 0x0a, 0x1a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63,
+	0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61, 0x62,
+	0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f,
+	0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c,
+	0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12,
+	0x68, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61,
+	0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x6c, 0x65, 0x61,
+	0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x62, 0x0a, 0x0b, 0x72, 0x6f, 0x75,
+	0x6e, 0x64, 0x5f, 0x72, 0x6f, 0x62, 0x69, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f,
 	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
 	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x72,
-	0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69,
-	0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x6a, 0x0a,
-	0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65,
-	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72,
-	0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x86, 0x01, 0x0a, 0x1b, 0x75, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70,
+	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x48,
+	0x00, 0x52, 0x0a, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x12, 0x55, 0x0a,
+	0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x48, 0x00, 0x52, 0x06, 0x72, 0x61,
+	0x6e, 0x64, 0x6f, 0x6d, 0x12, 0x5c, 0x0a, 0x09, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73,
+	0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69,
+	0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x48, 0x00, 0x52, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61,
+	0x73, 0x68, 0x12, 0x55, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, 0x07, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x48,
+	0x00, 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, 0x67, 0x0a, 0x10, 0x63, 0x69, 0x72,
+	0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x08, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72,
+	0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65,
+	0x72, 0x73, 0x12, 0x6a, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65,
+	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x6c,
+	0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75,
+	0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x86,
+	0x01, 0x0a, 0x1b, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0a,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70,
 	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
-	0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74,
-	0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75,
-	0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xc8, 0x01,
-	0x0a, 0x19, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12,
-	0x67, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b,
-	0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42,
-	0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74,
-	0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x2a, 0x46, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63,
-	0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x44, 0x49, 0x53,
-	0x43, 0x4f, 0x56, 0x45, 0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4c, 0x4f, 0x47, 0x49,
-	0x43, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x45,
-	0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x01,
-	0x42, 0xd8, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x42, 0x0c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x50, 0x72, 0x6f,
-	0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
-	0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70,
-	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43,
-	0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2,
-	0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50,
-	0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d,
-	0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61,
+	0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61,
+	0x6d, 0x65, 0x42, 0x0b, 0x0a, 0x09, 0x6c, 0x62, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22,
+	0x57, 0x0a, 0x14, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, 0x73, 0x74,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x0c, 0x63, 0x68, 0x6f, 0x69, 0x63,
+	0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x63, 0x68, 0x6f,
+	0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x14, 0x0a, 0x12, 0x4c, 0x42, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x22, 0x10,
+	0x0a, 0x0e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d,
+	0x22, 0xa6, 0x01, 0x0a, 0x10, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e,
+	0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x48, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d,
+	0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f,
+	0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x12,
+	0x48, 0x0a, 0x11, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f,
+	0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e,
+	0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75,
+	0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x22, 0x77, 0x0a, 0x0f, 0x43,
+	0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x64,
+	0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74,
+	0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69,
+	0x6d, 0x69, 0x74, 0x73, 0x52, 0x0e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69,
+	0x6d, 0x69, 0x74, 0x73, 0x22, 0xfd, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
+	0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x45, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e,
+	0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4e,
+	0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55,
+	0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50,
+	0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x54,
+	0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74,
+	0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x6d,
+	0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x73, 0x22, 0x83, 0x03, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72,
+	0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c,
+	0x12, 0x45, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f,
+	0x35, 0x78, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74,
+	0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75,
+	0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x12, 0x58, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, 0x72,
+	0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65,
+	0x5f, 0x35, 0x78, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e,
+	0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63,
+	0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78,
+	0x78, 0x12, 0x4e, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d,
+	0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e,
+	0x74, 0x12, 0x47, 0x0a, 0x12, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x8b, 0x02, 0x0a, 0x19, 0x55,
+	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4a, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f,
+	0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x52, 0x10, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65,
+	0x54, 0x69, 0x6d, 0x65, 0x12, 0x52, 0x0a, 0x16, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70,
+	0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x52, 0x14, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65,
+	0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x4e, 0x0a, 0x14, 0x74, 0x63, 0x70, 0x5f,
+	0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69,
+	0x76, 0x65, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x1e, 0x50, 0x61, 0x73, 0x73,
+	0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47,
+	0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e,
+	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x80,
+	0x05, 0x0a, 0x16, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72,
+	0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e,
+	0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a,
+	0x17, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74,
+	0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15,
+	0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, 0x65,
+	0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x61, 0x0a, 0x0e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
+	0x72, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x69, 0x73, 0x63,
+	0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0d, 0x64, 0x69, 0x73, 0x63, 0x6f,
+	0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x67, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63,
+	0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73,
+	0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72,
+	0x73, 0x12, 0x6a, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69,
+	0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74,
+	0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x86, 0x01,
+	0x0a, 0x1b, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70, 0x73,
+	0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c,
+	0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d,
+	0x65, 0x22, 0xc8, 0x01, 0x0a, 0x19, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
+	0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x12, 0x67, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x5f, 0x62,
+	0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
+	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x72, 0x63,
+	0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72,
+	0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x2a, 0x46, 0x0a, 0x0d,
+	0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a,
+	0x16, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x45, 0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x4c, 0x4f, 0x47, 0x49, 0x43, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x53,
+	0x43, 0x4f, 0x56, 0x45, 0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49,
+	0x43, 0x54, 0x10, 0x01, 0x42, 0xd8, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
+	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65,
+	0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c,
+	0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2,
+	0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
index 860ebf2a5cbf..2073302c0575 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
@@ -11,17 +11,19 @@ import "pbmesh/v1alpha1/pbproxystate/header_mutations.proto";
 import "pbmesh/v1alpha1/pbproxystate/transport_socket.proto";
 
 message Cluster {
+  // name is the name of the cluster.
+  string name = 1;
   // group is either a failover group or endpoint group. If this cluster needs to failover to other clusters, use the failover group. If this cluster routes directly to endpoints, use the endpoint group.
   oneof group {
-    FailoverGroup failover_group = 1;
-    EndpointGroup endpoint_group = 2;
+    FailoverGroup failover_group = 2;
+    EndpointGroup endpoint_group = 3;
   }
   // escape_hatch_cluster_json configures a user configured escape hatch cluster.
-  string escape_hatch_cluster_json = 3;
+  string escape_hatch_cluster_json = 4;
   // alt_stat_name is the name used for observability in place of cluster name if provided.
-  string alt_stat_name = 4;
+  string alt_stat_name = 5;
   // protocol is the local path protocol or the service protocol.
-  string protocol = 5;
+  string protocol = 6;
 }
 
 message FailoverGroup {
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
index 193050474c28..a9c7b57a5729 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
@@ -105,7 +105,7 @@ type ProxyState struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// identity is a reference to the WorkloadIdentity associated with this proxy.
+	// identity is a reference to the identity of the workload this proxy is for.
 	Identity *pbresource.Reference `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
 	// listeners is a list of listeners for this proxy.
 	Listeners []*pbproxystate.Listener `protobuf:"bytes,2,rep,name=listeners,proto3" json:"listeners,omitempty"`
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.proto b/proto-public/pbmesh/v1alpha1/proxy_state.proto
index 756d7dd307c8..dfbe1ca1dee2 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.proto
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.proto
@@ -30,7 +30,7 @@ message ProxyStateTemplate {
 }
 
 message ProxyState {
-  // identity is a reference to the WorkloadIdentity associated with this proxy.
+  // identity is a reference to the identity of the workload this proxy is for.
   hashicorp.consul.resource.Reference identity = 1;
   // listeners is a list of listeners for this proxy.
   repeated pbproxystate.Listener listeners = 2;

From cc596ce772b2dc7c692510a74483b0e8c65829b7 Mon Sep 17 00:00:00 2001
From: Iryna Shustava <ishustava@users.noreply.github.com>
Date: Thu, 17 Aug 2023 18:03:05 -0600
Subject: [PATCH 299/359] bimapper: allow to untrack links and support
 reference or id (#18451)

---
 .../mappers/failovermapper/failover_mapper.go |   6 +-
 internal/resource/equality.go                 |   4 +-
 .../resource/mappers/bimapper/bimapper.go     | 126 ++++++++++--
 .../mappers/bimapper/bimapper_test.go         | 179 ++++++++++++++----
 4 files changed, 262 insertions(+), 53 deletions(-)

diff --git a/internal/catalog/internal/mappers/failovermapper/failover_mapper.go b/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
index def0e1c6cd07..5c23a1bfe3a1 100644
--- a/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
+++ b/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
@@ -42,7 +42,11 @@ func (m *Mapper) TrackFailover(failover *resource.DecodedResource[pbcatalog.Fail
 }
 
 func (m *Mapper) trackFailover(failover *pbresource.ID, services []*pbresource.Reference) {
-	m.b.TrackItem(failover, services)
+	var servicesAsIDsOrRefs []resource.ReferenceOrID
+	for _, s := range services {
+		servicesAsIDsOrRefs = append(servicesAsIDsOrRefs, s)
+	}
+	m.b.TrackItem(failover, servicesAsIDsOrRefs)
 }
 
 // UntrackFailover forgets the links inserted by TrackFailover for the provided
diff --git a/internal/resource/equality.go b/internal/resource/equality.go
index 5a9023ac2432..25e098b1a361 100644
--- a/internal/resource/equality.go
+++ b/internal/resource/equality.go
@@ -20,7 +20,7 @@ func EqualType(a, b *pbresource.Type) bool {
 		a.Kind == b.Kind
 }
 
-// EqualType compares two resource tenancies for equality without reflection.
+// EqualTenancy compares two resource tenancies for equality without reflection.
 func EqualTenancy(a, b *pbresource.Tenancy) bool {
 	if a == b {
 		return true
@@ -35,7 +35,7 @@ func EqualTenancy(a, b *pbresource.Tenancy) bool {
 		a.Namespace == b.Namespace
 }
 
-// EqualType compares two resource IDs for equality without reflection.
+// EqualID compares two resource IDs for equality without reflection.
 func EqualID(a, b *pbresource.ID) bool {
 	if a == b {
 		return true
diff --git a/internal/resource/mappers/bimapper/bimapper.go b/internal/resource/mappers/bimapper/bimapper.go
index 5fee1e38917e..62a6b4dc7ffe 100644
--- a/internal/resource/mappers/bimapper/bimapper.go
+++ b/internal/resource/mappers/bimapper/bimapper.go
@@ -59,16 +59,34 @@ func (m *Mapper) IsEmpty() bool {
 
 // UntrackItem removes tracking for the provided item. The item type MUST match
 // the type configured for the item.
-func (m *Mapper) UntrackItem(item *pbresource.ID) {
-	if !resource.EqualType(item.Type, m.itemType) {
+func (m *Mapper) UntrackItem(item resource.ReferenceOrID) {
+	if !resource.EqualType(item.GetType(), m.itemType) {
 		panic(fmt.Sprintf("expected item type %q got %q",
 			resource.TypeToString(m.itemType),
-			resource.TypeToString(item.Type),
+			resource.TypeToString(item.GetType()),
 		))
 	}
 	m.untrackItem(resource.NewReferenceKey(item))
 }
 
+// UntrackLink removes tracking for the provided link. The link type MUST match
+// the type configured for the link.
+func (m *Mapper) UntrackLink(link resource.ReferenceOrID) {
+	if !resource.EqualType(link.GetType(), m.linkType) {
+		panic(fmt.Sprintf("expected link type %q got %q",
+			resource.TypeToString(m.linkType),
+			resource.TypeToString(link.GetType()),
+		))
+	}
+	m.untrackLink(resource.NewReferenceKey(link))
+}
+
+func (m *Mapper) untrackLink(link resource.ReferenceKey) {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	m.removeLinkLocked(link)
+}
+
 func (m *Mapper) untrackItem(item resource.ReferenceKey) {
 	m.lock.Lock()
 	defer m.lock.Unlock()
@@ -77,20 +95,20 @@ func (m *Mapper) untrackItem(item resource.ReferenceKey) {
 
 // TrackItem adds tracking for the provided item. The item and link types MUST
 // match the types configured for the items and links.
-func (m *Mapper) TrackItem(item *pbresource.ID, links []*pbresource.Reference) {
-	if !resource.EqualType(item.Type, m.itemType) {
+func (m *Mapper) TrackItem(item resource.ReferenceOrID, links []resource.ReferenceOrID) {
+	if !resource.EqualType(item.GetType(), m.itemType) {
 		panic(fmt.Sprintf("expected item type %q got %q",
 			resource.TypeToString(m.itemType),
-			resource.TypeToString(item.Type),
+			resource.TypeToString(item.GetType()),
 		))
 	}
 
 	linksAsKeys := make([]resource.ReferenceKey, 0, len(links))
 	for _, link := range links {
-		if !resource.EqualType(link.Type, m.linkType) {
+		if !resource.EqualType(link.GetType(), m.linkType) {
 			panic(fmt.Sprintf("expected link type %q got %q",
 				resource.TypeToString(m.linkType),
-				resource.TypeToString(link.Type),
+				resource.TypeToString(link.GetType()),
 			))
 		}
 		linksAsKeys = append(linksAsKeys, resource.NewReferenceKey(link))
@@ -118,6 +136,16 @@ func (m *Mapper) removeItemLocked(item resource.ReferenceKey) {
 	delete(m.itemToLink, item)
 }
 
+func (m *Mapper) removeLinkLocked(link resource.ReferenceKey) {
+	for item := range m.linkToItem[link] {
+		delete(m.itemToLink[item], link)
+		if len(m.itemToLink[item]) == 0 {
+			delete(m.itemToLink, item)
+		}
+	}
+	delete(m.linkToItem, link)
+}
+
 // you must hold the lock before calling this function
 func (m *Mapper) addItemLocked(item resource.ReferenceKey, links []resource.ReferenceKey) {
 	if m.itemToLink[item] == nil {
@@ -134,7 +162,13 @@ func (m *Mapper) addItemLocked(item resource.ReferenceKey, links []resource.Refe
 }
 
 // LinksForItem returns references to links related to the requested item.
+// Deprecated: use LinksRefs
 func (m *Mapper) LinksForItem(item *pbresource.ID) []*pbresource.Reference {
+	return m.LinkRefsForItem(item)
+}
+
+// LinkRefsForItem returns references to links related to the requested item.
+func (m *Mapper) LinkRefsForItem(item *pbresource.ID) []*pbresource.Reference {
 	if !resource.EqualType(item.Type, m.itemType) {
 		panic(fmt.Sprintf("expected item type %q got %q",
 			resource.TypeToString(m.itemType),
@@ -157,16 +191,58 @@ func (m *Mapper) LinksForItem(item *pbresource.ID) []*pbresource.Reference {
 	return out
 }
 
+// LinkIDsForItem returns IDs to links related to the requested item.
+func (m *Mapper) LinkIDsForItem(item *pbresource.ID) []*pbresource.ID {
+	if !resource.EqualType(item.Type, m.itemType) {
+		panic(fmt.Sprintf("expected item type %q got %q",
+			resource.TypeToString(m.itemType),
+			resource.TypeToString(item.Type),
+		))
+	}
+
+	m.lock.Lock()
+	defer m.lock.Unlock()
+
+	links, ok := m.itemToLink[resource.NewReferenceKey(item)]
+	if !ok {
+		return nil
+	}
+
+	out := make([]*pbresource.ID, 0, len(links))
+	for l := range links {
+		out = append(out, l.ToID())
+	}
+	return out
+}
+
 // ItemsForLink returns item ids for items related to the provided link.
+// Deprecated: use ItemIDsForLink
 func (m *Mapper) ItemsForLink(link *pbresource.ID) []*pbresource.ID {
+	return m.ItemIDsForLink(link)
+}
+
+// ItemIDsForLink returns item ids for items related to the provided link.
+func (m *Mapper) ItemIDsForLink(link *pbresource.ID) []*pbresource.ID {
 	if !resource.EqualType(link.Type, m.linkType) {
-		panic(fmt.Sprintf("expected type %q got %q",
+		panic(fmt.Sprintf("expected link type %q got %q",
 			resource.TypeToString(m.linkType),
 			resource.TypeToString(link.Type),
 		))
 	}
 
-	return m.itemsByLink(resource.NewReferenceKey(link))
+	return m.itemIDsByLink(resource.NewReferenceKey(link))
+}
+
+// ItemRefsForLink returns item references for items related to the provided link.
+func (m *Mapper) ItemRefsForLink(link *pbresource.ID) []*pbresource.Reference {
+	if !resource.EqualType(link.Type, m.linkType) {
+		panic(fmt.Sprintf("expected link type %q got %q",
+			resource.TypeToString(m.linkType),
+			resource.TypeToString(link.Type),
+		))
+	}
+
+	return m.itemRefsByLink(resource.NewReferenceKey(link))
 }
 
 // MapLink is suitable as a DependencyMapper to map the provided link event to its item.
@@ -180,7 +256,7 @@ func (m *Mapper) MapLink(_ context.Context, _ controller.Runtime, res *pbresourc
 		)
 	}
 
-	itemIDs := m.itemsByLink(resource.NewReferenceKey(link))
+	itemIDs := m.itemIDsByLink(resource.NewReferenceKey(link))
 
 	out := make([]controller.Request, 0, len(itemIDs))
 	for _, item := range itemIDs {
@@ -195,11 +271,8 @@ func (m *Mapper) MapLink(_ context.Context, _ controller.Runtime, res *pbresourc
 	return out, nil
 }
 
-func (m *Mapper) itemsByLink(link resource.ReferenceKey) []*pbresource.ID {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-
-	items, ok := m.linkToItem[link]
+func (m *Mapper) itemIDsByLink(link resource.ReferenceKey) []*pbresource.ID {
+	items, ok := m.getItemsByLink(link)
 	if !ok {
 		return nil
 	}
@@ -210,3 +283,24 @@ func (m *Mapper) itemsByLink(link resource.ReferenceKey) []*pbresource.ID {
 	}
 	return out
 }
+
+func (m *Mapper) itemRefsByLink(link resource.ReferenceKey) []*pbresource.Reference {
+	items, ok := m.getItemsByLink(link)
+	if !ok {
+		return nil
+	}
+
+	out := make([]*pbresource.Reference, 0, len(items))
+	for item := range items {
+		out = append(out, item.ToReference())
+	}
+	return out
+}
+
+func (m *Mapper) getItemsByLink(link resource.ReferenceKey) (map[resource.ReferenceKey]struct{}, bool) {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+
+	items, ok := m.linkToItem[link]
+	return items, ok
+}
diff --git a/internal/resource/mappers/bimapper/bimapper_test.go b/internal/resource/mappers/bimapper/bimapper_test.go
index d1d6be846ea1..ce355bfc416d 100644
--- a/internal/resource/mappers/bimapper/bimapper_test.go
+++ b/internal/resource/mappers/bimapper/bimapper_test.go
@@ -49,20 +49,19 @@ func TestMapper(t *testing.T) {
 	wwwRef := newRef(fakeBarType, "www")
 
 	fail1 := rtest.Resource(fakeFooType, "api").Build()
-	fail1_refs := []*pbresource.Reference{
+	fail1Refs := []resource.ReferenceOrID{
 		apiRef,
 		fooRef,
 		barRef,
 	}
 
 	fail2 := rtest.Resource(fakeFooType, "www").Build()
-	fail2_refs := []*pbresource.Reference{
+	fail2Refs := []resource.ReferenceOrID{
 		wwwRef,
 		fooRef,
 	}
 
-	fail1_updated := rtest.Resource(fakeFooType, "api").Build()
-	fail1_updated_refs := []*pbresource.Reference{
+	fail1UpdatedRefs := []resource.ReferenceOrID{
 		apiRef,
 		barRef,
 	}
@@ -101,9 +100,12 @@ func TestMapper(t *testing.T) {
 	requireServicesTracked(t, m, wwwSvc)
 
 	// Actually insert some data.
-	m.TrackItem(fail1.Id, fail1_refs)
+	m.TrackItem(fail1.Id, fail1Refs)
 
-	requireLinksForItem(t, m, fail1.Id, fail1_refs...)
+	// Check links mapping
+	requireLinksForItem(t, m, fail1.Id, fail1Refs...)
+
+	requireLinksForItem(t, m, fail1.Id, fail1Refs...)
 	requireItemsForLink(t, m, apiRef, fail1.Id)
 	requireItemsForLink(t, m, fooRef, fail1.Id)
 	requireItemsForLink(t, m, barRef, fail1.Id)
@@ -116,9 +118,9 @@ func TestMapper(t *testing.T) {
 	requireServicesTracked(t, m, wwwSvc)
 
 	// track it again, no change
-	m.TrackItem(fail1.Id, fail1_refs)
+	m.TrackItem(fail1.Id, fail1Refs)
 
-	requireLinksForItem(t, m, fail1.Id, fail1_refs...)
+	requireLinksForItem(t, m, fail1.Id, fail1Refs...)
 	requireItemsForLink(t, m, apiRef, fail1.Id)
 	requireItemsForLink(t, m, fooRef, fail1.Id)
 	requireItemsForLink(t, m, barRef, fail1.Id)
@@ -131,10 +133,11 @@ func TestMapper(t *testing.T) {
 	requireServicesTracked(t, m, wwwSvc)
 
 	// track new one that overlaps slightly
-	m.TrackItem(fail2.Id, fail2_refs)
+	m.TrackItem(fail2.Id, fail2Refs)
 
-	requireLinksForItem(t, m, fail1.Id, fail1_refs...)
-	requireLinksForItem(t, m, fail2.Id, fail2_refs...)
+	// Check links mapping for the new one
+	requireLinksForItem(t, m, fail1.Id, fail1Refs...)
+	requireLinksForItem(t, m, fail2.Id, fail2Refs...)
 	requireItemsForLink(t, m, apiRef, fail1.Id)
 	requireItemsForLink(t, m, fooRef, fail1.Id, fail2.Id)
 	requireItemsForLink(t, m, barRef, fail1.Id)
@@ -147,10 +150,10 @@ func TestMapper(t *testing.T) {
 	requireServicesTracked(t, m, wwwSvc, fail2.Id)
 
 	// update the original to change it
-	m.TrackItem(fail1_updated.Id, fail1_updated_refs)
+	m.TrackItem(fail1.Id, fail1UpdatedRefs)
 
-	requireLinksForItem(t, m, fail1.Id, fail1_updated_refs...)
-	requireLinksForItem(t, m, fail2.Id, fail2_refs...)
+	requireLinksForItem(t, m, fail1.Id, fail1UpdatedRefs...)
+	requireLinksForItem(t, m, fail2.Id, fail2Refs...)
 	requireItemsForLink(t, m, apiRef, fail1.Id)
 	requireItemsForLink(t, m, fooRef, fail2.Id)
 	requireItemsForLink(t, m, barRef, fail1.Id)
@@ -166,7 +169,7 @@ func TestMapper(t *testing.T) {
 	m.UntrackItem(fail1.Id)
 
 	requireLinksForItem(t, m, fail1.Id)
-	requireLinksForItem(t, m, fail2.Id, fail2_refs...)
+	requireLinksForItem(t, m, fail2.Id, fail2Refs...)
 	requireItemsForLink(t, m, apiRef)
 	requireItemsForLink(t, m, fooRef, fail2.Id)
 	requireItemsForLink(t, m, barRef)
@@ -178,7 +181,16 @@ func TestMapper(t *testing.T) {
 	requireServicesTracked(t, m, barSvc)
 	requireServicesTracked(t, m, wwwSvc, fail2.Id)
 
-	// delete the other one
+	// delete the link
+	m.UntrackLink(newRef(fakeBarType, "www"))
+
+	requireLinksForItem(t, m, fail2.Id, newRef(fakeBarType, "foo"))
+
+	m.UntrackLink(newRef(fakeBarType, "foo"))
+
+	requireLinksForItem(t, m, fail2.Id)
+
+	// delete another item
 	m.UntrackItem(fail2.Id)
 
 	requireLinksForItem(t, m, fail1.Id)
@@ -193,6 +205,88 @@ func TestMapper(t *testing.T) {
 	requireServicesTracked(t, m, fooSvc)
 	requireServicesTracked(t, m, barSvc)
 	requireServicesTracked(t, m, wwwSvc)
+
+	// Reset the mapper and check that its internal maps are empty.
+	m.Reset()
+	require.True(t, m.IsEmpty())
+}
+
+func TestPanics(t *testing.T) {
+	t.Run("new mapper without types", func(t *testing.T) {
+		require.PanicsWithValue(t, "itemType is required", func() {
+			New(nil, nil)
+		})
+
+		require.PanicsWithValue(t, "itemType is required", func() {
+			New(nil, fakeBarType)
+		})
+
+		require.PanicsWithValue(t, "linkType is required", func() {
+			New(fakeFooType, nil)
+		})
+	})
+
+	t.Run("UntrackItem: mismatched type", func(t *testing.T) {
+		m := New(fakeFooType, fakeBarType)
+		require.PanicsWithValue(t, "expected item type \"catalog.v1.Foo\" got \"catalog.v1.Bar\"", func() {
+			// Calling UntrackItem with link type instead of item type
+			m.UntrackItem(rtest.Resource(fakeBarType, "test").ID())
+		})
+	})
+
+	t.Run("TrackItem: mismatched item type", func(t *testing.T) {
+		m := New(fakeFooType, fakeBarType)
+		require.PanicsWithValue(t, "expected item type \"catalog.v1.Foo\" got \"catalog.v1.Bar\"", func() {
+			// Calling UntrackItem with link type instead of item type
+			m.TrackItem(rtest.Resource(fakeBarType, "test").ID(), nil)
+		})
+	})
+
+	t.Run("TrackItem: mismatched link type", func(t *testing.T) {
+		m := New(fakeFooType, fakeBarType)
+		require.PanicsWithValue(t, "expected link type \"catalog.v1.Bar\" got \"catalog.v1.Foo\"", func() {
+			// Calling UntrackItem with link type instead of item type
+			links := []resource.ReferenceOrID{
+				rtest.Resource(fakeFooType, "link").ID(),
+			}
+			m.TrackItem(rtest.Resource(fakeFooType, "test").ID(), links)
+		})
+	})
+
+	t.Run("UntrackLink: mismatched type", func(t *testing.T) {
+		m := New(fakeFooType, fakeBarType)
+		require.PanicsWithValue(t, "expected link type \"catalog.v1.Bar\" got \"catalog.v1.Foo\"", func() {
+			m.UntrackLink(rtest.Resource(fakeFooType, "test").ID())
+		})
+	})
+
+	t.Run("LinkRefsForItem: mismatched type", func(t *testing.T) {
+		m := New(fakeFooType, fakeBarType)
+		require.PanicsWithValue(t, "expected item type \"catalog.v1.Foo\" got \"catalog.v1.Bar\"", func() {
+			m.LinkRefsForItem(rtest.Resource(fakeBarType, "test").ID())
+		})
+	})
+
+	t.Run("LinkRefsForItem: mismatched type", func(t *testing.T) {
+		m := New(fakeFooType, fakeBarType)
+		require.PanicsWithValue(t, "expected item type \"catalog.v1.Foo\" got \"catalog.v1.Bar\"", func() {
+			m.LinkIDsForItem(rtest.Resource(fakeBarType, "test").ID())
+		})
+	})
+
+	t.Run("ItemRefsForLink: mismatched type", func(t *testing.T) {
+		m := New(fakeFooType, fakeBarType)
+		require.PanicsWithValue(t, "expected link type \"catalog.v1.Bar\" got \"catalog.v1.Foo\"", func() {
+			m.ItemRefsForLink(rtest.Resource(fakeFooType, "test").ID())
+		})
+	})
+
+	t.Run("ItemIDsForLink: mismatched type", func(t *testing.T) {
+		m := New(fakeFooType, fakeBarType)
+		require.PanicsWithValue(t, "expected link type \"catalog.v1.Bar\" got \"catalog.v1.Foo\"", func() {
+			m.ItemIDsForLink(rtest.Resource(fakeFooType, "test").ID())
+		})
+	})
 }
 
 func requireServicesTracked(t *testing.T, mapper *Mapper, link *pbresource.Resource, items ...*pbresource.ID) {
@@ -207,39 +301,56 @@ func requireServicesTracked(t *testing.T, mapper *Mapper, link *pbresource.Resou
 
 	require.Len(t, reqs, len(items))
 
+	// Also check items IDs and Refs for link.
+	ids := mapper.ItemIDsForLink(link.Id)
+	require.Len(t, ids, len(items))
+
+	refs := mapper.ItemRefsForLink(link.Id)
+	require.Len(t, refs, len(items))
+
 	for _, item := range items {
 		prototest.AssertContainsElement(t, reqs, controller.Request{ID: item})
+		prototest.AssertContainsElement(t, ids, item)
+		prototest.AssertContainsElement(t, refs, resource.Reference(item, ""))
 	}
 }
 
-func requireLinksForItem(t *testing.T, mapper *Mapper, item *pbresource.ID, links ...*pbresource.Reference) {
+func requireItemsForLink(t *testing.T, mapper *Mapper, link *pbresource.Reference, items ...*pbresource.ID) {
 	t.Helper()
 
-	got := mapper.LinksForItem(item)
+	got := mapper.ItemIDsForLink(resource.IDFromReference(link))
 
-	prototest.AssertElementsMatch(t, links, got)
+	prototest.AssertElementsMatch(t, items, got)
 }
 
-func requireItemsForLink(t *testing.T, mapper *Mapper, link *pbresource.Reference, items ...*pbresource.ID) {
+func requireLinksForItem(t *testing.T, mapper *Mapper, item *pbresource.ID, links ...resource.ReferenceOrID) {
 	t.Helper()
 
-	got := mapper.ItemsForLink(resource.IDFromReference(link))
+	var expLinkRefs []*pbresource.Reference
+	var expLinkIDs []*pbresource.ID
+
+	for _, l := range links {
+		expLinkRefs = append(expLinkRefs, &pbresource.Reference{
+			Name:    l.GetName(),
+			Tenancy: l.GetTenancy(),
+			Type:    l.GetType(),
+		})
+		expLinkIDs = append(expLinkIDs, &pbresource.ID{
+			Name:    l.GetName(),
+			Tenancy: l.GetTenancy(),
+			Type:    l.GetType(),
+		})
+	}
 
-	prototest.AssertElementsMatch(t, items, got)
+	refs := mapper.LinkRefsForItem(item)
+	require.Len(t, refs, len(links))
+	prototest.AssertElementsMatch(t, expLinkRefs, refs)
+
+	ids := mapper.LinkIDsForItem(item)
+	require.Len(t, refs, len(links))
+	prototest.AssertElementsMatch(t, expLinkIDs, ids)
 }
 
 func newRef(typ *pbresource.Type, name string) *pbresource.Reference {
 	return rtest.Resource(typ, name).Reference("")
 }
-
-func newID(typ *pbresource.Type, name string) *pbresource.ID {
-	return rtest.Resource(typ, name).ID()
-}
-
-func defaultTenancy() *pbresource.Tenancy {
-	return &pbresource.Tenancy{
-		Partition: "default",
-		Namespace: "default",
-		PeerName:  "local",
-	}
-}

From 0b580ffd22220813574777df776dd3221d2a673f Mon Sep 17 00:00:00 2001
From: Iryna Shustava <ishustava@users.noreply.github.com>
Date: Fri, 18 Aug 2023 07:55:12 -0600
Subject: [PATCH 300/359] bimapper: fix data race (#18519)

---
 internal/resource/mappers/bimapper/bimapper.go | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/internal/resource/mappers/bimapper/bimapper.go b/internal/resource/mappers/bimapper/bimapper.go
index 62a6b4dc7ffe..b17381306737 100644
--- a/internal/resource/mappers/bimapper/bimapper.go
+++ b/internal/resource/mappers/bimapper/bimapper.go
@@ -272,7 +272,10 @@ func (m *Mapper) MapLink(_ context.Context, _ controller.Runtime, res *pbresourc
 }
 
 func (m *Mapper) itemIDsByLink(link resource.ReferenceKey) []*pbresource.ID {
-	items, ok := m.getItemsByLink(link)
+	m.lock.Lock()
+	defer m.lock.Unlock()
+
+	items, ok := m.linkToItem[link]
 	if !ok {
 		return nil
 	}
@@ -285,7 +288,10 @@ func (m *Mapper) itemIDsByLink(link resource.ReferenceKey) []*pbresource.ID {
 }
 
 func (m *Mapper) itemRefsByLink(link resource.ReferenceKey) []*pbresource.Reference {
-	items, ok := m.getItemsByLink(link)
+	m.lock.Lock()
+	defer m.lock.Unlock()
+
+	items, ok := m.linkToItem[link]
 	if !ok {
 		return nil
 	}
@@ -296,11 +302,3 @@ func (m *Mapper) itemRefsByLink(link resource.ReferenceKey) []*pbresource.Refere
 	}
 	return out
 }
-
-func (m *Mapper) getItemsByLink(link resource.ReferenceKey) (map[resource.ReferenceKey]struct{}, bool) {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-
-	items, ok := m.linkToItem[link]
-	return items, ok
-}

From d3837e389cde0e59bcf51da61de4273eae14330f Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Fri, 18 Aug 2023 10:56:33 -0400
Subject: [PATCH 301/359] CI Split integration tests to run nightly and every
 PR (#18518)

* CI Split integration tests to run nightly and every PR

* Checkout release branch for nightly test
---
 .../workflows/nightly-test-integrations.yml   | 326 ++++++++++++++++++
 .github/workflows/test-integrations.yml       | 124 +------
 2 files changed, 327 insertions(+), 123 deletions(-)
 create mode 100644 .github/workflows/nightly-test-integrations.yml

diff --git a/.github/workflows/nightly-test-integrations.yml b/.github/workflows/nightly-test-integrations.yml
new file mode 100644
index 000000000000..4e1522194453
--- /dev/null
+++ b/.github/workflows/nightly-test-integrations.yml
@@ -0,0 +1,326 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+name: Nightly test-integrations
+
+on:
+  schedule:
+    # Run nightly at 12AM UTC/8PM EST/5PM PST
+    - cron: '* 0 * * *'
+  workflow_dispatch: {}
+
+env:
+  TEST_RESULTS_DIR: /tmp/test-results
+  TEST_RESULTS_ARTIFACT_NAME: test-results
+  CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
+  GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
+  GOTESTSUM_VERSION: "1.10.1"
+  CONSUL_BINARY_UPLOAD_NAME: consul-bin
+  # strip the hashicorp/ off the front of github.repository for consul
+  CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }}
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    name: Setup
+    outputs:
+      compute-small: ${{ steps.runners.outputs.compute-small }}
+      compute-medium: ${{ steps.runners.outputs.compute-medium }}
+      compute-large: ${{ steps.runners.outputs.compute-large }}
+      compute-xl: ${{ steps.runners.outputs.compute-xl }}
+      enterprise: ${{ steps.runners.outputs.enterprise }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ inputs.branch }}
+      - id: runners
+        run: .github/scripts/get_runner_classes.sh
+
+  dev-build:
+    needs: [setup]
+    uses: ./.github/workflows/reusable-dev-build.yml
+    with:
+      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      repository-name: ${{ github.repository }}
+      uploaded-binary-name: 'consul-bin'
+    secrets:
+      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+
+  generate-envoy-job-matrices:
+    needs: [setup]
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
+    name: Generate Envoy Job Matrices
+    outputs:
+      envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ inputs.branch }}
+      - name: Generate Envoy Job Matrix
+        id: set-matrix
+        env:
+          # this is further going to multiplied in envoy-integration tests by the 
+          # other dimensions in the matrix.  Currently TOTAL_RUNNERS would be
+          # multiplied by 8 based on these values:
+          # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"]
+          # xds-target: ["server", "client"]
+          TOTAL_RUNNERS: 4 
+          JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]'
+        run: |
+          NUM_RUNNERS=$TOTAL_RUNNERS
+          NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l)
+
+          if [ "$NUM_DIRS" -lt "$NUM_RUNNERS" ]; then
+            echo "TOTAL_RUNNERS is larger than the number of tests/packages to split."
+            NUM_RUNNERS=$((NUM_DIRS-1))
+          fi
+          # fix issue where test splitting calculation generates 1 more split than TOTAL_RUNNERS.
+          NUM_RUNNERS=$((NUM_RUNNERS-1))
+          {
+            echo -n "envoy-matrix="
+            find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \
+              | xargs -0 -n 1 basename \
+              | jq --raw-input --argjson runnercount "$NUM_RUNNERS" "$JQ_SLICER" \
+              | jq --compact-output 'map(join("|"))'
+          } >> "$GITHUB_OUTPUT"
+  
+  envoy-integration-test:
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    needs:
+      - setup
+      - generate-envoy-job-matrices
+      - dev-build
+    permissions:
+      id-token: write # NOTE: this permission is explicitly required for Vault auth.
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"]
+        xds-target: ["server", "client"]
+        test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
+    env:
+      ENVOY_VERSION: ${{ matrix.envoy-version }}
+      XDS_TARGET: ${{ matrix.xds-target }}
+      AWS_LAMBDA_REGION: us-west-2
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ inputs.branch }}
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        with:
+          go-version-file: 'go.mod'
+
+      - name: fetch binary
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
+          path: ./bin
+      - name: restore mode+x
+        run: chmod +x ./bin/consul
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
+
+      - name: Docker build
+        run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
+
+      - name: Envoy Integration Tests
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running $(sed 's,|, ,g' <<< "${{ matrix.test-cases }}" |wc -w) subtests"
+          # shellcheck disable=SC2001
+          sed 's,|,\n,g' <<< "${{ matrix.test-cases }}"
+          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
+              --debug \
+              --rerun-fails \
+              --rerun-fails-report=/tmp/gotestsum-rerun-fails \
+              --jsonfile /tmp/jsonfile/go-test.log \
+              --packages=./test/integration/connect/envoy \
+              -- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
+
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Authenticate to Vault
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: vault-auth
+        run: vault-auth
+
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Fetch Secrets
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: secrets
+        uses: hashicorp/vault-action@v2.5.0
+        with:
+          url: ${{ steps.vault-auth.outputs.addr }}
+          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
+          token: ${{ steps.vault-auth.outputs.token }}
+          secrets: |
+              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
+
+      - name: prepare datadog-ci
+        if: ${{ !endsWith(github.repository, '-enterprise') }}
+        run: |
+          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
+          chmod +x /usr/local/bin/datadog-ci
+
+      - name: upload coverage
+        # do not run on forks
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        env:
+          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
+          DD_ENV: ci
+        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
+  
+  upgrade-integration-test:
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    needs:
+      - setup
+      - dev-build
+    permissions:
+      id-token: write # NOTE: this permission is explicitly required for Vault auth.
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        consul-version: [ "1.15", "1.16"]
+    env:
+      CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
+      ENVOY_VERSION: "1.24.6"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ inputs.branch }}
+      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
+      - name: Setup Git
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        with:
+          go-version-file: 'go.mod'
+      - run: go env
+
+      # Get go binary from workspace
+      - name: fetch binary
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
+          path: .
+      - name: restore mode+x
+        run: chmod +x consul
+      - name: Build consul:local image
+        run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
+      - name: Build consul-envoy:latest-version image
+        id: buildConsulEnvoyLatestImage
+        continue-on-error: true
+        run: docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }} --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+      - name: Retry Build consul-envoy:latest-version image
+        if: steps.buildConsulEnvoyLatestImage.outcome == 'failure'
+        run: docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }} --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+      - name: Build consul-envoy:target-version image
+        id: buildConsulEnvoyTargetImage
+        continue-on-error: true
+        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+      - name: Retry Build consul-envoy:target-version image
+        if: steps.buildConsulEnvoyTargetImage.outcome == 'failure'
+        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+      - name: Build sds image
+        run: docker build -t consul-sds-server ./test/integration/connect/envoy/test-sds-server/
+      - name: Configure GH workaround for ipv6 loopback
+        if: ${{ !endsWith(github.repository, '-enterprise') }}
+        run: |
+          cat /etc/hosts && echo "-----------"
+          sudo sed -i 's/::1 *localhost ip6-localhost ip6-loopback/::1 ip6-localhost ip6-loopback/g' /etc/hosts
+          cat /etc/hosts
+      - name: Upgrade Integration Tests
+        run: |
+          mkdir -p "${{ env.TEST_RESULTS_DIR }}"
+          cd ./test/integration/consul-container/test/upgrade
+          docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version
+          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
+            --raw-command \
+            --format=short-verbose \
+            --debug \
+            --rerun-fails=2 \
+            --packages="./..." \
+            -- \
+            go test \
+            -p=4 \
+            -tags "${{ env.GOTAGS }}" \
+            -timeout=30m \
+            -json \
+            ./... \
+            --follow-log=false \
+            --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
+            --target-version local \
+            --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
+            --latest-version "${{ env.CONSUL_LATEST_VERSION }}"
+          ls -lrt
+        env:
+          # this is needed because of incompatibility between RYUK container and GHA
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          # tput complains if this isn't set to something.
+          TERM: ansi
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Authenticate to Vault
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: vault-auth
+        run: vault-auth
+
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Fetch Secrets
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: secrets
+        uses: hashicorp/vault-action@v2.5.0
+        with:
+          url: ${{ steps.vault-auth.outputs.addr }}
+          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
+          token: ${{ steps.vault-auth.outputs.token }}
+          secrets: |
+              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
+
+      - name: prepare datadog-ci
+        if: ${{ !endsWith(github.repository, '-enterprise') }}
+        run: |
+          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
+          chmod +x /usr/local/bin/datadog-ci
+
+      - name: upload coverage
+        # do not run on forks
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        env:
+          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
+          DD_ENV: ci
+        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
+
+
+  test-integrations-success:
+    needs: 
+    - setup
+    - dev-build
+    - generate-envoy-job-matrices
+    - envoy-integration-test
+    - upgrade-integration-test
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
+    if: ${{ always() }}
+    steps:
+      - name: evaluate upstream job results
+        run: |
+          # exit 1 if failure or cancelled result for any upstream job
+          if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then
+            printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
+            exit 1
+          fi
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 4947662d5651..9fc3a59f905f 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -274,7 +274,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"]
+        envoy-version: ["1.27.0"]
         xds-target: ["server", "client"]
         test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
     env:
@@ -463,127 +463,6 @@ jobs:
           DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
           DD_ENV: ci
         run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
-  
-  upgrade-integration-test:
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
-    needs:
-      - setup
-      - dev-build
-    permissions:
-      id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        consul-version: [ "1.15", "1.16"]
-    env:
-      CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
-      ENVOY_VERSION: "1.24.6"
-    steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
-      - name: Setup Git
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-        with:
-          go-version-file: 'go.mod'
-      - run: go env
-
-      # Get go binary from workspace
-      - name: fetch binary
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
-        with:
-          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
-          path: .
-      - name: restore mode+x
-        run: chmod +x consul
-      - name: Build consul:local image
-        run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
-      - name: Build consul-envoy:latest-version image
-        id: buildConsulEnvoyLatestImage
-        continue-on-error: true
-        run: docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }} --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-      - name: Retry Build consul-envoy:latest-version image
-        if: steps.buildConsulEnvoyLatestImage.outcome == 'failure'
-        run: docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }} --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-      - name: Build consul-envoy:target-version image
-        id: buildConsulEnvoyTargetImage
-        continue-on-error: true
-        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-      - name: Retry Build consul-envoy:target-version image
-        if: steps.buildConsulEnvoyTargetImage.outcome == 'failure'
-        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-      - name: Build sds image
-        run: docker build -t consul-sds-server ./test/integration/connect/envoy/test-sds-server/
-      - name: Configure GH workaround for ipv6 loopback
-        if: ${{ !endsWith(github.repository, '-enterprise') }}
-        run: |
-          cat /etc/hosts && echo "-----------"
-          sudo sed -i 's/::1 *localhost ip6-localhost ip6-loopback/::1 ip6-localhost ip6-loopback/g' /etc/hosts
-          cat /etc/hosts
-      - name: Upgrade Integration Tests
-        run: |
-          mkdir -p "${{ env.TEST_RESULTS_DIR }}"
-          cd ./test/integration/consul-container/test/upgrade
-          docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version
-          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
-            --raw-command \
-            --format=short-verbose \
-            --debug \
-            --rerun-fails=2 \
-            --packages="./..." \
-            -- \
-            go test \
-            -p=4 \
-            -tags "${{ env.GOTAGS }}" \
-            -timeout=30m \
-            -json \
-            ./... \
-            --follow-log=false \
-            --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
-            --target-version local \
-            --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
-            --latest-version "${{ env.CONSUL_LATEST_VERSION }}"
-          ls -lrt
-        env:
-          # this is needed because of incompatibility between RYUK container and GHA
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          # tput complains if this isn't set to something.
-          TERM: ansi
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Authenticate to Vault
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: vault-auth
-        run: vault-auth
-
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Fetch Secrets
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: secrets
-        uses: hashicorp/vault-action@v2.5.0
-        with:
-          url: ${{ steps.vault-auth.outputs.addr }}
-          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
-          token: ${{ steps.vault-auth.outputs.token }}
-          secrets: |
-              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
-
-      - name: prepare datadog-ci
-        if: ${{ !endsWith(github.repository, '-enterprise') }}
-        run: |
-          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
-          chmod +x /usr/local/bin/datadog-ci
-
-      - name: upload coverage
-        # do not run on forks
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        env:
-          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
-          DD_ENV: ci
-        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
 
   peering_commontopo-integration-test:
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
@@ -687,7 +566,6 @@ jobs:
     - envoy-integration-test
     - compatibility-integration-test
     - peering_commontopo-integration-test
-    - upgrade-integration-test
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     if: ${{ always() }}
     steps:

From 5af4bbb4514db1145ee31ef8b80412f1b7796f47 Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Fri, 18 Aug 2023 11:54:42 -0700
Subject: [PATCH 302/359] Fix broken links caught in weekly report (#18522)

* fix broken link caught in weekly report

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---
 website/content/api-docs/agent/service.mdx         |  8 ++++----
 website/content/commands/exec.mdx                  |  2 +-
 website/content/docs/agent/config/config-files.mdx |  2 +-
 .../docs/agent/limits/usage/init-rate-limits.mdx   |  2 +-
 .../limits/usage/limit-request-rates-from-ips.mdx  |  4 ++--
 .../agent/limits/usage/monitor-rate-limits.mdx     |  2 +-
 .../usage/set-global-traffic-rate-limits.mdx       |  2 +-
 website/content/docs/connect/ca/vault.mdx          |  2 +-
 .../envoy-extensions/configuration/wasm.mdx        | 14 +++++++-------
 .../docs/ecs/terraform/secure-configuration.mdx    |  2 +-
 website/content/docs/enterprise/index.mdx          |  8 ++++----
 .../docs/k8s/connect/onboarding-tproxy-mode.mdx    |  2 +-
 .../multi-cluster/vms-and-kubernetes.mdx           |  2 +-
 .../content/docs/release-notes/consul/v1_11_x.mdx  |  2 +-
 .../content/docs/release-notes/consul/v1_12_x.mdx  |  2 +-
 .../security/acl/acl-federated-datacenters.mdx     |  2 +-
 website/content/docs/security/acl/acl-policies.mdx |  4 ++--
 website/content/docs/security/acl/index.mdx        |  2 +-
 .../docs/services/discovery/dns-static-lookups.mdx |  2 +-
 .../content/docs/upgrading/upgrade-specific.mdx    |  6 +++---
 20 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/website/content/api-docs/agent/service.mdx b/website/content/api-docs/agent/service.mdx
index b17348fda3b6..1a5122e41018 100644
--- a/website/content/api-docs/agent/service.mdx
+++ b/website/content/api-docs/agent/service.mdx
@@ -693,10 +693,10 @@ For the `Connect` field, the parameters are:
   If this is true, then service mesh proxies, DNS queries, etc. will be able to
   service discover this service.
 - `Proxy` `(Proxy: nil)` -
-  [**Deprecated**](/consul/docs/connect/proxies/managed-deprecated) Specifies that
-  a managed service mesh proxy should be started for this service instance, and
-  optionally provides configuration for the proxy. The format is as documented
-  in [Managed Proxy Deprecation](/consul/docs/connect/proxies/managed-deprecated).
+  **Deprecated** Specifies that a managed service mesh proxy should be started 
+  for this service instance, and optionally provides configuration for the proxy. 
+  Managed proxies (which have been deprecated since Consul v1.3.0) have been 
+  [removed](/consul/docs/connect/proxies) since v1.6.0.
 - `SidecarService` `(ServiceDefinition: nil)` - Specifies an optional nested
   service definition to register. For more information see
   [Sidecar Service Registration](/consul/docs/connect/registration/sidecar-service).
diff --git a/website/content/commands/exec.mdx b/website/content/commands/exec.mdx
index a90cdb35df1b..07754bd2b938 100644
--- a/website/content/commands/exec.mdx
+++ b/website/content/commands/exec.mdx
@@ -40,7 +40,7 @@ execute this command.
 | `key:write`     | `"_rexec"` prefix |
 | `event:write`   | `"_rexec"` prefix |
 
-In addition to the above, the policy associated with the [agent token](/consul/docs/security/acl/acl-tokens#acl-agent-token) should have `write` on `"_rexec"` key prefix. This is for the agents to read the `exec` command and write its output back to the KV store.
+In addition to the above, the policy associated with the [agent token](/consul/docs/security/acl/tokens#acl-agent-token) should have `write` on `"_rexec"` key prefix. This policy permits agents to read the `exec` command and write its output back to the KV store.
 
 ## Usage
 
diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx
index 1dc9ae220cd4..68a5fcbbcef5 100644
--- a/website/content/docs/agent/config/config-files.mdx
+++ b/website/content/docs/agent/config/config-files.mdx
@@ -908,7 +908,7 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
 
     - `default` ((#acl_tokens_default)) - When provided, this agent will
       use this token by default when making requests to the Consul servers
-      instead of the [anonymous token](/consul/docs/security/acl/acl-tokens#anonymous-token).
+      instead of the [anonymous token](/consul/docs/security/acl/tokens#anonymous-token).
       Consul HTTP API requests can provide an alternate token in their authorization header
       to override the `default` or anonymous token on a per-request basis,
       as described in [HTTP API Authentication](/consul/api-docs/api-structure#authentication).
diff --git a/website/content/docs/agent/limits/usage/init-rate-limits.mdx b/website/content/docs/agent/limits/usage/init-rate-limits.mdx
index e90aaf77af22..1c84ca4f6e58 100644
--- a/website/content/docs/agent/limits/usage/init-rate-limits.mdx
+++ b/website/content/docs/agent/limits/usage/init-rate-limits.mdx
@@ -23,7 +23,7 @@ Because each network has different needs and application, you need to find out w
 	    write_rate = 500.0
     }
     ``` 
-1. Observe the logs and metrics for your application's typical cycle, such as a 24 hour period. Refer to [Monitor traffic rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limit) for additional information. Call the [`/agent/metrics`](/consul/api-docs/agent#view-metrics) HTTP API endpoint and check the data for the following metrics:  
+1. Observe the logs and metrics for your application's typical cycle, such as a 24 hour period. Refer to [Monitor traffic rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits) for additional information. Call the [`/agent/metrics`](/consul/api-docs/agent#view-metrics) HTTP API endpoint and check the data for the following metrics:  
 
     - `rpc.rate_limit.exceeded` with value `global/read` for label `limit_type`
     - `rpc.rate_limit.exceeded` with value `global/write` for label `limit_type`
diff --git a/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx b/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
index ae7c5e769ce5..69c97558ce42 100644
--- a/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
+++ b/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
@@ -6,7 +6,7 @@ description: Learn how to set read and request rate limits on RPC and gRPC traff
 
 # Limit traffic rates from source IP addresses 
 
-This topic describes how to configure RPC and gRPC traffic rate limits for source IP addresses. This enables you to specify a budget for read and write requests to prevent any single source IP from overwhelming the Consul server and negatively affecting the network. For information about setting global traffic rate limits, refer to [Set a global limit on traffic rates](/consul/docs/agent/limits/usage/set-glogal-traffic-rate-limits). For an overview of Consul's server rate limiting capabilities, refer to [Limit traffic rates overview](/consul/docs/agent/limits/overview). 
+This topic describes how to configure RPC and gRPC traffic rate limits for source IP addresses. This enables you to specify a budget for read and write requests to prevent any single source IP from overwhelming the Consul server and negatively affecting the network. For information about setting global traffic rate limits, refer to [Set a global limit on traffic rates](/consul/docs/agent/limits/usage/set-global-traffic-rate-limits). For an overview of Consul's server rate limiting capabilities, refer to [Limit traffic rates overview](/consul/docs/agent/limits). 
 
 <EnterpriseAlert>
 
@@ -69,4 +69,4 @@ $ kubectl apply control-plane-request-limit.yaml
 
 ## Disable request rate limits
 
-Set the [limits.request_limits.mode](/consul/docs/agent/config/config-files#mode-1) in the agent configuration to `disabled` to allow services to exceed the specified read and write requests limits. The `disabled` mode applies to all request rate limits, even limits specifed in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limits).  Note that any other mode specified in the agent configuration only applies to global traffic rate limits.  
\ No newline at end of file
+Set the [limits.request_limits.mode](/consul/docs/agent/config/config-files#mode-1) in the agent configuration to `disabled` to allow services to exceed the specified read and write requests limits. The `disabled` mode applies to all request rate limits, even limits specifed in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit).  Note that any other mode specified in the agent configuration only applies to global traffic rate limits.  
\ No newline at end of file
diff --git a/website/content/docs/agent/limits/usage/monitor-rate-limits.mdx b/website/content/docs/agent/limits/usage/monitor-rate-limits.mdx
index 23906041b34d..23502d1cb149 100644
--- a/website/content/docs/agent/limits/usage/monitor-rate-limits.mdx
+++ b/website/content/docs/agent/limits/usage/monitor-rate-limits.mdx
@@ -64,7 +64,7 @@ $ curl http://127.0.0.1:8500/v1/agent/metrics
 }
 ```
 
-Refer to [Telemetry](/consul/docs/telemetry) for additional information.
+Refer to [Telemetry](/consul/docs/agent/telemetry) for additional information.
 
 ## Request denials
 
diff --git a/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx b/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
index 61a4066ec9e0..e21aa78c1e20 100644
--- a/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
+++ b/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
@@ -59,4 +59,4 @@ You should continue to mmonitor request traffic to ensure that request rates rem
 
 ## Disable request rate limits
 
-Set the [limits.request_limits.mode](/consul/docs/agent/config/config-files#mode-1) to `disabled` to allow services to exceed the specified read and write requests limits, even limits specifed in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limits). Note that any other mode specified in the agent configuration only applies to global traffic rate limits. 
+Set the [`limits.request_limits.mode`](/consul/docs/agent/config/config-files#mode-1) to `disabled` to allow services to exceed the specified read and write requests limits, even limits specified in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit). Note that any other mode specified in the agent configuration only applies to global traffic rate limits. 
diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx
index 828a6937cae1..a172a693a04d 100644
--- a/website/content/docs/connect/ca/vault.mdx
+++ b/website/content/docs/connect/ca/vault.mdx
@@ -107,7 +107,7 @@ The key after the slash refers to the corresponding option name in the agent con
    - `MountPath`/ `mount_path` (`string: <AuthMethod.Type>`) - The mount path of the auth method.
       If not provided the auth method type will be used as the mount path.
 
-   - `Params`/`params` (`map: nil`) - The parameters to configure the auth method. The configuration parameters needed will depend on which auth type you are using. Please refer to the Vault Agent auto-auth method documentation for details on their configuration options: [AppRole](/vault/docs/agent/autoauth/methods/approle#configuration), [AWS](/vault/docs/agent/autoauth/methods/aws#configuration), [Azure](/vault/docs/agent/autoauth/methods/azure#configuration), [GCP](/vault/docs/agent/autoauth/methods/gcp#configuration), [JWT](/vault/docs/agent/autoauth/methods/jwt#configuration), [Kubernetes](/vault/docs/agent/autoauth/methods/kubernetes#configuration).
+   - `Params`/`params` (`map: nil`) - The parameters to configure the auth method. The required configuration parameters depend on which auth type you are using. Refer to the Vault Agent auto-auth method documentation for details on their configuration options: [AppRole](/vault/docs/agent-and-proxy/autoauth/methods/approle#configuration), [AWS](/vault/docs/agent-and-proxy/autoauth/methods/aws#configuration), [Azure](/vault/docs/agent-and-proxy/autoauth/methods/azure#configuration), [GCP](/vault/docs/agent-and-proxy/autoauth/methods/gcp#configuration), [JWT](/vault/docs/agent-and-proxy/autoauth/methods/jwt#configuration), [Kubernetes](/vault/docs/agent-and-proxy/autoauth/methods/kubernetes#configuration).
 
    Only the authentication related fields (for example, JWT's `path` and `role`) are supported. The optional management fields (for example: `remove_jwt_after_reading`) are not supported.
 
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
index ed1e2061a5d5..56d910f3ee5d 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
@@ -116,7 +116,7 @@ This section provides details about the fields you can configure for the `wasm`
 
 ### `Protocol`
 
-Specifies the type of Wasm filter to apply. You can set either `tcp` or `http`. Set the `Protocol` to the protocol that the Wasm plugin implements when loaded by the filter. For Consul to apply the filter, the protocol must match the service’s protocol.
+Specifies the type of Wasm filter to apply. You can set either `tcp` or `http`. Set the `Protocol` to the protocol that the Wasm plugin implements when loaded by the filter. For Consul to apply the filter, the protocol must match the service's protocol.
 
 #### Values
 
@@ -360,7 +360,7 @@ Specifies the number of times Envoy retries to fetch plugin data if the initial
 
 ### `PluginConfig{}.VmConfig{}.Configuration`
 
-Specifies the configuration Envoy encodes as bytes and passes to the plugin during VM startup. Refer to [`proxy_on_vm_start` in the Proxy Wasm ABI documentation](https://github.com/proxy-wasm/spec/tree/master/abi-versions/vNEXT#proxy_on_vm_start) for additional information.
+Specifies the configuration Envoy encodes as bytes and passes to the plugin during VM startup. Refer to [`proxy_on_vm_start` in the Proxy Wasm ABI documentation](https://github.com/proxy-wasm/spec/tree/cefc2cbab70eaba2c187523dff0b38fce2f90771/abi-versions/vNEXT#proxy_on_vm_start) for additional information.
 
 #### Values
 
@@ -370,11 +370,11 @@ Specifies the configuration Envoy encodes as bytes and passes to the plugin duri
 
 ### `PluginConfig{}.VmConfig{}.EnvironmentVariables{}`
 
-Specifies environment variables for Enovy to inject into this VM so that they are available through WASI’s `environ_get` and `environ_get_sizes` system calls. 
+Specifies environment variables for Enovy to inject into this VM so that they are available through WASI's `environ_get` and `environ_get_sizes` system calls. 
 
-In most cases, WASI calls the functions implicitly in your language’s standard library. As a result, you do not need to call them directly. You can also access environment variables as you would on native platforms. 
+In most cases, WASI calls the functions implicitly in your language's standard library. As a result, you do not need to call them directly. You can also access environment variables as you would on native platforms. 
 
-Envoy rejects the configuration if there’s conflict of key space.
+Envoy rejects the configuration if there is a key space conflict.
 
 The `EnvironmentVariables` field is a map containing parameters for setting the keys and values.
 
@@ -387,12 +387,12 @@ The following table describes the parameters contained in the `EnvironmentVariab
 
 | Parameter | Description | Data type | Default |
 | ---       | ---         | ---       | ---     |
-| `HostEnvKeys` | Specifies a list of Envoy environment variable keys to expose to the VM. If a key exists in Envoy’s environment variables, then the key-value pair is injected. Envoy ignores `HostEnvKeys` that do not exist in its environment variables. | List | None |
+| `HostEnvKeys` | Specifies a list of Envoy environment variable keys to expose to the VM. If a key exists in Envoy's environment variables, then the key-value pair is injected. Envoy ignores `HostEnvKeys` that do not exist in its environment variables. | List | None |
 | `KeyValues` | Specifies a map of explicit key-value pairs to inject into the VM. | <nobr>Map of </nobr>string keys and values | None |
 
 ### `PluginConfig{}.Configuration`
 
-Specifies the configuration Consul encodes as bytes and passes to the plugin during plugin startup. Refer to [`proxy_on_configure` in the Envoy documentation](https://github.com/proxy-wasm/spec/tree/master/abi-versions/vNEXT#proxy_on_configure) for additional information.
+Specifies the configuration Consul encodes as bytes and passes to the plugin during plugin startup. Refer to [`proxy_on_configure` in the Envoy documentation](https://github.com/proxy-wasm/spec/tree/cefc2cbab70eaba2c187523dff0b38fce2f90771/abi-versions/vNEXT#proxy_on_configure) for additional information.
 
 #### Values
 
diff --git a/website/content/docs/ecs/terraform/secure-configuration.mdx b/website/content/docs/ecs/terraform/secure-configuration.mdx
index 4db6c13abbaa..93932b6fbf66 100644
--- a/website/content/docs/ecs/terraform/secure-configuration.mdx
+++ b/website/content/docs/ecs/terraform/secure-configuration.mdx
@@ -53,7 +53,7 @@ the AWS IAM auth method.
 ## ACL controller
 
 1. Create a policy that grants `acl:write` and `operator:write` access for the controller. Refer to the [ACL policies documentation](/consul/docs/security/acl/acl-policies) for instructions.
-1. Create a token and link it to the ACL controller policy. Refer to the [ACL tokens documentation](/consul/docs/security/acl/acl-tokens) for instructions.
+1. Create a token and link it to the ACL controller policy. Refer to the [ACL tokens documentation](/consul/docs/security/acl/tokens) for instructions.
 1. Create a Secrets Manager secret containing the ACL controller's token and a Secrets Manager secret containing the Consul CA cert.
 
 ```hcl
diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx
index 00829e9ef69a..7d47d160f375 100644
--- a/website/content/docs/enterprise/index.mdx
+++ b/website/content/docs/enterprise/index.mdx
@@ -101,7 +101,7 @@ Available Enterprise features per Consul form and license include:
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)    | No                                      | Yes                 | With Global Visibility, Routing, and Scale module |
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | No                                      | Yes                 | Yes                                               |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)          | Not applicable                          | Yes                 | With Global Visibility, Routing, and Scale module |
-| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | No | Yes | N/A |
+| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | No | Yes | N/A |
 | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | All tiers | Yes | With Governance and Policy module |
 
 
@@ -129,7 +129,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#9989;  |  &#10060;  |  &#10060;  |
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  &#9989;  |  &#9989;   |   &#9989;  |
-| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
 
 </Tab>
@@ -149,7 +149,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#10060; |  &#10060;  |  &#10060;  |
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#9989;  |  &#9989;   |  &#9989;  |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  &#10060; |  &#10060;  |  &#10060;  |
-| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
 
 </Tab>
@@ -169,7 +169,7 @@ Consul Enterprise feature availability can change depending on your server and c
 | [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview)            |  &#10060; |  &#10060;  |  &#10060;  |
 | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc)         |  &#10060; |  &#10060;  |  &#10060;  |
 | [Redundancy Zones](/consul/docs/enterprise/redundancy)                  |  n/a      |  n/a       |  n/a       |
-| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
+| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group)    |  &#9989;  |  &#9989;   |   &#9989;  |
 | [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
 
 </Tab>
diff --git a/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx b/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
index 03636b044308..6f2f5ed465c9 100644
--- a/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
+++ b/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
@@ -10,7 +10,7 @@ This topic describes how to run Consul in permissive mTLS mode so that you can s
 
 ## Background
 
-When [transparent proxy mode](/consul/docs/k8s/transparent-proxy/) is enabled, all service-to-service traffic is secured by mTLS. Until the services that you want to add to the network are fully onboarded, your network may have a mix of mTLS and non-mTLS traffic, which can result in broken service-to-service communication. This situation occurs because sidecar proxies for existing mesh services reject traffic from services that are not yet onboarded.
+When [transparent proxy mode](/consul/docs/k8s/connect/transparent-proxy) is enabled, all service-to-service traffic is secured by mTLS. Until the services that you want to add to the network are fully onboarded, your network may have a mix of mTLS and non-mTLS traffic, which can result in broken service-to-service communication. This situation occurs because sidecar proxies for existing mesh services reject traffic from services that are not yet onboarded.
 
 You can enable the `permissive` mTLS mode to ensure existing non-mTLS service-to-service traffic is allowed during the onboarding phase. The `permissive` mTLS mode enables sidecar proxies to accept both mTLS and non-mTLS traffic to an application. Using this mode enables you to onboard without downtime and without being required to reconfigure or redeploy your application.
 
diff --git a/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx b/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx
index 7fab4286f80e..763dcda5a8f3 100644
--- a/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx
+++ b/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx
@@ -259,7 +259,7 @@ You'll need:
      }
    }
    ```
-1. If ACLs are enabled you'll also need to modify the [anonymous token](/consul/docs/security/acl/acl-tokens#anonymous-token) policy to have the following permissions:
+1. If ACLs are enabled you must also modify the [anonymous token](/consul/docs/security/acl/tokens#anonymous-token) policy to have the following permissions:
 
    ```hcl
    node_prefix "" {
diff --git a/website/content/docs/release-notes/consul/v1_11_x.mdx b/website/content/docs/release-notes/consul/v1_11_x.mdx
index 3334c6fbde7f..df29f3002757 100644
--- a/website/content/docs/release-notes/consul/v1_11_x.mdx
+++ b/website/content/docs/release-notes/consul/v1_11_x.mdx
@@ -23,7 +23,7 @@ description: >-
 
 - The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that all tokens and policies have been migrated to the newer ACL system. Complete the [Migrate Legacy ACL Tokens](/consul/tutorials/security-operations/access-control-token-migration) tutorial to learn more.
 
-- The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. See [ACL Agent Recovery Token](/consul/docs/security/acl/acl-tokens#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/consul/commands/acl/set-agent-token) for more information.
+- The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. Refer to [ACL Agent Recovery Token](/consul/docs/security/acl/tokens#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/consul/commands/acl/set-agent-token) for more information.
 
 - Drops support for Envoy versions 1.15.x and 1.16.x
 
diff --git a/website/content/docs/release-notes/consul/v1_12_x.mdx b/website/content/docs/release-notes/consul/v1_12_x.mdx
index ebdaaed98b0f..85248802b7f5 100644
--- a/website/content/docs/release-notes/consul/v1_12_x.mdx
+++ b/website/content/docs/release-notes/consul/v1_12_x.mdx
@@ -30,7 +30,7 @@ description: >-
 
 - The `disable_compat_1.9` option now defaults to true. Metrics formatted in the style of version 1.9, such as `consul.http...`,  can still be enabled by setting disable_compat_1.9 = false. However, these metrics will be removed in 1.13.
 
-- The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. Refer to [ACL Agent Recovery Token](/consul/docs/security/acl/acl-tokens#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/consul/commands/acl/set-agent-token) for more information.
+- The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. Refer to [ACL Agent Recovery Token](/consul/docs/security/acl/tokens#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/consul/commands/acl/set-agent-token) for more information.
 
 - If TLS min versions and max versions are not specified, the TLS min/max versions default to the following values. For details on how to configure TLS min and max, refer to the [Mesh TLS config entry](/consul/docs/connect/config-entries/mesh#tls) or CRD documentation. 
   - Incoming connections: TLS 1.2 for min0 version, TLS 1.3 for max version
diff --git a/website/content/docs/security/acl/acl-federated-datacenters.mdx b/website/content/docs/security/acl/acl-federated-datacenters.mdx
index 390b5c75719a..cdb8a3aaee03 100644
--- a/website/content/docs/security/acl/acl-federated-datacenters.mdx
+++ b/website/content/docs/security/acl/acl-federated-datacenters.mdx
@@ -180,7 +180,7 @@ $ consul join -token="ACL_MANAGEMENT_TOKEN" -wan [server 1, server 2, ...]
 
 ## Configure Clients in Secondary Datacenters
 
-When ACLs are enabled, client agents need a special token known as the [`agent token`](/consul/docs/security/acl/acl-tokens#acl-agent-token) to perform internal operations. Agent tokens need to have the right policies for node related actions, including
+When ACLs are enabled, client agents need a special token known as the [`agent token`](/consul/docs/security/acl/tokens#acl-agent-token) to perform internal operations. Agent tokens need to have the right policies for node related actions, including
 registering itself in the catalog, updating node level health checks, and performing [anti-entropy](/consul/docs/architecture/anti-entropy) syncing.
 
 ### Generate Agent ACL Token
diff --git a/website/content/docs/security/acl/acl-policies.mdx b/website/content/docs/security/acl/acl-policies.mdx
index e1583f250a29..ab21b8c89290 100644
--- a/website/content/docs/security/acl/acl-policies.mdx
+++ b/website/content/docs/security/acl/acl-policies.mdx
@@ -11,7 +11,7 @@ This topic describes policies, which are components in Consul's access control l
 
 ## Introduction
 
-A policy is a group of one or more ACL rules that are linked to [ACL tokens](/consul/docs/security/acl/acl-tokens). The following diagram describes the relationships between rules, policies, and tokens:
+A policy is a group of one or more ACL rules that are linked to [ACL tokens](/consul/docs/security/acl/tokens). The following diagram describes the relationships between rules, policies, and tokens:
 
 ![ACL system component relationships](/img/acl-token-policy-rule-relationship.png)
 
@@ -326,7 +326,7 @@ A policy that has been implemented must still be linked to a token before the po
 
 The person responsible for administrating ACLs can use the command line or call the API endpoint to link policies to tokens. Tokens can also be generated dynamically from an external system using Consul's [auth methods](/consul/docs/security/acl/auth-methods) functionality.
 
-Refer to the [tokens documentation](/consul/docs/security/acl/acl-tokens), as well as the [ACL tutorial](/consul/tutorials/security/access-control-setup-production#create-the-agent-token), for details about creating and linking policies to tokens.
+Refer to the [tokens documentation](/consul/docs/security/acl/tokens), as well as the [ACL tutorial](/consul/tutorials/security/access-control-setup-production#create-the-agent-token), for details about creating and linking policies to tokens.
 
 ## Policy Attributes
 
diff --git a/website/content/docs/security/acl/index.mdx b/website/content/docs/security/acl/index.mdx
index a577bd011478..4ee0d1874359 100644
--- a/website/content/docs/security/acl/index.mdx
+++ b/website/content/docs/security/acl/index.mdx
@@ -41,7 +41,7 @@ ACL tokens are the core method of authentication in Consul. Tokens contain sever
 
 Refer to the following topics for details about tokens:
 
-- [Tokens](/consul/docs/security/acl/acl-tokens)
+- [Tokens](/consul/docs/security/acl/tokens)
 - [ACL token command line](/consul/commands/acl/token)
 - [ACL tokens API](/consul/api-docs/acl/tokens)
 
diff --git a/website/content/docs/services/discovery/dns-static-lookups.mdx b/website/content/docs/services/discovery/dns-static-lookups.mdx
index 353f4e2628e3..a279373460fe 100644
--- a/website/content/docs/services/discovery/dns-static-lookups.mdx
+++ b/website/content/docs/services/discovery/dns-static-lookups.mdx
@@ -18,7 +18,7 @@ All versions of Consul support DNS lookup features.
 If ACLs are enabled, you must present a token linked with the necessary policies. We recommend using a separate token in production deployments for querying the DNS. By default, Consul agents resolve DNS requests using the preconfigured tokens in order of precedence:
 
 The agent's [`default` token](/consul/docs/agent/config/config-files#acl_tokens_default)
-The built-in [`anonymous` token](/consul/docs/security/acl/acl-tokens#built-in-tokens).
+The built-in [`anonymous` token](/consul/docs/security/acl/tokens#built-in-tokens).
 
 
 The following table describes the available DNS lookups and required policies when ACLs are enabled:
diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx
index a5ef59339d88..26d60291ea43 100644
--- a/website/content/docs/upgrading/upgrade-specific.mdx
+++ b/website/content/docs/upgrading/upgrade-specific.mdx
@@ -777,9 +777,9 @@ Starting with Consul 1.7.1 this is the new default.
 
 #### Removal of Deprecated Features
 
-Managed proxies (which have been [deprecated](/consul/docs/connect/proxies/managed-deprecated)
-since Consul 1.3.0) have now been [removed](/consul/docs/connect/proxies). Before
-upgrading, you will need to migrate any managed proxy usage to [sidecar service
+Managed proxies, which are deprecated since Consul v1.3.0, have now been 
+[removed](/consul/docs/connect/proxies). Before upgrading, you must
+migrate any managed proxy usage to [sidecar service
 registrations](/consul/docs/connect/registration/sidecar-service).
 
 ## Consul 1.4.0

From 587663dbcbd16464fd7f3c4a01bbfe486cb89351 Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Mon, 21 Aug 2023 10:07:49 -0400
Subject: [PATCH 303/359] Create nightly test-integration for consul release
 branch (#18530)

* Create nightly test-integration for consul release branch

* test

* fix
---
 .github/workflows/nightly-test-1.13.x.yaml    |   2 +-
 .github/workflows/nightly-test-1.14.x.yaml    |   2 +-
 .github/workflows/nightly-test-1.15.x.yaml    |   2 +-
 .github/workflows/nightly-test-1.16.x.yaml    |   2 +-
 .../nightly-test-integrations-1.15.x.yml      | 330 ++++++++++++++++++
 .../nightly-test-integrations-1.16.x.yml      | 330 ++++++++++++++++++
 .../workflows/nightly-test-integrations.yml   |  12 +-
 .github/workflows/nightly-test-main.yaml      |   2 +-
 8 files changed, 672 insertions(+), 10 deletions(-)
 create mode 100644 .github/workflows/nightly-test-integrations-1.15.x.yml
 create mode 100644 .github/workflows/nightly-test-integrations-1.16.x.yml

diff --git a/.github/workflows/nightly-test-1.13.x.yaml b/.github/workflows/nightly-test-1.13.x.yaml
index 3e95095b5e09..20d900d08f43 100644
--- a/.github/workflows/nightly-test-1.13.x.yaml
+++ b/.github/workflows/nightly-test-1.13.x.yaml
@@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Nightly Test 1.13.x
+name: Nightly Frontend Test 1.13.x
 on:
   schedule:
     - cron: '0 4 * * *'
diff --git a/.github/workflows/nightly-test-1.14.x.yaml b/.github/workflows/nightly-test-1.14.x.yaml
index dcbbb51f51e9..c8021e05a8b2 100644
--- a/.github/workflows/nightly-test-1.14.x.yaml
+++ b/.github/workflows/nightly-test-1.14.x.yaml
@@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Nightly Test 1.14.x
+name: Nightly Frontend Test 1.14.x
 on:
   schedule:
     - cron: '0 4 * * *'
diff --git a/.github/workflows/nightly-test-1.15.x.yaml b/.github/workflows/nightly-test-1.15.x.yaml
index 0a44186387ce..0a7c93205efa 100644
--- a/.github/workflows/nightly-test-1.15.x.yaml
+++ b/.github/workflows/nightly-test-1.15.x.yaml
@@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Nightly Test 1.15.x
+name: Nightly Frontend Test 1.15.x
 on:
   schedule:
     - cron: '0 4 * * *'
diff --git a/.github/workflows/nightly-test-1.16.x.yaml b/.github/workflows/nightly-test-1.16.x.yaml
index 8cbcad21a46d..b98e96a41f46 100644
--- a/.github/workflows/nightly-test-1.16.x.yaml
+++ b/.github/workflows/nightly-test-1.16.x.yaml
@@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Nightly Test 1.16.x
+name: Nightly Frontend Test 1.16.x
 on:
   schedule:
     - cron: '0 4 * * *'
diff --git a/.github/workflows/nightly-test-integrations-1.15.x.yml b/.github/workflows/nightly-test-integrations-1.15.x.yml
new file mode 100644
index 000000000000..ade1e17a3978
--- /dev/null
+++ b/.github/workflows/nightly-test-integrations-1.15.x.yml
@@ -0,0 +1,330 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+name: Nightly test-integrations 1.15.x
+
+on:
+  schedule:
+    # Run nightly at 1AM UTC/9PM EST/6PM PST
+    - cron: '* 1 * * *'
+  workflow_dispatch: {}
+
+env:
+  TEST_RESULTS_DIR: /tmp/test-results
+  TEST_RESULTS_ARTIFACT_NAME: test-results
+  CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
+  GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
+  GOTESTSUM_VERSION: "1.10.1"
+  CONSUL_BINARY_UPLOAD_NAME: consul-bin
+  # strip the hashicorp/ off the front of github.repository for consul
+  CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }}
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
+  BRANCH: "release/1.15.x"
+  BRANCH_NAME: "release-1.15.x"   # Used for naming artifacts
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    name: Setup
+    outputs:
+      compute-small: ${{ steps.runners.outputs.compute-small }}
+      compute-medium: ${{ steps.runners.outputs.compute-medium }}
+      compute-large: ${{ steps.runners.outputs.compute-large }}
+      compute-xl: ${{ steps.runners.outputs.compute-xl }}
+      enterprise: ${{ steps.runners.outputs.enterprise }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ env.BRANCH }}
+      - id: runners
+        run: .github/scripts/get_runner_classes.sh
+
+  dev-build:
+    needs: [setup]
+    uses: ./.github/workflows/reusable-dev-build.yml
+    with:
+      runs-on: ${{ needs.setup.outputs.compute-large }}
+      repository-name: ${{ github.repository }}
+      uploaded-binary-name: 'consul-bin'
+    secrets:
+      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+
+  generate-envoy-job-matrices:
+    needs: [setup]
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
+    name: Generate Envoy Job Matrices
+    outputs:
+      envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ env.BRANCH }}
+      - name: Generate Envoy Job Matrix
+        id: set-matrix
+        env:
+          # this is further going to multiplied in envoy-integration tests by the 
+          # other dimensions in the matrix.  Currently TOTAL_RUNNERS would be
+          # multiplied by 8 based on these values:
+          # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"]
+          # xds-target: ["server", "client"]
+          TOTAL_RUNNERS: 4 
+          JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]'
+        run: |
+          NUM_RUNNERS=$TOTAL_RUNNERS
+          NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l)
+
+          if [ "$NUM_DIRS" -lt "$NUM_RUNNERS" ]; then
+            echo "TOTAL_RUNNERS is larger than the number of tests/packages to split."
+            NUM_RUNNERS=$((NUM_DIRS-1))
+          fi
+          # fix issue where test splitting calculation generates 1 more split than TOTAL_RUNNERS.
+          NUM_RUNNERS=$((NUM_RUNNERS-1))
+          {
+            echo -n "envoy-matrix="
+            find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \
+              | xargs -0 -n 1 basename \
+              | jq --raw-input --argjson runnercount "$NUM_RUNNERS" "$JQ_SLICER" \
+              | jq --compact-output 'map(join("|"))'
+          } >> "$GITHUB_OUTPUT"
+  
+  envoy-integration-test:
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    needs:
+      - setup
+      - generate-envoy-job-matrices
+      - dev-build
+    permissions:
+      id-token: write # NOTE: this permission is explicitly required for Vault auth.
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        envoy-version: ["1.23.12", "1.24.10", "1.25.9", "1.26.4"]
+        xds-target: ["server", "client"]
+        test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
+    env:
+      ENVOY_VERSION: ${{ matrix.envoy-version }}
+      XDS_TARGET: ${{ matrix.xds-target }}
+      AWS_LAMBDA_REGION: us-west-2
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ env.BRANCH }}
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        with:
+          go-version-file: 'go.mod'
+
+      - name: fetch binary
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
+          path: ./bin
+      - name: restore mode+x
+        run: chmod +x ./bin/consul
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
+
+      - name: Docker build
+        run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
+
+      - name: Envoy Integration Tests
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running $(sed 's,|, ,g' <<< "${{ matrix.test-cases }}" |wc -w) subtests"
+          # shellcheck disable=SC2001
+          sed 's,|,\n,g' <<< "${{ matrix.test-cases }}"
+          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
+              --debug \
+              --rerun-fails \
+              --rerun-fails-report=/tmp/gotestsum-rerun-fails \
+              --jsonfile /tmp/jsonfile/go-test.log \
+              --packages=./test/integration/connect/envoy \
+              -- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
+
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Authenticate to Vault
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: vault-auth
+        run: vault-auth
+
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Fetch Secrets
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: secrets
+        uses: hashicorp/vault-action@v2.5.0
+        with:
+          url: ${{ steps.vault-auth.outputs.addr }}
+          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
+          token: ${{ steps.vault-auth.outputs.token }}
+          secrets: |
+              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
+
+      - name: prepare datadog-ci
+        if: ${{ !endsWith(github.repository, '-enterprise') }}
+        run: |
+          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
+          chmod +x /usr/local/bin/datadog-ci
+
+      - name: upload coverage
+        # do not run on forks
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        env:
+          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
+          DD_ENV: ci
+        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
+  
+  upgrade-integration-test:
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    needs:
+      - setup
+      - dev-build
+    permissions:
+      id-token: write # NOTE: this permission is explicitly required for Vault auth.
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        consul-version: ["1.14", "1.15", "1.16"]
+    env:
+      CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
+      ENVOY_VERSION: "1.24.6"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ env.BRANCH }}
+      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
+      - name: Setup Git
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        with:
+          go-version-file: 'go.mod'
+      - run: go env
+
+      # Get go binary from workspace
+      - name: fetch binary
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
+          path: .
+      - name: restore mode+x
+        run: chmod +x consul
+      - name: Build consul:local image
+        run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
+      - name: Build consul-envoy:latest-version image
+        id: buildConsulEnvoyLatestImage
+        run: |
+          if ${{ endsWith(github.repository, '-enterprise') }} == 'true'
+          then
+            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}-ent --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+          else
+            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}     --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+          fi
+      - name: Build consul-envoy:target-version image
+        id: buildConsulEnvoyTargetImage
+        continue-on-error: true
+        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+      - name: Retry Build consul-envoy:target-version image
+        if: steps.buildConsulEnvoyTargetImage.outcome == 'failure'
+        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+      - name: Build sds image
+        run: docker build -t consul-sds-server ./test/integration/connect/envoy/test-sds-server/
+      - name: Configure GH workaround for ipv6 loopback
+        if: ${{ !endsWith(github.repository, '-enterprise') }}
+        run: |
+          cat /etc/hosts && echo "-----------"
+          sudo sed -i 's/::1 *localhost ip6-localhost ip6-loopback/::1 ip6-localhost ip6-loopback/g' /etc/hosts
+          cat /etc/hosts
+      - name: Upgrade Integration Tests
+        run: |
+          mkdir -p "${{ env.TEST_RESULTS_DIR }}"
+          cd ./test/integration/consul-container/test/upgrade
+          docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version
+          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
+            --raw-command \
+            --format=short-verbose \
+            --debug \
+            --rerun-fails=2 \
+            --packages="./..." \
+            -- \
+            go test \
+            -p=4 \
+            -tags "${{ env.GOTAGS }}" \
+            -timeout=30m \
+            -json \
+            ./... \
+            --follow-log=false \
+            --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
+            --target-version local \
+            --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
+            --latest-version "${{ env.CONSUL_LATEST_VERSION }}"
+          ls -lrt
+        env:
+          # this is needed because of incompatibility between RYUK container and GHA
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          # tput complains if this isn't set to something.
+          TERM: ansi
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Authenticate to Vault
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: vault-auth
+        run: vault-auth
+
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Fetch Secrets
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: secrets
+        uses: hashicorp/vault-action@v2.5.0
+        with:
+          url: ${{ steps.vault-auth.outputs.addr }}
+          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
+          token: ${{ steps.vault-auth.outputs.token }}
+          secrets: |
+              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
+
+      - name: prepare datadog-ci
+        if: ${{ !endsWith(github.repository, '-enterprise') }}
+        run: |
+          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
+          chmod +x /usr/local/bin/datadog-ci
+
+      - name: upload coverage
+        # do not run on forks
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        env:
+          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
+          DD_ENV: ci
+        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
+
+
+  test-integrations-success:
+    needs: 
+    - setup
+    - dev-build
+    - generate-envoy-job-matrices
+    - envoy-integration-test
+    - upgrade-integration-test
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
+    if: ${{ always() }}
+    steps:
+      - name: evaluate upstream job results
+        run: |
+          # exit 1 if failure or cancelled result for any upstream job
+          if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then
+            printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
+            exit 1
+          fi
diff --git a/.github/workflows/nightly-test-integrations-1.16.x.yml b/.github/workflows/nightly-test-integrations-1.16.x.yml
new file mode 100644
index 000000000000..402cf30fca6f
--- /dev/null
+++ b/.github/workflows/nightly-test-integrations-1.16.x.yml
@@ -0,0 +1,330 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+name: Nightly test-integrations 1.16.x
+
+on:
+  schedule:
+    # Run nightly at 1AM UTC/9PM EST/6PM PST
+    - cron: '* 1 * * *'
+  workflow_dispatch: {}
+
+env:
+  TEST_RESULTS_DIR: /tmp/test-results
+  TEST_RESULTS_ARTIFACT_NAME: test-results
+  CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
+  GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
+  GOTESTSUM_VERSION: "1.10.1"
+  CONSUL_BINARY_UPLOAD_NAME: consul-bin
+  # strip the hashicorp/ off the front of github.repository for consul
+  CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }}
+  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
+  BRANCH: "release/1.16.x"
+  BRANCH_NAME: "release-1.16.x"   # Used for naming artifacts
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    name: Setup
+    outputs:
+      compute-small: ${{ steps.runners.outputs.compute-small }}
+      compute-medium: ${{ steps.runners.outputs.compute-medium }}
+      compute-large: ${{ steps.runners.outputs.compute-large }}
+      compute-xl: ${{ steps.runners.outputs.compute-xl }}
+      enterprise: ${{ steps.runners.outputs.enterprise }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ env.BRANCH }}
+      - id: runners
+        run: .github/scripts/get_runner_classes.sh
+
+  dev-build:
+    needs: [setup]
+    uses: ./.github/workflows/reusable-dev-build.yml
+    with:
+      runs-on: ${{ needs.setup.outputs.compute-large }}
+      repository-name: ${{ github.repository }}
+      uploaded-binary-name: 'consul-bin'
+    secrets:
+      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+
+  generate-envoy-job-matrices:
+    needs: [setup]
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
+    name: Generate Envoy Job Matrices
+    outputs:
+      envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ env.BRANCH }}
+      - name: Generate Envoy Job Matrix
+        id: set-matrix
+        env:
+          # this is further going to multiplied in envoy-integration tests by the 
+          # other dimensions in the matrix.  Currently TOTAL_RUNNERS would be
+          # multiplied by 8 based on these values:
+          # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"]
+          # xds-target: ["server", "client"]
+          TOTAL_RUNNERS: 4 
+          JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]'
+        run: |
+          NUM_RUNNERS=$TOTAL_RUNNERS
+          NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l)
+
+          if [ "$NUM_DIRS" -lt "$NUM_RUNNERS" ]; then
+            echo "TOTAL_RUNNERS is larger than the number of tests/packages to split."
+            NUM_RUNNERS=$((NUM_DIRS-1))
+          fi
+          # fix issue where test splitting calculation generates 1 more split than TOTAL_RUNNERS.
+          NUM_RUNNERS=$((NUM_RUNNERS-1))
+          {
+            echo -n "envoy-matrix="
+            find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \
+              | xargs -0 -n 1 basename \
+              | jq --raw-input --argjson runnercount "$NUM_RUNNERS" "$JQ_SLICER" \
+              | jq --compact-output 'map(join("|"))'
+          } >> "$GITHUB_OUTPUT"
+  
+  envoy-integration-test:
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    needs:
+      - setup
+      - generate-envoy-job-matrices
+      - dev-build
+    permissions:
+      id-token: write # NOTE: this permission is explicitly required for Vault auth.
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        envoy-version: ["1.23.12", "1.24.10", "1.25.9", "1.26.4"]
+        xds-target: ["server", "client"]
+        test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
+    env:
+      ENVOY_VERSION: ${{ matrix.envoy-version }}
+      XDS_TARGET: ${{ matrix.xds-target }}
+      AWS_LAMBDA_REGION: us-west-2
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ env.BRANCH }}
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        with:
+          go-version-file: 'go.mod'
+
+      - name: fetch binary
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
+          path: ./bin
+      - name: restore mode+x
+        run: chmod +x ./bin/consul
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
+
+      - name: Docker build
+        run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
+
+      - name: Envoy Integration Tests
+        env:
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          LAMBDA_TESTS_ENABLED: "true"
+          # tput complains if this isn't set to something.
+          TERM: ansi
+        run: |
+          # shellcheck disable=SC2001
+          echo "Running $(sed 's,|, ,g' <<< "${{ matrix.test-cases }}" |wc -w) subtests"
+          # shellcheck disable=SC2001
+          sed 's,|,\n,g' <<< "${{ matrix.test-cases }}"
+          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
+              --debug \
+              --rerun-fails \
+              --rerun-fails-report=/tmp/gotestsum-rerun-fails \
+              --jsonfile /tmp/jsonfile/go-test.log \
+              --packages=./test/integration/connect/envoy \
+              -- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
+
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Authenticate to Vault
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: vault-auth
+        run: vault-auth
+
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Fetch Secrets
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: secrets
+        uses: hashicorp/vault-action@v2.5.0
+        with:
+          url: ${{ steps.vault-auth.outputs.addr }}
+          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
+          token: ${{ steps.vault-auth.outputs.token }}
+          secrets: |
+              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
+
+      - name: prepare datadog-ci
+        if: ${{ !endsWith(github.repository, '-enterprise') }}
+        run: |
+          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
+          chmod +x /usr/local/bin/datadog-ci
+
+      - name: upload coverage
+        # do not run on forks
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        env:
+          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
+          DD_ENV: ci
+        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
+  
+  upgrade-integration-test:
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    needs:
+      - setup
+      - dev-build
+    permissions:
+      id-token: write # NOTE: this permission is explicitly required for Vault auth.
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        consul-version: ["1.14", "1.15", "1.16"]
+    env:
+      CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
+      ENVOY_VERSION: "1.24.6"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ env.BRANCH }}
+      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
+      - name: Setup Git
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        with:
+          go-version-file: 'go.mod'
+      - run: go env
+
+      # Get go binary from workspace
+      - name: fetch binary
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
+          path: .
+      - name: restore mode+x
+        run: chmod +x consul
+      - name: Build consul:local image
+        run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
+      - name: Build consul-envoy:latest-version image
+        id: buildConsulEnvoyLatestImage
+        run: |
+          if ${{ endsWith(github.repository, '-enterprise') }} == 'true'
+          then
+            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}-ent --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+          else
+            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}     --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+          fi
+      - name: Build consul-envoy:target-version image
+        id: buildConsulEnvoyTargetImage
+        continue-on-error: true
+        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+      - name: Retry Build consul-envoy:target-version image
+        if: steps.buildConsulEnvoyTargetImage.outcome == 'failure'
+        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+      - name: Build sds image
+        run: docker build -t consul-sds-server ./test/integration/connect/envoy/test-sds-server/
+      - name: Configure GH workaround for ipv6 loopback
+        if: ${{ !endsWith(github.repository, '-enterprise') }}
+        run: |
+          cat /etc/hosts && echo "-----------"
+          sudo sed -i 's/::1 *localhost ip6-localhost ip6-loopback/::1 ip6-localhost ip6-loopback/g' /etc/hosts
+          cat /etc/hosts
+      - name: Upgrade Integration Tests
+        run: |
+          mkdir -p "${{ env.TEST_RESULTS_DIR }}"
+          cd ./test/integration/consul-container/test/upgrade
+          docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version
+          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
+            --raw-command \
+            --format=short-verbose \
+            --debug \
+            --rerun-fails=2 \
+            --packages="./..." \
+            -- \
+            go test \
+            -p=4 \
+            -tags "${{ env.GOTAGS }}" \
+            -timeout=30m \
+            -json \
+            ./... \
+            --follow-log=false \
+            --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
+            --target-version local \
+            --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
+            --latest-version "${{ env.CONSUL_LATEST_VERSION }}"
+          ls -lrt
+        env:
+          # this is needed because of incompatibility between RYUK container and GHA
+          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
+          GOTESTSUM_FORMAT: standard-verbose
+          COMPOSE_INTERACTIVE_NO_CLI: 1
+          # tput complains if this isn't set to something.
+          TERM: ansi
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Authenticate to Vault
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: vault-auth
+        run: vault-auth
+
+      # NOTE: ENT specific step as we store secrets in Vault.
+      - name: Fetch Secrets
+        if: ${{ endsWith(github.repository, '-enterprise') }}
+        id: secrets
+        uses: hashicorp/vault-action@v2.5.0
+        with:
+          url: ${{ steps.vault-auth.outputs.addr }}
+          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
+          token: ${{ steps.vault-auth.outputs.token }}
+          secrets: |
+              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
+
+      - name: prepare datadog-ci
+        if: ${{ !endsWith(github.repository, '-enterprise') }}
+        run: |
+          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
+          chmod +x /usr/local/bin/datadog-ci
+
+      - name: upload coverage
+        # do not run on forks
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        env:
+          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
+          DD_ENV: ci
+        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
+
+
+  test-integrations-success:
+    needs: 
+    - setup
+    - dev-build
+    - generate-envoy-job-matrices
+    - envoy-integration-test
+    - upgrade-integration-test
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
+    if: ${{ always() }}
+    steps:
+      - name: evaluate upstream job results
+        run: |
+          # exit 1 if failure or cancelled result for any upstream job
+          if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then
+            printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
+            exit 1
+          fi
diff --git a/.github/workflows/nightly-test-integrations.yml b/.github/workflows/nightly-test-integrations.yml
index 4e1522194453..0481fadedac2 100644
--- a/.github/workflows/nightly-test-integrations.yml
+++ b/.github/workflows/nightly-test-integrations.yml
@@ -223,11 +223,13 @@ jobs:
         run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
       - name: Build consul-envoy:latest-version image
         id: buildConsulEnvoyLatestImage
-        continue-on-error: true
-        run: docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }} --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-      - name: Retry Build consul-envoy:latest-version image
-        if: steps.buildConsulEnvoyLatestImage.outcome == 'failure'
-        run: docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }} --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+        run: |
+          if ${{ endsWith(github.repository, '-enterprise') }} == 'true'
+          then
+            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}-ent --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+          else
+            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}     --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+          fi
       - name: Build consul-envoy:target-version image
         id: buildConsulEnvoyTargetImage
         continue-on-error: true
diff --git a/.github/workflows/nightly-test-main.yaml b/.github/workflows/nightly-test-main.yaml
index b5a0ae691a2c..4f392c4fa6bc 100644
--- a/.github/workflows/nightly-test-main.yaml
+++ b/.github/workflows/nightly-test-main.yaml
@@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Nightly Test Main
+name: Nightly Frontend Test Main
 on:
   schedule:
     - cron: '0 4 * * *'

From eab88bf92a252d8303abfd0ec8cd7ba37cddb22f Mon Sep 17 00:00:00 2001
From: Blake Covarrubias <blake@covarrubi.as>
Date: Mon, 21 Aug 2023 09:23:27 -0700
Subject: [PATCH 304/359] docs: Fix spelling errors across various pages on the
 site (#18533)

This commit fixes numerous spelling errors across the site and also
removes unnecessary whitespace that was present in the edited files.
---
 website/content/commands/intention/list.mdx   |   2 +-
 website/content/commands/kv/index.mdx         |   2 +-
 .../content/commands/services/deregister.mdx  |   8 +-
 .../content/commands/services/register.mdx    |   2 +-
 .../usage/limit-request-rates-from-ips.mdx    |  14 +-
 .../usage/set-global-traffic-rate-limits.mdx  |  16 +-
 .../content/docs/agent/wal-logstore/index.mdx |  12 +-
 .../agent/wal-logstore/revert-to-boltdb.mdx   |   8 +-
 website/content/docs/api-gateway/upgrades.mdx |  20 +-
 .../docs/architecture/anti-entropy.mdx        |   6 +-
 website/content/docs/architecture/scale.mdx   |  10 +-
 .../docs/connect/cluster-peering/index.mdx    |   8 +-
 .../control-plane-request-limit.mdx           |  24 +-
 .../config-entries/exported-services.mdx      |   2 +-
 .../config-entries/ingress-gateway.mdx        | 734 +++++++++---------
 .../connect/config-entries/jwt-provider.mdx   |  72 +-
 .../config-entries/service-defaults.mdx       | 244 +++---
 .../config-entries/service-intentions.mdx     | 176 ++---
 .../config-entries/service-resolver.mdx       |  60 +-
 .../connect/config-entries/service-router.mdx | 144 ++--
 .../connect/dataplane/consul-dataplane.mdx    |   2 +-
 .../connect/gateways/mesh-gateway/index.mdx   |   4 +-
 .../peering-via-mesh-gateways.mdx             |  10 +-
 .../intentions/create-manage-intentions.mdx   |  48 +-
 .../envoy-extensions/configuration/wasm.mdx   |  60 +-
 .../proxies/envoy-extensions/index.mdx        |   6 +-
 .../content/docs/connect/proxies/envoy.mdx    |  16 +-
 .../consul-vs-other/service-mesh-compare.mdx  |   4 +-
 website/content/docs/ecs/compatibility.mdx    |   4 +-
 website/content/docs/enterprise/index.mdx     |   4 +-
 .../license/utilization-reporting.mdx         |  20 +-
 .../create-network-segment.mdx                |  24 +-
 website/content/docs/k8s/connect/index.mdx    |  24 +-
 .../vault/wan-federation.mdx                  |   2 +-
 website/content/docs/k8s/helm.mdx             |  16 +-
 website/content/docs/k8s/service-sync.mdx     |   4 +-
 website/content/docs/k8s/upgrade/index.mdx    |   6 +-
 .../content/docs/nia/usage/requirements.mdx   |  14 +-
 website/content/docs/nia/usage/run-ha.mdx     |  68 +-
 .../docs/release-notes/consul-k8s/v1_0_x.mdx  |  36 +-
 .../docs/release-notes/consul/v1_15_x.mdx     |  52 +-
 .../checks-configuration-reference.mdx        |  24 +-
 .../docs/services/discovery/dns-overview.mdx  |  24 +-
 .../services/discovery/dns-static-lookups.mdx |  28 +-
 website/content/docs/services/services.mdx    |  12 +-
 .../docs/services/usage/define-services.mdx   |  42 +-
 46 files changed, 1059 insertions(+), 1059 deletions(-)

diff --git a/website/content/commands/intention/list.mdx b/website/content/commands/intention/list.mdx
index 85a7d6b9d6ce..4cdfa5c8a2f7 100644
--- a/website/content/commands/intention/list.mdx
+++ b/website/content/commands/intention/list.mdx
@@ -2,7 +2,7 @@
 layout: commands
 page_title: 'Commands: Intention List'
 description: >-
-  The `consul intention list` command returns all L4 service intentions, including a unique ID and intention precendence. It was deprecated in Consul v1.9.0; use `consul config` instead.
+  The `consul intention list` command returns all L4 service intentions, including a unique ID and intention precedence. It was deprecated in Consul v1.9.0; use `consul config` instead.
 ---
 
 # Consul Intention List
diff --git a/website/content/commands/kv/index.mdx b/website/content/commands/kv/index.mdx
index f95f8be8850f..0dd8796d8ebe 100644
--- a/website/content/commands/kv/index.mdx
+++ b/website/content/commands/kv/index.mdx
@@ -2,7 +2,7 @@
 layout: commands
 page_title: 'Commands: KV'
 description: >-
-  The `consul kv` command interacts with Consul's key/value store. It exposes top level commands to insert, update, read, and delte data from the store.
+  The `consul kv` command interacts with Consul's key/value store. It exposes top level commands to insert, update, read, and delete data from the store.
 ---
 
 # Consul KV
diff --git a/website/content/commands/services/deregister.mdx b/website/content/commands/services/deregister.mdx
index 79ea7cba27ba..edc493866e1c 100644
--- a/website/content/commands/services/deregister.mdx
+++ b/website/content/commands/services/deregister.mdx
@@ -2,7 +2,7 @@
 layout: commands
 page_title: 'Commands: Services Deregister'
 description: |
-  The `consul services deregister` command removes a service from the Consul catalog. Run the commeand on the agent that initially registered the service.
+  The `consul services deregister` command removes a service from the Consul catalog. Run the command on the agent that initially registered the service.
 ---
 
 # Consul Agent Service Deregistration
@@ -13,12 +13,12 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/agent/service/deregister/:service_
 
 The `services deregister` command deregisters a service with the local agent.
 Note that this command can only deregister services that were registered
-with the agent specified and is intended to be paired with `services register`. 
-By default, the command deregisters services on the local agent. 
+with the agent specified and is intended to be paired with `services register`.
+By default, the command deregisters services on the local agent.
 
 We recommend deregistering services registered with a configuration file by deleting the file and [reloading](/consul/commands/reload) Consul. Refer to [Services Overview](/consul/docs/services/services) for additional information about services.
 
-The following table shows the [ACLs](/consul/api-docs/api-structure#authentication) required to run the `consul services deregister` command: 
+The following table shows the [ACLs](/consul/api-docs/api-structure#authentication) required to run the `consul services deregister` command:
 
 | ACL Required    |
 | --------------- |
diff --git a/website/content/commands/services/register.mdx b/website/content/commands/services/register.mdx
index cefa2359230b..a1cbd8cf580e 100644
--- a/website/content/commands/services/register.mdx
+++ b/website/content/commands/services/register.mdx
@@ -14,7 +14,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/agent/service/register](/consul/ap
 The `services register` command registers a service with the local agent.
 This command returns after registration and must be paired with explicit
 service deregistration. This command simplifies service registration from
-scripts. Refer to [Register Services and Health Checks](/consul/docs/services/usage/register-services-checks) for information about other service registeration methods. 
+scripts. Refer to [Register Services and Health Checks](/consul/docs/services/usage/register-services-checks) for information about other service registration methods.
 
 The following table shows the [ACLs](/consul/api-docs/api-structure#authentication) required to use the `consul services register` command:
 
diff --git a/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx b/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
index 69c97558ce42..530ad7b26a7b 100644
--- a/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
+++ b/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
@@ -4,9 +4,9 @@ page_title: Limit traffic rates for a source IP address
 description: Learn how to set read and request rate limits on RPC and gRPC traffic from all source IP addresses to a Consul resource.
 ---
 
-# Limit traffic rates from source IP addresses 
+# Limit traffic rates from source IP addresses
 
-This topic describes how to configure RPC and gRPC traffic rate limits for source IP addresses. This enables you to specify a budget for read and write requests to prevent any single source IP from overwhelming the Consul server and negatively affecting the network. For information about setting global traffic rate limits, refer to [Set a global limit on traffic rates](/consul/docs/agent/limits/usage/set-global-traffic-rate-limits). For an overview of Consul's server rate limiting capabilities, refer to [Limit traffic rates overview](/consul/docs/agent/limits). 
+This topic describes how to configure RPC and gRPC traffic rate limits for source IP addresses. This enables you to specify a budget for read and write requests to prevent any single source IP from overwhelming the Consul server and negatively affecting the network. For information about setting global traffic rate limits, refer to [Set a global limit on traffic rates](/consul/docs/agent/limits/usage/set-global-traffic-rate-limits). For an overview of Consul's server rate limiting capabilities, refer to [Limit traffic rates overview](/consul/docs/agent/limits).
 
 <EnterpriseAlert>
 
@@ -28,7 +28,7 @@ You should also monitor read and write rate activity and make any necessary adju
 
 ## Define rate limits
 
-Create a control plane request limit configuration entry in the `default` partition. The configuration entry applies to all client requests targeting any partition. Refer to the [control plane request limit configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit) reference documentation for details about the available configuration parameters. 
+Create a control plane request limit configuration entry in the `default` partition. The configuration entry applies to all client requests targeting any partition. Refer to the [control plane request limit configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit) reference documentation for details about the available configuration parameters.
 
 Specify the following parameters:
 
@@ -37,11 +37,11 @@ Specify the following parameters:
 -  `read_rate`: Specify overall number of read operations per second allowed from the service.
 -  `write_rate`: Specify overall number of write operations per second allowed from the service.
 
-You can also configure limits on calls to the key-value store, ACL system, and Consul catalog. 
+You can also configure limits on calls to the key-value store, ACL system, and Consul catalog.
 
-## Apply the configuration entry 
+## Apply the configuration entry
 
-If your network is deployed to virtual machines, use the `consul config write` command and specify the control plane request limit configuration entry to apply the configuration. For Kubernetes-orchestrated networks, use the `kubectl apply` command. 
+If your network is deployed to virtual machines, use the `consul config write` command and specify the control plane request limit configuration entry to apply the configuration. For Kubernetes-orchestrated networks, use the `kubectl apply` command.
 
 <Tabs>
 <Tab heading="HCL" group="hcl">
@@ -69,4 +69,4 @@ $ kubectl apply control-plane-request-limit.yaml
 
 ## Disable request rate limits
 
-Set the [limits.request_limits.mode](/consul/docs/agent/config/config-files#mode-1) in the agent configuration to `disabled` to allow services to exceed the specified read and write requests limits. The `disabled` mode applies to all request rate limits, even limits specifed in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit).  Note that any other mode specified in the agent configuration only applies to global traffic rate limits.  
\ No newline at end of file
+Set the [limits.request_limits.mode](/consul/docs/agent/config/config-files#mode-1) in the agent configuration to `disabled` to allow services to exceed the specified read and write requests limits. The `disabled` mode applies to all request rate limits, even limits specified in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit).  Note that any other mode specified in the agent configuration only applies to global traffic rate limits.
diff --git a/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx b/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
index e21aa78c1e20..c0afeec9010e 100644
--- a/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
+++ b/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
@@ -6,22 +6,22 @@ description: Use global rate limits to prevent excessive rates of requests to Co
 
 # Set a global limit on traffic rates
 
-This topic describes how to configure rate limits for RPC and gRPC traffic to the Consul server. 
+This topic describes how to configure rate limits for RPC and gRPC traffic to the Consul server.
 
-## Introduction 
+## Introduction
 
 Rate limits apply to each Consul server separately and limit the number of read requests or write requests to the server on the RPC and internal gRPC endpoints.
 
 Because all requests coming to a Consul server eventually perform an RPC or an internal gRPC request, global rate limits apply to Consul's user interfaces, such as the HTTP API interface, the CLI, and the external gRPC endpoint for services in the service mesh.
 
-Refer to [Initialize Rate Limit Settings](/consul/docs/agent/limits/init-rate-limits) for additional information about right-sizing your gRPC request configurations. 
+Refer to [Initialize Rate Limit Settings](/consul/docs/agent/limits/init-rate-limits) for additional information about right-sizing your gRPC request configurations.
 
-## Set a global rate limit for a Consul server   
+## Set a global rate limit for a Consul server
 
 Configure the following settings in your Consul server configuration to limit the RPC and gRPC traffic rates.
 
 - Set the rate limiter [`mode`](/consul/docs/agent/config/config-files#mode-1)
-- Set the [`read_rate`](/consul/docs/agent/config/config-files#read_rate) 
+- Set the [`read_rate`](/consul/docs/agent/config/config-files#read_rate)
 - Set the [`write_rate`](/consul/docs/agent/config/config-files#write_rate)
 
 In the following example, the Consul server is configured to prevent more than `500` read and `200` write RPC calls:
@@ -53,10 +53,10 @@ limits = {
 
 </CodeTabs>
 
-## Monitor request rate traffic 
+## Monitor request rate traffic
 
-You should continue to mmonitor request traffic to ensure that request rates remain within the threshold you defined. Refer to [Monitor traffic rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits) for instructions about checking metrics and log entries, as well as troubleshooting informaiton.
+You should continue to monitor request traffic to ensure that request rates remain within the threshold you defined. Refer to [Monitor traffic rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits) for instructions about checking metrics and log entries, as well as troubleshooting information.
 
 ## Disable request rate limits
 
-Set the [`limits.request_limits.mode`](/consul/docs/agent/config/config-files#mode-1) to `disabled` to allow services to exceed the specified read and write requests limits, even limits specified in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit). Note that any other mode specified in the agent configuration only applies to global traffic rate limits. 
+Set the [`limits.request_limits.mode`](/consul/docs/agent/config/config-files#mode-1) to `disabled` to allow services to exceed the specified read and write requests limits, even limits specified in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit). Note that any other mode specified in the agent configuration only applies to global traffic rate limits.
diff --git a/website/content/docs/agent/wal-logstore/index.mdx b/website/content/docs/agent/wal-logstore/index.mdx
index 491255e8ed5a..77dc1dd05846 100644
--- a/website/content/docs/agent/wal-logstore/index.mdx
+++ b/website/content/docs/agent/wal-logstore/index.mdx
@@ -24,15 +24,15 @@ WAL implements a traditional log with rotating, append-only log files. WAL resol
 
 The existing BoltDB log store inefficiently stores append-only logs to disk because it was designed as a full key-value database. It is a single file that only ever grows. Deleting the oldest logs, which Consul does regularly when it makes new snapshots of the state, leaves free space in the file. The free space must be tracked in a `freelist` so that BoltDB can reuse it on future writes. By contrast, a simple segmented log can delete the oldest log files from disk.
 
-A burst of writes at double or triple the normal volume can suddenly cause the log file to grow to several times its steady-state size. After Consul takes the next snapshot and truncates the oldest logs, the resulting file is mostly empty space. 
+A burst of writes at double or triple the normal volume can suddenly cause the log file to grow to several times its steady-state size. After Consul takes the next snapshot and truncates the oldest logs, the resulting file is mostly empty space.
 
 To track the free space, Consul must write extra metadata to disk with every write. The metadata is proportional to the amount of free pages, so after a large burst write latencies tend to increase. In some cases, the latencies cause serious performance degradation to the cluster.
 
-To mitigate risks associated with sudden bursts of log data, Consul tries to limit lots of logs from accumulating in the LogStore. Significantly larger BoltDB files are slower to append to because the tree is deeper and freelist larger. For this reason, Consul's default options associated with snapshots, truncating logs, and keeping the log history have been aggressively set toward keeping BoltDB small rather than using disk IO optimally. 
+To mitigate risks associated with sudden bursts of log data, Consul tries to limit lots of logs from accumulating in the LogStore. Significantly larger BoltDB files are slower to append to because the tree is deeper and freelist larger. For this reason, Consul's default options associated with snapshots, truncating logs, and keeping the log history have been aggressively set toward keeping BoltDB small rather than using disk IO optimally.
 
-But the larger the file, the more likely it is to have a large freelist or suddenly form one after a burst of writes. For this reason, the many of Consul's default options asssociated with snapshots, truncating logs, and keeping the log history aggressively keep BoltDT small rather than uisng disk IO more efficiently. 
+But the larger the file, the more likely it is to have a large freelist or suddenly form one after a burst of writes. For this reason, the many of Consul's default options associated with snapshots, truncating logs, and keeping the log history aggressively keep BoltDT small rather than using disk IO more efficiently.
 
-Other reliability issues, such as [raft replication capacity issues](/consul/docs/agent/telemetry#raft-replication-capacity-issues), are much simpler to solve without the performance concerns caused by storing more logs in BoltDB. 
+Other reliability issues, such as [raft replication capacity issues](/consul/docs/agent/telemetry#raft-replication-capacity-issues), are much simpler to solve without the performance concerns caused by storing more logs in BoltDB.
 
 ### WAL approaches storage issues differently
 
@@ -43,11 +43,11 @@ When directly measured, WAL is more performant than BoltDB because it solves a s
 The WAL backend has been tested thoroughly during development:
 
 - Every component in the WAL, such as [metadata management](https://github.com/hashicorp/raft-wal/blob/main/types/meta.go), [log file encoding](https://github.com/hashicorp/raft-wal/blob/main/types/segment.go) to actual [file-system interaction](https://github.com/hashicorp/raft-wal/blob/main/types/vfs.go) are abstracted so unit tests can simulate difficult-to-reproduce disk failures.
- 
+
 - We used the [application-level intelligent crash explorer (ALICE)](https://github.com/hashicorp/raft-wal/blob/main/alice/README.md) to exhaustively simulate thousands of possible crash failure scenarios. WAL correctly recovered from all scenarios.
 
 - We ran hundreds of tests in a performance testing cluster with checksum verification enabled and did not detect data loss or corruption. We will continue testing before making WAL the default backend.
 
 We are aware of how complex and critical disk-persistence is for your data.
 
-We hope that many users at different scales will try WAL in their environments after upgrading to 1.15 or later and report success or failure so that we can confidently replace BoltDB as the default for new clusters in a future release.
\ No newline at end of file
+We hope that many users at different scales will try WAL in their environments after upgrading to 1.15 or later and report success or failure so that we can confidently replace BoltDB as the default for new clusters in a future release.
diff --git a/website/content/docs/agent/wal-logstore/revert-to-boltdb.mdx b/website/content/docs/agent/wal-logstore/revert-to-boltdb.mdx
index 2bd0638b7cd3..9ba6923b42db 100644
--- a/website/content/docs/agent/wal-logstore/revert-to-boltdb.mdx
+++ b/website/content/docs/agent/wal-logstore/revert-to-boltdb.mdx
@@ -5,7 +5,7 @@ description: >-
   Learn how to revert Consul to the BoltDB backend after enabled the WAL (write-ahead log) LogStore backend shipped in Consul 1.15.
 ---
 
-# Revert storage backend to BoltDB from WAL 
+# Revert storage backend to BoltDB from WAL
 
 This topic describes how to revert your Consul storage backend from the experimental WAL LogStore backend to the default BoltDB.
 
@@ -18,14 +18,14 @@ The overall process for reverting to BoltDB consists of the following steps. Rep
 
 ## Stop target server gracefully
 
-Stop the target server gracefully. For example, if you are using `systemd`, 
+Stop the target server gracefully. For example, if you are using `systemd`,
 run the following command:
 
 ```shell-session
 $ systemctl stop consul
 ```
 
-If your environment uses configuration management automation that might interfere with this process, such as Chef or Puppet, you must disable them until you have completely revereted the storage backend.
+If your environment uses configuration management automation that might interfere with this process, such as Chef or Puppet, you must disable them until you have completely reverted the storage backend.
 
 ## Remove data directory from target server
 
@@ -73,4 +73,4 @@ If necessary, clean up any `raft.wal.bak` directories. Replace `/data-dir` with
 
 ```shell-session
 $ rm /data-dir/raft.bak
-```
\ No newline at end of file
+```
diff --git a/website/content/docs/api-gateway/upgrades.mdx b/website/content/docs/api-gateway/upgrades.mdx
index 577920fd7d37..fcb2e1f41bae 100644
--- a/website/content/docs/api-gateway/upgrades.mdx
+++ b/website/content/docs/api-gateway/upgrades.mdx
@@ -11,7 +11,7 @@ Since Consul v1.15, the Consul API gateway is a native feature within the Consul
 
 ## Introduction
 
-Because Consul API gateway releases as part of Consul, it no longer has an independent version number. Instead, the API gateway inherits the same version number as the Consul binary. Refer to the [release notes](/consul/docs/release-notes) for additional information. 
+Because Consul API gateway releases as part of Consul, it no longer has an independent version number. Instead, the API gateway inherits the same version number as the Consul binary. Refer to the [release notes](/consul/docs/release-notes) for additional information.
 
 To begin using the native API gateway, complete one of the following upgrade paths:
 
@@ -20,7 +20,7 @@ To begin using the native API gateway, complete one of the following upgrade pat
 1. Complete the instructions for [upgrading to the native Consul API gateway](#upgrade-to-native-consul-api-gateway).
 
 ### Upgrade from v0.4.x - v0.5.x
- 
+
 1. Complete the [standard upgrade instructions](#standard-upgrade)
 1. Complete the instructions for [upgrading to the native Consul API gateway](#upgrade-to-native-consul-api-gateway).
 
@@ -53,11 +53,11 @@ You must begin the upgrade procedure with API gateway with Consul on Kubernetes
 
 If you are able to tolerate downtime for your applications, you should delete previously installed CRDs and allow Consul to install and manage them for future updates. The amount of downtime depends on how quickly you are able to install the new version of Consul. If you are unable to tolerate any downtime, refer to [Self-managed CRDs](#self-managed-crds) for instructions on how to upgrade without downtime.
 
-1. Run the `kubectl delete` command and reference the `kustomize` directory to delete the existing CRDs. The following example deletes the CRDs that were installed with API gateway `v0.5.1`: 
+1. Run the `kubectl delete` command and reference the `kustomize` directory to delete the existing CRDs. The following example deletes the CRDs that were installed with API gateway `v0.5.1`:
 
   ```shell-session
   $ kubectl delete --kustomize="github.com/hashicorp/consul-api-gateway/config/crd?ref=v0.5.1"
-  ``` 
+  ```
 
 1. Issue the following command to use the API gateway packaged in Consul. Since Consul will not detected an external CRD, it will try to install the API gateway packaged with Consul.
 
@@ -69,7 +69,7 @@ If you are able to tolerate downtime for your applications, you should delete pr
 
 1. Change any existing `Gateways` to reference the new `GatewayClass` `consul`. Refer to [gatewayClass](/consul/docs/api-gateway/configuration/gateway#gatewayclassname) for additional information.
 
-1. After updating all of your `gateway` configurations to use the new controller, you can remove the `apiGateway` block from the Helm chart and upgrade your Consul cluster. This completely removes the old gateway controller. 
+1. After updating all of your `gateway` configurations to use the new controller, you can remove the `apiGateway` block from the Helm chart and upgrade your Consul cluster. This completely removes the old gateway controller.
 
   <CodeBlockConfig filename="values.yaml">
 
@@ -98,7 +98,7 @@ If you are able to tolerate downtime for your applications, you should delete pr
 
 </Note>
 
-If you are unable to tolerate any downtime, you can complete the following steps to upgrade to the native Consul API gateway. If you choose this upgrade option, you must continue to manually install the CRDs necessary for operating the API gateway. 
+If you are unable to tolerate any downtime, you can complete the following steps to upgrade to the native Consul API gateway. If you choose this upgrade option, you must continue to manually install the CRDs necessary for operating the API gateway.
 
 1. Create a Helm chart that installs the version of Consul API gateway that ships with Consul and disables externally-managed CRDs:
 
@@ -119,7 +119,7 @@ If you are unable to tolerate any downtime, you can complete the following steps
     ```
 
   </CodeBlockConfig>
-  
+
   You must set `connectInject.apiGateway.manageExternalCRDs` to `false`. If you have external CRDs with legacy installation and you do not set this, you will get an error when you try to upgrade because Helm will try to install CRDs that already exist.
 
 1. Issue the following command to install the new version of API gateway and disables externally-managed CRDs:
@@ -132,7 +132,7 @@ If you are unable to tolerate any downtime, you can complete the following steps
 
 1. Change any existing `Gateways` to reference the new `GatewayClass` `consul`. Refer to [gatewayClass](/consul/docs/api-gateway/configuration/gateway#gatewayclassname) for additional information.
 
-1. After updating all of your `gateway` configurations to use the new controller, you can remove the `apiGateway` block from the Helm chart and upgrade your Consul cluster. This completely removes the old gateway controller. 
+1. After updating all of your `gateway` configurations to use the new controller, you can remove the `apiGateway` block from the Helm chart and upgrade your Consul cluster. This completely removes the old gateway controller.
 
   <CodeBlockConfig filename="values.yaml">
 
@@ -240,7 +240,7 @@ If you have any active `ReferencePolicy` resources, you will receive output simi
     from:
     - group: gateway.networking.k8s.io
       kind: HTTPRoute
-      namespace: example-namesapce
+      namespace: example-namespace
     to:
     - group: ""
       kind: Service
@@ -418,7 +418,7 @@ Ensure that the following requirements are met prior to upgrading:
     "crossNamespaceSecrets": {
       "group": "",
       "kind": "Secret",
-      "name": "cexample-certificate",
+      "name": "example-certificate",
       "namespace": "certificate-namespace"
     }
   }
diff --git a/website/content/docs/architecture/anti-entropy.mdx b/website/content/docs/architecture/anti-entropy.mdx
index 39d2a08156cc..292f5c0070d5 100644
--- a/website/content/docs/architecture/anti-entropy.mdx
+++ b/website/content/docs/architecture/anti-entropy.mdx
@@ -117,7 +117,7 @@ the source of truth for tag information. For example, the Redis
 database and its monitoring service Redis Sentinel have this kind of
 relationship. Redis instances are responsible for much of their
 configuration, but Sentinels determine whether the Redis instance is a
-primary or a secondary. Enable the 
+primary or a secondary. Enable the
 [`enable_tag_override`](/consul/docs/services/configuration/services-configuration-reference#enable_tag_override) parameter in your service definition file to tell the Consul agent where the Redis database is running to bypass
-tags during anti-entropy synchronization. Refer to 
-[Modify anti-entropy synchronozation](/consul/docs/services/usage/define-services#modify-anti-entropy-synchronization) for additional information.
+tags during anti-entropy synchronization. Refer to
+[Modify anti-entropy synchronization](/consul/docs/services/usage/define-services#modify-anti-entropy-synchronization) for additional information.
diff --git a/website/content/docs/architecture/scale.mdx b/website/content/docs/architecture/scale.mdx
index 1cf31162da86..ba03f23c666d 100644
--- a/website/content/docs/architecture/scale.mdx
+++ b/website/content/docs/architecture/scale.mdx
@@ -1,7 +1,7 @@
 ---
 layout: docs
 page_title: Recommendations for operating Consul at scale
-description: >-  
+description: >-
   When using Consul for large scale deployments, you can ensure network resilience by tailoring your network to your needs. Learn more about HashiCorp's recommendations for deploying Consul at scale.
 ---
 
@@ -57,7 +57,7 @@ If appropriate for your use case, we recommend breaking up a single Consul datac
 
 Be aware that the number 5,000 is a heuristic for deployments. The number of agents you deploy per datacenter is limited by performance, not Consul itself. Because gossip stability risk is determined by _the rate of agent churn_ rather than _the number of nodes_, a gossip pool with mostly static nodes may be able to operate effectively with more than 5,000 agents. Meanwhile, a gossip pool with highly dynamic agents, such as spot fleet instances and serverless functions where 10% of agents are replaced each day, may need to be smaller than 5,000 agents.
 
-For additional information about the specifc tests we conducted on Consul deployments at scale in order to generate these recommendations, refer to [Consul Scale Test Report to Observe Gossip Stability](https://www.hashicorp.com/blog/consul-scale-test-report-to-observe-gossip-stability) on the HashiCorp blog.
+For additional information about the specific tests we conducted on Consul deployments at scale in order to generate these recommendations, refer to [Consul Scale Test Report to Observe Gossip Stability](https://www.hashicorp.com/blog/consul-scale-test-report-to-observe-gossip-stability) on the HashiCorp blog.
 
 For most use cases, a limit of 5,000 agents is appropriate. When the `consul.serf.queue.Intent` metric is consistently high, it is an indication that the gossip pool cannot keep up with the sustained level of churn. In this situation, reduce the churn by lowering the number agents per datacenter.
 
@@ -175,13 +175,13 @@ Refer to [Consul agent telemetry](/consul/docs/agent/telemetry#bolt-db-performan
 
 #### Raft database size
 
-Raft writes logs to BoltDB, which is designed as a single grow-only file. As a result, if you add 1GB of log entries and then you take a snapshot, only a small number of recent log entries may appear in the file. However, the actual file on disk never shrinks smaller than the 1GB size it grew.  
+Raft writes logs to BoltDB, which is designed as a single grow-only file. As a result, if you add 1GB of log entries and then you take a snapshot, only a small number of recent log entries may appear in the file. However, the actual file on disk never shrinks smaller than the 1GB size it grew.
 
 If you need to reclaim disk space, use the `bbolt` CLI to copy the data to a new database and repoint to the new database in the process. However, be aware that the `bbolt compact` command requires the database to be offline while being pointed to the new database.
 
 In many cases, including in large clusters, disk space is not a primary concern because Raft logs rarely grow larger than a small number of GiB. However, an inflated file with lots of free space significantly degrades write performance overall due to _freelist management_.
 
-After they are written to disk, Raft logs are eventually captured in a snapshot and log nodes are removed from BoltDB. BoltDB keeps track of the pages for the removed nodes in its freelist. BoltDB also writes this freelist to disk every time there is a Raft write. When the Raft log grows large quickly and then gets truncated, the size of the freelist can become very large. In the worst case reported to us, the freelist was over 10MB. When this large freelist is written to disk on every Raft commit, the result is a large write amplification for what should be a small Raft commit.  
+After they are written to disk, Raft logs are eventually captured in a snapshot and log nodes are removed from BoltDB. BoltDB keeps track of the pages for the removed nodes in its freelist. BoltDB also writes this freelist to disk every time there is a Raft write. When the Raft log grows large quickly and then gets truncated, the size of the freelist can become very large. In the worst case reported to us, the freelist was over 10MB. When this large freelist is written to disk on every Raft commit, the result is a large write amplification for what should be a small Raft commit.
 
 To figure out if a Consul server’s disk performance issues are the result of BoldDB’s freelist, try the following strategies:
 
@@ -208,7 +208,7 @@ For example, if snapshot A on the leader has an index of 99 and the current inde
 
 When the leader takes snapshot B at index 199, it truncates the logs that accumulated between snapshot A and snapshot B, which means it truncates Raft logs with indexes between 100 and 199.
 
-Because the new server restored snapshot A, the new server has a current index of 99. It requests logs 100 to 150 because index 150 was the current index when it started the replication restore process. At this point, the leader recognizes that it only has logs 200 and higher, and does not have logs for indexes 100 to 150. The leader determines that the new server’s state is stale and starts the process over by sending the new server the latest snapshot, snapshot B.  
+Because the new server restored snapshot A, the new server has a current index of 99. It requests logs 100 to 150 because index 150 was the current index when it started the replication restore process. At this point, the leader recognizes that it only has logs 200 and higher, and does not have logs for indexes 100 to 150. The leader determines that the new server’s state is stale and starts the process over by sending the new server the latest snapshot, snapshot B.
 
 Consul keeps a configurable number of [Raft trailing logs](/consul/docs/agent/config/config-files#raft_trailing_logs) to prevent the snapshot install loop from repeating. The trailing logs are the last logs that went into the snapshot, and the new server can more easily catch up to the current state using these logs. The default Raft trailing logs configuration value is suitable for most deployments.
 
diff --git a/website/content/docs/connect/cluster-peering/index.mdx b/website/content/docs/connect/cluster-peering/index.mdx
index 4dc23cb00c2d..8b6f315a7d87 100644
--- a/website/content/docs/connect/cluster-peering/index.mdx
+++ b/website/content/docs/connect/cluster-peering/index.mdx
@@ -2,7 +2,7 @@
 layout: docs
 page_title: Cluster Peering Overview
 description: >-
-  Cluster peering establishes communication between independent clusters in Consul, allowing services to interact across datacenters. Learn how cluster peering works, its differences with WAN federation for multi-datacenter deployments, and how to troubleshoot common issues.  
+  Cluster peering establishes communication between independent clusters in Consul, allowing services to interact across datacenters. Learn how cluster peering works, its differences with WAN federation for multi-datacenter deployments, and how to troubleshoot common issues.
 ---
 
 # Cluster peering overview
@@ -22,7 +22,7 @@ In this diagram, the `default` partition in Consul DC 1 has a cluster peering co
 
 Cluster peering leverages several components of Consul's architecture to enforce secure communication between services:
 
-- A _peering token_ contains an embedded secret that securely establishes communication when shared symetrically between datacenters. Sharing this token enables each datacenter's server agents to recognize requests from authorized peers, similar to how the [gossip encryption key secures agent LAN gossip](/consul/docs/security/encryption#gossip-encryption).
+- A _peering token_ contains an embedded secret that securely establishes communication when shared symmetrically between datacenters. Sharing this token enables each datacenter's server agents to recognize requests from authorized peers, similar to how the [gossip encryption key secures agent LAN gossip](/consul/docs/security/encryption#gossip-encryption).
 - A _mesh gateway_ encrypts outgoing traffic, decrypts incoming traffic, and directs traffic to healthy services. Consul's service mesh features must be enabled in order to use mesh gateways. Mesh gateways support the specific admin partitions they are deployed on. Refer to [Mesh gateways](/consul/docs/connect/gateways/mesh-gateway) for more information.
 - An _exported service_ communicates with downstreams deployed in other admin partitions. They are explicitly defined in an [`exported-services` configuration entry](/consul/docs/connect/config-entries/exported-services).
 - A _service intention_ secures [service-to-service communication in a service mesh](/consul/docs/connect/intentions). Intentions enable identity-based access between services by exchanging TLS certificates, which the service's sidecar proxy verifies upon each request.
@@ -75,7 +75,7 @@ The following resources are available to help you use Consul's cluster peering f
 
 - [Cluster peering](/hcp/docs/consul/usage/cluster-peering)
 - [Cluster peering topologies](/hcp/docs/consul/usage/cluster-peering/topologies)
-- [Establish cluster peering connnections on HCP Consul](/hcp/docs/consul/usage/cluster-peering/create-connections)
+- [Establish cluster peering connections on HCP Consul](/hcp/docs/consul/usage/cluster-peering/create-connections)
 - [Cluster peering with management plane](/hcp/docs/consul/usage/management-plane#cluster-peering)
 
 ### Reference documentation
@@ -93,4 +93,4 @@ If you experience errors when using Consul's cluster peering features, refer to
 - Two admin partitions in the same datacenter cannot be peered. Use the [`exported-services` configuration entry](/consul/docs/connect/config-entries/exported-services#exporting-services-to-peered-clusters) instead.
 - To manage intentions that specify services in peered clusters, use [configuration entries](/consul/docs/connect/config-entries/service-intentions). The `consul intention` CLI command is not supported.
 - The Consul UI does not support exporting services between clusters or creating service intentions. Use either the API or the CLI to complete these required steps when establishing new cluster peering connections.
-- Accessing key/value stores across peers is not supported.
\ No newline at end of file
+- Accessing key/value stores across peers is not supported.
diff --git a/website/content/docs/connect/config-entries/control-plane-request-limit.mdx b/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
index 21b06f6533c1..8eb00d66d112 100644
--- a/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
+++ b/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
@@ -1,12 +1,12 @@
 ---
 layout: docs
 page_title: Control Plane Request Limit Configuration Entry Configuration Reference
-description:  Learn how to configure the control-plane-request-limit configuration entry, which defines how Consul agents limit read and reqeust traffic rate limits.
+description:  Learn how to configure the control-plane-request-limit configuration entry, which defines how Consul agents limit read and request traffic rate limits.
 ---
 
 # Control Plane Request Limit Configuration Entry Configuration Reference
 
-This topic describes the configuration options for the `control-plane-request-limit` configuration entry. You can only write the `control-plane-request-limit` configuration entry to the `default` partition, but the configuration entry applies to all client requests that target any partition. 
+This topic describes the configuration options for the `control-plane-request-limit` configuration entry. You can only write the `control-plane-request-limit` configuration entry to the `default` partition, but the configuration entry applies to all client requests that target any partition.
 
 <EnterpriseAlert>
 
@@ -29,7 +29,7 @@ The following list outlines field hierarchy, language-specific data types, and r
 - [`acl`](#acl): map | no default
    - [`read_rate`](#acl-read-rate): number | `100`
    - [`write_rate`](#acl-write-rate): number | `100`
-- [`catalog`](#catalog): map 
+- [`catalog`](#catalog): map
    - [`read_rate`](#catalog-read-rate): number | default is `100`
    - [`write_rate`](#catalog-write-rate): number | default is `100`
 
@@ -90,7 +90,7 @@ read_rate: 100
 write_rate: 100
 kv:
   read_rate: 100
-  write_rate: 100  
+  write_rate: 100
 acl:
   read_rate: 100
   write_rate: 100
@@ -124,13 +124,13 @@ Specifies an action to take if the rate of requests exceeds the limit.
 - Default: None
 - This field is required.
 - One of the following string values:
-  - `permissive`: The server continues to allow requests and records an error in the logs. This is the default value for `mode`.  
-  - `enforcing`: The server stops accepting requests and records an error in the logs. 
-  - `disabled`: Limits are not enforced or tracked. 
-  
+  - `permissive`: The server continues to allow requests and records an error in the logs. This is the default value for `mode`.
+  - `enforcing`: The server stops accepting requests and records an error in the logs.
+  - `disabled`: Limits are not enforced or tracked.
+
 ### `name`
 
-Specifies the name of the configuration entry. 
+Specifies the name of the configuration entry.
 
 #### Values
 
@@ -158,7 +158,7 @@ Specifies the maximum number of write requests per second that the agent allows.
 
 ### `kv`
 
-Specifies the maximum number of read and write requests to the Consul key-value store. 
+Specifies the maximum number of read and write requests to the Consul key-value store.
 
 #### Values
 
@@ -191,7 +191,7 @@ Specifies the maximum number of read and write ACL requests to the Consul server
 
 ### `acl.read_rate`
 S
-pecifies the maximum number of ACL read requests per second allowed to the Consul server.
+Specifies the maximum number of ACL read requests per second allowed to the Consul server.
 
 #### Values
 
@@ -227,4 +227,4 @@ Specifies the maximum number of write requests per second allowed to the Consul
 #### Values
 
 - Default: No limit.
-- Data type: number
\ No newline at end of file
+- Data type: number
diff --git a/website/content/docs/connect/config-entries/exported-services.mdx b/website/content/docs/connect/config-entries/exported-services.mdx
index b9e89d9ad1c6..c2c1bdd452ce 100644
--- a/website/content/docs/connect/config-entries/exported-services.mdx
+++ b/website/content/docs/connect/config-entries/exported-services.mdx
@@ -270,7 +270,7 @@ A asterisk wildcard (`*`) cannot be specified as the `Peer`. Added in Consul 1.1
 - `Partition`: <EnterpriseAlert inline /> Specifies an admin partition in the datacenter to export the service to.
 A asterisk wildcard (`*`) cannot be specified as the `Partition`.
 - `SamenessGroup`: <EnterpriseAlert inline /> Specifies as sameness group to export the service to.
-A asterisk wildcard (`*`) cannot be specified as the `SamennessGroup`.
+A asterisk wildcard (`*`) cannot be specified as the `SamenessGroup`.
 
 
 ## Examples
diff --git a/website/content/docs/connect/config-entries/ingress-gateway.mdx b/website/content/docs/connect/config-entries/ingress-gateway.mdx
index 63d990f9d864..e4dac5beb0a8 100644
--- a/website/content/docs/connect/config-entries/ingress-gateway.mdx
+++ b/website/content/docs/connect/config-entries/ingress-gateway.mdx
@@ -15,7 +15,7 @@ Consul's API gateway is the recommended alternative to ingress gateway.
 
 </Note>
 
-This topic provides configuration reference information for the ingress gateway configuration entry. An ingress gateway is a type of proxy you register as a service in Consul to enable network connectivity from external services to services inside of the service mesh. Refer to [Ingress gateways overview](/consul/docs/connect/gateways/ingress-gateway) for additional information. 
+This topic provides configuration reference information for the ingress gateway configuration entry. An ingress gateway is a type of proxy you register as a service in Consul to enable network connectivity from external services to services inside of the service mesh. Refer to [Ingress gateways overview](/consul/docs/connect/gateways/ingress-gateway) for additional information.
 
 ## Configuration model
 
@@ -27,121 +27,121 @@ The following list describes the configuration hierarchy, language-specific data
 - [`Kind`](#kind): string | must be `ingress-gateway` | required
 - [`Name`](#name): string | required
 - [`Namespace`](#namespace): string | `default` | <EnterpriseAlert inline/>
-- [`Meta`](#meta): map of strings 
+- [`Meta`](#meta): map of strings
 - [`Partition`](#partition): string | `default` | <EnterpriseAlert inline/>
-- [`TLS`](#tls): map 
+- [`TLS`](#tls): map
    - [`Enabled`](#tls-enabled): boolean | `false`
    - [`TLSMinVersion`](#tls-tlsminversion): string | `TLSv1_2`
-   - [`TLSMaxVersion`](#tls-tlsmaxversion): string 
-   - [`CipherSuites`](#tls-ciphersuites): list of strings 
-   - [`SDS`](#tls-sds): map of strings 
-      - [`ClusterName`](#tls-sds): string 
-      - [`CertResource`](#tls-sds): string 
-- [`Defaults`](#defaults): map 
-   - [`MaxConnections`](#defaults-maxconnections): number 
-   - [`MaxPendingRequests`](#defaults-maxpendingrequests): number 
-   - [`MaxConcurrentRequests`](#defaults-maxconcurrentrequests): number 
-   - [`PassiveHealthCheck`](#defaults-passivehealthcheck): map 
-      - [`interval`](#defaults-passivehealthcheck): number 
-      - [`max_failures`](#defaults-passivehealthcheck): number 
-      - [`enforcing_consecutive_5xx`](#defaults-passivehealthcheck): number 
-- [`Listeners`](#listeners): list of maps 
+   - [`TLSMaxVersion`](#tls-tlsmaxversion): string
+   - [`CipherSuites`](#tls-ciphersuites): list of strings
+   - [`SDS`](#tls-sds): map of strings
+      - [`ClusterName`](#tls-sds): string
+      - [`CertResource`](#tls-sds): string
+- [`Defaults`](#defaults): map
+   - [`MaxConnections`](#defaults-maxconnections): number
+   - [`MaxPendingRequests`](#defaults-maxpendingrequests): number
+   - [`MaxConcurrentRequests`](#defaults-maxconcurrentrequests): number
+   - [`PassiveHealthCheck`](#defaults-passivehealthcheck): map
+      - [`interval`](#defaults-passivehealthcheck): number
+      - [`max_failures`](#defaults-passivehealthcheck): number
+      - [`enforcing_consecutive_5xx`](#defaults-passivehealthcheck): number
+- [`Listeners`](#listeners): list of maps
    - [`Port`](#listeners-port): number | `0`
    - [`Protocol`](#listeners-protocol): number | `tcp`
-   - [`Services`](#listeners-services): list of objects 
-      - [`Name`](#listeners-services-name): string 
+   - [`Services`](#listeners-services): list of objects
+      - [`Name`](#listeners-services-name): string
       - [`Namespace`](#listeners-services-namespace): string | <EnterpriseAlert inline/>
       - [`Partition`](#listeners-services-partition): string | <EnterpriseAlert inline/>
       - [`Hosts`](#listeners-services-hosts): List of strings | `.ingress.*`
-      - [`RequestHeaders`](#listeners-services-requestheaders): map 
-         - [`Add`](#listeners-services-requestheaders): map of strings 
-         - [`Set`](#listeners-services-requestheaders): map of strings 
-         - [`Remove`](#listeners-services-requestheaders): list of strings 
-      - [`ResponseHeaders`](#listeners-services-responseheaders): map 
-         - [`Add`](#listeners-services-responseheaders): map of strings 
-         - [`Set`](#listeners-services-responseheaders): map of strings 
-         - [`Remove`](#listeners-services-responseheaders): list of strings 
-      - [`TLS`](#listeners-services-tls): map 
-         - [`SDS`](#listeners-services-tls-sds): map of strings 
-            - [`ClusterName`](#listeners-services-tls-sds): string 
-            - [`CertResource`](#listeners-services-tls-sds): string 
+      - [`RequestHeaders`](#listeners-services-requestheaders): map
+         - [`Add`](#listeners-services-requestheaders): map of strings
+         - [`Set`](#listeners-services-requestheaders): map of strings
+         - [`Remove`](#listeners-services-requestheaders): list of strings
+      - [`ResponseHeaders`](#listeners-services-responseheaders): map
+         - [`Add`](#listeners-services-responseheaders): map of strings
+         - [`Set`](#listeners-services-responseheaders): map of strings
+         - [`Remove`](#listeners-services-responseheaders): list of strings
+      - [`TLS`](#listeners-services-tls): map
+         - [`SDS`](#listeners-services-tls-sds): map of strings
+            - [`ClusterName`](#listeners-services-tls-sds): string
+            - [`CertResource`](#listeners-services-tls-sds): string
       - [`MaxConnections`](#listeners-services-maxconnections): number | `0`
       - [`MaxPendingRequests`](#listeners-services-maxconnections): number | `0`
       - [`MaxConcurrentRequests`](#listeners-services-maxconnections): number | `0`
-      - [`PassiveHealthCheck`](#listeners-services-passivehealthcheck): map 
-         - [`interval`](#listeners-services-passivehealthcheck): number 
-         - [`max_failures`](#listeners-services-passivehealthcheck): number 
-         - [`enforcing_consecutive_5xx`](#listeners-services-passivehealthcheck): number 
-   - [`TLS`](#listeners-tls): map 
+      - [`PassiveHealthCheck`](#listeners-services-passivehealthcheck): map
+         - [`interval`](#listeners-services-passivehealthcheck): number
+         - [`max_failures`](#listeners-services-passivehealthcheck): number
+         - [`enforcing_consecutive_5xx`](#listeners-services-passivehealthcheck): number
+   - [`TLS`](#listeners-tls): map
       - [`Enabled`](#listeners-tls-enabled): boolean | `false`
       - [`TLSMinVersion`](#listeners-tls-tlsminversion): string | `TLSv1_2`
-      - [`TLSMaxVersion`](#listeners-tls-tlsmaxversion): string 
-      - [`CipherSuites`](#listeners-tls-ciphersuites): list of strings 
-      - [`SDS`](#listeners-tls-sds): map of strings 
-         - [`ClusterName`](#listeners-tls-sds): string 
-         - [`CertResource`](#listeners-tls-sds): string 
+      - [`TLSMaxVersion`](#listeners-tls-tlsmaxversion): string
+      - [`CipherSuites`](#listeners-tls-ciphersuites): list of strings
+      - [`SDS`](#listeners-tls-sds): map of strings
+         - [`ClusterName`](#listeners-tls-sds): string
+         - [`CertResource`](#listeners-tls-sds): string
 
 </Tab>
 
 <Tab heading="Kubernetes YAML" group="yaml">
 
-- [ `apiVersion`](#apiversion): string | must be set to `consul.hashicorp.com/v1alpha1` | required 
+- [ `apiVersion`](#apiversion): string | must be set to `consul.hashicorp.com/v1alpha1` | required
 - [`kind`](#kind): string | must be `IngressGateway` | required
-- [`metadata`](#metadata): map of strings 
+- [`metadata`](#metadata): map of strings
    - [`name`](#metadata-name): string | required
    - [`namespace`](#metadata-namespace): string | `default` | <EnterpriseAlert inline/>
-- [`spec`](#spec): map 
-   - [`tls`](#spec-tls): map 
+- [`spec`](#spec): map
+   - [`tls`](#spec-tls): map
       - [`enabled`](#spec-tls-enabled): boolean | `false`
       - [`tlsMinVersion`](#spec-tls-tlsminversion): string | `TLSv1_2`
-      - [`tlsMaxVersion`](#spec-tls-tlsmaxversion): string 
-      - [`cipherSuites`](#spec-tls-ciphersuites): list of strings 
-      - [`sds`](#spec-tls-sds): map of strings 
-         - [`clusterName`](#spec-tls-sds): string 
-         - [`certResource`](#spec-tls-sds): string 
-   - [`defaults`](#spec-defaults): map 
-      - [`maxConnections`](#spec-defaults-maxconnections): number 
-      - [`maxPendingRequests`](#spec-defaults-maxpendingrequests): number 
-      - [`maxConcurrentRequests`](#spec-defaults-maxconcurrentrequests): number 
-      - [`passiveHealthCheck`](#spec-defaults-passivehealthcheck): map 
+      - [`tlsMaxVersion`](#spec-tls-tlsmaxversion): string
+      - [`cipherSuites`](#spec-tls-ciphersuites): list of strings
+      - [`sds`](#spec-tls-sds): map of strings
+         - [`clusterName`](#spec-tls-sds): string
+         - [`certResource`](#spec-tls-sds): string
+   - [`defaults`](#spec-defaults): map
+      - [`maxConnections`](#spec-defaults-maxconnections): number
+      - [`maxPendingRequests`](#spec-defaults-maxpendingrequests): number
+      - [`maxConcurrentRequests`](#spec-defaults-maxconcurrentrequests): number
+      - [`passiveHealthCheck`](#spec-defaults-passivehealthcheck): map
          - [`interval`](#spec-defaults-passivehealthcheck): number | no proxy's default value
          - [`max_failures`](#spec-defaults-passivehealthcheck): number | no proxy's default value
          - [`enforcing_consecutive_5xx`](#spec-defaults-passivehealthcheck): number | proxy's default value
-   - [`listeners`](#spec-listeners): list of maps 
+   - [`listeners`](#spec-listeners): list of maps
       - [`port`](#spec-listeners-port): number | `0`
       - [`protocol`](#spec-listeners-protocol): number | `tcp`
-      - [`services`](#spec-listeners-services): list of maps 
-         - [`name`](#spec-listeners-services-name): string 
+      - [`services`](#spec-listeners-services): list of maps
+         - [`name`](#spec-listeners-services-name): string
          - [`namespace`](#spec-listeners-services-namespace): string | current namespace | <EnterpriseAlert inline/>
          - [`partition`](#spec-listeners-services-partition): string | current partition | <EnterpriseAlert inline/>
          - [`hosts`](#spec-listeners-services-hosts): list of strings | `.ingress.*`
-         - [`requestHeaders`](#spec-listeners-services-requestheaders): map 
-            - [`add`](#spec-listeners-services-requestheaders): map of strings 
-            - [`set`](#spec-listeners-services-requestheaders): map of strings 
-            - [`remove`](#spec-listeners-services-requestheaders): list of strings 
-         - [`responseHeaders`](#spec-listeners-services-responseheaders): map 
-            - [`add`](#spec-listeners-services-responseheaders): map of strings 
-            - [`set`](#spec-listeners-services-responseheaders): map of strings 
-            - [`remove`](#spec-listeners-services-responseheaders): list of strings 
-         - [`tls`](#spec-listeners-services-tls): map 
-            - [`sds`](#spec-listeners-services-tls-sds): map of strings 
-               - [`clusterName`](#spec-listeners-services-tls-sds): string 
-               - [`certResource`](#spec-listeners-services-tls-sds): string 
+         - [`requestHeaders`](#spec-listeners-services-requestheaders): map
+            - [`add`](#spec-listeners-services-requestheaders): map of strings
+            - [`set`](#spec-listeners-services-requestheaders): map of strings
+            - [`remove`](#spec-listeners-services-requestheaders): list of strings
+         - [`responseHeaders`](#spec-listeners-services-responseheaders): map
+            - [`add`](#spec-listeners-services-responseheaders): map of strings
+            - [`set`](#spec-listeners-services-responseheaders): map of strings
+            - [`remove`](#spec-listeners-services-responseheaders): list of strings
+         - [`tls`](#spec-listeners-services-tls): map
+            - [`sds`](#spec-listeners-services-tls-sds): map of strings
+               - [`clusterName`](#spec-listeners-services-tls-sds): string
+               - [`certResource`](#spec-listeners-services-tls-sds): string
          - [`maxConnections`](#spec-listeners-services-maxconnections): number | `0`
          - [`maxPendingRequests`](#spec-listeners-services-maxconnections): number | `0`
          - [`maxConcurrentRequests`](#spec-listeners-services-maxconnections): number | `0`
-         - [`passiveHealthCheck`](#spec-listeners-services-passivehealthcheck): map 
-            - [`interval`](#spec-listeners-services-passivehealthcheck): number 
-            - [`max_failures`](#spec-listeners-services-passivehealthcheck): number 
-            - [`enforcing_consecutive_5xx`](#spec-listeners-services-passivehealthcheck): number 
-      - [`tls`](#spec-listeners-tls): map    
+         - [`passiveHealthCheck`](#spec-listeners-services-passivehealthcheck): map
+            - [`interval`](#spec-listeners-services-passivehealthcheck): number
+            - [`max_failures`](#spec-listeners-services-passivehealthcheck): number
+            - [`enforcing_consecutive_5xx`](#spec-listeners-services-passivehealthcheck): number
+      - [`tls`](#spec-listeners-tls): map
          - [`enabled`](#spec-listeners-tls-enabled): boolean | `false`
          - [`tlsMinVersion`](#spec-listeners-tls-tlsminversion): string | `TLSv1_2`
-         - [`tlsMaxVersion`](#spec-listeners-tls-tlsmaxversion): string 
-         - [`cipherSuites`](#spec-listeners-tls-ciphersuites): list of strings 
-         - [`sds`](#spec-listeners-tls-sds): map of strings 
-            - [`clusterName`](#spec-listeners-tls-sds): string 
-            - [`certResource`](#spec-listeners-tls-sds): string 
+         - [`tlsMaxVersion`](#spec-listeners-tls-tlsmaxversion): string
+         - [`cipherSuites`](#spec-listeners-tls-ciphersuites): list of strings
+         - [`sds`](#spec-listeners-tls-sds): map of strings
+            - [`clusterName`](#spec-listeners-tls-sds): string
+            - [`certResource`](#spec-listeners-tls-sds): string
 
 </Tab>
 
@@ -156,94 +156,94 @@ When every field is defined, an ingress gateway configuration entry has the foll
 <Tab heading="HCL" group="hcl">
 
 ```hcl
-Kind      = "ingress-gateway"          
-Name      = "<name of the gateway>"    
-Namespace = "<namespace to register the gateway>" 
-Partition = "<partition to register the gateway>" 
-Meta = {       
+Kind      = "ingress-gateway"
+Name      = "<name of the gateway>"
+Namespace = "<namespace to register the gateway>"
+Partition = "<partition to register the gateway>"
+Meta = {
   <key> = "<value>"
 }
-TLS = {        
-  Enabled       = false         
-  TLSMinVersion = "TLSv1_2"     
-  TLSMaxVersion = "<max version of TLS supported for this gateway>"  
-  CipherSuites = [   
+TLS = {
+  Enabled       = false
+  TLSMinVersion = "TLSv1_2"
+  TLSMaxVersion = "<max version of TLS supported for this gateway>"
+  CipherSuites = [
     "<cipher>"
   ]
-  SDS = {      
-    ClusterName  = "<name of SDS cluster>"   
-    CertResource = "<SDS resource name>"     
+  SDS = {
+    ClusterName  = "<name of SDS cluster>"
+    CertResource = "<SDS resource name>"
   }
 }
-Defaults = {         
-  MaxConnections        = 0      
-  MaxPendingRequests    = 0      
-  MaxConcurrentRequests = 0      
-  PassiveHealthCheck = {            
-    interval                  = 10  
-    max_failures              = 5   
-    enforcing_consecutive_5xx = 100 
+Defaults = {
+  MaxConnections        = 0
+  MaxPendingRequests    = 0
+  MaxConcurrentRequests = 0
+  PassiveHealthCheck = {
+    interval                  = 10
+    max_failures              = 5
+    enforcing_consecutive_5xx = 100
   }
 }
-Listeners = [           
-  {                     
-    Port     = 0        
-    Protocol = "tcp"    
-    Services = [        
-      {                 
-        Name      = "<name of external service>"                  
-        Namespace = "<namespace containing the external service>" 
-        Partition = "<partition containing the external service>" 
-        Hosts = [       
-          ".ingress.*"  
+Listeners = [
+  {
+    Port     = 0
+    Protocol = "tcp"
+    Services = [
+      {
+        Name      = "<name of external service>"
+        Namespace = "<namespace containing the external service>"
+        Partition = "<partition containing the external service>"
+        Hosts = [
+          ".ingress.*"
         ]
-        RequestHeaders = {    
-          Add = {             
-            RequestHeaderName = "<request header value to add>"  
+        RequestHeaders = {
+          Add = {
+            RequestHeaderName = "<request header value to add>"
           }
-          Set = {             
-            RequestHeaderName = "<request header value to set>" 
+          Set = {
+            RequestHeaderName = "<request header value to set>"
           }
-          Remove = [          
-            "<request header to remove>"    
+          Remove = [
+            "<request header to remove>"
           ]
         }
-        ResponseHeaders = {   
-          Add = {             
-            ResponseHeaderName = "<response header value to add>"  
+        ResponseHeaders = {
+          Add = {
+            ResponseHeaderName = "<response header value to add>"
           }
-          Set = {             
-            ResponseHeaderName = "<response header value to set>"  
+          Set = {
+            ResponseHeaderName = "<response header value to set>"
           }
-          Remove = [          
-            "<response header remove>"   
+          Remove = [
+            "<response header remove>"
           ]
         }
-        TLS = {            
-          SDS = {            
-            ClusterName  = "<name of SDS cluster>"   
-            CertResource = "<name of SDS source>"    
+        TLS = {
+          SDS = {
+            ClusterName  = "<name of SDS cluster>"
+            CertResource = "<name of SDS source>"
           }
         }
-        MaxConnections        = <number>      
-        MaxPendingRequests    = <number>      
-        MaxConcurrentRequests = <number>      
-        PassiveHealthCheck = {            
-          interval                  = 10  
-          max_failures              = 5   
-          enforcing_consecutive_5xx = 100 
+        MaxConnections        = <number>
+        MaxPendingRequests    = <number>
+        MaxConcurrentRequests = <number>
+        PassiveHealthCheck = {
+          interval                  = 10
+          max_failures              = 5
+          enforcing_consecutive_5xx = 100
         }
     }]
-    TLS = {                       
-      Enabled       = false      
-      TLSMinVersion = "TLSv1_2"  
-      TLSMaxVersion = "<max supported version for the listener>" 
-      CipherSuites = [     
-        "<ciphersuite>"    
+    TLS = {
+      Enabled       = false
+      TLSMinVersion = "TLSv1_2"
+      TLSMaxVersion = "<max supported version for the listener>"
+      CipherSuites = [
+        "<ciphersuite>"
       ]
-      SDS = {                    
-        ClusterName  = "<name of SDS cluster>" 
-        CertResource = "<SDS resource name>"   
+      SDS = {
+        ClusterName  = "<name of SDS cluster>"
+        CertResource = "<SDS resource name>"
       }
     }
   }
@@ -256,71 +256,71 @@ Listeners = [
 
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
-kind: IngressGateway          
+kind: IngressGateway
 metadata:
-  name: <name of the gateway>    
-  namespace: "<namespace to register the gateway>" 
-spec: 
-  tls:         
-    enabled: false         
-    tlsSMinVersion: TLSv1_2     
-    tlsMaxVersion: "<max version of TLS supported for this gateway>"  
-    cipherSuites:    
+  name: <name of the gateway>
+  namespace: "<namespace to register the gateway>"
+spec:
+  tls:
+    enabled: false
+    tlsSMinVersion: TLSv1_2
+    tlsMaxVersion: "<max version of TLS supported for this gateway>"
+    cipherSuites:
      - <cipher>
-    sds:      
-      clusterName: <name of SDS cluster>   
-      certResource: <SDS resource name>     
-  defaults:          
-    maxConnections: 0      
-    maxPendingRequests: 0      
-    maxConcurrentRequests: 0      
-    passiveHealthCheck:            
-      interval: 10  
-      max_failures: 5   
-      enforcing_consecutive_5xx: 100 
-  listeners:                     
-    - port: 0        
-      protocol: tcp    
-      services:         
-        - name: <name of external service>                  
-          namespace: <namespace containing the external service> 
+    sds:
+      clusterName: <name of SDS cluster>
+      certResource: <SDS resource name>
+  defaults:
+    maxConnections: 0
+    maxPendingRequests: 0
+    maxConcurrentRequests: 0
+    passiveHealthCheck:
+      interval: 10
+      max_failures: 5
+      enforcing_consecutive_5xx: 100
+  listeners:
+    - port: 0
+      protocol: tcp
+      services:
+        - name: <name of external service>
+          namespace: <namespace containing the external service>
           partition: <partition containing the external service>
-          hosts:       
-            - .ingress.*  
-          requestHeaders:     
-            add:             
+          hosts:
+            - .ingress.*
+          requestHeaders:
+            add:
               requestHeaderName: <request header value to add>
             set:
               requestHeaderName: <request header value to set>
-     remove:           
-              - <request header to remove>    
-          responseHeaders:  
-            add:             
-              responseHeaderName: <response header value to add>  
-            set:             
+     remove:
+              - <request header to remove>
+          responseHeaders:
+            add:
+              responseHeaderName: <response header value to add>
+            set:
               responseHeaderName: <response header value to set>
             remove:
-              - <response header remove>   
-          tls:            
-            sds:            
+              - <response header remove>
+          tls:
+            sds:
               clusterName: <name of SDS cluster>
-              certResource: <name of SDS source>    
-            maxConnections: <number>      
-            maxPendingRequests: <number>      
-            maxConcurrentRequests: <number>      
-            passiveHealthCheck:            
-              interval: 10  
-              max_failures: 5   
-              enforcing_consecutive_5xx: 100        
-      tls:                       
-        enabled: false      
-        tlsMinVersion: TLSv1_2  
-        tlsMaxVersion: <max supported version for the listener> 
-        cipherSuites:      
-          - <ciphersuite>    
-        sds:                    
-          clusterName: <name of SDS cluster> 
-          certResource: <SDS resource name>   
+              certResource: <name of SDS source>
+            maxConnections: <number>
+            maxPendingRequests: <number>
+            maxConcurrentRequests: <number>
+            passiveHealthCheck:
+              interval: 10
+              max_failures: 5
+              enforcing_consecutive_5xx: 100
+      tls:
+        enabled: false
+        tlsMinVersion: TLSv1_2
+        tlsMaxVersion: <max supported version for the listener>
+        cipherSuites:
+          - <ciphersuite>
+        sds:
+          clusterName: <name of SDS cluster>
+          certResource: <SDS resource name>
 ```
 
 </Tab>
@@ -329,100 +329,100 @@ spec:
 
 ```json
 {
-  "Kind" : "ingress-gateway",          
-  "Name" : "<name of the gateway>",    
-  "Namespace" : "<namespace to register the gateway>", 
-  "Partition" : "<partition to register the gateway>", 
-  "Meta": {       
+  "Kind" : "ingress-gateway",
+  "Name" : "<name of the gateway>",
+  "Namespace" : "<namespace to register the gateway>",
+  "Partition" : "<partition to register the gateway>",
+  "Meta": {
     "<key>" : "<value>"
   },
-  "TLS" : {        
-    "Enabled" : false,         
-    "TLSMinVersion" : "TLSv1_2",     
-    "TLSMaxVersion" : "<max version of TLS supported for this gateway>",  
-    "CipherSuites" : [   
+  "TLS" : {
+    "Enabled" : false,
+    "TLSMinVersion" : "TLSv1_2",
+    "TLSMaxVersion" : "<max version of TLS supported for this gateway>",
+    "CipherSuites" : [
       "<cipher>"
     ],
-    "SDS": {      
-      "ClusterName" : "<name of SDS cluster>",   
-      "CertResource" : "<SDS resource name>"     
+    "SDS": {
+      "ClusterName" : "<name of SDS cluster>",
+      "CertResource" : "<SDS resource name>"
     }
   },
-  "Defaults" : {         
-    "MaxConnections" : 0,      
-    "MaxPendingRequests" : 0,      
-    "MaxConcurrentRequests": 0,      
-    "PassiveHealthCheck" : {            
-      "interval" : 10,  
-      "max_failures" : 5,   
-      "enforcing_consecutive_5xx" : 100 
+  "Defaults" : {
+    "MaxConnections" : 0,
+    "MaxPendingRequests" : 0,
+    "MaxConcurrentRequests": 0,
+    "PassiveHealthCheck" : {
+      "interval" : 10,
+      "max_failures" : 5,
+      "enforcing_consecutive_5xx" : 100
     }
   },
-  "Listeners" : [           
-    {                     
-      "Port" : 0,        
-      "Protocol" : "tcp",    
-      "Services" : [        
-        {                 
-          "Name" : "<name of external service>",                  
-          "Namespace" : "<namespace containing the external service>", 
-          "Partition" : "<partition containing the external service>", 
-          "Hosts" :  [       
-            ".ingress.*"  
+  "Listeners" : [
+    {
+      "Port" : 0,
+      "Protocol" : "tcp",
+      "Services" : [
+        {
+          "Name" : "<name of external service>",
+          "Namespace" : "<namespace containing the external service>",
+          "Partition" : "<partition containing the external service>",
+          "Hosts" :  [
+            ".ingress.*"
           ],
-          "RequestHeaders" : {    
-            "Add" : {             
-              "RequestHeaderName" : "<request header value to add>"  
+          "RequestHeaders" : {
+            "Add" : {
+              "RequestHeaderName" : "<request header value to add>"
             },
-            "Set" : {             
-              "RequestHeaderName" : "<request header value to set>" 
+            "Set" : {
+              "RequestHeaderName" : "<request header value to set>"
             },
-            "Remove" : [          
-              "<request header to remove>"    
+            "Remove" : [
+              "<request header to remove>"
             ]
           },
-          "ResponseHeaders" : {   
-            "Add" : {             
-              "ResponseHeaderName" : "<response header value to add>"  
+          "ResponseHeaders" : {
+            "Add" : {
+              "ResponseHeaderName" : "<response header value to add>"
             },
-            "Set" : {             
-              "ResponseHeaderName" : "<response header value to set>"  
+            "Set" : {
+              "ResponseHeaderName" : "<response header value to set>"
             },
-            "Remove" : [          
-              "<response header remove>"   
+            "Remove" : [
+              "<response header remove>"
             ]
           },
-          "TLS" : {            
-            "SDS" : {            
-              "ClusterName" : "<name of SDS cluster>",   
-              "CertResource" : "<name of SDS source>"    
+          "TLS" : {
+            "SDS" : {
+              "ClusterName" : "<name of SDS cluster>",
+              "CertResource" : "<name of SDS source>"
             }
           },
-          "MaxConnections" : <number>,      
-          "MaxPendingRequests" : <number>,      
-          "MaxConcurrentRequests" : <number>,      
-          "PassiveHealthCheck" : {            
-            "interval" : 10,  
-            "max_failures" : 5,   
-            "enforcing_consecutive_5xx" : 100 
+          "MaxConnections" : <number>,
+          "MaxPendingRequests" : <number>,
+          "MaxConcurrentRequests" : <number>,
+          "PassiveHealthCheck" : {
+            "interval" : 10,
+            "max_failures" : 5,
+            "enforcing_consecutive_5xx" : 100
           }
         }
       ],
-      "TLS" : {                       
-        "Enabled" : false,      
-        "TLSMinVersion" : "TLSv1_2",  
-        "TLSMaxVersion" : "<max supported version for the listener>", 
-        "CipherSuites" : [     
-          "<ciphersuite>"    
+      "TLS" : {
+        "Enabled" : false,
+        "TLSMinVersion" : "TLSv1_2",
+        "TLSMaxVersion" : "<max supported version for the listener>",
+        "CipherSuites" : [
+          "<ciphersuite>"
         ],
-        "SDS" : {                    
-          "ClusterName" : "<name of SDS cluster>", 
-          "CertResource" : "<SDS resource name>"   
+        "SDS" : {
+          "ClusterName" : "<name of SDS cluster>",
+          "CertResource" : "<SDS resource name>"
         }
       }
     }
   ]
-}  
+}
 ```
 
 </Tab>
@@ -465,7 +465,7 @@ If unspecified, the ingress gateway is applied to the `default` namespace. You c
 
 #### Values
 
-- Default: `default`, 
+- Default: `default`,
 - Data type: String
 
 ### `Partition` <EnterpriseAlert inline/>
@@ -481,7 +481,7 @@ If unspecified, the ingress gateway is applied to the `default` partition. You c
 
 ### `Meta`
 
-Defines an arbitrary set of key-value pairs to store in the Consul KV. 
+Defines an arbitrary set of key-value pairs to store in the Consul KV.
 
 #### Values
 
@@ -492,7 +492,7 @@ Defines an arbitrary set of key-value pairs to store in the Consul KV.
 
 ### `TLS`
 
-Specifies the TLS configuration settings for the gateway. 
+Specifies the TLS configuration settings for the gateway.
 
 #### Values
 
@@ -502,18 +502,18 @@ Specifies the TLS configuration settings for the gateway.
   - [`TLSMinVersion`](#tls-tlsminversion)
   - [`TLSMaxVersion`](#tls-tlsmaxversion)
   - [`CipherSuites`](#tls-ciphersuites)
-  - [`SDS`](#tls-sds) 
+  - [`SDS`](#tls-sds)
 
 ### `TLS.Enabled`
 
 Enables and disables TLS for the configuration entry. Set to `true` to enable built-in TLS for every listener on the gateway. TLS is disabled by default.
 
-When enabled, Consul adds each host defined in every service's `Hosts` field to the gateway's x509 certificate as a DNS subject alternative name (SAN). 
+When enabled, Consul adds each host defined in every service's `Hosts` field to the gateway's x509 certificate as a DNS subject alternative name (SAN).
 
 #### Values
 
  - Default: `false`
- - Data type: boolean 
+ - Data type: boolean
 
 ### `TLS.TLSMinVersion`
 
@@ -523,7 +523,7 @@ Specifies the minimum TLS version supported for gateway listeners.
 
 - Default: Depends on the version of Envoy:
   - Envoy v1.22.0 and later: `TLSv1_2`
-  - Older versions: `TLSv1_0` 
+  - Older versions: `TLSv1_0`
 - Data type: String with one of the following values:
   - `TLS_AUTO`
   - `TLSv1_0`
@@ -558,21 +558,21 @@ Specifies a list of cipher suites that gateway listeners support when negotiatin
 
 ### `TSL.SDS`
 
-Specifies parameters for loading the TLS certificates from an external SDS service. Refer to [Serve custom TLS certificates from an external service](/consul/docs/connect/gateways/ingress-gateway/tls-external-service) for additional information. 
+Specifies parameters for loading the TLS certificates from an external SDS service. Refer to [Serve custom TLS certificates from an external service](/consul/docs/connect/gateways/ingress-gateway/tls-external-service) for additional information.
 
 Consul applies the SDS configuration specified in this field as defaults for all listeners defined in the gateway. You can override the SDS settings for per listener or per service defined in the listener. Refer to the following configurations for additional information:
 
 - [`Listeners.TLS.SDS`](#listeners-tls-sds): Configures SDS settings for all services in the listener.
-- [`Listeners.Services.TLS.SDS`](#listeners-services-tls-sds): Configures SDS settings for a specific service defined in the listener. 
+- [`Listeners.Services.TLS.SDS`](#listeners-services-tls-sds): Configures SDS settings for a specific service defined in the listener.
 
 #### Values
 
 - Default: None
-- Data type: Map containing the following fields: 
-  - `ClusterName` 
+- Data type: Map containing the following fields:
+  - `ClusterName`
   - `CertResource`
 
-The following table describes how to configure SDS parameters. 
+The following table describes how to configure SDS parameters.
 
 | Parameter | Description | Data type |
 | ---       | ---         | ---       |
@@ -588,13 +588,13 @@ Specifies default configurations for connecting upstream services.
 - Default: None
 - The data type is a map containing the following parameters:
 
-  - [`MaxConnnections`](#defaults-maxconnections)
+  - [`MaxConnections`](#defaults-maxconnections)
   - [`MaxPendingRequests`](#defaults-maxpendingrequests)
-  - [`MaxConcurrentRequests`](#defaults-maxconcurrentrequests)  
+  - [`MaxConcurrentRequests`](#defaults-maxconcurrentrequests)
 
 ### `Defaults.MaxConnections`
 
-Specifies the maximum number of HTTP/1.1 connections a service instance is allowed to establish against the upstream. 
+Specifies the maximum number of HTTP/1.1 connections a service instance is allowed to establish against the upstream.
 
 #### Values
 
@@ -603,7 +603,7 @@ Specifies the maximum number of HTTP/1.1 connections a service instance is allow
 
 ### `Defaults.MaxPendingRequests`
 
-Specifies the maximum number of requests that are allowed to queue while waiting to establish a connection. Listeners must use an L7 protocol for this configuration to take effect. Refer to [`Listeners.Protocol`](#listeners-protocol). 
+Specifies the maximum number of requests that are allowed to queue while waiting to establish a connection. Listeners must use an L7 protocol for this configuration to take effect. Refer to [`Listeners.Protocol`](#listeners-protocol).
 
 #### Values
 
@@ -612,7 +612,7 @@ Specifies the maximum number of requests that are allowed to queue while waiting
 
 ### `Defaults.MaxConcurrentRequests`
 
-Specifies the maximum number of concurrent HTTP/2 traffic requests that are allowed at a single point in time. Listeners must use an L7 protocol for this configuration to take effect. Refer to [`Listeners.Protocol`](#listeners-protocol). 
+Specifies the maximum number of concurrent HTTP/2 traffic requests that are allowed at a single point in time. Listeners must use an L7 protocol for this configuration to take effect. Refer to [`Listeners.Protocol`](#listeners-protocol).
 
 #### Values
 
@@ -621,7 +621,7 @@ Specifies the maximum number of concurrent HTTP/2 traffic requests that are allo
 
 ### `Defaults.PassiveHealthCheck`
 
-Defines a passive health check configuration. Passive health checks remove hosts from the upstream cluster when they are unreachable or return errors. 
+Defines a passive health check configuration. Passive health checks remove hosts from the upstream cluster when they are unreachable or return errors.
 
 #### Values
 
@@ -651,7 +651,7 @@ Specifies a list of listeners in the mesh for the gateway. Listeners are uniquel
 
 ### `Listeners[].Port`
 
-Specifies the port that the listener receives traffic on. The port is bound to the IP address specified in the [`-address`](/consul/commands/connect/envoy#address) flag when starting the gateway. The listener port must not conflict with the health check port. 
+Specifies the port that the listener receives traffic on. The port is bound to the IP address specified in the [`-address`](/consul/commands/connect/envoy#address) flag when starting the gateway. The listener port must not conflict with the health check port.
 
 #### Values
 
@@ -663,7 +663,7 @@ Specifies the port that the listener receives traffic on. The port is bound to t
 Specifies the protocol associated with the listener. To enable L7 network management capabilities, specify one of the following values:
 
 - `http`
-- `http2` 
+- `http2`
 - `grpc`
 
 #### Values
@@ -673,12 +673,12 @@ Specifies the protocol associated with the listener. To enable L7 network manage
 
   - `tcp`
   - `http`
-  - `http2` 
+  - `http2`
   - `grpc`
 
 ### `Listeners[].Services[]`
 
-Specifies a list of services that the listener exposes to services outside the mesh. Each service must have a unique name. The `Namespace` field is required for Consul Enterprise datacenters. If the [`Listeners.Protocol`] field is set to `tcp`, then Consul can only expose one service. You can expose multiple services if the listener uses any other supported protocol. 
+Specifies a list of services that the listener exposes to services outside the mesh. Each service must have a unique name. The `Namespace` field is required for Consul Enterprise datacenters. If the [`Listeners.Protocol`] field is set to `tcp`, then Consul can only expose one service. You can expose multiple services if the listener uses any other supported protocol.
 
 #### Values
 
@@ -711,7 +711,7 @@ Specifies the name of a service to expose to the listener. You can specify servi
 
 ### `Listeners[].Services[].Namespace` <EnterpriseAlert inline/>
 
-Specifies the namespace to use when resolving the location of the service. 
+Specifies the namespace to use when resolving the location of the service.
 
 #### Values
 
@@ -720,7 +720,7 @@ Specifies the namespace to use when resolving the location of the service.
 
 ### `Listeners[].Services[].Partition` <EnterpriseAlert inline/>
 
-Specifies the admin partition to use when resolving the location of the service. 
+Specifies the admin partition to use when resolving the location of the service.
 
 #### Values
 
@@ -729,18 +729,18 @@ Specifies the admin partition to use when resolving the location of the service.
 
 ### `Listeners[].Services[].Hosts[]`
 
-Specifies one or more hosts that the listening services can receive requests on. The ingress gateway proxies external traffic to the specified services when external requests include `host` headers that match a host specified in this field.  
+Specifies one or more hosts that the listening services can receive requests on. The ingress gateway proxies external traffic to the specified services when external requests include `host` headers that match a host specified in this field.
 
-If unspecified, Consul matches requests to services using the `<service>.ingress.*` domain. You cannot specify a host for listeners that communicate over TCP. You cannot specify a host when service names are specified with a `*` wildcard. Requests must include the correct host for Consul to proxy traffic to the service. 
+If unspecified, Consul matches requests to services using the `<service>.ingress.*` domain. You cannot specify a host for listeners that communicate over TCP. You cannot specify a host when service names are specified with a `*` wildcard. Requests must include the correct host for Consul to proxy traffic to the service.
 
-When TLS is disabled, you can use the `*` wildcard to match all hosts. Disabling TLS may be suitable for testing and learning purposes, but we recommend enabling TLS in production environments. 
+When TLS is disabled, you can use the `*` wildcard to match all hosts. Disabling TLS may be suitable for testing and learning purposes, but we recommend enabling TLS in production environments.
 
 You can use the wildcard in the left-most DNS label to match a set of hosts. For example, `*.example.com` is valid, but `example.*` and `*-suffix.example.com` are invalid.
 
 #### Values
 
 - Default: None
-- Data type: List of strings or `*` 
+- Data type: List of strings or `*`
 
 ### `Listeners[].Services[].RequestHeaders`
 
@@ -757,7 +757,7 @@ Specifies a set of HTTP-specific header modification rules applied to requests r
 
 The following table describes how to configure values for request headers:
 
-| Rule | Description | Data type | 
+| Rule | Description | Data type |
 | ---  | ---         | ---       |
 | `Add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | Map of strings |
 | `Set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | Map of strings |
@@ -782,7 +782,7 @@ Specifies a set of HTTP-specific header modification rules applied to responses
 
 The following table describes how to configure values for request headers:
 
-| Rule | Description | Data type | 
+| Rule | Description | Data type |
 | ---  | ---         | ---       |
 | `Add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | Map of strings |
 | `Set` | Defines a set of key-value pairs to add to the response header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | Map of strings |
@@ -794,18 +794,18 @@ For `Add` and `Set`, if the service is configured to use Envoy as the proxy, the
 
 ### `Listeners[].Services[].TLS`
 
-Specifies a TLS configuration for a specific service. The settings in this configuration overrides the main [`TLS`](#tls) settings for the configuration entry. 
+Specifies a TLS configuration for a specific service. The settings in this configuration overrides the main [`TLS`](#tls) settings for the configuration entry.
 
 #### Values
 
 - Default: None
-- Data type: Map 
+- Data type: Map
 
 ### `Listeners[].Services[].TLS.SDS`
 
-Specifies parameters that configure the listener to load TLS certificates from an external SDS. Refer to [Serve custom TLS certificates from an external service](/consul/docs/connect/gateways/ingress-gateway/tls-external-service) for additional information. 
+Specifies parameters that configure the listener to load TLS certificates from an external SDS. Refer to [Serve custom TLS certificates from an external service](/consul/docs/connect/gateways/ingress-gateway/tls-external-service) for additional information.
 
-This configuration overrides the main [`TLS.SDS`](#tls-sds) settings for configuration entry. If unspecified, Consul applies the top-level [`TLS.SDS`](#tls-sds) settings. 
+This configuration overrides the main [`TLS.SDS`](#tls-sds) settings for configuration entry. If unspecified, Consul applies the top-level [`TLS.SDS`](#tls-sds) settings.
 
 #### Values
 
@@ -823,7 +823,7 @@ The following table describes how to configure SDS parameters. Refer to [Configu
 
 ### `Listeners[].Services[].MaxConnections`
 
-Specifies the maximum number of HTTP/1.1 connections a service instance is allowed to establish against the upstream. 
+Specifies the maximum number of HTTP/1.1 connections a service instance is allowed to establish against the upstream.
 
 When defined, this field overrides the [`Defaults.MaxConnections`](#defaults-maxconnections) configuration.
 
@@ -834,9 +834,9 @@ When defined, this field overrides the [`Defaults.MaxConnections`](#defaults-max
 
 ### `Listeners[].Services.MaxPendingRequests`
 
-Specifies the maximum number of requests that are allowed to queue while waiting to establish a connection. When defined, this field overrides the value specified in the [`Defaults.MaxPendingRequests`](#defaults-maxpendingrequests) field of the configuration entry.  
+Specifies the maximum number of requests that are allowed to queue while waiting to establish a connection. When defined, this field overrides the value specified in the [`Defaults.MaxPendingRequests`](#defaults-maxpendingrequests) field of the configuration entry.
 
-Listeners must use an L7 protocol for this configuration to take effect. Refer to [`Listeners.Protocol`](#listeners-protocol) for more information. 
+Listeners must use an L7 protocol for this configuration to take effect. Refer to [`Listeners.Protocol`](#listeners-protocol) for more information.
 
 #### Values
 
@@ -845,9 +845,9 @@ Listeners must use an L7 protocol for this configuration to take effect. Refer t
 
 ### `Listeners[].Services[].MaxConcurrentRequests`
 
-Specifies the maximum number of concurrent HTTP/2 traffic requests that the service is allowed at a single point in time. This field overrides the value set in the [`Defaults.MaxConcurrentRequests`](#defaults-maxconcurrentrequests) field of the configuration entry.  
+Specifies the maximum number of concurrent HTTP/2 traffic requests that the service is allowed at a single point in time. This field overrides the value set in the [`Defaults.MaxConcurrentRequests`](#defaults-maxconcurrentrequests) field of the configuration entry.
 
-Listeners must use an L7 protocol for this configuration to take effect. Refer to [`Listeners.Protocol`](#listeners-protocol) for more information. 
+Listeners must use an L7 protocol for this configuration to take effect. Refer to [`Listeners.Protocol`](#listeners-protocol) for more information.
 
 #### Values
 
@@ -856,7 +856,7 @@ Listeners must use an L7 protocol for this configuration to take effect. Refer t
 
 ### `Listeners[].Services[].PassiveHealthCheck`
 
-Defines a passive health check configuration for the service. Passive health checks remove hosts from the upstream cluster when the service is unreachable or returns errors. This field overrides the value set in the [`Defaults.PassiveHealthCheck`](#defaults-passivehealthcheck) field of the configuration entry. 
+Defines a passive health check configuration for the service. Passive health checks remove hosts from the upstream cluster when the service is unreachable or returns errors. This field overrides the value set in the [`Defaults.PassiveHealthCheck`](#defaults-passivehealthcheck) field of the configuration entry.
 
 #### Values
 
@@ -873,7 +873,7 @@ The following table describes the configurations for passive health checks:
 
 ### `Listeners[].TLS`
 
-Specifies the TLS configuration for the listener. If unspecified, Consul applies any [service-specific TLS configurations](#listeners-services-tls). If neither the listener- nor service-specific TLS configurations are specified, Consul applies the main [`TLS`](#tls) settings for the configuration entry. 						
+Specifies the TLS configuration for the listener. If unspecified, Consul applies any [service-specific TLS configurations](#listeners-services-tls). If neither the listener- nor service-specific TLS configurations are specified, Consul applies the main [`TLS`](#tls) settings for the configuration entry.
 
 #### Values
 
@@ -887,12 +887,12 @@ Specifies the TLS configuration for the listener. If unspecified, Consul applies
 
 ### `Listeners[].TLS.Enabled`
 
-Set to `true` to enable built-in TLS for the listener. If enabled, Consul adds each host defined in every service's `Hosts` field to the gateway's x509 certificate as a DNS subject alternative name (SAN). 
+Set to `true` to enable built-in TLS for the listener. If enabled, Consul adds each host defined in every service's `Hosts` field to the gateway's x509 certificate as a DNS subject alternative name (SAN).
 
 #### Values
 
  - Default: `false`
- - Data type: boolean 
+ - Data type: boolean
 
 ### `Listeners[].TLS.TLSMinVersion`
 
@@ -902,7 +902,7 @@ Specifies the minimum TLS version supported for the listener.
 
 - Default: Depends on the version of Envoy:
   - Envoy v1.22.0 and later: `TLSv1_2`
-  - Older versions: `TLSv1_0` 
+  - Older versions: `TLSv1_0`
 - Data type: String with one of the following values:
   - `TLS_AUTO`
   - `TLSv1_0`
@@ -932,14 +932,14 @@ Specifies a list of cipher suites that the listener supports when negotiating co
 
 #### Values
 
-- Default: None 
+- Default: None
 - Data type: List of string values. Refer to the [Consul repository](https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169) for a list of supported ciphers.
 
 ### `Listeners[].TLS.SDS`
 
 Specifies parameters for loading the TLS certificates from an external SDS service. Refer to [Serve custom TLS certificates from an external service](/consul/docs/connect/gateways/ingress-gateway/tls-external-service) for additional information.
 
-Consul applies the SDS configuration specified in this field to all services in the listener. You can override the `Listeners.TLS.SDS` configuration per service by configuring the  [`Listeners.Services.TLS.SDS`](#listeners-services-tls-sds) settings for each service. 
+Consul applies the SDS configuration specified in this field to all services in the listener. You can override the `Listeners.TLS.SDS` configuration per service by configuring the  [`Listeners.Services.TLS.SDS`](#listeners-services-tls-sds) settings for each service.
 
 #### Values
 
@@ -963,7 +963,7 @@ Kubernetes-only parameter that specifies the version of the Consul API that the
 
 ### `kind`
 
-Specifies the type of configuration entry to implement. Must be set to `IngressGatewa`.
+Specifies the type of configuration entry to implement. Must be set to `IngressGateway`.
 
 #### Values
 
@@ -973,7 +973,7 @@ Specifies the type of configuration entry to implement. Must be set to `IngressG
 
 ### `metadata`
 
-Specifies metadata for the gateway. 
+Specifies metadata for the gateway.
 
 #### Values
 
@@ -1001,7 +1001,7 @@ If unspecified, the ingress gateway is applied to the `default` namespace. You c
 
 #### Values
 
-- Default: `default`, 
+- Default: `default`,
 - Data type: String
 
 ### `spec`
@@ -1019,7 +1019,7 @@ Kubernetes-only field that contains all of the configurations for ingress gatewa
 
 ### `spec.tls`
 
-Specifies the TLS configuration settings for the gateway. 
+Specifies the TLS configuration settings for the gateway.
 
 #### Values
 
@@ -1029,18 +1029,18 @@ Specifies the TLS configuration settings for the gateway.
   - [`tlsMinVersion`](#spec-tls-tlsminversion)
   - [`tlsMaxVersion`](#spec-tls-tlsmaxversion)
   - [`cipherSuites`](#spec-tls-tlsciphersuites)
-  - [`sds`](#spec-tls-sds) 
+  - [`sds`](#spec-tls-sds)
 
 ### `spec.tls.enabled`
 
 Enables and disables TLS for the configuration entry. Set to `true` to enable built-in TLS for every listener on the gateway. TLS is disabled by default.
 
-When enabled, Consul adds each host defined in every service's `Hosts` field to the gateway's x509 certificate as a DNS subject alternative name (SAN). 
+When enabled, Consul adds each host defined in every service's `Hosts` field to the gateway's x509 certificate as a DNS subject alternative name (SAN).
 
 #### Values
 
  - Default: `false`
- - Data type: boolean 
+ - Data type: boolean
 
 ### `spec.tls.tlsMinVersion`
 
@@ -1050,7 +1050,7 @@ Specifies the minimum TLS version supported for gateway listeners.
 
 - Default: Depends on the version of Envoy:
   - Envoy v1.22.0 and later: `TLSv1_2`
-  - Older versions: `TLSv1_0` 
+  - Older versions: `TLSv1_0`
 - Data type: String with one of the following values:
   - `TLS_AUTO`
   - `TLSv1_0`
@@ -1085,21 +1085,21 @@ Specifies a list of cipher suites that gateway listeners support when negotiatin
 
 ### `spec.tls.sds`
 
-Specifies parameters for loading the TLS certificates from an external SDS service. Refer to [Serve custom TLS certificates from an external service](/consul/docs/connect/gateways/ingress-gateway/tls-external-service) for additional information. 
+Specifies parameters for loading the TLS certificates from an external SDS service. Refer to [Serve custom TLS certificates from an external service](/consul/docs/connect/gateways/ingress-gateway/tls-external-service) for additional information.
 
 Consul applies the SDS configuration specified in this field as defaults for all listeners defined in the gateway. You can override the SDS settings for per listener or per service defined in the listener. Refer to the following configurations for additional information:
 
 - [`spec.listeners.tls.sds`](#spec-listeners-tls-sds): Configures SDS settings for all services in the listener.
-- [`spec.listeners.services.tls.sds`](#spec-listeners-services-tls-sds): Configures SDS settings for a specific service defined in the listener. 
+- [`spec.listeners.services.tls.sds`](#spec-listeners-services-tls-sds): Configures SDS settings for a specific service defined in the listener.
 
 #### Values
 
 - Default: None
-- Data type: Map containing the following fields: 
-  - [`clusterName`] 
+- Data type: Map containing the following fields:
+  - [`clusterName`]
   - [`certResource`]
 
-The following table describes how to configure SDS parameters. 
+The following table describes how to configure SDS parameters.
 
 | Parameter | Description | Data type |
 | ---       | ---         | ---       |
@@ -1115,9 +1115,9 @@ Specifies default configurations for upstream connections.
 - Default: None
 - The data type is a map containing the following parameters:
 
-  - [`maxConnnections`](#spec-defaults-maxconnections)
+  - [`maxConnections`](#spec-defaults-maxconnections)
   - [`maxPendingRequests`](#spec-defaults-maxpendingrequests)
-  - [`maxConcurrentRequests`](#spec-defaults-maxconcurrentrequests)  
+  - [`maxConcurrentRequests`](#spec-defaults-maxconcurrentrequests)
 
 ### `spec.defaults.maxConnections`
 
@@ -1130,7 +1130,7 @@ Specifies the maximum number of HTTP/1.1 connections a service instance is allow
 
 ### `spec.defaults.maxPendingRequests`
 
-Specifies the maximum number of requests that are allowed to queue while waiting to establish a connection. Listeners must use an L7 protocol for this configuration to take effect. Refer to [`spec.listeners.Protocol`](#spec-listeners-protocol). 
+Specifies the maximum number of requests that are allowed to queue while waiting to establish a connection. Listeners must use an L7 protocol for this configuration to take effect. Refer to [`spec.listeners.Protocol`](#spec-listeners-protocol).
 
 If unspecified, Consul uses Envoy's configuration. The default for Envoy is `1024`.
 
@@ -1141,7 +1141,7 @@ If unspecified, Consul uses Envoy's configuration. The default for Envoy is `102
 
 ### `spec.defaults.maxConcurrentRequests`
 
-Specifies the maximum number of concurrent HTTP/2 traffic requests that are allowed at a single point in time. Listeners must use an L7 protocol for this configuration to take effect. Refer to [`spec.listeners.protocol`](#spec-listeners-protocol). 
+Specifies the maximum number of concurrent HTTP/2 traffic requests that are allowed at a single point in time. Listeners must use an L7 protocol for this configuration to take effect. Refer to [`spec.listeners.protocol`](#spec-listeners-protocol).
 
 If unspecified, Consul uses Envoy's configuration. The default for Envoy is `1024`.
 
@@ -1152,7 +1152,7 @@ If unspecified, Consul uses Envoy's configuration. The default for Envoy is `102
 
 ### `spec.defaults.passiveHealthCheck`
 
-Defines a passive health check configuration. Passive health checks remove hosts from the upstream cluster when they are unreachable or return errors. 
+Defines a passive health check configuration. Passive health checks remove hosts from the upstream cluster when they are unreachable or return errors.
 
 #### Values
 
@@ -1182,7 +1182,7 @@ Specifies a list of listeners in the mesh for the gateway. Listeners are uniquel
 
 ### `spec.listeners[].port`
 
-Specifies the port that the listener receives traffic on. The port is bound to the IP address specified in the [`-address`](/consul/commands/connect/envoy#address) flag when starting the gateway. The listener port must not conflict with the health check port. 
+Specifies the port that the listener receives traffic on. The port is bound to the IP address specified in the [`-address`](/consul/commands/connect/envoy#address) flag when starting the gateway. The listener port must not conflict with the health check port.
 
 #### Values
 
@@ -1194,7 +1194,7 @@ Specifies the port that the listener receives traffic on. The port is bound to t
 Specifies the protocol associated with the listener. To enable L7 network management capabilities, specify one of the following values:
 
 - `http`
-- `http2` 
+- `http2`
 - `grpc`
 
 #### Values
@@ -1204,12 +1204,12 @@ Specifies the protocol associated with the listener. To enable L7 network manage
 
   - `tcp`
   - `http`
-  - `http2` 
+  - `http2`
   - `grpc`
 
 ### `spec.listeners[].services[]`
 
-Specifies a list of services that the listener exposes to services outside the mesh. Each service must have a unique name. The `namespace` field is required for Consul Enterprise datacenters. If the listener's [`protocol`](#spec-listeners-protocol) field is set to `tcp`, then Consul can only expose one service. You can expose multiple services if the listener uses any other supported protocol. 
+Specifies a list of services that the listener exposes to services outside the mesh. Each service must have a unique name. The `namespace` field is required for Consul Enterprise datacenters. If the listener's [`protocol`](#spec-listeners-protocol) field is set to `tcp`, then Consul can only expose one service. You can expose multiple services if the listener uses any other supported protocol.
 
 #### Values
 
@@ -1232,7 +1232,7 @@ Specifies a list of services that the listener exposes to services outside the m
 Specifies the name of a service to expose to the listener. You can specify services in the following ways:
 
 - Provide the name of a service registered in the Consul catalog.
-- Provide the name of a service defined in other configuration entries. Refer to [Service Mesh Traffic Management Overview](/consul/docs/connect/l7-traffic) for additional information. Refer to [HTTP listener with path-based routes](#http-listener-with-path-based-routes) for an example.  
+- Provide the name of a service defined in other configuration entries. Refer to [Service Mesh Traffic Management Overview](/consul/docs/connect/l7-traffic) for additional information. Refer to [HTTP listener with path-based routes](#http-listener-with-path-based-routes) for an example.
 - Provide a `*` wildcard to expose all services in the datacenter. Wild cards are not supported for listeners configured for TCP. Refer to [`spec.listeners.protocol`](#spec-listeners-protocol) for additional information.
 
 #### Values
@@ -1242,7 +1242,7 @@ Specifies the name of a service to expose to the listener. You can specify servi
 
 ### `spec.listeners[].services[].namespace` <EnterpriseAlert inline/>
 
-Specifies the namespace to use when resolving the location of the service. 
+Specifies the namespace to use when resolving the location of the service.
 
 #### Values
 
@@ -1251,7 +1251,7 @@ Specifies the namespace to use when resolving the location of the service.
 
 ### `spec.listeners[].services[].partition` <EnterpriseAlert inline/>
 
-Specifies the admin partition to use when resolving the location of the service. 
+Specifies the admin partition to use when resolving the location of the service.
 
 #### Values
 
@@ -1260,18 +1260,18 @@ Specifies the admin partition to use when resolving the location of the service.
 
 ### `spec.listeners[].services[].hosts[]`
 
-Specifies one or more hosts that the listening services can receive requests on. The ingress gateway proxies external traffic to the specified services when external requests include `host` headers that match a host specified in this field.  
+Specifies one or more hosts that the listening services can receive requests on. The ingress gateway proxies external traffic to the specified services when external requests include `host` headers that match a host specified in this field.
 
-If unspecified, Consul matches requests to services using the `<service>.ingress.*` domain. You cannot specify a host for listeners that communicate over TCP. You cannot specify a host when service names are specified with a `*` wildcard. Requests must include the correct host for Consul to proxy traffic to the service. 
+If unspecified, Consul matches requests to services using the `<service>.ingress.*` domain. You cannot specify a host for listeners that communicate over TCP. You cannot specify a host when service names are specified with a `*` wildcard. Requests must include the correct host for Consul to proxy traffic to the service.
 
-When TLS is disabled, you can use the `*` wildcard to match all hosts. Disabling TLS may be suitable for testing and learning purposes, but we recommend enabling TLS in production environments. 
+When TLS is disabled, you can use the `*` wildcard to match all hosts. Disabling TLS may be suitable for testing and learning purposes, but we recommend enabling TLS in production environments.
 
 You can use the wildcard in the left-most DNS label to match a set of hosts. For example, `*.example.com` is valid, but `example.*` and `*-suffix.example.com` are invalid.
 
 #### Values
 
 - Default: None
-- Data type: List of strings or `*` 
+- Data type: List of strings or `*`
 
 ### `spec.listeners[].services[].requestHeaders`
 
@@ -1288,7 +1288,7 @@ Specifies a set of HTTP-specific header modification rules applied to requests r
 
 The following table describes how to configure values for request headers:
 
-| Rule | Description | Data type | 
+| Rule | Description | Data type |
 | ---  | ---         | ---       |
 | `add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | Map of strings |
 | `set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | Map of strings |
@@ -1313,7 +1313,7 @@ Specifies a set of HTTP-specific header modification rules applied to responses
 
 The following table describes how to configure values for request headers:
 
-| Rule | Description | Data type | 
+| Rule | Description | Data type |
 | ---  | ---         | ---       |
 | `add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | Map of strings |
 | `set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | Map of strings |
@@ -1325,18 +1325,18 @@ For `add` and `set`, if the service is configured to use Envoy as the proxy, the
 
 ### `spec.listeners[].services[].tls`
 
-Specifies a TLS configuration for a specific service. The settings in this configuration overrides the main [`tls`](#spec.tls) settings for the configuration entry. 
+Specifies a TLS configuration for a specific service. The settings in this configuration overrides the main [`tls`](#spec.tls) settings for the configuration entry.
 
 #### Values
 
 - Default: None
-- Data type: Map 
+- Data type: Map
 
 ### `spec.listeners[].services[].tls.sds`
 
-Specifies parameters that configure the listener to load TLS certificates from an external SDS. Refer to [Serve custom TLS certificates from an external service](/consul/docs/connect/gateways/ingress-gateway/tls-external-service) for additional information. 
+Specifies parameters that configure the listener to load TLS certificates from an external SDS. Refer to [Serve custom TLS certificates from an external service](/consul/docs/connect/gateways/ingress-gateway/tls-external-service) for additional information.
 
-If unspecified, Consul applies the [`sds`](#spec-tls-sds) settings configured for the ingress gateway. If both are specified, this configuration overrides the settings for configuration entry. 
+If unspecified, Consul applies the [`sds`](#spec-tls-sds) settings configured for the ingress gateway. If both are specified, this configuration overrides the settings for configuration entry.
 
 #### Values
 
@@ -1355,7 +1355,7 @@ The following table describes how to configure SDS parameters. Refer to [Serve c
 
 ### `spec-listeners[].services[].maxConnections`
 
-Specifies the maximum number of HTTP/1.1 connections a service instance is allowed to establish against the upstream. 
+Specifies the maximum number of HTTP/1.1 connections a service instance is allowed to establish against the upstream.
 
 A value specified in this field overrides the [`maxConnections`](#spec-defaults-maxconnections) field specified in the `defaults` configuration.
 
@@ -1366,9 +1366,9 @@ A value specified in this field overrides the [`maxConnections`](#spec-defaults-
 
 ### `spec.listeners[].services.maxPendingRequests`
 
-Specifies the maximum number of requests that are allowed to queue while waiting to establish a connection. A value specified in this field overrides the [`maxPendingRequests`](#spec-defaults-maxpendingrequests) field specified in the `defaults` configuration.  
+Specifies the maximum number of requests that are allowed to queue while waiting to establish a connection. A value specified in this field overrides the [`maxPendingRequests`](#spec-defaults-maxpendingrequests) field specified in the `defaults` configuration.
 
-Listeners must use an L7 protocol for this configuration to take effect. Refer to [`spec.listeners.protocol`](#spec-listeners-protocol) for more information. 
+Listeners must use an L7 protocol for this configuration to take effect. Refer to [`spec.listeners.protocol`](#spec-listeners-protocol) for more information.
 
 #### Values
 
@@ -1377,9 +1377,9 @@ Listeners must use an L7 protocol for this configuration to take effect. Refer t
 
 ### `spec.listeners[].services[].maxConcurrentRequests`
 
-Specifies the maximum number of concurrent HTTP/2 traffic requests that the service is allowed at a single point in time. A value specified in this field overrides the [`maxConcurrentRequests`](#spec-defaults-maxconcurrentrequests) field specified in the `defaults` configuration entry.  
+Specifies the maximum number of concurrent HTTP/2 traffic requests that the service is allowed at a single point in time. A value specified in this field overrides the [`maxConcurrentRequests`](#spec-defaults-maxconcurrentrequests) field specified in the `defaults` configuration entry.
 
-Listeners must use an L7 protocol for this configuration to take effect. Refer to [`spec.listeners.protocol`](#spec-listeners-protocol) for more information. 
+Listeners must use an L7 protocol for this configuration to take effect. Refer to [`spec.listeners.protocol`](#spec-listeners-protocol) for more information.
 
 #### Values
 
@@ -1388,7 +1388,7 @@ Listeners must use an L7 protocol for this configuration to take effect. Refer t
 
 ### `spec.listeners[].services[].passiveHealthCheck`
 
-Defines a passive health check configuration for the service. Passive health checks remove hosts from the upstream cluster when the service is unreachable or returns errors. Health checks specified for services override the health checks defined in the  [`spec.defaults.passiveHealthCheck`](#spec-defaults-passivehealthcheck) configuration. 
+Defines a passive health check configuration for the service. Passive health checks remove hosts from the upstream cluster when the service is unreachable or returns errors. Health checks specified for services override the health checks defined in the  [`spec.defaults.passiveHealthCheck`](#spec-defaults-passivehealthcheck) configuration.
 
 #### Values
 
@@ -1405,7 +1405,7 @@ The following table describes the configurations for passive health checks:
 
 ### `spec.listeners[].tls`
 
-Specifies the TLS configuration for the listener. If unspecified, Consul applies any [service-specific TLS configurations](#spec-listeners-services-tls). If neither the listener- nor service-specific TLS configurations are specified, Consul applies the main [`tls`](#tls) settings for the configuration entry. 						
+Specifies the TLS configuration for the listener. If unspecified, Consul applies any [service-specific TLS configurations](#spec-listeners-services-tls). If neither the listener- nor service-specific TLS configurations are specified, Consul applies the main [`tls`](#tls) settings for the configuration entry.
 
 #### Values
 
@@ -1419,12 +1419,12 @@ Specifies the TLS configuration for the listener. If unspecified, Consul applies
 
 ### `spec.listeners[].tls.enabled`
 
-Set to `true` to enable built-in TLS for the listener. If enabled, Consul adds each host defined in every service's `Hosts` field to the gateway's x509 certificate as a DNS subject alternative name (SAN). 
+Set to `true` to enable built-in TLS for the listener. If enabled, Consul adds each host defined in every service's `Hosts` field to the gateway's x509 certificate as a DNS subject alternative name (SAN).
 
 #### Values
 
  - Default: `false`
- - Data type: boolean 
+ - Data type: boolean
 
 ### `spec.listeners[].tls.tlsMinVersion`
 
@@ -1434,7 +1434,7 @@ Specifies the minimum TLS version supported for the listener.
 
 - Default: Depends on the version of Envoy:
   - Envoy v1.22.0 and later: `TLSv1_2`
-  - Older versions: `TLSv1_0` 
+  - Older versions: `TLSv1_0`
 - Data type: String with one of the following values:
   - `TLS_AUTO`
   - `TLSv1_0`
@@ -1464,20 +1464,20 @@ Specifies a list of cipher suites that the listener supports when negotiating co
 
 #### Values
 
-- Default: None 
+- Default: None
 - Data type: List of string values. Refer to the [Consul repository](https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169) for a list of supported ciphers.
 
 ### `spec.listeners[].tls.sds`
 
 Specifies parameters for loading the TLS certificates from an external SDS service. Refer to [Serve custom TLS certificates from an external service](/consul/docs/connect/gateways/ingress-gateway/tls-external-service) for additional information.
 
-Consul applies the SDS configuration specified in this field to all services in the listener. You can override the `spec.listeners[].tls.sds` configuration per service by configuring the  [`spec.listeners.services.tls.sds`](#spec-listeners-services-tls-sds) settings for each service. 
+Consul applies the SDS configuration specified in this field to all services in the listener. You can override the `spec.listeners[].tls.sds` configuration per service by configuring the  [`spec.listeners.services.tls.sds`](#spec-listeners-services-tls-sds) settings for each service.
 
 #### Values
 
 - Default: None
-- Data type: Map containing the following fields 
-  - `clusterName` 
+- Data type: Map containing the following fields
+  - `clusterName`
   - `certResource`
 
 The following table describes how to configure SDS parameters. Refer to [Configure static SDS clusters](/consul/docs/connect/gateways/ingress-gateway/tls-external-service#configure-static-sds-clusters) for usage information:
@@ -1493,9 +1493,9 @@ The following table describes how to configure SDS parameters. Refer to [Configu
 
 ## Examples
 
-Refer to the following examples for common ingress gateway configuration patterns:  
+Refer to the following examples for common ingress gateway configuration patterns:
 - [Define a TCP listener](#define-a-tcp-listener)
-- [Use wildcards to define listeners](#use-wilcards-to-define-an-http-listener)
+- [Use wildcards to define listeners](#use-wildcards-to-define-an-http-listener)
 - [HTTP listener with path-based routes](#http-listener-with-path-based-routes)
 
 ### Define a TCP listener
@@ -1845,4 +1845,4 @@ spec:
 }
 ```
 
-</CodeTabs>
\ No newline at end of file
+</CodeTabs>
diff --git a/website/content/docs/connect/config-entries/jwt-provider.mdx b/website/content/docs/connect/config-entries/jwt-provider.mdx
index 43cfee2e5e9c..9ab8214cce6f 100644
--- a/website/content/docs/connect/config-entries/jwt-provider.mdx
+++ b/website/content/docs/connect/config-entries/jwt-provider.mdx
@@ -80,7 +80,7 @@ The following list outlines field hierarchy, language-specific data types, and r
     - [`remote`](#spec-jsonwebkeyset-remote): map
       - [`uri`](#spec-jsonwebkeyset-remote-uri): string
       - [`requestTimeoutMs`](#spec-jsonwebkeyset-remote-requesttimeoutms): integer
-      - [`cacheDuration`](#spec-jsonwebkeyset-remote-cacheduration): string | `5m` 
+      - [`cacheDuration`](#spec-jsonwebkeyset-remote-cacheduration): string | `5m`
       - [`fetchAsynchronously`](#spec-jsonwebkeyset-remote-fetchasynchronously): boolean | `false`
       - [`retryPolicy`](#spec-jsonwebkeyset-remote-retrypolicy): map
         - [`numRetries`](#spec-jsonwebkeyset-remote-retrypolicy-numretries): integer | `0`
@@ -156,7 +156,7 @@ JSONWebKeySet = {
             # specify only one child: TrustedCA or CaCertificateProviderInstance
             TLSCertificates = {
               # specify only one child: Filename, EnvironmentVariable, InlineString or InlineBytes
-              TrustedCA = {                                
+              TrustedCA = {
                 Filename = "<path/to/cert/file>"
                 EnvironmentVariable = "<env-variable>"
                 InlineString = "<inline-string>"
@@ -240,7 +240,7 @@ CacheConfig = {
               "TrustedCA": {
                 "Filename": "<path/to/cert/file>",
                 "EnvironmentVariable": "<env-variable>",
-                "InlineString": "<inline-string>",      
+                "InlineString": "<inline-string>",
                 "InlineBytes": "\302\000\302\302\302\302"
             },
             "TLSCertificates": {
@@ -317,17 +317,17 @@ spec:                                             # required
         tlsCertificates:
           # specify only one child: filename, environmentVariable, inlineString or inlineBytes
           trustedCA:
-            filename: <path/to/cert/file>           
+            filename: <path/to/cert/file>
             environmentVariable: <env-variable>
             inlineString: <inline-string>
-            inlineBytes: \302\000\302\302\302\302   
+            inlineBytes: \302\000\302\302\302\302
         tlsCertificates:
           caCertificateProviderInstance:
             instanceName: <instance-name>
             certificateName: <certificate-name>
   audiences: [<aud-claims>]
-  locations: 
-    header: 
+  locations:
+    header:
       name: <name-of-header-with-token>
       valuePrefix: "<prefix-in-header-before-token>"
       forward: false
@@ -335,7 +335,7 @@ spec:                                             # required
       name: "<name-of-query-parameter-with-token>"
     cookie:
       name: "<name-of-cookie-with-token>"
-  forwarding: 
+  forwarding:
     headerName: "<name-appended-to-forwarding-header>"
     padForwardPayloadHeader: false
   clockSkewSeconds: 30
@@ -435,8 +435,8 @@ Specifies a remote source for the JSON Web Key Set and configures behavior when
 - Data type: Map that can contain the following parameters:
 
   - [`URI`](#jsonwebkeyset-remote-uri)
-  - [`RequestTimeoutMs`](#jsonwebkeyset-remote-requesttimeoutms) 
-  - [`CacheDuration`](#jsonwebkeyset-remote-cacheduration) 
+  - [`RequestTimeoutMs`](#jsonwebkeyset-remote-requesttimeoutms)
+  - [`CacheDuration`](#jsonwebkeyset-remote-cacheduration)
   - [`FetchAsynchronously`](#jsonwebkeyset-remote-fetchasynchronously)
   - [`RetryPolicy`](#jsonwebkeyset-remote-retrypolicy)
   - [`JWKSCluster`](#jsonwebkeyset-remote-jwkscluster)
@@ -504,7 +504,7 @@ Specifies the number of times to attempt to fetch the JSON Web Key Set when the
 
 ### `JSONWebKeySet{}.Remote{}.RetryPolicy{}.RetryPolicyBackoff`
 
-Specifies a jittered exponential backoff strategy. When this field is empty, Envoy's default policy is used. This policy has a 1 second base interval and a 10 second max interval. 
+Specifies a jittered exponential backoff strategy. When this field is empty, Envoy's default policy is used. This policy has a 1 second base interval and a 10 second max interval.
 
 #### Values
 
@@ -534,10 +534,10 @@ Defines how Envoy fetches the remote JSON Web Key Set URI.
 
 Specifies the service discovery type to use for resolving the cluster.
 You can specify the following discovery types:
-- `STRICT_DNS` 
-- `STATIC` 
-- `LOGICAL_DNS` 
-- `EDS` 
+- `STRICT_DNS`
+- `STATIC`
+- `LOGICAL_DNS`
+- `EDS`
 - `ORIGINAL_DST`
 
 #### Values
@@ -571,7 +571,7 @@ You cannot specify [`TLSCertificates{}.CaCertificateProviderInstance`](#jsonwebk
 
 ### `JSONWebKeySet{}.Remote{}.JWKSCluster{}.TLSCertificates{}.CaCertificateProviderInstance`
 
-Speficies the certificate provider instance for fetching TLS certificates.
+Specifies the certificate provider instance for fetching TLS certificates.
 
 #### Values
 
@@ -582,13 +582,13 @@ Speficies the certificate provider instance for fetching TLS certificates.
 | :-------- | :------------------------------------------------- | :-------- | :------------ |
 | `InstanceName`| Refers to the certificate provider instance name. | String | `default` |
 | `CertificateName` | Specifies the certificate instances or types. For example, use `ROOTCA` to specify a root-certificate. | String | None |
- 
+
 ### `JSONWebKeySet{}.Remote{}.JWKSCluster{}.TLSCertificates{}.TrustedCA`
 
 Specifies TLS certificate data containing certificate authority certificates. Specify exactly one of the following data holders:
-- `Filename` 
-- `EnvironmentVariable` 
-- `InlineString` 
+- `Filename`
+- `EnvironmentVariable`
+- `InlineString`
 - `InlineBytes`
 
 #### Values
@@ -614,7 +614,7 @@ Specifies a set of audiences that the JWT is allowed to access, formatted as a l
 
 ### `Locations`
 
-Specifies the locations in requests where the JWT can be found. Envoy checks all of these locations to extract a JWT. 
+Specifies the locations in requests where the JWT can be found. Envoy checks all of these locations to extract a JWT.
 
 This field can specify token locations in a header, a query parameter, or a cookie. When no locations are specified, Envoy defaults to the following locations:
 
@@ -725,7 +725,7 @@ The header value is base64 URL encoded. It is not padded by default.
 
 ### `Forwarding{}.PadForwardPayloadHeader`
 
-Determines whether to add padding to the base64 encoded token specified in [`Forwarding{}.HeaderName`](#forwarding-header-name). 
+Determines whether to add padding to the base64 encoded token specified in [`Forwarding{}.HeaderName`](#forwarding-header-name).
 
 By default, this field is set to `false`.
 
@@ -736,7 +736,7 @@ By default, this field is set to `false`.
 
 ### `ClockSkewSeconds`
 
-Specifies the maximum allowable time difference from clock skew when validating the JSON web token’s `exp` (expiration) and `nbf`  (not before) claims, measured in seconds. 
+Specifies the maximum allowable time difference from clock skew when validating the JSON web token’s `exp` (expiration) and `nbf`  (not before) claims, measured in seconds.
 
 By default, this parameter is configured to 30 seconds.
 
@@ -949,7 +949,7 @@ Specifies the number of times to attempt to fetch the JSON Web Key Set when the
 
 ### `spec.jsonWebKeySet.remote.retryPolicy.retryPolicyBackoff`
 
-Specifies a jittered exponential backoff strategy. When this field is empty, Envoy's default policy is used. This policy has a 1 second base interval and a 10 second max interval. 
+Specifies a jittered exponential backoff strategy. When this field is empty, Envoy's default policy is used. This policy has a 1 second base interval and a 10 second max interval.
 
 #### Values
 
@@ -977,11 +977,11 @@ Defines how Envoy fetches the remote JSON Web Key Set URI.
 ### `spec.jsonWebKeySet.remote.jwksCluster.discoveryType`
 
 Specifies the service discovery type to use for resolving the cluster.
-You can specify the following discovery types: 
-- `STRICT_DNS` 
-- `STATIC` 
-- `LOGICAL_DNS` 
-- `EDS` 
+You can specify the following discovery types:
+- `STRICT_DNS`
+- `STATIC`
+- `LOGICAL_DNS`
+- `EDS`
 - `ORIGINAL_DST`
 
 String values must be a valid [Cluster DiscoveryType](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-enum-config-cluster-v3-cluster-discoverytype).
@@ -1017,7 +1017,7 @@ You cannot specify [`spec.tlsCertificates.caCertificateProviderInstance`](#spec-
 
 ### `spec.jsonWebKeySet.remote.jwksCluster.tlsCertificates.caCertificateProviderInstance`
 
-Speficies the certificate provider instance for fetching TLS certificates.
+Specifies the certificate provider instance for fetching TLS certificates.
 
 #### Values
 
@@ -1028,13 +1028,13 @@ Speficies the certificate provider instance for fetching TLS certificates.
 | :-------- | :------------------------------------------------- | :-------- | :------------ |
 | `instanceName`| Refers to the certificate provider instance name. | String | `default` |
 | `certificateName` | Specifies the certificate instances or types. For example, use `ROOTCA` to specify a root-certificate. | String | None |
- 
+
 ### `spec.jsonWebKeySet.remote.jwksCluster.tlsCertificates.trustedCA`
 
 Specifies TLS certificate data containing certificate authority certificates. Specify exactly one of the following data holders:
-- `Filename` 
-- `EnvironmentVariable` 
-- `InlineString` 
+- `Filename`
+- `EnvironmentVariable`
+- `InlineString`
 - `InlineBytes`
 
 #### Values
@@ -1171,7 +1171,7 @@ The header value is base64 URL encoded. It is not padded by default.
 
 ### `spec.forwarding.padForwardPayloadHeader`
 
-Determines whether to add padding to the base64 encoded token specified in [spec.forwarding.headerName`](#spec-forwarding-header-name). 
+Determines whether to add padding to the base64 encoded token specified in [spec.forwarding.headerName`](#spec-forwarding-header-name).
 
 By default, this field is set to `false`.
 
@@ -1182,7 +1182,7 @@ By default, this field is set to `false`.
 
 ### `spec.clockSkewSeconds`
 
-Specifies the maximum allowable time difference from clock skew when validating the JSON web token’s `exp` (expiration) and `nbf`  (not before) claims, measured in seconds. 
+Specifies the maximum allowable time difference from clock skew when validating the JSON web token’s `exp` (expiration) and `nbf`  (not before) claims, measured in seconds.
 
 By default, this parameter is configured to 30 seconds.
 
diff --git a/website/content/docs/connect/config-entries/service-defaults.mdx b/website/content/docs/connect/config-entries/service-defaults.mdx
index 9787d39b3749..648271c684c9 100644
--- a/website/content/docs/connect/config-entries/service-defaults.mdx
+++ b/website/content/docs/connect/config-entries/service-defaults.mdx
@@ -17,8 +17,8 @@ The following outline shows how to format the service defaults configuration ent
 
 - [`Kind`](#kind): string | required
 - [`Name`](#name): string | required
-- [`Namespace`](#namespace): string  <EnterpriseAlert inline /> 
-- [`Partition`](#partition): string  <EnterpriseAlert inline /> 
+- [`Namespace`](#namespace): string  <EnterpriseAlert inline />
+- [`Partition`](#partition): string  <EnterpriseAlert inline />
 - [`Meta`](#meta): map | no default
 - [`Protocol`](#protocol): string | default: `tcp`
 - [`BalanceInboundConnections`](#balanceinboundconnections): string | no default
@@ -32,8 +32,8 @@ The following outline shows how to format the service defaults configuration ent
     - [`ConnectTimeoutMs`](#upstreamconfig-overrides-connecttimeoutms): int | default: `5000`
     - [`MeshGateway`](#upstreamconfig-overrides-meshgateway): map | no default
       - [`mode`](#upstreamconfig-overrides-meshgateway): string | no default
-    - [`BalanceOutboundConnections`](#upstreamconfig-overrides-balanceoutboundconnections): string | no default 
-    - [`Limits`](#upstreamconfig-overrides-limits): map | optional 
+    - [`BalanceOutboundConnections`](#upstreamconfig-overrides-balanceoutboundconnections): string | no default
+    - [`Limits`](#upstreamconfig-overrides-limits): map | optional
       - [`MaxConnections`](#upstreamconfig-overrides-limits): integer | `0`
       - [`MaxPendingRequests`](#upstreamconfig-overrides-limits): integer | `0`
       - [`MaxConcurrentRequests`](#upstreamconfig-overrides-limits): integer | `0`
@@ -46,15 +46,15 @@ The following outline shows how to format the service defaults configuration ent
     - [`ConnectTimeoutMs`](#upstreamconfig-defaults-connecttimeoutms): int | default: `5000`
     - [`MeshGateway`](#upstreamconfig-defaults-meshgateway): map | no default
       - [`mode`](#upstreamconfig-defaults-meshgateway): string | no default
-    - [`BalanceOutboundConnections`](#upstreamconfig-defaults-balanceoutboundconnections): string | no default 
-    - [`Limits`](#upstreamconfig-defaults-limits): map | optional 
+    - [`BalanceOutboundConnections`](#upstreamconfig-defaults-balanceoutboundconnections): string | no default
+    - [`Limits`](#upstreamconfig-defaults-limits): map | optional
       - [`MaxConnections`](#upstreamconfig-defaults-limits): integer | `0`
       - [`MaxPendingRequests`](#upstreamconfig-defaults-limits): integer | `0`
       - [`MaxConcurrentRequests`](#upstreamconfig-defaults-limits): integer | `0`
     - [`PassiveHealthCheck`](#upstreamconfig-defaults-passivehealthcheck): map | optional
       - [`Interval`](#upstreamconfig-defaults-passivehealthcheck): string | `0s`
       - [`MaxFailures`](#upstreamconfig-defaults-passivehealthcheck): integer | `0`
-      - [`EnforcingConsecutive5xx`](#upstreamconfig-defaults-passivehealthcheck): integer | 
+      - [`EnforcingConsecutive5xx`](#upstreamconfig-defaults-passivehealthcheck): integer |
 - [`TransparentProxy`](#transparentproxy): map | no default
   - [`OutboundListenerPort`](#transparentproxy): integer | `15001`
   - [`DialedDirectly`](#transparentproxy  ): boolean | `false`
@@ -87,7 +87,7 @@ The following outline shows how to format the service defaults configuration ent
 - [`kind`](#kind): string | no default
 - [`metadata`](#metadata): map | no default
   - [`name`](#name): string | no default
-  - [`namespace`](#namespace): string | no default | <EnterpriseAlert inline /> 
+  - [`namespace`](#namespace): string | no default | <EnterpriseAlert inline />
 - [`spec`](#spec): map | no default
   - [`protocol`](#protocol): string | default: `tcp`
   - [`balanceInboundConnections`](#balanceinboundconnections): string | no default
@@ -101,8 +101,8 @@ The following outline shows how to format the service defaults configuration ent
       - [`connectTimeoutMs`](#upstreamconfig-overrides-connecttimeoutms): int | default: `5000`
       - [`meshGateway`](#upstreamconfig-overrides-meshgateway): map | no default
         - [`mode`](#upstreamconfig-overrides-meshgateway): string | no default
-      - [`balanceOutboundConnections`](#overrides-balanceoutboundconnections): string | no default 
-      - [`limits`](#upstreamconfig-overrides-limits): map | optional 
+      - [`balanceOutboundConnections`](#overrides-balanceoutboundconnections): string | no default
+      - [`limits`](#upstreamconfig-overrides-limits): map | optional
         - [`maxConnections`](#upstreamconfig-overrides-limits): integer | `0`
         - [`maxPendingRequests`](#upstreamconfig-overrides-limits): integer | `0`
         - [`maxConcurrentRequests`](#upstreamconfig-overrides-limits): integer | `0`
@@ -115,15 +115,15 @@ The following outline shows how to format the service defaults configuration ent
       - [`connectTimeoutMs`](#upstreamconfig-defaults-connecttimeoutms): int | default: `5000`
       - [`meshGateway`](#upstreamconfig-defaults-meshgateway): map | no default
         - [`mode`](#upstreamconfig-defaults-meshgateway): string | no default
-      - [`balanceOutboundConnections`](#upstreamconfig-defaults-balanceoutboundconnections): string | no default 
-      - [`limits`](#upstreamconfig-defaults-limits): map | optional 
+      - [`balanceOutboundConnections`](#upstreamconfig-defaults-balanceoutboundconnections): string | no default
+      - [`limits`](#upstreamconfig-defaults-limits): map | optional
         - [`maxConnections`](#upstreamconfig-defaults-limits): integer | `0`
         - [`maxPendingRequests`](#upstreamconfig-defaults-limits): integer | `0`
         - [`maxConcurrentRequests`](#upstreamconfig-defaults-limits): integer | `0`
       - [`passiveHealthCheck`](#upstreamconfig-defaults-passivehealthcheck): map | optional
         - [`interval`](#upstreamconfig-defaults-passivehealthcheck): string | `0s`
         - [`maxFailures`](#upstreamconfig-defaults-passivehealthcheck): integer | `0`
-        - [`enforcingConsecutive5xx`](#upstreamconfig-defaults-passivehealthcheck): integer | 
+        - [`enforcingConsecutive5xx`](#upstreamconfig-defaults-passivehealthcheck): integer |
   - [`transparentProxy`](#transparentproxy): map | no default
     - [`outboundListenerPort`](#transparentproxy): integer | `15001`
     - [`dialedDirectly`](#transparentproxy): boolean | `false`
@@ -249,15 +249,15 @@ Expose = {
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ServiceDefaults
-metadata: 
+metadata:
   name: <name of the service you are configuring>
   namespace: <Consul Enterprise namespace>
-spec: 
+spec:
   protocol: tcp
-  balanceInboundConnnections: exact_balance
+  balanceInboundConnections: exact_balance
   mode: transparent
   upstreamConfig:
-    overrides: 
+    overrides:
     - name: <name of upstream>
       namespace: <namespace containing upstream - Consul Enterprise>
       peer: <peer name of the upstream service>
@@ -266,25 +266,25 @@ spec:
       meshGateway:
         mode: <type of mesh gateway>
       balanceOutboundConnections: exact_balance
-      limits: 
+      limits:
         maxConnections: 0
         maxPendingRequests: 0
         maxConcurrentRequests: 0
-      passiveHealthCheck: 
+      passiveHealthCheck:
         interval: 0s
         maxFailures: 0
         enforcingConsecutive5xx: 100
-    defaults: 
+    defaults:
       protocol: <protocol for the upstream listener>
       connectTimeoutMs: 5000
       meshGateway:
         mode: <type of mesh gateway>
       balanceOutboundConnections: exact_balance
-      limits: 
+      limits:
         maxConnections: 0
         maxPendingRequests: 0
         maxConcurrentRequests: 0
-      passiveHealthCheck: 
+      passiveHealthCheck:
         interval: 0s
         maxFailures: 0
         enforcingConsecutive5xx: 100
@@ -301,9 +301,9 @@ spec:
   meshGateway:
     mode: <type of mesh gateway>
   externalSNI: <name of TLS SNI outside o f the mesh>
-  expose: 
+  expose:
     checks: false
-    paths: 
+    paths:
     - path: <HTTP path to expose through Envoy>
       localPathPort: 0
       listenerPort: 0
@@ -325,7 +325,7 @@ spec:
   },
   "spec": {
     "protocol": "tcp",
-    "balanceInboundConnnections": "exact_balance",
+    "balanceInboundConnections": "exact_balance",
     "mode": "transparent",
     "upstreamConfig": {
       "overrides": [
@@ -408,7 +408,7 @@ spec:
 
 ## Specification
 
-This section provides details about the fields you can configure in the service defaults configuration entry. 
+This section provides details about the fields you can configure in the service defaults configuration entry.
 
 <Tabs>
 <Tab heading="HCL" group="hcl">
@@ -425,7 +425,7 @@ Specifies the configuration entry type.
 
 ### `Name`
 
-Specifies the name of the service you are setting the defaults for. 
+Specifies the name of the service you are setting the defaults for.
 
 #### Values
 
@@ -435,7 +435,7 @@ Specifies the name of the service you are setting the defaults for.
 
 ### `Namespace` <Enterprise/>
 
-Specifies the Consul namespace that the configuration entry applies to. 
+Specifies the Consul namespace that the configuration entry applies to.
 
 #### Values
 
@@ -453,7 +453,7 @@ Specifies the name of the name of the Consul admin partition that the configurat
 
 ### `Meta`
 
-Specifies a set of custom key-value pairs to add to the [Consul KV](/consul/docs/dynamic-app-config/kv) store. 
+Specifies a set of custom key-value pairs to add to the [Consul KV](/consul/docs/dynamic-app-config/kv) store.
 
 #### Values
 
@@ -467,26 +467,26 @@ Specifies a set of custom key-value pairs to add to the [Consul KV](/consul/docs
 Specifies the default protocol for the service. In service mesh use cases, the `protocol` configuration is required to enable the following features and components:
 
 - [observability](/consul/docs/connect/observability)
-- [service splitter configuration entry](/consul/docs/connect/config-entries/service-splitter) 
-- [service router configuration entry](/consul/docs/connect/config-entries/service-router) 
+- [service splitter configuration entry](/consul/docs/connect/config-entries/service-splitter)
+- [service router configuration entry](/consul/docs/connect/config-entries/service-router)
 - [L7 intentions](/consul/docs/connect/intentions#l7-traffic-intentions)
 
-You can set the global protocol for proxies in the [`proxy-defaults`](/consul/docs/connect/config-entries/proxy-defaults#default-protocol) configuration entry, but the protocol specified in the `service-defaults` configuration entry overrides the `proxy-defaults` configuration.    
+You can set the global protocol for proxies in the [`proxy-defaults`](/consul/docs/connect/config-entries/proxy-defaults#default-protocol) configuration entry, but the protocol specified in the `service-defaults` configuration entry overrides the `proxy-defaults` configuration.
 
 #### Values
 
 - Default: `tcp`
-- You can speciyf one of the following string values:
+- You can specify one of the following string values:
   - `tcp` (default)
-  - `http` 
+  - `http`
   - `http2`
-  - `grpc` 
+  - `grpc`
 
 Refer to [Set the default protocol](#set-the-default-protocol) for an example configuration.
 
 ### `BalanceInboundConnections`
 
-Specifies the strategy for allocating inbound connections to the service across Envoy proxy threads. The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details. 
+Specifies the strategy for allocating inbound connections to the service across Envoy proxy threads. The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details.
 
 #### Values
 
@@ -495,17 +495,17 @@ Specifies the strategy for allocating inbound connections to the service across
 
 ### `Mode`
 
-Specifies a mode for how the service directs inbound and outbound traffic. 
+Specifies a mode for how the service directs inbound and outbound traffic.
 
 - Default: none
 - You can specify the following string values:
-  - `direct`: The proxy's listeners must be dialed directly by the local application and other proxies. 
-  - `transparent`: The service captures inbound and outbound traffic and redirects it through the proxy. The mode does not enable the traffic redirection. It instructs Consul to configure Envoy as if traffic is already being redirected. 
+  - `direct`: The proxy's listeners must be dialed directly by the local application and other proxies.
+  - `transparent`: The service captures inbound and outbound traffic and redirects it through the proxy. The mode does not enable the traffic redirection. It instructs Consul to configure Envoy as if traffic is already being redirected.
 
 
 ### `UpstreamConfig`
 
-Controls default upstream connection settings and custom overrides for individual upstream services. If your network contains federated datacenters, individual upstream configurations apply to all pairs of source and upstream destination services in the network. Refer to the following fields for details: 
+Controls default upstream connection settings and custom overrides for individual upstream services. If your network contains federated datacenters, individual upstream configurations apply to all pairs of source and upstream destination services in the network. Refer to the following fields for details:
 
 - [`UpstreamConfig.Overrides`](#upstreamconfig-overrides)
 - [`UpstreamConfig.Defaults`](#upstreamconfig-defaults)
@@ -517,7 +517,7 @@ Controls default upstream connection settings and custom overrides for individua
 
 ### `UpstreamConfig.Overrides[]`
 
-Specifies options that override the [default upstream configurations](#upstreamconfig-defaults) for individual upstreams. 
+Specifies options that override the [default upstream configurations](#upstreamconfig-defaults) for individual upstreams.
 
 #### Values
 
@@ -535,7 +535,7 @@ Specifies the name of the upstream service that the configuration applies to. We
 
 ### `UpstreamConfig.Overrides[].Namespace` <Enterprise/>
 
-Specifies the namespace containing the upstream service that the configuration applies to. Do not use the `*` wildcard to prevent the configuration from appling to unintended upstreams.
+Specifies the namespace containing the upstream service that the configuration applies to. Do not use the `*` wildcard to prevent the configuration from applying to unintended upstreams.
 
 #### Values
 
@@ -552,7 +552,7 @@ Specifies the peer name of the upstream service that the configuration applies t
 - Data type: string
 
 ### `UpstreamConfig.Overrides[].Protocol`
-Specifies the protocol to use for requests to the upstream listener. 
+Specifies the protocol to use for requests to the upstream listener.
 
 We recommend configuring the protocol in the main [`Protocol`](#protocol) field of the configuration entry so that you can leverage [L7 features](/consul/docs/connect/l7-traffic). Setting the protocol in an upstream configuration limits L7 management functionality.
 
@@ -564,7 +564,7 @@ We recommend configuring the protocol in the main [`Protocol`](#protocol) field
 
 ### `UpstreamConfig.Overrides[].ConnectTimeoutMs`
 
-Specifies how long in milliseconds that the service should attempt to establish an upstream connection before timing out. 
+Specifies how long in milliseconds that the service should attempt to establish an upstream connection before timing out.
 
 We recommend configuring the upstream timeout in the [`connection_timeout`](/consul/docs/connect/config-entries/service-resolver#connecttimeout) field of the `service-resolver` configuration entry for the upstream destination service. Doing so enables you to leverage [L7 features](/consul/docs/connect/l7-traffic). Configuring the timeout in the `service-defaults` upstream configuration limits L7 management functionality.
 
@@ -575,31 +575,31 @@ We recommend configuring the upstream timeout in the [`connection_timeout`](/con
 
 ### `UpstreamConfig.Overrides[].MeshGateway`
 
-Map that contains the default mesh gateway `mode` field for the upstream. Refer to [Service Mesh Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration) in the mesh gateway documentation for additional information. 
+Map that contains the default mesh gateway `mode` field for the upstream. Refer to [Service Mesh Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration) in the mesh gateway documentation for additional information.
 
 #### Values
 
 - Default: `none`
 - You can specify the following string values for the `mode` field:
   - `none`: The service does not make outbound connections through a mesh gateway. Instead, the service makes outbound connections directly to the destination services.
-  - `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter. 
-  - `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.  
+  - `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter.
+  - `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.
 
 
 ### `UpstreamConfig.Overrides[].BalanceOutboundConnections`
 
-Sets the strategy for allocating outbound connections from the upstream across Envoy proxy threads. 
+Sets the strategy for allocating outbound connections from the upstream across Envoy proxy threads.
 
 #### Values
 
-The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details. 
+The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details.
 
 - Default: none
 - Data type: string
 
 ### `UpstreamConfig.Overrides[].Limits`
 
-Map that specifies a set of limits to apply to when connecting to individual upstream services. 
+Map that specifies a set of limits to apply to when connecting to individual upstream services.
 
 #### Values
 
@@ -615,7 +615,7 @@ Refer to the [upstream configuration example](#upstream-configuration) for addit
 
 ### `UpstreamConfig.Overrides[].PassiveHealthCheck`
 
-Map that specifies a set of rules that enable Consul to remove hosts from the upstream cluster that are unreachable or that return errors. 
+Map that specifies a set of rules that enable Consul to remove hosts from the upstream cluster that are unreachable or that return errors.
 
 #### Values
 
@@ -629,7 +629,7 @@ The following table describes passive health check parameters you can configure:
 
 ### `UpstreamConfig.Defaults`
 
-Specifies configurations that set default upstream settings. For information about overriding the default configurations for in for individual upstreams, refer to [`UpstreamConfig.Overrides`](#upstreamconfig-overrides). 
+Specifies configurations that set default upstream settings. For information about overriding the default configurations for in for individual upstreams, refer to [`UpstreamConfig.Overrides`](#upstreamconfig-overrides).
 
 #### Values
 
@@ -638,7 +638,7 @@ Specifies configurations that set default upstream settings. For information abo
 
 ### `UpstreamConfig.Defaults.Protocol`
 
-Specifies default protocol for upstream listeners. 
+Specifies default protocol for upstream listeners.
 
 We recommend configuring the protocol in the main [`Protocol`](#protocol) field of the configuration entry so that you can leverage [L7 features](/consul/docs/connect/l7-traffic). Setting the protocol in an upstream configuration limits L7 management functionality.
 
@@ -647,7 +647,7 @@ We recommend configuring the protocol in the main [`Protocol`](#protocol) field
 
 ### `UpstreamConfig.Defaults.ConnectTimeoutMs`
 
-Specifies how long in milliseconds that all services should continue attempting to establish an upstream connection before timing out. 
+Specifies how long in milliseconds that all services should continue attempting to establish an upstream connection before timing out.
 
 For non-Kubernetes environments, we recommend configuring the upstream timeout in the [`connection_timeout`](/consul/docs/connect/config-entries/service-resolver#connecttimeout) field of the `service-resolver` configuration entry for the upstream destination service. Doing so enables you to leverage [L7 features](/consul/docs/connect/l7-traffic). Configuring the timeout in the `service-defaults` upstream configuration limits L7 management functionality.
 
@@ -656,17 +656,17 @@ For non-Kubernetes environments, we recommend configuring the upstream timeout i
 
 ### `UpstreamConfig.Defaults.MeshGateway`
 
-Specifies the default mesh gateway `mode` field for all upstreams. Refer to [Service Mesh Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration) in the mesh gateway documentation for additional information. 
+Specifies the default mesh gateway `mode` field for all upstreams. Refer to [Service Mesh Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration) in the mesh gateway documentation for additional information.
 
 You can specify the following string values for the `mode` field:
 
 - `none`: The service does not make outbound connections through a mesh gateway. Instead, the service makes outbound connections directly to the destination services.
-- `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter. 
-- `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.  
+- `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter.
+- `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.
 
 ### `UpstreamConfig.Defaults.BalanceOutboundConnections`
 
-Sets the strategy for allocating outbound connections from upstreams across Envoy proxy threads. The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details. 
+Sets the strategy for allocating outbound connections from upstreams across Envoy proxy threads. The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details.
 
 - Default: none
 - Data type: string
@@ -717,7 +717,7 @@ You can specify the following string values for the `MutualTLSMode` field:
 
 ### `EnvoyExtensions`
 
-List of extensions to modify Envoy proxy configuration. Refer to [Envoy Extensions](/consul/docs/connect/proxies/envoy-extensions) for additional information.  
+List of extensions to modify Envoy proxy configuration. Refer to [Envoy Extensions](/consul/docs/connect/proxies/envoy-extensions) for additional information.
 
 You can configure the following parameters in the `EnvoyExtensions` block:
 
@@ -729,7 +729,7 @@ You can configure the following parameters in the `EnvoyExtensions` block:
 
 ### `Destination[]`
 
-Configures the destination for service traffic through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/gateways/terminating-gateway) for additional information. 
+Configures the destination for service traffic through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/gateways/terminating-gateway) for additional information.
 
 You can configure the following parameters in the `Destination` block:
 
@@ -752,7 +752,7 @@ Specifies the number of milliseconds allowed for establishing connections to the
 - Default: `5000`
 - Data type: integer
 
-### `LocalRequestTimeoutMs` 
+### `LocalRequestTimeoutMs`
 
 Specifies the timeout for HTTP requests to the local application instance. Applies to HTTP-based protocols only. If not specified, inherits the Envoy default for route timeouts.
 
@@ -761,22 +761,22 @@ Specifies the timeout for HTTP requests to the local application instance. Appli
 
 ### `MeshGateway`
 
-Specifies the default mesh gateway `mode` field for the service. Refer to [Service Mesh Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration) in the mesh gateway documentation for additional information. 
+Specifies the default mesh gateway `mode` field for the service. Refer to [Service Mesh Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration) in the mesh gateway documentation for additional information.
 
 You can specify the following string values for the `mode` field:
 
 - `none`: The service does not make outbound connections through a mesh gateway. Instead, the service makes outbound connections directly to the destination services.
-- `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter. 
-- `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.  
+- `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter.
+- `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.
 
-### `ExternalSNI` 
+### `ExternalSNI`
 
-Specifies the TLS server name indication (SNI) when federating with an external system. 
+Specifies the TLS server name indication (SNI) when federating with an external system.
 
 - Default: none
 - Data type: string
 
-### `Expose` 
+### `Expose`
 
 Specifies default configurations for exposing HTTP paths through Envoy. Exposing paths through Envoy enables services to listen on localhost only. Applications that are not Consul service mesh-enabled can still contact an HTTP endpoint. Refer to [Expose Paths Configuration Reference](/consul/docs/connect/registration/service-registration#expose-paths-configuration-reference) for additional information and example configurations.
 
@@ -785,7 +785,7 @@ Specifies default configurations for exposing HTTP paths through Envoy. Exposing
 
 ### `Expose.Checks`
 
-Exposes all HTTP and gRPC checks registered with the agent if set to `true`. Envoy exposes listeners for the checks and only accepts connections originating from localhost or Consul's [`advertise_addr`](/consul/docs/agent/config/config-files#advertise_addr). The ports for the listeners are dynamically allocated from the agent's [`expose_min_port`](/consul/docs/agent/config/config-files#expose_min_port) and [`expose_max_port`](/consul/docs/agent/config/config-files#expose_max_port) configurations. 
+Exposes all HTTP and gRPC checks registered with the agent if set to `true`. Envoy exposes listeners for the checks and only accepts connections originating from localhost or Consul's [`advertise_addr`](/consul/docs/agent/config/config-files#advertise_addr). The ports for the listeners are dynamically allocated from the agent's [`expose_min_port`](/consul/docs/agent/config/config-files#expose_min_port) and [`expose_max_port`](/consul/docs/agent/config/config-files#expose_max_port) configurations.
 
 We recommend enabling the `Checks` configuration when a Consul client cannot reach registered services over localhost, such as when Consul agents run in their own pods in Kubernetes.
 
@@ -807,9 +807,9 @@ Specifies a list of configuration maps that define paths to expose through Envoy
 
 <Tab heading="YAML" group="yaml">
 
-### `apiVersion` 
+### `apiVersion`
 
-Specifies the version of the Consul API for integrating with Kubernetes. The value must be `consul.hashicorp.com/v1alpha1`. The `apiVersion` field is not supported for non-Kubernetes deployments. 
+Specifies the version of the Consul API for integrating with Kubernetes. The value must be `consul.hashicorp.com/v1alpha1`. The `apiVersion` field is not supported for non-Kubernetes deployments.
 
 - Default: none
 - This field is required.
@@ -824,7 +824,7 @@ Specifies the configuration entry type. Must be ` ServiceDefaults`.
 
 ### `metadata`
 
-Map that contains the service name, namespace, and admin partition that the configuration entry applies to. 
+Map that contains the service name, namespace, and admin partition that the configuration entry applies to.
 
 #### Values
 
@@ -834,10 +834,10 @@ Map that contains the service name, namespace, and admin partition that the conf
   - [`namespace`](#namespace)
   - [`partition`](#partition)
 
- 
-### `metadata.name` 
 
-Specifies the name of the service you are setting the defaults for. 
+### `metadata.name`
+
+Specifies the name of the service you are setting the defaults for.
 
 #### Values
 
@@ -854,33 +854,33 @@ Specifies the Consul namespace that the configuration entry applies to. Refer to
 
 ### `spec`
 
-Map that contains the details about the `ServiceDefaults` configuration entry. The `apiVersion`, `kind`, and `metadata` fields are siblings of the `spec` field. All other configurations are children.  
+Map that contains the details about the `ServiceDefaults` configuration entry. The `apiVersion`, `kind`, and `metadata` fields are siblings of the `spec` field. All other configurations are children.
 
 ### `spec.protocol`
 
 Specifies the default protocol for the service. In service service mesh use cases, the `protocol` configuration is required to enable the following features and components:
 
 - [observability](/consul/docs/connect/observability)
-- [`service-splitter` configuration entry](/consul/docs/connect/config-entries/service-splitter) 
-- [`service-router` configuration entry](/consul/docs/connect/config-entries/service-router) 
+- [`service-splitter` configuration entry](/consul/docs/connect/config-entries/service-splitter)
+- [`service-router` configuration entry](/consul/docs/connect/config-entries/service-router)
 - [L7 intentions](/consul/docs/connect/intentions#l7-traffic-intentions)
 
-You can set the global protocol for proxies in the [`ProxyDefaults` configuration entry](/consul/docs/connect/config-entries/proxy-defaults#default-protocol), but the protocol specified in the `ServiceDefaults` configuration entry overrides the `ProxyDefaults` configuration.    
+You can set the global protocol for proxies in the [`ProxyDefaults` configuration entry](/consul/docs/connect/config-entries/proxy-defaults#default-protocol), but the protocol specified in the `ServiceDefaults` configuration entry overrides the `ProxyDefaults` configuration.
 
 #### Values
 
 - Default: `tcp`
 - You can specify one of the following string values:
-  - `tcp` 
-  - `http` 
+  - `tcp`
+  - `http`
   - `http2`
-  - `grpc` 
+  - `grpc`
 
 Refer to [Set the default protocol](#set-the-default-protocol) for an example configuration.
 
 ### `spec.balanceInboundConnections`
 
-Specifies the strategy for allocating inbound connections to the service across Envoy proxy threads. The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details. 
+Specifies the strategy for allocating inbound connections to the service across Envoy proxy threads. The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details.
 
 #### Values
 
@@ -889,7 +889,7 @@ Specifies the strategy for allocating inbound connections to the service across
 
 ### `spec.mode`
 
-Specifies a mode for how the service directs inbound and outbound traffic. 
+Specifies a mode for how the service directs inbound and outbound traffic.
 
 #### Values
 
@@ -897,12 +897,12 @@ Specifies a mode for how the service directs inbound and outbound traffic.
 - Required: optional
 - You can specified the following string values:
 
-- `direct`: The proxy's listeners must be dialed directly by the local application and other proxies. 
-- `transparent`: The service captures inbound and outbound traffic and redirects it through the proxy. The mode does not enable the traffic redirection. It instructs Consul to configure Envoy as if traffic is already being redirected.  
+- `direct`: The proxy's listeners must be dialed directly by the local application and other proxies.
+- `transparent`: The service captures inbound and outbound traffic and redirects it through the proxy. The mode does not enable the traffic redirection. It instructs Consul to configure Envoy as if traffic is already being redirected.
 
 ### `spec.upstreamConfig`
 
-Specifies a map that controls default upstream connection settings and custom overrides for individual upstream services. If your network contains federated datacenters, individual upstream configurations apply to all pairs of source and upstream destination services in the network. 
+Specifies a map that controls default upstream connection settings and custom overrides for individual upstream services. If your network contains federated datacenters, individual upstream configurations apply to all pairs of source and upstream destination services in the network.
 
 #### Values
 
@@ -913,7 +913,7 @@ Specifies a map that controls default upstream connection settings and custom ov
 
 ### `spec.upstreamConfig.overrides[]`
 
-Specifies options that override the [default upstream configurations](#spec-upstreamconfig-defaults) for individual upstreams. 
+Specifies options that override the [default upstream configurations](#spec-upstreamconfig-defaults) for individual upstreams.
 
 #### Values
 
@@ -959,7 +959,7 @@ Specifies the protocol to use for requests to the upstream listener. We recommen
 
 ### `spec.upstreamConfig.overrides[].connectTimeoutMs`
 
-Specifies how long in milliseconds that the service should attempt to establish an upstream connection before timing out. 
+Specifies how long in milliseconds that the service should attempt to establish an upstream connection before timing out.
 
 We recommend configuring the upstream timeout in the [`connectTimeout`](/consul/docs/connect/config-entries/service-resolver#connecttimeout) field of the `ServiceResolver` CRD for the upstream destination service. Doing so enables you to leverage [L7 features](/consul/docs/connect/l7-traffic). Configuring the timeout in the `ServiceDefaults` upstream configuration limits L7 management functionality.
 
@@ -970,19 +970,19 @@ We recommend configuring the upstream timeout in the [`connectTimeout`](/consul/
 
 ### `spec.upstreamConfig.overrides[].meshGateway.mode`
 
-Map that contains the default mesh gateway `mode` field for the upstream. Refer to [Connect Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#connect-proxy-configuration) in the mesh gateway documentation for additional information. 
+Map that contains the default mesh gateway `mode` field for the upstream. Refer to [Connect Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#connect-proxy-configuration) in the mesh gateway documentation for additional information.
 
 #### Values
 
 You can specify the following string values for the `mode` field:
 
 - `none`: The service does not make outbound connections through a mesh gateway. Instead, the service makes outbound connections directly to the destination services.
-- `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter. 
-- `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.  
+- `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter.
+- `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.
 
 ### `spec.upstreamConfig.overrides[].balanceInboundConnections`
 
-Sets the strategy for allocating outbound connections from the upstream across Envoy proxy threads. The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details. 
+Sets the strategy for allocating outbound connections from the upstream across Envoy proxy threads. The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details.
 
 #### Values
 
@@ -991,7 +991,7 @@ Sets the strategy for allocating outbound connections from the upstream across E
 
 ### `spec.upstreamConfig.overrides[].limits`
 
-Map that specifies a set of limits to apply to when connecting to individual upstream services. 
+Map that specifies a set of limits to apply to when connecting to individual upstream services.
 
 #### Values
 
@@ -1005,7 +1005,7 @@ The following table describes limits you can configure:
 
 ### `spec.upstreamConfig.overrides[].passiveHealthCheck`
 
-Map that specifies a set of rules that enable Consul to remove hosts from the upstream cluster that are unreachable or that return errors. 
+Map that specifies a set of rules that enable Consul to remove hosts from the upstream cluster that are unreachable or that return errors.
 
 #### Values
 
@@ -1019,7 +1019,7 @@ The following table describes passive health check parameters you can configure:
 
 ### `spec.upstreamConfig.defaults`
 
-Map of configurations that set default upstream configurations for the service. For information about overriding the default configurations for in for individual upstreams, refer to [`spec.upstreamConfig.overrides`](#spec-upstreamconfig-overrides). 
+Map of configurations that set default upstream configurations for the service. For information about overriding the default configurations for in for individual upstreams, refer to [`spec.upstreamConfig.overrides`](#spec-upstreamconfig-overrides).
 
 #### Values
 
@@ -1037,7 +1037,7 @@ Specifies default protocol for upstream listeners. We recommend configuring the
 
 ### `spec.upstreamConfig.default.connectTimeoutMs`
 
-Specifies how long in milliseconds that all services should continue attempting to establish an upstream connection before timing out. 
+Specifies how long in milliseconds that all services should continue attempting to establish an upstream connection before timing out.
 
 We recommend configuring the upstream timeout in the [`connectTimeout`](/consul/docs/connect/config-entries/service-resolver#connecttimeout) field of the `ServiceResolver` CRD for upstream destination services. Doing so enables you to leverage [L7 features](/consul/docs/connect/l7-traffic). Configuring the timeout in the `ServiceDefaults` upstream configuration limits L7 management functionality.
 
@@ -1048,19 +1048,19 @@ We recommend configuring the upstream timeout in the [`connectTimeout`](/consul/
 
 ### `spec.upstreamConfig.defaults.meshGateway.mode`
 
-Specifies the default mesh gateway `mode` field for all upstreams. Refer to [Service Mesh Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration) in the mesh gateway documentation for additional information. 
+Specifies the default mesh gateway `mode` field for all upstreams. Refer to [Service Mesh Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration) in the mesh gateway documentation for additional information.
 
 #### Values
 
 You can specify the following string values for the `mode` field:
 
 - `none`: The service does not make outbound connections through a mesh gateway. Instead, the service makes outbound connections directly to the destination services.
-- `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter. 
-- `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.  
+- `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter.
+- `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.
 
 ### `spec.upstreamConfig.defaults.balanceInboundConnections`
 
-Sets the strategy for allocating outbound connections from upstreams across Envoy proxy threads. The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details. 
+Sets the strategy for allocating outbound connections from upstreams across Envoy proxy threads. The only supported value is `exact_balance`. By default, no connections are balanced. Refer to the [Envoy documentation](https://cloudnative.to/envoy/api-v3/config/listener/v3/listener.proto.html#config-listener-v3-listener-connectionbalanceconfig) for details.
 
 #### Values
 
@@ -1069,7 +1069,7 @@ Sets the strategy for allocating outbound connections from upstreams across Envo
 
 ### `spec.upstreamConfig.defaults.limits`
 
-Map that specifies a set of limits to apply to when connecting upstream services. 
+Map that specifies a set of limits to apply to when connecting upstream services.
 
 #### Values
 
@@ -1082,7 +1082,7 @@ The following table describes limits you can configure:
 | `maxConcurrentRequests` | Specifies the maximum number of concurrent requests. Define this limit for HTTP/2 traffic. An L7 protocol must be defined in the [`protocol`](#protocol) field for this limit to take effect. | integer | `0` |
 
 ### `spec.upstreamConfig.defaults.passiveHealthCheck`
-Map that specifies a set of rules that enable Consul to remove hosts from the upstream cluster that are unreachable or that return errors. 
+Map that specifies a set of rules that enable Consul to remove hosts from the upstream cluster that are unreachable or that return errors.
 
 #### Values
 
@@ -1096,7 +1096,7 @@ The following table describes the health check parameters you can configure:
 
 ### `spec.transparentProxy`
 
-Map of configurations specific to proxies in transparent mode. Refer to [Transparent Proxy](/consul/docs/connect/transparent-proxy) for additional information.  
+Map of configurations specific to proxies in transparent mode. Refer to [Transparent Proxy](/consul/docs/connect/transparent-proxy) for additional information.
 
 #### Values
 
@@ -1138,7 +1138,7 @@ You can configure the following parameters in the `EnvoyExtensions` block:
 
 ### `spec.destination`
 
-Map of configurations that specify one or more destinations for service traffic routed through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/gateways/terminating-gateway) for additional information. 
+Map of configurations that specify one or more destinations for service traffic routed through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/gateways/terminating-gateway) for additional information.
 
 #### Values
 
@@ -1167,7 +1167,7 @@ Specifies the number of milliseconds allowed for establishing connections to the
 - Default: `5000`
 - Data type: integer
 
-### `spec.localRequestTimeoutMs` 
+### `spec.localRequestTimeoutMs`
 
 Specifies the timeout for HTTP requests to the local application instance. Applies to HTTP-based protocols only. If not specified, inherits the Envoy default for route timeouts.
 
@@ -1176,20 +1176,20 @@ Specifies the timeout for HTTP requests to the local application instance. Appli
 - Default of `15s` is inherited from Envoy
 - Data type: string
 
-### `spec.meshGateway.mode` 
-Specifies the default mesh gateway `mode` field for the service. Refer to [Service Mesh Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration) in the mesh gateway documentation for additional information. 
+### `spec.meshGateway.mode`
+Specifies the default mesh gateway `mode` field for the service. Refer to [Service Mesh Proxy Configuration](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration) in the mesh gateway documentation for additional information.
 
 #### Values
 
 You can specify the following string values for the `mode` field:
 
 - `none`: The service does not make outbound connections through a mesh gateway. Instead, the service makes outbound connections directly to the destination services.
-- `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter. 
-- `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.  
+- `local`: The service mesh proxy makes an outbound connection to a gateway running in the same datacenter.
+- `remote`: The service mesh proxy makes an outbound connection to a gateway running in the destination datacenter.
 
-### `spec.externalSNI` 
+### `spec.externalSNI`
 
-Specifies the TLS server name indication (SNI) when federating with an external system. 
+Specifies the TLS server name indication (SNI) when federating with an external system.
 
 #### Values
 
@@ -1207,7 +1207,7 @@ Specifies default configurations for exposing HTTP paths through Envoy. Exposing
 
 ### `spec.expose.checks`
 
-Exposes all HTTP and gRPC checks registered with the agent if set to `true`. Envoy exposes listeners for the checks and only accepts connections originating from localhost or Consul's [`advertise_addr`](/consul/docs/agent/config/config-files#advertise_addr). The ports for the listeners are dynamically allocated from the agent's [`expose_min_port`](/consul/docs/agent/config/config-files#expose_min_port) and [`expose_max_port`](/consul/docs/agent/config/config-files#expose_max_port) configurations. 
+Exposes all HTTP and gRPC checks registered with the agent if set to `true`. Envoy exposes listeners for the checks and only accepts connections originating from localhost or Consul's [`advertise_addr`](/consul/docs/agent/config/config-files#advertise_addr). The ports for the listeners are dynamically allocated from the agent's [`expose_min_port`](/consul/docs/agent/config/config-files#expose_min_port) and [`expose_max_port`](/consul/docs/agent/config/config-files#expose_max_port) configurations.
 
 We recommend enabling the `Checks` configuration when a Consul client cannot reach registered services over localhost, such as when Consul agents run in their own pods in Kubernetes.
 
@@ -1218,7 +1218,7 @@ We recommend enabling the `Checks` configuration when a Consul client cannot rea
 
 ### `spec.expose.paths[]`
 
-Specifies an list of maps that define paths to expose through Envoy when `spec.expose.checks` is set to `true`. 
+Specifies an list of maps that define paths to expose through Envoy when `spec.expose.checks` is set to `true`.
 
 #### Values
 
@@ -1278,7 +1278,7 @@ You can also set the global default protocol for all proxies in the [`proxy-defa
 <Tabs>
 <Tab heading="Consul OSS">
 
-The following example sets default connection limits and mesh gateway mode across all upstreams of the `dashboard` service. 
+The following example sets default connection limits and mesh gateway mode across all upstreams of the `dashboard` service.
 It also overrides the mesh gateway mode used when dialing its `counting` upstream  service.
 
 <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
@@ -1645,7 +1645,7 @@ represents a location outside the Consul cluster. Services can dial destinations
             {
               name: 'Peer',
               type: 'string: ""',
-              description: 
+              description:
                 `The peer name of the upstream. Do not use a wildcard specifier ( \`*\`).`,
             },
             {
@@ -1660,7 +1660,7 @@ represents a location outside the Consul cluster. Services can dial destinations
                     proxy upstream config will not fully enable some
                     [L7 features](/consul/docs/connect/l7-traffic).
                     It is supported here for backwards compatibility with Consul versions prior to 1.6.0.
-                    In addition, the \`protocol\` of a peered service cannot be overriden. Any value in 
+                    In addition, the \`protocol\` of a peered service cannot be overridden. Any value in
                     this field is ignored for peered services.
                   `,
             },
@@ -1784,15 +1784,15 @@ represents a location outside the Consul cluster. Services can dial destinations
                   name: 'MaxEjectionPercent',
                   type: 'int: 10',
                   description: `Measured in percent (%), the maximum percentage of hosts that can be ejected
-                    from a upstream cluster due to passive health check failures. If not specified, inherits 
+                    from a upstream cluster due to passive health check failures. If not specified, inherits
                     Envoy's default of 10% or at least one host.`,
                 },
                 {
                   name: 'BaseEjectionTime',
                   type: 'duration: 30s',
                   description: `The base time that a host is ejected for. The real time is equal to the base
-                    time multiplied by the number of times the host has been ejected and is capped by 
-                    max_ejection_time (Default 300s). If not speficied, inherits Envoy's default value of 30s.`,
+                    time multiplied by the number of times the host has been ejected and is capped by
+                    max_ejection_time (Default 300s). If not specified, inherits Envoy's default value of 30s.`,
                 },
               ],
             },
@@ -1949,15 +1949,15 @@ represents a location outside the Consul cluster. Services can dial destinations
                   name: 'MaxEjectionPercent',
                   type: 'int: 10',
                   description: `Measured in percent (%), the maximum percentage of hosts that can be ejected
-                    from a upstream cluster due to passive health check failures. If not specified, inherits 
+                    from a upstream cluster due to passive health check failures. If not specified, inherits
                     Envoy's default of 10% or at least one host.`,
                 },
                 {
                   name: 'BaseEjectionTime',
                   type: 'duration: 30s',
                   description: `The base time that a host is ejected for. The real time is equal to the base
-                    time multiplied by the number of times the host has been ejected and is capped by 
-                    max_ejection_time (Default 300s). If not speficied, inherits Envoy's default value of 30s.`,
+                    time multiplied by the number of times the host has been ejected and is capped by
+                    max_ejection_time (Default 300s). If not specified, inherits Envoy's default value of 30s.`,
                 },
               ],
             },
diff --git a/website/content/docs/connect/config-entries/service-intentions.mdx b/website/content/docs/connect/config-entries/service-intentions.mdx
index 8d7572c7721a..bf57733892da 100644
--- a/website/content/docs/connect/config-entries/service-intentions.mdx
+++ b/website/content/docs/connect/config-entries/service-intentions.mdx
@@ -18,11 +18,11 @@ The following outline shows how to format the service intentions configuration e
 <Tab heading="HCL and JSON" group="hcl">
 
 - [`Kind`](#kind): string | required | must be set to `service-intentions`
-- [`Name`](#name): string | required  
+- [`Name`](#name): string | required
 - [`Namespace`](#namespace): string |  `default` | <EnterpriseAlert inline/>
 - [`Partition`](#partition): string |  `default` | <EnterpriseAlert inline />
-- [`Meta`](#meta): map 
-- [`JWT`](#jwt): map 
+- [`Meta`](#meta): map
+- [`JWT`](#jwt): map
   - [`Providers`](#jwt-providers): list of maps
     - [`Name`](#jwt-providers-name): string
     - [`VerifyClaims`](#jwt-provider-verifyclaims): list of maps
@@ -113,13 +113,13 @@ When every field is defined, a service intentions configuration entry has the fo
 
 ```hcl
 Kind =  "service-intentions"
-Name = "<name of destination service>"  
+Name = "<name of destination service>"
 Namespace = "<destination namespace>"                    # string
 Partition = "<destination partition>"                    # string
 Meta = {
-  "<key-1>" = "<value-1>"    
-  "<key-2>" = "<value-2>"    
-  } 
+  "<key-1>" = "<value-1>"
+  "<key-2>" = "<value-2>"
+  }
 JWT = {
     Providers = [
       {
@@ -141,14 +141,14 @@ Sources = [
     Partition = "<sources-partition>"                      # string
     SamenessGroup = "<group-name>"                         # string
     Action = "allow" or "deny"                             # string for L4 intentions
-    Permissions = [                                        
-      {                                                  
-        Action = "allow" or "deny"                   # string for L7 intenions
-        HTTP =  {                                      
-          PathExact =  "<exact path to match>"       # string 
-          PathPrefix = "<path prefix to match>"      # string 
-          PathRegex = "<regex pattern to match>"     # string 
-          Methods = [                    
+    Permissions = [
+      {
+        Action = "allow" or "deny"                   # string for L7 intentions
+        HTTP =  {
+          PathExact =  "<exact path to match>"       # string
+          PathPrefix = "<path prefix to match>"      # string
+          PathRegex = "<regex pattern to match>"     # string
+          Methods = [
             "<fist http method to match>",           # string
             "<second http method to match>"
           ]
@@ -174,17 +174,17 @@ Sources = [
               Regex = "<regex pattern to match>"       # string
               Invert = <true or false>                 # boolean
             }
-         ] 
+         ]
         }
-      } 
+      }
     ]
-    Type = "consul"                                     # string     
-    Description = "<description for API responses>"     # string 
+    Type = "consul"                                     # string
+    Description = "<description for API responses>"     # string
     Precedence = <read-only>                            # number
-    LegacyID = <read-only>                              # string 
+    LegacyID = <read-only>                              # string
     LegacyMeta = <read-only>                            # string
     LegacyCreateTime = <read-only>                      # string
-    LegacyUpdateTime = <read-only>                      # string            
+    LegacyUpdateTime = <read-only>                      # string
   }
 ]
 ```
@@ -346,7 +346,7 @@ Specifies the type of configuration entry to implement. Must be set to `service-
 
 ### `Name`
 
-Specifies a name of the destination service for all intentions defined in the configuration entry. 
+Specifies a name of the destination service for all intentions defined in the configuration entry.
 
 #### Values
 
@@ -354,22 +354,22 @@ Specifies a name of the destination service for all intentions defined in the co
 - This field is required.
 - Data type: String
 
-You can also specify a wildcard character (`*`) to match all services without intentions. Intentions that are applied with a wildcard, however, are not supported when defining L7 [`Permissions`](#sources-permissions). 
+You can also specify a wildcard character (`*`) to match all services without intentions. Intentions that are applied with a wildcard, however, are not supported when defining L7 [`Permissions`](#sources-permissions).
 
-### `Namespace` <EnterpriseAlert inline /> 
+### `Namespace` <EnterpriseAlert inline />
 
-Specifies the [namespace](/consul/docs/enterprise/namespaces) that the configuration entry applies to. Services in the namespace are the traffic destinations that the intentions allow or deny traffic to. 
+Specifies the [namespace](/consul/docs/enterprise/namespaces) that the configuration entry applies to. Services in the namespace are the traffic destinations that the intentions allow or deny traffic to.
 
 #### Values
 
 - Default: `default`
 - Data type: String
 
-You can also specify a wildcard character (`*`) to match all namespaces. Intentions that are applied with a wildcard, however, are not supported when defining L7 [`Permissions`](#sources-permissions). 
+You can also specify a wildcard character (`*`) to match all namespaces. Intentions that are applied with a wildcard, however, are not supported when defining L7 [`Permissions`](#sources-permissions).
 
-### `Partition` <EnterpriseAlert inline /> 
+### `Partition` <EnterpriseAlert inline />
 
-Specifies the [admin partition](/consul/docs/enterprise/admin-partitions) to apply the configuration entry. Services in the specified partition are the traffic destinations that the intentions allow or deny traffic to. 
+Specifies the [admin partition](/consul/docs/enterprise/admin-partitions) to apply the configuration entry. Services in the specified partition are the traffic destinations that the intentions allow or deny traffic to.
 
 #### Values
 
@@ -469,7 +469,7 @@ List of configurations that define intention sources and the authorization grant
 
 ### `Sources[].Name`
 
-Specifies the name of the source that the intention allows or denies traffic from. If [`Type`](#sources-type) is set to `consul`, then the value refers to the name of a Consul service. The source is not required to be registered into the Consul catalog. 
+Specifies the name of the source that the intention allows or denies traffic from. If [`Type`](#sources-type) is set to `consul`, then the value refers to the name of a Consul service. The source is not required to be registered into the Consul catalog.
 
 #### Values
 
@@ -479,38 +479,38 @@ Specifies the name of the source that the intention allows or denies traffic fro
 
 ### `Sources[].Peer`
 
-Specifies the name of a peered Consul cluster that the intention allows or denies traffic from. Refer to [Cluster peering overview](/consul/docs/connect/cluster-peering) for additional information about peers. 
+Specifies the name of a peered Consul cluster that the intention allows or denies traffic from. Refer to [Cluster peering overview](/consul/docs/connect/cluster-peering) for additional information about peers.
 
-The `Peer` and `Partition` fields are mutually exclusive. 
+The `Peer` and `Partition` fields are mutually exclusive.
 
 #### Values
 
 - Default: None
 - Data type: String
 
-### `Sources[].Namespace` <EnterpriseAlert inline /> 
+### `Sources[].Namespace` <EnterpriseAlert inline />
 
-Specifies the traffic source namespace that the intention allows or denies traffic from. 
+Specifies the traffic source namespace that the intention allows or denies traffic from.
 
 #### Values
 
 - Default: If [`Peer`](#sources-peer) is unspecified, defaults to the destination [`Namespace`](#namespace).
 - Data type: String
 
-### `Sources[].Partition` <EnterpriseAlert inline /> 
+### `Sources[].Partition` <EnterpriseAlert inline />
 
-Specifies the name of an admin partition that the intention allows or denies traffic from. Refer to [Admin Partitions](/consul/docs/enterprise/admin-partitions) for additional information about partitions. 
+Specifies the name of an admin partition that the intention allows or denies traffic from. Refer to [Admin Partitions](/consul/docs/enterprise/admin-partitions) for additional information about partitions.
 
-The `Peer` and `Partition` fields are mutually exclusive. 
+The `Peer` and `Partition` fields are mutually exclusive.
 
 #### Values
 
 - Default: If [`Peer`](#sources-peer) is unspecified, defaults to the destination [`Partition`](#partition).
 - Data type: string
 
-### `Sources[].SamenessGroup` <EnterpriseAlert inline /> 
+### `Sources[].SamenessGroup` <EnterpriseAlert inline />
 
-Specifies the name of a sameness group that the intention allows or denies traffic from. Refer to [create samenes groups](/consul/docs/connect/cluster-peering/usage/create-sameness-groups) for additional information.
+Specifies the name of a sameness group that the intention allows or denies traffic from. Refer to [create sameness groups](/consul/docs/connect/cluster-peering/usage/create-sameness-groups) for additional information.
 
 #### Values
 
@@ -520,12 +520,12 @@ Specifies the name of a sameness group that the intention allows or denies traff
 
 ### `Sources[].Action`
 
-Specifies the action to take when the source sends traffic to the destination service. The value  is either `allow` or `deny`. Do not configure this field to apply L7 intentions to the same source. Configure the [`Permissions`](#sources-permissions) field instead. 
+Specifies the action to take when the source sends traffic to the destination service. The value  is either `allow` or `deny`. Do not configure this field to apply L7 intentions to the same source. Configure the [`Permissions`](#sources-permissions) field instead.
 
 #### Values
 
 - Default: None
-- This field is required for L4 intentions. 
+- This field is required for L4 intentions.
 - Data type: String value set to either `allow` or `deny`
 
 Refer to the following examples for additional guidance:
@@ -537,13 +537,13 @@ Refer to the following examples for additional guidance:
 
 ### `Sources[].Permissions[]`
 
-Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action. 
+Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
 
-Consul applies permissions in the order specified in the configuration. Beginning at the top of the list, Consul applies the first matching request and stops evaluating against the remaining configurations. 
+Consul applies permissions in the order specified in the configuration. Beginning at the top of the list, Consul applies the first matching request and stops evaluating against the remaining configurations.
 
-For requests that do not match any of the defined permissions, Consul applies the intention behavior defined in the [`acl_default_policy`](/consul/docs/agent/config/config-files#acl_default_policy) configuration. 
+For requests that do not match any of the defined permissions, Consul applies the intention behavior defined in the [`acl_default_policy`](/consul/docs/agent/config/config-files#acl_default_policy) configuration.
 
-Do not configure this field for L4 intentions. Use the [`Sources.Action`](#sources-action) parameter instead. 
+Do not configure this field for L4 intentions. Use the [`Sources.Action`](#sources-action) parameter instead.
 
 The `Permissions` only applies to services with a compatible protocol. `Permissions` are not supported when the [`Name`](#name) or [`Namespace`](#namespace) field is configured with a wildcard because service instances or services in a namespace may use different protocols.
 
@@ -563,12 +563,12 @@ Refer to the following examples for additional guidance:
 
 ### `Sources[].Permissions[].Action`
 
-Specifies the action to take when the source sends traffic to the destination service. The value  is either `allow` or `deny`. 
+Specifies the action to take when the source sends traffic to the destination service. The value  is either `allow` or `deny`.
 
 #### Values
 
 - Default: None
-- This field is required. 
+- This field is required.
 - Data type: String value set to either `allow` or `deny`.
 
 ### `Sources[].Permissions[].HTTP`
@@ -579,7 +579,7 @@ Specifies a set of HTTP-specific match criteria. Consul applies the action defin
 
 - Default: None
 - This field is required.
-- Data type: Map 
+- Data type: Map
 
 The following table describes the parameters that the HTTP map may contain:
 
@@ -593,14 +593,14 @@ The following table describes the parameters that the HTTP map may contain:
 
 ### `Sources[].Permissions[].HTTP[].Header[]`
 
-Specifies a header name and matching criteria for HTTP request headers. The request header must match all specified criteria for the permission to apply. 
+Specifies a header name and matching criteria for HTTP request headers. The request header must match all specified criteria for the permission to apply.
 
 #### Values
 
 - Default: None
-- Data type: list of objects 
+- Data type: list of objects
 
-Each member of the `Header` list is a map that contains a `Name` field and at least one match criterion. The following table describes the parameters that each member of the `Header` list may contain: 
+Each member of the `Header` list is a map that contains a `Name` field and at least one match criterion. The following table describes the parameters that each member of the `Header` list may contain:
 
 | Parameter | Description | Data type | Required |
 | --- | --- | --- | --- |
@@ -614,11 +614,11 @@ Each member of the `Header` list is a map that contains a `Name` field and at le
 
 ### `Sources[].Precedence`
 
-The `Precedence` field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services. Refer to [Precedence and matching order](/consul/docs/connect/intentions/create-manage-intentions#precedence-and-matching-order) for additional information. 
+The `Precedence` field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services. Refer to [Precedence and matching order](/consul/docs/connect/intentions/create-manage-intentions#precedence-and-matching-order) for additional information.
 
 ### `Sources[].Type`
 
-Specifies the type of destination service that the configuration entry applies to. The only value supported is `consul`. 
+Specifies the type of destination service that the configuration entry applies to. The only value supported is `consul`.
 
 #### Values
 
@@ -627,7 +627,7 @@ Specifies the type of destination service that the configuration entry applies t
 
 ### `Sources[].Description`
 
-Specifies a description of the intention. Consul presents the description in API responses to assist other tools integrated into the network. 
+Specifies a description of the intention. Consul presents the description in API responses to assist other tools integrated into the network.
 
 #### Values
 
@@ -656,7 +656,7 @@ Read-only timestamp marking the most recent intention update. Consul exposes the
 
 ### `apiVersion`
 
-Specifies the version of the Consul API for integrating with Kubernetes. The value must be `consul.hashicorp.com/v1alpha1`. 
+Specifies the version of the Consul API for integrating with Kubernetes. The value must be `consul.hashicorp.com/v1alpha1`.
 
 #### Values
 
@@ -676,7 +676,7 @@ Specifies the type of configuration entry to implement. Must be set to `ServiceI
 
 ### `metadata`
 
-Map that contains an arbitrary name for the configuration entry and the namespace it applies to. 
+Map that contains an arbitrary name for the configuration entry and the namespace it applies to.
 
 #### Values
 
@@ -687,7 +687,7 @@ Map that contains an arbitrary name for the configuration entry and the namespac
 
 Specifies an arbitrary name for the configuration entry. Note that in other configuration entries, the `metadata.name` field specifies the name of the service that the settings apply to. For service intentions, the service that accepts the configurations is the _destination_ and is specified in the [`spec.destination.name`](#spec-destination-name) field. Refer to the following topics for additional information:
 
-- [ServiceIntentions Special Case (OSS)](/consul/docs/k8s/crds#serviceintentions-special-case) 
+- [ServiceIntentions Special Case (OSS)](/consul/docs/k8s/crds#serviceintentions-special-case)
 - [ServiceIntentions Special Case (Enterprise)](/consul/docs/k8s/crds#serviceintentions-special-case-enterprise)
 
 #### Values
@@ -695,7 +695,7 @@ Specifies an arbitrary name for the configuration entry. Note that in other conf
 - Default: None
 - Data type: String
 
-### `metadata.namespace` <EnterpriseAlert inline /> 
+### `metadata.namespace` <EnterpriseAlert inline />
 
 Specifies the [namespace](/consul/docs/enterprise/namespaces) that the configuration entry applies to. Refer to [Consul Enterprise](/consul/docs/k8s/crds#consul-enterprise) for information about how Consul namespaces map to Kubernetes Namespaces. Open source Consul distributions (Consul OSS) ignore the `metadata.namespace` configuration.
 
@@ -727,13 +727,13 @@ Map that identifies the destination name and destination namespace that source s
 ### `spec.destination.name`
 
 Specifies the name of the destination service in the mesh that the intentions apply to.
-You can also specify a wildcard character (`*`) to match all services that are missing intention settings. Intentions that are applied with a wildcard, however, are not supported when defining L7 [`permissions`](#spec-sources-permissions). 
+You can also specify a wildcard character (`*`) to match all services that are missing intention settings. Intentions that are applied with a wildcard, however, are not supported when defining L7 [`permissions`](#spec-sources-permissions).
 
 #### Values
 
 - Default: None
 - This field is required.
-- Data type: String 
+- Data type: String
 
 ### `spec.jwt`
 
@@ -791,10 +791,10 @@ Specifies the value to match on when verifying the the claim designated in [`JWT
 
 - Default: None
 - Data type: String
-  
+
 ### `spec.sources[]`
 
-List of configurations that define intention sources and the authorization granted to the sources. You can specify source configurations in any order, but Consul stores and evaluates them in order of reverse precedence at runtime. 
+List of configurations that define intention sources and the authorization granted to the sources. You can specify source configurations in any order, but Consul stores and evaluates them in order of reverse precedence at runtime.
 
 #### Values
 
@@ -812,7 +812,7 @@ List of configurations that define intention sources and the authorization grant
 
 ### `spec.sources[].name`
 
-Specifies the name of the source that the intention allows or denies traffic from. If [`type`](#sources-type) is set to `consul`, then the value refers to the name of a Consul service. The source is not required to be registered into the Consul catalog. 
+Specifies the name of the source that the intention allows or denies traffic from. If [`type`](#sources-type) is set to `consul`, then the value refers to the name of a Consul service. The source is not required to be registered into the Consul catalog.
 
 #### Values
 
@@ -822,58 +822,58 @@ Specifies the name of the source that the intention allows or denies traffic fro
 
 ### `spec.sources[].peer`
 
-Specifies the name of a peered Consul cluster that the intention allows or denies traffic from. Refer to [Cluster peering overview](/consul/docs/connect/cluster-peering) for additional information about peers. The `peer` and `partition` fields are mutually exclusive. 
+Specifies the name of a peered Consul cluster that the intention allows or denies traffic from. Refer to [Cluster peering overview](/consul/docs/connect/cluster-peering) for additional information about peers. The `peer` and `partition` fields are mutually exclusive.
 #### Values
 
 - Default: None
 - Data type: String
 
-### `spec.sources[].namespace` <EnterpriseAlert inline /> 
+### `spec.sources[].namespace` <EnterpriseAlert inline />
 
-Specifies the traffic source namespace that the intention allows or denies traffic from. 
+Specifies the traffic source namespace that the intention allows or denies traffic from.
 
 #### Values
 
 - Default: If [`peer`](#spec-sources-peer) is unspecified, defaults to the namespace specified in the [`spec.destination.namespace`](#spec-destination-namespace) field.
 - Data type: String
 
-### `spec.sources[].partition` <EnterpriseAlert inline /> 
+### `spec.sources[].partition` <EnterpriseAlert inline />
 
-Specifies the name of an admin partition that the intention allows or denies traffic from. Refer to [Admin Partitions](/consul/docs/enterprise/admin-partitions) for additional information about partitions. The `peer` and `partition` fields are mutually exclusive. 
+Specifies the name of an admin partition that the intention allows or denies traffic from. Refer to [Admin Partitions](/consul/docs/enterprise/admin-partitions) for additional information about partitions. The `peer` and `partition` fields are mutually exclusive.
 
 #### Values
 
 - Default: If [`peer`](#sources-peer) is unspecified, defaults to the partition specified in  [`spec.destination.partition`](#spec-destination-partition).
 - Data type: String
 
-### `spec.sources[].samenessGroup` <EnterpriseAlert inline /> 
+### `spec.sources[].samenessGroup` <EnterpriseAlert inline />
 
-Specifies the name of a sameness group that the intention allows or denies traffic from. Refer to [create samenes groups](/consul/docs/k8s/connect/cluster-peering/usage/create-sameness-groups) for additional information.
+Specifies the name of a sameness group that the intention allows or denies traffic from. Refer to [create sameness groups](/consul/docs/k8s/connect/cluster-peering/usage/create-sameness-groups) for additional information.
 
 #### Values
 
 - Default: None
 - Data type: string
-  
+
 ### `spec.sources[].action`
 
-Specifies the action to take when the source sends traffic to the destination service. The value  is either `allow` or `deny`. Do not configure this field for L7 intentions. Configure the [`spec.sources.permissions`](#spec-sources-permissions) field instead. 
+Specifies the action to take when the source sends traffic to the destination service. The value  is either `allow` or `deny`. Do not configure this field for L7 intentions. Configure the [`spec.sources.permissions`](#spec-sources-permissions) field instead.
 
 #### Values
 
 - Default: None
-- This field is required for L4 intentions. 
+- This field is required for L4 intentions.
 - Data type: String value set to either `allow` or `deny`
 
 ### `spec.sources[].permissions[]`
 
-Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action. 
+Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
 
-Consul applies permissions in the order specified in the configuration. Starting at the beginning of the list, Consul applies the first matching request and stops evaluating against the remaining configurations. 
+Consul applies permissions in the order specified in the configuration. Starting at the beginning of the list, Consul applies the first matching request and stops evaluating against the remaining configurations.
 
-For requests that do not match any of the defined permissions, Consul applies the intention behavior defined in the [`acl_default_policy`](/consul/docs/agent/config/config-files#acl_default_policy) configuration. 
+For requests that do not match any of the defined permissions, Consul applies the intention behavior defined in the [`acl_default_policy`](/consul/docs/agent/config/config-files#acl_default_policy) configuration.
 
-Do not configure this field for L4 intentions. Use the [`spec.sources.action`](#sources-action) parameter instead. 
+Do not configure this field for L4 intentions. Use the [`spec.sources.action`](#sources-action) parameter instead.
 
 `permissions` configurations only apply to services with a compatible protocol. As a result, they are not supported when the [`spec.destination.name`](#spec-destination-name) or [`spec.destination.namespace`](#spec-destination-namespace) field is configured with a wildcard because service instances or services in a namespace may use different protocols.
 
@@ -886,12 +886,12 @@ Do not configure this field for L4 intentions. Use the [`spec.sources.action`](#
 
 ### `spec.sources[].permissions[].action`
 
-Specifies the action to take when the source sends traffic to the destination service. The value  is either `allow` or `deny`. 
+Specifies the action to take when the source sends traffic to the destination service. The value  is either `allow` or `deny`.
 
 #### Values
 
 - Default: None
-- This field is required. 
+- This field is required.
 - Data type: String value set to either `allow` or `deny`
 
 ### `spec.sources[].permissions[].http`
@@ -902,7 +902,7 @@ Specifies a set of HTTP-specific match criteria. Consul applies the action defin
 
 - Default: None
 - This field is required.
-- Data type: Map 
+- Data type: Map
 
 The following table describes the parameters that the HTTP map may contain:
 
@@ -916,7 +916,7 @@ The following table describes the parameters that the HTTP map may contain:
 
 ### `spec.sources[].permissions[].http[].header`
 
-Specifies a set of criteria for matching HTTP request headers. The request header must match all specified criteria for the permission to apply. 
+Specifies a set of criteria for matching HTTP request headers. The request header must match all specified criteria for the permission to apply.
 
 #### Values
 
@@ -937,7 +937,7 @@ Each member of the `header` list is a map that contains a `name` field and at le
 
 ### `spec.sources[].type`
 
-Specifies the type of destination service that the configuration entry applies to. The only value supported is `consul`. 
+Specifies the type of destination service that the configuration entry applies to. The only value supported is `consul`.
 
 #### Values
 
@@ -946,7 +946,7 @@ Specifies the type of destination service that the configuration entry applies t
 
 ### `spec.sources[].description`
 
-Specifies a description of the intention. Consul presents the description in API responses to assist other tools integrated into the network. 
+Specifies a description of the intention. Consul presents the description in API responses to assist other tools integrated into the network.
 
 #### Values
 
@@ -964,9 +964,9 @@ The following examples demonstrate potential use-cases for the service intention
 
 ### L4 Intentions for specific sources and destinations
 
-The following example configuration entry specifies an L4 intention that denies traffic from `web` to `db` service instances, but allows traffic from `api` to `db`. 
+The following example configuration entry specifies an L4 intention that denies traffic from `web` to `db` service instances, but allows traffic from `api` to `db`.
 
-<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}> 
+<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
 
 ```hcl
 Kind = "service-intentions"
@@ -1019,7 +1019,7 @@ spec:
 
 ### L4 intentions for all destinations
 
-In the following L4 example, the destination is configured with a `*` wildcard. As a result, traffic from `web` service instances is denied for any service in the datacenter. 
+In the following L4 example, the destination is configured with a `*` wildcard. As a result, traffic from `web` service instances is denied for any service in the datacenter.
 
 <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
 
@@ -1064,7 +1064,7 @@ spec:
 
 ### L4 intentions for all sources
 
-In the following L4 example, the source is configured with a `*` wildcard. As a result, traffic from any service is denied to `db` service instances. 
+In the following L4 example, the source is configured with a `*` wildcard. As a result, traffic from any service is denied to `db` service instances.
 
 <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
 
@@ -1206,7 +1206,7 @@ spec:
 
 ### gRPC
 
-In the following example, Consul denies requests from `frontend-web` to the `IssueRefund` gRPC service. 
+In the following example, Consul denies requests from `frontend-web` to the `IssueRefund` gRPC service.
 Because gRPC method calls use the [HTTP/2 protocol](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md), you can apply an HTTP path-matching rule to control traffic:
 
 <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
@@ -1517,7 +1517,7 @@ Sources = [
           providers:
           - name: okta
             verifyClaims:
-            - path: 
+            - path:
                 - perms
                 - role
               value: admin
diff --git a/website/content/docs/connect/config-entries/service-resolver.mdx b/website/content/docs/connect/config-entries/service-resolver.mdx
index b4218d6d0614..03b97be2ddf7 100644
--- a/website/content/docs/connect/config-entries/service-resolver.mdx
+++ b/website/content/docs/connect/config-entries/service-resolver.mdx
@@ -1,7 +1,7 @@
 ---
 layout: docs
 page_title: Service Resolver Configuration Entry Reference
-description: >- 
+description: >-
   Service resolver configuration entries are L7 traffic management tools for defining sets of service instances that resolve upstream requests and Consul’s behavior when resolving them. Learn how to write `service-resolver` config entries in HCL or YAML with a specification reference, configuration model, a complete example, and example code by use case.
 ---
 
@@ -136,8 +136,8 @@ When every field is defined, a service resolver configuration entry has the foll
 ```hcl
 Kind      = "service-resolver"                                     ## required
 Name      = "<name-of-service-configuration-applies-to>"
-Namespace = "<namespace-configuration-applies-to>" 
-Partition = "<partition-configuration-applies-to>" 
+Namespace = "<namespace-configuration-applies-to>"
+Partition = "<partition-configuration-applies-to>"
 Meta = {
  <key> = "<value>"
 }
@@ -220,7 +220,7 @@ LoadBalancer = {
   "Kind":"service-resolver",                             // required
   "Name":"<name-of-service-configuration-applies-to>",
   "Namespace":"<namespace-configuration-applies-to>",
-  "Partition":"parition-configuration-applies-to>", 
+  "Partition":"partition-configuration-applies-to>",
   "Meta":{
    "<key>":"<value>"
   },
@@ -288,7 +288,7 @@ LoadBalancer = {
        },
        "SourceIP":false,                       // cannot specify with Field or FieldValue
        "Terminal":false
-    } 
+    }
    ]
   }
 }
@@ -300,7 +300,7 @@ LoadBalancer = {
 
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1         # required
-kind: ServiceResolver                             # required            
+kind: ServiceResolver                             # required
 metadata:
   name: <serviceName>
   namespace: <namespace>
@@ -315,7 +315,7 @@ spec:
       filter: <expression.to.match.on == value02>
       onlyPassing: false
   defaultSubset: <definedSubsetName>
-  redirect:                                 
+  redirect:
     service: <serviceName>
     servicesubset: <subsetName>
     namespace: <namespaceName>
@@ -323,7 +323,7 @@ spec:
     samenessGroup: <samenessGroupName>
     peer: <peerName>
   failover:                         # requires at least one of the following: service, serviceSubset, namespace, targets, datacenters, samenessGroup
-    <localSubsetName>: 
+    <localSubsetName>:
       targets:
       - service: <serviceName>
       - serviceSubset: <serviceSubset>
@@ -445,7 +445,7 @@ For additional guidance, refer to the [filter on service version configuration e
 - Data type: Map containing a key-value pair.
   - `<KEY>`: String that names the subset. The string must be valid as a DNS subdomain element.
   - `<VALUE>`: Map that can contain the following parameters:
-  
+
     | Parameter     | Description                                                                                                                                                                                                                                                                                   | Data type | Default |
     | :------------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | ------- |
     | `Filter`      | Specifies an expression that filters the DNS elements of service instances that belong to the subset. If empty, all healthy instances of a service are returned. This expression can filter on the same DNS selectors as the [Health API endpoint](/consul/api-docs/health#filtering-2). For more information about creating and using expressions to filter, refer to [filtering](/consul/api-docs/features/filtering).     | String    | None    |
@@ -557,7 +557,7 @@ This parameter is a map, and its key is the name of the local service subset tha
   - [`SamenessGroup`](#failover-samenessgroup)
   - [`Datacenters`](#failover-datacenters)
   - [`Targets`](#failover-targets)
-  
+
 ### `Failover{}.Service`
 
 Specifies the name of the service to resolve at the failover location during a failover scenario.
@@ -706,10 +706,10 @@ Specifies the type of load balancing policy for selecting a host. Supported load
 - Data type: String containing one of the following values:
 
   - `random`
-  - `round_robin` 
+  - `round_robin`
   - `least_request`
-  - `ring_hash` 
-  - `maglev`  
+  - `ring_hash`
+  - `maglev`
 
 ### `LoadBalancer{}.LeastRequestConfig`
 
@@ -719,7 +719,7 @@ Specifies configuration for the `least_request` policy type.
 
 - Default: None
 - Data type: Map containing the following parameter:
-  
+
   | Parameter     | Description                                                                                        | Data type | Default |
   | :------------ | :------------------------------------------------------------------------------------------------- | --------- | ------- |
   | `ChoiceCount` | Specifies the number of random healthy hosts from which to select the one with the least requests. | Integer   | `2`     |
@@ -732,7 +732,7 @@ Specifies configuration for the `ring_hash` policy type.
 
 - Default: None
 - Data type: List that can contain the following parameters:
-  
+
   | Parameter     | Description                                                    | Data type | Default |
   | :------------ | :------------------------------------------------------------- | --------- | ------- |
   | `MinimumRingSize` | Determines the minimum number of entries in the hash ring. | Integer   | `1024`  |
@@ -789,7 +789,7 @@ Specifies additional configuration options for the `cookie` hash policy type. Th
 
 - Default: None
 - Data type: Map that can contain the following parameters:
-  
+
   | Parameter      | Description                                                                       | Data type | Default |
   | :------------- | :-------------------------------------------------------------------------------- | --------- | ------- |
   | `Session`      | Directs Consul to generate a session cookie with no expiration.                   | Boolean   | `false` |
@@ -798,13 +798,13 @@ Specifies additional configuration options for the `cookie` hash policy type. Th
 
 ### `LoadBalancer{}.HashPolicies[].SourceIP`
 
-Determines if the hash type should besource IP address. You cannot specify `SourceIP` if `Field` or `FieldValue` are configured.
+Determines if the hash type should be source IP address. You cannot specify `SourceIP` if `Field` or `FieldValue` are configured.
 
 #### Values
 
 - Default: `false`
 - Data type: Boolean
-  
+
 ### `LoadBalancer{}.HashPolicies[].Terminal`
 
  Determines if Consul should stop computing the hash when multiple hash policies are present. If a hash is computed when a terminal policy is evaluated, then that hash is used and subsequent hash policies are ignored.
@@ -813,14 +813,14 @@ Determines if the hash type should besource IP address. You cannot specify `Sour
 
 - Default: `false`
 - Data type: Boolean
-  
+
 </Tab>
 
 <Tab heading="YAML" group="yaml">
 
 ### `apiVersion`
 
-Specifies the version of the Consul API for integrating with Kubernetes. The value must be `consul.hashicorp.com/v1alpha1`. 
+Specifies the version of the Consul API for integrating with Kubernetes. The value must be `consul.hashicorp.com/v1alpha1`.
 
 #### Values
 
@@ -840,7 +840,7 @@ Specifies the type of configuration entry to implement. Must be set to `ServiceR
 
 ## `metadata`
 
-Map that contains an arbitrary name for the configuration entry and the namespace it applies to. 
+Map that contains an arbitrary name for the configuration entry and the namespace it applies to.
 
 #### Values
 
@@ -1019,7 +1019,7 @@ This parameter is a map, and its key is the name of the local service subset tha
   - [`samenessGroup`](#spec-failover-samenessgroup)
   - [`datacenters`](#spec-failover-datacenters)
   - [`targets`](#spec-failover-targets)
-  
+
 ### `spec.failover.service`
 
 Specifies the name of the service to resolve at the failover location during a failover scenario.
@@ -1167,9 +1167,9 @@ Specifies the type of load balancing policy for selecting a host. Supported load
 - Data type: String containing one of the following values:
 
   - `random`
-  - `round_robin` 
+  - `round_robin`
   - `least_request`
-  - `ring_hash` 
+  - `ring_hash`
   - `maglev`
 
 ### `spec.loadBalancer.leastRequestConfig`
@@ -1180,7 +1180,7 @@ Specifies configuration for the `least_request` policy type.
 
 - Default: None
 - Data type: Map containing the following parameter:
-  
+
   | Parameter     | Description                                                                                        | Data type | Default |
   | :------------ | :------------------------------------------------------------------------------------------------- | --------- | ------- |
   | `choiceCount` | Specifies the number of random healthy hosts from which to select the one with the least requests. | Integer   | `2`     |
@@ -1193,7 +1193,7 @@ Specifies configuration for the `ring_hash` policy type.
 
 - Default: None
 - Data type: List that can contain the following parameters:
-  
+
   | Parameter     | Description                                                    | Data type | Default |
   | :------------ | :------------------------------------------------------------- | --------- | ------- |
   | `minimumRingSize` | Determines the minimum number of entries in the hash ring. | Integer   | `1024`  |
@@ -1217,7 +1217,7 @@ Specifies a list of hash policies to use for hashing load balancing algorithms.
 
  Specifies the attribute type to hash on. You cannot specify the `field` parameter if `sourceIP` is also configured.
 
-Supported attribute types include the following: 
+Supported attribute types include the following:
 
 | Attribute | Description                                                     |
 | :--------- | :-------------------------------------------------------------- |
@@ -1250,7 +1250,7 @@ Specifies additional configuration options for the `cookie` hash policy type. Th
 
 - Default: None
 - Data type: Map that can contain the following parameters:
-  
+
   | Parameter      | Description                                                                       | Data type | Default |
   | :------------- | :-------------------------------------------------------------------------------- | --------- | ------- |
   | `session`      | Directs Consul to generate a session cookie with no expiration.                   | Boolean   | `false` |
@@ -1259,7 +1259,7 @@ Specifies additional configuration options for the `cookie` hash policy type. Th
 
 ### `spec.loadBalancer.hashPolicies[].sourceIP`
 
-Determines if the hash type should besource IP address. You cannot specify `sourceIP` if `field` or `fieldValue` are configured.
+Determines if the hash type should be source IP address. You cannot specify `sourceIP` if `field` or `fieldValue` are configured.
 
 #### Values
 
@@ -1346,7 +1346,7 @@ spec:
 
 ### Resolve virtual upstreams
 
-The folowing example uses the [`Redirect` parameter](#redirect) to expose a set of services to another datacenter as a virtual service.
+The following example uses the [`Redirect` parameter](#redirect) to expose a set of services to another datacenter as a virtual service.
 
 <Tabs>
 <Tab heading="HCL" group="hcl">
diff --git a/website/content/docs/connect/config-entries/service-router.mdx b/website/content/docs/connect/config-entries/service-router.mdx
index 4362925f59fb..fd3e1b04be0a 100644
--- a/website/content/docs/connect/config-entries/service-router.mdx
+++ b/website/content/docs/connect/config-entries/service-router.mdx
@@ -1,7 +1,7 @@
 ---
 layout: docs
 page_title: Service Router Configuration Entry Reference
-description: >- 
+description: >-
   Service router configuration entries are L7 traffic management tools for redirecting requests for a service to a particular instance or set of instances. Learn how to write `service-router` config entries in HCL or YAML with a specification reference, configuration model, a complete example, and example code by use case.
 ---
 
@@ -23,7 +23,7 @@ The following list outlines field hierarchy, language-specific data types, and r
 - [`Name`](#name): string | required
 - [`Namespace`](#namespace): string <EnterpriseAlert inline />
 - [`Partition`](#partition): string | `default` <EnterpriseAlert inline />
-- [`Meta`](#meta): map 
+- [`Meta`](#meta): map
 - [`Routes`](#routes): list
   - [`Match`](#routes-match): map
     - [`HTTP`](#routes-match-http): map
@@ -114,7 +114,7 @@ The following list outlines field hierarchy, language-specific data types, and r
         - [`add`](#spec-routes-destination-responseheaders): map
         - [`set`](#spec-routes-destination-responseheaders): map
         - [`remove`](#spec-routes-destination-responseheaders): map
-  
+
 </Tab>
 </Tabs>
 
@@ -169,7 +169,7 @@ Routes = [
         Name   = "<text-to-match-in-query-parameter>"      ## required when specifying Routes.Match.HTTP.Header
         Present = false
         Exact = "<exact-text-to-match-in-query-parameter>"
-        Regex = "<regex-to-match-in-query-paramater>"
+        Regex = "<regex-to-match-in-query-parameter>"
       ]
      }
    },
@@ -181,7 +181,7 @@ Routes = [
        Namespace             = "<namespace-at-destination>"
        Partition             = "<partition-at-destination>"
        PrefixRewrite         = "<new-prefix-after-routing>"   ## required specifying either Routes.Match.HTTP.PathPrefix or Routes.Match.HTTP.PathExact
-       RequestTimeout        = 0 
+       RequestTimeout        = 0
        IdleTimeout           = 0
        NumRetries            = 1
        RetryOnConnectFailure = false
@@ -222,9 +222,9 @@ Routes = [
       "HTTP": {
         "PathExact": "<exact/http/path>"                     // cannot specify with PathPrefix or PathRegex
       },
-      "HTTP": { 
+      "HTTP": {
         "PathPrefix": "<path/prefix>"                        // cannot specify with PathExact or PathRegex
-      }, 
+      },
       "HTTP": {
        "PathRegex": "<regex/path>"                           // cannot specify with PathPrefix or PathExact
       },
@@ -249,7 +249,7 @@ Routes = [
          "Name": "<text-to-match-in-query-parameter>",         // required when specifying Routes.Match.HTTP.Header
          "Present": false,
          "Exact": "<exact-text-to-match-in-query-parameter>",
-         "Regex": "<regex-to-match-in-query-paramater>"
+         "Regex": "<regex-to-match-in-query-parameter>"
        ]
       }
     },
@@ -260,7 +260,7 @@ Routes = [
        "Namespace": "<namespace-at-destination>",
        "Partition": "<partition-at-destination>",
        "PrefixRewrite": "<new-prefix-after-routing>",           // required specifying either Routes.Match.HTTP.PathPrefix or Routes.Match.HTTP.PathExact
-       "RequestTimeout": 0, 
+       "RequestTimeout": 0,
        "IdleTimeout": 0,
        "NumRetries": 1,
        "RetryOnConnectFailure": false,
@@ -288,7 +288,7 @@ Routes = [
 
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1                  # required
-kind: ServiceRouter                                        # required            
+kind: ServiceRouter                                        # required
 metadata:
   name: <serviceName>
   namespace: <namespace>
@@ -301,7 +301,7 @@ spec:
          pathPrefix: <path/prefix>                         ## cannot specify with pathExact or pathRegex
        http:
          pathRegex: <regex/path>                           ## cannot specify with pathPrefix or pathExact
-       http: 
+       http:
          methods: [GET, POST, PUT]
        http:
          header:                                           ## do not specify present, exact, prefix, suffix, and regex in a single header
@@ -317,7 +317,7 @@ spec:
           - name: <text-to-match-in-query-parameter>        ## required when specifying spec.routes.match.http.header
             present: false
             exact: <exact-text-to-match-in-query-parameter>
-            regex: <regex-to-match-in-query-paramater>
+            regex: <regex-to-match-in-query-parameter>
 
     destination:
        service: <service-name-at-destination>
@@ -325,7 +325,7 @@ spec:
        namespace: <namespace-at-destination>
        partition: <partition-at-destination>
        prefixRewrite: <new-prefix-after-routing>             ## required specifying either spec.routes.match.http.pathPrefix or spec.routes.match.http.pathExact
-       requestTimeout: 0 
+       requestTimeout: 0
        idleTimeout: 0
        numRetries: 1
        retryOnConnectFailure: false
@@ -351,15 +351,15 @@ This section provides details about the fields you can configure in the service
 
 <Tab heading="HCL" group="hcl">
 
-### `Kind` 
+### `Kind`
 
-Specifies the type of configuration entry to implement. 
+Specifies the type of configuration entry to implement.
 
 #### Values
 
 - Default: none
 - This field is required.
-- Data type: String value that must be set to `service-router`. 
+- Data type: String value that must be set to `service-router`.
 
 ### `Name`
 
@@ -609,7 +609,7 @@ Specifies that a request matches when the query parameter with the given name is
 
 - Default: None
 - Data type: String
-  
+
 ### `Routes[].Match{}.HTTP{}.QueryParam[].Regex`
 
 Specifies that a request matches when the query parameter with the given name matches this regular expression. When using this field, do not configure `Present` or `Exact` in the same map. The syntax for the regular expression field is proxy-specific. When [using Envoy](/consul/docs/connect/proxies/envoy), refer to [the documentation for Envoy v1.11.2 or newer](https://github.com/google/re2/wiki/Syntax) or [the documentation for Envoy v1.11.1 or older](https://en.cppreference.com/w/cpp/regex/ecmascript), depending on the version of Envoy you use.
@@ -646,7 +646,7 @@ Specifies the target service to route matching requests to, as well as behavior
 
 Specifies the name of the service to resolve. If this parameter is not specified, the default service name is inherited from the configuration entry’s [`Name` field](#name).
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: String
@@ -655,7 +655,7 @@ Specifies the name of the service to resolve. If this parameter is not specified
 
 Specifies a named subset of the given service to resolve instead of the one defined as that service's `DefaultSubset` in the [service resolver configuration entry](/consul/docs/connect/config-entries/service-resolver). If this parameter is not specified, the default subset is used.
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: String
@@ -664,7 +664,7 @@ Specifies a named subset of the given service to resolve instead of the one defi
 
 Specifies the Consul namespace to resolve the service from instead of the current namespace. If this parameter is not specified, the current namespace is used.
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: String
@@ -673,7 +673,7 @@ Specifies the Consul namespace to resolve the service from instead of the curren
 
 Specifies the Consul admin partition to resolve the service from instead of the current partition. If this parameter is not specified, the current partition is used.
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: String
@@ -682,7 +682,7 @@ Specifies the Consul admin partition to resolve the service from instead of the
 
 Specifies rewrites to the HTTP request path before proxying it to its final destination. This field requires that either [`Routes[].Match{}.HTTP{}.PathPrefix`](#routes-match-http-pathprefix) or [`Routes[].Match{}.HTTP{}.PathExact`](#routes-match-http-pathexact) be configured on this route.
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: String
@@ -691,7 +691,7 @@ Specifies rewrites to the HTTP request path before proxying it to its final dest
 
 Specifies the total amount of time permitted for the entire downstream request to be processed, including retry attempts.
 
-#### Values 
+#### Values
 
 - Default: `0`
 - Data type: Integer
@@ -700,7 +700,7 @@ Specifies the total amount of time permitted for the entire downstream request t
 
 Specifies the total amount of time permitted for the request stream to be idle.
 
-#### Values 
+#### Values
 
 - Default: `0`
 - Data type: Integer
@@ -709,7 +709,7 @@ Specifies the total amount of time permitted for the request stream to be idle.
 
 Specifies the number of times to retry the request when a retry condition occurs. Configure this field and other retry fields in `Destination` to configure the logic for retry attempts. For examples, refer to the [retry logic example configurations](#retry-logic). You cannot set the value to `0`. To disable retries, unset all other retry settings: `RetryOnConnectFailure`, `RetryOn`, `RetryOnStatusCodes`.
 
-#### Values 
+#### Values
 
 - Default: `1`
 - Data type: Integer
@@ -718,7 +718,7 @@ Specifies the number of times to retry the request when a retry condition occurs
 
 Specifies that connection failure errors that trigger a retry request. Configure this field and other retry fields in `Destination` to configure the logic for retry attempts. For examples, refer to the [retry logic example configurations](#retry-logic).
 
-#### Values 
+#### Values
 
 - Default: `false`
 - Data type: Boolean
@@ -766,7 +766,7 @@ The following retry conditions are supported:
 
 Specifies a list of integers for [HTTP response status codes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status) that trigger a retry request. Configure this field and other retry fields in `Destination` to configure the logic for retry attempts. For examples, refer to the [retry logic example configurations](#retry-logic)
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: List of integers
@@ -785,10 +785,10 @@ Specifies a set of HTTP-specific header modification rules applied to requests r
 
 The following table describes how to configure values for request headers:
 
-| Rule | Description | Type |   
-| ---       | ---         | ---         |  
-| `Add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings | 
-| `Set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings | 
+| Rule | Description | Type |
+| ---       | ---         | ---         |
+| `Add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
+| `Set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
 | `Remove` | Defines a list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | list of strings |
 
 #### Use variable placeholders
@@ -797,7 +797,7 @@ For `Add` and `Set`, if the service is configured to use Envoy as the proxy, the
 
 ### `Routes[].Destination{}.ResponseHeaders`
 
-Specifies a set of HTTP-specific header modification rules applied to responses routed with the service router. You cannot configure request headers if the listener protocol is set to `tcp`. 
+Specifies a set of HTTP-specific header modification rules applied to responses routed with the service router. You cannot configure request headers if the listener protocol is set to `tcp`.
 
 #### Values
 
@@ -808,12 +808,12 @@ Specifies a set of HTTP-specific header modification rules applied to responses
   - `Remove`: Map of one or more string key-value pairs.
 
 The following table describes how to configure values for response headers:
-  
-| Rule | Description | Type | 
-| ---       | ---         | ---         |  
-| `Add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings | 
-| `Set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings | 
-| `Remove` | Defines a list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | list of strings | 
+
+| Rule | Description | Type |
+| ---       | ---         | ---         |
+| `Add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
+| `Set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
+| `Remove` | Defines a list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | list of strings |
 
 #### Use variable placeholders
 
@@ -825,21 +825,21 @@ For `Add` and `Set`, if the service is configured to use Envoy as the proxy, the
 
 ### `apiVersion`
 
-Kubernetes-only parameter that specifies the version of the Consul API that the configuration entry maps to Kubernetes configurations. The value must be `consul.hashicorp.com/v1alpha1`.  
+Kubernetes-only parameter that specifies the version of the Consul API that the configuration entry maps to Kubernetes configurations. The value must be `consul.hashicorp.com/v1alpha1`.
 
-### `kind` 
+### `kind`
 
-Specifies the type of configuration entry to implement. 
+Specifies the type of configuration entry to implement.
 
 #### Values
 
 - Default: None
 - This field is required.
-- Data type: String value that must be set to `ServiceRouter`. 
+- Data type: String value that must be set to `ServiceRouter`.
 
 ### `metadata.name`
 
-Specifies a name for the configuration entry. The name is metadata that you can use to reference the configuration entry when performing Consul operations, such as applying a configuration entry to a specific cluster. 
+Specifies a name for the configuration entry. The name is metadata that you can use to reference the configuration entry when performing Consul operations, such as applying a configuration entry to a specific cluster.
 
 #### Values
 
@@ -861,9 +861,9 @@ Map that contains the details about the `ServiceRouter` configuration entry. The
 
 #### Values
 
-- Default: None 
+- Default: None
 - This field is required.
-- Data type: Object containing [`spec.routes`](#spec-routes) configuration 
+- Data type: Object containing [`spec.routes`](#spec-routes) configuration
 
 ### `spec.meta`
 
@@ -871,10 +871,10 @@ Specifies key-value pairs to add to the KV store.
 
 #### Values
 
-- Default: none 
-- Data type: Map of one or more key-value pairs 
+- Default: none
+- Data type: Map of one or more key-value pairs
   - keys: String
-  - values: String, integer, or float 
+  - values: String, integer, or float
 
 ### `spec.routes`
 
@@ -1085,7 +1085,7 @@ Specifies that a request matches when the query parameter with the given name is
 
 - Default: None
 - Data type: String
-  
+
 ### `spec.routes[].match.http.queryParam[].regex`
 
 Specifies that a request matches when the query parameter with the given name matches this regular expression. When using this field, do not configure `present` or `exact` in the same map. The syntax for the regular expression field is proxy-specific. When [using Envoy](/consul/docs/connect/proxies/envoy), refer to [the documentation for Envoy v1.11.2 or newer](https://github.com/google/re2/wiki/Syntax) or [the documentation for Envoy v1.11.1 or older](https://en.cppreference.com/w/cpp/regex/ecmascript), depending on the version of Envoy you use.
@@ -1122,7 +1122,7 @@ Specifies the target service to route matching requests to, as well as behavior
 
 Specifies the name of the service to resolve. If this parameter is not specified, the default service name is inherited from the configuration entry’s [`metadata.name` field](#metadata-name).
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: String
@@ -1131,7 +1131,7 @@ Specifies the name of the service to resolve. If this parameter is not specified
 
 Specifies a named subset of the given service to resolve instead of the one defined as that service's `defaultSubset` in the [service resolver configuration entry](/consul/docs/connect/config-entries/service-resolver). If this parameter is not specified, the default subset is used.
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: String
@@ -1140,7 +1140,7 @@ Specifies a named subset of the given service to resolve instead of the one defi
 
 Specifies the Consul namespace to resolve the service from instead of the current namespace. If this parameter is not specified, the current namespace is used.
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: String
@@ -1149,7 +1149,7 @@ Specifies the Consul namespace to resolve the service from instead of the curren
 
 Specifies the Consul admin partition to resolve the service from instead of the current partition. If this parameter is not specified, the current partition is used.
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: String
@@ -1158,7 +1158,7 @@ Specifies the Consul admin partition to resolve the service from instead of the
 
 Specifies rewrites to the HTTP request path before proxying it to its final destination. This field requires that either [`spec.routes[].match.http.pathPrefix`](#spec-routes-match-http-pathprefix) or [`spec.routes[].match.http.pathExact`](#spec-routes-match-http-pathexact) be configured on this route.
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: String
@@ -1167,7 +1167,7 @@ Specifies rewrites to the HTTP request path before proxying it to its final dest
 
 Specifies the total amount of time permitted for the entire downstream request to be processed, including retry attempts.
 
-#### Values 
+#### Values
 
 - Default: `0`
 - Data type: Integer
@@ -1176,7 +1176,7 @@ Specifies the total amount of time permitted for the entire downstream request t
 
 Specifies the total amount of time permitted for the request stream to be idle.
 
-#### Values 
+#### Values
 
 - Default: `0`
 - Data type: Integer
@@ -1185,7 +1185,7 @@ Specifies the total amount of time permitted for the request stream to be idle.
 
 Specifies the number of times to retry the request when a retry condition occurs. Configure this field and other retry fields in `spec.routes.destination` to configure the logic for retry attempts. For examples, refer to the [retry logic example configurations](#retry-logic). You cannot set the value to `0`. To disable retries, unset all other retry settings: `retryOnConnectFailure`, `retryOn`, `retryOnStatusCodes`.
 
-#### Values 
+#### Values
 
 - Default: `1`
 - Data type: Integer
@@ -1194,7 +1194,7 @@ Specifies the number of times to retry the request when a retry condition occurs
 
 Specifies that connection failure errors that trigger a retry request. Configure this field and other retry fields in `spec.routes[].destination` to configure the logic for retry attempts. For examples, refer to the [retry logic example configurations](#retry-logic).
 
-#### Values 
+#### Values
 
 - Default: `false`
 - Data type: Boolean
@@ -1242,7 +1242,7 @@ The following retry conditions are supported:
 
 Specifies a list of integers for [HTTP response status codes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status) that trigger a retry request. Configure this field and other retry fields in `spec.routes[].destination` to configure the logic for retry attempts. For examples, refer to the [retry logic example configurations](#retry-logic)
 
-#### Values 
+#### Values
 
 - Default: None
 - Data type: List of integers
@@ -1261,10 +1261,10 @@ Specifies a set of HTTP-specific header modification rules applied to requests r
 
 The following table describes how to configure values for request headers:
 
-| Rule | Description | Type |   
-| --- 	    | ---	       | ---         |  
-| `add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings | 
-| `set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings | 
+| Rule | Description | Type |
+| --- 	    | ---	       | ---         |
+| `add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
+| `set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
 | `remove` | Defines a list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | list of strings |
 
 #### Use variable placeholders
@@ -1284,12 +1284,12 @@ Specifies a set of HTTP-specific header modification rules applied to responses
   - `remove`: Map of one or more string key-value pairs.
 
 The following table describes how to configure values for response headers:
-  
-| Rule | Description | Type | 
-| --- 	    | ---	       | ---         |  
-| `add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings | 
-| `set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings | 
-| `remove` | Defines a list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | list of strings | 
+
+| Rule | Description | Type |
+| --- 	    | ---	       | ---         |
+| `add` | Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
+| `set` | Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can [use variable placeholders](#use-variable-placeholders). | map of strings |
+| `remove` | Defines a list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | list of strings |
 
 #### Use variable placeholders
 
@@ -1301,7 +1301,7 @@ For `add` and `set`, if the service is configured to use Envoy as the proxy, the
 
 ## Examples
 
-The following examples demonstrate common service router configuration patterns for specific use cases. 
+The following examples demonstrate common service router configuration patterns for specific use cases.
 
 ### Path prefix matching
 
@@ -1568,7 +1568,7 @@ spec:
 
 The following example configures Consul so that when a request for the `orders` service passes through the service mesh, Consul routes the traffic to the `products` service or the `procurement` service based on the HTTP path that originated the request:
 
-- If it originates from the `/coffees` path, the request routes to the `products` service, times out after 15 seconds, and attempts 5 retries. 
+- If it originates from the `/coffees` path, the request routes to the `products` service, times out after 15 seconds, and attempts 5 retries.
 - If it originates from the `/orders` path, the request routes to the `procurement` services, times out after 10 seconds, and attempts 3 retries.
 
 <Tabs>
@@ -1685,4 +1685,4 @@ spec:
 ```
 
 </Tab>
-</Tabs>
\ No newline at end of file
+</Tabs>
diff --git a/website/content/docs/connect/dataplane/consul-dataplane.mdx b/website/content/docs/connect/dataplane/consul-dataplane.mdx
index cf0ae4332120..fa29bf8de5d1 100644
--- a/website/content/docs/connect/dataplane/consul-dataplane.mdx
+++ b/website/content/docs/connect/dataplane/consul-dataplane.mdx
@@ -15,7 +15,7 @@ Usage: `consul-dataplane [options]`
 
 ### Requirements
 
-Consul Dataplane requires servers running Consul version `v1.14+`. To find a specific version of Consul, refer to [Hashicorp's Official Release Channels](https://www.hashicorp.com/official-release-channels).
+Consul Dataplane requires servers running Consul version `v1.14+`. To find a specific version of Consul, refer to [HashiCorp's Official Release Channels](https://www.hashicorp.com/official-release-channels).
 
 ### Startup
 
diff --git a/website/content/docs/connect/gateways/mesh-gateway/index.mdx b/website/content/docs/connect/gateways/mesh-gateway/index.mdx
index bcac5555278b..6faec5e9e760 100644
--- a/website/content/docs/connect/gateways/mesh-gateway/index.mdx
+++ b/website/content/docs/connect/gateways/mesh-gateway/index.mdx
@@ -12,7 +12,7 @@ Datacenters can reside in different clouds or runtime environments where general
 
 ## Prerequisites
 
-Mesh gateways can be used with any of the following Consul configrations for managing separate datacenters or partitions.
+Mesh gateways can be used with any of the following Consul configurations for managing separate datacenters or partitions.
 
 1. WAN Federation
   * [Mesh gateways can be used to route service-to-service traffic between datacenters](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters)
@@ -59,7 +59,7 @@ Depending on your network, the proxy's connection to the gateway can operate in
 
 * `none` - No gateway is used and a service mesh sidecar proxy makes its outbound connections directly
   to the destination services. This is the default for WAN federation. This setting is invalid for peered clusters
-  and will be treated as remote instead. 
+  and will be treated as remote instead.
 
 * `local` - The service mesh sidecar proxy makes an outbound connection to a gateway running in the
   same datacenter. That gateway is responsible for ensuring that the data is forwarded to gateways in the destination datacenter.
diff --git a/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx b/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx
index 3cf7eadc64bb..7fa47f215a1d 100644
--- a/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx
+++ b/website/content/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways.mdx
@@ -57,7 +57,7 @@ For Consul Enterprise clusters, mesh gateways must be registered in the "default
 <Tabs>
 <Tab heading="Consul OSS">
 
-In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings. 
+In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings.
 
 This access allows the mesh gateway to list all peerings in a Consul cluster and generate unique routing per peered datacenter.
 
@@ -79,7 +79,7 @@ peering = "read"
 
 <Tab heading="Consul Enterprise">
 
-In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings in all partitions. 
+In addition to the [ACL Configuration](/consul/docs/connect/cluster-peering/tech-specs#acl-specifications) necessary for service-to-service traffic, mesh gateways that route peering control plane traffic must be granted `peering:read` access to all peerings in all partitions.
 
 This access allows the mesh gateway to list all peerings in a Consul cluster and generate unique routing per peered partition.
 
@@ -108,7 +108,7 @@ partition_prefix "" {
 
 ### Modes
 
-Connect proxy configuration [Modes](/consul/docs/connect/gateways/mesh-gateway#connect-proxy-configuration#modes) are not applicable to peering control plane traffic. 
+Connect proxy configuration [Modes](/consul/docs/connect/gateways/mesh-gateway#connect-proxy-configuration#modes) are not applicable to peering control plane traffic.
 The flow of control plane traffic through the gateway is implied by the presence of a [Mesh config entry](/consul/docs/connect/config-entries/mesh#peer-through-mesh-gateways) with `PeerThroughMeshGateways = true`.
 
 <CodeTabs heading="Example: Enabling Peering Control Plane Traffic for Mesh Gateways">
@@ -122,12 +122,12 @@ Peering {
 
 ```yaml
 Kind: mesh
-Peeering:
+Peering:
   PeerThroughMeshGateways: true
 ```
 </CodeTabs>
 
-By setting this mesh config on a cluster before [creating a peering token](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering#create-a-peering-token), inbound control plane traffic will be sent through the mesh gateway registered this cluster, also known the accepting cluster. 
+By setting this mesh config on a cluster before [creating a peering token](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering#create-a-peering-token), inbound control plane traffic will be sent through the mesh gateway registered this cluster, also known the accepting cluster.
 As mesh gateway instances are registered at the accepting cluster, their addresses will be exposed to the dialing cluster over the bi-directional peering stream.
 
 Setting this mesh config on a cluster before [establishing a connection](/consul/docs/connect/cluster-peering/usage/establish-cluster-peering#establish-a-connection-between-clusters) will cause the outbound control plane traffic to flow through the mesh gateway.
diff --git a/website/content/docs/connect/intentions/create-manage-intentions.mdx b/website/content/docs/connect/intentions/create-manage-intentions.mdx
index ecd7987e8432..7f224ed6f929 100644
--- a/website/content/docs/connect/intentions/create-manage-intentions.mdx
+++ b/website/content/docs/connect/intentions/create-manage-intentions.mdx
@@ -7,7 +7,7 @@ description: >-
 
 # Create and manage intentions
 
-This topic describes how to create and manage service intentions, which are configurations for controlling access between services in the service mesh. 
+This topic describes how to create and manage service intentions, which are configurations for controlling access between services in the service mesh.
 
 ## Overview
 
@@ -15,14 +15,14 @@ You can create single intentions or create them in batches using the Consul API,
 
 ## Requirements
 
-- At least two services must be registered in the datacenter. 
+- At least two services must be registered in the datacenter.
 - TLS must be enabled to enforce L4 intentions. Refer to [Encryption](/consul/docs/security/encryption) for additional information.
 
 ### ACL requirements
 
-Consul grants permissions for creating and managing intentions based on the destination, not the source. When ACLs are enabled, services and operators must present a token linked to a policy that grants read and write permissions to the destination service. 
+Consul grants permissions for creating and managing intentions based on the destination, not the source. When ACLs are enabled, services and operators must present a token linked to a policy that grants read and write permissions to the destination service.
 
-Consul implicitly grants `intentions:read` permissions to destination services when they are configured with `service:read` or `service:write` permissions. This is so that the services can allow or deny inbound connections when they attempt to join the service mesh. Refer to [Service rules](/consul/docs/security/acl/acl-rules#service-rules) for additional information about configuring ALCs for intentions. 
+Consul implicitly grants `intentions:read` permissions to destination services when they are configured with `service:read` or `service:write` permissions. This is so that the services can allow or deny inbound connections when they attempt to join the service mesh. Refer to [Service rules](/consul/docs/security/acl/acl-rules#service-rules) for additional information about configuring ACLs for intentions.
 
 The default ACL policy configuration determines the default behavior for intentions. If the policy is set to `deny`, then all connections or requests are denied and you must enable them explicitly. Refer to [`default_policy`](/consul/docs/agent/config/config-files#acl_default_policy) for details.
 
@@ -38,19 +38,19 @@ Send a `PUT` request to the `/connect/intentions/exact` HTTP API endpoint and sp
 - `destination`: Service responding to the request
 - `ns`: Namespace of the destination service <EnterpriseAlert inline/>
 
-For L4 intentions, you must also specify the intention action in the request payload. 
+For L4 intentions, you must also specify the intention action in the request payload.
 
-The following example creates an intention that allows `web` to send request to `db`: 
+The following example creates an intention that allows `web` to send request to `db`:
 
 ```shell-session
-$ curl --request PUT \ 
+$ curl --request PUT \
 --data ' { "Action": "allow" } ' \
-http://localhost:8500/v1/connect/intentions/exact\?source\=web\&destination\=db 
+http://localhost:8500/v1/connect/intentions/exact\?source\=web\&destination\=db
 ```
 
 Refer to the `/connect/intentions/exact` [HTTP API endpoint documentation](/consul/api-docs/connect/intentions) for additional information request payload parameters.
 
-For L7 intentions, specify the `Permissions` in the request payload to configure attributes for dynamically enforcing intentions. In the following example payload, Consul allows HTTP GET requests if the request body is empty:   
+For L7 intentions, specify the `Permissions` in the request payload to configure attributes for dynamically enforcing intentions. In the following example payload, Consul allows HTTP GET requests if the request body is empty:
 
 <CodeBlockConfig heading="payload.json">
 
@@ -76,18 +76,18 @@ For L7 intentions, specify the `Permissions` in the request payload to configure
 
 </CodeBlockConfig>
 
-The `Permissions` object specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action. Refer to the [`Sources[].Permissions[]` parameter](/consul/docs/connect/config-entries/service-intentions#sources-permissions) in the service intentions configuration entry reference for configuration details.   
+The `Permissions` object specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action. Refer to the [`Sources[].Permissions[]` parameter](/consul/docs/connect/config-entries/service-intentions#sources-permissions) in the service intentions configuration entry reference for configuration details.
 
 To apply the intention, call the endpoint and pass the configuration file containing the attributes to the endpoint:
 
 ```shell-session
-$ curl --request PUT \ 
+$ curl --request PUT \
 --data @payload.json \
-http://localhost:8500/v1/connect/intentions/exact\?source\=svc1\&destination\=sv2 
+http://localhost:8500/v1/connect/intentions/exact\?source\=svc1\&destination\=sv2
 ```
 ### CLI
 
-Use the `consul intention create` command according to the following syntax to create a new intention: 
+Use the `consul intention create` command according to the following syntax to create a new intention:
 
 ```shell-session
 $ consul intention create -<action> <source> <destination>
@@ -99,7 +99,7 @@ The following example creates an intention that allows `web` service instances t
 $ consul intention create -allow web db
 ```
 
-You can use the asterisk (`*`) wildcard to specify multiple destination services. Refer to [Precedence and match order](/consul/docs/connect/intentions/create-manage-intentions#precedence-and-match-order) for additional information.  
+You can use the asterisk (`*`) wildcard to specify multiple destination services. Refer to [Precedence and match order](/consul/docs/connect/intentions/create-manage-intentions#precedence-and-match-order) for additional information.
 
 ### Consul UI
 
@@ -111,7 +111,7 @@ You can use the asterisk (`*`) wildcard to specify multiple destination services
     1. **Allow**: Allows the source service to send requests to the destination.
     1. **Deny**: Prevents the source service from sending requests to the destination.
     1. **Application Aware**: Enables you to specify L7 criteria for dynamically enforcing intentions. Refer to [Configure application aware settings](#configure-application-aware-settings) for additional information.
-1. Click **Save**. 
+1. Click **Save**.
 
 Repeat the procedure as necessary to create additional intentions.
 
@@ -128,7 +128,7 @@ Repeat the procedure as necessary to create additional permissions.
 
 ## Create multiple intentions
 
-You can create a service intentions configuration entry to specify default intentions for your service mesh. You can specify default settings for L4 or L7 application-aware traffic. 
+You can create a service intentions configuration entry to specify default intentions for your service mesh. You can specify default settings for L4 or L7 application-aware traffic.
 
 ### Define a service intention configuration entry
 
@@ -136,7 +136,7 @@ Configure the following fields:
 
 <Tabs>
 
-<Tab heading="HCL" group="hcl"> 
+<Tab heading="HCL" group="hcl">
 
 - [`Kind`](/consul/docs/connect/config-entries/service-intentions#kind): Declares the type of configuration entry. Must be set to `service-intentions`.
 - [`Name`](/consul/docs/connect/config-entries/service-intentions#kind): Specifies the name of the destination service for intentions defined in the configuration entry. You can use a wildcard character (*) to set L4 intentions for all services that are not protected by specific intentions. Wildcards are not supported for L7 intentions.
@@ -147,7 +147,7 @@ Configure the following fields:
 
 <Tab heading="YAML" group="yaml">
 
-- [`apiVersion`](/consul/docs/connect/config-entries/service-intentions#apiversion): Specifies the Consul API version. Must be set to `consul.hashicorp.com/v1alpha1`. 
+- [`apiVersion`](/consul/docs/connect/config-entries/service-intentions#apiversion): Specifies the Consul API version. Must be set to `consul.hashicorp.com/v1alpha1`.
 - [`kind`](/consul/docs/connect/config-entries/service-intentions#kind): Declares the type of configuration entry. Must be set to `ServiceIntentions`.
 - [`spec.destination.name`](/consul/docs/connect/config-entries/service-intentions#spec-destination-name): Specifies the name of the destination service for intentions defined in the configuration entry. You can use a wildcard character (*) to set L4 intentions for all services that are not protected by specific intentions. Wildcards are not supported for L7 intentions.
 - [`spec.sources`](/consul/docs/connect/config-entries/service-intentions#spec-sources): Specifies an unordered list of all intention sources and the authorizations granted to those sources. Consul stores and evaluates the list in reverse order sorted by intention precedence.
@@ -159,20 +159,20 @@ Configure the following fields:
 
 Refer to the [service intentions configuration entry](/consul/docs/connect/config-entries/service-intentions) reference documentation for details about all configuration options.
 
-Refer to the [example service intentions configurations](/consul/docs/connect/config-entries/service-intentions#examples) for additional guidance.  
+Refer to the [example service intentions configurations](/consul/docs/connect/config-entries/service-intentions#examples) for additional guidance.
 
 #### Interaction with other configuration entries
 
 L7 intentions defined in a configuration entry are restricted to destination services
 configured with an HTTP-based protocol as defined in a corresponding
-[service defaults configuration entry](/consul/docs/connect/config-entries/service-defaults) 
+[service defaults configuration entry](/consul/docs/connect/config-entries/service-defaults)
 or globally in a [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults).
 
 ### Apply the service intentions configuration entry
 
-You can apply the configuration entry using the [`consul config` command](/consul/commands/config) or by calling the [`/config` API endpoint](/consul/api-docs/config). In Kubernetes environments, apply the `ServiceIntentions` custom resource definitions (CRD) to implement and manage Consul configuration entries.  
+You can apply the configuration entry using the [`consul config` command](/consul/commands/config) or by calling the [`/config` API endpoint](/consul/api-docs/config). In Kubernetes environments, apply the `ServiceIntentions` custom resource definitions (CRD) to implement and manage Consul configuration entries.
 
-Refer to the following topics for details about applying configuration entries: 
+Refer to the following topics for details about applying configuration entries:
 
-- [How to Use Configuration Entries](/consul/docs/agent/config-entries) 
-- [Custom Resource Definitions for Consul on Kubernetes](/consul/docs/k8s/crds)
\ No newline at end of file
+- [How to Use Configuration Entries](/consul/docs/agent/config-entries)
+- [Custom Resource Definitions for Consul on Kubernetes](/consul/docs/k8s/crds)
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
index 56d910f3ee5d..41506025fddf 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
@@ -1,10 +1,10 @@
 ---
 layout: docs
-page_title: WebAssembly extension configuration reference 
+page_title: WebAssembly extension configuration reference
 description: Learn how to configure the wasm Envoy extension, which is a builtin Consul extension that allows you to run WebAssembly plugins in Envoy proxies.
 ---
 
-# WebAssembly extension configuration reference 
+# WebAssembly extension configuration reference
 
 This topic describes how to configure the `wasm` extension, which directs Consul to run WebAssembly (Wasm) plugins in Envoy proxies. Refer to [Run WebAssembly plug-ins in Envoy proxy](/consul/docs/connect/proxies/envoy-extensions/usage/wasm) for usage information.
 
@@ -16,15 +16,15 @@ The following list outlines the field hierarchy, data types, and requirements fo
 - [`EnvoyExtensions` in service defaults](/consul/docs/connect/config-entries/service-defaults#envoyextensions)
 
 Click on a property name to view additional details, including default values.
-  
-- [`Protocol`](#protocol): string 
+
+- [`Protocol`](#protocol): string
 - [`ListenerType`](#listenertype): string | required
 - [`ProxyType`](#proxytype): string | `connect-proxy`
 - [`PluginConfig`](#pluginconfig): map | required
    - [`Name`](#pluginconfig-name): string
    - [`RootID`](#pluginconfig-rootid): string | required
    - [`VmConfig`](#pluginconfig-vmconfig): map
-      - [`VmID`](#pluginconfig-vmconfig-vmid): string 
+      - [`VmID`](#pluginconfig-vmconfig-vmid): string
       - [`Runtime`](#pluginconfig-vmconfig): string | `v8`
       - [`Code`](#pluginconfig-vmconfig-code): map
          - [`Local`](#pluginconfig-vmconfig-code-local): map
@@ -56,7 +56,7 @@ Click on a property name to view additional details, including default values.
 When all parameters are set for the extension, the configuration has the following form:
 
 ```hcl
-Protocol = "<tcp or http>" 
+Protocol = "<tcp or http>"
 ListenerType = "<inbound or outbound>"
 ProxyType = "connect-proxy"
 PluginConfig = {
@@ -73,7 +73,7 @@ PluginConfig = {
             HttpURI =  {
                Service = {
                   Name = "<name of the upstream service>"
-                  Namespace = "<Consul namespace containing the usptream service>"
+                  Namespace = "<Consul namespace containing the upstream service>"
                   Partition = "<Consul partition containing the upstream service>"
                }
                URI = "<URI of the plugin data>"
@@ -82,19 +82,19 @@ PluginConfig = {
             RetryPolicy = {
                   RetryBackOff = {
                      BaseInterval = "1s"
-                     MaxInterval = "10s" 
+                     MaxInterval = "10s"
                   }
                   NumRetries = -1
                }
             }
       Configuration = "<configuration passed to plugin on VM startup>"
       EnvironmentVariables = {
-         HostEnvKeys = [ 
-            <"keys"> 
+         HostEnvKeys = [
+            <"keys">
          ]
          KeyValues = {
-            [ 
-               <"key = value"> 
+            [
+               <"key = value">
             ]
          }
       }
@@ -128,7 +128,7 @@ Specifies the type of Wasm filter to apply. You can set either `tcp` or `http`.
 
 ### `ListenerType`
 
-Specifies the type of listener the extension applies to. The listener type is either `inbound` or `outbound`. If the listener type is set to `inbound`, Consul applies the extension so the Wasm plugin is run when other services in the mesh send messages to the service attached to the proxy. If the listener type is set to `outbound`, Consul applies the extension so the Wasm plugin is run when the attached proxy sends messages to other services in the mesh. 
+Specifies the type of listener the extension applies to. The listener type is either `inbound` or `outbound`. If the listener type is set to `inbound`, Consul applies the extension so the Wasm plugin is run when other services in the mesh send messages to the service attached to the proxy. If the listener type is set to `outbound`, Consul applies the extension so the Wasm plugin is run when the attached proxy sends messages to other services in the mesh.
 
 #### Values
 
@@ -146,7 +146,7 @@ Specifies the type of Envoy proxy that the extension applies to. The only suppor
 
 - Default: `connect-proxy`
 - This field is required.
-- Data type: String 
+- Data type: String
 
 ### `PluginConfig{}`
 
@@ -208,7 +208,7 @@ Specifies an ID that Envoy uses with a hash of the Wasm code to determine which
 
 ### `PluginConfig{}.VmConfig{}.Runtime`
 
-Specifies the type of Wasm runtime. 
+Specifies the type of Wasm runtime.
 #### Values
 
 - Default: `v8`
@@ -225,7 +225,7 @@ Map containing one of the following configuration parameters:
 - [`Local`](#pluginconfig-vmconfig-code-local)
 - [`Remote`](#pluginconfig-vmconfig-code-local)
 
-You can configure either `Local` or `Remote`, but not both. The `Code` block instructs Consul how to find the Wasm plugin code for Envoy to execute. 
+You can configure either `Local` or `Remote`, but not both. The `Code` block instructs Consul how to find the Wasm plugin code for Envoy to execute.
 
 #### Values
 
@@ -237,9 +237,9 @@ You can configure either `Local` or `Remote`, but not both. The `Code` block ins
 
 ### `PluginConfig{}.VmConfig{}.Code{}.Local{}`
 
-Instructs Envoy to load the plugin code from a local volume. Do not configure the `Local` parameter if the plugin code is on a remote server. 
+Instructs Envoy to load the plugin code from a local volume. Do not configure the `Local` parameter if the plugin code is on a remote server.
 
-The `Local` field is a map that contains a `Filename` parameter. The `Filename` parameter takes a string value that specifies the path to the plugin on the local file system. 
+The `Local` field is a map that contains a `Filename` parameter. The `Filename` parameter takes a string value that specifies the path to the plugin on the local file system.
 
 Local plug-ins are not supported in Kubernetes-orchestrated environments.
 
@@ -250,7 +250,7 @@ Local plug-ins are not supported in Kubernetes-orchestrated environments.
 
 ### `PluginConfig{}.VmConfig{}.Code{}.Remote{}`
 
-Instructs Envoy to load the plugin code from a remote server. Do not configure the `Remote` parameter if the plugin code is on the local VM. 
+Instructs Envoy to load the plugin code from a remote server. Do not configure the `Remote` parameter if the plugin code is on the local VM.
 
 The `Remote` field is a map containing the following parameters:
 
@@ -278,7 +278,7 @@ Specifies the configuration for fetching the remote data. The `HttpURI` field is
 
 ### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.HttpURI{}.Service`
 
-Specifies the upstream service to fetch the remote plugin from. 
+Specifies the upstream service to fetch the remote plugin from.
 
 #### Values
 
@@ -295,17 +295,17 @@ The following table describes the fields you can specify in the `Service` map:
 
 ### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.HttpURI{}.URI`
 
-Specifies the URI Envoy uses to fetch the plugin file from the upstream. This field is required for Envoy to retrieve plugin code from a remote location. You must specify the fully-qualified domain name (FDQN) of the remote URI, which includes the protocol, host, and path.
+Specifies the URI Envoy uses to fetch the plugin file from the upstream. This field is required for Envoy to retrieve plugin code from a remote location. You must specify the fully-qualified domain name (FQDN) of the remote URI, which includes the protocol, host, and path.
 
 #### Values
 
 - Default: None
 - This field is required.
-- Data type: String value that specifies a FDQN
+- Data type: String value that specifies a FQDN
 
 ### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.HttpURI{}.Timeout`
 
-Specifies the maximum duration that a response can take to complete the request for the plugin data. 
+Specifies the maximum duration that a response can take to complete the request for the plugin data.
 
 #### Values
 
@@ -335,7 +335,7 @@ Defines a policy for retrying requests to the upstream service when fetching the
 - Data type: Map
 ### `PluginConfig{}.VmConfig{}.Code{}.Remote{}.RetryPolicy{}.RetryBackOff{}`
 
-Specifies parameters that control retry backoff strategy. 
+Specifies parameters that control retry backoff strategy.
 
 #### Values
 
@@ -370,9 +370,9 @@ Specifies the configuration Envoy encodes as bytes and passes to the plugin duri
 
 ### `PluginConfig{}.VmConfig{}.EnvironmentVariables{}`
 
-Specifies environment variables for Enovy to inject into this VM so that they are available through WASI's `environ_get` and `environ_get_sizes` system calls. 
+Specifies environment variables for Envoy to inject into this VM so that they are available through WASI's `environ_get` and `environ_get_sizes` system calls.
 
-In most cases, WASI calls the functions implicitly in your language's standard library. As a result, you do not need to call them directly. You can also access environment variables as you would on native platforms. 
+In most cases, WASI calls the functions implicitly in your language's standard library. As a result, you do not need to call them directly. You can also access environment variables as you would on native platforms.
 
 Envoy rejects the configuration if there is a key space conflict.
 
@@ -401,16 +401,16 @@ Specifies the configuration Consul encodes as bytes and passes to the plugin dur
 
 ### `PluginConfig{}.CapabilityRestrictionConfiguration{}`
 
-Specifies a configuration for restricting the proxy-Wasm capabilities that are available to the module. 
+Specifies a configuration for restricting the proxy-Wasm capabilities that are available to the module.
 
 The `CapabilityRestrictionConfiguration` field is a map that contains a `AllowedCapabilities` parameter. The `AllowedCapabilities` parameter takes a map of string values that correspond to Envoy capability names. Refer to the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/wasm/v3/wasm.proto#extensions-wasm-v3-capabilityrestrictionconfig) for additional information.
 
-!> **Security warning**: Consul ignores the value that each capability maps to. You can leave the `AllowedCapabilities` empty to allow all capabilities, but doing so gives the configured plugin full unrestricted access to the runtime API provided by the Wasm VM. You must set this to a non-empty map if you want to restrict access to specific capabilities provided by the Wasm runtime API.  
+!> **Security warning**: Consul ignores the value that each capability maps to. You can leave the `AllowedCapabilities` empty to allow all capabilities, but doing so gives the configured plugin full unrestricted access to the runtime API provided by the Wasm VM. You must set this to a non-empty map if you want to restrict access to specific capabilities provided by the Wasm runtime API.
 
 #### Values
 
 - Default: `""`
-- Data type is a map containing the `AllowedCapabilities` parameter. The `AllowedCapabilities` parameter takes a map of string values that correspond to Envoy capability names. Refer to the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/wasm/v3/wasm.proto#extensions-wasm-v3-capabilityrestrictionconfig) for additional information. 
+- Data type is a map containing the `AllowedCapabilities` parameter. The `AllowedCapabilities` parameter takes a map of string values that correspond to Envoy capability names. Refer to the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/wasm/v3/wasm.proto#extensions-wasm-v3-capabilityrestrictionconfig) for additional information.
 
 ## Examples
 
@@ -453,7 +453,7 @@ EOF
 
 ### Run a Wasm plugin from a remote file
 
-In the following example, Consul configures the Envoy proxy for all HTTP services with an HTTP Wasm filter. The filter uses the plugin code from a remote `https://extension-server/waf.wasm` file. The Envoy proxy for each service fetches the remote file and verify the SHA256 checksum. The proxy times if Consul cannot fetch the remote plugin after three seconds. 
+In the following example, Consul configures the Envoy proxy for all HTTP services with an HTTP Wasm filter. The filter uses the plugin code from a remote `https://extension-server/waf.wasm` file. The Envoy proxy for each service fetches the remote file and verify the SHA256 checksum. The proxy times if Consul cannot fetch the remote plugin after three seconds.
 
 ```hcl
 Kind   = "proxy-defaults"
diff --git a/website/content/docs/connect/proxies/envoy-extensions/index.mdx b/website/content/docs/connect/proxies/envoy-extensions/index.mdx
index d79d78b50e67..8cea47b0ec6a 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/index.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/index.mdx
@@ -2,7 +2,7 @@
 layout: docs
 page_title: Envoy Extensions
 description: >-
-  Learn how Envoy extensions enables you to add support for additional Envoy features without modifying the Consul codebase. 
+  Learn how Envoy extensions enables you to add support for additional Envoy features without modifying the Consul codebase.
 ---
 
 # Envoy extensions overview
@@ -24,7 +24,7 @@ Envoy extensions enable additional service mesh functionality in Consul by chang
 - Lua
 - Lambda
 - Property override
-- WebAssembly (Wasm) 
+- WebAssembly (Wasm)
 
 ### External authorization
 
@@ -44,4 +44,4 @@ The `property-override` extension lets you set and unset individual properties o
 
 ### WebAssembly
 
-The `wasm` extension enables you to configure TCP and HTTP filters that invoke custom WebAssembly (Wasm) plugins. Refer to the [WebAssembly extenstion documentation](/consul/docs/connect/proxies/envoy-extensions/usage/wasm) for more information.
+The `wasm` extension enables you to configure TCP and HTTP filters that invoke custom WebAssembly (Wasm) plugins. Refer to the [WebAssembly extension documentation](/consul/docs/connect/proxies/envoy-extensions/usage/wasm) for more information.
diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx
index 51ff61d8a2c9..7c87842c1de9 100644
--- a/website/content/docs/connect/proxies/envoy.mdx
+++ b/website/content/docs/connect/proxies/envoy.mdx
@@ -45,9 +45,9 @@ Consul supports **four major Envoy releases** at the beginning of each major Con
 
 ### Envoy and Consul Dataplane
 
-The Consul dataplane component was introduced in Consul v1.14 as a way to manage Envoy proxies without the use of Consul clients. Each new minor version of Consul is released with a new minor version of Consul dataplane, which packages both Envoy and the `consul-dataplane` binary in a single container image. For backwards compatability reasons, each new minor version of Consul will also support the previous minor version of Consul dataplane to allow for seamless upgrades. In addition, each minor version of Consul will support the next minor version of Consul dataplane to allow for extended dataplane support via newer versions of Envoy.
+The Consul dataplane component was introduced in Consul v1.14 as a way to manage Envoy proxies without the use of Consul clients. Each new minor version of Consul is released with a new minor version of Consul dataplane, which packages both Envoy and the `consul-dataplane` binary in a single container image. For backwards compatibility reasons, each new minor version of Consul will also support the previous minor version of Consul dataplane to allow for seamless upgrades. In addition, each minor version of Consul will support the next minor version of Consul dataplane to allow for extended dataplane support via newer versions of Envoy.
 
-| Consul Version      | Default `consul-dataplane` Version                          | Other compatible `consul-dataplane` Versions | 
+| Consul Version      | Default `consul-dataplane` Version                          | Other compatible `consul-dataplane` Versions |
 | ------------------- | ------------------------------------------------------------|----------------------------------------------|
 | 1.16.x              | 1.2.x (Envoy 1.26.x)                                        | 1.1.x (Envoy 1.25.x)                         |
 | 1.15.x              | 1.1.x (Envoy 1.25.x)                                        | 1.2.x (Envoy 1.26.x), 1.0.x (Envoy 1.24.x)   |
@@ -194,7 +194,7 @@ the [`sidecar_service`](/consul/docs/connect/registration/sidecar-service) block
 - `envoy_telemetry_collector_bind_socket_dir` - Specifies the directory where Envoy creates a Unix socket.
   Envoy sends metrics to the socket where a Consul telemetry collector can collect them.
   The socket is not configured by default.
-  
+
 The [Advanced Configuration](#advanced-configuration) section describes additional configurations that allow incremental or complete control over the bootstrap configuration generated.
 
 ### Bootstrap Envoy on Windows VMs
@@ -204,7 +204,7 @@ The [Advanced Configuration](#advanced-configuration) section describes addition
 If you are running Consul on a Windows VM, attempting to bootstrap Envoy with the `consul connect envoy` command returns the following output:
 
 ```shell-session hideClipboard
-Directly running Envoy is only supported on linux and macOS since envoy itself doesn't build on other plataforms currently.
+Directly running Envoy is only supported on linux and macOS since envoy itself doesn't build on other platforms currently.
 Use the -bootstrap option to generate the JSON to use when running envoy on a supported OS or via a container or VM.
 ```
 
@@ -420,10 +420,10 @@ definition](/consul/docs/connect/registration/service-registration) or
   - `max_ejection_percent` - The maximum percentage of hosts that can be ejected
     from a upstream cluster due to passive health check failures. If not specified,
     inherits Envoy's default of 10% or at least one host.
-  - `base_ejection_time` - The base time that a host is ejected for. The real 
-     time is equal to the base time multiplied by the number of times the host has 
-     been ejected and is capped by max_ejection_time (Default 300s). If not 
-     speficied, inherits Envoy's default value of 30s.
+  - `base_ejection_time` - The base time that a host is ejected for. The real
+     time is equal to the base time multiplied by the number of times the host has
+     been ejected and is capped by max_ejection_time (Default 300s). If not
+     specified, inherits Envoy's default value of 30s.
 
 - `balance_outbound_connections` - Specifies the strategy for balancing outbound connections
   across Envoy worker threads. Consul service mesh Envoy integration supports the
diff --git a/website/content/docs/consul-vs-other/service-mesh-compare.mdx b/website/content/docs/consul-vs-other/service-mesh-compare.mdx
index 419f5679bae1..1164336781ae 100644
--- a/website/content/docs/consul-vs-other/service-mesh-compare.mdx
+++ b/website/content/docs/consul-vs-other/service-mesh-compare.mdx
@@ -2,14 +2,14 @@
 layout: docs
 page_title: Consul compared to other service meshes
 description: >-
-  Consul's service mesh provides zero trust networking based on service identities to authorize, authenticate, and encrypt network services. Consul's service mesh can also provide advanced traffic management capabilties. Although there are many similar capabilities between Consul and other providers like Istio, Solo, Linkerd, Kong, Tetrate, and AWS App Mesh, we highlight the main differentiating factors for help customers compare. 
+  Consul's service mesh provides zero trust networking based on service identities to authorize, authenticate, and encrypt network services. Consul's service mesh can also provide advanced traffic management capabilities. Although there are many similar capabilities between Consul and other providers like Istio, Solo, Linkerd, Kong, Tetrate, and AWS App Mesh, we highlight the main differentiating factors for help customers compare.
 ---
 
 # Consul compared to other service mesh software
 
 **Examples**: Istio, Solo Gloo Mesh, Linkerd, Kong/Kuma, AWS App Mesh
 
-Consul’s service mesh allows organizations to securely connect and manage their network services across multiple different environments. Using Envoy as the sidecar proxy attached to every service, Consul ensures that all service-to-service communication is authorized, authenticated, and encrypted. Consul includes traffic management capabilities like load balancing and traffic splitting, which help developers perform canary testing, A/B tests, and blue/green deployments. Consul also includes health check and observability features. 
+Consul’s service mesh allows organizations to securely connect and manage their network services across multiple different environments. Using Envoy as the sidecar proxy attached to every service, Consul ensures that all service-to-service communication is authorized, authenticated, and encrypted. Consul includes traffic management capabilities like load balancing and traffic splitting, which help developers perform canary testing, A/B tests, and blue/green deployments. Consul also includes health check and observability features.
 
 Consul is platform agnostic — it supports any runtime (Kubernetes, EKS, AKS, GKE, VMs, ECS, Lambda, Nomad) and any cloud provider (AWS, Microsoft Azure, GCP, private clouds). This makes it one of the most flexible service discovery and service mesh platforms. While other service mesh software provides support for multiple runtimes for the data plane, they require you to run the control plane solely on Kubernetes. With Consul, you can run both the control plane and data plane in different runtimes.
 
diff --git a/website/content/docs/ecs/compatibility.mdx b/website/content/docs/ecs/compatibility.mdx
index 8fc0fd0808cd..c243a95878c7 100644
--- a/website/content/docs/ecs/compatibility.mdx
+++ b/website/content/docs/ecs/compatibility.mdx
@@ -1,11 +1,11 @@
 ---
 layout: docs
-page_title: Consul on AWS Elastic Container Service (ECS) Compatability Matrix
+page_title: Consul on AWS Elastic Container Service (ECS) Compatibility Matrix
 description: >-
   The binary for Consul on Amazon Web Services ECS and the Terraform modules for automating deployments are tightly coupled and have specific version requirements. Review compatibility information for versions of Consul and `consul-ecs` to help you choose compatible versions.
 ---
 
-# Consul on AWS Elastic Container Service (ECS) compatability matrix
+# Consul on AWS Elastic Container Service (ECS) compatibility matrix
 
 For every release of Consul on ECS, the `consul-ecs` binary and `consul-ecs` Terraform module are updated. The versions of the Terraform module and binary are tightly coupled. For example, `consul-ecs` 0.5.2 binary must use the `consul-ecs` 0.5.2 Terraform module.
 
diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx
index 7d47d160f375..bf97af5b3ccf 100644
--- a/website/content/docs/enterprise/index.mdx
+++ b/website/content/docs/enterprise/index.mdx
@@ -2,7 +2,7 @@
 layout: docs
 page_title: Consul Enterprise
 description: >-
-  Consul Enterprise is a paid offering that extends Consul’s open source functions to support large and complex deployments. Learn about scaling infrastructure, simplifying operations, and making networks more resilient with Enterprise. Evaluate Enteprise features with the feature availability and compatibility matrix.
+  Consul Enterprise is a paid offering that extends Consul’s open source functions to support large and complex deployments. Learn about scaling infrastructure, simplifying operations, and making networks more resilient with Enterprise. Evaluate Enterprise features with the feature availability and compatibility matrix.
 ---
 
 # Consul Enterprise
@@ -45,7 +45,7 @@ The following features are [available in several forms of Consul Enterprise](#co
 ### Governance
 
 - [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc): Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly
-- [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API 
+- [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API
 
 ### Regulatory compliance
 
diff --git a/website/content/docs/enterprise/license/utilization-reporting.mdx b/website/content/docs/enterprise/license/utilization-reporting.mdx
index 444b5733cee0..051f29901c10 100644
--- a/website/content/docs/enterprise/license/utilization-reporting.mdx
+++ b/website/content/docs/enterprise/license/utilization-reporting.mdx
@@ -29,7 +29,7 @@ Download a supported release from the [Consul Versions](https://releases.hashico
 
 ## Enable automated reporting
 
-Before you enable automated reporting, make sure that outbound network traffic is configured correctly and upgrade your enterprise product to a version that supports it. If your installation is air-gapped or network settings are not in place, automated reporting will not work. 
+Before you enable automated reporting, make sure that outbound network traffic is configured correctly and upgrade your enterprise product to a version that supports it. If your installation is air-gapped or network settings are not in place, automated reporting will not work.
 
 To enable automated reporting, complete the following steps:
 
@@ -38,7 +38,7 @@ To enable automated reporting, complete the following steps:
 
 ### Allow outbound HTTPS traffic on port 443
 
-Make sure that your network allows HTTPS egress on port 443 from `https://reporting.hashicorp.services` by adding the following IP adddresses to your allow-list:
+Make sure that your network allows HTTPS egress on port 443 from `https://reporting.hashicorp.services` by adding the following IP addresses to your allow-list:
 
 - `100.20.70.12`
 - `35.166.5.222`
@@ -67,7 +67,7 @@ Automatic license utilization reporting starts sending data within roughly 24 ho
 
 </CodeBlockConfig>
 
-If your installation is air-gapped or your network does not allow the correct egress, the logs show an error. 
+If your installation is air-gapped or your network does not allow the correct egress, the logs show an error.
 
 <CodeBlockConfig hideClipboard>
 
@@ -84,17 +84,17 @@ If your installation is air-gapped or your network does not allow the correct eg
 
 </CodeBlockConfig>
 
-In this case, reconfigure your network to allow egress and check the logs again in roughly 24 hours to confirm that automated reporting works correctly. 
+In this case, reconfigure your network to allow egress and check the logs again in roughly 24 hours to confirm that automated reporting works correctly.
 
 ## Opt out
 
-If your installation is air-gapped or you want to manually collect and report on the same license utilization metrics, you can opt out of automated reporting. 
+If your installation is air-gapped or you want to manually collect and report on the same license utilization metrics, you can opt out of automated reporting.
 
-Manually reporting these metrics can be time consuming. Opting out of automated reporting does not mean that you also opt out from sending license utilization metrics. Customers who opt out of automated reporting are still required to manually collect and send license utilization metrics to HashiCorp. 
+Manually reporting these metrics can be time consuming. Opting out of automated reporting does not mean that you also opt out from sending license utilization metrics. Customers who opt out of automated reporting are still required to manually collect and send license utilization metrics to HashiCorp.
 
-If you are considering opting out because you are worried about the data, we strongly recommend that you review the [example payloads](#example-payloads) before opting out. If you have concerns with any of the automatically reported data, raise these concerns with your account manager. 
+If you are considering opting out because you are worried about the data, we strongly recommend that you review the [example payloads](#example-payloads) before opting out. If you have concerns with any of the automatically reported data, raise these concerns with your account manager.
 
-There are two methods for opting out of automated reporting: 
+There are two methods for opting out of automated reporting:
 
 - HCL configuration (recommended)
 - Environment variable (requires restart)
@@ -130,7 +130,7 @@ Check your product logs roughly 24 hours after opting out to make sure that the
 
 ## Example payloads
 
-HashiCorp collects the following utilization data as JSON payloads: 
+HashiCorp collects the following utilization data as JSON payloads:
 `exporter_version` - The version of the licensing exporter
 
 <CodeBlockConfig hideClipboard>
@@ -172,4 +172,4 @@ HashiCorp collects the following utilization data as JSON payloads:
 }
 ```
 
-</CodeBlockConfig>
\ No newline at end of file
+</CodeBlockConfig>
diff --git a/website/content/docs/enterprise/network-segments/create-network-segment.mdx b/website/content/docs/enterprise/network-segments/create-network-segment.mdx
index b7ef6b66b8ad..bc300f7708a6 100644
--- a/website/content/docs/enterprise/network-segments/create-network-segment.mdx
+++ b/website/content/docs/enterprise/network-segments/create-network-segment.mdx
@@ -7,16 +7,16 @@ description: >-
 
 # Create Network Segments
 
-This topic describes how to create Consul network segments so that services can connect to other services in the LAN gossip pool that have been placed into separate communication boundaries. Refer to [Network Segments Overview](/consul/docs/enterprise/network-segments/network-segments-overview) for additional information.  
+This topic describes how to create Consul network segments so that services can connect to other services in the LAN gossip pool that have been placed into separate communication boundaries. Refer to [Network Segments Overview](/consul/docs/enterprise/network-segments/network-segments-overview) for additional information.
 
 
 ## Requirements
 
-- Consul Enterprise 0.9.3+  
+- Consul Enterprise 0.9.3+
 
-## Define segments in the server configuration 
+## Define segments in the server configuration
 
-1. Add the `segments` block to your server configuration. Refer to the [`segments`](/consul/docs/agent/config/config-files#segments) documentation for details about how to define the configuration. 
+1. Add the `segments` block to your server configuration. Refer to the [`segments`](/consul/docs/agent/config/config-files#segments) documentation for details about how to define the configuration.
 
   In the following example, an `alpha` segment is configured to listen for traffic on port `8303` and a `beta` segment is configured to listen to traffic on port `8304`:
 
@@ -57,7 +57,7 @@ This topic describes how to create Consul network segments so that services can
    ]
    }
    ```
-  
+
   </CodeTabs>
 
 1. Start the server using the `consul agent` command. Copy the address for each segment listener so that you can [direct clients to join the segment](#configure-clients-to-join-segments) when you start them:
@@ -71,7 +71,7 @@ This topic describes how to create Consul network segments so that services can
   [INFO] consul: Started listener for LAN segment "beta" on 10.20.10.11:8304
   [INFO] serf: EventMemberJoin: server1 10.20.10.11
   ```
-1. Verfiy that the server is a member of all segments:
+1. Verify that the server is a member of all segments:
 
   ```shell-session
   $ consul members
@@ -118,7 +118,7 @@ server    192.168.4.159:8301    alive   server   1.14+ent  2         dc1  defaul
 client1   192.168.4.159:8447    alive   client   1.14+ent  2         dc1  default    alpha
 ```
 
-</CodeBlockConfig> 
+</CodeBlockConfig>
 
 You can also pass the name of a segment in the `-segment` flag to view agents in a specific segment. Note that server agents display their LAN listener port for the specified segment the segment filter applied. In the following example, the command returns port `8303` for alpha, rather than for the `<default>` segment port:
 
@@ -133,18 +133,18 @@ client1      10.20.10.21:8303   alive   client  1.14+ent  2         dc1  alpha
 
 </CodeBlockConfig>
 
-Refer to the [`members`](/consul/commands/members) documentation for additional information. 
+Refer to the [`members`](/consul/commands/members) documentation for additional information.
 
 </Tab>
 
 <Tab heading="API">
 
-Call the `/agent/members` API endpoint to view members that the agent sees in the cluster gossip pool. 
+Call the `/agent/members` API endpoint to view members that the agent sees in the cluster gossip pool.
 
 <CodeBlockConfig highlight="21">
 
 ```shell-session
-$ curl http://127.0.0.1:8500/v1/agent/members?segment=alpha 
+$ curl http://127.0.0.1:8500/v1/agent/members?segment=alpha
 
 {
    "Addr" : "192.168.4.163",
@@ -179,7 +179,7 @@ Refer to the [`/agent/members` API endpoint documentation](/consul/api-docs/agen
 </Tab>
 <Tab heading="UI">
 
-If the UI is enabled in your agent configuration, the segment name appears in the node’s Metadata tab. 
+If the UI is enabled in your agent configuration, the segment name appears in the node’s Metadata tab.
 
 1. Open the URL for the UI. By default, the UI is `localhost:8500`.
 1. Click **Node** in the sidebar and click on the name of the client agent you want to check.
@@ -191,4 +191,4 @@ If the UI is enabled in your agent configuration, the segment name appears in th
 
 ## Related resources
 
-You can also create and run a prepared query to query for additional information about the services registered to client nodes. Prepared queries are HTTP API endpoint features that enable you to run complex queries of Consul nodes. Refer [Prepared Query HTTP Endpoint](/consul/api-docs/query) for usage.
\ No newline at end of file
+You can also create and run a prepared query to query for additional information about the services registered to client nodes. Prepared queries are HTTP API endpoint features that enable you to run complex queries of Consul nodes. Refer [Prepared Query HTTP Endpoint](/consul/api-docs/query) for usage.
diff --git a/website/content/docs/k8s/connect/index.mdx b/website/content/docs/k8s/connect/index.mdx
index 57096a4a29a8..4b7def3609fd 100644
--- a/website/content/docs/k8s/connect/index.mdx
+++ b/website/content/docs/k8s/connect/index.mdx
@@ -13,11 +13,11 @@ Consul service mesh automates service-to-service authorization and encryption ac
 
 Consul service mesh is enabled by default when you install Consul on Kubernetes using the Consul Helm chart. Consul also automatically injects sidecars into the pods in your clusters that run Envoy. These sidecar proxies,  called Consul dataplanes, are enabled when `connectInject.default` is set to `false` in the Helm chart. Refer to the following documentation for additional information about these concepts:
 
-- [Installation and Configuration](#installation-and-configuration) in this topic 
+- [Installation and Configuration](#installation-and-configuration) in this topic
 - [Consul Helm chart reference](/consul/docs/k8s/helm)
 - [Simplified Service Mesh with Consul Dataplane](/consul/docs/connect/dataplane)
 
-If `connectInject.default` is set to `false` or you want to explicitly enable service mesh sidecar proxy injection for a specific deployment, add the `consul.hashicorp.com/connect-inject` annotation to the pod specification template and set it to `true` when connecting services to the mesh. 
+If `connectInject.default` is set to `false` or you want to explicitly enable service mesh sidecar proxy injection for a specific deployment, add the `consul.hashicorp.com/connect-inject` annotation to the pod specification template and set it to `true` when connecting services to the mesh.
 
 ### Service names
 
@@ -25,13 +25,13 @@ When the service is onboarded, the name registered in Consul is set to the name
 
 ### Transparent proxy mode
 
-By default, the Consul service mesh runs in transparent proxy mode. This mode forces inbound and outbound traffic through the sidecar proxy even though the service binds to all interfaces. Transparent proxy infers the location of upstream services using Consul service intentions, and also allows you to use Kubernetes DNS as you normally would for your workloads. 
+By default, the Consul service mesh runs in transparent proxy mode. This mode forces inbound and outbound traffic through the sidecar proxy even though the service binds to all interfaces. Transparent proxy infers the location of upstream services using Consul service intentions, and also allows you to use Kubernetes DNS as you normally would for your workloads.
 
 When transparent proxy mode is enabled, all service-to-service traffic is required to use mTLS. When onboarding new services to service mesh, your network may have mixed mTLS and non-mTLS traffic, which can result in broken service-to-service communication. You can temporarily enable permissive mTLS mode during the onboarding process so that existing mesh services can accept traffic from services that are not yet fully onboarded. Permissive mTLS enables sidecar proxies to access both mTLS and non-mTLS traffic. Refer to [Onboard mesh services in transparent proxy mode](/consul/docs/k8s/connect/onboarding-tproxy-mode) for additional information.
 
-### Kubernetes service mesh workload scenarios 
+### Kubernetes service mesh workload scenarios
 
--> **Note:** A Kubernetes Service is required in order to register services on the Consul service mesh. Consul monitors the lifecyle of the Kubernetes Service and its service instances using the service object. In addition, the Kubernetes service is used to register and de-register the service from Consul's catalog. 
+-> **Note:** A Kubernetes Service is required in order to register services on the Consul service mesh. Consul monitors the lifecycle of the Kubernetes Service and its service instances using the service object. In addition, the Kubernetes service is used to register and de-register the service from Consul's catalog.
 
 The following configurations are examples for registering workloads on Kubernetes into Consul's service mesh in different scenarios. Each scenario provides an example Kubernetes manifest to demonstrate how to use Consul's service mesh with a specific Kubernetes workload type.
 
@@ -42,7 +42,7 @@ The following configurations are examples for registering workloads on Kubernete
 
 #### Kubernetes Pods running as a deployment
 
-The following example shows a Kubernetes configuration that specifically enables service mesh connections for the `static-server` service. Consul starts and registers a sidecar proxy that listens on port 20000 by default and proxies valid inbound connections to port 8080. 
+The following example shows a Kubernetes configuration that specifically enables service mesh connections for the `static-server` service. Consul starts and registers a sidecar proxy that listens on port 20000 by default and proxies valid inbound connections to port 8080.
 
 <CodeBlockConfig filename="static-server.yaml">
 
@@ -192,7 +192,7 @@ command terminated with exit code 52
 
 Kubernetes Jobs run pods that only make outbound requests to services on the mesh and successfully terminate when they are complete. In order to register a Kubernetes Job with the mesh, you must provide an integer value for the `consul.hashicorp.com/sidecar-proxy-lifecycle-shutdown-grace-period-seconds` annotation. Then, issue a request to the `http://127.0.0.1:20600/graceful_shutdown` API endpoint so that Kubernetes gracefully shuts down the `consul-dataplane` sidecar after the job is complete.
 
-Below is an example Kubernetes manifest that deploys a job correctly. 
+Below is an example Kubernetes manifest that deploys a job correctly.
 
 <CodeBlockConfig filename="test-job.yaml">
 
@@ -243,7 +243,7 @@ spec:
             echo "Started test job"
             sleep 10
             echo "Killing proxy"
-            curl --max-time 2 -s -f -XPOST http://127.0.0.1:20600/graceful_shutdown
+            curl --max-time 2 -s -f -X POST http://127.0.0.1:20600/graceful_shutdown
             sleep 10
             echo "Ended test job"
       serviceAccountName: test-job
@@ -255,18 +255,18 @@ spec:
 Upon completing the job you should be able to verify that all containers are shut down within the pod.
 
 ```shell-session
-$ kubectl get pods  
+$ kubectl get pods
 NAME             READY   STATUS      RESTARTS   AGE
 test-job-49st7   0/2     Completed   0          3m55s
 ```
 
-```shell-session 
+```shell-session
 $ kubectl get job
 NAME       COMPLETIONS   DURATION   AGE
 test-job   1/1           30s        4m31s
 ```
 
-In addition, based on the logs emitted by the pod you can verify that the proxy was shut down before the Job completed. 
+In addition, based on the logs emitted by the pod you can verify that the proxy was shut down before the Job completed.
 
 ```shell-session
 $ kubectl logs test-job-49st7 -c test-job
@@ -382,7 +382,7 @@ The service account on the pod spec for the deployment should be set to the firs
 serviceAccountName: web
 ```
 
-The following deployment example demonstrates the required annotations for the manifest. In addition, the previous YAML manifests can also be combined into a single manifest for easier deployment. 
+The following deployment example demonstrates the required annotations for the manifest. In addition, the previous YAML manifests can also be combined into a single manifest for easier deployment.
 
 <CodeBlockConfig filename="multiport-web.yaml">
 
diff --git a/website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx b/website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx
index d7e37333abb4..041b73033fc3 100644
--- a/website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx
+++ b/website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx
@@ -476,7 +476,7 @@ Repeat the following steps for each datacenter in the cluster:
       acls:
         manageSystemACLs: true
         createReplicationToken: true
-        boostrapToken:
+        bootstrapToken:
           secretName: consul/data/secret/bootstrap
           secretKey: token
         replicationToken:
diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx
index 011133251ad9..34bda9400cf2 100644
--- a/website/content/docs/k8s/helm.mdx
+++ b/website/content/docs/k8s/helm.mdx
@@ -414,7 +414,7 @@ Use these links to navigate to a particular top-level stanza.
 
       - `secretKey` ((#v-global-acls-replicationtoken-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the replication token.
 
-    - `resources` ((#v-global-acls-resources)) (`map`) - The resource requests (CPU, memory, etc.) for the server-acl-init and server-acl-init-cleanup pods. 
+    - `resources` ((#v-global-acls-resources)) (`map`) - The resource requests (CPU, memory, etc.) for the server-acl-init and server-acl-init-cleanup pods.
       This should be a YAML map corresponding to a Kubernetes
       [`ResourceRequirements``](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core)
       object.
@@ -440,7 +440,7 @@ Use these links to navigate to a particular top-level stanza.
 
       - `secretName` ((#v-global-acls-partitiontoken-secretname)) (`string: null`) - The name of the Vault secret that holds the partition token.
 
-      - `secretKey` ((#v-global-acls-partitiontoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the parition token.
+      - `secretKey` ((#v-global-acls-partitiontoken-secretkey)) (`string: null`) - The key within the Vault secret that holds the partition token.
 
     - `tolerations` ((#v-global-acls-tolerations)) (`string: ""`) - tolerations configures the taints and tolerations for the server-acl-init
       and server-acl-init-cleanup jobs. This should be a multi-line string matching the
@@ -484,7 +484,7 @@ Use these links to navigate to a particular top-level stanza.
     - `enabled` ((#v-global-federation-enabled)) (`boolean: false`) - If enabled, this datacenter will be federation-capable. Only federation
       via mesh gateways is supported.
       Mesh gateways and servers will be configured to allow federation.
-      Requires `global.tls.enabled`, `connectInject.enabled`, and one of 
+      Requires `global.tls.enabled`, `connectInject.enabled`, and one of
       `meshGateway.enabled` or `externalServers.enabled` to be true.
       Requires Consul 1.8+.
 
@@ -508,7 +508,7 @@ Use these links to navigate to a particular top-level stanza.
       from the one used by the Consul Service Mesh.
       Please refer to the [Kubernetes Auth Method documentation](/consul/docs/security/acl/auth-methods/kubernetes).
 
-      If `externalServers.enabled` is set to true, `global.federation.k8sAuthMethodHost` and 
+      If `externalServers.enabled` is set to true, `global.federation.k8sAuthMethodHost` and
       `externalServers.k8sAuthMethodHost` should be set to the same value.
 
       You can retrieve this value from your `kubeconfig` by running:
@@ -1004,7 +1004,7 @@ Use these links to navigate to a particular top-level stanza.
         ...
       ```
 
-  - `auditLogs` ((#v-server-auditlogs)) - <EnterpriseAlert inline /> Added in Consul 1.8, the audit object allow users to enable auditing 
+  - `auditLogs` ((#v-server-auditlogs)) - <EnterpriseAlert inline /> Added in Consul 1.8, the audit object allow users to enable auditing
     and configure a sink and filters for their audit logs. Please refer to
     [audit logs](/consul/docs/enterprise/audit-logging) documentation
     for further information.
@@ -1012,7 +1012,7 @@ Use these links to navigate to a particular top-level stanza.
     - `enabled` ((#v-server-auditlogs-enabled)) (`boolean: false`) - Controls whether Consul logs out each time a user performs an operation.
       global.acls.manageSystemACLs must be enabled to use this feature.
 
-    - `sinks` ((#v-server-auditlogs-sinks)) (`array<map>`) - A single entry of the sink object provides configuration for the destination to which Consul 
+    - `sinks` ((#v-server-auditlogs-sinks)) (`array<map>`) - A single entry of the sink object provides configuration for the destination to which Consul
       will log auditing events.
 
       Example:
@@ -1027,7 +1027,7 @@ Use these links to navigate to a particular top-level stanza.
           rotate_duration: 24h
           rotate_max_files: 15
           rotate_bytes: 25165824
-          
+
       ```
 
       The sink object supports the following keys:
@@ -1124,7 +1124,7 @@ Use these links to navigate to a particular top-level stanza.
     This address must be reachable from the Consul servers.
     Please refer to the [Kubernetes Auth Method documentation](/consul/docs/security/acl/auth-methods/kubernetes).
 
-    If `global.federation.enabled` is set to true, `global.federation.k8sAuthMethodHost` and 
+    If `global.federation.enabled` is set to true, `global.federation.k8sAuthMethodHost` and
     `externalServers.k8sAuthMethodHost` should be set to the same value.
 
     You could retrieve this value from your `kubeconfig` by running:
diff --git a/website/content/docs/k8s/service-sync.mdx b/website/content/docs/k8s/service-sync.mdx
index 54ebbdd54d2c..daf03396f21f 100644
--- a/website/content/docs/k8s/service-sync.mdx
+++ b/website/content/docs/k8s/service-sync.mdx
@@ -287,7 +287,7 @@ metadata:
 ### Service meta
 
 A service registered in Consul from Kubernetes sets the `external-source` key to
-`kubernetes`. This can be used from the APLI, CLI and UI to filter
+`kubernetes`. This can be used from the API, CLI and UI to filter
 service instances that are set in k8s. The Consul UI displays a Kubernetes icon next to all externally
 registered services from Kubernetes.
 
@@ -422,7 +422,7 @@ configuration.
 
 **If a conflicting service is found**: the service is not synced. This
 does not match the Kubernetes to Consul behavior, but given the current
-implementation we must do this because Kubernetes cannott mix both CNAME and
+implementation we must do this because Kubernetes cannot mix both CNAME and
 Endpoint-based services.
 
 ### Kubernetes service labels and annotations
diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx
index 5075ffce48c7..26ef776e1b73 100644
--- a/website/content/docs/k8s/upgrade/index.mdx
+++ b/website/content/docs/k8s/upgrade/index.mdx
@@ -120,7 +120,7 @@ to update to the new version. Before you upgrade to a new version:
 
    </CodeBlockConfig>
 
-2. Determine the version of your exisiting Helm installation. In this example, version `0.39.0` (from `consul-k8s:0.39.0`) is being used.
+2. Determine the version of your existing Helm installation. In this example, version `0.39.0` (from `consul-k8s:0.39.0`) is being used.
 
   ```shell-session
   $ helm list --filter consul --namespace consul
@@ -174,7 +174,7 @@ that can be used.
 1. Take specific note if `consul-server, StatefulSet` is listed, as it means your Consul server statefulset will be redeployed.
 
   If your Consul server statefulset needs to be redeployed, follow the same pattern for upgrades as
-  on other platforms by redploying servers one by one. Refer tp [Upgrading Consul](/consul/docs/upgrading) for more information.
+  on other platforms by redeploying servers one by one. Refer tp [Upgrading Consul](/consul/docs/upgrading) for more information.
 
   If neither the server statefulset is not being redeployed,
   then you can continue with the Helm upgrade without any specific sequence to follow.
@@ -258,7 +258,7 @@ If you upgrade Consul from a version that uses client agents to a version the us
 1. If ACLs are enabled, outdated ACL tokens will persist a result of the upgrade. You can manually delete the tokens to declutter your Consul environment.
 
    Outdated connect-injector tokens have the following description: `token created via login: {"component":"connect-injector"}`. Do not delete
-   the tokens that have a description where `pod` is a key, for example `token created via login: {"component":"connect-injector","pod":"default/consul-connect-injector-576b65747c-9547x"}`). The dataplane-enabled connect inject pods use these tokens.    
+   the tokens that have a description where `pod` is a key, for example `token created via login: {"component":"connect-injector","pod":"default/consul-connect-injector-576b65747c-9547x"}`). The dataplane-enabled connect inject pods use these tokens.
 
    You can also review the creation date for the tokens and only delete the injector tokens created before your upgrade, but do not delete all old tokens without considering if they are still in use. Some tokens, such as the server tokens, are still necessary.
 
diff --git a/website/content/docs/nia/usage/requirements.mdx b/website/content/docs/nia/usage/requirements.mdx
index 7d3f84dd8973..0fcdf1645ac1 100644
--- a/website/content/docs/nia/usage/requirements.mdx
+++ b/website/content/docs/nia/usage/requirements.mdx
@@ -31,19 +31,19 @@ For information on compatible Consul versions, refer to the [Consul compatibilit
 
 ### Run an agent
 
-The Consul agent must be running in order to dynamically update network devices. Refer to the [Consul agent documentation](/consul/docs/agent) for information about configuring and starting a Consul agent. 
+The Consul agent must be running in order to dynamically update network devices. Refer to the [Consul agent documentation](/consul/docs/agent) for information about configuring and starting a Consul agent.
 
 When running a Consul agent with CTS in production, consider that CTS uses [blocking queries](/consul/api-docs/features/blocking) to monitor task dependencies, such as changes to registered services. This  results in multiple long-running TCP connections between CTS and the agent to poll changes for each dependency. Consul may quickly reach the agent connection limits if CTS is monitoring a high number of services.
 
-To avoid reaching the limit prematurely, we recommend using HTTP/2 (requires HTTPS) to communicate between CTS and the Consul agent. When using HTTP/2, CTS establishes a single connection and reuses it for all communication. Refer to the [Consul Configuration section](/consul/docs/nia/configuration#consul) for details. 
+To avoid reaching the limit prematurely, we recommend using HTTP/2 (requires HTTPS) to communicate between CTS and the Consul agent. When using HTTP/2, CTS establishes a single connection and reuses it for all communication. Refer to the [Consul Configuration section](/consul/docs/nia/configuration#consul) for details.
 
-Alternatively, you can configure the [`limits.http_max_conns_per_client`](/consul/docs/agent/config/config-files#http_max_conns_per_client) option to set a maximimum number of connections to meet your needs. 
+Alternatively, you can configure the [`limits.http_max_conns_per_client`](/consul/docs/agent/config/config-files#http_max_conns_per_client) option to set a maximum number of connections to meet your needs.
 
 ### Register services
 
 CTS monitors the Consul catalog for service changes that lead to downstream changes to your network devices. Without services, your CTS daemon is operational but idle. You can register services with your Consul agent by either loading a service definition or by sending an HTTP API request.
 
-The following HTTP API request example registers a service named `web` with your Consul agent: 
+The following HTTP API request example registers a service named `web` with your Consul agent:
 
 ```shell-session
 $ echo '{
@@ -56,7 +56,7 @@ $ echo '{
 $ curl --request PUT --data @payload.json http://localhost:8500/v1/agent/service/register
 ```
 
-The example represents a non-existent web service running at `10.10.10.10:8000` that is now available for CTS to consume. 
+The example represents a non-existent web service running at `10.10.10.10:8000` that is now available for CTS to consume.
 
 You can configure CTS to monitor the web service, execute a task, and update network device(s) by configuring `web` in the [`condition "services"`](/consul/docs/nia/configuration#services-condition) task block. If the web service has any non-default values, it can also be configured in `condition "services"`.
 
@@ -80,8 +80,8 @@ To find providers for the infrastructure platforms you use, browse the providers
 
 If a Terraform provider does not exist for your environment, you can create a new Terraform provider and publish it to the registry so that you can use it within a network integration task or create a compatible Terraform module. Refer to the following Terraform tutorial and documentation for additional information on creating and publishing providers:
 
-- [Setup and Implement Read](/terraform/tutorials/providers/provider-setup) 
-- [Publishing Providers](/terraform/registry/providers/publishing). 
+- [Setup and Implement Read](/terraform/tutorials/providers/provider-setup)
+- [Publishing Providers](/terraform/registry/providers/publishing).
 
 ## Network integration using a Terraform module
 
diff --git a/website/content/docs/nia/usage/run-ha.mdx b/website/content/docs/nia/usage/run-ha.mdx
index 31d2251564e9..6152007255b7 100644
--- a/website/content/docs/nia/usage/run-ha.mdx
+++ b/website/content/docs/nia/usage/run-ha.mdx
@@ -8,7 +8,7 @@ description: >-
 # Run Consul-Terraform-Sync with high availability
 
 <EnterpriseAlert>
-  An enterpise license is only required for enterprise distributions of Consul-Terraform-Sync (CTS).
+  An enterprise license is only required for enterprise distributions of Consul-Terraform-Sync (CTS).
 </EnterpriseAlert>
 
 This topic describes how to run Consul-Terraform-Sync (CTS) configured for high availability. High availability is an enterprise capability that ensures that all changes to Consul that occur during a failover transition are processed and that CTS continues to operate as expected.
@@ -18,10 +18,10 @@ This topic describes how to run Consul-Terraform-Sync (CTS) configured for high
 A network always has exactly one instance of the CTS cluster that is the designated leader. The leader is responsible for monitoring and running tasks. If the leader fails, CTS triggers the following process when it is configured for high availability:
 
 1. The CTS cluster promotes a new leader from the pool of followers in the network.
-1. The new leader begins running all existing tasks in `once-mode` in order to process changes that occurred during the failover transition period. In this mode, CTS runs all existing tasks one time. 
-1. The new leader logs any errors that occur during `once-mode` operation and the new leader continues to monitor Consul for changes. 
+1. The new leader begins running all existing tasks in `once-mode` in order to process changes that occurred during the failover transition period. In this mode, CTS runs all existing tasks one time.
+1. The new leader logs any errors that occur during `once-mode` operation and the new leader continues to monitor Consul for changes.
 
-In a standard configuration, CTS exits if errors occur when the CTS instance runs tasks in `once-mode`. In a high availability configuration, CTS logs the errors and continues to operate without interruption. 
+In a standard configuration, CTS exits if errors occur when the CTS instance runs tasks in `once-mode`. In a high availability configuration, CTS logs the errors and continues to operate without interruption.
 
 The following diagram shows operating state when high availability is enabled. CTS Instance A is the current leader and is responsible for monitoring and running tasks:
 
@@ -36,28 +36,28 @@ The following diagram shows the CTS cluster state after the leader stops. CTS In
 - The time it takes for a new leader to be elected is determined by the `high_availability.cluster.storage.session_ttl` configuration. The minimum failover time is equal to the `session_ttl` value. The maximum failover time is double the `session_ttl` value.
 - If failover occurs during task execution, a new leader is elected. The new leader will attempt to run all tasks once before continuing to monitor for changes.
 - If using the [Terraform Cloud (TFC) driver](/consul/docs/nia/network-drivers/terraform-cloud), the task finishes and CTS starts a new leader that attempts to queue a run for each task in TFC in once-mode.
-- If using [Terraform driver](/consul/docs/nia/network-drivers/terraform), the task may complete depending on the cause of the failover. The new leader starts and attempts to run each task in [once-mode](/consul/docs/nia/cli/start#modes). Depending on the module and provider, the task may require manual intervention to fix any inconsistencies between the infrastructure and Terraform state. 
+- If using [Terraform driver](/consul/docs/nia/network-drivers/terraform), the task may complete depending on the cause of the failover. The new leader starts and attempts to run each task in [once-mode](/consul/docs/nia/cli/start#modes). Depending on the module and provider, the task may require manual intervention to fix any inconsistencies between the infrastructure and Terraform state.
 - If failover occurs when no task is executing, CTS elects a new leader that attempts to run all tasks in once-mode.
 
 Note that driver behavior is consistent whether or not CTS is running in high availability mode.
 
 ## Requirements
 
-Verify that you have met the [basic requirements](/consul/docs/nia/usage/requirements) for running CTS. 
+Verify that you have met the [basic requirements](/consul/docs/nia/usage/requirements) for running CTS.
 
 * CTS Enterprise 0.7 or later
 * Terraform CLI 0.13 or later
 * All instances in a cluster must be in the same datacenter.
 
-You must configure appropriate ACL permissions for your cluster. Refer to [ACL permissions](#) for details. 
+You must configure appropriate ACL permissions for your cluster. Refer to [ACL permissions](#) for details.
 
-We recommend specifying the [TFC driver](/consul/docs/nia/network-drivers/terraform-cloud) in your CTS configuration if you want to run in high availability mode. 
+We recommend specifying the [TFC driver](/consul/docs/nia/network-drivers/terraform-cloud) in your CTS configuration if you want to run in high availability mode.
 
 ## Configuration
 
-Add the `high_availability` block in your CTS configuration and configure the required settings to enable high availability. Refer to the [Configuration reference](/consul/docs/nia/configuration#high-availability) for details about the configuration fields for the `high_availability` block. 
+Add the `high_availability` block in your CTS configuration and configure the required settings to enable high availability. Refer to the [Configuration reference](/consul/docs/nia/configuration#high-availability) for details about the configuration fields for the `high_availability` block.
 
-The following example configures high availability functionality for a cluster named `cts-cluster`: 
+The following example configures high availability functionality for a cluster named `cts-cluster`:
 
 <CodeBlockConfig filename="cts-config.hcl">
 
@@ -83,17 +83,17 @@ high_availability {
 
 The `session` and `keys` resources in your Consul environment must have `write` permissions. Refer to the [ACL documentation](/consul/docs/security/acl) for details on how to define ACL policies.
 
-If the `high_availability.cluster.storage.namespace` field is configured, then your ACL policy must also enable `write` permissions for the `namespace` resource.  
+If the `high_availability.cluster.storage.namespace` field is configured, then your ACL policy must also enable `write` permissions for the `namespace` resource.
 
-## Start a new CTS cluster 
+## Start a new CTS cluster
 
 We recommend deploying a cluster that includes three CTS instances. This is so that the cluster has one leader and two followers.
 
 1. Create an HCL configuration file that includes the settings you want to include, including the `high_availability` block. Refer to [Configuration Options for Consul-Terraform-Sync](/consul/docs/nia/configuration) for all configuration options.
-1. Issue the startup command and pass the configuration file. Refer to the [`start` command reference](/consul/docs/nia/cli/start#modes) for additional information about CTS startup modes. 
+1. Issue the startup command and pass the configuration file. Refer to the [`start` command reference](/consul/docs/nia/cli/start#modes) for additional information about CTS startup modes.
   ```shell-session
   $ consul-terraform-sync start -config-file ha-config.hcl
-  ```  
+  ```
 1. You can call the `/status` API endpoint to verify the status of tasks CTS is configured to monitor. Only the leader of the cluster will return a successful response. Refer to the [`/status` API reference documentation](/consul/docs/nia/api/status) for information about usage and responses.
 
   ```shell-session
@@ -102,9 +102,9 @@ We recommend deploying a cluster that includes three CTS instances. This is so t
 
 Repeat the procedure to start the remaining instances for your cluster. We recommend using near-identical configurations for all instances in your cluster. You may not be able to use exact configurations in all cases, but starting instances with the same configuration improves consistency and reduces confusion if you need to troubleshoot errors.
 
-## Modify an instance configuration 
+## Modify an instance configuration
 
-You can implement a rolling update to update a non-task configuration for a CTS instance, such as the Consul connection settings. If you need to update a task in the instance configuration, refer to [Modify tasks](#modify-tasks). 
+You can implement a rolling update to update a non-task configuration for a CTS instance, such as the Consul connection settings. If you need to update a task in the instance configuration, refer to [Modify tasks](#modify-tasks).
 
 1. Identify the leader CTS instance by either making a call to the [`status/cluster` API endpoint](/consul/docs/nia/api/status#cluster-status) or by checking the logs for the following entry:
   ```shell-session
@@ -112,19 +112,19 @@ You can implement a rolling update to update a non-task configuration for a CTS
   ```
 1. Stop one of the follower CTS instances and apply the new configuration.
 1. Restart the follower instance.
-1. Repeat steps 2 and 3 for other follower instances in your cluster. 
+1. Repeat steps 2 and 3 for other follower instances in your cluster.
 1. Stop the leader instance. One of the follower instances becomes the leader.
 1. Apply the new configuration to the former leader instance and restart it.
 
-## Modify tasks 
+## Modify tasks
 
-When high availability is enabled, CTS persists task and event data. Refer to [State storage and persistence](/consul/docs/nia/architecture#state-storage-and-persistence) for additional information. 
+When high availability is enabled, CTS persists task and event data. Refer to [State storage and persistence](/consul/docs/nia/architecture#state-storage-and-persistence) for additional information.
 
 You can use the following methods for modifying tasks when high availability is enabled. We recommend choosing a single method to make all task configuration changes because inconsistencies between the state and the configuration can occur when mixing methods.
 
-### Delete and recreate the task 
- 
-We recommend deleting and recreating a task if you need to make a modification. Use the CTS API to identify the CTS leader instance and replace a task. 
+### Delete and recreate the task
+
+We recommend deleting and recreating a task if you need to make a modification. Use the CTS API to identify the CTS leader instance and replace a task.
 
 1. Identify the leader CTS instance by either making a call to the [`status/cluster` API endpoint](/consul/docs/nia/api/status#cluster-status) or by checking the logs for the following entry:
 
@@ -137,19 +137,19 @@ We recommend deleting and recreating a task if you need to make a modification.
   $ curl --request DELETE  localhost:8558/v1/tasks/task_a
   ```
 
- You can also use the [`task delete` command](/consul/docs/nia/cli/task#task-delete) to complete this step. 
+ You can also use the [`task delete` command](/consul/docs/nia/cli/task#task-delete) to complete this step.
 
-1. Send a `POST` call to the `/task/<task-name>` endpoint and include the updated task in your payload. 
+1. Send a `POST` call to the `/task/<task-name>` endpoint and include the updated task in your payload.
   ```shell-session
-  $curl --header "Content-Type: application/json" \  
-  --request POST \  
+  $curl --header "Content-Type: application/json" \
+  --request POST \
   --data @payload.json \
   localhost:8558/v1/tasks
-  ``` 
-  
+  ```
+
   You can also use the [`task-create` command](/consul/docs/nia/cli/task#task-create) to complete this step.
 
-### Discard data with the `-reset-storage` flag 
+### Discard data with the `-reset-storage` flag
 
 You can restart the CTS cluster using the [`-reset-storage` flag](/consul/docs/nia/cli/start#options) to discard persisted data if you need to update a task.
 
@@ -158,7 +158,7 @@ You can restart the CTS cluster using the [`-reset-storage` flag](/consul/docs/n
 1. Restart the instance and include the `-reset-storage` flag.
 1. Stop all other instances so that the updated instance becomes the leader.
 1. Start all other instances again.
-1. Restart the instance you restarted in step 3 without the `-reset-storage` flag so that it starts up with the current state. If you continue to run an instance with the `-reset-storage` flag enabled, then CTS will reset the state data whenever the instance becomes the leader. 
+1. Restart the instance you restarted in step 3 without the `-reset-storage` flag so that it starts up with the current state. If you continue to run an instance with the `-reset-storage` flag enabled, then CTS will reset the state data whenever the instance becomes the leader.
 
 ## Troubleshooting
 
@@ -169,9 +169,9 @@ Use the following troubleshooting procedure if a previous leader had been runnin
   2022-08-23T09:25:09.501-0700 [ERROR] tasksmanager: error applying task: task_name=config-task
   error=
   | error tf-apply for 'config-task': exit status 1
-  | 
+  |
   | Error: GET https://api.github.com/user: 401 Bad credentials []
-  | 
+  |
   | with module.config-task.provider["registry.terraform.io/integrations/github"],
   | on .terraform/modules/config-task/main.tf line 11, in provider "github":
   | 11: provider "github" {
@@ -179,5 +179,5 @@ Use the following troubleshooting procedure if a previous leader had been runnin
   ```
 1. Check for differences between the previous leader and new leader, such as differences in configurations, environment variables, and local resources.
 1. Start a new instance with the fix that resolves the issue.
-1. Tear down the leader instance that has the issue and any other instances that may have the same issue. 
-1. Restart the affected instances to implement the fix. 
+1. Tear down the leader instance that has the issue and any other instances that may have the same issue.
+1. Restart the affected instances to implement the fix.
diff --git a/website/content/docs/release-notes/consul-k8s/v1_0_x.mdx b/website/content/docs/release-notes/consul-k8s/v1_0_x.mdx
index 5de0b43f5824..caa67d526bc2 100644
--- a/website/content/docs/release-notes/consul-k8s/v1_0_x.mdx
+++ b/website/content/docs/release-notes/consul-k8s/v1_0_x.mdx
@@ -11,9 +11,9 @@ description: >-
 
 - **Simplified Service Mesh Deployments with Consul Dataplane:** Consul client agents are no longer deployed by default, and Consul service mesh no longer uses Consul clients to operate. A new component `consul-dataplane` is now injected as a sidecar-proxy instead of plain Envoy. `consul-dataplane` manages the Envoy proxy process and proxies xDS requests from Envoy to Consul servers. All service mesh consul-k8s components are configured to talk directly to Consul servers.
 
-- **Cluster Peering GA with Peering over Mesh Gateways:** This version promotes Cluster Peering, a new model to federate Consul clusters for both service mesh and traditional service discovery, to General Availability. Cluster peering allows for service interconnectivity with looser coupling than the existing WAN federation. Cluster Peering on Consul K8s now enables [Cluster Peering with Control Plane traffic routed via Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways) by default instead of provisioning load balancers using the `servers.exposeServers` stanza. In addtion, failover for service to service traffic over Cluster Peering can be configured through the `failover.targets` field in the [ServiceResolver](/consul/docs/connect/config-entries/service-resolver#targets) CRD.  
-  
-- **Consul API Gateway 0.5.0 Support:** Support to run Consul API Gateway without clients and allow Consul API Gateway to directly connect to Consul servers. 
+- **Cluster Peering GA with Peering over Mesh Gateways:** This version promotes Cluster Peering, a new model to federate Consul clusters for both service mesh and traditional service discovery, to General Availability. Cluster peering allows for service interconnectivity with looser coupling than the existing WAN federation. Cluster Peering on Consul K8s now enables [Cluster Peering with Control Plane traffic routed via Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways) by default instead of provisioning load balancers using the `servers.exposeServers` stanza. In addition, failover for service to service traffic over Cluster Peering can be configured through the `failover.targets` field in the [ServiceResolver](/consul/docs/connect/config-entries/service-resolver#targets) CRD.
+
+- **Consul API Gateway 0.5.0 Support:** Support to run Consul API Gateway without clients and allow Consul API Gateway to directly connect to Consul servers.
 
 ## What's Changed
 
@@ -22,27 +22,27 @@ description: >-
 - `externalServers.hosts` no longer supports [cloud auto-join](/consul/docs/install/cloud-auto-join) strings directly. Instead, include an [`exec=`](https://github.com/hashicorp/go-netaddrs#command-line-tool-usage) string in the `externalServers.hosts` list to invoke the `discover` CLI. For example, the following string invokes the `discover` CLI with a cloud auto-join string: `exec=discover -q addrs provider=aws region=us-west-2 tag_key=consul-server tag_value=true`. The `discover` CLI is included in the official `hashicorp/consul-dataplane` images by default.
 - `sync-catalog` now communicates directly to Consul servers. When communicating to servers outside of Kubernetes, use the `externalServers.hosts` stanza as described in [Join External Servers to Consul on Kubernetes](/consul/docs/k8s/deployment-configurations/servers-outside-kubernetes).
 - Consul snapshot agent runs as a sidecar to Consul servers. <EnterpriseAlert inline />
-  - `client.snapshotAgent` values are moved to `server.snapshotAgent`, with the exception of the following values: `client.snaphostAgent.replicas`, `client.snaphostAgent.serviceAccount`
-  - `global.secretsBackend.vault.consulSnapshotAgentRole` value is now removed. You should now use the `global.secretsBackend.vault.consulServerRole` for access to any Vault secrets. 
+  - `client.snapshotAgent` values are moved to `server.snapshotAgent`, with the exception of the following values: `client.snapshotAgent.replicas`, `client.snapshotAgent.serviceAccount`
+  - `global.secretsBackend.vault.consulSnapshotAgentRole` value is now removed. You should now use the `global.secretsBackend.vault.consulServerRole` for access to any Vault secrets.
 -  Support simplified default deployment values to allow for easier quick starts and testing:
-    * Set `server.replicas` to `1`. Formerly, this defaulted to `3`. 
-    * `connectInject.enabled` now defaults to true. 
-    * `dns.enabled` and `dns.enableRedirection` will now default to the value of `connectInject.transparentProxy.defaultEnabled`. Previously, `dns.enabled` defaulted to the value of `global.enabled` and `dns.enableRedirection` defaulted to the value to `false`. 
-    * Set `connectInject.replicas` to 1 
+    * Set `server.replicas` to `1`. Formerly, this defaulted to `3`.
+    * `connectInject.enabled` now defaults to true.
+    * `dns.enabled` and `dns.enableRedirection` will now default to the value of `connectInject.transparentProxy.defaultEnabled`. Previously, `dns.enabled` defaulted to the value of `global.enabled` and `dns.enableRedirection` defaulted to the value to `false`.
+    * Set `connectInject.replicas` to 1
     * Set `meshGateway.affinity` to null and `meshGateway.replicas` to 1
-    * Set `ingressGateways.defaults.affinity` to null and `ingressGateways.defaults.replicas` to 1 
+    * Set `ingressGateways.defaults.affinity` to null and `ingressGateways.defaults.replicas` to 1
     * Set `terminatingGateways.defaults.affinity` to null and `terminatingGateways.defaults.replicas` to 1
     * `syncCatalog.consulNamespaces.mirroringK8S` now defaults to `true`. <EnterpriseAlert inline />
     * `connectInject.consulNamespaces.mirroringK8S` now defaults to `true`. <EnterpriseAlert inline />
-- `global.imageEnvoy` is now replaced with `global.imageConsulDataplane` for running the sidecar proxy. apiGateway.imageEnvoy` is now available  for configuring the version of Envoy that the API Gateway uses. 
-  
+- `global.imageEnvoy` is now replaced with `global.imageConsulDataplane` for running the sidecar proxy. apiGateway.imageEnvoy` is now available  for configuring the version of Envoy that the API Gateway uses.
+
 ## Supported Software
 
-~> **Note:** Consul 1.13.x and 1.12.x is not supported. Please use Consul K8s 0.49.x if you want to use Consul 1.13.x or 1.12.x. 
-- Consul 1.14.x. 
-- Consul Dataplane v1.0.x. Refer to [Envoy and Consul Dataplane](/consul/docs/connect/proxies/envoy#envoy-and-consul-dataplane) for details about Consul Dataplane versions and the available packaged Envoy version. 
+~> **Note:** Consul 1.13.x and 1.12.x is not supported. Please use Consul K8s 0.49.x if you want to use Consul 1.13.x or 1.12.x.
+- Consul 1.14.x.
+- Consul Dataplane v1.0.x. Refer to [Envoy and Consul Dataplane](/consul/docs/connect/proxies/envoy#envoy-and-consul-dataplane) for details about Consul Dataplane versions and the available packaged Envoy version.
 - Kubernetes 1.22.x - 1.25.x
-- `kubectl` 1.22.x - 1.25.x 
+- `kubectl` 1.22.x - 1.25.x
 - Helm 3.6+
 
 ## Upgrading
@@ -51,9 +51,9 @@ For detailed information on upgrading, please refer to the [Upgrades page](/cons
 
 ## Known Issues
 
-The following issues are known to exist in the v1.0.0 release: 
+The following issues are known to exist in the v1.0.0 release:
 
-- Pod Security Standards that are configured for the [Pod Security Admission controller](https://kubernetes.io/blog/2022/08/25/pod-security-admission-stable/) are currently not supported by Consul K8s. OpenShift 4.11.x enables Pod Security Standards on Kubernetes 1.25 [by default](https://connect.redhat.com/en/blog/important-openshift-changes-pod-security-standards) and is also not supported. Support will be added in a future Consul K8s 1.0.x patch release. 
+- Pod Security Standards that are configured for the [Pod Security Admission controller](https://kubernetes.io/blog/2022/08/25/pod-security-admission-stable/) are currently not supported by Consul K8s. OpenShift 4.11.x enables Pod Security Standards on Kubernetes 1.25 [by default](https://connect.redhat.com/en/blog/important-openshift-changes-pod-security-standards) and is also not supported. Support will be added in a future Consul K8s 1.0.x patch release.
 
 ## Changelogs
 
diff --git a/website/content/docs/release-notes/consul/v1_15_x.mdx b/website/content/docs/release-notes/consul/v1_15_x.mdx
index 06513080ae50..4b4e9fb5705c 100644
--- a/website/content/docs/release-notes/consul/v1_15_x.mdx
+++ b/website/content/docs/release-notes/consul/v1_15_x.mdx
@@ -9,54 +9,54 @@ description: >-
 
 ## Release Highlights
 
-- **Enhanced Envoy Access Logging:** Envoy access logs are now centrally managed via config entries and CRDs to allow operators to easily turn on access logs for all proxies within the service mesh. Refer to [Access logs overview](/consul/docs/connect/observability/access-logs) for more information. Additionally, the [Proxy default configuration entry](/consul/docs/connect/config-entries/proxy-defaults) shows you how to enable access logs centrally via the ProxyDefaults config entry or CRD.  
+- **Enhanced Envoy Access Logging:** Envoy access logs are now centrally managed via config entries and CRDs to allow operators to easily turn on access logs for all proxies within the service mesh. Refer to [Access logs overview](/consul/docs/connect/observability/access-logs) for more information. Additionally, the [Proxy default configuration entry](/consul/docs/connect/config-entries/proxy-defaults) shows you how to enable access logs centrally via the ProxyDefaults config entry or CRD.
 
-- **Consul Envoy Extensions:** The new Envoy extension system enables you to modify Consul-generated Envoy resources outside of the Consul binary. This will allow extensions to add, delete, and modify Envoy listeners, routes, clusters, and endpoints, enabling support for additional Envoy features without changes to the Consul codebase. 
-Current supported extensions include the [Lua](/consul/docs/connect/proxies/envoy-extensions#lua) and [AWS Lambda](/consul/docs/connect/proxies/envoy-extensions#lambda) extensions. Refer to [Envoy extensions overview](/consul/docs/connect/proxies/envoy-extensions) for more information on how to use these extensions for Consul service mesh.  
+- **Consul Envoy Extensions:** The new Envoy extension system enables you to modify Consul-generated Envoy resources outside of the Consul binary. This will allow extensions to add, delete, and modify Envoy listeners, routes, clusters, and endpoints, enabling support for additional Envoy features without changes to the Consul codebase.
+Current supported extensions include the [Lua](/consul/docs/connect/proxies/envoy-extensions#lua) and [AWS Lambda](/consul/docs/connect/proxies/envoy-extensions#lambda) extensions. Refer to [Envoy extensions overview](/consul/docs/connect/proxies/envoy-extensions) for more information on how to use these extensions for Consul service mesh.
 
-- **API Gateway support on Linux VM runtimes:** You can now deploy Consul API Gateway on Linux VM runtimes. API Gateway is built into Consul and, when deploying on Linux VM runtimes, is not separately installed software. Refer to [API gateway overview](/consul/docs/connect/gateways/api-gateway) for more information on API Gateway specifically for VM. 
+- **API Gateway support on Linux VM runtimes:** You can now deploy Consul API Gateway on Linux VM runtimes. API Gateway is built into Consul and, when deploying on Linux VM runtimes, is not separately installed software. Refer to [API gateway overview](/consul/docs/connect/gateways/api-gateway) for more information on API Gateway specifically for VM.
 
   ~> **Note:** Support for API Gateway on Linux VM runtimes is considered a "Beta" feature in Consul v1.15.0. HashiCorp expects to change it to a GA feature as part of a v1.15 patch release in the near future.
 
-- **Limit traffic rates to Consul servers:** You can now configure global RPC rate limits to mitigate the risks to Consul servers when clients send excessive read or write requests to Consul resources. Refer to [Limit traffic rates overview](/consul/docs/agent/limits) for more details on how to use the new troubleshooting commands. 
+- **Limit traffic rates to Consul servers:** You can now configure global RPC rate limits to mitigate the risks to Consul servers when clients send excessive read or write requests to Consul resources. Refer to [Limit traffic rates overview](/consul/docs/agent/limits) for more details on how to use the new troubleshooting commands.
 
-- **Service-to-service troubleshooting:** Consul includes a built-in tool for troubleshooting communication between services in a service mesh. The `consul troubleshoot` command enables you to validate communication between upstream and downstream Envoy proxies on VM and Kubernetes deployments. Refer to [Service-to-service troubleshooting overview](/consul/docs/troubleshoot/troubleshoot-services) for more details on how to use the new troubleshooting commands. 
-Refer to [Service-to-service troubleshooting overview](/consul/docs/troubleshoot/troubleshoot-services) for more details on how to use the new troubleshooting commands. 
+- **Service-to-service troubleshooting:** Consul includes a built-in tool for troubleshooting communication between services in a service mesh. The `consul troubleshoot` command enables you to validate communication between upstream and downstream Envoy proxies on VM and Kubernetes deployments. Refer to [Service-to-service troubleshooting overview](/consul/docs/troubleshoot/troubleshoot-services) for more details on how to use the new troubleshooting commands.
+Refer to [Service-to-service troubleshooting overview](/consul/docs/troubleshoot/troubleshoot-services) for more details on how to use the new troubleshooting commands.
 
-- **Raft write-ahead log (Experimental):** Consul provides an experimental storage backend called write-ahead log (WAL). WAL implements a traditional log with rotating, append-only log files which resolves a number of performance issues with the current BoltDB storage backend. Refer to [Experimental WAL LogStore backend overview](/consul/docs/agent/wal-logstore) for more details.   
-  
-  ~> **Note:** The new Raft write-ahead log storage backend is not recommended for production use cases yet, but is ready for testing by the general community. 
+- **Raft write-ahead log (Experimental):** Consul provides an experimental storage backend called write-ahead log (WAL). WAL implements a traditional log with rotating, append-only log files which resolves a number of performance issues with the current BoltDB storage backend. Refer to [Experimental WAL LogStore backend overview](/consul/docs/agent/wal-logstore) for more details.
+
+  ~> **Note:** The new Raft write-ahead log storage backend is not recommended for production use cases yet, but is ready for testing by the general community.
 
 ## What's Changed
 
-- ACL errors have now been ehanced to return descriptive errors when the specified resource cannot be found. Other ACL request errors provide more information about when a resource is missing. In addition, errors are now gracefully thrown when interacting with the ACL system before the ACL system been bootstrapped.
+- ACL errors have now been enhanced to return descriptive errors when the specified resource cannot be found. Other ACL request errors provide more information about when a resource is missing. In addition, errors are now gracefully thrown when interacting with the ACL system before the ACL system been bootstrapped.
   - The Delete Token/Policy/AuthMethod/Role/BindingRule endpoints now return 404 when the resource cannot be found. The new error format is as follows:
 
     ```log hideClipboard
     Requested * does not exist: ACL not found", "* not found in namespace $NAMESPACE: ACL not found`
     ```
 
-  - The Read Token/Policy/Role endpoints now return 404 when the resource cannot be found. The new error format is as follows: 
-    
+  - The Read Token/Policy/Role endpoints now return 404 when the resource cannot be found. The new error format is as follows:
+
     ```log hideClipboard
     Cannot find * to delete
     ```
-    
-  - The Logout endpoint now returns a 401 error when the supplied token cannot be found. The new error format is as follows: 
-    
+
+  - The Logout endpoint now returns a 401 error when the supplied token cannot be found. The new error format is as follows:
+
     ```log hideClipboard
     Supplied token does not exist
     ```
-    
-  - The Token Self endpoint now returns 404 when the token cannot be found. The new error format is as follows: 
-   
+
+  - The Token Self endpoint now returns 404 when the token cannot be found. The new error format is as follows:
+
     ```log hideClipboard
     Supplied token does not exist
     ```
-    
+
 - Consul v1.15.0 formally removes all uses of legacy ACLs and ACL policies from Consul. The legacy ACL system was deprecated in Consul v1.4.0 and removed in Consul v1.11.0. The documentation for the new ACL system can be found [here](/consul/docs/v1.14.x/security/acl). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens tutorial](/consul/tutorials/security-operations/access-control-token-migration).
-- The following agent flags are now deprecated: `-join`, `-join-wan`, `start_join`, and `start_join_wan`. These options are now aliases of `-retry-join`, `-retry-join-wan`, `retry_join`, and `retry_join_wan`, respectively. 
-- A `peer` field has been added to ServiceDefaults upstream overrides to make it possible to apply upstream overrides only to peer services. Prior to this change, overrides would be applied based on matching the namespace and name fields only, which means users could not have different configuration for local versus peer services. With this change, peer upstreams are only affected if the peer field matches the destination peer name. 
+- The following agent flags are now deprecated: `-join`, `-join-wan`, `start_join`, and `start_join_wan`. These options are now aliases of `-retry-join`, `-retry-join-wan`, `retry_join`, and `retry_join_wan`, respectively.
+- A `peer` field has been added to ServiceDefaults upstream overrides to make it possible to apply upstream overrides only to peer services. Prior to this change, overrides would be applied based on matching the namespace and name fields only, which means users could not have different configuration for local versus peer services. With this change, peer upstreams are only affected if the peer field matches the destination peer name.
 - If you run the `consul connect envoy` command with an incompatible Envoy version, Consul will now error and exit. To ignore this check, use flag `--ignore-envoy-compatibility`.
 - Ingress Gateway upstream clusters will have empty `outlier_detection` if passive health check is unspecified.
 
@@ -74,15 +74,15 @@ The following issues are known to exist in the v1.15.x releases:
   due to a problem with leaf certificate rotation.
   This is resolved in Consul v1.15.2.
 
-- For v1.15.0, Consul is reporting newer releases of Envoy (for example, v1.25.1) as not supported, even though these versions are listed as valid in the [Envoy compatilibity matrix](/consul/docs/connect/proxies/envoy#envoy-and-consul-client-agent). The following error would result for newer versions of Envoy:
+- For v1.15.0, Consul is reporting newer releases of Envoy (for example, v1.25.1) as not supported, even though these versions are listed as valid in the [Envoy compatibility matrix](/consul/docs/connect/proxies/envoy#envoy-and-consul-client-agent). The following error would result for newer versions of Envoy:
 
   ```log hideClipboard
   Envoy version 1.25.1 is not supported. If there is a reason you need to use this version of envoy use the ignore-envoy-compatibility flag. Using an unsupported version of Envoy is not recommended and your experience may vary.
   ```
-  
+
   To workaround this issue on Consul v1.15.0, launch sidecar proxies
-  with the `ignore-envoy-compatiblity` flag: 
-  
+  with the `ignore-envoy-compatibility` flag:
+
   ```shell-session
   $ consul connect envoy --ignore-envoy-compatibility
   ```
diff --git a/website/content/docs/services/configuration/checks-configuration-reference.mdx b/website/content/docs/services/configuration/checks-configuration-reference.mdx
index c0d3e24cfde6..10934217aacb 100644
--- a/website/content/docs/services/configuration/checks-configuration-reference.mdx
+++ b/website/content/docs/services/configuration/checks-configuration-reference.mdx
@@ -10,46 +10,46 @@ description: ->
 This topic provides configuration reference information for health checks. For information about the different kinds of health checks and guidance on defining them, refer to [Define Health Checks].
 
 ## Introduction
-Health checks perform several safety functions, such as allowing a web balancer to gracefully remove failing nodes and allowing a database to replace a failed secondary. You can configure health checks to monitor the health of the entire node. Refer to [Define Health Checks](/consul/docs/services/usage/checks) for information about how to define the differnet types of health checks available in Consul.
+Health checks perform several safety functions, such as allowing a web balancer to gracefully remove failing nodes and allowing a database to replace a failed secondary. You can configure health checks to monitor the health of the entire node. Refer to [Define Health Checks](/consul/docs/services/usage/checks) for information about how to define the different types of health checks available in Consul.
 
 ## Check block
-Specify health check options in the `check` block. To register two or more heath checks in the same configuration, use the [`checks` block](#checks-block). The following table describes the configuration options contained in the `check` block. 
+Specify health check options in the `check` block. To register two or more heath checks in the same configuration, use the [`checks` block](#checks-block). The following table describes the configuration options contained in the `check` block.
 
-| Parameter | Description | Check types | 
-| ---       | ---          | ---         | 
+| Parameter | Description | Check types |
+| ---       | ---          | ---         |
 | `name` | Required string value that specifies the name of the check. Default is `service:<service-id>`. If multiple service checks are registered, the autogenerated default is appended with colon and incrementing number starting with `1`. | <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>OSService </li> <li>TTL </li> <li>Docker </li> <li>gRPC </li> <li>H2ping </li> <li>Alias </li> |
 | `id` | A unique string value that specifies an ID for the check. Default to the `name` value. If `name` values conflict, specify a unique ID to avoid overwriting existing checks with same ID on the same node. Consul auto-generates an ID if the check is defined in a service definition file. |  <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>OSService </li> <li>TTL </li> <li>Docker </li> <li>gRPC </li> <li>H2ping </li> <li>Alias </li>  |
-| `notes` | String value that provides a human-readabiole description of the check. The contents are not visible to Consul. | <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>OSService </li> <li>TTL </li> <li>Docker </li> <li>gRPC </li> <li>H2ping </li> <li>Alias </li> |
+| `notes` | String value that provides a human-readable description of the check. The contents are not visible to Consul. | <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>OSService </li> <li>TTL </li> <li>Docker </li> <li>gRPC </li> <li>H2ping </li> <li>Alias </li> |
 | `interval` | Required string value that specifies how frequently to run the check. The `interval` parameter is required for supported check types. The value is parsed by the golang [time package formatting specification](https://golang.org/pkg/time/#ParseDuration).  | <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>OSService </li> <li>Docker </li> <li>gRPC </li> <li>H2ping</li> |
 | `timeout` | String value that specifies how long unsuccessful requests take to end with a timeout. The `timeout` is optional for the supported check types and has the following defaults: <li> Script: `30s` </li> <li> HTTP: `10s` </li><li> TCP: `10s` </li><li> UDP: `10s` </li><li> gRPC: `10s` </li><li> H2ping: `10s` </li> |  <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>gRPC </li> <li>H2ping </li> |
 | `status` | Optional string value  that specifies the initial status of the health check. You can specify the following values: <li>`critical` (default)</li><li>`warning`</li><li>`passing`</li> | <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>OSService </li> <li>TTL </li> <li>Docker </li> <li>gRPC </li> <li>H2ping </li> <li>Alias </li> |
 | `deregister_critical_service_after` | String value that specifies how long a service and its associated checks are allowed to be in a `critical` state. Consul deregisters services if they are `critical` for the specified amount of time. The value is parsed by the golang [time package formatting specification](https://golang.org/pkg/time/#ParseDuration) | <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>OSService </li> <li>TTL </li> <li>Docker </li> <li>gRPC </li> <li>H2ping </li> <li>Alias </li> |
 | `success_before_passing` | Integer value that specifies how many consecutive times the check must pass before Consul marks the service or node as `passing`. Default is `0`. | <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>OSService </li> <li>TTL </li> <li>Docker </li> <li>gRPC </li> <li>H2ping </li> <li>Alias </li> |
 | `failures_before_warning` | Integer value that specifies how many consecutive times the check must fail before Consul marks the service or node as `warning`. The value cannot be more than `failures_before_critical`. Defaults to the value specified for `failures_before_critical`. | <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>OSService </li> <li>TTL </li> <li>Docker </li> <li>gRPC </li> <li>H2ping </li> <li>Alias </li> |
-| `failures_before_critical` | Integer value that specifies how many consecutive times the check must fail before Consul marks the service or node as `critical`. Default is `0`. | <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>OSService </li> <li>TTL </li> <li>Docker </li> <li>gRPC </li> <li>H2ping </li> <li>Alias </li> |    
+| `failures_before_critical` | Integer value that specifies how many consecutive times the check must fail before Consul marks the service or node as `critical`. Default is `0`. | <li>Script </li> <li>HTTP </li> <li>TCP </li> <li>UDP </li> <li>OSService </li> <li>TTL </li> <li>Docker </li> <li>gRPC </li> <li>H2ping </li> <li>Alias </li> |
 | `args` | Specifies a list of arguments strings to pass to the command line. The list of values includes the path to a script file or external application to invoke and any additional parameters for running the script or application. | <li> Script </li><li> Docker </li> |
 | `docker_container_id` | Specifies the Docker container ID in which to run an external health check application. Specify the external application with the `args` parameter. | <li> Docker </li>  |
 | `shell` | String value that specifies the type of command line shell to use for running the health check application. Specify the external application with the `args` parameter. | <li> Docker </li>  |
-| `grpc` | String value that specifies the gRPC endpoint, including port number, to send requests to. Append the endpoint with `:/` and a service identifier to check a specific service. The endpoint must support the [gRPC health checking protocol](https://github.com/grpc/grpc/blob/master/doc/health-checking.md). | <li>gRPC </li>|        
+| `grpc` | String value that specifies the gRPC endpoint, including port number, to send requests to. Append the endpoint with `:/` and a service identifier to check a specific service. The endpoint must support the [gRPC health checking protocol](https://github.com/grpc/grpc/blob/master/doc/health-checking.md). | <li>gRPC </li>|
 | `grpc_use_tls` | Boolean value that enables TLS for gRPC checks when set to `true`. | <li>gRPC </li> |
-| `h2ping` | String value that specifies the HTTP2 endpoint, including port number, to send HTTP2 requests to. | <li>H2ping</li> |        
+| `h2ping` | String value that specifies the HTTP2 endpoint, including port number, to send HTTP2 requests to. | <li>H2ping</li> |
 | `h2ping_use_tls` | Boolean value that enables TLS for H2ping checks when set to `true`. | <li>H2ping</li> |
 | `http` | String value that specifies an HTTP endpoint to send requests to. | <li>HTTP</li> |
 | `tls_server_name` | String value that specifies the server name used to verify the hostname on the returned certificates unless `tls_skip_verify` is given. Also included in the client's handshake to support SNI. It is recommended that this field be left unspecified. The TLS client will deduce the server name for SNI from the check address unless it's an IP ([RFC 6066, Section 3](https://tools.ietf.org/html/rfc6066#section-3)). There are two common circumstances where supplying a `tls_server_name` can be beneficial: <li>When the check address is an IP, `tls_server_name` can be specified for SNI. Note: setting `tls_server_name` will also override the hostname used to verify the certificate presented by the server being checked.</li><li>When the hostname in the check address won't be present in the SAN (Subject Alternative Name) field of the certificate presented by the server being checked. Note: setting `tls_server_name` will also override the hostname used for SNI.</li> | <li>HTTP </li> <li>H2Ping </li> <li>gRPC </li> |
 | `tls_skip_verify` | Boolean value that determines if the check verifies the chain and hostname of the certificate that the server presents. Set to `true` to disable verification. We recommend setting to `false` for production use. Default is `false`. | <li>HTTP </li> <li>H2Ping </li> <li>gRPC </li> |
 | `method` | String value that specifies the request method to send during HTTP checks. Default is `GET`. | <li>HTTP</li> |
 | `header` | Object that specifies header fields to send in HTTP check requests. Each header specified in `header` object contains a list of string values. | <li>HTTP</li> |
-| `body` | String value that contains JSON attributes to send in HTTP check requests. You must escap the quotation marks around the keys and values for each attribute. | <li>HTTP</li> |
-| `disable_redirects` | Boolean value that prevents HTTP checks from following redirects if set to `true`. Default is `false`. | <li>HTTP</li> |  
+| `body` | String value that contains JSON attributes to send in HTTP check requests. You must escape the quotation marks around the keys and values for each attribute. | <li>HTTP</li> |
+| `disable_redirects` | Boolean value that prevents HTTP checks from following redirects if set to `true`. Default is `false`. | <li>HTTP</li> |
 | `os_service` | String value that specifies the name of the name of a service to check during an OSService check. | <li>OSService</li> |
 | `service_id` | String value that specifies the ID of a service instance to associate with an OSService check. That service instance must be on the same node as the check. If not specified, the check verifies the health of the node. | <li>OSService</li> |
 | `tcp` | String value that specifies an IP address or host and port number for the check establish a TCP connection with. | <li>TCP</li> |
 | `udp` | String value that specifies an IP address or host and port number for the check to send UDP datagrams to. | <li>UDP</li> |
 | `ttl` | String value that specifies how long to wait for an update from an external process during a TTL check. | <li>TTL</li> |
-| `alias_service` | String value that specifies a service or node that the service associated with the health check aliases. | <li>Alias</li> | 
+| `alias_service` | String value that specifies a service or node that the service associated with the health check aliases. | <li>Alias</li> |
 
 
 
 ## Checks block
-You can define multiple health checks in a single `checks` block. The `checks` block is an array of objects that contain the configuration options described in the [`check` block configuration reference](#check-block). 
+You can define multiple health checks in a single `checks` block. The `checks` block is an array of objects that contain the configuration options described in the [`check` block configuration reference](#check-block).
 
diff --git a/website/content/docs/services/discovery/dns-overview.mdx b/website/content/docs/services/discovery/dns-overview.mdx
index 37eda715de25..843d97bd185d 100644
--- a/website/content/docs/services/discovery/dns-overview.mdx
+++ b/website/content/docs/services/discovery/dns-overview.mdx
@@ -1,41 +1,41 @@
 ---
 layout: docs
-page_title: DNS usage overview 
+page_title: DNS usage overview
 description: >-
   For service discovery use cases, Domain Name Service (DNS) is the main interface to look up, query, and address Consul nodes and services. Learn how a Consul DNS lookup can help you find services by tag, name, namespace, partition, datacenter, or domain.
 ---
 
 # DNS usage overview
 
-This topic provides overview information about how to look up Consul nodes and services using the Consul DNS. 
+This topic provides overview information about how to look up Consul nodes and services using the Consul DNS.
 
 ## Consul DNS
-The Consul DNS is the primary interface for discovering services registered in the Consul catalog. The DNS enables you to look up services and nodes registered with Consul using terminal commands instead of making HTTP API requests to Consul. 
+The Consul DNS is the primary interface for discovering services registered in the Consul catalog. The DNS enables you to look up services and nodes registered with Consul using terminal commands instead of making HTTP API requests to Consul.
 
-We recommend using the DNS for service discovery in virtual machine (VM) environments because it removes the need to modify native applications so that they can consume the Consul service discovery APIs.  
+We recommend using the DNS for service discovery in virtual machine (VM) environments because it removes the need to modify native applications so that they can consume the Consul service discovery APIs.
 
-The DNS has several default configurations, but you can customize how the server processes lookups. Refer to [Configure DNS Behaviors](/consul/docs/services/discovery/dns-configuration) for additional information. 
+The DNS has several default configurations, but you can customize how the server processes lookups. Refer to [Configure DNS Behaviors](/consul/docs/services/discovery/dns-configuration) for additional information.
 
 ### DNS versus native app integration
 You can use DNS to reach services registered with Consul or modify your application to natively consume the Consul service discovery HTTP APIs.
 
-We recommend using the DNS because it is less invasive. You do not have to modify your application with Consul to retrieve the service’s connection information. Instead, you can use a DNS fully qualified domain (FQDN) that conforms to Consul's lookup format to retreive the relevant information.
+We recommend using the DNS because it is less invasive. You do not have to modify your application with Consul to retrieve the service’s connection information. Instead, you can use a DNS fully qualified domain (FQDN) that conforms to Consul's lookup format to retrieve the relevant information.
 
-Refer to [ Native App Integration](/consul/docs/connect/native) and its [Go package](/consul/docs/connect/native/go) for additional information. 
+Refer to [ Native App Integration](/consul/docs/connect/native) and its [Go package](/consul/docs/connect/native/go) for additional information.
 
 ### DNS versus upstreams
-If you are using Consul for service discovery and have not enabled service mesh features, then use the DNS to discover services and nodes in the Consul catalog. 
+If you are using Consul for service discovery and have not enabled service mesh features, then use the DNS to discover services and nodes in the Consul catalog.
 
 If you are using Consul for service mesh on VMs, you can use upstreams or DNS. We recommend using upstreams because you can query services and nodes without modifying the application code or environment variables. Refer to [Upstream Configuration Reference](/consul/docs/connect/registration/service-registration#upstream-configuration-reference) for additional information.
 
-If you are using Consul on Kubernetes, refer to [the upstreams annotation documentation](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) for additional information. 
+If you are using Consul on Kubernetes, refer to [the upstreams annotation documentation](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) for additional information.
 
 ## Static queries
-Node lookups and service lookups are the fundamental types of static queries. Depending on your use case, you may need to use different query methods and syntaxes to query the DNS for services and nodes. 
+Node lookups and service lookups are the fundamental types of static queries. Depending on your use case, you may need to use different query methods and syntaxes to query the DNS for services and nodes.
 
-Consul relies on a very specific format for queries to resolve names. Note that all queries are case-sensitive. 
+Consul relies on a very specific format for queries to resolve names. Note that all queries are case-sensitive.
 
-Refer to [Perform Static DNS Lookups](/consul/docs/services/discovery/dns-static-lookups) for details about how to perform node and service lookups.  
+Refer to [Perform Static DNS Lookups](/consul/docs/services/discovery/dns-static-lookups) for details about how to perform node and service lookups.
 
 ## Prepared queries
 Prepared queries are configurations that enable you to register complex DNS queries. They provide lookup features that extend Consul's service discovery capabilities, such as filtering by multiple tags and automatically querying remote datacenters for services if no healthy nodes are available in the local datacenter. You can also create prepared query templates that match names using a prefix match, allowing a single template to apply to potentially many services. Refer to [Enable Dynamic DNS Queries](/consul/docs/services/discovery/dns-dynamic-lookups) for additional information.
diff --git a/website/content/docs/services/discovery/dns-static-lookups.mdx b/website/content/docs/services/discovery/dns-static-lookups.mdx
index a279373460fe..6c26fc006091 100644
--- a/website/content/docs/services/discovery/dns-static-lookups.mdx
+++ b/website/content/docs/services/discovery/dns-static-lookups.mdx
@@ -9,10 +9,10 @@ description: ->
 This topic describes how to query the Consul DNS to look up nodes and services registered with Consul. Refer to [Enable Dynamic DNS Queries](/consul/docs/services/discovery/dns-dynamic-lookups) for information about using prepared queries.
 
 ## Introduction
-Node lookups and service lookups are the fundamental types of queries you can perform using the Consul DNS. Node lookups interrogate the catalog for named Consul agents. Service lookups interrogate the catalog for services registered with Consul. Refer to [DNS Usage Overivew](/consul/docs/services/discovery/dns-overview) for additional background information. 
+Node lookups and service lookups are the fundamental types of queries you can perform using the Consul DNS. Node lookups interrogate the catalog for named Consul agents. Service lookups interrogate the catalog for services registered with Consul. Refer to [DNS Usage Overview](/consul/docs/services/discovery/dns-overview) for additional background information.
 
 ## Requirements
-All versions of Consul support DNS lookup features.  
+All versions of Consul support DNS lookup features.
 
 ### ACLs
 If ACLs are enabled, you must present a token linked with the necessary policies. We recommend using a separate token in production deployments for querying the DNS. By default, Consul agents resolve DNS requests using the preconfigured tokens in order of precedence:
@@ -39,7 +39,7 @@ Specify the name of the node, datacenter, and domain using the following FQDN sy
 
 The `datacenter` subdomain is optional. By default, the lookup queries the datacenter of the agent.
 
-By default, the domain is `consul`. Refer to [Configure DNS Behaviors](/consul/docs/services/discovery/dns-configuration) for information about using alternate domains. 
+By default, the domain is `consul`. Refer to [Configure DNS Behaviors](/consul/docs/services/discovery/dns-configuration) for information about using alternate domains.
 
 ### Node lookup results
 
@@ -75,9 +75,9 @@ consul.     0 IN  SOA ns.consul. postmaster.consul. 1392836399 3600 600 86400 0
 
 ### Node lookups for Consul Enterprise
 
-Consul Enterprise includes the admin partition concept, which is an abstraction that lets you define isolated administrative network areas. Refer to [Admin Partitions](/consul/docs/enterprise/admin-partitions) for additional information.   
+Consul Enterprise includes the admin partition concept, which is an abstraction that lets you define isolated administrative network areas. Refer to [Admin Partitions](/consul/docs/enterprise/admin-partitions) for additional information.
 
-Consul nodes reside in admin partitions within a datacenter. By default, node lookups query the same partition and datacenter of the Consul agent that received the DNS query. 
+Consul nodes reside in admin partitions within a datacenter. By default, node lookups query the same partition and datacenter of the Consul agent that received the DNS query.
 
 Use the following query format to specify a partition for a node lookup:
 
@@ -88,9 +88,9 @@ Use the following query format to specify a partition for a node lookup:
 Consul server agents are in the `default` partition. If you send a DNS query to Consul server agents, you must explicitly specify the partition of the target node if it is not `default`.
 
 ## Service lookups
-You can query the network for service providers using either the [standard lookup](#standard-lookup) method or [strict RFC 2782 lookup](#rfc-2782-lookup) method. 
+You can query the network for service providers using either the [standard lookup](#standard-lookup) method or [strict RFC 2782 lookup](#rfc-2782-lookup) method.
 
-By default, all SRV records are weighted equally in service lookup responses, but you can configure the weights using the [`Weights`](/consul/docs/services/configuration/services-configuration-reference#weights) attribute of the service definition. Refer to [Define Services](/consul/docs/services/usage/define-services) for additional information. 
+By default, all SRV records are weighted equally in service lookup responses, but you can configure the weights using the [`Weights`](/consul/docs/services/configuration/services-configuration-reference#weights) attribute of the service definition. Refer to [Define Services](/consul/docs/services/usage/define-services) for additional information.
 
 The DNS protocol limits the size of requests, even when performing DNS TCP queries, which may affect your experience querying for services. For services with more than 500 instances, you may not be able to retrieve the complete list of instances for the service. Refer to [RFC 1035, Domain Names - Implementation and Specification](https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.4) for additional information.
 
@@ -103,13 +103,13 @@ To perform standard service lookups, specify tags, the name of the service, data
 [<tag>.]<service>.service[.<datacenter>.dc][.<cluster-peer>.peer].<domain>
 ```
 
-The `tag` subdomain is optional. It filters responses so that only service providers containing the tag appear.  
+The `tag` subdomain is optional. It filters responses so that only service providers containing the tag appear.
 
 The `datacenter` subdomain is optional. By default, Consul interrogates the querying agent's datacenter.
 
 The `cluster-peer` name is optional, and specifies the [cluster peer](/consul/docs/connect/cluster-peering) whose [exported services](/consul/docs/connect/config-entries/exported-services) should be the target of the query.
 
-By default, the lookups query in the `consul` domain. Refer to [Configure DNS Behaviors](/consul/docs/services/discovery/dns-configuration) for information about using alternate domains. 
+By default, the lookups query in the `consul` domain. Refer to [Configure DNS Behaviors](/consul/docs/services/discovery/dns-configuration) for information about using alternate domains.
 
 #### Standard lookup results
 Standard services queries return A and SRV records. SRV records include the port that the service is registered on. SRV records are only served if the client specifically requests them.
@@ -163,7 +163,7 @@ primary.postgresql.service.dc2.consul. 0 IN  A 10.1.10.12
 ```
 
 ### RFC 2782 lookup
-Per [RFC 2782](https://tools.ietf.org/html/rfc2782), SRV queries must prepend `service` and `protocol` values with an underscore (`_`) to prevent DNS collisions. Use the following syntax to perform RFC 2782 lookups: 
+Per [RFC 2782](https://tools.ietf.org/html/rfc2782), SRV queries must prepend `service` and `protocol` values with an underscore (`_`) to prevent DNS collisions. Use the following syntax to perform RFC 2782 lookups:
 
 ```text
 _<service>._<protocol>[.service][.<datacenter>].<domain>
@@ -231,7 +231,7 @@ _redis._tcp.service.phx1.peer.consul. 0 IN SRV 1 1 29142 0a010d56.addr.consul.
 
 #### SRV responses for hosts in the .addr subdomain
 
-If a service registered with Consul is configured with an explicit IP address or addresses in the  [`address`](/consul/docs/services/configuration/services-configuration-reference#address) or [`tagged_address`](/consul/docs/services/configuration/services-configuration-reference#tagged_address) parameter, then Consul returns the hostname in the target field of the answer section for the DNS SRV query according to the following format: 
+If a service registered with Consul is configured with an explicit IP address or addresses in the  [`address`](/consul/docs/services/configuration/services-configuration-reference#address) or [`tagged_address`](/consul/docs/services/configuration/services-configuration-reference#tagged_address) parameter, then Consul returns the hostname in the target field of the answer section for the DNS SRV query according to the following format:
 
 ```text
 <hexadecimal-encoded IP>.addr.<datacenter>.consul`.
@@ -322,7 +322,7 @@ Use the following query format to specify namespace, partition, or datacenter:
 [<tag>.]<service>.service[.<namespace>.ns][.<partition>.ap][.<datacenter>.dc]<domain>
 ```
 
-The `namespace`, `partition`, and `datacenter` are optional. By default, all service lookups use the `default` namespace within the partition and datacenter of the Consul agent that received the DNS query. 
+The `namespace`, `partition`, and `datacenter` are optional. By default, all service lookups use the `default` namespace within the partition and datacenter of the Consul agent that received the DNS query.
 
 Consul server agents reside in the `default` partition. If DNS queries are addressed to Consul server agents, you must explicitly specify the partition of the target service when querying for services in  partitions other than `default`.
 
@@ -357,7 +357,7 @@ Add the `.virtual` subdomain to queries to find the unique virtual IP allocated
 <service>.virtual[.<peer>].<domain>
 ```
 
-This returns the unique virtual IP for any service mesh-capable service. Each service mesh service has a virtual IP assigned to it by Consul. Sidecar proxies use the virtual IP to enable the [transparent proxy](/consul/docs/connect/transparent-proxy) feature. 
+This returns the unique virtual IP for any service mesh-capable service. Each service mesh service has a virtual IP assigned to it by Consul. Sidecar proxies use the virtual IP to enable the [transparent proxy](/consul/docs/connect/transparent-proxy) feature.
 
 The peer name is an optional. The DNS uses it to query for the virtual IP of a service imported from the specified peer.
 
@@ -388,4 +388,4 @@ This endpoint finds services within the same datacenter and does not support tag
 
 ### UDP-based DNS queries
 
-When the DNS query is performed using UDP, Consul truncateß the results without setting the truncate bit. This prevents a redundant lookup over TCP that generates additional load. If the lookup is done over TCP, the results are not truncated.
\ No newline at end of file
+When the DNS query is performed using UDP, Consul truncates the results without setting the truncate bit. This prevents a redundant lookup over TCP that generates additional load. If the lookup is done over TCP, the results are not truncated.
diff --git a/website/content/docs/services/services.mdx b/website/content/docs/services/services.mdx
index 7300b9d1aa80..f2d4eb70c111 100644
--- a/website/content/docs/services/services.mdx
+++ b/website/content/docs/services/services.mdx
@@ -2,19 +2,19 @@
 layout: docs
 page_title: Services overview
 description: >-
-  Learn about services and service discovery workflows and concepts for virtual machine environments. 
+  Learn about services and service discovery workflows and concepts for virtual machine environments.
 ---
 
 # Services overview
 
 This topic provides overview information about services and how to make them discoverable in Consul when your network operates on virtual machines. If service mesh is enabled in your network, refer to the following articles for additional information about connecting services in a mesh:
 
-- [How Service Mesh Works](/consul/docs/connect/connect-internals) 
+- [How Service Mesh Works](/consul/docs/connect/connect-internals)
 - [How Consul Service Mesh Works on Kubernetes](/consul/docs/k8s/connect)
 
 ## Introduction
 
-A _service_ is an entity in your network that performs a specialized operation or set of related operations. In many contexts, a service is software that you want to make available to users or other programs with access to your network. Services can also refer to native Consul functionality, such as _service mesh proxies_ and _gateways_, that enable you to establish connections between different parts of your network. 
+A _service_ is an entity in your network that performs a specialized operation or set of related operations. In many contexts, a service is software that you want to make available to users or other programs with access to your network. Services can also refer to native Consul functionality, such as _service mesh proxies_ and _gateways_, that enable you to establish connections between different parts of your network.
 
 You can define and register services with Consul, which makes them discoverable to other services in the network. You can also define various types of health checks that perform several safety functions, such as allowing a web balancer to gracefully remove failing nodes and allowing a database to replace a failed secondary.
 
@@ -37,13 +37,13 @@ Consul redirects service traffic through sidecar proxies if you use Consul servi
 
 You must define upstream services in the service definition. Consul uses the upstream configuration to bind the service with its upstreams. After registering the service, you must start a sidecar proxy on the VM to enable mesh connectivity. Refer to [Register a Service Mesh Proxy in a Service Registration](/consul/docs/connect/registration/sidecar-service) for details.
 
-### Kubernetes 
+### Kubernetes
 
 If you use Consul on Kubernetes, enable the service mesh injector in your Consul Helm chart and Consul automatically adds a sidecar to each of your pods using the Kubernetes `Service` definition as a reference. You can specify upstream annotations in the `Deployment` definition to bind upstream services to the pods.
 Refer to [`connectInject`](/consul/docs/k8s/connect#installation-and-configuration) and [the upstreams annotation documentation](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) for additional information.
 
 ### Multiple services
 
-You can define common characteristics for services in your mesh, such as the admin partition, namespace, or upstreams, by creating and applying a `service-defaults` configuration entry. You can also define override configurations for specific upstreams or service instances. To use `service-defaults` configuraiton entries, you must enable Consul service mesh in your network.
+You can define common characteristics for services in your mesh, such as the admin partition, namespace, or upstreams, by creating and applying a `service-defaults` configuration entry. You can also define override configurations for specific upstreams or service instances. To use `service-defaults` configuration entries, you must enable Consul service mesh in your network.
 
-Refer to [Define Service Defaults](/consul/docs/services/usage/define-services#define-service-defaults) for additional information.
\ No newline at end of file
+Refer to [Define Service Defaults](/consul/docs/services/usage/define-services#define-service-defaults) for additional information.
diff --git a/website/content/docs/services/usage/define-services.mdx b/website/content/docs/services/usage/define-services.mdx
index 1e0490b9b3ab..60f19997eb30 100644
--- a/website/content/docs/services/usage/define-services.mdx
+++ b/website/content/docs/services/usage/define-services.mdx
@@ -1,17 +1,17 @@
 ---
 layout: docs
-page_title: Define services 
+page_title: Define services
 description: >-
-    Learn how to define services so that they are discoverable in your network. 
+    Learn how to define services so that they are discoverable in your network.
 ---
 
 # Define services
 
-This topic describes how to define services so that they can be discovered by other services. Refer to [Services Overview](/consul/docs/services/services) for additional information. 
+This topic describes how to define services so that they can be discovered by other services. Refer to [Services Overview](/consul/docs/services/services) for additional information.
 
 ## Overview
 
-You must tell Consul about the services deployed to your network if you want them to be discoverable. You can define services in a configuration file or send the service definition parameters as a payload to the `/agent/service/register` API endpoint. Refer to [Register Services and Health Checks](/consul/docs/services/usage/register-services-checks) for details about how to register services with Consul.  
+You must tell Consul about the services deployed to your network if you want them to be discoverable. You can define services in a configuration file or send the service definition parameters as a payload to the `/agent/service/register` API endpoint. Refer to [Register Services and Health Checks](/consul/docs/services/usage/register-services-checks) for details about how to register services with Consul.
 
 You can define multiple services individually using `service` blocks or group multiple services into the same `services` configuration block. Refer to [Define multiple services in a single file](#define-multiple-services-in-a-single-file) for additional information.
 
@@ -19,7 +19,7 @@ If Consul service mesh is enabled in your network, you can use the [service defa
 
 ## Requirements
 
-The core service discovery features are available in all versions of Consul. 
+The core service discovery features are available in all versions of Consul.
 
 ### Service defaults
 To use the [service defaults configuration entry](#define-service-defaults), verify that your installation meets the following requirements:
@@ -28,11 +28,11 @@ To use the [service defaults configuration entry](#define-service-defaults), ver
 - Consul 1.8.4+ is required to use the `ServiceDefaults` custom resource on Kubernetes
 
 ### ACLs
-If ACLs are enabled, resources in your network must present a token with `service:read` access to read a service defaults configuration entry. 
+If ACLs are enabled, resources in your network must present a token with `service:read` access to read a service defaults configuration entry.
 
 You must also present a token with `service:write` access to create, update, or delete a service defaults configuration entry.
 
-Service configurations must also contain and present an ACL token to perform anti-entropy syncs and deregistration operations. Refer to [Modify anti-entropy synchronozation](#modify-anti-entropy-synchronization) for additional information.
+Service configurations must also contain and present an ACL token to perform anti-entropy syncs and deregistration operations. Refer to [Modify anti-entropy synchronization](#modify-anti-entropy-synchronization) for additional information.
 
 On Consul Enterprise, you can register services with specific namespaces if the services' ACL tokens are scoped to the namespace. Services registered with a service definition do not inherit the namespace associated with the ACL token specified in the `token` field. The `namespace` and the `token` parameters must be included in the service definition for the service to be registered to the namespace that the ACL token is scoped to.
 
@@ -52,17 +52,17 @@ service {
   id   = "redis"
   port = 80
   tags = ["primary"]
- 
+
   meta = {
     custom_meta_key = "custom_meta_value"
   }
- 
+
   tagged_addresses = {
     lan = {
       address = "192.168.0.55"
       port    = 8000
     }
- 
+
     wan = {
       address = "198.18.0.23"
       port    = 80
@@ -138,17 +138,17 @@ You can add a `check` or `checks` block to your service configuration to define
 
 ### Register a service
 
-You can register your service using the [`consul services` command](/consul/commands/services) or by calling the [`/agent/services` API endpoint](/consul/api-docs/agent/service). Refer to [Register Services and Health Checks](/consul/docs/services/usage/register-services-checks) for details. 
+You can register your service using the [`consul services` command](/consul/commands/services) or by calling the [`/agent/services` API endpoint](/consul/api-docs/agent/service). Refer to [Register Services and Health Checks](/consul/docs/services/usage/register-services-checks) for details.
 
 ## Define service defaults
-If Consul service mesh is enabled in your network, you can define default values for services in your mesh by creating and applying a `service-defaults` configuration entry containing. Refer to [Service Mesh Configuration Overview](/consul/docs/connect/configuration) for additional information. 
+If Consul service mesh is enabled in your network, you can define default values for services in your mesh by creating and applying a `service-defaults` configuration entry containing. Refer to [Service Mesh Configuration Overview](/consul/docs/connect/configuration) for additional information.
 
 Create a file for the configuration entry and specify the required fields. If you are authoring `service-defaults` in HCL or JSON, the `Kind` and `Name` fields are required. On Kubernetes, the `apiVersion`, `kind`, and `metadata.name` fields are required. Refer to [Service Defaults Reference](/consul/docs/connect/config-entries/service-defaults) for details about the configuration options.
 
 If you use Consul Enterprise, you can also specify the `Namespace` and `Partition` fields to apply the configuration to services in a specific namespace or partition. For Kubernetes environments, the configuration entry is always created in the same partition as the Kubernetes cluster.
 
 ### Consul OSS example
-The following example instructs services named `counting` to send up to `512` concurrent requests to a mesh gateway: 
+The following example instructs services named `counting` to send up to `512` concurrent requests to a mesh gateway:
 
 <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
 
@@ -226,7 +226,7 @@ spec:
 </CodeTabs>
 
 ### Consul Enterprise example
-The following example instructs services named `counting` in the `prod` namespace to send up to `512` concurrent requests to a mesh gateway: 
+The following example instructs services named `counting` in the `prod` namespace to send up to `512` concurrent requests to a mesh gateway:
 
 <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
 
@@ -308,15 +308,15 @@ spec:
 
 ### Apply service defaults
 
-You can apply your `service-defaults` configuration entry using the [`consul config` command](/consul/commands/config) or by calling the [`/config` API endpoint](/consul/api-docs/config). In Kubernetes environments, apply the `service-defaults` custom resource definitions (CRD) to implement and manage Consul configuration entries.  
+You can apply your `service-defaults` configuration entry using the [`consul config` command](/consul/commands/config) or by calling the [`/config` API endpoint](/consul/api-docs/config). In Kubernetes environments, apply the `service-defaults` custom resource definitions (CRD) to implement and manage Consul configuration entries.
 
-Refer to the following topics for details about applying configuration entries: 
-- [How to Use Configuration Entries](/consul/docs/agent/config-entries) 
+Refer to the following topics for details about applying configuration entries:
+- [How to Use Configuration Entries](/consul/docs/agent/config-entries)
 - [Custom Resource Definitions for Consul on Kubernetes](/consul/docs/k8s/crds)
 
 ## Define multiple services in a single file
 
-The `services` block contains an array of `service` objects. It is a wrapper that enables you to define multiple services in the service definition and instruct Consul to expect more than just a single service configuration. As a result, you can register multiple services in a single `consul services register` command. Note that the `/agent/service/register` API endpoint does not support the `services` parameter. 
+The `services` block contains an array of `service` objects. It is a wrapper that enables you to define multiple services in the service definition and instruct Consul to expect more than just a single service configuration. As a result, you can register multiple services in a single `consul services register` command. Note that the `/agent/service/register` API endpoint does not support the `services` parameter.
 
 In the following example, the service definition configures an instance of the `redis` service tagged as `primary` running on port `6000`. It also configures an instance of the service tagged as `secondary` running on port `7000`.
 
@@ -436,7 +436,7 @@ service {
 
 </CodeTabs>
 
-This configuration only applies to the locally registered service. Nodes that register the same service apply the `enable_tag_override` and other service configurations independently. The tags for a service registered on one node update are not affected by operations performed on services with the same name registered on other nodes. 
+This configuration only applies to the locally registered service. Nodes that register the same service apply the `enable_tag_override` and other service configurations independently. The tags for a service registered on one node update are not affected by operations performed on services with the same name registered on other nodes.
 
 Refer to [`enable_tag_override`](/consul/docs/services/configuration/services-configuration-reference#enable_tag_override) for additional configuration information.
 
@@ -444,7 +444,7 @@ Refer to [`enable_tag_override`](/consul/docs/services/configuration/services-co
 Defining services for service mesh environments on virtual machines and in Kubernetes requires a different workflow.
 
 ### Define service mesh proxies
-You can register services to function as service mesh or sidecar proxies so that they can facilitate communication between other services across your network. Refer to [Service Mesh Proxy Overview](/consul/docs/connect/registration) for additional information. 
+You can register services to function as service mesh or sidecar proxies so that they can facilitate communication between other services across your network. Refer to [Service Mesh Proxy Overview](/consul/docs/connect/registration) for additional information.
 
 ### Define services in Kubernetes
-You can enable the services running in Kubernetes and Consul to sync automatically. Doing so ensures that Kubernetes services are available to Consul agents and services in Consul can be available as first-class Kubernetes services. Refer to [Service Sync for Consul on Kubernetes](/consul/docs/k8s/service-sync) for details.
\ No newline at end of file
+You can enable the services running in Kubernetes and Consul to sync automatically. Doing so ensures that Kubernetes services are available to Consul agents and services in Consul can be available as first-class Kubernetes services. Refer to [Service Sync for Consul on Kubernetes](/consul/docs/k8s/service-sync) for details.

From e5842cd81a56e3c275768a80f3e18f3360a8cffb Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Mon, 21 Aug 2023 12:31:54 -0500
Subject: [PATCH 305/359] Make proto-public license MPL (#18531)

* Make proto-public license MPL

* Add proto-public dir to exclusion list in .copywrite.hcl
---
 .copywrite.hcl                                |   2 +
 proto-public/LICENSE                          | 365 ++++++++++++++++++
 .../annotations/ratelimit/ratelimit.pb.go     |   2 +-
 .../annotations/ratelimit/ratelimit.proto     |   2 +-
 proto-public/buf.gen.yaml                     |   2 +-
 proto-public/buf.yaml                         |   2 +-
 proto-public/pbacl/acl.pb.go                  |   2 +-
 proto-public/pbacl/acl.proto                  |   2 +-
 proto-public/pbcatalog/v1alpha1/dns.pb.go     |   2 +-
 proto-public/pbcatalog/v1alpha1/dns.proto     |   2 +-
 .../pbcatalog/v1alpha1/failover_policy.pb.go  |   2 +-
 .../pbcatalog/v1alpha1/failover_policy.proto  |   2 +-
 .../v1alpha1/failover_policy_extras.go        |   2 +-
 .../v1alpha1/failover_policy_extras_test.go   |   2 +-
 proto-public/pbcatalog/v1alpha1/health.pb.go  |   2 +-
 proto-public/pbcatalog/v1alpha1/health.proto  |   2 +-
 proto-public/pbcatalog/v1alpha1/node.pb.go    |   2 +-
 proto-public/pbcatalog/v1alpha1/node.proto    |   2 +-
 .../pbcatalog/v1alpha1/protocol.pb.go         |   2 +-
 .../pbcatalog/v1alpha1/protocol.proto         |   2 +-
 .../pbcatalog/v1alpha1/selector.pb.go         |   2 +-
 .../pbcatalog/v1alpha1/selector.proto         |   2 +-
 proto-public/pbcatalog/v1alpha1/service.pb.go |   2 +-
 proto-public/pbcatalog/v1alpha1/service.proto |   2 +-
 .../v1alpha1/service_endpoints.pb.go          |   2 +-
 .../v1alpha1/service_endpoints.proto          |   2 +-
 proto-public/pbcatalog/v1alpha1/vip.pb.go     |   2 +-
 proto-public/pbcatalog/v1alpha1/vip.proto     |   2 +-
 .../pbcatalog/v1alpha1/workload.pb.go         |   2 +-
 .../pbcatalog/v1alpha1/workload.proto         |   2 +-
 proto-public/pbconnectca/ca.pb.go             |   2 +-
 proto-public/pbconnectca/ca.proto             |   2 +-
 proto-public/pbdataplane/dataplane.pb.go      |   2 +-
 proto-public/pbdataplane/dataplane.proto      |   2 +-
 proto-public/pbdns/dns.pb.go                  |   2 +-
 proto-public/pbdns/dns.proto                  |   2 +-
 proto-public/pbmesh/v1alpha1/common.pb.go     |   2 +-
 proto-public/pbmesh/v1alpha1/common.proto     |   2 +-
 .../pbmesh/v1alpha1/computed_routes.pb.go     |   2 +-
 .../pbmesh/v1alpha1/computed_routes.proto     |   2 +-
 proto-public/pbmesh/v1alpha1/connection.pb.go |   2 +-
 proto-public/pbmesh/v1alpha1/connection.proto |   2 +-
 .../pbmesh/v1alpha1/destination_policy.pb.go  |   2 +-
 .../pbmesh/v1alpha1/destination_policy.proto  |   2 +-
 proto-public/pbmesh/v1alpha1/expose.pb.go     |   2 +-
 proto-public/pbmesh/v1alpha1/expose.proto     |   2 +-
 proto-public/pbmesh/v1alpha1/grpc_route.pb.go |   2 +-
 proto-public/pbmesh/v1alpha1/grpc_route.proto |   2 +-
 proto-public/pbmesh/v1alpha1/http_route.pb.go |   2 +-
 proto-public/pbmesh/v1alpha1/http_route.proto |   2 +-
 .../pbmesh/v1alpha1/http_route_retries.pb.go  |   2 +-
 .../pbmesh/v1alpha1/http_route_retries.proto  |   2 +-
 .../pbmesh/v1alpha1/http_route_timeouts.pb.go |   2 +-
 .../pbmesh/v1alpha1/http_route_timeouts.proto |   2 +-
 .../v1alpha1/pbproxystate/access_logs.pb.go   |   2 +-
 .../v1alpha1/pbproxystate/access_logs.proto   |   2 +-
 .../v1alpha1/pbproxystate/address.pb.go       |   2 +-
 .../v1alpha1/pbproxystate/address.proto       |   2 +-
 .../v1alpha1/pbproxystate/cluster.pb.go       |   2 +-
 .../v1alpha1/pbproxystate/cluster.proto       |   2 +-
 .../v1alpha1/pbproxystate/endpoints.pb.go     |   2 +-
 .../v1alpha1/pbproxystate/endpoints.proto     |   2 +-
 .../pbproxystate/escape_hatches.pb.go         |   2 +-
 .../pbproxystate/escape_hatches.proto         |   2 +-
 .../pbproxystate/header_mutations.pb.go       |   2 +-
 .../pbproxystate/header_mutations.proto       |   2 +-
 .../v1alpha1/pbproxystate/intentions.pb.go    |   2 +-
 .../v1alpha1/pbproxystate/intentions.proto    |   2 +-
 .../v1alpha1/pbproxystate/listener.pb.go      |   2 +-
 .../v1alpha1/pbproxystate/listener.proto      |   2 +-
 .../v1alpha1/pbproxystate/references.pb.go    |   2 +-
 .../v1alpha1/pbproxystate/references.proto    |   2 +-
 .../pbmesh/v1alpha1/pbproxystate/route.pb.go  |   2 +-
 .../pbmesh/v1alpha1/pbproxystate/route.proto  |   2 +-
 .../pbproxystate/transport_socket.pb.go       |   2 +-
 .../pbproxystate/transport_socket.proto       |   2 +-
 .../pbmesh/v1alpha1/proxy_configuration.pb.go |   2 +-
 .../pbmesh/v1alpha1/proxy_configuration.proto |   2 +-
 .../pbmesh/v1alpha1/proxy_state.pb.go         |   2 +-
 .../pbmesh/v1alpha1/proxy_state.proto         |   2 +-
 proto-public/pbmesh/v1alpha1/routing.pb.go    |   2 +-
 proto-public/pbmesh/v1alpha1/routing.proto    |   2 +-
 proto-public/pbmesh/v1alpha1/tcp_route.pb.go  |   2 +-
 proto-public/pbmesh/v1alpha1/tcp_route.proto  |   2 +-
 proto-public/pbmesh/v1alpha1/upstreams.pb.go  |   2 +-
 proto-public/pbmesh/v1alpha1/upstreams.proto  |   2 +-
 .../v1alpha1/upstreams_configuration.pb.go    |   2 +-
 .../v1alpha1/upstreams_configuration.proto    |   2 +-
 proto-public/pbresource/resource.pb.go        |   2 +-
 proto-public/pbresource/resource.proto        |   2 +-
 .../pbserverdiscovery/serverdiscovery.pb.go   |   2 +-
 .../pbserverdiscovery/serverdiscovery.proto   |   2 +-
 92 files changed, 457 insertions(+), 90 deletions(-)
 create mode 100644 proto-public/LICENSE

diff --git a/.copywrite.hcl b/.copywrite.hcl
index 1562a9f12754..6e582b094bdb 100644
--- a/.copywrite.hcl
+++ b/.copywrite.hcl
@@ -25,9 +25,11 @@ project {
     "agent/proxycfg/proxycfg.deepcopy.go",
     "agent/grpc-middleware/rate_limit_mappings.gen.go",
     "agent/uiserver/dist/**",
+
     # licensed under MPL - ignoring for now until the copywrite tool can support
     # multiple licenses per repo.
     "sdk/**",
     "api/**",
+    "proto-public/**",
   ]
 }
diff --git a/proto-public/LICENSE b/proto-public/LICENSE
new file mode 100644
index 000000000000..7c5baa45e1c2
--- /dev/null
+++ b/proto-public/LICENSE
@@ -0,0 +1,365 @@
+Copyright (c) 2020 HashiCorp, Inc.
+
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. "Contributor"
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+
+     means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the terms of
+        a Secondary License.
+
+1.6. "Executable Form"
+
+     means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+
+     means a work that combines Covered Software with other material, in a
+     separate file or files, that is not Covered Software.
+
+1.8. "License"
+
+     means this document.
+
+1.9. "Licensable"
+
+     means having the right to grant, to the maximum extent possible, whether
+     at the time of the initial grant or subsequently, any and all of the
+     rights conveyed by this License.
+
+1.10. "Modifications"
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. "Patent Claims" of a Contributor
+
+      means any patent claim(s), including without limitation, method,
+      process, and apparatus claims, in any patent Licensable by such
+      Contributor that would be infringed, but for the grant of the License,
+      by the making, using, selling, offering for sale, having made, import,
+      or transfer of either its Contributions or its Contributor Version.
+
+1.12. "Secondary License"
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. "Source Code Form"
+
+      means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, "You" includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, "control" means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or
+        as part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its
+        Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution
+     become effective for each Contribution on the date the Contributor first
+     distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under
+     this License. No additional rights or licenses will be implied from the
+     distribution or licensing of Covered Software under this License.
+     Notwithstanding Section 2.1(b) above, no patent license is granted by a
+     Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party's
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of
+        its Contributions.
+
+     This License does not grant any rights in the trademarks, service marks,
+     or logos of any Contributor (except as may be necessary to comply with
+     the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this
+     License (see Section 10.2) or under the terms of a Secondary License (if
+     permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its
+     Contributions are its original creation(s) or it has sufficient rights to
+     grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under
+     applicable copyright doctrines of fair use, fair dealing, or other
+     equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under
+     the terms of this License. You must inform recipients that the Source
+     Code Form of the Covered Software is governed by the terms of this
+     License, and how they can obtain a copy of this License. You may not
+     attempt to alter or restrict the recipients' rights in the Source Code
+     Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this
+        License, or sublicense it under different terms, provided that the
+        license for the Executable Form does not attempt to limit or alter the
+        recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for
+     the Covered Software. If the Larger Work is a combination of Covered
+     Software with a work governed by one or more Secondary Licenses, and the
+     Covered Software is not Incompatible With Secondary Licenses, this
+     License permits You to additionally distribute such Covered Software
+     under the terms of such Secondary License(s), so that the recipient of
+     the Larger Work may, at their option, further distribute the Covered
+     Software under the terms of either this License or such Secondary
+     License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices
+     (including copyright notices, patent notices, disclaimers of warranty, or
+     limitations of liability) contained within the Source Code Form of the
+     Covered Software, except that You may alter any license notices to the
+     extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on
+     behalf of any Contributor. You must make it absolutely clear that any
+     such warranty, support, indemnity, or liability obligation is offered by
+     You alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute,
+   judicial order, or regulation then You must: (a) comply with the terms of
+   this License to the maximum extent possible; and (b) describe the
+   limitations and the code they affect. Such description must be placed in a
+   text file included with all distributions of the Covered Software under
+   this License. Except to the extent prohibited by statute or regulation,
+   such description must be sufficiently detailed for a recipient of ordinary
+   skill to be able to understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing
+     basis, if such Contributor fails to notify You of the non-compliance by
+     some reasonable means prior to 60 days after You have come back into
+     compliance. Moreover, Your grants from a particular Contributor are
+     reinstated on an ongoing basis if such Contributor notifies You of the
+     non-compliance by some reasonable means, this is the first time You have
+     received notice of non-compliance with this License from such
+     Contributor, and You become compliant prior to 30 days after Your receipt
+     of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions,
+     counter-claims, and cross-claims) alleging that a Contributor Version
+     directly or indirectly infringes any patent, then the rights granted to
+     You by any and all Contributors for the Covered Software under Section
+     2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an "as is" basis,
+   without warranty of any kind, either expressed, implied, or statutory,
+   including, without limitation, warranties that the Covered Software is free
+   of defects, merchantable, fit for a particular purpose or non-infringing.
+   The entire risk as to the quality and performance of the Covered Software
+   is with You. Should any Covered Software prove defective in any respect,
+   You (not any Contributor) assume the cost of any necessary servicing,
+   repair, or correction. This disclaimer of warranty constitutes an essential
+   part of this License. No use of  any Covered Software is authorized under
+   this License except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from
+   such party's negligence to the extent applicable law prohibits such
+   limitation. Some jurisdictions do not allow the exclusion or limitation of
+   incidental or consequential damages, so this exclusion and limitation may
+   not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts
+   of a jurisdiction where the defendant maintains its principal place of
+   business and such litigation shall be governed by laws of that
+   jurisdiction, without reference to its conflict-of-law provisions. Nothing
+   in this Section shall prevent a party's ability to bring cross-claims or
+   counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject
+   matter hereof. If any provision of this License is held to be
+   unenforceable, such provision shall be reformed only to the extent
+   necessary to make it enforceable. Any law or regulation which provides that
+   the language of a contract shall be construed against the drafter shall not
+   be used to construe this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version
+      of the License under which You originally received the Covered Software,
+      or under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a
+      modified version of this License if you rename the license and remove
+      any references to the name of the license steward (except to note that
+      such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+      Licenses If You choose to distribute Source Code Form that is
+      Incompatible With Secondary Licenses under the terms of this version of
+      the License, the notice described in Exhibit B of this License must be
+      attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file,
+then You may include the notice in a location (such as a LICENSE file in a
+relevant directory) where a recipient would be likely to look for such a
+notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+
+      This Source Code Form is "Incompatible
+      With Secondary Licenses", as defined by
+      the Mozilla Public License, v. 2.0.
+
diff --git a/proto-public/annotations/ratelimit/ratelimit.pb.go b/proto-public/annotations/ratelimit/ratelimit.pb.go
index 3faa4db3b6f4..3514d47ceb29 100644
--- a/proto-public/annotations/ratelimit/ratelimit.pb.go
+++ b/proto-public/annotations/ratelimit/ratelimit.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/annotations/ratelimit/ratelimit.proto b/proto-public/annotations/ratelimit/ratelimit.proto
index 4ce40cffa383..9869d86f8538 100644
--- a/proto-public/annotations/ratelimit/ratelimit.proto
+++ b/proto-public/annotations/ratelimit/ratelimit.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/buf.gen.yaml b/proto-public/buf.gen.yaml
index 943e30a2ebd2..738828ad87ac 100644
--- a/proto-public/buf.gen.yaml
+++ b/proto-public/buf.gen.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 version: v1
 managed:
diff --git a/proto-public/buf.yaml b/proto-public/buf.yaml
index e60ce31aba4e..878225723ea3 100644
--- a/proto-public/buf.yaml
+++ b/proto-public/buf.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 version: v1
 name: buf.build/hashicorp/consul
diff --git a/proto-public/pbacl/acl.pb.go b/proto-public/pbacl/acl.pb.go
index 56d2ea26aa5b..f85a9e0b48e8 100644
--- a/proto-public/pbacl/acl.pb.go
+++ b/proto-public/pbacl/acl.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbacl/acl.proto b/proto-public/pbacl/acl.proto
index f57436c51149..bfb71ad4f2e0 100644
--- a/proto-public/pbacl/acl.proto
+++ b/proto-public/pbacl/acl.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/dns.pb.go b/proto-public/pbcatalog/v1alpha1/dns.pb.go
index 347781e14a68..9f6ed584dfcc 100644
--- a/proto-public/pbcatalog/v1alpha1/dns.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/dns.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/dns.proto b/proto-public/pbcatalog/v1alpha1/dns.proto
index 0936c343106c..35ca336b11fd 100644
--- a/proto-public/pbcatalog/v1alpha1/dns.proto
+++ b/proto-public/pbcatalog/v1alpha1/dns.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go b/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
index a0128c4c2d9f..568405a1cd53 100644
--- a/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy.proto b/proto-public/pbcatalog/v1alpha1/failover_policy.proto
index 2b8e18c82907..69dcec0d973d 100644
--- a/proto-public/pbcatalog/v1alpha1/failover_policy.proto
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go b/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
index 4111e8943346..8c1f2d104cae 100644
--- a/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package catalogv1alpha1
 
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go b/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go
index 8849d4a022f6..f9fe3e879dca 100644
--- a/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go
+++ b/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package catalogv1alpha1
 
diff --git a/proto-public/pbcatalog/v1alpha1/health.pb.go b/proto-public/pbcatalog/v1alpha1/health.pb.go
index 58709a57bec1..071c405d9941 100644
--- a/proto-public/pbcatalog/v1alpha1/health.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/health.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/health.proto b/proto-public/pbcatalog/v1alpha1/health.proto
index 9b302208b665..477aa15fc517 100644
--- a/proto-public/pbcatalog/v1alpha1/health.proto
+++ b/proto-public/pbcatalog/v1alpha1/health.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/node.pb.go b/proto-public/pbcatalog/v1alpha1/node.pb.go
index 69346e9dffe5..b59d03bb9131 100644
--- a/proto-public/pbcatalog/v1alpha1/node.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/node.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/node.proto b/proto-public/pbcatalog/v1alpha1/node.proto
index 5367ec05aa3e..56a7ce3a2cfa 100644
--- a/proto-public/pbcatalog/v1alpha1/node.proto
+++ b/proto-public/pbcatalog/v1alpha1/node.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/protocol.pb.go b/proto-public/pbcatalog/v1alpha1/protocol.pb.go
index 07e6efb76756..71e89aab4aa5 100644
--- a/proto-public/pbcatalog/v1alpha1/protocol.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/protocol.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/protocol.proto b/proto-public/pbcatalog/v1alpha1/protocol.proto
index d57803f8ab65..a18351c5d6d8 100644
--- a/proto-public/pbcatalog/v1alpha1/protocol.proto
+++ b/proto-public/pbcatalog/v1alpha1/protocol.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/selector.pb.go b/proto-public/pbcatalog/v1alpha1/selector.pb.go
index 12d1210edec8..8caf0f51d6c8 100644
--- a/proto-public/pbcatalog/v1alpha1/selector.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/selector.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/selector.proto b/proto-public/pbcatalog/v1alpha1/selector.proto
index fce4d85d0d5e..1b5aa366e07f 100644
--- a/proto-public/pbcatalog/v1alpha1/selector.proto
+++ b/proto-public/pbcatalog/v1alpha1/selector.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/service.pb.go b/proto-public/pbcatalog/v1alpha1/service.pb.go
index 3be2d077d1e3..cd72ccf268ff 100644
--- a/proto-public/pbcatalog/v1alpha1/service.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/service.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/service.proto b/proto-public/pbcatalog/v1alpha1/service.proto
index 3b9abc4b5762..4d4d681308d9 100644
--- a/proto-public/pbcatalog/v1alpha1/service.proto
+++ b/proto-public/pbcatalog/v1alpha1/service.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/service_endpoints.pb.go b/proto-public/pbcatalog/v1alpha1/service_endpoints.pb.go
index 2ec7c9a191d8..903de0706bf2 100644
--- a/proto-public/pbcatalog/v1alpha1/service_endpoints.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/service_endpoints.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/service_endpoints.proto b/proto-public/pbcatalog/v1alpha1/service_endpoints.proto
index 49de36bb011d..df3c70e0312f 100644
--- a/proto-public/pbcatalog/v1alpha1/service_endpoints.proto
+++ b/proto-public/pbcatalog/v1alpha1/service_endpoints.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/vip.pb.go b/proto-public/pbcatalog/v1alpha1/vip.pb.go
index 88995afaa00a..7ba05aa85096 100644
--- a/proto-public/pbcatalog/v1alpha1/vip.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/vip.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/vip.proto b/proto-public/pbcatalog/v1alpha1/vip.proto
index 3ffa15211481..5efee624fcaa 100644
--- a/proto-public/pbcatalog/v1alpha1/vip.proto
+++ b/proto-public/pbcatalog/v1alpha1/vip.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbcatalog/v1alpha1/workload.pb.go b/proto-public/pbcatalog/v1alpha1/workload.pb.go
index f0f8d807d531..e1f75d810cb8 100644
--- a/proto-public/pbcatalog/v1alpha1/workload.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/workload.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbcatalog/v1alpha1/workload.proto b/proto-public/pbcatalog/v1alpha1/workload.proto
index ee64b72637b6..00c82b8eebd3 100644
--- a/proto-public/pbcatalog/v1alpha1/workload.proto
+++ b/proto-public/pbcatalog/v1alpha1/workload.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbconnectca/ca.pb.go b/proto-public/pbconnectca/ca.pb.go
index 289acf7bd53c..b4312816f310 100644
--- a/proto-public/pbconnectca/ca.pb.go
+++ b/proto-public/pbconnectca/ca.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbconnectca/ca.proto b/proto-public/pbconnectca/ca.proto
index 7fe821b244b6..9458e83478d9 100644
--- a/proto-public/pbconnectca/ca.proto
+++ b/proto-public/pbconnectca/ca.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbdataplane/dataplane.pb.go b/proto-public/pbdataplane/dataplane.pb.go
index 8507fd37f303..eeecbc2bd02b 100644
--- a/proto-public/pbdataplane/dataplane.pb.go
+++ b/proto-public/pbdataplane/dataplane.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package dataplane provides a service on Consul servers for the Consul Dataplane
 
diff --git a/proto-public/pbdataplane/dataplane.proto b/proto-public/pbdataplane/dataplane.proto
index ced1b334eb49..98a0a750fbfa 100644
--- a/proto-public/pbdataplane/dataplane.proto
+++ b/proto-public/pbdataplane/dataplane.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package dataplane provides a service on Consul servers for the Consul Dataplane
 
diff --git a/proto-public/pbdns/dns.pb.go b/proto-public/pbdns/dns.pb.go
index 8d0d58d7d530..c3825d68e9e4 100644
--- a/proto-public/pbdns/dns.pb.go
+++ b/proto-public/pbdns/dns.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbdns/dns.proto b/proto-public/pbdns/dns.proto
index 5771350ce3cc..126b1cc4eb65 100644
--- a/proto-public/pbdns/dns.proto
+++ b/proto-public/pbdns/dns.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/common.pb.go b/proto-public/pbmesh/v1alpha1/common.pb.go
index 680539c99db8..4262d3872c3d 100644
--- a/proto-public/pbmesh/v1alpha1/common.pb.go
+++ b/proto-public/pbmesh/v1alpha1/common.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/common.proto b/proto-public/pbmesh/v1alpha1/common.proto
index 63110429c6e6..48668e59dd5a 100644
--- a/proto-public/pbmesh/v1alpha1/common.proto
+++ b/proto-public/pbmesh/v1alpha1/common.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/computed_routes.pb.go b/proto-public/pbmesh/v1alpha1/computed_routes.pb.go
index da04a618ec5e..605e4fbd679e 100644
--- a/proto-public/pbmesh/v1alpha1/computed_routes.pb.go
+++ b/proto-public/pbmesh/v1alpha1/computed_routes.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/computed_routes.proto b/proto-public/pbmesh/v1alpha1/computed_routes.proto
index 3cc898f2e6db..d48d417d6823 100644
--- a/proto-public/pbmesh/v1alpha1/computed_routes.proto
+++ b/proto-public/pbmesh/v1alpha1/computed_routes.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/connection.pb.go b/proto-public/pbmesh/v1alpha1/connection.pb.go
index e3595a72480a..221845b26dbb 100644
--- a/proto-public/pbmesh/v1alpha1/connection.pb.go
+++ b/proto-public/pbmesh/v1alpha1/connection.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/connection.proto b/proto-public/pbmesh/v1alpha1/connection.proto
index 52c9f4563224..8cae7c1c1099 100644
--- a/proto-public/pbmesh/v1alpha1/connection.proto
+++ b/proto-public/pbmesh/v1alpha1/connection.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/destination_policy.pb.go b/proto-public/pbmesh/v1alpha1/destination_policy.pb.go
index 0d7048e836c0..44a3049d5eb2 100644
--- a/proto-public/pbmesh/v1alpha1/destination_policy.pb.go
+++ b/proto-public/pbmesh/v1alpha1/destination_policy.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/destination_policy.proto b/proto-public/pbmesh/v1alpha1/destination_policy.proto
index a1be9d9a307b..cc03f38d8c05 100644
--- a/proto-public/pbmesh/v1alpha1/destination_policy.proto
+++ b/proto-public/pbmesh/v1alpha1/destination_policy.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/expose.pb.go b/proto-public/pbmesh/v1alpha1/expose.pb.go
index 4d346add84ea..c5e13ecf0020 100644
--- a/proto-public/pbmesh/v1alpha1/expose.pb.go
+++ b/proto-public/pbmesh/v1alpha1/expose.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/expose.proto b/proto-public/pbmesh/v1alpha1/expose.proto
index 33663db881c2..bf8591f20d74 100644
--- a/proto-public/pbmesh/v1alpha1/expose.proto
+++ b/proto-public/pbmesh/v1alpha1/expose.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/grpc_route.pb.go b/proto-public/pbmesh/v1alpha1/grpc_route.pb.go
index a9f043d58182..2f25aae654e7 100644
--- a/proto-public/pbmesh/v1alpha1/grpc_route.pb.go
+++ b/proto-public/pbmesh/v1alpha1/grpc_route.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/grpc_route.proto b/proto-public/pbmesh/v1alpha1/grpc_route.proto
index 98369980a510..ce4ca4d917ca 100644
--- a/proto-public/pbmesh/v1alpha1/grpc_route.proto
+++ b/proto-public/pbmesh/v1alpha1/grpc_route.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/http_route.pb.go b/proto-public/pbmesh/v1alpha1/http_route.pb.go
index 94af113814c2..f69b84f22656 100644
--- a/proto-public/pbmesh/v1alpha1/http_route.pb.go
+++ b/proto-public/pbmesh/v1alpha1/http_route.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/http_route.proto b/proto-public/pbmesh/v1alpha1/http_route.proto
index 595a5ae3e76c..ea14176b1b7c 100644
--- a/proto-public/pbmesh/v1alpha1/http_route.proto
+++ b/proto-public/pbmesh/v1alpha1/http_route.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go b/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
index 6a3e5142daec..5a34d26a3260 100644
--- a/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
+++ b/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/http_route_retries.proto b/proto-public/pbmesh/v1alpha1/http_route_retries.proto
index 594ea8a119b3..3ea112027abe 100644
--- a/proto-public/pbmesh/v1alpha1/http_route_retries.proto
+++ b/proto-public/pbmesh/v1alpha1/http_route_retries.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go b/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
index 27b3cfdb5117..0fc421e43e5b 100644
--- a/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
+++ b/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto b/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
index b627d2f1cac5..f33587496b55 100644
--- a/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
+++ b/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
index c7bc160ae4ea..bedb5f988072 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
index f02c63ff3b38..00770c0c146e 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
index 0f954be1236c..0afb768f4aa4 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
index ac6384879cc4..2d08199a0ecc 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
index ab573377aac2..a641988f422a 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
index 2073302c0575..802e873401e8 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
index 10e306c8a345..ce14e15f722d 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
index 09feada9cf31..28ff53b7eec1 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
index 03d095abdf46..9250341dbef5 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
index 3e6049459a20..ab8871182780 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
index da94adbc546c..71d0b5dc3c02 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
index 0359c144ca8f..ca3bd6ee79cc 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
index 1b54eee4ae09..171c5f357f37 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
index d47c5bc04727..37f009cc3039 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
index 962c109388ed..24c6f5fc8ce5 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
index 66f23651b0ff..d4a4dcda9f35 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
index 666e2a91acb6..cee7c44bc46b 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
index 168a25a49e06..3e2c1ddd45ca 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
index 3256ab8c2ef6..c6840dd18aaa 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
index 084b52d2d7af..2ec10f3737d1 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
index 59317396be4a..816ddb717b0c 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
index d5173f59a5e8..4d191ba580dd 100644
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
+++ b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
index 6795d42ae8e6..0072714553da 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/proxy_configuration.proto b/proto-public/pbmesh/v1alpha1/proxy_configuration.proto
index 6d64ba37d254..c20ff3d47c44 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_configuration.proto
+++ b/proto-public/pbmesh/v1alpha1/proxy_configuration.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
index a9c7b57a5729..59337a5fffbc 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.proto b/proto-public/pbmesh/v1alpha1/proxy_state.proto
index dfbe1ca1dee2..a97b54ddc410 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_state.proto
+++ b/proto-public/pbmesh/v1alpha1/proxy_state.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/routing.pb.go b/proto-public/pbmesh/v1alpha1/routing.pb.go
index cccbd6ff7714..19f6a7d1c1b3 100644
--- a/proto-public/pbmesh/v1alpha1/routing.pb.go
+++ b/proto-public/pbmesh/v1alpha1/routing.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/routing.proto b/proto-public/pbmesh/v1alpha1/routing.proto
index cbd15e3997fb..d2b1cdd8b095 100644
--- a/proto-public/pbmesh/v1alpha1/routing.proto
+++ b/proto-public/pbmesh/v1alpha1/routing.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/tcp_route.pb.go b/proto-public/pbmesh/v1alpha1/tcp_route.pb.go
index 80cd8ca96333..6a8cf5700fc4 100644
--- a/proto-public/pbmesh/v1alpha1/tcp_route.pb.go
+++ b/proto-public/pbmesh/v1alpha1/tcp_route.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/tcp_route.proto b/proto-public/pbmesh/v1alpha1/tcp_route.proto
index bd3e46ca5bc0..0a6c974c046b 100644
--- a/proto-public/pbmesh/v1alpha1/tcp_route.proto
+++ b/proto-public/pbmesh/v1alpha1/tcp_route.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.pb.go b/proto-public/pbmesh/v1alpha1/upstreams.pb.go
index bc50e8627246..e8e9e4f9cf89 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.pb.go
+++ b/proto-public/pbmesh/v1alpha1/upstreams.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.proto b/proto-public/pbmesh/v1alpha1/upstreams.proto
index 3b8550208723..a78d8c3f9792 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.proto
+++ b/proto-public/pbmesh/v1alpha1/upstreams.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
index 10527dd3b7e8..61f9709cdcd1 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
+++ b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto b/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
index 5452e95ee267..81bbbf5f8269 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
+++ b/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbresource/resource.pb.go b/proto-public/pbresource/resource.pb.go
index 9ff9f6f0d86f..889a0314af31 100644
--- a/proto-public/pbresource/resource.pb.go
+++ b/proto-public/pbresource/resource.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto-public/pbresource/resource.proto b/proto-public/pbresource/resource.proto
index 1f4bfb305956..9e65647587b7 100644
--- a/proto-public/pbresource/resource.proto
+++ b/proto-public/pbresource/resource.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto-public/pbserverdiscovery/serverdiscovery.pb.go b/proto-public/pbserverdiscovery/serverdiscovery.pb.go
index 2ef18a5b44d5..37b3b592e7d8 100644
--- a/proto-public/pbserverdiscovery/serverdiscovery.pb.go
+++ b/proto-public/pbserverdiscovery/serverdiscovery.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package serverdiscovery provides a service on Consul servers to discover the set of servers
 // currently able to handle incoming requests.
diff --git a/proto-public/pbserverdiscovery/serverdiscovery.proto b/proto-public/pbserverdiscovery/serverdiscovery.proto
index 9c4f9e96a76c..c2c06aed7256 100644
--- a/proto-public/pbserverdiscovery/serverdiscovery.proto
+++ b/proto-public/pbserverdiscovery/serverdiscovery.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package serverdiscovery provides a service on Consul servers to discover the set of servers
 // currently able to handle incoming requests.

From 217d305b38d5c31415e479217d1d2e0f5f98eb41 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Mon, 21 Aug 2023 12:08:13 -0600
Subject: [PATCH 306/359] NET-4943 - Implement ProxyTracker (#18535)

---
 agent/proxy-tracker/mock_Logger.go         |  31 ++
 agent/proxy-tracker/mock_SessionLimiter.go |  53 ++++
 agent/proxy-tracker/proxy_tracker.go       | 278 ++++++++++++++++
 agent/proxy-tracker/proxy_tracker_test.go  | 351 +++++++++++++++++++++
 4 files changed, 713 insertions(+)
 create mode 100644 agent/proxy-tracker/mock_Logger.go
 create mode 100644 agent/proxy-tracker/mock_SessionLimiter.go
 create mode 100644 agent/proxy-tracker/proxy_tracker.go
 create mode 100644 agent/proxy-tracker/proxy_tracker_test.go

diff --git a/agent/proxy-tracker/mock_Logger.go b/agent/proxy-tracker/mock_Logger.go
new file mode 100644
index 000000000000..b4d28b096e86
--- /dev/null
+++ b/agent/proxy-tracker/mock_Logger.go
@@ -0,0 +1,31 @@
+// Code generated by mockery v2.32.4. DO NOT EDIT.
+
+package proxytracker
+
+import mock "github.com/stretchr/testify/mock"
+
+// MockLogger is an autogenerated mock type for the Logger type
+type MockLogger struct {
+	mock.Mock
+}
+
+// Error provides a mock function with given fields: args
+func (_m *MockLogger) Error(args ...interface{}) {
+	var _ca []interface{}
+	_ca = append(_ca, args...)
+	_m.Called(_ca...)
+}
+
+// NewMockLogger creates a new instance of MockLogger. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewMockLogger(t interface {
+	mock.TestingT
+	Cleanup(func())
+}) *MockLogger {
+	mock := &MockLogger{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}
diff --git a/agent/proxy-tracker/mock_SessionLimiter.go b/agent/proxy-tracker/mock_SessionLimiter.go
new file mode 100644
index 000000000000..4a2c5f324a1b
--- /dev/null
+++ b/agent/proxy-tracker/mock_SessionLimiter.go
@@ -0,0 +1,53 @@
+// Code generated by mockery v2.32.4. DO NOT EDIT.
+
+package proxytracker
+
+import (
+	limiter "github.com/hashicorp/consul/agent/grpc-external/limiter"
+	mock "github.com/stretchr/testify/mock"
+)
+
+// MockSessionLimiter is an autogenerated mock type for the SessionLimiter type
+type MockSessionLimiter struct {
+	mock.Mock
+}
+
+// BeginSession provides a mock function with given fields:
+func (_m *MockSessionLimiter) BeginSession() (limiter.Session, error) {
+	ret := _m.Called()
+
+	var r0 limiter.Session
+	var r1 error
+	if rf, ok := ret.Get(0).(func() (limiter.Session, error)); ok {
+		return rf()
+	}
+	if rf, ok := ret.Get(0).(func() limiter.Session); ok {
+		r0 = rf()
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(limiter.Session)
+		}
+	}
+
+	if rf, ok := ret.Get(1).(func() error); ok {
+		r1 = rf()
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// NewMockSessionLimiter creates a new instance of MockSessionLimiter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewMockSessionLimiter(t interface {
+	mock.TestingT
+	Cleanup(func())
+}) *MockSessionLimiter {
+	mock := &MockSessionLimiter{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}
diff --git a/agent/proxy-tracker/proxy_tracker.go b/agent/proxy-tracker/proxy_tracker.go
new file mode 100644
index 000000000000..00c0cf23f990
--- /dev/null
+++ b/agent/proxy-tracker/proxy_tracker.go
@@ -0,0 +1,278 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package proxytracker
+
+import (
+	"errors"
+	"fmt"
+	"sync"
+
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/mesh"
+	"github.com/hashicorp/consul/internal/resource"
+
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+	"github.com/hashicorp/consul/agent/proxycfg"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+// Proxy implements the queue.ItemType interface so that it can be used in a controller.Event.
+// It is sent on the newProxyConnectionCh channel.
+// TODO(ProxyState): needs to support tenancy in the future.
+// Key() is current resourceID.Name.
+type ProxyConnection struct {
+	ProxyID *pbresource.ID
+}
+
+func (e *ProxyConnection) Key() string {
+	return e.ProxyID.GetName()
+}
+
+// proxyWatchData is a handle on all of the relevant bits that is created by calling Watch().
+// It is meant to be stored in the proxies cache by proxyID so that watches can be notified
+// when the ProxyState for that proxyID has changed.
+type proxyWatchData struct {
+	// notifyCh is the channel that the watcher receives updates from ProxyTracker.
+	notifyCh chan *pbmesh.ProxyState
+	// state is the current/last updated ProxyState for a given proxy.
+	state *pbmesh.ProxyState
+	// token is the ACL token provided by the watcher.
+	token string
+	// nodeName is the node where the given proxy resides.
+	nodeName string
+}
+
+type ProxyTrackerConfig struct {
+	// logger will be used to write log messages.
+	Logger Logger
+
+	// sessionLimiter is used to enforce xDS concurrency limits.
+	SessionLimiter SessionLimiter
+}
+
+// ProxyTracker implements the Watcher and Updater interfaces. The Watcher is used by the xds server to add a new proxy
+// to this server, and get back a channel for updates. The Updater is used by the ProxyState controller running on the
+// server to push ProxyState updates to the notify channel.
+type ProxyTracker struct {
+	config ProxyTrackerConfig
+	// proxies is a cache of the proxies connected to this server and configuration information for each one.
+	proxies map[resource.ReferenceKey]*proxyWatchData
+	// newProxyConnectionCh is the channel that the "updater" retains to receive messages from ProxyTracker that a new
+	// proxy has connected to ProxyTracker and a signal the "updater" should call PushChanges with a new state.
+	newProxyConnectionCh chan controller.Event
+	// shutdownCh is a channel that closes when ProxyTracker is shutdown. ShutdownChannel is never written to, only closed to
+	// indicate a shutdown has been initiated.
+	shutdownCh chan struct{}
+	// mu is a mutex that is used internally for locking when reading and modifying ProxyTracker state, namely the proxies map.
+	mu sync.Mutex
+}
+
+// NewProxyTracker returns a ProxyTracker instance given a configuration.
+func NewProxyTracker(cfg ProxyTrackerConfig) *ProxyTracker {
+	return &ProxyTracker{
+		config:  cfg,
+		proxies: make(map[resource.ReferenceKey]*proxyWatchData),
+		// buffering this channel since ProxyTracker will be registering watches for all proxies.
+		// using the buffer will limit errors related to controller and the proxy are both running
+		// but the controllers listening function is not blocking on the particular receive line.
+		// This channel is meant to error when the controller is "not ready" which means up and alive.
+		// This buffer will try to reduce false negatives and limit unnecessary erroring.
+		newProxyConnectionCh: make(chan controller.Event, 1000),
+		shutdownCh:           make(chan struct{}),
+	}
+}
+
+// Watch connects a proxy with ProxyTracker and returns the consumer a channel to receive updates,
+// a channel to notify of xDS terminated session, and a cancel function to cancel the watch.
+func (pt *ProxyTracker) Watch(proxyID *pbresource.ID,
+	nodeName string, token string) (<-chan *pbmesh.ProxyState,
+	limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+
+	if err := validateArgs(proxyID, nodeName, token); err != nil {
+		pt.config.Logger.Error("args failed validation", err)
+		return nil, nil, nil, err
+	}
+	// Begin a session with the xDS session concurrency limiter.
+	//
+	// See: https://github.com/hashicorp/consul/issues/15753
+	session, err := pt.config.SessionLimiter.BeginSession()
+	if err != nil {
+		pt.config.Logger.Error("failed to begin session with xDS session concurrency limiter", err)
+		return nil, nil, nil, err
+	}
+
+	// This buffering is crucial otherwise we'd block immediately trying to
+	// deliver the current snapshot below if we already have one.
+	proxyStateChan := make(chan *pbmesh.ProxyState, 1)
+	watchData := &proxyWatchData{
+		notifyCh: proxyStateChan,
+		state:    nil,
+		token:    token,
+		nodeName: nodeName,
+	}
+
+	proxyReferenceKey := resource.NewReferenceKey(proxyID)
+	cancel := func() {
+		pt.mu.Lock()
+		defer pt.mu.Unlock()
+		pt.cancelWatchLocked(proxyReferenceKey, proxyStateChan, session)
+	}
+
+	pt.mu.Lock()
+	defer pt.mu.Unlock()
+
+	pt.proxies[proxyReferenceKey] = watchData
+
+	//Send an event to the controller
+	err = pt.notifyNewProxyChannel(proxyID)
+	if err != nil {
+		pt.cancelWatchLocked(proxyReferenceKey, watchData.notifyCh, session)
+		return nil, nil, nil, err
+	}
+
+	return proxyStateChan, session.Terminated(), cancel, nil
+}
+
+// notifyNewProxyChannel attempts to send a message to newProxyConnectionCh and will return an error if there's no receiver.
+// This will handle conditions where a proxy is connected but there's no controller for some reason to receive the event.
+// This will error back to the proxy's Watch call and will cause the proxy call Watch again to retry connection until the controller
+// is available.
+func (pt *ProxyTracker) notifyNewProxyChannel(proxyID *pbresource.ID) error {
+	controllerEvent := controller.Event{
+		Obj: &ProxyConnection{
+			ProxyID: proxyID,
+		},
+	}
+	select {
+	case pt.newProxyConnectionCh <- controllerEvent:
+		return nil
+		// using default here to return errors is only safe when we have a large buffer.
+		// the receiver is on a loop to read from the channel.  If the sequence of
+		// sender blocks on the channel and then the receiver blocks on the channel is not
+		// aligned, then extraneous errors could be returned to the proxy that are just
+		// false negatives and the controller could be up and healthy.
+	default:
+		return fmt.Errorf("failed to notify the controller of the proxy connecting")
+	}
+}
+
+// cancelWatchLocked does the following:
+// - deletes the key from the proxies array.
+// - ends the session with xDS session limiter.
+// - closes the proxy state channel assigned to the proxy.
+// This function assumes the state lock is already held.
+func (pt *ProxyTracker) cancelWatchLocked(proxyReferenceKey resource.ReferenceKey, proxyStateChan chan *pbmesh.ProxyState, session limiter.Session) {
+	delete(pt.proxies, proxyReferenceKey)
+	session.End()
+	close(proxyStateChan)
+}
+
+func validateArgs(proxyID *pbresource.ID,
+	nodeName string, token string) error {
+	if proxyID == nil {
+		return errors.New("proxyID is required")
+	} else if proxyID.Type.Kind != mesh.ProxyStateTemplateConfigurationType.Kind {
+		return fmt.Errorf("proxyID must be a %s", mesh.ProxyStateTemplateConfigurationType.GetKind())
+	} else if nodeName == "" {
+		return errors.New("nodeName is required")
+	} else if token == "" {
+		return errors.New("token is required")
+	}
+
+	return nil
+}
+
+// PushChange allows pushing a computed ProxyState to xds for xds resource generation to send to a proxy.
+func (pt *ProxyTracker) PushChange(proxyID *pbresource.ID, proxyState *pbmesh.ProxyState) error {
+	proxyReferenceKey := resource.NewReferenceKey(proxyID)
+	pt.mu.Lock()
+	defer pt.mu.Unlock()
+	if data, ok := pt.proxies[proxyReferenceKey]; ok {
+		data.state = proxyState
+		pt.deliverLatest(proxyID, proxyState, data.notifyCh)
+	} else {
+		return errors.New("proxyState change could not be sent because proxy is not connected")
+	}
+
+	return nil
+}
+
+func (pt *ProxyTracker) deliverLatest(proxyID *pbresource.ID, proxyState *pbmesh.ProxyState, ch chan *pbmesh.ProxyState) {
+	// Send if chan is empty
+	select {
+	case ch <- proxyState:
+		return
+	default:
+	}
+
+	// Not empty, drain the chan of older snapshots and redeliver. For now we only
+	// use 1-buffered chans but this will still work if we change that later.
+OUTER:
+	for {
+		select {
+		case <-ch:
+			continue
+		default:
+			break OUTER
+		}
+	}
+
+	// Now send again
+	select {
+	case ch <- proxyState:
+		return
+	default:
+		// This should not be possible since we should be the only sender, enforced
+		// by m.mu but error and drop the update rather than panic.
+		pt.config.Logger.Error("failed to deliver proxyState to proxy",
+			"proxy", proxyID.String(),
+		)
+	}
+}
+
+// EventChannel returns an event channel that sends controller events when a proxy connects to a server.
+func (pt *ProxyTracker) EventChannel() chan controller.Event {
+	return pt.newProxyConnectionCh
+}
+
+// ShutdownChannel returns a channel that closes when ProxyTracker is shutdown. ShutdownChannel is never written to, only closed to
+// indicate a shutdown has been initiated.
+func (pt *ProxyTracker) ShutdownChannel() chan struct{} {
+	return pt.shutdownCh
+}
+
+// ProxyConnectedToServer returns whether this id is connected to this server.
+func (pt *ProxyTracker) ProxyConnectedToServer(proxyID *pbresource.ID) bool {
+	pt.mu.Lock()
+	defer pt.mu.Unlock()
+	proxyReferenceKey := resource.NewReferenceKey(proxyID)
+	_, ok := pt.proxies[proxyReferenceKey]
+	return ok
+}
+
+// Shutdown removes all state and close all channels.
+func (pt *ProxyTracker) Shutdown() {
+	pt.mu.Lock()
+	defer pt.mu.Unlock()
+
+	// Close all current watchers first
+	for proxyID, watchData := range pt.proxies {
+		close(watchData.notifyCh)
+		delete(pt.proxies, proxyID)
+	}
+
+	close(pt.newProxyConnectionCh)
+	close(pt.shutdownCh)
+}
+
+//go:generate mockery --name SessionLimiter --inpackage
+type SessionLimiter interface {
+	BeginSession() (limiter.Session, error)
+}
+
+//go:generate mockery --name Logger --inpackage
+type Logger interface {
+	Error(args ...any)
+}
diff --git a/agent/proxy-tracker/proxy_tracker_test.go b/agent/proxy-tracker/proxy_tracker_test.go
new file mode 100644
index 000000000000..3913f95b213f
--- /dev/null
+++ b/agent/proxy-tracker/proxy_tracker_test.go
@@ -0,0 +1,351 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package proxytracker
+
+import (
+	"errors"
+	"fmt"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/mesh"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+	"testing"
+)
+
+func TestProxyTracker_Watch(t *testing.T) {
+	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	proxyReferenceKey := resource.NewReferenceKey(resourceID)
+	lim := NewMockSessionLimiter(t)
+	session1 := newMockSession(t)
+	session1TermCh := make(limiter.SessionTerminatedChan)
+	session1.On("Terminated").Return(session1TermCh)
+	session1.On("End").Return()
+	lim.On("BeginSession").Return(session1, nil)
+	logger := NewMockLogger(t)
+
+	pt := NewProxyTracker(ProxyTrackerConfig{
+		Logger:         logger,
+		SessionLimiter: lim,
+	})
+
+	// Watch()
+	proxyStateChan, _, cancelFunc, err := pt.Watch(resourceID, "node 1", "token")
+	require.NoError(t, err)
+
+	// ensure New Proxy Connection message is sent
+	newProxyMsg := <-pt.EventChannel()
+	require.Equal(t, resourceID.Name, newProxyMsg.Obj.Key())
+
+	// watchData is stored in the proxies array with a nil state
+	watchData, ok := pt.proxies[proxyReferenceKey]
+	require.True(t, ok)
+	require.NotNil(t, watchData)
+	require.Nil(t, watchData.state)
+
+	// calling cancelFunc does the following:
+	// - closes the proxy state channel
+	// - and removes the map entry for the proxy
+	// - session is ended
+	cancelFunc()
+
+	// read channel to see if there is data and it is open.
+	receivedState, channelOpen := <-proxyStateChan
+	require.Nil(t, receivedState)
+	require.False(t, channelOpen)
+
+	// key is removed from proxies array
+	_, ok = pt.proxies[proxyReferenceKey]
+	require.False(t, ok)
+
+	// session ended
+	session1.AssertCalled(t, "Terminated")
+	session1.AssertCalled(t, "End")
+}
+
+func TestProxyTracker_Watch_ErrorConsumerNotReady(t *testing.T) {
+	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	proxyReferenceKey := resource.NewReferenceKey(resourceID)
+	lim := NewMockSessionLimiter(t)
+	session1 := newMockSession(t)
+	session1.On("End").Return()
+	lim.On("BeginSession").Return(session1, nil)
+	logger := NewMockLogger(t)
+
+	pt := NewProxyTracker(ProxyTrackerConfig{
+		Logger:         logger,
+		SessionLimiter: lim,
+	})
+
+	//fill up buffered channel while the consumer is not ready to simulate the error
+	for i := 0; i < 1000; i++ {
+		event := controller.Event{Obj: &ProxyConnection{ProxyID: resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, fmt.Sprintf("test%d", i)).ID()}}
+		pt.newProxyConnectionCh <- event
+	}
+
+	// Watch()
+	proxyStateChan, sessionTerminatedCh, cancelFunc, err := pt.Watch(resourceID, "node 1", "token")
+	require.Nil(t, cancelFunc)
+	require.Nil(t, proxyStateChan)
+	require.Nil(t, sessionTerminatedCh)
+	require.Error(t, err)
+	require.Equal(t, "failed to notify the controller of the proxy connecting", err.Error())
+
+	// it is not stored in the proxies array
+	watchData, ok := pt.proxies[proxyReferenceKey]
+	require.False(t, ok)
+	require.Nil(t, watchData)
+}
+
+func TestProxyTracker_Watch_ArgValidationErrors(t *testing.T) {
+	type testcase struct {
+		description   string
+		proxyID       *pbresource.ID
+		nodeName      string
+		token         string
+		expectedError error
+	}
+	testcases := []*testcase{
+		{
+			description:   "Empty proxyID",
+			proxyID:       nil,
+			nodeName:      "something",
+			token:         "something",
+			expectedError: errors.New("proxyID is required"),
+		},
+		{
+			description:   "Empty nodeName",
+			proxyID:       resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID(),
+			nodeName:      "",
+			token:         "something",
+			expectedError: errors.New("nodeName is required"),
+		},
+		{
+			description:   "Empty token",
+			proxyID:       resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID(),
+			nodeName:      "something",
+			token:         "",
+			expectedError: errors.New("token is required"),
+		},
+		{
+			description:   "resource is not ProxyStateTemplate",
+			proxyID:       resourcetest.Resource(mesh.ProxyConfigurationType, "test").ID(),
+			nodeName:      "something",
+			token:         "something else",
+			expectedError: errors.New("proxyID must be a ProxyStateTemplate"),
+		},
+	}
+	for _, tc := range testcases {
+		lim := NewMockSessionLimiter(t)
+		lim.On("BeginSession").Return(nil, nil).Maybe()
+		logger := NewMockLogger(t)
+		logger.On("Error", mock.Anything, mock.Anything).Return(nil)
+
+		pt := NewProxyTracker(ProxyTrackerConfig{
+			Logger:         logger,
+			SessionLimiter: lim,
+		})
+
+		// Watch()
+		proxyStateChan, sessionTerminateCh, cancelFunc, err := pt.Watch(tc.proxyID, tc.nodeName, tc.token)
+		require.Error(t, err)
+		require.Equal(t, tc.expectedError, err)
+		require.Nil(t, proxyStateChan)
+		require.Nil(t, sessionTerminateCh)
+		require.Nil(t, cancelFunc)
+	}
+}
+
+func TestProxyTracker_Watch_SessionLimiterError(t *testing.T) {
+	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	lim := NewMockSessionLimiter(t)
+	lim.On("BeginSession").Return(nil, errors.New("kaboom"))
+	logger := NewMockLogger(t)
+	logger.On("Error", mock.Anything, mock.Anything).Return(nil)
+
+	pt := NewProxyTracker(ProxyTrackerConfig{
+		Logger:         logger,
+		SessionLimiter: lim,
+	})
+
+	// Watch()
+	proxyStateChan, sessionTerminateCh, cancelFunc, err := pt.Watch(resourceID, "node 1", "token")
+	require.Error(t, err)
+	require.Equal(t, "kaboom", err.Error())
+	require.Nil(t, proxyStateChan)
+	require.Nil(t, sessionTerminateCh)
+	require.Nil(t, cancelFunc)
+}
+
+func TestProxyTracker_PushChange(t *testing.T) {
+	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	proxyReferenceKey := resource.NewReferenceKey(resourceID)
+	lim := NewMockSessionLimiter(t)
+	session1 := newMockSession(t)
+	session1TermCh := make(limiter.SessionTerminatedChan)
+	session1.On("Terminated").Return(session1TermCh)
+	lim.On("BeginSession").Return(session1, nil)
+	logger := NewMockLogger(t)
+
+	pt := NewProxyTracker(ProxyTrackerConfig{
+		Logger:         logger,
+		SessionLimiter: lim,
+	})
+
+	// Watch()
+	proxyStateChan, _, _, err := pt.Watch(resourceID, "node 1", "token")
+	require.NoError(t, err)
+
+	// PushChange
+	proxyState := &pbmesh.ProxyState{
+		IntentionDefaultAllow: true,
+	}
+
+	// using a goroutine so that the channel and main test thread do not cause
+	// blocking issues with each other
+	go func() {
+		err = pt.PushChange(resourceID, proxyState)
+		require.NoError(t, err)
+	}()
+
+	// channel receives a copy
+	receivedState, channelOpen := <-proxyStateChan
+	require.True(t, channelOpen)
+	require.Equal(t, proxyState, receivedState)
+
+	// it is stored in the proxies array
+	watchData, ok := pt.proxies[proxyReferenceKey]
+	require.True(t, ok)
+	require.Equal(t, proxyState, watchData.state)
+}
+
+func TestProxyTracker_PushChanges_ErrorProxyNotConnected(t *testing.T) {
+	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	lim := NewMockSessionLimiter(t)
+	logger := NewMockLogger(t)
+
+	pt := NewProxyTracker(ProxyTrackerConfig{
+		Logger:         logger,
+		SessionLimiter: lim,
+	})
+
+	// PushChange
+	proxyState := &pbmesh.ProxyState{
+		IntentionDefaultAllow: true,
+	}
+
+	err := pt.PushChange(resourceID, proxyState)
+	require.Error(t, err)
+	require.Equal(t, "proxyState change could not be sent because proxy is not connected", err.Error())
+}
+
+func TestProxyTracker_ProxyConnectedToServer(t *testing.T) {
+	type testcase struct {
+		name              string
+		shouldExist       bool
+		preProcessingFunc func(pt *ProxyTracker, resourceID *pbresource.ID, limiter *MockSessionLimiter, session *mockSession, channel limiter.SessionTerminatedChan)
+	}
+	testsCases := []*testcase{
+		{
+			name:        "Resource that has not been sent through Watch() should return false",
+			shouldExist: false,
+			preProcessingFunc: func(pt *ProxyTracker, resourceID *pbresource.ID, limiter *MockSessionLimiter, session *mockSession, channel limiter.SessionTerminatedChan) {
+				session.On("Terminated").Return(channel).Maybe()
+				session.On("End").Return().Maybe()
+				limiter.On("BeginSession").Return(session, nil).Maybe()
+			},
+		},
+		{
+			name:        "Resource used that is already passed in through Watch() should return true",
+			shouldExist: true,
+			preProcessingFunc: func(pt *ProxyTracker, resourceID *pbresource.ID, limiter *MockSessionLimiter, session *mockSession, channel limiter.SessionTerminatedChan) {
+				session.On("Terminated").Return(channel).Maybe()
+				session.On("End").Return().Maybe()
+				limiter.On("BeginSession").Return(session, nil)
+				_, _, _, _ = pt.Watch(resourceID, "node 1", "token")
+			},
+		},
+	}
+
+	for _, tc := range testsCases {
+		lim := NewMockSessionLimiter(t)
+		session1 := newMockSession(t)
+		session1TermCh := make(limiter.SessionTerminatedChan)
+		logger := NewMockLogger(t)
+
+		pt := NewProxyTracker(ProxyTrackerConfig{
+			Logger:         logger,
+			SessionLimiter: lim,
+		})
+		resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+		tc.preProcessingFunc(pt, resourceID, lim, session1, session1TermCh)
+		require.Equal(t, tc.shouldExist, pt.ProxyConnectedToServer(resourceID))
+	}
+}
+
+func TestProxyTracker_Shutdown(t *testing.T) {
+	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	proxyReferenceKey := resource.NewReferenceKey(resourceID)
+	lim := NewMockSessionLimiter(t)
+	session1 := newMockSession(t)
+	session1TermCh := make(limiter.SessionTerminatedChan)
+	session1.On("Terminated").Return(session1TermCh)
+	session1.On("End").Return().Maybe()
+	lim.On("BeginSession").Return(session1, nil)
+	logger := NewMockLogger(t)
+
+	pt := NewProxyTracker(ProxyTrackerConfig{
+		Logger:         logger,
+		SessionLimiter: lim,
+	})
+
+	// Watch()
+	proxyStateChan, _, _, err := pt.Watch(resourceID, "node 1", "token")
+	require.NoError(t, err)
+
+	pt.Shutdown()
+
+	// proxy channels are all disconnected and proxy is removed from proxies map
+	receivedState, channelOpen := <-proxyStateChan
+	require.Nil(t, receivedState)
+	require.False(t, channelOpen)
+	_, ok := pt.proxies[proxyReferenceKey]
+	require.False(t, ok)
+
+	// shutdownCh is closed
+	select {
+	case <-pt.ShutdownChannel():
+	default:
+		t.Fatalf("shutdown channel should be closed")
+	}
+	// newProxyConnectionCh is closed
+	select {
+	case <-pt.EventChannel():
+	default:
+		t.Fatalf("shutdown channel should be closed")
+	}
+}
+
+type mockSession struct {
+	mock.Mock
+}
+
+func newMockSession(t *testing.T) *mockSession {
+	m := &mockSession{}
+	m.Mock.Test(t)
+
+	t.Cleanup(func() { m.AssertExpectations(t) })
+
+	return m
+}
+
+func (m *mockSession) End() { m.Called() }
+
+func (m *mockSession) Terminated() limiter.SessionTerminatedChan {
+	return m.Called().Get(0).(limiter.SessionTerminatedChan)
+}

From 6d22179625931f17f51f2e23e4d20f4689042904 Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Mon, 21 Aug 2023 15:02:23 -0500
Subject: [PATCH 307/359] resource: Make resource watchlist tenancy aware
 (#18539)

---
 .../services/resource/list_test.go            | 78 +----------------
 .../services/resource/server_test.go          | 85 +++++++++++++++++++
 .../grpc-external/services/resource/watch.go  | 58 ++++++++++---
 .../services/resource/watch_test.go           | 62 +++++++++++++-
 4 files changed, 189 insertions(+), 94 deletions(-)

diff --git a/agent/grpc-external/services/resource/list_test.go b/agent/grpc-external/services/resource/list_test.go
index e640e389217e..64026b7d34e5 100644
--- a/agent/grpc-external/services/resource/list_test.go
+++ b/agent/grpc-external/services/resource/list_test.go
@@ -119,83 +119,7 @@ func TestList_Many(t *testing.T) {
 func TestList_Tenancy_Defaults_And_Normalization(t *testing.T) {
 	// Test units of tenancy get defaulted correctly when empty.
 	ctx := context.Background()
-	testCases := map[string]struct {
-		typ     *pbresource.Type
-		tenancy *pbresource.Tenancy
-	}{
-		"namespaced type with empty partition": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: "",
-				Namespace: resource.DefaultNamespaceName,
-				PeerName:  "local",
-			},
-		},
-		"namespaced type with empty namespace": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: resource.DefaultPartitionName,
-				Namespace: "",
-				PeerName:  "local",
-			},
-		},
-		"namespaced type with empty partition and namespace": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: "",
-				Namespace: "",
-				PeerName:  "local",
-			},
-		},
-		"namespaced type with uppercase partition and namespace": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: "DEFAULT",
-				Namespace: "DEFAULT",
-				PeerName:  "local",
-			},
-		},
-		"namespaced type with wildcard partition and empty namespace": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: "*",
-				Namespace: "",
-				PeerName:  "local",
-			},
-		},
-		"namespaced type with empty partition and wildcard namespace": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: "",
-				Namespace: "*",
-				PeerName:  "local",
-			},
-		},
-		"partitioned type with empty partition": {
-			typ: demo.TypeV1RecordLabel,
-			tenancy: &pbresource.Tenancy{
-				Partition: "",
-				Namespace: "",
-				PeerName:  "local",
-			},
-		},
-		"partitioned type with uppercase partition": {
-			typ: demo.TypeV1RecordLabel,
-			tenancy: &pbresource.Tenancy{
-				Partition: "DEFAULT",
-				Namespace: "",
-				PeerName:  "local",
-			},
-		},
-		"partitioned type with wildcard partition": {
-			typ: demo.TypeV1RecordLabel,
-			tenancy: &pbresource.Tenancy{
-				Partition: "*",
-				PeerName:  "local",
-			},
-		},
-	}
-	for desc, tc := range testCases {
+	for desc, tc := range wildcardTenancyCases() {
 		t.Run(desc, func(t *testing.T) {
 			server := testServer(t)
 			demo.RegisterTypes(server.Registry)
diff --git a/agent/grpc-external/services/resource/server_test.go b/agent/grpc-external/services/resource/server_test.go
index 629c90f9226d..7f745952e5e5 100644
--- a/agent/grpc-external/services/resource/server_test.go
+++ b/agent/grpc-external/services/resource/server_test.go
@@ -21,6 +21,7 @@ import (
 	"github.com/hashicorp/consul/agent/grpc-external/testutils"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/internal/storage/inmem"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	pbdemov2 "github.com/hashicorp/consul/proto/private/pbdemo/v2"
@@ -131,6 +132,90 @@ func modifyArtist(t *testing.T, res *pbresource.Resource) *pbresource.Resource {
 	return res
 }
 
+// wildcardTenancyCases returns permutations of tenancy and type scope used as input
+// to endpoints that accept wildcards for tenancy.
+func wildcardTenancyCases() map[string]struct {
+	typ     *pbresource.Type
+	tenancy *pbresource.Tenancy
+} {
+	return map[string]struct {
+		typ     *pbresource.Type
+		tenancy *pbresource.Tenancy
+	}{
+		"namespaced type with empty partition": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: "",
+				Namespace: resource.DefaultNamespaceName,
+				PeerName:  "local",
+			},
+		},
+		"namespaced type with empty namespace": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: resource.DefaultPartitionName,
+				Namespace: "",
+				PeerName:  "local",
+			},
+		},
+		"namespaced type with empty partition and namespace": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: "",
+				Namespace: "",
+				PeerName:  "local",
+			},
+		},
+		"namespaced type with uppercase partition and namespace": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: "DEFAULT",
+				Namespace: "DEFAULT",
+				PeerName:  "local",
+			},
+		},
+		"namespaced type with wildcard partition and empty namespace": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: "*",
+				Namespace: "",
+				PeerName:  "local",
+			},
+		},
+		"namespaced type with empty partition and wildcard namespace": {
+			typ: demo.TypeV2Artist,
+			tenancy: &pbresource.Tenancy{
+				Partition: "",
+				Namespace: "*",
+				PeerName:  "local",
+			},
+		},
+		"partitioned type with empty partition": {
+			typ: demo.TypeV1RecordLabel,
+			tenancy: &pbresource.Tenancy{
+				Partition: "",
+				Namespace: "",
+				PeerName:  "local",
+			},
+		},
+		"partitioned type with uppercase partition": {
+			typ: demo.TypeV1RecordLabel,
+			tenancy: &pbresource.Tenancy{
+				Partition: "DEFAULT",
+				Namespace: "",
+				PeerName:  "local",
+			},
+		},
+		"partitioned type with wildcard partition": {
+			typ: demo.TypeV1RecordLabel,
+			tenancy: &pbresource.Tenancy{
+				Partition: "*",
+				PeerName:  "local",
+			},
+		},
+	}
+}
+
 // tenancyCases returns permutations of valid tenancy structs in a resource id to use as inputs.
 // - the id is for a recordLabel when the resource is partition scoped
 // - the id is for an artist when the resource is namespace scoped
diff --git a/agent/grpc-external/services/resource/watch.go b/agent/grpc-external/services/resource/watch.go
index 6f321fbc1ab8..6039613b8fed 100644
--- a/agent/grpc-external/services/resource/watch.go
+++ b/agent/grpc-external/services/resource/watch.go
@@ -10,28 +10,26 @@ import (
 	"google.golang.org/grpc/status"
 
 	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.ResourceService_WatchListServer) error {
-	if err := validateWatchListRequest(req); err != nil {
-		return err
-	}
-
-	// check type exists
-	reg, err := s.resolveType(req.Type)
+	reg, err := s.validateWatchListRequest(req)
 	if err != nil {
 		return err
 	}
 
-	// TODO(spatel): Refactor _ and entMeta as part of NET-4914
-	authz, authzContext, err := s.getAuthorizer(tokenFromContext(stream.Context()), acl.DefaultEnterpriseMeta())
+	// v1 ACL subsystem is "wildcard" aware so just pass on through.
+	entMeta := v2TenancyToV1EntMeta(req.Tenancy)
+	token := tokenFromContext(stream.Context())
+	authz, authzContext, err := s.getAuthorizer(token, entMeta)
 	if err != nil {
 		return err
 	}
 
-	// check acls
+	// Check list ACL.
 	err = reg.ACLs.List(authz, authzContext)
 	switch {
 	case acl.IsErrPermissionDenied(err):
@@ -40,6 +38,9 @@ func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.R
 		return status.Errorf(codes.Internal, "failed list acl: %v", err)
 	}
 
+	// Ensure we're defaulting correctly when request tenancy units are empty.
+	v1EntMetaToV2Tenancy(reg, entMeta, req.Tenancy)
+
 	unversionedType := storage.UnversionedTypeFrom(req.Type)
 	watch, err := s.Backend.WatchList(
 		stream.Context(),
@@ -66,6 +67,15 @@ func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.R
 			continue
 		}
 
+		// Need to rebuild authorizer per resource since wildcard inputs may
+		// result in different tenancies. Consider caching per tenancy if this
+		// is deemed expensive.
+		entMeta = v2TenancyToV1EntMeta(event.Resource.Id.Tenancy)
+		authz, authzContext, err = s.getAuthorizer(token, entMeta)
+		if err != nil {
+			return err
+		}
+
 		// filter out items that don't pass read ACLs
 		err = reg.ACLs.Read(authz, authzContext, event.Resource.Id)
 		switch {
@@ -81,15 +91,37 @@ func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.R
 	}
 }
 
-func validateWatchListRequest(req *pbresource.WatchListRequest) error {
+func (s *Server) validateWatchListRequest(req *pbresource.WatchListRequest) (*resource.Registration, error) {
 	var field string
 	switch {
 	case req.Type == nil:
 		field = "type"
 	case req.Tenancy == nil:
 		field = "tenancy"
-	default:
-		return nil
 	}
-	return status.Errorf(codes.InvalidArgument, "%s is required", field)
+
+	if field != "" {
+		return nil, status.Errorf(codes.InvalidArgument, "%s is required", field)
+	}
+
+	// Check type exists.
+	reg, err := s.resolveType(req.Type)
+	if err != nil {
+		return nil, err
+	}
+
+	// Lowercase
+	resource.Normalize(req.Tenancy)
+
+	// Error when partition scoped and namespace not empty.
+	if reg.Scope == resource.ScopePartition && req.Tenancy.Namespace != "" {
+		return nil, status.Errorf(
+			codes.InvalidArgument,
+			"partition scoped type %s cannot have a namespace. got: %s",
+			resource.ToGVK(req.Type),
+			req.Tenancy.Namespace,
+		)
+	}
+
+	return reg, nil
 }
diff --git a/agent/grpc-external/services/resource/watch_test.go b/agent/grpc-external/services/resource/watch_test.go
index 7574c155daf6..051264441bbc 100644
--- a/agent/grpc-external/services/resource/watch_test.go
+++ b/agent/grpc-external/services/resource/watch_test.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/grpc-external/testutils"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/prototest"
@@ -20,6 +21,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
 )
 
 func TestWatchList_InputValidation(t *testing.T) {
@@ -31,12 +33,16 @@ func TestWatchList_InputValidation(t *testing.T) {
 	testCases := map[string]func(*pbresource.WatchListRequest){
 		"no type":    func(req *pbresource.WatchListRequest) { req.Type = nil },
 		"no tenancy": func(req *pbresource.WatchListRequest) { req.Tenancy = nil },
+		"partitioned type provides non-empty namespace": func(req *pbresource.WatchListRequest) {
+			req.Type = demo.TypeV1RecordLabel
+			req.Tenancy.Namespace = "bad"
+		},
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
 			req := &pbresource.WatchListRequest{
 				Type:    demo.TypeV2Album,
-				Tenancy: demo.TenancyDefault,
+				Tenancy: resource.DefaultNamespacedTenancy(),
 			}
 			modFn(req)
 
@@ -58,7 +64,7 @@ func TestWatchList_TypeNotFound(t *testing.T) {
 
 	stream, err := client.WatchList(context.Background(), &pbresource.WatchListRequest{
 		Type:       demo.TypeV2Artist,
-		Tenancy:    demo.TenancyDefault,
+		Tenancy:    resource.DefaultNamespacedTenancy(),
 		NamePrefix: "",
 	})
 	require.NoError(t, err)
@@ -80,7 +86,7 @@ func TestWatchList_GroupVersionMatches(t *testing.T) {
 	// create a watch
 	stream, err := client.WatchList(ctx, &pbresource.WatchListRequest{
 		Type:       demo.TypeV2Artist,
-		Tenancy:    demo.TenancyDefault,
+		Tenancy:    resource.DefaultNamespacedTenancy(),
 		NamePrefix: "",
 	})
 	require.NoError(t, err)
@@ -111,6 +117,54 @@ func TestWatchList_GroupVersionMatches(t *testing.T) {
 	require.Equal(t, pbresource.WatchEvent_OPERATION_DELETE, rsp.Operation)
 }
 
+func TestWatchList_Tenancy_Defaults_And_Normalization(t *testing.T) {
+	// Test units of tenancy get lowercased and defaulted correctly when empty.
+	for desc, tc := range wildcardTenancyCases() {
+		t.Run(desc, func(t *testing.T) {
+			ctx := context.Background()
+			server := testServer(t)
+			client := testClient(t, server)
+			demo.RegisterTypes(server.Registry)
+
+			// Create a watch.
+			stream, err := client.WatchList(ctx, &pbresource.WatchListRequest{
+				Type:       tc.typ,
+				Tenancy:    tc.tenancy,
+				NamePrefix: "",
+			})
+			require.NoError(t, err)
+			rspCh := handleResourceStream(t, stream)
+
+			// Testcase will pick one of recordLabel or artist based on scope of type.
+			recordLabel, err := demo.GenerateV1RecordLabel("LooneyTunes")
+			require.NoError(t, err)
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
+
+			// Create and verify upsert event received.
+			recordLabel, err = server.Backend.WriteCAS(ctx, recordLabel)
+			require.NoError(t, err)
+			artist, err = server.Backend.WriteCAS(ctx, artist)
+			require.NoError(t, err)
+
+			var expected *pbresource.Resource
+			switch {
+			case proto.Equal(tc.typ, demo.TypeV1RecordLabel):
+				expected = recordLabel
+			case proto.Equal(tc.typ, demo.TypeV2Artist):
+				expected = artist
+			default:
+				require.Fail(t, "unsupported type", tc.typ)
+			}
+
+			rsp := mustGetResource(t, rspCh)
+			require.Equal(t, pbresource.WatchEvent_OPERATION_UPSERT, rsp.Operation)
+			prototest.AssertDeepEqual(t, expected, rsp.Resource)
+		})
+
+	}
+}
+
 func TestWatchList_GroupVersionMismatch(t *testing.T) {
 	// Given a watch on TypeArtistV1 that only differs from TypeArtistV2 by GroupVersion
 	// When a resource of TypeArtistV2 is created/updated/deleted
@@ -125,7 +179,7 @@ func TestWatchList_GroupVersionMismatch(t *testing.T) {
 	// create a watch for TypeArtistV1
 	stream, err := client.WatchList(ctx, &pbresource.WatchListRequest{
 		Type:       demo.TypeV1Artist,
-		Tenancy:    demo.TenancyDefault,
+		Tenancy:    resource.DefaultNamespacedTenancy(),
 		NamePrefix: "",
 	})
 	require.NoError(t, err)

From 547f4f8395c343f24eff601f7998fa162ae4ef3d Mon Sep 17 00:00:00 2001
From: Matt Keeler <mkeeler@users.noreply.github.com>
Date: Mon, 21 Aug 2023 20:20:19 -0400
Subject: [PATCH 308/359] Reduce required type arguments for DecodedResource
 (#18540)

---
 internal/catalog/exports.go                   |  2 +-
 .../controllers/failover/controller.go        | 20 +++++++--------
 .../mappers/failovermapper/failover_mapper.go |  2 +-
 .../failovermapper/failover_mapper_test.go    |  6 ++---
 .../internal/types/failover_policy_test.go    | 12 ++++-----
 internal/resource/decode.go                   | 25 +++++++------------
 internal/resource/decode_test.go              |  8 +++---
 internal/resource/resourcetest/decode.go      |  7 ++----
 8 files changed, 36 insertions(+), 46 deletions(-)

diff --git a/internal/catalog/exports.go b/internal/catalog/exports.go
index 4019fbeb51ac..566c2e2b6edf 100644
--- a/internal/catalog/exports.go
+++ b/internal/catalog/exports.go
@@ -118,7 +118,7 @@ func SimplifyFailoverPolicy(svc *pbcatalog.Service, failover *pbcatalog.Failover
 // FailoverPolicyMapper maintains the bidirectional tracking relationship of a
 // FailoverPolicy to the Services related to it.
 type FailoverPolicyMapper interface {
-	TrackFailover(failover *resource.DecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy])
+	TrackFailover(failover *resource.DecodedResource[*pbcatalog.FailoverPolicy])
 	UntrackFailover(failoverID *pbresource.ID)
 	FailoverIDsByService(svcID *pbresource.ID) []*pbresource.ID
 }
diff --git a/internal/catalog/internal/controllers/failover/controller.go b/internal/catalog/internal/controllers/failover/controller.go
index ea6efa992d9f..9accb62aa447 100644
--- a/internal/catalog/internal/controllers/failover/controller.go
+++ b/internal/catalog/internal/controllers/failover/controller.go
@@ -20,7 +20,7 @@ type FailoverMapper interface {
 	// TrackFailover extracts all Service references from the provided
 	// FailoverPolicy and indexes them so that MapService can turn Service
 	// events into FailoverPolicy events properly.
-	TrackFailover(failover *resource.DecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy])
+	TrackFailover(failover *resource.DecodedResource[*pbcatalog.FailoverPolicy])
 
 	// UntrackFailover forgets the links inserted by TrackFailover for the
 	// provided FailoverPolicyID.
@@ -86,7 +86,7 @@ func (r *failoverPolicyReconciler) Reconcile(ctx context.Context, rt controller.
 		rt.Logger.Error("error retrieving corresponding service", "error", err)
 		return err
 	}
-	destServices := make(map[resource.ReferenceKey]*resource.DecodedResource[pbcatalog.Service, *pbcatalog.Service])
+	destServices := make(map[resource.ReferenceKey]*resource.DecodedResource[*pbcatalog.Service])
 	if service != nil {
 		destServices[resource.NewReferenceKey(serviceID)] = service
 	}
@@ -148,18 +148,18 @@ func (r *failoverPolicyReconciler) Reconcile(ctx context.Context, rt controller.
 	return nil
 }
 
-func getFailoverPolicy(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*resource.DecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy], error) {
-	return resource.GetDecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](ctx, rt.Client, id)
+func getFailoverPolicy(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*resource.DecodedResource[*pbcatalog.FailoverPolicy], error) {
+	return resource.GetDecodedResource[*pbcatalog.FailoverPolicy](ctx, rt.Client, id)
 }
 
-func getService(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*resource.DecodedResource[pbcatalog.Service, *pbcatalog.Service], error) {
-	return resource.GetDecodedResource[pbcatalog.Service, *pbcatalog.Service](ctx, rt.Client, id)
+func getService(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*resource.DecodedResource[*pbcatalog.Service], error) {
+	return resource.GetDecodedResource[*pbcatalog.Service](ctx, rt.Client, id)
 }
 
 func computeNewStatus(
-	failoverPolicy *resource.DecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy],
-	service *resource.DecodedResource[pbcatalog.Service, *pbcatalog.Service],
-	destServices map[resource.ReferenceKey]*resource.DecodedResource[pbcatalog.Service, *pbcatalog.Service],
+	failoverPolicy *resource.DecodedResource[*pbcatalog.FailoverPolicy],
+	service *resource.DecodedResource[*pbcatalog.Service],
+	destServices map[resource.ReferenceKey]*resource.DecodedResource[*pbcatalog.Service],
 ) *pbresource.Status {
 	if service == nil {
 		return &pbresource.Status{
@@ -238,7 +238,7 @@ func computeNewStatus(
 
 func serviceHasPort(
 	dest *pbcatalog.FailoverDestination,
-	destServices map[resource.ReferenceKey]*resource.DecodedResource[pbcatalog.Service, *pbcatalog.Service],
+	destServices map[resource.ReferenceKey]*resource.DecodedResource[*pbcatalog.Service],
 ) *pbresource.Condition {
 	key := resource.NewReferenceKey(dest.Ref)
 	destService, ok := destServices[key]
diff --git a/internal/catalog/internal/mappers/failovermapper/failover_mapper.go b/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
index 5c23a1bfe3a1..4ae6776cb66c 100644
--- a/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
+++ b/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
@@ -31,7 +31,7 @@ func New() *Mapper {
 // TrackFailover extracts all Service references from the provided
 // FailoverPolicy and indexes them so that MapService can turn Service events
 // into FailoverPolicy events properly.
-func (m *Mapper) TrackFailover(failover *resource.DecodedResource[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy]) {
+func (m *Mapper) TrackFailover(failover *resource.DecodedResource[*pbcatalog.FailoverPolicy]) {
 	destRefs := failover.Data.GetUnderlyingDestinationRefs()
 	destRefs = append(destRefs, &pbresource.Reference{
 		Type:    types.ServiceType,
diff --git a/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go b/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go
index 8a4ac2d7227d..048f444eca61 100644
--- a/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go
+++ b/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go
@@ -59,7 +59,7 @@ func TestMapper_Tracking(t *testing.T) {
 		}).
 		Build()
 	rtest.ValidateAndNormalize(t, registry, fail1)
-	failDec1 := rtest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, fail1)
+	failDec1 := rtest.MustDecode[*pbcatalog.FailoverPolicy](t, fail1)
 
 	fail2 := rtest.Resource(types.FailoverPolicyType, "www").
 		WithData(t, &pbcatalog.FailoverPolicy{
@@ -72,7 +72,7 @@ func TestMapper_Tracking(t *testing.T) {
 		}).
 		Build()
 	rtest.ValidateAndNormalize(t, registry, fail2)
-	failDec2 := rtest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, fail2)
+	failDec2 := rtest.MustDecode[*pbcatalog.FailoverPolicy](t, fail2)
 
 	fail1_updated := rtest.Resource(types.FailoverPolicyType, "api").
 		WithData(t, &pbcatalog.FailoverPolicy{
@@ -84,7 +84,7 @@ func TestMapper_Tracking(t *testing.T) {
 		}).
 		Build()
 	rtest.ValidateAndNormalize(t, registry, fail1_updated)
-	failDec1_updated := rtest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, fail1_updated)
+	failDec1_updated := rtest.MustDecode[*pbcatalog.FailoverPolicy](t, fail1_updated)
 
 	m := New()
 
diff --git a/internal/catalog/internal/types/failover_policy_test.go b/internal/catalog/internal/types/failover_policy_test.go
index 8f2ad9717298..41bfd3d82770 100644
--- a/internal/catalog/internal/types/failover_policy_test.go
+++ b/internal/catalog/internal/types/failover_policy_test.go
@@ -31,7 +31,7 @@ func TestMutateFailoverPolicy(t *testing.T) {
 
 		err := MutateFailoverPolicy(res)
 
-		got := resourcetest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, res)
+		got := resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, res)
 
 		if tc.expectErr == "" {
 			require.NoError(t, err)
@@ -162,13 +162,13 @@ func TestValidateFailoverPolicy(t *testing.T) {
 		require.NoError(t, MutateFailoverPolicy(res))
 
 		// Verify that mutate didn't actually change the object.
-		got := resourcetest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, res)
+		got := resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, res)
 		prototest.AssertDeepEqual(t, tc.failover, got.Data)
 
 		err := ValidateFailoverPolicy(res)
 
 		// Verify that validate didn't actually change the object.
-		got = resourcetest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, res)
+		got = resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, res)
 		prototest.AssertDeepEqual(t, tc.failover, got.Data)
 
 		if tc.expectErr == "" {
@@ -359,9 +359,9 @@ func TestSimplifyFailoverPolicy(t *testing.T) {
 		resourcetest.ValidateAndNormalize(t, registry, tc.failover)
 		resourcetest.ValidateAndNormalize(t, registry, tc.expect)
 
-		svc := resourcetest.MustDecode[pbcatalog.Service, *pbcatalog.Service](t, tc.svc)
-		failover := resourcetest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, tc.failover)
-		expect := resourcetest.MustDecode[pbcatalog.FailoverPolicy, *pbcatalog.FailoverPolicy](t, tc.expect)
+		svc := resourcetest.MustDecode[*pbcatalog.Service](t, tc.svc)
+		failover := resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, tc.failover)
+		expect := resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, tc.expect)
 
 		inputFailoverCopy := proto.Clone(failover.Data).(*pbcatalog.FailoverPolicy)
 
diff --git a/internal/resource/decode.go b/internal/resource/decode.go
index 7b1fb7b36450..c610898ca3c2 100644
--- a/internal/resource/decode.go
+++ b/internal/resource/decode.go
@@ -15,27 +15,23 @@ import (
 
 // DecodedResource is a generic holder to contain an original Resource and its
 // decoded contents.
-type DecodedResource[V any, PV interface {
-	proto.Message
-	*V
-}] struct {
+type DecodedResource[T proto.Message] struct {
 	Resource *pbresource.Resource
-	Data     PV
+	Data     T
 }
 
 // Decode will generically decode the provided resource into a 2-field
 // structure that holds onto the original Resource and the decoded contents.
 //
 // Returns an ErrDataParse on unmarshalling errors.
-func Decode[V any, PV interface {
-	proto.Message
-	*V
-}](res *pbresource.Resource) (*DecodedResource[V, PV], error) {
-	data := PV(new(V))
+func Decode[T proto.Message](res *pbresource.Resource) (*DecodedResource[T], error) {
+	var zero T
+	data := zero.ProtoReflect().New().Interface().(T)
+
 	if err := res.Data.UnmarshalTo(data); err != nil {
 		return nil, NewErrDataParse(data, err)
 	}
-	return &DecodedResource[V, PV]{
+	return &DecodedResource[T]{
 		Resource: res,
 		Data:     data,
 	}, nil
@@ -43,10 +39,7 @@ func Decode[V any, PV interface {
 
 // GetDecodedResource will generically read the requested resource using the
 // client and either return nil on a NotFound or decode the response value.
-func GetDecodedResource[V any, PV interface {
-	proto.Message
-	*V
-}](ctx context.Context, client pbresource.ResourceServiceClient, id *pbresource.ID) (*DecodedResource[V, PV], error) {
+func GetDecodedResource[T proto.Message](ctx context.Context, client pbresource.ResourceServiceClient, id *pbresource.ID) (*DecodedResource[T], error) {
 	rsp, err := client.Read(ctx, &pbresource.ReadRequest{Id: id})
 	switch {
 	case status.Code(err) == codes.NotFound:
@@ -55,5 +48,5 @@ func GetDecodedResource[V any, PV interface {
 		return nil, err
 	}
 
-	return Decode[V, PV](rsp.Resource)
+	return Decode[T](rsp.Resource)
 }
diff --git a/internal/resource/decode_test.go b/internal/resource/decode_test.go
index 31ebe47c64bf..17c1bd7f1b07 100644
--- a/internal/resource/decode_test.go
+++ b/internal/resource/decode_test.go
@@ -34,7 +34,7 @@ func TestGetDecodedResource(t *testing.T) {
 	}
 
 	testutil.RunStep(t, "not found", func(t *testing.T) {
-		got, err := resource.GetDecodedResource[pbdemo.Artist, *pbdemo.Artist](ctx, client, babypantsID)
+		got, err := resource.GetDecodedResource[*pbdemo.Artist](ctx, client, babypantsID)
 		require.NoError(t, err)
 		require.Nil(t, got)
 	})
@@ -47,7 +47,7 @@ func TestGetDecodedResource(t *testing.T) {
 			WithData(t, data).
 			Write(t, client)
 
-		got, err := resource.GetDecodedResource[pbdemo.Artist, *pbdemo.Artist](ctx, client, babypantsID)
+		got, err := resource.GetDecodedResource[*pbdemo.Artist](ctx, client, babypantsID)
 		require.NoError(t, err)
 		require.NotNil(t, got)
 
@@ -84,7 +84,7 @@ func TestDecode(t *testing.T) {
 			},
 		}
 
-		dec, err := resource.Decode[pbdemo.Artist, *pbdemo.Artist](foo)
+		dec, err := resource.Decode[*pbdemo.Artist](foo)
 		require.NoError(t, err)
 
 		prototest.AssertDeepEqual(t, foo, dec.Resource)
@@ -107,7 +107,7 @@ func TestDecode(t *testing.T) {
 			},
 		}
 
-		_, err := resource.Decode[pbdemo.Artist, *pbdemo.Artist](foo)
+		_, err := resource.Decode[*pbdemo.Artist](foo)
 		require.Error(t, err)
 	})
 }
diff --git a/internal/resource/resourcetest/decode.go b/internal/resource/resourcetest/decode.go
index 077bbc0dd514..d68fff865517 100644
--- a/internal/resource/resourcetest/decode.go
+++ b/internal/resource/resourcetest/decode.go
@@ -13,11 +13,8 @@ import (
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
-func MustDecode[V any, PV interface {
-	proto.Message
-	*V
-}](t *testing.T, res *pbresource.Resource) *resource.DecodedResource[V, PV] {
-	dec, err := resource.Decode[V, PV](res)
+func MustDecode[T proto.Message](t *testing.T, res *pbresource.Resource) *resource.DecodedResource[T] {
+	dec, err := resource.Decode[T](res)
 	require.NoError(t, err)
 	return dec
 }

From 53e28a49637e0041cc9487f3124ec90ca271f48b Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Tue, 22 Aug 2023 09:46:03 -0500
Subject: [PATCH 309/359] OSS -> CE (community edition) changes (#18517)

---
 .github/scripts/get_runner_classes.sh         |  2 +-
 .github/scripts/get_runner_classes_windows.sh |  2 +-
 .github/workflows/build-artifacts.yml         |  2 +-
 .github/workflows/build.yml                   |  1 +
 ...merge-trigger.yml => ce-merge-trigger.yml} |  7 +++--
 .github/workflows/frontend.yml                |  2 +-
 .github/workflows/go-tests.yml                |  8 +++---
 .github/workflows/nightly-test-1.13.x.yaml    | 28 +++++++++----------
 .github/workflows/nightly-test-1.14.x.yaml    | 28 +++++++++----------
 .github/workflows/nightly-test-1.15.x.yaml    | 28 +++++++++----------
 .github/workflows/nightly-test-1.16.x.yaml    | 28 +++++++++----------
 .github/workflows/nightly-test-main.yaml      | 28 +++++++++----------
 .golangci.yml                                 |  6 ++--
 .release/security-scan.hcl                    |  1 +
 acl/{acl_oss.go => acl_ce.go}                 |  2 +-
 acl/{authorizer_oss.go => authorizer_ce.go}   |  0
 ...rprisemeta_oss.go => enterprisemeta_ce.go} |  0
 acl/{errors_oss.go => errors_ce.go}           |  0
 ...horizer_oss.go => policy_authorizer_ce.go} |  0
 acl/{policy_oss.go => policy_ce.go}           |  0
 ...licy_merger_oss.go => policy_merger_ce.go} |  0
 agent/{acl_oss.go => acl_ce.go}               |  0
 agent/agent.go                                |  2 +-
 agent/{agent_oss.go => agent_ce.go}           |  0
 agent/{agent_oss_test.go => agent_ce_test.go} |  0
 ...t_endpoint_oss.go => agent_endpoint_ce.go} |  0
 ..._oss_test.go => agent_endpoint_ce_test.go} |  0
 .../{auto_config_oss.go => auto_config_ce.go} |  2 +-
 ...fig_oss_test.go => auto_config_ce_test.go} |  0
 .../{config_oss.go => config_ce.go}           |  2 +-
 .../{mock_oss_test.go => mock_ce_test.go}     |  2 +-
 ...endpoint_oss.go => catalog_endpoint_ce.go} |  0
 .../config/{builder_oss.go => builder_ce.go}  |  2 +-
 ...builder_oss_test.go => builder_ce_test.go} |  0
 agent/config/{config_oss.go => config_ce.go}  |  0
 .../config/{default_oss.go => default_ce.go}  |  0
 .../config/{runtime_oss.go => runtime_ce.go}  |  0
 ...runtime_oss_test.go => runtime_ce_test.go} |  4 +--
 .../config/{segment_oss.go => segment_ce.go}  |  0
 ...segment_oss_test.go => segment_ce_test.go} |  4 +--
 agent/connect/sni.go                          |  6 ++--
 .../{uri_agent_oss.go => uri_agent_ce.go}     |  2 +-
 ...agent_oss_test.go => uri_agent_ce_test.go} |  0
 ..._gateway_oss.go => uri_mesh_gateway_ce.go} |  2 +-
 ...ss_test.go => uri_mesh_gateway_ce_test.go} |  0
 agent/connect/uri_service.go                  |  4 +--
 .../{uri_service_oss.go => uri_service_ce.go} |  6 ++--
 ...ice_oss_test.go => uri_service_ce_test.go} |  0
 ...authmethod_oss.go => acl_authmethod_ce.go} |  0
 agent/consul/{acl_oss.go => acl_ce.go}        |  4 +--
 .../{acl_oss_test.go => acl_ce_test.go}       |  0
 ...acl_endpoint_oss.go => acl_endpoint_ce.go} |  0
 .../{acl_server_oss.go => acl_server_ce.go}   |  0
 .../auth/{binder_oss.go => binder_ce.go}      |  0
 ...token_writer_oss.go => token_writer_ce.go} |  0
 .../{authmethods_oss.go => authmethods_ce.go} |  0
 .../kubeauth/{k8s_oss.go => k8s_ce.go}        |  0
 .../ssoauth/{sso_oss.go => sso_ce.go}         |  0
 .../{testing_oss.go => testing_ce.go}         |  0
 .../{autopilot_oss.go => autopilot_ce.go}     |  0
 agent/consul/catalog_endpoint.go              |  2 +-
 agent/consul/{config_oss.go => config_ce.go}  |  0
 .../{compile_oss.go => compile_ce.go}         |  0
 ..._client_oss.go => enterprise_client_ce.go} |  0
 ..._config_oss.go => enterprise_config_ce.go} |  0
 ..._server_oss.go => enterprise_server_ce.go} |  4 +--
 ...s_test.go => enterprise_server_ce_test.go} |  0
 .../fsm/{commands_oss.go => commands_ce.go}   |  0
 ...mmands_oss_test.go => commands_ce_test.go} |  0
 agent/consul/fsm/fsm.go                       |  2 +-
 .../fsm/{snapshot_oss.go => snapshot_ce.go}   |  4 +--
 ...apshot_oss_test.go => snapshot_ce_test.go} |  4 +--
 agent/consul/fsm/snapshot_test.go             |  4 +--
 .../{leader_oss_test.go => leader_ce_test.go} |  0
 ...entions_oss.go => leader_intentions_ce.go} |  4 +--
 ...s_test.go => leader_intentions_ce_test.go} |  0
 agent/consul/{merge_oss.go => merge_ce.go}    |  0
 .../{merge_oss_test.go => merge_ce_test.go}   |  2 +-
 .../consul/{options_oss.go => options_ce.go}  |  0
 ...g_backend_oss.go => peering_backend_ce.go} |  0
 ...oss_test.go => peering_backend_ce_test.go} |  0
 .../{walk_oss_test.go => walk_ce_test.go}     |  0
 ...t_oss.go => prepared_query_endpoint_ce.go} |  0
 ....go => prepared_query_endpoint_ce_test.go} |  2 +-
 .../rate/{handler_oss.go => handler_ce.go}    |  0
 .../{reporting_oss.go => reporting_ce.go}     |  0
 .../consul/{segment_oss.go => segment_ce.go}  |  8 +++---
 agent/consul/{server_oss.go => server_ce.go}  |  2 +-
 .../{server_oss_test.go => server_ce_test.go} |  0
 agent/consul/state/{acl_oss.go => acl_ce.go}  |  0
 .../state/{acl_oss_test.go => acl_ce_test.go} |  0
 .../state/{catalog_oss.go => catalog_ce.go}   |  2 +-
 ...catalog_oss_test.go => catalog_ce_test.go} |  0
 ...log_events_oss.go => catalog_events_ce.go} |  0
 ..._oss_test.go => catalog_events_ce_test.go} |  2 +-
 ...config_entry_oss.go => config_entry_ce.go} |  2 +-
 ...ry_oss_test.go => config_entry_ce_test.go} |  0
 ...o => config_entry_exported_services_ce.go} |  0
 agent/consul/state/config_entry_intention.go  |  6 ++--
 ...on_oss.go => config_entry_intention_ce.go} |  0
 ...s.go => config_entry_sameness_group_ce.go} |  2 +-
 ...=> config_entry_sameness_group_ce_test.go} |  0
 .../{coordinate_oss.go => coordinate_ce.go}   |  0
 ...nate_oss_test.go => coordinate_ce_test.go} |  0
 .../state/{delay_oss.go => delay_ce.go}       |  0
 .../{graveyard_oss.go => graveyard_ce.go}     |  0
 .../{intention_oss.go => intention_ce.go}     |  0
 agent/consul/state/{kvs_oss.go => kvs_ce.go}  |  0
 .../state/{kvs_oss_test.go => kvs_ce_test.go} |  0
 .../{operations_oss.go => operations_ce.go}   |  0
 agent/consul/state/peering.go                 |  2 +-
 .../state/{peering_oss.go => peering_ce.go}   |  0
 ...peering_oss_test.go => peering_ce_test.go} |  0
 .../state/{query_oss.go => query_ce.go}       |  0
 .../state/{schema_oss.go => schema_ce.go}     |  0
 .../{schema_oss_test.go => schema_ce_test.go} |  0
 .../state/{session_oss.go => session_ce.go}   |  0
 ...ore_oss_test.go => state_store_ce_test.go} |  0
 .../state/{usage_oss.go => usage_ce.go}       |  0
 ...ncy_bridge_oss.go => tenancy_bridge_ce.go} |  0
 ...usagemetrics_oss.go => usagemetrics_ce.go} |  0
 ...cs_oss_test.go => usagemetrics_ce_test.go} |  8 +++---
 agent/{dns_oss.go => dns_ce.go}               |  2 +-
 agent/{dns_oss_test.go => dns_ce_test.go}     |  2 +-
 ...egate_oss.go => enterprise_delegate_ce.go} |  2 +-
 agent/grpc-external/services/resource/read.go |  2 +-
 .../resource/{server_oss.go => server_ce.go}  |  0
 .../{server_oss_test.go => server_ce_test.go} |  0
 agent/{http_oss.go => http_ce.go}             |  4 +--
 agent/{http_oss_test.go => http_ce_test.go}   |  6 ++--
 ...test.go => intentions_endpoint_ce_test.go} |  2 +-
 ...ndpoint_oss.go => operator_endpoint_ce.go} |  2 +-
 ...s_test.go => operator_endpoint_ce_test.go} |  0
 agent/peering_endpoint.go                     |  2 +-
 ...ss_test.go => peering_endpoint_ce_test.go} |  8 +++---
 .../{intentions_oss.go => intentions_ce.go}   |  0
 ...data_sources_oss.go => data_sources_ce.go} |  0
 ...mesh_gateway_oss.go => mesh_gateway_ce.go} |  0
 agent/proxycfg/naming.go                      |  2 +-
 .../proxycfg/{naming_oss.go => naming_ce.go}  |  0
 agent/proxycfg/snapshot.go                    |  2 +-
 .../{state_oss_test.go => state_ce_test.go}   |  0
 agent/proxycfg/state_test.go                  |  2 +-
 .../{testing_oss.go => testing_ce.go}         |  0
 agent/proxycfg/testing_ingress_gateway.go     |  4 +--
 ...streams_oss.go => testing_upstreams_ce.go} |  0
 agent/rpc/peering/service.go                  |  6 ++--
 ...service_oss_test.go => service_ce_test.go} |  0
 ...stutil_oss_test.go => testutil_ce_test.go} |  0
 agent/rpcclient/health/view_test.go           |  2 +-
 agent/setup.go                                |  2 +-
 agent/{setup_oss.go => setup_ce.go}           |  0
 agent/structs/{acl_oss.go => acl_ce.go}       |  0
 .../{autopilot_oss.go => autopilot_ce.go}     |  0
 .../structs/{catalog_oss.go => catalog_ce.go} |  0
 ...wt_oss.go => config_entry_apigw_jwt_ce.go} |  0
 ...config_entry_oss.go => config_entry_ce.go} |  0
 ...ry_oss_test.go => config_entry_ce_test.go} |  5 ++--
 ...s.go => config_entry_discoverychain_ce.go} |  2 +-
 ...=> config_entry_discoverychain_ce_test.go} | 20 ++++++-------
 ...orts_oss.go => config_entry_exports_ce.go} |  0
 ...est.go => config_entry_exports_ce_test.go} |  4 +--
 agent/structs/config_entry_gateways_test.go   |  6 ++--
 ...s_oss.go => config_entry_intentions_ce.go} |  0
 ....go => config_entry_intentions_ce_test.go} |  0
 ...oss.go => config_entry_jwt_provider_ce.go} |  0
 ...ry_mesh_oss.go => config_entry_mesh_ce.go} |  0
 ...s.go => config_entry_sameness_group_ce.go} |  8 +++---
 agent/structs/config_entry_test.go            |  2 +-
 .../structs/{connect_oss.go => connect_ce.go} |  0
 ...nfig_oss.go => connect_proxy_config_ce.go} |  0
 ...ery_chain_oss.go => discovery_chain_ce.go} |  0
 .../{intention_oss.go => intention_ce.go}     |  6 ++--
 ...deepcopy_oss.go => structs.deepcopy_ce.go} |  0
 .../structs/{structs_oss.go => structs_ce.go} |  6 ++--
 ...structs_oss_test.go => structs_ce_test.go} |  0
 agent/token/{store_oss.go => store_ce.go}     |  2 +-
 ...int_oss_test.go => ui_endpoint_ce_test.go} |  0
 agent/ui_endpoint_test.go                     |  2 +-
 ...est.go => delta_envoy_extender_ce_test.go} |  0
 ..._oss_test.go => runtime_config_ce_test.go} |  0
 ...er_policy_oss.go => failover_policy_ce.go} |  0
 agent/xds/listeners_ingress.go                |  2 +-
 ...ty_policy_oss.go => locality_policy_ce.go} |  0
 ...er_policy_oss.go => failover_policy_ce.go} |  0
 ...ty_policy_oss.go => locality_policy_ce.go} |  0
 ...urces_oss_test.go => resources_ce_test.go} |  0
 agent/xds/{server_oss.go => server_ce.go}     |  0
 api/{oss_test.go => ce_test.go}               |  4 +--
 api/config_entry_gateways_test.go             |  8 +++---
 build-support/functions/00-vars.sh            |  1 +
 build-support/functions/10-util.sh            |  3 +-
 build-support/functions/20-build.sh           |  1 +
 ..._create_oss.go => authmethod_create_ce.go} |  0
 ..._update_oss.go => authmethod_update_ce.go} |  0
 ...atter_oss_test.go => formatter_ce_test.go} |  2 +-
 .../{oss => ce}/basic.json.golden             |  0
 .../{oss => ce}/basic.pretty-meta.golden      |  0
 .../{oss => ce}/basic.pretty.golden           |  0
 .../{oss => ce}/complex.json.golden           |  0
 .../{oss => ce}/complex.pretty-meta.golden    |  0
 .../{oss => ce}/complex.pretty.golden         |  0
 .../catalog/{helpers_oss.go => helpers_ce.go} |  0
 .../connect/envoy/bootstrap_config_test.go    |  8 +++---
 .../{envoy_oss_test.go => envoy_ce_test.go}   |  0
 command/login/{login_oss.go => login_ce.go}   |  0
 .../state/operator_autopilot_state_test.go    |  2 +-
 .../state/testdata/{oss => ce}/json.golden    |  0
 .../state/testdata/{oss => ce}/pretty.golden  |  0
 .../state/testdata/{oss => ce}/state.json     |  0
 ...instances_oss.go => usage_instances_ce.go} |  0
 ...oss_test.go => usage_instances_ce_test.go} |  0
 command/{registry_oss.go => registry_ce.go}   |  0
 docs/config/checklist-adding-config-fields.md |  2 +-
 docs/persistence/README.md                    |  4 +--
 .../resource/{authz_oss.go => authz_ce.go}    |  0
 .../postprocess/main.go                       | 16 +++++------
 lib/useragent.go                              |  2 +-
 .../{auto_config_oss.go => auto_config_ce.go} |  0
 .../pbcommon/{common_oss.go => common_ce.go}  |  0
 ...config_entry_oss.go => config_entry_ce.go} |  0
 .../{peering_oss.go => peering_ce.go}         |  0
 .../{convert_oss.go => convert_ce.go}         |  0
 ...convert_oss_test.go => convert_ce_test.go} |  0
 sentinel/{sentinel_oss.go => sentinel_ce.go}  |  0
 .../peering_commontopo/ac6_failovers_test.go  |  6 ++--
 test-integ/peering_commontopo/commontopo.go   |  8 +++---
 test/integration/connect/envoy/main_test.go   |  3 +-
 .../consul-container/libs/utils/tenancy.go    |  2 +-
 .../consul-container/libs/utils/version.go    |  4 +--
 .../utils/{version_oss.go => version_ce.go}   |  2 +-
 .../{tenancy_oss.go => tenancy_ce.go}         |  0
 .../consul-container/test/upgrade/README.md   |  4 +--
 testing/deployer/topology/compile.go          |  6 ++--
 testing/deployer/topology/ids.go              |  2 +-
 testing/deployer/topology/images.go           | 12 ++++----
 ui/README.md                                  |  2 +-
 .../peer/form/token/fieldsets/index.hbs       |  2 +-
 ui/packages/consul-ui/GNUmakefile             |  1 +
 .../consul-ui/app/services/client/http.js     |  2 +-
 .../app/utils/create-fingerprinter.js         |  2 +-
 ui/packages/consul-ui/config/environment.js   |  1 +
 .../consul-ui/docs/significant-patterns.mdx   |  2 +-
 243 files changed, 258 insertions(+), 250 deletions(-)
 rename .github/workflows/{oss-merge-trigger.yml => ce-merge-trigger.yml} (84%)
 rename acl/{acl_oss.go => acl_ce.go} (96%)
 rename acl/{authorizer_oss.go => authorizer_ce.go} (100%)
 rename acl/{enterprisemeta_oss.go => enterprisemeta_ce.go} (100%)
 rename acl/{errors_oss.go => errors_ce.go} (100%)
 rename acl/{policy_authorizer_oss.go => policy_authorizer_ce.go} (100%)
 rename acl/{policy_oss.go => policy_ce.go} (100%)
 rename acl/{policy_merger_oss.go => policy_merger_ce.go} (100%)
 rename agent/{acl_oss.go => acl_ce.go} (100%)
 rename agent/{agent_oss.go => agent_ce.go} (100%)
 rename agent/{agent_oss_test.go => agent_ce_test.go} (100%)
 rename agent/{agent_endpoint_oss.go => agent_endpoint_ce.go} (100%)
 rename agent/{agent_endpoint_oss_test.go => agent_endpoint_ce_test.go} (100%)
 rename agent/auto-config/{auto_config_oss.go => auto_config_ce.go} (88%)
 rename agent/auto-config/{auto_config_oss_test.go => auto_config_ce_test.go} (100%)
 rename agent/auto-config/{config_oss.go => config_ce.go} (90%)
 rename agent/auto-config/{mock_oss_test.go => mock_ce_test.go} (87%)
 rename agent/{catalog_endpoint_oss.go => catalog_endpoint_ce.go} (100%)
 rename agent/config/{builder_oss.go => builder_ce.go} (97%)
 rename agent/config/{builder_oss_test.go => builder_ce_test.go} (100%)
 rename agent/config/{config_oss.go => config_ce.go} (100%)
 rename agent/config/{default_oss.go => default_ce.go} (100%)
 rename agent/config/{runtime_oss.go => runtime_ce.go} (100%)
 rename agent/config/{runtime_oss_test.go => runtime_ce_test.go} (97%)
 rename agent/config/{segment_oss.go => segment_ce.go} (100%)
 rename agent/config/{segment_oss_test.go => segment_ce_test.go} (95%)
 rename agent/connect/{uri_agent_oss.go => uri_agent_ce.go} (87%)
 rename agent/connect/{uri_agent_oss_test.go => uri_agent_ce_test.go} (100%)
 rename agent/connect/{uri_mesh_gateway_oss.go => uri_mesh_gateway_ce.go} (87%)
 rename agent/connect/{uri_mesh_gateway_oss_test.go => uri_mesh_gateway_ce_test.go} (100%)
 rename agent/connect/{uri_service_oss.go => uri_service_ce.go} (74%)
 rename agent/connect/{uri_service_oss_test.go => uri_service_ce_test.go} (100%)
 rename agent/consul/{acl_authmethod_oss.go => acl_authmethod_ce.go} (100%)
 rename agent/consul/{acl_oss.go => acl_ce.go} (95%)
 rename agent/consul/{acl_oss_test.go => acl_ce_test.go} (100%)
 rename agent/consul/{acl_endpoint_oss.go => acl_endpoint_ce.go} (100%)
 rename agent/consul/{acl_server_oss.go => acl_server_ce.go} (100%)
 rename agent/consul/auth/{binder_oss.go => binder_ce.go} (100%)
 rename agent/consul/auth/{token_writer_oss.go => token_writer_ce.go} (100%)
 rename agent/consul/authmethod/{authmethods_oss.go => authmethods_ce.go} (100%)
 rename agent/consul/authmethod/kubeauth/{k8s_oss.go => k8s_ce.go} (100%)
 rename agent/consul/authmethod/ssoauth/{sso_oss.go => sso_ce.go} (100%)
 rename agent/consul/authmethod/testauth/{testing_oss.go => testing_ce.go} (100%)
 rename agent/consul/{autopilot_oss.go => autopilot_ce.go} (100%)
 rename agent/consul/{config_oss.go => config_ce.go} (100%)
 rename agent/consul/discoverychain/{compile_oss.go => compile_ce.go} (100%)
 rename agent/consul/{enterprise_client_oss.go => enterprise_client_ce.go} (100%)
 rename agent/consul/{enterprise_config_oss.go => enterprise_config_ce.go} (100%)
 rename agent/consul/{enterprise_server_oss.go => enterprise_server_ce.go} (99%)
 rename agent/consul/{enterprise_server_oss_test.go => enterprise_server_ce_test.go} (100%)
 rename agent/consul/fsm/{commands_oss.go => commands_ce.go} (100%)
 rename agent/consul/fsm/{commands_oss_test.go => commands_ce_test.go} (100%)
 rename agent/consul/fsm/{snapshot_oss.go => snapshot_ce.go} (99%)
 rename agent/consul/fsm/{snapshot_oss_test.go => snapshot_ce_test.go} (91%)
 rename agent/consul/{leader_oss_test.go => leader_ce_test.go} (100%)
 rename agent/consul/{leader_intentions_oss.go => leader_intentions_ce.go} (96%)
 rename agent/consul/{leader_intentions_oss_test.go => leader_intentions_ce_test.go} (100%)
 rename agent/consul/{merge_oss.go => merge_ce.go} (100%)
 rename agent/consul/{merge_oss_test.go => merge_ce_test.go} (97%)
 rename agent/consul/{options_oss.go => options_ce.go} (100%)
 rename agent/consul/{peering_backend_oss.go => peering_backend_ce.go} (100%)
 rename agent/consul/{peering_backend_oss_test.go => peering_backend_ce_test.go} (100%)
 rename agent/consul/prepared_query/{walk_oss_test.go => walk_ce_test.go} (100%)
 rename agent/consul/{prepared_query_endpoint_oss.go => prepared_query_endpoint_ce.go} (100%)
 rename agent/consul/{prepared_query_endpoint_oss_test.go => prepared_query_endpoint_ce_test.go} (96%)
 rename agent/consul/rate/{handler_oss.go => handler_ce.go} (100%)
 rename agent/consul/reporting/{reporting_oss.go => reporting_ce.go} (100%)
 rename agent/consul/{segment_oss.go => segment_ce.go} (89%)
 rename agent/consul/{server_oss.go => server_ce.go} (98%)
 rename agent/consul/{server_oss_test.go => server_ce_test.go} (100%)
 rename agent/consul/state/{acl_oss.go => acl_ce.go} (100%)
 rename agent/consul/state/{acl_oss_test.go => acl_ce_test.go} (100%)
 rename agent/consul/state/{catalog_oss.go => catalog_ce.go} (99%)
 rename agent/consul/state/{catalog_oss_test.go => catalog_ce_test.go} (100%)
 rename agent/consul/state/{catalog_events_oss.go => catalog_events_ce.go} (100%)
 rename agent/consul/state/{catalog_events_oss_test.go => catalog_events_ce_test.go} (92%)
 rename agent/consul/state/{config_entry_oss.go => config_entry_ce.go} (95%)
 rename agent/consul/state/{config_entry_oss_test.go => config_entry_ce_test.go} (100%)
 rename agent/consul/state/{config_entry_exported_services_oss.go => config_entry_exported_services_ce.go} (100%)
 rename agent/consul/state/{config_entry_intention_oss.go => config_entry_intention_ce.go} (100%)
 rename agent/consul/state/{config_entry_sameness_group_oss.go => config_entry_sameness_group_ce.go} (94%)
 rename agent/consul/state/{config_entry_sameness_group_oss_test.go => config_entry_sameness_group_ce_test.go} (100%)
 rename agent/consul/state/{coordinate_oss.go => coordinate_ce.go} (100%)
 rename agent/consul/state/{coordinate_oss_test.go => coordinate_ce_test.go} (100%)
 rename agent/consul/state/{delay_oss.go => delay_ce.go} (100%)
 rename agent/consul/state/{graveyard_oss.go => graveyard_ce.go} (100%)
 rename agent/consul/state/{intention_oss.go => intention_ce.go} (100%)
 rename agent/consul/state/{kvs_oss.go => kvs_ce.go} (100%)
 rename agent/consul/state/{kvs_oss_test.go => kvs_ce_test.go} (100%)
 rename agent/consul/state/{operations_oss.go => operations_ce.go} (100%)
 rename agent/consul/state/{peering_oss.go => peering_ce.go} (100%)
 rename agent/consul/state/{peering_oss_test.go => peering_ce_test.go} (100%)
 rename agent/consul/state/{query_oss.go => query_ce.go} (100%)
 rename agent/consul/state/{schema_oss.go => schema_ce.go} (100%)
 rename agent/consul/state/{schema_oss_test.go => schema_ce_test.go} (100%)
 rename agent/consul/state/{session_oss.go => session_ce.go} (100%)
 rename agent/consul/state/{state_store_oss_test.go => state_store_ce_test.go} (100%)
 rename agent/consul/state/{usage_oss.go => usage_ce.go} (100%)
 rename agent/consul/{tenancy_bridge_oss.go => tenancy_bridge_ce.go} (100%)
 rename agent/consul/usagemetrics/{usagemetrics_oss.go => usagemetrics_ce.go} (100%)
 rename agent/consul/usagemetrics/{usagemetrics_oss_test.go => usagemetrics_ce_test.go} (99%)
 rename agent/{dns_oss.go => dns_ce.go} (97%)
 rename agent/{dns_oss_test.go => dns_ce_test.go} (98%)
 rename agent/{enterprise_delegate_oss.go => enterprise_delegate_ce.go} (78%)
 rename agent/grpc-external/services/resource/{server_oss.go => server_ce.go} (100%)
 rename agent/grpc-external/services/resource/{server_oss_test.go => server_ce_test.go} (100%)
 rename agent/{http_oss.go => http_ce.go} (99%)
 rename agent/{http_oss_test.go => http_ce_test.go} (97%)
 rename agent/{intentions_endpoint_oss_test.go => intentions_endpoint_ce_test.go} (95%)
 rename agent/{operator_endpoint_oss.go => operator_endpoint_ce.go} (97%)
 rename agent/{operator_endpoint_oss_test.go => operator_endpoint_ce_test.go} (100%)
 rename agent/{peering_endpoint_oss_test.go => peering_endpoint_ce_test.go} (86%)
 rename agent/proxycfg-glue/{intentions_oss.go => intentions_ce.go} (100%)
 rename agent/proxycfg/{data_sources_oss.go => data_sources_ce.go} (100%)
 rename agent/proxycfg/{mesh_gateway_oss.go => mesh_gateway_ce.go} (100%)
 rename agent/proxycfg/{naming_oss.go => naming_ce.go} (100%)
 rename agent/proxycfg/{state_oss_test.go => state_ce_test.go} (100%)
 rename agent/proxycfg/{testing_oss.go => testing_ce.go} (100%)
 rename agent/proxycfg/{testing_upstreams_oss.go => testing_upstreams_ce.go} (100%)
 rename agent/rpc/peering/{service_oss_test.go => service_ce_test.go} (100%)
 rename agent/rpc/peering/{testutil_oss_test.go => testutil_ce_test.go} (100%)
 rename agent/{setup_oss.go => setup_ce.go} (100%)
 rename agent/structs/{acl_oss.go => acl_ce.go} (100%)
 rename agent/structs/{autopilot_oss.go => autopilot_ce.go} (100%)
 rename agent/structs/{catalog_oss.go => catalog_ce.go} (100%)
 rename agent/structs/{config_entry_apigw_jwt_oss.go => config_entry_apigw_jwt_ce.go} (100%)
 rename agent/structs/{config_entry_oss.go => config_entry_ce.go} (100%)
 rename agent/structs/{config_entry_oss_test.go => config_entry_ce_test.go} (97%)
 rename agent/structs/{config_entry_discoverychain_oss.go => config_entry_discoverychain_ce.go} (98%)
 rename agent/structs/{config_entry_discoverychain_oss_test.go => config_entry_discoverychain_ce_test.go} (89%)
 rename agent/structs/{config_entry_exports_oss.go => config_entry_exports_ce.go} (100%)
 rename agent/structs/{config_entry_exports_oss_test.go => config_entry_exports_ce_test.go} (94%)
 rename agent/structs/{config_entry_intentions_oss.go => config_entry_intentions_ce.go} (100%)
 rename agent/structs/{config_entry_intentions_oss_test.go => config_entry_intentions_ce_test.go} (100%)
 rename agent/structs/{config_entry_jwt_provider_oss.go => config_entry_jwt_provider_ce.go} (100%)
 rename agent/structs/{config_entry_mesh_oss.go => config_entry_mesh_ce.go} (100%)
 rename agent/structs/{config_entry_sameness_group_oss.go => config_entry_sameness_group_ce.go} (78%)
 rename agent/structs/{connect_oss.go => connect_ce.go} (100%)
 rename agent/structs/{connect_proxy_config_oss.go => connect_proxy_config_ce.go} (100%)
 rename agent/structs/{discovery_chain_oss.go => discovery_chain_ce.go} (100%)
 rename agent/structs/{intention_oss.go => intention_ce.go} (90%)
 rename agent/structs/{structs.deepcopy_oss.go => structs.deepcopy_ce.go} (100%)
 rename agent/structs/{structs_oss.go => structs_ce.go} (99%)
 rename agent/structs/{structs_oss_test.go => structs_ce_test.go} (100%)
 rename agent/token/{store_oss.go => store_ce.go} (92%)
 rename agent/{ui_endpoint_oss_test.go => ui_endpoint_ce_test.go} (100%)
 rename agent/xds/{delta_envoy_extender_oss_test.go => delta_envoy_extender_ce_test.go} (100%)
 rename agent/xds/extensionruntime/{runtime_config_oss_test.go => runtime_config_ce_test.go} (100%)
 rename agent/xds/{failover_policy_oss.go => failover_policy_ce.go} (100%)
 rename agent/xds/{locality_policy_oss.go => locality_policy_ce.go} (100%)
 rename agent/xds/proxystateconverter/{failover_policy_oss.go => failover_policy_ce.go} (100%)
 rename agent/xds/proxystateconverter/{locality_policy_oss.go => locality_policy_ce.go} (100%)
 rename agent/xds/{resources_oss_test.go => resources_ce_test.go} (100%)
 rename agent/xds/{server_oss.go => server_ce.go} (100%)
 rename api/{oss_test.go => ce_test.go} (83%)
 rename command/acl/authmethod/create/{authmethod_create_oss.go => authmethod_create_ce.go} (100%)
 rename command/acl/authmethod/update/{authmethod_update_oss.go => authmethod_update_ce.go} (100%)
 rename command/acl/token/{formatter_oss_test.go => formatter_ce_test.go} (78%)
 rename command/acl/token/testdata/FormatTokenExpanded/{oss => ce}/basic.json.golden (100%)
 rename command/acl/token/testdata/FormatTokenExpanded/{oss => ce}/basic.pretty-meta.golden (100%)
 rename command/acl/token/testdata/FormatTokenExpanded/{oss => ce}/basic.pretty.golden (100%)
 rename command/acl/token/testdata/FormatTokenExpanded/{oss => ce}/complex.json.golden (100%)
 rename command/acl/token/testdata/FormatTokenExpanded/{oss => ce}/complex.pretty-meta.golden (100%)
 rename command/acl/token/testdata/FormatTokenExpanded/{oss => ce}/complex.pretty.golden (100%)
 rename command/catalog/{helpers_oss.go => helpers_ce.go} (100%)
 rename command/connect/envoy/{envoy_oss_test.go => envoy_ce_test.go} (100%)
 rename command/login/{login_oss.go => login_ce.go} (100%)
 rename command/operator/autopilot/state/testdata/{oss => ce}/json.golden (100%)
 rename command/operator/autopilot/state/testdata/{oss => ce}/pretty.golden (100%)
 rename command/operator/autopilot/state/testdata/{oss => ce}/state.json (100%)
 rename command/operator/usage/instances/{usage_instances_oss.go => usage_instances_ce.go} (100%)
 rename command/operator/usage/instances/{usage_instances_oss_test.go => usage_instances_ce_test.go} (100%)
 rename command/{registry_oss.go => registry_ce.go} (100%)
 rename internal/resource/{authz_oss.go => authz_ce.go} (100%)
 rename proto/private/pbautoconf/{auto_config_oss.go => auto_config_ce.go} (100%)
 rename proto/private/pbcommon/{common_oss.go => common_ce.go} (100%)
 rename proto/private/pbconfigentry/{config_entry_oss.go => config_entry_ce.go} (100%)
 rename proto/private/pbpeering/{peering_oss.go => peering_ce.go} (100%)
 rename proto/private/pbservice/{convert_oss.go => convert_ce.go} (100%)
 rename proto/private/pbservice/{convert_oss_test.go => convert_ce_test.go} (100%)
 rename sentinel/{sentinel_oss.go => sentinel_ce.go} (100%)
 rename test/integration/consul-container/libs/utils/{version_oss.go => version_ce.go} (82%)
 rename test/integration/consul-container/test/gateways/{tenancy_oss.go => tenancy_ce.go} (100%)

diff --git a/.github/scripts/get_runner_classes.sh b/.github/scripts/get_runner_classes.sh
index e78aa78f127b..abd3f1bce2d0 100755
--- a/.github/scripts/get_runner_classes.sh
+++ b/.github/scripts/get_runner_classes.sh
@@ -13,7 +13,7 @@ case "$GITHUB_REPOSITORY" in
         echo "compute-small=['self-hosted', 'linux', 'small']" >> "$GITHUB_OUTPUT"
         echo "compute-medium=['self-hosted', 'linux', 'medium']" >> "$GITHUB_OUTPUT"
         echo "compute-large=['self-hosted', 'linux', 'large']" >> "$GITHUB_OUTPUT"
-        # m5d.8xlarge is equivalent to our xl custom runner in OSS
+        # m5d.8xlarge is equivalent to our xl custom runner in CE
         echo "compute-xl=['self-hosted', 'ondemand', 'linux', 'type=m5d.8xlarge']" >> "$GITHUB_OUTPUT"
         ;;
     *)
diff --git a/.github/scripts/get_runner_classes_windows.sh b/.github/scripts/get_runner_classes_windows.sh
index 6b26c6d86c58..d9f46488798f 100755
--- a/.github/scripts/get_runner_classes_windows.sh
+++ b/.github/scripts/get_runner_classes_windows.sh
@@ -13,7 +13,7 @@ case "$GITHUB_REPOSITORY" in
         echo "compute-small=['self-hosted', 'windows', 'small']" >> "$GITHUB_OUTPUT"
         echo "compute-medium=['self-hosted', 'windows', 'medium']" >> "$GITHUB_OUTPUT"
         echo "compute-large=['self-hosted', 'windows', 'large']" >> "$GITHUB_OUTPUT"
-        # m5d.8xlarge is equivalent to our xl custom runner in OSS
+        # m5d.8xlarge is equivalent to our xl custom runner in CE
         echo "compute-xl=['self-hosted', 'ondemand', 'windows', 'type=m5d.8xlarge']" >> "$GITHUB_OUTPUT"
         ;;
     *)
diff --git a/.github/workflows/build-artifacts.yml b/.github/workflows/build-artifacts.yml
index 9e09bcecc662..2977a73b6eb0 100644
--- a/.github/workflows/build-artifacts.yml
+++ b/.github/workflows/build-artifacts.yml
@@ -80,7 +80,7 @@ jobs:
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
 
-    # NOTE: conditional specific logic as we store secrets in Vault in ENT and use GHA secrets in OSS.
+    # NOTE: conditional specific logic as we store secrets in Vault in ENT and use GHA secrets in CE.
     - name: Login to Docker Hub
       uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
       with:
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a63609a3da12..8af561716a21 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -13,6 +13,7 @@ on:
 
 env:
   PKG_NAME: consul
+  # TODO(spatel): CE refactor
   METADATA: oss
   GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
diff --git a/.github/workflows/oss-merge-trigger.yml b/.github/workflows/ce-merge-trigger.yml
similarity index 84%
rename from .github/workflows/oss-merge-trigger.yml
rename to .github/workflows/ce-merge-trigger.yml
index 9146f7bc2214..30a6b5fd90df 100644
--- a/.github/workflows/oss-merge-trigger.yml
+++ b/.github/workflows/ce-merge-trigger.yml
@@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Trigger OSS to Enterprise Merge
+name: Trigger Community Edition to Enterprise Merge
 on:
   pull_request_target:
     types:
@@ -11,8 +11,8 @@ on:
       - release/**
 
 jobs:
-  trigger-oss-merge:
-    # run this only on merge events in OSS repo
+  trigger-ce-merge:
+    # run this only on merge events in CE repo
     if: ${{ github.event.pull_request.merged && github.repository == 'hashicorp/consul' }}
     runs-on: ubuntu-latest
     steps:
@@ -22,6 +22,7 @@ jobs:
           GIT_SHA: ${{ github.sha }}
           GH_PAT: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
           GIT_ACTOR: ${{ github.actor }}
+        # TODO(spatel): CE refactor
         run: |
           curl -H "Authorization: token $GH_PAT" \
             -H 'Accept: application/json' \
diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml
index 1fc107844b81..63d02962fb01 100644
--- a/.github/workflows/frontend.yml
+++ b/.github/workflows/frontend.yml
@@ -79,7 +79,7 @@ jobs:
       matrix:
         partition: [1, 2, 3, 4]
     env:
-      EMBER_TEST_REPORT: test-results/report-oss.xml # outputs test report for CI test summary
+      EMBER_TEST_REPORT: test-results/report-ce.xml # outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true # enables test parallelization with ember-exam
       CONSUL_NSPACES_ENABLED: ${{ endsWith(github.repository, '-enterprise') && 1 || 0 }} # NOTE: this should be 1 in ENT.
       JOBS: 2 # limit parallelism for broccoli-babel-transpiler
diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 561c7e1e3dbd..2136f43185e2 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -199,7 +199,7 @@ jobs:
   #     elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
 
   # dev-build-arm64:
-  #   # only run on enterprise because GHA does not have arm64 runners in OSS
+  #   # only run on enterprise because GHA does not have arm64 runners in CE
   #   if: ${{ endsWith(github.repository, '-enterprise') }}
   #   needs:
   #   - setup
@@ -213,7 +213,7 @@ jobs:
   #     elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
 
   # go-test-arm64:
-  #   # only run on enterprise because GHA does not have arm64 runners in OSS
+  #   # only run on enterprise because GHA does not have arm64 runners in CE
   #   if: ${{ endsWith(github.repository, '-enterprise') }}
   #   needs:
   #   - setup
@@ -231,7 +231,7 @@ jobs:
   #     consul-license: ${{secrets.CONSUL_LICENSE}}
   #     datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
 
-  go-test-oss:
+  go-test-ce:
     needs:
     - setup
     - dev-build
@@ -476,7 +476,7 @@ jobs:
     - lint-32bit
     # - go-test-arm64
     - go-test-enterprise
-    - go-test-oss
+    - go-test-ce
     - go-test-race
     - go-test-envoyextensions
     - go-test-troubleshoot
diff --git a/.github/workflows/nightly-test-1.13.x.yaml b/.github/workflows/nightly-test-1.13.x.yaml
index 20d900d08f43..f314a475dfbd 100644
--- a/.github/workflows/nightly-test-1.13.x.yaml
+++ b/.github/workflows/nightly-test-1.13.x.yaml
@@ -43,7 +43,7 @@ jobs:
         working-directory: ./ui/packages/consul-ui
         run: make test-node
 
-  frontend-build-oss:
+  frontend-build-ce:
     runs-on: ubuntu-latest
     env:
       JOBS: 2
@@ -65,27 +65,27 @@ jobs:
         working-directory: ./ui
         run: make deps
 
-      - name: Ember Build OSS
-        id: build-oss
+      - name: Ember Build CE
+        id: build-ce
         working-directory: ./ui/packages/consul-ui
         run: make build-ci
 
-      - name: Upload OSS Frontend
+      - name: Upload CE Frontend
         uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
-          name: frontend-oss-${{ env.BRANCH_NAME }}
+          name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
           if-no-files-found: error
 
-  frontend-test-oss:
+  frontend-test-ce:
     runs-on: ubuntu-latest
-    needs: [frontend-build-oss]
+    needs: [frontend-build-ce]
     strategy:
       matrix:
         partition: [ 1, 2, 3, 4 ]
     env:
       CONSUL_NSPACES_ENABLED: 0
-      EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
+      EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@@ -104,13 +104,13 @@ jobs:
         working-directory: ./ui
         run: make deps
 
-      - name: Download OSS Frontend
+      - name: Download CE Frontend
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
-          name: frontend-oss-${{ env.BRANCH_NAME }}
+          name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
 
-      - name: Ember Test OSS
+      - name: Ember Test CE
         id: cache
         working-directory: ./ui/packages/consul-ui
         run: node_modules/.bin/ember exam --split=$EMBER_PARTITION_TOTAL --partition=${{ matrix.partition }} --path dist --silent -r xunit
@@ -138,7 +138,7 @@ jobs:
         run: make deps
 
       - name: Ember Build ENT
-        id: build-oss
+        id: build-ce
         working-directory: ./ui/packages/consul-ui
         run: make build-ci
 
@@ -157,7 +157,7 @@ jobs:
         partition: [ 1, 2, 3, 4 ]
     env:
       CONSUL_NSPACES_ENABLED: 1
-      EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
+      EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@@ -219,7 +219,7 @@ jobs:
 
   slack-failure-notification:
     runs-on: ubuntu-latest
-    needs: [frontend-test-oss, frontend-test-ent]
+    needs: [frontend-test-ce, frontend-test-ent]
     if: ${{ failure() }}
     steps:
       - name: Slack Notification
diff --git a/.github/workflows/nightly-test-1.14.x.yaml b/.github/workflows/nightly-test-1.14.x.yaml
index c8021e05a8b2..11fb011d1357 100644
--- a/.github/workflows/nightly-test-1.14.x.yaml
+++ b/.github/workflows/nightly-test-1.14.x.yaml
@@ -43,7 +43,7 @@ jobs:
         working-directory: ./ui/packages/consul-ui
         run: make test-node
 
-  frontend-build-oss:
+  frontend-build-ce:
     runs-on: ubuntu-latest
     env:
       JOBS: 2
@@ -65,27 +65,27 @@ jobs:
         working-directory: ./ui
         run: make deps
 
-      - name: Ember Build OSS
-        id: build-oss
+      - name: Ember Build CE
+        id: build-ce
         working-directory: ./ui/packages/consul-ui
         run: make build-ci
 
-      - name: Upload OSS Frontend
+      - name: Upload CE Frontend
         uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
-          name: frontend-oss-${{ env.BRANCH_NAME }}
+          name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
           if-no-files-found: error
 
-  frontend-test-oss:
+  frontend-test-ce:
     runs-on: ubuntu-latest
-    needs: [frontend-build-oss]
+    needs: [frontend-build-ce]
     strategy:
       matrix:
         partition: [ 1, 2, 3, 4 ]
     env:
       CONSUL_NSPACES_ENABLED: 0
-      EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
+      EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@@ -104,13 +104,13 @@ jobs:
         working-directory: ./ui
         run: make deps
 
-      - name: Download OSS Frontend
+      - name: Download CE Frontend
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
-          name: frontend-oss-${{ env.BRANCH_NAME }}
+          name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
 
-      - name: Ember Test OSS
+      - name: Ember Test CE
         id: cache
         working-directory: ./ui/packages/consul-ui
         run: node_modules/.bin/ember exam --split=$EMBER_PARTITION_TOTAL --partition=${{ matrix.partition }} --path dist --silent -r xunit
@@ -138,7 +138,7 @@ jobs:
         run: make deps
 
       - name: Ember Build ENT
-        id: build-oss
+        id: build-ce
         working-directory: ./ui/packages/consul-ui
         run: make build-ci
 
@@ -157,7 +157,7 @@ jobs:
         partition: [ 1, 2, 3, 4 ]
     env:
       CONSUL_NSPACES_ENABLED: 1
-      EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
+      EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@@ -219,7 +219,7 @@ jobs:
 
   slack-failure-notification:
     runs-on: ubuntu-latest
-    needs: [frontend-test-oss, frontend-test-ent]
+    needs: [frontend-test-ce, frontend-test-ent]
     if: ${{ failure() }}
     steps:
       - name: Slack Notification
diff --git a/.github/workflows/nightly-test-1.15.x.yaml b/.github/workflows/nightly-test-1.15.x.yaml
index 0a7c93205efa..a98eb73070b3 100644
--- a/.github/workflows/nightly-test-1.15.x.yaml
+++ b/.github/workflows/nightly-test-1.15.x.yaml
@@ -43,7 +43,7 @@ jobs:
         working-directory: ./ui/packages/consul-ui
         run: make test-node
 
-  frontend-build-oss:
+  frontend-build-ce:
     runs-on: ubuntu-latest
     env:
       JOBS: 2
@@ -65,27 +65,27 @@ jobs:
         working-directory: ./ui
         run: make deps
 
-      - name: Ember Build OSS
-        id: build-oss
+      - name: Ember Build CE
+        id: build-ce
         working-directory: ./ui/packages/consul-ui
         run: make build-ci
 
-      - name: Upload OSS Frontend
+      - name: Upload CE Frontend
         uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
-          name: frontend-oss-${{ env.BRANCH_NAME }}
+          name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
           if-no-files-found: error
 
-  frontend-test-oss:
+  frontend-test-ce:
     runs-on: ubuntu-latest
-    needs: [frontend-build-oss]
+    needs: [frontend-build-ce]
     strategy:
       matrix:
         partition: [ 1, 2, 3, 4 ]
     env:
       CONSUL_NSPACES_ENABLED: 0
-      EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
+      EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@@ -104,13 +104,13 @@ jobs:
         working-directory: ./ui
         run: make deps
 
-      - name: Download OSS Frontend
+      - name: Download CE Frontend
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
-          name: frontend-oss-${{ env.BRANCH_NAME }}
+          name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
 
-      - name: Ember Test OSS
+      - name: Ember Test CE
         id: cache
         working-directory: ./ui/packages/consul-ui
         run: node_modules/.bin/ember exam --split=$EMBER_PARTITION_TOTAL --partition=${{ matrix.partition }} --path dist --silent -r xunit
@@ -138,7 +138,7 @@ jobs:
         run: make deps
 
       - name: Ember Build ENT
-        id: build-oss
+        id: build-ce
         working-directory: ./ui/packages/consul-ui
         run: make build-ci
 
@@ -157,7 +157,7 @@ jobs:
         partition: [ 1, 2, 3, 4 ]
     env:
       CONSUL_NSPACES_ENABLED: 1
-      EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
+      EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@@ -219,7 +219,7 @@ jobs:
 
   slack-failure-notification:
     runs-on: ubuntu-latest
-    needs: [frontend-test-oss, frontend-test-ent]
+    needs: [frontend-test-ce, frontend-test-ent]
     if: ${{ failure() }}
     steps:
       - name: Slack Notification
diff --git a/.github/workflows/nightly-test-1.16.x.yaml b/.github/workflows/nightly-test-1.16.x.yaml
index b98e96a41f46..b441eca5d0f5 100644
--- a/.github/workflows/nightly-test-1.16.x.yaml
+++ b/.github/workflows/nightly-test-1.16.x.yaml
@@ -43,7 +43,7 @@ jobs:
         working-directory: ./ui/packages/consul-ui
         run: make test-node
 
-  frontend-build-oss:
+  frontend-build-ce:
     runs-on: ubuntu-latest
     env:
       JOBS: 2
@@ -65,27 +65,27 @@ jobs:
         working-directory: ./ui
         run: make deps
 
-      - name: Ember Build OSS
-        id: build-oss
+      - name: Ember Build CE
+        id: build-ce
         working-directory: ./ui/packages/consul-ui
         run: make build-ci
 
-      - name: Upload OSS Frontend
+      - name: Upload CE Frontend
         uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
-          name: frontend-oss-${{ env.BRANCH_NAME }}
+          name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
           if-no-files-found: error
 
-  frontend-test-oss:
+  frontend-test-ce:
     runs-on: ubuntu-latest
-    needs: [frontend-build-oss]
+    needs: [frontend-build-ce]
     strategy:
       matrix:
         partition: [ 1, 2, 3, 4 ]
     env:
       CONSUL_NSPACES_ENABLED: 0
-      EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
+      EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@@ -104,13 +104,13 @@ jobs:
         working-directory: ./ui
         run: make deps
 
-      - name: Download OSS Frontend
+      - name: Download CE Frontend
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
-          name: frontend-oss-${{ env.BRANCH_NAME }}
+          name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
 
-      - name: Ember Test OSS
+      - name: Ember Test CE
         id: cache
         working-directory: ./ui/packages/consul-ui
         run: node_modules/.bin/ember exam --split=$EMBER_PARTITION_TOTAL --partition=${{ matrix.partition }} --path dist --silent -r xunit
@@ -138,7 +138,7 @@ jobs:
         run: make deps
 
       - name: Ember Build ENT
-        id: build-oss
+        id: build-ce
         working-directory: ./ui/packages/consul-ui
         run: make build-ci
 
@@ -157,7 +157,7 @@ jobs:
         partition: [ 1, 2, 3, 4 ]
     env:
       CONSUL_NSPACES_ENABLED: 1
-      EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
+      EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@@ -219,7 +219,7 @@ jobs:
 
   slack-failure-notification:
     runs-on: ubuntu-latest
-    needs: [frontend-test-oss, frontend-test-ent]
+    needs: [frontend-test-ce, frontend-test-ent]
     if: ${{ failure() }}
     steps:
       - name: Slack Notification
diff --git a/.github/workflows/nightly-test-main.yaml b/.github/workflows/nightly-test-main.yaml
index 4f392c4fa6bc..2846f5b71c39 100644
--- a/.github/workflows/nightly-test-main.yaml
+++ b/.github/workflows/nightly-test-main.yaml
@@ -43,7 +43,7 @@ jobs:
         working-directory: ./ui/packages/consul-ui
         run: make test-node
 
-  frontend-build-oss:
+  frontend-build-ce:
     runs-on: ubuntu-latest
     env:
       JOBS: 2
@@ -65,27 +65,27 @@ jobs:
         working-directory: ./ui
         run: make deps
 
-      - name: Ember Build OSS
-        id: build-oss
+      - name: Ember Build CE
+        id: build-ce
         working-directory: ./ui/packages/consul-ui
         run: make build-ci
 
-      - name: Upload OSS Frontend
+      - name: Upload CE Frontend
         uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
-          name: frontend-oss-${{ env.BRANCH_NAME }}
+          name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
           if-no-files-found: error
 
-  frontend-test-oss:
+  frontend-test-ce:
     runs-on: ubuntu-latest
-    needs: [frontend-build-oss]
+    needs: [frontend-build-ce]
     strategy:
       matrix:
         partition: [ 1, 2, 3, 4 ]
     env:
       CONSUL_NSPACES_ENABLED: 0
-      EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
+      EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@@ -104,13 +104,13 @@ jobs:
         working-directory: ./ui
         run: make deps
 
-      - name: Download OSS Frontend
+      - name: Download CE Frontend
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
-          name: frontend-oss-${{ env.BRANCH_NAME }}
+          name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
 
-      - name: Ember Test OSS
+      - name: Ember Test CE
         id: cache
         working-directory: ./ui/packages/consul-ui
         run: node_modules/.bin/ember exam --split=$EMBER_PARTITION_TOTAL --partition=${{ matrix.partition }} --path dist --silent -r xunit
@@ -138,7 +138,7 @@ jobs:
         run: make deps
 
       - name: Ember Build ENT
-        id: build-oss
+        id: build-ce
         working-directory: ./ui/packages/consul-ui
         run: make build-ci
 
@@ -157,7 +157,7 @@ jobs:
         partition: [ 1, 2, 3, 4 ]
     env:
       CONSUL_NSPACES_ENABLED: 1
-      EMBER_TEST_REPORT: test-results/report-oss.xml #outputs test report for CI test summary
+      EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@@ -219,7 +219,7 @@ jobs:
 
   slack-failure-notification:
     runs-on: ubuntu-latest
-    needs: [frontend-test-oss, frontend-test-ent]
+    needs: [frontend-test-ce, frontend-test-ent]
     if: ${{ failure() }}
     steps:
       - name: Slack Notification
diff --git a/.golangci.yml b/.golangci.yml
index bb7c03550918..b0730c957708 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -51,11 +51,11 @@ issues:
     - linters: [unparam]
       text: "`(t|resp|req|entMeta)` is unused"
 
-    # Temp ignore everything in _oss(_test).go and _ent(_test).go. Many of these
+    # Temp ignore everything in _ce(_test).go and _ent(_test).go. Many of these
     # could use underscore to ignore the unused arguments, but the "always returns"
-    # issue will likely remain in oss, and will need to be excluded.
+    # issue will likely remain in CE, and will need to be excluded.
     - linters: [unparam]
-      path: "(_oss.go|_oss_test.go|_ent.go|_ent_test.go)"
+      path: "(_ce.go|_ce_test.go|_ent.go|_ent_test.go)"
 
 linters-settings:
   govet:
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 34c1c672b38d..0dd5116c6ece 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -11,6 +11,7 @@ binary {
 	secrets      = false
 	go_modules   = false
 	osv          = true
+	# TODO(spatel): CE refactor
 	oss_index    = true
 	nvd          = true
 }
diff --git a/acl/acl_oss.go b/acl/acl_ce.go
similarity index 96%
rename from acl/acl_oss.go
rename to acl/acl_ce.go
index 7c92275ec83a..76e77f3b8f46 100644
--- a/acl/acl_oss.go
+++ b/acl/acl_ce.go
@@ -17,7 +17,7 @@ const (
 const DefaultNamespaceName = "default"
 
 type EnterpriseConfig struct {
-	// no fields in OSS
+	// no fields in CE
 }
 
 func (_ *EnterpriseConfig) Close() {
diff --git a/acl/authorizer_oss.go b/acl/authorizer_ce.go
similarity index 100%
rename from acl/authorizer_oss.go
rename to acl/authorizer_ce.go
diff --git a/acl/enterprisemeta_oss.go b/acl/enterprisemeta_ce.go
similarity index 100%
rename from acl/enterprisemeta_oss.go
rename to acl/enterprisemeta_ce.go
diff --git a/acl/errors_oss.go b/acl/errors_ce.go
similarity index 100%
rename from acl/errors_oss.go
rename to acl/errors_ce.go
diff --git a/acl/policy_authorizer_oss.go b/acl/policy_authorizer_ce.go
similarity index 100%
rename from acl/policy_authorizer_oss.go
rename to acl/policy_authorizer_ce.go
diff --git a/acl/policy_oss.go b/acl/policy_ce.go
similarity index 100%
rename from acl/policy_oss.go
rename to acl/policy_ce.go
diff --git a/acl/policy_merger_oss.go b/acl/policy_merger_ce.go
similarity index 100%
rename from acl/policy_merger_oss.go
rename to acl/policy_merger_ce.go
diff --git a/agent/acl_oss.go b/agent/acl_ce.go
similarity index 100%
rename from agent/acl_oss.go
rename to agent/acl_ce.go
diff --git a/agent/agent.go b/agent/agent.go
index dc98aafbf50c..229ec5b8fd3d 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -3755,7 +3755,7 @@ func (a *Agent) loadServices(conf *config.RuntimeConfig, snap map[structs.CheckI
 		}
 
 		if acl.EqualPartitions("", p.Service.PartitionOrEmpty()) {
-			// NOTE: in case loading a service with empty partition (e.g., OSS -> ENT),
+			// NOTE: in case loading a service with empty partition (e.g., CE -> ENT),
 			// we always default the service partition to the agent's partition.
 			p.Service.OverridePartition(a.AgentEnterpriseMeta().PartitionOrDefault())
 		} else if !acl.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Service.PartitionOrDefault()) {
diff --git a/agent/agent_oss.go b/agent/agent_ce.go
similarity index 100%
rename from agent/agent_oss.go
rename to agent/agent_ce.go
diff --git a/agent/agent_oss_test.go b/agent/agent_ce_test.go
similarity index 100%
rename from agent/agent_oss_test.go
rename to agent/agent_ce_test.go
diff --git a/agent/agent_endpoint_oss.go b/agent/agent_endpoint_ce.go
similarity index 100%
rename from agent/agent_endpoint_oss.go
rename to agent/agent_endpoint_ce.go
diff --git a/agent/agent_endpoint_oss_test.go b/agent/agent_endpoint_ce_test.go
similarity index 100%
rename from agent/agent_endpoint_oss_test.go
rename to agent/agent_endpoint_ce_test.go
diff --git a/agent/auto-config/auto_config_oss.go b/agent/auto-config/auto_config_ce.go
similarity index 88%
rename from agent/auto-config/auto_config_oss.go
rename to agent/auto-config/auto_config_ce.go
index ed3d85123350..5e5d79963463 100644
--- a/agent/auto-config/auto_config_oss.go
+++ b/agent/auto-config/auto_config_ce.go
@@ -6,7 +6,7 @@
 
 package autoconf
 
-// AutoConfigEnterprise has no fields in OSS
+// AutoConfigEnterprise has no fields in CE
 type AutoConfigEnterprise struct{}
 
 // newAutoConfigEnterprise initializes the enterprise AutoConfig struct
diff --git a/agent/auto-config/auto_config_oss_test.go b/agent/auto-config/auto_config_ce_test.go
similarity index 100%
rename from agent/auto-config/auto_config_oss_test.go
rename to agent/auto-config/auto_config_ce_test.go
diff --git a/agent/auto-config/config_oss.go b/agent/auto-config/config_ce.go
similarity index 90%
rename from agent/auto-config/config_oss.go
rename to agent/auto-config/config_ce.go
index 946051d04375..6e7e470f298f 100644
--- a/agent/auto-config/config_oss.go
+++ b/agent/auto-config/config_ce.go
@@ -9,7 +9,7 @@ package autoconf
 // EnterpriseConfig stub - only populated in Consul Enterprise
 type EnterpriseConfig struct{}
 
-// finalize is a noop for OSS
+// finalize is a noop for CE
 func (_ *EnterpriseConfig) validateAndFinalize() error {
 	return nil
 }
diff --git a/agent/auto-config/mock_oss_test.go b/agent/auto-config/mock_ce_test.go
similarity index 87%
rename from agent/auto-config/mock_oss_test.go
rename to agent/auto-config/mock_ce_test.go
index a0d2ff785978..cb741b6d4754 100644
--- a/agent/auto-config/mock_oss_test.go
+++ b/agent/auto-config/mock_ce_test.go
@@ -10,7 +10,7 @@ import (
 	"testing"
 )
 
-// mockedEnterpriseConfig is pretty much just a stub in OSS
+// mockedEnterpriseConfig is pretty much just a stub in CE.
 // It does contain an enterprise config for compatibility
 // purposes but that in and of itself is just a stub.
 type mockedEnterpriseConfig struct {
diff --git a/agent/catalog_endpoint_oss.go b/agent/catalog_endpoint_ce.go
similarity index 100%
rename from agent/catalog_endpoint_oss.go
rename to agent/catalog_endpoint_ce.go
diff --git a/agent/config/builder_oss.go b/agent/config/builder_ce.go
similarity index 97%
rename from agent/config/builder_oss.go
rename to agent/config/builder_ce.go
index 7f94a06093b6..ab7e1ece5a87 100644
--- a/agent/config/builder_oss.go
+++ b/agent/config/builder_ce.go
@@ -13,7 +13,7 @@ import (
 // validateEnterpriseConfig is a function to validate the enterprise specific
 // configuration items after Parsing but before merging into the overall
 // configuration. The original intent is to use it to ensure that we warn
-// for enterprise configurations used in OSS.
+// for enterprise configurations used in CE.
 func validateEnterpriseConfigKeys(config *Config) []error {
 	var result []error
 	add := func(k string) {
diff --git a/agent/config/builder_oss_test.go b/agent/config/builder_ce_test.go
similarity index 100%
rename from agent/config/builder_oss_test.go
rename to agent/config/builder_ce_test.go
diff --git a/agent/config/config_oss.go b/agent/config/config_ce.go
similarity index 100%
rename from agent/config/config_oss.go
rename to agent/config/config_ce.go
diff --git a/agent/config/default_oss.go b/agent/config/default_ce.go
similarity index 100%
rename from agent/config/default_oss.go
rename to agent/config/default_ce.go
diff --git a/agent/config/runtime_oss.go b/agent/config/runtime_ce.go
similarity index 100%
rename from agent/config/runtime_oss.go
rename to agent/config/runtime_ce.go
diff --git a/agent/config/runtime_oss_test.go b/agent/config/runtime_ce_test.go
similarity index 97%
rename from agent/config/runtime_oss_test.go
rename to agent/config/runtime_ce_test.go
index f52aee3b3830..bab33fca55c8 100644
--- a/agent/config/runtime_oss_test.go
+++ b/agent/config/runtime_ce_test.go
@@ -35,9 +35,9 @@ var enterpriseConfigKeyWarnings = []string{
 	enterpriseConfigKeyError{key: "reporting.license.enabled"}.Error(),
 }
 
-// OSS-only equivalent of TestConfigFlagsAndEdgecases
+// CE-only equivalent of TestConfigFlagsAndEdgecases
 // used for flags validated in ent-only code
-func TestLoad_IntegrationWithFlags_OSS(t *testing.T) {
+func TestLoad_IntegrationWithFlags_CE(t *testing.T) {
 	dataDir := testutil.TempDir(t, "consul")
 	defer os.RemoveAll(dataDir)
 
diff --git a/agent/config/segment_oss.go b/agent/config/segment_ce.go
similarity index 100%
rename from agent/config/segment_oss.go
rename to agent/config/segment_ce.go
diff --git a/agent/config/segment_oss_test.go b/agent/config/segment_ce_test.go
similarity index 95%
rename from agent/config/segment_oss_test.go
rename to agent/config/segment_ce_test.go
index 7fde44100c85..20e656477825 100644
--- a/agent/config/segment_oss_test.go
+++ b/agent/config/segment_ce_test.go
@@ -18,7 +18,7 @@ func TestSegments(t *testing.T) {
 
 	tests := []testCase{
 		{
-			desc: "segment name not in OSS",
+			desc: "segment name not in CE",
 			args: []string{
 				`-data-dir=` + dataDir,
 			},
@@ -42,7 +42,7 @@ func TestSegments(t *testing.T) {
 			},
 		},
 		{
-			desc: "segments not in OSS",
+			desc: "segments not in CE",
 			args: []string{
 				`-data-dir=` + dataDir,
 			},
diff --git a/agent/connect/sni.go b/agent/connect/sni.go
index 534eeaa0e2b2..f7d14800a922 100644
--- a/agent/connect/sni.go
+++ b/agent/connect/sni.go
@@ -31,7 +31,7 @@ func UpstreamSNI(u *structs.Upstream, subset string, dc string, trustDomain stri
 
 func GatewaySNI(dc string, partition, trustDomain string) string {
 	if partition == "" {
-		// TODO(partitions) Make default available in OSS as a constant for uses like this one
+		// TODO(partitions) Make default available in CE as a constant for uses like this one
 		partition = "default"
 	}
 
@@ -48,7 +48,7 @@ func ServiceSNI(service string, subset string, namespace string, partition strin
 		namespace = structs.IntentionDefaultNamespace
 	}
 	if partition == "" {
-		// TODO(partitions) Make default available in OSS as a constant for uses like this one
+		// TODO(partitions) Make default available in CE as a constant for uses like this one
 		partition = "default"
 	}
 
@@ -109,7 +109,7 @@ func PeeredServiceSNI(service, namespace, partition, peerName, trustDomain strin
 		namespace = structs.IntentionDefaultNamespace
 	}
 	if partition == "" {
-		// TODO(partitions) Make default available in OSS as a constant for uses like this one
+		// TODO(partitions) Make default available in CE as a constant for uses like this one
 		partition = "default"
 	}
 
diff --git a/agent/connect/uri_agent_oss.go b/agent/connect/uri_agent_ce.go
similarity index 87%
rename from agent/connect/uri_agent_oss.go
rename to agent/connect/uri_agent_ce.go
index 89418ca39528..5cfad14a7d97 100644
--- a/agent/connect/uri_agent_oss.go
+++ b/agent/connect/uri_agent_ce.go
@@ -13,7 +13,7 @@ import (
 )
 
 // GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDAgent.
-// in OSS this just returns an empty (but never nil) struct pointer
+// in CE this just returns an empty (but never nil) struct pointer
 func (id SpiffeIDAgent) GetEnterpriseMeta() *acl.EnterpriseMeta {
 	return &acl.EnterpriseMeta{}
 }
diff --git a/agent/connect/uri_agent_oss_test.go b/agent/connect/uri_agent_ce_test.go
similarity index 100%
rename from agent/connect/uri_agent_oss_test.go
rename to agent/connect/uri_agent_ce_test.go
diff --git a/agent/connect/uri_mesh_gateway_oss.go b/agent/connect/uri_mesh_gateway_ce.go
similarity index 87%
rename from agent/connect/uri_mesh_gateway_oss.go
rename to agent/connect/uri_mesh_gateway_ce.go
index ea5cad20920e..a0c0cdba0541 100644
--- a/agent/connect/uri_mesh_gateway_oss.go
+++ b/agent/connect/uri_mesh_gateway_ce.go
@@ -13,7 +13,7 @@ import (
 )
 
 // GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDAgent.
-// in OSS this just returns an empty (but never nil) struct pointer
+// in CE this just returns an empty (but never nil) struct pointer
 func (id SpiffeIDMeshGateway) GetEnterpriseMeta() *acl.EnterpriseMeta {
 	return &acl.EnterpriseMeta{}
 }
diff --git a/agent/connect/uri_mesh_gateway_oss_test.go b/agent/connect/uri_mesh_gateway_ce_test.go
similarity index 100%
rename from agent/connect/uri_mesh_gateway_oss_test.go
rename to agent/connect/uri_mesh_gateway_ce_test.go
diff --git a/agent/connect/uri_service.go b/agent/connect/uri_service.go
index 04eff0d72d21..3be7cf4797a3 100644
--- a/agent/connect/uri_service.go
+++ b/agent/connect/uri_service.go
@@ -43,10 +43,10 @@ func (id SpiffeIDService) uriPath() string {
 		id.Service,
 	)
 
-	// Although OSS has no support for partitions, it still needs to be able to
+	// Although CE has no support for partitions, it still needs to be able to
 	// handle exportedPartition from peered Consul Enterprise clusters in order
 	// to generate the correct SpiffeID.
-	// We intentionally avoid using pbpartition.DefaultName here to be OSS friendly.
+	// We intentionally avoid using pbpartition.DefaultName here to be CE friendly.
 	if ap := id.PartitionOrDefault(); ap != "" && ap != "default" {
 		return "/ap/" + ap + path
 	}
diff --git a/agent/connect/uri_service_oss.go b/agent/connect/uri_service_ce.go
similarity index 74%
rename from agent/connect/uri_service_oss.go
rename to agent/connect/uri_service_ce.go
index 59761239ea15..a1e1dd43c3f2 100644
--- a/agent/connect/uri_service_oss.go
+++ b/agent/connect/uri_service_ce.go
@@ -13,13 +13,13 @@ import (
 )
 
 // GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDService.
-// in OSS this just returns an empty (but never nil) struct pointer
+// in CE this just returns an empty (but never nil) struct pointer
 func (id SpiffeIDService) GetEnterpriseMeta() *acl.EnterpriseMeta {
 	return &acl.EnterpriseMeta{}
 }
 
-// PartitionOrDefault breaks from OSS's pattern of returning empty strings.
-// Although OSS has no support for partitions, it still needs to be able to
+// PartitionOrDefault breaks from CE's pattern of returning empty strings.
+// Although CE has no support for partitions, it still needs to be able to
 // handle exportedPartition from peered Consul Enterprise clusters in order
 // to generate the correct SpiffeID.
 func (id SpiffeIDService) PartitionOrDefault() string {
diff --git a/agent/connect/uri_service_oss_test.go b/agent/connect/uri_service_ce_test.go
similarity index 100%
rename from agent/connect/uri_service_oss_test.go
rename to agent/connect/uri_service_ce_test.go
diff --git a/agent/consul/acl_authmethod_oss.go b/agent/consul/acl_authmethod_ce.go
similarity index 100%
rename from agent/consul/acl_authmethod_oss.go
rename to agent/consul/acl_authmethod_ce.go
diff --git a/agent/consul/acl_oss.go b/agent/consul/acl_ce.go
similarity index 95%
rename from agent/consul/acl_oss.go
rename to agent/consul/acl_ce.go
index e99085250fad..7e55a90ca950 100644
--- a/agent/consul/acl_oss.go
+++ b/agent/consul/acl_ce.go
@@ -36,13 +36,13 @@ func (r *ACLResolver) resolveEnterpriseDefaultsForIdentity(identity structs.ACLI
 
 // resolveEnterpriseIdentityAndRoles will resolve an enterprise identity to an additional set of roles
 func (_ *ACLResolver) resolveEnterpriseIdentityAndRoles(_ structs.ACLIdentity) (structs.ACLIdentity, structs.ACLRoles, error) {
-	// this function does nothing in OSS
+	// this function does nothing in CE
 	return nil, nil, nil
 }
 
 // resolveEnterpriseIdentityAndPolicies will resolve an enterprise identity to an additional set of policies
 func (_ *ACLResolver) resolveEnterpriseIdentityAndPolicies(_ structs.ACLIdentity) (structs.ACLIdentity, structs.ACLPolicies, error) {
-	// this function does nothing in OSS
+	// this function does nothing in CE
 	return nil, nil, nil
 }
 
diff --git a/agent/consul/acl_oss_test.go b/agent/consul/acl_ce_test.go
similarity index 100%
rename from agent/consul/acl_oss_test.go
rename to agent/consul/acl_ce_test.go
diff --git a/agent/consul/acl_endpoint_oss.go b/agent/consul/acl_endpoint_ce.go
similarity index 100%
rename from agent/consul/acl_endpoint_oss.go
rename to agent/consul/acl_endpoint_ce.go
diff --git a/agent/consul/acl_server_oss.go b/agent/consul/acl_server_ce.go
similarity index 100%
rename from agent/consul/acl_server_oss.go
rename to agent/consul/acl_server_ce.go
diff --git a/agent/consul/auth/binder_oss.go b/agent/consul/auth/binder_ce.go
similarity index 100%
rename from agent/consul/auth/binder_oss.go
rename to agent/consul/auth/binder_ce.go
diff --git a/agent/consul/auth/token_writer_oss.go b/agent/consul/auth/token_writer_ce.go
similarity index 100%
rename from agent/consul/auth/token_writer_oss.go
rename to agent/consul/auth/token_writer_ce.go
diff --git a/agent/consul/authmethod/authmethods_oss.go b/agent/consul/authmethod/authmethods_ce.go
similarity index 100%
rename from agent/consul/authmethod/authmethods_oss.go
rename to agent/consul/authmethod/authmethods_ce.go
diff --git a/agent/consul/authmethod/kubeauth/k8s_oss.go b/agent/consul/authmethod/kubeauth/k8s_ce.go
similarity index 100%
rename from agent/consul/authmethod/kubeauth/k8s_oss.go
rename to agent/consul/authmethod/kubeauth/k8s_ce.go
diff --git a/agent/consul/authmethod/ssoauth/sso_oss.go b/agent/consul/authmethod/ssoauth/sso_ce.go
similarity index 100%
rename from agent/consul/authmethod/ssoauth/sso_oss.go
rename to agent/consul/authmethod/ssoauth/sso_ce.go
diff --git a/agent/consul/authmethod/testauth/testing_oss.go b/agent/consul/authmethod/testauth/testing_ce.go
similarity index 100%
rename from agent/consul/authmethod/testauth/testing_oss.go
rename to agent/consul/authmethod/testauth/testing_ce.go
diff --git a/agent/consul/autopilot_oss.go b/agent/consul/autopilot_ce.go
similarity index 100%
rename from agent/consul/autopilot_oss.go
rename to agent/consul/autopilot_ce.go
diff --git a/agent/consul/catalog_endpoint.go b/agent/consul/catalog_endpoint.go
index 1f5d6ae0f5e5..0f1527c7e13d 100644
--- a/agent/consul/catalog_endpoint.go
+++ b/agent/consul/catalog_endpoint.go
@@ -450,7 +450,7 @@ func vetDeregisterWithACL(
 	}
 
 	// This order must match the code in applyDeregister() in
-	// fsm/commands_oss.go since it also evaluates things in this order,
+	// fsm/commands_ce.go since it also evaluates things in this order,
 	// and will ignore fields based on this precedence. This lets us also
 	// ignore them from an ACL perspective.
 	if subj.ServiceID != "" {
diff --git a/agent/consul/config_oss.go b/agent/consul/config_ce.go
similarity index 100%
rename from agent/consul/config_oss.go
rename to agent/consul/config_ce.go
diff --git a/agent/consul/discoverychain/compile_oss.go b/agent/consul/discoverychain/compile_ce.go
similarity index 100%
rename from agent/consul/discoverychain/compile_oss.go
rename to agent/consul/discoverychain/compile_ce.go
diff --git a/agent/consul/enterprise_client_oss.go b/agent/consul/enterprise_client_ce.go
similarity index 100%
rename from agent/consul/enterprise_client_oss.go
rename to agent/consul/enterprise_client_ce.go
diff --git a/agent/consul/enterprise_config_oss.go b/agent/consul/enterprise_config_ce.go
similarity index 100%
rename from agent/consul/enterprise_config_oss.go
rename to agent/consul/enterprise_config_ce.go
diff --git a/agent/consul/enterprise_server_oss.go b/agent/consul/enterprise_server_ce.go
similarity index 99%
rename from agent/consul/enterprise_server_oss.go
rename to agent/consul/enterprise_server_ce.go
index 9432172a181a..d14cb7bac33c 100644
--- a/agent/consul/enterprise_server_oss.go
+++ b/agent/consul/enterprise_server_ce.go
@@ -77,7 +77,7 @@ func (s *Server) validateEnterpriseIntentionPartition(partition string) error {
 		return nil
 	}
 
-	// No special handling for wildcard partitions as they are pointless in OSS.
+	// No special handling for wildcard partitions as they are pointless in CE.
 
 	return errors.New("Partitions is a Consul Enterprise feature")
 }
@@ -89,7 +89,7 @@ func (s *Server) validateEnterpriseIntentionNamespace(ns string, _ bool) error {
 		return nil
 	}
 
-	// No special handling for wildcard namespaces as they are pointless in OSS.
+	// No special handling for wildcard namespaces as they are pointless in CE.
 
 	return errors.New("Namespaces is a Consul Enterprise feature")
 }
diff --git a/agent/consul/enterprise_server_oss_test.go b/agent/consul/enterprise_server_ce_test.go
similarity index 100%
rename from agent/consul/enterprise_server_oss_test.go
rename to agent/consul/enterprise_server_ce_test.go
diff --git a/agent/consul/fsm/commands_oss.go b/agent/consul/fsm/commands_ce.go
similarity index 100%
rename from agent/consul/fsm/commands_oss.go
rename to agent/consul/fsm/commands_ce.go
diff --git a/agent/consul/fsm/commands_oss_test.go b/agent/consul/fsm/commands_ce_test.go
similarity index 100%
rename from agent/consul/fsm/commands_oss_test.go
rename to agent/consul/fsm/commands_ce_test.go
diff --git a/agent/consul/fsm/fsm.go b/agent/consul/fsm/fsm.go
index 55e66b773809..92a3931b5b33 100644
--- a/agent/consul/fsm/fsm.go
+++ b/agent/consul/fsm/fsm.go
@@ -264,7 +264,7 @@ func (c *FSM) Restore(old io.ReadCloser) error {
 			}
 		default:
 			if msg >= 64 {
-				return fmt.Errorf("msg type <%d> is a Consul Enterprise log entry. Consul OSS cannot restore it", msg)
+				return fmt.Errorf("msg type <%d> is a Consul Enterprise log entry. Consul CE cannot restore it", msg)
 			} else {
 				return fmt.Errorf("Unrecognized msg type %d", msg)
 			}
diff --git a/agent/consul/fsm/snapshot_oss.go b/agent/consul/fsm/snapshot_ce.go
similarity index 99%
rename from agent/consul/fsm/snapshot_oss.go
rename to agent/consul/fsm/snapshot_ce.go
index 1a98c53c0b94..bbe5e0693eaa 100644
--- a/agent/consul/fsm/snapshot_oss.go
+++ b/agent/consul/fsm/snapshot_ce.go
@@ -18,7 +18,7 @@ import (
 )
 
 func init() {
-	registerPersister(persistOSS)
+	registerPersister(persistCE)
 
 	registerRestorer(structs.RegisterRequestType, restoreRegistration)
 	registerRestorer(structs.KVSRequestType, restoreKV)
@@ -47,7 +47,7 @@ func init() {
 	registerRestorer(structs.PeeringSecretsWriteType, restorePeeringSecrets)
 }
 
-func persistOSS(s *snapshot, sink raft.SnapshotSink, encoder *codec.Encoder) error {
+func persistCE(s *snapshot, sink raft.SnapshotSink, encoder *codec.Encoder) error {
 	if err := s.persistVirtualIPs(sink, encoder); err != nil {
 		return err
 	}
diff --git a/agent/consul/fsm/snapshot_oss_test.go b/agent/consul/fsm/snapshot_ce_test.go
similarity index 91%
rename from agent/consul/fsm/snapshot_oss_test.go
rename to agent/consul/fsm/snapshot_ce_test.go
index 4229941177ff..5bc389dffa4a 100644
--- a/agent/consul/fsm/snapshot_oss_test.go
+++ b/agent/consul/fsm/snapshot_ce_test.go
@@ -34,7 +34,7 @@ func TestRestoreFromEnterprise(t *testing.T) {
 		StorageBackend: storageBackend,
 	})
 
-	// To verify if a proper message is displayed when Consul OSS tries to
+	// To verify if a proper message is displayed when Consul CE tries to
 	//  unsuccessfully restore entries from a Consul Ent snapshot.
 	buf := bytes.NewBuffer(nil)
 	sink := &MockSink{buf, false}
@@ -58,6 +58,6 @@ func TestRestoreFromEnterprise(t *testing.T) {
 	sink.Write([]byte{byte(structs.MessageType(entMockEntry.ID))})
 	encoder.Encode(entMockEntry)
 
-	require.EqualError(t, fsm.Restore(sink), "msg type <65> is a Consul Enterprise log entry. Consul OSS cannot restore it")
+	require.EqualError(t, fsm.Restore(sink), "msg type <65> is a Consul Enterprise log entry. Consul CE cannot restore it")
 	sink.Cancel()
 }
diff --git a/agent/consul/fsm/snapshot_test.go b/agent/consul/fsm/snapshot_test.go
index 71372f9f86b8..ff975aaf9f03 100644
--- a/agent/consul/fsm/snapshot_test.go
+++ b/agent/consul/fsm/snapshot_test.go
@@ -27,7 +27,7 @@ import (
 	"github.com/hashicorp/consul/sdk/testutil"
 )
 
-func TestFSM_SnapshotRestore_OSS(t *testing.T) {
+func TestFSM_SnapshotRestore_CE(t *testing.T) {
 	t.Parallel()
 
 	logger := testutil.Logger(t)
@@ -941,7 +941,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
 	}
 }
 
-func TestFSM_BadRestore_OSS(t *testing.T) {
+func TestFSM_BadRestore_CE(t *testing.T) {
 	t.Parallel()
 	// Create an FSM with some state.
 	logger := testutil.Logger(t)
diff --git a/agent/consul/leader_oss_test.go b/agent/consul/leader_ce_test.go
similarity index 100%
rename from agent/consul/leader_oss_test.go
rename to agent/consul/leader_ce_test.go
diff --git a/agent/consul/leader_intentions_oss.go b/agent/consul/leader_intentions_ce.go
similarity index 96%
rename from agent/consul/leader_intentions_oss.go
rename to agent/consul/leader_intentions_ce.go
index c22e6a194044..98acecf918fd 100644
--- a/agent/consul/leader_intentions_oss.go
+++ b/agent/consul/leader_intentions_ce.go
@@ -13,7 +13,7 @@ import (
 )
 
 func migrateIntentionsToConfigEntries(ixns structs.Intentions) []*structs.ServiceIntentionsConfigEntry {
-	// Remove any intention in OSS that happened to have used a non-default
+	// Remove any intention in CE that happened to have used a non-default
 	// namespace.
 	//
 	// The one exception is that if we find wildcards namespaces we "upgrade"
@@ -56,7 +56,7 @@ func migrateIntentionsToConfigEntries(ixns structs.Intentions) []*structs.Servic
 			}
 			retained[name] = struct{}{}
 			output = append(output, ixn)
-			continue // a-ok for OSS
+			continue // a-ok for CE
 		}
 
 		// If anything is wildcarded, attempt to reify it as "default".
diff --git a/agent/consul/leader_intentions_oss_test.go b/agent/consul/leader_intentions_ce_test.go
similarity index 100%
rename from agent/consul/leader_intentions_oss_test.go
rename to agent/consul/leader_intentions_ce_test.go
diff --git a/agent/consul/merge_oss.go b/agent/consul/merge_ce.go
similarity index 100%
rename from agent/consul/merge_oss.go
rename to agent/consul/merge_ce.go
diff --git a/agent/consul/merge_oss_test.go b/agent/consul/merge_ce_test.go
similarity index 97%
rename from agent/consul/merge_oss_test.go
rename to agent/consul/merge_ce_test.go
index dcb82f718190..5213907d1bcb 100644
--- a/agent/consul/merge_oss_test.go
+++ b/agent/consul/merge_ce_test.go
@@ -16,7 +16,7 @@ import (
 	"github.com/hashicorp/consul/types"
 )
 
-func TestMerge_OSS_LAN(t *testing.T) {
+func TestMerge_CE_LAN(t *testing.T) {
 	type testcase struct {
 		segment   string
 		server    bool
diff --git a/agent/consul/options_oss.go b/agent/consul/options_ce.go
similarity index 100%
rename from agent/consul/options_oss.go
rename to agent/consul/options_ce.go
diff --git a/agent/consul/peering_backend_oss.go b/agent/consul/peering_backend_ce.go
similarity index 100%
rename from agent/consul/peering_backend_oss.go
rename to agent/consul/peering_backend_ce.go
diff --git a/agent/consul/peering_backend_oss_test.go b/agent/consul/peering_backend_ce_test.go
similarity index 100%
rename from agent/consul/peering_backend_oss_test.go
rename to agent/consul/peering_backend_ce_test.go
diff --git a/agent/consul/prepared_query/walk_oss_test.go b/agent/consul/prepared_query/walk_ce_test.go
similarity index 100%
rename from agent/consul/prepared_query/walk_oss_test.go
rename to agent/consul/prepared_query/walk_ce_test.go
diff --git a/agent/consul/prepared_query_endpoint_oss.go b/agent/consul/prepared_query_endpoint_ce.go
similarity index 100%
rename from agent/consul/prepared_query_endpoint_oss.go
rename to agent/consul/prepared_query_endpoint_ce.go
diff --git a/agent/consul/prepared_query_endpoint_oss_test.go b/agent/consul/prepared_query_endpoint_ce_test.go
similarity index 96%
rename from agent/consul/prepared_query_endpoint_oss_test.go
rename to agent/consul/prepared_query_endpoint_ce_test.go
index 10ecbb551d80..3c30daf0a92c 100644
--- a/agent/consul/prepared_query_endpoint_oss_test.go
+++ b/agent/consul/prepared_query_endpoint_ce_test.go
@@ -17,7 +17,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestPreparedQuery_OSS_Apply(t *testing.T) {
+func TestPreparedQuery_CE_Apply(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
 	}
diff --git a/agent/consul/rate/handler_oss.go b/agent/consul/rate/handler_ce.go
similarity index 100%
rename from agent/consul/rate/handler_oss.go
rename to agent/consul/rate/handler_ce.go
diff --git a/agent/consul/reporting/reporting_oss.go b/agent/consul/reporting/reporting_ce.go
similarity index 100%
rename from agent/consul/reporting/reporting_oss.go
rename to agent/consul/reporting/reporting_ce.go
diff --git a/agent/consul/segment_oss.go b/agent/consul/segment_ce.go
similarity index 89%
rename from agent/consul/segment_oss.go
rename to agent/consul/segment_ce.go
index 310835a23462..fd3fce459f49 100644
--- a/agent/consul/segment_oss.go
+++ b/agent/consul/segment_ce.go
@@ -14,7 +14,7 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 )
 
-var SegmentOSSSummaries = []prometheus.SummaryDefinition{
+var SegmentCESummaries = []prometheus.SummaryDefinition{
 	{
 		Name: []string{"leader", "reconcile"},
 		Help: "Measures the time spent updating the raft store from the serf member information.",
@@ -26,7 +26,7 @@ func (s *Server) LANSegmentAddr(name string) string {
 	return ""
 }
 
-// setupSegmentRPC returns an error if any segments are defined since the OSS
+// setupSegmentRPC returns an error if any segments are defined since the CE
 // version of Consul doesn't support them.
 func (s *Server) setupSegmentRPC() (map[string]net.Listener, error) {
 	if len(s.config.Segments) > 0 {
@@ -36,7 +36,7 @@ func (s *Server) setupSegmentRPC() (map[string]net.Listener, error) {
 	return nil, nil
 }
 
-// setupSegments returns an error if any segments are defined since the OSS
+// setupSegments returns an error if any segments are defined since the CE
 // version of Consul doesn't support them.
 func (s *Server) setupSegments(config *Config, rpcListeners map[string]net.Listener) error {
 	if len(config.Segments) > 0 {
@@ -46,6 +46,6 @@ func (s *Server) setupSegments(config *Config, rpcListeners map[string]net.Liste
 	return nil
 }
 
-// floodSegments is a NOP in the OSS version of Consul.
+// floodSegments is a NOP in the CE version of Consul.
 func (s *Server) floodSegments(config *Config) {
 }
diff --git a/agent/consul/server_oss.go b/agent/consul/server_ce.go
similarity index 98%
rename from agent/consul/server_oss.go
rename to agent/consul/server_ce.go
index 4c3dd838e07b..ab586a0292c0 100644
--- a/agent/consul/server_oss.go
+++ b/agent/consul/server_ce.go
@@ -87,7 +87,7 @@ func (s *Server) removeFailedNode(
 }
 
 // lanPoolAllMembers only returns our own segment or partition's members, because
-// OSS servers can't be in multiple segments or partitions.
+// CE servers can't be in multiple segments or partitions.
 func (s *Server) lanPoolAllMembers() ([]serf.Member, error) {
 	return s.LANMembersInAgentPartition(), nil
 }
diff --git a/agent/consul/server_oss_test.go b/agent/consul/server_ce_test.go
similarity index 100%
rename from agent/consul/server_oss_test.go
rename to agent/consul/server_ce_test.go
diff --git a/agent/consul/state/acl_oss.go b/agent/consul/state/acl_ce.go
similarity index 100%
rename from agent/consul/state/acl_oss.go
rename to agent/consul/state/acl_ce.go
diff --git a/agent/consul/state/acl_oss_test.go b/agent/consul/state/acl_ce_test.go
similarity index 100%
rename from agent/consul/state/acl_oss_test.go
rename to agent/consul/state/acl_ce_test.go
diff --git a/agent/consul/state/catalog_oss.go b/agent/consul/state/catalog_ce.go
similarity index 99%
rename from agent/consul/state/catalog_oss.go
rename to agent/consul/state/catalog_ce.go
index 4107f5dbcd65..1c8062567d74 100644
--- a/agent/consul/state/catalog_oss.go
+++ b/agent/consul/state/catalog_ce.go
@@ -115,7 +115,7 @@ func catalogUpdateNodeExtinctionIndex(tx WriteTxn, idx uint64, _ *acl.Enterprise
 }
 
 func catalogInsertNode(tx WriteTxn, node *structs.Node) error {
-	// ensure that the Partition is always clear within the state store in OSS
+	// ensure that the Partition is always clear within the state store in CE
 	node.Partition = ""
 
 	// Insert the node and update the index.
diff --git a/agent/consul/state/catalog_oss_test.go b/agent/consul/state/catalog_ce_test.go
similarity index 100%
rename from agent/consul/state/catalog_oss_test.go
rename to agent/consul/state/catalog_ce_test.go
diff --git a/agent/consul/state/catalog_events_oss.go b/agent/consul/state/catalog_events_ce.go
similarity index 100%
rename from agent/consul/state/catalog_events_oss.go
rename to agent/consul/state/catalog_events_ce.go
diff --git a/agent/consul/state/catalog_events_oss_test.go b/agent/consul/state/catalog_events_ce_test.go
similarity index 92%
rename from agent/consul/state/catalog_events_oss_test.go
rename to agent/consul/state/catalog_events_ce_test.go
index e28d323b842b..75f9a6ddeb23 100644
--- a/agent/consul/state/catalog_events_oss_test.go
+++ b/agent/consul/state/catalog_events_ce_test.go
@@ -14,7 +14,7 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 )
 
-func TestEventPayloadCheckServiceNode_Subject_OSS(t *testing.T) {
+func TestEventPayloadCheckServiceNode_Subject_CE(t *testing.T) {
 	for desc, tc := range map[string]struct {
 		evt EventPayloadCheckServiceNode
 		sub string
diff --git a/agent/consul/state/config_entry_oss.go b/agent/consul/state/config_entry_ce.go
similarity index 95%
rename from agent/consul/state/config_entry_oss.go
rename to agent/consul/state/config_entry_ce.go
index cbf194e16d24..091a5be15768 100644
--- a/agent/consul/state/config_entry_oss.go
+++ b/agent/consul/state/config_entry_ce.go
@@ -65,7 +65,7 @@ func configIntentionsConvertToList(iter memdb.ResultIterator, _ *acl.EnterpriseM
 }
 
 // getExportedServicesMatchServicesNames returns a list of service names that are considered matches when
-// found in a list of exported-services config entries. For OSS, namespace is not considered, so a match is one of:
+// found in a list of exported-services config entries. For CE, namespace is not considered, so a match is one of:
 //   - the service name matches
 //   - the service name is a wildcard
 //
diff --git a/agent/consul/state/config_entry_oss_test.go b/agent/consul/state/config_entry_ce_test.go
similarity index 100%
rename from agent/consul/state/config_entry_oss_test.go
rename to agent/consul/state/config_entry_ce_test.go
diff --git a/agent/consul/state/config_entry_exported_services_oss.go b/agent/consul/state/config_entry_exported_services_ce.go
similarity index 100%
rename from agent/consul/state/config_entry_exported_services_oss.go
rename to agent/consul/state/config_entry_exported_services_ce.go
diff --git a/agent/consul/state/config_entry_intention.go b/agent/consul/state/config_entry_intention.go
index 1999c5d6116c..459d8c4276e6 100644
--- a/agent/consul/state/config_entry_intention.go
+++ b/agent/consul/state/config_entry_intention.go
@@ -83,7 +83,7 @@ type SamenessGroupMemberIndex struct {
 }
 
 // Compile-time assert that these interfaces hold to ensure that the
-// methods correctly exist across the oss/ent split.
+// methods correctly exist across the ce/ent split.
 var _ memdb.Indexer = (*SamenessGroupMemberIndex)(nil)
 var _ memdb.MultiIndexer = (*SamenessGroupMemberIndex)(nil)
 
@@ -135,7 +135,7 @@ type ServiceIntentionSourceSamenessGroupIndex struct {
 }
 
 // Compile-time assert that these interfaces hold to ensure that the
-// methods correctly exist across the oss/ent split.
+// methods correctly exist across the ce/ent split.
 var _ memdb.Indexer = (*ServiceIntentionSourceSamenessGroupIndex)(nil)
 var _ memdb.MultiIndexer = (*ServiceIntentionSourceSamenessGroupIndex)(nil)
 
@@ -199,7 +199,7 @@ type ServiceIntentionSourceIndex struct {
 }
 
 // Compile-time assert that these interfaces hold to ensure that the
-// methods correctly exist across the oss/ent split.
+// methods correctly exist across the ce/ent split.
 var _ memdb.Indexer = (*ServiceIntentionSourceIndex)(nil)
 var _ memdb.MultiIndexer = (*ServiceIntentionSourceIndex)(nil)
 
diff --git a/agent/consul/state/config_entry_intention_oss.go b/agent/consul/state/config_entry_intention_ce.go
similarity index 100%
rename from agent/consul/state/config_entry_intention_oss.go
rename to agent/consul/state/config_entry_intention_ce.go
diff --git a/agent/consul/state/config_entry_sameness_group_oss.go b/agent/consul/state/config_entry_sameness_group_ce.go
similarity index 94%
rename from agent/consul/state/config_entry_sameness_group_oss.go
rename to agent/consul/state/config_entry_sameness_group_ce.go
index 5eb39760b0c9..76c285b5e33e 100644
--- a/agent/consul/state/config_entry_sameness_group_oss.go
+++ b/agent/consul/state/config_entry_sameness_group_ce.go
@@ -14,7 +14,7 @@ import (
 	"github.com/hashicorp/go-memdb"
 )
 
-// SamenessGroupDefaultIndex is a placeholder for OSS. Sameness-groups are enterprise only.
+// SamenessGroupDefaultIndex is a placeholder for CE. Sameness-groups are enterprise only.
 type SamenessGroupDefaultIndex struct{}
 
 var _ memdb.Indexer = (*SamenessGroupDefaultIndex)(nil)
diff --git a/agent/consul/state/config_entry_sameness_group_oss_test.go b/agent/consul/state/config_entry_sameness_group_ce_test.go
similarity index 100%
rename from agent/consul/state/config_entry_sameness_group_oss_test.go
rename to agent/consul/state/config_entry_sameness_group_ce_test.go
diff --git a/agent/consul/state/coordinate_oss.go b/agent/consul/state/coordinate_ce.go
similarity index 100%
rename from agent/consul/state/coordinate_oss.go
rename to agent/consul/state/coordinate_ce.go
diff --git a/agent/consul/state/coordinate_oss_test.go b/agent/consul/state/coordinate_ce_test.go
similarity index 100%
rename from agent/consul/state/coordinate_oss_test.go
rename to agent/consul/state/coordinate_ce_test.go
diff --git a/agent/consul/state/delay_oss.go b/agent/consul/state/delay_ce.go
similarity index 100%
rename from agent/consul/state/delay_oss.go
rename to agent/consul/state/delay_ce.go
diff --git a/agent/consul/state/graveyard_oss.go b/agent/consul/state/graveyard_ce.go
similarity index 100%
rename from agent/consul/state/graveyard_oss.go
rename to agent/consul/state/graveyard_ce.go
diff --git a/agent/consul/state/intention_oss.go b/agent/consul/state/intention_ce.go
similarity index 100%
rename from agent/consul/state/intention_oss.go
rename to agent/consul/state/intention_ce.go
diff --git a/agent/consul/state/kvs_oss.go b/agent/consul/state/kvs_ce.go
similarity index 100%
rename from agent/consul/state/kvs_oss.go
rename to agent/consul/state/kvs_ce.go
diff --git a/agent/consul/state/kvs_oss_test.go b/agent/consul/state/kvs_ce_test.go
similarity index 100%
rename from agent/consul/state/kvs_oss_test.go
rename to agent/consul/state/kvs_ce_test.go
diff --git a/agent/consul/state/operations_oss.go b/agent/consul/state/operations_ce.go
similarity index 100%
rename from agent/consul/state/operations_oss.go
rename to agent/consul/state/operations_ce.go
diff --git a/agent/consul/state/peering.go b/agent/consul/state/peering.go
index 56f279051c5a..1763777cff83 100644
--- a/agent/consul/state/peering.go
+++ b/agent/consul/state/peering.go
@@ -1427,7 +1427,7 @@ func peersForServiceTxn(
 	)
 
 	// Ensure the metadata is defaulted since we make assertions against potentially empty values below.
-	// In OSS this is a no-op.
+	// In CE this is a no-op.
 	if entMeta == nil {
 		entMeta = acl.DefaultEnterpriseMeta()
 	}
diff --git a/agent/consul/state/peering_oss.go b/agent/consul/state/peering_ce.go
similarity index 100%
rename from agent/consul/state/peering_oss.go
rename to agent/consul/state/peering_ce.go
diff --git a/agent/consul/state/peering_oss_test.go b/agent/consul/state/peering_ce_test.go
similarity index 100%
rename from agent/consul/state/peering_oss_test.go
rename to agent/consul/state/peering_ce_test.go
diff --git a/agent/consul/state/query_oss.go b/agent/consul/state/query_ce.go
similarity index 100%
rename from agent/consul/state/query_oss.go
rename to agent/consul/state/query_ce.go
diff --git a/agent/consul/state/schema_oss.go b/agent/consul/state/schema_ce.go
similarity index 100%
rename from agent/consul/state/schema_oss.go
rename to agent/consul/state/schema_ce.go
diff --git a/agent/consul/state/schema_oss_test.go b/agent/consul/state/schema_ce_test.go
similarity index 100%
rename from agent/consul/state/schema_oss_test.go
rename to agent/consul/state/schema_ce_test.go
diff --git a/agent/consul/state/session_oss.go b/agent/consul/state/session_ce.go
similarity index 100%
rename from agent/consul/state/session_oss.go
rename to agent/consul/state/session_ce.go
diff --git a/agent/consul/state/state_store_oss_test.go b/agent/consul/state/state_store_ce_test.go
similarity index 100%
rename from agent/consul/state/state_store_oss_test.go
rename to agent/consul/state/state_store_ce_test.go
diff --git a/agent/consul/state/usage_oss.go b/agent/consul/state/usage_ce.go
similarity index 100%
rename from agent/consul/state/usage_oss.go
rename to agent/consul/state/usage_ce.go
diff --git a/agent/consul/tenancy_bridge_oss.go b/agent/consul/tenancy_bridge_ce.go
similarity index 100%
rename from agent/consul/tenancy_bridge_oss.go
rename to agent/consul/tenancy_bridge_ce.go
diff --git a/agent/consul/usagemetrics/usagemetrics_oss.go b/agent/consul/usagemetrics/usagemetrics_ce.go
similarity index 100%
rename from agent/consul/usagemetrics/usagemetrics_oss.go
rename to agent/consul/usagemetrics/usagemetrics_ce.go
diff --git a/agent/consul/usagemetrics/usagemetrics_oss_test.go b/agent/consul/usagemetrics/usagemetrics_ce_test.go
similarity index 99%
rename from agent/consul/usagemetrics/usagemetrics_oss_test.go
rename to agent/consul/usagemetrics/usagemetrics_ce_test.go
index c25159343f43..621224fb9882 100644
--- a/agent/consul/usagemetrics/usagemetrics_oss_test.go
+++ b/agent/consul/usagemetrics/usagemetrics_ce_test.go
@@ -999,7 +999,7 @@ var baseCases = map[string]testCase{
 	},
 }
 
-func TestUsageReporter_emitNodeUsage_OSS(t *testing.T) {
+func TestUsageReporter_emitNodeUsage_CE(t *testing.T) {
 	cases := baseCases
 
 	for name, tcase := range cases {
@@ -1038,7 +1038,7 @@ func TestUsageReporter_emitNodeUsage_OSS(t *testing.T) {
 	}
 }
 
-func TestUsageReporter_emitPeeringUsage_OSS(t *testing.T) {
+func TestUsageReporter_emitPeeringUsage_CE(t *testing.T) {
 	cases := make(map[string]testCase)
 	for k, v := range baseCases {
 		eg := make(map[string]metrics.GaugeValue)
@@ -1142,7 +1142,7 @@ func TestUsageReporter_emitPeeringUsage_OSS(t *testing.T) {
 	}
 }
 
-func TestUsageReporter_emitServiceUsage_OSS(t *testing.T) {
+func TestUsageReporter_emitServiceUsage_CE(t *testing.T) {
 	cases := make(map[string]testCase)
 	for k, v := range baseCases {
 		eg := make(map[string]metrics.GaugeValue)
@@ -1402,7 +1402,7 @@ func TestUsageReporter_emitServiceUsage_OSS(t *testing.T) {
 	}
 }
 
-func TestUsageReporter_emitKVUsage_OSS(t *testing.T) {
+func TestUsageReporter_emitKVUsage_CE(t *testing.T) {
 	cases := make(map[string]testCase)
 	for k, v := range baseCases {
 		eg := make(map[string]metrics.GaugeValue)
diff --git a/agent/dns_oss.go b/agent/dns_ce.go
similarity index 97%
rename from agent/dns_oss.go
rename to agent/dns_ce.go
index b80900966506..f82d1a31d274 100644
--- a/agent/dns_oss.go
+++ b/agent/dns_ce.go
@@ -59,7 +59,7 @@ func (d *DNSServer) parseLocality(labels []string, cfg *dnsConfig) (queryLocalit
 
 type querySameness struct{}
 
-// parseSamenessGroupLocality wraps parseLocality in OSS
+// parseSamenessGroupLocality wraps parseLocality in CE
 func (d *DNSServer) parseSamenessGroupLocality(cfg *dnsConfig, labels []string, errfnc func() error) ([]queryLocality, error) {
 	locality, ok := d.parseLocality(labels, cfg)
 	if !ok {
diff --git a/agent/dns_oss_test.go b/agent/dns_ce_test.go
similarity index 98%
rename from agent/dns_oss_test.go
rename to agent/dns_ce_test.go
index 32dbfa7785e7..50b100a989d2 100644
--- a/agent/dns_oss_test.go
+++ b/agent/dns_ce_test.go
@@ -17,7 +17,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestDNS_OSS_PeeredServices(t *testing.T) {
+func TestDNS_CE_PeeredServices(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
 	}
diff --git a/agent/enterprise_delegate_oss.go b/agent/enterprise_delegate_ce.go
similarity index 78%
rename from agent/enterprise_delegate_oss.go
rename to agent/enterprise_delegate_ce.go
index 5c455e243745..81d41ea8fa41 100644
--- a/agent/enterprise_delegate_oss.go
+++ b/agent/enterprise_delegate_ce.go
@@ -6,5 +6,5 @@
 
 package agent
 
-// enterpriseDelegate has no functions in OSS
+// enterpriseDelegate has no functions in CE
 type enterpriseDelegate interface{}
diff --git a/agent/grpc-external/services/resource/read.go b/agent/grpc-external/services/resource/read.go
index 4f247a72ac2d..febfcb69f0fa 100644
--- a/agent/grpc-external/services/resource/read.go
+++ b/agent/grpc-external/services/resource/read.go
@@ -27,7 +27,7 @@ func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbreso
 	// pbresource.Tenacy follows rules for V2 resources and the Resource service.
 	// Example:
 	//
-	//    An OSS namespace scoped resource:
+	//    A CE namespace scoped resource:
 	//      V1: EnterpriseMeta{}
 	//      V2: Tenancy {Partition: "default", Namespace: "default"}
 	//
diff --git a/agent/grpc-external/services/resource/server_oss.go b/agent/grpc-external/services/resource/server_ce.go
similarity index 100%
rename from agent/grpc-external/services/resource/server_oss.go
rename to agent/grpc-external/services/resource/server_ce.go
diff --git a/agent/grpc-external/services/resource/server_oss_test.go b/agent/grpc-external/services/resource/server_ce_test.go
similarity index 100%
rename from agent/grpc-external/services/resource/server_oss_test.go
rename to agent/grpc-external/services/resource/server_ce_test.go
diff --git a/agent/http_oss.go b/agent/http_ce.go
similarity index 99%
rename from agent/http_oss.go
rename to agent/http_ce.go
index 8f6d81ca9841..09a03c706246 100644
--- a/agent/http_oss.go
+++ b/agent/http_ce.go
@@ -39,7 +39,7 @@ func (s *HTTPHandlers) validateEnterpriseIntentionPartition(logName, partition s
 		return nil
 	}
 
-	// No special handling for wildcard namespaces as they are pointless in OSS.
+	// No special handling for wildcard namespaces as they are pointless in CE.
 
 	return HTTPError{
 		StatusCode: http.StatusBadRequest,
@@ -54,7 +54,7 @@ func (s *HTTPHandlers) validateEnterpriseIntentionNamespace(logName, ns string,
 		return nil
 	}
 
-	// No special handling for wildcard namespaces as they are pointless in OSS.
+	// No special handling for wildcard namespaces as they are pointless in CE.
 
 	return HTTPError{
 		StatusCode: http.StatusBadRequest,
diff --git a/agent/http_oss_test.go b/agent/http_ce_test.go
similarity index 97%
rename from agent/http_oss_test.go
rename to agent/http_ce_test.go
index 37b13d38c873..ea1d2af61d7a 100644
--- a/agent/http_oss_test.go
+++ b/agent/http_ce_test.go
@@ -62,7 +62,7 @@ func newHttpClient(timeout time.Duration) *http.Client {
 	}
 }
 
-func TestHTTPAPI_MethodNotAllowed_OSS(t *testing.T) {
+func TestHTTPAPI_MethodNotAllowed_CE(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
 	}
@@ -130,7 +130,7 @@ func TestHTTPAPI_MethodNotAllowed_OSS(t *testing.T) {
 	}
 }
 
-func TestHTTPAPI_OptionMethod_OSS(t *testing.T) {
+func TestHTTPAPI_OptionMethod_CE(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
 	}
@@ -171,7 +171,7 @@ func TestHTTPAPI_OptionMethod_OSS(t *testing.T) {
 	}
 }
 
-func TestHTTPAPI_AllowedNets_OSS(t *testing.T) {
+func TestHTTPAPI_AllowedNets_CE(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
 	}
diff --git a/agent/intentions_endpoint_oss_test.go b/agent/intentions_endpoint_ce_test.go
similarity index 95%
rename from agent/intentions_endpoint_oss_test.go
rename to agent/intentions_endpoint_ce_test.go
index a0dcfb692479..6b5314de099f 100644
--- a/agent/intentions_endpoint_oss_test.go
+++ b/agent/intentions_endpoint_ce_test.go
@@ -15,7 +15,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestOSS_IntentionsCreate_failure(t *testing.T) {
+func TestCE_IntentionsCreate_failure(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
 	}
diff --git a/agent/operator_endpoint_oss.go b/agent/operator_endpoint_ce.go
similarity index 97%
rename from agent/operator_endpoint_oss.go
rename to agent/operator_endpoint_ce.go
index 51c382627a74..d97e6422616f 100644
--- a/agent/operator_endpoint_oss.go
+++ b/agent/operator_endpoint_ce.go
@@ -12,7 +12,7 @@ import (
 )
 
 func autopilotToAPIServerEnterprise(_ *autopilot.ServerState, _ *api.AutopilotServer) {
-	// noop in oss
+	// noop in ce
 }
 
 func autopilotToAPIStateEnterprise(state *autopilot.State, apiState *api.AutopilotState) {
diff --git a/agent/operator_endpoint_oss_test.go b/agent/operator_endpoint_ce_test.go
similarity index 100%
rename from agent/operator_endpoint_oss_test.go
rename to agent/operator_endpoint_ce_test.go
diff --git a/agent/peering_endpoint.go b/agent/peering_endpoint.go
index 7527dc47966a..2d5cab92be2e 100644
--- a/agent/peering_endpoint.go
+++ b/agent/peering_endpoint.go
@@ -78,7 +78,7 @@ func (s *HTTPHandlers) peeringRead(resp http.ResponseWriter, req *http.Request,
 	return result.Peering.ToAPI(), nil
 }
 
-// PeeringList fetches all peerings in the datacenter in OSS or in a given partition in Consul Enterprise.
+// PeeringList fetches all peerings in the datacenter in CE or in a given partition in Consul Enterprise.
 func (s *HTTPHandlers) PeeringList(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
 	var entMeta acl.EnterpriseMeta
 	if err := s.parseEntMetaPartition(req, &entMeta); err != nil {
diff --git a/agent/peering_endpoint_oss_test.go b/agent/peering_endpoint_ce_test.go
similarity index 86%
rename from agent/peering_endpoint_oss_test.go
rename to agent/peering_endpoint_ce_test.go
index c74cccf200b2..f435ca331052 100644
--- a/agent/peering_endpoint_oss_test.go
+++ b/agent/peering_endpoint_ce_test.go
@@ -20,7 +20,7 @@ import (
 	"github.com/hashicorp/consul/testrpc"
 )
 
-func TestHTTP_Peering_GenerateToken_OSS_Failure(t *testing.T) {
+func TestHTTP_Peering_GenerateToken_CE_Failure(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
 	}
@@ -30,7 +30,7 @@ func TestHTTP_Peering_GenerateToken_OSS_Failure(t *testing.T) {
 	a := NewTestAgent(t, "")
 	testrpc.WaitForTestAgent(t, a.RPC, "dc1")
 
-	t.Run("Doesn't allow partitions in OSS HTTP requests", func(t *testing.T) {
+	t.Run("Doesn't allow partitions in CE HTTP requests", func(t *testing.T) {
 		reqBody := &pbpeering.GenerateTokenRequest{
 			PeerName: "peering-a",
 		}
@@ -47,7 +47,7 @@ func TestHTTP_Peering_GenerateToken_OSS_Failure(t *testing.T) {
 	})
 }
 
-func TestHTTP_PeeringEndpoint_OSS_Failure(t *testing.T) {
+func TestHTTP_PeeringEndpoint_CE_Failure(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
 	}
@@ -57,7 +57,7 @@ func TestHTTP_PeeringEndpoint_OSS_Failure(t *testing.T) {
 	a := NewTestAgent(t, "")
 	testrpc.WaitForTestAgent(t, a.RPC, "dc1")
 
-	t.Run("Doesn't allow partitions on PeeringEndpoint in OSS HTTP requests", func(t *testing.T) {
+	t.Run("Doesn't allow partitions on PeeringEndpoint in CE HTTP requests", func(t *testing.T) {
 		req, err := http.NewRequest("GET", "/v1/peering/foo?partition=foo", nil)
 		require.NoError(t, err)
 		resp := httptest.NewRecorder()
diff --git a/agent/proxycfg-glue/intentions_oss.go b/agent/proxycfg-glue/intentions_ce.go
similarity index 100%
rename from agent/proxycfg-glue/intentions_oss.go
rename to agent/proxycfg-glue/intentions_ce.go
diff --git a/agent/proxycfg/data_sources_oss.go b/agent/proxycfg/data_sources_ce.go
similarity index 100%
rename from agent/proxycfg/data_sources_oss.go
rename to agent/proxycfg/data_sources_ce.go
diff --git a/agent/proxycfg/mesh_gateway_oss.go b/agent/proxycfg/mesh_gateway_ce.go
similarity index 100%
rename from agent/proxycfg/mesh_gateway_oss.go
rename to agent/proxycfg/mesh_gateway_ce.go
diff --git a/agent/proxycfg/naming.go b/agent/proxycfg/naming.go
index 3339cb8a5a06..a9bd5fd8c0ca 100644
--- a/agent/proxycfg/naming.go
+++ b/agent/proxycfg/naming.go
@@ -153,7 +153,7 @@ func ParseUpstreamIDString(input string) (typ, dc, name string, meta *acl.Enterp
 // This should be used for any situation where we generate identifiers in Envoy
 // xDS structures for this upstream.
 //
-// This will ensure that generated identifiers for the same thing in OSS and
+// This will ensure that generated identifiers for the same thing in CE and
 // Enterprise render the same and omit default namespaces and partitions.
 func (u UpstreamID) EnvoyID() string {
 	name := u.enterpriseIdentifierPrefix() + u.Name
diff --git a/agent/proxycfg/naming_oss.go b/agent/proxycfg/naming_ce.go
similarity index 100%
rename from agent/proxycfg/naming_oss.go
rename to agent/proxycfg/naming_ce.go
diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go
index 974ba82fa7f1..e9304ec63122 100644
--- a/agent/proxycfg/snapshot.go
+++ b/agent/proxycfg/snapshot.go
@@ -67,7 +67,7 @@ type ConfigSnapshotUpstreams struct {
 	// gateway endpoints.
 	//
 	// Note that the string form of GatewayKey is used as the key so empty
-	// fields can be normalized in OSS.
+	// fields can be normalized in CE.
 	//   GatewayKey.String() -> structs.CheckServiceNodes
 	WatchedLocalGWEndpoints watch.Map[string, structs.CheckServiceNodes]
 
diff --git a/agent/proxycfg/state_oss_test.go b/agent/proxycfg/state_ce_test.go
similarity index 100%
rename from agent/proxycfg/state_oss_test.go
rename to agent/proxycfg/state_ce_test.go
diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go
index dad4465f13ce..2a6792aa22e9 100644
--- a/agent/proxycfg/state_test.go
+++ b/agent/proxycfg/state_test.go
@@ -465,7 +465,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
 	indexedRoots, issuedCert := TestCerts(t)
 	peerTrustBundles := TestPeerTrustBundles(t)
 
-	// Used to account for differences in OSS/ent implementations of ServiceID.String()
+	// Used to account for differences in ce/ent implementations of ServiceID.String()
 	var (
 		db                 = structs.NewServiceName("db", nil)
 		billing            = structs.NewServiceName("billing", nil)
diff --git a/agent/proxycfg/testing_oss.go b/agent/proxycfg/testing_ce.go
similarity index 100%
rename from agent/proxycfg/testing_oss.go
rename to agent/proxycfg/testing_ce.go
diff --git a/agent/proxycfg/testing_ingress_gateway.go b/agent/proxycfg/testing_ingress_gateway.go
index 3967b5703654..96918a261bd0 100644
--- a/agent/proxycfg/testing_ingress_gateway.go
+++ b/agent/proxycfg/testing_ingress_gateway.go
@@ -1123,10 +1123,10 @@ func TestConfigSnapshotIngressGatewayWithChain(
 		webUpstream := structs.Upstream{
 			DestinationName: "web",
 			// We use empty not default here because of the way upstream identifiers
-			// vary between OSS and Enterprise currently causing test conflicts. In
+			// vary between CE and Enterprise currently causing test conflicts. In
 			// real life `proxycfg` always sets ingress upstream namespaces to
 			// `NamespaceOrDefault` which shouldn't matter because we should be
-			// consistent within a single binary it's just inconvenient if OSS and
+			// consistent within a single binary it's just inconvenient if CE and
 			// enterprise tests generate different output.
 			DestinationNamespace: webEntMeta.NamespaceOrEmpty(),
 			DestinationPartition: webEntMeta.PartitionOrEmpty(),
diff --git a/agent/proxycfg/testing_upstreams_oss.go b/agent/proxycfg/testing_upstreams_ce.go
similarity index 100%
rename from agent/proxycfg/testing_upstreams_oss.go
rename to agent/proxycfg/testing_upstreams_ce.go
diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go
index 50e75a428fad..d57e0378f98c 100644
--- a/agent/rpc/peering/service.go
+++ b/agent/rpc/peering/service.go
@@ -277,7 +277,7 @@ func (s *Server) GenerateToken(
 				Name: req.PeerName,
 				Meta: req.Meta,
 
-				// PartitionOrEmpty is used to avoid writing "default" in OSS.
+				// PartitionOrEmpty is used to avoid writing "default" in CE.
 				Partition: entMeta.PartitionOrEmpty(),
 			}
 		} else {
@@ -452,7 +452,7 @@ func (s *Server) Establish(
 		// while the original connection is still active.
 		// State: pbpeering.PeeringState_ESTABLISHING,
 
-		// PartitionOrEmpty is used to avoid writing "default" in OSS.
+		// PartitionOrEmpty is used to avoid writing "default" in CE.
 		Partition: entMeta.PartitionOrEmpty(),
 		Remote: &pbpeering.RemoteInfo{
 			Partition:  tok.Remote.Partition,
@@ -943,7 +943,7 @@ func (s *Server) PeeringDelete(ctx context.Context, req *pbpeering.PeeringDelete
 			PeerServerAddresses:   existing.PeerServerAddresses,
 			DeletedAt:             timestamppb.New(time.Now().UTC()),
 
-			// PartitionOrEmpty is used to avoid writing "default" in OSS.
+			// PartitionOrEmpty is used to avoid writing "default" in CE.
 			Partition: entMeta.PartitionOrEmpty(),
 		},
 	}
diff --git a/agent/rpc/peering/service_oss_test.go b/agent/rpc/peering/service_ce_test.go
similarity index 100%
rename from agent/rpc/peering/service_oss_test.go
rename to agent/rpc/peering/service_ce_test.go
diff --git a/agent/rpc/peering/testutil_oss_test.go b/agent/rpc/peering/testutil_ce_test.go
similarity index 100%
rename from agent/rpc/peering/testutil_oss_test.go
rename to agent/rpc/peering/testutil_ce_test.go
diff --git a/agent/rpcclient/health/view_test.go b/agent/rpcclient/health/view_test.go
index ce2af7cdac60..83eba5ab41a0 100644
--- a/agent/rpcclient/health/view_test.go
+++ b/agent/rpcclient/health/view_test.go
@@ -721,7 +721,7 @@ func newNewSnapshotToFollowEvent() *pbsubscribe.Event {
 }
 
 // getNamespace returns a namespace if namespace support exists, otherwise
-// returns the empty string. It allows the same tests to work in both oss and ent
+// returns the empty string. It allows the same tests to work in both ce and ent
 // without duplicating the tests.
 func getNamespace(ns string) string {
 	meta := structs.NewEnterpriseMetaInDefaultPartition(ns)
diff --git a/agent/setup.go b/agent/setup.go
index 4c1aaa1a9963..7a95ba6bf541 100644
--- a/agent/setup.go
+++ b/agent/setup.go
@@ -506,7 +506,7 @@ func getPrometheusDefs(cfg *config.RuntimeConfig, isServer bool) ([]prometheus.G
 		consul.LeaderSummaries,
 		consul.PreparedQuerySummaries,
 		consul.RPCSummaries,
-		consul.SegmentOSSSummaries,
+		consul.SegmentCESummaries,
 		consul.SessionSummaries,
 		consul.SessionEndpointSummaries,
 		consul.TxnSummaries,
diff --git a/agent/setup_oss.go b/agent/setup_ce.go
similarity index 100%
rename from agent/setup_oss.go
rename to agent/setup_ce.go
diff --git a/agent/structs/acl_oss.go b/agent/structs/acl_ce.go
similarity index 100%
rename from agent/structs/acl_oss.go
rename to agent/structs/acl_ce.go
diff --git a/agent/structs/autopilot_oss.go b/agent/structs/autopilot_ce.go
similarity index 100%
rename from agent/structs/autopilot_oss.go
rename to agent/structs/autopilot_ce.go
diff --git a/agent/structs/catalog_oss.go b/agent/structs/catalog_ce.go
similarity index 100%
rename from agent/structs/catalog_oss.go
rename to agent/structs/catalog_ce.go
diff --git a/agent/structs/config_entry_apigw_jwt_oss.go b/agent/structs/config_entry_apigw_jwt_ce.go
similarity index 100%
rename from agent/structs/config_entry_apigw_jwt_oss.go
rename to agent/structs/config_entry_apigw_jwt_ce.go
diff --git a/agent/structs/config_entry_oss.go b/agent/structs/config_entry_ce.go
similarity index 100%
rename from agent/structs/config_entry_oss.go
rename to agent/structs/config_entry_ce.go
diff --git a/agent/structs/config_entry_oss_test.go b/agent/structs/config_entry_ce_test.go
similarity index 97%
rename from agent/structs/config_entry_oss_test.go
rename to agent/structs/config_entry_ce_test.go
index 4ef11d04cd2b..fd3ed9d35077 100644
--- a/agent/structs/config_entry_oss_test.go
+++ b/agent/structs/config_entry_ce_test.go
@@ -7,12 +7,13 @@
 package structs
 
 import (
+	"testing"
+
 	"github.com/hashicorp/hcl"
 	"github.com/stretchr/testify/require"
-	"testing"
 )
 
-func TestDecodeConfigEntry_OSS(t *testing.T) {
+func TestDecodeConfigEntry_CE(t *testing.T) {
 
 	for _, tc := range []struct {
 		name      string
diff --git a/agent/structs/config_entry_discoverychain_oss.go b/agent/structs/config_entry_discoverychain_ce.go
similarity index 98%
rename from agent/structs/config_entry_discoverychain_oss.go
rename to agent/structs/config_entry_discoverychain_ce.go
index 6ef43654a05a..bdbe463a5bf0 100644
--- a/agent/structs/config_entry_discoverychain_oss.go
+++ b/agent/structs/config_entry_discoverychain_ce.go
@@ -114,7 +114,7 @@ func (f *ServiceResolverFailoverPolicy) ValidateEnterprise() error {
 	return nil
 }
 
-// RelatedSamenessGroups doesn't return anything on open source.
+// RelatedSamenessGroups doesn't return anything in community edition.
 func (e *ServiceResolverConfigEntry) RelatedSamenessGroups() []string {
 	return nil
 }
diff --git a/agent/structs/config_entry_discoverychain_oss_test.go b/agent/structs/config_entry_discoverychain_ce_test.go
similarity index 89%
rename from agent/structs/config_entry_discoverychain_oss_test.go
rename to agent/structs/config_entry_discoverychain_ce_test.go
index 40ac59f865da..4dda3ff39626 100644
--- a/agent/structs/config_entry_discoverychain_oss_test.go
+++ b/agent/structs/config_entry_discoverychain_ce_test.go
@@ -13,7 +13,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestServiceResolverConfigEntry_OSS(t *testing.T) {
+func TestServiceResolverConfigEntry_CE(t *testing.T) {
 	type testcase struct {
 		name         string
 		entry        *ServiceResolverConfigEntry
@@ -25,7 +25,7 @@ func TestServiceResolverConfigEntry_OSS(t *testing.T) {
 
 	cases := []testcase{
 		{
-			name: "failover with a sameness group on OSS",
+			name: "failover with a sameness group on CE",
 			entry: &ServiceResolverConfigEntry{
 				Kind: ServiceResolver,
 				Name: "test",
@@ -38,7 +38,7 @@ func TestServiceResolverConfigEntry_OSS(t *testing.T) {
 			validateErr: `Bad Failover["*"]: Setting SamenessGroup requires Consul Enterprise`,
 		},
 		{
-			name: "failover with a namespace on OSS",
+			name: "failover with a namespace on CE",
 			entry: &ServiceResolverConfigEntry{
 				Kind: ServiceResolver,
 				Name: "test",
@@ -52,7 +52,7 @@ func TestServiceResolverConfigEntry_OSS(t *testing.T) {
 			validateErr: `Bad Failover["*"]: Setting Namespace requires Consul Enterprise`,
 		},
 		{
-			name: "failover Targets cannot set Namespace on OSS",
+			name: "failover Targets cannot set Namespace on CE",
 			entry: &ServiceResolverConfigEntry{
 				Kind: ServiceResolver,
 				Name: "test",
@@ -65,7 +65,7 @@ func TestServiceResolverConfigEntry_OSS(t *testing.T) {
 			validateErr: `Bad Failover["*"].Targets[0]: Setting Namespace requires Consul Enterprise`,
 		},
 		{
-			name: "failover Targets cannot set Partition on OSS",
+			name: "failover Targets cannot set Partition on CE",
 			entry: &ServiceResolverConfigEntry{
 				Kind: ServiceResolver,
 				Name: "test",
@@ -78,7 +78,7 @@ func TestServiceResolverConfigEntry_OSS(t *testing.T) {
 			validateErr: `Bad Failover["*"].Targets[0]: Setting Partition requires Consul Enterprise`,
 		},
 		{
-			name: "setting failover Namespace on OSS",
+			name: "setting failover Namespace on CE",
 			entry: &ServiceResolverConfigEntry{
 				Kind: ServiceResolver,
 				Name: "test",
@@ -89,7 +89,7 @@ func TestServiceResolverConfigEntry_OSS(t *testing.T) {
 			validateErr: `Bad Failover["*"]: Setting Namespace requires Consul Enterprise`,
 		},
 		{
-			name: "setting failover Namespace on OSS",
+			name: "setting failover Namespace on CE",
 			entry: &ServiceResolverConfigEntry{
 				Kind: ServiceResolver,
 				Name: "test",
@@ -100,7 +100,7 @@ func TestServiceResolverConfigEntry_OSS(t *testing.T) {
 			validateErr: `Bad Failover["*"]: Setting failover policies requires Consul Enterprise`,
 		},
 		{
-			name: "setting redirect SamenessGroup on OSS",
+			name: "setting redirect SamenessGroup on CE",
 			entry: &ServiceResolverConfigEntry{
 				Kind: ServiceResolver,
 				Name: "test",
@@ -111,7 +111,7 @@ func TestServiceResolverConfigEntry_OSS(t *testing.T) {
 			validateErr: `Redirect: Setting SamenessGroup requires Consul Enterprise`,
 		},
 		{
-			name: "setting redirect Namespace on OSS",
+			name: "setting redirect Namespace on CE",
 			entry: &ServiceResolverConfigEntry{
 				Kind: ServiceResolver,
 				Name: "test",
@@ -122,7 +122,7 @@ func TestServiceResolverConfigEntry_OSS(t *testing.T) {
 			validateErr: `Redirect: Setting Namespace requires Consul Enterprise`,
 		},
 		{
-			name: "setting redirect Partition on OSS",
+			name: "setting redirect Partition on CE",
 			entry: &ServiceResolverConfigEntry{
 				Kind: ServiceResolver,
 				Name: "test",
diff --git a/agent/structs/config_entry_exports_oss.go b/agent/structs/config_entry_exports_ce.go
similarity index 100%
rename from agent/structs/config_entry_exports_oss.go
rename to agent/structs/config_entry_exports_ce.go
diff --git a/agent/structs/config_entry_exports_oss_test.go b/agent/structs/config_entry_exports_ce_test.go
similarity index 94%
rename from agent/structs/config_entry_exports_oss_test.go
rename to agent/structs/config_entry_exports_ce_test.go
index cb1d5d4b3bbf..bd74dfc96252 100644
--- a/agent/structs/config_entry_exports_oss_test.go
+++ b/agent/structs/config_entry_exports_ce_test.go
@@ -10,9 +10,9 @@ import (
 	"testing"
 )
 
-func TestExportedServicesConfigEntry_OSS(t *testing.T) {
+func TestExportedServicesConfigEntry_CE(t *testing.T) {
 	cases := map[string]configEntryTestcase{
-		"normalize: noop in oss": {
+		"normalize: noop in ce": {
 			entry: &ExportedServicesConfigEntry{
 				Name: "default",
 				Services: []ExportedService{
diff --git a/agent/structs/config_entry_gateways_test.go b/agent/structs/config_entry_gateways_test.go
index 03866f929d51..f05638ec4d2e 100644
--- a/agent/structs/config_entry_gateways_test.go
+++ b/agent/structs/config_entry_gateways_test.go
@@ -524,7 +524,7 @@ func TestIngressGatewayConfigEntry(t *testing.T) {
 				},
 			},
 			// Match only the last part of the exected error because the service name
-			// differs between Ent and OSS default/default/web vs web
+			// differs between Ent and CE default/default/web vs web
 			validateErr: "cannot be added multiple times (listener on port 1111)",
 		},
 		"TLS.SDS kitchen sink": {
@@ -868,7 +868,7 @@ func TestIngressGatewayConfigEntry(t *testing.T) {
 				},
 			},
 			// Note we don't assert the last part `(service \"*\" on listener on port 1111)`
-			// since the service name is normalized differently on OSS and Ent
+			// since the service name is normalized differently on CE and Ent
 			validateErr: "A service specifying TLS.SDS.CertResource must have at least one item in Hosts",
 		},
 		"TLS.SDS at service level needs a cluster from somewhere": {
@@ -895,7 +895,7 @@ func TestIngressGatewayConfigEntry(t *testing.T) {
 				},
 			},
 			// Note we don't assert the last part `(service \"foo\" on listener on port 1111)`
-			// since the service name is normalized differently on OSS and Ent
+			// since the service name is normalized differently on CE and Ent
 			validateErr: "TLS.SDS.ClusterName is required if CertResource is set",
 		},
 	}
diff --git a/agent/structs/config_entry_intentions_oss.go b/agent/structs/config_entry_intentions_ce.go
similarity index 100%
rename from agent/structs/config_entry_intentions_oss.go
rename to agent/structs/config_entry_intentions_ce.go
diff --git a/agent/structs/config_entry_intentions_oss_test.go b/agent/structs/config_entry_intentions_ce_test.go
similarity index 100%
rename from agent/structs/config_entry_intentions_oss_test.go
rename to agent/structs/config_entry_intentions_ce_test.go
diff --git a/agent/structs/config_entry_jwt_provider_oss.go b/agent/structs/config_entry_jwt_provider_ce.go
similarity index 100%
rename from agent/structs/config_entry_jwt_provider_oss.go
rename to agent/structs/config_entry_jwt_provider_ce.go
diff --git a/agent/structs/config_entry_mesh_oss.go b/agent/structs/config_entry_mesh_ce.go
similarity index 100%
rename from agent/structs/config_entry_mesh_oss.go
rename to agent/structs/config_entry_mesh_ce.go
diff --git a/agent/structs/config_entry_sameness_group_oss.go b/agent/structs/config_entry_sameness_group_ce.go
similarity index 78%
rename from agent/structs/config_entry_sameness_group_oss.go
rename to agent/structs/config_entry_sameness_group_ce.go
index c1d888f4475c..2fd3a3438de4 100644
--- a/agent/structs/config_entry_sameness_group_oss.go
+++ b/agent/structs/config_entry_sameness_group_ce.go
@@ -13,22 +13,22 @@ func (s *SamenessGroupConfigEntry) Validate() error {
 	return fmt.Errorf("sameness-groups are an enterprise-only feature")
 }
 
-// RelatedPeers is an OSS placeholder noop
+// RelatedPeers is an CE placeholder noop
 func (s *SamenessGroupConfigEntry) RelatedPeers() []string {
 	return nil
 }
 
-// AllMembers is an OSS placeholder noop
+// AllMembers is an CE placeholder noop
 func (s *SamenessGroupConfigEntry) AllMembers() []SamenessGroupMember {
 	return nil
 }
 
-// ToServiceResolverFailoverTargets is an OSS placeholder noop
+// ToServiceResolverFailoverTargets is an CE placeholder noop
 func (s *SamenessGroupConfigEntry) ToServiceResolverFailoverTargets() []ServiceResolverFailoverTarget {
 	return nil
 }
 
-// ToQueryFailoverTargets is an OSS placeholder noop
+// ToQueryFailoverTargets is an CE placeholder noop
 func (s *SamenessGroupConfigEntry) ToQueryFailoverTargets(namespace string) []QueryFailoverTarget {
 	return nil
 }
diff --git a/agent/structs/config_entry_test.go b/agent/structs/config_entry_test.go
index b164e67b4f7d..9151ef815b15 100644
--- a/agent/structs/config_entry_test.go
+++ b/agent/structs/config_entry_test.go
@@ -3411,7 +3411,7 @@ func testConfigEntryNormalizeAndValidate(t *testing.T, cases map[string]configEn
 			}
 
 			if tc.expectUnchanged {
-				// EnterpriseMeta.Normalize behaves differently in Ent and OSS which
+				// EnterpriseMeta.Normalize behaves differently in Ent and CE which
 				// causes an exact comparison to fail. It's still useful to assert that
 				// nothing else changes though during Normalize. So we ignore
 				// EnterpriseMeta Defaults.
diff --git a/agent/structs/connect_oss.go b/agent/structs/connect_ce.go
similarity index 100%
rename from agent/structs/connect_oss.go
rename to agent/structs/connect_ce.go
diff --git a/agent/structs/connect_proxy_config_oss.go b/agent/structs/connect_proxy_config_ce.go
similarity index 100%
rename from agent/structs/connect_proxy_config_oss.go
rename to agent/structs/connect_proxy_config_ce.go
diff --git a/agent/structs/discovery_chain_oss.go b/agent/structs/discovery_chain_ce.go
similarity index 100%
rename from agent/structs/discovery_chain_oss.go
rename to agent/structs/discovery_chain_ce.go
diff --git a/agent/structs/intention_oss.go b/agent/structs/intention_ce.go
similarity index 90%
rename from agent/structs/intention_oss.go
rename to agent/structs/intention_ce.go
index 77deca9af32e..cb657b8e3777 100644
--- a/agent/structs/intention_oss.go
+++ b/agent/structs/intention_ce.go
@@ -31,21 +31,21 @@ func (e *IntentionQueryExact) DestinationEnterpriseMeta() *acl.EnterpriseMeta {
 }
 
 // FillAuthzContext can fill in an acl.AuthorizerContext object to setup
-// extra parameters for ACL enforcement. In OSS there is currently nothing
+// extra parameters for ACL enforcement. In CE there is currently nothing
 // extra to be done.
 func (_ *Intention) FillAuthzContext(_ *acl.AuthorizerContext, _ bool) {
 	// do nothing
 }
 
 // FillAuthzContext can fill in an acl.AuthorizerContext object to setup
-// extra parameters for ACL enforcement. In OSS there is currently nothing
+// extra parameters for ACL enforcement. In CE there is currently nothing
 // extra to be done.
 func (_ *IntentionMatchEntry) FillAuthzContext(_ *acl.AuthorizerContext) {
 	// do nothing
 }
 
 // FillAuthzContext can fill in an acl.AuthorizerContext object to setup
-// extra parameters for ACL enforcement. In OSS there is currently nothing
+// extra parameters for ACL enforcement. In CE there is currently nothing
 // extra to be done.
 func (_ *IntentionQueryCheck) FillAuthzContext(_ *acl.AuthorizerContext) {
 	// do nothing
diff --git a/agent/structs/structs.deepcopy_oss.go b/agent/structs/structs.deepcopy_ce.go
similarity index 100%
rename from agent/structs/structs.deepcopy_oss.go
rename to agent/structs/structs.deepcopy_ce.go
diff --git a/agent/structs/structs_oss.go b/agent/structs/structs_ce.go
similarity index 99%
rename from agent/structs/structs_oss.go
rename to agent/structs/structs_ce.go
index f922b7fd720f..f47fac578afc 100644
--- a/agent/structs/structs_oss.go
+++ b/agent/structs/structs_ce.go
@@ -84,13 +84,13 @@ func (_ *RegisterRequest) GetEnterpriseMeta() *acl.EnterpriseMeta {
 	return nil
 }
 
-// OSS Stub
+// CE Stub
 func (op *TxnNodeOp) FillAuthzContext(ctx *acl.AuthorizerContext) {}
 
-// OSS Stub
+// CE Stub
 func (_ *TxnServiceOp) FillAuthzContext(_ *acl.AuthorizerContext) {}
 
-// OSS Stub
+// CE Stub
 func (_ *TxnCheckOp) FillAuthzContext(_ *acl.AuthorizerContext) {}
 
 func NodeNameString(node string, _ *acl.EnterpriseMeta) string {
diff --git a/agent/structs/structs_oss_test.go b/agent/structs/structs_ce_test.go
similarity index 100%
rename from agent/structs/structs_oss_test.go
rename to agent/structs/structs_ce_test.go
diff --git a/agent/token/store_oss.go b/agent/token/store_ce.go
similarity index 92%
rename from agent/token/store_oss.go
rename to agent/token/store_ce.go
index 98d291385aaf..f2fab3390dfd 100644
--- a/agent/token/store_oss.go
+++ b/agent/token/store_ce.go
@@ -13,7 +13,7 @@ type EnterpriseConfig struct {
 type enterpriseTokens struct {
 }
 
-// enterpriseAgentToken OSS stub
+// enterpriseAgentToken CE stub
 func (t *Store) enterpriseAgentToken() string {
 	return ""
 }
diff --git a/agent/ui_endpoint_oss_test.go b/agent/ui_endpoint_ce_test.go
similarity index 100%
rename from agent/ui_endpoint_oss_test.go
rename to agent/ui_endpoint_ce_test.go
diff --git a/agent/ui_endpoint_test.go b/agent/ui_endpoint_test.go
index ab27d2ea8e0c..1e0c391d0c95 100644
--- a/agent/ui_endpoint_test.go
+++ b/agent/ui_endpoint_test.go
@@ -1121,7 +1121,7 @@ func TestUIGatewayServiceNodes_Ingress(t *testing.T) {
 	require.Nil(t, err)
 	assertIndex(t, resp)
 
-	// Construct expected addresses so that differences between OSS/Ent are
+	// Construct expected addresses so that differences between CE/Ent are
 	// handled by code. We specifically don't include the trailing DNS . here as
 	// we are constructing what we are expecting, not the actual value
 	webDNS := serviceIngressDNSName("web", "dc1", "consul", structs.DefaultEnterpriseMetaInDefaultPartition())
diff --git a/agent/xds/delta_envoy_extender_oss_test.go b/agent/xds/delta_envoy_extender_ce_test.go
similarity index 100%
rename from agent/xds/delta_envoy_extender_oss_test.go
rename to agent/xds/delta_envoy_extender_ce_test.go
diff --git a/agent/xds/extensionruntime/runtime_config_oss_test.go b/agent/xds/extensionruntime/runtime_config_ce_test.go
similarity index 100%
rename from agent/xds/extensionruntime/runtime_config_oss_test.go
rename to agent/xds/extensionruntime/runtime_config_ce_test.go
diff --git a/agent/xds/failover_policy_oss.go b/agent/xds/failover_policy_ce.go
similarity index 100%
rename from agent/xds/failover_policy_oss.go
rename to agent/xds/failover_policy_ce.go
diff --git a/agent/xds/listeners_ingress.go b/agent/xds/listeners_ingress.go
index 61ef21d76ae7..e5e5a4980c41 100644
--- a/agent/xds/listeners_ingress.go
+++ b/agent/xds/listeners_ingress.go
@@ -299,7 +299,7 @@ func routeNameForUpstream(l structs.IngressListener, s structs.IngressService) s
 
 	// Return a specific route for this service as it needs a custom FilterChain
 	// to serve its custom cert so we should attach its routes to a separate Route
-	// too. We need this to be consistent between OSS and Enterprise to avoid xDS
+	// too. We need this to be consistent between CE and Enterprise to avoid xDS
 	// config golden files in tests conflicting so we can't use ServiceID.String()
 	// which normalizes to included all identifiers in Enterprise.
 	sn := s.ToServiceName()
diff --git a/agent/xds/locality_policy_oss.go b/agent/xds/locality_policy_ce.go
similarity index 100%
rename from agent/xds/locality_policy_oss.go
rename to agent/xds/locality_policy_ce.go
diff --git a/agent/xds/proxystateconverter/failover_policy_oss.go b/agent/xds/proxystateconverter/failover_policy_ce.go
similarity index 100%
rename from agent/xds/proxystateconverter/failover_policy_oss.go
rename to agent/xds/proxystateconverter/failover_policy_ce.go
diff --git a/agent/xds/proxystateconverter/locality_policy_oss.go b/agent/xds/proxystateconverter/locality_policy_ce.go
similarity index 100%
rename from agent/xds/proxystateconverter/locality_policy_oss.go
rename to agent/xds/proxystateconverter/locality_policy_ce.go
diff --git a/agent/xds/resources_oss_test.go b/agent/xds/resources_ce_test.go
similarity index 100%
rename from agent/xds/resources_oss_test.go
rename to agent/xds/resources_ce_test.go
diff --git a/agent/xds/server_oss.go b/agent/xds/server_ce.go
similarity index 100%
rename from agent/xds/server_oss.go
rename to agent/xds/server_ce.go
diff --git a/api/oss_test.go b/api/ce_test.go
similarity index 83%
rename from api/oss_test.go
rename to api/ce_test.go
index 613a2c4de231..c608970428c1 100644
--- a/api/oss_test.go
+++ b/api/ce_test.go
@@ -6,8 +6,8 @@
 
 package api
 
-// The following defaults return "default" in enterprise and "" in OSS.
+// The following defaults return "default" in enterprise and "" in CE.
 // This constant is useful when a default value is needed for an
-// operation that will reject non-empty values in OSS.
+// operation that will reject non-empty values in CE.
 const defaultNamespace = ""
 const defaultPartition = ""
diff --git a/api/config_entry_gateways_test.go b/api/config_entry_gateways_test.go
index 081e698dccc8..7383b0ae6803 100644
--- a/api/config_entry_gateways_test.go
+++ b/api/config_entry_gateways_test.go
@@ -176,7 +176,7 @@ func TestAPI_ConfigEntries_IngressGateway(t *testing.T) {
 
 			require.Len(t, readIngress.Listeners, 1)
 			require.Len(t, readIngress.Listeners[0].Services, 1)
-			// Set namespace and partition to blank so that OSS and ent can utilize the same tests
+			// Set namespace and partition to blank so that CE and ent can utilize the same tests
 			readIngress.Listeners[0].Services[0].Namespace = ""
 			readIngress.Listeners[0].Services[0].Partition = ""
 
@@ -195,7 +195,7 @@ func TestAPI_ConfigEntries_IngressGateway(t *testing.T) {
 
 			require.Len(t, readIngress.Listeners, 1)
 			require.Len(t, readIngress.Listeners[0].Services, 1)
-			// Set namespace and partition to blank so that OSS and ent can utilize the same tests
+			// Set namespace and partition to blank so that CE and ent can utilize the same tests
 			readIngress.Listeners[0].Services[0].Namespace = ""
 			readIngress.Listeners[0].Services[0].Partition = ""
 
@@ -321,7 +321,7 @@ func TestAPI_ConfigEntries_TerminatingGateway(t *testing.T) {
 			require.Equal(t, terminating1.Kind, readTerminating.Kind)
 			require.Equal(t, terminating1.Name, readTerminating.Name)
 			require.Len(t, readTerminating.Services, 1)
-			// Set namespace to blank so that OSS and ent can utilize the same tests
+			// Set namespace to blank so that CE and ent can utilize the same tests
 			readTerminating.Services[0].Namespace = ""
 
 			require.Equal(t, terminating1.Services, readTerminating.Services)
@@ -331,7 +331,7 @@ func TestAPI_ConfigEntries_TerminatingGateway(t *testing.T) {
 			require.Equal(t, terminating2.Kind, readTerminating.Kind)
 			require.Equal(t, terminating2.Name, readTerminating.Name)
 			require.Len(t, readTerminating.Services, 1)
-			// Set namespace to blank so that OSS and ent can utilize the same tests
+			// Set namespace to blank so that CE and ent can utilize the same tests
 			readTerminating.Services[0].Namespace = ""
 
 			require.Equal(t, terminating2.Services, readTerminating.Services)
diff --git a/build-support/functions/00-vars.sh b/build-support/functions/00-vars.sh
index 50000f61ce23..ef8433c34ebb 100644
--- a/build-support/functions/00-vars.sh
+++ b/build-support/functions/00-vars.sh
@@ -44,4 +44,5 @@ else
    SED_EXT="-r"
 fi
 
+# TODO(spatel): CE refactor
 CONSUL_BINARY_TYPE=oss
diff --git a/build-support/functions/10-util.sh b/build-support/functions/10-util.sh
index 9bdecd650374..4bb9f35a9f38 100644
--- a/build-support/functions/10-util.sh
+++ b/build-support/functions/10-util.sh
@@ -236,7 +236,7 @@ function get_version {
    local vers="$VERSION"
    if test -z "$vers"
    then
-      # parse the OSS version from version.go
+      # parse the CE version from version.go
       vers="$(parse_version ${1} ${2} ${3})"
    fi
 
@@ -637,6 +637,7 @@ function ui_logo_type {
    then
      echo "enterprise"
    else
+     # TODO(spatel): CE refactor
      echo "oss"
    fi
    return 0
diff --git a/build-support/functions/20-build.sh b/build-support/functions/20-build.sh
index 2788e3deeabf..c49ff0c59298 100644
--- a/build-support/functions/20-build.sh
+++ b/build-support/functions/20-build.sh
@@ -92,6 +92,7 @@ function build_ui {
       commit_year=$(git show -s --format=%cd --date=format:%Y HEAD)
    fi
 
+   # TODO(spatel): CE refactor
    local logo_type="${CONSUL_BINARY_TYPE}"
    if test "$logo_type" != "oss"
    then
diff --git a/command/acl/authmethod/create/authmethod_create_oss.go b/command/acl/authmethod/create/authmethod_create_ce.go
similarity index 100%
rename from command/acl/authmethod/create/authmethod_create_oss.go
rename to command/acl/authmethod/create/authmethod_create_ce.go
diff --git a/command/acl/authmethod/update/authmethod_update_oss.go b/command/acl/authmethod/update/authmethod_update_ce.go
similarity index 100%
rename from command/acl/authmethod/update/authmethod_update_oss.go
rename to command/acl/authmethod/update/authmethod_update_ce.go
diff --git a/command/acl/token/formatter_oss_test.go b/command/acl/token/formatter_ce_test.go
similarity index 78%
rename from command/acl/token/formatter_oss_test.go
rename to command/acl/token/formatter_ce_test.go
index 07be7b7ef63a..128b05b58a1b 100644
--- a/command/acl/token/formatter_oss_test.go
+++ b/command/acl/token/formatter_ce_test.go
@@ -11,5 +11,5 @@ import (
 )
 
 func TestFormatTokenExpanded(t *testing.T) {
-	testFormatTokenExpanded(t, "FormatTokenExpanded/oss")
+	testFormatTokenExpanded(t, "FormatTokenExpanded/ce")
 }
diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/basic.json.golden b/command/acl/token/testdata/FormatTokenExpanded/ce/basic.json.golden
similarity index 100%
rename from command/acl/token/testdata/FormatTokenExpanded/oss/basic.json.golden
rename to command/acl/token/testdata/FormatTokenExpanded/ce/basic.json.golden
diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty-meta.golden b/command/acl/token/testdata/FormatTokenExpanded/ce/basic.pretty-meta.golden
similarity index 100%
rename from command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty-meta.golden
rename to command/acl/token/testdata/FormatTokenExpanded/ce/basic.pretty-meta.golden
diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty.golden b/command/acl/token/testdata/FormatTokenExpanded/ce/basic.pretty.golden
similarity index 100%
rename from command/acl/token/testdata/FormatTokenExpanded/oss/basic.pretty.golden
rename to command/acl/token/testdata/FormatTokenExpanded/ce/basic.pretty.golden
diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/complex.json.golden b/command/acl/token/testdata/FormatTokenExpanded/ce/complex.json.golden
similarity index 100%
rename from command/acl/token/testdata/FormatTokenExpanded/oss/complex.json.golden
rename to command/acl/token/testdata/FormatTokenExpanded/ce/complex.json.golden
diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty-meta.golden b/command/acl/token/testdata/FormatTokenExpanded/ce/complex.pretty-meta.golden
similarity index 100%
rename from command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty-meta.golden
rename to command/acl/token/testdata/FormatTokenExpanded/ce/complex.pretty-meta.golden
diff --git a/command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty.golden b/command/acl/token/testdata/FormatTokenExpanded/ce/complex.pretty.golden
similarity index 100%
rename from command/acl/token/testdata/FormatTokenExpanded/oss/complex.pretty.golden
rename to command/acl/token/testdata/FormatTokenExpanded/ce/complex.pretty.golden
diff --git a/command/catalog/helpers_oss.go b/command/catalog/helpers_ce.go
similarity index 100%
rename from command/catalog/helpers_oss.go
rename to command/catalog/helpers_ce.go
diff --git a/command/connect/envoy/bootstrap_config_test.go b/command/connect/envoy/bootstrap_config_test.go
index ed00e0d9140c..ef0578634714 100644
--- a/command/connect/envoy/bootstrap_config_test.go
+++ b/command/connect/envoy/bootstrap_config_test.go
@@ -1524,7 +1524,7 @@ func TestConsulTagSpecifiers(t *testing.T) {
 			},
 		},
 		{
-			name: "tcp listener no namespace or partition (OSS)",
+			name: "tcp listener no namespace or partition (CE)",
 			stat: "tcp.upstream.db.dc1.downstream_cx_total",
 			expect: map[string][]string{
 				"consul.upstream.datacenter": {"db.dc1.", "dc1"},
@@ -1534,7 +1534,7 @@ func TestConsulTagSpecifiers(t *testing.T) {
 			},
 		},
 		{
-			name: "tcp peered listener no namespace or partition (OSS)",
+			name: "tcp peered listener no namespace or partition (CE)",
 			stat: "tcp.upstream_peered.db.cloudpeer.downstream_cx_total",
 			expect: map[string][]string{
 				"consul.upstream.peer":      {"db.cloudpeer.", "cloudpeer"},
@@ -1562,7 +1562,7 @@ func TestConsulTagSpecifiers(t *testing.T) {
 			},
 		},
 		{
-			name: "http listener no namespace or partition (OSS)",
+			name: "http listener no namespace or partition (CE)",
 			stat: "http.upstream.web.dc1.downstream_cx_total",
 			expect: map[string][]string{
 				"consul.upstream.datacenter": {"web.dc1.", "dc1"},
@@ -1572,7 +1572,7 @@ func TestConsulTagSpecifiers(t *testing.T) {
 			},
 		},
 		{
-			name: "http peered listener no namespace or partition (OSS)",
+			name: "http peered listener no namespace or partition (CE)",
 			stat: "http.upstream_peered.web.cloudpeer.downstream_cx_total",
 			expect: map[string][]string{
 				"consul.upstream.peer":      {"web.cloudpeer.", "cloudpeer"},
diff --git a/command/connect/envoy/envoy_oss_test.go b/command/connect/envoy/envoy_ce_test.go
similarity index 100%
rename from command/connect/envoy/envoy_oss_test.go
rename to command/connect/envoy/envoy_ce_test.go
diff --git a/command/login/login_oss.go b/command/login/login_ce.go
similarity index 100%
rename from command/login/login_oss.go
rename to command/login/login_ce.go
diff --git a/command/operator/autopilot/state/operator_autopilot_state_test.go b/command/operator/autopilot/state/operator_autopilot_state_test.go
index a2d51438a6e3..adc4b65933b1 100644
--- a/command/operator/autopilot/state/operator_autopilot_state_test.go
+++ b/command/operator/autopilot/state/operator_autopilot_state_test.go
@@ -107,7 +107,7 @@ func TestStateCommand_JSON(t *testing.T) {
 
 func TestStateCommand_Formatter(t *testing.T) {
 	cases := []string{
-		"oss",
+		"ce",
 		"enterprise",
 	}
 
diff --git a/command/operator/autopilot/state/testdata/oss/json.golden b/command/operator/autopilot/state/testdata/ce/json.golden
similarity index 100%
rename from command/operator/autopilot/state/testdata/oss/json.golden
rename to command/operator/autopilot/state/testdata/ce/json.golden
diff --git a/command/operator/autopilot/state/testdata/oss/pretty.golden b/command/operator/autopilot/state/testdata/ce/pretty.golden
similarity index 100%
rename from command/operator/autopilot/state/testdata/oss/pretty.golden
rename to command/operator/autopilot/state/testdata/ce/pretty.golden
diff --git a/command/operator/autopilot/state/testdata/oss/state.json b/command/operator/autopilot/state/testdata/ce/state.json
similarity index 100%
rename from command/operator/autopilot/state/testdata/oss/state.json
rename to command/operator/autopilot/state/testdata/ce/state.json
diff --git a/command/operator/usage/instances/usage_instances_oss.go b/command/operator/usage/instances/usage_instances_ce.go
similarity index 100%
rename from command/operator/usage/instances/usage_instances_oss.go
rename to command/operator/usage/instances/usage_instances_ce.go
diff --git a/command/operator/usage/instances/usage_instances_oss_test.go b/command/operator/usage/instances/usage_instances_ce_test.go
similarity index 100%
rename from command/operator/usage/instances/usage_instances_oss_test.go
rename to command/operator/usage/instances/usage_instances_ce_test.go
diff --git a/command/registry_oss.go b/command/registry_ce.go
similarity index 100%
rename from command/registry_oss.go
rename to command/registry_ce.go
diff --git a/docs/config/checklist-adding-config-fields.md b/docs/config/checklist-adding-config-fields.md
index 4f9a6e657d84..1f6b251e9899 100644
--- a/docs/config/checklist-adding-config-fields.md
+++ b/docs/config/checklist-adding-config-fields.md
@@ -11,7 +11,7 @@ through in your PR description**.
 
 Examples of special cases this doesn't cover are:
  - If the config needs special treatment like a different default in `-dev` mode
-   or differences between OSS and Enterprise.
+   or differences between CE and Enterprise.
  - If custom logic is needed to support backwards compatibility when changing
    syntax or semantics of anything
 
diff --git a/docs/persistence/README.md b/docs/persistence/README.md
index beab81b87adc..c8ca1089d807 100644
--- a/docs/persistence/README.md
+++ b/docs/persistence/README.md
@@ -63,11 +63,11 @@ There are two styles for defining table indexes. The original style uses generic
 implementations from [hashicorp/go-memdb] (ex: `StringFieldIndex`). These indexes use
 [reflect] to find values for an index. These generic indexers work well when the index
 value is a single value available directly from the struct field, and there are no
-oss/enterprise differences.
+ce/enterprise differences.
 
 The second style of indexers are custom indexers implemented using only functions and
 based on the types defined in [indexer.go]. This style of index works well when the index
-value is a value derived from one or multiple fields, or when there are oss/enterprise
+value is a value derived from one or multiple fields, or when there are ce/enterprise
 differences between the indexes.
 
 [reflect]: https://golang.org/pkg/reflect/
diff --git a/internal/resource/authz_oss.go b/internal/resource/authz_ce.go
similarity index 100%
rename from internal/resource/authz_oss.go
rename to internal/resource/authz_ce.go
diff --git a/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go b/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go
index cf0685a37849..b1f00a2dcdd7 100644
--- a/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go
+++ b/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go
@@ -56,16 +56,16 @@ func run(inputPaths []string, outputPath string) error {
 		return errors.New("-output path must end in .go")
 	}
 
-	oss, ent, err := collectSpecs(inputPaths)
+	ce, ent, err := collectSpecs(inputPaths)
 	if err != nil {
 		return err
 	}
 
-	ossSource, err := generateOSS(oss)
+	ceSource, err := generateCE(ce)
 	if err != nil {
 		return err
 	}
-	if err := os.WriteFile(outputPath, ossSource, 0666); err != nil {
+	if err := os.WriteFile(outputPath, ceSource, 0666); err != nil {
 		return fmt.Errorf("failed to write output file: %s - %w", outputPath, err)
 	}
 
@@ -181,19 +181,19 @@ func collectSpecs(inputPaths []string) ([]spec, []spec, error) {
 		return specs[a].MethodName < specs[b].MethodName
 	})
 
-	var oss, ent []spec
+	var ce, ent []spec
 	for _, spec := range specs {
 		if spec.Enterprise {
 			ent = append(ent, spec)
 		} else {
-			oss = append(oss, spec)
+			ce = append(ce, spec)
 		}
 	}
 
-	return oss, ent, nil
+	return ce, ent, nil
 }
 
-func generateOSS(specs []spec) ([]byte, error) {
+func generateCE(specs []spec) ([]byte, error) {
 	var output bytes.Buffer
 	output.WriteString(fileHeader)
 
@@ -206,7 +206,7 @@ func generateOSS(specs []spec) ([]byte, error) {
 
 	formatted, err := format.Source(output.Bytes())
 	if err != nil {
-		return nil, fmt.Errorf("failed to format source in oss: %w", err)
+		return nil, fmt.Errorf("failed to format source in ce: %w", err)
 	}
 	return formatted, nil
 }
diff --git a/lib/useragent.go b/lib/useragent.go
index 1837a4622feb..89c73dec5529 100644
--- a/lib/useragent.go
+++ b/lib/useragent.go
@@ -19,7 +19,7 @@ var (
 
 	// versionFunc is the func that returns the current version. This is a
 	// function to take into account the different build processes and distinguish
-	// between enterprise and oss builds.
+	// between enterprise and CE builds.
 	versionFunc = func() string {
 		return version.GetHumanVersion()
 	}
diff --git a/proto/private/pbautoconf/auto_config_oss.go b/proto/private/pbautoconf/auto_config_ce.go
similarity index 100%
rename from proto/private/pbautoconf/auto_config_oss.go
rename to proto/private/pbautoconf/auto_config_ce.go
diff --git a/proto/private/pbcommon/common_oss.go b/proto/private/pbcommon/common_ce.go
similarity index 100%
rename from proto/private/pbcommon/common_oss.go
rename to proto/private/pbcommon/common_ce.go
diff --git a/proto/private/pbconfigentry/config_entry_oss.go b/proto/private/pbconfigentry/config_entry_ce.go
similarity index 100%
rename from proto/private/pbconfigentry/config_entry_oss.go
rename to proto/private/pbconfigentry/config_entry_ce.go
diff --git a/proto/private/pbpeering/peering_oss.go b/proto/private/pbpeering/peering_ce.go
similarity index 100%
rename from proto/private/pbpeering/peering_oss.go
rename to proto/private/pbpeering/peering_ce.go
diff --git a/proto/private/pbservice/convert_oss.go b/proto/private/pbservice/convert_ce.go
similarity index 100%
rename from proto/private/pbservice/convert_oss.go
rename to proto/private/pbservice/convert_ce.go
diff --git a/proto/private/pbservice/convert_oss_test.go b/proto/private/pbservice/convert_ce_test.go
similarity index 100%
rename from proto/private/pbservice/convert_oss_test.go
rename to proto/private/pbservice/convert_ce_test.go
diff --git a/sentinel/sentinel_oss.go b/sentinel/sentinel_ce.go
similarity index 100%
rename from sentinel/sentinel_oss.go
rename to sentinel/sentinel_ce.go
diff --git a/test-integ/peering_commontopo/ac6_failovers_test.go b/test-integ/peering_commontopo/ac6_failovers_test.go
index aeeeba0fba86..fe3cd181b203 100644
--- a/test-integ/peering_commontopo/ac6_failovers_test.go
+++ b/test-integ/peering_commontopo/ac6_failovers_test.go
@@ -49,12 +49,12 @@ func (s *ac6FailoversSuite) setup(t *testing.T, ct *commonTopo) {
 }
 
 // dc1 is peered with dc2 and dc3.
-// dc1 has an ac6-client in "default" and "part1" partitions (only default in OSS).
+// dc1 has an ac6-client in "default" and "part1" partitions (only default in CE).
 // ac6-client has a single upstream ac6-failover-svc in its respective partition^.
 //
 // ac6-failover-svc has the following failovers:
 //   - peer-dc2-default
-//   - peer-dc2-part1 (not in OSS)
+//   - peer-dc2-part1 (not in CE)
 //   - peer-dc3-default
 //
 // This setup is mirrored from dc2->dc1 as well
@@ -356,7 +356,7 @@ func (s *ac6FailoversSuite) test(t *testing.T, ct *commonTopo) {
 			fmt.Println("### preconditions")
 			// TODO: deduce this number, instead of hard-coding
 			nFailoverTargets := 4
-			// in OSS, we don't have failover targets for non-default partitions
+			// in CE, we don't have failover targets for non-default partitions
 			if !utils.IsEnterprise() {
 				nFailoverTargets = 3
 			}
diff --git a/test-integ/peering_commontopo/commontopo.go b/test-integ/peering_commontopo/commontopo.go
index 79969afbb3f9..d0e2c8e55dcb 100644
--- a/test-integ/peering_commontopo/commontopo.go
+++ b/test-integ/peering_commontopo/commontopo.go
@@ -275,7 +275,7 @@ func (ct *commonTopo) APIClientForCluster(t *testing.T, clu *topology.Cluster) *
 func (ct *commonTopo) ExportService(clu *topology.Cluster, partition string, svcs ...api.ExportedService) {
 	var found bool
 	for _, ce := range clu.InitialConfigEntries {
-		// We check Name because it must be "default" in OSS whereas Partition will be "".
+		// We check Name because it must be "default" in CE whereas Partition will be "".
 		if ce.GetKind() == api.ExportedServices && ce.GetName() == partition {
 			found = true
 			e := ce.(*api.ExportedServicesConfigEntry)
@@ -285,7 +285,7 @@ func (ct *commonTopo) ExportService(clu *topology.Cluster, partition string, svc
 	if !found {
 		clu.InitialConfigEntries = append(clu.InitialConfigEntries,
 			&api.ExportedServicesConfigEntry{
-				Name:      partition, // this NEEDs to be "default" in OSS
+				Name:      partition, // this NEEDs to be "default" in CE
 				Partition: ConfigEntryPartition(partition),
 				Services:  svcs,
 			},
@@ -305,11 +305,11 @@ func (ct *commonTopo) ClusterByDatacenter(t *testing.T, name string) *topology.C
 	return nil
 }
 
-// Since OSS config entries do not contain the partition field,
+// Since CE config entries do not contain the partition field,
 // this func converts default partition to empty string.
 func ConfigEntryPartition(p string) string {
 	if p == "default" {
-		return "" // make this OSS friendly
+		return "" // make this CE friendly
 	}
 	return p
 }
diff --git a/test/integration/connect/envoy/main_test.go b/test/integration/connect/envoy/main_test.go
index 7769877efe63..52f3b74187e2 100644
--- a/test/integration/connect/envoy/main_test.go
+++ b/test/integration/connect/envoy/main_test.go
@@ -55,7 +55,6 @@ func TestEnvoy(t *testing.T) {
 	}
 }
 
-
 func runCmdLinux(t *testing.T, c string, env ...string) {
 	t.Helper()
 
@@ -96,7 +95,7 @@ func runCmd(t *testing.T, c string, env ...string) {
 	}
 }
 
-// Discover the cases so we pick up both oss and ent copies.
+// Discover the cases so we pick up both ce and ent copies.
 func discoverCases() ([]string, error) {
 	cwd, err := os.Getwd()
 	if err != nil {
diff --git a/test/integration/consul-container/libs/utils/tenancy.go b/test/integration/consul-container/libs/utils/tenancy.go
index f8a803bc82c7..058f9cee0147 100644
--- a/test/integration/consul-container/libs/utils/tenancy.go
+++ b/test/integration/consul-container/libs/utils/tenancy.go
@@ -26,7 +26,7 @@ func DefaultToEmpty(name string) string {
 }
 
 // CompatQueryOpts cleans a QueryOptions so that Partition and Namespace fields
-// are compatible with OSS or ENT
+// are compatible with CE or ENT
 // TODO: not sure why we can't do this server-side
 func CompatQueryOpts(opts *api.QueryOptions) *api.QueryOptions {
 	opts.Partition = DefaultToEmpty(opts.Partition)
diff --git a/test/integration/consul-container/libs/utils/version.go b/test/integration/consul-container/libs/utils/version.go
index c81f7e00e35d..24e66a869814 100644
--- a/test/integration/consul-container/libs/utils/version.go
+++ b/test/integration/consul-container/libs/utils/version.go
@@ -25,7 +25,7 @@ var (
 )
 
 const (
-	DefaultImageNameOSS   = "hashicorp/consul"
+	DefaultImageNameCE    = "hashicorp/consul"
 	DefaultImageNameENT   = "hashicorp/consul-enterprise"
 	ImageVersionSuffixENT = "-ent"
 )
@@ -65,7 +65,7 @@ func TargetImages() topology.Images {
 		}
 	} else {
 		return topology.Images{
-			ConsulOSS: img,
+			ConsulCE: img,
 		}
 	}
 }
diff --git a/test/integration/consul-container/libs/utils/version_oss.go b/test/integration/consul-container/libs/utils/version_ce.go
similarity index 82%
rename from test/integration/consul-container/libs/utils/version_oss.go
rename to test/integration/consul-container/libs/utils/version_ce.go
index afe5f6c4172c..2e5b1b3656b0 100644
--- a/test/integration/consul-container/libs/utils/version_oss.go
+++ b/test/integration/consul-container/libs/utils/version_ce.go
@@ -7,7 +7,7 @@
 package utils
 
 const (
-	defaultImageName   = DefaultImageNameOSS
+	defaultImageName   = DefaultImageNameCE
 	ImageVersionSuffix = ""
 	isInEnterpriseRepo = false
 )
diff --git a/test/integration/consul-container/test/gateways/tenancy_oss.go b/test/integration/consul-container/test/gateways/tenancy_ce.go
similarity index 100%
rename from test/integration/consul-container/test/gateways/tenancy_oss.go
rename to test/integration/consul-container/test/gateways/tenancy_ce.go
diff --git a/test/integration/consul-container/test/upgrade/README.md b/test/integration/consul-container/test/upgrade/README.md
index 479e680c1708..598bdfab3480 100644
--- a/test/integration/consul-container/test/upgrade/README.md
+++ b/test/integration/consul-container/test/upgrade/README.md
@@ -68,9 +68,9 @@ disable following container logs, run the test with `-follow-log false`.
 Below are the supported CLI options
 | Flags      | Default value | Description |
 | -----------         | ----------- | ----------- |
-| --latest-image      | `consul` in OSS, `hashicorp/consulenterprise` in ENT    | Name of the Docker image to deploy initially.
+| --latest-image      | `consul` in CE, `hashicorp/consulenterprise` in ENT    | Name of the Docker image to deploy initially.
 | --latest-version    | latest      | Tag of the Docker image to deploy initially.
-| --target-image      | `consul` in OSS, `hashicorp/consulenterprise` in ENT    | Name of the Docker image to upgrade to.
+| --target-image      | `consul` in Ce, `hashicorp/consulenterprise` in ENT    | Name of the Docker image to upgrade to.
 | --target-version    | local     | Tag of the Docker image to upgrade to. `local` is the tag built by `make dev-docker` above.
 | -follow-log         |  true    | Emit all container logs. These can be noisy, so we recommend `--follow-log=false` for local development.
 
diff --git a/testing/deployer/topology/compile.go b/testing/deployer/topology/compile.go
index 2fa90912ed0a..78ee5843c1b2 100644
--- a/testing/deployer/topology/compile.go
+++ b/testing/deployer/topology/compile.go
@@ -357,7 +357,7 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error
 		if !c.Enterprise {
 			expect := []*Partition{{Name: "default", Namespaces: []string{"default"}}}
 			if !reflect.DeepEqual(c.Partitions, expect) {
-				return nil, fmt.Errorf("cluster %q references non-default partitions or namespaces but is OSS", c.Name)
+				return nil, fmt.Errorf("cluster %q references non-default partitions or namespaces but is CE", c.Name)
 			}
 		}
 	}
@@ -393,7 +393,7 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error
 			}
 		} else {
 			if p.Dialing.Partition != "default" {
-				return nil, fmt.Errorf("dialing side of peering cannot reference a partition when OSS")
+				return nil, fmt.Errorf("dialing side of peering cannot reference a partition when CE")
 			}
 		}
 		if acceptingCluster.Enterprise {
@@ -402,7 +402,7 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error
 			}
 		} else {
 			if p.Accepting.Partition != "default" {
-				return nil, fmt.Errorf("accepting side of peering cannot reference a partition when OSS")
+				return nil, fmt.Errorf("accepting side of peering cannot reference a partition when CE")
 			}
 		}
 
diff --git a/testing/deployer/topology/ids.go b/testing/deployer/topology/ids.go
index b3268d517f68..3f964b12548e 100644
--- a/testing/deployer/topology/ids.go
+++ b/testing/deployer/topology/ids.go
@@ -137,7 +137,7 @@ func DefaultToEmpty(name string) string {
 
 // PartitionQueryOptions returns an *api.QueryOptions with the given partition
 // field set only if the partition is non-default. This helps when writing
-// tests for joint use in OSS and ENT.
+// tests for joint use in CE and ENT.
 func PartitionQueryOptions(partition string) *api.QueryOptions {
 	return &api.QueryOptions{
 		Partition: DefaultToEmpty(partition),
diff --git a/testing/deployer/topology/images.go b/testing/deployer/topology/images.go
index ce265b397437..d58d7a1213de 100644
--- a/testing/deployer/topology/images.go
+++ b/testing/deployer/topology/images.go
@@ -9,7 +9,7 @@ import (
 
 type Images struct {
 	Consul           string `json:",omitempty"`
-	ConsulOSS        string `json:",omitempty"`
+	ConsulCE         string `json:",omitempty"`
 	ConsulEnterprise string `json:",omitempty"`
 	Envoy            string
 	Dataplane        string
@@ -85,10 +85,10 @@ func (i Images) ChooseConsul(enterprise bool) Images {
 	if enterprise {
 		i.Consul = i.ConsulEnterprise
 	} else {
-		i.Consul = i.ConsulOSS
+		i.Consul = i.ConsulCE
 	}
 	i.ConsulEnterprise = ""
-	i.ConsulOSS = ""
+	i.ConsulCE = ""
 	return i
 }
 
@@ -96,8 +96,8 @@ func (i Images) OverrideWith(i2 Images) Images {
 	if i2.Consul != "" {
 		i.Consul = i2.Consul
 	}
-	if i2.ConsulOSS != "" {
-		i.ConsulOSS = i2.ConsulOSS
+	if i2.ConsulCE != "" {
+		i.ConsulCE = i2.ConsulCE
 	}
 	if i2.ConsulEnterprise != "" {
 		i.ConsulEnterprise = i2.ConsulEnterprise
@@ -118,7 +118,7 @@ func (i Images) OverrideWith(i2 Images) Images {
 func DefaultImages() Images {
 	return Images{
 		Consul:           "",
-		ConsulOSS:        DefaultConsulImage,
+		ConsulCE:         DefaultConsulImage,
 		ConsulEnterprise: DefaultConsulEnterpriseImage,
 		Envoy:            DefaultEnvoyImage,
 		Dataplane:        DefaultDataplaneImage,
diff --git a/ui/README.md b/ui/README.md
index dc3f8e64b656..850cff2ab45c 100644
--- a/ui/README.md
+++ b/ui/README.md
@@ -53,7 +53,7 @@ List of available project commands.  `yarn run <command-name>`
 | Command             | Description                        |
 |---------------------|------------------------------------|
 | doc:toc             | Re-builds the ToC for this README. |
-| compliance:licenses | Checks that all dependencies have OSS-compatible licenses. |
+| compliance:licenses | Checks that all dependencies have CE-compatible licenses. |
 
 ## Contributing
 
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
index 3c881cd1ed1b..716a1e18b30b 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
@@ -24,7 +24,7 @@
           </li>
           <li>
             <strong>Switch to the peer</strong><br />
-            Someone on your team should log into the Datacenter (OSS) or Admin Partition (Enterprise) that you want this one to connect with.
+            Someone on your team should log into the Datacenter (CE) or Admin Partition (Enterprise) that you want this one to connect with.
           </li>
           <li>
             <strong>Initiate the peering</strong><br />
diff --git a/ui/packages/consul-ui/GNUmakefile b/ui/packages/consul-ui/GNUmakefile
index 0855de1dab0a..68ad9cc414d3 100644
--- a/ui/packages/consul-ui/GNUmakefile
+++ b/ui/packages/consul-ui/GNUmakefile
@@ -34,6 +34,7 @@ start-api: deps
 # things with 'view' will open your browser for you
 # otherwise its headless
 
+# TODO(spatel): CE refactor
 # oss is currently with namespace support disabled
 test: deps test-node
 	yarn run test
diff --git a/ui/packages/consul-ui/app/services/client/http.js b/ui/packages/consul-ui/app/services/client/http.js
index 0d4677e6cfb6..3fe145ef58ef 100644
--- a/ui/packages/consul-ui/app/services/client/http.js
+++ b/ui/packages/consul-ui/app/services/client/http.js
@@ -257,7 +257,7 @@ export default class HttpService extends Service {
                 // we can use them later for store reconciliation. Namespace
                 // will look at the ns query parameter first, followed by the
                 // Namespace property of the users token, defaulting back to
-                // 'default' which will mainly be used in OSS
+                // 'default' which will mainly be used in CE
                 [CONSUL_DATACENTER]: params.data.dc,
                 [CONSUL_NAMESPACE]: params.data.ns || token.Namespace || 'default',
                 [CONSUL_PARTITION]: params.data.partition || token.Partition || 'default',
diff --git a/ui/packages/consul-ui/app/utils/create-fingerprinter.js b/ui/packages/consul-ui/app/utils/create-fingerprinter.js
index 54f2fa7d6d7c..738b89233ecc 100644
--- a/ui/packages/consul-ui/app/utils/create-fingerprinter.js
+++ b/ui/packages/consul-ui/app/utils/create-fingerprinter.js
@@ -35,7 +35,7 @@ export default function (foreignKey, nspaceKey, partitionKey, hash = JSON.string
         })
         .compact();
       // This ensures that all data objects have a Namespace and a Partition
-      // value set, even in OSS.
+      // value set, even in CE.
       if (typeof item[nspaceKey] === 'undefined') {
         if (nspaceValue === '*') {
           nspaceValue = 'default';
diff --git a/ui/packages/consul-ui/config/environment.js b/ui/packages/consul-ui/config/environment.js
index 66551a9ec2b0..b694f7e894ec 100644
--- a/ui/packages/consul-ui/config/environment.js
+++ b/ui/packages/consul-ui/config/environment.js
@@ -75,6 +75,7 @@ module.exports = function (environment, $ = process.env) {
     CONSUL_COPYRIGHT_YEAR: env('CONSUL_COPYRIGHT_YEAR', repositoryYear),
     CONSUL_GIT_SHA: env('CONSUL_GIT_SHA', repositorySHA),
     CONSUL_VERSION: env('CONSUL_VERSION', binaryVersion),
+    // TODO(spatel): CE refactor
     CONSUL_BINARY_TYPE: env('CONSUL_BINARY_TYPE', 'oss'),
 
     // These can be overwritten by the UI user at runtime by setting localStorage values
diff --git a/ui/packages/consul-ui/docs/significant-patterns.mdx b/ui/packages/consul-ui/docs/significant-patterns.mdx
index 0cd9d4365518..f60e2d287006 100644
--- a/ui/packages/consul-ui/docs/significant-patterns.mdx
+++ b/ui/packages/consul-ui/docs/significant-patterns.mdx
@@ -116,7 +116,7 @@ Please see our package.json file dependencies.
 
 ### Namespace support
 
-Whilst Consul namespaces are a OSS feature of Consul, we almost always build
+Whilst Consul namespaces are a CE feature of Consul, we almost always build
 things 'pretending' that namespaces are always enabled. Then there is code
 within the data layer of the application that removes any namespace related
 query parameters.

From c4b3234bbc6da6c65da5c3f2410503359186bfde Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Tue, 22 Aug 2023 11:16:12 -0400
Subject: [PATCH 310/359] CI: fix envoy versions in CI of release branch
 (#18538)

* CI: fix envoy versions in CI of release branch

* - remove steps sds for 1.15 nightly run
- checkout the release branch

* add default name

* fix

* Update go-tests.yml

* fix checkout code

* add comments and revert schedule
---
 .../nightly-test-integrations-1.15.x.yml      | 29 +++----------------
 .../nightly-test-integrations-1.16.x.yml      |  1 +
 .github/workflows/reusable-dev-build.yml      | 14 ++++++++-
 3 files changed, 18 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/nightly-test-integrations-1.15.x.yml b/.github/workflows/nightly-test-integrations-1.15.x.yml
index ade1e17a3978..b6cdda4650c7 100644
--- a/.github/workflows/nightly-test-integrations-1.15.x.yml
+++ b/.github/workflows/nightly-test-integrations-1.15.x.yml
@@ -47,6 +47,7 @@ jobs:
       runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       uploaded-binary-name: 'consul-bin'
+      branch-name: "release/1.15.x"
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
 
@@ -67,7 +68,7 @@ jobs:
           # this is further going to multiplied in envoy-integration tests by the 
           # other dimensions in the matrix.  Currently TOTAL_RUNNERS would be
           # multiplied by 8 based on these values:
-          # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"]
+          # envoy-version: ["1.22.11", "1.23.12", "1.24.10", "1.25.9"]
           # xds-target: ["server", "client"]
           TOTAL_RUNNERS: 4 
           JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]'
@@ -101,7 +102,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        envoy-version: ["1.23.12", "1.24.10", "1.25.9", "1.26.4"]
+        envoy-version: ["1.22.11", "1.23.12", "1.24.10", "1.25.9"]
         xds-target: ["server", "client"]
         test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
     env:
@@ -124,13 +125,10 @@ jobs:
           path: ./bin
       - name: restore mode+x
         run: chmod +x ./bin/consul
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
-
       - name: Docker build
         run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
-
       - name: Envoy Integration Tests
         env:
           GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
@@ -195,7 +193,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        consul-version: ["1.14", "1.15", "1.16"]
+        consul-version: ["1.14", "1.15"]
     env:
       CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
       ENVOY_VERSION: "1.24.6"
@@ -223,24 +221,6 @@ jobs:
         run: chmod +x consul
       - name: Build consul:local image
         run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
-      - name: Build consul-envoy:latest-version image
-        id: buildConsulEnvoyLatestImage
-        run: |
-          if ${{ endsWith(github.repository, '-enterprise') }} == 'true'
-          then
-            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}-ent --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-          else
-            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}     --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-          fi
-      - name: Build consul-envoy:target-version image
-        id: buildConsulEnvoyTargetImage
-        continue-on-error: true
-        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-      - name: Retry Build consul-envoy:target-version image
-        if: steps.buildConsulEnvoyTargetImage.outcome == 'failure'
-        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-      - name: Build sds image
-        run: docker build -t consul-sds-server ./test/integration/connect/envoy/test-sds-server/
       - name: Configure GH workaround for ipv6 loopback
         if: ${{ !endsWith(github.repository, '-enterprise') }}
         run: |
@@ -310,7 +290,6 @@ jobs:
           DD_ENV: ci
         run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
 
-
   test-integrations-success:
     needs: 
     - setup
diff --git a/.github/workflows/nightly-test-integrations-1.16.x.yml b/.github/workflows/nightly-test-integrations-1.16.x.yml
index 402cf30fca6f..45bee2d3ea4b 100644
--- a/.github/workflows/nightly-test-integrations-1.16.x.yml
+++ b/.github/workflows/nightly-test-integrations-1.16.x.yml
@@ -47,6 +47,7 @@ jobs:
       runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       uploaded-binary-name: 'consul-bin'
+      branch-name: "release/1.16.x"
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
 
diff --git a/.github/workflows/reusable-dev-build.yml b/.github/workflows/reusable-dev-build.yml
index 1aa28794cc7c..99bcb96592c3 100644
--- a/.github/workflows/reusable-dev-build.yml
+++ b/.github/workflows/reusable-dev-build.yml
@@ -14,6 +14,10 @@ on:
       repository-name:
         required: true
         type: string
+      branch-name:
+          required: false
+          type: string
+          default: ""
       go-arch:
         required: false
         type: string
@@ -25,7 +29,15 @@ jobs:
   build:
     runs-on: ${{ fromJSON(inputs.runs-on) }}
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      # NOTE: This is used for nightly job of building release branch.
+      - name: Checkout branch ${{ inputs.branch-name }}
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ inputs.branch-name }}
+        if: inputs.branch-name != ''
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        if: inputs.branch-name == ''
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}

From 570c84d0329ab4bf32b69b8088ec3bf6182478a0 Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Tue, 22 Aug 2023 11:09:37 -0500
Subject: [PATCH 311/359] catalog: add failover mode enum validation (#18545)

---
 internal/catalog/internal/types/failover_policy.go   | 12 ++++++++++++
 .../catalog/internal/types/failover_policy_test.go   |  9 +++++++++
 2 files changed, 21 insertions(+)

diff --git a/internal/catalog/internal/types/failover_policy.go b/internal/catalog/internal/types/failover_policy.go
index 761bb3241916..03993d707c9d 100644
--- a/internal/catalog/internal/types/failover_policy.go
+++ b/internal/catalog/internal/types/failover_policy.go
@@ -139,6 +139,18 @@ func validateFailoverConfig(config *pbcatalog.FailoverConfig, ported bool) []err
 		}
 	}
 
+	switch config.Mode {
+	case pbcatalog.FailoverMode_FAILOVER_MODE_UNSPECIFIED:
+		// means pbcatalog.FailoverMode_FAILOVER_MODE_SEQUENTIAL
+	case pbcatalog.FailoverMode_FAILOVER_MODE_SEQUENTIAL:
+	case pbcatalog.FailoverMode_FAILOVER_MODE_ORDER_BY_LOCALITY:
+	default:
+		errs = append(errs, resource.ErrInvalidField{
+			Name:    "mode",
+			Wrapped: fmt.Errorf("not a supported enum value: %v", config.Mode),
+		})
+	}
+
 	// TODO: validate sameness group requirements
 
 	return errs
diff --git a/internal/catalog/internal/types/failover_policy_test.go b/internal/catalog/internal/types/failover_policy_test.go
index 41bfd3d82770..d80e9b2f880e 100644
--- a/internal/catalog/internal/types/failover_policy_test.go
+++ b/internal/catalog/internal/types/failover_policy_test.go
@@ -200,6 +200,15 @@ func TestValidateFailoverPolicy(t *testing.T) {
 				SamenessGroup: "blah",
 			},
 		},
+		"mode: invalid": {
+			config: &pbcatalog.FailoverConfig{
+				Mode: 99,
+				Destinations: []*pbcatalog.FailoverDestination{
+					{Ref: newRef(ServiceType, "api-backup")},
+				},
+			},
+			expectErr: `invalid "mode" field: not a supported enum value: 99`,
+		},
 		"dest: no ref": {
 			config: &pbcatalog.FailoverConfig{
 				Destinations: []*pbcatalog.FailoverDestination{

From 55723c541e65ea1e939cd10a33bca75dd4fae7e2 Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Tue, 22 Aug 2023 11:27:09 -0500
Subject: [PATCH 312/359] mesh: add validation for the new pbmesh resources
 (#18410)

Adds validation for HTTPRoute, GRPCRoute, TCPRoute, DestinationPolicy, and ComputedRoutes.
---
 .../mesh/internal/types/computed_routes.go    |  47 +-
 .../internal/types/computed_routes_test.go    |  92 ++
 .../mesh/internal/types/destination_policy.go | 196 +++-
 .../internal/types/destination_policy_test.go | 510 +++++++++
 internal/mesh/internal/types/grpc_route.go    | 211 +++-
 .../mesh/internal/types/grpc_route_test.go    | 523 ++++++++++
 internal/mesh/internal/types/http_route.go    | 319 +++++-
 .../mesh/internal/types/http_route_test.go    | 980 ++++++++++++++++++
 .../internal/types/proxy_configuration.go     |   5 +-
 internal/mesh/internal/types/tcp_route.go     |  69 +-
 .../mesh/internal/types/tcp_route_test.go     |  79 ++
 internal/mesh/internal/types/util.go          |  52 +
 internal/mesh/internal/types/xroute.go        | 296 ++++++
 proto-public/pbmesh/v1alpha1/xroute_addons.go |  91 ++
 .../pbmesh/v1alpha1/xroute_addons_test.go     | 174 ++++
 15 files changed, 3633 insertions(+), 11 deletions(-)
 create mode 100644 internal/mesh/internal/types/computed_routes_test.go
 create mode 100644 internal/mesh/internal/types/destination_policy_test.go
 create mode 100644 internal/mesh/internal/types/grpc_route_test.go
 create mode 100644 internal/mesh/internal/types/http_route_test.go
 create mode 100644 internal/mesh/internal/types/tcp_route_test.go
 create mode 100644 internal/mesh/internal/types/util.go
 create mode 100644 internal/mesh/internal/types/xroute.go
 create mode 100644 proto-public/pbmesh/v1alpha1/xroute_addons.go
 create mode 100644 proto-public/pbmesh/v1alpha1/xroute_addons_test.go

diff --git a/internal/mesh/internal/types/computed_routes.go b/internal/mesh/internal/types/computed_routes.go
index 8314a2cc2e28..c43627c896c4 100644
--- a/internal/mesh/internal/types/computed_routes.go
+++ b/internal/mesh/internal/types/computed_routes.go
@@ -4,6 +4,8 @@
 package types
 
 import (
+	"github.com/hashicorp/go-multierror"
+
 	"github.com/hashicorp/consul/internal/resource"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -27,6 +29,49 @@ func RegisterComputedRoutes(r resource.Registry) {
 	r.Register(resource.Registration{
 		Type:     ComputedRoutesV1Alpha1Type,
 		Proto:    &pbmesh.ComputedRoutes{},
-		Validate: nil,
+		Validate: ValidateComputedRoutes,
 	})
 }
+
+func ValidateComputedRoutes(res *pbresource.Resource) error {
+	var config pbmesh.ComputedRoutes
+
+	if err := res.Data.UnmarshalTo(&config); err != nil {
+		return resource.NewErrDataParse(&config, err)
+	}
+
+	var merr error
+
+	if len(config.PortedConfigs) == 0 {
+		merr = multierror.Append(merr, resource.ErrInvalidField{
+			Name:    "ported_configs",
+			Wrapped: resource.ErrEmpty,
+		})
+	}
+
+	// TODO(rb): do more elaborate validation
+
+	for port, pmc := range config.PortedConfigs {
+		wrapErr := func(err error) error {
+			return resource.ErrInvalidMapValue{
+				Map:     "ported_configs",
+				Key:     port,
+				Wrapped: err,
+			}
+		}
+		if pmc.Config == nil {
+			merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
+				Name:    "config",
+				Wrapped: resource.ErrEmpty,
+			}))
+		}
+		if len(pmc.Targets) == 0 {
+			merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
+				Name:    "targets",
+				Wrapped: resource.ErrEmpty,
+			}))
+		}
+	}
+
+	return merr
+}
diff --git a/internal/mesh/internal/types/computed_routes_test.go b/internal/mesh/internal/types/computed_routes_test.go
new file mode 100644
index 000000000000..46b2f890a71e
--- /dev/null
+++ b/internal/mesh/internal/types/computed_routes_test.go
@@ -0,0 +1,92 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto/private/prototest"
+	"github.com/hashicorp/consul/sdk/testutil"
+)
+
+func TestValidateComputedRoutes(t *testing.T) {
+	type testcase struct {
+		routes    *pbmesh.ComputedRoutes
+		expectErr string
+	}
+
+	run := func(t *testing.T, tc testcase) {
+		res := resourcetest.Resource(ComputedRoutesType, "api").
+			WithData(t, tc.routes).
+			Build()
+
+		err := ValidateComputedRoutes(res)
+
+		// Verify that validate didn't actually change the object.
+		got := resourcetest.MustDecode[*pbmesh.ComputedRoutes](t, res)
+		prototest.AssertDeepEqual(t, tc.routes, got.Data)
+
+		if tc.expectErr == "" {
+			require.NoError(t, err)
+		} else {
+			testutil.RequireErrorContains(t, err, tc.expectErr)
+		}
+	}
+
+	cases := map[string]testcase{
+		"empty": {
+			routes:    &pbmesh.ComputedRoutes{},
+			expectErr: `invalid "ported_configs" field: cannot be empty`,
+		},
+		"empty config": {
+			routes: &pbmesh.ComputedRoutes{
+				PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{
+					"http": {
+						Config: nil,
+						Targets: map[string]*pbmesh.BackendTargetDetails{
+							"foo": {},
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within ported_configs: invalid "config" field: cannot be empty`,
+		},
+		"empty targets": {
+			routes: &pbmesh.ComputedRoutes{
+				PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{
+					"http": {
+						Config: &pbmesh.ComputedPortRoutes_Tcp{
+							Tcp: &pbmesh.InterpretedTCPRoute{},
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within ported_configs: invalid "targets" field: cannot be empty`,
+		},
+		"valid": {
+			routes: &pbmesh.ComputedRoutes{
+				PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{
+					"http": {
+						Config: &pbmesh.ComputedPortRoutes_Tcp{
+							Tcp: &pbmesh.InterpretedTCPRoute{},
+						},
+						Targets: map[string]*pbmesh.BackendTargetDetails{
+							"foo": {},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
diff --git a/internal/mesh/internal/types/destination_policy.go b/internal/mesh/internal/types/destination_policy.go
index e3f6bfbd0120..1c1cbd57d2e1 100644
--- a/internal/mesh/internal/types/destination_policy.go
+++ b/internal/mesh/internal/types/destination_policy.go
@@ -4,6 +4,11 @@
 package types
 
 import (
+	"errors"
+	"fmt"
+
+	"github.com/hashicorp/go-multierror"
+
 	"github.com/hashicorp/consul/internal/resource"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -27,6 +32,195 @@ func RegisterDestinationPolicy(r resource.Registry) {
 	r.Register(resource.Registration{
 		Type:     DestinationPolicyV1Alpha1Type,
 		Proto:    &pbmesh.DestinationPolicy{},
-		Validate: nil,
+		Validate: ValidateDestinationPolicy,
 	})
 }
+
+func ValidateDestinationPolicy(res *pbresource.Resource) error {
+	var policy pbmesh.DestinationPolicy
+
+	if err := res.Data.UnmarshalTo(&policy); err != nil {
+		return resource.NewErrDataParse(&policy, err)
+	}
+
+	var merr error
+
+	if len(policy.PortConfigs) == 0 {
+		merr = multierror.Append(merr, resource.ErrInvalidField{
+			Name:    "port_configs",
+			Wrapped: resource.ErrEmpty,
+		})
+	}
+
+	for port, pc := range policy.PortConfigs {
+		wrapErr := func(err error) error {
+			return resource.ErrInvalidMapValue{
+				Map:     "port_configs",
+				Key:     port,
+				Wrapped: err,
+			}
+		}
+
+		if dur := pc.ConnectTimeout.AsDuration(); dur < 0 {
+			merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
+				Name:    "connect_timeout",
+				Wrapped: fmt.Errorf("'%v', must be >= 0", dur),
+			}))
+		}
+		if dur := pc.RequestTimeout.AsDuration(); dur < 0 {
+			merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
+				Name:    "request_timeout",
+				Wrapped: fmt.Errorf("'%v', must be >= 0", dur),
+			}))
+		}
+
+		if pc.LoadBalancer != nil {
+			lb := pc.LoadBalancer
+			wrapLBErr := func(err error) error {
+				return wrapErr(resource.ErrInvalidField{
+					Name:    "load_balancer",
+					Wrapped: err,
+				})
+			}
+
+			switch lb.Policy {
+			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_UNSPECIFIED:
+				// means just do the default
+			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RANDOM:
+			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_ROUND_ROBIN:
+			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST:
+			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV:
+			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH:
+			default:
+				merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
+					Name:    "policy",
+					Wrapped: fmt.Errorf("not a supported enum value: %v", lb.Policy),
+				}))
+			}
+
+			if lb.Policy != pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH && lb.Config != nil {
+				if _, ok := lb.Config.(*pbmesh.LoadBalancer_RingHashConfig); ok {
+					merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
+						Name:    "config",
+						Wrapped: fmt.Errorf("ring_hash_config specified for incompatible load balancing policy %q", lb.Policy),
+					}))
+				}
+			}
+
+			if lb.Policy != pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST && lb.Config != nil {
+				if _, ok := lb.Config.(*pbmesh.LoadBalancer_LeastRequestConfig); ok {
+					merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
+						Name:    "config",
+						Wrapped: fmt.Errorf("least_request_config specified for incompatible load balancing policy %q", lb.Policy),
+					}))
+				}
+			}
+
+			if !lb.Policy.IsHashBased() && len(lb.HashPolicies) > 0 {
+				merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
+					Name:    "hash_policies",
+					Wrapped: fmt.Errorf("hash_policies specified for non-hash-based policy %q", lb.Policy),
+				}))
+			}
+
+		LOOP:
+			for i, hp := range lb.HashPolicies {
+				wrapHPErr := func(err error) error {
+					return wrapLBErr(resource.ErrInvalidListElement{
+						Name:    "hash_policies",
+						Index:   i,
+						Wrapped: err,
+					})
+				}
+
+				var hasField bool
+				switch hp.Field {
+				case pbmesh.HashPolicyField_HASH_POLICY_FIELD_UNSPECIFIED:
+				case pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
+					pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
+					pbmesh.HashPolicyField_HASH_POLICY_FIELD_QUERY_PARAMETER:
+					hasField = true
+				default:
+					merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
+						Name:    "field",
+						Wrapped: fmt.Errorf("not a supported enum value: %v", hp.Field),
+					}))
+					continue LOOP // no need to keep validating
+				}
+
+				if hp.SourceIp {
+					if hasField {
+						merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
+							Name:    "field",
+							Wrapped: fmt.Errorf("a single hash policy cannot hash both a source address and a %q", hp.Field),
+						}))
+					}
+					if hp.FieldValue != "" {
+						merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
+							Name:    "field_value",
+							Wrapped: errors.New("cannot be specified when hashing source_ip"),
+						}))
+					}
+				}
+
+				if hasField && hp.FieldValue == "" {
+					merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
+						Name:    "field_value",
+						Wrapped: fmt.Errorf("field %q was specified without a field_value", hp.Field),
+					}))
+				}
+				if hp.FieldValue != "" && !hasField {
+					merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
+						Name:    "field",
+						Wrapped: resource.ErrMissing,
+					}))
+					merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
+						Name:    "field_value",
+						Wrapped: errors.New("requires a field to apply to"),
+					}))
+				}
+				if hp.CookieConfig != nil {
+					if hp.Field != pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE {
+						merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
+							Name:    "cookie_config",
+							Wrapped: fmt.Errorf("incompatible with field %q", hp.Field),
+						}))
+					}
+					if hp.CookieConfig.Session && hp.CookieConfig.Ttl.AsDuration() != 0 {
+						merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
+							Name: "cookie_config",
+							Wrapped: resource.ErrInvalidField{
+								Name:    "ttl",
+								Wrapped: fmt.Errorf("a session cookie cannot have an associated TTL"),
+							},
+						}))
+					}
+				}
+			}
+		}
+
+		if pc.LocalityPrioritization != nil {
+			lp := pc.LocalityPrioritization
+			wrapLPErr := func(err error) error {
+				return wrapErr(resource.ErrInvalidField{
+					Name:    "locality_prioritization",
+					Wrapped: err,
+				})
+			}
+
+			switch lp.Mode {
+			case pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED:
+				// means pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_NONE
+			case pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_NONE:
+			case pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_FAILOVER:
+			default:
+				merr = multierror.Append(merr, wrapLPErr(resource.ErrInvalidField{
+					Name:    "mode",
+					Wrapped: fmt.Errorf("not a supported enum value: %v", lp.Mode),
+				}))
+			}
+		}
+	}
+
+	return merr
+}
diff --git a/internal/mesh/internal/types/destination_policy_test.go b/internal/mesh/internal/types/destination_policy_test.go
new file mode 100644
index 000000000000..960c42aedea2
--- /dev/null
+++ b/internal/mesh/internal/types/destination_policy_test.go
@@ -0,0 +1,510 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/durationpb"
+
+	"github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto/private/prototest"
+	"github.com/hashicorp/consul/sdk/testutil"
+)
+
+func TestValidateDestinationPolicy(t *testing.T) {
+	type testcase struct {
+		policy     *pbmesh.DestinationPolicy
+		expectErr  string
+		expectErrs []string
+	}
+
+	run := func(t *testing.T, tc testcase) {
+		res := resourcetest.Resource(DestinationPolicyType, "api").
+			WithData(t, tc.policy).
+			Build()
+
+		err := ValidateDestinationPolicy(res)
+
+		// Verify that validate didn't actually change the object.
+		got := resourcetest.MustDecode[*pbmesh.DestinationPolicy](t, res)
+		prototest.AssertDeepEqual(t, tc.policy, got.Data)
+
+		if tc.expectErr != "" && len(tc.expectErrs) > 0 {
+			t.Fatalf("cannot test singular and list errors at the same time")
+		}
+
+		if tc.expectErr == "" && len(tc.expectErrs) == 0 {
+			require.NoError(t, err)
+		} else if tc.expectErr != "" {
+			testutil.RequireErrorContains(t, err, tc.expectErr)
+		} else {
+			for _, expectErr := range tc.expectErrs {
+				testutil.RequireErrorContains(t, err, expectErr)
+			}
+		}
+	}
+
+	cases := map[string]testcase{
+		// emptiness
+		"empty": {
+			policy:    &pbmesh.DestinationPolicy{},
+			expectErr: `invalid "port_configs" field: cannot be empty`,
+		},
+		"good connect timeout": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+					},
+				},
+			},
+		},
+		"bad connect timeout": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(-55 * time.Second),
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "connect_timeout" field: '-55s', must be >= 0`,
+		},
+		"good request timeout": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						RequestTimeout: durationpb.New(55 * time.Second),
+					},
+				},
+			},
+		},
+		"bad request timeout": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						RequestTimeout: durationpb.New(-55 * time.Second),
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "request_timeout" field: '-55s', must be >= 0`,
+		},
+		// load balancer
+		"lbpolicy: missing enum": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer:   &pbmesh.LoadBalancer{},
+					},
+				},
+			},
+		},
+		"lbpolicy: bad enum": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: 99,
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "policy" field: not a supported enum value: 99`,
+		},
+		"lbpolicy: supported": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RANDOM,
+						},
+					},
+				},
+			},
+		},
+		"lbpolicy: bad for least request config": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH,
+							Config: &pbmesh.LoadBalancer_LeastRequestConfig{
+								LeastRequestConfig: &pbmesh.LeastRequestConfig{
+									ChoiceCount: 10,
+								},
+							},
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "config" field: least_request_config specified for incompatible load balancing policy "LOAD_BALANCER_POLICY_RING_HASH"`,
+		},
+		"lbpolicy: bad for ring hash config": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST,
+							Config: &pbmesh.LoadBalancer_RingHashConfig{
+								RingHashConfig: &pbmesh.RingHashConfig{
+									MinimumRingSize: 1024,
+								},
+							},
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "config" field: ring_hash_config specified for incompatible load balancing policy "LOAD_BALANCER_POLICY_LEAST_REQUEST"`,
+		},
+		"lbpolicy: good for least request config": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST,
+							Config: &pbmesh.LoadBalancer_LeastRequestConfig{
+								LeastRequestConfig: &pbmesh.LeastRequestConfig{
+									ChoiceCount: 10,
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		"lbpolicy: good for ring hash config": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH,
+							Config: &pbmesh.LoadBalancer_RingHashConfig{
+								RingHashConfig: &pbmesh.RingHashConfig{
+									MinimumRingSize: 1024,
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		"lbpolicy: empty policy with hash policy": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							HashPolicies: []*pbmesh.HashPolicy{
+								{SourceIp: true},
+							},
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "hash_policies" field: hash_policies specified for non-hash-based policy "LOAD_BALANCER_POLICY_UNSPECIFIED"`,
+		},
+		"lbconfig: cookie config with header policy": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
+							HashPolicies: []*pbmesh.HashPolicy{
+								{
+									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
+									FieldValue: "x-user-id",
+									CookieConfig: &pbmesh.CookieConfig{
+										Ttl:  durationpb.New(10 * time.Second),
+										Path: "/root",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "cookie_config" field: incompatible with field "HASH_POLICY_FIELD_HEADER"`,
+		},
+		"lbconfig: cannot generate session cookie with ttl": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
+							HashPolicies: []*pbmesh.HashPolicy{
+								{
+									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
+									FieldValue: "good-cookie",
+									CookieConfig: &pbmesh.CookieConfig{
+										Session: true,
+										Ttl:     durationpb.New(10 * time.Second),
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "cookie_config" field: invalid "ttl" field: a session cookie cannot have an associated TTL`,
+		},
+		"lbconfig: valid cookie policy": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
+							HashPolicies: []*pbmesh.HashPolicy{
+								{
+									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
+									FieldValue: "good-cookie",
+									CookieConfig: &pbmesh.CookieConfig{
+										Ttl:  durationpb.New(10 * time.Second),
+										Path: "/oven",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		"lbconfig: bad match field": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
+							HashPolicies: []*pbmesh.HashPolicy{
+								{
+									Field:      99,
+									FieldValue: "X-Consul-Token",
+								},
+							},
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field" field: not a supported enum value: 99`,
+		},
+		"lbconfig: supported match field": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
+							HashPolicies: []*pbmesh.HashPolicy{
+								{
+									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
+									FieldValue: "X-Consul-Token",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		"lbconfig: missing match field": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
+							HashPolicies: []*pbmesh.HashPolicy{
+								{
+									FieldValue: "X-Consul-Token",
+								},
+							},
+						},
+					},
+				},
+			},
+			expectErrs: []string{
+				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field" field: missing required field`,
+				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: requires a field to apply to`,
+			},
+		},
+		"lbconfig: cannot match on source address and custom field": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
+							HashPolicies: []*pbmesh.HashPolicy{
+								{
+									Field:    pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
+									SourceIp: true,
+								},
+							},
+						},
+					},
+				},
+			},
+			expectErrs: []string{
+				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field" field: a single hash policy cannot hash both a source address and a "HASH_POLICY_FIELD_HEADER"`,
+				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: field "HASH_POLICY_FIELD_HEADER" was specified without a field_value`,
+			},
+		},
+		"lbconfig: matchvalue not compatible with source address": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
+							HashPolicies: []*pbmesh.HashPolicy{
+								{
+									FieldValue: "X-Consul-Token",
+									SourceIp:   true,
+								},
+							},
+						},
+					},
+				},
+			},
+			expectErrs: []string{
+				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: cannot be specified when hashing source_ip`,
+				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: requires a field to apply to`,
+			},
+		},
+		"lbconfig: field without match value": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
+							HashPolicies: []*pbmesh.HashPolicy{
+								{
+									Field: pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
+								},
+							},
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: field "HASH_POLICY_FIELD_HEADER" was specified without a field_value`,
+		},
+		"lbconfig: matchvalue without field": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
+							HashPolicies: []*pbmesh.HashPolicy{
+								{
+									FieldValue: "my-cookie",
+								},
+							},
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: requires a field to apply to`,
+		},
+		"lbconfig: ring hash kitchen sink": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH,
+							Config: &pbmesh.LoadBalancer_RingHashConfig{
+								RingHashConfig: &pbmesh.RingHashConfig{
+									MaximumRingSize: 10,
+									MinimumRingSize: 2,
+								},
+							},
+							HashPolicies: []*pbmesh.HashPolicy{
+								{
+									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
+									FieldValue: "my-cookie",
+								},
+								{
+									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
+									FieldValue: "alt-header",
+									Terminal:   true,
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		"lbconfig: least request kitchen sink": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						ConnectTimeout: durationpb.New(55 * time.Second),
+						LoadBalancer: &pbmesh.LoadBalancer{
+							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST,
+							Config: &pbmesh.LoadBalancer_LeastRequestConfig{
+								LeastRequestConfig: &pbmesh.LeastRequestConfig{
+									ChoiceCount: 10,
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		"locality: good mode": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						LocalityPrioritization: &pbmesh.LocalityPrioritization{
+							Mode: pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_FAILOVER,
+						},
+					},
+				},
+			},
+		},
+		"locality: unset mode": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						LocalityPrioritization: &pbmesh.LocalityPrioritization{
+							Mode: pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED,
+						},
+					},
+				},
+			},
+		},
+		"locality: bad mode": {
+			policy: &pbmesh.DestinationPolicy{
+				PortConfigs: map[string]*pbmesh.DestinationConfig{
+					"http": {
+						LocalityPrioritization: &pbmesh.LocalityPrioritization{
+							Mode: 99,
+						},
+					},
+				},
+			},
+			expectErr: `invalid value of key "http" within port_configs: invalid "locality_prioritization" field: invalid "mode" field: not a supported enum value: 99`,
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
diff --git a/internal/mesh/internal/types/grpc_route.go b/internal/mesh/internal/types/grpc_route.go
index cdd4669bca6f..0d6c8df07f4e 100644
--- a/internal/mesh/internal/types/grpc_route.go
+++ b/internal/mesh/internal/types/grpc_route.go
@@ -4,6 +4,11 @@
 package types
 
 import (
+	"errors"
+	"fmt"
+
+	"github.com/hashicorp/go-multierror"
+
 	"github.com/hashicorp/consul/internal/resource"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -25,8 +30,208 @@ var (
 
 func RegisterGRPCRoute(r resource.Registry) {
 	r.Register(resource.Registration{
-		Type:     GRPCRouteV1Alpha1Type,
-		Proto:    &pbmesh.GRPCRoute{},
-		Validate: nil,
+		Type:  GRPCRouteV1Alpha1Type,
+		Proto: &pbmesh.GRPCRoute{},
+		// TODO(rb): normalize parent/backend ref tenancies in a Mutate hook
+		Validate: ValidateGRPCRoute,
 	})
 }
+
+func ValidateGRPCRoute(res *pbresource.Resource) error {
+	var route pbmesh.GRPCRoute
+
+	if err := res.Data.UnmarshalTo(&route); err != nil {
+		return resource.NewErrDataParse(&route, err)
+	}
+
+	var merr error
+	if err := validateParentRefs(route.ParentRefs); err != nil {
+		merr = multierror.Append(merr, err)
+	}
+
+	if len(route.Hostnames) > 0 {
+		merr = multierror.Append(merr, resource.ErrInvalidField{
+			Name:    "hostnames",
+			Wrapped: errors.New("should not populate hostnames"),
+		})
+	}
+
+	for i, rule := range route.Rules {
+		wrapRuleErr := func(err error) error {
+			return resource.ErrInvalidListElement{
+				Name:    "rules",
+				Index:   i,
+				Wrapped: err,
+			}
+		}
+
+		for j, match := range rule.Matches {
+			wrapMatchErr := func(err error) error {
+				return wrapRuleErr(resource.ErrInvalidListElement{
+					Name:    "matches",
+					Index:   j,
+					Wrapped: err,
+				})
+			}
+
+			if match.Method != nil {
+				switch match.Method.Type {
+				case pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_UNSPECIFIED:
+					merr = multierror.Append(merr, wrapMatchErr(
+						resource.ErrInvalidField{
+							Name:    "type",
+							Wrapped: resource.ErrMissing,
+						},
+					))
+				case pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT:
+				case pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_REGEX:
+				default:
+					merr = multierror.Append(merr, wrapMatchErr(
+						resource.ErrInvalidField{
+							Name:    "type",
+							Wrapped: fmt.Errorf("not a supported enum value: %v", match.Method.Type),
+						},
+					))
+				}
+				if match.Method.Service == "" && match.Method.Method == "" {
+					merr = multierror.Append(merr, wrapMatchErr(
+						resource.ErrInvalidField{
+							Name:    "service",
+							Wrapped: errors.New("at least one of \"service\" or \"method\" must be set"),
+						},
+					))
+				}
+			}
+
+			for k, header := range match.Headers {
+				wrapMatchHeaderErr := func(err error) error {
+					return wrapRuleErr(resource.ErrInvalidListElement{
+						Name:    "headers",
+						Index:   k,
+						Wrapped: err,
+					})
+				}
+
+				if err := validateHeaderMatchType(header.Type); err != nil {
+					merr = multierror.Append(merr, wrapMatchHeaderErr(
+						resource.ErrInvalidField{
+							Name:    "type",
+							Wrapped: err,
+						}),
+					)
+				}
+
+				if header.Name == "" {
+					merr = multierror.Append(merr, wrapMatchHeaderErr(
+						resource.ErrInvalidField{
+							Name:    "name",
+							Wrapped: resource.ErrMissing,
+						}),
+					)
+				}
+			}
+		}
+
+		for j, filter := range rule.Filters {
+			wrapFilterErr := func(err error) error {
+				return wrapRuleErr(resource.ErrInvalidListElement{
+					Name:    "filters",
+					Index:   j,
+					Wrapped: err,
+				})
+			}
+			set := 0
+			if filter.RequestHeaderModifier != nil {
+				set++
+			}
+			if filter.ResponseHeaderModifier != nil {
+				set++
+			}
+			if filter.UrlRewrite != nil {
+				set++
+				if filter.UrlRewrite.PathPrefix == "" {
+					merr = multierror.Append(merr, wrapFilterErr(
+						resource.ErrInvalidField{
+							Name: "url_rewrite",
+							Wrapped: resource.ErrInvalidField{
+								Name:    "path_prefix",
+								Wrapped: errors.New("field should not be empty if enclosing section is set"),
+							},
+						},
+					))
+				}
+			}
+			if set != 1 {
+				merr = multierror.Append(merr, wrapFilterErr(
+					errors.New("exactly one of request_header_modifier, response_header_modifier, or url_rewrite is required"),
+				))
+			}
+		}
+
+		if len(rule.BackendRefs) == 0 {
+			/*
+				BackendRefs (optional)¶
+
+				BackendRefs defines API objects where matching requests should be
+				sent. If unspecified, the rule performs no forwarding. If
+				unspecified and no filters are specified that would result in a
+				response being sent, a 404 error code is returned.
+			*/
+			merr = multierror.Append(merr, wrapRuleErr(
+				resource.ErrInvalidField{
+					Name:    "backend_refs",
+					Wrapped: resource.ErrEmpty,
+				},
+			))
+		}
+		for j, hbref := range rule.BackendRefs {
+			wrapBackendRefErr := func(err error) error {
+				return wrapRuleErr(resource.ErrInvalidListElement{
+					Name:    "backend_refs",
+					Index:   j,
+					Wrapped: err,
+				})
+			}
+			for _, err := range validateBackendRef(hbref.BackendRef) {
+				merr = multierror.Append(merr, wrapBackendRefErr(
+					resource.ErrInvalidField{
+						Name:    "backend_ref",
+						Wrapped: err,
+					},
+				))
+			}
+
+			if len(hbref.Filters) > 0 {
+				merr = multierror.Append(merr, wrapBackendRefErr(
+					resource.ErrInvalidField{
+						Name:    "filters",
+						Wrapped: errors.New("filters are not supported at this level yet"),
+					},
+				))
+			}
+		}
+
+		if rule.Timeouts != nil {
+			for _, err := range validateHTTPTimeouts(rule.Timeouts) {
+				merr = multierror.Append(merr, wrapRuleErr(
+					resource.ErrInvalidField{
+						Name:    "timeouts",
+						Wrapped: err,
+					},
+				))
+			}
+		}
+		if rule.Retries != nil {
+			for _, err := range validateHTTPRetries(rule.Retries) {
+				merr = multierror.Append(merr, wrapRuleErr(
+					resource.ErrInvalidField{
+						Name:    "retries",
+						Wrapped: err,
+					},
+				))
+			}
+		}
+	}
+
+	return merr
+}
diff --git a/internal/mesh/internal/types/grpc_route_test.go b/internal/mesh/internal/types/grpc_route_test.go
new file mode 100644
index 000000000000..e9abc118c654
--- /dev/null
+++ b/internal/mesh/internal/types/grpc_route_test.go
@@ -0,0 +1,523 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/internal/catalog"
+	"github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto/private/prototest"
+	"github.com/hashicorp/consul/sdk/testutil"
+)
+
+func TestValidateGRPCRoute(t *testing.T) {
+	type testcase struct {
+		route     *pbmesh.GRPCRoute
+		expectErr string
+	}
+
+	run := func(t *testing.T, tc testcase) {
+		res := resourcetest.Resource(GRPCRouteType, "api").
+			WithData(t, tc.route).
+			Build()
+
+		err := ValidateGRPCRoute(res)
+
+		// Verify that validate didn't actually change the object.
+		got := resourcetest.MustDecode[*pbmesh.GRPCRoute](t, res)
+		prototest.AssertDeepEqual(t, tc.route, got.Data)
+
+		if tc.expectErr == "" {
+			require.NoError(t, err)
+		} else {
+			testutil.RequireErrorContains(t, err, tc.expectErr)
+		}
+	}
+
+	cases := map[string]testcase{
+		"hostnames not supported for services": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Hostnames: []string{"foo.local"},
+			},
+			expectErr: `invalid "hostnames" field: should not populate hostnames`,
+		},
+		"no rules": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+			},
+		},
+		"rules with no matches": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"rules with matches that are empty": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Matches: []*pbmesh.GRPCRouteMatch{{
+						// none
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"method match with no type is bad": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Matches: []*pbmesh.GRPCRouteMatch{{
+						Method: &pbmesh.GRPCMethodMatch{
+							Service: "foo",
+						},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "type" field: missing required field`,
+		},
+		"method match with unknown type is bad": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Matches: []*pbmesh.GRPCRouteMatch{{
+						Method: &pbmesh.GRPCMethodMatch{
+							Type:    99,
+							Service: "foo",
+						},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "type" field: not a supported enum value: 99`,
+		},
+		"method match with no service nor method is bad": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Matches: []*pbmesh.GRPCRouteMatch{{
+						Method: &pbmesh.GRPCMethodMatch{
+							Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
+						},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "service" field: at least one of "service" or "method" must be set`,
+		},
+		"method match is good (1)": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Matches: []*pbmesh.GRPCRouteMatch{{
+						Method: &pbmesh.GRPCMethodMatch{
+							Type:    pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
+							Service: "foo",
+						},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"method match is good (2)": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Matches: []*pbmesh.GRPCRouteMatch{{
+						Method: &pbmesh.GRPCMethodMatch{
+							Type:   pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
+							Method: "bar",
+						},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"method match is good (3)": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Matches: []*pbmesh.GRPCRouteMatch{{
+						Method: &pbmesh.GRPCMethodMatch{
+							Type:    pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
+							Service: "foo",
+							Method:  "bar",
+						},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"header match with no type is bad": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Matches: []*pbmesh.GRPCRouteMatch{{
+						Headers: []*pbmesh.GRPCHeaderMatch{{
+							Name: "x-foo",
+						}},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "headers": invalid "type" field: missing required field`,
+		},
+		"header match with unknown type is bad": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Matches: []*pbmesh.GRPCRouteMatch{{
+						Headers: []*pbmesh.GRPCHeaderMatch{{
+							Type: 99,
+							Name: "x-foo",
+						}},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "headers": invalid "type" field: not a supported enum value: 99`,
+		},
+		"header match with no name is bad": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Matches: []*pbmesh.GRPCRouteMatch{{
+						Headers: []*pbmesh.GRPCHeaderMatch{{
+							Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
+						}},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "headers": invalid "name" field: missing required field`,
+		},
+		"header match is good": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Matches: []*pbmesh.GRPCRouteMatch{{
+						Headers: []*pbmesh.GRPCHeaderMatch{{
+							Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
+							Name: "x-foo",
+						}},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"filter empty is bad": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Filters: []*pbmesh.GRPCRouteFilter{{
+						// none
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
+		},
+		"filter req header mod is ok": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Filters: []*pbmesh.GRPCRouteFilter{{
+						RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"filter resp header mod is ok": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Filters: []*pbmesh.GRPCRouteFilter{{
+						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"filter rewrite header mod missing path prefix": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Filters: []*pbmesh.GRPCRouteFilter{{
+						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": invalid "url_rewrite" field: invalid "path_prefix" field: field should not be empty if enclosing section is set`,
+		},
+		"filter rewrite header mod is ok": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Filters: []*pbmesh.GRPCRouteFilter{{
+						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
+							PathPrefix: "/blah",
+						},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"filter req+resp header mod is bad": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Filters: []*pbmesh.GRPCRouteFilter{{
+						RequestHeaderModifier:  &pbmesh.HTTPHeaderFilter{},
+						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
+		},
+		"filter req+rewrite header mod is bad": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Filters: []*pbmesh.GRPCRouteFilter{{
+						RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
+							PathPrefix: "/blah",
+						},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
+		},
+		"filter resp+rewrite header mod is bad": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Filters: []*pbmesh.GRPCRouteFilter{{
+						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
+							PathPrefix: "/blah",
+						},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
+		},
+		"filter req+resp+rewrite header mod is bad": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Filters: []*pbmesh.GRPCRouteFilter{{
+						RequestHeaderModifier:  &pbmesh.HTTPHeaderFilter{},
+						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
+							PathPrefix: "/blah",
+						},
+					}},
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
+		},
+		"backend ref with filters is unsupported": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+						Filters: []*pbmesh.GRPCRouteFilter{{
+							RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+						}},
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "filters" field: filters are not supported at this level yet`,
+		},
+		"nil backend ref": {
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					BackendRefs: []*pbmesh.GRPCBackendRef{nil},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "backend_ref" field: missing required field`,
+		},
+	}
+
+	// Add common timeouts test cases.
+	for name, timeoutsTC := range getXRouteTimeoutsTestCases() {
+		cases["timeouts: "+name] = testcase{
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Timeouts: timeoutsTC.timeouts,
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: timeoutsTC.expectErr,
+		}
+	}
+
+	// Add common retries test cases.
+	for name, retriesTC := range getXRouteRetriesTestCases() {
+		cases["retries: "+name] = testcase{
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{{
+					Retries: retriesTC.retries,
+					BackendRefs: []*pbmesh.GRPCBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: retriesTC.expectErr,
+		}
+	}
+
+	// Add common parent refs test cases.
+	for name, parentTC := range getXRouteParentRefTestCases() {
+		cases["parent-ref: "+name] = testcase{
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: parentTC.refs,
+			},
+			expectErr: parentTC.expectErr,
+		}
+	}
+	// add common backend ref test cases.
+	for name, backendTC := range getXRouteBackendRefTestCases() {
+		var refs []*pbmesh.GRPCBackendRef
+		for _, br := range backendTC.refs {
+			refs = append(refs, &pbmesh.GRPCBackendRef{
+				BackendRef: br,
+			})
+		}
+		cases["backend-ref: "+name] = testcase{
+			route: &pbmesh.GRPCRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.GRPCRouteRule{
+					{BackendRefs: refs},
+				},
+			},
+			expectErr: backendTC.expectErr,
+		}
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
diff --git a/internal/mesh/internal/types/http_route.go b/internal/mesh/internal/types/http_route.go
index 6f5f284ed901..d348091a7e92 100644
--- a/internal/mesh/internal/types/http_route.go
+++ b/internal/mesh/internal/types/http_route.go
@@ -4,6 +4,13 @@
 package types
 
 import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/hashicorp/go-multierror"
+
 	"github.com/hashicorp/consul/internal/resource"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -27,6 +34,316 @@ func RegisterHTTPRoute(r resource.Registry) {
 	r.Register(resource.Registration{
 		Type:     HTTPRouteV1Alpha1Type,
 		Proto:    &pbmesh.HTTPRoute{},
-		Validate: nil,
+		Mutate:   MutateHTTPRoute,
+		Validate: ValidateHTTPRoute,
 	})
 }
+
+func MutateHTTPRoute(res *pbresource.Resource) error {
+	var route pbmesh.HTTPRoute
+
+	if err := res.Data.UnmarshalTo(&route); err != nil {
+		return resource.NewErrDataParse(&route, err)
+	}
+
+	changed := false
+
+	for _, rule := range route.Rules {
+		for _, match := range rule.Matches {
+			if match.Method != "" {
+				norm := strings.ToUpper(match.Method)
+				if match.Method != norm {
+					match.Method = norm
+					changed = true
+				}
+			}
+		}
+	}
+
+	// TODO(rb): normalize parent/backend ref tenancies
+
+	if !changed {
+		return nil
+	}
+
+	return res.Data.MarshalFrom(&route)
+}
+
+func ValidateHTTPRoute(res *pbresource.Resource) error {
+	var route pbmesh.HTTPRoute
+
+	if err := res.Data.UnmarshalTo(&route); err != nil {
+		return resource.NewErrDataParse(&route, err)
+	}
+
+	var merr error
+	if err := validateParentRefs(route.ParentRefs); err != nil {
+		merr = multierror.Append(merr, err)
+	}
+
+	if len(route.Hostnames) > 0 {
+		merr = multierror.Append(merr, resource.ErrInvalidField{
+			Name:    "hostnames",
+			Wrapped: errors.New("should not populate hostnames"),
+		})
+	}
+
+	for i, rule := range route.Rules {
+		wrapRuleErr := func(err error) error {
+			return resource.ErrInvalidListElement{
+				Name:    "rules",
+				Index:   i,
+				Wrapped: err,
+			}
+		}
+
+		for j, match := range rule.Matches {
+			wrapMatchErr := func(err error) error {
+				return wrapRuleErr(resource.ErrInvalidListElement{
+					Name:    "matches",
+					Index:   j,
+					Wrapped: err,
+				})
+			}
+
+			if match.Path != nil {
+				wrapMatchPathErr := func(err error) error {
+					return wrapMatchErr(resource.ErrInvalidField{
+						Name:    "path",
+						Wrapped: err,
+					})
+				}
+				switch match.Path.Type {
+				case pbmesh.PathMatchType_PATH_MATCH_TYPE_UNSPECIFIED:
+					merr = multierror.Append(merr, wrapMatchPathErr(
+						resource.ErrInvalidField{
+							Name:    "type",
+							Wrapped: resource.ErrMissing,
+						},
+					))
+				case pbmesh.PathMatchType_PATH_MATCH_TYPE_EXACT:
+					if !strings.HasPrefix(match.Path.Value, "/") {
+						merr = multierror.Append(merr, wrapMatchPathErr(
+							resource.ErrInvalidField{
+								Name:    "value",
+								Wrapped: fmt.Errorf("exact patch value does not start with '/': %q", match.Path.Value),
+							},
+						))
+					}
+				case pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX:
+					if !strings.HasPrefix(match.Path.Value, "/") {
+						merr = multierror.Append(merr, wrapMatchPathErr(
+							resource.ErrInvalidField{
+								Name:    "value",
+								Wrapped: fmt.Errorf("prefix patch value does not start with '/': %q", match.Path.Value),
+							},
+						))
+					}
+				default:
+					merr = multierror.Append(merr, wrapMatchPathErr(
+						resource.ErrInvalidField{
+							Name:    "type",
+							Wrapped: fmt.Errorf("not a supported enum value: %v", match.Path.Type),
+						},
+					))
+				}
+			}
+
+			for k, hdr := range match.Headers {
+				wrapMatchHeaderErr := func(err error) error {
+					return wrapMatchErr(resource.ErrInvalidListElement{
+						Name:    "headers",
+						Index:   k,
+						Wrapped: err,
+					})
+				}
+
+				if err := validateHeaderMatchType(hdr.Type); err != nil {
+					merr = multierror.Append(merr, wrapMatchHeaderErr(
+						resource.ErrInvalidField{
+							Name:    "type",
+							Wrapped: err,
+						}),
+					)
+				}
+
+				if hdr.Name == "" {
+					merr = multierror.Append(merr, wrapMatchHeaderErr(
+						resource.ErrInvalidField{
+							Name:    "name",
+							Wrapped: resource.ErrMissing,
+						}),
+					)
+				}
+			}
+
+			for k, qm := range match.QueryParams {
+				wrapMatchParamErr := func(err error) error {
+					return wrapMatchErr(resource.ErrInvalidListElement{
+						Name:    "query_params",
+						Index:   k,
+						Wrapped: err,
+					})
+				}
+
+				switch qm.Type {
+				case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_UNSPECIFIED:
+					merr = multierror.Append(merr, wrapMatchParamErr(
+						resource.ErrInvalidField{
+							Name:    "type",
+							Wrapped: resource.ErrMissing,
+						}),
+					)
+				case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_EXACT:
+				case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_REGEX:
+				case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_PRESENT:
+				default:
+					merr = multierror.Append(merr, wrapMatchParamErr(
+						resource.ErrInvalidField{
+							Name:    "type",
+							Wrapped: fmt.Errorf("not a supported enum value: %v", qm.Type),
+						},
+					))
+				}
+
+				if qm.Name == "" {
+					merr = multierror.Append(merr, wrapMatchParamErr(
+						resource.ErrInvalidField{
+							Name:    "name",
+							Wrapped: resource.ErrMissing,
+						}),
+					)
+				}
+			}
+
+			if match.Method != "" && !isValidHTTPMethod(match.Method) {
+				merr = multierror.Append(merr, wrapMatchErr(
+					resource.ErrInvalidField{
+						Name:    "method",
+						Wrapped: fmt.Errorf("not a valid http method: %q", match.Method),
+					},
+				))
+			}
+		}
+
+		for j, filter := range rule.Filters {
+			wrapFilterErr := func(err error) error {
+				return wrapRuleErr(resource.ErrInvalidListElement{
+					Name:    "filters",
+					Index:   j,
+					Wrapped: err,
+				})
+			}
+			set := 0
+			if filter.RequestHeaderModifier != nil {
+				set++
+			}
+			if filter.ResponseHeaderModifier != nil {
+				set++
+			}
+			if filter.UrlRewrite != nil {
+				set++
+				if filter.UrlRewrite.PathPrefix == "" {
+					merr = multierror.Append(merr, wrapFilterErr(
+						resource.ErrInvalidField{
+							Name: "url_rewrite",
+							Wrapped: resource.ErrInvalidField{
+								Name:    "path_prefix",
+								Wrapped: errors.New("field should not be empty if enclosing section is set"),
+							},
+						},
+					))
+				}
+			}
+			if set != 1 {
+				merr = multierror.Append(merr, wrapFilterErr(
+					errors.New("exactly one of request_header_modifier, response_header_modifier, or url_rewrite is required"),
+				))
+			}
+		}
+
+		if len(rule.BackendRefs) == 0 {
+			/*
+				BackendRefs (optional)¶
+
+				BackendRefs defines API objects where matching requests should be
+				sent. If unspecified, the rule performs no forwarding. If
+				unspecified and no filters are specified that would result in a
+				response being sent, a 404 error code is returned.
+			*/
+			merr = multierror.Append(merr, wrapRuleErr(
+				resource.ErrInvalidField{
+					Name:    "backend_refs",
+					Wrapped: resource.ErrEmpty,
+				},
+			))
+		}
+		for j, hbref := range rule.BackendRefs {
+			wrapBackendRefErr := func(err error) error {
+				return wrapRuleErr(resource.ErrInvalidListElement{
+					Name:    "backend_refs",
+					Index:   j,
+					Wrapped: err,
+				})
+			}
+
+			for _, err := range validateBackendRef(hbref.BackendRef) {
+				merr = multierror.Append(merr, wrapBackendRefErr(
+					resource.ErrInvalidField{
+						Name:    "backend_ref",
+						Wrapped: err,
+					},
+				))
+			}
+
+			if len(hbref.Filters) > 0 {
+				merr = multierror.Append(merr, wrapBackendRefErr(
+					resource.ErrInvalidField{
+						Name:    "filters",
+						Wrapped: errors.New("filters are not supported at this level yet"),
+					},
+				))
+			}
+		}
+
+		if rule.Timeouts != nil {
+			for _, err := range validateHTTPTimeouts(rule.Timeouts) {
+				merr = multierror.Append(merr, wrapRuleErr(
+					resource.ErrInvalidField{
+						Name:    "timeouts",
+						Wrapped: err,
+					},
+				))
+			}
+		}
+		if rule.Retries != nil {
+			for _, err := range validateHTTPRetries(rule.Retries) {
+				merr = multierror.Append(merr, wrapRuleErr(
+					resource.ErrInvalidField{
+						Name:    "retries",
+						Wrapped: err,
+					},
+				))
+			}
+		}
+	}
+
+	return merr
+}
+
+func isValidHTTPMethod(method string) bool {
+	switch method {
+	case http.MethodGet,
+		http.MethodHead,
+		http.MethodPost,
+		http.MethodPut,
+		http.MethodPatch,
+		http.MethodDelete,
+		http.MethodConnect,
+		http.MethodOptions,
+		http.MethodTrace:
+		return true
+	default:
+		return false
+	}
+}
diff --git a/internal/mesh/internal/types/http_route_test.go b/internal/mesh/internal/types/http_route_test.go
new file mode 100644
index 000000000000..0f4626aa7094
--- /dev/null
+++ b/internal/mesh/internal/types/http_route_test.go
@@ -0,0 +1,980 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/durationpb"
+
+	"github.com/hashicorp/consul/internal/catalog"
+	"github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/proto/private/prototest"
+	"github.com/hashicorp/consul/sdk/testutil"
+)
+
+func TestMutateHTTPRoute(t *testing.T) {
+	type testcase struct {
+		route     *pbmesh.HTTPRoute
+		expect    *pbmesh.HTTPRoute
+		expectErr string
+	}
+
+	run := func(t *testing.T, tc testcase) {
+		res := resourcetest.Resource(HTTPRouteType, "api").
+			WithData(t, tc.route).
+			Build()
+
+		err := MutateHTTPRoute(res)
+
+		got := resourcetest.MustDecode[*pbmesh.HTTPRoute](t, res)
+
+		if tc.expectErr == "" {
+			require.NoError(t, err)
+
+			if tc.expect == nil {
+				tc.expect = proto.Clone(tc.route).(*pbmesh.HTTPRoute)
+			}
+
+			prototest.AssertDeepEqual(t, tc.expect, got.Data)
+		} else {
+			testutil.RequireErrorContains(t, err, tc.expectErr)
+		}
+	}
+
+	cases := map[string]testcase{
+		"no-rules": {
+			route: &pbmesh.HTTPRoute{},
+		},
+		"rules-with-no-matches": {
+			route: &pbmesh.HTTPRoute{
+				Rules: []*pbmesh.HTTPRouteRule{{
+					// none
+				}},
+			},
+		},
+		"rules-with-matches-no-methods": {
+			route: &pbmesh.HTTPRoute{
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Path: &pbmesh.HTTPPathMatch{
+							Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
+							Value: "/foo",
+						},
+					}},
+				}},
+			},
+		},
+		"rules-with-matches-methods-uppercase": {
+			route: &pbmesh.HTTPRoute{
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{
+						{
+							Path: &pbmesh.HTTPPathMatch{
+								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
+								Value: "/foo",
+							},
+							Method: "GET",
+						},
+						{
+							Path: &pbmesh.HTTPPathMatch{
+								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
+								Value: "/bar",
+							},
+							Method: "POST",
+						},
+					},
+				}},
+			},
+		},
+		"rules-with-matches-methods-lowercase": {
+			route: &pbmesh.HTTPRoute{
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{
+						{
+							Path: &pbmesh.HTTPPathMatch{
+								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
+								Value: "/foo",
+							},
+							Method: "get",
+						},
+						{
+							Path: &pbmesh.HTTPPathMatch{
+								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
+								Value: "/bar",
+							},
+							Method: "post",
+						},
+					},
+				}},
+			},
+			expect: &pbmesh.HTTPRoute{
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{
+						{
+							Path: &pbmesh.HTTPPathMatch{
+								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
+								Value: "/foo",
+							},
+							Method: "GET",
+						},
+						{
+							Path: &pbmesh.HTTPPathMatch{
+								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
+								Value: "/bar",
+							},
+							Method: "POST",
+						},
+					},
+				}},
+			},
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
+
+func TestValidateHTTPRoute(t *testing.T) {
+	type testcase struct {
+		route     *pbmesh.HTTPRoute
+		expectErr string
+	}
+
+	run := func(t *testing.T, tc testcase) {
+		res := resourcetest.Resource(HTTPRouteType, "api").
+			WithData(t, tc.route).
+			Build()
+
+		err := MutateHTTPRoute(res)
+		require.NoError(t, err)
+
+		err = ValidateHTTPRoute(res)
+
+		// Verify that validate didn't actually change the object.
+		got := resourcetest.MustDecode[*pbmesh.HTTPRoute](t, res)
+		prototest.AssertDeepEqual(t, tc.route, got.Data)
+
+		if tc.expectErr == "" {
+			require.NoError(t, err)
+		} else {
+			testutil.RequireErrorContains(t, err, tc.expectErr)
+		}
+	}
+
+	cases := map[string]testcase{
+		"hostnames not supported for services": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Hostnames: []string{"foo.local"},
+			},
+			expectErr: `invalid "hostnames" field: should not populate hostnames`,
+		},
+		"no rules": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+			},
+		},
+		"rules with no matches": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"rules with matches that are empty": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						// none
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"path match with no type is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Path: &pbmesh.HTTPPathMatch{
+							Value: "/foo",
+						},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "type" field: missing required field`,
+		},
+		"path match with unknown type is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Path: &pbmesh.HTTPPathMatch{
+							Type:  99,
+							Value: "/foo",
+						},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "type" field: not a supported enum value: 99`,
+		},
+		"exact path match with no leading slash is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Path: &pbmesh.HTTPPathMatch{
+							Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_EXACT,
+							Value: "foo",
+						},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "value" field: exact patch value does not start with '/': "foo"`,
+		},
+		"prefix path match with no leading slash is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Path: &pbmesh.HTTPPathMatch{
+							Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
+							Value: "foo",
+						},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "value" field: prefix patch value does not start with '/': "foo"`,
+		},
+		"exact path match with leading slash is good": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Path: &pbmesh.HTTPPathMatch{
+							Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_EXACT,
+							Value: "/foo",
+						},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"prefix path match with leading slash is good": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Path: &pbmesh.HTTPPathMatch{
+							Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
+							Value: "/foo",
+						},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"header match with no type is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Headers: []*pbmesh.HTTPHeaderMatch{{
+							Name: "x-foo",
+						}},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "headers": invalid "type" field: missing required field`,
+		},
+		"header match with unknown type is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Headers: []*pbmesh.HTTPHeaderMatch{{
+							Type: 99,
+							Name: "x-foo",
+						}},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "headers": invalid "type" field: not a supported enum value: 99`,
+		},
+		"header match with no name is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Headers: []*pbmesh.HTTPHeaderMatch{{
+							Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
+						}},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "headers": invalid "name" field: missing required field`,
+		},
+		"header match is good": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Headers: []*pbmesh.HTTPHeaderMatch{{
+							Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
+							Name: "x-foo",
+						}},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"queryparam match with no type is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						QueryParams: []*pbmesh.HTTPQueryParamMatch{{
+							Name: "x-foo",
+						}},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "query_params": invalid "type" field: missing required field`,
+		},
+		"queryparam match with unknown type is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						QueryParams: []*pbmesh.HTTPQueryParamMatch{{
+							Type: 99,
+							Name: "x-foo",
+						}},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "query_params": invalid "type" field: not a supported enum value: 99`,
+		},
+		"queryparam match with no name is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						QueryParams: []*pbmesh.HTTPQueryParamMatch{{
+							Type: pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_EXACT,
+						}},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "query_params": invalid "name" field: missing required field`,
+		},
+		"queryparam match is good": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						QueryParams: []*pbmesh.HTTPQueryParamMatch{{
+							Type: pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_EXACT,
+							Name: "x-foo",
+						}},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"method match is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Method: "BOB",
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "method" field: not a valid http method: "BOB"`,
+		},
+		"method match is good": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Matches: []*pbmesh.HTTPRouteMatch{{
+						Method: "DELETE",
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"filter empty is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Filters: []*pbmesh.HTTPRouteFilter{{
+						// none
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
+		},
+		"filter req header mod is ok": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Filters: []*pbmesh.HTTPRouteFilter{{
+						RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"filter resp header mod is ok": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Filters: []*pbmesh.HTTPRouteFilter{{
+						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"filter rewrite header mod missing path prefix": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Filters: []*pbmesh.HTTPRouteFilter{{
+						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": invalid "url_rewrite" field: invalid "path_prefix" field: field should not be empty if enclosing section is set`,
+		},
+		"filter rewrite header mod is ok": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Filters: []*pbmesh.HTTPRouteFilter{{
+						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
+							PathPrefix: "/blah",
+						},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+		},
+		"filter req+resp header mod is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Filters: []*pbmesh.HTTPRouteFilter{{
+						RequestHeaderModifier:  &pbmesh.HTTPHeaderFilter{},
+						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
+		},
+		"filter req+rewrite header mod is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Filters: []*pbmesh.HTTPRouteFilter{{
+						RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
+							PathPrefix: "/blah",
+						},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
+		},
+		"filter resp+rewrite header mod is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Filters: []*pbmesh.HTTPRouteFilter{{
+						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
+							PathPrefix: "/blah",
+						},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
+		},
+		"filter req+resp+rewrite header mod is bad": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Filters: []*pbmesh.HTTPRouteFilter{{
+						RequestHeaderModifier:  &pbmesh.HTTPHeaderFilter{},
+						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
+							PathPrefix: "/blah",
+						},
+					}},
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
+		},
+		"backend ref with filters is unsupported": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+						Filters: []*pbmesh.HTTPRouteFilter{{
+							RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
+						}},
+					}},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "filters" field: filters are not supported at this level yet`,
+		},
+		"nil backend ref": {
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					BackendRefs: []*pbmesh.HTTPBackendRef{nil},
+				}},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "backend_ref" field: missing required field`,
+		},
+	}
+
+	// Add common timeouts test cases.
+	for name, timeoutsTC := range getXRouteTimeoutsTestCases() {
+		cases["timeouts: "+name] = testcase{
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Timeouts: timeoutsTC.timeouts,
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: timeoutsTC.expectErr,
+		}
+	}
+
+	// Add common retries test cases.
+	for name, retriesTC := range getXRouteRetriesTestCases() {
+		cases["retries: "+name] = testcase{
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{{
+					Retries: retriesTC.retries,
+					BackendRefs: []*pbmesh.HTTPBackendRef{{
+						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
+					}},
+				}},
+			},
+			expectErr: retriesTC.expectErr,
+		}
+	}
+
+	// Add common parent refs test cases.
+	for name, parentTC := range getXRouteParentRefTestCases() {
+		cases["parent-ref: "+name] = testcase{
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: parentTC.refs,
+			},
+			expectErr: parentTC.expectErr,
+		}
+	}
+	// add common backend ref test cases.
+	for name, backendTC := range getXRouteBackendRefTestCases() {
+		var refs []*pbmesh.HTTPBackendRef
+		for _, br := range backendTC.refs {
+			refs = append(refs, &pbmesh.HTTPBackendRef{
+				BackendRef: br,
+			})
+		}
+		cases["backend-ref: "+name] = testcase{
+			route: &pbmesh.HTTPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.HTTPRouteRule{
+					{BackendRefs: refs},
+				},
+			},
+			expectErr: backendTC.expectErr,
+		}
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
+
+type xRouteParentRefTestcase struct {
+	refs      []*pbmesh.ParentReference
+	expectErr string
+}
+
+func getXRouteParentRefTestCases() map[string]xRouteParentRefTestcase {
+	return map[string]xRouteParentRefTestcase{
+		"no parent refs": {
+			expectErr: `invalid "parent_refs" field: cannot be empty`,
+		},
+		"parent ref with nil ref": {
+			refs: []*pbmesh.ParentReference{
+				newParentRef(catalog.ServiceType, "api", ""),
+				{
+					Ref:  nil,
+					Port: "http",
+				},
+			},
+			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: missing required field`,
+		},
+		"parent ref with bad type ref": {
+			refs: []*pbmesh.ParentReference{
+				newParentRef(catalog.ServiceType, "api", ""),
+				newParentRef(catalog.WorkloadType, "api", ""),
+			},
+			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: reference must have type catalog.v1alpha1.Service`,
+		},
+		"parent ref with section": {
+			refs: []*pbmesh.ParentReference{
+				newParentRef(catalog.ServiceType, "api", ""),
+				{
+					Ref:  resourcetest.Resource(catalog.ServiceType, "web").Reference("section2"),
+					Port: "http",
+				},
+			},
+			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: invalid "section" field: section not supported for service parent refs`,
+		},
+		"duplicate exact parents": {
+			refs: []*pbmesh.ParentReference{
+				newParentRef(catalog.ServiceType, "api", "http"),
+				newParentRef(catalog.ServiceType, "api", "http"),
+			},
+			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for port "http" exists twice`,
+		},
+		"duplicate wild parents": {
+			refs: []*pbmesh.ParentReference{
+				newParentRef(catalog.ServiceType, "api", ""),
+				newParentRef(catalog.ServiceType, "api", ""),
+			},
+			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for wildcard port exists twice`,
+		},
+		"duplicate parents via exact+wild overlap": {
+			refs: []*pbmesh.ParentReference{
+				newParentRef(catalog.ServiceType, "api", "http"),
+				newParentRef(catalog.ServiceType, "api", ""),
+			},
+			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for ports [http] covered by wildcard port already`,
+		},
+		"duplicate parents via exact+wild overlap (reversed)": {
+			refs: []*pbmesh.ParentReference{
+				newParentRef(catalog.ServiceType, "api", ""),
+				newParentRef(catalog.ServiceType, "api", "http"),
+			},
+			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for port "http" covered by wildcard port already`,
+		},
+		"good single parent ref": {
+			refs: []*pbmesh.ParentReference{
+				newParentRef(catalog.ServiceType, "api", "http"),
+			},
+		},
+		"good muliple parent refs": {
+			refs: []*pbmesh.ParentReference{
+				newParentRef(catalog.ServiceType, "api", "http"),
+				newParentRef(catalog.ServiceType, "web", ""),
+			},
+		},
+	}
+}
+
+type xRouteBackendRefTestcase struct {
+	refs      []*pbmesh.BackendReference
+	expectErr string
+}
+
+func getXRouteBackendRefTestCases() map[string]xRouteBackendRefTestcase {
+	return map[string]xRouteBackendRefTestcase{
+		"no backend refs": {
+			expectErr: `invalid "backend_refs" field: cannot be empty`,
+		},
+		"backend ref with nil ref": {
+			refs: []*pbmesh.BackendReference{
+				newBackendRef(catalog.ServiceType, "api", ""),
+				{
+					Ref:  nil,
+					Port: "http",
+				},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "ref" field: missing required field`,
+		},
+		"backend ref with bad type ref": {
+			refs: []*pbmesh.BackendReference{
+				newBackendRef(catalog.ServiceType, "api", ""),
+				newBackendRef(catalog.WorkloadType, "api", ""),
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "ref" field: reference must have type catalog.v1alpha1.Service`,
+		},
+		"backend ref with section": {
+			refs: []*pbmesh.BackendReference{
+				newBackendRef(catalog.ServiceType, "api", ""),
+				{
+					Ref:  resourcetest.Resource(catalog.ServiceType, "web").Reference("section2"),
+					Port: "http",
+				},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "ref" field: invalid "section" field: section not supported for service backend refs`,
+		},
+		"backend ref with datacenter": {
+			refs: []*pbmesh.BackendReference{
+				newBackendRef(catalog.ServiceType, "api", ""),
+				{
+					Ref:        newRef(catalog.ServiceType, "db"),
+					Port:       "http",
+					Datacenter: "dc2",
+				},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "datacenter" field: datacenter is not yet supported on backend refs`,
+		},
+		"good backend ref": {
+			refs: []*pbmesh.BackendReference{
+				newBackendRef(catalog.ServiceType, "api", ""),
+				{
+					Ref:  newRef(catalog.ServiceType, "db"),
+					Port: "http",
+				},
+			},
+		},
+	}
+}
+
+type xRouteTimeoutsTestcase struct {
+	timeouts  *pbmesh.HTTPRouteTimeouts
+	expectErr string
+}
+
+func getXRouteTimeoutsTestCases() map[string]xRouteTimeoutsTestcase {
+	return map[string]xRouteTimeoutsTestcase{
+		"bad request": {
+			timeouts: &pbmesh.HTTPRouteTimeouts{
+				Request: durationpb.New(-1 * time.Second),
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid "timeouts" field: invalid "request" field: timeout cannot be negative: -1s`,
+		},
+		"bad backend request": {
+			timeouts: &pbmesh.HTTPRouteTimeouts{
+				BackendRequest: durationpb.New(-1 * time.Second),
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid "timeouts" field: invalid "backend_request" field: timeout cannot be negative: -1s`,
+		},
+		"bad idle": {
+			timeouts: &pbmesh.HTTPRouteTimeouts{
+				Idle: durationpb.New(-1 * time.Second),
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid "timeouts" field: invalid "idle" field: timeout cannot be negative: -1s`,
+		},
+		"good all": {
+			timeouts: &pbmesh.HTTPRouteTimeouts{
+				Request:        durationpb.New(1 * time.Second),
+				BackendRequest: durationpb.New(2 * time.Second),
+				Idle:           durationpb.New(3 * time.Second),
+			},
+		},
+	}
+}
+
+type xRouteRetriesTestcase struct {
+	retries   *pbmesh.HTTPRouteRetries
+	expectErr string
+}
+
+func getXRouteRetriesTestCases() map[string]xRouteRetriesTestcase {
+	return map[string]xRouteRetriesTestcase{
+		"bad number": {
+			retries: &pbmesh.HTTPRouteRetries{
+				Number: -5,
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid "retries" field: invalid "number" field: cannot be negative: -5`,
+		},
+		"bad conditions": {
+			retries: &pbmesh.HTTPRouteRetries{
+				OnConditions: []string{"garbage"},
+			},
+			expectErr: `invalid element at index 0 of list "rules": invalid "retries" field: invalid element at index 0 of list "on_conditions": not a valid retry condition: "garbage"`,
+		},
+		"good all": {
+			retries: &pbmesh.HTTPRouteRetries{
+				Number:       5,
+				OnConditions: []string{"internal"},
+			},
+		},
+	}
+}
+
+func newRef(typ *pbresource.Type, name string) *pbresource.Reference {
+	return resourcetest.Resource(typ, name).Reference("")
+}
+
+func newBackendRef(typ *pbresource.Type, name, port string) *pbmesh.BackendReference {
+	return &pbmesh.BackendReference{
+		Ref:  newRef(typ, name),
+		Port: port,
+	}
+}
+
+func newParentRef(typ *pbresource.Type, name, port string) *pbmesh.ParentReference {
+	return &pbmesh.ParentReference{
+		Ref:  newRef(typ, name),
+		Port: port,
+	}
+}
diff --git a/internal/mesh/internal/types/proxy_configuration.go b/internal/mesh/internal/types/proxy_configuration.go
index 29b43ce7a3f1..e85a00494f0f 100644
--- a/internal/mesh/internal/types/proxy_configuration.go
+++ b/internal/mesh/internal/types/proxy_configuration.go
@@ -25,8 +25,9 @@ var (
 
 func RegisterProxyConfiguration(r resource.Registry) {
 	r.Register(resource.Registration{
-		Type:     ProxyConfigurationV1Alpha1Type,
-		Proto:    &pbmesh.ProxyConfiguration{},
+		Type:  ProxyConfigurationV1Alpha1Type,
+		Proto: &pbmesh.ProxyConfiguration{},
+		// TODO(rb): add validation for proxy configuration
 		Validate: nil,
 	})
 }
diff --git a/internal/mesh/internal/types/tcp_route.go b/internal/mesh/internal/types/tcp_route.go
index e217d07490bd..c7a6ccf87430 100644
--- a/internal/mesh/internal/types/tcp_route.go
+++ b/internal/mesh/internal/types/tcp_route.go
@@ -4,6 +4,8 @@
 package types
 
 import (
+	"github.com/hashicorp/go-multierror"
+
 	"github.com/hashicorp/consul/internal/resource"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -25,8 +27,69 @@ var (
 
 func RegisterTCPRoute(r resource.Registry) {
 	r.Register(resource.Registration{
-		Type:     TCPRouteV1Alpha1Type,
-		Proto:    &pbmesh.TCPRoute{},
-		Validate: nil,
+		Type:  TCPRouteV1Alpha1Type,
+		Proto: &pbmesh.TCPRoute{},
+		// TODO(rb): normalize parent/backend ref tenancies in a Mutate hook
+		Validate: ValidateTCPRoute,
 	})
 }
+
+func ValidateTCPRoute(res *pbresource.Resource) error {
+	var route pbmesh.TCPRoute
+
+	if err := res.Data.UnmarshalTo(&route); err != nil {
+		return resource.NewErrDataParse(&route, err)
+	}
+
+	var merr error
+
+	if err := validateParentRefs(route.ParentRefs); err != nil {
+		merr = multierror.Append(merr, err)
+	}
+
+	for i, rule := range route.Rules {
+		wrapRuleErr := func(err error) error {
+			return resource.ErrInvalidListElement{
+				Name:    "rules",
+				Index:   i,
+				Wrapped: err,
+			}
+		}
+
+		if len(rule.BackendRefs) == 0 {
+			/*
+				BackendRefs (optional)¶
+
+				BackendRefs defines API objects where matching requests should be
+				sent. If unspecified, the rule performs no forwarding. If
+				unspecified and no filters are specified that would result in a
+				response being sent, a 404 error code is returned.
+			*/
+			merr = multierror.Append(merr, wrapRuleErr(
+				resource.ErrInvalidField{
+					Name:    "backend_refs",
+					Wrapped: resource.ErrEmpty,
+				},
+			))
+		}
+		for j, hbref := range rule.BackendRefs {
+			wrapBackendRefErr := func(err error) error {
+				return wrapRuleErr(resource.ErrInvalidListElement{
+					Name:    "backend_refs",
+					Index:   j,
+					Wrapped: err,
+				})
+			}
+			for _, err := range validateBackendRef(hbref.BackendRef) {
+				merr = multierror.Append(merr, wrapBackendRefErr(
+					resource.ErrInvalidField{
+						Name:    "backend_ref",
+						Wrapped: err,
+					},
+				))
+			}
+		}
+	}
+
+	return merr
+}
diff --git a/internal/mesh/internal/types/tcp_route_test.go b/internal/mesh/internal/types/tcp_route_test.go
new file mode 100644
index 000000000000..2619a06a3ac2
--- /dev/null
+++ b/internal/mesh/internal/types/tcp_route_test.go
@@ -0,0 +1,79 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/internal/catalog"
+	"github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto/private/prototest"
+	"github.com/hashicorp/consul/sdk/testutil"
+)
+
+func TestValidateTCPRoute(t *testing.T) {
+	type testcase struct {
+		route     *pbmesh.TCPRoute
+		expectErr string
+	}
+
+	run := func(t *testing.T, tc testcase) {
+		res := resourcetest.Resource(TCPRouteType, "api").
+			WithData(t, tc.route).
+			Build()
+
+		err := ValidateTCPRoute(res)
+
+		// Verify that validate didn't actually change the object.
+		got := resourcetest.MustDecode[*pbmesh.TCPRoute](t, res)
+		prototest.AssertDeepEqual(t, tc.route, got.Data)
+
+		if tc.expectErr == "" {
+			require.NoError(t, err)
+		} else {
+			testutil.RequireErrorContains(t, err, tc.expectErr)
+		}
+	}
+
+	cases := map[string]testcase{}
+
+	// Add common parent refs test cases.
+	for name, parentTC := range getXRouteParentRefTestCases() {
+		cases["parent-ref: "+name] = testcase{
+			route: &pbmesh.TCPRoute{
+				ParentRefs: parentTC.refs,
+			},
+			expectErr: parentTC.expectErr,
+		}
+	}
+	// add common backend ref test cases.
+	for name, backendTC := range getXRouteBackendRefTestCases() {
+		var refs []*pbmesh.TCPBackendRef
+		for _, br := range backendTC.refs {
+			refs = append(refs, &pbmesh.TCPBackendRef{
+				BackendRef: br,
+			})
+		}
+		cases["backend-ref: "+name] = testcase{
+			route: &pbmesh.TCPRoute{
+				ParentRefs: []*pbmesh.ParentReference{
+					newParentRef(catalog.ServiceType, "web", ""),
+				},
+				Rules: []*pbmesh.TCPRouteRule{
+					{BackendRefs: refs},
+				},
+			},
+			expectErr: backendTC.expectErr,
+		}
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
diff --git a/internal/mesh/internal/types/util.go b/internal/mesh/internal/types/util.go
new file mode 100644
index 000000000000..5a0e45d0201e
--- /dev/null
+++ b/internal/mesh/internal/types/util.go
@@ -0,0 +1,52 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"github.com/hashicorp/consul/internal/catalog"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+func IsRouteType(typ *pbresource.Type) bool {
+	switch {
+	case resource.EqualType(typ, HTTPRouteType),
+		resource.EqualType(typ, GRPCRouteType),
+		resource.EqualType(typ, TCPRouteType):
+		return true
+	}
+	return false
+}
+
+func IsFailoverPolicyType(typ *pbresource.Type) bool {
+	switch {
+	case resource.EqualType(typ, catalog.FailoverPolicyType):
+		return true
+	}
+	return false
+}
+
+func IsDestinationPolicyType(typ *pbresource.Type) bool {
+	switch {
+	case resource.EqualType(typ, DestinationPolicyType):
+		return true
+	}
+	return false
+}
+
+func IsServiceType(typ *pbresource.Type) bool {
+	switch {
+	case resource.EqualType(typ, catalog.ServiceType):
+		return true
+	}
+	return false
+}
+
+func IsComputedRoutesType(typ *pbresource.Type) bool {
+	switch {
+	case resource.EqualType(typ, ComputedRoutesType):
+		return true
+	}
+	return false
+}
diff --git a/internal/mesh/internal/types/xroute.go b/internal/mesh/internal/types/xroute.go
new file mode 100644
index 000000000000..572e7f53138b
--- /dev/null
+++ b/internal/mesh/internal/types/xroute.go
@@ -0,0 +1,296 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/hashicorp/go-multierror"
+	"google.golang.org/protobuf/proto"
+
+	"github.com/hashicorp/consul/internal/catalog"
+	"github.com/hashicorp/consul/internal/resource"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+)
+
+type XRouteData interface {
+	proto.Message
+	XRouteWithRefs
+}
+
+type XRouteWithRefs interface {
+	GetParentRefs() []*pbmesh.ParentReference
+	GetUnderlyingBackendRefs() []*pbmesh.BackendReference
+}
+
+type portedRefKey struct {
+	Key  resource.ReferenceKey
+	Port string
+}
+
+func validateParentRefs(parentRefs []*pbmesh.ParentReference) error {
+	var merr error
+	if len(parentRefs) == 0 {
+		merr = multierror.Append(merr, resource.ErrInvalidField{
+			Name:    "parent_refs",
+			Wrapped: resource.ErrEmpty,
+		})
+	}
+
+	var (
+		seen    = make(map[portedRefKey]struct{})
+		seenAny = make(map[resource.ReferenceKey][]string)
+	)
+	for i, parent := range parentRefs {
+		wrapErr := func(err error) error {
+			return resource.ErrInvalidListElement{
+				Name:    "parent_refs",
+				Index:   i,
+				Wrapped: err,
+			}
+		}
+		if parent.Ref == nil {
+			merr = multierror.Append(merr, wrapErr(
+				resource.ErrInvalidField{
+					Name:    "ref",
+					Wrapped: resource.ErrMissing,
+				},
+			))
+		} else {
+			if !IsServiceType(parent.Ref.Type) {
+				merr = multierror.Append(merr, wrapErr(
+					resource.ErrInvalidField{
+						Name: "ref",
+						Wrapped: resource.ErrInvalidReferenceType{
+							AllowedType: catalog.ServiceType,
+						},
+					},
+				))
+			}
+			if parent.Ref.Section != "" {
+				merr = multierror.Append(merr, wrapErr(
+					resource.ErrInvalidField{
+						Name: "ref",
+						Wrapped: resource.ErrInvalidField{
+							Name:    "section",
+							Wrapped: errors.New("section not supported for service parent refs"),
+						},
+					},
+				))
+			}
+
+			prk := portedRefKey{
+				Key:  resource.NewReferenceKey(parent.Ref),
+				Port: parent.Port,
+			}
+
+			_, portExist := seen[prk]
+
+			if parent.Port == "" {
+				coveredPorts, exactExists := seenAny[prk.Key]
+
+				if portExist { // check for duplicate wild
+					merr = multierror.Append(merr, wrapErr(
+						resource.ErrInvalidField{
+							Name: "ref",
+							Wrapped: fmt.Errorf(
+								"parent ref %q for wildcard port exists twice",
+								resource.ReferenceToString(parent.Ref),
+							),
+						},
+					))
+				} else if exactExists { // check for existing exact
+					merr = multierror.Append(merr, wrapErr(
+						resource.ErrInvalidField{
+							Name: "ref",
+							Wrapped: fmt.Errorf(
+								"parent ref %q for ports %v covered by wildcard port already",
+								resource.ReferenceToString(parent.Ref),
+								coveredPorts,
+							),
+						},
+					))
+				} else {
+					seen[prk] = struct{}{}
+				}
+
+			} else {
+				prkWild := prk
+				prkWild.Port = ""
+				_, wildExist := seen[prkWild]
+
+				if portExist { // check for duplicate exact
+					merr = multierror.Append(merr, wrapErr(
+						resource.ErrInvalidField{
+							Name: "ref",
+							Wrapped: fmt.Errorf(
+								"parent ref %q for port %q exists twice",
+								resource.ReferenceToString(parent.Ref),
+								parent.Port,
+							),
+						},
+					))
+				} else if wildExist { // check for existing wild
+					merr = multierror.Append(merr, wrapErr(
+						resource.ErrInvalidField{
+							Name: "ref",
+							Wrapped: fmt.Errorf(
+								"parent ref %q for port %q covered by wildcard port already",
+								resource.ReferenceToString(parent.Ref),
+								parent.Port,
+							),
+						},
+					))
+				} else {
+					seen[prk] = struct{}{}
+					seenAny[prk.Key] = append(seenAny[prk.Key], parent.Port)
+				}
+			}
+		}
+	}
+
+	return merr
+}
+
+func validateBackendRef(backendRef *pbmesh.BackendReference) []error {
+	var errs []error
+	if backendRef == nil {
+		errs = append(errs, resource.ErrMissing)
+
+	} else if backendRef.Ref == nil {
+		errs = append(errs, resource.ErrInvalidField{
+			Name:    "ref",
+			Wrapped: resource.ErrMissing,
+		})
+
+	} else {
+		if !IsServiceType(backendRef.Ref.Type) {
+			errs = append(errs, resource.ErrInvalidField{
+				Name: "ref",
+				Wrapped: resource.ErrInvalidReferenceType{
+					AllowedType: catalog.ServiceType,
+				},
+			})
+		}
+
+		if backendRef.Ref.Section != "" {
+			errs = append(errs, resource.ErrInvalidField{
+				Name: "ref",
+				Wrapped: resource.ErrInvalidField{
+					Name:    "section",
+					Wrapped: errors.New("section not supported for service backend refs"),
+				},
+			})
+		}
+
+		if backendRef.Datacenter != "" {
+			errs = append(errs, resource.ErrInvalidField{
+				Name:    "datacenter",
+				Wrapped: errors.New("datacenter is not yet supported on backend refs"),
+			})
+		}
+	}
+	return errs
+}
+
+func validateHeaderMatchType(typ pbmesh.HeaderMatchType) error {
+	switch typ {
+	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_UNSPECIFIED:
+		return resource.ErrMissing
+	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT:
+	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_REGEX:
+	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_PRESENT:
+	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_PREFIX:
+	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_SUFFIX:
+	default:
+		return fmt.Errorf("not a supported enum value: %v", typ)
+	}
+	return nil
+}
+
+func validateHTTPTimeouts(timeouts *pbmesh.HTTPRouteTimeouts) []error {
+	if timeouts == nil {
+		return nil
+	}
+
+	var errs []error
+
+	if timeouts.Request != nil {
+		val := timeouts.Request.AsDuration()
+		if val < 0 {
+			errs = append(errs, resource.ErrInvalidField{
+				Name:    "request",
+				Wrapped: fmt.Errorf("timeout cannot be negative: %v", val),
+			})
+		}
+	}
+	if timeouts.BackendRequest != nil {
+		val := timeouts.BackendRequest.AsDuration()
+		if val < 0 {
+			errs = append(errs, resource.ErrInvalidField{
+				Name:    "backend_request",
+				Wrapped: fmt.Errorf("timeout cannot be negative: %v", val),
+			})
+		}
+	}
+	if timeouts.Idle != nil {
+		val := timeouts.Idle.AsDuration()
+		if val < 0 {
+			errs = append(errs, resource.ErrInvalidField{
+				Name:    "idle",
+				Wrapped: fmt.Errorf("timeout cannot be negative: %v", val),
+			})
+		}
+	}
+
+	return errs
+}
+
+func validateHTTPRetries(retries *pbmesh.HTTPRouteRetries) []error {
+	if retries == nil {
+		return nil
+	}
+
+	var errs []error
+
+	if retries.Number < 0 {
+		errs = append(errs, resource.ErrInvalidField{
+			Name:    "number",
+			Wrapped: fmt.Errorf("cannot be negative: %v", retries.Number),
+		})
+	}
+
+	for i, condition := range retries.OnConditions {
+		if !isValidRetryCondition(condition) {
+			errs = append(errs, resource.ErrInvalidListElement{
+				Name:    "on_conditions",
+				Index:   i,
+				Wrapped: fmt.Errorf("not a valid retry condition: %q", condition),
+			})
+		}
+	}
+
+	return errs
+}
+
+func isValidRetryCondition(retryOn string) bool {
+	switch retryOn {
+	case "5xx",
+		"gateway-error",
+		"reset",
+		"connect-failure",
+		"envoy-ratelimited",
+		"retriable-4xx",
+		"refused-stream",
+		"cancelled",
+		"deadline-exceeded",
+		"internal",
+		"resource-exhausted",
+		"unavailable":
+		return true
+	default:
+		return false
+	}
+}
diff --git a/proto-public/pbmesh/v1alpha1/xroute_addons.go b/proto-public/pbmesh/v1alpha1/xroute_addons.go
new file mode 100644
index 000000000000..e85177d5160e
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/xroute_addons.go
@@ -0,0 +1,91 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package meshv1alpha1
+
+// GetUnderlyingBackendRefs will collect BackendReferences from all rules and
+// bundle them up in one slice, unwrapping the HTTP-specifics in the process.
+//
+// This implements an XRouteWithRefs interface in the internal/mesh package.
+//
+// NOTE: no deduplication occurs.
+func (x *HTTPRoute) GetUnderlyingBackendRefs() []*BackendReference {
+	if x == nil {
+		return nil
+	}
+
+	estimate := 0
+	for _, rule := range x.Rules {
+		estimate += len(rule.BackendRefs)
+	}
+
+	backendRefs := make([]*BackendReference, 0, estimate)
+	for _, rule := range x.Rules {
+		for _, backendRef := range rule.BackendRefs {
+			backendRefs = append(backendRefs, backendRef.BackendRef)
+		}
+	}
+	return backendRefs
+}
+
+// GetUnderlyingBackendRefs will collect BackendReferences from all rules and
+// bundle them up in one slice, unwrapping the GRPC-specifics in the process.
+//
+// This implements an XRouteWithRefs interface in the internal/mesh package.
+//
+// NOTE: no deduplication occurs.
+func (x *GRPCRoute) GetUnderlyingBackendRefs() []*BackendReference {
+	if x == nil {
+		return nil
+	}
+
+	estimate := 0
+	for _, rule := range x.Rules {
+		estimate += len(rule.BackendRefs)
+	}
+
+	backendRefs := make([]*BackendReference, 0, estimate)
+	for _, rule := range x.Rules {
+		for _, backendRef := range rule.BackendRefs {
+			backendRefs = append(backendRefs, backendRef.BackendRef)
+		}
+	}
+	return backendRefs
+}
+
+// GetUnderlyingBackendRefs will collect BackendReferences from all rules and
+// bundle them up in one slice, unwrapping the TCP-specifics in the process.
+//
+// This implements an XRouteWithRefs interface in the internal/mesh package.
+//
+// NOTE: no deduplication occurs.
+func (x *TCPRoute) GetUnderlyingBackendRefs() []*BackendReference {
+	if x == nil {
+		return nil
+	}
+
+	estimate := 0
+	for _, rule := range x.Rules {
+		estimate += len(rule.BackendRefs)
+	}
+
+	backendRefs := make([]*BackendReference, 0, estimate)
+
+	for _, rule := range x.Rules {
+		for _, backendRef := range rule.BackendRefs {
+			backendRefs = append(backendRefs, backendRef.BackendRef)
+		}
+	}
+	return backendRefs
+}
+
+// IsHashBased returns true if the policy is a hash-based policy such as maglev
+// or ring hash.
+func (p LoadBalancerPolicy) IsHashBased() bool {
+	switch p {
+	case LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
+		LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH:
+		return true
+	}
+	return false
+}
diff --git a/proto-public/pbmesh/v1alpha1/xroute_addons_test.go b/proto-public/pbmesh/v1alpha1/xroute_addons_test.go
new file mode 100644
index 000000000000..ce15282de825
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/xroute_addons_test.go
@@ -0,0 +1,174 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package meshv1alpha1
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+
+	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+type routeWithAddons interface {
+	proto.Message
+	GetUnderlyingBackendRefs() []*BackendReference
+}
+
+func TestXRoute_GetUnderlyingBackendRefs(t *testing.T) {
+	type testcase struct {
+		route  routeWithAddons
+		expect []*BackendReference
+	}
+
+	run := func(t *testing.T, tc testcase) {
+		got := tc.route.GetUnderlyingBackendRefs()
+		require.ElementsMatch(t, stringifyList(tc.expect), stringifyList(got))
+	}
+
+	cases := map[string]testcase{
+		"http: nil": {
+			route: (*HTTPRoute)(nil),
+		},
+		"grpc: nil": {
+			route: (*GRPCRoute)(nil),
+		},
+		"tcp: nil": {
+			route: (*TCPRoute)(nil),
+		},
+		"http: kitchen sink": {
+			route: &HTTPRoute{
+				Rules: []*HTTPRouteRule{
+					{BackendRefs: []*HTTPBackendRef{
+						{BackendRef: newBackendRef("aa")},
+					}},
+					{BackendRefs: []*HTTPBackendRef{
+						{BackendRef: newBackendRef("bb")},
+					}},
+					{BackendRefs: []*HTTPBackendRef{
+						{BackendRef: newBackendRef("cc")},
+						{BackendRef: newBackendRef("dd")},
+					}},
+					{BackendRefs: []*HTTPBackendRef{
+						{BackendRef: newBackendRef("ee")},
+						{BackendRef: newBackendRef("ff")},
+					}},
+				},
+			},
+			expect: []*BackendReference{
+				newBackendRef("aa"),
+				newBackendRef("bb"),
+				newBackendRef("cc"),
+				newBackendRef("dd"),
+				newBackendRef("ee"),
+				newBackendRef("ff"),
+			},
+		},
+		"grpc: kitchen sink": {
+			route: &GRPCRoute{
+				Rules: []*GRPCRouteRule{
+					{BackendRefs: []*GRPCBackendRef{
+						{BackendRef: newBackendRef("aa")},
+					}},
+					{BackendRefs: []*GRPCBackendRef{
+						{BackendRef: newBackendRef("bb")},
+					}},
+					{BackendRefs: []*GRPCBackendRef{
+						{BackendRef: newBackendRef("cc")},
+						{BackendRef: newBackendRef("dd")},
+					}},
+					{BackendRefs: []*GRPCBackendRef{
+						{BackendRef: newBackendRef("ee")},
+						{BackendRef: newBackendRef("ff")},
+					}},
+				},
+			},
+			expect: []*BackendReference{
+				newBackendRef("aa"),
+				newBackendRef("bb"),
+				newBackendRef("cc"),
+				newBackendRef("dd"),
+				newBackendRef("ee"),
+				newBackendRef("ff"),
+			},
+		},
+		"tcp: kitchen sink": {
+			route: &TCPRoute{
+				Rules: []*TCPRouteRule{
+					{BackendRefs: []*TCPBackendRef{
+						{BackendRef: newBackendRef("aa")},
+					}},
+					{BackendRefs: []*TCPBackendRef{
+						{BackendRef: newBackendRef("bb")},
+					}},
+					{BackendRefs: []*TCPBackendRef{
+						{BackendRef: newBackendRef("cc")},
+						{BackendRef: newBackendRef("dd")},
+					}},
+					{BackendRefs: []*TCPBackendRef{
+						{BackendRef: newBackendRef("ee")},
+						{BackendRef: newBackendRef("ff")},
+					}},
+				},
+			},
+			expect: []*BackendReference{
+				newBackendRef("aa"),
+				newBackendRef("bb"),
+				newBackendRef("cc"),
+				newBackendRef("dd"),
+				newBackendRef("ee"),
+				newBackendRef("ff"),
+			},
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			run(t, tc)
+		})
+	}
+}
+
+func protoToString[V proto.Message](pb V) string {
+	m := protojson.MarshalOptions{
+		Indent: "  ",
+	}
+	gotJSON, err := m.Marshal(pb)
+	if err != nil {
+		return "<ERR: " + err.Error() + ">"
+	}
+	return string(gotJSON)
+}
+
+func newRouteRef(name string) *pbresource.Reference {
+	return &pbresource.Reference{
+		Type: &pbresource.Type{
+			Group:        "fake",
+			GroupVersion: "v1alpha1",
+			Kind:         "fake",
+		},
+		Tenancy: &pbresource.Tenancy{
+			Partition: "default",
+			Namespace: "default",
+			PeerName:  "local",
+		},
+		Name: name,
+	}
+}
+
+func newBackendRef(name string) *BackendReference {
+	return &BackendReference{
+		Ref: newRouteRef(name),
+	}
+}
+
+func stringifyList[V proto.Message](list []V) []string {
+	out := make([]string, 0, len(list))
+	for _, item := range list {
+		out = append(out, protoToString(item))
+	}
+	return out
+}

From 0d60380214559ecc3d8153a6545e1191101103cb Mon Sep 17 00:00:00 2001
From: Ashwin Venkatesh <ashwin@hashicorp.com>
Date: Tue, 22 Aug 2023 13:01:45 -0400
Subject: [PATCH 313/359] =?UTF-8?q?xds=20controller:=20resolve=20ServiceEn?=
 =?UTF-8?q?dpoints=20references=20in=20ProxyStateTemp=E2=80=A6=20(#18544)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

xds controller: resolve ServiceEndpoints references in ProxyStateTemplate
---
 .../internal/controllers/xds/controller.go    | 156 ++++
 .../controllers/xds/controller_test.go        | 664 ++++++++++++++++++
 .../controllers/xds/endpoint_builder.go       |  72 ++
 .../controllers/xds/endpoint_builder_test.go  | 233 ++++++
 .../internal/controllers/xds/mock_updater.go  |  90 +++
 .../controllers/xds/reconciliation_data.go    |  58 ++
 .../internal/controllers/xds/status/status.go |  92 +++
 7 files changed, 1365 insertions(+)
 create mode 100644 internal/mesh/internal/controllers/xds/controller.go
 create mode 100644 internal/mesh/internal/controllers/xds/controller_test.go
 create mode 100644 internal/mesh/internal/controllers/xds/endpoint_builder.go
 create mode 100644 internal/mesh/internal/controllers/xds/endpoint_builder_test.go
 create mode 100644 internal/mesh/internal/controllers/xds/mock_updater.go
 create mode 100644 internal/mesh/internal/controllers/xds/reconciliation_data.go
 create mode 100644 internal/mesh/internal/controllers/xds/status/status.go

diff --git a/internal/mesh/internal/controllers/xds/controller.go b/internal/mesh/internal/controllers/xds/controller.go
new file mode 100644
index 000000000000..5d1e5da7cc6c
--- /dev/null
+++ b/internal/mesh/internal/controllers/xds/controller.go
@@ -0,0 +1,156 @@
+package xds
+
+import (
+	"context"
+
+	"github.com/hashicorp/consul/internal/catalog"
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/mesh/internal/controllers/xds/status"
+	"github.com/hashicorp/consul/internal/mesh/internal/types"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/resource/mappers/bimapper"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const ControllerName = "consul.io/xds-controller"
+
+func Controller(mapper *bimapper.Mapper, updater ProxyUpdater) controller.Controller {
+	if mapper == nil || updater == nil {
+		panic("mapper and updater are required")
+	}
+
+	return controller.ForType(types.ProxyStateTemplateType).
+		WithWatch(catalog.ServiceEndpointsType, mapper.MapLink).
+		WithPlacement(controller.PlacementEachServer).
+		WithReconciler(&xdsReconciler{bimapper: mapper, updater: updater})
+}
+
+type xdsReconciler struct {
+	bimapper *bimapper.Mapper
+	updater  ProxyUpdater
+}
+
+// ProxyUpdater is an interface that defines the ability to push proxy updates to the updater
+// and also check its connectivity to the server.
+type ProxyUpdater interface {
+	// PushChange allows pushing a computed ProxyState to xds for xds resource generation to send to a proxy.
+	PushChange(id *pbresource.ID, snapshot *pbmesh.ProxyState) error
+
+	// ProxyConnectedToServer returns whether this id is connected to this server.
+	ProxyConnectedToServer(id *pbresource.ID) bool
+}
+
+func (r *xdsReconciler) Reconcile(ctx context.Context, rt controller.Runtime, req controller.Request) error {
+	rt.Logger = rt.Logger.With("resource-id", req.ID, "controller", ControllerName)
+
+	rt.Logger.Trace("reconciling  proxy state template", "id", req.ID)
+
+	// Get the ProxyStateTemplate.
+	proxyStateTemplate, err := getProxyStateTemplate(ctx, rt, req.ID)
+	if err != nil {
+		rt.Logger.Error("error reading proxy state template", "error", err)
+		return err
+	}
+
+	if proxyStateTemplate == nil || proxyStateTemplate.Template == nil || !r.updater.ProxyConnectedToServer(req.ID) {
+		rt.Logger.Trace("proxy state template has been deleted or this controller is not responsible for this proxy state template", "id", req.ID)
+
+		// If the proxy state was deleted, we should remove references to it in the mapper.
+		r.bimapper.UntrackItem(req.ID)
+
+		return nil
+	}
+
+	var (
+		statusCondition *pbresource.Condition
+		pstResource     *pbresource.Resource
+	)
+	pstResource = proxyStateTemplate.Resource
+
+	// Initialize the ProxyState endpoints map.
+	if proxyStateTemplate.Template.ProxyState == nil {
+		rt.Logger.Error("proxy state was missing from proxy state template")
+		// Set the status.
+		statusCondition = status.ConditionRejectedNilProxyState(status.KeyFromID(req.ID))
+		status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
+
+		return err
+	}
+	if proxyStateTemplate.Template.ProxyState.Endpoints == nil {
+		proxyStateTemplate.Template.ProxyState.Endpoints = make(map[string]*pbproxystate.Endpoints)
+	}
+
+	// Iterate through the endpoint references.
+	// For endpoints, the controller should:
+	//  1. Resolve ServiceEndpoint references
+	//  2. Translate them into pbproxystate.Endpoints
+	//  3. Add the pbproxystate.Endpoints to the ProxyState endpoints map.
+	//  4. Track relationships between ProxyState and ServiceEndpoints, such that we can look up ServiceEndpoints and
+	//  figure out which ProxyStates are associated with it (for mapping watches) and vice versa (for looking up
+	//  references). The bimapper package is useful for tracking these relationships.
+	endpointReferencesMap := proxyStateTemplate.Template.RequiredEndpoints
+	var endpointsInProxyStateTemplate []resource.ReferenceOrID
+	for xdsClusterName, endpointRef := range endpointReferencesMap {
+
+		// Step 1: Resolve the reference by looking up the ServiceEndpoints.
+		// serviceEndpoints will not be nil unless there is an error.
+		serviceEndpoints, err := getServiceEndpoints(ctx, rt, endpointRef.Id)
+		if err != nil {
+			rt.Logger.Error("error reading service endpoint", "id", endpointRef.Id, "error", err)
+			// Set the status.
+			statusCondition = status.ConditionRejectedErrorReadingEndpoints(status.KeyFromID(endpointRef.Id), err.Error())
+			status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
+
+			return err
+		}
+
+		// Step 2: Translate it into pbproxystate.Endpoints.
+		psEndpoints, err := generateProxyStateEndpoints(serviceEndpoints, endpointRef.Port)
+		if err != nil {
+			rt.Logger.Error("error translating service endpoints to proxy state endpoints", "endpoint", endpointRef.Id, "error", err)
+
+			// Set the status.
+			statusCondition = status.ConditionRejectedCreatingProxyStateEndpoints(status.KeyFromID(endpointRef.Id), err.Error())
+			status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
+
+			return err
+		}
+
+		// Step 3: Add the endpoints to ProxyState.
+		proxyStateTemplate.Template.ProxyState.Endpoints[xdsClusterName] = psEndpoints
+
+		// Track all the endpoints that are used by this ProxyStateTemplate, so we can use this for step 4.
+		endpointResourceRef := resource.Reference(endpointRef.Id, "")
+		endpointsInProxyStateTemplate = append(endpointsInProxyStateTemplate, endpointResourceRef)
+
+	}
+
+	// Step 4: Track relationships between ProxyStateTemplates and ServiceEndpoints.
+	r.bimapper.TrackItem(req.ID, endpointsInProxyStateTemplate)
+
+	computedProxyState := proxyStateTemplate.Template.ProxyState
+
+	err = r.updater.PushChange(req.ID, computedProxyState)
+	if err != nil {
+		// Set the status.
+		statusCondition = status.ConditionRejectedPushChangeFailed(status.KeyFromID(req.ID))
+		status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
+		return err
+	}
+
+	// Set the status.
+	statusCondition = status.ConditionAccepted()
+	status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
+	return nil
+}
+
+func resourceIdToReference(id *pbresource.ID) *pbresource.Reference {
+	ref := &pbresource.Reference{
+		Name:    id.GetName(),
+		Type:    id.GetType(),
+		Tenancy: id.GetTenancy(),
+	}
+	return ref
+}
diff --git a/internal/mesh/internal/controllers/xds/controller_test.go b/internal/mesh/internal/controllers/xds/controller_test.go
new file mode 100644
index 000000000000..e6df71c70eda
--- /dev/null
+++ b/internal/mesh/internal/controllers/xds/controller_test.go
@@ -0,0 +1,664 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package xds
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"github.com/stretchr/testify/suite"
+
+	svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing"
+	"github.com/hashicorp/consul/internal/catalog"
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/mesh/internal/controllers/xds/status"
+	"github.com/hashicorp/consul/internal/mesh/internal/types"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/internal/resource/mappers/bimapper"
+	"github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/proto/private/prototest"
+	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
+)
+
+type xdsControllerTestSuite struct {
+	suite.Suite
+
+	ctx     context.Context
+	client  *resourcetest.Client
+	runtime controller.Runtime
+
+	ctl     *xdsReconciler
+	mapper  *bimapper.Mapper
+	updater *mockUpdater
+
+	fooProxyStateTemplate          *pbresource.Resource
+	barProxyStateTemplate          *pbresource.Resource
+	barEndpointRefs                map[string]*pbproxystate.EndpointRef
+	fooEndpointRefs                map[string]*pbproxystate.EndpointRef
+	fooEndpoints                   *pbresource.Resource
+	fooService                     *pbresource.Resource
+	fooBarEndpoints                *pbresource.Resource
+	fooBarService                  *pbresource.Resource
+	expectedFooProxyStateEndpoints map[string]*pbproxystate.Endpoints
+	expectedBarProxyStateEndpoints map[string]*pbproxystate.Endpoints
+}
+
+func (suite *xdsControllerTestSuite) SetupTest() {
+	suite.ctx = testutil.TestContext(suite.T())
+	resourceClient := svctest.RunResourceService(suite.T(), types.Register, catalog.RegisterTypes)
+	suite.runtime = controller.Runtime{Client: resourceClient, Logger: testutil.Logger(suite.T())}
+	suite.client = resourcetest.NewClient(resourceClient)
+
+	suite.mapper = bimapper.New(types.ProxyStateTemplateType, catalog.ServiceEndpointsType)
+	suite.updater = NewMockUpdater()
+
+	suite.ctl = &xdsReconciler{
+		bimapper: suite.mapper,
+		updater:  suite.updater,
+	}
+}
+
+// This test ensures when a ProxyState is deleted, it is no longer tracked in the mapper.
+func (suite *xdsControllerTestSuite) TestReconcile_NoProxyStateTemplate() {
+	// Track the id of a non-existent ProxyStateTemplate.
+	proxyStateTemplateId := resourcetest.Resource(types.ProxyStateTemplateType, "not-found").ID()
+	suite.mapper.TrackItem(proxyStateTemplateId, []resource.ReferenceOrID{})
+
+	// Run the reconcile, and since no ProxyStateTemplate is stored, this simulates a deletion.
+	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
+		ID: proxyStateTemplateId,
+	})
+	require.NoError(suite.T(), err)
+
+	// Assert that nothing is tracked in the mapper.
+	require.True(suite.T(), suite.mapper.IsEmpty())
+}
+
+// This test ensures if the controller was previously tracking a ProxyStateTemplate, and now that proxy has
+// disconnected from this server, it's ignored and removed from the mapper.
+func (suite *xdsControllerTestSuite) TestReconcile_RemoveTrackingProxiesNotConnectedToServer() {
+	// Store the initial ProxyStateTemplate and track it in the mapper.
+	proxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "test").
+		WithData(suite.T(), &pbmesh.ProxyStateTemplate{}).
+		Write(suite.T(), suite.client)
+
+	suite.mapper.TrackItem(proxyStateTemplate.Id, []resource.ReferenceOrID{})
+
+	// Simulate the proxy disconnecting from this server. The resource still exists, but this proxy might be connected
+	// to a different server now, so we no longer need to track it.
+	suite.updater.notConnected = true
+
+	// Run the reconcile.
+	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
+		ID: proxyStateTemplate.Id,
+	})
+	require.NoError(suite.T(), err)
+
+	// Assert that nothing is tracked in the mapper.
+	require.True(suite.T(), suite.mapper.IsEmpty())
+}
+
+// This test sets up the updater to return an error when calling PushChange, and ensures the status is set
+// correctly.
+func (suite *xdsControllerTestSuite) TestReconcile_PushChangeError() {
+	// Have the mock simulate an error from the PushChange call.
+	suite.updater.pushChangeError = true
+
+	// Setup a happy path scenario.
+	suite.setupFooProxyStateTemplateAndEndpoints()
+
+	// Run the reconcile.
+	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
+		ID: suite.fooProxyStateTemplate.Id,
+	})
+	require.Error(suite.T(), err)
+
+	// Assert on the status reflecting endpoint not found.
+	suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedPushChangeFailed(status.KeyFromID(suite.fooProxyStateTemplate.Id)))
+}
+
+// This test sets up a ProxyStateTemplate that references a ServiceEndpoints that doesn't exist, and ensures the
+// status is correct.
+func (suite *xdsControllerTestSuite) TestReconcile_MissingEndpoint() {
+	// Set fooProxyStateTemplate with a reference to fooEndpoints, without storing fooEndpoints so the controller should
+	// notice it's missing.
+	fooEndpointsId := resourcetest.Resource(catalog.ServiceEndpointsType, "foo-service").ID()
+	fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef)
+	fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{
+		Id:   fooEndpointsId,
+		Port: "mesh",
+	}
+
+	fooProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "foo-pst").
+		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
+			RequiredEndpoints: fooRequiredEndpoints,
+			ProxyState:        &pbmesh.ProxyState{},
+		}).
+		Write(suite.T(), suite.client)
+
+	retry.Run(suite.T(), func(r *retry.R) {
+		suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id)
+	})
+
+	// Run the reconcile.
+	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
+		ID: fooProxyStateTemplate.Id,
+	})
+	require.Error(suite.T(), err)
+
+	// Assert on the status reflecting endpoint not found.
+	suite.client.RequireStatusCondition(suite.T(), fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedErrorReadingEndpoints(status.KeyFromID(fooEndpointsId), "rpc error: code = NotFound desc = resource not found"))
+}
+
+// This test sets up a ProxyStateTemplate that references a ServiceEndpoints that can't be read correctly, and
+// checks the status is correct.
+func (suite *xdsControllerTestSuite) TestReconcile_ReadEndpointError() {
+	badID := &pbresource.ID{
+		Type: &pbresource.Type{
+			Group:        "not",
+			Kind:         "found",
+			GroupVersion: "vfake",
+		},
+		Tenancy: &pbresource.Tenancy{Namespace: "default", Partition: "default", PeerName: "local"},
+	}
+	fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef)
+	fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{
+		Id:   badID,
+		Port: "mesh",
+	}
+
+	fooProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "foo-pst").
+		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
+			RequiredEndpoints: fooRequiredEndpoints,
+			ProxyState:        &pbmesh.ProxyState{},
+		}).
+		Write(suite.T(), suite.client)
+
+	retry.Run(suite.T(), func(r *retry.R) {
+		suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id)
+	})
+
+	// Run the reconcile.
+	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
+		ID: fooProxyStateTemplate.Id,
+	})
+	require.Error(suite.T(), err)
+
+	// Assert on the status reflecting endpoint couldn't be read.
+	suite.client.RequireStatusCondition(suite.T(), fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedErrorReadingEndpoints(status.KeyFromID(badID), "rpc error: code = InvalidArgument desc = id.name is required"))
+}
+
+// This test is a happy path creation test to make sure pbproxystate.Endpoints are created in the computed
+// pbmesh.ProxyState from the RequiredEndpoints references. More specific translations between endpoint references
+// and pbproxystate.Endpoints are unit tested in endpoint_builder.go.
+func (suite *xdsControllerTestSuite) TestReconcile_ProxyStateTemplateComputesEndpoints() {
+	// Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints and store them in the state store.
+	// This setup saves expected values in the suite so it can be asserted against later.
+	suite.setupFooProxyStateTemplateAndEndpoints()
+
+	// Run the reconcile.
+	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
+		ID: suite.fooProxyStateTemplate.Id,
+	})
+	require.NoError(suite.T(), err)
+
+	// Assert on the status.
+	suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
+
+	// Assert that the endpoints computed in the controller matches the expected endpoints.
+	actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
+	prototest.AssertDeepEqual(suite.T(), suite.expectedFooProxyStateEndpoints, actualEndpoints)
+}
+
+// This test is a happy path creation test that calls reconcile multiple times with a more complex setup. This
+// scenario is trickier to test in the controller test because the end computation of the xds controller is not
+// stored in the state store. So this test ensures that between multiple reconciles the correct ProxyStates are
+// computed for each ProxyStateTemplate.
+func (suite *xdsControllerTestSuite) TestReconcile_MultipleProxyStateTemplatesComputesMultipleEndpoints() {
+	// Set up fooProxyStateTemplate and barProxyStateTemplate and their associated resources and store them. Resources
+	// and expected results are stored in the suite to assert against.
+	suite.setupFooBarProxyStateTemplateAndEndpoints()
+
+	// Reconcile the fooProxyStateTemplate.
+	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
+		ID: suite.fooProxyStateTemplate.Id,
+	})
+	require.NoError(suite.T(), err)
+
+	// Assert on the status.
+	suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
+
+	// Assert that the endpoints computed in the controller matches the expected endpoints.
+	actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
+	prototest.AssertDeepEqual(suite.T(), suite.expectedFooProxyStateEndpoints, actualEndpoints)
+
+	// Reconcile the barProxyStateTemplate.
+	err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
+		ID: suite.barProxyStateTemplate.Id,
+	})
+	require.NoError(suite.T(), err)
+
+	// Assert on the status.
+	suite.client.RequireStatusCondition(suite.T(), suite.barProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
+
+	// Assert that the endpoints computed in the controller matches the expected endpoints.
+	actualBarEndpoints := suite.updater.GetEndpoints(suite.barProxyStateTemplate.Id.Name)
+	prototest.AssertDeepEqual(suite.T(), suite.expectedBarProxyStateEndpoints, actualBarEndpoints)
+}
+
+// Sets up a full controller, and tests that reconciles are getting triggered for the events it should.
+func (suite *xdsControllerTestSuite) TestController_ComputeAddUpdateEndpoints() {
+	// Run the controller manager.
+	mgr := controller.NewManager(suite.client, suite.runtime.Logger)
+	mgr.Register(Controller(suite.mapper, suite.updater))
+	mgr.SetRaftLeader(true)
+	go mgr.Run(suite.ctx)
+
+	// Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints. These need to be stored
+	// because the controller reconcile looks them up.
+	suite.setupFooProxyStateTemplateAndEndpoints()
+
+	// Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to
+	// be in a retry block unlike the Reconcile tests because the controller triggers asynchronously.
+	retry.Run(suite.T(), func(r *retry.R) {
+		actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
+		// Assert on the status.
+		suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
+		// Assert that the endpoints computed in the controller matches the expected endpoints.
+		prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints)
+	})
+
+	// Now, update the endpoint to be unhealthy. This will ensure the controller is getting triggered on changes to this
+	// endpoint that it should be tracking, even when the ProxyStateTemplate does not change.
+	resourcetest.Resource(catalog.ServiceEndpointsType, "foo-service").
+		WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{
+			{
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"mesh": {
+						Port:     20000,
+						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
+					},
+				},
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{
+						Host:  "10.1.1.1",
+						Ports: []string{"mesh"},
+					},
+					{
+						Host:  "10.2.2.2",
+						Ports: []string{"mesh"},
+					},
+				},
+				HealthStatus: pbcatalog.Health_HEALTH_CRITICAL,
+			},
+		}}).
+		WithOwner(suite.fooService.Id).
+		Write(suite.T(), suite.client)
+
+	// Wait for the endpoint to be written.
+	retry.Run(suite.T(), func(r *retry.R) {
+		suite.client.RequireVersionChanged(suite.T(), suite.fooEndpoints.Id, suite.fooEndpoints.Version)
+	})
+
+	// Update the expected endpoints to also have unhealthy status.
+	suite.expectedFooProxyStateEndpoints["test-cluster-1"].Endpoints[0].HealthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
+	suite.expectedFooProxyStateEndpoints["test-cluster-1"].Endpoints[1].HealthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
+
+	retry.Run(suite.T(), func(r *retry.R) {
+		actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
+		// Assert on the status.
+		suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
+		// Assert that the endpoints computed in the controller matches the expected endpoints.
+		prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints)
+	})
+
+	// Now add a new endpoint reference and endpoint to the fooProxyStateTemplate. This will ensure that the controller
+	// now tracks the newly added endpoint.
+	secondService := resourcetest.Resource(catalog.ServiceType, "second-service").
+		WithData(suite.T(), &pbcatalog.Service{}).
+		Write(suite.T(), suite.client)
+
+	secondEndpoints := resourcetest.Resource(catalog.ServiceEndpointsType, "second-service").
+		WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{
+			{
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"mesh": {
+						Port:     20000,
+						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
+					},
+				},
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{
+						Host:  "10.5.5.5",
+						Ports: []string{"mesh"},
+					},
+					{
+						Host:  "10.6.6.6",
+						Ports: []string{"mesh"},
+					},
+				},
+			},
+		}}).
+		WithOwner(secondService.Id).
+		Write(suite.T(), suite.client)
+
+	// Update the endpoint references on the fooProxyStateTemplate.
+	suite.fooEndpointRefs["test-cluster-2"] = &pbproxystate.EndpointRef{
+		Id:   secondEndpoints.Id,
+		Port: "mesh",
+	}
+	oldVersion := suite.fooProxyStateTemplate.Version
+	fooProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "foo-pst").
+		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
+			RequiredEndpoints: suite.fooEndpointRefs,
+			ProxyState:        &pbmesh.ProxyState{},
+		}).
+		Write(suite.T(), suite.client)
+
+	retry.Run(suite.T(), func(r *retry.R) {
+		suite.client.RequireVersionChanged(r, fooProxyStateTemplate.Id, oldVersion)
+	})
+
+	// Update the expected endpoints with this new endpoints.
+	suite.expectedFooProxyStateEndpoints["test-cluster-2"] = &pbproxystate.Endpoints{
+		Endpoints: []*pbproxystate.Endpoint{
+			{
+				Address: &pbproxystate.Endpoint_HostPort{
+					HostPort: &pbproxystate.HostPortAddress{
+						Host: "10.5.5.5",
+						Port: 20000,
+					},
+				},
+				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+			},
+			{
+				Address: &pbproxystate.Endpoint_HostPort{
+					HostPort: &pbproxystate.HostPortAddress{
+						Host: "10.6.6.6",
+						Port: 20000,
+					},
+				},
+				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+			},
+		},
+	}
+
+	retry.Run(suite.T(), func(r *retry.R) {
+		actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
+		// Assert on the status.
+		suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
+		// Assert that the endpoints computed in the controller matches the expected endpoints.
+		prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints)
+	})
+
+}
+
+// Setup: fooProxyStateTemplate with an EndpointsRef to fooEndpoints
+// Saves all related resources to the suite so they can be modified if needed.
+func (suite *xdsControllerTestSuite) setupFooProxyStateTemplateAndEndpoints() {
+	fooService := resourcetest.Resource(catalog.ServiceType, "foo-service").
+		WithData(suite.T(), &pbcatalog.Service{}).
+		Write(suite.T(), suite.client)
+
+	fooEndpoints := resourcetest.Resource(catalog.ServiceEndpointsType, "foo-service").
+		WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{
+			{
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"mesh": {
+						Port:     20000,
+						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
+					},
+				},
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{
+						Host:  "10.1.1.1",
+						Ports: []string{"mesh"},
+					},
+					{
+						Host:  "10.2.2.2",
+						Ports: []string{"mesh"},
+					},
+				},
+			},
+		}}).
+		WithOwner(fooService.Id).
+		Write(suite.T(), suite.client)
+
+	fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef)
+	fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{
+		Id:   fooEndpoints.Id,
+		Port: "mesh",
+	}
+
+	fooProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "foo-pst").
+		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
+			RequiredEndpoints: fooRequiredEndpoints,
+			ProxyState:        &pbmesh.ProxyState{},
+		}).
+		Write(suite.T(), suite.client)
+
+	retry.Run(suite.T(), func(r *retry.R) {
+		suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id)
+	})
+
+	expectedFooProxyStateEndpoints := map[string]*pbproxystate.Endpoints{
+		"test-cluster-1": {Endpoints: []*pbproxystate.Endpoint{
+			{
+				Address: &pbproxystate.Endpoint_HostPort{
+					HostPort: &pbproxystate.HostPortAddress{
+						Host: "10.1.1.1",
+						Port: 20000,
+					},
+				},
+				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+			},
+			{
+				Address: &pbproxystate.Endpoint_HostPort{
+					HostPort: &pbproxystate.HostPortAddress{
+						Host: "10.2.2.2",
+						Port: 20000,
+					},
+				},
+				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+			},
+		}},
+	}
+	suite.fooService = fooService
+	suite.fooEndpoints = fooEndpoints
+	suite.fooEndpointRefs = fooRequiredEndpoints
+	suite.fooProxyStateTemplate = fooProxyStateTemplate
+	suite.expectedFooProxyStateEndpoints = expectedFooProxyStateEndpoints
+
+}
+
+// Setup:
+//   - fooProxyStateTemplate with an EndpointsRef to fooEndpoints and fooBarEndpoints.
+//   - barProxyStateTemplate with an EndpointsRef to fooBarEndpoints.
+//
+// Saves all related resources to the suite so they can be modified if needed.
+func (suite *xdsControllerTestSuite) setupFooBarProxyStateTemplateAndEndpoints() {
+	fooService := resourcetest.Resource(catalog.ServiceType, "foo-service").
+		WithData(suite.T(), &pbcatalog.Service{}).
+		Write(suite.T(), suite.client)
+
+	fooEndpoints := resourcetest.Resource(catalog.ServiceEndpointsType, "foo-service").
+		WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{
+			{
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"mesh": {
+						Port:     20000,
+						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
+					},
+				},
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{
+						Host:  "10.1.1.1",
+						Ports: []string{"mesh"},
+					},
+					{
+						Host:  "10.2.2.2",
+						Ports: []string{"mesh"},
+					},
+				},
+			},
+		}}).
+		WithOwner(fooService.Id).
+		Write(suite.T(), suite.client)
+
+	fooBarService := resourcetest.Resource(catalog.ServiceType, "foo-bar-service").
+		WithData(suite.T(), &pbcatalog.Service{}).
+		Write(suite.T(), suite.client)
+
+	fooBarEndpoints := resourcetest.Resource(catalog.ServiceEndpointsType, "foo-bar-service").
+		WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{
+			{
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"mesh": {
+						Port:     20000,
+						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
+					},
+				},
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{
+						Host:  "10.3.3.3",
+						Ports: []string{"mesh"},
+					},
+					{
+						Host:  "10.4.4.4",
+						Ports: []string{"mesh"},
+					},
+				},
+			},
+		}}).
+		WithOwner(fooBarService.Id).
+		Write(suite.T(), suite.client)
+
+	fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef)
+	fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{
+		Id:   fooEndpoints.Id,
+		Port: "mesh",
+	}
+	fooRequiredEndpoints["test-cluster-2"] = &pbproxystate.EndpointRef{
+		Id:   fooBarEndpoints.Id,
+		Port: "mesh",
+	}
+
+	barRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef)
+	barRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{
+		Id: fooBarEndpoints.Id,
+		// Sidecar proxy controller will usually set mesh port here.
+		Port: "mesh",
+	}
+
+	fooProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "foo-pst").
+		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
+			// Contains the foo and foobar endpoints.
+			RequiredEndpoints: fooRequiredEndpoints,
+			ProxyState:        &pbmesh.ProxyState{},
+		}).
+		Write(suite.T(), suite.client)
+
+	retry.Run(suite.T(), func(r *retry.R) {
+		suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id)
+	})
+
+	barProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "bar-pst").
+		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
+			// Contains the foobar endpoint.
+			RequiredEndpoints: barRequiredEndpoints,
+			ProxyState:        &pbmesh.ProxyState{},
+		}).
+		Write(suite.T(), suite.client)
+
+	retry.Run(suite.T(), func(r *retry.R) {
+		suite.client.RequireResourceExists(r, barProxyStateTemplate.Id)
+	})
+
+	expectedFooProxyStateEndpoints := map[string]*pbproxystate.Endpoints{
+		"test-cluster-1": {Endpoints: []*pbproxystate.Endpoint{
+			{
+				Address: &pbproxystate.Endpoint_HostPort{
+					HostPort: &pbproxystate.HostPortAddress{
+						Host: "10.1.1.1",
+						Port: 20000,
+					},
+				},
+				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+			},
+			{
+				Address: &pbproxystate.Endpoint_HostPort{
+					HostPort: &pbproxystate.HostPortAddress{
+						Host: "10.2.2.2",
+						Port: 20000,
+					},
+				},
+				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+			},
+		}},
+		"test-cluster-2": {Endpoints: []*pbproxystate.Endpoint{
+			{
+				Address: &pbproxystate.Endpoint_HostPort{
+					HostPort: &pbproxystate.HostPortAddress{
+						Host: "10.3.3.3",
+						Port: 20000,
+					},
+				},
+				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+			},
+			{
+				Address: &pbproxystate.Endpoint_HostPort{
+					HostPort: &pbproxystate.HostPortAddress{
+						Host: "10.4.4.4",
+						Port: 20000,
+					},
+				},
+				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+			},
+		}},
+	}
+
+	expectedBarProxyStateEndpoints := map[string]*pbproxystate.Endpoints{
+		"test-cluster-1": {Endpoints: []*pbproxystate.Endpoint{
+			{
+				Address: &pbproxystate.Endpoint_HostPort{
+					HostPort: &pbproxystate.HostPortAddress{
+						Host: "10.3.3.3",
+						Port: 20000,
+					},
+				},
+				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+			},
+			{
+				Address: &pbproxystate.Endpoint_HostPort{
+					HostPort: &pbproxystate.HostPortAddress{
+						Host: "10.4.4.4",
+						Port: 20000,
+					},
+				},
+				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+			},
+		}},
+	}
+
+	suite.fooProxyStateTemplate = fooProxyStateTemplate
+	suite.barProxyStateTemplate = barProxyStateTemplate
+	suite.barEndpointRefs = barRequiredEndpoints
+	suite.fooEndpointRefs = fooRequiredEndpoints
+	suite.fooEndpoints = fooEndpoints
+	suite.fooService = fooService
+	suite.fooBarEndpoints = fooBarEndpoints
+	suite.fooBarService = fooBarService
+	suite.expectedFooProxyStateEndpoints = expectedFooProxyStateEndpoints
+	suite.expectedBarProxyStateEndpoints = expectedBarProxyStateEndpoints
+}
+
+func TestXdsController(t *testing.T) {
+	suite.Run(t, new(xdsControllerTestSuite))
+}
diff --git a/internal/mesh/internal/controllers/xds/endpoint_builder.go b/internal/mesh/internal/controllers/xds/endpoint_builder.go
new file mode 100644
index 000000000000..71cae4b9b4b6
--- /dev/null
+++ b/internal/mesh/internal/controllers/xds/endpoint_builder.go
@@ -0,0 +1,72 @@
+package xds
+
+import (
+	"fmt"
+	"net"
+
+	"golang.org/x/exp/slices"
+
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+)
+
+func generateProxyStateEndpoints(serviceEndpoints *ServiceEndpointsData, portName string) (*pbproxystate.Endpoints, error) {
+	var psEndpoints []*pbproxystate.Endpoint
+
+	if serviceEndpoints.Endpoints == nil || serviceEndpoints.Resource == nil {
+		return nil, fmt.Errorf("service endpoints requires both endpoints and resource")
+	}
+	eps := serviceEndpoints.Endpoints.GetEndpoints()
+
+	for _, ep := range eps {
+		for _, addr := range ep.Addresses {
+			// Check if the address is using the portName name this proxy state endpoints is for. If it does, create the
+			// endpoint.
+			if slices.Contains(addr.Ports, portName) {
+				// Lookup the portName number from the portName name.
+				wlPort, ok := ep.Ports[portName]
+				if !ok {
+					// This should never happen, as it should be validated by the ServiceEndpoints controller.
+					return nil, fmt.Errorf("could not find portName %q in endpoint %s", portName, serviceEndpoints.Resource.Id)
+				}
+				portNum := wlPort.Port
+
+				psEndpoint, err := createProxyStateEndpoint(addr.Host, portNum, ep.HealthStatus)
+				if err != nil {
+					return nil, err
+				}
+				psEndpoints = append(psEndpoints, psEndpoint)
+			}
+		}
+	}
+
+	return &pbproxystate.Endpoints{Endpoints: psEndpoints}, nil
+}
+
+func createProxyStateEndpoint(host string, port uint32, health pbcatalog.Health) (*pbproxystate.Endpoint, error) {
+	addr := net.ParseIP(host)
+	if addr == nil {
+		return nil, fmt.Errorf("host is not an ip")
+	}
+
+	psEndpoint := &pbproxystate.Endpoint{
+		Address: &pbproxystate.Endpoint_HostPort{
+			HostPort: &pbproxystate.HostPortAddress{
+				Host: host,
+				Port: port,
+			},
+		},
+		HealthStatus: endpointHealth(health),
+		// TODO(xds): Weight will be added later. More information is potentially needed in the reference.
+	}
+	return psEndpoint, nil
+}
+
+func endpointHealth(catalogHealth pbcatalog.Health) pbproxystate.HealthStatus {
+	health := pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY
+
+	if catalogHealth == pbcatalog.Health_HEALTH_CRITICAL {
+		health = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
+	}
+	return health
+}
diff --git a/internal/mesh/internal/controllers/xds/endpoint_builder_test.go b/internal/mesh/internal/controllers/xds/endpoint_builder_test.go
new file mode 100644
index 000000000000..6334429abd1c
--- /dev/null
+++ b/internal/mesh/internal/controllers/xds/endpoint_builder_test.go
@@ -0,0 +1,233 @@
+package xds
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/internal/catalog"
+	"github.com/hashicorp/consul/internal/resource/resourcetest"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+	"github.com/hashicorp/consul/proto/private/prototest"
+)
+
+func TestMakeProxyStateEndpointsFromServiceEndpoints(t *testing.T) {
+	type test struct {
+		name                        string
+		serviceEndpointsData        *ServiceEndpointsData
+		portName                    string
+		expErr                      string
+		expectedProxyStateEndpoints *pbproxystate.Endpoints
+	}
+	cases := []test{
+		{
+			name:                 "endpoints with passing health",
+			serviceEndpointsData: serviceEndpointsData("passing"),
+			portName:             "mesh",
+			expectedProxyStateEndpoints: &pbproxystate.Endpoints{
+				Endpoints: []*pbproxystate.Endpoint{
+					{
+						Address: &pbproxystate.Endpoint_HostPort{
+							HostPort: &pbproxystate.HostPortAddress{
+								Host: "10.1.1.1",
+								Port: 20000,
+							},
+						},
+						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+					},
+					{
+						Address: &pbproxystate.Endpoint_HostPort{
+							HostPort: &pbproxystate.HostPortAddress{
+								Host: "10.2.2.2",
+								Port: 20000,
+							},
+						},
+						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+					},
+					{
+						Address: &pbproxystate.Endpoint_HostPort{
+							HostPort: &pbproxystate.HostPortAddress{
+								Host: "10.3.3.3",
+								Port: 20000,
+							},
+						},
+						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+					},
+				},
+			},
+		},
+		{
+			name:                 "endpoints with critical health",
+			serviceEndpointsData: serviceEndpointsData("critical"),
+			portName:             "mesh",
+			expectedProxyStateEndpoints: &pbproxystate.Endpoints{
+				Endpoints: []*pbproxystate.Endpoint{
+					{
+						Address: &pbproxystate.Endpoint_HostPort{
+							HostPort: &pbproxystate.HostPortAddress{
+								Host: "10.1.1.1",
+								Port: 20000,
+							},
+						},
+						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY,
+					},
+					{
+						Address: &pbproxystate.Endpoint_HostPort{
+							HostPort: &pbproxystate.HostPortAddress{
+								Host: "10.2.2.2",
+								Port: 20000,
+							},
+						},
+						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY,
+					},
+					{
+						Address: &pbproxystate.Endpoint_HostPort{
+							HostPort: &pbproxystate.HostPortAddress{
+								Host: "10.3.3.3",
+								Port: 20000,
+							},
+						},
+						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY,
+					},
+				},
+			},
+		},
+		{
+			name:                 "endpoints with any health are considered healthy",
+			serviceEndpointsData: serviceEndpointsData("any"),
+			portName:             "mesh",
+			expectedProxyStateEndpoints: &pbproxystate.Endpoints{
+				Endpoints: []*pbproxystate.Endpoint{
+					{
+						Address: &pbproxystate.Endpoint_HostPort{
+							HostPort: &pbproxystate.HostPortAddress{
+								Host: "10.1.1.1",
+								Port: 20000,
+							},
+						},
+						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+					},
+					{
+						Address: &pbproxystate.Endpoint_HostPort{
+							HostPort: &pbproxystate.HostPortAddress{
+								Host: "10.2.2.2",
+								Port: 20000,
+							},
+						},
+						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+					},
+					{
+						Address: &pbproxystate.Endpoint_HostPort{
+							HostPort: &pbproxystate.HostPortAddress{
+								Host: "10.3.3.3",
+								Port: 20000,
+							},
+						},
+						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
+					},
+				},
+			},
+		},
+		{
+			name:                 "endpoints with missing ports returns an error",
+			serviceEndpointsData: serviceEndpointsData("missing port lookup"),
+			portName:             "mesh",
+			expErr:               "could not find portName",
+		},
+		{
+			name:                 "nil endpoints returns an error",
+			serviceEndpointsData: serviceEndpointsData("nil endpoints"),
+			portName:             "mesh",
+			expErr:               "service endpoints requires both endpoints and resource",
+		},
+		{
+			name:                 "nil resource returns an error",
+			serviceEndpointsData: serviceEndpointsData("nil resource"),
+			portName:             "mesh",
+			expErr:               "service endpoints requires both endpoints and resource",
+		},
+		{
+			name:                 "portName doesn't exist in endpoints results in empty endpoints",
+			serviceEndpointsData: serviceEndpointsData("passing"),
+			portName:             "does-not-exist",
+			expectedProxyStateEndpoints: &pbproxystate.Endpoints{
+				Endpoints: []*pbproxystate.Endpoint{},
+			},
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			actualEndpoints, err := generateProxyStateEndpoints(tc.serviceEndpointsData, tc.portName)
+			if tc.expErr != "" {
+				require.ErrorContains(t, err, tc.expErr)
+			} else {
+				prototest.AssertDeepEqual(t, tc.expectedProxyStateEndpoints, actualEndpoints)
+			}
+		})
+	}
+}
+
+func serviceEndpointsData(variation string) *ServiceEndpointsData {
+	r := resourcetest.Resource(catalog.ServiceEndpointsType, "test").Build()
+	eps := &pbcatalog.ServiceEndpoints{
+		Endpoints: []*pbcatalog.Endpoint{
+			{
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"mesh": {
+						Port:     20000,
+						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
+					},
+				},
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{
+						Host:  "10.1.1.1",
+						Ports: []string{"mesh"},
+					},
+					{
+						Host:  "10.2.2.2",
+						Ports: []string{"mesh"},
+					},
+				},
+				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
+			},
+			{
+				Ports: map[string]*pbcatalog.WorkloadPort{
+					"mesh": {
+						Port:     20000,
+						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
+					},
+				},
+				Addresses: []*pbcatalog.WorkloadAddress{
+					{
+						Host:  "10.3.3.3",
+						Ports: []string{"mesh"},
+					},
+				},
+				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
+			},
+		},
+	}
+
+	switch variation {
+	case "passing":
+	case "critical":
+		eps.Endpoints[0].HealthStatus = pbcatalog.Health_HEALTH_CRITICAL
+		eps.Endpoints[1].HealthStatus = pbcatalog.Health_HEALTH_CRITICAL
+	case "any":
+		eps.Endpoints[0].HealthStatus = pbcatalog.Health_HEALTH_ANY
+		eps.Endpoints[1].HealthStatus = pbcatalog.Health_HEALTH_ANY
+	case "missing port lookup":
+		delete(eps.Endpoints[0].Ports, "mesh")
+	case "nil endpoints":
+		eps = nil
+	case "nil resource":
+		r = nil
+	}
+
+	return &ServiceEndpointsData{
+		Resource:  r,
+		Endpoints: eps,
+	}
+}
diff --git a/internal/mesh/internal/controllers/xds/mock_updater.go b/internal/mesh/internal/controllers/xds/mock_updater.go
new file mode 100644
index 000000000000..33564062bc07
--- /dev/null
+++ b/internal/mesh/internal/controllers/xds/mock_updater.go
@@ -0,0 +1,90 @@
+package xds
+
+import (
+	"fmt"
+	"sync"
+
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+// mockUpdater mocks the updater functions, and stores ProxyStates from calls to PushChange, so we can assert it was
+// computed correctly in the controller.
+type mockUpdater struct {
+	lock sync.Mutex
+	// latestPs is a map from a ProxyStateTemplate's id.Name in string form to the last computed ProxyState for that
+	// ProxyStateTemplate.
+	latestPs        map[string]*pbmesh.ProxyState
+	notConnected    bool
+	pushChangeError bool
+}
+
+func NewMockUpdater() *mockUpdater {
+	return &mockUpdater{
+		latestPs: make(map[string]*pbmesh.ProxyState),
+	}
+}
+
+func (m *mockUpdater) SetPushChangeErrorTrue() {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	m.pushChangeError = true
+}
+
+func (m *mockUpdater) SetProxyAsNotConnected() {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	m.notConnected = true
+}
+
+func (m *mockUpdater) PushChange(id *pbresource.ID, snapshot *pbmesh.ProxyState) error {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	if m.pushChangeError {
+		return fmt.Errorf("mock push change error")
+	} else {
+		m.setUnsafe(id.Name, snapshot)
+	}
+	return nil
+}
+
+func (m *mockUpdater) ProxyConnectedToServer(_ *pbresource.ID) bool {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	if m.notConnected {
+		return false
+	}
+	return true
+}
+
+func (p *mockUpdater) Get(name string) *pbmesh.ProxyState {
+	p.lock.Lock()
+	defer p.lock.Unlock()
+	ps, ok := p.latestPs[name]
+	if ok {
+		return ps
+	}
+	return nil
+}
+
+func (p *mockUpdater) GetEndpoints(name string) map[string]*pbproxystate.Endpoints {
+	p.lock.Lock()
+	defer p.lock.Unlock()
+	ps, ok := p.latestPs[name]
+	if ok {
+		return ps.Endpoints
+	}
+	return nil
+}
+
+func (p *mockUpdater) Set(name string, ps *pbmesh.ProxyState) {
+	p.lock.Lock()
+	defer p.lock.Unlock()
+	p.setUnsafe(name, ps)
+}
+
+func (p *mockUpdater) setUnsafe(name string, ps *pbmesh.ProxyState) {
+	p.latestPs[name] = ps
+}
diff --git a/internal/mesh/internal/controllers/xds/reconciliation_data.go b/internal/mesh/internal/controllers/xds/reconciliation_data.go
new file mode 100644
index 000000000000..53b515a05257
--- /dev/null
+++ b/internal/mesh/internal/controllers/xds/reconciliation_data.go
@@ -0,0 +1,58 @@
+package xds
+
+import (
+	"context"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/resource"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+type ServiceEndpointsData struct {
+	Resource  *pbresource.Resource
+	Endpoints *pbcatalog.ServiceEndpoints
+}
+
+type ProxyStateTemplateData struct {
+	Resource *pbresource.Resource
+	Template *pbmesh.ProxyStateTemplate
+}
+
+// getServiceEndpoints will return a non-nil &ServiceEndpointsData unless there is an error.
+func getServiceEndpoints(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*ServiceEndpointsData, error) {
+	rsp, err := rt.Client.Read(ctx, &pbresource.ReadRequest{Id: id})
+	if err != nil {
+		return nil, err
+	}
+
+	var se pbcatalog.ServiceEndpoints
+	err = rsp.Resource.Data.UnmarshalTo(&se)
+	if err != nil {
+		return nil, resource.NewErrDataParse(&se, err)
+	}
+
+	return &ServiceEndpointsData{Resource: rsp.Resource, Endpoints: &se}, nil
+}
+
+func getProxyStateTemplate(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*ProxyStateTemplateData, error) {
+	rsp, err := rt.Client.Read(ctx, &pbresource.ReadRequest{Id: id})
+	switch {
+	case status.Code(err) == codes.NotFound:
+		return nil, nil
+	case err != nil:
+		return nil, err
+	}
+
+	var pst pbmesh.ProxyStateTemplate
+	err = rsp.Resource.Data.UnmarshalTo(&pst)
+	if err != nil {
+		return nil, resource.NewErrDataParse(&pst, err)
+	}
+
+	return &ProxyStateTemplateData{Resource: rsp.Resource, Template: &pst}, nil
+}
diff --git a/internal/mesh/internal/controllers/xds/status/status.go b/internal/mesh/internal/controllers/xds/status/status.go
new file mode 100644
index 000000000000..706152329035
--- /dev/null
+++ b/internal/mesh/internal/controllers/xds/status/status.go
@@ -0,0 +1,92 @@
+package status
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+const (
+	StatusConditionProxyStateAccepted             = "ProxyStateAccepted"
+	StatusReasonNilProxyState                     = "ProxyStateNil"
+	StatusReasonProxyStateReferencesComputed      = "ProxyStateReferencesComputed"
+	StatusReasonEndpointNotRead                   = "ProxyStateEndpointReferenceReadError"
+	StatusReasonCreatingProxyStateEndpointsFailed = "ProxyStateEndpointsNotComputed"
+	StatusReasonPushChangeFailed                  = "ProxyStatePushChangeFailed"
+)
+
+func KeyFromID(id *pbresource.ID) string {
+	return fmt.Sprintf("%s/%s/%s",
+		resource.ToGVK(id.Type),
+		resource.TenancyToString(id.Tenancy),
+		id.Name)
+}
+
+func ConditionAccepted() *pbresource.Condition {
+	return &pbresource.Condition{
+		Type:    StatusConditionProxyStateAccepted,
+		State:   pbresource.Condition_STATE_TRUE,
+		Reason:  StatusReasonProxyStateReferencesComputed,
+		Message: fmt.Sprintf("proxy state was computed and pushed."),
+	}
+}
+func ConditionRejectedNilProxyState(pstRef string) *pbresource.Condition {
+	return &pbresource.Condition{
+		Type:    StatusConditionProxyStateAccepted,
+		State:   pbresource.Condition_STATE_FALSE,
+		Reason:  StatusReasonNilProxyState,
+		Message: fmt.Sprintf("nil proxy state is not valid %q.", pstRef),
+	}
+}
+func ConditionRejectedErrorReadingEndpoints(endpointRef string, err string) *pbresource.Condition {
+	return &pbresource.Condition{
+		Type:    StatusConditionProxyStateAccepted,
+		State:   pbresource.Condition_STATE_FALSE,
+		Reason:  StatusReasonEndpointNotRead,
+		Message: fmt.Sprintf("error reading referenced service endpoints %q: %s", endpointRef, err),
+	}
+}
+func ConditionRejectedCreatingProxyStateEndpoints(endpointRef string, err string) *pbresource.Condition {
+	return &pbresource.Condition{
+		Type:    StatusConditionProxyStateAccepted,
+		State:   pbresource.Condition_STATE_FALSE,
+		Reason:  StatusReasonCreatingProxyStateEndpointsFailed,
+		Message: fmt.Sprintf("could not create proxy state endpoints from service endpoints %q: %s", endpointRef, err),
+	}
+}
+func ConditionRejectedPushChangeFailed(pstRef string) *pbresource.Condition {
+	return &pbresource.Condition{
+		Type:    StatusConditionProxyStateAccepted,
+		State:   pbresource.Condition_STATE_FALSE,
+		Reason:  StatusReasonPushChangeFailed,
+		Message: fmt.Sprintf("failed to push change for proxy state template %q", pstRef),
+	}
+}
+
+// WriteStatusIfChanged updates the ProxyStateTemplate status if it has changed.
+func WriteStatusIfChanged(ctx context.Context, rt controller.Runtime, res *pbresource.Resource, condition *pbresource.Condition) {
+	newStatus := &pbresource.Status{
+		ObservedGeneration: res.Generation,
+		Conditions: []*pbresource.Condition{
+			condition,
+		},
+	}
+	// If the status is unchanged then we should return and avoid the unnecessary write
+	const controllerName = "consul.io/xds-controller"
+	if resource.EqualStatus(res.Status[controllerName], newStatus, false) {
+		return
+	} else {
+		_, err := rt.Client.WriteStatus(ctx, &pbresource.WriteStatusRequest{
+			Id:     res.Id,
+			Key:    controllerName,
+			Status: newStatus,
+		})
+
+		if err != nil {
+			rt.Logger.Error("error updating the proxy state template status", "error", err, "proxyStateTeamplate", res.Id)
+		}
+	}
+}

From 17667a1c754a65bc69ad61a42bbaa5aa6ade8a8a Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Tue, 22 Aug 2023 12:31:06 -0500
Subject: [PATCH 314/359] mesh: adding type aliases for mesh resource usage
 (#18448)

Introduces some simple type aliases for DecodedResource[*X] wrappers for each type which cut down on the verbosity
---
 internal/mesh/internal/types/decoded.go | 20 ++++++++++++++++++++
 internal/resource/decode.go             | 17 +++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 internal/mesh/internal/types/decoded.go

diff --git a/internal/mesh/internal/types/decoded.go b/internal/mesh/internal/types/decoded.go
new file mode 100644
index 000000000000..90ce21233327
--- /dev/null
+++ b/internal/mesh/internal/types/decoded.go
@@ -0,0 +1,20 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"github.com/hashicorp/consul/internal/resource"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+)
+
+type (
+	DecodedHTTPRoute         = resource.DecodedResource[*pbmesh.HTTPRoute]
+	DecodedGRPCRoute         = resource.DecodedResource[*pbmesh.GRPCRoute]
+	DecodedTCPRoute          = resource.DecodedResource[*pbmesh.TCPRoute]
+	DecodedDestinationPolicy = resource.DecodedResource[*pbmesh.DestinationPolicy]
+	DecodedComputedRoutes    = resource.DecodedResource[*pbmesh.ComputedRoutes]
+	DecodedFailoverPolicy    = resource.DecodedResource[*pbcatalog.FailoverPolicy]
+	DecodedService           = resource.DecodedResource[*pbcatalog.Service]
+)
diff --git a/internal/resource/decode.go b/internal/resource/decode.go
index c610898ca3c2..35ee0886035b 100644
--- a/internal/resource/decode.go
+++ b/internal/resource/decode.go
@@ -20,6 +20,23 @@ type DecodedResource[T proto.Message] struct {
 	Data     T
 }
 
+func (d *DecodedResource[T]) GetResource() *pbresource.Resource {
+	if d == nil {
+		return nil
+	}
+
+	return d.Resource
+}
+
+func (d *DecodedResource[T]) GetData() T {
+	if d == nil {
+		var zero T
+		return zero
+	}
+
+	return d.Data
+}
+
 // Decode will generically decode the provided resource into a 2-field
 // structure that holds onto the original Resource and the decoded contents.
 //

From 4f9955d91e1f7cdab68ab407d4789e1339ff6bfa Mon Sep 17 00:00:00 2001
From: Ashwin Venkatesh <ashwin@hashicorp.com>
Date: Tue, 22 Aug 2023 15:38:31 -0400
Subject: [PATCH 315/359] Update trust bundle into proxy-state-template
 (#18550)

---
 agent/consul/server.go                        | 22 +++++++--
 internal/mesh/exports.go                      | 10 ++++
 .../mesh/internal/controllers/register.go     | 22 +++++++++
 .../internal/controllers/xds/controller.go    | 33 ++++++++++---
 .../controllers/xds/controller_test.go        | 48 +++++++++++++++++--
 .../internal/controllers/xds/mock_updater.go  | 10 ++++
 .../internal/controllers/xds/status/status.go |  9 ++++
 7 files changed, 140 insertions(+), 14 deletions(-)
 create mode 100644 internal/mesh/internal/controllers/register.go

diff --git a/agent/consul/server.go b/agent/consul/server.go
index 4346bb613138..e440c6c27da9 100644
--- a/agent/consul/server.go
+++ b/agent/consul/server.go
@@ -19,9 +19,8 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/hashicorp/consul/internal/resource"
-
 	"github.com/armon/go-metrics"
+	"github.com/hashicorp/consul-net-rpc/net/rpc"
 	"github.com/hashicorp/go-connlimit"
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-memdb"
@@ -38,8 +37,6 @@ import (
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/reflection"
 
-	"github.com/hashicorp/consul-net-rpc/net/rpc"
-
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/acl/resolver"
 	"github.com/hashicorp/consul/agent/blockingquery"
@@ -75,6 +72,8 @@ import (
 	"github.com/hashicorp/consul/agent/token"
 	"github.com/hashicorp/consul/internal/catalog"
 	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/mesh"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/internal/resource/reaper"
 	raftstorage "github.com/hashicorp/consul/internal/storage/raft"
@@ -82,6 +81,7 @@ import (
 	"github.com/hashicorp/consul/lib/routine"
 	"github.com/hashicorp/consul/lib/stringslice"
 	"github.com/hashicorp/consul/logging"
+	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/pbsubscribe"
 	"github.com/hashicorp/consul/tlsutil"
@@ -876,6 +876,20 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 func (s *Server) registerControllers(deps Deps) {
 	if stringslice.Contains(deps.Experiments, catalogResourceExperimentName) {
 		catalog.RegisterControllers(s.controllerManager, catalog.DefaultControllerDependencies())
+		mesh.RegisterControllers(s.controllerManager, mesh.ControllerDependencies{
+			TrustBundleFetcher: func() (*pbproxystate.TrustBundle, error) {
+				var bundle pbproxystate.TrustBundle
+				roots, err := s.getCARoots(nil, s.GetState())
+				if err != nil {
+					return nil, err
+				}
+				bundle.TrustDomain = roots.TrustDomain
+				for _, root := range roots.Roots {
+					bundle.Roots = append(bundle.Roots, root.RootCert)
+				}
+				return &bundle, nil
+			},
+		})
 	}
 
 	reaper.RegisterControllers(s.controllerManager)
diff --git a/internal/mesh/exports.go b/internal/mesh/exports.go
index 2e40e0589307..6a6f97221f30 100644
--- a/internal/mesh/exports.go
+++ b/internal/mesh/exports.go
@@ -4,6 +4,8 @@
 package mesh
 
 import (
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/mesh/internal/controllers"
 	"github.com/hashicorp/consul/internal/mesh/internal/types"
 	"github.com/hashicorp/consul/internal/resource"
 )
@@ -57,3 +59,11 @@ var (
 func RegisterTypes(r resource.Registry) {
 	types.Register(r)
 }
+
+// RegisterControllers registers controllers for the mesh types with
+// the given controller Manager.
+func RegisterControllers(mgr *controller.Manager, deps ControllerDependencies) {
+	controllers.Register(mgr, deps)
+}
+
+type ControllerDependencies = controllers.Dependencies
diff --git a/internal/mesh/internal/controllers/register.go b/internal/mesh/internal/controllers/register.go
new file mode 100644
index 000000000000..b6b8ac855b5b
--- /dev/null
+++ b/internal/mesh/internal/controllers/register.go
@@ -0,0 +1,22 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package controllers
+
+import (
+	"github.com/hashicorp/consul/internal/catalog"
+	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/mesh/internal/controllers/xds"
+	"github.com/hashicorp/consul/internal/mesh/internal/types"
+	"github.com/hashicorp/consul/internal/resource/mappers/bimapper"
+)
+
+type Dependencies struct {
+	TrustBundleFetcher xds.TrustBundleFetcher
+}
+
+func Register(mgr *controller.Manager, deps Dependencies) {
+	mapper := bimapper.New(types.ProxyStateTemplateType, catalog.ServiceEndpointsType)
+	// TODO: Pass in a "real" updater once proxy tracker work has completed.
+	mgr.Register(xds.Controller(mapper, nil, deps.TrustBundleFetcher))
+}
diff --git a/internal/mesh/internal/controllers/xds/controller.go b/internal/mesh/internal/controllers/xds/controller.go
index 5d1e5da7cc6c..9cb7992d9fbf 100644
--- a/internal/mesh/internal/controllers/xds/controller.go
+++ b/internal/mesh/internal/controllers/xds/controller.go
@@ -16,22 +16,26 @@ import (
 
 const ControllerName = "consul.io/xds-controller"
 
-func Controller(mapper *bimapper.Mapper, updater ProxyUpdater) controller.Controller {
-	if mapper == nil || updater == nil {
-		panic("mapper and updater are required")
+func Controller(mapper *bimapper.Mapper, updater ProxyUpdater, fetcher TrustBundleFetcher) controller.Controller {
+	//if mapper == nil || updater == nil || fetcher == nil {
+	if mapper == nil || fetcher == nil {
+		panic("mapper, updater and fetcher are required")
 	}
 
 	return controller.ForType(types.ProxyStateTemplateType).
 		WithWatch(catalog.ServiceEndpointsType, mapper.MapLink).
 		WithPlacement(controller.PlacementEachServer).
-		WithReconciler(&xdsReconciler{bimapper: mapper, updater: updater})
+		WithReconciler(&xdsReconciler{bimapper: mapper, updater: updater, fetchTrustBundle: fetcher})
 }
 
 type xdsReconciler struct {
-	bimapper *bimapper.Mapper
-	updater  ProxyUpdater
+	bimapper         *bimapper.Mapper
+	updater          ProxyUpdater
+	fetchTrustBundle TrustBundleFetcher
 }
 
+type TrustBundleFetcher func() (*pbproxystate.TrustBundle, error)
+
 // ProxyUpdater is an interface that defines the ability to push proxy updates to the updater
 // and also check its connectivity to the server.
 type ProxyUpdater interface {
@@ -78,6 +82,23 @@ func (r *xdsReconciler) Reconcile(ctx context.Context, rt controller.Runtime, re
 
 		return err
 	}
+
+	// TODO: Fetch trust bundles for all peers when peering is supported.
+	trustBundle, err := r.fetchTrustBundle()
+	if err != nil {
+		rt.Logger.Error("error fetching root trust bundle", "error", err)
+		// Set the status.
+		statusCondition = status.ConditionRejectedTrustBundleFetchFailed(status.KeyFromID(req.ID))
+		status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
+		return err
+	}
+
+	if proxyStateTemplate.Template.ProxyState.TrustBundles == nil {
+		proxyStateTemplate.Template.ProxyState.TrustBundles = make(map[string]*pbproxystate.TrustBundle)
+	}
+	// TODO: Figure out the correct key for the default trust bundle.
+	proxyStateTemplate.Template.ProxyState.TrustBundles["local"] = trustBundle
+
 	if proxyStateTemplate.Template.ProxyState.Endpoints == nil {
 		proxyStateTemplate.Template.ProxyState.Endpoints = make(map[string]*pbproxystate.Endpoints)
 	}
diff --git a/internal/mesh/internal/controllers/xds/controller_test.go b/internal/mesh/internal/controllers/xds/controller_test.go
index e6df71c70eda..cd8a5adc225b 100644
--- a/internal/mesh/internal/controllers/xds/controller_test.go
+++ b/internal/mesh/internal/controllers/xds/controller_test.go
@@ -37,6 +37,7 @@ type xdsControllerTestSuite struct {
 	ctl     *xdsReconciler
 	mapper  *bimapper.Mapper
 	updater *mockUpdater
+	fetcher TrustBundleFetcher
 
 	fooProxyStateTemplate          *pbresource.Resource
 	barProxyStateTemplate          *pbresource.Resource
@@ -48,6 +49,7 @@ type xdsControllerTestSuite struct {
 	fooBarService                  *pbresource.Resource
 	expectedFooProxyStateEndpoints map[string]*pbproxystate.Endpoints
 	expectedBarProxyStateEndpoints map[string]*pbproxystate.Endpoints
+	expectedTrustBundle            map[string]*pbproxystate.TrustBundle
 }
 
 func (suite *xdsControllerTestSuite) SetupTest() {
@@ -55,16 +57,27 @@ func (suite *xdsControllerTestSuite) SetupTest() {
 	resourceClient := svctest.RunResourceService(suite.T(), types.Register, catalog.RegisterTypes)
 	suite.runtime = controller.Runtime{Client: resourceClient, Logger: testutil.Logger(suite.T())}
 	suite.client = resourcetest.NewClient(resourceClient)
+	suite.fetcher = mockFetcher
 
 	suite.mapper = bimapper.New(types.ProxyStateTemplateType, catalog.ServiceEndpointsType)
 	suite.updater = NewMockUpdater()
 
 	suite.ctl = &xdsReconciler{
-		bimapper: suite.mapper,
-		updater:  suite.updater,
+		bimapper:         suite.mapper,
+		updater:          suite.updater,
+		fetchTrustBundle: suite.fetcher,
 	}
 }
 
+func mockFetcher() (*pbproxystate.TrustBundle, error) {
+	var bundle pbproxystate.TrustBundle
+	bundle = pbproxystate.TrustBundle{
+		TrustDomain: "some-trust-domain",
+		Roots:       []string{"some-root", "some-other-root"},
+	}
+	return &bundle, nil
+}
+
 // This test ensures when a ProxyState is deleted, it is no longer tracked in the mapper.
 func (suite *xdsControllerTestSuite) TestReconcile_NoProxyStateTemplate() {
 	// Track the id of a non-existent ProxyStateTemplate.
@@ -217,6 +230,25 @@ func (suite *xdsControllerTestSuite) TestReconcile_ProxyStateTemplateComputesEnd
 	prototest.AssertDeepEqual(suite.T(), suite.expectedFooProxyStateEndpoints, actualEndpoints)
 }
 
+func (suite *xdsControllerTestSuite) TestReconcile_ProxyStateTemplateSetsTrustBundles() {
+	// This test is a happy path creation test to make sure pbproxystate.Template.TrustBundles are created in the computed
+	// pbmesh.ProxyState from the TrustBundleFetcher.
+	suite.setupFooProxyStateTemplateAndEndpoints()
+
+	// Run the reconcile.
+	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
+		ID: suite.fooProxyStateTemplate.Id,
+	})
+	require.NoError(suite.T(), err)
+
+	// Assert on the status.
+	suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
+
+	// Assert that the endpoints computed in the controller matches the expected endpoints.
+	actualTrustBundle := suite.updater.GetTrustBundle(suite.fooProxyStateTemplate.Id.Name)
+	prototest.AssertDeepEqual(suite.T(), suite.expectedTrustBundle, actualTrustBundle)
+}
+
 // This test is a happy path creation test that calls reconcile multiple times with a more complex setup. This
 // scenario is trickier to test in the controller test because the end computation of the xds controller is not
 // stored in the state store. So this test ensures that between multiple reconciles the correct ProxyStates are
@@ -257,7 +289,7 @@ func (suite *xdsControllerTestSuite) TestReconcile_MultipleProxyStateTemplatesCo
 func (suite *xdsControllerTestSuite) TestController_ComputeAddUpdateEndpoints() {
 	// Run the controller manager.
 	mgr := controller.NewManager(suite.client, suite.runtime.Logger)
-	mgr.Register(Controller(suite.mapper, suite.updater))
+	mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher))
 	mgr.SetRaftLeader(true)
 	go mgr.Run(suite.ctx)
 
@@ -470,12 +502,20 @@ func (suite *xdsControllerTestSuite) setupFooProxyStateTemplateAndEndpoints() {
 			},
 		}},
 	}
+
+	expectedTrustBundle := map[string]*pbproxystate.TrustBundle{
+		"local": {
+			TrustDomain: "some-trust-domain",
+			Roots:       []string{"some-root", "some-other-root"},
+		},
+	}
+
 	suite.fooService = fooService
 	suite.fooEndpoints = fooEndpoints
 	suite.fooEndpointRefs = fooRequiredEndpoints
 	suite.fooProxyStateTemplate = fooProxyStateTemplate
 	suite.expectedFooProxyStateEndpoints = expectedFooProxyStateEndpoints
-
+	suite.expectedTrustBundle = expectedTrustBundle
 }
 
 // Setup:
diff --git a/internal/mesh/internal/controllers/xds/mock_updater.go b/internal/mesh/internal/controllers/xds/mock_updater.go
index 33564062bc07..fc27382d6ef3 100644
--- a/internal/mesh/internal/controllers/xds/mock_updater.go
+++ b/internal/mesh/internal/controllers/xds/mock_updater.go
@@ -79,6 +79,16 @@ func (p *mockUpdater) GetEndpoints(name string) map[string]*pbproxystate.Endpoin
 	return nil
 }
 
+func (p *mockUpdater) GetTrustBundle(name string) map[string]*pbproxystate.TrustBundle {
+	p.lock.Lock()
+	defer p.lock.Unlock()
+	ps, ok := p.latestPs[name]
+	if ok {
+		return ps.TrustBundles
+	}
+	return nil
+}
+
 func (p *mockUpdater) Set(name string, ps *pbmesh.ProxyState) {
 	p.lock.Lock()
 	defer p.lock.Unlock()
diff --git a/internal/mesh/internal/controllers/xds/status/status.go b/internal/mesh/internal/controllers/xds/status/status.go
index 706152329035..796bec422250 100644
--- a/internal/mesh/internal/controllers/xds/status/status.go
+++ b/internal/mesh/internal/controllers/xds/status/status.go
@@ -16,6 +16,7 @@ const (
 	StatusReasonEndpointNotRead                   = "ProxyStateEndpointReferenceReadError"
 	StatusReasonCreatingProxyStateEndpointsFailed = "ProxyStateEndpointsNotComputed"
 	StatusReasonPushChangeFailed                  = "ProxyStatePushChangeFailed"
+	StatusReasonTrustBundleFetchFailed            = "ProxyStateTrustBundleFetchFailed"
 )
 
 func KeyFromID(id *pbresource.ID) string {
@@ -65,6 +66,14 @@ func ConditionRejectedPushChangeFailed(pstRef string) *pbresource.Condition {
 		Message: fmt.Sprintf("failed to push change for proxy state template %q", pstRef),
 	}
 }
+func ConditionRejectedTrustBundleFetchFailed(pstRef string) *pbresource.Condition {
+	return &pbresource.Condition{
+		Type:    StatusConditionProxyStateAccepted,
+		State:   pbresource.Condition_STATE_FALSE,
+		Reason:  StatusReasonTrustBundleFetchFailed,
+		Message: fmt.Sprintf("failed to fetch trust bundle for proxy state template %q", pstRef),
+	}
+}
 
 // WriteStatusIfChanged updates the ProxyStateTemplate status if it has changed.
 func WriteStatusIfChanged(ctx context.Context, rt controller.Runtime, res *pbresource.Resource, condition *pbresource.Condition) {

From 5b88aae3b4119ccf20674d57907254cecdfaca65 Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Tue, 22 Aug 2023 15:16:55 -0500
Subject: [PATCH 316/359] catalog: validating Protocol and Health enums on
 Service, Workload, and ServiceEndpoints (#18554)

---
 internal/catalog/internal/types/service.go    | 14 ++++++-
 .../internal/types/service_endpoints.go       | 23 ++++++++++-
 .../internal/types/service_endpoints_test.go  | 35 ++++++++++++++++-
 .../catalog/internal/types/service_test.go    | 38 +++++++++++++++++--
 internal/catalog/internal/types/validators.go | 32 +++++++++++++++-
 .../catalog/internal/types/validators_test.go |  5 ++-
 internal/catalog/internal/types/workload.go   | 14 ++++++-
 .../catalog/internal/types/workload_test.go   | 31 +++++++++++++--
 8 files changed, 177 insertions(+), 15 deletions(-)

diff --git a/internal/catalog/internal/types/service.go b/internal/catalog/internal/types/service.go
index 9f933c53b950..91c0c732e2e8 100644
--- a/internal/catalog/internal/types/service.go
+++ b/internal/catalog/internal/types/service.go
@@ -6,10 +6,11 @@ package types
 import (
 	"math"
 
+	"github.com/hashicorp/go-multierror"
+
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/go-multierror"
 )
 
 const (
@@ -87,6 +88,17 @@ func ValidateService(res *pbresource.Resource) error {
 			})
 		}
 
+		if protoErr := validateProtocol(port.Protocol); protoErr != nil {
+			err = multierror.Append(err, resource.ErrInvalidListElement{
+				Name:  "ports",
+				Index: idx,
+				Wrapped: resource.ErrInvalidField{
+					Name:    "protocol",
+					Wrapped: protoErr,
+				},
+			})
+		}
+
 		// validate the virtual port is within the allowed range - 0 is allowed
 		// to signify that no virtual port should be used and the port will not
 		// be available for transparent proxying within the mesh.
diff --git a/internal/catalog/internal/types/service_endpoints.go b/internal/catalog/internal/types/service_endpoints.go
index 294ca09fabd4..a8a591ef26e2 100644
--- a/internal/catalog/internal/types/service_endpoints.go
+++ b/internal/catalog/internal/types/service_endpoints.go
@@ -6,10 +6,11 @@ package types
 import (
 	"math"
 
+	"github.com/hashicorp/go-multierror"
+
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/go-multierror"
 )
 
 const (
@@ -128,6 +129,13 @@ func validateEndpoint(endpoint *pbcatalog.Endpoint, res *pbresource.Resource) er
 		})
 	}
 
+	if healthErr := validateHealth(endpoint.HealthStatus); healthErr != nil {
+		err = multierror.Append(err, resource.ErrInvalidField{
+			Name:    "health_status",
+			Wrapped: healthErr,
+		})
+	}
+
 	// Validate the endpoints ports
 	for portName, port := range endpoint.Ports {
 		// Port names must be DNS labels
@@ -139,6 +147,17 @@ func validateEndpoint(endpoint *pbcatalog.Endpoint, res *pbresource.Resource) er
 			})
 		}
 
+		if protoErr := validateProtocol(port.Protocol); protoErr != nil {
+			err = multierror.Append(err, resource.ErrInvalidMapValue{
+				Map: "ports",
+				Key: portName,
+				Wrapped: resource.ErrInvalidField{
+					Name:    "protocol",
+					Wrapped: protoErr,
+				},
+			})
+		}
+
 		// As the physical port is the real port the endpoint will be bound to
 		// it must be in the standard 1-65535 range.
 		if port.Port < 1 || port.Port > math.MaxUint16 {
@@ -146,7 +165,7 @@ func validateEndpoint(endpoint *pbcatalog.Endpoint, res *pbresource.Resource) er
 				Map: "ports",
 				Key: portName,
 				Wrapped: resource.ErrInvalidField{
-					Name:    "phsical_port",
+					Name:    "physical_port",
 					Wrapped: errInvalidPhysicalPort,
 				},
 			})
diff --git a/internal/catalog/internal/types/service_endpoints_test.go b/internal/catalog/internal/types/service_endpoints_test.go
index ac835c9c70d1..9b45d7d2ca63 100644
--- a/internal/catalog/internal/types/service_endpoints_test.go
+++ b/internal/catalog/internal/types/service_endpoints_test.go
@@ -6,11 +6,12 @@ package types
 import (
 	"testing"
 
+	"github.com/stretchr/testify/require"
+
 	"github.com/hashicorp/consul/internal/resource"
 	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/stretchr/testify/require"
 )
 
 var (
@@ -130,6 +131,20 @@ func TestValidateServiceEndpoints_EndpointInvalid(t *testing.T) {
 				require.ErrorIs(t, err, resource.ErrEmpty)
 			},
 		},
+		"invalid-health-status": {
+			modify: func(endpoint *pbcatalog.Endpoint) {
+				endpoint.Ports["foo"] = &pbcatalog.WorkloadPort{
+					Port: 42,
+				}
+				endpoint.HealthStatus = 99
+			},
+			validateErr: func(t *testing.T, err error) {
+				rtest.RequireError(t, err, resource.ErrInvalidField{
+					Name:    "health_status",
+					Wrapped: resource.NewConstError("not a supported enum value: 99"),
+				})
+			},
+		},
 		"invalid-port-name": {
 			modify: func(endpoint *pbcatalog.Endpoint) {
 				endpoint.Ports[""] = &pbcatalog.WorkloadPort{
@@ -144,6 +159,24 @@ func TestValidateServiceEndpoints_EndpointInvalid(t *testing.T) {
 				})
 			},
 		},
+		"invalid-port-protocol": {
+			modify: func(endpoint *pbcatalog.Endpoint) {
+				endpoint.Ports["foo"] = &pbcatalog.WorkloadPort{
+					Port:     42,
+					Protocol: 99,
+				}
+			},
+			validateErr: func(t *testing.T, err error) {
+				rtest.RequireError(t, err, resource.ErrInvalidMapValue{
+					Map: "ports",
+					Key: "foo",
+					Wrapped: resource.ErrInvalidField{
+						Name:    "protocol",
+						Wrapped: resource.NewConstError("not a supported enum value: 99"),
+					},
+				})
+			},
+		},
 		"port-0": {
 			modify: func(endpoint *pbcatalog.Endpoint) {
 				endpoint.Ports["foo"].Port = 0
diff --git a/internal/catalog/internal/types/service_test.go b/internal/catalog/internal/types/service_test.go
index a2bdf2360ae8..4f53a5c0a62b 100644
--- a/internal/catalog/internal/types/service_test.go
+++ b/internal/catalog/internal/types/service_test.go
@@ -6,12 +6,13 @@ package types
 import (
 	"testing"
 
-	"github.com/hashicorp/consul/internal/resource"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/types/known/anypb"
+
+	"github.com/hashicorp/consul/internal/resource"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func createServiceResource(t *testing.T, data protoreflect.ProtoMessage) *pbresource.Resource {
@@ -171,6 +172,37 @@ func TestValidateService_VirtualPortReused(t *testing.T) {
 	require.EqualValues(t, 42, actual.Value)
 }
 
+func TestValidateService_InvalidPortProtocol(t *testing.T) {
+	data := &pbcatalog.Service{
+		Workloads: &pbcatalog.WorkloadSelector{
+			Prefixes: []string{""},
+		},
+		Ports: []*pbcatalog.ServicePort{
+			{
+				TargetPort: "foo",
+				Protocol:   99,
+			},
+		},
+	}
+
+	res := createServiceResource(t, data)
+
+	err := ValidateService(res)
+
+	expected := resource.ErrInvalidListElement{
+		Name:  "ports",
+		Index: 0,
+		Wrapped: resource.ErrInvalidField{
+			Name:    "protocol",
+			Wrapped: resource.NewConstError("not a supported enum value: 99"),
+		},
+	}
+
+	var actual resource.ErrInvalidListElement
+	require.ErrorAs(t, err, &actual)
+	require.Equal(t, expected, actual)
+}
+
 func TestValidateService_VirtualPortInvalid(t *testing.T) {
 	data := &pbcatalog.Service{
 		Workloads: &pbcatalog.WorkloadSelector{
diff --git a/internal/catalog/internal/types/validators.go b/internal/catalog/internal/types/validators.go
index 602ad71174bb..94691107f934 100644
--- a/internal/catalog/internal/types/validators.go
+++ b/internal/catalog/internal/types/validators.go
@@ -4,15 +4,17 @@
 package types
 
 import (
+	"fmt"
 	"net"
 	"regexp"
 	"strings"
 
+	"github.com/hashicorp/go-multierror"
+	"google.golang.org/protobuf/proto"
+
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/go-multierror"
-	"google.golang.org/protobuf/proto"
 )
 
 const (
@@ -135,6 +137,19 @@ func validatePortName(name string) error {
 	return nil
 }
 
+func validateProtocol(protocol pbcatalog.Protocol) error {
+	switch protocol {
+	case pbcatalog.Protocol_PROTOCOL_TCP,
+		pbcatalog.Protocol_PROTOCOL_HTTP,
+		pbcatalog.Protocol_PROTOCOL_HTTP2,
+		pbcatalog.Protocol_PROTOCOL_GRPC,
+		pbcatalog.Protocol_PROTOCOL_MESH:
+		return nil
+	default:
+		return resource.NewConstError(fmt.Sprintf("not a supported enum value: %v", protocol))
+	}
+}
+
 // validateWorkloadAddress will validate the WorkloadAddress type. This involves validating
 // the Host within the workload address and the ports references. For ports references we
 // ensure that values in the addresses ports array are present in the set of map keys.
@@ -207,3 +222,16 @@ func validateReference(allowedType *pbresource.Type, allowedTenancy *pbresource.
 
 	return err
 }
+
+func validateHealth(health pbcatalog.Health) error {
+	switch health {
+	case pbcatalog.Health_HEALTH_ANY,
+		pbcatalog.Health_HEALTH_PASSING,
+		pbcatalog.Health_HEALTH_WARNING,
+		pbcatalog.Health_HEALTH_CRITICAL,
+		pbcatalog.Health_HEALTH_MAINTENANCE:
+		return nil
+	default:
+		return resource.NewConstError(fmt.Sprintf("not a supported enum value: %v", health))
+	}
+}
diff --git a/internal/catalog/internal/types/validators_test.go b/internal/catalog/internal/types/validators_test.go
index d1f5e85d2bf8..a3790e9f9e05 100644
--- a/internal/catalog/internal/types/validators_test.go
+++ b/internal/catalog/internal/types/validators_test.go
@@ -8,11 +8,12 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/hashicorp/go-multierror"
+	"github.com/stretchr/testify/require"
+
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/go-multierror"
-	"github.com/stretchr/testify/require"
 )
 
 func TestIsValidDNSLabel(t *testing.T) {
diff --git a/internal/catalog/internal/types/workload.go b/internal/catalog/internal/types/workload.go
index 8560abfe8753..b26506d175e4 100644
--- a/internal/catalog/internal/types/workload.go
+++ b/internal/catalog/internal/types/workload.go
@@ -7,10 +7,11 @@ import (
 	"math"
 	"sort"
 
+	"github.com/hashicorp/go-multierror"
+
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/go-multierror"
 )
 
 const (
@@ -76,6 +77,17 @@ func ValidateWorkload(res *pbresource.Resource) error {
 			})
 		}
 
+		if protoErr := validateProtocol(port.Protocol); protoErr != nil {
+			err = multierror.Append(err, resource.ErrInvalidMapValue{
+				Map: "ports",
+				Key: portName,
+				Wrapped: resource.ErrInvalidField{
+					Name:    "protocol",
+					Wrapped: protoErr,
+				},
+			})
+		}
+
 		// Collect the list of mesh ports
 		if port.Protocol == pbcatalog.Protocol_PROTOCOL_MESH {
 			meshPorts = append(meshPorts, portName)
diff --git a/internal/catalog/internal/types/workload_test.go b/internal/catalog/internal/types/workload_test.go
index 6c4d6708c2b4..6763fba54c97 100644
--- a/internal/catalog/internal/types/workload_test.go
+++ b/internal/catalog/internal/types/workload_test.go
@@ -6,12 +6,13 @@ package types
 import (
 	"testing"
 
-	"github.com/hashicorp/consul/internal/resource"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/types/known/anypb"
+
+	"github.com/hashicorp/consul/internal/resource"
+	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func createWorkloadResource(t *testing.T, data protoreflect.ProtoMessage) *pbresource.Resource {
@@ -227,6 +228,30 @@ func TestValidateWorkload_InvalidPortName(t *testing.T) {
 	require.Equal(t, expected, actual)
 }
 
+func TestValidateWorkload_InvalidPortProtocol(t *testing.T) {
+	data := validWorkload()
+	data.Ports["foo"] = &pbcatalog.WorkloadPort{
+		Port:     42,
+		Protocol: 99,
+	}
+
+	res := createWorkloadResource(t, data)
+
+	err := ValidateWorkload(res)
+	require.Error(t, err)
+	expected := resource.ErrInvalidMapValue{
+		Map: "ports",
+		Key: "foo",
+		Wrapped: resource.ErrInvalidField{
+			Name:    "protocol",
+			Wrapped: resource.NewConstError("not a supported enum value: 99"),
+		},
+	}
+	var actual resource.ErrInvalidMapValue
+	require.ErrorAs(t, err, &actual)
+	require.Equal(t, expected, actual)
+}
+
 func TestValidateWorkload_Port0(t *testing.T) {
 	data := validWorkload()
 	data.Ports["bar"] = &pbcatalog.WorkloadPort{Port: 0}

From 8a931241f20bc14de3f88d409d72770be8ced322 Mon Sep 17 00:00:00 2001
From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com>
Date: Tue, 22 Aug 2023 17:23:54 -0500
Subject: [PATCH 317/359] chore: fix missing/incorrect license headers (#18555)

---
 .copywrite.hcl                                                 | 1 +
 agent/xds/configfetcher/config_fetcher.go                      | 3 +++
 agent/xds/proxystateconverter/locality_policy.go               | 2 +-
 agent/xds/proxystateconverter/locality_policy_ce.go            | 2 +-
 internal/mesh/internal/controllers/register.go                 | 2 +-
 internal/mesh/internal/controllers/xds/controller.go           | 3 +++
 internal/mesh/internal/controllers/xds/controller_test.go      | 2 +-
 internal/mesh/internal/controllers/xds/endpoint_builder.go     | 3 +++
 .../mesh/internal/controllers/xds/endpoint_builder_test.go     | 3 +++
 internal/mesh/internal/controllers/xds/mock_updater.go         | 3 +++
 internal/mesh/internal/controllers/xds/reconciliation_data.go  | 3 +++
 internal/mesh/internal/controllers/xds/status/status.go        | 3 +++
 internal/protohcl/any.go                                       | 3 +++
 internal/protohcl/attributes.go                                | 3 +++
 internal/protohcl/blocks.go                                    | 3 +++
 internal/protohcl/cty.go                                       | 3 +++
 internal/protohcl/decoder.go                                   | 3 +++
 internal/protohcl/doc.go                                       | 3 +++
 internal/protohcl/naming.go                                    | 3 +++
 internal/protohcl/oneof.go                                     | 3 +++
 internal/protohcl/primitives.go                                | 3 +++
 internal/protohcl/testproto/buf.gen.yaml                       | 3 +++
 internal/protohcl/testproto/example.pb.go                      | 3 +++
 internal/protohcl/testproto/example.proto                      | 3 +++
 internal/protohcl/unmarshal.go                                 | 3 +++
 internal/protohcl/unmarshal_test.go                            | 3 +++
 internal/protohcl/well_known_types.go                          | 3 +++
 internal/resourcehcl/any.go                                    | 3 +++
 internal/resourcehcl/naming.go                                 | 3 +++
 internal/resourcehcl/unmarshal.go                              | 3 +++
 internal/resourcehcl/unmarshal_test.go                         | 3 +++
 31 files changed, 83 insertions(+), 4 deletions(-)

diff --git a/.copywrite.hcl b/.copywrite.hcl
index 6e582b094bdb..dbe52115c27e 100644
--- a/.copywrite.hcl
+++ b/.copywrite.hcl
@@ -19,6 +19,7 @@ project {
 
     # ignore specific test data files
     "agent/uiserver/testdata/**",
+    "internal/resourcehcl/testdata/**",
 
     # generated files 
     "agent/structs/structs.deepcopy.go",
diff --git a/agent/xds/configfetcher/config_fetcher.go b/agent/xds/configfetcher/config_fetcher.go
index 8d4d311caf7a..db7d4f2035d2 100644
--- a/agent/xds/configfetcher/config_fetcher.go
+++ b/agent/xds/configfetcher/config_fetcher.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package configfetcher
 
 // ConfigFetcher is the interface the agent needs to expose
diff --git a/agent/xds/proxystateconverter/locality_policy.go b/agent/xds/proxystateconverter/locality_policy.go
index db62e63f5f95..c33f428fc2e2 100644
--- a/agent/xds/proxystateconverter/locality_policy.go
+++ b/agent/xds/proxystateconverter/locality_policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package proxystateconverter
 
diff --git a/agent/xds/proxystateconverter/locality_policy_ce.go b/agent/xds/proxystateconverter/locality_policy_ce.go
index 007501ffab7b..014ed0f8b9b5 100644
--- a/agent/xds/proxystateconverter/locality_policy_ce.go
+++ b/agent/xds/proxystateconverter/locality_policy_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 //go:build !consulent
 // +build !consulent
diff --git a/internal/mesh/internal/controllers/register.go b/internal/mesh/internal/controllers/register.go
index b6b8ac855b5b..e48540609cf1 100644
--- a/internal/mesh/internal/controllers/register.go
+++ b/internal/mesh/internal/controllers/register.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package controllers
 
diff --git a/internal/mesh/internal/controllers/xds/controller.go b/internal/mesh/internal/controllers/xds/controller.go
index 9cb7992d9fbf..1135f27f7518 100644
--- a/internal/mesh/internal/controllers/xds/controller.go
+++ b/internal/mesh/internal/controllers/xds/controller.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package xds
 
 import (
diff --git a/internal/mesh/internal/controllers/xds/controller_test.go b/internal/mesh/internal/controllers/xds/controller_test.go
index cd8a5adc225b..2363c0cb8460 100644
--- a/internal/mesh/internal/controllers/xds/controller_test.go
+++ b/internal/mesh/internal/controllers/xds/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
+// SPDX-License-Identifier: BUSL-1.1
 
 package xds
 
diff --git a/internal/mesh/internal/controllers/xds/endpoint_builder.go b/internal/mesh/internal/controllers/xds/endpoint_builder.go
index 71cae4b9b4b6..715dd2544bed 100644
--- a/internal/mesh/internal/controllers/xds/endpoint_builder.go
+++ b/internal/mesh/internal/controllers/xds/endpoint_builder.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package xds
 
 import (
diff --git a/internal/mesh/internal/controllers/xds/endpoint_builder_test.go b/internal/mesh/internal/controllers/xds/endpoint_builder_test.go
index 6334429abd1c..3340014e0625 100644
--- a/internal/mesh/internal/controllers/xds/endpoint_builder_test.go
+++ b/internal/mesh/internal/controllers/xds/endpoint_builder_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package xds
 
 import (
diff --git a/internal/mesh/internal/controllers/xds/mock_updater.go b/internal/mesh/internal/controllers/xds/mock_updater.go
index fc27382d6ef3..3b8554f49116 100644
--- a/internal/mesh/internal/controllers/xds/mock_updater.go
+++ b/internal/mesh/internal/controllers/xds/mock_updater.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package xds
 
 import (
diff --git a/internal/mesh/internal/controllers/xds/reconciliation_data.go b/internal/mesh/internal/controllers/xds/reconciliation_data.go
index 53b515a05257..a4aae8fdc43f 100644
--- a/internal/mesh/internal/controllers/xds/reconciliation_data.go
+++ b/internal/mesh/internal/controllers/xds/reconciliation_data.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package xds
 
 import (
diff --git a/internal/mesh/internal/controllers/xds/status/status.go b/internal/mesh/internal/controllers/xds/status/status.go
index 796bec422250..0aff944f5495 100644
--- a/internal/mesh/internal/controllers/xds/status/status.go
+++ b/internal/mesh/internal/controllers/xds/status/status.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package status
 
 import (
diff --git a/internal/protohcl/any.go b/internal/protohcl/any.go
index bc2a8c6faaa1..87b4549bfd07 100644
--- a/internal/protohcl/any.go
+++ b/internal/protohcl/any.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package protohcl
 
 import (
diff --git a/internal/protohcl/attributes.go b/internal/protohcl/attributes.go
index 1339a3be22c8..90501722b1fe 100644
--- a/internal/protohcl/attributes.go
+++ b/internal/protohcl/attributes.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package protohcl
 
 import (
diff --git a/internal/protohcl/blocks.go b/internal/protohcl/blocks.go
index dd156f29a400..cafffa99367d 100644
--- a/internal/protohcl/blocks.go
+++ b/internal/protohcl/blocks.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package protohcl
 
 import (
diff --git a/internal/protohcl/cty.go b/internal/protohcl/cty.go
index 2a0ec9ba24b3..e7ed37ed1699 100644
--- a/internal/protohcl/cty.go
+++ b/internal/protohcl/cty.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package protohcl
 
 import (
diff --git a/internal/protohcl/decoder.go b/internal/protohcl/decoder.go
index 23735acd717b..67ee074ec1c0 100644
--- a/internal/protohcl/decoder.go
+++ b/internal/protohcl/decoder.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package protohcl
 
 import (
diff --git a/internal/protohcl/doc.go b/internal/protohcl/doc.go
index aef25a109e4c..e3270f7cdcf1 100644
--- a/internal/protohcl/doc.go
+++ b/internal/protohcl/doc.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 // The protohcl package aims to define a canonical way to translate between
 // protobuf and HCL encodings of data.
 //
diff --git a/internal/protohcl/naming.go b/internal/protohcl/naming.go
index 14f83f1f4860..d8eef2275fd7 100644
--- a/internal/protohcl/naming.go
+++ b/internal/protohcl/naming.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package protohcl
 
 import "google.golang.org/protobuf/reflect/protoreflect"
diff --git a/internal/protohcl/oneof.go b/internal/protohcl/oneof.go
index 798c3a78d64f..0c95326614bd 100644
--- a/internal/protohcl/oneof.go
+++ b/internal/protohcl/oneof.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package protohcl
 
 import (
diff --git a/internal/protohcl/primitives.go b/internal/protohcl/primitives.go
index 8d2f1c025056..4d1f22033026 100644
--- a/internal/protohcl/primitives.go
+++ b/internal/protohcl/primitives.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package protohcl
 
 import (
diff --git a/internal/protohcl/testproto/buf.gen.yaml b/internal/protohcl/testproto/buf.gen.yaml
index 1adab9847c87..fecee5cf2496 100644
--- a/internal/protohcl/testproto/buf.gen.yaml
+++ b/internal/protohcl/testproto/buf.gen.yaml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
 version: v1
 managed:
   enabled: true
diff --git a/internal/protohcl/testproto/example.pb.go b/internal/protohcl/testproto/example.pb.go
index 06aba98dab45..304eac53d6d9 100644
--- a/internal/protohcl/testproto/example.pb.go
+++ b/internal/protohcl/testproto/example.pb.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.30.0
diff --git a/internal/protohcl/testproto/example.proto b/internal/protohcl/testproto/example.proto
index 9a0633cd6050..17bf737fa3ac 100644
--- a/internal/protohcl/testproto/example.proto
+++ b/internal/protohcl/testproto/example.proto
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 syntax = "proto3";
 
 package hashicorp.consul.internal.protohcl.testproto;
diff --git a/internal/protohcl/unmarshal.go b/internal/protohcl/unmarshal.go
index 5423651b3e02..0f3c80a4c26e 100644
--- a/internal/protohcl/unmarshal.go
+++ b/internal/protohcl/unmarshal.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package protohcl
 
 import (
diff --git a/internal/protohcl/unmarshal_test.go b/internal/protohcl/unmarshal_test.go
index 5f0eb9b18098..ef00de3ffbb6 100644
--- a/internal/protohcl/unmarshal_test.go
+++ b/internal/protohcl/unmarshal_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package protohcl
 
 import (
diff --git a/internal/protohcl/well_known_types.go b/internal/protohcl/well_known_types.go
index 508d9dfffedd..756f908fc413 100644
--- a/internal/protohcl/well_known_types.go
+++ b/internal/protohcl/well_known_types.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package protohcl
 
 import (
diff --git a/internal/resourcehcl/any.go b/internal/resourcehcl/any.go
index 0f2d657d15a4..3d797c48e5b8 100644
--- a/internal/resourcehcl/any.go
+++ b/internal/resourcehcl/any.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package resourcehcl
 
 import (
diff --git a/internal/resourcehcl/naming.go b/internal/resourcehcl/naming.go
index 7c714bb5b60c..a1160cc32363 100644
--- a/internal/resourcehcl/naming.go
+++ b/internal/resourcehcl/naming.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package resourcehcl
 
 import (
diff --git a/internal/resourcehcl/unmarshal.go b/internal/resourcehcl/unmarshal.go
index fba8bbdb53e0..610ebc641b82 100644
--- a/internal/resourcehcl/unmarshal.go
+++ b/internal/resourcehcl/unmarshal.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package resourcehcl
 
 import (
diff --git a/internal/resourcehcl/unmarshal_test.go b/internal/resourcehcl/unmarshal_test.go
index a47d3c805ce2..5e35f7df66b1 100644
--- a/internal/resourcehcl/unmarshal_test.go
+++ b/internal/resourcehcl/unmarshal_test.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
 package resourcehcl_test
 
 import (

From a1755d158c1ec8bcd98a9bc98f88cf836649e65d Mon Sep 17 00:00:00 2001
From: Vijay <vijayraghav22@gmail.com>
Date: Wed, 23 Aug 2023 03:56:05 +0530
Subject: [PATCH 318/359] fix for , non presence of consul-version meta
 (#18464)

* fix for #18406 , non presence of consul-version meta

* removed redundant checks

* updated mock-api to mimic api response for synthetic nodes

* added test to test getDistinctConsulVersions method with synthetic-node case

* updated typo in comments

* added change log
---
 .changelog/18464.txt                          |  3 +
 .../consul-ui/app/serializers/application.js  |  2 +-
 .../consul-ui/mock-api/v1/internal/ui/nodes   |  5 +-
 .../unit/serializers/application-test.js      | 91 +++++++++++++++++++
 4 files changed, 99 insertions(+), 2 deletions(-)
 create mode 100644 .changelog/18464.txt

diff --git a/.changelog/18464.txt b/.changelog/18464.txt
new file mode 100644
index 000000000000..b0c15cf0d552
--- /dev/null
+++ b/.changelog/18464.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+UI : Nodes list view was breaking for synthetic-nodes. Fix handles non existence of consul-version meta for node.
+```
diff --git a/ui/packages/consul-ui/app/serializers/application.js b/ui/packages/consul-ui/app/serializers/application.js
index 6230554f7caa..b7b1fa4847fe 100644
--- a/ui/packages/consul-ui/app/serializers/application.js
+++ b/ui/packages/consul-ui/app/serializers/application.js
@@ -227,7 +227,7 @@ export default class ApplicationSerializer extends Serializer {
     // create a Set and add version with only major.minor : ex-1.24.6 as 1.24
     let versionSet = new Set();
     payload.forEach(function (item) {
-      if (item.Meta && item.Meta['consul-version'] !== '') {
+      if (item.Meta && item.Meta['consul-version']) {
         const split = item.Meta['consul-version'].split('.');
         versionSet.add(split[0] + '.' + split[1]);
       }
diff --git a/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes b/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes
index de64b0bb8eb0..5cabfb42460d 100644
--- a/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes
+++ b/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes
@@ -13,6 +13,7 @@
       function(item, i)
       {
         const peerNameString = i === 0 ? '"PeerName": "billing",' : '"PeerName": "",'
+        const isSyntheticNode = env('CONSUL_AGENTLESS_ENABLED') ? fake.helpers.randomize([true, false, false, false]) : false
         return `
           {
             "ID":"${fake.random.uuid()}",
@@ -25,8 +26,10 @@
             },
             "Meta": {
               "consul-network-segment":"",
+              ${isSyntheticNode ? `` : `
               "consul-version": "${env('CONSUL_VERSION') ? fake.helpers.randomize([env('CONSUL_VERSION'),"1.10.4","1.15.2", "1.17.8","1.7.2","1.12.4", "1.17.2","1.0.9","2.0.2"]) : fake.helpers.randomize(["1.10.4","1.15.2", "1.17.8","1.7.2","1.12.4", "1.17.2","1.0.9","2.0.2"])  }",
-              "synthetic-node": ${env('CONSUL_AGENTLESS_ENABLED') ? fake.helpers.randomize([true, false, false, false]) : false}
+              `}
+              "synthetic-node": ${isSyntheticNode}
             },
             "Services":[
                 ${
diff --git a/ui/packages/consul-ui/tests/unit/serializers/application-test.js b/ui/packages/consul-ui/tests/unit/serializers/application-test.js
index d50bf81d3fae..180ae7617240 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/application-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/application-test.js
@@ -6,6 +6,7 @@
 import { module, test } from 'qunit';
 import { setupTest } from 'ember-qunit';
 import { HEADERS_SYMBOL as META } from 'consul-ui/utils/http/consul';
+import Node from 'consul-ui/models/node';
 
 module('Unit | Serializer | application', function (hooks) {
   setupTest(hooks);
@@ -122,4 +123,94 @@ module('Unit | Serializer | application', function (hooks) {
     assert.deepEqual(actual, expected);
     // assert.ok(adapter.uidForURL.calledTwice);
   });
+  test('normalizeResponse for Node returns the expected meta in response', function (assert) {
+    const store = this.owner.lookup('service:store');
+    const serializer = store.serializerFor('application');
+    serializer.timestamp = () => 1234567890; //mocks actual timestamp
+    serializer.primaryKey = 'primary-key-name';
+    serializer.slugKey = 'Name';
+    serializer.fingerprint = function (primary, slug, foreignValue) {
+      return function (item) {
+        return {
+          ...item,
+          ...{
+            Datacenter: foreignValue,
+            [primary]: item[slug],
+          },
+        };
+      };
+    };
+
+    const payload = [
+      {
+        Node: 'node-0',
+        Meta: { 'consul-version': '1.7.2' },
+        uid: '1234',
+        SyncTime: 1234567890,
+      },
+      {
+        Node: 'node-1',
+        Meta: { 'consul-version': '1.18.0' },
+        uid: '1235',
+        SyncTime: 1234567891,
+      },
+      // synthetic-node without consul-version meta
+      {
+        Node: 'node-2',
+        Meta: { 'synthetic-node': true },
+        uid: '1236',
+        SyncTime: 1234567891,
+      },
+    ];
+
+    const expected = {
+      data: [
+        {
+          attributes: {
+            Node: 'node-0',
+            Meta: { 'consul-version': '1.7.2' },
+            SyncTime: 1234567890,
+            uid: '1234',
+          },
+          id: '1234',
+          relationships: {},
+          type: 'node',
+        },
+        {
+          attributes: {
+            Node: 'node-1',
+            Meta: { 'consul-version': '1.18.0' },
+            SyncTime: 1234567890,
+            uid: '1235',
+          },
+          id: '1235',
+          relationships: {},
+          type: 'node',
+        },
+        {
+          attributes: {
+            Node: 'node-2',
+            Meta: { 'synthetic-node': true },
+            SyncTime: 1234567890,
+            uid: '1236',
+          },
+          id: '1236',
+          relationships: {},
+          type: 'node',
+        },
+      ],
+      included: [],
+      meta: {
+        versions: ['1.18', '1.7'], //expect distinct major versions sorted
+        cacheControl: undefined,
+        cursor: undefined,
+        date: 1234567890,
+        dc: undefined,
+        nspace: undefined,
+        partition: undefined,
+      },
+    };
+    const actual = serializer.normalizeResponse(store, Node, payload, '2', 'query');
+    assert.deepEqual(actual, expected);
+  });
 });

From a1cd3f83296ca96923944ea1f5068742a88f44e2 Mon Sep 17 00:00:00 2001
From: Dan Stough <dan.stough@hashicorp.com>
Date: Wed, 23 Aug 2023 10:23:36 -0400
Subject: [PATCH 319/359] feat: add experiments flag to testserver sdk (#18541)

---
 sdk/testutil/server.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sdk/testutil/server.go b/sdk/testutil/server.go
index a20f95123aab..148fb03d6a95 100644
--- a/sdk/testutil/server.go
+++ b/sdk/testutil/server.go
@@ -131,6 +131,7 @@ type TestServerConfig struct {
 	ReturnPorts         func()                 `json:"-"`
 	Audit               *TestAuditConfig       `json:"audit,omitempty"`
 	Version             string                 `json:"version,omitempty"`
+	Experiments         []string               `json:"experiments,omitempty"`
 }
 
 type TestACLs struct {

From b37587bb2cf0c2c4c2562a6551f05e1b2ed7e49d Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Wed, 23 Aug 2023 10:33:07 -0400
Subject: [PATCH 320/359] bug: prevent go routine leakage due to existing
 DeferCheck (#18558)

* bug: prevent go routine leakage due to existing DeferCheck

* add changelog
---
 .changelog/18558.txt | 3 +++
 agent/local/state.go | 6 ++++++
 2 files changed, 9 insertions(+)
 create mode 100644 .changelog/18558.txt

diff --git a/.changelog/18558.txt b/.changelog/18558.txt
new file mode 100644
index 000000000000..9c2b9b44bb31
--- /dev/null
+++ b/.changelog/18558.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+check: prevent go routine leakage when existing Defercheck of same check id is not nil
+```
diff --git a/agent/local/state.go b/agent/local/state.go
index 6a5fac9ff21c..67e72aece0b4 100644
--- a/agent/local/state.go
+++ b/agent/local/state.go
@@ -838,6 +838,12 @@ func (l *State) setCheckStateLocked(c *CheckState) {
 	existing := l.checks[id]
 	if existing != nil {
 		c.InSync = c.Check.IsSame(existing.Check)
+		// If the existing check has a Defercheck, it needs to be
+		// assigned to the new check
+		if existing.DeferCheck != nil && c.DeferCheck == nil {
+			c.DeferCheck = existing.DeferCheck
+			c.InSync = false
+		}
 	}
 
 	l.checks[id] = c

From 63fa78a141cfce24946c4c0fdda1e9b491c06a6d Mon Sep 17 00:00:00 2001
From: Anita Akaeze <anita.akaeze@hashicorp.com>
Date: Wed, 23 Aug 2023 15:26:05 -0400
Subject: [PATCH 321/359] NET-5382 & PLAT-1159: Do not trigger workflow if only
 doc files are in commit history (#18528)

NET-5382: Do not run workflow runs if at least one path matches
---
 .../scripts/filter_changed_files_go_test.sh   | 33 +++++++++++++++++++
 .github/workflows/go-tests.yml                | 18 +++++++++-
 .github/workflows/test-integrations.yml       | 18 +++++++++-
 3 files changed, 67 insertions(+), 2 deletions(-)
 create mode 100755 .github/scripts/filter_changed_files_go_test.sh

diff --git a/.github/scripts/filter_changed_files_go_test.sh b/.github/scripts/filter_changed_files_go_test.sh
new file mode 100755
index 000000000000..d83e4a094829
--- /dev/null
+++ b/.github/scripts/filter_changed_files_go_test.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Get the list of changed files
+files_to_check=$(git diff --name-only origin/$GITHUB_BASE_REF)
+
+# Define the directories to check
+skipped_directories=("docs/" "ui/" "website/" "grafana/")
+
+# Initialize a variable to track directories outside the skipped ones
+other_directories=""
+trigger_ci=false
+
+# Loop through the changed files and find directories/files outside the skipped ones
+for file_to_check in $files_to_check; do
+	file_is_skipped=false
+	for dir in "${skipped_directories[@]}"; do
+		if [[ "$file_to_check" == "$dir"* ]] || [[ "$file_to_check" == *.md && "$dir" == *"/" ]]; then
+			file_is_skipped=true
+			break
+		fi
+	done
+	if [ "$file_is_skipped" = "false" ]; then
+		other_directories+="$(dirname "$file_to_check")\n"
+		trigger_ci=true
+		echo "Non doc file(s) changed - triggered ci: $trigger_ci"
+		echo -e $other_directories
+		echo "trigger-ci=$trigger_ci" >>"$GITHUB_OUTPUT"
+		exit 0 ## if file is outside of the skipped_directory exit script
+	fi
+done
+
+echo "Only doc file(s) changed - triggered ci: $trigger_ci"
+echo "trigger-ci=$trigger_ci" >>"$GITHUB_OUTPUT"
diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 2136f43185e2..9db458ed5d51 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -24,8 +24,23 @@ env:
   GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
+  conditional-skip:
+    runs-on: ubuntu-latest 
+    name: Get files changed and conditionally skip CI
+    outputs:
+      trigger-ci: ${{ steps.read-files.outputs.trigger-ci }}
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          fetch-depth: 0  
+      - name: Get changed files
+        id: read-files
+        run: ./.github/scripts/filter_changed_files_go_test.sh
+
   setup:
+    needs: [conditional-skip]
     name: Setup
+    if: needs.conditional-skip.outputs.trigger-ci == 'true'
     runs-on: ubuntu-latest
     outputs:
       compute-small: ${{ steps.setup-outputs.outputs.compute-small }}
@@ -464,6 +479,7 @@ jobs:
 
   go-tests-success:
     needs:
+    - conditional-skip
     - setup
     # Reenable later
     #- check-generated-deep-copy
@@ -487,7 +503,7 @@ jobs:
     - go-test-32bit
     # - go-test-s390x
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
-    if: ${{ always() }}
+    if: always() && needs.conditional-skip.outputs.trigger-ci == 'true'
     steps:
       - name: evaluate upstream job results
         run: |
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 9fc3a59f905f..71394bba918d 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -26,9 +26,24 @@ env:
   GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
+  conditional-skip:
+    runs-on: ubuntu-latest 
+    name: Get files changed and conditionally skip CI
+    outputs:
+      trigger-ci: ${{ steps.read-files.outputs.trigger-ci }}
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          fetch-depth: 0  
+      - name: Get changed files
+        id: read-files
+        run: ./.github/scripts/filter_changed_files_go_test.sh
+
   setup:
+    needs: [conditional-skip]
     runs-on: ubuntu-latest
     name: Setup
+    if: needs.conditional-skip.outputs.trigger-ci == 'true'
     outputs:
       compute-small: ${{ steps.runners.outputs.compute-small }}
       compute-medium: ${{ steps.runners.outputs.compute-medium }}
@@ -558,6 +573,7 @@ jobs:
 
   test-integrations-success:
     needs: 
+    - conditional-skip
     - setup
     - dev-build
     - nomad-integration-test
@@ -567,7 +583,7 @@ jobs:
     - compatibility-integration-test
     - peering_commontopo-integration-test
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
-    if: ${{ always() }}
+    if: always() && needs.conditional-skip.outputs.trigger-ci == 'true'
     steps:
       - name: evaluate upstream job results
         run: |

From 34eb70037ba13588c4ffc80ac16b7ebaa92eb40c Mon Sep 17 00:00:00 2001
From: Natalie Smith <nataliemegans@gmail.com>
Date: Wed, 23 Aug 2023 12:59:30 -0700
Subject: [PATCH 322/359] UI: community verbiage (#18560)

* chore: update community verbiage

* chore: add changelog entry
---
 .changelog/18560.txt                                           | 3 +++
 .../app/components/consul/peer/form/token/fieldsets/index.hbs  | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/18560.txt

diff --git a/.changelog/18560.txt b/.changelog/18560.txt
new file mode 100644
index 000000000000..118fad95306d
--- /dev/null
+++ b/.changelog/18560.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: Use Community verbiage
+```
\ No newline at end of file
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
index 716a1e18b30b..ca4b98d1687a 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
@@ -24,7 +24,7 @@
           </li>
           <li>
             <strong>Switch to the peer</strong><br />
-            Someone on your team should log into the Datacenter (CE) or Admin Partition (Enterprise) that you want this one to connect with.
+            Someone on your team should log into the Datacenter (Community) or Admin Partition (Enterprise) that you want this one to connect with.
           </li>
           <li>
             <strong>Initiate the peering</strong><br />

From 2cc2c6b88dd2eda79ec4063ec4a3ca2c770ac743 Mon Sep 17 00:00:00 2001
From: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
Date: Thu, 24 Aug 2023 19:39:21 +0530
Subject: [PATCH 323/359] Fix Windows FIPS Build (#18357)

* Fix Windows FIPS Build

* create new file for windows arm

* removed build tag

* fix buidl tags

* fix multiple go build
---
 command/connect/envoy/exec_windows.go       |  5 +-
 command/connect/envoy/exec_windows_arm64.go | 83 +++++++++++++++++++++
 2 files changed, 85 insertions(+), 3 deletions(-)
 create mode 100644 command/connect/envoy/exec_windows_arm64.go

diff --git a/command/connect/envoy/exec_windows.go b/command/connect/envoy/exec_windows.go
index 1ae4f0cddb7b..cf262214ead2 100644
--- a/command/connect/envoy/exec_windows.go
+++ b/command/connect/envoy/exec_windows.go
@@ -1,8 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
-
-//go:build windows
-// +build windows
+//go:build windows && !fips
+// +build windows,!fips
 
 package envoy
 
diff --git a/command/connect/envoy/exec_windows_arm64.go b/command/connect/envoy/exec_windows_arm64.go
new file mode 100644
index 000000000000..b080d7818786
--- /dev/null
+++ b/command/connect/envoy/exec_windows_arm64.go
@@ -0,0 +1,83 @@
+//go:build fips
+// +build fips
+
+package envoy
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"time"
+)
+
+func makeBootstrapPipe(bootstrapJSON []byte) (string, error) {
+	tempFile := filepath.Join(os.TempDir(),
+		fmt.Sprintf("envoy-%x-bootstrap.json", time.Now().UnixNano()+int64(os.Getpid())))
+
+	f, err := os.Create(tempFile)
+	if err != nil {
+		return tempFile, err
+	}
+
+	defer f.Close()
+	f.Write(bootstrapJSON)
+	f.Sync()
+	// We can't wait for the process since we need to exec into Envoy before it
+	// will be able to complete so it will be remain as a zombie until Envoy is
+	// killed then will be reaped by the init process (pid 0). This is all a bit
+	// gross but the cleanest workaround I can think of for Envoy 1.10 not
+	// supporting /dev/fd/<fd> config paths any more. So we are done and leaving
+	// the child to run it's course without reaping it.
+	return tempFile, nil
+}
+
+func startProc(binary string, args []string) (p *os.Process, err error) {
+	if binary, err = exec.LookPath(binary); err == nil {
+		var procAttr os.ProcAttr
+		procAttr.Files = []*os.File{os.Stdin,
+			os.Stdout, os.Stderr}
+		p, err := os.StartProcess(binary, args, &procAttr)
+		if err == nil {
+			return p, nil
+		}
+	}
+	return nil, err
+}
+
+func execEnvoy(binary string, prefixArgs, suffixArgs []string, bootstrapJSON []byte) error {
+	tempFile, err := makeBootstrapPipe(bootstrapJSON)
+	if err != nil {
+		os.RemoveAll(tempFile)
+		return err
+	}
+	// We don't defer a cleanup since we are about to Exec into Envoy which means
+	// defer will never fire. The child process cleans up for us in the happy
+	// path.
+
+	// We default to disabling hot restart because it makes it easier to run
+	// multiple envoys locally for testing without them trying to share memory and
+	// unix sockets and complain about being different IDs. But if user is
+	// actually configuring hot-restart explicitly with the --restart-epoch option
+	// then don't disable it!
+	disableHotRestart := !hasHotRestartOption(prefixArgs, suffixArgs)
+
+	// First argument needs to be the executable name.
+	envoyArgs := []string{}
+	envoyArgs = append(envoyArgs, prefixArgs...)
+	if disableHotRestart {
+		envoyArgs = append(envoyArgs, "--disable-hot-restart")
+	}
+	envoyArgs = append(envoyArgs, suffixArgs...)
+	envoyArgs = append(envoyArgs, "--config-path", tempFile)
+
+	// Exec
+	if proc, err := startProc(binary, envoyArgs); err == nil {
+		proc.Wait()
+	} else if err != nil {
+		return errors.New("Failed to exec envoy: " + err.Error())
+	}
+
+	return nil
+}

From 82993fcc4f62a0069e000a0dc4e1026636342b1a Mon Sep 17 00:00:00 2001
From: "Chris S. Kim" <ckim@hashicorp.com>
Date: Thu, 24 Aug 2023 11:43:26 -0400
Subject: [PATCH 324/359] CE port of enterprise extension (#18572)

CE commit
---
 agent/envoyextensions/registered_extensions.go    | 10 ++++++----
 agent/envoyextensions/registered_extensions_ce.go |  8 ++++++++
 envoyextensions/extensioncommon/resources.go      | 10 ++++++----
 proto/private/prototest/testing.go                |  4 ++--
 4 files changed, 22 insertions(+), 10 deletions(-)
 create mode 100644 agent/envoyextensions/registered_extensions_ce.go

diff --git a/agent/envoyextensions/registered_extensions.go b/agent/envoyextensions/registered_extensions.go
index d9721b320b17..cef7598da35d 100644
--- a/agent/envoyextensions/registered_extensions.go
+++ b/agent/envoyextensions/registered_extensions.go
@@ -32,11 +32,13 @@ var extensionConstructors = map[string]extensionConstructor{
 // given config. Returns an error if the extension does not exist, or if the extension fails
 // to be constructed properly.
 func ConstructExtension(ext api.EnvoyExtension) (extensioncommon.EnvoyExtender, error) {
-	constructor, ok := extensionConstructors[ext.Name]
-	if !ok {
-		return nil, fmt.Errorf("name %q is not a built-in extension", ext.Name)
+	if constructor, ok := extensionConstructors[ext.Name]; ok {
+		return constructor(ext)
 	}
-	return constructor(ext)
+	if constructor, ok := enterpriseExtensionConstructors[ext.Name]; ok {
+		return constructor(ext)
+	}
+	return nil, fmt.Errorf("name %q is not a built-in extension", ext.Name)
 }
 
 // ValidateExtensions will attempt to construct each instance of the given envoy extension configurations
diff --git a/agent/envoyextensions/registered_extensions_ce.go b/agent/envoyextensions/registered_extensions_ce.go
new file mode 100644
index 000000000000..4b9e07e50ba4
--- /dev/null
+++ b/agent/envoyextensions/registered_extensions_ce.go
@@ -0,0 +1,8 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+//go:build !consulent
+
+package envoyextensions
+
+var enterpriseExtensionConstructors = map[string]extensionConstructor{}
diff --git a/envoyextensions/extensioncommon/resources.go b/envoyextensions/extensioncommon/resources.go
index 989c35dba739..c5febfb6dd30 100644
--- a/envoyextensions/extensioncommon/resources.go
+++ b/envoyextensions/extensioncommon/resources.go
@@ -411,8 +411,8 @@ func getSNI(chain *envoy_listener_v3.FilterChain) string {
 }
 
 // GetHTTPConnectionManager returns the Envoy HttpConnectionManager filter from the list of network filters.
-// It also returns the index within the list of filters where the connection manager was found in case the caller
-// needs this information.
+// It also returns the index within the list of filters where the connection manager was found in case the
+// caller needs to overwrite the original filter.
 // It returns a non-nil error if the HttpConnectionManager is not found.
 func GetHTTPConnectionManager(filters ...*envoy_listener_v3.Filter) (*envoy_http_v3.HttpConnectionManager, int, error) {
 	for idx, filter := range filters {
@@ -491,9 +491,11 @@ func InsertHTTPFilter(filters []*envoy_listener_v3.Filter, filter *envoy_http_v3
 	if err != nil {
 		return filters, errors.New("failed to insert new HTTP connection manager filter")
 	}
-	filters[idx] = newHttpConMan
+	filtersCopy := make([]*envoy_listener_v3.Filter, len(filters))
+	copy(filtersCopy, filters)
+	filtersCopy[idx] = newHttpConMan
 
-	return filters, nil
+	return filtersCopy, nil
 }
 
 // InsertNetworkFilter inserts the given network filter into the filter chain in the location
diff --git a/proto/private/prototest/testing.go b/proto/private/prototest/testing.go
index 6b6e81a4a174..32839a78aa80 100644
--- a/proto/private/prototest/testing.go
+++ b/proto/private/prototest/testing.go
@@ -13,12 +13,12 @@ type TestingT interface {
 	Fatalf(string, ...any)
 }
 
-func AssertDeepEqual(t TestingT, x, y interface{}, opts ...cmp.Option) {
+func AssertDeepEqual(t TestingT, exp, got interface{}, opts ...cmp.Option) {
 	t.Helper()
 
 	opts = append(opts, protocmp.Transform())
 
-	if diff := cmp.Diff(x, y, opts...); diff != "" {
+	if diff := cmp.Diff(exp, got, opts...); diff != "" {
 		t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff)
 	}
 }

From 067a0112e2ab618b1a3477a6ea7924c6909870b7 Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Thu, 24 Aug 2023 10:49:46 -0500
Subject: [PATCH 325/359] resource: Make resource listbyowner tenancy aware
 (#18566)

---
 .../services/resource/list_by_owner.go        |  83 ++++++++--
 .../services/resource/list_by_owner_test.go   | 155 +++++++++++++++---
 internal/resource/decode_test.go              |   6 +-
 internal/resource/demo/demo.go                |   7 -
 internal/resource/http/http_test.go           |   8 +-
 5 files changed, 206 insertions(+), 53 deletions(-)

diff --git a/agent/grpc-external/services/resource/list_by_owner.go b/agent/grpc-external/services/resource/list_by_owner.go
index 8f1b4216a3ac..3c0ccbda65e8 100644
--- a/agent/grpc-external/services/resource/list_by_owner.go
+++ b/agent/grpc-external/services/resource/list_by_owner.go
@@ -10,39 +10,71 @@ import (
 	"google.golang.org/grpc/status"
 
 	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func (s *Server) ListByOwner(ctx context.Context, req *pbresource.ListByOwnerRequest) (*pbresource.ListByOwnerResponse, error) {
-	if err := validateListByOwnerRequest(req); err != nil {
+	reg, err := s.validateListByOwnerRequest(req)
+	if err != nil {
 		return nil, err
 	}
 
-	_, err := s.resolveType(req.Owner.Type)
+	// Convert v2 request tenancy to v1 for ACL subsystem.
+	entMeta := v2TenancyToV1EntMeta(req.Owner.Tenancy)
+	token := tokenFromContext(ctx)
+
+	// Fill entMeta with token tenancy when empty.
+	authz, authzContext, err := s.getAuthorizer(token, entMeta)
 	if err != nil {
 		return nil, err
 	}
 
-	children, err := s.Backend.ListByOwner(ctx, req.Owner)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed list by owner: %v", err)
+	// Handle defaulting empty tenancy units from request.
+	v1EntMetaToV2Tenancy(reg, entMeta, req.Owner.Tenancy)
+
+	// Check list ACL before verifying tenancy exists to not leak tenancy existence.
+	err = reg.ACLs.List(authz, authzContext)
+	switch {
+	case acl.IsErrPermissionDenied(err):
+		return nil, status.Error(codes.PermissionDenied, err.Error())
+	case err != nil:
+		return nil, status.Errorf(codes.Internal, "failed list acl: %v", err)
 	}
 
-	// TODO(spatel): Refactor _ and entMeta in NET-4917
-	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
-	if err != nil {
+	// Check v1 tenancy exists for the v2 resource.
+	if err = v1TenancyExists(reg, s.V1TenancyBridge, req.Owner.Tenancy, codes.InvalidArgument); err != nil {
 		return nil, err
 	}
 
+	// Get owned resources.
+	children, err := s.Backend.ListByOwner(ctx, req.Owner)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed list by owner: %v", err)
+	}
+
 	result := make([]*pbresource.Resource, 0)
 	for _, child := range children {
-		reg, err := s.resolveType(child.Id.Type)
+		// Retrieve child type's registration to access read ACL hook.
+		childReg, err := s.resolveType(child.Id.Type)
 		if err != nil {
 			return nil, err
 		}
 
-		// ACL filter
-		err = reg.ACLs.Read(authz, authzContext, child.Id)
+		// Rebuild authorizer if tenancy not identical between owner and child (child scope
+		// may be narrower).
+		childAuthz := authz
+		childAuthzContext := authzContext
+		if !resource.EqualTenancy(req.Owner.Tenancy, child.Id.Tenancy) {
+			childEntMeta := v2TenancyToV1EntMeta(child.Id.Tenancy)
+			childAuthz, childAuthzContext, err = s.getAuthorizer(token, childEntMeta)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// Filter out children that fail real ACL.
+		err = childReg.ACLs.Read(childAuthz, childAuthzContext, child.Id)
 		switch {
 		case acl.IsErrPermissionDenied(err):
 			continue
@@ -55,17 +87,36 @@ func (s *Server) ListByOwner(ctx context.Context, req *pbresource.ListByOwnerReq
 	return &pbresource.ListByOwnerResponse{Resources: result}, nil
 }
 
-func validateListByOwnerRequest(req *pbresource.ListByOwnerRequest) error {
+func (s *Server) validateListByOwnerRequest(req *pbresource.ListByOwnerRequest) (*resource.Registration, error) {
 	if req.Owner == nil {
-		return status.Errorf(codes.InvalidArgument, "owner is required")
+		return nil, status.Errorf(codes.InvalidArgument, "owner is required")
 	}
 
 	if err := validateId(req.Owner, "owner"); err != nil {
-		return err
+		return nil, err
 	}
 
 	if req.Owner.Uid == "" {
-		return status.Errorf(codes.InvalidArgument, "owner uid is required")
+		return nil, status.Errorf(codes.InvalidArgument, "owner uid is required")
 	}
-	return nil
+
+	reg, err := s.resolveType(req.Owner.Type)
+	if err != nil {
+		return nil, err
+	}
+
+	// Lowercase
+	resource.Normalize(req.Owner.Tenancy)
+
+	// Error when partition scoped and namespace not empty.
+	if reg.Scope == resource.ScopePartition && req.Owner.Tenancy.Namespace != "" {
+		return nil, status.Errorf(
+			codes.InvalidArgument,
+			"partition scoped type %s cannot have a namespace. got: %s",
+			resource.ToGVK(req.Owner.Type),
+			req.Owner.Tenancy.Namespace,
+		)
+	}
+
+	return reg, nil
 }
diff --git a/agent/grpc-external/services/resource/list_by_owner_test.go b/agent/grpc-external/services/resource/list_by_owner_test.go
index 5b2fe63975bf..4a60e3ac9460 100644
--- a/agent/grpc-external/services/resource/list_by_owner_test.go
+++ b/agent/grpc-external/services/resource/list_by_owner_test.go
@@ -9,6 +9,7 @@ import (
 	"testing"
 
 	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/prototest"
@@ -17,41 +18,49 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
 )
 
 func TestListByOwner_InputValidation(t *testing.T) {
 	server := testServer(t)
 	client := testClient(t, server)
-
 	demo.RegisterTypes(server.Registry)
 
-	testCases := map[string]func(*pbresource.ListByOwnerRequest){
-		"no owner":   func(req *pbresource.ListByOwnerRequest) { req.Owner = nil },
-		"no type":    func(req *pbresource.ListByOwnerRequest) { req.Owner.Type = nil },
-		"no tenancy": func(req *pbresource.ListByOwnerRequest) { req.Owner.Tenancy = nil },
-		"no name":    func(req *pbresource.ListByOwnerRequest) { req.Owner.Name = "" },
-		"no uid":     func(req *pbresource.ListByOwnerRequest) { req.Owner.Uid = "" },
-		// clone necessary to not pollute DefaultTenancy
-		"tenancy partition not default": func(req *pbresource.ListByOwnerRequest) {
-			req.Owner.Tenancy = clone(req.Owner.Tenancy)
-			req.Owner.Tenancy.Partition = ""
+	testCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
+		"no owner": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID {
+			return nil
+		},
+		"no type": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			artistId.Type = nil
+			return artistId
+		},
+		"no tenancy": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			artistId.Tenancy = nil
+			return artistId
 		},
-		"tenancy namespace not default": func(req *pbresource.ListByOwnerRequest) {
-			req.Owner.Tenancy = clone(req.Owner.Tenancy)
-			req.Owner.Tenancy.Namespace = ""
+		"no name": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			artistId.Name = ""
+			return artistId
 		},
-		"tenancy peername not local": func(req *pbresource.ListByOwnerRequest) {
-			req.Owner.Tenancy = clone(req.Owner.Tenancy)
-			req.Owner.Tenancy.PeerName = ""
+		"no uid": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			artistId.Uid = ""
+			return artistId
+		},
+		"partition scope with non-empty namespace": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
+			recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace"
+			return recordLabelId
 		},
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
-			res, err := demo.GenerateV2Artist()
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
+
+			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
 			require.NoError(t, err)
 
-			req := &pbresource.ListByOwnerRequest{Owner: res.Id}
-			modFn(req)
+			// Each test case picks which resource to use based on the resource type's scope.
+			req := &pbresource.ListByOwnerRequest{Owner: modFn(artist.Id, recordLabel.Id)}
 
 			_, err = client.ListByOwner(testContext(t), req)
 			require.Error(t, err)
@@ -67,7 +76,7 @@ func TestListByOwner_TypeNotRegistered(t *testing.T) {
 	_, err := client.ListByOwner(context.Background(), &pbresource.ListByOwnerRequest{
 		Owner: &pbresource.ID{
 			Type:    demo.TypeV2Artist,
-			Tenancy: demo.TenancyDefault,
+			Tenancy: resource.DefaultNamespacedTenancy(),
 			Uid:     "bogus",
 			Name:    "bogus",
 		},
@@ -125,8 +134,108 @@ func TestListByOwner_Many(t *testing.T) {
 	prototest.AssertElementsMatch(t, albums, rsp3.Resources)
 }
 
+func TestListByOwner_OwnerTenancyDoesNotExist(t *testing.T) {
+	tenancyCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
+		"partition not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			id := clone(artistId)
+			id.Uid = "doesnotmatter"
+			id.Tenancy.Partition = "boguspartition"
+			return id
+		},
+		"namespace not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID {
+			id := clone(artistId)
+			id.Uid = "doesnotmatter"
+			id.Tenancy.Namespace = "bogusnamespace"
+			return id
+		},
+		"partition not found when partition scoped": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
+			id := clone(recordLabelId)
+			id.Uid = "doesnotmatter"
+			id.Tenancy.Partition = "boguspartition"
+			return id
+		},
+	}
+	for desc, modFn := range tenancyCases {
+		t.Run(desc, func(t *testing.T) {
+			server := testServer(t)
+			demo.RegisterTypes(server.Registry)
+			client := testClient(t, server)
+
+			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
+			require.NoError(t, err)
+			recordLabel, err = server.Backend.WriteCAS(testContext(t), recordLabel)
+			require.NoError(t, err)
+
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
+			artist, err = server.Backend.WriteCAS(testContext(t), artist)
+			require.NoError(t, err)
+
+			// Verify non-existant tenancy units in owner err with not found.
+			_, err = client.ListByOwner(testContext(t), &pbresource.ListByOwnerRequest{Owner: modFn(artist.Id, recordLabel.Id)})
+			require.Error(t, err)
+			require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
+			require.Contains(t, err.Error(), "resource not found")
+		})
+	}
+}
+
+func TestListByOwner_Tenancy_Defaults_And_Normalization(t *testing.T) {
+	for tenancyDesc, modFn := range tenancyCases() {
+		t.Run(tenancyDesc, func(t *testing.T) {
+			server := testServer(t)
+			demo.RegisterTypes(server.Registry)
+			client := testClient(t, server)
+
+			// Create partition scoped recordLabel.
+			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
+			require.NoError(t, err)
+			rsp1, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: recordLabel})
+			require.NoError(t, err)
+			recordLabel = rsp1.Resource
+
+			// Create namespace scoped artist.
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
+			rsp2, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: artist})
+			require.NoError(t, err)
+			artist = rsp2.Resource
+
+			// Owner will be either partition scoped (recordLabel) or namespace scoped (artist) based on testcase.
+			moddedOwnerId := modFn(artist.Id, recordLabel.Id)
+			var ownerId *pbresource.ID
+
+			// Avoid using the modded id when linking owner to child.
+			switch {
+			case proto.Equal(moddedOwnerId.Type, demo.TypeV2Artist):
+				ownerId = artist.Id
+			case proto.Equal(moddedOwnerId.Type, demo.TypeV1RecordLabel):
+				ownerId = recordLabel.Id
+			default:
+				require.Fail(t, "unexpected resource type")
+			}
+
+			// Link owner to child.
+			album, err := demo.GenerateV2Album(ownerId)
+			require.NoError(t, err)
+			rsp3, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: album})
+			require.NoError(t, err)
+			album = rsp3.Resource
+
+			// Test
+			listRsp, err := client.ListByOwner(testContext(t), &pbresource.ListByOwnerRequest{
+				Owner: moddedOwnerId,
+			})
+			require.NoError(t, err)
+
+			// Verify child album always returned.
+			prototest.AssertDeepEqual(t, album, listRsp.Resources[0])
+		})
+	}
+}
+
 func TestListByOwner_ACL_PerTypeDenied(t *testing.T) {
-	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.Album/" { policy = "deny" }`)
+	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.Album/" { policy = "deny" }`, demo.ArtistV2ListPolicy)
 	_, rsp, err := roundTripListByOwner(t, authz)
 
 	// verify resource filtered out, hence no results
@@ -135,7 +244,7 @@ func TestListByOwner_ACL_PerTypeDenied(t *testing.T) {
 }
 
 func TestListByOwner_ACL_PerTypeAllowed(t *testing.T) {
-	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.Album/" { policy = "read" }`)
+	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.Album/" { policy = "read" }`, demo.ArtistV2ListPolicy)
 	album, rsp, err := roundTripListByOwner(t, authz)
 
 	// verify resource not filtered out
diff --git a/internal/resource/decode_test.go b/internal/resource/decode_test.go
index 17c1bd7f1b07..a516673e4391 100644
--- a/internal/resource/decode_test.go
+++ b/internal/resource/decode_test.go
@@ -29,7 +29,7 @@ func TestGetDecodedResource(t *testing.T) {
 
 	babypantsID := &pbresource.ID{
 		Type:    demo.TypeV2Artist,
-		Tenancy: demo.TenancyDefault,
+		Tenancy: resource.DefaultNamespacedTenancy(),
 		Name:    "babypants",
 	}
 
@@ -75,7 +75,7 @@ func TestDecode(t *testing.T) {
 		foo := &pbresource.Resource{
 			Id: &pbresource.ID{
 				Type:    demo.TypeV2Artist,
-				Tenancy: demo.TenancyDefault,
+				Tenancy: resource.DefaultNamespacedTenancy(),
 				Name:    "babypants",
 			},
 			Data: any,
@@ -95,7 +95,7 @@ func TestDecode(t *testing.T) {
 		foo := &pbresource.Resource{
 			Id: &pbresource.ID{
 				Type:    demo.TypeV2Artist,
-				Tenancy: demo.TenancyDefault,
+				Tenancy: resource.DefaultNamespacedTenancy(),
 				Name:    "babypants",
 			},
 			Data: &anypb.Any{
diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go
index c47d7e31e676..0a8f2e440095 100644
--- a/internal/resource/demo/demo.go
+++ b/internal/resource/demo/demo.go
@@ -22,13 +22,6 @@ import (
 )
 
 var (
-	// TenancyDefault contains the default values for all tenancy units.
-	TenancyDefault = &pbresource.Tenancy{
-		Partition: resource.DefaultPartitionName,
-		PeerName:  "local",
-		Namespace: resource.DefaultNamespaceName,
-	}
-
 	// TypeV1RecordLabel represents a record label which artists are signed to.
 	// Used specifically as a resource to test partition only scoped resources.
 	TypeV1RecordLabel = &pbresource.Type{
diff --git a/internal/resource/http/http_test.go b/internal/resource/http/http_test.go
index 1edef161fb26..93c458ecbf4a 100644
--- a/internal/resource/http/http_test.go
+++ b/internal/resource/http/http_test.go
@@ -165,7 +165,7 @@ func TestResourceWriteHandler(t *testing.T) {
 		readRsp, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
 			Id: &pbresource.ID{
 				Type:    demo.TypeV2Artist,
-				Tenancy: demo.TenancyDefault,
+				Tenancy: resource.DefaultNamespacedTenancy(),
 				Name:    "keith-urban",
 			},
 		})
@@ -264,7 +264,7 @@ func TestResourceWriteHandler(t *testing.T) {
 		readRsp, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
 			Id: &pbresource.ID{
 				Type:    demo.TypeV1Artist,
-				Tenancy: demo.TenancyDefault,
+				Tenancy: resource.DefaultNamespacedTenancy(),
 				Name:    "keith-urban-v1",
 			},
 		})
@@ -430,7 +430,7 @@ func TestResourceDeleteHandler(t *testing.T) {
 		_, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
 			Id: &pbresource.ID{
 				Type:    demo.TypeV2Artist,
-				Tenancy: demo.TenancyDefault,
+				Tenancy: resource.DefaultNamespacedTenancy(),
 				Name:    "keith-urban",
 			},
 		})
@@ -453,7 +453,7 @@ func TestResourceDeleteHandler(t *testing.T) {
 		_, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
 			Id: &pbresource.ID{
 				Type:    demo.TypeV2Artist,
-				Tenancy: demo.TenancyDefault,
+				Tenancy: resource.DefaultNamespacedTenancy(),
 				Name:    "keith-urban",
 			},
 		})

From 59ab57f350df6cf7a7c0a8671441c501d8027344 Mon Sep 17 00:00:00 2001
From: John Maguire <john.maguire@hashicorp.com>
Date: Thu, 24 Aug 2023 15:07:14 -0400
Subject: [PATCH 326/359] NET-5147: Added placeholder structs for JWT
 functionality (#18575)

* Added placeholder structs for JWT functionality

* Added watches for CE vs ENT

* Add license header

* Undo plumbing work

* Add context arg
---
 agent/proxycfg/api_gateway_ce.go     | 17 +++++++++++++++++
 agent/xds/gw_per_route_filters_ce.go | 24 ++++++++++++++++++++++++
 agent/xds/jwt_authn_ce.go            | 25 +++++++++++++++++++++++++
 agent/xds/rbac.go                    | 17 ++++++++++++-----
 agent/xds/resources_ce_test.go       |  4 +++-
 agent/xds/resources_test.go          |  2 +-
 6 files changed, 82 insertions(+), 7 deletions(-)
 create mode 100644 agent/proxycfg/api_gateway_ce.go
 create mode 100644 agent/xds/gw_per_route_filters_ce.go
 create mode 100644 agent/xds/jwt_authn_ce.go

diff --git a/agent/proxycfg/api_gateway_ce.go b/agent/proxycfg/api_gateway_ce.go
new file mode 100644
index 000000000000..e2a3b375cd10
--- /dev/null
+++ b/agent/proxycfg/api_gateway_ce.go
@@ -0,0 +1,17 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+//go:build !consulent
+// +build !consulent
+
+package proxycfg
+
+import "context"
+
+func watchJWTProviders(cxt context.Context, h *handlerAPIGateway) error {
+	return nil
+}
+
+func setJWTProvider(u UpdateEvent, snap *ConfigSnapshot) error {
+	return nil
+}
diff --git a/agent/xds/gw_per_route_filters_ce.go b/agent/xds/gw_per_route_filters_ce.go
new file mode 100644
index 000000000000..cbf406cd07a1
--- /dev/null
+++ b/agent/xds/gw_per_route_filters_ce.go
@@ -0,0 +1,24 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+//go:build !consulent
+// +build !consulent
+
+package xds
+
+import (
+	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
+	"google.golang.org/protobuf/types/known/anypb"
+
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+type perRouteFilterBuilder struct {
+	providerMap map[string]*structs.JWTProviderConfigEntry
+	listener    *structs.APIGatewayListener
+	route       *structs.HTTPRouteConfigEntry
+}
+
+func (p perRouteFilterBuilder) buildFilter(match *envoy_route_v3.RouteMatch) (map[string]*anypb.Any, error) {
+	return nil, nil
+}
diff --git a/agent/xds/jwt_authn_ce.go b/agent/xds/jwt_authn_ce.go
new file mode 100644
index 000000000000..ac6d0a31d799
--- /dev/null
+++ b/agent/xds/jwt_authn_ce.go
@@ -0,0 +1,25 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+//go:build !consulent
+// +build !consulent
+
+package xds
+
+import (
+	envoy_http_jwt_authn_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3"
+	envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
+
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+type GatewayAuthFilterBuilder struct {
+	listener       structs.APIGatewayListener
+	route          *structs.HTTPRouteConfigEntry
+	providers      map[string]*structs.JWTProviderConfigEntry
+	envoyProviders map[string]*envoy_http_jwt_authn_v3.JwtProvider
+}
+
+func (g *GatewayAuthFilterBuilder) makeGatewayAuthFilters() ([]*envoy_http_v3.HttpFilter, error) {
+	return nil, nil
+}
diff --git a/agent/xds/rbac.go b/agent/xds/rbac.go
index 0c00cb92cb0c..68e91d2945ad 100644
--- a/agent/xds/rbac.go
+++ b/agent/xds/rbac.go
@@ -23,6 +23,11 @@ import (
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 )
 
+const (
+	envoyHTTPRBACFilterKey    = "envoy.filters.http.rbac"
+	envoyNetworkRBACFilterKey = "envoy.filters.network.rbac"
+)
+
 func makeRBACNetworkFilter(
 	intentions structs.SimplifiedIntentions,
 	intentionDefaultAllow bool,
@@ -38,7 +43,7 @@ func makeRBACNetworkFilter(
 		StatPrefix: "connect_authz",
 		Rules:      rules,
 	}
-	return makeFilter("envoy.filters.network.rbac", cfg)
+	return makeFilter(envoyNetworkRBACFilterKey, cfg)
 }
 
 func makeRBACHTTPFilter(
@@ -56,7 +61,7 @@ func makeRBACHTTPFilter(
 	cfg := &envoy_http_rbac_v3.RBAC{
 		Rules: rules,
 	}
-	return makeEnvoyHTTPFilter("envoy.filters.http.rbac", cfg)
+	return makeEnvoyHTTPFilter(envoyHTTPRBACFilterKey, cfg)
 }
 
 func intentionListToIntermediateRBACForm(
@@ -326,6 +331,7 @@ func intentionActionFromBool(v bool) intentionAction {
 		return intentionActionDeny
 	}
 }
+
 func intentionActionFromString(s structs.IntentionAction) intentionAction {
 	if s == structs.IntentionActionAllow {
 		return intentionActionAllow
@@ -809,7 +815,6 @@ func segmentToPermission(segments []*envoy_matcher_v3.MetadataMatcher_PathSegmen
 //		},
 //	},
 func pathToSegments(paths []string, payloadKey string) []*envoy_matcher_v3.MetadataMatcher_PathSegment {
-
 	segments := make([]*envoy_matcher_v3.MetadataMatcher_PathSegment, 0, len(paths))
 	segments = append(segments, makeSegment(payloadKey))
 
@@ -1029,8 +1034,10 @@ func xfccPrincipal(src rbacService) *envoy_rbac_v3.Principal {
 	}
 }
 
-const anyPath = `[^/]+`
-const trustDomain = anyPath + "." + anyPath
+const (
+	anyPath     = `[^/]+`
+	trustDomain = anyPath + "." + anyPath
+)
 
 // downstreamServiceIdentityMatcher needs to match XFCC headers in two cases:
 // 1. Requests to cluster peered services through a mesh gateway. In this case, the XFCC header looks like the following (I added a new line after each ; for readability)
diff --git a/agent/xds/resources_ce_test.go b/agent/xds/resources_ce_test.go
index fa7134817235..14d5a35253a4 100644
--- a/agent/xds/resources_ce_test.go
+++ b/agent/xds/resources_ce_test.go
@@ -6,6 +6,8 @@
 
 package xds
 
-func getEnterpriseGoldenTestCases() []goldenTestCase {
+import "testing"
+
+func getEnterpriseGoldenTestCases(t *testing.T) []goldenTestCase {
 	return nil
 }
diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go
index 926c44fab86e..69a704386b5d 100644
--- a/agent/xds/resources_test.go
+++ b/agent/xds/resources_test.go
@@ -193,7 +193,7 @@ func TestAllResourcesFromSnapshot(t *testing.T) {
 	tests = append(tests, getConnectProxyTransparentProxyGoldenTestCases()...)
 	tests = append(tests, getMeshGatewayPeeringGoldenTestCases()...)
 	tests = append(tests, getTrafficControlPeeringGoldenTestCases(false)...)
-	tests = append(tests, getEnterpriseGoldenTestCases()...)
+	tests = append(tests, getEnterpriseGoldenTestCases(t)...)
 	tests = append(tests, getAPIGatewayGoldenTestCases(t)...)
 
 	latestEnvoyVersion := xdscommon.EnvoyVersions[0]

From 2225bf0550d1975ae54961aff0ca85b8dc85b48d Mon Sep 17 00:00:00 2001
From: Semir Patel <semir.patel@hashicorp.com>
Date: Thu, 24 Aug 2023 14:18:47 -0500
Subject: [PATCH 327/359] resource: Make resource writestatus tenancy aware
 (#18577)

---
 .../services/resource/write_status.go         |  73 ++--
 .../services/resource/write_status_test.go    | 312 +++++++++++++++---
 .../services/resource/write_test.go           |   2 +-
 3 files changed, 323 insertions(+), 64 deletions(-)

diff --git a/agent/grpc-external/services/resource/write_status.go b/agent/grpc-external/services/resource/write_status.go
index d0dea6f16266..263814237eb3 100644
--- a/agent/grpc-external/services/resource/write_status.go
+++ b/agent/grpc-external/services/resource/write_status.go
@@ -8,40 +8,54 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/oklog/ulid/v2"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
-	"github.com/oklog/ulid/v2"
-
 	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func (s *Server) WriteStatus(ctx context.Context, req *pbresource.WriteStatusRequest) (*pbresource.WriteStatusResponse, error) {
-	// TODO(spatel): Refactor _ and entMeta as part of NET-4912
-	authz, _, err := s.getAuthorizer(tokenFromContext(ctx), acl.DefaultEnterpriseMeta())
+	reg, err := s.validateWriteStatusRequest(req)
 	if err != nil {
 		return nil, err
 	}
 
-	// check acls
-	err = authz.ToAllowAuthorizer().OperatorWriteAllowed(&acl.AuthorizerContext{})
-	switch {
-	case acl.IsErrPermissionDenied(err):
-		return nil, status.Error(codes.PermissionDenied, err.Error())
-	case err != nil:
-		return nil, status.Errorf(codes.Internal, "failed operator:write allowed acl: %v", err)
+	entMeta := v2TenancyToV1EntMeta(req.Id.Tenancy)
+	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), entMeta)
+	if err != nil {
+		return nil, err
 	}
 
-	if err := validateWriteStatusRequest(req); err != nil {
+	// Apply defaults when tenancy units empty.
+	v1EntMetaToV2Tenancy(reg, entMeta, req.Id.Tenancy)
+
+	// Check V1 tenancy exists for the V2 resource. Ignore "marked for deletion" since status updates
+	// should still work regardless.
+	if err = v1TenancyExists(reg, s.V1TenancyBridge, req.Id.Tenancy, codes.InvalidArgument); err != nil {
 		return nil, err
 	}
 
-	_, err = s.resolveType(req.Id.Type)
-	if err != nil {
-		return nil, err
+	// Retrieve resource since ACL hook requires it.
+	existing, err := s.Backend.Read(ctx, storage.EventualConsistency, req.Id)
+	switch {
+	case errors.Is(err, storage.ErrNotFound):
+		return nil, status.Errorf(codes.NotFound, err.Error())
+	case err != nil:
+		return nil, status.Errorf(codes.Internal, "failed read: %v", err)
+	}
+
+	// Check write ACL.
+	err = reg.ACLs.Write(authz, authzContext, existing)
+	switch {
+	case acl.IsErrPermissionDenied(err):
+		return nil, status.Error(codes.PermissionDenied, err.Error())
+	case err != nil:
+		return nil, status.Errorf(codes.Internal, "failed operator:write allowed acl: %v", err)
 	}
 
 	// At the storage backend layer, all writes are CAS operations.
@@ -99,7 +113,7 @@ func (s *Server) WriteStatus(ctx context.Context, req *pbresource.WriteStatusReq
 	return &pbresource.WriteStatusResponse{Resource: result}, nil
 }
 
-func validateWriteStatusRequest(req *pbresource.WriteStatusRequest) error {
+func (s *Server) validateWriteStatusRequest(req *pbresource.WriteStatusRequest) (*resource.Registration, error) {
 	var field string
 	switch {
 	case req.Id == nil:
@@ -144,16 +158,35 @@ func validateWriteStatusRequest(req *pbresource.WriteStatusRequest) error {
 		}
 	}
 	if field != "" {
-		return status.Errorf(codes.InvalidArgument, "%s is required", field)
+		return nil, status.Errorf(codes.InvalidArgument, "%s is required", field)
 	}
 
 	if req.Status.UpdatedAt != nil {
-		return status.Error(codes.InvalidArgument, "status.updated_at is automatically set and cannot be provided")
+		return nil, status.Error(codes.InvalidArgument, "status.updated_at is automatically set and cannot be provided")
 	}
 
 	if _, err := ulid.ParseStrict(req.Status.ObservedGeneration); err != nil {
-		return status.Error(codes.InvalidArgument, "status.observed_generation is not valid")
+		return nil, status.Error(codes.InvalidArgument, "status.observed_generation is not valid")
+	}
+
+	// Lowercase
+	resource.Normalize(req.Id.Tenancy)
+
+	// Check type exists.
+	reg, err := s.resolveType(req.Id.Type)
+	if err != nil {
+		return nil, err
+	}
+
+	// Check scope.
+	if reg.Scope == resource.ScopePartition && req.Id.Tenancy.Namespace != "" {
+		return nil, status.Errorf(
+			codes.InvalidArgument,
+			"partition scoped resource %s cannot have a namespace. got: %s",
+			resource.ToGVK(req.Id.Type),
+			req.Id.Tenancy.Namespace,
+		)
 	}
 
-	return nil
+	return reg, nil
 }
diff --git a/agent/grpc-external/services/resource/write_status_test.go b/agent/grpc-external/services/resource/write_status_test.go
index 8470f50d85c0..622cbcccc746 100644
--- a/agent/grpc-external/services/resource/write_status_test.go
+++ b/agent/grpc-external/services/resource/write_status_test.go
@@ -5,6 +5,7 @@ package resource
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/oklog/ulid/v2"
@@ -27,7 +28,7 @@ func TestWriteStatus_ACL(t *testing.T) {
 	}
 	testcases := map[string]testCase{
 		"denied": {
-			authz: AuthorizerFrom(t, demo.ArtistV2WritePolicy),
+			authz: AuthorizerFrom(t, demo.ArtistV2ReadPolicy),
 			assertErrFn: func(err error) {
 				require.Error(t, err)
 				require.Equal(t, codes.PermissionDenied.String(), status.Code(err).String())
@@ -45,11 +46,6 @@ func TestWriteStatus_ACL(t *testing.T) {
 		t.Run(desc, func(t *testing.T) {
 			server := testServer(t)
 			client := testClient(t, server)
-
-			mockACLResolver := &MockACLResolver{}
-			mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything).
-				Return(tc.authz, nil)
-			server.ACLResolver = mockACLResolver
 			demo.RegisterTypes(server.Registry)
 
 			artist, err := demo.GenerateV2Artist()
@@ -59,6 +55,12 @@ func TestWriteStatus_ACL(t *testing.T) {
 			require.NoError(t, err)
 			artist = rsp.Resource
 
+			// Defer mocking out authz since above write is necessary to set up the test resource.
+			mockACLResolver := &MockACLResolver{}
+			mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything).
+				Return(tc.authz, nil)
+			server.ACLResolver = mockACLResolver
+
 			// exercise ACL
 			_, err = client.WriteStatus(testContext(t), validWriteStatusRequest(t, artist))
 			tc.assertErrFn(err)
@@ -69,35 +71,92 @@ func TestWriteStatus_ACL(t *testing.T) {
 func TestWriteStatus_InputValidation(t *testing.T) {
 	server := testServer(t)
 	client := testClient(t, server)
-
 	demo.RegisterTypes(server.Registry)
 
-	testCases := map[string]func(*pbresource.WriteStatusRequest){
-		"no id":                   func(req *pbresource.WriteStatusRequest) { req.Id = nil },
-		"no type":                 func(req *pbresource.WriteStatusRequest) { req.Id.Type = nil },
-		"no tenancy":              func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy = nil },
-		"no name":                 func(req *pbresource.WriteStatusRequest) { req.Id.Name = "" },
-		"no uid":                  func(req *pbresource.WriteStatusRequest) { req.Id.Uid = "" },
-		"no key":                  func(req *pbresource.WriteStatusRequest) { req.Key = "" },
-		"no status":               func(req *pbresource.WriteStatusRequest) { req.Status = nil },
-		"no observed generation":  func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "" },
-		"bad observed generation": func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "bogus" },
-		"no condition type":       func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Type = "" },
-		"no reference type":       func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Type = nil },
-		"no reference tenancy":    func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Tenancy = nil },
-		"no reference name":       func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Name = "" },
-		"updated at provided":     func(req *pbresource.WriteStatusRequest) { req.Status.UpdatedAt = timestamppb.Now() },
+	testCases := map[string]struct {
+		typ   *pbresource.Type
+		modFn func(req *pbresource.WriteStatusRequest)
+	}{
+		"no id": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Id = nil },
+		},
+		"no type": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Type = nil },
+		},
+		"no tenancy": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy = nil },
+		},
+		"no name": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Name = "" },
+		},
+		"no uid": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Uid = "" },
+		},
+		"no key": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Key = "" },
+		},
+		"no status": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Status = nil },
+		},
+		"no observed generation": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "" },
+		},
+		"bad observed generation": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "bogus" },
+		},
+		"no condition type": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Type = "" },
+		},
+		"no reference type": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Type = nil },
+		},
+		"no reference tenancy": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Tenancy = nil },
+		},
+		"no reference name": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Name = "" },
+		},
+		"updated at provided": {
+			typ:   demo.TypeV2Artist,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.UpdatedAt = timestamppb.Now() },
+		},
+		"partition scoped type provides namespace in tenancy": {
+			typ:   demo.TypeV1RecordLabel,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Namespace = "bad" },
+		},
 	}
-	for desc, modFn := range testCases {
+	for desc, tc := range testCases {
 		t.Run(desc, func(t *testing.T) {
-			res, err := demo.GenerateV2Artist()
+			var res *pbresource.Resource
+			var err error
+			switch {
+			case resource.EqualType(demo.TypeV2Artist, tc.typ):
+				res, err = demo.GenerateV2Artist()
+			case resource.EqualType(demo.TypeV1RecordLabel, tc.typ):
+				res, err = demo.GenerateV1RecordLabel("Looney Tunes")
+			default:
+				t.Fatal("unsupported type", tc.typ)
+			}
 			require.NoError(t, err)
 
 			res.Id.Uid = ulid.Make().String()
 			res.Generation = ulid.Make().String()
 
 			req := validWriteStatusRequest(t, res)
-			modFn(req)
+			tc.modFn(req)
 
 			_, err = client.WriteStatus(testContext(t), req)
 			require.Error(t, err)
@@ -114,7 +173,6 @@ func TestWriteStatus_Success(t *testing.T) {
 		t.Run(desc, func(t *testing.T) {
 			server := testServer(t)
 			client := testClient(t, server)
-
 			demo.RegisterTypes(server.Registry)
 
 			res, err := demo.GenerateV2Artist()
@@ -147,6 +205,149 @@ func TestWriteStatus_Success(t *testing.T) {
 	}
 }
 
+func TestWriteStatus_Tenancy_Defaults(t *testing.T) {
+	for desc, tc := range map[string]struct {
+		scope resource.Scope
+		modFn func(req *pbresource.WriteStatusRequest)
+	}{
+		"namespaced resource provides nonempty partition and namespace": {
+			scope: resource.ScopeNamespace,
+			modFn: func(req *pbresource.WriteStatusRequest) {},
+		},
+		"namespaced resource provides uppercase partition and namespace": {
+			scope: resource.ScopeNamespace,
+			modFn: func(req *pbresource.WriteStatusRequest) {
+				req.Id.Tenancy.Partition = strings.ToUpper(req.Id.Tenancy.Partition)
+				req.Id.Tenancy.Namespace = strings.ToUpper(req.Id.Tenancy.Namespace)
+			},
+		},
+		"namespaced resource inherits tokens partition when empty": {
+			scope: resource.ScopeNamespace,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Partition = "" },
+		},
+		"namespaced resource inherits tokens namespace when empty": {
+			scope: resource.ScopeNamespace,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Namespace = "" },
+		},
+		"namespaced resource inherits tokens partition and namespace when empty": {
+			scope: resource.ScopeNamespace,
+			modFn: func(req *pbresource.WriteStatusRequest) {
+				req.Id.Tenancy.Partition = ""
+				req.Id.Tenancy.Namespace = ""
+			},
+		},
+		"partitioned resource provides nonempty partition": {
+			scope: resource.ScopePartition,
+			modFn: func(req *pbresource.WriteStatusRequest) {},
+		},
+		"partitioned resource provides uppercase partition": {
+			scope: resource.ScopePartition,
+			modFn: func(req *pbresource.WriteStatusRequest) {
+				req.Id.Tenancy.Partition = strings.ToUpper(req.Id.Tenancy.Partition)
+			},
+		},
+		"partitioned resource inherits tokens partition when empty": {
+			scope: resource.ScopePartition,
+			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Partition = "" },
+		},
+	} {
+		t.Run(desc, func(t *testing.T) {
+			server := testServer(t)
+			client := testClient(t, server)
+			demo.RegisterTypes(server.Registry)
+
+			// Pick resource based on scope of type in testcase.
+			var res *pbresource.Resource
+			var err error
+			switch tc.scope {
+			case resource.ScopeNamespace:
+				res, err = demo.GenerateV2Artist()
+			case resource.ScopePartition:
+				res, err = demo.GenerateV1RecordLabel("Looney Tunes")
+			}
+			require.NoError(t, err)
+
+			// Write resource so we can update status later.
+			writeRsp, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: res})
+			require.NoError(t, err)
+			res = writeRsp.Resource
+			require.Nil(t, res.Status)
+
+			// Write status with tenancy modded by testcase.
+			req := validWriteStatusRequest(t, res)
+			tc.modFn(req)
+			rsp, err := client.WriteStatus(testContext(t), req)
+			require.NoError(t, err)
+			res = rsp.Resource
+
+			// Re-read resoruce and verify status successfully written (not nil)
+			_, err = client.Read(testContext(t), &pbresource.ReadRequest{Id: res.Id})
+			require.NoError(t, err)
+			res = rsp.Resource
+			require.NotNil(t, res.Status)
+		})
+	}
+}
+
+func TestWriteStatus_Tenancy_NotFound(t *testing.T) {
+	for desc, tc := range map[string]struct {
+		scope       resource.Scope
+		modFn       func(req *pbresource.WriteStatusRequest)
+		errCode     codes.Code
+		errContains string
+	}{
+		"namespaced resource provides nonexistant partition": {
+			scope:       resource.ScopeNamespace,
+			modFn:       func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Partition = "bad" },
+			errCode:     codes.InvalidArgument,
+			errContains: "partition",
+		},
+		"namespaced resource provides nonexistant namespace": {
+			scope:       resource.ScopeNamespace,
+			modFn:       func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Namespace = "bad" },
+			errCode:     codes.InvalidArgument,
+			errContains: "namespace",
+		},
+		"partitioned resource provides nonexistant partition": {
+			scope:       resource.ScopePartition,
+			modFn:       func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Partition = "bad" },
+			errCode:     codes.InvalidArgument,
+			errContains: "partition",
+		},
+	} {
+		t.Run(desc, func(t *testing.T) {
+			server := testServer(t)
+			client := testClient(t, server)
+			demo.RegisterTypes(server.Registry)
+
+			// Pick resource based on scope of type in testcase.
+			var res *pbresource.Resource
+			var err error
+			switch tc.scope {
+			case resource.ScopeNamespace:
+				res, err = demo.GenerateV2Artist()
+			case resource.ScopePartition:
+				res, err = demo.GenerateV1RecordLabel("Looney Tunes")
+			}
+			require.NoError(t, err)
+
+			// Fill in required fields so validation continues until tenancy is checked
+			req := validWriteStatusRequest(t, res)
+			req.Id.Uid = ulid.Make().String()
+			req.Status.ObservedGeneration = ulid.Make().String()
+
+			// Write status with tenancy modded by testcase.
+			tc.modFn(req)
+			_, err = client.WriteStatus(testContext(t), req)
+
+			// Verify non-existant tenancy field is the cause of the error.
+			require.Error(t, err)
+			require.Equal(t, tc.errCode.String(), status.Code(err).String())
+			require.Contains(t, err.Error(), tc.errContains)
+		})
+	}
+}
+
 func TestWriteStatus_CASFailure(t *testing.T) {
 	server := testServer(t)
 	client := testClient(t, server)
@@ -268,24 +469,49 @@ func TestWriteStatus_NonCASUpdate_Retry(t *testing.T) {
 func validWriteStatusRequest(t *testing.T, res *pbresource.Resource) *pbresource.WriteStatusRequest {
 	t.Helper()
 
-	album, err := demo.GenerateV2Album(res.Id)
-	require.NoError(t, err)
-
-	return &pbresource.WriteStatusRequest{
-		Id:      res.Id,
-		Version: res.Version,
-		Key:     "consul.io/artist-controller",
-		Status: &pbresource.Status{
-			ObservedGeneration: res.Generation,
-			Conditions: []*pbresource.Condition{
-				{
-					Type:     "AlbumCreated",
-					State:    pbresource.Condition_STATE_TRUE,
-					Reason:   "AlbumCreated",
-					Message:  fmt.Sprintf("Album '%s' created", album.Id.Name),
-					Resource: resource.Reference(album.Id, ""),
+	switch {
+	case resource.EqualType(res.Id.Type, demo.TypeV2Artist):
+		album, err := demo.GenerateV2Album(res.Id)
+		require.NoError(t, err)
+		return &pbresource.WriteStatusRequest{
+			Id:      res.Id,
+			Version: res.Version,
+			Key:     "consul.io/artist-controller",
+			Status: &pbresource.Status{
+				ObservedGeneration: res.Generation,
+				Conditions: []*pbresource.Condition{
+					{
+						Type:     "AlbumCreated",
+						State:    pbresource.Condition_STATE_TRUE,
+						Reason:   "AlbumCreated",
+						Message:  fmt.Sprintf("Album '%s' created", album.Id.Name),
+						Resource: resource.Reference(album.Id, ""),
+					},
 				},
 			},
-		},
+		}
+	case resource.EqualType(res.Id.Type, demo.TypeV1RecordLabel):
+		artist, err := demo.GenerateV2Artist()
+		require.NoError(t, err)
+		return &pbresource.WriteStatusRequest{
+			Id:      res.Id,
+			Version: res.Version,
+			Key:     "consul.io/recordlabel-controller",
+			Status: &pbresource.Status{
+				ObservedGeneration: res.Generation,
+				Conditions: []*pbresource.Condition{
+					{
+						Type:     "ArtistCreated",
+						State:    pbresource.Condition_STATE_TRUE,
+						Reason:   "ArtistCreated",
+						Message:  fmt.Sprintf("Artist '%s' created", artist.Id.Name),
+						Resource: resource.Reference(artist.Id, ""),
+					},
+				},
+			},
+		}
+	default:
+		t.Fatal("unsupported type", res.Id.Type)
 	}
+	return nil
 }
diff --git a/agent/grpc-external/services/resource/write_test.go b/agent/grpc-external/services/resource/write_test.go
index 861f09951979..d472a6ec7414 100644
--- a/agent/grpc-external/services/resource/write_test.go
+++ b/agent/grpc-external/services/resource/write_test.go
@@ -297,7 +297,7 @@ func TestWrite_Create_Success(t *testing.T) {
 	}
 }
 
-func TestWrite_Create_Invalid_Tenancy(t *testing.T) {
+func TestWrite_Create_Tenancy_NotFound(t *testing.T) {
 	testCases := map[string]struct {
 		modFn       func(artist, recordLabel *pbresource.Resource) *pbresource.Resource
 		errCode     codes.Code

From 051f250edb23bf8c47fca965e80f9bd1eee73a26 Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Thu, 24 Aug 2023 16:44:14 -0600
Subject: [PATCH 328/359] NET-5338 - NET-5338 - Run a v2 mode xds server
 (#18579)

* NET-5338 - NET-5338 - Run a v2 mode xds server

* fix linting
---
 agent/agent.go                                |  44 ++-
 agent/agent_test.go                           |  73 ++++
 agent/config/default.go                       |   4 +-
 agent/config/runtime_test.go                  |   2 +-
 agent/consul/server.go                        |   4 +-
 agent/proxy-tracker/mock_Logger.go            |  31 --
 agent/proxy-tracker/proxy_tracker.go          |  45 +--
 agent/proxy-tracker/proxy_tracker_test.go     |  35 +-
 .../proxycfg-sources/catalog/config_source.go |  11 +-
 .../catalog/config_source_oss.go              |  13 +
 .../catalog/config_source_test.go             |  35 +-
 .../catalog/mock_ConfigManager.go             |  24 +-
 .../proxycfg-sources/catalog/mock_Watcher.go  |  38 ++-
 agent/proxycfg-sources/local/config_source.go |   6 +-
 .../local/mock_ConfigManager.go               |  24 +-
 agent/proxycfg-sources/local/sync.go          |   2 +-
 agent/proxycfg/manager.go                     |  12 +-
 agent/proxycfg/manager_test.go                |   8 +-
 agent/proxycfg/proxysnapshot.go               |  76 +++++
 agent/proxycfg/proxysnapshot_test.go          | 311 ++++++++++++++++++
 agent/proxycfg_test.go                        |   6 +-
 agent/xds/delta.go                            | 221 ++++++++-----
 agent/xds/delta_test.go                       |  17 +-
 agent/xds/protocol_trace.go                   |  15 +-
 agent/xds/proxystateconverter/converter.go    |  21 +-
 agent/xds/proxystateconverter/endpoints.go    |   8 +-
 agent/xds/server.go                           |  35 +-
 agent/xds/xds_protocol_helpers_test.go        |  15 +-
 agent/xdsv2/endpoint_resources.go             |   1 -
 agent/xdsv2/resources.go                      |   8 +-
 internal/mesh/proxy_state_exports.go          |  42 +++
 test/integration/connect/envoy/main_test.go   |  39 ++-
 test/integration/connect/envoy/run-tests.sh   |  12 +
 33 files changed, 921 insertions(+), 317 deletions(-)
 delete mode 100644 agent/proxy-tracker/mock_Logger.go
 create mode 100644 agent/proxycfg-sources/catalog/config_source_oss.go
 create mode 100644 agent/proxycfg/proxysnapshot.go
 create mode 100644 agent/proxycfg/proxysnapshot_test.go
 create mode 100644 internal/mesh/proxy_state_exports.go

diff --git a/agent/agent.go b/agent/agent.go
index 229ec5b8fd3d..5f2e57c718f3 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -9,6 +9,9 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	proxytracker "github.com/hashicorp/consul/agent/proxy-tracker"
+	catalogproxycfg "github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
+	"github.com/hashicorp/consul/lib/stringslice"
 	"io"
 	"net"
 	"net/http"
@@ -54,7 +57,6 @@ import (
 	"github.com/hashicorp/consul/agent/local"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	proxycfgglue "github.com/hashicorp/consul/agent/proxycfg-glue"
-	catalogproxycfg "github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
 	localproxycfg "github.com/hashicorp/consul/agent/proxycfg-sources/local"
 	"github.com/hashicorp/consul/agent/rpcclient"
 	"github.com/hashicorp/consul/agent/rpcclient/configentry"
@@ -908,13 +910,37 @@ func (a *Agent) Failed() <-chan struct{} {
 	return a.apiServers.failed
 }
 
-func (a *Agent) listenAndServeGRPC() error {
-	if len(a.config.GRPCAddrs) < 1 && len(a.config.GRPCTLSAddrs) < 1 {
-		return nil
+// useV2Resources returns true if "resource-apis" is present in the Experiments
+// array of the agent config.
+func (a *Agent) useV2Resources() bool {
+	if stringslice.Contains(a.baseDeps.Experiments, consul.CatalogResourceExperimentName) {
+		return true
+	}
+	return false
+}
+
+// getProxyWatcher returns the proper implementation of the ProxyWatcher interface.
+// It will return a ProxyTracker if "resource-apis" experiment is active.  Otherwise,
+// it will return a ConfigSource.
+func (a *Agent) getProxyWatcher() xds.ProxyWatcher {
+	if a.useV2Resources() {
+		return proxytracker.NewProxyTracker(proxytracker.ProxyTrackerConfig{
+			Logger:         a.proxyConfig.Logger.Named("proxy-tracker"),
+			SessionLimiter: a.baseDeps.XDSStreamLimiter,
+		})
+	} else {
+		return localproxycfg.NewConfigSource(a.proxyConfig)
 	}
+}
+
+// configureXDSServer configures an XDS server with the proper implementation of
+// the PRoxyWatcher interface and registers the XDS server with Consul's
+// external facing GRPC server.
+func (a *Agent) configureXDSServer() {
+	cfg := a.getProxyWatcher()
+
 	// TODO(agentless): rather than asserting the concrete type of delegate, we
 	// should add a method to the Delegate interface to build a ConfigSource.
-	var cfg xds.ProxyConfigSource = localproxycfg.NewConfigSource(a.proxyConfig)
 	if server, ok := a.delegate.(*consul.Server); ok {
 		catalogCfg := catalogproxycfg.NewConfigSource(catalogproxycfg.Config{
 			NodeName:          a.config.NodeName,
@@ -941,6 +967,14 @@ func (a *Agent) listenAndServeGRPC() error {
 		a,
 	)
 	a.xdsServer.Register(a.externalGRPCServer)
+}
+
+func (a *Agent) listenAndServeGRPC() error {
+	if len(a.config.GRPCAddrs) < 1 && len(a.config.GRPCTLSAddrs) < 1 {
+		return nil
+	}
+
+	a.configureXDSServer()
 
 	// Attempt to spawn listeners
 	var listeners []net.Listener
diff --git a/agent/agent_test.go b/agent/agent_test.go
index 96dd1de12555..174e8c8cdfbb 100644
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@@ -14,6 +14,11 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+	proxytracker "github.com/hashicorp/consul/agent/proxy-tracker"
+	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/proxycfg-sources/local"
+	"github.com/hashicorp/consul/agent/xds"
 	mathrand "math/rand"
 	"net"
 	"net/http"
@@ -22,6 +27,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"reflect"
 	"strconv"
 	"strings"
 	"sync"
@@ -6358,6 +6364,73 @@ func TestAgent_checkServerLastSeen(t *testing.T) {
 	})
 }
 
+func TestAgent_getProxyWatcher(t *testing.T) {
+	type testcase struct {
+		description    string
+		getExperiments func() []string
+		expectedType   xds.ProxyWatcher
+	}
+	testscases := []testcase{
+		{
+			description:  "config source is returned when api-resources experiment is not configured",
+			expectedType: &local.ConfigSource{},
+			getExperiments: func() []string {
+				return []string{}
+			},
+		},
+		{
+			description:  "proxy tracker is returned when api-resources experiment is configured",
+			expectedType: &proxytracker.ProxyTracker{},
+			getExperiments: func() []string {
+				return []string{consul.CatalogResourceExperimentName}
+			},
+		},
+	}
+	for _, tc := range testscases {
+		caConfig := tlsutil.Config{}
+		tlsConf, err := tlsutil.NewConfigurator(caConfig, hclog.New(nil))
+		require.NoError(t, err)
+
+		bd := BaseDeps{
+			Deps: consul.Deps{
+				Logger:          hclog.NewInterceptLogger(nil),
+				Tokens:          new(token.Store),
+				TLSConfigurator: tlsConf,
+				GRPCConnPool:    &fakeGRPCConnPool{},
+				Registry:        resource.NewRegistry(),
+			},
+			RuntimeConfig: &config.RuntimeConfig{
+				HTTPAddrs: []net.Addr{
+					&net.TCPAddr{IP: net.ParseIP("127.0.0.1"), Port: freeport.GetOne(t)},
+				},
+			},
+			Cache:  cache.New(cache.Options{}),
+			NetRPC: &LazyNetRPC{},
+		}
+
+		bd.XDSStreamLimiter = limiter.NewSessionLimiter()
+		bd.LeafCertManager = leafcert.NewManager(leafcert.Deps{
+			CertSigner:  leafcert.NewNetRPCCertSigner(bd.NetRPC),
+			RootsReader: leafcert.NewCachedRootsReader(bd.Cache, "dc1"),
+			Config:      leafcert.Config{},
+		})
+
+		cfg := config.RuntimeConfig{
+			BuildDate: time.Date(2000, 1, 1, 0, 0, 1, 0, time.UTC),
+		}
+		bd, err = initEnterpriseBaseDeps(bd, &cfg)
+		require.NoError(t, err)
+
+		bd.Experiments = tc.getExperiments()
+
+		agent, err := New(bd)
+		require.NoError(t, err)
+		agent.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{Logger: bd.Logger, Source: &structs.QuerySource{}})
+		require.NoError(t, err)
+		require.IsTypef(t, tc.expectedType, agent.getProxyWatcher(), fmt.Sprintf("Expected proxyWatcher to be of type %s", reflect.TypeOf(tc.expectedType)))
+	}
+
+}
 func getExpectedCaPoolByFile(t *testing.T) *x509.CertPool {
 	pool := x509.NewCertPool()
 	data, err := os.ReadFile("../test/ca/root.cer")
diff --git a/agent/config/default.go b/agent/config/default.go
index 275a32a33fd6..f5ef349b752b 100644
--- a/agent/config/default.go
+++ b/agent/config/default.go
@@ -209,9 +209,7 @@ func DevSource() Source {
 		ports = {
 			grpc = 8502
 		}
-		experiments = [
-			"resource-apis"
-		]
+		experiments = []
 	`,
 	}
 }
diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go
index 54074bc19561..e39557b3d41b 100644
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@@ -324,7 +324,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.DevMode = true
 			rt.DisableAnonymousSignature = true
 			rt.DisableKeyringFile = true
-			rt.Experiments = []string{"resource-apis"}
+			rt.Experiments = nil
 			rt.EnableDebug = true
 			rt.UIConfig.Enabled = true
 			rt.LeaveOnTerm = false
diff --git a/agent/consul/server.go b/agent/consul/server.go
index e440c6c27da9..64c0c1f76a15 100644
--- a/agent/consul/server.go
+++ b/agent/consul/server.go
@@ -134,7 +134,7 @@ const (
 
 	LeaderTransferMinVersion = "1.6.0"
 
-	catalogResourceExperimentName = "resource-apis"
+	CatalogResourceExperimentName = "resource-apis"
 )
 
 const (
@@ -874,7 +874,7 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 }
 
 func (s *Server) registerControllers(deps Deps) {
-	if stringslice.Contains(deps.Experiments, catalogResourceExperimentName) {
+	if stringslice.Contains(deps.Experiments, CatalogResourceExperimentName) {
 		catalog.RegisterControllers(s.controllerManager, catalog.DefaultControllerDependencies())
 		mesh.RegisterControllers(s.controllerManager, mesh.ControllerDependencies{
 			TrustBundleFetcher: func() (*pbproxystate.TrustBundle, error) {
diff --git a/agent/proxy-tracker/mock_Logger.go b/agent/proxy-tracker/mock_Logger.go
deleted file mode 100644
index b4d28b096e86..000000000000
--- a/agent/proxy-tracker/mock_Logger.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Code generated by mockery v2.32.4. DO NOT EDIT.
-
-package proxytracker
-
-import mock "github.com/stretchr/testify/mock"
-
-// MockLogger is an autogenerated mock type for the Logger type
-type MockLogger struct {
-	mock.Mock
-}
-
-// Error provides a mock function with given fields: args
-func (_m *MockLogger) Error(args ...interface{}) {
-	var _ca []interface{}
-	_ca = append(_ca, args...)
-	_m.Called(_ca...)
-}
-
-// NewMockLogger creates a new instance of MockLogger. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-// The first argument is typically a *testing.T value.
-func NewMockLogger(t interface {
-	mock.TestingT
-	Cleanup(func())
-}) *MockLogger {
-	mock := &MockLogger{}
-	mock.Mock.Test(t)
-
-	t.Cleanup(func() { mock.AssertExpectations(t) })
-
-	return mock
-}
diff --git a/agent/proxy-tracker/proxy_tracker.go b/agent/proxy-tracker/proxy_tracker.go
index 00c0cf23f990..ca4478f23782 100644
--- a/agent/proxy-tracker/proxy_tracker.go
+++ b/agent/proxy-tracker/proxy_tracker.go
@@ -6,6 +6,7 @@ package proxytracker
 import (
 	"errors"
 	"fmt"
+	"github.com/hashicorp/go-hclog"
 	"sync"
 
 	"github.com/hashicorp/consul/internal/controller"
@@ -14,7 +15,6 @@ import (
 
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/proxycfg"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
@@ -35,9 +35,9 @@ func (e *ProxyConnection) Key() string {
 // when the ProxyState for that proxyID has changed.
 type proxyWatchData struct {
 	// notifyCh is the channel that the watcher receives updates from ProxyTracker.
-	notifyCh chan *pbmesh.ProxyState
+	notifyCh chan proxycfg.ProxySnapshot
 	// state is the current/last updated ProxyState for a given proxy.
-	state *pbmesh.ProxyState
+	state *mesh.ProxyState
 	// token is the ACL token provided by the watcher.
 	token string
 	// nodeName is the node where the given proxy resides.
@@ -46,7 +46,7 @@ type proxyWatchData struct {
 
 type ProxyTrackerConfig struct {
 	// logger will be used to write log messages.
-	Logger Logger
+	Logger hclog.Logger
 
 	// sessionLimiter is used to enforce xDS concurrency limits.
 	SessionLimiter SessionLimiter
@@ -87,10 +87,10 @@ func NewProxyTracker(cfg ProxyTrackerConfig) *ProxyTracker {
 // Watch connects a proxy with ProxyTracker and returns the consumer a channel to receive updates,
 // a channel to notify of xDS terminated session, and a cancel function to cancel the watch.
 func (pt *ProxyTracker) Watch(proxyID *pbresource.ID,
-	nodeName string, token string) (<-chan *pbmesh.ProxyState,
+	nodeName string, token string) (<-chan proxycfg.ProxySnapshot,
 	limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
-
-	if err := validateArgs(proxyID, nodeName, token); err != nil {
+	pt.config.Logger.Trace("watch initiated", "proxyID", proxyID, "nodeName", nodeName)
+	if err := pt.validateWatchArgs(proxyID, nodeName); err != nil {
 		pt.config.Logger.Error("args failed validation", err)
 		return nil, nil, nil, err
 	}
@@ -105,7 +105,8 @@ func (pt *ProxyTracker) Watch(proxyID *pbresource.ID,
 
 	// This buffering is crucial otherwise we'd block immediately trying to
 	// deliver the current snapshot below if we already have one.
-	proxyStateChan := make(chan *pbmesh.ProxyState, 1)
+
+	proxyStateChan := make(chan proxycfg.ProxySnapshot, 1)
 	watchData := &proxyWatchData{
 		notifyCh: proxyStateChan,
 		state:    nil,
@@ -128,9 +129,11 @@ func (pt *ProxyTracker) Watch(proxyID *pbresource.ID,
 	//Send an event to the controller
 	err = pt.notifyNewProxyChannel(proxyID)
 	if err != nil {
+		pt.config.Logger.Error("failed to notify controller of new proxy connection", err)
 		pt.cancelWatchLocked(proxyReferenceKey, watchData.notifyCh, session)
 		return nil, nil, nil, err
 	}
+	pt.config.Logger.Trace("controller notified of watch created", "proxyID", proxyID, "nodeName", nodeName)
 
 	return proxyStateChan, session.Terminated(), cancel, nil
 }
@@ -163,34 +166,37 @@ func (pt *ProxyTracker) notifyNewProxyChannel(proxyID *pbresource.ID) error {
 // - ends the session with xDS session limiter.
 // - closes the proxy state channel assigned to the proxy.
 // This function assumes the state lock is already held.
-func (pt *ProxyTracker) cancelWatchLocked(proxyReferenceKey resource.ReferenceKey, proxyStateChan chan *pbmesh.ProxyState, session limiter.Session) {
+func (pt *ProxyTracker) cancelWatchLocked(proxyReferenceKey resource.ReferenceKey, proxyStateChan chan proxycfg.ProxySnapshot, session limiter.Session) {
 	delete(pt.proxies, proxyReferenceKey)
 	session.End()
 	close(proxyStateChan)
+	pt.config.Logger.Trace("watch cancelled", "proxyReferenceKey", proxyReferenceKey)
 }
 
-func validateArgs(proxyID *pbresource.ID,
-	nodeName string, token string) error {
+// validateWatchArgs checks the proxyIDand nodeName passed to Watch
+// and returns an error if the args are not properly constructed.
+func (pt *ProxyTracker) validateWatchArgs(proxyID *pbresource.ID,
+	nodeName string) error {
 	if proxyID == nil {
 		return errors.New("proxyID is required")
-	} else if proxyID.Type.Kind != mesh.ProxyStateTemplateConfigurationType.Kind {
+	} else if proxyID.GetType().GetKind() != mesh.ProxyStateTemplateConfigurationType.Kind {
 		return fmt.Errorf("proxyID must be a %s", mesh.ProxyStateTemplateConfigurationType.GetKind())
 	} else if nodeName == "" {
 		return errors.New("nodeName is required")
-	} else if token == "" {
-		return errors.New("token is required")
 	}
 
 	return nil
 }
 
 // PushChange allows pushing a computed ProxyState to xds for xds resource generation to send to a proxy.
-func (pt *ProxyTracker) PushChange(proxyID *pbresource.ID, proxyState *pbmesh.ProxyState) error {
+func (pt *ProxyTracker) PushChange(proxyID *pbresource.ID, proxyState *mesh.ProxyState) error {
+	pt.config.Logger.Trace("push change called for proxy", "proxyID", proxyID)
 	proxyReferenceKey := resource.NewReferenceKey(proxyID)
 	pt.mu.Lock()
 	defer pt.mu.Unlock()
 	if data, ok := pt.proxies[proxyReferenceKey]; ok {
 		data.state = proxyState
+
 		pt.deliverLatest(proxyID, proxyState, data.notifyCh)
 	} else {
 		return errors.New("proxyState change could not be sent because proxy is not connected")
@@ -199,7 +205,8 @@ func (pt *ProxyTracker) PushChange(proxyID *pbresource.ID, proxyState *pbmesh.Pr
 	return nil
 }
 
-func (pt *ProxyTracker) deliverLatest(proxyID *pbresource.ID, proxyState *pbmesh.ProxyState, ch chan *pbmesh.ProxyState) {
+func (pt *ProxyTracker) deliverLatest(proxyID *pbresource.ID, proxyState *mesh.ProxyState, ch chan proxycfg.ProxySnapshot) {
+	pt.config.Logger.Trace("delivering latest proxy snapshot to proxy", "proxyID", proxyID)
 	// Send if chan is empty
 	select {
 	case ch <- proxyState:
@@ -254,6 +261,7 @@ func (pt *ProxyTracker) ProxyConnectedToServer(proxyID *pbresource.ID) bool {
 
 // Shutdown removes all state and close all channels.
 func (pt *ProxyTracker) Shutdown() {
+	pt.config.Logger.Info("proxy tracker shutdown initiated")
 	pt.mu.Lock()
 	defer pt.mu.Unlock()
 
@@ -271,8 +279,3 @@ func (pt *ProxyTracker) Shutdown() {
 type SessionLimiter interface {
 	BeginSession() (limiter.Session, error)
 }
-
-//go:generate mockery --name Logger --inpackage
-type Logger interface {
-	Error(args ...any)
-}
diff --git a/agent/proxy-tracker/proxy_tracker_test.go b/agent/proxy-tracker/proxy_tracker_test.go
index 3913f95b213f..e799249d43af 100644
--- a/agent/proxy-tracker/proxy_tracker_test.go
+++ b/agent/proxy-tracker/proxy_tracker_test.go
@@ -13,6 +13,7 @@ import (
 	"github.com/hashicorp/consul/internal/resource/resourcetest"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 	"testing"
@@ -27,7 +28,7 @@ func TestProxyTracker_Watch(t *testing.T) {
 	session1.On("Terminated").Return(session1TermCh)
 	session1.On("End").Return()
 	lim.On("BeginSession").Return(session1, nil)
-	logger := NewMockLogger(t)
+	logger := testutil.Logger(t)
 
 	pt := NewProxyTracker(ProxyTrackerConfig{
 		Logger:         logger,
@@ -75,7 +76,7 @@ func TestProxyTracker_Watch_ErrorConsumerNotReady(t *testing.T) {
 	session1 := newMockSession(t)
 	session1.On("End").Return()
 	lim.On("BeginSession").Return(session1, nil)
-	logger := NewMockLogger(t)
+	logger := testutil.Logger(t)
 
 	pt := NewProxyTracker(ProxyTrackerConfig{
 		Logger:         logger,
@@ -125,13 +126,6 @@ func TestProxyTracker_Watch_ArgValidationErrors(t *testing.T) {
 			token:         "something",
 			expectedError: errors.New("nodeName is required"),
 		},
-		{
-			description:   "Empty token",
-			proxyID:       resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID(),
-			nodeName:      "something",
-			token:         "",
-			expectedError: errors.New("token is required"),
-		},
 		{
 			description:   "resource is not ProxyStateTemplate",
 			proxyID:       resourcetest.Resource(mesh.ProxyConfigurationType, "test").ID(),
@@ -143,8 +137,7 @@ func TestProxyTracker_Watch_ArgValidationErrors(t *testing.T) {
 	for _, tc := range testcases {
 		lim := NewMockSessionLimiter(t)
 		lim.On("BeginSession").Return(nil, nil).Maybe()
-		logger := NewMockLogger(t)
-		logger.On("Error", mock.Anything, mock.Anything).Return(nil)
+		logger := testutil.Logger(t)
 
 		pt := NewProxyTracker(ProxyTrackerConfig{
 			Logger:         logger,
@@ -165,9 +158,7 @@ func TestProxyTracker_Watch_SessionLimiterError(t *testing.T) {
 	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
 	lim := NewMockSessionLimiter(t)
 	lim.On("BeginSession").Return(nil, errors.New("kaboom"))
-	logger := NewMockLogger(t)
-	logger.On("Error", mock.Anything, mock.Anything).Return(nil)
-
+	logger := testutil.Logger(t)
 	pt := NewProxyTracker(ProxyTrackerConfig{
 		Logger:         logger,
 		SessionLimiter: lim,
@@ -190,7 +181,7 @@ func TestProxyTracker_PushChange(t *testing.T) {
 	session1TermCh := make(limiter.SessionTerminatedChan)
 	session1.On("Terminated").Return(session1TermCh)
 	lim.On("BeginSession").Return(session1, nil)
-	logger := NewMockLogger(t)
+	logger := testutil.Logger(t)
 
 	pt := NewProxyTracker(ProxyTrackerConfig{
 		Logger:         logger,
@@ -202,9 +193,9 @@ func TestProxyTracker_PushChange(t *testing.T) {
 	require.NoError(t, err)
 
 	// PushChange
-	proxyState := &pbmesh.ProxyState{
+	proxyState := &mesh.ProxyState{ProxyState: &pbmesh.ProxyState{
 		IntentionDefaultAllow: true,
-	}
+	}}
 
 	// using a goroutine so that the channel and main test thread do not cause
 	// blocking issues with each other
@@ -227,7 +218,7 @@ func TestProxyTracker_PushChange(t *testing.T) {
 func TestProxyTracker_PushChanges_ErrorProxyNotConnected(t *testing.T) {
 	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
 	lim := NewMockSessionLimiter(t)
-	logger := NewMockLogger(t)
+	logger := testutil.Logger(t)
 
 	pt := NewProxyTracker(ProxyTrackerConfig{
 		Logger:         logger,
@@ -235,9 +226,9 @@ func TestProxyTracker_PushChanges_ErrorProxyNotConnected(t *testing.T) {
 	})
 
 	// PushChange
-	proxyState := &pbmesh.ProxyState{
+	proxyState := &mesh.ProxyState{ProxyState: &pbmesh.ProxyState{
 		IntentionDefaultAllow: true,
-	}
+	}}
 
 	err := pt.PushChange(resourceID, proxyState)
 	require.Error(t, err)
@@ -276,7 +267,7 @@ func TestProxyTracker_ProxyConnectedToServer(t *testing.T) {
 		lim := NewMockSessionLimiter(t)
 		session1 := newMockSession(t)
 		session1TermCh := make(limiter.SessionTerminatedChan)
-		logger := NewMockLogger(t)
+		logger := testutil.Logger(t)
 
 		pt := NewProxyTracker(ProxyTrackerConfig{
 			Logger:         logger,
@@ -297,7 +288,7 @@ func TestProxyTracker_Shutdown(t *testing.T) {
 	session1.On("Terminated").Return(session1TermCh)
 	session1.On("End").Return().Maybe()
 	lim.On("BeginSession").Return(session1, nil)
-	logger := NewMockLogger(t)
+	logger := testutil.Logger(t)
 
 	pt := NewProxyTracker(ProxyTrackerConfig{
 		Logger:         logger,
diff --git a/agent/proxycfg-sources/catalog/config_source.go b/agent/proxycfg-sources/catalog/config_source.go
index fb1ceab31604..a7205b66221c 100644
--- a/agent/proxycfg-sources/catalog/config_source.go
+++ b/agent/proxycfg-sources/catalog/config_source.go
@@ -6,6 +6,7 @@ package catalog
 import (
 	"context"
 	"errors"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 	"sync"
 
 	"github.com/hashicorp/go-hclog"
@@ -48,11 +49,13 @@ func NewConfigSource(cfg Config) *ConfigSource {
 
 // Watch wraps the underlying proxycfg.Manager and dynamically registers
 // services from the catalog with it when requested by the xDS server.
-func (m *ConfigSource) Watch(serviceID structs.ServiceID, nodeName string, token string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+func (m *ConfigSource) Watch(id *pbresource.ID, nodeName string, token string) (<-chan proxycfg.ProxySnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+	// Create service ID
+	serviceID := structs.NewServiceID(id.Name, GetEnterpriseMetaFromResourceID(id))
 	// If the service is registered to the local agent, use the LocalConfigSource
 	// rather than trying to configure it from the catalog.
 	if nodeName == m.NodeName && m.LocalState.ServiceExists(serviceID) {
-		return m.LocalConfigSource.Watch(serviceID, nodeName, token)
+		return m.LocalConfigSource.Watch(id, nodeName, token)
 	}
 
 	// Begin a session with the xDS session concurrency limiter.
@@ -276,7 +279,7 @@ type Config struct {
 
 //go:generate mockery --name ConfigManager --inpackage
 type ConfigManager interface {
-	Watch(req proxycfg.ProxyID) (<-chan *proxycfg.ConfigSnapshot, proxycfg.CancelFunc)
+	Watch(req proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc)
 	Register(proxyID proxycfg.ProxyID, service *structs.NodeService, source proxycfg.ProxySource, token string, overwrite bool) error
 	Deregister(proxyID proxycfg.ProxyID, source proxycfg.ProxySource)
 }
@@ -289,7 +292,7 @@ type Store interface {
 
 //go:generate mockery --name Watcher --inpackage
 type Watcher interface {
-	Watch(proxyID structs.ServiceID, nodeName string, token string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error)
+	Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxycfg.ProxySnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error)
 }
 
 //go:generate mockery --name SessionLimiter --inpackage
diff --git a/agent/proxycfg-sources/catalog/config_source_oss.go b/agent/proxycfg-sources/catalog/config_source_oss.go
new file mode 100644
index 000000000000..21ddede8821b
--- /dev/null
+++ b/agent/proxycfg-sources/catalog/config_source_oss.go
@@ -0,0 +1,13 @@
+//go:build !consulent
+// +build !consulent
+
+package catalog
+
+import (
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+)
+
+func GetEnterpriseMetaFromResourceID(id *pbresource.ID) *acl.EnterpriseMeta {
+	return acl.DefaultEnterpriseMeta()
+}
diff --git a/agent/proxycfg-sources/catalog/config_source_test.go b/agent/proxycfg-sources/catalog/config_source_test.go
index 0767466a6d60..653ac66977e1 100644
--- a/agent/proxycfg-sources/catalog/config_source_test.go
+++ b/agent/proxycfg-sources/catalog/config_source_test.go
@@ -5,6 +5,7 @@ package catalog
 
 import (
 	"errors"
+	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	"testing"
 	"time"
 
@@ -19,6 +20,7 @@ import (
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/token"
+	"github.com/hashicorp/consul/internal/mesh"
 )
 
 func TestConfigSource_Success(t *testing.T) {
@@ -75,15 +77,15 @@ func TestConfigSource_Success(t *testing.T) {
 	})
 	t.Cleanup(mgr.Shutdown)
 
-	snapCh, termCh, cancelWatch1, err := mgr.Watch(serviceID, nodeName, token)
+	snapCh, termCh, cancelWatch1, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
 	require.NoError(t, err)
 	require.Equal(t, session1TermCh, termCh)
 
 	// Expect Register to have been called with the proxy's inital port.
 	select {
 	case snap := <-snapCh:
-		require.Equal(t, 9999, snap.Port)
-		require.Equal(t, token, snap.ProxyID.Token)
+		require.Equal(t, 9999, snap.(*proxycfg.ConfigSnapshot).Port)
+		require.Equal(t, token, snap.(*proxycfg.ConfigSnapshot).ProxyID.Token)
 	case <-time.After(100 * time.Millisecond):
 		t.Fatal("timeout waiting for snapshot")
 	}
@@ -107,7 +109,7 @@ func TestConfigSource_Success(t *testing.T) {
 	// Expect Register to have been called again with the proxy's new port.
 	select {
 	case snap := <-snapCh:
-		require.Equal(t, 8888, snap.Port)
+		require.Equal(t, 8888, snap.(*proxycfg.ConfigSnapshot).Port)
 	case <-time.After(100 * time.Millisecond):
 		t.Fatal("timeout waiting for snapshot")
 	}
@@ -126,13 +128,13 @@ func TestConfigSource_Success(t *testing.T) {
 		require.Equal(t, map[string]any{
 			"local_connect_timeout_ms": 123,
 			"max_inbound_connections":  321,
-		}, snap.Proxy.Config)
+		}, snap.(*proxycfg.ConfigSnapshot).Proxy.Config)
 	case <-time.After(100 * time.Millisecond):
 		t.Fatal("timeout waiting for snapshot")
 	}
 
 	// Start another watch.
-	_, termCh2, cancelWatch2, err := mgr.Watch(serviceID, nodeName, token)
+	_, termCh2, cancelWatch2, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
 	require.NoError(t, err)
 	require.Equal(t, session2TermCh, termCh2)
 
@@ -166,6 +168,7 @@ func TestConfigSource_Success(t *testing.T) {
 
 func TestConfigSource_LocallyManagedService(t *testing.T) {
 	serviceID := structs.NewServiceID("web-sidecar-proxy-1", nil)
+	proxyID := rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID()
 	nodeName := "node-1"
 	token := "token"
 
@@ -173,8 +176,8 @@ func TestConfigSource_LocallyManagedService(t *testing.T) {
 	localState.AddServiceWithChecks(&structs.NodeService{ID: serviceID.ID}, nil, "", false)
 
 	localWatcher := NewMockWatcher(t)
-	localWatcher.On("Watch", serviceID, nodeName, token).
-		Return(make(<-chan *proxycfg.ConfigSnapshot), nil, proxycfg.CancelFunc(func() {}), nil)
+	localWatcher.On("Watch", proxyID, nodeName, token).
+		Return(make(<-chan proxycfg.ProxySnapshot), nil, proxycfg.CancelFunc(func() {}), nil)
 
 	mgr := NewConfigSource(Config{
 		NodeName:          nodeName,
@@ -186,7 +189,7 @@ func TestConfigSource_LocallyManagedService(t *testing.T) {
 	})
 	t.Cleanup(mgr.Shutdown)
 
-	_, _, _, err := mgr.Watch(serviceID, nodeName, token)
+	_, _, _, err := mgr.Watch(proxyID, nodeName, token)
 	require.NoError(t, err)
 }
 
@@ -213,7 +216,7 @@ func TestConfigSource_ErrorRegisteringService(t *testing.T) {
 	cfgMgr := NewMockConfigManager(t)
 
 	cfgMgr.On("Watch", mock.Anything).
-		Return(make(<-chan *proxycfg.ConfigSnapshot), cancel)
+		Return(make(<-chan proxycfg.ProxySnapshot), cancel)
 
 	cfgMgr.On("Register", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).
 		Return(errors.New("KABOOM"))
@@ -233,7 +236,7 @@ func TestConfigSource_ErrorRegisteringService(t *testing.T) {
 	})
 	t.Cleanup(mgr.Shutdown)
 
-	_, _, _, err := mgr.Watch(serviceID, nodeName, token)
+	_, _, _, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
 	require.Error(t, err)
 	require.True(t, canceledWatch, "watch should've been canceled")
 
@@ -263,7 +266,7 @@ func TestConfigSource_NotProxyService(t *testing.T) {
 	cfgMgr := NewMockConfigManager(t)
 
 	cfgMgr.On("Watch", mock.Anything).
-		Return(make(<-chan *proxycfg.ConfigSnapshot), cancel)
+		Return(make(<-chan proxycfg.ProxySnapshot), cancel)
 
 	mgr := NewConfigSource(Config{
 		Manager:        cfgMgr,
@@ -274,7 +277,7 @@ func TestConfigSource_NotProxyService(t *testing.T) {
 	})
 	t.Cleanup(mgr.Shutdown)
 
-	_, _, _, err := mgr.Watch(serviceID, nodeName, token)
+	_, _, _, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
 	require.Error(t, err)
 	require.Contains(t, err.Error(), "must be a sidecar proxy or gateway")
 	require.True(t, canceledWatch, "watch should've been canceled")
@@ -291,7 +294,7 @@ func TestConfigSource_SessionLimiterError(t *testing.T) {
 	t.Cleanup(src.Shutdown)
 
 	_, _, _, err := src.Watch(
-		structs.NewServiceID("web-sidecar-proxy-1", nil),
+		rtest.Resource(mesh.ProxyConfigurationType, "web-sidecar-proxy-1").ID(),
 		"node-name",
 		"token",
 	)
@@ -309,9 +312,9 @@ func testConfigManager(t *testing.T, serviceID structs.ServiceID, nodeName strin
 		Token:     token,
 	}
 
-	snapCh := make(chan *proxycfg.ConfigSnapshot, 1)
+	snapCh := make(chan proxycfg.ProxySnapshot, 1)
 	cfgMgr.On("Watch", proxyID).
-		Return((<-chan *proxycfg.ConfigSnapshot)(snapCh), proxycfg.CancelFunc(func() {}), nil)
+		Return((<-chan proxycfg.ProxySnapshot)(snapCh), proxycfg.CancelFunc(func() {}), nil)
 
 	cfgMgr.On("Register", mock.Anything, mock.Anything, source, token, false).
 		Run(func(args mock.Arguments) {
diff --git a/agent/proxycfg-sources/catalog/mock_ConfigManager.go b/agent/proxycfg-sources/catalog/mock_ConfigManager.go
index 3ae51c5f6a95..b50d032d024a 100644
--- a/agent/proxycfg-sources/catalog/mock_ConfigManager.go
+++ b/agent/proxycfg-sources/catalog/mock_ConfigManager.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.15.0. DO NOT EDIT.
+// Code generated by mockery v2.32.4. DO NOT EDIT.
 
 package catalog
 
@@ -34,19 +34,22 @@ func (_m *MockConfigManager) Register(proxyID proxycfg.ProxyID, service *structs
 }
 
 // Watch provides a mock function with given fields: req
-func (_m *MockConfigManager) Watch(req proxycfg.ProxyID) (<-chan *proxycfg.ConfigSnapshot, proxycfg.CancelFunc) {
+func (_m *MockConfigManager) Watch(req proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc) {
 	ret := _m.Called(req)
 
-	var r0 <-chan *proxycfg.ConfigSnapshot
-	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan *proxycfg.ConfigSnapshot); ok {
+	var r0 <-chan proxycfg.ProxySnapshot
+	var r1 proxycfg.CancelFunc
+	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc)); ok {
+		return rf(req)
+	}
+	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan proxycfg.ProxySnapshot); ok {
 		r0 = rf(req)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(<-chan *proxycfg.ConfigSnapshot)
+			r0 = ret.Get(0).(<-chan proxycfg.ProxySnapshot)
 		}
 	}
 
-	var r1 proxycfg.CancelFunc
 	if rf, ok := ret.Get(1).(func(proxycfg.ProxyID) proxycfg.CancelFunc); ok {
 		r1 = rf(req)
 	} else {
@@ -58,13 +61,12 @@ func (_m *MockConfigManager) Watch(req proxycfg.ProxyID) (<-chan *proxycfg.Confi
 	return r0, r1
 }
 
-type mockConstructorTestingTNewMockConfigManager interface {
+// NewMockConfigManager creates a new instance of MockConfigManager. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewMockConfigManager(t interface {
 	mock.TestingT
 	Cleanup(func())
-}
-
-// NewMockConfigManager creates a new instance of MockConfigManager. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-func NewMockConfigManager(t mockConstructorTestingTNewMockConfigManager) *MockConfigManager {
+}) *MockConfigManager {
 	mock := &MockConfigManager{}
 	mock.Mock.Test(t)
 
diff --git a/agent/proxycfg-sources/catalog/mock_Watcher.go b/agent/proxycfg-sources/catalog/mock_Watcher.go
index d5ca046a4060..7701fd7d389a 100644
--- a/agent/proxycfg-sources/catalog/mock_Watcher.go
+++ b/agent/proxycfg-sources/catalog/mock_Watcher.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.15.0. DO NOT EDIT.
+// Code generated by mockery v2.32.4. DO NOT EDIT.
 
 package catalog
 
@@ -6,9 +6,9 @@ import (
 	limiter "github.com/hashicorp/consul/agent/grpc-external/limiter"
 	mock "github.com/stretchr/testify/mock"
 
-	proxycfg "github.com/hashicorp/consul/agent/proxycfg"
+	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
 
-	structs "github.com/hashicorp/consul/agent/structs"
+	proxycfg "github.com/hashicorp/consul/agent/proxycfg"
 )
 
 // MockWatcher is an autogenerated mock type for the Watcher type
@@ -17,20 +17,25 @@ type MockWatcher struct {
 }
 
 // Watch provides a mock function with given fields: proxyID, nodeName, token
-func (_m *MockWatcher) Watch(proxyID structs.ServiceID, nodeName string, token string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+func (_m *MockWatcher) Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxycfg.ProxySnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
 	ret := _m.Called(proxyID, nodeName, token)
 
-	var r0 <-chan *proxycfg.ConfigSnapshot
-	if rf, ok := ret.Get(0).(func(structs.ServiceID, string, string) <-chan *proxycfg.ConfigSnapshot); ok {
+	var r0 <-chan proxycfg.ProxySnapshot
+	var r1 limiter.SessionTerminatedChan
+	var r2 proxycfg.CancelFunc
+	var r3 error
+	if rf, ok := ret.Get(0).(func(*pbresource.ID, string, string) (<-chan proxycfg.ProxySnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error)); ok {
+		return rf(proxyID, nodeName, token)
+	}
+	if rf, ok := ret.Get(0).(func(*pbresource.ID, string, string) <-chan proxycfg.ProxySnapshot); ok {
 		r0 = rf(proxyID, nodeName, token)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(<-chan *proxycfg.ConfigSnapshot)
+			r0 = ret.Get(0).(<-chan proxycfg.ProxySnapshot)
 		}
 	}
 
-	var r1 limiter.SessionTerminatedChan
-	if rf, ok := ret.Get(1).(func(structs.ServiceID, string, string) limiter.SessionTerminatedChan); ok {
+	if rf, ok := ret.Get(1).(func(*pbresource.ID, string, string) limiter.SessionTerminatedChan); ok {
 		r1 = rf(proxyID, nodeName, token)
 	} else {
 		if ret.Get(1) != nil {
@@ -38,8 +43,7 @@ func (_m *MockWatcher) Watch(proxyID structs.ServiceID, nodeName string, token s
 		}
 	}
 
-	var r2 proxycfg.CancelFunc
-	if rf, ok := ret.Get(2).(func(structs.ServiceID, string, string) proxycfg.CancelFunc); ok {
+	if rf, ok := ret.Get(2).(func(*pbresource.ID, string, string) proxycfg.CancelFunc); ok {
 		r2 = rf(proxyID, nodeName, token)
 	} else {
 		if ret.Get(2) != nil {
@@ -47,8 +51,7 @@ func (_m *MockWatcher) Watch(proxyID structs.ServiceID, nodeName string, token s
 		}
 	}
 
-	var r3 error
-	if rf, ok := ret.Get(3).(func(structs.ServiceID, string, string) error); ok {
+	if rf, ok := ret.Get(3).(func(*pbresource.ID, string, string) error); ok {
 		r3 = rf(proxyID, nodeName, token)
 	} else {
 		r3 = ret.Error(3)
@@ -57,13 +60,12 @@ func (_m *MockWatcher) Watch(proxyID structs.ServiceID, nodeName string, token s
 	return r0, r1, r2, r3
 }
 
-type mockConstructorTestingTNewMockWatcher interface {
+// NewMockWatcher creates a new instance of MockWatcher. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewMockWatcher(t interface {
 	mock.TestingT
 	Cleanup(func())
-}
-
-// NewMockWatcher creates a new instance of MockWatcher. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-func NewMockWatcher(t mockConstructorTestingTNewMockWatcher) *MockWatcher {
+}) *MockWatcher {
 	mock := &MockWatcher{}
 	mock.Mock.Test(t)
 
diff --git a/agent/proxycfg-sources/local/config_source.go b/agent/proxycfg-sources/local/config_source.go
index e104043bac60..634a0f479ebc 100644
--- a/agent/proxycfg-sources/local/config_source.go
+++ b/agent/proxycfg-sources/local/config_source.go
@@ -6,7 +6,9 @@ package local
 import (
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
 	structs "github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 // ConfigSource wraps a proxycfg.Manager to create watches on services
@@ -20,7 +22,9 @@ func NewConfigSource(cfgMgr ConfigManager) *ConfigSource {
 	return &ConfigSource{cfgMgr}
 }
 
-func (m *ConfigSource) Watch(serviceID structs.ServiceID, nodeName string, _ string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+func (m *ConfigSource) Watch(proxyID *pbresource.ID, nodeName string, _ string) (<-chan proxycfg.ProxySnapshot,
+	limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+	serviceID := structs.NewServiceID(proxyID.Name, catalog.GetEnterpriseMetaFromResourceID(proxyID))
 	watchCh, cancelWatch := m.manager.Watch(proxycfg.ProxyID{
 		ServiceID: serviceID,
 		NodeName:  nodeName,
diff --git a/agent/proxycfg-sources/local/mock_ConfigManager.go b/agent/proxycfg-sources/local/mock_ConfigManager.go
index 8f2c8fc6c836..d16f0e98ee3d 100644
--- a/agent/proxycfg-sources/local/mock_ConfigManager.go
+++ b/agent/proxycfg-sources/local/mock_ConfigManager.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.15.0. DO NOT EDIT.
+// Code generated by mockery v2.32.4. DO NOT EDIT.
 
 package local
 
@@ -50,19 +50,22 @@ func (_m *MockConfigManager) RegisteredProxies(source proxycfg.ProxySource) []pr
 }
 
 // Watch provides a mock function with given fields: id
-func (_m *MockConfigManager) Watch(id proxycfg.ProxyID) (<-chan *proxycfg.ConfigSnapshot, proxycfg.CancelFunc) {
+func (_m *MockConfigManager) Watch(id proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc) {
 	ret := _m.Called(id)
 
-	var r0 <-chan *proxycfg.ConfigSnapshot
-	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan *proxycfg.ConfigSnapshot); ok {
+	var r0 <-chan proxycfg.ProxySnapshot
+	var r1 proxycfg.CancelFunc
+	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc)); ok {
+		return rf(id)
+	}
+	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan proxycfg.ProxySnapshot); ok {
 		r0 = rf(id)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(<-chan *proxycfg.ConfigSnapshot)
+			r0 = ret.Get(0).(<-chan proxycfg.ProxySnapshot)
 		}
 	}
 
-	var r1 proxycfg.CancelFunc
 	if rf, ok := ret.Get(1).(func(proxycfg.ProxyID) proxycfg.CancelFunc); ok {
 		r1 = rf(id)
 	} else {
@@ -74,13 +77,12 @@ func (_m *MockConfigManager) Watch(id proxycfg.ProxyID) (<-chan *proxycfg.Config
 	return r0, r1
 }
 
-type mockConstructorTestingTNewMockConfigManager interface {
+// NewMockConfigManager creates a new instance of MockConfigManager. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewMockConfigManager(t interface {
 	mock.TestingT
 	Cleanup(func())
-}
-
-// NewMockConfigManager creates a new instance of MockConfigManager. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-func NewMockConfigManager(t mockConstructorTestingTNewMockConfigManager) *MockConfigManager {
+}) *MockConfigManager {
 	mock := &MockConfigManager{}
 	mock.Mock.Test(t)
 
diff --git a/agent/proxycfg-sources/local/sync.go b/agent/proxycfg-sources/local/sync.go
index 982e527f7934..bb06cc84381c 100644
--- a/agent/proxycfg-sources/local/sync.go
+++ b/agent/proxycfg-sources/local/sync.go
@@ -135,7 +135,7 @@ func sync(cfg SyncConfig) {
 
 //go:generate mockery --name ConfigManager --inpackage
 type ConfigManager interface {
-	Watch(id proxycfg.ProxyID) (<-chan *proxycfg.ConfigSnapshot, proxycfg.CancelFunc)
+	Watch(id proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc)
 	Register(proxyID proxycfg.ProxyID, service *structs.NodeService, source proxycfg.ProxySource, token string, overwrite bool) error
 	Deregister(proxyID proxycfg.ProxyID, source proxycfg.ProxySource)
 	RegisteredProxies(source proxycfg.ProxySource) []proxycfg.ProxyID
diff --git a/agent/proxycfg/manager.go b/agent/proxycfg/manager.go
index ac87dddc1924..296bd831a8d9 100644
--- a/agent/proxycfg/manager.go
+++ b/agent/proxycfg/manager.go
@@ -55,7 +55,7 @@ type Manager struct {
 
 	mu         sync.Mutex
 	proxies    map[ProxyID]*state
-	watchers   map[ProxyID]map[uint64]chan *ConfigSnapshot
+	watchers   map[ProxyID]map[uint64]chan ProxySnapshot
 	maxWatchID uint64
 }
 
@@ -106,7 +106,7 @@ func NewManager(cfg ManagerConfig) (*Manager, error) {
 	m := &Manager{
 		ManagerConfig: cfg,
 		proxies:       make(map[ProxyID]*state),
-		watchers:      make(map[ProxyID]map[uint64]chan *ConfigSnapshot),
+		watchers:      make(map[ProxyID]map[uint64]chan ProxySnapshot),
 		rateLimiter:   rate.NewLimiter(cfg.UpdateRateLimit, 1),
 	}
 	return m, nil
@@ -262,7 +262,7 @@ func (m *Manager) notify(snap *ConfigSnapshot) {
 // it will drain the chan and then re-attempt delivery so that a slow consumer
 // gets the latest config earlier. This MUST be called from a method where m.mu
 // is held to be safe since it assumes we are the only goroutine sending on ch.
-func (m *Manager) deliverLatest(snap *ConfigSnapshot, ch chan *ConfigSnapshot) {
+func (m *Manager) deliverLatest(snap *ConfigSnapshot, ch chan ProxySnapshot) {
 	// Send if chan is empty
 	select {
 	case ch <- snap:
@@ -299,16 +299,16 @@ OUTER:
 // will not fail, but no updates will be delivered until the proxy is
 // registered. If there is already a valid snapshot in memory, it will be
 // delivered immediately.
-func (m *Manager) Watch(id ProxyID) (<-chan *ConfigSnapshot, CancelFunc) {
+func (m *Manager) Watch(id ProxyID) (<-chan ProxySnapshot, CancelFunc) {
 	m.mu.Lock()
 	defer m.mu.Unlock()
 
 	// This buffering is crucial otherwise we'd block immediately trying to
 	// deliver the current snapshot below if we already have one.
-	ch := make(chan *ConfigSnapshot, 1)
+	ch := make(chan ProxySnapshot, 1)
 	watchers, ok := m.watchers[id]
 	if !ok {
-		watchers = make(map[uint64]chan *ConfigSnapshot)
+		watchers = make(map[uint64]chan ProxySnapshot)
 	}
 	watchID := m.maxWatchID
 	m.maxWatchID++
diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go
index 72deaa73ab28..c66352c1ec31 100644
--- a/agent/proxycfg/manager_test.go
+++ b/agent/proxycfg/manager_test.go
@@ -469,7 +469,7 @@ func testManager_BasicLifecycle(
 	require.Len(t, m.watchers, 0)
 }
 
-func assertWatchChanBlocks(t *testing.T, ch <-chan *ConfigSnapshot) {
+func assertWatchChanBlocks(t *testing.T, ch <-chan ProxySnapshot) {
 	t.Helper()
 
 	select {
@@ -479,7 +479,7 @@ func assertWatchChanBlocks(t *testing.T, ch <-chan *ConfigSnapshot) {
 	}
 }
 
-func assertWatchChanRecvs(t *testing.T, ch <-chan *ConfigSnapshot, expect *ConfigSnapshot) {
+func assertWatchChanRecvs(t *testing.T, ch <-chan ProxySnapshot, expect ProxySnapshot) {
 	t.Helper()
 
 	select {
@@ -517,7 +517,7 @@ func TestManager_deliverLatest(t *testing.T) {
 	}
 
 	// test 1 buffered chan
-	ch1 := make(chan *ConfigSnapshot, 1)
+	ch1 := make(chan ProxySnapshot, 1)
 
 	// Sending to an unblocked chan should work
 	m.deliverLatest(snap1, ch1)
@@ -533,7 +533,7 @@ func TestManager_deliverLatest(t *testing.T) {
 	require.Equal(t, snap2, <-ch1)
 
 	// Same again for 5-buffered chan
-	ch5 := make(chan *ConfigSnapshot, 5)
+	ch5 := make(chan ProxySnapshot, 5)
 
 	// Sending to an unblocked chan should work
 	m.deliverLatest(snap1, ch5)
diff --git a/agent/proxycfg/proxysnapshot.go b/agent/proxycfg/proxysnapshot.go
new file mode 100644
index 000000000000..fb1c79183cf1
--- /dev/null
+++ b/agent/proxycfg/proxysnapshot.go
@@ -0,0 +1,76 @@
+package proxycfg
+
+import (
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/logging"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// ProxySnapshot is an abstraction that allows interchangeability between
+// Catalog V1 ConfigSnapshot and Catalog V2 ProxyState.
+type ProxySnapshot interface {
+	AllowEmptyListeners() bool
+	AllowEmptyRoutes() bool
+	AllowEmptyClusters() bool
+	Authorize(authz acl.Authorizer) error
+	LoggerName() string
+}
+
+// The below functions are added to ConfigSnapshot to allow it to conform to
+// the ProxySnapshot interface.
+func (s *ConfigSnapshot) AllowEmptyListeners() bool {
+	// Ingress and API gateways are allowed to inform LDS of no listeners.
+	return s.Kind == structs.ServiceKindIngressGateway ||
+		s.Kind == structs.ServiceKindAPIGateway
+}
+
+func (s *ConfigSnapshot) AllowEmptyRoutes() bool {
+	// Ingress and API gateways are allowed to inform RDS of no routes.
+	return s.Kind == structs.ServiceKindIngressGateway ||
+		s.Kind == structs.ServiceKindAPIGateway
+}
+
+func (s *ConfigSnapshot) AllowEmptyClusters() bool {
+	// Mesh, Ingress, API and Terminating gateways are allowed to inform CDS of no clusters.
+	return s.Kind == structs.ServiceKindMeshGateway ||
+		s.Kind == structs.ServiceKindTerminatingGateway ||
+		s.Kind == structs.ServiceKindIngressGateway ||
+		s.Kind == structs.ServiceKindAPIGateway
+}
+
+func (s *ConfigSnapshot) Authorize(authz acl.Authorizer) error {
+	var authzContext acl.AuthorizerContext
+	switch s.Kind {
+	case structs.ServiceKindConnectProxy:
+		s.ProxyID.EnterpriseMeta.FillAuthzContext(&authzContext)
+		if err := authz.ToAllowAuthorizer().ServiceWriteAllowed(s.Proxy.DestinationServiceName, &authzContext); err != nil {
+			return status.Errorf(codes.PermissionDenied, err.Error())
+		}
+	case structs.ServiceKindMeshGateway, structs.ServiceKindTerminatingGateway, structs.ServiceKindIngressGateway, structs.ServiceKindAPIGateway:
+		s.ProxyID.EnterpriseMeta.FillAuthzContext(&authzContext)
+		if err := authz.ToAllowAuthorizer().ServiceWriteAllowed(s.Service, &authzContext); err != nil {
+			return status.Errorf(codes.PermissionDenied, err.Error())
+		}
+	default:
+		return status.Errorf(codes.Internal, "Invalid service kind")
+	}
+
+	// Authed OK!
+	return nil
+}
+
+func (s *ConfigSnapshot) LoggerName() string {
+	switch s.Kind {
+	case structs.ServiceKindConnectProxy:
+	case structs.ServiceKindTerminatingGateway:
+		return logging.TerminatingGateway
+	case structs.ServiceKindMeshGateway:
+		return logging.MeshGateway
+	case structs.ServiceKindIngressGateway:
+		return logging.IngressGateway
+	}
+
+	return ""
+}
diff --git a/agent/proxycfg/proxysnapshot_test.go b/agent/proxycfg/proxysnapshot_test.go
new file mode 100644
index 000000000000..9a61a7f1c64c
--- /dev/null
+++ b/agent/proxycfg/proxysnapshot_test.go
@@ -0,0 +1,311 @@
+package proxycfg
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+)
+
+func TestConfigSnapshot_AllowEmptyClusters(t *testing.T) {
+	type testCase struct {
+		description    string
+		cfgSnapshot    *ConfigSnapshot
+		expectedResult bool
+	}
+	testsCases := []testCase{
+		{
+			description:    "Mesh proxies are not allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindConnectProxy},
+			expectedResult: false,
+		},
+		{
+			description:    "Ingress gateways are allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindIngressGateway},
+			expectedResult: true,
+		},
+		{
+			description:    "Terminating gateways are allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindTerminatingGateway},
+			expectedResult: true,
+		},
+		{
+			description:    "API Gateways are allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindAPIGateway},
+			expectedResult: true,
+		},
+		{
+			description:    "Mesh Gateways are allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindMeshGateway},
+			expectedResult: true,
+		},
+	}
+	for _, tc := range testsCases {
+		t.Run(tc.description, func(t *testing.T) {
+			require.Equal(t, tc.expectedResult, tc.cfgSnapshot.AllowEmptyClusters())
+		})
+	}
+}
+
+func TestConfigSnapshot_AllowEmptyListeners(t *testing.T) {
+	type testCase struct {
+		description    string
+		cfgSnapshot    *ConfigSnapshot
+		expectedResult bool
+	}
+	testsCases := []testCase{
+		{
+			description:    "Mesh proxies are not allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindConnectProxy},
+			expectedResult: false,
+		},
+		{
+			description:    "Ingress gateways are allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindIngressGateway},
+			expectedResult: true,
+		},
+		{
+			description:    "Terminating gateways are not allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindTerminatingGateway},
+			expectedResult: false,
+		},
+		{
+			description:    "API Gateways are allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindAPIGateway},
+			expectedResult: true,
+		},
+		{
+			description:    "Mesh Gateways are not allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindMeshGateway},
+			expectedResult: false,
+		},
+	}
+	for _, tc := range testsCases {
+		t.Run(tc.description, func(t *testing.T) {
+			require.Equal(t, tc.expectedResult, tc.cfgSnapshot.AllowEmptyListeners())
+		})
+	}
+}
+
+func TestConfigSnapshot_AllowEmptyRoutes(t *testing.T) {
+	type testCase struct {
+		description    string
+		cfgSnapshot    *ConfigSnapshot
+		expectedResult bool
+	}
+	testsCases := []testCase{
+		{
+			description:    "Mesh proxies are not allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindConnectProxy},
+			expectedResult: false,
+		},
+		{
+			description:    "Ingress gateways are allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindIngressGateway},
+			expectedResult: true,
+		},
+		{
+			description:    "Terminating gateways are not allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindTerminatingGateway},
+			expectedResult: false,
+		},
+		{
+			description:    "API Gateways are allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindAPIGateway},
+			expectedResult: true,
+		},
+		{
+			description:    "Mesh Gateways are not allowed",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindMeshGateway},
+			expectedResult: false,
+		},
+	}
+	for _, tc := range testsCases {
+		t.Run(tc.description, func(t *testing.T) {
+			require.Equal(t, tc.expectedResult, tc.cfgSnapshot.AllowEmptyRoutes())
+		})
+	}
+}
+
+func TestConfigSnapshot_LoggerName(t *testing.T) {
+	type testCase struct {
+		description    string
+		cfgSnapshot    *ConfigSnapshot
+		expectedResult string
+	}
+	testsCases := []testCase{
+		{
+			description:    "Mesh proxies have a logger named ''",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindConnectProxy},
+			expectedResult: "",
+		},
+		{
+			description:    "Ingress gateways have a logger named 'ingress_gateway'",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindIngressGateway},
+			expectedResult: "ingress_gateway",
+		},
+		{
+			description:    "Terminating gateways have a logger named 'terminating_gateway'",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindTerminatingGateway},
+			expectedResult: "terminating_gateway",
+		},
+		{
+			description:    "API Gateways have a logger named ''",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindAPIGateway},
+			expectedResult: "",
+		},
+		{
+			description:    "Mesh Gateways have a logger named 'mesh_gateway'",
+			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindMeshGateway},
+			expectedResult: "mesh_gateway",
+		},
+	}
+	for _, tc := range testsCases {
+		t.Run(tc.description, func(t *testing.T) {
+			require.Equal(t, tc.expectedResult, tc.cfgSnapshot.LoggerName())
+		})
+	}
+}
+
+func TestConfigSnapshot_Authorize(t *testing.T) {
+	type testCase struct {
+		description          string
+		cfgSnapshot          *ConfigSnapshot
+		configureAuthorizer  func(authorizer *acl.MockAuthorizer)
+		expectedErrorMessage string
+	}
+	testsCases := []testCase{
+		{
+			description: "ConnectProxy - if service write is allowed for the DestinationService then allow.",
+			cfgSnapshot: &ConfigSnapshot{
+				Kind: structs.ServiceKindConnectProxy,
+				Proxy: structs.ConnectProxyConfig{
+					DestinationServiceName: "DestinationServiceName",
+				},
+			},
+			expectedErrorMessage: "",
+			configureAuthorizer: func(authz *acl.MockAuthorizer) {
+				authz.On("ServiceWrite", "DestinationServiceName", mock.Anything).Return(acl.Allow)
+			},
+		},
+		{
+			description: "ConnectProxy - if service write is not allowed for the DestinationService then deny.",
+			cfgSnapshot: &ConfigSnapshot{
+				Kind: structs.ServiceKindConnectProxy,
+				Proxy: structs.ConnectProxyConfig{
+					DestinationServiceName: "DestinationServiceName",
+				},
+			},
+			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"DestinationServiceName\"",
+			configureAuthorizer: func(authz *acl.MockAuthorizer) {
+				authz.On("ServiceWrite", "DestinationServiceName", mock.Anything).Return(acl.Deny)
+			},
+		},
+		{
+			description: "Mesh Gateway - if service write is allowed for the Service then allow.",
+			cfgSnapshot: &ConfigSnapshot{
+				Kind:    structs.ServiceKindMeshGateway,
+				Service: "Service",
+			},
+			expectedErrorMessage: "",
+			configureAuthorizer: func(authz *acl.MockAuthorizer) {
+				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Allow)
+			},
+		},
+		{
+			description: "Mesh Gateway - if service write is not allowed for the Service then deny.",
+			cfgSnapshot: &ConfigSnapshot{
+				Kind:    structs.ServiceKindMeshGateway,
+				Service: "Service",
+			},
+			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
+			configureAuthorizer: func(authz *acl.MockAuthorizer) {
+				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
+			},
+		},
+		{
+			description: "Terminating Gateway - if service write is allowed for the Service then allow.",
+			cfgSnapshot: &ConfigSnapshot{
+				Kind:    structs.ServiceKindTerminatingGateway,
+				Service: "Service",
+			},
+			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
+			configureAuthorizer: func(authz *acl.MockAuthorizer) {
+				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
+			},
+		},
+		{
+			description: "Terminating Gateway - if service write is not allowed for the Service then deny.",
+			cfgSnapshot: &ConfigSnapshot{
+				Kind:    structs.ServiceKindTerminatingGateway,
+				Service: "Service",
+			},
+			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
+			configureAuthorizer: func(authz *acl.MockAuthorizer) {
+				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
+			},
+		},
+		{
+			description: "Ingress Gateway - if service write is allowed for the Service then allow.",
+			cfgSnapshot: &ConfigSnapshot{
+				Kind:    structs.ServiceKindIngressGateway,
+				Service: "Service",
+			},
+			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
+			configureAuthorizer: func(authz *acl.MockAuthorizer) {
+				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
+			},
+		},
+		{
+			description: "Ingress Gateway - if service write is not allowed for the Service then deny.",
+			cfgSnapshot: &ConfigSnapshot{
+				Kind:    structs.ServiceKindIngressGateway,
+				Service: "Service",
+			},
+			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
+			configureAuthorizer: func(authz *acl.MockAuthorizer) {
+				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
+			},
+		},
+		{
+			description: "API Gateway - if service write is allowed for the Service then allow.",
+			cfgSnapshot: &ConfigSnapshot{
+				Kind:    structs.ServiceKindAPIGateway,
+				Service: "Service",
+			},
+			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
+			configureAuthorizer: func(authz *acl.MockAuthorizer) {
+				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
+			},
+		},
+		{
+			description: "API Gateway - if service write is not allowed for the Service then deny.",
+			cfgSnapshot: &ConfigSnapshot{
+				Kind:    structs.ServiceKindAPIGateway,
+				Service: "Service",
+			},
+			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
+			configureAuthorizer: func(authz *acl.MockAuthorizer) {
+				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
+			},
+		},
+	}
+	for _, tc := range testsCases {
+		t.Run(tc.description, func(t *testing.T) {
+			authz := &acl.MockAuthorizer{}
+			authz.On("ToAllow").Return(acl.AllowAuthorizer{Authorizer: authz})
+			tc.configureAuthorizer(authz)
+			err := tc.cfgSnapshot.Authorize(authz)
+			errMsg := ""
+			if err != nil {
+				errMsg = err.Error()
+			}
+			// using contains because Enterprise tests append the parition and namespace
+			// information to the message.
+			require.True(t, strings.Contains(errMsg, tc.expectedErrorMessage))
+		})
+	}
+}
diff --git a/agent/proxycfg_test.go b/agent/proxycfg_test.go
index 74584331ae7b..c51d9a64bcb3 100644
--- a/agent/proxycfg_test.go
+++ b/agent/proxycfg_test.go
@@ -5,6 +5,8 @@ package agent
 
 import (
 	"encoding/json"
+	"github.com/hashicorp/consul/internal/mesh"
+	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -62,7 +64,7 @@ func TestAgent_local_proxycfg(t *testing.T) {
 
 	var (
 		firstTime = true
-		ch        <-chan *proxycfg.ConfigSnapshot
+		ch        <-chan proxycfg.ProxySnapshot
 		stc       limiter.SessionTerminatedChan
 		cancel    proxycfg.CancelFunc
 	)
@@ -85,7 +87,7 @@ func TestAgent_local_proxycfg(t *testing.T) {
 			// Prior to fixes in https://github.com/hashicorp/consul/pull/16497
 			// this call to Watch() would deadlock.
 			var err error
-			ch, stc, cancel, err = cfg.Watch(sid, a.config.NodeName, token)
+			ch, stc, cancel, err = cfg.Watch(rtest.Resource(mesh.ProxyConfigurationType, sid.ID).ID(), a.config.NodeName, token)
 			require.NoError(t, err)
 		}
 		select {
diff --git a/agent/xds/delta.go b/agent/xds/delta.go
index d44b84fd4eb7..7d345ff77073 100644
--- a/agent/xds/delta.go
+++ b/agent/xds/delta.go
@@ -8,6 +8,10 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
+	"github.com/hashicorp/consul/agent/xds/configfetcher"
+	"github.com/hashicorp/consul/agent/xdsv2"
+	"github.com/hashicorp/consul/internal/mesh"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 	"strconv"
 	"sync"
 	"sync/atomic"
@@ -29,7 +33,6 @@ import (
 	external "github.com/hashicorp/consul/agent/grpc-external"
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/extensionruntime"
 	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
@@ -84,6 +87,40 @@ func (s *Server) DeltaAggregatedResources(stream ADSDeltaStream) error {
 	return err
 }
 
+// getEnvoyConfiguration is a utility function that instantiates the proper
+// Envoy resource generator based on whether it was passed a ConfigSource or
+// ProxyState implementation of the ProxySnapshot interface and returns the
+// generated Envoy configuration.
+func getEnvoyConfiguration(proxySnapshot proxycfg.ProxySnapshot, logger hclog.Logger, cfgFetcher configfetcher.ConfigFetcher) (map[string][]proto.Message, error) {
+	switch proxySnapshot.(type) {
+	case *proxycfg.ConfigSnapshot:
+		logger.Trace("ProxySnapshot update channel received a ProxySnapshot of type ConfigSnapshot",
+			"proxySnapshot", proxySnapshot,
+		)
+		generator := NewResourceGenerator(
+			logger,
+			cfgFetcher,
+			true,
+		)
+
+		c := proxySnapshot.(*proxycfg.ConfigSnapshot)
+		logger.Trace("ConfigSnapshot", c)
+		return generator.AllResourcesFromSnapshot(c)
+	case *mesh.ProxyState:
+		logger.Trace("ProxySnapshot update channel received a ProxySnapshot of type ProxyState",
+			"proxySnapshot", proxySnapshot,
+		)
+		generator := xdsv2.NewResourceGenerator(
+			logger,
+		)
+		c := proxySnapshot.(*mesh.ProxyState)
+		logger.Trace("ProxyState", c)
+		return generator.AllResourcesFromIR(c)
+	default:
+		return nil, errors.New("proxysnapshot must be of type ProxyState or ConfigSnapshot")
+	}
+}
+
 const (
 	stateDeltaInit int = iota
 	stateDeltaPendingInitialConfig
@@ -98,14 +135,13 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 
 	// Loop state
 	var (
-		cfgSnap     *proxycfg.ConfigSnapshot
-		node        *envoy_config_core_v3.Node
-		stateCh     <-chan *proxycfg.ConfigSnapshot
-		drainCh     limiter.SessionTerminatedChan
-		watchCancel func()
-		proxyID     structs.ServiceID
-		nonce       uint64 // xDS requires a unique nonce to correlate response/request pairs
-		ready       bool   // set to true after the first snapshot arrives
+		proxySnapshot proxycfg.ProxySnapshot
+		node          *envoy_config_core_v3.Node
+		stateCh       <-chan proxycfg.ProxySnapshot
+		drainCh       limiter.SessionTerminatedChan
+		watchCancel   func()
+		nonce         uint64 // xDS requires a unique nonce to correlate response/request pairs
+		ready         bool   // set to true after the first snapshot arrives
 
 		streamStartTime = time.Now()
 		streamStartOnce sync.Once
@@ -123,36 +159,24 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 		currentVersions = make(map[string]map[string]string)
 	)
 
-	generator := NewResourceGenerator(
-		s.Logger.Named(logging.XDS).With("xdsVersion", "v3"),
-		s.CfgFetcher,
-		true,
-	)
+	logger := s.Logger.Named(logging.XDS).With("xdsVersion", "v3")
 
 	// need to run a small state machine to get through initial authentication.
 	var state = stateDeltaInit
 
 	// Configure handlers for each type of request we currently care about.
 	handlers := map[string]*xDSDeltaType{
-		xdscommon.ListenerType: newDeltaType(generator, stream, xdscommon.ListenerType, func(kind structs.ServiceKind) bool {
-			// Ingress and API gateways are allowed to inform LDS of no listeners.
-			return cfgSnap.Kind == structs.ServiceKindIngressGateway ||
-				cfgSnap.Kind == structs.ServiceKindAPIGateway
+		xdscommon.ListenerType: newDeltaType(logger, stream, xdscommon.ListenerType, func() bool {
+			return proxySnapshot.AllowEmptyListeners()
 		}),
-		xdscommon.RouteType: newDeltaType(generator, stream, xdscommon.RouteType, func(kind structs.ServiceKind) bool {
-			// Ingress and API gateways are allowed to inform RDS of no routes.
-			return cfgSnap.Kind == structs.ServiceKindIngressGateway ||
-				cfgSnap.Kind == structs.ServiceKindAPIGateway
+		xdscommon.RouteType: newDeltaType(logger, stream, xdscommon.RouteType, func() bool {
+			return proxySnapshot.AllowEmptyRoutes()
 		}),
-		xdscommon.ClusterType: newDeltaType(generator, stream, xdscommon.ClusterType, func(kind structs.ServiceKind) bool {
-			// Mesh, Ingress, API and Terminating gateways are allowed to inform CDS of no clusters.
-			return cfgSnap.Kind == structs.ServiceKindMeshGateway ||
-				cfgSnap.Kind == structs.ServiceKindTerminatingGateway ||
-				cfgSnap.Kind == structs.ServiceKindIngressGateway ||
-				cfgSnap.Kind == structs.ServiceKindAPIGateway
+		xdscommon.ClusterType: newDeltaType(logger, stream, xdscommon.ClusterType, func() bool {
+			return proxySnapshot.AllowEmptyClusters()
 		}),
-		xdscommon.EndpointType: newDeltaType(generator, stream, xdscommon.EndpointType, nil),
-		xdscommon.SecretType:   newDeltaType(generator, stream, xdscommon.SecretType, nil), // TODO allowEmptyFn
+		xdscommon.EndpointType: newDeltaType(logger, stream, xdscommon.EndpointType, nil),
+		xdscommon.SecretType:   newDeltaType(logger, stream, xdscommon.SecretType, nil), // TODO allowEmptyFn
 	}
 
 	// Endpoints are stored within a Cluster (and Routes
@@ -178,19 +202,19 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 		authTimer = time.After(s.AuthCheckFrequency)
 	}
 
-	checkStreamACLs := func(cfgSnap *proxycfg.ConfigSnapshot) error {
-		return s.authorize(stream.Context(), cfgSnap)
+	checkStreamACLs := func(proxySnap proxycfg.ProxySnapshot) error {
+		return s.authorize(stream.Context(), proxySnap)
 	}
 
 	for {
 		select {
 		case <-drainCh:
-			generator.Logger.Debug("draining stream to rebalance load")
+			logger.Debug("draining stream to rebalance load")
 			metrics.IncrCounter([]string{"xds", "server", "streamDrained"}, 1)
 			return errOverwhelmed
 		case <-authTimer:
 			// It's been too long since a Discovery{Request,Response} so recheck ACLs.
-			if err := checkStreamACLs(cfgSnap); err != nil {
+			if err := checkStreamACLs(proxySnapshot); err != nil {
 				return err
 			}
 			extendAuthTimer()
@@ -204,28 +228,29 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 				return nil
 			}
 
-			generator.logTraceRequest("Incremental xDS v3", req)
+			logTraceRequest(logger, "Incremental xDS v3", req)
 
 			if req.TypeUrl == "" {
 				return status.Errorf(codes.InvalidArgument, "type URL is required for ADS")
 			}
 
+			var proxyFeatures xdscommon.SupportedProxyFeatures
 			if node == nil && req.Node != nil {
 				node = req.Node
 				var err error
-				generator.ProxyFeatures, err = xdscommon.DetermineSupportedProxyFeatures(req.Node)
+				proxyFeatures, err = xdscommon.DetermineSupportedProxyFeatures(req.Node)
 				if err != nil {
 					return status.Errorf(codes.InvalidArgument, err.Error())
 				}
 			}
 
 			if handler, ok := handlers[req.TypeUrl]; ok {
-				switch handler.Recv(req, generator.ProxyFeatures) {
+				switch handler.Recv(req, proxyFeatures) {
 				case deltaRecvNewSubscription:
-					generator.Logger.Trace("subscribing to type", "typeUrl", req.TypeUrl)
+					logger.Trace("subscribing to type", "typeUrl", req.TypeUrl)
 
 				case deltaRecvResponseNack:
-					generator.Logger.Trace("got nack response for type", "typeUrl", req.TypeUrl)
+					logger.Trace("got nack response for type", "typeUrl", req.TypeUrl)
 
 					// There is no reason to believe that generating new xDS resources from the same snapshot
 					// would lead to an ACK from Envoy. Instead we continue to the top of this for loop and wait
@@ -244,21 +269,21 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 				// would've already exited this loop.
 				return status.Error(codes.Aborted, "xDS stream terminated due to an irrecoverable error, please try again")
 			}
-			cfgSnap = cs
+			proxySnapshot = cs
 
-			newRes, err := generator.AllResourcesFromSnapshot(cfgSnap)
+			newRes, err := getEnvoyConfiguration(proxySnapshot, logger, s.CfgFetcher)
 			if err != nil {
 				return status.Errorf(codes.Unavailable, "failed to generate all xDS resources from the snapshot: %v", err)
 			}
 
 			// index and hash the xDS structures
-			newResourceMap := xdscommon.IndexResources(generator.Logger, newRes)
+			newResourceMap := xdscommon.IndexResources(logger, newRes)
 
 			if s.ResourceMapMutateFn != nil {
 				s.ResourceMapMutateFn(newResourceMap)
 			}
 
-			if newResourceMap, err = s.applyEnvoyExtensions(newResourceMap, cfgSnap, node); err != nil {
+			if newResourceMap, err = s.applyEnvoyExtensions(newResourceMap, proxySnapshot, node); err != nil {
 				// err is already the result of calling status.Errorf
 				return err
 			}
@@ -292,7 +317,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 			}
 
 			// Start authentication process, we need the proxyID
-			proxyID = structs.NewServiceID(node.Id, parseEnterpriseMeta(node))
+			proxyID := newResourceIDFromEnvoyNode(node)
 
 			// Start watching config for that proxy
 			var err error
@@ -306,7 +331,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 			case errors.Is(err, limiter.ErrCapacityReached):
 				return errOverwhelmed
 			case err != nil:
-				return status.Errorf(codes.Internal, "failed to watch proxy service: %s", err)
+				return status.Errorf(codes.Internal, "failed to watch proxy: %s", err)
 			}
 			// Note that in this case we _intend_ the defer to only be triggered when
 			// this whole process method ends (i.e. when streaming RPC aborts) not at
@@ -315,14 +340,14 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 			// state machine.
 			defer watchCancel()
 
-			generator.Logger = generator.Logger.With("service_id", proxyID.String()) // enhance future logs
+			logger = logger.With("service_id", proxyID.Name) // enhance future logs
 
-			generator.Logger.Trace("watching proxy, pending initial proxycfg snapshot for xDS")
+			logger.Trace("watching proxy, pending initial proxycfg snapshot for xDS")
 
 			// Now wait for the config so we can check ACL
 			state = stateDeltaPendingInitialConfig
 		case stateDeltaPendingInitialConfig:
-			if cfgSnap == nil {
+			if proxySnapshot == nil {
 				// Nothing we can do until we get the initial config
 				continue
 			}
@@ -331,23 +356,18 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 			state = stateDeltaRunning
 
 			// Upgrade the logger
-			switch cfgSnap.Kind {
-			case structs.ServiceKindConnectProxy:
-			case structs.ServiceKindTerminatingGateway:
-				generator.Logger = generator.Logger.Named(logging.TerminatingGateway)
-			case structs.ServiceKindMeshGateway:
-				generator.Logger = generator.Logger.Named(logging.MeshGateway)
-			case structs.ServiceKindIngressGateway:
-				generator.Logger = generator.Logger.Named(logging.IngressGateway)
+			loggerName := proxySnapshot.LoggerName()
+			if loggerName != "" {
+				logger = logger.Named(loggerName)
 			}
 
-			generator.Logger.Trace("Got initial config snapshot")
+			logger.Trace("Got initial config snapshot")
 
 			// Let's actually process the config we just got, or we'll miss responding
 			fallthrough
 		case stateDeltaRunning:
 			// Check ACLs on every Discovery{Request,Response}.
-			if err := checkStreamACLs(cfgSnap); err != nil {
+			if err := checkStreamACLs(proxySnapshot); err != nil {
 				return err
 			}
 			// For the first time through the state machine, this is when the
@@ -355,11 +375,11 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 			extendAuthTimer()
 
 			if !ready {
-				generator.Logger.Trace("Skipping delta computation because we haven't gotten a snapshot yet")
+				logger.Trace("Skipping delta computation because we haven't gotten a snapshot yet")
 				continue
 			}
 
-			generator.Logger.Trace("Invoking all xDS resource handlers and sending changed data if there are any")
+			logger.Trace("Invoking all xDS resource handlers and sending changed data if there are any")
 
 			streamStartOnce.Do(func() {
 				metrics.MeasureSince([]string{"xds", "server", "streamStart"}, streamStartTime)
@@ -368,7 +388,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 			for _, op := range xDSUpdateOrder {
 				if op.TypeUrl == xdscommon.ListenerType || op.TypeUrl == xdscommon.RouteType {
 					if clusterHandler := handlers[xdscommon.ClusterType]; clusterHandler.registered && len(clusterHandler.pendingUpdates) > 0 {
-						generator.Logger.Trace("Skipping delta computation for resource because there are dependent updates pending",
+						logger.Trace("Skipping delta computation for resource because there are dependent updates pending",
 							"typeUrl", op.TypeUrl, "dependent", xdscommon.ClusterType)
 
 						// Receiving an ACK from Envoy will unblock the select statement above,
@@ -376,7 +396,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 						break
 					}
 					if endpointHandler := handlers[xdscommon.EndpointType]; endpointHandler.registered && len(endpointHandler.pendingUpdates) > 0 {
-						generator.Logger.Trace("Skipping delta computation for resource because there are dependent updates pending",
+						logger.Trace("Skipping delta computation for resource because there are dependent updates pending",
 							"typeUrl", op.TypeUrl, "dependent", xdscommon.EndpointType)
 
 						// Receiving an ACK from Envoy will unblock the select statement above,
@@ -384,14 +404,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 						break
 					}
 				}
-				err, _ := handlers[op.TypeUrl].SendIfNew(
-					cfgSnap.Kind,
-					currentVersions[op.TypeUrl],
-					resourceMap,
-					&nonce,
-					op.Upsert,
-					op.Remove,
-				)
+				err, _ := handlers[op.TypeUrl].SendIfNew(currentVersions[op.TypeUrl], resourceMap, &nonce, op.Upsert, op.Remove)
 				if err != nil {
 					return status.Errorf(codes.Unavailable,
 						"failed to send %sreply for type %q: %v",
@@ -403,7 +416,37 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 	}
 }
 
-func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, cfgSnap *proxycfg.ConfigSnapshot, node *envoy_config_core_v3.Node) (*xdscommon.IndexedResources, error) {
+// newResourceIDFromEnvoyNode is a utility function that allows creating a
+// Resource ID from an Envoy proxy node so that existing delta calls can easily
+// use ProxyWatcher interface arguments for Watch().
+func newResourceIDFromEnvoyNode(node *envoy_config_core_v3.Node) *pbresource.ID {
+	entMeta := parseEnterpriseMeta(node)
+
+	return &pbresource.ID{
+		Name: node.Id,
+		Tenancy: &pbresource.Tenancy{
+			Namespace: entMeta.NamespaceOrDefault(),
+			Partition: entMeta.PartitionOrDefault(),
+		},
+		Type: mesh.ProxyStateTemplateConfigurationV1Alpha1Type,
+	}
+}
+
+func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, proxySnapshot proxycfg.ProxySnapshot, node *envoy_config_core_v3.Node) (*xdscommon.IndexedResources, error) {
+	// TODO(proxystate)
+	// This is a workaround for now as envoy extensions are not yet supported with ProxyState.
+	// For now, we cast to proxycfg.ConfigSnapshot and no-op if it's the pbmesh.ProxyState type.
+	var snapshot *proxycfg.ConfigSnapshot
+	switch proxySnapshot.(type) {
+	//TODO(proxystate): implement envoy extensions for ProxyState
+	case *mesh.ProxyState:
+		return resources, nil
+	case *proxycfg.ConfigSnapshot:
+		snapshot = proxySnapshot.(*proxycfg.ConfigSnapshot)
+	default:
+		return nil, status.Errorf(codes.InvalidArgument,
+			"unsupported config snapshot type to apply envoy extensions to %T", proxySnapshot)
+	}
 	var err error
 	envoyVersion := xdscommon.DetermineEnvoyVersionFromNode(node)
 	consulVersion, err := goversion.NewVersion(version.Version)
@@ -412,10 +455,10 @@ func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, cfg
 		return nil, status.Errorf(codes.InvalidArgument, "failed to parse Consul version")
 	}
 
-	serviceConfigs := extensionruntime.GetRuntimeConfigurations(cfgSnap)
+	serviceConfigs := extensionruntime.GetRuntimeConfigurations(snapshot)
 	for _, cfgs := range serviceConfigs {
 		for _, cfg := range cfgs {
-			resources, err = validateAndApplyEnvoyExtension(s.Logger, cfgSnap, resources, cfg, envoyVersion, consulVersion)
+			resources, err = validateAndApplyEnvoyExtension(s.Logger, snapshot, resources, cfg, envoyVersion, consulVersion)
 
 			if err != nil {
 				return nil, err
@@ -625,10 +668,10 @@ type xDSDeltaChild struct {
 }
 
 type xDSDeltaType struct {
-	generator    *ResourceGenerator
+	logger       hclog.Logger
 	stream       ADSDeltaStream
 	typeURL      string
-	allowEmptyFn func(kind structs.ServiceKind) bool
+	allowEmptyFn func() bool
 
 	// deltaChild contains data for an xDS child type if there is one.
 	// For example, endpoints are a child type of clusters.
@@ -677,13 +720,13 @@ type PendingUpdate struct {
 }
 
 func newDeltaType(
-	generator *ResourceGenerator,
+	logger hclog.Logger,
 	stream ADSDeltaStream,
 	typeUrl string,
-	allowEmptyFn func(kind structs.ServiceKind) bool,
+	allowEmptyFn func() bool,
 ) *xDSDeltaType {
 	return &xDSDeltaType{
-		generator:        generator,
+		logger:           logger,
 		stream:           stream,
 		typeURL:          typeUrl,
 		allowEmptyFn:     allowEmptyFn,
@@ -700,7 +743,6 @@ func (t *xDSDeltaType) Recv(req *envoy_discovery_v3.DeltaDiscoveryRequest, sf xd
 	if t == nil {
 		return deltaRecvUnknownType // not something we care about
 	}
-	logger := t.generator.Logger.With("typeUrl", t.typeURL)
 
 	registeredThisTime := false
 	if !t.registered {
@@ -737,10 +779,10 @@ func (t *xDSDeltaType) Recv(req *envoy_discovery_v3.DeltaDiscoveryRequest, sf xd
 			response_nonce, with presence of error_detail making it a NACK).
 		*/
 		if req.ErrorDetail == nil {
-			logger.Trace("got ok response from envoy proxy", "nonce", req.ResponseNonce)
+			t.logger.Trace("got ok response from envoy proxy", "nonce", req.ResponseNonce)
 			t.ack(req.ResponseNonce)
 		} else {
-			logger.Error("got error response from envoy proxy", "nonce", req.ResponseNonce,
+			t.logger.Error("got error response from envoy proxy", "nonce", req.ResponseNonce,
 				"error", status.ErrorProto(req.ErrorDetail))
 			t.nack(req.ResponseNonce)
 			return deltaRecvResponseNack
@@ -756,7 +798,7 @@ func (t *xDSDeltaType) Recv(req *envoy_discovery_v3.DeltaDiscoveryRequest, sf xd
 			the client already possesses, using the initial_resource_versions
 			field.
 		*/
-		logger.Trace("setting initial resource versions for stream",
+		t.logger.Trace("setting initial resource versions for stream",
 			"resources", req.InitialResourceVersions)
 		t.resourceVersions = req.InitialResourceVersions
 		if !t.wildcard {
@@ -807,9 +849,9 @@ func (t *xDSDeltaType) Recv(req *envoy_discovery_v3.DeltaDiscoveryRequest, sf xd
 			}
 
 			if alreadySubscribed {
-				logger.Trace("re-subscribing resource for stream", "resource", name)
+				t.logger.Trace("re-subscribing resource for stream", "resource", name)
 			} else {
-				logger.Trace("subscribing resource for stream", "resource", name)
+				t.logger.Trace("subscribing resource for stream", "resource", name)
 			}
 		}
 
@@ -818,7 +860,7 @@ func (t *xDSDeltaType) Recv(req *envoy_discovery_v3.DeltaDiscoveryRequest, sf xd
 				continue
 			}
 			delete(t.subscriptions, name)
-			logger.Trace("unsubscribing resource for stream", "resource", name)
+			t.logger.Trace("unsubscribing resource for stream", "resource", name)
 			// NOTE: we'll let the normal differential comparison handle cleaning up resourceVersions
 		}
 	}
@@ -852,7 +894,6 @@ func (t *xDSDeltaType) nack(nonce string) {
 }
 
 func (t *xDSDeltaType) SendIfNew(
-	kind structs.ServiceKind,
 	currentVersions map[string]string, // type => name => version (as consul knows right now)
 	resourceMap *xdscommon.IndexedResources,
 	nonce *uint64,
@@ -867,9 +908,9 @@ func (t *xDSDeltaType) SendIfNew(
 		return nil, false
 	}
 
-	logger := t.generator.Logger.With("typeUrl", t.typeURL)
+	logger := t.logger.With("typeUrl", t.typeURL)
 
-	allowEmpty := t.allowEmptyFn != nil && t.allowEmptyFn(kind)
+	allowEmpty := t.allowEmptyFn != nil && t.allowEmptyFn()
 
 	// Zero length resource responses should be ignored and are the result of no
 	// data yet. Notice that this caused a bug originally where we had zero
@@ -894,7 +935,7 @@ func (t *xDSDeltaType) SendIfNew(
 	*nonce++
 	resp.Nonce = fmt.Sprintf("%08x", *nonce)
 
-	t.generator.logTraceResponse("Incremental xDS v3", resp)
+	logTraceResponse(t.logger, "Incremental xDS v3", resp)
 
 	logger.Trace("sending response", "nonce", resp.Nonce)
 	if err := t.stream.Send(resp); err != nil {
@@ -1046,7 +1087,7 @@ func (t *xDSDeltaType) ensureChildResend(parentName, childName string) {
 		return
 	}
 
-	t.generator.Logger.Trace(
+	t.logger.Trace(
 		"triggering implicit update of resource",
 		"typeUrl", t.typeURL,
 		"resource", parentName,
diff --git a/agent/xds/delta_test.go b/agent/xds/delta_test.go
index f324e9193460..d93d06271bac 100644
--- a/agent/xds/delta_test.go
+++ b/agent/xds/delta_test.go
@@ -6,6 +6,7 @@ package xds
 import (
 	"errors"
 	"fmt"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"strconv"
 	"strings"
 	"sync"
@@ -17,24 +18,22 @@ import (
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
-	"github.com/hashicorp/go-hclog"
-	goversion "github.com/hashicorp/go-version"
-	"github.com/stretchr/testify/require"
-	rpcstatus "google.golang.org/genproto/googleapis/rpc/status"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
-
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/hashicorp/consul/version"
+	"github.com/hashicorp/go-hclog"
+	goversion "github.com/hashicorp/go-version"
+	"github.com/stretchr/testify/require"
+	rpcstatus "google.golang.org/genproto/googleapis/rpc/status"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
 )
 
 // NOTE: For these tests, prefer not using xDS protobuf "factory" methods if
diff --git a/agent/xds/protocol_trace.go b/agent/xds/protocol_trace.go
index 76d4e8e6ee5b..cfe905d70bf9 100644
--- a/agent/xds/protocol_trace.go
+++ b/agent/xds/protocol_trace.go
@@ -5,22 +5,23 @@ package xds
 
 import (
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
+	"github.com/hashicorp/go-hclog"
 
 	"github.com/mitchellh/copystructure"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 )
 
-func (s *ResourceGenerator) logTraceRequest(msg string, pb proto.Message) {
-	s.logTraceProto(msg, pb, false)
+func logTraceRequest(logger hclog.Logger, msg string, pb proto.Message) {
+	logTraceProto(logger, msg, pb, false)
 }
 
-func (s *ResourceGenerator) logTraceResponse(msg string, pb proto.Message) {
-	s.logTraceProto(msg, pb, true)
+func logTraceResponse(logger hclog.Logger, msg string, pb proto.Message) {
+	logTraceProto(logger, msg, pb, true)
 }
 
-func (s *ResourceGenerator) logTraceProto(msg string, pb proto.Message, response bool) {
-	if !s.Logger.IsTrace() {
+func logTraceProto(logger hclog.Logger, msg string, pb proto.Message, response bool) {
+	if !logger.IsTrace() {
 		return
 	}
 
@@ -55,5 +56,5 @@ func (s *ResourceGenerator) logTraceProto(msg string, pb proto.Message, response
 		out = string(outBytes)
 	}
 
-	s.Logger.Trace(msg, "direction", dir, "protobuf", out)
+	logger.Trace(msg, "direction", dir, "protobuf", out)
 }
diff --git a/agent/xds/proxystateconverter/converter.go b/agent/xds/proxystateconverter/converter.go
index 4cf9b95151c8..191b9084b842 100644
--- a/agent/xds/proxystateconverter/converter.go
+++ b/agent/xds/proxystateconverter/converter.go
@@ -5,21 +5,21 @@ package proxystateconverter
 
 import (
 	"fmt"
-
-	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/consul/internal/mesh"
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/configfetcher"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
+	"github.com/hashicorp/go-hclog"
 )
 
 // Converter converts a single snapshot into a ProxyState.
 type Converter struct {
 	Logger     hclog.Logger
 	CfgFetcher configfetcher.ConfigFetcher
-	proxyState *pbmesh.ProxyState
+	proxyState *mesh.ProxyState
 }
 
 func NewConverter(
@@ -29,16 +29,18 @@ func NewConverter(
 	return &Converter{
 		Logger:     logger,
 		CfgFetcher: cfgFetcher,
-		proxyState: &pbmesh.ProxyState{
-			Listeners: make([]*pbproxystate.Listener, 0),
-			Clusters:  make(map[string]*pbproxystate.Cluster),
-			Routes:    make(map[string]*pbproxystate.Route),
-			Endpoints: make(map[string]*pbproxystate.Endpoints),
+		proxyState: &mesh.ProxyState{
+			ProxyState: &pbmesh.ProxyState{
+				Listeners: make([]*pbproxystate.Listener, 0),
+				Clusters:  make(map[string]*pbproxystate.Cluster),
+				Routes:    make(map[string]*pbproxystate.Route),
+				Endpoints: make(map[string]*pbproxystate.Endpoints),
+			},
 		},
 	}
 }
 
-func (g *Converter) ProxyStateFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) (*pbmesh.ProxyState, error) {
+func (g *Converter) ProxyStateFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) (*mesh.ProxyState, error) {
 	err := g.resourcesFromSnapshot(cfgSnap)
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate FullProxyState: %v", err)
@@ -66,7 +68,6 @@ func (g *Converter) resourcesFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) erro
 	if err != nil {
 		return err
 	}
-
 	err = g.routesFromSnapshot(cfgSnap)
 	if err != nil {
 		return err
diff --git a/agent/xds/proxystateconverter/endpoints.go b/agent/xds/proxystateconverter/endpoints.go
index 28156a9b034f..78ebe95e2d47 100644
--- a/agent/xds/proxystateconverter/endpoints.go
+++ b/agent/xds/proxystateconverter/endpoints.go
@@ -404,7 +404,7 @@ func (s *Converter) endpointsFromDiscoveryChain(
 
 	clusterEndpoints := make(map[string][]*pbproxystate.Endpoint)
 
-	// TODO(jm): escape hatches will be implemented in the future
+	// TODO(proxystate): escape hatches will be implemented in the future
 	//var escapeHatchCluster *pbproxystate.Cluster
 	//if !forMeshGateway {
 
@@ -465,7 +465,7 @@ func (s *Converter) endpointsFromDiscoveryChain(
 
 		for _, groupedTarget := range targetGroups {
 			clusterName := groupedTarget.ClusterName
-			// TODO(jm): escape hatches will be implemented in the future
+			// TODO(proxystate): escape hatches will be implemented in the future
 			//if escapeHatchCluster != nil {
 			//	clusterName = escapeHatchCluster.Name
 			//}
@@ -532,7 +532,7 @@ func makeEndpointsForLoadAssignment(cfgSnap *proxycfg.ConfigSnapshot,
 	localKey proxycfg.GatewayKey) []*pbproxystate.Endpoint {
 	pbEndpoints := make([]*pbproxystate.Endpoint, 0, len(endpointGroups))
 
-	// TODO(jm): make this work in xdsv2
+	// TODO(proxystate): this will be added with property overrides having golden files with this
 	//if len(endpointGroups) > 1 {
 	//	cla.Policy = &envoy_endpoint_v3.ClusterLoadAssignment_Policy{
 	//		// We choose such a large value here that the failover math should
@@ -567,7 +567,7 @@ func makeEndpointsForLoadAssignment(cfgSnap *proxycfg.ConfigSnapshot,
 				pbEndpoints = append(pbEndpoints, endpoint)
 			}
 
-			// TODO(jm): what do we do about priority downstream?
+			// TODO(proxystate): what do we do about priority downstream?
 			//cla.Endpoints = append(cla.Endpoints, &envoy_endpoint_v3.LocalityLbEndpoints{
 			//	Priority:    priority,
 			//	LbEndpoints: es,
diff --git a/agent/xds/server.go b/agent/xds/server.go
index c8ffeef842dd..cc4220da2804 100644
--- a/agent/xds/server.go
+++ b/agent/xds/server.go
@@ -6,6 +6,7 @@ package xds
 import (
 	"context"
 	"errors"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 	"sync/atomic"
 	"time"
 
@@ -25,7 +26,6 @@ import (
 	external "github.com/hashicorp/consul/agent/grpc-external"
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/structs"
 )
 
 var (
@@ -84,8 +84,8 @@ type ACLResolverFunc func(id string) (acl.Authorizer, error)
 
 // ProxyConfigSource is the interface xds.Server requires to consume proxy
 // config updates.
-type ProxyConfigSource interface {
-	Watch(id structs.ServiceID, nodeName string, token string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error)
+type ProxyWatcher interface {
+	Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxycfg.ProxySnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error)
 }
 
 // Server represents a gRPC server that can handle xDS requests from Envoy. All
@@ -96,7 +96,7 @@ type ProxyConfigSource interface {
 type Server struct {
 	NodeName     string
 	Logger       hclog.Logger
-	CfgSrc       ProxyConfigSource
+	CfgSrc       ProxyWatcher
 	ResolveToken ACLResolverFunc
 	CfgFetcher   configfetcher.ConfigFetcher
 
@@ -147,7 +147,7 @@ func (c *activeStreamCounters) Increment(ctx context.Context) func() {
 func NewServer(
 	nodeName string,
 	logger hclog.Logger,
-	cfgMgr ProxyConfigSource,
+	cfgMgr ProxyWatcher,
 	resolveTokenSecret ACLResolverFunc,
 	cfgFetcher configfetcher.ConfigFetcher,
 ) *Server {
@@ -202,9 +202,9 @@ func (s *Server) authenticate(ctx context.Context) (acl.Authorizer, error) {
 // using a token with the same permissions, and that it stores the data by
 // proxy ID. We assume that any data in the snapshot was already filtered,
 // which allows this authorization to be a shallow authorization check
-// for all the data in a ConfigSnapshot.
-func (s *Server) authorize(ctx context.Context, cfgSnap *proxycfg.ConfigSnapshot) error {
-	if cfgSnap == nil {
+// for all the data in a ProxySnapshot.
+func (s *Server) authorize(ctx context.Context, proxySnapshot proxycfg.ProxySnapshot) error {
+	if proxySnapshot == nil {
 		return status.Errorf(codes.Unauthenticated, "unauthenticated: no config snapshot")
 	}
 
@@ -213,22 +213,5 @@ func (s *Server) authorize(ctx context.Context, cfgSnap *proxycfg.ConfigSnapshot
 		return err
 	}
 
-	var authzContext acl.AuthorizerContext
-	switch cfgSnap.Kind {
-	case structs.ServiceKindConnectProxy:
-		cfgSnap.ProxyID.EnterpriseMeta.FillAuthzContext(&authzContext)
-		if err := authz.ToAllowAuthorizer().ServiceWriteAllowed(cfgSnap.Proxy.DestinationServiceName, &authzContext); err != nil {
-			return status.Errorf(codes.PermissionDenied, err.Error())
-		}
-	case structs.ServiceKindMeshGateway, structs.ServiceKindTerminatingGateway, structs.ServiceKindIngressGateway, structs.ServiceKindAPIGateway:
-		cfgSnap.ProxyID.EnterpriseMeta.FillAuthzContext(&authzContext)
-		if err := authz.ToAllowAuthorizer().ServiceWriteAllowed(cfgSnap.Service, &authzContext); err != nil {
-			return status.Errorf(codes.PermissionDenied, err.Error())
-		}
-	default:
-		return status.Errorf(codes.Internal, "Invalid service kind")
-	}
-
-	// Authed OK!
-	return nil
+	return proxySnapshot.Authorize(authz)
 }
diff --git a/agent/xds/xds_protocol_helpers_test.go b/agent/xds/xds_protocol_helpers_test.go
index bf632217d7ee..671974f45b5e 100644
--- a/agent/xds/xds_protocol_helpers_test.go
+++ b/agent/xds/xds_protocol_helpers_test.go
@@ -4,7 +4,9 @@
 package xds
 
 import (
+	"github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
 	"github.com/hashicorp/consul/agent/xds/response"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 	"sort"
 	"sync"
 	"testing"
@@ -72,14 +74,14 @@ func newTestSnapshot(
 // testing. It also implements ConnectAuthz to allow control over authorization.
 type testManager struct {
 	sync.Mutex
-	stateChans map[structs.ServiceID]chan *proxycfg.ConfigSnapshot
+	stateChans map[structs.ServiceID]chan proxycfg.ProxySnapshot
 	drainChans map[structs.ServiceID]chan struct{}
 	cancels    chan structs.ServiceID
 }
 
 func newTestManager(t *testing.T) *testManager {
 	return &testManager{
-		stateChans: map[structs.ServiceID]chan *proxycfg.ConfigSnapshot{},
+		stateChans: map[structs.ServiceID]chan proxycfg.ProxySnapshot{},
 		drainChans: map[structs.ServiceID]chan struct{}{},
 		cancels:    make(chan structs.ServiceID, 10),
 	}
@@ -89,12 +91,12 @@ func newTestManager(t *testing.T) *testManager {
 func (m *testManager) RegisterProxy(t *testing.T, proxyID structs.ServiceID) {
 	m.Lock()
 	defer m.Unlock()
-	m.stateChans[proxyID] = make(chan *proxycfg.ConfigSnapshot, 1)
+	m.stateChans[proxyID] = make(chan proxycfg.ProxySnapshot, 1)
 	m.drainChans[proxyID] = make(chan struct{})
 }
 
 // Deliver simulates a proxy registration
-func (m *testManager) DeliverConfig(t *testing.T, proxyID structs.ServiceID, cfg *proxycfg.ConfigSnapshot) {
+func (m *testManager) DeliverConfig(t *testing.T, proxyID structs.ServiceID, cfg proxycfg.ProxySnapshot) {
 	t.Helper()
 	m.Lock()
 	defer m.Unlock()
@@ -121,7 +123,10 @@ func (m *testManager) DrainStreams(proxyID structs.ServiceID) {
 }
 
 // Watch implements ConfigManager
-func (m *testManager) Watch(proxyID structs.ServiceID, _ string, _ string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+func (m *testManager) Watch(id *pbresource.ID, _ string, _ string) (<-chan proxycfg.ProxySnapshot,
+	limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+	// Create service ID
+	proxyID := structs.NewServiceID(id.Name, catalog.GetEnterpriseMetaFromResourceID(id))
 	m.Lock()
 	defer m.Unlock()
 
diff --git a/agent/xdsv2/endpoint_resources.go b/agent/xdsv2/endpoint_resources.go
index c493c48f640d..ba67364e9e0b 100644
--- a/agent/xdsv2/endpoint_resources.go
+++ b/agent/xdsv2/endpoint_resources.go
@@ -51,7 +51,6 @@ func (pr *ProxyResources) makeXDSEndpoints() ([]proto.Message, error) {
 	endpoints := make([]proto.Message, 0)
 
 	for clusterName, eps := range pr.proxyState.GetEndpoints() {
-		// TODO(jm):  this does not seem like the best way.
 		if clusterName != xdscommon.LocalAppClusterName {
 			protoEndpoint := makeEnvoyClusterLoadAssignment(clusterName, eps.Endpoints)
 			endpoints = append(endpoints, protoEndpoint)
diff --git a/agent/xdsv2/resources.go b/agent/xdsv2/resources.go
index 46bdd08d6c50..349671ceb903 100644
--- a/agent/xdsv2/resources.go
+++ b/agent/xdsv2/resources.go
@@ -5,7 +5,8 @@ package xdsv2
 
 import (
 	"fmt"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+	"github.com/hashicorp/consul/internal/mesh"
+
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/protobuf/proto"
 
@@ -28,11 +29,11 @@ func NewResourceGenerator(
 }
 
 type ProxyResources struct {
-	proxyState     *pbmesh.ProxyState
+	proxyState     *mesh.ProxyState
 	envoyResources map[string][]proto.Message
 }
 
-func (g *ResourceGenerator) AllResourcesFromIR(proxyState *pbmesh.ProxyState) (map[string][]proto.Message, error) {
+func (g *ResourceGenerator) AllResourcesFromIR(proxyState *mesh.ProxyState) (map[string][]proto.Message, error) {
 	pr := &ProxyResources{
 		proxyState:     proxyState,
 		envoyResources: make(map[string][]proto.Message),
@@ -49,7 +50,6 @@ func (pr *ProxyResources) generateXDSResources() error {
 	if err != nil {
 		return err
 	}
-	pr.envoyResources[xdscommon.ListenerType] = listeners
 
 	pr.envoyResources[xdscommon.ListenerType] = listeners
 
diff --git a/internal/mesh/proxy_state_exports.go b/internal/mesh/proxy_state_exports.go
new file mode 100644
index 000000000000..2739e3a679d6
--- /dev/null
+++ b/internal/mesh/proxy_state_exports.go
@@ -0,0 +1,42 @@
+package mesh
+
+import (
+	"github.com/hashicorp/consul/acl"
+	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
+)
+
+// ProxyState is an implementation of the ProxySnapshot interface for pbmesh.ProxyState.
+// It is a simple wrapper around pbmesh.ProxyState so that it can be used
+// by the ProxyWatcher interface in XDS processing.  This struct is necessary
+// because pbmesh.ProxyState is a proto definition and there were complications
+// adding these functions directly to that proto definition.
+type ProxyState struct {
+	*pbmesh.ProxyState
+}
+
+// TODO(proxystate): need to modify ProxyState to carry a type/kind (connect proxy, mesh gateway, etc.)
+// for sidecar proxies, all Allow* functions
+// should return false, but for different gateways we'd need to add it to IR.
+
+func (p *ProxyState) AllowEmptyListeners() bool {
+	return false
+}
+
+func (p *ProxyState) AllowEmptyRoutes() bool {
+	return false
+}
+
+func (p *ProxyState) AllowEmptyClusters() bool {
+	return false
+}
+
+func (p *ProxyState) Authorize(authz acl.Authorizer) error {
+	// TODO(proxystate): we'll need to implement this once identity policy is implemented
+
+	// Authed OK!
+	return nil
+}
+
+func (p *ProxyState) LoggerName() string {
+	return ""
+}
diff --git a/test/integration/connect/envoy/main_test.go b/test/integration/connect/envoy/main_test.go
index 52f3b74187e2..a1aaa060b894 100644
--- a/test/integration/connect/envoy/main_test.go
+++ b/test/integration/connect/envoy/main_test.go
@@ -20,7 +20,8 @@ import (
 )
 
 var (
-	flagWin = flag.Bool("win", false, "Execute tests on windows")
+	flagWin          = flag.Bool("win", false, "Execute tests on windows")
+	flagResourceAPIs = flag.Bool("enable-resource-apis", false, "Execute tests with resource apis enabled.")
 )
 
 func TestEnvoy(t *testing.T) {
@@ -31,7 +32,14 @@ func TestEnvoy(t *testing.T) {
 		check_dir_files(dir)
 	}
 
-	testcases, err := discoverCases()
+	var testcases []string
+	var err error
+	if *flagResourceAPIs == true {
+		os.Setenv("USE_RESOURCE_APIS", "true")
+		testcases, err = discoverResourceAPICases()
+	} else {
+		testcases, err = discoverCases()
+	}
 	require.NoError(t, err)
 
 	runCmd(t, "suite_setup")
@@ -118,6 +126,33 @@ func discoverCases() ([]string, error) {
 	return out, nil
 }
 
+// discoverResourceAPICases will discover the Envoy tests case files but will contain
+// a filter in it to only return those case for which functionality has been added
+// to the V2 catalog resources.
+func discoverResourceAPICases() ([]string, error) {
+	cwd, err := os.Getwd()
+	if err != nil {
+		return nil, err
+	}
+
+	dirs, err := os.ReadDir(cwd)
+	if err != nil {
+		return nil, err
+	}
+
+	var out []string
+	for _, fi := range dirs {
+		// TODO(proxystate): enable this to only include tests cases that are supported.
+		// Currently the work is in progress, so it is wired up in CI, but this excludes any tests from actually running.
+		if fi.IsDir() && strings.HasPrefix(fi.Name(), "case-don-match-me-on-anything-yet-because-i-am-not-ready") {
+			out = append(out, fi.Name())
+		}
+	}
+
+	sort.Strings(out)
+	return out, nil
+}
+
 // CRLF convert functions
 // Recursively iterates through the directory passed by parameter looking for the sh and bash files.
 // Upon finding them, it calls crlf_file_check.
diff --git a/test/integration/connect/envoy/run-tests.sh b/test/integration/connect/envoy/run-tests.sh
index 99c918a6ee59..fa1d64312dba 100755
--- a/test/integration/connect/envoy/run-tests.sh
+++ b/test/integration/connect/envoy/run-tests.sh
@@ -179,6 +179,14 @@ function start_consul {
     license=$(cat $CONSUL_LICENSE_PATH)
   fi
 
+  USE_RESOURCE_APIS=${USE_RESOURCE_APIS:-false}
+
+  experiments="experiments=[]"
+  # set up consul to run in V1 or V2 catalog mode
+  if [[ "${USE_RESOURCE_APIS}" == true ]]; then
+   experiments="experiments=[\"resource-apis\"]"
+  fi
+
   # We currently run these integration tests in two modes: one in which Envoy's
   # xDS sessions are served directly by a Consul server, and another in which it
   # goes through a client agent.
@@ -262,6 +270,7 @@ function start_consul {
       agent -dev -datacenter "${DC}" \
       -config-dir "/workdir/${DC}/consul" \
       -config-dir "/workdir/${DC}/consul-server" \
+      -hcl=${experiments} \
       -client "0.0.0.0" >/dev/null
   fi
 }
@@ -789,6 +798,9 @@ function common_run_container_gateway {
 function run_container_gateway-primary {
   common_run_container_gateway mesh-gateway primary
 }
+function run_container_gateway-ap1 {
+  common_run_container_gateway mesh-gateway ap1
+}
 function run_container_gateway-secondary {
   common_run_container_gateway mesh-gateway secondary
 }

From c8ef063523e9c606ad613bf396cd65074e331643 Mon Sep 17 00:00:00 2001
From: cskh <hui.kang@hashicorp.com>
Date: Fri, 25 Aug 2023 09:39:08 -0400
Subject: [PATCH 329/359] CI: send slack notification on failed nightly job
 (#18578)

---
 .github/scripts/notify_slack.sh                       |  5 ++---
 .../workflows/nightly-test-integrations-1.15.x.yml    | 11 +++++++++++
 .../workflows/nightly-test-integrations-1.16.x.yml    | 11 +++++++++++
 .github/workflows/nightly-test-integrations.yml       | 11 +++++++++++
 4 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/.github/scripts/notify_slack.sh b/.github/scripts/notify_slack.sh
index f52e67f2fc26..8df3f3f64876 100755
--- a/.github/scripts/notify_slack.sh
+++ b/.github/scripts/notify_slack.sh
@@ -2,7 +2,6 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: BUSL-1.1
 
-
 set -uo pipefail
 
 # This script is used in GitHub Actions pipelines to notify Slack of a job failure.
@@ -13,8 +12,8 @@ if [[ $GITHUB_REF_NAME == "main" ]]; then
 	COMMIT_MESSAGE=$(git log -1 --pretty=%B | head -n1)
 	SHORT_REF=$(git rev-parse --short "${GITHUB_SHA}")
 	curl -X POST -H 'Content-type: application/json' \
-	--data \
-	"{ \
+		--data \
+		"{ \
 	\"attachments\": [ \
 		{ \
 		\"fallback\": \"GitHub Actions workflow failed!\", \
diff --git a/.github/workflows/nightly-test-integrations-1.15.x.yml b/.github/workflows/nightly-test-integrations-1.15.x.yml
index b6cdda4650c7..587d5a62f23c 100644
--- a/.github/workflows/nightly-test-integrations-1.15.x.yml
+++ b/.github/workflows/nightly-test-integrations-1.15.x.yml
@@ -307,3 +307,14 @@ jobs:
             printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
             exit 1
           fi
+      - name: Notify Slack
+        if: ${{ failure() }}
+        id: slack
+        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
+        with:
+          payload: |
+            {
+              "message": "One or more nightly integration tests have failed on branch ${{ env.BRANCH }} for Consul. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.CONSUL_NIGHTLY_INTEG_TEST_SLACK_WEBHOOK }}
diff --git a/.github/workflows/nightly-test-integrations-1.16.x.yml b/.github/workflows/nightly-test-integrations-1.16.x.yml
index 45bee2d3ea4b..d4e955ec4985 100644
--- a/.github/workflows/nightly-test-integrations-1.16.x.yml
+++ b/.github/workflows/nightly-test-integrations-1.16.x.yml
@@ -329,3 +329,14 @@ jobs:
             printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
             exit 1
           fi
+      - name: Notify Slack
+        if: ${{ failure() }}
+        id: slack
+        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
+        with:
+          payload: |
+            {
+              "message": "One or more nightly integration tests have failed on branch ${{ env.BRANCH }} for Consul. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.CONSUL_NIGHTLY_INTEG_TEST_SLACK_WEBHOOK }}
diff --git a/.github/workflows/nightly-test-integrations.yml b/.github/workflows/nightly-test-integrations.yml
index 0481fadedac2..cfe3041511cc 100644
--- a/.github/workflows/nightly-test-integrations.yml
+++ b/.github/workflows/nightly-test-integrations.yml
@@ -326,3 +326,14 @@ jobs:
             printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
             exit 1
           fi
+      - name: Notify Slack
+        if: ${{ failure() }}
+        id: slack
+        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
+        with:
+          payload: |
+            {
+              "message": "One or more nightly integration tests have failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.CONSUL_NIGHTLY_INTEG_TEST_SLACK_WEBHOOK }}

From ecdcde4309249db7a266c35f01b4e845a4506364 Mon Sep 17 00:00:00 2001
From: "Chris S. Kim" <ckim@hashicorp.com>
Date: Fri, 25 Aug 2023 12:47:20 -0400
Subject: [PATCH 330/359] CE commit (#18583)

---
 .changelog/18583.txt                          |    3 +
 agent/configentry/merge_service_config.go     |    6 +-
 .../configentry/merge_service_config_test.go  |  108 +
 agent/configentry/resolve.go                  |    3 +
 agent/structs/config_entry.go                 |   52 +-
 agent/structs/config_entry_ce.go              |    9 +
 agent/structs/structs.deepcopy.go             |   12 +
 api/config_entry.go                           |   42 +
 .../private/pbconfigentry/config_entry.gen.go |   80 +
 .../pbconfigentry/config_entry.pb.binary.go   |   30 +
 .../private/pbconfigentry/config_entry.pb.go  | 2629 +++++++++--------
 .../private/pbconfigentry/config_entry.proto  |   38 +
 12 files changed, 1840 insertions(+), 1172 deletions(-)
 create mode 100644 .changelog/18583.txt

diff --git a/.changelog/18583.txt b/.changelog/18583.txt
new file mode 100644
index 000000000000..8121e01ced0d
--- /dev/null
+++ b/.changelog/18583.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+mesh: **(Enterprise only)** Adds rate limiting config to service-defaults
+```
diff --git a/agent/configentry/merge_service_config.go b/agent/configentry/merge_service_config.go
index d0d33b0d6527..1bbe24a3ebc4 100644
--- a/agent/configentry/merge_service_config.go
+++ b/agent/configentry/merge_service_config.go
@@ -7,7 +7,7 @@ import (
 	"fmt"
 
 	"github.com/hashicorp/go-hclog"
-	memdb "github.com/hashicorp/go-memdb"
+	"github.com/hashicorp/go-memdb"
 	"github.com/imdario/mergo"
 	"github.com/mitchellh/copystructure"
 
@@ -141,6 +141,10 @@ func MergeServiceConfig(defaults *structs.ServiceConfigResponse, service *struct
 		ns.Proxy.EnvoyExtensions = nsExtensions
 	}
 
+	if ratelimit := defaults.RateLimits.ToEnvoyExtension(); ratelimit != nil {
+		ns.Proxy.EnvoyExtensions = append(ns.Proxy.EnvoyExtensions, *ratelimit)
+	}
+
 	if ns.Proxy.MeshGateway.Mode == structs.MeshGatewayModeDefault {
 		ns.Proxy.MeshGateway.Mode = defaults.MeshGateway.Mode
 	}
diff --git a/agent/configentry/merge_service_config_test.go b/agent/configentry/merge_service_config_test.go
index e8ed84ad7b16..e9f051d0026a 100644
--- a/agent/configentry/merge_service_config_test.go
+++ b/agent/configentry/merge_service_config_test.go
@@ -972,3 +972,111 @@ func Test_MergeServiceConfig_UpstreamOverrides(t *testing.T) {
 		})
 	}
 }
+
+// Tests that RateLimit config is a no-op in non-enterprise.
+// In practice, the ratelimit config would have been validated
+// on write.
+func Test_MergeServiceConfig_RateLimit(t *testing.T) {
+	rl := structs.RateLimits{
+		InstanceLevel: structs.InstanceLevelRateLimits{
+			RequestsPerSecond: 1234,
+			RequestsMaxBurst:  2345,
+			Routes: []structs.InstanceLevelRouteRateLimits{
+				{
+					PathExact:         "/admin",
+					RequestsPerSecond: 3333,
+					RequestsMaxBurst:  4444,
+				},
+			},
+		},
+	}
+	tests := []struct {
+		name     string
+		defaults *structs.ServiceConfigResponse
+		service  *structs.NodeService
+		want     *structs.NodeService
+	}{
+		{
+			name: "injects ratelimit extension",
+			defaults: &structs.ServiceConfigResponse{
+				RateLimits: rl,
+			},
+			service: &structs.NodeService{
+				ID:      "foo-proxy",
+				Service: "foo-proxy",
+				Proxy: structs.ConnectProxyConfig{
+					DestinationServiceName: "foo",
+					DestinationServiceID:   "foo",
+				},
+			},
+			want: &structs.NodeService{
+				ID:      "foo-proxy",
+				Service: "foo-proxy",
+				Proxy: structs.ConnectProxyConfig{
+					DestinationServiceName: "foo",
+					DestinationServiceID:   "foo",
+					EnvoyExtensions: func() []structs.EnvoyExtension {
+						if ext := rl.ToEnvoyExtension(); ext != nil {
+							return []structs.EnvoyExtension{*ext}
+						}
+						return nil
+					}(),
+				},
+			},
+		},
+		{
+			name: "injects ratelimit extension at the end",
+			defaults: &structs.ServiceConfigResponse{
+				RateLimits: rl,
+				EnvoyExtensions: []structs.EnvoyExtension{
+					{
+						Name:     "existing-ext",
+						Required: true,
+						Arguments: map[string]interface{}{
+							"arg1": "val1",
+						},
+					},
+				},
+			},
+			service: &structs.NodeService{
+				ID:      "foo-proxy",
+				Service: "foo-proxy",
+				Proxy: structs.ConnectProxyConfig{
+					DestinationServiceName: "foo",
+					DestinationServiceID:   "foo",
+				},
+			},
+
+			want: &structs.NodeService{
+				ID:      "foo-proxy",
+				Service: "foo-proxy",
+				Proxy: structs.ConnectProxyConfig{
+					DestinationServiceName: "foo",
+					DestinationServiceID:   "foo",
+					EnvoyExtensions: func() []structs.EnvoyExtension {
+						existing := []structs.EnvoyExtension{
+							{
+								Name:     "existing-ext",
+								Required: true,
+								Arguments: map[string]interface{}{
+									"arg1": "val1",
+								},
+							},
+						}
+						if ext := rl.ToEnvoyExtension(); ext != nil {
+							existing = append(existing, *ext)
+						}
+						return existing
+					}(),
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := MergeServiceConfig(tt.defaults, tt.service)
+			require.NoError(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/agent/configentry/resolve.go b/agent/configentry/resolve.go
index 76ea794dee5e..82efc3b8bd75 100644
--- a/agent/configentry/resolve.go
+++ b/agent/configentry/resolve.go
@@ -117,6 +117,9 @@ func ComputeResolvedServiceConfig(
 		if serviceConf.Destination != nil {
 			thisReply.Destination = *serviceConf.Destination
 		}
+		if serviceConf.RateLimits != nil {
+			thisReply.RateLimits = *serviceConf.RateLimits
+		}
 
 		// Populate values for the proxy config map
 		proxyConf := thisReply.ProxyConfig
diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go
index 27ea020bd404..4a38ce2f99d4 100644
--- a/agent/structs/config_entry.go
+++ b/agent/structs/config_entry.go
@@ -165,6 +165,7 @@ type ServiceConfigEntry struct {
 	LocalConnectTimeoutMs     int                    `json:",omitempty" alias:"local_connect_timeout_ms"`
 	LocalRequestTimeoutMs     int                    `json:",omitempty" alias:"local_request_timeout_ms"`
 	BalanceInboundConnections string                 `json:",omitempty" alias:"balance_inbound_connections"`
+	RateLimits                *RateLimits            `json:",omitempty" alias:"rate_limits"`
 	EnvoyExtensions           EnvoyExtensions        `json:",omitempty" alias:"envoy_extensions"`
 
 	Meta               map[string]string `json:",omitempty"`
@@ -286,6 +287,10 @@ func (e *ServiceConfigEntry) Validate() error {
 		}
 	}
 
+	if err := validateRatelimit(e.RateLimits); err != nil {
+		validationErr = multierror.Append(validationErr, err)
+	}
+
 	if err := envoyextensions.ValidateExtensions(e.EnvoyExtensions.ToAPI()); err != nil {
 		validationErr = multierror.Append(validationErr, err)
 	}
@@ -382,16 +387,52 @@ type DestinationConfig struct {
 	Port int `json:",omitempty"`
 }
 
-func IsHostname(address string) bool {
-	ip := net.ParseIP(address)
-	return ip == nil
-}
-
 func IsIP(address string) bool {
 	ip := net.ParseIP(address)
 	return ip != nil
 }
 
+// RateLimits is rate limiting configuration that is applied to
+// inbound traffic for a service.
+// Rate limiting is a Consul enterprise feature.
+type RateLimits struct {
+	InstanceLevel InstanceLevelRateLimits `alias:"instance_level"`
+}
+
+// InstanceLevelRateLimits represents rate limit configuration
+// that are applied per service instance.
+type InstanceLevelRateLimits struct {
+	// RequestsPerSecond is the average number of requests per second that can be
+	// made without being throttled. This field is required if RequestsMaxBurst
+	// is set. The allowed number of requests may exceed RequestsPerSecond up to
+	// the value specified in RequestsMaxBurst.
+	//
+	// Internally, this is the refill rate of the token bucket used for rate limiting.
+	RequestsPerSecond int `alias:"requests_per_second"`
+
+	// RequestsMaxBurst is the maximum number of requests that can be sent
+	// in a burst. Should be equal to or greater than RequestsPerSecond.
+	// If unset, defaults to RequestsPerSecond.
+	//
+	// Internally, this is the maximum size of the token bucket used for rate limiting.
+	RequestsMaxBurst int `alias:"requests_max_burst"`
+
+	// Routes is a list of rate limits applied to specific routes.
+	// Overrides any top-level configuration.
+	Routes []InstanceLevelRouteRateLimits
+}
+
+// InstanceLevelRouteRateLimits represents rate limit configuration
+// applied to a route matching one of PathExact/PathPrefix/PathRegex.
+type InstanceLevelRouteRateLimits struct {
+	PathExact  string `alias:"path_exact"`
+	PathPrefix string `alias:"path_prefix"`
+	PathRegex  string `alias:"path_regex"`
+
+	RequestsPerSecond int `alias:"requests_per_second"`
+	RequestsMaxBurst  int `alias:"requests_max_burst"`
+}
+
 // ProxyConfigEntry is the top-level struct for global proxy configuration defaults.
 type ProxyConfigEntry struct {
 	Kind                 string
@@ -1218,6 +1259,7 @@ type ServiceConfigResponse struct {
 	Mode             ProxyMode              `json:",omitempty"`
 	Destination      DestinationConfig      `json:",omitempty"`
 	AccessLogs       AccessLogsConfig       `json:",omitempty"`
+	RateLimits       RateLimits             `json:",omitempty"`
 	Meta             map[string]string      `json:",omitempty"`
 	EnvoyExtensions  []EnvoyExtension       `json:",omitempty"`
 	QueryMeta
diff --git a/agent/structs/config_entry_ce.go b/agent/structs/config_entry_ce.go
index b95192bec22b..0cac27bdbf3e 100644
--- a/agent/structs/config_entry_ce.go
+++ b/agent/structs/config_entry_ce.go
@@ -53,3 +53,12 @@ func validateExportedServicesName(name string) error {
 func makeEnterpriseConfigEntry(kind, name string) ConfigEntry {
 	return nil
 }
+
+func validateRatelimit(rl *RateLimits) error {
+	if rl != nil {
+		return fmt.Errorf("invalid rate_limits config. Rate limiting is a consul enterprise feature")
+	}
+	return nil
+}
+
+func (rl RateLimits) ToEnvoyExtension() *EnvoyExtension { return nil }
diff --git a/agent/structs/structs.deepcopy.go b/agent/structs/structs.deepcopy.go
index 35dd20062817..0434ba1e67da 100644
--- a/agent/structs/structs.deepcopy.go
+++ b/agent/structs/structs.deepcopy.go
@@ -897,6 +897,14 @@ func (o *ServiceConfigEntry) DeepCopy() *ServiceConfigEntry {
 			copy(cp.Destination.Addresses, o.Destination.Addresses)
 		}
 	}
+	if o.RateLimits != nil {
+		cp.RateLimits = new(RateLimits)
+		*cp.RateLimits = *o.RateLimits
+		if o.RateLimits.InstanceLevel.Routes != nil {
+			cp.RateLimits.InstanceLevel.Routes = make([]InstanceLevelRouteRateLimits, len(o.RateLimits.InstanceLevel.Routes))
+			copy(cp.RateLimits.InstanceLevel.Routes, o.RateLimits.InstanceLevel.Routes)
+		}
+	}
 	if o.EnvoyExtensions != nil {
 		cp.EnvoyExtensions = make([]EnvoyExtension, len(o.EnvoyExtensions))
 		copy(cp.EnvoyExtensions, o.EnvoyExtensions)
@@ -947,6 +955,10 @@ func (o *ServiceConfigResponse) DeepCopy() *ServiceConfigResponse {
 		cp.Destination.Addresses = make([]string, len(o.Destination.Addresses))
 		copy(cp.Destination.Addresses, o.Destination.Addresses)
 	}
+	if o.RateLimits.InstanceLevel.Routes != nil {
+		cp.RateLimits.InstanceLevel.Routes = make([]InstanceLevelRouteRateLimits, len(o.RateLimits.InstanceLevel.Routes))
+		copy(cp.RateLimits.InstanceLevel.Routes, o.RateLimits.InstanceLevel.Routes)
+	}
 	if o.Meta != nil {
 		cp.Meta = make(map[string]string, len(o.Meta))
 		for k2, v2 := range o.Meta {
diff --git a/api/config_entry.go b/api/config_entry.go
index 405e92ef2741..77548194d5c4 100644
--- a/api/config_entry.go
+++ b/api/config_entry.go
@@ -314,6 +314,47 @@ type UpstreamLimits struct {
 	MaxConcurrentRequests *int `alias:"max_concurrent_requests"`
 }
 
+// RateLimits is rate limiting configuration that is applied to
+// inbound traffic for a service.
+// Rate limiting is a Consul enterprise feature.
+type RateLimits struct {
+	InstanceLevel InstanceLevelRateLimits `alias:"instance_level"`
+}
+
+// InstanceLevelRateLimits represents rate limit configuration
+// that are applied per service instance.
+type InstanceLevelRateLimits struct {
+	// RequestsPerSecond is the average number of requests per second that can be
+	// made without being throttled. This field is required if RequestsMaxBurst
+	// is set. The allowed number of requests may exceed RequestsPerSecond up to
+	// the value specified in RequestsMaxBurst.
+	//
+	// Internally, this is the refill rate of the token bucket used for rate limiting.
+	RequestsPerSecond int `alias:"requests_per_second"`
+
+	// RequestsMaxBurst is the maximum number of requests that can be sent
+	// in a burst. Should be equal to or greater than RequestsPerSecond.
+	// If unset, defaults to RequestsPerSecond.
+	//
+	// Internally, this is the maximum size of the token bucket used for rate limiting.
+	RequestsMaxBurst int `alias:"requests_max_burst"`
+
+	// Routes is a list of rate limits applied to specific routes.
+	// Overrides any top-level configuration.
+	Routes []InstanceLevelRouteRateLimits
+}
+
+// InstanceLevelRouteRateLimits represents rate limit configuration
+// applied to a route matching one of PathExact/PathPrefix/PathRegex.
+type InstanceLevelRouteRateLimits struct {
+	PathExact  string `alias:"path_exact"`
+	PathPrefix string `alias:"path_prefix"`
+	PathRegex  string `alias:"path_regex"`
+
+	RequestsPerSecond int `alias:"requests_per_second"`
+	RequestsMaxBurst  int `alias:"requests_max_burst"`
+}
+
 type ServiceConfigEntry struct {
 	Kind                      string
 	Name                      string
@@ -332,6 +373,7 @@ type ServiceConfigEntry struct {
 	LocalConnectTimeoutMs     int                     `json:",omitempty" alias:"local_connect_timeout_ms"`
 	LocalRequestTimeoutMs     int                     `json:",omitempty" alias:"local_request_timeout_ms"`
 	BalanceInboundConnections string                  `json:",omitempty" alias:"balance_inbound_connections"`
+	RateLimits                *RateLimits             `json:",omitempty" alias:"rate_limits"`
 	EnvoyExtensions           []EnvoyExtension        `json:",omitempty" alias:"envoy_extensions"`
 	Meta                      map[string]string       `json:",omitempty"`
 	CreateIndex               uint64
diff --git a/proto/private/pbconfigentry/config_entry.gen.go b/proto/private/pbconfigentry/config_entry.gen.go
index ed5d9fcf78fe..61238fc91d80 100644
--- a/proto/private/pbconfigentry/config_entry.gen.go
+++ b/proto/private/pbconfigentry/config_entry.gen.go
@@ -938,6 +938,58 @@ func InlineCertificateFromStructs(t *structs.InlineCertificateConfigEntry, s *In
 	s.PrivateKey = t.PrivateKey
 	s.Meta = t.Meta
 }
+func InstanceLevelRateLimitsToStructs(s *InstanceLevelRateLimits, t *structs.InstanceLevelRateLimits) {
+	if s == nil {
+		return
+	}
+	t.RequestsPerSecond = int(s.RequestsPerSecond)
+	t.RequestsMaxBurst = int(s.RequestsMaxBurst)
+	{
+		t.Routes = make([]structs.InstanceLevelRouteRateLimits, len(s.Routes))
+		for i := range s.Routes {
+			if s.Routes[i] != nil {
+				InstanceLevelRouteRateLimitsToStructs(s.Routes[i], &t.Routes[i])
+			}
+		}
+	}
+}
+func InstanceLevelRateLimitsFromStructs(t *structs.InstanceLevelRateLimits, s *InstanceLevelRateLimits) {
+	if s == nil {
+		return
+	}
+	s.RequestsPerSecond = uint32(t.RequestsPerSecond)
+	s.RequestsMaxBurst = uint32(t.RequestsMaxBurst)
+	{
+		s.Routes = make([]*InstanceLevelRouteRateLimits, len(t.Routes))
+		for i := range t.Routes {
+			{
+				var x InstanceLevelRouteRateLimits
+				InstanceLevelRouteRateLimitsFromStructs(&t.Routes[i], &x)
+				s.Routes[i] = &x
+			}
+		}
+	}
+}
+func InstanceLevelRouteRateLimitsToStructs(s *InstanceLevelRouteRateLimits, t *structs.InstanceLevelRouteRateLimits) {
+	if s == nil {
+		return
+	}
+	t.PathExact = s.PathExact
+	t.PathPrefix = s.PathPrefix
+	t.PathRegex = s.PathRegex
+	t.RequestsPerSecond = int(s.RequestsPerSecond)
+	t.RequestsMaxBurst = int(s.RequestsMaxBurst)
+}
+func InstanceLevelRouteRateLimitsFromStructs(t *structs.InstanceLevelRouteRateLimits, s *InstanceLevelRouteRateLimits) {
+	if s == nil {
+		return
+	}
+	s.PathExact = t.PathExact
+	s.PathPrefix = t.PathPrefix
+	s.PathRegex = t.PathRegex
+	s.RequestsPerSecond = uint32(t.RequestsPerSecond)
+	s.RequestsMaxBurst = uint32(t.RequestsMaxBurst)
+}
 func IntentionHTTPHeaderPermissionToStructs(s *IntentionHTTPHeaderPermission, t *structs.IntentionHTTPHeaderPermission) {
 	if s == nil {
 		return
@@ -1648,6 +1700,24 @@ func PeeringMeshConfigFromStructs(t *structs.PeeringMeshConfig, s *PeeringMeshCo
 	}
 	s.PeerThroughMeshGateways = t.PeerThroughMeshGateways
 }
+func RateLimitsToStructs(s *RateLimits, t *structs.RateLimits) {
+	if s == nil {
+		return
+	}
+	if s.InstanceLevel != nil {
+		InstanceLevelRateLimitsToStructs(s.InstanceLevel, &t.InstanceLevel)
+	}
+}
+func RateLimitsFromStructs(t *structs.RateLimits, s *RateLimits) {
+	if s == nil {
+		return
+	}
+	{
+		var x InstanceLevelRateLimits
+		InstanceLevelRateLimitsFromStructs(&t.InstanceLevel, &x)
+		s.InstanceLevel = &x
+	}
+}
 func RemoteJWKSToStructs(s *RemoteJWKS, t *structs.RemoteJWKS) {
 	if s == nil {
 		return
@@ -1833,6 +1903,11 @@ func ServiceDefaultsToStructs(s *ServiceDefaults, t *structs.ServiceConfigEntry)
 	t.LocalConnectTimeoutMs = int(s.LocalConnectTimeoutMs)
 	t.LocalRequestTimeoutMs = int(s.LocalRequestTimeoutMs)
 	t.BalanceInboundConnections = s.BalanceInboundConnections
+	if s.RateLimits != nil {
+		var x structs.RateLimits
+		RateLimitsToStructs(s.RateLimits, &x)
+		t.RateLimits = &x
+	}
 	t.EnvoyExtensions = EnvoyExtensionsToStructs(s.EnvoyExtensions)
 	t.Meta = s.Meta
 }
@@ -1873,6 +1948,11 @@ func ServiceDefaultsFromStructs(t *structs.ServiceConfigEntry, s *ServiceDefault
 	s.LocalConnectTimeoutMs = int32(t.LocalConnectTimeoutMs)
 	s.LocalRequestTimeoutMs = int32(t.LocalRequestTimeoutMs)
 	s.BalanceInboundConnections = t.BalanceInboundConnections
+	if t.RateLimits != nil {
+		var x RateLimits
+		RateLimitsFromStructs(t.RateLimits, &x)
+		s.RateLimits = &x
+	}
 	s.EnvoyExtensions = EnvoyExtensionsFromStructs(t.EnvoyExtensions)
 	s.Meta = t.Meta
 }
diff --git a/proto/private/pbconfigentry/config_entry.pb.binary.go b/proto/private/pbconfigentry/config_entry.pb.binary.go
index ee73e24eed85..9d8e6dc97022 100644
--- a/proto/private/pbconfigentry/config_entry.pb.binary.go
+++ b/proto/private/pbconfigentry/config_entry.pb.binary.go
@@ -457,6 +457,36 @@ func (msg *DestinationConfig) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
 
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *RateLimits) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *RateLimits) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InstanceLevelRateLimits) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InstanceLevelRateLimits) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *InstanceLevelRouteRateLimits) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *InstanceLevelRouteRateLimits) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
 // MarshalBinary implements encoding.BinaryMarshaler
 func (msg *APIGateway) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
diff --git a/proto/private/pbconfigentry/config_entry.pb.go b/proto/private/pbconfigentry/config_entry.pb.go
index 8ec7635b3ad1..2369142dddf8 100644
--- a/proto/private/pbconfigentry/config_entry.pb.go
+++ b/proto/private/pbconfigentry/config_entry.pb.go
@@ -3475,6 +3475,7 @@ type ServiceDefaults struct {
 	// mog: func-to=int func-from=int32
 	LocalRequestTimeoutMs     int32             `protobuf:"varint,11,opt,name=LocalRequestTimeoutMs,proto3" json:"LocalRequestTimeoutMs,omitempty"`
 	BalanceInboundConnections string            `protobuf:"bytes,12,opt,name=BalanceInboundConnections,proto3" json:"BalanceInboundConnections,omitempty"`
+	RateLimits                *RateLimits       `protobuf:"bytes,16,opt,name=RateLimits,proto3" json:"RateLimits,omitempty"`
 	Meta                      map[string]string `protobuf:"bytes,13,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// mog: func-to=EnvoyExtensionsToStructs func-from=EnvoyExtensionsFromStructs
 	EnvoyExtensions []*pbcommon.EnvoyExtension `protobuf:"bytes,14,rep,name=EnvoyExtensions,proto3" json:"EnvoyExtensions,omitempty"`
@@ -3598,6 +3599,13 @@ func (x *ServiceDefaults) GetBalanceInboundConnections() string {
 	return ""
 }
 
+func (x *ServiceDefaults) GetRateLimits() *RateLimits {
+	if x != nil {
+		return x.RateLimits
+	}
+	return nil
+}
+
 func (x *ServiceDefaults) GetMeta() map[string]string {
 	if x != nil {
 		return x.Meta
@@ -4293,6 +4301,214 @@ func (x *DestinationConfig) GetPort() int32 {
 	return 0
 }
 
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.RateLimits
+// output=config_entry.gen.go
+// name=Structs
+type RateLimits struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	InstanceLevel *InstanceLevelRateLimits `protobuf:"bytes,1,opt,name=InstanceLevel,proto3" json:"InstanceLevel,omitempty"`
+}
+
+func (x *RateLimits) Reset() {
+	*x = RateLimits{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[45]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RateLimits) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RateLimits) ProtoMessage() {}
+
+func (x *RateLimits) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[45]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RateLimits.ProtoReflect.Descriptor instead.
+func (*RateLimits) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{45}
+}
+
+func (x *RateLimits) GetInstanceLevel() *InstanceLevelRateLimits {
+	if x != nil {
+		return x.InstanceLevel
+	}
+	return nil
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.InstanceLevelRateLimits
+// output=config_entry.gen.go
+// name=Structs
+type InstanceLevelRateLimits struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// mog: func-to=int func-from=uint32
+	RequestsPerSecond uint32 `protobuf:"varint,1,opt,name=RequestsPerSecond,proto3" json:"RequestsPerSecond,omitempty"`
+	// mog: func-to=int func-from=uint32
+	RequestsMaxBurst uint32                          `protobuf:"varint,2,opt,name=RequestsMaxBurst,proto3" json:"RequestsMaxBurst,omitempty"`
+	Routes           []*InstanceLevelRouteRateLimits `protobuf:"bytes,3,rep,name=Routes,proto3" json:"Routes,omitempty"`
+}
+
+func (x *InstanceLevelRateLimits) Reset() {
+	*x = InstanceLevelRateLimits{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[46]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InstanceLevelRateLimits) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InstanceLevelRateLimits) ProtoMessage() {}
+
+func (x *InstanceLevelRateLimits) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[46]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InstanceLevelRateLimits.ProtoReflect.Descriptor instead.
+func (*InstanceLevelRateLimits) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{46}
+}
+
+func (x *InstanceLevelRateLimits) GetRequestsPerSecond() uint32 {
+	if x != nil {
+		return x.RequestsPerSecond
+	}
+	return 0
+}
+
+func (x *InstanceLevelRateLimits) GetRequestsMaxBurst() uint32 {
+	if x != nil {
+		return x.RequestsMaxBurst
+	}
+	return 0
+}
+
+func (x *InstanceLevelRateLimits) GetRoutes() []*InstanceLevelRouteRateLimits {
+	if x != nil {
+		return x.Routes
+	}
+	return nil
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.InstanceLevelRouteRateLimits
+// output=config_entry.gen.go
+// name=Structs
+type InstanceLevelRouteRateLimits struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	PathExact  string `protobuf:"bytes,1,opt,name=PathExact,proto3" json:"PathExact,omitempty"`
+	PathPrefix string `protobuf:"bytes,2,opt,name=PathPrefix,proto3" json:"PathPrefix,omitempty"`
+	PathRegex  string `protobuf:"bytes,3,opt,name=PathRegex,proto3" json:"PathRegex,omitempty"`
+	// mog: func-to=int func-from=uint32
+	RequestsPerSecond uint32 `protobuf:"varint,4,opt,name=RequestsPerSecond,proto3" json:"RequestsPerSecond,omitempty"`
+	// mog: func-to=int func-from=uint32
+	RequestsMaxBurst uint32 `protobuf:"varint,5,opt,name=RequestsMaxBurst,proto3" json:"RequestsMaxBurst,omitempty"`
+}
+
+func (x *InstanceLevelRouteRateLimits) Reset() {
+	*x = InstanceLevelRouteRateLimits{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[47]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *InstanceLevelRouteRateLimits) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InstanceLevelRouteRateLimits) ProtoMessage() {}
+
+func (x *InstanceLevelRouteRateLimits) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[47]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InstanceLevelRouteRateLimits.ProtoReflect.Descriptor instead.
+func (*InstanceLevelRouteRateLimits) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{47}
+}
+
+func (x *InstanceLevelRouteRateLimits) GetPathExact() string {
+	if x != nil {
+		return x.PathExact
+	}
+	return ""
+}
+
+func (x *InstanceLevelRouteRateLimits) GetPathPrefix() string {
+	if x != nil {
+		return x.PathPrefix
+	}
+	return ""
+}
+
+func (x *InstanceLevelRouteRateLimits) GetPathRegex() string {
+	if x != nil {
+		return x.PathRegex
+	}
+	return ""
+}
+
+func (x *InstanceLevelRouteRateLimits) GetRequestsPerSecond() uint32 {
+	if x != nil {
+		return x.RequestsPerSecond
+	}
+	return 0
+}
+
+func (x *InstanceLevelRouteRateLimits) GetRequestsMaxBurst() uint32 {
+	if x != nil {
+		return x.RequestsMaxBurst
+	}
+	return 0
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.APIGatewayConfigEntry
@@ -4312,7 +4528,7 @@ type APIGateway struct {
 func (x *APIGateway) Reset() {
 	*x = APIGateway{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[45]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[48]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4325,7 +4541,7 @@ func (x *APIGateway) String() string {
 func (*APIGateway) ProtoMessage() {}
 
 func (x *APIGateway) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[45]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[48]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4338,7 +4554,7 @@ func (x *APIGateway) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use APIGateway.ProtoReflect.Descriptor instead.
 func (*APIGateway) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{45}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{48}
 }
 
 func (x *APIGateway) GetMeta() map[string]string {
@@ -4378,7 +4594,7 @@ type Status struct {
 func (x *Status) Reset() {
 	*x = Status{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[46]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[49]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4391,7 +4607,7 @@ func (x *Status) String() string {
 func (*Status) ProtoMessage() {}
 
 func (x *Status) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[46]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[49]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4404,7 +4620,7 @@ func (x *Status) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Status.ProtoReflect.Descriptor instead.
 func (*Status) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{46}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{49}
 }
 
 func (x *Status) GetConditions() []*Condition {
@@ -4436,7 +4652,7 @@ type Condition struct {
 func (x *Condition) Reset() {
 	*x = Condition{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[47]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4449,7 +4665,7 @@ func (x *Condition) String() string {
 func (*Condition) ProtoMessage() {}
 
 func (x *Condition) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[47]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4462,7 +4678,7 @@ func (x *Condition) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Condition.ProtoReflect.Descriptor instead.
 func (*Condition) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{47}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{50}
 }
 
 func (x *Condition) GetType() string {
@@ -4531,7 +4747,7 @@ type APIGatewayListener struct {
 func (x *APIGatewayListener) Reset() {
 	*x = APIGatewayListener{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[48]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4544,7 +4760,7 @@ func (x *APIGatewayListener) String() string {
 func (*APIGatewayListener) ProtoMessage() {}
 
 func (x *APIGatewayListener) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[48]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4557,7 +4773,7 @@ func (x *APIGatewayListener) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use APIGatewayListener.ProtoReflect.Descriptor instead.
 func (*APIGatewayListener) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{48}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{51}
 }
 
 func (x *APIGatewayListener) GetName() string {
@@ -4631,7 +4847,7 @@ type APIGatewayTLSConfiguration struct {
 func (x *APIGatewayTLSConfiguration) Reset() {
 	*x = APIGatewayTLSConfiguration{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[49]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4644,7 +4860,7 @@ func (x *APIGatewayTLSConfiguration) String() string {
 func (*APIGatewayTLSConfiguration) ProtoMessage() {}
 
 func (x *APIGatewayTLSConfiguration) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[49]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4657,7 +4873,7 @@ func (x *APIGatewayTLSConfiguration) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use APIGatewayTLSConfiguration.ProtoReflect.Descriptor instead.
 func (*APIGatewayTLSConfiguration) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{49}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{52}
 }
 
 func (x *APIGatewayTLSConfiguration) GetCertificates() []*ResourceReference {
@@ -4705,7 +4921,7 @@ type APIGatewayPolicy struct {
 func (x *APIGatewayPolicy) Reset() {
 	*x = APIGatewayPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4718,7 +4934,7 @@ func (x *APIGatewayPolicy) String() string {
 func (*APIGatewayPolicy) ProtoMessage() {}
 
 func (x *APIGatewayPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4731,7 +4947,7 @@ func (x *APIGatewayPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use APIGatewayPolicy.ProtoReflect.Descriptor instead.
 func (*APIGatewayPolicy) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{50}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{53}
 }
 
 func (x *APIGatewayPolicy) GetJWT() *APIGatewayJWTRequirement {
@@ -4752,7 +4968,7 @@ type APIGatewayJWTRequirement struct {
 func (x *APIGatewayJWTRequirement) Reset() {
 	*x = APIGatewayJWTRequirement{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4765,7 +4981,7 @@ func (x *APIGatewayJWTRequirement) String() string {
 func (*APIGatewayJWTRequirement) ProtoMessage() {}
 
 func (x *APIGatewayJWTRequirement) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4778,7 +4994,7 @@ func (x *APIGatewayJWTRequirement) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use APIGatewayJWTRequirement.ProtoReflect.Descriptor instead.
 func (*APIGatewayJWTRequirement) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{51}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{54}
 }
 
 func (x *APIGatewayJWTRequirement) GetProviders() []*APIGatewayJWTProvider {
@@ -4800,7 +5016,7 @@ type APIGatewayJWTProvider struct {
 func (x *APIGatewayJWTProvider) Reset() {
 	*x = APIGatewayJWTProvider{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4813,7 +5029,7 @@ func (x *APIGatewayJWTProvider) String() string {
 func (*APIGatewayJWTProvider) ProtoMessage() {}
 
 func (x *APIGatewayJWTProvider) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4826,7 +5042,7 @@ func (x *APIGatewayJWTProvider) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use APIGatewayJWTProvider.ProtoReflect.Descriptor instead.
 func (*APIGatewayJWTProvider) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{52}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{55}
 }
 
 func (x *APIGatewayJWTProvider) GetName() string {
@@ -4855,7 +5071,7 @@ type APIGatewayJWTClaimVerification struct {
 func (x *APIGatewayJWTClaimVerification) Reset() {
 	*x = APIGatewayJWTClaimVerification{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4868,7 +5084,7 @@ func (x *APIGatewayJWTClaimVerification) String() string {
 func (*APIGatewayJWTClaimVerification) ProtoMessage() {}
 
 func (x *APIGatewayJWTClaimVerification) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4881,7 +5097,7 @@ func (x *APIGatewayJWTClaimVerification) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use APIGatewayJWTClaimVerification.ProtoReflect.Descriptor instead.
 func (*APIGatewayJWTClaimVerification) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{53}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{56}
 }
 
 func (x *APIGatewayJWTClaimVerification) GetPath() []string {
@@ -4918,7 +5134,7 @@ type ResourceReference struct {
 func (x *ResourceReference) Reset() {
 	*x = ResourceReference{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4931,7 +5147,7 @@ func (x *ResourceReference) String() string {
 func (*ResourceReference) ProtoMessage() {}
 
 func (x *ResourceReference) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4944,7 +5160,7 @@ func (x *ResourceReference) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ResourceReference.ProtoReflect.Descriptor instead.
 func (*ResourceReference) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{54}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{57}
 }
 
 func (x *ResourceReference) GetKind() string {
@@ -4993,7 +5209,7 @@ type BoundAPIGateway struct {
 func (x *BoundAPIGateway) Reset() {
 	*x = BoundAPIGateway{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5006,7 +5222,7 @@ func (x *BoundAPIGateway) String() string {
 func (*BoundAPIGateway) ProtoMessage() {}
 
 func (x *BoundAPIGateway) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5019,7 +5235,7 @@ func (x *BoundAPIGateway) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use BoundAPIGateway.ProtoReflect.Descriptor instead.
 func (*BoundAPIGateway) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{55}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{58}
 }
 
 func (x *BoundAPIGateway) GetMeta() map[string]string {
@@ -5054,7 +5270,7 @@ type BoundAPIGatewayListener struct {
 func (x *BoundAPIGatewayListener) Reset() {
 	*x = BoundAPIGatewayListener{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5067,7 +5283,7 @@ func (x *BoundAPIGatewayListener) String() string {
 func (*BoundAPIGatewayListener) ProtoMessage() {}
 
 func (x *BoundAPIGatewayListener) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5080,7 +5296,7 @@ func (x *BoundAPIGatewayListener) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use BoundAPIGatewayListener.ProtoReflect.Descriptor instead.
 func (*BoundAPIGatewayListener) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{56}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{59}
 }
 
 func (x *BoundAPIGatewayListener) GetName() string {
@@ -5123,7 +5339,7 @@ type InlineCertificate struct {
 func (x *InlineCertificate) Reset() {
 	*x = InlineCertificate{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5136,7 +5352,7 @@ func (x *InlineCertificate) String() string {
 func (*InlineCertificate) ProtoMessage() {}
 
 func (x *InlineCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5149,7 +5365,7 @@ func (x *InlineCertificate) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use InlineCertificate.ProtoReflect.Descriptor instead.
 func (*InlineCertificate) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{57}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{60}
 }
 
 func (x *InlineCertificate) GetMeta() map[string]string {
@@ -5194,7 +5410,7 @@ type HTTPRoute struct {
 func (x *HTTPRoute) Reset() {
 	*x = HTTPRoute{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5207,7 +5423,7 @@ func (x *HTTPRoute) String() string {
 func (*HTTPRoute) ProtoMessage() {}
 
 func (x *HTTPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5220,7 +5436,7 @@ func (x *HTTPRoute) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPRoute.ProtoReflect.Descriptor instead.
 func (*HTTPRoute) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{58}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{61}
 }
 
 func (x *HTTPRoute) GetMeta() map[string]string {
@@ -5276,7 +5492,7 @@ type HTTPRouteRule struct {
 func (x *HTTPRouteRule) Reset() {
 	*x = HTTPRouteRule{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5289,7 +5505,7 @@ func (x *HTTPRouteRule) String() string {
 func (*HTTPRouteRule) ProtoMessage() {}
 
 func (x *HTTPRouteRule) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5302,7 +5518,7 @@ func (x *HTTPRouteRule) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPRouteRule.ProtoReflect.Descriptor instead.
 func (*HTTPRouteRule) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{59}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{62}
 }
 
 func (x *HTTPRouteRule) GetFilters() *HTTPFilters {
@@ -5346,7 +5562,7 @@ type HTTPMatch struct {
 func (x *HTTPMatch) Reset() {
 	*x = HTTPMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5359,7 +5575,7 @@ func (x *HTTPMatch) String() string {
 func (*HTTPMatch) ProtoMessage() {}
 
 func (x *HTTPMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5372,7 +5588,7 @@ func (x *HTTPMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPMatch.ProtoReflect.Descriptor instead.
 func (*HTTPMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{60}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{63}
 }
 
 func (x *HTTPMatch) GetHeaders() []*HTTPHeaderMatch {
@@ -5422,7 +5638,7 @@ type HTTPHeaderMatch struct {
 func (x *HTTPHeaderMatch) Reset() {
 	*x = HTTPHeaderMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5435,7 +5651,7 @@ func (x *HTTPHeaderMatch) String() string {
 func (*HTTPHeaderMatch) ProtoMessage() {}
 
 func (x *HTTPHeaderMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5448,7 +5664,7 @@ func (x *HTTPHeaderMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPHeaderMatch.ProtoReflect.Descriptor instead.
 func (*HTTPHeaderMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{61}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{64}
 }
 
 func (x *HTTPHeaderMatch) GetMatch() HTTPHeaderMatchType {
@@ -5490,7 +5706,7 @@ type HTTPPathMatch struct {
 func (x *HTTPPathMatch) Reset() {
 	*x = HTTPPathMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5503,7 +5719,7 @@ func (x *HTTPPathMatch) String() string {
 func (*HTTPPathMatch) ProtoMessage() {}
 
 func (x *HTTPPathMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5516,7 +5732,7 @@ func (x *HTTPPathMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPPathMatch.ProtoReflect.Descriptor instead.
 func (*HTTPPathMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{62}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{65}
 }
 
 func (x *HTTPPathMatch) GetMatch() HTTPPathMatchType {
@@ -5552,7 +5768,7 @@ type HTTPQueryMatch struct {
 func (x *HTTPQueryMatch) Reset() {
 	*x = HTTPQueryMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5565,7 +5781,7 @@ func (x *HTTPQueryMatch) String() string {
 func (*HTTPQueryMatch) ProtoMessage() {}
 
 func (x *HTTPQueryMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5578,7 +5794,7 @@ func (x *HTTPQueryMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPQueryMatch.ProtoReflect.Descriptor instead.
 func (*HTTPQueryMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{63}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{66}
 }
 
 func (x *HTTPQueryMatch) GetMatch() HTTPQueryMatchType {
@@ -5623,7 +5839,7 @@ type HTTPFilters struct {
 func (x *HTTPFilters) Reset() {
 	*x = HTTPFilters{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5636,7 +5852,7 @@ func (x *HTTPFilters) String() string {
 func (*HTTPFilters) ProtoMessage() {}
 
 func (x *HTTPFilters) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5649,7 +5865,7 @@ func (x *HTTPFilters) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPFilters.ProtoReflect.Descriptor instead.
 func (*HTTPFilters) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{64}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{67}
 }
 
 func (x *HTTPFilters) GetHeaders() []*HTTPHeaderFilter {
@@ -5703,7 +5919,7 @@ type URLRewrite struct {
 func (x *URLRewrite) Reset() {
 	*x = URLRewrite{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5716,7 +5932,7 @@ func (x *URLRewrite) String() string {
 func (*URLRewrite) ProtoMessage() {}
 
 func (x *URLRewrite) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5729,7 +5945,7 @@ func (x *URLRewrite) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use URLRewrite.ProtoReflect.Descriptor instead.
 func (*URLRewrite) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{65}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{68}
 }
 
 func (x *URLRewrite) GetPath() string {
@@ -5758,7 +5974,7 @@ type RetryFilter struct {
 func (x *RetryFilter) Reset() {
 	*x = RetryFilter{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5771,7 +5987,7 @@ func (x *RetryFilter) String() string {
 func (*RetryFilter) ProtoMessage() {}
 
 func (x *RetryFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5784,7 +6000,7 @@ func (x *RetryFilter) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RetryFilter.ProtoReflect.Descriptor instead.
 func (*RetryFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{66}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{69}
 }
 
 func (x *RetryFilter) GetNumRetries() uint32 {
@@ -5834,7 +6050,7 @@ type TimeoutFilter struct {
 func (x *TimeoutFilter) Reset() {
 	*x = TimeoutFilter{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5847,7 +6063,7 @@ func (x *TimeoutFilter) String() string {
 func (*TimeoutFilter) ProtoMessage() {}
 
 func (x *TimeoutFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5860,7 +6076,7 @@ func (x *TimeoutFilter) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TimeoutFilter.ProtoReflect.Descriptor instead.
 func (*TimeoutFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{67}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{70}
 }
 
 func (x *TimeoutFilter) GetRequestTimeout() *durationpb.Duration {
@@ -5888,7 +6104,7 @@ type JWTFilter struct {
 func (x *JWTFilter) Reset() {
 	*x = JWTFilter{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5901,7 +6117,7 @@ func (x *JWTFilter) String() string {
 func (*JWTFilter) ProtoMessage() {}
 
 func (x *JWTFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5914,7 +6130,7 @@ func (x *JWTFilter) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTFilter.ProtoReflect.Descriptor instead.
 func (*JWTFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{68}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{71}
 }
 
 func (x *JWTFilter) GetProviders() []*APIGatewayJWTProvider {
@@ -5942,7 +6158,7 @@ type HTTPHeaderFilter struct {
 func (x *HTTPHeaderFilter) Reset() {
 	*x = HTTPHeaderFilter{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5955,7 +6171,7 @@ func (x *HTTPHeaderFilter) String() string {
 func (*HTTPHeaderFilter) ProtoMessage() {}
 
 func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5968,7 +6184,7 @@ func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPHeaderFilter.ProtoReflect.Descriptor instead.
 func (*HTTPHeaderFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{69}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
 }
 
 func (x *HTTPHeaderFilter) GetAdd() map[string]string {
@@ -6013,7 +6229,7 @@ type HTTPService struct {
 func (x *HTTPService) Reset() {
 	*x = HTTPService{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6026,7 +6242,7 @@ func (x *HTTPService) String() string {
 func (*HTTPService) ProtoMessage() {}
 
 func (x *HTTPService) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6039,7 +6255,7 @@ func (x *HTTPService) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPService.ProtoReflect.Descriptor instead.
 func (*HTTPService) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{70}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
 }
 
 func (x *HTTPService) GetName() string {
@@ -6090,7 +6306,7 @@ type TCPRoute struct {
 func (x *TCPRoute) Reset() {
 	*x = TCPRoute{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6103,7 +6319,7 @@ func (x *TCPRoute) String() string {
 func (*TCPRoute) ProtoMessage() {}
 
 func (x *TCPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6116,7 +6332,7 @@ func (x *TCPRoute) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TCPRoute.ProtoReflect.Descriptor instead.
 func (*TCPRoute) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{71}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
 }
 
 func (x *TCPRoute) GetMeta() map[string]string {
@@ -6165,7 +6381,7 @@ type TCPService struct {
 func (x *TCPService) Reset() {
 	*x = TCPService{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6178,7 +6394,7 @@ func (x *TCPService) String() string {
 func (*TCPService) ProtoMessage() {}
 
 func (x *TCPService) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6191,7 +6407,7 @@ func (x *TCPService) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TCPService.ProtoReflect.Descriptor instead.
 func (*TCPService) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
 }
 
 func (x *TCPService) GetName() string {
@@ -6231,7 +6447,7 @@ type SamenessGroup struct {
 func (x *SamenessGroup) Reset() {
 	*x = SamenessGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6244,7 +6460,7 @@ func (x *SamenessGroup) String() string {
 func (*SamenessGroup) ProtoMessage() {}
 
 func (x *SamenessGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6257,7 +6473,7 @@ func (x *SamenessGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SamenessGroup.ProtoReflect.Descriptor instead.
 func (*SamenessGroup) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
 }
 
 func (x *SamenessGroup) GetName() string {
@@ -6319,7 +6535,7 @@ type SamenessGroupMember struct {
 func (x *SamenessGroupMember) Reset() {
 	*x = SamenessGroupMember{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6332,7 +6548,7 @@ func (x *SamenessGroupMember) String() string {
 func (*SamenessGroupMember) ProtoMessage() {}
 
 func (x *SamenessGroupMember) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6345,7 +6561,7 @@ func (x *SamenessGroupMember) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SamenessGroupMember.ProtoReflect.Descriptor instead.
 func (*SamenessGroupMember) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
 }
 
 func (x *SamenessGroupMember) GetPartition() string {
@@ -6387,7 +6603,7 @@ type JWTProvider struct {
 func (x *JWTProvider) Reset() {
 	*x = JWTProvider{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6400,7 +6616,7 @@ func (x *JWTProvider) String() string {
 func (*JWTProvider) ProtoMessage() {}
 
 func (x *JWTProvider) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6413,7 +6629,7 @@ func (x *JWTProvider) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTProvider.ProtoReflect.Descriptor instead.
 func (*JWTProvider) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
 }
 
 func (x *JWTProvider) GetJSONWebKeySet() *JSONWebKeySet {
@@ -6489,7 +6705,7 @@ type JSONWebKeySet struct {
 func (x *JSONWebKeySet) Reset() {
 	*x = JSONWebKeySet{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6502,7 +6718,7 @@ func (x *JSONWebKeySet) String() string {
 func (*JSONWebKeySet) ProtoMessage() {}
 
 func (x *JSONWebKeySet) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6515,7 +6731,7 @@ func (x *JSONWebKeySet) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JSONWebKeySet.ProtoReflect.Descriptor instead.
 func (*JSONWebKeySet) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
 }
 
 func (x *JSONWebKeySet) GetLocal() *LocalJWKS {
@@ -6549,7 +6765,7 @@ type LocalJWKS struct {
 func (x *LocalJWKS) Reset() {
 	*x = LocalJWKS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6562,7 +6778,7 @@ func (x *LocalJWKS) String() string {
 func (*LocalJWKS) ProtoMessage() {}
 
 func (x *LocalJWKS) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6575,7 +6791,7 @@ func (x *LocalJWKS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LocalJWKS.ProtoReflect.Descriptor instead.
 func (*LocalJWKS) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{80}
 }
 
 func (x *LocalJWKS) GetJWKS() string {
@@ -6615,7 +6831,7 @@ type RemoteJWKS struct {
 func (x *RemoteJWKS) Reset() {
 	*x = RemoteJWKS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6628,7 +6844,7 @@ func (x *RemoteJWKS) String() string {
 func (*RemoteJWKS) ProtoMessage() {}
 
 func (x *RemoteJWKS) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6641,7 +6857,7 @@ func (x *RemoteJWKS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RemoteJWKS.ProtoReflect.Descriptor instead.
 func (*RemoteJWKS) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{81}
 }
 
 func (x *RemoteJWKS) GetURI() string {
@@ -6705,7 +6921,7 @@ type JWKSCluster struct {
 func (x *JWKSCluster) Reset() {
 	*x = JWKSCluster{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6718,7 +6934,7 @@ func (x *JWKSCluster) String() string {
 func (*JWKSCluster) ProtoMessage() {}
 
 func (x *JWKSCluster) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6731,7 +6947,7 @@ func (x *JWKSCluster) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSCluster.ProtoReflect.Descriptor instead.
 func (*JWKSCluster) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{82}
 }
 
 func (x *JWKSCluster) GetDiscoveryType() string {
@@ -6772,7 +6988,7 @@ type JWKSTLSCertificate struct {
 func (x *JWKSTLSCertificate) Reset() {
 	*x = JWKSTLSCertificate{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6785,7 +7001,7 @@ func (x *JWKSTLSCertificate) String() string {
 func (*JWKSTLSCertificate) ProtoMessage() {}
 
 func (x *JWKSTLSCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6798,7 +7014,7 @@ func (x *JWKSTLSCertificate) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertificate.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertificate) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{80}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{83}
 }
 
 func (x *JWKSTLSCertificate) GetCaCertificateProviderInstance() *JWKSTLSCertProviderInstance {
@@ -6832,7 +7048,7 @@ type JWKSTLSCertProviderInstance struct {
 func (x *JWKSTLSCertProviderInstance) Reset() {
 	*x = JWKSTLSCertProviderInstance{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6845,7 +7061,7 @@ func (x *JWKSTLSCertProviderInstance) String() string {
 func (*JWKSTLSCertProviderInstance) ProtoMessage() {}
 
 func (x *JWKSTLSCertProviderInstance) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6858,7 +7074,7 @@ func (x *JWKSTLSCertProviderInstance) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertProviderInstance.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertProviderInstance) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{81}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{84}
 }
 
 func (x *JWKSTLSCertProviderInstance) GetInstanceName() string {
@@ -6894,7 +7110,7 @@ type JWKSTLSCertTrustedCA struct {
 func (x *JWKSTLSCertTrustedCA) Reset() {
 	*x = JWKSTLSCertTrustedCA{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6907,7 +7123,7 @@ func (x *JWKSTLSCertTrustedCA) String() string {
 func (*JWKSTLSCertTrustedCA) ProtoMessage() {}
 
 func (x *JWKSTLSCertTrustedCA) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6920,7 +7136,7 @@ func (x *JWKSTLSCertTrustedCA) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertTrustedCA.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertTrustedCA) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{82}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{85}
 }
 
 func (x *JWKSTLSCertTrustedCA) GetFilename() string {
@@ -6969,7 +7185,7 @@ type JWKSRetryPolicy struct {
 func (x *JWKSRetryPolicy) Reset() {
 	*x = JWKSRetryPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6982,7 +7198,7 @@ func (x *JWKSRetryPolicy) String() string {
 func (*JWKSRetryPolicy) ProtoMessage() {}
 
 func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6995,7 +7211,7 @@ func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSRetryPolicy.ProtoReflect.Descriptor instead.
 func (*JWKSRetryPolicy) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{83}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{86}
 }
 
 func (x *JWKSRetryPolicy) GetNumRetries() int32 {
@@ -7031,7 +7247,7 @@ type RetryPolicyBackOff struct {
 func (x *RetryPolicyBackOff) Reset() {
 	*x = RetryPolicyBackOff{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7044,7 +7260,7 @@ func (x *RetryPolicyBackOff) String() string {
 func (*RetryPolicyBackOff) ProtoMessage() {}
 
 func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7057,7 +7273,7 @@ func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RetryPolicyBackOff.ProtoReflect.Descriptor instead.
 func (*RetryPolicyBackOff) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{84}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{87}
 }
 
 func (x *RetryPolicyBackOff) GetBaseInterval() *durationpb.Duration {
@@ -7092,7 +7308,7 @@ type JWTLocation struct {
 func (x *JWTLocation) Reset() {
 	*x = JWTLocation{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7105,7 +7321,7 @@ func (x *JWTLocation) String() string {
 func (*JWTLocation) ProtoMessage() {}
 
 func (x *JWTLocation) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7118,7 +7334,7 @@ func (x *JWTLocation) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocation.ProtoReflect.Descriptor instead.
 func (*JWTLocation) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{85}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{88}
 }
 
 func (x *JWTLocation) GetHeader() *JWTLocationHeader {
@@ -7160,7 +7376,7 @@ type JWTLocationHeader struct {
 func (x *JWTLocationHeader) Reset() {
 	*x = JWTLocationHeader{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7173,7 +7389,7 @@ func (x *JWTLocationHeader) String() string {
 func (*JWTLocationHeader) ProtoMessage() {}
 
 func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7186,7 +7402,7 @@ func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationHeader.ProtoReflect.Descriptor instead.
 func (*JWTLocationHeader) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{86}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{89}
 }
 
 func (x *JWTLocationHeader) GetName() string {
@@ -7226,7 +7442,7 @@ type JWTLocationQueryParam struct {
 func (x *JWTLocationQueryParam) Reset() {
 	*x = JWTLocationQueryParam{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[90]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7239,7 +7455,7 @@ func (x *JWTLocationQueryParam) String() string {
 func (*JWTLocationQueryParam) ProtoMessage() {}
 
 func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[90]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7252,7 +7468,7 @@ func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationQueryParam.ProtoReflect.Descriptor instead.
 func (*JWTLocationQueryParam) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{87}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{90}
 }
 
 func (x *JWTLocationQueryParam) GetName() string {
@@ -7278,7 +7494,7 @@ type JWTLocationCookie struct {
 func (x *JWTLocationCookie) Reset() {
 	*x = JWTLocationCookie{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[91]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7291,7 +7507,7 @@ func (x *JWTLocationCookie) String() string {
 func (*JWTLocationCookie) ProtoMessage() {}
 
 func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[91]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7304,7 +7520,7 @@ func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationCookie.ProtoReflect.Descriptor instead.
 func (*JWTLocationCookie) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{88}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{91}
 }
 
 func (x *JWTLocationCookie) GetName() string {
@@ -7331,7 +7547,7 @@ type JWTForwardingConfig struct {
 func (x *JWTForwardingConfig) Reset() {
 	*x = JWTForwardingConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[92]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7344,7 +7560,7 @@ func (x *JWTForwardingConfig) String() string {
 func (*JWTForwardingConfig) ProtoMessage() {}
 
 func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[92]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7357,7 +7573,7 @@ func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTForwardingConfig.ProtoReflect.Descriptor instead.
 func (*JWTForwardingConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{89}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{92}
 }
 
 func (x *JWTForwardingConfig) GetHeaderName() string {
@@ -7391,7 +7607,7 @@ type JWTCacheConfig struct {
 func (x *JWTCacheConfig) Reset() {
 	*x = JWTCacheConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[90]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[93]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7404,7 +7620,7 @@ func (x *JWTCacheConfig) String() string {
 func (*JWTCacheConfig) ProtoMessage() {}
 
 func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[90]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[93]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7417,7 +7633,7 @@ func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTCacheConfig.ProtoReflect.Descriptor instead.
 func (*JWTCacheConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{90}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{93}
 }
 
 func (x *JWTCacheConfig) GetSize() int32 {
@@ -8081,7 +8297,7 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x06, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x12, 0x14, 0x0a, 0x05, 0x52, 0x65, 0x67, 0x65, 0x78,
 	0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x52, 0x65, 0x67, 0x65, 0x78, 0x12, 0x16, 0x0a,
 	0x06, 0x49, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x49,
-	0x6e, 0x76, 0x65, 0x72, 0x74, 0x22, 0x92, 0x09, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x6e, 0x76, 0x65, 0x72, 0x74, 0x22, 0xe5, 0x09, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
 	0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f,
 	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f,
 	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x44, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20,
@@ -8134,842 +8350,881 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
 	0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x19, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63,
 	0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x12, 0x54, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0d, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x5a, 0x0a, 0x0f, 0x45, 0x6e, 0x76,
-	0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0e, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e,
-	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e,
-	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54,
-	0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f,
-	0x64, 0x65, 0x52, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64,
-	0x65, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
-	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
-	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x74, 0x0a, 0x16, 0x54, 0x72,
-	0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64,
-	0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x05, 0x52, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74,
-	0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x44, 0x69, 0x61, 0x6c,
-	0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x0e, 0x44, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79,
-	0x22, 0x5f, 0x0a, 0x11, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4a, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68,
-	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x4d, 0x6f, 0x64,
-	0x65, 0x22, 0x6f, 0x0a, 0x0c, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x12, 0x16, 0x0a, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x12, 0x47, 0x0a, 0x05, 0x50, 0x61, 0x74,
-	0x68, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74, 0x68, 0x52, 0x05, 0x50, 0x61, 0x74,
-	0x68, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0a, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74,
-	0x68, 0x12, 0x22, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72,
-	0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65,
-	0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x24, 0x0a, 0x0d, 0x4c, 0x6f, 0x63,
-	0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05,
-	0x52, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x12,
-	0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x28, 0x0a, 0x0f, 0x50,
-	0x61, 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d,
-	0x43, 0x68, 0x65, 0x63, 0x6b, 0x22, 0xbf, 0x01, 0x0a, 0x15, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65,
-	0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
-	0x53, 0x0a, 0x09, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72,
-	0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x09, 0x4f, 0x76, 0x65, 0x72, 0x72,
-	0x69, 0x64, 0x65, 0x73, 0x12, 0x51, 0x0a, 0x08, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55,
-	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, 0x44,
-	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x22, 0x8a, 0x05, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74,
-	0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
-	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58,
-	0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x6f, 0x6e, 0x73, 0x12, 0x51, 0x0a, 0x0a, 0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74,
+	0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
+	0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x52, 0x0a, 0x52, 0x61, 0x74, 0x65,
+	0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x54, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0d,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x2e, 0x4d, 0x65, 0x74,
+	0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x5a, 0x0a, 0x0f,
+	0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+	0x0e, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75,
+	0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0e, 0x32,
+	0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c,
+	0x53, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53,
+	0x4d, 0x6f, 0x64, 0x65, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
+	0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x74, 0x0a,
+	0x16, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78,
+	0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f,
+	0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c,
+	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x44,
+	0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x0e, 0x44, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63,
+	0x74, 0x6c, 0x79, 0x22, 0x5f, 0x0a, 0x11, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77,
+	0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4a, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70,
-	0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70,
-	0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2c, 0x0a, 0x11, 0x45, 0x6e, 0x76, 0x6f,
-	0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x11, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
-	0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x2a, 0x0a, 0x10, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x10, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x53,
-	0x4f, 0x4e, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x2a,
-	0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
-	0x4d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x12, 0x4d, 0x0a, 0x06, 0x4c, 0x69,
-	0x6d, 0x69, 0x74, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74,
-	0x73, 0x52, 0x06, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x69, 0x0a, 0x12, 0x50, 0x61, 0x73,
-	0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x18,
-	0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d,
+	0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04,
+	0x4d, 0x6f, 0x64, 0x65, 0x22, 0x6f, 0x0a, 0x0c, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x12, 0x16, 0x0a, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x12, 0x47, 0x0a, 0x05,
+	0x50, 0x61, 0x74, 0x68, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74, 0x68, 0x52, 0x05,
+	0x50, 0x61, 0x74, 0x68, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0a, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65,
+	0x50, 0x61, 0x74, 0x68, 0x12, 0x22, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
+	0x50, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x4c, 0x69, 0x73, 0x74,
+	0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x24, 0x0a, 0x0d,
+	0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x05, 0x52, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f,
+	0x72, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x28,
+	0x0a, 0x0f, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x65, 0x63,
+	0x6b, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x46,
+	0x72, 0x6f, 0x6d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x22, 0xbf, 0x01, 0x0a, 0x15, 0x55, 0x70, 0x73,
+	0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x53, 0x0a, 0x09, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
 	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x50, 0x61,
-	0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b,
-	0x52, 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43,
-	0x68, 0x65, 0x63, 0x6b, 0x12, 0x5a, 0x0a, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65,
-	0x77, 0x61, 0x79, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x09, 0x4f, 0x76,
+	0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x12, 0x51, 0x0a, 0x08, 0x44, 0x65, 0x66, 0x61, 0x75,
+	0x6c, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x52, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
-	0x12, 0x3e, 0x0a, 0x1a, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75, 0x74, 0x62, 0x6f,
-	0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0a,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75, 0x74,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x50, 0x65, 0x65, 0x72, 0x22, 0x9e, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
-	0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x4d, 0x61, 0x78, 0x43, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52,
-	0x0e, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
-	0x2e, 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12, 0x4d, 0x61, 0x78,
-	0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12,
-	0x34, 0x0a, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15,
-	0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0x9e, 0x02, 0x0a, 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76,
-	0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x35, 0x0a, 0x08,
-	0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72,
-	0x76, 0x61, 0x6c, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72,
-	0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x4d, 0x61, 0x78, 0x46, 0x61, 0x69,
-	0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x17, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69,
-	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e,
-	0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x12,
-	0x2e, 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65,
-	0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x12, 0x4d, 0x61, 0x78,
-	0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12,
-	0x45, 0x0a, 0x10, 0x42, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54,
-	0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x42, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x45, 0x0a, 0x11, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1c, 0x0a, 0x09, 0x41,
-	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09,
-	0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72,
-	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x22, 0xb6, 0x02,
-	0x0a, 0x0a, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x4f, 0x0a, 0x04,
-	0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x4d, 0x65,
-	0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x57, 0x0a,
-	0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65,
-	0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69, 0x73,
-	0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53,
-	0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a,
-	0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65,
-	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x5a, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x12, 0x50, 0x0a, 0x0a, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x6f, 0x6e,
-	0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x22, 0x8b, 0x02, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0x12, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06,
-	0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65,
-	0x61, 0x73, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x54,
-	0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
-	0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f,
-	0x75, 0x72, 0x63, 0x65, 0x12, 0x4a, 0x0a, 0x12, 0x4c, 0x61, 0x73, 0x74, 0x54, 0x72, 0x61, 0x6e,
-	0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x12, 0x4c, 0x61,
-	0x73, 0x74, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65,
-	0x22, 0xb4, 0x03, 0x0a, 0x12, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x48,
-	0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x48,
-	0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x5d, 0x0a, 0x08, 0x50,
-	0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x41, 0x2e,
+	0x79, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x52, 0x08, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x22, 0x8a, 0x05, 0x0a, 0x0e, 0x55,
+	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a,
+	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d,
+	0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d,
+	0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2c, 0x0a, 0x11, 0x45,
+	0x6e, 0x76, 0x6f, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x4c, 0x69, 0x73,
+	0x74, 0x65, 0x6e, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x2a, 0x0a, 0x10, 0x45, 0x6e, 0x76,
+	0x6f, 0x79, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x10, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65,
+	0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
+	0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
+	0x6c, 0x12, 0x2a, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6f, 0x6e,
+	0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x12, 0x4d, 0x0a,
+	0x06, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e,
 	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
 	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
-	0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
-	0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x53, 0x0a, 0x03, 0x54, 0x4c,
-	0x53, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12,
-	0x53, 0x0a, 0x08, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69,
+	0x6d, 0x69, 0x74, 0x73, 0x52, 0x06, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x69, 0x0a, 0x12,
+	0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65,
+	0x63, 0x6b, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0x2e, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68,
+	0x65, 0x63, 0x6b, 0x52, 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c,
+	0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x5a, 0x0a, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47,
+	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65,
+	0x77, 0x61, 0x79, 0x12, 0x3e, 0x0a, 0x1a, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75,
+	0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65,
+	0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x22, 0x9e, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74,
+	0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x4d, 0x61,
+	0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x05, 0x52, 0x0e, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x12, 0x2e, 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12,
+	0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x73, 0x12, 0x34, 0x0a, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72,
+	0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x05, 0x52, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0x9e, 0x02, 0x0a, 0x12, 0x50, 0x61, 0x73,
+	0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12,
+	0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e,
+	0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x46, 0x61, 0x69,
+	0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x4d, 0x61, 0x78,
+	0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x17, 0x45, 0x6e, 0x66, 0x6f,
+	0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65,
+	0x35, 0x78, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x45, 0x6e, 0x66, 0x6f, 0x72,
+	0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35,
+	0x78, 0x78, 0x12, 0x2e, 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x12,
+	0x4d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65,
+	0x6e, 0x74, 0x12, 0x45, 0x0a, 0x10, 0x42, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x42, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x45, 0x0a, 0x11, 0x44, 0x65, 0x73,
+	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1c,
+	0x0a, 0x09, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
+	0x09, 0x52, 0x09, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04,
+	0x50, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74,
+	0x22, 0x72, 0x0a, 0x0a, 0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x64,
+	0x0a, 0x0d, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e,
+	0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x61, 0x74, 0x65, 0x4c,
+	0x69, 0x6d, 0x69, 0x74, 0x73, 0x52, 0x0d, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4c,
+	0x65, 0x76, 0x65, 0x6c, 0x22, 0xd0, 0x01, 0x0a, 0x17, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63,
+	0x65, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73,
+	0x12, 0x2c, 0x0a, 0x11, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x50, 0x65, 0x72, 0x53,
+	0x65, 0x63, 0x6f, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x73, 0x50, 0x65, 0x72, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x12, 0x2a,
+	0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x4d, 0x61, 0x78, 0x42, 0x75, 0x72,
+	0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x73, 0x4d, 0x61, 0x78, 0x42, 0x75, 0x72, 0x73, 0x74, 0x12, 0x5b, 0x0a, 0x06, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
+	0x72, 0x79, 0x2e, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4c, 0x65, 0x76, 0x65, 0x6c,
+	0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x52,
+	0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0xd4, 0x01, 0x0a, 0x1c, 0x49, 0x6e, 0x73, 0x74,
+	0x61, 0x6e, 0x63, 0x65, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x61,
+	0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68,
+	0x45, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x74,
+	0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x61, 0x74, 0x68, 0x50, 0x72,
+	0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x50, 0x61, 0x74, 0x68,
+	0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68, 0x52, 0x65,
+	0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x74, 0x68, 0x52,
+	0x65, 0x67, 0x65, 0x78, 0x12, 0x2c, 0x0a, 0x11, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73,
+	0x50, 0x65, 0x72, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52,
+	0x11, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x50, 0x65, 0x72, 0x53, 0x65, 0x63, 0x6f,
+	0x6e, 0x64, 0x12, 0x2a, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x4d, 0x61,
+	0x78, 0x42, 0x75, 0x72, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x10, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x4d, 0x61, 0x78, 0x42, 0x75, 0x72, 0x73, 0x74, 0x22, 0xb6,
+	0x02, 0x0a, 0x0a, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x4f, 0x0a,
+	0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x4d,
+	0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x57,
+	0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
 	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
 	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74,
-	0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x08, 0x4f, 0x76, 0x65, 0x72,
-	0x72, 0x69, 0x64, 0x65, 0x12, 0x51, 0x0a, 0x07, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18,
-	0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69,
+	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75,
+	0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x37,
+	0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b,
+	0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x5a, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75,
+	0x73, 0x12, 0x50, 0x0a, 0x0a, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
 	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50,
-	0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x07,
-	0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x22, 0xde, 0x01, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47,
-	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5c, 0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66,
-	0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69,
-	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72,
-	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69,
-	0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72,
-	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75,
-	0x69, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, 0x70, 0x68,
-	0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x65, 0x0a, 0x10, 0x41, 0x50, 0x49, 0x47,
-	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x51, 0x0a, 0x03,
-	0x4a, 0x57, 0x54, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54, 0x52,
-	0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x03, 0x4a, 0x57, 0x54, 0x22,
-	0x76, 0x0a, 0x18, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54,
-	0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x5a, 0x0a, 0x09, 0x50,
-	0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x6f,
+	0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x22, 0x8b, 0x02, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x12, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a,
+	0x06, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x52,
+	0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12,
+	0x54, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x08, 0x52, 0x65, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x4a, 0x0a, 0x12, 0x4c, 0x61, 0x73, 0x74, 0x54, 0x72, 0x61,
+	0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x12, 0x4c,
+	0x61, 0x73, 0x74, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d,
+	0x65, 0x22, 0xb4, 0x03, 0x0a, 0x12, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
+	0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08,
+	0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
+	0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x5d, 0x0a, 0x08,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x41,
 	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
 	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
 	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
-	0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x09, 0x50, 0x72,
-	0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x22, 0x96, 0x01, 0x0a, 0x15, 0x41, 0x50, 0x49, 0x47,
-	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
-	0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x69, 0x0a, 0x0c, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43,
-	0x6c, 0x61, 0x69, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57,
-	0x54, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x0c, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73,
-	0x22, 0x4a, 0x0a, 0x1e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57,
-	0x54, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09,
-	0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xb7, 0x01, 0x0a,
-	0x11, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e,
-	0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x53, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0b, 0x53, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e,
-	0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
-	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
-	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfe, 0x01, 0x0a, 0x0f, 0x42, 0x6f, 0x75, 0x6e, 0x64,
-	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x54, 0x0a, 0x04, 0x4d, 0x65,
-	0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
+	0x6c, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x53, 0x0a, 0x03, 0x54,
+	0x4c, 0x53, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
 	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
-	0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61,
-	0x12, 0x5c, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x42, 0x6f, 0x75, 0x6e,
-	0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65,
-	0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x1a, 0x37,
-	0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b,
-	0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a,
-	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdd, 0x01, 0x0a, 0x17, 0x42, 0x6f, 0x75, 0x6e,
-	0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65,
-	0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x5c, 0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69,
-	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e,
+	0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x4c, 0x53,
+	0x12, 0x53, 0x0a, 0x08, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61,
+	0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x08, 0x4f, 0x76, 0x65,
+	0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x51, 0x0a, 0x07, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41,
+	0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52,
+	0x07, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x22, 0xde, 0x01, 0x0a, 0x1a, 0x41, 0x50, 0x49,
+	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5c, 0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e,
 	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
 	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
 	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65,
 	0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x18,
-	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52,
-	0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0xe6, 0x01, 0x0a, 0x11, 0x49, 0x6e, 0x6c, 0x69,
-	0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x56, 0x0a,
-	0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
-	0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x72, 0x69, 0x76, 0x61,
-	0x74, 0x65, 0x4b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x50, 0x72, 0x69,
-	0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45,
-	0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
-	0x22, 0x99, 0x03, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x4e,
-	0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x4d,
-	0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x52,
-	0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
-	0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e,
-	0x74, 0x73, 0x12, 0x4a, 0x0a, 0x05, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f,
-	0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x1c,
-	0x0a, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28,
-	0x09, 0x52, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79,
-	0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b,
-	0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf9, 0x01, 0x0a,
-	0x0d, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x4c,
-	0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c, 0x74,
-	0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4a, 0x0a, 0x07,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52,
-	0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x4e, 0x0a, 0x08, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73,
+	0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4d, 0x61, 0x78, 0x56, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53,
+	0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, 0x70,
+	0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x65, 0x0a, 0x10, 0x41, 0x50, 0x49,
+	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x51, 0x0a,
+	0x03, 0x4a, 0x57, 0x54, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73,
 	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
 	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08,
-	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x22, 0xc4, 0x02, 0x0a, 0x09, 0x48, 0x54, 0x54,
-	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52,
-	0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x4e, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68,
-	0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x48, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48,
-	0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x04, 0x50, 0x61,
-	0x74, 0x68, 0x12, 0x4b, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x18, 0x04, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75,
-	0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x22,
-	0x8d, 0x01, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22,
-	0x75, 0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x12, 0x4e, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32,
-	0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54,
+	0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x03, 0x4a, 0x57, 0x54,
+	0x22, 0x76, 0x0a, 0x18, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57,
+	0x54, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x5a, 0x0a, 0x09,
+	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
 	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x8b, 0x01, 0x0a, 0x0e, 0x48, 0x54, 0x54, 0x50, 0x51,
-	0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x4f, 0x0a, 0x05, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54,
-	0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
-	0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14,
-	0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x22, 0xa9, 0x03, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c,
-	0x74, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18,
-	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77,
+	0x61, 0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x09, 0x50,
+	0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x22, 0x96, 0x01, 0x0a, 0x15, 0x41, 0x50, 0x49,
+	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
+	0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x69, 0x0a, 0x0c, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79,
+	0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a,
+	0x57, 0x54, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x6c, 0x61, 0x69, 0x6d,
+	0x73, 0x22, 0x4a, 0x0a, 0x1e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a,
+	0x57, 0x54, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28,
+	0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xb7, 0x01,
+	0x0a, 0x11, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65,
+	0x6e, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x53,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0b, 0x53, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a,
+	0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
 	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54,
-	0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x07,
-	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65,
-	0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x52, 0x0a,
-	0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x54, 0x0a, 0x0b, 0x52, 0x65,
-	0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c,
-	0x74, 0x65, 0x72, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72,
-	0x12, 0x5a, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65,
-	0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0d, 0x54,
-	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x03,
-	0x4a, 0x57, 0x54, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfe, 0x01, 0x0a, 0x0f, 0x42, 0x6f, 0x75, 0x6e,
+	0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x54, 0x0a, 0x04, 0x4d,
+	0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x03, 0x4a, 0x57, 0x54,
-	0x22, 0x20, 0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x12,
-	0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61,
-	0x74, 0x68, 0x22, 0xad, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74,
-	0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69,
-	0x65, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x18, 0x02, 0x20,
-	0x03, 0x28, 0x09, 0x52, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x2e, 0x0a, 0x12,
-	0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64,
-	0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f,
-	0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x15,
-	0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61,
-	0x69, 0x6c, 0x75, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x52, 0x65, 0x74,
-	0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61, 0x69, 0x6c, 0x75,
-	0x72, 0x65, 0x22, 0x8f, 0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69,
-	0x6c, 0x74, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54,
-	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x3b, 0x0a, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54,
-	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d,
-	0x65, 0x6f, 0x75, 0x74, 0x22, 0x67, 0x0a, 0x09, 0x4a, 0x57, 0x54, 0x46, 0x69, 0x6c, 0x74, 0x65,
-	0x72, 0x12, 0x5a, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49,
-	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
-	0x65, 0x72, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x22, 0xc2, 0x02,
-	0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74,
-	0x65, 0x72, 0x12, 0x52, 0x0a, 0x03, 0x41, 0x64, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65,
-	0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x52,
-	0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69,
-	0x6c, 0x74, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x53,
-	0x65, 0x74, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
-	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
-	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65,
-	0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02,
-	0x38, 0x01, 0x22, 0xe1, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x4c,
-	0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c, 0x74,
-	0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x58, 0x0a, 0x0e,
-	0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x79, 0x2e, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
+	0x79, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74,
+	0x61, 0x12, 0x5c, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
 	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
-	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69,
-	0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfc, 0x02, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, 0x6f,
-	0x75, 0x74, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65,
-	0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f,
-	0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x07, 0x50,
-	0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08, 0x53, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a, 0x09,
-	0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x7a, 0x0a, 0x0a, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72,
-	0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74,
-	0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74,
-	0x61, 0x22, 0xb4, 0x03, 0x0a, 0x0d, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72,
-	0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e, 0x0a, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75,
-	0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46,
-	0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x63, 0x6c, 0x75,
-	0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x49,
-	0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x54, 0x0a, 0x07, 0x4d,
-	0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f,
-	0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x52, 0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72,
-	0x73, 0x12, 0x52, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
-	0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
-	0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
-	0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52,
-	0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x1a,
+	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x42, 0x6f, 0x75,
+	0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74,
+	0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x1a,
 	0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
 	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14,
 	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x47, 0x0a, 0x13, 0x53, 0x61, 0x6d, 0x65,
-	0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x12,
-	0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a,
-	0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65, 0x65,
-	0x72, 0x22, 0xdd, 0x04, 0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
-	0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53,
-	0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x52, 0x0d,
-	0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x16, 0x0a,
-	0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x49,
-	0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63,
-	0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e,
-	0x63, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a,
-	0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x4c, 0x6f, 0x63, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64,
-	0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e,
-	0x67, 0x12, 0x57, 0x0a, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdd, 0x01, 0x0a, 0x17, 0x42, 0x6f, 0x75,
+	0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74,
+	0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x5c, 0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52,
+	0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73,
+	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a,
-	0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x43,
-	0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x50, 0x0a, 0x04, 0x4d, 0x65,
-	0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74,
-	0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2a, 0x0a, 0x10,
-	0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73,
-	0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65,
-	0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52,
+	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
+	0x52, 0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0xe6, 0x01, 0x0a, 0x11, 0x49, 0x6e, 0x6c,
+	0x69, 0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x56,
+	0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x72, 0x69, 0x76,
+	0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x50, 0x72,
+	0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61,
 	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
 	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
 	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
-	0x01, 0x22, 0xa2, 0x01, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79,
-	0x53, 0x65, 0x74, 0x12, 0x46, 0x0a, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x01, 0x22, 0x99, 0x03, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12,
+	0x4e, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x2e,
+	0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12,
+	0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x07, 0x50, 0x61, 0x72, 0x65,
+	0x6e, 0x74, 0x73, 0x12, 0x4a, 0x0a, 0x05, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c,
-	0x4a, 0x57, 0x4b, 0x53, 0x52, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x49, 0x0a, 0x06, 0x52,
-	0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52,
+	0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x12,
+	0x1c, 0x0a, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x45, 0x0a,
+	0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
+	0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf9, 0x01,
+	0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12,
+	0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c,
+	0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4a, 0x0a,
+	0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x52, 0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x4e, 0x0a, 0x08, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
 	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x06,
-	0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x22, 0x3b, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4a,
-	0x57, 0x4b, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
-	0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
-	0x61, 0x6d, 0x65, 0x22, 0xed, 0x02, 0x0a, 0x0a, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57,
-	0x4b, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x03, 0x55, 0x52, 0x49, 0x12, 0x2a, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54,
-	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73,
-	0x12, 0x3f, 0x0a, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x12, 0x30, 0x0a, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68,
-	0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13,
-	0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75,
-	0x73, 0x6c, 0x79, 0x12, 0x58, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52,
+	0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x22, 0xc4, 0x02, 0x0a, 0x09, 0x48, 0x54,
+	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
 	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x54, 0x0a,
-	0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x43,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73,
-	0x74, 0x65, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73,
-	0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79,
-	0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x44, 0x69, 0x73, 0x63,
-	0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x63, 0x0a, 0x0f, 0x54, 0x4c, 0x53,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x52, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x4e, 0x0a, 0x06, 0x4d, 0x65, 0x74,
+	0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f,
+	0x64, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x48, 0x0a, 0x04, 0x50, 0x61, 0x74,
+	0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
+	0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x04, 0x50,
+	0x61, 0x74, 0x68, 0x12, 0x4b, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x18, 0x04, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54,
-	0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x0f, 0x54,
-	0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x41,
-	0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75,
-	0x74, 0x22, 0xfa, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x88, 0x01, 0x0a, 0x1d, 0x43, 0x61, 0x43,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
-	0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x51,
+	0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79,
+	0x22, 0x8d, 0x01, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50,
+	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52,
+	0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x22, 0x75, 0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x12, 0x4e, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e,
+	0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
 	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53,
-	0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74,
-	0x61, 0x6e, 0x63, 0x65, 0x52, 0x1d, 0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61,
-	0x6e, 0x63, 0x65, 0x12, 0x59, 0x0a, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74,
+	0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x8b, 0x01, 0x0a, 0x0e, 0x48, 0x54, 0x54, 0x50,
+	0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x4f, 0x0a, 0x05, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x4e,
+	0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12,
+	0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xa9, 0x03, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69,
+	0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73,
+	0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a,
-	0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65,
-	0x64, 0x43, 0x41, 0x52, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x22, 0x6b,
-	0x0a, 0x1b, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f,
-	0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x22, 0x0a,
-	0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d,
-	0x65, 0x12, 0x28, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xaa, 0x01, 0x0a, 0x14,
-	0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74,
-	0x65, 0x64, 0x43, 0x41, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x30, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56,
-	0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x45,
-	0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62,
-	0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x72, 0x69,
-	0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65,
-	0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65,
-	0x42, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x49, 0x6e, 0x6c,
-	0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x0f, 0x4a, 0x57, 0x4b,
-	0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1e, 0x0a, 0x0a,
-	0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05,
-	0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x69, 0x0a, 0x12,
-	0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f,
-	0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48,
+	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52,
+	0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52,
+	0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x52,
+	0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x54, 0x0a, 0x0b, 0x52,
+	0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69,
+	0x6c, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65,
+	0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74,
+	0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
 	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b,
-	0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22, 0x90, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72,
-	0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x12, 0x3d,
-	0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x3b, 0x0a,
-	0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x4d,
-	0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x22, 0x8f, 0x02, 0x0a, 0x0b, 0x4a,
-	0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x06, 0x48, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73,
+	0x2e, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0d,
+	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x42, 0x0a,
+	0x03, 0x4a, 0x57, 0x54, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73,
 	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
 	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x5c, 0x0a, 0x0a,
-	0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x03, 0x4a, 0x57,
+	0x54, 0x22, 0x20, 0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12,
+	0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50,
+	0x61, 0x74, 0x68, 0x22, 0xad, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c,
+	0x74, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65,
+	0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72,
+	0x69, 0x65, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x18, 0x02,
+	0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x2e, 0x0a,
+	0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f,
+	0x64, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79,
+	0x4f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x34, 0x0a,
+	0x15, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46,
+	0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x52, 0x65,
+	0x74, 0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61, 0x69, 0x6c,
+	0x75, 0x72, 0x65, 0x22, 0x8f, 0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46,
+	0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x3b, 0x0a, 0x0b, 0x49, 0x64, 0x6c, 0x65,
+	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54, 0x69,
+	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x67, 0x0a, 0x09, 0x4a, 0x57, 0x54, 0x46, 0x69, 0x6c, 0x74,
+	0x65, 0x72, 0x12, 0x5a, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50,
+	0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69,
+	0x64, 0x65, 0x72, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x22, 0xc2,
+	0x02, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c,
+	0x74, 0x65, 0x72, 0x12, 0x52, 0x0a, 0x03, 0x41, 0x64, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
 	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x52, 0x0a,
-	0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x50, 0x0a, 0x06, 0x43, 0x6f,
-	0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74,
+	0x72, 0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76,
+	0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12,
+	0x52, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46,
+	0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03,
+	0x53, 0x65, 0x74, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
+	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
+	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a, 0x08, 0x53,
+	0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
+	0x02, 0x38, 0x01, 0x22, 0xe1, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68,
+	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12,
+	0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c,
+	0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x58, 0x0a,
+	0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfc, 0x02, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52,
+	0x6f, 0x75, 0x74, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d,
+	0x65, 0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x07,
+	0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08, 0x53, 0x65,
+	0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a,
+	0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65,
+	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x7a, 0x0a, 0x0a, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65,
+	0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
+	0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
+	0x74, 0x61, 0x22, 0xb4, 0x03, 0x0a, 0x0d, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47,
+	0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e, 0x0a, 0x12, 0x44, 0x65, 0x66, 0x61,
+	0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72,
+	0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x63, 0x6c,
+	0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c,
+	0x49, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x54, 0x0a, 0x07,
+	0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72,
+	0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x52, 0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65,
+	0x72, 0x73, 0x12, 0x52, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73,
+	0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70,
+	0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61,
+	0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61,
+	0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a,
+	0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12,
+	0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x47, 0x0a, 0x13, 0x53, 0x61, 0x6d,
+	0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72,
+	0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12,
+	0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65,
+	0x65, 0x72, 0x22, 0xdd, 0x04, 0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
+	0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79,
+	0x53, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x52,
+	0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x16,
+	0x0a, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
+	0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e,
+	0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x41, 0x75, 0x64, 0x69, 0x65,
+	0x6e, 0x63, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
+	0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x4c, 0x6f, 0x63,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72,
+	0x64, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73,
 	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
 	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
-	0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22, 0x63, 0x0a, 0x11,
-	0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x50, 0x72,
-	0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x56, 0x61, 0x6c, 0x75,
-	0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61,
-	0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72,
-	0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
-	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x27,
-	0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6f,
-	0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x6f, 0x0a, 0x13, 0x4a, 0x57, 0x54, 0x46, 0x6f,
-	0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1e,
-	0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x38,
-	0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61, 0x79, 0x6c,
-	0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61, 0x79, 0x6c, 0x6f,
-	0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0e, 0x4a, 0x57, 0x54, 0x43,
-	0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x69,
-	0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x53, 0x69, 0x7a, 0x65, 0x2a, 0xa9,
-	0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69, 0x6e, 0x64, 0x55,
-	0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64,
-	0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13,
-	0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c,
-	0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x67,
-	0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x03, 0x12, 0x19, 0x0a,
-	0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65,
-	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64,
-	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x10,
-	0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x10, 0x06, 0x12, 0x12, 0x0a, 0x0e,
-	0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x07,
-	0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49,
-	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d, 0x4b, 0x69, 0x6e,
-	0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x09, 0x12, 0x10, 0x0a, 0x0c,
-	0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x0a, 0x12, 0x15,
-	0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72,
-	0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x69, 0x6e, 0x64, 0x4a, 0x57, 0x54,
-	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x10, 0x0c, 0x2a, 0x26, 0x0a, 0x0f, 0x49, 0x6e,
-	0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a,
-	0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x6c, 0x6c, 0x6f, 0x77,
-	0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x53,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
-	0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44,
-	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x50, 0x72, 0x6f, 0x78,
-	0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
-	0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44,
-	0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5f, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61,
-	0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x75, 0x74, 0x75,
-	0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
-	0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d,
-	0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x4d,
-	0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x50, 0x65, 0x72, 0x6d,
-	0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02, 0x2a, 0x7b, 0x0a, 0x0f, 0x4d, 0x65, 0x73, 0x68,
-	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x4d,
-	0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65,
-	0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x65, 0x73, 0x68, 0x47,
-	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4e, 0x6f, 0x6e, 0x65, 0x10, 0x01,
-	0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d,
-	0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x65,
-	0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x6d,
-	0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65,
-	0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
-	0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50,
-	0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x17, 0x0a,
-	0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
-	0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92, 0x02, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54,
-	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x41, 0x6c, 0x6c,
-	0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d,
-	0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10, 0x01, 0x12, 0x19,
-	0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f,
-	0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54,
-	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x47, 0x65, 0x74, 0x10,
-	0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64, 0x10, 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54,
-	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x61, 0x74, 0x63, 0x68, 0x10, 0x06,
-	0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74,
-	0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10, 0x07, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54,
-	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x75, 0x74, 0x10,
-	0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63, 0x65, 0x10, 0x09, 0x2a, 0xa7, 0x01, 0x0a, 0x13,
-	0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54,
-	0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x19, 0x0a,
-	0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50,
-	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65,
-	0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78,
-	0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54,
-	0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x53, 0x75, 0x66,
-	0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a, 0x11, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74,
-	0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54,
-	0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74,
-	0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x48,
-	0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75,
-	0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x2a,
-	0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65,
-	0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x19,
-	0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x48, 0x54, 0x54,
-	0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c,
-	0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x42, 0xae,
-	0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x10, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01,
-	0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x62, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x43,
-	0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
-	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x62,
-	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69,
+	0x6e, 0x67, 0x12, 0x57, 0x0a, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
+	0x4a, 0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b,
+	0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x50, 0x0a, 0x04, 0x4d,
+	0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e, 0x4d, 0x65,
+	0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2a, 0x0a,
+	0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64,
+	0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b,
+	0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74,
+	0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02,
+	0x38, 0x01, 0x22, 0xa2, 0x01, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65,
+	0x79, 0x53, 0x65, 0x74, 0x12, 0x46, 0x0a, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61,
+	0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x49, 0x0a, 0x06,
+	0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57, 0x4b, 0x53, 0x52,
+	0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x22, 0x3b, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x6c,
+	0x4a, 0x57, 0x4b, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65,
+	0x6e, 0x61, 0x6d, 0x65, 0x22, 0xed, 0x02, 0x0a, 0x0a, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a,
+	0x57, 0x4b, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x2a, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d,
+	0x73, 0x12, 0x3f, 0x0a, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63,
+	0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f,
+	0x75, 0x73, 0x6c, 0x79, 0x12, 0x58, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x54,
+	0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53,
+	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75,
+	0x73, 0x74, 0x65, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75,
+	0x73, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72,
+	0x79, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x44, 0x69, 0x73,
+	0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x63, 0x0a, 0x0f, 0x54, 0x4c,
+	0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53,
+	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x0f,
+	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12,
+	0x41, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75,
+	0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x22, 0xfa, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65,
+	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x88, 0x01, 0x0a, 0x1d, 0x43, 0x61,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69,
+	0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c,
+	0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73,
+	0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x1d, 0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74,
+	0x61, 0x6e, 0x63, 0x65, 0x12, 0x59, 0x0a, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43,
+	0x41, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
+	0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74,
+	0x65, 0x64, 0x43, 0x41, 0x52, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x22,
+	0x6b, 0x0a, 0x1b, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72,
+	0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x22,
+	0x0a, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61,
+	0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x43, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xaa, 0x01, 0x0a,
+	0x14, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75, 0x73,
+	0x74, 0x65, 0x64, 0x43, 0x41, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74,
+	0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13,
+	0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61,
+	0x62, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x72,
+	0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e,
+	0x65, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x49, 0x6e, 0x6c, 0x69, 0x6e,
+	0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x49, 0x6e,
+	0x6c, 0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x0f, 0x4a, 0x57,
+	0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1e, 0x0a,
+	0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x05, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x69, 0x0a,
+	0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b,
+	0x4f, 0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63,
+	0x6b, 0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22, 0x90, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x74,
+	0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x12,
+	0x3d, 0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x3b,
+	0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b,
+	0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x22, 0x8f, 0x02, 0x0a, 0x0b,
+	0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x06, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x5c, 0x0a,
+	0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x52,
+	0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x50, 0x0a, 0x06, 0x43,
+	0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43,
+	0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22, 0x63, 0x0a,
+	0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x50,
+	0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x46, 0x6f, 0x72, 0x77,
+	0x61, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61,
+	0x72, 0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x4e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22,
+	0x27, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
+	0x6f, 0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x6f, 0x0a, 0x13, 0x4a, 0x57, 0x54, 0x46,
+	0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
+	0x1e, 0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12,
+	0x38, 0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61, 0x79,
+	0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61, 0x79, 0x6c,
+	0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0e, 0x4a, 0x57, 0x54,
+	0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x53,
+	0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x53, 0x69, 0x7a, 0x65, 0x2a,
+	0xa9, 0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69, 0x6e, 0x64,
+	0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e,
+	0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x01, 0x12, 0x17, 0x0a,
+	0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f,
+	0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e,
+	0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x03, 0x12, 0x19,
+	0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e,
+	0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73,
+	0x10, 0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x10, 0x06, 0x12, 0x12, 0x0a,
+	0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10,
+	0x07, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50,
+	0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d, 0x4b, 0x69,
+	0x6e, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x09, 0x12, 0x10, 0x0a,
+	0x0c, 0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x0a, 0x12,
+	0x15, 0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47,
+	0x72, 0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x69, 0x6e, 0x64, 0x4a, 0x57,
+	0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x10, 0x0c, 0x2a, 0x26, 0x0a, 0x0f, 0x49,
+	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08,
+	0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x6c, 0x6c, 0x6f,
+	0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e,
+	0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d,
+	0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65,
+	0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x50, 0x72, 0x6f,
+	0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e,
+	0x74, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65,
+	0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5f, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75,
+	0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x75, 0x74,
+	0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c,
+	0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53,
+	0x4d, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17,
+	0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x50, 0x65, 0x72,
+	0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02, 0x2a, 0x7b, 0x0a, 0x0f, 0x4d, 0x65, 0x73,
+	0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a, 0x16,
+	0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44,
+	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x65, 0x73, 0x68,
+	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4e, 0x6f, 0x6e, 0x65, 0x10,
+	0x01, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
+	0x4d, 0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4d,
+	0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x65,
+	0x6d, 0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74,
+	0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x17,
+	0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
+	0x6f, 0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92, 0x02, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x16, 0x0a, 0x12, 0x48,
+	0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x41, 0x6c,
+	0x6c, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10, 0x01, 0x12,
+	0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68,
+	0x6f, 0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54,
+	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x47, 0x65, 0x74,
+	0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d,
+	0x65, 0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64, 0x10, 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x48,
+	0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x61, 0x74, 0x63, 0x68, 0x10,
+	0x06, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10, 0x07, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54,
+	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x75, 0x74,
+	0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d,
+	0x65, 0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63, 0x65, 0x10, 0x09, 0x2a, 0xa7, 0x01, 0x0a,
+	0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x19,
+	0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54,
+	0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73,
+	0x65, 0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45,
+	0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x48,
+	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x53, 0x75,
+	0x66, 0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a, 0x11, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61,
+	0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x48,
+	0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63,
+	0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e,
+	0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67,
+	0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03,
+	0x2a, 0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75,
+	0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12,
+	0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x48, 0x54,
+	0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75,
+	0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x42,
+	0xae, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x10, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+	0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x62, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49,
+	0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
+	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -8985,7 +9240,7 @@ func file_private_pbconfigentry_config_entry_proto_rawDescGZIP() []byte {
 }
 
 var file_private_pbconfigentry_config_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 11)
-var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 111)
+var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 114)
 var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(Kind)(0),                                   // 0: hashicorp.consul.internal.configentry.Kind
 	(IntentionAction)(0),                        // 1: hashicorp.consul.internal.configentry.IntentionAction
@@ -9043,108 +9298,111 @@ var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(*UpstreamLimits)(nil),                      // 53: hashicorp.consul.internal.configentry.UpstreamLimits
 	(*PassiveHealthCheck)(nil),                  // 54: hashicorp.consul.internal.configentry.PassiveHealthCheck
 	(*DestinationConfig)(nil),                   // 55: hashicorp.consul.internal.configentry.DestinationConfig
-	(*APIGateway)(nil),                          // 56: hashicorp.consul.internal.configentry.APIGateway
-	(*Status)(nil),                              // 57: hashicorp.consul.internal.configentry.Status
-	(*Condition)(nil),                           // 58: hashicorp.consul.internal.configentry.Condition
-	(*APIGatewayListener)(nil),                  // 59: hashicorp.consul.internal.configentry.APIGatewayListener
-	(*APIGatewayTLSConfiguration)(nil),          // 60: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
-	(*APIGatewayPolicy)(nil),                    // 61: hashicorp.consul.internal.configentry.APIGatewayPolicy
-	(*APIGatewayJWTRequirement)(nil),            // 62: hashicorp.consul.internal.configentry.APIGatewayJWTRequirement
-	(*APIGatewayJWTProvider)(nil),               // 63: hashicorp.consul.internal.configentry.APIGatewayJWTProvider
-	(*APIGatewayJWTClaimVerification)(nil),      // 64: hashicorp.consul.internal.configentry.APIGatewayJWTClaimVerification
-	(*ResourceReference)(nil),                   // 65: hashicorp.consul.internal.configentry.ResourceReference
-	(*BoundAPIGateway)(nil),                     // 66: hashicorp.consul.internal.configentry.BoundAPIGateway
-	(*BoundAPIGatewayListener)(nil),             // 67: hashicorp.consul.internal.configentry.BoundAPIGatewayListener
-	(*InlineCertificate)(nil),                   // 68: hashicorp.consul.internal.configentry.InlineCertificate
-	(*HTTPRoute)(nil),                           // 69: hashicorp.consul.internal.configentry.HTTPRoute
-	(*HTTPRouteRule)(nil),                       // 70: hashicorp.consul.internal.configentry.HTTPRouteRule
-	(*HTTPMatch)(nil),                           // 71: hashicorp.consul.internal.configentry.HTTPMatch
-	(*HTTPHeaderMatch)(nil),                     // 72: hashicorp.consul.internal.configentry.HTTPHeaderMatch
-	(*HTTPPathMatch)(nil),                       // 73: hashicorp.consul.internal.configentry.HTTPPathMatch
-	(*HTTPQueryMatch)(nil),                      // 74: hashicorp.consul.internal.configentry.HTTPQueryMatch
-	(*HTTPFilters)(nil),                         // 75: hashicorp.consul.internal.configentry.HTTPFilters
-	(*URLRewrite)(nil),                          // 76: hashicorp.consul.internal.configentry.URLRewrite
-	(*RetryFilter)(nil),                         // 77: hashicorp.consul.internal.configentry.RetryFilter
-	(*TimeoutFilter)(nil),                       // 78: hashicorp.consul.internal.configentry.TimeoutFilter
-	(*JWTFilter)(nil),                           // 79: hashicorp.consul.internal.configentry.JWTFilter
-	(*HTTPHeaderFilter)(nil),                    // 80: hashicorp.consul.internal.configentry.HTTPHeaderFilter
-	(*HTTPService)(nil),                         // 81: hashicorp.consul.internal.configentry.HTTPService
-	(*TCPRoute)(nil),                            // 82: hashicorp.consul.internal.configentry.TCPRoute
-	(*TCPService)(nil),                          // 83: hashicorp.consul.internal.configentry.TCPService
-	(*SamenessGroup)(nil),                       // 84: hashicorp.consul.internal.configentry.SamenessGroup
-	(*SamenessGroupMember)(nil),                 // 85: hashicorp.consul.internal.configentry.SamenessGroupMember
-	(*JWTProvider)(nil),                         // 86: hashicorp.consul.internal.configentry.JWTProvider
-	(*JSONWebKeySet)(nil),                       // 87: hashicorp.consul.internal.configentry.JSONWebKeySet
-	(*LocalJWKS)(nil),                           // 88: hashicorp.consul.internal.configentry.LocalJWKS
-	(*RemoteJWKS)(nil),                          // 89: hashicorp.consul.internal.configentry.RemoteJWKS
-	(*JWKSCluster)(nil),                         // 90: hashicorp.consul.internal.configentry.JWKSCluster
-	(*JWKSTLSCertificate)(nil),                  // 91: hashicorp.consul.internal.configentry.JWKSTLSCertificate
-	(*JWKSTLSCertProviderInstance)(nil),         // 92: hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
-	(*JWKSTLSCertTrustedCA)(nil),                // 93: hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
-	(*JWKSRetryPolicy)(nil),                     // 94: hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	(*RetryPolicyBackOff)(nil),                  // 95: hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	(*JWTLocation)(nil),                         // 96: hashicorp.consul.internal.configentry.JWTLocation
-	(*JWTLocationHeader)(nil),                   // 97: hashicorp.consul.internal.configentry.JWTLocationHeader
-	(*JWTLocationQueryParam)(nil),               // 98: hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	(*JWTLocationCookie)(nil),                   // 99: hashicorp.consul.internal.configentry.JWTLocationCookie
-	(*JWTForwardingConfig)(nil),                 // 100: hashicorp.consul.internal.configentry.JWTForwardingConfig
-	(*JWTCacheConfig)(nil),                      // 101: hashicorp.consul.internal.configentry.JWTCacheConfig
-	nil,                                         // 102: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
-	nil,                                         // 103: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
-	nil,                                         // 104: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	nil,                                         // 105: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	nil,                                         // 106: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
-	nil,                                         // 107: hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	nil,                                         // 108: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	nil,                                         // 109: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
-	nil,                                         // 110: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
-	nil,                                         // 111: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	nil,                                         // 112: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	nil,                                         // 113: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
-	nil,                                         // 114: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
-	nil,                                         // 115: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	nil,                                         // 116: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
-	nil,                                         // 117: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	nil,                                         // 118: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
-	nil,                                         // 119: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
-	nil,                                         // 120: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	nil,                                         // 121: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
-	(*pbcommon.EnterpriseMeta)(nil),             // 122: hashicorp.consul.internal.common.EnterpriseMeta
-	(*pbcommon.RaftIndex)(nil),                  // 123: hashicorp.consul.internal.common.RaftIndex
-	(*durationpb.Duration)(nil),                 // 124: google.protobuf.Duration
-	(*timestamppb.Timestamp)(nil),               // 125: google.protobuf.Timestamp
-	(*pbcommon.EnvoyExtension)(nil),             // 126: hashicorp.consul.internal.common.EnvoyExtension
+	(*RateLimits)(nil),                          // 56: hashicorp.consul.internal.configentry.RateLimits
+	(*InstanceLevelRateLimits)(nil),             // 57: hashicorp.consul.internal.configentry.InstanceLevelRateLimits
+	(*InstanceLevelRouteRateLimits)(nil),        // 58: hashicorp.consul.internal.configentry.InstanceLevelRouteRateLimits
+	(*APIGateway)(nil),                          // 59: hashicorp.consul.internal.configentry.APIGateway
+	(*Status)(nil),                              // 60: hashicorp.consul.internal.configentry.Status
+	(*Condition)(nil),                           // 61: hashicorp.consul.internal.configentry.Condition
+	(*APIGatewayListener)(nil),                  // 62: hashicorp.consul.internal.configentry.APIGatewayListener
+	(*APIGatewayTLSConfiguration)(nil),          // 63: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
+	(*APIGatewayPolicy)(nil),                    // 64: hashicorp.consul.internal.configentry.APIGatewayPolicy
+	(*APIGatewayJWTRequirement)(nil),            // 65: hashicorp.consul.internal.configentry.APIGatewayJWTRequirement
+	(*APIGatewayJWTProvider)(nil),               // 66: hashicorp.consul.internal.configentry.APIGatewayJWTProvider
+	(*APIGatewayJWTClaimVerification)(nil),      // 67: hashicorp.consul.internal.configentry.APIGatewayJWTClaimVerification
+	(*ResourceReference)(nil),                   // 68: hashicorp.consul.internal.configentry.ResourceReference
+	(*BoundAPIGateway)(nil),                     // 69: hashicorp.consul.internal.configentry.BoundAPIGateway
+	(*BoundAPIGatewayListener)(nil),             // 70: hashicorp.consul.internal.configentry.BoundAPIGatewayListener
+	(*InlineCertificate)(nil),                   // 71: hashicorp.consul.internal.configentry.InlineCertificate
+	(*HTTPRoute)(nil),                           // 72: hashicorp.consul.internal.configentry.HTTPRoute
+	(*HTTPRouteRule)(nil),                       // 73: hashicorp.consul.internal.configentry.HTTPRouteRule
+	(*HTTPMatch)(nil),                           // 74: hashicorp.consul.internal.configentry.HTTPMatch
+	(*HTTPHeaderMatch)(nil),                     // 75: hashicorp.consul.internal.configentry.HTTPHeaderMatch
+	(*HTTPPathMatch)(nil),                       // 76: hashicorp.consul.internal.configentry.HTTPPathMatch
+	(*HTTPQueryMatch)(nil),                      // 77: hashicorp.consul.internal.configentry.HTTPQueryMatch
+	(*HTTPFilters)(nil),                         // 78: hashicorp.consul.internal.configentry.HTTPFilters
+	(*URLRewrite)(nil),                          // 79: hashicorp.consul.internal.configentry.URLRewrite
+	(*RetryFilter)(nil),                         // 80: hashicorp.consul.internal.configentry.RetryFilter
+	(*TimeoutFilter)(nil),                       // 81: hashicorp.consul.internal.configentry.TimeoutFilter
+	(*JWTFilter)(nil),                           // 82: hashicorp.consul.internal.configentry.JWTFilter
+	(*HTTPHeaderFilter)(nil),                    // 83: hashicorp.consul.internal.configentry.HTTPHeaderFilter
+	(*HTTPService)(nil),                         // 84: hashicorp.consul.internal.configentry.HTTPService
+	(*TCPRoute)(nil),                            // 85: hashicorp.consul.internal.configentry.TCPRoute
+	(*TCPService)(nil),                          // 86: hashicorp.consul.internal.configentry.TCPService
+	(*SamenessGroup)(nil),                       // 87: hashicorp.consul.internal.configentry.SamenessGroup
+	(*SamenessGroupMember)(nil),                 // 88: hashicorp.consul.internal.configentry.SamenessGroupMember
+	(*JWTProvider)(nil),                         // 89: hashicorp.consul.internal.configentry.JWTProvider
+	(*JSONWebKeySet)(nil),                       // 90: hashicorp.consul.internal.configentry.JSONWebKeySet
+	(*LocalJWKS)(nil),                           // 91: hashicorp.consul.internal.configentry.LocalJWKS
+	(*RemoteJWKS)(nil),                          // 92: hashicorp.consul.internal.configentry.RemoteJWKS
+	(*JWKSCluster)(nil),                         // 93: hashicorp.consul.internal.configentry.JWKSCluster
+	(*JWKSTLSCertificate)(nil),                  // 94: hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	(*JWKSTLSCertProviderInstance)(nil),         // 95: hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	(*JWKSTLSCertTrustedCA)(nil),                // 96: hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	(*JWKSRetryPolicy)(nil),                     // 97: hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	(*RetryPolicyBackOff)(nil),                  // 98: hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	(*JWTLocation)(nil),                         // 99: hashicorp.consul.internal.configentry.JWTLocation
+	(*JWTLocationHeader)(nil),                   // 100: hashicorp.consul.internal.configentry.JWTLocationHeader
+	(*JWTLocationQueryParam)(nil),               // 101: hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	(*JWTLocationCookie)(nil),                   // 102: hashicorp.consul.internal.configentry.JWTLocationCookie
+	(*JWTForwardingConfig)(nil),                 // 103: hashicorp.consul.internal.configentry.JWTForwardingConfig
+	(*JWTCacheConfig)(nil),                      // 104: hashicorp.consul.internal.configentry.JWTCacheConfig
+	nil,                                         // 105: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	nil,                                         // 106: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	nil,                                         // 107: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	nil,                                         // 108: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	nil,                                         // 109: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	nil,                                         // 110: hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	nil,                                         // 111: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	nil,                                         // 112: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	nil,                                         // 113: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	nil,                                         // 114: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	nil,                                         // 115: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	nil,                                         // 116: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	nil,                                         // 117: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	nil,                                         // 118: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	nil,                                         // 119: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	nil,                                         // 120: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	nil,                                         // 121: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	nil,                                         // 122: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	nil,                                         // 123: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	nil,                                         // 124: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	(*pbcommon.EnterpriseMeta)(nil),             // 125: hashicorp.consul.internal.common.EnterpriseMeta
+	(*pbcommon.RaftIndex)(nil),                  // 126: hashicorp.consul.internal.common.RaftIndex
+	(*durationpb.Duration)(nil),                 // 127: google.protobuf.Duration
+	(*timestamppb.Timestamp)(nil),               // 128: google.protobuf.Timestamp
+	(*pbcommon.EnvoyExtension)(nil),             // 129: hashicorp.consul.internal.common.EnvoyExtension
 }
 var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	0,   // 0: hashicorp.consul.internal.configentry.ConfigEntry.Kind:type_name -> hashicorp.consul.internal.configentry.Kind
-	122, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	123, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
+	125, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	126, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
 	12,  // 3: hashicorp.consul.internal.configentry.ConfigEntry.MeshConfig:type_name -> hashicorp.consul.internal.configentry.MeshConfig
 	18,  // 4: hashicorp.consul.internal.configentry.ConfigEntry.ServiceResolver:type_name -> hashicorp.consul.internal.configentry.ServiceResolver
 	30,  // 5: hashicorp.consul.internal.configentry.ConfigEntry.IngressGateway:type_name -> hashicorp.consul.internal.configentry.IngressGateway
 	38,  // 6: hashicorp.consul.internal.configentry.ConfigEntry.ServiceIntentions:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions
 	46,  // 7: hashicorp.consul.internal.configentry.ConfigEntry.ServiceDefaults:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults
-	56,  // 8: hashicorp.consul.internal.configentry.ConfigEntry.APIGateway:type_name -> hashicorp.consul.internal.configentry.APIGateway
-	66,  // 9: hashicorp.consul.internal.configentry.ConfigEntry.BoundAPIGateway:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway
-	82,  // 10: hashicorp.consul.internal.configentry.ConfigEntry.TCPRoute:type_name -> hashicorp.consul.internal.configentry.TCPRoute
-	69,  // 11: hashicorp.consul.internal.configentry.ConfigEntry.HTTPRoute:type_name -> hashicorp.consul.internal.configentry.HTTPRoute
-	68,  // 12: hashicorp.consul.internal.configentry.ConfigEntry.InlineCertificate:type_name -> hashicorp.consul.internal.configentry.InlineCertificate
-	84,  // 13: hashicorp.consul.internal.configentry.ConfigEntry.SamenessGroup:type_name -> hashicorp.consul.internal.configentry.SamenessGroup
-	86,  // 14: hashicorp.consul.internal.configentry.ConfigEntry.JWTProvider:type_name -> hashicorp.consul.internal.configentry.JWTProvider
+	59,  // 8: hashicorp.consul.internal.configentry.ConfigEntry.APIGateway:type_name -> hashicorp.consul.internal.configentry.APIGateway
+	69,  // 9: hashicorp.consul.internal.configentry.ConfigEntry.BoundAPIGateway:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway
+	85,  // 10: hashicorp.consul.internal.configentry.ConfigEntry.TCPRoute:type_name -> hashicorp.consul.internal.configentry.TCPRoute
+	72,  // 11: hashicorp.consul.internal.configentry.ConfigEntry.HTTPRoute:type_name -> hashicorp.consul.internal.configentry.HTTPRoute
+	71,  // 12: hashicorp.consul.internal.configentry.ConfigEntry.InlineCertificate:type_name -> hashicorp.consul.internal.configentry.InlineCertificate
+	87,  // 13: hashicorp.consul.internal.configentry.ConfigEntry.SamenessGroup:type_name -> hashicorp.consul.internal.configentry.SamenessGroup
+	89,  // 14: hashicorp.consul.internal.configentry.ConfigEntry.JWTProvider:type_name -> hashicorp.consul.internal.configentry.JWTProvider
 	13,  // 15: hashicorp.consul.internal.configentry.MeshConfig.TransparentProxy:type_name -> hashicorp.consul.internal.configentry.TransparentProxyMeshConfig
 	14,  // 16: hashicorp.consul.internal.configentry.MeshConfig.TLS:type_name -> hashicorp.consul.internal.configentry.MeshTLSConfig
 	16,  // 17: hashicorp.consul.internal.configentry.MeshConfig.HTTP:type_name -> hashicorp.consul.internal.configentry.MeshHTTPConfig
-	102, // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	105, // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
 	17,  // 19: hashicorp.consul.internal.configentry.MeshConfig.Peering:type_name -> hashicorp.consul.internal.configentry.PeeringMeshConfig
 	15,  // 20: hashicorp.consul.internal.configentry.MeshTLSConfig.Incoming:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
 	15,  // 21: hashicorp.consul.internal.configentry.MeshTLSConfig.Outgoing:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
-	103, // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	106, // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
 	20,  // 23: hashicorp.consul.internal.configentry.ServiceResolver.Redirect:type_name -> hashicorp.consul.internal.configentry.ServiceResolverRedirect
-	104, // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	124, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
+	107, // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	127, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
 	25,  // 26: hashicorp.consul.internal.configentry.ServiceResolver.LoadBalancer:type_name -> hashicorp.consul.internal.configentry.LoadBalancer
-	105, // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	124, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
+	108, // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	127, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
 	23,  // 29: hashicorp.consul.internal.configentry.ServiceResolver.PrioritizeByLocality:type_name -> hashicorp.consul.internal.configentry.ServiceResolverPrioritizeByLocality
 	24,  // 30: hashicorp.consul.internal.configentry.ServiceResolverFailover.Targets:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverTarget
 	22,  // 31: hashicorp.consul.internal.configentry.ServiceResolverFailover.Policy:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverPolicy
@@ -9152,10 +9410,10 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	27,  // 33: hashicorp.consul.internal.configentry.LoadBalancer.LeastRequestConfig:type_name -> hashicorp.consul.internal.configentry.LeastRequestConfig
 	28,  // 34: hashicorp.consul.internal.configentry.LoadBalancer.HashPolicies:type_name -> hashicorp.consul.internal.configentry.HashPolicy
 	29,  // 35: hashicorp.consul.internal.configentry.HashPolicy.CookieConfig:type_name -> hashicorp.consul.internal.configentry.CookieConfig
-	124, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
+	127, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
 	32,  // 37: hashicorp.consul.internal.configentry.IngressGateway.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig
 	34,  // 38: hashicorp.consul.internal.configentry.IngressGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.IngressListener
-	106, // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	109, // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
 	31,  // 40: hashicorp.consul.internal.configentry.IngressGateway.Defaults:type_name -> hashicorp.consul.internal.configentry.IngressServiceConfig
 	54,  // 41: hashicorp.consul.internal.configentry.IngressServiceConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 42: hashicorp.consul.internal.configentry.GatewayTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
@@ -9164,24 +9422,24 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	36,  // 45: hashicorp.consul.internal.configentry.IngressService.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayServiceTLSConfig
 	37,  // 46: hashicorp.consul.internal.configentry.IngressService.RequestHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
 	37,  // 47: hashicorp.consul.internal.configentry.IngressService.ResponseHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
-	107, // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	122, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	110, // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	125, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	54,  // 50: hashicorp.consul.internal.configentry.IngressService.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 51: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
-	108, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	109, // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	111, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	112, // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
 	42,  // 54: hashicorp.consul.internal.configentry.ServiceIntentions.Sources:type_name -> hashicorp.consul.internal.configentry.SourceIntention
-	110, // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	113, // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
 	39,  // 56: hashicorp.consul.internal.configentry.ServiceIntentions.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
 	40,  // 57: hashicorp.consul.internal.configentry.IntentionJWTRequirement.Providers:type_name -> hashicorp.consul.internal.configentry.IntentionJWTProvider
 	41,  // 58: hashicorp.consul.internal.configentry.IntentionJWTProvider.VerifyClaims:type_name -> hashicorp.consul.internal.configentry.IntentionJWTClaimVerification
 	1,   // 59: hashicorp.consul.internal.configentry.SourceIntention.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	43,  // 60: hashicorp.consul.internal.configentry.SourceIntention.Permissions:type_name -> hashicorp.consul.internal.configentry.IntentionPermission
 	2,   // 61: hashicorp.consul.internal.configentry.SourceIntention.Type:type_name -> hashicorp.consul.internal.configentry.IntentionSourceType
-	111, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	125, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
-	125, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
-	122, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	114, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	128, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
+	128, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
+	125, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	1,   // 66: hashicorp.consul.internal.configentry.IntentionPermission.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	44,  // 67: hashicorp.consul.internal.configentry.IntentionPermission.HTTP:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPPermission
 	39,  // 68: hashicorp.consul.internal.configentry.IntentionPermission.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
@@ -9192,100 +9450,103 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	49,  // 73: hashicorp.consul.internal.configentry.ServiceDefaults.Expose:type_name -> hashicorp.consul.internal.configentry.ExposeConfig
 	51,  // 74: hashicorp.consul.internal.configentry.ServiceDefaults.UpstreamConfig:type_name -> hashicorp.consul.internal.configentry.UpstreamConfiguration
 	55,  // 75: hashicorp.consul.internal.configentry.ServiceDefaults.Destination:type_name -> hashicorp.consul.internal.configentry.DestinationConfig
-	112, // 76: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	126, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
-	4,   // 78: hashicorp.consul.internal.configentry.ServiceDefaults.MutualTLSMode:type_name -> hashicorp.consul.internal.configentry.MutualTLSMode
-	5,   // 79: hashicorp.consul.internal.configentry.MeshGatewayConfig.Mode:type_name -> hashicorp.consul.internal.configentry.MeshGatewayMode
-	50,  // 80: hashicorp.consul.internal.configentry.ExposeConfig.Paths:type_name -> hashicorp.consul.internal.configentry.ExposePath
-	52,  // 81: hashicorp.consul.internal.configentry.UpstreamConfiguration.Overrides:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
-	52,  // 82: hashicorp.consul.internal.configentry.UpstreamConfiguration.Defaults:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
-	122, // 83: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	53,  // 84: hashicorp.consul.internal.configentry.UpstreamConfig.Limits:type_name -> hashicorp.consul.internal.configentry.UpstreamLimits
-	54,  // 85: hashicorp.consul.internal.configentry.UpstreamConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
-	48,  // 86: hashicorp.consul.internal.configentry.UpstreamConfig.MeshGateway:type_name -> hashicorp.consul.internal.configentry.MeshGatewayConfig
-	124, // 87: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
-	124, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
-	113, // 89: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
-	59,  // 90: hashicorp.consul.internal.configentry.APIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.APIGatewayListener
-	57,  // 91: hashicorp.consul.internal.configentry.APIGateway.Status:type_name -> hashicorp.consul.internal.configentry.Status
-	58,  // 92: hashicorp.consul.internal.configentry.Status.Conditions:type_name -> hashicorp.consul.internal.configentry.Condition
-	65,  // 93: hashicorp.consul.internal.configentry.Condition.Resource:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	125, // 94: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
-	6,   // 95: hashicorp.consul.internal.configentry.APIGatewayListener.Protocol:type_name -> hashicorp.consul.internal.configentry.APIGatewayListenerProtocol
-	60,  // 96: hashicorp.consul.internal.configentry.APIGatewayListener.TLS:type_name -> hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
-	61,  // 97: hashicorp.consul.internal.configentry.APIGatewayListener.Override:type_name -> hashicorp.consul.internal.configentry.APIGatewayPolicy
-	61,  // 98: hashicorp.consul.internal.configentry.APIGatewayListener.Default:type_name -> hashicorp.consul.internal.configentry.APIGatewayPolicy
-	65,  // 99: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	62,  // 100: hashicorp.consul.internal.configentry.APIGatewayPolicy.JWT:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTRequirement
-	63,  // 101: hashicorp.consul.internal.configentry.APIGatewayJWTRequirement.Providers:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTProvider
-	64,  // 102: hashicorp.consul.internal.configentry.APIGatewayJWTProvider.VerifyClaims:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTClaimVerification
-	122, // 103: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	114, // 104: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
-	67,  // 105: hashicorp.consul.internal.configentry.BoundAPIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.BoundAPIGatewayListener
-	65,  // 106: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	65,  // 107: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Routes:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	115, // 108: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	116, // 109: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
-	65,  // 110: hashicorp.consul.internal.configentry.HTTPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	70,  // 111: hashicorp.consul.internal.configentry.HTTPRoute.Rules:type_name -> hashicorp.consul.internal.configentry.HTTPRouteRule
-	57,  // 112: hashicorp.consul.internal.configentry.HTTPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
-	75,  // 113: hashicorp.consul.internal.configentry.HTTPRouteRule.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
-	71,  // 114: hashicorp.consul.internal.configentry.HTTPRouteRule.Matches:type_name -> hashicorp.consul.internal.configentry.HTTPMatch
-	81,  // 115: hashicorp.consul.internal.configentry.HTTPRouteRule.Services:type_name -> hashicorp.consul.internal.configentry.HTTPService
-	72,  // 116: hashicorp.consul.internal.configentry.HTTPMatch.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatch
-	7,   // 117: hashicorp.consul.internal.configentry.HTTPMatch.Method:type_name -> hashicorp.consul.internal.configentry.HTTPMatchMethod
-	73,  // 118: hashicorp.consul.internal.configentry.HTTPMatch.Path:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatch
-	74,  // 119: hashicorp.consul.internal.configentry.HTTPMatch.Query:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatch
-	8,   // 120: hashicorp.consul.internal.configentry.HTTPHeaderMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatchType
-	9,   // 121: hashicorp.consul.internal.configentry.HTTPPathMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatchType
-	10,  // 122: hashicorp.consul.internal.configentry.HTTPQueryMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatchType
-	80,  // 123: hashicorp.consul.internal.configentry.HTTPFilters.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter
-	76,  // 124: hashicorp.consul.internal.configentry.HTTPFilters.URLRewrite:type_name -> hashicorp.consul.internal.configentry.URLRewrite
-	77,  // 125: hashicorp.consul.internal.configentry.HTTPFilters.RetryFilter:type_name -> hashicorp.consul.internal.configentry.RetryFilter
-	78,  // 126: hashicorp.consul.internal.configentry.HTTPFilters.TimeoutFilter:type_name -> hashicorp.consul.internal.configentry.TimeoutFilter
-	79,  // 127: hashicorp.consul.internal.configentry.HTTPFilters.JWT:type_name -> hashicorp.consul.internal.configentry.JWTFilter
-	124, // 128: hashicorp.consul.internal.configentry.TimeoutFilter.RequestTimeout:type_name -> google.protobuf.Duration
-	124, // 129: hashicorp.consul.internal.configentry.TimeoutFilter.IdleTimeout:type_name -> google.protobuf.Duration
-	63,  // 130: hashicorp.consul.internal.configentry.JWTFilter.Providers:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTProvider
-	117, // 131: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	118, // 132: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
-	75,  // 133: hashicorp.consul.internal.configentry.HTTPService.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
-	122, // 134: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	119, // 135: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
-	65,  // 136: hashicorp.consul.internal.configentry.TCPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	83,  // 137: hashicorp.consul.internal.configentry.TCPRoute.Services:type_name -> hashicorp.consul.internal.configentry.TCPService
-	57,  // 138: hashicorp.consul.internal.configentry.TCPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
-	122, // 139: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	85,  // 140: hashicorp.consul.internal.configentry.SamenessGroup.Members:type_name -> hashicorp.consul.internal.configentry.SamenessGroupMember
-	120, // 141: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	122, // 142: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	87,  // 143: hashicorp.consul.internal.configentry.JWTProvider.JSONWebKeySet:type_name -> hashicorp.consul.internal.configentry.JSONWebKeySet
-	96,  // 144: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
-	100, // 145: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
-	101, // 146: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
-	121, // 147: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
-	88,  // 148: hashicorp.consul.internal.configentry.JSONWebKeySet.Local:type_name -> hashicorp.consul.internal.configentry.LocalJWKS
-	89,  // 149: hashicorp.consul.internal.configentry.JSONWebKeySet.Remote:type_name -> hashicorp.consul.internal.configentry.RemoteJWKS
-	124, // 150: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
-	94,  // 151: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	90,  // 152: hashicorp.consul.internal.configentry.RemoteJWKS.JWKSCluster:type_name -> hashicorp.consul.internal.configentry.JWKSCluster
-	91,  // 153: hashicorp.consul.internal.configentry.JWKSCluster.TLSCertificates:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertificate
-	124, // 154: hashicorp.consul.internal.configentry.JWKSCluster.ConnectTimeout:type_name -> google.protobuf.Duration
-	92,  // 155: hashicorp.consul.internal.configentry.JWKSTLSCertificate.CaCertificateProviderInstance:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
-	93,  // 156: hashicorp.consul.internal.configentry.JWKSTLSCertificate.TrustedCA:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
-	95,  // 157: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	124, // 158: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
-	124, // 159: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
-	97,  // 160: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
-	98,  // 161: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	99,  // 162: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
-	19,  // 163: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
-	21,  // 164: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
-	165, // [165:165] is the sub-list for method output_type
-	165, // [165:165] is the sub-list for method input_type
-	165, // [165:165] is the sub-list for extension type_name
-	165, // [165:165] is the sub-list for extension extendee
-	0,   // [0:165] is the sub-list for field type_name
+	56,  // 76: hashicorp.consul.internal.configentry.ServiceDefaults.RateLimits:type_name -> hashicorp.consul.internal.configentry.RateLimits
+	115, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	129, // 78: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
+	4,   // 79: hashicorp.consul.internal.configentry.ServiceDefaults.MutualTLSMode:type_name -> hashicorp.consul.internal.configentry.MutualTLSMode
+	5,   // 80: hashicorp.consul.internal.configentry.MeshGatewayConfig.Mode:type_name -> hashicorp.consul.internal.configentry.MeshGatewayMode
+	50,  // 81: hashicorp.consul.internal.configentry.ExposeConfig.Paths:type_name -> hashicorp.consul.internal.configentry.ExposePath
+	52,  // 82: hashicorp.consul.internal.configentry.UpstreamConfiguration.Overrides:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
+	52,  // 83: hashicorp.consul.internal.configentry.UpstreamConfiguration.Defaults:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
+	125, // 84: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	53,  // 85: hashicorp.consul.internal.configentry.UpstreamConfig.Limits:type_name -> hashicorp.consul.internal.configentry.UpstreamLimits
+	54,  // 86: hashicorp.consul.internal.configentry.UpstreamConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
+	48,  // 87: hashicorp.consul.internal.configentry.UpstreamConfig.MeshGateway:type_name -> hashicorp.consul.internal.configentry.MeshGatewayConfig
+	127, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
+	127, // 89: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
+	57,  // 90: hashicorp.consul.internal.configentry.RateLimits.InstanceLevel:type_name -> hashicorp.consul.internal.configentry.InstanceLevelRateLimits
+	58,  // 91: hashicorp.consul.internal.configentry.InstanceLevelRateLimits.Routes:type_name -> hashicorp.consul.internal.configentry.InstanceLevelRouteRateLimits
+	116, // 92: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	62,  // 93: hashicorp.consul.internal.configentry.APIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.APIGatewayListener
+	60,  // 94: hashicorp.consul.internal.configentry.APIGateway.Status:type_name -> hashicorp.consul.internal.configentry.Status
+	61,  // 95: hashicorp.consul.internal.configentry.Status.Conditions:type_name -> hashicorp.consul.internal.configentry.Condition
+	68,  // 96: hashicorp.consul.internal.configentry.Condition.Resource:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	128, // 97: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
+	6,   // 98: hashicorp.consul.internal.configentry.APIGatewayListener.Protocol:type_name -> hashicorp.consul.internal.configentry.APIGatewayListenerProtocol
+	63,  // 99: hashicorp.consul.internal.configentry.APIGatewayListener.TLS:type_name -> hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
+	64,  // 100: hashicorp.consul.internal.configentry.APIGatewayListener.Override:type_name -> hashicorp.consul.internal.configentry.APIGatewayPolicy
+	64,  // 101: hashicorp.consul.internal.configentry.APIGatewayListener.Default:type_name -> hashicorp.consul.internal.configentry.APIGatewayPolicy
+	68,  // 102: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	65,  // 103: hashicorp.consul.internal.configentry.APIGatewayPolicy.JWT:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTRequirement
+	66,  // 104: hashicorp.consul.internal.configentry.APIGatewayJWTRequirement.Providers:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTProvider
+	67,  // 105: hashicorp.consul.internal.configentry.APIGatewayJWTProvider.VerifyClaims:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTClaimVerification
+	125, // 106: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	117, // 107: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	70,  // 108: hashicorp.consul.internal.configentry.BoundAPIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.BoundAPIGatewayListener
+	68,  // 109: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	68,  // 110: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Routes:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	118, // 111: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	119, // 112: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	68,  // 113: hashicorp.consul.internal.configentry.HTTPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	73,  // 114: hashicorp.consul.internal.configentry.HTTPRoute.Rules:type_name -> hashicorp.consul.internal.configentry.HTTPRouteRule
+	60,  // 115: hashicorp.consul.internal.configentry.HTTPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
+	78,  // 116: hashicorp.consul.internal.configentry.HTTPRouteRule.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
+	74,  // 117: hashicorp.consul.internal.configentry.HTTPRouteRule.Matches:type_name -> hashicorp.consul.internal.configentry.HTTPMatch
+	84,  // 118: hashicorp.consul.internal.configentry.HTTPRouteRule.Services:type_name -> hashicorp.consul.internal.configentry.HTTPService
+	75,  // 119: hashicorp.consul.internal.configentry.HTTPMatch.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatch
+	7,   // 120: hashicorp.consul.internal.configentry.HTTPMatch.Method:type_name -> hashicorp.consul.internal.configentry.HTTPMatchMethod
+	76,  // 121: hashicorp.consul.internal.configentry.HTTPMatch.Path:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatch
+	77,  // 122: hashicorp.consul.internal.configentry.HTTPMatch.Query:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatch
+	8,   // 123: hashicorp.consul.internal.configentry.HTTPHeaderMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatchType
+	9,   // 124: hashicorp.consul.internal.configentry.HTTPPathMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatchType
+	10,  // 125: hashicorp.consul.internal.configentry.HTTPQueryMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatchType
+	83,  // 126: hashicorp.consul.internal.configentry.HTTPFilters.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter
+	79,  // 127: hashicorp.consul.internal.configentry.HTTPFilters.URLRewrite:type_name -> hashicorp.consul.internal.configentry.URLRewrite
+	80,  // 128: hashicorp.consul.internal.configentry.HTTPFilters.RetryFilter:type_name -> hashicorp.consul.internal.configentry.RetryFilter
+	81,  // 129: hashicorp.consul.internal.configentry.HTTPFilters.TimeoutFilter:type_name -> hashicorp.consul.internal.configentry.TimeoutFilter
+	82,  // 130: hashicorp.consul.internal.configentry.HTTPFilters.JWT:type_name -> hashicorp.consul.internal.configentry.JWTFilter
+	127, // 131: hashicorp.consul.internal.configentry.TimeoutFilter.RequestTimeout:type_name -> google.protobuf.Duration
+	127, // 132: hashicorp.consul.internal.configentry.TimeoutFilter.IdleTimeout:type_name -> google.protobuf.Duration
+	66,  // 133: hashicorp.consul.internal.configentry.JWTFilter.Providers:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTProvider
+	120, // 134: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	121, // 135: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	78,  // 136: hashicorp.consul.internal.configentry.HTTPService.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
+	125, // 137: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	122, // 138: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	68,  // 139: hashicorp.consul.internal.configentry.TCPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	86,  // 140: hashicorp.consul.internal.configentry.TCPRoute.Services:type_name -> hashicorp.consul.internal.configentry.TCPService
+	60,  // 141: hashicorp.consul.internal.configentry.TCPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
+	125, // 142: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	88,  // 143: hashicorp.consul.internal.configentry.SamenessGroup.Members:type_name -> hashicorp.consul.internal.configentry.SamenessGroupMember
+	123, // 144: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	125, // 145: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	90,  // 146: hashicorp.consul.internal.configentry.JWTProvider.JSONWebKeySet:type_name -> hashicorp.consul.internal.configentry.JSONWebKeySet
+	99,  // 147: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
+	103, // 148: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
+	104, // 149: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
+	124, // 150: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	91,  // 151: hashicorp.consul.internal.configentry.JSONWebKeySet.Local:type_name -> hashicorp.consul.internal.configentry.LocalJWKS
+	92,  // 152: hashicorp.consul.internal.configentry.JSONWebKeySet.Remote:type_name -> hashicorp.consul.internal.configentry.RemoteJWKS
+	127, // 153: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
+	97,  // 154: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	93,  // 155: hashicorp.consul.internal.configentry.RemoteJWKS.JWKSCluster:type_name -> hashicorp.consul.internal.configentry.JWKSCluster
+	94,  // 156: hashicorp.consul.internal.configentry.JWKSCluster.TLSCertificates:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	127, // 157: hashicorp.consul.internal.configentry.JWKSCluster.ConnectTimeout:type_name -> google.protobuf.Duration
+	95,  // 158: hashicorp.consul.internal.configentry.JWKSTLSCertificate.CaCertificateProviderInstance:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	96,  // 159: hashicorp.consul.internal.configentry.JWKSTLSCertificate.TrustedCA:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	98,  // 160: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	127, // 161: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
+	127, // 162: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
+	100, // 163: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
+	101, // 164: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	102, // 165: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
+	19,  // 166: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
+	21,  // 167: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
+	168, // [168:168] is the sub-list for method output_type
+	168, // [168:168] is the sub-list for method input_type
+	168, // [168:168] is the sub-list for extension type_name
+	168, // [168:168] is the sub-list for extension extendee
+	0,   // [0:168] is the sub-list for field type_name
 }
 
 func init() { file_private_pbconfigentry_config_entry_proto_init() }
@@ -9835,7 +10096,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[45].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*APIGateway); i {
+			switch v := v.(*RateLimits); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9847,7 +10108,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[46].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Status); i {
+			switch v := v.(*InstanceLevelRateLimits); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9859,7 +10120,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[47].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Condition); i {
+			switch v := v.(*InstanceLevelRouteRateLimits); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9871,7 +10132,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[48].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*APIGatewayListener); i {
+			switch v := v.(*APIGateway); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9883,7 +10144,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[49].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*APIGatewayTLSConfiguration); i {
+			switch v := v.(*Status); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9895,7 +10156,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[50].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*APIGatewayPolicy); i {
+			switch v := v.(*Condition); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9907,7 +10168,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[51].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*APIGatewayJWTRequirement); i {
+			switch v := v.(*APIGatewayListener); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9919,7 +10180,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[52].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*APIGatewayJWTProvider); i {
+			switch v := v.(*APIGatewayTLSConfiguration); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9931,7 +10192,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[53].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*APIGatewayJWTClaimVerification); i {
+			switch v := v.(*APIGatewayPolicy); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9943,7 +10204,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[54].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ResourceReference); i {
+			switch v := v.(*APIGatewayJWTRequirement); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9955,7 +10216,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[55].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*BoundAPIGateway); i {
+			switch v := v.(*APIGatewayJWTProvider); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9967,7 +10228,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[56].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*BoundAPIGatewayListener); i {
+			switch v := v.(*APIGatewayJWTClaimVerification); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9979,7 +10240,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[57].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InlineCertificate); i {
+			switch v := v.(*ResourceReference); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -9991,7 +10252,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[58].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPRoute); i {
+			switch v := v.(*BoundAPIGateway); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10003,7 +10264,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[59].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPRouteRule); i {
+			switch v := v.(*BoundAPIGatewayListener); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10015,7 +10276,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[60].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPMatch); i {
+			switch v := v.(*InlineCertificate); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10027,7 +10288,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[61].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPHeaderMatch); i {
+			switch v := v.(*HTTPRoute); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10039,7 +10300,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[62].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPPathMatch); i {
+			switch v := v.(*HTTPRouteRule); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10051,7 +10312,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[63].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPQueryMatch); i {
+			switch v := v.(*HTTPMatch); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10063,7 +10324,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[64].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPFilters); i {
+			switch v := v.(*HTTPHeaderMatch); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10075,7 +10336,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[65].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*URLRewrite); i {
+			switch v := v.(*HTTPPathMatch); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10087,7 +10348,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[66].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RetryFilter); i {
+			switch v := v.(*HTTPQueryMatch); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10099,7 +10360,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[67].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TimeoutFilter); i {
+			switch v := v.(*HTTPFilters); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10111,7 +10372,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[68].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTFilter); i {
+			switch v := v.(*URLRewrite); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10123,7 +10384,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[69].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPHeaderFilter); i {
+			switch v := v.(*RetryFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10135,7 +10396,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[70].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPService); i {
+			switch v := v.(*TimeoutFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10147,7 +10408,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[71].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPRoute); i {
+			switch v := v.(*JWTFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10159,7 +10420,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[72].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPService); i {
+			switch v := v.(*HTTPHeaderFilter); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10171,7 +10432,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[73].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SamenessGroup); i {
+			switch v := v.(*HTTPService); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10183,7 +10444,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[74].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SamenessGroupMember); i {
+			switch v := v.(*TCPRoute); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10195,7 +10456,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[75].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTProvider); i {
+			switch v := v.(*TCPService); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10207,7 +10468,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[76].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JSONWebKeySet); i {
+			switch v := v.(*SamenessGroup); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10219,7 +10480,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[77].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LocalJWKS); i {
+			switch v := v.(*SamenessGroupMember); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10231,7 +10492,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[78].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RemoteJWKS); i {
+			switch v := v.(*JWTProvider); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10243,7 +10504,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[79].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSCluster); i {
+			switch v := v.(*JSONWebKeySet); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10255,7 +10516,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[80].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertificate); i {
+			switch v := v.(*LocalJWKS); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10267,7 +10528,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[81].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertProviderInstance); i {
+			switch v := v.(*RemoteJWKS); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10279,7 +10540,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[82].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSTLSCertTrustedCA); i {
+			switch v := v.(*JWKSCluster); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10291,7 +10552,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[83].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWKSRetryPolicy); i {
+			switch v := v.(*JWKSTLSCertificate); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10303,7 +10564,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[84].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RetryPolicyBackOff); i {
+			switch v := v.(*JWKSTLSCertProviderInstance); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10315,7 +10576,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[85].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocation); i {
+			switch v := v.(*JWKSTLSCertTrustedCA); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10327,7 +10588,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[86].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationHeader); i {
+			switch v := v.(*JWKSRetryPolicy); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10339,7 +10600,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[87].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationQueryParam); i {
+			switch v := v.(*RetryPolicyBackOff); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10351,7 +10612,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[88].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTLocationCookie); i {
+			switch v := v.(*JWTLocation); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10363,7 +10624,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[89].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTForwardingConfig); i {
+			switch v := v.(*JWTLocationHeader); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -10375,6 +10636,42 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[90].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTLocationQueryParam); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[91].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTLocationCookie); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[92].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JWTForwardingConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_private_pbconfigentry_config_entry_proto_msgTypes[93].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTCacheConfig); i {
 			case 0:
 				return &v.state
@@ -10407,7 +10704,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_private_pbconfigentry_config_entry_proto_rawDesc,
 			NumEnums:      11,
-			NumMessages:   111,
+			NumMessages:   114,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto/private/pbconfigentry/config_entry.proto b/proto/private/pbconfigentry/config_entry.proto
index 3c698aab37a3..c5bb243a5caf 100644
--- a/proto/private/pbconfigentry/config_entry.proto
+++ b/proto/private/pbconfigentry/config_entry.proto
@@ -507,6 +507,7 @@ message ServiceDefaults {
   // mog: func-to=int func-from=int32
   int32 LocalRequestTimeoutMs = 11;
   string BalanceInboundConnections = 12;
+  RateLimits RateLimits = 16;
   map<string, string> Meta = 13;
   // mog: func-to=EnvoyExtensionsToStructs func-from=EnvoyExtensionsFromStructs
   repeated hashicorp.consul.internal.common.EnvoyExtension EnvoyExtensions = 14;
@@ -652,6 +653,43 @@ message DestinationConfig {
   int32 Port = 2;
 }
 
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.RateLimits
+// output=config_entry.gen.go
+// name=Structs
+message RateLimits {
+  InstanceLevelRateLimits InstanceLevel = 1;
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.InstanceLevelRateLimits
+// output=config_entry.gen.go
+// name=Structs
+message InstanceLevelRateLimits {
+  // mog: func-to=int func-from=uint32
+  uint32 RequestsPerSecond = 1;
+  // mog: func-to=int func-from=uint32
+  uint32 RequestsMaxBurst = 2;
+  repeated InstanceLevelRouteRateLimits Routes = 3;
+}
+
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.InstanceLevelRouteRateLimits
+// output=config_entry.gen.go
+// name=Structs
+message InstanceLevelRouteRateLimits {
+  string PathExact = 1;
+  string PathPrefix = 2;
+  string PathRegex = 3;
+  // mog: func-to=int func-from=uint32
+  uint32 RequestsPerSecond = 4;
+  // mog: func-to=int func-from=uint32
+  uint32 RequestsMaxBurst = 5;
+}
+
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.APIGatewayConfigEntry

From 2f58e05be62ab2241d2c843eed497483dae8e428 Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Mon, 28 Aug 2023 08:47:18 -0700
Subject: [PATCH 331/359] Fix broken link on sameness group page (#18511)

fix broken link
---
 website/content/docs/connect/failover/index.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/connect/failover/index.mdx b/website/content/docs/connect/failover/index.mdx
index a4c51b799731..022b6542a971 100644
--- a/website/content/docs/connect/failover/index.mdx
+++ b/website/content/docs/connect/failover/index.mdx
@@ -44,4 +44,4 @@ In networks with multiple datacenters or partitions that share a peer connection
 
 You can configure sameness groups for this type of network. Sameness groups allow you to define a group of admin partitions where identical services are deployed in identical namespaces. After you configure the sameness group, you can reference the `SamenessGroup` parameter in service resolver, exported service, and service intention configuration entries, enabling you to add or remove cluster peers from the group without making changes to every cluster peer every time. 
 
-Refer to [Sameness groups usage page](/consul/docs/connect/cluster-peering/usage/sameness-groups) for more information.
+Refer to [Sameness groups usage page](/consul/docs/connect/cluster-peering/usage/create-sameness-groups) for more information.

From 0e17e981a2e45df98676cfd721d8dc75521b9313 Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@users.noreply.github.com>
Date: Mon, 28 Aug 2023 08:51:15 -0700
Subject: [PATCH 332/359] Fix typo in permissive mTLS docs (#18551)

Update onboarding-tproxy-mode.mdx
---
 website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx b/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
index 6f2f5ed465c9..0a1b877fce8a 100644
--- a/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
+++ b/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
@@ -58,7 +58,8 @@ kind: Mesh
 metadata:
   name: mesh
 spec:
-  allowEnablingPermissiveMutualTLS: true
+  transparentProxy:
+    meshDestinationsOnly: true
 ```
 
 ```json
@@ -292,4 +293,4 @@ $ consul config read -kind proxy-defaults -name global
     "CreateIndex": 26,
     "ModifyIndex": 30
 }
-```
\ No newline at end of file
+```

From 7bc30e989c302ad28d05d046e695a391ee6f1dc7 Mon Sep 17 00:00:00 2001
From: Curt Bushko <cbushko@gmail.com>
Date: Mon, 28 Aug 2023 12:05:25 -0400
Subject: [PATCH 333/359] Set concurrency for workflows (#18567)

* Set concurrency for workflows
---
 .github/workflows/build-distros.yml     | 4 ++++
 .github/workflows/go-tests.yml          | 5 +++++
 .github/workflows/test-integrations.yml | 4 ++++
 3 files changed, 13 insertions(+)

diff --git a/.github/workflows/build-distros.yml b/.github/workflows/build-distros.yml
index 602acb18c1a9..4d8799a5643d 100644
--- a/.github/workflows/build-distros.yml
+++ b/.github/workflows/build-distros.yml
@@ -17,6 +17,10 @@ env:
   GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
   GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   setup:
     name: Setup
diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 9db458ed5d51..db69f2dbbd98 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -23,6 +23,11 @@ env:
   TEST_RESULTS: /tmp/test-results
   GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
+# concurrency
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   conditional-skip:
     runs-on: ubuntu-latest 
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 71394bba918d..0cf2995258e5 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -25,6 +25,10 @@ env:
   CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }}
   GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   conditional-skip:
     runs-on: ubuntu-latest 

From 180c1e22c1dad541cfe387a7c636a7298e019c09 Mon Sep 17 00:00:00 2001
From: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
Date: Mon, 28 Aug 2023 13:32:42 -0400
Subject: [PATCH 334/359] test: run automated tests against Vault 1.11 - 1.14
 (#18590)

Begin to test against Vault 1.14. Drop tests against Vault 1.10.
---
 .github/workflows/test-integrations.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 0cf2995258e5..6e7bf3e7f03b 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -158,7 +158,7 @@ jobs:
       contents: read
     strategy:
       matrix:
-        vault-version: ["1.13.1", "1.12.5", "1.11.9", "1.10.11"]
+        vault-version: ["1.14.1", "1.13.5", "1.12.9", "1.11.12"]
     env:
       VAULT_BINARY_VERSION: ${{ matrix.vault-version }}
     steps:

From 48c8a834f5deed55e1ec9cbc42bae2ec85cd2b74 Mon Sep 17 00:00:00 2001
From: Joshua Timmons <josh.timmons@hashicorp.com>
Date: Mon, 28 Aug 2023 13:49:34 -0400
Subject: [PATCH 335/359] Reduce the frequency of metric exports to minutely
 (#18584)

---
 .changelog/18584.txt                      |  3 +++
 agent/hcp/deps.go                         |  2 +-
 agent/hcp/telemetry/otel_exporter.go      | 20 ++++++++--------
 agent/hcp/telemetry/otel_exporter_test.go | 12 +++++-----
 agent/hcp/telemetry/otel_sink.go          | 29 ++++++++++++++++++-----
 5 files changed, 43 insertions(+), 23 deletions(-)
 create mode 100644 .changelog/18584.txt

diff --git a/.changelog/18584.txt b/.changelog/18584.txt
new file mode 100644
index 000000000000..e7329655ba6e
--- /dev/null
+++ b/.changelog/18584.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+Reduce the frequency of metric exports from Consul to HCP from every 10s to every 1m
+```
\ No newline at end of file
diff --git a/agent/hcp/deps.go b/agent/hcp/deps.go
index 503792d84c0a..e098bfc65eec 100644
--- a/agent/hcp/deps.go
+++ b/agent/hcp/deps.go
@@ -82,7 +82,7 @@ func sink(
 		return nil, fmt.Errorf("failed to init config provider: %w", err)
 	}
 
-	reader := telemetry.NewOTELReader(metricsClient, cfgProvider, telemetry.DefaultExportInterval)
+	reader := telemetry.NewOTELReader(metricsClient, cfgProvider)
 	sinkOpts := &telemetry.OTELSinkOpts{
 		Reader:         reader,
 		ConfigProvider: cfgProvider,
diff --git a/agent/hcp/telemetry/otel_exporter.go b/agent/hcp/telemetry/otel_exporter.go
index 23852f3539cf..461876333655 100644
--- a/agent/hcp/telemetry/otel_exporter.go
+++ b/agent/hcp/telemetry/otel_exporter.go
@@ -27,17 +27,17 @@ type EndpointProvider interface {
 	GetEndpoint() *url.URL
 }
 
-// OTELExporter is a custom implementation of a OTEL Metrics SDK metrics.Exporter.
+// otelExporter is a custom implementation of a OTEL Metrics SDK metrics.Exporter.
 // The exporter is used by a OTEL Metrics SDK PeriodicReader to export aggregated metrics.
 // This allows us to use a custom client - HCP authenticated MetricsClient.
-type OTELExporter struct {
+type otelExporter struct {
 	client           MetricsClient
 	endpointProvider EndpointProvider
 }
 
-// NewOTELExporter returns a configured OTELExporter.
-func NewOTELExporter(client MetricsClient, endpointProvider EndpointProvider) *OTELExporter {
-	return &OTELExporter{
+// newOTELExporter returns a configured OTELExporter.
+func newOTELExporter(client MetricsClient, endpointProvider EndpointProvider) *otelExporter {
+	return &otelExporter{
 		client:           client,
 		endpointProvider: endpointProvider,
 	}
@@ -45,14 +45,14 @@ func NewOTELExporter(client MetricsClient, endpointProvider EndpointProvider) *O
 
 // Temporality returns the Cumulative temporality for metrics aggregation.
 // Telemetry Gateway stores metrics in Prometheus format, so use Cummulative aggregation as default.
-func (e *OTELExporter) Temporality(_ metric.InstrumentKind) metricdata.Temporality {
+func (e *otelExporter) Temporality(_ metric.InstrumentKind) metricdata.Temporality {
 	return metricdata.CumulativeTemporality
 }
 
 // Aggregation returns the Aggregation to use for an instrument kind.
 // The default implementation provided by the OTEL Metrics SDK library DefaultAggregationSelector panics.
 // This custom version replicates that logic, but removes the panic.
-func (e *OTELExporter) Aggregation(kind metric.InstrumentKind) aggregation.Aggregation {
+func (e *otelExporter) Aggregation(kind metric.InstrumentKind) aggregation.Aggregation {
 	switch kind {
 	case metric.InstrumentKindObservableGauge:
 		return aggregation.LastValue{}
@@ -67,7 +67,7 @@ func (e *OTELExporter) Aggregation(kind metric.InstrumentKind) aggregation.Aggre
 }
 
 // Export serializes and transmits metric data to a receiver.
-func (e *OTELExporter) Export(ctx context.Context, metrics *metricdata.ResourceMetrics) error {
+func (e *otelExporter) Export(ctx context.Context, metrics *metricdata.ResourceMetrics) error {
 	endpoint := e.endpointProvider.GetEndpoint()
 	if endpoint == nil {
 		return nil
@@ -89,13 +89,13 @@ func (e *OTELExporter) Export(ctx context.Context, metrics *metricdata.ResourceM
 }
 
 // ForceFlush is a no-op, as the MetricsClient client holds no state.
-func (e *OTELExporter) ForceFlush(ctx context.Context) error {
+func (e *otelExporter) ForceFlush(ctx context.Context) error {
 	goMetrics.IncrCounter(internalMetricExporterForceFlush, 1)
 	return ctx.Err()
 }
 
 // Shutdown is a no-op, as the MetricsClient is a HTTP client that requires no graceful shutdown.
-func (e *OTELExporter) Shutdown(ctx context.Context) error {
+func (e *otelExporter) Shutdown(ctx context.Context) error {
 	goMetrics.IncrCounter(internalMetricExporterShutdown, 1)
 	return ctx.Err()
 }
diff --git a/agent/hcp/telemetry/otel_exporter_test.go b/agent/hcp/telemetry/otel_exporter_test.go
index 09d848d3bee3..610fbb44e74b 100644
--- a/agent/hcp/telemetry/otel_exporter_test.go
+++ b/agent/hcp/telemetry/otel_exporter_test.go
@@ -40,7 +40,7 @@ func (m *mockEndpointProvider) GetEndpoint() *url.URL { return m.endpoint }
 
 func TestTemporality(t *testing.T) {
 	t.Parallel()
-	exp := &OTELExporter{}
+	exp := &otelExporter{}
 	require.Equal(t, metricdata.CumulativeTemporality, exp.Temporality(metric.InstrumentKindCounter))
 }
 
@@ -66,7 +66,7 @@ func TestAggregation(t *testing.T) {
 		test := test
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
-			exp := &OTELExporter{}
+			exp := &otelExporter{}
 			require.Equal(t, test.expAgg, exp.Aggregation(test.kind))
 		})
 	}
@@ -125,7 +125,7 @@ func TestExport(t *testing.T) {
 				}
 			}
 
-			exp := NewOTELExporter(test.client, provider)
+			exp := newOTELExporter(test.client, provider)
 
 			err := exp.Export(context.Background(), test.metrics)
 			if test.wantErr != "" {
@@ -182,7 +182,7 @@ func TestExport_CustomMetrics(t *testing.T) {
 			u, err := url.Parse(testExportEndpoint)
 			require.NoError(t, err)
 
-			exp := NewOTELExporter(tc.client, &mockEndpointProvider{
+			exp := newOTELExporter(tc.client, &mockEndpointProvider{
 				endpoint: u,
 			})
 
@@ -212,7 +212,7 @@ func TestExport_CustomMetrics(t *testing.T) {
 
 func TestForceFlush(t *testing.T) {
 	t.Parallel()
-	exp := &OTELExporter{}
+	exp := &otelExporter{}
 	ctx, cancel := context.WithCancel(context.Background())
 	cancel()
 
@@ -222,7 +222,7 @@ func TestForceFlush(t *testing.T) {
 
 func TestShutdown(t *testing.T) {
 	t.Parallel()
-	exp := &OTELExporter{}
+	exp := &otelExporter{}
 	ctx, cancel := context.WithCancel(context.Background())
 	cancel()
 
diff --git a/agent/hcp/telemetry/otel_sink.go b/agent/hcp/telemetry/otel_sink.go
index a25c549e23a4..7770f7eaaf16 100644
--- a/agent/hcp/telemetry/otel_sink.go
+++ b/agent/hcp/telemetry/otel_sink.go
@@ -13,20 +13,34 @@ import (
 	"time"
 
 	gometrics "github.com/armon/go-metrics"
-	"github.com/hashicorp/go-hclog"
 	"go.opentelemetry.io/otel/attribute"
 	otelmetric "go.opentelemetry.io/otel/metric"
 	otelsdk "go.opentelemetry.io/otel/sdk/metric"
 	"go.opentelemetry.io/otel/sdk/resource"
+
+	"github.com/hashicorp/go-hclog"
 )
 
-// DefaultExportInterval is a default time interval between export of aggregated metrics.
-const DefaultExportInterval = 10 * time.Second
+const (
+	// defaultExportInterval is a default time interval between export of aggregated metrics.
+	// At the time of writing this is the same as the otelsdk.Reader's default export interval.
+	defaultExportInterval = 60 * time.Second
+
+	// defaultExportTimeout is the time the otelsdk.Reader waits on an export before cancelling it.
+	// At the time of writing this is the same as the otelsdk.Reader's default export timeout default.
+	//
+	// note: in practice we are more likely to hit the http.Client Timeout in telemetry.MetricsClient.
+	// That http.Client Timeout is 15 seconds (at the time of writing). The otelsdk.Reader will use
+	// defaultExportTimeout for the entire Export call, but since the http.Client's Timeout is 15s,
+	// we should hit that first before reaching the 30 second timeout set here.
+	defaultExportTimeout = 30 * time.Second
+)
 
 // ConfigProvider is required to provide custom metrics processing.
 type ConfigProvider interface {
 	// GetLabels should return a set of OTEL attributes added by default all metrics.
 	GetLabels() map[string]string
+
 	// GetFilters should return filtesr that are required to enable metric processing.
 	// Filters act as an allowlist to collect only the required metrics.
 	GetFilters() *regexp.Regexp
@@ -75,9 +89,12 @@ type OTELSink struct {
 // NewOTELReader returns a configured OTEL PeriodicReader to export metrics every X seconds.
 // It configures the reader with a custom OTELExporter with a MetricsClient to transform and export
 // metrics in OTLP format to an external url.
-func NewOTELReader(client MetricsClient, endpointProvider EndpointProvider, exportInterval time.Duration) otelsdk.Reader {
-	exporter := NewOTELExporter(client, endpointProvider)
-	return otelsdk.NewPeriodicReader(exporter, otelsdk.WithInterval(exportInterval))
+func NewOTELReader(client MetricsClient, endpointProvider EndpointProvider) otelsdk.Reader {
+	return otelsdk.NewPeriodicReader(
+		newOTELExporter(client, endpointProvider),
+		otelsdk.WithInterval(defaultExportInterval),
+		otelsdk.WithTimeout(defaultExportTimeout),
+	)
 }
 
 // NewOTELSink returns a sink which fits the Go Metrics MetricsSink interface.

From 0e606504bc517db957209e8481900c877885e23e Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Tue, 29 Aug 2023 09:15:34 -0600
Subject: [PATCH 336/359] NET-4944 - wire up controllers with proxy tracker
 (#18603)

Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
---
 agent/agent.go                                | 103 ++++++++++--------
 agent/agent_test.go                           |   2 +-
 agent/consul/leader_connect_ca_test.go        |   2 +-
 agent/consul/leader_test.go                   |   2 +-
 agent/consul/server.go                        |  20 +++-
 agent/consul/server_test.go                   |  10 +-
 .../proxycfg-sources/catalog/config_source.go |  10 +-
 .../catalog/config_source_test.go             |  18 +--
 .../catalog/mock_ConfigManager.go             |  17 +--
 .../catalog/mock_SessionLimiter.go            |  23 ++--
 .../proxycfg-sources/catalog/mock_Watcher.go  |  21 ++--
 agent/proxycfg-sources/local/config_source.go |   5 +-
 .../local/mock_ConfigManager.go               |  17 +--
 agent/proxycfg-sources/local/sync.go          |   3 +-
 ...oxysnapshot.go => config_snapshot_glue.go} |  10 --
 ...t_test.go => config_snapshot_glue_test.go} |   5 +-
 agent/proxycfg/manager.go                     |  17 ++-
 agent/proxycfg/manager_test.go                |   9 +-
 agent/proxycfg_test.go                        |  10 +-
 agent/rpc/peering/service_test.go             |   2 +-
 agent/xds/delta.go                            |  20 ++--
 agent/xds/proxystateconverter/converter.go    |   9 +-
 agent/xds/server.go                           |  14 +--
 agent/xds/xds_protocol_helpers_test.go        |  13 ++-
 agent/xdsv2/resources.go                      |   7 +-
 .../mesh/internal/controllers/register.go     |   4 +-
 .../internal/controllers/xds/controller.go    |   8 +-
 .../controllers/xds/controller_test.go        |   2 +-
 .../internal/controllers/xds/mock_updater.go  |  25 +++--
 .../mesh/proxy-snapshot/proxy_snapshot.go     |  17 +++
 .../proxy-tracker/mock_SessionLimiter.go      |   2 +-
 .../proxy_state_exports.go                    |   2 +-
 .../mesh}/proxy-tracker/proxy_tracker.go      |  26 ++---
 .../mesh}/proxy-tracker/proxy_tracker_test.go |  26 ++---
 34 files changed, 266 insertions(+), 215 deletions(-)
 rename agent/proxycfg/{proxysnapshot.go => config_snapshot_glue.go} (88%)
 rename agent/proxycfg/{proxysnapshot_test.go => config_snapshot_glue_test.go} (99%)
 create mode 100644 internal/mesh/proxy-snapshot/proxy_snapshot.go
 rename {agent => internal/mesh}/proxy-tracker/mock_SessionLimiter.go (94%)
 rename internal/mesh/{ => proxy-tracker}/proxy_state_exports.go (98%)
 rename {agent => internal/mesh}/proxy-tracker/proxy_tracker.go (92%)
 rename {agent => internal/mesh}/proxy-tracker/proxy_tracker_test.go (89%)

diff --git a/agent/agent.go b/agent/agent.go
index 5f2e57c718f3..e3af2f1c9826 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -9,8 +9,8 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	proxytracker "github.com/hashicorp/consul/agent/proxy-tracker"
 	catalogproxycfg "github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"github.com/hashicorp/consul/lib/stringslice"
 	"io"
 	"net"
@@ -653,6 +653,47 @@ func (a *Agent) Start(ctx context.Context) error {
 		return fmt.Errorf("failed to start Consul enterprise component: %v", err)
 	}
 
+	// Create proxy config manager now because it is a dependency of creating the proxyWatcher
+	// which will be passed to consul.NewServer so that it is then passed to the
+	// controller registration for the XDS controller in v2 mode, and the xds server in v1 and v2 mode.
+	var intentionDefaultAllow bool
+	switch a.config.ACLResolverSettings.ACLDefaultPolicy {
+	case "allow":
+		intentionDefaultAllow = true
+	case "deny":
+		intentionDefaultAllow = false
+	default:
+		return fmt.Errorf("unexpected ACL default policy value of %q", a.config.ACLResolverSettings.ACLDefaultPolicy)
+	}
+
+	go a.baseDeps.ViewStore.Run(&lib.StopChannelContext{StopCh: a.shutdownCh})
+
+	// Start the proxy config manager.
+	a.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{
+		DataSources: a.proxyDataSources(),
+		Logger:      a.logger.Named(logging.ProxyConfig),
+		Source: &structs.QuerySource{
+			Datacenter:    a.config.Datacenter,
+			Segment:       a.config.SegmentName,
+			Node:          a.config.NodeName,
+			NodePartition: a.config.PartitionOrEmpty(),
+		},
+		DNSConfig: proxycfg.DNSConfig{
+			Domain:    a.config.DNSDomain,
+			AltDomain: a.config.DNSAltDomain,
+		},
+		TLSConfigurator:       a.tlsConfigurator,
+		IntentionDefaultAllow: intentionDefaultAllow,
+		UpdateRateLimit:       a.config.XDSUpdateRateLimit,
+	})
+	if err != nil {
+		return err
+	}
+
+	// proxyWatcher will be used in the creation of the XDS server and also
+	// in the registration of the xds controller.
+	proxyWatcher := a.getProxyWatcher()
+
 	// Setup either the client or the server.
 	if c.ServerMode {
 		serverLogger := a.baseDeps.Logger.NamedIntercept(logging.ConsulServer)
@@ -686,7 +727,11 @@ func (a *Agent) Start(ctx context.Context) error {
 			incomingRPCLimiter,
 		)
 
-		server, err := consul.NewServer(consulCfg, a.baseDeps.Deps, a.externalGRPCServer, incomingRPCLimiter, serverLogger)
+		var pt *proxytracker.ProxyTracker
+		if a.useV2Resources() {
+			pt = proxyWatcher.(*proxytracker.ProxyTracker)
+		}
+		server, err := consul.NewServer(consulCfg, a.baseDeps.Deps, a.externalGRPCServer, incomingRPCLimiter, serverLogger, pt)
 		if err != nil {
 			return fmt.Errorf("Failed to start Consul server: %v", err)
 		}
@@ -753,40 +798,6 @@ func (a *Agent) Start(ctx context.Context) error {
 		return err
 	}
 
-	var intentionDefaultAllow bool
-	switch a.config.ACLResolverSettings.ACLDefaultPolicy {
-	case "allow":
-		intentionDefaultAllow = true
-	case "deny":
-		intentionDefaultAllow = false
-	default:
-		return fmt.Errorf("unexpected ACL default policy value of %q", a.config.ACLResolverSettings.ACLDefaultPolicy)
-	}
-
-	go a.baseDeps.ViewStore.Run(&lib.StopChannelContext{StopCh: a.shutdownCh})
-
-	// Start the proxy config manager.
-	a.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{
-		DataSources: a.proxyDataSources(),
-		Logger:      a.logger.Named(logging.ProxyConfig),
-		Source: &structs.QuerySource{
-			Datacenter:    a.config.Datacenter,
-			Segment:       a.config.SegmentName,
-			Node:          a.config.NodeName,
-			NodePartition: a.config.PartitionOrEmpty(),
-		},
-		DNSConfig: proxycfg.DNSConfig{
-			Domain:    a.config.DNSDomain,
-			AltDomain: a.config.DNSAltDomain,
-		},
-		TLSConfigurator:       a.tlsConfigurator,
-		IntentionDefaultAllow: intentionDefaultAllow,
-		UpdateRateLimit:       a.config.XDSUpdateRateLimit,
-	})
-	if err != nil {
-		return err
-	}
-
 	go localproxycfg.Sync(
 		&lib.StopChannelContext{StopCh: a.shutdownCh},
 		localproxycfg.SyncConfig{
@@ -839,7 +850,7 @@ func (a *Agent) Start(ctx context.Context) error {
 	}
 
 	// Start grpc and grpc_tls servers.
-	if err := a.listenAndServeGRPC(); err != nil {
+	if err := a.listenAndServeGRPC(proxyWatcher); err != nil {
 		return err
 	}
 
@@ -924,11 +935,13 @@ func (a *Agent) useV2Resources() bool {
 // it will return a ConfigSource.
 func (a *Agent) getProxyWatcher() xds.ProxyWatcher {
 	if a.useV2Resources() {
+		a.logger.Trace("returning proxyTracker for getProxyWatcher")
 		return proxytracker.NewProxyTracker(proxytracker.ProxyTrackerConfig{
-			Logger:         a.proxyConfig.Logger.Named("proxy-tracker"),
+			Logger:         a.logger.Named("proxy-tracker"),
 			SessionLimiter: a.baseDeps.XDSStreamLimiter,
 		})
 	} else {
+		a.logger.Trace("returning configSource for getProxyWatcher")
 		return localproxycfg.NewConfigSource(a.proxyConfig)
 	}
 }
@@ -936,16 +949,14 @@ func (a *Agent) getProxyWatcher() xds.ProxyWatcher {
 // configureXDSServer configures an XDS server with the proper implementation of
 // the PRoxyWatcher interface and registers the XDS server with Consul's
 // external facing GRPC server.
-func (a *Agent) configureXDSServer() {
-	cfg := a.getProxyWatcher()
-
+func (a *Agent) configureXDSServer(proxyWatcher xds.ProxyWatcher) {
 	// TODO(agentless): rather than asserting the concrete type of delegate, we
 	// should add a method to the Delegate interface to build a ConfigSource.
 	if server, ok := a.delegate.(*consul.Server); ok {
 		catalogCfg := catalogproxycfg.NewConfigSource(catalogproxycfg.Config{
 			NodeName:          a.config.NodeName,
 			LocalState:        a.State,
-			LocalConfigSource: cfg,
+			LocalConfigSource: proxyWatcher,
 			Manager:           a.proxyConfig,
 			GetStore:          func() catalogproxycfg.Store { return server.FSM().State() },
 			Logger:            a.proxyConfig.Logger.Named("server-catalog"),
@@ -955,12 +966,12 @@ func (a *Agent) configureXDSServer() {
 			<-a.shutdownCh
 			catalogCfg.Shutdown()
 		}()
-		cfg = catalogCfg
+		proxyWatcher = catalogCfg
 	}
 	a.xdsServer = xds.NewServer(
 		a.config.NodeName,
 		a.logger.Named(logging.Envoy),
-		cfg,
+		proxyWatcher,
 		func(id string) (acl.Authorizer, error) {
 			return a.delegate.ResolveTokenAndDefaultMeta(id, nil, nil)
 		},
@@ -969,12 +980,12 @@ func (a *Agent) configureXDSServer() {
 	a.xdsServer.Register(a.externalGRPCServer)
 }
 
-func (a *Agent) listenAndServeGRPC() error {
+func (a *Agent) listenAndServeGRPC(proxyWatcher xds.ProxyWatcher) error {
 	if len(a.config.GRPCAddrs) < 1 && len(a.config.GRPCTLSAddrs) < 1 {
 		return nil
 	}
 
-	a.configureXDSServer()
+	a.configureXDSServer(proxyWatcher)
 
 	// Attempt to spawn listeners
 	var listeners []net.Listener
diff --git a/agent/agent_test.go b/agent/agent_test.go
index 174e8c8cdfbb..c597f1d5d575 100644
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@@ -15,10 +15,10 @@ import (
 	"errors"
 	"fmt"
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	proxytracker "github.com/hashicorp/consul/agent/proxy-tracker"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/proxycfg-sources/local"
 	"github.com/hashicorp/consul/agent/xds"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	mathrand "math/rand"
 	"net"
 	"net/http"
diff --git a/agent/consul/leader_connect_ca_test.go b/agent/consul/leader_connect_ca_test.go
index 42dcdd447d49..b3e8fdc9d0ed 100644
--- a/agent/consul/leader_connect_ca_test.go
+++ b/agent/consul/leader_connect_ca_test.go
@@ -566,7 +566,7 @@ func TestCAManager_Initialize_Logging(t *testing.T) {
 	deps := newDefaultDeps(t, conf1)
 	deps.Logger = logger
 
-	s1, err := NewServer(conf1, deps, grpc.NewServer(), nil, logger)
+	s1, err := NewServer(conf1, deps, grpc.NewServer(), nil, logger, nil)
 	require.NoError(t, err)
 	defer s1.Shutdown()
 	testrpc.WaitForLeader(t, s1.RPC, "dc1")
diff --git a/agent/consul/leader_test.go b/agent/consul/leader_test.go
index 6cd30f38c987..7a4b63eb05ee 100644
--- a/agent/consul/leader_test.go
+++ b/agent/consul/leader_test.go
@@ -1640,7 +1640,7 @@ func TestLeader_ConfigEntryBootstrap_Fail(t *testing.T) {
 			deps := newDefaultDeps(t, config)
 			deps.Logger = logger
 
-			srv, err := NewServer(config, deps, grpc.NewServer(), nil, logger)
+			srv, err := NewServer(config, deps, grpc.NewServer(), nil, logger, nil)
 			require.NoError(t, err)
 			defer srv.Shutdown()
 
diff --git a/agent/consul/server.go b/agent/consul/server.go
index 64c0c1f76a15..9357cf36db83 100644
--- a/agent/consul/server.go
+++ b/agent/consul/server.go
@@ -8,6 +8,7 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"io"
 	"net"
 	"os"
@@ -480,9 +481,21 @@ type connHandler interface {
 	Shutdown() error
 }
 
+// ProxyUpdater is an interface for ProxyTracker.
+type ProxyUpdater interface {
+	// PushChange allows pushing a computed ProxyState to xds for xds resource generation to send to a proxy.
+	PushChange(id *pbresource.ID, snapshot proxysnapshot.ProxySnapshot) error
+
+	// ProxyConnectedToServer returns whether this id is connected to this server.
+	ProxyConnectedToServer(id *pbresource.ID) bool
+
+	EventChannel() chan controller.Event
+}
+
 // NewServer is used to construct a new Consul server from the configuration
 // and extra options, potentially returning an error.
-func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incomingRPCLimiter rpcRate.RequestLimitsHandler, serverLogger hclog.InterceptLogger) (*Server, error) {
+func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server,
+	incomingRPCLimiter rpcRate.RequestLimitsHandler, serverLogger hclog.InterceptLogger, proxyUpdater ProxyUpdater) (*Server, error) {
 	logger := flat.Logger
 	if err := config.CheckProtocolVersion(); err != nil {
 		return nil, err
@@ -822,7 +835,7 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 		s.insecureResourceServiceClient,
 		logger.Named(logging.ControllerRuntime),
 	)
-	s.registerControllers(flat)
+	s.registerControllers(flat, proxyUpdater)
 	go s.controllerManager.Run(&lib.StopChannelContext{StopCh: shutdownCh})
 
 	go s.trackLeaderChanges()
@@ -873,7 +886,7 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incom
 	return s, nil
 }
 
-func (s *Server) registerControllers(deps Deps) {
+func (s *Server) registerControllers(deps Deps, proxyUpdater ProxyUpdater) {
 	if stringslice.Contains(deps.Experiments, CatalogResourceExperimentName) {
 		catalog.RegisterControllers(s.controllerManager, catalog.DefaultControllerDependencies())
 		mesh.RegisterControllers(s.controllerManager, mesh.ControllerDependencies{
@@ -889,6 +902,7 @@ func (s *Server) registerControllers(deps Deps) {
 				}
 				return &bundle, nil
 			},
+			ProxyUpdater: proxyUpdater,
 		})
 	}
 
diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go
index 1ad333c61321..e8058a468a3f 100644
--- a/agent/consul/server_test.go
+++ b/agent/consul/server_test.go
@@ -336,7 +336,7 @@ func newServerWithDeps(t *testing.T, c *Config, deps Deps) (*Server, error) {
 		}
 	}
 	grpcServer := external.NewServer(deps.Logger.Named("grpc.external"), nil, deps.TLSConfigurator, rpcRate.NullRequestLimitsHandler())
-	srv, err := NewServer(c, deps, grpcServer, nil, deps.Logger)
+	srv, err := NewServer(c, deps, grpcServer, nil, deps.Logger, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -1243,7 +1243,7 @@ func TestServer_RPC_MetricsIntercept_Off(t *testing.T) {
 			}
 		}
 
-		s1, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger)
+		s1, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger, nil)
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
@@ -1281,7 +1281,7 @@ func TestServer_RPC_MetricsIntercept_Off(t *testing.T) {
 			return nil
 		}
 
-		s2, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger)
+		s2, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger, nil)
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
@@ -1315,7 +1315,7 @@ func TestServer_RPC_RequestRecorder(t *testing.T) {
 		deps := newDefaultDeps(t, conf)
 		deps.NewRequestRecorderFunc = nil
 
-		s1, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger)
+		s1, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger, nil)
 
 		require.Error(t, err, "need err when provider func is nil")
 		require.Equal(t, err.Error(), "cannot initialize server without an RPC request recorder provider")
@@ -1334,7 +1334,7 @@ func TestServer_RPC_RequestRecorder(t *testing.T) {
 			return nil
 		}
 
-		s2, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger)
+		s2, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger, nil)
 
 		require.Error(t, err, "need err when RequestRecorder is nil")
 		require.Equal(t, err.Error(), "cannot initialize server with a nil RPC request recorder")
diff --git a/agent/proxycfg-sources/catalog/config_source.go b/agent/proxycfg-sources/catalog/config_source.go
index a7205b66221c..1a41af4658d7 100644
--- a/agent/proxycfg-sources/catalog/config_source.go
+++ b/agent/proxycfg-sources/catalog/config_source.go
@@ -6,6 +6,8 @@ package catalog
 import (
 	"context"
 	"errors"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"sync"
 
@@ -14,7 +16,6 @@ import (
 
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/configentry"
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/local"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
@@ -49,7 +50,7 @@ func NewConfigSource(cfg Config) *ConfigSource {
 
 // Watch wraps the underlying proxycfg.Manager and dynamically registers
 // services from the catalog with it when requested by the xDS server.
-func (m *ConfigSource) Watch(id *pbresource.ID, nodeName string, token string) (<-chan proxycfg.ProxySnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+func (m *ConfigSource) Watch(id *pbresource.ID, nodeName string, token string) (<-chan proxysnapshot.ProxySnapshot, limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error) {
 	// Create service ID
 	serviceID := structs.NewServiceID(id.Name, GetEnterpriseMetaFromResourceID(id))
 	// If the service is registered to the local agent, use the LocalConfigSource
@@ -279,7 +280,7 @@ type Config struct {
 
 //go:generate mockery --name ConfigManager --inpackage
 type ConfigManager interface {
-	Watch(req proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc)
+	Watch(req proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc)
 	Register(proxyID proxycfg.ProxyID, service *structs.NodeService, source proxycfg.ProxySource, token string, overwrite bool) error
 	Deregister(proxyID proxycfg.ProxyID, source proxycfg.ProxySource)
 }
@@ -292,10 +293,11 @@ type Store interface {
 
 //go:generate mockery --name Watcher --inpackage
 type Watcher interface {
-	Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxycfg.ProxySnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error)
+	Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxysnapshot.ProxySnapshot, limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error)
 }
 
 //go:generate mockery --name SessionLimiter --inpackage
 type SessionLimiter interface {
 	BeginSession() (limiter.Session, error)
+	Run(ctx context.Context)
 }
diff --git a/agent/proxycfg-sources/catalog/config_source_test.go b/agent/proxycfg-sources/catalog/config_source_test.go
index 653ac66977e1..eef62652ce88 100644
--- a/agent/proxycfg-sources/catalog/config_source_test.go
+++ b/agent/proxycfg-sources/catalog/config_source_test.go
@@ -4,7 +4,9 @@
 package catalog
 
 import (
+	"context"
 	"errors"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	"testing"
 	"time"
@@ -177,7 +179,7 @@ func TestConfigSource_LocallyManagedService(t *testing.T) {
 
 	localWatcher := NewMockWatcher(t)
 	localWatcher.On("Watch", proxyID, nodeName, token).
-		Return(make(<-chan proxycfg.ProxySnapshot), nil, proxycfg.CancelFunc(func() {}), nil)
+		Return(make(<-chan proxysnapshot.ProxySnapshot), nil, proxysnapshot.CancelFunc(func() {}), nil)
 
 	mgr := NewConfigSource(Config{
 		NodeName:          nodeName,
@@ -211,12 +213,12 @@ func TestConfigSource_ErrorRegisteringService(t *testing.T) {
 	}))
 
 	var canceledWatch bool
-	cancel := proxycfg.CancelFunc(func() { canceledWatch = true })
+	cancel := proxysnapshot.CancelFunc(func() { canceledWatch = true })
 
 	cfgMgr := NewMockConfigManager(t)
 
 	cfgMgr.On("Watch", mock.Anything).
-		Return(make(<-chan proxycfg.ProxySnapshot), cancel)
+		Return(make(<-chan proxysnapshot.ProxySnapshot), cancel)
 
 	cfgMgr.On("Register", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).
 		Return(errors.New("KABOOM"))
@@ -261,12 +263,12 @@ func TestConfigSource_NotProxyService(t *testing.T) {
 	}))
 
 	var canceledWatch bool
-	cancel := proxycfg.CancelFunc(func() { canceledWatch = true })
+	cancel := proxysnapshot.CancelFunc(func() { canceledWatch = true })
 
 	cfgMgr := NewMockConfigManager(t)
 
 	cfgMgr.On("Watch", mock.Anything).
-		Return(make(<-chan proxycfg.ProxySnapshot), cancel)
+		Return(make(<-chan proxysnapshot.ProxySnapshot), cancel)
 
 	mgr := NewConfigSource(Config{
 		Manager:        cfgMgr,
@@ -312,9 +314,9 @@ func testConfigManager(t *testing.T, serviceID structs.ServiceID, nodeName strin
 		Token:     token,
 	}
 
-	snapCh := make(chan proxycfg.ProxySnapshot, 1)
+	snapCh := make(chan proxysnapshot.ProxySnapshot, 1)
 	cfgMgr.On("Watch", proxyID).
-		Return((<-chan proxycfg.ProxySnapshot)(snapCh), proxycfg.CancelFunc(func() {}), nil)
+		Return((<-chan proxysnapshot.ProxySnapshot)(snapCh), proxysnapshot.CancelFunc(func() {}), nil)
 
 	cfgMgr.On("Register", mock.Anything, mock.Anything, source, token, false).
 		Run(func(args mock.Arguments) {
@@ -358,6 +360,8 @@ func (nullSessionLimiter) BeginSession() (limiter.Session, error) {
 	return nullSession{}, nil
 }
 
+func (nullSessionLimiter) Run(ctx context.Context) {}
+
 type nullSession struct{}
 
 func (nullSession) End() {}
diff --git a/agent/proxycfg-sources/catalog/mock_ConfigManager.go b/agent/proxycfg-sources/catalog/mock_ConfigManager.go
index b50d032d024a..1608a148f061 100644
--- a/agent/proxycfg-sources/catalog/mock_ConfigManager.go
+++ b/agent/proxycfg-sources/catalog/mock_ConfigManager.go
@@ -4,6 +4,7 @@ package catalog
 
 import (
 	proxycfg "github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	mock "github.com/stretchr/testify/mock"
 
 	structs "github.com/hashicorp/consul/agent/structs"
@@ -34,27 +35,27 @@ func (_m *MockConfigManager) Register(proxyID proxycfg.ProxyID, service *structs
 }
 
 // Watch provides a mock function with given fields: req
-func (_m *MockConfigManager) Watch(req proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc) {
+func (_m *MockConfigManager) Watch(req proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc) {
 	ret := _m.Called(req)
 
-	var r0 <-chan proxycfg.ProxySnapshot
-	var r1 proxycfg.CancelFunc
-	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc)); ok {
+	var r0 <-chan proxysnapshot.ProxySnapshot
+	var r1 proxysnapshot.CancelFunc
+	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc)); ok {
 		return rf(req)
 	}
-	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan proxycfg.ProxySnapshot); ok {
+	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan proxysnapshot.ProxySnapshot); ok {
 		r0 = rf(req)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(<-chan proxycfg.ProxySnapshot)
+			r0 = ret.Get(0).(<-chan proxysnapshot.ProxySnapshot)
 		}
 	}
 
-	if rf, ok := ret.Get(1).(func(proxycfg.ProxyID) proxycfg.CancelFunc); ok {
+	if rf, ok := ret.Get(1).(func(proxycfg.ProxyID) proxysnapshot.CancelFunc); ok {
 		r1 = rf(req)
 	} else {
 		if ret.Get(1) != nil {
-			r1 = ret.Get(1).(proxycfg.CancelFunc)
+			r1 = ret.Get(1).(proxysnapshot.CancelFunc)
 		}
 	}
 
diff --git a/agent/proxycfg-sources/catalog/mock_SessionLimiter.go b/agent/proxycfg-sources/catalog/mock_SessionLimiter.go
index 3b7147cb064c..a1670b190d9d 100644
--- a/agent/proxycfg-sources/catalog/mock_SessionLimiter.go
+++ b/agent/proxycfg-sources/catalog/mock_SessionLimiter.go
@@ -1,9 +1,11 @@
-// Code generated by mockery v2.15.0. DO NOT EDIT.
+// Code generated by mockery v2.32.4. DO NOT EDIT.
 
 package catalog
 
 import (
-	limiter "github.com/hashicorp/consul/agent/grpc-external/limiter"
+	context "context"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+
 	mock "github.com/stretchr/testify/mock"
 )
 
@@ -17,6 +19,10 @@ func (_m *MockSessionLimiter) BeginSession() (limiter.Session, error) {
 	ret := _m.Called()
 
 	var r0 limiter.Session
+	var r1 error
+	if rf, ok := ret.Get(0).(func() (limiter.Session, error)); ok {
+		return rf()
+	}
 	if rf, ok := ret.Get(0).(func() limiter.Session); ok {
 		r0 = rf()
 	} else {
@@ -25,7 +31,6 @@ func (_m *MockSessionLimiter) BeginSession() (limiter.Session, error) {
 		}
 	}
 
-	var r1 error
 	if rf, ok := ret.Get(1).(func() error); ok {
 		r1 = rf()
 	} else {
@@ -35,13 +40,17 @@ func (_m *MockSessionLimiter) BeginSession() (limiter.Session, error) {
 	return r0, r1
 }
 
-type mockConstructorTestingTNewMockSessionLimiter interface {
-	mock.TestingT
-	Cleanup(func())
+// Run provides a mock function with given fields: ctx
+func (_m *MockSessionLimiter) Run(ctx context.Context) {
+	_m.Called(ctx)
 }
 
 // NewMockSessionLimiter creates a new instance of MockSessionLimiter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-func NewMockSessionLimiter(t mockConstructorTestingTNewMockSessionLimiter) *MockSessionLimiter {
+// The first argument is typically a *testing.T value.
+func NewMockSessionLimiter(t interface {
+	mock.TestingT
+	Cleanup(func())
+}) *MockSessionLimiter {
 	mock := &MockSessionLimiter{}
 	mock.Mock.Test(t)
 
diff --git a/agent/proxycfg-sources/catalog/mock_Watcher.go b/agent/proxycfg-sources/catalog/mock_Watcher.go
index 7701fd7d389a..71460a261440 100644
--- a/agent/proxycfg-sources/catalog/mock_Watcher.go
+++ b/agent/proxycfg-sources/catalog/mock_Watcher.go
@@ -3,12 +3,11 @@
 package catalog
 
 import (
-	limiter "github.com/hashicorp/consul/agent/grpc-external/limiter"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	mock "github.com/stretchr/testify/mock"
 
 	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
-
-	proxycfg "github.com/hashicorp/consul/agent/proxycfg"
 )
 
 // MockWatcher is an autogenerated mock type for the Watcher type
@@ -17,21 +16,21 @@ type MockWatcher struct {
 }
 
 // Watch provides a mock function with given fields: proxyID, nodeName, token
-func (_m *MockWatcher) Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxycfg.ProxySnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+func (_m *MockWatcher) Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxysnapshot.ProxySnapshot, limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error) {
 	ret := _m.Called(proxyID, nodeName, token)
 
-	var r0 <-chan proxycfg.ProxySnapshot
+	var r0 <-chan proxysnapshot.ProxySnapshot
 	var r1 limiter.SessionTerminatedChan
-	var r2 proxycfg.CancelFunc
+	var r2 proxysnapshot.CancelFunc
 	var r3 error
-	if rf, ok := ret.Get(0).(func(*pbresource.ID, string, string) (<-chan proxycfg.ProxySnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error)); ok {
+	if rf, ok := ret.Get(0).(func(*pbresource.ID, string, string) (<-chan proxysnapshot.ProxySnapshot, limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error)); ok {
 		return rf(proxyID, nodeName, token)
 	}
-	if rf, ok := ret.Get(0).(func(*pbresource.ID, string, string) <-chan proxycfg.ProxySnapshot); ok {
+	if rf, ok := ret.Get(0).(func(*pbresource.ID, string, string) <-chan proxysnapshot.ProxySnapshot); ok {
 		r0 = rf(proxyID, nodeName, token)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(<-chan proxycfg.ProxySnapshot)
+			r0 = ret.Get(0).(<-chan proxysnapshot.ProxySnapshot)
 		}
 	}
 
@@ -43,11 +42,11 @@ func (_m *MockWatcher) Watch(proxyID *pbresource.ID, nodeName string, token stri
 		}
 	}
 
-	if rf, ok := ret.Get(2).(func(*pbresource.ID, string, string) proxycfg.CancelFunc); ok {
+	if rf, ok := ret.Get(2).(func(*pbresource.ID, string, string) proxysnapshot.CancelFunc); ok {
 		r2 = rf(proxyID, nodeName, token)
 	} else {
 		if ret.Get(2) != nil {
-			r2 = ret.Get(2).(proxycfg.CancelFunc)
+			r2 = ret.Get(2).(proxysnapshot.CancelFunc)
 		}
 	}
 
diff --git a/agent/proxycfg-sources/local/config_source.go b/agent/proxycfg-sources/local/config_source.go
index 634a0f479ebc..7b3a835fb819 100644
--- a/agent/proxycfg-sources/local/config_source.go
+++ b/agent/proxycfg-sources/local/config_source.go
@@ -8,6 +8,7 @@ import (
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
 	structs "github.com/hashicorp/consul/agent/structs"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
@@ -22,8 +23,8 @@ func NewConfigSource(cfgMgr ConfigManager) *ConfigSource {
 	return &ConfigSource{cfgMgr}
 }
 
-func (m *ConfigSource) Watch(proxyID *pbresource.ID, nodeName string, _ string) (<-chan proxycfg.ProxySnapshot,
-	limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+func (m *ConfigSource) Watch(proxyID *pbresource.ID, nodeName string, _ string) (<-chan proxysnapshot.ProxySnapshot,
+	limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error) {
 	serviceID := structs.NewServiceID(proxyID.Name, catalog.GetEnterpriseMetaFromResourceID(proxyID))
 	watchCh, cancelWatch := m.manager.Watch(proxycfg.ProxyID{
 		ServiceID: serviceID,
diff --git a/agent/proxycfg-sources/local/mock_ConfigManager.go b/agent/proxycfg-sources/local/mock_ConfigManager.go
index d16f0e98ee3d..6c8d4e811d7f 100644
--- a/agent/proxycfg-sources/local/mock_ConfigManager.go
+++ b/agent/proxycfg-sources/local/mock_ConfigManager.go
@@ -4,6 +4,7 @@ package local
 
 import (
 	proxycfg "github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	mock "github.com/stretchr/testify/mock"
 
 	structs "github.com/hashicorp/consul/agent/structs"
@@ -50,27 +51,27 @@ func (_m *MockConfigManager) RegisteredProxies(source proxycfg.ProxySource) []pr
 }
 
 // Watch provides a mock function with given fields: id
-func (_m *MockConfigManager) Watch(id proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc) {
+func (_m *MockConfigManager) Watch(id proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc) {
 	ret := _m.Called(id)
 
-	var r0 <-chan proxycfg.ProxySnapshot
-	var r1 proxycfg.CancelFunc
-	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc)); ok {
+	var r0 <-chan proxysnapshot.ProxySnapshot
+	var r1 proxysnapshot.CancelFunc
+	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc)); ok {
 		return rf(id)
 	}
-	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan proxycfg.ProxySnapshot); ok {
+	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan proxysnapshot.ProxySnapshot); ok {
 		r0 = rf(id)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(<-chan proxycfg.ProxySnapshot)
+			r0 = ret.Get(0).(<-chan proxysnapshot.ProxySnapshot)
 		}
 	}
 
-	if rf, ok := ret.Get(1).(func(proxycfg.ProxyID) proxycfg.CancelFunc); ok {
+	if rf, ok := ret.Get(1).(func(proxycfg.ProxyID) proxysnapshot.CancelFunc); ok {
 		r1 = rf(id)
 	} else {
 		if ret.Get(1) != nil {
-			r1 = ret.Get(1).(proxycfg.CancelFunc)
+			r1 = ret.Get(1).(proxysnapshot.CancelFunc)
 		}
 	}
 
diff --git a/agent/proxycfg-sources/local/sync.go b/agent/proxycfg-sources/local/sync.go
index bb06cc84381c..b5583db43a3d 100644
--- a/agent/proxycfg-sources/local/sync.go
+++ b/agent/proxycfg-sources/local/sync.go
@@ -5,6 +5,7 @@ package local
 
 import (
 	"context"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"time"
 
 	"github.com/hashicorp/go-hclog"
@@ -135,7 +136,7 @@ func sync(cfg SyncConfig) {
 
 //go:generate mockery --name ConfigManager --inpackage
 type ConfigManager interface {
-	Watch(id proxycfg.ProxyID) (<-chan proxycfg.ProxySnapshot, proxycfg.CancelFunc)
+	Watch(id proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc)
 	Register(proxyID proxycfg.ProxyID, service *structs.NodeService, source proxycfg.ProxySource, token string, overwrite bool) error
 	Deregister(proxyID proxycfg.ProxyID, source proxycfg.ProxySource)
 	RegisteredProxies(source proxycfg.ProxySource) []proxycfg.ProxyID
diff --git a/agent/proxycfg/proxysnapshot.go b/agent/proxycfg/config_snapshot_glue.go
similarity index 88%
rename from agent/proxycfg/proxysnapshot.go
rename to agent/proxycfg/config_snapshot_glue.go
index fb1c79183cf1..7d1c1d9770e0 100644
--- a/agent/proxycfg/proxysnapshot.go
+++ b/agent/proxycfg/config_snapshot_glue.go
@@ -8,16 +8,6 @@ import (
 	"google.golang.org/grpc/status"
 )
 
-// ProxySnapshot is an abstraction that allows interchangeability between
-// Catalog V1 ConfigSnapshot and Catalog V2 ProxyState.
-type ProxySnapshot interface {
-	AllowEmptyListeners() bool
-	AllowEmptyRoutes() bool
-	AllowEmptyClusters() bool
-	Authorize(authz acl.Authorizer) error
-	LoggerName() string
-}
-
 // The below functions are added to ConfigSnapshot to allow it to conform to
 // the ProxySnapshot interface.
 func (s *ConfigSnapshot) AllowEmptyListeners() bool {
diff --git a/agent/proxycfg/proxysnapshot_test.go b/agent/proxycfg/config_snapshot_glue_test.go
similarity index 99%
rename from agent/proxycfg/proxysnapshot_test.go
rename to agent/proxycfg/config_snapshot_glue_test.go
index 9a61a7f1c64c..6ff20714eb32 100644
--- a/agent/proxycfg/proxysnapshot_test.go
+++ b/agent/proxycfg/config_snapshot_glue_test.go
@@ -4,10 +4,11 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/agent/structs"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/agent/structs"
 )
 
 func TestConfigSnapshot_AllowEmptyClusters(t *testing.T) {
diff --git a/agent/proxycfg/manager.go b/agent/proxycfg/manager.go
index 296bd831a8d9..32d725365b02 100644
--- a/agent/proxycfg/manager.go
+++ b/agent/proxycfg/manager.go
@@ -5,6 +5,7 @@ package proxycfg
 
 import (
 	"errors"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"runtime/debug"
 	"sync"
 
@@ -36,10 +37,6 @@ type ProxyID struct {
 // from overwriting each other's registrations.
 type ProxySource string
 
-// CancelFunc is a type for a returned function that can be called to cancel a
-// watch.
-type CancelFunc func()
-
 // Manager provides an API with which proxy services can be registered, and
 // coordinates the fetching (and refreshing) of intentions, upstreams, discovery
 // chain, certificates etc.
@@ -55,7 +52,7 @@ type Manager struct {
 
 	mu         sync.Mutex
 	proxies    map[ProxyID]*state
-	watchers   map[ProxyID]map[uint64]chan ProxySnapshot
+	watchers   map[ProxyID]map[uint64]chan proxysnapshot.ProxySnapshot
 	maxWatchID uint64
 }
 
@@ -106,7 +103,7 @@ func NewManager(cfg ManagerConfig) (*Manager, error) {
 	m := &Manager{
 		ManagerConfig: cfg,
 		proxies:       make(map[ProxyID]*state),
-		watchers:      make(map[ProxyID]map[uint64]chan ProxySnapshot),
+		watchers:      make(map[ProxyID]map[uint64]chan proxysnapshot.ProxySnapshot),
 		rateLimiter:   rate.NewLimiter(cfg.UpdateRateLimit, 1),
 	}
 	return m, nil
@@ -262,7 +259,7 @@ func (m *Manager) notify(snap *ConfigSnapshot) {
 // it will drain the chan and then re-attempt delivery so that a slow consumer
 // gets the latest config earlier. This MUST be called from a method where m.mu
 // is held to be safe since it assumes we are the only goroutine sending on ch.
-func (m *Manager) deliverLatest(snap *ConfigSnapshot, ch chan ProxySnapshot) {
+func (m *Manager) deliverLatest(snap *ConfigSnapshot, ch chan proxysnapshot.ProxySnapshot) {
 	// Send if chan is empty
 	select {
 	case ch <- snap:
@@ -299,16 +296,16 @@ OUTER:
 // will not fail, but no updates will be delivered until the proxy is
 // registered. If there is already a valid snapshot in memory, it will be
 // delivered immediately.
-func (m *Manager) Watch(id ProxyID) (<-chan ProxySnapshot, CancelFunc) {
+func (m *Manager) Watch(id ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc) {
 	m.mu.Lock()
 	defer m.mu.Unlock()
 
 	// This buffering is crucial otherwise we'd block immediately trying to
 	// deliver the current snapshot below if we already have one.
-	ch := make(chan ProxySnapshot, 1)
+	ch := make(chan proxysnapshot.ProxySnapshot, 1)
 	watchers, ok := m.watchers[id]
 	if !ok {
-		watchers = make(map[uint64]chan ProxySnapshot)
+		watchers = make(map[uint64]chan proxysnapshot.ProxySnapshot)
 	}
 	watchID := m.maxWatchID
 	m.maxWatchID++
diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go
index c66352c1ec31..50729b5bdf28 100644
--- a/agent/proxycfg/manager_test.go
+++ b/agent/proxycfg/manager_test.go
@@ -4,6 +4,7 @@
 package proxycfg
 
 import (
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"testing"
 	"time"
 
@@ -469,7 +470,7 @@ func testManager_BasicLifecycle(
 	require.Len(t, m.watchers, 0)
 }
 
-func assertWatchChanBlocks(t *testing.T, ch <-chan ProxySnapshot) {
+func assertWatchChanBlocks(t *testing.T, ch <-chan proxysnapshot.ProxySnapshot) {
 	t.Helper()
 
 	select {
@@ -479,7 +480,7 @@ func assertWatchChanBlocks(t *testing.T, ch <-chan ProxySnapshot) {
 	}
 }
 
-func assertWatchChanRecvs(t *testing.T, ch <-chan ProxySnapshot, expect ProxySnapshot) {
+func assertWatchChanRecvs(t *testing.T, ch <-chan proxysnapshot.ProxySnapshot, expect proxysnapshot.ProxySnapshot) {
 	t.Helper()
 
 	select {
@@ -517,7 +518,7 @@ func TestManager_deliverLatest(t *testing.T) {
 	}
 
 	// test 1 buffered chan
-	ch1 := make(chan ProxySnapshot, 1)
+	ch1 := make(chan proxysnapshot.ProxySnapshot, 1)
 
 	// Sending to an unblocked chan should work
 	m.deliverLatest(snap1, ch1)
@@ -533,7 +534,7 @@ func TestManager_deliverLatest(t *testing.T) {
 	require.Equal(t, snap2, <-ch1)
 
 	// Same again for 5-buffered chan
-	ch5 := make(chan ProxySnapshot, 5)
+	ch5 := make(chan proxysnapshot.ProxySnapshot, 5)
 
 	// Sending to an unblocked chan should work
 	m.deliverLatest(snap1, ch5)
diff --git a/agent/proxycfg_test.go b/agent/proxycfg_test.go
index c51d9a64bcb3..04fa0ca6b51a 100644
--- a/agent/proxycfg_test.go
+++ b/agent/proxycfg_test.go
@@ -5,7 +5,9 @@ package agent
 
 import (
 	"encoding/json"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/internal/mesh"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	"net/http"
 	"net/http/httptest"
@@ -14,8 +16,6 @@ import (
 
 	"github.com/stretchr/testify/require"
 
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/testrpc"
@@ -54,7 +54,7 @@ func TestAgent_local_proxycfg(t *testing.T) {
 
 	// This is a little gross, but this gives us the layered pair of
 	// local/catalog sources for now.
-	cfg := a.xdsServer.CfgSrc
+	cfg := a.xdsServer.ProxyWatcher
 
 	var (
 		timer      = time.After(100 * time.Millisecond)
@@ -64,9 +64,9 @@ func TestAgent_local_proxycfg(t *testing.T) {
 
 	var (
 		firstTime = true
-		ch        <-chan proxycfg.ProxySnapshot
+		ch        <-chan proxysnapshot.ProxySnapshot
 		stc       limiter.SessionTerminatedChan
-		cancel    proxycfg.CancelFunc
+		cancel    proxysnapshot.CancelFunc
 	)
 	defer func() {
 		if cancel != nil {
diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go
index 49bf97b19c7f..8fde278c8b7f 100644
--- a/agent/rpc/peering/service_test.go
+++ b/agent/rpc/peering/service_test.go
@@ -1820,7 +1820,7 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer {
 	deps := newDefaultDeps(t, conf)
 	externalGRPCServer := external.NewServer(deps.Logger, nil, deps.TLSConfigurator, rate.NullRequestLimitsHandler())
 
-	server, err := consul.NewServer(conf, deps, externalGRPCServer, nil, deps.Logger)
+	server, err := consul.NewServer(conf, deps, externalGRPCServer, nil, deps.Logger, nil)
 	require.NoError(t, err)
 	t.Cleanup(func() {
 		require.NoError(t, server.Shutdown())
diff --git a/agent/xds/delta.go b/agent/xds/delta.go
index 7d345ff77073..6d668006d70f 100644
--- a/agent/xds/delta.go
+++ b/agent/xds/delta.go
@@ -11,6 +11,8 @@ import (
 	"github.com/hashicorp/consul/agent/xds/configfetcher"
 	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/internal/mesh"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"strconv"
 	"sync"
@@ -91,7 +93,7 @@ func (s *Server) DeltaAggregatedResources(stream ADSDeltaStream) error {
 // Envoy resource generator based on whether it was passed a ConfigSource or
 // ProxyState implementation of the ProxySnapshot interface and returns the
 // generated Envoy configuration.
-func getEnvoyConfiguration(proxySnapshot proxycfg.ProxySnapshot, logger hclog.Logger, cfgFetcher configfetcher.ConfigFetcher) (map[string][]proto.Message, error) {
+func getEnvoyConfiguration(proxySnapshot proxysnapshot.ProxySnapshot, logger hclog.Logger, cfgFetcher configfetcher.ConfigFetcher) (map[string][]proto.Message, error) {
 	switch proxySnapshot.(type) {
 	case *proxycfg.ConfigSnapshot:
 		logger.Trace("ProxySnapshot update channel received a ProxySnapshot of type ConfigSnapshot",
@@ -106,14 +108,14 @@ func getEnvoyConfiguration(proxySnapshot proxycfg.ProxySnapshot, logger hclog.Lo
 		c := proxySnapshot.(*proxycfg.ConfigSnapshot)
 		logger.Trace("ConfigSnapshot", c)
 		return generator.AllResourcesFromSnapshot(c)
-	case *mesh.ProxyState:
+	case *proxytracker.ProxyState:
 		logger.Trace("ProxySnapshot update channel received a ProxySnapshot of type ProxyState",
 			"proxySnapshot", proxySnapshot,
 		)
 		generator := xdsv2.NewResourceGenerator(
 			logger,
 		)
-		c := proxySnapshot.(*mesh.ProxyState)
+		c := proxySnapshot.(*proxytracker.ProxyState)
 		logger.Trace("ProxyState", c)
 		return generator.AllResourcesFromIR(c)
 	default:
@@ -135,9 +137,9 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 
 	// Loop state
 	var (
-		proxySnapshot proxycfg.ProxySnapshot
+		proxySnapshot proxysnapshot.ProxySnapshot
 		node          *envoy_config_core_v3.Node
-		stateCh       <-chan proxycfg.ProxySnapshot
+		stateCh       <-chan proxysnapshot.ProxySnapshot
 		drainCh       limiter.SessionTerminatedChan
 		watchCancel   func()
 		nonce         uint64 // xDS requires a unique nonce to correlate response/request pairs
@@ -202,7 +204,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 		authTimer = time.After(s.AuthCheckFrequency)
 	}
 
-	checkStreamACLs := func(proxySnap proxycfg.ProxySnapshot) error {
+	checkStreamACLs := func(proxySnap proxysnapshot.ProxySnapshot) error {
 		return s.authorize(stream.Context(), proxySnap)
 	}
 
@@ -326,7 +328,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 				return status.Errorf(codes.Internal, "failed to watch proxy service: %s", err)
 			}
 
-			stateCh, drainCh, watchCancel, err = s.CfgSrc.Watch(proxyID, nodeName, options.Token)
+			stateCh, drainCh, watchCancel, err = s.ProxyWatcher.Watch(proxyID, nodeName, options.Token)
 			switch {
 			case errors.Is(err, limiter.ErrCapacityReached):
 				return errOverwhelmed
@@ -432,14 +434,14 @@ func newResourceIDFromEnvoyNode(node *envoy_config_core_v3.Node) *pbresource.ID
 	}
 }
 
-func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, proxySnapshot proxycfg.ProxySnapshot, node *envoy_config_core_v3.Node) (*xdscommon.IndexedResources, error) {
+func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, proxySnapshot proxysnapshot.ProxySnapshot, node *envoy_config_core_v3.Node) (*xdscommon.IndexedResources, error) {
 	// TODO(proxystate)
 	// This is a workaround for now as envoy extensions are not yet supported with ProxyState.
 	// For now, we cast to proxycfg.ConfigSnapshot and no-op if it's the pbmesh.ProxyState type.
 	var snapshot *proxycfg.ConfigSnapshot
 	switch proxySnapshot.(type) {
 	//TODO(proxystate): implement envoy extensions for ProxyState
-	case *mesh.ProxyState:
+	case *proxytracker.ProxyState:
 		return resources, nil
 	case *proxycfg.ConfigSnapshot:
 		snapshot = proxySnapshot.(*proxycfg.ConfigSnapshot)
diff --git a/agent/xds/proxystateconverter/converter.go b/agent/xds/proxystateconverter/converter.go
index 191b9084b842..be6451417504 100644
--- a/agent/xds/proxystateconverter/converter.go
+++ b/agent/xds/proxystateconverter/converter.go
@@ -5,11 +5,10 @@ package proxystateconverter
 
 import (
 	"fmt"
-	"github.com/hashicorp/consul/internal/mesh"
-
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/configfetcher"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
 	"github.com/hashicorp/go-hclog"
@@ -19,7 +18,7 @@ import (
 type Converter struct {
 	Logger     hclog.Logger
 	CfgFetcher configfetcher.ConfigFetcher
-	proxyState *mesh.ProxyState
+	proxyState *proxytracker.ProxyState
 }
 
 func NewConverter(
@@ -29,7 +28,7 @@ func NewConverter(
 	return &Converter{
 		Logger:     logger,
 		CfgFetcher: cfgFetcher,
-		proxyState: &mesh.ProxyState{
+		proxyState: &proxytracker.ProxyState{
 			ProxyState: &pbmesh.ProxyState{
 				Listeners: make([]*pbproxystate.Listener, 0),
 				Clusters:  make(map[string]*pbproxystate.Cluster),
@@ -40,7 +39,7 @@ func NewConverter(
 	}
 }
 
-func (g *Converter) ProxyStateFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) (*mesh.ProxyState, error) {
+func (g *Converter) ProxyStateFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) (*proxytracker.ProxyState, error) {
 	err := g.resourcesFromSnapshot(cfgSnap)
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate FullProxyState: %v", err)
diff --git a/agent/xds/server.go b/agent/xds/server.go
index cc4220da2804..7b9f8b6bf118 100644
--- a/agent/xds/server.go
+++ b/agent/xds/server.go
@@ -6,6 +6,8 @@ package xds
 import (
 	"context"
 	"errors"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"sync/atomic"
 	"time"
@@ -24,8 +26,6 @@ import (
 
 	"github.com/hashicorp/consul/acl"
 	external "github.com/hashicorp/consul/agent/grpc-external"
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/agent/proxycfg"
 )
 
 var (
@@ -85,7 +85,7 @@ type ACLResolverFunc func(id string) (acl.Authorizer, error)
 // ProxyConfigSource is the interface xds.Server requires to consume proxy
 // config updates.
 type ProxyWatcher interface {
-	Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxycfg.ProxySnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error)
+	Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxysnapshot.ProxySnapshot, limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error)
 }
 
 // Server represents a gRPC server that can handle xDS requests from Envoy. All
@@ -96,7 +96,7 @@ type ProxyWatcher interface {
 type Server struct {
 	NodeName     string
 	Logger       hclog.Logger
-	CfgSrc       ProxyWatcher
+	ProxyWatcher ProxyWatcher
 	ResolveToken ACLResolverFunc
 	CfgFetcher   configfetcher.ConfigFetcher
 
@@ -147,14 +147,14 @@ func (c *activeStreamCounters) Increment(ctx context.Context) func() {
 func NewServer(
 	nodeName string,
 	logger hclog.Logger,
-	cfgMgr ProxyWatcher,
+	proxyWatcher ProxyWatcher,
 	resolveTokenSecret ACLResolverFunc,
 	cfgFetcher configfetcher.ConfigFetcher,
 ) *Server {
 	return &Server{
 		NodeName:           nodeName,
 		Logger:             logger,
-		CfgSrc:             cfgMgr,
+		ProxyWatcher:       proxyWatcher,
 		ResolveToken:       resolveTokenSecret,
 		CfgFetcher:         cfgFetcher,
 		AuthCheckFrequency: DefaultAuthCheckFrequency,
@@ -203,7 +203,7 @@ func (s *Server) authenticate(ctx context.Context) (acl.Authorizer, error) {
 // proxy ID. We assume that any data in the snapshot was already filtered,
 // which allows this authorization to be a shallow authorization check
 // for all the data in a ProxySnapshot.
-func (s *Server) authorize(ctx context.Context, proxySnapshot proxycfg.ProxySnapshot) error {
+func (s *Server) authorize(ctx context.Context, proxySnapshot proxysnapshot.ProxySnapshot) error {
 	if proxySnapshot == nil {
 		return status.Errorf(codes.Unauthenticated, "unauthenticated: no config snapshot")
 	}
diff --git a/agent/xds/xds_protocol_helpers_test.go b/agent/xds/xds_protocol_helpers_test.go
index 671974f45b5e..31aa03682032 100644
--- a/agent/xds/xds_protocol_helpers_test.go
+++ b/agent/xds/xds_protocol_helpers_test.go
@@ -6,6 +6,7 @@ package xds
 import (
 	"github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
 	"github.com/hashicorp/consul/agent/xds/response"
+	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"sort"
 	"sync"
@@ -74,14 +75,14 @@ func newTestSnapshot(
 // testing. It also implements ConnectAuthz to allow control over authorization.
 type testManager struct {
 	sync.Mutex
-	stateChans map[structs.ServiceID]chan proxycfg.ProxySnapshot
+	stateChans map[structs.ServiceID]chan proxysnapshot.ProxySnapshot
 	drainChans map[structs.ServiceID]chan struct{}
 	cancels    chan structs.ServiceID
 }
 
 func newTestManager(t *testing.T) *testManager {
 	return &testManager{
-		stateChans: map[structs.ServiceID]chan proxycfg.ProxySnapshot{},
+		stateChans: map[structs.ServiceID]chan proxysnapshot.ProxySnapshot{},
 		drainChans: map[structs.ServiceID]chan struct{}{},
 		cancels:    make(chan structs.ServiceID, 10),
 	}
@@ -91,12 +92,12 @@ func newTestManager(t *testing.T) *testManager {
 func (m *testManager) RegisterProxy(t *testing.T, proxyID structs.ServiceID) {
 	m.Lock()
 	defer m.Unlock()
-	m.stateChans[proxyID] = make(chan proxycfg.ProxySnapshot, 1)
+	m.stateChans[proxyID] = make(chan proxysnapshot.ProxySnapshot, 1)
 	m.drainChans[proxyID] = make(chan struct{})
 }
 
 // Deliver simulates a proxy registration
-func (m *testManager) DeliverConfig(t *testing.T, proxyID structs.ServiceID, cfg proxycfg.ProxySnapshot) {
+func (m *testManager) DeliverConfig(t *testing.T, proxyID structs.ServiceID, cfg proxysnapshot.ProxySnapshot) {
 	t.Helper()
 	m.Lock()
 	defer m.Unlock()
@@ -123,8 +124,8 @@ func (m *testManager) DrainStreams(proxyID structs.ServiceID) {
 }
 
 // Watch implements ConfigManager
-func (m *testManager) Watch(id *pbresource.ID, _ string, _ string) (<-chan proxycfg.ProxySnapshot,
-	limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+func (m *testManager) Watch(id *pbresource.ID, _ string, _ string) (<-chan proxysnapshot.ProxySnapshot,
+	limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error) {
 	// Create service ID
 	proxyID := structs.NewServiceID(id.Name, catalog.GetEnterpriseMetaFromResourceID(id))
 	m.Lock()
diff --git a/agent/xdsv2/resources.go b/agent/xdsv2/resources.go
index 349671ceb903..2aeeb97db990 100644
--- a/agent/xdsv2/resources.go
+++ b/agent/xdsv2/resources.go
@@ -5,8 +5,7 @@ package xdsv2
 
 import (
 	"fmt"
-	"github.com/hashicorp/consul/internal/mesh"
-
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/protobuf/proto"
 
@@ -29,11 +28,11 @@ func NewResourceGenerator(
 }
 
 type ProxyResources struct {
-	proxyState     *mesh.ProxyState
+	proxyState     *proxytracker.ProxyState
 	envoyResources map[string][]proto.Message
 }
 
-func (g *ResourceGenerator) AllResourcesFromIR(proxyState *mesh.ProxyState) (map[string][]proto.Message, error) {
+func (g *ResourceGenerator) AllResourcesFromIR(proxyState *proxytracker.ProxyState) (map[string][]proto.Message, error) {
 	pr := &ProxyResources{
 		proxyState:     proxyState,
 		envoyResources: make(map[string][]proto.Message),
diff --git a/internal/mesh/internal/controllers/register.go b/internal/mesh/internal/controllers/register.go
index e48540609cf1..adfdd5c8afc0 100644
--- a/internal/mesh/internal/controllers/register.go
+++ b/internal/mesh/internal/controllers/register.go
@@ -13,10 +13,10 @@ import (
 
 type Dependencies struct {
 	TrustBundleFetcher xds.TrustBundleFetcher
+	ProxyUpdater       xds.ProxyUpdater
 }
 
 func Register(mgr *controller.Manager, deps Dependencies) {
 	mapper := bimapper.New(types.ProxyStateTemplateType, catalog.ServiceEndpointsType)
-	// TODO: Pass in a "real" updater once proxy tracker work has completed.
-	mgr.Register(xds.Controller(mapper, nil, deps.TrustBundleFetcher))
+	mgr.Register(xds.Controller(mapper, deps.ProxyUpdater, deps.TrustBundleFetcher))
 }
diff --git a/internal/mesh/internal/controllers/xds/controller.go b/internal/mesh/internal/controllers/xds/controller.go
index 1135f27f7518..cff8430ae532 100644
--- a/internal/mesh/internal/controllers/xds/controller.go
+++ b/internal/mesh/internal/controllers/xds/controller.go
@@ -5,14 +5,14 @@ package xds
 
 import (
 	"context"
-
 	"github.com/hashicorp/consul/internal/catalog"
 	"github.com/hashicorp/consul/internal/controller"
 	"github.com/hashicorp/consul/internal/mesh/internal/controllers/xds/status"
 	"github.com/hashicorp/consul/internal/mesh/internal/types"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/mappers/bimapper"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
@@ -43,7 +43,7 @@ type TrustBundleFetcher func() (*pbproxystate.TrustBundle, error)
 // and also check its connectivity to the server.
 type ProxyUpdater interface {
 	// PushChange allows pushing a computed ProxyState to xds for xds resource generation to send to a proxy.
-	PushChange(id *pbresource.ID, snapshot *pbmesh.ProxyState) error
+	PushChange(id *pbresource.ID, snapshot proxysnapshot.ProxySnapshot) error
 
 	// ProxyConnectedToServer returns whether this id is connected to this server.
 	ProxyConnectedToServer(id *pbresource.ID) bool
@@ -156,7 +156,7 @@ func (r *xdsReconciler) Reconcile(ctx context.Context, rt controller.Runtime, re
 
 	computedProxyState := proxyStateTemplate.Template.ProxyState
 
-	err = r.updater.PushChange(req.ID, computedProxyState)
+	err = r.updater.PushChange(req.ID, &proxytracker.ProxyState{ProxyState: computedProxyState})
 	if err != nil {
 		// Set the status.
 		statusCondition = status.ConditionRejectedPushChangeFailed(status.KeyFromID(req.ID))
diff --git a/internal/mesh/internal/controllers/xds/controller_test.go b/internal/mesh/internal/controllers/xds/controller_test.go
index 2363c0cb8460..fb28c59a23c1 100644
--- a/internal/mesh/internal/controllers/xds/controller_test.go
+++ b/internal/mesh/internal/controllers/xds/controller_test.go
@@ -60,7 +60,7 @@ func (suite *xdsControllerTestSuite) SetupTest() {
 	suite.fetcher = mockFetcher
 
 	suite.mapper = bimapper.New(types.ProxyStateTemplateType, catalog.ServiceEndpointsType)
-	suite.updater = NewMockUpdater()
+	suite.updater = newMockUpdater()
 
 	suite.ctl = &xdsReconciler{
 		bimapper:         suite.mapper,
diff --git a/internal/mesh/internal/controllers/xds/mock_updater.go b/internal/mesh/internal/controllers/xds/mock_updater.go
index 3b8554f49116..1fcde13fdd50 100644
--- a/internal/mesh/internal/controllers/xds/mock_updater.go
+++ b/internal/mesh/internal/controllers/xds/mock_updater.go
@@ -5,9 +5,10 @@ package xds
 
 import (
 	"fmt"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"sync"
 
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
 
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -19,14 +20,14 @@ type mockUpdater struct {
 	lock sync.Mutex
 	// latestPs is a map from a ProxyStateTemplate's id.Name in string form to the last computed ProxyState for that
 	// ProxyStateTemplate.
-	latestPs        map[string]*pbmesh.ProxyState
+	latestPs        map[string]proxysnapshot.ProxySnapshot
 	notConnected    bool
 	pushChangeError bool
 }
 
-func NewMockUpdater() *mockUpdater {
+func newMockUpdater() *mockUpdater {
 	return &mockUpdater{
-		latestPs: make(map[string]*pbmesh.ProxyState),
+		latestPs: make(map[string]proxysnapshot.ProxySnapshot),
 	}
 }
 
@@ -42,13 +43,13 @@ func (m *mockUpdater) SetProxyAsNotConnected() {
 	m.notConnected = true
 }
 
-func (m *mockUpdater) PushChange(id *pbresource.ID, snapshot *pbmesh.ProxyState) error {
+func (m *mockUpdater) PushChange(id *pbresource.ID, snapshot proxysnapshot.ProxySnapshot) error {
 	m.lock.Lock()
 	defer m.lock.Unlock()
 	if m.pushChangeError {
 		return fmt.Errorf("mock push change error")
 	} else {
-		m.setUnsafe(id.Name, snapshot)
+		m.setUnsafe(id.Name, snapshot.(*proxytracker.ProxyState))
 	}
 	return nil
 }
@@ -62,12 +63,12 @@ func (m *mockUpdater) ProxyConnectedToServer(_ *pbresource.ID) bool {
 	return true
 }
 
-func (p *mockUpdater) Get(name string) *pbmesh.ProxyState {
+func (p *mockUpdater) Get(name string) *proxytracker.ProxyState {
 	p.lock.Lock()
 	defer p.lock.Unlock()
 	ps, ok := p.latestPs[name]
 	if ok {
-		return ps
+		return ps.(*proxytracker.ProxyState)
 	}
 	return nil
 }
@@ -77,7 +78,7 @@ func (p *mockUpdater) GetEndpoints(name string) map[string]*pbproxystate.Endpoin
 	defer p.lock.Unlock()
 	ps, ok := p.latestPs[name]
 	if ok {
-		return ps.Endpoints
+		return ps.(*proxytracker.ProxyState).Endpoints
 	}
 	return nil
 }
@@ -87,17 +88,17 @@ func (p *mockUpdater) GetTrustBundle(name string) map[string]*pbproxystate.Trust
 	defer p.lock.Unlock()
 	ps, ok := p.latestPs[name]
 	if ok {
-		return ps.TrustBundles
+		return ps.(*proxytracker.ProxyState).TrustBundles
 	}
 	return nil
 }
 
-func (p *mockUpdater) Set(name string, ps *pbmesh.ProxyState) {
+func (p *mockUpdater) Set(name string, ps *proxytracker.ProxyState) {
 	p.lock.Lock()
 	defer p.lock.Unlock()
 	p.setUnsafe(name, ps)
 }
 
-func (p *mockUpdater) setUnsafe(name string, ps *pbmesh.ProxyState) {
+func (p *mockUpdater) setUnsafe(name string, ps *proxytracker.ProxyState) {
 	p.latestPs[name] = ps
 }
diff --git a/internal/mesh/proxy-snapshot/proxy_snapshot.go b/internal/mesh/proxy-snapshot/proxy_snapshot.go
new file mode 100644
index 000000000000..40763f568c17
--- /dev/null
+++ b/internal/mesh/proxy-snapshot/proxy_snapshot.go
@@ -0,0 +1,17 @@
+package proxysnapshot
+
+import "github.com/hashicorp/consul/acl"
+
+// ProxySnapshot is an abstraction that allows interchangeability between
+// Catalog V1 ConfigSnapshot and Catalog V2 ProxyState.
+type ProxySnapshot interface {
+	AllowEmptyListeners() bool
+	AllowEmptyRoutes() bool
+	AllowEmptyClusters() bool
+	Authorize(authz acl.Authorizer) error
+	LoggerName() string
+}
+
+// CancelFunc is a type for a returned function that can be called to cancel a
+// watch.
+type CancelFunc func()
diff --git a/agent/proxy-tracker/mock_SessionLimiter.go b/internal/mesh/proxy-tracker/mock_SessionLimiter.go
similarity index 94%
rename from agent/proxy-tracker/mock_SessionLimiter.go
rename to internal/mesh/proxy-tracker/mock_SessionLimiter.go
index 4a2c5f324a1b..b50c9e84fcb2 100644
--- a/agent/proxy-tracker/mock_SessionLimiter.go
+++ b/internal/mesh/proxy-tracker/mock_SessionLimiter.go
@@ -3,7 +3,7 @@
 package proxytracker
 
 import (
-	limiter "github.com/hashicorp/consul/agent/grpc-external/limiter"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	mock "github.com/stretchr/testify/mock"
 )
 
diff --git a/internal/mesh/proxy_state_exports.go b/internal/mesh/proxy-tracker/proxy_state_exports.go
similarity index 98%
rename from internal/mesh/proxy_state_exports.go
rename to internal/mesh/proxy-tracker/proxy_state_exports.go
index 2739e3a679d6..59c4e1070f10 100644
--- a/internal/mesh/proxy_state_exports.go
+++ b/internal/mesh/proxy-tracker/proxy_state_exports.go
@@ -1,4 +1,4 @@
-package mesh
+package proxytracker
 
 import (
 	"github.com/hashicorp/consul/acl"
diff --git a/agent/proxy-tracker/proxy_tracker.go b/internal/mesh/proxy-tracker/proxy_tracker.go
similarity index 92%
rename from agent/proxy-tracker/proxy_tracker.go
rename to internal/mesh/proxy-tracker/proxy_tracker.go
index ca4478f23782..ac25e54bacbb 100644
--- a/agent/proxy-tracker/proxy_tracker.go
+++ b/internal/mesh/proxy-tracker/proxy_tracker.go
@@ -6,15 +6,15 @@ package proxytracker
 import (
 	"errors"
 	"fmt"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+	"github.com/hashicorp/consul/internal/mesh/internal/types"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/go-hclog"
 	"sync"
 
 	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/mesh"
 	"github.com/hashicorp/consul/internal/resource"
 
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
@@ -35,9 +35,9 @@ func (e *ProxyConnection) Key() string {
 // when the ProxyState for that proxyID has changed.
 type proxyWatchData struct {
 	// notifyCh is the channel that the watcher receives updates from ProxyTracker.
-	notifyCh chan proxycfg.ProxySnapshot
+	notifyCh chan proxysnapshot.ProxySnapshot
 	// state is the current/last updated ProxyState for a given proxy.
-	state *mesh.ProxyState
+	state proxysnapshot.ProxySnapshot
 	// token is the ACL token provided by the watcher.
 	token string
 	// nodeName is the node where the given proxy resides.
@@ -87,8 +87,8 @@ func NewProxyTracker(cfg ProxyTrackerConfig) *ProxyTracker {
 // Watch connects a proxy with ProxyTracker and returns the consumer a channel to receive updates,
 // a channel to notify of xDS terminated session, and a cancel function to cancel the watch.
 func (pt *ProxyTracker) Watch(proxyID *pbresource.ID,
-	nodeName string, token string) (<-chan proxycfg.ProxySnapshot,
-	limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
+	nodeName string, token string) (<-chan proxysnapshot.ProxySnapshot,
+	limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error) {
 	pt.config.Logger.Trace("watch initiated", "proxyID", proxyID, "nodeName", nodeName)
 	if err := pt.validateWatchArgs(proxyID, nodeName); err != nil {
 		pt.config.Logger.Error("args failed validation", err)
@@ -106,7 +106,7 @@ func (pt *ProxyTracker) Watch(proxyID *pbresource.ID,
 	// This buffering is crucial otherwise we'd block immediately trying to
 	// deliver the current snapshot below if we already have one.
 
-	proxyStateChan := make(chan proxycfg.ProxySnapshot, 1)
+	proxyStateChan := make(chan proxysnapshot.ProxySnapshot, 1)
 	watchData := &proxyWatchData{
 		notifyCh: proxyStateChan,
 		state:    nil,
@@ -166,7 +166,7 @@ func (pt *ProxyTracker) notifyNewProxyChannel(proxyID *pbresource.ID) error {
 // - ends the session with xDS session limiter.
 // - closes the proxy state channel assigned to the proxy.
 // This function assumes the state lock is already held.
-func (pt *ProxyTracker) cancelWatchLocked(proxyReferenceKey resource.ReferenceKey, proxyStateChan chan proxycfg.ProxySnapshot, session limiter.Session) {
+func (pt *ProxyTracker) cancelWatchLocked(proxyReferenceKey resource.ReferenceKey, proxyStateChan chan proxysnapshot.ProxySnapshot, session limiter.Session) {
 	delete(pt.proxies, proxyReferenceKey)
 	session.End()
 	close(proxyStateChan)
@@ -179,8 +179,8 @@ func (pt *ProxyTracker) validateWatchArgs(proxyID *pbresource.ID,
 	nodeName string) error {
 	if proxyID == nil {
 		return errors.New("proxyID is required")
-	} else if proxyID.GetType().GetKind() != mesh.ProxyStateTemplateConfigurationType.Kind {
-		return fmt.Errorf("proxyID must be a %s", mesh.ProxyStateTemplateConfigurationType.GetKind())
+	} else if proxyID.GetType().GetKind() != types.ProxyStateTemplateType.Kind {
+		return fmt.Errorf("proxyID must be a %s", types.ProxyStateTemplateType.GetKind())
 	} else if nodeName == "" {
 		return errors.New("nodeName is required")
 	}
@@ -189,7 +189,7 @@ func (pt *ProxyTracker) validateWatchArgs(proxyID *pbresource.ID,
 }
 
 // PushChange allows pushing a computed ProxyState to xds for xds resource generation to send to a proxy.
-func (pt *ProxyTracker) PushChange(proxyID *pbresource.ID, proxyState *mesh.ProxyState) error {
+func (pt *ProxyTracker) PushChange(proxyID *pbresource.ID, proxyState proxysnapshot.ProxySnapshot) error {
 	pt.config.Logger.Trace("push change called for proxy", "proxyID", proxyID)
 	proxyReferenceKey := resource.NewReferenceKey(proxyID)
 	pt.mu.Lock()
@@ -205,7 +205,7 @@ func (pt *ProxyTracker) PushChange(proxyID *pbresource.ID, proxyState *mesh.Prox
 	return nil
 }
 
-func (pt *ProxyTracker) deliverLatest(proxyID *pbresource.ID, proxyState *mesh.ProxyState, ch chan proxycfg.ProxySnapshot) {
+func (pt *ProxyTracker) deliverLatest(proxyID *pbresource.ID, proxyState proxysnapshot.ProxySnapshot, ch chan proxysnapshot.ProxySnapshot) {
 	pt.config.Logger.Trace("delivering latest proxy snapshot to proxy", "proxyID", proxyID)
 	// Send if chan is empty
 	select {
diff --git a/agent/proxy-tracker/proxy_tracker_test.go b/internal/mesh/proxy-tracker/proxy_tracker_test.go
similarity index 89%
rename from agent/proxy-tracker/proxy_tracker_test.go
rename to internal/mesh/proxy-tracker/proxy_tracker_test.go
index e799249d43af..9738dba17c67 100644
--- a/agent/proxy-tracker/proxy_tracker_test.go
+++ b/internal/mesh/proxy-tracker/proxy_tracker_test.go
@@ -8,7 +8,7 @@ import (
 	"fmt"
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/mesh"
+	"github.com/hashicorp/consul/internal/mesh/internal/types"
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/resourcetest"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
@@ -20,7 +20,7 @@ import (
 )
 
 func TestProxyTracker_Watch(t *testing.T) {
-	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
 	proxyReferenceKey := resource.NewReferenceKey(resourceID)
 	lim := NewMockSessionLimiter(t)
 	session1 := newMockSession(t)
@@ -70,7 +70,7 @@ func TestProxyTracker_Watch(t *testing.T) {
 }
 
 func TestProxyTracker_Watch_ErrorConsumerNotReady(t *testing.T) {
-	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
 	proxyReferenceKey := resource.NewReferenceKey(resourceID)
 	lim := NewMockSessionLimiter(t)
 	session1 := newMockSession(t)
@@ -85,7 +85,7 @@ func TestProxyTracker_Watch_ErrorConsumerNotReady(t *testing.T) {
 
 	//fill up buffered channel while the consumer is not ready to simulate the error
 	for i := 0; i < 1000; i++ {
-		event := controller.Event{Obj: &ProxyConnection{ProxyID: resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, fmt.Sprintf("test%d", i)).ID()}}
+		event := controller.Event{Obj: &ProxyConnection{ProxyID: resourcetest.Resource(types.ProxyStateTemplateType, fmt.Sprintf("test%d", i)).ID()}}
 		pt.newProxyConnectionCh <- event
 	}
 
@@ -121,14 +121,14 @@ func TestProxyTracker_Watch_ArgValidationErrors(t *testing.T) {
 		},
 		{
 			description:   "Empty nodeName",
-			proxyID:       resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID(),
+			proxyID:       resourcetest.Resource(types.ProxyStateTemplateType, "test").ID(),
 			nodeName:      "",
 			token:         "something",
 			expectedError: errors.New("nodeName is required"),
 		},
 		{
 			description:   "resource is not ProxyStateTemplate",
-			proxyID:       resourcetest.Resource(mesh.ProxyConfigurationType, "test").ID(),
+			proxyID:       resourcetest.Resource(types.ProxyConfigurationType, "test").ID(),
 			nodeName:      "something",
 			token:         "something else",
 			expectedError: errors.New("proxyID must be a ProxyStateTemplate"),
@@ -155,7 +155,7 @@ func TestProxyTracker_Watch_ArgValidationErrors(t *testing.T) {
 }
 
 func TestProxyTracker_Watch_SessionLimiterError(t *testing.T) {
-	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
 	lim := NewMockSessionLimiter(t)
 	lim.On("BeginSession").Return(nil, errors.New("kaboom"))
 	logger := testutil.Logger(t)
@@ -174,7 +174,7 @@ func TestProxyTracker_Watch_SessionLimiterError(t *testing.T) {
 }
 
 func TestProxyTracker_PushChange(t *testing.T) {
-	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
 	proxyReferenceKey := resource.NewReferenceKey(resourceID)
 	lim := NewMockSessionLimiter(t)
 	session1 := newMockSession(t)
@@ -193,7 +193,7 @@ func TestProxyTracker_PushChange(t *testing.T) {
 	require.NoError(t, err)
 
 	// PushChange
-	proxyState := &mesh.ProxyState{ProxyState: &pbmesh.ProxyState{
+	proxyState := &ProxyState{ProxyState: &pbmesh.ProxyState{
 		IntentionDefaultAllow: true,
 	}}
 
@@ -216,7 +216,7 @@ func TestProxyTracker_PushChange(t *testing.T) {
 }
 
 func TestProxyTracker_PushChanges_ErrorProxyNotConnected(t *testing.T) {
-	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
 	lim := NewMockSessionLimiter(t)
 	logger := testutil.Logger(t)
 
@@ -226,7 +226,7 @@ func TestProxyTracker_PushChanges_ErrorProxyNotConnected(t *testing.T) {
 	})
 
 	// PushChange
-	proxyState := &mesh.ProxyState{ProxyState: &pbmesh.ProxyState{
+	proxyState := &ProxyState{ProxyState: &pbmesh.ProxyState{
 		IntentionDefaultAllow: true,
 	}}
 
@@ -273,14 +273,14 @@ func TestProxyTracker_ProxyConnectedToServer(t *testing.T) {
 			Logger:         logger,
 			SessionLimiter: lim,
 		})
-		resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+		resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
 		tc.preProcessingFunc(pt, resourceID, lim, session1, session1TermCh)
 		require.Equal(t, tc.shouldExist, pt.ProxyConnectedToServer(resourceID))
 	}
 }
 
 func TestProxyTracker_Shutdown(t *testing.T) {
-	resourceID := resourcetest.Resource(mesh.ProxyStateTemplateConfigurationType, "test").ID()
+	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
 	proxyReferenceKey := resource.NewReferenceKey(resourceID)
 	lim := NewMockSessionLimiter(t)
 	session1 := newMockSession(t)

From 797e42dc24ba0cdbe5f17146a487351249aef285 Mon Sep 17 00:00:00 2001
From: Ashwin Venkatesh <ashwin@hashicorp.com>
Date: Tue, 29 Aug 2023 17:39:29 -0400
Subject: [PATCH 337/359] Watch the ProxyTracker from xDS controller (#18611)

---
 agent/agent.go                                |  6 ++--
 agent/consul/server.go                        |  2 +-
 .../proxycfg-sources/catalog/config_source.go |  6 ++--
 .../catalog/config_source_test.go             |  4 +--
 .../catalog/mock_ConfigManager.go             |  5 +--
 .../catalog/mock_SessionLimiter.go            |  4 +--
 .../proxycfg-sources/catalog/mock_Watcher.go  |  7 ++--
 .../local/mock_ConfigManager.go               |  5 +--
 agent/proxycfg/manager.go                     |  2 +-
 agent/proxycfg/manager_test.go                |  2 +-
 agent/proxycfg_test.go                        |  8 ++---
 agent/xds/delta.go                            | 13 ++++----
 agent/xds/proxystateconverter/converter.go    |  4 ++-
 agent/xds/server.go                           | 14 ++++----
 agent/xds/xds_protocol_helpers_test.go        | 18 +++++------
 agent/xdsv2/resources.go                      |  3 +-
 .../internal/controllers/xds/controller.go    |  8 +++--
 .../controllers/xds/controller_test.go        | 32 +++++++++++++++++++
 .../internal/controllers/xds/mock_updater.go  | 14 ++++++--
 .../controllers/xds/proxy_tracker_watch.go    | 21 ++++++++++++
 .../mesh/proxy-tracker/mock_SessionLimiter.go |  4 +--
 internal/mesh/proxy-tracker/proxy_tracker.go  | 14 ++++----
 .../mesh/proxy-tracker/proxy_tracker_test.go  |  8 +++--
 23 files changed, 136 insertions(+), 68 deletions(-)
 create mode 100644 internal/mesh/internal/controllers/xds/proxy_tracker_watch.go

diff --git a/agent/agent.go b/agent/agent.go
index e3af2f1c9826..d8eb4cd8fa13 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -9,9 +9,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	catalogproxycfg "github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
-	"github.com/hashicorp/consul/lib/stringslice"
 	"io"
 	"net"
 	"net/http"
@@ -57,6 +54,7 @@ import (
 	"github.com/hashicorp/consul/agent/local"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	proxycfgglue "github.com/hashicorp/consul/agent/proxycfg-glue"
+	catalogproxycfg "github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
 	localproxycfg "github.com/hashicorp/consul/agent/proxycfg-sources/local"
 	"github.com/hashicorp/consul/agent/rpcclient"
 	"github.com/hashicorp/consul/agent/rpcclient/configentry"
@@ -67,11 +65,13 @@ import (
 	"github.com/hashicorp/consul/agent/xds"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/api/watch"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"github.com/hashicorp/consul/ipaddr"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/lib/file"
 	"github.com/hashicorp/consul/lib/mutex"
 	"github.com/hashicorp/consul/lib/routine"
+	"github.com/hashicorp/consul/lib/stringslice"
 	"github.com/hashicorp/consul/logging"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/pboperator"
diff --git a/agent/consul/server.go b/agent/consul/server.go
index 9357cf36db83..ad6e5b23f8b8 100644
--- a/agent/consul/server.go
+++ b/agent/consul/server.go
@@ -8,7 +8,6 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"io"
 	"net"
 	"os"
@@ -74,6 +73,7 @@ import (
 	"github.com/hashicorp/consul/internal/catalog"
 	"github.com/hashicorp/consul/internal/controller"
 	"github.com/hashicorp/consul/internal/mesh"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/internal/resource/reaper"
diff --git a/agent/proxycfg-sources/catalog/config_source.go b/agent/proxycfg-sources/catalog/config_source.go
index 1a41af4658d7..9ded9aa7fd4e 100644
--- a/agent/proxycfg-sources/catalog/config_source.go
+++ b/agent/proxycfg-sources/catalog/config_source.go
@@ -6,9 +6,6 @@ package catalog
 import (
 	"context"
 	"errors"
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 	"sync"
 
 	"github.com/hashicorp/go-hclog"
@@ -16,9 +13,12 @@ import (
 
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/configentry"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/local"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 const source proxycfg.ProxySource = "catalog"
diff --git a/agent/proxycfg-sources/catalog/config_source_test.go b/agent/proxycfg-sources/catalog/config_source_test.go
index eef62652ce88..46b69746688c 100644
--- a/agent/proxycfg-sources/catalog/config_source_test.go
+++ b/agent/proxycfg-sources/catalog/config_source_test.go
@@ -6,8 +6,6 @@ package catalog
 import (
 	"context"
 	"errors"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	"testing"
 	"time"
 
@@ -23,6 +21,8 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/token"
 	"github.com/hashicorp/consul/internal/mesh"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 )
 
 func TestConfigSource_Success(t *testing.T) {
diff --git a/agent/proxycfg-sources/catalog/mock_ConfigManager.go b/agent/proxycfg-sources/catalog/mock_ConfigManager.go
index 1608a148f061..37deffb022d8 100644
--- a/agent/proxycfg-sources/catalog/mock_ConfigManager.go
+++ b/agent/proxycfg-sources/catalog/mock_ConfigManager.go
@@ -1,12 +1,13 @@
-// Code generated by mockery v2.32.4. DO NOT EDIT.
+// Code generated by mockery v2.33.1. DO NOT EDIT.
 
 package catalog
 
 import (
 	proxycfg "github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	mock "github.com/stretchr/testify/mock"
 
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+
 	structs "github.com/hashicorp/consul/agent/structs"
 )
 
diff --git a/agent/proxycfg-sources/catalog/mock_SessionLimiter.go b/agent/proxycfg-sources/catalog/mock_SessionLimiter.go
index a1670b190d9d..39cd430f06d3 100644
--- a/agent/proxycfg-sources/catalog/mock_SessionLimiter.go
+++ b/agent/proxycfg-sources/catalog/mock_SessionLimiter.go
@@ -1,11 +1,11 @@
-// Code generated by mockery v2.32.4. DO NOT EDIT.
+// Code generated by mockery v2.33.1. DO NOT EDIT.
 
 package catalog
 
 import (
 	context "context"
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 
+	limiter "github.com/hashicorp/consul/agent/grpc-external/limiter"
 	mock "github.com/stretchr/testify/mock"
 )
 
diff --git a/agent/proxycfg-sources/catalog/mock_Watcher.go b/agent/proxycfg-sources/catalog/mock_Watcher.go
index 71460a261440..b77be5d98ea8 100644
--- a/agent/proxycfg-sources/catalog/mock_Watcher.go
+++ b/agent/proxycfg-sources/catalog/mock_Watcher.go
@@ -1,13 +1,14 @@
-// Code generated by mockery v2.32.4. DO NOT EDIT.
+// Code generated by mockery v2.33.1. DO NOT EDIT.
 
 package catalog
 
 import (
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	limiter "github.com/hashicorp/consul/agent/grpc-external/limiter"
 	mock "github.com/stretchr/testify/mock"
 
 	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 )
 
 // MockWatcher is an autogenerated mock type for the Watcher type
diff --git a/agent/proxycfg-sources/local/mock_ConfigManager.go b/agent/proxycfg-sources/local/mock_ConfigManager.go
index 6c8d4e811d7f..e3b2d3a44587 100644
--- a/agent/proxycfg-sources/local/mock_ConfigManager.go
+++ b/agent/proxycfg-sources/local/mock_ConfigManager.go
@@ -1,12 +1,13 @@
-// Code generated by mockery v2.32.4. DO NOT EDIT.
+// Code generated by mockery v2.33.1. DO NOT EDIT.
 
 package local
 
 import (
 	proxycfg "github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	mock "github.com/stretchr/testify/mock"
 
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+
 	structs "github.com/hashicorp/consul/agent/structs"
 )
 
diff --git a/agent/proxycfg/manager.go b/agent/proxycfg/manager.go
index 32d725365b02..71b6270fefc4 100644
--- a/agent/proxycfg/manager.go
+++ b/agent/proxycfg/manager.go
@@ -5,7 +5,6 @@ package proxycfg
 
 import (
 	"errors"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"runtime/debug"
 	"sync"
 
@@ -13,6 +12,7 @@ import (
 	"golang.org/x/time/rate"
 
 	"github.com/hashicorp/consul/agent/structs"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/consul/tlsutil"
 )
 
diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go
index 50729b5bdf28..feaa4e431d03 100644
--- a/agent/proxycfg/manager_test.go
+++ b/agent/proxycfg/manager_test.go
@@ -4,7 +4,6 @@
 package proxycfg
 
 import (
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"testing"
 	"time"
 
@@ -18,6 +17,7 @@ import (
 	"github.com/hashicorp/consul/agent/proxycfg/internal/watch"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
diff --git a/agent/proxycfg_test.go b/agent/proxycfg_test.go
index 04fa0ca6b51a..d3bc15c7d448 100644
--- a/agent/proxycfg_test.go
+++ b/agent/proxycfg_test.go
@@ -5,10 +5,6 @@ package agent
 
 import (
 	"encoding/json"
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/internal/mesh"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -16,8 +12,12 @@ import (
 
 	"github.com/stretchr/testify/require"
 
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/internal/mesh"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	"github.com/hashicorp/consul/testrpc"
 )
 
diff --git a/agent/xds/delta.go b/agent/xds/delta.go
index 6d668006d70f..d239f2bd51a5 100644
--- a/agent/xds/delta.go
+++ b/agent/xds/delta.go
@@ -8,12 +8,6 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"github.com/hashicorp/consul/agent/xds/configfetcher"
-	"github.com/hashicorp/consul/agent/xdsv2"
-	"github.com/hashicorp/consul/internal/mesh"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 	"strconv"
 	"sync"
 	"sync/atomic"
@@ -25,7 +19,6 @@ import (
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
 	"github.com/hashicorp/go-hclog"
 	goversion "github.com/hashicorp/go-version"
-
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/proto"
@@ -35,10 +28,16 @@ import (
 	external "github.com/hashicorp/consul/agent/grpc-external"
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/xds/configfetcher"
 	"github.com/hashicorp/consul/agent/xds/extensionruntime"
+	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/internal/mesh"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"github.com/hashicorp/consul/logging"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/version"
 )
 
diff --git a/agent/xds/proxystateconverter/converter.go b/agent/xds/proxystateconverter/converter.go
index be6451417504..954e30857e4b 100644
--- a/agent/xds/proxystateconverter/converter.go
+++ b/agent/xds/proxystateconverter/converter.go
@@ -5,13 +5,15 @@ package proxystateconverter
 
 import (
 	"fmt"
+
+	"github.com/hashicorp/go-hclog"
+
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/configfetcher"
 	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"github.com/hashicorp/go-hclog"
 )
 
 // Converter converts a single snapshot into a ProxyState.
diff --git a/agent/xds/server.go b/agent/xds/server.go
index 7b9f8b6bf118..45c11fa0b3a1 100644
--- a/agent/xds/server.go
+++ b/agent/xds/server.go
@@ -6,19 +6,12 @@ package xds
 import (
 	"context"
 	"errors"
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 	"sync/atomic"
 	"time"
 
-	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
-	"github.com/hashicorp/consul/agent/xds/configfetcher"
-
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-
 	"github.com/armon/go-metrics"
 	"github.com/armon/go-metrics/prometheus"
+	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
@@ -26,6 +19,11 @@ import (
 
 	"github.com/hashicorp/consul/acl"
 	external "github.com/hashicorp/consul/agent/grpc-external"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+	"github.com/hashicorp/consul/agent/xds/configfetcher"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 var (
diff --git a/agent/xds/xds_protocol_helpers_test.go b/agent/xds/xds_protocol_helpers_test.go
index 31aa03682032..655e0458f49e 100644
--- a/agent/xds/xds_protocol_helpers_test.go
+++ b/agent/xds/xds_protocol_helpers_test.go
@@ -4,19 +4,12 @@
 package xds
 
 import (
-	"github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
-	"github.com/hashicorp/consul/agent/xds/response"
-	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 	"sort"
 	"sync"
 	"testing"
 	"time"
 
-	"github.com/hashicorp/consul/agent/connect"
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-
+	"github.com/armon/go-metrics"
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
@@ -31,8 +24,6 @@ import (
 	envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
 	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
-
-	"github.com/armon/go-metrics"
 	"github.com/mitchellh/copystructure"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/proto"
@@ -40,8 +31,15 @@ import (
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
 
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
 	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/agent/xds/response"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
 
diff --git a/agent/xdsv2/resources.go b/agent/xdsv2/resources.go
index 2aeeb97db990..fa5f7179e6a5 100644
--- a/agent/xdsv2/resources.go
+++ b/agent/xdsv2/resources.go
@@ -5,11 +5,12 @@ package xdsv2
 
 import (
 	"fmt"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
+
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/protobuf/proto"
 
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 )
 
 // ResourceGenerator is associated with a single gRPC stream and creates xDS
diff --git a/internal/mesh/internal/controllers/xds/controller.go b/internal/mesh/internal/controllers/xds/controller.go
index cff8430ae532..04afeecc50c4 100644
--- a/internal/mesh/internal/controllers/xds/controller.go
+++ b/internal/mesh/internal/controllers/xds/controller.go
@@ -5,6 +5,7 @@ package xds
 
 import (
 	"context"
+
 	"github.com/hashicorp/consul/internal/catalog"
 	"github.com/hashicorp/consul/internal/controller"
 	"github.com/hashicorp/consul/internal/mesh/internal/controllers/xds/status"
@@ -20,13 +21,13 @@ import (
 const ControllerName = "consul.io/xds-controller"
 
 func Controller(mapper *bimapper.Mapper, updater ProxyUpdater, fetcher TrustBundleFetcher) controller.Controller {
-	//if mapper == nil || updater == nil || fetcher == nil {
-	if mapper == nil || fetcher == nil {
+	if mapper == nil || updater == nil || fetcher == nil {
 		panic("mapper, updater and fetcher are required")
 	}
 
 	return controller.ForType(types.ProxyStateTemplateType).
 		WithWatch(catalog.ServiceEndpointsType, mapper.MapLink).
+		WithCustomWatch(proxySource(updater), proxyMapper).
 		WithPlacement(controller.PlacementEachServer).
 		WithReconciler(&xdsReconciler{bimapper: mapper, updater: updater, fetchTrustBundle: fetcher})
 }
@@ -47,6 +48,9 @@ type ProxyUpdater interface {
 
 	// ProxyConnectedToServer returns whether this id is connected to this server.
 	ProxyConnectedToServer(id *pbresource.ID) bool
+
+	// EventChannel returns a channel of events that are consumed by the Custom Watcher.
+	EventChannel() chan controller.Event
 }
 
 func (r *xdsReconciler) Reconcile(ctx context.Context, rt controller.Runtime, req controller.Request) error {
diff --git a/internal/mesh/internal/controllers/xds/controller_test.go b/internal/mesh/internal/controllers/xds/controller_test.go
index fb28c59a23c1..627615d54e71 100644
--- a/internal/mesh/internal/controllers/xds/controller_test.go
+++ b/internal/mesh/internal/controllers/xds/controller_test.go
@@ -15,6 +15,7 @@ import (
 	"github.com/hashicorp/consul/internal/controller"
 	"github.com/hashicorp/consul/internal/mesh/internal/controllers/xds/status"
 	"github.com/hashicorp/consul/internal/mesh/internal/types"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/mappers/bimapper"
 	"github.com/hashicorp/consul/internal/resource/resourcetest"
@@ -432,6 +433,37 @@ func (suite *xdsControllerTestSuite) TestController_ComputeAddUpdateEndpoints()
 
 }
 
+// Sets up a full controller, and tests that reconciles are getting triggered for the events it should.
+func (suite *xdsControllerTestSuite) TestController_ComputeEndpointForProxyConnections() {
+	// Run the controller manager.
+	mgr := controller.NewManager(suite.client, suite.runtime.Logger)
+
+	mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher))
+	mgr.SetRaftLeader(true)
+	go mgr.Run(suite.ctx)
+
+	// Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints. These need to be stored
+	// because the controller reconcile looks them up.
+	suite.setupFooProxyStateTemplateAndEndpoints()
+
+	// Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to
+	// be in a retry block unlike the Reconcile tests because the controller triggers asynchronously.
+	retry.Run(suite.T(), func(r *retry.R) {
+		actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
+		// Assert on the status.
+		suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
+		// Assert that the endpoints computed in the controller matches the expected endpoints.
+		prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints)
+	})
+
+	eventChannel := suite.updater.EventChannel()
+	eventChannel <- controller.Event{Obj: &proxytracker.ProxyConnection{ProxyID: suite.fooProxyStateTemplate.Id}}
+
+	// Wait for the proxy state template to be re-evaluated.
+	proxyStateTemp := suite.client.WaitForNewVersion(suite.T(), suite.fooProxyStateTemplate.Id, suite.fooProxyStateTemplate.Version)
+	require.NotNil(suite.T(), proxyStateTemp)
+}
+
 // Setup: fooProxyStateTemplate with an EndpointsRef to fooEndpoints
 // Saves all related resources to the suite so they can be modified if needed.
 func (suite *xdsControllerTestSuite) setupFooProxyStateTemplateAndEndpoints() {
diff --git a/internal/mesh/internal/controllers/xds/mock_updater.go b/internal/mesh/internal/controllers/xds/mock_updater.go
index 1fcde13fdd50..f17a388e8e8b 100644
--- a/internal/mesh/internal/controllers/xds/mock_updater.go
+++ b/internal/mesh/internal/controllers/xds/mock_updater.go
@@ -5,12 +5,12 @@ package xds
 
 import (
 	"fmt"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"sync"
 
+	"github.com/hashicorp/consul/internal/controller"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
@@ -23,6 +23,7 @@ type mockUpdater struct {
 	latestPs        map[string]proxysnapshot.ProxySnapshot
 	notConnected    bool
 	pushChangeError bool
+	eventChan       chan controller.Event
 }
 
 func newMockUpdater() *mockUpdater {
@@ -63,6 +64,13 @@ func (m *mockUpdater) ProxyConnectedToServer(_ *pbresource.ID) bool {
 	return true
 }
 
+func (m *mockUpdater) EventChannel() chan controller.Event {
+	if m.eventChan == nil {
+		m.eventChan = make(chan controller.Event)
+	}
+	return m.eventChan
+}
+
 func (p *mockUpdater) Get(name string) *proxytracker.ProxyState {
 	p.lock.Lock()
 	defer p.lock.Unlock()
diff --git a/internal/mesh/internal/controllers/xds/proxy_tracker_watch.go b/internal/mesh/internal/controllers/xds/proxy_tracker_watch.go
new file mode 100644
index 000000000000..419a200a9104
--- /dev/null
+++ b/internal/mesh/internal/controllers/xds/proxy_tracker_watch.go
@@ -0,0 +1,21 @@
+package xds
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/consul/internal/controller"
+	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
+)
+
+func proxySource(updater ProxyUpdater) *controller.Source {
+	return &controller.Source{Source: updater.EventChannel()}
+}
+
+func proxyMapper(ctx context.Context, rt controller.Runtime, event controller.Event) ([]controller.Request, error) {
+	connection, ok := event.Obj.(*proxytracker.ProxyConnection)
+	if !ok {
+		return nil, fmt.Errorf("expected event to be of type *proxytracker.ProxyConnection but was %+v", event)
+	}
+	return []controller.Request{{ID: connection.ProxyID}}, nil
+}
diff --git a/internal/mesh/proxy-tracker/mock_SessionLimiter.go b/internal/mesh/proxy-tracker/mock_SessionLimiter.go
index b50c9e84fcb2..32375dbdc386 100644
--- a/internal/mesh/proxy-tracker/mock_SessionLimiter.go
+++ b/internal/mesh/proxy-tracker/mock_SessionLimiter.go
@@ -1,9 +1,9 @@
-// Code generated by mockery v2.32.4. DO NOT EDIT.
+// Code generated by mockery v2.33.1. DO NOT EDIT.
 
 package proxytracker
 
 import (
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+	limiter "github.com/hashicorp/consul/agent/grpc-external/limiter"
 	mock "github.com/stretchr/testify/mock"
 )
 
diff --git a/internal/mesh/proxy-tracker/proxy_tracker.go b/internal/mesh/proxy-tracker/proxy_tracker.go
index ac25e54bacbb..a40353aaf699 100644
--- a/internal/mesh/proxy-tracker/proxy_tracker.go
+++ b/internal/mesh/proxy-tracker/proxy_tracker.go
@@ -6,26 +6,26 @@ package proxytracker
 import (
 	"errors"
 	"fmt"
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/internal/mesh/internal/types"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	"github.com/hashicorp/go-hclog"
 	"sync"
 
+	"github.com/hashicorp/go-hclog"
+
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/internal/controller"
+	"github.com/hashicorp/consul/internal/mesh/internal/types"
+	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/consul/internal/resource"
-
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
-// Proxy implements the queue.ItemType interface so that it can be used in a controller.Event.
+// ProxyConnection implements the queue.ItemType interface so that it can be used in a controller.Event.
 // It is sent on the newProxyConnectionCh channel.
 // TODO(ProxyState): needs to support tenancy in the future.
-// Key() is current resourceID.Name.
 type ProxyConnection struct {
 	ProxyID *pbresource.ID
 }
 
+// Key is current resourceID.Name.
 func (e *ProxyConnection) Key() string {
 	return e.ProxyID.GetName()
 }
diff --git a/internal/mesh/proxy-tracker/proxy_tracker_test.go b/internal/mesh/proxy-tracker/proxy_tracker_test.go
index 9738dba17c67..09e5be13ac52 100644
--- a/internal/mesh/proxy-tracker/proxy_tracker_test.go
+++ b/internal/mesh/proxy-tracker/proxy_tracker_test.go
@@ -6,6 +6,11 @@ package proxytracker
 import (
 	"errors"
 	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/internal/controller"
 	"github.com/hashicorp/consul/internal/mesh/internal/types"
@@ -14,9 +19,6 @@ import (
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/sdk/testutil"
-	"github.com/stretchr/testify/mock"
-	"github.com/stretchr/testify/require"
-	"testing"
 )
 
 func TestProxyTracker_Watch(t *testing.T) {

From f8812eddf1ef1c3fc1886320eba4f48e5cffc58c Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Tue, 29 Aug 2023 18:14:56 -0400
Subject: [PATCH 338/359] Distinguish v2 catalog Protocol unset from default
 (#18612)

Even though we intend to default to TCP when this field is not
explicitly provided, uncluding an `UNSPECIFIED` default enum value allows us
to create inheritance chains, e.g. service to workload.
---
 .../pbcatalog/v1alpha1/protocol.pb.go         | 90 ++++++++++---------
 .../pbcatalog/v1alpha1/protocol.proto         | 12 +--
 proto-public/pbcatalog/v1alpha1/service.pb.go |  2 +-
 .../pbcatalog/v1alpha1/workload.pb.go         |  2 +-
 4 files changed, 55 insertions(+), 51 deletions(-)

diff --git a/proto-public/pbcatalog/v1alpha1/protocol.pb.go b/proto-public/pbcatalog/v1alpha1/protocol.pb.go
index 71e89aab4aa5..6e2ba0efb000 100644
--- a/proto-public/pbcatalog/v1alpha1/protocol.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/protocol.pb.go
@@ -26,30 +26,32 @@ const (
 type Protocol int32
 
 const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	Protocol_PROTOCOL_TCP   Protocol = 0
-	Protocol_PROTOCOL_HTTP  Protocol = 1
-	Protocol_PROTOCOL_HTTP2 Protocol = 2
-	Protocol_PROTOCOL_GRPC  Protocol = 3
+	Protocol_PROTOCOL_UNSPECIFIED Protocol = 0
+	Protocol_PROTOCOL_TCP         Protocol = 1
+	Protocol_PROTOCOL_HTTP        Protocol = 2
+	Protocol_PROTOCOL_HTTP2       Protocol = 3
+	Protocol_PROTOCOL_GRPC        Protocol = 4
 	// Protocol Mesh indicates that this port can speak Consul's mTLS based mesh protocol.
-	Protocol_PROTOCOL_MESH Protocol = 4
+	Protocol_PROTOCOL_MESH Protocol = 5
 )
 
 // Enum value maps for Protocol.
 var (
 	Protocol_name = map[int32]string{
-		0: "PROTOCOL_TCP",
-		1: "PROTOCOL_HTTP",
-		2: "PROTOCOL_HTTP2",
-		3: "PROTOCOL_GRPC",
-		4: "PROTOCOL_MESH",
+		0: "PROTOCOL_UNSPECIFIED",
+		1: "PROTOCOL_TCP",
+		2: "PROTOCOL_HTTP",
+		3: "PROTOCOL_HTTP2",
+		4: "PROTOCOL_GRPC",
+		5: "PROTOCOL_MESH",
 	}
 	Protocol_value = map[string]int32{
-		"PROTOCOL_TCP":   0,
-		"PROTOCOL_HTTP":  1,
-		"PROTOCOL_HTTP2": 2,
-		"PROTOCOL_GRPC":  3,
-		"PROTOCOL_MESH":  4,
+		"PROTOCOL_UNSPECIFIED": 0,
+		"PROTOCOL_TCP":         1,
+		"PROTOCOL_HTTP":        2,
+		"PROTOCOL_HTTP2":       3,
+		"PROTOCOL_GRPC":        4,
+		"PROTOCOL_MESH":        5,
 	}
 )
 
@@ -87,33 +89,35 @@ var file_pbcatalog_v1alpha1_protocol_proto_rawDesc = []byte{
 	0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x12, 0x21, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2a, 0x69, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
-	0x6f, 0x6c, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x54,
-	0x43, 0x50, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c,
-	0x5f, 0x48, 0x54, 0x54, 0x50, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x54, 0x4f,
-	0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x32, 0x10, 0x02, 0x12, 0x11, 0x0a, 0x0d, 0x50,
-	0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x47, 0x52, 0x50, 0x43, 0x10, 0x03, 0x12, 0x11,
-	0x0a, 0x0d, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x4d, 0x45, 0x53, 0x48, 0x10,
-	0x04, 0x42, 0xaa, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c,
-	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d, 0x50, 0x72, 0x6f,
-	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x4b, 0x67, 0x69,
-	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
-	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67,
-	0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f,
-	0x67, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x43, 0xaa,
-	0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c,
-	0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d,
-	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x43, 0x61, 0x74,
-	0x61, 0x6c, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2a, 0x83, 0x01, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f,
+	0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a,
+	0x0c, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x54, 0x43, 0x50, 0x10, 0x01, 0x12,
+	0x11, 0x0a, 0x0d, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50,
+	0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x48,
+	0x54, 0x54, 0x50, 0x32, 0x10, 0x03, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43,
+	0x4f, 0x4c, 0x5f, 0x47, 0x52, 0x50, 0x43, 0x10, 0x04, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x52, 0x4f,
+	0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x4d, 0x45, 0x53, 0x48, 0x10, 0x05, 0x42, 0xaa, 0x02, 0x0a,
+	0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x4b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69,
+	0x63, 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x43, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x43, 0x61,
+	0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02,
+	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
+	0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x3a,
+	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
 }
 
 var (
diff --git a/proto-public/pbcatalog/v1alpha1/protocol.proto b/proto-public/pbcatalog/v1alpha1/protocol.proto
index a18351c5d6d8..909271b9a6cc 100644
--- a/proto-public/pbcatalog/v1alpha1/protocol.proto
+++ b/proto-public/pbcatalog/v1alpha1/protocol.proto
@@ -6,12 +6,12 @@ syntax = "proto3";
 package hashicorp.consul.catalog.v1alpha1;
 
 enum Protocol {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  PROTOCOL_TCP = 0;
-  PROTOCOL_HTTP = 1;
-  PROTOCOL_HTTP2 = 2;
-  PROTOCOL_GRPC = 3;
+  PROTOCOL_UNSPECIFIED = 0;
+  PROTOCOL_TCP = 1;
+  PROTOCOL_HTTP = 2;
+  PROTOCOL_HTTP2 = 3;
+  PROTOCOL_GRPC = 4;
 
   // Protocol Mesh indicates that this port can speak Consul's mTLS based mesh protocol.
-  PROTOCOL_MESH = 4;
+  PROTOCOL_MESH = 5;
 }
diff --git a/proto-public/pbcatalog/v1alpha1/service.pb.go b/proto-public/pbcatalog/v1alpha1/service.pb.go
index cd72ccf268ff..ac4afa2c9efa 100644
--- a/proto-public/pbcatalog/v1alpha1/service.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/service.pb.go
@@ -158,7 +158,7 @@ func (x *ServicePort) GetProtocol() Protocol {
 	if x != nil {
 		return x.Protocol
 	}
-	return Protocol_PROTOCOL_TCP
+	return Protocol_PROTOCOL_UNSPECIFIED
 }
 
 var File_pbcatalog_v1alpha1_service_proto protoreflect.FileDescriptor
diff --git a/proto-public/pbcatalog/v1alpha1/workload.pb.go b/proto-public/pbcatalog/v1alpha1/workload.pb.go
index e1f75d810cb8..e6fa7936d0b3 100644
--- a/proto-public/pbcatalog/v1alpha1/workload.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/workload.pb.go
@@ -269,7 +269,7 @@ func (x *WorkloadPort) GetProtocol() Protocol {
 	if x != nil {
 		return x.Protocol
 	}
-	return Protocol_PROTOCOL_TCP
+	return Protocol_PROTOCOL_UNSPECIFIED
 }
 
 type Locality struct {

From 58e5658810c1267fe4c6144fc0682d520d5513ac Mon Sep 17 00:00:00 2001
From: Hardik Shingala <34568645+hdkshingala@users.noreply.github.com>
Date: Wed, 30 Aug 2023 20:21:58 +0530
Subject: [PATCH 339/359] Added OpenTelemetry Access Logging Envoy extension
 (#18336)

---
 .changelog/18336.txt                          |   7 +
 .../builtin/ext-authz/ext_authz.go            |  17 +-
 .../otel_access_logging.go                    | 274 +++++++++++
 .../otel_access_logging_test.go               | 113 +++++
 .../builtin/otel-access-logging/structs.go    | 424 ++++++++++++++++++
 .../envoyextensions/registered_extensions.go  |  12 +-
 api/config_entry.go                           |  11 +-
 .../configuration/ext-authz.mdx               |  13 +
 .../configuration/otel-access-logging.mdx     | 390 ++++++++++++++++
 .../proxies/envoy-extensions/index.mdx        |   5 +
 .../envoy-extensions/usage/ext-authz.mdx      |   1 -
 .../usage/otel-access-logging.mdx             | 146 ++++++
 website/data/docs-nav-data.json               |   8 +
 13 files changed, 1409 insertions(+), 12 deletions(-)
 create mode 100644 .changelog/18336.txt
 create mode 100644 agent/envoyextensions/builtin/otel-access-logging/otel_access_logging.go
 create mode 100644 agent/envoyextensions/builtin/otel-access-logging/otel_access_logging_test.go
 create mode 100644 agent/envoyextensions/builtin/otel-access-logging/structs.go
 create mode 100644 website/content/docs/connect/proxies/envoy-extensions/configuration/otel-access-logging.mdx
 create mode 100644 website/content/docs/connect/proxies/envoy-extensions/usage/otel-access-logging.mdx

diff --git a/.changelog/18336.txt b/.changelog/18336.txt
new file mode 100644
index 000000000000..5d91046ec5ef
--- /dev/null
+++ b/.changelog/18336.txt
@@ -0,0 +1,7 @@
+```release-note:feature
+xds: Add a built-in Envoy extension that appends OpenTelemetry Access Logging (otel-access-logging) to the HTTP Connection Manager filter.
+```
+
+```release-note:feature
+xds: Add support for patching outbound listeners to the built-in Envoy External Authorization extension.
+```
diff --git a/agent/envoyextensions/builtin/ext-authz/ext_authz.go b/agent/envoyextensions/builtin/ext-authz/ext_authz.go
index f5368c97ab8d..00e1d47640c4 100644
--- a/agent/envoyextensions/builtin/ext-authz/ext_authz.go
+++ b/agent/envoyextensions/builtin/ext-authz/ext_authz.go
@@ -23,6 +23,8 @@ type extAuthz struct {
 	ProxyType api.ServiceKind
 	// InsertOptions controls how the extension inserts the filter.
 	InsertOptions ext_cmn.InsertOptions
+	// ListenerType controls which listener the extension applies to. It supports "inbound" or "outbound" listeners.
+	ListenerType string
 	// Config holds the extension configuration.
 	Config extAuthzConfig
 }
@@ -61,10 +63,14 @@ func (a *extAuthz) PatchClusters(cfg *ext_cmn.RuntimeConfig, c ext_cmn.ClusterMa
 	return c, nil
 }
 
+func (a *extAuthz) matchesListenerDirection(isInboundListener bool) bool {
+	return (!isInboundListener && a.ListenerType == "outbound") || (isInboundListener && a.ListenerType == "inbound")
+}
+
 // PatchFilters inserts an ext-authz filter into the list of network filters or the filter chain of the HTTP connection manager.
 func (a *extAuthz) PatchFilters(cfg *ext_cmn.RuntimeConfig, filters []*envoy_listener_v3.Filter, isInboundListener bool) ([]*envoy_listener_v3.Filter, error) {
 	// The ext_authz extension only patches filters for inbound listeners.
-	if !isInboundListener {
+	if !a.matchesListenerDirection(isInboundListener) {
 		return filters, nil
 	}
 
@@ -129,6 +135,11 @@ func (a *extAuthz) normalize() {
 	if a.ProxyType == "" {
 		a.ProxyType = api.ServiceKindConnectProxy
 	}
+
+	if a.ListenerType == "" {
+		a.ListenerType = "inbound"
+	}
+
 	a.Config.normalize()
 }
 
@@ -140,6 +151,10 @@ func (a *extAuthz) validate() error {
 			api.ServiceKindConnectProxy))
 	}
 
+	if a.ListenerType != "inbound" && a.ListenerType != "outbound" {
+		resultErr = multierror.Append(resultErr, fmt.Errorf(`unexpected ListenerType %q, supported values are "inbound" or "outbound"`, a.ListenerType))
+	}
+
 	if err := a.Config.validate(); err != nil {
 		resultErr = multierror.Append(resultErr, err)
 	}
diff --git a/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging.go b/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging.go
new file mode 100644
index 000000000000..2f003b552582
--- /dev/null
+++ b/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging.go
@@ -0,0 +1,274 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package otelaccesslogging
+
+import (
+	"fmt"
+
+	envoy_extensions_access_loggers_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3"
+	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
+	envoy_extensions_access_loggers_otel_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/open_telemetry/v3"
+	"github.com/mitchellh/mapstructure"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
+
+	"github.com/hashicorp/consul/api"
+	ext_cmn "github.com/hashicorp/consul/envoyextensions/extensioncommon"
+	"github.com/hashicorp/go-multierror"
+	v1 "go.opentelemetry.io/proto/otlp/common/v1"
+)
+
+type otelAccessLogging struct {
+	ext_cmn.BasicExtensionAdapter
+
+	// ProxyType identifies the type of Envoy proxy that this extension applies to.
+	// The extension will only be configured for proxies that match this type and
+	// will be ignored for all other proxy types.
+	ProxyType api.ServiceKind
+	// ListenerType controls which listener the extension applies to. It supports "inbound" or "outbound" listeners.
+	ListenerType string
+	// Config holds the extension configuration.
+	Config AccessLog
+}
+
+var _ ext_cmn.BasicExtension = (*otelAccessLogging)(nil)
+
+func Constructor(ext api.EnvoyExtension) (ext_cmn.EnvoyExtender, error) {
+	otel, err := newOTELAccessLogging(ext)
+	if err != nil {
+		return nil, err
+	}
+	return &ext_cmn.BasicEnvoyExtender{
+		Extension: otel,
+	}, nil
+}
+
+// CanApply indicates if the extension can be applied to the given extension runtime configuration.
+func (a *otelAccessLogging) CanApply(config *ext_cmn.RuntimeConfig) bool {
+	return config.Kind == api.ServiceKindConnectProxy
+}
+
+// PatchClusters modifies the cluster resources for the extension.
+//
+// If the extension is configured to target the OTEL service running on the local host network
+// this func will insert a cluster for calling that service. It does nothing if the extension is
+// configured to target an upstream service because the existing cluster for the upstream will be
+// used directly by the filter.
+func (a *otelAccessLogging) PatchClusters(cfg *ext_cmn.RuntimeConfig, c ext_cmn.ClusterMap) (ext_cmn.ClusterMap, error) {
+	cluster, err := a.Config.toEnvoyCluster(cfg)
+	if err != nil {
+		return c, err
+	}
+	if cluster != nil {
+		c[cluster.Name] = cluster
+	}
+	return c, nil
+}
+
+func (a *otelAccessLogging) matchesListenerDirection(p ext_cmn.FilterPayload) bool {
+	isInboundListener := p.IsInbound()
+	return (!isInboundListener && a.ListenerType == "outbound") || (isInboundListener && a.ListenerType == "inbound")
+}
+
+// PatchFilter adds the OTEL access log in the HTTP connection manager.
+func (a *otelAccessLogging) PatchFilter(p ext_cmn.FilterPayload) (*envoy_listener_v3.Filter, bool, error) {
+	filter := p.Message
+	// Make sure filter matches extension config.
+	if !a.matchesListenerDirection(p) {
+		return filter, false, nil
+	}
+
+	httpConnectionManager, _, err := ext_cmn.GetHTTPConnectionManager(filter)
+	if err != nil {
+		return filter, false, err
+	}
+
+	accessLog, err := a.toEnvoyAccessLog(p.RuntimeConfig)
+	if err != nil {
+		return filter, false, err
+	}
+
+	httpConnectionManager.AccessLog = append(httpConnectionManager.AccessLog, accessLog)
+	newHCM, err := ext_cmn.MakeFilter("envoy.filters.network.http_connection_manager", httpConnectionManager)
+	if err != nil {
+		return filter, false, err
+	}
+
+	return newHCM, true, nil
+}
+
+func newOTELAccessLogging(ext api.EnvoyExtension) (*otelAccessLogging, error) {
+	otel := &otelAccessLogging{}
+	if ext.Name != api.BuiltinOTELAccessLoggingExtension {
+		return otel, fmt.Errorf("expected extension name %q but got %q", api.BuiltinOTELAccessLoggingExtension, ext.Name)
+	}
+	if err := otel.fromArguments(ext.Arguments); err != nil {
+		return otel, err
+	}
+
+	return otel, nil
+}
+
+func (a *otelAccessLogging) fromArguments(args map[string]any) error {
+	if err := mapstructure.Decode(args, a); err != nil {
+		return err
+	}
+	a.normalize()
+	return a.validate()
+}
+
+func (a *otelAccessLogging) toEnvoyAccessLog(cfg *ext_cmn.RuntimeConfig) (*envoy_extensions_access_loggers_v3.AccessLog, error) {
+	commonConfig, err := a.Config.toEnvoyCommonGrpcAccessLogConfig(cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := toEnvoyAnyValue(a.Config.Body)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal Body: %w", err)
+	}
+
+	attributes, err := toEnvoyKeyValueList(a.Config.Attributes)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal Attributes: %w", err)
+	}
+
+	resourceAttributes, err := toEnvoyKeyValueList(a.Config.ResourceAttributes)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal ResourceAttributes: %w", err)
+	}
+
+	otelAccessLogConfig := &envoy_extensions_access_loggers_otel_v3.OpenTelemetryAccessLogConfig{
+		CommonConfig:       commonConfig,
+		Body:               body,
+		Attributes:         attributes,
+		ResourceAttributes: resourceAttributes,
+	}
+
+	// Marshal the struct to bytes.
+	otelAccessLogConfigBytes, err := proto.Marshal(otelAccessLogConfig)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal OpenTelemetryAccessLogConfig: %w", err)
+	}
+
+	return &envoy_extensions_access_loggers_v3.AccessLog{
+		Name: "envoy.access_loggers.open_telemetry",
+		ConfigType: &envoy_extensions_access_loggers_v3.AccessLog_TypedConfig{
+			TypedConfig: &anypb.Any{
+				Value:   otelAccessLogConfigBytes,
+				TypeUrl: "type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig",
+			},
+		},
+	}, nil
+}
+
+func (a *otelAccessLogging) normalize() {
+	if a.ProxyType == "" {
+		a.ProxyType = api.ServiceKindConnectProxy
+	}
+
+	if a.ListenerType == "" {
+		a.ListenerType = "inbound"
+	}
+
+	if a.Config.LogName == "" {
+		a.Config.LogName = a.ListenerType
+	}
+
+	a.Config.normalize()
+}
+
+func (a *otelAccessLogging) validate() error {
+	var resultErr error
+	if a.ProxyType != api.ServiceKindConnectProxy {
+		resultErr = multierror.Append(resultErr, fmt.Errorf("unsupported ProxyType %q, only %q is supported",
+			a.ProxyType,
+			api.ServiceKindConnectProxy))
+	}
+
+	if a.ListenerType != "inbound" && a.ListenerType != "outbound" {
+		resultErr = multierror.Append(resultErr, fmt.Errorf(`unexpected ListenerType %q, supported values are "inbound" or "outbound"`, a.ListenerType))
+	}
+
+	if err := a.Config.validate(); err != nil {
+		resultErr = multierror.Append(resultErr, err)
+	}
+
+	return resultErr
+}
+
+func toEnvoyKeyValueList(attributes map[string]any) (*v1.KeyValueList, error) {
+	keyValueList := &v1.KeyValueList{}
+	for key, value := range attributes {
+		anyValue, err := toEnvoyAnyValue(value)
+		if err != nil {
+			return nil, err
+		}
+		keyValueList.Values = append(keyValueList.Values, &v1.KeyValue{
+			Key:   key,
+			Value: anyValue,
+		})
+	}
+
+	return keyValueList, nil
+}
+
+func toEnvoyAnyValue(value interface{}) (*v1.AnyValue, error) {
+	if value == nil {
+		return nil, nil
+	}
+
+	switch v := value.(type) {
+	case string:
+		return &v1.AnyValue{
+			Value: &v1.AnyValue_StringValue{
+				StringValue: v,
+			},
+		}, nil
+	case int:
+		return &v1.AnyValue{
+			Value: &v1.AnyValue_IntValue{
+				IntValue: int64(v),
+			},
+		}, nil
+	case int32:
+		return &v1.AnyValue{
+			Value: &v1.AnyValue_IntValue{
+				IntValue: int64(v),
+			},
+		}, nil
+	case int64:
+		return &v1.AnyValue{
+			Value: &v1.AnyValue_IntValue{
+				IntValue: v,
+			},
+		}, nil
+	case float32:
+		return &v1.AnyValue{
+			Value: &v1.AnyValue_DoubleValue{
+				DoubleValue: float64(v),
+			},
+		}, nil
+	case float64:
+		return &v1.AnyValue{
+			Value: &v1.AnyValue_DoubleValue{
+				DoubleValue: v,
+			},
+		}, nil
+	case bool:
+		return &v1.AnyValue{
+			Value: &v1.AnyValue_BoolValue{
+				BoolValue: v,
+			},
+		}, nil
+	case []byte:
+		return &v1.AnyValue{
+			Value: &v1.AnyValue_BytesValue{
+				BytesValue: v,
+			},
+		}, nil
+	default:
+		return nil, fmt.Errorf("unsupported type %T", v)
+	}
+}
diff --git a/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging_test.go b/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging_test.go
new file mode 100644
index 000000000000..5c6b9ffa6636
--- /dev/null
+++ b/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging_test.go
@@ -0,0 +1,113 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package otelaccesslogging
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
+)
+
+func TestConstructor(t *testing.T) {
+	makeArguments := func(overrides map[string]interface{}) map[string]interface{} {
+		m := map[string]interface{}{
+			"ProxyType":    "connect-proxy",
+			"ListenerType": "inbound",
+			"Config": AccessLog{
+				LogName: "access.log",
+				GrpcService: &GrpcService{
+					Target: &Target{
+						Service: api.CompoundServiceName{
+							Name:      "otel-collector",
+							Namespace: "default",
+							Partition: "default",
+						},
+					},
+				},
+			},
+		}
+
+		for k, v := range overrides {
+			m[k] = v
+		}
+
+		return m
+	}
+
+	cases := map[string]struct {
+		extensionName string
+		arguments     map[string]interface{}
+		expected      otelAccessLogging
+		ok            bool
+	}{
+		"with no arguments": {
+			arguments: nil,
+			ok:        false,
+		},
+		"with an invalid name": {
+			arguments:     makeArguments(map[string]interface{}{}),
+			extensionName: "bad",
+			ok:            false,
+		},
+		"invalid proxy type": {
+			arguments: makeArguments(map[string]interface{}{"ProxyType": "terminating-gateway"}),
+			ok:        false,
+		},
+		"invalid listener": {
+			arguments: makeArguments(map[string]interface{}{"ListenerType": "invalid"}),
+			ok:        false,
+		},
+		"default proxy type": {
+			arguments: makeArguments(map[string]interface{}{"ProxyType": ""}),
+			expected: otelAccessLogging{
+				ProxyType:    "connect-proxy",
+				ListenerType: "inbound",
+				Config: AccessLog{
+					LogName: "access.log",
+					GrpcService: &GrpcService{
+						Target: &Target{
+							Service: api.CompoundServiceName{
+								Name:      "otel-collector",
+								Namespace: "default",
+								Partition: "default",
+							},
+						},
+					},
+				},
+			},
+			ok: true,
+		},
+	}
+
+	for n, tc := range cases {
+		t.Run(n, func(t *testing.T) {
+
+			extensionName := api.BuiltinOTELAccessLoggingExtension
+			if tc.extensionName != "" {
+				extensionName = tc.extensionName
+			}
+
+			svc := api.CompoundServiceName{Name: "svc"}
+			ext := extensioncommon.RuntimeConfig{
+				ServiceName: svc,
+				EnvoyExtension: api.EnvoyExtension{
+					Name:      extensionName,
+					Arguments: tc.arguments,
+				},
+			}
+
+			e, err := Constructor(ext.EnvoyExtension)
+
+			if tc.ok {
+				require.NoError(t, err)
+				require.Equal(t, &extensioncommon.BasicEnvoyExtender{Extension: &tc.expected}, e)
+			} else {
+				require.Error(t, err)
+			}
+		})
+	}
+}
diff --git a/agent/envoyextensions/builtin/otel-access-logging/structs.go b/agent/envoyextensions/builtin/otel-access-logging/structs.go
new file mode 100644
index 000000000000..5d23a0e4032c
--- /dev/null
+++ b/agent/envoyextensions/builtin/otel-access-logging/structs.go
@@ -0,0 +1,424 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package otelaccesslogging
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
+	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
+	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
+	envoy_extensions_access_loggers_grpc_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v3"
+	envoy_upstreams_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/api"
+	cmn "github.com/hashicorp/consul/envoyextensions/extensioncommon"
+	"github.com/hashicorp/go-multierror"
+	"google.golang.org/protobuf/types/known/anypb"
+	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
+)
+
+const (
+	LocalAccessLogClusterName = "local_access_log"
+
+	localhost     = "localhost"
+	localhostIPv4 = "127.0.0.1"
+	localhostIPv6 = "::1"
+)
+
+type AccessLog struct {
+	LogName                 string
+	GrpcService             *GrpcService
+	BufferFlushInterval     *time.Duration
+	BufferSizeBytes         uint32
+	FilterStateObjectsToLog []string
+	RetryPolicy             *RetryPolicy
+	Body                    interface{}
+	Attributes              map[string]interface{}
+	ResourceAttributes      map[string]interface{}
+}
+
+func (a *AccessLog) normalize() {
+	if a.GrpcService != nil {
+		a.GrpcService.normalize()
+	}
+
+	if a.RetryPolicy != nil {
+		a.RetryPolicy.normalize()
+	}
+}
+
+func (a *AccessLog) validate() error {
+	a.normalize()
+
+	if a.GrpcService == nil {
+		return fmt.Errorf("missing GrpcService")
+	}
+
+	var resultErr error
+
+	var field string
+	var validate func() error
+	field = "GrpcService"
+	validate = a.GrpcService.validate
+
+	if err := validate(); err != nil {
+		resultErr = multierror.Append(resultErr, fmt.Errorf("failed to validate Config.%s: %w", field, err))
+	}
+
+	return resultErr
+}
+
+func (a *AccessLog) envoyGrpcService(cfg *cmn.RuntimeConfig) (*envoy_core_v3.GrpcService, error) {
+	target := a.GrpcService.Target
+	clusterName, err := a.getClusterName(cfg, target)
+	if err != nil {
+		return nil, err
+	}
+
+	var initialMetadata []*envoy_core_v3.HeaderValue
+	for _, meta := range a.GrpcService.InitialMetadata {
+		initialMetadata = append(initialMetadata, meta.toEnvoy())
+	}
+
+	return &envoy_core_v3.GrpcService{
+		TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{
+			EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{
+				ClusterName: clusterName,
+				Authority:   a.GrpcService.Authority,
+			},
+		},
+		Timeout:         target.timeoutDurationPB(),
+		InitialMetadata: initialMetadata,
+	}, nil
+}
+
+// getClusterName returns the name of the cluster for the OpenTelemetry access logging service.
+// If the extension is configured with an upstream OpenTelemetry access logging service then the name of the cluster for
+// that upstream is returned. If the extension is configured with a URI, the only allowed host is `localhost`
+// and the extension will insert a new cluster with the name "local_access_log", so we use that name.
+func (a *AccessLog) getClusterName(cfg *cmn.RuntimeConfig, target *Target) (string, error) {
+	var err error
+	clusterName := LocalAccessLogClusterName
+	if target.isService() {
+		if clusterName, err = target.clusterName(cfg); err != nil {
+			return "", err
+		}
+	}
+	return clusterName, nil
+}
+
+// toEnvoyCluster returns an Envoy cluster for connecting to the OpenTelemetry access logging service.
+// If the extension is configured with the OpenTelemetry access logging service locally via the URI set to localhost,
+// this func will return a new cluster definition that will allow the proxy to connect to the OpenTelemetry access logging
+// service running on localhost on the configured port.
+//
+// If the extension is configured with the OpenTelemetry access logging service as an upstream there is no need to insert
+// a new cluster so this method returns nil.
+func (a *AccessLog) toEnvoyCluster(_ *cmn.RuntimeConfig) (*envoy_cluster_v3.Cluster, error) {
+	target := a.GrpcService.Target
+
+	// If the target is an upstream we do not need to create a cluster. We will use the cluster of the upstream.
+	if target.isService() {
+		return nil, nil
+	}
+
+	host, port, err := target.addr()
+	if err != nil {
+		return nil, err
+	}
+
+	clusterType := &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STATIC}
+	if host == localhost {
+		// If the host is "localhost" use a STRICT_DNS cluster type to perform DNS lookup.
+		clusterType = &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STRICT_DNS}
+	}
+
+	var typedExtProtoOpts map[string]*anypb.Any
+
+	httpProtoOpts := &envoy_upstreams_http_v3.HttpProtocolOptions{
+		UpstreamProtocolOptions: &envoy_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{
+			ExplicitHttpConfig: &envoy_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig{
+				ProtocolConfig: &envoy_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{},
+			},
+		},
+	}
+	httpProtoOptsAny, err := anypb.New(httpProtoOpts)
+	if err != nil {
+		return nil, err
+	}
+	typedExtProtoOpts = make(map[string]*anypb.Any)
+	typedExtProtoOpts["envoy.extensions.upstreams.http.v3.HttpProtocolOptions"] = httpProtoOptsAny
+
+	return &envoy_cluster_v3.Cluster{
+		Name:                 LocalAccessLogClusterName,
+		ClusterDiscoveryType: clusterType,
+		ConnectTimeout:       target.timeoutDurationPB(),
+		LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{
+			ClusterName: LocalAccessLogClusterName,
+			Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{
+				{
+					LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{{
+						HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
+							Endpoint: &envoy_endpoint_v3.Endpoint{
+								Address: &envoy_core_v3.Address{
+									Address: &envoy_core_v3.Address_SocketAddress{
+										SocketAddress: &envoy_core_v3.SocketAddress{
+											Address: host,
+											PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{
+												PortValue: uint32(port),
+											},
+										},
+									},
+								},
+							},
+						},
+					}},
+				},
+			},
+		},
+		TypedExtensionProtocolOptions: typedExtProtoOpts,
+	}, nil
+}
+
+func (a *AccessLog) toEnvoyCommonGrpcAccessLogConfig(cfg *cmn.RuntimeConfig) (*envoy_extensions_access_loggers_grpc_v3.CommonGrpcAccessLogConfig, error) {
+	config := &envoy_extensions_access_loggers_grpc_v3.CommonGrpcAccessLogConfig{
+		LogName:                 a.LogName,
+		BufferSizeBytes:         wrapperspb.UInt32(a.BufferSizeBytes),
+		FilterStateObjectsToLog: a.FilterStateObjectsToLog,
+		TransportApiVersion:     envoy_core_v3.ApiVersion_V3,
+	}
+
+	if a.BufferFlushInterval != nil {
+		config.BufferFlushInterval = durationpb.New(*a.BufferFlushInterval)
+	}
+
+	if a.RetryPolicy != nil {
+		config.GrpcStreamRetryPolicy = a.RetryPolicy.toEnvoy()
+	}
+
+	grpcSvc, err := a.envoyGrpcService(cfg)
+	if err != nil {
+		return nil, err
+	}
+	config.GrpcService = grpcSvc
+
+	return config, nil
+}
+
+type GrpcService struct {
+	Target          *Target
+	Authority       string
+	InitialMetadata []*HeaderValue
+}
+
+func (v *GrpcService) normalize() {
+	if v == nil {
+		return
+	}
+	v.Target.normalize()
+}
+
+func (v *GrpcService) validate() error {
+	var resultErr error
+	if v == nil {
+		return resultErr
+	}
+
+	if v.Target == nil {
+		resultErr = multierror.Append(resultErr, fmt.Errorf("GrpcService.Target must be set"))
+	}
+	if err := v.Target.validate(); err != nil {
+		resultErr = multierror.Append(resultErr, err)
+	}
+	return resultErr
+}
+
+type HeaderValue struct {
+	Key   string
+	Value string
+}
+
+func (h *HeaderValue) toEnvoy() *envoy_core_v3.HeaderValue {
+	if h == nil {
+		return nil
+	}
+	return &envoy_core_v3.HeaderValue{Key: h.Key, Value: h.Value}
+}
+
+type Target struct {
+	Service api.CompoundServiceName
+	URI     string
+	Timeout string
+
+	timeout *time.Duration
+	host    string
+	port    int
+}
+
+// addr returns the host and port for the target when the target is a URI.
+// It returns a non-nil error if the target is not a URI.
+func (t Target) addr() (string, int, error) {
+	if !t.isURI() {
+		return "", 0, fmt.Errorf("target is not configured with a URI, set Target.URI")
+	}
+	return t.host, t.port, nil
+}
+
+// clusterName returns the cluster name for the target when the target is an upstream service.
+// It searches through the upstreams in the provided runtime configuration and returns the name
+// of the cluster for the first upstream service that matches the target service.
+// It returns a non-nil error if a matching cluster is not found or if the target is not an
+// upstream service.
+func (t Target) clusterName(cfg *cmn.RuntimeConfig) (string, error) {
+	if !t.isService() {
+		return "", fmt.Errorf("target is not configured with an upstream service, set Target.Service")
+	}
+
+	for service, upstream := range cfg.Upstreams {
+		if service == t.Service {
+			for sni := range upstream.SNIs {
+				return sni, nil
+			}
+		}
+	}
+	return "", fmt.Errorf("no upstream definition found for service %q", t.Service.Name)
+}
+
+func (t Target) isService() bool {
+	return t.Service.Name != ""
+}
+
+func (t Target) isURI() bool {
+	return t.URI != ""
+}
+
+func (t *Target) normalize() {
+	if t == nil {
+		return
+	}
+	t.Service.Namespace = acl.NamespaceOrDefault(t.Service.Namespace)
+	t.Service.Partition = acl.PartitionOrDefault(t.Service.Partition)
+}
+
+// timeoutDurationPB returns the target's timeout as a *durationpb.Duration.
+// It returns nil if the timeout has not been explicitly set.
+func (t *Target) timeoutDurationPB() *durationpb.Duration {
+	if t == nil || t.timeout == nil {
+		return nil
+	}
+	return durationpb.New(*t.timeout)
+}
+
+func (t *Target) validate() error {
+	var err, resultErr error
+	if t == nil {
+		return resultErr
+	}
+
+	if t.isURI() == t.isService() {
+		resultErr = multierror.Append(resultErr, fmt.Errorf("exactly one of Target.Service or Target.URI must be set"))
+	}
+
+	if t.isURI() {
+		t.host, t.port, err = parseAddr(t.URI)
+		if err == nil {
+			switch t.host {
+			case localhost, localhostIPv4, localhostIPv6:
+			default:
+				resultErr = multierror.Append(resultErr,
+					fmt.Errorf("invalid host for Target.URI %q: expected %q, %q, or %q", t.URI, localhost, localhostIPv4, localhostIPv6))
+			}
+		} else {
+			resultErr = multierror.Append(resultErr, fmt.Errorf("invalid format for Target.URI %q: expected host:port", t.URI))
+		}
+	}
+
+	if t.Timeout != "" {
+		if d, err := time.ParseDuration(t.Timeout); err == nil {
+			t.timeout = &d
+		} else {
+			resultErr = multierror.Append(resultErr, fmt.Errorf("failed to parse Target.Timeout %q as a duration: %w", t.Timeout, err))
+		}
+	}
+	return resultErr
+}
+
+type RetryPolicy struct {
+	RetryBackOff *RetryBackOff
+	NumRetries   uint32
+}
+
+func (r *RetryPolicy) normalize() {
+	if r == nil {
+		return
+	}
+	r.RetryBackOff.normalize()
+}
+
+func (r *RetryPolicy) toEnvoy() *envoy_core_v3.RetryPolicy {
+	if r == nil {
+		return nil
+	}
+
+	return &envoy_core_v3.RetryPolicy{
+		RetryBackOff: r.RetryBackOff.toEnvoy(),
+		NumRetries:   wrapperspb.UInt32(r.NumRetries),
+	}
+}
+
+type RetryBackOff struct {
+	BaseInterval *time.Duration
+	MaxInterval  *time.Duration
+}
+
+func (v *RetryBackOff) normalize() {
+	if v == nil {
+		return
+	}
+
+	if v.BaseInterval == nil {
+		v.BaseInterval = new(time.Duration)
+		*v.BaseInterval = time.Second
+	}
+
+	if v.MaxInterval == nil {
+		v.MaxInterval = new(time.Duration)
+		*v.MaxInterval = time.Second * 30
+	}
+}
+
+func (r *RetryBackOff) toEnvoy() *envoy_core_v3.BackoffStrategy {
+	if r == nil {
+		return nil
+	}
+
+	return &envoy_core_v3.BackoffStrategy{
+		BaseInterval: durationpb.New(*r.BaseInterval),
+		MaxInterval:  durationpb.New(*r.MaxInterval),
+	}
+}
+
+func parseAddr(s string) (host string, port int, err error) {
+	// Strip the protocol if one was provided
+	if _, addr, hasProto := strings.Cut(s, "://"); hasProto {
+		s = addr
+	}
+	idx := strings.LastIndex(s, ":")
+	switch idx {
+	case -1, len(s) - 1:
+		err = fmt.Errorf("invalid input format %q: expected host:port", s)
+	case 0:
+		host = localhost
+		port, err = strconv.Atoi(s[idx+1:])
+	default:
+		host = s[:idx]
+		port, err = strconv.Atoi(s[idx+1:])
+	}
+	return
+}
diff --git a/agent/envoyextensions/registered_extensions.go b/agent/envoyextensions/registered_extensions.go
index cef7598da35d..b2bb2aeeaaa9 100644
--- a/agent/envoyextensions/registered_extensions.go
+++ b/agent/envoyextensions/registered_extensions.go
@@ -12,6 +12,7 @@ import (
 	awslambda "github.com/hashicorp/consul/agent/envoyextensions/builtin/aws-lambda"
 	extauthz "github.com/hashicorp/consul/agent/envoyextensions/builtin/ext-authz"
 	"github.com/hashicorp/consul/agent/envoyextensions/builtin/lua"
+	otelaccesslogging "github.com/hashicorp/consul/agent/envoyextensions/builtin/otel-access-logging"
 	propertyoverride "github.com/hashicorp/consul/agent/envoyextensions/builtin/property-override"
 	"github.com/hashicorp/consul/agent/envoyextensions/builtin/wasm"
 	"github.com/hashicorp/consul/api"
@@ -21,11 +22,12 @@ import (
 type extensionConstructor func(api.EnvoyExtension) (extensioncommon.EnvoyExtender, error)
 
 var extensionConstructors = map[string]extensionConstructor{
-	api.BuiltinLuaExtension:              lua.Constructor,
-	api.BuiltinAWSLambdaExtension:        awslambda.Constructor,
-	api.BuiltinPropertyOverrideExtension: propertyoverride.Constructor,
-	api.BuiltinWasmExtension:             wasm.Constructor,
-	api.BuiltinExtAuthzExtension:         extauthz.Constructor,
+	api.BuiltinOTELAccessLoggingExtension: otelaccesslogging.Constructor,
+	api.BuiltinLuaExtension:               lua.Constructor,
+	api.BuiltinAWSLambdaExtension:         awslambda.Constructor,
+	api.BuiltinPropertyOverrideExtension:  propertyoverride.Constructor,
+	api.BuiltinWasmExtension:              wasm.Constructor,
+	api.BuiltinExtAuthzExtension:          extauthz.Constructor,
 }
 
 // ConstructExtension attempts to lookup and build an extension from the registry with the
diff --git a/api/config_entry.go b/api/config_entry.go
index 77548194d5c4..b59c20fd3007 100644
--- a/api/config_entry.go
+++ b/api/config_entry.go
@@ -39,11 +39,12 @@ const (
 )
 
 const (
-	BuiltinAWSLambdaExtension        string = "builtin/aws/lambda"
-	BuiltinExtAuthzExtension         string = "builtin/ext-authz"
-	BuiltinLuaExtension              string = "builtin/lua"
-	BuiltinPropertyOverrideExtension string = "builtin/property-override"
-	BuiltinWasmExtension             string = "builtin/wasm"
+	BuiltinAWSLambdaExtension         string = "builtin/aws/lambda"
+	BuiltinExtAuthzExtension          string = "builtin/ext-authz"
+	BuiltinLuaExtension               string = "builtin/lua"
+	BuiltinOTELAccessLoggingExtension string = "builtin/otel-access-logging"
+	BuiltinPropertyOverrideExtension  string = "builtin/property-override"
+	BuiltinWasmExtension              string = "builtin/wasm"
 	// BuiltinValidateExtension should not be exposed directly or accepted as a valid configured
 	// extension type, as it is only used indirectly via troubleshooting tools. It is included here
 	// for common reference alongside other builtin extensions.
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
index 2d3c48789a90..477b889c23a1 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
@@ -21,6 +21,7 @@ Click on a property name to view additional details, including default values.
 - [`Name`](#name): string | required | must be set to `builtin/ext-authz` 
 - [`Arguments`](#arguments): map | required
    - [`ProxyType`](#arguments-proxytype): string | required | `connect-proxy`
+   - [`ListenerType`](#arguments-listenertype): string | required | `inbound`
    - [`InsertOptions`](#arguments-insertoptions): map
       - [`Location`](#arguments-insertoptions-location): string
       - [FilterName](#arguments-insertoptions-filtername): string
@@ -237,6 +238,18 @@ Specifies the type of Envoy proxy that this extension applies to. The extension
 - This field is required.
 - Data type: String
 
+### `Arguments.ListenerType`
+
+Specifies the type of listener the extension applies to. The listener type is either `inbound` or `outbound`. If the listener type is set to `inbound`, Consul applies the extension so the external authorization is enabled when other services in the mesh send messages to the service attached to the proxy. If the listener type is set to `outbound`, Consul applies the extension so the external authorization is enabled when the attached proxy sends messages to other services in the mesh.
+
+#### Values
+
+- Default: `inbound`
+- This field is required.
+- Data type is one of the following string values:
+  - `inbound`
+  - `outbound`
+
 ### `Arguments.InsertOptions`
 
 Specifies options for defining the insertion point for the external authorization filter in the Envoy filter chain. By default, the external authorization filter is inserted as the first filter in the filter chain per the default setting for the [`Location`](#arguments-insertoptions-location) field. 
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/otel-access-logging.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/otel-access-logging.mdx
new file mode 100644
index 000000000000..9cef3a563650
--- /dev/null
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/otel-access-logging.mdx
@@ -0,0 +1,390 @@
+---
+layout: docs
+page_title: OpenTelemetry Access Logging extension configuration reference
+description: Learn how to configure the otel-access-logging Envoy extension, which is a builtin Consul extension that configures Envoy proxies to send access logs to OpenTelemetry collector service.
+---
+
+# OpenTelemetry Access Logging extension configuration reference
+
+This topic describes how to configure the OpenTelemetry access logging Envoy extension, which configures Envoy proxies to send access logs to OpenTelemetry collector service. Refer to [Send access logs to OpenTelemetry collector service](/consul/docs/connect/proxies/envoy-extensions/usage/otel-access-logging) for usage information.
+
+## Configuration model
+
+The following list outlines the field hierarchy, data types, and requirements for the OpenTelemetry access logging configuration. Place the configuration inside the `EnvoyExtension.Arguments` field in the proxy defaults or service defaults configuration entry. Refer to the following documentation for additional information:
+
+- [`EnvoyExtensions` in proxy defaults](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions)
+- [`EnvoyExtensions` in service defaults](/consul/docs/connect/config-entries/service-defaults#envoyextensions)
+- [Envoy OpenTelemetry Access Logging Configuration documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/open_telemetry/v3/logs_service.proto#extensions-access-loggers-open-telemetry-v3-opentelemetryaccesslogconfig)
+
+Click on a property name to view additional details, including default values.
+
+- [`Name`](#name): string | required | must be set to `builtin/otel-access-logging` 
+- [`Arguments`](#arguments): map | required
+   - [`ProxyType`](#arguments-proxytype): string | required | `connect-proxy`
+   - [`ListenerType`](#arguments-listenertype): string | required | `inbound`
+   - [`Config`](#arguments-config): map | required
+      - [`LogName`](#arguments-config-logname): string
+      - [`GrpcService`](#arguments-config-grpcservice): map
+        - [`Target`](#arguments-config-grpcservice-target): map | required
+          - [`Service`](#arguments-config-grpcservice-target-service): map
+            - [`Name`](#arguments-config-grpcservice-target-service): string
+            - [`Namespace`](#arguments-config-grpcservice-target-service): string | <EnterpriseAlert inline/>
+            - [`Partition`](#arguments-config-grpcservice-target-service): string | <EnterpriseAlert inline/>
+          - [`URI`](#arguments-config-grpcservice-target-uri): string
+          - [`Timeout`](#arguments-config-grpcservice-target-timeout): string | `1s`
+        - [`Authority`](#arguments-config-grpcservice-authority): string
+        - [`InitialMetadata`](#arguments-config-grpcservice-initialmetadata): list
+          - [`Key`](#arguments-config-grpcservice-initialmetadata): string
+          - [`Value`](#arguments-config-grpcservice-initialmetadata): string
+      - [`BufferFlushInterval`](#arguments-config-bufferflushinterval): string
+      - [`BufferSizeBytes`](#arguments-config-buffersizebytes): number
+      - [`FilterStateObjectsToLog`](#arguments-config-filterstateobjectstolog): list of strings
+      - [`RetryPolicy`](#arguments-config-retrypolicy): map
+        - [`RetryBackOff`](#arguments-config-retrypolicy-retrybackoff): map
+          - [`BaseInterval`](#arguments-config-retrypolicy-retrybackoff): string | `1s`
+          - [`MaxInterval`](#arguments-config-retrypolicy-retrybackoff): string | `30s`
+        - [`NumRetries`](#arguments-config-retrypolicy-numretries): number
+      - [`Body`](#arguments-config-body): string, number, boolean or list of bytes
+      - [`Attributes`](#arguments-config-attributes): map of string to string, number, boolean or list of bytes
+      - [`ResourceAttributes`](#arguments-config-resourceattributes): map of string to string, number, boolean or list of bytes
+
+## Complete configuration
+
+When each field is defined, an `otel-access-logging` configuration has the following form:
+
+```hcl
+Name = "builtin/otel-access-logging" 
+Arguments = {
+   ProxyType = "connect-proxy"
+   ListenerType = "<inbound or outbound>"
+   Config = {
+      LogName = "<user-readable name of the access log>"
+      GrpcService = {
+        Target = {
+            Service = {
+              Name = "<upstream service to send gRPC authorization requests to>"
+              Namespace = "<namespace containing the upstream service>"
+              Partition = "<partition containing the upstream service>"
+            }
+            URI = "<URI of the upstream service>"   
+            Timeout = "1s"
+        }
+        Authority = "<authority header to send in the gRPC request>"     
+        InitialMetadata = [
+            "<Key>" : "<value>"
+        ]
+      }
+      BufferFlushInterval = "1s"
+      BufferSizeBytes = 16384
+      FilterStateObjectsToLog = [
+        "Additional filter state objects to log in filter_state_objects"
+      ]
+      RetryPolicy = {
+        RetryBackOff = {
+            BaseInterval = "1s"
+            MaxInterval = "30s"
+        }
+        NumRetries = <uint32 value specifying the max number of retries>
+      }
+      Body = "Log Request Body"
+      Attributes = {
+         "<Key>" : "<value>"
+      }
+      ResourceAttributes = {
+         "<Key>" : "<value>"
+      }
+```
+
+## Specification
+
+This section provides details about the fields you can configure for the OpenTelemetry Access Logging extension.
+### `Name`
+
+Specifies the name of the extension. Must be set to `builtin/otel-access-logging`.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String value set to `builtin/otel-access-logging`.
+
+### `Arguments`
+
+Contains the global configuration for the extension.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+### `Arguments.ProxyType`
+
+Specifies the type of Envoy proxy that this extension applies to. The extension only applies to proxies that match this type and is ignored for all other proxy types. The only supported value is `connect-proxy`.
+
+#### Values
+
+- Default: `connect-proxy`
+- This field is required.
+- Data type: String
+
+### `Arguments.ListenerType`
+
+Specifies the type of listener the extension applies to. The listener type is either `inbound` or `outbound`. If the listener type is set to `inbound`, Consul applies the extension so the access logging is enabled when other services in the mesh send messages to the service attached to the proxy. If the listener type is set to `outbound`, Consul applies the extension so the access logging is enabled when the attached proxy sends messages to other services in the mesh.
+
+#### Values
+
+- Default: `inbound`
+- This field is required.
+- Data type is one of the following string values:
+  - `inbound`
+  - `outbound`
+
+### `Arguments.Config`
+
+Contains the configuration settings for the extension.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+### `Arguments.Config.LogName`
+
+Specifies the user-readable name of the access log to be returned in `StreamAccessLogsMessage.Identifier`. This allows the access log server to differentiate between different access logs coming from the same Envoy. If you leave it empty, it inherits the value from `ListenerType`.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `Arguments.Config.GrpcService`
+
+Specifies the OpenTelemetry Access Logging configuration for gRPC requests.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+### `Arguments.Config.GrpcService.Target`
+
+Configuration for specifying the service to send gRPC access logging requests to. The `Target` field may contain the following fields:
+
+- [`Service`](#arguments-config-grpcservice-target-service) or [`Uri`](#arguments-config-grpcservice-target-uri)
+- [`Timeout`](#arguments-config-grpcservice-target-timeout)
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: Map
+
+### `Arguments.Config.GrpcService.Target.Service`
+
+Specifies the upstream OpenTelemetry collector service. Configure this field when access logging requests are sent to an upstream service within the service mesh. The service must be configured as an upstream of the service that the filter is applied to.
+
+Configure either the `Service` field or the [`Uri`](#arguments-config-grpcservice-target-uri) field, but not both. 
+ 
+#### Values
+
+- Default: None
+- This field or [`Uri`](#arguments-config-grpcservice-target-uri) is required.
+- Data type: Map
+
+The following table describes how to configure parameters for the `Service` field:
+
+| Parameter   | Description                                                                                          | Data type | Default   |
+| ----------- | ---------------------------------------------------------------------------------------------------- | --------- | --------- |
+| `Name`      | Specifies the name of the upstream service.                                                          | String    | None      |
+| `Namespace` | <EnterpriseAlert inline/> Specifies the Consul namespace that the upstream service belongs to.       | String    | `default` |
+| `Partition` | <EnterpriseAlert inline/> Specifies the Consul admin partition that the upstream service belongs to. | String    | `default` |
+
+### `Arguments.Config.GrpcService.Target.Uri`
+
+Specifies the URI of the OpenTelemetry collector service. Configure this field when you must provide an explicit URI to the OpenTelemetry collector service, such as cases in which the access logging service is running on the same host or pod. If set, the value of this field must be one of `localhost:<port>`, `127.0.0.1:<port>`, or `::1:<port>`.
+
+Configure either the `Uri` field or the [`Service`](#arguments-config-grpcservice-target-service) field, but not both. 
+ 
+#### Values
+
+- Default: None
+- This field or [`Service`](#arguments-config-grpcservice-target-service) is required.
+- Data type: String
+
+### `Arguments.Config.GrpcService.Target.Timeout`
+
+Specifies the maximum duration that a response can take to arrive upon request.
+ 
+#### Values
+
+- Default: `1s`
+- Data type: String
+
+### `Arguments.Config.GrpcService.Authority`
+
+Specifies the authority header to send in the gRPC request. If this field is not set, the authority field is set to the cluster name. This field does not override the SNI that Envoy sends to the OpenTelemetry collector service.
+ 
+#### Values
+
+- Default: Cluster name
+- Data type: String
+
+### `Arguments.Config.GrpcService.InitialMetadata`
+
+Specifies additional metadata to include in streams initiated to the `GrpcService`. You can specify metadata for injecting additional ad-hoc authorization headers, for example, `x-foo-bar: baz-key`. For more information, including details on header value syntax, refer to the [Envoy documentation on custom request headers](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#config-http-conn-man-headers-custom-request-headers).
+ 
+#### Values
+
+- Default: None
+- Data type: List of one or more key-value pairs:
+
+   - KEY: String
+   - VALUE: String
+
+### `Arguments.Config.BufferFlushInterval`
+
+Specifies an interval for flushing access logs to the gRPC stream. The logger flushes requests at the end of every interval or when the log reaches the batch size limit, whichever comes first.
+
+#### Values
+
+- Default: `1s`
+- Data type: String
+
+### `Arguments.Config.BufferSizeBytes`
+
+Specifies the soft size limit in bytes for the access log entries buffer. The logger buffers requests until it reaches this limit or every time the flush interval elapses, whichever comes first. Set this field to `0` to disable batching.
+
+#### Values
+
+- Default: `16384`
+- Data type: Integer
+
+### `Arguments.Config.FilterStateObjectsToLog`
+
+Specifies additional filter state objects to log in `filter_state_objects`. The logger calls `FilterState::Object::serializeAsProto` to serialize the filter state object.
+
+#### Values
+
+- Default: None
+- Data type: List of String
+
+### `Arguments.Config.RetryPolicy`
+
+Defines a policy for retrying requests to the upstream service when fetching the plugin data. The `RetryPolicy` field is a map containing the following parameters:
+
+- [`RetryBackoff`](#pluginconfig-vmconfig-code-remote-retrypolicy)
+- [`NumRetries`](#pluginconfig-vmconfig-code-remote-numretries)
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+### `Arguments.Config.RetryPolicy.RetryBackOff`
+
+Specifies parameters that control retry backoff strategy. 
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+The following table describes the fields you can specify in the `RetryBackOff` map:
+
+| Parameter      | Description                                                                                                                                                | Data type | Default |
+| -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | ------- |
+| `BaseInterval` | Specifies the base interval for determining the next backoff computation. Set a value greater than `0` and less than or equal to the `MaxInterval` value.  | String    | `1s`    |
+| `MaxInterval`  | Specifies the maximum interval between retries. Set the value greater than or equal to the `BaseInterval` value.                                           | String    | `10s`   |
+
+### `Arguments.Config.RetryPolicy.NumRetries`
+
+Specifies the number of times Envoy retries to fetch plugin data if the initial attempt is unsuccessful.
+
+#### Values
+
+- Default: `1`
+- Data type: Integer
+
+### `Arguments.Config.Body`
+
+Specifies OpenTelemetry [LogResource](https://github.com/open-telemetry/opentelemetry-proto/blob/main/opentelemetry/proto/logs/v1/logs.proto) fields, following [Envoy access logging formatting](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage). See ‘body’ in the LogResource proto for more details.
+
+#### Values
+
+- Default: None
+- Data type: String
+
+### `Arguments.Config.Attributes`
+
+Specifies `attributes` in the [LogResource](https://github.com/open-telemetry/opentelemetry-proto/blob/main/opentelemetry/proto/logs/v1/logs.proto). Refer to `attributes` in the LogResource proto for more details.
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+### `Arguments.Config.ResourceAttributes`
+
+Specifies OpenTelemetry [Resource](https://github.com/open-telemetry/opentelemetry-proto/blob/main/opentelemetry/proto/logs/v1/logs.proto#L51) attributes are filled with Envoy node information.
+
+#### Values
+
+- Default: None
+- Data type: Map
+
+## Examples
+
+The following examples demonstrate common configuration patterns for specific use cases.
+
+### OpenTelemetry Access Logging requests to URI
+
+In the following example, a service defaults configuration entry contains an `otel-access-logging` configuration. The configuration allows the `api` service to make gRPC OpenTelemetry Access Logging requests to a service at `localhost:9191`:
+
+```hcl
+Kind = "service-defaults"
+Name = "api"
+EnvoyExtensions = [
+  {
+    Name = "builtin/otel-access-logging"
+    Arguments = {
+      ProxyType = "connect-proxy"
+      Config = {
+        GrpcService = {
+          Target = {
+              URI = "127.0.0.1:9191"
+          }
+        }
+      }
+    }
+  }
+]
+```
+  
+### Upstream OpenTelemetry Access Logging
+
+In the following example, a service defaults configuration entry contains an `otel-access-logging` configuration. The configuration allows the `api` service to make gRPC OpenTelemetry Access Logging requests to a service named `otel-collector`:
+
+```hcl
+Kind = "service-defaults"
+Name = "api"
+EnvoyExtensions = [
+  {
+    Name = "builtin/otel-access-logging"
+    Arguments = {
+      ProxyType = "connect-proxy"
+      Config = {
+        GrpcService = {
+          Target = {
+            Service = {
+              Name = "otel-collector"
+            }
+          }
+        }
+      }
+    }
+  }
+]
+```
diff --git a/website/content/docs/connect/proxies/envoy-extensions/index.mdx b/website/content/docs/connect/proxies/envoy-extensions/index.mdx
index 8cea47b0ec6a..79f1dbb1f37d 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/index.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/index.mdx
@@ -23,6 +23,7 @@ Envoy extensions enable additional service mesh functionality in Consul by chang
 - External authorization
 - Lua
 - Lambda
+- OpenTelemetry Access Logging
 - Property override
 - WebAssembly (Wasm)
 
@@ -38,6 +39,10 @@ The `lambda` Envoy extension enables services to make requests to AWS Lambda fun
 
 The `lua` Envoy extension enables HTTP Lua filters in your Consul Envoy proxies. It allows you to run Lua scripts during Envoy requests and responses from Consul-generated Envoy resources. Refer to the [Lua extension documentation](/consul/docs/connect/proxies/envoy-extensions/usage/lua) for more information.
 
+### OpenTelemetry Access Logging
+
+The `otel-access-logging` Envoy extension lets you configure Envoy proxies to send access logs to OpenTelemetry collector service. Refer to the [OpenTelemetry Access Logging extension documentation](/consul/docs/connect/proxies/envoy-extensions/usage/otel-access-logging) for more information.
+
 ### Property override
 
 The `property-override` extension lets you set and unset individual properties on the Envoy resources that Consul generates. Use the extension instead of [escape-hatch overrides](/consul/docs/connect/proxies/envoy#escape-hatch-overrides) to enable advanced Envoy configuration. Refer to the [property override documentation](/consul/docs/connect/proxies/envoy-extensions/usage/property-override) for more information.
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
index afec572bee8a..76852e6c1c8c 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
@@ -138,7 +138,6 @@ $ consul config write api-auth-service-defaults.hcl
 
 ```shell-session
 $ consul config write api-auth-service-defaults.json
-
 ```
 
 </Tab>
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/otel-access-logging.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/otel-access-logging.mdx
new file mode 100644
index 000000000000..058f6dd9889f
--- /dev/null
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/otel-access-logging.mdx
@@ -0,0 +1,146 @@
+---
+layout: docs
+page_title: Send access logs to OpenTelemetry collector service
+description: Learn how to use the `otel-access-logging` Envoy extension to send access logs to OpenTelemetry collector service.
+---
+
+# Send access logs to OpenTelemetry collector service
+
+This topic describes how to use the OpenTelemetry Access Logging Envoy extension to send access logs to OpenTelemetry collector service.
+
+## Workflow
+
+Complete the following steps to use the OpenTelemetry Access Logging extension:
+
+1. Configure an `EnvoyExtensions` block in a service defaults or proxy defaults configuration entry. 
+1. Apply the configuration entry.
+
+## Add the `EnvoyExtensions`
+
+Add Envoy extension configurations to a proxy defaults or service defaults configuration entry. Place the extension configuration in an `EnvoyExtensions` block in the configuration entry.
+
+- When you configure Envoy extensions on proxy defaults, they apply to every service.
+- When you configure Envoy extensions on service defaults, they apply to a specific service.
+
+Consul applies Envoy extensions configured in proxy defaults before it applies extensions in service defaults. As a result, the Envoy extension configuration in service defaults may override configurations in proxy defaults.
+
+The following example shows a service defaults configuration entry for the `api` service that directs the Envoy proxy to make gRPC OpenTelemetry Access Logging requests to the `otel-collector` service:
+
+<Tabs>
+<Tab heading="HCL" group="hcl">
+<CodeBlockConfig filename="api-otel-collector-service-defaults.hcl">
+
+```hcl
+Kind = "service-defaults"
+Name = "api"
+EnvoyExtensions = [
+  {
+    Name = "builtin/otel-access-logging"
+    Arguments = {
+      ProxyType = "connect-proxy"
+      Config = {
+        GrpcService = {
+          Target = {
+            Service = {
+              Name = "otel-collector"
+            }
+          }
+        }
+      }
+    }
+  }
+]
+```
+</CodeBlockConfig>
+</Tab>
+<Tab heading="JSON" group="json">
+<CodeBlockConfig filename="api-otel-collector-service-defaults.json">
+
+```json
+"Kind": "service-defaults",
+"Name": "api",
+"EnvoyExtensions": [{
+  "Name": "builtin/otel-access-logging",
+  "Arguments": {
+    "ProxyType": "connect-proxy",
+    "Config": {
+      "GrpcService": {
+        "Target": {
+          "Service": {
+            "Name": "otel-collector"
+          }
+        }
+      }
+    }
+  }
+}]
+```
+
+</CodeBlockConfig>
+</Tab>
+<Tab heading="Kubernetes" group="yaml">
+<CodeBlockConfig filename="api-otel-collector-service-defaults.yaml">
+
+```yaml
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceDefaults
+metadata:
+  name: api
+  namespace: default
+spec:
+  envoyExtensions:
+  - name: builtin/otel-access-logging
+    arguments:
+      proxyType: connect-proxy
+      config:
+        grpcService:
+          target:
+            service:
+              name: otel-collector
+              namespace: otel-collector
+```
+</CodeBlockConfig>
+</Tab>
+</Tabs>
+
+Refer to the [OpenTelemetry Access Logging extension configuration reference](/consul/docs/connect/proxies/envoy-extensions/configuration/otel-access-logging) for details on how to configure the extension.
+
+Refer to the [proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) and [service defaults configuration entry reference](/consul/docs/connect/config-entries/service-defaults) for details on how to define the configuration entries.
+
+!> **Warning:** Adding Envoy extensions default proxy configurations may have unintended consequences. We recommend configuring `EnvoyExtensions` in service defaults configuration entries in most cases.
+
+### Unsupported Envoy configuration fields
+
+The following Envoy configurations are not supported:
+
+| Configuration           | Workaround                                                                                                                     |
+| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
+| `transport_api_version` | Consul only supports v3 of the transport API. As a result, there is no workaround for implementing the behavior of this field. |
+
+## Apply the configuration entry
+
+If your network is deployed to virtual machines, use the `consul config write` command and specify the proxy defaults or service defaults configuration entry to apply the configuration. For Kubernetes-orchestrated networks, use the `kubectl apply` command. The following example applies the extension in a proxy defaults configuration entry.
+
+<Tabs>
+<Tab heading="HCL" group="hcl">
+
+```shell-session
+$ consul config write api-otel-collector-service-defaults.hcl
+```
+
+</Tab>
+<Tab heading="JSON" group="json">
+
+```shell-session
+$ consul config write api-otel-collector-service-defaults.json
+```
+
+</Tab>
+<Tab heading="Kubernetes" group="kubernetes">
+
+```shell-session
+$ kubectl apply -f api-otel-collector-service-defaults.yaml
+```
+
+</Tab>
+</Tabs>
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index f5789535cca5..8bb99505b7c9 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -511,6 +511,10 @@
                     "title": "Invoke Lambda functions in Envoy proxies",
                     "path": "connect/proxies/envoy-extensions/usage/lambda"
                   },
+                  {
+                    "title": "Send access logs to OpenTelemetry collector service",
+                    "path": "connect/proxies/envoy-extensions/usage/otel-access-logging"
+                  },
                   {
                     "title": "Configure Envoy proxy properties",
                     "path": "connect/proxies/envoy-extensions/usage/property-override"
@@ -528,6 +532,10 @@
                     "title": "External authorization",
                     "path": "connect/proxies/envoy-extensions/configuration/ext-authz"
                   },
+                  {
+                    "title": "OpenTelemetry Access Logging",
+                    "path": "connect/proxies/envoy-extensions/configuration/otel-access-logging"
+                  },
                   {
                     "title": "Property override",
                     "path": "connect/proxies/envoy-extensions/configuration/property-override"

From 0f48b7af5ec5fdf2237ba9e79a63160a071f6a91 Mon Sep 17 00:00:00 2001
From: Ashvitha <ashvitha.sridharan@hashicorp.com>
Date: Wed, 30 Aug 2023 13:25:26 -0400
Subject: [PATCH 340/359] [HCP Telemetry] Move first TelemetryConfig Fetch into
 the TelemetryConfigProvider (#18318)

* Add Enabler interface to turn sink on/off

* Use h for hcpProviderImpl vars, fix PR feeback and fix errors

* Keep nil check in exporter and fix tests

* Clarify comment and fix function name

* Use disable instead of enable

* Fix errors nit in otlp_transform

* Add test for refreshInterval of updateConfig

* Add disabled field in MetricsConfig struct

* Fix PR feedback: improve comment and remove double colons

* Fix deps test which requires a maybe

* Update hcp-sdk-go to v0.61.0

* use disabled flag in telemetry_config.go

* Handle 4XX errors in telemetry_provider

* Fix deps test

* Check 4XX instead

* Run make go-mod-tidy
---
 agent/hcp/client/telemetry_config.go       |  19 +-
 agent/hcp/client/telemetry_config_test.go  |  47 +----
 agent/hcp/deps.go                          |  39 ++--
 agent/hcp/deps_test.go                     |  84 +--------
 agent/hcp/telemetry/otel_exporter.go       |   6 +
 agent/hcp/telemetry/otel_exporter_test.go  |  17 +-
 agent/hcp/telemetry/otel_sink.go           |  22 ++-
 agent/hcp/telemetry/otel_sink_test.go      |  32 +++-
 agent/hcp/telemetry/otlp_transform.go      |  10 +-
 agent/hcp/telemetry/otlp_transform_test.go |   6 +-
 agent/hcp/telemetry_provider.go            | 112 ++++++-----
 agent/hcp/telemetry_provider_test.go       | 208 +++++++++++++--------
 go.mod                                     |   3 +-
 go.sum                                     |   6 +-
 test-integ/go.mod                          |   3 +-
 test-integ/go.sum                          |   6 +-
 test/integration/consul-container/go.mod   |   3 +-
 test/integration/consul-container/go.sum   |   6 +-
 troubleshoot/go.sum                        |   2 +-
 19 files changed, 321 insertions(+), 310 deletions(-)

diff --git a/agent/hcp/client/telemetry_config.go b/agent/hcp/client/telemetry_config.go
index 4c5b27c58b4f..0745f1b7c619 100644
--- a/agent/hcp/client/telemetry_config.go
+++ b/agent/hcp/client/telemetry_config.go
@@ -20,7 +20,7 @@ import (
 
 var (
 	// defaultMetricFilters is a regex that matches all metric names.
-	defaultMetricFilters = regexp.MustCompile(".+")
+	DefaultMetricFilters = regexp.MustCompile(".+")
 
 	// Validation errors for AgentTelemetryConfigOK response.
 	errMissingPayload         = errors.New("missing payload")
@@ -29,6 +29,7 @@ var (
 	errMissingMetricsConfig   = errors.New("missing metrics config")
 	errInvalidRefreshInterval = errors.New("invalid refresh interval")
 	errInvalidEndpoint        = errors.New("invalid metrics endpoint")
+	errEmptyEndpoint          = errors.New("empty metrics endpoint")
 )
 
 // TelemetryConfig contains configuration for telemetry data forwarded by Consul servers
@@ -43,6 +44,7 @@ type MetricsConfig struct {
 	Labels   map[string]string
 	Filters  *regexp.Regexp
 	Endpoint *url.URL
+	Disabled bool
 }
 
 // RefreshConfig contains configuration for the periodic fetch of configuration from HCP.
@@ -50,11 +52,6 @@ type RefreshConfig struct {
 	RefreshInterval time.Duration
 }
 
-// MetricsEnabled returns true if metrics export is enabled, i.e. a valid metrics endpoint exists.
-func (t *TelemetryConfig) MetricsEnabled() bool {
-	return t.MetricsConfig.Endpoint != nil
-}
-
 // validateAgentTelemetryConfigPayload ensures the returned payload from HCP is valid.
 func validateAgentTelemetryConfigPayload(resp *hcptelemetry.AgentTelemetryConfigOK) error {
 	if resp.Payload == nil {
@@ -86,7 +83,7 @@ func convertAgentTelemetryResponse(ctx context.Context, resp *hcptelemetry.Agent
 	telemetryConfig := resp.Payload.TelemetryConfig
 	metricsEndpoint, err := convertMetricEndpoint(telemetryConfig.Endpoint, telemetryConfig.Metrics.Endpoint)
 	if err != nil {
-		return nil, errInvalidEndpoint
+		return nil, err
 	}
 
 	metricsFilters := convertMetricFilters(ctx, telemetryConfig.Metrics.IncludeList)
@@ -97,6 +94,7 @@ func convertAgentTelemetryResponse(ctx context.Context, resp *hcptelemetry.Agent
 			Endpoint: metricsEndpoint,
 			Labels:   metricLabels,
 			Filters:  metricsFilters,
+			Disabled: telemetryConfig.Metrics.Disabled,
 		},
 		RefreshConfig: &RefreshConfig{
 			RefreshInterval: refreshInterval,
@@ -114,9 +112,8 @@ func convertMetricEndpoint(telemetryEndpoint string, metricsEndpoint string) (*u
 		endpoint = metricsEndpoint
 	}
 
-	// If endpoint is empty, server not registered with CCM, no error returned.
 	if endpoint == "" {
-		return nil, nil
+		return nil, errEmptyEndpoint
 	}
 
 	// Endpoint from CTW has no metrics path, so it must be added.
@@ -145,7 +142,7 @@ func convertMetricFilters(ctx context.Context, payloadFilters []string) *regexp.
 
 	if len(validFilters) == 0 {
 		logger.Error("no valid filters")
-		return defaultMetricFilters
+		return DefaultMetricFilters
 	}
 
 	// Combine the valid regex strings with OR.
@@ -153,7 +150,7 @@ func convertMetricFilters(ctx context.Context, payloadFilters []string) *regexp.
 	composedRegex, err := regexp.Compile(finalRegex)
 	if err != nil {
 		logger.Error("failed to compile final regex", "error", err)
-		return defaultMetricFilters
+		return DefaultMetricFilters
 	}
 
 	return composedRegex
diff --git a/agent/hcp/client/telemetry_config_test.go b/agent/hcp/client/telemetry_config_test.go
index 1e6e2cb23a29..d43024400779 100644
--- a/agent/hcp/client/telemetry_config_test.go
+++ b/agent/hcp/client/telemetry_config_test.go
@@ -88,7 +88,6 @@ func TestConvertAgentTelemetryResponse(t *testing.T) {
 		resp                 *consul_telemetry_service.AgentTelemetryConfigOK
 		expectedTelemetryCfg *TelemetryConfig
 		wantErr              error
-		expectedEnabled      bool
 	}{
 		"success": {
 			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
@@ -115,34 +114,6 @@ func TestConvertAgentTelemetryResponse(t *testing.T) {
 					RefreshInterval: 2 * time.Second,
 				},
 			},
-			expectedEnabled: true,
-		},
-		"successNoEndpoint": {
-			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
-				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
-					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{
-						Endpoint: "",
-						Labels:   map[string]string{"test": "test"},
-						Metrics: &models.HashicorpCloudConsulTelemetry20230414TelemetryMetricsConfig{
-							IncludeList: []string{"test", "consul"},
-						},
-					},
-					RefreshConfig: &models.HashicorpCloudConsulTelemetry20230414RefreshConfig{
-						RefreshInterval: "2s",
-					},
-				},
-			},
-			expectedTelemetryCfg: &TelemetryConfig{
-				MetricsConfig: &MetricsConfig{
-					Endpoint: nil,
-					Labels:   map[string]string{"test": "test"},
-					Filters:  validTestFilters,
-				},
-				RefreshConfig: &RefreshConfig{
-					RefreshInterval: 2 * time.Second,
-				},
-			},
-			expectedEnabled: false,
 		},
 		"successBadFilters": {
 			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
@@ -163,13 +134,12 @@ func TestConvertAgentTelemetryResponse(t *testing.T) {
 				MetricsConfig: &MetricsConfig{
 					Endpoint: validTestURL,
 					Labels:   map[string]string{"test": "test"},
-					Filters:  defaultMetricFilters,
+					Filters:  DefaultMetricFilters,
 				},
 				RefreshConfig: &RefreshConfig{
 					RefreshInterval: 2 * time.Second,
 				},
 			},
-			expectedEnabled: true,
 		},
 		"errorsWithInvalidRefreshInterval": {
 			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
@@ -209,7 +179,6 @@ func TestConvertAgentTelemetryResponse(t *testing.T) {
 			}
 			require.NoError(t, err)
 			require.Equal(t, tc.expectedTelemetryCfg, telemetryCfg)
-			require.Equal(t, tc.expectedEnabled, telemetryCfg.MetricsEnabled())
 		})
 	}
 }
@@ -231,10 +200,10 @@ func TestConvertMetricEndpoint(t *testing.T) {
 			override: "https://override.com",
 			expected: "https://override.com/v1/metrics",
 		},
-		"noErrorWithEmptyEndpoints": {
+		"errorWithEmptyEndpoints": {
 			endpoint: "",
 			override: "",
-			expected: "",
+			wantErr:  errEmptyEndpoint,
 		},
 		"errorWithInvalidURL": {
 			endpoint: "     ",
@@ -252,12 +221,6 @@ func TestConvertMetricEndpoint(t *testing.T) {
 				return
 			}
 
-			if tc.expected == "" {
-				require.Nil(t, u)
-				require.NoError(t, err)
-				return
-			}
-
 			require.NotNil(t, u)
 			require.NoError(t, err)
 			require.Equal(t, tc.expected, u.String())
@@ -277,13 +240,13 @@ func TestConvertMetricFilters(t *testing.T) {
 	}{
 		"badFilterRegex": {
 			filters:             []string{"(*LF)"},
-			expectedRegexString: defaultMetricFilters.String(),
+			expectedRegexString: DefaultMetricFilters.String(),
 			matches:             []string{"consul.raft.peers", "consul.mem.heap_size"},
 			wantMatch:           true,
 		},
 		"emptyRegex": {
 			filters:             []string{},
-			expectedRegexString: defaultMetricFilters.String(),
+			expectedRegexString: DefaultMetricFilters.String(),
 			matches:             []string{"consul.raft.peers", "consul.mem.heap_size"},
 			wantMatch:           true,
 		},
diff --git a/agent/hcp/deps.go b/agent/hcp/deps.go
index e098bfc65eec..7bf384747dbd 100644
--- a/agent/hcp/deps.go
+++ b/agent/hcp/deps.go
@@ -6,19 +6,19 @@ package hcp
 import (
 	"context"
 	"fmt"
-	"time"
 
 	"github.com/armon/go-metrics"
-	hcpclient "github.com/hashicorp/consul/agent/hcp/client"
+	"github.com/hashicorp/go-hclog"
+
+	"github.com/hashicorp/consul/agent/hcp/client"
 	"github.com/hashicorp/consul/agent/hcp/config"
 	"github.com/hashicorp/consul/agent/hcp/scada"
 	"github.com/hashicorp/consul/agent/hcp/telemetry"
-	"github.com/hashicorp/go-hclog"
 )
 
 // Deps contains the interfaces that the rest of Consul core depends on for HCP integration.
 type Deps struct {
-	Client   hcpclient.Client
+	Client   client.Client
 	Provider scada.Provider
 	Sink     metrics.MetricSink
 }
@@ -27,7 +27,7 @@ func NewDeps(cfg config.CloudConfig, logger hclog.Logger) (Deps, error) {
 	ctx := context.Background()
 	ctx = hclog.WithContext(ctx, logger)
 
-	client, err := hcpclient.NewClient(cfg)
+	hcpClient, err := client.NewClient(cfg)
 	if err != nil {
 		return Deps{}, fmt.Errorf("failed to init client: %w", err)
 	}
@@ -37,50 +37,33 @@ func NewDeps(cfg config.CloudConfig, logger hclog.Logger) (Deps, error) {
 		return Deps{}, fmt.Errorf("failed to init scada: %w", err)
 	}
 
-	metricsClient, err := hcpclient.NewMetricsClient(ctx, &cfg)
+	metricsClient, err := client.NewMetricsClient(ctx, &cfg)
 	if err != nil {
 		logger.Error("failed to init metrics client", "error", err)
 		return Deps{}, fmt.Errorf("failed to init metrics client: %w", err)
 	}
 
-	sink, err := sink(ctx, client, metricsClient)
+	sink, err := sink(ctx, metricsClient, NewHCPProvider(ctx, hcpClient))
 	if err != nil {
 		// Do not prevent server start if sink init fails, only log error.
 		logger.Error("failed to init sink", "error", err)
 	}
 
 	return Deps{
-		Client:   client,
+		Client:   hcpClient,
 		Provider: provider,
 		Sink:     sink,
 	}, nil
 }
 
 // sink initializes an OTELSink which forwards Consul metrics to HCP.
-// The sink is only initialized if the server is registered with the management plane (CCM).
 // This step should not block server initialization, errors are returned, only to be logged.
 func sink(
 	ctx context.Context,
-	hcpClient hcpclient.Client,
 	metricsClient telemetry.MetricsClient,
+	cfgProvider *hcpProviderImpl,
 ) (metrics.MetricSink, error) {
-	logger := hclog.FromContext(ctx).Named("sink")
-	reqCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
-	defer cancel()
-
-	telemetryCfg, err := hcpClient.FetchTelemetryConfig(reqCtx)
-	if err != nil {
-		return nil, fmt.Errorf("failed to fetch telemetry config: %w", err)
-	}
-
-	if !telemetryCfg.MetricsEnabled() {
-		return nil, nil
-	}
-
-	cfgProvider, err := NewHCPProvider(ctx, hcpClient, telemetryCfg)
-	if err != nil {
-		return nil, fmt.Errorf("failed to init config provider: %w", err)
-	}
+	logger := hclog.FromContext(ctx)
 
 	reader := telemetry.NewOTELReader(metricsClient, cfgProvider)
 	sinkOpts := &telemetry.OTELSinkOpts{
@@ -90,7 +73,7 @@ func sink(
 
 	sink, err := telemetry.NewOTELSink(ctx, sinkOpts)
 	if err != nil {
-		return nil, fmt.Errorf("failed create OTELSink: %w", err)
+		return nil, fmt.Errorf("failed to create OTELSink: %w", err)
 	}
 
 	logger.Debug("initialized HCP metrics sink")
diff --git a/agent/hcp/deps_test.go b/agent/hcp/deps_test.go
index 101fe076cb69..7375dad68cb7 100644
--- a/agent/hcp/deps_test.go
+++ b/agent/hcp/deps_test.go
@@ -5,16 +5,10 @@ package hcp
 
 import (
 	"context"
-	"fmt"
-	"net/url"
-	"regexp"
 	"testing"
-	"time"
 
-	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 
-	"github.com/hashicorp/consul/agent/hcp/client"
 	"github.com/hashicorp/consul/agent/hcp/telemetry"
 )
 
@@ -24,79 +18,11 @@ type mockMetricsClient struct {
 
 func TestSink(t *testing.T) {
 	t.Parallel()
-	for name, test := range map[string]struct {
-		expect       func(*client.MockClient)
-		wantErr      string
-		expectedSink bool
-	}{
-		"success": {
-			expect: func(mockClient *client.MockClient) {
-				u, _ := url.Parse("https://test.com/v1/metrics")
-				filters, _ := regexp.Compile("test")
-				mt := mockTelemetryConfig(1*time.Second, u, filters)
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mt, nil)
-			},
-			expectedSink: true,
-		},
-		"noSinkWhenFetchTelemetryConfigFails": {
-			expect: func(mockClient *client.MockClient) {
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, fmt.Errorf("fetch failed"))
-			},
-			wantErr: "failed to fetch telemetry config",
-		},
-		"noSinkWhenServerNotRegisteredWithCCM": {
-			expect: func(mockClient *client.MockClient) {
-				mt := mockTelemetryConfig(1*time.Second, nil, nil)
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mt, nil)
-			},
-		},
-		"noSinkWhenTelemetryConfigProviderInitFails": {
-			expect: func(mockClient *client.MockClient) {
-				u, _ := url.Parse("https://test.com/v1/metrics")
-				// Bad refresh interval forces ConfigProvider creation failure.
-				mt := mockTelemetryConfig(0*time.Second, u, nil)
-				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mt, nil)
-			},
-			wantErr: "failed to init config provider",
-		},
-	} {
-		test := test
-		t.Run(name, func(t *testing.T) {
-			t.Parallel()
-			c := client.NewMockClient(t)
-			mc := mockMetricsClient{}
 
-			test.expect(c)
-			ctx := context.Background()
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	s, err := sink(ctx, mockMetricsClient{}, &hcpProviderImpl{})
 
-			s, err := sink(ctx, c, mc)
-
-			if test.wantErr != "" {
-				require.NotNil(t, err)
-				require.Contains(t, err.Error(), test.wantErr)
-				require.Nil(t, s)
-				return
-			}
-
-			if !test.expectedSink {
-				require.Nil(t, s)
-				require.Nil(t, err)
-				return
-			}
-
-			require.NotNil(t, s)
-		})
-	}
-}
-
-func mockTelemetryConfig(refreshInterval time.Duration, metricsEndpoint *url.URL, filters *regexp.Regexp) *client.TelemetryConfig {
-	return &client.TelemetryConfig{
-		MetricsConfig: &client.MetricsConfig{
-			Endpoint: metricsEndpoint,
-			Filters:  filters,
-		},
-		RefreshConfig: &client.RefreshConfig{
-			RefreshInterval: refreshInterval,
-		},
-	}
+	require.NotNil(t, s)
+	require.NoError(t, err)
 }
diff --git a/agent/hcp/telemetry/otel_exporter.go b/agent/hcp/telemetry/otel_exporter.go
index 461876333655..050d5660668d 100644
--- a/agent/hcp/telemetry/otel_exporter.go
+++ b/agent/hcp/telemetry/otel_exporter.go
@@ -23,7 +23,9 @@ type MetricsClient interface {
 // EndpointProvider provides the endpoint where metrics are exported to by the OTELExporter.
 // EndpointProvider exposes the GetEndpoint() interface method to fetch the endpoint.
 // This abstraction layer offers flexibility, in particular for dynamic configuration or changes to the endpoint.
+// The OTELExporter calls the Disabled interface to verify that it should actually export metrics.
 type EndpointProvider interface {
+	Disabled
 	GetEndpoint() *url.URL
 }
 
@@ -68,6 +70,10 @@ func (e *otelExporter) Aggregation(kind metric.InstrumentKind) aggregation.Aggre
 
 // Export serializes and transmits metric data to a receiver.
 func (e *otelExporter) Export(ctx context.Context, metrics *metricdata.ResourceMetrics) error {
+	if e.endpointProvider.IsDisabled() {
+		return nil
+	}
+
 	endpoint := e.endpointProvider.GetEndpoint()
 	if endpoint == nil {
 		return nil
diff --git a/agent/hcp/telemetry/otel_exporter_test.go b/agent/hcp/telemetry/otel_exporter_test.go
index 610fbb44e74b..ebe6486abca8 100644
--- a/agent/hcp/telemetry/otel_exporter_test.go
+++ b/agent/hcp/telemetry/otel_exporter_test.go
@@ -34,9 +34,11 @@ func (m *mockMetricsClient) ExportMetrics(ctx context.Context, protoMetrics *met
 
 type mockEndpointProvider struct {
 	endpoint *url.URL
+	disabled bool
 }
 
 func (m *mockEndpointProvider) GetEndpoint() *url.URL { return m.endpoint }
+func (m *mockEndpointProvider) IsDisabled() bool      { return m.disabled }
 
 func TestTemporality(t *testing.T) {
 	t.Parallel()
@@ -80,13 +82,20 @@ func TestExport(t *testing.T) {
 		client   MetricsClient
 		provider EndpointProvider
 	}{
+		"earlyReturnDisabledProvider": {
+			client: &mockMetricsClient{},
+			provider: &mockEndpointProvider{
+				disabled: true,
+			},
+		},
 		"earlyReturnWithoutEndpoint": {
 			client:   &mockMetricsClient{},
 			provider: &mockEndpointProvider{},
 		},
 		"earlyReturnWithoutScopeMetrics": {
-			client:  &mockMetricsClient{},
-			metrics: mutateMetrics(nil),
+			client:   &mockMetricsClient{},
+			metrics:  mutateMetrics(nil),
+			provider: &mockEndpointProvider{},
 		},
 		"earlyReturnWithoutMetrics": {
 			client: &mockMetricsClient{},
@@ -94,6 +103,7 @@ func TestExport(t *testing.T) {
 				{Metrics: []metricdata.Metrics{}},
 			},
 			),
+			provider: &mockEndpointProvider{},
 		},
 		"errorWithExportFailure": {
 			client: &mockMetricsClient{
@@ -110,6 +120,9 @@ func TestExport(t *testing.T) {
 				},
 			},
 			),
+			provider: &mockEndpointProvider{
+				endpoint: &url.URL{},
+			},
 			wantErr: "failed to export metrics",
 		},
 	} {
diff --git a/agent/hcp/telemetry/otel_sink.go b/agent/hcp/telemetry/otel_sink.go
index 7770f7eaaf16..12aae982016c 100644
--- a/agent/hcp/telemetry/otel_sink.go
+++ b/agent/hcp/telemetry/otel_sink.go
@@ -36,8 +36,15 @@ const (
 	defaultExportTimeout = 30 * time.Second
 )
 
+// Disabled should be implemented to turn on/off metrics processing
+type Disabled interface {
+	// IsDisabled() can return true disallow the sink from accepting metrics.
+	IsDisabled() bool
+}
+
 // ConfigProvider is required to provide custom metrics processing.
 type ConfigProvider interface {
+	Disabled
 	// GetLabels should return a set of OTEL attributes added by default all metrics.
 	GetLabels() map[string]string
 
@@ -147,8 +154,11 @@ func (o *OTELSink) IncrCounter(key []string, val float32) {
 // AddSampleWithLabels emits a Consul gauge metric that gets
 // registed by an OpenTelemetry Histogram instrument.
 func (o *OTELSink) SetGaugeWithLabels(key []string, val float32, labels []gometrics.Label) {
-	k := o.flattenKey(key)
+	if o.cfgProvider.IsDisabled() {
+		return
+	}
 
+	k := o.flattenKey(key)
 	if !o.allowedMetric(k) {
 		return
 	}
@@ -175,8 +185,11 @@ func (o *OTELSink) SetGaugeWithLabels(key []string, val float32, labels []gometr
 
 // AddSampleWithLabels emits a Consul sample metric that gets registed by an OpenTelemetry Histogram instrument.
 func (o *OTELSink) AddSampleWithLabels(key []string, val float32, labels []gometrics.Label) {
-	k := o.flattenKey(key)
+	if o.cfgProvider.IsDisabled() {
+		return
+	}
 
+	k := o.flattenKey(key)
 	if !o.allowedMetric(k) {
 		return
 	}
@@ -201,8 +214,11 @@ func (o *OTELSink) AddSampleWithLabels(key []string, val float32, labels []gomet
 
 // IncrCounterWithLabels emits a Consul counter metric that gets registed by an OpenTelemetry Histogram instrument.
 func (o *OTELSink) IncrCounterWithLabels(key []string, val float32, labels []gometrics.Label) {
-	k := o.flattenKey(key)
+	if o.cfgProvider.IsDisabled() {
+		return
+	}
 
+	k := o.flattenKey(key)
 	if !o.allowedMetric(k) {
 		return
 	}
diff --git a/agent/hcp/telemetry/otel_sink_test.go b/agent/hcp/telemetry/otel_sink_test.go
index 13c310b34ca0..30bbeee519b7 100644
--- a/agent/hcp/telemetry/otel_sink_test.go
+++ b/agent/hcp/telemetry/otel_sink_test.go
@@ -21,8 +21,9 @@ import (
 )
 
 type mockConfigProvider struct {
-	filter *regexp.Regexp
-	labels map[string]string
+	filter   *regexp.Regexp
+	labels   map[string]string
+	disabled bool
 }
 
 func (m *mockConfigProvider) GetLabels() map[string]string {
@@ -33,6 +34,10 @@ func (m *mockConfigProvider) GetFilters() *regexp.Regexp {
 	return m.filter
 }
 
+func (m *mockConfigProvider) IsDisabled() bool {
+	return m.disabled
+}
+
 var (
 	expectedResource = resource.NewSchemaless()
 
@@ -223,6 +228,29 @@ func TestOTELSink(t *testing.T) {
 	isSame(t, expectedSinkMetrics, collected)
 }
 
+func TestOTELSinkDisabled(t *testing.T) {
+	reader := metric.NewManualReader()
+	ctx := context.Background()
+
+	sink, err := NewOTELSink(ctx, &OTELSinkOpts{
+		ConfigProvider: &mockConfigProvider{
+			filter:   regexp.MustCompile("raft"),
+			disabled: true,
+		},
+		Reader: reader,
+	})
+	require.NoError(t, err)
+
+	sink.SetGauge([]string{"consul", "raft", "gauge"}, 1)
+	sink.IncrCounter([]string{"consul", "raft", "counter"}, 1)
+	sink.AddSample([]string{"consul", "raft", "sample"}, 1)
+
+	var collected metricdata.ResourceMetrics
+	err = reader.Collect(ctx, &collected)
+	require.NoError(t, err)
+	require.Empty(t, collected.ScopeMetrics)
+}
+
 func TestLabelsToAttributes(t *testing.T) {
 	for name, test := range map[string]struct {
 		providerLabels         map[string]string
diff --git a/agent/hcp/telemetry/otlp_transform.go b/agent/hcp/telemetry/otlp_transform.go
index a244f0f1a5f6..907e7922ad98 100644
--- a/agent/hcp/telemetry/otlp_transform.go
+++ b/agent/hcp/telemetry/otlp_transform.go
@@ -16,8 +16,8 @@ import (
 )
 
 var (
-	aggregationErr = errors.New("unsupported aggregation")
-	temporalityErr = errors.New("unsupported temporality")
+	errAggregaton  = errors.New("unsupported aggregation")
+	errTemporality = errors.New("unsupported temporality")
 )
 
 // isEmpty verifies if the given OTLP protobuf metrics contains metric data.
@@ -99,7 +99,7 @@ func metricTypeToPB(m metricdata.Metrics) (*mpb.Metric, error) {
 		}
 	case metricdata.Sum[float64]:
 		if a.Temporality != metricdata.CumulativeTemporality {
-			return out, fmt.Errorf("error: %w: %T", temporalityErr, a)
+			return out, fmt.Errorf("failed to convert metric to otel format: %w: %T", errTemporality, a)
 		}
 		out.Data = &mpb.Metric_Sum{
 			Sum: &mpb.Sum{
@@ -110,7 +110,7 @@ func metricTypeToPB(m metricdata.Metrics) (*mpb.Metric, error) {
 		}
 	case metricdata.Histogram[float64]:
 		if a.Temporality != metricdata.CumulativeTemporality {
-			return out, fmt.Errorf("error: %w: %T", temporalityErr, a)
+			return out, fmt.Errorf("failed to convert metric to otel format: %w: %T", errTemporality, a)
 		}
 		out.Data = &mpb.Metric_Histogram{
 			Histogram: &mpb.Histogram{
@@ -119,7 +119,7 @@ func metricTypeToPB(m metricdata.Metrics) (*mpb.Metric, error) {
 			},
 		}
 	default:
-		return out, fmt.Errorf("error: %w: %T", aggregationErr, a)
+		return out, fmt.Errorf("failed to convert metric to otel format: %w: %T", errAggregaton, a)
 	}
 	return out, nil
 }
diff --git a/agent/hcp/telemetry/otlp_transform_test.go b/agent/hcp/telemetry/otlp_transform_test.go
index 04ff40382dda..d67df73d8343 100644
--- a/agent/hcp/telemetry/otlp_transform_test.go
+++ b/agent/hcp/telemetry/otlp_transform_test.go
@@ -260,15 +260,15 @@ func TestTransformOTLP(t *testing.T) {
 	// MetricType Error Test Cases
 	_, err := metricTypeToPB(invalidHistTemporality)
 	require.Error(t, err)
-	require.ErrorIs(t, err, temporalityErr)
+	require.ErrorIs(t, err, errTemporality)
 
 	_, err = metricTypeToPB(invalidSumTemporality)
 	require.Error(t, err)
-	require.ErrorIs(t, err, temporalityErr)
+	require.ErrorIs(t, err, errTemporality)
 
 	_, err = metricTypeToPB(invalidSumAgg)
 	require.Error(t, err)
-	require.ErrorIs(t, err, aggregationErr)
+	require.ErrorIs(t, err, errAggregaton)
 
 	// Metrics Test Case
 	m := metricsToPB(inputMetrics)
diff --git a/agent/hcp/telemetry_provider.go b/agent/hcp/telemetry_provider.go
index 870d3b3685a4..22bb0f2f00b8 100644
--- a/agent/hcp/telemetry_provider.go
+++ b/agent/hcp/telemetry_provider.go
@@ -5,13 +5,13 @@ package hcp
 
 import (
 	"context"
-	"fmt"
 	"net/url"
 	"regexp"
 	"sync"
 	"time"
 
 	"github.com/armon/go-metrics"
+	"github.com/go-openapi/runtime"
 	"github.com/hashicorp/go-hclog"
 
 	"github.com/hashicorp/consul/agent/hcp/client"
@@ -23,6 +23,8 @@ var (
 	internalMetricRefreshFailure []string = []string{"hcp", "telemetry_config_provider", "refresh", "failure"}
 	// internalMetricRefreshSuccess is a metric to monitor refresh successes.
 	internalMetricRefreshSuccess []string = []string{"hcp", "telemetry_config_provider", "refresh", "success"}
+	// defaultTelemetryConfigRefreshInterval is a default fallback in case the first HCP fetch fails.
+	defaultTelemetryConfigRefreshInterval = 1 * time.Minute
 )
 
 // Ensure hcpProviderImpl implements telemetry provider interfaces.
@@ -46,47 +48,50 @@ type hcpProviderImpl struct {
 // dynamicConfig is a set of configurable settings for metrics collection, processing and export.
 // fields MUST be exported to compute hash for equals method.
 type dynamicConfig struct {
-	Endpoint *url.URL
-	Labels   map[string]string
-	Filters  *regexp.Regexp
+	disabled bool
+	endpoint *url.URL
+	labels   map[string]string
+	filters  *regexp.Regexp
 	// refreshInterval controls the interval at which configuration is fetched from HCP to refresh config.
-	RefreshInterval time.Duration
+	refreshInterval time.Duration
 }
 
-// NewHCPProvider initializes and starts a HCP Telemetry provider with provided params.
-func NewHCPProvider(ctx context.Context, hcpClient client.Client, telemetryCfg *client.TelemetryConfig) (*hcpProviderImpl, error) {
-	refreshInterval := telemetryCfg.RefreshConfig.RefreshInterval
-	// refreshInterval must be greater than 0, otherwise time.Ticker panics.
-	if refreshInterval <= 0 {
-		return nil, fmt.Errorf("invalid refresh interval: %d", refreshInterval)
-	}
-
-	cfg := &dynamicConfig{
-		Endpoint:        telemetryCfg.MetricsConfig.Endpoint,
-		Labels:          telemetryCfg.MetricsConfig.Labels,
-		Filters:         telemetryCfg.MetricsConfig.Filters,
-		RefreshInterval: refreshInterval,
+// defaultDisabledCfg disables metric collection and contains default config values.
+func defaultDisabledCfg() *dynamicConfig {
+	return &dynamicConfig{
+		labels:          map[string]string{},
+		filters:         client.DefaultMetricFilters,
+		refreshInterval: defaultTelemetryConfigRefreshInterval,
+		endpoint:        nil,
+		disabled:        true,
 	}
+}
 
-	t := &hcpProviderImpl{
-		cfg:       cfg,
+// NewHCPProvider initializes and starts a HCP Telemetry provider.
+func NewHCPProvider(ctx context.Context, hcpClient client.Client) *hcpProviderImpl {
+	h := &hcpProviderImpl{
+		// Initialize with default config values.
+		cfg:       defaultDisabledCfg(),
 		hcpClient: hcpClient,
 	}
 
-	go t.run(ctx, refreshInterval)
+	go h.run(ctx)
 
-	return t, nil
+	return h
 }
 
 // run continously checks for updates to the telemetry configuration by making a request to HCP.
-func (h *hcpProviderImpl) run(ctx context.Context, refreshInterval time.Duration) {
-	ticker := time.NewTicker(refreshInterval)
+func (h *hcpProviderImpl) run(ctx context.Context) {
+	// Try to initialize config once before starting periodic fetch.
+	h.updateConfig(ctx)
+
+	ticker := time.NewTicker(h.cfg.refreshInterval)
 	defer ticker.Stop()
 	for {
 		select {
 		case <-ticker.C:
-			if newCfg := h.getUpdate(ctx); newCfg != nil {
-				ticker.Reset(newCfg.RefreshInterval)
+			if newRefreshInterval := h.updateConfig(ctx); newRefreshInterval > 0 {
+				ticker.Reset(newRefreshInterval)
 			}
 		case <-ctx.Done():
 			return
@@ -94,9 +99,8 @@ func (h *hcpProviderImpl) run(ctx context.Context, refreshInterval time.Duration
 	}
 }
 
-// getUpdate makes a HTTP request to HCP to return a new metrics configuration
-// and updates the hcpProviderImpl.
-func (h *hcpProviderImpl) getUpdate(ctx context.Context) *dynamicConfig {
+// updateConfig makes a HTTP request to HCP to update metrics configuration held in the provider.
+func (h *hcpProviderImpl) updateConfig(ctx context.Context) time.Duration {
 	logger := hclog.FromContext(ctx).Named("telemetry_config_provider")
 
 	ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
@@ -104,9 +108,18 @@ func (h *hcpProviderImpl) getUpdate(ctx context.Context) *dynamicConfig {
 
 	telemetryCfg, err := h.hcpClient.FetchTelemetryConfig(ctx)
 	if err != nil {
+		// Only disable metrics on 404 or 401 to handle the case of an unlinked cluster.
+		// For other errors such as 5XX ones, we continue metrics collection, as these are potentially transient server-side errors.
+		apiErr, ok := err.(*runtime.APIError)
+		if ok && apiErr.IsClientError() {
+			disabledMetricsCfg := defaultDisabledCfg()
+			h.modifyDynamicCfg(disabledMetricsCfg)
+			return disabledMetricsCfg.refreshInterval
+		}
+
 		logger.Error("failed to fetch telemetry config from HCP", "error", err)
 		metrics.IncrCounter(internalMetricRefreshFailure, 1)
-		return nil
+		return 0
 	}
 
 	// newRefreshInterval of 0 or less can cause ticker Reset() panic.
@@ -114,24 +127,29 @@ func (h *hcpProviderImpl) getUpdate(ctx context.Context) *dynamicConfig {
 	if newRefreshInterval <= 0 {
 		logger.Error("invalid refresh interval duration", "refreshInterval", newRefreshInterval)
 		metrics.IncrCounter(internalMetricRefreshFailure, 1)
-		return nil
+		return 0
 	}
 
-	newDynamicConfig := &dynamicConfig{
-		Filters:         telemetryCfg.MetricsConfig.Filters,
-		Endpoint:        telemetryCfg.MetricsConfig.Endpoint,
-		Labels:          telemetryCfg.MetricsConfig.Labels,
-		RefreshInterval: newRefreshInterval,
+	newCfg := &dynamicConfig{
+		filters:         telemetryCfg.MetricsConfig.Filters,
+		endpoint:        telemetryCfg.MetricsConfig.Endpoint,
+		labels:          telemetryCfg.MetricsConfig.Labels,
+		refreshInterval: telemetryCfg.RefreshConfig.RefreshInterval,
+		disabled:        telemetryCfg.MetricsConfig.Disabled,
 	}
 
-	// Acquire write lock to update new configuration.
+	h.modifyDynamicCfg(newCfg)
+
+	return newCfg.refreshInterval
+}
+
+// modifyDynamicCfg acquires a write lock to update new configuration and emits a success metric.
+func (h *hcpProviderImpl) modifyDynamicCfg(newCfg *dynamicConfig) {
 	h.rw.Lock()
-	h.cfg = newDynamicConfig
+	h.cfg = newCfg
 	h.rw.Unlock()
 
 	metrics.IncrCounter(internalMetricRefreshSuccess, 1)
-
-	return newDynamicConfig
 }
 
 // GetEndpoint acquires a read lock to return endpoint configuration for consumers.
@@ -139,7 +157,7 @@ func (h *hcpProviderImpl) GetEndpoint() *url.URL {
 	h.rw.RLock()
 	defer h.rw.RUnlock()
 
-	return h.cfg.Endpoint
+	return h.cfg.endpoint
 }
 
 // GetFilters acquires a read lock to return filters configuration for consumers.
@@ -147,7 +165,7 @@ func (h *hcpProviderImpl) GetFilters() *regexp.Regexp {
 	h.rw.RLock()
 	defer h.rw.RUnlock()
 
-	return h.cfg.Filters
+	return h.cfg.filters
 }
 
 // GetLabels acquires a read lock to return labels configuration for consumers.
@@ -155,5 +173,13 @@ func (h *hcpProviderImpl) GetLabels() map[string]string {
 	h.rw.RLock()
 	defer h.rw.RUnlock()
 
-	return h.cfg.Labels
+	return h.cfg.labels
+}
+
+// IsDisabled acquires a read lock and return true if metrics are enabled.
+func (h *hcpProviderImpl) IsDisabled() bool {
+	h.rw.RLock()
+	defer h.rw.RUnlock()
+
+	return h.cfg.disabled
 }
diff --git a/agent/hcp/telemetry_provider_test.go b/agent/hcp/telemetry_provider_test.go
index 0c20a5742e42..9e6405a516d3 100644
--- a/agent/hcp/telemetry_provider_test.go
+++ b/agent/hcp/telemetry_provider_test.go
@@ -5,6 +5,7 @@ package hcp
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/url"
 	"regexp"
@@ -14,6 +15,7 @@ import (
 	"time"
 
 	"github.com/armon/go-metrics"
+	"github.com/go-openapi/runtime"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
@@ -39,64 +41,49 @@ type testConfig struct {
 	endpoint        string
 	labels          map[string]string
 	refreshInterval time.Duration
+	disabled        bool
 }
 
-func TestNewTelemetryConfigProvider(t *testing.T) {
+func TestNewTelemetryConfigProvider_DefaultConfig(t *testing.T) {
 	t.Parallel()
-	for name, tc := range map[string]struct {
-		testInputs *testConfig
-		wantErr    string
-	}{
-		"success": {
-			testInputs: &testConfig{
-				refreshInterval: 1 * time.Second,
-			},
-		},
-		"failsWithInvalidRefreshInterval": {
-			testInputs: &testConfig{
-				refreshInterval: 0 * time.Second,
-			},
-			wantErr: "invalid refresh interval",
-		},
-	} {
-		tc := tc
-		t.Run(name, func(t *testing.T) {
-			t.Parallel()
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 
-			ctx, cancel := context.WithCancel(context.Background())
-			defer cancel()
+	// Initialize new provider, but fail all HCP fetches.
+	mc := client.NewMockClient(t)
+	mc.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, errors.New("failed to fetch config"))
 
-			testCfg, err := testTelemetryCfg(tc.testInputs)
-			require.NoError(t, err)
+	provider := NewHCPProvider(ctx, mc)
+	provider.updateConfig(ctx)
 
-			cfgProvider, err := NewHCPProvider(ctx, client.NewMockClient(t), testCfg)
-			if tc.wantErr != "" {
-				require.Error(t, err)
-				require.Contains(t, err.Error(), tc.wantErr)
-				require.Nil(t, cfgProvider)
-				return
-			}
-			require.NotNil(t, cfgProvider)
-		})
+	// Assert provider has default configuration and metrics processing is disabled.
+	defaultCfg := &dynamicConfig{
+		labels:          map[string]string{},
+		filters:         client.DefaultMetricFilters,
+		refreshInterval: defaultTelemetryConfigRefreshInterval,
+		endpoint:        nil,
+		disabled:        true,
 	}
+	require.Equal(t, defaultCfg, provider.cfg)
 }
 
-func TestTelemetryConfigProviderGetUpdate(t *testing.T) {
+func TestTelemetryConfigProvider_UpdateConfig(t *testing.T) {
 	for name, tc := range map[string]struct {
-		mockExpect func(*client.MockClient)
-		metricKey  string
-		optsInputs *testConfig
-		expected   *testConfig
+		mockExpect       func(*client.MockClient)
+		metricKey        string
+		initCfg          *dynamicConfig
+		expected         *dynamicConfig
+		expectedInterval time.Duration
 	}{
 		"noChanges": {
-			optsInputs: &testConfig{
+			initCfg: testDynamicCfg(&testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				filters:  "test",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				refreshInterval: testRefreshInterval,
-			},
+			}),
 			mockExpect: func(m *client.MockClient) {
 				mockCfg, _ := testTelemetryCfg(&testConfig{
 					endpoint: "http://test.com/v1/metrics",
@@ -108,25 +95,26 @@ func TestTelemetryConfigProviderGetUpdate(t *testing.T) {
 				})
 				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mockCfg, nil)
 			},
-			expected: &testConfig{
+			expected: testDynamicCfg(&testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				filters:         "test",
 				refreshInterval: testRefreshInterval,
-			},
-			metricKey: testMetricKeySuccess,
+			}),
+			metricKey:        testMetricKeySuccess,
+			expectedInterval: testRefreshInterval,
 		},
 		"newConfig": {
-			optsInputs: &testConfig{
+			initCfg: testDynamicCfg(&testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				filters:  "test",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				refreshInterval: 2 * time.Second,
-			},
+			}),
 			mockExpect: func(m *client.MockClient) {
 				mockCfg, _ := testTelemetryCfg(&testConfig{
 					endpoint: "http://newendpoint/v1/metrics",
@@ -138,83 +126,136 @@ func TestTelemetryConfigProviderGetUpdate(t *testing.T) {
 				})
 				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mockCfg, nil)
 			},
-			expected: &testConfig{
+			expected: testDynamicCfg(&testConfig{
 				endpoint: "http://newendpoint/v1/metrics",
 				filters:  "consul",
 				labels: map[string]string{
 					"new_label": "1234",
 				},
 				refreshInterval: 2 * time.Second,
+			}),
+			expectedInterval: 2 * time.Second,
+			metricKey:        testMetricKeySuccess,
+		},
+		"newConfigMetricsDisabled": {
+			initCfg: testDynamicCfg(&testConfig{
+				endpoint: "http://test.com/v1/metrics",
+				filters:  "test",
+				labels: map[string]string{
+					"test_label": "123",
+				},
+				refreshInterval: 2 * time.Second,
+			}),
+			mockExpect: func(m *client.MockClient) {
+				mockCfg, _ := testTelemetryCfg(&testConfig{
+					endpoint: "",
+					filters:  "consul",
+					labels: map[string]string{
+						"new_label": "1234",
+					},
+					refreshInterval: 2 * time.Second,
+					disabled:        true,
+				})
+				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mockCfg, nil)
 			},
-			metricKey: testMetricKeySuccess,
+			expected: testDynamicCfg(&testConfig{
+				endpoint: "",
+				filters:  "consul",
+				labels: map[string]string{
+					"new_label": "1234",
+				},
+				refreshInterval: 2 * time.Second,
+				disabled:        true,
+			}),
+			metricKey:        testMetricKeySuccess,
+			expectedInterval: 2 * time.Second,
 		},
 		"sameConfigInvalidRefreshInterval": {
-			optsInputs: &testConfig{
+			initCfg: testDynamicCfg(&testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				filters:  "test",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				refreshInterval: testRefreshInterval,
-			},
+			}),
 			mockExpect: func(m *client.MockClient) {
 				mockCfg, _ := testTelemetryCfg(&testConfig{
 					refreshInterval: 0 * time.Second,
 				})
 				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mockCfg, nil)
 			},
-			expected: &testConfig{
+			expected: testDynamicCfg(&testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				filters:         "test",
 				refreshInterval: testRefreshInterval,
-			},
-			metricKey: testMetricKeyFailure,
+			}),
+			metricKey:        testMetricKeyFailure,
+			expectedInterval: 0,
 		},
 		"sameConfigHCPClientFailure": {
-			optsInputs: &testConfig{
+			initCfg: testDynamicCfg(&testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				filters:  "test",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				refreshInterval: testRefreshInterval,
-			},
+			}),
 			mockExpect: func(m *client.MockClient) {
 				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, fmt.Errorf("failure"))
 			},
-			expected: &testConfig{
+			expected: testDynamicCfg(&testConfig{
+				endpoint: "http://test.com/v1/metrics",
+				filters:  "test",
+				labels: map[string]string{
+					"test_label": "123",
+				},
+				refreshInterval: testRefreshInterval,
+			}),
+			metricKey:        testMetricKeyFailure,
+			expectedInterval: 0,
+		},
+		"disableMetrics404": {
+			initCfg: testDynamicCfg(&testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				filters:  "test",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				refreshInterval: testRefreshInterval,
+			}),
+			mockExpect: func(m *client.MockClient) {
+				err := runtime.NewAPIError("404 failure", nil, 404)
+				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, err)
 			},
-			metricKey: testMetricKeyFailure,
+			expected:         defaultDisabledCfg(),
+			metricKey:        testMetricKeySuccess,
+			expectedInterval: defaultTelemetryConfigRefreshInterval,
 		},
 	} {
+		tc := tc
 		t.Run(name, func(t *testing.T) {
 			sink := initGlobalSink()
 			mockClient := client.NewMockClient(t)
 			tc.mockExpect(mockClient)
 
-			dynamicCfg, err := testDynamicCfg(tc.optsInputs)
-			require.NoError(t, err)
-
 			provider := &hcpProviderImpl{
 				hcpClient: mockClient,
-				cfg:       dynamicCfg,
+				cfg:       tc.initCfg,
 			}
 
-			provider.getUpdate(context.Background())
+			newInterval := provider.updateConfig(context.Background())
+			require.Equal(t, tc.expectedInterval, newInterval)
 
 			// Verify endpoint provider returns correct config values.
-			require.Equal(t, tc.expected.endpoint, provider.GetEndpoint().String())
-			require.Equal(t, tc.expected.filters, provider.GetFilters().String())
+			require.Equal(t, tc.expected.endpoint, provider.GetEndpoint())
+			require.Equal(t, tc.expected.filters, provider.GetFilters())
 			require.Equal(t, tc.expected.labels, provider.GetLabels())
+			require.Equal(t, tc.expected.disabled, provider.IsDisabled())
 
 			// Verify count for transform success metric.
 			interval := sink.Data()[0]
@@ -292,8 +333,7 @@ func TestTelemetryConfigProvider_Race(t *testing.T) {
 	}
 
 	// Start the provider goroutine, which fetches client TelemetryConfig every RefreshInterval.
-	provider, err := NewHCPProvider(ctx, m, m.cfg)
-	require.NoError(t, err)
+	provider := NewHCPProvider(ctx, m)
 
 	for count := 0; count < testRaceWriteSampleCount; count++ {
 		// Force a TelemetryConfig value change in the mockRaceClient.
@@ -301,7 +341,7 @@ func TestTelemetryConfigProvider_Race(t *testing.T) {
 		require.NoError(t, err)
 		// Force provider to obtain new client TelemetryConfig immediately.
 		// This call is necessary to guarantee TelemetryConfig changes to assert on expected values below.
-		provider.getUpdate(context.Background())
+		provider.updateConfig(context.Background())
 
 		// Start goroutines to access label configuration.
 		wg := &sync.WaitGroup{}
@@ -345,22 +385,20 @@ func initGlobalSink() *metrics.InmemSink {
 }
 
 // testDynamicCfg converts testConfig inputs to a dynamicConfig to be used in tests.
-func testDynamicCfg(testCfg *testConfig) (*dynamicConfig, error) {
-	filters, err := regexp.Compile(testCfg.filters)
-	if err != nil {
-		return nil, err
-	}
+func testDynamicCfg(testCfg *testConfig) *dynamicConfig {
+	filters, _ := regexp.Compile(testCfg.filters)
 
-	endpoint, err := url.Parse(testCfg.endpoint)
-	if err != nil {
-		return nil, err
+	var endpoint *url.URL
+	if testCfg.endpoint != "" {
+		endpoint, _ = url.Parse(testCfg.endpoint)
 	}
 	return &dynamicConfig{
-		Endpoint:        endpoint,
-		Filters:         filters,
-		Labels:          testCfg.labels,
-		RefreshInterval: testCfg.refreshInterval,
-	}, nil
+		endpoint:        endpoint,
+		filters:         filters,
+		labels:          testCfg.labels,
+		refreshInterval: testCfg.refreshInterval,
+		disabled:        testCfg.disabled,
+	}
 }
 
 // testTelemetryCfg converts testConfig inputs to a TelemetryConfig to be used in tests.
@@ -370,15 +408,21 @@ func testTelemetryCfg(testCfg *testConfig) (*client.TelemetryConfig, error) {
 		return nil, err
 	}
 
-	endpoint, err := url.Parse(testCfg.endpoint)
-	if err != nil {
-		return nil, err
+	var endpoint *url.URL
+	if testCfg.endpoint != "" {
+		u, err := url.Parse(testCfg.endpoint)
+		if err != nil {
+			return nil, err
+		}
+		endpoint = u
 	}
+
 	return &client.TelemetryConfig{
 		MetricsConfig: &client.MetricsConfig{
 			Endpoint: endpoint,
 			Filters:  filters,
 			Labels:   testCfg.labels,
+			Disabled: testCfg.disabled,
 		},
 		RefreshConfig: &client.RefreshConfig{
 			RefreshInterval: testCfg.refreshInterval,
diff --git a/go.mod b/go.mod
index 4e5b45443455..2747f4b91b5e 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
 	github.com/hashicorp/hcl v1.0.0
 	github.com/hashicorp/hcl/v2 v2.6.0
 	github.com/hashicorp/hcp-scada-provider v0.2.3
-	github.com/hashicorp/hcp-sdk-go v0.55.0
+	github.com/hashicorp/hcp-sdk-go v0.61.0
 	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038
 	github.com/hashicorp/memberlist v0.5.0
 	github.com/hashicorp/raft v1.5.0
@@ -244,6 +244,7 @@ require (
 	github.com/tklauser/numcpus v0.4.0 // indirect
 	github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect
 	github.com/vmware/govmomi v0.18.0 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	go.mongodb.org/mongo-driver v1.11.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
diff --git a/go.sum b/go.sum
index 690c27b8af7c..92213557b715 100644
--- a/go.sum
+++ b/go.sum
@@ -565,8 +565,8 @@ github.com/hashicorp/hcl/v2 v2.6.0 h1:3krZOfGY6SziUXa6H9PJU6TyohHn7I+ARYnhbeNBz+
 github.com/hashicorp/hcl/v2 v2.6.0/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY=
 github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
 github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
-github.com/hashicorp/hcp-sdk-go v0.55.0 h1:T4sQtgQfQJOD0uucT4hS+GZI1FmoHAQMADj277W++xw=
-github.com/hashicorp/hcp-sdk-go v0.55.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
+github.com/hashicorp/hcp-sdk-go v0.61.0 h1:x4hJ8SlLI5WCE8Uzcu4q5jfdOEz/hFxfUkhAdoFdzSg=
+github.com/hashicorp/hcp-sdk-go v0.61.0/go.mod h1:xP7wmWAmdMxs/7+ovH3jZn+MCDhHRj50Rn+m7JIY3Ck=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
@@ -937,6 +937,8 @@ github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+
 github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
 github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
 github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
diff --git a/test-integ/go.mod b/test-integ/go.mod
index df38ac3f2f1b..76c91af83ca9 100644
--- a/test-integ/go.mod
+++ b/test-integ/go.mod
@@ -120,7 +120,7 @@ require (
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/hcl/v2 v2.16.2 // indirect
 	github.com/hashicorp/hcp-scada-provider v0.2.3 // indirect
-	github.com/hashicorp/hcp-sdk-go v0.55.0 // indirect
+	github.com/hashicorp/hcp-sdk-go v0.61.0 // indirect
 	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 // indirect
 	github.com/hashicorp/memberlist v0.5.0 // indirect
 	github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 // indirect
@@ -189,6 +189,7 @@ require (
 	github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 // indirect
 	github.com/testcontainers/testcontainers-go v0.22.0 // indirect
 	github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/zclconf/go-cty v1.12.1 // indirect
 	go.etcd.io/bbolt v1.3.7 // indirect
 	go.mongodb.org/mongo-driver v1.11.0 // indirect
diff --git a/test-integ/go.sum b/test-integ/go.sum
index 015660056dd5..e662768b13d0 100644
--- a/test-integ/go.sum
+++ b/test-integ/go.sum
@@ -476,8 +476,8 @@ github.com/hashicorp/hcl/v2 v2.16.2 h1:mpkHZh/Tv+xet3sy3F9Ld4FyI2tUpWe9x3XtPx9f1
 github.com/hashicorp/hcl/v2 v2.16.2/go.mod h1:JRmR89jycNkrrqnMmvPDMd56n1rQJ2Q6KocSLCMCXng=
 github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
 github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
-github.com/hashicorp/hcp-sdk-go v0.55.0 h1:T4sQtgQfQJOD0uucT4hS+GZI1FmoHAQMADj277W++xw=
-github.com/hashicorp/hcp-sdk-go v0.55.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
+github.com/hashicorp/hcp-sdk-go v0.61.0 h1:x4hJ8SlLI5WCE8Uzcu4q5jfdOEz/hFxfUkhAdoFdzSg=
+github.com/hashicorp/hcp-sdk-go v0.61.0/go.mod h1:xP7wmWAmdMxs/7+ovH3jZn+MCDhHRj50Rn+m7JIY3Ck=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
@@ -774,6 +774,8 @@ github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+
 github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
 github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
 github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index f7b3ab9b4774..8fde4fd94d8e 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -124,7 +124,7 @@ require (
 	github.com/hashicorp/go-syslog v1.0.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcp-scada-provider v0.2.3 // indirect
-	github.com/hashicorp/hcp-sdk-go v0.55.0 // indirect
+	github.com/hashicorp/hcp-sdk-go v0.61.0 // indirect
 	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 // indirect
 	github.com/hashicorp/memberlist v0.5.0 // indirect
 	github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 // indirect
@@ -185,6 +185,7 @@ require (
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	go.etcd.io/bbolt v1.3.7 // indirect
 	go.mongodb.org/mongo-driver v1.11.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum
index c5563b08a8bd..026ae8db72f3 100644
--- a/test/integration/consul-container/go.sum
+++ b/test/integration/consul-container/go.sum
@@ -470,8 +470,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
 github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
-github.com/hashicorp/hcp-sdk-go v0.55.0 h1:T4sQtgQfQJOD0uucT4hS+GZI1FmoHAQMADj277W++xw=
-github.com/hashicorp/hcp-sdk-go v0.55.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
+github.com/hashicorp/hcp-sdk-go v0.61.0 h1:x4hJ8SlLI5WCE8Uzcu4q5jfdOEz/hFxfUkhAdoFdzSg=
+github.com/hashicorp/hcp-sdk-go v0.61.0/go.mod h1:xP7wmWAmdMxs/7+ovH3jZn+MCDhHRj50Rn+m7JIY3Ck=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
@@ -763,6 +763,8 @@ github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+
 github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
 github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
 github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
diff --git a/troubleshoot/go.sum b/troubleshoot/go.sum
index ee3bf90645d5..18f1c8b90e96 100644
--- a/troubleshoot/go.sum
+++ b/troubleshoot/go.sum
@@ -161,7 +161,7 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
-github.com/hashicorp/consul/sdk v0.14.0 h1:Hly+BMNMssVzoWddbBnBFi3W+Fzytvm0haSkihhj3GU=
+github.com/hashicorp/consul/sdk v0.14.1 h1:ZiwE2bKb+zro68sWzZ1SgHF3kRMBZ94TwOCFRF4ylPs=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=

From 255aa158db8ccbfd445205654e153742b127116d Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Wed, 30 Aug 2023 11:31:40 -0600
Subject: [PATCH 341/359] update comments and docs about running envoy
 integration tests with the ENVOY_VERSION set. (#18614)

update ENVOY_VERSION and documentation of it used in the bats envoy tests.

Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
---
 Makefile                                            | 1 +
 build-support/windows/build-consul-local-images.sh  | 2 +-
 test/integration/connect/envoy/README.md            | 1 +
 test/integration/connect/envoy/run-tests.sh         | 2 +-
 test/integration/connect/envoy/run-tests.windows.sh | 2 +-
 5 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 1fe0d1b75afd..4ca2072dbabe 100644
--- a/Makefile
+++ b/Makefile
@@ -334,6 +334,7 @@ other-consul: ## Checking for other consul instances
 # Use GO_TEST_FLAGS to run specific tests:
 #      make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/case-basic"
 # NOTE: Always uses amd64 images, even when running on M1 macs, to match CI/CD environment.
+#       You can also specify the envoy version (example: 1.27.0) setting the environment variable: ENVOY_VERSION=1.27.0
 .PHONY: test-envoy-integ
 test-envoy-integ: $(ENVOY_INTEG_DEPS) ## Run integration tests.
 	@go test -v -timeout=30m -tags integration $(GO_TEST_FLAGS) ./test/integration/connect/envoy
diff --git a/build-support/windows/build-consul-local-images.sh b/build-support/windows/build-consul-local-images.sh
index 8398e813bb17..4a22b35706c4 100644
--- a/build-support/windows/build-consul-local-images.sh
+++ b/build-support/windows/build-consul-local-images.sh
@@ -10,7 +10,7 @@ VERSION=${VERSION:-"1.16.0"}
 export VERSION
 
 # Build Windows Envoy Version 1.23.1 / 1.21.5 / 1.20.7
-ENVOY_VERSION=${ENVOY_VERSION:-"1.23.1"}
+ENVOY_VERSION=${ENVOY_VERSION:-"1.27.0"}
 export ENVOY_VERSION
 
 echo "Building Images"
diff --git a/test/integration/connect/envoy/README.md b/test/integration/connect/envoy/README.md
index a97acc710a95..ef358e7a2b44 100644
--- a/test/integration/connect/envoy/README.md
+++ b/test/integration/connect/envoy/README.md
@@ -52,6 +52,7 @@ Where `case-basic` can be replaced by any directory name from this directory.
 * When tests fail in CI, logs and additional debugging data are available in the artifacts of the test run.
 * You can re-run the tests locally by running `make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/<case-directory>"` where `<case-directory>` is
   replaced with the name of the directory, e.g. `case-basic`.
+* You can override the envoy version by specifying `ENVOY_VERSION=<your envoy version>` eg. `ENVOY_VERSION=1.27.0 make test-envoy-integ`.
 * Locally, all the logs of the failed test will be available in `workdir` in this directory.
 * You can run with `DEBUG=1` to print out all the commands being run, e.g. `DEBUG=1 make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/case-basic"`.
 * If you want to prevent the Docker containers from being spun down after test failure, add a `sleep 9999` to the `verify.bats` test case that's failing.
diff --git a/test/integration/connect/envoy/run-tests.sh b/test/integration/connect/envoy/run-tests.sh
index fa1d64312dba..900d3cbfd33b 100755
--- a/test/integration/connect/envoy/run-tests.sh
+++ b/test/integration/connect/envoy/run-tests.sh
@@ -15,7 +15,7 @@ DEBUG=${DEBUG:-}
 XDS_TARGET=${XDS_TARGET:-server}
 
 # ENVOY_VERSION to run each test against
-ENVOY_VERSION=${ENVOY_VERSION:-"1.23.1"}
+ENVOY_VERSION=${ENVOY_VERSION:-"1.27.0"}
 export ENVOY_VERSION
 
 export DOCKER_BUILDKIT=1
diff --git a/test/integration/connect/envoy/run-tests.windows.sh b/test/integration/connect/envoy/run-tests.windows.sh
index b8ba4a1ee64d..c4dcff6ce486 100644
--- a/test/integration/connect/envoy/run-tests.windows.sh
+++ b/test/integration/connect/envoy/run-tests.windows.sh
@@ -20,7 +20,7 @@ DEBUG=${DEBUG:-}
 XDS_TARGET=${XDS_TARGET:-server}
 
 # ENVOY_VERSION to run each test against
-ENVOY_VERSION=${ENVOY_VERSION:-"1.23.1"}
+ENVOY_VERSION=${ENVOY_VERSION:-"1.27.0"}
 export ENVOY_VERSION
 
 export DOCKER_BUILDKIT=0

From 65e3904e52f3ab3a541e4d416cec0acfa575787e Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Wed, 30 Aug 2023 19:54:40 -0700
Subject: [PATCH 342/359] first commit; reformat PD conf entry

---
 .../connect/config-entries/proxy-defaults.mdx | 1129 ++++++++++-------
 1 file changed, 672 insertions(+), 457 deletions(-)

diff --git a/website/content/docs/connect/config-entries/proxy-defaults.mdx b/website/content/docs/connect/config-entries/proxy-defaults.mdx
index 1d94a79389b6..1c649de8c094 100644
--- a/website/content/docs/connect/config-entries/proxy-defaults.mdx
+++ b/website/content/docs/connect/config-entries/proxy-defaults.mdx
@@ -1,53 +1,135 @@
 ---
 layout: docs
-page_title: Proxy Defaults - Configuration Entry Reference
+page_title: Proxy defaults configuration entry reference
 description: >-
   The proxy defaults configuration entry kind defines default behaviors for proxies in the service mesh. Use the reference guide to learn about `""proxy-defaults""` config entry parameters.
 ---
 
-# Proxy Defaults Configuration Entry
+# Proxy defaults configuration reference
 
-The `proxy-defaults` configuration entry (`ProxyDefaults` on Kubernetes) allows you to globally configure passthrough Envoy settings for proxies in the service mesh, including both sidecars and gateways.
-It is different from the [`mesh` configuration entry](/consul/docs/connect/config-entries/mesh), which sets Consul features for cluster peering, transparent proxy, and TLS behavior that also affect Consul servers.
-
-Only one global entry is supported.
-For Consul Enterprise, only the global entry in the `default` partition is recognized.
+This topic provides reference information for proxy defaults configuration entries. Refer to [Service mesh proxy overview]() <!-- ADD LINK -->for information about using proxies in Consul.
 
 ## Introduction
 
-You can customize some service registration settings for service mesh proxies centrally using the `proxy-defaults` configuration entry in the `kind` field.
+Proxy defaults configuration entries set global passthrough Envoy settings for proxies in the service mesh, including sidecars and gateways. Proxy defaults configuration entries do not control features for peered clusters, transparent proxy, or TLS behavior. For information about configuring Consul settings that affect service mesh behavior, refer to the [mesh configuration entry reference](/consul/docs/connect/config-entries/mesh).
+
+Consul only supports one global proxy defaults configuration entry at a time. If multiple configuration entries are defined in Consul Enterprise, Consul implements the configuration entry in the `default` partition.
 
-You can still override this centralized configuration for specific services
-with the [`service-defaults`](/consul/docs/connect/config-entries/service-defaults)
-configuration entry `kind` or for individual proxy instances in their [sidecar
-service definitions](/consul/docs/connect/registration/sidecar-service).
+## Configuration model
 
-## Usage
+The following list outlines field hierarchy, language-specific data types, and requirements in proxy defaults configuration entries. Click on a property name to view additional details, including default values.
 
-1. Verify that your datacenter meets the conditions specified in the [Requirements](#requirements).
-1. Determine the settings you want to implement (see [Configuration](#configuration)). You can create a file containing the configuration or pass them to the state store directly to apply the configuration.
-1. Apply the configuration using one of the following methods:
-   - Kubernetes CRD: Refer to the [Custom Resource Definitions](/consul/docs/k8s/crds) documentation for details.
-   - Issue the `consul config write` command: Refer to the [Consul Config Write](/consul/commands/config/write) documentation for details.
+<Tabs>
 
-## Configuration
+<Tab heading="HCL and JSON" group="hcl">
+
+- [`Kind`](#kind): string | required | must be set to `proxy-defaults`
+- [`Name`](#name): string | must be set to `global`
+- [`Namespace`](#namespace): string | `default` | <EnterpriseAlert inline/>
+- [`Partition`](#partition): string | `default` |  <EnterpriseAlert inline/>
+- [`Meta`](#meta): map 
+- [`Config`](#meta): map
+- [`EnvoyExtensions`](#envoyextensions): list of maps
+   - [`Name`](#envoyextensions): string
+   - [`Required`](#envoyextensions): string
+   - [`Arguments`](#envoyextensions): string
+   - [`ConsulVersion`](#envoyextensions): string
+   - [`EnvoyVersion`](#envoyextensions): string
+- [`Mode`](#mode): string
+- [`TransparentProxy`](#transparentproxy): map
+   - [`OutboundListenerPort`](#transparentproxy): number | `15001`
+   - [`DialedDirectly`](#transparentproxy): boolean | `false`
+- [`MutualTLSMode`](#mutualtlsmode): string 
+- [`MeshGateway`](#meshgateway): map
+   - [`Mode`](#meshgateway): string
+- [`Expose`](#expose): map
+   - [`Checks`](#expose-checks): boolean | `false`
+   - [`Paths`](#expose-paths): list of maps
+      - [`Path`](#expose-paths-path): string | must begin with `/` 
+      - [`LocalPathPort`](#expose-paths): number | `0` 
+      - [`ListenerPort`](#expose-paths): number | `0` 
+      - [`Protocol`](#expose-paths): string | `http` 
+- [`FailoverPolicy`](#failoverpolicy): map
+   - [`Mode`](#failoverpolicy-mode): string
+- [`AccessLogs`](#accesslogs): map
+   - [`Enabled`](#accesslogs): boolean | `false`
+   - [`DisableListenerLogs`](#accesslogs): boolean | `false`
+   - [`Type`](#accesslogs): string | `stdout`
+   - [`Path`](#accesslogs): string
+   - [`JSONFormat`](#accesslogs): string 
+   - [`TextFormat`](#accesslogs): string 
 
-Configure the following parameters to define a `proxy-defaults` configuration entry:
+</Tab>
+<Tab heading="YAML" group="yaml">
+
+- [`apiVersion`](#apiversion): string | required | must be set to `consul.hashicorp.com/v1alpha1`
+- [`kind`](#kind): string | required | must be set to `ProxyDefaults`
+- [`metadata`](#metadata): map | required
+   - [`name`](#metadata-name): string | required | must be set to `global`
+   - [`namespace`](#metadata-namespace): string | `default` | <EnterpriseAlert inline/>
+- [`spec`](#spec): map | required
+   - [`config`](#spec-config): map
+   - [`EnvoyExtensions`](#spec-EnvoyExtensions): list of maps
+      - [`name`](#spec-EnvoyExtensions): string
+      - [`required`](#spec-EnvoyExtensions): string
+      - [`arguments`](#spec-EnvoyExtensions): string
+      - [`consulVersion`](#spec-EnvoyExtensions): string
+      - [`envoyVersion`](#spec-EnvoyExtensions): string
+   - [`mode`](#spec-mode): string
+   - [`transparentProxy`](#spec-transparentproxy): map
+      - [`outboundListenerPort`](#spec-transparentproxy): number | `15001`
+      - [`dialedDirectly`](#spec-transparentproxy): boolean | `false`
+   - [`mutualTLSMode`](#spec-mutualtlsmode): string 
+   - [`meshGateway`](#spec-meshgateway): map
+      - [`mode`](#spec-meshgateway): string
+   - [`expose`](#spec-expose): map
+      - [`checks`](#spec-expose-checks): boolean | `false`
+      - [`paths`](#spec-expose-paths): list
+         - [`path`](#spec-expose-paths): string | must begin with `/` 
+         - [`localPathPort`](#spec-expose-paths): number | `0` 
+         - [`listenerPort`](#spec-expose-paths): number | `0` 
+         - [`protocol`](#spec-expose-paths): string | `http` 
+   - [`failoverPolicy`](#spec-failoverpolicy): map
+      - [`mode`](#spec-failoverpolicy-mode): string
+   - [`accessLogs`](#spec-accesslogs): map
+      - [`enabled`](#spec-accesslogs): boolean | `false`
+      - [`disableListenerLogs`](#spec-accesslogs): boolean | `false`
+      - [`type`](#spec-accesslogs): string | `stdout`
+      - [`path`](#spec-accesslogs): string
+      - [`jsonFormat`](#spec-accesslogs): string 
+      - [`textFormat`](#spec-accesslogs): string 
+
+</Tab>
+
+</Tabs>
+
+## Complete configuration
+
+When every field is defined, a proxy defaults configuration entry has the following form:
 
 <Tabs>
-<Tab heading="Consul OSS">
 
-<CodeTabs heading="Proxy defaults configuration syntax" tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
+<Tab heading="HCL" group="hcl">
 
 ```hcl
 Kind      = "proxy-defaults"
 Name      = "global"
+Namespace = "default"
 Meta {
   <arbitrary string key> = "<arbitrary string value>"
 }
 Config {
   <arbitrary string key> = <arbitrary value>
 }
+EnvoyExtensions = [ 		
+  { 
+    Name= "<name of the extension>"
+    Required = "required"
+    Arguments = "<arguments to pass to the extension>"
+    ConsulVersion = "<Consul version required by the extension>"
+    EnvoyVersion = "<Envoy version required by the extension>"
+  }
+]   
 Mode = "<name of proxy mode>"
 TransparentProxy {
   OutboundListenerPort = <port the proxy should listen on for outbound traffic>
@@ -78,17 +160,27 @@ AccessLogs {
   TextFormat           = "< text representation of access log format >"
 }
 ```
+</Tab>
+
+<Tab heading="YAML" group="yaml">
 
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ProxyDefaults
 metadata:
   name: global
+  namespace: default
 spec:
   meta:
     <arbitrary string key>: <arbitrary string value>
   config:
     <arbitrary string key>: <arbitrary value>
+  EnvoyExtensions:
+  - name: <name of the extension>
+    required: required
+    arguments: <arguments to pass to the extension>
+    consulVersion: <Consul version required by the extension>
+    envoyVersion: <Envoy version required by the extension> 
   mode: <name of proxy mode>
   transparentProxy:
     outboundListenerPort: <port the proxy should listen on for outbound traffic>
@@ -112,22 +204,36 @@ spec:
     textFormat: < text representation of access log format >
 ```
 
+</Tab>
+
+<Tab heading="JSON" group="json">
+
 ```json
 {
   "Kind": "proxy-defaults",
   "Name": "global",
+  "Namespace": "default",
   "Meta": {
     "<arbitrary string key>": "<arbitrary string value>"
   },
   "Config": {
     "<arbitrary string key>": <arbitrary value>
   },
-  "MutualTLSMode": "<mutual TLS mode for all proxies>",
+  "EnvoyExtensions": [
+    {
+      "Name": "<name of the extension>",
+      "Required": "required",
+      "Arguments": "<arguments to pass to the extension>",
+      "ConsulVersion": "<Consul version required by the extension>",
+      "EnvoyVersion": "<Envoy version required by the extension>"
+    }
+  ],
   "Mode": "<name of proxy mode>",
   "TransparentProxy": {
     "OutboundListenerPort": <port the proxy should listen on for outbound traffic>,
     "DialedDirectly": <true if proxy instances should be dialed directly>
   },
+  "MutualTLSMode": "<mutual TLS mode for all proxies>",
   "MeshGateway": {
     "Mode": = "<name of mesh gateway configuration for all proxies>"
   },
@@ -153,415 +259,488 @@ spec:
 }
 ```
 
-</CodeTabs>
+</Tab>
+
+</Tabs>
+
+## Specification
+
+This section provides details about the fields you can configure in the proxy defaults configuration entry.
+
+<Tabs>
+
+<Tab heading="HCL and JSON" group="hcl">
+
+### `Kind`
+
+Specifies the type of configuration entry to implement. Must be set to `proxy-defaults`.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String value that must be set to `proxy-defaults`.
+
+### `Name`
+
+Specifies a name for the configuration entry that is used to identify the configuration entry. Must be set to `global`.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String that must be set to `global`.
+
+### `Namespace`
+
+Specifies the namespace that the proxy defaults apply to. You can only specify the `default` namespace. 
+
+#### Values
+
+- Default: `default`
+- Data type: String
+
+### `Partition`
+
+Specifies the local admin partition that the proxy defaults apply to. Refer to [admin partitions](/consul/docs/enterprise/admin-partitions) for more information.
+
+#### Values
+
+- Default: `default`
+- Data type: String
+
+### `Meta`
+
+Specifies a set of custom key-value pairs to add the [Consul KV](#/consul/docs/dynamic-app-config/kv) store. 
+
+#### Values
+
+- Default: None
+- Data type: Map of one or more key-value pairs.
+   - Keys: String
+   - Values: String, integer, or float
+
+### `Config`
+
+Specifies an arbitrary map of configuration values used by service mesh proxies. The available configurations depend on the mesh proxy you use. You can configure any global values that your proxy allows in this field. Refer to the following topics for additional information:
+
+- [Envoy proxy configuration option](/consul/docs/connect/proxies/envoy#proxy-config-options)
+- [Built-in proxy configuration options](/consul/docs/connect/proxies/built-in#proxy-config-key-reference) 
+
+#### Values
+
+- Default: None
+- Data type: Map of 
+
+### `EnvoyExtensions`
+
+Specifies a list of extensions that modify Envoy proxy configurations. Refer to [Envoy extensions](/consul/docs/connect/proxies/envoy-extensions) for additional information.
+
+#### Values
+
+- Default: None
+- Data type: Map of containing the following fields:
+   - `Name`
+   - `Required`
+   - `Arguments`
+   - `ConsulVersion`
+   - `EnvoyVersion`
+
+The following table describes how to configure values in the `EnvoyExtensions` map:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `Name` | Specifies the name of the extension. | String | None |
+| `Required` | Specify `true` to require Consul to implement the extension. <p>Use this parameter to ensure that extensions required for secure communication are not unintentionally bypassed.</p><p>Consul returns an error when `Required` is set to `true` and the extension does not update Envoy resources. </p> | String | None |
+| `Arguments` | Specifies the arguments to pass to the extension executable. Refer to the documentation for the extension you want to implement for additional information. | Map | None |
+| `ConsulVersion` | Specifies the version of Consul that the extension is allowed to work with. Consul validates the version during xDS updates. If a different version is in use, Consul skips the extension and writes the event to the log. <p>The `ConsulVersion` and `EnvoyVersion` must both validate for Consul to implement the extension.</p> | String | None |
+| `EnvoyVersion` | Specifies the version of Envoy that the extension is allowed to work with. Consul validates the version during xDS updates. If a different version is in use, Consul skips the extension and writes the event to the log. <p>The `ConsulVersion` and `EnvoyVersion` must both validate for Consul to implement the extension.</p> | String | None |
+
+### `Mode`
+
+Specifies a mode for how proxies direct inbound and outbound traffic. You can specify one of the following values:
+
+- `transparent`: In transparent mode, proxies capture and redirect inbound and outbound traffic. The mode does not enable traffic redirection, but directs Consul to configure Envoy as if traffic is already being redirected. 
+
+- `direct`: In this mode, the local application and other proxies must directly dial proxy listeners. 
+
+#### Values
+
+- Default: None
+- Data type: String 
+
+### `TransparentProxy`
+
+Contains configurations for proxies that are running in transparent proxy mode. Refer to [Transparent proxy mode](/consul/docs/k8s/connect/transparent-proxy) for additional information. 
+
+#### Values
+
+- Default: None
+- Data type: Map of containing the following fields:
+   - `OutboundListenerPort`
+   - `DialedDirectly`
+
+The following table describes how to configure values in the `TransparentProxy` map:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `OutboundListenerPort` | Specifies the port that the proxy listens on for outbound traffic. Outbound application traffic must be  captured and redirected to this port. | Integer | `15001` |
+| `DialedDirectly` | Determines whether other proxies in transparent mode can directly dial this proxy instance's IP address. Proxies in transparent mode commonly dial upstreams at the [`virtual`](/consul/docs/services/configuration/services-configuration-reference#tagged_addresses-virtual) tagged address, which load balances across instances. Dialing individual instances can be helpful when sending requests to stateful services, such as database clusters with a leader. | Boolean | `false` |
+
+### `MutualTLSMode`
+
+Controls the default mutual TLS (mTLS) mode for all proxies. You can only set mutual TLS mode for services in transparent proxy mode. 
+
+You can specify one of the following modes:
+
+`strict`: The sidecar proxy requires mTLS for incoming traffic. 
+`permissive`: The sidecar proxy accepts mTLS traffic on the sidecar proxy service port and accepts any traffic on the destination service port. We recommend only using permissive mode if necessary while onboarding services to the service mesh.
+
+#### Values
+
+- Default: `strict`
+- Data type: One of the following string values:
+   - `strict`
+   - `permissive`
+
+### `MeshGateway`
+
+Sets the default mesh gateway `mode` field for all proxies. You can specify the following string values for the `mode` field:
+
+- `none`: The proxy does not make outbound connections through a mesh gateway. Instead, it makes outbound connections directly to the destination services.
+- `local`: The proxy makes an outbound connection to a gateway running in the same datacenter.
+- `remote`: The proxy makes an outbound connection to a gateway running in the destination datacenter.
+
+#### Values
+
+- Default: None
+- Data type: Map containing the `mode` field
+
+### `Expose`
+
+Specifies default configurations for exposing HTTP paths through Envoy. Exposing paths through Envoy enables services to protect themselves by only listening on `localhost`. Applications that are not Consul service mesh-enabled are still able to contact an HTTP endpoint. 
+
+Example use-cases include exposing the `/metrics` endpoint to a monitoring system, such as Prometheus, and exposing the `/healthz` endpoint to the kubelet for liveness checks. Refer to [Expose Paths Configuration Reference](/consul/docs/connect/proxy-config-reference#expose-paths-configuration-reference) for additional information.
+
+#### Values
+
+- Default: None
+- Data type: Map containing the following parameters:
+   - [`Checks`](#expose-checks)
+   - [`Paths`](#expose-paths)
+
+### `Expose{}.Checks`
+
+Exposes all HTTP and gRPC checks registered with the agent when set to `true`. Envoy exposes listeners for the checks and only accepts connections originating from localhost or Consul's [`advertise_addr`](/consul/docs/agent/config/config-files#advertise). The ports for the listeners are dynamically allocated from the agent's [`expose_min_port`](/consul/docs/agent/config/config-files#expose_min_port) and [`expose_max_port`](/consul/docs/agent/config/config-files#expose_max_port) configurations.
+
+We recommend enabling the `Checks` configuration when a Consul client cannot reach registered services over localhost, such as when Consul agents run in their own pods in Kubernetes.
+
+#### Values
+
+- Default: `false`
+- Data type: boolean
+
+### `Expose{}.Paths[]`
+
+Specifies a list of configuration maps that define paths to expose through Envoy when `Expose.Checks` is set to `true`. 
+
+#### Values
+
+- Default: None
+- Data type: List of maps. 
+
+The following table describes the parameters for each map you can define in the list:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `Path` | Specifies the HTTP path to expose. You must prepend the path with a forward slash (`/`). | String | None |
+| `LocalPathPort` | Specifies the port where the local service listens for connections to the path. | Integer | `0` |
+| `ListenPort` | Specifies the port where the proxy listens for connections. The port must be available. If the port is unavailable, Envoy does not expose a listener for the path and the proxy registration still succeeds. | Integer | `0` |
+| `Protocol` | Specifies the protocol of the listener. You can configure one of the following values: <li>`http`</li><li>`http2`: Use with gRPC traffic</li> | String | `http` |
+
+### `FailoverPolicy`
+
+Sets the failover policy `mode` field for all proxies. The failover policy mode defines how Consul directs traffic to failover service instances if the primary instance becomes unreachable. For example, you can direct Consul to send failover traffic to local service instances. Refer to [Failover overview](/consul/docs/connect/failover) for additional information.
+
+You can specify the following string values for the `mode` field:
+
+- `default`: Envoy sends failover traffic to the first failover target with healthy instances.  
+- `order-by-locality`: Envoy prioritizes failover targets that are closer to the downstream service. Envoy deterministically orders failover targets that are the same distance from the local proxy. 
+
+#### Values
+
+- Default: None
+- Data type: Map containing the `mode` field
+
+### `AccessLogs`
+
+Specifies [Envoy access logger](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/observability/access_logging.html?highlight=access%20logs) configurations for all proxies in the service mesh, including gateways. This field also configures access logs on [Envoy's administration interface](https://www.envoyproxy.io/docs/envoy/latest/operations/admin.html?highlight=administration%20logs).
+
+#### Values
+
+- Default: None
+- Data type: Map 
+
+The following table describes the parameters you can define in the `AccessLogs` map:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `Enabled` | Enables Envoy to emit access logs for all proxies in the service mesh. | Boolean | `false` |
+| `DisabledListenerLogs` | Disables access logs for traffic rejected at the listener level. Rejected traffic includes connections that do not match any of Envoy's configured filters, such as Consul upstream services. Set this option to `true` if you do not want to log unknown requests that Envoy is not forwarding. | Boolean | `false` |
+| `Type` | Specifies the destination for access logs. You can specify one of the following types: <li>`stdout`</li><li>`stderr`</li><li>`file`</li> | String | None |
+| `Path` | Specifies the destination for writing access logs to file when `Type` is set to `file`. | String | None |
+| `JSONFormat` | Specifies a JSON-formatted string that represents the format for each emitted access log. You can use [Envoy command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) to customize the emitted data. You can also nest data. You cannot set this field and the `TextFormat` field concurrently. | String | [Default log format](/consul/docs/connect/observability/access-logs#default-log-format) |
+| `TextFormat` | Specifies a  text-formatted string that represents the format for each emitted access log. You can use [Envoy command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) to customize the emitted data. You can also nest data. You cannot set this field and the `JSONFormat` field concurrently. | String | None |
 
 </Tab>
-<Tab heading="Consul Enterprise">
 
--> **NOTE:** The `proxy-defaults` config entry can only be created in the `default`
-namespace and it will configure proxies in **all** namespaces.
+<Tab heading="YAML" group="yaml">
 
-<CodeTabs heading="Proxy defaults configuration syntax" tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
+### apiVersion
 
-```hcl
-Kind      = "proxy-defaults"
-Name      = "global"
-Namespace = "default" # Can only be set to "default".
-Meta {
-  <arbitrary string key> = "<arbitrary string value>"
-}
-Config {
-  <arbitrary string key> = <arbitrary value>
-}
-Mode = "<name of proxy mode>"
-TransparentProxy {
-  OutboundListenerPort = <port the proxy should listen on for outbound traffic>
-  DialedDirectly       = <true if proxy instances should be dialed directly>
-}
-MutualTLSMode = "<mutual TLS mode for all proxies>"
-MeshGateway {
-  Mode = "<name of mesh gateway configuration for all proxies>"
-}
-Expose {
-  Checks = <true to expose all HTTP and gRPC checks through Envoy>
+Specifies the verion of the Consul API to use to apply the configuration entry. This must be set to `consul.hashicorp.com/v1alpha1`.
 
-  Paths = [
-    {
-      Path          = "<the HTTP path to expose>"
-      LocalPathPort = <port where the local service is listening for connections to the path>
-      ListenerPort  = <port where the proxy will listen for connections>
-      Protocol      = "<protocol of the listener>"
-    }
-  ]
-}
-AccessLogs {
-  Enabled              = < true | false >
-  DisableListenerLogs  = < true | false , disables listener access logs for unrecognized traffic>
-  Type                 = "< file | stdout | stdout, the destination for access logs >"
-  Path                 = "< set the output path for 'file' based access logs >"
-  JSONFormat           = "< json representation of access log format >"
-  TextFormat           = "< text representation of access log format >"
-}
-```
+#### Values
 
-```yaml
-apiVersion: consul.hashicorp.com/v1alpha1
-kind: ProxyDefaults
-metadata:
-  name: global
-  namespace: default
-spec:
-  meta:
-    <arbitrary string key>: <arbitrary string value>
-  config:
-    <arbitrary string key>: <arbitrary value>
-  mode: <name of proxy mode>
-  transparentProxy:
-    outboundListenerPort: <port the proxy should listen on for outbound traffic>
-    dialedDirectly: <true if proxy instances should be dialed directly>
-  mutualTLSMode: <mutual TLS mode for all proxies>
-  meshGateway:
-    mode: <name of mesh gateway configuration for all proxies>
-  expose:
-    checks: <true to expose all HTTP and gRPC checks through Envoy>
-    paths:
-      - path: <the HTTP path to expose>
-        localPathPort: <port where the local service is listening for connections to the path>
-        listenerPort: <port where the proxy will listen for connections>
-        protocol:= <protocol of the listener>
-  accessLogs:
-    enabled: < true | false >
-    disableListenerLogs:  < true | false , disables listener access logs for unrecognized traffic>
-    type: < file | stdout | stdout, the destination for access logs >
-    path: < set the output path for 'file' based access logs >
-    jsonFormat: < json representation of access log format >
-    textFormat: < text representation of access log format >
-```
+- Default: None
+- This field is required.
+- Data type: String value that must be set to `consul.hashicorp.com/v1alpha1`.
 
-```json
-{
-  "Kind": "proxy-defaults",
-  "Name": "global",
-  "Namespace": "default",
-  "Meta": {
-    "<arbitrary string key>": "<arbitrary string value>"
-  },
-  "Config": {
-    "<arbitrary string key>": <arbitrary value>
-  },
-  "Mode": "<name of proxy mode>",
-  "TransparentProxy": {
-    "OutboundListenerPort": <port the proxy should listen on for outbound traffic>,
-    "DialedDirectly": <true if proxy instances should be dialed directly>
-  },
-  "MutualTLSMode": "<mutual TLS mode for all proxies>",
-  "MeshGateway": {
-    "Mode": = "<name of mesh gateway configuration for all proxies>"
-  },
-  "Expose": {
-    "Checks": <true to expose all HTTP and gRPC checks through Envoy>,
-    "Paths": [
-      {
-        "Path": "<the HTTP path to expose>",
-        "LocalPathPort": <port where the local service is listening for connections to the path>,
-        "ListenerPort": <port where the proxy will listen for connections>,
-        "Protocol": "<protocol of the listener>"
-      }
-    ]
-  },
-  "AccessLogs": {
-    "Enabled": < true | false >,
-    "DisableListenerLogs": < true | false , disables listener access logs for unrecognized traffic>,
-    "Type": "< file | stdout | stdout, the destination for access logs >",
-    "Path": "< set the output path for 'file' based access logs >",
-    "JSONFormat": "< json representation of access log format >",
-    "TextFormat": "< text representation of access log format >"
-  }
-}
-```
+### `kind`
+
+Specifies the type of configuration entry to implement. Must be set to `ProxyDefaults`.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String value that must be set to `ProxyDefaults`.
+
+
+### `metadata`
+
+Map that contains the service name, namespace, and admin partition that the configuration entry applies to.
+
+#### Values
+
+- Default: none
+- Map containing the following strings:
+  - `name`
+  - `namespace`
+
+
+### `metadata.name`
+
+Specifies a name for the configuration entry that is used to identify the configuration entry. Must be set to `global`.
+
+#### Values
+
+- Default: None
+- This field is required.
+- Data type: String that must be set to `global`.
+
+### `metadata.namespace`
+
+Specifies the namespace that the proxy defaults apply to. If you are on the community version, Consul ignores the `namespace` field. Refer to [Kubernetes namespaces in Consul](/consul/docs/k8s/crds#consul-oss) for additional information. If you are on Consul Enterprise, refer to [Kubernetes namespaces in Consul Enterprise](/consul/docs/k8s/crds#consul-enterprise) for additional information.
+
+#### Values
+
+- Default: `default`
+- Data type: String
+
+### `spec`
+
+Map that contains the details about the ProxyDefaults configuration entry. The `apiVersion`, `kind``, and `metadata` fields are siblings of the `spec` field. All other configurations are children.
+
+### `spec.config`
+
+Specifies an arbitrary map of configuration values used by service mesh proxies. The available configurations depend on the mesh proxy you use. You can configure any global values that your proxy allows in this field. Refer to the following topics for additional information:
+
+- [Envoy proxy configuration option](/consul/docs/connect/proxies/envoy#proxy-config-options)
+- [Built-in proxy configuration options](/consul/docs/connect/proxies/built-in#proxy-config-key-reference) 
+
+#### Values
+
+- Default: None
+- Data type: Map 
+
+### `spec.envoyExtensions`
+
+Specifies a list of extensions that modify Envoy proxy configurations. Refer to [Envoy extensions](/consul/docs/connect/proxies/envoy-extensions) for additional information.
+
+#### Values
+
+- Default: None
+- Data type: Map of containing the following fields:
+   - `name`
+   - `required`
+   - `arguments`
+   - `consulVersion`
+   - `envoyVersion`
+
+The following table describes how to configure values in the `EnvoyExtensions` map:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `name` | Specifies the name of the extension. | String | None |
+| `required` | Specify `true` to require Consul to implement the extension. <p>Use this parameter to ensure that extensions required for secure communication are not unintentionally bypassed.</p><p>Consul returns an error when `Required` is set to `true` and the extension does not update Envoy resources. </p> | String | None |
+| `arguments` | Specifies the arguments to pass to the extension executable. Refer to the documentation for the extension you want to implement for additional information. | Map | None |
+| `consulVersion` | Specifies the version of Consul that the extension is allowed to work with. Consul validates the version during xDS updates. If a different version is in use, Consul skips the extension and writes the event to the log. <p>The `consulVersion` and `envoyVersion` must both validate for Consul to implement the extension.</p> | String | None |
+| `envoyVersion` | Specifies the version of Envoy that the extension is allowed to work with. Consul validates the version during xDS updates. If a different version is in use, Consul skips the extension and writes the event to the log. <p>The `consulVersion` and `envoyVersion` must both validate for Consul to implement the extension.</p> | String | None |
+
+### `spec.mode`
+
+Specifies a mode for how proxies direct inbound and outbound traffic. You can specify one of the following values:
 
-</CodeTabs>
+- `transparent`: In transparent mode, proxies capture and redirect inbound and outbound traffic. The mode does not enable traffic redirection, but directs Consul to configure Envoy as if traffic is already being redirected. 
+
+- `direct`: In this mode, the local application and other proxies must directly dial proxy listeners. 
+
+#### Values
+
+- Default: None
+- Data type: String 
+
+### `spec.transparentProxy`
+
+Contains configurations for proxies that are running in transparent proxy mode. Refer to [Transparent proxy mode](/consul/docs/k8s/connect/transparent-proxy) for additional information. 
+
+#### Values
+
+- Default: None
+- Data type: Map of containing the following fields:
+   - `outboundListenerPort`
+   - `dialedDirectly`
+
+The following table describes how to configure values in the `TransparentProxy` map:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `outboundListenerPort` | Specifies the port that the proxy listens on for outbound traffic. Outbound application traffic must be  captured and redirected to this port. | Integer | `15001` |
+| `dialedDirectly` | Determines whether other proxies in transparent mode can directly dial this proxy instance's IP address. Proxies in transparent mode commonly dial upstreams at the [`virtual`](/consul/docs/services/configuration/services-configuration-reference#tagged_addresses-virtual) tagged address, which load balances across instances. Dialing individual instances can be helpful when sending requests to stateful services, such as database clusters with a leader. | Boolean | `false` |
+
+### `spec.mutualTLSMode`
+
+Controls the default mutual TLS (mTLS) mode for all proxies. You can only set mutual TLS mode for services in transparent proxy mode. 
+
+You can specify one of the following modes:
+
+`strict`: The sidecar proxy requires mTLS for incoming traffic. 
+`permissive`: The sidecar proxy accepts mTLS traffic on the sidecar proxy service port and accepts any traffic on the destination service port. We recommend only using permissive mode if necessary while onboarding services to the service mesh.
+
+#### Values
+
+- Default: `strict`
+- Data type: One of the following string values:
+   - `strict`
+   - `permissive`
+
+### `spec.meshGateway`
+
+Sets the default mesh gateway `mode` field for all proxies. You can specify the following string values for the `mode` field:
+
+- `none`: The proxy does not make outbound connections through a mesh gateway. Instead, it makes outbound connections directly to the destination services.
+- `local`: The proxy makes an outbound connection to a gateway running in the same datacenter.
+- `remote`: The proxy makes an outbound connection to a gateway running in the destination datacenter.
+
+#### Values
+
+- Default: None
+- Data type: Map containing the `mode` field
+
+### `spec.expose`
+
+Specifies default configurations for exposing HTTP paths through Envoy. Exposing paths through Envoy enables services to protect themselves by only listening on `localhost`. Applications that are not Consul service mesh-enabled are still able to contact an HTTP endpoint. 
+
+Example use-cases include exposing the `/metrics` endpoint to a monitoring system, such as Prometheus, and exposing the `/healthz` endpoint to the kubelet for liveness checks. Refer to [Expose Paths Configuration Reference](/consul/docs/connect/proxy-config-reference#expose-paths-configuration-reference) for additional information.
+
+#### Values
+
+- Default: None
+- Data type: Map containing the following parameters:
+   - [`checks`](#expose-checks)
+   - [`aths`](#expose-paths)
+
+### `spec.expose{}.checks`
+
+Exposes all HTTP and gRPC checks registered with the agent when set to `true`. Envoy exposes listeners for the checks and only accepts connections originating from localhost or Consul's [`advertise_addr`](/consul/docs/agent/config/config-files#advertise). The ports for the listeners are dynamically allocated from the agent's [`expose_min_port`](/consul/docs/agent/config/config-files#expose_min_port) and [`expose_max_port`](/consul/docs/agent/config/config-files#expose_max_port) configurations.
+
+We recommend enabling the `Checks` configuration when a Consul client cannot reach registered services over localhost, such as when Consul agents run in their own pods in Kubernetes.
+
+#### Values
+
+- Default: `false`
+- Data type: boolean
+
+### `spec.expose{}.paths[]`
+
+Specifies a list of configuration maps that define paths to expose through Envoy when `spec.expose.checks` is set to `true`. 
+
+#### Values
+
+- Default: None
+- Data type: List of maps. 
+
+The following table describes the parameters for each map you can define in the list:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `path` | Specifies the HTTP path to expose. You must prepend the path with a forward slash (`/`). | String | None |
+| `localPathPort` | Specifies the port where the local service listens for connections to the path. | Integer | `0` |
+| `listenPort` | Specifies the port where the proxy listens for connections. The port must be available. If the port is unavailable, Envoy does not expose a listener for the path and the proxy registration still succeeds. | Integer | `0` |
+| `protocol` | Specifies the protocol of the listener. You can configure one of the following values: <li>`http`</li><li>`http2`: Use with gRPC traffic</li> | String | `http` |
+
+### `spec.failoverPolicy`
+
+Sets the failover policy `mode` field for all proxies. The failover policy mode defines how Consul directs traffic to failover service instances if the primary instance becomes unreachable. For example, you can direct Consul to send failover traffic to local service instances. Refer to [Failover overview](/consul/docs/connect/failover) for additional information.
+
+You can specify the following string values for the `mode` field:
+
+- `default`: Envoy sends failover traffic to the first failover target with healthy instances.  
+- `order-by-locality`: Envoy prioritizes failover targets that are closer to the downstream service. Envoy deterministically orders failover targets that are the same distance from the local proxy. 
+
+#### Values
+
+- Default: None
+- Data type: Map containing the `mode` field
+
+### `spec.accessLogs`
+
+Specifies [Envoy access logger](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/observability/access_logging.html?highlight=access%20logs) configurations for all proxies in the service mesh, including gateways. This field also configures access logs on [Envoy's administration interface](https://www.envoyproxy.io/docs/envoy/latest/operations/admin.html?highlight=administration%20logs).
+
+#### Values
+
+- Default: None
+- Data type: Map 
+
+The following table describes the parameters you can define in the `accessLogs` map:
+
+| Parameter | Description | Data type | Default |
+| ---       | ---         | ---       | ---     |
+| `enabled` | Enables Envoy to emit access logs for all proxies in the service mesh. | Boolean | `false` |
+| `disabledListenerLogs` | Disables access logs for traffic rejected at the listener level. Rejected traffic includes connections that do not match any of Envoy's configured filters, such as Consul upstream services. Set this option to `true` if you do not want to log unknown requests that Envoy is not forwarding. | Boolean | `false` |
+| `type` | Specifies the destination for access logs. You can specify one of the following types: <li>`stdout`</li><li>`stderr`</li><li>`file`</li> | String | None |
+| `path` | Specifies the destination for writing access logs to file when `type` is set to `file`. | String | None |
+| `jsonFormat` | Specifies a JSON-formatted string that represents the format for each emitted access log. You can use [Envoy command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) to customize the emitted data. You can also nest data. You cannot set this field and the `textFormat` field concurrently. | String | [Default log format](/consul/docs/connect/observability/access-logs#default-log-format) |
+| `textFormat` | Specifies a  text-formatted string that represents the format for each emitted access log. You can use [Envoy command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) to customize the emitted data. You can also nest data. You cannot set this field and the `jsonFormat` field concurrently. | String | None |
 
 </Tab>
+
 </Tabs>
 
-### Configuration Parameters
-
-<ConfigEntryReference
-  keys={[
-    {
-      name: 'apiVersion',
-      description: 'Must be set to `consul.hashicorp.com/v1alpha1`',
-      hcl: false,
-    },
-    {
-      name: 'Kind',
-      description: {
-        hcl: 'Must be set to `proxy-defaults`',
-        yaml: 'Must be set to `ProxyDefaults`',
-      },
-    },
-    {
-      name: 'Name',
-      description: 'Must be set to `global`',
-      yaml: false,
-    },
-    {
-      name: 'Namespace',
-      type: `string: "default"`,
-      enterprise: true,
-      description:
-        'Must be set to `default`. The configuration will apply to all namespaces.',
-      yaml: false,
-    },
-    {
-      name: 'Partition',
-      type: `string: "default"`,
-      enterprise: true,
-      description:
-        'Specifies the name of the admin partition in which the configuration entry applies. Refer to the [Admin Partitions documentation](/consul/docs/enterprise/admin-partitions) for additional information.',
-      yaml: false,
-    },
-    {
-      name: 'Meta',
-      type: 'map<string|string>: nil',
-      description:
-        'Specifies arbitrary KV metadata pairs. Added in Consul 1.8.4.',
-      yaml: false,
-    },
-    {
-      name: 'metadata',
-      children: [
-        {
-          name: 'name',
-          description: 'Must be set to `global`',
-        },
-        {
-          name: 'namespace',
-          enterprise: true,
-          description:
-            'If running Consul Open Source, the namespace is ignored (see [Kubernetes Namespaces in Consul OSS](/consul/docs/k8s/crds#consul-oss)). If running Consul Enterprise see [Kubernetes Namespaces in Consul Enterprise](/consul/docs/k8s/crds#consul-enterprise) for more details.',
-        },
-      ],
-      hcl: false,
-    },
-    {
-      name: 'Config',
-      type: 'map[string]arbitrary',
-      description: `An arbitrary map of configuration values used by service mesh proxies.
-    The available configurations depend on the mesh proxy you use.
-     Any values that your proxy allows can be configured globally here. To explore these options please see the documentation for your chosen proxy.
-     <ul><li>[Envoy](/consul/docs/connect/proxies/envoy#proxy-config-options)</li>
-     <li>[Consul's built-in proxy](/consul/docs/connect/proxies/built-in#proxy-config-key-reference)</li></ul>`,
-    },
-    {
-      name: 'EnvoyExtensions',
-      type: 'array<EnvoyExtension>: []',
-      description: `A list of extensions to modify Envoy proxy configuration.<br><br>
-        Applying \`EnvoyExtensions\` to \`ProxyDefaults\` may produce unintended consequences. We recommend enabling \`EnvoyExtensions\` with [\`ServiceDefaults\`](/consul/docs/connect/config-entries/service-defaults#envoyextensions) in most cases.`,
-      children: [
-        {
-          name: 'Name',
-          type: `string: ""`,
-          description: `Name of the extension.`,
-        },
-        {
-          name: 'Required',
-          type: `string: ""`,
-          description: `When \`Required\` is true and the extension does not update any Envoy resources, an error is
-          returned. Use this parameter to ensure that extensions required for secure communication are not unintentionally
-          bypassed.`,
-        },
-        {
-          name: 'Arguments',
-          type: 'map<string|Any>: nil',
-          description: `Arguments to pass to the extension executable.`,
-        },
-      ],
-    },
-    {
-      name: 'Mode',
-      type: `string: ""`,
-      description: `One of \`direct\` or \`transparent\`.
-                    \`transparent\` represents that inbound and outbound application traffic is being
-                    captured and redirected through the proxy. This mode does not enable the traffic redirection
-                     itself. Instead it signals Consul to configure Envoy as if traffic is already being redirected.
-                    \`direct\` represents that the proxy's listeners must be dialed directly by the local
-                    application and other proxies.
-                    Added in v1.10.0.`,
-    },
-    {
-      name: 'TransparentProxy',
-      type: 'TransparentProxyConfig: <optional>',
-      description: `Controls configuration specific to proxies in transparent mode. Added in v1.10.0.`,
-      children: [
-        {
-          name: 'OutboundListenerPort',
-          type: 'int: "15001"',
-          description: `The port the proxy should listen on for outbound traffic. This must be the port where
-                        outbound application traffic is captured and redirected to.`,
-        },
-        {
-          name: 'DialedDirectly',
-          type: 'bool: false',
-          description: `Determines whether this proxy instance's IP address can be dialed directly by transparent proxies.
-                        Typically transparent proxies dial upstreams using the "virtual" tagged address, which load balances
-                        across instances. Dialing individual instances can be helpful in cases like stateful services such
-                        as a database cluster with a leader. `,
-        },
-      ],
-    },
-    {
-      name: 'MutualTLSMode',
-      type: 'string: ""',
-      description: `Controls the default mutual TLS mode for all proxies. This setting is only
-                    supported for services with transparent proxy enabled. One of \`""\`, \`strict\`, or \`permissive\`.
-                    When unset or \`""\`, the mode defaults to \`strict\`. When set to \`strict\`, the sidecar proxy
-                    requires mutual TLS for incoming traffic. When set to \`permissive\`, the sidecar proxy accepts
-                    mutual TLS traffic on the sidecar proxy service port and accepts any traffic on the destination
-                    service port. We recommend only using \`permissive\` mode if necessary while onboarding services to
-                    the service mesh. `,
-    },
-    {
-      name: 'MeshGateway',
-      type: 'MeshGatewayConfig: <optional>',
-      description: `Controls the default
-      [mesh gateway configuration](/consul/docs/connect/gateways/mesh-gateway#service-mesh-proxy-configuration)
-      for all proxies. Added in v1.6.0.`,
-      children: [
-        {
-          name: 'Mode',
-          type: 'string: ""',
-          description: 'One of `none`, `local`, or `remote`.',
-        },
-      ],
-    },
-    {
-      name: 'Expose',
-      type: 'ExposeConfig: <optional>',
-      description: `Controls the default
-                      [expose path configuration](/consul/docs/connect/registration/service-registration#expose-paths-configuration-reference)
-                      for Envoy. Added in v1.6.2.<br><br>
-                      Exposing paths through Envoy enables a service to protect itself by only listening on localhost, while still allowing
-                      non-mesh-enabled applications to contact an HTTP endpoint.
-                      Some examples include: exposing a \`/metrics\` path for Prometheus or \`/healthz\` for kubelet liveness checks.`,
-      children: [
-        {
-          name: 'Checks',
-          type: 'bool: false',
-          description: `If enabled, all HTTP and gRPC checks registered with the agent are exposed through Envoy.
-        Envoy will expose listeners for these checks and will only accept connections originating from localhost or Consul's
-        [advertise address](/consul/docs/agent/config/config-files#advertise). The port for these listeners are dynamically allocated from
-        [expose_min_port](/consul/docs/agent/config/config-files#expose_min_port) to [expose_max_port](/consul/docs/agent/config/config-files#expose_max_port).
-        This flag is useful when a Consul client cannot reach registered services over localhost.`,
-        },
-        {
-          name: 'Paths',
-          type: 'array<Path>: []',
-          description: 'A list of paths to expose through Envoy.',
-          children: [
-            {
-              name: 'Path',
-              type: 'string: ""',
-              description:
-                'The HTTP path to expose. The path must be prefixed by a slash. ie: `/metrics`.',
-            },
-            {
-              name: 'LocalPathPort',
-              type: 'int: 0',
-              description:
-                'The port where the local service is listening for connections to the path.',
-            },
-            {
-              name: 'ListenerPort',
-              type: 'int: 0',
-              description: `The port where the proxy will listen for connections. This port must be available
-           for the listener to be set up. If the port is not free then Envoy will not expose a listener for the path,
-           but the proxy registration will not fail.`,
-            },
-            {
-              name: 'Protocol',
-              type: 'string: "http"',
-              description:
-                'Sets the protocol of the listener. One of `http` or `http2`. For gRPC use `http2`.',
-            },
-          ],
-        },
-      ],
-    },
-    {
-      name: 'FailoverPolicy',
-      type: 'ServiceResolverFailoverPolicy: <optional>',
-      description: `Policy specifies the exact mechanism used for failover.
-      Added in v1.16.0.`,
-      children: [
-        {
-          name: 'Mode',
-          type: 'string: ""',
-          description: 'One of `""`, `default`, or `order-by-locality`.',
-        },
-      ],
-    },
-    {
-      name: 'AccessLogs',
-      type: 'AccessLogsConfig: <optional>',
-      description: `Controls the configuration of [Envoy's access logging](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/observability/access_logging.html?highlight=access%20logs)
-                      for all proxies in the mesh, including gateways. It also configures access logs on [Envoy's administration interface](https://www.envoyproxy.io/docs/envoy/latest/operations/admin.html?highlight=administration%20logs).`,
-      children: [
-        {
-          name: 'Enabled',
-          type: 'bool: false',
-          description: 'When enabled, access logs are emitted for all proxies in the mesh, including gateways.',
-        },
-        {
-          name: 'DisableListenerLogs',
-          type: 'bool: false',
-          description: `When enabled, access logs for traffic rejected at the listener-level are not emitted.
-          This traffic includes connections that do not match any of Envoy's configured filters, such as Consul upstream services.
-          Set this option to \`true\` if you do not want to log unknown requests that Envoy is not forwarding`,
-        },
-        {
-          name: 'Type',
-          type: 'string: "stdout"',
-          description: 'The destination for access logs.  One of \`stdout\`, \`stderr\`, or \`file\`.',
-        },
-        {
-          name: 'Path',
-          type: 'string: ""',
-          description: 'The destination file for access logs. Only valid with \`Type\` set to \`file\`.',
-        },
-        {
-          name: 'JSONFormat',
-          type: 'string: (default as follows)',
-          description: `A JSON-formatted string that represents the format of each emitted access log.
-          By default, it is set  to the [default access log format](/consul/docs/connect/observability/access-logs#default-log-format).
-          You can use Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) to customize the emitted data.
-          Nesting is supported.
-          Invalid if a custom format is specified with TextFormat.`,
-        },
-        {
-          name: 'TextFormat',
-          type: 'string: ""',
-          description: `A formatted string that represents the format of each emitted access log.
-          Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) can be used to customize the data emitted.
-          A new line is added to the string automatically.
-          Invalid when a custom JSONFormat is already specified.`,
-        }
-      ],
-    },
-  ]}
-/>
 
 ## Examples
 
+The following examples demonstrate common patterns for configuring proxy defaults configuration entries.
+
 ### Default protocol
 
-The following example configures the default protocol for all proxies.
+The following example sets the default protocol for all proxies to `http`.
 
 <Tabs>
-<Tab heading="Consul OSS">
+<Tab heading="HCL" group="hcl">
 
-<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
+#### Community edition
 
 ```hcl
 Kind      = "proxy-defaults"
@@ -571,6 +750,24 @@ Config {
 }
 ```
 
+#### Consul Enterprise
+
+For Consul Enterprise, you can only create the configuration entry in the `default` namespace. The namepace configuration applies to proxies in all namespaces.
+
+```hcl
+Kind      = "proxy-defaults"
+Name      = "global"
+Namespace = "default" # Can only be set to "default".
+Config {
+  protocol = "http"
+}
+```
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
+#### Community edition
+
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ProxyDefaults
@@ -581,34 +778,9 @@ spec:
     protocol: http
 ```
 
-```json
-{
-  "Kind": "proxy-defaults",
-  "Name": "global",
-  "Config": {
-    "protocol": "http"
-  }
-}
-```
+#### Consul Enterprise
 
-</CodeTabs>
-
-</Tab>
-<Tab heading="Consul Enterprise">
-
--> **NOTE:** The `proxy-defaults` config entry can only be created in the `default`
-namespace and it will configure proxies in **all** namespaces.
-
-<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
-
-```hcl
-Kind      = "proxy-defaults"
-Name      = "global"
-Namespace = "default" # Can only be set to "default".
-Config {
-  protocol = "http"
-}
-```
+For Consul Enterprise, you can only create the configuration entry in the `default` namespace. The namepace configuration applies to proxies in all namespaces.
 
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
@@ -621,27 +793,46 @@ spec:
     protocol: http
 ```
 
+</Tab>
+
+<Tab heading="JSON" group="json">
+
+#### Community edition
+
 ```json
 {
   "Kind": "proxy-defaults",
   "Name": "global",
-  "Namespace": "default",
   "Config": {
     "protocol": "http"
   }
 }
 ```
+#### Consul Enterprise
+
+For Consul Enterprise, you can only create the configuration entry in the `default` namespace. The namepace configuration applies to proxies in all namespaces.
 
-</CodeTabs>
+```json
+{
+  "Kind": "proxy-defaults",
+  "Name": "global",
+  "Namespace": "default",
+  "Config": {
+    "protocol": "http"
+  }
+}
+```
 
 </Tab>
+
 </Tabs>
 
 ### Prometheus
 
 The following example configures all proxies to expose Prometheus metrics.
 
-<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
+<Tabs>
+<Tab heading="HCL" group="hcl">
 
 ```hcl
 Kind      = "proxy-defaults"
@@ -651,6 +842,11 @@ Config {
 }
 ```
 
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
+
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ProxyDefaults
@@ -661,6 +857,10 @@ spec:
     envoy_prometheus_bind_addr: '0.0.0.0:9102'
 ```
 
+</Tab>
+
+<Tab heading="JSON" group="json">
+
 ```json
 {
   "Kind": "proxy-defaults",
@@ -671,14 +871,17 @@ spec:
 }
 ```
 
-</CodeTabs>
+</Tab>
+
+</Tabs>
 
 ### Access Logs
 
-The following example is a minimal configuration for enabling access logs for all proxies.
-Refer to [access logs](/consul/docs/connect/observability/access-logs) for advanced configurations.
+The following example enables access logs for all proxies. efer to [access logs](/consul/docs/connect/observability/access-logs) for more detailed examples.
+
+<Tabs>
+<Tab heading="HCL" group="hcl">
 
-<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
 
 ```hcl
 Kind      = "proxy-defaults"
@@ -688,6 +891,10 @@ AccessLogs {
 }
 ```
 
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ProxyDefaults
@@ -698,6 +905,10 @@ spec:
     enabled: true
 ```
 
+</Tab>
+
+<Tab heading="JSON" group="json">
+
 ```json
 {
   "Kind": "proxy-defaults",
@@ -708,13 +919,16 @@ spec:
 }
 ```
 
-</CodeTabs>
+</Tab>
+
+</Tabs>
 
 ### Proxy-specific defaults
 
-The following example configures some custom default values for all proxies.
+The following example configures custom default values for all proxies.
 
-<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
+<Tabs>
+<Tab heading="HCL" group="hcl">
 
 ```hcl
 Kind      = "proxy-defaults"
@@ -725,6 +939,10 @@ Config {
 }
 ```
 
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ProxyDefaults
@@ -736,6 +954,10 @@ spec:
     handshake_timeout_ms: 10000
 ```
 
+</Tab>
+
+<Tab heading="JSON" group="json">
+
 ```json
 {
   "Kind": "proxy-defaults",
@@ -747,13 +969,6 @@ spec:
 }
 ```
 
-</CodeTabs>
-
-## ACLs
-
-Configuration entries may be protected by [ACLs](/consul/docs/security/acl).
-
-Reading a `proxy-defaults` config entry requires no specific privileges.
+</Tab>
 
-Creating, updating, or deleting a `proxy-defaults` config entry requires
-`operator:write`.
+</Tabs>
\ No newline at end of file

From c790d92485e7a5e517b54311690a774cda54e931 Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Wed, 30 Aug 2023 20:30:07 -0700
Subject: [PATCH 343/359] updated proxies overview page

---
 .../connect/config-entries/proxy-defaults.mdx |  2 +-
 .../content/docs/connect/proxies/index.mdx    | 78 +++++++++++++++----
 2 files changed, 62 insertions(+), 18 deletions(-)

diff --git a/website/content/docs/connect/config-entries/proxy-defaults.mdx b/website/content/docs/connect/config-entries/proxy-defaults.mdx
index 1c649de8c094..b282b34a987e 100644
--- a/website/content/docs/connect/config-entries/proxy-defaults.mdx
+++ b/website/content/docs/connect/config-entries/proxy-defaults.mdx
@@ -7,7 +7,7 @@ description: >-
 
 # Proxy defaults configuration reference
 
-This topic provides reference information for proxy defaults configuration entries. Refer to [Service mesh proxy overview]() <!-- ADD LINK -->for information about using proxies in Consul.
+This topic provides reference information for proxy defaults configuration entries. Refer to [Service mesh proxy overview](/consul/docs/connect/proxies) for information about using proxies in Consul.
 
 ## Introduction
 
diff --git a/website/content/docs/connect/proxies/index.mdx b/website/content/docs/connect/proxies/index.mdx
index ff344e56d2d2..4a438bfcffb9 100644
--- a/website/content/docs/connect/proxies/index.mdx
+++ b/website/content/docs/connect/proxies/index.mdx
@@ -5,25 +5,69 @@ description: >-
   In Consul service mesh, each service has a sidecar proxy that secures connections with other services in the mesh without modifying the underlying application code. You can use the built-in proxy, Envoy, or a custom proxy to handle communication and verify TLS connections.
 ---
 
-# Service Mesh Proxy Overview
+# Service mesh proxy overview
 
-Proxies enable unmodified applications to connect to other services in the service mesh. A
-per-service proxy sidecar transparently handles inbound and outbound service
-connections, automatically wrapping and verifying TLS connections. Consul
-ships with a built-in L4 proxy and has first class support for Envoy. You
-can plug other proxies into your environment as well. This section describes how to
-configure Envoy or the built-in proxy using Consul service mesh, and how to integrate the
-proxy of your choice.
+This topic provides an overview of how Consul uses proxies in your service mesh. A proxy is a type of service that enables unmodified applications to connect to other services in the service mesh. Consul ships with a built-in L4 proxy and has first class support for Envoy. You can plug other proxies into your environment, as well, and apply configurations in Consul to define proxy behavior.
 
-To ensure that services only allow external connections established through
-the service mesh protocol, you should configure all services to only accept connections on a loopback address.
+## Proxy use cases
 
-## Dynamic upstreams require native integration
+_Proxies_ are services that you can configure to perform several different types of functions in Consul.
 
-Service mesh proxies do not support dynamic upstreams.
+### Sidecars
 
-If an application requires dynamic dependencies that are only available
-at runtime, you must [natively integrate](/consul/docs/connect/native)
-the application with Consul service mesh. After natively integrating, the HTTP API or
-[DNS interface](/consul/docs/services/discovery/dns-static-lookups#service-mesh-enabled-service-lookups)
-can be used.
\ No newline at end of file
+You can configure proxies to operate as sidecar services transparently handles inbound and outbound service connections. Sidecars also automatically wrap and verify TLS connections. Each service in your mesh should have its own sidecar proxy.   
+
+Refer to [Register service mesh proxies as sidecars]() for additional information.
+
+### Gateways
+
+You can configure proxies to operate as gateway services, which allow service-to-service traffic across different network areas, including peered clusters, WAN-federated datacenters, and nodes outside the mesh. Consul ships with several types of gateway capabilities, but gateways deliver the underlying functionality.
+
+Refer to [Gateways overview](/consul/docs/connect/gateways) for additional information.
+
+## Supported proxies
+
+Consul has first-class support for Envoy proxies, which is a highly configurable open source edge service. Consul configures Envoy by optionally exposing a gRPC service on the local agent that serves Envoy's xDS configuration API. Refer to the following documentation for additional information:
+
+- [Envoy proxy reference](/consul/docs/connect/proxies/envoy)
+- [Envoy API documentation](https://www.envoyproxy.io/docs/envoy/v1.17.2/api-docs/xds_protocol)
+- [Envoy website](https://www.envoyproxy.io)
+ 
+You can use Consul's built-in proxy service that supports L4 network traffic, which is suitable for testing and development but not recommended for production environments. Refer to the [built-in proxy reference](/consul/docs/connect/proxies/builtin) for additional information.
+
+## Workflow
+
+The following procedure describes how to implement proxies:
+
+1. **Configure global proxy settings**. You can configure global passthrough settings for all proxies deployed to your service mesh in the proxy defaults configuration entry. This step is not required, but it enables you to define common behaviors in a central configuration.
+1. **Deploy your service mesh proxy**. Configure proxy behavior in a service definition and register the proxy with Consul. 
+1. **Start the proxy service**. 
+
+### Dynamic upstreams require native integration
+
+Service mesh proxies do not support dynamic upstreams. If an application requires dynamic dependencies that are only available at runtime, you must [natively integrate](/consul/docs/connect/native) the application with Consul service mesh. After integration, the application can use the HTTP API or [DNS interface](/consul/docs/services/discovery/dns-static-lookups#service-mesh-enabled-service-lookups) to connect to other services in the mesh.
+
+## Proxies in Kubernetes-orchestrated networks
+
+For Kubernetes-orchestrated environments, Consul deploys _dataplanes_ by default to manage proxies. Consul dataplanes are light-weight processes that leverage existing Kubernetes sidecar orchestration capabilities.  Refer to the [ dataplanes documentation](/consul/docs/connect/dataplane) for additional information.
+
+## Guidance
+
+Refer to the following resources for help using service mesh proxies:
+
+### Tutorial
+
+- [Using Envoy with Consul service mesh](/consul/tutorials/developer-mesh/service-mesh-with-envoy-proxy)
+
+### Usage documentation
+
+- [Deploy service mesh proxies](/consul/docs/connect/proxies) <!-- TODO add proper link -->
+- [Deploy sidecar proxies](/consul/docs/connect/registration/sidecar-service) <!-- TODO update to real link -->
+- [Extend Envoy proxies](/consul/docs/connect/proxies/envoy-extensions)
+- [Integrate custom proxies](/consul/docs/connect/proxies/integrate)
+
+### Reference documentation
+
+- [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for additional information. 
+- [Envoy proxies reference](/consul/docs/connect/proxies/envoy)
+- [Service mesh proxy configuration reference](/consul/docs/connect/proxies/builtin)

From a4ebb03f83fdb49fcaf26ab5ed1ac0a4d08466bf Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Wed, 30 Aug 2023 21:11:06 -0700
Subject: [PATCH 344/359] added Deploy SM proxy usage and removed reg index

---
 .../proxies/deploy-service-mesh-proxies.mdx   | 62 +++++++++++++++++++
 .../content/docs/connect/proxies/index.mdx    |  1 +
 .../docs/connect/registration/index.mdx       | 22 -------
 website/data/docs-nav-data.json               | 12 ++--
 4 files changed, 69 insertions(+), 28 deletions(-)
 create mode 100644 website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
 delete mode 100644 website/content/docs/connect/registration/index.mdx

diff --git a/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
new file mode 100644
index 000000000000..05d33dbe1db3
--- /dev/null
+++ b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
@@ -0,0 +1,62 @@
+--- 
+layout: docs
+page_title: Deploy service mesh proxies
+description: Envoy and other proxies in Consul service mesh enable service-to-service communication across your network. Learn how to deploy service mesh proxies in this topic.
+---
+
+# Deploy service mesh proxies services
+
+This topic describes how to create, register, and start service mesh proxies in Consul. Refer to [Service mesh proxies overview](/consul/docs/connect/proxies) for additional information about how proxies enable Consul functionalities. For information about deployed sidecar proxies, refer to [Deploy sidecar proxy services](/consul/docs/connect/proxies/sidecar-services).
+
+## Overview
+
+Complete the following steps to deploy a service mesh proxy:
+
+1. It is not required, but you can create a proxy defaults configuration entry that contains global  passthrough settings for all Envoy proxies. Refer to [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for additional information.
+1. Create a service definition file and specify the proxy configurations in the `proxy` block.
+1. Register the service using the API or CLI.
+1. Start the proxy service. 
+
+## Requirements
+
+If [ACLs](/consul/docs/security/acl) are enabled and you want to configure global Envoy settings in the [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults), you must present a token with `operator:write` permissions. Refer to [Create a service token](/consul/docs/security/acl/tokens/create/create-a-service-token) for additional information.
+
+## Define service mesh proxy 
+
+Create a service definition file and configure the following fields to define a service mesh proxy:
+
+1. Set the `kind` field to `connect-proxy`. Refer to the [services configuration reference](/consul/docs/services/configuration/services-configuration-reference#kind) for information about other kinds of proxies you can declare.
+1. Specify a name for the proxy service in the `name` field. Consul applies the configurations to any proxies you bootstrap with the same name.
+1. In the `proxy.destination_service_name` field, specify the name of the service that the proxy represents. 
+1. Configure any additional proxy behaviors that you want to implement in the `proxy` block. Refer to the [Service mesh proxy configuration reference](/consul/docs/connect/registration/service-registration) for information about all parameters. 
+1. Specify a port number where other services registered with Consul can discover and connect to the proxies service in the `port` field. To ensure that services only allow external connections established through the service mesh protocol, you should configure all services to only accept connections on a loopback address.
+
+Refer to the [Service mesh proxy configuration reference](/consul/docs/connect/proxy-config-reference) for example configurations.
+
+ ## Register the service 
+
+Provide the service definition to the Consul agent to register your proxy service. You can use the same methods for registering proxy services as you do for registering application services:
+ 
+- Place the service definition in a Consul agent's configuration directory and start, restart, or reload the agent. Use this method when implementing changes to an existing proxy service.
+- Use the `consul services register` command to register the proxy service with a running Consul agent.
+- Call the `/agent/service/register` HTTP API endpoint to register the proxy service with a running Consul agent.
+
+Refer to [Register services and health checks](/consul/docs/services/usage/register-services-checks) for instructions.
+
+In the following example, the `consul services register` command registers a proxy service stored in `proxy.hcl`:
+
+```shell-session
+$ consul services register proxy.hcl
+```
+
+## Start the proxy
+
+Envoy requires a bootstrap configuration file before it can start. Use the [`consul connect envoy` command](/consul/commands/connect/envoy) to create the Envoy bootstrap configuration and start the proxy service. Specify the ID of the proxy you want to start with the `-proxy-id` option.  
+
+The following example command starts an Envoy proxy for the `web-proxy` service:
+
+```shell-session
+$ consul connect envoy -proxy-id=web-proxy
+```
+
+For details about operating an Envoy proxy in Consul, refer to the [Envoy proxy reference](/consul/docs/connect/proxies/envoy).  
diff --git a/website/content/docs/connect/proxies/index.mdx b/website/content/docs/connect/proxies/index.mdx
index 4a438bfcffb9..f09aa820be16 100644
--- a/website/content/docs/connect/proxies/index.mdx
+++ b/website/content/docs/connect/proxies/index.mdx
@@ -71,3 +71,4 @@ Refer to the following resources for help using service mesh proxies:
 - [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for additional information. 
 - [Envoy proxies reference](/consul/docs/connect/proxies/envoy)
 - [Service mesh proxy configuration reference](/consul/docs/connect/proxies/builtin)
+- [`consul connect envoy` command](/consul/commands/connect/envoy)
diff --git a/website/content/docs/connect/registration/index.mdx b/website/content/docs/connect/registration/index.mdx
deleted file mode 100644
index 96db32788776..000000000000
--- a/website/content/docs/connect/registration/index.mdx
+++ /dev/null
@@ -1,22 +0,0 @@
----
-layout: docs
-page_title: Service Mesh Proxy Registration Overview
-description: >-
-  To make Consul aware of proxies in your service mesh, you must register them. Learn about methods for configuring and registering sidecar proxies.
----
-
-# Service Mesh Proxy Overview
-
-To enable service mesh proxies, you must define and register them with Consul. Proxies are a type of service in Consul that facilitate highly secure communication between services in a service mesh. The topics in the section outline your options for registering service mesh proxies. You can register proxies independently or nested inside a sidecar service registration.
-
-## Proxy service registration
-
-To register proxies with independent proxy service registrations, you can define them in either in config files or via the API just like any other service. Learn more about all of the options you can define when registering your proxy service in the [proxy registration documentation](/consul/docs/connect/registration/service-registration).
-
-## Sidecar service registration
-
-To reduce the amount of boilerplate needed for a sidecar proxy,
-application service definitions may define an inline sidecar service block. This is an opinionated
-shorthand for a separate full proxy registration as described above. For a
-description of how to configure the sidecar proxy as well as the opinionated defaults, see the [sidecar service registrations
-documentation](/consul/docs/connect/registration/sidecar-service).
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 8bb99505b7c9..3d79b9b9d2f5 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -479,14 +479,18 @@
         ]
       },
       {
-        "title": "Supported Proxies",
+        "title": "Proxies",
         "routes": [
           {
             "title": "Overview",
             "path": "connect/proxies"
           },
           {
-            "title": "Envoy",
+            "title": "Deploy service mesh proxies",
+            "path": "connect/proxies/deploy-service-mesh-proxies"
+          },
+          {
+            "title": "Envoy proxies reference",
             "path": "connect/proxies/envoy"
           },
           {
@@ -561,10 +565,6 @@
       {
         "title": "Registering Proxies",
         "routes": [
-          {
-            "title": "Overview",
-            "path": "connect/registration"
-          },
           {
             "title": "Proxy Service Registration",
             "path": "connect/registration/service-registration"

From 56733fb40d0f7eaf0ec25d739c10580e3504063a Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Wed, 30 Aug 2023 21:14:59 -0700
Subject: [PATCH 345/359] moved sidecar proxy usage to main proxy folder

---
 .../deploy-sidecar-services.mdx}                          | 0
 website/data/docs-nav-data.json                           | 8 ++++----
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename website/content/docs/connect/{registration/sidecar-service.mdx => proxies/deploy-sidecar-services.mdx} (100%)

diff --git a/website/content/docs/connect/registration/sidecar-service.mdx b/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
similarity index 100%
rename from website/content/docs/connect/registration/sidecar-service.mdx
rename to website/content/docs/connect/proxies/deploy-sidecar-services.mdx
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 3d79b9b9d2f5..d82cdd22bf4a 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -489,6 +489,10 @@
             "title": "Deploy service mesh proxies",
             "path": "connect/proxies/deploy-service-mesh-proxies"
           },
+          {
+            "title": "Deploy sidecar services",
+            "path": "connect/proxies/deploy-sidecar-services"
+          },
           {
             "title": "Envoy proxies reference",
             "path": "connect/proxies/envoy"
@@ -568,10 +572,6 @@
           {
             "title": "Proxy Service Registration",
             "path": "connect/registration/service-registration"
-          },
-          {
-            "title": "Sidecar Service Registration",
-            "path": "connect/registration/sidecar-service"
           }
         ]
       },

From 1ab22a78f305097b469573e51c8a161e0d46449b Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Wed, 30 Aug 2023 21:32:27 -0700
Subject: [PATCH 346/359] recast sidecar reg page as Deploy sidecar services

---
 .../proxies/deploy-service-mesh-proxies.mdx   |   2 +-
 .../proxies/deploy-sidecar-services.mdx       | 155 +++++++++++++++---
 2 files changed, 130 insertions(+), 27 deletions(-)

diff --git a/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
index 05d33dbe1db3..cc7e595cc856 100644
--- a/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
+++ b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
@@ -6,7 +6,7 @@ description: Envoy and other proxies in Consul service mesh enable service-to-se
 
 # Deploy service mesh proxies services
 
-This topic describes how to create, register, and start service mesh proxies in Consul. Refer to [Service mesh proxies overview](/consul/docs/connect/proxies) for additional information about how proxies enable Consul functionalities. For information about deployed sidecar proxies, refer to [Deploy sidecar proxy services](/consul/docs/connect/proxies/sidecar-services).
+This topic describes how to create, register, and start service mesh proxies in Consul. Refer to [Service mesh proxies overview](/consul/docs/connect/proxies) for additional information about how proxies enable Consul functionalities. For information about deployed sidecar proxies, refer to [Deploy sidecar proxy services](/consul/docs/connect/proxies/deploy-sidecar-services).
 
 ## Overview
 
diff --git a/website/content/docs/connect/proxies/deploy-sidecar-services.mdx b/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
index 46e14869c31e..5550dd1769c0 100644
--- a/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
+++ b/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
@@ -5,24 +5,55 @@ description: >-
   You can register a service instance and its sidecar proxy at the same time. Learn about default settings, customizable parameters, limitations, and lifecycle behaviors of the sidecar proxy.
 ---
 
-# Register a Service Mesh Proxy in a Service Registration
+# Deploy sidecar proxies
+
+This topic describes how to create, register, and start sidecar proxy services in Consul. Refer to [Service mesh proxies overview](/consul/docs/connect/proxies) for additional information about how proxies enable Consul functionalities. For information about deploying service mesh proxies, refer to [Deploy service mesh proxies](/consul/docs/connect/proxies/deploy-service-mesh-proxies).
+
+## Overview
 
-This topic describes how to declare a proxy as a _sidecar_ proxy. 
 Sidecar proxies run on the same node as the single service instance that they handle traffic for. 
-They may be on the same VM or running as a separate container in the same network namespace.
+They may be on the same VM or running as a separate container in the same network namespace. 
 
-## Configuration
+You can attach a sidecar proxy to a service you want to deploy to your mesh:
 
-Add the `connect.sidecar_service` block to your service definition file and specify the parameters to configure sidecar proxy behavior. The `sidecar_service` block is a service definition that can contain most regular service definition fields. Refer to [Limitations](#limitations) for information about unsupported service definition fields for sidecar proxies. 
+1. It is not required, but you can create a proxy defaults configuration entry that contains global  passthrough settings for all Envoy proxies. Refer to [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for additional information.
+1. Create the service definition and include the `connect` block. The `connect` block contains the sidecar proxy configurations that allow the service to interact with other services in the mesh.
+1. Register the service using either the API or CLI.
+1. Start the sidecar proxy service. 
 
-Consul treats sidecar proxy service definitions as a root-level service definition. All fields are optional in nested
-definitions, which default to opinionated settings that are intended to reduce burden of setting up a sidecar proxy.
+## Requirements
+
+If [ACLs](/consul/docs/security/acl) are enabled and you want to configure global Envoy settings in the [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults), you must present a token with `operator:write` permissions. Refer to [Create a service token](/consul/docs/security/acl/tokens/create/create-a-service-token) for additional information.
+
+## Define service mesh proxy 
 
-## Minimal Example
+Create a service definition and configure the following fields: 
+
+1. Specify a name for the service you want to attach a sidecar proxy to in the `name` field. This field is required for all services you want to register in Consul.  
+1. Specify a port number where other services registered with Consul can discover and connect to the service in the `port` field. This field is required for all services you want to register in Consul.
+1. Set the `connect` field to `{ sidecar_service: {} }`. The `{ sidecar_service: {} }` value is a macro that applies a set of default configurations that enable you to quickly implement a sidecar. Refer to [Sidecar service defaults](#sidecar-service-defaults) for additional information.
+1. Configure any additional options for your service. Refer to [Services configuration reference](/consul/docs/services/configuration/services-configuration-reference) for details. 
+
+In the following example, a service named `web` is configured with a sidecar proxy:
+
+<Tabs>
+
+<Tab heading="HCL" group="hcl">
+
+```hcl
+service = {
+  name = "web"
+  port = 8080
+  connect = { sidecar_service = {} }
+}
+```  
 
-To register a service instance with a sidecar, all that's needed is:
+</Tab>
+
+<Tab heading="JSON" group="json">
 
 ```json
+
 {
   "service": {
     "name": "web",
@@ -30,13 +61,50 @@ To register a service instance with a sidecar, all that's needed is:
     "connect": { "sidecar_service": {} }
   }
 }
+
 ```
 
-This will register the `web` service as normal, but will also register another
-[proxy service](/consul/docs/connect/proxies) with defaults values used.
+</Tab>
+
+</Tabs>
+
+When Consul processes the service definition, it generates the following configuration in place of the `sidecar_service` macro. Note that sidecar proxies services are based on the `connect-proxy` type:
+
+<Tabs>
+
+<Tab heading="HCL" group="hcl">
+
+```hcl
+services = [ 
+  {
+    name = "web"
+    port = 8080
+  }
+    checks = {
+      Interval = "10s"
+      Name = "Connect Sidecar Listening"
+      TCP = "127.0.0.1:20000"
+    }
+    checks = {
+      alias_service = "web"
+      name = "Connect Sidecar Aliasing web"
+    }
+    kind = "connect-proxy"
+    name = "web-sidecar-proxy"
+    port = 20000
+    proxy = {
+      destination_service_id = "web"
+      destination_service_name = "web"
+      local_service_address = "127.0.0.1"
+      local_service_port = 8080
+    }
+]
+
+```  
+
+</Tab>
 
-The above expands out to be equivalent to the following explicit service
-definitions:
+<Tab heading="JSON" group="json">
 
 ```json
 {
@@ -69,19 +137,57 @@ definitions:
     }
   ]
 }
+
 ```
 
-Details on how the defaults are determined are [documented
-below](#sidecar-service-defaults).
+</Tab>
+
+</Tabs>    
+
+## Register the service 
+
+Provide the service definition to the Consul agent to register your proxy service. You can use the same methods for registering proxy services as you do for registering application services:
+ 
+- Place the service definition in a Consul agent's configuration directory and start, restart, or reload the agent. Use this method when implementing changes to an existing proxy service.
+- Use the `consul services register` command to register the proxy service with a running Consul agent.
+- Call the `/agent/service/register` HTTP API endpoint to register the proxy service with a running Consul agent.
+
+Refer to [Register services and health checks](/consul/docs/services/usage/register-services-checks) for instructions.
 
--> **Note:** Sidecar service registrations are only a shorthand for registering
-multiple services. Consul will not start up or manage the actual proxy processes
-for you.
+In the following example, the `consul services register` command registers a proxy service stored in `proxy.hcl`:
 
-## Overridden Example
+```shell-session
+$ consul services register proxy.hcl
+```
+
+## Start the proxy
+
+Envoy requires a bootstrap configuration file before it can start. Use the [`consul connect envoy` command](/consul/commands/connect/envoy) to create the Envoy bootstrap configuration and start the proxy service. Specify the name of the service with the attached proxy with the `-sidecar-for` option.  
+
+The following example command starts an Envoy sidecar proxy for the `web` service:
+
+```shell-session
+$ consul connect envoy -sidecar-for=web
+```
 
-The following example shows a service definition where some fields are
-overridden to customize the proxy configuration.
+For details about operating an Envoy proxy in Consul, refer to [](/consul/docs/connect/proxies/envoy)  
+
+
+## Configuration reference
+
+Add the `connect.sidecar_service` block to your service definition file and specify the parameters to configure sidecar proxy behavior. The `sidecar_service` block is a service definition that can contain most regular service definition fields. Refer to [Limitations](#limitations) for information about unsupported service definition fields for sidecar proxies. 
+
+Consul treats sidecar proxy service definitions as a root-level service definition. All fields are optional in nested
+definitions, which default to opinionated settings that are intended to reduce burden of setting up a sidecar proxy.
+
+
+
+## Example with overwitten configurations
+
+In the following example, but the `sidecar_service` macro sets baselines configurations for the proxy, but the [proxy
+upstreams](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference)
+and [built-in proxy
+configuration](/consul/docs/connect/proxies/built-in) fields contain custom values:  
 
 ```json
 {
@@ -105,12 +211,9 @@ overridden to customize the proxy configuration.
 }
 ```
 
-This example customizes the [proxy
-upstreams](/consul/docs/connect/registration/service-registration#upstream-configuration-reference)
-and some [built-in proxy
-configuration](/consul/docs/connect/proxies/built-in).
 
-## Sidecar Service Defaults
+
+## Sidecar service defaults
 
 The following fields are set by default on a sidecar service registration. With
 [the exceptions noted](#limitations) any field may be overridden explicitly in

From 7f7ea984e802230a8f699569905e79cb3e143bdc Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Thu, 31 Aug 2023 04:32:27 +0000
Subject: [PATCH 347/359] backport of commit
 1ab22a78f305097b469573e51c8a161e0d46449b

---
 .changelog/17155.txt                          |    3 -
 .changelog/17481.txt                          |    3 -
 .changelog/17593.txt                          |    3 -
 .changelog/17694.txt                          |    3 -
 .changelog/17754.txt                          |    4 +-
 .changelog/17831.txt                          |    3 -
 .changelog/18007.txt                          |    3 -
 .changelog/18300.txt                          |    3 -
 .changelog/18303.txt                          |    3 +
 .changelog/18324.txt                          |    3 -
 .changelog/18336.txt                          |    7 -
 .changelog/18367.txt                          |    3 -
 .changelog/18381.txt                          |    6 +
 .changelog/18439.txt                          |    3 -
 .changelog/18560.txt                          |    3 -
 .changelog/18583.txt                          |    3 -
 .changelog/18617.txt                          |    4 +
 .changelog/18625.txt                          |    5 +
 .changelog/18636.txt                          |    3 +
 .changelog/18667.txt                          |    3 +
 .changelog/_18366.txt                         |    3 -
 .changelog/_18422.txt                         |    3 -
 .copywrite.hcl                                |   11 +-
 .github/ISSUE_TEMPLATE/config.yml             |    2 +-
 .github/dependabot.yml                        |    2 +-
 .github/pr-labeler.yml                        |    2 +-
 .github/scripts/changelog_checker.sh          |    2 +-
 .github/scripts/get_runner_classes.sh         |   32 +-
 .github/scripts/get_runner_classes_windows.sh |   26 -
 .github/scripts/metrics_checker.sh            |    2 +-
 .github/scripts/notify_slack.sh               |    7 +-
 .github/scripts/rerun_fails_report.sh         |    2 +-
 .github/scripts/set_test_package_matrix.sh    |    2 +-
 .github/scripts/verify_artifact.sh            |    2 +-
 .github/scripts/verify_bin.sh                 |    2 +-
 .github/scripts/verify_deb.sh                 |    2 +-
 .github/scripts/verify_docker.sh              |    2 +-
 .github/scripts/verify_envoy_version.sh       |    2 +-
 .github/scripts/verify_rpm.sh                 |    2 +-
 .github/workflows/bot-auto-approve.yaml       |    2 +-
 .github/workflows/broken-link-check.yml       |    6 +-
 .github/workflows/build-artifacts.yml         |   14 +-
 .github/workflows/build-distros.yml           |   14 +-
 .github/workflows/build.yml                   |   36 +-
 .github/workflows/ce-merge-trigger.yml        |    2 +-
 .github/workflows/changelog-checker.yml       |    2 +-
 .github/workflows/embedded-asset-checker.yml  |    2 +-
 .github/workflows/frontend.yml                |   18 +-
 .github/workflows/go-tests.yml                |   90 +-
 .github/workflows/issue-comment-created.yml   |    4 +-
 .github/workflows/jira-issues.yaml            |   14 +-
 .github/workflows/jira-pr.yaml                |   14 +-
 ...t-1.16.x.yaml => nightly-test-1.12.x.yaml} |   45 +-
 .github/workflows/nightly-test-1.13.x.yaml    |   43 +-
 .github/workflows/nightly-test-1.14.x.yaml    |   43 +-
 .github/workflows/nightly-test-1.15.x.yaml    |   43 +-
 .../nightly-test-integrations-1.15.x.yml      |  320 --
 .../nightly-test-integrations-1.16.x.yml      |  342 --
 .../workflows/nightly-test-integrations.yml   |   33 +-
 .github/workflows/nightly-test-main.yaml      |   43 +-
 .github/workflows/pr-labeler.yml              |    2 +-
 .github/workflows/pr-metrics-test-checker.yml |    2 +-
 .github/workflows/reusable-check-go-mod.yml   |    4 +-
 .../workflows/reusable-dev-build-windows.yml  |   47 -
 .github/workflows/reusable-dev-build.yml      |   14 +-
 .github/workflows/reusable-lint.yml           |    8 +-
 .github/workflows/reusable-unit-split.yml     |   15 +-
 .github/workflows/reusable-unit.yml           |    9 +-
 .github/workflows/stale.yml                   |    2 +-
 .../workflows/test-integrations-windows.yml   | 1209 ------
 .github/workflows/test-integrations.yml       |  133 +-
 .github/workflows/verify-envoy-version.yml    |    2 +-
 .gitignore                                    |    2 -
 .golangci.yml                                 |    2 +-
 .release/ci.hcl                               |    2 +-
 .release/docker/docker-entrypoint-ubi.sh      |    2 +-
 .release/docker/docker-entrypoint-windows.sh  |   85 -
 .release/docker/docker-entrypoint.sh          |    2 +-
 .../linux/package/etc/consul.d/consul.hcl     |    2 +-
 .release/release-metadata.hcl                 |    2 +-
 .release/security-scan.hcl                    |    2 +-
 CHANGELOG.md                                  |  177 +-
 Dockerfile                                    |    2 +-
 Dockerfile-windows                            |   51 -
 Makefile => GNUmakefile                       |  431 +-
 LICENSE                                       |  417 +-
 README.md                                     |    3 +-
 acl/MockAuthorizer.go                         |    2 +-
 acl/acl.go                                    |    2 +-
 acl/acl_ce.go                                 |    2 +-
 acl/acl_test.go                               |    2 +-
 acl/authorizer.go                             |    2 +-
 acl/authorizer_ce.go                          |    2 +-
 acl/authorizer_test.go                        |    2 +-
 acl/chained_authorizer.go                     |    2 +-
 acl/chained_authorizer_test.go                |    2 +-
 acl/enterprisemeta_ce.go                      |    2 +-
 acl/errors.go                                 |    2 +-
 acl/errors_ce.go                              |    2 +-
 acl/errors_test.go                            |    2 +-
 acl/policy.go                                 |    2 +-
 acl/policy_authorizer.go                      |    2 +-
 acl/policy_authorizer_ce.go                   |    2 +-
 acl/policy_authorizer_test.go                 |    2 +-
 acl/policy_ce.go                              |    2 +-
 acl/policy_merger.go                          |    2 +-
 acl/policy_merger_ce.go                       |    2 +-
 acl/policy_test.go                            |    2 +-
 acl/resolver/danger.go                        |    2 +-
 acl/resolver/result.go                        |    2 +-
 acl/static_authorizer.go                      |    2 +-
 acl/static_authorizer_test.go                 |    2 +-
 acl/testing.go                                |    2 +-
 acl/validation.go                             |    2 +-
 acl/validation_test.go                        |    2 +-
 agent/acl.go                                  |    2 +-
 agent/acl_ce.go                               |    2 +-
 agent/acl_endpoint.go                         |    3 +-
 agent/acl_endpoint_test.go                    |   34 +-
 agent/acl_test.go                             |    6 +-
 agent/ae/ae.go                                |    2 +-
 agent/ae/ae_test.go                           |    2 +-
 agent/ae/trigger.go                           |    2 +-
 agent/agent.go                                |  159 +-
 agent/agent_ce.go                             |    2 +-
 agent/agent_ce_test.go                        |    2 +-
 agent/agent_endpoint.go                       |   12 +-
 agent/agent_endpoint_ce.go                    |    2 +-
 agent/agent_endpoint_ce_test.go               |    2 +-
 agent/agent_endpoint_test.go                  |   41 +-
 agent/agent_test.go                           |  175 +-
 agent/apiserver.go                            |    2 +-
 agent/apiserver_test.go                       |    2 +-
 agent/auto-config/auto_config.go              |    2 +-
 agent/auto-config/auto_config_ce.go           |    2 +-
 agent/auto-config/auto_config_ce_test.go      |    2 +-
 agent/auto-config/auto_config_test.go         |    2 +-
 agent/auto-config/auto_encrypt.go             |    2 +-
 agent/auto-config/auto_encrypt_test.go        |    2 +-
 agent/auto-config/config.go                   |    2 +-
 agent/auto-config/config_ce.go                |    2 +-
 agent/auto-config/config_translate.go         |    2 +-
 agent/auto-config/config_translate_test.go    |    2 +-
 agent/auto-config/mock_ce_test.go             |    2 +-
 agent/auto-config/mock_test.go                |    2 +-
 agent/auto-config/persist.go                  |    2 +-
 agent/auto-config/run.go                      |    2 +-
 agent/auto-config/server_addr.go              |    2 +-
 agent/auto-config/tls.go                      |    2 +-
 agent/auto-config/tls_test.go                 |    2 +-
 agent/blockingquery/blockingquery.go          |    3 -
 agent/blockingquery/blockingquery_test.go     |    3 -
 agent/cache-types/catalog_datacenters.go      |    2 +-
 agent/cache-types/catalog_datacenters_test.go |    2 +-
 agent/cache-types/catalog_list_services.go    |    2 +-
 .../cache-types/catalog_list_services_test.go |    2 +-
 agent/cache-types/catalog_service_list.go     |    2 +-
 .../cache-types/catalog_service_list_test.go  |    2 +-
 agent/cache-types/catalog_services.go         |    2 +-
 agent/cache-types/catalog_services_test.go    |    2 +-
 agent/cache-types/config_entry.go             |    2 +-
 agent/cache-types/config_entry_test.go        |    2 +-
 agent/cache-types/connect_ca_root.go          |    2 +-
 agent/cache-types/connect_ca_root_test.go     |    2 +-
 agent/cache-types/discovery_chain.go          |    2 +-
 agent/cache-types/discovery_chain_test.go     |    2 +-
 agent/cache-types/exported_peered_services.go |    2 +-
 .../exported_peered_services_test.go          |    2 +-
 .../federation_state_list_gateways.go         |    2 +-
 .../federation_state_list_gateways_test.go    |    2 +-
 agent/cache-types/gateway_services.go         |    2 +-
 agent/cache-types/gateway_services_test.go    |    2 +-
 agent/cache-types/health_services.go          |    2 +-
 agent/cache-types/health_services_test.go     |    2 +-
 agent/cache-types/intention_match.go          |    2 +-
 agent/cache-types/intention_match_test.go     |    2 +-
 agent/cache-types/intention_upstreams.go      |    2 +-
 .../intention_upstreams_destination.go        |    2 +-
 .../intention_upstreams_destination_test.go   |    2 +-
 agent/cache-types/intention_upstreams_test.go |    2 +-
 agent/cache-types/node_services.go            |    2 +-
 agent/cache-types/node_services_test.go       |    2 +-
 agent/cache-types/options.go                  |    2 +-
 agent/cache-types/peered_upstreams.go         |    2 +-
 agent/cache-types/peered_upstreams_test.go    |    2 +-
 agent/cache-types/peerings.go                 |    2 +-
 agent/cache-types/peerings_test.go            |    2 +-
 agent/cache-types/prepared_query.go           |    2 +-
 agent/cache-types/prepared_query_test.go      |    2 +-
 agent/cache-types/resolved_service_config.go  |    2 +-
 .../resolved_service_config_test.go           |    2 +-
 agent/cache-types/rpc.go                      |    2 +-
 agent/cache-types/service_checks.go           |    2 +-
 agent/cache-types/service_checks_test.go      |    2 +-
 agent/cache-types/service_dump.go             |    2 +-
 agent/cache-types/service_dump_test.go        |    2 +-
 agent/cache-types/service_gateways.go         |    2 +-
 agent/cache-types/service_gateways_test.go    |    2 +-
 agent/cache-types/testing.go                  |    2 +-
 agent/cache-types/trust_bundle.go             |    2 +-
 agent/cache-types/trust_bundle_test.go        |    2 +-
 agent/cache-types/trust_bundles.go            |    2 +-
 agent/cache-types/trust_bundles_test.go       |    2 +-
 agent/cache/cache.go                          |    2 +-
 agent/cache/cache_test.go                     |    2 +-
 agent/cache/entry.go                          |    2 +-
 agent/cache/request.go                        |    2 +-
 agent/cache/testing.go                        |    2 +-
 agent/cache/type.go                           |    2 +-
 agent/cache/watch.go                          |    2 +-
 agent/cache/watch_test.go                     |    2 +-
 agent/catalog_endpoint.go                     |    2 +-
 agent/catalog_endpoint_ce.go                  |    2 +-
 agent/catalog_endpoint_test.go                |    2 +-
 agent/check.go                                |    2 +-
 agent/checks/alias.go                         |    2 +-
 agent/checks/alias_test.go                    |    2 +-
 agent/checks/check.go                         |   40 +-
 agent/checks/check_test.go                    |    2 +-
 agent/checks/check_windows_test.go            |    2 +-
 agent/checks/docker.go                        |    2 +-
 agent/checks/docker_unix.go                   |    2 +-
 agent/checks/docker_windows.go                |    2 +-
 agent/checks/grpc.go                          |    2 +-
 agent/checks/grpc_test.go                     |    2 +-
 agent/checks/os_service.go                    |    2 +-
 agent/checks/os_service_unix.go               |    2 +-
 agent/checks/os_service_windows.go            |    2 +-
 agent/config/agent_limits.go                  |    2 +-
 agent/config/builder.go                       |   20 +-
 agent/config/builder_ce.go                    |    2 +-
 agent/config/builder_ce_test.go               |    2 +-
 agent/config/builder_test.go                  |    2 +-
 agent/config/config.go                        |    3 +-
 agent/config/config_ce.go                     |    2 +-
 agent/config/default.go                       |    6 +-
 agent/config/default_ce.go                    |    2 +-
 agent/config/deprecated.go                    |    2 +-
 agent/config/deprecated_test.go               |    2 +-
 agent/config/doc.go                           |    2 +-
 agent/config/file_watcher.go                  |    2 +-
 agent/config/file_watcher_test.go             |    2 +-
 agent/config/flags.go                         |    2 +-
 agent/config/flags_test.go                    |    2 +-
 agent/config/flagset.go                       |    2 +-
 agent/config/golden_test.go                   |    2 +-
 agent/config/limits.go                        |    2 +-
 agent/config/limits_windows.go                |    2 +-
 agent/config/merge.go                         |    2 +-
 agent/config/merge_test.go                    |    2 +-
 agent/config/ratelimited_file_watcher.go      |    2 +-
 agent/config/ratelimited_file_watcher_test.go |    2 +-
 agent/config/runtime.go                       |    2 +-
 agent/config/runtime_ce.go                    |    2 +-
 agent/config/runtime_ce_test.go               |    2 +-
 agent/config/runtime_test.go                  |  183 +-
 agent/config/segment_ce.go                    |    2 +-
 agent/config/segment_ce_test.go               |    2 +-
 .../TestRuntimeConfig_Sanitize.golden         |    2 +
 agent/config/testdata/full-config.hcl         |    2 +-
 agent/config_endpoint.go                      |    2 +-
 agent/config_endpoint_test.go                 |    2 +-
 agent/configentry/compare.go                  |    3 -
 agent/configentry/compare_test.go             |    3 -
 agent/configentry/config_entry.go             |    2 +-
 agent/configentry/discoverychain.go           |    2 +-
 agent/configentry/doc.go                      |    2 +-
 agent/configentry/merge_service_config.go     |    8 +-
 .../configentry/merge_service_config_test.go  |  110 +-
 agent/configentry/resolve.go                  |    5 +-
 agent/configentry/resolve_test.go             |    2 +-
 agent/configentry/service_config.go           |    2 +-
 agent/connect/authz.go                        |    2 +-
 agent/connect/authz_test.go                   |    2 +-
 agent/connect/ca/common.go                    |    2 +-
 agent/connect/ca/provider.go                  |    4 +-
 agent/connect/ca/provider_aws.go              |    2 +-
 agent/connect/ca/provider_aws_test.go         |    2 +-
 agent/connect/ca/provider_consul.go           |    2 +-
 agent/connect/ca/provider_consul_config.go    |    2 +-
 agent/connect/ca/provider_consul_test.go      |    2 +-
 agent/connect/ca/provider_test.go             |    4 +-
 agent/connect/ca/provider_vault.go            |   16 +-
 agent/connect/ca/provider_vault_auth.go       |    2 +-
 .../ca/provider_vault_auth_alicloud.go        |    2 +-
 .../connect/ca/provider_vault_auth_approle.go |    2 +-
 agent/connect/ca/provider_vault_auth_aws.go   |    2 +-
 agent/connect/ca/provider_vault_auth_azure.go |    2 +-
 agent/connect/ca/provider_vault_auth_gcp.go   |    2 +-
 agent/connect/ca/provider_vault_auth_jwt.go   |    2 +-
 agent/connect/ca/provider_vault_auth_k8s.go   |    2 +-
 agent/connect/ca/provider_vault_auth_test.go  |    2 +-
 agent/connect/ca/provider_vault_test.go       |   20 +-
 agent/connect/ca/testing.go                   |    2 +-
 agent/connect/common_names.go                 |    2 +-
 agent/connect/csr.go                          |    2 +-
 agent/connect/csr_test.go                     |    2 +-
 agent/connect/generate.go                     |    2 +-
 agent/connect/generate_test.go                |    2 +-
 agent/connect/parsing.go                      |    4 +-
 agent/connect/sni.go                          |    2 +-
 agent/connect/sni_test.go                     |    2 +-
 agent/connect/testing_ca.go                   |    2 +-
 agent/connect/testing_ca_test.go              |    2 +-
 agent/connect/testing_spiffe.go               |    2 +-
 agent/connect/uri.go                          |    2 +-
 agent/connect/uri_agent.go                    |    2 +-
 agent/connect/uri_agent_ce.go                 |    2 +-
 agent/connect/uri_agent_ce_test.go            |    2 +-
 agent/connect/uri_mesh_gateway.go             |    2 +-
 agent/connect/uri_mesh_gateway_ce.go          |    2 +-
 agent/connect/uri_mesh_gateway_ce_test.go     |    2 +-
 agent/connect/uri_server.go                   |    2 +-
 agent/connect/uri_service.go                  |    2 +-
 agent/connect/uri_service_ce.go               |    2 +-
 agent/connect/uri_service_ce_test.go          |    2 +-
 agent/connect/uri_signing.go                  |    2 +-
 agent/connect/uri_signing_test.go             |    2 +-
 agent/connect/uri_test.go                     |    2 +-
 agent/connect/x509_patch.go                   |    2 +-
 agent/connect/x509_patch_test.go              |    2 +-
 agent/connect_auth.go                         |    2 +-
 agent/connect_ca_endpoint.go                  |    2 +-
 agent/connect_ca_endpoint_test.go             |    2 +-
 agent/consul/acl.go                           |    2 +-
 agent/consul/acl_authmethod.go                |    2 +-
 agent/consul/acl_authmethod_ce.go             |    2 +-
 agent/consul/acl_ce.go                        |    2 +-
 agent/consul/acl_ce_test.go                   |    2 +-
 agent/consul/acl_client.go                    |    2 +-
 agent/consul/acl_endpoint.go                  |   16 +-
 agent/consul/acl_endpoint_ce.go               |    2 +-
 agent/consul/acl_endpoint_test.go             |    2 +-
 agent/consul/acl_replication.go               |    2 +-
 agent/consul/acl_replication_test.go          |    7 +-
 agent/consul/acl_replication_types.go         |    3 +-
 agent/consul/acl_server.go                    |    2 +-
 agent/consul/acl_server_ce.go                 |    2 +-
 agent/consul/acl_test.go                      |    2 +-
 agent/consul/acl_token_exp.go                 |    2 +-
 agent/consul/acl_token_exp_test.go            |    2 +-
 agent/consul/auth/binder.go                   |    2 +-
 agent/consul/auth/binder_ce.go                |    2 +-
 agent/consul/auth/binder_test.go              |    2 +-
 agent/consul/auth/login.go                    |    2 +-
 agent/consul/auth/token_writer.go             |    2 +-
 agent/consul/auth/token_writer_ce.go          |    2 +-
 agent/consul/auth/token_writer_test.go        |    2 +-
 agent/consul/authmethod/authmethods.go        |    2 +-
 agent/consul/authmethod/authmethods_ce.go     |    2 +-
 agent/consul/authmethod/awsauth/aws.go        |    2 +-
 agent/consul/authmethod/awsauth/aws_test.go   |    2 +-
 agent/consul/authmethod/kubeauth/k8s.go       |    2 +-
 agent/consul/authmethod/kubeauth/k8s_ce.go    |    2 +-
 agent/consul/authmethod/kubeauth/k8s_test.go  |    2 +-
 agent/consul/authmethod/kubeauth/testing.go   |    2 +-
 agent/consul/authmethod/ssoauth/sso.go        |    2 +-
 agent/consul/authmethod/ssoauth/sso_ce.go     |    2 +-
 agent/consul/authmethod/ssoauth/sso_test.go   |    2 +-
 agent/consul/authmethod/testauth/testing.go   |    2 +-
 .../consul/authmethod/testauth/testing_ce.go  |    2 +-
 agent/consul/authmethod/testing.go            |    2 +-
 agent/consul/auto_config_backend.go           |    4 +-
 agent/consul/auto_config_backend_test.go      |    2 +-
 agent/consul/auto_config_endpoint.go          |    2 +-
 agent/consul/auto_config_endpoint_test.go     |    2 +-
 agent/consul/auto_encrypt_endpoint.go         |    2 +-
 agent/consul/auto_encrypt_endpoint_test.go    |    2 +-
 agent/consul/autopilot.go                     |    2 +-
 agent/consul/autopilot_ce.go                  |    2 +-
 agent/consul/autopilot_test.go                |    2 +-
 .../autopilotevents/ready_servers_events.go   |    2 +-
 .../ready_servers_events_test.go              |    2 +-
 agent/consul/catalog_endpoint.go              |    2 +-
 agent/consul/catalog_endpoint_test.go         |    2 +-
 agent/consul/client.go                        |   17 +-
 agent/consul/client_serf.go                   |    2 +-
 agent/consul/client_test.go                   |    5 +-
 agent/consul/cluster_test.go                  |    2 +-
 agent/consul/config.go                        |    2 +-
 agent/consul/config_ce.go                     |    2 +-
 agent/consul/config_cloud.go                  |    3 -
 agent/consul/config_endpoint.go               |    2 +-
 agent/consul/config_endpoint_test.go          |    2 +-
 agent/consul/config_replication.go            |    2 +-
 agent/consul/config_replication_test.go       |    2 +-
 agent/consul/config_test.go                   |    2 +-
 agent/consul/connect_ca_endpoint.go           |    2 +-
 agent/consul/connect_ca_endpoint_test.go      |    2 +-
 agent/consul/context.go                       |    2 +-
 agent/consul/context_test.go                  |    2 +-
 agent/consul/controller/controller.go         |    2 +-
 agent/consul/controller/controller_test.go    |    2 +-
 agent/consul/controller/doc.go                |    2 +-
 agent/consul/controller/queue/defer.go        |    2 +-
 agent/consul/controller/queue/queue.go        |    2 +-
 agent/consul/controller/queue/rate.go         |    2 +-
 agent/consul/controller/queue/rate_test.go    |    2 +-
 agent/consul/controller/queue_test.go         |    2 +-
 agent/consul/controller/reconciler.go         |    2 +-
 agent/consul/controller/reconciler_test.go    |    2 +-
 agent/consul/coordinate_endpoint.go           |    2 +-
 agent/consul/coordinate_endpoint_test.go      |    2 +-
 agent/consul/discovery_chain_endpoint.go      |    2 +-
 agent/consul/discovery_chain_endpoint_test.go |    2 +-
 agent/consul/discoverychain/compile.go        |    2 +-
 agent/consul/discoverychain/compile_ce.go     |    2 +-
 agent/consul/discoverychain/compile_test.go   |    2 +-
 agent/consul/discoverychain/gateway.go        |    2 +-
 .../discoverychain/gateway_httproute.go       |   25 +-
 .../consul/discoverychain/gateway_tcproute.go |    2 +-
 agent/consul/discoverychain/gateway_test.go   |    2 +-
 agent/consul/discoverychain/string_stack.go   |    2 +-
 .../discoverychain/string_stack_test.go       |    2 +-
 agent/consul/discoverychain/testing.go        |    2 +-
 agent/consul/enterprise_client_ce.go          |    2 +-
 agent/consul/enterprise_config_ce.go          |    2 +-
 agent/consul/enterprise_server_ce.go          |    2 +-
 agent/consul/enterprise_server_ce_test.go     |    2 +-
 agent/consul/federation_state_endpoint.go     |    2 +-
 .../consul/federation_state_endpoint_test.go  |    2 +-
 agent/consul/federation_state_replication.go  |    2 +-
 .../federation_state_replication_test.go      |    2 +-
 agent/consul/filter.go                        |    2 +-
 agent/consul/filter_test.go                   |    2 +-
 agent/consul/flood.go                         |    2 +-
 agent/consul/fsm/commands_ce.go               |    2 +-
 agent/consul/fsm/commands_ce_test.go          |    2 +-
 agent/consul/fsm/fsm.go                       |    2 +-
 agent/consul/fsm/fsm_test.go                  |    2 +-
 .../fsm/log_verification_chunking_shim.go     |    2 +-
 agent/consul/fsm/snapshot.go                  |    2 +-
 agent/consul/fsm/snapshot_ce.go               |    2 +-
 agent/consul/fsm/snapshot_ce_test.go          |    2 +-
 agent/consul/fsm/snapshot_test.go             |    2 +-
 agent/consul/gateway_locator.go               |    2 +-
 agent/consul/gateway_locator_test.go          |    2 +-
 agent/consul/gateways/controller_gateways.go  |    2 +-
 .../gateways/controller_gateways_test.go      |    2 +-
 agent/consul/grpc_integration_test.go         |    2 +-
 agent/consul/health_endpoint.go               |    2 +-
 agent/consul/health_endpoint_test.go          |    2 +-
 agent/consul/helper_test.go                   |    2 +-
 agent/consul/intention_endpoint.go            |    2 +-
 agent/consul/intention_endpoint_test.go       |    2 +-
 agent/consul/internal_endpoint.go             |    2 +-
 agent/consul/internal_endpoint_test.go        |    2 +-
 agent/consul/issue_test.go                    |    2 +-
 agent/consul/kvs_endpoint.go                  |    2 +-
 agent/consul/kvs_endpoint_test.go             |    2 +-
 agent/consul/leader.go                        |    2 +-
 agent/consul/leader_ce_test.go                |    2 +-
 agent/consul/leader_connect.go                |    2 +-
 agent/consul/leader_connect_ca.go             |    2 +-
 agent/consul/leader_connect_ca_test.go        |    4 +-
 agent/consul/leader_connect_test.go           |    2 +-
 agent/consul/leader_federation_state_ae.go    |    2 +-
 .../consul/leader_federation_state_ae_test.go |    2 +-
 agent/consul/leader_intentions.go             |    2 +-
 agent/consul/leader_intentions_ce.go          |    2 +-
 agent/consul/leader_intentions_ce_test.go     |    2 +-
 agent/consul/leader_intentions_test.go        |    2 +-
 agent/consul/leader_log_verification.go       |    2 +-
 agent/consul/leader_metrics.go                |    2 +-
 agent/consul/leader_metrics_test.go           |    2 +-
 agent/consul/leader_peering.go                |    2 +-
 agent/consul/leader_peering_test.go           |    2 +-
 agent/consul/leader_test.go                   |    4 +-
 agent/consul/logging.go                       |    2 +-
 agent/consul/logging_test.go                  |    2 +-
 agent/consul/merge.go                         |    2 +-
 agent/consul/merge_ce.go                      |    2 +-
 agent/consul/merge_ce_test.go                 |    2 +-
 agent/consul/merge_test.go                    |    2 +-
 agent/consul/multilimiter/multilimiter.go     |    2 +-
 .../consul/multilimiter/multilimiter_test.go  |    2 +-
 agent/consul/operator_autopilot_endpoint.go   |    2 +-
 .../operator_autopilot_endpoint_test.go       |    2 +-
 agent/consul/operator_backend.go              |    2 +-
 agent/consul/operator_backend_test.go         |    2 +-
 agent/consul/operator_endpoint.go             |    2 +-
 agent/consul/operator_raft_endpoint.go        |    2 +-
 agent/consul/operator_raft_endpoint_test.go   |    2 +-
 agent/consul/operator_usage_endpoint.go       |    2 +-
 agent/consul/options.go                       |    4 +-
 agent/consul/options_ce.go                    |    2 +-
 agent/consul/peering_backend.go               |    2 +-
 agent/consul/peering_backend_ce.go            |    2 +-
 agent/consul/peering_backend_ce_test.go       |    2 +-
 agent/consul/peering_backend_test.go          |    2 +-
 agent/consul/prepared_query/template.go       |    2 +-
 agent/consul/prepared_query/template_test.go  |    2 +-
 agent/consul/prepared_query/walk.go           |    2 +-
 agent/consul/prepared_query/walk_ce_test.go   |    2 +-
 agent/consul/prepared_query/walk_test.go      |    2 +-
 agent/consul/prepared_query_endpoint.go       |    2 +-
 agent/consul/prepared_query_endpoint_ce.go    |    2 +-
 .../consul/prepared_query_endpoint_ce_test.go |    2 +-
 agent/consul/prepared_query_endpoint_test.go  |    4 +-
 agent/consul/raft_handle.go                   |    2 +-
 agent/consul/raft_rpc.go                      |    2 +-
 agent/consul/rate/handler.go                  |    2 +-
 agent/consul/rate/handler_ce.go               |    2 +-
 agent/consul/rate/handler_test.go             |    2 +-
 agent/consul/rate/metrics.go                  |    2 +-
 agent/consul/replication.go                   |    2 +-
 agent/consul/replication_test.go              |    2 +-
 agent/consul/reporting/reporting.go           |    2 +-
 agent/consul/reporting/reporting_ce.go        |    2 +-
 agent/consul/rpc.go                           |    2 +-
 agent/consul/rpc_test.go                      |    2 +-
 agent/consul/rtt.go                           |    2 +-
 agent/consul/rtt_test.go                      |    2 +-
 agent/consul/segment_ce.go                    |    2 +-
 agent/consul/serf_filter.go                   |    2 +-
 agent/consul/serf_test.go                     |    2 +-
 agent/consul/server.go                        |  151 +-
 agent/consul/server_ce.go                     |    2 +-
 agent/consul/server_ce_test.go                |    2 +-
 agent/consul/server_connect.go                |    2 +-
 agent/consul/server_log_verification.go       |    2 +-
 agent/consul/server_lookup.go                 |    2 +-
 agent/consul/server_lookup_test.go            |    2 +-
 agent/consul/server_metadata.go               |    2 +-
 agent/consul/server_metadata_test.go          |    2 +-
 agent/consul/server_overview.go               |    2 +-
 agent/consul/server_overview_test.go          |    2 +-
 agent/consul/server_register.go               |    2 +-
 agent/consul/server_serf.go                   |    2 +-
 agent/consul/server_test.go                   |   12 +-
 agent/consul/servercert/manager.go            |    2 +-
 agent/consul/servercert/manager_test.go       |    2 +-
 agent/consul/session_endpoint.go              |    2 +-
 agent/consul/session_endpoint_test.go         |    2 +-
 agent/consul/session_timers.go                |    2 +-
 agent/consul/session_timers_test.go           |    2 +-
 agent/consul/session_ttl.go                   |    2 +-
 agent/consul/session_ttl_test.go              |    2 +-
 agent/consul/snapshot_endpoint.go             |    2 +-
 agent/consul/snapshot_endpoint_test.go        |    2 +-
 agent/consul/state/acl.go                     |   67 +-
 agent/consul/state/acl_ce.go                  |    6 +-
 agent/consul/state/acl_ce_test.go             |    2 +-
 agent/consul/state/acl_events.go              |    2 +-
 agent/consul/state/acl_events_test.go         |    2 +-
 agent/consul/state/acl_schema.go              |   27 +-
 agent/consul/state/acl_test.go                |  135 +-
 agent/consul/state/autopilot.go               |    2 +-
 agent/consul/state/autopilot_test.go          |    2 +-
 agent/consul/state/catalog.go                 |    6 +-
 agent/consul/state/catalog_ce.go              |    2 +-
 agent/consul/state/catalog_ce_test.go         |    2 +-
 agent/consul/state/catalog_events.go          |    4 +-
 agent/consul/state/catalog_events_ce.go       |    2 +-
 agent/consul/state/catalog_events_ce_test.go  |    2 +-
 agent/consul/state/catalog_events_test.go     |    2 +-
 agent/consul/state/catalog_schema.deepcopy.go |    3 -
 agent/consul/state/catalog_schema.go          |    2 +-
 agent/consul/state/catalog_test.go            |    2 +-
 agent/consul/state/config_entry.go            |    2 +-
 agent/consul/state/config_entry_ce.go         |    2 +-
 agent/consul/state/config_entry_ce_test.go    |    2 +-
 agent/consul/state/config_entry_events.go     |    2 +-
 .../consul/state/config_entry_events_test.go  |    2 +-
 .../state/config_entry_exported_services.go   |    2 +-
 .../config_entry_exported_services_ce.go      |    2 +-
 agent/consul/state/config_entry_intention.go  |    2 +-
 .../consul/state/config_entry_intention_ce.go |    2 +-
 .../state/config_entry_sameness_group.go      |    3 -
 .../state/config_entry_sameness_group_ce.go   |    2 +-
 .../config_entry_sameness_group_ce_test.go    |    2 +-
 agent/consul/state/config_entry_schema.go     |    2 +-
 agent/consul/state/config_entry_test.go       |    2 +-
 agent/consul/state/connect_ca.go              |    2 +-
 agent/consul/state/connect_ca_events.go       |    2 +-
 agent/consul/state/connect_ca_events_test.go  |    2 +-
 agent/consul/state/connect_ca_test.go         |    2 +-
 agent/consul/state/coordinate.go              |    2 +-
 agent/consul/state/coordinate_ce.go           |    2 +-
 agent/consul/state/coordinate_ce_test.go      |    2 +-
 agent/consul/state/coordinate_test.go         |    2 +-
 agent/consul/state/deep-copy.sh               |    3 -
 agent/consul/state/delay_ce.go                |    2 +-
 agent/consul/state/delay_test.go              |    2 +-
 agent/consul/state/events.go                  |    2 +-
 agent/consul/state/events_test.go             |    2 +-
 agent/consul/state/federation_state.go        |    2 +-
 agent/consul/state/graveyard.go               |    2 +-
 agent/consul/state/graveyard_ce.go            |    2 +-
 agent/consul/state/graveyard_test.go          |    2 +-
 agent/consul/state/index_connect_test.go      |    2 +-
 agent/consul/state/indexer.go                 |    2 +-
 agent/consul/state/intention.go               |    2 +-
 agent/consul/state/intention_ce.go            |    2 +-
 agent/consul/state/intention_test.go          |    2 +-
 agent/consul/state/kvs.go                     |    2 +-
 agent/consul/state/kvs_ce.go                  |    2 +-
 agent/consul/state/kvs_ce_test.go             |    2 +-
 agent/consul/state/kvs_test.go                |    2 +-
 agent/consul/state/memdb.go                   |    2 +-
 agent/consul/state/memdb_test.go              |    2 +-
 agent/consul/state/operations_ce.go           |    2 +-
 agent/consul/state/peering.go                 |    2 +-
 agent/consul/state/peering_ce.go              |    2 +-
 agent/consul/state/peering_ce_test.go         |    2 +-
 agent/consul/state/peering_test.go            |    2 +-
 agent/consul/state/prepared_query.go          |    2 +-
 agent/consul/state/prepared_query_index.go    |    2 +-
 .../consul/state/prepared_query_index_test.go |    2 +-
 agent/consul/state/prepared_query_test.go     |    2 +-
 agent/consul/state/query.go                   |    2 +-
 agent/consul/state/query_ce.go                |    2 +-
 agent/consul/state/schema.go                  |    2 +-
 agent/consul/state/schema_ce.go               |    2 +-
 agent/consul/state/schema_ce_test.go          |    2 +-
 agent/consul/state/schema_test.go             |    2 +-
 agent/consul/state/session.go                 |    2 +-
 agent/consul/state/session_ce.go              |    2 +-
 agent/consul/state/session_test.go            |    2 +-
 agent/consul/state/state_store.go             |    2 +-
 agent/consul/state/state_store_ce_test.go     |    2 +-
 agent/consul/state/state_store_test.go        |    2 +-
 agent/consul/state/store_integration_test.go  |    2 +-
 agent/consul/state/system_metadata.go         |    2 +-
 agent/consul/state/system_metadata_test.go    |    2 +-
 agent/consul/state/tombstone_gc.go            |    2 +-
 agent/consul/state/tombstone_gc_test.go       |    2 +-
 agent/consul/state/txn.go                     |    2 +-
 agent/consul/state/txn_test.go                |    2 +-
 agent/consul/state/usage.go                   |    2 +-
 agent/consul/state/usage_ce.go                |    2 +-
 agent/consul/state/usage_test.go              |    2 +-
 agent/consul/stats_fetcher.go                 |    2 +-
 agent/consul/stats_fetcher_test.go            |    2 +-
 agent/consul/status_endpoint.go               |    2 +-
 agent/consul/status_endpoint_test.go          |    2 +-
 agent/consul/stream/event.go                  |    2 +-
 agent/consul/stream/event_buffer.go           |    2 +-
 agent/consul/stream/event_buffer_test.go      |    2 +-
 agent/consul/stream/event_publisher.go        |    2 +-
 agent/consul/stream/event_publisher_test.go   |    2 +-
 agent/consul/stream/event_snapshot.go         |    2 +-
 agent/consul/stream/event_snapshot_test.go    |    2 +-
 agent/consul/stream/event_test.go             |    2 +-
 agent/consul/stream/noop.go                   |    2 +-
 agent/consul/stream/string_types.go           |    2 +-
 agent/consul/stream/subscription.go           |    2 +-
 agent/consul/stream/subscription_test.go      |    2 +-
 agent/consul/subscribe_backend.go             |    2 +-
 agent/consul/subscribe_backend_test.go        |    2 +-
 agent/consul/system_metadata.go               |    2 +-
 agent/consul/system_metadata_test.go          |    2 +-
 agent/consul/tenancy_bridge.go                |   15 -
 agent/consul/tenancy_bridge_ce.go             |   29 -
 agent/consul/txn_endpoint.go                  |    2 +-
 agent/consul/txn_endpoint_test.go             |    2 +-
 agent/consul/type_registry.go                 |   28 -
 agent/consul/usagemetrics/usagemetrics.go     |    2 +-
 agent/consul/usagemetrics/usagemetrics_ce.go  |    2 +-
 .../usagemetrics/usagemetrics_ce_test.go      |    2 +-
 .../consul/usagemetrics/usagemetrics_test.go  |    2 +-
 agent/consul/util.go                          |    2 +-
 agent/consul/util_test.go                     |    2 +-
 agent/consul/wanfed/pool.go                   |    2 +-
 agent/consul/wanfed/wanfed.go                 |    2 +-
 agent/consul/wanfed/wanfed_test.go            |    2 +-
 agent/consul/watch/server_local.go            |    2 +-
 agent/consul/watch/server_local_test.go       |    2 +-
 agent/consul/xdscapacity/capacity.go          |    2 +-
 agent/consul/xdscapacity/capacity_test.go     |    2 +-
 agent/coordinate_endpoint.go                  |    2 +-
 agent/coordinate_endpoint_test.go             |    2 +-
 agent/debug/host.go                           |    2 +-
 agent/debug/host_test.go                      |    2 +-
 agent/delegate_mock_test.go                   |    7 +-
 agent/denylist.go                             |    2 +-
 agent/denylist_test.go                        |    2 +-
 agent/discovery_chain_endpoint.go             |    2 +-
 agent/discovery_chain_endpoint_test.go        |    2 +-
 agent/dns.go                                  |    2 +-
 agent/dns/dns.go                              |    2 +-
 agent/dns/dns_test.go                         |    2 +-
 agent/dns/validation.go                       |    2 +-
 agent/dns/validation_test.go                  |    2 +-
 agent/dns_ce.go                               |    2 +-
 agent/dns_ce_test.go                          |    2 +-
 agent/dns_test.go                             |    2 +-
 agent/enterprise_delegate_ce.go               |    2 +-
 .../builtin/aws-lambda/aws_lambda.go          |    2 +-
 .../builtin/aws-lambda/aws_lambda_test.go     |    2 +-
 .../builtin/ext-authz/ext_authz.go            |   19 +-
 .../builtin/ext-authz/ext_authz_test.go       |    2 +-
 .../builtin/ext-authz/structs.go              |    2 +-
 agent/envoyextensions/builtin/lua/lua.go      |    2 +-
 agent/envoyextensions/builtin/lua/lua_test.go |    2 +-
 .../otel_access_logging.go                    |  274 --
 .../otel_access_logging_test.go               |  113 -
 .../builtin/otel-access-logging/structs.go    |  424 --
 .../property-override/property_override.go    |    3 -
 .../property_override_test.go                 |    3 -
 .../property-override/structpatcher.go        |    3 -
 .../property-override/structpatcher_test.go   |    3 -
 agent/envoyextensions/builtin/wasm/structs.go |    2 +-
 agent/envoyextensions/builtin/wasm/wasm.go    |    2 +-
 .../envoyextensions/builtin/wasm/wasm_test.go |    2 +-
 .../envoyextensions/registered_extensions.go  |   24 +-
 .../registered_extensions_ce.go               |    8 -
 .../registered_extensions_test.go             |    2 +-
 agent/event_endpoint.go                       |    2 +-
 agent/event_endpoint_test.go                  |    2 +-
 agent/exec/exec.go                            |    2 +-
 agent/exec/exec_unix.go                       |    2 +-
 agent/exec/exec_windows.go                    |    2 +-
 agent/federation_state_endpoint.go            |    2 +-
 agent/grpc-external/forward.go                |    2 +-
 agent/grpc-external/limiter/limiter.go        |    2 +-
 agent/grpc-external/limiter/limiter_test.go   |    2 +-
 agent/grpc-external/options.go                |    2 +-
 agent/grpc-external/options_test.go           |    2 +-
 agent/grpc-external/querymeta.go              |    3 -
 agent/grpc-external/querymeta_test.go         |    3 -
 agent/grpc-external/server.go                 |    2 +-
 agent/grpc-external/services/acl/login.go     |    2 +-
 .../grpc-external/services/acl/login_test.go  |    2 +-
 agent/grpc-external/services/acl/logout.go    |    2 +-
 .../grpc-external/services/acl/logout_test.go |    2 +-
 agent/grpc-external/services/acl/server.go    |    2 +-
 .../grpc-external/services/acl/server_test.go |    2 +-
 .../services/connectca/server.go              |    2 +-
 .../services/connectca/server_test.go         |    2 +-
 .../grpc-external/services/connectca/sign.go  |    2 +-
 .../services/connectca/sign_test.go           |    2 +-
 .../services/connectca/watch_roots.go         |    2 +-
 .../services/connectca/watch_roots_test.go    |    2 +-
 .../dataplane/get_envoy_bootstrap_params.go   |    2 +-
 .../get_envoy_bootstrap_params_test.go        |    2 +-
 .../dataplane/get_supported_features.go       |    2 +-
 .../dataplane/get_supported_features_test.go  |    2 +-
 .../services/dataplane/server.go              |    2 +-
 .../services/dataplane/server_test.go         |    2 +-
 agent/grpc-external/services/dns/server.go    |    2 +-
 .../grpc-external/services/dns/server_test.go |    2 +-
 .../services/peerstream/health_snapshot.go    |    2 +-
 .../peerstream/health_snapshot_test.go        |    2 +-
 .../services/peerstream/replication.go        |    2 +-
 .../services/peerstream/server.go             |    2 +-
 .../services/peerstream/server_test.go        |    2 +-
 .../services/peerstream/stream_resources.go   |    2 +-
 .../services/peerstream/stream_test.go        |    2 +-
 .../services/peerstream/stream_tracker.go     |    2 +-
 .../peerstream/stream_tracker_test.go         |    2 +-
 .../peerstream/subscription_blocking.go       |    2 +-
 .../peerstream/subscription_manager.go        |    2 +-
 .../peerstream/subscription_manager_test.go   |    2 +-
 .../services/peerstream/subscription_state.go |    2 +-
 .../peerstream/subscription_state_test.go     |    2 +-
 .../services/peerstream/subscription_view.go  |    2 +-
 .../peerstream/subscription_view_test.go      |    2 +-
 .../services/peerstream/testing.go            |    2 +-
 .../grpc-external/services/resource/delete.go |   75 +-
 .../services/resource/delete_test.go          |  113 +-
 agent/grpc-external/services/resource/list.go |   67 +-
 .../services/resource/list_by_owner.go        |   84 +-
 .../services/resource/list_by_owner_test.go   |  157 +-
 .../services/resource/list_test.go            |   53 +-
 .../services/resource/mock_TenancyBridge.go   |  121 -
 agent/grpc-external/services/resource/read.go |   63 +-
 .../services/resource/read_test.go            |  144 +-
 .../grpc-external/services/resource/server.go |   79 +-
 .../services/resource/server_ce.go            |   27 -
 .../services/resource/server_ce_test.go       |   17 -
 .../services/resource/server_test.go          |  169 +-
 .../services/resource/testing/testing.go      |   53 +-
 .../grpc-external/services/resource/watch.go  |   63 +-
 .../services/resource/watch_test.go           |   64 +-
 .../grpc-external/services/resource/write.go  |   57 +-
 .../services/resource/write_status.go         |   74 +-
 .../services/resource/write_status_test.go    |  314 +-
 .../services/resource/write_test.go           |  289 +-
 .../services/serverdiscovery/server.go        |    2 +-
 .../services/serverdiscovery/server_test.go   |    2 +-
 .../services/serverdiscovery/watch_servers.go |    2 +-
 .../serverdiscovery/watch_servers_test.go     |    2 +-
 agent/grpc-external/stats_test.go             |    2 +-
 agent/grpc-external/testutils/acl.go          |    2 +-
 agent/grpc-external/testutils/fsm.go          |    2 +-
 agent/grpc-external/testutils/server.go       |    2 +-
 agent/grpc-external/utils.go                  |    2 +-
 agent/grpc-internal/balancer/balancer.go      |    2 +-
 agent/grpc-internal/balancer/balancer_test.go |    2 +-
 agent/grpc-internal/balancer/registry.go      |    2 +-
 agent/grpc-internal/client.go                 |    2 +-
 agent/grpc-internal/client_test.go            |    2 +-
 agent/grpc-internal/handler.go                |    2 +-
 agent/grpc-internal/handler_test.go           |    2 +-
 agent/grpc-internal/listener.go               |    2 +-
 agent/grpc-internal/pipe.go                   |    2 +-
 agent/grpc-internal/pipe_test.go              |    2 +-
 agent/grpc-internal/resolver/registry.go      |    2 +-
 agent/grpc-internal/resolver/resolver.go      |    2 +-
 agent/grpc-internal/resolver/resolver_test.go |    3 -
 agent/grpc-internal/server_test.go            |    2 +-
 .../services/subscribe/logger.go              |    2 +-
 .../services/subscribe/subscribe.go           |    2 +-
 .../services/subscribe/subscribe_test.go      |    2 +-
 agent/grpc-internal/stats_test.go             |    2 +-
 agent/grpc-internal/tracker.go                |    2 +-
 agent/grpc-middleware/auth_interceptor.go     |    2 +-
 .../grpc-middleware/auth_interceptor_test.go  |    2 +-
 agent/grpc-middleware/handshake.go            |    2 +-
 agent/grpc-middleware/handshake_test.go       |    2 +-
 agent/grpc-middleware/rate.go                 |    2 +-
 agent/grpc-middleware/rate_test.go            |    2 +-
 agent/grpc-middleware/recovery.go             |    2 +-
 agent/grpc-middleware/stats.go                |    2 +-
 agent/grpc-middleware/testutil/fake_sink.go   |    2 +-
 .../testutil/testservice/buf.gen.yaml         |    2 +-
 .../testutil/testservice/fake_service.go      |    2 +-
 .../testutil/testservice/simple.pb.go         |    2 +-
 .../testutil/testservice/simple.proto         |    2 +-
 agent/hcp/bootstrap/bootstrap.go              |    2 +-
 agent/hcp/bootstrap/bootstrap_test.go         |    3 -
 agent/hcp/bootstrap/testing.go                |    2 +-
 agent/hcp/client/client.go                    |    2 +-
 agent/hcp/client/client_test.go               |    3 -
 agent/hcp/client/metrics_client.go            |    3 -
 agent/hcp/client/metrics_client_test.go       |    3 -
 agent/hcp/client/mock_CloudConfig.go          |    3 -
 agent/hcp/client/telemetry_config.go          |   22 +-
 agent/hcp/client/telemetry_config_test.go     |   50 +-
 agent/hcp/config/config.go                    |    2 +-
 agent/hcp/deps.go                             |   41 +-
 agent/hcp/deps_test.go                        |   87 +-
 agent/hcp/discover/discover.go                |    2 +-
 agent/hcp/manager.go                          |    2 +-
 agent/hcp/manager_test.go                     |    2 +-
 agent/hcp/scada/capabilities.go               |    2 +-
 agent/hcp/scada/scada.go                      |    2 +-
 agent/hcp/telemetry/custom_metrics.go         |    3 -
 agent/hcp/telemetry/doc.go                    |    3 -
 agent/hcp/telemetry/gauge_store.go            |    3 -
 agent/hcp/telemetry/gauge_store_test.go       |    3 -
 agent/hcp/telemetry/otel_exporter.go          |    9 -
 agent/hcp/telemetry/otel_exporter_test.go     |   20 +-
 agent/hcp/telemetry/otel_sink.go              |   25 +-
 agent/hcp/telemetry/otel_sink_test.go         |   35 +-
 agent/hcp/telemetry/otlp_transform.go         |   13 +-
 agent/hcp/telemetry/otlp_transform_test.go    |    9 +-
 agent/hcp/telemetry_provider.go               |  115 +-
 agent/hcp/telemetry_provider_test.go          |  211 +-
 agent/hcp/testing.go                          |    2 +-
 agent/hcp/testserver/main.go                  |    2 +-
 agent/health_endpoint.go                      |    2 +-
 agent/health_endpoint_test.go                 |    2 +-
 agent/http.go                                 |   18 +-
 agent/http_ce.go                              |    2 +-
 agent/http_ce_test.go                         |    2 +-
 agent/http_decode_test.go                     |    2 +-
 agent/http_register.go                        |    2 +-
 agent/http_test.go                            |    2 +-
 agent/intentions_endpoint.go                  |    2 +-
 agent/intentions_endpoint_ce_test.go          |    2 +-
 agent/intentions_endpoint_test.go             |    2 +-
 agent/keyring.go                              |    2 +-
 agent/keyring_test.go                         |    2 +-
 agent/kvs_endpoint.go                         |    2 +-
 agent/kvs_endpoint_test.go                    |    2 +-
 agent/leafcert/cached_roots.go                |    3 -
 agent/leafcert/cert.go                        |    3 -
 agent/leafcert/generate.go                    |    3 -
 agent/leafcert/leafcert.go                    |    3 -
 agent/leafcert/leafcert_test.go               |    3 -
 agent/leafcert/roots.go                       |    3 -
 agent/leafcert/signer_netrpc.go               |    3 -
 agent/leafcert/signer_test.go                 |    3 -
 agent/leafcert/structs.go                     |    3 -
 agent/leafcert/structs_test.go                |    3 -
 agent/leafcert/util.go                        |    3 -
 agent/leafcert/util_test.go                   |    3 -
 agent/leafcert/watch.go                       |    3 -
 agent/local/state.go                          |    2 +-
 agent/local/state_internal_test.go            |    2 +-
 agent/local/state_test.go                     |    2 +-
 agent/local/testing.go                        |    2 +-
 agent/log-drop/log-drop.go                    |    2 +-
 agent/log-drop/log-drop_test.go               |    2 +-
 agent/metadata/build.go                       |    2 +-
 agent/metadata/build_test.go                  |    2 +-
 agent/metadata/server.go                      |    2 +-
 agent/metadata/server_internal_test.go        |    2 +-
 agent/metadata/server_test.go                 |    2 +-
 agent/metrics.go                              |    2 +-
 agent/metrics/testing.go                      |    2 +-
 agent/metrics_test.go                         |    2 +-
 agent/mock/notify.go                          |    2 +-
 agent/nodeid.go                               |    2 +-
 agent/nodeid_test.go                          |    2 +-
 agent/notify.go                               |    2 +-
 agent/notify_test.go                          |    2 +-
 agent/operator_endpoint.go                    |    2 +-
 agent/operator_endpoint_ce.go                 |    2 +-
 agent/operator_endpoint_ce_test.go            |    2 +-
 agent/operator_endpoint_test.go               |    2 +-
 agent/peering_endpoint.go                     |    2 +-
 agent/peering_endpoint_ce_test.go             |    2 +-
 agent/peering_endpoint_test.go                |    2 +-
 agent/pool/conn.go                            |    2 +-
 agent/pool/peek.go                            |    2 +-
 agent/pool/peek_test.go                       |    2 +-
 agent/pool/pool.go                            |    2 +-
 agent/prepared_query_endpoint.go              |    2 +-
 agent/prepared_query_endpoint_test.go         |    2 +-
 agent/proxycfg-glue/config_entry.go           |    2 +-
 agent/proxycfg-glue/discovery_chain.go        |    2 +-
 agent/proxycfg-glue/discovery_chain_test.go   |    2 +-
 .../proxycfg-glue/exported_peered_services.go |    2 +-
 .../exported_peered_services_test.go          |    2 +-
 .../federation_state_list_mesh_gateways.go    |    2 +-
 ...ederation_state_list_mesh_gateways_test.go |    2 +-
 agent/proxycfg-glue/gateway_services.go       |    2 +-
 agent/proxycfg-glue/gateway_services_test.go  |    2 +-
 agent/proxycfg-glue/glue.go                   |    5 +-
 agent/proxycfg-glue/health.go                 |    2 +-
 agent/proxycfg-glue/health_blocking.go        |   31 +-
 agent/proxycfg-glue/health_blocking_test.go   |    8 +-
 agent/proxycfg-glue/health_test.go            |    2 +-
 agent/proxycfg-glue/helpers_test.go           |    2 +-
 agent/proxycfg-glue/intention_upstreams.go    |    2 +-
 .../proxycfg-glue/intention_upstreams_test.go |    2 +-
 agent/proxycfg-glue/intentions.go             |    2 +-
 agent/proxycfg-glue/intentions_ce.go          |    2 +-
 agent/proxycfg-glue/intentions_test.go        |    2 +-
 agent/proxycfg-glue/internal_service_dump.go  |    2 +-
 .../internal_service_dump_test.go             |    2 +-
 agent/proxycfg-glue/leafcerts.go              |    2 +-
 agent/proxycfg-glue/peered_upstreams.go       |    2 +-
 agent/proxycfg-glue/peered_upstreams_test.go  |    2 +-
 agent/proxycfg-glue/peering_list.go           |    2 +-
 agent/proxycfg-glue/peering_list_test.go      |    2 +-
 .../proxycfg-glue/resolved_service_config.go  |    2 +-
 .../resolved_service_config_test.go           |    2 +-
 agent/proxycfg-glue/service_http_checks.go    |    2 +-
 .../proxycfg-glue/service_http_checks_test.go |    2 +-
 agent/proxycfg-glue/service_list.go           |    2 +-
 agent/proxycfg-glue/service_list_test.go      |    2 +-
 agent/proxycfg-glue/trust_bundle.go           |    2 +-
 agent/proxycfg-glue/trust_bundle_test.go      |    2 +-
 .../proxycfg-sources/catalog/config_source.go |   15 +-
 .../catalog/config_source_oss.go              |   13 -
 .../catalog/config_source_test.go             |   45 +-
 .../catalog/mock_ConfigManager.go             |   30 +-
 .../catalog/mock_SessionLimiter.go            |   21 +-
 .../proxycfg-sources/catalog/mock_Watcher.go  |   40 +-
 agent/proxycfg-sources/local/config_source.go |    9 +-
 agent/proxycfg-sources/local/local.go         |    2 +-
 .../local/mock_ConfigManager.go               |   30 +-
 agent/proxycfg-sources/local/sync.go          |    5 +-
 agent/proxycfg-sources/local/sync_test.go     |    2 +-
 agent/proxycfg/api_gateway.go                 |    2 +-
 agent/proxycfg/api_gateway_ce.go              |   17 -
 agent/proxycfg/config_snapshot_glue.go        |   66 -
 agent/proxycfg/config_snapshot_glue_test.go   |  312 --
 agent/proxycfg/connect_proxy.go               |    2 +-
 agent/proxycfg/data_sources.go                |    2 +-
 agent/proxycfg/data_sources_ce.go             |    2 +-
 agent/proxycfg/deep-copy.sh                   |    2 +-
 agent/proxycfg/ingress_gateway.go             |    2 +-
 agent/proxycfg/internal/watch/watchmap.go     |    2 +-
 .../proxycfg/internal/watch/watchmap_test.go  |    2 +-
 agent/proxycfg/manager.go                     |   19 +-
 agent/proxycfg/manager_test.go                |   11 +-
 agent/proxycfg/mesh_gateway.go                |    3 +-
 agent/proxycfg/mesh_gateway_ce.go             |    2 +-
 agent/proxycfg/naming.go                      |    2 +-
 agent/proxycfg/naming_ce.go                   |    2 +-
 agent/proxycfg/naming_test.go                 |    2 +-
 agent/proxycfg/proxycfg.deepcopy.go           |    4 -
 agent/proxycfg/proxycfg.go                    |    4 +-
 agent/proxycfg/snapshot.go                    |    3 +-
 agent/proxycfg/snapshot_test.go               |    2 +-
 agent/proxycfg/state.go                       |    5 +-
 agent/proxycfg/state_ce_test.go               |    2 +-
 agent/proxycfg/state_test.go                  |    2 +-
 agent/proxycfg/terminating_gateway.go         |    2 +-
 agent/proxycfg/testing.go                     |   62 +-
 agent/proxycfg/testing_api_gateway.go         |    5 +-
 agent/proxycfg/testing_ce.go                  |    2 +-
 agent/proxycfg/testing_connect_proxy.go       |   42 +-
 agent/proxycfg/testing_ingress_gateway.go     |  213 +-
 agent/proxycfg/testing_mesh_gateway.go        |  170 +-
 agent/proxycfg/testing_peering.go             |  135 +-
 agent/proxycfg/testing_terminating_gateway.go |    5 +-
 agent/proxycfg/testing_tproxy.go              |    2 +-
 agent/proxycfg/testing_upstreams.go           |  122 +-
 agent/proxycfg/testing_upstreams_ce.go        |    2 +-
 agent/proxycfg/upstreams.go                   |    6 +-
 agent/proxycfg_test.go                        |   14 +-
 agent/reload.go                               |    2 +-
 agent/remote_exec.go                          |    2 +-
 agent/remote_exec_test.go                     |    2 +-
 agent/retry_join.go                           |    2 +-
 agent/retry_join_test.go                      |    2 +-
 agent/router/grpc.go                          |    2 +-
 agent/router/manager.go                       |    2 +-
 agent/router/manager_internal_test.go         |    2 +-
 agent/router/manager_test.go                  |    2 +-
 agent/router/router.go                        |    2 +-
 agent/router/router_test.go                   |    2 +-
 agent/router/serf_adapter.go                  |    2 +-
 agent/router/serf_flooder.go                  |    2 +-
 agent/routine-leak-checker/leak_test.go       |    2 +-
 agent/rpc/middleware/interceptors.go          |    2 +-
 agent/rpc/middleware/interceptors_test.go     |    2 +-
 agent/rpc/middleware/rate_limit_mappings.go   |    2 +-
 agent/rpc/middleware/recovery.go              |    2 +-
 agent/rpc/operator/service.go                 |    2 +-
 agent/rpc/operator/service_test.go            |    2 +-
 agent/rpc/peering/service.go                  |    2 +-
 agent/rpc/peering/service_ce_test.go          |    2 +-
 agent/rpc/peering/service_test.go             |    7 +-
 agent/rpc/peering/testing.go                  |    2 +-
 agent/rpc/peering/testutil_ce_test.go         |    2 +-
 agent/rpc/peering/validate.go                 |    2 +-
 agent/rpc/peering/validate_test.go            |    2 +-
 agent/rpcclient/common.go                     |    2 +-
 agent/rpcclient/configentry/configentry.go    |    2 +-
 .../rpcclient/configentry/configentry_test.go |    2 +-
 agent/rpcclient/configentry/view.go           |    2 +-
 agent/rpcclient/configentry/view_test.go      |    2 +-
 agent/rpcclient/health/health.go              |    2 +-
 agent/rpcclient/health/health_test.go         |    2 +-
 agent/rpcclient/health/streaming_test.go      |    2 +-
 agent/rpcclient/health/view.go                |    2 +-
 agent/rpcclient/health/view_test.go           |    2 +-
 agent/service_checks_test.go                  |    2 +-
 agent/service_manager.go                      |    2 +-
 agent/service_manager_test.go                 |    2 +-
 agent/session_endpoint.go                     |    2 +-
 agent/session_endpoint_test.go                |    2 +-
 agent/setup.go                                |    4 +-
 agent/setup_ce.go                             |    2 +-
 agent/sidecar_service.go                      |    2 +-
 agent/sidecar_service_test.go                 |    2 +-
 agent/signal_unix.go                          |    2 +-
 agent/signal_windows.go                       |    2 +-
 agent/snapshot_endpoint.go                    |    2 +-
 agent/snapshot_endpoint_test.go               |    2 +-
 agent/status_endpoint.go                      |    2 +-
 agent/status_endpoint_test.go                 |    2 +-
 agent/streaming_test.go                       |    2 +-
 agent/structs/acl.go                          |    5 +-
 agent/structs/acl_cache.go                    |    2 +-
 agent/structs/acl_cache_test.go               |    2 +-
 agent/structs/acl_ce.go                       |    2 +-
 agent/structs/acl_test.go                     |    2 +-
 agent/structs/aclfilter/filter.go             |    2 +-
 agent/structs/aclfilter/filter_test.go        |    2 +-
 agent/structs/auto_encrypt.go                 |    2 +-
 agent/structs/autopilot.go                    |    2 +-
 agent/structs/autopilot_ce.go                 |    2 +-
 agent/structs/catalog.go                      |    2 +-
 agent/structs/catalog_ce.go                   |    2 +-
 agent/structs/check_definition.go             |    8 +-
 agent/structs/check_definition_test.go        |    2 +-
 agent/structs/check_type.go                   |    7 +-
 agent/structs/config_entry.go                 |   56 +-
 agent/structs/config_entry_apigw_jwt_ce.go    |   13 -
 agent/structs/config_entry_ce.go              |   13 +-
 agent/structs/config_entry_ce_test.go         |    2 +-
 agent/structs/config_entry_discoverychain.go  |    2 +-
 .../structs/config_entry_discoverychain_ce.go |    2 +-
 .../config_entry_discoverychain_ce_test.go    |    2 +-
 .../config_entry_discoverychain_test.go       |    2 +-
 agent/structs/config_entry_exports.go         |    2 +-
 agent/structs/config_entry_exports_ce.go      |    2 +-
 agent/structs/config_entry_exports_ce_test.go |    2 +-
 agent/structs/config_entry_exports_test.go    |    2 +-
 agent/structs/config_entry_gateways.go        |   13 +-
 agent/structs/config_entry_gateways_test.go   |    2 +-
 .../config_entry_inline_certificate.go        |    3 +-
 .../config_entry_inline_certificate_test.go   |    2 +-
 agent/structs/config_entry_intentions.go      |    2 +-
 agent/structs/config_entry_intentions_ce.go   |    2 +-
 .../config_entry_intentions_ce_test.go        |    2 +-
 agent/structs/config_entry_intentions_test.go |    2 +-
 agent/structs/config_entry_jwt_provider.go    |    2 +-
 agent/structs/config_entry_jwt_provider_ce.go |    2 +-
 .../structs/config_entry_jwt_provider_test.go |    2 +-
 agent/structs/config_entry_mesh.go            |    2 +-
 agent/structs/config_entry_mesh_ce.go         |    2 +-
 agent/structs/config_entry_mesh_test.go       |    2 +-
 agent/structs/config_entry_routes.go          |   22 +-
 agent/structs/config_entry_routes_test.go     |    2 +-
 agent/structs/config_entry_sameness_group.go  |    2 +-
 .../structs/config_entry_sameness_group_ce.go |    2 +-
 agent/structs/config_entry_status.go          |    2 +-
 agent/structs/config_entry_test.go            |    2 +-
 agent/structs/connect.go                      |    2 +-
 agent/structs/connect_ca.go                   |    2 +-
 agent/structs/connect_ca_test.go              |    2 +-
 agent/structs/connect_ce.go                   |    2 +-
 agent/structs/connect_proxy_config.go         |    2 +-
 agent/structs/connect_proxy_config_ce.go      |    2 +-
 agent/structs/connect_proxy_config_test.go    |    2 +-
 agent/structs/deep-copy.sh                    |    2 +-
 agent/structs/discovery_chain.go              |    2 +-
 agent/structs/discovery_chain_ce.go           |    2 +-
 agent/structs/envoy_extension.go              |    2 +-
 agent/structs/errors.go                       |    2 +-
 agent/structs/federation_state.go             |    2 +-
 agent/structs/identity.go                     |    2 +-
 agent/structs/intention.go                    |    2 +-
 agent/structs/intention_ce.go                 |    2 +-
 agent/structs/intention_test.go               |    2 +-
 agent/structs/operator.go                     |    2 +-
 agent/structs/peering.go                      |    2 +-
 agent/structs/prepared_query.go               |    4 +-
 agent/structs/prepared_query_test.go          |    2 +-
 agent/structs/protobuf_compat.go              |    2 +-
 agent/structs/service_definition.go           |    2 +-
 agent/structs/service_definition_test.go      |    2 +-
 agent/structs/snapshot.go                     |    2 +-
 agent/structs/structs.deepcopy.go             |   80 -
 agent/structs/structs.deepcopy_ce.go          |   17 -
 agent/structs/structs.go                      |   32 +-
 agent/structs/structs_ce.go                   |    2 +-
 agent/structs/structs_ce_test.go              |    2 +-
 agent/structs/structs_ext_test.go             |    2 +-
 agent/structs/structs_filtering_test.go       |    2 +-
 agent/structs/structs_test.go                 |   48 +-
 agent/structs/system_metadata.go              |    2 +-
 agent/structs/testing.go                      |    2 +-
 agent/structs/testing_catalog.go              |   11 +-
 agent/structs/testing_connect_proxy_config.go |    2 +-
 agent/structs/testing_intention.go            |    2 +-
 agent/structs/testing_service_definition.go   |    2 +-
 agent/structs/txn.go                          |    2 +-
 agent/submatview/handler.go                   |    2 +-
 agent/submatview/local_materializer.go        |    2 +-
 agent/submatview/local_materializer_test.go   |    2 +-
 agent/submatview/materializer.go              |    2 +-
 agent/submatview/rpc_materializer.go          |    2 +-
 agent/submatview/store.go                     |    2 +-
 agent/submatview/store_integration_test.go    |    2 +-
 agent/submatview/store_test.go                |    2 +-
 agent/submatview/streaming_test.go            |    2 +-
 agent/systemd/notify.go                       |    2 +-
 agent/testagent.go                            |    2 +-
 agent/testagent_test.go                       |    2 +-
 agent/token/persistence.go                    |    2 +-
 agent/token/persistence_test.go               |    2 +-
 agent/token/store.go                          |    2 +-
 agent/token/store_ce.go                       |    2 +-
 agent/token/store_test.go                     |    2 +-
 agent/translate_addr.go                       |    2 +-
 agent/txn_endpoint.go                         |    3 +-
 agent/txn_endpoint_test.go                    |    2 +-
 agent/ui_endpoint.go                          |    3 +-
 agent/ui_endpoint_ce_test.go                  |    2 +-
 agent/ui_endpoint_test.go                     |    2 +-
 agent/uiserver/buf_index_fs.go                |    2 +-
 agent/uiserver/buffered_file.go               |    2 +-
 agent/uiserver/redirect_fs.go                 |    2 +-
 agent/uiserver/ui_template_data.go            |    2 +-
 agent/uiserver/uiserver.go                    |    2 +-
 agent/uiserver/uiserver_test.go               |    2 +-
 agent/user_event.go                           |    2 +-
 agent/user_event_test.go                      |    2 +-
 agent/util.go                                 |    2 +-
 agent/util_test.go                            |    2 +-
 agent/watch_handler.go                        |    2 +-
 agent/watch_handler_test.go                   |    2 +-
 agent/xds/accesslogs/accesslogs.go            |    2 +-
 agent/xds/clusters.go                         |   99 +-
 agent/xds/clusters_test.go                    |  337 +-
 agent/xds/{config => }/config.go              |    8 +-
 agent/xds/{config => }/config_test.go         |    4 +-
 agent/xds/configfetcher/config_fetcher.go     |   10 -
 agent/xds/delta.go                            |  230 +-
 agent/xds/delta_envoy_extender_ce_test.go     |    8 +-
 agent/xds/delta_envoy_extender_test.go        |    2 +-
 agent/xds/delta_test.go                       |   25 +-
 agent/xds/endpoints.go                        |  107 +-
 agent/xds/endpoints_test.go                   |  173 +-
 agent/xds/extensionruntime/runtime_config.go  |    2 +-
 .../runtime_config_ce_test.go                 |    2 +-
 agent/xds/failover_policy.go                  |    8 +-
 agent/xds/failover_policy_ce.go               |    2 +-
 agent/xds/golden_test.go                      |    2 +-
 agent/xds/gw_per_route_filters_ce.go          |   24 -
 agent/xds/jwt_authn.go                        |    2 +-
 agent/xds/jwt_authn_ce.go                     |   25 -
 agent/xds/jwt_authn_test.go                   |    2 +-
 agent/xds/listeners.go                        |   44 +-
 agent/xds/listeners_apigateway.go             |   34 +-
 agent/xds/listeners_ingress.go                |    5 +-
 agent/xds/listeners_test.go                   |  166 +-
 agent/xds/locality_policy.go                  |   23 -
 agent/xds/locality_policy_ce.go               |   16 -
 agent/xds/naming.go                           |   19 +
 agent/xds/naming/naming.go                    |   29 -
 agent/xds/{platform => }/net_fallback.go      |    6 +-
 agent/xds/{platform => }/net_linux.go         |    6 +-
 agent/xds/protocol_trace.go                   |   17 +-
 agent/xds/proxystateconverter/clusters.go     | 1251 ------
 agent/xds/proxystateconverter/converter.go    |  136 -
 agent/xds/proxystateconverter/endpoints.go    |  671 ----
 .../proxystateconverter/failover_policy.go    |  158 -
 .../proxystateconverter/failover_policy_ce.go |   15 -
 agent/xds/proxystateconverter/listeners.go    | 1693 --------
 .../proxystateconverter/locality_policy.go    |   21 -
 .../proxystateconverter/locality_policy_ce.go |   15 -
 agent/xds/proxystateconverter/routes.go       |  777 ----
 agent/xds/rbac.go                             |   33 +-
 agent/xds/rbac_test.go                        |    2 +-
 agent/xds/resources.go                        |    7 +-
 agent/xds/resources_ce_test.go                |    6 +-
 agent/xds/resources_test.go                   |  248 +-
 agent/xds/{response => }/response.go          |   16 +-
 agent/xds/routes.go                           |   84 +-
 agent/xds/routes_test.go                      |  122 +-
 agent/xds/secrets.go                          |    2 +-
 agent/xds/server.go                           |   65 +-
 agent/xds/server_ce.go                        |    2 +-
 agent/xds/testcommon/testcommon.go            |    2 +-
 ...oute-and-inline-certificate.latest.golden} |    0
 ...-route-timeoutfilter-one-set.latest.golden |   55 -
 ...multiple-inline-certificates.latest.golden |   55 -
 ...oxy-with-chain-and-overrides.latest.golden |   40 +-
 ...nnect-proxy-with-chain-http2.latest.golden |  135 -
 ...d-upstreams-escape-overrides.latest.golden |  135 -
 ...-with-peered-upstreams-http2.latest.golden |  163 -
 ...thcheck-zero-consecutive_5xx.latest.golden |  133 -
 ...upstream-with-prepared-query.latest.golden |  136 -
 ...nnect-proxy-with-chain-http2.latest.golden |  135 -
 .../clusters/expose-checks.latest.golden      |   57 -
 ...efaults-passive-health-check.latest.golden |   13 +-
 ...efaults-passive-health-check.latest.golden |   86 +-
 ...service-passive-health-check.latest.golden |   83 +-
 ...ing-federation-control-plane.latest.golden |  205 -
 ...ed-services-http-with-router.latest.golden |  117 +-
 ...ith-imported-peered-services.latest.golden |   68 +-
 ...oute-and-inline-certificate.latest.golden} |    0
 ...-route-timeoutfilter-one-set.latest.golden |   41 -
 ...multiple-inline-certificates.latest.golden |    5 -
 ...d-upstreams-escape-overrides.latest.golden |   29 -
 ...-with-peered-upstreams-http2.latest.golden |   29 -
 ...ing-federation-control-plane.latest.golden |  249 --
 ...ed-services-http-with-router.latest.golden |  100 -
 ...route-and-inline-certificate.latest.golden |   54 +
 ...-route-timeoutfilter-one-set.latest.golden |   85 -
 .../api-gateway-with-http-route.latest.golden |   85 -
 ...multiple-inline-certificates.latest.golden |  102 -
 ...oxy-with-chain-and-overrides.latest.golden |    2 +-
 ...d-upstreams-escape-overrides.latest.golden |  114 -
 ...-with-peered-upstreams-http2.latest.golden |  189 -
 ...h-tproxy-and-permissive-mtls.latest.golden |    6 +-
 ...upstream-with-prepared-query.latest.golden |  114 -
 .../expose-checks-grpc.latest.golden          |  143 -
 ...ecks-http-with-bind-override.latest.golden |  142 -
 ...est.golden => expose-checks.latest.golden} |    0
 ...ixed-cipher-suites-listeners.latest.golden |  166 -
 ...-mixed-max-version-listeners.latest.golden |  238 --
 ...ing-federation-control-plane.latest.golden |  181 -
 ...ateway-custom-trace-listener.latest.golden |  246 --
 ...oute-and-inline-certificate.latest.golden} |    3 +-
 .../api-gateway-with-http-route.latest.golden |   59 -
 ...multiple-inline-certificates.latest.golden |    5 -
 ...connect-proxy-lb-in-resolver.latest.golden |    5 -
 ...nnect-proxy-resolver-with-lb.latest.golden |   30 -
 ...t-proxy-route-to-lb-resolver.latest.golden |   38 -
 ...ct-proxy-splitter-overweight.latest.golden |   99 -
 ...d-upstreams-escape-overrides.latest.golden |    5 -
 ...-with-peered-upstreams-http2.latest.golden |    5 -
 .../ingress-lb-in-resolver.latest.golden      |    5 -
 ...erminating-gateway-lb-config.latest.golden |  137 +-
 ...-route-timeoutfilter-one-set.latest.golden |    5 -
 .../api-gateway-with-http-route.latest.golden |    5 -
 ...multiple-inline-certificates.latest.golden |    5 -
 ...d-upstreams-escape-overrides.latest.golden |    5 -
 ...-with-peered-upstreams-http2.latest.golden |    5 -
 ...-upstreams-listener-override.latest.golden |    5 -
 agent/xds/testing.go                          |    2 +-
 .../validateupstream_test.go                  |    2 +-
 agent/xds/xds.go                              |    2 +-
 agent/xds/xds_protocol_helpers_test.go        |   51 +-
 agent/xds/z_xds_packages_test.go              |    2 +-
 agent/xdsv2/cluster_resources.go              |  348 --
 agent/xdsv2/endpoint_resources.go             |   61 -
 agent/xdsv2/listener_resources.go             |  984 -----
 agent/xdsv2/resources.go                      |   75 -
 agent/xdsv2/route_resources.go                |  525 ---
 api/LICENSE                                   |  365 --
 api/acl.go                                    |   45 +
 api/acl_test.go                               |   83 +
 api/agent.go                                  |    1 +
 api/agent_test.go                             |   15 -
 api/config_entry.go                           |   53 +-
 api/config_entry_gateways.go                  |   40 -
 api/config_entry_gateways_test.go             |  147 -
 api/config_entry_routes.go                    |   26 +-
 api/config_entry_routes_test.go               |  134 -
 api/health.go                                 |    1 +
 api/watch/funcs_test.go                       |  104 -
 buf.work.yaml                                 |    2 +-
 build-support/docker/Build-Go.dockerfile      |    2 +-
 build-support/docker/Build-UI.dockerfile      |    2 +-
 .../docker/Consul-Dev-Dbg.dockerfile          |    2 +-
 .../docker/Consul-Dev-Multiarch.dockerfile    |    2 +-
 build-support/docker/Consul-Dev.dockerfile    |    2 +-
 build-support/functions/00-vars.sh            |    2 +-
 build-support/functions/10-util.sh            |    2 +-
 build-support/functions/20-build.sh           |    2 +-
 build-support/functions/30-release.sh         |    2 +-
 build-support/scripts/build-date.sh           |    2 +-
 build-support/scripts/build-docker.sh         |    2 +-
 .../scripts/check-allowed-imports.sh          |  124 -
 build-support/scripts/devtools.sh             |    2 +-
 .../scripts/envoy-library-references.sh       |    2 +-
 build-support/scripts/functions.sh            |    2 +-
 build-support/scripts/protobuf.sh             |   12 +-
 build-support/scripts/release.sh              |    2 +-
 build-support/scripts/version.sh              |    2 +-
 .../windows/Dockerfile-consul-dev-windows     |    4 -
 .../windows/Dockerfile-consul-local-windows   |   52 -
 .../windows/Dockerfile-openzipkin-windows     |   12 -
 .../windows/build-consul-dev-image.sh         |   17 -
 .../windows/build-consul-local-images.sh      |   95 -
 .../windows/build-test-sds-server-image.sh    |    8 -
 build-support/windows/windows-test.md         |  119 -
 command/acl/acl.go                            |    2 +-
 command/acl/acl_helpers.go                    |    2 +-
 command/acl/acl_test.go                       |    2 +-
 command/acl/agenttokens/agent_tokens.go       |    2 +-
 command/acl/agenttokens/agent_tokens_test.go  |    2 +-
 command/acl/authmethod/authmethod.go          |    2 +-
 .../authmethod/create/authmethod_create.go    |    2 +-
 .../authmethod/create/authmethod_create_ce.go |    2 +-
 .../create/authmethod_create_test.go          |    2 +-
 .../authmethod/delete/authmethod_delete.go    |    2 +-
 .../delete/authmethod_delete_test.go          |    2 +-
 command/acl/authmethod/formatter.go           |    2 +-
 .../acl/authmethod/list/authmethod_list.go    |    2 +-
 .../authmethod/list/authmethod_list_test.go   |    2 +-
 .../acl/authmethod/read/authmethod_read.go    |    2 +-
 .../authmethod/read/authmethod_read_test.go   |    2 +-
 .../authmethod/update/authmethod_update.go    |    2 +-
 .../authmethod/update/authmethod_update_ce.go |    2 +-
 .../update/authmethod_update_test.go          |    2 +-
 command/acl/bindingrule/bindingrule.go        |    2 +-
 .../bindingrule/create/bindingrule_create.go  |    2 +-
 .../create/bindingrule_create_test.go         |    2 +-
 .../bindingrule/delete/bindingrule_delete.go  |    2 +-
 .../delete/bindingrule_delete_test.go         |    2 +-
 command/acl/bindingrule/formatter.go          |    2 +-
 .../acl/bindingrule/list/bindingrule_list.go  |    2 +-
 .../bindingrule/list/bindingrule_list_test.go |    2 +-
 .../acl/bindingrule/read/bindingrule_read.go  |    2 +-
 .../bindingrule/read/bindingrule_read_test.go |    2 +-
 .../bindingrule/update/bindingrule_update.go  |    2 +-
 .../update/bindingrule_update_test.go         |    2 +-
 command/acl/bootstrap/bootstrap.go            |    2 +-
 command/acl/bootstrap/bootstrap_test.go       |    2 +-
 command/acl/policy/create/policy_create.go    |    2 +-
 .../acl/policy/create/policy_create_test.go   |    2 +-
 command/acl/policy/delete/policy_delete.go    |    2 +-
 .../acl/policy/delete/policy_delete_test.go   |    2 +-
 command/acl/policy/formatter.go               |    2 +-
 command/acl/policy/list/policy_list.go        |    2 +-
 command/acl/policy/list/policy_list_test.go   |    2 +-
 command/acl/policy/policy.go                  |    2 +-
 command/acl/policy/read/policy_read.go        |    2 +-
 command/acl/policy/read/policy_read_test.go   |    2 +-
 command/acl/policy/update/policy_update.go    |    2 +-
 .../acl/policy/update/policy_update_test.go   |    2 +-
 command/acl/role/create/role_create.go        |    2 +-
 command/acl/role/create/role_create_test.go   |    2 +-
 command/acl/role/delete/role_delete.go        |    2 +-
 command/acl/role/delete/role_delete_test.go   |    2 +-
 command/acl/role/formatter.go                 |    2 +-
 command/acl/role/formatter_test.go            |    2 +-
 command/acl/role/list/role_list.go            |    2 +-
 command/acl/role/list/role_list_test.go       |    2 +-
 command/acl/role/read/role_read.go            |    2 +-
 command/acl/role/read/role_read_test.go       |    2 +-
 command/acl/role/role.go                      |    2 +-
 command/acl/role/update/role_update.go        |    2 +-
 command/acl/role/update/role_update_test.go   |    2 +-
 command/acl/token/clone/token_clone.go        |    2 +-
 command/acl/token/clone/token_clone_test.go   |    2 +-
 command/acl/token/create/token_create.go      |    2 +-
 command/acl/token/create/token_create_test.go |    2 +-
 command/acl/token/delete/token_delete.go      |    2 +-
 command/acl/token/delete/token_delete_test.go |    2 +-
 command/acl/token/formatter.go                |    2 +-
 command/acl/token/formatter_ce_test.go        |    2 +-
 command/acl/token/formatter_test.go           |    2 +-
 command/acl/token/list/token_list.go          |    2 +-
 command/acl/token/list/token_list_test.go     |    2 +-
 command/acl/token/read/token_read.go          |    2 +-
 command/acl/token/read/token_read_test.go     |    2 +-
 command/acl/token/token.go                    |    2 +-
 command/acl/token/update/token_update.go      |    2 +-
 command/acl/token/update/token_update_test.go |    2 +-
 command/agent/agent.go                        |    2 +-
 command/agent/agent_test.go                   |    2 +-
 command/agent/startup_logger.go               |    2 +-
 command/catalog/catalog.go                    |    2 +-
 command/catalog/catalog_test.go               |    2 +-
 command/catalog/helpers.go                    |    2 +-
 command/catalog/helpers_ce.go                 |    2 +-
 .../list/dc/catalog_list_datacenters.go       |    2 +-
 .../list/dc/catalog_list_datacenters_test.go  |    2 +-
 .../catalog/list/nodes/catalog_list_nodes.go  |    2 +-
 .../list/nodes/catalog_list_nodes_test.go     |    2 +-
 .../list/services/catalog_list_services.go    |    2 +-
 .../services/catalog_list_services_test.go    |    2 +-
 command/cli/cli.go                            |    2 +-
 command/cli/formatting.go                     |    2 +-
 command/config/config.go                      |    2 +-
 command/config/delete/config_delete.go        |    2 +-
 command/config/delete/config_delete_test.go   |    2 +-
 command/config/list/config_list.go            |    2 +-
 command/config/list/config_list_test.go       |    2 +-
 command/config/read/config_read.go            |    2 +-
 command/config/read/config_read_test.go       |    2 +-
 command/config/write/config_write.go          |   68 +-
 command/config/write/config_write_test.go     |    2 +-
 command/connect/ca/ca.go                      |    2 +-
 command/connect/ca/ca_test.go                 |    2 +-
 command/connect/ca/get/connect_ca_get.go      |    2 +-
 command/connect/ca/get/connect_ca_get_test.go |    2 +-
 command/connect/ca/set/connect_ca_set.go      |    2 +-
 command/connect/ca/set/connect_ca_set_test.go |    2 +-
 command/connect/connect.go                    |    2 +-
 command/connect/connect_test.go               |    2 +-
 command/connect/envoy/bootstrap_config.go     |    2 +-
 .../connect/envoy/bootstrap_config_test.go    |    2 +-
 command/connect/envoy/bootstrap_tpl.go        |    4 +-
 command/connect/envoy/envoy.go                |    4 +-
 command/connect/envoy/envoy_ce_test.go        |    2 +-
 command/connect/envoy/envoy_test.go           |    2 +-
 command/connect/envoy/exec.go                 |    2 +-
 command/connect/envoy/exec_supported.go       |   58 -
 command/connect/envoy/exec_test.go            |    2 +-
 command/connect/envoy/exec_unix.go            |   53 +-
 command/connect/envoy/exec_unsupported.go     |    6 +-
 command/connect/envoy/exec_windows.go         |  112 -
 command/connect/envoy/exec_windows_arm64.go   |   83 -
 command/connect/envoy/flags.go                |    2 +-
 command/connect/envoy/flags_test.go           |    2 +-
 .../connect_envoy_pipe-bootstrap.go           |    2 +-
 .../connect_envoy_pipe-bootstrap_test.go      |    2 +-
 command/connect/expose/expose.go              |    2 +-
 command/connect/expose/expose_test.go         |    2 +-
 command/connect/proxy/flag_upstreams.go       |    2 +-
 command/connect/proxy/flag_upstreams_test.go  |    2 +-
 command/connect/proxy/proxy.go                |    2 +-
 command/connect/proxy/proxy_test.go           |    2 +-
 command/connect/proxy/register.go             |    2 +-
 command/connect/proxy/register_test.go        |    2 +-
 .../redirecttraffic/redirect_traffic.go       |    2 +-
 .../redirecttraffic/redirect_traffic_test.go  |    2 +-
 command/debug/debug.go                        |    2 +-
 command/debug/debug_test.go                   |    2 +-
 command/event/event.go                        |    2 +-
 command/event/event_test.go                   |    2 +-
 command/exec/exec.go                          |    2 +-
 command/exec/exec_test.go                     |    2 +-
 command/flags/config.go                       |    2 +-
 command/flags/config_test.go                  |    2 +-
 command/flags/flag_map_value.go               |    2 +-
 command/flags/flag_map_value_test.go          |    2 +-
 command/flags/flag_slice_value.go             |    2 +-
 command/flags/flag_slice_value_test.go        |    2 +-
 command/flags/http.go                         |    2 +-
 command/flags/http_test.go                    |    2 +-
 command/flags/merge.go                        |    2 +-
 command/flags/usage.go                        |    2 +-
 command/forceleave/forceleave.go              |    2 +-
 command/forceleave/forceleave_test.go         |    2 +-
 command/helpers/decode_shim.go                |    2 +-
 command/helpers/helpers.go                    |   18 +-
 command/helpers/helpers_test.go               |    2 +-
 command/info/info.go                          |    2 +-
 command/info/info_test.go                     |    2 +-
 command/intention/check/check.go              |    2 +-
 command/intention/check/check_test.go         |    2 +-
 command/intention/create/create.go            |    2 +-
 command/intention/create/create_test.go       |    2 +-
 command/intention/delete/delete.go            |    2 +-
 command/intention/delete/delete_test.go       |    2 +-
 command/intention/format.go                   |    2 +-
 command/intention/get/get.go                  |    2 +-
 command/intention/get/get_test.go             |    2 +-
 command/intention/helpers.go                  |    2 +-
 command/intention/helpers_test.go             |    2 +-
 command/intention/intention.go                |    2 +-
 command/intention/intention_test.go           |    2 +-
 command/intention/list/intention_list.go      |    2 +-
 command/intention/list/intention_list_test.go |    2 +-
 command/intention/match/match.go              |    2 +-
 command/intention/match/match_test.go         |    2 +-
 command/join/join.go                          |    2 +-
 command/join/join_test.go                     |    2 +-
 command/keygen/keygen.go                      |    2 +-
 command/keygen/keygen_test.go                 |    2 +-
 command/keyring/keyring.go                    |    2 +-
 command/keyring/keyring_test.go               |    2 +-
 command/kv/del/kv_delete.go                   |    2 +-
 command/kv/del/kv_delete_test.go              |    2 +-
 command/kv/exp/kv_export.go                   |    2 +-
 command/kv/exp/kv_export_test.go              |    2 +-
 command/kv/get/kv_get.go                      |    2 +-
 command/kv/get/kv_get_test.go                 |    2 +-
 command/kv/imp/kv_import.go                   |    2 +-
 command/kv/imp/kv_import_test.go              |    2 +-
 command/kv/impexp/kvimpexp.go                 |    2 +-
 command/kv/kv.go                              |    2 +-
 command/kv/kv_test.go                         |    2 +-
 command/kv/put/kv_put.go                      |    2 +-
 command/kv/put/kv_put_test.go                 |    2 +-
 command/leave/leave.go                        |    2 +-
 command/leave/leave_test.go                   |    2 +-
 command/lock/lock.go                          |    2 +-
 command/lock/lock_test.go                     |    2 +-
 command/lock/util_unix.go                     |    2 +-
 command/lock/util_windows.go                  |    2 +-
 command/login/aws.go                          |    2 +-
 command/login/login.go                        |    2 +-
 command/login/login_ce.go                     |    2 +-
 command/login/login_test.go                   |    2 +-
 command/logout/logout.go                      |    2 +-
 command/logout/logout_test.go                 |    2 +-
 command/maint/maint.go                        |    2 +-
 command/maint/maint_test.go                   |    2 +-
 command/members/members.go                    |    2 +-
 command/members/members_test.go               |    2 +-
 command/monitor/monitor.go                    |    2 +-
 command/monitor/monitor_test.go               |    2 +-
 .../autopilot/get/operator_autopilot_get.go   |    2 +-
 .../get/operator_autopilot_get_test.go        |    2 +-
 .../operator/autopilot/operator_autopilot.go  |    2 +-
 .../autopilot/operator_autopilot_test.go      |    2 +-
 .../autopilot/set/operator_autopilot_set.go   |    2 +-
 .../set/operator_autopilot_set_test.go        |    2 +-
 command/operator/autopilot/state/formatter.go |    2 +-
 .../state/operator_autopilot_state.go         |    2 +-
 .../state/operator_autopilot_state_test.go    |    2 +-
 command/operator/operator.go                  |    2 +-
 command/operator/operator_test.go             |    2 +-
 .../raft/listpeers/operator_raft_list.go      |    2 +-
 .../raft/listpeers/operator_raft_list_test.go |    2 +-
 command/operator/raft/operator_raft.go        |    2 +-
 command/operator/raft/operator_raft_test.go   |    2 +-
 .../raft/removepeer/operator_raft_remove.go   |    2 +-
 .../removepeer/operator_raft_remove_test.go   |    2 +-
 .../raft/transferleader/transfer_leader.go    |    2 +-
 .../transferleader/transfer_leader_test.go    |    2 +-
 .../usage/instances/usage_instances.go        |    2 +-
 .../usage/instances/usage_instances_ce.go     |    2 +-
 .../instances/usage_instances_ce_test.go      |    2 +-
 .../usage/instances/usage_instances_test.go   |    2 +-
 command/operator/usage/usage.go               |    2 +-
 command/peering/delete/delete.go              |    2 +-
 command/peering/delete/delete_test.go         |    2 +-
 command/peering/establish/establish.go        |    2 +-
 command/peering/establish/establish_test.go   |    2 +-
 command/peering/generate/generate.go          |    2 +-
 command/peering/generate/generate_test.go     |    2 +-
 command/peering/list/list.go                  |    2 +-
 command/peering/list/list_test.go             |    2 +-
 command/peering/peering.go                    |    2 +-
 command/peering/read/read.go                  |    2 +-
 command/peering/read/read_test.go             |    2 +-
 command/registry.go                           |    2 +-
 command/registry_ce.go                        |    2 +-
 command/reload/reload.go                      |    2 +-
 command/reload/reload_test.go                 |    2 +-
 command/rtt/rtt.go                            |    2 +-
 command/rtt/rtt_test.go                       |    2 +-
 command/services/config.go                    |    2 +-
 command/services/config_test.go               |    2 +-
 command/services/deregister/deregister.go     |    2 +-
 .../services/deregister/deregister_test.go    |    2 +-
 command/services/export/export.go             |    3 -
 command/services/export/export_test.go        |    3 -
 command/services/register/register.go         |    2 +-
 command/services/register/register_test.go    |    2 +-
 command/services/services.go                  |    2 +-
 command/services/services_test.go             |    2 +-
 command/snapshot/inspect/formatter.go         |    2 +-
 command/snapshot/inspect/formatter_test.go    |    2 +-
 command/snapshot/inspect/snapshot_inspect.go  |    2 +-
 .../snapshot/inspect/snapshot_inspect_test.go |    2 +-
 command/snapshot/restore/snapshot_restore.go  |    2 +-
 .../snapshot/restore/snapshot_restore_test.go |    2 +-
 command/snapshot/save/snapshot_save.go        |   63 +-
 command/snapshot/save/snapshot_save_test.go   |   67 +-
 command/snapshot/snapshot_command.go          |    2 +-
 command/snapshot/snapshot_command_test.go     |    2 +-
 command/tls/ca/create/tls_ca_create.go        |    2 +-
 command/tls/ca/create/tls_ca_create_test.go   |    2 +-
 command/tls/ca/tls_ca.go                      |    2 +-
 command/tls/ca/tls_ca_test.go                 |    2 +-
 command/tls/cert/create/tls_cert_create.go    |    2 +-
 .../tls/cert/create/tls_cert_create_test.go   |    2 +-
 command/tls/cert/tls_cert.go                  |    2 +-
 command/tls/cert/tls_cert_test.go             |    2 +-
 command/tls/tls.go                            |    2 +-
 command/tls/tls_test.go                       |    2 +-
 .../troubleshoot/proxy/troubleshoot_proxy.go  |    2 +-
 command/troubleshoot/troubleshoot.go          |    2 +-
 command/troubleshoot/troubleshoot_test.go     |    2 +-
 .../upstreams/troubleshoot_upstreams.go       |    2 +-
 command/validate/validate.go                  |    2 +-
 command/validate/validate_test.go             |    2 +-
 command/version/formatter.go                  |    2 +-
 command/version/formatter_test.go             |    2 +-
 command/version/version.go                    |    2 +-
 command/version/version_test.go               |    2 +-
 command/watch/watch.go                        |    2 +-
 command/watch/watch_test.go                   |    2 +-
 connect/certgen/certgen.go                    |    2 +-
 connect/example_test.go                       |    2 +-
 connect/proxy/config.go                       |    2 +-
 connect/proxy/config_test.go                  |    2 +-
 connect/proxy/conn.go                         |    2 +-
 connect/proxy/conn_test.go                    |    2 +-
 connect/proxy/listener.go                     |    2 +-
 connect/proxy/listener_test.go                |    2 +-
 connect/proxy/proxy.go                        |    2 +-
 connect/proxy/proxy_test.go                   |    2 +-
 connect/proxy/testing.go                      |    2 +-
 connect/resolver.go                           |    2 +-
 connect/resolver_test.go                      |    2 +-
 connect/service.go                            |    2 +-
 connect/service_test.go                       |    2 +-
 connect/testing.go                            |    2 +-
 connect/tls.go                                |    4 +-
 connect/tls_test.go                           |    2 +-
 docs/README.md                                |    6 +-
 docs/resources/guide.md                       |   18 +-
 .../extensioncommon/basic_envoy_extender.go   |    2 +-
 .../basic_extension_adapter.go                |    2 +-
 .../extensioncommon/envoy_extender.go         |    4 +-
 .../extensioncommon/envoy_extender_test.go    |    3 -
 envoyextensions/extensioncommon/resources.go  |   12 +-
 .../extensioncommon/resources_test.go         |    2 +-
 .../extensioncommon/runtime_config.go         |    2 +-
 .../extensioncommon/runtime_config_test.go    |    2 +-
 .../upstream_envoy_extender.go                |    2 +-
 envoyextensions/go.mod                        |    5 +-
 envoyextensions/go.sum                        |    2 +
 envoyextensions/xdscommon/envoy_versioning.go |    2 +-
 .../xdscommon/envoy_versioning_test.go        |    4 +-
 envoyextensions/xdscommon/proxysupport.go     |    4 +-
 .../xdscommon/proxysupport_test.go            |    2 +-
 envoyextensions/xdscommon/xdscommon.go        |    2 +-
 envoyextensions/xdscommon/xdscommon_test.go   |    3 -
 fixup_acl_move.sh                             |    2 +-
 go.mod                                        |   13 +-
 go.sum                                        |   33 +-
 grafana/README.md                             |    4 -
 .../consul-k8s-control-plane-monitoring.json  | 3467 -----------------
 internal/catalog/catalogtest/run_test.go      |    8 -
 .../catalogtest/test_integration_v1alpha1.go  |    4 -
 .../catalogtest/test_lifecycle_v1alpha1.go    |  709 ----
 internal/catalog/exports.go                   |   66 +-
 .../controllers/endpoints/controller.go       |    2 +-
 .../controllers/endpoints/controller_test.go  |    3 -
 .../endpoints/reconciliation_data.go          |    3 -
 .../endpoints/reconciliation_data_test.go     |    3 -
 .../internal/controllers/endpoints/status.go  |    2 +-
 .../controllers/failover/controller.go        |  276 --
 .../controllers/failover/controller_test.go   |  268 --
 .../internal/controllers/failover/status.go   |   84 -
 .../controllers/nodehealth/controller.go      |    2 +-
 .../controllers/nodehealth/controller_test.go |    2 +-
 .../internal/controllers/nodehealth/status.go |    2 +-
 .../catalog/internal/controllers/register.go  |    5 +-
 .../controllers/workloadhealth/controller.go  |    3 -
 .../workloadhealth/controller_test.go         |    2 +-
 .../controllers/workloadhealth/status.go      |    3 -
 .../mappers/failovermapper/failover_mapper.go |   64 -
 .../failovermapper/failover_mapper_test.go    |  190 -
 .../mappers/nodemapper/node_mapper.go         |    3 -
 .../mappers/nodemapper/node_mapper_test.go    |    3 -
 .../selectiontracker/selection_tracker.go     |    2 +-
 .../selection_tracker_test.go                 |    3 -
 internal/catalog/internal/types/dns_policy.go |    2 +-
 .../catalog/internal/types/dns_policy_test.go |    2 +-
 internal/catalog/internal/types/errors.go     |    2 +-
 .../catalog/internal/types/errors_test.go     |    2 +-
 .../catalog/internal/types/failover_policy.go |  265 --
 .../internal/types/failover_policy_test.go    |  599 ---
 .../catalog/internal/types/health_checks.go   |    2 +-
 .../internal/types/health_checks_test.go      |    2 +-
 .../catalog/internal/types/health_status.go   |    2 +-
 .../internal/types/health_status_test.go      |    2 +-
 internal/catalog/internal/types/node.go       |    2 +-
 internal/catalog/internal/types/node_test.go  |    2 +-
 internal/catalog/internal/types/service.go    |   16 +-
 .../internal/types/service_endpoints.go       |   47 +-
 .../internal/types/service_endpoints_test.go  |  132 +-
 .../catalog/internal/types/service_test.go    |   40 +-
 internal/catalog/internal/types/types.go      |    3 +-
 internal/catalog/internal/types/types_test.go |    2 +-
 internal/catalog/internal/types/validators.go |   34 +-
 .../catalog/internal/types/validators_test.go |    7 +-
 .../catalog/internal/types/virtual_ips.go     |    2 +-
 .../internal/types/virtual_ips_test.go        |    2 +-
 internal/catalog/internal/types/workload.go   |   16 +-
 .../catalog/internal/types/workload_test.go   |   33 +-
 internal/controller/api.go                    |   72 +-
 internal/controller/api_test.go               |   48 +-
 internal/controller/controller.go             |  100 +-
 internal/controller/dependency_mappers.go     |   11 -
 .../controller/dependency_mappers_test.go     |    3 -
 internal/controller/doc.go                    |    2 +-
 internal/controller/lease.go                  |    3 -
 internal/controller/manager.go                |    3 -
 internal/controller/supervisor.go             |    3 -
 internal/controller/supervisor_test.go        |    3 -
 internal/go-sso/oidcauth/auth.go              |    2 +-
 internal/go-sso/oidcauth/config.go            |    2 +-
 internal/go-sso/oidcauth/config_test.go       |    2 +-
 .../go-sso/oidcauth/internal/strutil/util.go  |    2 +-
 .../oidcauth/internal/strutil/util_test.go    |    2 +-
 internal/go-sso/oidcauth/jwt.go               |    2 +-
 internal/go-sso/oidcauth/jwt_test.go          |    2 +-
 internal/go-sso/oidcauth/oidc.go              |    2 +-
 internal/go-sso/oidcauth/oidc_test.go         |    2 +-
 .../go-sso/oidcauth/oidcauthtest/testing.go   |    2 +-
 internal/go-sso/oidcauth/oidcjwt.go           |    2 +-
 internal/go-sso/oidcauth/oidcjwt_test.go      |    2 +-
 internal/go-sso/oidcauth/util.go              |    2 +-
 internal/go-sso/oidcauth/util_test.go         |    2 +-
 internal/mesh/exports.go                      |   46 +-
 .../mesh/internal/controllers/register.go     |   22 -
 .../internal/controllers/xds/controller.go    |  184 -
 .../controllers/xds/controller_test.go        |  736 ----
 .../controllers/xds/endpoint_builder.go       |   75 -
 .../controllers/xds/endpoint_builder_test.go  |  236 --
 .../internal/controllers/xds/mock_updater.go  |  112 -
 .../controllers/xds/proxy_tracker_watch.go    |   21 -
 .../controllers/xds/reconciliation_data.go    |   61 -
 .../internal/controllers/xds/status/status.go |  104 -
 .../mesh/internal/types/computed_routes.go    |   77 -
 .../internal/types/computed_routes_test.go    |   92 -
 internal/mesh/internal/types/decoded.go       |   20 -
 .../mesh/internal/types/destination_policy.go |  226 --
 .../internal/types/destination_policy_test.go |  510 ---
 internal/mesh/internal/types/grpc_route.go    |  237 --
 .../mesh/internal/types/grpc_route_test.go    |  523 ---
 internal/mesh/internal/types/http_route.go    |  349 --
 .../mesh/internal/types/http_route_test.go    |  980 -----
 .../internal/types/proxy_configuration.go     |    9 +-
 .../internal/types/proxy_state_template.go    |   62 -
 internal/mesh/internal/types/tcp_route.go     |   95 -
 .../mesh/internal/types/tcp_route_test.go     |   79 -
 internal/mesh/internal/types/types.go         |    9 +-
 internal/mesh/internal/types/types_test.go    |    2 +-
 internal/mesh/internal/types/upstreams.go     |    4 +-
 .../internal/types/upstreams_configuration.go |   32 -
 internal/mesh/internal/types/util.go          |   52 -
 internal/mesh/internal/types/xroute.go        |  296 --
 .../mesh/proxy-snapshot/proxy_snapshot.go     |   17 -
 .../mesh/proxy-tracker/mock_SessionLimiter.go |   53 -
 .../mesh/proxy-tracker/proxy_state_exports.go |   42 -
 internal/mesh/proxy-tracker/proxy_tracker.go  |  281 --
 .../mesh/proxy-tracker/proxy_tracker_test.go  |  344 --
 internal/protohcl/any.go                      |  117 -
 internal/protohcl/attributes.go               |  157 -
 internal/protohcl/blocks.go                   |  115 -
 internal/protohcl/cty.go                      |  149 -
 internal/protohcl/decoder.go                  |  287 --
 internal/protohcl/doc.go                      |   79 -
 internal/protohcl/naming.go                   |   21 -
 internal/protohcl/oneof.go                    |   54 -
 internal/protohcl/primitives.go               |  141 -
 internal/protohcl/testproto/buf.gen.yaml      |   12 -
 internal/protohcl/testproto/example.pb.go     |  997 -----
 internal/protohcl/testproto/example.proto     |   77 -
 internal/protohcl/unmarshal.go                |  137 -
 internal/protohcl/unmarshal_test.go           |  560 ---
 internal/protohcl/well_known_types.go         |  421 --
 internal/radix/doc.go                         |    3 -
 internal/radix/radix.go                       |    3 -
 internal/radix/radix_test.go                  |    3 -
 internal/resource/authz_ce.go                 |   17 -
 internal/resource/decode.go                   |   69 -
 internal/resource/decode_test.go              |  113 -
 internal/resource/demo/controller.go          |    2 +-
 internal/resource/demo/controller_test.go     |    2 +-
 internal/resource/demo/demo.go                |   68 +-
 internal/resource/equality.go                 |   22 +-
 internal/resource/equality_test.go            |  306 +-
 internal/resource/errors.go                   |   31 +-
 internal/resource/errors_test.go              |    2 +-
 internal/resource/http/http.go                |  294 --
 internal/resource/http/http_test.go           |  596 ---
 .../resource/mappers/bimapper/bimapper.go     |  304 --
 .../mappers/bimapper/bimapper_test.go         |  356 --
 internal/resource/reaper/controller.go        |    2 +-
 internal/resource/reaper/controller_test.go   |    2 +-
 internal/resource/reference.go                |   25 +-
 internal/resource/refkey.go                   |   93 -
 internal/resource/refkey_test.go              |   87 -
 internal/resource/registry.go                 |   51 +-
 internal/resource/registry_test.go            |   14 +-
 internal/resource/resourcetest/builder.go     |   79 +-
 internal/resource/resourcetest/client.go      |   81 +-
 internal/resource/resourcetest/decode.go      |   20 -
 internal/resource/resourcetest/fs.go          |    3 -
 internal/resource/resourcetest/require.go     |   29 -
 internal/resource/resourcetest/testing.go     |    7 +-
 internal/resource/resourcetest/validation.go  |   30 -
 internal/resource/stringer.go                 |   60 -
 internal/resource/tenancy.go                  |   80 -
 internal/resource/tombstone.go                |    3 -
 internal/resourcehcl/any.go                   |   49 -
 internal/resourcehcl/naming.go                |   38 -
 .../testdata/gvk-no-arguments.error           |    1 -
 .../resourcehcl/testdata/gvk-no-arguments.hcl |    4 -
 .../resourcehcl/testdata/invalid-group.error  |    1 -
 .../resourcehcl/testdata/invalid-group.hcl    |    8 -
 .../resourcehcl/testdata/invalid-gvk.error    |    1 -
 internal/resourcehcl/testdata/invalid-gvk.hcl |    4 -
 .../testdata/invalid-metadata.error           |    1 -
 .../resourcehcl/testdata/invalid-metadata.hcl |    8 -
 .../resourcehcl/testdata/invalid-name.error   |    1 -
 .../resourcehcl/testdata/invalid-name.hcl     |    4 -
 .../testdata/no-blocks-any-first.golden       |    1 -
 .../testdata/no-blocks-any-first.hcl          |    8 -
 .../resourcehcl/testdata/no-blocks.golden     |    1 -
 internal/resourcehcl/testdata/no-blocks.hcl   |   33 -
 internal/resourcehcl/testdata/owner.golden    |    1 -
 internal/resourcehcl/testdata/owner.hcl       |    9 -
 .../resourcehcl/testdata/simple-gvk.golden    |    1 -
 internal/resourcehcl/testdata/simple-gvk.hcl  |   13 -
 .../resourcehcl/testdata/type-block.golden    |    1 -
 internal/resourcehcl/testdata/type-block.hcl  |    8 -
 .../testdata/unknown-field-block.error        |    1 -
 .../testdata/unknown-field-block.hcl          |    3 -
 .../testdata/unknown-field-object.error       |    1 -
 .../testdata/unknown-field-object.hcl         |    3 -
 .../resourcehcl/testdata/unknown-type.error   |    1 -
 .../resourcehcl/testdata/unknown-type.hcl     |    8 -
 .../resourcehcl/testdata/upstreams.golden     |    1 -
 internal/resourcehcl/testdata/upstreams.hcl   |   25 -
 internal/resourcehcl/unmarshal.go             |   55 -
 internal/resourcehcl/unmarshal_test.go        |  106 -
 internal/storage/conformance/conformance.go   |    2 +-
 internal/storage/inmem/backend.go             |    2 +-
 internal/storage/inmem/backend_test.go        |    2 +-
 internal/storage/inmem/event_index.go         |    2 +-
 internal/storage/inmem/schema.go              |    2 +-
 internal/storage/inmem/snapshot.go            |    2 +-
 internal/storage/inmem/snapshot_test.go       |    2 +-
 internal/storage/inmem/store.go               |    2 +-
 internal/storage/inmem/watch.go               |    2 +-
 internal/storage/raft/backend.go              |    2 +-
 internal/storage/raft/conformance_test.go     |    2 +-
 internal/storage/raft/forwarding.go           |    2 +-
 internal/storage/storage.go                   |    2 +-
 internal/testing/golden/golden.go             |    2 +-
 .../e2e/consul/agent/structs/structs.go       |    2 +-
 .../e2e/consul/proto/pbcommon/common.go       |    2 +-
 .../tools/proto-gen-rpc-glue/e2e/source.pb.go |    2 +-
 internal/tools/proto-gen-rpc-glue/main.go     |    2 +-
 .../tools/proto-gen-rpc-glue/main_test.go     |    2 +-
 .../protoc-gen-consul-rate-limit/main.go      |    2 +-
 .../postprocess/main.go                       |    2 +-
 ipaddr/detect.go                              |    2 +-
 ipaddr/detect_test.go                         |    2 +-
 ipaddr/ipaddr.go                              |    2 +-
 ipaddr/ipaddr_test.go                         |    2 +-
 lib/cluster.go                                |    2 +-
 lib/cluster_test.go                           |    2 +-
 lib/decode/decode.go                          |    2 +-
 lib/decode/decode_test.go                     |    2 +-
 lib/eof.go                                    |    2 +-
 lib/eof_test.go                               |    2 +-
 lib/file/atomic.go                            |    2 +-
 lib/file/atomic_test.go                       |    2 +-
 lib/hoststats/collector.go                    |    3 -
 lib/hoststats/cpu.go                          |    3 -
 lib/hoststats/cpu_test.go                     |    3 -
 lib/hoststats/host.go                         |    3 -
 lib/hoststats/metrics.go                      |    3 -
 lib/json.go                                   |    2 +-
 lib/map_walker.go                             |    2 +-
 lib/map_walker_test.go                        |    2 +-
 lib/maps/maps.go                              |    2 +-
 lib/maps/maps_test.go                         |    2 +-
 lib/math.go                                   |    2 +-
 lib/math_test.go                              |    2 +-
 lib/mutex/mutex.go                            |    2 +-
 lib/mutex/mutex_test.go                       |    2 +-
 lib/path.go                                   |    2 +-
 lib/retry/retry.go                            |    2 +-
 lib/retry/retry_test.go                       |    2 +-
 lib/routine/routine.go                        |    2 +-
 lib/routine/routine_test.go                   |    2 +-
 lib/rtt.go                                    |    2 +-
 lib/rtt_test.go                               |    2 +-
 lib/semaphore/semaphore.go                    |    2 +-
 lib/semaphore/semaphore_test.go               |    2 +-
 lib/serf/serf.go                              |    2 +-
 lib/stop_context.go                           |    2 +-
 lib/stop_context_test.go                      |    2 +-
 lib/strings.go                                |    2 +-
 lib/stringslice/stringslice.go                |    2 +-
 lib/stringslice/stringslice_test.go           |    2 +-
 lib/telemetry.go                              |    2 +-
 lib/telemetry_test.go                         |    2 +-
 lib/template/hil.go                           |    2 +-
 lib/template/hil_test.go                      |    2 +-
 lib/translate.go                              |    2 +-
 lib/translate_test.go                         |    2 +-
 lib/ttlcache/eviction.go                      |    2 +-
 lib/ttlcache/eviction_test.go                 |    2 +-
 lib/useragent.go                              |    2 +-
 lib/useragent_test.go                         |    2 +-
 lib/uuid.go                                   |    2 +-
 logging/gated_writer.go                       |    2 +-
 logging/gated_writer_test.go                  |    2 +-
 logging/grpc.go                               |    2 +-
 logging/grpc_test.go                          |    2 +-
 logging/log_levels.go                         |    2 +-
 logging/logfile.go                            |   35 +-
 logging/logfile_bsd.go                        |   16 +
 logging/logfile_linux.go                      |   17 +
 logging/logfile_solaris.go                    |   17 +
 logging/logfile_test.go                       |   18 +-
 logging/logfile_windows.go                    |   14 +
 logging/logger.go                             |    2 +-
 logging/logger_test.go                        |    2 +-
 logging/monitor/monitor.go                    |    2 +-
 logging/monitor/monitor_test.go               |    2 +-
 logging/names.go                              |    2 +-
 logging/syslog.go                             |    2 +-
 logging/syslog_test.go                        |    2 +-
 logging/syslog_unsupported_test.go            |    2 +-
 main.go                                       |    2 +-
 proto-public/LICENSE                          |  365 --
 .../v1alpha1/failover_policy.pb.binary.go     |   38 -
 .../pbcatalog/v1alpha1/failover_policy.pb.go  |  457 ---
 .../pbcatalog/v1alpha1/failover_policy.proto  |   47 -
 .../v1alpha1/failover_policy_extras.go        |   65 -
 .../v1alpha1/failover_policy_extras_test.go   |  171 -
 .../pbcatalog/v1alpha1/protocol.pb.go         |   90 +-
 .../pbcatalog/v1alpha1/protocol.proto         |   12 +-
 .../pbcatalog/v1alpha1/selector.pb.go         |   53 +-
 .../pbcatalog/v1alpha1/selector.proto         |    1 -
 proto-public/pbcatalog/v1alpha1/service.pb.go |    2 +-
 .../pbcatalog/v1alpha1/workload.pb.go         |    2 +-
 .../pbmesh/v1alpha1/common.pb.binary.go       |   28 -
 proto-public/pbmesh/v1alpha1/common.pb.go     |  307 --
 proto-public/pbmesh/v1alpha1/common.proto     |   64 -
 .../v1alpha1/computed_routes.pb.binary.go     |  128 -
 .../pbmesh/v1alpha1/computed_routes.pb.go     | 1321 -------
 .../pbmesh/v1alpha1/computed_routes.proto     |   99 -
 proto-public/pbmesh/v1alpha1/connection.pb.go |  172 +-
 proto-public/pbmesh/v1alpha1/connection.proto |   16 +-
 .../v1alpha1/destination_policy.pb.binary.go  |   88 -
 .../pbmesh/v1alpha1/destination_policy.pb.go  | 1091 ------
 .../pbmesh/v1alpha1/destination_policy.proto  |  147 -
 .../pbmesh/v1alpha1/grpc_route.pb.binary.go   |   78 -
 proto-public/pbmesh/v1alpha1/grpc_route.pb.go |  887 -----
 proto-public/pbmesh/v1alpha1/grpc_route.proto |  121 -
 .../pbmesh/v1alpha1/http_route.pb.binary.go   |  118 -
 proto-public/pbmesh/v1alpha1/http_route.pb.go | 1441 -------
 proto-public/pbmesh/v1alpha1/http_route.proto |  259 --
 .../v1alpha1/http_route_retries.pb.binary.go  |   18 -
 .../pbmesh/v1alpha1/http_route_retries.pb.go  |  206 -
 .../pbmesh/v1alpha1/http_route_retries.proto  |   25 -
 .../v1alpha1/http_route_timeouts.pb.binary.go |   18 -
 .../pbmesh/v1alpha1/http_route_timeouts.pb.go |  223 --
 .../pbmesh/v1alpha1/http_route_timeouts.proto |   41 -
 .../pbproxystate/access_logs.pb.binary.go     |   18 -
 .../v1alpha1/pbproxystate/access_logs.pb.go   |  325 --
 .../v1alpha1/pbproxystate/access_logs.proto   |   32 -
 .../pbproxystate/address.pb.binary.go         |   28 -
 .../v1alpha1/pbproxystate/address.pb.go       |  254 --
 .../v1alpha1/pbproxystate/address.proto       |   20 -
 .../pbproxystate/cluster.pb.binary.go         |  258 --
 .../v1alpha1/pbproxystate/cluster.pb.go       | 2554 ------------
 .../v1alpha1/pbproxystate/cluster.proto       |  180 -
 .../pbproxystate/endpoints.pb.binary.go       |   28 -
 .../v1alpha1/pbproxystate/endpoints.pb.go     |  386 --
 .../v1alpha1/pbproxystate/endpoints.proto     |   29 -
 .../pbproxystate/escape_hatches.pb.binary.go  |   18 -
 .../pbproxystate/escape_hatches.pb.go         |  173 -
 .../pbproxystate/escape_hatches.proto         |   11 -
 .../header_mutations.pb.binary.go             |   68 -
 .../pbproxystate/header_mutations.pb.go       |  693 ----
 .../pbproxystate/header_mutations.proto       |   47 -
 .../pbproxystate/intentions.pb.binary.go      |   28 -
 .../v1alpha1/pbproxystate/intentions.pb.go    |  211 -
 .../v1alpha1/pbproxystate/intentions.proto    |   10 -
 .../pbproxystate/listener.pb.binary.go        |   78 -
 .../v1alpha1/pbproxystate/listener.pb.go      | 1269 ------
 .../v1alpha1/pbproxystate/listener.proto      |  132 -
 .../pbproxystate/references.pb.binary.go      |   38 -
 .../v1alpha1/pbproxystate/references.pb.go    |  371 --
 .../v1alpha1/pbproxystate/references.proto    |   29 -
 .../v1alpha1/pbproxystate/route.pb.binary.go  |  178 -
 .../pbmesh/v1alpha1/pbproxystate/route.pb.go  | 1891 ---------
 .../pbmesh/v1alpha1/pbproxystate/route.proto  |  136 -
 .../transport_socket.pb.binary.go             |  138 -
 .../pbproxystate/transport_socket.pb.go       | 1505 -------
 .../pbproxystate/transport_socket.proto       |  137 -
 ...ration.pb.binary.go => proxy.pb.binary.go} |   22 +-
 proto-public/pbmesh/v1alpha1/proxy.pb.go      |  816 ++++
 ...{proxy_configuration.proto => proxy.proto} |   74 +-
 .../pbmesh/v1alpha1/proxy_configuration.pb.go | 1214 ------
 .../pbmesh/v1alpha1/proxy_state.pb.binary.go  |   28 -
 .../pbmesh/v1alpha1/proxy_state.pb.go         |  563 ---
 .../pbmesh/v1alpha1/proxy_state.proto         |   55 -
 .../pbmesh/v1alpha1/tcp_route.pb.binary.go    |   38 -
 proto-public/pbmesh/v1alpha1/tcp_route.pb.go  |  362 --
 proto-public/pbmesh/v1alpha1/tcp_route.proto  |   56 -
 .../pbmesh/v1alpha1/upstreams.pb.binary.go    |   34 +-
 proto-public/pbmesh/v1alpha1/upstreams.pb.go  |  628 ++-
 proto-public/pbmesh/v1alpha1/upstreams.proto  |   82 +-
 .../upstreams_configuration.pb.binary.go      |   58 -
 .../v1alpha1/upstreams_configuration.pb.go    |  695 ----
 .../v1alpha1/upstreams_configuration.proto    |  104 -
 proto-public/pbmesh/v1alpha1/xroute_addons.go |   91 -
 .../pbmesh/v1alpha1/xroute_addons_test.go     |  174 -
 proto/buf.gen.yaml                            |    2 +-
 proto/buf.yaml                                |    4 +-
 proto/private/pbacl/acl.go                    |    2 +-
 proto/private/pbacl/acl.pb.go                 |    2 +-
 proto/private/pbacl/acl.proto                 |    2 +-
 proto/private/pbautoconf/auto_config.go       |    2 +-
 proto/private/pbautoconf/auto_config.pb.go    |    2 +-
 proto/private/pbautoconf/auto_config.proto    |    2 +-
 proto/private/pbautoconf/auto_config_ce.go    |    2 +-
 proto/private/pbcommon/common.go              |    2 +-
 proto/private/pbcommon/common.pb.go           |    2 +-
 proto/private/pbcommon/common.proto           |    2 +-
 proto/private/pbcommon/common_ce.go           |    2 +-
 proto/private/pbcommon/convert_pbstruct.go    |    2 +-
 .../private/pbcommon/convert_pbstruct_test.go |    2 +-
 proto/private/pbconfig/config.pb.go           |    2 +-
 proto/private/pbconfig/config.proto           |    2 +-
 .../private/pbconfigentry/config_entry.gen.go |  166 -
 proto/private/pbconfigentry/config_entry.go   |    2 +-
 .../pbconfigentry/config_entry.pb.binary.go   |  100 -
 .../private/pbconfigentry/config_entry.pb.go  | 3094 ++++++---------
 .../private/pbconfigentry/config_entry.proto  |   98 +-
 .../private/pbconfigentry/config_entry_ce.go  |   25 -
 proto/private/pbconnect/connect.go            |    2 +-
 proto/private/pbconnect/connect.pb.go         |    2 +-
 proto/private/pbconnect/connect.proto         |    2 +-
 proto/private/pbdemo/v1/demo.pb.binary.go     |   10 -
 proto/private/pbdemo/v1/demo.pb.go            |  204 +-
 proto/private/pbdemo/v1/demo.proto            |    7 +-
 proto/private/pbdemo/v2/demo.pb.go            |    2 +-
 proto/private/pbdemo/v2/demo.proto            |    2 +-
 proto/private/pboperator/operator.pb.go       |    2 +-
 proto/private/pboperator/operator.proto       |    2 +-
 proto/private/pbpeering/peering.go            |    2 +-
 proto/private/pbpeering/peering.pb.go         |    4 +-
 proto/private/pbpeering/peering.proto         |    4 +-
 proto/private/pbpeering/peering_ce.go         |    2 +-
 proto/private/pbpeerstream/convert.go         |    2 +-
 proto/private/pbpeerstream/peerstream.go      |    2 +-
 proto/private/pbpeerstream/peerstream.pb.go   |    2 +-
 proto/private/pbpeerstream/peerstream.proto   |    2 +-
 proto/private/pbpeerstream/types.go           |    2 +-
 proto/private/pbservice/convert.go            |    2 +-
 proto/private/pbservice/convert_ce.go         |    2 +-
 proto/private/pbservice/convert_ce_test.go    |    2 +-
 proto/private/pbservice/convert_test.go       |    2 +-
 proto/private/pbservice/healthcheck.gen.go    |    4 +
 proto/private/pbservice/healthcheck.pb.go     |  308 +-
 proto/private/pbservice/healthcheck.proto     |    4 +-
 proto/private/pbservice/ids.go                |    2 +-
 proto/private/pbservice/ids_test.go           |    2 +-
 proto/private/pbservice/node.pb.go            |    2 +-
 proto/private/pbservice/node.proto            |    2 +-
 proto/private/pbservice/service.pb.go         |    2 +-
 proto/private/pbservice/service.proto         |    2 +-
 proto/private/pbstorage/raft.pb.go            |    2 +-
 proto/private/pbstorage/raft.proto            |    2 +-
 proto/private/pbsubscribe/subscribe.go        |    2 +-
 proto/private/pbsubscribe/subscribe.pb.go     |    4 +-
 proto/private/pbsubscribe/subscribe.proto     |    2 +-
 proto/private/prototest/testing.go            |    9 +-
 proto/private/prototest/testing_test.go       |    3 -
 sdk/LICENSE                                   |  365 --
 sdk/iptables/iptables.go                      |    2 +-
 sdk/testutil/context.go                       |    8 +-
 sdk/testutil/retry/counter.go                 |   23 -
 sdk/testutil/retry/retry.go                   |   98 +-
 sdk/testutil/retry/retry_test.go              |   63 -
 sdk/testutil/retry/timer.go                   |   43 -
 sdk/testutil/server.go                        |    1 -
 sentinel/evaluator.go                         |    2 +-
 sentinel/scope.go                             |    2 +-
 sentinel/sentinel_ce.go                       |    2 +-
 service_os/service.go                         |    2 +-
 service_os/service_windows.go                 |    2 +-
 snapshot/archive.go                           |    2 +-
 snapshot/archive_test.go                      |    2 +-
 snapshot/snapshot.go                          |    2 +-
 snapshot/snapshot_test.go                     |    2 +-
 test-integ/README.md                          |    3 -
 test-integ/go.mod                             |  246 --
 test-integ/go.sum                             | 1336 -------
 test-integ/peering_commontopo/README.md       |   66 -
 .../peering_commontopo/ac1_basic_test.go      |  275 --
 .../ac2_disco_chain_test.go                   |  206 -
 .../ac3_service_defaults_upstream_test.go     |  267 --
 .../ac4_proxy_defaults_test.go                |  216 -
 .../ac5_1_no_svc_mesh_test.go                 |  132 -
 .../ac5_2_pq_failover_test.go                 |  401 --
 .../peering_commontopo/ac6_failovers_test.go  |  432 --
 .../ac7_1_rotate_gw_test.go                   |  191 -
 .../ac7_2_rotate_leader_test.go               |  217 --
 test-integ/peering_commontopo/asserter.go     |  301 --
 test-integ/peering_commontopo/commontopo.go   |  613 ---
 .../peering_commontopo/sharedtopology_test.go |   85 -
 test/bin/cluster.bash                         |    2 +-
 test/ca/generate.sh                           |    2 +-
 test/client_certs/generate.sh                 |    2 +-
 test/hostname/generate.sh                     |    2 +-
 .../envoy/Dockerfile-consul-envoy-windows     |   12 -
 .../connect/envoy/Dockerfile-tcpdump-windows  |    7 -
 .../envoy/Dockerfile-test-sds-server-windows  |    8 -
 test/integration/connect/envoy/README.md      |    1 -
 .../integration/connect/envoy/WINDOWS-TEST.md |   40 -
 .../capture.sh                                |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../case-api-gateway-http-hostnames/setup.sh  |    2 +-
 .../case-api-gateway-http-hostnames/vars.sh   |    2 +-
 .../case-api-gateway-http-simple/capture.sh   |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../case-api-gateway-http-simple/setup.sh     |    2 +-
 .../case-api-gateway-http-simple/vars.sh      |    2 +-
 .../capture.sh                                |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../service_s3.hcl                            |    2 +-
 .../setup.sh                                  |    2 +-
 .../vars.sh                                   |    2 +-
 .../capture.sh                                |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../setup.sh                                  |    2 +-
 .../vars.sh                                   |    2 +-
 .../capture.sh                                |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../case-api-gateway-tcp-conflicted/setup.sh  |    2 +-
 .../case-api-gateway-tcp-conflicted/vars.sh   |    2 +-
 .../case-api-gateway-tcp-simple/capture.sh    |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../case-api-gateway-tcp-simple/setup.sh      |    2 +-
 .../envoy/case-api-gateway-tcp-simple/vars.sh |    2 +-
 .../capture.sh                                |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../setup.sh                                  |    2 +-
 .../vars.sh                                   |    2 +-
 .../connect/envoy/case-badauthz/capture.sh    |    2 +-
 .../connect/envoy/case-badauthz/setup.sh      |    2 +-
 .../connect/envoy/case-basic/capture.sh       |    2 +-
 .../connect/envoy/case-basic/setup.sh         |    2 +-
 .../connect/envoy/case-centralconf/capture.sh |    2 +-
 .../envoy/case-centralconf/service_s1.hcl     |    2 +-
 .../envoy/case-centralconf/service_s2.hcl     |    2 +-
 .../connect/envoy/case-centralconf/setup.sh   |    2 +-
 .../alpha/base.hcl                            |    2 +-
 .../alpha/service_gateway.hcl                 |    2 +-
 .../alpha/service_s1.hcl                      |    2 +-
 .../alpha/service_s2.hcl                      |    2 +-
 .../alpha/setup.sh                            |    2 +-
 .../bind.hcl                                  |    2 +-
 .../capture.sh                                |    2 +-
 .../primary/base.hcl                          |    2 +-
 .../primary/service_s1.hcl                    |    2 +-
 .../primary/service_s2.hcl                    |    2 +-
 .../primary/setup.sh                          |    2 +-
 .../vars.sh                                   |    2 +-
 .../bind.hcl                                  |    2 +-
 .../capture.sh                                |    2 +-
 .../primary/setup.sh                          |    2 +-
 .../secondary/join.hcl                        |    2 +-
 .../secondary/service_gateway.hcl             |    2 +-
 .../secondary/service_s1.hcl                  |    2 +-
 .../secondary/setup.sh                        |    2 +-
 .../vars.sh                                   |    2 +-
 .../bind.hcl                                  |    2 +-
 .../capture.sh                                |    2 +-
 .../primary/setup.sh                          |    2 +-
 .../secondary/join.hcl                        |    2 +-
 .../secondary/service_gateway.hcl             |    2 +-
 .../secondary/service_s1.hcl                  |    2 +-
 .../secondary/setup.sh                        |    2 +-
 .../vars.sh                                   |    2 +-
 .../service_s2-v1.hcl                         |    2 +-
 .../service_s2-v2.hcl                         |    2 +-
 .../case-cfg-resolver-defaultsubset/setup.sh  |    2 +-
 .../case-cfg-resolver-defaultsubset/vars.sh   |    2 +-
 .../case-cfg-resolver-features/capture.sh     |    2 +-
 .../service_s2-v1.hcl                         |    2 +-
 .../service_s2-v2.hcl                         |    2 +-
 .../envoy/case-cfg-resolver-features/setup.sh |    2 +-
 .../envoy/case-cfg-resolver-features/vars.sh  |    2 +-
 .../service_s2-v1.hcl                         |    2 +-
 .../setup.sh                                  |    2 +-
 .../vars.sh                                   |    2 +-
 .../service_s3-v1.hcl                         |    2 +-
 .../service_s3-v2.hcl                         |    2 +-
 .../service_s3.hcl                            |    2 +-
 .../setup.sh                                  |    2 +-
 .../case-cfg-resolver-subset-redirect/vars.sh |    2 +-
 .../service_s3-v1.hcl                         |    2 +-
 .../service_s3-v2.hcl                         |    2 +-
 .../service_s3.hcl                            |    2 +-
 .../case-cfg-resolver-svc-failover/setup.sh   |    2 +-
 .../case-cfg-resolver-svc-failover/vars.sh    |    2 +-
 .../service_s3.hcl                            |    2 +-
 .../setup.sh                                  |    2 +-
 .../vars.sh                                   |    2 +-
 .../service_s3.hcl                            |    2 +-
 .../setup.sh                                  |    2 +-
 .../vars.sh                                   |    2 +-
 .../envoy/case-cfg-router-features/capture.sh |    2 +-
 .../service_s2-v1.hcl                         |    2 +-
 .../service_s2-v2.hcl                         |    2 +-
 .../envoy/case-cfg-router-features/setup.sh   |    2 +-
 .../envoy/case-cfg-router-features/vars.sh    |    2 +-
 .../alpha/base.hcl                            |    2 +-
 .../alpha/service_gateway.hcl                 |    2 +-
 .../alpha/service_s1.hcl                      |    2 +-
 .../alpha/service_s2.hcl                      |    2 +-
 .../alpha/setup.sh                            |    2 +-
 .../bind.hcl                                  |    2 +-
 .../capture.sh                                |    2 +-
 .../primary/base.hcl                          |    2 +-
 .../primary/service_s1.hcl                    |    2 +-
 .../primary/service_s2.hcl                    |    2 +-
 .../primary/setup.sh                          |    2 +-
 .../case-cfg-splitter-cluster-peering/vars.sh |    2 +-
 .../case-cfg-splitter-features/capture.sh     |    2 +-
 .../service_s2-v1.hcl                         |    2 +-
 .../service_s2-v2.hcl                         |    2 +-
 .../envoy/case-cfg-splitter-features/setup.sh |    2 +-
 .../envoy/case-cfg-splitter-features/vars.sh  |    2 +-
 .../alpha/base.hcl                            |    2 +-
 .../alpha/service_gateway.hcl                 |    2 +-
 .../alpha/service_s1.hcl                      |    2 +-
 .../alpha/service_s2.hcl                      |    2 +-
 .../alpha/setup.sh                            |    2 +-
 .../bind.hcl                                  |    2 +-
 .../capture.sh                                |    2 +-
 .../primary/base.hcl                          |    2 +-
 .../primary/service_ingress.hcl               |    2 +-
 .../primary/setup.sh                          |    2 +-
 .../vars.sh                                   |    2 +-
 .../connect/envoy/case-consul-exec/setup.sh   |    2 +-
 .../connect/envoy/case-consul-exec/vars.sh    |    2 +-
 .../alpha/base.hcl                            |    2 +-
 .../alpha/service_gateway.hcl                 |    2 +-
 .../alpha/service_s1.hcl                      |    2 +-
 .../alpha/service_s2.hcl                      |    2 +-
 .../alpha/setup.sh                            |    2 +-
 .../bind.hcl                                  |    2 +-
 .../capture.sh                                |    2 +-
 .../primary/base.hcl                          |    2 +-
 .../primary/service_gateway.hcl               |    2 +-
 .../primary/service_s1.hcl                    |    2 +-
 .../primary/service_s2.hcl                    |    2 +-
 .../primary/setup.sh                          |    2 +-
 .../case-cross-peer-control-plane-mgw/vars.sh |    2 +-
 .../alpha/base.hcl                            |    2 +-
 .../alpha/service_gateway.hcl                 |    2 +-
 .../alpha/service_s1.hcl                      |    2 +-
 .../alpha/service_s2.hcl                      |    2 +-
 .../alpha/service_s3.hcl                      |    2 +-
 .../alpha/setup.sh                            |    2 +-
 .../case-cross-peers-http-router/bind.hcl     |    2 +-
 .../case-cross-peers-http-router/capture.sh   |    2 +-
 .../primary/base.hcl                          |    2 +-
 .../primary/service_gateway.hcl               |    2 +-
 .../primary/service_s1.hcl                    |    2 +-
 .../primary/service_s2.hcl                    |    2 +-
 .../primary/setup.sh                          |    2 +-
 .../case-cross-peers-http-router/vars.sh      |    2 +-
 .../case-cross-peers-http/alpha/base.hcl      |    2 +-
 .../alpha/service_gateway.hcl                 |    2 +-
 .../alpha/service_s1.hcl                      |    2 +-
 .../alpha/service_s2.hcl                      |    2 +-
 .../case-cross-peers-http/alpha/setup.sh      |    2 +-
 .../envoy/case-cross-peers-http/bind.hcl      |    2 +-
 .../envoy/case-cross-peers-http/capture.sh    |    2 +-
 .../case-cross-peers-http/primary/base.hcl    |    2 +-
 .../primary/service_gateway.hcl               |    2 +-
 .../primary/service_s1.hcl                    |    2 +-
 .../primary/service_s2.hcl                    |    2 +-
 .../case-cross-peers-http/primary/setup.sh    |    2 +-
 .../envoy/case-cross-peers-http/vars.sh       |    2 +-
 .../alpha/base.hcl                            |    2 +-
 .../alpha/service_gateway.hcl                 |    2 +-
 .../alpha/service_s1.hcl                      |    2 +-
 .../alpha/service_s2.hcl                      |    2 +-
 .../alpha/service_s3.hcl                      |    2 +-
 .../alpha/setup.sh                            |    2 +-
 .../bind.hcl                                  |    2 +-
 .../capture.sh                                |    2 +-
 .../primary/base.hcl                          |    2 +-
 .../primary/service_gateway.hcl               |    2 +-
 .../primary/service_s1.hcl                    |    2 +-
 .../primary/service_s2.hcl                    |    2 +-
 .../primary/setup.sh                          |    2 +-
 .../vars.sh                                   |    2 +-
 .../envoy/case-cross-peers/alpha/base.hcl     |    2 +-
 .../alpha/service_gateway.hcl                 |    2 +-
 .../case-cross-peers/alpha/service_s1.hcl     |    2 +-
 .../case-cross-peers/alpha/service_s2.hcl     |    2 +-
 .../envoy/case-cross-peers/alpha/setup.sh     |    2 +-
 .../connect/envoy/case-cross-peers/bind.hcl   |    2 +-
 .../connect/envoy/case-cross-peers/capture.sh |    2 +-
 .../envoy/case-cross-peers/primary/base.hcl   |    2 +-
 .../primary/service_gateway.hcl               |    2 +-
 .../case-cross-peers/primary/service_s1.hcl   |    2 +-
 .../case-cross-peers/primary/service_s2.hcl   |    2 +-
 .../envoy/case-cross-peers/primary/setup.sh   |    2 +-
 .../connect/envoy/case-cross-peers/vars.sh    |    2 +-
 .../envoy/case-dogstatsd-udp/service_s1.hcl   |    2 +-
 .../connect/envoy/case-dogstatsd-udp/setup.sh |    2 +-
 .../connect/envoy/case-dogstatsd-udp/vars.sh  |    2 +-
 .../envoy/case-dogstatsd-udp/verify.bats      |    9 +-
 .../envoy/case-expose-checks/capture.sh       |    2 +-
 .../envoy/case-expose-checks/service_s1.hcl   |    2 +-
 .../envoy/case-expose-checks/service_s2.hcl   |    2 +-
 .../connect/envoy/case-expose-checks/setup.sh |    2 +-
 .../case-gateway-without-services/bind.hcl    |    2 +-
 .../case-gateway-without-services/capture.sh  |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../service_s1.hcl                            |    2 +-
 .../service_s2.hcl                            |    2 +-
 .../case-gateway-without-services/setup.sh    |    2 +-
 .../case-gateway-without-services/vars.sh     |    2 +-
 .../envoy/case-gateways-local/bind.hcl        |    2 +-
 .../envoy/case-gateways-local/capture.sh      |    2 +-
 .../primary/service_gateway.hcl               |    2 +-
 .../primary/service_s1.hcl                    |    2 +-
 .../primary/service_s2.hcl                    |    2 +-
 .../case-gateways-local/primary/setup.sh      |    2 +-
 .../case-gateways-local/secondary/join.hcl    |    2 +-
 .../secondary/service_gateway.hcl             |    2 +-
 .../secondary/service_s1.hcl                  |    2 +-
 .../case-gateways-local/secondary/setup.sh    |    4 +-
 .../connect/envoy/case-gateways-local/vars.sh |    2 +-
 .../envoy/case-gateways-remote/bind.hcl       |    2 +-
 .../envoy/case-gateways-remote/capture.sh     |    2 +-
 .../primary/service_s1.hcl                    |    2 +-
 .../primary/service_s2.hcl                    |    2 +-
 .../case-gateways-remote/primary/setup.sh     |    2 +-
 .../case-gateways-remote/secondary/join.hcl   |    2 +-
 .../secondary/service_gateway.hcl             |    2 +-
 .../secondary/service_s1.hcl                  |    2 +-
 .../case-gateways-remote/secondary/setup.sh   |    2 +-
 .../envoy/case-gateways-remote/vars.sh        |    2 +-
 .../connect/envoy/case-grpc/service_s1.hcl    |    4 +-
 .../connect/envoy/case-grpc/service_s2.hcl    |    2 +-
 .../connect/envoy/case-grpc/setup.sh          |    2 +-
 .../connect/envoy/case-grpc/vars.sh           |    2 +-
 .../connect/envoy/case-grpc/verify.bats       |    2 +-
 .../envoy/case-http-badauthz/capture.sh       |    2 +-
 .../envoy/case-http-badauthz/service_s1.hcl   |    2 +-
 .../envoy/case-http-badauthz/service_s2.hcl   |    2 +-
 .../connect/envoy/case-http-badauthz/setup.sh |    6 +-
 .../connect/envoy/case-http/capture.sh        |    2 +-
 .../connect/envoy/case-http/service_s1.hcl    |    2 +-
 .../connect/envoy/case-http/service_s2.hcl    |    2 +-
 .../connect/envoy/case-http/setup.sh          |    2 +-
 .../case-ingress-gateway-grpc/capture.sh      |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../case-ingress-gateway-grpc/service_s1.hcl  |    2 +-
 .../envoy/case-ingress-gateway-grpc/setup.sh  |    2 +-
 .../envoy/case-ingress-gateway-grpc/vars.sh   |    2 +-
 .../case-ingress-gateway-http/capture.sh      |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../envoy/case-ingress-gateway-http/setup.sh  |    2 +-
 .../envoy/case-ingress-gateway-http/vars.sh   |    2 +-
 .../capture.sh                                |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../setup.sh                                  |    2 +-
 .../vars.sh                                   |    2 +-
 .../alpha/base.hcl                            |    2 +-
 .../alpha/service_gateway.hcl                 |    2 +-
 .../alpha/service_s1.hcl                      |    2 +-
 .../alpha/service_s2.hcl                      |    2 +-
 .../alpha/setup.sh                            |    2 +-
 .../bind.hcl                                  |    2 +-
 .../capture.sh                                |    2 +-
 .../primary/base.hcl                          |    2 +-
 .../primary/service_ingress.hcl               |    2 +-
 .../primary/service_s1.hcl                    |    2 +-
 .../primary/service_s2.hcl                    |    2 +-
 .../primary/setup.sh                          |    2 +-
 .../vars.sh                                   |    2 +-
 .../envoy/case-ingress-gateway-sds/capture.sh |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../envoy/case-ingress-gateway-sds/setup.sh   |    2 +-
 .../envoy/case-ingress-gateway-sds/vars.sh    |    2 +-
 .../case-ingress-gateway-simple/capture.sh    |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../case-ingress-gateway-simple/setup.sh      |    2 +-
 .../envoy/case-ingress-gateway-simple/vars.sh |    2 +-
 .../envoy/case-ingress-gateway-tls/capture.sh |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../envoy/case-ingress-gateway-tls/setup.sh   |    2 +-
 .../envoy/case-ingress-gateway-tls/vars.sh    |    2 +-
 .../case-ingress-gateway-tls/verify.bats      |   10 +-
 .../bind.hcl                                  |    2 +-
 .../capture.sh                                |    2 +-
 .../primary/service_gateway.hcl               |    2 +-
 .../primary/service_ingress.hcl               |    2 +-
 .../primary/service_s1.hcl                    |    2 +-
 .../primary/service_s2.hcl                    |    2 +-
 .../primary/setup.sh                          |    2 +-
 .../secondary/join.hcl                        |    2 +-
 .../secondary/service_gateway.hcl             |    2 +-
 .../secondary/setup.sh                        |    2 +-
 .../vars.sh                                   |    2 +-
 .../connect/envoy/case-l7-intentions/acl.hcl  |    2 +-
 .../envoy/case-l7-intentions/capture.sh       |    2 +-
 .../connect/envoy/case-l7-intentions/setup.sh |    2 +-
 .../connect/envoy/case-lua/capture.sh         |    2 +-
 .../connect/envoy/case-lua/service_s1.hcl     |    2 +-
 .../connect/envoy/case-lua/service_s2.hcl     |    2 +-
 .../connect/envoy/case-lua/setup.sh           |    2 +-
 .../connect/envoy/case-lua/vars.sh            |    2 +-
 .../envoy/case-mesh-to-lambda/capture.sh      |    2 +-
 .../case-mesh-to-lambda/service_gateway.hcl   |    2 +-
 .../envoy/case-mesh-to-lambda/service_s1.hcl  |    2 +-
 .../envoy/case-mesh-to-lambda/setup.sh        |    2 +-
 .../connect/envoy/case-mesh-to-lambda/vars.sh |    2 +-
 .../envoy/case-multidc-rsa-ca/bind.hcl        |    2 +-
 .../envoy/case-multidc-rsa-ca/ca_config.hcl   |    2 +-
 .../envoy/case-multidc-rsa-ca/capture.sh      |    2 +-
 .../primary/service_s1.hcl                    |    2 +-
 .../primary/service_s2.hcl                    |    2 +-
 .../case-multidc-rsa-ca/primary/setup.sh      |    2 +-
 .../case-multidc-rsa-ca/secondary/join.hcl    |    2 +-
 .../secondary/service_s1.hcl                  |    2 +-
 .../case-multidc-rsa-ca/secondary/setup.sh    |    2 +-
 .../connect/envoy/case-multidc-rsa-ca/vars.sh |    2 +-
 .../connect/envoy/case-prometheus/capture.sh  |    2 +-
 .../envoy/case-prometheus/service_s1.hcl      |    2 +-
 .../envoy/case-prometheus/service_s2.hcl      |    2 +-
 .../connect/envoy/case-prometheus/setup.sh    |    2 +-
 .../envoy/case-property-override/capture.sh   |    2 +-
 .../case-property-override/service_s1.hcl     |    2 +-
 .../case-property-override/service_s2.hcl     |    2 +-
 .../case-property-override/service_s3.hcl     |    2 +-
 .../envoy/case-property-override/setup.sh     |    2 +-
 .../envoy/case-property-override/vars.sh      |    2 +-
 .../envoy/case-stats-proxy/service_s1.hcl     |    2 +-
 .../envoy/case-stats-proxy/service_s2.hcl     |    2 +-
 .../connect/envoy/case-stats-proxy/setup.sh   |    2 +-
 .../envoy/case-stats-proxy/verify.bats        |    2 +-
 .../envoy/case-statsd-udp/service_s1.hcl      |    2 +-
 .../connect/envoy/case-statsd-udp/setup.sh    |    2 +-
 .../connect/envoy/case-statsd-udp/vars.sh     |    2 +-
 .../capture.sh                                |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../service_s1.hcl                            |    2 +-
 .../service_s4.hcl                            |    2 +-
 .../setup.sh                                  |    2 +-
 .../vars.sh                                   |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../case-terminating-gateway-simple/setup.sh  |    2 +-
 .../case-terminating-gateway-simple/vars.sh   |    2 +-
 .../capture.sh                                |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../service_s2-v1.hcl                         |    2 +-
 .../service_s2-v2.hcl                         |    2 +-
 .../service_s3.hcl                            |    2 +-
 .../case-terminating-gateway-subsets/setup.sh |    2 +-
 .../case-terminating-gateway-subsets/vars.sh  |    2 +-
 .../bind.hcl                                  |    2 +-
 .../service_gateway.hcl                       |    2 +-
 .../service_s1.hcl                            |    2 +-
 .../service_s2.hcl                            |    2 +-
 .../setup.sh                                  |    2 +-
 .../vars.sh                                   |    2 +-
 .../envoy/case-upstream-config/service_s1.hcl |    2 +-
 .../envoy/case-upstream-config/service_s2.hcl |    2 +-
 .../envoy/case-upstream-config/setup.sh       |    2 +-
 .../connect/envoy/case-wanfed-gw/bind.hcl     |    2 +-
 .../connect/envoy/case-wanfed-gw/capture.sh   |    2 +-
 .../case-wanfed-gw/global-setup-windows.sh    |   47 -
 .../envoy/case-wanfed-gw/global-setup.sh      |    2 +-
 .../envoy/case-wanfed-gw/primary/common.hcl   |    2 +-
 .../envoy/case-wanfed-gw/primary/server.hcl   |    2 +-
 .../primary/service_gateway.hcl               |    2 +-
 .../case-wanfed-gw/primary/service_s1.hcl     |    2 +-
 .../case-wanfed-gw/primary/service_s2.hcl     |    2 +-
 .../envoy/case-wanfed-gw/primary/setup.sh     |    2 +-
 .../envoy/case-wanfed-gw/secondary/common.hcl |    2 +-
 .../envoy/case-wanfed-gw/secondary/server.hcl |    2 +-
 .../secondary/service_gateway.hcl             |    2 +-
 .../case-wanfed-gw/secondary/service_s1.hcl   |    2 +-
 .../case-wanfed-gw/secondary/service_s2.hcl   |    2 +-
 .../envoy/case-wanfed-gw/secondary/setup.sh   |    2 +-
 .../connect/envoy/case-wanfed-gw/vars.sh      |    2 +-
 .../connect/envoy/case-wasm/capture.sh        |    2 +-
 .../connect/envoy/case-wasm/service_s1.hcl    |    2 +-
 .../connect/envoy/case-wasm/service_s2.hcl    |    2 +-
 .../connect/envoy/case-wasm/setup.sh          |    2 +-
 .../connect/envoy/case-wasm/vars.sh           |    2 +-
 .../connect/envoy/case-zipkin/service_s1.hcl  |    2 +-
 .../connect/envoy/case-zipkin/service_s2.hcl  |    2 +-
 .../connect/envoy/case-zipkin/setup.sh        |    2 +-
 .../connect/envoy/case-zipkin/vars.sh         |    2 +-
 .../connect/envoy/case-zipkin/verify.bats     |    7 +-
 .../connect/envoy/consul-base-cfg/base.hcl    |    2 +-
 .../envoy/consul-base-cfg/service_s1.hcl      |    2 +-
 .../envoy/consul-base-cfg/service_s2.hcl      |    2 +-
 test/integration/connect/envoy/defaults.sh    |    2 +-
 .../connect/envoy/docker-windows.md           |   42 -
 .../connect/envoy/docs/img/linux-arch.png     |  Bin 63964 -> 0 bytes
 .../docs/img/windows-arch-singlecontainer.png |  Bin 114040 -> 0 bytes
 .../envoy/docs/img/windows-linux-arch.png     |  Bin 61475 -> 0 bytes
 .../docs/windows-testing-architecture.md      |  106 -
 test/integration/connect/envoy/down.sh        |    2 +-
 test/integration/connect/envoy/helpers.bash   |    4 +-
 .../connect/envoy/helpers.windows.bash        | 1195 ------
 test/integration/connect/envoy/main_test.go   |  140 +-
 test/integration/connect/envoy/run-tests.sh   |   16 +-
 .../connect/envoy/run-tests.windows.sh        |  911 -----
 .../connect/envoy/test-sds-server/Dockerfile  |    2 +-
 .../envoy/test-sds-server/certs/gen-certs.sh  |    2 +-
 .../connect/envoy/test-sds-server/sds.go      |    2 +-
 .../connect/envoy/windows-troubleshooting.md  |   90 -
 .../consul-container/assets/tproxy-startup.sh |    3 -
 test/integration/consul-container/go.mod      |  148 +-
 test/integration/consul-container/go.sum      |  935 +----
 .../consul-container/libs/assert/common.go    |    2 +-
 .../consul-container/libs/assert/envoy.go     |    7 +-
 .../consul-container/libs/assert/grpc.go      |    3 +-
 .../consul-container/libs/assert/peering.go   |   16 +-
 .../consul-container/libs/assert/service.go   |    4 +-
 .../consul-container/libs/cluster/agent.go    |   71 +-
 .../consul-container/libs/cluster/app.go      |    2 +-
 .../consul-container/libs/cluster/builder.go  |    2 +-
 .../consul-container/libs/cluster/cluster.go  |    2 +-
 .../consul-container/libs/cluster/config.go   |    2 +-
 .../libs/cluster/container.go                 |   55 +-
 .../libs/cluster/encryption.go                |    2 +-
 .../consul-container/libs/cluster/log.go      |    2 +-
 .../consul-container/libs/cluster/network.go  |    3 +-
 .../consul-container/libs/service/common.go   |    2 +-
 .../consul-container/libs/service/connect.go  |   18 +-
 .../consul-container/libs/service/examples.go |   38 +-
 .../consul-container/libs/service/gateway.go  |    2 +-
 .../consul-container/libs/service/helpers.go  |  116 +-
 .../consul-container/libs/service/log.go      |    2 +-
 .../consul-container/libs/service/service.go  |    2 +-
 .../libs/topology/peering_topology.go         |   20 +-
 .../libs/topology/service_topology.go         |   14 +-
 .../consul-container/libs/utils/debug.go      |    2 +-
 .../consul-container/libs/utils/defer.go      |    2 +-
 .../consul-container/libs/utils/docker.go     |   17 +-
 .../consul-container/libs/utils/helpers.go    |    2 +-
 .../consul-container/libs/utils/retry.go      |    2 +-
 .../consul-container/libs/utils/tenancy.go    |   17 +-
 .../consul-container/libs/utils/utils.go      |    2 +-
 .../consul-container/libs/utils/version.go    |   17 +-
 .../consul-container/libs/utils/version_ce.go |    2 +-
 .../test/basic/connect_service_test.go        |   57 +-
 .../test/catalog/catalog_test.go              |   38 -
 .../consul_envoy_version.go                   |    2 +-
 .../consul-container/test/debugging.md        |   78 -
 .../test/envoy_extensions/ext_authz_test.go   |    2 +-
 .../testdata/wasm_test_files/Dockerfile       |    6 -
 .../testdata/wasm_test_files/README.md        |   14 -
 .../testdata/wasm_test_files/build.sh         |    6 -
 .../testdata/wasm_test_files/go.mod           |    5 -
 .../testdata/wasm_test_files/go.sum           |    6 -
 .../testdata/wasm_test_files/nginx.conf       |   13 -
 .../wasm_test_files/wasm_add_header.go        |   50 -
 .../wasm_test_files/wasm_add_header.wasm      |  Bin 400008 -> 0 bytes
 .../test/envoy_extensions/wasm_test.go        |  464 ---
 .../test/gateways/gateway_endpoint_test.go    |    2 +-
 .../test/gateways/http_route_test.go          |    2 +-
 .../test/gateways/ingress_gateway_test.go     |    4 +-
 .../test/gateways/tenancy_ce.go               |    3 -
 .../test/jwtauth/jwt_auth_test.go             |    2 +-
 .../test/observability/access_logs_test.go    |    4 +-
 .../test/observability/metrics_leader_test.go |    2 +-
 .../rotate_server_and_ca_then_fail_test.go    |    2 +-
 .../test/ratelimit/ratelimit_test.go          |  109 +-
 .../test/snapshot/snapshot_restore_test.go    |    2 +-
 .../test/tproxy/tproxy_test.go                |    2 +-
 .../test/troubleshoot/troubleshoot_test.go    |    4 +-
 .../test/upgrade/acl_node_test.go             |    2 +-
 .../test/upgrade/basic/basic_test.go          |    2 +-
 .../upgrade/basic/fullstopupgrade_test.go     |    2 +-
 .../test/upgrade/basic/healthcheck_test.go    |    2 +-
 .../test/upgrade/catalog/catalog_test.go      |   87 -
 .../consul-container/test/upgrade/common.go   |    5 +-
 .../test/upgrade/ingress_gateway_grpc_test.go |    2 +-
 .../test/upgrade/ingress_gateway_sds_test.go  |    2 +-
 .../test/upgrade/ingress_gateway_test.go      |    2 +-
 .../resolver_default_subset_test.go           |    6 +-
 .../peering/peering_control_plane_mgw_test.go |    2 +-
 .../test/upgrade/peering/peering_http_test.go |    2 +-
 .../test/util/test_debug_breakpoint_hit.png   |  Bin 654866 -> 0 bytes
 .../test/util/test_debug_configuration.png    |  Bin 294046 -> 0 bytes
 .../test/util/test_debug_info.png             |  Bin 622325 -> 0 bytes
 .../util/test_debug_remote_configuration.png  |  Bin 285715 -> 0 bytes
 .../test/util/test_debug_remote_connected.png |  Bin 111968 -> 0 bytes
 .../test/util/test_debug_resume_program.png   |  Bin 51972 -> 0 bytes
 .../wanfed/acl_bootstrap_replication_test.go  |    2 +-
 .../test/wanfed/wanfed_peering_test.go        |    2 +-
 test/load/packer/consul-ami/consul.pkr.hcl    |    2 +-
 test/load/packer/consul-ami/scripts/conf.yaml |    2 +-
 .../packer/consul-ami/scripts/datadog.yaml    |    2 +-
 .../packer/consul-ami/scripts/move-files.sh   |    2 +-
 .../load/packer/loadtest-ami/loadtest.pkr.hcl |    2 +-
 .../packer/loadtest-ami/scripts/install-k6.sh |    2 +-
 .../packer/loadtest-ami/scripts/loadtest.js   |    2 +-
 test/load/terraform/consul.tf                 |    2 +-
 test/load/terraform/main.tf                   |    2 +-
 test/load/terraform/outputs.tf                |    2 +-
 test/load/terraform/providers.tf              |    2 +-
 test/load/terraform/test-servers.tf           |    2 +-
 test/load/terraform/user-data-client.sh       |    2 +-
 test/load/terraform/user-data-server.sh       |    2 +-
 test/load/terraform/variables.tf              |    2 +-
 testing/deployer/.gitignore                   |    4 -
 testing/deployer/README.md                    |  179 -
 testing/deployer/TODO.md                      |    9 -
 testing/deployer/go.mod                       |   45 -
 testing/deployer/go.sum                       |  246 --
 testing/deployer/sprawl/acl.go                |  335 --
 testing/deployer/sprawl/acl_rules.go          |  163 -
 testing/deployer/sprawl/boot.go               |  523 ---
 testing/deployer/sprawl/catalog.go            |  428 --
 testing/deployer/sprawl/configentries.go      |   61 -
 testing/deployer/sprawl/consul.go             |  101 -
 testing/deployer/sprawl/debug.go              |   11 -
 testing/deployer/sprawl/details.go            |  173 -
 testing/deployer/sprawl/ent.go                |  177 -
 testing/deployer/sprawl/helpers.go            |   14 -
 .../deployer/sprawl/internal/build/docker.go  |   86 -
 .../deployer/sprawl/internal/runner/exec.go   |  123 -
 .../deployer/sprawl/internal/secrets/store.go |   73 -
 .../deployer/sprawl/internal/tfgen/agent.go   |  218 --
 .../deployer/sprawl/internal/tfgen/digest.go  |   48 -
 testing/deployer/sprawl/internal/tfgen/dns.go |  183 -
 .../deployer/sprawl/internal/tfgen/docker.go  |   42 -
 .../sprawl/internal/tfgen/docker_test.go      |   18 -
 testing/deployer/sprawl/internal/tfgen/gen.go |  478 ---
 testing/deployer/sprawl/internal/tfgen/io.go  |   73 -
 .../deployer/sprawl/internal/tfgen/nodes.go   |  252 --
 .../deployer/sprawl/internal/tfgen/prelude.go |   19 -
 .../deployer/sprawl/internal/tfgen/proxy.go   |   90 -
 testing/deployer/sprawl/internal/tfgen/res.go |   98 -
 .../templates/container-app-dataplane.tf.tmpl |   29 -
 .../templates/container-app-sidecar.tf.tmpl   |   31 -
 .../tfgen/templates/container-app.tf.tmpl     |   25 -
 .../tfgen/templates/container-consul.tf.tmpl  |   40 -
 .../tfgen/templates/container-coredns.tf.tmpl |   28 -
 .../tfgen/templates/container-mgw.tf.tmpl     |   25 -
 .../tfgen/templates/container-pause.tf.tmpl   |   38 -
 .../tfgen/templates/container-proxy.tf.tmpl   |   33 -
 .../deployer/sprawl/internal/tfgen/tfgen.go   |   18 -
 testing/deployer/sprawl/peering.go            |  168 -
 testing/deployer/sprawl/sprawl.go             |  467 ---
 .../deployer/sprawl/sprawltest/sprawltest.go  |  205 -
 .../deployer/sprawl/sprawltest/test_test.go   |  183 -
 testing/deployer/sprawl/tls.go                |  117 -
 testing/deployer/topology/compile.go          |  674 ----
 testing/deployer/topology/default_cdp.go      |    6 -
 testing/deployer/topology/default_consul.go   |    7 -
 testing/deployer/topology/default_envoy.go    |    6 -
 testing/deployer/topology/ids.go              |  145 -
 testing/deployer/topology/images.go           |  126 -
 testing/deployer/topology/images_test.go      |  101 -
 testing/deployer/topology/topology.go         |  790 ----
 testing/deployer/topology/util.go             |   20 -
 testing/deployer/topology/util_test.go        |   14 -
 testing/deployer/util/consul.go               |   66 -
 testing/deployer/util/files.go                |   60 -
 .../deployer/util/internal/ipamutils/doc.go   |   21 -
 .../deployer/util/internal/ipamutils/utils.go |  120 -
 .../util/internal/ipamutils/utils_test.go     |  105 -
 testing/deployer/util/net.go                  |   20 -
 testrpc/wait.go                               |    2 +-
 tlsutil/config.go                             |   27 +-
 tlsutil/config_test.go                        |   10 +-
 tlsutil/generate.go                           |    2 +-
 tlsutil/generate_test.go                      |    2 +-
 tools/internal-grpc-proxy/main.go             |    2 +-
 troubleshoot/proxy/certs.go                   |    2 +-
 troubleshoot/proxy/certs_test.go              |    2 +-
 troubleshoot/proxy/stats.go                   |    2 +-
 troubleshoot/proxy/troubleshoot_proxy.go      |    2 +-
 troubleshoot/proxy/upstreams.go               |    2 +-
 troubleshoot/proxy/upstreams_test.go          |    2 +-
 troubleshoot/proxy/utils.go                   |    2 +-
 troubleshoot/proxy/validateupstream.go        |    2 +-
 troubleshoot/proxy/validateupstream_test.go   |    2 +-
 troubleshoot/validate/validate.go             |    2 +-
 troubleshoot/validate/validate_test.go        |    2 +-
 types/area.go                                 |    2 +-
 types/checks.go                               |    2 +-
 types/node_id.go                              |    2 +-
 types/tls.go                                  |    2 +-
 types/tls_test.go                             |    2 +-
 .../components/consul/acl/selector/index.hbs  |    2 +-
 .../consul/token/selector/index.hbs           |    2 +-
 .../components/consul/token/selector/index.js |    2 +-
 .../consul-acls/vendor/consul-acls/routes.js  |    2 +-
 .../vendor/consul-acls/services.js            |    2 +-
 .../app/components/consul/hcp/home/index.hbs  |    2 +-
 .../app/components/consul/hcp/home/index.scss |    2 +-
 .../components/consul/hcp/home/index.test.js  |    2 +-
 .../consul-hcp/vendor/consul-hcp/routes.js    |    2 +-
 .../consul-hcp/vendor/consul-hcp/services.js  |    2 +-
 .../consul/lock-session/form/index.hbs        |    2 +-
 .../consul/lock-session/form/index.scss       |    2 +-
 .../consul/lock-session/list/index.hbs        |    2 +-
 .../consul/lock-session/list/index.scss       |    2 +-
 .../lock-session/notifications/index.hbs      |    2 +-
 .../app/templates/dc/nodes/show/sessions.hbs  |    2 +-
 .../vendor/consul-lock-sessions/routes.js     |    2 +-
 .../vendor/consul-lock-sessions/services.js   |    2 +-
 .../components/consul/nspace/form/index.hbs   |    2 +-
 .../components/consul/nspace/form/index.js    |    2 +-
 .../components/consul/nspace/list/index.hbs   |    2 +-
 .../consul/nspace/list/pageobject.js          |    2 +-
 .../consul/nspace/notifications/index.hbs     |    2 +-
 .../consul/nspace/search-bar/index.hbs        |    2 +-
 .../consul/nspace/selector/index.hbs          |    2 +-
 .../app/templates/dc/nspaces/edit.hbs         |    2 +-
 .../app/templates/dc/nspaces/index.hbs        |    2 +-
 .../vendor/consul-nspaces/routes.js           |    2 +-
 .../vendor/consul-nspaces/services.js         |    2 +-
 .../consul/partition/form/index.hbs           |    2 +-
 .../consul/partition/list/index.hbs           |    2 +-
 .../consul/partition/list/test-support.js     |    2 +-
 .../consul/partition/notifications/index.hbs  |    2 +-
 .../consul/partition/search-bar/index.hbs     |    2 +-
 .../consul/partition/selector/index.hbs       |    2 +-
 .../app/templates/dc/partitions/edit.hbs      |    2 +-
 .../app/templates/dc/partitions/index.hbs     |    2 +-
 .../vendor/consul-partitions/routes.js        |    2 +-
 .../vendor/consul-partitions/services.js      |    2 +-
 .../consul/peer/address/list/index.hbs        |    2 +-
 .../consul/peer/address/list/index.scss       |    2 +-
 .../consul/peer/bento-box/index.hbs           |    2 +-
 .../components/consul/peer/components.scss    |    2 +-
 .../consul/peer/form/chart.xstate.js          |    2 +-
 .../peer/form/generate/actions/index.hbs      |    2 +-
 .../consul/peer/form/generate/chart.xstate.js |    2 +-
 .../peer/form/generate/fieldsets/index.hbs    |    2 +-
 .../peer/form/generate/fieldsets/index.js     |    2 +-
 .../consul/peer/form/generate/index.hbs       |    2 +-
 .../app/components/consul/peer/form/index.hbs |    2 +-
 .../components/consul/peer/form/index.scss    |    2 +-
 .../peer/form/initiate/actions/index.hbs      |    2 +-
 .../peer/form/initiate/fieldsets/index.hbs    |    2 +-
 .../consul/peer/form/initiate/index.hbs       |    2 +-
 .../consul/peer/form/token/actions/index.hbs  |    2 +-
 .../peer/form/token/fieldsets/index.hbs       |    4 +-
 .../app/components/consul/peer/index.scss     |    2 +-
 .../app/components/consul/peer/list/index.hbs |    2 +-
 .../consul/peer/list/test-support.js          |    2 +-
 .../consul/peer/notifications/index.hbs       |    2 +-
 .../consul/peer/search-bar/index.hbs          |    2 +-
 .../consul/peer/search-bar/index.scss         |    2 +-
 .../components/consul/peer/selector/index.hbs |    2 +-
 .../app/controllers/dc/peers/index.js         |    2 +-
 .../app/controllers/dc/peers/show/exported.js |    2 +-
 .../app/controllers/dc/peers/show/index.js    |    2 +-
 .../app/templates/dc/peers/index.hbs          |    2 +-
 .../app/templates/dc/peers/show.hbs           |    2 +-
 .../app/templates/dc/peers/show/addresses.hbs |    2 +-
 .../app/templates/dc/peers/show/exported.hbs  |    2 +-
 .../app/templates/dc/peers/show/imported.hbs  |    2 +-
 .../app/templates/dc/peers/show/index.hbs     |    2 +-
 .../vendor/consul-peerings/routes.js          |    2 +-
 .../vendor/consul-peerings/services.js        |    2 +-
 ui/packages/consul-ui/.docfy-config.js        |    2 +-
 ui/packages/consul-ui/.eslintrc.js            |    2 +-
 ui/packages/consul-ui/.istanbul.yml           |    2 +-
 ui/packages/consul-ui/.prettierrc.js          |    2 +-
 ui/packages/consul-ui/.template-lintrc.js     |    2 +-
 ui/packages/consul-ui/app/abilities/acl.js    |    2 +-
 .../consul-ui/app/abilities/auth-method.js    |    2 +-
 ui/packages/consul-ui/app/abilities/base.js   |    2 +-
 .../consul-ui/app/abilities/intention.js      |    2 +-
 ui/packages/consul-ui/app/abilities/kv.js     |    2 +-
 .../consul-ui/app/abilities/license.js        |    2 +-
 ui/packages/consul-ui/app/abilities/node.js   |    2 +-
 ui/packages/consul-ui/app/abilities/nspace.js |    2 +-
 .../consul-ui/app/abilities/overview.js       |    2 +-
 .../consul-ui/app/abilities/partition.js      |    2 +-
 ui/packages/consul-ui/app/abilities/peer.js   |    2 +-
 .../consul-ui/app/abilities/permission.js     |    2 +-
 ui/packages/consul-ui/app/abilities/policy.js |    2 +-
 ui/packages/consul-ui/app/abilities/role.js   |    2 +-
 ui/packages/consul-ui/app/abilities/server.js |    2 +-
 .../app/abilities/service-instance.js         |    2 +-
 .../consul-ui/app/abilities/session.js        |    2 +-
 ui/packages/consul-ui/app/abilities/token.js  |    2 +-
 .../consul-ui/app/abilities/upstream.js       |    2 +-
 .../consul-ui/app/abilities/zervice.js        |    2 +-
 ui/packages/consul-ui/app/abilities/zone.js   |    2 +-
 .../consul-ui/app/adapters/application.js     |    2 +-
 .../consul-ui/app/adapters/auth-method.js     |    2 +-
 .../consul-ui/app/adapters/binding-rule.js    |    2 +-
 .../consul-ui/app/adapters/coordinate.js      |    2 +-
 .../consul-ui/app/adapters/discovery-chain.js |    2 +-
 ui/packages/consul-ui/app/adapters/http.js    |    2 +-
 .../consul-ui/app/adapters/intention.js       |    2 +-
 ui/packages/consul-ui/app/adapters/kv.js      |    2 +-
 ui/packages/consul-ui/app/adapters/node.js    |    2 +-
 ui/packages/consul-ui/app/adapters/nspace.js  |    2 +-
 .../consul-ui/app/adapters/oidc-provider.js   |    2 +-
 .../consul-ui/app/adapters/partition.js       |    2 +-
 .../consul-ui/app/adapters/permission.js      |    2 +-
 ui/packages/consul-ui/app/adapters/policy.js  |    2 +-
 ui/packages/consul-ui/app/adapters/proxy.js   |    2 +-
 ui/packages/consul-ui/app/adapters/role.js    |    2 +-
 .../app/adapters/service-instance.js          |    2 +-
 ui/packages/consul-ui/app/adapters/service.js |    2 +-
 ui/packages/consul-ui/app/adapters/session.js |    2 +-
 ui/packages/consul-ui/app/adapters/token.js   |    2 +-
 .../consul-ui/app/adapters/topology.js        |    2 +-
 ui/packages/consul-ui/app/app.js              |    2 +-
 .../consul-ui/app/components/action/index.hbs |    2 +-
 .../app/components/anchors/index.scss         |    2 +-
 .../app/components/anchors/skin.scss          |    2 +-
 .../app/components/anonymous/index.hbs        |    2 +-
 .../app/components/anonymous/index.js         |    2 +-
 .../app/components/app-error/index.hbs        |    2 +-
 .../app/components/app-view/index.hbs         |    2 +-
 .../app/components/app-view/index.js          |    2 +-
 .../app/components/app-view/index.scss        |    2 +-
 .../app/components/app-view/layout.scss       |    2 +-
 .../app/components/app-view/skin.scss         |    2 +-
 .../consul-ui/app/components/app/index.hbs    |    2 +-
 .../consul-ui/app/components/app/index.js     |    2 +-
 .../consul-ui/app/components/app/index.scss   |    2 +-
 .../app/components/app/notification/index.hbs |    2 +-
 .../app/components/aria-menu/index.hbs        |    2 +-
 .../app/components/aria-menu/index.js         |    2 +-
 .../components/auth-dialog/chart.xstate.js    |    2 +-
 .../app/components/auth-dialog/index.hbs      |    2 +-
 .../app/components/auth-dialog/index.js       |    2 +-
 .../app/components/auth-form/chart.xstate.js  |    2 +-
 .../app/components/auth-form/index.hbs        |    2 +-
 .../app/components/auth-form/index.js         |    2 +-
 .../app/components/auth-form/index.scss       |    2 +-
 .../app/components/auth-form/layout.scss      |    2 +-
 .../app/components/auth-form/pageobject.js    |    2 +-
 .../app/components/auth-form/skin.scss        |    2 +-
 .../app/components/auth-form/tabs.xstate.js   |    2 +-
 .../app/components/auth-modal/index.scss      |    2 +-
 .../app/components/auth-modal/layout.scss     |    2 +-
 .../app/components/auth-modal/skin.scss       |    2 +-
 .../app/components/auth-profile/index.hbs     |    2 +-
 .../app/components/auth-profile/index.scss    |    2 +-
 .../consul-ui/app/components/badge/debug.scss |    2 +-
 .../consul-ui/app/components/badge/index.scss |    2 +-
 .../app/components/brand-loader/index.scss    |    2 +-
 .../app/components/brand-loader/layout.scss   |    2 +-
 .../app/components/brand-loader/skin.scss     |    2 +-
 .../app/components/breadcrumbs/index.scss     |    2 +-
 .../app/components/breadcrumbs/layout.scss    |    2 +-
 .../app/components/breadcrumbs/skin.scss      |    2 +-
 .../app/components/buttons/index.scss         |    2 +-
 .../app/components/buttons/layout.scss        |    2 +-
 .../app/components/buttons/skin.scss          |    2 +-
 .../consul-ui/app/components/card/index.scss  |    2 +-
 .../consul-ui/app/components/card/layout.scss |    2 +-
 .../consul-ui/app/components/card/skin.scss   |    2 +-
 .../app/components/checkbox-group/index.scss  |    2 +-
 .../app/components/checkbox-group/layout.scss |    2 +-
 .../app/components/checkbox-group/skin.scss   |    2 +-
 .../app/components/child-selector/index.hbs   |    2 +-
 .../app/components/child-selector/index.js    |    2 +-
 .../app/components/code-editor/index.hbs      |    2 +-
 .../app/components/code-editor/index.js       |    2 +-
 .../app/components/code-editor/index.scss     |    2 +-
 .../app/components/code-editor/layout.scss    |    2 +-
 .../app/components/code-editor/skin.scss      |    2 +-
 .../app/components/composite-row/index.scss   |    2 +-
 .../app/components/composite-row/layout.scss  |    2 +-
 .../components/confirmation-alert/index.hbs   |    2 +-
 .../components/confirmation-alert/index.js    |    2 +-
 .../components/confirmation-dialog/index.hbs  |    2 +-
 .../components/confirmation-dialog/index.js   |    2 +-
 .../components/confirmation-dialog/index.scss |    2 +-
 .../confirmation-dialog/layout.scss           |    2 +-
 .../components/confirmation-dialog/skin.scss  |    2 +-
 .../components/consul/acl/disabled/index.hbs  |    2 +-
 .../consul/auth-method/binding-list/index.hbs |    2 +-
 .../components/consul/auth-method/index.scss  |    2 +-
 .../consul/auth-method/list/index.hbs         |    2 +-
 .../consul/auth-method/list/pageobject.js     |    2 +-
 .../consul/auth-method/nspace-list/index.hbs  |    2 +-
 .../consul/auth-method/search-bar/index.hbs   |    2 +-
 .../consul/auth-method/type/index.hbs         |    2 +-
 .../consul/auth-method/view/index.hbs         |    2 +-
 .../components/consul/bucket/list/index.hbs   |    2 +-
 .../components/consul/bucket/list/index.js    |    2 +-
 .../components/consul/bucket/list/index.scss  |    2 +-
 .../consul/datacenter/selector/index.hbs      |    2 +-
 .../consul/discovery-chain/index.hbs          |    2 +-
 .../consul/discovery-chain/index.js           |    2 +-
 .../consul/discovery-chain/index.scss         |    2 +-
 .../consul/discovery-chain/layout.scss        |    2 +-
 .../discovery-chain/resolver-card/index.hbs   |    2 +-
 .../discovery-chain/route-card/index.hbs      |    2 +-
 .../discovery-chain/route-card/index.js       |    2 +-
 .../consul/discovery-chain/skin.scss          |    2 +-
 .../discovery-chain/splitter-card/index.hbs   |    2 +-
 .../consul/discovery-chain/utils.js           |    2 +-
 .../consul/exposed-path/list/index.hbs        |    2 +-
 .../consul/exposed-path/list/index.scss       |    2 +-
 .../consul/external-source/index.hbs          |    2 +-
 .../consul/external-source/index.scss         |    2 +-
 .../consul/health-check/list/index.hbs        |    2 +-
 .../consul/health-check/list/index.scss       |    2 +-
 .../consul/health-check/list/layout.scss      |    2 +-
 .../consul/health-check/list/pageobject.js    |    2 +-
 .../consul/health-check/list/skin.scss        |    2 +-
 .../consul/health-check/search-bar/index.hbs  |    2 +-
 .../consul/instance-checks/index.hbs          |    2 +-
 .../consul/instance-checks/index.scss         |    2 +-
 .../consul/intention/components.scss          |    2 +-
 .../consul/intention/form/fieldsets/index.hbs |    2 +-
 .../consul/intention/form/fieldsets/index.js  |    2 +-
 .../intention/form/fieldsets/index.scss       |    2 +-
 .../intention/form/fieldsets/layout.scss      |    2 +-
 .../consul/intention/form/fieldsets/skin.scss |    2 +-
 .../consul/intention/form/index.hbs           |    2 +-
 .../components/consul/intention/form/index.js |    2 +-
 .../consul/intention/form/index.scss          |    2 +-
 .../components/consul/intention/index.scss    |    2 +-
 .../consul/intention/list/check/index.hbs     |    2 +-
 .../consul/intention/list/components.scss     |    2 +-
 .../consul/intention/list/index.hbs           |    2 +-
 .../components/consul/intention/list/index.js |    2 +-
 .../consul/intention/list/index.scss          |    2 +-
 .../consul/intention/list/layout.scss         |    2 +-
 .../consul/intention/list/pageobject.js       |    2 +-
 .../consul/intention/list/skin.scss           |    2 +-
 .../consul/intention/list/table/index.hbs     |    2 +-
 .../consul/intention/list/table/index.scss    |    2 +-
 .../notice/custom-resource/index.hbs          |    2 +-
 .../intention/notice/permissions/index.hbs    |    2 +-
 .../consul/intention/notifications/index.hbs  |    2 +-
 .../intention/permission/form/index.hbs       |    2 +-
 .../consul/intention/permission/form/index.js |    2 +-
 .../intention/permission/form/index.scss      |    2 +-
 .../intention/permission/form/layout.scss     |    2 +-
 .../intention/permission/form/pageobject.js   |    2 +-
 .../intention/permission/form/skin.scss       |    2 +-
 .../permission/header/form/index.hbs          |    2 +-
 .../intention/permission/header/form/index.js |    2 +-
 .../permission/header/form/pageobject.js      |    2 +-
 .../permission/header/list/index.hbs          |    2 +-
 .../intention/permission/header/list/index.js |    2 +-
 .../permission/header/list/index.scss         |    2 +-
 .../permission/header/list/layout.scss        |    2 +-
 .../permission/header/list/pageobject.js      |    2 +-
 .../permission/header/list/skin.scss          |    2 +-
 .../intention/permission/list/index.hbs       |    2 +-
 .../consul/intention/permission/list/index.js |    2 +-
 .../intention/permission/list/index.scss      |    2 +-
 .../intention/permission/list/layout.scss     |    2 +-
 .../intention/permission/list/pageobject.js   |    2 +-
 .../intention/permission/list/skin.scss       |    2 +-
 .../consul/intention/search-bar/index.hbs     |    2 +-
 .../consul/intention/search-bar/index.scss    |    2 +-
 .../consul/intention/view/index.hbs           |    2 +-
 .../components/consul/intention/view/index.js |    2 +-
 .../app/components/consul/kind/index.hbs      |    2 +-
 .../app/components/consul/kind/index.js       |    2 +-
 .../app/components/consul/kind/index.scss     |    2 +-
 .../app/components/consul/kv/form/index.hbs   |    2 +-
 .../app/components/consul/kv/form/index.js    |    2 +-
 .../app/components/consul/kv/list/index.hbs   |    2 +-
 .../components/consul/kv/list/pageobject.js   |    2 +-
 .../components/consul/kv/search-bar/index.hbs |    2 +-
 .../app/components/consul/loader/index.hbs    |    2 +-
 .../app/components/consul/loader/index.scss   |    2 +-
 .../app/components/consul/loader/layout.scss  |    2 +-
 .../app/components/consul/loader/skin.scss    |    2 +-
 .../components/consul/metadata/list/index.hbs |    2 +-
 .../components/consul/metadata/list/index.js  |    2 +-
 .../consul/node-identity/template/index.hbs   |    2 +-
 .../consul/node/agentless-notice/index.hbs    |    2 +-
 .../consul/node/agentless-notice/index.js     |    2 +-
 .../consul/node/agentless-notice/index.scss   |    2 +-
 .../app/components/consul/node/list/index.hbs |    2 +-
 .../consul/node/peer-info/index.hbs           |    2 +-
 .../consul/node/peer-info/index.scss          |    2 +-
 .../consul/node/search-bar/index.hbs          |  260 +-
 .../app/components/consul/peer/info/index.hbs |    2 +-
 .../components/consul/peer/info/index.scss    |    2 +-
 .../components/consul/peer/list/index.scss    |    2 +-
 .../components/consul/policy/list/index.hbs   |    2 +-
 .../consul/policy/list/pageobject.js          |    2 +-
 .../consul/policy/notifications/index.hbs     |    2 +-
 .../consul/policy/search-bar/index.hbs        |    2 +-
 .../consul/policy/search-bar/index.js         |    2 +-
 .../app/components/consul/role/list/index.hbs |    2 +-
 .../components/consul/role/list/pageobject.js |    2 +-
 .../consul/role/notifications/index.hbs       |    2 +-
 .../consul/role/search-bar/index.hbs          |    2 +-
 .../components/consul/server/card/index.hbs   |    2 +-
 .../components/consul/server/card/index.scss  |    2 +-
 .../components/consul/server/card/layout.scss |    2 +-
 .../components/consul/server/card/skin.scss   |    2 +-
 .../components/consul/server/list/index.hbs   |    2 +-
 .../components/consul/server/list/index.scss  |    2 +-
 .../service-identity/template/index.hbs       |    2 +-
 .../consul/service-instance/list/index.hbs    |    2 +-
 .../consul/service-instance/list/index.js     |    2 +-
 .../service-instance/search-bar/index.hbs     |    2 +-
 .../components/consul/service/list/index.hbs  |    2 +-
 .../consul/service/search-bar/index.hbs       |    2 +-
 .../consul/service/search-bar/index.js        |    2 +-
 .../app/components/consul/source/index.hbs    |    2 +-
 .../app/components/consul/source/index.scss   |    2 +-
 .../consul/sources-select/index.hbs           |    2 +-
 .../components/consul/token/list/index.hbs    |    2 +-
 .../consul/token/list/pageobject.js           |    2 +-
 .../consul/token/notifications/index.hbs      |    2 +-
 .../consul/token/ruleset/list/index.hbs       |    2 +-
 .../consul/token/ruleset/list/index.js        |    2 +-
 .../consul/token/search-bar/index.hbs         |    2 +-
 .../consul/tomography/graph/index.hbs         |    2 +-
 .../consul/tomography/graph/index.js          |    2 +-
 .../consul/tomography/graph/index.scss        |    2 +-
 .../consul/transparent-proxy/index.hbs        |    2 +-
 .../consul/upstream-instance/list/index.hbs   |    2 +-
 .../consul/upstream-instance/list/index.scss  |    2 +-
 .../upstream-instance/list/pageobject.js      |    2 +-
 .../upstream-instance/search-bar/index.hbs    |    2 +-
 .../components/consul/upstream/list/index.hbs |    2 +-
 .../consul/upstream/list/index.scss           |    2 +-
 .../consul/upstream/search-bar/index.hbs      |    2 +-
 .../components/copy-button/chart.xstate.js    |    2 +-
 .../app/components/copy-button/index.hbs      |    2 +-
 .../app/components/copy-button/index.js       |    2 +-
 .../app/components/copy-button/index.scss     |    2 +-
 .../app/components/copy-button/layout.scss    |    2 +-
 .../app/components/copy-button/skin.scss      |    2 +-
 .../app/components/copyable-code/index.hbs    |    2 +-
 .../app/components/copyable-code/index.scss   |    2 +-
 .../app/components/csv-list/debug.scss        |    2 +-
 .../app/components/csv-list/index.scss        |    2 +-
 .../app/components/data-collection/index.hbs  |    2 +-
 .../app/components/data-collection/index.js   |    2 +-
 .../app/components/data-form/index.hbs        |    2 +-
 .../app/components/data-form/index.js         |    2 +-
 .../components/data-loader/chart.xstate.js    |    2 +-
 .../app/components/data-loader/index.hbs      |    2 +-
 .../app/components/data-loader/index.js       |    2 +-
 .../app/components/data-sink/index.hbs        |    2 +-
 .../app/components/data-sink/index.js         |    2 +-
 .../app/components/data-source/index.hbs      |    2 +-
 .../app/components/data-source/index.js       |    2 +-
 .../components/data-writer/chart.xstate.js    |    2 +-
 .../app/components/data-writer/index.hbs      |    2 +-
 .../app/components/data-writer/index.js       |    2 +-
 .../app/components/debug/navigation/index.hbs |    2 +-
 .../components/definition-table/debug.scss    |    2 +-
 .../components/definition-table/index.scss    |    2 +-
 .../components/definition-table/layout.scss   |    2 +-
 .../app/components/definition-table/skin.scss |    2 +-
 .../components/delete-confirmation/index.hbs  |    2 +-
 .../components/delete-confirmation/index.js   |    2 +-
 .../disclosure-menu/action/index.hbs          |    2 +-
 .../app/components/disclosure-menu/index.hbs  |    2 +-
 .../app/components/disclosure-menu/index.scss |    2 +-
 .../components/disclosure-menu/menu/index.hbs |    2 +-
 .../components/disclosure/action/index.hbs    |    2 +-
 .../components/disclosure/details/index.hbs   |    2 +-
 .../app/components/disclosure/index.hbs       |    2 +-
 .../app/components/disclosure/index.js        |    2 +-
 .../app/components/display-toggle/index.scss  |    2 +-
 .../app/components/display-toggle/layout.scss |    2 +-
 .../app/components/display-toggle/skin.scss   |    2 +-
 .../components/dom-recycling-table/index.scss |    2 +-
 .../dom-recycling-table/layout.scss           |    2 +-
 .../app/components/empty-state/index.hbs      |    2 +-
 .../app/components/empty-state/index.js       |    2 +-
 .../app/components/empty-state/index.scss     |    2 +-
 .../app/components/empty-state/layout.scss    |    2 +-
 .../app/components/empty-state/pageobject.js  |    2 +-
 .../app/components/empty-state/skin.scss      |    2 +-
 .../app/components/error-state/index.hbs      |    2 +-
 .../app/components/event-source/index.hbs     |    2 +-
 .../app/components/event-source/index.js      |    2 +-
 .../expanded-single-select/index.scss         |    2 +-
 .../expanded-single-select/layout.scss        |    2 +-
 .../expanded-single-select/skin.scss          |    2 +-
 .../app/components/filter-bar/index.scss      |    2 +-
 .../app/components/filter-bar/layout.scss     |    2 +-
 .../app/components/filter-bar/skin.scss       |    2 +-
 .../app/components/form-component/index.hbs   |    2 +-
 .../app/components/form-component/index.js    |    2 +-
 .../app/components/form-elements/index.scss   |    2 +-
 .../app/components/form-elements/layout.scss  |    2 +-
 .../app/components/form-elements/skin.scss    |    2 +-
 .../form-group/element/checkbox/index.hbs     |    2 +-
 .../form-group/element/error/index.hbs        |    2 +-
 .../components/form-group/element/index.hbs   |    2 +-
 .../components/form-group/element/index.js    |    2 +-
 .../form-group/element/label/index.hbs        |    2 +-
 .../form-group/element/radio/index.hbs        |    2 +-
 .../form-group/element/text/index.hbs         |    2 +-
 .../app/components/form-group/index.hbs       |    2 +-
 .../app/components/form-group/index.js        |    2 +-
 .../app/components/form-input/index.hbs       |    2 +-
 .../app/components/freetext-filter/index.hbs  |    2 +-
 .../app/components/freetext-filter/index.js   |    2 +-
 .../app/components/freetext-filter/index.scss |    2 +-
 .../components/freetext-filter/layout.scss    |    2 +-
 .../components/freetext-filter/pageobject.js  |    2 +-
 .../app/components/freetext-filter/skin.scss  |    2 +-
 .../app/components/hashicorp-consul/index.hbs |    2 +-
 .../app/components/hashicorp-consul/index.js  |    2 +-
 .../components/hashicorp-consul/index.scss    |    2 +-
 .../components/horizontal-kv-list/debug.scss  |    2 +-
 .../components/horizontal-kv-list/index.scss  |    2 +-
 .../components/horizontal-kv-list/layout.scss |    2 +-
 .../components/horizontal-kv-list/skin.scss   |    2 +-
 .../app/components/icon-definition/debug.scss |    2 +-
 .../app/components/icon-definition/index.scss |    2 +-
 .../app/components/informed-action/index.hbs  |    2 +-
 .../app/components/informed-action/index.scss |    2 +-
 .../components/informed-action/layout.scss    |    2 +-
 .../app/components/informed-action/skin.scss  |    2 +-
 .../app/components/inline-alert/debug.scss    |    2 +-
 .../app/components/inline-alert/index.scss    |    2 +-
 .../app/components/inline-alert/layout.scss   |    2 +-
 .../app/components/inline-alert/skin.scss     |    2 +-
 .../app/components/inline-code/index.scss     |    2 +-
 .../app/components/inline-code/layout.scss    |    2 +-
 .../app/components/inline-code/skin.scss      |    2 +-
 .../app/components/jwt-source/index.js        |    2 +-
 .../app/components/list-collection/index.hbs  |    2 +-
 .../app/components/list-collection/index.js   |    2 +-
 .../app/components/list-collection/index.scss |    2 +-
 .../components/list-collection/layout.scss    |    2 +-
 .../app/components/list-collection/skin.scss  |    2 +-
 .../app/components/list-row/index.scss        |    2 +-
 .../app/components/list-row/layout.scss       |    2 +-
 .../app/components/list-row/skin.scss         |    2 +-
 .../main-header-horizontal/index.scss         |    2 +-
 .../main-header-horizontal/layout.scss        |    2 +-
 .../main-header-horizontal/skin.scss          |    2 +-
 .../components/main-nav-horizontal/index.scss |    2 +-
 .../main-nav-horizontal/layout.scss           |    2 +-
 .../components/main-nav-horizontal/skin.scss  |    2 +-
 .../components/main-nav-vertical/debug.scss   |    2 +-
 .../components/main-nav-vertical/index.scss   |    2 +-
 .../components/main-nav-vertical/layout.scss  |    2 +-
 .../components/main-nav-vertical/skin.scss    |    2 +-
 .../app/components/menu-panel/deprecated.scss |    2 +-
 .../app/components/menu-panel/index.hbs       |    2 +-
 .../app/components/menu-panel/index.js        |    2 +-
 .../app/components/menu-panel/index.scss      |    2 +-
 .../app/components/menu-panel/layout.scss     |    2 +-
 .../app/components/menu-panel/skin.scss       |    2 +-
 .../app/components/menu/action/index.hbs      |    2 +-
 .../consul-ui/app/components/menu/index.hbs   |    2 +-
 .../app/components/menu/item/index.hbs        |    2 +-
 .../app/components/menu/separator/index.hbs   |    2 +-
 .../app/components/modal-dialog/index.hbs     |    2 +-
 .../app/components/modal-dialog/index.js      |    2 +-
 .../app/components/modal-dialog/index.scss    |    2 +-
 .../app/components/modal-dialog/layout.scss   |    2 +-
 .../app/components/modal-dialog/skin.scss     |    2 +-
 .../app/components/modal-layer/index.hbs      |    2 +-
 .../components/more-popover-menu/index.hbs    |    2 +-
 .../app/components/more-popover-menu/index.js |    2 +-
 .../components/more-popover-menu/index.scss   |    2 +-
 .../more-popover-menu/pageobject.js           |    2 +-
 .../components/oidc-select/chart.xstate.js    |    2 +-
 .../app/components/oidc-select/index.hbs      |    2 +-
 .../app/components/oidc-select/index.js       |    2 +-
 .../app/components/oidc-select/index.scss     |    2 +-
 .../app/components/oidc-select/layout.scss    |    2 +-
 .../app/components/oidc-select/skin.scss      |    2 +-
 .../app/components/option-input/index.hbs     |    2 +-
 .../consul-ui/app/components/outlet/index.hbs |    2 +-
 .../consul-ui/app/components/outlet/index.js  |    2 +-
 .../app/components/overlay/index.scss         |    2 +-
 .../app/components/overlay/none.scss          |    2 +-
 .../app/components/overlay/square-tail.scss   |    2 +-
 .../app/components/paged-collection/index.hbs |    2 +-
 .../app/components/paged-collection/index.js  |    2 +-
 .../components/paged-collection/index.scss    |    2 +-
 .../consul-ui/app/components/panel/debug.scss |    2 +-
 .../app/components/panel/index.css.js         |    2 +-
 .../consul-ui/app/components/panel/index.scss |    2 +-
 .../app/components/panel/layout.scss          |    2 +-
 .../consul-ui/app/components/panel/skin.scss  |    2 +-
 .../components/peerings/badge/icon/index.hbs  |    2 +-
 .../app/components/peerings/badge/index.hbs   |    2 +-
 .../app/components/peerings/badge/index.js    |    2 +-
 .../app/components/peerings/badge/index.scss  |    2 +-
 .../components/peerings/provider/index.hbs    |    2 +-
 .../app/components/peerings/provider/index.js |    2 +-
 .../consul-ui/app/components/pill/index.scss  |    2 +-
 .../consul-ui/app/components/pill/layout.scss |    2 +-
 .../consul-ui/app/components/pill/skin.scss   |    2 +-
 .../app/components/policy-form/index.hbs      |    2 +-
 .../app/components/policy-form/index.js       |    2 +-
 .../app/components/policy-form/pageobject.js  |    2 +-
 .../app/components/policy-selector/index.hbs  |    2 +-
 .../app/components/policy-selector/index.js   |    2 +-
 .../components/policy-selector/pageobject.js  |    2 +-
 .../app/components/popover-menu/index.hbs     |    2 +-
 .../app/components/popover-menu/index.js      |    2 +-
 .../app/components/popover-menu/index.scss    |    2 +-
 .../app/components/popover-menu/layout.scss   |    2 +-
 .../popover-menu/menu-item/index.hbs          |    2 +-
 .../popover-menu/menu-item/index.js           |    2 +-
 .../popover-menu/menu-separator/index.hbs     |    2 +-
 .../popover-menu/menu-separator/index.js      |    2 +-
 .../app/components/popover-menu/skin.scss     |    2 +-
 .../app/components/popover-select/index.hbs   |    2 +-
 .../app/components/popover-select/index.js    |    2 +-
 .../app/components/popover-select/index.scss  |    2 +-
 .../popover-select/optgroup/index.hbs         |    2 +-
 .../popover-select/option/index.hbs           |    2 +-
 .../components/popover-select/option/index.js |    2 +-
 .../components/popover-select/pageobject.js   |    2 +-
 .../app/components/power-select/pageobject.js |    2 +-
 .../app/components/progress/index.hbs         |    2 +-
 .../app/components/progress/index.scss        |    2 +-
 .../app/components/progress/layout.scss       |    2 +-
 .../app/components/progress/skin.scss         |    2 +-
 .../components/providers/dimension/index.hbs  |    2 +-
 .../components/providers/dimension/index.js   |    2 +-
 .../app/components/providers/search/index.hbs |    2 +-
 .../app/components/providers/search/index.js  |    2 +-
 .../app/components/radio-card/index.hbs       |    2 +-
 .../app/components/radio-card/index.js        |    2 +-
 .../app/components/radio-card/index.scss      |    2 +-
 .../app/components/radio-card/layout.scss     |    2 +-
 .../app/components/radio-card/skin.scss       |    2 +-
 .../app/components/radio-group/index.hbs      |    2 +-
 .../app/components/radio-group/index.js       |    2 +-
 .../app/components/radio-group/index.scss     |    2 +-
 .../app/components/radio-group/layout.scss    |    2 +-
 .../app/components/radio-group/pageobject.js  |    2 +-
 .../app/components/radio-group/skin.scss      |    2 +-
 .../consul-ui/app/components/ref/index.js     |    2 +-
 .../app/components/role-form/index.hbs        |    2 +-
 .../app/components/role-form/index.js         |    2 +-
 .../app/components/role-form/pageobject.js    |    2 +-
 .../app/components/role-selector/index.hbs    |    2 +-
 .../app/components/role-selector/index.js     |    2 +-
 .../app/components/role-selector/index.scss   |    2 +-
 .../components/role-selector/pageobject.js    |    2 +-
 .../app/components/route/announcer/index.hbs  |    2 +-
 .../consul-ui/app/components/route/index.hbs  |    2 +-
 .../consul-ui/app/components/route/index.js   |    2 +-
 .../app/components/route/title/index.hbs      |    2 +-
 .../app/components/route/title/index.scss     |    2 +-
 .../app/components/search-bar/index.hbs       |    2 +-
 .../app/components/search-bar/index.js        |    2 +-
 .../app/components/search-bar/index.scss      |    2 +-
 .../search-bar/remove-filter/index.hbs        |    2 +-
 .../app/components/search-bar/utils.js        |    2 +-
 .../app/components/skip-links/index.scss      |    2 +-
 .../app/components/skip-links/layout.scss     |    2 +-
 .../app/components/skip-links/skin.scss       |    2 +-
 .../app/components/sliding-toggle/index.scss  |    2 +-
 .../app/components/sliding-toggle/layout.scss |    2 +-
 .../app/components/sliding-toggle/skin.scss   |    2 +-
 .../components/state-chart/action/index.hbs   |    2 +-
 .../components/state-chart/action/index.js    |    2 +-
 .../components/state-chart/guard/index.hbs    |    2 +-
 .../app/components/state-chart/guard/index.js |    2 +-
 .../app/components/state-chart/index.hbs      |    2 +-
 .../app/components/state-chart/index.js       |    2 +-
 .../app/components/state-machine/index.hbs    |    2 +-
 .../app/components/state-machine/index.js     |    2 +-
 .../consul-ui/app/components/state/index.hbs  |    2 +-
 .../consul-ui/app/components/state/index.js   |    2 +-
 .../app/components/tab-nav/index.hbs          |    2 +-
 .../consul-ui/app/components/tab-nav/index.js |    2 +-
 .../app/components/tab-nav/index.scss         |    2 +-
 .../app/components/tab-nav/layout.scss        |    2 +-
 .../app/components/tab-nav/pageobject.js      |    2 +-
 .../app/components/tab-nav/skin.scss          |    2 +-
 .../consul-ui/app/components/table/index.scss |    2 +-
 .../app/components/table/layout.scss          |    2 +-
 .../consul-ui/app/components/table/skin.scss  |    2 +-
 .../components/tabular-collection/index.hbs   |    2 +-
 .../components/tabular-collection/index.js    |    2 +-
 .../components/tabular-collection/index.scss  |    2 +-
 .../app/components/tabular-details/index.hbs  |    2 +-
 .../app/components/tabular-details/index.js   |    2 +-
 .../app/components/tabular-details/index.scss |    2 +-
 .../components/tabular-details/layout.scss    |    2 +-
 .../app/components/tabular-details/skin.scss  |    2 +-
 .../app/components/tabular-dl/index.scss      |    2 +-
 .../app/components/tabular-dl/layout.scss     |    2 +-
 .../app/components/tabular-dl/skin.scss       |    2 +-
 .../app/components/tag-list/index.hbs         |    2 +-
 .../app/components/tag-list/index.scss        |    2 +-
 .../app/components/text-input/index.hbs       |    2 +-
 .../consul-ui/app/components/tile/debug.scss  |    2 +-
 .../consul-ui/app/components/tile/index.scss  |    2 +-
 .../app/components/toggle-button/index.hbs    |    2 +-
 .../app/components/toggle-button/index.js     |    2 +-
 .../app/components/toggle-button/index.scss   |    2 +-
 .../app/components/toggle-button/layout.scss  |    2 +-
 .../app/components/toggle-button/skin.scss    |    2 +-
 .../app/components/token-list/index.hbs       |    2 +-
 .../app/components/token-list/index.js        |    2 +-
 .../app/components/token-list/pageobject.js   |    2 +-
 .../components/token-source/chart.xstate.js   |    2 +-
 .../app/components/token-source/index.hbs     |    2 +-
 .../app/components/token-source/index.js      |    2 +-
 .../app/components/tooltip-panel/index.scss   |    2 +-
 .../app/components/tooltip-panel/layout.scss  |    2 +-
 .../app/components/tooltip-panel/skin.scss    |    2 +-
 .../app/components/tooltip/index.hbs          |    2 +-
 .../app/components/tooltip/index.scss         |    2 +-
 .../topology-metrics/card/index.hbs           |    2 +-
 .../components/topology-metrics/card/index.js |    2 +-
 .../topology-metrics/card/index.scss          |    2 +-
 .../topology-metrics/down-lines/index.hbs     |    2 +-
 .../topology-metrics/down-lines/index.js      |    2 +-
 .../app/components/topology-metrics/index.hbs |    2 +-
 .../app/components/topology-metrics/index.js  |    2 +-
 .../components/topology-metrics/index.scss    |    2 +-
 .../components/topology-metrics/layout.scss   |    2 +-
 .../topology-metrics/notifications/index.hbs  |    2 +-
 .../topology-metrics/popover/index.hbs        |    2 +-
 .../topology-metrics/popover/index.js         |    2 +-
 .../topology-metrics/popover/index.scss       |    2 +-
 .../topology-metrics/series/index.hbs         |    2 +-
 .../topology-metrics/series/index.js          |    2 +-
 .../topology-metrics/series/index.scss        |    2 +-
 .../topology-metrics/series/layout.scss       |    2 +-
 .../topology-metrics/series/skin.scss         |    2 +-
 .../app/components/topology-metrics/skin.scss |    2 +-
 .../topology-metrics/source-type/index.hbs    |    2 +-
 .../topology-metrics/source-type/index.scss   |    2 +-
 .../topology-metrics/stats/index.hbs          |    2 +-
 .../topology-metrics/stats/index.js           |    2 +-
 .../topology-metrics/stats/index.scss         |    2 +-
 .../topology-metrics/status/index.hbs         |    2 +-
 .../topology-metrics/status/index.scss        |    2 +-
 .../topology-metrics/up-lines/index.hbs       |    2 +-
 .../topology-metrics/up-lines/index.js        |    2 +-
 .../app/components/watcher/index.hbs          |    2 +-
 .../consul-ui/app/components/watcher/index.js |    2 +-
 .../consul-ui/app/components/yield/index.hbs  |    2 +-
 .../app/controllers/_peered-resource.js       |    2 +-
 .../consul-ui/app/controllers/application.js  |    2 +-
 .../controllers/dc/acls/policies/create.js    |    2 +-
 .../app/controllers/dc/acls/policies/edit.js  |    2 +-
 .../app/controllers/dc/acls/roles/create.js   |    2 +-
 .../app/controllers/dc/acls/roles/edit.js     |    2 +-
 .../app/controllers/dc/acls/tokens/create.js  |    2 +-
 .../app/controllers/dc/acls/tokens/edit.js    |    2 +-
 .../app/controllers/dc/nodes/index.js         |    2 +-
 .../app/controllers/dc/services/index.js      |    2 +-
 .../dc/services/instance/healthchecks.js      |    2 +-
 .../consul-ui/app/decorators/data-source.js   |    2 +-
 .../consul-ui/app/decorators/replace.js       |    2 +-
 ui/packages/consul-ui/app/env.js              |    2 +-
 .../app/filter/predicates/auth-method.js      |    2 +-
 .../app/filter/predicates/health-check.js     |    2 +-
 .../app/filter/predicates/intention.js        |    2 +-
 .../consul-ui/app/filter/predicates/kv.js     |    2 +-
 .../consul-ui/app/filter/predicates/node.js   |   11 +-
 .../consul-ui/app/filter/predicates/peer.js   |    2 +-
 .../consul-ui/app/filter/predicates/policy.js |    2 +-
 .../app/filter/predicates/service-instance.js |    2 +-
 .../app/filter/predicates/service.js          |    2 +-
 .../consul-ui/app/filter/predicates/token.js  |    2 +-
 ui/packages/consul-ui/app/formats.js          |    2 +-
 ui/packages/consul-ui/app/forms/intention.js  |    2 +-
 ui/packages/consul-ui/app/forms/kv.js         |    2 +-
 ui/packages/consul-ui/app/forms/policy.js     |    2 +-
 ui/packages/consul-ui/app/forms/role.js       |    2 +-
 ui/packages/consul-ui/app/forms/token.js      |    2 +-
 .../consul-ui/app/helpers/adopt-styles.js     |    2 +-
 ui/packages/consul-ui/app/helpers/atob.js     |    2 +-
 .../consul-ui/app/helpers/cached-model.js     |    2 +-
 .../consul-ui/app/helpers/class-map.js        |    2 +-
 .../consul-ui/app/helpers/collection.js       |    2 +-
 ui/packages/consul-ui/app/helpers/css-map.js  |    2 +-
 ui/packages/consul-ui/app/helpers/css.js      |    2 +-
 .../consul-ui/app/helpers/document-attrs.js   |    2 +-
 .../consul-ui/app/helpers/dom-position.js     |    2 +-
 .../consul-ui/app/helpers/duration-from.js    |    2 +-
 ui/packages/consul-ui/app/helpers/env.js      |    2 +-
 .../consul-ui/app/helpers/flatten-property.js |    2 +-
 .../app/helpers/format-short-time.js          |    2 +-
 ui/packages/consul-ui/app/helpers/href-to.js  |    2 +-
 .../consul-ui/app/helpers/icon-mapping.js     |    2 +-
 .../consul-ui/app/helpers/icons-debug.js      |    2 +-
 ui/packages/consul-ui/app/helpers/is-href.js  |    2 +-
 ui/packages/consul-ui/app/helpers/is.js       |    2 +-
 .../consul-ui/app/helpers/json-stringify.js   |    2 +-
 ui/packages/consul-ui/app/helpers/last.js     |    2 +-
 .../consul-ui/app/helpers/left-trim.js        |    2 +-
 .../consul-ui/app/helpers/merge-checks.js     |    2 +-
 .../consul-ui/app/helpers/percentage-of.js    |    2 +-
 .../app/helpers/policy/datacenters.js         |    2 +-
 .../consul-ui/app/helpers/policy/group.js     |    2 +-
 .../consul-ui/app/helpers/policy/typeof.js    |    2 +-
 .../consul-ui/app/helpers/refresh-route.js    |    2 +-
 .../consul-ui/app/helpers/render-template.js  |    2 +-
 ui/packages/consul-ui/app/helpers/require.js  |    2 +-
 .../consul-ui/app/helpers/right-trim.js       |    2 +-
 .../consul-ui/app/helpers/route-match.js      |    2 +-
 .../app/helpers/service/card-permissions.js   |    2 +-
 .../app/helpers/service/external-source.js    |    2 +-
 .../app/helpers/service/health-percentage.js  |    2 +-
 ui/packages/consul-ui/app/helpers/slugify.js  |    2 +-
 .../app/helpers/smart-date-format.js          |    2 +-
 ui/packages/consul-ui/app/helpers/split.js    |    2 +-
 .../consul-ui/app/helpers/state-chart.js      |    2 +-
 .../consul-ui/app/helpers/state-matches.js    |    2 +-
 .../consul-ui/app/helpers/style-map.js        |    2 +-
 ui/packages/consul-ui/app/helpers/substr.js   |    2 +-
 .../consul-ui/app/helpers/svg-curve.js        |    2 +-
 .../consul-ui/app/helpers/temporal-format.js  |    2 +-
 .../consul-ui/app/helpers/temporal-within.js  |    2 +-
 ui/packages/consul-ui/app/helpers/test.js     |    2 +-
 ui/packages/consul-ui/app/helpers/to-hash.js  |    2 +-
 ui/packages/consul-ui/app/helpers/to-route.js |    2 +-
 .../app/helpers/token/is-anonymous.js         |    2 +-
 .../consul-ui/app/helpers/token/is-legacy.js  |    2 +-
 ui/packages/consul-ui/app/helpers/tween-to.js |    2 +-
 ui/packages/consul-ui/app/helpers/uniq-by.js  |    2 +-
 .../consul-ui/app/helpers/unique-id.js        |    2 +-
 ui/packages/consul-ui/app/helpers/uri.js      |    2 +-
 ui/packages/consul-ui/app/index.html          |    2 +-
 .../app/instance-initializers/container.js    |    2 +-
 .../app/instance-initializers/href-to.js      |    2 +-
 .../instance-initializers/ivy-codemirror.js   |    2 +-
 .../app/instance-initializers/selection.js    |    2 +-
 .../app/locations/fsm-with-optional-test.js   |    2 +-
 .../app/locations/fsm-with-optional.js        |    2 +-
 ui/packages/consul-ui/app/locations/fsm.js    |    2 +-
 .../consul-ui/app/machines/boolean.xstate.js  |    2 +-
 .../consul-ui/app/machines/validate.xstate.js |    2 +-
 .../consul-ui/app/mixins/policy/as-many.js    |    2 +-
 .../consul-ui/app/mixins/role/as-many.js      |    2 +-
 .../app/mixins/with-blocking-actions.js       |    2 +-
 .../consul-ui/app/models/auth-method.js       |    2 +-
 .../consul-ui/app/models/binding-rule.js      |    2 +-
 .../consul-ui/app/models/coordinate.js        |    2 +-
 ui/packages/consul-ui/app/models/dc.js        |    2 +-
 .../consul-ui/app/models/discovery-chain.js   |    2 +-
 .../consul-ui/app/models/gateway-config.js    |    2 +-
 .../consul-ui/app/models/health-check.js      |    2 +-
 .../intention-permission-http-header.js       |    2 +-
 .../app/models/intention-permission-http.js   |    2 +-
 .../app/models/intention-permission.js        |    2 +-
 ui/packages/consul-ui/app/models/intention.js |    2 +-
 ui/packages/consul-ui/app/models/kv.js        |    2 +-
 ui/packages/consul-ui/app/models/license.js   |    2 +-
 ui/packages/consul-ui/app/models/node.js      |    2 +-
 ui/packages/consul-ui/app/models/nspace.js    |    2 +-
 .../consul-ui/app/models/oidc-provider.js     |    2 +-
 ui/packages/consul-ui/app/models/partition.js |    2 +-
 ui/packages/consul-ui/app/models/peer.js      |    2 +-
 .../consul-ui/app/models/permission.js        |    2 +-
 ui/packages/consul-ui/app/models/policy.js    |    2 +-
 ui/packages/consul-ui/app/models/proxy.js     |    2 +-
 ui/packages/consul-ui/app/models/role.js      |    2 +-
 .../consul-ui/app/models/service-instance.js  |    2 +-
 ui/packages/consul-ui/app/models/service.js   |    2 +-
 ui/packages/consul-ui/app/models/session.js   |    2 +-
 ui/packages/consul-ui/app/models/token.js     |    2 +-
 ui/packages/consul-ui/app/models/topology.js  |    2 +-
 .../consul-ui/app/modifiers/aria-menu.js      |    2 +-
 .../consul-ui/app/modifiers/css-prop.js       |    2 +-
 .../consul-ui/app/modifiers/css-props.js      |    2 +-
 .../consul-ui/app/modifiers/did-upsert.js     |    2 +-
 .../consul-ui/app/modifiers/disabled.js       |    2 +-
 .../consul-ui/app/modifiers/notification.js   |    2 +-
 .../consul-ui/app/modifiers/on-outside.js     |    2 +-
 ui/packages/consul-ui/app/modifiers/style.js  |    2 +-
 .../consul-ui/app/modifiers/tooltip.js        |    2 +-
 .../consul-ui/app/modifiers/validate.js       |    2 +-
 .../consul-ui/app/modifiers/with-copyable.js  |    2 +-
 .../consul-ui/app/modifiers/with-overlay.js   |    2 +-
 ui/packages/consul-ui/app/router.js           |    2 +-
 .../consul-ui/app/routes/application.js       |    2 +-
 ui/packages/consul-ui/app/routes/dc.js        |    2 +-
 .../app/routes/dc/acls/auth-methods/index.js  |    2 +-
 .../routes/dc/acls/auth-methods/show/index.js |    2 +-
 .../app/routes/dc/acls/policies/create.js     |    2 +-
 .../app/routes/dc/acls/policies/edit.js       |    2 +-
 .../app/routes/dc/acls/policies/index.js      |    2 +-
 .../app/routes/dc/acls/roles/create.js        |    2 +-
 .../app/routes/dc/acls/roles/edit.js          |    2 +-
 .../app/routes/dc/acls/roles/index.js         |    2 +-
 .../app/routes/dc/acls/tokens/create.js       |    2 +-
 .../app/routes/dc/acls/tokens/edit.js         |    2 +-
 .../app/routes/dc/acls/tokens/index.js        |    2 +-
 .../consul-ui/app/routes/dc/kv/folder.js      |    2 +-
 .../consul-ui/app/routes/dc/kv/index.js       |    2 +-
 .../app/routes/dc/services/notfound.js        |    2 +-
 .../app/routes/dc/services/show/topology.js   |    2 +-
 .../app/routing/application-debug.js          |    2 +-
 ui/packages/consul-ui/app/routing/route.js    |    2 +-
 ui/packages/consul-ui/app/routing/single.js   |    2 +-
 .../consul-ui/app/search/predicates/acl.js    |    2 +-
 .../app/search/predicates/auth-method.js      |    2 +-
 .../app/search/predicates/health-check.js     |    2 +-
 .../app/search/predicates/intention.js        |    2 +-
 .../consul-ui/app/search/predicates/kv.js     |    2 +-
 .../consul-ui/app/search/predicates/node.js   |    2 +-
 .../consul-ui/app/search/predicates/nspace.js |    2 +-
 .../consul-ui/app/search/predicates/peer.js   |    2 +-
 .../consul-ui/app/search/predicates/policy.js |    2 +-
 .../consul-ui/app/search/predicates/role.js   |    2 +-
 .../app/search/predicates/service-instance.js |    2 +-
 .../app/search/predicates/service.js          |    2 +-
 .../consul-ui/app/search/predicates/token.js  |    2 +-
 .../search/predicates/upstream-instance.js    |    2 +-
 .../consul-ui/app/serializers/application.js  |    2 +-
 .../consul-ui/app/serializers/auth-method.js  |    2 +-
 .../consul-ui/app/serializers/binding-rule.js |    2 +-
 .../consul-ui/app/serializers/coordinate.js   |    2 +-
 .../app/serializers/discovery-chain.js        |    2 +-
 ui/packages/consul-ui/app/serializers/http.js |    2 +-
 .../consul-ui/app/serializers/intention.js    |    2 +-
 ui/packages/consul-ui/app/serializers/kv.js   |    2 +-
 ui/packages/consul-ui/app/serializers/node.js |    2 +-
 .../consul-ui/app/serializers/nspace.js       |    2 +-
 .../app/serializers/oidc-provider.js          |    2 +-
 .../consul-ui/app/serializers/partition.js    |    2 +-
 .../consul-ui/app/serializers/permission.js   |    2 +-
 .../consul-ui/app/serializers/policy.js       |    2 +-
 .../consul-ui/app/serializers/proxy.js        |    2 +-
 ui/packages/consul-ui/app/serializers/role.js |    2 +-
 .../app/serializers/service-instance.js       |    2 +-
 .../consul-ui/app/serializers/service.js      |    2 +-
 .../consul-ui/app/serializers/session.js      |    2 +-
 .../consul-ui/app/serializers/token.js        |    2 +-
 .../consul-ui/app/serializers/topology.js     |    2 +-
 .../consul-ui/app/services/abilities.js       |    2 +-
 ui/packages/consul-ui/app/services/atob.js    |    2 +-
 .../oauth2-code-with-url-provider.js          |    2 +-
 ui/packages/consul-ui/app/services/btoa.js    |    2 +-
 ui/packages/consul-ui/app/services/change.js  |    2 +-
 .../app/services/client/connections.js        |    2 +-
 .../consul-ui/app/services/client/http.js     |    2 +-
 .../app/services/client/transports/xhr.js     |    2 +-
 .../app/services/clipboard/local-storage.js   |    2 +-
 .../consul-ui/app/services/clipboard/os.js    |    2 +-
 .../app/services/code-mirror/linter.js        |    2 +-
 .../consul-ui/app/services/container.js       |    2 +-
 .../app/services/data-sink/protocols/http.js  |    2 +-
 .../data-sink/protocols/local-storage.js      |    2 +-
 .../app/services/data-sink/service.js         |    2 +-
 .../services/data-source/protocols/http.js    |    2 +-
 .../data-source/protocols/http/blocking.js    |    2 +-
 .../data-source/protocols/http/promise.js     |    2 +-
 .../data-source/protocols/local-storage.js    |    2 +-
 .../app/services/data-source/service.js       |    2 +-
 .../consul-ui/app/services/data-structs.js    |    2 +-
 ui/packages/consul-ui/app/services/dom.js     |    2 +-
 ui/packages/consul-ui/app/services/encoder.js |    2 +-
 ui/packages/consul-ui/app/services/env.js     |    2 +-
 .../consul-ui/app/services/feedback.js        |    2 +-
 ui/packages/consul-ui/app/services/filter.js  |    2 +-
 ui/packages/consul-ui/app/services/form.js    |    2 +-
 ui/packages/consul-ui/app/services/hcp.js     |    2 +-
 .../consul-ui/app/services/i18n-debug.js      |    2 +-
 .../consul-ui/app/services/local-storage.js   |    2 +-
 ui/packages/consul-ui/app/services/logger.js  |    2 +-
 .../consul-ui/app/services/repository.js      |    2 +-
 .../app/services/repository/auth-method.js    |    2 +-
 .../app/services/repository/binding-rule.js   |    2 +-
 .../app/services/repository/coordinate.js     |    2 +-
 .../consul-ui/app/services/repository/dc.js   |    2 +-
 .../services/repository/discovery-chain.js    |    2 +-
 .../intention-permission-http-header.js       |    2 +-
 .../repository/intention-permission.js        |    2 +-
 .../app/services/repository/intention.js      |    2 +-
 .../consul-ui/app/services/repository/kv.js   |    2 +-
 .../app/services/repository/license.js        |    2 +-
 .../app/services/repository/metrics.js        |    2 +-
 .../consul-ui/app/services/repository/node.js |    2 +-
 .../app/services/repository/nspace.js         |    2 +-
 .../app/services/repository/oidc-provider.js  |    2 +-
 .../app/services/repository/partition.js      |    2 +-
 .../consul-ui/app/services/repository/peer.js |    2 +-
 .../app/services/repository/permission.js     |    2 +-
 .../app/services/repository/policy.js         |    2 +-
 .../app/services/repository/proxy.js          |    2 +-
 .../consul-ui/app/services/repository/role.js |    2 +-
 .../services/repository/service-instance.js   |    2 +-
 .../app/services/repository/service.js        |    2 +-
 .../app/services/repository/session.js        |    2 +-
 .../app/services/repository/token.js          |    2 +-
 .../app/services/repository/topology.js       |    2 +-
 ui/packages/consul-ui/app/services/routlet.js |    2 +-
 ui/packages/consul-ui/app/services/schema.js  |    2 +-
 ui/packages/consul-ui/app/services/search.js  |    2 +-
 .../consul-ui/app/services/settings.js        |    2 +-
 ui/packages/consul-ui/app/services/sort.js    |    2 +-
 .../app/services/state-with-charts.js         |    2 +-
 ui/packages/consul-ui/app/services/state.js   |    2 +-
 ui/packages/consul-ui/app/services/store.js   |    2 +-
 .../consul-ui/app/services/temporal.js        |    2 +-
 ui/packages/consul-ui/app/services/ticker.js  |    2 +-
 ui/packages/consul-ui/app/services/timeout.js |    2 +-
 .../consul-ui/app/services/ui-config.js       |    2 +-
 .../app/sort/comparators/auth-method.js       |    2 +-
 .../app/sort/comparators/health-check.js      |    2 +-
 .../app/sort/comparators/intention.js         |    2 +-
 .../consul-ui/app/sort/comparators/kv.js      |    2 +-
 .../consul-ui/app/sort/comparators/node.js    |    2 +-
 .../consul-ui/app/sort/comparators/nspace.js  |    2 +-
 .../app/sort/comparators/partition.js         |    2 +-
 .../consul-ui/app/sort/comparators/peer.js    |    2 +-
 .../consul-ui/app/sort/comparators/policy.js  |    2 +-
 .../consul-ui/app/sort/comparators/role.js    |    2 +-
 .../app/sort/comparators/service-instance.js  |    2 +-
 .../consul-ui/app/sort/comparators/service.js |    2 +-
 .../consul-ui/app/sort/comparators/token.js   |    2 +-
 .../app/sort/comparators/upstream-instance.js |    2 +-
 ui/packages/consul-ui/app/storages/base.js    |    2 +-
 ui/packages/consul-ui/app/storages/notices.js |    2 +-
 ui/packages/consul-ui/app/styles/app.scss     |    2 +-
 .../app/styles/base/animation/index.scss      |    2 +-
 .../app/styles/base/color/index.scss          |    2 +-
 .../styles/base/color/semantic-variables.scss |    2 +-
 .../base/color/ui/frame-placeholders.scss     |    2 +-
 .../app/styles/base/color/ui/index.scss       |    2 +-
 .../app/styles/base/component/index.scss      |    2 +-
 .../base/decoration/base-placeholders.scss    |    2 +-
 .../base/decoration/base-variables.scss       |    2 +-
 .../app/styles/base/decoration/index.scss     |    2 +-
 .../base/decoration/visually-hidden.css.js    |    2 +-
 .../styles/base/icons/base-keyframes.css.js   |    2 +-
 .../app/styles/base/icons/base-keyframes.scss |    2 +-
 .../styles/base/icons/base-placeholders.scss  |    2 +-
 .../app/styles/base/icons/debug.scss          |    2 +-
 .../base/icons/icons/activity/index.scss      |    2 +-
 .../base/icons/icons/activity/keyframes.scss  |    2 +-
 .../icons/icons/activity/placeholders.scss    |    2 +-
 .../icons/icons/activity/property-16.scss     |    2 +-
 .../icons/icons/activity/property-24.scss     |    2 +-
 .../icons/icons/alert-circle-fill/index.scss  |    2 +-
 .../icons/alert-circle-fill/keyframes.scss    |    2 +-
 .../icons/alert-circle-fill/placeholders.scss |    2 +-
 .../icons/alert-circle-fill/property-16.scss  |    2 +-
 .../icons/alert-circle-fill/property-24.scss  |    2 +-
 .../icons/alert-circle-outline/index.scss     |    2 +-
 .../icons/alert-circle-outline/keyframes.scss |    2 +-
 .../alert-circle-outline/placeholders.scss    |    2 +-
 .../base/icons/icons/alert-circle/index.scss  |    2 +-
 .../icons/icons/alert-circle/keyframes.scss   |    2 +-
 .../icons/alert-circle/placeholders.scss      |    2 +-
 .../icons/icons/alert-circle/property-16.scss |    2 +-
 .../icons/icons/alert-circle/property-24.scss |    2 +-
 .../icons/icons/alert-octagon-fill/index.scss |    2 +-
 .../icons/alert-octagon-fill/keyframes.scss   |    2 +-
 .../alert-octagon-fill/placeholders.scss      |    2 +-
 .../icons/alert-octagon-fill/property-16.scss |    2 +-
 .../icons/alert-octagon-fill/property-24.scss |    2 +-
 .../base/icons/icons/alert-octagon/index.scss |    2 +-
 .../icons/icons/alert-octagon/keyframes.scss  |    2 +-
 .../icons/alert-octagon/placeholders.scss     |    2 +-
 .../icons/alert-octagon/property-16.scss      |    2 +-
 .../icons/alert-octagon/property-24.scss      |    2 +-
 .../icons/alert-triangle-fill/index.scss      |    2 +-
 .../icons/alert-triangle-fill/keyframes.scss  |    2 +-
 .../alert-triangle-fill/placeholders.scss     |    2 +-
 .../alert-triangle-fill/property-16.scss      |    2 +-
 .../alert-triangle-fill/property-24.scss      |    2 +-
 .../icons/icons/alert-triangle/index.scss     |    2 +-
 .../icons/icons/alert-triangle/keyframes.scss |    2 +-
 .../icons/alert-triangle/placeholders.scss    |    2 +-
 .../icons/alert-triangle/property-16.scss     |    2 +-
 .../icons/alert-triangle/property-24.scss     |    2 +-
 .../base/icons/icons/alibaba-color/index.scss |    2 +-
 .../icons/icons/alibaba-color/keyframes.scss  |    2 +-
 .../icons/alibaba-color/placeholders.scss     |    2 +-
 .../icons/alibaba-color/property-16.scss      |    2 +-
 .../icons/alibaba-color/property-24.scss      |    2 +-
 .../base/icons/icons/alibaba/index.scss       |    2 +-
 .../base/icons/icons/alibaba/keyframes.scss   |    2 +-
 .../icons/icons/alibaba/placeholders.scss     |    2 +-
 .../base/icons/icons/alibaba/property-16.scss |    2 +-
 .../base/icons/icons/alibaba/property-24.scss |    2 +-
 .../base/icons/icons/align-center/index.scss  |    2 +-
 .../icons/icons/align-center/keyframes.scss   |    2 +-
 .../icons/align-center/placeholders.scss      |    2 +-
 .../icons/icons/align-center/property-16.scss |    2 +-
 .../icons/icons/align-center/property-24.scss |    2 +-
 .../base/icons/icons/align-justify/index.scss |    2 +-
 .../icons/icons/align-justify/keyframes.scss  |    2 +-
 .../icons/align-justify/placeholders.scss     |    2 +-
 .../icons/align-justify/property-16.scss      |    2 +-
 .../icons/align-justify/property-24.scss      |    2 +-
 .../base/icons/icons/align-left/index.scss    |    2 +-
 .../icons/icons/align-left/keyframes.scss     |    2 +-
 .../icons/icons/align-left/placeholders.scss  |    2 +-
 .../icons/icons/align-left/property-16.scss   |    2 +-
 .../icons/icons/align-left/property-24.scss   |    2 +-
 .../base/icons/icons/align-right/index.scss   |    2 +-
 .../icons/icons/align-right/keyframes.scss    |    2 +-
 .../icons/icons/align-right/placeholders.scss |    2 +-
 .../icons/icons/align-right/property-16.scss  |    2 +-
 .../icons/icons/align-right/property-24.scss  |    2 +-
 .../icons/icons/amazon-eks-color/index.scss   |    2 +-
 .../icons/amazon-eks-color/keyframes.scss     |    2 +-
 .../icons/amazon-eks-color/placeholders.scss  |    2 +-
 .../icons/amazon-eks-color/property-16.scss   |    2 +-
 .../icons/amazon-eks-color/property-24.scss   |    2 +-
 .../base/icons/icons/amazon-eks/index.scss    |    2 +-
 .../icons/icons/amazon-eks/keyframes.scss     |    2 +-
 .../icons/icons/amazon-eks/placeholders.scss  |    2 +-
 .../icons/icons/amazon-eks/property-16.scss   |    2 +-
 .../icons/icons/amazon-eks/property-24.scss   |    2 +-
 .../base/icons/icons/apple-color/index.scss   |    2 +-
 .../icons/icons/apple-color/keyframes.scss    |    2 +-
 .../icons/icons/apple-color/placeholders.scss |    2 +-
 .../icons/icons/apple-color/property-16.scss  |    2 +-
 .../icons/icons/apple-color/property-24.scss  |    2 +-
 .../styles/base/icons/icons/apple/index.scss  |    2 +-
 .../base/icons/icons/apple/keyframes.scss     |    2 +-
 .../base/icons/icons/apple/placeholders.scss  |    2 +-
 .../base/icons/icons/apple/property-16.scss   |    2 +-
 .../base/icons/icons/apple/property-24.scss   |    2 +-
 .../base/icons/icons/archive/index.scss       |    2 +-
 .../base/icons/icons/archive/keyframes.scss   |    2 +-
 .../icons/icons/archive/placeholders.scss     |    2 +-
 .../base/icons/icons/archive/property-16.scss |    2 +-
 .../base/icons/icons/archive/property-24.scss |    2 +-
 .../icons/icons/arrow-down-circle/index.scss  |    2 +-
 .../icons/arrow-down-circle/keyframes.scss    |    2 +-
 .../icons/arrow-down-circle/placeholders.scss |    2 +-
 .../icons/arrow-down-circle/property-16.scss  |    2 +-
 .../icons/arrow-down-circle/property-24.scss  |    2 +-
 .../icons/icons/arrow-down-left/index.scss    |    2 +-
 .../icons/arrow-down-left/keyframes.scss      |    2 +-
 .../icons/arrow-down-left/placeholders.scss   |    2 +-
 .../icons/arrow-down-left/property-16.scss    |    2 +-
 .../icons/arrow-down-left/property-24.scss    |    2 +-
 .../icons/icons/arrow-down-right/index.scss   |    2 +-
 .../icons/arrow-down-right/keyframes.scss     |    2 +-
 .../icons/arrow-down-right/placeholders.scss  |    2 +-
 .../icons/arrow-down-right/property-16.scss   |    2 +-
 .../icons/arrow-down-right/property-24.scss   |    2 +-
 .../base/icons/icons/arrow-down/index.scss    |    2 +-
 .../icons/icons/arrow-down/keyframes.scss     |    2 +-
 .../icons/icons/arrow-down/placeholders.scss  |    2 +-
 .../icons/icons/arrow-down/property-16.scss   |    2 +-
 .../icons/icons/arrow-down/property-24.scss   |    2 +-
 .../icons/icons/arrow-left-circle/index.scss  |    2 +-
 .../icons/arrow-left-circle/keyframes.scss    |    2 +-
 .../icons/arrow-left-circle/placeholders.scss |    2 +-
 .../icons/arrow-left-circle/property-16.scss  |    2 +-
 .../icons/arrow-left-circle/property-24.scss  |    2 +-
 .../base/icons/icons/arrow-left/index.scss    |    2 +-
 .../icons/icons/arrow-left/keyframes.scss     |    2 +-
 .../icons/icons/arrow-left/placeholders.scss  |    2 +-
 .../icons/icons/arrow-left/property-16.scss   |    2 +-
 .../icons/icons/arrow-left/property-24.scss   |    2 +-
 .../icons/icons/arrow-right-circle/index.scss |    2 +-
 .../icons/arrow-right-circle/keyframes.scss   |    2 +-
 .../arrow-right-circle/placeholders.scss      |    2 +-
 .../icons/arrow-right-circle/property-16.scss |    2 +-
 .../icons/arrow-right-circle/property-24.scss |    2 +-
 .../base/icons/icons/arrow-right/index.scss   |    2 +-
 .../icons/icons/arrow-right/keyframes.scss    |    2 +-
 .../icons/icons/arrow-right/placeholders.scss |    2 +-
 .../icons/icons/arrow-right/property-16.scss  |    2 +-
 .../icons/icons/arrow-right/property-24.scss  |    2 +-
 .../icons/icons/arrow-up-circle/index.scss    |    2 +-
 .../icons/arrow-up-circle/keyframes.scss      |    2 +-
 .../icons/arrow-up-circle/placeholders.scss   |    2 +-
 .../icons/arrow-up-circle/property-16.scss    |    2 +-
 .../icons/arrow-up-circle/property-24.scss    |    2 +-
 .../base/icons/icons/arrow-up-left/index.scss |    2 +-
 .../icons/icons/arrow-up-left/keyframes.scss  |    2 +-
 .../icons/arrow-up-left/placeholders.scss     |    2 +-
 .../icons/arrow-up-left/property-16.scss      |    2 +-
 .../icons/arrow-up-left/property-24.scss      |    2 +-
 .../icons/icons/arrow-up-right/index.scss     |    2 +-
 .../icons/icons/arrow-up-right/keyframes.scss |    2 +-
 .../icons/arrow-up-right/placeholders.scss    |    2 +-
 .../icons/arrow-up-right/property-16.scss     |    2 +-
 .../icons/arrow-up-right/property-24.scss     |    2 +-
 .../base/icons/icons/arrow-up/index.scss      |    2 +-
 .../base/icons/icons/arrow-up/keyframes.scss  |    2 +-
 .../icons/icons/arrow-up/placeholders.scss    |    2 +-
 .../icons/icons/arrow-up/property-16.scss     |    2 +-
 .../icons/icons/arrow-up/property-24.scss     |    2 +-
 .../base/icons/icons/at-sign/index.scss       |    2 +-
 .../base/icons/icons/at-sign/keyframes.scss   |    2 +-
 .../icons/icons/at-sign/placeholders.scss     |    2 +-
 .../base/icons/icons/at-sign/property-16.scss |    2 +-
 .../base/icons/icons/at-sign/property-24.scss |    2 +-
 .../base/icons/icons/auth0-color/index.scss   |    2 +-
 .../icons/icons/auth0-color/keyframes.scss    |    2 +-
 .../icons/icons/auth0-color/placeholders.scss |    2 +-
 .../icons/icons/auth0-color/property-16.scss  |    2 +-
 .../icons/icons/auth0-color/property-24.scss  |    2 +-
 .../styles/base/icons/icons/auth0/index.scss  |    2 +-
 .../base/icons/icons/auth0/keyframes.scss     |    2 +-
 .../base/icons/icons/auth0/placeholders.scss  |    2 +-
 .../base/icons/icons/auth0/property-16.scss   |    2 +-
 .../base/icons/icons/auth0/property-24.scss   |    2 +-
 .../base/icons/icons/auto-apply/index.scss    |    2 +-
 .../icons/icons/auto-apply/keyframes.scss     |    2 +-
 .../icons/icons/auto-apply/placeholders.scss  |    2 +-
 .../icons/icons/auto-apply/property-16.scss   |    2 +-
 .../icons/icons/auto-apply/property-24.scss   |    2 +-
 .../styles/base/icons/icons/award/index.scss  |    2 +-
 .../base/icons/icons/award/keyframes.scss     |    2 +-
 .../base/icons/icons/award/placeholders.scss  |    2 +-
 .../base/icons/icons/award/property-16.scss   |    2 +-
 .../base/icons/icons/award/property-24.scss   |    2 +-
 .../base/icons/icons/azure-color/index.scss   |    2 +-
 .../icons/icons/azure-color/keyframes.scss    |    2 +-
 .../icons/icons/azure-color/placeholders.scss |    2 +-
 .../icons/icons/azure-color/property-16.scss  |    2 +-
 .../icons/icons/azure-color/property-24.scss  |    2 +-
 .../icons/icons/azure-devops-color/index.scss |    2 +-
 .../icons/azure-devops-color/keyframes.scss   |    2 +-
 .../azure-devops-color/placeholders.scss      |    2 +-
 .../icons/azure-devops-color/property-16.scss |    2 +-
 .../icons/azure-devops-color/property-24.scss |    2 +-
 .../base/icons/icons/azure-devops/index.scss  |    2 +-
 .../icons/icons/azure-devops/keyframes.scss   |    2 +-
 .../icons/azure-devops/placeholders.scss      |    2 +-
 .../icons/icons/azure-devops/property-16.scss |    2 +-
 .../icons/icons/azure-devops/property-24.scss |    2 +-
 .../styles/base/icons/icons/azure/index.scss  |    2 +-
 .../base/icons/icons/azure/keyframes.scss     |    2 +-
 .../base/icons/icons/azure/placeholders.scss  |    2 +-
 .../base/icons/icons/azure/property-16.scss   |    2 +-
 .../base/icons/icons/azure/property-24.scss   |    2 +-
 .../base/icons/icons/bank-vault/index.scss    |    2 +-
 .../icons/icons/bank-vault/keyframes.scss     |    2 +-
 .../icons/icons/bank-vault/placeholders.scss  |    2 +-
 .../icons/icons/bank-vault/property-16.scss   |    2 +-
 .../icons/icons/bank-vault/property-24.scss   |    2 +-
 .../base/icons/icons/bar-chart-alt/index.scss |    2 +-
 .../icons/icons/bar-chart-alt/keyframes.scss  |    2 +-
 .../icons/bar-chart-alt/placeholders.scss     |    2 +-
 .../icons/bar-chart-alt/property-16.scss      |    2 +-
 .../icons/bar-chart-alt/property-24.scss      |    2 +-
 .../base/icons/icons/bar-chart/index.scss     |    2 +-
 .../base/icons/icons/bar-chart/keyframes.scss |    2 +-
 .../icons/icons/bar-chart/placeholders.scss   |    2 +-
 .../icons/icons/bar-chart/property-16.scss    |    2 +-
 .../icons/icons/bar-chart/property-24.scss    |    2 +-
 .../icons/icons/battery-charging/index.scss   |    2 +-
 .../icons/battery-charging/keyframes.scss     |    2 +-
 .../icons/battery-charging/placeholders.scss  |    2 +-
 .../icons/battery-charging/property-16.scss   |    2 +-
 .../icons/battery-charging/property-24.scss   |    2 +-
 .../base/icons/icons/battery/index.scss       |    2 +-
 .../base/icons/icons/battery/keyframes.scss   |    2 +-
 .../icons/icons/battery/placeholders.scss     |    2 +-
 .../base/icons/icons/battery/property-16.scss |    2 +-
 .../base/icons/icons/battery/property-24.scss |    2 +-
 .../styles/base/icons/icons/beaker/index.scss |    2 +-
 .../base/icons/icons/beaker/keyframes.scss    |    2 +-
 .../base/icons/icons/beaker/placeholders.scss |    2 +-
 .../base/icons/icons/beaker/property-16.scss  |    2 +-
 .../base/icons/icons/beaker/property-24.scss  |    2 +-
 .../icons/icons/bell-active-fill/index.scss   |    2 +-
 .../icons/bell-active-fill/keyframes.scss     |    2 +-
 .../icons/bell-active-fill/placeholders.scss  |    2 +-
 .../icons/bell-active-fill/property-16.scss   |    2 +-
 .../icons/bell-active-fill/property-24.scss   |    2 +-
 .../base/icons/icons/bell-active/index.scss   |    2 +-
 .../icons/icons/bell-active/keyframes.scss    |    2 +-
 .../icons/icons/bell-active/placeholders.scss |    2 +-
 .../icons/icons/bell-active/property-16.scss  |    2 +-
 .../icons/icons/bell-active/property-24.scss  |    2 +-
 .../base/icons/icons/bell-off/index.scss      |    2 +-
 .../base/icons/icons/bell-off/keyframes.scss  |    2 +-
 .../icons/icons/bell-off/placeholders.scss    |    2 +-
 .../icons/icons/bell-off/property-16.scss     |    2 +-
 .../icons/icons/bell-off/property-24.scss     |    2 +-
 .../styles/base/icons/icons/bell/index.scss   |    2 +-
 .../base/icons/icons/bell/keyframes.scss      |    2 +-
 .../base/icons/icons/bell/placeholders.scss   |    2 +-
 .../base/icons/icons/bell/property-16.scss    |    2 +-
 .../base/icons/icons/bell/property-24.scss    |    2 +-
 .../icons/icons/bitbucket-color/index.scss    |    2 +-
 .../icons/bitbucket-color/keyframes.scss      |    2 +-
 .../icons/bitbucket-color/placeholders.scss   |    2 +-
 .../icons/bitbucket-color/property-16.scss    |    2 +-
 .../icons/bitbucket-color/property-24.scss    |    2 +-
 .../base/icons/icons/bitbucket/index.scss     |    2 +-
 .../base/icons/icons/bitbucket/keyframes.scss |    2 +-
 .../icons/icons/bitbucket/placeholders.scss   |    2 +-
 .../icons/icons/bitbucket/property-16.scss    |    2 +-
 .../icons/icons/bitbucket/property-24.scss    |    2 +-
 .../styles/base/icons/icons/bolt/index.scss   |    2 +-
 .../base/icons/icons/bolt/keyframes.scss      |    2 +-
 .../base/icons/icons/bolt/placeholders.scss   |    2 +-
 .../icons/icons/bookmark-add-fill/index.scss  |    2 +-
 .../icons/bookmark-add-fill/keyframes.scss    |    2 +-
 .../icons/bookmark-add-fill/placeholders.scss |    2 +-
 .../icons/bookmark-add-fill/property-16.scss  |    2 +-
 .../icons/bookmark-add-fill/property-24.scss  |    2 +-
 .../base/icons/icons/bookmark-add/index.scss  |    2 +-
 .../icons/icons/bookmark-add/keyframes.scss   |    2 +-
 .../icons/bookmark-add/placeholders.scss      |    2 +-
 .../icons/icons/bookmark-add/property-16.scss |    2 +-
 .../icons/icons/bookmark-add/property-24.scss |    2 +-
 .../base/icons/icons/bookmark-fill/index.scss |    2 +-
 .../icons/icons/bookmark-fill/keyframes.scss  |    2 +-
 .../icons/bookmark-fill/placeholders.scss     |    2 +-
 .../icons/bookmark-fill/property-16.scss      |    2 +-
 .../icons/bookmark-fill/property-24.scss      |    2 +-
 .../icons/bookmark-remove-fill/index.scss     |    2 +-
 .../icons/bookmark-remove-fill/keyframes.scss |    2 +-
 .../bookmark-remove-fill/placeholders.scss    |    2 +-
 .../bookmark-remove-fill/property-16.scss     |    2 +-
 .../bookmark-remove-fill/property-24.scss     |    2 +-
 .../icons/icons/bookmark-remove/index.scss    |    2 +-
 .../icons/bookmark-remove/keyframes.scss      |    2 +-
 .../icons/bookmark-remove/placeholders.scss   |    2 +-
 .../icons/bookmark-remove/property-16.scss    |    2 +-
 .../icons/bookmark-remove/property-24.scss    |    2 +-
 .../base/icons/icons/bookmark/index.scss      |    2 +-
 .../base/icons/icons/bookmark/keyframes.scss  |    2 +-
 .../icons/icons/bookmark/placeholders.scss    |    2 +-
 .../icons/icons/bookmark/property-16.scss     |    2 +-
 .../icons/icons/bookmark/property-24.scss     |    2 +-
 .../styles/base/icons/icons/bottom/index.scss |    2 +-
 .../base/icons/icons/bottom/keyframes.scss    |    2 +-
 .../base/icons/icons/bottom/placeholders.scss |    2 +-
 .../base/icons/icons/bottom/property-16.scss  |    2 +-
 .../base/icons/icons/bottom/property-24.scss  |    2 +-
 .../icons/icons/boundary-color/index.scss     |    2 +-
 .../icons/icons/boundary-color/keyframes.scss |    2 +-
 .../icons/boundary-color/placeholders.scss    |    2 +-
 .../icons/boundary-color/property-16.scss     |    2 +-
 .../icons/boundary-color/property-24.scss     |    2 +-
 .../base/icons/icons/boundary/index.scss      |    2 +-
 .../base/icons/icons/boundary/keyframes.scss  |    2 +-
 .../icons/icons/boundary/placeholders.scss    |    2 +-
 .../icons/icons/boundary/property-16.scss     |    2 +-
 .../icons/icons/boundary/property-24.scss     |    2 +-
 .../icons/icons/box-check-fill/index.scss     |    2 +-
 .../icons/icons/box-check-fill/keyframes.scss |    2 +-
 .../icons/box-check-fill/placeholders.scss    |    2 +-
 .../base/icons/icons/box-outline/index.scss   |    2 +-
 .../icons/icons/box-outline/keyframes.scss    |    2 +-
 .../icons/icons/box-outline/placeholders.scss |    2 +-
 .../styles/base/icons/icons/box/index.scss    |    2 +-
 .../base/icons/icons/box/keyframes.scss       |    2 +-
 .../base/icons/icons/box/placeholders.scss    |    2 +-
 .../base/icons/icons/box/property-16.scss     |    2 +-
 .../base/icons/icons/box/property-24.scss     |    2 +-
 .../base/icons/icons/briefcase/index.scss     |    2 +-
 .../base/icons/icons/briefcase/keyframes.scss |    2 +-
 .../icons/icons/briefcase/placeholders.scss   |    2 +-
 .../icons/icons/briefcase/property-16.scss    |    2 +-
 .../icons/icons/briefcase/property-24.scss    |    2 +-
 .../base/icons/icons/broadcast/index.scss     |    2 +-
 .../base/icons/icons/broadcast/keyframes.scss |    2 +-
 .../icons/icons/broadcast/placeholders.scss   |    2 +-
 .../styles/base/icons/icons/bug/index.scss    |    2 +-
 .../base/icons/icons/bug/keyframes.scss       |    2 +-
 .../base/icons/icons/bug/placeholders.scss    |    2 +-
 .../base/icons/icons/bug/property-16.scss     |    2 +-
 .../base/icons/icons/bug/property-24.scss     |    2 +-
 .../styles/base/icons/icons/build/index.scss  |    2 +-
 .../base/icons/icons/build/keyframes.scss     |    2 +-
 .../base/icons/icons/build/placeholders.scss  |    2 +-
 .../base/icons/icons/build/property-16.scss   |    2 +-
 .../base/icons/icons/build/property-24.scss   |    2 +-
 .../styles/base/icons/icons/bulb/index.scss   |    2 +-
 .../base/icons/icons/bulb/keyframes.scss      |    2 +-
 .../base/icons/icons/bulb/placeholders.scss   |    2 +-
 .../base/icons/icons/bulb/property-16.scss    |    2 +-
 .../base/icons/icons/bulb/property-24.scss    |    2 +-
 .../base/icons/icons/calendar/index.scss      |    2 +-
 .../base/icons/icons/calendar/keyframes.scss  |    2 +-
 .../icons/icons/calendar/placeholders.scss    |    2 +-
 .../icons/icons/calendar/property-16.scss     |    2 +-
 .../icons/icons/calendar/property-24.scss     |    2 +-
 .../base/icons/icons/camera-off/index.scss    |    2 +-
 .../icons/icons/camera-off/keyframes.scss     |    2 +-
 .../icons/icons/camera-off/placeholders.scss  |    2 +-
 .../icons/icons/camera-off/property-16.scss   |    2 +-
 .../icons/icons/camera-off/property-24.scss   |    2 +-
 .../styles/base/icons/icons/camera/index.scss |    2 +-
 .../base/icons/icons/camera/keyframes.scss    |    2 +-
 .../base/icons/icons/camera/placeholders.scss |    2 +-
 .../base/icons/icons/camera/property-16.scss  |    2 +-
 .../base/icons/icons/camera/property-24.scss  |    2 +-
 .../icons/icons/cancel-circle-fill/index.scss |    2 +-
 .../icons/cancel-circle-fill/keyframes.scss   |    2 +-
 .../cancel-circle-fill/placeholders.scss      |    2 +-
 .../icons/cancel-circle-outline/index.scss    |    2 +-
 .../cancel-circle-outline/keyframes.scss      |    2 +-
 .../cancel-circle-outline/placeholders.scss   |    2 +-
 .../base/icons/icons/cancel-plain/index.scss  |    2 +-
 .../icons/icons/cancel-plain/keyframes.scss   |    2 +-
 .../icons/cancel-plain/placeholders.scss      |    2 +-
 .../icons/icons/cancel-square-fill/index.scss |    2 +-
 .../icons/cancel-square-fill/keyframes.scss   |    2 +-
 .../cancel-square-fill/placeholders.scss      |    2 +-
 .../icons/cancel-square-outline/index.scss    |    2 +-
 .../cancel-square-outline/keyframes.scss      |    2 +-
 .../cancel-square-outline/placeholders.scss   |    2 +-
 .../base/icons/icons/caret-down/index.scss    |    2 +-
 .../icons/icons/caret-down/keyframes.scss     |    2 +-
 .../icons/icons/caret-down/placeholders.scss  |    2 +-
 .../base/icons/icons/caret-up/index.scss      |    2 +-
 .../base/icons/icons/caret-up/keyframes.scss  |    2 +-
 .../icons/icons/caret-up/placeholders.scss    |    2 +-
 .../styles/base/icons/icons/caret/index.scss  |    2 +-
 .../base/icons/icons/caret/keyframes.scss     |    2 +-
 .../base/icons/icons/caret/placeholders.scss  |    2 +-
 .../base/icons/icons/caret/property-16.scss   |    2 +-
 .../base/icons/icons/caret/property-24.scss   |    2 +-
 .../styles/base/icons/icons/cast/index.scss   |    2 +-
 .../base/icons/icons/cast/keyframes.scss      |    2 +-
 .../base/icons/icons/cast/placeholders.scss   |    2 +-
 .../base/icons/icons/cast/property-16.scss    |    2 +-
 .../base/icons/icons/cast/property-24.scss    |    2 +-
 .../base/icons/icons/certificate/index.scss   |    2 +-
 .../icons/icons/certificate/keyframes.scss    |    2 +-
 .../icons/icons/certificate/placeholders.scss |    2 +-
 .../icons/icons/certificate/property-16.scss  |    2 +-
 .../icons/icons/certificate/property-24.scss  |    2 +-
 .../base/icons/icons/change-circle/index.scss |    2 +-
 .../icons/icons/change-circle/keyframes.scss  |    2 +-
 .../icons/change-circle/placeholders.scss     |    2 +-
 .../icons/change-circle/property-16.scss      |    2 +-
 .../icons/change-circle/property-24.scss      |    2 +-
 .../base/icons/icons/change-square/index.scss |    2 +-
 .../icons/icons/change-square/keyframes.scss  |    2 +-
 .../icons/change-square/placeholders.scss     |    2 +-
 .../icons/change-square/property-16.scss      |    2 +-
 .../icons/change-square/property-24.scss      |    2 +-
 .../styles/base/icons/icons/change/index.scss |    2 +-
 .../base/icons/icons/change/keyframes.scss    |    2 +-
 .../base/icons/icons/change/placeholders.scss |    2 +-
 .../base/icons/icons/change/property-16.scss  |    2 +-
 .../base/icons/icons/change/property-24.scss  |    2 +-
 .../icons/icons/check-circle-fill/index.scss  |    2 +-
 .../icons/check-circle-fill/keyframes.scss    |    2 +-
 .../icons/check-circle-fill/placeholders.scss |    2 +-
 .../icons/check-circle-fill/property-16.scss  |    2 +-
 .../icons/check-circle-fill/property-24.scss  |    2 +-
 .../icons/check-circle-outline/index.scss     |    2 +-
 .../icons/check-circle-outline/keyframes.scss |    2 +-
 .../check-circle-outline/placeholders.scss    |    2 +-
 .../base/icons/icons/check-circle/index.scss  |    2 +-
 .../icons/icons/check-circle/keyframes.scss   |    2 +-
 .../icons/check-circle/placeholders.scss      |    2 +-
 .../icons/icons/check-circle/property-16.scss |    2 +-
 .../icons/icons/check-circle/property-24.scss |    2 +-
 .../icons/icons/check-diamond-fill/index.scss |    2 +-
 .../icons/check-diamond-fill/keyframes.scss   |    2 +-
 .../check-diamond-fill/placeholders.scss      |    2 +-
 .../icons/check-diamond-fill/property-16.scss |    2 +-
 .../icons/check-diamond-fill/property-24.scss |    2 +-
 .../base/icons/icons/check-diamond/index.scss |    2 +-
 .../icons/icons/check-diamond/keyframes.scss  |    2 +-
 .../icons/check-diamond/placeholders.scss     |    2 +-
 .../icons/check-diamond/property-16.scss      |    2 +-
 .../icons/check-diamond/property-24.scss      |    2 +-
 .../icons/icons/check-hexagon-fill/index.scss |    2 +-
 .../icons/check-hexagon-fill/keyframes.scss   |    2 +-
 .../check-hexagon-fill/placeholders.scss      |    2 +-
 .../icons/check-hexagon-fill/property-16.scss |    2 +-
 .../icons/check-hexagon-fill/property-24.scss |    2 +-
 .../base/icons/icons/check-hexagon/index.scss |    2 +-
 .../icons/icons/check-hexagon/keyframes.scss  |    2 +-
 .../icons/check-hexagon/placeholders.scss     |    2 +-
 .../icons/check-hexagon/property-16.scss      |    2 +-
 .../icons/check-hexagon/property-24.scss      |    2 +-
 .../base/icons/icons/check-plain/index.scss   |    2 +-
 .../icons/icons/check-plain/keyframes.scss    |    2 +-
 .../icons/icons/check-plain/placeholders.scss |    2 +-
 .../icons/icons/check-square-fill/index.scss  |    2 +-
 .../icons/check-square-fill/keyframes.scss    |    2 +-
 .../icons/check-square-fill/placeholders.scss |    2 +-
 .../icons/check-square-fill/property-16.scss  |    2 +-
 .../icons/check-square-fill/property-24.scss  |    2 +-
 .../base/icons/icons/check-square/index.scss  |    2 +-
 .../icons/icons/check-square/keyframes.scss   |    2 +-
 .../icons/check-square/placeholders.scss      |    2 +-
 .../icons/icons/check-square/property-16.scss |    2 +-
 .../icons/icons/check-square/property-24.scss |    2 +-
 .../styles/base/icons/icons/check/index.scss  |    2 +-
 .../base/icons/icons/check/keyframes.scss     |    2 +-
 .../base/icons/icons/check/placeholders.scss  |    2 +-
 .../base/icons/icons/check/property-16.scss   |    2 +-
 .../base/icons/icons/check/property-24.scss   |    2 +-
 .../base/icons/icons/chevron-down/index.scss  |    2 +-
 .../icons/icons/chevron-down/keyframes.scss   |    2 +-
 .../icons/chevron-down/placeholders.scss      |    2 +-
 .../icons/icons/chevron-down/property-16.scss |    2 +-
 .../icons/icons/chevron-down/property-24.scss |    2 +-
 .../base/icons/icons/chevron-left/index.scss  |    2 +-
 .../icons/icons/chevron-left/keyframes.scss   |    2 +-
 .../icons/chevron-left/placeholders.scss      |    2 +-
 .../icons/icons/chevron-left/property-16.scss |    2 +-
 .../icons/icons/chevron-left/property-24.scss |    2 +-
 .../base/icons/icons/chevron-right/index.scss |    2 +-
 .../icons/icons/chevron-right/keyframes.scss  |    2 +-
 .../icons/chevron-right/placeholders.scss     |    2 +-
 .../icons/chevron-right/property-16.scss      |    2 +-
 .../icons/chevron-right/property-24.scss      |    2 +-
 .../base/icons/icons/chevron-up/index.scss    |    2 +-
 .../icons/icons/chevron-up/keyframes.scss     |    2 +-
 .../icons/icons/chevron-up/placeholders.scss  |    2 +-
 .../icons/icons/chevron-up/property-16.scss   |    2 +-
 .../icons/icons/chevron-up/property-24.scss   |    2 +-
 .../base/icons/icons/chevrons-down/index.scss |    2 +-
 .../icons/icons/chevrons-down/keyframes.scss  |    2 +-
 .../icons/chevrons-down/placeholders.scss     |    2 +-
 .../icons/chevrons-down/property-16.scss      |    2 +-
 .../icons/chevrons-down/property-24.scss      |    2 +-
 .../base/icons/icons/chevrons-left/index.scss |    2 +-
 .../icons/icons/chevrons-left/keyframes.scss  |    2 +-
 .../icons/chevrons-left/placeholders.scss     |    2 +-
 .../icons/chevrons-left/property-16.scss      |    2 +-
 .../icons/chevrons-left/property-24.scss      |    2 +-
 .../icons/icons/chevrons-right/index.scss     |    2 +-
 .../icons/icons/chevrons-right/keyframes.scss |    2 +-
 .../icons/chevrons-right/placeholders.scss    |    2 +-
 .../icons/chevrons-right/property-16.scss     |    2 +-
 .../icons/chevrons-right/property-24.scss     |    2 +-
 .../base/icons/icons/chevrons-up/index.scss   |    2 +-
 .../icons/icons/chevrons-up/keyframes.scss    |    2 +-
 .../icons/icons/chevrons-up/placeholders.scss |    2 +-
 .../icons/icons/chevrons-up/property-16.scss  |    2 +-
 .../icons/icons/chevrons-up/property-24.scss  |    2 +-
 .../base/icons/icons/circle-dot/index.scss    |    2 +-
 .../icons/icons/circle-dot/keyframes.scss     |    2 +-
 .../icons/icons/circle-dot/placeholders.scss  |    2 +-
 .../icons/icons/circle-dot/property-16.scss   |    2 +-
 .../icons/icons/circle-dot/property-24.scss   |    2 +-
 .../base/icons/icons/circle-fill/index.scss   |    2 +-
 .../icons/icons/circle-fill/keyframes.scss    |    2 +-
 .../icons/icons/circle-fill/placeholders.scss |    2 +-
 .../icons/icons/circle-fill/property-16.scss  |    2 +-
 .../icons/icons/circle-fill/property-24.scss  |    2 +-
 .../base/icons/icons/circle-half/index.scss   |    2 +-
 .../icons/icons/circle-half/keyframes.scss    |    2 +-
 .../icons/icons/circle-half/placeholders.scss |    2 +-
 .../icons/icons/circle-half/property-16.scss  |    2 +-
 .../icons/icons/circle-half/property-24.scss  |    2 +-
 .../styles/base/icons/icons/circle/index.scss |    2 +-
 .../base/icons/icons/circle/keyframes.scss    |    2 +-
 .../base/icons/icons/circle/placeholders.scss |    2 +-
 .../base/icons/icons/circle/property-16.scss  |    2 +-
 .../base/icons/icons/circle/property-24.scss  |    2 +-
 .../icons/icons/clipboard-checked/index.scss  |    2 +-
 .../icons/clipboard-checked/keyframes.scss    |    2 +-
 .../icons/clipboard-checked/placeholders.scss |    2 +-
 .../icons/clipboard-checked/property-16.scss  |    2 +-
 .../icons/clipboard-checked/property-24.scss  |    2 +-
 .../icons/icons/clipboard-copy/index.scss     |    2 +-
 .../icons/icons/clipboard-copy/keyframes.scss |    2 +-
 .../icons/clipboard-copy/placeholders.scss    |    2 +-
 .../icons/clipboard-copy/property-16.scss     |    2 +-
 .../icons/clipboard-copy/property-24.scss     |    2 +-
 .../base/icons/icons/clipboard/index.scss     |    2 +-
 .../base/icons/icons/clipboard/keyframes.scss |    2 +-
 .../icons/icons/clipboard/placeholders.scss   |    2 +-
 .../icons/icons/clipboard/property-16.scss    |    2 +-
 .../icons/icons/clipboard/property-24.scss    |    2 +-
 .../base/icons/icons/clock-fill/index.scss    |    2 +-
 .../icons/icons/clock-fill/keyframes.scss     |    2 +-
 .../icons/icons/clock-fill/placeholders.scss  |    2 +-
 .../base/icons/icons/clock-outline/index.scss |    2 +-
 .../icons/icons/clock-outline/keyframes.scss  |    2 +-
 .../icons/clock-outline/placeholders.scss     |    2 +-
 .../styles/base/icons/icons/clock/index.scss  |    2 +-
 .../base/icons/icons/clock/keyframes.scss     |    2 +-
 .../base/icons/icons/clock/placeholders.scss  |    2 +-
 .../base/icons/icons/clock/property-16.scss   |    2 +-
 .../base/icons/icons/clock/property-24.scss   |    2 +-
 .../base/icons/icons/cloud-check/index.scss   |    2 +-
 .../icons/icons/cloud-check/keyframes.scss    |    2 +-
 .../icons/icons/cloud-check/placeholders.scss |    2 +-
 .../icons/icons/cloud-check/property-16.scss  |    2 +-
 .../icons/icons/cloud-check/property-24.scss  |    2 +-
 .../base/icons/icons/cloud-cross/index.scss   |    2 +-
 .../icons/icons/cloud-cross/keyframes.scss    |    2 +-
 .../icons/icons/cloud-cross/placeholders.scss |    2 +-
 .../icons/icons/cloud-cross/property-16.scss  |    2 +-
 .../icons/icons/cloud-cross/property-24.scss  |    2 +-
 .../icons/icons/cloud-download/index.scss     |    2 +-
 .../icons/icons/cloud-download/keyframes.scss |    2 +-
 .../icons/cloud-download/placeholders.scss    |    2 +-
 .../icons/cloud-download/property-16.scss     |    2 +-
 .../icons/cloud-download/property-24.scss     |    2 +-
 .../icons/icons/cloud-lightning/index.scss    |    2 +-
 .../icons/cloud-lightning/keyframes.scss      |    2 +-
 .../icons/cloud-lightning/placeholders.scss   |    2 +-
 .../icons/cloud-lightning/property-16.scss    |    2 +-
 .../icons/cloud-lightning/property-24.scss    |    2 +-
 .../base/icons/icons/cloud-lock/index.scss    |    2 +-
 .../icons/icons/cloud-lock/keyframes.scss     |    2 +-
 .../icons/icons/cloud-lock/placeholders.scss  |    2 +-
 .../icons/icons/cloud-lock/property-16.scss   |    2 +-
 .../icons/icons/cloud-lock/property-24.scss   |    2 +-
 .../base/icons/icons/cloud-off/index.scss     |    2 +-
 .../base/icons/icons/cloud-off/keyframes.scss |    2 +-
 .../icons/icons/cloud-off/placeholders.scss   |    2 +-
 .../icons/icons/cloud-off/property-16.scss    |    2 +-
 .../icons/icons/cloud-off/property-24.scss    |    2 +-
 .../base/icons/icons/cloud-upload/index.scss  |    2 +-
 .../icons/icons/cloud-upload/keyframes.scss   |    2 +-
 .../icons/cloud-upload/placeholders.scss      |    2 +-
 .../icons/icons/cloud-upload/property-16.scss |    2 +-
 .../icons/icons/cloud-upload/property-24.scss |    2 +-
 .../base/icons/icons/cloud-x/index.scss       |    2 +-
 .../base/icons/icons/cloud-x/keyframes.scss   |    2 +-
 .../icons/icons/cloud-x/placeholders.scss     |    2 +-
 .../base/icons/icons/cloud-x/property-16.scss |    2 +-
 .../base/icons/icons/cloud-x/property-24.scss |    2 +-
 .../styles/base/icons/icons/cloud/index.scss  |    2 +-
 .../base/icons/icons/cloud/keyframes.scss     |    2 +-
 .../base/icons/icons/cloud/placeholders.scss  |    2 +-
 .../base/icons/icons/cloud/property-16.scss   |    2 +-
 .../base/icons/icons/cloud/property-24.scss   |    2 +-
 .../styles/base/icons/icons/code/index.scss   |    2 +-
 .../base/icons/icons/code/keyframes.scss      |    2 +-
 .../base/icons/icons/code/placeholders.scss   |    2 +-
 .../base/icons/icons/code/property-16.scss    |    2 +-
 .../base/icons/icons/code/property-24.scss    |    2 +-
 .../base/icons/icons/codepen-color/index.scss |    2 +-
 .../icons/icons/codepen-color/keyframes.scss  |    2 +-
 .../icons/codepen-color/placeholders.scss     |    2 +-
 .../icons/codepen-color/property-16.scss      |    2 +-
 .../icons/codepen-color/property-24.scss      |    2 +-
 .../base/icons/icons/codepen/index.scss       |    2 +-
 .../base/icons/icons/codepen/keyframes.scss   |    2 +-
 .../icons/icons/codepen/placeholders.scss     |    2 +-
 .../base/icons/icons/codepen/property-16.scss |    2 +-
 .../base/icons/icons/codepen/property-24.scss |    2 +-
 .../base/icons/icons/collections/index.scss   |    2 +-
 .../icons/icons/collections/keyframes.scss    |    2 +-
 .../icons/icons/collections/placeholders.scss |    2 +-
 .../icons/icons/collections/property-16.scss  |    2 +-
 .../icons/icons/collections/property-24.scss  |    2 +-
 .../base/icons/icons/command/index.scss       |    2 +-
 .../base/icons/icons/command/keyframes.scss   |    2 +-
 .../icons/icons/command/placeholders.scss     |    2 +-
 .../base/icons/icons/command/property-16.scss |    2 +-
 .../base/icons/icons/command/property-24.scss |    2 +-
 .../base/icons/icons/compass/index.scss       |    2 +-
 .../base/icons/icons/compass/keyframes.scss   |    2 +-
 .../icons/icons/compass/placeholders.scss     |    2 +-
 .../base/icons/icons/compass/property-16.scss |    2 +-
 .../base/icons/icons/compass/property-24.scss |    2 +-
 .../icons/icons/connection-gateway/index.scss |    2 +-
 .../icons/connection-gateway/keyframes.scss   |    2 +-
 .../connection-gateway/placeholders.scss      |    2 +-
 .../icons/connection-gateway/property-16.scss |    2 +-
 .../icons/connection-gateway/property-24.scss |    2 +-
 .../base/icons/icons/connection/index.scss    |    2 +-
 .../icons/icons/connection/keyframes.scss     |    2 +-
 .../icons/icons/connection/placeholders.scss  |    2 +-
 .../icons/icons/connection/property-16.scss   |    2 +-
 .../icons/icons/connection/property-24.scss   |    2 +-
 .../base/icons/icons/console/index.scss       |    2 +-
 .../base/icons/icons/console/keyframes.scss   |    2 +-
 .../icons/icons/console/placeholders.scss     |    2 +-
 .../base/icons/icons/copy-action/index.scss   |    2 +-
 .../icons/icons/copy-action/keyframes.scss    |    2 +-
 .../icons/icons/copy-action/placeholders.scss |    2 +-
 .../base/icons/icons/copy-success/index.scss  |    2 +-
 .../icons/icons/copy-success/keyframes.scss   |    2 +-
 .../icons/copy-success/placeholders.scss      |    2 +-
 .../icons/icons/corner-down-left/index.scss   |    2 +-
 .../icons/corner-down-left/keyframes.scss     |    2 +-
 .../icons/corner-down-left/placeholders.scss  |    2 +-
 .../icons/corner-down-left/property-16.scss   |    2 +-
 .../icons/corner-down-left/property-24.scss   |    2 +-
 .../icons/icons/corner-down-right/index.scss  |    2 +-
 .../icons/corner-down-right/keyframes.scss    |    2 +-
 .../icons/corner-down-right/placeholders.scss |    2 +-
 .../icons/corner-down-right/property-16.scss  |    2 +-
 .../icons/corner-down-right/property-24.scss  |    2 +-
 .../icons/icons/corner-left-down/index.scss   |    2 +-
 .../icons/corner-left-down/keyframes.scss     |    2 +-
 .../icons/corner-left-down/placeholders.scss  |    2 +-
 .../icons/corner-left-down/property-16.scss   |    2 +-
 .../icons/corner-left-down/property-24.scss   |    2 +-
 .../icons/icons/corner-left-up/index.scss     |    2 +-
 .../icons/icons/corner-left-up/keyframes.scss |    2 +-
 .../icons/corner-left-up/placeholders.scss    |    2 +-
 .../icons/corner-left-up/property-16.scss     |    2 +-
 .../icons/corner-left-up/property-24.scss     |    2 +-
 .../icons/icons/corner-right-down/index.scss  |    2 +-
 .../icons/corner-right-down/keyframes.scss    |    2 +-
 .../icons/corner-right-down/placeholders.scss |    2 +-
 .../icons/corner-right-down/property-16.scss  |    2 +-
 .../icons/corner-right-down/property-24.scss  |    2 +-
 .../icons/icons/corner-right-up/index.scss    |    2 +-
 .../icons/corner-right-up/keyframes.scss      |    2 +-
 .../icons/corner-right-up/placeholders.scss   |    2 +-
 .../icons/corner-right-up/property-16.scss    |    2 +-
 .../icons/corner-right-up/property-24.scss    |    2 +-
 .../icons/icons/corner-up-left/index.scss     |    2 +-
 .../icons/icons/corner-up-left/keyframes.scss |    2 +-
 .../icons/corner-up-left/placeholders.scss    |    2 +-
 .../icons/corner-up-left/property-16.scss     |    2 +-
 .../icons/corner-up-left/property-24.scss     |    2 +-
 .../icons/icons/corner-up-right/index.scss    |    2 +-
 .../icons/corner-up-right/keyframes.scss      |    2 +-
 .../icons/corner-up-right/placeholders.scss   |    2 +-
 .../icons/corner-up-right/property-16.scss    |    2 +-
 .../icons/corner-up-right/property-24.scss    |    2 +-
 .../styles/base/icons/icons/cpu/index.scss    |    2 +-
 .../base/icons/icons/cpu/keyframes.scss       |    2 +-
 .../base/icons/icons/cpu/placeholders.scss    |    2 +-
 .../base/icons/icons/cpu/property-16.scss     |    2 +-
 .../base/icons/icons/cpu/property-24.scss     |    2 +-
 .../base/icons/icons/credit-card/index.scss   |    2 +-
 .../icons/icons/credit-card/keyframes.scss    |    2 +-
 .../icons/icons/credit-card/placeholders.scss |    2 +-
 .../icons/icons/credit-card/property-16.scss  |    2 +-
 .../icons/icons/credit-card/property-24.scss  |    2 +-
 .../styles/base/icons/icons/crop/index.scss   |    2 +-
 .../base/icons/icons/crop/keyframes.scss      |    2 +-
 .../base/icons/icons/crop/placeholders.scss   |    2 +-
 .../base/icons/icons/crop/property-16.scss    |    2 +-
 .../base/icons/icons/crop/property-24.scss    |    2 +-
 .../base/icons/icons/crosshair/index.scss     |    2 +-
 .../base/icons/icons/crosshair/keyframes.scss |    2 +-
 .../icons/icons/crosshair/placeholders.scss   |    2 +-
 .../icons/icons/crosshair/property-16.scss    |    2 +-
 .../icons/icons/crosshair/property-24.scss    |    2 +-
 .../base/icons/icons/dashboard/index.scss     |    2 +-
 .../base/icons/icons/dashboard/keyframes.scss |    2 +-
 .../icons/icons/dashboard/placeholders.scss   |    2 +-
 .../icons/icons/dashboard/property-16.scss    |    2 +-
 .../icons/icons/dashboard/property-24.scss    |    2 +-
 .../base/icons/icons/database/index.scss      |    2 +-
 .../base/icons/icons/database/keyframes.scss  |    2 +-
 .../icons/icons/database/placeholders.scss    |    2 +-
 .../icons/icons/database/property-16.scss     |    2 +-
 .../icons/icons/database/property-24.scss     |    2 +-
 .../styles/base/icons/icons/delay/index.scss  |    2 +-
 .../base/icons/icons/delay/keyframes.scss     |    2 +-
 .../base/icons/icons/delay/placeholders.scss  |    2 +-
 .../base/icons/icons/delay/property-16.scss   |    2 +-
 .../base/icons/icons/delay/property-24.scss   |    2 +-
 .../styles/base/icons/icons/delete/index.scss |    2 +-
 .../base/icons/icons/delete/keyframes.scss    |    2 +-
 .../base/icons/icons/delete/placeholders.scss |    2 +-
 .../base/icons/icons/delete/property-16.scss  |    2 +-
 .../base/icons/icons/delete/property-24.scss  |    2 +-
 .../base/icons/icons/deny-alt/index.scss      |    2 +-
 .../base/icons/icons/deny-alt/keyframes.scss  |    2 +-
 .../icons/icons/deny-alt/placeholders.scss    |    2 +-
 .../base/icons/icons/deny-color/index.scss    |    2 +-
 .../icons/icons/deny-color/keyframes.scss     |    2 +-
 .../icons/icons/deny-color/placeholders.scss  |    2 +-
 .../icons/icons/deny-color/property-16.scss   |    2 +-
 .../icons/icons/deny-color/property-24.scss   |    2 +-
 .../base/icons/icons/deny-default/index.scss  |    2 +-
 .../icons/icons/deny-default/keyframes.scss   |    2 +-
 .../icons/deny-default/placeholders.scss      |    2 +-
 .../base/icons/icons/diamond-fill/index.scss  |    2 +-
 .../icons/icons/diamond-fill/keyframes.scss   |    2 +-
 .../icons/diamond-fill/placeholders.scss      |    2 +-
 .../icons/icons/diamond-fill/property-16.scss |    2 +-
 .../icons/icons/diamond-fill/property-24.scss |    2 +-
 .../base/icons/icons/diamond/index.scss       |    2 +-
 .../base/icons/icons/diamond/keyframes.scss   |    2 +-
 .../icons/icons/diamond/placeholders.scss     |    2 +-
 .../base/icons/icons/diamond/property-16.scss |    2 +-
 .../base/icons/icons/diamond/property-24.scss |    2 +-
 .../base/icons/icons/disabled/index.scss      |    2 +-
 .../base/icons/icons/disabled/keyframes.scss  |    2 +-
 .../icons/icons/disabled/placeholders.scss    |    2 +-
 .../styles/base/icons/icons/disc/index.scss   |    2 +-
 .../base/icons/icons/disc/keyframes.scss      |    2 +-
 .../base/icons/icons/disc/placeholders.scss   |    2 +-
 .../base/icons/icons/disc/property-16.scss    |    2 +-
 .../base/icons/icons/disc/property-24.scss    |    2 +-
 .../icons/icons/discussion-circle/index.scss  |    2 +-
 .../icons/discussion-circle/keyframes.scss    |    2 +-
 .../icons/discussion-circle/placeholders.scss |    2 +-
 .../icons/discussion-circle/property-16.scss  |    2 +-
 .../icons/discussion-circle/property-24.scss  |    2 +-
 .../icons/icons/discussion-square/index.scss  |    2 +-
 .../icons/discussion-square/keyframes.scss    |    2 +-
 .../icons/discussion-square/placeholders.scss |    2 +-
 .../icons/discussion-square/property-16.scss  |    2 +-
 .../icons/discussion-square/property-24.scss  |    2 +-
 .../base/icons/icons/docker-color/index.scss  |    2 +-
 .../icons/icons/docker-color/keyframes.scss   |    2 +-
 .../icons/docker-color/placeholders.scss      |    2 +-
 .../icons/icons/docker-color/property-16.scss |    2 +-
 .../icons/icons/docker-color/property-24.scss |    2 +-
 .../styles/base/icons/icons/docker/index.scss |    2 +-
 .../base/icons/icons/docker/keyframes.scss    |    2 +-
 .../base/icons/icons/docker/placeholders.scss |    2 +-
 .../base/icons/icons/docker/property-16.scss  |    2 +-
 .../base/icons/icons/docker/property-24.scss  |    2 +-
 .../base/icons/icons/docs-download/index.scss |    2 +-
 .../icons/icons/docs-download/keyframes.scss  |    2 +-
 .../icons/docs-download/placeholders.scss     |    2 +-
 .../icons/docs-download/property-16.scss      |    2 +-
 .../icons/docs-download/property-24.scss      |    2 +-
 .../base/icons/icons/docs-link/index.scss     |    2 +-
 .../base/icons/icons/docs-link/keyframes.scss |    2 +-
 .../icons/icons/docs-link/placeholders.scss   |    2 +-
 .../icons/icons/docs-link/property-16.scss    |    2 +-
 .../icons/icons/docs-link/property-24.scss    |    2 +-
 .../styles/base/icons/icons/docs/index.scss   |    2 +-
 .../base/icons/icons/docs/keyframes.scss      |    2 +-
 .../base/icons/icons/docs/placeholders.scss   |    2 +-
 .../base/icons/icons/docs/property-16.scss    |    2 +-
 .../base/icons/icons/docs/property-24.scss    |    2 +-
 .../base/icons/icons/dollar-sign/index.scss   |    2 +-
 .../icons/icons/dollar-sign/keyframes.scss    |    2 +-
 .../icons/icons/dollar-sign/placeholders.scss |    2 +-
 .../icons/icons/dollar-sign/property-16.scss  |    2 +-
 .../icons/icons/dollar-sign/property-24.scss  |    2 +-
 .../base/icons/icons/dot-half/index.scss      |    2 +-
 .../base/icons/icons/dot-half/keyframes.scss  |    2 +-
 .../icons/icons/dot-half/placeholders.scss    |    2 +-
 .../icons/icons/dot-half/property-16.scss     |    2 +-
 .../icons/icons/dot-half/property-24.scss     |    2 +-
 .../styles/base/icons/icons/dot/index.scss    |    2 +-
 .../base/icons/icons/dot/keyframes.scss       |    2 +-
 .../base/icons/icons/dot/placeholders.scss    |    2 +-
 .../base/icons/icons/dot/property-16.scss     |    2 +-
 .../base/icons/icons/dot/property-24.scss     |    2 +-
 .../base/icons/icons/download/index.scss      |    2 +-
 .../base/icons/icons/download/keyframes.scss  |    2 +-
 .../icons/icons/download/placeholders.scss    |    2 +-
 .../icons/icons/download/property-16.scss     |    2 +-
 .../icons/icons/download/property-24.scss     |    2 +-
 .../base/icons/icons/droplet/index.scss       |    2 +-
 .../base/icons/icons/droplet/keyframes.scss   |    2 +-
 .../icons/icons/droplet/placeholders.scss     |    2 +-
 .../base/icons/icons/droplet/property-16.scss |    2 +-
 .../base/icons/icons/droplet/property-24.scss |    2 +-
 .../base/icons/icons/duplicate/index.scss     |    2 +-
 .../base/icons/icons/duplicate/keyframes.scss |    2 +-
 .../icons/icons/duplicate/placeholders.scss   |    2 +-
 .../icons/icons/duplicate/property-16.scss    |    2 +-
 .../icons/icons/duplicate/property-24.scss    |    2 +-
 .../styles/base/icons/icons/edit/index.scss   |    2 +-
 .../base/icons/icons/edit/keyframes.scss      |    2 +-
 .../base/icons/icons/edit/placeholders.scss   |    2 +-
 .../base/icons/icons/edit/property-16.scss    |    2 +-
 .../base/icons/icons/edit/property-24.scss    |    2 +-
 .../base/icons/icons/enterprise/index.scss    |    2 +-
 .../icons/icons/enterprise/keyframes.scss     |    2 +-
 .../icons/icons/enterprise/placeholders.scss  |    2 +-
 .../icons/icons/enterprise/property-16.scss   |    2 +-
 .../icons/icons/enterprise/property-24.scss   |    2 +-
 .../base/icons/icons/entry-point/index.scss   |    2 +-
 .../icons/icons/entry-point/keyframes.scss    |    2 +-
 .../icons/icons/entry-point/placeholders.scss |    2 +-
 .../icons/icons/entry-point/property-16.scss  |    2 +-
 .../icons/icons/entry-point/property-24.scss  |    2 +-
 .../icons/envelope-sealed-fill/index.scss     |    2 +-
 .../icons/envelope-sealed-fill/keyframes.scss |    2 +-
 .../envelope-sealed-fill/placeholders.scss    |    2 +-
 .../icons/envelope-sealed-outline/index.scss  |    2 +-
 .../envelope-sealed-outline/keyframes.scss    |    2 +-
 .../envelope-sealed-outline/placeholders.scss |    2 +-
 .../envelope-unsealed--outline/index.scss     |    2 +-
 .../envelope-unsealed--outline/keyframes.scss |    2 +-
 .../placeholders.scss                         |    2 +-
 .../icons/envelope-unsealed-fill/index.scss   |    2 +-
 .../envelope-unsealed-fill/keyframes.scss     |    2 +-
 .../envelope-unsealed-fill/placeholders.scss  |    2 +-
 .../styles/base/icons/icons/event/index.scss  |    2 +-
 .../base/icons/icons/event/keyframes.scss     |    2 +-
 .../base/icons/icons/event/placeholders.scss  |    2 +-
 .../base/icons/icons/event/property-16.scss   |    2 +-
 .../base/icons/icons/event/property-24.scss   |    2 +-
 .../base/icons/icons/exit-point/index.scss    |    2 +-
 .../icons/icons/exit-point/keyframes.scss     |    2 +-
 .../icons/icons/exit-point/placeholders.scss  |    2 +-
 .../icons/icons/exit-point/property-16.scss   |    2 +-
 .../icons/icons/exit-point/property-24.scss   |    2 +-
 .../styles/base/icons/icons/exit/index.scss   |    2 +-
 .../base/icons/icons/exit/keyframes.scss      |    2 +-
 .../base/icons/icons/exit/placeholders.scss   |    2 +-
 .../base/icons/icons/expand-less/index.scss   |    2 +-
 .../icons/icons/expand-less/keyframes.scss    |    2 +-
 .../icons/icons/expand-less/placeholders.scss |    2 +-
 .../base/icons/icons/expand-more/index.scss   |    2 +-
 .../icons/icons/expand-more/keyframes.scss    |    2 +-
 .../icons/icons/expand-more/placeholders.scss |    2 +-
 .../base/icons/icons/external-link/index.scss |    2 +-
 .../icons/icons/external-link/keyframes.scss  |    2 +-
 .../icons/external-link/placeholders.scss     |    2 +-
 .../icons/external-link/property-16.scss      |    2 +-
 .../icons/external-link/property-24.scss      |    2 +-
 .../base/icons/icons/eye-off/index.scss       |    2 +-
 .../base/icons/icons/eye-off/keyframes.scss   |    2 +-
 .../icons/icons/eye-off/placeholders.scss     |    2 +-
 .../base/icons/icons/eye-off/property-16.scss |    2 +-
 .../base/icons/icons/eye-off/property-24.scss |    2 +-
 .../styles/base/icons/icons/eye/index.scss    |    2 +-
 .../base/icons/icons/eye/keyframes.scss       |    2 +-
 .../base/icons/icons/eye/placeholders.scss    |    2 +-
 .../base/icons/icons/eye/property-16.scss     |    2 +-
 .../base/icons/icons/eye/property-24.scss     |    2 +-
 .../base/icons/icons/f5-color/index.scss      |    2 +-
 .../base/icons/icons/f5-color/keyframes.scss  |    2 +-
 .../icons/icons/f5-color/placeholders.scss    |    2 +-
 .../icons/icons/f5-color/property-16.scss     |    2 +-
 .../icons/icons/f5-color/property-24.scss     |    2 +-
 .../app/styles/base/icons/icons/f5/index.scss |    2 +-
 .../styles/base/icons/icons/f5/keyframes.scss |    2 +-
 .../base/icons/icons/f5/placeholders.scss     |    2 +-
 .../base/icons/icons/f5/property-16.scss      |    2 +-
 .../base/icons/icons/f5/property-24.scss      |    2 +-
 .../icons/icons/facebook-color/index.scss     |    2 +-
 .../icons/icons/facebook-color/keyframes.scss |    2 +-
 .../icons/facebook-color/placeholders.scss    |    2 +-
 .../icons/facebook-color/property-16.scss     |    2 +-
 .../icons/facebook-color/property-24.scss     |    2 +-
 .../base/icons/icons/facebook/index.scss      |    2 +-
 .../base/icons/icons/facebook/keyframes.scss  |    2 +-
 .../icons/icons/facebook/placeholders.scss    |    2 +-
 .../icons/icons/facebook/property-16.scss     |    2 +-
 .../icons/icons/facebook/property-24.scss     |    2 +-
 .../base/icons/icons/fast-forward/index.scss  |    2 +-
 .../icons/icons/fast-forward/keyframes.scss   |    2 +-
 .../icons/fast-forward/placeholders.scss      |    2 +-
 .../icons/icons/fast-forward/property-16.scss |    2 +-
 .../icons/icons/fast-forward/property-24.scss |    2 +-
 .../base/icons/icons/file-change/index.scss   |    2 +-
 .../icons/icons/file-change/keyframes.scss    |    2 +-
 .../icons/icons/file-change/placeholders.scss |    2 +-
 .../icons/icons/file-change/property-16.scss  |    2 +-
 .../icons/icons/file-change/property-24.scss  |    2 +-
 .../base/icons/icons/file-check/index.scss    |    2 +-
 .../icons/icons/file-check/keyframes.scss     |    2 +-
 .../icons/icons/file-check/placeholders.scss  |    2 +-
 .../icons/icons/file-check/property-16.scss   |    2 +-
 .../icons/icons/file-check/property-24.scss   |    2 +-
 .../base/icons/icons/file-diff/index.scss     |    2 +-
 .../base/icons/icons/file-diff/keyframes.scss |    2 +-
 .../icons/icons/file-diff/placeholders.scss   |    2 +-
 .../icons/icons/file-diff/property-16.scss    |    2 +-
 .../icons/icons/file-diff/property-24.scss    |    2 +-
 .../base/icons/icons/file-fill/index.scss     |    2 +-
 .../base/icons/icons/file-fill/keyframes.scss |    2 +-
 .../icons/icons/file-fill/placeholders.scss   |    2 +-
 .../base/icons/icons/file-minus/index.scss    |    2 +-
 .../icons/icons/file-minus/keyframes.scss     |    2 +-
 .../icons/icons/file-minus/placeholders.scss  |    2 +-
 .../icons/icons/file-minus/property-16.scss   |    2 +-
 .../icons/icons/file-minus/property-24.scss   |    2 +-
 .../base/icons/icons/file-outline/index.scss  |    2 +-
 .../icons/icons/file-outline/keyframes.scss   |    2 +-
 .../icons/file-outline/placeholders.scss      |    2 +-
 .../base/icons/icons/file-plus/index.scss     |    2 +-
 .../base/icons/icons/file-plus/keyframes.scss |    2 +-
 .../icons/icons/file-plus/placeholders.scss   |    2 +-
 .../icons/icons/file-plus/property-16.scss    |    2 +-
 .../icons/icons/file-plus/property-24.scss    |    2 +-
 .../base/icons/icons/file-source/index.scss   |    2 +-
 .../icons/icons/file-source/keyframes.scss    |    2 +-
 .../icons/icons/file-source/placeholders.scss |    2 +-
 .../icons/icons/file-source/property-16.scss  |    2 +-
 .../icons/icons/file-source/property-24.scss  |    2 +-
 .../base/icons/icons/file-text/index.scss     |    2 +-
 .../base/icons/icons/file-text/keyframes.scss |    2 +-
 .../icons/icons/file-text/placeholders.scss   |    2 +-
 .../icons/icons/file-text/property-16.scss    |    2 +-
 .../icons/icons/file-text/property-24.scss    |    2 +-
 .../styles/base/icons/icons/file-x/index.scss |    2 +-
 .../base/icons/icons/file-x/keyframes.scss    |    2 +-
 .../base/icons/icons/file-x/placeholders.scss |    2 +-
 .../base/icons/icons/file-x/property-16.scss  |    2 +-
 .../base/icons/icons/file-x/property-24.scss  |    2 +-
 .../styles/base/icons/icons/file/index.scss   |    2 +-
 .../base/icons/icons/file/keyframes.scss      |    2 +-
 .../base/icons/icons/file/placeholders.scss   |    2 +-
 .../base/icons/icons/file/property-16.scss    |    2 +-
 .../base/icons/icons/file/property-24.scss    |    2 +-
 .../styles/base/icons/icons/files/index.scss  |    2 +-
 .../base/icons/icons/files/keyframes.scss     |    2 +-
 .../base/icons/icons/files/placeholders.scss  |    2 +-
 .../base/icons/icons/files/property-16.scss   |    2 +-
 .../base/icons/icons/files/property-24.scss   |    2 +-
 .../styles/base/icons/icons/film/index.scss   |    2 +-
 .../base/icons/icons/film/keyframes.scss      |    2 +-
 .../base/icons/icons/film/placeholders.scss   |    2 +-
 .../base/icons/icons/film/property-16.scss    |    2 +-
 .../base/icons/icons/film/property-24.scss    |    2 +-
 .../base/icons/icons/filter-circle/index.scss |    2 +-
 .../icons/icons/filter-circle/keyframes.scss  |    2 +-
 .../icons/filter-circle/placeholders.scss     |    2 +-
 .../icons/filter-circle/property-16.scss      |    2 +-
 .../icons/filter-circle/property-24.scss      |    2 +-
 .../base/icons/icons/filter-fill/index.scss   |    2 +-
 .../icons/icons/filter-fill/keyframes.scss    |    2 +-
 .../icons/icons/filter-fill/placeholders.scss |    2 +-
 .../icons/icons/filter-fill/property-16.scss  |    2 +-
 .../icons/icons/filter-fill/property-24.scss  |    2 +-
 .../styles/base/icons/icons/filter/index.scss |    2 +-
 .../base/icons/icons/filter/keyframes.scss    |    2 +-
 .../base/icons/icons/filter/placeholders.scss |    2 +-
 .../base/icons/icons/filter/property-16.scss  |    2 +-
 .../base/icons/icons/filter/property-24.scss  |    2 +-
 .../base/icons/icons/fingerprint/index.scss   |    2 +-
 .../icons/icons/fingerprint/keyframes.scss    |    2 +-
 .../icons/icons/fingerprint/placeholders.scss |    2 +-
 .../icons/icons/fingerprint/property-16.scss  |    2 +-
 .../icons/icons/fingerprint/property-24.scss  |    2 +-
 .../styles/base/icons/icons/flag/index.scss   |    2 +-
 .../base/icons/icons/flag/keyframes.scss      |    2 +-
 .../base/icons/icons/flag/placeholders.scss   |    2 +-
 .../base/icons/icons/flag/property-16.scss    |    2 +-
 .../base/icons/icons/flag/property-24.scss    |    2 +-
 .../base/icons/icons/folder-fill/index.scss   |    2 +-
 .../icons/icons/folder-fill/keyframes.scss    |    2 +-
 .../icons/icons/folder-fill/placeholders.scss |    2 +-
 .../icons/icons/folder-fill/property-16.scss  |    2 +-
 .../icons/icons/folder-fill/property-24.scss  |    2 +-
 .../icons/icons/folder-minus-fill/index.scss  |    2 +-
 .../icons/folder-minus-fill/keyframes.scss    |    2 +-
 .../icons/folder-minus-fill/placeholders.scss |    2 +-
 .../icons/folder-minus-fill/property-16.scss  |    2 +-
 .../icons/folder-minus-fill/property-24.scss  |    2 +-
 .../base/icons/icons/folder-minus/index.scss  |    2 +-
 .../icons/icons/folder-minus/keyframes.scss   |    2 +-
 .../icons/folder-minus/placeholders.scss      |    2 +-
 .../icons/icons/folder-minus/property-16.scss |    2 +-
 .../icons/icons/folder-minus/property-24.scss |    2 +-
 .../icons/icons/folder-outline/index.scss     |    2 +-
 .../icons/icons/folder-outline/keyframes.scss |    2 +-
 .../icons/folder-outline/placeholders.scss    |    2 +-
 .../icons/icons/folder-plus-fill/index.scss   |    2 +-
 .../icons/folder-plus-fill/keyframes.scss     |    2 +-
 .../icons/folder-plus-fill/placeholders.scss  |    2 +-
 .../icons/folder-plus-fill/property-16.scss   |    2 +-
 .../icons/folder-plus-fill/property-24.scss   |    2 +-
 .../base/icons/icons/folder-plus/index.scss   |    2 +-
 .../icons/icons/folder-plus/keyframes.scss    |    2 +-
 .../icons/icons/folder-plus/placeholders.scss |    2 +-
 .../icons/icons/folder-plus/property-16.scss  |    2 +-
 .../icons/icons/folder-plus/property-24.scss  |    2 +-
 .../base/icons/icons/folder-star/index.scss   |    2 +-
 .../icons/icons/folder-star/keyframes.scss    |    2 +-
 .../icons/icons/folder-star/placeholders.scss |    2 +-
 .../icons/icons/folder-star/property-16.scss  |    2 +-
 .../icons/icons/folder-star/property-24.scss  |    2 +-
 .../base/icons/icons/folder-users/index.scss  |    2 +-
 .../icons/icons/folder-users/keyframes.scss   |    2 +-
 .../icons/folder-users/placeholders.scss      |    2 +-
 .../icons/icons/folder-users/property-16.scss |    2 +-
 .../icons/icons/folder-users/property-24.scss |    2 +-
 .../styles/base/icons/icons/folder/index.scss |    2 +-
 .../base/icons/icons/folder/keyframes.scss    |    2 +-
 .../base/icons/icons/folder/placeholders.scss |    2 +-
 .../base/icons/icons/folder/property-16.scss  |    2 +-
 .../base/icons/icons/folder/property-24.scss  |    2 +-
 .../styles/base/icons/icons/frown/index.scss  |    2 +-
 .../base/icons/icons/frown/keyframes.scss     |    2 +-
 .../base/icons/icons/frown/placeholders.scss  |    2 +-
 .../base/icons/icons/frown/property-16.scss   |    2 +-
 .../base/icons/icons/frown/property-24.scss   |    2 +-
 .../base/icons/icons/gateway/index.scss       |    2 +-
 .../base/icons/icons/gateway/keyframes.scss   |    2 +-
 .../icons/icons/gateway/placeholders.scss     |    2 +-
 .../base/icons/icons/gateway/property-16.scss |    2 +-
 .../base/icons/icons/gateway/property-24.scss |    2 +-
 .../base/icons/icons/gcp-color/index.scss     |    2 +-
 .../base/icons/icons/gcp-color/keyframes.scss |    2 +-
 .../icons/icons/gcp-color/placeholders.scss   |    2 +-
 .../icons/icons/gcp-color/property-16.scss    |    2 +-
 .../icons/icons/gcp-color/property-24.scss    |    2 +-
 .../styles/base/icons/icons/gcp/index.scss    |    2 +-
 .../base/icons/icons/gcp/keyframes.scss       |    2 +-
 .../base/icons/icons/gcp/placeholders.scss    |    2 +-
 .../base/icons/icons/gcp/property-16.scss     |    2 +-
 .../base/icons/icons/gcp/property-24.scss     |    2 +-
 .../base/icons/icons/gift-fill/index.scss     |    2 +-
 .../base/icons/icons/gift-fill/keyframes.scss |    2 +-
 .../icons/icons/gift-fill/placeholders.scss   |    2 +-
 .../base/icons/icons/gift-outline/index.scss  |    2 +-
 .../icons/icons/gift-outline/keyframes.scss   |    2 +-
 .../icons/gift-outline/placeholders.scss      |    2 +-
 .../styles/base/icons/icons/gift/index.scss   |    2 +-
 .../base/icons/icons/gift/keyframes.scss      |    2 +-
 .../base/icons/icons/gift/placeholders.scss   |    2 +-
 .../base/icons/icons/gift/property-16.scss    |    2 +-
 .../base/icons/icons/gift/property-24.scss    |    2 +-
 .../base/icons/icons/git-branch/index.scss    |    2 +-
 .../icons/icons/git-branch/keyframes.scss     |    2 +-
 .../icons/icons/git-branch/placeholders.scss  |    2 +-
 .../icons/icons/git-branch/property-16.scss   |    2 +-
 .../icons/icons/git-branch/property-24.scss   |    2 +-
 .../base/icons/icons/git-commit/index.scss    |    2 +-
 .../icons/icons/git-commit/keyframes.scss     |    2 +-
 .../icons/icons/git-commit/placeholders.scss  |    2 +-
 .../icons/icons/git-commit/property-16.scss   |    2 +-
 .../icons/icons/git-commit/property-24.scss   |    2 +-
 .../base/icons/icons/git-merge/index.scss     |    2 +-
 .../base/icons/icons/git-merge/keyframes.scss |    2 +-
 .../icons/icons/git-merge/placeholders.scss   |    2 +-
 .../icons/icons/git-merge/property-16.scss    |    2 +-
 .../icons/icons/git-merge/property-24.scss    |    2 +-
 .../icons/icons/git-pull-request/index.scss   |    2 +-
 .../icons/git-pull-request/keyframes.scss     |    2 +-
 .../icons/git-pull-request/placeholders.scss  |    2 +-
 .../icons/git-pull-request/property-16.scss   |    2 +-
 .../icons/git-pull-request/property-24.scss   |    2 +-
 .../base/icons/icons/git-repo/index.scss      |    2 +-
 .../base/icons/icons/git-repo/keyframes.scss  |    2 +-
 .../icons/icons/git-repo/placeholders.scss    |    2 +-
 .../icons/icons/git-repo/property-16.scss     |    2 +-
 .../icons/icons/git-repo/property-24.scss     |    2 +-
 .../icons/icons/git-repository/index.scss     |    2 +-
 .../icons/icons/git-repository/keyframes.scss |    2 +-
 .../icons/git-repository/placeholders.scss    |    2 +-
 .../base/icons/icons/github-color/index.scss  |    2 +-
 .../icons/icons/github-color/keyframes.scss   |    2 +-
 .../icons/github-color/placeholders.scss      |    2 +-
 .../icons/icons/github-color/property-16.scss |    2 +-
 .../icons/icons/github-color/property-24.scss |    2 +-
 .../styles/base/icons/icons/github/index.scss |    2 +-
 .../base/icons/icons/github/keyframes.scss    |    2 +-
 .../base/icons/icons/github/placeholders.scss |    2 +-
 .../base/icons/icons/github/property-16.scss  |    2 +-
 .../base/icons/icons/github/property-24.scss  |    2 +-
 .../base/icons/icons/gitlab-color/index.scss  |    2 +-
 .../icons/icons/gitlab-color/keyframes.scss   |    2 +-
 .../icons/gitlab-color/placeholders.scss      |    2 +-
 .../icons/icons/gitlab-color/property-16.scss |    2 +-
 .../icons/icons/gitlab-color/property-24.scss |    2 +-
 .../styles/base/icons/icons/gitlab/index.scss |    2 +-
 .../base/icons/icons/gitlab/keyframes.scss    |    2 +-
 .../base/icons/icons/gitlab/placeholders.scss |    2 +-
 .../base/icons/icons/gitlab/property-16.scss  |    2 +-
 .../base/icons/icons/gitlab/property-24.scss  |    2 +-
 .../base/icons/icons/globe-private/index.scss |    2 +-
 .../icons/icons/globe-private/keyframes.scss  |    2 +-
 .../icons/globe-private/placeholders.scss     |    2 +-
 .../icons/globe-private/property-16.scss      |    2 +-
 .../icons/globe-private/property-24.scss      |    2 +-
 .../styles/base/icons/icons/globe/index.scss  |    2 +-
 .../base/icons/icons/globe/keyframes.scss     |    2 +-
 .../base/icons/icons/globe/placeholders.scss  |    2 +-
 .../base/icons/icons/globe/property-16.scss   |    2 +-
 .../base/icons/icons/globe/property-24.scss   |    2 +-
 .../base/icons/icons/google-color/index.scss  |    2 +-
 .../icons/icons/google-color/keyframes.scss   |    2 +-
 .../icons/google-color/placeholders.scss      |    2 +-
 .../icons/icons/google-color/property-16.scss |    2 +-
 .../icons/icons/google-color/property-24.scss |    2 +-
 .../styles/base/icons/icons/google/index.scss |    2 +-
 .../base/icons/icons/google/keyframes.scss    |    2 +-
 .../base/icons/icons/google/placeholders.scss |    2 +-
 .../base/icons/icons/google/property-16.scss  |    2 +-
 .../base/icons/icons/google/property-24.scss  |    2 +-
 .../base/icons/icons/grid-alt/index.scss      |    2 +-
 .../base/icons/icons/grid-alt/keyframes.scss  |    2 +-
 .../icons/icons/grid-alt/placeholders.scss    |    2 +-
 .../icons/icons/grid-alt/property-16.scss     |    2 +-
 .../icons/icons/grid-alt/property-24.scss     |    2 +-
 .../styles/base/icons/icons/grid/index.scss   |    2 +-
 .../base/icons/icons/grid/keyframes.scss      |    2 +-
 .../base/icons/icons/grid/placeholders.scss   |    2 +-
 .../base/icons/icons/grid/property-16.scss    |    2 +-
 .../base/icons/icons/grid/property-24.scss    |    2 +-
 .../base/icons/icons/guide-link/index.scss    |    2 +-
 .../icons/icons/guide-link/keyframes.scss     |    2 +-
 .../icons/icons/guide-link/placeholders.scss  |    2 +-
 .../icons/icons/guide-link/property-16.scss   |    2 +-
 .../icons/icons/guide-link/property-24.scss   |    2 +-
 .../styles/base/icons/icons/guide/index.scss  |    2 +-
 .../base/icons/icons/guide/keyframes.scss     |    2 +-
 .../base/icons/icons/guide/placeholders.scss  |    2 +-
 .../base/icons/icons/guide/property-16.scss   |    2 +-
 .../base/icons/icons/guide/property-24.scss   |    2 +-
 .../styles/base/icons/icons/hammer/index.scss |    2 +-
 .../base/icons/icons/hammer/keyframes.scss    |    2 +-
 .../base/icons/icons/hammer/placeholders.scss |    2 +-
 .../base/icons/icons/hammer/property-16.scss  |    2 +-
 .../base/icons/icons/hammer/property-24.scss  |    2 +-
 .../base/icons/icons/handshake/index.scss     |    2 +-
 .../base/icons/icons/handshake/keyframes.scss |    2 +-
 .../icons/icons/handshake/placeholders.scss   |    2 +-
 .../icons/icons/handshake/property-16.scss    |    2 +-
 .../icons/icons/handshake/property-24.scss    |    2 +-
 .../base/icons/icons/hard-drive/index.scss    |    2 +-
 .../icons/icons/hard-drive/keyframes.scss     |    2 +-
 .../icons/icons/hard-drive/placeholders.scss  |    2 +-
 .../icons/icons/hard-drive/property-16.scss   |    2 +-
 .../icons/icons/hard-drive/property-24.scss   |    2 +-
 .../styles/base/icons/icons/hash/index.scss   |    2 +-
 .../base/icons/icons/hash/keyframes.scss      |    2 +-
 .../base/icons/icons/hash/placeholders.scss   |    2 +-
 .../base/icons/icons/hash/property-16.scss    |    2 +-
 .../base/icons/icons/hash/property-24.scss    |    2 +-
 .../icons/icons/hashicorp-color/index.scss    |    2 +-
 .../icons/hashicorp-color/keyframes.scss      |    2 +-
 .../icons/hashicorp-color/placeholders.scss   |    2 +-
 .../icons/hashicorp-color/property-16.scss    |    2 +-
 .../icons/hashicorp-color/property-24.scss    |    2 +-
 .../base/icons/icons/hashicorp/index.scss     |    2 +-
 .../base/icons/icons/hashicorp/keyframes.scss |    2 +-
 .../icons/icons/hashicorp/placeholders.scss   |    2 +-
 .../icons/icons/hashicorp/property-16.scss    |    2 +-
 .../icons/icons/hashicorp/property-24.scss    |    2 +-
 .../base/icons/icons/hcp-color/index.scss     |    2 +-
 .../base/icons/icons/hcp-color/keyframes.scss |    2 +-
 .../icons/icons/hcp-color/placeholders.scss   |    2 +-
 .../icons/icons/hcp-color/property-16.scss    |    2 +-
 .../icons/icons/hcp-color/property-24.scss    |    2 +-
 .../styles/base/icons/icons/hcp/index.scss    |    2 +-
 .../base/icons/icons/hcp/keyframes.scss       |    2 +-
 .../base/icons/icons/hcp/placeholders.scss    |    2 +-
 .../base/icons/icons/hcp/property-16.scss     |    2 +-
 .../base/icons/icons/hcp/property-24.scss     |    2 +-
 .../base/icons/icons/headphones/index.scss    |    2 +-
 .../icons/icons/headphones/keyframes.scss     |    2 +-
 .../icons/icons/headphones/placeholders.scss  |    2 +-
 .../icons/icons/headphones/property-16.scss   |    2 +-
 .../icons/icons/headphones/property-24.scss   |    2 +-
 .../styles/base/icons/icons/health/index.scss |    2 +-
 .../base/icons/icons/health/keyframes.scss    |    2 +-
 .../base/icons/icons/health/placeholders.scss |    2 +-
 .../base/icons/icons/heart-fill/index.scss    |    2 +-
 .../icons/icons/heart-fill/keyframes.scss     |    2 +-
 .../icons/icons/heart-fill/placeholders.scss  |    2 +-
 .../icons/icons/heart-fill/property-16.scss   |    2 +-
 .../icons/icons/heart-fill/property-24.scss   |    2 +-
 .../base/icons/icons/heart-off/index.scss     |    2 +-
 .../base/icons/icons/heart-off/keyframes.scss |    2 +-
 .../icons/icons/heart-off/placeholders.scss   |    2 +-
 .../icons/icons/heart-off/property-16.scss    |    2 +-
 .../icons/icons/heart-off/property-24.scss    |    2 +-
 .../styles/base/icons/icons/heart/index.scss  |    2 +-
 .../base/icons/icons/heart/keyframes.scss     |    2 +-
 .../base/icons/icons/heart/placeholders.scss  |    2 +-
 .../base/icons/icons/heart/property-16.scss   |    2 +-
 .../base/icons/icons/heart/property-24.scss   |    2 +-
 .../icons/icons/help-circle-fill/index.scss   |    2 +-
 .../icons/help-circle-fill/keyframes.scss     |    2 +-
 .../icons/help-circle-fill/placeholders.scss  |    2 +-
 .../icons/help-circle-outline/index.scss      |    2 +-
 .../icons/help-circle-outline/keyframes.scss  |    2 +-
 .../help-circle-outline/placeholders.scss     |    2 +-
 .../styles/base/icons/icons/help/index.scss   |    2 +-
 .../base/icons/icons/help/keyframes.scss      |    2 +-
 .../base/icons/icons/help/placeholders.scss   |    2 +-
 .../base/icons/icons/help/property-16.scss    |    2 +-
 .../base/icons/icons/help/property-24.scss    |    2 +-
 .../base/icons/icons/hexagon-fill/index.scss  |    2 +-
 .../icons/icons/hexagon-fill/keyframes.scss   |    2 +-
 .../icons/hexagon-fill/placeholders.scss      |    2 +-
 .../icons/icons/hexagon-fill/property-16.scss |    2 +-
 .../icons/icons/hexagon-fill/property-24.scss |    2 +-
 .../base/icons/icons/hexagon/index.scss       |    2 +-
 .../base/icons/icons/hexagon/keyframes.scss   |    2 +-
 .../icons/icons/hexagon/placeholders.scss     |    2 +-
 .../base/icons/icons/hexagon/property-16.scss |    2 +-
 .../base/icons/icons/hexagon/property-24.scss |    2 +-
 .../base/icons/icons/history/index.scss       |    2 +-
 .../base/icons/icons/history/keyframes.scss   |    2 +-
 .../icons/icons/history/placeholders.scss     |    2 +-
 .../base/icons/icons/history/property-16.scss |    2 +-
 .../base/icons/icons/history/property-24.scss |    2 +-
 .../styles/base/icons/icons/home/index.scss   |    2 +-
 .../base/icons/icons/home/keyframes.scss      |    2 +-
 .../base/icons/icons/home/placeholders.scss   |    2 +-
 .../base/icons/icons/home/property-16.scss    |    2 +-
 .../base/icons/icons/home/property-24.scss    |    2 +-
 .../base/icons/icons/hourglass/index.scss     |    2 +-
 .../base/icons/icons/hourglass/keyframes.scss |    2 +-
 .../icons/icons/hourglass/placeholders.scss   |    2 +-
 .../icons/icons/hourglass/property-16.scss    |    2 +-
 .../icons/icons/hourglass/property-24.scss    |    2 +-
 .../icons/icons/identity-service/index.scss   |    2 +-
 .../icons/identity-service/keyframes.scss     |    2 +-
 .../icons/identity-service/placeholders.scss  |    2 +-
 .../icons/identity-service/property-16.scss   |    2 +-
 .../icons/identity-service/property-24.scss   |    2 +-
 .../base/icons/icons/identity-user/index.scss |    2 +-
 .../icons/icons/identity-user/keyframes.scss  |    2 +-
 .../icons/identity-user/placeholders.scss     |    2 +-
 .../icons/identity-user/property-16.scss      |    2 +-
 .../icons/identity-user/property-24.scss      |    2 +-
 .../styles/base/icons/icons/image/index.scss  |    2 +-
 .../base/icons/icons/image/keyframes.scss     |    2 +-
 .../base/icons/icons/image/placeholders.scss  |    2 +-
 .../base/icons/icons/image/property-16.scss   |    2 +-
 .../base/icons/icons/image/property-24.scss   |    2 +-
 .../styles/base/icons/icons/inbox/index.scss  |    2 +-
 .../base/icons/icons/inbox/keyframes.scss     |    2 +-
 .../base/icons/icons/inbox/placeholders.scss  |    2 +-
 .../base/icons/icons/inbox/property-16.scss   |    2 +-
 .../base/icons/icons/inbox/property-24.scss   |    2 +-
 .../app/styles/base/icons/icons/index.scss    |    2 +-
 .../icons/icons/info-circle-fill/index.scss   |    2 +-
 .../icons/info-circle-fill/keyframes.scss     |    2 +-
 .../icons/info-circle-fill/placeholders.scss  |    2 +-
 .../icons/info-circle-outline/index.scss      |    2 +-
 .../icons/info-circle-outline/keyframes.scss  |    2 +-
 .../info-circle-outline/placeholders.scss     |    2 +-
 .../styles/base/icons/icons/info/index.scss   |    2 +-
 .../base/icons/icons/info/keyframes.scss      |    2 +-
 .../base/icons/icons/info/placeholders.scss   |    2 +-
 .../base/icons/icons/info/property-16.scss    |    2 +-
 .../base/icons/icons/info/property-24.scss    |    2 +-
 .../base/icons/icons/jump-link/index.scss     |    2 +-
 .../base/icons/icons/jump-link/keyframes.scss |    2 +-
 .../icons/icons/jump-link/placeholders.scss   |    2 +-
 .../icons/icons/jump-link/property-16.scss    |    2 +-
 .../icons/icons/jump-link/property-24.scss    |    2 +-
 .../base/icons/icons/key-values/index.scss    |    2 +-
 .../icons/icons/key-values/keyframes.scss     |    2 +-
 .../icons/icons/key-values/placeholders.scss  |    2 +-
 .../icons/icons/key-values/property-16.scss   |    2 +-
 .../icons/icons/key-values/property-24.scss   |    2 +-
 .../styles/base/icons/icons/key/index.scss    |    2 +-
 .../base/icons/icons/key/keyframes.scss       |    2 +-
 .../base/icons/icons/key/placeholders.scss    |    2 +-
 .../base/icons/icons/key/property-16.scss     |    2 +-
 .../base/icons/icons/key/property-24.scss     |    2 +-
 .../base/icons/icons/keychain/index.scss      |    2 +-
 .../base/icons/icons/keychain/keyframes.scss  |    2 +-
 .../icons/icons/keychain/placeholders.scss    |    2 +-
 .../icons/icons/keychain/property-16.scss     |    2 +-
 .../icons/icons/keychain/property-24.scss     |    2 +-
 .../icons/icons/kubernetes-color/index.scss   |    2 +-
 .../icons/kubernetes-color/keyframes.scss     |    2 +-
 .../icons/kubernetes-color/placeholders.scss  |    2 +-
 .../icons/kubernetes-color/property-16.scss   |    2 +-
 .../icons/kubernetes-color/property-24.scss   |    2 +-
 .../base/icons/icons/kubernetes/index.scss    |    2 +-
 .../icons/icons/kubernetes/keyframes.scss     |    2 +-
 .../icons/icons/kubernetes/placeholders.scss  |    2 +-
 .../icons/icons/kubernetes/property-16.scss   |    2 +-
 .../icons/icons/kubernetes/property-24.scss   |    2 +-
 .../base/icons/icons/labyrinth/index.scss     |    2 +-
 .../base/icons/icons/labyrinth/keyframes.scss |    2 +-
 .../icons/icons/labyrinth/placeholders.scss   |    2 +-
 .../icons/icons/labyrinth/property-16.scss    |    2 +-
 .../icons/icons/labyrinth/property-24.scss    |    2 +-
 .../styles/base/icons/icons/layers/index.scss |    2 +-
 .../base/icons/icons/layers/keyframes.scss    |    2 +-
 .../base/icons/icons/layers/placeholders.scss |    2 +-
 .../base/icons/icons/layers/property-16.scss  |    2 +-
 .../base/icons/icons/layers/property-24.scss  |    2 +-
 .../styles/base/icons/icons/layout/index.scss |    2 +-
 .../base/icons/icons/layout/keyframes.scss    |    2 +-
 .../base/icons/icons/layout/placeholders.scss |    2 +-
 .../base/icons/icons/layout/property-16.scss  |    2 +-
 .../base/icons/icons/layout/property-24.scss  |    2 +-
 .../base/icons/icons/learn-link/index.scss    |    2 +-
 .../icons/icons/learn-link/keyframes.scss     |    2 +-
 .../icons/icons/learn-link/placeholders.scss  |    2 +-
 .../icons/icons/learn-link/property-16.scss   |    2 +-
 .../icons/icons/learn-link/property-24.scss   |    2 +-
 .../styles/base/icons/icons/learn/index.scss  |    2 +-
 .../base/icons/icons/learn/keyframes.scss     |    2 +-
 .../base/icons/icons/learn/placeholders.scss  |    2 +-
 .../base/icons/icons/learn/property-16.scss   |    2 +-
 .../base/icons/icons/learn/property-24.scss   |    2 +-
 .../base/icons/icons/line-chart-up/index.scss |    2 +-
 .../icons/icons/line-chart-up/keyframes.scss  |    2 +-
 .../icons/line-chart-up/placeholders.scss     |    2 +-
 .../icons/line-chart-up/property-16.scss      |    2 +-
 .../icons/line-chart-up/property-24.scss      |    2 +-
 .../base/icons/icons/line-chart/index.scss    |    2 +-
 .../icons/icons/line-chart/keyframes.scss     |    2 +-
 .../icons/icons/line-chart/placeholders.scss  |    2 +-
 .../icons/icons/line-chart/property-16.scss   |    2 +-
 .../icons/icons/line-chart/property-24.scss   |    2 +-
 .../styles/base/icons/icons/link/index.scss   |    2 +-
 .../base/icons/icons/link/keyframes.scss      |    2 +-
 .../base/icons/icons/link/placeholders.scss   |    2 +-
 .../base/icons/icons/link/property-16.scss    |    2 +-
 .../base/icons/icons/link/property-24.scss    |    2 +-
 .../icons/icons/linkedin-color/index.scss     |    2 +-
 .../icons/icons/linkedin-color/keyframes.scss |    2 +-
 .../icons/linkedin-color/placeholders.scss    |    2 +-
 .../icons/linkedin-color/property-16.scss     |    2 +-
 .../icons/linkedin-color/property-24.scss     |    2 +-
 .../base/icons/icons/linkedin/index.scss      |    2 +-
 .../base/icons/icons/linkedin/keyframes.scss  |    2 +-
 .../icons/icons/linkedin/placeholders.scss    |    2 +-
 .../icons/icons/linkedin/property-16.scss     |    2 +-
 .../icons/icons/linkedin/property-24.scss     |    2 +-
 .../styles/base/icons/icons/list/index.scss   |    2 +-
 .../base/icons/icons/list/keyframes.scss      |    2 +-
 .../base/icons/icons/list/placeholders.scss   |    2 +-
 .../base/icons/icons/list/property-16.scss    |    2 +-
 .../base/icons/icons/list/property-24.scss    |    2 +-
 .../base/icons/icons/load-balancer/index.scss |    2 +-
 .../icons/icons/load-balancer/keyframes.scss  |    2 +-
 .../icons/load-balancer/placeholders.scss     |    2 +-
 .../icons/load-balancer/property-16.scss      |    2 +-
 .../icons/load-balancer/property-24.scss      |    2 +-
 .../icons/icons/loading-motion/index.scss     |    2 +-
 .../icons/icons/loading-motion/keyframes.scss |    2 +-
 .../icons/loading-motion/placeholders.scss    |    2 +-
 .../icons/loading-motion/property-16.scss     |    2 +-
 .../icons/loading-motion/property-24.scss     |    2 +-
 .../base/icons/icons/loading/index.scss       |    2 +-
 .../base/icons/icons/loading/keyframes.scss   |    2 +-
 .../icons/icons/loading/placeholders.scss     |    2 +-
 .../base/icons/icons/loading/property-16.scss |    2 +-
 .../base/icons/icons/loading/property-24.scss |    2 +-
 .../icons/icons/lock-closed-fill/index.scss   |    2 +-
 .../icons/lock-closed-fill/keyframes.scss     |    2 +-
 .../icons/lock-closed-fill/placeholders.scss  |    2 +-
 .../icons/lock-closed-outline/index.scss      |    2 +-
 .../icons/lock-closed-outline/keyframes.scss  |    2 +-
 .../lock-closed-outline/placeholders.scss     |    2 +-
 .../base/icons/icons/lock-closed/index.scss   |    2 +-
 .../icons/icons/lock-closed/keyframes.scss    |    2 +-
 .../icons/icons/lock-closed/placeholders.scss |    2 +-
 .../base/icons/icons/lock-disabled/index.scss |    2 +-
 .../icons/icons/lock-disabled/keyframes.scss  |    2 +-
 .../icons/lock-disabled/placeholders.scss     |    2 +-
 .../base/icons/icons/lock-fill/index.scss     |    2 +-
 .../base/icons/icons/lock-fill/keyframes.scss |    2 +-
 .../icons/icons/lock-fill/placeholders.scss   |    2 +-
 .../icons/icons/lock-fill/property-16.scss    |    2 +-
 .../icons/icons/lock-fill/property-24.scss    |    2 +-
 .../base/icons/icons/lock-off/index.scss      |    2 +-
 .../base/icons/icons/lock-off/keyframes.scss  |    2 +-
 .../icons/icons/lock-off/placeholders.scss    |    2 +-
 .../icons/icons/lock-off/property-16.scss     |    2 +-
 .../icons/icons/lock-off/property-24.scss     |    2 +-
 .../base/icons/icons/lock-open/index.scss     |    2 +-
 .../base/icons/icons/lock-open/keyframes.scss |    2 +-
 .../icons/icons/lock-open/placeholders.scss   |    2 +-
 .../styles/base/icons/icons/lock/index.scss   |    2 +-
 .../base/icons/icons/lock/keyframes.scss      |    2 +-
 .../base/icons/icons/lock/placeholders.scss   |    2 +-
 .../base/icons/icons/lock/property-16.scss    |    2 +-
 .../base/icons/icons/lock/property-24.scss    |    2 +-
 .../icons/logo-alicloud-color/index.scss      |    2 +-
 .../icons/logo-alicloud-color/keyframes.scss  |    2 +-
 .../logo-alicloud-color/placeholders.scss     |    2 +-
 .../icons/logo-alicloud-monochrome/index.scss |    2 +-
 .../logo-alicloud-monochrome/keyframes.scss   |    2 +-
 .../placeholders.scss                         |    2 +-
 .../icons/icons/logo-auth0-color/index.scss   |    2 +-
 .../icons/logo-auth0-color/keyframes.scss     |    2 +-
 .../icons/logo-auth0-color/placeholders.scss  |    2 +-
 .../icons/icons/logo-aws-color/index.scss     |    2 +-
 .../icons/icons/logo-aws-color/keyframes.scss |    2 +-
 .../icons/logo-aws-color/placeholders.scss    |    2 +-
 .../icons/logo-aws-monochrome/index.scss      |    2 +-
 .../icons/logo-aws-monochrome/keyframes.scss  |    2 +-
 .../logo-aws-monochrome/placeholders.scss     |    2 +-
 .../icons/icons/logo-azure-color/index.scss   |    2 +-
 .../icons/logo-azure-color/keyframes.scss     |    2 +-
 .../icons/logo-azure-color/placeholders.scss  |    2 +-
 .../icons/logo-azure-dev-ops-color/index.scss |    2 +-
 .../logo-azure-dev-ops-color/keyframes.scss   |    2 +-
 .../placeholders.scss                         |    2 +-
 .../logo-azure-dev-ops-monochrome/index.scss  |    2 +-
 .../keyframes.scss                            |    2 +-
 .../placeholders.scss                         |    2 +-
 .../icons/logo-azure-monochrome/index.scss    |    2 +-
 .../logo-azure-monochrome/keyframes.scss      |    2 +-
 .../logo-azure-monochrome/placeholders.scss   |    2 +-
 .../icons/logo-bitbucket-color/index.scss     |    2 +-
 .../icons/logo-bitbucket-color/keyframes.scss |    2 +-
 .../logo-bitbucket-color/placeholders.scss    |    2 +-
 .../logo-bitbucket-monochrome/index.scss      |    2 +-
 .../logo-bitbucket-monochrome/keyframes.scss  |    2 +-
 .../placeholders.scss                         |    2 +-
 .../icons/logo-ember-circle-color/index.scss  |    2 +-
 .../logo-ember-circle-color/keyframes.scss    |    2 +-
 .../logo-ember-circle-color/placeholders.scss |    2 +-
 .../logo-ember-circle-color/property-16.scss  |    2 +-
 .../logo-ember-circle-color/property-24.scss  |    2 +-
 .../icons/icons/logo-gcp-color/index.scss     |    2 +-
 .../icons/icons/logo-gcp-color/keyframes.scss |    2 +-
 .../icons/logo-gcp-color/placeholders.scss    |    2 +-
 .../icons/logo-gcp-monochrome/index.scss      |    2 +-
 .../icons/logo-gcp-monochrome/keyframes.scss  |    2 +-
 .../logo-gcp-monochrome/placeholders.scss     |    2 +-
 .../icons/icons/logo-github-color/index.scss  |    2 +-
 .../icons/logo-github-color/keyframes.scss    |    2 +-
 .../icons/logo-github-color/placeholders.scss |    2 +-
 .../icons/logo-github-monochrome/index.scss   |    2 +-
 .../logo-github-monochrome/keyframes.scss     |    2 +-
 .../logo-github-monochrome/placeholders.scss  |    2 +-
 .../icons/icons/logo-gitlab-color/index.scss  |    2 +-
 .../icons/logo-gitlab-color/keyframes.scss    |    2 +-
 .../icons/logo-gitlab-color/placeholders.scss |    2 +-
 .../icons/logo-gitlab-monochrome/index.scss   |    2 +-
 .../logo-gitlab-monochrome/keyframes.scss     |    2 +-
 .../logo-gitlab-monochrome/placeholders.scss  |    2 +-
 .../icons/icons/logo-glimmer-color/index.scss |    2 +-
 .../icons/logo-glimmer-color/keyframes.scss   |    2 +-
 .../logo-glimmer-color/placeholders.scss      |    2 +-
 .../icons/logo-glimmer-color/property-16.scss |    2 +-
 .../icons/logo-glimmer-color/property-24.scss |    2 +-
 .../icons/icons/logo-google-color/index.scss  |    2 +-
 .../icons/logo-google-color/keyframes.scss    |    2 +-
 .../icons/logo-google-color/placeholders.scss |    2 +-
 .../icons/logo-google-monochrome/index.scss   |    2 +-
 .../logo-google-monochrome/keyframes.scss     |    2 +-
 .../logo-google-monochrome/placeholders.scss  |    2 +-
 .../icons/logo-hashicorp-color/index.scss     |    2 +-
 .../icons/logo-hashicorp-color/keyframes.scss |    2 +-
 .../logo-hashicorp-color/placeholders.scss    |    2 +-
 .../logo-hashicorp-color/property-16.scss     |    2 +-
 .../logo-hashicorp-color/property-24.scss     |    2 +-
 .../icons/icons/logo-jwt-color/index.scss     |    2 +-
 .../icons/icons/logo-jwt-color/keyframes.scss |    2 +-
 .../icons/logo-jwt-color/placeholders.scss    |    2 +-
 .../icons/logo-jwt-color/property-16.scss     |    2 +-
 .../icons/logo-jwt-color/property-24.scss     |    2 +-
 .../icons/logo-kubernetes-color/index.scss    |    2 +-
 .../logo-kubernetes-color/keyframes.scss      |    2 +-
 .../logo-kubernetes-color/placeholders.scss   |    2 +-
 .../logo-kubernetes-monochrome/index.scss     |    2 +-
 .../logo-kubernetes-monochrome/keyframes.scss |    2 +-
 .../placeholders.scss                         |    2 +-
 .../icons/logo-microsoft-color/index.scss     |    2 +-
 .../icons/logo-microsoft-color/keyframes.scss |    2 +-
 .../logo-microsoft-color/placeholders.scss    |    2 +-
 .../icons/icons/logo-oidc-color/index.scss    |    2 +-
 .../icons/logo-oidc-color/keyframes.scss      |    2 +-
 .../icons/logo-oidc-color/placeholders.scss   |    2 +-
 .../icons/logo-oidc-color/property-16.scss    |    2 +-
 .../icons/logo-oidc-color/property-24.scss    |    2 +-
 .../icons/icons/logo-okta-color/index.scss    |    2 +-
 .../icons/logo-okta-color/keyframes.scss      |    2 +-
 .../icons/logo-okta-color/placeholders.scss   |    2 +-
 .../icons/icons/logo-oracle-color/index.scss  |    2 +-
 .../icons/logo-oracle-color/keyframes.scss    |    2 +-
 .../icons/logo-oracle-color/placeholders.scss |    2 +-
 .../icons/logo-oracle-monochrome/index.scss   |    2 +-
 .../logo-oracle-monochrome/keyframes.scss     |    2 +-
 .../logo-oracle-monochrome/placeholders.scss  |    2 +-
 .../icons/icons/logo-slack-color/index.scss   |    2 +-
 .../icons/logo-slack-color/keyframes.scss     |    2 +-
 .../icons/logo-slack-color/placeholders.scss  |    2 +-
 .../icons/logo-slack-monochrome/index.scss    |    2 +-
 .../logo-slack-monochrome/keyframes.scss      |    2 +-
 .../logo-slack-monochrome/placeholders.scss   |    2 +-
 .../icons/icons/logo-vmware-color/index.scss  |    2 +-
 .../icons/logo-vmware-color/keyframes.scss    |    2 +-
 .../icons/logo-vmware-color/placeholders.scss |    2 +-
 .../icons/logo-vmware-monochrome/index.scss   |    2 +-
 .../logo-vmware-monochrome/keyframes.scss     |    2 +-
 .../logo-vmware-monochrome/placeholders.scss  |    2 +-
 .../base/icons/icons/mail-open/index.scss     |    2 +-
 .../base/icons/icons/mail-open/keyframes.scss |    2 +-
 .../icons/icons/mail-open/placeholders.scss   |    2 +-
 .../icons/icons/mail-open/property-16.scss    |    2 +-
 .../icons/icons/mail-open/property-24.scss    |    2 +-
 .../styles/base/icons/icons/mail/index.scss   |    2 +-
 .../base/icons/icons/mail/keyframes.scss      |    2 +-
 .../base/icons/icons/mail/placeholders.scss   |    2 +-
 .../base/icons/icons/mail/property-16.scss    |    2 +-
 .../base/icons/icons/mail/property-24.scss    |    2 +-
 .../base/icons/icons/mainframe/index.scss     |    2 +-
 .../base/icons/icons/mainframe/keyframes.scss |    2 +-
 .../icons/icons/mainframe/placeholders.scss   |    2 +-
 .../icons/icons/mainframe/property-16.scss    |    2 +-
 .../icons/icons/mainframe/property-24.scss    |    2 +-
 .../base/icons/icons/map-pin/index.scss       |    2 +-
 .../base/icons/icons/map-pin/keyframes.scss   |    2 +-
 .../icons/icons/map-pin/placeholders.scss     |    2 +-
 .../base/icons/icons/map-pin/property-16.scss |    2 +-
 .../base/icons/icons/map-pin/property-24.scss |    2 +-
 .../styles/base/icons/icons/map/index.scss    |    2 +-
 .../base/icons/icons/map/keyframes.scss       |    2 +-
 .../base/icons/icons/map/placeholders.scss    |    2 +-
 .../base/icons/icons/map/property-16.scss     |    2 +-
 .../base/icons/icons/map/property-24.scss     |    2 +-
 .../base/icons/icons/maximize-alt/index.scss  |    2 +-
 .../icons/icons/maximize-alt/keyframes.scss   |    2 +-
 .../icons/maximize-alt/placeholders.scss      |    2 +-
 .../icons/icons/maximize-alt/property-16.scss |    2 +-
 .../icons/icons/maximize-alt/property-24.scss |    2 +-
 .../base/icons/icons/maximize/index.scss      |    2 +-
 .../base/icons/icons/maximize/keyframes.scss  |    2 +-
 .../icons/icons/maximize/placeholders.scss    |    2 +-
 .../icons/icons/maximize/property-16.scss     |    2 +-
 .../icons/icons/maximize/property-24.scss     |    2 +-
 .../styles/base/icons/icons/meh/index.scss    |    2 +-
 .../base/icons/icons/meh/keyframes.scss       |    2 +-
 .../base/icons/icons/meh/placeholders.scss    |    2 +-
 .../base/icons/icons/meh/property-16.scss     |    2 +-
 .../base/icons/icons/meh/property-24.scss     |    2 +-
 .../styles/base/icons/icons/menu/index.scss   |    2 +-
 .../base/icons/icons/menu/keyframes.scss      |    2 +-
 .../base/icons/icons/menu/placeholders.scss   |    2 +-
 .../base/icons/icons/menu/property-16.scss    |    2 +-
 .../base/icons/icons/menu/property-24.scss    |    2 +-
 .../styles/base/icons/icons/mesh/index.scss   |    2 +-
 .../base/icons/icons/mesh/keyframes.scss      |    2 +-
 .../base/icons/icons/mesh/placeholders.scss   |    2 +-
 .../base/icons/icons/mesh/property-16.scss    |    2 +-
 .../base/icons/icons/mesh/property-24.scss    |    2 +-
 .../icons/message-circle-fill/index.scss      |    2 +-
 .../icons/message-circle-fill/keyframes.scss  |    2 +-
 .../message-circle-fill/placeholders.scss     |    2 +-
 .../message-circle-fill/property-16.scss      |    2 +-
 .../message-circle-fill/property-24.scss      |    2 +-
 .../icons/icons/message-circle/index.scss     |    2 +-
 .../icons/icons/message-circle/keyframes.scss |    2 +-
 .../icons/message-circle/placeholders.scss    |    2 +-
 .../icons/message-circle/property-16.scss     |    2 +-
 .../icons/message-circle/property-24.scss     |    2 +-
 .../icons/message-square-fill/index.scss      |    2 +-
 .../icons/message-square-fill/keyframes.scss  |    2 +-
 .../message-square-fill/placeholders.scss     |    2 +-
 .../message-square-fill/property-16.scss      |    2 +-
 .../message-square-fill/property-24.scss      |    2 +-
 .../icons/icons/message-square/index.scss     |    2 +-
 .../icons/icons/message-square/keyframes.scss |    2 +-
 .../icons/message-square/placeholders.scss    |    2 +-
 .../icons/message-square/property-16.scss     |    2 +-
 .../icons/message-square/property-24.scss     |    2 +-
 .../base/icons/icons/message/index.scss       |    2 +-
 .../base/icons/icons/message/keyframes.scss   |    2 +-
 .../icons/icons/message/placeholders.scss     |    2 +-
 .../base/icons/icons/mic-off/index.scss       |    2 +-
 .../base/icons/icons/mic-off/keyframes.scss   |    2 +-
 .../icons/icons/mic-off/placeholders.scss     |    2 +-
 .../base/icons/icons/mic-off/property-16.scss |    2 +-
 .../base/icons/icons/mic-off/property-24.scss |    2 +-
 .../styles/base/icons/icons/mic/index.scss    |    2 +-
 .../base/icons/icons/mic/keyframes.scss       |    2 +-
 .../base/icons/icons/mic/placeholders.scss    |    2 +-
 .../base/icons/icons/mic/property-16.scss     |    2 +-
 .../base/icons/icons/mic/property-24.scss     |    2 +-
 .../icons/icons/microsoft-color/index.scss    |    2 +-
 .../icons/microsoft-color/keyframes.scss      |    2 +-
 .../icons/microsoft-color/placeholders.scss   |    2 +-
 .../icons/microsoft-color/property-16.scss    |    2 +-
 .../icons/microsoft-color/property-24.scss    |    2 +-
 .../base/icons/icons/microsoft/index.scss     |    2 +-
 .../base/icons/icons/microsoft/keyframes.scss |    2 +-
 .../icons/icons/microsoft/placeholders.scss   |    2 +-
 .../icons/icons/microsoft/property-16.scss    |    2 +-
 .../icons/icons/microsoft/property-24.scss    |    2 +-
 .../base/icons/icons/migrate/index.scss       |    2 +-
 .../base/icons/icons/migrate/keyframes.scss   |    2 +-
 .../icons/icons/migrate/placeholders.scss     |    2 +-
 .../base/icons/icons/migrate/property-16.scss |    2 +-
 .../base/icons/icons/migrate/property-24.scss |    2 +-
 .../base/icons/icons/minimize-alt/index.scss  |    2 +-
 .../icons/icons/minimize-alt/keyframes.scss   |    2 +-
 .../icons/minimize-alt/placeholders.scss      |    2 +-
 .../icons/icons/minimize-alt/property-16.scss |    2 +-
 .../icons/icons/minimize-alt/property-24.scss |    2 +-
 .../base/icons/icons/minimize/index.scss      |    2 +-
 .../base/icons/icons/minimize/keyframes.scss  |    2 +-
 .../icons/icons/minimize/placeholders.scss    |    2 +-
 .../icons/icons/minimize/property-16.scss     |    2 +-
 .../icons/icons/minimize/property-24.scss     |    2 +-
 .../icons/icons/minus-circle-fill/index.scss  |    2 +-
 .../icons/minus-circle-fill/keyframes.scss    |    2 +-
 .../icons/minus-circle-fill/placeholders.scss |    2 +-
 .../icons/minus-circle-outline/index.scss     |    2 +-
 .../icons/minus-circle-outline/keyframes.scss |    2 +-
 .../minus-circle-outline/placeholders.scss    |    2 +-
 .../base/icons/icons/minus-circle/index.scss  |    2 +-
 .../icons/icons/minus-circle/keyframes.scss   |    2 +-
 .../icons/minus-circle/placeholders.scss      |    2 +-
 .../icons/icons/minus-circle/property-16.scss |    2 +-
 .../icons/icons/minus-circle/property-24.scss |    2 +-
 .../base/icons/icons/minus-plain/index.scss   |    2 +-
 .../icons/icons/minus-plain/keyframes.scss    |    2 +-
 .../icons/icons/minus-plain/placeholders.scss |    2 +-
 .../icons/icons/minus-plus-circle/index.scss  |    2 +-
 .../icons/minus-plus-circle/keyframes.scss    |    2 +-
 .../icons/minus-plus-circle/placeholders.scss |    2 +-
 .../icons/minus-plus-circle/property-16.scss  |    2 +-
 .../icons/minus-plus-circle/property-24.scss  |    2 +-
 .../icons/icons/minus-plus-square/index.scss  |    2 +-
 .../icons/minus-plus-square/keyframes.scss    |    2 +-
 .../icons/minus-plus-square/placeholders.scss |    2 +-
 .../icons/minus-plus-square/property-16.scss  |    2 +-
 .../icons/minus-plus-square/property-24.scss  |    2 +-
 .../base/icons/icons/minus-plus/index.scss    |    2 +-
 .../icons/icons/minus-plus/keyframes.scss     |    2 +-
 .../icons/icons/minus-plus/placeholders.scss  |    2 +-
 .../icons/icons/minus-plus/property-16.scss   |    2 +-
 .../icons/icons/minus-plus/property-24.scss   |    2 +-
 .../icons/icons/minus-square-fill/index.scss  |    2 +-
 .../icons/minus-square-fill/keyframes.scss    |    2 +-
 .../icons/minus-square-fill/placeholders.scss |    2 +-
 .../base/icons/icons/minus-square/index.scss  |    2 +-
 .../icons/icons/minus-square/keyframes.scss   |    2 +-
 .../icons/minus-square/placeholders.scss      |    2 +-
 .../icons/icons/minus-square/property-16.scss |    2 +-
 .../icons/icons/minus-square/property-24.scss |    2 +-
 .../styles/base/icons/icons/minus/index.scss  |    2 +-
 .../base/icons/icons/minus/keyframes.scss     |    2 +-
 .../base/icons/icons/minus/placeholders.scss  |    2 +-
 .../base/icons/icons/minus/property-16.scss   |    2 +-
 .../base/icons/icons/minus/property-24.scss   |    2 +-
 .../styles/base/icons/icons/module/index.scss |    2 +-
 .../base/icons/icons/module/keyframes.scss    |    2 +-
 .../base/icons/icons/module/placeholders.scss |    2 +-
 .../base/icons/icons/module/property-16.scss  |    2 +-
 .../base/icons/icons/module/property-24.scss  |    2 +-
 .../base/icons/icons/monitor/index.scss       |    2 +-
 .../base/icons/icons/monitor/keyframes.scss   |    2 +-
 .../icons/icons/monitor/placeholders.scss     |    2 +-
 .../base/icons/icons/monitor/property-16.scss |    2 +-
 .../base/icons/icons/monitor/property-24.scss |    2 +-
 .../styles/base/icons/icons/moon/index.scss   |    2 +-
 .../base/icons/icons/moon/keyframes.scss      |    2 +-
 .../base/icons/icons/moon/placeholders.scss   |    2 +-
 .../base/icons/icons/moon/property-16.scss    |    2 +-
 .../base/icons/icons/moon/property-24.scss    |    2 +-
 .../icons/icons/more-horizontal/index.scss    |    2 +-
 .../icons/more-horizontal/keyframes.scss      |    2 +-
 .../icons/more-horizontal/placeholders.scss   |    2 +-
 .../icons/more-horizontal/property-16.scss    |    2 +-
 .../icons/more-horizontal/property-24.scss    |    2 +-
 .../base/icons/icons/more-vertical/index.scss |    2 +-
 .../icons/icons/more-vertical/keyframes.scss  |    2 +-
 .../icons/more-vertical/placeholders.scss     |    2 +-
 .../icons/more-vertical/property-16.scss      |    2 +-
 .../icons/more-vertical/property-24.scss      |    2 +-
 .../base/icons/icons/mouse-pointer/index.scss |    2 +-
 .../icons/icons/mouse-pointer/keyframes.scss  |    2 +-
 .../icons/mouse-pointer/placeholders.scss     |    2 +-
 .../icons/mouse-pointer/property-16.scss      |    2 +-
 .../icons/mouse-pointer/property-24.scss      |    2 +-
 .../styles/base/icons/icons/move/index.scss   |    2 +-
 .../base/icons/icons/move/keyframes.scss      |    2 +-
 .../base/icons/icons/move/placeholders.scss   |    2 +-
 .../base/icons/icons/move/property-16.scss    |    2 +-
 .../base/icons/icons/move/property-24.scss    |    2 +-
 .../styles/base/icons/icons/music/index.scss  |    2 +-
 .../base/icons/icons/music/keyframes.scss     |    2 +-
 .../base/icons/icons/music/placeholders.scss  |    2 +-
 .../base/icons/icons/music/property-16.scss   |    2 +-
 .../base/icons/icons/music/property-24.scss   |    2 +-
 .../icons/icons/navigation-alt/index.scss     |    2 +-
 .../icons/icons/navigation-alt/keyframes.scss |    2 +-
 .../icons/navigation-alt/placeholders.scss    |    2 +-
 .../icons/navigation-alt/property-16.scss     |    2 +-
 .../icons/navigation-alt/property-24.scss     |    2 +-
 .../base/icons/icons/navigation/index.scss    |    2 +-
 .../icons/icons/navigation/keyframes.scss     |    2 +-
 .../icons/icons/navigation/placeholders.scss  |    2 +-
 .../icons/icons/navigation/property-16.scss   |    2 +-
 .../icons/icons/navigation/property-24.scss   |    2 +-
 .../base/icons/icons/network-alt/index.scss   |    2 +-
 .../icons/icons/network-alt/keyframes.scss    |    2 +-
 .../icons/icons/network-alt/placeholders.scss |    2 +-
 .../icons/icons/network-alt/property-16.scss  |    2 +-
 .../icons/icons/network-alt/property-24.scss  |    2 +-
 .../base/icons/icons/network/index.scss       |    2 +-
 .../base/icons/icons/network/keyframes.scss   |    2 +-
 .../icons/icons/network/placeholders.scss     |    2 +-
 .../base/icons/icons/network/property-16.scss |    2 +-
 .../base/icons/icons/network/property-24.scss |    2 +-
 .../base/icons/icons/newspaper/index.scss     |    2 +-
 .../base/icons/icons/newspaper/keyframes.scss |    2 +-
 .../icons/icons/newspaper/placeholders.scss   |    2 +-
 .../icons/icons/newspaper/property-16.scss    |    2 +-
 .../icons/icons/newspaper/property-24.scss    |    2 +-
 .../styles/base/icons/icons/node/index.scss   |    2 +-
 .../base/icons/icons/node/keyframes.scss      |    2 +-
 .../base/icons/icons/node/placeholders.scss   |    2 +-
 .../base/icons/icons/node/property-16.scss    |    2 +-
 .../base/icons/icons/node/property-24.scss    |    2 +-
 .../base/icons/icons/nomad-color/index.scss   |    2 +-
 .../icons/icons/nomad-color/keyframes.scss    |    2 +-
 .../icons/icons/nomad-color/placeholders.scss |    2 +-
 .../icons/icons/nomad-color/property-16.scss  |    2 +-
 .../icons/icons/nomad-color/property-24.scss  |    2 +-
 .../styles/base/icons/icons/nomad/index.scss  |    2 +-
 .../base/icons/icons/nomad/keyframes.scss     |    2 +-
 .../base/icons/icons/nomad/placeholders.scss  |    2 +-
 .../base/icons/icons/nomad/property-16.scss   |    2 +-
 .../base/icons/icons/nomad/property-24.scss   |    2 +-
 .../icons/notification-disabled/index.scss    |    2 +-
 .../notification-disabled/keyframes.scss      |    2 +-
 .../notification-disabled/placeholders.scss   |    2 +-
 .../icons/icons/notification-fill/index.scss  |    2 +-
 .../icons/notification-fill/keyframes.scss    |    2 +-
 .../icons/notification-fill/placeholders.scss |    2 +-
 .../icons/notification-outline/index.scss     |    2 +-
 .../icons/notification-outline/keyframes.scss |    2 +-
 .../notification-outline/placeholders.scss    |    2 +-
 .../base/icons/icons/octagon/index.scss       |    2 +-
 .../base/icons/icons/octagon/keyframes.scss   |    2 +-
 .../icons/icons/octagon/placeholders.scss     |    2 +-
 .../base/icons/icons/octagon/property-16.scss |    2 +-
 .../base/icons/icons/octagon/property-24.scss |    2 +-
 .../base/icons/icons/okta-color/index.scss    |    2 +-
 .../icons/icons/okta-color/keyframes.scss     |    2 +-
 .../icons/icons/okta-color/placeholders.scss  |    2 +-
 .../icons/icons/okta-color/property-16.scss   |    2 +-
 .../icons/icons/okta-color/property-24.scss   |    2 +-
 .../styles/base/icons/icons/okta/index.scss   |    2 +-
 .../base/icons/icons/okta/keyframes.scss      |    2 +-
 .../base/icons/icons/okta/placeholders.scss   |    2 +-
 .../base/icons/icons/okta/property-16.scss    |    2 +-
 .../base/icons/icons/okta/property-24.scss    |    2 +-
 .../base/icons/icons/oracle-color/index.scss  |    2 +-
 .../icons/icons/oracle-color/keyframes.scss   |    2 +-
 .../icons/oracle-color/placeholders.scss      |    2 +-
 .../icons/icons/oracle-color/property-16.scss |    2 +-
 .../icons/icons/oracle-color/property-24.scss |    2 +-
 .../styles/base/icons/icons/oracle/index.scss |    2 +-
 .../base/icons/icons/oracle/keyframes.scss    |    2 +-
 .../base/icons/icons/oracle/placeholders.scss |    2 +-
 .../base/icons/icons/oracle/property-16.scss  |    2 +-
 .../base/icons/icons/oracle/property-24.scss  |    2 +-
 .../styles/base/icons/icons/org/index.scss    |    2 +-
 .../base/icons/icons/org/keyframes.scss       |    2 +-
 .../base/icons/icons/org/placeholders.scss    |    2 +-
 .../base/icons/icons/org/property-16.scss     |    2 +-
 .../base/icons/icons/org/property-24.scss     |    2 +-
 .../base/icons/icons/outline/index.scss       |    2 +-
 .../base/icons/icons/outline/keyframes.scss   |    2 +-
 .../icons/icons/outline/placeholders.scss     |    2 +-
 .../base/icons/icons/outline/property-16.scss |    2 +-
 .../base/icons/icons/outline/property-24.scss |    2 +-
 .../base/icons/icons/pack-color/index.scss    |    2 +-
 .../icons/icons/pack-color/keyframes.scss     |    2 +-
 .../icons/icons/pack-color/placeholders.scss  |    2 +-
 .../icons/icons/pack-color/property-16.scss   |    2 +-
 .../icons/icons/pack-color/property-24.scss   |    2 +-
 .../styles/base/icons/icons/pack/index.scss   |    2 +-
 .../base/icons/icons/pack/keyframes.scss      |    2 +-
 .../base/icons/icons/pack/placeholders.scss   |    2 +-
 .../base/icons/icons/pack/property-16.scss    |    2 +-
 .../base/icons/icons/pack/property-24.scss    |    2 +-
 .../base/icons/icons/package/index.scss       |    2 +-
 .../base/icons/icons/package/keyframes.scss   |    2 +-
 .../icons/icons/package/placeholders.scss     |    2 +-
 .../base/icons/icons/package/property-16.scss |    2 +-
 .../base/icons/icons/package/property-24.scss |    2 +-
 .../base/icons/icons/packer-color/index.scss  |    2 +-
 .../icons/icons/packer-color/keyframes.scss   |    2 +-
 .../icons/packer-color/placeholders.scss      |    2 +-
 .../icons/icons/packer-color/property-16.scss |    2 +-
 .../icons/icons/packer-color/property-24.scss |    2 +-
 .../styles/base/icons/icons/packer/index.scss |    2 +-
 .../base/icons/icons/packer/keyframes.scss    |    2 +-
 .../base/icons/icons/packer/placeholders.scss |    2 +-
 .../base/icons/icons/packer/property-16.scss  |    2 +-
 .../base/icons/icons/packer/property-24.scss  |    2 +-
 .../base/icons/icons/page-outline/index.scss  |    2 +-
 .../icons/icons/page-outline/keyframes.scss   |    2 +-
 .../icons/page-outline/placeholders.scss      |    2 +-
 .../base/icons/icons/paperclip/index.scss     |    2 +-
 .../base/icons/icons/paperclip/keyframes.scss |    2 +-
 .../icons/icons/paperclip/placeholders.scss   |    2 +-
 .../icons/icons/paperclip/property-16.scss    |    2 +-
 .../icons/icons/paperclip/property-24.scss    |    2 +-
 .../base/icons/icons/partner/index.scss       |    2 +-
 .../base/icons/icons/partner/keyframes.scss   |    2 +-
 .../icons/icons/partner/placeholders.scss     |    2 +-
 .../styles/base/icons/icons/path/index.scss   |    2 +-
 .../base/icons/icons/path/keyframes.scss      |    2 +-
 .../base/icons/icons/path/placeholders.scss   |    2 +-
 .../base/icons/icons/path/property-16.scss    |    2 +-
 .../base/icons/icons/path/property-24.scss    |    2 +-
 .../base/icons/icons/pause-circle/index.scss  |    2 +-
 .../icons/icons/pause-circle/keyframes.scss   |    2 +-
 .../icons/pause-circle/placeholders.scss      |    2 +-
 .../icons/icons/pause-circle/property-16.scss |    2 +-
 .../icons/icons/pause-circle/property-24.scss |    2 +-
 .../styles/base/icons/icons/pause/index.scss  |    2 +-
 .../base/icons/icons/pause/keyframes.scss     |    2 +-
 .../base/icons/icons/pause/placeholders.scss  |    2 +-
 .../base/icons/icons/pause/property-16.scss   |    2 +-
 .../base/icons/icons/pause/property-24.scss   |    2 +-
 .../base/icons/icons/pen-tool/index.scss      |    2 +-
 .../base/icons/icons/pen-tool/keyframes.scss  |    2 +-
 .../icons/icons/pen-tool/placeholders.scss    |    2 +-
 .../icons/icons/pen-tool/property-16.scss     |    2 +-
 .../icons/icons/pen-tool/property-24.scss     |    2 +-
 .../base/icons/icons/pencil-tool/index.scss   |    2 +-
 .../icons/icons/pencil-tool/keyframes.scss    |    2 +-
 .../icons/icons/pencil-tool/placeholders.scss |    2 +-
 .../icons/icons/pencil-tool/property-16.scss  |    2 +-
 .../icons/icons/pencil-tool/property-24.scss  |    2 +-
 .../base/icons/icons/phone-call/index.scss    |    2 +-
 .../icons/icons/phone-call/keyframes.scss     |    2 +-
 .../icons/icons/phone-call/placeholders.scss  |    2 +-
 .../icons/icons/phone-call/property-16.scss   |    2 +-
 .../icons/icons/phone-call/property-24.scss   |    2 +-
 .../base/icons/icons/phone-off/index.scss     |    2 +-
 .../base/icons/icons/phone-off/keyframes.scss |    2 +-
 .../icons/icons/phone-off/placeholders.scss   |    2 +-
 .../icons/icons/phone-off/property-16.scss    |    2 +-
 .../icons/icons/phone-off/property-24.scss    |    2 +-
 .../styles/base/icons/icons/phone/index.scss  |    2 +-
 .../base/icons/icons/phone/keyframes.scss     |    2 +-
 .../base/icons/icons/phone/placeholders.scss  |    2 +-
 .../base/icons/icons/phone/property-16.scss   |    2 +-
 .../base/icons/icons/phone/property-24.scss   |    2 +-
 .../base/icons/icons/pie-chart/index.scss     |    2 +-
 .../base/icons/icons/pie-chart/keyframes.scss |    2 +-
 .../icons/icons/pie-chart/placeholders.scss   |    2 +-
 .../icons/icons/pie-chart/property-16.scss    |    2 +-
 .../icons/icons/pie-chart/property-24.scss    |    2 +-
 .../styles/base/icons/icons/pin/index.scss    |    2 +-
 .../base/icons/icons/pin/keyframes.scss       |    2 +-
 .../base/icons/icons/pin/placeholders.scss    |    2 +-
 .../base/icons/icons/pin/property-16.scss     |    2 +-
 .../base/icons/icons/pin/property-24.scss     |    2 +-
 .../base/icons/icons/play-circle/index.scss   |    2 +-
 .../icons/icons/play-circle/keyframes.scss    |    2 +-
 .../icons/icons/play-circle/placeholders.scss |    2 +-
 .../icons/icons/play-circle/property-16.scss  |    2 +-
 .../icons/icons/play-circle/property-24.scss  |    2 +-
 .../base/icons/icons/play-fill/index.scss     |    2 +-
 .../base/icons/icons/play-fill/keyframes.scss |    2 +-
 .../icons/icons/play-fill/placeholders.scss   |    2 +-
 .../base/icons/icons/play-outline/index.scss  |    2 +-
 .../icons/icons/play-outline/keyframes.scss   |    2 +-
 .../icons/play-outline/placeholders.scss      |    2 +-
 .../base/icons/icons/play-plain/index.scss    |    2 +-
 .../icons/icons/play-plain/keyframes.scss     |    2 +-
 .../icons/icons/play-plain/placeholders.scss  |    2 +-
 .../styles/base/icons/icons/play/index.scss   |    2 +-
 .../base/icons/icons/play/keyframes.scss      |    2 +-
 .../base/icons/icons/play/placeholders.scss   |    2 +-
 .../base/icons/icons/play/property-16.scss    |    2 +-
 .../base/icons/icons/play/property-24.scss    |    2 +-
 .../icons/icons/plus-circle-fill/index.scss   |    2 +-
 .../icons/plus-circle-fill/keyframes.scss     |    2 +-
 .../icons/plus-circle-fill/placeholders.scss  |    2 +-
 .../icons/plus-circle-outline/index.scss      |    2 +-
 .../icons/plus-circle-outline/keyframes.scss  |    2 +-
 .../plus-circle-outline/placeholders.scss     |    2 +-
 .../base/icons/icons/plus-circle/index.scss   |    2 +-
 .../icons/icons/plus-circle/keyframes.scss    |    2 +-
 .../icons/icons/plus-circle/placeholders.scss |    2 +-
 .../icons/icons/plus-circle/property-16.scss  |    2 +-
 .../icons/icons/plus-circle/property-24.scss  |    2 +-
 .../base/icons/icons/plus-plain/index.scss    |    2 +-
 .../icons/icons/plus-plain/keyframes.scss     |    2 +-
 .../icons/icons/plus-plain/placeholders.scss  |    2 +-
 .../icons/icons/plus-square-fill/index.scss   |    2 +-
 .../icons/plus-square-fill/keyframes.scss     |    2 +-
 .../icons/plus-square-fill/placeholders.scss  |    2 +-
 .../base/icons/icons/plus-square/index.scss   |    2 +-
 .../icons/icons/plus-square/keyframes.scss    |    2 +-
 .../icons/icons/plus-square/placeholders.scss |    2 +-
 .../icons/icons/plus-square/property-16.scss  |    2 +-
 .../icons/icons/plus-square/property-24.scss  |    2 +-
 .../styles/base/icons/icons/plus/index.scss   |    2 +-
 .../base/icons/icons/plus/keyframes.scss      |    2 +-
 .../base/icons/icons/plus/placeholders.scss   |    2 +-
 .../base/icons/icons/plus/property-16.scss    |    2 +-
 .../base/icons/icons/plus/property-24.scss    |    2 +-
 .../styles/base/icons/icons/port/index.scss   |    2 +-
 .../base/icons/icons/port/keyframes.scss      |    2 +-
 .../base/icons/icons/port/placeholders.scss   |    2 +-
 .../base/icons/icons/port/property-16.scss    |    2 +-
 .../base/icons/icons/port/property-24.scss    |    2 +-
 .../styles/base/icons/icons/power/index.scss  |    2 +-
 .../base/icons/icons/power/keyframes.scss     |    2 +-
 .../base/icons/icons/power/placeholders.scss  |    2 +-
 .../base/icons/icons/power/property-16.scss   |    2 +-
 .../base/icons/icons/power/property-24.scss   |    2 +-
 .../base/icons/icons/printer/index.scss       |    2 +-
 .../base/icons/icons/printer/keyframes.scss   |    2 +-
 .../icons/icons/printer/placeholders.scss     |    2 +-
 .../base/icons/icons/printer/property-16.scss |    2 +-
 .../base/icons/icons/printer/property-24.scss |    2 +-
 .../base/icons/icons/protocol/index.scss      |    2 +-
 .../base/icons/icons/protocol/keyframes.scss  |    2 +-
 .../icons/icons/protocol/placeholders.scss    |    2 +-
 .../icons/icons/protocol/property-16.scss     |    2 +-
 .../icons/icons/protocol/property-24.scss     |    2 +-
 .../base/icons/icons/provider/index.scss      |    2 +-
 .../base/icons/icons/provider/keyframes.scss  |    2 +-
 .../icons/icons/provider/placeholders.scss    |    2 +-
 .../icons/icons/provider/property-16.scss     |    2 +-
 .../icons/icons/provider/property-24.scss     |    2 +-
 .../icons/icons/public-default/index.scss     |    2 +-
 .../icons/icons/public-default/keyframes.scss |    2 +-
 .../icons/public-default/placeholders.scss    |    2 +-
 .../base/icons/icons/public-locked/index.scss |    2 +-
 .../icons/icons/public-locked/keyframes.scss  |    2 +-
 .../icons/public-locked/placeholders.scss     |    2 +-
 .../styles/base/icons/icons/queue/index.scss  |    2 +-
 .../base/icons/icons/queue/keyframes.scss     |    2 +-
 .../base/icons/icons/queue/placeholders.scss  |    2 +-
 .../base/icons/icons/queue/property-16.scss   |    2 +-
 .../base/icons/icons/queue/property-24.scss   |    2 +-
 .../icons/radio-button-checked/index.scss     |    2 +-
 .../icons/radio-button-checked/keyframes.scss |    2 +-
 .../radio-button-checked/placeholders.scss    |    2 +-
 .../icons/radio-button-unchecked/index.scss   |    2 +-
 .../radio-button-unchecked/keyframes.scss     |    2 +-
 .../radio-button-unchecked/placeholders.scss  |    2 +-
 .../styles/base/icons/icons/radio/index.scss  |    2 +-
 .../base/icons/icons/radio/keyframes.scss     |    2 +-
 .../base/icons/icons/radio/placeholders.scss  |    2 +-
 .../base/icons/icons/radio/property-16.scss   |    2 +-
 .../base/icons/icons/radio/property-24.scss   |    2 +-
 .../styles/base/icons/icons/random/index.scss |    2 +-
 .../base/icons/icons/random/keyframes.scss    |    2 +-
 .../base/icons/icons/random/placeholders.scss |    2 +-
 .../base/icons/icons/random/property-16.scss  |    2 +-
 .../base/icons/icons/random/property-24.scss  |    2 +-
 .../base/icons/icons/redirect/index.scss      |    2 +-
 .../base/icons/icons/redirect/keyframes.scss  |    2 +-
 .../icons/icons/redirect/placeholders.scss    |    2 +-
 .../icons/icons/redirect/property-16.scss     |    2 +-
 .../icons/icons/redirect/property-24.scss     |    2 +-
 .../base/icons/icons/refresh-alert/index.scss |    2 +-
 .../icons/icons/refresh-alert/keyframes.scss  |    2 +-
 .../icons/refresh-alert/placeholders.scss     |    2 +-
 .../icons/icons/refresh-default/index.scss    |    2 +-
 .../icons/refresh-default/keyframes.scss      |    2 +-
 .../icons/refresh-default/placeholders.scss   |    2 +-
 .../styles/base/icons/icons/reload/index.scss |    2 +-
 .../base/icons/icons/reload/keyframes.scss    |    2 +-
 .../base/icons/icons/reload/placeholders.scss |    2 +-
 .../base/icons/icons/reload/property-16.scss  |    2 +-
 .../base/icons/icons/reload/property-24.scss  |    2 +-
 .../styles/base/icons/icons/remix/index.scss  |    2 +-
 .../base/icons/icons/remix/keyframes.scss     |    2 +-
 .../base/icons/icons/remix/placeholders.scss  |    2 +-
 .../styles/base/icons/icons/repeat/index.scss |    2 +-
 .../base/icons/icons/repeat/keyframes.scss    |    2 +-
 .../base/icons/icons/repeat/placeholders.scss |    2 +-
 .../base/icons/icons/repeat/property-16.scss  |    2 +-
 .../base/icons/icons/repeat/property-24.scss  |    2 +-
 .../icons/icons/replication-direct/index.scss |    2 +-
 .../icons/replication-direct/keyframes.scss   |    2 +-
 .../replication-direct/placeholders.scss      |    2 +-
 .../icons/replication-direct/property-16.scss |    2 +-
 .../icons/replication-direct/property-24.scss |    2 +-
 .../icons/icons/replication-perf/index.scss   |    2 +-
 .../icons/replication-perf/keyframes.scss     |    2 +-
 .../icons/replication-perf/placeholders.scss  |    2 +-
 .../icons/replication-perf/property-16.scss   |    2 +-
 .../icons/replication-perf/property-24.scss   |    2 +-
 .../styles/base/icons/icons/rewind/index.scss |    2 +-
 .../base/icons/icons/rewind/keyframes.scss    |    2 +-
 .../base/icons/icons/rewind/placeholders.scss |    2 +-
 .../base/icons/icons/rewind/property-16.scss  |    2 +-
 .../base/icons/icons/rewind/property-24.scss  |    2 +-
 .../styles/base/icons/icons/ribbon/index.scss |    2 +-
 .../base/icons/icons/ribbon/keyframes.scss    |    2 +-
 .../base/icons/icons/ribbon/placeholders.scss |    2 +-
 .../styles/base/icons/icons/rocket/index.scss |    2 +-
 .../base/icons/icons/rocket/keyframes.scss    |    2 +-
 .../base/icons/icons/rocket/placeholders.scss |    2 +-
 .../base/icons/icons/rocket/property-16.scss  |    2 +-
 .../base/icons/icons/rocket/property-24.scss  |    2 +-
 .../base/icons/icons/rotate-ccw/index.scss    |    2 +-
 .../icons/icons/rotate-ccw/keyframes.scss     |    2 +-
 .../icons/icons/rotate-ccw/placeholders.scss  |    2 +-
 .../icons/icons/rotate-ccw/property-16.scss   |    2 +-
 .../icons/icons/rotate-ccw/property-24.scss   |    2 +-
 .../base/icons/icons/rotate-cw/index.scss     |    2 +-
 .../base/icons/icons/rotate-cw/keyframes.scss |    2 +-
 .../icons/icons/rotate-cw/placeholders.scss   |    2 +-
 .../icons/icons/rotate-cw/property-16.scss    |    2 +-
 .../icons/icons/rotate-cw/property-24.scss    |    2 +-
 .../styles/base/icons/icons/rss/index.scss    |    2 +-
 .../base/icons/icons/rss/keyframes.scss       |    2 +-
 .../base/icons/icons/rss/placeholders.scss    |    2 +-
 .../base/icons/icons/rss/property-16.scss     |    2 +-
 .../base/icons/icons/rss/property-24.scss     |    2 +-
 .../styles/base/icons/icons/run/index.scss    |    2 +-
 .../base/icons/icons/run/keyframes.scss       |    2 +-
 .../base/icons/icons/run/placeholders.scss    |    2 +-
 .../base/icons/icons/run/property-16.scss     |    2 +-
 .../base/icons/icons/run/property-24.scss     |    2 +-
 .../base/icons/icons/running/index.scss       |    2 +-
 .../base/icons/icons/running/keyframes.scss   |    2 +-
 .../icons/icons/running/placeholders.scss     |    2 +-
 .../base/icons/icons/running/property-16.scss |    2 +-
 .../base/icons/icons/running/property-24.scss |    2 +-
 .../styles/base/icons/icons/save/index.scss   |    2 +-
 .../base/icons/icons/save/keyframes.scss      |    2 +-
 .../base/icons/icons/save/placeholders.scss   |    2 +-
 .../base/icons/icons/save/property-16.scss    |    2 +-
 .../base/icons/icons/save/property-24.scss    |    2 +-
 .../base/icons/icons/scissors/index.scss      |    2 +-
 .../base/icons/icons/scissors/keyframes.scss  |    2 +-
 .../icons/icons/scissors/placeholders.scss    |    2 +-
 .../icons/icons/scissors/property-16.scss     |    2 +-
 .../icons/icons/scissors/property-24.scss     |    2 +-
 .../base/icons/icons/search-color/index.scss  |    2 +-
 .../icons/icons/search-color/keyframes.scss   |    2 +-
 .../icons/search-color/placeholders.scss      |    2 +-
 .../icons/icons/search-color/property-16.scss |    2 +-
 .../icons/icons/search-color/property-24.scss |    2 +-
 .../styles/base/icons/icons/search/index.scss |    2 +-
 .../base/icons/icons/search/keyframes.scss    |    2 +-
 .../base/icons/icons/search/placeholders.scss |    2 +-
 .../base/icons/icons/search/property-16.scss  |    2 +-
 .../base/icons/icons/search/property-24.scss  |    2 +-
 .../styles/base/icons/icons/send/index.scss   |    2 +-
 .../base/icons/icons/send/keyframes.scss      |    2 +-
 .../base/icons/icons/send/placeholders.scss   |    2 +-
 .../base/icons/icons/send/property-16.scss    |    2 +-
 .../base/icons/icons/send/property-24.scss    |    2 +-
 .../icons/icons/server-cluster/index.scss     |    2 +-
 .../icons/icons/server-cluster/keyframes.scss |    2 +-
 .../icons/server-cluster/placeholders.scss    |    2 +-
 .../icons/server-cluster/property-16.scss     |    2 +-
 .../icons/server-cluster/property-24.scss     |    2 +-
 .../styles/base/icons/icons/server/index.scss |    2 +-
 .../base/icons/icons/server/keyframes.scss    |    2 +-
 .../base/icons/icons/server/placeholders.scss |    2 +-
 .../base/icons/icons/server/property-16.scss  |    2 +-
 .../base/icons/icons/server/property-24.scss  |    2 +-
 .../base/icons/icons/serverless/index.scss    |    2 +-
 .../icons/icons/serverless/keyframes.scss     |    2 +-
 .../icons/icons/serverless/placeholders.scss  |    2 +-
 .../icons/icons/serverless/property-16.scss   |    2 +-
 .../icons/icons/serverless/property-24.scss   |    2 +-
 .../base/icons/icons/settings/index.scss      |    2 +-
 .../base/icons/icons/settings/keyframes.scss  |    2 +-
 .../icons/icons/settings/placeholders.scss    |    2 +-
 .../icons/icons/settings/property-16.scss     |    2 +-
 .../icons/icons/settings/property-24.scss     |    2 +-
 .../styles/base/icons/icons/share/index.scss  |    2 +-
 .../base/icons/icons/share/keyframes.scss     |    2 +-
 .../base/icons/icons/share/placeholders.scss  |    2 +-
 .../base/icons/icons/share/property-16.scss   |    2 +-
 .../base/icons/icons/share/property-24.scss   |    2 +-
 .../base/icons/icons/shield-alert/index.scss  |    2 +-
 .../icons/icons/shield-alert/keyframes.scss   |    2 +-
 .../icons/shield-alert/placeholders.scss      |    2 +-
 .../icons/icons/shield-alert/property-16.scss |    2 +-
 .../icons/icons/shield-alert/property-24.scss |    2 +-
 .../base/icons/icons/shield-check/index.scss  |    2 +-
 .../icons/icons/shield-check/keyframes.scss   |    2 +-
 .../icons/shield-check/placeholders.scss      |    2 +-
 .../icons/icons/shield-check/property-16.scss |    2 +-
 .../icons/icons/shield-check/property-24.scss |    2 +-
 .../base/icons/icons/shield-off/index.scss    |    2 +-
 .../icons/icons/shield-off/keyframes.scss     |    2 +-
 .../icons/icons/shield-off/placeholders.scss  |    2 +-
 .../icons/icons/shield-off/property-16.scss   |    2 +-
 .../icons/icons/shield-off/property-24.scss   |    2 +-
 .../base/icons/icons/shield-x/index.scss      |    2 +-
 .../base/icons/icons/shield-x/keyframes.scss  |    2 +-
 .../icons/icons/shield-x/placeholders.scss    |    2 +-
 .../icons/icons/shield-x/property-16.scss     |    2 +-
 .../icons/icons/shield-x/property-24.scss     |    2 +-
 .../styles/base/icons/icons/shield/index.scss |    2 +-
 .../base/icons/icons/shield/keyframes.scss    |    2 +-
 .../base/icons/icons/shield/placeholders.scss |    2 +-
 .../base/icons/icons/shield/property-16.scss  |    2 +-
 .../base/icons/icons/shield/property-24.scss  |    2 +-
 .../base/icons/icons/shopping-bag/index.scss  |    2 +-
 .../icons/icons/shopping-bag/keyframes.scss   |    2 +-
 .../icons/shopping-bag/placeholders.scss      |    2 +-
 .../icons/icons/shopping-bag/property-16.scss |    2 +-
 .../icons/icons/shopping-bag/property-24.scss |    2 +-
 .../base/icons/icons/shopping-cart/index.scss |    2 +-
 .../icons/icons/shopping-cart/keyframes.scss  |    2 +-
 .../icons/shopping-cart/placeholders.scss     |    2 +-
 .../icons/shopping-cart/property-16.scss      |    2 +-
 .../icons/shopping-cart/property-24.scss      |    2 +-
 .../base/icons/icons/shuffle/index.scss       |    2 +-
 .../base/icons/icons/shuffle/keyframes.scss   |    2 +-
 .../icons/icons/shuffle/placeholders.scss     |    2 +-
 .../base/icons/icons/shuffle/property-16.scss |    2 +-
 .../base/icons/icons/shuffle/property-24.scss |    2 +-
 .../base/icons/icons/sidebar-hide/index.scss  |    2 +-
 .../icons/icons/sidebar-hide/keyframes.scss   |    2 +-
 .../icons/sidebar-hide/placeholders.scss      |    2 +-
 .../icons/icons/sidebar-hide/property-16.scss |    2 +-
 .../icons/icons/sidebar-hide/property-24.scss |    2 +-
 .../base/icons/icons/sidebar-show/index.scss  |    2 +-
 .../icons/icons/sidebar-show/keyframes.scss   |    2 +-
 .../icons/sidebar-show/placeholders.scss      |    2 +-
 .../icons/icons/sidebar-show/property-16.scss |    2 +-
 .../icons/icons/sidebar-show/property-24.scss |    2 +-
 .../base/icons/icons/sidebar/index.scss       |    2 +-
 .../base/icons/icons/sidebar/keyframes.scss   |    2 +-
 .../icons/icons/sidebar/placeholders.scss     |    2 +-
 .../base/icons/icons/sidebar/property-16.scss |    2 +-
 .../base/icons/icons/sidebar/property-24.scss |    2 +-
 .../base/icons/icons/sign-in/index.scss       |    2 +-
 .../base/icons/icons/sign-in/keyframes.scss   |    2 +-
 .../icons/icons/sign-in/placeholders.scss     |    2 +-
 .../base/icons/icons/sign-in/property-16.scss |    2 +-
 .../base/icons/icons/sign-in/property-24.scss |    2 +-
 .../base/icons/icons/sign-out/index.scss      |    2 +-
 .../base/icons/icons/sign-out/keyframes.scss  |    2 +-
 .../icons/icons/sign-out/placeholders.scss    |    2 +-
 .../icons/icons/sign-out/property-16.scss     |    2 +-
 .../icons/icons/sign-out/property-24.scss     |    2 +-
 .../base/icons/icons/skip-back/index.scss     |    2 +-
 .../base/icons/icons/skip-back/keyframes.scss |    2 +-
 .../icons/icons/skip-back/placeholders.scss   |    2 +-
 .../icons/icons/skip-back/property-16.scss    |    2 +-
 .../icons/icons/skip-back/property-24.scss    |    2 +-
 .../base/icons/icons/skip-forward/index.scss  |    2 +-
 .../icons/icons/skip-forward/keyframes.scss   |    2 +-
 .../icons/skip-forward/placeholders.scss      |    2 +-
 .../icons/icons/skip-forward/property-16.scss |    2 +-
 .../icons/icons/skip-forward/property-24.scss |    2 +-
 .../styles/base/icons/icons/skip/index.scss   |    2 +-
 .../base/icons/icons/skip/keyframes.scss      |    2 +-
 .../base/icons/icons/skip/placeholders.scss   |    2 +-
 .../base/icons/icons/skip/property-16.scss    |    2 +-
 .../base/icons/icons/skip/property-24.scss    |    2 +-
 .../base/icons/icons/slack-color/index.scss   |    2 +-
 .../icons/icons/slack-color/keyframes.scss    |    2 +-
 .../icons/icons/slack-color/placeholders.scss |    2 +-
 .../icons/icons/slack-color/property-16.scss  |    2 +-
 .../icons/icons/slack-color/property-24.scss  |    2 +-
 .../styles/base/icons/icons/slack/index.scss  |    2 +-
 .../base/icons/icons/slack/keyframes.scss     |    2 +-
 .../base/icons/icons/slack/placeholders.scss  |    2 +-
 .../base/icons/icons/slack/property-16.scss   |    2 +-
 .../base/icons/icons/slack/property-24.scss   |    2 +-
 .../base/icons/icons/slash-square/index.scss  |    2 +-
 .../icons/icons/slash-square/keyframes.scss   |    2 +-
 .../icons/slash-square/placeholders.scss      |    2 +-
 .../icons/icons/slash-square/property-16.scss |    2 +-
 .../icons/icons/slash-square/property-24.scss |    2 +-
 .../styles/base/icons/icons/slash/index.scss  |    2 +-
 .../base/icons/icons/slash/keyframes.scss     |    2 +-
 .../base/icons/icons/slash/placeholders.scss  |    2 +-
 .../base/icons/icons/slash/property-16.scss   |    2 +-
 .../base/icons/icons/slash/property-24.scss   |    2 +-
 .../base/icons/icons/sliders/index.scss       |    2 +-
 .../base/icons/icons/sliders/keyframes.scss   |    2 +-
 .../icons/icons/sliders/placeholders.scss     |    2 +-
 .../base/icons/icons/sliders/property-16.scss |    2 +-
 .../base/icons/icons/sliders/property-24.scss |    2 +-
 .../base/icons/icons/smartphone/index.scss    |    2 +-
 .../icons/icons/smartphone/keyframes.scss     |    2 +-
 .../icons/icons/smartphone/placeholders.scss  |    2 +-
 .../icons/icons/smartphone/property-16.scss   |    2 +-
 .../icons/icons/smartphone/property-24.scss   |    2 +-
 .../styles/base/icons/icons/smile/index.scss  |    2 +-
 .../base/icons/icons/smile/keyframes.scss     |    2 +-
 .../base/icons/icons/smile/placeholders.scss  |    2 +-
 .../base/icons/icons/smile/property-16.scss   |    2 +-
 .../base/icons/icons/smile/property-24.scss   |    2 +-
 .../styles/base/icons/icons/socket/index.scss |    2 +-
 .../base/icons/icons/socket/keyframes.scss    |    2 +-
 .../base/icons/icons/socket/placeholders.scss |    2 +-
 .../base/icons/icons/socket/property-16.scss  |    2 +-
 .../base/icons/icons/socket/property-24.scss  |    2 +-
 .../base/icons/icons/sort-asc/index.scss      |    2 +-
 .../base/icons/icons/sort-asc/keyframes.scss  |    2 +-
 .../icons/icons/sort-asc/placeholders.scss    |    2 +-
 .../icons/icons/sort-asc/property-16.scss     |    2 +-
 .../icons/icons/sort-asc/property-24.scss     |    2 +-
 .../base/icons/icons/sort-desc/index.scss     |    2 +-
 .../base/icons/icons/sort-desc/keyframes.scss |    2 +-
 .../icons/icons/sort-desc/placeholders.scss   |    2 +-
 .../icons/icons/sort-desc/property-16.scss    |    2 +-
 .../icons/icons/sort-desc/property-24.scss    |    2 +-
 .../styles/base/icons/icons/sort/index.scss   |    2 +-
 .../base/icons/icons/sort/keyframes.scss      |    2 +-
 .../base/icons/icons/sort/placeholders.scss   |    2 +-
 .../base/icons/icons/source-file/index.scss   |    2 +-
 .../icons/icons/source-file/keyframes.scss    |    2 +-
 .../icons/icons/source-file/placeholders.scss |    2 +-
 .../base/icons/icons/speaker/index.scss       |    2 +-
 .../base/icons/icons/speaker/keyframes.scss   |    2 +-
 .../icons/icons/speaker/placeholders.scss     |    2 +-
 .../base/icons/icons/speaker/property-16.scss |    2 +-
 .../base/icons/icons/speaker/property-24.scss |    2 +-
 .../base/icons/icons/square-fill/index.scss   |    2 +-
 .../icons/icons/square-fill/keyframes.scss    |    2 +-
 .../icons/icons/square-fill/placeholders.scss |    2 +-
 .../icons/icons/square-fill/property-16.scss  |    2 +-
 .../icons/icons/square-fill/property-24.scss  |    2 +-
 .../styles/base/icons/icons/square/index.scss |    2 +-
 .../base/icons/icons/square/keyframes.scss    |    2 +-
 .../base/icons/icons/square/placeholders.scss |    2 +-
 .../base/icons/icons/square/property-16.scss  |    2 +-
 .../base/icons/icons/square/property-24.scss  |    2 +-
 .../base/icons/icons/star-circle/index.scss   |    2 +-
 .../icons/icons/star-circle/keyframes.scss    |    2 +-
 .../icons/icons/star-circle/placeholders.scss |    2 +-
 .../icons/icons/star-circle/property-16.scss  |    2 +-
 .../icons/icons/star-circle/property-24.scss  |    2 +-
 .../base/icons/icons/star-fill/index.scss     |    2 +-
 .../base/icons/icons/star-fill/keyframes.scss |    2 +-
 .../icons/icons/star-fill/placeholders.scss   |    2 +-
 .../icons/icons/star-fill/property-16.scss    |    2 +-
 .../icons/icons/star-fill/property-24.scss    |    2 +-
 .../base/icons/icons/star-off/index.scss      |    2 +-
 .../base/icons/icons/star-off/keyframes.scss  |    2 +-
 .../icons/icons/star-off/placeholders.scss    |    2 +-
 .../icons/icons/star-off/property-16.scss     |    2 +-
 .../icons/icons/star-off/property-24.scss     |    2 +-
 .../base/icons/icons/star-outline/index.scss  |    2 +-
 .../icons/icons/star-outline/keyframes.scss   |    2 +-
 .../icons/star-outline/placeholders.scss      |    2 +-
 .../styles/base/icons/icons/star/index.scss   |    2 +-
 .../base/icons/icons/star/keyframes.scss      |    2 +-
 .../base/icons/icons/star/placeholders.scss   |    2 +-
 .../base/icons/icons/star/property-16.scss    |    2 +-
 .../base/icons/icons/star/property-24.scss    |    2 +-
 .../base/icons/icons/stop-circle/index.scss   |    2 +-
 .../icons/icons/stop-circle/keyframes.scss    |    2 +-
 .../icons/icons/stop-circle/placeholders.scss |    2 +-
 .../icons/icons/stop-circle/property-16.scss  |    2 +-
 .../icons/icons/stop-circle/property-24.scss  |    2 +-
 .../base/icons/icons/sub-left/index.scss      |    2 +-
 .../base/icons/icons/sub-left/keyframes.scss  |    2 +-
 .../icons/icons/sub-left/placeholders.scss    |    2 +-
 .../base/icons/icons/sub-right/index.scss     |    2 +-
 .../base/icons/icons/sub-right/keyframes.scss |    2 +-
 .../icons/icons/sub-right/placeholders.scss   |    2 +-
 .../styles/base/icons/icons/sun/index.scss    |    2 +-
 .../base/icons/icons/sun/keyframes.scss       |    2 +-
 .../base/icons/icons/sun/placeholders.scss    |    2 +-
 .../base/icons/icons/sun/property-16.scss     |    2 +-
 .../base/icons/icons/sun/property-24.scss     |    2 +-
 .../base/icons/icons/support/index.scss       |    2 +-
 .../base/icons/icons/support/keyframes.scss   |    2 +-
 .../icons/icons/support/placeholders.scss     |    2 +-
 .../base/icons/icons/support/property-16.scss |    2 +-
 .../base/icons/icons/support/property-24.scss |    2 +-
 .../icons/icons/swap-horizontal/index.scss    |    2 +-
 .../icons/swap-horizontal/keyframes.scss      |    2 +-
 .../icons/swap-horizontal/placeholders.scss   |    2 +-
 .../icons/swap-horizontal/property-16.scss    |    2 +-
 .../icons/swap-horizontal/property-24.scss    |    2 +-
 .../base/icons/icons/swap-vertical/index.scss |    2 +-
 .../icons/icons/swap-vertical/keyframes.scss  |    2 +-
 .../icons/swap-vertical/placeholders.scss     |    2 +-
 .../icons/swap-vertical/property-16.scss      |    2 +-
 .../icons/swap-vertical/property-24.scss      |    2 +-
 .../base/icons/icons/switcher/index.scss      |    2 +-
 .../base/icons/icons/switcher/keyframes.scss  |    2 +-
 .../icons/icons/switcher/placeholders.scss    |    2 +-
 .../icons/icons/switcher/property-16.scss     |    2 +-
 .../icons/icons/switcher/property-24.scss     |    2 +-
 .../base/icons/icons/sync-alert/index.scss    |    2 +-
 .../icons/icons/sync-alert/keyframes.scss     |    2 +-
 .../icons/icons/sync-alert/placeholders.scss  |    2 +-
 .../icons/icons/sync-alert/property-16.scss   |    2 +-
 .../icons/icons/sync-alert/property-24.scss   |    2 +-
 .../base/icons/icons/sync-reverse/index.scss  |    2 +-
 .../icons/icons/sync-reverse/keyframes.scss   |    2 +-
 .../icons/sync-reverse/placeholders.scss      |    2 +-
 .../icons/icons/sync-reverse/property-16.scss |    2 +-
 .../icons/icons/sync-reverse/property-24.scss |    2 +-
 .../styles/base/icons/icons/sync/index.scss   |    2 +-
 .../base/icons/icons/sync/keyframes.scss      |    2 +-
 .../base/icons/icons/sync/placeholders.scss   |    2 +-
 .../base/icons/icons/sync/property-16.scss    |    2 +-
 .../base/icons/icons/sync/property-24.scss    |    2 +-
 .../styles/base/icons/icons/tablet/index.scss |    2 +-
 .../base/icons/icons/tablet/keyframes.scss    |    2 +-
 .../base/icons/icons/tablet/placeholders.scss |    2 +-
 .../base/icons/icons/tablet/property-16.scss  |    2 +-
 .../base/icons/icons/tablet/property-24.scss  |    2 +-
 .../styles/base/icons/icons/tag/index.scss    |    2 +-
 .../base/icons/icons/tag/keyframes.scss       |    2 +-
 .../base/icons/icons/tag/placeholders.scss    |    2 +-
 .../base/icons/icons/tag/property-16.scss     |    2 +-
 .../base/icons/icons/tag/property-24.scss     |    2 +-
 .../styles/base/icons/icons/target/index.scss |    2 +-
 .../base/icons/icons/target/keyframes.scss    |    2 +-
 .../base/icons/icons/target/placeholders.scss |    2 +-
 .../base/icons/icons/target/property-16.scss  |    2 +-
 .../base/icons/icons/target/property-24.scss  |    2 +-
 .../icons/icons/terminal-screen/index.scss    |    2 +-
 .../icons/terminal-screen/keyframes.scss      |    2 +-
 .../icons/terminal-screen/placeholders.scss   |    2 +-
 .../icons/terminal-screen/property-16.scss    |    2 +-
 .../icons/terminal-screen/property-24.scss    |    2 +-
 .../base/icons/icons/terminal/index.scss      |    2 +-
 .../base/icons/icons/terminal/keyframes.scss  |    2 +-
 .../icons/icons/terminal/placeholders.scss    |    2 +-
 .../icons/icons/terminal/property-16.scss     |    2 +-
 .../icons/icons/terminal/property-24.scss     |    2 +-
 .../icons/icons/terraform-color/index.scss    |    2 +-
 .../icons/terraform-color/keyframes.scss      |    2 +-
 .../icons/terraform-color/placeholders.scss   |    2 +-
 .../icons/terraform-color/property-16.scss    |    2 +-
 .../icons/terraform-color/property-24.scss    |    2 +-
 .../base/icons/icons/terraform/index.scss     |    2 +-
 .../base/icons/icons/terraform/keyframes.scss |    2 +-
 .../icons/icons/terraform/placeholders.scss   |    2 +-
 .../icons/icons/terraform/property-16.scss    |    2 +-
 .../icons/icons/terraform/property-24.scss    |    2 +-
 .../base/icons/icons/thumbs-down/index.scss   |    2 +-
 .../icons/icons/thumbs-down/keyframes.scss    |    2 +-
 .../icons/icons/thumbs-down/placeholders.scss |    2 +-
 .../icons/icons/thumbs-down/property-16.scss  |    2 +-
 .../icons/icons/thumbs-down/property-24.scss  |    2 +-
 .../base/icons/icons/thumbs-up/index.scss     |    2 +-
 .../base/icons/icons/thumbs-up/keyframes.scss |    2 +-
 .../icons/icons/thumbs-up/placeholders.scss   |    2 +-
 .../icons/icons/thumbs-up/property-16.scss    |    2 +-
 .../icons/icons/thumbs-up/property-24.scss    |    2 +-
 .../base/icons/icons/toggle-left/index.scss   |    2 +-
 .../icons/icons/toggle-left/keyframes.scss    |    2 +-
 .../icons/icons/toggle-left/placeholders.scss |    2 +-
 .../icons/icons/toggle-left/property-16.scss  |    2 +-
 .../icons/icons/toggle-left/property-24.scss  |    2 +-
 .../base/icons/icons/toggle-right/index.scss  |    2 +-
 .../icons/icons/toggle-right/keyframes.scss   |    2 +-
 .../icons/toggle-right/placeholders.scss      |    2 +-
 .../icons/icons/toggle-right/property-16.scss |    2 +-
 .../icons/icons/toggle-right/property-24.scss |    2 +-
 .../styles/base/icons/icons/token/index.scss  |    2 +-
 .../base/icons/icons/token/keyframes.scss     |    2 +-
 .../base/icons/icons/token/placeholders.scss  |    2 +-
 .../base/icons/icons/token/property-16.scss   |    2 +-
 .../base/icons/icons/token/property-24.scss   |    2 +-
 .../styles/base/icons/icons/tools/index.scss  |    2 +-
 .../base/icons/icons/tools/keyframes.scss     |    2 +-
 .../base/icons/icons/tools/placeholders.scss  |    2 +-
 .../base/icons/icons/tools/property-16.scss   |    2 +-
 .../base/icons/icons/tools/property-24.scss   |    2 +-
 .../styles/base/icons/icons/top/index.scss    |    2 +-
 .../base/icons/icons/top/keyframes.scss       |    2 +-
 .../base/icons/icons/top/placeholders.scss    |    2 +-
 .../base/icons/icons/top/property-16.scss     |    2 +-
 .../base/icons/icons/top/property-24.scss     |    2 +-
 .../styles/base/icons/icons/trash/index.scss  |    2 +-
 .../base/icons/icons/trash/keyframes.scss     |    2 +-
 .../base/icons/icons/trash/placeholders.scss  |    2 +-
 .../base/icons/icons/trash/property-16.scss   |    2 +-
 .../base/icons/icons/trash/property-24.scss   |    2 +-
 .../base/icons/icons/trend-down/index.scss    |    2 +-
 .../icons/icons/trend-down/keyframes.scss     |    2 +-
 .../icons/icons/trend-down/placeholders.scss  |    2 +-
 .../icons/icons/trend-down/property-16.scss   |    2 +-
 .../icons/icons/trend-down/property-24.scss   |    2 +-
 .../base/icons/icons/trend-up/index.scss      |    2 +-
 .../base/icons/icons/trend-up/keyframes.scss  |    2 +-
 .../icons/icons/trend-up/placeholders.scss    |    2 +-
 .../icons/icons/trend-up/property-16.scss     |    2 +-
 .../icons/icons/trend-up/property-24.scss     |    2 +-
 .../base/icons/icons/triangle-fill/index.scss |    2 +-
 .../icons/icons/triangle-fill/keyframes.scss  |    2 +-
 .../icons/triangle-fill/placeholders.scss     |    2 +-
 .../icons/triangle-fill/property-16.scss      |    2 +-
 .../icons/triangle-fill/property-24.scss      |    2 +-
 .../base/icons/icons/triangle/index.scss      |    2 +-
 .../base/icons/icons/triangle/keyframes.scss  |    2 +-
 .../icons/icons/triangle/placeholders.scss    |    2 +-
 .../icons/icons/triangle/property-16.scss     |    2 +-
 .../icons/icons/triangle/property-24.scss     |    2 +-
 .../styles/base/icons/icons/truck/index.scss  |    2 +-
 .../base/icons/icons/truck/keyframes.scss     |    2 +-
 .../base/icons/icons/truck/placeholders.scss  |    2 +-
 .../base/icons/icons/truck/property-16.scss   |    2 +-
 .../base/icons/icons/truck/property-24.scss   |    2 +-
 .../styles/base/icons/icons/tune/index.scss   |    2 +-
 .../base/icons/icons/tune/keyframes.scss      |    2 +-
 .../base/icons/icons/tune/placeholders.scss   |    2 +-
 .../app/styles/base/icons/icons/tv/index.scss |    2 +-
 .../styles/base/icons/icons/tv/keyframes.scss |    2 +-
 .../base/icons/icons/tv/placeholders.scss     |    2 +-
 .../base/icons/icons/tv/property-16.scss      |    2 +-
 .../base/icons/icons/tv/property-24.scss      |    2 +-
 .../base/icons/icons/twitch-color/index.scss  |    2 +-
 .../icons/icons/twitch-color/keyframes.scss   |    2 +-
 .../icons/twitch-color/placeholders.scss      |    2 +-
 .../icons/icons/twitch-color/property-16.scss |    2 +-
 .../icons/icons/twitch-color/property-24.scss |    2 +-
 .../styles/base/icons/icons/twitch/index.scss |    2 +-
 .../base/icons/icons/twitch/keyframes.scss    |    2 +-
 .../base/icons/icons/twitch/placeholders.scss |    2 +-
 .../base/icons/icons/twitch/property-16.scss  |    2 +-
 .../base/icons/icons/twitch/property-24.scss  |    2 +-
 .../base/icons/icons/twitter-color/index.scss |    2 +-
 .../icons/icons/twitter-color/keyframes.scss  |    2 +-
 .../icons/twitter-color/placeholders.scss     |    2 +-
 .../icons/twitter-color/property-16.scss      |    2 +-
 .../icons/twitter-color/property-24.scss      |    2 +-
 .../base/icons/icons/twitter/index.scss       |    2 +-
 .../base/icons/icons/twitter/keyframes.scss   |    2 +-
 .../icons/icons/twitter/placeholders.scss     |    2 +-
 .../base/icons/icons/twitter/property-16.scss |    2 +-
 .../base/icons/icons/twitter/property-24.scss |    2 +-
 .../styles/base/icons/icons/type/index.scss   |    2 +-
 .../base/icons/icons/type/keyframes.scss      |    2 +-
 .../base/icons/icons/type/placeholders.scss   |    2 +-
 .../base/icons/icons/type/property-16.scss    |    2 +-
 .../base/icons/icons/type/property-24.scss    |    2 +-
 .../base/icons/icons/unfold-close/index.scss  |    2 +-
 .../icons/icons/unfold-close/keyframes.scss   |    2 +-
 .../icons/unfold-close/placeholders.scss      |    2 +-
 .../icons/icons/unfold-close/property-16.scss |    2 +-
 .../icons/icons/unfold-close/property-24.scss |    2 +-
 .../base/icons/icons/unfold-less/index.scss   |    2 +-
 .../icons/icons/unfold-less/keyframes.scss    |    2 +-
 .../icons/icons/unfold-less/placeholders.scss |    2 +-
 .../base/icons/icons/unfold-more/index.scss   |    2 +-
 .../icons/icons/unfold-more/keyframes.scss    |    2 +-
 .../icons/icons/unfold-more/placeholders.scss |    2 +-
 .../base/icons/icons/unfold-open/index.scss   |    2 +-
 .../icons/icons/unfold-open/keyframes.scss    |    2 +-
 .../icons/icons/unfold-open/placeholders.scss |    2 +-
 .../icons/icons/unfold-open/property-16.scss  |    2 +-
 .../icons/icons/unfold-open/property-24.scss  |    2 +-
 .../styles/base/icons/icons/union/index.scss  |    2 +-
 .../base/icons/icons/union/keyframes.scss     |    2 +-
 .../base/icons/icons/union/placeholders.scss  |    2 +-
 .../base/icons/icons/union/property-16.scss   |    2 +-
 .../base/icons/icons/union/property-24.scss   |    2 +-
 .../styles/base/icons/icons/unlock/index.scss |    2 +-
 .../base/icons/icons/unlock/keyframes.scss    |    2 +-
 .../base/icons/icons/unlock/placeholders.scss |    2 +-
 .../base/icons/icons/unlock/property-16.scss  |    2 +-
 .../base/icons/icons/unlock/property-24.scss  |    2 +-
 .../styles/base/icons/icons/upload/index.scss |    2 +-
 .../base/icons/icons/upload/keyframes.scss    |    2 +-
 .../base/icons/icons/upload/placeholders.scss |    2 +-
 .../base/icons/icons/upload/property-16.scss  |    2 +-
 .../base/icons/icons/upload/property-24.scss  |    2 +-
 .../base/icons/icons/user-add/index.scss      |    2 +-
 .../base/icons/icons/user-add/keyframes.scss  |    2 +-
 .../icons/icons/user-add/placeholders.scss    |    2 +-
 .../base/icons/icons/user-check/index.scss    |    2 +-
 .../icons/icons/user-check/keyframes.scss     |    2 +-
 .../icons/icons/user-check/placeholders.scss  |    2 +-
 .../icons/icons/user-check/property-16.scss   |    2 +-
 .../icons/icons/user-check/property-24.scss   |    2 +-
 .../icons/icons/user-circle-fill/index.scss   |    2 +-
 .../icons/user-circle-fill/keyframes.scss     |    2 +-
 .../icons/user-circle-fill/placeholders.scss  |    2 +-
 .../icons/user-circle-fill/property-16.scss   |    2 +-
 .../icons/user-circle-fill/property-24.scss   |    2 +-
 .../base/icons/icons/user-circle/index.scss   |    2 +-
 .../icons/icons/user-circle/keyframes.scss    |    2 +-
 .../icons/icons/user-circle/placeholders.scss |    2 +-
 .../icons/icons/user-circle/property-16.scss  |    2 +-
 .../icons/icons/user-circle/property-24.scss  |    2 +-
 .../base/icons/icons/user-minus/index.scss    |    2 +-
 .../icons/icons/user-minus/keyframes.scss     |    2 +-
 .../icons/icons/user-minus/placeholders.scss  |    2 +-
 .../icons/icons/user-minus/property-16.scss   |    2 +-
 .../icons/icons/user-minus/property-24.scss   |    2 +-
 .../icons/icons/user-organization/index.scss  |    2 +-
 .../icons/user-organization/keyframes.scss    |    2 +-
 .../icons/user-organization/placeholders.scss |    2 +-
 .../base/icons/icons/user-plain/index.scss    |    2 +-
 .../icons/icons/user-plain/keyframes.scss     |    2 +-
 .../icons/icons/user-plain/placeholders.scss  |    2 +-
 .../base/icons/icons/user-plus/index.scss     |    2 +-
 .../base/icons/icons/user-plus/keyframes.scss |    2 +-
 .../icons/icons/user-plus/placeholders.scss   |    2 +-
 .../icons/icons/user-plus/property-16.scss    |    2 +-
 .../icons/icons/user-plus/property-24.scss    |    2 +-
 .../icons/icons/user-square-fill/index.scss   |    2 +-
 .../icons/user-square-fill/keyframes.scss     |    2 +-
 .../icons/user-square-fill/placeholders.scss  |    2 +-
 .../icons/user-square-outline/index.scss      |    2 +-
 .../icons/user-square-outline/keyframes.scss  |    2 +-
 .../user-square-outline/placeholders.scss     |    2 +-
 .../base/icons/icons/user-team/index.scss     |    2 +-
 .../base/icons/icons/user-team/keyframes.scss |    2 +-
 .../icons/icons/user-team/placeholders.scss   |    2 +-
 .../styles/base/icons/icons/user-x/index.scss |    2 +-
 .../base/icons/icons/user-x/keyframes.scss    |    2 +-
 .../base/icons/icons/user-x/placeholders.scss |    2 +-
 .../base/icons/icons/user-x/property-16.scss  |    2 +-
 .../base/icons/icons/user-x/property-24.scss  |    2 +-
 .../styles/base/icons/icons/user/index.scss   |    2 +-
 .../base/icons/icons/user/keyframes.scss      |    2 +-
 .../base/icons/icons/user/placeholders.scss   |    2 +-
 .../base/icons/icons/user/property-16.scss    |    2 +-
 .../base/icons/icons/user/property-24.scss    |    2 +-
 .../styles/base/icons/icons/users/index.scss  |    2 +-
 .../base/icons/icons/users/keyframes.scss     |    2 +-
 .../base/icons/icons/users/placeholders.scss  |    2 +-
 .../base/icons/icons/users/property-16.scss   |    2 +-
 .../base/icons/icons/users/property-24.scss   |    2 +-
 .../base/icons/icons/vagrant-color/index.scss |    2 +-
 .../icons/icons/vagrant-color/keyframes.scss  |    2 +-
 .../icons/vagrant-color/placeholders.scss     |    2 +-
 .../icons/vagrant-color/property-16.scss      |    2 +-
 .../icons/vagrant-color/property-24.scss      |    2 +-
 .../base/icons/icons/vagrant/index.scss       |    2 +-
 .../base/icons/icons/vagrant/keyframes.scss   |    2 +-
 .../icons/icons/vagrant/placeholders.scss     |    2 +-
 .../base/icons/icons/vagrant/property-16.scss |    2 +-
 .../base/icons/icons/vagrant/property-24.scss |    2 +-
 .../base/icons/icons/vault-color/index.scss   |    2 +-
 .../icons/icons/vault-color/keyframes.scss    |    2 +-
 .../icons/icons/vault-color/placeholders.scss |    2 +-
 .../icons/icons/vault-color/property-16.scss  |    2 +-
 .../icons/icons/vault-color/property-24.scss  |    2 +-
 .../styles/base/icons/icons/vault/index.scss  |    2 +-
 .../base/icons/icons/vault/keyframes.scss     |    2 +-
 .../base/icons/icons/vault/placeholders.scss  |    2 +-
 .../base/icons/icons/vault/property-16.scss   |    2 +-
 .../base/icons/icons/vault/property-24.scss   |    2 +-
 .../base/icons/icons/verified/index.scss      |    2 +-
 .../base/icons/icons/verified/keyframes.scss  |    2 +-
 .../icons/icons/verified/placeholders.scss    |    2 +-
 .../icons/icons/verified/property-16.scss     |    2 +-
 .../icons/icons/verified/property-24.scss     |    2 +-
 .../base/icons/icons/video-off/index.scss     |    2 +-
 .../base/icons/icons/video-off/keyframes.scss |    2 +-
 .../icons/icons/video-off/placeholders.scss   |    2 +-
 .../icons/icons/video-off/property-16.scss    |    2 +-
 .../icons/icons/video-off/property-24.scss    |    2 +-
 .../styles/base/icons/icons/video/index.scss  |    2 +-
 .../base/icons/icons/video/keyframes.scss     |    2 +-
 .../base/icons/icons/video/placeholders.scss  |    2 +-
 .../base/icons/icons/video/property-16.scss   |    2 +-
 .../base/icons/icons/video/property-24.scss   |    2 +-
 .../icons/icons/visibility-hide/index.scss    |    2 +-
 .../icons/visibility-hide/keyframes.scss      |    2 +-
 .../icons/visibility-hide/placeholders.scss   |    2 +-
 .../icons/icons/visibility-show/index.scss    |    2 +-
 .../icons/visibility-show/keyframes.scss      |    2 +-
 .../icons/visibility-show/placeholders.scss   |    2 +-
 .../base/icons/icons/vmware-color/index.scss  |    2 +-
 .../icons/icons/vmware-color/keyframes.scss   |    2 +-
 .../icons/vmware-color/placeholders.scss      |    2 +-
 .../icons/icons/vmware-color/property-16.scss |    2 +-
 .../icons/icons/vmware-color/property-24.scss |    2 +-
 .../styles/base/icons/icons/vmware/index.scss |    2 +-
 .../base/icons/icons/vmware/keyframes.scss    |    2 +-
 .../base/icons/icons/vmware/placeholders.scss |    2 +-
 .../base/icons/icons/vmware/property-16.scss  |    2 +-
 .../base/icons/icons/vmware/property-24.scss  |    2 +-
 .../base/icons/icons/volume-2/index.scss      |    2 +-
 .../base/icons/icons/volume-2/keyframes.scss  |    2 +-
 .../icons/icons/volume-2/placeholders.scss    |    2 +-
 .../icons/icons/volume-2/property-16.scss     |    2 +-
 .../icons/icons/volume-2/property-24.scss     |    2 +-
 .../base/icons/icons/volume-down/index.scss   |    2 +-
 .../icons/icons/volume-down/keyframes.scss    |    2 +-
 .../icons/icons/volume-down/placeholders.scss |    2 +-
 .../icons/icons/volume-down/property-16.scss  |    2 +-
 .../icons/icons/volume-down/property-24.scss  |    2 +-
 .../base/icons/icons/volume-x/index.scss      |    2 +-
 .../base/icons/icons/volume-x/keyframes.scss  |    2 +-
 .../icons/icons/volume-x/placeholders.scss    |    2 +-
 .../icons/icons/volume-x/property-16.scss     |    2 +-
 .../icons/icons/volume-x/property-24.scss     |    2 +-
 .../styles/base/icons/icons/volume/index.scss |    2 +-
 .../base/icons/icons/volume/keyframes.scss    |    2 +-
 .../base/icons/icons/volume/placeholders.scss |    2 +-
 .../base/icons/icons/volume/property-16.scss  |    2 +-
 .../base/icons/icons/volume/property-24.scss  |    2 +-
 .../styles/base/icons/icons/wall/index.scss   |    2 +-
 .../base/icons/icons/wall/keyframes.scss      |    2 +-
 .../base/icons/icons/wall/placeholders.scss   |    2 +-
 .../base/icons/icons/wall/property-16.scss    |    2 +-
 .../base/icons/icons/wall/property-24.scss    |    2 +-
 .../styles/base/icons/icons/wand/index.scss   |    2 +-
 .../base/icons/icons/wand/keyframes.scss      |    2 +-
 .../base/icons/icons/wand/placeholders.scss   |    2 +-
 .../base/icons/icons/wand/property-16.scss    |    2 +-
 .../base/icons/icons/wand/property-24.scss    |    2 +-
 .../styles/base/icons/icons/watch/index.scss  |    2 +-
 .../base/icons/icons/watch/keyframes.scss     |    2 +-
 .../base/icons/icons/watch/placeholders.scss  |    2 +-
 .../base/icons/icons/watch/property-16.scss   |    2 +-
 .../base/icons/icons/watch/property-24.scss   |    2 +-
 .../icons/icons/waypoint-color/index.scss     |    2 +-
 .../icons/icons/waypoint-color/keyframes.scss |    2 +-
 .../icons/waypoint-color/placeholders.scss    |    2 +-
 .../icons/waypoint-color/property-16.scss     |    2 +-
 .../icons/waypoint-color/property-24.scss     |    2 +-
 .../base/icons/icons/waypoint/index.scss      |    2 +-
 .../base/icons/icons/waypoint/keyframes.scss  |    2 +-
 .../icons/icons/waypoint/placeholders.scss    |    2 +-
 .../icons/icons/waypoint/property-16.scss     |    2 +-
 .../icons/icons/waypoint/property-24.scss     |    2 +-
 .../base/icons/icons/webhook/index.scss       |    2 +-
 .../base/icons/icons/webhook/keyframes.scss   |    2 +-
 .../icons/icons/webhook/placeholders.scss     |    2 +-
 .../base/icons/icons/webhook/property-16.scss |    2 +-
 .../base/icons/icons/webhook/property-24.scss |    2 +-
 .../base/icons/icons/wifi-off/index.scss      |    2 +-
 .../base/icons/icons/wifi-off/keyframes.scss  |    2 +-
 .../icons/icons/wifi-off/placeholders.scss    |    2 +-
 .../icons/icons/wifi-off/property-16.scss     |    2 +-
 .../icons/icons/wifi-off/property-24.scss     |    2 +-
 .../styles/base/icons/icons/wifi/index.scss   |    2 +-
 .../base/icons/icons/wifi/keyframes.scss      |    2 +-
 .../base/icons/icons/wifi/placeholders.scss   |    2 +-
 .../base/icons/icons/wifi/property-16.scss    |    2 +-
 .../base/icons/icons/wifi/property-24.scss    |    2 +-
 .../styles/base/icons/icons/wrench/index.scss |    2 +-
 .../base/icons/icons/wrench/keyframes.scss    |    2 +-
 .../base/icons/icons/wrench/placeholders.scss |    2 +-
 .../base/icons/icons/wrench/property-16.scss  |    2 +-
 .../base/icons/icons/wrench/property-24.scss  |    2 +-
 .../base/icons/icons/x-circle-fill/index.scss |    2 +-
 .../icons/icons/x-circle-fill/keyframes.scss  |    2 +-
 .../icons/x-circle-fill/placeholders.scss     |    2 +-
 .../icons/x-circle-fill/property-16.scss      |    2 +-
 .../icons/x-circle-fill/property-24.scss      |    2 +-
 .../base/icons/icons/x-circle/index.scss      |    2 +-
 .../base/icons/icons/x-circle/keyframes.scss  |    2 +-
 .../icons/icons/x-circle/placeholders.scss    |    2 +-
 .../icons/icons/x-circle/property-16.scss     |    2 +-
 .../icons/icons/x-circle/property-24.scss     |    2 +-
 .../icons/icons/x-diamond-fill/index.scss     |    2 +-
 .../icons/icons/x-diamond-fill/keyframes.scss |    2 +-
 .../icons/x-diamond-fill/placeholders.scss    |    2 +-
 .../icons/x-diamond-fill/property-16.scss     |    2 +-
 .../icons/x-diamond-fill/property-24.scss     |    2 +-
 .../base/icons/icons/x-diamond/index.scss     |    2 +-
 .../base/icons/icons/x-diamond/keyframes.scss |    2 +-
 .../icons/icons/x-diamond/placeholders.scss   |    2 +-
 .../icons/icons/x-diamond/property-16.scss    |    2 +-
 .../icons/icons/x-diamond/property-24.scss    |    2 +-
 .../icons/icons/x-hexagon-fill/index.scss     |    2 +-
 .../icons/icons/x-hexagon-fill/keyframes.scss |    2 +-
 .../icons/x-hexagon-fill/placeholders.scss    |    2 +-
 .../icons/x-hexagon-fill/property-16.scss     |    2 +-
 .../icons/x-hexagon-fill/property-24.scss     |    2 +-
 .../base/icons/icons/x-hexagon/index.scss     |    2 +-
 .../base/icons/icons/x-hexagon/keyframes.scss |    2 +-
 .../icons/icons/x-hexagon/placeholders.scss   |    2 +-
 .../icons/icons/x-hexagon/property-16.scss    |    2 +-
 .../icons/icons/x-hexagon/property-24.scss    |    2 +-
 .../base/icons/icons/x-square-fill/index.scss |    2 +-
 .../icons/icons/x-square-fill/keyframes.scss  |    2 +-
 .../icons/x-square-fill/placeholders.scss     |    2 +-
 .../icons/x-square-fill/property-16.scss      |    2 +-
 .../icons/x-square-fill/property-24.scss      |    2 +-
 .../base/icons/icons/x-square/index.scss      |    2 +-
 .../base/icons/icons/x-square/keyframes.scss  |    2 +-
 .../icons/icons/x-square/placeholders.scss    |    2 +-
 .../icons/icons/x-square/property-16.scss     |    2 +-
 .../icons/icons/x-square/property-24.scss     |    2 +-
 .../app/styles/base/icons/icons/x/index.scss  |    2 +-
 .../styles/base/icons/icons/x/keyframes.scss  |    2 +-
 .../base/icons/icons/x/placeholders.scss      |    2 +-
 .../base/icons/icons/x/property-16.scss       |    2 +-
 .../base/icons/icons/x/property-24.scss       |    2 +-
 .../base/icons/icons/youtube-color/index.scss |    2 +-
 .../icons/icons/youtube-color/keyframes.scss  |    2 +-
 .../icons/youtube-color/placeholders.scss     |    2 +-
 .../icons/youtube-color/property-16.scss      |    2 +-
 .../icons/youtube-color/property-24.scss      |    2 +-
 .../base/icons/icons/youtube/index.scss       |    2 +-
 .../base/icons/icons/youtube/keyframes.scss   |    2 +-
 .../icons/icons/youtube/placeholders.scss     |    2 +-
 .../base/icons/icons/youtube/property-16.scss |    2 +-
 .../base/icons/icons/youtube/property-24.scss |    2 +-
 .../base/icons/icons/zap-off/index.scss       |    2 +-
 .../base/icons/icons/zap-off/keyframes.scss   |    2 +-
 .../icons/icons/zap-off/placeholders.scss     |    2 +-
 .../base/icons/icons/zap-off/property-16.scss |    2 +-
 .../base/icons/icons/zap-off/property-24.scss |    2 +-
 .../styles/base/icons/icons/zap/index.scss    |    2 +-
 .../base/icons/icons/zap/keyframes.scss       |    2 +-
 .../base/icons/icons/zap/placeholders.scss    |    2 +-
 .../base/icons/icons/zap/property-16.scss     |    2 +-
 .../base/icons/icons/zap/property-24.scss     |    2 +-
 .../base/icons/icons/zoom-in/index.scss       |    2 +-
 .../base/icons/icons/zoom-in/keyframes.scss   |    2 +-
 .../icons/icons/zoom-in/placeholders.scss     |    2 +-
 .../base/icons/icons/zoom-in/property-16.scss |    2 +-
 .../base/icons/icons/zoom-in/property-24.scss |    2 +-
 .../base/icons/icons/zoom-out/index.scss      |    2 +-
 .../base/icons/icons/zoom-out/keyframes.scss  |    2 +-
 .../icons/icons/zoom-out/placeholders.scss    |    2 +-
 .../icons/icons/zoom-out/property-16.scss     |    2 +-
 .../icons/icons/zoom-out/property-24.scss     |    2 +-
 .../app/styles/base/icons/index.scss          |    2 +-
 .../app/styles/base/icons/overrides.scss      |    2 +-
 .../consul-ui/app/styles/base/index.scss      |    2 +-
 .../app/styles/base/reset/base-variables.scss |    2 +-
 .../app/styles/base/reset/index.scss          |    2 +-
 .../app/styles/base/reset/minireset.scss      |    2 +-
 .../app/styles/base/reset/system.scss         |    2 +-
 .../base/typography/base-keyframes.scss       |    2 +-
 .../base/typography/base-placeholders.scss    |    2 +-
 .../app/styles/base/typography/index.scss     |    2 +-
 .../consul-ui/app/styles/components.scss      |    2 +-
 ui/packages/consul-ui/app/styles/debug.scss   |    2 +-
 ui/packages/consul-ui/app/styles/icons.scss   |    2 +-
 ui/packages/consul-ui/app/styles/layout.scss  |    2 +-
 .../consul-ui/app/styles/layouts/index.scss   |    2 +-
 .../app/styles/prism-coldark-cold.scss        |    2 +-
 .../app/styles/prism-coldark-dark.scss        |    2 +-
 ui/packages/consul-ui/app/styles/routes.scss  |    2 +-
 .../app/styles/routes/dc/acls/index.scss      |    2 +-
 .../styles/routes/dc/intentions/index.scss    |    2 +-
 .../app/styles/routes/dc/kv/index.scss        |    2 +-
 .../app/styles/routes/dc/nodes/index.scss     |    2 +-
 .../styles/routes/dc/overview/license.scss    |    2 +-
 .../routes/dc/overview/serverstatus.scss      |    2 +-
 .../app/styles/routes/dc/services/index.scss  |    2 +-
 .../consul-ui/app/styles/tailwind.scss        |    2 +-
 ui/packages/consul-ui/app/styles/themes.scss  |    2 +-
 .../consul-ui/app/styles/typography.scss      |    2 +-
 .../consul-ui/app/styles/variables.scss       |    2 +-
 .../app/styles/variables/custom-query.scss    |    2 +-
 .../app/styles/variables/layout.scss          |    2 +-
 .../consul-ui/app/styles/variables/skin.scss  |    2 +-
 .../consul-ui/app/templates/application.hbs   |    2 +-
 ui/packages/consul-ui/app/templates/dc.hbs    |    2 +-
 .../consul-ui/app/templates/dc/acls.hbs       |    2 +-
 .../templates/dc/acls/auth-methods/index.hbs  |    2 +-
 .../templates/dc/acls/auth-methods/show.hbs   |    2 +-
 .../dc/acls/auth-methods/show/auth-method.hbs |    2 +-
 .../acls/auth-methods/show/binding-rules.hbs  |    2 +-
 .../acls/auth-methods/show/nspace-rules.hbs   |    2 +-
 .../consul-ui/app/templates/dc/acls/index.hbs |    2 +-
 .../app/templates/dc/acls/policies/-form.hbs  |    2 +-
 .../app/templates/dc/acls/policies/edit.hbs   |    2 +-
 .../app/templates/dc/acls/policies/index.hbs  |    2 +-
 .../app/templates/dc/acls/roles/-form.hbs     |    2 +-
 .../app/templates/dc/acls/roles/edit.hbs      |    2 +-
 .../app/templates/dc/acls/roles/index.hbs     |    2 +-
 .../dc/acls/tokens/-fieldsets-legacy.hbs      |    2 +-
 .../templates/dc/acls/tokens/-fieldsets.hbs   |    2 +-
 .../app/templates/dc/acls/tokens/-form.hbs    |    2 +-
 .../app/templates/dc/acls/tokens/edit.hbs     |    2 +-
 .../app/templates/dc/acls/tokens/index.hbs    |    2 +-
 .../app/templates/dc/intentions/edit.hbs      |    2 +-
 .../app/templates/dc/intentions/index.hbs     |    2 +-
 .../consul-ui/app/templates/dc/kv/edit.hbs    |    2 +-
 .../consul-ui/app/templates/dc/kv/index.hbs   |    2 +-
 .../app/templates/dc/nodes/index.hbs          |    2 +-
 .../consul-ui/app/templates/dc/nodes/show.hbs |    2 +-
 .../templates/dc/nodes/show/healthchecks.hbs  |    2 +-
 .../app/templates/dc/nodes/show/index.hbs     |    2 +-
 .../app/templates/dc/nodes/show/metadata.hbs  |    2 +-
 .../app/templates/dc/nodes/show/rtt.hbs       |    2 +-
 .../app/templates/dc/nodes/show/services.hbs  |    2 +-
 .../app/templates/dc/routing-config.hbs       |    2 +-
 .../app/templates/dc/services/index.hbs       |    2 +-
 .../app/templates/dc/services/instance.hbs    |    2 +-
 .../dc/services/instance/addresses.hbs        |    2 +-
 .../dc/services/instance/exposedpaths.hbs     |    2 +-
 .../dc/services/instance/healthchecks.hbs     |    2 +-
 .../dc/services/instance/metadata.hbs         |    2 +-
 .../dc/services/instance/upstreams.hbs        |    2 +-
 .../app/templates/dc/services/show.hbs        |    2 +-
 .../app/templates/dc/services/show/index.hbs  |    2 +-
 .../templates/dc/services/show/instances.hbs  |    2 +-
 .../templates/dc/services/show/intentions.hbs |    2 +-
 .../dc/services/show/intentions/edit.hbs      |    2 +-
 .../dc/services/show/intentions/index.hbs     |    2 +-
 .../templates/dc/services/show/routing.hbs    |    2 +-
 .../templates/dc/services/show/services.hbs   |    2 +-
 .../app/templates/dc/services/show/tags.hbs   |    2 +-
 .../templates/dc/services/show/topology.hbs   |    2 +-
 .../templates/dc/services/show/upstreams.hbs  |    2 +-
 .../consul-ui/app/templates/dc/show.hbs       |    2 +-
 .../consul-ui/app/templates/dc/show/index.hbs |    2 +-
 .../app/templates/dc/show/license.hbs         |    2 +-
 .../app/templates/dc/show/serverstatus.hbs    |    2 +-
 ui/packages/consul-ui/app/templates/debug.hbs |    2 +-
 ui/packages/consul-ui/app/templates/error.hbs |    2 +-
 ui/packages/consul-ui/app/templates/index.hbs |    2 +-
 .../consul-ui/app/templates/loading.hbs       |    2 +-
 .../consul-ui/app/templates/notfound.hbs      |    2 +-
 .../app/templates/oauth-provider-debug.hbs    |    2 +-
 .../consul-ui/app/templates/settings.hbs      |    2 +-
 ui/packages/consul-ui/app/utils/ascend.js     |    2 +-
 ui/packages/consul-ui/app/utils/atob.js       |    2 +-
 ui/packages/consul-ui/app/utils/btoa.js       |    2 +-
 .../consul-ui/app/utils/callable-type.js      |    2 +-
 .../app/utils/create-fingerprinter.js         |    2 +-
 ui/packages/consul-ui/app/utils/distance.js   |    2 +-
 .../app/utils/dom/click-first-anchor.js       |    2 +-
 .../consul-ui/app/utils/dom/closest.js        |    2 +-
 .../app/utils/dom/create-listeners.js         |    2 +-
 .../app/utils/dom/event-source/blocking.js    |    2 +-
 .../app/utils/dom/event-source/cache.js       |    2 +-
 .../app/utils/dom/event-source/callable.js    |    2 +-
 .../app/utils/dom/event-source/index.js       |    2 +-
 .../app/utils/dom/event-source/openable.js    |    2 +-
 .../app/utils/dom/event-source/proxy.js       |    2 +-
 .../app/utils/dom/event-source/resolver.js    |    2 +-
 .../app/utils/dom/event-source/storage.js     |    2 +-
 .../app/utils/dom/get-component-factory.js    |    2 +-
 .../consul-ui/app/utils/dom/is-outside.js     |    2 +-
 .../app/utils/dom/normalize-event.js          |    2 +-
 .../consul-ui/app/utils/dom/qsa-factory.js    |    2 +-
 .../consul-ui/app/utils/dom/sibling.js        |    2 +-
 .../consul-ui/app/utils/editor/lint.js        |    2 +-
 .../consul-ui/app/utils/filter/index.js       |    2 +-
 .../consul-ui/app/utils/form/builder.js       |    2 +-
 .../consul-ui/app/utils/form/changeset.js     |    2 +-
 .../consul-ui/app/utils/get-environment.js    |    2 +-
 .../app/utils/get-form-name-property.js       |    2 +-
 .../app/utils/helpers/call-if-type.js         |    2 +-
 .../consul-ui/app/utils/http/consul.js        |    2 +-
 .../app/utils/http/create-headers.js          |    2 +-
 .../app/utils/http/create-query-params.js     |    2 +-
 .../consul-ui/app/utils/http/create-url.js    |    2 +-
 ui/packages/consul-ui/app/utils/http/error.js |    2 +-
 .../consul-ui/app/utils/http/headers.js       |    2 +-
 .../consul-ui/app/utils/http/method.js        |    2 +-
 .../consul-ui/app/utils/http/request.js       |    2 +-
 .../consul-ui/app/utils/http/status.js        |    2 +-
 ui/packages/consul-ui/app/utils/http/xhr.js   |    2 +-
 .../app/utils/intl/missing-message.js         |    2 +-
 ui/packages/consul-ui/app/utils/isFolder.js   |    2 +-
 ui/packages/consul-ui/app/utils/keyToArray.js |    2 +-
 ui/packages/consul-ui/app/utils/left-trim.js  |    2 +-
 ui/packages/consul-ui/app/utils/maybe-call.js |    2 +-
 .../consul-ui/app/utils/merge-checks.js       |    2 +-
 .../consul-ui/app/utils/minimizeModel.js      |    2 +-
 .../consul-ui/app/utils/non-empty-set.js      |    2 +-
 .../consul-ui/app/utils/path/resolve.js       |    2 +-
 .../consul-ui/app/utils/promisedTimeout.js    |    2 +-
 ui/packages/consul-ui/app/utils/right-trim.js |    2 +-
 .../app/utils/routing/redirect-to.js          |    2 +-
 .../app/utils/routing/transitionable.js       |    2 +-
 .../consul-ui/app/utils/routing/walk.js       |    2 +-
 .../consul-ui/app/utils/routing/wildcard.js   |    2 +-
 .../consul-ui/app/utils/search/exact.js       |    2 +-
 .../consul-ui/app/utils/search/fuzzy.js       |    2 +-
 .../consul-ui/app/utils/search/predicate.js   |    2 +-
 .../consul-ui/app/utils/search/regexp.js      |    2 +-
 .../app/utils/storage/local-storage.js        |    2 +-
 ui/packages/consul-ui/app/utils/templatize.js |    2 +-
 .../consul-ui/app/utils/ticker/index.js       |    2 +-
 ui/packages/consul-ui/app/utils/tomography.js |    2 +-
 ui/packages/consul-ui/app/utils/ucfirst.js    |    2 +-
 .../app/utils/update-array-object.js          |    2 +-
 .../intention-permission-http-header.js       |    2 +-
 .../app/validations/intention-permission.js   |    2 +-
 .../consul-ui/app/validations/intention.js    |    2 +-
 ui/packages/consul-ui/app/validations/kv.js   |    2 +-
 .../consul-ui/app/validations/policy.js       |    2 +-
 ui/packages/consul-ui/app/validations/role.js |    2 +-
 .../consul-ui/app/validations/sometimes.js    |    2 +-
 .../consul-ui/app/validations/token.js        |    2 +-
 .../blueprints/adapter-test/index.js          |    2 +-
 .../__path__/integration/adapters/__test__.js |    2 +-
 .../__path__/unit/adapters/__test__.js        |    2 +-
 .../files/__root__/__path__/__name__.js       |    2 +-
 .../consul-ui/blueprints/adapter/index.js     |    2 +-
 .../__templatepath__/__templatename__.hbs     |    2 +-
 .../consul-ui/blueprints/component/index.js   |    2 +-
 .../files/__root__/__path__/__name__.scss     |    2 +-
 .../__root__/__path__/__name__/index.scss     |    2 +-
 .../__root__/__path__/__name__/layout.scss    |    2 +-
 .../__root__/__path__/__name__/skin.scss      |    2 +-
 .../blueprints/css-component/index.js         |    2 +-
 .../consul-ui/blueprints/model-test/index.js  |    2 +-
 .../__root__/__path__/unit/models/__test__.js |    2 +-
 .../model/files/__root__/__path__/__name__.js |    2 +-
 .../consul-ui/blueprints/model/index.js       |    2 +-
 .../blueprints/repository-test/index.js       |    2 +-
 .../services/repository/__test__.js           |    2 +-
 .../unit/services/repository/__test__.js      |    2 +-
 .../files/__root__/__path__/__name__.js       |    2 +-
 .../consul-ui/blueprints/repository/index.js  |    2 +-
 .../consul-ui/blueprints/route-test/index.js  |    2 +-
 .../consul-ui/blueprints/route/index.js       |    2 +-
 .../__templatepath__/__templatename__.hbs     |    2 +-
 .../blueprints/serializer-test/index.js       |    2 +-
 .../integration/serializers/__test__.js       |    2 +-
 .../__path__/unit/serializers/__test__.js     |    2 +-
 .../files/__root__/__path__/__name__.js       |    2 +-
 .../consul-ui/blueprints/serializer/index.js  |    2 +-
 .../consul-ui/config/deprecation-workflow.js  |    2 +-
 ui/packages/consul-ui/config/ember-intl.js    |    2 +-
 ui/packages/consul-ui/config/environment.js   |    2 +-
 ui/packages/consul-ui/config/targets.js       |    2 +-
 ui/packages/consul-ui/config/utils.js         |    2 +-
 ui/packages/consul-ui/ember-cli-build.js      |    2 +-
 ui/packages/consul-ui/lib/.eslintrc.js        |    2 +-
 .../lib/colocated-components/index.js         |    2 +-
 .../consul-ui/lib/commands/bin/list.js        |    2 +-
 ui/packages/consul-ui/lib/commands/index.js   |    2 +-
 .../consul-ui/lib/commands/lib/list.js        |    2 +-
 .../consul-ui/lib/custom-element/index.js     |    2 +-
 ui/packages/consul-ui/lib/startup/index.js    |    2 +-
 .../lib/startup/templates/body.html.js        |    2 +-
 .../lib/startup/templates/head.html.js        |    2 +-
 .../node-tests/config/environment.js          |    2 +-
 .../consul-ui/node-tests/config/utils.js      |    2 +-
 ui/packages/consul-ui/server/index.js         |    2 +-
 ui/packages/consul-ui/tailwind.config.js      |    2 +-
 ui/packages/consul-ui/testem.js               |    2 +-
 .../tests/acceptance/hcp-login-test.js        |    2 +-
 .../acceptance/steps/api-prefix-steps.js      |    2 +-
 .../steps/components/acl-filter-steps.js      |    2 +-
 .../steps/components/catalog-filter-steps.js  |    2 +-
 .../steps/components/catalog-toolbar-steps.js |    2 +-
 .../steps/components/copy-button-steps.js     |    2 +-
 .../steps/components/kv-filter-steps.js       |    2 +-
 .../steps/components/text-input-steps.js      |    2 +-
 .../acceptance/steps/dc/acls/access-steps.js  |    2 +-
 .../steps/dc/acls/auth-methods/index-steps.js |    2 +-
 .../dc/acls/auth-methods/navigation-steps.js  |    2 +-
 .../dc/acls/auth-methods/sorting-steps.js     |    2 +-
 .../acceptance/steps/dc/acls/index-steps.js   |    2 +-
 .../steps/dc/acls/list-order-steps.js         |    2 +-
 .../policies/as-many/add-existing-steps.js    |    2 +-
 .../dc/acls/policies/as-many/add-new-steps.js |    2 +-
 .../dc/acls/policies/as-many/list-steps.js    |    2 +-
 .../dc/acls/policies/as-many/nspaces-steps.js |    2 +-
 .../dc/acls/policies/as-many/remove-steps.js  |    2 +-
 .../dc/acls/policies/as-many/reset-steps.js   |    2 +-
 .../steps/dc/acls/policies/create-steps.js    |    2 +-
 .../steps/dc/acls/policies/delete-steps.js    |    2 +-
 .../steps/dc/acls/policies/index-steps.js     |    2 +-
 .../dc/acls/policies/navigation-steps.js      |    2 +-
 .../steps/dc/acls/policies/sorting-steps.js   |    2 +-
 .../steps/dc/acls/policies/update-steps.js    |    2 +-
 .../dc/acls/policies/view-management-steps.js |    2 +-
 .../acls/roles/as-many/add-existing-steps.js  |    2 +-
 .../dc/acls/roles/as-many/add-new-steps.js    |    2 +-
 .../steps/dc/acls/roles/as-many/list-steps.js |    2 +-
 .../dc/acls/roles/as-many/remove-steps.js     |    2 +-
 .../steps/dc/acls/roles/create-steps.js       |    2 +-
 .../steps/dc/acls/roles/index-steps.js        |    2 +-
 .../steps/dc/acls/roles/navigation-steps.js   |    2 +-
 .../steps/dc/acls/roles/sorting-steps.js      |    2 +-
 .../steps/dc/acls/roles/update-steps.js       |    2 +-
 .../acls/tokens/anonymous-no-delete-steps.js  |    2 +-
 .../steps/dc/acls/tokens/clone-steps.js       |    2 +-
 .../steps/dc/acls/tokens/create-steps.js      |    2 +-
 .../steps/dc/acls/tokens/index-steps.js       |    2 +-
 .../dc/acls/tokens/legacy/update-steps.js     |    2 +-
 .../dc/acls/tokens/login-errors-steps.js      |    2 +-
 .../steps/dc/acls/tokens/login-steps.js       |    2 +-
 .../steps/dc/acls/tokens/navigation-steps.js  |    2 +-
 .../dc/acls/tokens/own-no-delete-steps.js     |    2 +-
 .../steps/dc/acls/tokens/sorting-steps.js     |    2 +-
 .../steps/dc/acls/tokens/update-steps.js      |    2 +-
 .../steps/dc/acls/tokens/use-steps.js         |    2 +-
 .../acceptance/steps/dc/acls/update-steps.js  |    2 +-
 .../acceptance/steps/dc/acls/use-steps.js     |    2 +-
 .../tests/acceptance/steps/dc/error-steps.js  |    2 +-
 .../acceptance/steps/dc/forwarding-steps.js   |    2 +-
 .../tests/acceptance/steps/dc/index-steps.js  |    2 +-
 .../steps/dc/intentions/create-steps.js       |    2 +-
 .../steps/dc/intentions/delete-steps.js       |    2 +-
 .../dc/intentions/filtered-select-steps.js    |    2 +-
 .../steps/dc/intentions/form-select-steps.js  |    2 +-
 .../steps/dc/intentions/index-steps.js        |    2 +-
 .../steps/dc/intentions/navigation-steps.js   |    2 +-
 .../dc/intentions/permissions/create-steps.js |    2 +-
 .../dc/intentions/permissions/warn-steps.js   |    2 +-
 .../steps/dc/intentions/read-only-steps.js    |    2 +-
 .../steps/dc/intentions/sorting-steps.js      |    2 +-
 .../steps/dc/intentions/update-steps.js       |    2 +-
 .../steps/dc/kv/index/view-kvs-steps.js       |    2 +-
 .../acceptance/steps/dc/kvs/create-steps.js   |    2 +-
 .../acceptance/steps/dc/kvs/delete-steps.js   |    2 +-
 .../acceptance/steps/dc/kvs/edit-steps.js     |    2 +-
 .../acceptance/steps/dc/kvs/index-steps.js    |    2 +-
 .../steps/dc/kvs/list-order-steps.js          |    2 +-
 .../steps/dc/kvs/sessions/invalidate-steps.js |    2 +-
 .../steps/dc/kvs/trailing-slash-steps.js      |    2 +-
 .../acceptance/steps/dc/kvs/update-steps.js   |    2 +-
 .../steps/dc/list-blocking-steps.js           |    2 +-
 .../tests/acceptance/steps/dc/list-steps.js   |    2 +-
 .../steps/dc/nodes/empty-ids-steps.js         |    2 +-
 .../acceptance/steps/dc/nodes/index-steps.js  |    2 +-
 .../steps/dc/nodes/index/view-nodes-steps.js  |    2 +-
 .../steps/dc/nodes/navigation-steps.js        |    2 +-
 .../steps/dc/nodes/no-leader-steps.js         |    2 +-
 .../steps/dc/nodes/services/list-steps.js     |    2 +-
 .../dc/nodes/sessions/invalidate-steps.js     |    2 +-
 .../steps/dc/nodes/sessions/list-steps.js     |    2 +-
 .../acceptance/steps/dc/nodes/show-steps.js   |    2 +-
 .../dc/nodes/show/health-checks-steps.js      |    2 +-
 .../steps/dc/nodes/sorting-steps.js           |    2 +-
 .../steps/dc/nspaces/create-steps.js          |    2 +-
 .../steps/dc/nspaces/delete-steps.js          |    2 +-
 .../steps/dc/nspaces/index-steps.js           |    2 +-
 .../steps/dc/nspaces/manage-steps.js          |    2 +-
 .../steps/dc/nspaces/sorting-steps.js         |    2 +-
 .../steps/dc/nspaces/update-steps.js          |    2 +-
 .../acceptance/steps/dc/peers/create-steps.js |    2 +-
 .../acceptance/steps/dc/peers/delete-steps.js |    2 +-
 .../steps/dc/peers/establish-steps.js         |    2 +-
 .../acceptance/steps/dc/peers/index-steps.js  |    2 +-
 .../steps/dc/peers/regenerate-steps.js        |    2 +-
 .../acceptance/steps/dc/peers/show-steps.js   |    2 +-
 .../steps/dc/routing-config-steps.js          |    2 +-
 .../steps/dc/services/dc-switch-steps.js      |    2 +-
 .../steps/dc/services/error-steps.js          |    2 +-
 .../steps/dc/services/index-steps.js          |    2 +-
 .../dc/services/index/view-services-steps.js  |    2 +-
 .../dc/services/instances/error-steps.js      |    2 +-
 .../services/instances/exposed-paths-steps.js |    2 +-
 .../dc/services/instances/gateway-steps.js    |    2 +-
 .../services/instances/health-checks-steps.js |    2 +-
 .../dc/services/instances/navigation-steps.js |    2 +-
 .../dc/services/instances/proxy-steps.js      |    2 +-
 .../steps/dc/services/instances/show-steps.js |    2 +-
 .../services/instances/sidecar-proxy-steps.js |    2 +-
 .../dc/services/instances/upstreams-steps.js  |    2 +-
 .../dc/services/instances/with-proxy-steps.js |    2 +-
 .../services/instances/with-sidecar-steps.js  |    2 +-
 .../steps/dc/services/list-blocking-steps.js  |    2 +-
 .../steps/dc/services/list-steps.js           |    2 +-
 .../steps/dc/services/navigation-steps.js     |    2 +-
 .../steps/dc/services/show-routing-steps.js   |    2 +-
 .../steps/dc/services/show-steps.js           |    2 +-
 .../dc/services/show-with-slashes-steps.js    |    2 +-
 .../steps/dc/services/show/dc-switch-steps.js |    2 +-
 .../services/show/intentions-error-steps.js   |    2 +-
 .../services/show/intentions/create-steps.js  |    2 +-
 .../services/show/intentions/index-steps.js   |    2 +-
 .../dc/services/show/navigation-steps.js      |    2 +-
 .../steps/dc/services/show/services-steps.js  |    2 +-
 .../steps/dc/services/show/tags-steps.js      |    2 +-
 .../dc/services/show/topology/empty-steps.js  |    2 +-
 .../dc/services/show/topology/index-steps.js  |    2 +-
 .../show/topology/intentions-steps.js         |    2 +-
 .../services/show/topology/metrics-steps.js   |    2 +-
 .../services/show/topology/notices-steps.js   |    2 +-
 .../show/topology/routing-config-steps.js     |    2 +-
 .../dc/services/show/topology/stats-steps.js  |    2 +-
 .../steps/dc/services/show/upstreams-steps.js |    2 +-
 .../steps/dc/services/sorting-steps.js        |    2 +-
 .../tests/acceptance/steps/deleting-steps.js  |    2 +-
 .../steps/index-forwarding-steps.js           |    2 +-
 .../acceptance/steps/login-errors-steps.js    |    2 +-
 .../tests/acceptance/steps/login-steps.js     |    2 +-
 .../steps/navigation-links-steps.js           |    2 +-
 .../acceptance/steps/nodes/sorting-steps.js   |    2 +-
 .../acceptance/steps/page-navigation-steps.js |    2 +-
 .../acceptance/steps/settings/show-steps.js   |    2 +-
 .../acceptance/steps/settings/update-steps.js |    2 +-
 .../tests/acceptance/steps/startup-steps.js   |    2 +-
 .../consul-ui/tests/acceptance/steps/steps.js |    2 +-
 .../acceptance/steps/submit-blank-steps.js    |    2 +-
 .../acceptance/steps/token-header-steps.js    |    2 +-
 ui/packages/consul-ui/tests/dictionary.js     |    2 +-
 ui/packages/consul-ui/tests/helpers/api.js    |    2 +-
 .../consul-ui/tests/helpers/destroy-app.js    |    2 +-
 .../consul-ui/tests/helpers/flash-message.js  |    2 +-
 .../tests/helpers/get-nspace-runner.js        |    2 +-
 .../consul-ui/tests/helpers/measure.js        |    2 +-
 .../tests/helpers/module-for-acceptance.js    |    2 +-
 .../consul-ui/tests/helpers/normalizers.js    |    2 +-
 ui/packages/consul-ui/tests/helpers/page.js   |    2 +-
 ui/packages/consul-ui/tests/helpers/repo.js   |    2 +-
 .../consul-ui/tests/helpers/set-cookies.js    |    2 +-
 .../consul-ui/tests/helpers/stub-super.js     |    2 +-
 .../consul-ui/tests/helpers/type-to-url.js    |    2 +-
 .../tests/helpers/yadda-annotations.js        |    2 +-
 ui/packages/consul-ui/tests/index.html        |    2 +-
 .../integration/adapters/auth-method-test.js  |    2 +-
 .../integration/adapters/binding-rule-test.js |    2 +-
 .../integration/adapters/coordinate-test.js   |    2 +-
 .../adapters/discovery-chain-test.js          |    2 +-
 .../integration/adapters/intention-test.js    |    2 +-
 .../tests/integration/adapters/kv-test.js     |    2 +-
 .../tests/integration/adapters/node-test.js   |    2 +-
 .../tests/integration/adapters/nspace-test.js |    2 +-
 .../adapters/oidc-provider-test.js            |    2 +-
 .../integration/adapters/partition-test.js    |    2 +-
 .../integration/adapters/permission-test.js   |    2 +-
 .../tests/integration/adapters/policy-test.js |    2 +-
 .../tests/integration/adapters/role-test.js   |    2 +-
 .../adapters/service-instance-test.js         |    2 +-
 .../integration/adapters/service-test.js      |    2 +-
 .../integration/adapters/session-test.js      |    2 +-
 .../tests/integration/adapters/token-test.js  |    2 +-
 .../integration/adapters/topology-test.js     |    2 +-
 .../integration/components/app-view-test.js   |    2 +-
 .../integration/components/aria-menu-test.js  |    2 +-
 .../components/auth-profile-test.js           |    2 +-
 .../components/code-editor-test.js            |    2 +-
 .../components/confirmation-dialog-test.js    |    2 +-
 .../components/consul/bucket/list-test.js     |    2 +-
 .../consul/datacenter/selector-test.js        |    2 +-
 .../components/consul/discovery-chain-test.js |    2 +-
 .../components/consul/hcp/home-test.js        |    2 +-
 .../consul/intention/permission/form-test.js  |    2 +-
 .../intention/permission/header/form-test.js  |    2 +-
 .../consul/node/agentless-notice-test.js      |    2 +-
 .../components/data-collection-test.js        |    2 +-
 .../components/data-source-test.js            |    2 +-
 .../components/delete-confirmation-test.js    |    2 +-
 .../components/event-source-test.js           |    2 +-
 .../components/freetext-filter-test.js        |    2 +-
 .../components/hashicorp-consul-test.js       |    2 +-
 .../integration/components/jwt-source-test.js |    2 +-
 .../components/list-collection-test.js        |    2 +-
 .../components/oidc-select-test.js            |    2 +-
 .../components/popover-menu-test.js           |    2 +-
 .../components/radio-group-test.js            |    2 +-
 .../tests/integration/components/ref-test.js  |    2 +-
 .../components/resolver-card-test.js          |    2 +-
 .../integration/components/route-card-test.js |    2 +-
 .../components/splitter-card-test.js          |    2 +-
 .../integration/components/state-test.js      |    2 +-
 .../integration/components/tab-nav-test.js    |    2 +-
 .../components/tabular-collection-test.js     |    2 +-
 .../components/tabular-details-test.js        |    2 +-
 .../integration/components/tag-list-test.js   |    2 +-
 .../components/toggle-button-test.js          |    2 +-
 .../integration/components/token-list-test.js |    2 +-
 .../tests/integration/helpers/atob-test.js    |    2 +-
 .../integration/helpers/dom-position-test.js  |    2 +-
 .../integration/helpers/duration-from-test.js |    2 +-
 .../helpers/format-short-time-test.js         |    2 +-
 .../tests/integration/helpers/is-href-test.js |    2 +-
 .../tests/integration/helpers/last-test.js    |    2 +-
 .../integration/helpers/left-trim-test.js     |    2 +-
 .../helpers/policy/datacenters-test.js        |    2 +-
 .../integration/helpers/policy/typeof-test.js |    2 +-
 .../helpers/render-template-test.js           |    2 +-
 .../integration/helpers/right-trim-test.js    |    2 +-
 .../integration/helpers/route-match-test.js   |    2 +-
 .../integration/helpers/searchable-test.js    |    2 +-
 .../helpers/service/card-permissions-test.js  |    2 +-
 .../helpers/service/external-source-test.js   |    2 +-
 .../helpers/service/health-percentage-test.js |    2 +-
 .../tests/integration/helpers/slugify-test.js |    2 +-
 .../tests/integration/helpers/split-test.js   |    2 +-
 .../integration/helpers/state-matches-test.js |    2 +-
 .../tests/integration/helpers/substr-test.js  |    2 +-
 .../integration/helpers/svg-curve-test.js     |    2 +-
 .../helpers/token/is-anonymous-test.js        |    2 +-
 .../helpers/token/is-legacy-test.js           |    2 +-
 .../integration/helpers/tween-to-test.js      |    2 +-
 .../serializers/auth-method-test.js           |    2 +-
 .../serializers/binding-rule-test.js          |    2 +-
 .../serializers/coordinate-test.js            |    2 +-
 .../serializers/discovery-chain-test.js       |    2 +-
 .../integration/serializers/intention-test.js |    2 +-
 .../tests/integration/serializers/kv-test.js  |    2 +-
 .../integration/serializers/node-test.js      |    2 +-
 .../integration/serializers/nspace-test.js    |    2 +-
 .../serializers/oidc-provider-test.js         |    2 +-
 .../integration/serializers/partition-test.js |    2 +-
 .../integration/serializers/policy-test.js    |    2 +-
 .../integration/serializers/role-test.js      |    2 +-
 .../serializers/service-instance-test.js      |    2 +-
 .../integration/serializers/service-test.js   |    2 +-
 .../integration/serializers/session-test.js   |    2 +-
 .../integration/serializers/token-test.js     |    2 +-
 .../integration/serializers/topology-test.js  |    2 +-
 .../services/repository/auth-method-test.js   |    2 +-
 .../services/repository/coordinate-test.js    |    2 +-
 .../services/repository/dc-test.js            |    2 +-
 .../repository/discovery-chain-test.js        |    2 +-
 .../services/repository/kv-test.js            |    2 +-
 .../services/repository/node-test.js          |    2 +-
 .../services/repository/policy-test.js        |    2 +-
 .../services/repository/role-test.js          |    2 +-
 .../services/repository/service-test.js       |    2 +-
 .../services/repository/session-test.js       |    2 +-
 .../services/repository/token-test.js         |    2 +-
 .../services/repository/topology-test.js      |    2 +-
 .../integration/services/routlet-test.js      |    2 +-
 .../utils/dom/event-source/callable-test.js   |    2 +-
 .../consul-ui/tests/lib/measure/getMeasure.js |    2 +-
 .../tests/lib/page-object/createCancelable.js |    2 +-
 .../tests/lib/page-object/createCreatable.js  |    2 +-
 .../tests/lib/page-object/createDeletable.js  |    2 +-
 .../tests/lib/page-object/createSubmitable.js |    2 +-
 .../consul-ui/tests/lib/page-object/index.js  |    2 +-
 .../tests/lib/page-object/visitable.js        |    2 +-
 ui/packages/consul-ui/tests/pages.js          |    2 +-
 ui/packages/consul-ui/tests/pages/dc.js       |    2 +-
 .../tests/pages/dc/acls/auth-methods/index.js |    2 +-
 .../consul-ui/tests/pages/dc/acls/edit.js     |    2 +-
 .../consul-ui/tests/pages/dc/acls/index.js    |    2 +-
 .../tests/pages/dc/acls/policies/edit.js      |    2 +-
 .../tests/pages/dc/acls/policies/index.js     |    2 +-
 .../tests/pages/dc/acls/roles/edit.js         |    2 +-
 .../tests/pages/dc/acls/roles/index.js        |    2 +-
 .../tests/pages/dc/acls/tokens/edit.js        |    2 +-
 .../tests/pages/dc/acls/tokens/index.js       |    2 +-
 .../tests/pages/dc/intentions/edit.js         |    2 +-
 .../tests/pages/dc/intentions/index.js        |    2 +-
 .../consul-ui/tests/pages/dc/kv/edit.js       |    2 +-
 .../consul-ui/tests/pages/dc/kv/index.js      |    2 +-
 .../consul-ui/tests/pages/dc/nodes/index.js   |    2 +-
 .../consul-ui/tests/pages/dc/nodes/show.js    |    2 +-
 .../consul-ui/tests/pages/dc/nspaces/edit.js  |    2 +-
 .../consul-ui/tests/pages/dc/nspaces/index.js |    2 +-
 .../consul-ui/tests/pages/dc/peers/index.js   |    2 +-
 .../consul-ui/tests/pages/dc/peers/show.js    |    2 +-
 .../tests/pages/dc/routing-config.js          |    2 +-
 .../tests/pages/dc/services/index.js          |    2 +-
 .../tests/pages/dc/services/instance.js       |    2 +-
 .../consul-ui/tests/pages/dc/services/show.js |    2 +-
 ui/packages/consul-ui/tests/pages/index.js    |    2 +-
 ui/packages/consul-ui/tests/pages/settings.js |    2 +-
 ui/packages/consul-ui/tests/steps.js          |    2 +-
 .../consul-ui/tests/steps/assertions/dom.js   |    2 +-
 .../consul-ui/tests/steps/assertions/form.js  |    2 +-
 .../consul-ui/tests/steps/assertions/http.js  |    2 +-
 .../consul-ui/tests/steps/assertions/model.js |    2 +-
 .../consul-ui/tests/steps/assertions/page.js  |    2 +-
 .../consul-ui/tests/steps/debug/index.js      |    2 +-
 .../consul-ui/tests/steps/doubles/http.js     |    2 +-
 .../consul-ui/tests/steps/doubles/model.js    |    2 +-
 .../tests/steps/interactions/click.js         |    2 +-
 .../tests/steps/interactions/form.js          |    2 +-
 .../tests/steps/interactions/visit.js         |    2 +-
 ui/packages/consul-ui/tests/test-helper.js    |    2 +-
 .../consul-ui/tests/unit/abilities/-test.js   |    2 +-
 .../tests/unit/adapters/application-test.js   |    2 +-
 .../tests/unit/adapters/auth-method-test.js   |    2 +-
 .../tests/unit/adapters/binding-rule-test.js  |    2 +-
 .../tests/unit/adapters/coordinate-test.js    |    2 +-
 .../unit/adapters/discovery-chain-test.js     |    2 +-
 .../tests/unit/adapters/http-test.js          |    2 +-
 .../tests/unit/adapters/intention-test.js     |    2 +-
 .../consul-ui/tests/unit/adapters/kv-test.js  |    2 +-
 .../tests/unit/adapters/node-test.js          |    2 +-
 .../tests/unit/adapters/nspace-test.js        |    2 +-
 .../tests/unit/adapters/oidc-provider-test.js |    2 +-
 .../tests/unit/adapters/partition-test.js     |    2 +-
 .../tests/unit/adapters/permission-test.js    |    2 +-
 .../tests/unit/adapters/policy-test.js        |    2 +-
 .../tests/unit/adapters/proxy-test.js         |    2 +-
 .../tests/unit/adapters/role-test.js          |    2 +-
 .../unit/adapters/service-instance-test.js    |    2 +-
 .../tests/unit/adapters/session-test.js       |    2 +-
 .../tests/unit/adapters/token-test.js         |    2 +-
 .../get-alternate-services-test.js            |    2 +-
 .../discovery-chain/get-resolvers-test.js     |    2 +-
 .../discovery-chain/get-splitters-test.js     |    2 +-
 .../components/search-bar/filters-test.js     |    2 +-
 .../unit/controllers/application-test.js      |    2 +-
 .../dc/acls/policies/create-test.js           |    2 +-
 .../controllers/dc/acls/policies/edit-test.js |    2 +-
 .../controllers/dc/acls/roles/create-test.js  |    2 +-
 .../controllers/dc/acls/roles/edit-test.js    |    2 +-
 .../controllers/dc/acls/tokens/create-test.js |    2 +-
 .../controllers/dc/acls/tokens/edit-test.js   |    2 +-
 .../unit/filter/predicates/intention-test.js  |    2 +-
 .../unit/filter/predicates/service-test.js    |    2 +-
 .../tests/unit/helpers/document-attrs-test.js |    2 +-
 .../unit/helpers/policy/datacenters-test.js   |    2 +-
 .../unit/helpers/token/is-anonymous-test.js   |    2 +-
 .../unit/helpers/token/is-legacy-test.js      |    2 +-
 .../tests/unit/mixins/policy/as-many-test.js  |    2 +-
 .../tests/unit/mixins/role/as-many-test.js    |    2 +-
 .../unit/mixins/with-blocking-actions-test.js |    2 +-
 .../tests/unit/models/auth-method-test.js     |    2 +-
 .../tests/unit/models/coordinate-test.js      |    2 +-
 .../consul-ui/tests/unit/models/dc-test.js    |    2 +-
 .../tests/unit/models/discovery-chain-test.js |    2 +-
 .../tests/unit/models/intention-test.js       |    2 +-
 .../consul-ui/tests/unit/models/kv-test.js    |    2 +-
 .../consul-ui/tests/unit/models/node-test.js  |    2 +-
 .../tests/unit/models/oidc-provider-test.js   |    2 +-
 .../tests/unit/models/partition-test.js       |    2 +-
 .../tests/unit/models/permission-test.js      |    2 +-
 .../tests/unit/models/policy-test.js          |    2 +-
 .../consul-ui/tests/unit/models/proxy-test.js |    2 +-
 .../consul-ui/tests/unit/models/role-test.js  |    2 +-
 .../unit/models/service-instance-test.js      |    2 +-
 .../tests/unit/models/service-test.js         |    2 +-
 .../tests/unit/models/session-test.js         |    2 +-
 .../consul-ui/tests/unit/models/token-test.js |    2 +-
 .../tests/unit/routes/application-test.js     |    2 +-
 .../consul-ui/tests/unit/routes/dc-test.js    |    2 +-
 .../routes/dc/acls/policies/create-test.js    |    2 +-
 .../unit/routes/dc/acls/policies/edit-test.js |    2 +-
 .../routes/dc/acls/policies/index-test.js     |    2 +-
 .../unit/routes/dc/acls/roles/create-test.js  |    2 +-
 .../unit/routes/dc/acls/roles/edit-test.js    |    2 +-
 .../unit/routes/dc/acls/roles/index-test.js   |    2 +-
 .../unit/routes/dc/acls/tokens/create-test.js |    2 +-
 .../unit/routes/dc/acls/tokens/edit-test.js   |    2 +-
 .../unit/routes/dc/acls/tokens/index-test.js  |    2 +-
 .../unit/search/predicates/intention-test.js  |    2 +-
 .../tests/unit/search/predicates/kv-test.js   |    2 +-
 .../tests/unit/search/predicates/node-test.js |    2 +-
 .../unit/search/predicates/policy-test.js     |    2 +-
 .../tests/unit/search/predicates/role-test.js |    2 +-
 .../unit/search/predicates/service-test.js    |    2 +-
 .../unit/search/predicates/token-test.js      |    2 +-
 .../unit/serializers/application-test.js      |    2 +-
 .../unit/serializers/auth-method-test.js      |    2 +-
 .../unit/serializers/binding-rule-test.js     |    2 +-
 .../tests/unit/serializers/coordinate-test.js |    2 +-
 .../unit/serializers/discovery-chain-test.js  |    2 +-
 .../tests/unit/serializers/intention-test.js  |    2 +-
 .../tests/unit/serializers/kv-test.js         |    2 +-
 .../tests/unit/serializers/node-test.js       |    2 +-
 .../tests/unit/serializers/nspace-test.js     |    2 +-
 .../unit/serializers/oidc-provider-test.js    |    2 +-
 .../tests/unit/serializers/partition-test.js  |    2 +-
 .../tests/unit/serializers/permission-test.js |    2 +-
 .../tests/unit/serializers/policy-test.js     |    2 +-
 .../tests/unit/serializers/proxy-test.js      |    2 +-
 .../tests/unit/serializers/role-test.js       |    2 +-
 .../unit/serializers/service-instance-test.js |    2 +-
 .../tests/unit/serializers/service-test.js    |    2 +-
 .../tests/unit/serializers/session-test.js    |    2 +-
 .../tests/unit/serializers/token-test.js      |    2 +-
 .../tests/unit/services/atob-test.js          |    2 +-
 .../tests/unit/services/btoa-test.js          |    2 +-
 .../unit/services/client/connections-test.js  |    2 +-
 .../tests/unit/services/client/http-test.js   |    2 +-
 .../services/client/transports/xhr-test.js    |    2 +-
 .../services/clipboard/local-storage-test.js  |    2 +-
 .../tests/unit/services/clipboard/os-test.js  |    2 +-
 .../unit/services/code-mirror/linter-test.js  |    2 +-
 .../data-source/protocols/http-test.js        |    2 +-
 .../protocols/local-storage-test.js           |    2 +-
 .../tests/unit/services/data-structs-test.js  |    2 +-
 .../consul-ui/tests/unit/services/dom-test.js |    2 +-
 .../tests/unit/services/encoder-test.js       |    2 +-
 .../consul-ui/tests/unit/services/env-test.js |    2 +-
 .../tests/unit/services/feedback-test.js      |    2 +-
 .../tests/unit/services/form-test.js          |    2 +-
 .../tests/unit/services/logger-test.js        |    2 +-
 .../tests/unit/services/repository-test.js    |    2 +-
 .../services/repository/auth-method-test.js   |    2 +-
 .../services/repository/coordinate-test.js    |    2 +-
 .../tests/unit/services/repository/dc-test.js |    2 +-
 .../repository/discovery-chain-test.js        |    2 +-
 .../services/repository/intention-test.js     |    2 +-
 .../tests/unit/services/repository/kv-test.js |    2 +-
 .../unit/services/repository/node-test.js     |    2 +-
 .../unit/services/repository/nspace-test.js   |    2 +-
 .../services/repository/oidc-provider-test.js |    2 +-
 .../services/repository/partition-test.js     |    2 +-
 .../services/repository/permission-test.js    |    2 +-
 .../unit/services/repository/policy-test.js   |    2 +-
 .../unit/services/repository/role-test.js     |    2 +-
 .../repository/service-instance-test.js       |    2 +-
 .../unit/services/repository/service-test.js  |    2 +-
 .../unit/services/repository/session-test.js  |    2 +-
 .../unit/services/repository/token-test.js    |    2 +-
 .../tests/unit/services/search-test.js        |    2 +-
 .../tests/unit/services/settings-test.js      |    2 +-
 .../tests/unit/services/sort-test.js          |    2 +-
 .../tests/unit/services/state-test.js         |    2 +-
 .../tests/unit/services/store-test.js         |    2 +-
 .../tests/unit/services/temporal-test.js      |    2 +-
 .../tests/unit/services/ticker-test.js        |    2 +-
 .../tests/unit/services/timeout-test.js       |    2 +-
 .../tests/unit/sort/comparators/node-test.js  |    2 +-
 .../unit/sort/comparators/service-test.js     |    2 +-
 .../consul-ui/tests/unit/utils/ascend-test.js |    2 +-
 .../consul-ui/tests/unit/utils/atob-test.js   |    2 +-
 .../consul-ui/tests/unit/utils/btoa-test.js   |    2 +-
 .../tests/unit/utils/callable-type-test.js    |    2 +-
 .../unit/utils/create-fingerprinter-test.js   |    2 +-
 .../unit/utils/dom/click-first-anchor-test.js |    2 +-
 .../tests/unit/utils/dom/closest-test.js      |    2 +-
 .../unit/utils/dom/create-listeners-test.js   |    2 +-
 .../utils/dom/event-source/blocking-test.js   |    2 +-
 .../unit/utils/dom/event-source/cache-test.js |    2 +-
 .../utils/dom/event-source/callable-test.js   |    2 +-
 .../unit/utils/dom/event-source/index-test.js |    2 +-
 .../utils/dom/event-source/openable-test.js   |    2 +-
 .../unit/utils/dom/event-source/proxy-test.js |    2 +-
 .../utils/dom/event-source/resolver-test.js   |    2 +-
 .../utils/dom/event-source/storage-test.js    |    2 +-
 .../unit/utils/dom/event-target/rsvp-test.js  |    2 +-
 .../utils/dom/get-component-factory-test.js   |    2 +-
 .../tests/unit/utils/dom/is-outside-test.js   |    2 +-
 .../unit/utils/dom/normalize-event-test.js    |    2 +-
 .../tests/unit/utils/dom/qsa-factory-test.js  |    2 +-
 .../tests/unit/utils/dom/sibling-test.js      |    2 +-
 .../tests/unit/utils/get-environment-test.js  |    2 +-
 .../unit/utils/get-form-name-property-test.js |    2 +-
 .../unit/utils/helpers/call-if-type-test.js   |    2 +-
 .../unit/utils/http/create-headers-test.js    |    2 +-
 .../utils/http/create-query-params-test.js    |    2 +-
 .../tests/unit/utils/http/create-url-test.js  |    2 +-
 .../tests/unit/utils/http/error-test.js       |    2 +-
 .../tests/unit/utils/http/request-test.js     |    2 +-
 .../tests/unit/utils/http/xhr-test.js         |    2 +-
 .../tests/unit/utils/isFolder-test.js         |    2 +-
 .../tests/unit/utils/keyToArray-test.js       |    2 +-
 .../tests/unit/utils/left-trim-test.js        |    2 +-
 .../tests/unit/utils/maybe-call-test.js       |    2 +-
 .../tests/unit/utils/merge-checks-test.js     |    2 +-
 .../tests/unit/utils/non-empty-set-test.js    |    2 +-
 .../tests/unit/utils/path/resolve-test.js     |    2 +-
 .../tests/unit/utils/promisedTimeout-test.js  |    2 +-
 .../tests/unit/utils/right-trim-test.js       |    2 +-
 .../unit/utils/routing/transitionable-test.js |    2 +-
 .../tests/unit/utils/routing/walk-test.js     |    2 +-
 .../tests/unit/utils/routing/wildcard-test.js |    2 +-
 .../unit/utils/storage/local-storage-test.js  |    2 +-
 .../tests/unit/utils/templatize-test.js       |    2 +-
 .../tests/unit/utils/ticker/index-test.js     |    2 +-
 .../tests/unit/utils/ucfirst-test.js          |    2 +-
 .../unit/utils/update-array-object-test.js    |    2 +-
 .../consul-ui/translations/common/en-us.yaml  |    2 +-
 .../translations/components/app/en-us.yaml    |    2 +-
 .../translations/components/consul/en-us.yaml |    2 +-
 .../components/copy-button/en-us.yaml         |    2 +-
 .../consul-ui/translations/models/en-us.yaml  |    2 +-
 .../consul-ui/translations/routes/en-us.yaml  |    2 +-
 .../vendor/consul-ui/routes-debug.js          |    2 +-
 .../consul-ui/vendor/consul-ui/routes.js      |    2 +-
 .../vendor/consul-ui/services-debug.js        |    2 +-
 .../consul-ui/vendor/consul-ui/services.js    |    2 +-
 ui/packages/consul-ui/vendor/init.js          |    2 +-
 .../vendor/metrics-providers/consul.js        |    2 +-
 .../vendor/metrics-providers/prometheus.js    |    2 +-
 version/VERSION                               |    2 +-
 version/fips.go                               |    3 -
 version/version.go                            |    2 +-
 version/version_test.go                       |    2 +-
 website/.eslintrc.js                          |    2 +-
 website/.stylelintrc.js                       |    2 +-
 website/content/api-docs/acl/index.mdx        |    2 +-
 website/content/api-docs/acl/tokens.mdx       |    3 +
 website/content/api-docs/agent/check.mdx      |    4 +
 website/content/api-docs/catalog.mdx          |    2 +-
 website/content/api-docs/status.mdx           |    2 +-
 website/content/commands/connect/envoy.mdx    |    2 +-
 website/content/commands/debug.mdx            |    4 +-
 website/content/commands/snapshot/agent.mdx   |    2 +-
 website/content/commands/snapshot/save.mdx    |   15 +
 website/content/commands/watch.mdx            |    5 -
 .../content/docs/agent/config/cli-flags.mdx   |    2 +-
 .../docs/agent/config/config-files.mdx        |   20 +-
 website/content/docs/agent/index.mdx          |    3 +
 .../usage/limit-request-rates-from-ips.mdx    |    6 +-
 .../usage/set-global-traffic-rate-limits.mdx  |    2 +-
 website/content/docs/agent/rpc.mdx            |  260 ++
 website/content/docs/agent/telemetry.mdx      |    4 +-
 .../docs/api-gateway/configuration/routes.mdx |    2 +-
 .../content/docs/api-gateway/tech-specs.mdx   |    2 +-
 website/content/docs/connect/ca/index.mdx     |   21 +-
 website/content/docs/connect/ca/vault.mdx     |   40 +-
 .../control-plane-request-limit.mdx           |    2 +-
 .../docs/connect/distributed-tracing.mdx      |    2 +-
 .../content/docs/connect/failover/index.mdx   |    8 +-
 .../configuration/ext-authz.mdx               |   13 -
 .../configuration/otel-access-logging.mdx     |  390 --
 .../envoy-extensions/configuration/wasm.mdx   |    4 +-
 .../proxies/envoy-extensions/index.mdx        |    5 -
 .../envoy-extensions/usage/ext-authz.mdx      |    1 +
 .../proxies/envoy-extensions/usage/lua.mdx    |   12 +-
 .../usage/otel-access-logging.mdx             |  146 -
 .../consul-vs-other/service-mesh-compare.mdx  |    2 +-
 .../content/docs/dynamic-app-config/kv.mdx    |    2 +-
 .../docs/dynamic-app-config/watches.mdx       |    1 +
 .../docs/ecs/configuration-reference.mdx      |    3 +-
 .../docs/ecs/manual/secure-configuration.mdx  |    4 +-
 .../docs/enterprise/admin-partitions.mdx      |    7 +-
 website/content/docs/k8s/compatibility.mdx    |    2 +-
 .../cluster-peering/usage/manage-peering.mdx  |    4 +-
 website/content/docs/k8s/connect/index.mdx    |    9 +-
 .../k8s/connect/onboarding-tproxy-mode.mdx    |    5 +-
 .../multi-cluster/kubernetes.mdx              |   11 +-
 .../multi-cluster/vms-and-kubernetes.mdx      |   12 +-
 website/content/docs/k8s/helm.mdx             |  104 +-
 website/content/docs/k8s/upgrade/index.mdx    |    2 +-
 website/content/docs/nia/configuration.mdx    |    2 +-
 website/content/docs/nia/usage/errors-ref.mdx |    2 +-
 .../consul-api-gateway/v0_1_x.mdx             |    2 +-
 .../docs/release-notes/consul/v1_16_x.mdx     |   12 +-
 .../content/docs/security/acl/acl-roles.mdx   |    4 +-
 .../docs/security/acl/auth-methods/index.mdx  |    2 +-
 .../docs/security/security-models/core.mdx    |    6 +
 .../checks-configuration-reference.mdx        |    6 +-
 .../services-configuration-reference.mdx      |    2 +-
 .../docs/upgrading/upgrade-specific.mdx       |    8 +-
 website/data/docs-nav-data.json               |   13 +-
 website/prettier.config.js                    |    2 +-
 website/public/ie-warning.js                  |    2 +-
 website/redirects.js                          |    5 +-
 website/scripts/should-build.sh               |    2 +-
 website/scripts/website-build.sh              |    2 +-
 website/scripts/website-start.sh              |    2 +-
 7199 files changed, 14034 insertions(+), 92860 deletions(-)
 delete mode 100644 .changelog/17155.txt
 delete mode 100644 .changelog/17481.txt
 delete mode 100644 .changelog/17593.txt
 delete mode 100644 .changelog/17694.txt
 delete mode 100644 .changelog/17831.txt
 delete mode 100644 .changelog/18007.txt
 delete mode 100644 .changelog/18300.txt
 create mode 100644 .changelog/18303.txt
 delete mode 100644 .changelog/18324.txt
 delete mode 100644 .changelog/18336.txt
 delete mode 100644 .changelog/18367.txt
 create mode 100644 .changelog/18381.txt
 delete mode 100644 .changelog/18439.txt
 delete mode 100644 .changelog/18560.txt
 delete mode 100644 .changelog/18583.txt
 create mode 100644 .changelog/18617.txt
 create mode 100644 .changelog/18625.txt
 create mode 100644 .changelog/18636.txt
 create mode 100644 .changelog/18667.txt
 delete mode 100644 .changelog/_18366.txt
 delete mode 100644 .changelog/_18422.txt
 delete mode 100755 .github/scripts/get_runner_classes_windows.sh
 rename .github/workflows/{nightly-test-1.16.x.yaml => nightly-test-1.12.x.yaml} (75%)
 delete mode 100644 .github/workflows/nightly-test-integrations-1.15.x.yml
 delete mode 100644 .github/workflows/nightly-test-integrations-1.16.x.yml
 delete mode 100644 .github/workflows/reusable-dev-build-windows.yml
 delete mode 100644 .github/workflows/test-integrations-windows.yml
 delete mode 100644 .release/docker/docker-entrypoint-windows.sh
 delete mode 100644 Dockerfile-windows
 rename Makefile => GNUmakefile (73%)
 delete mode 100644 agent/consul/tenancy_bridge.go
 delete mode 100644 agent/consul/tenancy_bridge_ce.go
 delete mode 100644 agent/consul/type_registry.go
 delete mode 100644 agent/envoyextensions/builtin/otel-access-logging/otel_access_logging.go
 delete mode 100644 agent/envoyextensions/builtin/otel-access-logging/otel_access_logging_test.go
 delete mode 100644 agent/envoyextensions/builtin/otel-access-logging/structs.go
 delete mode 100644 agent/envoyextensions/registered_extensions_ce.go
 delete mode 100644 agent/grpc-external/services/resource/mock_TenancyBridge.go
 delete mode 100644 agent/grpc-external/services/resource/server_ce.go
 delete mode 100644 agent/grpc-external/services/resource/server_ce_test.go
 delete mode 100644 agent/proxycfg-sources/catalog/config_source_oss.go
 delete mode 100644 agent/proxycfg/api_gateway_ce.go
 delete mode 100644 agent/proxycfg/config_snapshot_glue.go
 delete mode 100644 agent/proxycfg/config_snapshot_glue_test.go
 delete mode 100644 agent/structs/config_entry_apigw_jwt_ce.go
 delete mode 100644 agent/structs/structs.deepcopy_ce.go
 rename agent/xds/{config => }/config.go (98%)
 rename agent/xds/{config => }/config_test.go (99%)
 delete mode 100644 agent/xds/configfetcher/config_fetcher.go
 delete mode 100644 agent/xds/gw_per_route_filters_ce.go
 delete mode 100644 agent/xds/jwt_authn_ce.go
 delete mode 100644 agent/xds/locality_policy.go
 delete mode 100644 agent/xds/locality_policy_ce.go
 create mode 100644 agent/xds/naming.go
 delete mode 100644 agent/xds/naming/naming.go
 rename agent/xds/{platform => }/net_fallback.go (50%)
 rename agent/xds/{platform => }/net_linux.go (87%)
 delete mode 100644 agent/xds/proxystateconverter/clusters.go
 delete mode 100644 agent/xds/proxystateconverter/converter.go
 delete mode 100644 agent/xds/proxystateconverter/endpoints.go
 delete mode 100644 agent/xds/proxystateconverter/failover_policy.go
 delete mode 100644 agent/xds/proxystateconverter/failover_policy_ce.go
 delete mode 100644 agent/xds/proxystateconverter/listeners.go
 delete mode 100644 agent/xds/proxystateconverter/locality_policy.go
 delete mode 100644 agent/xds/proxystateconverter/locality_policy_ce.go
 delete mode 100644 agent/xds/proxystateconverter/routes.go
 rename agent/xds/{response => }/response.go (80%)
 rename agent/xds/testdata/clusters/{api-gateway-with-http-route.latest.golden => api-gateway-with-http-route-and-inline-certificate.latest.golden} (100%)
 delete mode 100644 agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
 delete mode 100644 agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden
 delete mode 100644 agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden
 delete mode 100644 agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
 delete mode 100644 agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden
 delete mode 100644 agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden
 delete mode 100644 agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden
 delete mode 100644 agent/xds/testdata/clusters/enterprise-connect-proxy-with-chain-http2.latest.golden
 delete mode 100644 agent/xds/testdata/clusters/expose-checks.latest.golden
 delete mode 100644 agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden
 rename agent/xds/testdata/endpoints/{api-gateway-with-http-route.latest.golden => api-gateway-with-http-route-and-inline-certificate.latest.golden} (100%)
 delete mode 100644 agent/xds/testdata/endpoints/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
 delete mode 100644 agent/xds/testdata/endpoints/api-gateway-with-multiple-inline-certificates.latest.golden
 delete mode 100644 agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
 delete mode 100644 agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-http2.latest.golden
 delete mode 100644 agent/xds/testdata/endpoints/mesh-gateway-using-federation-control-plane.latest.golden
 create mode 100644 agent/xds/testdata/listeners/api-gateway-with-http-route-and-inline-certificate.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/api-gateway-with-multiple-inline-certificates.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-http2.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/expose-checks-grpc.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden
 rename agent/xds/testdata/listeners/{expose-checks-http.latest.golden => expose-checks.latest.golden} (100%)
 delete mode 100644 agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
 delete mode 100644 agent/xds/testdata/listeners/terminating-gateway-custom-trace-listener.latest.golden
 rename agent/xds/testdata/routes/{api-gateway-with-http-route-timeoutfilter-one-set.latest.golden => api-gateway-with-http-route-and-inline-certificate.latest.golden} (94%)
 delete mode 100644 agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden
 delete mode 100644 agent/xds/testdata/routes/api-gateway-with-multiple-inline-certificates.latest.golden
 delete mode 100644 agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden
 delete mode 100644 agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden
 delete mode 100644 agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden
 delete mode 100644 agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
 delete mode 100644 agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-http2.latest.golden
 delete mode 100644 agent/xds/testdata/secrets/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
 delete mode 100644 agent/xds/testdata/secrets/api-gateway-with-http-route.latest.golden
 delete mode 100644 agent/xds/testdata/secrets/api-gateway-with-multiple-inline-certificates.latest.golden
 delete mode 100644 agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
 delete mode 100644 agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-http2.latest.golden
 delete mode 100644 agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-listener-override.latest.golden
 delete mode 100644 agent/xdsv2/cluster_resources.go
 delete mode 100644 agent/xdsv2/endpoint_resources.go
 delete mode 100644 agent/xdsv2/listener_resources.go
 delete mode 100644 agent/xdsv2/resources.go
 delete mode 100644 agent/xdsv2/route_resources.go
 delete mode 100644 api/LICENSE
 delete mode 100644 api/config_entry_routes_test.go
 delete mode 100755 build-support/scripts/check-allowed-imports.sh
 delete mode 100644 build-support/windows/Dockerfile-consul-dev-windows
 delete mode 100644 build-support/windows/Dockerfile-consul-local-windows
 delete mode 100644 build-support/windows/Dockerfile-openzipkin-windows
 delete mode 100644 build-support/windows/build-consul-dev-image.sh
 delete mode 100644 build-support/windows/build-consul-local-images.sh
 delete mode 100644 build-support/windows/build-test-sds-server-image.sh
 delete mode 100644 build-support/windows/windows-test.md
 delete mode 100644 command/connect/envoy/exec_supported.go
 delete mode 100644 command/connect/envoy/exec_windows.go
 delete mode 100644 command/connect/envoy/exec_windows_arm64.go
 delete mode 100644 grafana/consul-k8s-control-plane-monitoring.json
 delete mode 100644 internal/catalog/catalogtest/test_lifecycle_v1alpha1.go
 delete mode 100644 internal/catalog/internal/controllers/failover/controller.go
 delete mode 100644 internal/catalog/internal/controllers/failover/controller_test.go
 delete mode 100644 internal/catalog/internal/controllers/failover/status.go
 delete mode 100644 internal/catalog/internal/mappers/failovermapper/failover_mapper.go
 delete mode 100644 internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go
 delete mode 100644 internal/catalog/internal/types/failover_policy.go
 delete mode 100644 internal/catalog/internal/types/failover_policy_test.go
 delete mode 100644 internal/mesh/internal/controllers/register.go
 delete mode 100644 internal/mesh/internal/controllers/xds/controller.go
 delete mode 100644 internal/mesh/internal/controllers/xds/controller_test.go
 delete mode 100644 internal/mesh/internal/controllers/xds/endpoint_builder.go
 delete mode 100644 internal/mesh/internal/controllers/xds/endpoint_builder_test.go
 delete mode 100644 internal/mesh/internal/controllers/xds/mock_updater.go
 delete mode 100644 internal/mesh/internal/controllers/xds/proxy_tracker_watch.go
 delete mode 100644 internal/mesh/internal/controllers/xds/reconciliation_data.go
 delete mode 100644 internal/mesh/internal/controllers/xds/status/status.go
 delete mode 100644 internal/mesh/internal/types/computed_routes.go
 delete mode 100644 internal/mesh/internal/types/computed_routes_test.go
 delete mode 100644 internal/mesh/internal/types/decoded.go
 delete mode 100644 internal/mesh/internal/types/destination_policy.go
 delete mode 100644 internal/mesh/internal/types/destination_policy_test.go
 delete mode 100644 internal/mesh/internal/types/grpc_route.go
 delete mode 100644 internal/mesh/internal/types/grpc_route_test.go
 delete mode 100644 internal/mesh/internal/types/http_route.go
 delete mode 100644 internal/mesh/internal/types/http_route_test.go
 delete mode 100644 internal/mesh/internal/types/proxy_state_template.go
 delete mode 100644 internal/mesh/internal/types/tcp_route.go
 delete mode 100644 internal/mesh/internal/types/tcp_route_test.go
 delete mode 100644 internal/mesh/internal/types/upstreams_configuration.go
 delete mode 100644 internal/mesh/internal/types/util.go
 delete mode 100644 internal/mesh/internal/types/xroute.go
 delete mode 100644 internal/mesh/proxy-snapshot/proxy_snapshot.go
 delete mode 100644 internal/mesh/proxy-tracker/mock_SessionLimiter.go
 delete mode 100644 internal/mesh/proxy-tracker/proxy_state_exports.go
 delete mode 100644 internal/mesh/proxy-tracker/proxy_tracker.go
 delete mode 100644 internal/mesh/proxy-tracker/proxy_tracker_test.go
 delete mode 100644 internal/protohcl/any.go
 delete mode 100644 internal/protohcl/attributes.go
 delete mode 100644 internal/protohcl/blocks.go
 delete mode 100644 internal/protohcl/cty.go
 delete mode 100644 internal/protohcl/decoder.go
 delete mode 100644 internal/protohcl/doc.go
 delete mode 100644 internal/protohcl/naming.go
 delete mode 100644 internal/protohcl/oneof.go
 delete mode 100644 internal/protohcl/primitives.go
 delete mode 100644 internal/protohcl/testproto/buf.gen.yaml
 delete mode 100644 internal/protohcl/testproto/example.pb.go
 delete mode 100644 internal/protohcl/testproto/example.proto
 delete mode 100644 internal/protohcl/unmarshal.go
 delete mode 100644 internal/protohcl/unmarshal_test.go
 delete mode 100644 internal/protohcl/well_known_types.go
 delete mode 100644 internal/resource/authz_ce.go
 delete mode 100644 internal/resource/decode.go
 delete mode 100644 internal/resource/decode_test.go
 delete mode 100644 internal/resource/http/http.go
 delete mode 100644 internal/resource/http/http_test.go
 delete mode 100644 internal/resource/mappers/bimapper/bimapper.go
 delete mode 100644 internal/resource/mappers/bimapper/bimapper_test.go
 delete mode 100644 internal/resource/refkey.go
 delete mode 100644 internal/resource/refkey_test.go
 delete mode 100644 internal/resource/resourcetest/decode.go
 delete mode 100644 internal/resource/resourcetest/validation.go
 delete mode 100644 internal/resource/stringer.go
 delete mode 100644 internal/resource/tenancy.go
 delete mode 100644 internal/resourcehcl/any.go
 delete mode 100644 internal/resourcehcl/naming.go
 delete mode 100644 internal/resourcehcl/testdata/gvk-no-arguments.error
 delete mode 100644 internal/resourcehcl/testdata/gvk-no-arguments.hcl
 delete mode 100644 internal/resourcehcl/testdata/invalid-group.error
 delete mode 100644 internal/resourcehcl/testdata/invalid-group.hcl
 delete mode 100644 internal/resourcehcl/testdata/invalid-gvk.error
 delete mode 100644 internal/resourcehcl/testdata/invalid-gvk.hcl
 delete mode 100644 internal/resourcehcl/testdata/invalid-metadata.error
 delete mode 100644 internal/resourcehcl/testdata/invalid-metadata.hcl
 delete mode 100644 internal/resourcehcl/testdata/invalid-name.error
 delete mode 100644 internal/resourcehcl/testdata/invalid-name.hcl
 delete mode 100644 internal/resourcehcl/testdata/no-blocks-any-first.golden
 delete mode 100644 internal/resourcehcl/testdata/no-blocks-any-first.hcl
 delete mode 100644 internal/resourcehcl/testdata/no-blocks.golden
 delete mode 100644 internal/resourcehcl/testdata/no-blocks.hcl
 delete mode 100644 internal/resourcehcl/testdata/owner.golden
 delete mode 100644 internal/resourcehcl/testdata/owner.hcl
 delete mode 100644 internal/resourcehcl/testdata/simple-gvk.golden
 delete mode 100644 internal/resourcehcl/testdata/simple-gvk.hcl
 delete mode 100644 internal/resourcehcl/testdata/type-block.golden
 delete mode 100644 internal/resourcehcl/testdata/type-block.hcl
 delete mode 100644 internal/resourcehcl/testdata/unknown-field-block.error
 delete mode 100644 internal/resourcehcl/testdata/unknown-field-block.hcl
 delete mode 100644 internal/resourcehcl/testdata/unknown-field-object.error
 delete mode 100644 internal/resourcehcl/testdata/unknown-field-object.hcl
 delete mode 100644 internal/resourcehcl/testdata/unknown-type.error
 delete mode 100644 internal/resourcehcl/testdata/unknown-type.hcl
 delete mode 100644 internal/resourcehcl/testdata/upstreams.golden
 delete mode 100644 internal/resourcehcl/testdata/upstreams.hcl
 delete mode 100644 internal/resourcehcl/unmarshal.go
 delete mode 100644 internal/resourcehcl/unmarshal_test.go
 create mode 100644 logging/logfile_bsd.go
 create mode 100644 logging/logfile_linux.go
 create mode 100644 logging/logfile_solaris.go
 create mode 100644 logging/logfile_windows.go
 delete mode 100644 proto-public/LICENSE
 delete mode 100644 proto-public/pbcatalog/v1alpha1/failover_policy.pb.binary.go
 delete mode 100644 proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
 delete mode 100644 proto-public/pbcatalog/v1alpha1/failover_policy.proto
 delete mode 100644 proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
 delete mode 100644 proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/common.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/common.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/common.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/computed_routes.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/computed_routes.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/computed_routes.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/destination_policy.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/destination_policy.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/destination_policy.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/grpc_route.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/grpc_route.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/grpc_route.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/http_route.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/http_route.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/http_route.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/http_route_retries.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/http_route_retries.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
 rename proto-public/pbmesh/v1alpha1/{proxy_configuration.pb.binary.go => proxy.pb.binary.go} (67%)
 create mode 100644 proto-public/pbmesh/v1alpha1/proxy.pb.go
 rename proto-public/pbmesh/v1alpha1/{proxy_configuration.proto => proxy.proto} (60%)
 delete mode 100644 proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/proxy_state.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/proxy_state.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/proxy_state.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/tcp_route.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/tcp_route.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/tcp_route.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.binary.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
 delete mode 100644 proto-public/pbmesh/v1alpha1/xroute_addons.go
 delete mode 100644 proto-public/pbmesh/v1alpha1/xroute_addons_test.go
 delete mode 100644 proto/private/pbconfigentry/config_entry_ce.go
 delete mode 100644 sdk/LICENSE
 delete mode 100644 sdk/testutil/retry/counter.go
 delete mode 100644 sdk/testutil/retry/timer.go
 delete mode 100644 test-integ/README.md
 delete mode 100644 test-integ/go.mod
 delete mode 100644 test-integ/go.sum
 delete mode 100644 test-integ/peering_commontopo/README.md
 delete mode 100644 test-integ/peering_commontopo/ac1_basic_test.go
 delete mode 100644 test-integ/peering_commontopo/ac2_disco_chain_test.go
 delete mode 100644 test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go
 delete mode 100644 test-integ/peering_commontopo/ac4_proxy_defaults_test.go
 delete mode 100644 test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go
 delete mode 100644 test-integ/peering_commontopo/ac5_2_pq_failover_test.go
 delete mode 100644 test-integ/peering_commontopo/ac6_failovers_test.go
 delete mode 100644 test-integ/peering_commontopo/ac7_1_rotate_gw_test.go
 delete mode 100644 test-integ/peering_commontopo/ac7_2_rotate_leader_test.go
 delete mode 100644 test-integ/peering_commontopo/asserter.go
 delete mode 100644 test-integ/peering_commontopo/commontopo.go
 delete mode 100644 test-integ/peering_commontopo/sharedtopology_test.go
 delete mode 100644 test/integration/connect/envoy/Dockerfile-consul-envoy-windows
 delete mode 100644 test/integration/connect/envoy/Dockerfile-tcpdump-windows
 delete mode 100644 test/integration/connect/envoy/Dockerfile-test-sds-server-windows
 delete mode 100644 test/integration/connect/envoy/WINDOWS-TEST.md
 delete mode 100644 test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh
 delete mode 100644 test/integration/connect/envoy/docker-windows.md
 delete mode 100644 test/integration/connect/envoy/docs/img/linux-arch.png
 delete mode 100644 test/integration/connect/envoy/docs/img/windows-arch-singlecontainer.png
 delete mode 100644 test/integration/connect/envoy/docs/img/windows-linux-arch.png
 delete mode 100644 test/integration/connect/envoy/docs/windows-testing-architecture.md
 delete mode 100644 test/integration/connect/envoy/helpers.windows.bash
 delete mode 100644 test/integration/connect/envoy/run-tests.windows.sh
 delete mode 100644 test/integration/connect/envoy/windows-troubleshooting.md
 delete mode 100644 test/integration/consul-container/test/catalog/catalog_test.go
 delete mode 100644 test/integration/consul-container/test/debugging.md
 delete mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile
 delete mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/README.md
 delete mode 100755 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh
 delete mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod
 delete mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum
 delete mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/nginx.conf
 delete mode 100644 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go
 delete mode 100755 test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.wasm
 delete mode 100644 test/integration/consul-container/test/envoy_extensions/wasm_test.go
 delete mode 100644 test/integration/consul-container/test/upgrade/catalog/catalog_test.go
 delete mode 100644 test/integration/consul-container/test/util/test_debug_breakpoint_hit.png
 delete mode 100644 test/integration/consul-container/test/util/test_debug_configuration.png
 delete mode 100644 test/integration/consul-container/test/util/test_debug_info.png
 delete mode 100644 test/integration/consul-container/test/util/test_debug_remote_configuration.png
 delete mode 100644 test/integration/consul-container/test/util/test_debug_remote_connected.png
 delete mode 100644 test/integration/consul-container/test/util/test_debug_resume_program.png
 delete mode 100644 testing/deployer/.gitignore
 delete mode 100644 testing/deployer/README.md
 delete mode 100644 testing/deployer/TODO.md
 delete mode 100644 testing/deployer/go.mod
 delete mode 100644 testing/deployer/go.sum
 delete mode 100644 testing/deployer/sprawl/acl.go
 delete mode 100644 testing/deployer/sprawl/acl_rules.go
 delete mode 100644 testing/deployer/sprawl/boot.go
 delete mode 100644 testing/deployer/sprawl/catalog.go
 delete mode 100644 testing/deployer/sprawl/configentries.go
 delete mode 100644 testing/deployer/sprawl/consul.go
 delete mode 100644 testing/deployer/sprawl/debug.go
 delete mode 100644 testing/deployer/sprawl/details.go
 delete mode 100644 testing/deployer/sprawl/ent.go
 delete mode 100644 testing/deployer/sprawl/helpers.go
 delete mode 100644 testing/deployer/sprawl/internal/build/docker.go
 delete mode 100644 testing/deployer/sprawl/internal/runner/exec.go
 delete mode 100644 testing/deployer/sprawl/internal/secrets/store.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/agent.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/digest.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/dns.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/docker.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/docker_test.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/gen.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/io.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/nodes.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/prelude.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/proxy.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/res.go
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl
 delete mode 100644 testing/deployer/sprawl/internal/tfgen/tfgen.go
 delete mode 100644 testing/deployer/sprawl/peering.go
 delete mode 100644 testing/deployer/sprawl/sprawl.go
 delete mode 100644 testing/deployer/sprawl/sprawltest/sprawltest.go
 delete mode 100644 testing/deployer/sprawl/sprawltest/test_test.go
 delete mode 100644 testing/deployer/sprawl/tls.go
 delete mode 100644 testing/deployer/topology/compile.go
 delete mode 100644 testing/deployer/topology/default_cdp.go
 delete mode 100644 testing/deployer/topology/default_consul.go
 delete mode 100644 testing/deployer/topology/default_envoy.go
 delete mode 100644 testing/deployer/topology/ids.go
 delete mode 100644 testing/deployer/topology/images.go
 delete mode 100644 testing/deployer/topology/images_test.go
 delete mode 100644 testing/deployer/topology/topology.go
 delete mode 100644 testing/deployer/topology/util.go
 delete mode 100644 testing/deployer/topology/util_test.go
 delete mode 100644 testing/deployer/util/consul.go
 delete mode 100644 testing/deployer/util/files.go
 delete mode 100644 testing/deployer/util/internal/ipamutils/doc.go
 delete mode 100644 testing/deployer/util/internal/ipamutils/utils.go
 delete mode 100644 testing/deployer/util/internal/ipamutils/utils_test.go
 delete mode 100644 testing/deployer/util/net.go
 create mode 100644 website/content/docs/agent/rpc.mdx
 delete mode 100644 website/content/docs/connect/proxies/envoy-extensions/configuration/otel-access-logging.mdx
 delete mode 100644 website/content/docs/connect/proxies/envoy-extensions/usage/otel-access-logging.mdx

diff --git a/.changelog/17155.txt b/.changelog/17155.txt
deleted file mode 100644
index 03cec33e991a..000000000000
--- a/.changelog/17155.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:improvement
-config: Add new `tls.defaults.verify_server_hostname` configuration option. This specifies the default value for any interfaces that support the `verify_server_hostname` option.
-```
diff --git a/.changelog/17481.txt b/.changelog/17481.txt
deleted file mode 100644
index 89ad16998e83..000000000000
--- a/.changelog/17481.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-tlsutil: Default setting of ServerName field in outgoing TLS configuration for checks now handled by crypto/tls.
-```
diff --git a/.changelog/17593.txt b/.changelog/17593.txt
deleted file mode 100644
index 1f84e75f5742..000000000000
--- a/.changelog/17593.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-docs: fix list of telemetry metrics
-```
diff --git a/.changelog/17694.txt b/.changelog/17694.txt
deleted file mode 100644
index 703b100d1d3a..000000000000
--- a/.changelog/17694.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:feature
-Windows: support consul connect envoy command on Windows
-```
diff --git a/.changelog/17754.txt b/.changelog/17754.txt
index 32272ec1ae91..56ab20dc213e 100644
--- a/.changelog/17754.txt
+++ b/.changelog/17754.txt
@@ -1,3 +1,3 @@
 ```release-note:feature
-ui: Display the Consul agent version in the nodes list, and allow filtering and sorting of nodes based on versions.
-```
\ No newline at end of file
+ui: consul version is displayed in nodes list with filtering and sorting based on versions
+```
diff --git a/.changelog/17831.txt b/.changelog/17831.txt
deleted file mode 100644
index 2833bda1d576..000000000000
--- a/.changelog/17831.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:improvement
-ca: Vault CA provider config no longer requires root_pki_path for secondary datacenters
-```
diff --git a/.changelog/18007.txt b/.changelog/18007.txt
deleted file mode 100644
index b963d2f77fcd..000000000000
--- a/.changelog/18007.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:improvement
-Windows: Integration tests for Consul Windows VMs
-```
diff --git a/.changelog/18300.txt b/.changelog/18300.txt
deleted file mode 100644
index 717a697777e2..000000000000
--- a/.changelog/18300.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:improvement
-connect: update supported envoy versions to 1.24.10, 1.25.9, 1.26.4, 1.27.0
-```
diff --git a/.changelog/18303.txt b/.changelog/18303.txt
new file mode 100644
index 000000000000..4afc4473b7c9
--- /dev/null
+++ b/.changelog/18303.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+connect: update supported envoy versions to 1.23.12, 1.24.10, 1.25.9, 1.26.4
+```
diff --git a/.changelog/18324.txt b/.changelog/18324.txt
deleted file mode 100644
index 6d1f11a92e96..000000000000
--- a/.changelog/18324.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:feature
-api-gateway: add retry and timeout filters
-```
\ No newline at end of file
diff --git a/.changelog/18336.txt b/.changelog/18336.txt
deleted file mode 100644
index 5d91046ec5ef..000000000000
--- a/.changelog/18336.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:feature
-xds: Add a built-in Envoy extension that appends OpenTelemetry Access Logging (otel-access-logging) to the HTTP Connection Manager filter.
-```
-
-```release-note:feature
-xds: Add support for patching outbound listeners to the built-in Envoy External Authorization extension.
-```
diff --git a/.changelog/18367.txt b/.changelog/18367.txt
deleted file mode 100644
index 578cf7091853..000000000000
--- a/.changelog/18367.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-dev-mode: Fix dev mode has new line in responses. Now new line is added only when url has pretty query parameter.
-```
diff --git a/.changelog/18381.txt b/.changelog/18381.txt
new file mode 100644
index 000000000000..f6af62993f59
--- /dev/null
+++ b/.changelog/18381.txt
@@ -0,0 +1,6 @@
+```release-note:improvement
+checks: It is now possible to configure agent TCP checks to use TLS with
+optional server SNI and mutual authentication. To use TLS with a TCP check, the
+check must enable the `tcp_use_tls` boolean. By default the agent will use the
+TLS configuration in the `tls.default` stanza. 
+```
diff --git a/.changelog/18439.txt b/.changelog/18439.txt
deleted file mode 100644
index dd12738d5c38..000000000000
--- a/.changelog/18439.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:feature
-Support custom watches on the Consul Controller framework.
-```
diff --git a/.changelog/18560.txt b/.changelog/18560.txt
deleted file mode 100644
index 118fad95306d..000000000000
--- a/.changelog/18560.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:improvement
-ui: Use Community verbiage
-```
\ No newline at end of file
diff --git a/.changelog/18583.txt b/.changelog/18583.txt
deleted file mode 100644
index 8121e01ced0d..000000000000
--- a/.changelog/18583.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:feature
-mesh: **(Enterprise only)** Adds rate limiting config to service-defaults
-```
diff --git a/.changelog/18617.txt b/.changelog/18617.txt
new file mode 100644
index 000000000000..1f840d836dee
--- /dev/null
+++ b/.changelog/18617.txt
@@ -0,0 +1,4 @@
+```release-note:improvement
+log: Currently consul logs files like this consul-{timestamp}.log. This change makes sure that there is always
+consul.log file with the latest logs in it.
+```
\ No newline at end of file
diff --git a/.changelog/18625.txt b/.changelog/18625.txt
new file mode 100644
index 000000000000..8474cac8dc1d
--- /dev/null
+++ b/.changelog/18625.txt
@@ -0,0 +1,5 @@
+```release-note:improvement
+Adds flag -append-filename (which works on values version, dc, node and status) to consul snapshot save command.
+Adding the flag -append-filename version,dc,node,status will add consul version, consul datacenter, node name and leader/follower
+(status) in the file name given in the snapshot save command before the file extension.
+```
diff --git a/.changelog/18636.txt b/.changelog/18636.txt
new file mode 100644
index 000000000000..ff6990f5abcb
--- /dev/null
+++ b/.changelog/18636.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect: Fix issue where Envoy endpoints would not populate correctly after a snapshot restore.
+```
diff --git a/.changelog/18667.txt b/.changelog/18667.txt
new file mode 100644
index 000000000000..c9ef7b455121
--- /dev/null
+++ b/.changelog/18667.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+api: Add support for listing ACL tokens by service name.
+```
diff --git a/.changelog/_18366.txt b/.changelog/_18366.txt
deleted file mode 100644
index 02a3599c2c27..000000000000
--- a/.changelog/_18366.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:feature
-config-entry(api-gateway): (Enterprise only) Add GatewayPolicy to APIGateway Config Entry listeners
-```
diff --git a/.changelog/_18422.txt b/.changelog/_18422.txt
deleted file mode 100644
index 4f0efbbe3b27..000000000000
--- a/.changelog/_18422.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:feature
-config-entry(api-gateway): (Enterprise only) Add JWTFilter to HTTPRoute Filters
-```
diff --git a/.copywrite.hcl b/.copywrite.hcl
index dbe52115c27e..fa06f76e2ac6 100644
--- a/.copywrite.hcl
+++ b/.copywrite.hcl
@@ -1,8 +1,8 @@
 schema_version = 1
 
 project {
-  license        = "BUSL-1.1"
-  copyright_year = 2023
+  license        = "MPL-2.0"
+  copyright_year = 2013
 
   # (OPTIONAL) A list of globs that should not have copyright/license headers.
   # Supports doublestar glob patterns for more flexibility in defining which
@@ -19,18 +19,11 @@ project {
 
     # ignore specific test data files
     "agent/uiserver/testdata/**",
-    "internal/resourcehcl/testdata/**",
 
     # generated files 
     "agent/structs/structs.deepcopy.go",
     "agent/proxycfg/proxycfg.deepcopy.go",
     "agent/grpc-middleware/rate_limit_mappings.gen.go",
     "agent/uiserver/dist/**",
-
-    # licensed under MPL - ignoring for now until the copywrite tool can support
-    # multiple licenses per repo.
-    "sdk/**",
-    "api/**",
-    "proto-public/**",
   ]
 }
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 16480bb6f4f9..36f9456693ff 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 blank_issues_enabled: false
 contact_links:
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index d618028e100b..05387a7c9b80 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 version: 2
 updates:
diff --git a/.github/pr-labeler.yml b/.github/pr-labeler.yml
index fd39f2ccab42..e10f3c1376ef 100644
--- a/.github/pr-labeler.yml
+++ b/.github/pr-labeler.yml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 pr/dependencies:
     - vendor/**/*
diff --git a/.github/scripts/changelog_checker.sh b/.github/scripts/changelog_checker.sh
index a214ef247797..e6b4d7f85dcc 100755
--- a/.github/scripts/changelog_checker.sh
+++ b/.github/scripts/changelog_checker.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/.github/scripts/get_runner_classes.sh b/.github/scripts/get_runner_classes.sh
index abd3f1bce2d0..2e66a4e344c6 100755
--- a/.github/scripts/get_runner_classes.sh
+++ b/.github/scripts/get_runner_classes.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 #
 # This script generates tag-sets that can be used as runs-on: values to select runners.
@@ -8,19 +8,19 @@
 set -euo pipefail
 
 case "$GITHUB_REPOSITORY" in
-    *-enterprise)
-        # shellcheck disable=SC2129
-        echo "compute-small=['self-hosted', 'linux', 'small']" >> "$GITHUB_OUTPUT"
-        echo "compute-medium=['self-hosted', 'linux', 'medium']" >> "$GITHUB_OUTPUT"
-        echo "compute-large=['self-hosted', 'linux', 'large']" >> "$GITHUB_OUTPUT"
-        # m5d.8xlarge is equivalent to our xl custom runner in CE
-        echo "compute-xl=['self-hosted', 'ondemand', 'linux', 'type=m5d.8xlarge']" >> "$GITHUB_OUTPUT"
-        ;;
-    *)
-        # shellcheck disable=SC2129
-        echo "compute-small=['custom-linux-s-consul-latest']" >> "$GITHUB_OUTPUT"
-        echo "compute-medium=['custom-linux-m-consul-latest']" >> "$GITHUB_OUTPUT"
-        echo "compute-large=['custom-linux-l-consul-latest']" >> "$GITHUB_OUTPUT"
-        echo "compute-xl=['custom-linux-xl-consul-latest']" >> "$GITHUB_OUTPUT"
-        ;;
+*-enterprise)
+	# shellcheck disable=SC2129
+	echo "compute-small=['self-hosted', 'linux', 'small']" >>"$GITHUB_OUTPUT"
+	echo "compute-medium=['self-hosted', 'linux', 'medium']" >>"$GITHUB_OUTPUT"
+	echo "compute-large=['self-hosted', 'linux', 'large']" >>"$GITHUB_OUTPUT"
+	# m5d.8xlarge is equivalent to our xl custom runner in CE
+	echo "compute-xl=['self-hosted', 'ondemand', 'linux', 'type=m6a.2xlarge']" >>"$GITHUB_OUTPUT"
+	;;
+*)
+	# shellcheck disable=SC2129
+	echo "compute-small=['custom-linux-s-consul-latest']" >>"$GITHUB_OUTPUT"
+	echo "compute-medium=['custom-linux-m-consul-latest']" >>"$GITHUB_OUTPUT"
+	echo "compute-large=['custom-linux-l-consul-latest']" >>"$GITHUB_OUTPUT"
+	echo "compute-xl=['custom-linux-xl-consul-latest']" >>"$GITHUB_OUTPUT"
+	;;
 esac
diff --git a/.github/scripts/get_runner_classes_windows.sh b/.github/scripts/get_runner_classes_windows.sh
deleted file mode 100755
index d9f46488798f..000000000000
--- a/.github/scripts/get_runner_classes_windows.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/env bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-#
-# This script generates tag-sets that can be used as runs-on: values to select runners.
-
-set -euo pipefail
-
-case "$GITHUB_REPOSITORY" in
-    *-enterprise)
-        # shellcheck disable=SC2129
-        echo "compute-small=['self-hosted', 'windows', 'small']" >> "$GITHUB_OUTPUT"
-        echo "compute-medium=['self-hosted', 'windows', 'medium']" >> "$GITHUB_OUTPUT"
-        echo "compute-large=['self-hosted', 'windows', 'large']" >> "$GITHUB_OUTPUT"
-        # m5d.8xlarge is equivalent to our xl custom runner in CE
-        echo "compute-xl=['self-hosted', 'ondemand', 'windows', 'type=m5d.8xlarge']" >> "$GITHUB_OUTPUT"
-        ;;
-    *)
-        # shellcheck disable=SC2129
-        echo "compute-small=['windows-2019']" >> "$GITHUB_OUTPUT"
-        echo "compute-medium=['windows-2019']" >> "$GITHUB_OUTPUT"
-        echo "compute-large=['windows-2019']" >> "$GITHUB_OUTPUT"
-        echo "compute-xl=['windows-2019']" >> "$GITHUB_OUTPUT"
-        ;;
-esac
diff --git a/.github/scripts/metrics_checker.sh b/.github/scripts/metrics_checker.sh
index 37659de4df8b..a34cdf12fbec 100755
--- a/.github/scripts/metrics_checker.sh
+++ b/.github/scripts/metrics_checker.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 set -uo pipefail
 
diff --git a/.github/scripts/notify_slack.sh b/.github/scripts/notify_slack.sh
index 8df3f3f64876..eacefaa91a43 100755
--- a/.github/scripts/notify_slack.sh
+++ b/.github/scripts/notify_slack.sh
@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
+
 
 set -uo pipefail
 
@@ -12,8 +13,8 @@ if [[ $GITHUB_REF_NAME == "main" ]]; then
 	COMMIT_MESSAGE=$(git log -1 --pretty=%B | head -n1)
 	SHORT_REF=$(git rev-parse --short "${GITHUB_SHA}")
 	curl -X POST -H 'Content-type: application/json' \
-		--data \
-		"{ \
+	--data \
+	"{ \
 	\"attachments\": [ \
 		{ \
 		\"fallback\": \"GitHub Actions workflow failed!\", \
diff --git a/.github/scripts/rerun_fails_report.sh b/.github/scripts/rerun_fails_report.sh
index 90bae7a03a59..ac6b7cf2ff9d 100755
--- a/.github/scripts/rerun_fails_report.sh
+++ b/.github/scripts/rerun_fails_report.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 #
 # Add a comment on the github PR if there were any rerun tests.
diff --git a/.github/scripts/set_test_package_matrix.sh b/.github/scripts/set_test_package_matrix.sh
index da8b6d563c37..5608a8397402 100755
--- a/.github/scripts/set_test_package_matrix.sh
+++ b/.github/scripts/set_test_package_matrix.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 set -euo pipefail
 export RUNNER_COUNT=$1
diff --git a/.github/scripts/verify_artifact.sh b/.github/scripts/verify_artifact.sh
index 3aa9e0848dfb..48bfede1cb33 100755
--- a/.github/scripts/verify_artifact.sh
+++ b/.github/scripts/verify_artifact.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/.github/scripts/verify_bin.sh b/.github/scripts/verify_bin.sh
index dc5ac9f9f0e3..ff572d87fae9 100755
--- a/.github/scripts/verify_bin.sh
+++ b/.github/scripts/verify_bin.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/.github/scripts/verify_deb.sh b/.github/scripts/verify_deb.sh
index c6b6926c5d1a..84a9a10c8563 100755
--- a/.github/scripts/verify_deb.sh
+++ b/.github/scripts/verify_deb.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/.github/scripts/verify_docker.sh b/.github/scripts/verify_docker.sh
index ea9180920f8a..fbbeb7dff464 100755
--- a/.github/scripts/verify_docker.sh
+++ b/.github/scripts/verify_docker.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/.github/scripts/verify_envoy_version.sh b/.github/scripts/verify_envoy_version.sh
index f9067eaa37f7..773431f50bc8 100755
--- a/.github/scripts/verify_envoy_version.sh
+++ b/.github/scripts/verify_envoy_version.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 set -euo pipefail
 
diff --git a/.github/scripts/verify_rpm.sh b/.github/scripts/verify_rpm.sh
index 96cd658eef3d..17709a1d90e1 100755
--- a/.github/scripts/verify_rpm.sh
+++ b/.github/scripts/verify_rpm.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/.github/workflows/bot-auto-approve.yaml b/.github/workflows/bot-auto-approve.yaml
index 911fc27f4696..2b652388999c 100644
--- a/.github/workflows/bot-auto-approve.yaml
+++ b/.github/workflows/bot-auto-approve.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.actor == 'hc-github-team-consul-core'
     steps:
-      - uses: hmarr/auto-approve-action@44888193675f29a83e04faf4002fa8c0b537b1e4 # v3.2.1
+      - uses: hmarr/auto-approve-action@v3
         with:
           review-message: "Auto approved Consul Bot automated PR"
           github-token: ${{ secrets.MERGE_APPROVE_TOKEN }}
diff --git a/.github/workflows/broken-link-check.yml b/.github/workflows/broken-link-check.yml
index 2a8d77c5880f..b7c89ff3e75d 100644
--- a/.github/workflows/broken-link-check.yml
+++ b/.github/workflows/broken-link-check.yml
@@ -12,11 +12,11 @@ jobs:
   linkChecker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v3
 
       - name: Run lychee link checker
         id: lychee
-        uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0
+        uses: lycheeverse/lychee-action@v1.6.1
         with:
           args: ./website/content/docs/ --base https://developer.hashicorp.com/ --exclude-all-private --exclude '\.(svg|gif|jpg|png)' --exclude 'manage\.auth0\.com' --accept 403 --max-concurrency=24 --no-progress --verbose
           # Fail GitHub action when broken links are found?
@@ -26,7 +26,7 @@ jobs:
 
       - name: Create GitHub Issue From lychee output file
         if: env.lychee_exit_code != 0
-        uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f # v4.0.1
+        uses: peter-evans/create-issue-from-file@v4
         with:
           title: Link Checker Report
           content-filepath: ./lychee/out.md
diff --git a/.github/workflows/build-artifacts.yml b/.github/workflows/build-artifacts.yml
index 2977a73b6eb0..f57ea3527d48 100644
--- a/.github/workflows/build-artifacts.yml
+++ b/.github/workflows/build-artifacts.yml
@@ -13,7 +13,7 @@ permissions:
   contents: read
 
 env:
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
+  GOPRIVATE: github.com/hashicorp
 
 jobs:
   setup:
@@ -25,7 +25,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -56,14 +56,14 @@ jobs:
             kv/data/github/${{ github.repository }}/dockerhub username | DOCKERHUB_USERNAME;
             kv/data/github/${{ github.repository }}/dockerhub token | DOCKERHUB_TOKEN;
 
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
 
     # NOTE: ENT specific step as we need to set elevated GitHub permissions.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
 
-    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
       with:
         go-version-file: 'go.mod'
     
@@ -78,17 +78,17 @@ jobs:
         echo "GITHUB_BUILD_URL=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
+      uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # pin@v2.4.1
 
     # NOTE: conditional specific logic as we store secrets in Vault in ENT and use GHA secrets in CE.
     - name: Login to Docker Hub
-      uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+      uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # pin@v2.1.0
       with:
         username: ${{ endsWith(github.repository, '-enterprise') && steps.secrets.outputs.DOCKERHUB_USERNAME || secrets.DOCKERHUB_USERNAME }}
         password: ${{ endsWith(github.repository, '-enterprise') && steps.secrets.outputs.DOCKERHUB_TOKEN || secrets.DOCKERHUB_TOKEN }}
 
     - name: Docker build and push
-      uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
+      uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # pin@v4.0.0
       with:
         context: ./bin
         file: ./build-support/docker/Consul-Dev.dockerfile
diff --git a/.github/workflows/build-distros.yml b/.github/workflows/build-distros.yml
index 4d8799a5643d..10c520893341 100644
--- a/.github/workflows/build-distros.yml
+++ b/.github/workflows/build-distros.yml
@@ -17,10 +17,6 @@ env:
   GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
   GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
-  cancel-in-progress: true
-
 jobs:
   setup:
     name: Setup
@@ -31,7 +27,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -54,7 +50,7 @@ jobs:
       XC_OS: "freebsd linux windows"
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
@@ -78,7 +74,7 @@ jobs:
       XC_OS: "darwin freebsd linux solaris windows"
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
@@ -103,7 +99,7 @@ jobs:
       CGO_ENABLED: 1
       GOOS: linux
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
@@ -129,7 +125,7 @@ jobs:
     - check-go-mod
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8af561716a21..2d357acfb9e1 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -27,7 +27,7 @@ jobs:
       pre-version: ${{ steps.set-product-version.outputs.prerelease-product-version }}
       shared-ldflags: ${{ steps.shared-ldflags.outputs.shared-ldflags }}
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - name: set product version
         id: set-product-version
         uses: hashicorp/actions-set-product-version@v1
@@ -66,7 +66,7 @@ jobs:
       filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
     steps:
       - name: 'Checkout directory'
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - name: Generate metadata file
         id: generate-metadata-file
         uses: hashicorp/actions-generate-metadata@v1
@@ -98,10 +98,10 @@ jobs:
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Setup with node and yarn
-        uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: '14'
           cache: 'yarn'
@@ -187,10 +187,10 @@ jobs:
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Setup with node and yarn
-        uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: '14'
           cache: 'yarn'
@@ -238,10 +238,10 @@ jobs:
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Setup with node and yarn
-        uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: '14'
           cache: 'yarn'
@@ -293,7 +293,7 @@ jobs:
       version: ${{needs.set-product-version.outputs.product-version}}
 
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
       # This naming convention will be used ONLY for per-commit dev images
@@ -327,7 +327,7 @@ jobs:
       version: ${{needs.set-product-version.outputs.product-version}}
 
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - uses: hashicorp/actions-docker-build@v1
         with:
           version: ${{env.version}}
@@ -347,7 +347,7 @@ jobs:
       version: ${{needs.set-product-version.outputs.product-version}}
 
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
       # This naming convention will be used ONLY for per-commit dev images
@@ -388,7 +388,7 @@ jobs:
 
     name: Verify ${{ matrix.arch }} linux binary
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
 
       - name: Download ${{ matrix.arch  }} zip
@@ -398,7 +398,7 @@ jobs:
           name: ${{ env.zip_name }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
+        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
         if: ${{ matrix.arch == 'arm' || matrix.arch == 'arm64' }}
         with:
           # this should be a comma-separated string as opposed to an array
@@ -421,7 +421,7 @@ jobs:
 
     name: Verify amd64 darwin binary
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Download amd64 darwin zip
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
@@ -452,7 +452,7 @@ jobs:
 
     name: Verify ${{ matrix.arch }} debian package
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Set package version
         run: |
@@ -468,7 +468,7 @@ jobs:
           name: ${{ env.pkg_name }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
+        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
         with:
           platforms: all
 
@@ -493,7 +493,7 @@ jobs:
 
     name: Verify ${{ matrix.arch }} rpm
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Set package version
         run: |
@@ -509,7 +509,7 @@ jobs:
           name: ${{ env.pkg_name }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
+        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
         with:
           platforms: all
 
diff --git a/.github/workflows/ce-merge-trigger.yml b/.github/workflows/ce-merge-trigger.yml
index 30a6b5fd90df..4de4751660d1 100644
--- a/.github/workflows/ce-merge-trigger.yml
+++ b/.github/workflows/ce-merge-trigger.yml
@@ -8,7 +8,7 @@ on:
       - closed
     branches:
       - main
-      - release/**
+      - 'release/*.*.x'
 
 jobs:
   trigger-ce-merge:
diff --git a/.github/workflows/changelog-checker.yml b/.github/workflows/changelog-checker.yml
index 62b906eda3e6..d00717e2f049 100644
--- a/.github/workflows/changelog-checker.yml
+++ b/.github/workflows/changelog-checker.yml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0 # by default the checkout action doesn't checkout all branches
diff --git a/.github/workflows/embedded-asset-checker.yml b/.github/workflows/embedded-asset-checker.yml
index 38879945e209..4bb07771bd68 100644
--- a/.github/workflows/embedded-asset-checker.yml
+++ b/.github/workflows/embedded-asset-checker.yml
@@ -20,7 +20,7 @@ jobs:
     if: "! ( contains(github.event.pull_request.labels.*.name, 'pr/update-ui-assets') || github.event.pull_request.user.login == 'hc-github-team-consul-core' )"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0 # by default the checkout action doesn't checkout all branches
diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml
index 63d02962fb01..defd0b22e380 100644
--- a/.github/workflows/frontend.yml
+++ b/.github/workflows/frontend.yml
@@ -23,7 +23,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -35,9 +35,9 @@ jobs:
       run:
         working-directory: ui
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
 
-    - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # pin@v3.6.0
       with:
         node-version: '16'
 
@@ -55,9 +55,9 @@ jobs:
     needs: setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
 
-    - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # pin@v3.6.0
       with:
         node-version: '16'
 
@@ -74,7 +74,7 @@ jobs:
 
   ember-build-test:
     needs: setup
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     strategy:
       matrix:
         partition: [1, 2, 3, 4]
@@ -84,9 +84,9 @@ jobs:
       CONSUL_NSPACES_ENABLED: ${{ endsWith(github.repository, '-enterprise') && 1 || 0 }} # NOTE: this should be 1 in ENT.
       JOBS: 2 # limit parallelism for broccoli-babel-transpiler
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
 
-    - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+    - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # pin@v3.6.0
       with:
         node-version: '16'
 
@@ -94,7 +94,7 @@ jobs:
       run: npm install -g yarn
 
     - name: Install Chrome
-      uses: browser-actions/setup-chrome@c485fa3bab6be59dce18dbc18ef6ab7cbc8ff5f1 # v1.2.0
+      uses: browser-actions/setup-chrome@29abc1a83d1d71557708563b4bc962d0f983a376 # pin@v1.2.1
 
     - name: Install dependencies
       working-directory: ui
diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index db69f2dbbd98..3fb2d66661fc 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -53,7 +53,7 @@ jobs:
       compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
       compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     - id: setup-outputs
       name: Setup outputs
       run: ./.github/scripts/get_runner_classes.sh
@@ -73,7 +73,7 @@ jobs:
     - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-medium) }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
@@ -96,36 +96,35 @@ jobs:
     - name: Notify Slack
       if: ${{ failure() }}
       run: .github/scripts/notify_slack.sh
-  # Temporarily changing until the situation with license headers in the generated code can be worked out
-  # check-generated-deep-copy:
-  #   needs:
-  #   - setup
-  #   runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
-  #   steps:
-  #   - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-  #   # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
-  #   - name: Setup Git
-  #     if: ${{ endsWith(github.repository, '-enterprise') }}
-  #     run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-  #   - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-  #     with:
-  #       go-version-file: 'go.mod'
-  #   - run: make --always-make deep-copy
-  #   - run: |
-  #       if ! git diff --exit-code; then
-  #         echo "Generated code was not updated correctly"
-  #         exit 1
-  #       fi
-  #   - name: Notify Slack
-  #     if: ${{ failure() }}
-  #     run: .github/scripts/notify_slack.sh
+  check-generated-deep-copy:
+    needs:
+    - setup
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
+    steps:
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+    # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
+    - name: Setup Git
+      if: ${{ endsWith(github.repository, '-enterprise') }}
+      run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+      with:
+        go-version-file: 'go.mod'
+    - run: make --always-make deep-copy
+    - run: |
+        if ! git diff --exit-code; then
+          echo "Generated code was not updated correctly"
+          exit 1
+        fi
+    - name: Notify Slack
+      if: ${{ failure() }}
+      run: .github/scripts/notify_slack.sh
 
   lint-enums:
     needs:
     - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
@@ -143,7 +142,7 @@ jobs:
     - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
@@ -160,7 +159,7 @@ jobs:
     - setup
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(github.repository, '-enterprise') }}
@@ -178,7 +177,7 @@ jobs:
     - setup
     uses: ./.github/workflows/reusable-lint.yml
     with:
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
@@ -189,7 +188,7 @@ jobs:
     uses: ./.github/workflows/reusable-lint.yml
     with:
       go-arch: "386"
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
@@ -200,7 +199,7 @@ jobs:
     - setup
     uses: ./.github/workflows/reusable-dev-build.yml
     with:
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
@@ -212,7 +211,7 @@ jobs:
   #   uses: ./.github/workflows/reusable-dev-build.yml
   #   with:
   #     uploaded-binary-name: 'consul-bin-s390x'
-  #     runs-on: ${{ needs.setup.outputs.compute-xl }}
+  #     runs-on: ${{ needs.setup.outputs.compute-large }}
   #     go-arch: "s390x"
   #     repository-name: ${{ github.repository }}
   #   secrets:
@@ -226,7 +225,7 @@ jobs:
   #   uses: ./.github/workflows/reusable-dev-build.yml
   #   with:
   #     uploaded-binary-name: 'consul-bin-arm64'
-  #     runs-on: ${{ needs.setup.outputs.compute-xl }}
+  #     runs-on: ${{ needs.setup.outputs.compute-large }}
   #     go-arch: "arm64"
   #     repository-name: ${{ github.repository }}
   #   secrets:
@@ -259,7 +258,7 @@ jobs:
     with:
       directory: .
       runner-count: 12
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       go-tags: ""
     permissions:
@@ -279,7 +278,7 @@ jobs:
     with:
       directory: .
       runner-count: 12
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
@@ -299,7 +298,7 @@ jobs:
       directory: .
       go-test-flags: 'GO_TEST_FLAGS="-race -gcflags=all=-d=checkptr=0"'
       package-names-command: "go list ./... | grep -E -v '^github.com/hashicorp/consul/agent(/consul|/local|/routine-leak-checker)?$' | grep -E -v '^github.com/hashicorp/consul(/command|/connect|/snapshot)'"
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
@@ -319,7 +318,7 @@ jobs:
       directory: .
       go-arch: "386"
       go-test-flags: 'export GO_TEST_FLAGS="-short"'
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
@@ -340,7 +339,7 @@ jobs:
   #     uploaded-binary-name: 'consul-bin-s390x'
   #     directory: .
   #     go-test-flags: 'export GO_TEST_FLAGS="-short"'
-  #     runs-on: ${{ needs.setup.outputs.compute-xl }}
+  #     runs-on: ${{ needs.setup.outputs.compute-large }}
   #     repository-name: ${{ github.repository }}
   #     go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
   #   permissions:
@@ -358,7 +357,7 @@ jobs:
     uses: ./.github/workflows/reusable-unit.yml
     with:
       directory: envoyextensions
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
@@ -376,7 +375,7 @@ jobs:
     uses: ./.github/workflows/reusable-unit.yml
     with:
       directory: troubleshoot
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
     permissions:
@@ -394,7 +393,7 @@ jobs:
     uses: ./.github/workflows/reusable-unit.yml
     with:
       directory: api
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
       go-version: "1.19"
@@ -413,7 +412,7 @@ jobs:
     uses: ./.github/workflows/reusable-unit.yml
     with:
       directory: api
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
       go-version: "1.20"
@@ -432,7 +431,7 @@ jobs:
     uses: ./.github/workflows/reusable-unit.yml
     with:
       directory: sdk
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
       go-version: "1.19"
@@ -451,7 +450,7 @@ jobs:
     uses: ./.github/workflows/reusable-unit.yml
     with:
       directory: sdk
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
       go-version: "1.20"
@@ -486,8 +485,7 @@ jobs:
     needs:
     - conditional-skip
     - setup
-    # Reenable later
-    #- check-generated-deep-copy
+    - check-generated-deep-copy
     - check-generated-protobuf
     - check-go-mod
     - lint-consul-retry
diff --git a/.github/workflows/issue-comment-created.yml b/.github/workflows/issue-comment-created.yml
index 42483d92b164..01e7e13f8bc4 100644
--- a/.github/workflows/issue-comment-created.yml
+++ b/.github/workflows/issue-comment-created.yml
@@ -11,8 +11,8 @@ jobs:
   triage:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
+      - uses: actions/checkout@v2 
+      - uses: actions-ecosystem/action-remove-labels@v1
         with:
           labels: |
             waiting-reply
diff --git a/.github/workflows/jira-issues.yaml b/.github/workflows/jira-issues.yaml
index c136dfd69a78..d595e5f5af8c 100644
--- a/.github/workflows/jira-issues.yaml
+++ b/.github/workflows/jira-issues.yaml
@@ -16,7 +16,7 @@ jobs:
     name: Jira Community Issue sync
     steps:    
       - name: Login
-        uses: atlassian/gajira-login@ca13f8850ea309cf44a6e4e0c49d9aa48ac3ca4c # v3
+        uses: atlassian/gajira-login@v3.0.0
         env:
           JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
           JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
@@ -40,7 +40,7 @@ jobs:
 
       - name: Create ticket if an issue is filed, or if PR not by a team member is opened
         if: github.event.action == 'opened'
-        uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1
+        uses: tomhjp/gh-action-jira-create@v0.2.1
         with:
           project: NET
           issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}"
@@ -60,7 +60,7 @@ jobs:
       # Education Jira
       - name: Create ticket in Education board an issue is filed, or if PR not by a team member is opened
         if: github.event.action == 'opened' && contains(github.event.issue.labels.*.name, 'type/docs')
-        uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1
+        uses: tomhjp/gh-action-jira-create@v0.2.1
         with:
           project: CE
           issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}"
@@ -77,28 +77,28 @@ jobs:
       - name: Search
         if: github.event.action != 'opened'
         id: search
-        uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2
+        uses: tomhjp/gh-action-jira-search@v0.2.2
         with:
           # cf[10089] is Issue Link (use JIRA API to retrieve)
           jql: 'issuetype = "${{ steps.set-ticket-type.outputs.TYPE }}" and cf[10089] = "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"'
 
       - name: Sync comment
         if: github.event.action == 'created' && steps.search.outputs.issue
-        uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0
+        uses: tomhjp/gh-action-jira-comment@v0.2.0
         with:
           issue: ${{ steps.search.outputs.issue }}
           comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}"
 
       - name: Close ticket
         if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
+        uses: atlassian/gajira-transition@v3.0.1
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "Closed"
 
       - name: Reopen ticket
         if: github.event.action == 'reopened' && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
+        uses: atlassian/gajira-transition@v3.0.1
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "To Do"
diff --git a/.github/workflows/jira-pr.yaml b/.github/workflows/jira-pr.yaml
index f63f7af53162..9bce26588ebd 100644
--- a/.github/workflows/jira-pr.yaml
+++ b/.github/workflows/jira-pr.yaml
@@ -14,7 +14,7 @@ jobs:
     name: Jira sync
     steps:    
       - name: Login
-        uses: atlassian/gajira-login@ca13f8850ea309cf44a6e4e0c49d9aa48ac3ca4c # v3
+        uses: atlassian/gajira-login@v3.0.0
         env:
           JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
           JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
@@ -59,7 +59,7 @@ jobs:
 
       - name: Create ticket if an issue is filed, or if PR not by a team member is opened
         if: ( github.event.action == 'opened' && steps.is-team-member.outputs.MESSAGE == 'false' )
-        uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1
+        uses: tomhjp/gh-action-jira-create@v0.2.1
         with:
           project: NET
           issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}"
@@ -79,7 +79,7 @@ jobs:
       # Education Jira
       - name: Create ticket in Education board an issue is filed, or if PR not by a team member is opened
         if: github.event.action == 'opened' && steps.is-team-member.outputs.MESSAGE == 'false' && contains(github.event.issue.labels.*.name, 'type/docs')
-        uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1
+        uses: tomhjp/gh-action-jira-create@v0.2.1
         with:
           project: CE
           issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}"
@@ -91,28 +91,28 @@ jobs:
       - name: Search
         if: github.event.action != 'opened'
         id: search
-        uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2
+        uses: tomhjp/gh-action-jira-search@v0.2.2
         with:
           # cf[10089] is Issue Link (use JIRA API to retrieve)
           jql: 'issuetype = "${{ steps.set-ticket-type.outputs.TYPE }}" and cf[10089] = "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"'
 
       - name: Sync comment
         if: github.event.action == 'created' && steps.search.outputs.issue
-        uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0
+        uses: tomhjp/gh-action-jira-comment@v0.2.0
         with:
           issue: ${{ steps.search.outputs.issue }}
           comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}"
 
       - name: Close ticket
         if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
+        uses: atlassian/gajira-transition@v3.0.1
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "Closed"
 
       - name: Reopen ticket
         if: github.event.action == 'reopened' && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
+        uses: atlassian/gajira-transition@v3.0.1
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "To Do"
diff --git a/.github/workflows/nightly-test-1.16.x.yaml b/.github/workflows/nightly-test-1.12.x.yaml
similarity index 75%
rename from .github/workflows/nightly-test-1.16.x.yaml
rename to .github/workflows/nightly-test-1.12.x.yaml
index b441eca5d0f5..c09cc4864b89 100644
--- a/.github/workflows/nightly-test-1.16.x.yaml
+++ b/.github/workflows/nightly-test-1.12.x.yaml
@@ -1,28 +1,27 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Nightly Frontend Test 1.16.x
+name: Nightly Test 1.12.x
 on:
   schedule:
     - cron: '0 4 * * *'
   workflow_dispatch: {}
 
 env:
-  EMBER_PARTITION_TOTAL: 4        # Has to be changed in tandem with the matrix.partition
-  BRANCH: "release/1.16.x"
-  BRANCH_NAME: "release-1.16.x"   # Used for naming artifacts
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
+  EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
+  BRANCH: "release/1.12.x"
+  BRANCH_NAME: "release-1.12.x" # Used for naming artifacts
 
 jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -49,12 +48,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -71,7 +70,7 @@ jobs:
         run: make build-ci
 
       - name: Upload CE Frontend
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v3
         with:
           name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -88,12 +87,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -105,7 +104,7 @@ jobs:
         run: make deps
 
       - name: Download CE Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -121,12 +120,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -143,7 +142,7 @@ jobs:
         run: make build-ci
 
       - name: Upload ENT Frontend
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -160,12 +159,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -177,7 +176,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -191,12 +190,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -208,7 +207,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -224,7 +223,7 @@ jobs:
     steps:
       - name: Slack Notification
         id: slack
-        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
+        uses: slackapi/slack-github-action@v1.19
         with:
           payload: |
             {
diff --git a/.github/workflows/nightly-test-1.13.x.yaml b/.github/workflows/nightly-test-1.13.x.yaml
index f314a475dfbd..6139eb4bc1e1 100644
--- a/.github/workflows/nightly-test-1.13.x.yaml
+++ b/.github/workflows/nightly-test-1.13.x.yaml
@@ -1,28 +1,27 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Nightly Frontend Test 1.13.x
+name: Nightly Test 1.13.x
 on:
   schedule:
     - cron: '0 4 * * *'
   workflow_dispatch: {}
 
 env:
-  EMBER_PARTITION_TOTAL: 4        # Has to be changed in tandem with the matrix.partition
+  EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
   BRANCH: "release/1.13.x"
-  BRANCH_NAME: "release-1.13.x"   # Used for naming artifacts
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
+  BRANCH_NAME: "release-1.13.x" # Used for naming artifacts
 
 jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -49,12 +48,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -71,7 +70,7 @@ jobs:
         run: make build-ci
 
       - name: Upload CE Frontend
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v3
         with:
           name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -88,12 +87,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -105,7 +104,7 @@ jobs:
         run: make deps
 
       - name: Download CE Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -121,12 +120,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -143,7 +142,7 @@ jobs:
         run: make build-ci
 
       - name: Upload ENT Frontend
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -160,12 +159,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -177,7 +176,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -191,12 +190,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -208,7 +207,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -224,7 +223,7 @@ jobs:
     steps:
       - name: Slack Notification
         id: slack
-        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
+        uses: slackapi/slack-github-action@v1.19
         with:
           payload: |
             {
diff --git a/.github/workflows/nightly-test-1.14.x.yaml b/.github/workflows/nightly-test-1.14.x.yaml
index 11fb011d1357..9b310f59065d 100644
--- a/.github/workflows/nightly-test-1.14.x.yaml
+++ b/.github/workflows/nightly-test-1.14.x.yaml
@@ -1,28 +1,27 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Nightly Frontend Test 1.14.x
+name: Nightly Test 1.14.x
 on:
   schedule:
     - cron: '0 4 * * *'
   workflow_dispatch: {}
 
 env:
-  EMBER_PARTITION_TOTAL: 4        # Has to be changed in tandem with the matrix.partition
+  EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
   BRANCH: "release/1.14.x"
-  BRANCH_NAME: "release-1.14.x"   # Used for naming artifacts
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
+  BRANCH_NAME: "release-1.14.x" # Used for naming artifacts
 
 jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -49,12 +48,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -71,7 +70,7 @@ jobs:
         run: make build-ci
 
       - name: Upload CE Frontend
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v3
         with:
           name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -88,12 +87,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -105,7 +104,7 @@ jobs:
         run: make deps
 
       - name: Download CE Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -121,12 +120,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -143,7 +142,7 @@ jobs:
         run: make build-ci
 
       - name: Upload ENT Frontend
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -160,12 +159,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -177,7 +176,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -191,12 +190,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -208,7 +207,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -224,7 +223,7 @@ jobs:
     steps:
       - name: Slack Notification
         id: slack
-        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
+        uses: slackapi/slack-github-action@v1.19
         with:
           payload: |
             {
diff --git a/.github/workflows/nightly-test-1.15.x.yaml b/.github/workflows/nightly-test-1.15.x.yaml
index a98eb73070b3..9048abb4a04e 100644
--- a/.github/workflows/nightly-test-1.15.x.yaml
+++ b/.github/workflows/nightly-test-1.15.x.yaml
@@ -1,28 +1,27 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Nightly Frontend Test 1.15.x
+name: Nightly Test 1.15.x
 on:
   schedule:
     - cron: '0 4 * * *'
   workflow_dispatch: {}
 
 env:
-  EMBER_PARTITION_TOTAL: 4        # Has to be changed in tandem with the matrix.partition
+  EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
   BRANCH: "release/1.15.x"
-  BRANCH_NAME: "release-1.15.x"   # Used for naming artifacts
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
+  BRANCH_NAME: "release-1.15.x" # Used for naming artifacts
 
 jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -49,12 +48,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -71,7 +70,7 @@ jobs:
         run: make build-ci
 
       - name: Upload CE Frontend
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v3
         with:
           name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -88,12 +87,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -105,7 +104,7 @@ jobs:
         run: make deps
 
       - name: Download CE Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -121,12 +120,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -143,7 +142,7 @@ jobs:
         run: make build-ci
 
       - name: Upload ENT Frontend
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -160,12 +159,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -177,7 +176,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -191,12 +190,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -208,7 +207,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -224,7 +223,7 @@ jobs:
     steps:
       - name: Slack Notification
         id: slack
-        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
+        uses: slackapi/slack-github-action@v1.19
         with:
           payload: |
             {
diff --git a/.github/workflows/nightly-test-integrations-1.15.x.yml b/.github/workflows/nightly-test-integrations-1.15.x.yml
deleted file mode 100644
index 587d5a62f23c..000000000000
--- a/.github/workflows/nightly-test-integrations-1.15.x.yml
+++ /dev/null
@@ -1,320 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-name: Nightly test-integrations 1.15.x
-
-on:
-  schedule:
-    # Run nightly at 1AM UTC/9PM EST/6PM PST
-    - cron: '* 1 * * *'
-  workflow_dispatch: {}
-
-env:
-  TEST_RESULTS_DIR: /tmp/test-results
-  TEST_RESULTS_ARTIFACT_NAME: test-results
-  CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
-  GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
-  GOTESTSUM_VERSION: "1.10.1"
-  CONSUL_BINARY_UPLOAD_NAME: consul-bin
-  # strip the hashicorp/ off the front of github.repository for consul
-  CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }}
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
-  BRANCH: "release/1.15.x"
-  BRANCH_NAME: "release-1.15.x"   # Used for naming artifacts
-
-jobs:
-  setup:
-    runs-on: ubuntu-latest
-    name: Setup
-    outputs:
-      compute-small: ${{ steps.runners.outputs.compute-small }}
-      compute-medium: ${{ steps.runners.outputs.compute-medium }}
-      compute-large: ${{ steps.runners.outputs.compute-large }}
-      compute-xl: ${{ steps.runners.outputs.compute-xl }}
-      enterprise: ${{ steps.runners.outputs.enterprise }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          ref: ${{ env.BRANCH }}
-      - id: runners
-        run: .github/scripts/get_runner_classes.sh
-
-  dev-build:
-    needs: [setup]
-    uses: ./.github/workflows/reusable-dev-build.yml
-    with:
-      runs-on: ${{ needs.setup.outputs.compute-large }}
-      repository-name: ${{ github.repository }}
-      uploaded-binary-name: 'consul-bin'
-      branch-name: "release/1.15.x"
-    secrets:
-      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
-
-  generate-envoy-job-matrices:
-    needs: [setup]
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
-    name: Generate Envoy Job Matrices
-    outputs:
-      envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          ref: ${{ env.BRANCH }}
-      - name: Generate Envoy Job Matrix
-        id: set-matrix
-        env:
-          # this is further going to multiplied in envoy-integration tests by the 
-          # other dimensions in the matrix.  Currently TOTAL_RUNNERS would be
-          # multiplied by 8 based on these values:
-          # envoy-version: ["1.22.11", "1.23.12", "1.24.10", "1.25.9"]
-          # xds-target: ["server", "client"]
-          TOTAL_RUNNERS: 4 
-          JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]'
-        run: |
-          NUM_RUNNERS=$TOTAL_RUNNERS
-          NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l)
-
-          if [ "$NUM_DIRS" -lt "$NUM_RUNNERS" ]; then
-            echo "TOTAL_RUNNERS is larger than the number of tests/packages to split."
-            NUM_RUNNERS=$((NUM_DIRS-1))
-          fi
-          # fix issue where test splitting calculation generates 1 more split than TOTAL_RUNNERS.
-          NUM_RUNNERS=$((NUM_RUNNERS-1))
-          {
-            echo -n "envoy-matrix="
-            find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \
-              | xargs -0 -n 1 basename \
-              | jq --raw-input --argjson runnercount "$NUM_RUNNERS" "$JQ_SLICER" \
-              | jq --compact-output 'map(join("|"))'
-          } >> "$GITHUB_OUTPUT"
-  
-  envoy-integration-test:
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
-    needs:
-      - setup
-      - generate-envoy-job-matrices
-      - dev-build
-    permissions:
-      id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        envoy-version: ["1.22.11", "1.23.12", "1.24.10", "1.25.9"]
-        xds-target: ["server", "client"]
-        test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
-    env:
-      ENVOY_VERSION: ${{ matrix.envoy-version }}
-      XDS_TARGET: ${{ matrix.xds-target }}
-      AWS_LAMBDA_REGION: us-west-2
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          ref: ${{ env.BRANCH }}
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-        with:
-          go-version-file: 'go.mod'
-
-      - name: fetch binary
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
-        with:
-          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
-          path: ./bin
-      - name: restore mode+x
-        run: chmod +x ./bin/consul
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
-      - name: Docker build
-        run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
-      - name: Envoy Integration Tests
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running $(sed 's,|, ,g' <<< "${{ matrix.test-cases }}" |wc -w) subtests"
-          # shellcheck disable=SC2001
-          sed 's,|,\n,g' <<< "${{ matrix.test-cases }}"
-          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
-              --debug \
-              --rerun-fails \
-              --rerun-fails-report=/tmp/gotestsum-rerun-fails \
-              --jsonfile /tmp/jsonfile/go-test.log \
-              --packages=./test/integration/connect/envoy \
-              -- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
-
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Authenticate to Vault
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: vault-auth
-        run: vault-auth
-
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Fetch Secrets
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: secrets
-        uses: hashicorp/vault-action@v2.5.0
-        with:
-          url: ${{ steps.vault-auth.outputs.addr }}
-          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
-          token: ${{ steps.vault-auth.outputs.token }}
-          secrets: |
-              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
-
-      - name: prepare datadog-ci
-        if: ${{ !endsWith(github.repository, '-enterprise') }}
-        run: |
-          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
-          chmod +x /usr/local/bin/datadog-ci
-
-      - name: upload coverage
-        # do not run on forks
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        env:
-          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
-          DD_ENV: ci
-        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
-  
-  upgrade-integration-test:
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
-    needs:
-      - setup
-      - dev-build
-    permissions:
-      id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        consul-version: ["1.14", "1.15"]
-    env:
-      CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
-      ENVOY_VERSION: "1.24.6"
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          ref: ${{ env.BRANCH }}
-      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
-      - name: Setup Git
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-        with:
-          go-version-file: 'go.mod'
-      - run: go env
-
-      # Get go binary from workspace
-      - name: fetch binary
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
-        with:
-          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
-          path: .
-      - name: restore mode+x
-        run: chmod +x consul
-      - name: Build consul:local image
-        run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
-      - name: Configure GH workaround for ipv6 loopback
-        if: ${{ !endsWith(github.repository, '-enterprise') }}
-        run: |
-          cat /etc/hosts && echo "-----------"
-          sudo sed -i 's/::1 *localhost ip6-localhost ip6-loopback/::1 ip6-localhost ip6-loopback/g' /etc/hosts
-          cat /etc/hosts
-      - name: Upgrade Integration Tests
-        run: |
-          mkdir -p "${{ env.TEST_RESULTS_DIR }}"
-          cd ./test/integration/consul-container/test/upgrade
-          docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version
-          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
-            --raw-command \
-            --format=short-verbose \
-            --debug \
-            --rerun-fails=2 \
-            --packages="./..." \
-            -- \
-            go test \
-            -p=4 \
-            -tags "${{ env.GOTAGS }}" \
-            -timeout=30m \
-            -json \
-            ./... \
-            --follow-log=false \
-            --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
-            --target-version local \
-            --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
-            --latest-version "${{ env.CONSUL_LATEST_VERSION }}"
-          ls -lrt
-        env:
-          # this is needed because of incompatibility between RYUK container and GHA
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          # tput complains if this isn't set to something.
-          TERM: ansi
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Authenticate to Vault
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: vault-auth
-        run: vault-auth
-
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Fetch Secrets
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: secrets
-        uses: hashicorp/vault-action@v2.5.0
-        with:
-          url: ${{ steps.vault-auth.outputs.addr }}
-          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
-          token: ${{ steps.vault-auth.outputs.token }}
-          secrets: |
-              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
-
-      - name: prepare datadog-ci
-        if: ${{ !endsWith(github.repository, '-enterprise') }}
-        run: |
-          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
-          chmod +x /usr/local/bin/datadog-ci
-
-      - name: upload coverage
-        # do not run on forks
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        env:
-          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
-          DD_ENV: ci
-        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
-
-  test-integrations-success:
-    needs: 
-    - setup
-    - dev-build
-    - generate-envoy-job-matrices
-    - envoy-integration-test
-    - upgrade-integration-test
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
-    if: ${{ always() }}
-    steps:
-      - name: evaluate upstream job results
-        run: |
-          # exit 1 if failure or cancelled result for any upstream job
-          if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then
-            printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
-            exit 1
-          fi
-      - name: Notify Slack
-        if: ${{ failure() }}
-        id: slack
-        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
-        with:
-          payload: |
-            {
-              "message": "One or more nightly integration tests have failed on branch ${{ env.BRANCH }} for Consul. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-            }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.CONSUL_NIGHTLY_INTEG_TEST_SLACK_WEBHOOK }}
diff --git a/.github/workflows/nightly-test-integrations-1.16.x.yml b/.github/workflows/nightly-test-integrations-1.16.x.yml
deleted file mode 100644
index d4e955ec4985..000000000000
--- a/.github/workflows/nightly-test-integrations-1.16.x.yml
+++ /dev/null
@@ -1,342 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-name: Nightly test-integrations 1.16.x
-
-on:
-  schedule:
-    # Run nightly at 1AM UTC/9PM EST/6PM PST
-    - cron: '* 1 * * *'
-  workflow_dispatch: {}
-
-env:
-  TEST_RESULTS_DIR: /tmp/test-results
-  TEST_RESULTS_ARTIFACT_NAME: test-results
-  CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
-  GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
-  GOTESTSUM_VERSION: "1.10.1"
-  CONSUL_BINARY_UPLOAD_NAME: consul-bin
-  # strip the hashicorp/ off the front of github.repository for consul
-  CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }}
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
-  BRANCH: "release/1.16.x"
-  BRANCH_NAME: "release-1.16.x"   # Used for naming artifacts
-
-jobs:
-  setup:
-    runs-on: ubuntu-latest
-    name: Setup
-    outputs:
-      compute-small: ${{ steps.runners.outputs.compute-small }}
-      compute-medium: ${{ steps.runners.outputs.compute-medium }}
-      compute-large: ${{ steps.runners.outputs.compute-large }}
-      compute-xl: ${{ steps.runners.outputs.compute-xl }}
-      enterprise: ${{ steps.runners.outputs.enterprise }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          ref: ${{ env.BRANCH }}
-      - id: runners
-        run: .github/scripts/get_runner_classes.sh
-
-  dev-build:
-    needs: [setup]
-    uses: ./.github/workflows/reusable-dev-build.yml
-    with:
-      runs-on: ${{ needs.setup.outputs.compute-large }}
-      repository-name: ${{ github.repository }}
-      uploaded-binary-name: 'consul-bin'
-      branch-name: "release/1.16.x"
-    secrets:
-      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
-
-  generate-envoy-job-matrices:
-    needs: [setup]
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
-    name: Generate Envoy Job Matrices
-    outputs:
-      envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          ref: ${{ env.BRANCH }}
-      - name: Generate Envoy Job Matrix
-        id: set-matrix
-        env:
-          # this is further going to multiplied in envoy-integration tests by the 
-          # other dimensions in the matrix.  Currently TOTAL_RUNNERS would be
-          # multiplied by 8 based on these values:
-          # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"]
-          # xds-target: ["server", "client"]
-          TOTAL_RUNNERS: 4 
-          JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]'
-        run: |
-          NUM_RUNNERS=$TOTAL_RUNNERS
-          NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l)
-
-          if [ "$NUM_DIRS" -lt "$NUM_RUNNERS" ]; then
-            echo "TOTAL_RUNNERS is larger than the number of tests/packages to split."
-            NUM_RUNNERS=$((NUM_DIRS-1))
-          fi
-          # fix issue where test splitting calculation generates 1 more split than TOTAL_RUNNERS.
-          NUM_RUNNERS=$((NUM_RUNNERS-1))
-          {
-            echo -n "envoy-matrix="
-            find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \
-              | xargs -0 -n 1 basename \
-              | jq --raw-input --argjson runnercount "$NUM_RUNNERS" "$JQ_SLICER" \
-              | jq --compact-output 'map(join("|"))'
-          } >> "$GITHUB_OUTPUT"
-  
-  envoy-integration-test:
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
-    needs:
-      - setup
-      - generate-envoy-job-matrices
-      - dev-build
-    permissions:
-      id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        envoy-version: ["1.23.12", "1.24.10", "1.25.9", "1.26.4"]
-        xds-target: ["server", "client"]
-        test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
-    env:
-      ENVOY_VERSION: ${{ matrix.envoy-version }}
-      XDS_TARGET: ${{ matrix.xds-target }}
-      AWS_LAMBDA_REGION: us-west-2
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          ref: ${{ env.BRANCH }}
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-        with:
-          go-version-file: 'go.mod'
-
-      - name: fetch binary
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
-        with:
-          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
-          path: ./bin
-      - name: restore mode+x
-        run: chmod +x ./bin/consul
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
-
-      - name: Docker build
-        run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
-
-      - name: Envoy Integration Tests
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running $(sed 's,|, ,g' <<< "${{ matrix.test-cases }}" |wc -w) subtests"
-          # shellcheck disable=SC2001
-          sed 's,|,\n,g' <<< "${{ matrix.test-cases }}"
-          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
-              --debug \
-              --rerun-fails \
-              --rerun-fails-report=/tmp/gotestsum-rerun-fails \
-              --jsonfile /tmp/jsonfile/go-test.log \
-              --packages=./test/integration/connect/envoy \
-              -- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
-
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Authenticate to Vault
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: vault-auth
-        run: vault-auth
-
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Fetch Secrets
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: secrets
-        uses: hashicorp/vault-action@v2.5.0
-        with:
-          url: ${{ steps.vault-auth.outputs.addr }}
-          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
-          token: ${{ steps.vault-auth.outputs.token }}
-          secrets: |
-              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
-
-      - name: prepare datadog-ci
-        if: ${{ !endsWith(github.repository, '-enterprise') }}
-        run: |
-          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
-          chmod +x /usr/local/bin/datadog-ci
-
-      - name: upload coverage
-        # do not run on forks
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        env:
-          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
-          DD_ENV: ci
-        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
-  
-  upgrade-integration-test:
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
-    needs:
-      - setup
-      - dev-build
-    permissions:
-      id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        consul-version: ["1.14", "1.15", "1.16"]
-    env:
-      CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
-      ENVOY_VERSION: "1.24.6"
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          ref: ${{ env.BRANCH }}
-      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
-      - name: Setup Git
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-        with:
-          go-version-file: 'go.mod'
-      - run: go env
-
-      # Get go binary from workspace
-      - name: fetch binary
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
-        with:
-          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
-          path: .
-      - name: restore mode+x
-        run: chmod +x consul
-      - name: Build consul:local image
-        run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
-      - name: Build consul-envoy:latest-version image
-        id: buildConsulEnvoyLatestImage
-        run: |
-          if ${{ endsWith(github.repository, '-enterprise') }} == 'true'
-          then
-            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}-ent --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-          else
-            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}     --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-          fi
-      - name: Build consul-envoy:target-version image
-        id: buildConsulEnvoyTargetImage
-        continue-on-error: true
-        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-      - name: Retry Build consul-envoy:target-version image
-        if: steps.buildConsulEnvoyTargetImage.outcome == 'failure'
-        run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-      - name: Build sds image
-        run: docker build -t consul-sds-server ./test/integration/connect/envoy/test-sds-server/
-      - name: Configure GH workaround for ipv6 loopback
-        if: ${{ !endsWith(github.repository, '-enterprise') }}
-        run: |
-          cat /etc/hosts && echo "-----------"
-          sudo sed -i 's/::1 *localhost ip6-localhost ip6-loopback/::1 ip6-localhost ip6-loopback/g' /etc/hosts
-          cat /etc/hosts
-      - name: Upgrade Integration Tests
-        run: |
-          mkdir -p "${{ env.TEST_RESULTS_DIR }}"
-          cd ./test/integration/consul-container/test/upgrade
-          docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version
-          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
-            --raw-command \
-            --format=short-verbose \
-            --debug \
-            --rerun-fails=2 \
-            --packages="./..." \
-            -- \
-            go test \
-            -p=4 \
-            -tags "${{ env.GOTAGS }}" \
-            -timeout=30m \
-            -json \
-            ./... \
-            --follow-log=false \
-            --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
-            --target-version local \
-            --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
-            --latest-version "${{ env.CONSUL_LATEST_VERSION }}"
-          ls -lrt
-        env:
-          # this is needed because of incompatibility between RYUK container and GHA
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          # tput complains if this isn't set to something.
-          TERM: ansi
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Authenticate to Vault
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: vault-auth
-        run: vault-auth
-
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Fetch Secrets
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: secrets
-        uses: hashicorp/vault-action@v2.5.0
-        with:
-          url: ${{ steps.vault-auth.outputs.addr }}
-          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
-          token: ${{ steps.vault-auth.outputs.token }}
-          secrets: |
-              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
-
-      - name: prepare datadog-ci
-        if: ${{ !endsWith(github.repository, '-enterprise') }}
-        run: |
-          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
-          chmod +x /usr/local/bin/datadog-ci
-
-      - name: upload coverage
-        # do not run on forks
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        env:
-          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
-          DD_ENV: ci
-        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
-
-
-  test-integrations-success:
-    needs: 
-    - setup
-    - dev-build
-    - generate-envoy-job-matrices
-    - envoy-integration-test
-    - upgrade-integration-test
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
-    if: ${{ always() }}
-    steps:
-      - name: evaluate upstream job results
-        run: |
-          # exit 1 if failure or cancelled result for any upstream job
-          if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then
-            printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
-            exit 1
-          fi
-      - name: Notify Slack
-        if: ${{ failure() }}
-        id: slack
-        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
-        with:
-          payload: |
-            {
-              "message": "One or more nightly integration tests have failed on branch ${{ env.BRANCH }} for Consul. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-            }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.CONSUL_NIGHTLY_INTEG_TEST_SLACK_WEBHOOK }}
diff --git a/.github/workflows/nightly-test-integrations.yml b/.github/workflows/nightly-test-integrations.yml
index cfe3041511cc..d4432f27ba86 100644
--- a/.github/workflows/nightly-test-integrations.yml
+++ b/.github/workflows/nightly-test-integrations.yml
@@ -42,7 +42,7 @@ jobs:
     needs: [setup]
     uses: ./.github/workflows/reusable-dev-build.yml
     with:
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       uploaded-binary-name: 'consul-bin'
     secrets:
@@ -88,7 +88,7 @@ jobs:
           } >> "$GITHUB_OUTPUT"
   
   envoy-integration-test:
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     needs:
       - setup
       - generate-envoy-job-matrices
@@ -99,7 +99,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"]
+        envoy-version: ["1.23.12", "1.24.10", "1.25.9", "1.26.4"]
         xds-target: ["server", "client"]
         test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
     env:
@@ -183,7 +183,7 @@ jobs:
         run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
   
   upgrade-integration-test:
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     needs:
       - setup
       - dev-build
@@ -193,7 +193,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        consul-version: [ "1.15", "1.16"]
+        consul-version: ["1.14", "1.15", "1.16"]
     env:
       CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
       ENVOY_VERSION: "1.24.6"
@@ -223,13 +223,11 @@ jobs:
         run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
       - name: Build consul-envoy:latest-version image
         id: buildConsulEnvoyLatestImage
-        run: |
-          if ${{ endsWith(github.repository, '-enterprise') }} == 'true'
-          then
-            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}-ent --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-          else
-            docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}     --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-          fi
+        continue-on-error: true
+        run: docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }} --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+      - name: Retry Build consul-envoy:latest-version image
+        if: steps.buildConsulEnvoyLatestImage.outcome == 'failure'
+        run: docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }} --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
       - name: Build consul-envoy:target-version image
         id: buildConsulEnvoyTargetImage
         continue-on-error: true
@@ -326,14 +324,3 @@ jobs:
             printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
             exit 1
           fi
-      - name: Notify Slack
-        if: ${{ failure() }}
-        id: slack
-        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
-        with:
-          payload: |
-            {
-              "message": "One or more nightly integration tests have failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-            }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.CONSUL_NIGHTLY_INTEG_TEST_SLACK_WEBHOOK }}
diff --git a/.github/workflows/nightly-test-main.yaml b/.github/workflows/nightly-test-main.yaml
index 2846f5b71c39..16160175b681 100644
--- a/.github/workflows/nightly-test-main.yaml
+++ b/.github/workflows/nightly-test-main.yaml
@@ -1,28 +1,27 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-name: Nightly Frontend Test Main
+name: Nightly Test Main
 on:
   schedule:
     - cron: '0 4 * * *'
   workflow_dispatch: {}
 
 env:
-  EMBER_PARTITION_TOTAL: 4        # Has to be changed in tandem with the matrix.partition
+  EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
   BRANCH: "main"
-  BRANCH_NAME: "main"             # Used for naming artifacts
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
+  BRANCH_NAME: "main"           # Used for naming artifacts
 
 jobs:
   frontend-test-workspace-node:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -49,12 +48,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 0
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -71,7 +70,7 @@ jobs:
         run: make build-ci
 
       - name: Upload CE Frontend
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v3
         with:
           name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -88,12 +87,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -105,7 +104,7 @@ jobs:
         run: make deps
 
       - name: Download CE Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ce-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -121,12 +120,12 @@ jobs:
       JOBS: 2
       CONSUL_NSPACES_ENABLED: 1
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -143,7 +142,7 @@ jobs:
         run: make build-ci
 
       - name: Upload ENT Frontend
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -160,12 +159,12 @@ jobs:
       EMBER_TEST_REPORT: test-results/report-ce.xml #outputs test report for CI test summary
       EMBER_TEST_PARALLEL: true #enables test parallelization with ember-exam
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -177,7 +176,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -191,12 +190,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [frontend-build-ent]
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ env.BRANCH }}
 
       # Not necessary to use yarn, but enables caching
-      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
           cache: 'yarn'
@@ -208,7 +207,7 @@ jobs:
         run: make deps
 
       - name: Download ENT Frontend
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@v3
         with:
           name: frontend-ent-${{ env.BRANCH_NAME }}
           path: ./ui/packages/consul-ui/dist
@@ -224,7 +223,7 @@ jobs:
     steps:
       - name: Slack Notification
         id: slack
-        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
+        uses: slackapi/slack-github-action@v1.19
         with:
           payload: |
             {
diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index 0d6b71c9f061..a29cadcb685b 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -10,7 +10,7 @@ jobs:
   triage:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@0967ca812e7fdc8f5f71402a1b486d5bd061fe20 # v4.2.0
+    - uses: actions/labeler@main
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
         configuration-path: .github/pr-labeler.yml
diff --git a/.github/workflows/pr-metrics-test-checker.yml b/.github/workflows/pr-metrics-test-checker.yml
index d0bdac04f7e3..a73f4fbb3ff5 100644
--- a/.github/workflows/pr-metrics-test-checker.yml
+++ b/.github/workflows/pr-metrics-test-checker.yml
@@ -14,7 +14,7 @@ jobs:
     if: "! ( contains(github.event.pull_request.labels.*.name, 'pr/no-metrics-test') || github.event.pull_request.user.login == 'hc-github-team-consul-core' )" 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         name: "checkout repo"
         with:
           ref: ${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/reusable-check-go-mod.yml b/.github/workflows/reusable-check-go-mod.yml
index 7fffb616879e..2078b0c3217d 100644
--- a/.github/workflows/reusable-check-go-mod.yml
+++ b/.github/workflows/reusable-check-go-mod.yml
@@ -18,12 +18,12 @@ jobs:
     runs-on: ${{ fromJSON(inputs.runs-on) }}
 
     steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
     # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
     - name: Setup Git
       if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
       run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
-    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
       with:
         go-version-file: 'go.mod'
     - run: go mod tidy
diff --git a/.github/workflows/reusable-dev-build-windows.yml b/.github/workflows/reusable-dev-build-windows.yml
deleted file mode 100644
index 01247c477878..000000000000
--- a/.github/workflows/reusable-dev-build-windows.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-name: reusable-dev-build-windows
-
-on:
-  workflow_call:
-    inputs:
-      uploaded-binary-name:
-        required: false
-        type: string
-        default: "consul.exe"
-      runs-on:
-        description: An expression indicating which kind of runners to use.
-        required: true
-        type: string
-      repository-name:
-        required: true
-        type: string
-      go-arch:
-        required: false
-        type: string
-        default: ""
-    secrets:
-      elevated-github-token:
-        required: true
-jobs:
-  build:
-    runs-on: 'windows-2019'
-    steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
-      - name: Setup Git
-        if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
-        run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-        with:
-          go-version-file: 'go.mod'
-      - name: Build
-        env:
-          GOARCH: ${{ inputs.goarch }}
-        run: go build .
-      # save dev build to pass to downstream jobs
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
-        with:
-          name: ${{inputs.uploaded-binary-name}}
-          path: consul.exe
-      - name: Notify Slack
-        if: ${{ failure() }}
-        run: .github/scripts/notify_slack.sh
diff --git a/.github/workflows/reusable-dev-build.yml b/.github/workflows/reusable-dev-build.yml
index 99bcb96592c3..2db9670655e4 100644
--- a/.github/workflows/reusable-dev-build.yml
+++ b/.github/workflows/reusable-dev-build.yml
@@ -14,10 +14,6 @@ on:
       repository-name:
         required: true
         type: string
-      branch-name:
-          required: false
-          type: string
-          default: ""
       go-arch:
         required: false
         type: string
@@ -29,15 +25,7 @@ jobs:
   build:
     runs-on: ${{ fromJSON(inputs.runs-on) }}
     steps:
-      # NOTE: This is used for nightly job of building release branch.
-      - name: Checkout branch ${{ inputs.branch-name }}
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          ref: ${{ inputs.branch-name }}
-        if: inputs.branch-name != ''
-      - name: Checkout code
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        if: inputs.branch-name == ''
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
diff --git a/.github/workflows/reusable-lint.yml b/.github/workflows/reusable-lint.yml
index 903855d99c85..f7032f986663 100644
--- a/.github/workflows/reusable-lint.yml
+++ b/.github/workflows/reusable-lint.yml
@@ -20,7 +20,6 @@ on:
 env:
   GOTAGS: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
   GOARCH: ${{inputs.go-arch}}
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
 
 jobs:
   lint:
@@ -34,21 +33,20 @@ jobs:
         - "envoyextensions"
         - "troubleshoot"
         - "test/integration/consul-container"
-        - "testing/deployer"
       fail-fast: true
     name: lint ${{ matrix.directory }}
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
         run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
         with:
           go-version-file: 'go.mod'
       - run: go env
       - name: lint-${{ matrix.directory }}
-        uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0
+        uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # pin@v3.4.0
         with:
           working-directory: ${{ matrix.directory }}
           version: v1.51.1
diff --git a/.github/workflows/reusable-unit-split.yml b/.github/workflows/reusable-unit-split.yml
index 0ec639c28ff2..6c13670e742e 100644
--- a/.github/workflows/reusable-unit-split.yml
+++ b/.github/workflows/reusable-unit-split.yml
@@ -51,7 +51,6 @@ env:
   TOTAL_RUNNERS: ${{inputs.runner-count}}
   CONSUL_LICENSE: ${{secrets.consul-license}}
   GOTAGS: ${{ inputs.go-tags}}
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
   DATADOG_API_KEY: ${{secrets.datadog-api-key}}
   
 jobs:
@@ -60,8 +59,8 @@ jobs:
     outputs:
       package-matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
         with:
           go-version-file: 'go.mod'
       - id: set-matrix
@@ -83,12 +82,12 @@ jobs:
           ulimit -Sa
           echo "Hard limits"
           ulimit -Ha   
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
         run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
         with:
           go-version-file: 'go.mod'
           cache: true
@@ -97,7 +96,7 @@ jobs:
         working-directory: ${{inputs.directory}}
         run: go mod download
       - name: Download consul
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2
         with:
           name: ${{inputs.uploaded-binary-name}}
           path: ${{inputs.directory}} 
@@ -164,11 +163,11 @@ jobs:
           DD_ENV: ci
         run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" ${{env.TEST_RESULTS}}/gotestsum-report.xml
 
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2
         with:
           name: test-results
           path: ${{env.TEST_RESULTS}}
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2
         with:
           name: jsonfile
           path: /tmp/jsonfile
diff --git a/.github/workflows/reusable-unit.yml b/.github/workflows/reusable-unit.yml
index 42943954475d..c49a6291fa2e 100644
--- a/.github/workflows/reusable-unit.yml
+++ b/.github/workflows/reusable-unit.yml
@@ -50,14 +50,13 @@ env:
   GOARCH: ${{inputs.go-arch}}
   CONSUL_LICENSE: ${{secrets.consul-license}}
   GOTAGS: ${{ inputs.go-tags}}
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
   DATADOG_API_KEY: ${{secrets.datadog-api-key}}
   
 jobs:
   go-test:
     runs-on: ${{ fromJSON(inputs.runs-on) }}
     steps:      
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
@@ -77,7 +76,7 @@ jobs:
         working-directory: ${{inputs.directory}}
         run: go mod download
       - name: Download consul
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2
         with:
           name: ${{inputs.uploaded-binary-name}}
           path: ${{inputs.directory}}
@@ -142,11 +141,11 @@ jobs:
           DD_ENV: ci
         run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" ${{env.TEST_RESULTS}}/gotestsum-report.xml
 
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2
         with:
           name: test-results
           path: ${{env.TEST_RESULTS}}
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2
         with:
           name: jsonfile
           path: /tmp/jsonfile
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index ff07a961a4e4..f3da6d422b6b 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -12,7 +12,7 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-      - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
+      - uses: actions/stale@v4
         with:
           days-before-stale: -1
           days-before-close: -1
diff --git a/.github/workflows/test-integrations-windows.yml b/.github/workflows/test-integrations-windows.yml
deleted file mode 100644
index c3e977e97d58..000000000000
--- a/.github/workflows/test-integrations-windows.yml
+++ /dev/null
@@ -1,1209 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-name: test-integrations-windows
-
-on:
-  schedule:
-    # * is a special character in YAML so you have to quote this string
-    # Run nightly at 12AM UTC/8PM EST/5PM PST.
-    - cron: '0 0 * * *'
-
-env:
-  TEST_RESULTS_DIR: /tmp/test-results
-  TEST_RESULTS_ARTIFACT_NAME: test-results
-  CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }}
-  GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
-  GOTESTSUM_VERSION: "1.9.0"
-  CONSUL_BINARY_UPLOAD_NAME: consul.exe
-  # strip the hashicorp/ off the front of github.repository for consul
-  CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'consul' }}
-  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
-
-jobs:
-  setup:
-    runs-on: ubuntu-latest
-    name: Setup
-    outputs:
-      compute-small: ${{ steps.runners.outputs.compute-small }}
-      compute-medium: ${{ steps.runners.outputs.compute-medium }}
-      compute-large: ${{ steps.runners.outputs.compute-large }}
-      compute-xl: ${{ steps.runners.outputs.compute-xl }}
-      enterprise: ${{ steps.runners.outputs.enterprise }}
-    steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - id: runners
-        run: .github/scripts/get_runner_classes_windows.sh
-
-  dev-build:
-    uses: ./.github/workflows/reusable-dev-build-windows.yml
-    with:
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
-      repository-name: ${{ github.repository }}
-      uploaded-binary-name: 'consul.exe'
-    secrets:
-      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
-
-  # NOTE: Jobs needs to be added here manually. Jobs when run together on windows fails intermittently.
-  # So they are run independently of each other.
-  envoy-integration-test:
-    needs:
-      - setup
-      - dev-build
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
-    permissions:
-      id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        envoy-version: [ "1.24.10", "1.25.9", "1.26.4", "1.27.0" ]
-        xds-target: [ "server", "client" ]
-    env:
-      ENVOY_VERSION: ${{ matrix.envoy-version }}
-      XDS_TARGET: ${{ matrix.xds-target }}
-      AWS_LAMBDA_REGION: us-west-2
-    steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-        with:
-          go-version-file: 'go.mod'
-
-      - name: Fetch binary
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
-        with:
-          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
-          path: ${{ github.workspace }}
-
-      - name: Restore mode+x
-        run: icacls ${{ github.workspace }}\consul.exe /grant:rx Everyone:RX
-
-      - name: Setup TcpDump Docker Image
-        shell: bash
-        run: |
-          cd test/integration/connect/envoy
-          curl -sSL "https://asheshvidyut-bucket.s3.ap-southeast-2.amazonaws.com/tcpdump.exe" -o tcpdump.exe
-          docker build -t envoy-tcpdump -f Dockerfile-tcpdump-windows .
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
-
-      - name: Docker build consul
-        run: docker build -t windows/consul -f Dockerfile-windows .
-
-      - name: Docker build consul local
-        shell: bash
-        run: cd build-support/windows && ./build-consul-local-images.sh
-
-      - name: Docker build consul dev
-        shell: bash
-        run: cd build-support/windows && ./build-consul-dev-image.sh
-
-      # https://hashicorp.atlassian.net/browse/NET-4973
-      # ^ Ticket to figure out why grouping test case is failing on Windows Machine
-
-      - name: Envoy Integration Tests for windows case-api-gateway-http-hostnames
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-api-gateway-http-hostnames"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-http-hostnames" -win=true
-
-      - name: Envoy Integration Tests for windows case-api-gateway-http-simple
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-api-gateway-http-simple"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-http-simple" -win=true
-
-      - name: Envoy Integration Tests for windows case-api-gateway-http-splitter-targets
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-api-gateway-http-splitter-targets"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-http-splitter-targets" -win=true
-
-      - name: Envoy Integration Tests for windows case-api-gateway-http-tls-overlapping-hosts
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-api-gateway-http-tls-overlapping-hosts"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-http-tls-overlapping-hosts" -win=true
-
-      - name: Envoy Integration Tests for windows case-api-gateway-tcp-conflicted
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-api-gateway-tcp-conflicted"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-tcp-conflicted" -win=true
-
-      - name: Envoy Integration Tests for windows case-api-gateway-tcp-simple
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-api-gateway-tcp-simple"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-tcp-simple" -win=true
-
-      - name: Envoy Integration Tests for windows case-api-gateway-tcp-tls-overlapping-hosts
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-api-gateway-tcp-tls-overlapping-hosts"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-api-gateway-tcp-tls-overlapping-hosts" -win=true
-
-      - name: Envoy Integration Tests for windows case-badauthz
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-badauthz"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-badauthz" -win=true
-
-      - name: Envoy Integration Tests for windows case-basic
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-basic"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-basic" -win=true
-
-      - name: Envoy Integration Tests for windows case-centralconf
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-centralconf"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-centralconf" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-resolver-cluster-peering-failover
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-resolver-cluster-peering-failover"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-cluster-peering-failover" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-resolver-dc-failover-gateways-none
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-resolver-dc-failover-gateways-none"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-dc-failover-gateways-none" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-resolver-dc-failover-gateways-remote
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-resolver-dc-failover-gateways-remote"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-dc-failover-gateways-remote" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-resolver-defaultsubset
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-resolver-defaultsubset"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-defaultsubset" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-resolver-features
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-resolver-features"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-features" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-resolver-subset-onlypassing
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-resolver-subset-onlypassing"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-subset-onlypassing" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-resolver-subset-redirect
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-resolver-subset-redirect"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-subset-redirect" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-resolver-svc-failover
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-resolver-svc-failover"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-svc-failover" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-resolver-svc-redirect-http
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-resolver-svc-redirect-http"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-svc-redirect-http" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-resolver-svc-redirect-tcp
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-resolver-svc-redirect-tcp"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-resolver-svc-redirect-tcp" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-router-features
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-router-features"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-router-features" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-splitter-cluster-peering
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-splitter-cluster-peering"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-splitter-cluster-peering" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-splitter-features
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-splitter-features"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-splitter-features" -win=true
-
-      - name: Envoy Integration Tests for windows case-cfg-splitter-peering-ingress-gateways
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cfg-splitter-peering-ingress-gateways"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cfg-splitter-peering-ingress-gateways" -win=true
-
-      # This test runs fine on windows machine but fails on CI
-      # Task to be picked later on - https://hashicorp.atlassian.net/browse/NET-4972
-      # - name: Envoy Integration Tests for windows case-consul-exec
-      #     if: always()
-      #     shell: bash
-      #     env:
-      #       GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-      #       GOTESTSUM_FORMAT: standard-verbose
-      #       COMPOSE_INTERACTIVE_NO_CLI: 1
-      #       LAMBDA_TESTS_ENABLED: "true"
-      #       # tput complains if this isn't set to something.
-      #       TERM: ansi
-      #      run: |
-      #        #shellcheck disable=SC2001
-      #        echo "Running Integration Test case-consul-exec"
-      #        # shellcheck disable=SC2001
-      #        go test -v -timeout=30m -tags integration \
-      #            ./test/integration/connect/envoy -run="TestEnvoy/case-consul-exec" -win=true
-
-      - name: Envoy Integration Tests for windows case-cross-peer-control-plane-mgw
-        if: always()
-        shell: bash
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cross-peer-control-plane-mgw"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cross-peer-control-plane-mgw" -win=true
-
-      - name: Envoy Integration Tests for windows case-cross-peers
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cross-peers"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cross-peers" -win=true
-
-      - name: Envoy Integration Tests for windows case-cross-peers-http
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cross-peers-http"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cross-peers-http" -win=true
-
-      - name: Envoy Integration Tests for windows case-cross-peers-http-router
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cross-peers-http-router"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cross-peers-http-router" -win=true
-
-      - name: Envoy Integration Tests for windows case-cross-peers-resolver-redirect-tcp
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-cross-peers-resolver-redirect-tcp"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-cross-peers-resolver-redirect-tcp" -win=true
-
-      - name: Envoy Integration Tests for windows case-dogstatsd-udp
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-dogstatsd-udp"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-dogstatsd-udp" -win=true
-
-      - name: Envoy Integration Tests for windows case-envoyext-ratelimit
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-envoyext-ratelimit"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-envoyext-ratelimit" -win=true
-
-      - name: Envoy Integration Tests for windows case-expose-checks
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-expose-checks"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-expose-checks" -win=true
-
-      - name: Envoy Integration Tests for windows case-gateway-without-services
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-gateway-without-services"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-gateway-without-services" -win=true
-
-      - name: Envoy Integration Tests for windows case-gateways-local
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-gateways-local"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-gateways-local" -win=true
-
-      - name: Envoy Integration Tests for windows case-gateways-remote
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-gateways-remote"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-gateways-remote" -win=true
-
-      - name: Envoy Integration Tests for windows case-grpc
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-grpc"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-grpc" -win=true
-
-      - name: Envoy Integration Tests for windows case-http
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-http"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-http" -win=true
-
-      - name: Envoy Integration Tests for windows case-http-badauthz
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-http-badauthz"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-http-badauthz" -win=true
-
-      - name: Envoy Integration Tests for windows case-ingress-gateway-grpc
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-ingress-gateway-grpc"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-grpc" -win=true
-
-      - name: Envoy Integration Tests for windows case-ingress-gateway-http
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-ingress-gateway-http"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-http" -win=true
-
-      - name: Envoy Integration Tests for windows case-ingress-gateway-multiple-services
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-ingress-gateway-multiple-services"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-multiple-services" -win=true
-
-      - name: Envoy Integration Tests for windows case-ingress-gateway-peering-failover
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-ingress-gateway-peering-failover"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-peering-failover" -win=true
-
-      - name: Envoy Integration Tests for windows case-ingress-gateway-simple
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-ingress-gateway-simple"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-simple" -win=true
-
-      - name: Envoy Integration Tests for windows case-ingress-mesh-gateways-resolver
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-ingress-mesh-gateways-resolver"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-mesh-gateways-resolver" -win=true
-
-      - name: Envoy Integration Tests for windows case-l7-intentions
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-l7-intentions"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-l7-intentions" -win=true
-
-      - name: Envoy Integration Tests for windows case-multidc-rsa-ca
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-multidc-rsa-ca"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-multidc-rsa-ca" -win=true
-
-      - name: Envoy Integration Tests for windows case-prometheus
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-prometheus"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-prometheus" -win=true
-
-      - name: Envoy Integration Tests for windows case-property-override
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-property-override"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-property-override" -win=true
-
-      - name: Envoy Integration Tests for windows case-stats-proxy
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-stats-proxy"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-stats-proxy" -win=true
-
-      - name: Envoy Integration Tests for windows case-statsd-udp
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-statsd-udp"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-statsd-udp" -win=true
-
-      - name: Envoy Integration Tests for windows case-terminating-gateway-hostnames
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-terminating-gateway-hostnames"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-terminating-gateway-hostnames" -win=true
-
-      - name: Envoy Integration Tests for windows case-terminating-gateway-simple
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-terminating-gateway-simple"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-terminating-gateway-simple" -win=true
-
-      - name: Envoy Integration Tests for windows case-terminating-gateway-without-services
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-terminating-gateway-without-services"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-terminating-gateway-without-services" -win=true
-
-      - name: Envoy Integration Tests for windows case-upstream-config
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-upstream-config"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-upstream-config" -win=true
-
-      - name: Envoy Integration Tests for windows case-wanfed-gw
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-wanfed-gw"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-wanfed-gw" -win=true
-
-      - name: Envoy Integration Tests for windows case-ingress-gateway-sds
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-ingress-gateway-sds"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-sds" -win=true
-
-      - name: Envoy Integration Tests for windows case-lua
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-lua"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-lua" -win=true
-
-      - name: Envoy Integration Tests for windows case-terminating-gateway-subsets
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-terminating-gateway-subsets"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-terminating-gateway-subsets" -win=true
-
-      #      Skipping this because - https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/wasm_filter
-      #      - name: Envoy Integration Tests for windows case-wasm
-      #        shell: bash
-      #        env:
-      #          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-      #          GOTESTSUM_FORMAT: standard-verbose
-      #          COMPOSE_INTERACTIVE_NO_CLI: 1
-      #          LAMBDA_TESTS_ENABLED: "true"
-      #          # tput complains if this isn't set to something.
-      #          TERM: ansi
-      #        run: |
-      #          # shellcheck disable=SC2001
-      #          echo "Running Integration Test case-wasm"
-      #          # shellcheck disable=SC2001
-      #          go test -v -timeout=30m -tags integration \
-      #            ./test/integration/connect/envoy -run="TestEnvoy/case-wasm" -win=true
-
-      #     Skipping because of - cacert is not available in curl windows
-      #     https://www.phillipsj.net/posts/windows-curl-and-self-signed-certs/
-      #      - name: Envoy Integration Tests for windows case-ingress-gateway-tls
-      #        shell: bash
-      #        if: always()
-      #        env:
-      #          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-      #          GOTESTSUM_FORMAT: standard-verbose
-      #          COMPOSE_INTERACTIVE_NO_CLI: 1
-      #          LAMBDA_TESTS_ENABLED: "true"
-      #          # tput complains if this isn't set to something.
-      #          TERM: ansi
-      #        run: |
-      #          # shellcheck disable=SC2001
-      #          echo "Running Integration Test case-ingress-gateway-tls"
-      #          # shellcheck disable=SC2001
-      #          go test -v -timeout=30m -tags integration \
-      #            ./test/integration/connect/envoy -run="TestEnvoy/case-ingress-gateway-tls" -win=true
-
-      - name: Envoy Integration Tests for windows case-mesh-to-lambda
-        shell: bash
-        if: always()
-        env:
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          LAMBDA_TESTS_ENABLED: "true"
-          # tput complains if this isn't set to something.
-          TERM: ansi
-        run: |
-          # shellcheck disable=SC2001
-          echo "Running Integration Test case-mesh-to-lambda"
-          # shellcheck disable=SC2001
-          go test -v -timeout=30m -tags integration \
-            ./test/integration/connect/envoy -run="TestEnvoy/case-mesh-to-lambda" -win=true
-
-
-        # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Authenticate to Vault
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: vault-auth
-        run: vault-auth
-
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Fetch Secrets
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: secrets
-        uses: hashicorp/vault-action@v2.5.0
-        with:
-          url: ${{ steps.vault-auth.outputs.addr }}
-          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
-          token: ${{ steps.vault-auth.outputs.token }}
-          secrets: |
-            kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
-
-      - name: Prepare datadog-ci
-        shell: bash
-        if: ${{ !endsWith(github.repository, '-enterprise') }}
-        run: |
-          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/download/v2.17.2/datadog-ci_win-x64.exe" --output "C:/datadog-ci"
-          icacls C:/datadog-ci /grant:rx Everyone:RX
-
-      - name: Upload coverage
-        # do not run on forks
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        env:
-          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
-          DD_ENV: ci
-        run: C:/datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
-
-  test-integrations-success:
-    needs:
-      - envoy-integration-test
-    runs-on: 'ubuntu-latest'
-    if: ${{ always() }}
-    steps:
-      - name: evaluate upstream job results
-        run: |
-          # exit 1 if failure or cancelled result for any upstream job
-          if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then
-            printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
-            exit 1
-          fi
\ No newline at end of file
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 6e7bf3e7f03b..57ee1d7b6620 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -55,7 +55,7 @@ jobs:
       compute-xl: ${{ steps.runners.outputs.compute-xl }}
       enterprise: ${{ steps.runners.outputs.enterprise }}
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       - id: runners
         run: .github/scripts/get_runner_classes.sh
 
@@ -63,7 +63,7 @@ jobs:
     needs: [setup]
     uses: ./.github/workflows/reusable-dev-build.yml
     with:
-      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      runs-on: ${{ needs.setup.outputs.compute-large }}
       repository-name: ${{ github.repository }}
       uploaded-binary-name: 'consul-bin'
     secrets:
@@ -82,13 +82,13 @@ jobs:
         nomad-version: ['v1.3.3', 'v1.2.10', 'v1.1.16']
     steps:
       - name: Checkout Nomad
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
         with:
           repository: hashicorp/nomad
           ref: ${{ matrix.nomad-version }}
 
       - name: Install Go
-        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
           go-version-file: 'go.mod'
 
@@ -158,18 +158,18 @@ jobs:
       contents: read
     strategy:
       matrix:
-        vault-version: ["1.14.1", "1.13.5", "1.12.9", "1.11.12"]
+        vault-version: ["1.13.1", "1.12.5", "1.11.9", "1.10.11"]
     env:
       VAULT_BINARY_VERSION: ${{ matrix.vault-version }}
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
 
       # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
       - name: Setup Git
         if: ${{ endsWith(github.repository, '-enterprise') }}
         run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
 
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
           go-version-file: 'go.mod'
 
@@ -252,14 +252,14 @@ jobs:
     outputs:
       envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }}
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       - name: Generate Envoy Job Matrix
         id: set-matrix
         env:
           # this is further going to multiplied in envoy-integration tests by the 
           # other dimensions in the matrix.  Currently TOTAL_RUNNERS would be
           # multiplied by 8 based on these values:
-          # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"]
+          # envoy-version: ["1.23.12", "1.24.10", "1.25.9", "1.26.4"]
           # xds-target: ["server", "client"]
           TOTAL_RUNNERS: 4 
           JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]'
@@ -282,7 +282,7 @@ jobs:
           } >> "$GITHUB_OUTPUT"
   
   envoy-integration-test:
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     needs:
       - setup
       - generate-envoy-job-matrices
@@ -293,7 +293,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        envoy-version: ["1.27.0"]
+        envoy-version: ["1.26.4"]
         xds-target: ["server", "client"]
         test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
     env:
@@ -301,8 +301,8 @@ jobs:
       XDS_TARGET: ${{ matrix.xds-target }}
       AWS_LAMBDA_REGION: us-west-2
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
           go-version-file: 'go.mod'
 
@@ -315,7 +315,7 @@ jobs:
         run: chmod +x ./bin/consul
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
+        uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # v2.4.1
 
       - name: Docker build
         run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
@@ -374,7 +374,7 @@ jobs:
         run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
 
   compatibility-integration-test:
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     needs:
       - setup
       - dev-build
@@ -384,12 +384,8 @@ jobs:
     env:
       ENVOY_VERSION: "1.25.4"
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
-      - name: Setup Git
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
           go-version-file: 'go.mod'
       - run: go env
@@ -437,7 +433,7 @@ jobs:
               -tags "${{ env.GOTAGS }}" \
               -timeout=30m \
               -json \
-              `go list -tags "${{ env.GOTAGS }}" ./... | grep -v upgrade | grep -v peering_commontopo` \
+              `go list ./... | grep -v upgrade` \
               --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
               --target-version local \
               --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
@@ -483,98 +479,6 @@ jobs:
           DD_ENV: ci
         run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
 
-  peering_commontopo-integration-test:
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
-    needs:
-      - setup
-      - dev-build
-    permissions:
-      id-token: write # NOTE: this permission is explicitly required for Vault auth.
-      contents: read
-    strategy:
-      fail-fast: false
-    env:
-      ENVOY_VERSION: "1.24.6"
-    steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
-      - name: Setup Git
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-        with:
-          go-version-file: 'go.mod'
-      - run: go env
-
-      # Get go binary from workspace
-      - name: fetch binary
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
-        with:
-          name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}'
-          path: .
-      - name: restore mode+x
-        run: chmod +x consul
-      - name: Build consul:local image
-        run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile .
-      - name: Peering commonTopo Integration Tests
-        run: |
-          mkdir -p "${{ env.TEST_RESULTS_DIR }}"
-          cd ./test-integ/peering_commontopo
-          docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version
-          go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
-            --raw-command \
-            --format=short-verbose \
-            --debug \
-            --packages="./..." \
-            -- \
-            go test \
-            -tags "${{ env.GOTAGS }}" \
-            -timeout=30m \
-            -json . \
-            --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \
-            --target-version local \
-            --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \
-            --latest-version latest
-          ls -lrt
-        env:
-          # this is needed because of incompatibility between RYUK container and GHA
-          GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
-          GOTESTSUM_FORMAT: standard-verbose
-          COMPOSE_INTERACTIVE_NO_CLI: 1
-          # tput complains if this isn't set to something.
-          TERM: ansi
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Authenticate to Vault
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: vault-auth
-        run: vault-auth
-
-      # NOTE: ENT specific step as we store secrets in Vault.
-      - name: Fetch Secrets
-        if: ${{ endsWith(github.repository, '-enterprise') }}
-        id: secrets
-        uses: hashicorp/vault-action@v2.5.0
-        with:
-          url: ${{ steps.vault-auth.outputs.addr }}
-          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
-          token: ${{ steps.vault-auth.outputs.token }}
-          secrets: |
-              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
-
-      - name: prepare datadog-ci
-        if: ${{ !endsWith(github.repository, '-enterprise') }}
-        run: |
-          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
-          chmod +x /usr/local/bin/datadog-ci
-
-      - name: upload coverage
-        # do not run on forks
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        env:
-          DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
-          DD_ENV: ci
-        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
-
   test-integrations-success:
     needs: 
     - conditional-skip
@@ -585,7 +489,6 @@ jobs:
     - generate-envoy-job-matrices
     - envoy-integration-test
     - compatibility-integration-test
-    - peering_commontopo-integration-test
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     if: always() && needs.conditional-skip.outputs.trigger-ci == 'true'
     steps:
diff --git a/.github/workflows/verify-envoy-version.yml b/.github/workflows/verify-envoy-version.yml
index 9e8b7e7e89b3..d097e335d37b 100644
--- a/.github/workflows/verify-envoy-version.yml
+++ b/.github/workflows/verify-envoy-version.yml
@@ -18,7 +18,7 @@ jobs:
   verify-envoy-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@v2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0 # by default the checkout action doesn't checkout all branches
diff --git a/.gitignore b/.gitignore
index 793354db02d5..a48d19b74cc2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,7 +10,6 @@
 .vagrant/
 /pkg
 bin/
-workdir/
 changelog.tmp
 exit-code
 Thumbs.db
@@ -69,4 +68,3 @@ override.tf.json
 terraform.rc
 /go.work
 /go.work.sum
-.docker
diff --git a/.golangci.yml b/.golangci.yml
index b0730c957708..3e45ef464c14 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 linters:
   disable-all: true
diff --git a/.release/ci.hcl b/.release/ci.hcl
index d11983b46057..dfe69d2fc1eb 100644
--- a/.release/ci.hcl
+++ b/.release/ci.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 schema = "1"
 
diff --git a/.release/docker/docker-entrypoint-ubi.sh b/.release/docker/docker-entrypoint-ubi.sh
index 96e70df92567..a932ad7286e2 100755
--- a/.release/docker/docker-entrypoint-ubi.sh
+++ b/.release/docker/docker-entrypoint-ubi.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/dumb-init /bin/sh
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 set -e
 
diff --git a/.release/docker/docker-entrypoint-windows.sh b/.release/docker/docker-entrypoint-windows.sh
deleted file mode 100644
index f6aac9afaeca..000000000000
--- a/.release/docker/docker-entrypoint-windows.sh
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/dumb-init /bin/sh
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-set -e
-
-# Note above that we run dumb-init as PID 1 in order to reap zombie processes
-# as well as forward signals to all processes in its session. Normally, sh
-# wouldn't do either of these functions so we'd leak zombies as well as do
-# unclean termination of all our sub-processes.
-# As of docker 1.13, using docker run --init achieves the same outcome.
-
-# You can set CONSUL_BIND_INTERFACE to the name of the interface you'd like to
-# bind to and this will look up the IP and pass the proper -bind= option along
-# to Consul.
-CONSUL_BIND=
-if [ -n "$CONSUL_BIND_INTERFACE" ]; then
-  CONSUL_BIND_ADDRESS=$(ip -o -4 addr list $CONSUL_BIND_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
-  if [ -z "$CONSUL_BIND_ADDRESS" ]; then
-    echo "Could not find IP for interface '$CONSUL_BIND_INTERFACE', exiting"
-    exit 1
-  fi
-
-  CONSUL_BIND="-bind=$CONSUL_BIND_ADDRESS"
-  echo "==> Found address '$CONSUL_BIND_ADDRESS' for interface '$CONSUL_BIND_INTERFACE', setting bind option..."
-fi
-
-# You can set CONSUL_CLIENT_INTERFACE to the name of the interface you'd like to
-# bind client intefaces (HTTP, DNS, and RPC) to and this will look up the IP and
-# pass the proper -client= option along to Consul.
-CONSUL_CLIENT=
-if [ -n "$CONSUL_CLIENT_INTERFACE" ]; then
-  CONSUL_CLIENT_ADDRESS=$(ip -o -4 addr list $CONSUL_CLIENT_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
-  if [ -z "$CONSUL_CLIENT_ADDRESS" ]; then
-    echo "Could not find IP for interface '$CONSUL_CLIENT_INTERFACE', exiting"
-    exit 1
-  fi
-
-  CONSUL_CLIENT="-client=$CONSUL_CLIENT_ADDRESS"
-  echo "==> Found address '$CONSUL_CLIENT_ADDRESS' for interface '$CONSUL_CLIENT_INTERFACE', setting client option..."
-fi
-
-# CONSUL_DATA_DIR is exposed as a volume for possible persistent storage. The
-# CONSUL_CONFIG_DIR isn't exposed as a volume but you can compose additional
-# config files in there if you use this image as a base, or use CONSUL_LOCAL_CONFIG
-# below.
-CONSUL_DATA_DIR=C:\\consul\\data
-CONSUL_CONFIG_DIR=C:\\consul\\config
-
-# You can also set the CONSUL_LOCAL_CONFIG environemnt variable to pass some
-# Consul configuration JSON without having to bind any volumes.
-if [ -n "$CONSUL_LOCAL_CONFIG" ]; then
-	echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json"
-fi
-
-# If the user is trying to run Consul directly with some arguments, then
-# pass them to Consul.
-if [ "${1:0:1}" = '-' ]; then
-    set -- consul "$@"
-fi
-
-# Look for Consul subcommands.
-if [ "$1" = 'agent' ]; then
-    shift
-    set -- consul agent \
-        -data-dir="$CONSUL_DATA_DIR" \
-        -config-dir="$CONSUL_CONFIG_DIR" \
-        $CONSUL_BIND \
-        $CONSUL_CLIENT \
-        "$@"
-elif [ "$1" = 'version' ]; then
-    # This needs a special case because there's no help output.
-    set -- consul "$@"
-elif consul --help "$1" 2>&1 | grep -q "consul $1"; then
-    # We can't use the return code to check for the existence of a subcommand, so
-    # we have to use grep to look for a pattern in the help output.
-    set -- consul "$@"
-fi
-
-# NOTE: Unlike in the regular Consul Docker image, we don't have code here
-# for changing data-dir directory ownership or using su-exec because OpenShift
-# won't run this container as root and so we can't change data dir ownership,
-# and there's no need to use su-exec.
-
-exec "$@"
\ No newline at end of file
diff --git a/.release/docker/docker-entrypoint.sh b/.release/docker/docker-entrypoint.sh
index a544809643e0..c169576b6cf8 100755
--- a/.release/docker/docker-entrypoint.sh
+++ b/.release/docker/docker-entrypoint.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/dumb-init /bin/sh
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 set -e
 
diff --git a/.release/linux/package/etc/consul.d/consul.hcl b/.release/linux/package/etc/consul.d/consul.hcl
index b25f18685856..b54644b2f9cc 100644
--- a/.release/linux/package/etc/consul.d/consul.hcl
+++ b/.release/linux/package/etc/consul.d/consul.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # Full configuration options can be found at https://www.consul.io/docs/agent/config
 
diff --git a/.release/release-metadata.hcl b/.release/release-metadata.hcl
index 963192fc4b80..8de2623fdee4 100644
--- a/.release/release-metadata.hcl
+++ b/.release/release-metadata.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 url_docker_registry_dockerhub = "https://hub.docker.com/r/hashicorp/consul"
 url_docker_registry_ecr = "https://gallery.ecr.aws/hashicorp/consul"
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 0dd5116c6ece..3029b33273b0 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 container {
 	dependencies = true
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9cd1efb50646..a7a2c6e24a8a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## 1.16.1 (August 8, 2023)
 
+KNOWN ISSUES:
+
+* connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636).
+
 SECURITY:
 
 * Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
@@ -57,84 +61,11 @@ we now reject those earlier in the process when we validate the certificate. [[G
 https://github.com/rboyer/safeio/pull/3 [[GH-18302](https://github.com/hashicorp/consul/issues/18302)]
 * xds: Prevent partial application of non-Required Envoy extensions in the case of failure. [[GH-18068](https://github.com/hashicorp/consul/issues/18068)]
 
-## 1.15.5 (August 8, 2023)
-
-SECURITY:
-
-* Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
-* Upgrade golang.org/x/net to address [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406) [[GH-18186](https://github.com/hashicorp/consul/issues/18186)]
-* Upgrade to use Go 1.20.6.
-This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`) for uses of the standard library.
-A separate change updates dependencies on `golang.org/x/net` to use `0.12.0`. [[GH-18190](https://github.com/hashicorp/consul/issues/18190)]
-* Upgrade to use Go 1.20.7.
-This resolves vulnerability [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
-
-FEATURES:
-
-* cli: `consul members` command uses `-filter` expression to filter members based on bexpr. [[GH-18223](https://github.com/hashicorp/consul/issues/18223)]
-* cli: `consul watch` command uses `-filter` expression to filter response from checks, services, nodes, and service. [[GH-17780](https://github.com/hashicorp/consul/issues/17780)]
-* reloadable config: Made enable_debug config reloadable and enable pprof command to work when config toggles to true [[GH-17565](https://github.com/hashicorp/consul/issues/17565)]
-
-IMPROVEMENTS:
-
-* Fix some typos in metrics docs [[GH-18080](https://github.com/hashicorp/consul/issues/18080)]
-* acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only) [[GH-18319](https://github.com/hashicorp/consul/issues/18319)]
-* acl: allow for a single slash character in policy names [[GH-18319](https://github.com/hashicorp/consul/issues/18319)]
-* connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [[GH-17888](https://github.com/hashicorp/consul/issues/17888)]
-* connect: update supported envoy versions to 1.22.11, 1.23.12, 1.24.10, 1.25.9 [[GH-18304](https://github.com/hashicorp/consul/issues/18304)]
-* hcp: Add dynamic configuration support for the export of server metrics to HCP. [[GH-18168](https://github.com/hashicorp/consul/issues/18168)]
-* hcp: Removes requirement for HCP to provide a management token [[GH-18140](https://github.com/hashicorp/consul/issues/18140)]
-* xds: Explicitly enable WebSocket connection upgrades in HTTP connection manager [[GH-18150](https://github.com/hashicorp/consul/issues/18150)]
-
-BUG FIXES:
-
-* Fix a bug that wrongly trims domains when there is an overlap with DC name. [[GH-17160](https://github.com/hashicorp/consul/issues/17160)]
-* api-gateway: fix race condition in proxy config generation when Consul is notified of the bound-api-gateway config entry before it is notified of the api-gateway config entry. [[GH-18291](https://github.com/hashicorp/consul/issues/18291)]
-* connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters [[GH-17846](https://github.com/hashicorp/consul/issues/17846)]
-* connect: Fix incorrect protocol config merging for transparent proxy implicit upstreams. [[GH-17894](https://github.com/hashicorp/consul/issues/17894)]
-* connect: Removes the default health check from the `consul connect envoy` command when starting an API Gateway.
-This health check would always fail. [[GH-18011](https://github.com/hashicorp/consul/issues/18011)]
-* connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-18024](https://github.com/hashicorp/consul/issues/18024)]
-* snapshot: fix access denied and handle is invalid when we call snapshot save on windows - skip sync() for folders in windows in
-https://github.com/rboyer/safeio/pull/3 [[GH-18302](https://github.com/hashicorp/consul/issues/18302)]
-
-## 1.14.9 (August 8, 2023)
-
-SECURITY:
-
-* Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
-* Upgrade golang.org/x/net to address [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406) [[GH-18186](https://github.com/hashicorp/consul/issues/18186)]
-* Upgrade to use Go 1.20.6.
-This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`) for uses of the standard library. 
-A separate change updates dependencies on `golang.org/x/net` to use `0.12.0`. [[GH-18190](https://github.com/hashicorp/consul/issues/18190)]
-* Upgrade to use Go 1.20.7.
-This resolves vulnerability [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
-
-FEATURES:
-
-* cli: `consul members` command uses `-filter` expression to filter members based on bexpr. [[GH-18223](https://github.com/hashicorp/consul/issues/18223)]
-* cli: `consul watch` command uses `-filter` expression to filter response from checks, services, nodes, and service. [[GH-17780](https://github.com/hashicorp/consul/issues/17780)]
-* reloadable config: Made enable_debug config reloadable and enable pprof command to work when config toggles to true [[GH-17565](https://github.com/hashicorp/consul/issues/17565)]
-
-IMPROVEMENTS:
-
-* Fix some typos in metrics docs [[GH-18080](https://github.com/hashicorp/consul/issues/18080)]
-* acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only) [[GH-18319](https://github.com/hashicorp/consul/issues/18319)]
-* acl: allow for a single slash character in policy names [[GH-18319](https://github.com/hashicorp/consul/issues/18319)]
-* connect: update supported envoy versions to 1.21.6, 1.22.11, 1.23.12, 1.24.10 [[GH-18305](https://github.com/hashicorp/consul/issues/18305)]
-* hcp: Removes requirement for HCP to provide a management token [[GH-18140](https://github.com/hashicorp/consul/issues/18140)]
-* xds: Explicitly enable WebSocket connection upgrades in HTTP connection manager [[GH-18150](https://github.com/hashicorp/consul/issues/18150)]
-
-BUG FIXES:
+## 1.16.0 (June 26, 2023)
 
-* Fix a bug that wrongly trims domains when there is an overlap with DC name. [[GH-17160](https://github.com/hashicorp/consul/issues/17160)]
-* connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters [[GH-17846](https://github.com/hashicorp/consul/issues/17846)]
-* connect: Fix incorrect protocol config merging for transparent proxy implicit upstreams. [[GH-17894](https://github.com/hashicorp/consul/issues/17894)]
-* connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-18024](https://github.com/hashicorp/consul/issues/18024)]
-* snapshot: fix access denied and handle is invalid when we call snapshot save on windows - skip sync() for folders in windows in
-https://github.com/rboyer/safeio/pull/3 [[GH-18302](https://github.com/hashicorp/consul/issues/18302)]
+KNOWN ISSUES:
 
-## 1.16.0 (June 26, 2023)
+* connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636).
 
 BREAKING CHANGES:
 
@@ -207,100 +138,6 @@ BUG FIXES:
 * ui: fixes ui tests run on CI [[GH-16428](https://github.com/hashicorp/consul/issues/16428)]
 * xds: Fixed a bug where modifying ACLs on a token being actively used for an xDS connection caused all xDS updates to fail. [[GH-17566](https://github.com/hashicorp/consul/issues/17566)]
 
-## 1.15.4 (June 26, 2023)
-FEATURES:
-
-* cli: `consul operator raft list-peers` command shows the number of commits each follower is trailing the leader by to aid in troubleshooting. [[GH-17582](https://github.com/hashicorp/consul/issues/17582)]
-* server: **(Enterprise Only)** allow automatic license utilization reporting. [[GH-5102](https://github.com/hashicorp/consul/issues/5102)]
-
-IMPROVEMENTS:
-
-* connect: update supported envoy versions to 1.22.11, 1.23.9, 1.24.7, 1.25.6 [[GH-17545](https://github.com/hashicorp/consul/issues/17545)]
-* debug: change default setting of consul debug command. now default duration is 5ms and default log level is 'TRACE' [[GH-17596](https://github.com/hashicorp/consul/issues/17596)]
-* fix metric names in /docs/agent/telemetry [[GH-17577](https://github.com/hashicorp/consul/issues/17577)]
-* gateway: Change status condition reason for invalid certificate on a listener from "Accepted" to "ResolvedRefs". [[GH-17115](https://github.com/hashicorp/consul/issues/17115)]
-* systemd: set service type to notify. [[GH-16845](https://github.com/hashicorp/consul/issues/16845)]
-
-BUG FIXES:
-
-* cache: fix a few minor goroutine leaks in leaf certs and the agent cache [[GH-17636](https://github.com/hashicorp/consul/issues/17636)]
-* docs: fix list of telemetry metrics [[GH-17593](https://github.com/hashicorp/consul/issues/17593)]
-* gateways: **(Enterprise only)** Fixed a bug in API gateways where gateway configuration objects in non-default partitions did not reconcile properly. [[GH-17581](https://github.com/hashicorp/consul/issues/17581)]
-* gateways: Fixed a bug in API gateways where binding a route that only targets a service imported from a peer results
-  in the programmed gateway having no routes. [[GH-17609](https://github.com/hashicorp/consul/issues/17609)]
-* gateways: Fixed a bug where API gateways were not being taken into account in determining xDS rate limits. [[GH-17631](https://github.com/hashicorp/consul/issues/17631)]
-* http: fixed API endpoint `PUT /acl/token/:AccessorID` (update token), no longer requires `AccessorID` in the request body. Web UI can now update tokens. [[GH-17739](https://github.com/hashicorp/consul/issues/17739)]
-* namespaces: **(Enterprise only)** fixes a bug where agent health checks stop syncing for all services on a node if the namespace of any service has been removed from the server.
-* namespaces: **(Enterprise only)** fixes a bug where namespaces are stuck in a deferred deletion state indefinitely under some conditions.
-  Also fixes the Consul query metadata present in the HTTP headers of the namespace read and list endpoints.
-* peering: Fix a bug that caused server agents to continue cleaning up peering resources even after loss of leadership. [[GH-17483](https://github.com/hashicorp/consul/issues/17483)]
-* xds: Fixed a bug where modifying ACLs on a token being actively used for an xDS connection caused all xDS updates to fail. [[GH-17566](https://github.com/hashicorp/consul/issues/17566)]
-
-## 1.14.8 (June 26, 2023)
-
-SECURITY:
-
-* Update to UBI base image to 9.2. [[GH-17513](https://github.com/hashicorp/consul/issues/17513)]
-
-FEATURES:
-
-* cli: `consul operator raft list-peers` command shows the number of commits each follower is trailing the leader by to aid in troubleshooting. [[GH-17582](https://github.com/hashicorp/consul/issues/17582)]
-* server: **(Enterprise Only)** allow automatic license utilization reporting. [[GH-5102](https://github.com/hashicorp/consul/issues/5102)]
-
-IMPROVEMENTS:
-
-* connect: update supported envoy versions to 1.21.6, 1.22.11, 1.23.9, 1.24.7 [[GH-17547](https://github.com/hashicorp/consul/issues/17547)]
-* debug: change default setting of consul debug command. now default duration is 5ms and default log level is 'TRACE' [[GH-17596](https://github.com/hashicorp/consul/issues/17596)]
-* fix metric names in /docs/agent/telemetry [[GH-17577](https://github.com/hashicorp/consul/issues/17577)]
-* peering: gRPC queries for TrustBundleList, TrustBundleRead, PeeringList, and PeeringRead now support blocking semantics,
-  reducing network and CPU demand.
-  The HTTP APIs for Peering List and Read have been updated to support blocking. [[GH-17426](https://github.com/hashicorp/consul/issues/17426)]
-* raft: Remove expensive reflection from raft/mesh hot path [[GH-16552](https://github.com/hashicorp/consul/issues/16552)]
-* systemd: set service type to notify. [[GH-16845](https://github.com/hashicorp/consul/issues/16845)]
-
-BUG FIXES:
-
-* cache: fix a few minor goroutine leaks in leaf certs and the agent cache [[GH-17636](https://github.com/hashicorp/consul/issues/17636)]
-* connect: reverts #17317 fix that caused a downstream error for Ingress/Mesh/Terminating GWs when their respective config entry does not already exist. [[GH-17541](https://github.com/hashicorp/consul/issues/17541)]
-* namespaces: **(Enterprise only)** fixes a bug where agent health checks stop syncing for all services on a node if the namespace of any service has been removed from the server.
-* namespaces: **(Enterprise only)** fixes a bug where namespaces are stuck in a deferred deletion state indefinitely under some conditions.
-  Also fixes the Consul query metadata present in the HTTP headers of the namespace read and list endpoints.
-* namespaces: adjusts the return type from HTTP list API to return the `api` module representation of a namespace.
-  This fixes an error with the `consul namespace list` command when a namespace has a deferred deletion timestamp.
-* peering: Fix a bug that caused server agents to continue cleaning up peering resources even after loss of leadership. [[GH-17483](https://github.com/hashicorp/consul/issues/17483)]
-* peering: Fix issue where modifying the list of exported services did not correctly replicate changes for services that exist in a non-default namespace. [[GH-17456](https://github.com/hashicorp/consul/issues/17456)]
-
-## 1.13.9 (June 26, 2023)
-BREAKING CHANGES:
-
-* connect: Disable peering by default in connect proxies for Consul 1.13. This change was made to prevent inefficient polling
-  queries from having a negative impact on server performance. Peering in Consul 1.13 is an experimental feature and is not
-  recommended for use in production environments. If you still wish to use the experimental peering feature, ensure
-  [`peering.enabled = true`](https://developer.hashicorp.com/consul/docs/v1.13.x/agent/config/config-files#peering_enabled)
-  is set on all clients and servers. [[GH-17731](https://github.com/hashicorp/consul/issues/17731)]
-
-SECURITY:
-
-* Update to UBI base image to 9.2. [[GH-17513](https://github.com/hashicorp/consul/issues/17513)]
-
-FEATURES:
-
-* server: **(Enterprise Only)** allow automatic license utilization reporting. [[GH-5102](https://github.com/hashicorp/consul/issues/5102)]
-
-IMPROVEMENTS:
-
-* debug: change default setting of consul debug command. now default duration is 5ms and default log level is 'TRACE' [[GH-17596](https://github.com/hashicorp/consul/issues/17596)]
-* systemd: set service type to notify. [[GH-16845](https://github.com/hashicorp/consul/issues/16845)]
-
-BUG FIXES:
-
-* cache: fix a few minor goroutine leaks in leaf certs and the agent cache [[GH-17636](https://github.com/hashicorp/consul/issues/17636)]
-* namespaces: **(Enterprise only)** fixes a bug where namespaces are stuck in a deferred deletion state indefinitely under some conditions.
-  Also fixes the Consul query metadata present in the HTTP headers of the namespace read and list endpoints.
-* namespaces: adjusts the return type from HTTP list API to return the `api` module representation of a namespace.
-  This fixes an error with the `consul namespace list` command when a namespace has a deferred deletion timestamp.
-* peering: Fix a bug that caused server agents to continue cleaning up peering resources even after loss of leadership. [[GH-17483](https://github.com/hashicorp/consul/issues/17483)]
-
 ## 1.16.0-rc1 (June 12, 2023)
 
 BREAKING CHANGES:
diff --git a/Dockerfile b/Dockerfile
index 1926c521299a..7599ec7b35b8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # This Dockerfile contains multiple targets.
 # Use 'docker build --target=<name> .' to build one.
diff --git a/Dockerfile-windows b/Dockerfile-windows
deleted file mode 100644
index 14582908db55..000000000000
--- a/Dockerfile-windows
+++ /dev/null
@@ -1,51 +0,0 @@
-FROM mcr.microsoft.com/windows/servercore:ltsc2019
-ARG VERSION=1.16.0
-
-ENV chocolateyVersion=1.4.0
-
-LABEL org.opencontainers.image.authors="Consul Team <consul@hashicorp.com>" \
-      org.opencontainers.image.url="https://www.consul.io/" \
-      org.opencontainers.image.documentation="https://www.consul.io/docs" \
-      org.opencontainers.image.source="https://github.com/hashicorp/consul" \
-      org.opencontainers.image.version=$VERSION \
-      org.opencontainers.image.vendor="HashiCorp" \
-      org.opencontainers.image.title="consul" \
-      org.opencontainers.image.description="Consul is a datacenter runtime that provides service discovery, configuration, and orchestration." \
-      version=${VERSION}
-
-RUN ["powershell", "Set-ExecutionPolicy", "Bypass", "-Scope", "Process", "-Force;"]
-RUN ["powershell", "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))"]
-
-RUN choco install git.install -yf
-RUN SETX /M path "%PATH%;C:\Program Files\Git\bin"
-
-RUN mkdir C:\\consul
-RUN mkdir C:\\consul\\data
-RUN mkdir C:\\consul\\config
-
-# Server RPC is used for communication between Consul clients and servers for internal
-# request forwarding.
-EXPOSE 8300
-
-# Serf LAN and WAN (WAN is used only by Consul servers) are used for gossip between
-# Consul agents. LAN is within the datacenter and WAN is between just the Consul
-# servers in all datacenters.
-EXPOSE 8301 8301/udp 8302 8302/udp
-
-# HTTP and DNS (both TCP and UDP) are the primary interfaces that applications
-# use to interact with Consul.
-EXPOSE 8500 8600 8600/udp
-
-#ENV CONSUL_URL=https://releases.hashicorp.com/consul/${VERSION}/consul_${VERSION}_windows_amd64.zip
-#RUN curl %CONSUL_URL% -L -o consul.zip
-#RUN tar -xf consul.zip -C consul
-
-COPY consul.exe C:\\consul
-
-COPY .release/docker/docker-entrypoint-windows.sh C:\\docker-entrypoint-windows.sh
-ENTRYPOINT ["bash.exe", "docker-entrypoint-windows.sh"]
-
-# By default you'll get an insecure single-node development server that stores
-# everything in RAM, exposes a web UI and HTTP endpoints, and bootstraps itself.
-# Don't use this configuration for production.
-CMD ["agent", "-dev", "-client", "0.0.0.0"]
diff --git a/Makefile b/GNUmakefile
similarity index 73%
rename from Makefile
rename to GNUmakefile
index 4ca2072dbabe..ae691d2f0e8a 100644
--- a/Makefile
+++ b/GNUmakefile
@@ -3,7 +3,6 @@
 
 SHELL = bash
 
-
 GO_MODULES := $(shell find . -name go.mod -exec dirname {} \; | grep -v "proto-gen-rpc-glue/e2e" | sort)
 
 ###
@@ -12,7 +11,7 @@ GO_MODULES := $(shell find . -name go.mod -exec dirname {} \; | grep -v "proto-g
 ###
 GOLANGCI_LINT_VERSION='v1.51.1'
 MOCKERY_VERSION='v2.20.0'
-BUF_VERSION='v1.26.0'
+BUF_VERSION='v1.14.0'
 
 PROTOC_GEN_GO_GRPC_VERSION="v1.2.0"
 MOG_VERSION='v0.4.0'
@@ -66,7 +65,13 @@ BUILD_CONTAINER_NAME?=consul-builder
 CONSUL_IMAGE_VERSION?=latest
 ENVOY_VERSION?='1.25.4'
 
-CONSUL_VERSION?=$(shell cat version/VERSION)
+################
+# CI Variables #
+################
+CI_DEV_DOCKER_NAMESPACE?=hashicorpdev
+CI_DEV_DOCKER_IMAGE_NAME?=consul
+CI_DEV_DOCKER_WORKDIR?=bin/
+################
 
 TEST_MODCACHE?=1
 TEST_BUILDCACHE?=1
@@ -146,27 +151,23 @@ ifdef SKIP_DOCKER_BUILD
 ENVOY_INTEG_DEPS=noop
 endif
 
-##@ Build
-
-.PHONY: all
-all: dev-build ## Command running by default
+all: dev-build
 
 # used to make integration dependencies conditional
 noop: ;
 
-.PHONY: dev
-dev: dev-build ## Dev creates binaries for testing locally - these are put into ./bin
+# dev creates binaries for testing locally - these are put into ./bin
+dev: dev-build
 
-.PHONY: dev-build
-dev-build: ## Same as dev
+dev-build:
 	mkdir -p bin
 	CGO_ENABLED=0 go install -ldflags "$(GOLDFLAGS)" -tags "$(GOTAGS)"
 	# rm needed due to signature caching (https://apple.stackexchange.com/a/428388)
 	rm -f ./bin/consul
 	cp ${MAIN_GOPATH}/bin/consul ./bin/consul
 
-.PHONY: dev-docker-dbg
-dev-docker-dbg: dev-docker ## Build containers for debug mode
+
+dev-docker-dbg: dev-docker
 	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
 	@docker pull hashicorp/consul:$(CONSUL_IMAGE_VERSION) >/dev/null
 	@echo "Building Consul Development container - $(CONSUL_DEV_IMAGE)"
@@ -178,8 +179,7 @@ dev-docker-dbg: dev-docker ## Build containers for debug mode
        --load \
        -f $(CURDIR)/build-support/docker/Consul-Dev-Dbg.dockerfile $(CURDIR)/pkg/bin/
 
-.PHONY: dev-docker
-dev-docker: linux dev-build ## Build and tag docker images in dev env
+dev-docker: linux dev-build
 	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
 	@docker pull hashicorp/consul:$(CONSUL_IMAGE_VERSION) >/dev/null
 	@echo "Building Consul Development container - $(CONSUL_DEV_IMAGE)"
@@ -188,20 +188,15 @@ dev-docker: linux dev-build ## Build and tag docker images in dev env
 	@docker buildx use default && docker buildx build -t 'consul:local' -t '$(CONSUL_DEV_IMAGE)' \
        --platform linux/$(GOARCH) \
 	   --build-arg CONSUL_IMAGE_VERSION=$(CONSUL_IMAGE_VERSION) \
-		--label org.opencontainers.image.version=$(CONSUL_VERSION) \
-		--label version=$(CONSUL_VERSION) \
        --load \
        -f $(CURDIR)/build-support/docker/Consul-Dev-Multiarch.dockerfile $(CURDIR)/pkg/bin/
-	docker tag 'consul:local'  '$(CONSUL_COMPAT_TEST_IMAGE):local'
 
-.PHONY: check-remote-dev-image-env
-check-remote-dev-image-env: ## Check remote dev image env
+check-remote-dev-image-env:
 ifndef REMOTE_DEV_IMAGE
 	$(error REMOTE_DEV_IMAGE is undefined: set this image to <your_docker_repo>/<your_docker_image>:<image_tag>, e.g. hashicorp/consul-k8s-dev:latest)
 endif
 
-.PHONY: remote-docker
-remote-docker: check-remote-dev-image-env ## Remote docker
+remote-docker: check-remote-dev-image-env
 	$(MAKE) GOARCH=amd64 linux
 	$(MAKE) GOARCH=arm64 linux
 	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
@@ -213,63 +208,39 @@ remote-docker: check-remote-dev-image-env ## Remote docker
 	@docker buildx use consul-builder && docker buildx build -t '$(REMOTE_DEV_IMAGE)' \
        --platform linux/amd64,linux/arm64 \
 	   --build-arg CONSUL_IMAGE_VERSION=$(CONSUL_IMAGE_VERSION) \
-		--label org.opencontainers.image.version=$(CONSUL_VERSION) \
-		--label version=$(CONSUL_VERSION) \
        --push \
        -f $(CURDIR)/build-support/docker/Consul-Dev-Multiarch.dockerfile $(CURDIR)/pkg/bin/
 
-linux:  ## Linux builds a linux binary compatible with the source platform
+# In CI, the linux binary will be attached from a previous step at bin/. This make target
+# should only run in CI and not locally.
+ci.dev-docker:
+	@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
+	@docker pull hashicorp/consul:$(CONSUL_IMAGE_VERSION) >/dev/null
+	@echo "Building Consul Development container - $(CI_DEV_DOCKER_IMAGE_NAME)"
+	@docker build $(NOCACHE) $(QUIET) -t '$(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):$(GIT_COMMIT)' \
+	--build-arg CONSUL_IMAGE_VERSION=$(CONSUL_IMAGE_VERSION) \
+	--label COMMIT_SHA=$(CIRCLE_SHA1) \
+	--label PULL_REQUEST=$(CIRCLE_PULL_REQUEST) \
+	--label CIRCLE_BUILD_URL=$(CIRCLE_BUILD_URL) \
+	$(CI_DEV_DOCKER_WORKDIR) -f $(CURDIR)/build-support/docker/Consul-Dev.dockerfile
+	@echo $(DOCKER_PASS) | docker login -u="$(DOCKER_USER)" --password-stdin
+	@echo "Pushing dev image to: https://cloud.docker.com/u/hashicorpdev/repository/docker/hashicorpdev/consul"
+	@docker push $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):$(GIT_COMMIT)
+ifeq ($(CIRCLE_BRANCH), main)
+	@docker tag $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):$(GIT_COMMIT) $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):latest
+	@docker push $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):latest
+endif
+
+# linux builds a linux binary compatible with the source platform
+linux:
 	@mkdir -p ./pkg/bin/linux_$(GOARCH)
 	CGO_ENABLED=0 GOOS=linux GOARCH=$(GOARCH) go build -o ./pkg/bin/linux_$(GOARCH) -ldflags "$(GOLDFLAGS)" -tags "$(GOTAGS)"
 
-.PHONY: go-mod-tidy
-go-mod-tidy: $(foreach mod,$(GO_MODULES),go-mod-tidy/$(mod)) ## Run go mod tidy in every module
-
-.PHONY: mod-tidy/%
-go-mod-tidy/%:
-	@echo "--> Running go mod tidy ($*)"
-	@cd $* && go mod tidy
-
-##@ Checks
-
-.PHONY: fmt
-fmt: $(foreach mod,$(GO_MODULES),fmt/$(mod)) ## Format go modules
-
-.PHONY: fmt/%
-fmt/%:
-	@echo "--> Running go fmt ($*)"
-	@cd $* && gofmt -s -l -w .
-
-.PHONY: lint
-lint: $(foreach mod,$(GO_MODULES),lint/$(mod)) lint-container-test-deps ## Lint go modules and test deps
-
-.PHONY: lint/%
-lint/%:
-	@echo "--> Running golangci-lint ($*)"
-	@cd $* && GOWORK=off golangci-lint run --build-tags '$(GOTAGS)'
-	@echo "--> Running lint-consul-retry ($*)"
-	@cd $* && GOWORK=off lint-consul-retry
-	@echo "--> Running enumcover ($*)"
-	@cd $* && GOWORK=off enumcover ./...
-
-# check that the test-container module only imports allowlisted packages
-# from the root consul module. Generally we don't want to allow these imports.
-# In a few specific instances though it is okay to import test definitions and
-# helpers from some of the packages in the root module.
-.PHONY: lint-container-test-deps
-lint-container-test-deps: ## Check that the test-container module only imports allowlisted packages from the root consul module.
-	@echo "--> Checking container tests for bad dependencies"
-	@cd test/integration/consul-container && \
-		$(CURDIR)/build-support/scripts/check-allowed-imports.sh \
-			github.com/hashicorp/consul \
-			internal/catalog/catalogtest
-
-##@ Testing
-
-.PHONY: cover
-cover: cov ## Run tests and generate coverage report
+# dist builds binaries for all platforms and packages them for distribution
+dist:
+	@$(SHELL) $(CURDIR)/build-support/scripts/release.sh -t '$(DIST_TAG)' -b '$(DIST_BUILD)' -S '$(DIST_SIGN)' $(DIST_VERSION_ARG) $(DIST_DATE_ARG) $(DIST_REL_ARG)
 
-.PHONY: cov
+cover: cov
 cov: other-consul dev-build
 	go test -tags '$(GOTAGS)' ./... -coverprofile=coverage.out
 	cd sdk && go test -tags '$(GOTAGS)' ./... -coverprofile=../coverage.sdk.part
@@ -278,11 +249,17 @@ cov: other-consul dev-build
 	rm -f coverage.{sdk,api}.part
 	go tool cover -html=coverage.out
 
-.PHONY: test
 test: other-consul dev-build lint test-internal
 
-.PHONY: test-internal
-test-internal: ## Test internal
+.PHONY: go-mod-tidy
+go-mod-tidy: $(foreach mod,$(GO_MODULES),go-mod-tidy/$(mod))
+
+.PHONY: mod-tidy/%
+go-mod-tidy/%:
+	@echo "--> Running go mod tidy ($*)"
+	@cd $* && go mod tidy
+
+test-internal:
 	@echo "--> Running go test"
 	@rm -f test.log exit-code
 	@# Dump verbose output to test.log so we can surface test names on failure but
@@ -311,142 +288,112 @@ test-internal: ## Test internal
 	@grep '^FAIL' test.log || true
 	@if [ "$$(cat exit-code)" == "0" ] ; then echo "PASS" ; exit 0 ; else exit 1 ; fi
 
-.PHONY: test-all
-test-all: other-consul dev-build lint $(foreach mod,$(GO_MODULES),test-module/$(mod)) ## Test all
+test-all: other-consul dev-build lint $(foreach mod,$(GO_MODULES),test-module/$(mod))
 
-.PHONY: test-module/%
 test-module/%:
 	@echo "--> Running go test ($*)"
 	cd $* && go test $(GOTEST_FLAGS) -tags '$(GOTAGS)' ./...
 
-.PHONY: test-race
-test-race: ## Test race
+test-race:
 	$(MAKE) GOTEST_FLAGS=-race
 
-.PHONY: other-consul
-other-consul: ## Checking for other consul instances
+test-docker: linux go-build-image
+	@# -ti run in the foreground showing stdout
+	@# --rm removes the container once its finished running
+	@# GO_MODCACHE_VOL - args for mapping in the go module cache
+	@# GO_BUILD_CACHE_VOL - args for mapping in the go build cache
+	@# All the env vars are so we pass through all the relevant bits of information
+	@# Needed for running the tests
+	@# We map in our local linux_amd64 bin directory as thats where the linux dep
+	@#   target dropped the binary. We could build the binary in the container too
+	@#   but that might take longer as caching gets weird
+	@# Lastly we map the source dir here to the /consul workdir
+	@echo "Running tests within a docker container"
+	@docker run -ti --rm \
+		-e 'GOTEST_FLAGS=$(GOTEST_FLAGS)' \
+		-e 'GOTAGS=$(GOTAGS)' \
+		-e 'GIT_COMMIT=$(GIT_COMMIT)' \
+		-e 'GIT_COMMIT_YEAR=$(GIT_COMMIT_YEAR)' \
+		-e 'GIT_DIRTY=$(GIT_DIRTY)' \
+		$(TEST_PARALLELIZATION) \
+		$(TEST_DOCKER_RESOURCE_CONSTRAINTS) \
+		$(TEST_MODCACHE_VOL) \
+		$(TEST_BUILDCACHE_VOL) \
+		-v $(MAIN_GOPATH)/bin/linux_amd64/:/go/bin \
+		-v $(shell pwd):/consul \
+		$(GO_BUILD_TAG) \
+		make test-internal
+
+other-consul:
 	@echo "--> Checking for other consul instances"
 	@if ps -ef | grep 'consul agent' | grep -v grep ; then \
 		echo "Found other running consul agents. This may affect your tests." ; \
 		exit 1 ; \
 	fi
+	
+.PHONY: fmt
+fmt: $(foreach mod,$(GO_MODULES),fmt/$(mod)) 
 
-# Use GO_TEST_FLAGS to run specific tests:
-#      make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/case-basic"
-# NOTE: Always uses amd64 images, even when running on M1 macs, to match CI/CD environment.
-#       You can also specify the envoy version (example: 1.27.0) setting the environment variable: ENVOY_VERSION=1.27.0
-.PHONY: test-envoy-integ
-test-envoy-integ: $(ENVOY_INTEG_DEPS) ## Run integration tests.
-	@go test -v -timeout=30m -tags integration $(GO_TEST_FLAGS) ./test/integration/connect/envoy
-
-# NOTE: Use DOCKER_BUILDKIT=0, if docker build fails to resolve consul:local base image
-.PHONY: test-compat-integ-setup
-test-compat-integ-setup: dev-docker
-	@docker tag consul-dev:latest $(CONSUL_COMPAT_TEST_IMAGE):local
-	@docker run --rm -t $(CONSUL_COMPAT_TEST_IMAGE):local consul version
-	@#  'consul-envoy:target-version' is needed by compatibility integ test
-	@docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=$(CONSUL_COMPAT_TEST_IMAGE):local --build-arg ENVOY_VERSION=${ENVOY_VERSION} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-
-.PHONY: test-compat-integ
-test-compat-integ: test-compat-integ-setup ## Test compat integ
-ifeq ("$(GOTESTSUM_PATH)","")
-	@cd ./test/integration/consul-container && \
-	go test \
-		-v \
-		-timeout=30m \
-		./... \
-		--tags $(GOTAGS) \
-		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--target-version local \
-		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--latest-version latest
-else
-	@cd ./test/integration/consul-container && \
-	gotestsum \
-		--format=short-verbose \
-		--debug \
-		--rerun-fails=3 \
-		--packages="./..." \
-		-- \
-		--tags $(GOTAGS) \
-		-timeout=30m \
-		./... \
-		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--target-version local \
-		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--latest-version latest
-endif
+.PHONY: fmt/%
+fmt/%:
+	@echo "--> Running go fmt ($*)"
+	@cd $* && gofmt -s -l -w .
 
-.PHONY: test-metrics-integ
-test-metrics-integ: test-compat-integ-setup ## Test metrics integ
-	@cd ./test/integration/consul-container && \
-		go test -v -timeout=7m ./test/metrics \
-		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--target-version local \
-		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
-		--latest-version latest
+.PHONY: lint
+lint: $(foreach mod,$(GO_MODULES),lint/$(mod)) lint-container-test-deps
 
-.PHONY: test-connect-ca-providers
-test-connect-ca-providers: ## Running /agent/connect/ca tests in verbose mode
-	@echo "Running /agent/connect/ca tests in verbose mode"
-	@go test -v ./agent/connect/ca
-	@go test -v ./agent/consul -run Vault
-	@go test -v ./agent -run Vault
+.PHONY: lint/%
+lint/%:
+	@echo "--> Running golangci-lint ($*)"
+	@cd $* && GOWORK=off golangci-lint run --build-tags '$(GOTAGS)'
+	@echo "--> Running lint-consul-retry ($*)"
+	@cd $* && GOWORK=off lint-consul-retry
+	@echo "--> Running enumcover ($*)"
+	@cd $* && GOWORK=off enumcover ./...
 
-##@ UI
+.PHONY: lint-container-test-deps
+lint-container-test-deps:
+	@echo "--> Checking container tests for bad dependencies"
+	@cd test/integration/consul-container && ( \
+		found="$$(go list -m all | grep -c '^github.com/hashicorp/consul ')" ; \
+		if [[ "$$found" != "0" ]]; then \
+			echo "test/integration/consul-container: This project should not depend on the root consul module" >&2 ; \
+			exit 1 ; \
+		fi \
+	)
 
-.PHONY: ui
-ui: ui-docker ## Build the static web ui inside a Docker container. For local testing only; do not commit these assets.
+# Build the static web ui inside a Docker container. For local testing only; do not commit these assets.
+ui: ui-docker
 
+# Build the static web ui with yarn. This is the version to commit.
 .PHONY: ui-regen
-ui-regen: ## Build the static web ui with yarn. This is the version to commit.
+ui-regen:
 	cd $(CURDIR)/ui && make && cd ..
 	rm -rf $(CURDIR)/agent/uiserver/dist
 	mv $(CURDIR)/ui/packages/consul-ui/dist $(CURDIR)/agent/uiserver/
 
-.PHONY: ui-build-image
-ui-build-image: ## Building UI build container
-	@echo "Building UI build container"
-	@docker build $(NOCACHE) $(QUIET) -t $(UI_BUILD_TAG) - < build-support/docker/Build-UI.dockerfile
-
-.PHONY: ui-docker
-ui-docker: ui-build-image ## Builds ui within docker container and copy all the relevant artifacts out of the containers back to the source
-	@$(SHELL) $(CURDIR)/build-support/scripts/build-docker.sh ui
-
-##@ Tools
-
-.PHONY: tools
-tools: ## Installs various supporting Go tools.
+tools:
 	@$(SHELL) $(CURDIR)/build-support/scripts/devtools.sh
 
 .PHONY: lint-tools
-lint-tools: ## Install tools for linting
+lint-tools:
 	@$(SHELL) $(CURDIR)/build-support/scripts/devtools.sh -lint
 
+.PHONY: proto-tools
+proto-tools:
+	@$(SHELL) $(CURDIR)/build-support/scripts/devtools.sh -protobuf
+
 .PHONY: codegen-tools
-codegen-tools: ## Install tools for codegen
+codegen-tools:
 	@$(SHELL) $(CURDIR)/build-support/scripts/devtools.sh -codegen
 
 .PHONY: deep-copy
-deep-copy: codegen-tools ## Deep copy
+deep-copy: codegen-tools
 	@$(SHELL) $(CURDIR)/agent/structs/deep-copy.sh
 	@$(SHELL) $(CURDIR)/agent/proxycfg/deep-copy.sh
 	@$(SHELL) $(CURDIR)/agent/consul/state/deep-copy.sh
 
-print-%  : ; @echo $($*) ## utility to echo a makefile variable (i.e. 'make print-GOPATH')
-
-.PHONY: module-versions
-module-versions: ## Print a list of modules which can be updated. Columns are: module current_version date_of_current_version latest_version
-	@go list -m -u -f '{{if .Update}} {{printf "%-50v %-40s" .Path .Version}} {{with .Time}} {{ .Format "2006-01-02" -}} {{else}} {{printf "%9s" ""}} {{end}}   {{ .Update.Version}} {{end}}' all
-
-.PHONY: docs
-docs: ## Point your web browser to http://localhost:3000/consul to live render docs from ./website/
-	make -C website
-
-##@ Release
-
-.PHONY: version
-version:  ## Current Consul version
+version:
 	@echo -n "Version:                    "
 	@$(SHELL) $(CURDIR)/build-support/scripts/version.sh
 	@echo -n "Version + release:          "
@@ -456,20 +403,26 @@ version:  ## Current Consul version
 	@echo -n "Version + release + git:    "
 	@$(SHELL) $(CURDIR)/build-support/scripts/version.sh -r -g
 
-.PHONY: docker-images
+
 docker-images: go-build-image ui-build-image
 
-.PHONY: go-build-image
-go-build-image: ## Building Golang build container
+go-build-image:
 	@echo "Building Golang build container"
 	@docker build $(NOCACHE) $(QUIET) -t $(GO_BUILD_TAG) - < build-support/docker/Build-Go.dockerfile
 
-.PHONY: consul-docker
-consul-docker: go-build-image ## Builds consul in a docker container and then dumps executable into ./pkg/bin/...
+ui-build-image:
+	@echo "Building UI build container"
+	@docker build $(NOCACHE) $(QUIET) -t $(UI_BUILD_TAG) - < build-support/docker/Build-UI.dockerfile
+
+# Builds consul in a docker container and then dumps executable into ./pkg/bin/...
+consul-docker: go-build-image
 	@$(SHELL) $(CURDIR)/build-support/scripts/build-docker.sh consul
 
-.PHONY: docker-envoy-integ
-docker-envoy-integ: ## Build image used to run integration tests locally.
+ui-docker: ui-build-image
+	@$(SHELL) $(CURDIR)/build-support/scripts/build-docker.sh ui
+
+# Build image used to run integration tests locally.
+docker-envoy-integ:
 	$(MAKE) GOARCH=amd64 linux
 	docker build \
       --platform linux/amd64 $(NOCACHE) $(QUIET) \
@@ -478,21 +431,75 @@ docker-envoy-integ: ## Build image used to run integration tests locally.
       $(CURDIR)/pkg/bin/linux_amd64 \
       -f $(CURDIR)/build-support/docker/Consul-Dev.dockerfile
 
-##@ Proto
+# Run integration tests.
+# Use GO_TEST_FLAGS to run specific tests:
+#      make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/case-basic"
+# NOTE: Always uses amd64 images, even when running on M1 macs, to match CI/CD environment.
+test-envoy-integ: $(ENVOY_INTEG_DEPS)
+	@go test -v -timeout=30m -tags integration $(GO_TEST_FLAGS) ./test/integration/connect/envoy
 
-.PHONY: proto
-proto: proto-tools proto-gen proto-mocks ## Protobuf setup command
+.PHONY: test-compat-integ
+test-compat-integ: test-compat-integ-setup
+ifeq ("$(GOTESTSUM_PATH)","")
+	@cd ./test/integration/consul-container && \
+	go test \
+		-v \
+		-timeout=30m \
+		./... \
+		--tags $(GOTAGS) \
+		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--target-version local \
+		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--latest-version latest
+else
+	@cd ./test/integration/consul-container && \
+	gotestsum \
+		--format=short-verbose \
+		--debug \
+		--rerun-fails=3 \
+		--packages="./..." \
+		-- \
+		--tags $(GOTAGS) \
+		-timeout=30m \
+		./... \
+		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--target-version local \
+		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--latest-version latest
+endif
 
-.PHONY: proto-tools
-proto-tools: ## Install tools for protobuf
-	@$(SHELL) $(CURDIR)/build-support/scripts/devtools.sh -protobuf
+# NOTE: Use DOCKER_BUILDKIT=0, if docker build fails to resolve consul:local base image
+.PHONY: test-compat-integ-setup
+test-compat-integ-setup: dev-docker
+	@docker tag consul-dev:latest $(CONSUL_COMPAT_TEST_IMAGE):local
+	@docker run --rm -t $(CONSUL_COMPAT_TEST_IMAGE):local consul version
+	@#  'consul-envoy:target-version' is needed by compatibility integ test
+	@docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=$(CONSUL_COMPAT_TEST_IMAGE):local --build-arg ENVOY_VERSION=${ENVOY_VERSION} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
+
+.PHONY: test-metrics-integ
+test-metrics-integ: test-compat-integ-setup
+	@cd ./test/integration/consul-container && \
+		go test -v -timeout=7m ./test/metrics \
+		--target-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--target-version local \
+		--latest-image $(CONSUL_COMPAT_TEST_IMAGE) \
+		--latest-version latest
+
+test-connect-ca-providers:
+	@echo "Running /agent/connect/ca tests in verbose mode"
+	@go test -v ./agent/connect/ca
+	@go test -v ./agent/consul -run Vault
+	@go test -v ./agent -run Vault
+
+.PHONY: proto
+proto: proto-tools proto-gen proto-mocks
 
 .PHONY: proto-gen
-proto-gen: proto-tools ## Regenerates all Go files from protobuf definitions
+proto-gen: proto-tools
 	@$(SHELL) $(CURDIR)/build-support/scripts/protobuf.sh
 
 .PHONY: proto-mocks
-proto-mocks: ## Proto mocks
+proto-mocks:
 	for dir in $(MOCKED_PB_DIRS) ; do \
 		cd proto-public && \
 		rm -f $$dir/mock*.go && \
@@ -500,11 +507,11 @@ proto-mocks: ## Proto mocks
 	done
 
 .PHONY: proto-format
-proto-format: proto-tools ## Proto format
+proto-format: proto-tools
 	@buf format -w
 
 .PHONY: proto-lint
-proto-lint: proto-tools ## Proto lint
+proto-lint: proto-tools
 	@buf lint 
 	@for fn in $$(find proto -name '*.proto'); do \
 		if [[ "$$fn" = "proto/private/pbsubscribe/subscribe.proto" ]]; then \
@@ -519,14 +526,21 @@ proto-lint: proto-tools ## Proto lint
 		fi \
 	done
 
-##@ Envoy
+# utility to echo a makefile variable (i.e. 'make print-PROTOC_VERSION')
+print-%  : ; @echo $($*)
+
+.PHONY: module-versions
+# Print a list of modules which can be updated.
+# Columns are: module current_version date_of_current_version latest_version
+module-versions:
+	@go list -m -u -f '{{if .Update}} {{printf "%-50v %-40s" .Path .Version}} {{with .Time}} {{ .Format "2006-01-02" -}} {{else}} {{printf "%9s" ""}} {{end}}   {{ .Update.Version}} {{end}}' all
 
 .PHONY: envoy-library
-envoy-library: ## Ensures that all of the protobuf packages present in the github.com/envoyproxy/go-control-plane library are referenced in the consul codebase
+envoy-library:
 	@$(SHELL) $(CURDIR)/build-support/scripts/envoy-library-references.sh
 
 .PHONY: envoy-regen
-envoy-regen: ## Regenerating envoy golden files
+envoy-regen:
 	$(info regenerating envoy golden files)
 	@for d in endpoints listeners routes clusters rbac; do \
 		if [[ -d "agent/xds/testdata/$${d}" ]]; then \
@@ -537,18 +551,17 @@ envoy-regen: ## Regenerating envoy golden files
 	@find "command/connect/envoy/testdata" -name '*.golden' -delete
 	@go test -tags '$(GOTAGS)' ./command/connect/envoy -update
 
-##@ Help
-
-# The help target prints out all targets with their descriptions organized
-# beneath their categories. The categories are represented by '##@' and the
-# target descriptions by '##'. The awk commands is responsible for reading the
-# entire set of makefiles included in this invocation, looking for lines of the
-# file as xyz: ## something, and then pretty-format the target and help. Then,
-# if there's a line with ##@ something, that gets pretty-printed as a category.
-# More info on the usage of ANSI control characters for terminal formatting:
-# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
-# More info on the awk command:
-# http://linuxcommand.org/lc3_adv_awk.php
+# Point your web browser to http://localhost:3000/consul to live render docs from ./website/
+.PHONY: docs
+docs:
+	make -C website
+
 .PHONY: help
-help: ## Display this help.
-	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+help:
+	$(info available make targets)
+	$(info ----------------------)
+	@grep "^[a-z0-9-][a-z0-9.-]*:" GNUmakefile  | cut -d':' -f1 | sort
+
+.PHONY: all bin dev dist cov test test-internal cover lint ui tools
+.PHONY: docker-images go-build-image ui-build-image consul-docker ui-docker
+.PHONY: version test-envoy-integ
diff --git a/LICENSE b/LICENSE
index 1f38fcdd11e2..c72625e4cc88 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,61 +1,356 @@
-License text copyright (c) 2020 MariaDB Corporation Ab, All Rights Reserved.
-“Business Source License” is a trademark of MariaDB Corporation Ab.
-
-Parameters
-
-Licensor:             HashiCorp, Inc.
-Licensed Work:        Consul 1.17.0. The Licensed Work is (c) 2023 HashiCorp, Inc.
-Additional Use Grant: You may make production use of the Licensed Work,
-                      provided such use does not include offering the Licensed Work
-                      to third parties on a hosted or embedded basis which is
-                      competitive with HashiCorp's products.
-Change Date:          Four years from the date the Licensed Work is published.
-Change License:       MPL 2.0
-
-For information about alternative licensing arrangements for the Licensed Work,
-please contact licensing@hashicorp.com.
-
-Notice
-
-Business Source License 1.1
-
-Terms
-
-The Licensor hereby grants you the right to copy, modify, create derivative
-works, redistribute, and make non-production use of the Licensed Work. The
-Licensor may make an Additional Use Grant, above, permitting limited production use.
-
-Effective on the Change Date, or the fourth anniversary of the first publicly
-available distribution of a specific version of the Licensed Work under this
-License, whichever comes first, the Licensor hereby grants you rights under
-the terms of the Change License, and the rights granted in the paragraph
-above terminate.
-
-If your use of the Licensed Work does not comply with the requirements
-currently in effect as described in this License, you must purchase a
-commercial license from the Licensor, its affiliated entities, or authorized
-resellers, or you must refrain from using the Licensed Work.
-
-All copies of the original and modified Licensed Work, and derivative works
-of the Licensed Work, are subject to this License. This License applies
-separately for each version of the Licensed Work and the Change Date may vary
-for each version of the Licensed Work released by Licensor.
-
-You must conspicuously display this License on each original or modified copy
-of the Licensed Work. If you receive the Licensed Work in original or
-modified form from a third party, the terms and conditions set forth in this
-License apply to your use of that work.
-
-Any use of the Licensed Work in violation of this License will automatically
-terminate your rights under this License for the current and all other
-versions of the Licensed Work.
-
-This License does not grant you any right in any trademark or logo of
-Licensor or its affiliates (provided that you may use a trademark or logo of
-Licensor as expressly required by this License).
-
-TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
-AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
-EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
-TITLE.
+Copyright (c) 2013 HashiCorp, Inc.
+
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
+
diff --git a/README.md b/README.md
index 870e00f76c76..93e3176cc048 100644
--- a/README.md
+++ b/README.md
@@ -32,8 +32,7 @@ Consul provides several key features:
   discovery prevents routing traffic to unhealthy hosts and enables service
   level circuit breakers.
 
-* **Dynamic App Configuration** - An HTTP API that allows users to store indexed objects within Consul,
-  for storing configuration parameters and application metadata.
+* **Dynamic App Configuration** - An HTTP API that allows users to store indexed objects, like configuration parameters and application metadata, within Consul.
 
 Consul runs on Linux, macOS, FreeBSD, Solaris, and Windows and includes an
 optional [browser based UI](https://demo.consul.io). A commercial version
diff --git a/acl/MockAuthorizer.go b/acl/MockAuthorizer.go
index cabdf1b81243..01afb5fea665 100644
--- a/acl/MockAuthorizer.go
+++ b/acl/MockAuthorizer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/acl.go b/acl/acl.go
index 753db01516e8..75789dd17498 100644
--- a/acl/acl.go
+++ b/acl/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/acl_ce.go b/acl/acl_ce.go
index 76e77f3b8f46..58f92022ba55 100644
--- a/acl/acl_ce.go
+++ b/acl/acl_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/acl_test.go b/acl/acl_test.go
index de95e91f1264..3734eb1572fd 100644
--- a/acl/acl_test.go
+++ b/acl/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/authorizer.go b/acl/authorizer.go
index 21a7dbc80170..f4515f11c92a 100644
--- a/acl/authorizer.go
+++ b/acl/authorizer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/authorizer_ce.go b/acl/authorizer_ce.go
index 06ec22dae7b4..ed77d5e81d3f 100644
--- a/acl/authorizer_ce.go
+++ b/acl/authorizer_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/authorizer_test.go b/acl/authorizer_test.go
index 09cba85fa6b5..20774841ba8d 100644
--- a/acl/authorizer_test.go
+++ b/acl/authorizer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/chained_authorizer.go b/acl/chained_authorizer.go
index 333ad7e90fd0..9a681187bc1e 100644
--- a/acl/chained_authorizer.go
+++ b/acl/chained_authorizer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/chained_authorizer_test.go b/acl/chained_authorizer_test.go
index a198ab67788b..c17cbc907bf5 100644
--- a/acl/chained_authorizer_test.go
+++ b/acl/chained_authorizer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/enterprisemeta_ce.go b/acl/enterprisemeta_ce.go
index 791776e09b13..8b93fd680796 100644
--- a/acl/enterprisemeta_ce.go
+++ b/acl/enterprisemeta_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/errors.go b/acl/errors.go
index 7f4548ed95d6..7302e0392f17 100644
--- a/acl/errors.go
+++ b/acl/errors.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/errors_ce.go b/acl/errors_ce.go
index 57b0eb32479d..8c2e84ac5c41 100644
--- a/acl/errors_ce.go
+++ b/acl/errors_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/errors_test.go b/acl/errors_test.go
index b4e645c07312..4988f695994f 100644
--- a/acl/errors_test.go
+++ b/acl/errors_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/policy.go b/acl/policy.go
index ef821563b0ad..e26c8871314c 100644
--- a/acl/policy.go
+++ b/acl/policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/policy_authorizer.go b/acl/policy_authorizer.go
index 9043dc40cdbf..e87635a036df 100644
--- a/acl/policy_authorizer.go
+++ b/acl/policy_authorizer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/policy_authorizer_ce.go b/acl/policy_authorizer_ce.go
index ccdb2e758557..89708a5be9c3 100644
--- a/acl/policy_authorizer_ce.go
+++ b/acl/policy_authorizer_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/policy_authorizer_test.go b/acl/policy_authorizer_test.go
index d144bc8d8cce..1c6959527899 100644
--- a/acl/policy_authorizer_test.go
+++ b/acl/policy_authorizer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/policy_ce.go b/acl/policy_ce.go
index ed7eed9917ce..b33c3243364b 100644
--- a/acl/policy_ce.go
+++ b/acl/policy_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/policy_merger.go b/acl/policy_merger.go
index 7707c4f9a51e..df065a9cb1b9 100644
--- a/acl/policy_merger.go
+++ b/acl/policy_merger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/policy_merger_ce.go b/acl/policy_merger_ce.go
index 207051f3482a..b221f2587539 100644
--- a/acl/policy_merger_ce.go
+++ b/acl/policy_merger_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/acl/policy_test.go b/acl/policy_test.go
index 2ce0b32892fb..ac23e3c0df3b 100644
--- a/acl/policy_test.go
+++ b/acl/policy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/resolver/danger.go b/acl/resolver/danger.go
index c2ae1a3c40c7..a72efa927844 100644
--- a/acl/resolver/danger.go
+++ b/acl/resolver/danger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resolver
 
diff --git a/acl/resolver/result.go b/acl/resolver/result.go
index 1e52b1c57316..190d15eca5b8 100644
--- a/acl/resolver/result.go
+++ b/acl/resolver/result.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resolver
 
diff --git a/acl/static_authorizer.go b/acl/static_authorizer.go
index 2b62320b0a11..a6678925695c 100644
--- a/acl/static_authorizer.go
+++ b/acl/static_authorizer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/static_authorizer_test.go b/acl/static_authorizer_test.go
index cdaf91ef7102..e94ac44e500f 100644
--- a/acl/static_authorizer_test.go
+++ b/acl/static_authorizer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/testing.go b/acl/testing.go
index ef4d0343c6b9..1c67458b174f 100644
--- a/acl/testing.go
+++ b/acl/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/validation.go b/acl/validation.go
index c0017effa15d..96119dcc0fba 100644
--- a/acl/validation.go
+++ b/acl/validation.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/acl/validation_test.go b/acl/validation_test.go
index 3bf14719b12a..d5d01e0e9054 100644
--- a/acl/validation_test.go
+++ b/acl/validation_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/agent/acl.go b/agent/acl.go
index 0f64ee62c79e..381f2c028e4f 100644
--- a/agent/acl.go
+++ b/agent/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/acl_ce.go b/agent/acl_ce.go
index 32d076fe1ed1..aa505da1ef49 100644
--- a/agent/acl_ce.go
+++ b/agent/acl_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/acl_endpoint.go b/agent/acl_endpoint.go
index 9f38f41f15db..3a52b0cf5441 100644
--- a/agent/acl_endpoint.go
+++ b/agent/acl_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -294,6 +294,7 @@ func (s *HTTPHandlers) ACLTokenList(resp http.ResponseWriter, req *http.Request)
 	args.Policy = req.URL.Query().Get("policy")
 	args.Role = req.URL.Query().Get("role")
 	args.AuthMethod = req.URL.Query().Get("authmethod")
+	args.ServiceName = req.URL.Query().Get("servicename")
 	if err := parseACLAuthMethodEnterpriseMeta(req, &args.ACLAuthMethodEnterpriseMeta); err != nil {
 		return nil, err
 	}
diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go
index 82b2a9574fcf..68d1888ff666 100644
--- a/agent/acl_endpoint_test.go
+++ b/agent/acl_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -1328,6 +1328,38 @@ func TestACL_HTTP(t *testing.T) {
 			require.Error(t, err)
 			testutil.RequireErrorContains(t, err, "Only lowercase alphanumeric")
 		})
+
+		t.Run("Create with valid service identity", func(t *testing.T) {
+			tokenInput := &structs.ACLToken{
+				Description: "token for service identity sn1",
+				ServiceIdentities: []*structs.ACLServiceIdentity{
+					{
+						ServiceName: "sn1",
+					},
+				},
+			}
+
+			req, _ := http.NewRequest("PUT", "/v1/acl/token", jsonBody(tokenInput))
+			req.Header.Add("X-Consul-Token", "root")
+			resp := httptest.NewRecorder()
+			_, err := a.srv.ACLTokenCreate(resp, req)
+			require.NoError(t, err)
+		})
+
+		t.Run("List by ServiceName", func(t *testing.T) {
+			req, _ := http.NewRequest("GET", "/v1/acl/tokens?servicename=sn1", nil)
+			req.Header.Add("X-Consul-Token", "root")
+			resp := httptest.NewRecorder()
+			raw, err := a.srv.ACLTokenList(resp, req)
+			require.NoError(t, err)
+			tokens, ok := raw.(structs.ACLTokenListStubs)
+			require.True(t, ok)
+			require.Len(t, tokens, 1)
+			token := tokens[0]
+			require.Equal(t, "token for service identity sn1", token.Description)
+			require.Len(t, token.ServiceIdentities, 1)
+			require.Equal(t, "sn1", token.ServiceIdentities[0].ServiceName)
+		})
 	})
 }
 
diff --git a/agent/acl_test.go b/agent/acl_test.go
index 0958db8db6fb..40662231ac36 100644
--- a/agent/acl_test.go
+++ b/agent/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -22,7 +22,6 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/lib"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/types"
 
@@ -164,9 +163,6 @@ func (a *TestACLAgent) Stats() map[string]map[string]string {
 func (a *TestACLAgent) ReloadConfig(_ consul.ReloadableConfig) error {
 	return fmt.Errorf("Unimplemented")
 }
-func (a *TestACLAgent) ResourceServiceClient() pbresource.ResourceServiceClient {
-	return nil
-}
 
 func TestACL_Version8EnabledByDefault(t *testing.T) {
 	t.Parallel()
diff --git a/agent/ae/ae.go b/agent/ae/ae.go
index 65b38e00e4b4..8c4d8c997296 100644
--- a/agent/ae/ae.go
+++ b/agent/ae/ae.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package ae provides tools to synchronize state between local and remote consul servers.
 package ae
diff --git a/agent/ae/ae_test.go b/agent/ae/ae_test.go
index 9e9593f4f92d..873cd4128db3 100644
--- a/agent/ae/ae_test.go
+++ b/agent/ae/ae_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ae
 
diff --git a/agent/ae/trigger.go b/agent/ae/trigger.go
index 29bdd988907e..a320bda526d1 100644
--- a/agent/ae/trigger.go
+++ b/agent/ae/trigger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ae
 
diff --git a/agent/agent.go b/agent/agent.go
index d8eb4cd8fa13..a4c231a2512c 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -65,15 +65,12 @@ import (
 	"github.com/hashicorp/consul/agent/xds"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/api/watch"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"github.com/hashicorp/consul/ipaddr"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/lib/file"
 	"github.com/hashicorp/consul/lib/mutex"
 	"github.com/hashicorp/consul/lib/routine"
-	"github.com/hashicorp/consul/lib/stringslice"
 	"github.com/hashicorp/consul/logging"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/pboperator"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 	"github.com/hashicorp/consul/tlsutil"
@@ -201,9 +198,6 @@ type delegate interface {
 
 	RPC(ctx context.Context, method string, args interface{}, reply interface{}) error
 
-	// ResourceServiceClient is a client for the gRPC Resource Service.
-	ResourceServiceClient() pbresource.ResourceServiceClient
-
 	SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, replyFn structs.SnapshotReplyFn) error
 	Shutdown() error
 	Stats() map[string]map[string]string
@@ -653,47 +647,6 @@ func (a *Agent) Start(ctx context.Context) error {
 		return fmt.Errorf("failed to start Consul enterprise component: %v", err)
 	}
 
-	// Create proxy config manager now because it is a dependency of creating the proxyWatcher
-	// which will be passed to consul.NewServer so that it is then passed to the
-	// controller registration for the XDS controller in v2 mode, and the xds server in v1 and v2 mode.
-	var intentionDefaultAllow bool
-	switch a.config.ACLResolverSettings.ACLDefaultPolicy {
-	case "allow":
-		intentionDefaultAllow = true
-	case "deny":
-		intentionDefaultAllow = false
-	default:
-		return fmt.Errorf("unexpected ACL default policy value of %q", a.config.ACLResolverSettings.ACLDefaultPolicy)
-	}
-
-	go a.baseDeps.ViewStore.Run(&lib.StopChannelContext{StopCh: a.shutdownCh})
-
-	// Start the proxy config manager.
-	a.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{
-		DataSources: a.proxyDataSources(),
-		Logger:      a.logger.Named(logging.ProxyConfig),
-		Source: &structs.QuerySource{
-			Datacenter:    a.config.Datacenter,
-			Segment:       a.config.SegmentName,
-			Node:          a.config.NodeName,
-			NodePartition: a.config.PartitionOrEmpty(),
-		},
-		DNSConfig: proxycfg.DNSConfig{
-			Domain:    a.config.DNSDomain,
-			AltDomain: a.config.DNSAltDomain,
-		},
-		TLSConfigurator:       a.tlsConfigurator,
-		IntentionDefaultAllow: intentionDefaultAllow,
-		UpdateRateLimit:       a.config.XDSUpdateRateLimit,
-	})
-	if err != nil {
-		return err
-	}
-
-	// proxyWatcher will be used in the creation of the XDS server and also
-	// in the registration of the xds controller.
-	proxyWatcher := a.getProxyWatcher()
-
 	// Setup either the client or the server.
 	if c.ServerMode {
 		serverLogger := a.baseDeps.Logger.NamedIntercept(logging.ConsulServer)
@@ -727,11 +680,7 @@ func (a *Agent) Start(ctx context.Context) error {
 			incomingRPCLimiter,
 		)
 
-		var pt *proxytracker.ProxyTracker
-		if a.useV2Resources() {
-			pt = proxyWatcher.(*proxytracker.ProxyTracker)
-		}
-		server, err := consul.NewServer(consulCfg, a.baseDeps.Deps, a.externalGRPCServer, incomingRPCLimiter, serverLogger, pt)
+		server, err := consul.NewServer(consulCfg, a.baseDeps.Deps, a.externalGRPCServer, incomingRPCLimiter, serverLogger)
 		if err != nil {
 			return fmt.Errorf("Failed to start Consul server: %v", err)
 		}
@@ -798,6 +747,40 @@ func (a *Agent) Start(ctx context.Context) error {
 		return err
 	}
 
+	var intentionDefaultAllow bool
+	switch a.config.ACLResolverSettings.ACLDefaultPolicy {
+	case "allow":
+		intentionDefaultAllow = true
+	case "deny":
+		intentionDefaultAllow = false
+	default:
+		return fmt.Errorf("unexpected ACL default policy value of %q", a.config.ACLResolverSettings.ACLDefaultPolicy)
+	}
+
+	go a.baseDeps.ViewStore.Run(&lib.StopChannelContext{StopCh: a.shutdownCh})
+
+	// Start the proxy config manager.
+	a.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{
+		DataSources: a.proxyDataSources(),
+		Logger:      a.logger.Named(logging.ProxyConfig),
+		Source: &structs.QuerySource{
+			Datacenter:    a.config.Datacenter,
+			Segment:       a.config.SegmentName,
+			Node:          a.config.NodeName,
+			NodePartition: a.config.PartitionOrEmpty(),
+		},
+		DNSConfig: proxycfg.DNSConfig{
+			Domain:    a.config.DNSDomain,
+			AltDomain: a.config.DNSAltDomain,
+		},
+		TLSConfigurator:       a.tlsConfigurator,
+		IntentionDefaultAllow: intentionDefaultAllow,
+		UpdateRateLimit:       a.config.XDSUpdateRateLimit,
+	})
+	if err != nil {
+		return err
+	}
+
 	go localproxycfg.Sync(
 		&lib.StopChannelContext{StopCh: a.shutdownCh},
 		localproxycfg.SyncConfig{
@@ -850,7 +833,7 @@ func (a *Agent) Start(ctx context.Context) error {
 	}
 
 	// Start grpc and grpc_tls servers.
-	if err := a.listenAndServeGRPC(proxyWatcher); err != nil {
+	if err := a.listenAndServeGRPC(); err != nil {
 		return err
 	}
 
@@ -921,42 +904,18 @@ func (a *Agent) Failed() <-chan struct{} {
 	return a.apiServers.failed
 }
 
-// useV2Resources returns true if "resource-apis" is present in the Experiments
-// array of the agent config.
-func (a *Agent) useV2Resources() bool {
-	if stringslice.Contains(a.baseDeps.Experiments, consul.CatalogResourceExperimentName) {
-		return true
-	}
-	return false
-}
-
-// getProxyWatcher returns the proper implementation of the ProxyWatcher interface.
-// It will return a ProxyTracker if "resource-apis" experiment is active.  Otherwise,
-// it will return a ConfigSource.
-func (a *Agent) getProxyWatcher() xds.ProxyWatcher {
-	if a.useV2Resources() {
-		a.logger.Trace("returning proxyTracker for getProxyWatcher")
-		return proxytracker.NewProxyTracker(proxytracker.ProxyTrackerConfig{
-			Logger:         a.logger.Named("proxy-tracker"),
-			SessionLimiter: a.baseDeps.XDSStreamLimiter,
-		})
-	} else {
-		a.logger.Trace("returning configSource for getProxyWatcher")
-		return localproxycfg.NewConfigSource(a.proxyConfig)
+func (a *Agent) listenAndServeGRPC() error {
+	if len(a.config.GRPCAddrs) < 1 && len(a.config.GRPCTLSAddrs) < 1 {
+		return nil
 	}
-}
-
-// configureXDSServer configures an XDS server with the proper implementation of
-// the PRoxyWatcher interface and registers the XDS server with Consul's
-// external facing GRPC server.
-func (a *Agent) configureXDSServer(proxyWatcher xds.ProxyWatcher) {
 	// TODO(agentless): rather than asserting the concrete type of delegate, we
 	// should add a method to the Delegate interface to build a ConfigSource.
+	var cfg xds.ProxyConfigSource = localproxycfg.NewConfigSource(a.proxyConfig)
 	if server, ok := a.delegate.(*consul.Server); ok {
 		catalogCfg := catalogproxycfg.NewConfigSource(catalogproxycfg.Config{
 			NodeName:          a.config.NodeName,
 			LocalState:        a.State,
-			LocalConfigSource: proxyWatcher,
+			LocalConfigSource: cfg,
 			Manager:           a.proxyConfig,
 			GetStore:          func() catalogproxycfg.Store { return server.FSM().State() },
 			Logger:            a.proxyConfig.Logger.Named("server-catalog"),
@@ -966,26 +925,18 @@ func (a *Agent) configureXDSServer(proxyWatcher xds.ProxyWatcher) {
 			<-a.shutdownCh
 			catalogCfg.Shutdown()
 		}()
-		proxyWatcher = catalogCfg
+		cfg = catalogCfg
 	}
 	a.xdsServer = xds.NewServer(
 		a.config.NodeName,
 		a.logger.Named(logging.Envoy),
-		proxyWatcher,
+		cfg,
 		func(id string) (acl.Authorizer, error) {
 			return a.delegate.ResolveTokenAndDefaultMeta(id, nil, nil)
 		},
 		a,
 	)
 	a.xdsServer.Register(a.externalGRPCServer)
-}
-
-func (a *Agent) listenAndServeGRPC(proxyWatcher xds.ProxyWatcher) error {
-	if len(a.config.GRPCAddrs) < 1 && len(a.config.GRPCTLSAddrs) < 1 {
-		return nil
-	}
-
-	a.configureXDSServer(proxyWatcher)
 
 	// Attempt to spawn listeners
 	var listeners []net.Listener
@@ -3066,14 +3017,20 @@ func (a *Agent) addCheck(check *structs.HealthCheck, chkType *structs.CheckType,
 				chkType.Interval = checks.MinInterval
 			}
 
+			var tlsClientConfig *tls.Config
+			if chkType.TCPUseTLS {
+				tlsClientConfig = a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify, chkType.TLSServerName)
+			}
+
 			tcp := &checks.CheckTCP{
-				CheckID:       cid,
-				ServiceID:     sid,
-				TCP:           chkType.TCP,
-				Interval:      chkType.Interval,
-				Timeout:       chkType.Timeout,
-				Logger:        a.logger,
-				StatusHandler: statusHandler,
+				CheckID:         cid,
+				ServiceID:       sid,
+				TCP:             chkType.TCP,
+				Interval:        chkType.Interval,
+				Timeout:         chkType.Timeout,
+				Logger:          a.logger,
+				TLSClientConfig: tlsClientConfig,
+				StatusHandler:   statusHandler,
 			}
 			tcp.Start()
 			a.checkTCPs[cid] = tcp
@@ -4617,7 +4574,7 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources {
 		// interact with ACLs and the streaming backend. See comments in `proxycfgglue.ServerHealthBlocking`
 		// for more details.
 		// sources.Health = proxycfgglue.ServerHealth(deps, proxycfgglue.ClientHealth(a.rpcClientHealth))
-		sources.Health = proxycfgglue.ServerHealthBlocking(deps, proxycfgglue.ClientHealth(a.rpcClientHealth), server.FSM().State())
+		sources.Health = proxycfgglue.ServerHealthBlocking(deps, proxycfgglue.ClientHealth(a.rpcClientHealth))
 		sources.HTTPChecks = proxycfgglue.ServerHTTPChecks(deps, a.config.NodeName, proxycfgglue.CacheHTTPChecks(a.cache), a.State)
 		sources.Intentions = proxycfgglue.ServerIntentions(deps)
 		sources.IntentionUpstreams = proxycfgglue.ServerIntentionUpstreams(deps)
diff --git a/agent/agent_ce.go b/agent/agent_ce.go
index 37a1804fe270..e8cfea681b3c 100644
--- a/agent/agent_ce.go
+++ b/agent/agent_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/agent_ce_test.go b/agent/agent_ce_test.go
index 07882c7b1eed..ceb90beb0634 100644
--- a/agent/agent_ce_test.go
+++ b/agent/agent_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go
index 96857409ce77..23bfa49c8844 100644
--- a/agent/agent_endpoint.go
+++ b/agent/agent_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -11,12 +11,16 @@ import (
 	"strings"
 	"time"
 
-	"github.com/hashicorp/go-bexpr"
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-memdb"
+	"github.com/mitchellh/hashstructure"
+
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/version"
+
+	"github.com/hashicorp/go-bexpr"
 	"github.com/hashicorp/serf/coordinate"
 	"github.com/hashicorp/serf/serf"
-	"github.com/mitchellh/hashstructure"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 
@@ -28,13 +32,11 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	token_store "github.com/hashicorp/consul/agent/token"
 	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/ipaddr"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/logging"
 	"github.com/hashicorp/consul/logging/monitor"
 	"github.com/hashicorp/consul/types"
-	"github.com/hashicorp/consul/version"
 )
 
 type Self struct {
diff --git a/agent/agent_endpoint_ce.go b/agent/agent_endpoint_ce.go
index cf2984ab5f1d..48b9c439cac4 100644
--- a/agent/agent_endpoint_ce.go
+++ b/agent/agent_endpoint_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/agent_endpoint_ce_test.go b/agent/agent_endpoint_ce_test.go
index 6608f40f4041..763a5a006049 100644
--- a/agent/agent_endpoint_ce_test.go
+++ b/agent/agent_endpoint_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go
index 32516a76cb46..0a37ae174a19 100644
--- a/agent/agent_endpoint_test.go
+++ b/agent/agent_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -21,6 +21,10 @@ import (
 	"time"
 
 	"github.com/armon/go-metrics"
+
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/version"
+
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-uuid"
 	"github.com/hashicorp/serf/serf"
@@ -40,14 +44,12 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/token"
 	tokenStore "github.com/hashicorp/consul/agent/token"
-	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/hashicorp/consul/testrpc"
 	"github.com/hashicorp/consul/types"
-	"github.com/hashicorp/consul/version"
 )
 
 func createACLTokenWithAgentReadPolicy(t *testing.T, srv *HTTPHandlers) string {
@@ -1601,37 +1603,14 @@ func TestAgent_Metrics_ACLDeny(t *testing.T) {
 	})
 }
 
-func newDefaultBaseDeps(t *testing.T) BaseDeps {
-	dataDir := testutil.TempDir(t, "acl-agent")
-	logBuffer := testutil.NewLogBuffer(t)
-	logger := hclog.NewInterceptLogger(nil)
-	loader := func(source config.Source) (config.LoadResult, error) {
-		dataDir := fmt.Sprintf(`data_dir = "%s"`, dataDir)
-		opts := config.LoadOpts{
-			HCL:           []string{TestConfigHCL(NodeID()), "", dataDir},
-			DefaultConfig: source,
-		}
-		result, err := config.Load(opts)
-		if result.RuntimeConfig != nil {
-			result.RuntimeConfig.Telemetry.Disable = true
-		}
-		return result, err
-	}
-	bd, err := NewBaseDeps(loader, logBuffer, logger)
-	require.NoError(t, err)
-	return bd
-}
-
 func TestHTTPHandlers_AgentMetricsStream_ACLDeny(t *testing.T) {
-	bd := newDefaultBaseDeps(t)
+	bd := BaseDeps{}
 	bd.Tokens = new(tokenStore.Store)
 	sink := metrics.NewInmemSink(30*time.Millisecond, time.Second)
 	bd.MetricsConfig = &lib.MetricsConfig{
 		Handler: sink,
 	}
-	mockDelegate := delegateMock{}
-	mockDelegate.On("LicenseCheck").Return()
-	d := fakeResolveTokenDelegate{delegate: &mockDelegate, authorizer: acl.DenyAll()}
+	d := fakeResolveTokenDelegate{authorizer: acl.DenyAll()}
 	agent := &Agent{
 		baseDeps: bd,
 		delegate: d,
@@ -1654,15 +1633,13 @@ func TestHTTPHandlers_AgentMetricsStream_ACLDeny(t *testing.T) {
 }
 
 func TestHTTPHandlers_AgentMetricsStream(t *testing.T) {
-	bd := newDefaultBaseDeps(t)
+	bd := BaseDeps{}
 	bd.Tokens = new(tokenStore.Store)
 	sink := metrics.NewInmemSink(20*time.Millisecond, time.Second)
 	bd.MetricsConfig = &lib.MetricsConfig{
 		Handler: sink,
 	}
-	mockDelegate := delegateMock{}
-	mockDelegate.On("LicenseCheck").Return()
-	d := fakeResolveTokenDelegate{delegate: &mockDelegate, authorizer: acl.ManageAll()}
+	d := fakeResolveTokenDelegate{authorizer: acl.ManageAll()}
 	agent := &Agent{
 		baseDeps: bd,
 		delegate: d,
diff --git a/agent/agent_test.go b/agent/agent_test.go
index c597f1d5d575..e952d9dd87a1 100644
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -14,11 +14,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/proxycfg-sources/local"
-	"github.com/hashicorp/consul/agent/xds"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
+	"io"
 	mathrand "math/rand"
 	"net"
 	"net/http"
@@ -27,7 +23,6 @@ import (
 	"os"
 	"path"
 	"path/filepath"
-	"reflect"
 	"strconv"
 	"strings"
 	"sync"
@@ -63,7 +58,6 @@ import (
 	"github.com/hashicorp/consul/agent/token"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/internal/go-sso/oidcauth/oidcauthtest"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/ipaddr"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/proto/private/pbautoconf"
@@ -329,7 +323,6 @@ func TestAgent_HTTPMaxHeaderBytes(t *testing.T) {
 					Tokens:          new(token.Store),
 					TLSConfigurator: tlsConf,
 					GRPCConnPool:    &fakeGRPCConnPool{},
-					Registry:        resource.NewRegistry(),
 				},
 				RuntimeConfig: &config.RuntimeConfig{
 					HTTPAddrs: []net.Addr{
@@ -352,9 +345,6 @@ func TestAgent_HTTPMaxHeaderBytes(t *testing.T) {
 			require.NoError(t, err)
 
 			a, err := New(bd)
-			mockDelegate := delegateMock{}
-			mockDelegate.On("LicenseCheck").Return()
-			a.delegate = &mockDelegate
 			require.NoError(t, err)
 
 			a.startLicenseManager(testutil.TestContext(t))
@@ -973,6 +963,80 @@ func TestAgent_AddServiceWithH2CPINGCheck(t *testing.T) {
 	requireCheckExists(t, a, "test-h2cping-check")
 }
 
+func startMockTLSServer(t *testing.T) (addr string, closeFunc func() error) {
+	// Load certificates
+	cert, err := tls.LoadX509KeyPair("../test/key/ourdomain_server.cer", "../test/key/ourdomain_server.key")
+	require.NoError(t, err)
+	// Create a certificate pool
+	rootCertPool := x509.NewCertPool()
+	caCert, err := os.ReadFile("../test/ca/root.cer")
+	require.NoError(t, err)
+	rootCertPool.AppendCertsFromPEM(caCert)
+	// Configure TLS
+	config := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		ClientAuth:   tls.RequireAndVerifyClientCert,
+		ClientCAs:    rootCertPool,
+	}
+	// Start TLS server
+	ln, err := tls.Listen("tcp", "127.0.0.1:0", config)
+	require.NoError(t, err)
+	go func() {
+		for {
+			conn, err := ln.Accept()
+			if err != nil {
+				return
+			}
+			io.Copy(io.Discard, conn)
+			conn.Close()
+		}
+	}()
+	return ln.Addr().String(), ln.Close
+}
+
+func TestAgent_AddServiceWithTCPTLSCheck(t *testing.T) {
+	t.Parallel()
+	dataDir := testutil.TempDir(t, "agent")
+	a := NewTestAgent(t, `
+		data_dir = "`+dataDir+`"
+		enable_agent_tls_for_checks = true
+		datacenter = "dc1"
+		tls {
+			defaults {
+				ca_file   = "../test/ca/root.cer"
+				cert_file = "../test/key/ourdomain_server.cer"
+				key_file  = "../test/key/ourdomain_server.key"
+			}
+		}
+	`)
+	defer a.Shutdown()
+	testrpc.WaitForTestAgent(t, a.RPC, "dc1")
+	// Start mock TCP+TLS server
+	addr, closeServer := startMockTLSServer(t)
+	defer closeServer()
+	check := &structs.HealthCheck{
+		Node:    "foo",
+		CheckID: "arbitraryTCPServerTLSCheck",
+		Name:    "arbitraryTCPServerTLSCheck",
+		Status:  api.HealthCritical,
+	}
+	chkType := &structs.CheckType{
+		TCP:           addr,
+		TCPUseTLS:     true,
+		TLSServerName: "server.dc1.consul",
+		Interval:      5 * time.Second,
+	}
+	err := a.AddCheck(check, chkType, false, "", ConfigSourceLocal)
+	require.NoError(t, err)
+	// Retry until the healthcheck is passing.
+	retry.Run(t, func(r *retry.R) {
+		status := getCheck(a, "arbitraryTCPServerTLSCheck")
+		if status.Status != api.HealthPassing {
+			r.Fatalf("bad: %v", status.Status)
+		}
+	})
+}
+
 func TestAgent_AddServiceNoExec(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
@@ -4308,7 +4372,7 @@ func TestAgent_consulConfig_RequestLimits(t *testing.T) {
 
 	t.Parallel()
 	hcl := `
-		limits { 
+		limits {
 			request_limits {
 				mode = "enforcing"
 				read_rate = 8888
@@ -5488,7 +5552,6 @@ func TestAgent_ListenHTTP_MultipleAddresses(t *testing.T) {
 			Tokens:          new(token.Store),
 			TLSConfigurator: tlsConf,
 			GRPCConnPool:    &fakeGRPCConnPool{},
-			Registry:        resource.NewRegistry(),
 		},
 		RuntimeConfig: &config.RuntimeConfig{
 			HTTPAddrs: []net.Addr{
@@ -5511,9 +5574,6 @@ func TestAgent_ListenHTTP_MultipleAddresses(t *testing.T) {
 	require.NoError(t, err)
 
 	agent, err := New(bd)
-	mockDelegate := delegateMock{}
-	mockDelegate.On("LicenseCheck").Return()
-	agent.delegate = &mockDelegate
 	require.NoError(t, err)
 
 	agent.startLicenseManager(testutil.TestContext(t))
@@ -6088,7 +6148,6 @@ func TestAgent_startListeners(t *testing.T) {
 			Logger:       hclog.NewInterceptLogger(nil),
 			Tokens:       new(token.Store),
 			GRPCConnPool: &fakeGRPCConnPool{},
-			Registry:     resource.NewRegistry(),
 		},
 		RuntimeConfig: &config.RuntimeConfig{
 			HTTPAddrs: []net.Addr{},
@@ -6107,9 +6166,6 @@ func TestAgent_startListeners(t *testing.T) {
 	require.NoError(t, err)
 
 	agent, err := New(bd)
-	mockDelegate := delegateMock{}
-	mockDelegate.On("LicenseCheck").Return()
-	agent.delegate = &mockDelegate
 	require.NoError(t, err)
 
 	// use up an address
@@ -6232,7 +6288,6 @@ func TestAgent_startListeners_scada(t *testing.T) {
 			HCP: hcp.Deps{
 				Provider: pvd,
 			},
-			Registry: resource.NewRegistry(),
 		},
 		RuntimeConfig: &config.RuntimeConfig{},
 		Cache:         cache.New(cache.Options{}),
@@ -6250,9 +6305,6 @@ func TestAgent_startListeners_scada(t *testing.T) {
 	require.NoError(t, err)
 
 	agent, err := New(bd)
-	mockDelegate := delegateMock{}
-	mockDelegate.On("LicenseCheck").Return()
-	agent.delegate = &mockDelegate
 	require.NoError(t, err)
 
 	_, err = agent.startListeners([]net.Addr{c})
@@ -6278,7 +6330,7 @@ func TestAgent_scadaProvider(t *testing.T) {
 		},
 		Overrides: `
 cloud {
-  resource_id = "organization/0b9de9a3-8403-4ca6-aba8-fca752f42100/project/0b9de9a3-8403-4ca6-aba8-fca752f42100/consul.cluster/0b9de9a3-8403-4ca6-aba8-fca752f42100" 
+  resource_id = "organization/0b9de9a3-8403-4ca6-aba8-fca752f42100/project/0b9de9a3-8403-4ca6-aba8-fca752f42100/consul.cluster/0b9de9a3-8403-4ca6-aba8-fca752f42100"
   client_id = "test"
   client_secret = "test"
 }`,
@@ -6296,7 +6348,6 @@ func TestAgent_checkServerLastSeen(t *testing.T) {
 			Logger:       hclog.NewInterceptLogger(nil),
 			Tokens:       new(token.Store),
 			GRPCConnPool: &fakeGRPCConnPool{},
-			Registry:     resource.NewRegistry(),
 		},
 		RuntimeConfig: &config.RuntimeConfig{},
 		Cache:         cache.New(cache.Options{}),
@@ -6308,9 +6359,6 @@ func TestAgent_checkServerLastSeen(t *testing.T) {
 		Config:      leafcert.Config{},
 	})
 	agent, err := New(bd)
-	mockDelegate := delegateMock{}
-	mockDelegate.On("LicenseCheck").Return()
-	agent.delegate = &mockDelegate
 	require.NoError(t, err)
 
 	// Test that an ErrNotExist OS error is treated as ok.
@@ -6364,73 +6412,6 @@ func TestAgent_checkServerLastSeen(t *testing.T) {
 	})
 }
 
-func TestAgent_getProxyWatcher(t *testing.T) {
-	type testcase struct {
-		description    string
-		getExperiments func() []string
-		expectedType   xds.ProxyWatcher
-	}
-	testscases := []testcase{
-		{
-			description:  "config source is returned when api-resources experiment is not configured",
-			expectedType: &local.ConfigSource{},
-			getExperiments: func() []string {
-				return []string{}
-			},
-		},
-		{
-			description:  "proxy tracker is returned when api-resources experiment is configured",
-			expectedType: &proxytracker.ProxyTracker{},
-			getExperiments: func() []string {
-				return []string{consul.CatalogResourceExperimentName}
-			},
-		},
-	}
-	for _, tc := range testscases {
-		caConfig := tlsutil.Config{}
-		tlsConf, err := tlsutil.NewConfigurator(caConfig, hclog.New(nil))
-		require.NoError(t, err)
-
-		bd := BaseDeps{
-			Deps: consul.Deps{
-				Logger:          hclog.NewInterceptLogger(nil),
-				Tokens:          new(token.Store),
-				TLSConfigurator: tlsConf,
-				GRPCConnPool:    &fakeGRPCConnPool{},
-				Registry:        resource.NewRegistry(),
-			},
-			RuntimeConfig: &config.RuntimeConfig{
-				HTTPAddrs: []net.Addr{
-					&net.TCPAddr{IP: net.ParseIP("127.0.0.1"), Port: freeport.GetOne(t)},
-				},
-			},
-			Cache:  cache.New(cache.Options{}),
-			NetRPC: &LazyNetRPC{},
-		}
-
-		bd.XDSStreamLimiter = limiter.NewSessionLimiter()
-		bd.LeafCertManager = leafcert.NewManager(leafcert.Deps{
-			CertSigner:  leafcert.NewNetRPCCertSigner(bd.NetRPC),
-			RootsReader: leafcert.NewCachedRootsReader(bd.Cache, "dc1"),
-			Config:      leafcert.Config{},
-		})
-
-		cfg := config.RuntimeConfig{
-			BuildDate: time.Date(2000, 1, 1, 0, 0, 1, 0, time.UTC),
-		}
-		bd, err = initEnterpriseBaseDeps(bd, &cfg)
-		require.NoError(t, err)
-
-		bd.Experiments = tc.getExperiments()
-
-		agent, err := New(bd)
-		require.NoError(t, err)
-		agent.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{Logger: bd.Logger, Source: &structs.QuerySource{}})
-		require.NoError(t, err)
-		require.IsTypef(t, tc.expectedType, agent.getProxyWatcher(), fmt.Sprintf("Expected proxyWatcher to be of type %s", reflect.TypeOf(tc.expectedType)))
-	}
-
-}
 func getExpectedCaPoolByFile(t *testing.T) *x509.CertPool {
 	pool := x509.NewCertPool()
 	data, err := os.ReadFile("../test/ca/root.cer")
diff --git a/agent/apiserver.go b/agent/apiserver.go
index 1f386e3f6b17..a45e16a630b1 100644
--- a/agent/apiserver.go
+++ b/agent/apiserver.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/apiserver_test.go b/agent/apiserver_test.go
index 848487a78154..69188c424817 100644
--- a/agent/apiserver_test.go
+++ b/agent/apiserver_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/auto-config/auto_config.go b/agent/auto-config/auto_config.go
index a1a5848f623f..b73951df70d1 100644
--- a/agent/auto-config/auto_config.go
+++ b/agent/auto-config/auto_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/auto_config_ce.go b/agent/auto-config/auto_config_ce.go
index 5e5d79963463..78c9ee66d97b 100644
--- a/agent/auto-config/auto_config_ce.go
+++ b/agent/auto-config/auto_config_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/auto-config/auto_config_ce_test.go b/agent/auto-config/auto_config_ce_test.go
index ff7cbf7472f4..b075ca7686b6 100644
--- a/agent/auto-config/auto_config_ce_test.go
+++ b/agent/auto-config/auto_config_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/auto-config/auto_config_test.go b/agent/auto-config/auto_config_test.go
index 7c5c629be2f7..a5ab97e0f45d 100644
--- a/agent/auto-config/auto_config_test.go
+++ b/agent/auto-config/auto_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/auto_encrypt.go b/agent/auto-config/auto_encrypt.go
index 1b77c089f6f6..59af662ee033 100644
--- a/agent/auto-config/auto_encrypt.go
+++ b/agent/auto-config/auto_encrypt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/auto_encrypt_test.go b/agent/auto-config/auto_encrypt_test.go
index 10a7c8da4688..2c94b6a5540a 100644
--- a/agent/auto-config/auto_encrypt_test.go
+++ b/agent/auto-config/auto_encrypt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/config.go b/agent/auto-config/config.go
index 69eee08bc061..d0f1670ab73a 100644
--- a/agent/auto-config/config.go
+++ b/agent/auto-config/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/config_ce.go b/agent/auto-config/config_ce.go
index 6e7e470f298f..4162bda4c489 100644
--- a/agent/auto-config/config_ce.go
+++ b/agent/auto-config/config_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/auto-config/config_translate.go b/agent/auto-config/config_translate.go
index b60b3388eb2a..31aeb7cbdb22 100644
--- a/agent/auto-config/config_translate.go
+++ b/agent/auto-config/config_translate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/config_translate_test.go b/agent/auto-config/config_translate_test.go
index 8e2cef8c46ea..9b37c9870e31 100644
--- a/agent/auto-config/config_translate_test.go
+++ b/agent/auto-config/config_translate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/mock_ce_test.go b/agent/auto-config/mock_ce_test.go
index cb741b6d4754..872aa5e5438f 100644
--- a/agent/auto-config/mock_ce_test.go
+++ b/agent/auto-config/mock_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/auto-config/mock_test.go b/agent/auto-config/mock_test.go
index 0ef5084af264..263befae112c 100644
--- a/agent/auto-config/mock_test.go
+++ b/agent/auto-config/mock_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/persist.go b/agent/auto-config/persist.go
index 66cda1c41438..0abaa235451d 100644
--- a/agent/auto-config/persist.go
+++ b/agent/auto-config/persist.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/run.go b/agent/auto-config/run.go
index ed3389c1880c..74a78fde9f0d 100644
--- a/agent/auto-config/run.go
+++ b/agent/auto-config/run.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/server_addr.go b/agent/auto-config/server_addr.go
index 6bca15d42fb8..c70a6431fb33 100644
--- a/agent/auto-config/server_addr.go
+++ b/agent/auto-config/server_addr.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/tls.go b/agent/auto-config/tls.go
index 8142a1eeb809..e39022bc959b 100644
--- a/agent/auto-config/tls.go
+++ b/agent/auto-config/tls.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/auto-config/tls_test.go b/agent/auto-config/tls_test.go
index 667c7dfa96e5..b09ee295e60b 100644
--- a/agent/auto-config/tls_test.go
+++ b/agent/auto-config/tls_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autoconf
 
diff --git a/agent/blockingquery/blockingquery.go b/agent/blockingquery/blockingquery.go
index 3e073a1ffab2..cb46110222de 100644
--- a/agent/blockingquery/blockingquery.go
+++ b/agent/blockingquery/blockingquery.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package blockingquery
 
 import (
diff --git a/agent/blockingquery/blockingquery_test.go b/agent/blockingquery/blockingquery_test.go
index 5861ed399164..6cfc07c114aa 100644
--- a/agent/blockingquery/blockingquery_test.go
+++ b/agent/blockingquery/blockingquery_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package blockingquery
 
 // TODO: move tests from the consul package, rpc_test.go, TestServer_blockingQuery
diff --git a/agent/cache-types/catalog_datacenters.go b/agent/cache-types/catalog_datacenters.go
index 2a4e64c9e5c1..12da6e9878e3 100644
--- a/agent/cache-types/catalog_datacenters.go
+++ b/agent/cache-types/catalog_datacenters.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_datacenters_test.go b/agent/cache-types/catalog_datacenters_test.go
index f04bfb4c7b42..bef374d131cd 100644
--- a/agent/cache-types/catalog_datacenters_test.go
+++ b/agent/cache-types/catalog_datacenters_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_list_services.go b/agent/cache-types/catalog_list_services.go
index 0a14ed3ef120..a605c7431388 100644
--- a/agent/cache-types/catalog_list_services.go
+++ b/agent/cache-types/catalog_list_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_list_services_test.go b/agent/cache-types/catalog_list_services_test.go
index 623cda2cee3c..b5da270f962d 100644
--- a/agent/cache-types/catalog_list_services_test.go
+++ b/agent/cache-types/catalog_list_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_service_list.go b/agent/cache-types/catalog_service_list.go
index 37ac4ba0f813..521ed1d3b1ad 100644
--- a/agent/cache-types/catalog_service_list.go
+++ b/agent/cache-types/catalog_service_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_service_list_test.go b/agent/cache-types/catalog_service_list_test.go
index eb686193cc3c..995f7e8b6c8c 100644
--- a/agent/cache-types/catalog_service_list_test.go
+++ b/agent/cache-types/catalog_service_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_services.go b/agent/cache-types/catalog_services.go
index 8e04997b9f62..21b472ba3124 100644
--- a/agent/cache-types/catalog_services.go
+++ b/agent/cache-types/catalog_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/catalog_services_test.go b/agent/cache-types/catalog_services_test.go
index c084de67ccaa..8723b9015d71 100644
--- a/agent/cache-types/catalog_services_test.go
+++ b/agent/cache-types/catalog_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/config_entry.go b/agent/cache-types/config_entry.go
index 98443363c1b8..9748c176d103 100644
--- a/agent/cache-types/config_entry.go
+++ b/agent/cache-types/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/config_entry_test.go b/agent/cache-types/config_entry_test.go
index d892b069e4c7..11b109d6634a 100644
--- a/agent/cache-types/config_entry_test.go
+++ b/agent/cache-types/config_entry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/connect_ca_root.go b/agent/cache-types/connect_ca_root.go
index 1df3f7c78d83..0d6c8b700ca7 100644
--- a/agent/cache-types/connect_ca_root.go
+++ b/agent/cache-types/connect_ca_root.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/connect_ca_root_test.go b/agent/cache-types/connect_ca_root_test.go
index 74aa53c31a4c..c1e906a8b810 100644
--- a/agent/cache-types/connect_ca_root_test.go
+++ b/agent/cache-types/connect_ca_root_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/discovery_chain.go b/agent/cache-types/discovery_chain.go
index e27b621061e1..8f0f17791488 100644
--- a/agent/cache-types/discovery_chain.go
+++ b/agent/cache-types/discovery_chain.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/discovery_chain_test.go b/agent/cache-types/discovery_chain_test.go
index a9c9783e882b..b2b279faf7dd 100644
--- a/agent/cache-types/discovery_chain_test.go
+++ b/agent/cache-types/discovery_chain_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/exported_peered_services.go b/agent/cache-types/exported_peered_services.go
index 69bd2d92ba71..3e8f33628144 100644
--- a/agent/cache-types/exported_peered_services.go
+++ b/agent/cache-types/exported_peered_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/exported_peered_services_test.go b/agent/cache-types/exported_peered_services_test.go
index a2d618bb60c5..4848c2fce9db 100644
--- a/agent/cache-types/exported_peered_services_test.go
+++ b/agent/cache-types/exported_peered_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/federation_state_list_gateways.go b/agent/cache-types/federation_state_list_gateways.go
index 501a8bcead28..50658777b8d8 100644
--- a/agent/cache-types/federation_state_list_gateways.go
+++ b/agent/cache-types/federation_state_list_gateways.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/federation_state_list_gateways_test.go b/agent/cache-types/federation_state_list_gateways_test.go
index 04bd661e80fc..7aaad80ed3b2 100644
--- a/agent/cache-types/federation_state_list_gateways_test.go
+++ b/agent/cache-types/federation_state_list_gateways_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/gateway_services.go b/agent/cache-types/gateway_services.go
index 9c13800beeee..030cec59ef88 100644
--- a/agent/cache-types/gateway_services.go
+++ b/agent/cache-types/gateway_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/gateway_services_test.go b/agent/cache-types/gateway_services_test.go
index 49be4edf4780..babc30ead3c1 100644
--- a/agent/cache-types/gateway_services_test.go
+++ b/agent/cache-types/gateway_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/health_services.go b/agent/cache-types/health_services.go
index ae8369364743..dc1a5e6648ad 100644
--- a/agent/cache-types/health_services.go
+++ b/agent/cache-types/health_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/health_services_test.go b/agent/cache-types/health_services_test.go
index 6e83ec9a4018..e3680eb2d5ad 100644
--- a/agent/cache-types/health_services_test.go
+++ b/agent/cache-types/health_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/intention_match.go b/agent/cache-types/intention_match.go
index fd69eab65c75..16671328fd2d 100644
--- a/agent/cache-types/intention_match.go
+++ b/agent/cache-types/intention_match.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/intention_match_test.go b/agent/cache-types/intention_match_test.go
index 26788b679bef..68a467a29d51 100644
--- a/agent/cache-types/intention_match_test.go
+++ b/agent/cache-types/intention_match_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/intention_upstreams.go b/agent/cache-types/intention_upstreams.go
index a0e1ea0c0fd3..b918a553526c 100644
--- a/agent/cache-types/intention_upstreams.go
+++ b/agent/cache-types/intention_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/intention_upstreams_destination.go b/agent/cache-types/intention_upstreams_destination.go
index 1b5200a163c2..8adba2d7e742 100644
--- a/agent/cache-types/intention_upstreams_destination.go
+++ b/agent/cache-types/intention_upstreams_destination.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/intention_upstreams_destination_test.go b/agent/cache-types/intention_upstreams_destination_test.go
index 32852891846f..d4f8602c7d7e 100644
--- a/agent/cache-types/intention_upstreams_destination_test.go
+++ b/agent/cache-types/intention_upstreams_destination_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/intention_upstreams_test.go b/agent/cache-types/intention_upstreams_test.go
index 3259969f03a8..6f695576d063 100644
--- a/agent/cache-types/intention_upstreams_test.go
+++ b/agent/cache-types/intention_upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/node_services.go b/agent/cache-types/node_services.go
index 44dd5624f565..2b51de9f62f8 100644
--- a/agent/cache-types/node_services.go
+++ b/agent/cache-types/node_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/node_services_test.go b/agent/cache-types/node_services_test.go
index 6f16f93d5d61..a1412bbe935b 100644
--- a/agent/cache-types/node_services_test.go
+++ b/agent/cache-types/node_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/options.go b/agent/cache-types/options.go
index cd46060f8bce..cbfa2ff178ef 100644
--- a/agent/cache-types/options.go
+++ b/agent/cache-types/options.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/peered_upstreams.go b/agent/cache-types/peered_upstreams.go
index 964b350eb150..49997ecdf967 100644
--- a/agent/cache-types/peered_upstreams.go
+++ b/agent/cache-types/peered_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/peered_upstreams_test.go b/agent/cache-types/peered_upstreams_test.go
index 07be6e418808..1e9dc29fdf4a 100644
--- a/agent/cache-types/peered_upstreams_test.go
+++ b/agent/cache-types/peered_upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/peerings.go b/agent/cache-types/peerings.go
index 53138e5512d8..e72b43d56312 100644
--- a/agent/cache-types/peerings.go
+++ b/agent/cache-types/peerings.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/peerings_test.go b/agent/cache-types/peerings_test.go
index 088a077c4f50..75fc21371eb7 100644
--- a/agent/cache-types/peerings_test.go
+++ b/agent/cache-types/peerings_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/prepared_query.go b/agent/cache-types/prepared_query.go
index 8a9ec7720959..995214a1b45b 100644
--- a/agent/cache-types/prepared_query.go
+++ b/agent/cache-types/prepared_query.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/prepared_query_test.go b/agent/cache-types/prepared_query_test.go
index 50850c20fe9b..26ea4d4c0b02 100644
--- a/agent/cache-types/prepared_query_test.go
+++ b/agent/cache-types/prepared_query_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/resolved_service_config.go b/agent/cache-types/resolved_service_config.go
index 76c333840f5d..589afbcc6bd1 100644
--- a/agent/cache-types/resolved_service_config.go
+++ b/agent/cache-types/resolved_service_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/resolved_service_config_test.go b/agent/cache-types/resolved_service_config_test.go
index a71cdb783436..4c8376447ad5 100644
--- a/agent/cache-types/resolved_service_config_test.go
+++ b/agent/cache-types/resolved_service_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/rpc.go b/agent/cache-types/rpc.go
index 13bfdb3e5a5d..905547d20fe8 100644
--- a/agent/cache-types/rpc.go
+++ b/agent/cache-types/rpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/service_checks.go b/agent/cache-types/service_checks.go
index 55ea3896f33c..88a065c94b86 100644
--- a/agent/cache-types/service_checks.go
+++ b/agent/cache-types/service_checks.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/service_checks_test.go b/agent/cache-types/service_checks_test.go
index 898ea4aa9c93..b936990d91a3 100644
--- a/agent/cache-types/service_checks_test.go
+++ b/agent/cache-types/service_checks_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/service_dump.go b/agent/cache-types/service_dump.go
index 60c2895aff1f..3bab11239f04 100644
--- a/agent/cache-types/service_dump.go
+++ b/agent/cache-types/service_dump.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/service_dump_test.go b/agent/cache-types/service_dump_test.go
index 3570fc9720a1..8fe39e63b268 100644
--- a/agent/cache-types/service_dump_test.go
+++ b/agent/cache-types/service_dump_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/service_gateways.go b/agent/cache-types/service_gateways.go
index a080fc77451c..d096d136fa2f 100644
--- a/agent/cache-types/service_gateways.go
+++ b/agent/cache-types/service_gateways.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/service_gateways_test.go b/agent/cache-types/service_gateways_test.go
index 9f615162b6fb..c8c62e7c9ad5 100644
--- a/agent/cache-types/service_gateways_test.go
+++ b/agent/cache-types/service_gateways_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/testing.go b/agent/cache-types/testing.go
index 3789eff4e2a5..459feaba9fa3 100644
--- a/agent/cache-types/testing.go
+++ b/agent/cache-types/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/trust_bundle.go b/agent/cache-types/trust_bundle.go
index 0bac27e2b8c2..301b18977d95 100644
--- a/agent/cache-types/trust_bundle.go
+++ b/agent/cache-types/trust_bundle.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/trust_bundle_test.go b/agent/cache-types/trust_bundle_test.go
index f39a15bdc662..dc39c3555bd5 100644
--- a/agent/cache-types/trust_bundle_test.go
+++ b/agent/cache-types/trust_bundle_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/trust_bundles.go b/agent/cache-types/trust_bundles.go
index 7098c01af47a..a485ee53414c 100644
--- a/agent/cache-types/trust_bundles.go
+++ b/agent/cache-types/trust_bundles.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache-types/trust_bundles_test.go b/agent/cache-types/trust_bundles_test.go
index f565bab18fdb..373ba2a8d71f 100644
--- a/agent/cache-types/trust_bundles_test.go
+++ b/agent/cache-types/trust_bundles_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cachetype
 
diff --git a/agent/cache/cache.go b/agent/cache/cache.go
index 29f1296f79b9..ed1e4f911ada 100644
--- a/agent/cache/cache.go
+++ b/agent/cache/cache.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package cache provides caching features for data from a Consul server.
 //
diff --git a/agent/cache/cache_test.go b/agent/cache/cache_test.go
index 6a4216c85929..4ab66a29d0bf 100644
--- a/agent/cache/cache_test.go
+++ b/agent/cache/cache_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cache
 
diff --git a/agent/cache/entry.go b/agent/cache/entry.go
index 9ee1fc0007fa..fb8008d8c15e 100644
--- a/agent/cache/entry.go
+++ b/agent/cache/entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cache
 
diff --git a/agent/cache/request.go b/agent/cache/request.go
index 9af73d99687b..7f66f4ce5881 100644
--- a/agent/cache/request.go
+++ b/agent/cache/request.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cache
 
diff --git a/agent/cache/testing.go b/agent/cache/testing.go
index b754dae3e76a..7f0df113bc83 100644
--- a/agent/cache/testing.go
+++ b/agent/cache/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cache
 
diff --git a/agent/cache/type.go b/agent/cache/type.go
index ccab3216ca83..d58362fd470d 100644
--- a/agent/cache/type.go
+++ b/agent/cache/type.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cache
 
diff --git a/agent/cache/watch.go b/agent/cache/watch.go
index 300001240312..d8693ad032f9 100644
--- a/agent/cache/watch.go
+++ b/agent/cache/watch.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cache
 
diff --git a/agent/cache/watch_test.go b/agent/cache/watch_test.go
index 41c30f4dbb5c..e6a5848f4ccd 100644
--- a/agent/cache/watch_test.go
+++ b/agent/cache/watch_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cache
 
diff --git a/agent/catalog_endpoint.go b/agent/catalog_endpoint.go
index 1dac61befa47..ad72c4b47f35 100644
--- a/agent/catalog_endpoint.go
+++ b/agent/catalog_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/catalog_endpoint_ce.go b/agent/catalog_endpoint_ce.go
index a3c8595fbe27..fcd8311356d8 100644
--- a/agent/catalog_endpoint_ce.go
+++ b/agent/catalog_endpoint_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/catalog_endpoint_test.go b/agent/catalog_endpoint_test.go
index 1b92e29a84d2..da65097dbb58 100644
--- a/agent/catalog_endpoint_test.go
+++ b/agent/catalog_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/check.go b/agent/check.go
index 078361be6601..79c030d93242 100644
--- a/agent/check.go
+++ b/agent/check.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/checks/alias.go b/agent/checks/alias.go
index f75c05b9580b..5e394105cf1c 100644
--- a/agent/checks/alias.go
+++ b/agent/checks/alias.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package checks
 
diff --git a/agent/checks/alias_test.go b/agent/checks/alias_test.go
index 1f5662019929..70a301d1180f 100644
--- a/agent/checks/alias_test.go
+++ b/agent/checks/alias_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package checks
 
diff --git a/agent/checks/check.go b/agent/checks/check.go
index 0c730b510942..c6472f1fb97e 100644
--- a/agent/checks/check.go
+++ b/agent/checks/check.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package checks
 
@@ -625,19 +625,20 @@ func (c *CheckH2PING) Start() {
 	go c.run()
 }
 
-// CheckTCP is used to periodically make an TCP/UDP connection to
-// determine the health of a given check.
+// CheckTCP is used to periodically make a TCP connection to determine the
+// health of a given check.
 // The check is passing if the connection succeeds
 // The check is critical if the connection returns an error
 // Supports failures_before_critical and success_before_passing.
 type CheckTCP struct {
-	CheckID       structs.CheckID
-	ServiceID     structs.ServiceID
-	TCP           string
-	Interval      time.Duration
-	Timeout       time.Duration
-	Logger        hclog.Logger
-	StatusHandler *StatusHandler
+	CheckID         structs.CheckID
+	ServiceID       structs.ServiceID
+	TCP             string
+	Interval        time.Duration
+	Timeout         time.Duration
+	Logger          hclog.Logger
+	TLSClientConfig *tls.Config
+	StatusHandler   *StatusHandler
 
 	dialer   *net.Dialer
 	stop     bool
@@ -694,17 +695,30 @@ func (c *CheckTCP) run() {
 
 // check is invoked periodically to perform the TCP check
 func (c *CheckTCP) check() {
-	conn, err := c.dialer.Dial(`tcp`, c.TCP)
+	var conn io.Closer
+	var err error
+	var checkType string
+
+	if c.TLSClientConfig == nil {
+		conn, err = c.dialer.Dial(`tcp`, c.TCP)
+		checkType = "TCP"
+	} else {
+		conn, err = tls.DialWithDialer(c.dialer, `tcp`, c.TCP, c.TLSClientConfig)
+		checkType = "TCP+TLS"
+	}
+
 	if err != nil {
-		c.Logger.Warn("Check socket connection failed",
+		c.Logger.Warn(fmt.Sprintf("Check %s connection failed", checkType),
 			"check", c.CheckID.String(),
 			"error", err,
 		)
 		c.StatusHandler.updateCheck(c.CheckID, api.HealthCritical, err.Error())
 		return
 	}
+
 	conn.Close()
-	c.StatusHandler.updateCheck(c.CheckID, api.HealthPassing, fmt.Sprintf("TCP connect %s: Success", c.TCP))
+	c.StatusHandler.updateCheck(c.CheckID, api.HealthPassing, fmt.Sprintf("%s connect %s: Success", checkType, c.TCP))
+
 }
 
 // CheckUDP is used to periodically send a UDP datagram to determine the health of a given check.
diff --git a/agent/checks/check_test.go b/agent/checks/check_test.go
index ae53b477f555..389b4cb14100 100644
--- a/agent/checks/check_test.go
+++ b/agent/checks/check_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package checks
 
diff --git a/agent/checks/check_windows_test.go b/agent/checks/check_windows_test.go
index 05643539be51..b7c14dd18e85 100644
--- a/agent/checks/check_windows_test.go
+++ b/agent/checks/check_windows_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build windows
 // +build windows
diff --git a/agent/checks/docker.go b/agent/checks/docker.go
index e3483e073b03..11bcac7e01c8 100644
--- a/agent/checks/docker.go
+++ b/agent/checks/docker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package checks
 
diff --git a/agent/checks/docker_unix.go b/agent/checks/docker_unix.go
index 976344aa82d2..33c8a2b81722 100644
--- a/agent/checks/docker_unix.go
+++ b/agent/checks/docker_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !windows
 // +build !windows
diff --git a/agent/checks/docker_windows.go b/agent/checks/docker_windows.go
index 6008b695ba1b..edcb4f380a98 100644
--- a/agent/checks/docker_windows.go
+++ b/agent/checks/docker_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package checks
 
diff --git a/agent/checks/grpc.go b/agent/checks/grpc.go
index b3bcba20b5a6..87378521c9df 100644
--- a/agent/checks/grpc.go
+++ b/agent/checks/grpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package checks
 
diff --git a/agent/checks/grpc_test.go b/agent/checks/grpc_test.go
index e67b453bda62..4500bcd67f3b 100644
--- a/agent/checks/grpc_test.go
+++ b/agent/checks/grpc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package checks
 
diff --git a/agent/checks/os_service.go b/agent/checks/os_service.go
index 3350c73a2c3b..af4e9b03ee87 100644
--- a/agent/checks/os_service.go
+++ b/agent/checks/os_service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package checks
 
diff --git a/agent/checks/os_service_unix.go b/agent/checks/os_service_unix.go
index a02c8b54a741..ab004e29fd9c 100644
--- a/agent/checks/os_service_unix.go
+++ b/agent/checks/os_service_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !windows
 // +build !windows
diff --git a/agent/checks/os_service_windows.go b/agent/checks/os_service_windows.go
index fd9cc1bd33ec..8b73ce4ad209 100644
--- a/agent/checks/os_service_windows.go
+++ b/agent/checks/os_service_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build windows
 // +build windows
diff --git a/agent/config/agent_limits.go b/agent/config/agent_limits.go
index 7abbb075d316..fff5e267f203 100644
--- a/agent/config/agent_limits.go
+++ b/agent/config/agent_limits.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/builder.go b/agent/config/builder.go
index a3ca1abfd0c1..99d9626542ba 100644
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
@@ -1290,10 +1290,6 @@ func (b *builder) validate(rt RuntimeConfig) error {
 			"1 and 63 bytes.", rt.NodeName)
 	}
 
-	if err := rt.StructLocality().Validate(); err != nil {
-		return fmt.Errorf("locality is invalid: %s", err)
-	}
-
 	if ipaddr.IsAny(rt.AdvertiseAddrLAN.IP) {
 		return fmt.Errorf("Advertise address cannot be 0.0.0.0, :: or [::]")
 	}
@@ -1473,7 +1469,7 @@ func (b *builder) validate(rt RuntimeConfig) error {
 				return err
 			}
 		case structs.VaultCAProvider:
-			if _, err := ca.ParseVaultCAConfig(rt.ConnectCAConfig, rt.PrimaryDatacenter == rt.Datacenter); err != nil {
+			if _, err := ca.ParseVaultCAConfig(rt.ConnectCAConfig); err != nil {
 				return err
 			}
 		case structs.AWSCAProvider:
@@ -1618,6 +1614,7 @@ func (b *builder) checkVal(v *CheckDefinition) *structs.CheckDefinition {
 		Body:                           stringVal(v.Body),
 		DisableRedirects:               boolVal(v.DisableRedirects),
 		TCP:                            stringVal(v.TCP),
+		TCPUseTLS:                      boolVal(v.TCPUseTLS),
 		UDP:                            stringVal(v.UDP),
 		Interval:                       b.durationVal(fmt.Sprintf("check[%s].interval", id), v.Interval),
 		DockerContainerID:              stringVal(v.DockerContainerID),
@@ -2653,10 +2650,10 @@ func (b *builder) buildTLSConfig(rt RuntimeConfig, t TLS) (tlsutil.Config, error
 		return c, errors.New("verify_outgoing is not valid in the tls.grpc stanza")
 	}
 
-	// Similarly, only the internal RPC and defaults configuration honor VerifyServerHostname
+	// Similarly, only the internal RPC configuration honors VerifyServerHostname
 	// so we call it out here too.
-	if t.GRPC.VerifyServerHostname != nil || t.HTTPS.VerifyServerHostname != nil {
-		return c, errors.New("verify_server_hostname is only valid in the tls.defaults and tls.internal_rpc stanzas")
+	if t.Defaults.VerifyServerHostname != nil || t.GRPC.VerifyServerHostname != nil || t.HTTPS.VerifyServerHostname != nil {
+		return c, errors.New("verify_server_hostname is only valid in the tls.internal_rpc stanza")
 	}
 
 	// And UseAutoCert right now only applies to external gRPC interface.
@@ -2706,11 +2703,8 @@ func (b *builder) buildTLSConfig(rt RuntimeConfig, t TLS) (tlsutil.Config, error
 	}
 
 	mapCommon("internal_rpc", t.InternalRPC, &c.InternalRPC)
+	c.InternalRPC.VerifyServerHostname = boolVal(t.InternalRPC.VerifyServerHostname)
 
-	c.InternalRPC.VerifyServerHostname = boolVal(t.Defaults.VerifyServerHostname)
-	if t.InternalRPC.VerifyServerHostname != nil {
-		c.InternalRPC.VerifyServerHostname = boolVal(t.InternalRPC.VerifyServerHostname)
-	}
 	// Setting only verify_server_hostname is documented to imply verify_outgoing.
 	// If it doesn't then we risk sending communication over plain TCP when we
 	// documented it as forcing TLS for RPCs. Enforce this here rather than in
diff --git a/agent/config/builder_ce.go b/agent/config/builder_ce.go
index ab7e1ece5a87..dae1e275c96a 100644
--- a/agent/config/builder_ce.go
+++ b/agent/config/builder_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/builder_ce_test.go b/agent/config/builder_ce_test.go
index 3b3a220278c7..100f905859da 100644
--- a/agent/config/builder_ce_test.go
+++ b/agent/config/builder_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/builder_test.go b/agent/config/builder_test.go
index 2cc3e3148c37..3eb81fdee4de 100644
--- a/agent/config/builder_test.go
+++ b/agent/config/builder_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/config.go b/agent/config/config.go
index baaa1805191a..911b1c351321 100644
--- a/agent/config/config.go
+++ b/agent/config/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
@@ -423,6 +423,7 @@ type CheckDefinition struct {
 	DisableRedirects               *bool               `mapstructure:"disable_redirects"`
 	OutputMaxSize                  *int                `mapstructure:"output_max_size"`
 	TCP                            *string             `mapstructure:"tcp"`
+	TCPUseTLS                      *bool               `mapstructure:"tcp_use_tls"`
 	UDP                            *string             `mapstructure:"udp"`
 	Interval                       *string             `mapstructure:"interval"`
 	DockerContainerID              *string             `mapstructure:"docker_container_id" alias:"dockercontainerid"`
diff --git a/agent/config/config_ce.go b/agent/config/config_ce.go
index aaf743919b97..2fc8da58e6da 100644
--- a/agent/config/config_ce.go
+++ b/agent/config/config_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/default.go b/agent/config/default.go
index f5ef349b752b..536ac7ac3340 100644
--- a/agent/config/default.go
+++ b/agent/config/default.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
@@ -209,7 +209,9 @@ func DevSource() Source {
 		ports = {
 			grpc = 8502
 		}
-		experiments = []
+		experiments = [
+			"resource-apis"
+		]
 	`,
 	}
 }
diff --git a/agent/config/default_ce.go b/agent/config/default_ce.go
index 4f5adf0de724..f91bb9c7d360 100644
--- a/agent/config/default_ce.go
+++ b/agent/config/default_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/deprecated.go b/agent/config/deprecated.go
index 921e3329ffa6..597095f8e264 100644
--- a/agent/config/deprecated.go
+++ b/agent/config/deprecated.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/deprecated_test.go b/agent/config/deprecated_test.go
index 8d03e431f7af..785c9555084f 100644
--- a/agent/config/deprecated_test.go
+++ b/agent/config/deprecated_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/doc.go b/agent/config/doc.go
index 5bfc77d90252..4cbc2c41cfdc 100644
--- a/agent/config/doc.go
+++ b/agent/config/doc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package config contains the command line and config file code for the
 // consul agent.
diff --git a/agent/config/file_watcher.go b/agent/config/file_watcher.go
index 2afe19b1a659..c91bb1dd50cc 100644
--- a/agent/config/file_watcher.go
+++ b/agent/config/file_watcher.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/file_watcher_test.go b/agent/config/file_watcher_test.go
index f937d1401195..02b1cd14117b 100644
--- a/agent/config/file_watcher_test.go
+++ b/agent/config/file_watcher_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/flags.go b/agent/config/flags.go
index b56a162287c0..21e1ac612a53 100644
--- a/agent/config/flags.go
+++ b/agent/config/flags.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/flags_test.go b/agent/config/flags_test.go
index a6c9ee23bd4a..10df0d6d7f00 100644
--- a/agent/config/flags_test.go
+++ b/agent/config/flags_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/flagset.go b/agent/config/flagset.go
index af1b06d70ce9..3b2abe6fdf9a 100644
--- a/agent/config/flagset.go
+++ b/agent/config/flagset.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/golden_test.go b/agent/config/golden_test.go
index a9ce20d7bd1a..fb4401efbf4d 100644
--- a/agent/config/golden_test.go
+++ b/agent/config/golden_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/limits.go b/agent/config/limits.go
index 46b6d45a1e52..6b5d466ab639 100644
--- a/agent/config/limits.go
+++ b/agent/config/limits.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !windows
 // +build !windows
diff --git a/agent/config/limits_windows.go b/agent/config/limits_windows.go
index 538d84721f4f..d9d3499397b5 100644
--- a/agent/config/limits_windows.go
+++ b/agent/config/limits_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build windows
 // +build windows
diff --git a/agent/config/merge.go b/agent/config/merge.go
index 64c7c1e97496..f40efdaa8779 100644
--- a/agent/config/merge.go
+++ b/agent/config/merge.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/merge_test.go b/agent/config/merge_test.go
index 9c2e2a1a0736..13e3cbb186ec 100644
--- a/agent/config/merge_test.go
+++ b/agent/config/merge_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/ratelimited_file_watcher.go b/agent/config/ratelimited_file_watcher.go
index 41f894837035..33de08cf2b62 100644
--- a/agent/config/ratelimited_file_watcher.go
+++ b/agent/config/ratelimited_file_watcher.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/ratelimited_file_watcher_test.go b/agent/config/ratelimited_file_watcher_test.go
index 8e4415aaa871..d6a43b6be82b 100644
--- a/agent/config/ratelimited_file_watcher_test.go
+++ b/agent/config/ratelimited_file_watcher_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/runtime.go b/agent/config/runtime.go
index 18278b08b1ac..1a8dc13794d3 100644
--- a/agent/config/runtime.go
+++ b/agent/config/runtime.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/config/runtime_ce.go b/agent/config/runtime_ce.go
index ccc139a86b04..94a6b7fa6a62 100644
--- a/agent/config/runtime_ce.go
+++ b/agent/config/runtime_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/runtime_ce_test.go b/agent/config/runtime_ce_test.go
index bab33fca55c8..99a2f6789e13 100644
--- a/agent/config/runtime_ce_test.go
+++ b/agent/config/runtime_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go
index e39557b3d41b..76366b6a0c4c 100644
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
@@ -324,7 +324,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.DevMode = true
 			rt.DisableAnonymousSignature = true
 			rt.DisableKeyringFile = true
-			rt.Experiments = nil
+			rt.Experiments = []string{"resource-apis"}
 			rt.EnableDebug = true
 			rt.UIConfig.Enabled = true
 			rt.LeaveOnTerm = false
@@ -1038,13 +1038,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			},
 		},
 	})
-	run(t, testCase{
-		desc:        "locality invalid",
-		args:        []string{`-data-dir=` + dataDir},
-		json:        []string{`{"locality": {"zone": "us-west-1a"}}`},
-		hcl:         []string{`locality { zone = "us-west-1a" }`},
-		expectedErr: "locality is invalid: zone cannot be set without region",
-	})
 	run(t, testCase{
 		desc: "client addr and ports == 0",
 		args: []string{`-data-dir=` + dataDir},
@@ -2357,12 +2350,12 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 		},
 		json: []string{`{
 			  "cloud": {
-              	"resource_id": "file-id" 
+              	"resource_id": "file-id"
               }
 			}`},
 		hcl: []string{`
 			  cloud = {
-	            resource_id = "file-id" 
+	            resource_id = "file-id"
 			  }
 			`},
 		expected: func(rt *RuntimeConfig) {
@@ -2529,6 +2522,60 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.DataDir = dataDir
 		},
 	})
+	run(t, testCase{
+		desc: "tcp check with tcp_use_tls set",
+		args: []string{
+			`-data-dir=` + dataDir,
+		},
+		json: []string{
+			`{ "check": { "name": "a", "tcp": "localhost:55555", "tcp_use_tls": true, "interval": "5s" } }`,
+		},
+		hcl: []string{
+			`check = { name = "a" tcp = "localhost:55555" tcp_use_tls = true interval = "5s" }`,
+		},
+		expected: func(rt *RuntimeConfig) {
+			rt.Checks = []*structs.CheckDefinition{
+				{Name: "a", TCP: "localhost:55555", TCPUseTLS: true, OutputMaxSize: checks.DefaultBufSize, Interval: 5 * time.Second},
+			}
+			rt.DataDir = dataDir
+		},
+	})
+	run(t, testCase{
+		desc: "tcp check with tcp_use_tls set to false",
+		args: []string{
+			`-data-dir=` + dataDir,
+		},
+		json: []string{
+			`{ "check": { "name": "a", "tcp": "localhost:55555", "tcp_use_tls": false, "interval": "5s" } }`,
+		},
+		hcl: []string{
+			`check = { name = "a" tcp = "localhost:55555" tcp_use_tls = false interval = "5s" }`,
+		},
+		expected: func(rt *RuntimeConfig) {
+			rt.Checks = []*structs.CheckDefinition{
+				{Name: "a", TCP: "localhost:55555", TCPUseTLS: false, OutputMaxSize: checks.DefaultBufSize, Interval: 5 * time.Second},
+			}
+			rt.DataDir = dataDir
+		},
+	})
+	run(t, testCase{
+		desc: "tcp check with tcp_use_tls not set",
+		args: []string{
+			`-data-dir=` + dataDir,
+		},
+		json: []string{
+			`{ "check": { "name": "a", "tcp": "localhost:55555", "interval": "5s" } }`,
+		},
+		hcl: []string{
+			`check = { name = "a" tcp = "localhost:55555" interval = "5s" }`,
+		},
+		expected: func(rt *RuntimeConfig) {
+			rt.Checks = []*structs.CheckDefinition{
+				{Name: "a", TCP: "localhost:55555", TCPUseTLS: false, OutputMaxSize: checks.DefaultBufSize, Interval: 5 * time.Second},
+			}
+			rt.DataDir = dataDir
+		},
+	})
 	run(t, testCase{
 		desc: "h2ping check without h2ping_use_tls set",
 		args: []string{
@@ -2736,44 +2783,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 				}
 			}
 		`},
-		expected: func(rt *RuntimeConfig) {
-			rt.DataDir = dataDir
-			rt.TLS.InternalRPC.VerifyServerHostname = true
-			rt.TLS.InternalRPC.VerifyOutgoing = true
-		},
-	})
-	run(t, testCase{
-		desc: "verify_server_hostname in the defaults stanza and internal_rpc",
-		args: []string{
-			`-data-dir=` + dataDir,
-		},
-		hcl: []string{`
-			tls {
-				defaults {
-					verify_server_hostname = false
-				},
-				internal_rpc {
-					verify_server_hostname = true
-				}
-			}
-		`},
-		json: []string{`
-			{
-				"tls": {
-					"defaults": {
-						"verify_server_hostname": false
-					},
-					"internal_rpc": {
-						"verify_server_hostname": true
-					}
-				}
-			}
-		`},
-		expected: func(rt *RuntimeConfig) {
-			rt.DataDir = dataDir
-			rt.TLS.InternalRPC.VerifyServerHostname = true
-			rt.TLS.InternalRPC.VerifyOutgoing = true
-		},
+		expectedErr: "verify_server_hostname is only valid in the tls.internal_rpc stanza",
 	})
 	run(t, testCase{
 		desc: "verify_server_hostname in the grpc stanza",
@@ -2796,7 +2806,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 				}
 			}
 		`},
-		expectedErr: "verify_server_hostname is only valid in the tls.defaults and tls.internal_rpc stanza",
+		expectedErr: "verify_server_hostname is only valid in the tls.internal_rpc stanza",
 	})
 	run(t, testCase{
 		desc: "verify_server_hostname in the https stanza",
@@ -2819,7 +2829,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 				}
 			}
 		`},
-		expectedErr: "verify_server_hostname is only valid in the tls.defaults and tls.internal_rpc stanza",
+		expectedErr: "verify_server_hostname is only valid in the tls.internal_rpc stanza",
 	})
 	run(t, testCase{
 		desc: "translated keys",
@@ -5760,74 +5770,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.TLS.InternalRPC.VerifyOutgoing = true
 		},
 	})
-	run(t, testCase{
-		desc: "tls.defaults.verify_server_hostname implies tls.internal_rpc.verify_outgoing",
-		args: []string{
-			`-data-dir=` + dataDir,
-		},
-		json: []string{`
-			{
-				"tls": {
-					"defaults": {
-						"verify_server_hostname": true
-					}
-				}
-			}
-		`},
-		hcl: []string{`
-			tls {
-				defaults {
-					verify_server_hostname = true
-				}
-			}
-		`},
-		expected: func(rt *RuntimeConfig) {
-			rt.DataDir = dataDir
-
-			rt.TLS.Domain = "consul."
-			rt.TLS.NodeName = "thehostname"
-
-			rt.TLS.InternalRPC.VerifyServerHostname = true
-			rt.TLS.InternalRPC.VerifyOutgoing = true
-		},
-	})
-	run(t, testCase{
-		desc: "tls.internal_rpc.verify_server_hostname overwrites tls.defaults.verify_server_hostname",
-		args: []string{
-			`-data-dir=` + dataDir,
-		},
-		json: []string{`
-			{
-				"tls": {
-					"defaults": {
-						"verify_server_hostname": false
-					},
-					"internal_rpc": {
-						"verify_server_hostname": true
-					}
-				}
-			}
-		`},
-		hcl: []string{`
-			tls {
-				defaults {
-					verify_server_hostname = false
-				},
-				internal_rpc {
-					verify_server_hostname = true
-				}
-			}
-		`},
-		expected: func(rt *RuntimeConfig) {
-			rt.DataDir = dataDir
-
-			rt.TLS.Domain = "consul."
-			rt.TLS.NodeName = "thehostname"
-
-			rt.TLS.InternalRPC.VerifyServerHostname = true
-			rt.TLS.InternalRPC.VerifyOutgoing = true
-		},
-	})
 	run(t, testCase{
 		desc: "tls.grpc.use_auto_cert defaults to false",
 		args: []string{
@@ -6287,6 +6229,7 @@ func TestLoad_FullConfig(t *testing.T) {
 				Body:                           "wSjTy7dg",
 				DisableRedirects:               true,
 				TCP:                            "RJQND605",
+				TCPUseTLS:                      false,
 				H2PING:                         "9N1cSb5B",
 				H2PingUseTLS:                   false,
 				OSService:                      "aAjE6m9Z",
@@ -6317,6 +6260,7 @@ func TestLoad_FullConfig(t *testing.T) {
 				DisableRedirects:               false,
 				OutputMaxSize:                  checks.DefaultBufSize,
 				TCP:                            "4jG5casb",
+				TCPUseTLS:                      false,
 				H2PING:                         "HCHU7gEb",
 				H2PingUseTLS:                   false,
 				OSService:                      "aqq95BhP",
@@ -6346,6 +6290,7 @@ func TestLoad_FullConfig(t *testing.T) {
 				DisableRedirects:               true,
 				OutputMaxSize:                  checks.DefaultBufSize,
 				TCP:                            "JY6fTTcw",
+				TCPUseTLS:                      false,
 				H2PING:                         "rQ8eyCSF",
 				H2PingUseTLS:                   false,
 				OSService:                      "aZaCAXww",
diff --git a/agent/config/segment_ce.go b/agent/config/segment_ce.go
index 3baee7076b14..5f8e8cff7d8f 100644
--- a/agent/config/segment_ce.go
+++ b/agent/config/segment_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/segment_ce_test.go b/agent/config/segment_ce_test.go
index 20e656477825..1fbaf3c2ae0b 100644
--- a/agent/config/segment_ce_test.go
+++ b/agent/config/segment_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden
index 6bb08ff95fed..e339923dc95f 100644
--- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden
+++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden
@@ -117,6 +117,7 @@
             "Status": "",
             "SuccessBeforePassing": 0,
             "TCP": "",
+            "TCPUseTLS": false,
             "TLSServerName": "",
             "TLSSkipVerify": false,
             "TTL": "0s",
@@ -368,6 +369,7 @@
                 "Status": "",
                 "SuccessBeforePassing": 0,
                 "TCP": "",
+                "TCPUseTLS": false,
                 "TLSServerName": "",
                 "TLSSkipVerify": false,
                 "TTL": "0s",
diff --git a/agent/config/testdata/full-config.hcl b/agent/config/testdata/full-config.hcl
index 1c1fb0158aa5..6029d2ea2e6b 100644
--- a/agent/config/testdata/full-config.hcl
+++ b/agent/config/testdata/full-config.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 acl_agent_master_token = "furuQD0b"
 acl_agent_token = "cOshLOQ2"
diff --git a/agent/config_endpoint.go b/agent/config_endpoint.go
index e1b3f0eeef41..396215d78d99 100644
--- a/agent/config_endpoint.go
+++ b/agent/config_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/config_endpoint_test.go b/agent/config_endpoint_test.go
index 141e1e8f4d0d..f8c0c01e329a 100644
--- a/agent/config_endpoint_test.go
+++ b/agent/config_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/configentry/compare.go b/agent/configentry/compare.go
index 3bf761dba828..f28d5c9b03d9 100644
--- a/agent/configentry/compare.go
+++ b/agent/configentry/compare.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package configentry
 
 import (
diff --git a/agent/configentry/compare_test.go b/agent/configentry/compare_test.go
index eeeec32f853b..fcb63d0fa86e 100644
--- a/agent/configentry/compare_test.go
+++ b/agent/configentry/compare_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package configentry
 
 import (
diff --git a/agent/configentry/config_entry.go b/agent/configentry/config_entry.go
index b10989aa95d7..a4ebb254e040 100644
--- a/agent/configentry/config_entry.go
+++ b/agent/configentry/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package configentry
 
diff --git a/agent/configentry/discoverychain.go b/agent/configentry/discoverychain.go
index 58bdb81fc20c..d66b6590e0a4 100644
--- a/agent/configentry/discoverychain.go
+++ b/agent/configentry/discoverychain.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package configentry
 
diff --git a/agent/configentry/doc.go b/agent/configentry/doc.go
index 7dff4a06621b..18fd1405ab18 100644
--- a/agent/configentry/doc.go
+++ b/agent/configentry/doc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package configentry contains structs and logic related to the Configuration
 // Entry subsystem. Currently this is restricted to structs used during
diff --git a/agent/configentry/merge_service_config.go b/agent/configentry/merge_service_config.go
index 1bbe24a3ebc4..cc692e789b37 100644
--- a/agent/configentry/merge_service_config.go
+++ b/agent/configentry/merge_service_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package configentry
 
@@ -7,7 +7,7 @@ import (
 	"fmt"
 
 	"github.com/hashicorp/go-hclog"
-	"github.com/hashicorp/go-memdb"
+	memdb "github.com/hashicorp/go-memdb"
 	"github.com/imdario/mergo"
 	"github.com/mitchellh/copystructure"
 
@@ -141,10 +141,6 @@ func MergeServiceConfig(defaults *structs.ServiceConfigResponse, service *struct
 		ns.Proxy.EnvoyExtensions = nsExtensions
 	}
 
-	if ratelimit := defaults.RateLimits.ToEnvoyExtension(); ratelimit != nil {
-		ns.Proxy.EnvoyExtensions = append(ns.Proxy.EnvoyExtensions, *ratelimit)
-	}
-
 	if ns.Proxy.MeshGateway.Mode == structs.MeshGatewayModeDefault {
 		ns.Proxy.MeshGateway.Mode = defaults.MeshGateway.Mode
 	}
diff --git a/agent/configentry/merge_service_config_test.go b/agent/configentry/merge_service_config_test.go
index e9f051d0026a..4f6dbb55488a 100644
--- a/agent/configentry/merge_service_config_test.go
+++ b/agent/configentry/merge_service_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package configentry
 
@@ -972,111 +972,3 @@ func Test_MergeServiceConfig_UpstreamOverrides(t *testing.T) {
 		})
 	}
 }
-
-// Tests that RateLimit config is a no-op in non-enterprise.
-// In practice, the ratelimit config would have been validated
-// on write.
-func Test_MergeServiceConfig_RateLimit(t *testing.T) {
-	rl := structs.RateLimits{
-		InstanceLevel: structs.InstanceLevelRateLimits{
-			RequestsPerSecond: 1234,
-			RequestsMaxBurst:  2345,
-			Routes: []structs.InstanceLevelRouteRateLimits{
-				{
-					PathExact:         "/admin",
-					RequestsPerSecond: 3333,
-					RequestsMaxBurst:  4444,
-				},
-			},
-		},
-	}
-	tests := []struct {
-		name     string
-		defaults *structs.ServiceConfigResponse
-		service  *structs.NodeService
-		want     *structs.NodeService
-	}{
-		{
-			name: "injects ratelimit extension",
-			defaults: &structs.ServiceConfigResponse{
-				RateLimits: rl,
-			},
-			service: &structs.NodeService{
-				ID:      "foo-proxy",
-				Service: "foo-proxy",
-				Proxy: structs.ConnectProxyConfig{
-					DestinationServiceName: "foo",
-					DestinationServiceID:   "foo",
-				},
-			},
-			want: &structs.NodeService{
-				ID:      "foo-proxy",
-				Service: "foo-proxy",
-				Proxy: structs.ConnectProxyConfig{
-					DestinationServiceName: "foo",
-					DestinationServiceID:   "foo",
-					EnvoyExtensions: func() []structs.EnvoyExtension {
-						if ext := rl.ToEnvoyExtension(); ext != nil {
-							return []structs.EnvoyExtension{*ext}
-						}
-						return nil
-					}(),
-				},
-			},
-		},
-		{
-			name: "injects ratelimit extension at the end",
-			defaults: &structs.ServiceConfigResponse{
-				RateLimits: rl,
-				EnvoyExtensions: []structs.EnvoyExtension{
-					{
-						Name:     "existing-ext",
-						Required: true,
-						Arguments: map[string]interface{}{
-							"arg1": "val1",
-						},
-					},
-				},
-			},
-			service: &structs.NodeService{
-				ID:      "foo-proxy",
-				Service: "foo-proxy",
-				Proxy: structs.ConnectProxyConfig{
-					DestinationServiceName: "foo",
-					DestinationServiceID:   "foo",
-				},
-			},
-
-			want: &structs.NodeService{
-				ID:      "foo-proxy",
-				Service: "foo-proxy",
-				Proxy: structs.ConnectProxyConfig{
-					DestinationServiceName: "foo",
-					DestinationServiceID:   "foo",
-					EnvoyExtensions: func() []structs.EnvoyExtension {
-						existing := []structs.EnvoyExtension{
-							{
-								Name:     "existing-ext",
-								Required: true,
-								Arguments: map[string]interface{}{
-									"arg1": "val1",
-								},
-							},
-						}
-						if ext := rl.ToEnvoyExtension(); ext != nil {
-							existing = append(existing, *ext)
-						}
-						return existing
-					}(),
-				},
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got, err := MergeServiceConfig(tt.defaults, tt.service)
-			require.NoError(t, err)
-			assert.Equal(t, tt.want, got)
-		})
-	}
-}
diff --git a/agent/configentry/resolve.go b/agent/configentry/resolve.go
index 82efc3b8bd75..882f1d16b548 100644
--- a/agent/configentry/resolve.go
+++ b/agent/configentry/resolve.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package configentry
 
@@ -117,9 +117,6 @@ func ComputeResolvedServiceConfig(
 		if serviceConf.Destination != nil {
 			thisReply.Destination = *serviceConf.Destination
 		}
-		if serviceConf.RateLimits != nil {
-			thisReply.RateLimits = *serviceConf.RateLimits
-		}
 
 		// Populate values for the proxy config map
 		proxyConf := thisReply.ProxyConfig
diff --git a/agent/configentry/resolve_test.go b/agent/configentry/resolve_test.go
index f93649df8ae7..f0457730eaa0 100644
--- a/agent/configentry/resolve_test.go
+++ b/agent/configentry/resolve_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package configentry
 
diff --git a/agent/configentry/service_config.go b/agent/configentry/service_config.go
index 83e24e27c390..4b7e5e2a27c1 100644
--- a/agent/configentry/service_config.go
+++ b/agent/configentry/service_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package configentry
 
diff --git a/agent/connect/authz.go b/agent/connect/authz.go
index cc14dd0cb61d..74b306354faf 100644
--- a/agent/connect/authz.go
+++ b/agent/connect/authz.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/authz_test.go b/agent/connect/authz_test.go
index 1cbf17517d81..6428acfc4722 100644
--- a/agent/connect/authz_test.go
+++ b/agent/connect/authz_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/ca/common.go b/agent/connect/ca/common.go
index f52b030ed977..b83a196a8a23 100644
--- a/agent/connect/ca/common.go
+++ b/agent/connect/ca/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider.go b/agent/connect/ca/provider.go
index 898da46af729..2ef34228bc48 100644
--- a/agent/connect/ca/provider.go
+++ b/agent/connect/ca/provider.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
@@ -152,7 +152,7 @@ type PrimaryProvider interface {
 	SignIntermediate(*x509.CertificateRequest) (string, error)
 
 	// CrossSignCA must accept a CA certificate from another CA provider and cross
-	// sign it exactly as it is such that it forms a chain back the
+	// sign it exactly as it is such that it forms a chain back the the
 	// CAProvider's current root. Specifically, the Distinguished Name, Subject
 	// Alternative Name, SubjectKeyID and other relevant extensions must be kept.
 	// The resulting certificate must have a distinct Serial Number and the
diff --git a/agent/connect/ca/provider_aws.go b/agent/connect/ca/provider_aws.go
index 1ce5a5eba57d..d45f3295a8e7 100644
--- a/agent/connect/ca/provider_aws.go
+++ b/agent/connect/ca/provider_aws.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_aws_test.go b/agent/connect/ca/provider_aws_test.go
index d46221af1fce..cba2897fa26a 100644
--- a/agent/connect/ca/provider_aws_test.go
+++ b/agent/connect/ca/provider_aws_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_consul.go b/agent/connect/ca/provider_consul.go
index a4aba91942bf..01c4987e07d8 100644
--- a/agent/connect/ca/provider_consul.go
+++ b/agent/connect/ca/provider_consul.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_consul_config.go b/agent/connect/ca/provider_consul_config.go
index c7e8b0346cdb..b0998a0aa11b 100644
--- a/agent/connect/ca/provider_consul_config.go
+++ b/agent/connect/ca/provider_consul_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_consul_test.go b/agent/connect/ca/provider_consul_test.go
index 658a97d39bd9..0c6959c7f5d4 100644
--- a/agent/connect/ca/provider_consul_test.go
+++ b/agent/connect/ca/provider_consul_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_test.go b/agent/connect/ca/provider_test.go
index 85deedbf4cb5..b7ed9e29b412 100644
--- a/agent/connect/ca/provider_test.go
+++ b/agent/connect/ca/provider_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
@@ -113,7 +113,7 @@ func TestStructs_CAConfiguration_MsgpackEncodeDecode(t *testing.T) {
 				TLSSkipVerify:          true,
 			},
 			parseFunc: func(t *testing.T, raw map[string]interface{}) interface{} {
-				config, err := ParseVaultCAConfig(raw, true)
+				config, err := ParseVaultCAConfig(raw)
 				require.NoError(t, err)
 				return config
 			},
diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go
index 8c77f032e83d..d48a38ce320c 100644
--- a/agent/connect/ca/provider_vault.go
+++ b/agent/connect/ca/provider_vault.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
@@ -101,7 +101,7 @@ func vaultTLSConfig(config *structs.VaultCAProviderConfig) *vaultapi.TLSConfig {
 // Configure sets up the provider using the given configuration.
 // Configure supports being called multiple times to re-configure the provider.
 func (v *VaultProvider) Configure(cfg ProviderConfig) error {
-	config, err := ParseVaultCAConfig(cfg.RawConfig, v.isPrimary)
+	config, err := ParseVaultCAConfig(cfg.RawConfig)
 	if err != nil {
 		return err
 	}
@@ -192,11 +192,11 @@ func (v *VaultProvider) Configure(cfg ProviderConfig) error {
 }
 
 func (v *VaultProvider) ValidateConfigUpdate(prevRaw, nextRaw map[string]interface{}) error {
-	prev, err := ParseVaultCAConfig(prevRaw, v.isPrimary)
+	prev, err := ParseVaultCAConfig(prevRaw)
 	if err != nil {
 		return fmt.Errorf("failed to parse existing CA config: %w", err)
 	}
-	next, err := ParseVaultCAConfig(nextRaw, v.isPrimary)
+	next, err := ParseVaultCAConfig(nextRaw)
 	if err != nil {
 		return fmt.Errorf("failed to parse new CA config: %w", err)
 	}
@@ -789,7 +789,7 @@ func (v *VaultProvider) Cleanup(providerTypeChange bool, otherConfig map[string]
 	v.Stop()
 
 	if !providerTypeChange {
-		newConfig, err := ParseVaultCAConfig(otherConfig, v.isPrimary)
+		newConfig, err := ParseVaultCAConfig(otherConfig)
 		if err != nil {
 			return err
 		}
@@ -889,7 +889,7 @@ func (v *VaultProvider) autotidyIssuers(path string) (bool, string) {
 	return tidySet, errStr
 }
 
-func ParseVaultCAConfig(raw map[string]interface{}, isPrimary bool) (*structs.VaultCAProviderConfig, error) {
+func ParseVaultCAConfig(raw map[string]interface{}) (*structs.VaultCAProviderConfig, error) {
 	config := structs.VaultCAProviderConfig{
 		CommonCAProviderConfig: defaultCommonConfig(),
 	}
@@ -920,10 +920,10 @@ func ParseVaultCAConfig(raw map[string]interface{}, isPrimary bool) (*structs.Va
 		return nil, fmt.Errorf("only one of Vault token or Vault auth method can be provided, but not both")
 	}
 
-	if isPrimary && config.RootPKIPath == "" {
+	if config.RootPKIPath == "" {
 		return nil, fmt.Errorf("must provide a valid path to a root PKI backend")
 	}
-	if config.RootPKIPath != "" && !strings.HasSuffix(config.RootPKIPath, "/") {
+	if !strings.HasSuffix(config.RootPKIPath, "/") {
 		config.RootPKIPath += "/"
 	}
 
diff --git a/agent/connect/ca/provider_vault_auth.go b/agent/connect/ca/provider_vault_auth.go
index 70176cc3c328..ddfbde34070c 100644
--- a/agent/connect/ca/provider_vault_auth.go
+++ b/agent/connect/ca/provider_vault_auth.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_alicloud.go b/agent/connect/ca/provider_vault_auth_alicloud.go
index d6ae5b185ed3..1c3058317925 100644
--- a/agent/connect/ca/provider_vault_auth_alicloud.go
+++ b/agent/connect/ca/provider_vault_auth_alicloud.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_approle.go b/agent/connect/ca/provider_vault_auth_approle.go
index c3d7d8f9c8ac..150c463aea9a 100644
--- a/agent/connect/ca/provider_vault_auth_approle.go
+++ b/agent/connect/ca/provider_vault_auth_approle.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_aws.go b/agent/connect/ca/provider_vault_auth_aws.go
index 61762b36fd61..02abf39824cb 100644
--- a/agent/connect/ca/provider_vault_auth_aws.go
+++ b/agent/connect/ca/provider_vault_auth_aws.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_azure.go b/agent/connect/ca/provider_vault_auth_azure.go
index ac8d326b3279..8025977007f4 100644
--- a/agent/connect/ca/provider_vault_auth_azure.go
+++ b/agent/connect/ca/provider_vault_auth_azure.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_gcp.go b/agent/connect/ca/provider_vault_auth_gcp.go
index 10dfbf4b294a..5eefc7143663 100644
--- a/agent/connect/ca/provider_vault_auth_gcp.go
+++ b/agent/connect/ca/provider_vault_auth_gcp.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_jwt.go b/agent/connect/ca/provider_vault_auth_jwt.go
index e80751cd59c3..2560f856d82a 100644
--- a/agent/connect/ca/provider_vault_auth_jwt.go
+++ b/agent/connect/ca/provider_vault_auth_jwt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_k8s.go b/agent/connect/ca/provider_vault_auth_k8s.go
index acd6f68bc5dd..c3a69c6ccd44 100644
--- a/agent/connect/ca/provider_vault_auth_k8s.go
+++ b/agent/connect/ca/provider_vault_auth_k8s.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_auth_test.go b/agent/connect/ca/provider_vault_auth_test.go
index 361d89400e22..74507acb39e7 100644
--- a/agent/connect/ca/provider_vault_auth_test.go
+++ b/agent/connect/ca/provider_vault_auth_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go
index c76ea1c28a6c..e75d02984262 100644
--- a/agent/connect/ca/provider_vault_test.go
+++ b/agent/connect/ca/provider_vault_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
@@ -60,7 +60,6 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 	cases := map[string]struct {
 		rawConfig map[string]interface{}
 		expConfig *structs.VaultCAProviderConfig
-		isPrimary bool
 		expError  string
 	}{
 		"no token and no auth method provided": {
@@ -71,26 +70,15 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 			rawConfig: map[string]interface{}{"Token": "test", "AuthMethod": map[string]interface{}{"Type": "test"}},
 			expError:  "only one of Vault token or Vault auth method can be provided, but not both",
 		},
-		"primary no root PKI path": {
-			rawConfig: map[string]interface{}{"Token": "test", "IntermediatePKIPath": "test"},
-			isPrimary: true,
+		"no root PKI path": {
+			rawConfig: map[string]interface{}{"Token": "test"},
 			expError:  "must provide a valid path to a root PKI backend",
 		},
-		"secondary no root PKI path": {
-			rawConfig: map[string]interface{}{"Token": "test", "IntermediatePKIPath": "test"},
-			isPrimary: false,
-			expConfig: &structs.VaultCAProviderConfig{
-				CommonCAProviderConfig: defaultCommonConfig(),
-				Token:                  "test",
-				IntermediatePKIPath:    "test/",
-			},
-		},
 		"no root intermediate path": {
 			rawConfig: map[string]interface{}{"Token": "test", "RootPKIPath": "test"},
 			expError:  "must provide a valid path for the intermediate PKI backend",
 		},
 		"adds a slash to RootPKIPath and IntermediatePKIPath": {
-			isPrimary: true,
 			rawConfig: map[string]interface{}{"Token": "test", "RootPKIPath": "test", "IntermediatePKIPath": "test"},
 			expConfig: &structs.VaultCAProviderConfig{
 				CommonCAProviderConfig: defaultCommonConfig(),
@@ -103,7 +91,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 
 	for name, c := range cases {
 		t.Run(name, func(t *testing.T) {
-			config, err := ParseVaultCAConfig(c.rawConfig, c.isPrimary)
+			config, err := ParseVaultCAConfig(c.rawConfig)
 			if c.expError != "" {
 				require.EqualError(t, err, c.expError)
 			} else {
diff --git a/agent/connect/ca/testing.go b/agent/connect/ca/testing.go
index 28d077e34e5a..d7458bcda8d6 100644
--- a/agent/connect/ca/testing.go
+++ b/agent/connect/ca/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/agent/connect/common_names.go b/agent/connect/common_names.go
index c52df9f10fb4..3c4c30633d53 100644
--- a/agent/connect/common_names.go
+++ b/agent/connect/common_names.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/csr.go b/agent/connect/csr.go
index 0a491b0b6552..9cf0d884dea7 100644
--- a/agent/connect/csr.go
+++ b/agent/connect/csr.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/csr_test.go b/agent/connect/csr_test.go
index 1833b78a7798..6aef985f006f 100644
--- a/agent/connect/csr_test.go
+++ b/agent/connect/csr_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/generate.go b/agent/connect/generate.go
index 84c91a246846..819428d147a9 100644
--- a/agent/connect/generate.go
+++ b/agent/connect/generate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/generate_test.go b/agent/connect/generate_test.go
index ca956b702f16..67be6081fe08 100644
--- a/agent/connect/generate_test.go
+++ b/agent/connect/generate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/parsing.go b/agent/connect/parsing.go
index f1e89fe0255b..a89544532fbb 100644
--- a/agent/connect/parsing.go
+++ b/agent/connect/parsing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
@@ -148,7 +148,7 @@ func ParseSigner(pemValue string) (crypto.Signer, error) {
 }
 
 // ParseCSR parses a CSR from a PEM-encoded value. The certificate request
-// must be the first block in the PEM value.
+// must be the the first block in the PEM value.
 func ParseCSR(pemValue string) (*x509.CertificateRequest, error) {
 	// The _ result below is not an error but the remaining PEM bytes.
 	block, _ := pem.Decode([]byte(pemValue))
diff --git a/agent/connect/sni.go b/agent/connect/sni.go
index f7d14800a922..339116b64c03 100644
--- a/agent/connect/sni.go
+++ b/agent/connect/sni.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/sni_test.go b/agent/connect/sni_test.go
index ed0bd0728041..acbfd49ce028 100644
--- a/agent/connect/sni_test.go
+++ b/agent/connect/sni_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/testing_ca.go b/agent/connect/testing_ca.go
index a852d9130c87..7b30d8517647 100644
--- a/agent/connect/testing_ca.go
+++ b/agent/connect/testing_ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/testing_ca_test.go b/agent/connect/testing_ca_test.go
index 9b62a2baee54..492ca9e32d93 100644
--- a/agent/connect/testing_ca_test.go
+++ b/agent/connect/testing_ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/testing_spiffe.go b/agent/connect/testing_spiffe.go
index fdbff5eda67d..f48222c443f9 100644
--- a/agent/connect/testing_spiffe.go
+++ b/agent/connect/testing_spiffe.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/uri.go b/agent/connect/uri.go
index d9d5aa037d8a..ce44967432f6 100644
--- a/agent/connect/uri.go
+++ b/agent/connect/uri.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/uri_agent.go b/agent/connect/uri_agent.go
index 1babf9987380..c3d3a86bf115 100644
--- a/agent/connect/uri_agent.go
+++ b/agent/connect/uri_agent.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/uri_agent_ce.go b/agent/connect/uri_agent_ce.go
index 5cfad14a7d97..2a87d108432f 100644
--- a/agent/connect/uri_agent_ce.go
+++ b/agent/connect/uri_agent_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_agent_ce_test.go b/agent/connect/uri_agent_ce_test.go
index 241d804841d5..57f1286fd1e1 100644
--- a/agent/connect/uri_agent_ce_test.go
+++ b/agent/connect/uri_agent_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_mesh_gateway.go b/agent/connect/uri_mesh_gateway.go
index d5cf155bf8d7..ec474efa4085 100644
--- a/agent/connect/uri_mesh_gateway.go
+++ b/agent/connect/uri_mesh_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/uri_mesh_gateway_ce.go b/agent/connect/uri_mesh_gateway_ce.go
index a0c0cdba0541..876e05101b6b 100644
--- a/agent/connect/uri_mesh_gateway_ce.go
+++ b/agent/connect/uri_mesh_gateway_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_mesh_gateway_ce_test.go b/agent/connect/uri_mesh_gateway_ce_test.go
index 4a8e8ada3701..593de8ef3105 100644
--- a/agent/connect/uri_mesh_gateway_ce_test.go
+++ b/agent/connect/uri_mesh_gateway_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_server.go b/agent/connect/uri_server.go
index 5a2b9c242928..894ad63784bf 100644
--- a/agent/connect/uri_server.go
+++ b/agent/connect/uri_server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/uri_service.go b/agent/connect/uri_service.go
index 3be7cf4797a3..31bd3e5df62b 100644
--- a/agent/connect/uri_service.go
+++ b/agent/connect/uri_service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/uri_service_ce.go b/agent/connect/uri_service_ce.go
index a1e1dd43c3f2..4106fc811b38 100644
--- a/agent/connect/uri_service_ce.go
+++ b/agent/connect/uri_service_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_service_ce_test.go b/agent/connect/uri_service_ce_test.go
index 774632063e94..7d73151edc03 100644
--- a/agent/connect/uri_service_ce_test.go
+++ b/agent/connect/uri_service_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/connect/uri_signing.go b/agent/connect/uri_signing.go
index 4c4dd6ef67e8..24330a3d70b1 100644
--- a/agent/connect/uri_signing.go
+++ b/agent/connect/uri_signing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/uri_signing_test.go b/agent/connect/uri_signing_test.go
index edd3d468931b..ba426173160e 100644
--- a/agent/connect/uri_signing_test.go
+++ b/agent/connect/uri_signing_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/uri_test.go b/agent/connect/uri_test.go
index fcbcf42ab3a2..2ea439f53668 100644
--- a/agent/connect/uri_test.go
+++ b/agent/connect/uri_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/x509_patch.go b/agent/connect/x509_patch.go
index 54a33ce07834..f448154f8d9f 100644
--- a/agent/connect/x509_patch.go
+++ b/agent/connect/x509_patch.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect/x509_patch_test.go b/agent/connect/x509_patch_test.go
index bdcb99045b57..1447802a5b87 100644
--- a/agent/connect/x509_patch_test.go
+++ b/agent/connect/x509_patch_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/agent/connect_auth.go b/agent/connect_auth.go
index 3b07013d3919..7060d10b599f 100644
--- a/agent/connect_auth.go
+++ b/agent/connect_auth.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/connect_ca_endpoint.go b/agent/connect_ca_endpoint.go
index 0a60f3766247..913836f8c875 100644
--- a/agent/connect_ca_endpoint.go
+++ b/agent/connect_ca_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/connect_ca_endpoint_test.go b/agent/connect_ca_endpoint_test.go
index f83d7328863c..575250de4cad 100644
--- a/agent/connect_ca_endpoint_test.go
+++ b/agent/connect_ca_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/consul/acl.go b/agent/consul/acl.go
index 84646912a5fd..c0107a6aa5a2 100644
--- a/agent/consul/acl.go
+++ b/agent/consul/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/acl_authmethod.go b/agent/consul/acl_authmethod.go
index 217007f2b5ee..42f5b6e2404d 100644
--- a/agent/consul/acl_authmethod.go
+++ b/agent/consul/acl_authmethod.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/acl_authmethod_ce.go b/agent/consul/acl_authmethod_ce.go
index 0587d0dc2a63..94bf78bd2569 100644
--- a/agent/consul/acl_authmethod_ce.go
+++ b/agent/consul/acl_authmethod_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/acl_ce.go b/agent/consul/acl_ce.go
index 7e55a90ca950..aafe26a13ef9 100644
--- a/agent/consul/acl_ce.go
+++ b/agent/consul/acl_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/acl_ce_test.go b/agent/consul/acl_ce_test.go
index 27f55a0efc05..69660f9da804 100644
--- a/agent/consul/acl_ce_test.go
+++ b/agent/consul/acl_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/acl_client.go b/agent/consul/acl_client.go
index e6ff70720cfc..d133807604bf 100644
--- a/agent/consul/acl_client.go
+++ b/agent/consul/acl_client.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go
index 97189bb45d27..0dac4fdd9436 100644
--- a/agent/consul/acl_endpoint.go
+++ b/agent/consul/acl_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -680,8 +680,18 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok
 	}
 
 	return a.srv.blockingQuery(&args.QueryOptions, &reply.QueryMeta,
-		func(ws memdb.WatchSet, state *state.Store) error {
-			index, tokens, err := state.ACLTokenList(ws, args.IncludeLocal, args.IncludeGlobal, args.Policy, args.Role, args.AuthMethod, methodMeta, &args.EnterpriseMeta)
+		func(ws memdb.WatchSet, s *state.Store) error {
+			index, tokens, err := s.ACLTokenListWithParameters(ws, state.ACLTokenListParameters{
+				Local:          args.IncludeLocal,
+				Global:         args.IncludeGlobal,
+				Policy:         args.Policy,
+				Role:           args.Role,
+				MethodName:     args.AuthMethod,
+				ServiceName:    args.ServiceName,
+				MethodMeta:     methodMeta,
+				EnterpriseMeta: &args.EnterpriseMeta,
+			})
+
 			if err != nil {
 				return err
 			}
diff --git a/agent/consul/acl_endpoint_ce.go b/agent/consul/acl_endpoint_ce.go
index 75a6c84ed36e..9d45f0fd7d89 100644
--- a/agent/consul/acl_endpoint_ce.go
+++ b/agent/consul/acl_endpoint_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go
index 73f7f6230d67..20deb56aa4b0 100644
--- a/agent/consul/acl_endpoint_test.go
+++ b/agent/consul/acl_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/acl_replication.go b/agent/consul/acl_replication.go
index 79e4e5d7a7d8..849e81adf697 100644
--- a/agent/consul/acl_replication.go
+++ b/agent/consul/acl_replication.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/acl_replication_test.go b/agent/consul/acl_replication_test.go
index 7a8e8efa12cb..2b50f142bf30 100644
--- a/agent/consul/acl_replication_test.go
+++ b/agent/consul/acl_replication_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -378,8 +378,10 @@ func TestACLReplication_Tokens(t *testing.T) {
 
 	checkSame := func(t *retry.R) {
 		// only account for global tokens - local tokens shouldn't be replicated
+		// nolint:staticcheck
 		index, remote, err := s1.fsm.State().ACLTokenList(nil, false, true, "", "", "", nil, nil)
 		require.NoError(t, err)
+		// nolint:staticcheck
 		_, local, err := s2.fsm.State().ACLTokenList(nil, false, true, "", "", "", nil, nil)
 		require.NoError(t, err)
 
@@ -483,6 +485,7 @@ func TestACLReplication_Tokens(t *testing.T) {
 	})
 
 	// verify dc2 local tokens didn't get blown away
+	// nolint:staticcheck
 	_, local, err := s2.fsm.State().ACLTokenList(nil, true, false, "", "", "", nil, nil)
 	require.NoError(t, err)
 	require.Len(t, local, 50)
@@ -821,9 +824,11 @@ func TestACLReplication_AllTypes(t *testing.T) {
 
 	checkSameTokens := func(t *retry.R) {
 		// only account for global tokens - local tokens shouldn't be replicated
+		// nolint:staticcheck
 		index, remote, err := s1.fsm.State().ACLTokenList(nil, false, true, "", "", "", nil, nil)
 		require.NoError(t, err)
 		// Query for all of them, so that we can prove that no globals snuck in.
+		// nolint:staticcheck
 		_, local, err := s2.fsm.State().ACLTokenList(nil, true, true, "", "", "", nil, nil)
 		require.NoError(t, err)
 
diff --git a/agent/consul/acl_replication_types.go b/agent/consul/acl_replication_types.go
index de9e8cf763a0..6d6b68690682 100644
--- a/agent/consul/acl_replication_types.go
+++ b/agent/consul/acl_replication_types.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -38,6 +38,7 @@ func (r *aclTokenReplicator) FetchRemote(srv *Server, lastRemoteIndex uint64) (i
 func (r *aclTokenReplicator) FetchLocal(srv *Server) (int, uint64, error) {
 	r.local = nil
 
+	// nolint:staticcheck
 	idx, local, err := srv.fsm.State().ACLTokenList(nil, false, true, "", "", "", nil, srv.replicationEnterpriseMeta())
 	if err != nil {
 		return 0, 0, err
diff --git a/agent/consul/acl_server.go b/agent/consul/acl_server.go
index 8fe1f45fd098..f91cb7762023 100644
--- a/agent/consul/acl_server.go
+++ b/agent/consul/acl_server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/acl_server_ce.go b/agent/consul/acl_server_ce.go
index bd7f34e776fc..f2de1486a28a 100644
--- a/agent/consul/acl_server_ce.go
+++ b/agent/consul/acl_server_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/acl_test.go b/agent/consul/acl_test.go
index 275316786bbf..386c60e38e39 100644
--- a/agent/consul/acl_test.go
+++ b/agent/consul/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/acl_token_exp.go b/agent/consul/acl_token_exp.go
index 06559ce71d56..7f5de395c7a9 100644
--- a/agent/consul/acl_token_exp.go
+++ b/agent/consul/acl_token_exp.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/acl_token_exp_test.go b/agent/consul/acl_token_exp_test.go
index 031c150dabb0..949d54510ba5 100644
--- a/agent/consul/acl_token_exp_test.go
+++ b/agent/consul/acl_token_exp_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/auth/binder.go b/agent/consul/auth/binder.go
index aed1e0f371ac..354fedc8f185 100644
--- a/agent/consul/auth/binder.go
+++ b/agent/consul/auth/binder.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package auth
 
diff --git a/agent/consul/auth/binder_ce.go b/agent/consul/auth/binder_ce.go
index 19528ffedb17..f6fa5e5e841c 100644
--- a/agent/consul/auth/binder_ce.go
+++ b/agent/consul/auth/binder_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/auth/binder_test.go b/agent/consul/auth/binder_test.go
index 7eedc89afcd8..b86d4526dd00 100644
--- a/agent/consul/auth/binder_test.go
+++ b/agent/consul/auth/binder_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package auth
 
diff --git a/agent/consul/auth/login.go b/agent/consul/auth/login.go
index 7ca1f70d3431..9592e5a841d6 100644
--- a/agent/consul/auth/login.go
+++ b/agent/consul/auth/login.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package auth
 
diff --git a/agent/consul/auth/token_writer.go b/agent/consul/auth/token_writer.go
index 8321b7861022..857a2e3d1321 100644
--- a/agent/consul/auth/token_writer.go
+++ b/agent/consul/auth/token_writer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package auth
 
diff --git a/agent/consul/auth/token_writer_ce.go b/agent/consul/auth/token_writer_ce.go
index 224eee669ad8..b0ad9e833bb0 100644
--- a/agent/consul/auth/token_writer_ce.go
+++ b/agent/consul/auth/token_writer_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/auth/token_writer_test.go b/agent/consul/auth/token_writer_test.go
index 45cd4c99ce8d..51a2b3cc45a8 100644
--- a/agent/consul/auth/token_writer_test.go
+++ b/agent/consul/auth/token_writer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package auth
 
diff --git a/agent/consul/authmethod/authmethods.go b/agent/consul/authmethod/authmethods.go
index d03e2b410cb4..946fce927e69 100644
--- a/agent/consul/authmethod/authmethods.go
+++ b/agent/consul/authmethod/authmethods.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethod
 
diff --git a/agent/consul/authmethod/authmethods_ce.go b/agent/consul/authmethod/authmethods_ce.go
index 8eb430401a3e..0839b4aba5a7 100644
--- a/agent/consul/authmethod/authmethods_ce.go
+++ b/agent/consul/authmethod/authmethods_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/authmethod/awsauth/aws.go b/agent/consul/authmethod/awsauth/aws.go
index 3381a893fa5d..d2cd73482cde 100644
--- a/agent/consul/authmethod/awsauth/aws.go
+++ b/agent/consul/authmethod/awsauth/aws.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package awsauth
 
diff --git a/agent/consul/authmethod/awsauth/aws_test.go b/agent/consul/authmethod/awsauth/aws_test.go
index 279e4b3e46d4..7a894cc21787 100644
--- a/agent/consul/authmethod/awsauth/aws_test.go
+++ b/agent/consul/authmethod/awsauth/aws_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package awsauth
 
diff --git a/agent/consul/authmethod/kubeauth/k8s.go b/agent/consul/authmethod/kubeauth/k8s.go
index 274dd2ec9d03..f71157cbeccb 100644
--- a/agent/consul/authmethod/kubeauth/k8s.go
+++ b/agent/consul/authmethod/kubeauth/k8s.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package kubeauth
 
diff --git a/agent/consul/authmethod/kubeauth/k8s_ce.go b/agent/consul/authmethod/kubeauth/k8s_ce.go
index e8ad4485069d..b2b7e8a2d871 100644
--- a/agent/consul/authmethod/kubeauth/k8s_ce.go
+++ b/agent/consul/authmethod/kubeauth/k8s_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/authmethod/kubeauth/k8s_test.go b/agent/consul/authmethod/kubeauth/k8s_test.go
index 48ef6e61c483..95decce11597 100644
--- a/agent/consul/authmethod/kubeauth/k8s_test.go
+++ b/agent/consul/authmethod/kubeauth/k8s_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package kubeauth
 
diff --git a/agent/consul/authmethod/kubeauth/testing.go b/agent/consul/authmethod/kubeauth/testing.go
index 38b7d9c330a3..e5538bb90998 100644
--- a/agent/consul/authmethod/kubeauth/testing.go
+++ b/agent/consul/authmethod/kubeauth/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package kubeauth
 
diff --git a/agent/consul/authmethod/ssoauth/sso.go b/agent/consul/authmethod/ssoauth/sso.go
index 398f5689799b..6215c0eafe71 100644
--- a/agent/consul/authmethod/ssoauth/sso.go
+++ b/agent/consul/authmethod/ssoauth/sso.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ssoauth
 
diff --git a/agent/consul/authmethod/ssoauth/sso_ce.go b/agent/consul/authmethod/ssoauth/sso_ce.go
index c8f760049f3d..74e3be3082cc 100644
--- a/agent/consul/authmethod/ssoauth/sso_ce.go
+++ b/agent/consul/authmethod/ssoauth/sso_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/authmethod/ssoauth/sso_test.go b/agent/consul/authmethod/ssoauth/sso_test.go
index 357612fad689..840e37b86fd4 100644
--- a/agent/consul/authmethod/ssoauth/sso_test.go
+++ b/agent/consul/authmethod/ssoauth/sso_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ssoauth
 
diff --git a/agent/consul/authmethod/testauth/testing.go b/agent/consul/authmethod/testauth/testing.go
index ead9ae081a7e..9f6c85ae23d5 100644
--- a/agent/consul/authmethod/testauth/testing.go
+++ b/agent/consul/authmethod/testauth/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package testauth
 
diff --git a/agent/consul/authmethod/testauth/testing_ce.go b/agent/consul/authmethod/testauth/testing_ce.go
index 6f38c0250298..f4b909b4b812 100644
--- a/agent/consul/authmethod/testauth/testing_ce.go
+++ b/agent/consul/authmethod/testauth/testing_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/authmethod/testing.go b/agent/consul/authmethod/testing.go
index 0f43e5e5201f..933082a5b429 100644
--- a/agent/consul/authmethod/testing.go
+++ b/agent/consul/authmethod/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethod
 
diff --git a/agent/consul/auto_config_backend.go b/agent/consul/auto_config_backend.go
index 0aaccfa35d99..78413fe0121c 100644
--- a/agent/consul/auto_config_backend.go
+++ b/agent/consul/auto_config_backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -34,7 +34,7 @@ func (b autoConfigBackend) GetCARoots() (*structs.IndexedCARoots, error) {
 }
 
 // DatacenterJoinAddresses will return all the strings suitable for usage in
-// retry join operations to connect to the LAN or LAN segment gossip pool.
+// retry join operations to connect to the the LAN or LAN segment gossip pool.
 func (b autoConfigBackend) DatacenterJoinAddresses(partition, segment string) ([]string, error) {
 	members, err := b.Server.LANMembers(LANMemberFilter{
 		Segment:   segment,
diff --git a/agent/consul/auto_config_backend_test.go b/agent/consul/auto_config_backend_test.go
index 00c0dc10d80d..6a4a202fceb8 100644
--- a/agent/consul/auto_config_backend_test.go
+++ b/agent/consul/auto_config_backend_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/auto_config_endpoint.go b/agent/consul/auto_config_endpoint.go
index f491bcbad832..808aa63304dc 100644
--- a/agent/consul/auto_config_endpoint.go
+++ b/agent/consul/auto_config_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/auto_config_endpoint_test.go b/agent/consul/auto_config_endpoint_test.go
index 39c4f3a7a5ef..a3f485ee60c2 100644
--- a/agent/consul/auto_config_endpoint_test.go
+++ b/agent/consul/auto_config_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/auto_encrypt_endpoint.go b/agent/consul/auto_encrypt_endpoint.go
index dbd39355cfbf..b893e783215a 100644
--- a/agent/consul/auto_encrypt_endpoint.go
+++ b/agent/consul/auto_encrypt_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/auto_encrypt_endpoint_test.go b/agent/consul/auto_encrypt_endpoint_test.go
index f3b232011634..d8124f9fb362 100644
--- a/agent/consul/auto_encrypt_endpoint_test.go
+++ b/agent/consul/auto_encrypt_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/autopilot.go b/agent/consul/autopilot.go
index 70391f6b9910..f682ffed6f16 100644
--- a/agent/consul/autopilot.go
+++ b/agent/consul/autopilot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/autopilot_ce.go b/agent/consul/autopilot_ce.go
index e20b31a626f3..92f9b4ccae41 100644
--- a/agent/consul/autopilot_ce.go
+++ b/agent/consul/autopilot_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/autopilot_test.go b/agent/consul/autopilot_test.go
index 8d1d214b1710..4429340eda5a 100644
--- a/agent/consul/autopilot_test.go
+++ b/agent/consul/autopilot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/autopilotevents/ready_servers_events.go b/agent/consul/autopilotevents/ready_servers_events.go
index 16e064aa7905..404276f3ec2d 100644
--- a/agent/consul/autopilotevents/ready_servers_events.go
+++ b/agent/consul/autopilotevents/ready_servers_events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autopilotevents
 
diff --git a/agent/consul/autopilotevents/ready_servers_events_test.go b/agent/consul/autopilotevents/ready_servers_events_test.go
index 16d78b52e3b5..994020c290c0 100644
--- a/agent/consul/autopilotevents/ready_servers_events_test.go
+++ b/agent/consul/autopilotevents/ready_servers_events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autopilotevents
 
diff --git a/agent/consul/catalog_endpoint.go b/agent/consul/catalog_endpoint.go
index 0f1527c7e13d..446037a31310 100644
--- a/agent/consul/catalog_endpoint.go
+++ b/agent/consul/catalog_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/catalog_endpoint_test.go b/agent/consul/catalog_endpoint_test.go
index 628ad83ae4db..192a3d6d7d27 100644
--- a/agent/consul/catalog_endpoint_test.go
+++ b/agent/consul/catalog_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/client.go b/agent/consul/client.go
index fa5f1239e134..23e96be00287 100644
--- a/agent/consul/client.go
+++ b/agent/consul/client.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -25,7 +25,6 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/logging"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/tlsutil"
 	"github.com/hashicorp/consul/types"
 )
@@ -94,9 +93,6 @@ type Client struct {
 	EnterpriseClient
 
 	tlsConfigurator *tlsutil.Configurator
-
-	// resourceServiceClient is a client for the gRPC Resource Service.
-	resourceServiceClient pbresource.ResourceServiceClient
 }
 
 // NewClient creates and returns a Client
@@ -155,13 +151,6 @@ func NewClient(config *Config, deps Deps) (*Client, error) {
 	}
 	c.router = deps.Router
 
-	conn, err := deps.GRPCConnPool.ClientConn(deps.ConnPool.Datacenter)
-	if err != nil {
-		c.Shutdown()
-		return nil, fmt.Errorf("Failed to get gRPC client connection: %w", err)
-	}
-	c.resourceServiceClient = pbresource.NewResourceServiceClient(conn)
-
 	// Start LAN event handlers after the router is complete since the event
 	// handlers depend on the router and the router depends on Serf.
 	go c.lanEventHandler()
@@ -462,7 +451,3 @@ func (c *Client) AgentEnterpriseMeta() *acl.EnterpriseMeta {
 func (c *Client) agentSegmentName() string {
 	return c.config.Segment
 }
-
-func (c *Client) ResourceServiceClient() pbresource.ResourceServiceClient {
-	return c.resourceServiceClient
-}
diff --git a/agent/consul/client_serf.go b/agent/consul/client_serf.go
index c92fdd1726c3..7d68b50395e4 100644
--- a/agent/consul/client_serf.go
+++ b/agent/consul/client_serf.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/client_test.go b/agent/consul/client_test.go
index 9683d313041f..4b8f5c433d8e 100644
--- a/agent/consul/client_test.go
+++ b/agent/consul/client_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -14,8 +14,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hashicorp/consul/internal/resource"
-
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/serf/serf"
 	"github.com/stretchr/testify/require"
@@ -578,7 +576,6 @@ func newDefaultDeps(t *testing.T, c *Config) Deps {
 		GetNetRPCInterceptorFunc: middleware.GetNetRPCInterceptor,
 		EnterpriseDeps:           newDefaultDepsEnterprise(t, logger, c),
 		XDSStreamLimiter:         limiter.NewSessionLimiter(),
-		Registry:                 resource.NewRegistry(),
 	}
 }
 
diff --git a/agent/consul/cluster_test.go b/agent/consul/cluster_test.go
index 7cc266908198..925d32a61069 100644
--- a/agent/consul/cluster_test.go
+++ b/agent/consul/cluster_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/config.go b/agent/consul/config.go
index cdda407c406c..eef4bc4376f4 100644
--- a/agent/consul/config.go
+++ b/agent/consul/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/config_ce.go b/agent/consul/config_ce.go
index bed1211696bd..e91d0981e86e 100644
--- a/agent/consul/config_ce.go
+++ b/agent/consul/config_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/config_cloud.go b/agent/consul/config_cloud.go
index 5b62574c811b..b0780052f668 100644
--- a/agent/consul/config_cloud.go
+++ b/agent/consul/config_cloud.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package consul
 
 type CloudConfig struct {
diff --git a/agent/consul/config_endpoint.go b/agent/consul/config_endpoint.go
index a78859c35058..4108eb20b95c 100644
--- a/agent/consul/config_endpoint.go
+++ b/agent/consul/config_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/config_endpoint_test.go b/agent/consul/config_endpoint_test.go
index 49a10dce2179..7dc7632fade7 100644
--- a/agent/consul/config_endpoint_test.go
+++ b/agent/consul/config_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/config_replication.go b/agent/consul/config_replication.go
index d9573ad58bf9..1b9ac0284939 100644
--- a/agent/consul/config_replication.go
+++ b/agent/consul/config_replication.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/config_replication_test.go b/agent/consul/config_replication_test.go
index 41ccf53362d5..a0eb8cf52a6e 100644
--- a/agent/consul/config_replication_test.go
+++ b/agent/consul/config_replication_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/config_test.go b/agent/consul/config_test.go
index 8e61b8fe9680..e2706e00b406 100644
--- a/agent/consul/config_test.go
+++ b/agent/consul/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/connect_ca_endpoint.go b/agent/consul/connect_ca_endpoint.go
index 180f7ccc47b6..771eae2464b9 100644
--- a/agent/consul/connect_ca_endpoint.go
+++ b/agent/consul/connect_ca_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/connect_ca_endpoint_test.go b/agent/consul/connect_ca_endpoint_test.go
index 587ed42b5a10..3911db192310 100644
--- a/agent/consul/connect_ca_endpoint_test.go
+++ b/agent/consul/connect_ca_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/context.go b/agent/consul/context.go
index d85124f74881..7de4157d8f40 100644
--- a/agent/consul/context.go
+++ b/agent/consul/context.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/context_test.go b/agent/consul/context_test.go
index 42e6feb74486..264dcdd98861 100644
--- a/agent/consul/context_test.go
+++ b/agent/consul/context_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/controller/controller.go b/agent/consul/controller/controller.go
index 1eccb7e7aba0..f8d6a50c7f82 100644
--- a/agent/consul/controller/controller.go
+++ b/agent/consul/controller/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package controller
 
diff --git a/agent/consul/controller/controller_test.go b/agent/consul/controller/controller_test.go
index 1d1002e8abed..97d110222b3e 100644
--- a/agent/consul/controller/controller_test.go
+++ b/agent/consul/controller/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package controller
 
diff --git a/agent/consul/controller/doc.go b/agent/consul/controller/doc.go
index ba30d95a546f..638eb5c5d9a2 100644
--- a/agent/consul/controller/doc.go
+++ b/agent/consul/controller/doc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package controller contains a re-implementation of the Kubernetes
 // [controller-runtime](https://github.com/kubernetes-sigs/controller-runtime)
diff --git a/agent/consul/controller/queue/defer.go b/agent/consul/controller/queue/defer.go
index e9b8a9c3ad75..01666219c291 100644
--- a/agent/consul/controller/queue/defer.go
+++ b/agent/consul/controller/queue/defer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package queue
 
diff --git a/agent/consul/controller/queue/queue.go b/agent/consul/controller/queue/queue.go
index 92c624cc2a73..6d9f0a657125 100644
--- a/agent/consul/controller/queue/queue.go
+++ b/agent/consul/controller/queue/queue.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package queue
 
diff --git a/agent/consul/controller/queue/rate.go b/agent/consul/controller/queue/rate.go
index 615047fdeb39..471601f85a27 100644
--- a/agent/consul/controller/queue/rate.go
+++ b/agent/consul/controller/queue/rate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package queue
 
diff --git a/agent/consul/controller/queue/rate_test.go b/agent/consul/controller/queue/rate_test.go
index 166111d5c750..40dc540138e2 100644
--- a/agent/consul/controller/queue/rate_test.go
+++ b/agent/consul/controller/queue/rate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package queue
 
diff --git a/agent/consul/controller/queue_test.go b/agent/consul/controller/queue_test.go
index cb6f60982910..11e1bc82b762 100644
--- a/agent/consul/controller/queue_test.go
+++ b/agent/consul/controller/queue_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package controller
 
diff --git a/agent/consul/controller/reconciler.go b/agent/consul/controller/reconciler.go
index fa948f81f6e6..dc4222508b57 100644
--- a/agent/consul/controller/reconciler.go
+++ b/agent/consul/controller/reconciler.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package controller
 
diff --git a/agent/consul/controller/reconciler_test.go b/agent/consul/controller/reconciler_test.go
index c3b8a450b18b..56ae022ea263 100644
--- a/agent/consul/controller/reconciler_test.go
+++ b/agent/consul/controller/reconciler_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package controller
 
diff --git a/agent/consul/coordinate_endpoint.go b/agent/consul/coordinate_endpoint.go
index f0e69332ee68..28bf63b0bfd8 100644
--- a/agent/consul/coordinate_endpoint.go
+++ b/agent/consul/coordinate_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/coordinate_endpoint_test.go b/agent/consul/coordinate_endpoint_test.go
index 1c693ba83bbf..fbb3e13aa76d 100644
--- a/agent/consul/coordinate_endpoint_test.go
+++ b/agent/consul/coordinate_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/discovery_chain_endpoint.go b/agent/consul/discovery_chain_endpoint.go
index c70cebb094e6..4d1f9959c96e 100644
--- a/agent/consul/discovery_chain_endpoint.go
+++ b/agent/consul/discovery_chain_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/discovery_chain_endpoint_test.go b/agent/consul/discovery_chain_endpoint_test.go
index 62d90e9020af..b0197f00d493 100644
--- a/agent/consul/discovery_chain_endpoint_test.go
+++ b/agent/consul/discovery_chain_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/discoverychain/compile.go b/agent/consul/discoverychain/compile.go
index 32a6408be544..20227db3ef19 100644
--- a/agent/consul/discoverychain/compile.go
+++ b/agent/consul/discoverychain/compile.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/compile_ce.go b/agent/consul/discoverychain/compile_ce.go
index 2c280120b501..d980c71f38f0 100644
--- a/agent/consul/discoverychain/compile_ce.go
+++ b/agent/consul/discoverychain/compile_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/discoverychain/compile_test.go b/agent/consul/discoverychain/compile_test.go
index dda28780431d..ca39aa236fc9 100644
--- a/agent/consul/discoverychain/compile_test.go
+++ b/agent/consul/discoverychain/compile_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/gateway.go b/agent/consul/discoverychain/gateway.go
index 559d17844f7b..e43e4b631f61 100644
--- a/agent/consul/discoverychain/gateway.go
+++ b/agent/consul/discoverychain/gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/gateway_httproute.go b/agent/consul/discoverychain/gateway_httproute.go
index 100fe980acda..fcd2dc440259 100644
--- a/agent/consul/discoverychain/gateway_httproute.go
+++ b/agent/consul/discoverychain/gateway_httproute.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package discoverychain
 
@@ -161,28 +161,6 @@ func httpRouteToDiscoveryChain(route structs.HTTPRouteConfigEntry) (*structs.Ser
 			}
 		}
 
-		if rule.Filters.RetryFilter != nil {
-			if rule.Filters.RetryFilter.NumRetries != nil {
-				destination.NumRetries = *rule.Filters.RetryFilter.NumRetries
-			}
-			if rule.Filters.RetryFilter.RetryOnConnectFailure != nil {
-				destination.RetryOnConnectFailure = *rule.Filters.RetryFilter.RetryOnConnectFailure
-			}
-
-			if len(rule.Filters.RetryFilter.RetryOn) > 0 {
-				destination.RetryOn = rule.Filters.RetryFilter.RetryOn
-			}
-
-			if len(rule.Filters.RetryFilter.RetryOnStatusCodes) > 0 {
-				destination.RetryOnStatusCodes = rule.Filters.RetryFilter.RetryOnStatusCodes
-			}
-		}
-
-		if rule.Filters.TimeoutFilter != nil {
-			destination.IdleTimeout = rule.Filters.TimeoutFilter.IdleTimeout
-			destination.RequestTimeout = rule.Filters.TimeoutFilter.RequestTimeout
-		}
-
 		// for each match rule a ServiceRoute is created for the service-router
 		// if there are no rules a single route with the destination is set
 		if len(rule.Matches) == 0 {
@@ -195,7 +173,6 @@ func httpRouteToDiscoveryChain(route structs.HTTPRouteConfigEntry) (*structs.Ser
 				Destination: &destination,
 			})
 		}
-
 	}
 
 	return router, splitters, defaults
diff --git a/agent/consul/discoverychain/gateway_tcproute.go b/agent/consul/discoverychain/gateway_tcproute.go
index 910fd517551c..21afef3ec184 100644
--- a/agent/consul/discoverychain/gateway_tcproute.go
+++ b/agent/consul/discoverychain/gateway_tcproute.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/gateway_test.go b/agent/consul/discoverychain/gateway_test.go
index 4e56a3925463..42bbed65ebfb 100644
--- a/agent/consul/discoverychain/gateway_test.go
+++ b/agent/consul/discoverychain/gateway_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/string_stack.go b/agent/consul/discoverychain/string_stack.go
index d5f842f3dc61..e47743a3f386 100644
--- a/agent/consul/discoverychain/string_stack.go
+++ b/agent/consul/discoverychain/string_stack.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/string_stack_test.go b/agent/consul/discoverychain/string_stack_test.go
index 9867b9179520..84f58203d43b 100644
--- a/agent/consul/discoverychain/string_stack_test.go
+++ b/agent/consul/discoverychain/string_stack_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package discoverychain
 
diff --git a/agent/consul/discoverychain/testing.go b/agent/consul/discoverychain/testing.go
index 8992870f9c45..37a3bb4ec116 100644
--- a/agent/consul/discoverychain/testing.go
+++ b/agent/consul/discoverychain/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package discoverychain
 
diff --git a/agent/consul/enterprise_client_ce.go b/agent/consul/enterprise_client_ce.go
index b19705f65b7e..3d432213bd84 100644
--- a/agent/consul/enterprise_client_ce.go
+++ b/agent/consul/enterprise_client_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/enterprise_config_ce.go b/agent/consul/enterprise_config_ce.go
index d057012af151..15af4ea1603e 100644
--- a/agent/consul/enterprise_config_ce.go
+++ b/agent/consul/enterprise_config_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/enterprise_server_ce.go b/agent/consul/enterprise_server_ce.go
index d14cb7bac33c..8e56a8108cb3 100644
--- a/agent/consul/enterprise_server_ce.go
+++ b/agent/consul/enterprise_server_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/enterprise_server_ce_test.go b/agent/consul/enterprise_server_ce_test.go
index bd49bae1b10b..9bd3eb8c0c9b 100644
--- a/agent/consul/enterprise_server_ce_test.go
+++ b/agent/consul/enterprise_server_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/federation_state_endpoint.go b/agent/consul/federation_state_endpoint.go
index 4afa481a397b..db842e666d65 100644
--- a/agent/consul/federation_state_endpoint.go
+++ b/agent/consul/federation_state_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/federation_state_endpoint_test.go b/agent/consul/federation_state_endpoint_test.go
index 2ada2fc17a46..977de1c9c193 100644
--- a/agent/consul/federation_state_endpoint_test.go
+++ b/agent/consul/federation_state_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/federation_state_replication.go b/agent/consul/federation_state_replication.go
index 2f5a6dd150f3..f56c3c6089c7 100644
--- a/agent/consul/federation_state_replication.go
+++ b/agent/consul/federation_state_replication.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/federation_state_replication_test.go b/agent/consul/federation_state_replication_test.go
index 97a34b8dc8c1..5100e45926a1 100644
--- a/agent/consul/federation_state_replication_test.go
+++ b/agent/consul/federation_state_replication_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/filter.go b/agent/consul/filter.go
index 920b8e843676..18643463690e 100644
--- a/agent/consul/filter.go
+++ b/agent/consul/filter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/filter_test.go b/agent/consul/filter_test.go
index 1ca34b0ed072..d8f6ba54c323 100644
--- a/agent/consul/filter_test.go
+++ b/agent/consul/filter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/flood.go b/agent/consul/flood.go
index e01b5ed97eb8..ee7dfbc1dd5e 100644
--- a/agent/consul/flood.go
+++ b/agent/consul/flood.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/fsm/commands_ce.go b/agent/consul/fsm/commands_ce.go
index c5e7fd968238..e9f9f66e3361 100644
--- a/agent/consul/fsm/commands_ce.go
+++ b/agent/consul/fsm/commands_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package fsm
 
diff --git a/agent/consul/fsm/commands_ce_test.go b/agent/consul/fsm/commands_ce_test.go
index 445f4c019076..cea6f05f54f3 100644
--- a/agent/consul/fsm/commands_ce_test.go
+++ b/agent/consul/fsm/commands_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package fsm
 
diff --git a/agent/consul/fsm/fsm.go b/agent/consul/fsm/fsm.go
index 92a3931b5b33..4357ad7c39e2 100644
--- a/agent/consul/fsm/fsm.go
+++ b/agent/consul/fsm/fsm.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package fsm
 
diff --git a/agent/consul/fsm/fsm_test.go b/agent/consul/fsm/fsm_test.go
index 839401014b52..aa31615a5aa7 100644
--- a/agent/consul/fsm/fsm_test.go
+++ b/agent/consul/fsm/fsm_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package fsm
 
diff --git a/agent/consul/fsm/log_verification_chunking_shim.go b/agent/consul/fsm/log_verification_chunking_shim.go
index 4f40c1820b74..a74b92b5684d 100644
--- a/agent/consul/fsm/log_verification_chunking_shim.go
+++ b/agent/consul/fsm/log_verification_chunking_shim.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package fsm
 
diff --git a/agent/consul/fsm/snapshot.go b/agent/consul/fsm/snapshot.go
index c01d2c9f2dd4..c49cefd3a993 100644
--- a/agent/consul/fsm/snapshot.go
+++ b/agent/consul/fsm/snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package fsm
 
diff --git a/agent/consul/fsm/snapshot_ce.go b/agent/consul/fsm/snapshot_ce.go
index bbe5e0693eaa..f563ba21a19f 100644
--- a/agent/consul/fsm/snapshot_ce.go
+++ b/agent/consul/fsm/snapshot_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package fsm
 
diff --git a/agent/consul/fsm/snapshot_ce_test.go b/agent/consul/fsm/snapshot_ce_test.go
index 5bc389dffa4a..b08e75716f38 100644
--- a/agent/consul/fsm/snapshot_ce_test.go
+++ b/agent/consul/fsm/snapshot_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/fsm/snapshot_test.go b/agent/consul/fsm/snapshot_test.go
index ff975aaf9f03..3e16efb19072 100644
--- a/agent/consul/fsm/snapshot_test.go
+++ b/agent/consul/fsm/snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package fsm
 
diff --git a/agent/consul/gateway_locator.go b/agent/consul/gateway_locator.go
index 6503ca0c979d..8f8ca29fbb46 100644
--- a/agent/consul/gateway_locator.go
+++ b/agent/consul/gateway_locator.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/gateway_locator_test.go b/agent/consul/gateway_locator_test.go
index a3e9da3d6900..f9b1daf26d82 100644
--- a/agent/consul/gateway_locator_test.go
+++ b/agent/consul/gateway_locator_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/gateways/controller_gateways.go b/agent/consul/gateways/controller_gateways.go
index fe8ddbcedc6f..cf4f25aa5d46 100644
--- a/agent/consul/gateways/controller_gateways.go
+++ b/agent/consul/gateways/controller_gateways.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package gateways
 
diff --git a/agent/consul/gateways/controller_gateways_test.go b/agent/consul/gateways/controller_gateways_test.go
index 7877ab357ed9..07d85357acdc 100644
--- a/agent/consul/gateways/controller_gateways_test.go
+++ b/agent/consul/gateways/controller_gateways_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package gateways
 
diff --git a/agent/consul/grpc_integration_test.go b/agent/consul/grpc_integration_test.go
index 6ae49e09fa3a..678403a45040 100644
--- a/agent/consul/grpc_integration_test.go
+++ b/agent/consul/grpc_integration_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/health_endpoint.go b/agent/consul/health_endpoint.go
index d26bbcd3b6f2..c1286cce172f 100644
--- a/agent/consul/health_endpoint.go
+++ b/agent/consul/health_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/health_endpoint_test.go b/agent/consul/health_endpoint_test.go
index b47159c22942..21a83ea90db2 100644
--- a/agent/consul/health_endpoint_test.go
+++ b/agent/consul/health_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/helper_test.go b/agent/consul/helper_test.go
index d21523b8fecf..0619004c546e 100644
--- a/agent/consul/helper_test.go
+++ b/agent/consul/helper_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/intention_endpoint.go b/agent/consul/intention_endpoint.go
index a3e4ad678b1d..b00ebfbb46f0 100644
--- a/agent/consul/intention_endpoint.go
+++ b/agent/consul/intention_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/intention_endpoint_test.go b/agent/consul/intention_endpoint_test.go
index d7e469b80326..fb7dcaebf573 100644
--- a/agent/consul/intention_endpoint_test.go
+++ b/agent/consul/intention_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/internal_endpoint.go b/agent/consul/internal_endpoint.go
index 1a8a0fca3028..16dab8c22f87 100644
--- a/agent/consul/internal_endpoint.go
+++ b/agent/consul/internal_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go
index 3f853df7ceb2..d7da66244336 100644
--- a/agent/consul/internal_endpoint_test.go
+++ b/agent/consul/internal_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/issue_test.go b/agent/consul/issue_test.go
index 17624400fe3f..14928a9db99d 100644
--- a/agent/consul/issue_test.go
+++ b/agent/consul/issue_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/kvs_endpoint.go b/agent/consul/kvs_endpoint.go
index 65dc2cd56d40..183f95f7f8bf 100644
--- a/agent/consul/kvs_endpoint.go
+++ b/agent/consul/kvs_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/kvs_endpoint_test.go b/agent/consul/kvs_endpoint_test.go
index dc4272c4bd55..ca9960f4b6e4 100644
--- a/agent/consul/kvs_endpoint_test.go
+++ b/agent/consul/kvs_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader.go b/agent/consul/leader.go
index fcbf794541f3..17408d4ef441 100644
--- a/agent/consul/leader.go
+++ b/agent/consul/leader.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_ce_test.go b/agent/consul/leader_ce_test.go
index 9e5e2d34ffdd..7ff6f64ee193 100644
--- a/agent/consul/leader_ce_test.go
+++ b/agent/consul/leader_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/leader_connect.go b/agent/consul/leader_connect.go
index 794820786f57..f872508bbcf9 100644
--- a/agent/consul/leader_connect.go
+++ b/agent/consul/leader_connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go
index 00b371202842..717c9ff0b254 100644
--- a/agent/consul/leader_connect_ca.go
+++ b/agent/consul/leader_connect_ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_connect_ca_test.go b/agent/consul/leader_connect_ca_test.go
index b3e8fdc9d0ed..e1c2cf8506c2 100644
--- a/agent/consul/leader_connect_ca_test.go
+++ b/agent/consul/leader_connect_ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -566,7 +566,7 @@ func TestCAManager_Initialize_Logging(t *testing.T) {
 	deps := newDefaultDeps(t, conf1)
 	deps.Logger = logger
 
-	s1, err := NewServer(conf1, deps, grpc.NewServer(), nil, logger, nil)
+	s1, err := NewServer(conf1, deps, grpc.NewServer(), nil, logger)
 	require.NoError(t, err)
 	defer s1.Shutdown()
 	testrpc.WaitForLeader(t, s1.RPC, "dc1")
diff --git a/agent/consul/leader_connect_test.go b/agent/consul/leader_connect_test.go
index d9150c3a4545..539226b297d3 100644
--- a/agent/consul/leader_connect_test.go
+++ b/agent/consul/leader_connect_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_federation_state_ae.go b/agent/consul/leader_federation_state_ae.go
index 870dc5460e2b..fa46bea770b3 100644
--- a/agent/consul/leader_federation_state_ae.go
+++ b/agent/consul/leader_federation_state_ae.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_federation_state_ae_test.go b/agent/consul/leader_federation_state_ae_test.go
index ca5ac47b7a97..ef3333da31da 100644
--- a/agent/consul/leader_federation_state_ae_test.go
+++ b/agent/consul/leader_federation_state_ae_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_intentions.go b/agent/consul/leader_intentions.go
index 52736838aec8..cf0844d3ff5c 100644
--- a/agent/consul/leader_intentions.go
+++ b/agent/consul/leader_intentions.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_intentions_ce.go b/agent/consul/leader_intentions_ce.go
index 98acecf918fd..83880d31de37 100644
--- a/agent/consul/leader_intentions_ce.go
+++ b/agent/consul/leader_intentions_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/leader_intentions_ce_test.go b/agent/consul/leader_intentions_ce_test.go
index 3e689d40a806..7d144fb2e98e 100644
--- a/agent/consul/leader_intentions_ce_test.go
+++ b/agent/consul/leader_intentions_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/leader_intentions_test.go b/agent/consul/leader_intentions_test.go
index fc868bc747fc..2de1b97dd7e1 100644
--- a/agent/consul/leader_intentions_test.go
+++ b/agent/consul/leader_intentions_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_log_verification.go b/agent/consul/leader_log_verification.go
index 32a23dd3f5c0..ef32ce17904e 100644
--- a/agent/consul/leader_log_verification.go
+++ b/agent/consul/leader_log_verification.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_metrics.go b/agent/consul/leader_metrics.go
index e210b2ffd933..188e409e3bbd 100644
--- a/agent/consul/leader_metrics.go
+++ b/agent/consul/leader_metrics.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_metrics_test.go b/agent/consul/leader_metrics_test.go
index e3636e1bcf8c..96e7a0d75d97 100644
--- a/agent/consul/leader_metrics_test.go
+++ b/agent/consul/leader_metrics_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_peering.go b/agent/consul/leader_peering.go
index 0f58ed08f491..32f220164b64 100644
--- a/agent/consul/leader_peering.go
+++ b/agent/consul/leader_peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_peering_test.go b/agent/consul/leader_peering_test.go
index 8db496273d28..0787115ca70a 100644
--- a/agent/consul/leader_peering_test.go
+++ b/agent/consul/leader_peering_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/leader_test.go b/agent/consul/leader_test.go
index 7a4b63eb05ee..8a5a158ce34a 100644
--- a/agent/consul/leader_test.go
+++ b/agent/consul/leader_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -1640,7 +1640,7 @@ func TestLeader_ConfigEntryBootstrap_Fail(t *testing.T) {
 			deps := newDefaultDeps(t, config)
 			deps.Logger = logger
 
-			srv, err := NewServer(config, deps, grpc.NewServer(), nil, logger, nil)
+			srv, err := NewServer(config, deps, grpc.NewServer(), nil, logger)
 			require.NoError(t, err)
 			defer srv.Shutdown()
 
diff --git a/agent/consul/logging.go b/agent/consul/logging.go
index cfafe62b0d31..da07daa8febf 100644
--- a/agent/consul/logging.go
+++ b/agent/consul/logging.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/logging_test.go b/agent/consul/logging_test.go
index 3b756c0bb622..7f090992a7a2 100644
--- a/agent/consul/logging_test.go
+++ b/agent/consul/logging_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/merge.go b/agent/consul/merge.go
index f6771d110f0c..21b59f1aa92d 100644
--- a/agent/consul/merge.go
+++ b/agent/consul/merge.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/merge_ce.go b/agent/consul/merge_ce.go
index 83e8f5343d4c..59704f653320 100644
--- a/agent/consul/merge_ce.go
+++ b/agent/consul/merge_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/merge_ce_test.go b/agent/consul/merge_ce_test.go
index 5213907d1bcb..8b0a7514ab26 100644
--- a/agent/consul/merge_ce_test.go
+++ b/agent/consul/merge_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/merge_test.go b/agent/consul/merge_test.go
index bc9d1f2cb4da..f5f5c6d88ff1 100644
--- a/agent/consul/merge_test.go
+++ b/agent/consul/merge_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/multilimiter/multilimiter.go b/agent/consul/multilimiter/multilimiter.go
index a0b9a6044f0d..f40e6c501abe 100644
--- a/agent/consul/multilimiter/multilimiter.go
+++ b/agent/consul/multilimiter/multilimiter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package multilimiter
 
diff --git a/agent/consul/multilimiter/multilimiter_test.go b/agent/consul/multilimiter/multilimiter_test.go
index e7cdab4e1482..b649bdb6c9c9 100644
--- a/agent/consul/multilimiter/multilimiter_test.go
+++ b/agent/consul/multilimiter/multilimiter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package multilimiter
 
diff --git a/agent/consul/operator_autopilot_endpoint.go b/agent/consul/operator_autopilot_endpoint.go
index 39bd5b648ddb..b6ef7d38e656 100644
--- a/agent/consul/operator_autopilot_endpoint.go
+++ b/agent/consul/operator_autopilot_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/operator_autopilot_endpoint_test.go b/agent/consul/operator_autopilot_endpoint_test.go
index 4cef3f0960d4..c9258e9aa270 100644
--- a/agent/consul/operator_autopilot_endpoint_test.go
+++ b/agent/consul/operator_autopilot_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/operator_backend.go b/agent/consul/operator_backend.go
index 136baa1a22ab..a72128735ab3 100644
--- a/agent/consul/operator_backend.go
+++ b/agent/consul/operator_backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/operator_backend_test.go b/agent/consul/operator_backend_test.go
index 0a4650359ec1..2189fe00630c 100644
--- a/agent/consul/operator_backend_test.go
+++ b/agent/consul/operator_backend_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/operator_endpoint.go b/agent/consul/operator_endpoint.go
index 67259c9408a9..33e73e6ee1df 100644
--- a/agent/consul/operator_endpoint.go
+++ b/agent/consul/operator_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/operator_raft_endpoint.go b/agent/consul/operator_raft_endpoint.go
index b8a16fc2c3ec..7b0bcbc5cc03 100644
--- a/agent/consul/operator_raft_endpoint.go
+++ b/agent/consul/operator_raft_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/operator_raft_endpoint_test.go b/agent/consul/operator_raft_endpoint_test.go
index bb2dc88fc89e..7242c40e6c45 100644
--- a/agent/consul/operator_raft_endpoint_test.go
+++ b/agent/consul/operator_raft_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/operator_usage_endpoint.go b/agent/consul/operator_usage_endpoint.go
index 68f3137d0a61..d23815b147c7 100644
--- a/agent/consul/operator_usage_endpoint.go
+++ b/agent/consul/operator_usage_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/options.go b/agent/consul/options.go
index fa2781b83d09..26cb2471a89b 100644
--- a/agent/consul/options.go
+++ b/agent/consul/options.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -16,7 +16,6 @@ import (
 	"github.com/hashicorp/consul/agent/router"
 	"github.com/hashicorp/consul/agent/rpc/middleware"
 	"github.com/hashicorp/consul/agent/token"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/tlsutil"
 )
 
@@ -30,7 +29,6 @@ type Deps struct {
 	GRPCConnPool     GRPCClientConner
 	LeaderForwarder  LeaderForwarder
 	XDSStreamLimiter *limiter.SessionLimiter
-	Registry         resource.Registry
 	// GetNetRPCInterceptorFunc, if not nil, sets the net/rpc rpc.ServerServiceCallInterceptor on
 	// the server side to record metrics around the RPC requests. If nil, no interceptor is added to
 	// the rpc server.
diff --git a/agent/consul/options_ce.go b/agent/consul/options_ce.go
index 0b4d04a66a74..7604ddd87f92 100644
--- a/agent/consul/options_ce.go
+++ b/agent/consul/options_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/peering_backend.go b/agent/consul/peering_backend.go
index 5a27bc6442a1..1771be10fbaa 100644
--- a/agent/consul/peering_backend.go
+++ b/agent/consul/peering_backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/peering_backend_ce.go b/agent/consul/peering_backend_ce.go
index 7b00e1907b69..81a133b3425a 100644
--- a/agent/consul/peering_backend_ce.go
+++ b/agent/consul/peering_backend_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/peering_backend_ce_test.go b/agent/consul/peering_backend_ce_test.go
index a8eae8f067de..410bf5f23427 100644
--- a/agent/consul/peering_backend_ce_test.go
+++ b/agent/consul/peering_backend_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/peering_backend_test.go b/agent/consul/peering_backend_test.go
index adfe6fe228f9..648052b7a15f 100644
--- a/agent/consul/peering_backend_test.go
+++ b/agent/consul/peering_backend_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/prepared_query/template.go b/agent/consul/prepared_query/template.go
index 03cf9d2f5850..ef2e2abd4cae 100644
--- a/agent/consul/prepared_query/template.go
+++ b/agent/consul/prepared_query/template.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package prepared_query
 
diff --git a/agent/consul/prepared_query/template_test.go b/agent/consul/prepared_query/template_test.go
index 7c9b2f1a3af2..d4f78402140d 100644
--- a/agent/consul/prepared_query/template_test.go
+++ b/agent/consul/prepared_query/template_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package prepared_query
 
diff --git a/agent/consul/prepared_query/walk.go b/agent/consul/prepared_query/walk.go
index 72296c0c7fe6..da53ce105b5f 100644
--- a/agent/consul/prepared_query/walk.go
+++ b/agent/consul/prepared_query/walk.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package prepared_query
 
diff --git a/agent/consul/prepared_query/walk_ce_test.go b/agent/consul/prepared_query/walk_ce_test.go
index 8d19b951c5bf..dec84b241b0a 100644
--- a/agent/consul/prepared_query/walk_ce_test.go
+++ b/agent/consul/prepared_query/walk_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/prepared_query/walk_test.go b/agent/consul/prepared_query/walk_test.go
index b788571e4af5..9ff380248bd2 100644
--- a/agent/consul/prepared_query/walk_test.go
+++ b/agent/consul/prepared_query/walk_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package prepared_query
 
diff --git a/agent/consul/prepared_query_endpoint.go b/agent/consul/prepared_query_endpoint.go
index 139556bb1af8..101839708ea2 100644
--- a/agent/consul/prepared_query_endpoint.go
+++ b/agent/consul/prepared_query_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/prepared_query_endpoint_ce.go b/agent/consul/prepared_query_endpoint_ce.go
index 4f7087806cfe..612b81b2e688 100644
--- a/agent/consul/prepared_query_endpoint_ce.go
+++ b/agent/consul/prepared_query_endpoint_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/prepared_query_endpoint_ce_test.go b/agent/consul/prepared_query_endpoint_ce_test.go
index 3c30daf0a92c..876f91d42cd5 100644
--- a/agent/consul/prepared_query_endpoint_ce_test.go
+++ b/agent/consul/prepared_query_endpoint_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/prepared_query_endpoint_test.go b/agent/consul/prepared_query_endpoint_test.go
index f0d63dc277c1..af1fd65a876d 100644
--- a/agent/consul/prepared_query_endpoint_test.go
+++ b/agent/consul/prepared_query_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -2808,7 +2808,7 @@ func TestPreparedQuery_Wrapper(t *testing.T) {
 		t.Fatalf("bad: %v", ret)
 	}
 	// Since we have no idea when the joinWAN operation completes
-	// we keep on querying until the join operation completes.
+	// we keep on querying until the the join operation completes.
 	retry.Run(t, func(r *retry.R) {
 		r.Check(s1.forwardDC("Status.Ping", "dc2", &struct{}{}, &struct{}{}))
 	})
diff --git a/agent/consul/raft_handle.go b/agent/consul/raft_handle.go
index 2906fe7115f1..bf38f0ee9e76 100644
--- a/agent/consul/raft_handle.go
+++ b/agent/consul/raft_handle.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/raft_rpc.go b/agent/consul/raft_rpc.go
index 1a0d6caa64d4..7928ad31e2b9 100644
--- a/agent/consul/raft_rpc.go
+++ b/agent/consul/raft_rpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/rate/handler.go b/agent/consul/rate/handler.go
index bb3aef63931d..c18ec85eddc8 100644
--- a/agent/consul/rate/handler.go
+++ b/agent/consul/rate/handler.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package rate implements server-side RPC rate limiting.
 package rate
diff --git a/agent/consul/rate/handler_ce.go b/agent/consul/rate/handler_ce.go
index b9ec451869a3..fc33a69487f8 100644
--- a/agent/consul/rate/handler_ce.go
+++ b/agent/consul/rate/handler_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/rate/handler_test.go b/agent/consul/rate/handler_test.go
index 268568ce9599..54a8b86a4b98 100644
--- a/agent/consul/rate/handler_test.go
+++ b/agent/consul/rate/handler_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package rate
 
diff --git a/agent/consul/rate/metrics.go b/agent/consul/rate/metrics.go
index ac69c1466177..cbf796fa935c 100644
--- a/agent/consul/rate/metrics.go
+++ b/agent/consul/rate/metrics.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package rate
 
diff --git a/agent/consul/replication.go b/agent/consul/replication.go
index 08b8811129be..0d85d082653c 100644
--- a/agent/consul/replication.go
+++ b/agent/consul/replication.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/replication_test.go b/agent/consul/replication_test.go
index 27000fc563b7..e37e19b1f293 100644
--- a/agent/consul/replication_test.go
+++ b/agent/consul/replication_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/reporting/reporting.go b/agent/consul/reporting/reporting.go
index d6c480f6bace..fec7050f695b 100644
--- a/agent/consul/reporting/reporting.go
+++ b/agent/consul/reporting/reporting.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package reporting
 
diff --git a/agent/consul/reporting/reporting_ce.go b/agent/consul/reporting/reporting_ce.go
index 669ca264afdc..a1e95a177416 100644
--- a/agent/consul/reporting/reporting_ce.go
+++ b/agent/consul/reporting/reporting_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/rpc.go b/agent/consul/rpc.go
index dbb781951e34..f97a5ff88674 100644
--- a/agent/consul/rpc.go
+++ b/agent/consul/rpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/rpc_test.go b/agent/consul/rpc_test.go
index 39351c98ca92..f1b05fa52828 100644
--- a/agent/consul/rpc_test.go
+++ b/agent/consul/rpc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/rtt.go b/agent/consul/rtt.go
index 1599301e158d..5db0a634b435 100644
--- a/agent/consul/rtt.go
+++ b/agent/consul/rtt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/rtt_test.go b/agent/consul/rtt_test.go
index aeed0b66f50d..9420f36c8365 100644
--- a/agent/consul/rtt_test.go
+++ b/agent/consul/rtt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/segment_ce.go b/agent/consul/segment_ce.go
index fd3fce459f49..a3c0162d2a1e 100644
--- a/agent/consul/segment_ce.go
+++ b/agent/consul/segment_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/serf_filter.go b/agent/consul/serf_filter.go
index 7b09c2b9e802..fd6911bf0ab8 100644
--- a/agent/consul/serf_filter.go
+++ b/agent/consul/serf_filter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/serf_test.go b/agent/consul/serf_test.go
index 4d4bc4926a46..62cc6d0a0ba3 100644
--- a/agent/consul/serf_test.go
+++ b/agent/consul/serf_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/server.go b/agent/consul/server.go
index ad6e5b23f8b8..6bb424c67535 100644
--- a/agent/consul/server.go
+++ b/agent/consul/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -20,7 +20,6 @@ import (
 	"time"
 
 	"github.com/armon/go-metrics"
-	"github.com/hashicorp/consul-net-rpc/net/rpc"
 	"github.com/hashicorp/go-connlimit"
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-memdb"
@@ -35,7 +34,8 @@ import (
 	"golang.org/x/time/rate"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
-	"google.golang.org/grpc/reflection"
+
+	"github.com/hashicorp/consul-net-rpc/net/rpc"
 
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/acl/resolver"
@@ -73,7 +73,6 @@ import (
 	"github.com/hashicorp/consul/internal/catalog"
 	"github.com/hashicorp/consul/internal/controller"
 	"github.com/hashicorp/consul/internal/mesh"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/internal/resource/reaper"
@@ -82,7 +81,6 @@ import (
 	"github.com/hashicorp/consul/lib/routine"
 	"github.com/hashicorp/consul/lib/stringslice"
 	"github.com/hashicorp/consul/logging"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/pbsubscribe"
 	"github.com/hashicorp/consul/tlsutil"
@@ -135,7 +133,7 @@ const (
 
 	LeaderTransferMinVersion = "1.6.0"
 
-	CatalogResourceExperimentName = "resource-apis"
+	catalogResourceExperimentName = "resource-apis"
 )
 
 const (
@@ -244,7 +242,7 @@ type Server struct {
 	// serf cluster that spans datacenters
 	eventChWAN chan serf.Event
 
-	// wanMembershipNotifyCh is used to receive notifications that the
+	// wanMembershipNotifyCh is used to receive notifications that the the
 	// serfWAN wan pool may have changed.
 	//
 	// If this is nil, notification is skipped.
@@ -441,20 +439,13 @@ type Server struct {
 	// run by the Server
 	routineManager *routine.Manager
 
-	// resourceServiceServer implements the Resource Service.
-	resourceServiceServer *resourcegrpc.Server
+	// typeRegistry contains Consul's registered resource types.
+	typeRegistry resource.Registry
 
-	// insecureResourceServiceClient is a client that can be used to communicate
-	// with the Resource Service in-process (i.e. not via the network) *without*
-	// auth. It should only be used for purely-internal workloads, such as
-	// controllers.
-	insecureResourceServiceClient pbresource.ResourceServiceClient
-
-	// secureResourceServiceClient is a client that can be used to communicate
-	// with the Resource Service in-process (i.e. not via the network) *with* auth.
-	// It can be used to make requests to the Resource Service on behalf of the user
-	// (e.g. from the HTTP API).
-	secureResourceServiceClient pbresource.ResourceServiceClient
+	// internalResourceServiceClient is a client that can be used to communicate
+	// with the Resource Service in-process (i.e. not via the network) without auth.
+	// It should only be used for purely-internal workloads, such as controllers.
+	internalResourceServiceClient pbresource.ResourceServiceClient
 
 	// controllerManager schedules the execution of controllers.
 	controllerManager *controller.Manager
@@ -481,21 +472,9 @@ type connHandler interface {
 	Shutdown() error
 }
 
-// ProxyUpdater is an interface for ProxyTracker.
-type ProxyUpdater interface {
-	// PushChange allows pushing a computed ProxyState to xds for xds resource generation to send to a proxy.
-	PushChange(id *pbresource.ID, snapshot proxysnapshot.ProxySnapshot) error
-
-	// ProxyConnectedToServer returns whether this id is connected to this server.
-	ProxyConnectedToServer(id *pbresource.ID) bool
-
-	EventChannel() chan controller.Event
-}
-
 // NewServer is used to construct a new Consul server from the configuration
 // and extra options, potentially returning an error.
-func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server,
-	incomingRPCLimiter rpcRate.RequestLimitsHandler, serverLogger hclog.InterceptLogger, proxyUpdater ProxyUpdater) (*Server, error) {
+func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incomingRPCLimiter rpcRate.RequestLimitsHandler, serverLogger hclog.InterceptLogger) (*Server, error) {
 	logger := flat.Logger
 	if err := config.CheckProtocolVersion(); err != nil {
 		return nil, err
@@ -547,6 +526,7 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server,
 		publisher:               flat.EventPublisher,
 		incomingRPCLimiter:      incomingRPCLimiter,
 		routineManager:          routine.NewManager(logger.Named(logging.ConsulServer)),
+		typeRegistry:            resource.NewRegistry(),
 	}
 	incomingRPCLimiter.Register(s)
 
@@ -814,7 +794,7 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server,
 	go s.reportingManager.Run(&lib.StopChannelContext{StopCh: s.shutdownCh})
 
 	// Initialize external gRPC server
-	s.setupExternalGRPC(config, flat.Registry, logger)
+	s.setupExternalGRPC(config, logger)
 
 	// Initialize internal gRPC server.
 	//
@@ -823,19 +803,14 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server,
 	s.grpcHandler = newGRPCHandlerFromConfig(flat, config, s)
 	s.grpcLeaderForwarder = flat.LeaderForwarder
 
-	if err := s.setupSecureResourceServiceClient(); err != nil {
-		return nil, err
-	}
-
-	if err := s.setupInsecureResourceServiceClient(flat.Registry, logger); err != nil {
+	if err := s.setupInternalResourceService(logger); err != nil {
 		return nil, err
 	}
-
 	s.controllerManager = controller.NewManager(
-		s.insecureResourceServiceClient,
+		s.internalResourceServiceClient,
 		logger.Named(logging.ControllerRuntime),
 	)
-	s.registerControllers(flat, proxyUpdater)
+	s.registerResources(flat)
 	go s.controllerManager.Run(&lib.StopChannelContext{StopCh: shutdownCh})
 
 	go s.trackLeaderChanges()
@@ -886,29 +861,18 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server,
 	return s, nil
 }
 
-func (s *Server) registerControllers(deps Deps, proxyUpdater ProxyUpdater) {
-	if stringslice.Contains(deps.Experiments, CatalogResourceExperimentName) {
+func (s *Server) registerResources(deps Deps) {
+	if stringslice.Contains(deps.Experiments, catalogResourceExperimentName) {
+		catalog.RegisterTypes(s.typeRegistry)
 		catalog.RegisterControllers(s.controllerManager, catalog.DefaultControllerDependencies())
-		mesh.RegisterControllers(s.controllerManager, mesh.ControllerDependencies{
-			TrustBundleFetcher: func() (*pbproxystate.TrustBundle, error) {
-				var bundle pbproxystate.TrustBundle
-				roots, err := s.getCARoots(nil, s.GetState())
-				if err != nil {
-					return nil, err
-				}
-				bundle.TrustDomain = roots.TrustDomain
-				for _, root := range roots.Roots {
-					bundle.Roots = append(bundle.Roots, root.RootCert)
-				}
-				return &bundle, nil
-			},
-			ProxyUpdater: proxyUpdater,
-		})
+
+		mesh.RegisterTypes(s.typeRegistry)
 	}
 
 	reaper.RegisterControllers(s.controllerManager)
 
 	if s.config.DevMode {
+		demo.RegisterTypes(s.typeRegistry)
 		demo.RegisterControllers(s.controllerManager)
 	}
 }
@@ -965,7 +929,6 @@ func newGRPCHandlerFromConfig(deps Deps, config *Config, s *Server) connHandler
 		s.peerStreamServer.Register(srv)
 		s.externalACLServer.Register(srv)
 		s.externalConnectCAServer.Register(srv)
-		s.resourceServiceServer.Register(srv)
 	}
 
 	return agentgrpc.NewHandler(deps.Logger, config.RPCAddr, register, nil, s.incomingRPCLimiter)
@@ -1306,7 +1269,7 @@ func (s *Server) setupRPC() error {
 }
 
 // Initialize and register services on external gRPC server.
-func (s *Server) setupExternalGRPC(config *Config, typeRegistry resource.Registry, logger hclog.Logger) {
+func (s *Server) setupExternalGRPC(config *Config, logger hclog.Logger) {
 	s.externalACLServer = aclgrpc.NewServer(aclgrpc.Config{
 		ACLsEnabled: s.config.ACLsEnabled,
 		ForwardRPC: func(info structs.RPCInfo, fn func(*grpc.ClientConn) error) (bool, error) {
@@ -1371,54 +1334,23 @@ func (s *Server) setupExternalGRPC(config *Config, typeRegistry resource.Registr
 	})
 	s.peerStreamServer.Register(s.externalGRPCServer)
 
-	s.resourceServiceServer = resourcegrpc.NewServer(resourcegrpc.Config{
-		Registry:        typeRegistry,
-		Backend:         s.raftStorageBackend,
-		ACLResolver:     s.ACLResolver,
-		Logger:          logger.Named("grpc-api.resource"),
-		V1TenancyBridge: NewV1TenancyBridge(s),
-	})
-	s.resourceServiceServer.Register(s.externalGRPCServer)
-
-	reflection.Register(s.externalGRPCServer)
-}
-
-func (s *Server) setupInsecureResourceServiceClient(typeRegistry resource.Registry, logger hclog.Logger) error {
-	server := resourcegrpc.NewServer(resourcegrpc.Config{
-		Registry:        typeRegistry,
-		Backend:         s.raftStorageBackend,
-		ACLResolver:     resolver.DANGER_NO_AUTH{},
-		Logger:          logger.Named("grpc-api.resource"),
-		V1TenancyBridge: NewV1TenancyBridge(s),
-	})
-
-	conn, err := s.runInProcessGRPCServer(server.Register)
-	if err != nil {
-		return err
-	}
-	s.insecureResourceServiceClient = pbresource.NewResourceServiceClient(conn)
-
-	return nil
-}
-
-func (s *Server) setupSecureResourceServiceClient() error {
-	conn, err := s.runInProcessGRPCServer(s.resourceServiceServer.Register)
-	if err != nil {
-		return err
-	}
-	s.secureResourceServiceClient = pbresource.NewResourceServiceClient(conn)
-
-	return nil
+	resourcegrpc.NewServer(resourcegrpc.Config{
+		Registry:    s.typeRegistry,
+		Backend:     s.raftStorageBackend,
+		ACLResolver: s.ACLResolver,
+		Logger:      logger.Named("grpc-api.resource"),
+	}).Register(s.externalGRPCServer)
 }
 
-// runInProcessGRPCServer runs a gRPC server that can only be accessed in the
-// same process, rather than over the network, using a pipe listener.
-func (s *Server) runInProcessGRPCServer(registerFn ...func(*grpc.Server)) (*grpc.ClientConn, error) {
+func (s *Server) setupInternalResourceService(logger hclog.Logger) error {
 	server := grpc.NewServer()
 
-	for _, fn := range registerFn {
-		fn(server)
-	}
+	resourcegrpc.NewServer(resourcegrpc.Config{
+		Registry:    s.typeRegistry,
+		Backend:     s.raftStorageBackend,
+		ACLResolver: resolver.DANGER_NO_AUTH{},
+		Logger:      logger.Named("grpc-api.resource"),
+	}).Register(server)
 
 	pipe := agentgrpc.NewPipeListener()
 	go server.Serve(pipe)
@@ -1435,14 +1367,15 @@ func (s *Server) runInProcessGRPCServer(registerFn ...func(*grpc.Server)) (*grpc
 	)
 	if err != nil {
 		server.Stop()
-		return nil, err
+		return err
 	}
 	go func() {
 		<-s.shutdownCh
 		conn.Close()
 	}()
+	s.internalResourceServiceClient = pbresource.NewResourceServiceClient(conn)
 
-	return conn, nil
+	return nil
 }
 
 // Shutdown is used to shutdown the server
@@ -2162,10 +2095,6 @@ func (s *Server) hcpServerStatus(deps Deps) hcp.StatusCallback {
 	}
 }
 
-func (s *Server) ResourceServiceClient() pbresource.ResourceServiceClient {
-	return s.secureResourceServiceClient
-}
-
 func fileExists(name string) (bool, error) {
 	_, err := os.Stat(name)
 	if err == nil {
diff --git a/agent/consul/server_ce.go b/agent/consul/server_ce.go
index ab586a0292c0..22660f490b7f 100644
--- a/agent/consul/server_ce.go
+++ b/agent/consul/server_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/server_ce_test.go b/agent/consul/server_ce_test.go
index 472560f2b925..c1760589a9e1 100644
--- a/agent/consul/server_ce_test.go
+++ b/agent/consul/server_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/server_connect.go b/agent/consul/server_connect.go
index d76e4fc8c425..496d059cb494 100644
--- a/agent/consul/server_connect.go
+++ b/agent/consul/server_connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/server_log_verification.go b/agent/consul/server_log_verification.go
index 2bde7dbc81b4..5646e7876098 100644
--- a/agent/consul/server_log_verification.go
+++ b/agent/consul/server_log_verification.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/server_lookup.go b/agent/consul/server_lookup.go
index 60b9c076bf14..e1952d671d07 100644
--- a/agent/consul/server_lookup.go
+++ b/agent/consul/server_lookup.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/server_lookup_test.go b/agent/consul/server_lookup_test.go
index 52e3605de719..5d3d3d4e0e42 100644
--- a/agent/consul/server_lookup_test.go
+++ b/agent/consul/server_lookup_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/server_metadata.go b/agent/consul/server_metadata.go
index 03e4751a290c..742391e0b6a1 100644
--- a/agent/consul/server_metadata.go
+++ b/agent/consul/server_metadata.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/server_metadata_test.go b/agent/consul/server_metadata_test.go
index bf993bc1be57..d091bfdf3630 100644
--- a/agent/consul/server_metadata_test.go
+++ b/agent/consul/server_metadata_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/server_overview.go b/agent/consul/server_overview.go
index a94749d53498..62bdb3440612 100644
--- a/agent/consul/server_overview.go
+++ b/agent/consul/server_overview.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/server_overview_test.go b/agent/consul/server_overview_test.go
index 7780b5ce8396..ebb930a1e2bf 100644
--- a/agent/consul/server_overview_test.go
+++ b/agent/consul/server_overview_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/server_register.go b/agent/consul/server_register.go
index 90d95f061956..61f1daefc7df 100644
--- a/agent/consul/server_register.go
+++ b/agent/consul/server_register.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/server_serf.go b/agent/consul/server_serf.go
index aea50aa6dd19..1dc6c25b1cce 100644
--- a/agent/consul/server_serf.go
+++ b/agent/consul/server_serf.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go
index e8058a468a3f..ebff789b14a5 100644
--- a/agent/consul/server_test.go
+++ b/agent/consul/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
@@ -336,7 +336,7 @@ func newServerWithDeps(t *testing.T, c *Config, deps Deps) (*Server, error) {
 		}
 	}
 	grpcServer := external.NewServer(deps.Logger.Named("grpc.external"), nil, deps.TLSConfigurator, rpcRate.NullRequestLimitsHandler())
-	srv, err := NewServer(c, deps, grpcServer, nil, deps.Logger, nil)
+	srv, err := NewServer(c, deps, grpcServer, nil, deps.Logger)
 	if err != nil {
 		return nil, err
 	}
@@ -1243,7 +1243,7 @@ func TestServer_RPC_MetricsIntercept_Off(t *testing.T) {
 			}
 		}
 
-		s1, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger, nil)
+		s1, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger)
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
@@ -1281,7 +1281,7 @@ func TestServer_RPC_MetricsIntercept_Off(t *testing.T) {
 			return nil
 		}
 
-		s2, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger, nil)
+		s2, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger)
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
@@ -1315,7 +1315,7 @@ func TestServer_RPC_RequestRecorder(t *testing.T) {
 		deps := newDefaultDeps(t, conf)
 		deps.NewRequestRecorderFunc = nil
 
-		s1, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger, nil)
+		s1, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger)
 
 		require.Error(t, err, "need err when provider func is nil")
 		require.Equal(t, err.Error(), "cannot initialize server without an RPC request recorder provider")
@@ -1334,7 +1334,7 @@ func TestServer_RPC_RequestRecorder(t *testing.T) {
 			return nil
 		}
 
-		s2, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger, nil)
+		s2, err := NewServer(conf, deps, grpc.NewServer(), nil, deps.Logger)
 
 		require.Error(t, err, "need err when RequestRecorder is nil")
 		require.Equal(t, err.Error(), "cannot initialize server with a nil RPC request recorder")
diff --git a/agent/consul/servercert/manager.go b/agent/consul/servercert/manager.go
index 664753439477..75c2a4f27608 100644
--- a/agent/consul/servercert/manager.go
+++ b/agent/consul/servercert/manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package servercert
 
diff --git a/agent/consul/servercert/manager_test.go b/agent/consul/servercert/manager_test.go
index e9cc0c81c58c..dfadfe4b953f 100644
--- a/agent/consul/servercert/manager_test.go
+++ b/agent/consul/servercert/manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package servercert
 
diff --git a/agent/consul/session_endpoint.go b/agent/consul/session_endpoint.go
index f2f8ab774023..6e41138f983c 100644
--- a/agent/consul/session_endpoint.go
+++ b/agent/consul/session_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/session_endpoint_test.go b/agent/consul/session_endpoint_test.go
index 408cd7b058c5..ae04d2658f9a 100644
--- a/agent/consul/session_endpoint_test.go
+++ b/agent/consul/session_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/session_timers.go b/agent/consul/session_timers.go
index f1c62b08a819..b4c1b425cb26 100644
--- a/agent/consul/session_timers.go
+++ b/agent/consul/session_timers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/session_timers_test.go b/agent/consul/session_timers_test.go
index f944cc76745d..d44ed2b366fe 100644
--- a/agent/consul/session_timers_test.go
+++ b/agent/consul/session_timers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/session_ttl.go b/agent/consul/session_ttl.go
index 8f5440e14dff..7866ec8fed19 100644
--- a/agent/consul/session_ttl.go
+++ b/agent/consul/session_ttl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/session_ttl_test.go b/agent/consul/session_ttl_test.go
index e552f0ff6cdf..5cd720f3f893 100644
--- a/agent/consul/session_ttl_test.go
+++ b/agent/consul/session_ttl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/snapshot_endpoint.go b/agent/consul/snapshot_endpoint.go
index c9a6e9ace47c..7e5f21113aeb 100644
--- a/agent/consul/snapshot_endpoint.go
+++ b/agent/consul/snapshot_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // The snapshot endpoint is a special non-RPC endpoint that supports streaming
 // for taking and restoring snapshots for disaster recovery. This gets wired
diff --git a/agent/consul/snapshot_endpoint_test.go b/agent/consul/snapshot_endpoint_test.go
index 40bede914974..f401bb72e38d 100644
--- a/agent/consul/snapshot_endpoint_test.go
+++ b/agent/consul/snapshot_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go
index f82b671b18b6..f57c3387352d 100644
--- a/agent/consul/state/acl.go
+++ b/agent/consul/state/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
@@ -623,8 +623,35 @@ func aclTokenGetTxn(tx ReadTxn, ws memdb.WatchSet, value, index string, entMeta
 	return nil, nil
 }
 
+type ACLTokenListParameters struct {
+	Local          bool
+	Global         bool
+	Policy         string
+	Role           string
+	ServiceName    string
+	MethodName     string
+	MethodMeta     *acl.EnterpriseMeta
+	EnterpriseMeta *acl.EnterpriseMeta
+}
+
 // ACLTokenList return a list of ACL Tokens that match the policy, role, and method.
+// This function should be treated as deprecated, and ACLTokenListWithParameters should be preferred.
+//
+// Deprecated: use ACLTokenListWithParameters
 func (s *Store) ACLTokenList(ws memdb.WatchSet, local, global bool, policy, role, methodName string, methodMeta, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLTokens, error) {
+	return s.ACLTokenListWithParameters(ws, ACLTokenListParameters{
+		Local:          local,
+		Global:         global,
+		Policy:         policy,
+		Role:           role,
+		MethodName:     methodName,
+		MethodMeta:     methodMeta,
+		EnterpriseMeta: entMeta,
+	})
+}
+
+// ACLTokenListWithParameters returns a list of ACL Tokens that match the provided parameters.
+func (s *Store) ACLTokenListWithParameters(ws memdb.WatchSet, params ACLTokenListParameters) (uint64, structs.ACLTokens, error) {
 	tx := s.db.Txn(false)
 	defer tx.Abort()
 
@@ -637,43 +664,51 @@ func (s *Store) ACLTokenList(ws memdb.WatchSet, local, global bool, policy, role
 
 	needLocalityFilter := false
 
-	if policy == "" && role == "" && methodName == "" {
-		if global == local {
-			iter, err = aclTokenListAll(tx, entMeta)
+	if params.Policy == "" && params.Role == "" && params.MethodName == "" && params.ServiceName == "" {
+		if params.Global == params.Local {
+			iter, err = aclTokenListAll(tx, params.EnterpriseMeta)
 		} else {
-			iter, err = aclTokenList(tx, entMeta, local)
+			iter, err = aclTokenList(tx, params.EnterpriseMeta, params.Local)
 		}
 
-	} else if policy != "" && role == "" && methodName == "" {
-		iter, err = aclTokenListByPolicy(tx, policy, entMeta)
+	} else if params.Policy != "" && params.Role == "" && params.MethodName == "" && params.ServiceName == "" {
+		// Find by policy
+		iter, err = aclTokenListByPolicy(tx, params.Policy, params.EnterpriseMeta)
+		needLocalityFilter = true
+
+	} else if params.Policy == "" && params.Role != "" && params.MethodName == "" && params.ServiceName == "" {
+		// Find by role
+		iter, err = aclTokenListByRole(tx, params.Role, params.EnterpriseMeta)
 		needLocalityFilter = true
 
-	} else if policy == "" && role != "" && methodName == "" {
-		iter, err = aclTokenListByRole(tx, role, entMeta)
+	} else if params.Policy == "" && params.Role == "" && params.MethodName != "" && params.ServiceName == "" {
+		// Find by methodName
+		iter, err = aclTokenListByAuthMethod(tx, params.MethodName, params.MethodMeta, params.EnterpriseMeta)
 		needLocalityFilter = true
 
-	} else if policy == "" && role == "" && methodName != "" {
-		iter, err = aclTokenListByAuthMethod(tx, methodName, methodMeta, entMeta)
+	} else if params.Policy == "" && params.Role == "" && params.MethodName == "" && params.ServiceName != "" {
+		// Find by the service identity's serviceName
+		iter, err = aclTokenListByServiceName(tx, params.ServiceName, params.EnterpriseMeta)
 		needLocalityFilter = true
 
 	} else {
-		return 0, nil, fmt.Errorf("can only filter by one of policy, role, or methodName at a time")
+		return 0, nil, fmt.Errorf("can only filter by one of policy, role, serviceName, or methodName at a time")
 	}
 
 	if err != nil {
 		return 0, nil, fmt.Errorf("failed acl token lookup: %v", err)
 	}
 
-	if needLocalityFilter && global != local {
+	if needLocalityFilter && params.Global != params.Local {
 		iter = memdb.NewFilterIterator(iter, func(raw interface{}) bool {
 			token, ok := raw.(*structs.ACLToken)
 			if !ok {
 				return true
 			}
 
-			if global && !token.Local {
+			if params.Global && !token.Local {
 				return false
-			} else if local && token.Local {
+			} else if params.Local && token.Local {
 				return false
 			}
 
@@ -698,7 +733,7 @@ func (s *Store) ACLTokenList(ws memdb.WatchSet, local, global bool, policy, role
 	}
 
 	// Get the table index.
-	idx := aclTokenMaxIndex(tx, nil, entMeta)
+	idx := aclTokenMaxIndex(tx, nil, params.EnterpriseMeta)
 	return idx, result, nil
 }
 
diff --git a/agent/consul/state/acl_ce.go b/agent/consul/state/acl_ce.go
index ee0a8eb5ee64..33b3b5986fca 100644
--- a/agent/consul/state/acl_ce.go
+++ b/agent/consul/state/acl_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
@@ -76,6 +76,10 @@ func aclTokenListByAuthMethod(tx ReadTxn, authMethod string, _, _ *acl.Enterpris
 	return tx.Get(tableACLTokens, indexAuthMethod, AuthMethodQuery{Value: authMethod})
 }
 
+func aclTokenListByServiceName(tx ReadTxn, serviceName string, entMeta *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
+	return tx.Get(tableACLTokens, indexServiceName, Query{Value: serviceName})
+}
+
 func aclTokenDeleteWithToken(tx WriteTxn, token *structs.ACLToken, idx uint64) error {
 	// remove the token
 	if err := tx.Delete(tableACLTokens, token); err != nil {
diff --git a/agent/consul/state/acl_ce_test.go b/agent/consul/state/acl_ce_test.go
index 38cf2ebcda1f..4d3bcdcfc00b 100644
--- a/agent/consul/state/acl_ce_test.go
+++ b/agent/consul/state/acl_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/acl_events.go b/agent/consul/state/acl_events.go
index d00062c23bac..3767d2d2d154 100644
--- a/agent/consul/state/acl_events.go
+++ b/agent/consul/state/acl_events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/acl_events_test.go b/agent/consul/state/acl_events_test.go
index 3c6e3fdfab17..303d54a25be1 100644
--- a/agent/consul/state/acl_events_test.go
+++ b/agent/consul/state/acl_events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/acl_schema.go b/agent/consul/state/acl_schema.go
index cdee3ed9fff4..75ca0f3a2689 100644
--- a/agent/consul/state/acl_schema.go
+++ b/agent/consul/state/acl_schema.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
@@ -22,6 +22,7 @@ const (
 	indexAccessor      = "accessor"
 	indexPolicies      = "policies"
 	indexRoles         = "roles"
+	indexServiceName   = "service-name"
 	indexAuthMethod    = "authmethod"
 	indexLocality      = "locality"
 	indexName          = "name"
@@ -106,6 +107,15 @@ func tokensTableSchema() *memdb.TableSchema {
 					writeIndex: indexExpiresLocalFromACLToken,
 				},
 			},
+			indexServiceName: {
+				Name:         indexServiceName,
+				AllowMissing: true,
+				Unique:       false,
+				Indexer: indexerMulti[Query, *structs.ACLToken]{
+					readIndex:       indexFromQuery,
+					writeIndexMulti: indexServiceNameFromACLToken,
+				},
+			},
 		},
 	}
 }
@@ -398,6 +408,21 @@ func indexExpiresFromACLToken(t *structs.ACLToken, local bool) ([]byte, error) {
 	return b.Bytes(), nil
 }
 
+func indexServiceNameFromACLToken(token *structs.ACLToken) ([][]byte, error) {
+	vals := make([][]byte, 0, len(token.ServiceIdentities))
+	for _, id := range token.ServiceIdentities {
+		if id != nil && id.ServiceName != "" {
+			var b indexBuilder
+			b.String(strings.ToLower(id.ServiceName))
+			vals = append(vals, b.Bytes())
+		}
+	}
+	if len(vals) == 0 {
+		return nil, errMissingValueForIndex
+	}
+	return vals, nil
+}
+
 func authMethodsTableSchema() *memdb.TableSchema {
 	return &memdb.TableSchema{
 		Name: tableACLAuthMethods,
diff --git a/agent/consul/state/acl_test.go b/agent/consul/state/acl_test.go
index 330c0689aafc..3c58cb292318 100644
--- a/agent/consul/state/acl_test.go
+++ b/agent/consul/state/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
@@ -214,6 +214,7 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
 	require.Equal(t, uint64(3), index)
 
 	// Make sure the ACLs are in an expected state.
+	// nolint:staticcheck
 	_, tokens, err := s.ACLTokenList(nil, true, true, "", "", "", nil, nil)
 	require.NoError(t, err)
 	require.Len(t, tokens, 1)
@@ -228,6 +229,7 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
 	err = s.ACLBootstrap(32, index, token2.Clone())
 	require.NoError(t, err)
 
+	// nolint:staticcheck
 	_, tokens, err = s.ACLTokenList(nil, true, true, "", "", "", nil, nil)
 	require.NoError(t, err)
 	require.Len(t, tokens, 2)
@@ -849,18 +851,36 @@ func TestStateStore_ACLToken_List(t *testing.T) {
 			AuthMethod: "test",
 			Local:      true,
 		},
+		// the serviceName specific token
+		&structs.ACLToken{
+			AccessorID: "80c900e1-2fc5-4685-ae29-1b2d17fc30e4",
+			SecretID:   "9d229cfd-ec4b-4d31-a6fd-ecbcb2a41d41",
+			ServiceIdentities: []*structs.ACLServiceIdentity{
+				{ServiceName: "sn1"},
+			},
+		},
+		// the serviceName specific token and local
+		&structs.ACLToken{
+			AccessorID: "a14fa45e-0afe-4b44-961d-a430030ccfe2",
+			SecretID:   "17f696b9-448a-4bd3-936b-08c92c66530f",
+			ServiceIdentities: []*structs.ACLServiceIdentity{
+				{ServiceName: "sn1"},
+			},
+			Local: true,
+		},
 	}
 
 	require.NoError(t, s.ACLTokenBatchSet(2, tokens, ACLTokenSetOptions{}))
 
 	type testCase struct {
-		name       string
-		local      bool
-		global     bool
-		policy     string
-		role       string
-		methodName string
-		accessors  []string
+		name        string
+		local       bool
+		global      bool
+		policy      string
+		role        string
+		methodName  string
+		serviceName string
+		accessors   []string
 	}
 
 	cases := []testCase{
@@ -876,6 +896,7 @@ func TestStateStore_ACLToken_List(t *testing.T) {
 				"47eea4da-bda1-48a6-901c-3e36d2d9262f", // policy + global
 				"54866514-3cf2-4fec-8a8a-710583831834", // mgmt + global
 				"74277ae1-6a9b-4035-b444-2370fe6a2cb5", // authMethod + global
+				"80c900e1-2fc5-4685-ae29-1b2d17fc30e4", // serviceName + global
 				"a7715fde-8954-4c92-afbc-d84c6ecdc582", // role + global
 			},
 		},
@@ -889,6 +910,7 @@ func TestStateStore_ACLToken_List(t *testing.T) {
 			accessors: []string{
 				"211f0360-ef53-41d3-9d4d-db84396eb6c0", // authMethod + local
 				"4915fc9d-3726-4171-b588-6c271f45eecd", // policy + local
+				"a14fa45e-0afe-4b44-961d-a430030ccfe2", // serviceName + local
 				"cadb4f13-f62a-49ab-ab3f-5a7e01b925d9", // role + local
 				"f1093997-b6c7-496d-bfb8-6b1b1895641b", // mgmt + local
 			},
@@ -983,6 +1005,30 @@ func TestStateStore_ACLToken_List(t *testing.T) {
 				"74277ae1-6a9b-4035-b444-2370fe6a2cb5", // authMethod + global
 			},
 		},
+		{
+			name:        "ServiceName - Local",
+			local:       true,
+			global:      false,
+			policy:      "",
+			role:        "",
+			methodName:  "",
+			serviceName: "sn1",
+			accessors: []string{
+				"a14fa45e-0afe-4b44-961d-a430030ccfe2", // serviceName + local
+			},
+		},
+		{
+			name:        "ServiceName - Global",
+			local:       false,
+			global:      true,
+			policy:      "",
+			role:        "",
+			methodName:  "",
+			serviceName: "sn1",
+			accessors: []string{
+				"80c900e1-2fc5-4685-ae29-1b2d17fc30e4", // serviceName + global
+			},
+		},
 		{
 			name:       "All",
 			local:      true,
@@ -997,6 +1043,8 @@ func TestStateStore_ACLToken_List(t *testing.T) {
 				"4915fc9d-3726-4171-b588-6c271f45eecd", // policy + local
 				"54866514-3cf2-4fec-8a8a-710583831834", // mgmt + global
 				"74277ae1-6a9b-4035-b444-2370fe6a2cb5", // authMethod + global
+				"80c900e1-2fc5-4685-ae29-1b2d17fc30e4", // serviceName + global
+				"a14fa45e-0afe-4b44-961d-a430030ccfe2", // serviceName + local
 				"a7715fde-8954-4c92-afbc-d84c6ecdc582", // role + global
 				"cadb4f13-f62a-49ab-ab3f-5a7e01b925d9", // role + local
 				"f1093997-b6c7-496d-bfb8-6b1b1895641b", // mgmt + local
@@ -1004,14 +1052,27 @@ func TestStateStore_ACLToken_List(t *testing.T) {
 		},
 	}
 
-	for _, tc := range []struct{ policy, role, methodName string }{
-		{testPolicyID_A, testRoleID_A, "test"},
-		{"", testRoleID_A, "test"},
-		{testPolicyID_A, "", "test"},
-		{testPolicyID_A, testRoleID_A, ""},
+	for _, tc := range []struct{ policy, role, methodName, serviceName string }{
+		{testPolicyID_A, testRoleID_A, "test", ""},
+		{"", testRoleID_A, "test", ""},
+		{testPolicyID_A, "", "test", ""},
+		{testPolicyID_A, testRoleID_A, "", ""},
+		{testPolicyID_A, "", "", "test"},
 	} {
-		t.Run(fmt.Sprintf("can't filter on more than one: %s/%s/%s", tc.policy, tc.role, tc.methodName), func(t *testing.T) {
-			_, _, err := s.ACLTokenList(nil, false, false, tc.policy, tc.role, tc.methodName, nil, nil)
+		t.Run(fmt.Sprintf("can't filter on more than one: %s/%s/%s/%s", tc.policy, tc.role, tc.methodName, tc.serviceName), func(t *testing.T) {
+			var err error
+			if tc.serviceName == "" {
+				// The legacy call can only be tested when the serviceName is not specified
+				// nolint:staticcheck
+				_, _, err = s.ACLTokenList(nil, false, false, tc.policy, tc.role, tc.methodName, nil, nil)
+				require.Error(t, err)
+			}
+			_, _, err = s.ACLTokenListWithParameters(nil, ACLTokenListParameters{
+				Policy:      tc.policy,
+				Role:        tc.role,
+				MethodName:  tc.methodName,
+				ServiceName: tc.serviceName,
+			})
 			require.Error(t, err)
 		})
 	}
@@ -1020,12 +1081,33 @@ func TestStateStore_ACLToken_List(t *testing.T) {
 		tc := tc // capture range variable
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
-			_, tokens, err := s.ACLTokenList(nil, tc.local, tc.global, tc.policy, tc.role, tc.methodName, nil, nil)
-			require.NoError(t, err)
-			require.Len(t, tokens, len(tc.accessors))
-			tokens.Sort()
-			for i, token := range tokens {
-				require.Equal(t, tc.accessors[i], token.AccessorID)
+			// Test old function
+			if tc.serviceName == "" {
+				// nolint:staticcheck
+				_, tokens, err := s.ACLTokenList(nil, tc.local, tc.global, tc.policy, tc.role, tc.methodName, nil, nil)
+				require.NoError(t, err)
+				require.Len(t, tokens, len(tc.accessors))
+				tokens.Sort()
+				for i, token := range tokens {
+					require.Equal(t, tc.accessors[i], token.AccessorID)
+				}
+			}
+			// Test new function
+			{
+				_, tokens, err := s.ACLTokenListWithParameters(nil, ACLTokenListParameters{
+					Local:       tc.local,
+					Global:      tc.global,
+					Policy:      tc.policy,
+					Role:        tc.role,
+					ServiceName: tc.serviceName,
+					MethodName:  tc.methodName,
+				})
+				require.NoError(t, err)
+				require.Len(t, tokens, len(tc.accessors))
+				tokens.Sort()
+				for i, token := range tokens {
+					require.Equal(t, tc.accessors[i], token.AccessorID)
+				}
 			}
 		})
 	}
@@ -1080,6 +1162,7 @@ func TestStateStore_ACLToken_FixupPolicyLinks(t *testing.T) {
 	require.Equal(t, "node-read-renamed", retrieved.Policies[0].Name)
 
 	// list tokens without stale links
+	// nolint:staticcheck
 	_, tokens, err := s.ACLTokenList(nil, true, true, "", "", "", nil, nil)
 	require.NoError(t, err)
 
@@ -1124,6 +1207,7 @@ func TestStateStore_ACLToken_FixupPolicyLinks(t *testing.T) {
 	require.Len(t, retrieved.Policies, 0)
 
 	// list tokens without stale links
+	// nolint:staticcheck
 	_, tokens, err = s.ACLTokenList(nil, true, true, "", "", "", nil, nil)
 	require.NoError(t, err)
 
@@ -1209,6 +1293,7 @@ func TestStateStore_ACLToken_FixupRoleLinks(t *testing.T) {
 	require.Equal(t, "node-read-role-renamed", retrieved.Roles[0].Name)
 
 	// list tokens without stale links
+	// nolint:staticcheck
 	_, tokens, err := s.ACLTokenList(nil, true, true, "", "", "", nil, nil)
 	require.NoError(t, err)
 
@@ -1253,6 +1338,7 @@ func TestStateStore_ACLToken_FixupRoleLinks(t *testing.T) {
 	require.Len(t, retrieved.Roles, 0)
 
 	// list tokens without stale links
+	// nolint:staticcheck
 	_, tokens, err = s.ACLTokenList(nil, true, true, "", "", "", nil, nil)
 	require.NoError(t, err)
 
@@ -2688,16 +2774,19 @@ func TestStateStore_ACLAuthMethod_GlobalNameShadowing_TokenTest(t *testing.T) {
 	}
 
 	require.True(t, t.Run("list local only", func(t *testing.T) {
+		// nolint:staticcheck
 		_, got, err := s.ACLTokenList(nil, true, false, "", "", "test", defaultEntMeta, defaultEntMeta)
 		require.NoError(t, err)
 		require.ElementsMatch(t, []string{methodDC2_tok1, methodDC2_tok2}, toList(got))
 	}))
 	require.True(t, t.Run("list global only", func(t *testing.T) {
+		// nolint:staticcheck
 		_, got, err := s.ACLTokenList(nil, false, true, "", "", "test", defaultEntMeta, defaultEntMeta)
 		require.NoError(t, err)
 		require.ElementsMatch(t, []string{methodDC1_tok1, methodDC1_tok2}, toList(got))
 	}))
 	require.True(t, t.Run("list both", func(t *testing.T) {
+		// nolint:staticcheck
 		_, got, err := s.ACLTokenList(nil, true, true, "", "", "test", defaultEntMeta, defaultEntMeta)
 		require.NoError(t, err)
 		require.ElementsMatch(t, []string{methodDC1_tok1, methodDC1_tok2, methodDC2_tok1, methodDC2_tok2}, toList(got))
@@ -2709,16 +2798,19 @@ func TestStateStore_ACLAuthMethod_GlobalNameShadowing_TokenTest(t *testing.T) {
 	}))
 
 	require.True(t, t.Run("list local only (after dc2 delete)", func(t *testing.T) {
+		// nolint:staticcheck
 		_, got, err := s.ACLTokenList(nil, true, false, "", "", "test", defaultEntMeta, defaultEntMeta)
 		require.NoError(t, err)
 		require.Empty(t, got)
 	}))
 	require.True(t, t.Run("list global only (after dc2 delete)", func(t *testing.T) {
+		// nolint:staticcheck
 		_, got, err := s.ACLTokenList(nil, false, true, "", "", "test", defaultEntMeta, defaultEntMeta)
 		require.NoError(t, err)
 		require.ElementsMatch(t, []string{methodDC1_tok1, methodDC1_tok2}, toList(got))
 	}))
 	require.True(t, t.Run("list both (after dc2 delete)", func(t *testing.T) {
+		// nolint:staticcheck
 		_, got, err := s.ACLTokenList(nil, true, true, "", "", "test", defaultEntMeta, defaultEntMeta)
 		require.NoError(t, err)
 		require.ElementsMatch(t, []string{methodDC1_tok1, methodDC1_tok2}, toList(got))
@@ -3509,6 +3601,7 @@ func TestStateStore_ACLTokens_Snapshot_Restore(t *testing.T) {
 		require.NoError(t, s.ACLRoleBatchSet(2, roles, false))
 
 		// Read the restored ACLs back out and verify that they match.
+		// nolint:staticcheck
 		idx, res, err := s.ACLTokenList(nil, true, true, "", "", "", nil, nil)
 		require.NoError(t, err)
 		require.Equal(t, uint64(4), idx)
diff --git a/agent/consul/state/autopilot.go b/agent/consul/state/autopilot.go
index 608f08f5215c..472ce4bfc31c 100644
--- a/agent/consul/state/autopilot.go
+++ b/agent/consul/state/autopilot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/autopilot_test.go b/agent/consul/state/autopilot_test.go
index a2877e2df5ff..f26163bc4ec1 100644
--- a/agent/consul/state/autopilot_test.go
+++ b/agent/consul/state/autopilot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go
index f5007a893fd6..040a9608142b 100644
--- a/agent/consul/state/catalog.go
+++ b/agent/consul/state/catalog.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
@@ -3972,7 +3972,7 @@ func updateGatewayService(tx WriteTxn, idx uint64, mapping *structs.GatewayServi
 }
 
 // checkWildcardForGatewaysAndUpdate checks whether a service matches a
-// wildcard definition in gateway config entries and if so adds it the
+// wildcard definition in gateway config entries and if so adds it the the
 // gateway-services table.
 func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.ServiceName, ns *structs.NodeService, kind structs.GatewayServiceKind) error {
 	sn := structs.ServiceName{Name: structs.WildcardSpecifier, EnterpriseMeta: svc.EnterpriseMeta}
@@ -4020,7 +4020,7 @@ func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.Servic
 }
 
 // checkGatewayAndUpdate checks whether a service matches a
-// wildcard definition in gateway config entries and if so adds it the
+// wildcard definition in gateway config entries and if so adds it the the
 // gateway-services table.
 func checkGatewayAndUpdate(tx WriteTxn, idx uint64, svc *structs.ServiceName, kind structs.GatewayServiceKind) error {
 	sn := structs.ServiceName{Name: svc.Name, EnterpriseMeta: svc.EnterpriseMeta}
diff --git a/agent/consul/state/catalog_ce.go b/agent/consul/state/catalog_ce.go
index 1c8062567d74..bec9a6a61977 100644
--- a/agent/consul/state/catalog_ce.go
+++ b/agent/consul/state/catalog_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/catalog_ce_test.go b/agent/consul/state/catalog_ce_test.go
index f0ad6ffbc928..e8c71812f860 100644
--- a/agent/consul/state/catalog_ce_test.go
+++ b/agent/consul/state/catalog_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/catalog_events.go b/agent/consul/state/catalog_events.go
index 7b2057c6f43a..0cd7258d5e80 100644
--- a/agent/consul/state/catalog_events.go
+++ b/agent/consul/state/catalog_events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
@@ -645,7 +645,7 @@ func getPayloadCheckServiceNode(payload stream.Payload) *structs.CheckServiceNod
 }
 
 // newServiceHealthEventsForNode returns health events for all services on the
-// given node. This mirrors some of the logic in the oddly-named
+// given node. This mirrors some of the the logic in the oddly-named
 // parseCheckServiceNodes but is more efficient since we know they are all on
 // the same node.
 func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta *acl.EnterpriseMeta, peerName string) ([]stream.Event, error) {
diff --git a/agent/consul/state/catalog_events_ce.go b/agent/consul/state/catalog_events_ce.go
index 25e9dc149b1a..72e3993b5d56 100644
--- a/agent/consul/state/catalog_events_ce.go
+++ b/agent/consul/state/catalog_events_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/catalog_events_ce_test.go b/agent/consul/state/catalog_events_ce_test.go
index 75f9a6ddeb23..0de8286c44c8 100644
--- a/agent/consul/state/catalog_events_ce_test.go
+++ b/agent/consul/state/catalog_events_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/catalog_events_test.go b/agent/consul/state/catalog_events_test.go
index 94406e34f9ae..46e0b269617f 100644
--- a/agent/consul/state/catalog_events_test.go
+++ b/agent/consul/state/catalog_events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/catalog_schema.deepcopy.go b/agent/consul/state/catalog_schema.deepcopy.go
index af4d430d2f97..406a7fdce796 100644
--- a/agent/consul/state/catalog_schema.deepcopy.go
+++ b/agent/consul/state/catalog_schema.deepcopy.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 // generated by deep-copy -pointer-receiver -o ./catalog_schema.deepcopy.go -type upstreamDownstream ./; DO NOT EDIT.
 
 package state
diff --git a/agent/consul/state/catalog_schema.go b/agent/consul/state/catalog_schema.go
index b8da7c099936..8702cc2e0cf5 100644
--- a/agent/consul/state/catalog_schema.go
+++ b/agent/consul/state/catalog_schema.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/catalog_test.go b/agent/consul/state/catalog_test.go
index 6fc79a5a7c0f..e6b279580b03 100644
--- a/agent/consul/state/catalog_test.go
+++ b/agent/consul/state/catalog_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/config_entry.go b/agent/consul/state/config_entry.go
index b298b6122080..9abaafc390d3 100644
--- a/agent/consul/state/config_entry.go
+++ b/agent/consul/state/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/config_entry_ce.go b/agent/consul/state/config_entry_ce.go
index 091a5be15768..ec01e0c09aae 100644
--- a/agent/consul/state/config_entry_ce.go
+++ b/agent/consul/state/config_entry_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_ce_test.go b/agent/consul/state/config_entry_ce_test.go
index 736ede4e54fe..02fb3be78a2c 100644
--- a/agent/consul/state/config_entry_ce_test.go
+++ b/agent/consul/state/config_entry_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_events.go b/agent/consul/state/config_entry_events.go
index c6c19fce3453..5681362dbe16 100644
--- a/agent/consul/state/config_entry_events.go
+++ b/agent/consul/state/config_entry_events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/config_entry_events_test.go b/agent/consul/state/config_entry_events_test.go
index e8ceb10f65d8..1ee92770bc65 100644
--- a/agent/consul/state/config_entry_events_test.go
+++ b/agent/consul/state/config_entry_events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/config_entry_exported_services.go b/agent/consul/state/config_entry_exported_services.go
index 7534613ae137..b758adc09eaf 100644
--- a/agent/consul/state/config_entry_exported_services.go
+++ b/agent/consul/state/config_entry_exported_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/config_entry_exported_services_ce.go b/agent/consul/state/config_entry_exported_services_ce.go
index 0dfbf95ecf05..9dfc4751d2d6 100644
--- a/agent/consul/state/config_entry_exported_services_ce.go
+++ b/agent/consul/state/config_entry_exported_services_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_intention.go b/agent/consul/state/config_entry_intention.go
index 459d8c4276e6..301baf9c0909 100644
--- a/agent/consul/state/config_entry_intention.go
+++ b/agent/consul/state/config_entry_intention.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/config_entry_intention_ce.go b/agent/consul/state/config_entry_intention_ce.go
index b0eb69b355f9..6d479f9ad6bf 100644
--- a/agent/consul/state/config_entry_intention_ce.go
+++ b/agent/consul/state/config_entry_intention_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_sameness_group.go b/agent/consul/state/config_entry_sameness_group.go
index d8308008dfbb..7f02787b6553 100644
--- a/agent/consul/state/config_entry_sameness_group.go
+++ b/agent/consul/state/config_entry_sameness_group.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package state
 
 import (
diff --git a/agent/consul/state/config_entry_sameness_group_ce.go b/agent/consul/state/config_entry_sameness_group_ce.go
index 76c285b5e33e..16437cd8fd18 100644
--- a/agent/consul/state/config_entry_sameness_group_ce.go
+++ b/agent/consul/state/config_entry_sameness_group_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_sameness_group_ce_test.go b/agent/consul/state/config_entry_sameness_group_ce_test.go
index 6397e90699d0..ce4aeb8394f8 100644
--- a/agent/consul/state/config_entry_sameness_group_ce_test.go
+++ b/agent/consul/state/config_entry_sameness_group_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/config_entry_schema.go b/agent/consul/state/config_entry_schema.go
index c66241525296..e420d657cae8 100644
--- a/agent/consul/state/config_entry_schema.go
+++ b/agent/consul/state/config_entry_schema.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/config_entry_test.go b/agent/consul/state/config_entry_test.go
index af9dc0997156..d72f12c87689 100644
--- a/agent/consul/state/config_entry_test.go
+++ b/agent/consul/state/config_entry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/connect_ca.go b/agent/consul/state/connect_ca.go
index 4b1eeeab783d..99e99637b6aa 100644
--- a/agent/consul/state/connect_ca.go
+++ b/agent/consul/state/connect_ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/connect_ca_events.go b/agent/consul/state/connect_ca_events.go
index a285b9d07cb7..554a867dcd59 100644
--- a/agent/consul/state/connect_ca_events.go
+++ b/agent/consul/state/connect_ca_events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/connect_ca_events_test.go b/agent/consul/state/connect_ca_events_test.go
index 79df8df5be87..bf13eefcb937 100644
--- a/agent/consul/state/connect_ca_events_test.go
+++ b/agent/consul/state/connect_ca_events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/connect_ca_test.go b/agent/consul/state/connect_ca_test.go
index 2a49723d65cb..124392cf1a43 100644
--- a/agent/consul/state/connect_ca_test.go
+++ b/agent/consul/state/connect_ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/coordinate.go b/agent/consul/state/coordinate.go
index bcd71e5a0f08..f2eb7b30425e 100644
--- a/agent/consul/state/coordinate.go
+++ b/agent/consul/state/coordinate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/coordinate_ce.go b/agent/consul/state/coordinate_ce.go
index 05568e40b09d..17956e964eee 100644
--- a/agent/consul/state/coordinate_ce.go
+++ b/agent/consul/state/coordinate_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/coordinate_ce_test.go b/agent/consul/state/coordinate_ce_test.go
index 520f8b5d83f1..a4608245060e 100644
--- a/agent/consul/state/coordinate_ce_test.go
+++ b/agent/consul/state/coordinate_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/coordinate_test.go b/agent/consul/state/coordinate_test.go
index dad0ce3e32ec..0fe582eab5aa 100644
--- a/agent/consul/state/coordinate_test.go
+++ b/agent/consul/state/coordinate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/deep-copy.sh b/agent/consul/state/deep-copy.sh
index 809e20432b62..d976d921f3c8 100755
--- a/agent/consul/state/deep-copy.sh
+++ b/agent/consul/state/deep-copy.sh
@@ -1,7 +1,4 @@
 #!/usr/bin/env bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 
 readonly PACKAGE_DIR="$(dirname "${BASH_SOURCE[0]}")"
 cd $PACKAGE_DIR
diff --git a/agent/consul/state/delay_ce.go b/agent/consul/state/delay_ce.go
index ca55c465fd9f..a2471ae63624 100644
--- a/agent/consul/state/delay_ce.go
+++ b/agent/consul/state/delay_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/delay_test.go b/agent/consul/state/delay_test.go
index 6a2d0fa80c2d..40f1842efd67 100644
--- a/agent/consul/state/delay_test.go
+++ b/agent/consul/state/delay_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/events.go b/agent/consul/state/events.go
index 0d4f4eb4fe40..666dc60035d1 100644
--- a/agent/consul/state/events.go
+++ b/agent/consul/state/events.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/events_test.go b/agent/consul/state/events_test.go
index c2a4ad399d64..3da9a26549b2 100644
--- a/agent/consul/state/events_test.go
+++ b/agent/consul/state/events_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/federation_state.go b/agent/consul/state/federation_state.go
index a02a38ed3b53..556caa4b4854 100644
--- a/agent/consul/state/federation_state.go
+++ b/agent/consul/state/federation_state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/graveyard.go b/agent/consul/state/graveyard.go
index 45398584356c..5b6a95dafbaa 100644
--- a/agent/consul/state/graveyard.go
+++ b/agent/consul/state/graveyard.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/graveyard_ce.go b/agent/consul/state/graveyard_ce.go
index b02659b74c3f..963ed6632e5b 100644
--- a/agent/consul/state/graveyard_ce.go
+++ b/agent/consul/state/graveyard_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/graveyard_test.go b/agent/consul/state/graveyard_test.go
index 66aaaf92fb14..af50673e9e74 100644
--- a/agent/consul/state/graveyard_test.go
+++ b/agent/consul/state/graveyard_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/index_connect_test.go b/agent/consul/state/index_connect_test.go
index 7b5404b5b2a8..a598fab68ac4 100644
--- a/agent/consul/state/index_connect_test.go
+++ b/agent/consul/state/index_connect_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/indexer.go b/agent/consul/state/indexer.go
index c752b3af55cf..f360eb2befe9 100644
--- a/agent/consul/state/indexer.go
+++ b/agent/consul/state/indexer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/intention.go b/agent/consul/state/intention.go
index f36055522858..4341590e4ec2 100644
--- a/agent/consul/state/intention.go
+++ b/agent/consul/state/intention.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/intention_ce.go b/agent/consul/state/intention_ce.go
index 43b80a47ad45..e82177eb1a56 100644
--- a/agent/consul/state/intention_ce.go
+++ b/agent/consul/state/intention_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/intention_test.go b/agent/consul/state/intention_test.go
index 72455565d582..3545527b790c 100644
--- a/agent/consul/state/intention_test.go
+++ b/agent/consul/state/intention_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/kvs.go b/agent/consul/state/kvs.go
index b0b4f6c1e52d..0d0a419ae5c2 100644
--- a/agent/consul/state/kvs.go
+++ b/agent/consul/state/kvs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/kvs_ce.go b/agent/consul/state/kvs_ce.go
index 6243bbd71b06..10528e3be6db 100644
--- a/agent/consul/state/kvs_ce.go
+++ b/agent/consul/state/kvs_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/kvs_ce_test.go b/agent/consul/state/kvs_ce_test.go
index a7a1034c6a8d..adf41fe7dbe8 100644
--- a/agent/consul/state/kvs_ce_test.go
+++ b/agent/consul/state/kvs_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/kvs_test.go b/agent/consul/state/kvs_test.go
index b85a08f98d18..4ced02586f0c 100644
--- a/agent/consul/state/kvs_test.go
+++ b/agent/consul/state/kvs_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/memdb.go b/agent/consul/state/memdb.go
index 93707d0e0751..0a3b66c6a627 100644
--- a/agent/consul/state/memdb.go
+++ b/agent/consul/state/memdb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/memdb_test.go b/agent/consul/state/memdb_test.go
index e603fc5bb169..7e893619be5d 100644
--- a/agent/consul/state/memdb_test.go
+++ b/agent/consul/state/memdb_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/operations_ce.go b/agent/consul/state/operations_ce.go
index acf1cd38b801..08de08015b44 100644
--- a/agent/consul/state/operations_ce.go
+++ b/agent/consul/state/operations_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/peering.go b/agent/consul/state/peering.go
index 1763777cff83..90db74845884 100644
--- a/agent/consul/state/peering.go
+++ b/agent/consul/state/peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/peering_ce.go b/agent/consul/state/peering_ce.go
index 40e207729dfa..a54e2d37ddff 100644
--- a/agent/consul/state/peering_ce.go
+++ b/agent/consul/state/peering_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/peering_ce_test.go b/agent/consul/state/peering_ce_test.go
index 927fa1c71db9..41d1bce452db 100644
--- a/agent/consul/state/peering_ce_test.go
+++ b/agent/consul/state/peering_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/peering_test.go b/agent/consul/state/peering_test.go
index 764286bb77b8..8125b96860aa 100644
--- a/agent/consul/state/peering_test.go
+++ b/agent/consul/state/peering_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/prepared_query.go b/agent/consul/state/prepared_query.go
index 62cf39588d17..7638d925170f 100644
--- a/agent/consul/state/prepared_query.go
+++ b/agent/consul/state/prepared_query.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/prepared_query_index.go b/agent/consul/state/prepared_query_index.go
index 83bb5dc73825..ac7684636669 100644
--- a/agent/consul/state/prepared_query_index.go
+++ b/agent/consul/state/prepared_query_index.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/prepared_query_index_test.go b/agent/consul/state/prepared_query_index_test.go
index aaaa62692f1c..a486047f57e3 100644
--- a/agent/consul/state/prepared_query_index_test.go
+++ b/agent/consul/state/prepared_query_index_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/prepared_query_test.go b/agent/consul/state/prepared_query_test.go
index dc902de4ad30..f0b0cd95f446 100644
--- a/agent/consul/state/prepared_query_test.go
+++ b/agent/consul/state/prepared_query_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/query.go b/agent/consul/state/query.go
index 288e715e8331..2256aab995fb 100644
--- a/agent/consul/state/query.go
+++ b/agent/consul/state/query.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/query_ce.go b/agent/consul/state/query_ce.go
index 178dc60b77e1..98108d6ff02b 100644
--- a/agent/consul/state/query_ce.go
+++ b/agent/consul/state/query_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/schema.go b/agent/consul/state/schema.go
index 0934ca483e5e..9e0e6db2fee4 100644
--- a/agent/consul/state/schema.go
+++ b/agent/consul/state/schema.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/schema_ce.go b/agent/consul/state/schema_ce.go
index 15a3ec44788a..eecde09aab61 100644
--- a/agent/consul/state/schema_ce.go
+++ b/agent/consul/state/schema_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/schema_ce_test.go b/agent/consul/state/schema_ce_test.go
index eb8a1e079574..55fc3ee54c19 100644
--- a/agent/consul/state/schema_ce_test.go
+++ b/agent/consul/state/schema_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/schema_test.go b/agent/consul/state/schema_test.go
index a0af2223e27c..f67b18e8c3be 100644
--- a/agent/consul/state/schema_test.go
+++ b/agent/consul/state/schema_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/session.go b/agent/consul/state/session.go
index d57b05947d39..5e666f80fd89 100644
--- a/agent/consul/state/session.go
+++ b/agent/consul/state/session.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/session_ce.go b/agent/consul/state/session_ce.go
index 6bd13c0132dc..1854fb3e1448 100644
--- a/agent/consul/state/session_ce.go
+++ b/agent/consul/state/session_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/session_test.go b/agent/consul/state/session_test.go
index 08f7ad09d0c1..eab429958163 100644
--- a/agent/consul/state/session_test.go
+++ b/agent/consul/state/session_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/state_store.go b/agent/consul/state/state_store.go
index dff3441535bb..fce3b3c96155 100644
--- a/agent/consul/state/state_store.go
+++ b/agent/consul/state/state_store.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/state_store_ce_test.go b/agent/consul/state/state_store_ce_test.go
index 81f25ed1e8b2..5515b193f688 100644
--- a/agent/consul/state/state_store_ce_test.go
+++ b/agent/consul/state/state_store_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/state_store_test.go b/agent/consul/state/state_store_test.go
index 751ecee779de..587f15c03d94 100644
--- a/agent/consul/state/state_store_test.go
+++ b/agent/consul/state/state_store_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/store_integration_test.go b/agent/consul/state/store_integration_test.go
index 25a91c558646..9395aa1cb182 100644
--- a/agent/consul/state/store_integration_test.go
+++ b/agent/consul/state/store_integration_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/system_metadata.go b/agent/consul/state/system_metadata.go
index 06e2d3cc598b..ed802efbd1cd 100644
--- a/agent/consul/state/system_metadata.go
+++ b/agent/consul/state/system_metadata.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/system_metadata_test.go b/agent/consul/state/system_metadata_test.go
index c2ac97b390b8..59f8bcd30c3e 100644
--- a/agent/consul/state/system_metadata_test.go
+++ b/agent/consul/state/system_metadata_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/tombstone_gc.go b/agent/consul/state/tombstone_gc.go
index 6eab5b6b5ba9..3fc19c5cd9cc 100644
--- a/agent/consul/state/tombstone_gc.go
+++ b/agent/consul/state/tombstone_gc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/tombstone_gc_test.go b/agent/consul/state/tombstone_gc_test.go
index def4c9af1972..d0fd11fa7c5a 100644
--- a/agent/consul/state/tombstone_gc_test.go
+++ b/agent/consul/state/tombstone_gc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/txn.go b/agent/consul/state/txn.go
index 30189fc1ed60..81d8acd03929 100644
--- a/agent/consul/state/txn.go
+++ b/agent/consul/state/txn.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/txn_test.go b/agent/consul/state/txn_test.go
index bda004a63a3b..a128badf42e5 100644
--- a/agent/consul/state/txn_test.go
+++ b/agent/consul/state/txn_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/usage.go b/agent/consul/state/usage.go
index 20515e2e7b0c..0893d25288b6 100644
--- a/agent/consul/state/usage.go
+++ b/agent/consul/state/usage.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/state/usage_ce.go b/agent/consul/state/usage_ce.go
index 3daad8b98657..1824cf12399a 100644
--- a/agent/consul/state/usage_ce.go
+++ b/agent/consul/state/usage_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/state/usage_test.go b/agent/consul/state/usage_test.go
index 4195779b8c03..68844ebc1140 100644
--- a/agent/consul/state/usage_test.go
+++ b/agent/consul/state/usage_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/agent/consul/stats_fetcher.go b/agent/consul/stats_fetcher.go
index 94e122f2b438..d52930e85add 100644
--- a/agent/consul/stats_fetcher.go
+++ b/agent/consul/stats_fetcher.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/stats_fetcher_test.go b/agent/consul/stats_fetcher_test.go
index 8dc9ce9eb288..783424393a79 100644
--- a/agent/consul/stats_fetcher_test.go
+++ b/agent/consul/stats_fetcher_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/status_endpoint.go b/agent/consul/status_endpoint.go
index bca454e25eb0..efa2fa2cf4fa 100644
--- a/agent/consul/status_endpoint.go
+++ b/agent/consul/status_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/status_endpoint_test.go b/agent/consul/status_endpoint_test.go
index d4cf5cb7798b..6d95d7f6fd48 100644
--- a/agent/consul/status_endpoint_test.go
+++ b/agent/consul/status_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/stream/event.go b/agent/consul/stream/event.go
index df8160d2dd36..db6f3a6312f3 100644
--- a/agent/consul/stream/event.go
+++ b/agent/consul/stream/event.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 /*
 Package stream provides a publish/subscribe system for events produced by changes
diff --git a/agent/consul/stream/event_buffer.go b/agent/consul/stream/event_buffer.go
index 08060306e8d6..1c7f8c2b956a 100644
--- a/agent/consul/stream/event_buffer.go
+++ b/agent/consul/stream/event_buffer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stream
 
diff --git a/agent/consul/stream/event_buffer_test.go b/agent/consul/stream/event_buffer_test.go
index 892a14d733e1..b6ec48e1775e 100644
--- a/agent/consul/stream/event_buffer_test.go
+++ b/agent/consul/stream/event_buffer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stream
 
diff --git a/agent/consul/stream/event_publisher.go b/agent/consul/stream/event_publisher.go
index bb6d87f8bacf..f39ea22869a0 100644
--- a/agent/consul/stream/event_publisher.go
+++ b/agent/consul/stream/event_publisher.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stream
 
diff --git a/agent/consul/stream/event_publisher_test.go b/agent/consul/stream/event_publisher_test.go
index 4ae53ebcbf8f..13efd0fb564a 100644
--- a/agent/consul/stream/event_publisher_test.go
+++ b/agent/consul/stream/event_publisher_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stream
 
diff --git a/agent/consul/stream/event_snapshot.go b/agent/consul/stream/event_snapshot.go
index 40c9f3d007d5..6b4b693689b4 100644
--- a/agent/consul/stream/event_snapshot.go
+++ b/agent/consul/stream/event_snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stream
 
diff --git a/agent/consul/stream/event_snapshot_test.go b/agent/consul/stream/event_snapshot_test.go
index 8a6d4e27c6bf..0888b90c39c9 100644
--- a/agent/consul/stream/event_snapshot_test.go
+++ b/agent/consul/stream/event_snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stream
 
diff --git a/agent/consul/stream/event_test.go b/agent/consul/stream/event_test.go
index 22afe390de9c..ff6f07c10ea8 100644
--- a/agent/consul/stream/event_test.go
+++ b/agent/consul/stream/event_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stream
 
diff --git a/agent/consul/stream/noop.go b/agent/consul/stream/noop.go
index 65fcbb3fb777..1cd35ea922eb 100644
--- a/agent/consul/stream/noop.go
+++ b/agent/consul/stream/noop.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stream
 
diff --git a/agent/consul/stream/string_types.go b/agent/consul/stream/string_types.go
index 2d0cb656777d..6e6c4ef8e92f 100644
--- a/agent/consul/stream/string_types.go
+++ b/agent/consul/stream/string_types.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stream
 
diff --git a/agent/consul/stream/subscription.go b/agent/consul/stream/subscription.go
index 23911eff2e65..40286768abe0 100644
--- a/agent/consul/stream/subscription.go
+++ b/agent/consul/stream/subscription.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stream
 
diff --git a/agent/consul/stream/subscription_test.go b/agent/consul/stream/subscription_test.go
index fd4af464ee53..9bf0b95b5d56 100644
--- a/agent/consul/stream/subscription_test.go
+++ b/agent/consul/stream/subscription_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stream
 
diff --git a/agent/consul/subscribe_backend.go b/agent/consul/subscribe_backend.go
index c73dea18136a..9afcd4fc567d 100644
--- a/agent/consul/subscribe_backend.go
+++ b/agent/consul/subscribe_backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/subscribe_backend_test.go b/agent/consul/subscribe_backend_test.go
index 8d0f7a501ca1..833f049c9728 100644
--- a/agent/consul/subscribe_backend_test.go
+++ b/agent/consul/subscribe_backend_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/system_metadata.go b/agent/consul/system_metadata.go
index f110255aa2e0..40185294b8d7 100644
--- a/agent/consul/system_metadata.go
+++ b/agent/consul/system_metadata.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/system_metadata_test.go b/agent/consul/system_metadata_test.go
index 75e69786b8dd..7c4eb30e4732 100644
--- a/agent/consul/system_metadata_test.go
+++ b/agent/consul/system_metadata_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/tenancy_bridge.go b/agent/consul/tenancy_bridge.go
deleted file mode 100644
index 4573db2feb06..000000000000
--- a/agent/consul/tenancy_bridge.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package consul
-
-// V1TenancyBridge is used by the resource service to access V1 implementations of
-// partitions and namespaces. This bridge will be removed when V2 implemenations
-// of partitions and namespaces are available.
-type V1TenancyBridge struct {
-	server *Server
-}
-
-func NewV1TenancyBridge(server *Server) *V1TenancyBridge {
-	return &V1TenancyBridge{server: server}
-}
diff --git a/agent/consul/tenancy_bridge_ce.go b/agent/consul/tenancy_bridge_ce.go
deleted file mode 100644
index 03f87378e759..000000000000
--- a/agent/consul/tenancy_bridge_ce.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package consul
-
-func (b *V1TenancyBridge) PartitionExists(partition string) (bool, error) {
-	if partition == "default" {
-		return true, nil
-	}
-	return false, nil
-}
-
-func (b *V1TenancyBridge) IsPartitionMarkedForDeletion(partition string) (bool, error) {
-	return false, nil
-}
-
-func (b *V1TenancyBridge) NamespaceExists(partition, namespace string) (bool, error) {
-	if partition == "default" && namespace == "default" {
-		return true, nil
-	}
-	return false, nil
-}
-
-func (b *V1TenancyBridge) IsNamespaceMarkedForDeletion(partition, namespace string) (bool, error) {
-	return false, nil
-}
diff --git a/agent/consul/txn_endpoint.go b/agent/consul/txn_endpoint.go
index f39cd502cb17..e7e5d870875e 100644
--- a/agent/consul/txn_endpoint.go
+++ b/agent/consul/txn_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/txn_endpoint_test.go b/agent/consul/txn_endpoint_test.go
index ef2ecd13a3f8..f5654fdc001d 100644
--- a/agent/consul/txn_endpoint_test.go
+++ b/agent/consul/txn_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/type_registry.go b/agent/consul/type_registry.go
deleted file mode 100644
index 90bf76576fcf..000000000000
--- a/agent/consul/type_registry.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package consul
-
-import (
-	"github.com/hashicorp/consul/internal/catalog"
-	"github.com/hashicorp/consul/internal/mesh"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/resource/demo"
-)
-
-// NewTypeRegistry returns a registry populated with all supported resource
-// types.
-//
-// Note: the registry includes resource types that may not be suitable for
-// production use (e.g. experimental or development resource types) because
-// it is used in the CLI, where feature flags and other runtime configuration
-// may not be available.
-func NewTypeRegistry() resource.Registry {
-	registry := resource.NewRegistry()
-
-	demo.RegisterTypes(registry)
-	mesh.RegisterTypes(registry)
-	catalog.RegisterTypes(registry)
-
-	return registry
-}
diff --git a/agent/consul/usagemetrics/usagemetrics.go b/agent/consul/usagemetrics/usagemetrics.go
index 7bd21b7d265b..169238c375e1 100644
--- a/agent/consul/usagemetrics/usagemetrics.go
+++ b/agent/consul/usagemetrics/usagemetrics.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package usagemetrics
 
diff --git a/agent/consul/usagemetrics/usagemetrics_ce.go b/agent/consul/usagemetrics/usagemetrics_ce.go
index 7de677cc079c..17853b4fcf6e 100644
--- a/agent/consul/usagemetrics/usagemetrics_ce.go
+++ b/agent/consul/usagemetrics/usagemetrics_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/usagemetrics/usagemetrics_ce_test.go b/agent/consul/usagemetrics/usagemetrics_ce_test.go
index 621224fb9882..47834da9164a 100644
--- a/agent/consul/usagemetrics/usagemetrics_ce_test.go
+++ b/agent/consul/usagemetrics/usagemetrics_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/consul/usagemetrics/usagemetrics_test.go b/agent/consul/usagemetrics/usagemetrics_test.go
index c97fb13be802..7bdf396b2574 100644
--- a/agent/consul/usagemetrics/usagemetrics_test.go
+++ b/agent/consul/usagemetrics/usagemetrics_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package usagemetrics
 
diff --git a/agent/consul/util.go b/agent/consul/util.go
index 0fd88e14c8eb..6fd6c77da33b 100644
--- a/agent/consul/util.go
+++ b/agent/consul/util.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/util_test.go b/agent/consul/util_test.go
index d0a4fcb6842f..c41b7748919f 100644
--- a/agent/consul/util_test.go
+++ b/agent/consul/util_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package consul
 
diff --git a/agent/consul/wanfed/pool.go b/agent/consul/wanfed/pool.go
index 3d083019346d..9320087b3f71 100644
--- a/agent/consul/wanfed/pool.go
+++ b/agent/consul/wanfed/pool.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package wanfed
 
diff --git a/agent/consul/wanfed/wanfed.go b/agent/consul/wanfed/wanfed.go
index 7732e05ad39a..e82eddcfa88e 100644
--- a/agent/consul/wanfed/wanfed.go
+++ b/agent/consul/wanfed/wanfed.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package wanfed
 
diff --git a/agent/consul/wanfed/wanfed_test.go b/agent/consul/wanfed/wanfed_test.go
index 8254e9434b36..ef45c197c179 100644
--- a/agent/consul/wanfed/wanfed_test.go
+++ b/agent/consul/wanfed/wanfed_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package wanfed
 
diff --git a/agent/consul/watch/server_local.go b/agent/consul/watch/server_local.go
index 2bb98fe349df..5937ba1c6a10 100644
--- a/agent/consul/watch/server_local.go
+++ b/agent/consul/watch/server_local.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package watch
 
diff --git a/agent/consul/watch/server_local_test.go b/agent/consul/watch/server_local_test.go
index 84ab8de5739a..1f96b1ec00d0 100644
--- a/agent/consul/watch/server_local_test.go
+++ b/agent/consul/watch/server_local_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package watch
 
diff --git a/agent/consul/xdscapacity/capacity.go b/agent/consul/xdscapacity/capacity.go
index bf3cf4ced02a..6396841d63fe 100644
--- a/agent/consul/xdscapacity/capacity.go
+++ b/agent/consul/xdscapacity/capacity.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xdscapacity
 
diff --git a/agent/consul/xdscapacity/capacity_test.go b/agent/consul/xdscapacity/capacity_test.go
index b3a3935a8806..d26453feae60 100644
--- a/agent/consul/xdscapacity/capacity_test.go
+++ b/agent/consul/xdscapacity/capacity_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xdscapacity
 
diff --git a/agent/coordinate_endpoint.go b/agent/coordinate_endpoint.go
index 60b69244afd5..744498c05533 100644
--- a/agent/coordinate_endpoint.go
+++ b/agent/coordinate_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/coordinate_endpoint_test.go b/agent/coordinate_endpoint_test.go
index 508f308d13c7..fe6deeef9567 100644
--- a/agent/coordinate_endpoint_test.go
+++ b/agent/coordinate_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/debug/host.go b/agent/debug/host.go
index f863117e547b..5116bf7499f7 100644
--- a/agent/debug/host.go
+++ b/agent/debug/host.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package debug
 
diff --git a/agent/debug/host_test.go b/agent/debug/host_test.go
index dce469b542f2..1289e21b4f06 100644
--- a/agent/debug/host_test.go
+++ b/agent/debug/host_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package debug
 
diff --git a/agent/delegate_mock_test.go b/agent/delegate_mock_test.go
index a75cf2d1e262..9f91a6a0d919 100644
--- a/agent/delegate_mock_test.go
+++ b/agent/delegate_mock_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -15,7 +15,6 @@ import (
 	"github.com/hashicorp/consul/agent/consul"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/lib"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 type delegateMock struct {
@@ -77,7 +76,3 @@ func (m *delegateMock) Stats() map[string]map[string]string {
 func (m *delegateMock) ReloadConfig(config consul.ReloadableConfig) error {
 	return m.Called(config).Error(0)
 }
-
-func (m *delegateMock) ResourceServiceClient() pbresource.ResourceServiceClient {
-	return nil
-}
diff --git a/agent/denylist.go b/agent/denylist.go
index 5fdd8cc9f872..b62146529814 100644
--- a/agent/denylist.go
+++ b/agent/denylist.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/denylist_test.go b/agent/denylist_test.go
index dd77e977d94d..f9370723a7c3 100644
--- a/agent/denylist_test.go
+++ b/agent/denylist_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/discovery_chain_endpoint.go b/agent/discovery_chain_endpoint.go
index 69a5e668f46e..a3aaa421f938 100644
--- a/agent/discovery_chain_endpoint.go
+++ b/agent/discovery_chain_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/discovery_chain_endpoint_test.go b/agent/discovery_chain_endpoint_test.go
index 7e1e9a5524e4..ed42ca0aede8 100644
--- a/agent/discovery_chain_endpoint_test.go
+++ b/agent/discovery_chain_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/dns.go b/agent/dns.go
index 3ae9a18b673a..5804dc97dd8e 100644
--- a/agent/dns.go
+++ b/agent/dns.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/dns/dns.go b/agent/dns/dns.go
index 1942a1fdd8d2..9f8e785a390b 100644
--- a/agent/dns/dns.go
+++ b/agent/dns/dns.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dns
 
diff --git a/agent/dns/dns_test.go b/agent/dns/dns_test.go
index 3acd2260e0a7..91dc3ea72a91 100644
--- a/agent/dns/dns_test.go
+++ b/agent/dns/dns_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dns
 
diff --git a/agent/dns/validation.go b/agent/dns/validation.go
index a88aaff2dbcb..cd66acf6fa8f 100644
--- a/agent/dns/validation.go
+++ b/agent/dns/validation.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dns
 
diff --git a/agent/dns/validation_test.go b/agent/dns/validation_test.go
index 8855e375c5f9..bcb65adf14a2 100644
--- a/agent/dns/validation_test.go
+++ b/agent/dns/validation_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dns_test
 
diff --git a/agent/dns_ce.go b/agent/dns_ce.go
index f82d1a31d274..8c055776ed99 100644
--- a/agent/dns_ce.go
+++ b/agent/dns_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/dns_ce_test.go b/agent/dns_ce_test.go
index 50b100a989d2..920568cd3b9b 100644
--- a/agent/dns_ce_test.go
+++ b/agent/dns_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/dns_test.go b/agent/dns_test.go
index 399899527218..ef5364964dd3 100644
--- a/agent/dns_test.go
+++ b/agent/dns_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/enterprise_delegate_ce.go b/agent/enterprise_delegate_ce.go
index 81d41ea8fa41..39ae3db7c46d 100644
--- a/agent/enterprise_delegate_ce.go
+++ b/agent/enterprise_delegate_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/envoyextensions/builtin/aws-lambda/aws_lambda.go b/agent/envoyextensions/builtin/aws-lambda/aws_lambda.go
index 978fc5cf5552..fa36d6fa500d 100644
--- a/agent/envoyextensions/builtin/aws-lambda/aws_lambda.go
+++ b/agent/envoyextensions/builtin/aws-lambda/aws_lambda.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package awslambda
 
diff --git a/agent/envoyextensions/builtin/aws-lambda/aws_lambda_test.go b/agent/envoyextensions/builtin/aws-lambda/aws_lambda_test.go
index 3dda09e317a4..26f49eef4bd1 100644
--- a/agent/envoyextensions/builtin/aws-lambda/aws_lambda_test.go
+++ b/agent/envoyextensions/builtin/aws-lambda/aws_lambda_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package awslambda
 
diff --git a/agent/envoyextensions/builtin/ext-authz/ext_authz.go b/agent/envoyextensions/builtin/ext-authz/ext_authz.go
index 00e1d47640c4..7400aef13a04 100644
--- a/agent/envoyextensions/builtin/ext-authz/ext_authz.go
+++ b/agent/envoyextensions/builtin/ext-authz/ext_authz.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extauthz
 
@@ -23,8 +23,6 @@ type extAuthz struct {
 	ProxyType api.ServiceKind
 	// InsertOptions controls how the extension inserts the filter.
 	InsertOptions ext_cmn.InsertOptions
-	// ListenerType controls which listener the extension applies to. It supports "inbound" or "outbound" listeners.
-	ListenerType string
 	// Config holds the extension configuration.
 	Config extAuthzConfig
 }
@@ -63,14 +61,10 @@ func (a *extAuthz) PatchClusters(cfg *ext_cmn.RuntimeConfig, c ext_cmn.ClusterMa
 	return c, nil
 }
 
-func (a *extAuthz) matchesListenerDirection(isInboundListener bool) bool {
-	return (!isInboundListener && a.ListenerType == "outbound") || (isInboundListener && a.ListenerType == "inbound")
-}
-
 // PatchFilters inserts an ext-authz filter into the list of network filters or the filter chain of the HTTP connection manager.
 func (a *extAuthz) PatchFilters(cfg *ext_cmn.RuntimeConfig, filters []*envoy_listener_v3.Filter, isInboundListener bool) ([]*envoy_listener_v3.Filter, error) {
 	// The ext_authz extension only patches filters for inbound listeners.
-	if !a.matchesListenerDirection(isInboundListener) {
+	if !isInboundListener {
 		return filters, nil
 	}
 
@@ -135,11 +129,6 @@ func (a *extAuthz) normalize() {
 	if a.ProxyType == "" {
 		a.ProxyType = api.ServiceKindConnectProxy
 	}
-
-	if a.ListenerType == "" {
-		a.ListenerType = "inbound"
-	}
-
 	a.Config.normalize()
 }
 
@@ -151,10 +140,6 @@ func (a *extAuthz) validate() error {
 			api.ServiceKindConnectProxy))
 	}
 
-	if a.ListenerType != "inbound" && a.ListenerType != "outbound" {
-		resultErr = multierror.Append(resultErr, fmt.Errorf(`unexpected ListenerType %q, supported values are "inbound" or "outbound"`, a.ListenerType))
-	}
-
 	if err := a.Config.validate(); err != nil {
 		resultErr = multierror.Append(resultErr, err)
 	}
diff --git a/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go b/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go
index 6db284476dd7..88e87d7e9a8f 100644
--- a/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go
+++ b/agent/envoyextensions/builtin/ext-authz/ext_authz_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extauthz
 
diff --git a/agent/envoyextensions/builtin/ext-authz/structs.go b/agent/envoyextensions/builtin/ext-authz/structs.go
index 0a7e7dcce43a..a14cedd63a76 100644
--- a/agent/envoyextensions/builtin/ext-authz/structs.go
+++ b/agent/envoyextensions/builtin/ext-authz/structs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extauthz
 
diff --git a/agent/envoyextensions/builtin/lua/lua.go b/agent/envoyextensions/builtin/lua/lua.go
index ba08d9d286c0..aefea37e6c49 100644
--- a/agent/envoyextensions/builtin/lua/lua.go
+++ b/agent/envoyextensions/builtin/lua/lua.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lua
 
diff --git a/agent/envoyextensions/builtin/lua/lua_test.go b/agent/envoyextensions/builtin/lua/lua_test.go
index afe65d067f43..3ea2ba716c1d 100644
--- a/agent/envoyextensions/builtin/lua/lua_test.go
+++ b/agent/envoyextensions/builtin/lua/lua_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lua
 
diff --git a/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging.go b/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging.go
deleted file mode 100644
index 2f003b552582..000000000000
--- a/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging.go
+++ /dev/null
@@ -1,274 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package otelaccesslogging
-
-import (
-	"fmt"
-
-	envoy_extensions_access_loggers_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3"
-	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
-	envoy_extensions_access_loggers_otel_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/open_telemetry/v3"
-	"github.com/mitchellh/mapstructure"
-	"google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/types/known/anypb"
-
-	"github.com/hashicorp/consul/api"
-	ext_cmn "github.com/hashicorp/consul/envoyextensions/extensioncommon"
-	"github.com/hashicorp/go-multierror"
-	v1 "go.opentelemetry.io/proto/otlp/common/v1"
-)
-
-type otelAccessLogging struct {
-	ext_cmn.BasicExtensionAdapter
-
-	// ProxyType identifies the type of Envoy proxy that this extension applies to.
-	// The extension will only be configured for proxies that match this type and
-	// will be ignored for all other proxy types.
-	ProxyType api.ServiceKind
-	// ListenerType controls which listener the extension applies to. It supports "inbound" or "outbound" listeners.
-	ListenerType string
-	// Config holds the extension configuration.
-	Config AccessLog
-}
-
-var _ ext_cmn.BasicExtension = (*otelAccessLogging)(nil)
-
-func Constructor(ext api.EnvoyExtension) (ext_cmn.EnvoyExtender, error) {
-	otel, err := newOTELAccessLogging(ext)
-	if err != nil {
-		return nil, err
-	}
-	return &ext_cmn.BasicEnvoyExtender{
-		Extension: otel,
-	}, nil
-}
-
-// CanApply indicates if the extension can be applied to the given extension runtime configuration.
-func (a *otelAccessLogging) CanApply(config *ext_cmn.RuntimeConfig) bool {
-	return config.Kind == api.ServiceKindConnectProxy
-}
-
-// PatchClusters modifies the cluster resources for the extension.
-//
-// If the extension is configured to target the OTEL service running on the local host network
-// this func will insert a cluster for calling that service. It does nothing if the extension is
-// configured to target an upstream service because the existing cluster for the upstream will be
-// used directly by the filter.
-func (a *otelAccessLogging) PatchClusters(cfg *ext_cmn.RuntimeConfig, c ext_cmn.ClusterMap) (ext_cmn.ClusterMap, error) {
-	cluster, err := a.Config.toEnvoyCluster(cfg)
-	if err != nil {
-		return c, err
-	}
-	if cluster != nil {
-		c[cluster.Name] = cluster
-	}
-	return c, nil
-}
-
-func (a *otelAccessLogging) matchesListenerDirection(p ext_cmn.FilterPayload) bool {
-	isInboundListener := p.IsInbound()
-	return (!isInboundListener && a.ListenerType == "outbound") || (isInboundListener && a.ListenerType == "inbound")
-}
-
-// PatchFilter adds the OTEL access log in the HTTP connection manager.
-func (a *otelAccessLogging) PatchFilter(p ext_cmn.FilterPayload) (*envoy_listener_v3.Filter, bool, error) {
-	filter := p.Message
-	// Make sure filter matches extension config.
-	if !a.matchesListenerDirection(p) {
-		return filter, false, nil
-	}
-
-	httpConnectionManager, _, err := ext_cmn.GetHTTPConnectionManager(filter)
-	if err != nil {
-		return filter, false, err
-	}
-
-	accessLog, err := a.toEnvoyAccessLog(p.RuntimeConfig)
-	if err != nil {
-		return filter, false, err
-	}
-
-	httpConnectionManager.AccessLog = append(httpConnectionManager.AccessLog, accessLog)
-	newHCM, err := ext_cmn.MakeFilter("envoy.filters.network.http_connection_manager", httpConnectionManager)
-	if err != nil {
-		return filter, false, err
-	}
-
-	return newHCM, true, nil
-}
-
-func newOTELAccessLogging(ext api.EnvoyExtension) (*otelAccessLogging, error) {
-	otel := &otelAccessLogging{}
-	if ext.Name != api.BuiltinOTELAccessLoggingExtension {
-		return otel, fmt.Errorf("expected extension name %q but got %q", api.BuiltinOTELAccessLoggingExtension, ext.Name)
-	}
-	if err := otel.fromArguments(ext.Arguments); err != nil {
-		return otel, err
-	}
-
-	return otel, nil
-}
-
-func (a *otelAccessLogging) fromArguments(args map[string]any) error {
-	if err := mapstructure.Decode(args, a); err != nil {
-		return err
-	}
-	a.normalize()
-	return a.validate()
-}
-
-func (a *otelAccessLogging) toEnvoyAccessLog(cfg *ext_cmn.RuntimeConfig) (*envoy_extensions_access_loggers_v3.AccessLog, error) {
-	commonConfig, err := a.Config.toEnvoyCommonGrpcAccessLogConfig(cfg)
-	if err != nil {
-		return nil, err
-	}
-
-	body, err := toEnvoyAnyValue(a.Config.Body)
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal Body: %w", err)
-	}
-
-	attributes, err := toEnvoyKeyValueList(a.Config.Attributes)
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal Attributes: %w", err)
-	}
-
-	resourceAttributes, err := toEnvoyKeyValueList(a.Config.ResourceAttributes)
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal ResourceAttributes: %w", err)
-	}
-
-	otelAccessLogConfig := &envoy_extensions_access_loggers_otel_v3.OpenTelemetryAccessLogConfig{
-		CommonConfig:       commonConfig,
-		Body:               body,
-		Attributes:         attributes,
-		ResourceAttributes: resourceAttributes,
-	}
-
-	// Marshal the struct to bytes.
-	otelAccessLogConfigBytes, err := proto.Marshal(otelAccessLogConfig)
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal OpenTelemetryAccessLogConfig: %w", err)
-	}
-
-	return &envoy_extensions_access_loggers_v3.AccessLog{
-		Name: "envoy.access_loggers.open_telemetry",
-		ConfigType: &envoy_extensions_access_loggers_v3.AccessLog_TypedConfig{
-			TypedConfig: &anypb.Any{
-				Value:   otelAccessLogConfigBytes,
-				TypeUrl: "type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig",
-			},
-		},
-	}, nil
-}
-
-func (a *otelAccessLogging) normalize() {
-	if a.ProxyType == "" {
-		a.ProxyType = api.ServiceKindConnectProxy
-	}
-
-	if a.ListenerType == "" {
-		a.ListenerType = "inbound"
-	}
-
-	if a.Config.LogName == "" {
-		a.Config.LogName = a.ListenerType
-	}
-
-	a.Config.normalize()
-}
-
-func (a *otelAccessLogging) validate() error {
-	var resultErr error
-	if a.ProxyType != api.ServiceKindConnectProxy {
-		resultErr = multierror.Append(resultErr, fmt.Errorf("unsupported ProxyType %q, only %q is supported",
-			a.ProxyType,
-			api.ServiceKindConnectProxy))
-	}
-
-	if a.ListenerType != "inbound" && a.ListenerType != "outbound" {
-		resultErr = multierror.Append(resultErr, fmt.Errorf(`unexpected ListenerType %q, supported values are "inbound" or "outbound"`, a.ListenerType))
-	}
-
-	if err := a.Config.validate(); err != nil {
-		resultErr = multierror.Append(resultErr, err)
-	}
-
-	return resultErr
-}
-
-func toEnvoyKeyValueList(attributes map[string]any) (*v1.KeyValueList, error) {
-	keyValueList := &v1.KeyValueList{}
-	for key, value := range attributes {
-		anyValue, err := toEnvoyAnyValue(value)
-		if err != nil {
-			return nil, err
-		}
-		keyValueList.Values = append(keyValueList.Values, &v1.KeyValue{
-			Key:   key,
-			Value: anyValue,
-		})
-	}
-
-	return keyValueList, nil
-}
-
-func toEnvoyAnyValue(value interface{}) (*v1.AnyValue, error) {
-	if value == nil {
-		return nil, nil
-	}
-
-	switch v := value.(type) {
-	case string:
-		return &v1.AnyValue{
-			Value: &v1.AnyValue_StringValue{
-				StringValue: v,
-			},
-		}, nil
-	case int:
-		return &v1.AnyValue{
-			Value: &v1.AnyValue_IntValue{
-				IntValue: int64(v),
-			},
-		}, nil
-	case int32:
-		return &v1.AnyValue{
-			Value: &v1.AnyValue_IntValue{
-				IntValue: int64(v),
-			},
-		}, nil
-	case int64:
-		return &v1.AnyValue{
-			Value: &v1.AnyValue_IntValue{
-				IntValue: v,
-			},
-		}, nil
-	case float32:
-		return &v1.AnyValue{
-			Value: &v1.AnyValue_DoubleValue{
-				DoubleValue: float64(v),
-			},
-		}, nil
-	case float64:
-		return &v1.AnyValue{
-			Value: &v1.AnyValue_DoubleValue{
-				DoubleValue: v,
-			},
-		}, nil
-	case bool:
-		return &v1.AnyValue{
-			Value: &v1.AnyValue_BoolValue{
-				BoolValue: v,
-			},
-		}, nil
-	case []byte:
-		return &v1.AnyValue{
-			Value: &v1.AnyValue_BytesValue{
-				BytesValue: v,
-			},
-		}, nil
-	default:
-		return nil, fmt.Errorf("unsupported type %T", v)
-	}
-}
diff --git a/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging_test.go b/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging_test.go
deleted file mode 100644
index 5c6b9ffa6636..000000000000
--- a/agent/envoyextensions/builtin/otel-access-logging/otel_access_logging_test.go
+++ /dev/null
@@ -1,113 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package otelaccesslogging
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
-)
-
-func TestConstructor(t *testing.T) {
-	makeArguments := func(overrides map[string]interface{}) map[string]interface{} {
-		m := map[string]interface{}{
-			"ProxyType":    "connect-proxy",
-			"ListenerType": "inbound",
-			"Config": AccessLog{
-				LogName: "access.log",
-				GrpcService: &GrpcService{
-					Target: &Target{
-						Service: api.CompoundServiceName{
-							Name:      "otel-collector",
-							Namespace: "default",
-							Partition: "default",
-						},
-					},
-				},
-			},
-		}
-
-		for k, v := range overrides {
-			m[k] = v
-		}
-
-		return m
-	}
-
-	cases := map[string]struct {
-		extensionName string
-		arguments     map[string]interface{}
-		expected      otelAccessLogging
-		ok            bool
-	}{
-		"with no arguments": {
-			arguments: nil,
-			ok:        false,
-		},
-		"with an invalid name": {
-			arguments:     makeArguments(map[string]interface{}{}),
-			extensionName: "bad",
-			ok:            false,
-		},
-		"invalid proxy type": {
-			arguments: makeArguments(map[string]interface{}{"ProxyType": "terminating-gateway"}),
-			ok:        false,
-		},
-		"invalid listener": {
-			arguments: makeArguments(map[string]interface{}{"ListenerType": "invalid"}),
-			ok:        false,
-		},
-		"default proxy type": {
-			arguments: makeArguments(map[string]interface{}{"ProxyType": ""}),
-			expected: otelAccessLogging{
-				ProxyType:    "connect-proxy",
-				ListenerType: "inbound",
-				Config: AccessLog{
-					LogName: "access.log",
-					GrpcService: &GrpcService{
-						Target: &Target{
-							Service: api.CompoundServiceName{
-								Name:      "otel-collector",
-								Namespace: "default",
-								Partition: "default",
-							},
-						},
-					},
-				},
-			},
-			ok: true,
-		},
-	}
-
-	for n, tc := range cases {
-		t.Run(n, func(t *testing.T) {
-
-			extensionName := api.BuiltinOTELAccessLoggingExtension
-			if tc.extensionName != "" {
-				extensionName = tc.extensionName
-			}
-
-			svc := api.CompoundServiceName{Name: "svc"}
-			ext := extensioncommon.RuntimeConfig{
-				ServiceName: svc,
-				EnvoyExtension: api.EnvoyExtension{
-					Name:      extensionName,
-					Arguments: tc.arguments,
-				},
-			}
-
-			e, err := Constructor(ext.EnvoyExtension)
-
-			if tc.ok {
-				require.NoError(t, err)
-				require.Equal(t, &extensioncommon.BasicEnvoyExtender{Extension: &tc.expected}, e)
-			} else {
-				require.Error(t, err)
-			}
-		})
-	}
-}
diff --git a/agent/envoyextensions/builtin/otel-access-logging/structs.go b/agent/envoyextensions/builtin/otel-access-logging/structs.go
deleted file mode 100644
index 5d23a0e4032c..000000000000
--- a/agent/envoyextensions/builtin/otel-access-logging/structs.go
+++ /dev/null
@@ -1,424 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package otelaccesslogging
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-	"time"
-
-	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
-	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
-	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
-	envoy_extensions_access_loggers_grpc_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v3"
-	envoy_upstreams_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
-	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/api"
-	cmn "github.com/hashicorp/consul/envoyextensions/extensioncommon"
-	"github.com/hashicorp/go-multierror"
-	"google.golang.org/protobuf/types/known/anypb"
-	"google.golang.org/protobuf/types/known/durationpb"
-	"google.golang.org/protobuf/types/known/wrapperspb"
-)
-
-const (
-	LocalAccessLogClusterName = "local_access_log"
-
-	localhost     = "localhost"
-	localhostIPv4 = "127.0.0.1"
-	localhostIPv6 = "::1"
-)
-
-type AccessLog struct {
-	LogName                 string
-	GrpcService             *GrpcService
-	BufferFlushInterval     *time.Duration
-	BufferSizeBytes         uint32
-	FilterStateObjectsToLog []string
-	RetryPolicy             *RetryPolicy
-	Body                    interface{}
-	Attributes              map[string]interface{}
-	ResourceAttributes      map[string]interface{}
-}
-
-func (a *AccessLog) normalize() {
-	if a.GrpcService != nil {
-		a.GrpcService.normalize()
-	}
-
-	if a.RetryPolicy != nil {
-		a.RetryPolicy.normalize()
-	}
-}
-
-func (a *AccessLog) validate() error {
-	a.normalize()
-
-	if a.GrpcService == nil {
-		return fmt.Errorf("missing GrpcService")
-	}
-
-	var resultErr error
-
-	var field string
-	var validate func() error
-	field = "GrpcService"
-	validate = a.GrpcService.validate
-
-	if err := validate(); err != nil {
-		resultErr = multierror.Append(resultErr, fmt.Errorf("failed to validate Config.%s: %w", field, err))
-	}
-
-	return resultErr
-}
-
-func (a *AccessLog) envoyGrpcService(cfg *cmn.RuntimeConfig) (*envoy_core_v3.GrpcService, error) {
-	target := a.GrpcService.Target
-	clusterName, err := a.getClusterName(cfg, target)
-	if err != nil {
-		return nil, err
-	}
-
-	var initialMetadata []*envoy_core_v3.HeaderValue
-	for _, meta := range a.GrpcService.InitialMetadata {
-		initialMetadata = append(initialMetadata, meta.toEnvoy())
-	}
-
-	return &envoy_core_v3.GrpcService{
-		TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{
-			EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{
-				ClusterName: clusterName,
-				Authority:   a.GrpcService.Authority,
-			},
-		},
-		Timeout:         target.timeoutDurationPB(),
-		InitialMetadata: initialMetadata,
-	}, nil
-}
-
-// getClusterName returns the name of the cluster for the OpenTelemetry access logging service.
-// If the extension is configured with an upstream OpenTelemetry access logging service then the name of the cluster for
-// that upstream is returned. If the extension is configured with a URI, the only allowed host is `localhost`
-// and the extension will insert a new cluster with the name "local_access_log", so we use that name.
-func (a *AccessLog) getClusterName(cfg *cmn.RuntimeConfig, target *Target) (string, error) {
-	var err error
-	clusterName := LocalAccessLogClusterName
-	if target.isService() {
-		if clusterName, err = target.clusterName(cfg); err != nil {
-			return "", err
-		}
-	}
-	return clusterName, nil
-}
-
-// toEnvoyCluster returns an Envoy cluster for connecting to the OpenTelemetry access logging service.
-// If the extension is configured with the OpenTelemetry access logging service locally via the URI set to localhost,
-// this func will return a new cluster definition that will allow the proxy to connect to the OpenTelemetry access logging
-// service running on localhost on the configured port.
-//
-// If the extension is configured with the OpenTelemetry access logging service as an upstream there is no need to insert
-// a new cluster so this method returns nil.
-func (a *AccessLog) toEnvoyCluster(_ *cmn.RuntimeConfig) (*envoy_cluster_v3.Cluster, error) {
-	target := a.GrpcService.Target
-
-	// If the target is an upstream we do not need to create a cluster. We will use the cluster of the upstream.
-	if target.isService() {
-		return nil, nil
-	}
-
-	host, port, err := target.addr()
-	if err != nil {
-		return nil, err
-	}
-
-	clusterType := &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STATIC}
-	if host == localhost {
-		// If the host is "localhost" use a STRICT_DNS cluster type to perform DNS lookup.
-		clusterType = &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STRICT_DNS}
-	}
-
-	var typedExtProtoOpts map[string]*anypb.Any
-
-	httpProtoOpts := &envoy_upstreams_http_v3.HttpProtocolOptions{
-		UpstreamProtocolOptions: &envoy_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{
-			ExplicitHttpConfig: &envoy_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig{
-				ProtocolConfig: &envoy_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{},
-			},
-		},
-	}
-	httpProtoOptsAny, err := anypb.New(httpProtoOpts)
-	if err != nil {
-		return nil, err
-	}
-	typedExtProtoOpts = make(map[string]*anypb.Any)
-	typedExtProtoOpts["envoy.extensions.upstreams.http.v3.HttpProtocolOptions"] = httpProtoOptsAny
-
-	return &envoy_cluster_v3.Cluster{
-		Name:                 LocalAccessLogClusterName,
-		ClusterDiscoveryType: clusterType,
-		ConnectTimeout:       target.timeoutDurationPB(),
-		LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{
-			ClusterName: LocalAccessLogClusterName,
-			Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{
-				{
-					LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{{
-						HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
-							Endpoint: &envoy_endpoint_v3.Endpoint{
-								Address: &envoy_core_v3.Address{
-									Address: &envoy_core_v3.Address_SocketAddress{
-										SocketAddress: &envoy_core_v3.SocketAddress{
-											Address: host,
-											PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{
-												PortValue: uint32(port),
-											},
-										},
-									},
-								},
-							},
-						},
-					}},
-				},
-			},
-		},
-		TypedExtensionProtocolOptions: typedExtProtoOpts,
-	}, nil
-}
-
-func (a *AccessLog) toEnvoyCommonGrpcAccessLogConfig(cfg *cmn.RuntimeConfig) (*envoy_extensions_access_loggers_grpc_v3.CommonGrpcAccessLogConfig, error) {
-	config := &envoy_extensions_access_loggers_grpc_v3.CommonGrpcAccessLogConfig{
-		LogName:                 a.LogName,
-		BufferSizeBytes:         wrapperspb.UInt32(a.BufferSizeBytes),
-		FilterStateObjectsToLog: a.FilterStateObjectsToLog,
-		TransportApiVersion:     envoy_core_v3.ApiVersion_V3,
-	}
-
-	if a.BufferFlushInterval != nil {
-		config.BufferFlushInterval = durationpb.New(*a.BufferFlushInterval)
-	}
-
-	if a.RetryPolicy != nil {
-		config.GrpcStreamRetryPolicy = a.RetryPolicy.toEnvoy()
-	}
-
-	grpcSvc, err := a.envoyGrpcService(cfg)
-	if err != nil {
-		return nil, err
-	}
-	config.GrpcService = grpcSvc
-
-	return config, nil
-}
-
-type GrpcService struct {
-	Target          *Target
-	Authority       string
-	InitialMetadata []*HeaderValue
-}
-
-func (v *GrpcService) normalize() {
-	if v == nil {
-		return
-	}
-	v.Target.normalize()
-}
-
-func (v *GrpcService) validate() error {
-	var resultErr error
-	if v == nil {
-		return resultErr
-	}
-
-	if v.Target == nil {
-		resultErr = multierror.Append(resultErr, fmt.Errorf("GrpcService.Target must be set"))
-	}
-	if err := v.Target.validate(); err != nil {
-		resultErr = multierror.Append(resultErr, err)
-	}
-	return resultErr
-}
-
-type HeaderValue struct {
-	Key   string
-	Value string
-}
-
-func (h *HeaderValue) toEnvoy() *envoy_core_v3.HeaderValue {
-	if h == nil {
-		return nil
-	}
-	return &envoy_core_v3.HeaderValue{Key: h.Key, Value: h.Value}
-}
-
-type Target struct {
-	Service api.CompoundServiceName
-	URI     string
-	Timeout string
-
-	timeout *time.Duration
-	host    string
-	port    int
-}
-
-// addr returns the host and port for the target when the target is a URI.
-// It returns a non-nil error if the target is not a URI.
-func (t Target) addr() (string, int, error) {
-	if !t.isURI() {
-		return "", 0, fmt.Errorf("target is not configured with a URI, set Target.URI")
-	}
-	return t.host, t.port, nil
-}
-
-// clusterName returns the cluster name for the target when the target is an upstream service.
-// It searches through the upstreams in the provided runtime configuration and returns the name
-// of the cluster for the first upstream service that matches the target service.
-// It returns a non-nil error if a matching cluster is not found or if the target is not an
-// upstream service.
-func (t Target) clusterName(cfg *cmn.RuntimeConfig) (string, error) {
-	if !t.isService() {
-		return "", fmt.Errorf("target is not configured with an upstream service, set Target.Service")
-	}
-
-	for service, upstream := range cfg.Upstreams {
-		if service == t.Service {
-			for sni := range upstream.SNIs {
-				return sni, nil
-			}
-		}
-	}
-	return "", fmt.Errorf("no upstream definition found for service %q", t.Service.Name)
-}
-
-func (t Target) isService() bool {
-	return t.Service.Name != ""
-}
-
-func (t Target) isURI() bool {
-	return t.URI != ""
-}
-
-func (t *Target) normalize() {
-	if t == nil {
-		return
-	}
-	t.Service.Namespace = acl.NamespaceOrDefault(t.Service.Namespace)
-	t.Service.Partition = acl.PartitionOrDefault(t.Service.Partition)
-}
-
-// timeoutDurationPB returns the target's timeout as a *durationpb.Duration.
-// It returns nil if the timeout has not been explicitly set.
-func (t *Target) timeoutDurationPB() *durationpb.Duration {
-	if t == nil || t.timeout == nil {
-		return nil
-	}
-	return durationpb.New(*t.timeout)
-}
-
-func (t *Target) validate() error {
-	var err, resultErr error
-	if t == nil {
-		return resultErr
-	}
-
-	if t.isURI() == t.isService() {
-		resultErr = multierror.Append(resultErr, fmt.Errorf("exactly one of Target.Service or Target.URI must be set"))
-	}
-
-	if t.isURI() {
-		t.host, t.port, err = parseAddr(t.URI)
-		if err == nil {
-			switch t.host {
-			case localhost, localhostIPv4, localhostIPv6:
-			default:
-				resultErr = multierror.Append(resultErr,
-					fmt.Errorf("invalid host for Target.URI %q: expected %q, %q, or %q", t.URI, localhost, localhostIPv4, localhostIPv6))
-			}
-		} else {
-			resultErr = multierror.Append(resultErr, fmt.Errorf("invalid format for Target.URI %q: expected host:port", t.URI))
-		}
-	}
-
-	if t.Timeout != "" {
-		if d, err := time.ParseDuration(t.Timeout); err == nil {
-			t.timeout = &d
-		} else {
-			resultErr = multierror.Append(resultErr, fmt.Errorf("failed to parse Target.Timeout %q as a duration: %w", t.Timeout, err))
-		}
-	}
-	return resultErr
-}
-
-type RetryPolicy struct {
-	RetryBackOff *RetryBackOff
-	NumRetries   uint32
-}
-
-func (r *RetryPolicy) normalize() {
-	if r == nil {
-		return
-	}
-	r.RetryBackOff.normalize()
-}
-
-func (r *RetryPolicy) toEnvoy() *envoy_core_v3.RetryPolicy {
-	if r == nil {
-		return nil
-	}
-
-	return &envoy_core_v3.RetryPolicy{
-		RetryBackOff: r.RetryBackOff.toEnvoy(),
-		NumRetries:   wrapperspb.UInt32(r.NumRetries),
-	}
-}
-
-type RetryBackOff struct {
-	BaseInterval *time.Duration
-	MaxInterval  *time.Duration
-}
-
-func (v *RetryBackOff) normalize() {
-	if v == nil {
-		return
-	}
-
-	if v.BaseInterval == nil {
-		v.BaseInterval = new(time.Duration)
-		*v.BaseInterval = time.Second
-	}
-
-	if v.MaxInterval == nil {
-		v.MaxInterval = new(time.Duration)
-		*v.MaxInterval = time.Second * 30
-	}
-}
-
-func (r *RetryBackOff) toEnvoy() *envoy_core_v3.BackoffStrategy {
-	if r == nil {
-		return nil
-	}
-
-	return &envoy_core_v3.BackoffStrategy{
-		BaseInterval: durationpb.New(*r.BaseInterval),
-		MaxInterval:  durationpb.New(*r.MaxInterval),
-	}
-}
-
-func parseAddr(s string) (host string, port int, err error) {
-	// Strip the protocol if one was provided
-	if _, addr, hasProto := strings.Cut(s, "://"); hasProto {
-		s = addr
-	}
-	idx := strings.LastIndex(s, ":")
-	switch idx {
-	case -1, len(s) - 1:
-		err = fmt.Errorf("invalid input format %q: expected host:port", s)
-	case 0:
-		host = localhost
-		port, err = strconv.Atoi(s[idx+1:])
-	default:
-		host = s[:idx]
-		port, err = strconv.Atoi(s[idx+1:])
-	}
-	return
-}
diff --git a/agent/envoyextensions/builtin/property-override/property_override.go b/agent/envoyextensions/builtin/property-override/property_override.go
index 70577a56e3d4..41e98074b7a2 100644
--- a/agent/envoyextensions/builtin/property-override/property_override.go
+++ b/agent/envoyextensions/builtin/property-override/property_override.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package propertyoverride
 
 import (
diff --git a/agent/envoyextensions/builtin/property-override/property_override_test.go b/agent/envoyextensions/builtin/property-override/property_override_test.go
index 20febc21074d..0e4317f9ddb7 100644
--- a/agent/envoyextensions/builtin/property-override/property_override_test.go
+++ b/agent/envoyextensions/builtin/property-override/property_override_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package propertyoverride
 
 import (
diff --git a/agent/envoyextensions/builtin/property-override/structpatcher.go b/agent/envoyextensions/builtin/property-override/structpatcher.go
index 76fe3be1a857..91de4cf7f86d 100644
--- a/agent/envoyextensions/builtin/property-override/structpatcher.go
+++ b/agent/envoyextensions/builtin/property-override/structpatcher.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package propertyoverride
 
 import (
diff --git a/agent/envoyextensions/builtin/property-override/structpatcher_test.go b/agent/envoyextensions/builtin/property-override/structpatcher_test.go
index 4916f0c505c7..ac7379f9f186 100644
--- a/agent/envoyextensions/builtin/property-override/structpatcher_test.go
+++ b/agent/envoyextensions/builtin/property-override/structpatcher_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package propertyoverride
 
 import (
diff --git a/agent/envoyextensions/builtin/wasm/structs.go b/agent/envoyextensions/builtin/wasm/structs.go
index 67540fee56c9..012099ab6203 100644
--- a/agent/envoyextensions/builtin/wasm/structs.go
+++ b/agent/envoyextensions/builtin/wasm/structs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package wasm
 
diff --git a/agent/envoyextensions/builtin/wasm/wasm.go b/agent/envoyextensions/builtin/wasm/wasm.go
index da1e0a7ceaa9..c16ac4da81c0 100644
--- a/agent/envoyextensions/builtin/wasm/wasm.go
+++ b/agent/envoyextensions/builtin/wasm/wasm.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package wasm
 
diff --git a/agent/envoyextensions/builtin/wasm/wasm_test.go b/agent/envoyextensions/builtin/wasm/wasm_test.go
index 41769beecdc9..93f3a4b5e0af 100644
--- a/agent/envoyextensions/builtin/wasm/wasm_test.go
+++ b/agent/envoyextensions/builtin/wasm/wasm_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package wasm
 
diff --git a/agent/envoyextensions/registered_extensions.go b/agent/envoyextensions/registered_extensions.go
index b2bb2aeeaaa9..7b0f2ae61da1 100644
--- a/agent/envoyextensions/registered_extensions.go
+++ b/agent/envoyextensions/registered_extensions.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package envoyextensions
 
@@ -12,7 +12,6 @@ import (
 	awslambda "github.com/hashicorp/consul/agent/envoyextensions/builtin/aws-lambda"
 	extauthz "github.com/hashicorp/consul/agent/envoyextensions/builtin/ext-authz"
 	"github.com/hashicorp/consul/agent/envoyextensions/builtin/lua"
-	otelaccesslogging "github.com/hashicorp/consul/agent/envoyextensions/builtin/otel-access-logging"
 	propertyoverride "github.com/hashicorp/consul/agent/envoyextensions/builtin/property-override"
 	"github.com/hashicorp/consul/agent/envoyextensions/builtin/wasm"
 	"github.com/hashicorp/consul/api"
@@ -22,25 +21,22 @@ import (
 type extensionConstructor func(api.EnvoyExtension) (extensioncommon.EnvoyExtender, error)
 
 var extensionConstructors = map[string]extensionConstructor{
-	api.BuiltinOTELAccessLoggingExtension: otelaccesslogging.Constructor,
-	api.BuiltinLuaExtension:               lua.Constructor,
-	api.BuiltinAWSLambdaExtension:         awslambda.Constructor,
-	api.BuiltinPropertyOverrideExtension:  propertyoverride.Constructor,
-	api.BuiltinWasmExtension:              wasm.Constructor,
-	api.BuiltinExtAuthzExtension:          extauthz.Constructor,
+	api.BuiltinLuaExtension:              lua.Constructor,
+	api.BuiltinAWSLambdaExtension:        awslambda.Constructor,
+	api.BuiltinPropertyOverrideExtension: propertyoverride.Constructor,
+	api.BuiltinWasmExtension:             wasm.Constructor,
+	api.BuiltinExtAuthzExtension:         extauthz.Constructor,
 }
 
 // ConstructExtension attempts to lookup and build an extension from the registry with the
 // given config. Returns an error if the extension does not exist, or if the extension fails
 // to be constructed properly.
 func ConstructExtension(ext api.EnvoyExtension) (extensioncommon.EnvoyExtender, error) {
-	if constructor, ok := extensionConstructors[ext.Name]; ok {
-		return constructor(ext)
+	constructor, ok := extensionConstructors[ext.Name]
+	if !ok {
+		return nil, fmt.Errorf("name %q is not a built-in extension", ext.Name)
 	}
-	if constructor, ok := enterpriseExtensionConstructors[ext.Name]; ok {
-		return constructor(ext)
-	}
-	return nil, fmt.Errorf("name %q is not a built-in extension", ext.Name)
+	return constructor(ext)
 }
 
 // ValidateExtensions will attempt to construct each instance of the given envoy extension configurations
diff --git a/agent/envoyextensions/registered_extensions_ce.go b/agent/envoyextensions/registered_extensions_ce.go
deleted file mode 100644
index 4b9e07e50ba4..000000000000
--- a/agent/envoyextensions/registered_extensions_ce.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-
-package envoyextensions
-
-var enterpriseExtensionConstructors = map[string]extensionConstructor{}
diff --git a/agent/envoyextensions/registered_extensions_test.go b/agent/envoyextensions/registered_extensions_test.go
index 818db87fafea..7f3cb6bbac7d 100644
--- a/agent/envoyextensions/registered_extensions_test.go
+++ b/agent/envoyextensions/registered_extensions_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package envoyextensions
 
diff --git a/agent/event_endpoint.go b/agent/event_endpoint.go
index da589632c75a..034dec305619 100644
--- a/agent/event_endpoint.go
+++ b/agent/event_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/event_endpoint_test.go b/agent/event_endpoint_test.go
index a041088c448c..4be21a6914b9 100644
--- a/agent/event_endpoint_test.go
+++ b/agent/event_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/exec/exec.go b/agent/exec/exec.go
index 408dc6bb8110..d4b4bfafd1fe 100644
--- a/agent/exec/exec.go
+++ b/agent/exec/exec.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package exec
 
diff --git a/agent/exec/exec_unix.go b/agent/exec/exec_unix.go
index b31e593163a0..32ff23249e3b 100644
--- a/agent/exec/exec_unix.go
+++ b/agent/exec/exec_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !windows
 // +build !windows
diff --git a/agent/exec/exec_windows.go b/agent/exec/exec_windows.go
index aeb9b6a84781..1a0cb4c82c80 100644
--- a/agent/exec/exec_windows.go
+++ b/agent/exec/exec_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build windows
 // +build windows
diff --git a/agent/federation_state_endpoint.go b/agent/federation_state_endpoint.go
index 40a3df1ff1cd..0bec145ae60c 100644
--- a/agent/federation_state_endpoint.go
+++ b/agent/federation_state_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/grpc-external/forward.go b/agent/grpc-external/forward.go
index 395fb6aa479d..c0ed064ac808 100644
--- a/agent/grpc-external/forward.go
+++ b/agent/grpc-external/forward.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package external
 
diff --git a/agent/grpc-external/limiter/limiter.go b/agent/grpc-external/limiter/limiter.go
index 44aaac616f99..f995f963049b 100644
--- a/agent/grpc-external/limiter/limiter.go
+++ b/agent/grpc-external/limiter/limiter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // package limiter provides primatives for limiting the number of concurrent
 // operations in-flight.
diff --git a/agent/grpc-external/limiter/limiter_test.go b/agent/grpc-external/limiter/limiter_test.go
index 3cfa3ad26327..fa165a66706b 100644
--- a/agent/grpc-external/limiter/limiter_test.go
+++ b/agent/grpc-external/limiter/limiter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package limiter
 
diff --git a/agent/grpc-external/options.go b/agent/grpc-external/options.go
index 04e5c10efb51..a25a4482990f 100644
--- a/agent/grpc-external/options.go
+++ b/agent/grpc-external/options.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package external
 
diff --git a/agent/grpc-external/options_test.go b/agent/grpc-external/options_test.go
index ccc0ad12fd69..b2edb8fbf1f5 100644
--- a/agent/grpc-external/options_test.go
+++ b/agent/grpc-external/options_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package external
 
diff --git a/agent/grpc-external/querymeta.go b/agent/grpc-external/querymeta.go
index 0f4dd52adb86..55b960255fff 100644
--- a/agent/grpc-external/querymeta.go
+++ b/agent/grpc-external/querymeta.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package external
 
 import (
diff --git a/agent/grpc-external/querymeta_test.go b/agent/grpc-external/querymeta_test.go
index 440692964817..66c7136a3dd4 100644
--- a/agent/grpc-external/querymeta_test.go
+++ b/agent/grpc-external/querymeta_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package external
 
 import (
diff --git a/agent/grpc-external/server.go b/agent/grpc-external/server.go
index 6090a8f31a15..0513d22e223c 100644
--- a/agent/grpc-external/server.go
+++ b/agent/grpc-external/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package external
 
diff --git a/agent/grpc-external/services/acl/login.go b/agent/grpc-external/services/acl/login.go
index 1e44acf8a171..c8c399d108be 100644
--- a/agent/grpc-external/services/acl/login.go
+++ b/agent/grpc-external/services/acl/login.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/agent/grpc-external/services/acl/login_test.go b/agent/grpc-external/services/acl/login_test.go
index 3b956d7c8c71..e858618a906b 100644
--- a/agent/grpc-external/services/acl/login_test.go
+++ b/agent/grpc-external/services/acl/login_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/agent/grpc-external/services/acl/logout.go b/agent/grpc-external/services/acl/logout.go
index 691ac7b88894..bd3bb5e3e42a 100644
--- a/agent/grpc-external/services/acl/logout.go
+++ b/agent/grpc-external/services/acl/logout.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/agent/grpc-external/services/acl/logout_test.go b/agent/grpc-external/services/acl/logout_test.go
index df5c39628297..69491db5e3b0 100644
--- a/agent/grpc-external/services/acl/logout_test.go
+++ b/agent/grpc-external/services/acl/logout_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/agent/grpc-external/services/acl/server.go b/agent/grpc-external/services/acl/server.go
index 2393f11aa106..5513950e02ec 100644
--- a/agent/grpc-external/services/acl/server.go
+++ b/agent/grpc-external/services/acl/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/agent/grpc-external/services/acl/server_test.go b/agent/grpc-external/services/acl/server_test.go
index 1b6cd066001e..89c49bf226a1 100644
--- a/agent/grpc-external/services/acl/server_test.go
+++ b/agent/grpc-external/services/acl/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/agent/grpc-external/services/connectca/server.go b/agent/grpc-external/services/connectca/server.go
index 4ef91705f7a1..c90962e180c8 100644
--- a/agent/grpc-external/services/connectca/server.go
+++ b/agent/grpc-external/services/connectca/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connectca
 
diff --git a/agent/grpc-external/services/connectca/server_test.go b/agent/grpc-external/services/connectca/server_test.go
index 27c8d17c0c9d..84636e9e7588 100644
--- a/agent/grpc-external/services/connectca/server_test.go
+++ b/agent/grpc-external/services/connectca/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connectca
 
diff --git a/agent/grpc-external/services/connectca/sign.go b/agent/grpc-external/services/connectca/sign.go
index 148bf675b057..59c1a6f28354 100644
--- a/agent/grpc-external/services/connectca/sign.go
+++ b/agent/grpc-external/services/connectca/sign.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connectca
 
diff --git a/agent/grpc-external/services/connectca/sign_test.go b/agent/grpc-external/services/connectca/sign_test.go
index 07be304081eb..e43978e0b906 100644
--- a/agent/grpc-external/services/connectca/sign_test.go
+++ b/agent/grpc-external/services/connectca/sign_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connectca
 
diff --git a/agent/grpc-external/services/connectca/watch_roots.go b/agent/grpc-external/services/connectca/watch_roots.go
index ddd02ca56e0f..14927e2188a1 100644
--- a/agent/grpc-external/services/connectca/watch_roots.go
+++ b/agent/grpc-external/services/connectca/watch_roots.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connectca
 
diff --git a/agent/grpc-external/services/connectca/watch_roots_test.go b/agent/grpc-external/services/connectca/watch_roots_test.go
index 171e00324643..bfdb76f33bdd 100644
--- a/agent/grpc-external/services/connectca/watch_roots_test.go
+++ b/agent/grpc-external/services/connectca/watch_roots_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connectca
 
diff --git a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go
index 147f84d302e2..13bbd1c9f94b 100644
--- a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go
+++ b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go
index 03e968ba4221..322d2f652745 100644
--- a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go
+++ b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dataplane/get_supported_features.go b/agent/grpc-external/services/dataplane/get_supported_features.go
index 214f0e249f30..ea638715338a 100644
--- a/agent/grpc-external/services/dataplane/get_supported_features.go
+++ b/agent/grpc-external/services/dataplane/get_supported_features.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dataplane/get_supported_features_test.go b/agent/grpc-external/services/dataplane/get_supported_features_test.go
index 4761ccb3cb38..329b5df0f68f 100644
--- a/agent/grpc-external/services/dataplane/get_supported_features_test.go
+++ b/agent/grpc-external/services/dataplane/get_supported_features_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dataplane/server.go b/agent/grpc-external/services/dataplane/server.go
index 88b586f459a4..877289386384 100644
--- a/agent/grpc-external/services/dataplane/server.go
+++ b/agent/grpc-external/services/dataplane/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dataplane/server_test.go b/agent/grpc-external/services/dataplane/server_test.go
index ec57396bcb79..15ac272871e8 100644
--- a/agent/grpc-external/services/dataplane/server_test.go
+++ b/agent/grpc-external/services/dataplane/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dataplane
 
diff --git a/agent/grpc-external/services/dns/server.go b/agent/grpc-external/services/dns/server.go
index a6f2249733c1..a9733c40666b 100644
--- a/agent/grpc-external/services/dns/server.go
+++ b/agent/grpc-external/services/dns/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dns
 
diff --git a/agent/grpc-external/services/dns/server_test.go b/agent/grpc-external/services/dns/server_test.go
index a6576b51adcf..0144eccc0cd1 100644
--- a/agent/grpc-external/services/dns/server_test.go
+++ b/agent/grpc-external/services/dns/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dns
 
diff --git a/agent/grpc-external/services/peerstream/health_snapshot.go b/agent/grpc-external/services/peerstream/health_snapshot.go
index efd60a7f1039..dd9a10c67469 100644
--- a/agent/grpc-external/services/peerstream/health_snapshot.go
+++ b/agent/grpc-external/services/peerstream/health_snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/health_snapshot_test.go b/agent/grpc-external/services/peerstream/health_snapshot_test.go
index 6759db252d2c..7ea404f3854c 100644
--- a/agent/grpc-external/services/peerstream/health_snapshot_test.go
+++ b/agent/grpc-external/services/peerstream/health_snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/replication.go b/agent/grpc-external/services/peerstream/replication.go
index 692a475235be..a0c1e4387f1c 100644
--- a/agent/grpc-external/services/peerstream/replication.go
+++ b/agent/grpc-external/services/peerstream/replication.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/server.go b/agent/grpc-external/services/peerstream/server.go
index 4127312fe72c..58e436bd1f5c 100644
--- a/agent/grpc-external/services/peerstream/server.go
+++ b/agent/grpc-external/services/peerstream/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/server_test.go b/agent/grpc-external/services/peerstream/server_test.go
index 836b09d89b2b..cb7c60e3cf0a 100644
--- a/agent/grpc-external/services/peerstream/server_test.go
+++ b/agent/grpc-external/services/peerstream/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/stream_resources.go b/agent/grpc-external/services/peerstream/stream_resources.go
index 9f2d9cf896f3..61c98d3f0789 100644
--- a/agent/grpc-external/services/peerstream/stream_resources.go
+++ b/agent/grpc-external/services/peerstream/stream_resources.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/stream_test.go b/agent/grpc-external/services/peerstream/stream_test.go
index 8c1e0783bd7b..2d8f6f3e1667 100644
--- a/agent/grpc-external/services/peerstream/stream_test.go
+++ b/agent/grpc-external/services/peerstream/stream_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/stream_tracker.go b/agent/grpc-external/services/peerstream/stream_tracker.go
index c74a1b284f09..abb5a003a399 100644
--- a/agent/grpc-external/services/peerstream/stream_tracker.go
+++ b/agent/grpc-external/services/peerstream/stream_tracker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/stream_tracker_test.go b/agent/grpc-external/services/peerstream/stream_tracker_test.go
index 33ea536469d8..d676587a2520 100644
--- a/agent/grpc-external/services/peerstream/stream_tracker_test.go
+++ b/agent/grpc-external/services/peerstream/stream_tracker_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_blocking.go b/agent/grpc-external/services/peerstream/subscription_blocking.go
index a1257d3d3381..7fa8bc1eff59 100644
--- a/agent/grpc-external/services/peerstream/subscription_blocking.go
+++ b/agent/grpc-external/services/peerstream/subscription_blocking.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_manager.go b/agent/grpc-external/services/peerstream/subscription_manager.go
index bd2d36ffd942..4fcd27635b81 100644
--- a/agent/grpc-external/services/peerstream/subscription_manager.go
+++ b/agent/grpc-external/services/peerstream/subscription_manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_manager_test.go b/agent/grpc-external/services/peerstream/subscription_manager_test.go
index cc2afee0d54c..4ed912368e89 100644
--- a/agent/grpc-external/services/peerstream/subscription_manager_test.go
+++ b/agent/grpc-external/services/peerstream/subscription_manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_state.go b/agent/grpc-external/services/peerstream/subscription_state.go
index a1a370a3ec4c..dba315370de7 100644
--- a/agent/grpc-external/services/peerstream/subscription_state.go
+++ b/agent/grpc-external/services/peerstream/subscription_state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_state_test.go b/agent/grpc-external/services/peerstream/subscription_state_test.go
index cc3e49ab4c9c..3cba66c9c2be 100644
--- a/agent/grpc-external/services/peerstream/subscription_state_test.go
+++ b/agent/grpc-external/services/peerstream/subscription_state_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_view.go b/agent/grpc-external/services/peerstream/subscription_view.go
index 575729bc71df..c85c82b15e5c 100644
--- a/agent/grpc-external/services/peerstream/subscription_view.go
+++ b/agent/grpc-external/services/peerstream/subscription_view.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/subscription_view_test.go b/agent/grpc-external/services/peerstream/subscription_view_test.go
index cd2f61e60feb..a51ca57e2902 100644
--- a/agent/grpc-external/services/peerstream/subscription_view_test.go
+++ b/agent/grpc-external/services/peerstream/subscription_view_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/peerstream/testing.go b/agent/grpc-external/services/peerstream/testing.go
index 47cc8d1dbec6..2208249dc6fc 100644
--- a/agent/grpc-external/services/peerstream/testing.go
+++ b/agent/grpc-external/services/peerstream/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peerstream
 
diff --git a/agent/grpc-external/services/resource/delete.go b/agent/grpc-external/services/resource/delete.go
index 123ffac35b38..b3045b3d6d29 100644
--- a/agent/grpc-external/services/resource/delete.go
+++ b/agent/grpc-external/services/resource/delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -27,38 +27,21 @@ import (
 // - Errors with Aborted if the requested Version does not match the stored Version.
 // - Errors with PermissionDenied if ACL check fails
 func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pbresource.DeleteResponse, error) {
-	reg, err := s.validateDeleteRequest(req)
-	if err != nil {
+	if err := validateDeleteRequest(req); err != nil {
 		return nil, err
 	}
 
-	entMeta := v2TenancyToV1EntMeta(req.Id.Tenancy)
-	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), entMeta)
+	reg, err := s.resolveType(req.Id.Type)
 	if err != nil {
 		return nil, err
 	}
 
-	// Retrieve resource since ACL hook requires it. Furthermore, we'll need the
-	// read to be strongly consistent if the passed in Version or Uid are empty.
-	consistency := storage.EventualConsistency
-	if req.Version == "" || req.Id.Uid == "" {
-		consistency = storage.StrongConsistency
-	}
-
-	// Apply defaults when tenancy units empty.
-	v1EntMetaToV2Tenancy(reg, entMeta, req.Id.Tenancy)
-
-	existing, err := s.Backend.Read(ctx, consistency, req.Id)
-	switch {
-	case errors.Is(err, storage.ErrNotFound):
-		// Deletes are idempotent so no-op when not found
-		return &pbresource.DeleteResponse{}, nil
-	case err != nil:
-		return nil, status.Errorf(codes.Internal, "failed read: %v", err)
+	authz, err := s.getAuthorizer(tokenFromContext(ctx))
+	if err != nil {
+		return nil, err
 	}
 
-	// Check ACLs
-	err = reg.ACLs.Write(authz, authzContext, existing)
+	err = reg.ACLs.Write(authz, req.Id)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return nil, status.Error(codes.PermissionDenied, err.Error())
@@ -66,11 +49,27 @@ func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pb
 		return nil, status.Errorf(codes.Internal, "failed write acl: %v", err)
 	}
 
+	// The storage backend requires a Version and Uid to delete a resource based
+	// on CAS semantics. When either are not provided, the resource must be read
+	// with a strongly consistent read to retrieve either or both.
+	//
+	// n.b.: There is a chance DeleteCAS may fail with a storage.ErrCASFailure
+	// if an update occurs between the Read and DeleteCAS. Consider refactoring
+	// to use retryCAS() similar to the Write endpoint to close this gap.
 	deleteVersion := req.Version
 	deleteId := req.Id
 	if deleteVersion == "" || deleteId.Uid == "" {
-		deleteVersion = existing.Version
-		deleteId = existing.Id
+		existing, err := s.Backend.Read(ctx, storage.StrongConsistency, req.Id)
+		switch {
+		case err == nil:
+			deleteVersion = existing.Version
+			deleteId = existing.Id
+		case errors.Is(err, storage.ErrNotFound):
+			// Deletes are idempotent so no-op when not found
+			return &pbresource.DeleteResponse{}, nil
+		default:
+			return nil, status.Errorf(codes.Internal, "failed read: %v", err)
+		}
 	}
 
 	if err := s.maybeCreateTombstone(ctx, deleteId); err != nil {
@@ -144,31 +143,15 @@ func (s *Server) maybeCreateTombstone(ctx context.Context, deleteId *pbresource.
 	}
 }
 
-func (s *Server) validateDeleteRequest(req *pbresource.DeleteRequest) (*resource.Registration, error) {
+func validateDeleteRequest(req *pbresource.DeleteRequest) error {
 	if req.Id == nil {
-		return nil, status.Errorf(codes.InvalidArgument, "id is required")
+		return status.Errorf(codes.InvalidArgument, "id is required")
 	}
 
 	if err := validateId(req.Id, "id"); err != nil {
-		return nil, err
-	}
-
-	reg, err := s.resolveType(req.Id.Type)
-	if err != nil {
-		return nil, err
+		return err
 	}
-
-	// Check scope
-	if reg.Scope == resource.ScopePartition && req.Id.Tenancy.Namespace != "" {
-		return nil, status.Errorf(
-			codes.InvalidArgument,
-			"partition scoped resource %s cannot have a namespace. got: %s",
-			resource.ToGVK(req.Id.Type),
-			req.Id.Tenancy.Namespace,
-		)
-	}
-
-	return reg, nil
+	return nil
 }
 
 // Maintains a deterministic mapping between a resource and it's tombstone's
diff --git a/agent/grpc-external/services/resource/delete_test.go b/agent/grpc-external/services/resource/delete_test.go
index 3b8a8099021d..0e98d3fd57a7 100644
--- a/agent/grpc-external/services/resource/delete_test.go
+++ b/agent/grpc-external/services/resource/delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -11,7 +11,6 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
 
 	"github.com/hashicorp/consul/acl/resolver"
 	"github.com/hashicorp/consul/internal/resource"
@@ -26,36 +25,32 @@ func TestDelete_InputValidation(t *testing.T) {
 
 	demo.RegisterTypes(server.Registry)
 
-	testCases := map[string]func(artistId, recordLabelId *pbresource.ID) *pbresource.ID{
-		"no id": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID {
-			return nil
+	testCases := map[string]func(*pbresource.DeleteRequest){
+		"no id":      func(req *pbresource.DeleteRequest) { req.Id = nil },
+		"no type":    func(req *pbresource.DeleteRequest) { req.Id.Type = nil },
+		"no tenancy": func(req *pbresource.DeleteRequest) { req.Id.Tenancy = nil },
+		"no name":    func(req *pbresource.DeleteRequest) { req.Id.Name = "" },
+		// clone necessary to not pollute DefaultTenancy
+		"tenancy partition not default": func(req *pbresource.DeleteRequest) {
+			req.Id.Tenancy = clone(req.Id.Tenancy)
+			req.Id.Tenancy.Partition = ""
 		},
-		"no type": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			artistId.Type = nil
-			return artistId
+		"tenancy namespace not default": func(req *pbresource.DeleteRequest) {
+			req.Id.Tenancy = clone(req.Id.Tenancy)
+			req.Id.Tenancy.Namespace = ""
 		},
-		"no tenancy": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			artistId.Tenancy = nil
-			return artistId
-		},
-		"no name": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			artistId.Name = ""
-			return artistId
-		},
-		"partition scoped resource with namespace": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
-			recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace"
-			return recordLabelId
+		"tenancy peername not local": func(req *pbresource.DeleteRequest) {
+			req.Id.Tenancy = clone(req.Id.Tenancy)
+			req.Id.Tenancy.PeerName = ""
 		},
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
-			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
-			require.NoError(t, err)
-
-			artist, err := demo.GenerateV2Artist()
+			res, err := demo.GenerateV2Artist()
 			require.NoError(t, err)
 
-			req := &pbresource.DeleteRequest{Id: modFn(artist.Id, recordLabel.Id), Version: ""}
+			req := &pbresource.DeleteRequest{Id: res.Id, Version: ""}
+			modFn(req)
 
 			_, err = client.Delete(testContext(t), req)
 			require.Error(t, err)
@@ -127,48 +122,34 @@ func TestDelete_Success(t *testing.T) {
 
 	for desc, tc := range deleteTestCases() {
 		t.Run(desc, func(t *testing.T) {
-			for tenancyDesc, modFn := range tenancyCases() {
-				t.Run(tenancyDesc, func(t *testing.T) {
-					server, client, ctx := testDeps(t)
-					demo.RegisterTypes(server.Registry)
-
-					recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
-					require.NoError(t, err)
-					recordLabel, err = server.Backend.WriteCAS(ctx, recordLabel)
-					require.NoError(t, err)
-
-					artist, err := demo.GenerateV2Artist()
-					require.NoError(t, err)
-					artist, err = server.Backend.WriteCAS(ctx, artist)
-					require.NoError(t, err)
-
-					// Pick the resource to be deleted based on type's scope
-					deleteId := modFn(artist.Id, recordLabel.Id)
-					deleteReq := tc.deleteReqFn(recordLabel)
-					if proto.Equal(deleteId.Type, demo.TypeV2Artist) {
-						deleteReq = tc.deleteReqFn(artist)
-					}
-
-					// Delete
-					_, err = client.Delete(ctx, deleteReq)
-					require.NoError(t, err)
-
-					// Verify deleted
-					_, err = server.Backend.Read(ctx, storage.StrongConsistency, deleteId)
-					require.Error(t, err)
-					require.ErrorIs(t, err, storage.ErrNotFound)
-
-					// Verify tombstone created
-					_, err = client.Read(ctx, &pbresource.ReadRequest{
-						Id: &pbresource.ID{
-							Name:    tombstoneName(deleteReq.Id),
-							Type:    resource.TypeV1Tombstone,
-							Tenancy: deleteReq.Id.Tenancy,
-						},
-					})
-					require.NoError(t, err, "expected tombstome to be found")
-				})
-			}
+			server, client, ctx := testDeps(t)
+			demo.RegisterTypes(server.Registry)
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
+
+			rsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: artist})
+			require.NoError(t, err)
+			artistId := clone(rsp.Resource.Id)
+			artist = rsp.Resource
+
+			// delete
+			_, err = client.Delete(ctx, tc.deleteReqFn(artist))
+			require.NoError(t, err)
+
+			// verify deleted
+			_, err = server.Backend.Read(ctx, storage.StrongConsistency, artistId)
+			require.Error(t, err)
+			require.ErrorIs(t, err, storage.ErrNotFound)
+
+			// verify tombstone created
+			_, err = client.Read(ctx, &pbresource.ReadRequest{
+				Id: &pbresource.ID{
+					Name:    tombstoneName(artistId),
+					Type:    resource.TypeV1Tombstone,
+					Tenancy: artist.Id.Tenancy,
+				},
+			})
+			require.NoError(t, err)
 		})
 	}
 }
diff --git a/agent/grpc-external/services/resource/list.go b/agent/grpc-external/services/resource/list.go
index cc2b19026a11..77269e74688f 100644
--- a/agent/grpc-external/services/resource/list.go
+++ b/agent/grpc-external/services/resource/list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -10,27 +10,28 @@ import (
 	"google.golang.org/grpc/status"
 
 	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbresource.ListResponse, error) {
-	reg, err := s.validateListRequest(req)
+	if err := validateListRequest(req); err != nil {
+		return nil, err
+	}
+
+	// check type
+	reg, err := s.resolveType(req.Type)
 	if err != nil {
 		return nil, err
 	}
 
-	// v1 ACL subsystem is "wildcard" aware so just pass on through.
-	entMeta := v2TenancyToV1EntMeta(req.Tenancy)
-	token := tokenFromContext(ctx)
-	authz, authzContext, err := s.getAuthorizer(token, entMeta)
+	authz, err := s.getAuthorizer(tokenFromContext(ctx))
 	if err != nil {
 		return nil, err
 	}
 
-	// Check ACLs.
-	err = reg.ACLs.List(authz, authzContext)
+	// check acls
+	err = reg.ACLs.List(authz, req.Tenancy)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return nil, status.Error(codes.PermissionDenied, err.Error())
@@ -38,9 +39,6 @@ func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbreso
 		return nil, status.Errorf(codes.Internal, "failed list acl: %v", err)
 	}
 
-	// Ensure we're defaulting correctly when request tenancy units are empty.
-	v1EntMetaToV2Tenancy(reg, entMeta, req.Tenancy)
-
 	resources, err := s.Backend.List(
 		ctx,
 		readConsistencyFrom(ctx),
@@ -54,22 +52,13 @@ func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbreso
 
 	result := make([]*pbresource.Resource, 0)
 	for _, resource := range resources {
-		// Filter out non-matching GroupVersion.
+		// filter out non-matching GroupVersion
 		if resource.Id.Type.GroupVersion != req.Type.GroupVersion {
 			continue
 		}
 
-		// Need to rebuild authorizer per resource since wildcard inputs may
-		// result in different tenancies. Consider caching per tenancy if this
-		// is deemed expensive.
-		entMeta = v2TenancyToV1EntMeta(resource.Id.Tenancy)
-		authz, authzContext, err = s.getAuthorizer(token, entMeta)
-		if err != nil {
-			return nil, err
-		}
-
-		// Filter out items that don't pass read ACLs.
-		err = reg.ACLs.Read(authz, authzContext, resource.Id)
+		// filter out items that don't pass read ACLs
+		err = reg.ACLs.Read(authz, resource.Id)
 		switch {
 		case acl.IsErrPermissionDenied(err):
 			continue
@@ -81,37 +70,15 @@ func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbreso
 	return &pbresource.ListResponse{Resources: result}, nil
 }
 
-func (s *Server) validateListRequest(req *pbresource.ListRequest) (*resource.Registration, error) {
+func validateListRequest(req *pbresource.ListRequest) error {
 	var field string
 	switch {
 	case req.Type == nil:
 		field = "type"
 	case req.Tenancy == nil:
 		field = "tenancy"
+	default:
+		return nil
 	}
-
-	if field != "" {
-		return nil, status.Errorf(codes.InvalidArgument, "%s is required", field)
-	}
-
-	// Check type exists.
-	reg, err := s.resolveType(req.Type)
-	if err != nil {
-		return nil, err
-	}
-
-	// Lowercase
-	resource.Normalize(req.Tenancy)
-
-	// Error when partition scoped and namespace not empty.
-	if reg.Scope == resource.ScopePartition && req.Tenancy.Namespace != "" {
-		return nil, status.Errorf(
-			codes.InvalidArgument,
-			"partition scoped type %s cannot have a namespace. got: %s",
-			resource.ToGVK(req.Type),
-			req.Tenancy.Namespace,
-		)
-	}
-
-	return reg, nil
+	return status.Errorf(codes.InvalidArgument, "%s is required", field)
 }
diff --git a/agent/grpc-external/services/resource/list_by_owner.go b/agent/grpc-external/services/resource/list_by_owner.go
index 3c0ccbda65e8..2cc203e72c30 100644
--- a/agent/grpc-external/services/resource/list_by_owner.go
+++ b/agent/grpc-external/services/resource/list_by_owner.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -10,71 +10,38 @@ import (
 	"google.golang.org/grpc/status"
 
 	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func (s *Server) ListByOwner(ctx context.Context, req *pbresource.ListByOwnerRequest) (*pbresource.ListByOwnerResponse, error) {
-	reg, err := s.validateListByOwnerRequest(req)
-	if err != nil {
+	if err := validateListByOwnerRequest(req); err != nil {
 		return nil, err
 	}
 
-	// Convert v2 request tenancy to v1 for ACL subsystem.
-	entMeta := v2TenancyToV1EntMeta(req.Owner.Tenancy)
-	token := tokenFromContext(ctx)
-
-	// Fill entMeta with token tenancy when empty.
-	authz, authzContext, err := s.getAuthorizer(token, entMeta)
+	_, err := s.resolveType(req.Owner.Type)
 	if err != nil {
 		return nil, err
 	}
 
-	// Handle defaulting empty tenancy units from request.
-	v1EntMetaToV2Tenancy(reg, entMeta, req.Owner.Tenancy)
-
-	// Check list ACL before verifying tenancy exists to not leak tenancy existence.
-	err = reg.ACLs.List(authz, authzContext)
-	switch {
-	case acl.IsErrPermissionDenied(err):
-		return nil, status.Error(codes.PermissionDenied, err.Error())
-	case err != nil:
-		return nil, status.Errorf(codes.Internal, "failed list acl: %v", err)
-	}
-
-	// Check v1 tenancy exists for the v2 resource.
-	if err = v1TenancyExists(reg, s.V1TenancyBridge, req.Owner.Tenancy, codes.InvalidArgument); err != nil {
-		return nil, err
-	}
-
-	// Get owned resources.
 	children, err := s.Backend.ListByOwner(ctx, req.Owner)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed list by owner: %v", err)
 	}
 
+	authz, err := s.getAuthorizer(tokenFromContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
 	result := make([]*pbresource.Resource, 0)
 	for _, child := range children {
-		// Retrieve child type's registration to access read ACL hook.
-		childReg, err := s.resolveType(child.Id.Type)
+		reg, err := s.resolveType(child.Id.Type)
 		if err != nil {
 			return nil, err
 		}
 
-		// Rebuild authorizer if tenancy not identical between owner and child (child scope
-		// may be narrower).
-		childAuthz := authz
-		childAuthzContext := authzContext
-		if !resource.EqualTenancy(req.Owner.Tenancy, child.Id.Tenancy) {
-			childEntMeta := v2TenancyToV1EntMeta(child.Id.Tenancy)
-			childAuthz, childAuthzContext, err = s.getAuthorizer(token, childEntMeta)
-			if err != nil {
-				return nil, err
-			}
-		}
-
-		// Filter out children that fail real ACL.
-		err = childReg.ACLs.Read(childAuthz, childAuthzContext, child.Id)
+		// ACL filter
+		err = reg.ACLs.Read(authz, child.Id)
 		switch {
 		case acl.IsErrPermissionDenied(err):
 			continue
@@ -87,36 +54,17 @@ func (s *Server) ListByOwner(ctx context.Context, req *pbresource.ListByOwnerReq
 	return &pbresource.ListByOwnerResponse{Resources: result}, nil
 }
 
-func (s *Server) validateListByOwnerRequest(req *pbresource.ListByOwnerRequest) (*resource.Registration, error) {
+func validateListByOwnerRequest(req *pbresource.ListByOwnerRequest) error {
 	if req.Owner == nil {
-		return nil, status.Errorf(codes.InvalidArgument, "owner is required")
+		return status.Errorf(codes.InvalidArgument, "owner is required")
 	}
 
 	if err := validateId(req.Owner, "owner"); err != nil {
-		return nil, err
+		return err
 	}
 
 	if req.Owner.Uid == "" {
-		return nil, status.Errorf(codes.InvalidArgument, "owner uid is required")
+		return status.Errorf(codes.InvalidArgument, "owner uid is required")
 	}
-
-	reg, err := s.resolveType(req.Owner.Type)
-	if err != nil {
-		return nil, err
-	}
-
-	// Lowercase
-	resource.Normalize(req.Owner.Tenancy)
-
-	// Error when partition scoped and namespace not empty.
-	if reg.Scope == resource.ScopePartition && req.Owner.Tenancy.Namespace != "" {
-		return nil, status.Errorf(
-			codes.InvalidArgument,
-			"partition scoped type %s cannot have a namespace. got: %s",
-			resource.ToGVK(req.Owner.Type),
-			req.Owner.Tenancy.Namespace,
-		)
-	}
-
-	return reg, nil
+	return nil
 }
diff --git a/agent/grpc-external/services/resource/list_by_owner_test.go b/agent/grpc-external/services/resource/list_by_owner_test.go
index 4a60e3ac9460..218971a050da 100644
--- a/agent/grpc-external/services/resource/list_by_owner_test.go
+++ b/agent/grpc-external/services/resource/list_by_owner_test.go
@@ -1,5 +1,5 @@
 // // Copyright (c) HashiCorp, Inc.
-// // SPDX-License-Identifier: BUSL-1.1
+// // SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -9,7 +9,6 @@ import (
 	"testing"
 
 	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/prototest"
@@ -18,49 +17,41 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
 )
 
 func TestListByOwner_InputValidation(t *testing.T) {
 	server := testServer(t)
 	client := testClient(t, server)
+
 	demo.RegisterTypes(server.Registry)
 
-	testCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
-		"no owner": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID {
-			return nil
-		},
-		"no type": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			artistId.Type = nil
-			return artistId
-		},
-		"no tenancy": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			artistId.Tenancy = nil
-			return artistId
+	testCases := map[string]func(*pbresource.ListByOwnerRequest){
+		"no owner":   func(req *pbresource.ListByOwnerRequest) { req.Owner = nil },
+		"no type":    func(req *pbresource.ListByOwnerRequest) { req.Owner.Type = nil },
+		"no tenancy": func(req *pbresource.ListByOwnerRequest) { req.Owner.Tenancy = nil },
+		"no name":    func(req *pbresource.ListByOwnerRequest) { req.Owner.Name = "" },
+		"no uid":     func(req *pbresource.ListByOwnerRequest) { req.Owner.Uid = "" },
+		// clone necessary to not pollute DefaultTenancy
+		"tenancy partition not default": func(req *pbresource.ListByOwnerRequest) {
+			req.Owner.Tenancy = clone(req.Owner.Tenancy)
+			req.Owner.Tenancy.Partition = ""
 		},
-		"no name": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			artistId.Name = ""
-			return artistId
+		"tenancy namespace not default": func(req *pbresource.ListByOwnerRequest) {
+			req.Owner.Tenancy = clone(req.Owner.Tenancy)
+			req.Owner.Tenancy.Namespace = ""
 		},
-		"no uid": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			artistId.Uid = ""
-			return artistId
-		},
-		"partition scope with non-empty namespace": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
-			recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace"
-			return recordLabelId
+		"tenancy peername not local": func(req *pbresource.ListByOwnerRequest) {
+			req.Owner.Tenancy = clone(req.Owner.Tenancy)
+			req.Owner.Tenancy.PeerName = ""
 		},
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
-			artist, err := demo.GenerateV2Artist()
-			require.NoError(t, err)
-
-			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
+			res, err := demo.GenerateV2Artist()
 			require.NoError(t, err)
 
-			// Each test case picks which resource to use based on the resource type's scope.
-			req := &pbresource.ListByOwnerRequest{Owner: modFn(artist.Id, recordLabel.Id)}
+			req := &pbresource.ListByOwnerRequest{Owner: res.Id}
+			modFn(req)
 
 			_, err = client.ListByOwner(testContext(t), req)
 			require.Error(t, err)
@@ -76,7 +67,7 @@ func TestListByOwner_TypeNotRegistered(t *testing.T) {
 	_, err := client.ListByOwner(context.Background(), &pbresource.ListByOwnerRequest{
 		Owner: &pbresource.ID{
 			Type:    demo.TypeV2Artist,
-			Tenancy: resource.DefaultNamespacedTenancy(),
+			Tenancy: demo.TenancyDefault,
 			Uid:     "bogus",
 			Name:    "bogus",
 		},
@@ -134,108 +125,8 @@ func TestListByOwner_Many(t *testing.T) {
 	prototest.AssertElementsMatch(t, albums, rsp3.Resources)
 }
 
-func TestListByOwner_OwnerTenancyDoesNotExist(t *testing.T) {
-	tenancyCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
-		"partition not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			id := clone(artistId)
-			id.Uid = "doesnotmatter"
-			id.Tenancy.Partition = "boguspartition"
-			return id
-		},
-		"namespace not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			id := clone(artistId)
-			id.Uid = "doesnotmatter"
-			id.Tenancy.Namespace = "bogusnamespace"
-			return id
-		},
-		"partition not found when partition scoped": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
-			id := clone(recordLabelId)
-			id.Uid = "doesnotmatter"
-			id.Tenancy.Partition = "boguspartition"
-			return id
-		},
-	}
-	for desc, modFn := range tenancyCases {
-		t.Run(desc, func(t *testing.T) {
-			server := testServer(t)
-			demo.RegisterTypes(server.Registry)
-			client := testClient(t, server)
-
-			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
-			require.NoError(t, err)
-			recordLabel, err = server.Backend.WriteCAS(testContext(t), recordLabel)
-			require.NoError(t, err)
-
-			artist, err := demo.GenerateV2Artist()
-			require.NoError(t, err)
-			artist, err = server.Backend.WriteCAS(testContext(t), artist)
-			require.NoError(t, err)
-
-			// Verify non-existant tenancy units in owner err with not found.
-			_, err = client.ListByOwner(testContext(t), &pbresource.ListByOwnerRequest{Owner: modFn(artist.Id, recordLabel.Id)})
-			require.Error(t, err)
-			require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
-			require.Contains(t, err.Error(), "resource not found")
-		})
-	}
-}
-
-func TestListByOwner_Tenancy_Defaults_And_Normalization(t *testing.T) {
-	for tenancyDesc, modFn := range tenancyCases() {
-		t.Run(tenancyDesc, func(t *testing.T) {
-			server := testServer(t)
-			demo.RegisterTypes(server.Registry)
-			client := testClient(t, server)
-
-			// Create partition scoped recordLabel.
-			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
-			require.NoError(t, err)
-			rsp1, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: recordLabel})
-			require.NoError(t, err)
-			recordLabel = rsp1.Resource
-
-			// Create namespace scoped artist.
-			artist, err := demo.GenerateV2Artist()
-			require.NoError(t, err)
-			rsp2, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: artist})
-			require.NoError(t, err)
-			artist = rsp2.Resource
-
-			// Owner will be either partition scoped (recordLabel) or namespace scoped (artist) based on testcase.
-			moddedOwnerId := modFn(artist.Id, recordLabel.Id)
-			var ownerId *pbresource.ID
-
-			// Avoid using the modded id when linking owner to child.
-			switch {
-			case proto.Equal(moddedOwnerId.Type, demo.TypeV2Artist):
-				ownerId = artist.Id
-			case proto.Equal(moddedOwnerId.Type, demo.TypeV1RecordLabel):
-				ownerId = recordLabel.Id
-			default:
-				require.Fail(t, "unexpected resource type")
-			}
-
-			// Link owner to child.
-			album, err := demo.GenerateV2Album(ownerId)
-			require.NoError(t, err)
-			rsp3, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: album})
-			require.NoError(t, err)
-			album = rsp3.Resource
-
-			// Test
-			listRsp, err := client.ListByOwner(testContext(t), &pbresource.ListByOwnerRequest{
-				Owner: moddedOwnerId,
-			})
-			require.NoError(t, err)
-
-			// Verify child album always returned.
-			prototest.AssertDeepEqual(t, album, listRsp.Resources[0])
-		})
-	}
-}
-
 func TestListByOwner_ACL_PerTypeDenied(t *testing.T) {
-	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.Album/" { policy = "deny" }`, demo.ArtistV2ListPolicy)
+	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.Album/" { policy = "deny" }`)
 	_, rsp, err := roundTripListByOwner(t, authz)
 
 	// verify resource filtered out, hence no results
@@ -244,7 +135,7 @@ func TestListByOwner_ACL_PerTypeDenied(t *testing.T) {
 }
 
 func TestListByOwner_ACL_PerTypeAllowed(t *testing.T) {
-	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.Album/" { policy = "read" }`, demo.ArtistV2ListPolicy)
+	authz := AuthorizerFrom(t, `key_prefix "resource/demo.v2.Album/" { policy = "read" }`)
 	album, rsp, err := roundTripListByOwner(t, authz)
 
 	// verify resource not filtered out
diff --git a/agent/grpc-external/services/resource/list_test.go b/agent/grpc-external/services/resource/list_test.go
index 64026b7d34e5..4d6b50951b75 100644
--- a/agent/grpc-external/services/resource/list_test.go
+++ b/agent/grpc-external/services/resource/list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -10,7 +10,6 @@ import (
 
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/grpc-external/testutils"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -32,16 +31,12 @@ func TestList_InputValidation(t *testing.T) {
 	testCases := map[string]func(*pbresource.ListRequest){
 		"no type":    func(req *pbresource.ListRequest) { req.Type = nil },
 		"no tenancy": func(req *pbresource.ListRequest) { req.Tenancy = nil },
-		"partitioned resource provides non-empty namespace": func(req *pbresource.ListRequest) {
-			req.Type = demo.TypeV1RecordLabel
-			req.Tenancy.Namespace = "bad"
-		},
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
 			req := &pbresource.ListRequest{
 				Type:    demo.TypeV2Album,
-				Tenancy: resource.DefaultNamespacedTenancy(),
+				Tenancy: demo.TenancyDefault,
 			}
 			modFn(req)
 
@@ -58,7 +53,7 @@ func TestList_TypeNotFound(t *testing.T) {
 
 	_, err := client.List(context.Background(), &pbresource.ListRequest{
 		Type:       demo.TypeV2Artist,
-		Tenancy:    resource.DefaultNamespacedTenancy(),
+		Tenancy:    demo.TenancyDefault,
 		NamePrefix: "",
 	})
 	require.Error(t, err)
@@ -75,7 +70,7 @@ func TestList_Empty(t *testing.T) {
 
 			rsp, err := client.List(tc.ctx, &pbresource.ListRequest{
 				Type:       demo.TypeV1Artist,
-				Tenancy:    resource.DefaultNamespacedTenancy(),
+				Tenancy:    demo.TenancyDefault,
 				NamePrefix: "",
 			})
 			require.NoError(t, err)
@@ -107,7 +102,7 @@ func TestList_Many(t *testing.T) {
 
 			rsp, err := client.List(tc.ctx, &pbresource.ListRequest{
 				Type:       demo.TypeV2Artist,
-				Tenancy:    resource.DefaultNamespacedTenancy(),
+				Tenancy:    demo.TenancyDefault,
 				NamePrefix: "",
 			})
 			require.NoError(t, err)
@@ -116,44 +111,6 @@ func TestList_Many(t *testing.T) {
 	}
 }
 
-func TestList_Tenancy_Defaults_And_Normalization(t *testing.T) {
-	// Test units of tenancy get defaulted correctly when empty.
-	ctx := context.Background()
-	for desc, tc := range wildcardTenancyCases() {
-		t.Run(desc, func(t *testing.T) {
-			server := testServer(t)
-			demo.RegisterTypes(server.Registry)
-			client := testClient(t, server)
-
-			// Write partition scoped record label
-			recordLabel, err := demo.GenerateV1RecordLabel("LooneyTunes")
-			require.NoError(t, err)
-			recordLabelRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: recordLabel})
-			require.NoError(t, err)
-
-			// Write namespace scoped artist
-			artist, err := demo.GenerateV2Artist()
-			require.NoError(t, err)
-			artistRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: artist})
-			require.NoError(t, err)
-
-			// List and verify correct resource returned for empty tenancy units.
-			listRsp, err := client.List(ctx, &pbresource.ListRequest{
-				Type:    tc.typ,
-				Tenancy: tc.tenancy,
-			})
-			require.NoError(t, err)
-			require.Len(t, listRsp.Resources, 1)
-			if tc.typ == demo.TypeV1RecordLabel {
-				prototest.AssertDeepEqual(t, recordLabelRsp.Resource, listRsp.Resources[0])
-			} else {
-				prototest.AssertDeepEqual(t, artistRsp.Resource, listRsp.Resources[0])
-			}
-		})
-
-	}
-}
-
 func TestList_GroupVersionMismatch(t *testing.T) {
 	for desc, tc := range listTestCases() {
 		t.Run(desc, func(t *testing.T) {
diff --git a/agent/grpc-external/services/resource/mock_TenancyBridge.go b/agent/grpc-external/services/resource/mock_TenancyBridge.go
deleted file mode 100644
index 662b4004b99f..000000000000
--- a/agent/grpc-external/services/resource/mock_TenancyBridge.go
+++ /dev/null
@@ -1,121 +0,0 @@
-// Code generated by mockery v2.20.0. DO NOT EDIT.
-
-package resource
-
-import mock "github.com/stretchr/testify/mock"
-
-// MockTenancyBridge is an autogenerated mock type for the TenancyBridge type
-type MockTenancyBridge struct {
-	mock.Mock
-}
-
-// IsNamespaceMarkedForDeletion provides a mock function with given fields: partition, namespace
-func (_m *MockTenancyBridge) IsNamespaceMarkedForDeletion(partition string, namespace string) (bool, error) {
-	ret := _m.Called(partition, namespace)
-
-	var r0 bool
-	var r1 error
-	if rf, ok := ret.Get(0).(func(string, string) (bool, error)); ok {
-		return rf(partition, namespace)
-	}
-	if rf, ok := ret.Get(0).(func(string, string) bool); ok {
-		r0 = rf(partition, namespace)
-	} else {
-		r0 = ret.Get(0).(bool)
-	}
-
-	if rf, ok := ret.Get(1).(func(string, string) error); ok {
-		r1 = rf(partition, namespace)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// IsPartitionMarkedForDeletion provides a mock function with given fields: partition
-func (_m *MockTenancyBridge) IsPartitionMarkedForDeletion(partition string) (bool, error) {
-	ret := _m.Called(partition)
-
-	var r0 bool
-	var r1 error
-	if rf, ok := ret.Get(0).(func(string) (bool, error)); ok {
-		return rf(partition)
-	}
-	if rf, ok := ret.Get(0).(func(string) bool); ok {
-		r0 = rf(partition)
-	} else {
-		r0 = ret.Get(0).(bool)
-	}
-
-	if rf, ok := ret.Get(1).(func(string) error); ok {
-		r1 = rf(partition)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// NamespaceExists provides a mock function with given fields: partition, namespace
-func (_m *MockTenancyBridge) NamespaceExists(partition string, namespace string) (bool, error) {
-	ret := _m.Called(partition, namespace)
-
-	var r0 bool
-	var r1 error
-	if rf, ok := ret.Get(0).(func(string, string) (bool, error)); ok {
-		return rf(partition, namespace)
-	}
-	if rf, ok := ret.Get(0).(func(string, string) bool); ok {
-		r0 = rf(partition, namespace)
-	} else {
-		r0 = ret.Get(0).(bool)
-	}
-
-	if rf, ok := ret.Get(1).(func(string, string) error); ok {
-		r1 = rf(partition, namespace)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// PartitionExists provides a mock function with given fields: partition
-func (_m *MockTenancyBridge) PartitionExists(partition string) (bool, error) {
-	ret := _m.Called(partition)
-
-	var r0 bool
-	var r1 error
-	if rf, ok := ret.Get(0).(func(string) (bool, error)); ok {
-		return rf(partition)
-	}
-	if rf, ok := ret.Get(0).(func(string) bool); ok {
-		r0 = rf(partition)
-	} else {
-		r0 = ret.Get(0).(bool)
-	}
-
-	if rf, ok := ret.Get(1).(func(string) error); ok {
-		r1 = rf(partition)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-type mockConstructorTestingTNewMockTenancyBridge interface {
-	mock.TestingT
-	Cleanup(func())
-}
-
-// NewMockTenancyBridge creates a new instance of MockTenancyBridge. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-func NewMockTenancyBridge(t mockConstructorTestingTNewMockTenancyBridge) *MockTenancyBridge {
-	mock := &MockTenancyBridge{}
-	mock.Mock.Test(t)
-
-	t.Cleanup(func() { mock.AssertExpectations(t) })
-
-	return mock
-}
diff --git a/agent/grpc-external/services/resource/read.go b/agent/grpc-external/services/resource/read.go
index febfcb69f0fa..c75779183cb8 100644
--- a/agent/grpc-external/services/resource/read.go
+++ b/agent/grpc-external/services/resource/read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -11,41 +11,28 @@ import (
 	"google.golang.org/grpc/status"
 
 	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbresource.ReadResponse, error) {
-	// Light first pass validation based on what user passed in and not much more.
-	reg, err := s.validateReadRequest(req)
-	if err != nil {
+	if err := validateReadRequest(req); err != nil {
 		return nil, err
 	}
 
-	// acl.EnterpriseMeta acl.AuthorizerContext follow rules for V1 resources since they integrate with the V1 acl subsystem.
-	// pbresource.Tenacy follows rules for V2 resources and the Resource service.
-	// Example:
-	//
-	//    A CE namespace scoped resource:
-	//      V1: EnterpriseMeta{}
-	//      V2: Tenancy {Partition: "default", Namespace: "default"}
-	//
-	//   An ENT namespace scoped resource:
-	//      V1: EnterpriseMeta{Partition: "default", Namespace: "default"}
-	//      V2: Tenancy {Partition: "default", Namespace: "default"}
-	//
-	// It is necessary to convert back and forth depending on which component supports which version, V1 or V2.
-	entMeta := v2TenancyToV1EntMeta(req.Id.Tenancy)
-	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), entMeta)
+	// check type exists
+	reg, err := s.resolveType(req.Id.Type)
 	if err != nil {
 		return nil, err
 	}
 
-	v1EntMetaToV2Tenancy(reg, entMeta, req.Id.Tenancy)
+	authz, err := s.getAuthorizer(tokenFromContext(ctx))
+	if err != nil {
+		return nil, err
+	}
 
-	// ACL check comes before tenancy existence checks to not leak tenancy "existence".
-	err = reg.ACLs.Read(authz, authzContext, req.Id)
+	// check acls
+	err = reg.ACLs.Read(authz, req.Id)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return nil, status.Error(codes.PermissionDenied, err.Error())
@@ -53,11 +40,6 @@ func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbreso
 		return nil, status.Errorf(codes.Internal, "failed read acl: %v", err)
 	}
 
-	// Check V1 tenancy exists for the V2 resource.
-	if err = v1TenancyExists(reg, s.V1TenancyBridge, req.Id.Tenancy, codes.NotFound); err != nil {
-		return nil, err
-	}
-
 	resource, err := s.Backend.Read(ctx, readConsistencyFrom(ctx), req.Id)
 	switch {
 	case err == nil:
@@ -71,30 +53,13 @@ func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbreso
 	}
 }
 
-func (s *Server) validateReadRequest(req *pbresource.ReadRequest) (*resource.Registration, error) {
+func validateReadRequest(req *pbresource.ReadRequest) error {
 	if req.Id == nil {
-		return nil, status.Errorf(codes.InvalidArgument, "id is required")
+		return status.Errorf(codes.InvalidArgument, "id is required")
 	}
 
 	if err := validateId(req.Id, "id"); err != nil {
-		return nil, err
+		return err
 	}
-
-	// Check type exists.
-	reg, err := s.resolveType(req.Id.Type)
-	if err != nil {
-		return nil, err
-	}
-
-	// Check scope
-	if reg.Scope == resource.ScopePartition && req.Id.Tenancy.Namespace != "" {
-		return nil, status.Errorf(
-			codes.InvalidArgument,
-			"partition scoped resource %s cannot have a namespace. got: %s",
-			resource.ToGVK(req.Id.Type),
-			req.Id.Tenancy.Namespace,
-		)
-	}
-
-	return reg, nil
+	return nil
 }
diff --git a/agent/grpc-external/services/resource/read_test.go b/agent/grpc-external/services/resource/read_test.go
index ff312c82ca00..cca911ec15b5 100644
--- a/agent/grpc-external/services/resource/read_test.go
+++ b/agent/grpc-external/services/resource/read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -12,7 +12,6 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
 
 	"github.com/hashicorp/consul/acl/resolver"
 	"github.com/hashicorp/consul/internal/resource"
@@ -25,37 +24,35 @@ import (
 func TestRead_InputValidation(t *testing.T) {
 	server := testServer(t)
 	client := testClient(t, server)
+
 	demo.RegisterTypes(server.Registry)
 
-	testCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
-		"no id": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID { return nil },
-		"no type": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			artistId.Type = nil
-			return artistId
-		},
-		"no tenancy": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			artistId.Tenancy = nil
-			return artistId
+	testCases := map[string]func(*pbresource.ReadRequest){
+		"no id":      func(req *pbresource.ReadRequest) { req.Id = nil },
+		"no type":    func(req *pbresource.ReadRequest) { req.Id.Type = nil },
+		"no tenancy": func(req *pbresource.ReadRequest) { req.Id.Tenancy = nil },
+		"no name":    func(req *pbresource.ReadRequest) { req.Id.Name = "" },
+		// clone necessary to not pollute DefaultTenancy
+		"tenancy partition not default": func(req *pbresource.ReadRequest) {
+			req.Id.Tenancy = clone(req.Id.Tenancy)
+			req.Id.Tenancy.Partition = ""
 		},
-		"no name": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			artistId.Name = ""
-			return artistId
+		"tenancy namespace not default": func(req *pbresource.ReadRequest) {
+			req.Id.Tenancy = clone(req.Id.Tenancy)
+			req.Id.Tenancy.Namespace = ""
 		},
-		"partition scope with non-empty namespace": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
-			recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace"
-			return recordLabelId
+		"tenancy peername not local": func(req *pbresource.ReadRequest) {
+			req.Id.Tenancy = clone(req.Id.Tenancy)
+			req.Id.Tenancy.PeerName = ""
 		},
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
-			artist, err := demo.GenerateV2Artist()
+			res, err := demo.GenerateV2Artist()
 			require.NoError(t, err)
 
-			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
-			require.NoError(t, err)
-
-			// Each test case picks which resource to use based on the resource type's scope.
-			req := &pbresource.ReadRequest{Id: modFn(artist.Id, recordLabel.Id)}
+			req := &pbresource.ReadRequest{Id: res.Id}
+			modFn(req)
 
 			_, err = client.Read(testContext(t), req)
 			require.Error(t, err)
@@ -80,50 +77,18 @@ func TestRead_TypeNotFound(t *testing.T) {
 func TestRead_ResourceNotFound(t *testing.T) {
 	for desc, tc := range readTestCases() {
 		t.Run(desc, func(t *testing.T) {
-			tenancyCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
-				"resource not found by name": func(artistId, _ *pbresource.ID) *pbresource.ID {
-					artistId.Name = "bogusname"
-					return artistId
-				},
-				"partition not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID {
-					id := clone(artistId)
-					id.Tenancy.Partition = "boguspartition"
-					return id
-				},
-				"namespace not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID {
-					id := clone(artistId)
-					id.Tenancy.Namespace = "bogusnamespace"
-					return id
-				},
-				"partition not found when partition scoped": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
-					id := clone(recordLabelId)
-					id.Tenancy.Partition = "boguspartition"
-					return id
-				},
-			}
-			for tenancyDesc, modFn := range tenancyCases {
-				t.Run(tenancyDesc, func(t *testing.T) {
-					server := testServer(t)
-					demo.RegisterTypes(server.Registry)
-					client := testClient(t, server)
-
-					recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
-					require.NoError(t, err)
-					recordLabel, err = server.Backend.WriteCAS(tc.ctx, recordLabel)
-					require.NoError(t, err)
-
-					artist, err := demo.GenerateV2Artist()
-					require.NoError(t, err)
-					artist, err = server.Backend.WriteCAS(tc.ctx, artist)
-					require.NoError(t, err)
-
-					// Each tenancy test case picks which resource to use based on the resource type's scope.
-					_, err = client.Read(tc.ctx, &pbresource.ReadRequest{Id: modFn(artist.Id, recordLabel.Id)})
-					require.Error(t, err)
-					require.Equal(t, codes.NotFound.String(), status.Code(err).String())
-					require.Contains(t, err.Error(), "resource not found")
-				})
-			}
+			server := testServer(t)
+
+			demo.RegisterTypes(server.Registry)
+			client := testClient(t, server)
+
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
+
+			_, err = client.Read(tc.ctx, &pbresource.ReadRequest{Id: artist.Id})
+			require.Error(t, err)
+			require.Equal(t, codes.NotFound.String(), status.Code(err).String())
+			require.Contains(t, err.Error(), "resource not found")
 		})
 	}
 }
@@ -156,37 +121,20 @@ func TestRead_GroupVersionMismatch(t *testing.T) {
 func TestRead_Success(t *testing.T) {
 	for desc, tc := range readTestCases() {
 		t.Run(desc, func(t *testing.T) {
-			for tenancyDesc, modFn := range tenancyCases() {
-				t.Run(tenancyDesc, func(t *testing.T) {
-					server := testServer(t)
-					demo.RegisterTypes(server.Registry)
-					client := testClient(t, server)
-
-					recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
-					require.NoError(t, err)
-					recordLabel, err = server.Backend.WriteCAS(tc.ctx, recordLabel)
-					require.NoError(t, err)
-
-					artist, err := demo.GenerateV2Artist()
-					require.NoError(t, err)
-					artist, err = server.Backend.WriteCAS(tc.ctx, artist)
-					require.NoError(t, err)
-
-					// Each tenancy test case picks which resource to use based on the resource type's scope.
-					req := &pbresource.ReadRequest{Id: modFn(artist.Id, recordLabel.Id)}
-					rsp, err := client.Read(tc.ctx, req)
-					require.NoError(t, err)
-
-					switch {
-					case proto.Equal(rsp.Resource.Id.Type, demo.TypeV2Artist):
-						prototest.AssertDeepEqual(t, artist, rsp.Resource)
-					case proto.Equal(rsp.Resource.Id.Type, demo.TypeV1RecordLabel):
-						prototest.AssertDeepEqual(t, recordLabel, rsp.Resource)
-					default:
-						require.Fail(t, "unexpected resource type")
-					}
-				})
-			}
+			server := testServer(t)
+
+			demo.RegisterTypes(server.Registry)
+			client := testClient(t, server)
+
+			artist, err := demo.GenerateV2Artist()
+			require.NoError(t, err)
+
+			resource1, err := server.Backend.WriteCAS(tc.ctx, artist)
+			require.NoError(t, err)
+
+			rsp, err := client.Read(tc.ctx, &pbresource.ReadRequest{Id: artist.Id})
+			require.NoError(t, err)
+			prototest.AssertDeepEqual(t, resource1, rsp.Resource)
 		})
 	}
 }
diff --git a/agent/grpc-external/services/resource/server.go b/agent/grpc-external/services/resource/server.go
index 29b18bd964c8..51bb4610d527 100644
--- a/agent/grpc-external/services/resource/server.go
+++ b/agent/grpc-external/services/resource/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -31,9 +31,6 @@ type Config struct {
 	// Backend is the storage backend that will be used for resource persistence.
 	Backend     Backend
 	ACLResolver ACLResolver
-	// V1TenancyBridge temporarily allows us to use V1 implementations of
-	// partitions and namespaces until V2 implementations are available.
-	V1TenancyBridge TenancyBridge
 }
 
 //go:generate mockery --name Registry --inpackage
@@ -51,14 +48,6 @@ type ACLResolver interface {
 	ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (resolver.Result, error)
 }
 
-//go:generate mockery --name TenancyBridge --inpackage
-type TenancyBridge interface {
-	PartitionExists(partition string) (bool, error)
-	IsPartitionMarkedForDeletion(partition string) (bool, error)
-	NamespaceExists(partition, namespace string) (bool, error)
-	IsNamespaceMarkedForDeletion(partition, namespace string) (bool, error)
-}
-
 func NewServer(cfg Config) *Server {
 	return &Server{cfg}
 }
@@ -111,13 +100,12 @@ func readConsistencyFrom(ctx context.Context) storage.ReadConsistency {
 	return storage.EventualConsistency
 }
 
-func (s *Server) getAuthorizer(token string, entMeta *acl.EnterpriseMeta) (acl.Authorizer, *acl.AuthorizerContext, error) {
-	authzContext := &acl.AuthorizerContext{}
-	authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, entMeta, authzContext)
+func (s *Server) getAuthorizer(token string) (acl.Authorizer, error) {
+	authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, nil, nil)
 	if err != nil {
-		return nil, nil, status.Errorf(codes.Internal, "failed getting authorizer: %v", err)
+		return nil, status.Errorf(codes.Internal, "failed getting authorizer: %v", err)
 	}
-	return authz, authzContext, nil
+	return authz, nil
 }
 
 func isGRPCStatusError(err error) bool {
@@ -142,55 +130,20 @@ func validateId(id *pbresource.ID, errorPrefix string) error {
 	if field != "" {
 		return status.Errorf(codes.InvalidArgument, "%s.%s is required", errorPrefix, field)
 	}
-	resource.Normalize(id.Tenancy)
-
-	return nil
-}
-
-// v1TenancyExists return an error with the passed in gRPC status code when tenancy partition or namespace do not exist.
-func v1TenancyExists(reg *resource.Registration, v1Bridge TenancyBridge, tenancy *pbresource.Tenancy, errCode codes.Code) error {
-	if reg.Scope == resource.ScopePartition || reg.Scope == resource.ScopeNamespace {
-		exists, err := v1Bridge.PartitionExists(tenancy.Partition)
-		switch {
-		case err != nil:
-			return err
-		case !exists:
-			return status.Errorf(errCode, "partition resource not found: %v", tenancy.Partition)
-		}
-	}
 
-	if reg.Scope == resource.ScopeNamespace {
-		exists, err := v1Bridge.NamespaceExists(tenancy.Partition, tenancy.Namespace)
-		switch {
-		case err != nil:
-			return err
-		case !exists:
-			return status.Errorf(errCode, "namespace resource not found: %v", tenancy.Namespace)
-		}
-	}
-	return nil
-}
-
-// v1TenancyMarkedForDeletion returns a gRPC InvalidArgument when either partition or namespace is marked for deletion.
-func v1TenancyMarkedForDeletion(reg *resource.Registration, v1Bridge TenancyBridge, tenancy *pbresource.Tenancy) error {
-	if reg.Scope == resource.ScopePartition || reg.Scope == resource.ScopeNamespace {
-		marked, err := v1Bridge.IsPartitionMarkedForDeletion(tenancy.Partition)
-		switch {
-		case err != nil:
-			return err
-		case marked:
-			return status.Errorf(codes.InvalidArgument, "partition marked for deletion: %v", tenancy.Partition)
-		}
+	// Revisit defaulting and non-namespaced resources post-1.16
+	var expected string
+	switch {
+	case id.Tenancy.Partition != "default":
+		field, expected = "partition", "default"
+	case id.Tenancy.Namespace != "default":
+		field, expected = "namespace", "default"
+	case id.Tenancy.PeerName != "local":
+		field, expected = "peername", "local"
 	}
 
-	if reg.Scope == resource.ScopeNamespace {
-		marked, err := v1Bridge.IsNamespaceMarkedForDeletion(tenancy.Partition, tenancy.Namespace)
-		switch {
-		case err != nil:
-			return err
-		case marked:
-			return status.Errorf(codes.InvalidArgument, "namespace marked for deletion: %v", tenancy.Namespace)
-		}
+	if field != "" {
+		return status.Errorf(codes.InvalidArgument, "%s.tenancy.%s must be %s", errorPrefix, field, expected)
 	}
 	return nil
 }
diff --git a/agent/grpc-external/services/resource/server_ce.go b/agent/grpc-external/services/resource/server_ce.go
deleted file mode 100644
index 562af973200f..000000000000
--- a/agent/grpc-external/services/resource/server_ce.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package resource
-
-import (
-	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-func v2TenancyToV1EntMeta(tenancy *pbresource.Tenancy) *acl.EnterpriseMeta {
-	return acl.DefaultEnterpriseMeta()
-}
-
-func v1EntMetaToV2Tenancy(reg *resource.Registration, entMeta *acl.EnterpriseMeta, tenancy *pbresource.Tenancy) {
-	if (reg.Scope == resource.ScopeNamespace || reg.Scope == resource.ScopePartition) && tenancy.Partition == "" {
-		tenancy.Partition = entMeta.PartitionOrDefault()
-	}
-
-	if reg.Scope == resource.ScopeNamespace && tenancy.Namespace == "" {
-		tenancy.Namespace = entMeta.NamespaceOrDefault()
-	}
-}
diff --git a/agent/grpc-external/services/resource/server_ce_test.go b/agent/grpc-external/services/resource/server_ce_test.go
deleted file mode 100644
index 9e155019ca01..000000000000
--- a/agent/grpc-external/services/resource/server_ce_test.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package resource
-
-import "github.com/hashicorp/consul/acl"
-
-func fillEntMeta(entMeta *acl.EnterpriseMeta) {
-	return
-}
-
-func fillAuthorizerContext(authzContext *acl.AuthorizerContext) {
-	return
-}
diff --git a/agent/grpc-external/services/resource/server_test.go b/agent/grpc-external/services/resource/server_test.go
index 7f745952e5e5..a92fff38a326 100644
--- a/agent/grpc-external/services/resource/server_test.go
+++ b/agent/grpc-external/services/resource/server_test.go
@@ -1,12 +1,11 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
 import (
 	"context"
 	"fmt"
-	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/mock"
@@ -21,7 +20,6 @@ import (
 	"github.com/hashicorp/consul/agent/grpc-external/testutils"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/internal/storage/inmem"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	pbdemov2 "github.com/hashicorp/consul/proto/private/pbdemo/v2"
@@ -59,38 +57,16 @@ func testServer(t *testing.T) *Server {
 	require.NoError(t, err)
 	go backend.Run(testContext(t))
 
-	// Mock the ACL Resolver to "allow all" for testing.
+	// Mock the ACL Resolver to allow everything for testing
 	mockACLResolver := &MockACLResolver{}
 	mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything).
-		Return(testutils.ACLsDisabled(t), nil).
-		Run(func(args mock.Arguments) {
-			// Caller expecting passed in tokenEntMeta and authorizerContext to be filled in.
-			tokenEntMeta := args.Get(1).(*acl.EnterpriseMeta)
-			if tokenEntMeta != nil {
-				fillEntMeta(tokenEntMeta)
-			}
-
-			authzContext := args.Get(2).(*acl.AuthorizerContext)
-			if authzContext != nil {
-				fillAuthorizerContext(authzContext)
-			}
-		})
-
-	// Mock the V1 tenancy bridge since we can't use the real thing.
-	mockTenancyBridge := &MockTenancyBridge{}
-	mockTenancyBridge.On("PartitionExists", resource.DefaultPartitionName).Return(true, nil)
-	mockTenancyBridge.On("NamespaceExists", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(true, nil)
-	mockTenancyBridge.On("PartitionExists", mock.Anything).Return(false, nil)
-	mockTenancyBridge.On("NamespaceExists", mock.Anything, mock.Anything).Return(false, nil)
-	mockTenancyBridge.On("IsPartitionMarkedForDeletion", resource.DefaultPartitionName).Return(false, nil)
-	mockTenancyBridge.On("IsNamespaceMarkedForDeletion", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(false, nil)
+		Return(testutils.ACLsDisabled(t), nil)
 
 	return NewServer(Config{
-		Logger:          testutil.Logger(t),
-		Registry:        resource.NewRegistry(),
-		Backend:         backend,
-		ACLResolver:     mockACLResolver,
-		V1TenancyBridge: mockTenancyBridge,
+		Logger:      testutil.Logger(t),
+		Registry:    resource.NewRegistry(),
+		Backend:     backend,
+		ACLResolver: mockACLResolver,
 	})
 }
 
@@ -131,134 +107,3 @@ func modifyArtist(t *testing.T, res *pbresource.Resource) *pbresource.Resource {
 	res.Data = data
 	return res
 }
-
-// wildcardTenancyCases returns permutations of tenancy and type scope used as input
-// to endpoints that accept wildcards for tenancy.
-func wildcardTenancyCases() map[string]struct {
-	typ     *pbresource.Type
-	tenancy *pbresource.Tenancy
-} {
-	return map[string]struct {
-		typ     *pbresource.Type
-		tenancy *pbresource.Tenancy
-	}{
-		"namespaced type with empty partition": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: "",
-				Namespace: resource.DefaultNamespaceName,
-				PeerName:  "local",
-			},
-		},
-		"namespaced type with empty namespace": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: resource.DefaultPartitionName,
-				Namespace: "",
-				PeerName:  "local",
-			},
-		},
-		"namespaced type with empty partition and namespace": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: "",
-				Namespace: "",
-				PeerName:  "local",
-			},
-		},
-		"namespaced type with uppercase partition and namespace": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: "DEFAULT",
-				Namespace: "DEFAULT",
-				PeerName:  "local",
-			},
-		},
-		"namespaced type with wildcard partition and empty namespace": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: "*",
-				Namespace: "",
-				PeerName:  "local",
-			},
-		},
-		"namespaced type with empty partition and wildcard namespace": {
-			typ: demo.TypeV2Artist,
-			tenancy: &pbresource.Tenancy{
-				Partition: "",
-				Namespace: "*",
-				PeerName:  "local",
-			},
-		},
-		"partitioned type with empty partition": {
-			typ: demo.TypeV1RecordLabel,
-			tenancy: &pbresource.Tenancy{
-				Partition: "",
-				Namespace: "",
-				PeerName:  "local",
-			},
-		},
-		"partitioned type with uppercase partition": {
-			typ: demo.TypeV1RecordLabel,
-			tenancy: &pbresource.Tenancy{
-				Partition: "DEFAULT",
-				Namespace: "",
-				PeerName:  "local",
-			},
-		},
-		"partitioned type with wildcard partition": {
-			typ: demo.TypeV1RecordLabel,
-			tenancy: &pbresource.Tenancy{
-				Partition: "*",
-				PeerName:  "local",
-			},
-		},
-	}
-}
-
-// tenancyCases returns permutations of valid tenancy structs in a resource id to use as inputs.
-// - the id is for a recordLabel when the resource is partition scoped
-// - the id is for an artist when the resource is namespace scoped
-func tenancyCases() map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID {
-	tenancyCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{
-		"namespaced resource provides nonempty partition and namespace": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID {
-			return artistId
-		},
-		"namespaced resource provides uppercase partition and namespace": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			id := clone(artistId)
-			id.Tenancy.Partition = strings.ToUpper(artistId.Tenancy.Partition)
-			id.Tenancy.Namespace = strings.ToUpper(artistId.Tenancy.Namespace)
-			return id
-		},
-		"namespaced resource inherits tokens partition when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			id := clone(artistId)
-			id.Tenancy.Partition = ""
-			return id
-		},
-		"namespaced resource inherits tokens namespace when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			id := clone(artistId)
-			id.Tenancy.Namespace = ""
-			return id
-		},
-		"namespaced resource inherits tokens partition and namespace when empty": func(artistId, _ *pbresource.ID) *pbresource.ID {
-			id := clone(artistId)
-			id.Tenancy.Partition = ""
-			id.Tenancy.Namespace = ""
-			return id
-		},
-		"partitioned resource provides nonempty partition": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
-			return recordLabelId
-		},
-		"partitioned resource provides uppercase partition": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
-			id := clone(recordLabelId)
-			id.Tenancy.Partition = strings.ToUpper(recordLabelId.Tenancy.Partition)
-			return id
-		},
-		"partitioned resource inherits tokens partition when empty": func(_, recordLabelId *pbresource.ID) *pbresource.ID {
-			id := clone(recordLabelId)
-			id.Tenancy.Partition = ""
-			return id
-		},
-	}
-	return tenancyCases
-}
diff --git a/agent/grpc-external/services/resource/testing/testing.go b/agent/grpc-external/services/resource/testing/testing.go
index 403263404fe2..5bcbc148e7bb 100644
--- a/agent/grpc-external/services/resource/testing/testing.go
+++ b/agent/grpc-external/services/resource/testing/testing.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package testing
 
 import (
@@ -11,51 +8,18 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 
-	"github.com/hashicorp/go-uuid"
-
-	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/acl/resolver"
 	svc "github.com/hashicorp/consul/agent/grpc-external/services/resource"
 	internal "github.com/hashicorp/consul/agent/grpc-internal"
-	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/storage/inmem"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
 
-func randomACLIdentity(t *testing.T) structs.ACLIdentity {
-	id, err := uuid.GenerateUUID()
-	require.NoError(t, err)
-
-	return &structs.ACLToken{AccessorID: id}
-}
-
-func AuthorizerFrom(t *testing.T, policyStrs ...string) resolver.Result {
-	policies := []*acl.Policy{}
-	for _, policyStr := range policyStrs {
-		policy, err := acl.NewPolicyFromSource(policyStr, nil, nil)
-		require.NoError(t, err)
-		policies = append(policies, policy)
-	}
-
-	authz, err := acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), policies, nil)
-	require.NoError(t, err)
-
-	return resolver.Result{
-		Authorizer:  authz,
-		ACLIdentity: randomACLIdentity(t),
-	}
-}
-
 // RunResourceService runs a Resource Service for the duration of the test and
-// returns a client to interact with it. ACLs will be disabled and only the
-// default partition and namespace are available.
+// returns a client to interact with it. ACLs will be disabled.
 func RunResourceService(t *testing.T, registerFns ...func(resource.Registry)) pbresource.ResourceServiceClient {
-	return RunResourceServiceWithACL(t, resolver.DANGER_NO_AUTH{}, registerFns...)
-}
-
-func RunResourceServiceWithACL(t *testing.T, aclResolver svc.ACLResolver, registerFns ...func(resource.Registry)) pbresource.ResourceServiceClient {
 	t.Helper()
 
 	backend, err := inmem.NewBackend()
@@ -72,18 +36,11 @@ func RunResourceServiceWithACL(t *testing.T, aclResolver svc.ACLResolver, regist
 
 	server := grpc.NewServer()
 
-	mockTenancyBridge := &svc.MockTenancyBridge{}
-	mockTenancyBridge.On("PartitionExists", resource.DefaultPartitionName).Return(true, nil)
-	mockTenancyBridge.On("NamespaceExists", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(true, nil)
-	mockTenancyBridge.On("IsPartitionMarkedForDeletion", resource.DefaultPartitionName).Return(false, nil)
-	mockTenancyBridge.On("IsNamespaceMarkedForDeletion", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(false, nil)
-
 	svc.NewServer(svc.Config{
-		Backend:         backend,
-		Registry:        registry,
-		Logger:          testutil.Logger(t),
-		ACLResolver:     aclResolver,
-		V1TenancyBridge: mockTenancyBridge,
+		Backend:     backend,
+		Registry:    registry,
+		Logger:      testutil.Logger(t),
+		ACLResolver: resolver.DANGER_NO_AUTH{},
 	}).Register(server)
 
 	pipe := internal.NewPipeListener()
diff --git a/agent/grpc-external/services/resource/watch.go b/agent/grpc-external/services/resource/watch.go
index 6039613b8fed..35ec14513ac3 100644
--- a/agent/grpc-external/services/resource/watch.go
+++ b/agent/grpc-external/services/resource/watch.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -10,27 +10,28 @@ import (
 	"google.golang.org/grpc/status"
 
 	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.ResourceService_WatchListServer) error {
-	reg, err := s.validateWatchListRequest(req)
+	if err := validateWatchListRequest(req); err != nil {
+		return err
+	}
+
+	// check type exists
+	reg, err := s.resolveType(req.Type)
 	if err != nil {
 		return err
 	}
 
-	// v1 ACL subsystem is "wildcard" aware so just pass on through.
-	entMeta := v2TenancyToV1EntMeta(req.Tenancy)
-	token := tokenFromContext(stream.Context())
-	authz, authzContext, err := s.getAuthorizer(token, entMeta)
+	authz, err := s.getAuthorizer(tokenFromContext(stream.Context()))
 	if err != nil {
 		return err
 	}
 
-	// Check list ACL.
-	err = reg.ACLs.List(authz, authzContext)
+	// check acls
+	err = reg.ACLs.List(authz, req.Tenancy)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return status.Error(codes.PermissionDenied, err.Error())
@@ -38,9 +39,6 @@ func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.R
 		return status.Errorf(codes.Internal, "failed list acl: %v", err)
 	}
 
-	// Ensure we're defaulting correctly when request tenancy units are empty.
-	v1EntMetaToV2Tenancy(reg, entMeta, req.Tenancy)
-
 	unversionedType := storage.UnversionedTypeFrom(req.Type)
 	watch, err := s.Backend.WatchList(
 		stream.Context(),
@@ -67,17 +65,8 @@ func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.R
 			continue
 		}
 
-		// Need to rebuild authorizer per resource since wildcard inputs may
-		// result in different tenancies. Consider caching per tenancy if this
-		// is deemed expensive.
-		entMeta = v2TenancyToV1EntMeta(event.Resource.Id.Tenancy)
-		authz, authzContext, err = s.getAuthorizer(token, entMeta)
-		if err != nil {
-			return err
-		}
-
 		// filter out items that don't pass read ACLs
-		err = reg.ACLs.Read(authz, authzContext, event.Resource.Id)
+		err = reg.ACLs.Read(authz, event.Resource.Id)
 		switch {
 		case acl.IsErrPermissionDenied(err):
 			continue
@@ -91,37 +80,15 @@ func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.R
 	}
 }
 
-func (s *Server) validateWatchListRequest(req *pbresource.WatchListRequest) (*resource.Registration, error) {
+func validateWatchListRequest(req *pbresource.WatchListRequest) error {
 	var field string
 	switch {
 	case req.Type == nil:
 		field = "type"
 	case req.Tenancy == nil:
 		field = "tenancy"
+	default:
+		return nil
 	}
-
-	if field != "" {
-		return nil, status.Errorf(codes.InvalidArgument, "%s is required", field)
-	}
-
-	// Check type exists.
-	reg, err := s.resolveType(req.Type)
-	if err != nil {
-		return nil, err
-	}
-
-	// Lowercase
-	resource.Normalize(req.Tenancy)
-
-	// Error when partition scoped and namespace not empty.
-	if reg.Scope == resource.ScopePartition && req.Tenancy.Namespace != "" {
-		return nil, status.Errorf(
-			codes.InvalidArgument,
-			"partition scoped type %s cannot have a namespace. got: %s",
-			resource.ToGVK(req.Type),
-			req.Tenancy.Namespace,
-		)
-	}
-
-	return reg, nil
+	return status.Errorf(codes.InvalidArgument, "%s is required", field)
 }
diff --git a/agent/grpc-external/services/resource/watch_test.go b/agent/grpc-external/services/resource/watch_test.go
index 051264441bbc..95695f295ebd 100644
--- a/agent/grpc-external/services/resource/watch_test.go
+++ b/agent/grpc-external/services/resource/watch_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -12,7 +12,6 @@ import (
 
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/grpc-external/testutils"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/prototest"
@@ -21,7 +20,6 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
 )
 
 func TestWatchList_InputValidation(t *testing.T) {
@@ -33,16 +31,12 @@ func TestWatchList_InputValidation(t *testing.T) {
 	testCases := map[string]func(*pbresource.WatchListRequest){
 		"no type":    func(req *pbresource.WatchListRequest) { req.Type = nil },
 		"no tenancy": func(req *pbresource.WatchListRequest) { req.Tenancy = nil },
-		"partitioned type provides non-empty namespace": func(req *pbresource.WatchListRequest) {
-			req.Type = demo.TypeV1RecordLabel
-			req.Tenancy.Namespace = "bad"
-		},
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
 			req := &pbresource.WatchListRequest{
 				Type:    demo.TypeV2Album,
-				Tenancy: resource.DefaultNamespacedTenancy(),
+				Tenancy: demo.TenancyDefault,
 			}
 			modFn(req)
 
@@ -64,7 +58,7 @@ func TestWatchList_TypeNotFound(t *testing.T) {
 
 	stream, err := client.WatchList(context.Background(), &pbresource.WatchListRequest{
 		Type:       demo.TypeV2Artist,
-		Tenancy:    resource.DefaultNamespacedTenancy(),
+		Tenancy:    demo.TenancyDefault,
 		NamePrefix: "",
 	})
 	require.NoError(t, err)
@@ -86,7 +80,7 @@ func TestWatchList_GroupVersionMatches(t *testing.T) {
 	// create a watch
 	stream, err := client.WatchList(ctx, &pbresource.WatchListRequest{
 		Type:       demo.TypeV2Artist,
-		Tenancy:    resource.DefaultNamespacedTenancy(),
+		Tenancy:    demo.TenancyDefault,
 		NamePrefix: "",
 	})
 	require.NoError(t, err)
@@ -117,54 +111,6 @@ func TestWatchList_GroupVersionMatches(t *testing.T) {
 	require.Equal(t, pbresource.WatchEvent_OPERATION_DELETE, rsp.Operation)
 }
 
-func TestWatchList_Tenancy_Defaults_And_Normalization(t *testing.T) {
-	// Test units of tenancy get lowercased and defaulted correctly when empty.
-	for desc, tc := range wildcardTenancyCases() {
-		t.Run(desc, func(t *testing.T) {
-			ctx := context.Background()
-			server := testServer(t)
-			client := testClient(t, server)
-			demo.RegisterTypes(server.Registry)
-
-			// Create a watch.
-			stream, err := client.WatchList(ctx, &pbresource.WatchListRequest{
-				Type:       tc.typ,
-				Tenancy:    tc.tenancy,
-				NamePrefix: "",
-			})
-			require.NoError(t, err)
-			rspCh := handleResourceStream(t, stream)
-
-			// Testcase will pick one of recordLabel or artist based on scope of type.
-			recordLabel, err := demo.GenerateV1RecordLabel("LooneyTunes")
-			require.NoError(t, err)
-			artist, err := demo.GenerateV2Artist()
-			require.NoError(t, err)
-
-			// Create and verify upsert event received.
-			recordLabel, err = server.Backend.WriteCAS(ctx, recordLabel)
-			require.NoError(t, err)
-			artist, err = server.Backend.WriteCAS(ctx, artist)
-			require.NoError(t, err)
-
-			var expected *pbresource.Resource
-			switch {
-			case proto.Equal(tc.typ, demo.TypeV1RecordLabel):
-				expected = recordLabel
-			case proto.Equal(tc.typ, demo.TypeV2Artist):
-				expected = artist
-			default:
-				require.Fail(t, "unsupported type", tc.typ)
-			}
-
-			rsp := mustGetResource(t, rspCh)
-			require.Equal(t, pbresource.WatchEvent_OPERATION_UPSERT, rsp.Operation)
-			prototest.AssertDeepEqual(t, expected, rsp.Resource)
-		})
-
-	}
-}
-
 func TestWatchList_GroupVersionMismatch(t *testing.T) {
 	// Given a watch on TypeArtistV1 that only differs from TypeArtistV2 by GroupVersion
 	// When a resource of TypeArtistV2 is created/updated/deleted
@@ -179,7 +125,7 @@ func TestWatchList_GroupVersionMismatch(t *testing.T) {
 	// create a watch for TypeArtistV1
 	stream, err := client.WatchList(ctx, &pbresource.WatchListRequest{
 		Type:       demo.TypeV1Artist,
-		Tenancy:    resource.DefaultNamespacedTenancy(),
+		Tenancy:    demo.TenancyDefault,
 		NamePrefix: "",
 	})
 	require.NoError(t, err)
diff --git a/agent/grpc-external/services/resource/write.go b/agent/grpc-external/services/resource/write.go
index ec39f3a12a85..34799ae8d82e 100644
--- a/agent/grpc-external/services/resource/write.go
+++ b/agent/grpc-external/services/resource/write.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -37,20 +37,22 @@ import (
 var errUseWriteStatus = status.Error(codes.InvalidArgument, "resource.status can only be set using the WriteStatus endpoint")
 
 func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbresource.WriteResponse, error) {
-	reg, err := s.validateWriteRequest(req)
+	if err := validateWriteRequest(req); err != nil {
+		return nil, err
+	}
+
+	reg, err := s.resolveType(req.Resource.Id.Type)
 	if err != nil {
 		return nil, err
 	}
 
-	v1EntMeta := v2TenancyToV1EntMeta(req.Resource.Id.Tenancy)
-	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), v1EntMeta)
+	authz, err := s.getAuthorizer(tokenFromContext(ctx))
 	if err != nil {
 		return nil, err
 	}
-	v1EntMetaToV2Tenancy(reg, v1EntMeta, req.Resource.Id.Tenancy)
 
-	// ACL check comes before tenancy existence checks to not leak tenancy "existence".
-	err = reg.ACLs.Write(authz, authzContext, req.Resource)
+	// check acls
+	err = reg.ACLs.Write(authz, req.Resource.Id)
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return nil, status.Error(codes.PermissionDenied, err.Error())
@@ -70,24 +72,14 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre
 		)
 	}
 
-	// Check V1 tenancy exists for the V2 resource
-	if err = v1TenancyExists(reg, s.V1TenancyBridge, req.Resource.Id.Tenancy, codes.InvalidArgument); err != nil {
-		return nil, err
-	}
-
-	// Check V1 tenancy not marked for deletion.
-	if err = v1TenancyMarkedForDeletion(reg, s.V1TenancyBridge, req.Resource.Id.Tenancy); err != nil {
-		return nil, err
+	if err = reg.Validate(req.Resource); err != nil {
+		return nil, status.Error(codes.InvalidArgument, err.Error())
 	}
 
 	if err = reg.Mutate(req.Resource); err != nil {
 		return nil, status.Errorf(codes.Internal, "failed mutate hook: %v", err.Error())
 	}
 
-	if err = reg.Validate(req.Resource); err != nil {
-		return nil, status.Error(codes.InvalidArgument, err.Error())
-	}
-
 	// At the storage backend layer, all writes are CAS operations.
 	//
 	// This makes it possible to *safely* do things like keeping the Uid stable
@@ -265,7 +257,7 @@ func (s *Server) retryCAS(ctx context.Context, vsn string, cas func() error) err
 	return err
 }
 
-func (s *Server) validateWriteRequest(req *pbresource.WriteRequest) (*resource.Registration, error) {
+func validateWriteRequest(req *pbresource.WriteRequest) error {
 	var field string
 	switch {
 	case req.Resource == nil:
@@ -277,34 +269,17 @@ func (s *Server) validateWriteRequest(req *pbresource.WriteRequest) (*resource.R
 	}
 
 	if field != "" {
-		return nil, status.Errorf(codes.InvalidArgument, "%s is required", field)
+		return status.Errorf(codes.InvalidArgument, "%s is required", field)
 	}
 
 	if err := validateId(req.Resource.Id, "resource.id"); err != nil {
-		return nil, err
+		return err
 	}
 
 	if req.Resource.Owner != nil {
 		if err := validateId(req.Resource.Owner, "resource.owner"); err != nil {
-			return nil, err
+			return err
 		}
 	}
-
-	// Check type exists.
-	reg, err := s.resolveType(req.Resource.Id.Type)
-	if err != nil {
-		return nil, err
-	}
-
-	// Check scope
-	if reg.Scope == resource.ScopePartition && req.Resource.Id.Tenancy.Namespace != "" {
-		return nil, status.Errorf(
-			codes.InvalidArgument,
-			"partition scoped resource %s cannot have a namespace. got: %s",
-			resource.ToGVK(req.Resource.Id.Type),
-			req.Resource.Id.Tenancy.Namespace,
-		)
-	}
-
-	return reg, nil
+	return nil
 }
diff --git a/agent/grpc-external/services/resource/write_status.go b/agent/grpc-external/services/resource/write_status.go
index 263814237eb3..205918e1dc2b 100644
--- a/agent/grpc-external/services/resource/write_status.go
+++ b/agent/grpc-external/services/resource/write_status.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -8,49 +8,25 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/oklog/ulid/v2"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	"github.com/oklog/ulid/v2"
+
 	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 func (s *Server) WriteStatus(ctx context.Context, req *pbresource.WriteStatusRequest) (*pbresource.WriteStatusResponse, error) {
-	reg, err := s.validateWriteStatusRequest(req)
-	if err != nil {
-		return nil, err
-	}
-
-	entMeta := v2TenancyToV1EntMeta(req.Id.Tenancy)
-	authz, authzContext, err := s.getAuthorizer(tokenFromContext(ctx), entMeta)
+	authz, err := s.getAuthorizer(tokenFromContext(ctx))
 	if err != nil {
 		return nil, err
 	}
 
-	// Apply defaults when tenancy units empty.
-	v1EntMetaToV2Tenancy(reg, entMeta, req.Id.Tenancy)
-
-	// Check V1 tenancy exists for the V2 resource. Ignore "marked for deletion" since status updates
-	// should still work regardless.
-	if err = v1TenancyExists(reg, s.V1TenancyBridge, req.Id.Tenancy, codes.InvalidArgument); err != nil {
-		return nil, err
-	}
-
-	// Retrieve resource since ACL hook requires it.
-	existing, err := s.Backend.Read(ctx, storage.EventualConsistency, req.Id)
-	switch {
-	case errors.Is(err, storage.ErrNotFound):
-		return nil, status.Errorf(codes.NotFound, err.Error())
-	case err != nil:
-		return nil, status.Errorf(codes.Internal, "failed read: %v", err)
-	}
-
-	// Check write ACL.
-	err = reg.ACLs.Write(authz, authzContext, existing)
+	// check acls
+	err = authz.ToAllowAuthorizer().OperatorWriteAllowed(&acl.AuthorizerContext{})
 	switch {
 	case acl.IsErrPermissionDenied(err):
 		return nil, status.Error(codes.PermissionDenied, err.Error())
@@ -58,6 +34,15 @@ func (s *Server) WriteStatus(ctx context.Context, req *pbresource.WriteStatusReq
 		return nil, status.Errorf(codes.Internal, "failed operator:write allowed acl: %v", err)
 	}
 
+	if err := validateWriteStatusRequest(req); err != nil {
+		return nil, err
+	}
+
+	_, err = s.resolveType(req.Id.Type)
+	if err != nil {
+		return nil, err
+	}
+
 	// At the storage backend layer, all writes are CAS operations.
 	//
 	// See comment in write.go for more information.
@@ -113,7 +98,7 @@ func (s *Server) WriteStatus(ctx context.Context, req *pbresource.WriteStatusReq
 	return &pbresource.WriteStatusResponse{Resource: result}, nil
 }
 
-func (s *Server) validateWriteStatusRequest(req *pbresource.WriteStatusRequest) (*resource.Registration, error) {
+func validateWriteStatusRequest(req *pbresource.WriteStatusRequest) error {
 	var field string
 	switch {
 	case req.Id == nil:
@@ -158,35 +143,16 @@ func (s *Server) validateWriteStatusRequest(req *pbresource.WriteStatusRequest)
 		}
 	}
 	if field != "" {
-		return nil, status.Errorf(codes.InvalidArgument, "%s is required", field)
+		return status.Errorf(codes.InvalidArgument, "%s is required", field)
 	}
 
 	if req.Status.UpdatedAt != nil {
-		return nil, status.Error(codes.InvalidArgument, "status.updated_at is automatically set and cannot be provided")
+		return status.Error(codes.InvalidArgument, "status.updated_at is automatically set and cannot be provided")
 	}
 
 	if _, err := ulid.ParseStrict(req.Status.ObservedGeneration); err != nil {
-		return nil, status.Error(codes.InvalidArgument, "status.observed_generation is not valid")
-	}
-
-	// Lowercase
-	resource.Normalize(req.Id.Tenancy)
-
-	// Check type exists.
-	reg, err := s.resolveType(req.Id.Type)
-	if err != nil {
-		return nil, err
-	}
-
-	// Check scope.
-	if reg.Scope == resource.ScopePartition && req.Id.Tenancy.Namespace != "" {
-		return nil, status.Errorf(
-			codes.InvalidArgument,
-			"partition scoped resource %s cannot have a namespace. got: %s",
-			resource.ToGVK(req.Id.Type),
-			req.Id.Tenancy.Namespace,
-		)
+		return status.Error(codes.InvalidArgument, "status.observed_generation is not valid")
 	}
 
-	return reg, nil
+	return nil
 }
diff --git a/agent/grpc-external/services/resource/write_status_test.go b/agent/grpc-external/services/resource/write_status_test.go
index 622cbcccc746..aa26330176df 100644
--- a/agent/grpc-external/services/resource/write_status_test.go
+++ b/agent/grpc-external/services/resource/write_status_test.go
@@ -1,11 +1,10 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
 import (
 	"fmt"
-	"strings"
 	"testing"
 
 	"github.com/oklog/ulid/v2"
@@ -28,7 +27,7 @@ func TestWriteStatus_ACL(t *testing.T) {
 	}
 	testcases := map[string]testCase{
 		"denied": {
-			authz: AuthorizerFrom(t, demo.ArtistV2ReadPolicy),
+			authz: AuthorizerFrom(t, demo.ArtistV2WritePolicy),
 			assertErrFn: func(err error) {
 				require.Error(t, err)
 				require.Equal(t, codes.PermissionDenied.String(), status.Code(err).String())
@@ -46,6 +45,11 @@ func TestWriteStatus_ACL(t *testing.T) {
 		t.Run(desc, func(t *testing.T) {
 			server := testServer(t)
 			client := testClient(t, server)
+
+			mockACLResolver := &MockACLResolver{}
+			mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything).
+				Return(tc.authz, nil)
+			server.ACLResolver = mockACLResolver
 			demo.RegisterTypes(server.Registry)
 
 			artist, err := demo.GenerateV2Artist()
@@ -55,12 +59,6 @@ func TestWriteStatus_ACL(t *testing.T) {
 			require.NoError(t, err)
 			artist = rsp.Resource
 
-			// Defer mocking out authz since above write is necessary to set up the test resource.
-			mockACLResolver := &MockACLResolver{}
-			mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything).
-				Return(tc.authz, nil)
-			server.ACLResolver = mockACLResolver
-
 			// exercise ACL
 			_, err = client.WriteStatus(testContext(t), validWriteStatusRequest(t, artist))
 			tc.assertErrFn(err)
@@ -71,92 +69,35 @@ func TestWriteStatus_ACL(t *testing.T) {
 func TestWriteStatus_InputValidation(t *testing.T) {
 	server := testServer(t)
 	client := testClient(t, server)
+
 	demo.RegisterTypes(server.Registry)
 
-	testCases := map[string]struct {
-		typ   *pbresource.Type
-		modFn func(req *pbresource.WriteStatusRequest)
-	}{
-		"no id": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Id = nil },
-		},
-		"no type": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Type = nil },
-		},
-		"no tenancy": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy = nil },
-		},
-		"no name": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Name = "" },
-		},
-		"no uid": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Uid = "" },
-		},
-		"no key": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Key = "" },
-		},
-		"no status": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Status = nil },
-		},
-		"no observed generation": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "" },
-		},
-		"bad observed generation": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "bogus" },
-		},
-		"no condition type": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Type = "" },
-		},
-		"no reference type": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Type = nil },
-		},
-		"no reference tenancy": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Tenancy = nil },
-		},
-		"no reference name": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Name = "" },
-		},
-		"updated at provided": {
-			typ:   demo.TypeV2Artist,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Status.UpdatedAt = timestamppb.Now() },
-		},
-		"partition scoped type provides namespace in tenancy": {
-			typ:   demo.TypeV1RecordLabel,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Namespace = "bad" },
-		},
+	testCases := map[string]func(*pbresource.WriteStatusRequest){
+		"no id":                   func(req *pbresource.WriteStatusRequest) { req.Id = nil },
+		"no type":                 func(req *pbresource.WriteStatusRequest) { req.Id.Type = nil },
+		"no tenancy":              func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy = nil },
+		"no name":                 func(req *pbresource.WriteStatusRequest) { req.Id.Name = "" },
+		"no uid":                  func(req *pbresource.WriteStatusRequest) { req.Id.Uid = "" },
+		"no key":                  func(req *pbresource.WriteStatusRequest) { req.Key = "" },
+		"no status":               func(req *pbresource.WriteStatusRequest) { req.Status = nil },
+		"no observed generation":  func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "" },
+		"bad observed generation": func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "bogus" },
+		"no condition type":       func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Type = "" },
+		"no reference type":       func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Type = nil },
+		"no reference tenancy":    func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Tenancy = nil },
+		"no reference name":       func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Name = "" },
+		"updated at provided":     func(req *pbresource.WriteStatusRequest) { req.Status.UpdatedAt = timestamppb.Now() },
 	}
-	for desc, tc := range testCases {
+	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
-			var res *pbresource.Resource
-			var err error
-			switch {
-			case resource.EqualType(demo.TypeV2Artist, tc.typ):
-				res, err = demo.GenerateV2Artist()
-			case resource.EqualType(demo.TypeV1RecordLabel, tc.typ):
-				res, err = demo.GenerateV1RecordLabel("Looney Tunes")
-			default:
-				t.Fatal("unsupported type", tc.typ)
-			}
+			res, err := demo.GenerateV2Artist()
 			require.NoError(t, err)
 
 			res.Id.Uid = ulid.Make().String()
 			res.Generation = ulid.Make().String()
 
 			req := validWriteStatusRequest(t, res)
-			tc.modFn(req)
+			modFn(req)
 
 			_, err = client.WriteStatus(testContext(t), req)
 			require.Error(t, err)
@@ -173,6 +114,7 @@ func TestWriteStatus_Success(t *testing.T) {
 		t.Run(desc, func(t *testing.T) {
 			server := testServer(t)
 			client := testClient(t, server)
+
 			demo.RegisterTypes(server.Registry)
 
 			res, err := demo.GenerateV2Artist()
@@ -205,149 +147,6 @@ func TestWriteStatus_Success(t *testing.T) {
 	}
 }
 
-func TestWriteStatus_Tenancy_Defaults(t *testing.T) {
-	for desc, tc := range map[string]struct {
-		scope resource.Scope
-		modFn func(req *pbresource.WriteStatusRequest)
-	}{
-		"namespaced resource provides nonempty partition and namespace": {
-			scope: resource.ScopeNamespace,
-			modFn: func(req *pbresource.WriteStatusRequest) {},
-		},
-		"namespaced resource provides uppercase partition and namespace": {
-			scope: resource.ScopeNamespace,
-			modFn: func(req *pbresource.WriteStatusRequest) {
-				req.Id.Tenancy.Partition = strings.ToUpper(req.Id.Tenancy.Partition)
-				req.Id.Tenancy.Namespace = strings.ToUpper(req.Id.Tenancy.Namespace)
-			},
-		},
-		"namespaced resource inherits tokens partition when empty": {
-			scope: resource.ScopeNamespace,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Partition = "" },
-		},
-		"namespaced resource inherits tokens namespace when empty": {
-			scope: resource.ScopeNamespace,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Namespace = "" },
-		},
-		"namespaced resource inherits tokens partition and namespace when empty": {
-			scope: resource.ScopeNamespace,
-			modFn: func(req *pbresource.WriteStatusRequest) {
-				req.Id.Tenancy.Partition = ""
-				req.Id.Tenancy.Namespace = ""
-			},
-		},
-		"partitioned resource provides nonempty partition": {
-			scope: resource.ScopePartition,
-			modFn: func(req *pbresource.WriteStatusRequest) {},
-		},
-		"partitioned resource provides uppercase partition": {
-			scope: resource.ScopePartition,
-			modFn: func(req *pbresource.WriteStatusRequest) {
-				req.Id.Tenancy.Partition = strings.ToUpper(req.Id.Tenancy.Partition)
-			},
-		},
-		"partitioned resource inherits tokens partition when empty": {
-			scope: resource.ScopePartition,
-			modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Partition = "" },
-		},
-	} {
-		t.Run(desc, func(t *testing.T) {
-			server := testServer(t)
-			client := testClient(t, server)
-			demo.RegisterTypes(server.Registry)
-
-			// Pick resource based on scope of type in testcase.
-			var res *pbresource.Resource
-			var err error
-			switch tc.scope {
-			case resource.ScopeNamespace:
-				res, err = demo.GenerateV2Artist()
-			case resource.ScopePartition:
-				res, err = demo.GenerateV1RecordLabel("Looney Tunes")
-			}
-			require.NoError(t, err)
-
-			// Write resource so we can update status later.
-			writeRsp, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: res})
-			require.NoError(t, err)
-			res = writeRsp.Resource
-			require.Nil(t, res.Status)
-
-			// Write status with tenancy modded by testcase.
-			req := validWriteStatusRequest(t, res)
-			tc.modFn(req)
-			rsp, err := client.WriteStatus(testContext(t), req)
-			require.NoError(t, err)
-			res = rsp.Resource
-
-			// Re-read resoruce and verify status successfully written (not nil)
-			_, err = client.Read(testContext(t), &pbresource.ReadRequest{Id: res.Id})
-			require.NoError(t, err)
-			res = rsp.Resource
-			require.NotNil(t, res.Status)
-		})
-	}
-}
-
-func TestWriteStatus_Tenancy_NotFound(t *testing.T) {
-	for desc, tc := range map[string]struct {
-		scope       resource.Scope
-		modFn       func(req *pbresource.WriteStatusRequest)
-		errCode     codes.Code
-		errContains string
-	}{
-		"namespaced resource provides nonexistant partition": {
-			scope:       resource.ScopeNamespace,
-			modFn:       func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Partition = "bad" },
-			errCode:     codes.InvalidArgument,
-			errContains: "partition",
-		},
-		"namespaced resource provides nonexistant namespace": {
-			scope:       resource.ScopeNamespace,
-			modFn:       func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Namespace = "bad" },
-			errCode:     codes.InvalidArgument,
-			errContains: "namespace",
-		},
-		"partitioned resource provides nonexistant partition": {
-			scope:       resource.ScopePartition,
-			modFn:       func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Partition = "bad" },
-			errCode:     codes.InvalidArgument,
-			errContains: "partition",
-		},
-	} {
-		t.Run(desc, func(t *testing.T) {
-			server := testServer(t)
-			client := testClient(t, server)
-			demo.RegisterTypes(server.Registry)
-
-			// Pick resource based on scope of type in testcase.
-			var res *pbresource.Resource
-			var err error
-			switch tc.scope {
-			case resource.ScopeNamespace:
-				res, err = demo.GenerateV2Artist()
-			case resource.ScopePartition:
-				res, err = demo.GenerateV1RecordLabel("Looney Tunes")
-			}
-			require.NoError(t, err)
-
-			// Fill in required fields so validation continues until tenancy is checked
-			req := validWriteStatusRequest(t, res)
-			req.Id.Uid = ulid.Make().String()
-			req.Status.ObservedGeneration = ulid.Make().String()
-
-			// Write status with tenancy modded by testcase.
-			tc.modFn(req)
-			_, err = client.WriteStatus(testContext(t), req)
-
-			// Verify non-existant tenancy field is the cause of the error.
-			require.Error(t, err)
-			require.Equal(t, tc.errCode.String(), status.Code(err).String())
-			require.Contains(t, err.Error(), tc.errContains)
-		})
-	}
-}
-
 func TestWriteStatus_CASFailure(t *testing.T) {
 	server := testServer(t)
 	client := testClient(t, server)
@@ -469,49 +268,24 @@ func TestWriteStatus_NonCASUpdate_Retry(t *testing.T) {
 func validWriteStatusRequest(t *testing.T, res *pbresource.Resource) *pbresource.WriteStatusRequest {
 	t.Helper()
 
-	switch {
-	case resource.EqualType(res.Id.Type, demo.TypeV2Artist):
-		album, err := demo.GenerateV2Album(res.Id)
-		require.NoError(t, err)
-		return &pbresource.WriteStatusRequest{
-			Id:      res.Id,
-			Version: res.Version,
-			Key:     "consul.io/artist-controller",
-			Status: &pbresource.Status{
-				ObservedGeneration: res.Generation,
-				Conditions: []*pbresource.Condition{
-					{
-						Type:     "AlbumCreated",
-						State:    pbresource.Condition_STATE_TRUE,
-						Reason:   "AlbumCreated",
-						Message:  fmt.Sprintf("Album '%s' created", album.Id.Name),
-						Resource: resource.Reference(album.Id, ""),
-					},
-				},
-			},
-		}
-	case resource.EqualType(res.Id.Type, demo.TypeV1RecordLabel):
-		artist, err := demo.GenerateV2Artist()
-		require.NoError(t, err)
-		return &pbresource.WriteStatusRequest{
-			Id:      res.Id,
-			Version: res.Version,
-			Key:     "consul.io/recordlabel-controller",
-			Status: &pbresource.Status{
-				ObservedGeneration: res.Generation,
-				Conditions: []*pbresource.Condition{
-					{
-						Type:     "ArtistCreated",
-						State:    pbresource.Condition_STATE_TRUE,
-						Reason:   "ArtistCreated",
-						Message:  fmt.Sprintf("Artist '%s' created", artist.Id.Name),
-						Resource: resource.Reference(artist.Id, ""),
-					},
+	album, err := demo.GenerateV2Album(res.Id)
+	require.NoError(t, err)
+
+	return &pbresource.WriteStatusRequest{
+		Id:      res.Id,
+		Version: res.Version,
+		Key:     "consul.io/artist-controller",
+		Status: &pbresource.Status{
+			ObservedGeneration: res.Generation,
+			Conditions: []*pbresource.Condition{
+				{
+					Type:     "AlbumCreated",
+					State:    pbresource.Condition_STATE_TRUE,
+					Reason:   "AlbumCreated",
+					Message:  fmt.Sprintf("Album '%s' created", album.Id.Name),
+					Resource: resource.Reference(album.Id, ""),
 				},
 			},
-		}
-	default:
-		t.Fatal("unsupported type", res.Id.Type)
+		},
 	}
-	return nil
 }
diff --git a/agent/grpc-external/services/resource/write_test.go b/agent/grpc-external/services/resource/write_test.go
index d472a6ec7414..4ec25ee26c0c 100644
--- a/agent/grpc-external/services/resource/write_test.go
+++ b/agent/grpc-external/services/resource/write_test.go
@@ -1,11 +1,10 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
 import (
 	"context"
-	"strings"
 	"sync/atomic"
 	"testing"
 
@@ -17,13 +16,11 @@ import (
 	"google.golang.org/protobuf/types/known/anypb"
 
 	"github.com/hashicorp/consul/acl/resolver"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/internal/storage"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	pbdemov1 "github.com/hashicorp/consul/proto/private/pbdemo/v1"
 	pbdemov2 "github.com/hashicorp/consul/proto/private/pbdemo/v2"
-	"github.com/hashicorp/consul/proto/private/prototest"
 )
 
 func TestWrite_InputValidation(t *testing.T) {
@@ -32,56 +29,46 @@ func TestWrite_InputValidation(t *testing.T) {
 
 	demo.RegisterTypes(server.Registry)
 
-	testCases := map[string]func(artist, recordLabel *pbresource.Resource) *pbresource.Resource{
-		"no resource": func(artist, recordLabel *pbresource.Resource) *pbresource.Resource { return nil },
-		"no id": func(artist, _ *pbresource.Resource) *pbresource.Resource {
-			artist.Id = nil
-			return artist
+	testCases := map[string]func(*pbresource.WriteRequest){
+		"no resource": func(req *pbresource.WriteRequest) { req.Resource = nil },
+		"no id":       func(req *pbresource.WriteRequest) { req.Resource.Id = nil },
+		"no type":     func(req *pbresource.WriteRequest) { req.Resource.Id.Type = nil },
+		"no tenancy":  func(req *pbresource.WriteRequest) { req.Resource.Id.Tenancy = nil },
+		"no name":     func(req *pbresource.WriteRequest) { req.Resource.Id.Name = "" },
+		"no data":     func(req *pbresource.WriteRequest) { req.Resource.Data = nil },
+		// clone necessary to not pollute DefaultTenancy
+		"tenancy partition not default": func(req *pbresource.WriteRequest) {
+			req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
+			req.Resource.Id.Tenancy.Partition = ""
 		},
-		"no type": func(artist, _ *pbresource.Resource) *pbresource.Resource {
-			artist.Id.Type = nil
-			return artist
+		"tenancy namespace not default": func(req *pbresource.WriteRequest) {
+			req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
+			req.Resource.Id.Tenancy.Namespace = ""
 		},
-		"no tenancy": func(artist, _ *pbresource.Resource) *pbresource.Resource {
-			artist.Id.Tenancy = nil
-			return artist
+		"tenancy peername not local": func(req *pbresource.WriteRequest) {
+			req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
+			req.Resource.Id.Tenancy.PeerName = ""
 		},
-		"no name": func(artist, _ *pbresource.Resource) *pbresource.Resource {
-			artist.Id.Name = ""
-			return artist
-		},
-		"no data": func(artist, _ *pbresource.Resource) *pbresource.Resource {
-			artist.Data = nil
-			return artist
-		},
-		"wrong data type": func(artist, _ *pbresource.Resource) *pbresource.Resource {
+		"wrong data type": func(req *pbresource.WriteRequest) {
 			var err error
-			artist.Data, err = anypb.New(&pbdemov2.Album{})
+			req.Resource.Data, err = anypb.New(&pbdemov2.Album{})
 			require.NoError(t, err)
-			return artist
-		},
-		"fail validation hook": func(artist, _ *pbresource.Resource) *pbresource.Resource {
-			buffer := &pbdemov2.Artist{}
-			require.NoError(t, artist.Data.UnmarshalTo(buffer))
-			buffer.Name = "" // name cannot be empty
-			require.NoError(t, artist.Data.MarshalFrom(buffer))
-			return artist
 		},
-		"partition scope with non-empty namespace": func(_, recordLabel *pbresource.Resource) *pbresource.Resource {
-			recordLabel.Id.Tenancy.Namespace = "bogus"
-			return recordLabel
+		"fail validation hook": func(req *pbresource.WriteRequest) {
+			artist := &pbdemov2.Artist{}
+			require.NoError(t, req.Resource.Data.UnmarshalTo(artist))
+			artist.Name = "" // name cannot be empty
+			require.NoError(t, req.Resource.Data.MarshalFrom(artist))
 		},
-		// TODO(spatel): add cluster scope tests when we have an actual cluster scoped resource (e.g. partition)
 	}
 	for desc, modFn := range testCases {
 		t.Run(desc, func(t *testing.T) {
-			artist, err := demo.GenerateV2Artist()
+			res, err := demo.GenerateV2Artist()
 			require.NoError(t, err)
 
-			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
-			require.NoError(t, err)
+			req := &pbresource.WriteRequest{Resource: res}
+			modFn(req)
 
-			req := &pbresource.WriteRequest{Resource: modFn(artist, recordLabel)}
 			_, err = client.Write(testContext(t), req)
 			require.Error(t, err)
 			require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
@@ -112,6 +99,28 @@ func TestWrite_OwnerValidation(t *testing.T) {
 			modReqFn:      func(req *pbresource.WriteRequest) { req.Resource.Owner.Name = "" },
 			errorContains: "resource.owner.name",
 		},
+		// clone necessary to not pollute DefaultTenancy
+		"owner tenancy partition not default": {
+			modReqFn: func(req *pbresource.WriteRequest) {
+				req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
+				req.Resource.Owner.Tenancy.Partition = ""
+			},
+			errorContains: "resource.owner.tenancy.partition",
+		},
+		"owner tenancy namespace not default": {
+			modReqFn: func(req *pbresource.WriteRequest) {
+				req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
+				req.Resource.Owner.Tenancy.Namespace = ""
+			},
+			errorContains: "resource.owner.tenancy.namespace",
+		},
+		"owner tenancy peername not local": {
+			modReqFn: func(req *pbresource.WriteRequest) {
+				req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
+				req.Resource.Owner.Tenancy.PeerName = ""
+			},
+			errorContains: "resource.owner.tenancy.peername",
+		},
 	}
 	for desc, tc := range testCases {
 		t.Run(desc, func(t *testing.T) {
@@ -212,196 +221,20 @@ func TestWrite_Mutate(t *testing.T) {
 	require.Equal(t, pbdemov2.Genre_GENRE_DISCO, artistData.Genre)
 }
 
-func TestWrite_Create_Success(t *testing.T) {
-	testCases := map[string]struct {
-		modFn           func(artist, recordLabel *pbresource.Resource) *pbresource.Resource
-		expectedTenancy *pbresource.Tenancy
-	}{
-		"namespaced resource provides nonempty partition and namespace": {
-			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
-				return artist
-			},
-			expectedTenancy: resource.DefaultNamespacedTenancy(),
-		},
-		"namespaced resource provides uppercase partition and namespace": {
-			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
-				artist.Id.Tenancy.Partition = strings.ToUpper(artist.Id.Tenancy.Partition)
-				artist.Id.Tenancy.Namespace = strings.ToUpper(artist.Id.Tenancy.Namespace)
-				return artist
-			},
-			expectedTenancy: resource.DefaultNamespacedTenancy(),
-		},
-		"namespaced resource inherits tokens partition when empty": {
-			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
-				artist.Id.Tenancy.Partition = ""
-				return artist
-			},
-			expectedTenancy: resource.DefaultNamespacedTenancy(),
-		},
-		"namespaced resource inherits tokens namespace when empty": {
-			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
-				artist.Id.Tenancy.Namespace = ""
-				return artist
-			},
-			expectedTenancy: resource.DefaultNamespacedTenancy(),
-		},
-		"namespaced resource inherits tokens partition and namespace when empty": {
-			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
-				artist.Id.Tenancy.Partition = ""
-				artist.Id.Tenancy.Namespace = ""
-				return artist
-			},
-			expectedTenancy: resource.DefaultNamespacedTenancy(),
-		},
-		"partitioned resource provides nonempty partition": {
-			modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource {
-				return recordLabel
-			},
-			expectedTenancy: resource.DefaultPartitionedTenancy(),
-		},
-		"partitioned resource provides uppercase partition": {
-			modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource {
-				recordLabel.Id.Tenancy.Partition = strings.ToUpper(recordLabel.Id.Tenancy.Partition)
-				return recordLabel
-			},
-			expectedTenancy: resource.DefaultPartitionedTenancy(),
-		},
-		"partitioned resource inherits tokens partition when empty": {
-			modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource {
-				recordLabel.Id.Tenancy.Partition = ""
-				return recordLabel
-			},
-			expectedTenancy: resource.DefaultPartitionedTenancy(),
-		},
-		// TODO(spatel): Add cluster scope tests when we have an actual cluster scoped resource (e.g. partition)
-	}
-	for desc, tc := range testCases {
-		t.Run(desc, func(t *testing.T) {
-			server := testServer(t)
-			client := testClient(t, server)
-			demo.RegisterTypes(server.Registry)
-
-			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
-			require.NoError(t, err)
-
-			artist, err := demo.GenerateV2Artist()
-			require.NoError(t, err)
-
-			rsp, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: tc.modFn(artist, recordLabel)})
-			require.NoError(t, err)
-			require.NotEmpty(t, rsp.Resource.Version, "resource should have version")
-			require.NotEmpty(t, rsp.Resource.Id.Uid, "resource id should have uid")
-			require.NotEmpty(t, rsp.Resource.Generation, "resource should have generation")
-			prototest.AssertDeepEqual(t, tc.expectedTenancy, rsp.Resource.Id.Tenancy)
-		})
-	}
-}
-
-func TestWrite_Create_Tenancy_NotFound(t *testing.T) {
-	testCases := map[string]struct {
-		modFn       func(artist, recordLabel *pbresource.Resource) *pbresource.Resource
-		errCode     codes.Code
-		errContains string
-	}{
-		"namespaced resource provides nonexistant partition": {
-			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
-				artist.Id.Tenancy.Partition = "boguspartition"
-				return artist
-			},
-			errCode:     codes.InvalidArgument,
-			errContains: "partition",
-		},
-		"namespaced resource provides nonexistant namespace": {
-			modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource {
-				artist.Id.Tenancy.Namespace = "bogusnamespace"
-				return artist
-			},
-			errCode:     codes.InvalidArgument,
-			errContains: "namespace",
-		},
-		"partitioned resource provides nonexistant partition": {
-			modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource {
-				recordLabel.Id.Tenancy.Partition = "boguspartition"
-				return recordLabel
-			},
-			errCode:     codes.InvalidArgument,
-			errContains: "partition",
-		},
-	}
-	for desc, tc := range testCases {
-		t.Run(desc, func(t *testing.T) {
-			server := testServer(t)
-			client := testClient(t, server)
-			demo.RegisterTypes(server.Registry)
-
-			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
-			require.NoError(t, err)
-
-			artist, err := demo.GenerateV2Artist()
-			require.NoError(t, err)
-
-			_, err = client.Write(testContext(t), &pbresource.WriteRequest{Resource: tc.modFn(artist, recordLabel)})
-			require.Error(t, err)
-			require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
-			require.Contains(t, err.Error(), tc.errContains)
-		})
-	}
-}
-
-func TestWrite_Tenancy_MarkedForDeletion(t *testing.T) {
-	// Verify resource write fails when its partition or namespace is marked for deletion.
-	testCases := map[string]struct {
-		modFn       func(artist, recordLabel *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource
-		errContains string
-	}{
-		"namespaced resources partition marked for deletion": {
-			modFn: func(artist, _ *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource {
-				mockTenancyBridge.On("IsPartitionMarkedForDeletion", "part1").Return(true, nil)
-				return artist
-			},
-			errContains: "partition marked for deletion",
-		},
-		"namespaced resources namespace marked for deletion": {
-			modFn: func(artist, _ *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource {
-				mockTenancyBridge.On("IsPartitionMarkedForDeletion", "part1").Return(false, nil)
-				mockTenancyBridge.On("IsNamespaceMarkedForDeletion", "part1", "ns1").Return(true, nil)
-				return artist
-			},
-			errContains: "namespace marked for deletion",
-		},
-		"partitioned resources partition marked for deletion": {
-			modFn: func(_, recordLabel *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource {
-				mockTenancyBridge.On("IsPartitionMarkedForDeletion", "part1").Return(true, nil)
-				return recordLabel
-			},
-			errContains: "partition marked for deletion",
-		},
-	}
-	for desc, tc := range testCases {
-		t.Run(desc, func(t *testing.T) {
-			server := testServer(t)
-			client := testClient(t, server)
-			demo.RegisterTypes(server.Registry)
-			recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes")
-			require.NoError(t, err)
-			recordLabel.Id.Tenancy.Partition = "part1"
+func TestWrite_ResourceCreation_Success(t *testing.T) {
+	server := testServer(t)
+	client := testClient(t, server)
 
-			artist, err := demo.GenerateV2Artist()
-			require.NoError(t, err)
-			artist.Id.Tenancy.Partition = "part1"
-			artist.Id.Tenancy.Namespace = "ns1"
+	demo.RegisterTypes(server.Registry)
 
-			mockTenancyBridge := &MockTenancyBridge{}
-			mockTenancyBridge.On("PartitionExists", "part1").Return(true, nil)
-			mockTenancyBridge.On("NamespaceExists", "part1", "ns1").Return(true, nil)
-			server.V1TenancyBridge = mockTenancyBridge
+	res, err := demo.GenerateV2Artist()
+	require.NoError(t, err)
 
-			_, err = client.Write(testContext(t), &pbresource.WriteRequest{Resource: tc.modFn(artist, recordLabel, mockTenancyBridge)})
-			require.Error(t, err)
-			require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
-			require.Contains(t, err.Error(), tc.errContains)
-		})
-	}
+	rsp, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: res})
+	require.NoError(t, err)
+	require.NotEmpty(t, rsp.Resource.Version, "resource should have version")
+	require.NotEmpty(t, rsp.Resource.Id.Uid, "resource id should have uid")
+	require.NotEmpty(t, rsp.Resource.Generation, "resource should have generation")
 }
 
 func TestWrite_CASUpdate_Success(t *testing.T) {
diff --git a/agent/grpc-external/services/serverdiscovery/server.go b/agent/grpc-external/services/serverdiscovery/server.go
index 99011c6d076f..477617122120 100644
--- a/agent/grpc-external/services/serverdiscovery/server.go
+++ b/agent/grpc-external/services/serverdiscovery/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package serverdiscovery
 
diff --git a/agent/grpc-external/services/serverdiscovery/server_test.go b/agent/grpc-external/services/serverdiscovery/server_test.go
index a9fd65b7cbdc..cac32bd31ee3 100644
--- a/agent/grpc-external/services/serverdiscovery/server_test.go
+++ b/agent/grpc-external/services/serverdiscovery/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package serverdiscovery
 
diff --git a/agent/grpc-external/services/serverdiscovery/watch_servers.go b/agent/grpc-external/services/serverdiscovery/watch_servers.go
index 94ed7ac58aef..31a2cb92c837 100644
--- a/agent/grpc-external/services/serverdiscovery/watch_servers.go
+++ b/agent/grpc-external/services/serverdiscovery/watch_servers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package serverdiscovery
 
diff --git a/agent/grpc-external/services/serverdiscovery/watch_servers_test.go b/agent/grpc-external/services/serverdiscovery/watch_servers_test.go
index 0df48f3bb35c..d58d0be407c3 100644
--- a/agent/grpc-external/services/serverdiscovery/watch_servers_test.go
+++ b/agent/grpc-external/services/serverdiscovery/watch_servers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package serverdiscovery
 
diff --git a/agent/grpc-external/stats_test.go b/agent/grpc-external/stats_test.go
index 798c900148ba..eed834064e08 100644
--- a/agent/grpc-external/stats_test.go
+++ b/agent/grpc-external/stats_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package external
 
diff --git a/agent/grpc-external/testutils/acl.go b/agent/grpc-external/testutils/acl.go
index caa5c7ae81f5..440a83768281 100644
--- a/agent/grpc-external/testutils/acl.go
+++ b/agent/grpc-external/testutils/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package testutils
 
diff --git a/agent/grpc-external/testutils/fsm.go b/agent/grpc-external/testutils/fsm.go
index fdec1b109ed3..0e7b645a65ec 100644
--- a/agent/grpc-external/testutils/fsm.go
+++ b/agent/grpc-external/testutils/fsm.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package testutils
 
diff --git a/agent/grpc-external/testutils/server.go b/agent/grpc-external/testutils/server.go
index 13cbb985e564..eecb10bb954f 100644
--- a/agent/grpc-external/testutils/server.go
+++ b/agent/grpc-external/testutils/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package testutils
 
diff --git a/agent/grpc-external/utils.go b/agent/grpc-external/utils.go
index 13c84c75c1ce..b3a3d3d20264 100644
--- a/agent/grpc-external/utils.go
+++ b/agent/grpc-external/utils.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package external
 
diff --git a/agent/grpc-internal/balancer/balancer.go b/agent/grpc-internal/balancer/balancer.go
index 884c2a1dec3d..4941a8087318 100644
--- a/agent/grpc-internal/balancer/balancer.go
+++ b/agent/grpc-internal/balancer/balancer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // package balancer implements a custom gRPC load balancer.
 //
diff --git a/agent/grpc-internal/balancer/balancer_test.go b/agent/grpc-internal/balancer/balancer_test.go
index f0c6db9f5329..35912aab269a 100644
--- a/agent/grpc-internal/balancer/balancer_test.go
+++ b/agent/grpc-internal/balancer/balancer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package balancer
 
diff --git a/agent/grpc-internal/balancer/registry.go b/agent/grpc-internal/balancer/registry.go
index 53b2e6555ac3..f11ea6c8cebe 100644
--- a/agent/grpc-internal/balancer/registry.go
+++ b/agent/grpc-internal/balancer/registry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package balancer
 
diff --git a/agent/grpc-internal/client.go b/agent/grpc-internal/client.go
index 1d49bc23cdd3..98a6f1fd81c5 100644
--- a/agent/grpc-internal/client.go
+++ b/agent/grpc-internal/client.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package internal
 
diff --git a/agent/grpc-internal/client_test.go b/agent/grpc-internal/client_test.go
index 134a62aa4aae..a3b99e78ad1b 100644
--- a/agent/grpc-internal/client_test.go
+++ b/agent/grpc-internal/client_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package internal
 
diff --git a/agent/grpc-internal/handler.go b/agent/grpc-internal/handler.go
index b0eeaa8a4f0c..3278d744436f 100644
--- a/agent/grpc-internal/handler.go
+++ b/agent/grpc-internal/handler.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package internal
 
diff --git a/agent/grpc-internal/handler_test.go b/agent/grpc-internal/handler_test.go
index 2027c055866d..80c026113d1f 100644
--- a/agent/grpc-internal/handler_test.go
+++ b/agent/grpc-internal/handler_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package internal
 
diff --git a/agent/grpc-internal/listener.go b/agent/grpc-internal/listener.go
index a1c226613778..bcbf121c733e 100644
--- a/agent/grpc-internal/listener.go
+++ b/agent/grpc-internal/listener.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package internal
 
diff --git a/agent/grpc-internal/pipe.go b/agent/grpc-internal/pipe.go
index 555f6d2162aa..188defd085ed 100644
--- a/agent/grpc-internal/pipe.go
+++ b/agent/grpc-internal/pipe.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package internal
 
diff --git a/agent/grpc-internal/pipe_test.go b/agent/grpc-internal/pipe_test.go
index f51d1581292b..e6ce286d1f86 100644
--- a/agent/grpc-internal/pipe_test.go
+++ b/agent/grpc-internal/pipe_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package internal
 
diff --git a/agent/grpc-internal/resolver/registry.go b/agent/grpc-internal/resolver/registry.go
index aab369c50131..5151cfd46ce0 100644
--- a/agent/grpc-internal/resolver/registry.go
+++ b/agent/grpc-internal/resolver/registry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resolver
 
diff --git a/agent/grpc-internal/resolver/resolver.go b/agent/grpc-internal/resolver/resolver.go
index 8d1436bf7aff..d04f1e657e61 100644
--- a/agent/grpc-internal/resolver/resolver.go
+++ b/agent/grpc-internal/resolver/resolver.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resolver
 
diff --git a/agent/grpc-internal/resolver/resolver_test.go b/agent/grpc-internal/resolver/resolver_test.go
index 0914eba147ba..2bd3f24f9936 100644
--- a/agent/grpc-internal/resolver/resolver_test.go
+++ b/agent/grpc-internal/resolver/resolver_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package resolver
 
 import (
diff --git a/agent/grpc-internal/server_test.go b/agent/grpc-internal/server_test.go
index 12f420979b6e..83774c712fc6 100644
--- a/agent/grpc-internal/server_test.go
+++ b/agent/grpc-internal/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package internal
 
diff --git a/agent/grpc-internal/services/subscribe/logger.go b/agent/grpc-internal/services/subscribe/logger.go
index 11c18f6adfa4..faaa63ff8427 100644
--- a/agent/grpc-internal/services/subscribe/logger.go
+++ b/agent/grpc-internal/services/subscribe/logger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package subscribe
 
diff --git a/agent/grpc-internal/services/subscribe/subscribe.go b/agent/grpc-internal/services/subscribe/subscribe.go
index a728b0164c97..08c501b6dd03 100644
--- a/agent/grpc-internal/services/subscribe/subscribe.go
+++ b/agent/grpc-internal/services/subscribe/subscribe.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package subscribe
 
diff --git a/agent/grpc-internal/services/subscribe/subscribe_test.go b/agent/grpc-internal/services/subscribe/subscribe_test.go
index 910862d4cfbd..54a267f7c40d 100644
--- a/agent/grpc-internal/services/subscribe/subscribe_test.go
+++ b/agent/grpc-internal/services/subscribe/subscribe_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package subscribe
 
diff --git a/agent/grpc-internal/stats_test.go b/agent/grpc-internal/stats_test.go
index d14c4c46bc45..5da26f512ccb 100644
--- a/agent/grpc-internal/stats_test.go
+++ b/agent/grpc-internal/stats_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package internal
 
diff --git a/agent/grpc-internal/tracker.go b/agent/grpc-internal/tracker.go
index 251fe48f9539..a313f88e5350 100644
--- a/agent/grpc-internal/tracker.go
+++ b/agent/grpc-internal/tracker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package internal
 
diff --git a/agent/grpc-middleware/auth_interceptor.go b/agent/grpc-middleware/auth_interceptor.go
index af85e5c6f94c..0472b71f00ec 100644
--- a/agent/grpc-middleware/auth_interceptor.go
+++ b/agent/grpc-middleware/auth_interceptor.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/grpc-middleware/auth_interceptor_test.go b/agent/grpc-middleware/auth_interceptor_test.go
index 0c447499bcb2..18f9334cc9b8 100644
--- a/agent/grpc-middleware/auth_interceptor_test.go
+++ b/agent/grpc-middleware/auth_interceptor_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/grpc-middleware/handshake.go b/agent/grpc-middleware/handshake.go
index 893421e0e7f1..82b352bb5ac3 100644
--- a/agent/grpc-middleware/handshake.go
+++ b/agent/grpc-middleware/handshake.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/grpc-middleware/handshake_test.go b/agent/grpc-middleware/handshake_test.go
index 178451a31464..f987a6689af2 100644
--- a/agent/grpc-middleware/handshake_test.go
+++ b/agent/grpc-middleware/handshake_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/grpc-middleware/rate.go b/agent/grpc-middleware/rate.go
index bdb63cd244a9..6f84fd36c16e 100644
--- a/agent/grpc-middleware/rate.go
+++ b/agent/grpc-middleware/rate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/grpc-middleware/rate_test.go b/agent/grpc-middleware/rate_test.go
index 16c84734a9ed..0a71d232465c 100644
--- a/agent/grpc-middleware/rate_test.go
+++ b/agent/grpc-middleware/rate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/grpc-middleware/recovery.go b/agent/grpc-middleware/recovery.go
index 04b918ee9b3a..cf1cbabe4e08 100644
--- a/agent/grpc-middleware/recovery.go
+++ b/agent/grpc-middleware/recovery.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/grpc-middleware/stats.go b/agent/grpc-middleware/stats.go
index a6bf1d2c59be..564d14a844b9 100644
--- a/agent/grpc-middleware/stats.go
+++ b/agent/grpc-middleware/stats.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/grpc-middleware/testutil/fake_sink.go b/agent/grpc-middleware/testutil/fake_sink.go
index be7623c774a2..c121481ee24f 100644
--- a/agent/grpc-middleware/testutil/fake_sink.go
+++ b/agent/grpc-middleware/testutil/fake_sink.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package testutil
 
diff --git a/agent/grpc-middleware/testutil/testservice/buf.gen.yaml b/agent/grpc-middleware/testutil/testservice/buf.gen.yaml
index 8d8a6c7dbfc0..b8ba317a333a 100644
--- a/agent/grpc-middleware/testutil/testservice/buf.gen.yaml
+++ b/agent/grpc-middleware/testutil/testservice/buf.gen.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 version: v1
 managed:
diff --git a/agent/grpc-middleware/testutil/testservice/fake_service.go b/agent/grpc-middleware/testutil/testservice/fake_service.go
index ca21d286f0b3..4428e173740b 100644
--- a/agent/grpc-middleware/testutil/testservice/fake_service.go
+++ b/agent/grpc-middleware/testutil/testservice/fake_service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package testservice
 
diff --git a/agent/grpc-middleware/testutil/testservice/simple.pb.go b/agent/grpc-middleware/testutil/testservice/simple.pb.go
index b4f664bf1ca7..18022b3dad3d 100644
--- a/agent/grpc-middleware/testutil/testservice/simple.pb.go
+++ b/agent/grpc-middleware/testutil/testservice/simple.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/agent/grpc-middleware/testutil/testservice/simple.proto b/agent/grpc-middleware/testutil/testservice/simple.proto
index d005a45aa113..c8ce3d58118d 100644
--- a/agent/grpc-middleware/testutil/testservice/simple.proto
+++ b/agent/grpc-middleware/testutil/testservice/simple.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/agent/hcp/bootstrap/bootstrap.go b/agent/hcp/bootstrap/bootstrap.go
index 8e544bdec312..191859ea002b 100644
--- a/agent/hcp/bootstrap/bootstrap.go
+++ b/agent/hcp/bootstrap/bootstrap.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package bootstrap handles bootstrapping an agent's config from HCP. It must be a
 // separate package from other HCP components because it has a dependency on
diff --git a/agent/hcp/bootstrap/bootstrap_test.go b/agent/hcp/bootstrap/bootstrap_test.go
index b475223ff8cf..74b57e5f50ab 100644
--- a/agent/hcp/bootstrap/bootstrap_test.go
+++ b/agent/hcp/bootstrap/bootstrap_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package bootstrap
 
 import (
diff --git a/agent/hcp/bootstrap/testing.go b/agent/hcp/bootstrap/testing.go
index f073d1718344..a10a5d2bc8ad 100644
--- a/agent/hcp/bootstrap/testing.go
+++ b/agent/hcp/bootstrap/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bootstrap
 
diff --git a/agent/hcp/client/client.go b/agent/hcp/client/client.go
index c0526c0e4acf..f04767e983c7 100644
--- a/agent/hcp/client/client.go
+++ b/agent/hcp/client/client.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package client
 
diff --git a/agent/hcp/client/client_test.go b/agent/hcp/client/client_test.go
index 5571630ad45a..d4bae2ae4cb5 100644
--- a/agent/hcp/client/client_test.go
+++ b/agent/hcp/client/client_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package client
 
 import (
diff --git a/agent/hcp/client/metrics_client.go b/agent/hcp/client/metrics_client.go
index b3c1c6a6b3dc..3c5b5c4fb9d6 100644
--- a/agent/hcp/client/metrics_client.go
+++ b/agent/hcp/client/metrics_client.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package client
 
 import (
diff --git a/agent/hcp/client/metrics_client_test.go b/agent/hcp/client/metrics_client_test.go
index 20a5f010ec4c..4119e326e9dc 100644
--- a/agent/hcp/client/metrics_client_test.go
+++ b/agent/hcp/client/metrics_client_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package client
 
 import (
diff --git a/agent/hcp/client/mock_CloudConfig.go b/agent/hcp/client/mock_CloudConfig.go
index 574f83e55fd5..5f2ef50046d7 100644
--- a/agent/hcp/client/mock_CloudConfig.go
+++ b/agent/hcp/client/mock_CloudConfig.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package client
 
 import (
diff --git a/agent/hcp/client/telemetry_config.go b/agent/hcp/client/telemetry_config.go
index 0745f1b7c619..55c226438030 100644
--- a/agent/hcp/client/telemetry_config.go
+++ b/agent/hcp/client/telemetry_config.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package client
 
 import (
@@ -20,7 +17,7 @@ import (
 
 var (
 	// defaultMetricFilters is a regex that matches all metric names.
-	DefaultMetricFilters = regexp.MustCompile(".+")
+	defaultMetricFilters = regexp.MustCompile(".+")
 
 	// Validation errors for AgentTelemetryConfigOK response.
 	errMissingPayload         = errors.New("missing payload")
@@ -29,7 +26,6 @@ var (
 	errMissingMetricsConfig   = errors.New("missing metrics config")
 	errInvalidRefreshInterval = errors.New("invalid refresh interval")
 	errInvalidEndpoint        = errors.New("invalid metrics endpoint")
-	errEmptyEndpoint          = errors.New("empty metrics endpoint")
 )
 
 // TelemetryConfig contains configuration for telemetry data forwarded by Consul servers
@@ -44,7 +40,6 @@ type MetricsConfig struct {
 	Labels   map[string]string
 	Filters  *regexp.Regexp
 	Endpoint *url.URL
-	Disabled bool
 }
 
 // RefreshConfig contains configuration for the periodic fetch of configuration from HCP.
@@ -52,6 +47,11 @@ type RefreshConfig struct {
 	RefreshInterval time.Duration
 }
 
+// MetricsEnabled returns true if metrics export is enabled, i.e. a valid metrics endpoint exists.
+func (t *TelemetryConfig) MetricsEnabled() bool {
+	return t.MetricsConfig.Endpoint != nil
+}
+
 // validateAgentTelemetryConfigPayload ensures the returned payload from HCP is valid.
 func validateAgentTelemetryConfigPayload(resp *hcptelemetry.AgentTelemetryConfigOK) error {
 	if resp.Payload == nil {
@@ -83,7 +83,7 @@ func convertAgentTelemetryResponse(ctx context.Context, resp *hcptelemetry.Agent
 	telemetryConfig := resp.Payload.TelemetryConfig
 	metricsEndpoint, err := convertMetricEndpoint(telemetryConfig.Endpoint, telemetryConfig.Metrics.Endpoint)
 	if err != nil {
-		return nil, err
+		return nil, errInvalidEndpoint
 	}
 
 	metricsFilters := convertMetricFilters(ctx, telemetryConfig.Metrics.IncludeList)
@@ -94,7 +94,6 @@ func convertAgentTelemetryResponse(ctx context.Context, resp *hcptelemetry.Agent
 			Endpoint: metricsEndpoint,
 			Labels:   metricLabels,
 			Filters:  metricsFilters,
-			Disabled: telemetryConfig.Metrics.Disabled,
 		},
 		RefreshConfig: &RefreshConfig{
 			RefreshInterval: refreshInterval,
@@ -112,8 +111,9 @@ func convertMetricEndpoint(telemetryEndpoint string, metricsEndpoint string) (*u
 		endpoint = metricsEndpoint
 	}
 
+	// If endpoint is empty, server not registered with CCM, no error returned.
 	if endpoint == "" {
-		return nil, errEmptyEndpoint
+		return nil, nil
 	}
 
 	// Endpoint from CTW has no metrics path, so it must be added.
@@ -142,7 +142,7 @@ func convertMetricFilters(ctx context.Context, payloadFilters []string) *regexp.
 
 	if len(validFilters) == 0 {
 		logger.Error("no valid filters")
-		return DefaultMetricFilters
+		return defaultMetricFilters
 	}
 
 	// Combine the valid regex strings with OR.
@@ -150,7 +150,7 @@ func convertMetricFilters(ctx context.Context, payloadFilters []string) *regexp.
 	composedRegex, err := regexp.Compile(finalRegex)
 	if err != nil {
 		logger.Error("failed to compile final regex", "error", err)
-		return DefaultMetricFilters
+		return defaultMetricFilters
 	}
 
 	return composedRegex
diff --git a/agent/hcp/client/telemetry_config_test.go b/agent/hcp/client/telemetry_config_test.go
index d43024400779..42d3ee649802 100644
--- a/agent/hcp/client/telemetry_config_test.go
+++ b/agent/hcp/client/telemetry_config_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package client
 
 import (
@@ -88,6 +85,7 @@ func TestConvertAgentTelemetryResponse(t *testing.T) {
 		resp                 *consul_telemetry_service.AgentTelemetryConfigOK
 		expectedTelemetryCfg *TelemetryConfig
 		wantErr              error
+		expectedEnabled      bool
 	}{
 		"success": {
 			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
@@ -114,6 +112,34 @@ func TestConvertAgentTelemetryResponse(t *testing.T) {
 					RefreshInterval: 2 * time.Second,
 				},
 			},
+			expectedEnabled: true,
+		},
+		"successNoEndpoint": {
+			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
+				Payload: &models.HashicorpCloudConsulTelemetry20230414AgentTelemetryConfigResponse{
+					TelemetryConfig: &models.HashicorpCloudConsulTelemetry20230414TelemetryConfig{
+						Endpoint: "",
+						Labels:   map[string]string{"test": "test"},
+						Metrics: &models.HashicorpCloudConsulTelemetry20230414TelemetryMetricsConfig{
+							IncludeList: []string{"test", "consul"},
+						},
+					},
+					RefreshConfig: &models.HashicorpCloudConsulTelemetry20230414RefreshConfig{
+						RefreshInterval: "2s",
+					},
+				},
+			},
+			expectedTelemetryCfg: &TelemetryConfig{
+				MetricsConfig: &MetricsConfig{
+					Endpoint: nil,
+					Labels:   map[string]string{"test": "test"},
+					Filters:  validTestFilters,
+				},
+				RefreshConfig: &RefreshConfig{
+					RefreshInterval: 2 * time.Second,
+				},
+			},
+			expectedEnabled: false,
 		},
 		"successBadFilters": {
 			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
@@ -134,12 +160,13 @@ func TestConvertAgentTelemetryResponse(t *testing.T) {
 				MetricsConfig: &MetricsConfig{
 					Endpoint: validTestURL,
 					Labels:   map[string]string{"test": "test"},
-					Filters:  DefaultMetricFilters,
+					Filters:  defaultMetricFilters,
 				},
 				RefreshConfig: &RefreshConfig{
 					RefreshInterval: 2 * time.Second,
 				},
 			},
+			expectedEnabled: true,
 		},
 		"errorsWithInvalidRefreshInterval": {
 			resp: &consul_telemetry_service.AgentTelemetryConfigOK{
@@ -179,6 +206,7 @@ func TestConvertAgentTelemetryResponse(t *testing.T) {
 			}
 			require.NoError(t, err)
 			require.Equal(t, tc.expectedTelemetryCfg, telemetryCfg)
+			require.Equal(t, tc.expectedEnabled, telemetryCfg.MetricsEnabled())
 		})
 	}
 }
@@ -200,10 +228,10 @@ func TestConvertMetricEndpoint(t *testing.T) {
 			override: "https://override.com",
 			expected: "https://override.com/v1/metrics",
 		},
-		"errorWithEmptyEndpoints": {
+		"noErrorWithEmptyEndpoints": {
 			endpoint: "",
 			override: "",
-			wantErr:  errEmptyEndpoint,
+			expected: "",
 		},
 		"errorWithInvalidURL": {
 			endpoint: "     ",
@@ -221,6 +249,12 @@ func TestConvertMetricEndpoint(t *testing.T) {
 				return
 			}
 
+			if tc.expected == "" {
+				require.Nil(t, u)
+				require.NoError(t, err)
+				return
+			}
+
 			require.NotNil(t, u)
 			require.NoError(t, err)
 			require.Equal(t, tc.expected, u.String())
@@ -240,13 +274,13 @@ func TestConvertMetricFilters(t *testing.T) {
 	}{
 		"badFilterRegex": {
 			filters:             []string{"(*LF)"},
-			expectedRegexString: DefaultMetricFilters.String(),
+			expectedRegexString: defaultMetricFilters.String(),
 			matches:             []string{"consul.raft.peers", "consul.mem.heap_size"},
 			wantMatch:           true,
 		},
 		"emptyRegex": {
 			filters:             []string{},
-			expectedRegexString: DefaultMetricFilters.String(),
+			expectedRegexString: defaultMetricFilters.String(),
 			matches:             []string{"consul.raft.peers", "consul.mem.heap_size"},
 			wantMatch:           true,
 		},
diff --git a/agent/hcp/config/config.go b/agent/hcp/config/config.go
index 59977ef46f37..319c39e40e94 100644
--- a/agent/hcp/config/config.go
+++ b/agent/hcp/config/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/agent/hcp/deps.go b/agent/hcp/deps.go
index 7bf384747dbd..ab8288e344d1 100644
--- a/agent/hcp/deps.go
+++ b/agent/hcp/deps.go
@@ -1,24 +1,24 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package hcp
 
 import (
 	"context"
 	"fmt"
+	"time"
 
 	"github.com/armon/go-metrics"
-	"github.com/hashicorp/go-hclog"
-
-	"github.com/hashicorp/consul/agent/hcp/client"
+	hcpclient "github.com/hashicorp/consul/agent/hcp/client"
 	"github.com/hashicorp/consul/agent/hcp/config"
 	"github.com/hashicorp/consul/agent/hcp/scada"
 	"github.com/hashicorp/consul/agent/hcp/telemetry"
+	"github.com/hashicorp/go-hclog"
 )
 
 // Deps contains the interfaces that the rest of Consul core depends on for HCP integration.
 type Deps struct {
-	Client   client.Client
+	Client   hcpclient.Client
 	Provider scada.Provider
 	Sink     metrics.MetricSink
 }
@@ -27,7 +27,7 @@ func NewDeps(cfg config.CloudConfig, logger hclog.Logger) (Deps, error) {
 	ctx := context.Background()
 	ctx = hclog.WithContext(ctx, logger)
 
-	hcpClient, err := client.NewClient(cfg)
+	client, err := hcpclient.NewClient(cfg)
 	if err != nil {
 		return Deps{}, fmt.Errorf("failed to init client: %w", err)
 	}
@@ -37,33 +37,50 @@ func NewDeps(cfg config.CloudConfig, logger hclog.Logger) (Deps, error) {
 		return Deps{}, fmt.Errorf("failed to init scada: %w", err)
 	}
 
-	metricsClient, err := client.NewMetricsClient(ctx, &cfg)
+	metricsClient, err := hcpclient.NewMetricsClient(ctx, &cfg)
 	if err != nil {
 		logger.Error("failed to init metrics client", "error", err)
 		return Deps{}, fmt.Errorf("failed to init metrics client: %w", err)
 	}
 
-	sink, err := sink(ctx, metricsClient, NewHCPProvider(ctx, hcpClient))
+	sink, err := sink(ctx, client, metricsClient)
 	if err != nil {
 		// Do not prevent server start if sink init fails, only log error.
 		logger.Error("failed to init sink", "error", err)
 	}
 
 	return Deps{
-		Client:   hcpClient,
+		Client:   client,
 		Provider: provider,
 		Sink:     sink,
 	}, nil
 }
 
 // sink initializes an OTELSink which forwards Consul metrics to HCP.
+// The sink is only initialized if the server is registered with the management plane (CCM).
 // This step should not block server initialization, errors are returned, only to be logged.
 func sink(
 	ctx context.Context,
+	hcpClient hcpclient.Client,
 	metricsClient telemetry.MetricsClient,
-	cfgProvider *hcpProviderImpl,
 ) (metrics.MetricSink, error) {
-	logger := hclog.FromContext(ctx)
+	logger := hclog.FromContext(ctx).Named("sink")
+	reqCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
+	defer cancel()
+
+	telemetryCfg, err := hcpClient.FetchTelemetryConfig(reqCtx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to fetch telemetry config: %w", err)
+	}
+
+	if !telemetryCfg.MetricsEnabled() {
+		return nil, nil
+	}
+
+	cfgProvider, err := NewHCPProvider(ctx, hcpClient, telemetryCfg)
+	if err != nil {
+		return nil, fmt.Errorf("failed to init config provider: %w", err)
+	}
 
 	reader := telemetry.NewOTELReader(metricsClient, cfgProvider)
 	sinkOpts := &telemetry.OTELSinkOpts{
@@ -73,7 +90,7 @@ func sink(
 
 	sink, err := telemetry.NewOTELSink(ctx, sinkOpts)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create OTELSink: %w", err)
+		return nil, fmt.Errorf("failed create OTELSink: %w", err)
 	}
 
 	logger.Debug("initialized HCP metrics sink")
diff --git a/agent/hcp/deps_test.go b/agent/hcp/deps_test.go
index 7375dad68cb7..8bab66bac3f3 100644
--- a/agent/hcp/deps_test.go
+++ b/agent/hcp/deps_test.go
@@ -1,14 +1,17 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package hcp
 
 import (
 	"context"
+	"fmt"
+	"net/url"
+	"regexp"
 	"testing"
+	"time"
 
+	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 
+	"github.com/hashicorp/consul/agent/hcp/client"
 	"github.com/hashicorp/consul/agent/hcp/telemetry"
 )
 
@@ -18,11 +21,79 @@ type mockMetricsClient struct {
 
 func TestSink(t *testing.T) {
 	t.Parallel()
+	for name, test := range map[string]struct {
+		expect       func(*client.MockClient)
+		wantErr      string
+		expectedSink bool
+	}{
+		"success": {
+			expect: func(mockClient *client.MockClient) {
+				u, _ := url.Parse("https://test.com/v1/metrics")
+				filters, _ := regexp.Compile("test")
+				mt := mockTelemetryConfig(1*time.Second, u, filters)
+				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mt, nil)
+			},
+			expectedSink: true,
+		},
+		"noSinkWhenFetchTelemetryConfigFails": {
+			expect: func(mockClient *client.MockClient) {
+				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, fmt.Errorf("fetch failed"))
+			},
+			wantErr: "failed to fetch telemetry config",
+		},
+		"noSinkWhenServerNotRegisteredWithCCM": {
+			expect: func(mockClient *client.MockClient) {
+				mt := mockTelemetryConfig(1*time.Second, nil, nil)
+				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mt, nil)
+			},
+		},
+		"noSinkWhenTelemetryConfigProviderInitFails": {
+			expect: func(mockClient *client.MockClient) {
+				u, _ := url.Parse("https://test.com/v1/metrics")
+				// Bad refresh interval forces ConfigProvider creation failure.
+				mt := mockTelemetryConfig(0*time.Second, u, nil)
+				mockClient.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mt, nil)
+			},
+			wantErr: "failed to init config provider",
+		},
+	} {
+		test := test
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			c := client.NewMockClient(t)
+			mc := mockMetricsClient{}
+
+			test.expect(c)
+			ctx := context.Background()
+
+			s, err := sink(ctx, c, mc)
 
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-	s, err := sink(ctx, mockMetricsClient{}, &hcpProviderImpl{})
+			if test.wantErr != "" {
+				require.NotNil(t, err)
+				require.Contains(t, err.Error(), test.wantErr)
+				require.Nil(t, s)
+				return
+			}
+
+			if !test.expectedSink {
+				require.Nil(t, s)
+				require.Nil(t, err)
+				return
+			}
+
+			require.NotNil(t, s)
+		})
+	}
+}
 
-	require.NotNil(t, s)
-	require.NoError(t, err)
+func mockTelemetryConfig(refreshInterval time.Duration, metricsEndpoint *url.URL, filters *regexp.Regexp) *client.TelemetryConfig {
+	return &client.TelemetryConfig{
+		MetricsConfig: &client.MetricsConfig{
+			Endpoint: metricsEndpoint,
+			Filters:  filters,
+		},
+		RefreshConfig: &client.RefreshConfig{
+			RefreshInterval: refreshInterval,
+		},
+	}
 }
diff --git a/agent/hcp/discover/discover.go b/agent/hcp/discover/discover.go
index 981400c38b47..12024b7dd6a0 100644
--- a/agent/hcp/discover/discover.go
+++ b/agent/hcp/discover/discover.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package discover
 
diff --git a/agent/hcp/manager.go b/agent/hcp/manager.go
index a3664b0608df..0dc9db95da29 100644
--- a/agent/hcp/manager.go
+++ b/agent/hcp/manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package hcp
 
diff --git a/agent/hcp/manager_test.go b/agent/hcp/manager_test.go
index 8432e63ed528..48ace166618b 100644
--- a/agent/hcp/manager_test.go
+++ b/agent/hcp/manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package hcp
 
diff --git a/agent/hcp/scada/capabilities.go b/agent/hcp/scada/capabilities.go
index bbb6ea6266dc..c18192ae6e94 100644
--- a/agent/hcp/scada/capabilities.go
+++ b/agent/hcp/scada/capabilities.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package scada
 
diff --git a/agent/hcp/scada/scada.go b/agent/hcp/scada/scada.go
index 151e1b6862ef..5aba819bda49 100644
--- a/agent/hcp/scada/scada.go
+++ b/agent/hcp/scada/scada.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package scada
 
diff --git a/agent/hcp/telemetry/custom_metrics.go b/agent/hcp/telemetry/custom_metrics.go
index 39df765b9204..d691dccde207 100644
--- a/agent/hcp/telemetry/custom_metrics.go
+++ b/agent/hcp/telemetry/custom_metrics.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package telemetry
 
 // Keys for custom Go Metrics metrics emitted only for the OTEL
diff --git a/agent/hcp/telemetry/doc.go b/agent/hcp/telemetry/doc.go
index d982a37c0f3e..4ef18f39bd30 100644
--- a/agent/hcp/telemetry/doc.go
+++ b/agent/hcp/telemetry/doc.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 // Package telemetry implements functionality to collect, aggregate, convert and export
 // telemetry data in OpenTelemetry Protocol (OTLP) format.
 //
diff --git a/agent/hcp/telemetry/gauge_store.go b/agent/hcp/telemetry/gauge_store.go
index bb7030dae852..76dfb7806668 100644
--- a/agent/hcp/telemetry/gauge_store.go
+++ b/agent/hcp/telemetry/gauge_store.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package telemetry
 
 import (
diff --git a/agent/hcp/telemetry/gauge_store_test.go b/agent/hcp/telemetry/gauge_store_test.go
index 4ccac624dbd9..1171ee379c32 100644
--- a/agent/hcp/telemetry/gauge_store_test.go
+++ b/agent/hcp/telemetry/gauge_store_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package telemetry
 
 import (
diff --git a/agent/hcp/telemetry/otel_exporter.go b/agent/hcp/telemetry/otel_exporter.go
index 050d5660668d..ba92d4419157 100644
--- a/agent/hcp/telemetry/otel_exporter.go
+++ b/agent/hcp/telemetry/otel_exporter.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package telemetry
 
 import (
@@ -23,9 +20,7 @@ type MetricsClient interface {
 // EndpointProvider provides the endpoint where metrics are exported to by the OTELExporter.
 // EndpointProvider exposes the GetEndpoint() interface method to fetch the endpoint.
 // This abstraction layer offers flexibility, in particular for dynamic configuration or changes to the endpoint.
-// The OTELExporter calls the Disabled interface to verify that it should actually export metrics.
 type EndpointProvider interface {
-	Disabled
 	GetEndpoint() *url.URL
 }
 
@@ -70,10 +65,6 @@ func (e *otelExporter) Aggregation(kind metric.InstrumentKind) aggregation.Aggre
 
 // Export serializes and transmits metric data to a receiver.
 func (e *otelExporter) Export(ctx context.Context, metrics *metricdata.ResourceMetrics) error {
-	if e.endpointProvider.IsDisabled() {
-		return nil
-	}
-
 	endpoint := e.endpointProvider.GetEndpoint()
 	if endpoint == nil {
 		return nil
diff --git a/agent/hcp/telemetry/otel_exporter_test.go b/agent/hcp/telemetry/otel_exporter_test.go
index ebe6486abca8..704817f6407d 100644
--- a/agent/hcp/telemetry/otel_exporter_test.go
+++ b/agent/hcp/telemetry/otel_exporter_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package telemetry
 
 import (
@@ -34,11 +31,9 @@ func (m *mockMetricsClient) ExportMetrics(ctx context.Context, protoMetrics *met
 
 type mockEndpointProvider struct {
 	endpoint *url.URL
-	disabled bool
 }
 
 func (m *mockEndpointProvider) GetEndpoint() *url.URL { return m.endpoint }
-func (m *mockEndpointProvider) IsDisabled() bool      { return m.disabled }
 
 func TestTemporality(t *testing.T) {
 	t.Parallel()
@@ -82,20 +77,13 @@ func TestExport(t *testing.T) {
 		client   MetricsClient
 		provider EndpointProvider
 	}{
-		"earlyReturnDisabledProvider": {
-			client: &mockMetricsClient{},
-			provider: &mockEndpointProvider{
-				disabled: true,
-			},
-		},
 		"earlyReturnWithoutEndpoint": {
 			client:   &mockMetricsClient{},
 			provider: &mockEndpointProvider{},
 		},
 		"earlyReturnWithoutScopeMetrics": {
-			client:   &mockMetricsClient{},
-			metrics:  mutateMetrics(nil),
-			provider: &mockEndpointProvider{},
+			client:  &mockMetricsClient{},
+			metrics: mutateMetrics(nil),
 		},
 		"earlyReturnWithoutMetrics": {
 			client: &mockMetricsClient{},
@@ -103,7 +91,6 @@ func TestExport(t *testing.T) {
 				{Metrics: []metricdata.Metrics{}},
 			},
 			),
-			provider: &mockEndpointProvider{},
 		},
 		"errorWithExportFailure": {
 			client: &mockMetricsClient{
@@ -120,9 +107,6 @@ func TestExport(t *testing.T) {
 				},
 			},
 			),
-			provider: &mockEndpointProvider{
-				endpoint: &url.URL{},
-			},
 			wantErr: "failed to export metrics",
 		},
 	} {
diff --git a/agent/hcp/telemetry/otel_sink.go b/agent/hcp/telemetry/otel_sink.go
index 12aae982016c..a35b1827d60c 100644
--- a/agent/hcp/telemetry/otel_sink.go
+++ b/agent/hcp/telemetry/otel_sink.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package telemetry
 
 import (
@@ -36,15 +33,8 @@ const (
 	defaultExportTimeout = 30 * time.Second
 )
 
-// Disabled should be implemented to turn on/off metrics processing
-type Disabled interface {
-	// IsDisabled() can return true disallow the sink from accepting metrics.
-	IsDisabled() bool
-}
-
 // ConfigProvider is required to provide custom metrics processing.
 type ConfigProvider interface {
-	Disabled
 	// GetLabels should return a set of OTEL attributes added by default all metrics.
 	GetLabels() map[string]string
 
@@ -154,11 +144,8 @@ func (o *OTELSink) IncrCounter(key []string, val float32) {
 // AddSampleWithLabels emits a Consul gauge metric that gets
 // registed by an OpenTelemetry Histogram instrument.
 func (o *OTELSink) SetGaugeWithLabels(key []string, val float32, labels []gometrics.Label) {
-	if o.cfgProvider.IsDisabled() {
-		return
-	}
-
 	k := o.flattenKey(key)
+
 	if !o.allowedMetric(k) {
 		return
 	}
@@ -185,11 +172,8 @@ func (o *OTELSink) SetGaugeWithLabels(key []string, val float32, labels []gometr
 
 // AddSampleWithLabels emits a Consul sample metric that gets registed by an OpenTelemetry Histogram instrument.
 func (o *OTELSink) AddSampleWithLabels(key []string, val float32, labels []gometrics.Label) {
-	if o.cfgProvider.IsDisabled() {
-		return
-	}
-
 	k := o.flattenKey(key)
+
 	if !o.allowedMetric(k) {
 		return
 	}
@@ -214,11 +198,8 @@ func (o *OTELSink) AddSampleWithLabels(key []string, val float32, labels []gomet
 
 // IncrCounterWithLabels emits a Consul counter metric that gets registed by an OpenTelemetry Histogram instrument.
 func (o *OTELSink) IncrCounterWithLabels(key []string, val float32, labels []gometrics.Label) {
-	if o.cfgProvider.IsDisabled() {
-		return
-	}
-
 	k := o.flattenKey(key)
+
 	if !o.allowedMetric(k) {
 		return
 	}
diff --git a/agent/hcp/telemetry/otel_sink_test.go b/agent/hcp/telemetry/otel_sink_test.go
index 30bbeee519b7..509dde299d62 100644
--- a/agent/hcp/telemetry/otel_sink_test.go
+++ b/agent/hcp/telemetry/otel_sink_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package telemetry
 
 import (
@@ -21,9 +18,8 @@ import (
 )
 
 type mockConfigProvider struct {
-	filter   *regexp.Regexp
-	labels   map[string]string
-	disabled bool
+	filter *regexp.Regexp
+	labels map[string]string
 }
 
 func (m *mockConfigProvider) GetLabels() map[string]string {
@@ -34,10 +30,6 @@ func (m *mockConfigProvider) GetFilters() *regexp.Regexp {
 	return m.filter
 }
 
-func (m *mockConfigProvider) IsDisabled() bool {
-	return m.disabled
-}
-
 var (
 	expectedResource = resource.NewSchemaless()
 
@@ -228,29 +220,6 @@ func TestOTELSink(t *testing.T) {
 	isSame(t, expectedSinkMetrics, collected)
 }
 
-func TestOTELSinkDisabled(t *testing.T) {
-	reader := metric.NewManualReader()
-	ctx := context.Background()
-
-	sink, err := NewOTELSink(ctx, &OTELSinkOpts{
-		ConfigProvider: &mockConfigProvider{
-			filter:   regexp.MustCompile("raft"),
-			disabled: true,
-		},
-		Reader: reader,
-	})
-	require.NoError(t, err)
-
-	sink.SetGauge([]string{"consul", "raft", "gauge"}, 1)
-	sink.IncrCounter([]string{"consul", "raft", "counter"}, 1)
-	sink.AddSample([]string{"consul", "raft", "sample"}, 1)
-
-	var collected metricdata.ResourceMetrics
-	err = reader.Collect(ctx, &collected)
-	require.NoError(t, err)
-	require.Empty(t, collected.ScopeMetrics)
-}
-
 func TestLabelsToAttributes(t *testing.T) {
 	for name, test := range map[string]struct {
 		providerLabels         map[string]string
diff --git a/agent/hcp/telemetry/otlp_transform.go b/agent/hcp/telemetry/otlp_transform.go
index 907e7922ad98..76e20552a0d4 100644
--- a/agent/hcp/telemetry/otlp_transform.go
+++ b/agent/hcp/telemetry/otlp_transform.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package telemetry
 
 import (
@@ -16,8 +13,8 @@ import (
 )
 
 var (
-	errAggregaton  = errors.New("unsupported aggregation")
-	errTemporality = errors.New("unsupported temporality")
+	aggregationErr = errors.New("unsupported aggregation")
+	temporalityErr = errors.New("unsupported temporality")
 )
 
 // isEmpty verifies if the given OTLP protobuf metrics contains metric data.
@@ -99,7 +96,7 @@ func metricTypeToPB(m metricdata.Metrics) (*mpb.Metric, error) {
 		}
 	case metricdata.Sum[float64]:
 		if a.Temporality != metricdata.CumulativeTemporality {
-			return out, fmt.Errorf("failed to convert metric to otel format: %w: %T", errTemporality, a)
+			return out, fmt.Errorf("error: %w: %T", temporalityErr, a)
 		}
 		out.Data = &mpb.Metric_Sum{
 			Sum: &mpb.Sum{
@@ -110,7 +107,7 @@ func metricTypeToPB(m metricdata.Metrics) (*mpb.Metric, error) {
 		}
 	case metricdata.Histogram[float64]:
 		if a.Temporality != metricdata.CumulativeTemporality {
-			return out, fmt.Errorf("failed to convert metric to otel format: %w: %T", errTemporality, a)
+			return out, fmt.Errorf("error: %w: %T", temporalityErr, a)
 		}
 		out.Data = &mpb.Metric_Histogram{
 			Histogram: &mpb.Histogram{
@@ -119,7 +116,7 @@ func metricTypeToPB(m metricdata.Metrics) (*mpb.Metric, error) {
 			},
 		}
 	default:
-		return out, fmt.Errorf("failed to convert metric to otel format: %w: %T", errAggregaton, a)
+		return out, fmt.Errorf("error: %w: %T", aggregationErr, a)
 	}
 	return out, nil
 }
diff --git a/agent/hcp/telemetry/otlp_transform_test.go b/agent/hcp/telemetry/otlp_transform_test.go
index d67df73d8343..8f6beb7d489d 100644
--- a/agent/hcp/telemetry/otlp_transform_test.go
+++ b/agent/hcp/telemetry/otlp_transform_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package telemetry
 
 import (
@@ -260,15 +257,15 @@ func TestTransformOTLP(t *testing.T) {
 	// MetricType Error Test Cases
 	_, err := metricTypeToPB(invalidHistTemporality)
 	require.Error(t, err)
-	require.ErrorIs(t, err, errTemporality)
+	require.ErrorIs(t, err, temporalityErr)
 
 	_, err = metricTypeToPB(invalidSumTemporality)
 	require.Error(t, err)
-	require.ErrorIs(t, err, errTemporality)
+	require.ErrorIs(t, err, temporalityErr)
 
 	_, err = metricTypeToPB(invalidSumAgg)
 	require.Error(t, err)
-	require.ErrorIs(t, err, errAggregaton)
+	require.ErrorIs(t, err, aggregationErr)
 
 	// Metrics Test Case
 	m := metricsToPB(inputMetrics)
diff --git a/agent/hcp/telemetry_provider.go b/agent/hcp/telemetry_provider.go
index 22bb0f2f00b8..eb0f23e804f3 100644
--- a/agent/hcp/telemetry_provider.go
+++ b/agent/hcp/telemetry_provider.go
@@ -1,17 +1,14 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package hcp
 
 import (
 	"context"
+	"fmt"
 	"net/url"
 	"regexp"
 	"sync"
 	"time"
 
 	"github.com/armon/go-metrics"
-	"github.com/go-openapi/runtime"
 	"github.com/hashicorp/go-hclog"
 
 	"github.com/hashicorp/consul/agent/hcp/client"
@@ -23,8 +20,6 @@ var (
 	internalMetricRefreshFailure []string = []string{"hcp", "telemetry_config_provider", "refresh", "failure"}
 	// internalMetricRefreshSuccess is a metric to monitor refresh successes.
 	internalMetricRefreshSuccess []string = []string{"hcp", "telemetry_config_provider", "refresh", "success"}
-	// defaultTelemetryConfigRefreshInterval is a default fallback in case the first HCP fetch fails.
-	defaultTelemetryConfigRefreshInterval = 1 * time.Minute
 )
 
 // Ensure hcpProviderImpl implements telemetry provider interfaces.
@@ -48,50 +43,47 @@ type hcpProviderImpl struct {
 // dynamicConfig is a set of configurable settings for metrics collection, processing and export.
 // fields MUST be exported to compute hash for equals method.
 type dynamicConfig struct {
-	disabled bool
-	endpoint *url.URL
-	labels   map[string]string
-	filters  *regexp.Regexp
+	Endpoint *url.URL
+	Labels   map[string]string
+	Filters  *regexp.Regexp
 	// refreshInterval controls the interval at which configuration is fetched from HCP to refresh config.
-	refreshInterval time.Duration
+	RefreshInterval time.Duration
 }
 
-// defaultDisabledCfg disables metric collection and contains default config values.
-func defaultDisabledCfg() *dynamicConfig {
-	return &dynamicConfig{
-		labels:          map[string]string{},
-		filters:         client.DefaultMetricFilters,
-		refreshInterval: defaultTelemetryConfigRefreshInterval,
-		endpoint:        nil,
-		disabled:        true,
+// NewHCPProvider initializes and starts a HCP Telemetry provider with provided params.
+func NewHCPProvider(ctx context.Context, hcpClient client.Client, telemetryCfg *client.TelemetryConfig) (*hcpProviderImpl, error) {
+	refreshInterval := telemetryCfg.RefreshConfig.RefreshInterval
+	// refreshInterval must be greater than 0, otherwise time.Ticker panics.
+	if refreshInterval <= 0 {
+		return nil, fmt.Errorf("invalid refresh interval: %d", refreshInterval)
+	}
+
+	cfg := &dynamicConfig{
+		Endpoint:        telemetryCfg.MetricsConfig.Endpoint,
+		Labels:          telemetryCfg.MetricsConfig.Labels,
+		Filters:         telemetryCfg.MetricsConfig.Filters,
+		RefreshInterval: refreshInterval,
 	}
-}
 
-// NewHCPProvider initializes and starts a HCP Telemetry provider.
-func NewHCPProvider(ctx context.Context, hcpClient client.Client) *hcpProviderImpl {
-	h := &hcpProviderImpl{
-		// Initialize with default config values.
-		cfg:       defaultDisabledCfg(),
+	t := &hcpProviderImpl{
+		cfg:       cfg,
 		hcpClient: hcpClient,
 	}
 
-	go h.run(ctx)
+	go t.run(ctx, refreshInterval)
 
-	return h
+	return t, nil
 }
 
 // run continously checks for updates to the telemetry configuration by making a request to HCP.
-func (h *hcpProviderImpl) run(ctx context.Context) {
-	// Try to initialize config once before starting periodic fetch.
-	h.updateConfig(ctx)
-
-	ticker := time.NewTicker(h.cfg.refreshInterval)
+func (h *hcpProviderImpl) run(ctx context.Context, refreshInterval time.Duration) {
+	ticker := time.NewTicker(refreshInterval)
 	defer ticker.Stop()
 	for {
 		select {
 		case <-ticker.C:
-			if newRefreshInterval := h.updateConfig(ctx); newRefreshInterval > 0 {
-				ticker.Reset(newRefreshInterval)
+			if newCfg := h.getUpdate(ctx); newCfg != nil {
+				ticker.Reset(newCfg.RefreshInterval)
 			}
 		case <-ctx.Done():
 			return
@@ -99,8 +91,9 @@ func (h *hcpProviderImpl) run(ctx context.Context) {
 	}
 }
 
-// updateConfig makes a HTTP request to HCP to update metrics configuration held in the provider.
-func (h *hcpProviderImpl) updateConfig(ctx context.Context) time.Duration {
+// getUpdate makes a HTTP request to HCP to return a new metrics configuration
+// and updates the hcpProviderImpl.
+func (h *hcpProviderImpl) getUpdate(ctx context.Context) *dynamicConfig {
 	logger := hclog.FromContext(ctx).Named("telemetry_config_provider")
 
 	ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
@@ -108,18 +101,9 @@ func (h *hcpProviderImpl) updateConfig(ctx context.Context) time.Duration {
 
 	telemetryCfg, err := h.hcpClient.FetchTelemetryConfig(ctx)
 	if err != nil {
-		// Only disable metrics on 404 or 401 to handle the case of an unlinked cluster.
-		// For other errors such as 5XX ones, we continue metrics collection, as these are potentially transient server-side errors.
-		apiErr, ok := err.(*runtime.APIError)
-		if ok && apiErr.IsClientError() {
-			disabledMetricsCfg := defaultDisabledCfg()
-			h.modifyDynamicCfg(disabledMetricsCfg)
-			return disabledMetricsCfg.refreshInterval
-		}
-
 		logger.Error("failed to fetch telemetry config from HCP", "error", err)
 		metrics.IncrCounter(internalMetricRefreshFailure, 1)
-		return 0
+		return nil
 	}
 
 	// newRefreshInterval of 0 or less can cause ticker Reset() panic.
@@ -127,29 +111,24 @@ func (h *hcpProviderImpl) updateConfig(ctx context.Context) time.Duration {
 	if newRefreshInterval <= 0 {
 		logger.Error("invalid refresh interval duration", "refreshInterval", newRefreshInterval)
 		metrics.IncrCounter(internalMetricRefreshFailure, 1)
-		return 0
+		return nil
 	}
 
-	newCfg := &dynamicConfig{
-		filters:         telemetryCfg.MetricsConfig.Filters,
-		endpoint:        telemetryCfg.MetricsConfig.Endpoint,
-		labels:          telemetryCfg.MetricsConfig.Labels,
-		refreshInterval: telemetryCfg.RefreshConfig.RefreshInterval,
-		disabled:        telemetryCfg.MetricsConfig.Disabled,
+	newDynamicConfig := &dynamicConfig{
+		Filters:         telemetryCfg.MetricsConfig.Filters,
+		Endpoint:        telemetryCfg.MetricsConfig.Endpoint,
+		Labels:          telemetryCfg.MetricsConfig.Labels,
+		RefreshInterval: newRefreshInterval,
 	}
 
-	h.modifyDynamicCfg(newCfg)
-
-	return newCfg.refreshInterval
-}
-
-// modifyDynamicCfg acquires a write lock to update new configuration and emits a success metric.
-func (h *hcpProviderImpl) modifyDynamicCfg(newCfg *dynamicConfig) {
+	// Acquire write lock to update new configuration.
 	h.rw.Lock()
-	h.cfg = newCfg
+	h.cfg = newDynamicConfig
 	h.rw.Unlock()
 
 	metrics.IncrCounter(internalMetricRefreshSuccess, 1)
+
+	return newDynamicConfig
 }
 
 // GetEndpoint acquires a read lock to return endpoint configuration for consumers.
@@ -157,7 +136,7 @@ func (h *hcpProviderImpl) GetEndpoint() *url.URL {
 	h.rw.RLock()
 	defer h.rw.RUnlock()
 
-	return h.cfg.endpoint
+	return h.cfg.Endpoint
 }
 
 // GetFilters acquires a read lock to return filters configuration for consumers.
@@ -165,7 +144,7 @@ func (h *hcpProviderImpl) GetFilters() *regexp.Regexp {
 	h.rw.RLock()
 	defer h.rw.RUnlock()
 
-	return h.cfg.filters
+	return h.cfg.Filters
 }
 
 // GetLabels acquires a read lock to return labels configuration for consumers.
@@ -173,13 +152,5 @@ func (h *hcpProviderImpl) GetLabels() map[string]string {
 	h.rw.RLock()
 	defer h.rw.RUnlock()
 
-	return h.cfg.labels
-}
-
-// IsDisabled acquires a read lock and return true if metrics are enabled.
-func (h *hcpProviderImpl) IsDisabled() bool {
-	h.rw.RLock()
-	defer h.rw.RUnlock()
-
-	return h.cfg.disabled
+	return h.cfg.Labels
 }
diff --git a/agent/hcp/telemetry_provider_test.go b/agent/hcp/telemetry_provider_test.go
index 9e6405a516d3..684593b4f38b 100644
--- a/agent/hcp/telemetry_provider_test.go
+++ b/agent/hcp/telemetry_provider_test.go
@@ -1,11 +1,7 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package hcp
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"net/url"
 	"regexp"
@@ -15,7 +11,6 @@ import (
 	"time"
 
 	"github.com/armon/go-metrics"
-	"github.com/go-openapi/runtime"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
@@ -41,49 +36,64 @@ type testConfig struct {
 	endpoint        string
 	labels          map[string]string
 	refreshInterval time.Duration
-	disabled        bool
 }
 
-func TestNewTelemetryConfigProvider_DefaultConfig(t *testing.T) {
+func TestNewTelemetryConfigProvider(t *testing.T) {
 	t.Parallel()
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
+	for name, tc := range map[string]struct {
+		testInputs *testConfig
+		wantErr    string
+	}{
+		"success": {
+			testInputs: &testConfig{
+				refreshInterval: 1 * time.Second,
+			},
+		},
+		"failsWithInvalidRefreshInterval": {
+			testInputs: &testConfig{
+				refreshInterval: 0 * time.Second,
+			},
+			wantErr: "invalid refresh interval",
+		},
+	} {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
 
-	// Initialize new provider, but fail all HCP fetches.
-	mc := client.NewMockClient(t)
-	mc.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, errors.New("failed to fetch config"))
+			ctx, cancel := context.WithCancel(context.Background())
+			defer cancel()
 
-	provider := NewHCPProvider(ctx, mc)
-	provider.updateConfig(ctx)
+			testCfg, err := testTelemetryCfg(tc.testInputs)
+			require.NoError(t, err)
 
-	// Assert provider has default configuration and metrics processing is disabled.
-	defaultCfg := &dynamicConfig{
-		labels:          map[string]string{},
-		filters:         client.DefaultMetricFilters,
-		refreshInterval: defaultTelemetryConfigRefreshInterval,
-		endpoint:        nil,
-		disabled:        true,
+			cfgProvider, err := NewHCPProvider(ctx, client.NewMockClient(t), testCfg)
+			if tc.wantErr != "" {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), tc.wantErr)
+				require.Nil(t, cfgProvider)
+				return
+			}
+			require.NotNil(t, cfgProvider)
+		})
 	}
-	require.Equal(t, defaultCfg, provider.cfg)
 }
 
-func TestTelemetryConfigProvider_UpdateConfig(t *testing.T) {
+func TestTelemetryConfigProviderGetUpdate(t *testing.T) {
 	for name, tc := range map[string]struct {
-		mockExpect       func(*client.MockClient)
-		metricKey        string
-		initCfg          *dynamicConfig
-		expected         *dynamicConfig
-		expectedInterval time.Duration
+		mockExpect func(*client.MockClient)
+		metricKey  string
+		optsInputs *testConfig
+		expected   *testConfig
 	}{
 		"noChanges": {
-			initCfg: testDynamicCfg(&testConfig{
+			optsInputs: &testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				filters:  "test",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				refreshInterval: testRefreshInterval,
-			}),
+			},
 			mockExpect: func(m *client.MockClient) {
 				mockCfg, _ := testTelemetryCfg(&testConfig{
 					endpoint: "http://test.com/v1/metrics",
@@ -95,26 +105,25 @@ func TestTelemetryConfigProvider_UpdateConfig(t *testing.T) {
 				})
 				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mockCfg, nil)
 			},
-			expected: testDynamicCfg(&testConfig{
+			expected: &testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				filters:         "test",
 				refreshInterval: testRefreshInterval,
-			}),
-			metricKey:        testMetricKeySuccess,
-			expectedInterval: testRefreshInterval,
+			},
+			metricKey: testMetricKeySuccess,
 		},
 		"newConfig": {
-			initCfg: testDynamicCfg(&testConfig{
+			optsInputs: &testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				filters:  "test",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				refreshInterval: 2 * time.Second,
-			}),
+			},
 			mockExpect: func(m *client.MockClient) {
 				mockCfg, _ := testTelemetryCfg(&testConfig{
 					endpoint: "http://newendpoint/v1/metrics",
@@ -126,136 +135,83 @@ func TestTelemetryConfigProvider_UpdateConfig(t *testing.T) {
 				})
 				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mockCfg, nil)
 			},
-			expected: testDynamicCfg(&testConfig{
+			expected: &testConfig{
 				endpoint: "http://newendpoint/v1/metrics",
 				filters:  "consul",
 				labels: map[string]string{
 					"new_label": "1234",
 				},
 				refreshInterval: 2 * time.Second,
-			}),
-			expectedInterval: 2 * time.Second,
-			metricKey:        testMetricKeySuccess,
-		},
-		"newConfigMetricsDisabled": {
-			initCfg: testDynamicCfg(&testConfig{
-				endpoint: "http://test.com/v1/metrics",
-				filters:  "test",
-				labels: map[string]string{
-					"test_label": "123",
-				},
-				refreshInterval: 2 * time.Second,
-			}),
-			mockExpect: func(m *client.MockClient) {
-				mockCfg, _ := testTelemetryCfg(&testConfig{
-					endpoint: "",
-					filters:  "consul",
-					labels: map[string]string{
-						"new_label": "1234",
-					},
-					refreshInterval: 2 * time.Second,
-					disabled:        true,
-				})
-				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mockCfg, nil)
 			},
-			expected: testDynamicCfg(&testConfig{
-				endpoint: "",
-				filters:  "consul",
-				labels: map[string]string{
-					"new_label": "1234",
-				},
-				refreshInterval: 2 * time.Second,
-				disabled:        true,
-			}),
-			metricKey:        testMetricKeySuccess,
-			expectedInterval: 2 * time.Second,
+			metricKey: testMetricKeySuccess,
 		},
 		"sameConfigInvalidRefreshInterval": {
-			initCfg: testDynamicCfg(&testConfig{
+			optsInputs: &testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				filters:  "test",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				refreshInterval: testRefreshInterval,
-			}),
+			},
 			mockExpect: func(m *client.MockClient) {
 				mockCfg, _ := testTelemetryCfg(&testConfig{
 					refreshInterval: 0 * time.Second,
 				})
 				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(mockCfg, nil)
 			},
-			expected: testDynamicCfg(&testConfig{
+			expected: &testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				filters:         "test",
 				refreshInterval: testRefreshInterval,
-			}),
-			metricKey:        testMetricKeyFailure,
-			expectedInterval: 0,
+			},
+			metricKey: testMetricKeyFailure,
 		},
 		"sameConfigHCPClientFailure": {
-			initCfg: testDynamicCfg(&testConfig{
+			optsInputs: &testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				filters:  "test",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				refreshInterval: testRefreshInterval,
-			}),
+			},
 			mockExpect: func(m *client.MockClient) {
 				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, fmt.Errorf("failure"))
 			},
-			expected: testDynamicCfg(&testConfig{
-				endpoint: "http://test.com/v1/metrics",
-				filters:  "test",
-				labels: map[string]string{
-					"test_label": "123",
-				},
-				refreshInterval: testRefreshInterval,
-			}),
-			metricKey:        testMetricKeyFailure,
-			expectedInterval: 0,
-		},
-		"disableMetrics404": {
-			initCfg: testDynamicCfg(&testConfig{
+			expected: &testConfig{
 				endpoint: "http://test.com/v1/metrics",
 				filters:  "test",
 				labels: map[string]string{
 					"test_label": "123",
 				},
 				refreshInterval: testRefreshInterval,
-			}),
-			mockExpect: func(m *client.MockClient) {
-				err := runtime.NewAPIError("404 failure", nil, 404)
-				m.EXPECT().FetchTelemetryConfig(mock.Anything).Return(nil, err)
 			},
-			expected:         defaultDisabledCfg(),
-			metricKey:        testMetricKeySuccess,
-			expectedInterval: defaultTelemetryConfigRefreshInterval,
+			metricKey: testMetricKeyFailure,
 		},
 	} {
-		tc := tc
 		t.Run(name, func(t *testing.T) {
 			sink := initGlobalSink()
 			mockClient := client.NewMockClient(t)
 			tc.mockExpect(mockClient)
 
+			dynamicCfg, err := testDynamicCfg(tc.optsInputs)
+			require.NoError(t, err)
+
 			provider := &hcpProviderImpl{
 				hcpClient: mockClient,
-				cfg:       tc.initCfg,
+				cfg:       dynamicCfg,
 			}
 
-			newInterval := provider.updateConfig(context.Background())
-			require.Equal(t, tc.expectedInterval, newInterval)
+			provider.getUpdate(context.Background())
 
 			// Verify endpoint provider returns correct config values.
-			require.Equal(t, tc.expected.endpoint, provider.GetEndpoint())
-			require.Equal(t, tc.expected.filters, provider.GetFilters())
+			require.Equal(t, tc.expected.endpoint, provider.GetEndpoint().String())
+			require.Equal(t, tc.expected.filters, provider.GetFilters().String())
 			require.Equal(t, tc.expected.labels, provider.GetLabels())
-			require.Equal(t, tc.expected.disabled, provider.IsDisabled())
 
 			// Verify count for transform success metric.
 			interval := sink.Data()[0]
@@ -333,7 +289,8 @@ func TestTelemetryConfigProvider_Race(t *testing.T) {
 	}
 
 	// Start the provider goroutine, which fetches client TelemetryConfig every RefreshInterval.
-	provider := NewHCPProvider(ctx, m)
+	provider, err := NewHCPProvider(ctx, m, m.cfg)
+	require.NoError(t, err)
 
 	for count := 0; count < testRaceWriteSampleCount; count++ {
 		// Force a TelemetryConfig value change in the mockRaceClient.
@@ -341,7 +298,7 @@ func TestTelemetryConfigProvider_Race(t *testing.T) {
 		require.NoError(t, err)
 		// Force provider to obtain new client TelemetryConfig immediately.
 		// This call is necessary to guarantee TelemetryConfig changes to assert on expected values below.
-		provider.updateConfig(context.Background())
+		provider.getUpdate(context.Background())
 
 		// Start goroutines to access label configuration.
 		wg := &sync.WaitGroup{}
@@ -385,20 +342,22 @@ func initGlobalSink() *metrics.InmemSink {
 }
 
 // testDynamicCfg converts testConfig inputs to a dynamicConfig to be used in tests.
-func testDynamicCfg(testCfg *testConfig) *dynamicConfig {
-	filters, _ := regexp.Compile(testCfg.filters)
+func testDynamicCfg(testCfg *testConfig) (*dynamicConfig, error) {
+	filters, err := regexp.Compile(testCfg.filters)
+	if err != nil {
+		return nil, err
+	}
 
-	var endpoint *url.URL
-	if testCfg.endpoint != "" {
-		endpoint, _ = url.Parse(testCfg.endpoint)
+	endpoint, err := url.Parse(testCfg.endpoint)
+	if err != nil {
+		return nil, err
 	}
 	return &dynamicConfig{
-		endpoint:        endpoint,
-		filters:         filters,
-		labels:          testCfg.labels,
-		refreshInterval: testCfg.refreshInterval,
-		disabled:        testCfg.disabled,
-	}
+		Endpoint:        endpoint,
+		Filters:         filters,
+		Labels:          testCfg.labels,
+		RefreshInterval: testCfg.refreshInterval,
+	}, nil
 }
 
 // testTelemetryCfg converts testConfig inputs to a TelemetryConfig to be used in tests.
@@ -408,21 +367,15 @@ func testTelemetryCfg(testCfg *testConfig) (*client.TelemetryConfig, error) {
 		return nil, err
 	}
 
-	var endpoint *url.URL
-	if testCfg.endpoint != "" {
-		u, err := url.Parse(testCfg.endpoint)
-		if err != nil {
-			return nil, err
-		}
-		endpoint = u
+	endpoint, err := url.Parse(testCfg.endpoint)
+	if err != nil {
+		return nil, err
 	}
-
 	return &client.TelemetryConfig{
 		MetricsConfig: &client.MetricsConfig{
 			Endpoint: endpoint,
 			Filters:  filters,
 			Labels:   testCfg.labels,
-			Disabled: testCfg.disabled,
 		},
 		RefreshConfig: &client.RefreshConfig{
 			RefreshInterval: testCfg.refreshInterval,
diff --git a/agent/hcp/testing.go b/agent/hcp/testing.go
index 30f7ba7bcdeb..94f3122c33d2 100644
--- a/agent/hcp/testing.go
+++ b/agent/hcp/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package hcp
 
diff --git a/agent/hcp/testserver/main.go b/agent/hcp/testserver/main.go
index e0db7670ef99..ffdd4cac51af 100644
--- a/agent/hcp/testserver/main.go
+++ b/agent/hcp/testserver/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package main
 
diff --git a/agent/health_endpoint.go b/agent/health_endpoint.go
index 3b888988d273..ea3d315f6b8b 100644
--- a/agent/health_endpoint.go
+++ b/agent/health_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/health_endpoint_test.go b/agent/health_endpoint_test.go
index 021a269b8a09..3a589be0d78b 100644
--- a/agent/health_endpoint_test.go
+++ b/agent/health_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/http.go b/agent/http.go
index 982e784c76b7..32010c343a6c 100644
--- a/agent/http.go
+++ b/agent/http.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -36,7 +36,6 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/uiserver"
 	"github.com/hashicorp/consul/api"
-	resourcehttp "github.com/hashicorp/consul/internal/resource/http"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/logging"
 	"github.com/hashicorp/consul/proto/private/pbcommon"
@@ -260,17 +259,6 @@ func (s *HTTPHandlers) handler() http.Handler {
 	handlePProf("/debug/pprof/symbol", pprof.Symbol)
 	handlePProf("/debug/pprof/trace", pprof.Trace)
 
-	mux.Handle("/api/",
-		http.StripPrefix("/api",
-			resourcehttp.NewHandler(
-				s.agent.delegate.ResourceServiceClient(),
-				s.agent.baseDeps.Registry,
-				s.parseToken,
-				s.agent.logger.Named(logging.HTTP),
-			),
-		),
-	)
-
 	if s.IsUIEnabled() {
 		// Note that we _don't_ support reloading ui_config.{enabled, content_dir,
 		// content_path} since this only runs at initial startup.
@@ -616,9 +604,7 @@ func (s *HTTPHandlers) marshalJSON(req *http.Request, obj interface{}) ([]byte,
 		if err != nil {
 			return nil, err
 		}
-		if ok {
-			buf = append(buf, "\n"...)
-		}
+		buf = append(buf, "\n"...)
 		return buf, nil
 	}
 
diff --git a/agent/http_ce.go b/agent/http_ce.go
index 09a03c706246..d9c233226c49 100644
--- a/agent/http_ce.go
+++ b/agent/http_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/http_ce_test.go b/agent/http_ce_test.go
index ea1d2af61d7a..bf085ca8c29c 100644
--- a/agent/http_ce_test.go
+++ b/agent/http_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/http_decode_test.go b/agent/http_decode_test.go
index 6aece784c0b2..03d1b9191fa7 100644
--- a/agent/http_decode_test.go
+++ b/agent/http_decode_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/http_register.go b/agent/http_register.go
index bc2551ec000d..b3f0dfea3f3a 100644
--- a/agent/http_register.go
+++ b/agent/http_register.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/http_test.go b/agent/http_test.go
index 83510d9c06e0..99100c5fbc8e 100644
--- a/agent/http_test.go
+++ b/agent/http_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/intentions_endpoint.go b/agent/intentions_endpoint.go
index 4f0b188a0cc4..2353c5bdac2e 100644
--- a/agent/intentions_endpoint.go
+++ b/agent/intentions_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/intentions_endpoint_ce_test.go b/agent/intentions_endpoint_ce_test.go
index 6b5314de099f..fb6a47f5e53d 100644
--- a/agent/intentions_endpoint_ce_test.go
+++ b/agent/intentions_endpoint_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/intentions_endpoint_test.go b/agent/intentions_endpoint_test.go
index b1309feb9d2c..161b8b5139d5 100644
--- a/agent/intentions_endpoint_test.go
+++ b/agent/intentions_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/keyring.go b/agent/keyring.go
index f30680774b34..3d96880f03aa 100644
--- a/agent/keyring.go
+++ b/agent/keyring.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/keyring_test.go b/agent/keyring_test.go
index 1a9332a8a739..7ce5d2cd4b93 100644
--- a/agent/keyring_test.go
+++ b/agent/keyring_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/kvs_endpoint.go b/agent/kvs_endpoint.go
index e60567cd5b80..d5ad8cabc3de 100644
--- a/agent/kvs_endpoint.go
+++ b/agent/kvs_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/kvs_endpoint_test.go b/agent/kvs_endpoint_test.go
index 2b3563000815..6ea5efced20d 100644
--- a/agent/kvs_endpoint_test.go
+++ b/agent/kvs_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/leafcert/cached_roots.go b/agent/leafcert/cached_roots.go
index aaf768a2fb8e..b973b6dc660c 100644
--- a/agent/leafcert/cached_roots.go
+++ b/agent/leafcert/cached_roots.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/cert.go b/agent/leafcert/cert.go
index b6236a4a14ac..023068573775 100644
--- a/agent/leafcert/cert.go
+++ b/agent/leafcert/cert.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/generate.go b/agent/leafcert/generate.go
index 9551e760b1fc..0e397cdc2d52 100644
--- a/agent/leafcert/generate.go
+++ b/agent/leafcert/generate.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/leafcert.go b/agent/leafcert/leafcert.go
index 5b1cd6b9be3b..9cd0c08db13d 100644
--- a/agent/leafcert/leafcert.go
+++ b/agent/leafcert/leafcert.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/leafcert_test.go b/agent/leafcert/leafcert_test.go
index 0b523523e473..0db683a816e1 100644
--- a/agent/leafcert/leafcert_test.go
+++ b/agent/leafcert/leafcert_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/roots.go b/agent/leafcert/roots.go
index 161b0d0a041c..7f95e0578dcc 100644
--- a/agent/leafcert/roots.go
+++ b/agent/leafcert/roots.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/signer_netrpc.go b/agent/leafcert/signer_netrpc.go
index 0e1a7a7487f8..2d6b490a9ea8 100644
--- a/agent/leafcert/signer_netrpc.go
+++ b/agent/leafcert/signer_netrpc.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/signer_test.go b/agent/leafcert/signer_test.go
index ad385f8c72a1..21e3388f5a1c 100644
--- a/agent/leafcert/signer_test.go
+++ b/agent/leafcert/signer_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/structs.go b/agent/leafcert/structs.go
index 7ad11a0869a5..531d35c897e6 100644
--- a/agent/leafcert/structs.go
+++ b/agent/leafcert/structs.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/structs_test.go b/agent/leafcert/structs_test.go
index 6a8e03470031..bb131f10ed7c 100644
--- a/agent/leafcert/structs_test.go
+++ b/agent/leafcert/structs_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/util.go b/agent/leafcert/util.go
index 795aa62ac11c..a7453df37b4f 100644
--- a/agent/leafcert/util.go
+++ b/agent/leafcert/util.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/util_test.go b/agent/leafcert/util_test.go
index 0716a9af88f2..be89ad5936c1 100644
--- a/agent/leafcert/util_test.go
+++ b/agent/leafcert/util_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/leafcert/watch.go b/agent/leafcert/watch.go
index fe745f916d14..62a7260c4287 100644
--- a/agent/leafcert/watch.go
+++ b/agent/leafcert/watch.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package leafcert
 
 import (
diff --git a/agent/local/state.go b/agent/local/state.go
index 67e72aece0b4..6cd5b0c82a58 100644
--- a/agent/local/state.go
+++ b/agent/local/state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package local
 
diff --git a/agent/local/state_internal_test.go b/agent/local/state_internal_test.go
index 61fc2c0273a8..ba68e20f287a 100644
--- a/agent/local/state_internal_test.go
+++ b/agent/local/state_internal_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package local
 
diff --git a/agent/local/state_test.go b/agent/local/state_test.go
index ced73201e72b..4751352ec1c8 100644
--- a/agent/local/state_test.go
+++ b/agent/local/state_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package local_test
 
diff --git a/agent/local/testing.go b/agent/local/testing.go
index 5e9ae15ac376..5303cb6b0c4a 100644
--- a/agent/local/testing.go
+++ b/agent/local/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package local
 
diff --git a/agent/log-drop/log-drop.go b/agent/log-drop/log-drop.go
index ea08f88d890b..54bc09c5a8c3 100644
--- a/agent/log-drop/log-drop.go
+++ b/agent/log-drop/log-drop.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logdrop
 
diff --git a/agent/log-drop/log-drop_test.go b/agent/log-drop/log-drop_test.go
index c050a734be4a..fdb61a059e52 100644
--- a/agent/log-drop/log-drop_test.go
+++ b/agent/log-drop/log-drop_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logdrop
 
diff --git a/agent/metadata/build.go b/agent/metadata/build.go
index 76a432d9a380..b50fa96acc7a 100644
--- a/agent/metadata/build.go
+++ b/agent/metadata/build.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package metadata
 
diff --git a/agent/metadata/build_test.go b/agent/metadata/build_test.go
index 888b9b0210c4..4688db2e1850 100644
--- a/agent/metadata/build_test.go
+++ b/agent/metadata/build_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package metadata
 
diff --git a/agent/metadata/server.go b/agent/metadata/server.go
index 2e626787bdff..64c993690989 100644
--- a/agent/metadata/server.go
+++ b/agent/metadata/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package metadata
 
diff --git a/agent/metadata/server_internal_test.go b/agent/metadata/server_internal_test.go
index bb0561ab2d19..5f3d47724ee9 100644
--- a/agent/metadata/server_internal_test.go
+++ b/agent/metadata/server_internal_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package metadata
 
diff --git a/agent/metadata/server_test.go b/agent/metadata/server_test.go
index 78b16f2599b2..8ee63fa3b413 100644
--- a/agent/metadata/server_test.go
+++ b/agent/metadata/server_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package metadata_test
 
diff --git a/agent/metrics.go b/agent/metrics.go
index 58f9e3c829e1..d9294eb25cb9 100644
--- a/agent/metrics.go
+++ b/agent/metrics.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/metrics/testing.go b/agent/metrics/testing.go
index 3663d6834c16..0fc3455ab5e7 100644
--- a/agent/metrics/testing.go
+++ b/agent/metrics/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package metrics
 
diff --git a/agent/metrics_test.go b/agent/metrics_test.go
index 41013b3c7069..76da0e55f292 100644
--- a/agent/metrics_test.go
+++ b/agent/metrics_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/mock/notify.go b/agent/mock/notify.go
index 00dc9a3864a7..1aa700b31d2d 100644
--- a/agent/mock/notify.go
+++ b/agent/mock/notify.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package mock
 
diff --git a/agent/nodeid.go b/agent/nodeid.go
index c2192fac9123..1e5823aef7c6 100644
--- a/agent/nodeid.go
+++ b/agent/nodeid.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/nodeid_test.go b/agent/nodeid_test.go
index 73ce601249db..d48889bf6d8d 100644
--- a/agent/nodeid_test.go
+++ b/agent/nodeid_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/notify.go b/agent/notify.go
index 80a150b19413..eec501f098ad 100644
--- a/agent/notify.go
+++ b/agent/notify.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/notify_test.go b/agent/notify_test.go
index f256ee319ce7..fe08800ae2ec 100644
--- a/agent/notify_test.go
+++ b/agent/notify_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/operator_endpoint.go b/agent/operator_endpoint.go
index f669c13bd5ca..099f3dcfe4b0 100644
--- a/agent/operator_endpoint.go
+++ b/agent/operator_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/operator_endpoint_ce.go b/agent/operator_endpoint_ce.go
index d97e6422616f..cf2ba2a2027d 100644
--- a/agent/operator_endpoint_ce.go
+++ b/agent/operator_endpoint_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/operator_endpoint_ce_test.go b/agent/operator_endpoint_ce_test.go
index 0086a56065ca..f4de46f9050c 100644
--- a/agent/operator_endpoint_ce_test.go
+++ b/agent/operator_endpoint_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/operator_endpoint_test.go b/agent/operator_endpoint_test.go
index ffe5c1a53abe..4d90dbb2249e 100644
--- a/agent/operator_endpoint_test.go
+++ b/agent/operator_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/peering_endpoint.go b/agent/peering_endpoint.go
index 2d5cab92be2e..a1fbd009acc6 100644
--- a/agent/peering_endpoint.go
+++ b/agent/peering_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/peering_endpoint_ce_test.go b/agent/peering_endpoint_ce_test.go
index f435ca331052..b0395ea96839 100644
--- a/agent/peering_endpoint_ce_test.go
+++ b/agent/peering_endpoint_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/peering_endpoint_test.go b/agent/peering_endpoint_test.go
index ba3b704b8b5a..7ec63c1cd73e 100644
--- a/agent/peering_endpoint_test.go
+++ b/agent/peering_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/pool/conn.go b/agent/pool/conn.go
index 24d4c2cba4dc..45a2c0948617 100644
--- a/agent/pool/conn.go
+++ b/agent/pool/conn.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pool
 
diff --git a/agent/pool/peek.go b/agent/pool/peek.go
index b631134341d9..d6557bb23db8 100644
--- a/agent/pool/peek.go
+++ b/agent/pool/peek.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pool
 
diff --git a/agent/pool/peek_test.go b/agent/pool/peek_test.go
index 29fbe9d4ab72..cb53c421f9c2 100644
--- a/agent/pool/peek_test.go
+++ b/agent/pool/peek_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pool
 
diff --git a/agent/pool/pool.go b/agent/pool/pool.go
index 899cefe2e974..cadb0e4af4ec 100644
--- a/agent/pool/pool.go
+++ b/agent/pool/pool.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pool
 
diff --git a/agent/prepared_query_endpoint.go b/agent/prepared_query_endpoint.go
index 15ab1005e48b..8d5f9fdc5313 100644
--- a/agent/prepared_query_endpoint.go
+++ b/agent/prepared_query_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/prepared_query_endpoint_test.go b/agent/prepared_query_endpoint_test.go
index 07e4b8e68c70..f96c43ad8b90 100644
--- a/agent/prepared_query_endpoint_test.go
+++ b/agent/prepared_query_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/proxycfg-glue/config_entry.go b/agent/proxycfg-glue/config_entry.go
index 3a79e228277d..cd86d91e1e91 100644
--- a/agent/proxycfg-glue/config_entry.go
+++ b/agent/proxycfg-glue/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/discovery_chain.go b/agent/proxycfg-glue/discovery_chain.go
index 518467492d7c..3b322e6b334f 100644
--- a/agent/proxycfg-glue/discovery_chain.go
+++ b/agent/proxycfg-glue/discovery_chain.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/discovery_chain_test.go b/agent/proxycfg-glue/discovery_chain_test.go
index e4156667d36b..60d48537c684 100644
--- a/agent/proxycfg-glue/discovery_chain_test.go
+++ b/agent/proxycfg-glue/discovery_chain_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/exported_peered_services.go b/agent/proxycfg-glue/exported_peered_services.go
index 1b9260045171..8637891f1556 100644
--- a/agent/proxycfg-glue/exported_peered_services.go
+++ b/agent/proxycfg-glue/exported_peered_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/exported_peered_services_test.go b/agent/proxycfg-glue/exported_peered_services_test.go
index 91b42323fab8..a2b99d4d25b5 100644
--- a/agent/proxycfg-glue/exported_peered_services_test.go
+++ b/agent/proxycfg-glue/exported_peered_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/federation_state_list_mesh_gateways.go b/agent/proxycfg-glue/federation_state_list_mesh_gateways.go
index c34303552c0a..f5f32f1c01cb 100644
--- a/agent/proxycfg-glue/federation_state_list_mesh_gateways.go
+++ b/agent/proxycfg-glue/federation_state_list_mesh_gateways.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go b/agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go
index baf477f4340b..fd73e19aaf69 100644
--- a/agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go
+++ b/agent/proxycfg-glue/federation_state_list_mesh_gateways_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/gateway_services.go b/agent/proxycfg-glue/gateway_services.go
index 555b1d538535..24f4087eea81 100644
--- a/agent/proxycfg-glue/gateway_services.go
+++ b/agent/proxycfg-glue/gateway_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/gateway_services_test.go b/agent/proxycfg-glue/gateway_services_test.go
index ff89a62c92e4..eb853bd7b49e 100644
--- a/agent/proxycfg-glue/gateway_services_test.go
+++ b/agent/proxycfg-glue/gateway_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go
index 8f23bf458ea7..817e151b9500 100644
--- a/agent/proxycfg-glue/glue.go
+++ b/agent/proxycfg-glue/glue.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
@@ -52,6 +52,9 @@ type Store interface {
 	PeeringTrustBundleList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error)
 	TrustBundleListByService(ws memdb.WatchSet, service, dc string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error)
 	VirtualIPsForAllImportedServices(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []state.ServiceVirtualIP, error)
+	CheckConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error)
+	CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error)
+	CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error)
 }
 
 // CacheCARoots satisfies the proxycfg.CARoots interface by sourcing data from
diff --git a/agent/proxycfg-glue/health.go b/agent/proxycfg-glue/health.go
index 6acf5b702302..f0808da978ce 100644
--- a/agent/proxycfg-glue/health.go
+++ b/agent/proxycfg-glue/health.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/health_blocking.go b/agent/proxycfg-glue/health_blocking.go
index 181605298aa8..3504e050aa70 100644
--- a/agent/proxycfg-glue/health_blocking.go
+++ b/agent/proxycfg-glue/health_blocking.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
@@ -12,7 +12,6 @@ import (
 	"github.com/hashicorp/go-memdb"
 
 	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/agent/consul/state"
 	"github.com/hashicorp/consul/agent/consul/watch"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
@@ -39,14 +38,13 @@ import (
 // because proxycfg has a `req.Source.Node != ""` which prevents the `streamingEnabled` check from passing.
 // This means that while agents should technically have this same issue, they don't experience it with mesh health
 // watches.
-func ServerHealthBlocking(deps ServerDataSourceDeps, remoteSource proxycfg.Health, state *state.Store) *serverHealthBlocking {
-	return &serverHealthBlocking{deps, remoteSource, state, 5 * time.Minute}
+func ServerHealthBlocking(deps ServerDataSourceDeps, remoteSource proxycfg.Health) *serverHealthBlocking {
+	return &serverHealthBlocking{deps, remoteSource, 5 * time.Minute}
 }
 
 type serverHealthBlocking struct {
 	deps         ServerDataSourceDeps
 	remoteSource proxycfg.Health
-	state        *state.Store
 	watchTimeout time.Duration
 }
 
@@ -66,7 +64,7 @@ func (h *serverHealthBlocking) Notify(ctx context.Context, args *structs.Service
 	}
 
 	// Determine the function we'll call
-	var f func(memdb.WatchSet, *state.Store, *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error)
+	var f func(memdb.WatchSet, Store, *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error)
 	switch {
 	case args.Connect:
 		f = serviceNodesConnect
@@ -108,6 +106,12 @@ func (h *serverHealthBlocking) Notify(ctx context.Context, args *structs.Service
 					// their data, rather than holding onto the last-known list of healthy nodes indefinitely.
 					if hadResults {
 						hadResults = false
+						h.deps.Logger.Debug("serverHealthBlocking emitting zero check-service-nodes due to insufficient ACL privileges",
+							"serviceName", structs.NewServiceName(args.ServiceName, &args.EnterpriseMeta),
+							"correlationID", correlationID,
+							"connect", args.Connect,
+							"ingress", args.Ingress,
+						)
 						return 0, &structs.IndexedCheckServiceNodes{}, watch.ErrorACLResetData
 					}
 					return 0, nil, acl.ErrPermissionDenied
@@ -115,7 +119,7 @@ func (h *serverHealthBlocking) Notify(ctx context.Context, args *structs.Service
 			}
 
 			var thisReply structs.IndexedCheckServiceNodes
-			thisReply.Index, thisReply.Nodes, err = f(ws, h.state, args)
+			thisReply.Index, thisReply.Nodes, err = f(ws, store, args)
 			if err != nil {
 				return 0, nil, err
 			}
@@ -134,6 +138,13 @@ func (h *serverHealthBlocking) Notify(ctx context.Context, args *structs.Service
 			}
 
 			hadResults = true
+			h.deps.Logger.Trace("serverHealthBlocking emitting check-service-nodes",
+				"serviceName", structs.NewServiceName(args.ServiceName, &args.EnterpriseMeta),
+				"correlationID", correlationID,
+				"connect", args.Connect,
+				"ingress", args.Ingress,
+				"nodes", len(thisReply.Nodes),
+			)
 			return thisReply.Index, &thisReply, nil
 		},
 		dispatchBlockingQueryUpdate[*structs.IndexedCheckServiceNodes](ch),
@@ -151,14 +162,14 @@ func (h *serverHealthBlocking) filterACL(authz *acl.AuthorizerContext, token str
 	return nil
 }
 
-func serviceNodesConnect(ws memdb.WatchSet, s *state.Store, args *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error) {
+func serviceNodesConnect(ws memdb.WatchSet, s Store, args *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error) {
 	return s.CheckConnectServiceNodes(ws, args.ServiceName, &args.EnterpriseMeta, args.PeerName)
 }
 
-func serviceNodesIngress(ws memdb.WatchSet, s *state.Store, args *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error) {
+func serviceNodesIngress(ws memdb.WatchSet, s Store, args *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error) {
 	return s.CheckIngressServiceNodes(ws, args.ServiceName, &args.EnterpriseMeta)
 }
 
-func serviceNodesDefault(ws memdb.WatchSet, s *state.Store, args *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error) {
+func serviceNodesDefault(ws memdb.WatchSet, s Store, args *structs.ServiceSpecificRequest) (uint64, structs.CheckServiceNodes, error) {
 	return s.CheckServiceNodes(ws, args.ServiceName, &args.EnterpriseMeta, args.PeerName)
 }
diff --git a/agent/proxycfg-glue/health_blocking_test.go b/agent/proxycfg-glue/health_blocking_test.go
index c64381b7fd7f..461cd726bc5e 100644
--- a/agent/proxycfg-glue/health_blocking_test.go
+++ b/agent/proxycfg-glue/health_blocking_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package proxycfgglue
 
 import (
@@ -30,8 +27,7 @@ func TestServerHealthBlocking(t *testing.T) {
 		remoteSource := newMockHealth(t)
 		remoteSource.On("Notify", ctx, req, correlationID, ch).Return(result)
 
-		store := state.NewStateStore(nil)
-		dataSource := ServerHealthBlocking(ServerDataSourceDeps{Datacenter: "dc1"}, remoteSource, store)
+		dataSource := ServerHealthBlocking(ServerDataSourceDeps{Datacenter: "dc1"}, remoteSource)
 		err := dataSource.Notify(ctx, req, correlationID, ch)
 		require.Equal(t, result, err)
 	})
@@ -52,7 +48,7 @@ func TestServerHealthBlocking(t *testing.T) {
 			Datacenter:  datacenter,
 			ACLResolver: aclResolver,
 			Logger:      testutil.Logger(t),
-		}, nil, store)
+		}, nil)
 		dataSource.watchTimeout = 1 * time.Second
 
 		// Watch for all events
diff --git a/agent/proxycfg-glue/health_test.go b/agent/proxycfg-glue/health_test.go
index 821e22a78908..6f5702ca19c8 100644
--- a/agent/proxycfg-glue/health_test.go
+++ b/agent/proxycfg-glue/health_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/helpers_test.go b/agent/proxycfg-glue/helpers_test.go
index 3c7eb5b7ad15..0d8bd8c9660d 100644
--- a/agent/proxycfg-glue/helpers_test.go
+++ b/agent/proxycfg-glue/helpers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/intention_upstreams.go b/agent/proxycfg-glue/intention_upstreams.go
index dc6731372271..07a12c4ddb6c 100644
--- a/agent/proxycfg-glue/intention_upstreams.go
+++ b/agent/proxycfg-glue/intention_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/intention_upstreams_test.go b/agent/proxycfg-glue/intention_upstreams_test.go
index bfaeb55b3864..3028524eb0f2 100644
--- a/agent/proxycfg-glue/intention_upstreams_test.go
+++ b/agent/proxycfg-glue/intention_upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/intentions.go b/agent/proxycfg-glue/intentions.go
index f3186c6689ab..517605432596 100644
--- a/agent/proxycfg-glue/intentions.go
+++ b/agent/proxycfg-glue/intentions.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/intentions_ce.go b/agent/proxycfg-glue/intentions_ce.go
index d4bdef266e09..bd1823adb192 100644
--- a/agent/proxycfg-glue/intentions_ce.go
+++ b/agent/proxycfg-glue/intentions_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg-glue/intentions_test.go b/agent/proxycfg-glue/intentions_test.go
index 0e1ab1091886..07d3a8067e34 100644
--- a/agent/proxycfg-glue/intentions_test.go
+++ b/agent/proxycfg-glue/intentions_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/internal_service_dump.go b/agent/proxycfg-glue/internal_service_dump.go
index d1c701083d52..e41dc020b1d0 100644
--- a/agent/proxycfg-glue/internal_service_dump.go
+++ b/agent/proxycfg-glue/internal_service_dump.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/internal_service_dump_test.go b/agent/proxycfg-glue/internal_service_dump_test.go
index 1eba4c043828..a6e6c3b02860 100644
--- a/agent/proxycfg-glue/internal_service_dump_test.go
+++ b/agent/proxycfg-glue/internal_service_dump_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/leafcerts.go b/agent/proxycfg-glue/leafcerts.go
index b805586a154a..24631ffc3113 100644
--- a/agent/proxycfg-glue/leafcerts.go
+++ b/agent/proxycfg-glue/leafcerts.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/peered_upstreams.go b/agent/proxycfg-glue/peered_upstreams.go
index f345c26df572..df38b3f0daf4 100644
--- a/agent/proxycfg-glue/peered_upstreams.go
+++ b/agent/proxycfg-glue/peered_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/peered_upstreams_test.go b/agent/proxycfg-glue/peered_upstreams_test.go
index 026fd67a3455..b0e7c0d8f83c 100644
--- a/agent/proxycfg-glue/peered_upstreams_test.go
+++ b/agent/proxycfg-glue/peered_upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/peering_list.go b/agent/proxycfg-glue/peering_list.go
index 6e7a78c707f1..219bf9b95529 100644
--- a/agent/proxycfg-glue/peering_list.go
+++ b/agent/proxycfg-glue/peering_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/peering_list_test.go b/agent/proxycfg-glue/peering_list_test.go
index 575d161b4e5d..f570dbbcc2a8 100644
--- a/agent/proxycfg-glue/peering_list_test.go
+++ b/agent/proxycfg-glue/peering_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/resolved_service_config.go b/agent/proxycfg-glue/resolved_service_config.go
index 11654cd767b2..89611bbc0711 100644
--- a/agent/proxycfg-glue/resolved_service_config.go
+++ b/agent/proxycfg-glue/resolved_service_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/resolved_service_config_test.go b/agent/proxycfg-glue/resolved_service_config_test.go
index 248ab4eab363..60d39eec205f 100644
--- a/agent/proxycfg-glue/resolved_service_config_test.go
+++ b/agent/proxycfg-glue/resolved_service_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/service_http_checks.go b/agent/proxycfg-glue/service_http_checks.go
index 2d0a9dfcff51..45521f712ae8 100644
--- a/agent/proxycfg-glue/service_http_checks.go
+++ b/agent/proxycfg-glue/service_http_checks.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/service_http_checks_test.go b/agent/proxycfg-glue/service_http_checks_test.go
index 87bdfc7abe60..cfe28c7e89f9 100644
--- a/agent/proxycfg-glue/service_http_checks_test.go
+++ b/agent/proxycfg-glue/service_http_checks_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/service_list.go b/agent/proxycfg-glue/service_list.go
index f4a9380df715..418103aef6fe 100644
--- a/agent/proxycfg-glue/service_list.go
+++ b/agent/proxycfg-glue/service_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/service_list_test.go b/agent/proxycfg-glue/service_list_test.go
index c6372aaf4ea1..154c1300a327 100644
--- a/agent/proxycfg-glue/service_list_test.go
+++ b/agent/proxycfg-glue/service_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/trust_bundle.go b/agent/proxycfg-glue/trust_bundle.go
index f623d2a5555c..108e7ea9f9ae 100644
--- a/agent/proxycfg-glue/trust_bundle.go
+++ b/agent/proxycfg-glue/trust_bundle.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-glue/trust_bundle_test.go b/agent/proxycfg-glue/trust_bundle_test.go
index e2082e3d240b..da77e32a56e8 100644
--- a/agent/proxycfg-glue/trust_bundle_test.go
+++ b/agent/proxycfg-glue/trust_bundle_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfgglue
 
diff --git a/agent/proxycfg-sources/catalog/config_source.go b/agent/proxycfg-sources/catalog/config_source.go
index 9ded9aa7fd4e..3fbca88de508 100644
--- a/agent/proxycfg-sources/catalog/config_source.go
+++ b/agent/proxycfg-sources/catalog/config_source.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package catalog
 
@@ -17,8 +17,6 @@ import (
 	"github.com/hashicorp/consul/agent/local"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 const source proxycfg.ProxySource = "catalog"
@@ -50,13 +48,11 @@ func NewConfigSource(cfg Config) *ConfigSource {
 
 // Watch wraps the underlying proxycfg.Manager and dynamically registers
 // services from the catalog with it when requested by the xDS server.
-func (m *ConfigSource) Watch(id *pbresource.ID, nodeName string, token string) (<-chan proxysnapshot.ProxySnapshot, limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error) {
-	// Create service ID
-	serviceID := structs.NewServiceID(id.Name, GetEnterpriseMetaFromResourceID(id))
+func (m *ConfigSource) Watch(serviceID structs.ServiceID, nodeName string, token string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
 	// If the service is registered to the local agent, use the LocalConfigSource
 	// rather than trying to configure it from the catalog.
 	if nodeName == m.NodeName && m.LocalState.ServiceExists(serviceID) {
-		return m.LocalConfigSource.Watch(id, nodeName, token)
+		return m.LocalConfigSource.Watch(serviceID, nodeName, token)
 	}
 
 	// Begin a session with the xDS session concurrency limiter.
@@ -280,7 +276,7 @@ type Config struct {
 
 //go:generate mockery --name ConfigManager --inpackage
 type ConfigManager interface {
-	Watch(req proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc)
+	Watch(req proxycfg.ProxyID) (<-chan *proxycfg.ConfigSnapshot, proxycfg.CancelFunc)
 	Register(proxyID proxycfg.ProxyID, service *structs.NodeService, source proxycfg.ProxySource, token string, overwrite bool) error
 	Deregister(proxyID proxycfg.ProxyID, source proxycfg.ProxySource)
 }
@@ -293,11 +289,10 @@ type Store interface {
 
 //go:generate mockery --name Watcher --inpackage
 type Watcher interface {
-	Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxysnapshot.ProxySnapshot, limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error)
+	Watch(proxyID structs.ServiceID, nodeName string, token string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error)
 }
 
 //go:generate mockery --name SessionLimiter --inpackage
 type SessionLimiter interface {
 	BeginSession() (limiter.Session, error)
-	Run(ctx context.Context)
 }
diff --git a/agent/proxycfg-sources/catalog/config_source_oss.go b/agent/proxycfg-sources/catalog/config_source_oss.go
deleted file mode 100644
index 21ddede8821b..000000000000
--- a/agent/proxycfg-sources/catalog/config_source_oss.go
+++ /dev/null
@@ -1,13 +0,0 @@
-//go:build !consulent
-// +build !consulent
-
-package catalog
-
-import (
-	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-func GetEnterpriseMetaFromResourceID(id *pbresource.ID) *acl.EnterpriseMeta {
-	return acl.DefaultEnterpriseMeta()
-}
diff --git a/agent/proxycfg-sources/catalog/config_source_test.go b/agent/proxycfg-sources/catalog/config_source_test.go
index 46b69746688c..661fae9c082b 100644
--- a/agent/proxycfg-sources/catalog/config_source_test.go
+++ b/agent/proxycfg-sources/catalog/config_source_test.go
@@ -1,10 +1,9 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package catalog
 
 import (
-	"context"
 	"errors"
 	"testing"
 	"time"
@@ -20,9 +19,6 @@ import (
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/token"
-	"github.com/hashicorp/consul/internal/mesh"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 )
 
 func TestConfigSource_Success(t *testing.T) {
@@ -79,15 +75,15 @@ func TestConfigSource_Success(t *testing.T) {
 	})
 	t.Cleanup(mgr.Shutdown)
 
-	snapCh, termCh, cancelWatch1, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
+	snapCh, termCh, cancelWatch1, err := mgr.Watch(serviceID, nodeName, token)
 	require.NoError(t, err)
 	require.Equal(t, session1TermCh, termCh)
 
 	// Expect Register to have been called with the proxy's inital port.
 	select {
 	case snap := <-snapCh:
-		require.Equal(t, 9999, snap.(*proxycfg.ConfigSnapshot).Port)
-		require.Equal(t, token, snap.(*proxycfg.ConfigSnapshot).ProxyID.Token)
+		require.Equal(t, 9999, snap.Port)
+		require.Equal(t, token, snap.ProxyID.Token)
 	case <-time.After(100 * time.Millisecond):
 		t.Fatal("timeout waiting for snapshot")
 	}
@@ -111,7 +107,7 @@ func TestConfigSource_Success(t *testing.T) {
 	// Expect Register to have been called again with the proxy's new port.
 	select {
 	case snap := <-snapCh:
-		require.Equal(t, 8888, snap.(*proxycfg.ConfigSnapshot).Port)
+		require.Equal(t, 8888, snap.Port)
 	case <-time.After(100 * time.Millisecond):
 		t.Fatal("timeout waiting for snapshot")
 	}
@@ -130,13 +126,13 @@ func TestConfigSource_Success(t *testing.T) {
 		require.Equal(t, map[string]any{
 			"local_connect_timeout_ms": 123,
 			"max_inbound_connections":  321,
-		}, snap.(*proxycfg.ConfigSnapshot).Proxy.Config)
+		}, snap.Proxy.Config)
 	case <-time.After(100 * time.Millisecond):
 		t.Fatal("timeout waiting for snapshot")
 	}
 
 	// Start another watch.
-	_, termCh2, cancelWatch2, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
+	_, termCh2, cancelWatch2, err := mgr.Watch(serviceID, nodeName, token)
 	require.NoError(t, err)
 	require.Equal(t, session2TermCh, termCh2)
 
@@ -170,7 +166,6 @@ func TestConfigSource_Success(t *testing.T) {
 
 func TestConfigSource_LocallyManagedService(t *testing.T) {
 	serviceID := structs.NewServiceID("web-sidecar-proxy-1", nil)
-	proxyID := rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID()
 	nodeName := "node-1"
 	token := "token"
 
@@ -178,8 +173,8 @@ func TestConfigSource_LocallyManagedService(t *testing.T) {
 	localState.AddServiceWithChecks(&structs.NodeService{ID: serviceID.ID}, nil, "", false)
 
 	localWatcher := NewMockWatcher(t)
-	localWatcher.On("Watch", proxyID, nodeName, token).
-		Return(make(<-chan proxysnapshot.ProxySnapshot), nil, proxysnapshot.CancelFunc(func() {}), nil)
+	localWatcher.On("Watch", serviceID, nodeName, token).
+		Return(make(<-chan *proxycfg.ConfigSnapshot), nil, proxycfg.CancelFunc(func() {}), nil)
 
 	mgr := NewConfigSource(Config{
 		NodeName:          nodeName,
@@ -191,7 +186,7 @@ func TestConfigSource_LocallyManagedService(t *testing.T) {
 	})
 	t.Cleanup(mgr.Shutdown)
 
-	_, _, _, err := mgr.Watch(proxyID, nodeName, token)
+	_, _, _, err := mgr.Watch(serviceID, nodeName, token)
 	require.NoError(t, err)
 }
 
@@ -213,12 +208,12 @@ func TestConfigSource_ErrorRegisteringService(t *testing.T) {
 	}))
 
 	var canceledWatch bool
-	cancel := proxysnapshot.CancelFunc(func() { canceledWatch = true })
+	cancel := proxycfg.CancelFunc(func() { canceledWatch = true })
 
 	cfgMgr := NewMockConfigManager(t)
 
 	cfgMgr.On("Watch", mock.Anything).
-		Return(make(<-chan proxysnapshot.ProxySnapshot), cancel)
+		Return(make(<-chan *proxycfg.ConfigSnapshot), cancel)
 
 	cfgMgr.On("Register", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).
 		Return(errors.New("KABOOM"))
@@ -238,7 +233,7 @@ func TestConfigSource_ErrorRegisteringService(t *testing.T) {
 	})
 	t.Cleanup(mgr.Shutdown)
 
-	_, _, _, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
+	_, _, _, err := mgr.Watch(serviceID, nodeName, token)
 	require.Error(t, err)
 	require.True(t, canceledWatch, "watch should've been canceled")
 
@@ -263,12 +258,12 @@ func TestConfigSource_NotProxyService(t *testing.T) {
 	}))
 
 	var canceledWatch bool
-	cancel := proxysnapshot.CancelFunc(func() { canceledWatch = true })
+	cancel := proxycfg.CancelFunc(func() { canceledWatch = true })
 
 	cfgMgr := NewMockConfigManager(t)
 
 	cfgMgr.On("Watch", mock.Anything).
-		Return(make(<-chan proxysnapshot.ProxySnapshot), cancel)
+		Return(make(<-chan *proxycfg.ConfigSnapshot), cancel)
 
 	mgr := NewConfigSource(Config{
 		Manager:        cfgMgr,
@@ -279,7 +274,7 @@ func TestConfigSource_NotProxyService(t *testing.T) {
 	})
 	t.Cleanup(mgr.Shutdown)
 
-	_, _, _, err := mgr.Watch(rtest.Resource(mesh.ProxyConfigurationType, serviceID.ID).ID(), nodeName, token)
+	_, _, _, err := mgr.Watch(serviceID, nodeName, token)
 	require.Error(t, err)
 	require.Contains(t, err.Error(), "must be a sidecar proxy or gateway")
 	require.True(t, canceledWatch, "watch should've been canceled")
@@ -296,7 +291,7 @@ func TestConfigSource_SessionLimiterError(t *testing.T) {
 	t.Cleanup(src.Shutdown)
 
 	_, _, _, err := src.Watch(
-		rtest.Resource(mesh.ProxyConfigurationType, "web-sidecar-proxy-1").ID(),
+		structs.NewServiceID("web-sidecar-proxy-1", nil),
 		"node-name",
 		"token",
 	)
@@ -314,9 +309,9 @@ func testConfigManager(t *testing.T, serviceID structs.ServiceID, nodeName strin
 		Token:     token,
 	}
 
-	snapCh := make(chan proxysnapshot.ProxySnapshot, 1)
+	snapCh := make(chan *proxycfg.ConfigSnapshot, 1)
 	cfgMgr.On("Watch", proxyID).
-		Return((<-chan proxysnapshot.ProxySnapshot)(snapCh), proxysnapshot.CancelFunc(func() {}), nil)
+		Return((<-chan *proxycfg.ConfigSnapshot)(snapCh), proxycfg.CancelFunc(func() {}), nil)
 
 	cfgMgr.On("Register", mock.Anything, mock.Anything, source, token, false).
 		Run(func(args mock.Arguments) {
@@ -360,8 +355,6 @@ func (nullSessionLimiter) BeginSession() (limiter.Session, error) {
 	return nullSession{}, nil
 }
 
-func (nullSessionLimiter) Run(ctx context.Context) {}
-
 type nullSession struct{}
 
 func (nullSession) End() {}
diff --git a/agent/proxycfg-sources/catalog/mock_ConfigManager.go b/agent/proxycfg-sources/catalog/mock_ConfigManager.go
index 37deffb022d8..3ae51c5f6a95 100644
--- a/agent/proxycfg-sources/catalog/mock_ConfigManager.go
+++ b/agent/proxycfg-sources/catalog/mock_ConfigManager.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.33.1. DO NOT EDIT.
+// Code generated by mockery v2.15.0. DO NOT EDIT.
 
 package catalog
 
@@ -6,8 +6,6 @@ import (
 	proxycfg "github.com/hashicorp/consul/agent/proxycfg"
 	mock "github.com/stretchr/testify/mock"
 
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-
 	structs "github.com/hashicorp/consul/agent/structs"
 )
 
@@ -36,39 +34,37 @@ func (_m *MockConfigManager) Register(proxyID proxycfg.ProxyID, service *structs
 }
 
 // Watch provides a mock function with given fields: req
-func (_m *MockConfigManager) Watch(req proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc) {
+func (_m *MockConfigManager) Watch(req proxycfg.ProxyID) (<-chan *proxycfg.ConfigSnapshot, proxycfg.CancelFunc) {
 	ret := _m.Called(req)
 
-	var r0 <-chan proxysnapshot.ProxySnapshot
-	var r1 proxysnapshot.CancelFunc
-	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc)); ok {
-		return rf(req)
-	}
-	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan proxysnapshot.ProxySnapshot); ok {
+	var r0 <-chan *proxycfg.ConfigSnapshot
+	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan *proxycfg.ConfigSnapshot); ok {
 		r0 = rf(req)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(<-chan proxysnapshot.ProxySnapshot)
+			r0 = ret.Get(0).(<-chan *proxycfg.ConfigSnapshot)
 		}
 	}
 
-	if rf, ok := ret.Get(1).(func(proxycfg.ProxyID) proxysnapshot.CancelFunc); ok {
+	var r1 proxycfg.CancelFunc
+	if rf, ok := ret.Get(1).(func(proxycfg.ProxyID) proxycfg.CancelFunc); ok {
 		r1 = rf(req)
 	} else {
 		if ret.Get(1) != nil {
-			r1 = ret.Get(1).(proxysnapshot.CancelFunc)
+			r1 = ret.Get(1).(proxycfg.CancelFunc)
 		}
 	}
 
 	return r0, r1
 }
 
-// NewMockConfigManager creates a new instance of MockConfigManager. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-// The first argument is typically a *testing.T value.
-func NewMockConfigManager(t interface {
+type mockConstructorTestingTNewMockConfigManager interface {
 	mock.TestingT
 	Cleanup(func())
-}) *MockConfigManager {
+}
+
+// NewMockConfigManager creates a new instance of MockConfigManager. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+func NewMockConfigManager(t mockConstructorTestingTNewMockConfigManager) *MockConfigManager {
 	mock := &MockConfigManager{}
 	mock.Mock.Test(t)
 
diff --git a/agent/proxycfg-sources/catalog/mock_SessionLimiter.go b/agent/proxycfg-sources/catalog/mock_SessionLimiter.go
index 39cd430f06d3..3b7147cb064c 100644
--- a/agent/proxycfg-sources/catalog/mock_SessionLimiter.go
+++ b/agent/proxycfg-sources/catalog/mock_SessionLimiter.go
@@ -1,10 +1,8 @@
-// Code generated by mockery v2.33.1. DO NOT EDIT.
+// Code generated by mockery v2.15.0. DO NOT EDIT.
 
 package catalog
 
 import (
-	context "context"
-
 	limiter "github.com/hashicorp/consul/agent/grpc-external/limiter"
 	mock "github.com/stretchr/testify/mock"
 )
@@ -19,10 +17,6 @@ func (_m *MockSessionLimiter) BeginSession() (limiter.Session, error) {
 	ret := _m.Called()
 
 	var r0 limiter.Session
-	var r1 error
-	if rf, ok := ret.Get(0).(func() (limiter.Session, error)); ok {
-		return rf()
-	}
 	if rf, ok := ret.Get(0).(func() limiter.Session); ok {
 		r0 = rf()
 	} else {
@@ -31,6 +25,7 @@ func (_m *MockSessionLimiter) BeginSession() (limiter.Session, error) {
 		}
 	}
 
+	var r1 error
 	if rf, ok := ret.Get(1).(func() error); ok {
 		r1 = rf()
 	} else {
@@ -40,17 +35,13 @@ func (_m *MockSessionLimiter) BeginSession() (limiter.Session, error) {
 	return r0, r1
 }
 
-// Run provides a mock function with given fields: ctx
-func (_m *MockSessionLimiter) Run(ctx context.Context) {
-	_m.Called(ctx)
+type mockConstructorTestingTNewMockSessionLimiter interface {
+	mock.TestingT
+	Cleanup(func())
 }
 
 // NewMockSessionLimiter creates a new instance of MockSessionLimiter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-// The first argument is typically a *testing.T value.
-func NewMockSessionLimiter(t interface {
-	mock.TestingT
-	Cleanup(func())
-}) *MockSessionLimiter {
+func NewMockSessionLimiter(t mockConstructorTestingTNewMockSessionLimiter) *MockSessionLimiter {
 	mock := &MockSessionLimiter{}
 	mock.Mock.Test(t)
 
diff --git a/agent/proxycfg-sources/catalog/mock_Watcher.go b/agent/proxycfg-sources/catalog/mock_Watcher.go
index b77be5d98ea8..d5ca046a4060 100644
--- a/agent/proxycfg-sources/catalog/mock_Watcher.go
+++ b/agent/proxycfg-sources/catalog/mock_Watcher.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.33.1. DO NOT EDIT.
+// Code generated by mockery v2.15.0. DO NOT EDIT.
 
 package catalog
 
@@ -6,9 +6,9 @@ import (
 	limiter "github.com/hashicorp/consul/agent/grpc-external/limiter"
 	mock "github.com/stretchr/testify/mock"
 
-	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
+	proxycfg "github.com/hashicorp/consul/agent/proxycfg"
 
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
+	structs "github.com/hashicorp/consul/agent/structs"
 )
 
 // MockWatcher is an autogenerated mock type for the Watcher type
@@ -17,25 +17,20 @@ type MockWatcher struct {
 }
 
 // Watch provides a mock function with given fields: proxyID, nodeName, token
-func (_m *MockWatcher) Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxysnapshot.ProxySnapshot, limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error) {
+func (_m *MockWatcher) Watch(proxyID structs.ServiceID, nodeName string, token string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
 	ret := _m.Called(proxyID, nodeName, token)
 
-	var r0 <-chan proxysnapshot.ProxySnapshot
-	var r1 limiter.SessionTerminatedChan
-	var r2 proxysnapshot.CancelFunc
-	var r3 error
-	if rf, ok := ret.Get(0).(func(*pbresource.ID, string, string) (<-chan proxysnapshot.ProxySnapshot, limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error)); ok {
-		return rf(proxyID, nodeName, token)
-	}
-	if rf, ok := ret.Get(0).(func(*pbresource.ID, string, string) <-chan proxysnapshot.ProxySnapshot); ok {
+	var r0 <-chan *proxycfg.ConfigSnapshot
+	if rf, ok := ret.Get(0).(func(structs.ServiceID, string, string) <-chan *proxycfg.ConfigSnapshot); ok {
 		r0 = rf(proxyID, nodeName, token)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(<-chan proxysnapshot.ProxySnapshot)
+			r0 = ret.Get(0).(<-chan *proxycfg.ConfigSnapshot)
 		}
 	}
 
-	if rf, ok := ret.Get(1).(func(*pbresource.ID, string, string) limiter.SessionTerminatedChan); ok {
+	var r1 limiter.SessionTerminatedChan
+	if rf, ok := ret.Get(1).(func(structs.ServiceID, string, string) limiter.SessionTerminatedChan); ok {
 		r1 = rf(proxyID, nodeName, token)
 	} else {
 		if ret.Get(1) != nil {
@@ -43,15 +38,17 @@ func (_m *MockWatcher) Watch(proxyID *pbresource.ID, nodeName string, token stri
 		}
 	}
 
-	if rf, ok := ret.Get(2).(func(*pbresource.ID, string, string) proxysnapshot.CancelFunc); ok {
+	var r2 proxycfg.CancelFunc
+	if rf, ok := ret.Get(2).(func(structs.ServiceID, string, string) proxycfg.CancelFunc); ok {
 		r2 = rf(proxyID, nodeName, token)
 	} else {
 		if ret.Get(2) != nil {
-			r2 = ret.Get(2).(proxysnapshot.CancelFunc)
+			r2 = ret.Get(2).(proxycfg.CancelFunc)
 		}
 	}
 
-	if rf, ok := ret.Get(3).(func(*pbresource.ID, string, string) error); ok {
+	var r3 error
+	if rf, ok := ret.Get(3).(func(structs.ServiceID, string, string) error); ok {
 		r3 = rf(proxyID, nodeName, token)
 	} else {
 		r3 = ret.Error(3)
@@ -60,12 +57,13 @@ func (_m *MockWatcher) Watch(proxyID *pbresource.ID, nodeName string, token stri
 	return r0, r1, r2, r3
 }
 
-// NewMockWatcher creates a new instance of MockWatcher. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-// The first argument is typically a *testing.T value.
-func NewMockWatcher(t interface {
+type mockConstructorTestingTNewMockWatcher interface {
 	mock.TestingT
 	Cleanup(func())
-}) *MockWatcher {
+}
+
+// NewMockWatcher creates a new instance of MockWatcher. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+func NewMockWatcher(t mockConstructorTestingTNewMockWatcher) *MockWatcher {
 	mock := &MockWatcher{}
 	mock.Mock.Test(t)
 
diff --git a/agent/proxycfg-sources/local/config_source.go b/agent/proxycfg-sources/local/config_source.go
index 7b3a835fb819..18b8a045c421 100644
--- a/agent/proxycfg-sources/local/config_source.go
+++ b/agent/proxycfg-sources/local/config_source.go
@@ -1,15 +1,12 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package local
 
 import (
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
 	structs "github.com/hashicorp/consul/agent/structs"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 // ConfigSource wraps a proxycfg.Manager to create watches on services
@@ -23,9 +20,7 @@ func NewConfigSource(cfgMgr ConfigManager) *ConfigSource {
 	return &ConfigSource{cfgMgr}
 }
 
-func (m *ConfigSource) Watch(proxyID *pbresource.ID, nodeName string, _ string) (<-chan proxysnapshot.ProxySnapshot,
-	limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error) {
-	serviceID := structs.NewServiceID(proxyID.Name, catalog.GetEnterpriseMetaFromResourceID(proxyID))
+func (m *ConfigSource) Watch(serviceID structs.ServiceID, nodeName string, _ string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
 	watchCh, cancelWatch := m.manager.Watch(proxycfg.ProxyID{
 		ServiceID: serviceID,
 		NodeName:  nodeName,
diff --git a/agent/proxycfg-sources/local/local.go b/agent/proxycfg-sources/local/local.go
index 44867eb06751..92eefe1eb85f 100644
--- a/agent/proxycfg-sources/local/local.go
+++ b/agent/proxycfg-sources/local/local.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package local integrates the proxycfg Manager with the agent's local state.
 package local
diff --git a/agent/proxycfg-sources/local/mock_ConfigManager.go b/agent/proxycfg-sources/local/mock_ConfigManager.go
index e3b2d3a44587..8f2c8fc6c836 100644
--- a/agent/proxycfg-sources/local/mock_ConfigManager.go
+++ b/agent/proxycfg-sources/local/mock_ConfigManager.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.33.1. DO NOT EDIT.
+// Code generated by mockery v2.15.0. DO NOT EDIT.
 
 package local
 
@@ -6,8 +6,6 @@ import (
 	proxycfg "github.com/hashicorp/consul/agent/proxycfg"
 	mock "github.com/stretchr/testify/mock"
 
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-
 	structs "github.com/hashicorp/consul/agent/structs"
 )
 
@@ -52,39 +50,37 @@ func (_m *MockConfigManager) RegisteredProxies(source proxycfg.ProxySource) []pr
 }
 
 // Watch provides a mock function with given fields: id
-func (_m *MockConfigManager) Watch(id proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc) {
+func (_m *MockConfigManager) Watch(id proxycfg.ProxyID) (<-chan *proxycfg.ConfigSnapshot, proxycfg.CancelFunc) {
 	ret := _m.Called(id)
 
-	var r0 <-chan proxysnapshot.ProxySnapshot
-	var r1 proxysnapshot.CancelFunc
-	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc)); ok {
-		return rf(id)
-	}
-	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan proxysnapshot.ProxySnapshot); ok {
+	var r0 <-chan *proxycfg.ConfigSnapshot
+	if rf, ok := ret.Get(0).(func(proxycfg.ProxyID) <-chan *proxycfg.ConfigSnapshot); ok {
 		r0 = rf(id)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(<-chan proxysnapshot.ProxySnapshot)
+			r0 = ret.Get(0).(<-chan *proxycfg.ConfigSnapshot)
 		}
 	}
 
-	if rf, ok := ret.Get(1).(func(proxycfg.ProxyID) proxysnapshot.CancelFunc); ok {
+	var r1 proxycfg.CancelFunc
+	if rf, ok := ret.Get(1).(func(proxycfg.ProxyID) proxycfg.CancelFunc); ok {
 		r1 = rf(id)
 	} else {
 		if ret.Get(1) != nil {
-			r1 = ret.Get(1).(proxysnapshot.CancelFunc)
+			r1 = ret.Get(1).(proxycfg.CancelFunc)
 		}
 	}
 
 	return r0, r1
 }
 
-// NewMockConfigManager creates a new instance of MockConfigManager. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-// The first argument is typically a *testing.T value.
-func NewMockConfigManager(t interface {
+type mockConstructorTestingTNewMockConfigManager interface {
 	mock.TestingT
 	Cleanup(func())
-}) *MockConfigManager {
+}
+
+// NewMockConfigManager creates a new instance of MockConfigManager. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+func NewMockConfigManager(t mockConstructorTestingTNewMockConfigManager) *MockConfigManager {
 	mock := &MockConfigManager{}
 	mock.Mock.Test(t)
 
diff --git a/agent/proxycfg-sources/local/sync.go b/agent/proxycfg-sources/local/sync.go
index b5583db43a3d..86427c9f005b 100644
--- a/agent/proxycfg-sources/local/sync.go
+++ b/agent/proxycfg-sources/local/sync.go
@@ -1,11 +1,10 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package local
 
 import (
 	"context"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"time"
 
 	"github.com/hashicorp/go-hclog"
@@ -136,7 +135,7 @@ func sync(cfg SyncConfig) {
 
 //go:generate mockery --name ConfigManager --inpackage
 type ConfigManager interface {
-	Watch(id proxycfg.ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc)
+	Watch(id proxycfg.ProxyID) (<-chan *proxycfg.ConfigSnapshot, proxycfg.CancelFunc)
 	Register(proxyID proxycfg.ProxyID, service *structs.NodeService, source proxycfg.ProxySource, token string, overwrite bool) error
 	Deregister(proxyID proxycfg.ProxyID, source proxycfg.ProxySource)
 	RegisteredProxies(source proxycfg.ProxySource) []proxycfg.ProxyID
diff --git a/agent/proxycfg-sources/local/sync_test.go b/agent/proxycfg-sources/local/sync_test.go
index 5aa030db4cfc..8fa488351819 100644
--- a/agent/proxycfg-sources/local/sync_test.go
+++ b/agent/proxycfg-sources/local/sync_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package local
 
diff --git a/agent/proxycfg/api_gateway.go b/agent/proxycfg/api_gateway.go
index 3ed39481204c..b4954cd3973c 100644
--- a/agent/proxycfg/api_gateway.go
+++ b/agent/proxycfg/api_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
diff --git a/agent/proxycfg/api_gateway_ce.go b/agent/proxycfg/api_gateway_ce.go
deleted file mode 100644
index e2a3b375cd10..000000000000
--- a/agent/proxycfg/api_gateway_ce.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package proxycfg
-
-import "context"
-
-func watchJWTProviders(cxt context.Context, h *handlerAPIGateway) error {
-	return nil
-}
-
-func setJWTProvider(u UpdateEvent, snap *ConfigSnapshot) error {
-	return nil
-}
diff --git a/agent/proxycfg/config_snapshot_glue.go b/agent/proxycfg/config_snapshot_glue.go
deleted file mode 100644
index 7d1c1d9770e0..000000000000
--- a/agent/proxycfg/config_snapshot_glue.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package proxycfg
-
-import (
-	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/logging"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-)
-
-// The below functions are added to ConfigSnapshot to allow it to conform to
-// the ProxySnapshot interface.
-func (s *ConfigSnapshot) AllowEmptyListeners() bool {
-	// Ingress and API gateways are allowed to inform LDS of no listeners.
-	return s.Kind == structs.ServiceKindIngressGateway ||
-		s.Kind == structs.ServiceKindAPIGateway
-}
-
-func (s *ConfigSnapshot) AllowEmptyRoutes() bool {
-	// Ingress and API gateways are allowed to inform RDS of no routes.
-	return s.Kind == structs.ServiceKindIngressGateway ||
-		s.Kind == structs.ServiceKindAPIGateway
-}
-
-func (s *ConfigSnapshot) AllowEmptyClusters() bool {
-	// Mesh, Ingress, API and Terminating gateways are allowed to inform CDS of no clusters.
-	return s.Kind == structs.ServiceKindMeshGateway ||
-		s.Kind == structs.ServiceKindTerminatingGateway ||
-		s.Kind == structs.ServiceKindIngressGateway ||
-		s.Kind == structs.ServiceKindAPIGateway
-}
-
-func (s *ConfigSnapshot) Authorize(authz acl.Authorizer) error {
-	var authzContext acl.AuthorizerContext
-	switch s.Kind {
-	case structs.ServiceKindConnectProxy:
-		s.ProxyID.EnterpriseMeta.FillAuthzContext(&authzContext)
-		if err := authz.ToAllowAuthorizer().ServiceWriteAllowed(s.Proxy.DestinationServiceName, &authzContext); err != nil {
-			return status.Errorf(codes.PermissionDenied, err.Error())
-		}
-	case structs.ServiceKindMeshGateway, structs.ServiceKindTerminatingGateway, structs.ServiceKindIngressGateway, structs.ServiceKindAPIGateway:
-		s.ProxyID.EnterpriseMeta.FillAuthzContext(&authzContext)
-		if err := authz.ToAllowAuthorizer().ServiceWriteAllowed(s.Service, &authzContext); err != nil {
-			return status.Errorf(codes.PermissionDenied, err.Error())
-		}
-	default:
-		return status.Errorf(codes.Internal, "Invalid service kind")
-	}
-
-	// Authed OK!
-	return nil
-}
-
-func (s *ConfigSnapshot) LoggerName() string {
-	switch s.Kind {
-	case structs.ServiceKindConnectProxy:
-	case structs.ServiceKindTerminatingGateway:
-		return logging.TerminatingGateway
-	case structs.ServiceKindMeshGateway:
-		return logging.MeshGateway
-	case structs.ServiceKindIngressGateway:
-		return logging.IngressGateway
-	}
-
-	return ""
-}
diff --git a/agent/proxycfg/config_snapshot_glue_test.go b/agent/proxycfg/config_snapshot_glue_test.go
deleted file mode 100644
index 6ff20714eb32..000000000000
--- a/agent/proxycfg/config_snapshot_glue_test.go
+++ /dev/null
@@ -1,312 +0,0 @@
-package proxycfg
-
-import (
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/mock"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/agent/structs"
-)
-
-func TestConfigSnapshot_AllowEmptyClusters(t *testing.T) {
-	type testCase struct {
-		description    string
-		cfgSnapshot    *ConfigSnapshot
-		expectedResult bool
-	}
-	testsCases := []testCase{
-		{
-			description:    "Mesh proxies are not allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindConnectProxy},
-			expectedResult: false,
-		},
-		{
-			description:    "Ingress gateways are allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindIngressGateway},
-			expectedResult: true,
-		},
-		{
-			description:    "Terminating gateways are allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindTerminatingGateway},
-			expectedResult: true,
-		},
-		{
-			description:    "API Gateways are allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindAPIGateway},
-			expectedResult: true,
-		},
-		{
-			description:    "Mesh Gateways are allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindMeshGateway},
-			expectedResult: true,
-		},
-	}
-	for _, tc := range testsCases {
-		t.Run(tc.description, func(t *testing.T) {
-			require.Equal(t, tc.expectedResult, tc.cfgSnapshot.AllowEmptyClusters())
-		})
-	}
-}
-
-func TestConfigSnapshot_AllowEmptyListeners(t *testing.T) {
-	type testCase struct {
-		description    string
-		cfgSnapshot    *ConfigSnapshot
-		expectedResult bool
-	}
-	testsCases := []testCase{
-		{
-			description:    "Mesh proxies are not allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindConnectProxy},
-			expectedResult: false,
-		},
-		{
-			description:    "Ingress gateways are allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindIngressGateway},
-			expectedResult: true,
-		},
-		{
-			description:    "Terminating gateways are not allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindTerminatingGateway},
-			expectedResult: false,
-		},
-		{
-			description:    "API Gateways are allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindAPIGateway},
-			expectedResult: true,
-		},
-		{
-			description:    "Mesh Gateways are not allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindMeshGateway},
-			expectedResult: false,
-		},
-	}
-	for _, tc := range testsCases {
-		t.Run(tc.description, func(t *testing.T) {
-			require.Equal(t, tc.expectedResult, tc.cfgSnapshot.AllowEmptyListeners())
-		})
-	}
-}
-
-func TestConfigSnapshot_AllowEmptyRoutes(t *testing.T) {
-	type testCase struct {
-		description    string
-		cfgSnapshot    *ConfigSnapshot
-		expectedResult bool
-	}
-	testsCases := []testCase{
-		{
-			description:    "Mesh proxies are not allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindConnectProxy},
-			expectedResult: false,
-		},
-		{
-			description:    "Ingress gateways are allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindIngressGateway},
-			expectedResult: true,
-		},
-		{
-			description:    "Terminating gateways are not allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindTerminatingGateway},
-			expectedResult: false,
-		},
-		{
-			description:    "API Gateways are allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindAPIGateway},
-			expectedResult: true,
-		},
-		{
-			description:    "Mesh Gateways are not allowed",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindMeshGateway},
-			expectedResult: false,
-		},
-	}
-	for _, tc := range testsCases {
-		t.Run(tc.description, func(t *testing.T) {
-			require.Equal(t, tc.expectedResult, tc.cfgSnapshot.AllowEmptyRoutes())
-		})
-	}
-}
-
-func TestConfigSnapshot_LoggerName(t *testing.T) {
-	type testCase struct {
-		description    string
-		cfgSnapshot    *ConfigSnapshot
-		expectedResult string
-	}
-	testsCases := []testCase{
-		{
-			description:    "Mesh proxies have a logger named ''",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindConnectProxy},
-			expectedResult: "",
-		},
-		{
-			description:    "Ingress gateways have a logger named 'ingress_gateway'",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindIngressGateway},
-			expectedResult: "ingress_gateway",
-		},
-		{
-			description:    "Terminating gateways have a logger named 'terminating_gateway'",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindTerminatingGateway},
-			expectedResult: "terminating_gateway",
-		},
-		{
-			description:    "API Gateways have a logger named ''",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindAPIGateway},
-			expectedResult: "",
-		},
-		{
-			description:    "Mesh Gateways have a logger named 'mesh_gateway'",
-			cfgSnapshot:    &ConfigSnapshot{Kind: structs.ServiceKindMeshGateway},
-			expectedResult: "mesh_gateway",
-		},
-	}
-	for _, tc := range testsCases {
-		t.Run(tc.description, func(t *testing.T) {
-			require.Equal(t, tc.expectedResult, tc.cfgSnapshot.LoggerName())
-		})
-	}
-}
-
-func TestConfigSnapshot_Authorize(t *testing.T) {
-	type testCase struct {
-		description          string
-		cfgSnapshot          *ConfigSnapshot
-		configureAuthorizer  func(authorizer *acl.MockAuthorizer)
-		expectedErrorMessage string
-	}
-	testsCases := []testCase{
-		{
-			description: "ConnectProxy - if service write is allowed for the DestinationService then allow.",
-			cfgSnapshot: &ConfigSnapshot{
-				Kind: structs.ServiceKindConnectProxy,
-				Proxy: structs.ConnectProxyConfig{
-					DestinationServiceName: "DestinationServiceName",
-				},
-			},
-			expectedErrorMessage: "",
-			configureAuthorizer: func(authz *acl.MockAuthorizer) {
-				authz.On("ServiceWrite", "DestinationServiceName", mock.Anything).Return(acl.Allow)
-			},
-		},
-		{
-			description: "ConnectProxy - if service write is not allowed for the DestinationService then deny.",
-			cfgSnapshot: &ConfigSnapshot{
-				Kind: structs.ServiceKindConnectProxy,
-				Proxy: structs.ConnectProxyConfig{
-					DestinationServiceName: "DestinationServiceName",
-				},
-			},
-			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"DestinationServiceName\"",
-			configureAuthorizer: func(authz *acl.MockAuthorizer) {
-				authz.On("ServiceWrite", "DestinationServiceName", mock.Anything).Return(acl.Deny)
-			},
-		},
-		{
-			description: "Mesh Gateway - if service write is allowed for the Service then allow.",
-			cfgSnapshot: &ConfigSnapshot{
-				Kind:    structs.ServiceKindMeshGateway,
-				Service: "Service",
-			},
-			expectedErrorMessage: "",
-			configureAuthorizer: func(authz *acl.MockAuthorizer) {
-				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Allow)
-			},
-		},
-		{
-			description: "Mesh Gateway - if service write is not allowed for the Service then deny.",
-			cfgSnapshot: &ConfigSnapshot{
-				Kind:    structs.ServiceKindMeshGateway,
-				Service: "Service",
-			},
-			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
-			configureAuthorizer: func(authz *acl.MockAuthorizer) {
-				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
-			},
-		},
-		{
-			description: "Terminating Gateway - if service write is allowed for the Service then allow.",
-			cfgSnapshot: &ConfigSnapshot{
-				Kind:    structs.ServiceKindTerminatingGateway,
-				Service: "Service",
-			},
-			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
-			configureAuthorizer: func(authz *acl.MockAuthorizer) {
-				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
-			},
-		},
-		{
-			description: "Terminating Gateway - if service write is not allowed for the Service then deny.",
-			cfgSnapshot: &ConfigSnapshot{
-				Kind:    structs.ServiceKindTerminatingGateway,
-				Service: "Service",
-			},
-			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
-			configureAuthorizer: func(authz *acl.MockAuthorizer) {
-				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
-			},
-		},
-		{
-			description: "Ingress Gateway - if service write is allowed for the Service then allow.",
-			cfgSnapshot: &ConfigSnapshot{
-				Kind:    structs.ServiceKindIngressGateway,
-				Service: "Service",
-			},
-			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
-			configureAuthorizer: func(authz *acl.MockAuthorizer) {
-				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
-			},
-		},
-		{
-			description: "Ingress Gateway - if service write is not allowed for the Service then deny.",
-			cfgSnapshot: &ConfigSnapshot{
-				Kind:    structs.ServiceKindIngressGateway,
-				Service: "Service",
-			},
-			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
-			configureAuthorizer: func(authz *acl.MockAuthorizer) {
-				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
-			},
-		},
-		{
-			description: "API Gateway - if service write is allowed for the Service then allow.",
-			cfgSnapshot: &ConfigSnapshot{
-				Kind:    structs.ServiceKindAPIGateway,
-				Service: "Service",
-			},
-			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
-			configureAuthorizer: func(authz *acl.MockAuthorizer) {
-				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
-			},
-		},
-		{
-			description: "API Gateway - if service write is not allowed for the Service then deny.",
-			cfgSnapshot: &ConfigSnapshot{
-				Kind:    structs.ServiceKindAPIGateway,
-				Service: "Service",
-			},
-			expectedErrorMessage: "rpc error: code = PermissionDenied desc = Permission denied: token with AccessorID '' lacks permission 'service:write' on \"Service\"",
-			configureAuthorizer: func(authz *acl.MockAuthorizer) {
-				authz.On("ServiceWrite", "Service", mock.Anything).Return(acl.Deny)
-			},
-		},
-	}
-	for _, tc := range testsCases {
-		t.Run(tc.description, func(t *testing.T) {
-			authz := &acl.MockAuthorizer{}
-			authz.On("ToAllow").Return(acl.AllowAuthorizer{Authorizer: authz})
-			tc.configureAuthorizer(authz)
-			err := tc.cfgSnapshot.Authorize(authz)
-			errMsg := ""
-			if err != nil {
-				errMsg = err.Error()
-			}
-			// using contains because Enterprise tests append the parition and namespace
-			// information to the message.
-			require.True(t, strings.Contains(errMsg, tc.expectedErrorMessage))
-		})
-	}
-}
diff --git a/agent/proxycfg/connect_proxy.go b/agent/proxycfg/connect_proxy.go
index 0a8c1737923e..7dcbe18e7195 100644
--- a/agent/proxycfg/connect_proxy.go
+++ b/agent/proxycfg/connect_proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
diff --git a/agent/proxycfg/data_sources.go b/agent/proxycfg/data_sources.go
index dfb9a70f357b..ee779dfb6c88 100644
--- a/agent/proxycfg/data_sources.go
+++ b/agent/proxycfg/data_sources.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
diff --git a/agent/proxycfg/data_sources_ce.go b/agent/proxycfg/data_sources_ce.go
index a4a4aaff7476..5a92e9486b0d 100644
--- a/agent/proxycfg/data_sources_ce.go
+++ b/agent/proxycfg/data_sources_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/deep-copy.sh b/agent/proxycfg/deep-copy.sh
index 2e1f361dd710..17791e79b119 100755
--- a/agent/proxycfg/deep-copy.sh
+++ b/agent/proxycfg/deep-copy.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 readonly PACKAGE_DIR="$(dirname "${BASH_SOURCE[0]}")"
diff --git a/agent/proxycfg/ingress_gateway.go b/agent/proxycfg/ingress_gateway.go
index 3ab5828add40..efb774c9b17c 100644
--- a/agent/proxycfg/ingress_gateway.go
+++ b/agent/proxycfg/ingress_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
diff --git a/agent/proxycfg/internal/watch/watchmap.go b/agent/proxycfg/internal/watch/watchmap.go
index d4fba2ea03eb..c36ec3237cc6 100644
--- a/agent/proxycfg/internal/watch/watchmap.go
+++ b/agent/proxycfg/internal/watch/watchmap.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package watch
 
diff --git a/agent/proxycfg/internal/watch/watchmap_test.go b/agent/proxycfg/internal/watch/watchmap_test.go
index 54fb51d4df9b..c5bef8e47108 100644
--- a/agent/proxycfg/internal/watch/watchmap_test.go
+++ b/agent/proxycfg/internal/watch/watchmap_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package watch
 
diff --git a/agent/proxycfg/manager.go b/agent/proxycfg/manager.go
index 71b6270fefc4..a942fd1d1e14 100644
--- a/agent/proxycfg/manager.go
+++ b/agent/proxycfg/manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -12,7 +12,6 @@ import (
 	"golang.org/x/time/rate"
 
 	"github.com/hashicorp/consul/agent/structs"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/consul/tlsutil"
 )
 
@@ -37,6 +36,10 @@ type ProxyID struct {
 // from overwriting each other's registrations.
 type ProxySource string
 
+// CancelFunc is a type for a returned function that can be called to cancel a
+// watch.
+type CancelFunc func()
+
 // Manager provides an API with which proxy services can be registered, and
 // coordinates the fetching (and refreshing) of intentions, upstreams, discovery
 // chain, certificates etc.
@@ -52,7 +55,7 @@ type Manager struct {
 
 	mu         sync.Mutex
 	proxies    map[ProxyID]*state
-	watchers   map[ProxyID]map[uint64]chan proxysnapshot.ProxySnapshot
+	watchers   map[ProxyID]map[uint64]chan *ConfigSnapshot
 	maxWatchID uint64
 }
 
@@ -103,7 +106,7 @@ func NewManager(cfg ManagerConfig) (*Manager, error) {
 	m := &Manager{
 		ManagerConfig: cfg,
 		proxies:       make(map[ProxyID]*state),
-		watchers:      make(map[ProxyID]map[uint64]chan proxysnapshot.ProxySnapshot),
+		watchers:      make(map[ProxyID]map[uint64]chan *ConfigSnapshot),
 		rateLimiter:   rate.NewLimiter(cfg.UpdateRateLimit, 1),
 	}
 	return m, nil
@@ -259,7 +262,7 @@ func (m *Manager) notify(snap *ConfigSnapshot) {
 // it will drain the chan and then re-attempt delivery so that a slow consumer
 // gets the latest config earlier. This MUST be called from a method where m.mu
 // is held to be safe since it assumes we are the only goroutine sending on ch.
-func (m *Manager) deliverLatest(snap *ConfigSnapshot, ch chan proxysnapshot.ProxySnapshot) {
+func (m *Manager) deliverLatest(snap *ConfigSnapshot, ch chan *ConfigSnapshot) {
 	// Send if chan is empty
 	select {
 	case ch <- snap:
@@ -296,16 +299,16 @@ OUTER:
 // will not fail, but no updates will be delivered until the proxy is
 // registered. If there is already a valid snapshot in memory, it will be
 // delivered immediately.
-func (m *Manager) Watch(id ProxyID) (<-chan proxysnapshot.ProxySnapshot, proxysnapshot.CancelFunc) {
+func (m *Manager) Watch(id ProxyID) (<-chan *ConfigSnapshot, CancelFunc) {
 	m.mu.Lock()
 	defer m.mu.Unlock()
 
 	// This buffering is crucial otherwise we'd block immediately trying to
 	// deliver the current snapshot below if we already have one.
-	ch := make(chan proxysnapshot.ProxySnapshot, 1)
+	ch := make(chan *ConfigSnapshot, 1)
 	watchers, ok := m.watchers[id]
 	if !ok {
-		watchers = make(map[uint64]chan proxysnapshot.ProxySnapshot)
+		watchers = make(map[uint64]chan *ConfigSnapshot)
 	}
 	watchID := m.maxWatchID
 	m.maxWatchID++
diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go
index feaa4e431d03..13dd0f95420c 100644
--- a/agent/proxycfg/manager_test.go
+++ b/agent/proxycfg/manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -17,7 +17,6 @@ import (
 	"github.com/hashicorp/consul/agent/proxycfg/internal/watch"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
@@ -470,7 +469,7 @@ func testManager_BasicLifecycle(
 	require.Len(t, m.watchers, 0)
 }
 
-func assertWatchChanBlocks(t *testing.T, ch <-chan proxysnapshot.ProxySnapshot) {
+func assertWatchChanBlocks(t *testing.T, ch <-chan *ConfigSnapshot) {
 	t.Helper()
 
 	select {
@@ -480,7 +479,7 @@ func assertWatchChanBlocks(t *testing.T, ch <-chan proxysnapshot.ProxySnapshot)
 	}
 }
 
-func assertWatchChanRecvs(t *testing.T, ch <-chan proxysnapshot.ProxySnapshot, expect proxysnapshot.ProxySnapshot) {
+func assertWatchChanRecvs(t *testing.T, ch <-chan *ConfigSnapshot, expect *ConfigSnapshot) {
 	t.Helper()
 
 	select {
@@ -518,7 +517,7 @@ func TestManager_deliverLatest(t *testing.T) {
 	}
 
 	// test 1 buffered chan
-	ch1 := make(chan proxysnapshot.ProxySnapshot, 1)
+	ch1 := make(chan *ConfigSnapshot, 1)
 
 	// Sending to an unblocked chan should work
 	m.deliverLatest(snap1, ch1)
@@ -534,7 +533,7 @@ func TestManager_deliverLatest(t *testing.T) {
 	require.Equal(t, snap2, <-ch1)
 
 	// Same again for 5-buffered chan
-	ch5 := make(chan proxysnapshot.ProxySnapshot, 5)
+	ch5 := make(chan *ConfigSnapshot, 5)
 
 	// Sending to an unblocked chan should work
 	m.deliverLatest(snap1, ch5)
diff --git a/agent/proxycfg/mesh_gateway.go b/agent/proxycfg/mesh_gateway.go
index 0237e8423290..f2fee37d4671 100644
--- a/agent/proxycfg/mesh_gateway.go
+++ b/agent/proxycfg/mesh_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -15,6 +15,7 @@ import (
 	"github.com/hashicorp/go-hclog"
 
 	"github.com/hashicorp/consul/acl"
+
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/leafcert"
 	"github.com/hashicorp/consul/agent/proxycfg/internal/watch"
diff --git a/agent/proxycfg/mesh_gateway_ce.go b/agent/proxycfg/mesh_gateway_ce.go
index 0c302f27cd7b..2959a8383a1e 100644
--- a/agent/proxycfg/mesh_gateway_ce.go
+++ b/agent/proxycfg/mesh_gateway_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/naming.go b/agent/proxycfg/naming.go
index a9bd5fd8c0ca..07aa42f2f4dd 100644
--- a/agent/proxycfg/naming.go
+++ b/agent/proxycfg/naming.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
diff --git a/agent/proxycfg/naming_ce.go b/agent/proxycfg/naming_ce.go
index a98204a8bbac..858b8d3553df 100644
--- a/agent/proxycfg/naming_ce.go
+++ b/agent/proxycfg/naming_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/naming_test.go b/agent/proxycfg/naming_test.go
index 0615a8128182..caf917f5d975 100644
--- a/agent/proxycfg/naming_test.go
+++ b/agent/proxycfg/naming_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
diff --git a/agent/proxycfg/proxycfg.deepcopy.go b/agent/proxycfg/proxycfg.deepcopy.go
index d6f11319169a..5b9d9ce3e7e0 100644
--- a/agent/proxycfg/proxycfg.deepcopy.go
+++ b/agent/proxycfg/proxycfg.deepcopy.go
@@ -13,10 +13,6 @@ import (
 // DeepCopy generates a deep copy of *ConfigSnapshot
 func (o *ConfigSnapshot) DeepCopy() *ConfigSnapshot {
 	var cp ConfigSnapshot = *o
-	if o.ServiceLocality != nil {
-		cp.ServiceLocality = new(structs.Locality)
-		*cp.ServiceLocality = *o.ServiceLocality
-	}
 	if o.ServiceMeta != nil {
 		cp.ServiceMeta = make(map[string]string, len(o.ServiceMeta))
 		for k2, v2 := range o.ServiceMeta {
diff --git a/agent/proxycfg/proxycfg.go b/agent/proxycfg/proxycfg.go
index 9b71156dfe5a..f73e6ac726ce 100644
--- a/agent/proxycfg/proxycfg.go
+++ b/agent/proxycfg/proxycfg.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package proxycfg contains components for sourcing the data required to
 // configure Connect proxies. The Manager provides an API with which proxy
@@ -45,7 +45,7 @@
 //	   ConfigSource - on a client agent this would be a local config source, on a
 //	   server it would be a catalog config source.
 //	4. On server, the catalog config source will check if service is registered locally.
-//	   4a. If the service *is* registered locally it hands off the local config
+//	   4a. If the service *is* registered locally it hands off the the local config
 //	      source, which calls Watch on the proxycfg manager (and serves the pre-
 //	      fetched data).
 //	5. Otherwise, it fetches the service from the state store.
diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go
index e9304ec63122..b4093d6f734c 100644
--- a/agent/proxycfg/snapshot.go
+++ b/agent/proxycfg/snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -925,7 +925,6 @@ func IngressListenerKeyFromListener(l structs.IngressListener) IngressListenerKe
 type ConfigSnapshot struct {
 	Kind                  structs.ServiceKind
 	Service               string
-	ServiceLocality       *structs.Locality
 	ProxyID               ProxyID
 	Address               string
 	Port                  int
diff --git a/agent/proxycfg/snapshot_test.go b/agent/proxycfg/snapshot_test.go
index b4b0ab57c957..ea6700cd249d 100644
--- a/agent/proxycfg/snapshot_test.go
+++ b/agent/proxycfg/snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go
index 853dca5a9f1b..55ba287ef1f2 100644
--- a/agent/proxycfg/state.go
+++ b/agent/proxycfg/state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -126,7 +126,6 @@ type serviceInstance struct {
 	taggedAddresses map[string]structs.ServiceAddress
 	proxyCfg        structs.ConnectProxyConfig
 	token           string
-	locality        *structs.Locality
 }
 
 func copyProxyConfig(ns *structs.NodeService) (structs.ConnectProxyConfig, error) {
@@ -247,7 +246,6 @@ func newServiceInstanceFromNodeService(id ProxyID, ns *structs.NodeService, toke
 	return serviceInstance{
 		kind:            ns.Kind,
 		service:         ns.Service,
-		locality:        ns.Locality,
 		proxyID:         id,
 		address:         ns.Address,
 		port:            ns.Port,
@@ -307,7 +305,6 @@ func newConfigSnapshotFromServiceInstance(s serviceInstance, config stateConfig)
 	return ConfigSnapshot{
 		Kind:                  s.kind,
 		Service:               s.service,
-		ServiceLocality:       s.locality,
 		ProxyID:               s.proxyID,
 		Address:               s.address,
 		Port:                  s.port,
diff --git a/agent/proxycfg/state_ce_test.go b/agent/proxycfg/state_ce_test.go
index 36f2e07183e4..e817aeef0b13 100644
--- a/agent/proxycfg/state_ce_test.go
+++ b/agent/proxycfg/state_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go
index 2a6792aa22e9..9065db885dc3 100644
--- a/agent/proxycfg/state_test.go
+++ b/agent/proxycfg/state_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
diff --git a/agent/proxycfg/terminating_gateway.go b/agent/proxycfg/terminating_gateway.go
index 05085a6ab26d..7d29ee70501b 100644
--- a/agent/proxycfg/terminating_gateway.go
+++ b/agent/proxycfg/terminating_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing.go b/agent/proxycfg/testing.go
index bdd565ec0454..ac68994cb8f1 100644
--- a/agent/proxycfg/testing.go
+++ b/agent/proxycfg/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -167,7 +167,7 @@ func TestUpstreamNodes(t testing.T, service string) structs.CheckServiceNodes {
 				Datacenter: "dc1",
 				Partition:  structs.NodeEnterpriseMetaInDefaultPartition().PartitionOrEmpty(),
 			},
-			Service: structs.TestNodeServiceWithName(service),
+			Service: structs.TestNodeServiceWithName(t, service),
 		},
 		structs.CheckServiceNode{
 			Node: &structs.Node{
@@ -177,47 +177,7 @@ func TestUpstreamNodes(t testing.T, service string) structs.CheckServiceNodes {
 				Datacenter: "dc1",
 				Partition:  structs.NodeEnterpriseMetaInDefaultPartition().PartitionOrEmpty(),
 			},
-			Service: structs.TestNodeServiceWithName(service),
-		},
-	}
-}
-
-// TestUpstreamNodesWithServiceSubset returns a sample service discovery result with one instance tagged v1
-// and the other tagged v2
-func TestUpstreamNodesWithServiceSubset(t testing.T, service string) structs.CheckServiceNodes {
-	return structs.CheckServiceNodes{
-		structs.CheckServiceNode{
-			Node: &structs.Node{
-				ID:         "test1",
-				Node:       "test1",
-				Address:    "10.10.1.3",
-				Datacenter: "dc1",
-				Partition:  structs.NodeEnterpriseMetaInDefaultPartition().PartitionOrEmpty(),
-			},
-			Service: &structs.NodeService{
-				Kind:    structs.ServiceKindTypical,
-				Service: service,
-				Port:    8080,
-				Meta:    map[string]string{"Version": "1"},
-				Weights: &structs.Weights{
-					Passing: 300, // Check that this gets normalized to 128
-				},
-			},
-		},
-		structs.CheckServiceNode{
-			Node: &structs.Node{
-				ID:         "test2",
-				Node:       "test2",
-				Address:    "10.10.1.4",
-				Datacenter: "dc1",
-				Partition:  structs.NodeEnterpriseMetaInDefaultPartition().PartitionOrEmpty(),
-			},
-			Service: &structs.NodeService{
-				Kind:    structs.ServiceKindTypical,
-				Service: service,
-				Port:    8080,
-				Meta:    map[string]string{"Version": "2"},
-			},
+			Service: structs.TestNodeServiceWithName(t, service),
 		},
 	}
 }
@@ -271,7 +231,7 @@ func TestUpstreamNodesInStatus(t testing.T, status string) structs.CheckServiceN
 				Address:    "10.10.1.1",
 				Datacenter: "dc1",
 			},
-			Service: structs.TestNodeService(),
+			Service: structs.TestNodeService(t),
 			Checks: structs.HealthChecks{
 				&structs.HealthCheck{
 					Node:        "test1",
@@ -288,7 +248,7 @@ func TestUpstreamNodesInStatus(t testing.T, status string) structs.CheckServiceN
 				Address:    "10.10.1.2",
 				Datacenter: "dc1",
 			},
-			Service: structs.TestNodeService(),
+			Service: structs.TestNodeService(t),
 			Checks: structs.HealthChecks{
 				&structs.HealthCheck{
 					Node:        "test2",
@@ -310,7 +270,7 @@ func TestUpstreamNodesDC2(t testing.T) structs.CheckServiceNodes {
 				Address:    "10.20.1.1",
 				Datacenter: "dc2",
 			},
-			Service: structs.TestNodeService(),
+			Service: structs.TestNodeService(t),
 		},
 		structs.CheckServiceNode{
 			Node: &structs.Node{
@@ -319,7 +279,7 @@ func TestUpstreamNodesDC2(t testing.T) structs.CheckServiceNodes {
 				Address:    "10.20.1.2",
 				Datacenter: "dc2",
 			},
-			Service: structs.TestNodeService(),
+			Service: structs.TestNodeService(t),
 		},
 	}
 }
@@ -333,7 +293,7 @@ func TestUpstreamNodesInStatusDC2(t testing.T, status string) structs.CheckServi
 				Address:    "10.20.1.1",
 				Datacenter: "dc2",
 			},
-			Service: structs.TestNodeService(),
+			Service: structs.TestNodeService(t),
 			Checks: structs.HealthChecks{
 				&structs.HealthCheck{
 					Node:        "test1",
@@ -350,7 +310,7 @@ func TestUpstreamNodesInStatusDC2(t testing.T, status string) structs.CheckServi
 				Address:    "10.20.1.2",
 				Datacenter: "dc2",
 			},
-			Service: structs.TestNodeService(),
+			Service: structs.TestNodeService(t),
 			Checks: structs.HealthChecks{
 				&structs.HealthCheck{
 					Node:        "test2",
@@ -372,7 +332,7 @@ func TestUpstreamNodesAlternate(t testing.T) structs.CheckServiceNodes {
 				Address:    "10.20.1.1",
 				Datacenter: "dc1",
 			},
-			Service: structs.TestNodeService(),
+			Service: structs.TestNodeService(t),
 		},
 		structs.CheckServiceNode{
 			Node: &structs.Node{
@@ -381,7 +341,7 @@ func TestUpstreamNodesAlternate(t testing.T) structs.CheckServiceNodes {
 				Address:    "10.20.1.2",
 				Datacenter: "dc1",
 			},
-			Service: structs.TestNodeService(),
+			Service: structs.TestNodeService(t),
 		},
 	}
 }
diff --git a/agent/proxycfg/testing_api_gateway.go b/agent/proxycfg/testing_api_gateway.go
index ddfa17dcf6ab..87ff58fbf053 100644
--- a/agent/proxycfg/testing_api_gateway.go
+++ b/agent/proxycfg/testing_api_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -8,9 +8,10 @@ import (
 
 	"github.com/mitchellh/go-testing-interface"
 
-	"github.com/hashicorp/consul/agent/configentry"
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/consul/discoverychain"
+
+	"github.com/hashicorp/consul/agent/configentry"
 	"github.com/hashicorp/consul/agent/structs"
 )
 
diff --git a/agent/proxycfg/testing_ce.go b/agent/proxycfg/testing_ce.go
index 6aa07588d4d1..202252a3a733 100644
--- a/agent/proxycfg/testing_ce.go
+++ b/agent/proxycfg/testing_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/testing_connect_proxy.go b/agent/proxycfg/testing_connect_proxy.go
index cf6f4a479b1e..a929aa52f167 100644
--- a/agent/proxycfg/testing_connect_proxy.go
+++ b/agent/proxycfg/testing_connect_proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -227,14 +227,6 @@ func TestConfigSnapshotExposeConfig(t testing.T, nsFn func(ns *structs.NodeServi
 }
 
 func TestConfigSnapshotExposeChecks(t testing.T) *ConfigSnapshot {
-	return testConfigSnapshotExposedChecks(t, false)
-}
-
-func TestConfigSnapshotExposeChecksWithBindOverride(t testing.T) *ConfigSnapshot {
-	return testConfigSnapshotExposedChecks(t, true)
-}
-
-func testConfigSnapshotExposedChecks(t testing.T, overrideBind bool) *ConfigSnapshot {
 	return TestConfigSnapshot(t,
 		func(ns *structs.NodeService) {
 			ns.Address = "1.2.3.4"
@@ -243,12 +235,6 @@ func testConfigSnapshotExposedChecks(t testing.T, overrideBind bool) *ConfigSnap
 			ns.Proxy.Expose = structs.ExposeConfig{
 				Checks: true,
 			}
-			if overrideBind {
-				if ns.Proxy.Config == nil {
-					ns.Proxy.Config = map[string]any{}
-				}
-				ns.Proxy.Config["bind_address"] = "6.7.8.9"
-			}
 		},
 		[]UpdateEvent{
 			{
@@ -267,32 +253,6 @@ func testConfigSnapshotExposedChecks(t testing.T, overrideBind bool) *ConfigSnap
 	)
 }
 
-func TestConfigSnapshotExposeChecksGRPC(t testing.T) *ConfigSnapshot {
-	return TestConfigSnapshot(t,
-		func(ns *structs.NodeService) {
-			ns.Address = "1.2.3.4"
-			ns.Port = 9090
-			ns.Proxy.Upstreams = nil
-			ns.Proxy.Expose = structs.ExposeConfig{
-				Checks: true,
-			}
-		},
-		[]UpdateEvent{
-			{
-				CorrelationID: svcChecksWatchIDPrefix + structs.ServiceIDString("web", nil),
-				Result: []structs.CheckType{{
-					CheckID:   types.CheckID("grpc"),
-					Name:      "grpc",
-					GRPC:      "localhost:9090/v1.Health",
-					ProxyGRPC: "localhost:21501/myservice",
-					Interval:  10 * time.Second,
-					Timeout:   1 * time.Second,
-				}},
-			},
-		},
-	)
-}
-
 func TestConfigSnapshotGRPCExposeHTTP1(t testing.T) *ConfigSnapshot {
 	roots, leaf := TestCerts(t)
 
diff --git a/agent/proxycfg/testing_ingress_gateway.go b/agent/proxycfg/testing_ingress_gateway.go
index 96918a261bd0..87a3313ecdb5 100644
--- a/agent/proxycfg/testing_ingress_gateway.go
+++ b/agent/proxycfg/testing_ingress_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -1888,8 +1888,8 @@ func TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners(t testing.T) *
 			entry.TLS.Enabled = true
 			entry.TLS.TLSMinVersion = types.TLSv1_2
 
-			// One listener should inherit TLS minimum version from the gateway config,
-			// two others each set explicit TLS minimum versions
+			// One listener disables TLS, one inherits TLS minimum version from the gateway
+			// config, two others set different versions
 			entry.Listeners = []structs.IngressListener{
 				{
 					Port:     8080,
@@ -1925,6 +1925,8 @@ func TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners(t testing.T) *
 			{
 				CorrelationID: gatewayServicesWatchID,
 				Result: &structs.IndexedGatewayServices{
+					// One listener should inherit TLS minimum version from the gateway config,
+					// two others each set explicit TLS minimum versions
 					Services: []*structs.GatewayService{
 						{
 							Service:  s1,
@@ -1982,208 +1984,3 @@ func TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners(t testing.T) *
 			},
 		})
 }
-
-func TestConfigSnapshotIngressGateway_TLSMixedMaxVersionListeners(t testing.T) *ConfigSnapshot {
-	var (
-		s1      = structs.NewServiceName("s1", nil)
-		s1UID   = NewUpstreamIDFromServiceName(s1)
-		s1Chain = discoverychain.TestCompileConfigEntries(t, "s1", "default", "default", "dc1", connect.TestClusterID+".consul", nil, nil)
-
-		s2      = structs.NewServiceName("s2", nil)
-		s2UID   = NewUpstreamIDFromServiceName(s2)
-		s2Chain = discoverychain.TestCompileConfigEntries(t, "s2", "default", "default", "dc1", connect.TestClusterID+".consul", nil, nil)
-
-		s3      = structs.NewServiceName("s3", nil)
-		s3UID   = NewUpstreamIDFromServiceName(s3)
-		s3Chain = discoverychain.TestCompileConfigEntries(t, "s3", "default", "default", "dc1", connect.TestClusterID+".consul", nil, nil)
-	)
-
-	return TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil,
-		func(entry *structs.IngressGatewayConfigEntry) {
-			entry.TLS.Enabled = true
-			entry.TLS.TLSMaxVersion = types.TLSv1_2
-
-			// One listener should inherit TLS maximum version from the gateway config,
-			// two others each set explicit TLS maximum versions
-			entry.Listeners = []structs.IngressListener{
-				{
-					Port:     8080,
-					Protocol: "http",
-					Services: []structs.IngressService{
-						{Name: "s1"},
-					},
-				},
-				{
-					Port:     8081,
-					Protocol: "http",
-					Services: []structs.IngressService{
-						{Name: "s2"},
-					},
-					TLS: &structs.GatewayTLSConfig{
-						Enabled:       true,
-						TLSMaxVersion: types.TLSv1_0,
-					},
-				},
-				{
-					Port:     8082,
-					Protocol: "http",
-					Services: []structs.IngressService{
-						{Name: "s3"},
-					},
-					TLS: &structs.GatewayTLSConfig{
-						Enabled:       true,
-						TLSMaxVersion: types.TLSv1_3,
-					},
-				},
-			}
-		}, []UpdateEvent{
-			{
-				CorrelationID: gatewayServicesWatchID,
-				Result: &structs.IndexedGatewayServices{
-					Services: []*structs.GatewayService{
-						{
-							Service:  s1,
-							Port:     8080,
-							Protocol: "http",
-						},
-						{
-							Service:  s2,
-							Port:     8081,
-							Protocol: "http",
-						},
-						{
-							Service:  s3,
-							Port:     8082,
-							Protocol: "http",
-						},
-					},
-				},
-			},
-			{
-				CorrelationID: "discovery-chain:" + s1UID.String(),
-				Result: &structs.DiscoveryChainResponse{
-					Chain: s1Chain,
-				},
-			},
-			{
-				CorrelationID: "discovery-chain:" + s2UID.String(),
-				Result: &structs.DiscoveryChainResponse{
-					Chain: s2Chain,
-				},
-			},
-			{
-				CorrelationID: "discovery-chain:" + s3UID.String(),
-				Result: &structs.DiscoveryChainResponse{
-					Chain: s3Chain,
-				},
-			},
-			{
-				CorrelationID: "upstream-target:" + s1Chain.ID() + ":" + s1UID.String(),
-				Result: &structs.IndexedCheckServiceNodes{
-					Nodes: TestUpstreamNodes(t, "s1"),
-				},
-			},
-			{
-				CorrelationID: "upstream-target:" + s2Chain.ID() + ":" + s2UID.String(),
-				Result: &structs.IndexedCheckServiceNodes{
-					Nodes: TestUpstreamNodes(t, "s2"),
-				},
-			},
-			{
-				CorrelationID: "upstream-target:" + s3Chain.ID() + ":" + s3UID.String(),
-				Result: &structs.IndexedCheckServiceNodes{
-					Nodes: TestUpstreamNodes(t, "s3"),
-				},
-			},
-		})
-}
-
-func TestConfigSnapshotIngressGateway_TLSMixedCipherVersionListeners(t testing.T) *ConfigSnapshot {
-	var (
-		s1      = structs.NewServiceName("s1", nil)
-		s1UID   = NewUpstreamIDFromServiceName(s1)
-		s1Chain = discoverychain.TestCompileConfigEntries(t, "s1", "default", "default", "dc1", connect.TestClusterID+".consul", nil, nil)
-
-		s2      = structs.NewServiceName("s2", nil)
-		s2UID   = NewUpstreamIDFromServiceName(s2)
-		s2Chain = discoverychain.TestCompileConfigEntries(t, "s2", "default", "default", "dc1", connect.TestClusterID+".consul", nil, nil)
-	)
-
-	return TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil,
-		func(entry *structs.IngressGatewayConfigEntry) {
-			entry.TLS.Enabled = true
-			entry.TLS.CipherSuites = []types.TLSCipherSuite{
-				types.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-			}
-
-			// One listener should inherit TLS Ciphers from the gateway config,
-			// the other should be set explicitly from the listener config
-			entry.Listeners = []structs.IngressListener{
-				{
-					Port:     8080,
-					Protocol: "http",
-					Services: []structs.IngressService{
-						{Name: "s1"},
-					},
-				},
-				{
-					Port:     8081,
-					Protocol: "http",
-					Services: []structs.IngressService{
-						{Name: "s2"},
-					},
-					TLS: &structs.GatewayTLSConfig{
-						Enabled: true,
-						CipherSuites: []types.TLSCipherSuite{
-							types.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-							types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-						},
-					},
-				},
-			}
-		}, []UpdateEvent{
-			{
-				CorrelationID: gatewayServicesWatchID,
-				Result: &structs.IndexedGatewayServices{
-					// One listener should inherit TLS minimum version from the gateway config,
-					// two others each set explicit TLS minimum versions
-					Services: []*structs.GatewayService{
-						{
-							Service:  s1,
-							Port:     8080,
-							Protocol: "http",
-						},
-						{
-							Service:  s2,
-							Port:     8081,
-							Protocol: "http",
-						},
-					},
-				},
-			},
-			{
-				CorrelationID: "discovery-chain:" + s1UID.String(),
-				Result: &structs.DiscoveryChainResponse{
-					Chain: s1Chain,
-				},
-			},
-			{
-				CorrelationID: "discovery-chain:" + s2UID.String(),
-				Result: &structs.DiscoveryChainResponse{
-					Chain: s2Chain,
-				},
-			},
-			{
-				CorrelationID: "upstream-target:" + s1Chain.ID() + ":" + s1UID.String(),
-				Result: &structs.IndexedCheckServiceNodes{
-					Nodes: TestUpstreamNodes(t, "s1"),
-				},
-			},
-			{
-				CorrelationID: "upstream-target:" + s2Chain.ID() + ":" + s2UID.String(),
-				Result: &structs.IndexedCheckServiceNodes{
-					Nodes: TestUpstreamNodes(t, "s2"),
-				},
-			},
-		})
-}
diff --git a/agent/proxycfg/testing_mesh_gateway.go b/agent/proxycfg/testing_mesh_gateway.go
index 865e219cd435..0ad9d4524afe 100644
--- a/agent/proxycfg/testing_mesh_gateway.go
+++ b/agent/proxycfg/testing_mesh_gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -23,10 +23,9 @@ func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *st
 	roots, _ := TestCertsForMeshGateway(t)
 
 	var (
-		populateServices      = true
-		useFederationStates   = false
-		deleteCrossDCEntry    = false
-		meshGatewayFederation = false
+		populateServices    = true
+		useFederationStates = false
+		deleteCrossDCEntry  = false
 	)
 
 	switch variant {
@@ -35,11 +34,6 @@ func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *st
 		populateServices = true
 		useFederationStates = true
 		deleteCrossDCEntry = true
-	case "mesh-gateway-federation":
-		populateServices = true
-		useFederationStates = true
-		deleteCrossDCEntry = true
-		meshGatewayFederation = true
 	case "newer-info-in-federation-states":
 		populateServices = true
 		useFederationStates = true
@@ -453,63 +447,6 @@ func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *st
 		})
 	}
 
-	var serverSNIFn ServerSNIFunc
-	if meshGatewayFederation {
-
-		// reproduced from tlsutil/config.go
-		serverSNIFn = func(dc, nodeName string) string {
-			// Strip the trailing '.' from the domain if any
-			domain := "consul"
-
-			if nodeName == "" || nodeName == "*" {
-				return "server." + dc + "." + domain
-			}
-
-			return nodeName + ".server." + dc + "." + domain
-		}
-
-		baseEvents = testSpliceEvents(baseEvents, []UpdateEvent{
-			{
-				CorrelationID: consulServerListWatchID,
-				Result: &structs.IndexedCheckServiceNodes{
-					Nodes: structs.CheckServiceNodes{
-						{
-							Node: &structs.Node{
-								Datacenter: "dc1",
-								Node:       "node1",
-								Address:    "127.0.0.1",
-							},
-							Service: &structs.NodeService{
-								ID:      structs.ConsulServiceID,
-								Service: structs.ConsulServiceName,
-								Meta: map[string]string{
-									"grpc_port":     "8502",
-									"grpc_tls_port": "8503",
-								},
-							},
-						},
-						{
-							Node: &structs.Node{
-								Datacenter: "dc1",
-								Node:       "node2",
-								Address:    "127.0.0.2",
-							},
-							Service: &structs.NodeService{
-								ID:      structs.ConsulServiceID,
-								Service: structs.ConsulServiceName,
-								Meta: map[string]string{
-									"grpc_port":     "8502",
-									"grpc_tls_port": "8503",
-								},
-							},
-						},
-					},
-				},
-			},
-		})
-
-	}
-
 	return testConfigSnapshotFixture(t, &structs.NodeService{
 		Kind:    structs.ServiceKindMeshGateway,
 		Service: "mesh-gateway",
@@ -529,7 +466,7 @@ func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *st
 				Port:    443,
 			},
 		},
-	}, nsFn, serverSNIFn, testSpliceEvents(baseEvents, extraUpdates))
+	}, nsFn, nil, testSpliceEvents(baseEvents, extraUpdates))
 }
 
 func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(ns *structs.NodeService), extraUpdates []UpdateEvent) *ConfigSnapshot {
@@ -747,73 +684,6 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(
 				},
 			},
 		)
-	case "mgw-peered-upstream":
-		// This is a modified version of "chain-and-l7-stuff" that adds a peer field to the resolver
-		// and removes some of the extraneous disco-chain testing.
-		entries = []structs.ConfigEntry{
-			&structs.ProxyConfigEntry{
-				Kind: structs.ProxyDefaults,
-				Name: structs.ProxyConfigGlobal,
-				Config: map[string]interface{}{
-					"protocol": "http",
-				},
-			},
-			&structs.ServiceResolverConfigEntry{
-				Kind: structs.ServiceResolver,
-				Name: "db",
-				Redirect: &structs.ServiceResolverRedirect{
-					Service: "alt",
-					Peer:    "peer-b",
-				},
-				ConnectTimeout: 33 * time.Second,
-				RequestTimeout: 33 * time.Second,
-			},
-		}
-		for _, entry := range entries {
-			require.NoError(t, entry.Normalize())
-			require.NoError(t, entry.Validate())
-		}
-
-		set := configentry.NewDiscoveryChainSet()
-		set.AddEntries(entries...)
-
-		var (
-			dbSN  = structs.NewServiceName("db", nil)
-			altSN = structs.NewServiceName("alt", nil)
-
-			dbChain = discoverychain.TestCompileConfigEntries(t, "db", "default", "default", "dc1", connect.TestClusterID+".consul", nil, set)
-		)
-
-		needPeerA = true
-		needLeaf = true
-		discoChains[dbSN] = dbChain
-		endpoints[dbSN] = TestUpstreamNodes(t, "db")
-		endpoints[altSN] = TestUpstreamNodes(t, "alt")
-
-		extraUpdates = append(extraUpdates,
-			UpdateEvent{
-				CorrelationID: datacentersWatchID,
-				Result:        &[]string{"dc1"},
-			},
-			UpdateEvent{
-				CorrelationID: exportedServiceListWatchID,
-				Result: &structs.IndexedExportedServiceList{
-					Services: map[string]structs.ServiceList{
-						"peer-a": []structs.ServiceName{dbSN},
-					},
-				},
-			},
-			UpdateEvent{
-				CorrelationID: serviceListWatchID,
-				Result: &structs.IndexedServiceList{
-					Services: []structs.ServiceName{
-						dbSN,
-						altSN,
-					},
-				},
-			},
-		)
-
 	case "chain-and-l7-stuff":
 		entries = []structs.ConfigEntry{
 			&structs.ProxyConfigEntry{
@@ -833,12 +703,8 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(
 				Kind: structs.ServiceResolver,
 				Name: "api",
 				Subsets: map[string]structs.ServiceResolverSubset{
-					"v1": {
-						Filter: "Service.Meta.Version == 1",
-					},
 					"v2": {
-						Filter:      "Service.Meta.Version == 2",
-						OnlyPassing: true,
+						Filter: "Service.Meta.version == v2",
 					},
 				},
 			},
@@ -888,7 +754,6 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(
 		var (
 			dbSN  = structs.NewServiceName("db", nil)
 			altSN = structs.NewServiceName("alt", nil)
-			apiSN = structs.NewServiceName("api", nil)
 
 			dbChain = discoverychain.TestCompileConfigEntries(t, "db", "default", "default", "dc1", connect.TestClusterID+".consul", nil, set)
 		)
@@ -898,7 +763,6 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(
 		discoChains[dbSN] = dbChain
 		endpoints[dbSN] = TestUpstreamNodes(t, "db")
 		endpoints[altSN] = TestUpstreamNodes(t, "alt")
-		endpoints[apiSN] = TestUpstreamNodesWithServiceSubset(t, "api")
 
 		extraUpdates = append(extraUpdates,
 			UpdateEvent{
@@ -922,29 +786,7 @@ func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(
 					},
 				},
 			},
-			UpdateEvent{
-				CorrelationID: serviceResolversWatchID,
-				Result: &structs.IndexedConfigEntries{
-					Kind: structs.ServiceResolver,
-					Entries: []structs.ConfigEntry{
-						&structs.ServiceResolverConfigEntry{
-							Kind: structs.ServiceResolver,
-							Name: "api",
-							Subsets: map[string]structs.ServiceResolverSubset{
-								"v1": {
-									Filter: "Service.Meta.Version == 1",
-								},
-								"v2": {
-									Filter:      "Service.Meta.Version == 2",
-									OnlyPassing: true,
-								},
-							},
-						},
-					},
-				},
-			},
 		)
-
 	case "peer-through-mesh-gateway":
 
 		extraUpdates = append(extraUpdates,
diff --git a/agent/proxycfg/testing_peering.go b/agent/proxycfg/testing_peering.go
index 0af8bafa9f08..9b754c977f2f 100644
--- a/agent/proxycfg/testing_peering.go
+++ b/agent/proxycfg/testing_peering.go
@@ -1,32 +1,16 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
 import (
-	"bytes"
-	"text/template"
-
 	"github.com/mitchellh/go-testing-interface"
-	"github.com/stretchr/testify/require"
 
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 )
 
 func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot {
-	return testConfigSnapshot(t, false, false)
-}
-
-func TestConfigSnapshotPeeringWithEscapeOverrides(t testing.T) *ConfigSnapshot {
-	return testConfigSnapshot(t, true, false)
-}
-
-func TestConfigSnapshotPeeringWithHTTP2(t testing.T) *ConfigSnapshot {
-	return testConfigSnapshot(t, false, true)
-}
-
-func testConfigSnapshot(t testing.T, escapeOverride bool, useHTTP2 bool) *ConfigSnapshot {
 	var (
 		paymentsUpstream = structs.Upstream{
 			DestinationName: "payments",
@@ -43,11 +27,6 @@ func testConfigSnapshot(t testing.T, escapeOverride bool, useHTTP2 bool) *Config
 		refundsUID = NewUpstreamID(&refundsUpstream)
 	)
 
-	protocol := "tcp"
-	if useHTTP2 {
-		protocol = "http2"
-	}
-
 	const peerTrustDomain = "1c053652-8512-4373-90cf-5a7f6263a994.consul"
 
 	return TestConfigSnapshot(t, func(ns *structs.NodeService) {
@@ -55,24 +34,6 @@ func testConfigSnapshot(t testing.T, escapeOverride bool, useHTTP2 bool) *Config
 			paymentsUpstream,
 			refundsUpstream,
 		}
-
-		if escapeOverride {
-			if ns.Proxy.Upstreams[0].Config == nil {
-				ns.Proxy.Upstreams[0].Config = map[string]interface{}{}
-			}
-
-			uid := NewUpstreamID(&ns.Proxy.Upstreams[0])
-
-			ns.Proxy.Upstreams[0].Config["envoy_listener_json"] =
-				customListenerJSON(t, customListenerJSONOptions{
-					Name: uid.EnvoyID() + ":custom-upstream",
-				})
-			ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] =
-				customClusterJSON(t, customClusterJSONOptions{
-					Name: uid.EnvoyID() + ":custom-upstream",
-				})
-		}
-
 	}, []UpdateEvent{
 		{
 			CorrelationID: peerTrustBundleIDPrefix + "cloud",
@@ -111,7 +72,7 @@ func testConfigSnapshot(t testing.T, escapeOverride bool, useHTTP2 bool) *Config
 									SpiffeID: []string{
 										"spiffe://" + peerTrustDomain + "/ns/default/dc/cloud-dc/svc/payments",
 									},
-									Protocol: protocol,
+									Protocol: "tcp",
 								},
 							},
 						},
@@ -140,7 +101,7 @@ func testConfigSnapshot(t testing.T, escapeOverride bool, useHTTP2 bool) *Config
 									SpiffeID: []string{
 										"spiffe://" + peerTrustDomain + "/ns/default/dc/cloud-dc/svc/refunds",
 									},
-									Protocol: protocol,
+									Protocol: "tcp",
 								},
 							},
 						},
@@ -419,93 +380,3 @@ func TestConfigSnapshotPeeringLocalMeshGateway(t testing.T) *ConfigSnapshot {
 		},
 	})
 }
-
-var (
-	customListenerJSONTemplate = template.Must(template.New("").Parse(customListenerJSONTpl))
-)
-
-func customListenerJSON(t testing.T, opts customListenerJSONOptions) string {
-	t.Helper()
-	var buf bytes.Buffer
-	require.NoError(t, customListenerJSONTemplate.Execute(&buf, opts))
-	return buf.String()
-}
-
-type customListenerJSONOptions struct {
-	Name       string
-	TLSContext string
-}
-
-const customListenerJSONTpl = `{
-	"@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-	"name": "{{ .Name }}",
-	"address": {
-		"socketAddress": {
-			"address": "11.11.11.11",
-			"portValue": 11111
-		}
-	},
-	"filterChains": [
-		{
-			{{ if .TLSContext -}}
-			"transport_socket": {
-				"name": "tls",
-				"typed_config": {
-					"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-					{{ .TLSContext }}
-				}
-			},
-			{{- end }}
-			"filters": [
-				{
-					"name": "envoy.filters.network.tcp_proxy",
-					"typedConfig": {
-						"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-							"cluster": "random-cluster",
-							"statPrefix": "foo-stats"
-						}
-				}
-			]
-		}
-	]
-}`
-
-type customClusterJSONOptions struct {
-	Name       string
-	TLSContext string
-}
-
-var customClusterJSONTpl = `{
-	"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-	"name": "{{ .Name }}",
-	"connectTimeout": "15s",
-	"loadAssignment": {
-		"clusterName": "{{ .Name }}",
-		"endpoints": [
-			{
-				"lbEndpoints": [
-					{
-						"endpoint": {
-							"address": {
-								"socketAddress": {
-									"address": "1.2.3.4",
-									"portValue": 8443
-								}
-							}
-						}
-					}
-				]
-			}
-		]
-	}
-}`
-
-var customClusterJSONTemplate = template.Must(template.New("").Parse(customClusterJSONTpl))
-
-func customClusterJSON(t testing.T, opts customClusterJSONOptions) string {
-	t.Helper()
-	var buf bytes.Buffer
-	err := customClusterJSONTemplate.Execute(&buf, opts)
-	require.NoError(t, err)
-	return buf.String()
-}
diff --git a/agent/proxycfg/testing_terminating_gateway.go b/agent/proxycfg/testing_terminating_gateway.go
index 6a718779943f..2bfdd8fca043 100644
--- a/agent/proxycfg/testing_terminating_gateway.go
+++ b/agent/proxycfg/testing_terminating_gateway.go
@@ -1,11 +1,9 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
 import (
-	"time"
-
 	"github.com/mitchellh/go-testing-interface"
 
 	"github.com/hashicorp/consul/agent/structs"
@@ -650,7 +648,6 @@ func testConfigSnapshotTerminatingGatewayLBConfig(t testing.T, variant string) *
 				OnlyPassing: true,
 			},
 		},
-		RequestTimeout: 200 * time.Millisecond,
 		LoadBalancer: &structs.LoadBalancer{
 			Policy: "ring_hash",
 			RingHashConfig: &structs.RingHashConfig{
diff --git a/agent/proxycfg/testing_tproxy.go b/agent/proxycfg/testing_tproxy.go
index 9c1c0934e2b8..52bbf2f5ec3e 100644
--- a/agent/proxycfg/testing_tproxy.go
+++ b/agent/proxycfg/testing_tproxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
diff --git a/agent/proxycfg/testing_upstreams.go b/agent/proxycfg/testing_upstreams.go
index aa8c6c2e04d6..f9b77c4d62d5 100644
--- a/agent/proxycfg/testing_upstreams.go
+++ b/agent/proxycfg/testing_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -256,9 +256,6 @@ func setupTestVariationConfigEntriesAndSnapshot(
 	case "chain-and-router":
 	case "lb-resolver":
 	case "register-to-terminating-gateway":
-	case "redirect-to-lb-node":
-	case "resolver-with-lb":
-	case "splitter-overweight":
 	default:
 		extraEvents := extraUpdateEvents(t, variation, dbUID)
 		events = append(events, extraEvents...)
@@ -583,61 +580,6 @@ func setupTestVariationDiscoveryChain(
 				},
 			},
 		)
-	case "splitter-overweight":
-		entries = append(entries,
-			&structs.ServiceResolverConfigEntry{
-				Kind:           structs.ServiceResolver,
-				Name:           "db",
-				EnterpriseMeta: entMeta,
-				ConnectTimeout: 33 * time.Second,
-				RequestTimeout: 33 * time.Second,
-			},
-			&structs.ProxyConfigEntry{
-				Kind:           structs.ProxyDefaults,
-				Name:           structs.ProxyConfigGlobal,
-				EnterpriseMeta: entMeta,
-				Config: map[string]interface{}{
-					"protocol": "http",
-				},
-			},
-			&structs.ServiceSplitterConfigEntry{
-				Kind:           structs.ServiceSplitter,
-				Name:           "db",
-				EnterpriseMeta: entMeta,
-				Splits: []structs.ServiceSplit{
-					{
-						Weight:  100.0,
-						Service: "big-side",
-						RequestHeaders: &structs.HTTPHeaderModifiers{
-							Set: map[string]string{"x-split-leg": "big"},
-						},
-						ResponseHeaders: &structs.HTTPHeaderModifiers{
-							Set: map[string]string{"x-split-leg": "big"},
-						},
-					},
-					{
-						Weight:  100.0,
-						Service: "goldilocks-side",
-						RequestHeaders: &structs.HTTPHeaderModifiers{
-							Set: map[string]string{"x-split-leg": "goldilocks"},
-						},
-						ResponseHeaders: &structs.HTTPHeaderModifiers{
-							Set: map[string]string{"x-split-leg": "goldilocks"},
-						},
-					},
-					{
-						Weight:  100.0,
-						Service: "lil-bit-side",
-						RequestHeaders: &structs.HTTPHeaderModifiers{
-							Set: map[string]string{"x-split-leg": "small"},
-						},
-						ResponseHeaders: &structs.HTTPHeaderModifiers{
-							Set: map[string]string{"x-split-leg": "small"},
-						},
-					},
-				},
-			},
-		)
 	case "grpc-router":
 		entries = append(entries,
 			&structs.ServiceResolverConfigEntry{
@@ -975,74 +917,12 @@ func setupTestVariationDiscoveryChain(
 							Field:      "header",
 							FieldValue: "x-user-id",
 						},
-						{
-							Field:      "query_parameter",
-							FieldValue: "my-pretty-param",
-						},
 						{
 							SourceIP: true,
 							Terminal: true,
 						},
 					},
 				},
-			})
-	case "redirect-to-lb-node":
-		entries = append(entries,
-			&structs.ProxyConfigEntry{
-				Kind:           structs.ProxyDefaults,
-				Name:           structs.ProxyConfigGlobal,
-				EnterpriseMeta: entMeta,
-				Config: map[string]interface{}{
-					"protocol": "http",
-				},
-			},
-			&structs.ServiceRouterConfigEntry{
-				Kind:           structs.ServiceRouter,
-				Name:           "db",
-				EnterpriseMeta: entMeta,
-				Routes: []structs.ServiceRoute{
-					{
-						Match: httpMatch(&structs.ServiceRouteHTTPMatch{
-							PathPrefix: "/web",
-						}),
-						Destination: toService("web"),
-					},
-				},
-			},
-			&structs.ServiceResolverConfigEntry{
-				Kind:           structs.ServiceResolver,
-				Name:           "web",
-				EnterpriseMeta: entMeta,
-				LoadBalancer: &structs.LoadBalancer{
-					Policy: "ring_hash",
-					RingHashConfig: &structs.RingHashConfig{
-						MinimumRingSize: 20,
-						MaximumRingSize: 30,
-					},
-				},
-			},
-		)
-	case "resolver-with-lb":
-		entries = append(entries,
-			&structs.ProxyConfigEntry{
-				Kind:           structs.ProxyDefaults,
-				Name:           structs.ProxyConfigGlobal,
-				EnterpriseMeta: entMeta,
-				Config: map[string]interface{}{
-					"protocol": "http",
-				},
-			},
-			&structs.ServiceResolverConfigEntry{
-				Kind:           structs.ServiceResolver,
-				Name:           "db",
-				EnterpriseMeta: entMeta,
-				LoadBalancer: &structs.LoadBalancer{
-					Policy: "ring_hash",
-					RingHashConfig: &structs.RingHashConfig{
-						MinimumRingSize: 20,
-						MaximumRingSize: 30,
-					},
-				},
 			},
 		)
 	default:
diff --git a/agent/proxycfg/testing_upstreams_ce.go b/agent/proxycfg/testing_upstreams_ce.go
index 711a2794b630..3b8e22d0bda8 100644
--- a/agent/proxycfg/testing_upstreams_ce.go
+++ b/agent/proxycfg/testing_upstreams_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/proxycfg/upstreams.go b/agent/proxycfg/upstreams.go
index ff2cbd212aca..3364b0cfe103 100644
--- a/agent/proxycfg/upstreams.go
+++ b/agent/proxycfg/upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxycfg
 
@@ -136,6 +136,10 @@ func (s *handlerUpstreams) handleUpdateUpstreams(ctx context.Context, u UpdateEv
 
 		uid := UpstreamIDFromString(uidString)
 
+		s.logger.Debug("upstream-target watch fired",
+			"correlationID", correlationID,
+			"nodes", len(resp.Nodes),
+		)
 		if _, ok := upstreamsSnapshot.WatchedUpstreamEndpoints[uid]; !ok {
 			upstreamsSnapshot.WatchedUpstreamEndpoints[uid] = make(map[string]structs.CheckServiceNodes)
 		}
diff --git a/agent/proxycfg_test.go b/agent/proxycfg_test.go
index d3bc15c7d448..334af2cca0ac 100644
--- a/agent/proxycfg_test.go
+++ b/agent/proxycfg_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -13,11 +13,9 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/internal/mesh"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	"github.com/hashicorp/consul/testrpc"
 )
 
@@ -54,7 +52,7 @@ func TestAgent_local_proxycfg(t *testing.T) {
 
 	// This is a little gross, but this gives us the layered pair of
 	// local/catalog sources for now.
-	cfg := a.xdsServer.ProxyWatcher
+	cfg := a.xdsServer.CfgSrc
 
 	var (
 		timer      = time.After(100 * time.Millisecond)
@@ -64,9 +62,9 @@ func TestAgent_local_proxycfg(t *testing.T) {
 
 	var (
 		firstTime = true
-		ch        <-chan proxysnapshot.ProxySnapshot
+		ch        <-chan *proxycfg.ConfigSnapshot
 		stc       limiter.SessionTerminatedChan
-		cancel    proxysnapshot.CancelFunc
+		cancel    proxycfg.CancelFunc
 	)
 	defer func() {
 		if cancel != nil {
@@ -87,7 +85,7 @@ func TestAgent_local_proxycfg(t *testing.T) {
 			// Prior to fixes in https://github.com/hashicorp/consul/pull/16497
 			// this call to Watch() would deadlock.
 			var err error
-			ch, stc, cancel, err = cfg.Watch(rtest.Resource(mesh.ProxyConfigurationType, sid.ID).ID(), a.config.NodeName, token)
+			ch, stc, cancel, err = cfg.Watch(sid, a.config.NodeName, token)
 			require.NoError(t, err)
 		}
 		select {
diff --git a/agent/reload.go b/agent/reload.go
index cf68481621bc..ce31fd1a76c1 100644
--- a/agent/reload.go
+++ b/agent/reload.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/remote_exec.go b/agent/remote_exec.go
index 876c1898620c..770221ed2622 100644
--- a/agent/remote_exec.go
+++ b/agent/remote_exec.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/remote_exec_test.go b/agent/remote_exec_test.go
index f077de895a39..9994095078d1 100644
--- a/agent/remote_exec_test.go
+++ b/agent/remote_exec_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/retry_join.go b/agent/retry_join.go
index eb010c0c22c4..a629aa04706e 100644
--- a/agent/retry_join.go
+++ b/agent/retry_join.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/retry_join_test.go b/agent/retry_join_test.go
index 4184ab0a9f3d..af90205965b2 100644
--- a/agent/retry_join_test.go
+++ b/agent/retry_join_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/router/grpc.go b/agent/router/grpc.go
index ce3f079e86b9..9fe6355d4dcf 100644
--- a/agent/router/grpc.go
+++ b/agent/router/grpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package router
 
diff --git a/agent/router/manager.go b/agent/router/manager.go
index 07d55127f3c8..cccbc27d081a 100644
--- a/agent/router/manager.go
+++ b/agent/router/manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package servers provides a Manager interface for Manager managed
 // metadata.Server objects.  The servers package manages servers from a Consul
diff --git a/agent/router/manager_internal_test.go b/agent/router/manager_internal_test.go
index 120a5f012c63..0e1fa28189a6 100644
--- a/agent/router/manager_internal_test.go
+++ b/agent/router/manager_internal_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package router
 
diff --git a/agent/router/manager_test.go b/agent/router/manager_test.go
index 6490164fda10..708bb620a0da 100644
--- a/agent/router/manager_test.go
+++ b/agent/router/manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package router_test
 
diff --git a/agent/router/router.go b/agent/router/router.go
index c261b6ed7cd5..bdba22f42d41 100644
--- a/agent/router/router.go
+++ b/agent/router/router.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package router
 
diff --git a/agent/router/router_test.go b/agent/router/router_test.go
index 206b0befe811..1064dea342a3 100644
--- a/agent/router/router_test.go
+++ b/agent/router/router_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package router
 
diff --git a/agent/router/serf_adapter.go b/agent/router/serf_adapter.go
index d3a228ca3d5d..f30449dc05df 100644
--- a/agent/router/serf_adapter.go
+++ b/agent/router/serf_adapter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package router
 
diff --git a/agent/router/serf_flooder.go b/agent/router/serf_flooder.go
index 06d59d5c4a89..34ef318377fa 100644
--- a/agent/router/serf_flooder.go
+++ b/agent/router/serf_flooder.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package router
 
diff --git a/agent/routine-leak-checker/leak_test.go b/agent/routine-leak-checker/leak_test.go
index f6b3c2a74953..91d84b071b3f 100644
--- a/agent/routine-leak-checker/leak_test.go
+++ b/agent/routine-leak-checker/leak_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package leakcheck
 
diff --git a/agent/rpc/middleware/interceptors.go b/agent/rpc/middleware/interceptors.go
index 1e4a4e591fb2..f614e06cea76 100644
--- a/agent/rpc/middleware/interceptors.go
+++ b/agent/rpc/middleware/interceptors.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/rpc/middleware/interceptors_test.go b/agent/rpc/middleware/interceptors_test.go
index a8e07c8d4d2b..a22837fc6d95 100644
--- a/agent/rpc/middleware/interceptors_test.go
+++ b/agent/rpc/middleware/interceptors_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/rpc/middleware/rate_limit_mappings.go b/agent/rpc/middleware/rate_limit_mappings.go
index f9ca6a333301..0df249c93233 100644
--- a/agent/rpc/middleware/rate_limit_mappings.go
+++ b/agent/rpc/middleware/rate_limit_mappings.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/rpc/middleware/recovery.go b/agent/rpc/middleware/recovery.go
index 6c23eb3ed3fa..df37f969d412 100644
--- a/agent/rpc/middleware/recovery.go
+++ b/agent/rpc/middleware/recovery.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package middleware
 
diff --git a/agent/rpc/operator/service.go b/agent/rpc/operator/service.go
index 697b0db25432..6b3302c9f2e4 100644
--- a/agent/rpc/operator/service.go
+++ b/agent/rpc/operator/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package operator
 
diff --git a/agent/rpc/operator/service_test.go b/agent/rpc/operator/service_test.go
index 3cc9e117d442..465a6d6428d2 100644
--- a/agent/rpc/operator/service_test.go
+++ b/agent/rpc/operator/service_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package operator
 
diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go
index d57e0378f98c..cae0319a62dd 100644
--- a/agent/rpc/peering/service.go
+++ b/agent/rpc/peering/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peering
 
diff --git a/agent/rpc/peering/service_ce_test.go b/agent/rpc/peering/service_ce_test.go
index 92fb9fac45d2..d4e5fab0ba40 100644
--- a/agent/rpc/peering/service_ce_test.go
+++ b/agent/rpc/peering/service_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go
index 8fde278c8b7f..9ae1f6597700 100644
--- a/agent/rpc/peering/service_test.go
+++ b/agent/rpc/peering/service_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peering_test
 
@@ -15,8 +15,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hashicorp/consul/internal/resource"
-
 	"github.com/google/tcpproxy"
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-uuid"
@@ -1820,7 +1818,7 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer {
 	deps := newDefaultDeps(t, conf)
 	externalGRPCServer := external.NewServer(deps.Logger, nil, deps.TLSConfigurator, rate.NullRequestLimitsHandler())
 
-	server, err := consul.NewServer(conf, deps, externalGRPCServer, nil, deps.Logger, nil)
+	server, err := consul.NewServer(conf, deps, externalGRPCServer, nil, deps.Logger)
 	require.NoError(t, err)
 	t.Cleanup(func() {
 		require.NoError(t, server.Shutdown())
@@ -1952,7 +1950,6 @@ func newDefaultDeps(t *testing.T, c *consul.Config) consul.Deps {
 		NewRequestRecorderFunc:   middleware.NewRequestRecorder,
 		GetNetRPCInterceptorFunc: middleware.GetNetRPCInterceptor,
 		XDSStreamLimiter:         limiter.NewSessionLimiter(),
-		Registry:                 resource.NewRegistry(),
 	}
 }
 
diff --git a/agent/rpc/peering/testing.go b/agent/rpc/peering/testing.go
index 8989950ee29b..ddd9d43a8ad2 100644
--- a/agent/rpc/peering/testing.go
+++ b/agent/rpc/peering/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peering
 
diff --git a/agent/rpc/peering/testutil_ce_test.go b/agent/rpc/peering/testutil_ce_test.go
index 4602c01fc5ab..d15d62e9f1cb 100644
--- a/agent/rpc/peering/testutil_ce_test.go
+++ b/agent/rpc/peering/testutil_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/rpc/peering/validate.go b/agent/rpc/peering/validate.go
index 2de6684d85ff..1bd3f393bd74 100644
--- a/agent/rpc/peering/validate.go
+++ b/agent/rpc/peering/validate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peering
 
diff --git a/agent/rpc/peering/validate_test.go b/agent/rpc/peering/validate_test.go
index 669baf41702f..c5b3c6c7bdb0 100644
--- a/agent/rpc/peering/validate_test.go
+++ b/agent/rpc/peering/validate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peering
 
diff --git a/agent/rpcclient/common.go b/agent/rpcclient/common.go
index 316fb341a935..8ff157399236 100644
--- a/agent/rpcclient/common.go
+++ b/agent/rpcclient/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package rpcclient
 
diff --git a/agent/rpcclient/configentry/configentry.go b/agent/rpcclient/configentry/configentry.go
index 2b38455beb07..ada7928dc1af 100644
--- a/agent/rpcclient/configentry/configentry.go
+++ b/agent/rpcclient/configentry/configentry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package configentry
 
diff --git a/agent/rpcclient/configentry/configentry_test.go b/agent/rpcclient/configentry/configentry_test.go
index 92e6f4b3c88a..9f526892fd11 100644
--- a/agent/rpcclient/configentry/configentry_test.go
+++ b/agent/rpcclient/configentry/configentry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package configentry
 
diff --git a/agent/rpcclient/configentry/view.go b/agent/rpcclient/configentry/view.go
index 70271a9220e9..dae3208810bf 100644
--- a/agent/rpcclient/configentry/view.go
+++ b/agent/rpcclient/configentry/view.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package configentry
 
diff --git a/agent/rpcclient/configentry/view_test.go b/agent/rpcclient/configentry/view_test.go
index 0209c898cafe..37e642e5c36c 100644
--- a/agent/rpcclient/configentry/view_test.go
+++ b/agent/rpcclient/configentry/view_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package configentry
 
diff --git a/agent/rpcclient/health/health.go b/agent/rpcclient/health/health.go
index f062d2aac284..8a65a50578aa 100644
--- a/agent/rpcclient/health/health.go
+++ b/agent/rpcclient/health/health.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package health
 
diff --git a/agent/rpcclient/health/health_test.go b/agent/rpcclient/health/health_test.go
index 30900bc04cc0..2d8c57a3beba 100644
--- a/agent/rpcclient/health/health_test.go
+++ b/agent/rpcclient/health/health_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package health
 
diff --git a/agent/rpcclient/health/streaming_test.go b/agent/rpcclient/health/streaming_test.go
index 180b61f0eec6..3a0ba734ba9a 100644
--- a/agent/rpcclient/health/streaming_test.go
+++ b/agent/rpcclient/health/streaming_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package health
 
diff --git a/agent/rpcclient/health/view.go b/agent/rpcclient/health/view.go
index 8e08ba801e5f..e1fffd3e23de 100644
--- a/agent/rpcclient/health/view.go
+++ b/agent/rpcclient/health/view.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package health
 
diff --git a/agent/rpcclient/health/view_test.go b/agent/rpcclient/health/view_test.go
index 83eba5ab41a0..6b4b8ee85798 100644
--- a/agent/rpcclient/health/view_test.go
+++ b/agent/rpcclient/health/view_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package health
 
diff --git a/agent/service_checks_test.go b/agent/service_checks_test.go
index 41372cc47dbb..c567776587e3 100644
--- a/agent/service_checks_test.go
+++ b/agent/service_checks_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/service_manager.go b/agent/service_manager.go
index 1c6041f8f0de..b7e38b393ace 100644
--- a/agent/service_manager.go
+++ b/agent/service_manager.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/service_manager_test.go b/agent/service_manager_test.go
index 289503a51ede..724022d42ad9 100644
--- a/agent/service_manager_test.go
+++ b/agent/service_manager_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/session_endpoint.go b/agent/session_endpoint.go
index 90c3fa32bae7..a9b9a6dee6ba 100644
--- a/agent/session_endpoint.go
+++ b/agent/session_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/session_endpoint_test.go b/agent/session_endpoint_test.go
index ae5a492808d7..5ce93db7a68f 100644
--- a/agent/session_endpoint_test.go
+++ b/agent/session_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/setup.go b/agent/setup.go
index 7a95ba6bf541..88c883f9bdb7 100644
--- a/agent/setup.go
+++ b/agent/setup.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -260,8 +260,6 @@ func NewBaseDeps(configLoader ConfigLoader, logOut io.Writer, providedLogger hcl
 
 	d.XDSStreamLimiter = limiter.NewSessionLimiter()
 
-	d.Registry = consul.NewTypeRegistry()
-
 	return d, nil
 }
 
diff --git a/agent/setup_ce.go b/agent/setup_ce.go
index af24a1515e6b..46c4b80eb4ef 100644
--- a/agent/setup_ce.go
+++ b/agent/setup_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/sidecar_service.go b/agent/sidecar_service.go
index 8e57d5930bc1..7dfb067b50ef 100644
--- a/agent/sidecar_service.go
+++ b/agent/sidecar_service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/sidecar_service_test.go b/agent/sidecar_service_test.go
index fd39a5a284a1..4960dd73d054 100644
--- a/agent/sidecar_service_test.go
+++ b/agent/sidecar_service_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/signal_unix.go b/agent/signal_unix.go
index 83e00f27b351..bd0b3e7793cd 100644
--- a/agent/signal_unix.go
+++ b/agent/signal_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !windows
 // +build !windows
diff --git a/agent/signal_windows.go b/agent/signal_windows.go
index cb49a169c09a..c6ea0c980ffb 100644
--- a/agent/signal_windows.go
+++ b/agent/signal_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build windows
 // +build windows
diff --git a/agent/snapshot_endpoint.go b/agent/snapshot_endpoint.go
index 06805ae5f8c1..60d986256433 100644
--- a/agent/snapshot_endpoint.go
+++ b/agent/snapshot_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/snapshot_endpoint_test.go b/agent/snapshot_endpoint_test.go
index a534fe025113..e68fb22f385f 100644
--- a/agent/snapshot_endpoint_test.go
+++ b/agent/snapshot_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/status_endpoint.go b/agent/status_endpoint.go
index 4a40ec891027..86f9f1a5d019 100644
--- a/agent/status_endpoint.go
+++ b/agent/status_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/status_endpoint_test.go b/agent/status_endpoint_test.go
index db231fbc9b83..5be9d6be64a3 100644
--- a/agent/status_endpoint_test.go
+++ b/agent/status_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/streaming_test.go b/agent/streaming_test.go
index fed1e8126d41..9074f66e8344 100644
--- a/agent/streaming_test.go
+++ b/agent/streaming_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/structs/acl.go b/agent/structs/acl.go
index 813a3b175843..f34291cc4d5c 100644
--- a/agent/structs/acl.go
+++ b/agent/structs/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
@@ -1305,6 +1305,7 @@ type ACLTokenListRequest struct {
 	Policy        string // Policy filter
 	Role          string // Role filter
 	AuthMethod    string // Auth Method filter
+	ServiceName   string // Service name (from service identities) filter
 	Datacenter    string // The datacenter to perform the request within
 	ACLAuthMethodEnterpriseMeta
 	acl.EnterpriseMeta
@@ -1323,7 +1324,7 @@ type ACLTokenListResponse struct {
 }
 
 // ACLTokenBatchGetRequest is used for reading multiple tokens, this is
-// different from the token list request in that only tokens with the
+// different from the the token list request in that only tokens with the
 // the requested ids are returned
 type ACLTokenBatchGetRequest struct {
 	AccessorIDs []string // List of accessor ids to fetch
diff --git a/agent/structs/acl_cache.go b/agent/structs/acl_cache.go
index 15f3a2edc3c2..46d4fdd28117 100644
--- a/agent/structs/acl_cache.go
+++ b/agent/structs/acl_cache.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/acl_cache_test.go b/agent/structs/acl_cache_test.go
index 57e218ff21e3..e390da960f4e 100644
--- a/agent/structs/acl_cache_test.go
+++ b/agent/structs/acl_cache_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/acl_ce.go b/agent/structs/acl_ce.go
index 54062047606b..9cc4e7813ce8 100644
--- a/agent/structs/acl_ce.go
+++ b/agent/structs/acl_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/acl_test.go b/agent/structs/acl_test.go
index e1fb35263b95..6658b8335021 100644
--- a/agent/structs/acl_test.go
+++ b/agent/structs/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/aclfilter/filter.go b/agent/structs/aclfilter/filter.go
index d59bf3c9c403..ddd63db10e68 100644
--- a/agent/structs/aclfilter/filter.go
+++ b/agent/structs/aclfilter/filter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package aclfilter
 
diff --git a/agent/structs/aclfilter/filter_test.go b/agent/structs/aclfilter/filter_test.go
index 98f3bb63f291..2339b0acd223 100644
--- a/agent/structs/aclfilter/filter_test.go
+++ b/agent/structs/aclfilter/filter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package aclfilter
 
diff --git a/agent/structs/auto_encrypt.go b/agent/structs/auto_encrypt.go
index cce7c4effa1e..2e9053f9a538 100644
--- a/agent/structs/auto_encrypt.go
+++ b/agent/structs/auto_encrypt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/autopilot.go b/agent/structs/autopilot.go
index 431e2ad4d374..a5a14684fa9e 100644
--- a/agent/structs/autopilot.go
+++ b/agent/structs/autopilot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/autopilot_ce.go b/agent/structs/autopilot_ce.go
index 55420d23e19d..3098c0cf3cae 100644
--- a/agent/structs/autopilot_ce.go
+++ b/agent/structs/autopilot_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/catalog.go b/agent/structs/catalog.go
index 84795ce47898..f11af9f87801 100644
--- a/agent/structs/catalog.go
+++ b/agent/structs/catalog.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/catalog_ce.go b/agent/structs/catalog_ce.go
index ad5218bf80ae..91e08264b99d 100644
--- a/agent/structs/catalog_ce.go
+++ b/agent/structs/catalog_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/check_definition.go b/agent/structs/check_definition.go
index ec760832609a..f28201b4d17f 100644
--- a/agent/structs/check_definition.go
+++ b/agent/structs/check_definition.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
@@ -36,6 +36,7 @@ type CheckDefinition struct {
 	Body                           string
 	DisableRedirects               bool
 	TCP                            string
+	TCPUseTLS                      bool
 	UDP                            string
 	Interval                       time.Duration
 	DockerContainerID              string
@@ -76,6 +77,7 @@ func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) {
 		DockerContainerIDSnake              string      `json:"docker_container_id"`
 		TLSServerNameSnake                  string      `json:"tls_server_name"`
 		TLSSkipVerifySnake                  bool        `json:"tls_skip_verify"`
+		TCPUseTLSSnake                      bool        `json:"tcp_use_tls"`
 		GRPCUseTLSSnake                     bool        `json:"grpc_use_tls"`
 		ServiceIDSnake                      string      `json:"service_id"`
 		H2PingUseTLSSnake                   bool        `json:"h2ping_use_tls"`
@@ -119,6 +121,9 @@ func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) {
 	if aux.TLSSkipVerifySnake {
 		t.TLSSkipVerify = aux.TLSSkipVerifySnake
 	}
+	if aux.TCPUseTLSSnake {
+		t.TCPUseTLS = aux.TCPUseTLSSnake
+	}
 	if aux.GRPCUseTLSSnake {
 		t.GRPCUseTLS = aux.GRPCUseTLSSnake
 	}
@@ -220,6 +225,7 @@ func (c *CheckDefinition) CheckType() *CheckType {
 		DisableRedirects:               c.DisableRedirects,
 		OutputMaxSize:                  c.OutputMaxSize,
 		TCP:                            c.TCP,
+		TCPUseTLS:                      c.TCPUseTLS,
 		UDP:                            c.UDP,
 		Interval:                       c.Interval,
 		DockerContainerID:              c.DockerContainerID,
diff --git a/agent/structs/check_definition_test.go b/agent/structs/check_definition_test.go
index 5a51f377c0e8..676499ef042a 100644
--- a/agent/structs/check_definition_test.go
+++ b/agent/structs/check_definition_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/check_type.go b/agent/structs/check_type.go
index 96254f62d86e..e6342e8231f9 100644
--- a/agent/structs/check_type.go
+++ b/agent/structs/check_type.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
@@ -42,6 +42,7 @@ type CheckType struct {
 	Body                   string
 	DisableRedirects       bool
 	TCP                    string
+	TCPUseTLS              bool
 	UDP                    string
 	Interval               time.Duration
 	AliasNode              string
@@ -87,6 +88,7 @@ func (t *CheckType) UnmarshalJSON(data []byte) (err error) {
 		DockerContainerIDSnake              string      `json:"docker_container_id"`
 		TLSServerNameSnake                  string      `json:"tls_server_name"`
 		TLSSkipVerifySnake                  bool        `json:"tls_skip_verify"`
+		TCPUseTLSSnake                      bool        `json:"tcp_use_tls"`
 		GRPCUseTLSSnake                     bool        `json:"grpc_use_tls"`
 		H2PingUseTLSSnake                   bool        `json:"h2ping_use_tls"`
 
@@ -131,6 +133,9 @@ func (t *CheckType) UnmarshalJSON(data []byte) (err error) {
 	if aux.TLSSkipVerifySnake {
 		t.TLSSkipVerify = aux.TLSSkipVerifySnake
 	}
+	if aux.TCPUseTLSSnake {
+		t.TCPUseTLS = aux.TCPUseTLSSnake
+	}
 	if aux.GRPCUseTLSSnake {
 		t.GRPCUseTLS = aux.GRPCUseTLSSnake
 	}
diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go
index 4a38ce2f99d4..c18a8013b6d4 100644
--- a/agent/structs/config_entry.go
+++ b/agent/structs/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
@@ -165,7 +165,6 @@ type ServiceConfigEntry struct {
 	LocalConnectTimeoutMs     int                    `json:",omitempty" alias:"local_connect_timeout_ms"`
 	LocalRequestTimeoutMs     int                    `json:",omitempty" alias:"local_request_timeout_ms"`
 	BalanceInboundConnections string                 `json:",omitempty" alias:"balance_inbound_connections"`
-	RateLimits                *RateLimits            `json:",omitempty" alias:"rate_limits"`
 	EnvoyExtensions           EnvoyExtensions        `json:",omitempty" alias:"envoy_extensions"`
 
 	Meta               map[string]string `json:",omitempty"`
@@ -287,10 +286,6 @@ func (e *ServiceConfigEntry) Validate() error {
 		}
 	}
 
-	if err := validateRatelimit(e.RateLimits); err != nil {
-		validationErr = multierror.Append(validationErr, err)
-	}
-
 	if err := envoyextensions.ValidateExtensions(e.EnvoyExtensions.ToAPI()); err != nil {
 		validationErr = multierror.Append(validationErr, err)
 	}
@@ -387,50 +382,14 @@ type DestinationConfig struct {
 	Port int `json:",omitempty"`
 }
 
-func IsIP(address string) bool {
+func IsHostname(address string) bool {
 	ip := net.ParseIP(address)
-	return ip != nil
+	return ip == nil
 }
 
-// RateLimits is rate limiting configuration that is applied to
-// inbound traffic for a service.
-// Rate limiting is a Consul enterprise feature.
-type RateLimits struct {
-	InstanceLevel InstanceLevelRateLimits `alias:"instance_level"`
-}
-
-// InstanceLevelRateLimits represents rate limit configuration
-// that are applied per service instance.
-type InstanceLevelRateLimits struct {
-	// RequestsPerSecond is the average number of requests per second that can be
-	// made without being throttled. This field is required if RequestsMaxBurst
-	// is set. The allowed number of requests may exceed RequestsPerSecond up to
-	// the value specified in RequestsMaxBurst.
-	//
-	// Internally, this is the refill rate of the token bucket used for rate limiting.
-	RequestsPerSecond int `alias:"requests_per_second"`
-
-	// RequestsMaxBurst is the maximum number of requests that can be sent
-	// in a burst. Should be equal to or greater than RequestsPerSecond.
-	// If unset, defaults to RequestsPerSecond.
-	//
-	// Internally, this is the maximum size of the token bucket used for rate limiting.
-	RequestsMaxBurst int `alias:"requests_max_burst"`
-
-	// Routes is a list of rate limits applied to specific routes.
-	// Overrides any top-level configuration.
-	Routes []InstanceLevelRouteRateLimits
-}
-
-// InstanceLevelRouteRateLimits represents rate limit configuration
-// applied to a route matching one of PathExact/PathPrefix/PathRegex.
-type InstanceLevelRouteRateLimits struct {
-	PathExact  string `alias:"path_exact"`
-	PathPrefix string `alias:"path_prefix"`
-	PathRegex  string `alias:"path_regex"`
-
-	RequestsPerSecond int `alias:"requests_per_second"`
-	RequestsMaxBurst  int `alias:"requests_max_burst"`
+func IsIP(address string) bool {
+	ip := net.ParseIP(address)
+	return ip != nil
 }
 
 // ProxyConfigEntry is the top-level struct for global proxy configuration defaults.
@@ -615,7 +574,7 @@ func (e *ProxyConfigEntry) UnmarshalBinary(data []byte) error {
 // into a concrete type.
 //
 // There is an 'api' variation of this in
-// command/helpers/helpers.go:newDecodeConfigEntry
+// command/config/write/config_write.go:newDecodeConfigEntry
 func DecodeConfigEntry(raw map[string]interface{}) (ConfigEntry, error) {
 	var entry ConfigEntry
 
@@ -1259,7 +1218,6 @@ type ServiceConfigResponse struct {
 	Mode             ProxyMode              `json:",omitempty"`
 	Destination      DestinationConfig      `json:",omitempty"`
 	AccessLogs       AccessLogsConfig       `json:",omitempty"`
-	RateLimits       RateLimits             `json:",omitempty"`
 	Meta             map[string]string      `json:",omitempty"`
 	EnvoyExtensions  []EnvoyExtension       `json:",omitempty"`
 	QueryMeta
diff --git a/agent/structs/config_entry_apigw_jwt_ce.go b/agent/structs/config_entry_apigw_jwt_ce.go
deleted file mode 100644
index 5c0b40b5c8e1..000000000000
--- a/agent/structs/config_entry_apigw_jwt_ce.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package structs
-
-// APIGatewayJWTRequirement holds the list of JWT providers to be verified against
-type APIGatewayJWTRequirement struct{}
-
-// JWTFilter holds the JWT Filter configuration for an HTTPRoute
-type JWTFilter struct{}
diff --git a/agent/structs/config_entry_ce.go b/agent/structs/config_entry_ce.go
index 0cac27bdbf3e..2977075bff1b 100644
--- a/agent/structs/config_entry_ce.go
+++ b/agent/structs/config_entry_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
@@ -30,8 +30,6 @@ func validateUnusedKeys(unused []string) error {
 			// to exist on the target.
 		case strings.HasSuffix(strings.ToLower(k), "namespace"):
 			err = multierror.Append(err, fmt.Errorf("invalid config key %q, namespaces are a consul enterprise feature", k))
-		case strings.Contains(strings.ToLower(k), "jwt"):
-			err = multierror.Append(err, fmt.Errorf("invalid config key %q, api-gateway jwt validation is a consul enterprise feature", k))
 		default:
 			err = multierror.Append(err, fmt.Errorf("invalid config key %q", k))
 		}
@@ -53,12 +51,3 @@ func validateExportedServicesName(name string) error {
 func makeEnterpriseConfigEntry(kind, name string) ConfigEntry {
 	return nil
 }
-
-func validateRatelimit(rl *RateLimits) error {
-	if rl != nil {
-		return fmt.Errorf("invalid rate_limits config. Rate limiting is a consul enterprise feature")
-	}
-	return nil
-}
-
-func (rl RateLimits) ToEnvoyExtension() *EnvoyExtension { return nil }
diff --git a/agent/structs/config_entry_ce_test.go b/agent/structs/config_entry_ce_test.go
index fd3ed9d35077..4561f4aae358 100644
--- a/agent/structs/config_entry_ce_test.go
+++ b/agent/structs/config_entry_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_discoverychain.go b/agent/structs/config_entry_discoverychain.go
index 6dc0a05d8212..587d98561c4e 100644
--- a/agent/structs/config_entry_discoverychain.go
+++ b/agent/structs/config_entry_discoverychain.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_discoverychain_ce.go b/agent/structs/config_entry_discoverychain_ce.go
index bdbe463a5bf0..87c22263794e 100644
--- a/agent/structs/config_entry_discoverychain_ce.go
+++ b/agent/structs/config_entry_discoverychain_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_discoverychain_ce_test.go b/agent/structs/config_entry_discoverychain_ce_test.go
index 4dda3ff39626..2edcce2bedd8 100644
--- a/agent/structs/config_entry_discoverychain_ce_test.go
+++ b/agent/structs/config_entry_discoverychain_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_discoverychain_test.go b/agent/structs/config_entry_discoverychain_test.go
index 5961446d1fb7..7378e20787fe 100644
--- a/agent/structs/config_entry_discoverychain_test.go
+++ b/agent/structs/config_entry_discoverychain_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_exports.go b/agent/structs/config_entry_exports.go
index 97e33dd6e705..631773072d0b 100644
--- a/agent/structs/config_entry_exports.go
+++ b/agent/structs/config_entry_exports.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_exports_ce.go b/agent/structs/config_entry_exports_ce.go
index 770139ee2ef9..9f9bb1cc0825 100644
--- a/agent/structs/config_entry_exports_ce.go
+++ b/agent/structs/config_entry_exports_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_exports_ce_test.go b/agent/structs/config_entry_exports_ce_test.go
index bd74dfc96252..671654b3b2a4 100644
--- a/agent/structs/config_entry_exports_ce_test.go
+++ b/agent/structs/config_entry_exports_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_exports_test.go b/agent/structs/config_entry_exports_test.go
index 62e5586a0dac..7905b46009b7 100644
--- a/agent/structs/config_entry_exports_test.go
+++ b/agent/structs/config_entry_exports_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_gateways.go b/agent/structs/config_entry_gateways.go
index 00c2687d1ec9..0be410d19870 100644
--- a/agent/structs/config_entry_gateways.go
+++ b/agent/structs/config_entry_gateways.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
@@ -887,17 +887,6 @@ type APIGatewayListener struct {
 	Protocol APIGatewayListenerProtocol
 	// TLS is the TLS settings for the listener.
 	TLS APIGatewayTLSConfiguration
-
-	// Override is the policy that overrides all other policy and route specific configuration
-	Override *APIGatewayPolicy `json:",omitempty"`
-	// Default is the policy that is the default for the listener and route, routes can override this behavior
-	Default *APIGatewayPolicy `json:",omitempty"`
-}
-
-// APIGatewayPolicy holds the policy that configures the gateway listener, this is used in the `Override` and `Default` fields of a listener
-type APIGatewayPolicy struct {
-	// JWT holds the JWT configuration for the Listener
-	JWT *APIGatewayJWTRequirement `json:",omitempty"`
 }
 
 func (l APIGatewayListener) GetHostname() string {
diff --git a/agent/structs/config_entry_gateways_test.go b/agent/structs/config_entry_gateways_test.go
index f05638ec4d2e..d624b39acd40 100644
--- a/agent/structs/config_entry_gateways_test.go
+++ b/agent/structs/config_entry_gateways_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_inline_certificate.go b/agent/structs/config_entry_inline_certificate.go
index f397ee2ba16e..17ffa9082b6f 100644
--- a/agent/structs/config_entry_inline_certificate.go
+++ b/agent/structs/config_entry_inline_certificate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
@@ -58,7 +58,6 @@ func (e *InlineCertificateConfigEntry) Validate() error {
 	if privateKeyBlock == nil {
 		return errors.New("failed to parse private key PEM")
 	}
-
 	err = validateKeyLength(privateKeyBlock)
 	if err != nil {
 		return err
diff --git a/agent/structs/config_entry_inline_certificate_test.go b/agent/structs/config_entry_inline_certificate_test.go
index 3c537c059161..b95f3b0e9694 100644
--- a/agent/structs/config_entry_inline_certificate_test.go
+++ b/agent/structs/config_entry_inline_certificate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_intentions.go b/agent/structs/config_entry_intentions.go
index f32aafa9a87d..bc4d36863b56 100644
--- a/agent/structs/config_entry_intentions.go
+++ b/agent/structs/config_entry_intentions.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_intentions_ce.go b/agent/structs/config_entry_intentions_ce.go
index e11063b999d1..3c97b55aac56 100644
--- a/agent/structs/config_entry_intentions_ce.go
+++ b/agent/structs/config_entry_intentions_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_intentions_ce_test.go b/agent/structs/config_entry_intentions_ce_test.go
index 03f82075e5a6..23d4ded4d261 100644
--- a/agent/structs/config_entry_intentions_ce_test.go
+++ b/agent/structs/config_entry_intentions_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_intentions_test.go b/agent/structs/config_entry_intentions_test.go
index ea8703de05d8..56c04bb21e3c 100644
--- a/agent/structs/config_entry_intentions_test.go
+++ b/agent/structs/config_entry_intentions_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_jwt_provider.go b/agent/structs/config_entry_jwt_provider.go
index 12bc7c89d9ed..7336027d7095 100644
--- a/agent/structs/config_entry_jwt_provider.go
+++ b/agent/structs/config_entry_jwt_provider.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_jwt_provider_ce.go b/agent/structs/config_entry_jwt_provider_ce.go
index 1473cf95d98a..533f349c01e5 100644
--- a/agent/structs/config_entry_jwt_provider_ce.go
+++ b/agent/structs/config_entry_jwt_provider_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_jwt_provider_test.go b/agent/structs/config_entry_jwt_provider_test.go
index 6a117fe5084f..a63507663ce4 100644
--- a/agent/structs/config_entry_jwt_provider_test.go
+++ b/agent/structs/config_entry_jwt_provider_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_mesh.go b/agent/structs/config_entry_mesh.go
index a531821650d8..249973c00b08 100644
--- a/agent/structs/config_entry_mesh.go
+++ b/agent/structs/config_entry_mesh.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_mesh_ce.go b/agent/structs/config_entry_mesh_ce.go
index 319bf6adc109..1612d6568273 100644
--- a/agent/structs/config_entry_mesh_ce.go
+++ b/agent/structs/config_entry_mesh_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_mesh_test.go b/agent/structs/config_entry_mesh_test.go
index f6eaea9e9c54..6bdfaa15cae8 100644
--- a/agent/structs/config_entry_mesh_test.go
+++ b/agent/structs/config_entry_mesh_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_routes.go b/agent/structs/config_entry_routes.go
index d285a4062443..4d908331511d 100644
--- a/agent/structs/config_entry_routes.go
+++ b/agent/structs/config_entry_routes.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
@@ -7,7 +7,6 @@ import (
 	"errors"
 	"fmt"
 	"strings"
-	"time"
 
 	"github.com/miekg/dns"
 
@@ -418,11 +417,8 @@ type HTTPQueryMatch struct {
 // HTTPFilters specifies a list of filters used to modify a request
 // before it is routed to an upstream.
 type HTTPFilters struct {
-	Headers       []HTTPHeaderFilter
-	URLRewrite    *URLRewrite
-	RetryFilter   *RetryFilter
-	TimeoutFilter *TimeoutFilter
-	JWT           *JWTFilter
+	Headers    []HTTPHeaderFilter
+	URLRewrite *URLRewrite
 }
 
 // HTTPHeaderFilter specifies how HTTP headers should be modified.
@@ -436,18 +432,6 @@ type URLRewrite struct {
 	Path string
 }
 
-type RetryFilter struct {
-	NumRetries            *uint32
-	RetryOn               []string
-	RetryOnStatusCodes    []uint32
-	RetryOnConnectFailure *bool
-}
-
-type TimeoutFilter struct {
-	RequestTimeout time.Duration
-	IdleTimeout    time.Duration
-}
-
 // HTTPRouteRule specifies the routing rules used to determine what upstream
 // service an HTTP request is routed to.
 type HTTPRouteRule struct {
diff --git a/agent/structs/config_entry_routes_test.go b/agent/structs/config_entry_routes_test.go
index 5ab85e5977e9..476ce46eed05 100644
--- a/agent/structs/config_entry_routes_test.go
+++ b/agent/structs/config_entry_routes_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_sameness_group.go b/agent/structs/config_entry_sameness_group.go
index dd1b84aa85ed..a1d0dccb3c7c 100644
--- a/agent/structs/config_entry_sameness_group.go
+++ b/agent/structs/config_entry_sameness_group.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_sameness_group_ce.go b/agent/structs/config_entry_sameness_group_ce.go
index 2fd3a3438de4..282ab862fa3b 100644
--- a/agent/structs/config_entry_sameness_group_ce.go
+++ b/agent/structs/config_entry_sameness_group_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/config_entry_status.go b/agent/structs/config_entry_status.go
index 749ba1596868..fb91a0add374 100644
--- a/agent/structs/config_entry_status.go
+++ b/agent/structs/config_entry_status.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/config_entry_test.go b/agent/structs/config_entry_test.go
index 9151ef815b15..cdaae4e23d4b 100644
--- a/agent/structs/config_entry_test.go
+++ b/agent/structs/config_entry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/connect.go b/agent/structs/connect.go
index 4a6033efab57..227c2eb47270 100644
--- a/agent/structs/connect.go
+++ b/agent/structs/connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/connect_ca.go b/agent/structs/connect_ca.go
index 90e139fab0dc..c8a7cea1df8a 100644
--- a/agent/structs/connect_ca.go
+++ b/agent/structs/connect_ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/connect_ca_test.go b/agent/structs/connect_ca_test.go
index 5f224e04f76a..d64efef375bf 100644
--- a/agent/structs/connect_ca_test.go
+++ b/agent/structs/connect_ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/connect_ce.go b/agent/structs/connect_ce.go
index b78e8b4c6c23..9547c245148b 100644
--- a/agent/structs/connect_ce.go
+++ b/agent/structs/connect_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/connect_proxy_config.go b/agent/structs/connect_proxy_config.go
index 3bd5276f8279..acca2ad1cbcd 100644
--- a/agent/structs/connect_proxy_config.go
+++ b/agent/structs/connect_proxy_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/connect_proxy_config_ce.go b/agent/structs/connect_proxy_config_ce.go
index dfdc10bbadcf..898ca163a5c2 100644
--- a/agent/structs/connect_proxy_config_ce.go
+++ b/agent/structs/connect_proxy_config_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/connect_proxy_config_test.go b/agent/structs/connect_proxy_config_test.go
index be16d17be6a3..bcf43b2119ca 100644
--- a/agent/structs/connect_proxy_config_test.go
+++ b/agent/structs/connect_proxy_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/deep-copy.sh b/agent/structs/deep-copy.sh
index cbc1bdc42ae5..e4ab69273a47 100755
--- a/agent/structs/deep-copy.sh
+++ b/agent/structs/deep-copy.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 readonly PACKAGE_DIR="$(dirname "${BASH_SOURCE[0]}")"
diff --git a/agent/structs/discovery_chain.go b/agent/structs/discovery_chain.go
index c81dd1ec0836..029fc3b0a8be 100644
--- a/agent/structs/discovery_chain.go
+++ b/agent/structs/discovery_chain.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/discovery_chain_ce.go b/agent/structs/discovery_chain_ce.go
index b4a83b890445..febff8c7762a 100644
--- a/agent/structs/discovery_chain_ce.go
+++ b/agent/structs/discovery_chain_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/envoy_extension.go b/agent/structs/envoy_extension.go
index ab9988bf21bc..c788aedf37e8 100644
--- a/agent/structs/envoy_extension.go
+++ b/agent/structs/envoy_extension.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/errors.go b/agent/structs/errors.go
index df8123dc60da..82e2b0b5f013 100644
--- a/agent/structs/errors.go
+++ b/agent/structs/errors.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/federation_state.go b/agent/structs/federation_state.go
index 5a0e8eef6d04..f123a0954be7 100644
--- a/agent/structs/federation_state.go
+++ b/agent/structs/federation_state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/identity.go b/agent/structs/identity.go
index b55f6bb7ae51..286dd552a346 100644
--- a/agent/structs/identity.go
+++ b/agent/structs/identity.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/intention.go b/agent/structs/intention.go
index 3bbc2584f70f..21d5432b4112 100644
--- a/agent/structs/intention.go
+++ b/agent/structs/intention.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/intention_ce.go b/agent/structs/intention_ce.go
index cb657b8e3777..af62df50bca4 100644
--- a/agent/structs/intention_ce.go
+++ b/agent/structs/intention_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/intention_test.go b/agent/structs/intention_test.go
index 077bef0f200d..600f600729d1 100644
--- a/agent/structs/intention_test.go
+++ b/agent/structs/intention_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/operator.go b/agent/structs/operator.go
index 9d78cb92143f..05862861e3f8 100644
--- a/agent/structs/operator.go
+++ b/agent/structs/operator.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/peering.go b/agent/structs/peering.go
index 927efabb34c2..3ee7acb22402 100644
--- a/agent/structs/peering.go
+++ b/agent/structs/peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/prepared_query.go b/agent/structs/prepared_query.go
index 1c851c476ef0..71b0eba81bc3 100644
--- a/agent/structs/prepared_query.go
+++ b/agent/structs/prepared_query.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
@@ -341,7 +341,7 @@ type PreparedQueryExecuteRemoteRequest struct {
 	Connect bool
 
 	// QueryOptions (unfortunately named here) controls the consistency
-	// settings for the service lookups.
+	// settings for the the service lookups.
 	QueryOptions
 }
 
diff --git a/agent/structs/prepared_query_test.go b/agent/structs/prepared_query_test.go
index 537c6b043818..a6d6e64849af 100644
--- a/agent/structs/prepared_query_test.go
+++ b/agent/structs/prepared_query_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/protobuf_compat.go b/agent/structs/protobuf_compat.go
index c52d85a32c29..65ebf2eaf4ac 100644
--- a/agent/structs/protobuf_compat.go
+++ b/agent/structs/protobuf_compat.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/service_definition.go b/agent/structs/service_definition.go
index 9b9fec89e954..6ee81af0590c 100644
--- a/agent/structs/service_definition.go
+++ b/agent/structs/service_definition.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/service_definition_test.go b/agent/structs/service_definition_test.go
index ec6d4fc5374e..023972092ff4 100644
--- a/agent/structs/service_definition_test.go
+++ b/agent/structs/service_definition_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/snapshot.go b/agent/structs/snapshot.go
index 3d71fb093d3c..4f622216751f 100644
--- a/agent/structs/snapshot.go
+++ b/agent/structs/snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/structs.deepcopy.go b/agent/structs/structs.deepcopy.go
index 0434ba1e67da..cdd007c26cdb 100644
--- a/agent/structs/structs.deepcopy.go
+++ b/agent/structs/structs.deepcopy.go
@@ -18,20 +18,6 @@ func (o *APIGatewayListener) DeepCopy() *APIGatewayListener {
 		cp.TLS.CipherSuites = make([]types.TLSCipherSuite, len(o.TLS.CipherSuites))
 		copy(cp.TLS.CipherSuites, o.TLS.CipherSuites)
 	}
-	if o.Override != nil {
-		cp.Override = new(APIGatewayPolicy)
-		*cp.Override = *o.Override
-		if o.Override.JWT != nil {
-			cp.Override.JWT = o.Override.JWT.DeepCopy()
-		}
-	}
-	if o.Default != nil {
-		cp.Default = new(APIGatewayPolicy)
-		*cp.Default = *o.Default
-		if o.Default.JWT != nil {
-			cp.Default.JWT = o.Default.JWT.DeepCopy()
-		}
-	}
 	return &cp
 }
 
@@ -397,33 +383,6 @@ func (o *HTTPRouteConfigEntry) DeepCopy() *HTTPRouteConfigEntry {
 				cp.Rules[i2].Filters.URLRewrite = new(URLRewrite)
 				*cp.Rules[i2].Filters.URLRewrite = *o.Rules[i2].Filters.URLRewrite
 			}
-			if o.Rules[i2].Filters.RetryFilter != nil {
-				cp.Rules[i2].Filters.RetryFilter = new(RetryFilter)
-				*cp.Rules[i2].Filters.RetryFilter = *o.Rules[i2].Filters.RetryFilter
-				if o.Rules[i2].Filters.RetryFilter.NumRetries != nil {
-					cp.Rules[i2].Filters.RetryFilter.NumRetries = new(uint32)
-					*cp.Rules[i2].Filters.RetryFilter.NumRetries = *o.Rules[i2].Filters.RetryFilter.NumRetries
-				}
-				if o.Rules[i2].Filters.RetryFilter.RetryOn != nil {
-					cp.Rules[i2].Filters.RetryFilter.RetryOn = make([]string, len(o.Rules[i2].Filters.RetryFilter.RetryOn))
-					copy(cp.Rules[i2].Filters.RetryFilter.RetryOn, o.Rules[i2].Filters.RetryFilter.RetryOn)
-				}
-				if o.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes != nil {
-					cp.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes = make([]uint32, len(o.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes))
-					copy(cp.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes, o.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes)
-				}
-				if o.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure != nil {
-					cp.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure = new(bool)
-					*cp.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure = *o.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure
-				}
-			}
-			if o.Rules[i2].Filters.TimeoutFilter != nil {
-				cp.Rules[i2].Filters.TimeoutFilter = new(TimeoutFilter)
-				*cp.Rules[i2].Filters.TimeoutFilter = *o.Rules[i2].Filters.TimeoutFilter
-			}
-			if o.Rules[i2].Filters.JWT != nil {
-				cp.Rules[i2].Filters.JWT = o.Rules[i2].Filters.JWT.DeepCopy()
-			}
 			if o.Rules[i2].Matches != nil {
 				cp.Rules[i2].Matches = make([]HTTPMatch, len(o.Rules[i2].Matches))
 				copy(cp.Rules[i2].Matches, o.Rules[i2].Matches)
@@ -468,33 +427,6 @@ func (o *HTTPRouteConfigEntry) DeepCopy() *HTTPRouteConfigEntry {
 						cp.Rules[i2].Services[i4].Filters.URLRewrite = new(URLRewrite)
 						*cp.Rules[i2].Services[i4].Filters.URLRewrite = *o.Rules[i2].Services[i4].Filters.URLRewrite
 					}
-					if o.Rules[i2].Services[i4].Filters.RetryFilter != nil {
-						cp.Rules[i2].Services[i4].Filters.RetryFilter = new(RetryFilter)
-						*cp.Rules[i2].Services[i4].Filters.RetryFilter = *o.Rules[i2].Services[i4].Filters.RetryFilter
-						if o.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries != nil {
-							cp.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries = new(uint32)
-							*cp.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries = *o.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries
-						}
-						if o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn != nil {
-							cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn = make([]string, len(o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn))
-							copy(cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn, o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn)
-						}
-						if o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes != nil {
-							cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes = make([]uint32, len(o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes))
-							copy(cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes, o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes)
-						}
-						if o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure != nil {
-							cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure = new(bool)
-							*cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure = *o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure
-						}
-					}
-					if o.Rules[i2].Services[i4].Filters.TimeoutFilter != nil {
-						cp.Rules[i2].Services[i4].Filters.TimeoutFilter = new(TimeoutFilter)
-						*cp.Rules[i2].Services[i4].Filters.TimeoutFilter = *o.Rules[i2].Services[i4].Filters.TimeoutFilter
-					}
-					if o.Rules[i2].Services[i4].Filters.JWT != nil {
-						cp.Rules[i2].Services[i4].Filters.JWT = o.Rules[i2].Services[i4].Filters.JWT.DeepCopy()
-					}
 				}
 			}
 		}
@@ -897,14 +829,6 @@ func (o *ServiceConfigEntry) DeepCopy() *ServiceConfigEntry {
 			copy(cp.Destination.Addresses, o.Destination.Addresses)
 		}
 	}
-	if o.RateLimits != nil {
-		cp.RateLimits = new(RateLimits)
-		*cp.RateLimits = *o.RateLimits
-		if o.RateLimits.InstanceLevel.Routes != nil {
-			cp.RateLimits.InstanceLevel.Routes = make([]InstanceLevelRouteRateLimits, len(o.RateLimits.InstanceLevel.Routes))
-			copy(cp.RateLimits.InstanceLevel.Routes, o.RateLimits.InstanceLevel.Routes)
-		}
-	}
 	if o.EnvoyExtensions != nil {
 		cp.EnvoyExtensions = make([]EnvoyExtension, len(o.EnvoyExtensions))
 		copy(cp.EnvoyExtensions, o.EnvoyExtensions)
@@ -955,10 +879,6 @@ func (o *ServiceConfigResponse) DeepCopy() *ServiceConfigResponse {
 		cp.Destination.Addresses = make([]string, len(o.Destination.Addresses))
 		copy(cp.Destination.Addresses, o.Destination.Addresses)
 	}
-	if o.RateLimits.InstanceLevel.Routes != nil {
-		cp.RateLimits.InstanceLevel.Routes = make([]InstanceLevelRouteRateLimits, len(o.RateLimits.InstanceLevel.Routes))
-		copy(cp.RateLimits.InstanceLevel.Routes, o.RateLimits.InstanceLevel.Routes)
-	}
 	if o.Meta != nil {
 		cp.Meta = make(map[string]string, len(o.Meta))
 		for k2, v2 := range o.Meta {
diff --git a/agent/structs/structs.deepcopy_ce.go b/agent/structs/structs.deepcopy_ce.go
deleted file mode 100644
index d2e909bf49e8..000000000000
--- a/agent/structs/structs.deepcopy_ce.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package structs
-
-// DeepCopy generates a deep copy of *APIGatewayJWTRequirement
-func (o *APIGatewayJWTRequirement) DeepCopy() *APIGatewayJWTRequirement {
-	return new(APIGatewayJWTRequirement)
-}
-
-// DeepCopy generates a deep copy of *JWTFilter
-func (o *JWTFilter) DeepCopy() *JWTFilter {
-	return new(JWTFilter)
-}
diff --git a/agent/structs/structs.go b/agent/structs/structs.go
index fbacb36ffe66..b4548a734be9 100644
--- a/agent/structs/structs.go
+++ b/agent/structs/structs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
@@ -1483,10 +1483,6 @@ func (s *NodeService) IsGateway() bool {
 func (s *NodeService) Validate() error {
 	var result error
 
-	if err := s.Locality.Validate(); err != nil {
-		result = multierror.Append(result, err)
-	}
-
 	if s.Kind == ServiceKindConnectProxy {
 		if s.Port == 0 && s.SocketPath == "" {
 			result = multierror.Append(result, fmt.Errorf("Port or SocketPath must be set for a %s", s.Kind))
@@ -1879,6 +1875,7 @@ type HealthCheckDefinition struct {
 	Body                           string              `json:",omitempty"`
 	DisableRedirects               bool                `json:",omitempty"`
 	TCP                            string              `json:",omitempty"`
+	TCPUseTLS                      bool                `json:",omitempty"`
 	UDP                            string              `json:",omitempty"`
 	H2PING                         string              `json:",omitempty"`
 	OSService                      string              `json:",omitempty"`
@@ -2031,6 +2028,7 @@ func (c *HealthCheck) CheckType() *CheckType {
 		Body:                           c.Definition.Body,
 		DisableRedirects:               c.Definition.DisableRedirects,
 		TCP:                            c.Definition.TCP,
+		TCPUseTLS:                      c.Definition.TCPUseTLS,
 		UDP:                            c.Definition.UDP,
 		H2PING:                         c.Definition.H2PING,
 		OSService:                      c.Definition.OSService,
@@ -2098,18 +2096,6 @@ func (csn *CheckServiceNode) CanRead(authz acl.Authorizer) acl.EnforcementDecisi
 	return acl.Allow
 }
 
-func (csn *CheckServiceNode) Locality() *Locality {
-	if csn.Service != nil && csn.Service.Locality != nil {
-		return csn.Service.Locality
-	}
-
-	if csn.Node != nil && csn.Node.Locality != nil {
-		return csn.Node.Locality
-	}
-
-	return nil
-}
-
 type CheckServiceNodes []CheckServiceNode
 
 func (csns CheckServiceNodes) DeepCopy() CheckServiceNodes {
@@ -3131,15 +3117,3 @@ func (l *Locality) GetRegion() string {
 	}
 	return l.Region
 }
-
-func (l *Locality) Validate() error {
-	if l == nil {
-		return nil
-	}
-
-	if l.Region == "" && l.Zone != "" {
-		return fmt.Errorf("zone cannot be set without region")
-	}
-
-	return nil
-}
diff --git a/agent/structs/structs_ce.go b/agent/structs/structs_ce.go
index f47fac578afc..6b004460e5fb 100644
--- a/agent/structs/structs_ce.go
+++ b/agent/structs/structs_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/structs_ce_test.go b/agent/structs/structs_ce_test.go
index 6ec8723ae5e1..55e51a70088c 100644
--- a/agent/structs/structs_ce_test.go
+++ b/agent/structs/structs_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/structs/structs_ext_test.go b/agent/structs/structs_ext_test.go
index 3b1cd6b6df1c..9bbc4ca0cb91 100644
--- a/agent/structs/structs_ext_test.go
+++ b/agent/structs/structs_ext_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs_test
 
diff --git a/agent/structs/structs_filtering_test.go b/agent/structs/structs_filtering_test.go
index 3750adb16ce1..9739923e0e5a 100644
--- a/agent/structs/structs_filtering_test.go
+++ b/agent/structs/structs_filtering_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/structs_test.go b/agent/structs/structs_test.go
index bf909aa41903..6d887da9ac77 100644
--- a/agent/structs/structs_test.go
+++ b/agent/structs/structs_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
@@ -592,43 +592,6 @@ func TestStructs_ServiceNode_Conversions(t *testing.T) {
 	}
 }
 
-func TestStructs_Locality_Validate(t *testing.T) {
-	type testCase struct {
-		locality *Locality
-		err      string
-	}
-	cases := map[string]testCase{
-		"nil": {
-			nil,
-			"",
-		},
-		"region only": {
-			&Locality{Region: "us-west-1"},
-			"",
-		},
-		"region and zone": {
-			&Locality{Region: "us-west-1", Zone: "us-west-1a"},
-			"",
-		},
-		"zone only": {
-			&Locality{Zone: "us-west-1a"},
-			"zone cannot be set without region",
-		},
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			err := tc.locality.Validate()
-			if tc.err == "" {
-				require.NoError(t, err)
-			} else {
-				require.Error(t, err)
-				require.Contains(t, err.Error(), tc.err)
-			}
-		})
-	}
-}
-
 func TestStructs_NodeService_ValidateMeshGateway(t *testing.T) {
 	type testCase struct {
 		Modify func(*NodeService)
@@ -1189,13 +1152,6 @@ func TestStructs_NodeService_ValidateConnectProxy(t *testing.T) {
 			},
 			"",
 		},
-		{
-			"connect-proxy: invalid locality",
-			func(x *NodeService) {
-				x.Locality = &Locality{Zone: "bad"}
-			},
-			"zone cannot be set without region",
-		},
 	}
 
 	for _, tc := range cases {
@@ -1358,7 +1314,7 @@ func TestStructs_NodeService_ValidateSidecarService(t *testing.T) {
 }
 
 func TestStructs_NodeService_ConnectNativeEmptyPortError(t *testing.T) {
-	ns := TestNodeService()
+	ns := TestNodeService(t)
 	ns.Connect.Native = true
 	ns.Port = 0
 	err := ns.Validate()
diff --git a/agent/structs/system_metadata.go b/agent/structs/system_metadata.go
index 555756201a5d..fa6f6cd0ae58 100644
--- a/agent/structs/system_metadata.go
+++ b/agent/structs/system_metadata.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/testing.go b/agent/structs/testing.go
index 527da21c4e89..ad8382b0ce3b 100644
--- a/agent/structs/testing.go
+++ b/agent/structs/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/testing_catalog.go b/agent/structs/testing_catalog.go
index 8047695bba56..9e72aebc7745 100644
--- a/agent/structs/testing_catalog.go
+++ b/agent/structs/testing_catalog.go
@@ -1,14 +1,13 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
 import (
 	"fmt"
 
-	"github.com/mitchellh/go-testing-interface"
-
 	"github.com/hashicorp/consul/acl"
+	"github.com/mitchellh/go-testing-interface"
 )
 
 // TestRegisterRequest returns a RegisterRequest for registering a typical service.
@@ -48,11 +47,11 @@ func TestRegisterIngressGateway(t testing.T) *RegisterRequest {
 }
 
 // TestNodeService returns a *NodeService representing a valid regular service: "web".
-func TestNodeService() *NodeService {
-	return TestNodeServiceWithName("web")
+func TestNodeService(t testing.T) *NodeService {
+	return TestNodeServiceWithName(t, "web")
 }
 
-func TestNodeServiceWithName(name string) *NodeService {
+func TestNodeServiceWithName(t testing.T, name string) *NodeService {
 	return &NodeService{
 		Kind:    ServiceKindTypical,
 		Service: name,
diff --git a/agent/structs/testing_connect_proxy_config.go b/agent/structs/testing_connect_proxy_config.go
index 971e355fba2d..c41cc9965111 100644
--- a/agent/structs/testing_connect_proxy_config.go
+++ b/agent/structs/testing_connect_proxy_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/testing_intention.go b/agent/structs/testing_intention.go
index 974a103de1bd..57c6f9d50154 100644
--- a/agent/structs/testing_intention.go
+++ b/agent/structs/testing_intention.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/testing_service_definition.go b/agent/structs/testing_service_definition.go
index da51014f4311..2707067262f5 100644
--- a/agent/structs/testing_service_definition.go
+++ b/agent/structs/testing_service_definition.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/structs/txn.go b/agent/structs/txn.go
index efb11aa891ea..a97b4733f5ed 100644
--- a/agent/structs/txn.go
+++ b/agent/structs/txn.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/agent/submatview/handler.go b/agent/submatview/handler.go
index f33746a7f324..b3c900e69528 100644
--- a/agent/submatview/handler.go
+++ b/agent/submatview/handler.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package submatview
 
diff --git a/agent/submatview/local_materializer.go b/agent/submatview/local_materializer.go
index 4ee06a364029..5eeaefaa665a 100644
--- a/agent/submatview/local_materializer.go
+++ b/agent/submatview/local_materializer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package submatview
 
diff --git a/agent/submatview/local_materializer_test.go b/agent/submatview/local_materializer_test.go
index fa7a01845034..e6600a051620 100644
--- a/agent/submatview/local_materializer_test.go
+++ b/agent/submatview/local_materializer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package submatview
 
diff --git a/agent/submatview/materializer.go b/agent/submatview/materializer.go
index 42754c914da0..240f6cfafbb4 100644
--- a/agent/submatview/materializer.go
+++ b/agent/submatview/materializer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package submatview
 
diff --git a/agent/submatview/rpc_materializer.go b/agent/submatview/rpc_materializer.go
index dfeb90172a69..855576b1b339 100644
--- a/agent/submatview/rpc_materializer.go
+++ b/agent/submatview/rpc_materializer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package submatview
 
diff --git a/agent/submatview/store.go b/agent/submatview/store.go
index ccfc319e2f4c..1f189121264c 100644
--- a/agent/submatview/store.go
+++ b/agent/submatview/store.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package submatview
 
diff --git a/agent/submatview/store_integration_test.go b/agent/submatview/store_integration_test.go
index 45ba11d3cc3c..3b6d9fbc2b57 100644
--- a/agent/submatview/store_integration_test.go
+++ b/agent/submatview/store_integration_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package submatview_test
 
diff --git a/agent/submatview/store_test.go b/agent/submatview/store_test.go
index c878654d89be..36a92e7ec02b 100644
--- a/agent/submatview/store_test.go
+++ b/agent/submatview/store_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package submatview
 
diff --git a/agent/submatview/streaming_test.go b/agent/submatview/streaming_test.go
index 54b28d1abe6b..223babf530b1 100644
--- a/agent/submatview/streaming_test.go
+++ b/agent/submatview/streaming_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package submatview
 
diff --git a/agent/systemd/notify.go b/agent/systemd/notify.go
index 60c71947dc8a..88ce2c2ece95 100644
--- a/agent/systemd/notify.go
+++ b/agent/systemd/notify.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package systemd
 
diff --git a/agent/testagent.go b/agent/testagent.go
index 3d0e2c8038e8..57b9c1b11183 100644
--- a/agent/testagent.go
+++ b/agent/testagent.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/testagent_test.go b/agent/testagent_test.go
index 266b6e864cc3..66d1d61f01e5 100644
--- a/agent/testagent_test.go
+++ b/agent/testagent_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/token/persistence.go b/agent/token/persistence.go
index 117f72359d27..9d543b30edf9 100644
--- a/agent/token/persistence.go
+++ b/agent/token/persistence.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package token
 
diff --git a/agent/token/persistence_test.go b/agent/token/persistence_test.go
index 5d6e73f0d228..093515f70e43 100644
--- a/agent/token/persistence_test.go
+++ b/agent/token/persistence_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package token
 
diff --git a/agent/token/store.go b/agent/token/store.go
index a32475eb477e..b0f9732a8cc6 100644
--- a/agent/token/store.go
+++ b/agent/token/store.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package token
 
diff --git a/agent/token/store_ce.go b/agent/token/store_ce.go
index f2fab3390dfd..87fefdbbe048 100644
--- a/agent/token/store_ce.go
+++ b/agent/token/store_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/token/store_test.go b/agent/token/store_test.go
index c35c44a7b69f..8d0992f229ca 100644
--- a/agent/token/store_test.go
+++ b/agent/token/store_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package token
 
diff --git a/agent/translate_addr.go b/agent/translate_addr.go
index 1c0f8a400305..9be80ebc0f8c 100644
--- a/agent/translate_addr.go
+++ b/agent/translate_addr.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/txn_endpoint.go b/agent/txn_endpoint.go
index 10117a53c500..7c2f64c1a931 100644
--- a/agent/txn_endpoint.go
+++ b/agent/txn_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -313,6 +313,7 @@ func (s *HTTPHandlers) convertOps(resp http.ResponseWriter, req *http.Request) (
 							Method:                         check.Definition.Method,
 							Body:                           check.Definition.Body,
 							TCP:                            check.Definition.TCP,
+							TCPUseTLS:                      check.Definition.TCPUseTLS,
 							GRPC:                           check.Definition.GRPC,
 							GRPCUseTLS:                     check.Definition.GRPCUseTLS,
 							OSService:                      check.Definition.OSService,
diff --git a/agent/txn_endpoint_test.go b/agent/txn_endpoint_test.go
index fe19ed825301..19c5925ba7a9 100644
--- a/agent/txn_endpoint_test.go
+++ b/agent/txn_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/ui_endpoint.go b/agent/ui_endpoint.go
index d0cc8a5be832..fa4bb23f8464 100644
--- a/agent/ui_endpoint.go
+++ b/agent/ui_endpoint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
@@ -190,6 +190,7 @@ func AgentMembersMapAddrVer(s *HTTPHandlers, req *http.Request) (map[string]stri
 	filter := consul.LANMemberFilter{
 		Partition: entMeta.PartitionOrDefault(),
 	}
+
 	if acl.IsDefaultPartition(filter.Partition) {
 		filter.AllSegments = true
 	}
diff --git a/agent/ui_endpoint_ce_test.go b/agent/ui_endpoint_ce_test.go
index 82a16b765f5c..3e57fca667e8 100644
--- a/agent/ui_endpoint_ce_test.go
+++ b/agent/ui_endpoint_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/ui_endpoint_test.go b/agent/ui_endpoint_test.go
index 1e0c391d0c95..b39a2f31dc93 100644
--- a/agent/ui_endpoint_test.go
+++ b/agent/ui_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/uiserver/buf_index_fs.go b/agent/uiserver/buf_index_fs.go
index 283616c36eda..9ea23316fb10 100644
--- a/agent/uiserver/buf_index_fs.go
+++ b/agent/uiserver/buf_index_fs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package uiserver
 
diff --git a/agent/uiserver/buffered_file.go b/agent/uiserver/buffered_file.go
index daa30c610d29..5c794dac2690 100644
--- a/agent/uiserver/buffered_file.go
+++ b/agent/uiserver/buffered_file.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package uiserver
 
diff --git a/agent/uiserver/redirect_fs.go b/agent/uiserver/redirect_fs.go
index 4a61ba7b2c14..66b48e637fdc 100644
--- a/agent/uiserver/redirect_fs.go
+++ b/agent/uiserver/redirect_fs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package uiserver
 
diff --git a/agent/uiserver/ui_template_data.go b/agent/uiserver/ui_template_data.go
index 726207b148f0..d8d5fc42ba4e 100644
--- a/agent/uiserver/ui_template_data.go
+++ b/agent/uiserver/ui_template_data.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package uiserver
 
diff --git a/agent/uiserver/uiserver.go b/agent/uiserver/uiserver.go
index 0cd20c5fda0b..8cabb8e3e0cd 100644
--- a/agent/uiserver/uiserver.go
+++ b/agent/uiserver/uiserver.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package uiserver
 
diff --git a/agent/uiserver/uiserver_test.go b/agent/uiserver/uiserver_test.go
index ce649276546b..c42792fe320b 100644
--- a/agent/uiserver/uiserver_test.go
+++ b/agent/uiserver/uiserver_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package uiserver
 
diff --git a/agent/user_event.go b/agent/user_event.go
index 23cbc90c336d..25be0dd88f42 100644
--- a/agent/user_event.go
+++ b/agent/user_event.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/user_event_test.go b/agent/user_event_test.go
index 62ea5f4adca3..ac807def924c 100644
--- a/agent/user_event_test.go
+++ b/agent/user_event_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/util.go b/agent/util.go
index 1bcdbca01f1a..285ba91df948 100644
--- a/agent/util.go
+++ b/agent/util.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/util_test.go b/agent/util_test.go
index 42aa745e70fa..4c3ae5602d39 100644
--- a/agent/util_test.go
+++ b/agent/util_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/watch_handler.go b/agent/watch_handler.go
index b926b7167505..518fd6c77c98 100644
--- a/agent/watch_handler.go
+++ b/agent/watch_handler.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/watch_handler_test.go b/agent/watch_handler_test.go
index 151e05e9c077..f97d4d3982d3 100644
--- a/agent/watch_handler_test.go
+++ b/agent/watch_handler_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/agent/xds/accesslogs/accesslogs.go b/agent/xds/accesslogs/accesslogs.go
index 25a3baf192fe..84cbf55e64d8 100644
--- a/agent/xds/accesslogs/accesslogs.go
+++ b/agent/xds/accesslogs/accesslogs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package accesslogs
 
diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go
index 908aa746bc9c..dc8245627b0c 100644
--- a/agent/xds/clusters.go
+++ b/agent/xds/clusters.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -19,8 +19,6 @@ import (
 	envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
 	envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
 	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
-	"github.com/hashicorp/consul/agent/xds/config"
-	"github.com/hashicorp/consul/agent/xds/naming"
 
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/protobuf/encoding/protojson"
@@ -32,7 +30,6 @@ import (
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 )
@@ -369,7 +366,7 @@ func makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message,
 		!meshConf.TransparentProxy.MeshDestinationsOnly {
 
 		clusters = append(clusters, &envoy_cluster_v3.Cluster{
-			Name: naming.OriginalDestinationClusterName,
+			Name: OriginalDestinationClusterName,
 			ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{
 				Type: envoy_cluster_v3.Cluster_ORIGINAL_DST,
 			},
@@ -811,6 +808,27 @@ func (s *ResourceGenerator) makeGatewayOutgoingClusterPeeringServiceClusters(cfg
 			}
 			cluster := s.makeGatewayCluster(cfgSnap, opts)
 
+			if serviceGroup.UseCDS {
+				configureClusterWithHostnames(
+					s.Logger,
+					cluster,
+					"", /*TODO:make configurable?*/
+					serviceGroup.Nodes,
+					true,  /*isRemote*/
+					false, /*onlyPassing*/
+				)
+			} else {
+				cluster.ClusterDiscoveryType = &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_EDS}
+				cluster.EdsClusterConfig = &envoy_cluster_v3.Cluster_EdsClusterConfig{
+					EdsConfig: &envoy_core_v3.ConfigSource{
+						ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
+						ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{
+							Ads: &envoy_core_v3.AggregatedConfigSource{},
+						},
+					},
+				}
+			}
+
 			clusters = append(clusters, cluster)
 		}
 	}
@@ -974,10 +992,8 @@ func (s *ResourceGenerator) clustersFromSnapshotAPIGateway(cfgSnap *proxycfg.Con
 			// Grab the discovery chain compiled in handlerAPIGateway.recompileDiscoveryChains
 			chain, ok := cfgSnap.APIGateway.DiscoveryChain[uid]
 			if !ok {
-				// this should not happen, but it can't error out because the equivalent
-				// listener generation will continue
-				s.Logger.Warn("could not find discovery chain for gateway upstream", "upstream", uid)
-				continue
+				// this should not happen
+				return nil, fmt.Errorf("no discovery chain for upstream %q", uid)
 			}
 
 			// Generate the list of upstream clusters for the discovery chain
@@ -1009,11 +1025,11 @@ func (s *ResourceGenerator) configIngressUpstreamCluster(c *envoy_cluster_v3.Clu
 
 		switch limitType {
 		case "max_connections":
-			threshold.MaxConnections = response.MakeUint32Value(limit)
+			threshold.MaxConnections = makeUint32Value(limit)
 		case "max_pending_requests":
-			threshold.MaxPendingRequests = response.MakeUint32Value(limit)
+			threshold.MaxPendingRequests = makeUint32Value(limit)
 		case "max_requests":
-			threshold.MaxRequests = response.MakeUint32Value(limit)
+			threshold.MaxRequests = makeUint32Value(limit)
 		}
 	}
 
@@ -1044,7 +1060,12 @@ func (s *ResourceGenerator) configIngressUpstreamCluster(c *envoy_cluster_v3.Clu
 	if svc != nil {
 		override = svc.PassiveHealthCheck
 	}
-	outlierDetection := config.ToOutlierDetection(cfgSnap.IngressGateway.Defaults.PassiveHealthCheck, override, false)
+	outlierDetection := ToOutlierDetection(cfgSnap.IngressGateway.Defaults.PassiveHealthCheck, override, false)
+
+	// Specail handling for failover peering service, which has set MaxEjectionPercent
+	if c.OutlierDetection != nil && c.OutlierDetection.MaxEjectionPercent != nil {
+		outlierDetection.MaxEjectionPercent = &wrapperspb.UInt32Value{Value: c.OutlierDetection.MaxEjectionPercent.Value}
+	}
 
 	c.OutlierDetection = outlierDetection
 }
@@ -1053,7 +1074,7 @@ func (s *ResourceGenerator) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, nam
 	var c *envoy_cluster_v3.Cluster
 	var err error
 
-	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	cfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1104,7 +1125,7 @@ func (s *ResourceGenerator) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, nam
 		c.CircuitBreakers = &envoy_cluster_v3.CircuitBreakers{
 			Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{
 				{
-					MaxConnections: response.MakeUint32Value(cfg.MaxInboundConnections),
+					MaxConnections: makeUint32Value(cfg.MaxInboundConnections),
 				},
 			},
 		}
@@ -1147,7 +1168,7 @@ func (s *ResourceGenerator) makeUpstreamClusterForPeerService(
 
 	clusterName := generatePeeredClusterName(uid, tbs)
 
-	outlierDetection := config.ToOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true)
+	outlierDetection := ToOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true)
 	// We can't rely on health checks for services on cluster peers because they
 	// don't take into account service resolvers, splitters and routers. Setting
 	// MaxEjectionPercent too 100% gives outlier detection the power to eject the
@@ -1282,7 +1303,7 @@ func (s *ResourceGenerator) makeUpstreamClusterForPreparedQuery(upstream structs
 			CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{
 				Thresholds: makeThresholdsIfNeeded(cfg.Limits),
 			},
-			OutlierDetection: config.ToOutlierDetection(cfg.PassiveHealthCheck, nil, true),
+			OutlierDetection: ToOutlierDetection(cfg.PassiveHealthCheck, nil, true),
 		}
 		if cfg.Protocol == "http2" || cfg.Protocol == "grpc" {
 			if err := s.setHttp2ProtocolOptions(c); err != nil {
@@ -1424,7 +1445,7 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain(
 		// These variables are prefixed with primary to avoid shaddowing bugs.
 		primaryTargetID := node.Resolver.Target
 		primaryTarget := chain.Targets[primaryTargetID]
-		primaryTargetClusterName := s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway)
+		primaryTargetClusterName := s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway, false)
 		if primaryTargetClusterName == "" {
 			continue
 		}
@@ -1502,7 +1523,7 @@ func (s *ResourceGenerator) makeUpstreamClustersForDiscoveryChain(
 				CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{
 					Thresholds: makeThresholdsIfNeeded(upstreamConfig.Limits),
 				},
-				OutlierDetection: config.ToOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true),
+				OutlierDetection: ToOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true),
 			}
 
 			var lb *structs.LoadBalancer
@@ -1656,6 +1677,11 @@ func makeClusterFromUserConfig(configJSON string) (*envoy_cluster_v3.Cluster, er
 	return &c, err
 }
 
+type addressPair struct {
+	host string
+	port int
+}
+
 type clusterOpts struct {
 	// name for the cluster
 	name string
@@ -1679,7 +1705,7 @@ type clusterOpts struct {
 
 // makeGatewayCluster creates an Envoy cluster for a mesh or terminating gateway
 func (s *ResourceGenerator) makeGatewayCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster {
-	cfg, err := config.ParseGatewayConfig(snap.Proxy.Config)
+	cfg, err := ParseGatewayConfig(snap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1709,13 +1735,13 @@ func (s *ResourceGenerator) makeGatewayCluster(snap *proxycfg.ConfigSnapshot, op
 			TcpKeepalive: &envoy_core_v3.TcpKeepalive{},
 		}
 		if cfg.TcpKeepaliveTime != 0 {
-			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveTime = response.MakeUint32Value(cfg.TcpKeepaliveTime)
+			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveTime = makeUint32Value(cfg.TcpKeepaliveTime)
 		}
 		if cfg.TcpKeepaliveInterval != 0 {
-			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveInterval = response.MakeUint32Value(cfg.TcpKeepaliveInterval)
+			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveInterval = makeUint32Value(cfg.TcpKeepaliveInterval)
 		}
 		if cfg.TcpKeepaliveProbes != 0 {
-			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveProbes = response.MakeUint32Value(cfg.TcpKeepaliveProbes)
+			cluster.UpstreamConnectionOptions.TcpKeepalive.KeepaliveProbes = makeUint32Value(cfg.TcpKeepaliveProbes)
 		}
 	}
 
@@ -1822,7 +1848,7 @@ func configureClusterWithHostnames(
 // makeExternalIPCluster creates an Envoy cluster for routing to IP addresses outside of Consul
 // This is used by terminating gateways for Destinations
 func (s *ResourceGenerator) makeExternalIPCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster {
-	cfg, err := config.ParseGatewayConfig(snap.Proxy.Config)
+	cfg, err := ParseGatewayConfig(snap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1861,7 +1887,7 @@ func (s *ResourceGenerator) makeExternalIPCluster(snap *proxycfg.ConfigSnapshot,
 // makeExternalHostnameCluster creates an Envoy cluster for hostname endpoints that will be resolved with DNS
 // This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffice
 func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster {
-	cfg, err := config.ParseGatewayConfig(snap.Proxy.Config)
+	cfg, err := ParseGatewayConfig(snap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1885,7 +1911,7 @@ func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSna
 	endpoints := make([]*envoy_endpoint_v3.LbEndpoint, 0, len(opts.addresses))
 
 	for _, pair := range opts.addresses {
-		address := response.MakeAddress(pair.Address, pair.Port)
+		address := makeAddress(pair.Address, pair.Port)
 
 		endpoint := &envoy_endpoint_v3.LbEndpoint{
 			HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
@@ -1918,13 +1944,13 @@ func makeThresholdsIfNeeded(limits *structs.UpstreamLimits) []*envoy_cluster_v3.
 	// Likewise, make sure to not set any threshold values on the zero-value in
 	// order to rely on Envoy defaults
 	if limits.MaxConnections != nil {
-		threshold.MaxConnections = response.MakeUint32Value(*limits.MaxConnections)
+		threshold.MaxConnections = makeUint32Value(*limits.MaxConnections)
 	}
 	if limits.MaxPendingRequests != nil {
-		threshold.MaxPendingRequests = response.MakeUint32Value(*limits.MaxPendingRequests)
+		threshold.MaxPendingRequests = makeUint32Value(*limits.MaxPendingRequests)
 	}
 	if limits.MaxConcurrentRequests != nil {
-		threshold.MaxRequests = response.MakeUint32Value(*limits.MaxConcurrentRequests)
+		threshold.MaxRequests = makeUint32Value(*limits.MaxConcurrentRequests)
 	}
 
 	return []*envoy_cluster_v3.CircuitBreakers_Thresholds{threshold}
@@ -1947,7 +1973,7 @@ func makeLbEndpoint(addr string, port int, health envoy_core_v3.HealthStatus, we
 			},
 		},
 		HealthStatus:        health,
-		LoadBalancingWeight: response.MakeUint32Value(weight),
+		LoadBalancingWeight: makeUint32Value(weight),
 	}
 }
 
@@ -2028,11 +2054,15 @@ func generatePeeredClusterName(uid proxycfg.UpstreamID, tb *pbpeering.PeeringTru
 	}, ".")
 }
 
-func (s *ResourceGenerator) getTargetClusterName(upstreamsSnapshot *proxycfg.ConfigSnapshotUpstreams, chain *structs.CompiledDiscoveryChain, tid string, forMeshGateway bool) string {
+type targetClusterData struct {
+	targetID    string
+	clusterName string
+}
+
+func (s *ResourceGenerator) getTargetClusterName(upstreamsSnapshot *proxycfg.ConfigSnapshotUpstreams, chain *structs.CompiledDiscoveryChain, tid string, forMeshGateway bool, failover bool) string {
 	target := chain.Targets[tid]
 	clusterName := target.Name
 	targetUID := proxycfg.NewUpstreamIDFromTargetID(tid)
-
 	if targetUID.Peer != "" {
 		tbs, ok := upstreamsSnapshot.UpstreamPeerTrustBundles.Get(targetUID.Peer)
 		// We can't generate cluster on peers without the trust bundle. The
@@ -2047,7 +2077,10 @@ func (s *ResourceGenerator) getTargetClusterName(upstreamsSnapshot *proxycfg.Con
 
 		clusterName = generatePeeredClusterName(targetUID, tbs)
 	}
-	clusterName = naming.CustomizeClusterName(clusterName, chain)
+	clusterName = CustomizeClusterName(clusterName, chain)
+	if failover {
+		clusterName = xdscommon.FailoverClusterNamePrefix + clusterName
+	}
 	if forMeshGateway {
 		clusterName = meshGatewayExportedClusterNamePrefix + clusterName
 	}
diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go
index adeb2b57374f..954aad7756f0 100644
--- a/agent/xds/clusters_test.go
+++ b/agent/xds/clusters_test.go
@@ -1,11 +1,10 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
 import (
 	"bytes"
-	"github.com/hashicorp/consul/types"
 	"path/filepath"
 	"sort"
 	"testing"
@@ -21,35 +20,16 @@ import (
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/proxystateconverter"
-	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/agent/xds/testcommon"
-	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/consul/types"
 )
 
-type mockCfgFetcher struct {
-	addressLan string
-}
-
-func (s *mockCfgFetcher) AdvertiseAddrLAN() string {
-	return s.addressLan
-}
-
 type clusterTestCase struct {
 	name               string
 	create             func(t testinf.T) *proxycfg.ConfigSnapshot
 	overrideGoldenName string
-	alsoRunTestForV2   bool
-}
-
-func uint32ptr(i uint32) *uint32 {
-	return &i
-}
-
-func durationPtr(d time.Duration) *time.Duration {
-	return &d
 }
 
 func makeClusterDiscoChainTests(enterprise bool) []clusterTestCase {
@@ -64,125 +44,90 @@ func makeClusterDiscoChainTests(enterprise bool) []clusterTestCase {
 						})
 				}, nil)
 			},
-			// TODO(proxystate): requires custom cluster work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-chain",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
-		},
-		{
-			name: "connect-proxy-with-chain-http2",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, func(ns *structs.NodeService) {
-					ns.Proxy.Upstreams[0].Config["protocol"] = "http2"
-				}, nil)
-			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-external-sni",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
 			},
-			//TODO(proxystate): this requires terminating gateway work
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-overrides",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-failover",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway-triggered", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway-triggered", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway-triggered", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway-triggered", enterprise, nil, nil)
 			},
-			// TODO(proxystate): requires routes work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "splitter-with-resolver-redirect",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-lb-in-resolver",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 	}
 }
@@ -214,7 +159,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-outgoing-min-version",
@@ -234,7 +178,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-outgoing-max-version",
@@ -254,7 +197,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-outgoing-cipher-suites",
@@ -277,7 +219,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-jwt-config-entry-with-local",
@@ -301,8 +242,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			// TODO(proxystate): jwt work will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "connect-proxy-with-jwt-config-entry-with-remote-jwks",
@@ -337,8 +276,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			// TODO(proxystate): jwt work will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "custom-local-app",
@@ -350,8 +287,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 						})
 				}, nil)
 			},
-			// TODO(proxystate): requires custom cluster work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "custom-upstream",
@@ -363,8 +298,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 						})
 				}, nil)
 			},
-			// TODO(proxystate): requires custom cluster work
-			alsoRunTestForV2: false,
 		},
 		{
 			name:               "custom-upstream-ignores-tls",
@@ -379,46 +312,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 						})
 				}, nil)
 			},
-			// TODO(proxystate): requires custom cluster work
-			alsoRunTestForV2: false,
-		},
-		{
-			name: "custom-upstream-with-prepared-query",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) {
-					for i := range ns.Proxy.Upstreams {
-
-						switch ns.Proxy.Upstreams[i].DestinationName {
-						case "db":
-							if ns.Proxy.Upstreams[i].Config == nil {
-								ns.Proxy.Upstreams[i].Config = map[string]interface{}{}
-							}
-
-							uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i])
-
-							// Triggers an override with the presence of the escape hatch listener
-							ns.Proxy.Upstreams[i].DestinationType = structs.UpstreamDestTypePreparedQuery
-
-							ns.Proxy.Upstreams[i].Config["envoy_cluster_json"] =
-								customClusterJSON(t, customClusterJSONOptions{
-									Name: uid.EnvoyID() + ":custom-upstream",
-								})
-
-						// Also test that http2 options are triggered.
-						// A separate upstream without an override is required to test
-						case "geo-cache":
-							if ns.Proxy.Upstreams[i].Config == nil {
-								ns.Proxy.Upstreams[i].Config = map[string]interface{}{}
-							}
-							ns.Proxy.Upstreams[i].Config["protocol"] = "http2"
-						default:
-							continue
-						}
-					}
-				}, nil)
-			},
-			// TODO(proxystate): requires custom cluster work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "custom-timeouts",
@@ -428,7 +321,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					ns.Proxy.Upstreams[0].Config["connect_timeout_ms"] = 2345
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-passive-healthcheck",
@@ -443,22 +335,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				}, nil)
 			},
-			alsoRunTestForV2: true,
-		},
-		{
-			name: "custom-passive-healthcheck-zero-consecutive_5xx",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) {
-					ns.Proxy.Upstreams[0].Config["passive_health_check"] = map[string]interface{}{
-						"enforcing_consecutive_5xx": float64(0),
-						"max_failures":              float64(5),
-						"interval":                  float64(10 * time.Second),
-						"max_ejection_percent":      float64(100),
-						"base_ejection_time":        float64(10 * time.Second),
-					}
-				}, nil)
-			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-max-inbound-connections",
@@ -467,7 +343,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["max_inbound_connections"] = 3456
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-limits-max-connections-only",
@@ -488,7 +363,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-limits-set-to-zero",
@@ -507,7 +381,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "custom-limits",
@@ -526,14 +399,12 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "expose-paths-local-app-paths",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotExposeConfig(t, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "downstream-service-with-unix-sockets",
@@ -546,7 +417,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					ns.Proxy.LocalServiceSocketPath = "/tmp/downstream_proxy.sock"
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "expose-paths-new-cluster-http2",
@@ -560,89 +430,58 @@ func TestClustersFromSnapshot(t *testing.T) {
 					}
 				})
 			},
-			alsoRunTestForV2: true,
 		},
 		{
-			name:             "expose-checks",
-			create:           proxycfg.TestConfigSnapshotExposeChecks,
-			alsoRunTestForV2: true,
-		},
-		{
-			name:             "expose-paths-grpc-new-cluster-http1",
-			create:           proxycfg.TestConfigSnapshotGRPCExposeHTTP1,
-			alsoRunTestForV2: true,
+			name:   "expose-paths-grpc-new-cluster-http1",
+			create: proxycfg.TestConfigSnapshotGRPCExposeHTTP1,
 		},
 		{
 			name: "mesh-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "default", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-using-federation-states",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
-		},
-		{
-			name: "mesh-gateway-using-federation-control-plane",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil)
-			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-no-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-service-subsets",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "service-subsets", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-ignore-extra-resolvers",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "ignore-extra-resolvers", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-service-timeouts",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "service-timeouts", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-non-hash-lb-injected",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "non-hash-lb-injected", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-hash-lb-ignored",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "hash-lb-ignored", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-tcp-keepalives",
@@ -654,8 +493,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_probes"] = 7
 				}, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway",
@@ -663,16 +500,12 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"default", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-nil-config-entry",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-with-tls-outgoing-min-version",
@@ -692,8 +525,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-with-tls-outgoing-max-version",
@@ -713,8 +544,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-with-tls-outgoing-cipher-suites",
@@ -737,8 +566,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-no-services",
@@ -746,8 +573,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp",
 					"default", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain",
@@ -755,8 +580,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"simple", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-service-max-connections",
@@ -767,8 +590,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 						entry.Listeners[0].Services[0].MaxConnections = 4096
 					}, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-defaults-service-max-connections",
@@ -783,8 +604,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 						}
 					}, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-overwrite-defaults-service-max-connections",
@@ -800,8 +619,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 						entry.Listeners[0].Services[0].MaxPendingRequests = 2048
 					}, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-service-passive-health-check",
@@ -811,14 +628,11 @@ func TestClustersFromSnapshot(t *testing.T) {
 					func(entry *structs.IngressGatewayConfigEntry) {
 						entry.Listeners[0].Services[0].MaxConnections = 4096
 						entry.Listeners[0].Services[0].PassiveHealthCheck = &structs.PassiveHealthCheck{
-							Interval:           5000000000,
-							MaxFailures:        10,
-							MaxEjectionPercent: uint32ptr(90),
+							Interval:    5000000000,
+							MaxFailures: 10,
 						}
 					}, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-defaults-passive-health-check",
@@ -835,13 +649,10 @@ func TestClustersFromSnapshot(t *testing.T) {
 								Interval:                5000000000,
 								MaxFailures:             10,
 								EnforcingConsecutive5xx: &enforcingConsecutive5xx,
-								MaxEjectionPercent:      uint32ptr(90),
 							},
 						}
 					}, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-overwrite-defaults-passive-health-check",
@@ -856,7 +667,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 							PassiveHealthCheck: &structs.PassiveHealthCheck{
 								Interval:                5000000000,
 								EnforcingConsecutive5xx: &defaultEnforcingConsecutive5xx,
-								MaxEjectionPercent:      uint32ptr(80),
 							},
 						}
 						enforcingConsecutive5xx := uint32(50)
@@ -865,13 +675,9 @@ func TestClustersFromSnapshot(t *testing.T) {
 						entry.Listeners[0].Services[0].PassiveHealthCheck = &structs.PassiveHealthCheck{
 							Interval:                8000000000,
 							EnforcingConsecutive5xx: &enforcingConsecutive5xx,
-							MaxEjectionPercent:      uint32ptr(90),
-							BaseEjectionTime:        durationPtr(12 * time.Second),
 						}
 					}, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-external-sni",
@@ -879,8 +685,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"external-sni", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-failover",
@@ -888,8 +692,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-failover-to-cluster-peer",
@@ -897,8 +699,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-to-cluster-peer", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-remote-gateway",
@@ -906,8 +706,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-remote-gateway", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-remote-gateway-triggered",
@@ -915,8 +713,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-remote-gateway-triggered", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-remote-gateway",
@@ -924,8 +720,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-remote-gateway", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered",
@@ -933,8 +727,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-remote-gateway-triggered", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-local-gateway",
@@ -942,8 +734,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-local-gateway", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-local-gateway-triggered",
@@ -951,8 +741,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-local-gateway-triggered", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-local-gateway",
@@ -960,8 +748,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-local-gateway", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-local-gateway-triggered",
@@ -969,8 +755,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-local-gateway-triggered", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-splitter-with-resolver-redirect",
@@ -978,8 +762,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"splitter-with-resolver-redirect-multidc", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-lb-in-resolver",
@@ -987,66 +769,46 @@ func TestClustersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"lb-resolver", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "terminating-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, nil)
 			},
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "terminating-gateway-no-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotTerminatingGateway(t, false, nil, nil)
 			},
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-service-subsets",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayServiceSubsetsWebAndCache,
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-hostname-service-subsets",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayHostnameSubsets,
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-sni",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewaySNI,
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-http2-upstream",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayHTTP2,
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-http2-upstream-subsets",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewaySubsetsHTTP2,
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-ignore-extra-resolvers",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers,
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-lb-config",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayLBConfigNoHashPolicies,
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "terminating-gateway-tcp-keepalives",
@@ -1061,24 +823,18 @@ func TestClustersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_probes"] = 5
 				}, nil)
 			},
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "ingress-multiple-listeners-duplicate-service",
 			create: proxycfg.TestConfigSnapshotIngress_MultipleListenersDuplicateService,
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
-			name:             "transparent-proxy-catalog-destinations-only",
-			create:           proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly,
-			alsoRunTestForV2: true,
+			name:   "transparent-proxy-catalog-destinations-only",
+			create: proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly,
 		},
 		{
-			name:             "transparent-proxy-dial-instances-directly",
-			create:           proxycfg.TestConfigSnapshotTransparentProxyDialDirectly,
-			alsoRunTestForV2: true,
+			name:   "transparent-proxy-dial-instances-directly",
+			create: proxycfg.TestConfigSnapshotTransparentProxyDialDirectly,
 		},
 	}
 
@@ -1110,10 +866,10 @@ func TestClustersFromSnapshot(t *testing.T) {
 						return clusters[i].(*envoy_cluster_v3.Cluster).Name < clusters[j].(*envoy_cluster_v3.Cluster).Name
 					})
 
-					r, err := response.CreateResponse(xdscommon.ClusterType, "00000001", "00000001", clusters)
+					r, err := createResponse(xdscommon.ClusterType, "00000001", "00000001", clusters)
 					require.NoError(t, err)
 
-					t.Run("current-xdsv1", func(t *testing.T) {
+					t.Run("current", func(t *testing.T) {
 						gotJSON := protoToJSON(t, r)
 
 						gName := tt.name
@@ -1123,40 +879,6 @@ func TestClustersFromSnapshot(t *testing.T) {
 
 						require.JSONEq(t, goldenEnvoy(t, filepath.Join("clusters", gName), envoyVersion, latestEnvoyVersion, gotJSON), gotJSON)
 					})
-
-					if tt.alsoRunTestForV2 {
-						generator := xdsv2.NewResourceGenerator(testutil.Logger(t))
-
-						converter := proxystateconverter.NewConverter(testutil.Logger(t), &mockCfgFetcher{addressLan: "10.10.10.10"})
-						proxyState, err := converter.ProxyStateFromSnapshot(snap)
-						require.NoError(t, err)
-
-						res, err := generator.AllResourcesFromIR(proxyState)
-						require.NoError(t, err)
-
-						clusters = res[xdscommon.ClusterType]
-
-						// The order of clusters returned via CDS isn't relevant, so it's safe
-						// to sort these for the purposes of test comparisons.
-						sort.Slice(clusters, func(i, j int) bool {
-							return clusters[i].(*envoy_cluster_v3.Cluster).Name < clusters[j].(*envoy_cluster_v3.Cluster).Name
-						})
-
-						r, err := response.CreateResponse(xdscommon.ClusterType, "00000001", "00000001", clusters)
-						require.NoError(t, err)
-
-						t.Run("current-xdsv2", func(t *testing.T) {
-							gotJSON := protoToJSON(t, r)
-
-							gName := tt.name
-							if tt.overrideGoldenName != "" {
-								gName = tt.overrideGoldenName
-							}
-
-							expectedJSON := goldenEnvoy(t, filepath.Join("clusters", gName), envoyVersion, latestEnvoyVersion, gotJSON)
-							require.JSONEq(t, expectedJSON, gotJSON)
-						})
-					}
 				})
 			}
 		})
@@ -1212,41 +934,6 @@ func customAppClusterJSON(t testinf.T, opts customClusterJSONOptions) string {
 	return buf.String()
 }
 
-var customClusterJSONTpl = `{
-	"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-	"name": "{{ .Name }}",
-	"connectTimeout": "15s",
-	"loadAssignment": {
-		"clusterName": "{{ .Name }}",
-		"endpoints": [
-			{
-				"lbEndpoints": [
-					{
-						"endpoint": {
-							"address": {
-								"socketAddress": {
-									"address": "1.2.3.4",
-									"portValue": 8443
-								}
-							}
-						}
-					}
-				]
-			}
-		]
-	}
-}`
-
-var customClusterJSONTemplate = template.Must(template.New("").Parse(customClusterJSONTpl))
-
-func customClusterJSON(t testinf.T, opts customClusterJSONOptions) string {
-	t.Helper()
-	var buf bytes.Buffer
-	err := customClusterJSONTemplate.Execute(&buf, opts)
-	require.NoError(t, err)
-	return buf.String()
-}
-
 func TestEnvoyLBConfig_InjectToCluster(t *testing.T) {
 	var tests = []struct {
 		name     string
diff --git a/agent/xds/config/config.go b/agent/xds/config.go
similarity index 98%
rename from agent/xds/config/config.go
rename to agent/xds/config.go
index 32c46d07d3ef..967bcb213dec 100644
--- a/agent/xds/config/config.go
+++ b/agent/xds/config.go
@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
-package config
+package xds
 
 import (
 	"strings"
@@ -229,9 +229,9 @@ func ToOutlierDetection(p *structs.PassiveHealthCheck, override *structs.Passive
 		// NOTE: EnforcingConsecutive5xx must be great than 0 for ingress-gateway
 		if *override.EnforcingConsecutive5xx != 0 {
 			od.EnforcingConsecutive_5Xx = &wrapperspb.UInt32Value{Value: *override.EnforcingConsecutive5xx}
+		} else if allowZero {
+			od.EnforcingConsecutive_5Xx = &wrapperspb.UInt32Value{Value: *override.EnforcingConsecutive5xx}
 		}
-		// Because only ingress gateways have overrides and they cannot have a value of 0, there is no allowZero
-		// override case to handle
 	}
 
 	if override.MaxEjectionPercent != nil {
diff --git a/agent/xds/config/config_test.go b/agent/xds/config_test.go
similarity index 99%
rename from agent/xds/config/config_test.go
rename to agent/xds/config_test.go
index 72e9a0e61461..e544c30b393e 100644
--- a/agent/xds/config/config_test.go
+++ b/agent/xds/config_test.go
@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
-package config
+package xds
 
 import (
 	"testing"
diff --git a/agent/xds/configfetcher/config_fetcher.go b/agent/xds/configfetcher/config_fetcher.go
deleted file mode 100644
index db7d4f2035d2..000000000000
--- a/agent/xds/configfetcher/config_fetcher.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package configfetcher
-
-// ConfigFetcher is the interface the agent needs to expose
-// for the xDS server to fetch agent config, currently only one field is fetched
-type ConfigFetcher interface {
-	AdvertiseAddrLAN() string
-}
diff --git a/agent/xds/delta.go b/agent/xds/delta.go
index d239f2bd51a5..15c59193e626 100644
--- a/agent/xds/delta.go
+++ b/agent/xds/delta.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -19,6 +19,7 @@ import (
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
 	"github.com/hashicorp/go-hclog"
 	goversion "github.com/hashicorp/go-version"
+
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/proto"
@@ -28,16 +29,11 @@ import (
 	external "github.com/hashicorp/consul/agent/grpc-external"
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/xds/configfetcher"
+	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/extensionruntime"
-	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/internal/mesh"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
 	"github.com/hashicorp/consul/logging"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/version"
 )
 
@@ -88,40 +84,6 @@ func (s *Server) DeltaAggregatedResources(stream ADSDeltaStream) error {
 	return err
 }
 
-// getEnvoyConfiguration is a utility function that instantiates the proper
-// Envoy resource generator based on whether it was passed a ConfigSource or
-// ProxyState implementation of the ProxySnapshot interface and returns the
-// generated Envoy configuration.
-func getEnvoyConfiguration(proxySnapshot proxysnapshot.ProxySnapshot, logger hclog.Logger, cfgFetcher configfetcher.ConfigFetcher) (map[string][]proto.Message, error) {
-	switch proxySnapshot.(type) {
-	case *proxycfg.ConfigSnapshot:
-		logger.Trace("ProxySnapshot update channel received a ProxySnapshot of type ConfigSnapshot",
-			"proxySnapshot", proxySnapshot,
-		)
-		generator := NewResourceGenerator(
-			logger,
-			cfgFetcher,
-			true,
-		)
-
-		c := proxySnapshot.(*proxycfg.ConfigSnapshot)
-		logger.Trace("ConfigSnapshot", c)
-		return generator.AllResourcesFromSnapshot(c)
-	case *proxytracker.ProxyState:
-		logger.Trace("ProxySnapshot update channel received a ProxySnapshot of type ProxyState",
-			"proxySnapshot", proxySnapshot,
-		)
-		generator := xdsv2.NewResourceGenerator(
-			logger,
-		)
-		c := proxySnapshot.(*proxytracker.ProxyState)
-		logger.Trace("ProxyState", c)
-		return generator.AllResourcesFromIR(c)
-	default:
-		return nil, errors.New("proxysnapshot must be of type ProxyState or ConfigSnapshot")
-	}
-}
-
 const (
 	stateDeltaInit int = iota
 	stateDeltaPendingInitialConfig
@@ -136,13 +98,14 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 
 	// Loop state
 	var (
-		proxySnapshot proxysnapshot.ProxySnapshot
-		node          *envoy_config_core_v3.Node
-		stateCh       <-chan proxysnapshot.ProxySnapshot
-		drainCh       limiter.SessionTerminatedChan
-		watchCancel   func()
-		nonce         uint64 // xDS requires a unique nonce to correlate response/request pairs
-		ready         bool   // set to true after the first snapshot arrives
+		cfgSnap     *proxycfg.ConfigSnapshot
+		node        *envoy_config_core_v3.Node
+		stateCh     <-chan *proxycfg.ConfigSnapshot
+		drainCh     limiter.SessionTerminatedChan
+		watchCancel func()
+		proxyID     structs.ServiceID
+		nonce       uint64 // xDS requires a unique nonce to correlate response/request pairs
+		ready       bool   // set to true after the first snapshot arrives
 
 		streamStartTime = time.Now()
 		streamStartOnce sync.Once
@@ -154,30 +117,42 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 		// type => name => proto
 		resourceMap = xdscommon.EmptyIndexedResources()
 
-		// currentVersions is the xDS versioning represented by Resources.
+		// currentVersions is the the xDS versioning represented by Resources.
 		//
 		// type => name => version (as consul knows right now)
 		currentVersions = make(map[string]map[string]string)
 	)
 
-	logger := s.Logger.Named(logging.XDS).With("xdsVersion", "v3")
+	generator := NewResourceGenerator(
+		s.Logger.Named(logging.XDS).With("xdsVersion", "v3"),
+		s.CfgFetcher,
+		true,
+	)
 
 	// need to run a small state machine to get through initial authentication.
 	var state = stateDeltaInit
 
 	// Configure handlers for each type of request we currently care about.
 	handlers := map[string]*xDSDeltaType{
-		xdscommon.ListenerType: newDeltaType(logger, stream, xdscommon.ListenerType, func() bool {
-			return proxySnapshot.AllowEmptyListeners()
+		xdscommon.ListenerType: newDeltaType(generator, stream, xdscommon.ListenerType, func(kind structs.ServiceKind) bool {
+			// Ingress and API gateways are allowed to inform LDS of no listeners.
+			return cfgSnap.Kind == structs.ServiceKindIngressGateway ||
+				cfgSnap.Kind == structs.ServiceKindAPIGateway
 		}),
-		xdscommon.RouteType: newDeltaType(logger, stream, xdscommon.RouteType, func() bool {
-			return proxySnapshot.AllowEmptyRoutes()
+		xdscommon.RouteType: newDeltaType(generator, stream, xdscommon.RouteType, func(kind structs.ServiceKind) bool {
+			// Ingress and API gateways are allowed to inform RDS of no routes.
+			return cfgSnap.Kind == structs.ServiceKindIngressGateway ||
+				cfgSnap.Kind == structs.ServiceKindAPIGateway
 		}),
-		xdscommon.ClusterType: newDeltaType(logger, stream, xdscommon.ClusterType, func() bool {
-			return proxySnapshot.AllowEmptyClusters()
+		xdscommon.ClusterType: newDeltaType(generator, stream, xdscommon.ClusterType, func(kind structs.ServiceKind) bool {
+			// Mesh, Ingress, API and Terminating gateways are allowed to inform CDS of no clusters.
+			return cfgSnap.Kind == structs.ServiceKindMeshGateway ||
+				cfgSnap.Kind == structs.ServiceKindTerminatingGateway ||
+				cfgSnap.Kind == structs.ServiceKindIngressGateway ||
+				cfgSnap.Kind == structs.ServiceKindAPIGateway
 		}),
-		xdscommon.EndpointType: newDeltaType(logger, stream, xdscommon.EndpointType, nil),
-		xdscommon.SecretType:   newDeltaType(logger, stream, xdscommon.SecretType, nil), // TODO allowEmptyFn
+		xdscommon.EndpointType: newDeltaType(generator, stream, xdscommon.EndpointType, nil),
+		xdscommon.SecretType:   newDeltaType(generator, stream, xdscommon.SecretType, nil), // TODO allowEmptyFn
 	}
 
 	// Endpoints are stored within a Cluster (and Routes
@@ -203,19 +178,19 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 		authTimer = time.After(s.AuthCheckFrequency)
 	}
 
-	checkStreamACLs := func(proxySnap proxysnapshot.ProxySnapshot) error {
-		return s.authorize(stream.Context(), proxySnap)
+	checkStreamACLs := func(cfgSnap *proxycfg.ConfigSnapshot) error {
+		return s.authorize(stream.Context(), cfgSnap)
 	}
 
 	for {
 		select {
 		case <-drainCh:
-			logger.Debug("draining stream to rebalance load")
+			generator.Logger.Debug("draining stream to rebalance load")
 			metrics.IncrCounter([]string{"xds", "server", "streamDrained"}, 1)
 			return errOverwhelmed
 		case <-authTimer:
 			// It's been too long since a Discovery{Request,Response} so recheck ACLs.
-			if err := checkStreamACLs(proxySnapshot); err != nil {
+			if err := checkStreamACLs(cfgSnap); err != nil {
 				return err
 			}
 			extendAuthTimer()
@@ -229,29 +204,28 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 				return nil
 			}
 
-			logTraceRequest(logger, "Incremental xDS v3", req)
+			generator.logTraceRequest("Incremental xDS v3", req)
 
 			if req.TypeUrl == "" {
 				return status.Errorf(codes.InvalidArgument, "type URL is required for ADS")
 			}
 
-			var proxyFeatures xdscommon.SupportedProxyFeatures
 			if node == nil && req.Node != nil {
 				node = req.Node
 				var err error
-				proxyFeatures, err = xdscommon.DetermineSupportedProxyFeatures(req.Node)
+				generator.ProxyFeatures, err = xdscommon.DetermineSupportedProxyFeatures(req.Node)
 				if err != nil {
 					return status.Errorf(codes.InvalidArgument, err.Error())
 				}
 			}
 
 			if handler, ok := handlers[req.TypeUrl]; ok {
-				switch handler.Recv(req, proxyFeatures) {
+				switch handler.Recv(req, generator.ProxyFeatures) {
 				case deltaRecvNewSubscription:
-					logger.Trace("subscribing to type", "typeUrl", req.TypeUrl)
+					generator.Logger.Trace("subscribing to type", "typeUrl", req.TypeUrl)
 
 				case deltaRecvResponseNack:
-					logger.Trace("got nack response for type", "typeUrl", req.TypeUrl)
+					generator.Logger.Trace("got nack response for type", "typeUrl", req.TypeUrl)
 
 					// There is no reason to believe that generating new xDS resources from the same snapshot
 					// would lead to an ACK from Envoy. Instead we continue to the top of this for loop and wait
@@ -270,21 +244,21 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 				// would've already exited this loop.
 				return status.Error(codes.Aborted, "xDS stream terminated due to an irrecoverable error, please try again")
 			}
-			proxySnapshot = cs
+			cfgSnap = cs
 
-			newRes, err := getEnvoyConfiguration(proxySnapshot, logger, s.CfgFetcher)
+			newRes, err := generator.AllResourcesFromSnapshot(cfgSnap)
 			if err != nil {
 				return status.Errorf(codes.Unavailable, "failed to generate all xDS resources from the snapshot: %v", err)
 			}
 
 			// index and hash the xDS structures
-			newResourceMap := xdscommon.IndexResources(logger, newRes)
+			newResourceMap := xdscommon.IndexResources(generator.Logger, newRes)
 
 			if s.ResourceMapMutateFn != nil {
 				s.ResourceMapMutateFn(newResourceMap)
 			}
 
-			if newResourceMap, err = s.applyEnvoyExtensions(newResourceMap, proxySnapshot, node); err != nil {
+			if newResourceMap, err = s.applyEnvoyExtensions(newResourceMap, cfgSnap, node); err != nil {
 				// err is already the result of calling status.Errorf
 				return err
 			}
@@ -318,7 +292,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 			}
 
 			// Start authentication process, we need the proxyID
-			proxyID := newResourceIDFromEnvoyNode(node)
+			proxyID = structs.NewServiceID(node.Id, parseEnterpriseMeta(node))
 
 			// Start watching config for that proxy
 			var err error
@@ -327,12 +301,12 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 				return status.Errorf(codes.Internal, "failed to watch proxy service: %s", err)
 			}
 
-			stateCh, drainCh, watchCancel, err = s.ProxyWatcher.Watch(proxyID, nodeName, options.Token)
+			stateCh, drainCh, watchCancel, err = s.CfgSrc.Watch(proxyID, nodeName, options.Token)
 			switch {
 			case errors.Is(err, limiter.ErrCapacityReached):
 				return errOverwhelmed
 			case err != nil:
-				return status.Errorf(codes.Internal, "failed to watch proxy: %s", err)
+				return status.Errorf(codes.Internal, "failed to watch proxy service: %s", err)
 			}
 			// Note that in this case we _intend_ the defer to only be triggered when
 			// this whole process method ends (i.e. when streaming RPC aborts) not at
@@ -341,14 +315,14 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 			// state machine.
 			defer watchCancel()
 
-			logger = logger.With("service_id", proxyID.Name) // enhance future logs
+			generator.Logger = generator.Logger.With("service_id", proxyID.String()) // enhance future logs
 
-			logger.Trace("watching proxy, pending initial proxycfg snapshot for xDS")
+			generator.Logger.Trace("watching proxy, pending initial proxycfg snapshot for xDS")
 
 			// Now wait for the config so we can check ACL
 			state = stateDeltaPendingInitialConfig
 		case stateDeltaPendingInitialConfig:
-			if proxySnapshot == nil {
+			if cfgSnap == nil {
 				// Nothing we can do until we get the initial config
 				continue
 			}
@@ -357,18 +331,23 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 			state = stateDeltaRunning
 
 			// Upgrade the logger
-			loggerName := proxySnapshot.LoggerName()
-			if loggerName != "" {
-				logger = logger.Named(loggerName)
+			switch cfgSnap.Kind {
+			case structs.ServiceKindConnectProxy:
+			case structs.ServiceKindTerminatingGateway:
+				generator.Logger = generator.Logger.Named(logging.TerminatingGateway)
+			case structs.ServiceKindMeshGateway:
+				generator.Logger = generator.Logger.Named(logging.MeshGateway)
+			case structs.ServiceKindIngressGateway:
+				generator.Logger = generator.Logger.Named(logging.IngressGateway)
 			}
 
-			logger.Trace("Got initial config snapshot")
+			generator.Logger.Trace("Got initial config snapshot")
 
 			// Let's actually process the config we just got, or we'll miss responding
 			fallthrough
 		case stateDeltaRunning:
 			// Check ACLs on every Discovery{Request,Response}.
-			if err := checkStreamACLs(proxySnapshot); err != nil {
+			if err := checkStreamACLs(cfgSnap); err != nil {
 				return err
 			}
 			// For the first time through the state machine, this is when the
@@ -376,11 +355,11 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 			extendAuthTimer()
 
 			if !ready {
-				logger.Trace("Skipping delta computation because we haven't gotten a snapshot yet")
+				generator.Logger.Trace("Skipping delta computation because we haven't gotten a snapshot yet")
 				continue
 			}
 
-			logger.Trace("Invoking all xDS resource handlers and sending changed data if there are any")
+			generator.Logger.Trace("Invoking all xDS resource handlers and sending changed data if there are any")
 
 			streamStartOnce.Do(func() {
 				metrics.MeasureSince([]string{"xds", "server", "streamStart"}, streamStartTime)
@@ -389,7 +368,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 			for _, op := range xDSUpdateOrder {
 				if op.TypeUrl == xdscommon.ListenerType || op.TypeUrl == xdscommon.RouteType {
 					if clusterHandler := handlers[xdscommon.ClusterType]; clusterHandler.registered && len(clusterHandler.pendingUpdates) > 0 {
-						logger.Trace("Skipping delta computation for resource because there are dependent updates pending",
+						generator.Logger.Trace("Skipping delta computation for resource because there are dependent updates pending",
 							"typeUrl", op.TypeUrl, "dependent", xdscommon.ClusterType)
 
 						// Receiving an ACK from Envoy will unblock the select statement above,
@@ -397,7 +376,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 						break
 					}
 					if endpointHandler := handlers[xdscommon.EndpointType]; endpointHandler.registered && len(endpointHandler.pendingUpdates) > 0 {
-						logger.Trace("Skipping delta computation for resource because there are dependent updates pending",
+						generator.Logger.Trace("Skipping delta computation for resource because there are dependent updates pending",
 							"typeUrl", op.TypeUrl, "dependent", xdscommon.EndpointType)
 
 						// Receiving an ACK from Envoy will unblock the select statement above,
@@ -405,7 +384,14 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 						break
 					}
 				}
-				err, _ := handlers[op.TypeUrl].SendIfNew(currentVersions[op.TypeUrl], resourceMap, &nonce, op.Upsert, op.Remove)
+				err, _ := handlers[op.TypeUrl].SendIfNew(
+					cfgSnap.Kind,
+					currentVersions[op.TypeUrl],
+					resourceMap,
+					&nonce,
+					op.Upsert,
+					op.Remove,
+				)
 				if err != nil {
 					return status.Errorf(codes.Unavailable,
 						"failed to send %sreply for type %q: %v",
@@ -417,37 +403,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 	}
 }
 
-// newResourceIDFromEnvoyNode is a utility function that allows creating a
-// Resource ID from an Envoy proxy node so that existing delta calls can easily
-// use ProxyWatcher interface arguments for Watch().
-func newResourceIDFromEnvoyNode(node *envoy_config_core_v3.Node) *pbresource.ID {
-	entMeta := parseEnterpriseMeta(node)
-
-	return &pbresource.ID{
-		Name: node.Id,
-		Tenancy: &pbresource.Tenancy{
-			Namespace: entMeta.NamespaceOrDefault(),
-			Partition: entMeta.PartitionOrDefault(),
-		},
-		Type: mesh.ProxyStateTemplateConfigurationV1Alpha1Type,
-	}
-}
-
-func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, proxySnapshot proxysnapshot.ProxySnapshot, node *envoy_config_core_v3.Node) (*xdscommon.IndexedResources, error) {
-	// TODO(proxystate)
-	// This is a workaround for now as envoy extensions are not yet supported with ProxyState.
-	// For now, we cast to proxycfg.ConfigSnapshot and no-op if it's the pbmesh.ProxyState type.
-	var snapshot *proxycfg.ConfigSnapshot
-	switch proxySnapshot.(type) {
-	//TODO(proxystate): implement envoy extensions for ProxyState
-	case *proxytracker.ProxyState:
-		return resources, nil
-	case *proxycfg.ConfigSnapshot:
-		snapshot = proxySnapshot.(*proxycfg.ConfigSnapshot)
-	default:
-		return nil, status.Errorf(codes.InvalidArgument,
-			"unsupported config snapshot type to apply envoy extensions to %T", proxySnapshot)
-	}
+func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, cfgSnap *proxycfg.ConfigSnapshot, node *envoy_config_core_v3.Node) (*xdscommon.IndexedResources, error) {
 	var err error
 	envoyVersion := xdscommon.DetermineEnvoyVersionFromNode(node)
 	consulVersion, err := goversion.NewVersion(version.Version)
@@ -456,10 +412,10 @@ func (s *Server) applyEnvoyExtensions(resources *xdscommon.IndexedResources, pro
 		return nil, status.Errorf(codes.InvalidArgument, "failed to parse Consul version")
 	}
 
-	serviceConfigs := extensionruntime.GetRuntimeConfigurations(snapshot)
+	serviceConfigs := extensionruntime.GetRuntimeConfigurations(cfgSnap)
 	for _, cfgs := range serviceConfigs {
 		for _, cfg := range cfgs {
-			resources, err = validateAndApplyEnvoyExtension(s.Logger, snapshot, resources, cfg, envoyVersion, consulVersion)
+			resources, err = validateAndApplyEnvoyExtension(s.Logger, cfgSnap, resources, cfg, envoyVersion, consulVersion)
 
 			if err != nil {
 				return nil, err
@@ -669,10 +625,10 @@ type xDSDeltaChild struct {
 }
 
 type xDSDeltaType struct {
-	logger       hclog.Logger
+	generator    *ResourceGenerator
 	stream       ADSDeltaStream
 	typeURL      string
-	allowEmptyFn func() bool
+	allowEmptyFn func(kind structs.ServiceKind) bool
 
 	// deltaChild contains data for an xDS child type if there is one.
 	// For example, endpoints are a child type of clusters.
@@ -721,13 +677,13 @@ type PendingUpdate struct {
 }
 
 func newDeltaType(
-	logger hclog.Logger,
+	generator *ResourceGenerator,
 	stream ADSDeltaStream,
 	typeUrl string,
-	allowEmptyFn func() bool,
+	allowEmptyFn func(kind structs.ServiceKind) bool,
 ) *xDSDeltaType {
 	return &xDSDeltaType{
-		logger:           logger,
+		generator:        generator,
 		stream:           stream,
 		typeURL:          typeUrl,
 		allowEmptyFn:     allowEmptyFn,
@@ -744,6 +700,7 @@ func (t *xDSDeltaType) Recv(req *envoy_discovery_v3.DeltaDiscoveryRequest, sf xd
 	if t == nil {
 		return deltaRecvUnknownType // not something we care about
 	}
+	logger := t.generator.Logger.With("typeUrl", t.typeURL)
 
 	registeredThisTime := false
 	if !t.registered {
@@ -780,10 +737,10 @@ func (t *xDSDeltaType) Recv(req *envoy_discovery_v3.DeltaDiscoveryRequest, sf xd
 			response_nonce, with presence of error_detail making it a NACK).
 		*/
 		if req.ErrorDetail == nil {
-			t.logger.Trace("got ok response from envoy proxy", "nonce", req.ResponseNonce)
+			logger.Trace("got ok response from envoy proxy", "nonce", req.ResponseNonce)
 			t.ack(req.ResponseNonce)
 		} else {
-			t.logger.Error("got error response from envoy proxy", "nonce", req.ResponseNonce,
+			logger.Error("got error response from envoy proxy", "nonce", req.ResponseNonce,
 				"error", status.ErrorProto(req.ErrorDetail))
 			t.nack(req.ResponseNonce)
 			return deltaRecvResponseNack
@@ -799,7 +756,7 @@ func (t *xDSDeltaType) Recv(req *envoy_discovery_v3.DeltaDiscoveryRequest, sf xd
 			the client already possesses, using the initial_resource_versions
 			field.
 		*/
-		t.logger.Trace("setting initial resource versions for stream",
+		logger.Trace("setting initial resource versions for stream",
 			"resources", req.InitialResourceVersions)
 		t.resourceVersions = req.InitialResourceVersions
 		if !t.wildcard {
@@ -850,9 +807,9 @@ func (t *xDSDeltaType) Recv(req *envoy_discovery_v3.DeltaDiscoveryRequest, sf xd
 			}
 
 			if alreadySubscribed {
-				t.logger.Trace("re-subscribing resource for stream", "resource", name)
+				logger.Trace("re-subscribing resource for stream", "resource", name)
 			} else {
-				t.logger.Trace("subscribing resource for stream", "resource", name)
+				logger.Trace("subscribing resource for stream", "resource", name)
 			}
 		}
 
@@ -861,7 +818,7 @@ func (t *xDSDeltaType) Recv(req *envoy_discovery_v3.DeltaDiscoveryRequest, sf xd
 				continue
 			}
 			delete(t.subscriptions, name)
-			t.logger.Trace("unsubscribing resource for stream", "resource", name)
+			logger.Trace("unsubscribing resource for stream", "resource", name)
 			// NOTE: we'll let the normal differential comparison handle cleaning up resourceVersions
 		}
 	}
@@ -895,6 +852,7 @@ func (t *xDSDeltaType) nack(nonce string) {
 }
 
 func (t *xDSDeltaType) SendIfNew(
+	kind structs.ServiceKind,
 	currentVersions map[string]string, // type => name => version (as consul knows right now)
 	resourceMap *xdscommon.IndexedResources,
 	nonce *uint64,
@@ -909,9 +867,9 @@ func (t *xDSDeltaType) SendIfNew(
 		return nil, false
 	}
 
-	logger := t.logger.With("typeUrl", t.typeURL)
+	logger := t.generator.Logger.With("typeUrl", t.typeURL)
 
-	allowEmpty := t.allowEmptyFn != nil && t.allowEmptyFn()
+	allowEmpty := t.allowEmptyFn != nil && t.allowEmptyFn(kind)
 
 	// Zero length resource responses should be ignored and are the result of no
 	// data yet. Notice that this caused a bug originally where we had zero
@@ -936,7 +894,7 @@ func (t *xDSDeltaType) SendIfNew(
 	*nonce++
 	resp.Nonce = fmt.Sprintf("%08x", *nonce)
 
-	logTraceResponse(t.logger, "Incremental xDS v3", resp)
+	t.generator.logTraceResponse("Incremental xDS v3", resp)
 
 	logger.Trace("sending response", "nonce", resp.Nonce)
 	if err := t.stream.Send(resp); err != nil {
@@ -1088,7 +1046,7 @@ func (t *xDSDeltaType) ensureChildResend(parentName, childName string) {
 		return
 	}
 
-	t.logger.Trace(
+	t.generator.Logger.Trace(
 		"triggering implicit update of resource",
 		"typeUrl", t.typeURL,
 		"resource", parentName,
diff --git a/agent/xds/delta_envoy_extender_ce_test.go b/agent/xds/delta_envoy_extender_ce_test.go
index 0607919ef5a5..10411e353cec 100644
--- a/agent/xds/delta_envoy_extender_ce_test.go
+++ b/agent/xds/delta_envoy_extender_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
@@ -21,12 +21,12 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/proto"
 
+	"github.com/hashicorp/consul/agent/xds/testcommon"
+
 	propertyoverride "github.com/hashicorp/consul/agent/envoyextensions/builtin/property-override"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/extensionruntime"
-	"github.com/hashicorp/consul/agent/xds/response"
-	"github.com/hashicorp/consul/agent/xds/testcommon"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
@@ -803,7 +803,7 @@ end`,
 						}
 
 						sort.Slice(msgs, entity.sorter(msgs))
-						r, err := response.CreateResponse(entity.key, "00000001", "00000001", msgs)
+						r, err := createResponse(entity.key, "00000001", "00000001", msgs)
 						require.NoError(t, err)
 
 						t.Run(entity.name, func(t *testing.T) {
diff --git a/agent/xds/delta_envoy_extender_test.go b/agent/xds/delta_envoy_extender_test.go
index cfa762cb049e..6cd57fa53a04 100644
--- a/agent/xds/delta_envoy_extender_test.go
+++ b/agent/xds/delta_envoy_extender_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
diff --git a/agent/xds/delta_test.go b/agent/xds/delta_test.go
index d93d06271bac..052e72ad558d 100644
--- a/agent/xds/delta_test.go
+++ b/agent/xds/delta_test.go
@@ -1,12 +1,11 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
 import (
 	"errors"
 	"fmt"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"strconv"
 	"strings"
 	"sync"
@@ -18,22 +17,24 @@ import (
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
+	"github.com/hashicorp/go-hclog"
+	goversion "github.com/hashicorp/go-version"
+	"github.com/stretchr/testify/require"
+	rpcstatus "google.golang.org/genproto/googleapis/rpc/status"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
+
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/hashicorp/consul/version"
-	"github.com/hashicorp/go-hclog"
-	goversion "github.com/hashicorp/go-version"
-	"github.com/stretchr/testify/require"
-	rpcstatus "google.golang.org/genproto/googleapis/rpc/status"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
 )
 
 // NOTE: For these tests, prefer not using xDS protobuf "factory" methods if
@@ -1695,12 +1696,6 @@ func Test_validateAndApplyEnvoyExtension_Validations(t *testing.T) {
 			runtimeConfig: makeRuntimeConfig(false, ">= 1.15.0", ">= 1.25.0", map[string]interface{}{"bad": "args"}),
 			err:           false,
 		},
-		{
-			name:          "valid everything - no resources and required",
-			runtimeConfig: makeRuntimeConfig(true, ">= 1.15.0", ">= 1.25.0", nil),
-			err:           true,
-			errString:     "failed to patch xDS resources in",
-		},
 		{
 			name:          "valid everything",
 			runtimeConfig: makeRuntimeConfig(false, ">= 1.15.0", ">= 1.25.0", nil),
diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go
index a2c36f06bdc2..021f9ae23ef3 100644
--- a/agent/xds/endpoints.go
+++ b/agent/xds/endpoints.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -8,20 +8,17 @@ import (
 	"fmt"
 	"strconv"
 
-	"github.com/hashicorp/go-hclog"
-
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/go-bexpr"
 	"google.golang.org/protobuf/proto"
 
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 )
 
 const (
@@ -138,10 +135,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg.
 		endpoints, ok := cfgSnap.ConnectProxy.PreparedQueryEndpoints[uid]
 		if ok {
 			la := makeLoadAssignment(
-				s.Logger,
-				cfgSnap,
 				clusterName,
-				nil,
 				[]loadAssignmentEndpointGroup{
 					{Endpoints: endpoints},
 				},
@@ -164,10 +158,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg.
 			endpoints, ok := cfgSnap.ConnectProxy.DestinationGateways.Get(uid)
 			if ok {
 				la := makeLoadAssignment(
-					s.Logger,
-					cfgSnap,
 					name,
-					nil,
 					[]loadAssignmentEndpointGroup{
 						{Endpoints: endpoints},
 					},
@@ -233,10 +224,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 			clusterName := connect.GatewaySNI(key.Datacenter, key.Partition, cfgSnap.Roots.TrustDomain)
 
 			la := makeLoadAssignment(
-				s.Logger,
-				cfgSnap,
 				clusterName,
-				nil,
 				[]loadAssignmentEndpointGroup{
 					{Endpoints: endpoints},
 				},
@@ -251,10 +239,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 
 			clusterName := cfgSnap.ServerSNIFn(key.Datacenter, "")
 			la := makeLoadAssignment(
-				s.Logger,
-				cfgSnap,
 				clusterName,
-				nil,
 				[]loadAssignmentEndpointGroup{
 					{Endpoints: endpoints},
 				},
@@ -279,7 +264,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 			lbEndpoint := &envoy_endpoint_v3.LbEndpoint{
 				HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 					Endpoint: &envoy_endpoint_v3.Endpoint{
-						Address: response.MakeAddress(addr, port),
+						Address: makeAddress(addr, port),
 					},
 				},
 				HealthStatus: envoy_core_v3.HealthStatus_UNKNOWN,
@@ -336,7 +321,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 			serverEndpoints = append(serverEndpoints, &envoy_endpoint_v3.LbEndpoint{
 				HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 					Endpoint: &envoy_endpoint_v3.Endpoint{
-						Address: response.MakeAddress(addr, port),
+						Address: makeAddress(addr, port),
 					},
 				},
 			})
@@ -424,10 +409,7 @@ func (s *ResourceGenerator) endpointsFromServicesAndResolvers(
 		for subsetName, groups := range clusterEndpoints {
 			clusterName := connect.ServiceSNI(svc.Name, subsetName, svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
 			la := makeLoadAssignment(
-				s.Logger,
-				cfgSnap,
 				clusterName,
-				nil,
 				groups,
 				cfgSnap.Locality,
 			)
@@ -462,10 +444,7 @@ func (s *ResourceGenerator) makeEndpointsForOutgoingPeeredServices(
 			groups := []loadAssignmentEndpointGroup{{Endpoints: serviceGroup.Nodes, OnlyPassing: false}}
 
 			la := makeLoadAssignment(
-				s.Logger,
-				cfgSnap,
 				clusterName,
-				nil,
 				groups,
 				// Use an empty key here so that it never matches. This will force the mesh gateway to always
 				// reference the remote mesh gateway's wan addr.
@@ -585,7 +564,7 @@ func makeEndpoint(host string, port int) *envoy_endpoint_v3.LbEndpoint {
 	return &envoy_endpoint_v3.LbEndpoint{
 		HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 			Endpoint: &envoy_endpoint_v3.Endpoint{
-				Address: response.MakeAddress(host, port),
+				Address: makeAddress(host, port),
 			},
 		},
 	}
@@ -595,7 +574,7 @@ func makePipeEndpoint(path string) *envoy_endpoint_v3.LbEndpoint {
 	return &envoy_endpoint_v3.LbEndpoint{
 		HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 			Endpoint: &envoy_endpoint_v3.Endpoint{
-				Address: response.MakePipeAddress(path, 0),
+				Address: makePipeAddress(path, 0),
 			},
 		},
 	}
@@ -627,10 +606,7 @@ func (s *ResourceGenerator) makeUpstreamLoadAssignmentForPeerService(
 			return la, nil
 		}
 		la = makeLoadAssignment(
-			s.Logger,
-			cfgSnap,
 			clusterName,
-			nil,
 			[]loadAssignmentEndpointGroup{
 				{Endpoints: localGw},
 			},
@@ -650,10 +626,7 @@ func (s *ResourceGenerator) makeUpstreamLoadAssignmentForPeerService(
 		return nil, nil
 	}
 	la = makeLoadAssignment(
-		s.Logger,
-		cfgSnap,
 		clusterName,
-		nil,
 		[]loadAssignmentEndpointGroup{
 			{Endpoints: endpoints},
 		},
@@ -750,6 +723,7 @@ func (s *ResourceGenerator) endpointsFromDiscoveryChain(
 			}
 			switch len(groupedTarget.Targets) {
 			case 0:
+				s.Logger.Trace("skipping endpoint generation for zero-length target group", "cluster", clusterName)
 				continue
 			case 1:
 				// We expect one target so this passes through to continue setting the load assignment up.
@@ -757,7 +731,7 @@ func (s *ResourceGenerator) endpointsFromDiscoveryChain(
 				return nil, fmt.Errorf("cannot have more than one target")
 			}
 			ti := groupedTarget.Targets[0]
-			s.Logger.Debug("generating endpoints for", "cluster", clusterName, "targetID", ti.TargetID)
+			s.Logger.Trace("generating endpoints for", "cluster", clusterName, "targetID", ti.TargetID, "gatewayKey", gatewayKey)
 			targetUID := proxycfg.NewUpstreamIDFromTargetID(ti.TargetID)
 			if targetUID.Peer != "" {
 				loadAssignment, err := s.makeUpstreamLoadAssignmentForPeerService(cfgSnap, clusterName, targetUID, mgwMode)
@@ -779,14 +753,12 @@ func (s *ResourceGenerator) endpointsFromDiscoveryChain(
 				forMeshGateway,
 			)
 			if !valid {
+				s.Logger.Trace("skipping endpoint generation for invalid target group", "cluster", clusterName)
 				continue // skip the cluster if we're still populating the snapshot
 			}
 
 			la := makeLoadAssignment(
-				s.Logger,
-				cfgSnap,
 				clusterName,
-				ti.PrioritizeByLocality,
 				[]loadAssignmentEndpointGroup{endpointGroup},
 				gatewayKey,
 			)
@@ -872,7 +844,7 @@ type loadAssignmentEndpointGroup struct {
 	OverrideHealth envoy_core_v3.HealthStatus
 }
 
-func makeLoadAssignment(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot, clusterName string, policy *structs.DiscoveryPrioritizeByLocality, endpointGroups []loadAssignmentEndpointGroup, localKey proxycfg.GatewayKey) *envoy_endpoint_v3.ClusterLoadAssignment {
+func makeLoadAssignment(clusterName string, endpointGroups []loadAssignmentEndpointGroup, localKey proxycfg.GatewayKey) *envoy_endpoint_v3.ClusterLoadAssignment {
 	cla := &envoy_endpoint_v3.ClusterLoadAssignment{
 		ClusterName: clusterName,
 		Endpoints:   make([]*envoy_endpoint_v3.LocalityLbEndpoints, 0, len(endpointGroups)),
@@ -882,50 +854,39 @@ func makeLoadAssignment(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot, c
 		cla.Policy = &envoy_endpoint_v3.ClusterLoadAssignment_Policy{
 			// We choose such a large value here that the failover math should
 			// in effect not happen until zero instances are healthy.
-			OverprovisioningFactor: response.MakeUint32Value(100000),
+			OverprovisioningFactor: makeUint32Value(100000),
 		}
 	}
 
-	var priority uint32
+	for priority, endpointGroup := range endpointGroups {
+		endpoints := endpointGroup.Endpoints
+		es := make([]*envoy_endpoint_v3.LbEndpoint, 0, len(endpoints))
 
-	for _, endpointGroup := range endpointGroups {
-		endpointsByLocality, err := groupedEndpoints(logger, cfgSnap.ServiceLocality, policy, endpointGroup.Endpoints)
+		for _, ep := range endpoints {
+			// TODO (mesh-gateway) - should we respect the translate_wan_addrs configuration here or just always use the wan for cross-dc?
+			_, addr, port := ep.BestAddress(!localKey.Matches(ep.Node.Datacenter, ep.Node.PartitionOrDefault()))
+			healthStatus, weight := calculateEndpointHealthAndWeight(ep, endpointGroup.OnlyPassing)
 
-		if err != nil {
-			continue
-		}
-
-		for _, endpoints := range endpointsByLocality {
-			es := make([]*envoy_endpoint_v3.LbEndpoint, 0, len(endpointGroup.Endpoints))
-
-			for _, ep := range endpoints {
-				// TODO (mesh-gateway) - should we respect the translate_wan_addrs configuration here or just always use the wan for cross-dc?
-				_, addr, port := ep.BestAddress(!localKey.Matches(ep.Node.Datacenter, ep.Node.PartitionOrDefault()))
-				healthStatus, weight := calculateEndpointHealthAndWeight(ep, endpointGroup.OnlyPassing)
-
-				if endpointGroup.OverrideHealth != envoy_core_v3.HealthStatus_UNKNOWN {
-					healthStatus = endpointGroup.OverrideHealth
-				}
-
-				endpoint := &envoy_endpoint_v3.Endpoint{
-					Address: response.MakeAddress(addr, port),
-				}
-				es = append(es, &envoy_endpoint_v3.LbEndpoint{
-					HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
-						Endpoint: endpoint,
-					},
-					HealthStatus:        healthStatus,
-					LoadBalancingWeight: response.MakeUint32Value(weight),
-				})
+			if endpointGroup.OverrideHealth != envoy_core_v3.HealthStatus_UNKNOWN {
+				healthStatus = endpointGroup.OverrideHealth
 			}
 
-			cla.Endpoints = append(cla.Endpoints, &envoy_endpoint_v3.LocalityLbEndpoints{
-				Priority:    priority,
-				LbEndpoints: es,
+			endpoint := &envoy_endpoint_v3.Endpoint{
+				Address: makeAddress(addr, port),
+			}
+			es = append(es, &envoy_endpoint_v3.LbEndpoint{
+				HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
+					Endpoint: endpoint,
+				},
+				HealthStatus:        healthStatus,
+				LoadBalancingWeight: makeUint32Value(weight),
 			})
-
-			priority++
 		}
+
+		cla.Endpoints = append(cla.Endpoints, &envoy_endpoint_v3.LocalityLbEndpoints{
+			Priority:    uint32(priority),
+			LbEndpoints: es,
+		})
 	}
 
 	return cla
diff --git a/agent/xds/endpoints_test.go b/agent/xds/endpoints_test.go
index 9daf5b31f55b..ebdd06aa41e2 100644
--- a/agent/xds/endpoints_test.go
+++ b/agent/xds/endpoints_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -10,18 +10,16 @@ import (
 
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
-	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/proxystateconverter"
-	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/agent/xds/testcommon"
-	"github.com/hashicorp/consul/agent/xdsv2"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/sdk/testutil"
-	"github.com/hashicorp/go-hclog"
+
 	"github.com/mitchellh/copystructure"
 	testinf "github.com/mitchellh/go-testing-interface"
 	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+	"github.com/hashicorp/consul/sdk/testutil"
 )
 
 func Test_makeLoadAssignment(t *testing.T) {
@@ -103,7 +101,6 @@ func Test_makeLoadAssignment(t *testing.T) {
 	tests := []struct {
 		name        string
 		clusterName string
-		locality    *structs.Locality
 		endpoints   []loadAssignmentEndpointGroup
 		want        *envoy_endpoint_v3.ClusterLoadAssignment
 	}{
@@ -133,18 +130,18 @@ func Test_makeLoadAssignment(t *testing.T) {
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: response.MakeAddress("10.10.10.10", 1234),
+									Address: makeAddress("10.10.10.10", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_HEALTHY,
-							LoadBalancingWeight: response.MakeUint32Value(1),
+							LoadBalancingWeight: makeUint32Value(1),
 						},
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: response.MakeAddress("10.10.10.20", 1234),
+									Address: makeAddress("10.10.10.20", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_HEALTHY,
-							LoadBalancingWeight: response.MakeUint32Value(1),
+							LoadBalancingWeight: makeUint32Value(1),
 						},
 					},
 				}},
@@ -163,18 +160,18 @@ func Test_makeLoadAssignment(t *testing.T) {
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: response.MakeAddress("10.10.10.10", 1234),
+									Address: makeAddress("10.10.10.10", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_HEALTHY,
-							LoadBalancingWeight: response.MakeUint32Value(10),
+							LoadBalancingWeight: makeUint32Value(10),
 						},
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: response.MakeAddress("10.10.10.20", 1234),
+									Address: makeAddress("10.10.10.20", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_HEALTHY,
-							LoadBalancingWeight: response.MakeUint32Value(5),
+							LoadBalancingWeight: makeUint32Value(5),
 						},
 					},
 				}},
@@ -193,18 +190,18 @@ func Test_makeLoadAssignment(t *testing.T) {
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: response.MakeAddress("10.10.10.10", 1234),
+									Address: makeAddress("10.10.10.10", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_HEALTHY,
-							LoadBalancingWeight: response.MakeUint32Value(1),
+							LoadBalancingWeight: makeUint32Value(1),
 						},
 						{
 							HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 								Endpoint: &envoy_endpoint_v3.Endpoint{
-									Address: response.MakeAddress("10.10.10.20", 1234),
+									Address: makeAddress("10.10.10.20", 1234),
 								}},
 							HealthStatus:        envoy_core_v3.HealthStatus_UNHEALTHY,
-							LoadBalancingWeight: response.MakeUint32Value(1),
+							LoadBalancingWeight: makeUint32Value(1),
 						},
 					},
 				}},
@@ -214,26 +211,11 @@ func Test_makeLoadAssignment(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := makeLoadAssignment(
-				hclog.NewNullLogger(),
-				&proxycfg.ConfigSnapshot{ServiceLocality: tt.locality},
 				tt.clusterName,
-				nil,
 				tt.endpoints,
 				proxycfg.GatewayKey{Datacenter: "dc1"},
 			)
 			require.Equal(t, tt.want, got)
-
-			if tt.locality == nil {
-				got := makeLoadAssignment(
-					hclog.NewNullLogger(),
-					&proxycfg.ConfigSnapshot{ServiceLocality: &structs.Locality{Region: "us-west-1", Zone: "us-west-1a"}},
-					tt.clusterName,
-					nil,
-					tt.endpoints,
-					proxycfg.GatewayKey{Datacenter: "dc1"},
-				)
-				require.Equal(t, tt.want, got)
-			}
 		})
 	}
 }
@@ -242,7 +224,6 @@ type endpointTestCase struct {
 	name               string
 	create             func(t testinf.T) *proxycfg.ConfigSnapshot
 	overrideGoldenName string
-	alsoRunTestForV2   bool
 }
 
 func makeEndpointDiscoChainTests(enterprise bool) []endpointTestCase {
@@ -252,84 +233,72 @@ func makeEndpointDiscoChainTests(enterprise bool) []endpointTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-external-sni",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-overrides",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-failover",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway-triggered", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway-triggered", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway-triggered", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway-triggered", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-default-chain-and-custom-cluster",
@@ -341,15 +310,12 @@ func makeEndpointDiscoChainTests(enterprise bool) []endpointTestCase {
 						})
 				}, nil)
 			},
-			// TODO(proxystate): requires custom cluster work
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "splitter-with-resolver-redirect",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 	}
 }
@@ -368,64 +334,42 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "default", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-using-federation-states",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-newer-information-in-federation-states",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "newer-info-in-federation-states", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
-		},
-		{
-			name: "mesh-gateway-using-federation-control-plane",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil)
-			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-older-information-in-federation-states",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "older-info-in-federation-states", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-no-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-service-subsets",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "service-subsets2", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "mesh-gateway-default-service-subset",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "default-service-subsets2", nil, nil)
 			},
-			// TODO(proxystate): mesh gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway",
@@ -433,16 +377,12 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"default", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-nil-config-entry",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-gateway-no-services",
@@ -450,8 +390,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp",
 					"default", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain",
@@ -459,8 +397,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"simple", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-external-sni",
@@ -468,8 +404,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"external-sni", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-failover",
@@ -477,8 +411,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-failover-to-cluster-peer",
@@ -486,8 +418,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-to-cluster-peer", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-remote-gateway",
@@ -495,8 +425,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-remote-gateway", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-remote-gateway-triggered",
@@ -504,8 +432,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-remote-gateway-triggered", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-remote-gateway",
@@ -513,8 +439,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-remote-gateway", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered",
@@ -522,8 +446,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-remote-gateway-triggered", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-local-gateway",
@@ -531,8 +453,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-local-gateway", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-failover-through-local-gateway-triggered",
@@ -540,8 +460,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-local-gateway-triggered", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-local-gateway",
@@ -549,8 +467,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-local-gateway", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-tcp-chain-double-failover-through-local-gateway-triggered",
@@ -558,8 +474,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"failover-through-double-local-gateway-triggered", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-splitter-with-resolver-redirect",
@@ -567,42 +481,30 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"splitter-with-resolver-redirect-multidc", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "terminating-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, nil)
 			},
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "terminating-gateway-no-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotTerminatingGateway(t, false, nil, nil)
 			},
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-service-subsets",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayServiceSubsets,
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-default-service-subset",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayDefaultServiceSubset,
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "ingress-multiple-listeners-duplicate-service",
 			create: proxycfg.TestConfigSnapshotIngress_MultipleListenersDuplicateService,
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 	}
 
@@ -633,10 +535,10 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 					sort.Slice(endpoints, func(i, j int) bool {
 						return endpoints[i].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName < endpoints[j].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName
 					})
-					r, err := response.CreateResponse(xdscommon.EndpointType, "00000001", "00000001", endpoints)
+					r, err := createResponse(xdscommon.EndpointType, "00000001", "00000001", endpoints)
 					require.NoError(t, err)
 
-					t.Run("current-xdsv1", func(t *testing.T) {
+					t.Run("current", func(t *testing.T) {
 						gotJSON := protoToJSON(t, r)
 
 						gName := tt.name
@@ -646,39 +548,6 @@ func TestEndpointsFromSnapshot(t *testing.T) {
 
 						require.JSONEq(t, goldenEnvoy(t, filepath.Join("endpoints", gName), envoyVersion, latestEnvoyVersion, gotJSON), gotJSON)
 					})
-
-					if tt.alsoRunTestForV2 {
-						generator := xdsv2.NewResourceGenerator(testutil.Logger(t))
-
-						converter := proxystateconverter.NewConverter(testutil.Logger(t), &mockCfgFetcher{addressLan: "10.10.10.10"})
-						proxyState, err := converter.ProxyStateFromSnapshot(snap)
-						require.NoError(t, err)
-
-						res, err := generator.AllResourcesFromIR(proxyState)
-						require.NoError(t, err)
-
-						endpoints = res[xdscommon.EndpointType]
-						// The order of listeners returned via LDS isn't relevant, so it's safe
-						// to sort these for the purposes of test comparisons.
-						sort.Slice(endpoints, func(i, j int) bool {
-							return endpoints[i].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName < endpoints[j].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName
-						})
-
-						r, err := response.CreateResponse(xdscommon.EndpointType, "00000001", "00000001", endpoints)
-						require.NoError(t, err)
-
-						t.Run("current-xdsv2", func(t *testing.T) {
-							gotJSON := protoToJSON(t, r)
-
-							gName := tt.name
-							if tt.overrideGoldenName != "" {
-								gName = tt.overrideGoldenName
-							}
-
-							expectedJSON := goldenEnvoy(t, filepath.Join("endpoints", gName), envoyVersion, latestEnvoyVersion, gotJSON)
-							require.JSONEq(t, expectedJSON, gotJSON)
-						})
-					}
 				})
 			}
 		})
diff --git a/agent/xds/extensionruntime/runtime_config.go b/agent/xds/extensionruntime/runtime_config.go
index 924368ebdf2a..110e3db1df8b 100644
--- a/agent/xds/extensionruntime/runtime_config.go
+++ b/agent/xds/extensionruntime/runtime_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extensionruntime
 
diff --git a/agent/xds/extensionruntime/runtime_config_ce_test.go b/agent/xds/extensionruntime/runtime_config_ce_test.go
index 1a38c044ef35..c70a3f47f4f3 100644
--- a/agent/xds/extensionruntime/runtime_config_ce_test.go
+++ b/agent/xds/extensionruntime/runtime_config_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/xds/failover_policy.go b/agent/xds/failover_policy.go
index ab3e86f25d1d..5edcae914d52 100644
--- a/agent/xds/failover_policy.go
+++ b/agent/xds/failover_policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -27,8 +27,6 @@ type targetInfo struct {
 	// Region is the region from the failover target's Locality. nil means the
 	// target is in the local Consul cluster.
 	Region *string
-
-	PrioritizeByLocality *structs.DiscoveryPrioritizeByLocality
 }
 
 type discoChainTargetGroup struct {
@@ -70,7 +68,7 @@ func (s *ResourceGenerator) mapDiscoChainTargets(cfgSnap *proxycfg.ConfigSnapsho
 		return discoChainTargets{}, err
 	}
 
-	failoverTargets.baseClusterName = s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway)
+	failoverTargets.baseClusterName = s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway, false)
 
 	tids := []string{primaryTargetID}
 	failover := node.Resolver.Failover
@@ -89,7 +87,7 @@ func (s *ResourceGenerator) mapDiscoChainTargets(cfgSnap *proxycfg.ConfigSnapsho
 		var sni, rootPEMs string
 		var spiffeIDs []string
 		targetUID := proxycfg.NewUpstreamIDFromTargetID(tid)
-		ti := targetInfo{TargetID: tid, PrioritizeByLocality: target.PrioritizeByLocality}
+		ti := targetInfo{TargetID: tid}
 
 		configureTLS := true
 		if forMeshGateway {
diff --git a/agent/xds/failover_policy_ce.go b/agent/xds/failover_policy_ce.go
index ac8d843e40ba..e22d717e2a11 100644
--- a/agent/xds/failover_policy_ce.go
+++ b/agent/xds/failover_policy_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/xds/golden_test.go b/agent/xds/golden_test.go
index d77ffda6a6a6..9209678bb52e 100644
--- a/agent/xds/golden_test.go
+++ b/agent/xds/golden_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
diff --git a/agent/xds/gw_per_route_filters_ce.go b/agent/xds/gw_per_route_filters_ce.go
deleted file mode 100644
index cbf406cd07a1..000000000000
--- a/agent/xds/gw_per_route_filters_ce.go
+++ /dev/null
@@ -1,24 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package xds
-
-import (
-	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
-	"google.golang.org/protobuf/types/known/anypb"
-
-	"github.com/hashicorp/consul/agent/structs"
-)
-
-type perRouteFilterBuilder struct {
-	providerMap map[string]*structs.JWTProviderConfigEntry
-	listener    *structs.APIGatewayListener
-	route       *structs.HTTPRouteConfigEntry
-}
-
-func (p perRouteFilterBuilder) buildFilter(match *envoy_route_v3.RouteMatch) (map[string]*anypb.Any, error) {
-	return nil, nil
-}
diff --git a/agent/xds/jwt_authn.go b/agent/xds/jwt_authn.go
index 36b8e05cb30c..17b34e5cd6ce 100644
--- a/agent/xds/jwt_authn.go
+++ b/agent/xds/jwt_authn.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
diff --git a/agent/xds/jwt_authn_ce.go b/agent/xds/jwt_authn_ce.go
deleted file mode 100644
index ac6d0a31d799..000000000000
--- a/agent/xds/jwt_authn_ce.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package xds
-
-import (
-	envoy_http_jwt_authn_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3"
-	envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
-
-	"github.com/hashicorp/consul/agent/structs"
-)
-
-type GatewayAuthFilterBuilder struct {
-	listener       structs.APIGatewayListener
-	route          *structs.HTTPRouteConfigEntry
-	providers      map[string]*structs.JWTProviderConfigEntry
-	envoyProviders map[string]*envoy_http_jwt_authn_v3.JwtProvider
-}
-
-func (g *GatewayAuthFilterBuilder) makeGatewayAuthFilters() ([]*envoy_http_v3.HttpFilter, error) {
-	return nil, nil
-}
diff --git a/agent/xds/jwt_authn_test.go b/agent/xds/jwt_authn_test.go
index 834f62ad4c1a..ab8665b1dc3a 100644
--- a/agent/xds/jwt_authn_test.go
+++ b/agent/xds/jwt_authn_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go
index 846cbf6d536f..520b58e0a613 100644
--- a/agent/xds/listeners.go
+++ b/agent/xds/listeners.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -29,9 +29,6 @@ import (
 	envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3"
 	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
 	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
-	"github.com/hashicorp/consul/agent/xds/config"
-	"github.com/hashicorp/consul/agent/xds/naming"
-	"github.com/hashicorp/consul/agent/xds/platform"
 
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/protobuf/encoding/protojson"
@@ -45,7 +42,6 @@ import (
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/agent/xds/accesslogs"
-	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/lib"
 	"github.com/hashicorp/consul/lib/stringslice"
@@ -54,6 +50,8 @@ import (
 	"github.com/hashicorp/consul/types"
 )
 
+const virtualIPTag = "virtual"
+
 // listenersFromSnapshot returns the xDS API representation of the "listeners" in the snapshot.
 func (s *ResourceGenerator) listenersFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) {
 	if cfgSnap == nil {
@@ -120,7 +118,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
 		}
 	}
 
-	proxyCfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	proxyCfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -169,7 +167,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
 				return nil, err
 			}
 
-			clusterName = s.getTargetClusterName(upstreamsSnapshot, chain, target.ID, false)
+			clusterName = s.getTargetClusterName(upstreamsSnapshot, chain, target.ID, false, false)
 			if clusterName == "" {
 				continue
 			}
@@ -260,7 +258,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
 			// We only match on this virtual IP if the upstream is in the proxy's partition.
 			// This is because the IP is not guaranteed to be unique across k8s clusters.
 			if acl.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) {
-				if vip := e.Service.TaggedAddresses[naming.VirtualIPTag]; vip.Address != "" {
+				if vip := e.Service.TaggedAddresses[virtualIPTag]; vip.Address != "" {
 					uniqueAddrs[vip.Address] = struct{}{}
 				}
 			}
@@ -464,7 +462,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
 			// The virtualIPTag is used by consul-k8s to store the ClusterIP for a service.
 			// For services imported from a peer,the partition will be equal in all cases.
 			if acl.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) {
-				if vip := e.Service.TaggedAddresses[naming.VirtualIPTag]; vip.Address != "" {
+				if vip := e.Service.TaggedAddresses[virtualIPTag]; vip.Address != "" {
 					uniqueAddrs[vip.Address] = struct{}{}
 				}
 			}
@@ -554,8 +552,8 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
 
 			filterChain, err := s.makeUpstreamFilterChain(filterChainOpts{
 				accessLogs:  &cfgSnap.Proxy.AccessLogs,
-				clusterName: naming.OriginalDestinationClusterName,
-				filterName:  naming.OriginalDestinationClusterName,
+				clusterName: OriginalDestinationClusterName,
+				filterName:  OriginalDestinationClusterName,
 				protocol:    "tcp",
 			})
 			if err != nil {
@@ -789,7 +787,7 @@ func parseCheckPath(check structs.CheckType) (structs.ExposePath, error) {
 
 // listenersFromSnapshotGateway returns the "listener" for a terminating-gateway or mesh-gateway service
 func (s *ResourceGenerator) listenersFromSnapshotGateway(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) {
-	cfg, err := config.ParseGatewayConfig(cfgSnap.Proxy.Config)
+	cfg, err := ParseGatewayConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -937,7 +935,7 @@ func makeListenerWithDefault(opts makeListenerOpts) *envoy_listener_v3.Listener
 	return &envoy_listener_v3.Listener{
 		Name:             fmt.Sprintf("%s:%s:%d", opts.name, opts.addr, opts.port),
 		AccessLog:        accessLog,
-		Address:          response.MakeAddress(opts.addr, opts.port),
+		Address:          makeAddress(opts.addr, opts.port),
 		TrafficDirection: opts.direction,
 	}
 }
@@ -956,7 +954,7 @@ func makePipeListener(opts makeListenerOpts) *envoy_listener_v3.Listener {
 	return &envoy_listener_v3.Listener{
 		Name:             fmt.Sprintf("%s:%s", opts.name, opts.path),
 		AccessLog:        accessLog,
-		Address:          response.MakePipeAddress(opts.path, uint32(modeInt)),
+		Address:          makePipeAddress(opts.path, uint32(modeInt)),
 		TrafficDirection: opts.direction,
 	}
 }
@@ -1173,7 +1171,7 @@ func createDownstreamTransportSocketForConnectTLS(cfgSnap *proxycfg.ConfigSnapsh
 
 	// Determine listener protocol type from configured service protocol. Don't hard fail on a config typo,
 	//The parse func returns default config if there is an error, so it's safe to continue.
-	cfg, _ := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	cfg, _ := ParseProxyConfig(cfgSnap.Proxy.Config)
 
 	// Create TLS validation context for mTLS with leaf certificate and root certs.
 	tlsContext := makeCommonTLSContext(
@@ -1265,7 +1263,7 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot
 	var l *envoy_listener_v3.Listener
 	var err error
 
-	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	cfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1515,7 +1513,7 @@ func (s *ResourceGenerator) finalizePublicListenerFromConfig(l *envoy_listener_v
 }
 
 func (s *ResourceGenerator) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSnapshot, cluster string, path structs.ExposePath) (proto.Message, error) {
-	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	cfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -1590,7 +1588,7 @@ func (s *ResourceGenerator) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSna
 			&envoy_core_v3.CidrRange{AddressPrefix: advertise, PrefixLen: &wrapperspb.UInt32Value{Value: uint32(advertiseLen)}},
 		)
 
-		if ok, err := platform.SupportsIPv6(); err != nil {
+		if ok, err := kernelSupportsIPv6(); err != nil {
 			return nil, err
 		} else if ok {
 			ranges = append(ranges,
@@ -1641,7 +1639,7 @@ func (s *ResourceGenerator) makeTerminatingGatewayListener(
 		intentions := cfgSnap.TerminatingGateway.Intentions[svc]
 		svcConfig := cfgSnap.TerminatingGateway.ServiceConfigs[svc]
 
-		cfg, err := config.ParseProxyConfig(svcConfig.ProxyConfig)
+		cfg, err := ParseProxyConfig(svcConfig.ProxyConfig)
 		if err != nil {
 			// Don't hard fail on a config typo, just warn. The parse func returns
 			// default config if there is an error so it's safe to continue.
@@ -1685,7 +1683,7 @@ func (s *ResourceGenerator) makeTerminatingGatewayListener(
 		intentions := cfgSnap.TerminatingGateway.Intentions[svc]
 		svcConfig := cfgSnap.TerminatingGateway.ServiceConfigs[svc]
 
-		cfg, err := config.ParseProxyConfig(svcConfig.ProxyConfig)
+		cfg, err := ParseProxyConfig(svcConfig.ProxyConfig)
 		if err != nil {
 			// Don't hard fail on a config typo, just warn. The parse func returns
 			// default config if there is an error so it's safe to continue.
@@ -1809,7 +1807,7 @@ func (s *ResourceGenerator) makeFilterChainTerminatingGateway(cfgSnap *proxycfg.
 		filterChain.Filters = append(filterChain.Filters, authFilter)
 	}
 
-	proxyCfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
+	proxyCfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
 	if err != nil {
 		// Don't hard fail on a config typo, just warn. The parse func returns
 		// default config if there is an error so it's safe to continue.
@@ -2130,7 +2128,7 @@ func (s *ResourceGenerator) makeMeshGatewayPeerFilterChain(
 		if err != nil {
 			return nil, err
 		}
-		clusterName = meshGatewayExportedClusterNamePrefix + naming.CustomizeClusterName(target.Name, chain)
+		clusterName = meshGatewayExportedClusterNamePrefix + CustomizeClusterName(target.Name, chain)
 	}
 
 	uid := proxycfg.NewUpstreamIDFromServiceName(svc)
@@ -2593,7 +2591,7 @@ func makeHTTPFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error)
 			"envoy.filters.http.grpc_stats",
 			&envoy_grpc_stats_v3.FilterConfig{
 				PerMethodStatSpecifier: &envoy_grpc_stats_v3.FilterConfig_StatsForAllMethods{
-					StatsForAllMethods: response.MakeBoolValue(true),
+					StatsForAllMethods: makeBoolValue(true),
 				},
 			},
 		)
diff --git a/agent/xds/listeners_apigateway.go b/agent/xds/listeners_apigateway.go
index 07566017cea9..633c04f0524b 100644
--- a/agent/xds/listeners_apigateway.go
+++ b/agent/xds/listeners_apigateway.go
@@ -1,15 +1,13 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
 import (
 	"fmt"
-
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
-	"github.com/hashicorp/consul/agent/xds/naming"
 
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/wrapperspb"
@@ -71,7 +69,7 @@ func (s *ResourceGenerator) makeAPIGatewayListeners(address string, cfgSnap *pro
 				if err != nil {
 					return nil, err
 				}
-				clusterName = naming.CustomizeClusterName(target.Name, chain)
+				clusterName = CustomizeClusterName(target.Name, chain)
 			}
 
 			filterName := fmt.Sprintf("%s.%s.%s.%s", chain.ServiceName, chain.Namespace, chain.Partition, chain.Datacenter)
@@ -286,7 +284,10 @@ func makeCommonTLSContextFromSnapshotAPIGatewayListenerConfig(cfgSnap *proxycfg.
 
 	connectTLSEnabled := (!listenerCfg.TLS.IsEmpty())
 
-	if connectTLSEnabled {
+	if tlsCfg.SDS != nil {
+		// Set up listener TLS from SDS
+		tlsContext = makeCommonTLSContextFromGatewayTLSConfig(*tlsCfg)
+	} else if connectTLSEnabled {
 		tlsContext = makeCommonTLSContext(cfgSnap.Leaf(), cfgSnap.RootPEMs(), makeTLSParametersFromGatewayTLSConfig(*tlsCfg))
 	}
 
@@ -315,6 +316,29 @@ func resolveAPIListenerTLSConfig(listenerTLSCfg structs.APIGatewayTLSConfigurati
 	return &mergedCfg, nil
 }
 
+func routeNameForAPIGatewayUpstream(l structs.IngressListener, s structs.IngressService) string {
+	key := proxycfg.IngressListenerKeyFromListener(l)
+
+	// If the upstream service doesn't have any TLS overrides then it can just use
+	// the combined filterchain with all the merged routes.
+	if !ingressServiceHasSDSOverrides(s) {
+		return key.RouteName()
+	}
+
+	// Return a specific route for this service as it needs a custom FilterChain
+	// to serve its custom cert so we should attach its routes to a separate Route
+	// too. We need this to be consistent between OSS and Enterprise to avoid xDS
+	// config golden files in tests conflicting so we can't use ServiceID.String()
+	// which normalizes to included all identifiers in Enterprise.
+	sn := s.ToServiceName()
+	svcIdentifier := sn.Name
+	if !sn.InDefaultPartition() || !sn.InDefaultNamespace() {
+		// Non-default partition/namespace, use a full identifier
+		svcIdentifier = sn.String()
+	}
+	return fmt.Sprintf("%s_%s", key.RouteName(), svcIdentifier)
+}
+
 // when we have multiple certificates on a single listener, we need
 // to duplicate the filter chains with multiple TLS contexts
 func makeInlineOverrideFilterChains(cfgSnap *proxycfg.ConfigSnapshot,
diff --git a/agent/xds/listeners_ingress.go b/agent/xds/listeners_ingress.go
index e5e5a4980c41..031709e2a818 100644
--- a/agent/xds/listeners_ingress.go
+++ b/agent/xds/listeners_ingress.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -9,7 +9,6 @@ import (
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
-	"github.com/hashicorp/consul/agent/xds/naming"
 
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/durationpb"
@@ -63,7 +62,7 @@ func (s *ResourceGenerator) makeIngressGatewayListeners(address string, cfgSnap
 				if err != nil {
 					return nil, err
 				}
-				clusterName = naming.CustomizeClusterName(target.Name, chain)
+				clusterName = CustomizeClusterName(target.Name, chain)
 			}
 
 			filterName := fmt.Sprintf("%s.%s.%s.%s", chain.ServiceName, chain.Namespace, chain.Partition, chain.Datacenter)
diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go
index 130f2234517e..d6dbee0964b0 100644
--- a/agent/xds/listeners_test.go
+++ b/agent/xds/listeners_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -10,8 +10,8 @@ import (
 	"testing"
 	"text/template"
 
+	"github.com/hashicorp/consul/agent/xds/testcommon"
 	"github.com/stretchr/testify/assert"
-	"google.golang.org/protobuf/proto"
 
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	testinf "github.com/mitchellh/go-testing-interface"
@@ -19,11 +19,6 @@ import (
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/configfetcher"
-	"github.com/hashicorp/consul/agent/xds/proxystateconverter"
-	"github.com/hashicorp/consul/agent/xds/response"
-	"github.com/hashicorp/consul/agent/xds/testcommon"
-	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/types"
@@ -37,7 +32,6 @@ type listenerTestCase struct {
 	// test input.
 	overrideGoldenName string
 	generatorSetup     func(*ResourceGenerator)
-	alsoRunTestForV2   bool
 }
 
 func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase {
@@ -75,7 +69,6 @@ func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-http-chain",
@@ -124,7 +117,6 @@ func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-overrides",
@@ -137,14 +129,12 @@ func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tcp-chain-failover-through-local-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-jwt-config-entry-with-local",
@@ -235,7 +225,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-incoming-min-version",
@@ -255,7 +244,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-incoming-max-version",
@@ -275,7 +263,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-tls-incoming-cipher-suites",
@@ -298,7 +285,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 					},
 				})
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "grpc-public-listener",
@@ -315,7 +301,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["bind_address"] = "127.0.0.2"
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "listener-bind-port",
@@ -324,7 +309,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["bind_port"] = 8888
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "listener-bind-address-port",
@@ -334,7 +318,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["bind_port"] = 8888
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "listener-unix-domain-socket",
@@ -346,7 +329,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Upstreams[0].LocalBindSocketMode = "0640"
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "listener-max-inbound-connections",
@@ -355,7 +337,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["max_inbound_connections"] = 222
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "http2-public-listener",
@@ -372,7 +353,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Config["balance_inbound_connections"] = "exact_balance"
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "listener-balance-outbound-connections-bind-port",
@@ -381,7 +361,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 					ns.Proxy.Upstreams[0].Config["balance_outbound_connections"] = "exact_balance"
 				}, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "http-public-listener",
@@ -515,31 +494,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 				}, nil)
 			},
 		},
-		{
-			name: "custom-upstream-with-prepared-query",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) {
-					for i := range ns.Proxy.Upstreams {
-						if ns.Proxy.Upstreams[i].DestinationName != "db" {
-							continue // only tweak the db upstream
-						}
-						if ns.Proxy.Upstreams[i].Config == nil {
-							ns.Proxy.Upstreams[i].Config = map[string]interface{}{}
-						}
-
-						uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i])
-
-						// Triggers an override with the presence of the escape hatch listener
-						ns.Proxy.Upstreams[i].DestinationType = structs.UpstreamDestTypePreparedQuery
-
-						ns.Proxy.Upstreams[i].Config["envoy_listener_json"] =
-							customListenerJSON(t, customListenerJSONOptions{
-								Name: uid.EnvoyID() + ":custom-upstream",
-							})
-					}
-				}, nil)
-			},
-		},
 		{
 			name: "connect-proxy-upstream-defaults",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -579,9 +533,9 @@ func TestListenersFromSnapshot(t *testing.T) {
 		},
 		{
 			// NOTE: if IPv6 is not supported in the kernel per
-			// platform.SupportsIPv6() then this test will fail because the golden
+			// kernelSupportsIPv6() then this test will fail because the golden
 			// files were generated assuming ipv6 support was present
-			name:   "expose-checks-http",
+			name:   "expose-checks",
 			create: proxycfg.TestConfigSnapshotExposeChecks,
 			generatorSetup: func(s *ResourceGenerator) {
 				s.CfgFetcher = configFetcherFunc(func() string {
@@ -589,30 +543,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 				})
 			},
 		},
-		{
-			// NOTE: if IPv6 is not supported in the kernel per
-			// platform.SupportsIPv6() then this test will fail because the golden
-			// files were generated assuming ipv6 support was present
-			name:   "expose-checks-http-with-bind-override",
-			create: proxycfg.TestConfigSnapshotExposeChecksWithBindOverride,
-			generatorSetup: func(s *ResourceGenerator) {
-				s.CfgFetcher = configFetcherFunc(func() string {
-					return "192.0.2.1"
-				})
-			},
-		},
-		{
-			// NOTE: if IPv6 is not supported in the kernel per
-			// platform.SupportsIPv6() then this test will fail because the golden
-			// files were generated assuming ipv6 support was present
-			name:   "expose-checks-grpc",
-			create: proxycfg.TestConfigSnapshotExposeChecksGRPC,
-			generatorSetup: func(s *ResourceGenerator) {
-				s.CfgFetcher = configFetcherFunc(func() string {
-					return "192.0.2.1"
-				})
-			},
-		},
 		{
 			name: "mesh-gateway",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -625,12 +555,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil)
 			},
 		},
-		{
-			name: "mesh-gateway-using-federation-control-plane",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil)
-			},
-		},
 		{
 			name: "mesh-gateway-no-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -947,16 +871,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, nil)
 			},
 		},
-		{
-			name: "terminating-gateway-custom-trace-listener",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, func(ns *structs.NodeService) {
-					ns.Proxy.Config = map[string]interface{}{}
-					ns.Proxy.Config["protocol"] = "http"
-					ns.Proxy.Config["envoy_listener_tracing_json"] = customTraceJSON(t)
-				}, nil)
-			},
-		},
 		{
 			name: "terminating-gateway-with-tls-incoming-min-version",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
@@ -1127,14 +1041,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 			name:   "ingress-with-tls-mixed-min-version-listeners",
 			create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners,
 		},
-		{
-			name:   "ingress-with-tls-mixed-max-version-listeners",
-			create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedMaxVersionListeners,
-		},
-		{
-			name:   "ingress-with-tls-mixed-cipher-suites-listeners",
-			create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedCipherVersionListeners,
-		},
 		{
 			name:   "ingress-with-sds-listener-gw-level",
 			create: proxycfg.TestConfigSnapshotIngressGatewaySDS_GatewayLevel,
@@ -1190,19 +1096,16 @@ func TestListenersFromSnapshot(t *testing.T) {
 			create: proxycfg.TestConfigSnapshotTransparentProxyResolverRedirectUpstream,
 		},
 		{
-			name:             "transparent-proxy-catalog-destinations-only",
-			create:           proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly,
-			alsoRunTestForV2: true,
+			name:   "transparent-proxy-catalog-destinations-only",
+			create: proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly,
 		},
 		{
-			name:             "transparent-proxy-dial-instances-directly",
-			create:           proxycfg.TestConfigSnapshotTransparentProxyDialDirectly,
-			alsoRunTestForV2: true,
+			name:   "transparent-proxy-dial-instances-directly",
+			create: proxycfg.TestConfigSnapshotTransparentProxyDialDirectly,
 		},
 		{
-			name:             "transparent-proxy-terminating-gateway",
-			create:           proxycfg.TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly,
-			alsoRunTestForV2: true,
+			name:   "transparent-proxy-terminating-gateway",
+			create: proxycfg.TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly,
 		},
 		{
 			name: "custom-trace-listener",
@@ -1261,11 +1164,9 @@ func TestListenersFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) {
 					ns.Proxy.MutualTLSMode = structs.MutualTLSModePermissive
 					ns.Proxy.Mode = structs.ProxyModeTransparent
-					ns.Proxy.TransparentProxy.OutboundListenerPort = 1234
 				},
 					nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-without-tproxy-and-permissive-mtls",
@@ -1275,7 +1176,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 				},
 					nil)
 			},
-			alsoRunTestForV2: true,
 		},
 	}
 
@@ -1288,7 +1188,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 		t.Run("envoy-"+envoyVersion, func(t *testing.T) {
 			for _, tt := range tests {
 				t.Run(tt.name, func(t *testing.T) {
-
 					// Sanity check default with no overrides first
 					snap := tt.create(t)
 
@@ -1300,26 +1199,26 @@ func TestListenersFromSnapshot(t *testing.T) {
 					// golder files for every test case and so not be any use!
 					testcommon.SetupTLSRootsAndLeaf(t, snap)
 
-					var listeners []proto.Message
-
 					// Need server just for logger dependency
 					g := NewResourceGenerator(testutil.Logger(t), nil, false)
 					g.ProxyFeatures = sf
 					if tt.generatorSetup != nil {
 						tt.generatorSetup(g)
 					}
-					listeners, err = g.listenersFromSnapshot(snap)
+
+					listeners, err := g.listenersFromSnapshot(snap)
 					require.NoError(t, err)
+
 					// The order of listeners returned via LDS isn't relevant, so it's safe
 					// to sort these for the purposes of test comparisons.
 					sort.Slice(listeners, func(i, j int) bool {
 						return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name
 					})
 
-					r, err := response.CreateResponse(xdscommon.ListenerType, "00000001", "00000001", listeners)
+					r, err := createResponse(xdscommon.ListenerType, "00000001", "00000001", listeners)
 					require.NoError(t, err)
 
-					t.Run("current-xdsv1", func(t *testing.T) {
+					t.Run("current", func(t *testing.T) {
 						gotJSON := protoToJSON(t, r)
 
 						gName := tt.name
@@ -1330,39 +1229,6 @@ func TestListenersFromSnapshot(t *testing.T) {
 						expectedJSON := goldenEnvoy(t, filepath.Join("listeners", gName), envoyVersion, latestEnvoyVersion, gotJSON)
 						require.JSONEq(t, expectedJSON, gotJSON)
 					})
-
-					if tt.alsoRunTestForV2 {
-						generator := xdsv2.NewResourceGenerator(testutil.Logger(t))
-						converter := proxystateconverter.NewConverter(testutil.Logger(t), nil)
-						proxyState, err := converter.ProxyStateFromSnapshot(snap)
-						require.NoError(t, err)
-
-						res, err := generator.AllResourcesFromIR(proxyState)
-						require.NoError(t, err)
-
-						listeners = res[xdscommon.ListenerType]
-						// The order of listeners returned via LDS isn't relevant, so it's safe
-						// to sort these for the purposes of test comparisons.
-						sort.Slice(listeners, func(i, j int) bool {
-							return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name
-						})
-
-						r, err := response.CreateResponse(xdscommon.ListenerType, "00000001", "00000001", listeners)
-						require.NoError(t, err)
-
-						t.Run("current-xdsv2", func(t *testing.T) {
-							gotJSON := protoToJSON(t, r)
-
-							gName := tt.name
-							if tt.overrideGoldenName != "" {
-								gName = tt.overrideGoldenName
-							}
-
-							expectedJSON := goldenEnvoy(t, filepath.Join("listeners", gName), envoyVersion, latestEnvoyVersion, gotJSON)
-							require.JSONEq(t, expectedJSON, gotJSON)
-						})
-					}
-
 				})
 			}
 		})
@@ -1520,7 +1386,7 @@ func customTraceJSON(t testinf.T) string {
 
 type configFetcherFunc func() string
 
-var _ configfetcher.ConfigFetcher = (configFetcherFunc)(nil)
+var _ ConfigFetcher = (configFetcherFunc)(nil)
 
 func (f configFetcherFunc) AdvertiseAddrLAN() string {
 	return f()
diff --git a/agent/xds/locality_policy.go b/agent/xds/locality_policy.go
deleted file mode 100644
index c94ba95ea286..000000000000
--- a/agent/xds/locality_policy.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xds
-
-import (
-	"fmt"
-	"github.com/hashicorp/go-hclog"
-
-	"github.com/hashicorp/consul/agent/structs"
-)
-
-func groupedEndpoints(logger hclog.Logger, locality *structs.Locality, policy *structs.DiscoveryPrioritizeByLocality, csns structs.CheckServiceNodes) ([]structs.CheckServiceNodes, error) {
-	switch {
-	case policy == nil || policy.Mode == "" || policy.Mode == "none":
-		return []structs.CheckServiceNodes{csns}, nil
-	case policy.Mode == "failover":
-		log := logger.Named("locality")
-		return prioritizeByLocalityFailover(log, locality, csns), nil
-	default:
-		return nil, fmt.Errorf("unexpected priortize-by-locality mode %q", policy.Mode)
-	}
-}
diff --git a/agent/xds/locality_policy_ce.go b/agent/xds/locality_policy_ce.go
deleted file mode 100644
index fbc17775d689..000000000000
--- a/agent/xds/locality_policy_ce.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package xds
-
-import (
-	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/go-hclog"
-)
-
-func prioritizeByLocalityFailover(_ hclog.Logger, _ *structs.Locality, _ structs.CheckServiceNodes) []structs.CheckServiceNodes {
-	return nil
-}
diff --git a/agent/xds/naming.go b/agent/xds/naming.go
new file mode 100644
index 000000000000..ab9224f71ce8
--- /dev/null
+++ b/agent/xds/naming.go
@@ -0,0 +1,19 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package xds
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/consul/agent/structs"
+)
+
+func CustomizeClusterName(clusterName string, chain *structs.CompiledDiscoveryChain) string {
+	if chain == nil || chain.CustomizationHash == "" {
+		return clusterName
+	}
+	// Use a colon to delimit this prefix instead of a dot to avoid a
+	// theoretical collision problem with subsets.
+	return fmt.Sprintf("%s~%s", chain.CustomizationHash, clusterName)
+}
diff --git a/agent/xds/naming/naming.go b/agent/xds/naming/naming.go
deleted file mode 100644
index 3e19d9327003..000000000000
--- a/agent/xds/naming/naming.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package naming
-
-import (
-	"fmt"
-
-	"github.com/hashicorp/consul/agent/structs"
-)
-
-const (
-	// OriginalDestinationClusterName is the name we give to the passthrough
-	// cluster which redirects transparently-proxied requests to their original
-	// destination outside the mesh. This cluster prevents Consul from blocking
-	// connections to destinations outside of the catalog when in transparent
-	// proxy mode.
-	OriginalDestinationClusterName = "original-destination"
-	VirtualIPTag                   = "virtual"
-)
-
-func CustomizeClusterName(clusterName string, chain *structs.CompiledDiscoveryChain) string {
-	if chain == nil || chain.CustomizationHash == "" {
-		return clusterName
-	}
-	// Use a colon to delimit this prefix instead of a dot to avoid a
-	// theoretical collision problem with subsets.
-	return fmt.Sprintf("%s~%s", chain.CustomizationHash, clusterName)
-}
diff --git a/agent/xds/platform/net_fallback.go b/agent/xds/net_fallback.go
similarity index 50%
rename from agent/xds/platform/net_fallback.go
rename to agent/xds/net_fallback.go
index e37c97633b28..7230c18ef2e8 100644
--- a/agent/xds/platform/net_fallback.go
+++ b/agent/xds/net_fallback.go
@@ -1,11 +1,11 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !linux
 // +build !linux
 
-package platform
+package xds
 
-func SupportsIPv6() (bool, error) {
+func kernelSupportsIPv6() (bool, error) {
 	return true, nil
 }
diff --git a/agent/xds/platform/net_linux.go b/agent/xds/net_linux.go
similarity index 87%
rename from agent/xds/platform/net_linux.go
rename to agent/xds/net_linux.go
index acf8c53a85e4..96932ca30730 100644
--- a/agent/xds/platform/net_linux.go
+++ b/agent/xds/net_linux.go
@@ -1,10 +1,10 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build linux
 // +build linux
 
-package platform
+package xds
 
 import (
 	"fmt"
@@ -20,7 +20,7 @@ var (
 	ipv6SupportedErr error
 )
 
-func SupportsIPv6() (bool, error) {
+func kernelSupportsIPv6() (bool, error) {
 	ipv6SupportOnce.Do(func() {
 		ipv6Supported, ipv6SupportedErr = checkIfKernelSupportsIPv6()
 	})
diff --git a/agent/xds/protocol_trace.go b/agent/xds/protocol_trace.go
index cfe905d70bf9..42d82d76012b 100644
--- a/agent/xds/protocol_trace.go
+++ b/agent/xds/protocol_trace.go
@@ -1,27 +1,26 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
 import (
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
-	"github.com/hashicorp/go-hclog"
 
 	"github.com/mitchellh/copystructure"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 )
 
-func logTraceRequest(logger hclog.Logger, msg string, pb proto.Message) {
-	logTraceProto(logger, msg, pb, false)
+func (s *ResourceGenerator) logTraceRequest(msg string, pb proto.Message) {
+	s.logTraceProto(msg, pb, false)
 }
 
-func logTraceResponse(logger hclog.Logger, msg string, pb proto.Message) {
-	logTraceProto(logger, msg, pb, true)
+func (s *ResourceGenerator) logTraceResponse(msg string, pb proto.Message) {
+	s.logTraceProto(msg, pb, true)
 }
 
-func logTraceProto(logger hclog.Logger, msg string, pb proto.Message, response bool) {
-	if !logger.IsTrace() {
+func (s *ResourceGenerator) logTraceProto(msg string, pb proto.Message, response bool) {
+	if !s.Logger.IsTrace() {
 		return
 	}
 
@@ -56,5 +55,5 @@ func logTraceProto(logger hclog.Logger, msg string, pb proto.Message, response b
 		out = string(outBytes)
 	}
 
-	logger.Trace(msg, "direction", dir, "protobuf", out)
+	s.Logger.Trace(msg, "direction", dir, "protobuf", out)
 }
diff --git a/agent/xds/proxystateconverter/clusters.go b/agent/xds/proxystateconverter/clusters.go
deleted file mode 100644
index e12211f67078..000000000000
--- a/agent/xds/proxystateconverter/clusters.go
+++ /dev/null
@@ -1,1251 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package proxystateconverter
-
-import (
-	"errors"
-	"fmt"
-	"github.com/hashicorp/go-hclog"
-	"github.com/hashicorp/go-uuid"
-	"strings"
-	"time"
-
-	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
-	"google.golang.org/protobuf/types/known/durationpb"
-	"google.golang.org/protobuf/types/known/wrapperspb"
-
-	"github.com/hashicorp/consul/agent/connect"
-	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/config"
-	"github.com/hashicorp/consul/agent/xds/naming"
-	"github.com/hashicorp/consul/agent/xds/response"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"github.com/hashicorp/consul/proto/private/pbpeering"
-)
-
-const (
-	meshGatewayExportedClusterNamePrefix = "exported~"
-)
-
-type namedCluster struct {
-	name    string
-	cluster *pbproxystate.Cluster
-}
-
-// clustersFromSnapshot returns the xDS API representation of the "clusters" in the snapshot.
-func (s *Converter) clustersFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
-	if cfgSnap == nil {
-		return errors.New("nil config given")
-	}
-
-	switch cfgSnap.Kind {
-	case structs.ServiceKindConnectProxy:
-		return s.clustersFromSnapshotConnectProxy(cfgSnap)
-	// TODO(proxystate): Terminating Gateways will be added in the future.
-	//case structs.ServiceKindTerminatingGateway:
-	//	err := s.clustersFromSnapshotTerminatingGateway(cfgSnap)
-	//	if err != nil {
-	//		return err
-	//	}
-	//	return nil
-	// TODO(proxystate): Mesh Gateways will be added in the future.
-	//case structs.ServiceKindMeshGateway:
-	//	err := s.clustersFromSnapshotMeshGateway(cfgSnap)
-	//	if err != nil {
-	//		return err
-	//	}
-	//	return nil
-	// TODO(proxystate): Ingress Gateways will be added in the future.
-	//case structs.ServiceKindIngressGateway:
-	//	err := s.clustersFromSnapshotIngressGateway(cfgSnap)
-	//	if err != nil {
-	//		return err
-	//	}
-	//	return nil
-	// TODO(proxystate): API Gateways will be added in the future.
-	//case structs.ServiceKindAPIGateway:
-	//	res, err := s.clustersFromSnapshotAPIGateway(cfgSnap)
-	//	if err != nil {
-	//		return err
-	//	}
-	//	return nil
-	default:
-		return fmt.Errorf("Invalid service kind: %v", cfgSnap.Kind)
-	}
-}
-
-// clustersFromSnapshot returns the xDS API representation of the "clusters"
-// (upstreams) in the snapshot.
-func (s *Converter) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) error {
-	// This is the list of listeners we add to. It will be empty to start.
-	clusters := s.proxyState.Clusters
-	var err error
-
-	// Include the "app" cluster for the public listener
-	appCluster, err := s.makeAppCluster(cfgSnap, xdscommon.LocalAppClusterName, "", cfgSnap.Proxy.LocalServicePort)
-	if err != nil {
-		return err
-	}
-	clusters[appCluster.name] = appCluster.cluster
-
-	if cfgSnap.Proxy.Mode == structs.ProxyModeTransparent {
-		passthroughs, err := s.makePassthroughClusters(cfgSnap)
-		if err != nil {
-			return fmt.Errorf("failed to make passthrough clusters for transparent proxy: %v", err)
-		}
-		for clusterName, cluster := range passthroughs {
-			clusters[clusterName] = cluster
-		}
-	}
-
-	// NOTE: Any time we skip a chain below we MUST also skip that discovery chain in endpoints.go
-	// so that the sets of endpoints generated matches the sets of clusters.
-	for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
-		upstream, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
-		if skip {
-			continue
-		}
-
-		upstreamClusters, err := s.makeUpstreamClustersForDiscoveryChain(
-			uid,
-			upstream,
-			chain,
-			cfgSnap,
-			false,
-		)
-		if err != nil {
-			return err
-		}
-
-		for name, cluster := range upstreamClusters {
-			clusters[name] = cluster
-		}
-	}
-
-	// TODO(proxystate): peering will be added in the future.
-	//// NOTE: Any time we skip an upstream below we MUST also skip that same
-	//// upstream in endpoints.go so that the sets of endpoints generated matches
-	//// the sets of clusters.
-	//for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() {
-	//	upstream, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
-	//	if skip {
-	//		continue
-	//	}
-	//
-	//	peerMeta, found := cfgSnap.ConnectProxy.UpstreamPeerMeta(uid)
-	//	if !found {
-	//		s.Logger.Warn("failed to fetch upstream peering metadata for cluster", "uid", uid)
-	//	}
-	//	cfg := s.getAndModifyUpstreamConfigForPeeredListener(uid, upstream, peerMeta)
-	//
-	//	upstreamCluster, err := s.makeUpstreamClusterForPeerService(uid, cfg, peerMeta, cfgSnap)
-	//	if err != nil {
-	//		return nil, err
-	//	}
-	//	clusters = append(clusters, upstreamCluster)
-	//}
-
-	// TODO(proxystate): L7 Intentions and JWT Auth will be added in the future.
-	//// add clusters for jwt-providers
-	//for _, prov := range cfgSnap.JWTProviders {
-	//	//skip cluster creation for local providers
-	//	if prov.JSONWebKeySet == nil || prov.JSONWebKeySet.Remote == nil {
-	//		continue
-	//	}
-	//
-	//	cluster, err := makeJWTProviderCluster(prov)
-	//	if err != nil {
-	//		s.Logger.Warn("failed to make jwt-provider cluster", "provider name", prov.Name, "error", err)
-	//		continue
-	//	}
-	//
-	//	clusters[cluster.GetName()] = cluster
-	//}
-
-	for _, u := range cfgSnap.Proxy.Upstreams {
-		if u.DestinationType != structs.UpstreamDestTypePreparedQuery {
-			continue
-		}
-
-		upstreamCluster, err := s.makeUpstreamClusterForPreparedQuery(u, cfgSnap)
-		if err != nil {
-			return err
-		}
-		clusters[upstreamCluster.name] = upstreamCluster.cluster
-	}
-
-	cfgSnap.Proxy.Expose.Finalize()
-	paths := cfgSnap.Proxy.Expose.Paths
-
-	// Add service health checks to the list of paths to create clusters for if needed
-	if cfgSnap.Proxy.Expose.Checks {
-		psid := structs.NewServiceID(cfgSnap.Proxy.DestinationServiceID, &cfgSnap.ProxyID.EnterpriseMeta)
-		for _, check := range cfgSnap.ConnectProxy.WatchedServiceChecks[psid] {
-			p, err := parseCheckPath(check)
-			if err != nil {
-				s.Logger.Warn("failed to create cluster for", "check", check.CheckID, "error", err)
-				continue
-			}
-			paths = append(paths, p)
-		}
-	}
-
-	// Create a new cluster if we need to expose a port that is different from the service port
-	for _, path := range paths {
-		if path.LocalPathPort == cfgSnap.Proxy.LocalServicePort {
-			continue
-		}
-		c, err := s.makeAppCluster(cfgSnap, makeExposeClusterName(path.LocalPathPort), path.Protocol, path.LocalPathPort)
-		if err != nil {
-			s.Logger.Warn("failed to make local cluster", "path", path.Path, "error", err)
-			continue
-		}
-		clusters[c.name] = c.cluster
-	}
-
-	return nil
-}
-
-// TODO(proxystate): L7 Intentions and JWT Auth will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func makeJWTProviderCluster
-// func makeJWKSDiscoveryClusterType
-// func makeJWTCertValidationContext
-// func parseJWTRemoteURL
-
-func makeExposeClusterName(destinationPort int) string {
-	return fmt.Sprintf("exposed_cluster_%d", destinationPort)
-}
-
-// In transparent proxy mode there are potentially multiple passthrough clusters added.
-// The first is for destinations outside of Consul's catalog. This is for a plain TCP proxy.
-// All of these use Envoy's ORIGINAL_DST listener filter, which forwards to the original
-// destination address (before the iptables redirection).
-// The rest are for destinations inside the mesh, which require certificates for mTLS.
-func (s *Converter) makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) (map[string]*pbproxystate.Cluster, error) {
-	// This size is an upper bound.
-	clusters := make(map[string]*pbproxystate.Cluster, 0)
-	if meshConf := cfgSnap.MeshConfig(); meshConf == nil ||
-		!meshConf.TransparentProxy.MeshDestinationsOnly {
-
-		clusters[naming.OriginalDestinationClusterName] = &pbproxystate.Cluster{
-			Group: &pbproxystate.Cluster_EndpointGroup{
-				EndpointGroup: &pbproxystate.EndpointGroup{
-					Group: &pbproxystate.EndpointGroup_Passthrough{
-						Passthrough: &pbproxystate.PassthroughEndpointGroup{
-							Config: &pbproxystate.PassthroughEndpointGroupConfig{
-								ConnectTimeout: durationpb.New(5 * time.Second),
-							},
-						},
-					},
-				},
-			},
-		}
-	}
-
-	for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
-		targetMap, ok := cfgSnap.ConnectProxy.PassthroughUpstreams[uid]
-		if !ok {
-			continue
-		}
-
-		for targetID := range targetMap {
-			uid := proxycfg.NewUpstreamIDFromTargetID(targetID)
-
-			sni := connect.ServiceSNI(
-				uid.Name, "", uid.NamespaceOrDefault(),
-				uid.PartitionOrDefault(), cfgSnap.Datacenter,
-				cfgSnap.Roots.TrustDomain)
-
-			// Prefixed with passthrough to distinguish from non-passthrough clusters for the same upstream.
-			name := "passthrough~" + sni
-
-			c := pbproxystate.Cluster{
-				Group: &pbproxystate.Cluster_EndpointGroup{
-					EndpointGroup: &pbproxystate.EndpointGroup{
-						Group: &pbproxystate.EndpointGroup_Passthrough{
-							Passthrough: &pbproxystate.PassthroughEndpointGroup{
-								Config: &pbproxystate.PassthroughEndpointGroupConfig{
-									ConnectTimeout: durationpb.New(5 * time.Second),
-								},
-							},
-						},
-					},
-				},
-			}
-
-			if discoTarget, ok := chain.Targets[targetID]; ok && discoTarget.ConnectTimeout > 0 {
-				c.GetEndpointGroup().GetPassthrough().GetConfig().
-					ConnectTimeout = durationpb.New(discoTarget.ConnectTimeout)
-			}
-
-			transportSocket, err := s.createOutboundMeshMTLS(cfgSnap, []string{getSpiffeID(cfgSnap, uid)}, sni)
-			if err != nil {
-				return nil, err
-			}
-			c.GetEndpointGroup().GetPassthrough().OutboundTls = transportSocket
-
-			clusters[name] = &c
-		}
-	}
-
-	err := cfgSnap.ConnectProxy.DestinationsUpstream.ForEachKeyE(func(uid proxycfg.UpstreamID) error {
-		svcConfig, ok := cfgSnap.ConnectProxy.DestinationsUpstream.Get(uid)
-		if !ok || svcConfig.Destination == nil {
-			return nil
-		}
-
-		// One Cluster per Destination Address
-		for _, address := range svcConfig.Destination.Addresses {
-			name := clusterNameForDestination(cfgSnap, uid.Name, address, uid.NamespaceOrDefault(), uid.PartitionOrDefault())
-
-			c := &pbproxystate.Cluster{
-				AltStatName: name,
-				Group: &pbproxystate.Cluster_EndpointGroup{
-					EndpointGroup: &pbproxystate.EndpointGroup{
-						Group: &pbproxystate.EndpointGroup_Dynamic{
-							Dynamic: &pbproxystate.DynamicEndpointGroup{
-								Config: &pbproxystate.DynamicEndpointGroupConfig{
-									ConnectTimeout: durationpb.New(5 * time.Second),
-									// Endpoints are managed separately by EDS
-									// Having an empty config enables outlier detection with default config.
-									OutlierDetection: &pbproxystate.OutlierDetection{},
-								},
-							},
-						},
-					},
-				},
-			}
-			sni := connect.ServiceSNI(
-				uid.Name, "", uid.NamespaceOrDefault(),
-				uid.PartitionOrDefault(), cfgSnap.Datacenter,
-				cfgSnap.Roots.TrustDomain)
-			transportSocket, err := s.createOutboundMeshMTLS(cfgSnap, []string{getSpiffeID(cfgSnap, uid)}, sni)
-			if err != nil {
-				return err
-			}
-			c.GetEndpointGroup().GetDynamic().OutboundTls = transportSocket
-			clusters[name] = c
-		}
-		return nil
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	return clusters, nil
-}
-
-func getSpiffeID(cfgSnap *proxycfg.ConfigSnapshot, uid proxycfg.UpstreamID) string {
-	spiffeIDService := &connect.SpiffeIDService{
-		Host:       cfgSnap.Roots.TrustDomain,
-		Partition:  uid.PartitionOrDefault(),
-		Namespace:  uid.NamespaceOrDefault(),
-		Datacenter: cfgSnap.Datacenter,
-		Service:    uid.Name,
-	}
-	return spiffeIDService.URI().String()
-}
-func clusterNameForDestination(cfgSnap *proxycfg.ConfigSnapshot, name string,
-	address string, namespace string, partition string) string {
-	name = destinationSpecificServiceName(name, address)
-	sni := connect.ServiceSNI(name, "", namespace, partition,
-		cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
-
-	// Prefixed with destination to distinguish from non-passthrough clusters
-	// for the same upstream.
-	return "destination." + sni
-}
-
-func destinationSpecificServiceName(name string, address string) string {
-	address = strings.ReplaceAll(address, ":", "-")
-	address = strings.ReplaceAll(address, ".", "-")
-	return fmt.Sprintf("%s.%s", address, name)
-}
-
-// TODO(proxystate): Mesh Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func clustersFromSnapshotMeshGateway
-// func haveVoters
-
-// TODO(proxystate): Peering will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func makePeerServerClusters
-
-// TODO(proxystate): Terminating Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func clustersFromSnapshotTerminatingGateway
-
-// TODO(proxystate): Mesh Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func makeGatewayServiceClusters
-
-// TODO(proxystate): Cluster Peering will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func makeGatewayOutgoingClusterPeeringServiceClusters
-
-// TODO(proxystate): Terminating Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func makeDestinationClusters
-
-// TODO(proxystate): Mesh Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func injectGatewayServiceAddons
-
-// TODO(proxystate): Terminating Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func injectGatewayDestinationAddons
-
-// TODO(proxystate): Ingress Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func clustersFromSnapshotIngressGateway
-
-// TODO(proxystate): API Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func clustersFromSnapshotAPIGateway
-
-// TODO(proxystate): Ingress Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func configIngressUpstreamCluster
-
-func (s *Converter) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, name, pathProtocol string, port int) (*namedCluster, error) {
-	var err error
-	namedCluster := &namedCluster{}
-
-	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
-	if err != nil {
-		// Don't hard fail on a config typo, just warn. The parse func returns
-		// default config if there is an error so it's safe to continue.
-		s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
-	}
-
-	//// If we have overridden local cluster config try to parse it into an Envoy cluster
-	//if cfg.LocalClusterJSON != "" {
-	//	return makeClusterFromUserConfig(cfg.LocalClusterJSON)
-	//}
-
-	var endpoint *pbproxystate.Endpoint
-	if cfgSnap.Proxy.LocalServiceSocketPath != "" {
-		endpoint = makeUnixSocketEndpoint(cfgSnap.Proxy.LocalServiceSocketPath)
-	} else {
-		addr := cfgSnap.Proxy.LocalServiceAddress
-		if addr == "" {
-			addr = "127.0.0.1"
-		}
-		endpoint = makeHostPortEndpoint(addr, port)
-	}
-	s.proxyState.Endpoints[name] = &pbproxystate.Endpoints{
-		Endpoints: []*pbproxystate.Endpoint{endpoint},
-	}
-
-	namedCluster.name = name
-	namedCluster.cluster = &pbproxystate.Cluster{
-		Group: &pbproxystate.Cluster_EndpointGroup{
-			EndpointGroup: &pbproxystate.EndpointGroup{
-				Group: &pbproxystate.EndpointGroup_Static{
-					Static: &pbproxystate.StaticEndpointGroup{
-						Config: &pbproxystate.StaticEndpointGroupConfig{
-							ConnectTimeout: durationpb.New(time.Duration(cfg.LocalConnectTimeoutMs) * time.Millisecond),
-						},
-					},
-				},
-			},
-		},
-	}
-
-	protocol := pathProtocol
-	if protocol == "" {
-		protocol = cfg.Protocol
-	}
-	namedCluster.cluster.Protocol = protocol
-	if cfg.MaxInboundConnections > 0 {
-		namedCluster.cluster.GetEndpointGroup().GetStatic().GetConfig().
-			CircuitBreakers = &pbproxystate.CircuitBreakers{
-			UpstreamLimits: &pbproxystate.UpstreamLimits{
-				MaxConnections: response.MakeUint32Value(cfg.MaxInboundConnections),
-			},
-		}
-	}
-
-	return namedCluster, err
-}
-
-func (s *Converter) makeUpstreamClusterForPeerService(
-	uid proxycfg.UpstreamID,
-	upstreamConfig structs.UpstreamConfig,
-	peerMeta structs.PeeringServiceMeta,
-	cfgSnap *proxycfg.ConfigSnapshot,
-) (string, *pbproxystate.Cluster, *pbproxystate.Endpoints, error) {
-	var (
-		c   *pbproxystate.Cluster
-		e   *pbproxystate.Endpoints
-		err error
-	)
-
-	// TODO(proxystate): escapeHatches will be implemented in the future
-	//if upstreamConfig.EnvoyClusterJSON != "" {
-	//	c, err = makeClusterFromUserConfig(upstreamConfig.EnvoyClusterJSON)
-	//	if err != nil {
-	//		return "", c, e, err
-	//	}
-	//	// In the happy path don't return yet as we need to inject TLS config still.
-	//}
-
-	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
-
-	if err != nil {
-		return "", c, e, err
-	}
-
-	tbs, ok := upstreamsSnapshot.UpstreamPeerTrustBundles.Get(uid.Peer)
-	if !ok {
-		// this should never happen since we loop through upstreams with
-		// set trust bundles
-		return "", c, e, fmt.Errorf("trust bundle not ready for peer %s", uid.Peer)
-	}
-
-	clusterName := generatePeeredClusterName(uid, tbs)
-
-	outlierDetection := makeOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true)
-	// We can't rely on health checks for services on cluster peers because they
-	// don't take into account service resolvers, splitters and routers. Setting
-	// MaxEjectionPercent too 100% gives outlier detection the power to eject the
-	// entire cluster.
-	outlierDetection.MaxEjectionPercent = &wrapperspb.UInt32Value{Value: 100}
-
-	s.Logger.Trace("generating cluster for", "cluster", clusterName)
-	if c == nil {
-		c = &pbproxystate.Cluster{}
-
-		useEDS := true
-		if _, ok := cfgSnap.ConnectProxy.PeerUpstreamEndpointsUseHostnames[uid]; ok {
-			// If we're using local mesh gw, the fact that upstreams use hostnames don't matter.
-			// If we're not using local mesh gw, then resort to CDS.
-			if upstreamConfig.MeshGateway.Mode != structs.MeshGatewayModeLocal {
-				useEDS = false
-			}
-		}
-
-		// If none of the service instances are addressed by a hostname we
-		// provide the endpoint IP addresses via EDS
-		if useEDS {
-			d := &pbproxystate.DynamicEndpointGroup{
-				Config: &pbproxystate.DynamicEndpointGroupConfig{
-					UseAltStatName:        false,
-					ConnectTimeout:        durationpb.New(time.Duration(upstreamConfig.ConnectTimeoutMs) * time.Millisecond),
-					DisablePanicThreshold: true,
-					CircuitBreakers: &pbproxystate.CircuitBreakers{
-						UpstreamLimits: makeUpstreamLimitsIfNeeded(upstreamConfig.Limits),
-					},
-					OutlierDetection: outlierDetection,
-				},
-			}
-			c.Group = &pbproxystate.Cluster_EndpointGroup{
-				EndpointGroup: &pbproxystate.EndpointGroup{
-					Group: &pbproxystate.EndpointGroup_Dynamic{
-						Dynamic: d,
-					},
-				},
-			}
-			transportSocket := &pbproxystate.TransportSocket{
-				ConnectionTls: &pbproxystate.TransportSocket_OutboundMesh{
-					OutboundMesh: &pbproxystate.OutboundMeshMTLS{
-						ValidationContext: &pbproxystate.MeshOutboundValidationContext{
-							SpiffeIds:              peerMeta.SpiffeID,
-							TrustBundlePeerNameKey: uid.Peer,
-						},
-						Sni: peerMeta.PrimarySNI(),
-					},
-				},
-			}
-			d.OutboundTls = transportSocket
-		} else {
-			d := &pbproxystate.DNSEndpointGroup{
-				Config: &pbproxystate.DNSEndpointGroupConfig{
-					UseAltStatName:        false,
-					ConnectTimeout:        durationpb.New(time.Duration(upstreamConfig.ConnectTimeoutMs) * time.Millisecond),
-					DisablePanicThreshold: true,
-					CircuitBreakers: &pbproxystate.CircuitBreakers{
-						UpstreamLimits: makeUpstreamLimitsIfNeeded(upstreamConfig.Limits),
-					},
-					OutlierDetection: outlierDetection,
-				},
-			}
-			c.Group = &pbproxystate.Cluster_EndpointGroup{
-				EndpointGroup: &pbproxystate.EndpointGroup{
-					Group: &pbproxystate.EndpointGroup_Dns{
-						Dns: d,
-					},
-				},
-			}
-			e = &pbproxystate.Endpoints{
-				Endpoints: make([]*pbproxystate.Endpoint, 0),
-			}
-
-			ep, _ := cfgSnap.ConnectProxy.PeerUpstreamEndpoints.Get(uid)
-			configureClusterWithHostnames(
-				s.Logger,
-				d,
-				e,
-				"", /*TODO:make configurable?*/
-				ep,
-				true,  /*isRemote*/
-				false, /*onlyPassing*/
-			)
-			transportSocket := &pbproxystate.TransportSocket{
-				ConnectionTls: &pbproxystate.TransportSocket_OutboundMesh{
-					OutboundMesh: &pbproxystate.OutboundMeshMTLS{
-						ValidationContext: &pbproxystate.MeshOutboundValidationContext{
-							SpiffeIds:              peerMeta.SpiffeID,
-							TrustBundlePeerNameKey: uid.Peer,
-						},
-						Sni: peerMeta.PrimarySNI(),
-					},
-				},
-			}
-			d.OutboundTls = transportSocket
-		}
-	}
-
-	return clusterName, c, e, nil
-}
-
-func (s *Converter) makeUpstreamClusterForPreparedQuery(upstream structs.Upstream, cfgSnap *proxycfg.ConfigSnapshot) (*namedCluster, error) {
-	var c *pbproxystate.Cluster
-	var err error
-
-	uid := proxycfg.NewUpstreamID(&upstream)
-
-	dc := upstream.Datacenter
-	if dc == "" {
-		dc = cfgSnap.Datacenter
-	}
-	sni := connect.UpstreamSNI(&upstream, "", dc, cfgSnap.Roots.TrustDomain)
-
-	cfg, _ := structs.ParseUpstreamConfig(upstream.Config)
-	// TODO(proxystate): add logger and enable this
-	//if err != nil {
-	// Don't hard fail on a config typo, just warn. The parse func returns
-	// default config if there is an error so it's safe to continue.
-	//s.Logger.Warn("failed to parse", "upstream", uid, "error", err)
-	//}
-
-	// TODO(proxystate): escapeHatches will be implemented in the future
-	//if cfg.EnvoyClusterJSON != "" {
-	//	c, err = makeClusterFromUserConfig(cfg.EnvoyClusterJSON)
-	//	if err != nil {
-	//		return c, err
-	//	}
-	//	// In the happy path don't return yet as we need to inject TLS config still.
-	//}
-
-	if c == nil {
-		c = &pbproxystate.Cluster{
-			Protocol: cfg.Protocol,
-			Group: &pbproxystate.Cluster_EndpointGroup{
-				EndpointGroup: &pbproxystate.EndpointGroup{
-					Group: &pbproxystate.EndpointGroup_Dynamic{
-						Dynamic: &pbproxystate.DynamicEndpointGroup{
-							Config: &pbproxystate.DynamicEndpointGroupConfig{
-								ConnectTimeout: durationpb.New(time.Duration(cfg.ConnectTimeoutMs) * time.Millisecond),
-								// Endpoints are managed separately by EDS
-								// Having an empty config enables outlier detection with default config.
-								OutlierDetection:      makeOutlierDetection(cfg.PassiveHealthCheck, nil, true),
-								DisablePanicThreshold: true,
-								CircuitBreakers: &pbproxystate.CircuitBreakers{
-									UpstreamLimits: makeUpstreamLimitsIfNeeded(cfg.Limits),
-								},
-							},
-						},
-					},
-				},
-			},
-		}
-	}
-
-	endpoints := cfgSnap.ConnectProxy.PreparedQueryEndpoints[uid]
-	var (
-		spiffeIDs = make([]string, 0)
-		seen      = make(map[string]struct{})
-	)
-	for _, e := range endpoints {
-		id := fmt.Sprintf("%s/%s", e.Node.Datacenter, e.Service.CompoundServiceName())
-		if _, ok := seen[id]; ok {
-			continue
-		}
-		seen[id] = struct{}{}
-
-		name := e.Service.Proxy.DestinationServiceName
-		if e.Service.Connect.Native {
-			name = e.Service.Service
-		}
-
-		spiffeIDs = append(spiffeIDs, connect.SpiffeIDService{
-			Host:       cfgSnap.Roots.TrustDomain,
-			Namespace:  e.Service.NamespaceOrDefault(),
-			Partition:  e.Service.PartitionOrDefault(),
-			Datacenter: e.Node.Datacenter,
-			Service:    name,
-		}.URI().String())
-	}
-
-	transportSocket, err := s.createOutboundMeshMTLS(cfgSnap, spiffeIDs, sni)
-	if err != nil {
-		return nil, err
-	}
-	c.GetEndpointGroup().GetDynamic().OutboundTls = transportSocket
-
-	return &namedCluster{name: sni, cluster: c}, nil
-}
-
-func finalizeUpstreamConfig(cfg structs.UpstreamConfig, chain *structs.CompiledDiscoveryChain, connectTimeout time.Duration) structs.UpstreamConfig {
-	if cfg.Protocol == "" {
-		cfg.Protocol = chain.Protocol
-	}
-
-	if cfg.Protocol == "" {
-		cfg.Protocol = "tcp"
-	}
-
-	if cfg.ConnectTimeoutMs == 0 {
-		cfg.ConnectTimeoutMs = int(connectTimeout / time.Millisecond)
-	}
-	return cfg
-}
-
-func (s *Converter) createOutboundMeshMTLS(cfgSnap *proxycfg.ConfigSnapshot, spiffeIDs []string, sni string) (*pbproxystate.TransportSocket, error) {
-	switch cfgSnap.Kind {
-	case structs.ServiceKindConnectProxy:
-	case structs.ServiceKindMeshGateway:
-	default:
-		return nil, fmt.Errorf("cannot inject peering trust bundles for kind %q", cfgSnap.Kind)
-	}
-
-	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
-	if err != nil {
-		// Don't hard fail on a config typo, just warn. The parse func returns
-		// default config if there is an error so it's safe to continue.
-		s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
-	}
-
-	// Add all trust bundle peer names, including local.
-	trustBundlePeerNames := []string{"local"}
-	for _, tb := range cfgSnap.PeeringTrustBundles() {
-		trustBundlePeerNames = append(trustBundlePeerNames, tb.PeerName)
-	}
-	// Arbitrary UUID to reference the identity by.
-	uuid, err := uuid.GenerateUUID()
-	if err != nil {
-		return nil, err
-	}
-
-	// Create the transport socket
-	ts := &pbproxystate.TransportSocket{}
-
-	ts.ConnectionTls = &pbproxystate.TransportSocket_OutboundMesh{
-		OutboundMesh: &pbproxystate.OutboundMeshMTLS{
-			IdentityKey: uuid,
-			ValidationContext: &pbproxystate.MeshOutboundValidationContext{
-				TrustBundlePeerNameKey: trustBundlePeerNames[0],
-				SpiffeIds:              spiffeIDs,
-			},
-			Sni: sni,
-		},
-	}
-	s.proxyState.LeafCertificates[uuid] = &pbproxystate.LeafCertificate{
-		Cert: cfgSnap.Leaf().CertPEM,
-		Key:  cfgSnap.Leaf().PrivateKeyPEM,
-	}
-	ts.TlsParameters = makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing())
-	ts.AlpnProtocols = getAlpnProtocols(cfg.Protocol)
-
-	return ts, nil
-}
-func (s *Converter) makeUpstreamClustersForDiscoveryChain(
-	uid proxycfg.UpstreamID,
-	upstream *structs.Upstream,
-	chain *structs.CompiledDiscoveryChain,
-	cfgSnap *proxycfg.ConfigSnapshot,
-	forMeshGateway bool,
-) (map[string]*pbproxystate.Cluster, error) {
-	if chain == nil {
-		return nil, fmt.Errorf("cannot create upstream cluster without discovery chain for %s", uid)
-	}
-
-	if uid.Peer != "" && forMeshGateway {
-		return nil, fmt.Errorf("impossible to get a peer discovery chain in a mesh gateway")
-	}
-
-	upstreamConfigMap := make(map[string]interface{})
-	if upstream != nil {
-		upstreamConfigMap = upstream.Config
-	}
-
-	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
-
-	// Mesh gateways are exempt because upstreamsSnapshot is only used for
-	// cluster peering targets and transative failover/redirects are unsupported.
-	if err != nil && !forMeshGateway {
-		return nil, err
-	}
-
-	rawUpstreamConfig, err := structs.ParseUpstreamConfigNoDefaults(upstreamConfigMap)
-	if err != nil {
-		// Don't hard fail on a config typo, just warn. The parse func returns
-		// default config if there is an error so it's safe to continue.
-		s.Logger.Warn("failed to parse", "upstream", uid,
-			"error", err)
-	}
-
-	// TODO(proxystate): escapeHatches will be implemented in the future
-	//var escapeHatchCluster *pbproxystate.Cluster
-	//if !forMeshGateway {
-	//	if rawUpstreamConfig.EnvoyClusterJSON != "" {
-	//		if chain.Default {
-	//			// If you haven't done anything to setup the discovery chain, then
-	//			// you can use the envoy_cluster_json escape hatch.
-	//			escapeHatchCluster = &pbproxystate.Cluster{
-	//				EscapeHatchClusterJson: rawUpstreamConfig.EnvoyClusterJSON,
-	//			}
-	//		} else {
-	//			s.Logger.Warn("ignoring escape hatch setting, because a discovery chain is configured for",
-	//				"discovery chain", chain.ServiceName, "upstream", uid,
-	//				"envoy_cluster_json", chain.ServiceName)
-	//		}
-	//	}
-	//}
-
-	out := make(map[string]*pbproxystate.Cluster)
-	for _, node := range chain.Nodes {
-		switch {
-		case node == nil:
-			return nil, fmt.Errorf("impossible to process a nil node")
-		case node.Type != structs.DiscoveryGraphNodeTypeResolver:
-			continue
-		case node.Resolver == nil:
-			return nil, fmt.Errorf("impossible to process a non-resolver node")
-		}
-		// These variables are prefixed with primary to avoid shaddowing bugs.
-		primaryTargetID := node.Resolver.Target
-		primaryTarget := chain.Targets[primaryTargetID]
-		primaryTargetClusterName := s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway)
-		if primaryTargetClusterName == "" {
-			continue
-		}
-		if forMeshGateway && !cfgSnap.Locality.Matches(primaryTarget.Datacenter, primaryTarget.Partition) {
-			s.Logger.Warn("ignoring discovery chain target that crosses a datacenter or partition boundary in a mesh gateway",
-				"target", primaryTarget,
-				"gatewayLocality", cfgSnap.Locality,
-			)
-			continue
-		}
-
-		upstreamConfig := finalizeUpstreamConfig(rawUpstreamConfig, chain, node.Resolver.ConnectTimeout)
-
-		mappedTargets, err := s.mapDiscoChainTargets(cfgSnap, chain, node, upstreamConfig, forMeshGateway)
-		if err != nil {
-			return nil, err
-		}
-
-		targetGroups, err := mappedTargets.groupedTargets()
-		if err != nil {
-			return nil, err
-		}
-
-		var failoverGroup *pbproxystate.FailoverGroup
-		endpointGroups := make([]*pbproxystate.EndpointGroup, 0)
-		if mappedTargets.failover {
-			// Create a failover group. The endpoint groups that are part of this failover group are created by the loop
-			// below.
-			failoverGroup = &pbproxystate.FailoverGroup{
-				Config: &pbproxystate.FailoverGroupConfig{
-					ConnectTimeout: durationpb.New(node.Resolver.ConnectTimeout),
-				},
-			}
-		}
-
-		// Construct the target dynamic endpoint groups. If these are not part of a failover group, they will get added
-		// directly to the map of pbproxystate.Cluster, if they are a part of a failover group, they will be added to
-		// the failover group.
-		for _, groupedTarget := range targetGroups {
-			s.Logger.Debug("generating cluster for", "cluster", groupedTarget.ClusterName)
-			dynamic := &pbproxystate.DynamicEndpointGroup{
-				Config: &pbproxystate.DynamicEndpointGroupConfig{
-					UseAltStatName: true,
-					ConnectTimeout: durationpb.New(node.Resolver.ConnectTimeout),
-					// TODO(peering): make circuit breakers or outlier detection work?
-					CircuitBreakers: &pbproxystate.CircuitBreakers{
-						UpstreamLimits: makeUpstreamLimitsIfNeeded(upstreamConfig.Limits),
-					},
-					OutlierDetection: makeOutlierDetection(upstreamConfig.PassiveHealthCheck, nil, true),
-				},
-			}
-			ti := groupedTarget.Targets[0]
-			transportSocket, err := s.createOutboundMeshMTLS(cfgSnap, ti.SpiffeIDs, ti.SNI)
-			if err != nil {
-				return nil, err
-			}
-			dynamic.OutboundTls = transportSocket
-
-			var lb *structs.LoadBalancer
-			if node.LoadBalancer != nil {
-				lb = node.LoadBalancer
-			}
-			if err := injectLBToCluster(lb, dynamic.Config); err != nil {
-				return nil, fmt.Errorf("failed to apply load balancer configuration to cluster %q: %v", groupedTarget.ClusterName, err)
-			}
-
-			// TODO: IR: http2 options not currently supported
-			//if upstreamConfig.Protocol == "http2" || upstreamConfig.Protocol == "grpc" {
-			//	if err := s.setHttp2ProtocolOptions(c); err != nil {
-			//		return nil, err
-			//	}
-			//}
-
-			switch len(groupedTarget.Targets) {
-			case 0:
-				continue
-			case 1:
-				// We expect one target so this passes through to continue setting the cluster up.
-			default:
-				return nil, fmt.Errorf("cannot have more than one target")
-			}
-
-			if targetInfo := groupedTarget.Targets[0]; targetInfo.TransportSocket != nil {
-				dynamic.OutboundTls = targetInfo.TransportSocket
-			}
-
-			// If the endpoint group is part of a failover group, add it to the failover group. Otherwise add it
-			// directly to the clusters.
-			if failoverGroup != nil {
-				eg := &pbproxystate.EndpointGroup{
-					Group: &pbproxystate.EndpointGroup_Dynamic{
-						Dynamic: dynamic,
-					},
-				}
-				endpointGroups = append(endpointGroups, eg)
-			} else {
-				cluster := &pbproxystate.Cluster{
-					AltStatName: mappedTargets.baseClusterName,
-					Protocol:    upstreamConfig.Protocol,
-					Group: &pbproxystate.Cluster_EndpointGroup{
-						EndpointGroup: &pbproxystate.EndpointGroup{
-							Group: &pbproxystate.EndpointGroup_Dynamic{
-								Dynamic: dynamic,
-							},
-						},
-					},
-				}
-
-				out[mappedTargets.baseClusterName] = cluster
-			}
-		}
-
-		// If there's a failover group, we only add the failover group to the top level list of clusters. Its endpoint
-		// groups are inlined.
-		if failoverGroup != nil {
-			failoverGroup.EndpointGroups = endpointGroups
-			cluster := &pbproxystate.Cluster{
-				AltStatName: mappedTargets.baseClusterName,
-				Protocol:    upstreamConfig.Protocol,
-				Group: &pbproxystate.Cluster_FailoverGroup{
-					FailoverGroup: failoverGroup,
-				},
-			}
-			out[mappedTargets.baseClusterName] = cluster
-		}
-	}
-
-	//if escapeHatchCluster != nil {
-	//	if len(out) != 1 {
-	//		return nil, fmt.Errorf("cannot inject escape hatch cluster when discovery chain had no nodes")
-	//	}
-	//	var defaultCluster *pbproxystate.Cluster
-	//	for _, k := range out {
-	//		defaultCluster = k
-	//		break
-	//	}
-	//
-	//	// Overlay what the user provided.
-	//	escapeHatchCluster.GetEndpointGroup().GetDynamic().OutboundTls.ConnectionTls =
-	//		defaultCluster.GetEndpointGroup().GetDynamic().OutboundTls.ConnectionTls
-	//
-	//	out = append(out, escapeHatchCluster)
-	//}
-
-	return out, nil
-}
-
-// TODO(proxystate): Mesh Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func makeExportedUpstreamClustersForMeshGateway
-
-// makeClusterFromUserConfig returns the listener config decoded from an
-// arbitrary proto3 json format string or an error if it's invalid.
-//
-// For now we only support embedding in JSON strings because of the hcl parsing
-// pain (see Background section in the comment for decode.HookWeakDecodeFromSlice).
-// This may be fixed in decode.HookWeakDecodeFromSlice in the future.
-//
-// When we do that we can support just nesting the config directly into the
-// JSON/hcl naturally but this is a stop-gap that gets us an escape hatch
-// immediately. It's also probably not a bad thing to support long-term since
-// any config generated by other systems will likely be in canonical protobuf
-// from rather than our slight variant in JSON/hcl.
-
-// TODO(proxystate): Mesh and Terminating Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func makeGatewayCluster
-
-func configureClusterWithHostnames(
-	logger hclog.Logger,
-	dnsEndpointGroup *pbproxystate.DNSEndpointGroup,
-	endpointList *pbproxystate.Endpoints,
-	dnsDiscoveryType string,
-	// hostnameEndpoints is a list of endpoints with a hostname as their address
-	hostnameEndpoints structs.CheckServiceNodes,
-	// isRemote determines whether the cluster is in a remote DC or partition and we should prefer a WAN address
-	isRemote bool,
-	// onlyPassing determines whether endpoints that do not have a passing status should be considered unhealthy
-	onlyPassing bool,
-) {
-	// When a service instance is addressed by a hostname we have Envoy do the DNS resolution
-	// by setting a DNS cluster type and passing the hostname endpoints via CDS.
-	if dnsEndpointGroup.Config == nil {
-		dnsEndpointGroup.Config = &pbproxystate.DNSEndpointGroupConfig{}
-	}
-	dnsEndpointGroup.Config.DiscoveryType = pbproxystate.DiscoveryType_DISCOVERY_TYPE_LOGICAL
-	if dnsDiscoveryType == "strict_dns" {
-		dnsEndpointGroup.Config.DiscoveryType = pbproxystate.DiscoveryType_DISCOVERY_TYPE_STRICT
-	}
-
-	endpoints := make([]*envoy_endpoint_v3.LbEndpoint, 0, 1)
-	uniqueHostnames := make(map[string]bool)
-
-	var (
-		hostname string
-		idx      int
-		fallback *pbproxystate.Endpoint
-	)
-	for i, e := range hostnameEndpoints {
-		_, addr, port := e.BestAddress(isRemote)
-		uniqueHostnames[addr] = true
-
-		health, weight := calculateEndpointHealthAndWeight(e, onlyPassing)
-		if health == pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY {
-			fallback = makeLbEndpoint(addr, port, health, weight)
-			continue
-		}
-
-		if len(endpoints) == 0 {
-			endpointList.Endpoints = append(endpointList.Endpoints, makeLbEndpoint(addr, port, health, weight))
-
-			hostname = addr
-			idx = i
-			break
-		}
-	}
-
-	dc := hostnameEndpoints[idx].Node.Datacenter
-	service := hostnameEndpoints[idx].Service.CompoundServiceName()
-
-	// Fall back to last unhealthy endpoint if none were healthy
-	if len(endpoints) == 0 {
-		logger.Warn("upstream service does not contain any healthy instances",
-			"dc", dc, "service", service.String())
-
-		//endpoints = append(endpoints, fallback)
-		endpointList.Endpoints = append(endpointList.Endpoints, fallback)
-	}
-	if len(uniqueHostnames) > 1 {
-		logger.Warn(fmt.Sprintf("service contains instances with more than one unique hostname; only %q be resolved by Envoy", hostname),
-			"dc", dc, "service", service.String())
-	}
-
-}
-
-// TODO(proxystate): Terminating Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func makeExternalIPCluster
-
-// TODO(proxystate): Terminating Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func makeExternalHostnameCluster
-
-func makeUpstreamLimitsIfNeeded(limits *structs.UpstreamLimits) *pbproxystate.UpstreamLimits {
-	if limits == nil {
-		return nil
-	}
-
-	upstreamLimits := &pbproxystate.UpstreamLimits{}
-
-	// Likewise, make sure to not set any threshold values on the zero-value in
-	// order to rely on Envoy defaults
-	if limits.MaxConnections != nil {
-		upstreamLimits.MaxConnections = response.MakeUint32Value(*limits.MaxConnections)
-	}
-	if limits.MaxPendingRequests != nil {
-		upstreamLimits.MaxPendingRequests = response.MakeUint32Value(*limits.MaxPendingRequests)
-	}
-	if limits.MaxConcurrentRequests != nil {
-		upstreamLimits.MaxConcurrentRequests = response.MakeUint32Value(*limits.MaxConcurrentRequests)
-	}
-
-	return upstreamLimits
-}
-
-func injectLBToCluster(ec *structs.LoadBalancer, dc *pbproxystate.DynamicEndpointGroupConfig) error {
-	if ec == nil {
-		return nil
-	}
-
-	switch ec.Policy {
-	case "":
-		return nil
-	case structs.LBPolicyLeastRequest:
-		lr := &pbproxystate.DynamicEndpointGroupConfig_LeastRequest{
-			LeastRequest: &pbproxystate.LBPolicyLeastRequest{},
-		}
-
-		dc.LbPolicy = lr
-
-		if ec.LeastRequestConfig != nil {
-			lr.LeastRequest.ChoiceCount = &wrapperspb.UInt32Value{Value: ec.LeastRequestConfig.ChoiceCount}
-		}
-	case structs.LBPolicyRoundRobin:
-		dc.LbPolicy = &pbproxystate.DynamicEndpointGroupConfig_RoundRobin{
-			RoundRobin: &pbproxystate.LBPolicyRoundRobin{},
-		}
-
-	case structs.LBPolicyRandom:
-		dc.LbPolicy = &pbproxystate.DynamicEndpointGroupConfig_Random{
-			Random: &pbproxystate.LBPolicyRandom{},
-		}
-
-	case structs.LBPolicyRingHash:
-		rh := &pbproxystate.DynamicEndpointGroupConfig_RingHash{
-			RingHash: &pbproxystate.LBPolicyRingHash{},
-		}
-
-		dc.LbPolicy = rh
-
-		if ec.RingHashConfig != nil {
-			rh.RingHash.MinimumRingSize = &wrapperspb.UInt64Value{Value: ec.RingHashConfig.MinimumRingSize}
-			rh.RingHash.MaximumRingSize = &wrapperspb.UInt64Value{Value: ec.RingHashConfig.MaximumRingSize}
-		}
-	case structs.LBPolicyMaglev:
-		dc.LbPolicy = &pbproxystate.DynamicEndpointGroupConfig_Maglev{
-			Maglev: &pbproxystate.LBPolicyMaglev{},
-		}
-
-	default:
-		return fmt.Errorf("unsupported load balancer policy %q", ec.Policy)
-	}
-	return nil
-}
-
-// generatePeeredClusterName returns an SNI-like cluster name which mimics PeeredServiceSNI
-// but excludes partition information which could be ambiguous (local vs remote partition).
-func generatePeeredClusterName(uid proxycfg.UpstreamID, tb *pbpeering.PeeringTrustBundle) string {
-	return strings.Join([]string{
-		uid.Name,
-		uid.NamespaceOrDefault(),
-		uid.Peer,
-		"external",
-		tb.TrustDomain,
-	}, ".")
-}
-
-func (s *Converter) getTargetClusterName(upstreamsSnapshot *proxycfg.ConfigSnapshotUpstreams, chain *structs.CompiledDiscoveryChain, tid string, forMeshGateway bool) string {
-	target := chain.Targets[tid]
-	clusterName := target.Name
-	targetUID := proxycfg.NewUpstreamIDFromTargetID(tid)
-	if targetUID.Peer != "" {
-		tbs, ok := upstreamsSnapshot.UpstreamPeerTrustBundles.Get(targetUID.Peer)
-		// We can't generate cluster on peers without the trust bundle. The
-		// trust bundle should be ready soon.
-		if !ok {
-			s.Logger.Debug("peer trust bundle not ready for discovery chain target",
-				"peer", targetUID.Peer,
-				"target", tid,
-			)
-			return ""
-		}
-
-		clusterName = generatePeeredClusterName(targetUID, tbs)
-	}
-	clusterName = naming.CustomizeClusterName(clusterName, chain)
-	if forMeshGateway {
-		clusterName = meshGatewayExportedClusterNamePrefix + clusterName
-	}
-	return clusterName
-}
-
-// Return an pbproxystate.OutlierDetection populated by the values from structs.PassiveHealthCheck.
-// If all values are zero a default empty OutlierDetection will be returned to
-// enable outlier detection with default values.
-//   - If override is not nil, it will overwrite the values from p, e.g., ingress gateway defaults
-//   - allowZero is added to handle the legacy case where connect-proxy and mesh gateway can set 0
-//     for EnforcingConsecutive5xx. Due to the definition of proto of PassiveHealthCheck, ingress
-//     gateway's EnforcingConsecutive5xx must be > 0.
-func makeOutlierDetection(p *structs.PassiveHealthCheck, override *structs.PassiveHealthCheck, allowZero bool) *pbproxystate.OutlierDetection {
-	od := &pbproxystate.OutlierDetection{}
-	if p != nil {
-
-		if p.Interval != 0 {
-			od.Interval = durationpb.New(p.Interval)
-		}
-		if p.MaxFailures != 0 {
-			od.Consecutive_5Xx = &wrapperspb.UInt32Value{Value: p.MaxFailures}
-		}
-
-		if p.EnforcingConsecutive5xx != nil {
-			// NOTE: EnforcingConsecutive5xx must be greater than 0 for ingress-gateway
-			if *p.EnforcingConsecutive5xx != 0 {
-				od.EnforcingConsecutive_5Xx = &wrapperspb.UInt32Value{Value: *p.EnforcingConsecutive5xx}
-			} else if allowZero {
-				od.EnforcingConsecutive_5Xx = &wrapperspb.UInt32Value{Value: *p.EnforcingConsecutive5xx}
-			}
-		}
-
-		if p.MaxEjectionPercent != nil {
-			od.MaxEjectionPercent = &wrapperspb.UInt32Value{Value: *p.MaxEjectionPercent}
-		}
-		if p.BaseEjectionTime != nil {
-			od.BaseEjectionTime = durationpb.New(*p.BaseEjectionTime)
-		}
-	}
-
-	if override == nil {
-		return od
-	}
-
-	// override the default outlier detection value
-	if override.Interval != 0 {
-		od.Interval = durationpb.New(override.Interval)
-	}
-	if override.MaxFailures != 0 {
-		od.Consecutive_5Xx = &wrapperspb.UInt32Value{Value: override.MaxFailures}
-	}
-
-	if override.EnforcingConsecutive5xx != nil {
-		// NOTE: EnforcingConsecutive5xx must be great than 0 for ingress-gateway
-		if *override.EnforcingConsecutive5xx != 0 {
-			od.EnforcingConsecutive_5Xx = &wrapperspb.UInt32Value{Value: *override.EnforcingConsecutive5xx}
-		}
-		// Because only ingress gateways have overrides and they cannot have a value of 0, there is no allowZero
-		// override case to handle
-	}
-
-	if override.MaxEjectionPercent != nil {
-		od.MaxEjectionPercent = &wrapperspb.UInt32Value{Value: *override.MaxEjectionPercent}
-	}
-	if override.BaseEjectionTime != nil {
-		od.BaseEjectionTime = durationpb.New(*override.BaseEjectionTime)
-	}
-
-	return od
-}
diff --git a/agent/xds/proxystateconverter/converter.go b/agent/xds/proxystateconverter/converter.go
deleted file mode 100644
index 954e30857e4b..000000000000
--- a/agent/xds/proxystateconverter/converter.go
+++ /dev/null
@@ -1,136 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package proxystateconverter
-
-import (
-	"fmt"
-
-	"github.com/hashicorp/go-hclog"
-
-	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/configfetcher"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-)
-
-// Converter converts a single snapshot into a ProxyState.
-type Converter struct {
-	Logger     hclog.Logger
-	CfgFetcher configfetcher.ConfigFetcher
-	proxyState *proxytracker.ProxyState
-}
-
-func NewConverter(
-	logger hclog.Logger,
-	cfgFetcher configfetcher.ConfigFetcher,
-) *Converter {
-	return &Converter{
-		Logger:     logger,
-		CfgFetcher: cfgFetcher,
-		proxyState: &proxytracker.ProxyState{
-			ProxyState: &pbmesh.ProxyState{
-				Listeners: make([]*pbproxystate.Listener, 0),
-				Clusters:  make(map[string]*pbproxystate.Cluster),
-				Routes:    make(map[string]*pbproxystate.Route),
-				Endpoints: make(map[string]*pbproxystate.Endpoints),
-			},
-		},
-	}
-}
-
-func (g *Converter) ProxyStateFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) (*proxytracker.ProxyState, error) {
-	err := g.resourcesFromSnapshot(cfgSnap)
-	if err != nil {
-		return nil, fmt.Errorf("failed to generate FullProxyState: %v", err)
-	}
-
-	return g.proxyState, nil
-}
-
-func (g *Converter) resourcesFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
-	err := g.tlsConfigFromSnapshot(cfgSnap)
-	if err != nil {
-		return err
-	}
-
-	err = g.listenersFromSnapshot(cfgSnap)
-	if err != nil {
-		return err
-	}
-
-	err = g.endpointsFromSnapshot(cfgSnap)
-	if err != nil {
-		return err
-	}
-	err = g.clustersFromSnapshot(cfgSnap)
-	if err != nil {
-		return err
-	}
-	err = g.routesFromSnapshot(cfgSnap)
-	if err != nil {
-		return err
-	}
-
-	//g.secretsFromSnapshot(cfgSnap)
-	return nil
-}
-
-const localPeerKey = "local"
-
-func (g *Converter) tlsConfigFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
-	proxyStateTLS := &pbproxystate.TLS{}
-	g.proxyState.TrustBundles = make(map[string]*pbproxystate.TrustBundle)
-	g.proxyState.LeafCertificates = make(map[string]*pbproxystate.LeafCertificate)
-
-	// Set the TLS in the top level proxyState
-	g.proxyState.Tls = proxyStateTLS
-
-	// Add local trust bundle
-	g.proxyState.TrustBundles[localPeerKey] = &pbproxystate.TrustBundle{
-		TrustDomain: cfgSnap.Roots.TrustDomain,
-		Roots:       []string{cfgSnap.RootPEMs()},
-	}
-
-	// Add peered trust bundles for remote peers that will dial this proxy.
-	for _, peeringTrustBundle := range cfgSnap.PeeringTrustBundles() {
-		g.proxyState.TrustBundles[peeringTrustBundle.PeerName] = &pbproxystate.TrustBundle{
-			TrustDomain: peeringTrustBundle.GetTrustDomain(),
-			Roots:       peeringTrustBundle.RootPEMs,
-		}
-	}
-
-	// Add upstream peer trust bundles for dialing upstreams in remote peers.
-	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
-	if err != nil {
-		if !(cfgSnap.Kind == structs.ServiceKindMeshGateway || cfgSnap.Kind == structs.ServiceKindTerminatingGateway) {
-			return err
-		}
-	}
-	if upstreamsSnapshot != nil {
-		upstreamsSnapshot.UpstreamPeerTrustBundles.ForEachKeyE(func(k proxycfg.PeerName) error {
-			tbs, ok := upstreamsSnapshot.UpstreamPeerTrustBundles.Get(k)
-			if ok {
-				g.proxyState.TrustBundles[k] = &pbproxystate.TrustBundle{
-					TrustDomain: tbs.TrustDomain,
-					Roots:       tbs.RootPEMs,
-				}
-			}
-			return nil
-		})
-	}
-
-	if cfgSnap.MeshConfigTLSOutgoing() != nil {
-		proxyStateTLS.OutboundTlsParameters = makeTLSParametersFromTLSConfig(cfgSnap.MeshConfigTLSOutgoing().TLSMinVersion,
-			cfgSnap.MeshConfigTLSOutgoing().TLSMaxVersion, cfgSnap.MeshConfigTLSOutgoing().CipherSuites)
-	}
-
-	if cfgSnap.MeshConfigTLSIncoming() != nil {
-		proxyStateTLS.InboundTlsParameters = makeTLSParametersFromTLSConfig(cfgSnap.MeshConfigTLSIncoming().TLSMinVersion,
-			cfgSnap.MeshConfigTLSIncoming().TLSMaxVersion, cfgSnap.MeshConfigTLSIncoming().CipherSuites)
-	}
-
-	return nil
-}
diff --git a/agent/xds/proxystateconverter/endpoints.go b/agent/xds/proxystateconverter/endpoints.go
deleted file mode 100644
index 78ebe95e2d47..000000000000
--- a/agent/xds/proxystateconverter/endpoints.go
+++ /dev/null
@@ -1,671 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package proxystateconverter
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/hashicorp/consul/agent/connect"
-	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/response"
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"github.com/hashicorp/go-bexpr"
-
-	"google.golang.org/protobuf/types/known/wrapperspb"
-)
-
-func makeLbEndpoint(addr string, port int, health pbproxystate.HealthStatus, weight int) *pbproxystate.Endpoint {
-	ep := &pbproxystate.Endpoint{
-		Address: &pbproxystate.Endpoint_HostPort{
-			HostPort: &pbproxystate.HostPortAddress{
-				Host: addr,
-				Port: uint32(port),
-			},
-		},
-	}
-	ep.HealthStatus = health
-	ep.LoadBalancingWeight = &wrapperspb.UInt32Value{Value: uint32(weight)}
-	return ep
-}
-
-// endpointsFromSnapshot returns the mesh API representation of the "routes" in the snapshot.
-func (s *Converter) endpointsFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
-
-	if cfgSnap == nil {
-		return errors.New("nil config given")
-	}
-
-	switch cfgSnap.Kind {
-	case structs.ServiceKindConnectProxy:
-		return s.endpointsFromSnapshotConnectProxy(cfgSnap)
-	//case structs.ServiceKindTerminatingGateway:
-	//	return s.endpointsFromSnapshotTerminatingGateway(cfgSnap)
-	//case structs.ServiceKindMeshGateway:
-	//	return s.endpointsFromSnapshotMeshGateway(cfgSnap)
-	//case structs.ServiceKindIngressGateway:
-	//	return s.endpointsFromSnapshotIngressGateway(cfgSnap)
-	//case structs.ServiceKindAPIGateway:
-	//	return s.endpointsFromSnapshotAPIGateway(cfgSnap)
-	default:
-		return fmt.Errorf("Invalid service kind: %v", cfgSnap.Kind)
-	}
-}
-
-// endpointsFromSnapshotConnectProxy returns the xDS API representation of the "endpoints"
-// (upstream instances) in the snapshot.
-func (s *Converter) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) error {
-	eps := make(map[string]*pbproxystate.Endpoints)
-
-	// NOTE: Any time we skip a chain below we MUST also skip that discovery chain in clusters.go
-	// so that the sets of endpoints generated matches the sets of clusters.
-	for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
-		upstream, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
-		if skip {
-			// Discovery chain is not associated with a known explicit or implicit upstream so it is skipped.
-			continue
-		}
-
-		var upstreamConfigMap map[string]interface{}
-		if upstream != nil {
-			upstreamConfigMap = upstream.Config
-		}
-
-		es, err := s.endpointsFromDiscoveryChain(
-			uid,
-			chain,
-			cfgSnap,
-			cfgSnap.Locality,
-			upstreamConfigMap,
-			cfgSnap.ConnectProxy.WatchedUpstreamEndpoints[uid],
-			cfgSnap.ConnectProxy.WatchedGatewayEndpoints[uid],
-			false,
-		)
-		if err != nil {
-			return err
-		}
-
-		for clusterName, endpoints := range es {
-			eps[clusterName] = &pbproxystate.Endpoints{
-				Endpoints: endpoints,
-			}
-
-		}
-	}
-
-	// NOTE: Any time we skip an upstream below we MUST also skip that same
-	// upstream in clusters.go so that the sets of endpoints generated matches
-	// the sets of clusters.
-	for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() {
-		upstream, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
-		if skip {
-			// Discovery chain is not associated with a known explicit or implicit upstream so it is skipped.
-			continue
-		}
-
-		tbs, ok := cfgSnap.ConnectProxy.UpstreamPeerTrustBundles.Get(uid.Peer)
-		if !ok {
-			// this should never happen since we loop through upstreams with
-			// set trust bundles
-			return fmt.Errorf("trust bundle not ready for peer %s", uid.Peer)
-		}
-
-		clusterName := generatePeeredClusterName(uid, tbs)
-
-		mgwMode := structs.MeshGatewayModeDefault
-		if upstream != nil {
-			mgwMode = upstream.MeshGateway.Mode
-		}
-		peerServiceEndpoints, err := s.makeEndpointsForPeerService(cfgSnap, uid, mgwMode)
-		if err != nil {
-			return err
-		}
-
-		if peerServiceEndpoints != nil {
-			pbEndpoints := &pbproxystate.Endpoints{
-				Endpoints: peerServiceEndpoints,
-			}
-
-			eps[clusterName] = pbEndpoints
-		}
-	}
-
-	// Looping over explicit upstreams is only needed for prepared queries because they do not have discovery chains
-	for _, u := range cfgSnap.Proxy.Upstreams {
-		if u.DestinationType != structs.UpstreamDestTypePreparedQuery {
-			continue
-		}
-		uid := proxycfg.NewUpstreamID(&u)
-
-		dc := u.Datacenter
-		if dc == "" {
-			dc = cfgSnap.Datacenter
-		}
-		clusterName := connect.UpstreamSNI(&u, "", dc, cfgSnap.Roots.TrustDomain)
-
-		endpoints, ok := cfgSnap.ConnectProxy.PreparedQueryEndpoints[uid]
-		if ok {
-			epts := makeEndpointsForLoadAssignment(
-				cfgSnap,
-				nil,
-				[]loadAssignmentEndpointGroup{
-					{Endpoints: endpoints},
-				},
-				cfgSnap.Locality,
-			)
-			pbEndpoints := &pbproxystate.Endpoints{
-				Endpoints: epts,
-			}
-
-			eps[clusterName] = pbEndpoints
-		}
-	}
-
-	// Loop over potential destinations in the mesh, then grab the gateway nodes associated with each
-	cfgSnap.ConnectProxy.DestinationsUpstream.ForEachKey(func(uid proxycfg.UpstreamID) bool {
-		svcConfig, ok := cfgSnap.ConnectProxy.DestinationsUpstream.Get(uid)
-		if !ok || svcConfig.Destination == nil {
-			return true
-		}
-
-		for _, address := range svcConfig.Destination.Addresses {
-			clusterName := clusterNameForDestination(cfgSnap, uid.Name, address, uid.NamespaceOrDefault(), uid.PartitionOrDefault())
-
-			endpoints, ok := cfgSnap.ConnectProxy.DestinationGateways.Get(uid)
-			if ok {
-				epts := makeEndpointsForLoadAssignment(
-					cfgSnap,
-					nil,
-					[]loadAssignmentEndpointGroup{
-						{Endpoints: endpoints},
-					},
-					proxycfg.GatewayKey{ /*empty so it never matches*/ },
-				)
-				pbEndpoints := &pbproxystate.Endpoints{
-					Endpoints: epts,
-				}
-				eps[clusterName] = pbEndpoints
-			}
-		}
-
-		return true
-	})
-
-	s.proxyState.Endpoints = eps
-	return nil
-}
-
-func (s *Converter) makeEndpointsForPeerService(
-	cfgSnap *proxycfg.ConfigSnapshot,
-	uid proxycfg.UpstreamID,
-	upstreamGatewayMode structs.MeshGatewayMode,
-) ([]*pbproxystate.Endpoint, error) {
-	var eps []*pbproxystate.Endpoint
-
-	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
-	if err != nil {
-		return eps, err
-	}
-
-	if upstreamGatewayMode == structs.MeshGatewayModeNone {
-		s.Logger.Warn(fmt.Sprintf("invalid mesh gateway mode 'none', defaulting to 'remote' for %q", uid))
-	}
-
-	// If an upstream is configured with local mesh gw mode, we make a load assignment
-	// from the gateway endpoints instead of those of the upstreams.
-	if upstreamGatewayMode == structs.MeshGatewayModeLocal {
-		localGw, ok := cfgSnap.ConnectProxy.WatchedLocalGWEndpoints.Get(cfgSnap.Locality.String())
-		if !ok {
-			// local GW is not ready; return early
-			return eps, nil
-		}
-		eps = makeEndpointsForLoadAssignment(
-			cfgSnap,
-			nil,
-			[]loadAssignmentEndpointGroup{
-				{Endpoints: localGw},
-			},
-			cfgSnap.Locality,
-		)
-		return eps, nil
-	}
-
-	// Also skip peer instances with a hostname as their address. EDS
-	// cannot resolve hostnames, so we provide them through CDS instead.
-	if _, ok := upstreamsSnapshot.PeerUpstreamEndpointsUseHostnames[uid]; ok {
-		return eps, nil
-	}
-
-	endpoints, ok := upstreamsSnapshot.PeerUpstreamEndpoints.Get(uid)
-	if !ok {
-		return nil, nil
-	}
-	eps = makeEndpointsForLoadAssignment(
-		cfgSnap,
-		nil,
-		[]loadAssignmentEndpointGroup{
-			{Endpoints: endpoints},
-		},
-		proxycfg.GatewayKey{ /*empty so it never matches*/ },
-	)
-	return eps, nil
-}
-
-func (s *Converter) filterSubsetEndpoints(subset *structs.ServiceResolverSubset, endpoints structs.CheckServiceNodes) (structs.CheckServiceNodes, error) {
-	// locally execute the subsets filter
-	if subset.Filter != "" {
-		filter, err := bexpr.CreateFilter(subset.Filter, nil, endpoints)
-		if err != nil {
-			return nil, err
-		}
-
-		raw, err := filter.Execute(endpoints)
-		if err != nil {
-			return nil, err
-		}
-		return raw.(structs.CheckServiceNodes), nil
-	}
-	return endpoints, nil
-}
-
-// TODO(proxystate): Terminating Gateway will be added in the future.
-// Functions to add from agent/xds/endpoints.go:
-// func endpointsFromSnapshotTerminatingGateway
-
-// TODO(proxystate): Mesh Gateway will be added in the future.
-// Functions to add from agent/xds/endpoints.go:
-// func endpointsFromSnapshotMeshGateway
-
-// TODO(proxystate): Cluster Peering will be added in the future.
-// Functions to add from agent/xds/endpoints.go:
-// func makeEndpointsForOutgoingPeeredServices
-
-// TODO(proxystate): Mesh Gateway will be added in the future.
-// Functions to add from agent/xds/endpoints.go:
-// func endpointsFromServicesAndResolvers
-
-// TODO(proxystate): Mesh Gateway will be added in the future.
-// Functions to add from agent/xds/endpoints.go:
-// func makePeerServerEndpointsForMeshGateway
-
-// TODO(proxystate): Ingress Gateway will be added in the future.
-// Functions to add from agent/xds/endpoints.go:
-// func endpointsFromSnapshotIngressGateway
-
-// TODO(proxystate): API Gateway will be added in the future.
-// Functions to add from agent/xds/endpoints.go:
-// func endpointsFromSnapshotAPIGateway
-
-// used in clusters.go
-func makeHostPortEndpoint(host string, port int) *pbproxystate.Endpoint {
-	return &pbproxystate.Endpoint{
-		Address: &pbproxystate.Endpoint_HostPort{
-			HostPort: &pbproxystate.HostPortAddress{
-				Host: host,
-				Port: uint32(port),
-			},
-		},
-	}
-}
-
-func makeUnixSocketEndpoint(path string) *pbproxystate.Endpoint {
-	return &pbproxystate.Endpoint{
-		Address: &pbproxystate.Endpoint_UnixSocket{
-			UnixSocket: &pbproxystate.UnixSocketAddress{
-				Path: path,
-				// envoy's mode is particular to a pipe address and is uint32.
-				// it also says "The mode for the Pipe. Not applicable for abstract sockets."
-				// https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-pipe
-				Mode: "0",
-			},
-		},
-	}
-}
-
-func (s *Converter) makeUpstreamLoadAssignmentEndpointForPeerService(
-	cfgSnap *proxycfg.ConfigSnapshot,
-	uid proxycfg.UpstreamID,
-	upstreamGatewayMode structs.MeshGatewayMode,
-) ([]*pbproxystate.Endpoint, error) {
-	var eps []*pbproxystate.Endpoint
-
-	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
-	if err != nil {
-		return eps, err
-	}
-
-	if upstreamGatewayMode == structs.MeshGatewayModeNone {
-		s.Logger.Warn(fmt.Sprintf("invalid mesh gateway mode 'none', defaulting to 'remote' for %q", uid))
-	}
-
-	// If an upstream is configured with local mesh gw mode, we make a load assignment
-	// from the gateway endpoints instead of those of the upstreams.
-	if upstreamGatewayMode == structs.MeshGatewayModeLocal {
-		localGw, ok := cfgSnap.ConnectProxy.WatchedLocalGWEndpoints.Get(cfgSnap.Locality.String())
-		if !ok {
-			// local GW is not ready; return early
-			return eps, nil
-		}
-		eps = makeEndpointsForLoadAssignment(
-			cfgSnap,
-			nil,
-			[]loadAssignmentEndpointGroup{
-				{Endpoints: localGw},
-			},
-			cfgSnap.Locality,
-		)
-		return eps, nil
-	}
-
-	// Also skip peer instances with a hostname as their address. EDS
-	// cannot resolve hostnames, so we provide them through CDS instead.
-	if _, ok := upstreamsSnapshot.PeerUpstreamEndpointsUseHostnames[uid]; ok {
-		return eps, nil
-	}
-
-	endpoints, ok := upstreamsSnapshot.PeerUpstreamEndpoints.Get(uid)
-	if !ok {
-		return nil, nil
-	}
-	eps = makeEndpointsForLoadAssignment(
-		cfgSnap,
-		nil,
-		[]loadAssignmentEndpointGroup{
-			{Endpoints: endpoints},
-		},
-		proxycfg.GatewayKey{ /*empty so it never matches*/ },
-	)
-	return eps, nil
-}
-
-func (s *Converter) endpointsFromDiscoveryChain(
-	uid proxycfg.UpstreamID,
-	chain *structs.CompiledDiscoveryChain,
-	cfgSnap *proxycfg.ConfigSnapshot,
-	gatewayKey proxycfg.GatewayKey,
-	upstreamConfigMap map[string]interface{},
-	upstreamEndpoints map[string]structs.CheckServiceNodes,
-	gatewayEndpoints map[string]structs.CheckServiceNodes,
-	forMeshGateway bool,
-) (map[string][]*pbproxystate.Endpoint, error) {
-	if chain == nil {
-		if forMeshGateway {
-			return nil, fmt.Errorf("missing discovery chain for %s", uid)
-		}
-		return nil, nil
-	}
-
-	if upstreamConfigMap == nil {
-		upstreamConfigMap = make(map[string]interface{}) // TODO:needed?
-	}
-
-	clusterEndpoints := make(map[string][]*pbproxystate.Endpoint)
-
-	// TODO(proxystate): escape hatches will be implemented in the future
-	//var escapeHatchCluster *pbproxystate.Cluster
-	//if !forMeshGateway {
-
-	//cfg, err := structs.ParseUpstreamConfigNoDefaults(upstreamConfigMap)
-	//if err != nil {
-	//	// Don't hard fail on a config typo, just warn. The parse func returns
-	//	// default config if there is an error so it's safe to continue.
-	//	s.Logger.Warn("failed to parse", "upstream", uid,
-	//		"error", err)
-	//}
-
-	//if cfg.EnvoyClusterJSON != "" {
-	//	if chain.Default {
-	//		// If you haven't done anything to setup the discovery chain, then
-	//		// you can use the envoy_cluster_json escape hatch.
-	//		escapeHatchCluster, err = makeClusterFromUserConfig(cfg.EnvoyClusterJSON)
-	//		if err != nil {
-	//			return ce, nil
-	//		}
-	//	} else {
-	//		s.Logger.Warn("ignoring escape hatch setting, because a discovery chain is configued for",
-	//			"discovery chain", chain.ServiceName, "upstream", uid,
-	//			"envoy_cluster_json", chain.ServiceName)
-	//	}
-	//}
-	//}
-
-	mgwMode := structs.MeshGatewayModeDefault
-	if upstream, _ := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta); upstream != nil {
-		mgwMode = upstream.MeshGateway.Mode
-	}
-
-	// Find all resolver nodes.
-	for _, node := range chain.Nodes {
-		switch {
-		case node == nil:
-			return nil, fmt.Errorf("impossible to process a nil node")
-		case node.Type != structs.DiscoveryGraphNodeTypeResolver:
-			continue
-		case node.Resolver == nil:
-			return nil, fmt.Errorf("impossible to process a non-resolver node")
-		}
-		rawUpstreamConfig, err := structs.ParseUpstreamConfigNoDefaults(upstreamConfigMap)
-		if err != nil {
-			return nil, err
-		}
-		upstreamConfig := finalizeUpstreamConfig(rawUpstreamConfig, chain, node.Resolver.ConnectTimeout)
-
-		mappedTargets, err := s.mapDiscoChainTargets(cfgSnap, chain, node, upstreamConfig, forMeshGateway)
-		if err != nil {
-			return nil, err
-		}
-
-		targetGroups, err := mappedTargets.groupedTargets()
-		if err != nil {
-			return nil, err
-		}
-
-		for _, groupedTarget := range targetGroups {
-			clusterName := groupedTarget.ClusterName
-			// TODO(proxystate): escape hatches will be implemented in the future
-			//if escapeHatchCluster != nil {
-			//	clusterName = escapeHatchCluster.Name
-			//}
-			switch len(groupedTarget.Targets) {
-			case 0:
-				continue
-			case 1:
-				// We expect one target so this passes through to continue setting the load assignment up.
-			default:
-				return nil, fmt.Errorf("cannot have more than one target")
-			}
-			ti := groupedTarget.Targets[0]
-			s.Logger.Debug("generating endpoints for", "cluster", clusterName, "targetID", ti.TargetID)
-			targetUID := proxycfg.NewUpstreamIDFromTargetID(ti.TargetID)
-			if targetUID.Peer != "" {
-				peerServiceEndpoints, err := s.makeEndpointsForPeerService(cfgSnap, targetUID, mgwMode)
-				if err != nil {
-					return nil, err
-				}
-				if peerServiceEndpoints != nil {
-					clusterEndpoints[clusterName] = peerServiceEndpoints
-				}
-				continue
-			}
-
-			endpointGroup, valid := makeLoadAssignmentEndpointGroup(
-				chain.Targets,
-				upstreamEndpoints,
-				gatewayEndpoints,
-				ti.TargetID,
-				gatewayKey,
-				forMeshGateway,
-			)
-			if !valid {
-				continue // skip the cluster if we're still populating the snapshot
-			}
-
-			epts := makeEndpointsForLoadAssignment(
-				cfgSnap,
-				ti.PrioritizeByLocality,
-				[]loadAssignmentEndpointGroup{endpointGroup},
-				gatewayKey,
-			)
-			clusterEndpoints[clusterName] = epts
-		}
-	}
-
-	return clusterEndpoints, nil
-}
-
-// TODO(proxystate): Mesh Gateway will be added in the future.
-// Functions to add from agent/xds/endpoints.go:
-// func makeExportedUpstreamEndpointsForMeshGateway
-
-type loadAssignmentEndpointGroup struct {
-	Endpoints      structs.CheckServiceNodes
-	OnlyPassing    bool
-	OverrideHealth pbproxystate.HealthStatus
-}
-
-func makeEndpointsForLoadAssignment(cfgSnap *proxycfg.ConfigSnapshot,
-	policy *structs.DiscoveryPrioritizeByLocality,
-	endpointGroups []loadAssignmentEndpointGroup,
-	localKey proxycfg.GatewayKey) []*pbproxystate.Endpoint {
-	pbEndpoints := make([]*pbproxystate.Endpoint, 0, len(endpointGroups))
-
-	// TODO(proxystate): this will be added with property overrides having golden files with this
-	//if len(endpointGroups) > 1 {
-	//	cla.Policy = &envoy_endpoint_v3.ClusterLoadAssignment_Policy{
-	//		// We choose such a large value here that the failover math should
-	//		// in effect not happen until zero instances are healthy.
-	//		OverprovisioningFactor: response.MakeUint32Value(100000),
-	//	}
-	//}
-
-	var priority uint32
-
-	for _, endpointGroup := range endpointGroups {
-		endpointsByLocality, err := groupedEndpoints(cfgSnap.ServiceLocality, policy, endpointGroup.Endpoints)
-
-		if err != nil {
-			continue
-		}
-
-		for _, endpoints := range endpointsByLocality {
-			for _, ep := range endpoints {
-				// TODO (mesh-gateway) - should we respect the translate_wan_addrs configuration here or just always use the wan for cross-dc?
-				_, addr, port := ep.BestAddress(!localKey.Matches(ep.Node.Datacenter, ep.Node.PartitionOrDefault()))
-				healthStatus, weight := calculateEndpointHealthAndWeight(ep, endpointGroup.OnlyPassing)
-
-				if endpointGroup.OverrideHealth != pbproxystate.HealthStatus_HEALTH_STATUS_UNKNOWN {
-					healthStatus = endpointGroup.OverrideHealth
-				}
-
-				endpoint := makeHostPortEndpoint(addr, port)
-				endpoint.HealthStatus = healthStatus
-				endpoint.LoadBalancingWeight = response.MakeUint32Value(weight)
-
-				pbEndpoints = append(pbEndpoints, endpoint)
-			}
-
-			// TODO(proxystate): what do we do about priority downstream?
-			//cla.Endpoints = append(cla.Endpoints, &envoy_endpoint_v3.LocalityLbEndpoints{
-			//	Priority:    priority,
-			//	LbEndpoints: es,
-			//})
-
-			priority++
-		}
-	}
-
-	return pbEndpoints
-}
-
-func makeLoadAssignmentEndpointGroup(
-	targets map[string]*structs.DiscoveryTarget,
-	targetHealth map[string]structs.CheckServiceNodes,
-	gatewayHealth map[string]structs.CheckServiceNodes,
-	targetID string,
-	localKey proxycfg.GatewayKey,
-	forMeshGateway bool,
-) (loadAssignmentEndpointGroup, bool) {
-	realEndpoints, ok := targetHealth[targetID]
-	if !ok {
-		// skip the cluster if we're still populating the snapshot
-		return loadAssignmentEndpointGroup{}, false
-	}
-	target := targets[targetID]
-
-	var gatewayKey proxycfg.GatewayKey
-
-	switch target.MeshGateway.Mode {
-	case structs.MeshGatewayModeRemote:
-		gatewayKey.Datacenter = target.Datacenter
-		gatewayKey.Partition = target.Partition
-	case structs.MeshGatewayModeLocal:
-		gatewayKey = localKey
-	}
-
-	if forMeshGateway || gatewayKey.IsEmpty() || localKey.Matches(target.Datacenter, target.Partition) {
-		// Gateways are not needed if the request isn't for a remote DC or partition.
-		return loadAssignmentEndpointGroup{
-			Endpoints:   realEndpoints,
-			OnlyPassing: target.Subset.OnlyPassing,
-		}, true
-	}
-
-	// If using a mesh gateway we need to pull those endpoints instead.
-	gatewayEndpoints, ok := gatewayHealth[gatewayKey.String()]
-	if !ok {
-		// skip the cluster if we're still populating the snapshot
-		return loadAssignmentEndpointGroup{}, false
-	}
-
-	// But we will use the health from the actual backend service.
-	overallHealth := pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
-	for _, ep := range realEndpoints {
-		health, _ := calculateEndpointHealthAndWeight(ep, target.Subset.OnlyPassing)
-		if health == pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY {
-			overallHealth = pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY
-			break
-		}
-	}
-
-	return loadAssignmentEndpointGroup{
-		Endpoints:      gatewayEndpoints,
-		OverrideHealth: overallHealth,
-	}, true
-}
-
-func calculateEndpointHealthAndWeight(
-	ep structs.CheckServiceNode,
-	onlyPassing bool,
-) (pbproxystate.HealthStatus, int) {
-	healthStatus := pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY
-	weight := 1
-	if ep.Service.Weights != nil {
-		weight = ep.Service.Weights.Passing
-	}
-
-	for _, chk := range ep.Checks {
-		if chk.Status == api.HealthCritical {
-			healthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
-		}
-		if onlyPassing && chk.Status != api.HealthPassing {
-			healthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
-		}
-		if chk.Status == api.HealthWarning && ep.Service.Weights != nil {
-			weight = ep.Service.Weights.Warning
-		}
-	}
-	// Make weights fit Envoy's limits. A zero weight means that either Warning
-	// (likely) or Passing (weirdly) weight has been set to 0 effectively making
-	// this instance unhealthy and should not be sent traffic.
-	if weight < 1 {
-		healthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
-		weight = 1
-	}
-	if weight > 128 {
-		weight = 128
-	}
-	return healthStatus, weight
-}
diff --git a/agent/xds/proxystateconverter/failover_policy.go b/agent/xds/proxystateconverter/failover_policy.go
deleted file mode 100644
index 6ae120eaf941..000000000000
--- a/agent/xds/proxystateconverter/failover_policy.go
+++ /dev/null
@@ -1,158 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package proxystateconverter
-
-import (
-	"fmt"
-
-	"github.com/hashicorp/consul/agent/connect"
-	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-)
-
-type discoChainTargets struct {
-	baseClusterName string
-	targets         []targetInfo
-	failover        bool
-	failoverPolicy  structs.ServiceResolverFailoverPolicy
-}
-
-type targetInfo struct {
-	TargetID        string
-	TransportSocket *pbproxystate.TransportSocket
-	SNI             string
-	RootPEMs        string
-	SpiffeIDs       []string
-	Region          *string
-
-	PrioritizeByLocality *structs.DiscoveryPrioritizeByLocality
-}
-
-type discoChainTargetGroup struct {
-	Targets     []targetInfo
-	ClusterName string
-}
-
-func (ft discoChainTargets) groupedTargets() ([]discoChainTargetGroup, error) {
-	var targetGroups []discoChainTargetGroup
-
-	if !ft.failover {
-		targetGroups = append(targetGroups, discoChainTargetGroup{
-			ClusterName: ft.baseClusterName,
-			Targets:     ft.targets,
-		})
-		return targetGroups, nil
-	}
-
-	switch ft.failoverPolicy.Mode {
-	case "sequential", "":
-		return ft.sequential()
-	case "order-by-locality":
-		return ft.orderByLocality()
-	default:
-		return targetGroups, fmt.Errorf("unexpected failover policy")
-	}
-}
-
-func (s *Converter) mapDiscoChainTargets(cfgSnap *proxycfg.ConfigSnapshot, chain *structs.CompiledDiscoveryChain, node *structs.DiscoveryGraphNode, upstreamConfig structs.UpstreamConfig, forMeshGateway bool) (discoChainTargets, error) {
-	failoverTargets := discoChainTargets{}
-
-	if node.Resolver == nil {
-		return discoChainTargets{}, fmt.Errorf("impossible to process a non-resolver node")
-	}
-
-	primaryTargetID := node.Resolver.Target
-	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
-	if err != nil && !forMeshGateway {
-		return discoChainTargets{}, err
-	}
-
-	failoverTargets.baseClusterName = s.getTargetClusterName(upstreamsSnapshot, chain, primaryTargetID, forMeshGateway)
-
-	tids := []string{primaryTargetID}
-	failover := node.Resolver.Failover
-	if failover != nil && !forMeshGateway {
-		tids = append(tids, failover.Targets...)
-		failoverTargets.failover = true
-		if failover.Policy == nil {
-			failoverTargets.failoverPolicy = structs.ServiceResolverFailoverPolicy{}
-		} else {
-			failoverTargets.failoverPolicy = *failover.Policy
-		}
-	}
-
-	for _, tid := range tids {
-		target := chain.Targets[tid]
-		targetUID := proxycfg.NewUpstreamIDFromTargetID(tid)
-		ti := targetInfo{TargetID: tid, PrioritizeByLocality: target.PrioritizeByLocality}
-
-		configureTLS := true
-		if forMeshGateway {
-			// We only initiate TLS if we're doing an L7 proxy.
-			configureTLS = structs.IsProtocolHTTPLike(upstreamConfig.Protocol)
-		}
-
-		if !configureTLS {
-			failoverTargets.targets = append(failoverTargets.targets, ti)
-			continue
-		}
-
-		if targetUID.Peer != "" {
-			tbs, _ := upstreamsSnapshot.UpstreamPeerTrustBundles.Get(targetUID.Peer)
-
-			peerMeta, found := upstreamsSnapshot.UpstreamPeerMeta(targetUID)
-			if !found {
-				s.Logger.Warn("failed to fetch upstream peering metadata", "target", targetUID)
-				continue
-			}
-			ti.SNI = peerMeta.PrimarySNI()
-			ti.SpiffeIDs = peerMeta.SpiffeID
-			region := target.Locality.GetRegion()
-			ti.Region = &region
-			ti.RootPEMs = tbs.ConcatenatedRootPEMs()
-		} else {
-			ti.SNI = target.SNI
-			ti.RootPEMs = cfgSnap.RootPEMs()
-			ti.SpiffeIDs = []string{connect.SpiffeIDService{
-				Host:       cfgSnap.Roots.TrustDomain,
-				Namespace:  target.Namespace,
-				Partition:  target.Partition,
-				Datacenter: target.Datacenter,
-				Service:    target.Service,
-			}.URI().String()}
-		}
-		//commonTLSContext := makeCommonTLSContext(
-		//	cfgSnap.Leaf(),
-		//	rootPEMs,
-		//	makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()),
-		//)
-		//
-		//err := injectSANMatcher(commonTLSContext, spiffeIDs...)
-		//if err != nil {
-		//	return failoverTargets, fmt.Errorf("failed to inject SAN matcher rules for cluster %q: %v", sni, err)
-		//}
-
-		//tlsContext := &envoy_tls_v3.UpstreamTlsContext{
-		//	CommonTlsContext: commonTLSContext,
-		//	Sni:              sni,
-		//}
-		//ti.TLSContext = tlsContext
-		failoverTargets.targets = append(failoverTargets.targets, ti)
-	}
-
-	return failoverTargets, nil
-}
-
-func (ft discoChainTargets) sequential() ([]discoChainTargetGroup, error) {
-	var targetGroups []discoChainTargetGroup
-	for i, t := range ft.targets {
-		targetGroups = append(targetGroups, discoChainTargetGroup{
-			ClusterName: fmt.Sprintf("%s%d~%s", xdscommon.FailoverClusterNamePrefix, i, ft.baseClusterName),
-			Targets:     []targetInfo{t},
-		})
-	}
-	return targetGroups, nil
-}
diff --git a/agent/xds/proxystateconverter/failover_policy_ce.go b/agent/xds/proxystateconverter/failover_policy_ce.go
deleted file mode 100644
index a9b2ec24843c..000000000000
--- a/agent/xds/proxystateconverter/failover_policy_ce.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package proxystateconverter
-
-import (
-	"fmt"
-)
-
-func (ft discoChainTargets) orderByLocality() ([]discoChainTargetGroup, error) {
-	return nil, fmt.Errorf("order-by-locality is a Consul Enterprise feature")
-}
diff --git a/agent/xds/proxystateconverter/listeners.go b/agent/xds/proxystateconverter/listeners.go
deleted file mode 100644
index 7e21819260ee..000000000000
--- a/agent/xds/proxystateconverter/listeners.go
+++ /dev/null
@@ -1,1693 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package proxystateconverter
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"net/url"
-	"regexp"
-	"strconv"
-	"strings"
-	"time"
-
-	envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
-	"github.com/hashicorp/go-uuid"
-
-	"github.com/hashicorp/go-hclog"
-	"google.golang.org/protobuf/types/known/durationpb"
-	"google.golang.org/protobuf/types/known/wrapperspb"
-
-	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/agent/connect"
-	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/config"
-	"github.com/hashicorp/consul/agent/xds/naming"
-	"github.com/hashicorp/consul/agent/xds/platform"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"github.com/hashicorp/consul/sdk/iptables"
-	"github.com/hashicorp/consul/types"
-)
-
-// listenersFromSnapshot adds listeners to pbmesh.ProxyState using the config snapshot.
-func (s *Converter) listenersFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
-	if cfgSnap == nil {
-		return errors.New("nil config given")
-	}
-
-	switch cfgSnap.Kind {
-	case structs.ServiceKindConnectProxy:
-		return s.listenersFromSnapshotConnectProxy(cfgSnap)
-	case structs.ServiceKindTerminatingGateway,
-		structs.ServiceKindMeshGateway,
-		structs.ServiceKindIngressGateway,
-		structs.ServiceKindAPIGateway:
-		// TODO(proxystate): gateway support will be added in the future
-		//return s.listenersFromSnapshotGateway(cfgSnap)
-	default:
-		return fmt.Errorf("Invalid service kind: %v", cfgSnap.Kind)
-	}
-	return nil
-}
-
-// listenersFromSnapshotConnectProxy returns the "listeners" for a connect proxy service
-func (s *Converter) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) error {
-	// This is the list of listeners we add to. It will be empty to start.
-	listeners := s.proxyState.Listeners
-	var err error
-
-	// Configure inbound listener.
-	inboundListener, err := s.makeInboundListener(cfgSnap, xdscommon.PublicListenerName)
-	if err != nil {
-		return err
-	}
-	listeners = append(listeners, inboundListener)
-
-	// This outboundListener is exclusively used when transparent proxy mode is active.
-	// In that situation there is a single listener where we are redirecting outbound traffic,
-	// and each upstream gets a filter chain attached to that listener.
-	var outboundListener *pbproxystate.Listener
-
-	if cfgSnap.Proxy.Mode == structs.ProxyModeTransparent {
-		port := iptables.DefaultTProxyOutboundPort
-		if cfgSnap.Proxy.TransparentProxy.OutboundListenerPort != 0 {
-			port = cfgSnap.Proxy.TransparentProxy.OutboundListenerPort
-		}
-
-		opts := makeListenerOpts{
-			name: xdscommon.OutboundListenerName,
-			//accessLogs: cfgSnap.Proxy.AccessLogs,
-			addr:      "127.0.0.1",
-			port:      port,
-			direction: pbproxystate.Direction_DIRECTION_OUTBOUND,
-			logger:    s.Logger,
-		}
-		outboundListener = makeListener(opts)
-		if outboundListener.Capabilities == nil {
-			outboundListener.Capabilities = []pbproxystate.Capability{}
-		}
-		outboundListener.Capabilities = append(outboundListener.Capabilities, pbproxystate.Capability_CAPABILITY_TRANSPARENT)
-	}
-
-	// TODO(proxystate): tracing escape hatch will be added in the future. It will be added to the top level in proxystate, and used in xds generation.
-	//proxyCfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
-	//if err != nil {
-	//	// Don't hard fail on a config typo, just warn. The parse func returns
-	//	// default config if there is an error so it's safe to continue.
-	//	s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
-	//}
-	//var tracing *envoy_http_v3.HttpConnectionManager_Tracing
-	//if proxyCfg.ListenerTracingJSON != "" {
-	//	if tracing, err = makeTracingFromUserConfig(proxyCfg.ListenerTracingJSON); err != nil {
-	//		s.Logger.Warn("failed to parse ListenerTracingJSON config", "error", err)
-	//	}
-	//}
-
-	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
-	if err != nil {
-		return err
-	}
-
-	for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
-		upstreamCfg, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
-		if skip {
-			// Discovery chain is not associated with a known explicit or implicit upstream so it is skipped.
-			continue
-		}
-
-		cfg := s.getAndModifyUpstreamConfigForListener(uid, upstreamCfg, chain)
-
-		// If escape hatch is present, create a listener from it and move on to the next
-		if cfg.EnvoyListenerJSON != "" {
-			upstreamListener := &pbproxystate.Listener{
-				EscapeHatchListener: cfg.EnvoyListenerJSON,
-			}
-			listeners = append(listeners, upstreamListener)
-			continue
-		}
-
-		// RDS, Envoy's Route Discovery Service, is only used for HTTP services with a customized discovery chain.
-		useRDS := chain.Protocol != "tcp" && !chain.Default
-
-		var clusterName string
-		if !useRDS {
-			// When not using RDS we must generate a cluster name to attach to the filter chain.
-			// With RDS, cluster names get attached to the dynamic routes instead.
-			target, err := simpleChainTarget(chain)
-			if err != nil {
-				return err
-			}
-
-			clusterName = s.getTargetClusterName(upstreamsSnapshot, chain, target.ID, false)
-			if clusterName == "" {
-				continue
-			}
-		}
-
-		filterName := fmt.Sprintf("%s.%s.%s.%s", chain.ServiceName, chain.Namespace, chain.Partition, chain.Datacenter)
-
-		// Generate the upstream listeners for when they are explicitly set with a local bind port or socket path
-		if upstreamCfg != nil && upstreamCfg.HasLocalPortOrSocket() {
-			router, err := s.makeUpstreamRouter(routerOpts{
-				// TODO(proxystate): access logs and tracing will be added in the future.
-				//accessLogs:  &cfgSnap.Proxy.AccessLogs,
-				routeName:   uid.EnvoyID(),
-				clusterName: clusterName,
-				filterName:  filterName,
-				protocol:    cfg.Protocol,
-				useRDS:      useRDS,
-				//tracing:     tracing,
-			})
-			if err != nil {
-				return err
-			}
-
-			opts := makeListenerOpts{
-				name: uid.EnvoyID(),
-				//accessLogs: cfgSnap.Proxy.AccessLogs,
-				direction: pbproxystate.Direction_DIRECTION_OUTBOUND,
-				logger:    s.Logger,
-				upstream:  upstreamCfg,
-			}
-			upstreamListener := makeListener(opts)
-			upstreamListener.BalanceConnections = balanceConnections[cfg.BalanceOutboundConnections]
-
-			upstreamListener.Routers = append(upstreamListener.Routers, router)
-			listeners = append(listeners, upstreamListener)
-
-			// Avoid creating filter chains below for upstreams that have dedicated listeners
-			continue
-		}
-
-		// The rest of this loop is used exclusively for transparent proxies.
-		// Below we create a filter chain per upstream, rather than a listener per upstream
-		// as we do for explicit upstreams above.
-
-		upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
-			//accessLogs:  &cfgSnap.Proxy.AccessLogs,
-			routeName:   uid.EnvoyID(),
-			clusterName: clusterName,
-			filterName:  filterName,
-			protocol:    cfg.Protocol,
-			useRDS:      useRDS,
-			//tracing:     tracing,
-		})
-		if err != nil {
-			return err
-		}
-
-		endpoints := cfgSnap.ConnectProxy.WatchedUpstreamEndpoints[uid][chain.ID()]
-		uniqueAddrs := make(map[string]struct{})
-
-		if chain.Partition == cfgSnap.ProxyID.PartitionOrDefault() {
-			for _, ip := range chain.AutoVirtualIPs {
-				uniqueAddrs[ip] = struct{}{}
-			}
-			for _, ip := range chain.ManualVirtualIPs {
-				uniqueAddrs[ip] = struct{}{}
-			}
-		}
-
-		// Match on the virtual IP for the upstream service (identified by the chain's ID).
-		// We do not match on all endpoints here since it would lead to load balancing across
-		// all instances when any instance address is dialed.
-		for _, e := range endpoints {
-			if e.Service.Kind == structs.ServiceKind(structs.TerminatingGateway) {
-				key := structs.ServiceGatewayVirtualIPTag(chain.CompoundServiceName())
-
-				if vip := e.Service.TaggedAddresses[key]; vip.Address != "" {
-					uniqueAddrs[vip.Address] = struct{}{}
-				}
-
-				continue
-			}
-			if vip := e.Service.TaggedAddresses[structs.TaggedAddressVirtualIP]; vip.Address != "" {
-				uniqueAddrs[vip.Address] = struct{}{}
-			}
-
-			// The virtualIPTag is used by consul-k8s to store the ClusterIP for a service.
-			// We only match on this virtual IP if the upstream is in the proxy's partition.
-			// This is because the IP is not guaranteed to be unique across k8s clusters.
-			if acl.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) {
-				if vip := e.Service.TaggedAddresses[naming.VirtualIPTag]; vip.Address != "" {
-					uniqueAddrs[vip.Address] = struct{}{}
-				}
-			}
-		}
-		if len(uniqueAddrs) > 2 {
-			s.Logger.Debug("detected multiple virtual IPs for an upstream, all will be used to match traffic",
-				"upstream", uid, "ip_count", len(uniqueAddrs))
-		}
-
-		// For every potential address we collected, create the appropriate address prefix to match on.
-		// In this case we are matching on exact addresses, so the prefix is the address itself,
-		// and the prefix length is based on whether it's IPv4 or IPv6.
-		upstreamRouter.Match = makeRouterMatchFromAddrs(uniqueAddrs)
-
-		// Only attach the filter chain if there are addresses to match on
-		if upstreamRouter.Match != nil && len(upstreamRouter.Match.PrefixRanges) > 0 {
-			outboundListener.Routers = append(outboundListener.Routers, upstreamRouter)
-		}
-	}
-	requiresTLSInspector := false
-	requiresHTTPInspector := false
-
-	configuredPorts := make(map[int]interface{})
-	err = cfgSnap.ConnectProxy.DestinationsUpstream.ForEachKeyE(func(uid proxycfg.UpstreamID) error {
-		svcConfig, ok := cfgSnap.ConnectProxy.DestinationsUpstream.Get(uid)
-		if !ok || svcConfig == nil {
-			return nil
-		}
-
-		if structs.IsProtocolHTTPLike(svcConfig.Protocol) {
-			if _, ok := configuredPorts[svcConfig.Destination.Port]; ok {
-				return nil
-			}
-			configuredPorts[svcConfig.Destination.Port] = struct{}{}
-			const name = "~http" // name used for the shared route name
-			routeName := clusterNameForDestination(cfgSnap, name, fmt.Sprintf("%d", svcConfig.Destination.Port), svcConfig.NamespaceOrDefault(), svcConfig.PartitionOrDefault())
-			upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
-				//accessLogs: &cfgSnap.Proxy.AccessLogs,
-				routeName:  routeName,
-				filterName: routeName,
-				protocol:   svcConfig.Protocol,
-				useRDS:     true,
-				//tracing:    tracing,
-			})
-			if err != nil {
-				return err
-			}
-			upstreamRouter.Match = makeRouterMatchFromAddressWithPort("", svcConfig.Destination.Port)
-			outboundListener.Routers = append(outboundListener.Routers, upstreamRouter)
-			requiresHTTPInspector = true
-		} else {
-			for _, address := range svcConfig.Destination.Addresses {
-				clusterName := clusterNameForDestination(cfgSnap, uid.Name, address, uid.NamespaceOrDefault(), uid.PartitionOrDefault())
-
-				upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
-					//accessLogs:  &cfgSnap.Proxy.AccessLogs,
-					routeName:   uid.EnvoyID(),
-					clusterName: clusterName,
-					filterName:  clusterName,
-					protocol:    svcConfig.Protocol,
-					//tracing:     tracing,
-				})
-				if err != nil {
-					return err
-				}
-
-				upstreamRouter.Match = makeRouterMatchFromAddressWithPort(address, svcConfig.Destination.Port)
-				outboundListener.Routers = append(outboundListener.Routers, upstreamRouter)
-
-				requiresTLSInspector = len(upstreamRouter.Match.ServerNames) != 0 || requiresTLSInspector
-			}
-		}
-		return nil
-	})
-	if err != nil {
-		return err
-	}
-
-	if requiresTLSInspector {
-		outboundListener.Capabilities = append(outboundListener.Capabilities, pbproxystate.Capability_CAPABILITY_L4_TLS_INSPECTION)
-	}
-
-	if requiresHTTPInspector {
-		outboundListener.Capabilities = append(outboundListener.Capabilities, pbproxystate.Capability_CAPABILITY_L7_PROTOCOL_INSPECTION)
-	}
-
-	// Looping over explicit and implicit upstreams is only needed for cross-peer
-	// because they do not have discovery chains.
-	for _, uid := range cfgSnap.ConnectProxy.PeeredUpstreamIDs() {
-		upstreamCfg, skip := cfgSnap.ConnectProxy.GetUpstream(uid, &cfgSnap.ProxyID.EnterpriseMeta)
-		if skip {
-			// Not associated with a known explicit or implicit upstream so it is skipped.
-			continue
-		}
-
-		peerMeta, found := cfgSnap.ConnectProxy.UpstreamPeerMeta(uid)
-		if !found {
-			s.Logger.Warn("failed to fetch upstream peering metadata for listener", "uid", uid)
-		}
-		cfg := s.getAndModifyUpstreamConfigForPeeredListener(uid, upstreamCfg, peerMeta)
-
-		// If escape hatch is present, create a listener from it and move on to the next
-		if cfg.EnvoyListenerJSON != "" {
-			upstreamListener := &pbproxystate.Listener{
-				EscapeHatchListener: cfg.EnvoyListenerJSON,
-			}
-			listeners = append(listeners, upstreamListener)
-			continue
-		}
-
-		tbs, ok := cfgSnap.ConnectProxy.UpstreamPeerTrustBundles.Get(uid.Peer)
-		if !ok {
-			// this should never happen since we loop through upstreams with
-			// set trust bundles
-			return fmt.Errorf("trust bundle not ready for peer %s", uid.Peer)
-		}
-
-		clusterName := generatePeeredClusterName(uid, tbs)
-
-		// Generate the upstream listeners for when they are explicitly set with a local bind port or socket path
-		if upstreamCfg != nil && upstreamCfg.HasLocalPortOrSocket() {
-			upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
-				//accessLogs:  &cfgSnap.Proxy.AccessLogs,
-				clusterName: clusterName,
-				filterName: fmt.Sprintf("%s.%s.%s",
-					upstreamCfg.DestinationName,
-					upstreamCfg.DestinationNamespace,
-					upstreamCfg.DestinationPeer),
-				routeName:  uid.EnvoyID(),
-				protocol:   cfg.Protocol,
-				useRDS:     false,
-				statPrefix: "upstream_peered.",
-			})
-			if err != nil {
-				return err
-			}
-
-			opts := makeListenerOpts{
-				name: uid.EnvoyID(),
-				//accessLogs: cfgSnap.Proxy.AccessLogs,
-				direction: pbproxystate.Direction_DIRECTION_OUTBOUND,
-				logger:    s.Logger,
-				upstream:  upstreamCfg,
-			}
-			upstreamListener := makeListener(opts)
-			upstreamListener.BalanceConnections = balanceConnections[cfg.BalanceOutboundConnections]
-
-			upstreamListener.Routers = []*pbproxystate.Router{
-				upstreamRouter,
-			}
-			listeners = append(listeners, upstreamListener)
-
-			// Avoid creating filter chains below for upstreams that have dedicated listeners
-			continue
-		}
-
-		// The rest of this loop is used exclusively for transparent proxies.
-		// Below we create a filter chain per upstream, rather than a listener per upstream
-		// as we do for explicit upstreams above.
-
-		upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
-			//accessLogs:  &cfgSnap.Proxy.AccessLogs,
-			routeName:   uid.EnvoyID(),
-			clusterName: clusterName,
-			filterName: fmt.Sprintf("%s.%s.%s",
-				uid.Name,
-				uid.NamespaceOrDefault(),
-				uid.Peer),
-			protocol:   cfg.Protocol,
-			useRDS:     false,
-			statPrefix: "upstream_peered.",
-			//tracing:    tracing,
-		})
-		if err != nil {
-			return err
-		}
-
-		endpoints, _ := cfgSnap.ConnectProxy.PeerUpstreamEndpoints.Get(uid)
-		uniqueAddrs := make(map[string]struct{})
-
-		// Match on the virtual IP for the upstream service (identified by the chain's ID).
-		// We do not match on all endpoints here since it would lead to load balancing across
-		// all instances when any instance address is dialed.
-		for _, e := range endpoints {
-			if vip := e.Service.TaggedAddresses[structs.TaggedAddressVirtualIP]; vip.Address != "" {
-				uniqueAddrs[vip.Address] = struct{}{}
-			}
-
-			// The virtualIPTag is used by consul-k8s to store the ClusterIP for a service.
-			// For services imported from a peer,the partition will be equal in all cases.
-			if acl.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) {
-				if vip := e.Service.TaggedAddresses[naming.VirtualIPTag]; vip.Address != "" {
-					uniqueAddrs[vip.Address] = struct{}{}
-				}
-			}
-		}
-		if len(uniqueAddrs) > 2 {
-			s.Logger.Debug("detected multiple virtual IPs for an upstream, all will be used to match traffic",
-				"upstream", uid, "ip_count", len(uniqueAddrs))
-		}
-
-		// For every potential address we collected, create the appropriate address prefix to match on.
-		// In this case we are matching on exact addresses, so the prefix is the address itself,
-		// and the prefix length is based on whether it's IPv4 or IPv6.
-		upstreamRouter.Match = makeRouterMatchFromAddrs(uniqueAddrs)
-
-		// Only attach the filter chain if there are addresses to match on
-		if upstreamRouter.Match != nil && len(upstreamRouter.Match.PrefixRanges) > 0 {
-			outboundListener.Routers = append(outboundListener.Routers, upstreamRouter)
-		}
-
-	}
-
-	if outboundListener != nil {
-		// Add a passthrough for every mesh endpoint that can be dialed directly,
-		// as opposed to via a virtual IP.
-		var passthroughRouters []*pbproxystate.Router
-
-		for _, targets := range cfgSnap.ConnectProxy.PassthroughUpstreams {
-			for tid, addrs := range targets {
-				uid := proxycfg.NewUpstreamIDFromTargetID(tid)
-
-				sni := connect.ServiceSNI(
-					uid.Name, "", uid.NamespaceOrDefault(), uid.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
-
-				routerName := fmt.Sprintf("%s.%s.%s.%s", uid.Name, uid.NamespaceOrDefault(), uid.PartitionOrDefault(), cfgSnap.Datacenter)
-
-				upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
-					//accessLogs:  &cfgSnap.Proxy.AccessLogs,
-					clusterName: "passthrough~" + sni,
-					filterName:  routerName,
-					protocol:    "tcp",
-				})
-				if err != nil {
-					return err
-				}
-				upstreamRouter.Match = makeRouterMatchFromAddrs(addrs)
-
-				passthroughRouters = append(passthroughRouters, upstreamRouter)
-			}
-		}
-
-		outboundListener.Routers = append(outboundListener.Routers, passthroughRouters...)
-
-		// Add a catch-all filter chain that acts as a TCP proxy to destinations outside the mesh
-		if meshConf := cfgSnap.MeshConfig(); meshConf == nil ||
-			!meshConf.TransparentProxy.MeshDestinationsOnly {
-
-			upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
-				//accessLogs:  &cfgSnap.Proxy.AccessLogs,
-				clusterName: naming.OriginalDestinationClusterName,
-				filterName:  naming.OriginalDestinationClusterName,
-				protocol:    "tcp",
-			})
-			if err != nil {
-				return err
-			}
-			outboundListener.DefaultRouter = upstreamRouter
-		}
-
-		// Only add the outbound listener if configured.
-		if len(outboundListener.Routers) > 0 || outboundListener.DefaultRouter != nil {
-			listeners = append(listeners, outboundListener)
-
-		}
-	}
-
-	// Looping over explicit upstreams is only needed for prepared queries because they do not have discovery chains
-	for uid, u := range cfgSnap.ConnectProxy.UpstreamConfig {
-		if u.DestinationType != structs.UpstreamDestTypePreparedQuery {
-			continue
-		}
-
-		cfg, err := structs.ParseUpstreamConfig(u.Config)
-		if err != nil {
-			// Don't hard fail on a config typo, just warn. The parse func returns
-			// default config if there is an error so it's safe to continue.
-			s.Logger.Warn("failed to parse", "upstream", uid, "error", err)
-		}
-
-		// If escape hatch is present, create a listener from it and move on to the next
-		if cfg.EnvoyListenerJSON != "" {
-			upstreamListener := &pbproxystate.Listener{
-				EscapeHatchListener: cfg.EnvoyListenerJSON,
-			}
-			listeners = append(listeners, upstreamListener)
-			continue
-		}
-
-		opts := makeListenerOpts{
-			name: uid.EnvoyID(),
-			//accessLogs: cfgSnap.Proxy.AccessLogs,
-			direction: pbproxystate.Direction_DIRECTION_OUTBOUND,
-			logger:    s.Logger,
-			upstream:  u,
-		}
-		upstreamListener := makeListener(opts)
-		upstreamListener.BalanceConnections = balanceConnections[cfg.BalanceOutboundConnections]
-
-		upstreamRouter, err := s.makeUpstreamRouter(routerOpts{
-			// TODO (SNI partition) add partition for upstream SNI
-			//accessLogs:  &cfgSnap.Proxy.AccessLogs,
-			clusterName: connect.UpstreamSNI(u, "", cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain),
-			filterName:  uid.EnvoyID(),
-			routeName:   uid.EnvoyID(),
-			protocol:    cfg.Protocol,
-			//tracing:     tracing,
-		})
-		if err != nil {
-			return err
-		}
-		upstreamListener.Routers = []*pbproxystate.Router{
-			upstreamRouter,
-		}
-		listeners = append(listeners, upstreamListener)
-	}
-
-	cfgSnap.Proxy.Expose.Finalize()
-	paths := cfgSnap.Proxy.Expose.Paths
-
-	// Add service health checks to the list of paths to create listeners for if needed
-	if cfgSnap.Proxy.Expose.Checks {
-		psid := structs.NewServiceID(cfgSnap.Proxy.DestinationServiceID, &cfgSnap.ProxyID.EnterpriseMeta)
-		for _, check := range cfgSnap.ConnectProxy.WatchedServiceChecks[psid] {
-			p, err := parseCheckPath(check)
-			if err != nil {
-				s.Logger.Warn("failed to create listener for", "check", check.CheckID, "error", err)
-				continue
-			}
-			paths = append(paths, p)
-		}
-	}
-
-	// Configure additional listener for exposed check paths
-	for _, path := range paths {
-		clusterName := xdscommon.LocalAppClusterName
-		if path.LocalPathPort != cfgSnap.Proxy.LocalServicePort {
-			clusterName = makeExposeClusterName(path.LocalPathPort)
-		}
-
-		l, err := s.makeExposedCheckListener(cfgSnap, clusterName, path)
-		if err != nil {
-			return err
-		}
-		listeners = append(listeners, l)
-	}
-
-	// Set listeners on the proxy state.
-	s.proxyState.Listeners = listeners
-
-	return nil
-}
-
-func makeRouterMatchFromAddrs(addrs map[string]struct{}) *pbproxystate.Match {
-	ranges := make([]*pbproxystate.CidrRange, 0)
-
-	for addr := range addrs {
-		ip := net.ParseIP(addr)
-		if ip == nil {
-			continue
-		}
-
-		pfxLen := uint32(32)
-		if ip.To4() == nil {
-			pfxLen = 128
-		}
-		ranges = append(ranges, &pbproxystate.CidrRange{
-			AddressPrefix: addr,
-			PrefixLen:     &wrapperspb.UInt32Value{Value: pfxLen},
-		})
-	}
-
-	return &pbproxystate.Match{
-		PrefixRanges: ranges,
-	}
-}
-
-func makeRouterMatchFromAddressWithPort(address string, port int) *pbproxystate.Match {
-	ranges := make([]*pbproxystate.CidrRange, 0)
-
-	ip := net.ParseIP(address)
-	if ip == nil {
-		if address != "" {
-			return &pbproxystate.Match{
-				ServerNames:     []string{address},
-				DestinationPort: &wrapperspb.UInt32Value{Value: uint32(port)},
-			}
-		}
-		return &pbproxystate.Match{
-			DestinationPort: &wrapperspb.UInt32Value{Value: uint32(port)},
-		}
-	}
-
-	pfxLen := uint32(32)
-	if ip.To4() == nil {
-		pfxLen = 128
-	}
-	ranges = append(ranges, &pbproxystate.CidrRange{
-		AddressPrefix: address,
-		PrefixLen:     &wrapperspb.UInt32Value{Value: pfxLen},
-	})
-
-	return &pbproxystate.Match{
-		PrefixRanges:    ranges,
-		DestinationPort: &wrapperspb.UInt32Value{Value: uint32(port)},
-	}
-}
-
-func parseCheckPath(check structs.CheckType) (structs.ExposePath, error) {
-	var path structs.ExposePath
-
-	if check.HTTP != "" {
-		path.Protocol = "http"
-
-		// Get path and local port from original HTTP target
-		u, err := url.Parse(check.HTTP)
-		if err != nil {
-			return path, fmt.Errorf("failed to parse url '%s': %v", check.HTTP, err)
-		}
-		path.Path = u.Path
-
-		_, portStr, err := net.SplitHostPort(u.Host)
-		if err != nil {
-			return path, fmt.Errorf("failed to parse port from '%s': %v", check.HTTP, err)
-		}
-		path.LocalPathPort, err = strconv.Atoi(portStr)
-		if err != nil {
-			return path, fmt.Errorf("failed to parse port from '%s': %v", check.HTTP, err)
-		}
-
-		// Get listener port from proxied HTTP target
-		u, err = url.Parse(check.ProxyHTTP)
-		if err != nil {
-			return path, fmt.Errorf("failed to parse url '%s': %v", check.ProxyHTTP, err)
-		}
-
-		_, portStr, err = net.SplitHostPort(u.Host)
-		if err != nil {
-			return path, fmt.Errorf("failed to parse port from '%s': %v", check.ProxyHTTP, err)
-		}
-		path.ListenerPort, err = strconv.Atoi(portStr)
-		if err != nil {
-			return path, fmt.Errorf("failed to parse port from '%s': %v", check.ProxyHTTP, err)
-		}
-	}
-
-	if check.GRPC != "" {
-		path.Path = "/grpc.health.v1.Health/Check"
-		path.Protocol = "http2"
-
-		// Get local port from original GRPC target of the form: host/service
-		proxyServerAndService := strings.SplitN(check.GRPC, "/", 2)
-		_, portStr, err := net.SplitHostPort(proxyServerAndService[0])
-		if err != nil {
-			return path, fmt.Errorf("failed to split host/port from '%s': %v", check.GRPC, err)
-		}
-		path.LocalPathPort, err = strconv.Atoi(portStr)
-		if err != nil {
-			return path, fmt.Errorf("failed to parse port from '%s': %v", check.GRPC, err)
-		}
-
-		// Get listener port from proxied GRPC target of the form: host/service
-		proxyServerAndService = strings.SplitN(check.ProxyGRPC, "/", 2)
-		_, portStr, err = net.SplitHostPort(proxyServerAndService[0])
-		if err != nil {
-			return path, fmt.Errorf("failed to split host/port from '%s': %v", check.ProxyGRPC, err)
-		}
-		path.ListenerPort, err = strconv.Atoi(portStr)
-		if err != nil {
-			return path, fmt.Errorf("failed to parse port from '%s': %v", check.ProxyGRPC, err)
-		}
-	}
-
-	path.ParsedFromCheck = true
-
-	return path, nil
-}
-
-// TODO(proxystate): Gateway support will be added in the future.
-// Functions to add from agent/xds/listeners.go:
-// func listenersFromSnapshotGateway
-
-// makeListener returns a listener with name and bind details set. Routers and destinations
-// must be added before it's useful.
-//
-// Note on names: Envoy listeners attempt graceful transitions of connections
-// when their config changes but that means they can't have their bind address
-// or port changed in a running instance. Since our users might choose to change
-// a bind address or port for the public or upstream listeners, we need to
-// encode those into the unique name for the listener such that if the user
-// changes them, we actually create a whole new listener on the new address and
-// port. Envoy should take care of closing the old one once it sees it's no
-// longer in the config.
-type makeListenerOpts struct {
-	addr string
-	//accessLogs structs.AccessLogsConfig
-	logger    hclog.Logger
-	mode      string
-	name      string
-	path      string
-	port      int
-	direction pbproxystate.Direction
-	upstream  *structs.Upstream
-}
-
-func makeListener(opts makeListenerOpts) *pbproxystate.Listener {
-	if opts.upstream != nil && opts.upstream.LocalBindPort == 0 && opts.upstream.LocalBindSocketPath != "" {
-		opts.path = opts.upstream.LocalBindSocketPath
-		opts.mode = opts.upstream.LocalBindSocketMode
-		return makePipeListener(opts)
-	}
-	if opts.upstream != nil {
-		opts.port = opts.upstream.LocalBindPort
-		opts.addr = opts.upstream.LocalBindAddress
-		return makeListenerWithDefault(opts)
-	}
-
-	return makeListenerWithDefault(opts)
-}
-
-func makeListenerWithDefault(opts makeListenerOpts) *pbproxystate.Listener {
-	if opts.addr == "" {
-		opts.addr = "127.0.0.1"
-	}
-	// TODO(proxystate): Access logs will be added in the future. It will be added to top level IR, and used by xds code generation.
-	//accessLog, err := accesslogs.MakeAccessLogs(&opts.accessLogs, true)
-	//if err != nil && opts.logger != nil {
-	//	// Since access logging is non-essential for routing, warn and move on
-	//	opts.logger.Warn("error generating access log xds", err)
-	//}
-	return &pbproxystate.Listener{
-		Name: fmt.Sprintf("%s:%s:%d", opts.name, opts.addr, opts.port),
-		//AccessLog:        accessLog,
-		BindAddress: &pbproxystate.Listener_HostPort{
-			HostPort: &pbproxystate.HostPortAddress{
-				Host: opts.addr,
-				Port: uint32(opts.port),
-			},
-		},
-		Direction: opts.direction,
-	}
-}
-
-func makePipeListener(opts makeListenerOpts) *pbproxystate.Listener {
-	// TODO(proxystate): Access logs will be added in the future. It will be added to top level IR, and used by xds code generation.
-	//accessLog, err := accesslogs.MakeAccessLogs(&opts.accessLogs, true)
-	//if err != nil && opts.logger != nil {
-	//	// Since access logging is non-essential for routing, warn and move on
-	//	opts.logger.Warn("error generating access log xds", err)
-	//}
-	return &pbproxystate.Listener{
-		Name: fmt.Sprintf("%s:%s", opts.name, opts.path),
-		//AccessLog:        accessLog,
-		BindAddress: &pbproxystate.Listener_UnixSocket{
-			UnixSocket: &pbproxystate.UnixSocketAddress{Path: opts.path, Mode: opts.mode},
-		},
-		Direction: opts.direction,
-	}
-}
-
-// TODO(proxystate): Escape hatches will be added in the future.
-// Functions to add from agent/xds/listeners.go:
-// func makeListenerFromUserConfig
-
-// TODO(proxystate): Intentions will be added in the future
-// Functions to add from agent/xds/listeners.go:
-// func injectConnectFilters
-
-// TODO(proxystate): httpConnectionManager constants will need to be added when used for listeners L7 in the future.
-// Constants to add from agent/xds/listeners.go:
-// const httpConnectionManagerOldName
-// const httpConnectionManagerNewName
-
-// TODO(proxystate): Extracting RDS resource names will be used when wiring up xds v2 server in the future.
-// Functions to add from agent/xds/listeners.go:
-// func extractRdsResourceNames
-
-// TODO(proxystate): Intentions will be added in the future.
-// Functions to add from agent/xds/listeners.go:
-// func injectHTTPFilterOnFilterChains
-
-// NOTE: This method MUST only be used for connect proxy public listeners,
-// since TLS validation will be done against root certs for all peers
-// that might dial this proxy.
-func (s *Converter) injectConnectTLSForPublicListener(cfgSnap *proxycfg.ConfigSnapshot, listener *pbproxystate.Listener) error {
-	transportSocket, err := s.createInboundMeshMTLS(cfgSnap)
-	if err != nil {
-		return err
-	}
-
-	for idx := range listener.Routers {
-		listener.Routers[idx].InboundTls = transportSocket
-	}
-	return nil
-}
-
-func getAlpnProtocols(protocol string) []string {
-	var alpnProtocols []string
-
-	switch protocol {
-	case "grpc", "http2":
-		alpnProtocols = append(alpnProtocols, "h2", "http/1.1")
-	case "http":
-		alpnProtocols = append(alpnProtocols, "http/1.1")
-	}
-
-	return alpnProtocols
-}
-
-func (s *Converter) createInboundMeshMTLS(cfgSnap *proxycfg.ConfigSnapshot) (*pbproxystate.TransportSocket, error) {
-	switch cfgSnap.Kind {
-	case structs.ServiceKindConnectProxy:
-	case structs.ServiceKindMeshGateway:
-	default:
-		return nil, fmt.Errorf("cannot inject peering trust bundles for kind %q", cfgSnap.Kind)
-	}
-
-	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
-	if err != nil {
-		// Don't hard fail on a config typo, just warn. The parse func returns
-		// default config if there is an error so it's safe to continue.
-		s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
-	}
-
-	// Add all trust bundle peer names, including local.
-	trustBundlePeerNames := []string{"local"}
-	for _, tb := range cfgSnap.PeeringTrustBundles() {
-		trustBundlePeerNames = append(trustBundlePeerNames, tb.PeerName)
-	}
-	// Arbitrary UUID to reference the identity by.
-	uuid, err := uuid.GenerateUUID()
-	if err != nil {
-		return nil, err
-	}
-	// Create the transport socket
-	ts := &pbproxystate.TransportSocket{}
-	ts.ConnectionTls = &pbproxystate.TransportSocket_InboundMesh{
-		InboundMesh: &pbproxystate.InboundMeshMTLS{
-			IdentityKey: uuid,
-			ValidationContext: &pbproxystate.MeshInboundValidationContext{
-				TrustBundlePeerNameKeys: trustBundlePeerNames,
-			},
-		},
-	}
-	s.proxyState.LeafCertificates[uuid] = &pbproxystate.LeafCertificate{
-		Cert: cfgSnap.Leaf().CertPEM,
-		Key:  cfgSnap.Leaf().PrivateKeyPEM,
-	}
-	ts.TlsParameters = makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSIncoming())
-	ts.AlpnProtocols = getAlpnProtocols(cfg.Protocol)
-
-	return ts, nil
-}
-
-func (s *Converter) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot, name string) (*pbproxystate.Listener, error) {
-	l := &pbproxystate.Listener{}
-	l.Routers = make([]*pbproxystate.Router, 0)
-	var err error
-
-	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
-	if err != nil {
-		// Don't hard fail on a config typo, just warn. The parse func returns
-		// default config if there is an error so it's safe to continue.
-		s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
-	}
-
-	// This controls if we do L4 or L7 intention checks.
-	useHTTPFilter := structs.IsProtocolHTTPLike(cfg.Protocol)
-
-	// TODO(proxystate): Escape hatches will be added in the future. This one is a top level escape hatch.
-	// Generate and return custom public listener from config if one was provided.
-	//if cfg.PublicListenerJSON != "" {
-	//	l, err = makeListenerFromUserConfig(cfg.PublicListenerJSON)
-	//	if err != nil {
-	//		return nil, err
-	//	}
-	//
-	//	// For HTTP-like services attach an RBAC http filter and do a best-effort insert
-	//	if useHTTPFilter {
-	//		httpAuthzFilter, err := makeRBACHTTPFilter(
-	//			cfgSnap.ConnectProxy.Intentions,
-	//			cfgSnap.IntentionDefaultAllow,
-	//			rbacLocalInfo{
-	//				trustDomain: cfgSnap.Roots.TrustDomain,
-	//				datacenter:  cfgSnap.Datacenter,
-	//				partition:   cfgSnap.ProxyID.PartitionOrDefault(),
-	//			},
-	//			cfgSnap.ConnectProxy.InboundPeerTrustBundles,
-	//		)
-	//		if err != nil {
-	//			return nil, err
-	//		}
-	//
-	//		// Try our best to inject the HTTP RBAC filter.
-	//		if err := injectHTTPFilterOnFilterChains(l, httpAuthzFilter); err != nil {
-	//			s.Logger.Warn(
-	//				"could not inject the HTTP RBAC filter to enforce intentions on user-provided "+
-	//					"'envoy_public_listener_json' config; falling back on the RBAC network filter instead",
-	//				"proxy", cfgSnap.ProxyID,
-	//				"error", err,
-	//			)
-	//
-	//			// If we get an error inject the RBAC network filter instead.
-	//			useHTTPFilter = false
-	//		}
-	//	}
-	//
-	//	err := s.finalizePublicListenerFromConfig(l, cfgSnap, useHTTPFilter)
-	//	if err != nil {
-	//		return nil, fmt.Errorf("failed to attach Consul filters and TLS context to custom public listener: %v", err)
-	//	}
-	//	return l, nil
-	//}
-
-	// No JSON user config, use default listener address
-	// Default to listening on all addresses, but override with bind address if one is set.
-	addr := cfgSnap.Address
-	if addr == "" {
-		addr = "0.0.0.0"
-	}
-	if cfg.BindAddress != "" {
-		addr = cfg.BindAddress
-	}
-
-	// Override with bind port if one is set, otherwise default to
-	// proxy service's address
-	port := cfgSnap.Port
-	if cfg.BindPort != 0 {
-		port = cfg.BindPort
-	}
-
-	opts := makeListenerOpts{
-		name: name,
-		//accessLogs: cfgSnap.Proxy.AccessLogs,
-		addr:      addr,
-		port:      port,
-		direction: pbproxystate.Direction_DIRECTION_INBOUND,
-		logger:    s.Logger,
-	}
-	l = makeListener(opts)
-	l.BalanceConnections = balanceConnections[cfg.BalanceInboundConnections]
-
-	// TODO(proxystate): Escape hatches will be added in the future. This one is a top level escape hatch.
-	//var tracing *envoy_http_v3.HttpConnectionManager_Tracing
-	//if cfg.ListenerTracingJSON != "" {
-	//	if tracing, err = makeTracingFromUserConfig(cfg.ListenerTracingJSON); err != nil {
-	//		s.Logger.Warn("failed to parse ListenerTracingJSON config", "error", err)
-	//	}
-	//}
-
-	// make local app cluster router
-	localAppRouter := &pbproxystate.Router{}
-
-	destOpts := destinationOpts{
-		protocol:         cfg.Protocol,
-		filterName:       name,
-		routeName:        name,
-		cluster:          xdscommon.LocalAppClusterName,
-		requestTimeoutMs: cfg.LocalRequestTimeoutMs,
-		idleTimeoutMs:    cfg.LocalIdleTimeoutMs,
-		//tracing:          tracing,
-		//accessLogs:       &cfgSnap.Proxy.AccessLogs,
-		logger: s.Logger,
-	}
-
-	err = s.addRouterDestination(destOpts, localAppRouter)
-	if err != nil {
-		return nil, err
-	}
-
-	if useHTTPFilter {
-		l7Dest := localAppRouter.GetL7()
-		if l7Dest == nil {
-			return nil, fmt.Errorf("l7 destination on inbound listener should not be empty")
-		}
-		l7Dest.AddEmptyIntention = true
-
-		// TODO(proxystate): L7 Intentions and JWT Auth will be added in the future.
-		//jwtFilter, jwtFilterErr := makeJWTAuthFilter(cfgSnap.JWTProviders, cfgSnap.ConnectProxy.Intentions)
-		//if jwtFilterErr != nil {
-		//	return nil, jwtFilterErr
-		//}
-		//rbacFilter, err := makeRBACHTTPFilter(
-		//	cfgSnap.ConnectProxy.Intentions,
-		//	cfgSnap.IntentionDefaultAllow,
-		//	rbacLocalInfo{
-		//		trustDomain: cfgSnap.Roots.TrustDomain,
-		//		datacenter:  cfgSnap.Datacenter,
-		//		partition:   cfgSnap.ProxyID.PartitionOrDefault(),
-		//	},
-		//	cfgSnap.ConnectProxy.InboundPeerTrustBundles,
-		//)
-		//if err != nil {
-		//	return nil, err
-		//}
-		//
-		//filterOpts.httpAuthzFilters = []*envoy_http_v3.HttpFilter{rbacFilter}
-		//
-		//if jwtFilter != nil {
-		//	filterOpts.httpAuthzFilters = append(filterOpts.httpAuthzFilters, jwtFilter)
-		//}
-
-		meshConfig := cfgSnap.MeshConfig()
-		includeXFCC := meshConfig == nil || meshConfig.HTTP == nil || !meshConfig.HTTP.SanitizeXForwardedClientCert
-		l7Dest.IncludeXfcc = includeXFCC
-		l7Dest.Protocol = l7Protocols[cfg.Protocol]
-		if cfg.MaxInboundConnections > 0 {
-			l7Dest.MaxInboundConnections = uint64(cfg.MaxInboundConnections)
-		}
-	} else {
-		l4Dest := localAppRouter.GetL4()
-		if l4Dest == nil {
-			return nil, fmt.Errorf("l4 destination on inbound listener should not be empty")
-		}
-
-		if cfg.MaxInboundConnections > 0 {
-			l4Dest.MaxInboundConnections = uint64(cfg.MaxInboundConnections)
-		}
-
-		// TODO(proxystate): Intentions will be added to l4 destination in the future. This is currently done in finalizePublicListenerFromConfig.
-		l4Dest.AddEmptyIntention = true
-	}
-	l.Routers = append(l.Routers, localAppRouter)
-
-	err = s.finalizePublicListenerFromConfig(l, cfgSnap)
-	if err != nil {
-		return nil, fmt.Errorf("failed to attach Consul filters and TLS context to custom public listener: %v", err)
-	}
-
-	// When permissive mTLS mode is enabled, include an additional router
-	// that matches on the `destination_port == <service port>`. Traffic sent
-	// directly to the service port is passed through to the application
-	// unmodified.
-	if cfgSnap.Proxy.Mode == structs.ProxyModeTransparent &&
-		cfgSnap.Proxy.MutualTLSMode == structs.MutualTLSModePermissive {
-		router, err := makePermissiveRouter(cfgSnap, destOpts)
-		if err != nil {
-			return nil, fmt.Errorf("unable to add permissive mtls router: %w", err)
-		}
-		if router == nil {
-			s.Logger.Debug("no service port defined for service in permissive mTLS mode; not adding filter chain for non-mTLS traffic")
-		} else {
-			l.Routers = append(l.Routers, router)
-
-			// With tproxy, the REDIRECT iptables target rewrites the destination ip/port
-			// to the proxy ip/port (e.g. 127.0.0.1:20000) for incoming packets.
-			// We need the original_dst filter to recover the original destination address.
-			l.Capabilities = append(l.Capabilities, pbproxystate.Capability_CAPABILITY_TRANSPARENT)
-		}
-	}
-	return l, err
-}
-
-func makePermissiveRouter(cfgSnap *proxycfg.ConfigSnapshot, opts destinationOpts) (*pbproxystate.Router, error) {
-	servicePort := cfgSnap.Proxy.LocalServicePort
-	if servicePort <= 0 {
-		// No service port means the service does not accept incoming traffic, so
-		// the connect proxy does not need to listen for incoming non-mTLS traffic.
-		return nil, nil
-	}
-
-	opts.statPrefix += "permissive_"
-	dest, err := makeL4Destination(opts)
-	if err != nil {
-		return nil, err
-	}
-
-	router := &pbproxystate.Router{
-		Match: &pbproxystate.Match{
-			DestinationPort: &wrapperspb.UInt32Value{Value: uint32(servicePort)},
-		},
-		Destination: &pbproxystate.Router_L4{L4: dest},
-	}
-	return router, nil
-}
-
-// finalizePublicListenerFromConfig is used for best-effort injection of L4 intentions and TLS onto listeners.
-func (s *Converter) finalizePublicListenerFromConfig(l *pbproxystate.Listener, cfgSnap *proxycfg.ConfigSnapshot) error {
-	// TODO(proxystate): L4 intentions will be added in the future.
-	//if !useHTTPFilter {
-	//	// Best-effort injection of L4 intentions
-	//	if err := s.injectConnectFilters(cfgSnap, l); err != nil {
-	//		return nil
-	//	}
-	//}
-
-	// Always apply TLS certificates
-	if err := s.injectConnectTLSForPublicListener(cfgSnap, l); err != nil {
-		return nil
-	}
-
-	return nil
-}
-
-func (s *Converter) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSnapshot, cluster string, path structs.ExposePath) (*pbproxystate.Listener, error) {
-	cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config)
-	if err != nil {
-		// Don't hard fail on a config typo, just warn. The parse func returns
-		// default config if there is an error so it's safe to continue.
-		s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
-	}
-
-	// No user config, use default listener
-	addr := cfgSnap.Address
-
-	// Override with bind address if one is set, otherwise default to 0.0.0.0
-	if cfg.BindAddress != "" {
-		addr = cfg.BindAddress
-	} else if addr == "" {
-		addr = "0.0.0.0"
-	}
-
-	// Strip any special characters from path to make a valid and hopefully unique name
-	r := regexp.MustCompile(`[^a-zA-Z0-9]+`)
-	strippedPath := r.ReplaceAllString(path.Path, "")
-	listenerName := fmt.Sprintf("exposed_path_%s", strippedPath)
-
-	listenerOpts := makeListenerOpts{
-		name: listenerName,
-		//accessLogs: cfgSnap.Proxy.AccessLogs,
-		addr:      addr,
-		port:      path.ListenerPort,
-		direction: pbproxystate.Direction_DIRECTION_INBOUND,
-		logger:    s.Logger,
-	}
-	l := makeListener(listenerOpts)
-
-	filterName := fmt.Sprintf("exposed_path_filter_%s_%d", strippedPath, path.ListenerPort)
-
-	destOpts := destinationOpts{
-		useRDS:           false,
-		protocol:         path.Protocol,
-		filterName:       filterName,
-		routeName:        filterName,
-		cluster:          cluster,
-		statPrefix:       "",
-		routePath:        path.Path,
-		httpAuthzFilters: nil,
-		//accessLogs:       &cfgSnap.Proxy.AccessLogs,
-		logger: s.Logger,
-		// in the exposed check listener we don't set the tracing configuration
-	}
-
-	router := &pbproxystate.Router{}
-	err = s.addRouterDestination(destOpts, router)
-	if err != nil {
-		return nil, err
-	}
-
-	// For registered checks restrict traffic sources to localhost and Consul's advertise addr
-	if path.ParsedFromCheck {
-
-		// For the advertise addr we use a CidrRange that only matches one address
-		advertise := s.CfgFetcher.AdvertiseAddrLAN()
-
-		// Get prefix length based on whether address is ipv4 (32 bits) or ipv6 (128 bits)
-		advertiseLen := 32
-		ip := net.ParseIP(advertise)
-		if ip != nil && strings.Contains(advertise, ":") {
-			advertiseLen = 128
-		}
-
-		ranges := make([]*pbproxystate.CidrRange, 0, 3)
-		ranges = append(ranges,
-			&pbproxystate.CidrRange{AddressPrefix: "127.0.0.1", PrefixLen: &wrapperspb.UInt32Value{Value: 8}},
-			&pbproxystate.CidrRange{AddressPrefix: advertise, PrefixLen: &wrapperspb.UInt32Value{Value: uint32(advertiseLen)}},
-		)
-
-		if ok, err := platform.SupportsIPv6(); err != nil {
-			return nil, err
-		} else if ok {
-			ranges = append(ranges,
-				&pbproxystate.CidrRange{AddressPrefix: "::1", PrefixLen: &wrapperspb.UInt32Value{Value: 128}},
-			)
-		}
-
-		router.Match = &pbproxystate.Match{
-			SourcePrefixRanges: ranges,
-		}
-	}
-
-	l.Routers = []*pbproxystate.Router{router}
-
-	return l, err
-}
-
-// TODO(proxystate): Gateway support will be added in the future.
-// Functions and types to convert from agent/xds/listeners.go:
-// func makeTerminatingGatewayListener
-// type terminatingGatewayFilterChainOpts
-// func makeFilterChainTerminatingGateway
-// func makeMeshGatewayListener
-// func makeMeshGatewayPeerFilterChain
-
-type routerOpts struct {
-	//accessLogs           *structs.AccessLogsConfig
-	routeName   string
-	clusterName string
-	filterName  string
-	protocol    string
-	useRDS      bool
-	statPrefix  string
-	//forwardClientDetails bool
-	//forwardClientPolicy  envoy_http_v3.HttpConnectionManager_ForwardClientCertDetails
-	//tracing              *envoy_http_v3.HttpConnectionManager_Tracing
-}
-
-func (g *Converter) makeUpstreamRouter(opts routerOpts) (*pbproxystate.Router, error) {
-	if opts.statPrefix == "" {
-		opts.statPrefix = "upstream."
-	}
-
-	router := &pbproxystate.Router{}
-
-	err := g.addRouterDestination(destinationOpts{
-		useRDS:     opts.useRDS,
-		protocol:   opts.protocol,
-		filterName: opts.filterName,
-		routeName:  opts.routeName,
-		cluster:    opts.clusterName,
-		statPrefix: opts.statPrefix,
-		//forwardClientDetails: opts.forwardClientDetails,
-		//forwardClientPolicy:  opts.forwardClientPolicy,
-		//tracing:              opts.tracing,
-		//accessLogs:           opts.accessLogs,
-		logger: g.Logger,
-	}, router)
-	if err != nil {
-		return nil, err
-	}
-
-	return router, nil
-}
-
-// simpleChainTarget returns the discovery target for a chain with a single node.
-// A chain can have a single target if it is for a TCP service or an HTTP service without
-// multiple splits/routes/failovers.
-func simpleChainTarget(chain *structs.CompiledDiscoveryChain) (*structs.DiscoveryTarget, error) {
-	startNode := chain.Nodes[chain.StartNode]
-	if startNode == nil {
-		return nil, fmt.Errorf("missing first node in compiled discovery chain for: %s", chain.ServiceName)
-	}
-	if startNode.Type != structs.DiscoveryGraphNodeTypeResolver {
-		return nil, fmt.Errorf("expected discovery chain with single node, found unexpected start node: %s", startNode.Type)
-	}
-	targetID := startNode.Resolver.Target
-	return chain.Targets[targetID], nil
-}
-
-func (s *Converter) getAndModifyUpstreamConfigForListener(
-	uid proxycfg.UpstreamID,
-	u *structs.Upstream,
-	chain *structs.CompiledDiscoveryChain,
-) structs.UpstreamConfig {
-	var (
-		cfg structs.UpstreamConfig
-		err error
-	)
-
-	configMap := make(map[string]interface{})
-	if u != nil {
-		configMap = u.Config
-	}
-	if chain == nil || chain.Default {
-		cfg, err = structs.ParseUpstreamConfigNoDefaults(configMap)
-		if err != nil {
-			// Don't hard fail on a config typo, just warn. The parse func returns
-			// default config if there is an error so it's safe to continue.
-			s.Logger.Warn("failed to parse", "upstream", uid, "error", err)
-		}
-	} else {
-		// Use NoDefaults here so that we can set the protocol to the chain
-		// protocol if necessary
-		cfg, err = structs.ParseUpstreamConfigNoDefaults(configMap)
-		if err != nil {
-			// Don't hard fail on a config typo, just warn. The parse func returns
-			// default config if there is an error so it's safe to continue.
-			s.Logger.Warn("failed to parse", "upstream", uid, "error", err)
-		}
-
-		if cfg.EnvoyListenerJSON != "" {
-			s.Logger.Warn("ignoring escape hatch setting because already configured for",
-				"discovery chain", chain.ServiceName, "upstream", uid, "config", "envoy_listener_json")
-
-			// Remove from config struct so we don't use it later on
-			cfg.EnvoyListenerJSON = ""
-		}
-	}
-	protocol := cfg.Protocol
-	if chain != nil {
-		if protocol == "" {
-			protocol = chain.Protocol
-		}
-		if protocol == "" {
-			protocol = "tcp"
-		}
-	} else {
-		protocol = "tcp"
-	}
-
-	// set back on the config so that we can use it from return value
-	cfg.Protocol = protocol
-
-	return cfg
-}
-
-func (s *Converter) getAndModifyUpstreamConfigForPeeredListener(
-	uid proxycfg.UpstreamID,
-	u *structs.Upstream,
-	peerMeta structs.PeeringServiceMeta,
-) structs.UpstreamConfig {
-	var (
-		cfg structs.UpstreamConfig
-		err error
-	)
-
-	configMap := make(map[string]interface{})
-	if u != nil {
-		configMap = u.Config
-	}
-
-	cfg, err = structs.ParseUpstreamConfigNoDefaults(configMap)
-	if err != nil {
-		// Don't hard fail on a config typo, just warn. The parse func returns
-		// default config if there is an error so it's safe to continue.
-		s.Logger.Warn("failed to parse", "upstream", uid, "error", err)
-	}
-
-	// Ignore the configured protocol for peer upstreams, since it is defined by the remote
-	// cluster, which we cannot control.
-	protocol := peerMeta.Protocol
-	if protocol == "" {
-		protocol = "tcp"
-	}
-
-	// set back on the config so that we can use it from return value
-	cfg.Protocol = protocol
-
-	if cfg.ConnectTimeoutMs == 0 {
-		cfg.ConnectTimeoutMs = 5000
-	}
-
-	if cfg.MeshGateway.Mode == "" && u != nil {
-		cfg.MeshGateway = u.MeshGateway
-	}
-
-	return cfg
-}
-
-type destinationOpts struct {
-	// All listener filters
-	// TODO(proxystate): access logs support will be added later
-	//accessLogs *structs.AccessLogsConfig
-	cluster    string
-	filterName string
-	logger     hclog.Logger
-	protocol   string
-	statPrefix string
-
-	// HTTP listener filter options
-	forwardClientDetails bool
-	forwardClientPolicy  envoy_http_v3.HttpConnectionManager_ForwardClientCertDetails
-	httpAuthzFilters     []*envoy_http_v3.HttpFilter
-	idleTimeoutMs        *int
-	requestTimeoutMs     *int
-	routeName            string
-	routePath            string
-	// TODO(proxystate): tracing support will be added later
-	//tracing              *envoy_http_v3.HttpConnectionManager_Tracing
-	useRDS bool
-}
-
-func (g *Converter) addRouterDestination(opts destinationOpts, router *pbproxystate.Router) error {
-	switch opts.protocol {
-	case "grpc", "http2", "http":
-		dest, err := g.makeL7Destination(opts)
-		if err != nil {
-			return err
-		}
-		router.Destination = &pbproxystate.Router_L7{
-			L7: dest,
-		}
-		return nil
-	case "tcp":
-		fallthrough
-	default:
-		if opts.useRDS {
-			return fmt.Errorf("RDS is not compatible with the tcp proxy filter")
-		} else if opts.cluster == "" {
-			return fmt.Errorf("cluster name is required for a tcp proxy filter")
-		}
-		dest, err := makeL4Destination(opts)
-		if err != nil {
-			return err
-		}
-		router.Destination = &pbproxystate.Router_L4{
-			L4: dest,
-		}
-		return nil
-	}
-}
-
-func makeL4Destination(opts destinationOpts) (*pbproxystate.L4Destination, error) {
-	// TODO(proxystate): implement access logs at top level
-	//accessLogs, err := accesslogs.MakeAccessLogs(opts.accessLogs, false)
-	//if err != nil && opts.logger != nil {
-	//	opts.logger.Warn("could not make access log xds for tcp proxy", err)
-	//}
-
-	l4Dest := &pbproxystate.L4Destination{
-		//AccessLog:        accessLogs,
-		Name:       opts.cluster,
-		StatPrefix: makeStatPrefix(opts.statPrefix, opts.filterName),
-	}
-	return l4Dest, nil
-}
-
-func makeStatPrefix(prefix, filterName string) string {
-	// Replace colons here because Envoy does that in the metrics for the actual
-	// clusters but doesn't in the stat prefix here while dashboards assume they
-	// will match.
-	return fmt.Sprintf("%s%s", prefix, strings.Replace(filterName, ":", "_", -1))
-}
-
-func (g *Converter) makeL7Destination(opts destinationOpts) (*pbproxystate.L7Destination, error) {
-	dest := &pbproxystate.L7Destination{}
-
-	// TODO(proxystate) access logs will be added to proxystate top level and in xds generation
-	//accessLogs, err := accesslogs.MakeAccessLogs(opts.accessLogs, false)
-	//if err != nil && opts.logger != nil {
-	//	opts.logger.Warn("could not make access log xds for http connection manager", err)
-	//}
-
-	// An L7 Destination's name will be the route name, so during xds generation the route can be looked up.
-	dest.Name = opts.routeName
-	dest.StatPrefix = makeStatPrefix(opts.statPrefix, opts.filterName)
-
-	// TODO(proxystate) tracing will be added at the top level proxystate and xds generation
-	//if opts.tracing != nil {
-	//	cfg.Tracing = opts.tracing
-	//}
-
-	if opts.useRDS {
-		if opts.cluster != "" {
-			return nil, fmt.Errorf("cannot specify cluster name when using RDS")
-		}
-	} else {
-		dest.StaticRoute = true
-
-		if opts.cluster == "" {
-			return nil, fmt.Errorf("must specify cluster name when not using RDS")
-		}
-
-		routeRule := &pbproxystate.RouteRule{
-			Match: &pbproxystate.RouteMatch{
-				PathMatch: &pbproxystate.PathMatch{
-					PathMatch: &pbproxystate.PathMatch_Prefix{
-						Prefix: "/",
-					},
-				},
-				// TODO(banks) Envoy supports matching only valid GRPC
-				// requests which might be nice to add here for gRPC services
-				// but it's not supported in our current envoy SDK version
-				// although docs say it was supported by 1.8.0. Going to defer
-				// that until we've updated the deps.
-			},
-			Destination: &pbproxystate.RouteDestination{
-				Destination: &pbproxystate.RouteDestination_Cluster{
-					Cluster: &pbproxystate.DestinationCluster{
-						Name: opts.cluster,
-					},
-				},
-			},
-		}
-
-		var timeoutCfg *pbproxystate.TimeoutConfig
-		r := routeRule.GetDestination()
-
-		if opts.requestTimeoutMs != nil {
-			if timeoutCfg == nil {
-				timeoutCfg = &pbproxystate.TimeoutConfig{}
-			}
-			timeoutCfg.Timeout = durationpb.New(time.Duration(*opts.requestTimeoutMs) * time.Millisecond)
-		}
-
-		if opts.idleTimeoutMs != nil {
-			if timeoutCfg == nil {
-				timeoutCfg = &pbproxystate.TimeoutConfig{}
-			}
-			timeoutCfg.IdleTimeout = durationpb.New(time.Duration(*opts.idleTimeoutMs) * time.Millisecond)
-		}
-		r.DestinationConfiguration = &pbproxystate.DestinationConfiguration{
-			TimeoutConfig: timeoutCfg,
-		}
-
-		// If a path is provided, do not match on a catch-all prefix
-		if opts.routePath != "" {
-			routeRule.Match.PathMatch = &pbproxystate.PathMatch{
-				PathMatch: &pbproxystate.PathMatch_Exact{
-					Exact: opts.routePath,
-				},
-			}
-		}
-
-		// Create static route object
-		route := &pbproxystate.Route{
-			VirtualHosts: []*pbproxystate.VirtualHost{
-				{
-					Name:    opts.filterName,
-					Domains: []string{"*"},
-					RouteRules: []*pbproxystate.RouteRule{
-						routeRule,
-					},
-				},
-			},
-		}
-		// Save the route to proxy state.
-		g.proxyState.Routes[opts.routeName] = route
-	}
-
-	dest.Protocol = l7Protocols[opts.protocol]
-
-	// TODO(proxystate) need to include xfcc policy in future L7 task
-	//// Note the default leads to setting HttpConnectionManager_SANITIZE
-	//if opts.forwardClientDetails {
-	//	cfg.ForwardClientCertDetails = opts.forwardClientPolicy
-	//	cfg.SetCurrentClientCertDetails = &envoy_http_v3.HttpConnectionManager_SetCurrentClientCertDetails{
-	//		Subject: &wrapperspb.BoolValue{Value: true},
-	//		Cert:    true,
-	//		Chain:   true,
-	//		Dns:     true,
-	//		Uri:     true,
-	//	}
-	//}
-
-	// Like injectConnectFilters for L4, here we ensure that the first filter
-	// (other than the "envoy.grpc_http1_bridge" filter) in the http filter
-	// chain of a public listener is the authz filter to prevent unauthorized
-	// access and that every filter chain uses our TLS certs.
-	if len(opts.httpAuthzFilters) > 0 {
-		// TODO(proxystate) support intentions in the future
-		dest.Intentions = make([]*pbproxystate.L7Intention, 0)
-		//cfg.HttpFilters = append(opts.httpAuthzFilters, cfg.HttpFilters...)
-	}
-
-	// TODO(proxystate) add grpc http filters in xds in future L7 task
-	//if opts.protocol == "grpc" {
-	//	grpcHttp1Bridge, err := makeEnvoyHTTPFilter(
-	//		"envoy.filters.http.grpc_http1_bridge",
-	//		&envoy_grpc_http1_bridge_v3.Config{},
-	//	)
-	//	if err != nil {
-	//		return nil, err
-	//	}
-	//
-	//	// In envoy 1.14.x the default value "stats_for_all_methods=true" was
-	//	// deprecated, and was changed to "false" in 1.18.x. Avoid using the
-	//	// default. TODO: we may want to expose this to users somehow easily.
-	//	grpcStatsFilter, err := makeEnvoyHTTPFilter(
-	//		"envoy.filters.http.grpc_stats",
-	//		&envoy_grpc_stats_v3.FilterConfig{
-	//			PerMethodStatSpecifier: &envoy_grpc_stats_v3.FilterConfig_StatsForAllMethods{
-	//				StatsForAllMethods: makeBoolValue(true),
-	//			},
-	//		},
-	//	)
-	//	if err != nil {
-	//		return nil, err
-	//	}
-	//
-	//	// Add grpc bridge before router and authz, and the stats in front of that.
-	//	cfg.HttpFilters = append([]*envoy_http_v3.HttpFilter{
-	//		grpcStatsFilter,
-	//		grpcHttp1Bridge,
-	//	}, cfg.HttpFilters...)
-	//}
-
-	return dest, nil
-}
-
-var tlsVersionsWithConfigurableCipherSuites = map[types.TLSVersion]struct{}{
-	// Remove these two if Envoy ever sets TLS 1.3 as default minimum
-	types.TLSVersionUnspecified: {},
-	types.TLSVersionAuto:        {},
-
-	types.TLSv1_0: {},
-	types.TLSv1_1: {},
-	types.TLSv1_2: {},
-}
-
-func makeTLSParametersFromProxyTLSConfig(tlsConf *structs.MeshDirectionalTLSConfig) *pbproxystate.TLSParameters {
-	if tlsConf == nil {
-		return &pbproxystate.TLSParameters{}
-	}
-
-	return makeTLSParametersFromTLSConfig(tlsConf.TLSMinVersion, tlsConf.TLSMaxVersion, tlsConf.CipherSuites)
-}
-
-func makeTLSParametersFromTLSConfig(
-	tlsMinVersion types.TLSVersion,
-	tlsMaxVersion types.TLSVersion,
-	cipherSuites []types.TLSCipherSuite,
-) *pbproxystate.TLSParameters {
-	tlsParams := pbproxystate.TLSParameters{}
-
-	if tlsMinVersion != types.TLSVersionUnspecified {
-		tlsParams.MinVersion = tlsVersions[tlsMinVersion]
-	}
-	if tlsMaxVersion != types.TLSVersionUnspecified {
-		tlsParams.MaxVersion = tlsVersions[tlsMaxVersion]
-	}
-	if len(cipherSuites) != 0 {
-		var suites []pbproxystate.TLSCipherSuite
-		for _, cs := range cipherSuites {
-			suites = append(suites, tlsCipherSuites[cs])
-		}
-		tlsParams.CipherSuites = suites
-	}
-
-	return &tlsParams
-}
-
-var tlsVersions = map[types.TLSVersion]pbproxystate.TLSVersion{
-	types.TLSVersionAuto: pbproxystate.TLSVersion_TLS_VERSION_AUTO,
-	types.TLSv1_0:        pbproxystate.TLSVersion_TLS_VERSION_1_0,
-	types.TLSv1_1:        pbproxystate.TLSVersion_TLS_VERSION_1_1,
-	types.TLSv1_2:        pbproxystate.TLSVersion_TLS_VERSION_1_2,
-	types.TLSv1_3:        pbproxystate.TLSVersion_TLS_VERSION_1_3,
-}
-
-var tlsCipherSuites = map[types.TLSCipherSuite]pbproxystate.TLSCipherSuite{
-	types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:       pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256,
-	types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305,
-	types.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:         pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256,
-	types.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:   pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305,
-	types.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:          pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA,
-	types.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:            pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA,
-	types.TLS_RSA_WITH_AES_128_GCM_SHA256:               pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES128_GCM_SHA256,
-	types.TLS_RSA_WITH_AES_128_CBC_SHA:                  pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES128_SHA,
-	types.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:       pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384,
-	types.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:         pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384,
-	types.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:          pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA,
-	types.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:            pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA,
-	types.TLS_RSA_WITH_AES_256_GCM_SHA384:               pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES256_GCM_SHA384,
-	types.TLS_RSA_WITH_AES_256_CBC_SHA:                  pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES256_SHA,
-}
-
-var l7Protocols = map[string]pbproxystate.L7Protocol{
-	"http":  pbproxystate.L7Protocol_L7_PROTOCOL_HTTP,
-	"http2": pbproxystate.L7Protocol_L7_PROTOCOL_HTTP2,
-	"grpc":  pbproxystate.L7Protocol_L7_PROTOCOL_GRPC,
-}
-
-var balanceConnections = map[string]pbproxystate.BalanceConnections{
-	"":                             pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_DEFAULT,
-	structs.ConnectionExactBalance: pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_EXACT,
-}
diff --git a/agent/xds/proxystateconverter/locality_policy.go b/agent/xds/proxystateconverter/locality_policy.go
deleted file mode 100644
index c33f428fc2e2..000000000000
--- a/agent/xds/proxystateconverter/locality_policy.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package proxystateconverter
-
-import (
-	"fmt"
-
-	"github.com/hashicorp/consul/agent/structs"
-)
-
-func groupedEndpoints(locality *structs.Locality, policy *structs.DiscoveryPrioritizeByLocality, csns structs.CheckServiceNodes) ([]structs.CheckServiceNodes, error) {
-	switch {
-	case policy == nil || policy.Mode == "" || policy.Mode == "none":
-		return []structs.CheckServiceNodes{csns}, nil
-	case policy.Mode == "failover":
-		return prioritizeByLocalityFailover(locality, csns), nil
-	default:
-		return nil, fmt.Errorf("unexpected priortize-by-locality mode %q", policy.Mode)
-	}
-}
diff --git a/agent/xds/proxystateconverter/locality_policy_ce.go b/agent/xds/proxystateconverter/locality_policy_ce.go
deleted file mode 100644
index 014ed0f8b9b5..000000000000
--- a/agent/xds/proxystateconverter/locality_policy_ce.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package proxystateconverter
-
-import (
-	"github.com/hashicorp/consul/agent/structs"
-)
-
-func prioritizeByLocalityFailover(locality *structs.Locality, csns structs.CheckServiceNodes) []structs.CheckServiceNodes {
-	return nil
-}
diff --git a/agent/xds/proxystateconverter/routes.go b/agent/xds/proxystateconverter/routes.go
deleted file mode 100644
index f9559f7878a8..000000000000
--- a/agent/xds/proxystateconverter/routes.go
+++ /dev/null
@@ -1,777 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package proxystateconverter
-
-import (
-	"errors"
-	"fmt"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"sort"
-	"strings"
-	"time"
-
-	"github.com/hashicorp/consul/agent/xds/response"
-
-	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/structs"
-	"google.golang.org/protobuf/types/known/durationpb"
-)
-
-// routesFromSnapshot returns the xDS API representation of the "routes" in the
-// snapshot.
-func (s *Converter) routesFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot) error {
-	if cfgSnap == nil {
-		return errors.New("nil config given")
-	}
-
-	switch cfgSnap.Kind {
-	case structs.ServiceKindConnectProxy:
-		return s.routesForConnectProxy(cfgSnap)
-	// TODO(proxystate): Ingress Gateways will be added in the future.
-	//case structs.ServiceKindIngressGateway:
-	//	return s.routesForIngressGateway(cfgSnap)
-	// TODO(proxystate): API Gateways will be added in the future.
-	//case structs.ServiceKindAPIGateway:
-	//	return s.routesForAPIGateway(cfgSnap)
-	// TODO(proxystate): Terminating Gateways will be added in the future.
-	//case structs.ServiceKindTerminatingGateway:
-	//	return s.routesForTerminatingGateway(cfgSnap)
-	// TODO(proxystate): Mesh Gateways will be added in the future.
-	//case structs.ServiceKindMeshGateway:
-	//	return s.routesForMeshGateway(cfgSnap)
-	default:
-		return fmt.Errorf("Invalid service kind: %v", cfgSnap.Kind)
-	}
-}
-
-// routesFromSnapshotConnectProxy returns the xDS API representation of the
-// "routes" in the snapshot.
-func (s *Converter) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) error {
-	for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
-		if chain.Default {
-			continue
-		}
-
-		virtualHost, err := s.makeUpstreamHostForDiscoveryChain(cfgSnap, uid, chain, []string{"*"}, false)
-		if err != nil {
-			return err
-		}
-		if virtualHost == nil {
-			continue
-		}
-
-		route := &pbproxystate.Route{
-			VirtualHosts: []*pbproxystate.VirtualHost{virtualHost},
-		}
-		s.proxyState.Routes[uid.EnvoyID()] = route
-	}
-	addressesMap := make(map[string]map[string]string)
-	err := cfgSnap.ConnectProxy.DestinationsUpstream.ForEachKeyE(func(uid proxycfg.UpstreamID) error {
-		svcConfig, ok := cfgSnap.ConnectProxy.DestinationsUpstream.Get(uid)
-		if !ok || svcConfig == nil {
-			return nil
-		}
-		if !structs.IsProtocolHTTPLike(svcConfig.Protocol) {
-			// Routes can only be defined for HTTP services
-			return nil
-		}
-
-		for _, address := range svcConfig.Destination.Addresses {
-
-			routeName := clusterNameForDestination(cfgSnap, "~http", fmt.Sprintf("%d", svcConfig.Destination.Port), svcConfig.NamespaceOrDefault(), svcConfig.PartitionOrDefault())
-			if _, ok := addressesMap[routeName]; !ok {
-				addressesMap[routeName] = make(map[string]string)
-			}
-			// cluster name is unique per address/port so we should not be doing any override here
-			clusterName := clusterNameForDestination(cfgSnap, svcConfig.Name, address, svcConfig.NamespaceOrDefault(), svcConfig.PartitionOrDefault())
-			addressesMap[routeName][clusterName] = address
-		}
-		return nil
-	})
-
-	if err != nil {
-		return err
-	}
-
-	for routeName, clusters := range addressesMap {
-		route, err := s.makeRouteForAddresses(clusters)
-		if err != nil {
-			return err
-		}
-		if route != nil {
-			s.proxyState.Routes[routeName] = route
-		}
-	}
-
-	// TODO(rb): make sure we don't generate an empty result
-	return nil
-}
-
-func (s *Converter) makeRouteForAddresses(addresses map[string]string) (*pbproxystate.Route, error) {
-	route, err := makeAddressesRoute(addresses)
-	if err != nil {
-		s.Logger.Error("failed to make route", "cluster", "error", err)
-		return nil, err
-	}
-
-	return route, nil
-}
-
-// TODO(proxystate): Terminating Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func routesForTerminatingGateway
-
-// TODO(proxystate): Mesh Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func routesForMeshGateway
-
-func makeAddressesRoute(addresses map[string]string) (*pbproxystate.Route, error) {
-	route := &pbproxystate.Route{}
-	for clusterName, address := range addresses {
-		destination := makeRouteDestinationFromName(clusterName)
-		virtualHost := &pbproxystate.VirtualHost{
-			Name:    clusterName,
-			Domains: []string{address},
-			RouteRules: []*pbproxystate.RouteRule{
-				{
-					Match:       makeDefaultRouteMatch(),
-					Destination: destination,
-				},
-			},
-		}
-		route.VirtualHosts = append(route.VirtualHosts, virtualHost)
-	}
-
-	// sort virtual hosts to have a stable order
-	sort.SliceStable(route.VirtualHosts, func(i, j int) bool {
-		return route.VirtualHosts[i].Name > route.VirtualHosts[j].Name
-	})
-	return route, nil
-}
-
-// makeRouteDestinationFromName (fka makeRouteActionFromName)
-func makeRouteDestinationFromName(clusterName string) *pbproxystate.RouteDestination {
-	return &pbproxystate.RouteDestination{
-		Destination: &pbproxystate.RouteDestination_Cluster{
-			Cluster: &pbproxystate.DestinationCluster{
-				Name: clusterName,
-			},
-		},
-	}
-}
-
-// TODO(proxystate): Ingress Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func routesForIngressGateway
-
-// TODO(proxystate): API Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func routesForAPIGateway
-// func buildHTTPRouteUpstream
-
-// TODO(proxystate): Ingress Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func findIngressServiceMatchingUpstream
-
-// TODO(proxystate): Ingress Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func generateUpstreamIngressDomains
-
-// TODO(proxystate): Ingress Gateways will be added in the future.
-// Functions to add from agent/xds/clusters.go:
-// func generateUpstreamAPIsDomains
-
-func (s *Converter) makeUpstreamHostForDiscoveryChain(
-	cfgSnap *proxycfg.ConfigSnapshot,
-	uid proxycfg.UpstreamID,
-	chain *structs.CompiledDiscoveryChain,
-	serviceDomains []string,
-	forMeshGateway bool,
-) (*pbproxystate.VirtualHost, error) {
-	var routeRules []*pbproxystate.RouteRule
-
-	startNode := chain.Nodes[chain.StartNode]
-	if startNode == nil {
-		return nil, fmt.Errorf("missing first node in compiled discovery chain for: %s", chain.ServiceName)
-	}
-
-	upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
-	if err != nil && !forMeshGateway {
-		return nil, err
-	}
-
-	switch startNode.Type {
-	case structs.DiscoveryGraphNodeTypeRouter:
-		routeRules = make([]*pbproxystate.RouteRule, 0, len(startNode.Routes))
-
-		for _, discoveryRoute := range startNode.Routes {
-			routeMatch := makeRouteMatchForDiscoveryRoute(discoveryRoute)
-
-			var (
-				routeDestination *pbproxystate.RouteDestination
-				err              error
-			)
-
-			nextNode := chain.Nodes[discoveryRoute.NextNode]
-
-			var lb *structs.LoadBalancer
-			if nextNode.LoadBalancer != nil {
-				lb = nextNode.LoadBalancer
-			}
-
-			switch nextNode.Type {
-			case structs.DiscoveryGraphNodeTypeSplitter:
-				routeDestination, err = s.makeRouteDestinationForSplitter(upstreamsSnapshot, nextNode.Splits, chain, forMeshGateway)
-				if err != nil {
-					return nil, err
-				}
-
-			case structs.DiscoveryGraphNodeTypeResolver:
-				rd, ok := s.makeRouteDestinationForChainCluster(upstreamsSnapshot, nextNode.Resolver.Target, chain, forMeshGateway)
-				if !ok {
-					continue
-				}
-				routeDestination = rd
-
-			default:
-				return nil, fmt.Errorf("unexpected graph node after route %q", nextNode.Type)
-			}
-
-			routeDestination.DestinationConfiguration = &pbproxystate.DestinationConfiguration{}
-			if err := injectLBToDestinationConfiguration(lb, routeDestination.DestinationConfiguration); err != nil {
-				return nil, fmt.Errorf("failed to apply load balancer configuration to route action: %v", err)
-			}
-
-			// TODO(rb): Better help handle the envoy case where you need (prefix=/foo/,rewrite=/) and (exact=/foo,rewrite=/) to do a full rewrite
-
-			destination := discoveryRoute.Definition.Destination
-
-			routeRule := &pbproxystate.RouteRule{}
-
-			if destination != nil {
-				configHandle := routeDestination.DestinationConfiguration
-				if destination.PrefixRewrite != "" {
-					configHandle.PrefixRewrite = destination.PrefixRewrite
-				}
-
-				if destination.RequestTimeout > 0 || destination.IdleTimeout > 0 {
-					configHandle.TimeoutConfig = &pbproxystate.TimeoutConfig{}
-				}
-				if destination.RequestTimeout > 0 {
-					configHandle.TimeoutConfig.Timeout = durationpb.New(destination.RequestTimeout)
-				}
-				if destination.IdleTimeout > 0 {
-					configHandle.TimeoutConfig.IdleTimeout = durationpb.New(destination.IdleTimeout)
-				}
-
-				if destination.HasRetryFeatures() {
-					configHandle.RetryPolicy = getRetryPolicyForDestination(destination)
-				}
-
-				if err := injectHeaderManipToRoute(destination, routeRule); err != nil {
-					return nil, fmt.Errorf("failed to apply header manipulation configuration to route: %v", err)
-				}
-			}
-
-			routeRule.Match = routeMatch
-			routeRule.Destination = routeDestination
-
-			routeRules = append(routeRules, routeRule)
-		}
-
-	case structs.DiscoveryGraphNodeTypeSplitter:
-		routeDestination, err := s.makeRouteDestinationForSplitter(upstreamsSnapshot, startNode.Splits, chain, forMeshGateway)
-		if err != nil {
-			return nil, err
-		}
-		var lb *structs.LoadBalancer
-		if startNode.LoadBalancer != nil {
-			lb = startNode.LoadBalancer
-		}
-		routeDestination.DestinationConfiguration = &pbproxystate.DestinationConfiguration{}
-		if err := injectLBToDestinationConfiguration(lb, routeDestination.DestinationConfiguration); err != nil {
-			return nil, fmt.Errorf("failed to apply load balancer configuration to route action: %v", err)
-		}
-
-		defaultRoute := &pbproxystate.RouteRule{
-			Match:       makeDefaultRouteMatch(),
-			Destination: routeDestination,
-		}
-
-		routeRules = []*pbproxystate.RouteRule{defaultRoute}
-
-	case structs.DiscoveryGraphNodeTypeResolver:
-		routeDestination, ok := s.makeRouteDestinationForChainCluster(upstreamsSnapshot, startNode.Resolver.Target, chain, forMeshGateway)
-		if !ok {
-			break
-		}
-		var lb *structs.LoadBalancer
-		if startNode.LoadBalancer != nil {
-			lb = startNode.LoadBalancer
-		}
-		routeDestination.DestinationConfiguration = &pbproxystate.DestinationConfiguration{}
-		if err := injectLBToDestinationConfiguration(lb, routeDestination.DestinationConfiguration); err != nil {
-			return nil, fmt.Errorf("failed to apply load balancer configuration to route action: %v", err)
-		}
-
-		if startNode.Resolver.RequestTimeout > 0 {
-			to := &pbproxystate.TimeoutConfig{
-				Timeout: durationpb.New(startNode.Resolver.RequestTimeout),
-			}
-			routeDestination.DestinationConfiguration.TimeoutConfig = to
-		}
-		defaultRoute := &pbproxystate.RouteRule{
-			Match:       makeDefaultRouteMatch(),
-			Destination: routeDestination,
-		}
-
-		routeRules = []*pbproxystate.RouteRule{defaultRoute}
-
-	default:
-		return nil, fmt.Errorf("unknown first node in discovery chain of type: %s", startNode.Type)
-	}
-
-	host := &pbproxystate.VirtualHost{
-		Name:       uid.EnvoyID(),
-		Domains:    serviceDomains,
-		RouteRules: routeRules,
-	}
-
-	return host, nil
-}
-
-func getRetryPolicyForDestination(destination *structs.ServiceRouteDestination) *pbproxystate.RetryPolicy {
-	retryPolicy := &pbproxystate.RetryPolicy{}
-	if destination.NumRetries > 0 {
-		retryPolicy.NumRetries = response.MakeUint32Value(int(destination.NumRetries))
-	}
-
-	// The RetryOn magic values come from: https://www.envoyproxy.io/docs/envoy/v1.10.0/configuration/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on
-	var retryStrings []string
-
-	if len(destination.RetryOn) > 0 {
-		retryStrings = append(retryStrings, destination.RetryOn...)
-	}
-
-	if destination.RetryOnConnectFailure {
-		// connect-failure can be enabled by either adding connect-failure to the RetryOn list or by using the legacy RetryOnConnectFailure option
-		// Check that it's not already in the RetryOn list, so we don't set it twice
-		connectFailureExists := false
-		for _, r := range retryStrings {
-			if r == "connect-failure" {
-				connectFailureExists = true
-			}
-		}
-		if !connectFailureExists {
-			retryStrings = append(retryStrings, "connect-failure")
-		}
-	}
-
-	if len(destination.RetryOnStatusCodes) > 0 {
-		retryStrings = append(retryStrings, "retriable-status-codes")
-		retryPolicy.RetriableStatusCodes = destination.RetryOnStatusCodes
-	}
-
-	retryPolicy.RetryOn = strings.Join(retryStrings, ",")
-
-	return retryPolicy
-}
-
-func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *pbproxystate.RouteMatch {
-	match := discoveryRoute.Definition.Match
-	if match == nil || match.IsEmpty() {
-		return makeDefaultRouteMatch()
-	}
-
-	routeMatch := &pbproxystate.RouteMatch{}
-
-	switch {
-	case match.HTTP.PathExact != "":
-		routeMatch.PathMatch = &pbproxystate.PathMatch{
-			PathMatch: &pbproxystate.PathMatch_Exact{
-				Exact: match.HTTP.PathExact,
-			},
-		}
-	case match.HTTP.PathPrefix != "":
-		routeMatch.PathMatch = &pbproxystate.PathMatch{
-			PathMatch: &pbproxystate.PathMatch_Prefix{
-				Prefix: match.HTTP.PathPrefix,
-			},
-		}
-	case match.HTTP.PathRegex != "":
-		routeMatch.PathMatch = &pbproxystate.PathMatch{
-			PathMatch: &pbproxystate.PathMatch_Regex{
-				Regex: match.HTTP.PathRegex,
-			},
-		}
-	default:
-		routeMatch.PathMatch = &pbproxystate.PathMatch{
-			PathMatch: &pbproxystate.PathMatch_Prefix{
-				Prefix: "/",
-			},
-		}
-	}
-
-	if len(match.HTTP.Header) > 0 {
-		routeMatch.HeaderMatches = make([]*pbproxystate.HeaderMatch, 0, len(match.HTTP.Header))
-		for _, hdr := range match.HTTP.Header {
-			headerMatch := &pbproxystate.HeaderMatch{
-				Name: hdr.Name,
-			}
-
-			switch {
-			case hdr.Exact != "":
-				headerMatch.Match = &pbproxystate.HeaderMatch_Exact{
-					Exact: hdr.Exact,
-				}
-			case hdr.Regex != "":
-				headerMatch.Match = &pbproxystate.HeaderMatch_Regex{
-					Regex: hdr.Regex,
-				}
-			case hdr.Prefix != "":
-				headerMatch.Match = &pbproxystate.HeaderMatch_Prefix{
-					Prefix: hdr.Prefix,
-				}
-			case hdr.Suffix != "":
-				headerMatch.Match = &pbproxystate.HeaderMatch_Suffix{
-					Suffix: hdr.Suffix,
-				}
-			case hdr.Present:
-				headerMatch.Match = &pbproxystate.HeaderMatch_Present{
-					Present: true,
-				}
-			default:
-				continue // skip this impossible situation
-			}
-
-			if hdr.Invert {
-				headerMatch.InvertMatch = true
-			}
-
-			routeMatch.HeaderMatches = append(routeMatch.HeaderMatches, headerMatch)
-		}
-	}
-
-	if len(match.HTTP.Methods) > 0 {
-		routeMatch.MethodMatches = append(routeMatch.MethodMatches, match.HTTP.Methods...)
-	}
-
-	if len(match.HTTP.QueryParam) > 0 {
-		routeMatch.QueryParameterMatches = make([]*pbproxystate.QueryParameterMatch, 0, len(match.HTTP.QueryParam))
-		for _, qm := range match.HTTP.QueryParam {
-
-			queryMatcher := &pbproxystate.QueryParameterMatch{
-				Name: qm.Name,
-			}
-
-			switch {
-			case qm.Exact != "":
-				queryMatcher.Match = &pbproxystate.QueryParameterMatch_Exact{
-					Exact: qm.Exact,
-				}
-			case qm.Regex != "":
-				queryMatcher.Match = &pbproxystate.QueryParameterMatch_Regex{
-					Regex: qm.Regex,
-				}
-			case qm.Present:
-				queryMatcher.Match = &pbproxystate.QueryParameterMatch_Present{
-					Present: true,
-				}
-			default:
-				continue // skip this impossible situation
-			}
-
-			routeMatch.QueryParameterMatches = append(routeMatch.QueryParameterMatches, queryMatcher)
-		}
-	}
-
-	return routeMatch
-}
-
-func makeDefaultRouteMatch() *pbproxystate.RouteMatch {
-	return &pbproxystate.RouteMatch{
-		PathMatch: &pbproxystate.PathMatch{
-			PathMatch: &pbproxystate.PathMatch_Prefix{
-				Prefix: "/",
-			},
-		},
-		// TODO(banks) Envoy supports matching only valid GRPC
-		// requests which might be nice to add here for gRPC services
-		// but it's not supported in our current envoy SDK version
-		// although docs say it was supported by 1.8.0. Going to defer
-		// that until we've updated the deps.
-	}
-}
-
-func (s *Converter) makeRouteDestinationForChainCluster(
-	upstreamsSnapshot *proxycfg.ConfigSnapshotUpstreams,
-	targetID string,
-	chain *structs.CompiledDiscoveryChain,
-	forMeshGateway bool,
-) (*pbproxystate.RouteDestination, bool) {
-	clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway)
-	if clusterName == "" {
-		return nil, false
-	}
-	return makeRouteDestinationFromName(clusterName), true
-}
-
-func (s *Converter) makeRouteDestinationForSplitter(
-	upstreamsSnapshot *proxycfg.ConfigSnapshotUpstreams,
-	splits []*structs.DiscoverySplit,
-	chain *structs.CompiledDiscoveryChain,
-	forMeshGateway bool,
-) (*pbproxystate.RouteDestination, error) {
-	clusters := make([]*pbproxystate.L7WeightedDestinationCluster, 0, len(splits))
-	for _, split := range splits {
-		nextNode := chain.Nodes[split.NextNode]
-
-		if nextNode.Type != structs.DiscoveryGraphNodeTypeResolver {
-			return nil, fmt.Errorf("unexpected splitter destination node type: %s", nextNode.Type)
-		}
-		targetID := nextNode.Resolver.Target
-
-		clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway)
-		if clusterName == "" {
-			continue
-		}
-
-		// The smallest representable weight is 1/10000 or .01% but envoy
-		// deals with integers so scale everything up by 100x.
-		weight := int(split.Weight * 100)
-
-		clusterWeight := &pbproxystate.L7WeightedDestinationCluster{
-			Name:   clusterName,
-			Weight: response.MakeUint32Value(weight),
-		}
-		if err := injectHeaderManipToWeightedCluster(split.Definition, clusterWeight); err != nil {
-			return nil, err
-		}
-
-		clusters = append(clusters, clusterWeight)
-	}
-
-	if len(clusters) <= 0 {
-		return nil, fmt.Errorf("number of clusters in splitter must be > 0; got %d", len(clusters))
-	}
-
-	return &pbproxystate.RouteDestination{
-		Destination: &pbproxystate.RouteDestination_WeightedClusters{
-			WeightedClusters: &pbproxystate.L7WeightedClusterGroup{
-				Clusters: clusters,
-			},
-		},
-	}, nil
-}
-
-func injectLBToDestinationConfiguration(lb *structs.LoadBalancer, destinationConfig *pbproxystate.DestinationConfiguration) error {
-	if lb == nil || !lb.IsHashBased() {
-		return nil
-	}
-
-	result := make([]*pbproxystate.LoadBalancerHashPolicy, 0, len(lb.HashPolicies))
-	for _, policy := range lb.HashPolicies {
-		if policy.SourceIP {
-			p := &pbproxystate.LoadBalancerHashPolicy{
-				Policy: &pbproxystate.LoadBalancerHashPolicy_ConnectionProperties{
-					ConnectionProperties: &pbproxystate.ConnectionPropertiesPolicy{
-						SourceIp: true,
-						Terminal: policy.Terminal,
-					},
-				},
-			}
-			result = append(result, p)
-			continue
-		}
-
-		switch policy.Field {
-		case structs.HashPolicyHeader:
-			p := &pbproxystate.LoadBalancerHashPolicy{
-				Policy: &pbproxystate.LoadBalancerHashPolicy_Header{
-					Header: &pbproxystate.HeaderPolicy{
-						Name:     policy.FieldValue,
-						Terminal: policy.Terminal,
-					},
-				},
-			}
-			result = append(result, p)
-
-		case structs.HashPolicyCookie:
-
-			cookie := &pbproxystate.CookiePolicy{
-				Name:     policy.FieldValue,
-				Terminal: policy.Terminal,
-			}
-			if policy.CookieConfig != nil {
-				cookie.Path = policy.CookieConfig.Path
-
-				if policy.CookieConfig.TTL != 0*time.Second {
-					cookie.Ttl = durationpb.New(policy.CookieConfig.TTL)
-				}
-
-				// Envoy will generate a session cookie if the ttl is present and zero.
-				if policy.CookieConfig.Session {
-					cookie.Ttl = durationpb.New(0 * time.Second)
-				}
-			}
-			p := &pbproxystate.LoadBalancerHashPolicy{
-				Policy: &pbproxystate.LoadBalancerHashPolicy_Cookie{
-					Cookie: cookie,
-				},
-			}
-			result = append(result, p)
-
-		case structs.HashPolicyQueryParam:
-			p := &pbproxystate.LoadBalancerHashPolicy{
-				Policy: &pbproxystate.LoadBalancerHashPolicy_QueryParameter{
-					QueryParameter: &pbproxystate.QueryParameterPolicy{
-						Name:     policy.FieldValue,
-						Terminal: policy.Terminal,
-					},
-				},
-			}
-			result = append(result, p)
-
-		default:
-			return fmt.Errorf("unsupported load balancer hash policy field: %v", policy.Field)
-		}
-	}
-
-	destinationConfig.HashPolicies = result
-	return nil
-}
-
-func injectHeaderManipToRoute(dest *structs.ServiceRouteDestination, r *pbproxystate.RouteRule) error {
-	if !dest.RequestHeaders.IsZero() {
-		r.HeaderMutations = append(
-			r.HeaderMutations,
-			makeRequestHeaderAdd(dest.RequestHeaders.Add, true)...,
-		)
-		r.HeaderMutations = append(
-			r.HeaderMutations,
-			makeRequestHeaderAdd(dest.RequestHeaders.Set, false)...,
-		)
-		r.HeaderMutations = append(
-			r.HeaderMutations,
-			makeRequestHeaderRemove(dest.RequestHeaders.Remove),
-		)
-	}
-	if !dest.ResponseHeaders.IsZero() {
-		r.HeaderMutations = append(
-			r.HeaderMutations,
-			makeResponseHeaderAdd(dest.ResponseHeaders.Add, true)...,
-		)
-		r.HeaderMutations = append(
-			r.HeaderMutations,
-			makeResponseHeaderAdd(dest.ResponseHeaders.Set, false)...,
-		)
-		r.HeaderMutations = append(
-			r.HeaderMutations,
-			makeResponseHeaderRemove(dest.ResponseHeaders.Remove),
-		)
-	}
-	return nil
-}
-
-func injectHeaderManipToWeightedCluster(split *structs.ServiceSplit, c *pbproxystate.L7WeightedDestinationCluster) error {
-	if !split.RequestHeaders.IsZero() {
-		c.HeaderMutations = append(
-			c.HeaderMutations,
-			makeRequestHeaderAdd(split.RequestHeaders.Add, true)...,
-		)
-		c.HeaderMutations = append(
-			c.HeaderMutations,
-			makeRequestHeaderAdd(split.RequestHeaders.Set, false)...,
-		)
-		c.HeaderMutations = append(
-			c.HeaderMutations,
-			makeRequestHeaderRemove(split.RequestHeaders.Remove),
-		)
-	}
-	if !split.ResponseHeaders.IsZero() {
-		c.HeaderMutations = append(
-			c.HeaderMutations,
-			makeResponseHeaderAdd(split.ResponseHeaders.Add, true)...,
-		)
-		c.HeaderMutations = append(
-			c.HeaderMutations,
-			makeResponseHeaderAdd(split.ResponseHeaders.Set, false)...,
-		)
-		c.HeaderMutations = append(
-			c.HeaderMutations,
-			makeResponseHeaderRemove(split.ResponseHeaders.Remove),
-		)
-	}
-	return nil
-}
-
-func makeRequestHeaderAdd(vals map[string]string, add bool) []*pbproxystate.HeaderMutation {
-	mutations := make([]*pbproxystate.HeaderMutation, 0, len(vals))
-
-	appendAction := pbproxystate.AppendAction_APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD
-	if add {
-		appendAction = pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-	}
-
-	for k, v := range vals {
-		m := &pbproxystate.HeaderMutation{
-			Action: &pbproxystate.HeaderMutation_RequestHeaderAdd{
-				RequestHeaderAdd: &pbproxystate.RequestHeaderAdd{
-					Header: &pbproxystate.Header{
-						Key:   k,
-						Value: v,
-					},
-					AppendAction: appendAction,
-				},
-			},
-		}
-		mutations = append(mutations, m)
-	}
-	return mutations
-}
-
-func makeRequestHeaderRemove(values []string) *pbproxystate.HeaderMutation {
-	return &pbproxystate.HeaderMutation{
-		Action: &pbproxystate.HeaderMutation_RequestHeaderRemove{
-			RequestHeaderRemove: &pbproxystate.RequestHeaderRemove{
-				HeaderKeys: values,
-			},
-		},
-	}
-}
-
-func makeResponseHeaderAdd(vals map[string]string, add bool) []*pbproxystate.HeaderMutation {
-	mutations := make([]*pbproxystate.HeaderMutation, 0, len(vals))
-
-	appendAction := pbproxystate.AppendAction_APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD
-	if add {
-		appendAction = pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-	}
-
-	for k, v := range vals {
-		m := &pbproxystate.HeaderMutation{
-			Action: &pbproxystate.HeaderMutation_ResponseHeaderAdd{
-				ResponseHeaderAdd: &pbproxystate.ResponseHeaderAdd{
-					Header: &pbproxystate.Header{
-						Key:   k,
-						Value: v,
-					},
-					AppendAction: appendAction,
-				},
-			},
-		}
-		mutations = append(mutations, m)
-	}
-	return mutations
-}
-
-func makeResponseHeaderRemove(values []string) *pbproxystate.HeaderMutation {
-	return &pbproxystate.HeaderMutation{
-		Action: &pbproxystate.HeaderMutation_ResponseHeaderRemove{
-			ResponseHeaderRemove: &pbproxystate.ResponseHeaderRemove{
-				HeaderKeys: values,
-			},
-		},
-	}
-}
diff --git a/agent/xds/rbac.go b/agent/xds/rbac.go
index 68e91d2945ad..f38525abb78d 100644
--- a/agent/xds/rbac.go
+++ b/agent/xds/rbac.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -19,15 +19,9 @@ import (
 
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/proto/private/pbpeering"
 )
 
-const (
-	envoyHTTPRBACFilterKey    = "envoy.filters.http.rbac"
-	envoyNetworkRBACFilterKey = "envoy.filters.network.rbac"
-)
-
 func makeRBACNetworkFilter(
 	intentions structs.SimplifiedIntentions,
 	intentionDefaultAllow bool,
@@ -43,7 +37,7 @@ func makeRBACNetworkFilter(
 		StatPrefix: "connect_authz",
 		Rules:      rules,
 	}
-	return makeFilter(envoyNetworkRBACFilterKey, cfg)
+	return makeFilter("envoy.filters.network.rbac", cfg)
 }
 
 func makeRBACHTTPFilter(
@@ -61,7 +55,7 @@ func makeRBACHTTPFilter(
 	cfg := &envoy_http_rbac_v3.RBAC{
 		Rules: rules,
 	}
-	return makeEnvoyHTTPFilter(envoyHTTPRBACFilterKey, cfg)
+	return makeEnvoyHTTPFilter("envoy.filters.http.rbac", cfg)
 }
 
 func intentionListToIntermediateRBACForm(
@@ -331,7 +325,6 @@ func intentionActionFromBool(v bool) intentionAction {
 		return intentionActionDeny
 	}
 }
-
 func intentionActionFromString(s structs.IntentionAction) intentionAction {
 	if s == structs.IntentionActionAllow {
 		return intentionActionAllow
@@ -815,6 +808,7 @@ func segmentToPermission(segments []*envoy_matcher_v3.MetadataMatcher_PathSegmen
 //		},
 //	},
 func pathToSegments(paths []string, payloadKey string) []*envoy_matcher_v3.MetadataMatcher_PathSegment {
+
 	segments := make([]*envoy_matcher_v3.MetadataMatcher_PathSegment, 0, len(paths))
 	segments = append(segments, makeSegment(payloadKey))
 
@@ -839,9 +833,6 @@ func optimizePrincipals(orig []*envoy_rbac_v3.Principal) []*envoy_rbac_v3.Princi
 		if !ok {
 			return orig
 		}
-		// In practice, you can't hit this
-		// Only JWTs (HTTP-only) generate orPrinciples, but optimizePrinciples is only called
-		// against the combined list of principles for L4 intentions.
 		orIds = append(orIds, or.OrIds.Ids...)
 	}
 
@@ -993,7 +984,7 @@ func authenticatedPatternPrincipal(pattern string) *envoy_rbac_v3.Principal {
 			Authenticated: &envoy_rbac_v3.Principal_Authenticated{
 				PrincipalName: &envoy_matcher_v3.StringMatcher{
 					MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
-						SafeRegex: response.MakeEnvoyRegexMatch(pattern),
+						SafeRegex: makeEnvoyRegexMatch(pattern),
 					},
 				},
 			},
@@ -1025,7 +1016,7 @@ func xfccPrincipal(src rbacService) *envoy_rbac_v3.Principal {
 				HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{
 					StringMatch: &envoy_matcher_v3.StringMatcher{
 						MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
-							SafeRegex: response.MakeEnvoyRegexMatch(pattern),
+							SafeRegex: makeEnvoyRegexMatch(pattern),
 						},
 					},
 				},
@@ -1034,10 +1025,8 @@ func xfccPrincipal(src rbacService) *envoy_rbac_v3.Principal {
 	}
 }
 
-const (
-	anyPath     = `[^/]+`
-	trustDomain = anyPath + "." + anyPath
-)
+const anyPath = `[^/]+`
+const trustDomain = anyPath + "." + anyPath
 
 // downstreamServiceIdentityMatcher needs to match XFCC headers in two cases:
 // 1. Requests to cluster peered services through a mesh gateway. In this case, the XFCC header looks like the following (I added a new line after each ; for readability)
@@ -1232,7 +1221,7 @@ func convertPermission(perm *structs.IntentionPermission) *envoy_rbac_v3.Permiss
 					Rule: &envoy_matcher_v3.PathMatcher_Path{
 						Path: &envoy_matcher_v3.StringMatcher{
 							MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
-								SafeRegex: response.MakeEnvoyRegexMatch(perm.HTTP.PathRegex),
+								SafeRegex: makeEnvoyRegexMatch(perm.HTTP.PathRegex),
 							},
 						},
 					},
@@ -1253,7 +1242,7 @@ func convertPermission(perm *structs.IntentionPermission) *envoy_rbac_v3.Permiss
 			}
 		case hdr.Regex != "":
 			eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
-				SafeRegexMatch: response.MakeEnvoyRegexMatch(hdr.Regex),
+				SafeRegexMatch: makeEnvoyRegexMatch(hdr.Regex),
 			}
 		case hdr.Prefix != "":
 			eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PrefixMatch{
@@ -1288,7 +1277,7 @@ func convertPermission(perm *structs.IntentionPermission) *envoy_rbac_v3.Permiss
 		eh := &envoy_route_v3.HeaderMatcher{
 			Name: ":method",
 			HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
-				SafeRegexMatch: response.MakeEnvoyRegexMatch(methodHeaderRegex),
+				SafeRegexMatch: makeEnvoyRegexMatch(methodHeaderRegex),
 			},
 		}
 
diff --git a/agent/xds/rbac_test.go b/agent/xds/rbac_test.go
index 9885052250aa..6bc36028707a 100644
--- a/agent/xds/rbac_test.go
+++ b/agent/xds/rbac_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
diff --git a/agent/xds/resources.go b/agent/xds/resources.go
index fc761040029c..c7099e5cb50a 100644
--- a/agent/xds/resources.go
+++ b/agent/xds/resources.go
@@ -1,12 +1,11 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
 import (
 	"fmt"
 
-	"github.com/hashicorp/consul/agent/xds/configfetcher"
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/protobuf/proto"
 
@@ -19,7 +18,7 @@ import (
 // resources for a single client.
 type ResourceGenerator struct {
 	Logger         hclog.Logger
-	CfgFetcher     configfetcher.ConfigFetcher
+	CfgFetcher     ConfigFetcher
 	IncrementalXDS bool
 
 	ProxyFeatures xdscommon.SupportedProxyFeatures
@@ -27,7 +26,7 @@ type ResourceGenerator struct {
 
 func NewResourceGenerator(
 	logger hclog.Logger,
-	cfgFetcher configfetcher.ConfigFetcher,
+	cfgFetcher ConfigFetcher,
 	incrementalXDS bool,
 ) *ResourceGenerator {
 	return &ResourceGenerator{
diff --git a/agent/xds/resources_ce_test.go b/agent/xds/resources_ce_test.go
index 14d5a35253a4..5da963940ccb 100644
--- a/agent/xds/resources_ce_test.go
+++ b/agent/xds/resources_ce_test.go
@@ -1,13 +1,11 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
 
 package xds
 
-import "testing"
-
-func getEnterpriseGoldenTestCases(t *testing.T) []goldenTestCase {
+func getEnterpriseGoldenTestCases() []goldenTestCase {
 	return nil
 }
diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go
index 69a704386b5d..29743c060bfd 100644
--- a/agent/xds/resources_test.go
+++ b/agent/xds/resources_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -7,27 +7,23 @@ import (
 	"path/filepath"
 	"sort"
 	"testing"
-	"time"
 
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
 	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
-	"k8s.io/utils/pointer"
 
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/consul/discoverychain"
 	"github.com/hashicorp/consul/agent/xds/testcommon"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/types"
 
 	testinf "github.com/mitchellh/go-testing-interface"
 	"github.com/stretchr/testify/require"
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/response"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
 
@@ -121,7 +117,7 @@ func TestAllResourcesFromSnapshot(t *testing.T) {
 					}
 				})
 
-				r, err := response.CreateResponse(typeUrl, "00000001", "00000001", items)
+				r, err := createResponse(typeUrl, "00000001", "00000001", items)
 				require.NoError(t, err)
 
 				gotJSON := protoToJSON(t, r)
@@ -160,23 +156,13 @@ func TestAllResourcesFromSnapshot(t *testing.T) {
 			},
 		},
 		{
-			name: "transparent-proxy",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotTransparentProxy(t)
-			},
+			name:   "transparent-proxy",
+			create: proxycfg.TestConfigSnapshotTransparentProxy,
 		},
 		{
 			name:   "connect-proxy-with-peered-upstreams",
 			create: proxycfg.TestConfigSnapshotPeering,
 		},
-		{
-			name:   "connect-proxy-with-peered-upstreams-escape-overrides",
-			create: proxycfg.TestConfigSnapshotPeeringWithEscapeOverrides,
-		},
-		{
-			name:   "connect-proxy-with-peered-upstreams-http2",
-			create: proxycfg.TestConfigSnapshotPeeringWithHTTP2,
-		},
 		{
 			name:   "transparent-proxy-with-peered-upstreams",
 			create: proxycfg.TestConfigSnapshotPeeringTProxy,
@@ -193,7 +179,7 @@ func TestAllResourcesFromSnapshot(t *testing.T) {
 	tests = append(tests, getConnectProxyTransparentProxyGoldenTestCases()...)
 	tests = append(tests, getMeshGatewayPeeringGoldenTestCases()...)
 	tests = append(tests, getTrafficControlPeeringGoldenTestCases(false)...)
-	tests = append(tests, getEnterpriseGoldenTestCases(t)...)
+	tests = append(tests, getEnterpriseGoldenTestCases()...)
 	tests = append(tests, getAPIGatewayGoldenTestCases(t)...)
 
 	latestEnvoyVersion := xdscommon.EnvoyVersions[0]
@@ -260,11 +246,7 @@ func getMeshGatewayPeeringGoldenTestCases() []goldenTestCase {
 		{
 			name: "mesh-gateway-with-imported-peered-services",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "imported-services", func(ns *structs.NodeService) {
-					ns.Proxy.Config = map[string]interface{}{
-						"envoy_dns_discovery_type": "STRICT_DNS",
-					}
-				}, nil)
+				return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "imported-services", nil, nil)
 			},
 		},
 		{
@@ -344,54 +326,6 @@ RahYIzNLRBTLrwadLAZkApUpZvB8qDK4knsTWFYujNsylCww2A6ajzIMFNU4GkUK
 NtyHRuD+KYRmjXtyX1yHNqfGN3vOQmwavHq2R8wHYuBSc6LAHHV9vG+j0VsgMELO
 qwxn8SmLkSKbf2+MsQVzLCXXN5u+D8Yv+4py+oKP4EQ5aFZuDEx+r/G/31rTthww
 AAJAMaoXmoYVdgXV+CPuBb2M4XCpuzLu3bcA2PXm5ipSyIgntMKwXV7r
------END CERTIFICATE-----`
-	// openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -sha256 -days 3650 \
-	// -nodes -subj "/C=XX/CN=secondcert.com" -addext "subjectAltName = DNS:secondcert.com"
-	gatewayTestPrivateKeyTwo = `-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCiPr2HCbVzbZ1M
-IW89rfLLrciPTWWl48DF9CmYHS0C2gSD1W6bxzO7zdA+ced0ajI+YsQ9aBAXRhKl
-EHgnhBJ6sGsz1XBQ9+lNDHrg9AjugIiHoscYOeCcxMeXhp97ti+vpVsc2/AvEf2K
-GIUuOjcufXuRXkWQ2aB4RGyodkgRF6n8YrLJb7pWIjoCNwDAWtZX4wIVFgGq1ew0
-E/E9EyStMYTb5h1lvCpXYRN9AeSFKUQI/y0xsT3+nZ/gyzx3CrgzuSYRgptbuVwm
-5F2Q16sLR/EtCBIhA8npKagx/4U7KOilF31I2locH4Aq5l9VJd/6pTA5F4KCAW/E
-ybXz6DojAgMBAAECggEAPcOuuRqsFf4ztIjB5XQ0Cu/kexFW0flLKNDTiNIKkZxX
-vaxhyDHkculeDnekSkAnUnKdDFdyULnfXTFQ3JI9yrEgjoIBmQFXsno+ySZ9w/Xw
-g9om+wUFigirhva7/geUTcSgU/Myk2jA4XKGONv2p98jTGrcBtGickZyKwukUcTa
-M18phLdjejg09d45QV5pEtU5m0HuydvtMNCxL2UeWMxyIVezAH2S48m7IAn7Xs4p
-J9bwjboDWQYs+zLPfEZyosiJiKugpEKvApIKsJXf4JqRXHN+vvKKDeXkKrrGR+pg
-3e5foPjFrLcDltZMkrfnlm8fa0yLnoxdiyd1pDcJaQKBgQDSnJbM6CDb0b3bUyiz
-LpfJSBzEPqABM8mNeVHfEjHcBJ7YBOceBxDNasmAPvFbhoDrlHiEYW2QnDLRXKeF
-XVdXjSsUV30SPMeg6yeSd8L+LKXLjrGMNGDcJfnjLavv7Glu1xDnYyFSmeVIhWoo
-cOhfaFQ69vnHiU1idrOlz6zhPwKBgQDFNcY0S59f3tht7kgnItg8PSfJqJQrIdLt
-x6MC2Nc7Eui7/LTuO2rMG6HRA/8zQa/TfnfG7CsUwLB1NiC2R1TtM9YBYPxhMl1o
-JeGTfM+tD0lBwPhYpgnOCppuayRCfAsPYA6NcvXcGZbxOigxliOuvgVBH47EAApA
-zJ+8b6nKHQKBgQCZ0GDV/4XX5KNq5Z3o1tNl3jOcIzyKBD9kAkGHz+r4C6vSiioc
-pP5hd2b4MX/l3yKSapll3R2+qkT24Fs8LEJYn7Hhpk+inR8SaAs7jhmrtgHT2z/R
-7IL85QNOJhHXJGqP16PxyVUR1XE9eKpiJKug2joB4lPjpWQN0DE9nKFe0wKBgEo3
-qpgTva7+1sTIYC8aVfaVrVufLePtnswNzbNMl/OLcjsNJ6pgghi+bW+T6X8IwXr+
-pWUfjDcLLV1vOXBf9/4s++UY8uJBahW/69zto9qlXhR44v25vwbjxqq3d7XtqNvo
-cpGZKh3jI4M1N9sxfcxNhvyzO69XtIQefh8UhvmhAoGBAKzSA51l50ocOnWSNAXs
-QQoU+dYQjLDMtzc5N68EUf1GSjtgkpa3PYjVo09OMeb7+W9LhwHQDNMqgeeEDCsm
-B6NDnI4VyjVae7Hqz48WBERJBFMFWiLxEa1m2UwaV2jAubN8FKgH4KzDzOKtJEUy
-Rz9IUct6HXsDSs+Q3/zdFmPo
------END PRIVATE KEY-----`
-	gatewayTestCertificateTwo = `-----BEGIN CERTIFICATE-----
-MIIC7DCCAdSgAwIBAgIJAMHpuSA3ioNPMA0GCSqGSIb3DQEBCwUAMCYxCzAJBgNV
-BAYTAlhYMRcwFQYDVQQDDA5zZWNvbmRjZXJ0LmNvbTAeFw0yMzA3MTExNTE1MjBa
-Fw0zMzA3MDgxNTE1MjBaMCYxCzAJBgNVBAYTAlhYMRcwFQYDVQQDDA5zZWNvbmRj
-ZXJ0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKI+vYcJtXNt
-nUwhbz2t8sutyI9NZaXjwMX0KZgdLQLaBIPVbpvHM7vN0D5x53RqMj5ixD1oEBdG
-EqUQeCeEEnqwazPVcFD36U0MeuD0CO6AiIeixxg54JzEx5eGn3u2L6+lWxzb8C8R
-/YoYhS46Ny59e5FeRZDZoHhEbKh2SBEXqfxisslvulYiOgI3AMBa1lfjAhUWAarV
-7DQT8T0TJK0xhNvmHWW8KldhE30B5IUpRAj/LTGxPf6dn+DLPHcKuDO5JhGCm1u5
-XCbkXZDXqwtH8S0IEiEDyekpqDH/hTso6KUXfUjaWhwfgCrmX1Ul3/qlMDkXgoIB
-b8TJtfPoOiMCAwEAAaMdMBswGQYDVR0RBBIwEIIOc2Vjb25kY2VydC5jb20wDQYJ
-KoZIhvcNAQELBQADggEBAJvP3deuEpJZktAny6/az09GLSUYddiNCE4sG/2ASj7C
-mwRTh2HM4BDnkhW9PNjfHoaWa2TDIhOyHQ5hLYz2tnaeU1sOrADCuFSxGiQqgr8J
-prahKh6AzNsXba4rumoO08QTTtJzoa8L6TV4PTQ6gi+OMdbyBe3CQ7DSRzLseHNH
-KG5tqRRu+Jm7dUuOXDV4MDHoloyZlksOvIYSC+gaS+ke3XlR+GzOW7hpgn5SIDlv
-aR/zlIKXUCvVux3/pNFgW6rduFE0f5Hbc1+J4ghTl8EQu1dwDTax7blXQwE+VDgJ
-u4fZGRmoUvvO/bjVCbehBxfJn0rHsxpuD5b4Jg2OZNc=
 -----END CERTIFICATE-----`
 )
 
@@ -457,161 +391,7 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
 			},
 		},
 		{
-			name: "api-gateway-with-multiple-inline-certificates",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) {
-					entry.Listeners = []structs.APIGatewayListener{
-						{
-							Name:     "listener",
-							Protocol: structs.ListenerProtocolTCP,
-							Port:     8080,
-							TLS: structs.APIGatewayTLSConfiguration{
-								Certificates: []structs.ResourceReference{{
-									Kind: structs.InlineCertificate,
-									Name: "certificate",
-								}},
-								MinVersion: types.TLSv1_2,
-								MaxVersion: types.TLSv1_3,
-								CipherSuites: []types.TLSCipherSuite{
-									types.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-									types.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-								},
-							},
-						},
-					}
-					bound.Listeners = []structs.BoundAPIGatewayListener{
-						{
-							Name: "listener",
-							Certificates: []structs.ResourceReference{
-								{
-									Kind: structs.InlineCertificate,
-									Name: "certificate",
-								},
-								{
-									Kind: structs.InlineCertificate,
-									Name: "certificate-too",
-								},
-							},
-							Routes: []structs.ResourceReference{{
-								Kind: structs.TCPRoute,
-								Name: "route",
-							}},
-						},
-					}
-				},
-					[]structs.BoundRoute{
-						&structs.TCPRouteConfigEntry{
-							Kind: structs.TCPRoute,
-							Name: "route",
-							Services: []structs.TCPService{{
-								Name: "service",
-							}},
-							Parents: []structs.ResourceReference{
-								{
-									Kind: structs.APIGateway,
-									Name: "api-gateway",
-								},
-							},
-						},
-					}, []structs.InlineCertificateConfigEntry{
-						{
-							Kind:        structs.InlineCertificate,
-							Name:        "certificate",
-							PrivateKey:  gatewayTestPrivateKey,
-							Certificate: gatewayTestCertificate,
-						},
-						{
-							Kind:        structs.InlineCertificate,
-							Name:        "certificate-too",
-							PrivateKey:  gatewayTestPrivateKeyTwo,
-							Certificate: gatewayTestCertificateTwo,
-						},
-					}, nil)
-			},
-		},
-		{
-			name: "api-gateway-with-http-route",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) {
-					entry.Listeners = []structs.APIGatewayListener{
-						{
-							Name:     "listener",
-							Protocol: structs.ListenerProtocolHTTP,
-							Port:     8080,
-						},
-					}
-					bound.Listeners = []structs.BoundAPIGatewayListener{
-						{
-							Name: "listener",
-							Certificates: []structs.ResourceReference{{
-								Kind: structs.InlineCertificate,
-								Name: "certificate",
-							}},
-							Routes: []structs.ResourceReference{{
-								Kind: structs.HTTPRoute,
-								Name: "route",
-							}},
-						},
-					}
-				}, []structs.BoundRoute{
-					&structs.HTTPRouteConfigEntry{
-						Kind: structs.HTTPRoute,
-						Name: "route",
-						Rules: []structs.HTTPRouteRule{{
-							Filters: structs.HTTPFilters{
-								Headers: []structs.HTTPHeaderFilter{
-									{
-										Add: map[string]string{
-											"X-Header-Add": "added",
-										},
-										Set: map[string]string{
-											"X-Header-Set": "set",
-										},
-										Remove: []string{"X-Header-Remove"},
-									},
-								},
-								RetryFilter: &structs.RetryFilter{
-									NumRetries:            pointer.Uint32(3),
-									RetryOn:               []string{"cancelled"},
-									RetryOnStatusCodes:    []uint32{500},
-									RetryOnConnectFailure: pointer.Bool(true),
-								},
-								TimeoutFilter: &structs.TimeoutFilter{
-									IdleTimeout:    time.Second * 30,
-									RequestTimeout: time.Second * 30,
-								},
-							},
-							Services: []structs.HTTPService{{
-								Name: "service",
-							}},
-						}},
-						Parents: []structs.ResourceReference{
-							{
-								Kind: structs.APIGateway,
-								Name: "api-gateway",
-							},
-						},
-					},
-				}, []structs.InlineCertificateConfigEntry{{
-					Kind:        structs.InlineCertificate,
-					Name:        "certificate",
-					PrivateKey:  gatewayTestPrivateKey,
-					Certificate: gatewayTestCertificate,
-				}}, []proxycfg.UpdateEvent{{
-					CorrelationID: "discovery-chain:" + serviceUID.String(),
-					Result: &structs.DiscoveryChainResponse{
-						Chain: serviceChain,
-					},
-				}, {
-					CorrelationID: "upstream-target:" + serviceChain.ID() + ":" + serviceUID.String(),
-					Result: &structs.IndexedCheckServiceNodes{
-						Nodes: proxycfg.TestUpstreamNodes(t, "service"),
-					},
-				}})
-			},
-		},
-		{
-			name: "api-gateway-with-http-route-timeoutfilter-one-set",
+			name: "api-gateway-with-http-route-and-inline-certificate",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) {
 					entry.Listeners = []structs.APIGatewayListener{
@@ -624,10 +404,6 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
 					bound.Listeners = []structs.BoundAPIGatewayListener{
 						{
 							Name: "listener",
-							Certificates: []structs.ResourceReference{{
-								Kind: structs.InlineCertificate,
-								Name: "certificate",
-							}},
 							Routes: []structs.ResourceReference{{
 								Kind: structs.HTTPRoute,
 								Name: "route",
@@ -651,9 +427,6 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
 										Remove: []string{"X-Header-Remove"},
 									},
 								},
-								TimeoutFilter: &structs.TimeoutFilter{
-									IdleTimeout: time.Second * 30,
-								},
 							},
 							Services: []structs.HTTPService{{
 								Name: "service",
@@ -666,12 +439,7 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
 							},
 						},
 					},
-				}, []structs.InlineCertificateConfigEntry{{
-					Kind:        structs.InlineCertificate,
-					Name:        "certificate",
-					PrivateKey:  gatewayTestPrivateKey,
-					Certificate: gatewayTestCertificate,
-				}}, []proxycfg.UpdateEvent{{
+				}, nil, []proxycfg.UpdateEvent{{
 					CorrelationID: "discovery-chain:" + serviceUID.String(),
 					Result: &structs.DiscoveryChainResponse{
 						Chain: serviceChain,
diff --git a/agent/xds/response/response.go b/agent/xds/response.go
similarity index 80%
rename from agent/xds/response/response.go
rename to agent/xds/response.go
index 91ce6d739738..e452e8a2f26e 100644
--- a/agent/xds/response/response.go
+++ b/agent/xds/response.go
@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
-package response
+package xds
 
 import (
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
@@ -13,7 +13,7 @@ import (
 	"google.golang.org/protobuf/types/known/wrapperspb"
 )
 
-func CreateResponse(typeURL string, version, nonce string, resources []proto.Message) (*envoy_discovery_v3.DiscoveryResponse, error) {
+func createResponse(typeURL string, version, nonce string, resources []proto.Message) (*envoy_discovery_v3.DiscoveryResponse, error) {
 	anys := make([]*anypb.Any, 0, len(resources))
 	for _, r := range resources {
 		if r == nil {
@@ -41,7 +41,7 @@ func CreateResponse(typeURL string, version, nonce string, resources []proto.Mes
 	return resp, nil
 }
 
-func MakePipeAddress(path string, mode uint32) *envoy_core_v3.Address {
+func makePipeAddress(path string, mode uint32) *envoy_core_v3.Address {
 	return &envoy_core_v3.Address{
 		Address: &envoy_core_v3.Address_Pipe{
 			Pipe: &envoy_core_v3.Pipe{
@@ -52,7 +52,7 @@ func MakePipeAddress(path string, mode uint32) *envoy_core_v3.Address {
 	}
 }
 
-func MakeAddress(ip string, port int) *envoy_core_v3.Address {
+func makeAddress(ip string, port int) *envoy_core_v3.Address {
 	return &envoy_core_v3.Address{
 		Address: &envoy_core_v3.Address_SocketAddress{
 			SocketAddress: &envoy_core_v3.SocketAddress{
@@ -65,15 +65,15 @@ func MakeAddress(ip string, port int) *envoy_core_v3.Address {
 	}
 }
 
-func MakeUint32Value(n int) *wrapperspb.UInt32Value {
+func makeUint32Value(n int) *wrapperspb.UInt32Value {
 	return &wrapperspb.UInt32Value{Value: uint32(n)}
 }
 
-func MakeBoolValue(n bool) *wrapperspb.BoolValue {
+func makeBoolValue(n bool) *wrapperspb.BoolValue {
 	return &wrapperspb.BoolValue{Value: n}
 }
 
-func MakeEnvoyRegexMatch(patt string) *envoy_matcher_v3.RegexMatcher {
+func makeEnvoyRegexMatch(patt string) *envoy_matcher_v3.RegexMatcher {
 	return &envoy_matcher_v3.RegexMatcher{
 		EngineType: &envoy_matcher_v3.RegexMatcher_GoogleRe2{
 			GoogleRe2: &envoy_matcher_v3.RegexMatcher_GoogleRE2{},
diff --git a/agent/xds/routes.go b/agent/xds/routes.go
index 6f0d18b05dcb..a86747a9c080 100644
--- a/agent/xds/routes.go
+++ b/agent/xds/routes.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -14,16 +14,14 @@ import (
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
 	envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
+
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/durationpb"
-	"google.golang.org/protobuf/types/known/wrapperspb"
 
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/consul/discoverychain"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/config"
-	"github.com/hashicorp/consul/agent/xds/response"
 )
 
 // routesFromSnapshot returns the xDS API representation of the "routes" in the
@@ -58,13 +56,17 @@ func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapsh
 			continue
 		}
 
+		explicit := cfgSnap.ConnectProxy.UpstreamConfig[uid].HasLocalPortOrSocket()
+		implicit := cfgSnap.ConnectProxy.IsImplicitUpstream(uid)
+		if !implicit && !explicit {
+			// Discovery chain is not associated with a known explicit or implicit upstream so it is skipped.
+			continue
+		}
+
 		virtualHost, err := s.makeUpstreamRouteForDiscoveryChain(cfgSnap, uid, chain, []string{"*"}, false)
 		if err != nil {
 			return nil, err
 		}
-		if virtualHost == nil {
-			continue
-		}
 
 		route := &envoy_route_v3.RouteConfiguration{
 			Name:         uid.EnvoyID(),
@@ -72,7 +74,7 @@ func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapsh
 			// ValidateClusters defaults to true when defined statically and false
 			// when done via RDS. Re-set the reasonable value of true to prevent
 			// null-routing traffic.
-			ValidateClusters: response.MakeBoolValue(true),
+			ValidateClusters: makeBoolValue(true),
 		}
 		resources = append(resources, route)
 	}
@@ -142,7 +144,7 @@ func (s *ResourceGenerator) routesForTerminatingGateway(cfgSnap *proxycfg.Config
 	var resources []proto.Message
 	for _, svc := range cfgSnap.TerminatingGateway.ValidServices() {
 		clusterName := connect.ServiceSNI(svc.Name, "", svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
-		cfg, err := config.ParseProxyConfig(cfgSnap.TerminatingGateway.ServiceConfigs[svc].ProxyConfig)
+		cfg, err := ParseProxyConfig(cfgSnap.TerminatingGateway.ServiceConfigs[svc].ProxyConfig)
 		if err != nil {
 			// Don't hard fail on a config typo, just warn. The parse func returns
 			// default config if there is an error so it's safe to continue.
@@ -170,7 +172,7 @@ func (s *ResourceGenerator) routesForTerminatingGateway(cfgSnap *proxycfg.Config
 
 		for _, address := range svcConfig.Destination.Addresses {
 			clusterName := clusterNameForDestination(cfgSnap, svc.Name, address, svc.NamespaceOrDefault(), svc.PartitionOrDefault())
-			cfg, err := config.ParseProxyConfig(cfgSnap.TerminatingGateway.ServiceConfigs[svc].ProxyConfig)
+			cfg, err := ParseProxyConfig(cfgSnap.TerminatingGateway.ServiceConfigs[svc].ProxyConfig)
 			if err != nil {
 				// Don't hard fail on a config typo, just warn. The parse func returns
 				// default config if there is an error so it's safe to continue.
@@ -247,6 +249,10 @@ func (s *ResourceGenerator) routesForMeshGateway(cfgSnap *proxycfg.ConfigSnapsho
 			continue // ignore; not relevant
 		}
 
+		if cfgSnap.MeshGateway.Leaf == nil {
+			continue // ignore; not ready
+		}
+
 		uid := proxycfg.NewUpstreamIDFromServiceName(svc)
 
 		virtualHost, err := s.makeUpstreamRouteForDiscoveryChain(
@@ -259,9 +265,6 @@ func (s *ResourceGenerator) routesForMeshGateway(cfgSnap *proxycfg.ConfigSnapsho
 		if err != nil {
 			return nil, err
 		}
-		if virtualHost == nil {
-			continue
-		}
 
 		route := &envoy_route_v3.RouteConfiguration{
 			Name:         uid.EnvoyID(),
@@ -269,7 +272,7 @@ func (s *ResourceGenerator) routesForMeshGateway(cfgSnap *proxycfg.ConfigSnapsho
 			// ValidateClusters defaults to true when defined statically and false
 			// when done via RDS. Re-set the reasonable value of true to prevent
 			// null-routing traffic.
-			ValidateClusters: response.MakeBoolValue(true),
+			ValidateClusters: makeBoolValue(true),
 		}
 		resources = append(resources, route)
 	}
@@ -287,7 +290,7 @@ func makeNamedDefaultRouteWithLB(clusterName string, lb *structs.LoadBalancer, t
 	// Configure Envoy to rewrite Host header
 	if autoHostRewrite {
 		action.Route.HostRewriteSpecifier = &envoy_route_v3.RouteAction_AutoHostRewrite{
-			AutoHostRewrite: response.MakeBoolValue(true),
+			AutoHostRewrite: makeBoolValue(true),
 		}
 	}
 
@@ -312,7 +315,7 @@ func makeNamedDefaultRouteWithLB(clusterName string, lb *structs.LoadBalancer, t
 		// ValidateClusters defaults to true when defined statically and false
 		// when done via RDS. Re-set the reasonable value of true to prevent
 		// null-routing traffic.
-		ValidateClusters: response.MakeBoolValue(true),
+		ValidateClusters: makeBoolValue(true),
 	}, nil
 }
 
@@ -322,7 +325,7 @@ func makeNamedAddressesRoute(routeName string, addresses map[string]string) (*en
 		// ValidateClusters defaults to true when defined statically and false
 		// when done via RDS. Re-set the reasonable value of true to prevent
 		// null-routing traffic.
-		ValidateClusters: response.MakeBoolValue(true),
+		ValidateClusters: makeBoolValue(true),
 	}
 	for clusterName, address := range addresses {
 		action := makeRouteActionFromName(clusterName)
@@ -364,16 +367,13 @@ func (s *ResourceGenerator) routesForIngressGateway(cfgSnap *proxycfg.ConfigSnap
 			// ValidateClusters defaults to true when defined statically and false
 			// when done via RDS. Re-set the reasonable value of true to prevent
 			// null-routing traffic.
-			ValidateClusters: response.MakeBoolValue(true),
+			ValidateClusters: makeBoolValue(true),
 		}
 
 		for _, u := range upstreams {
 			uid := proxycfg.NewUpstreamID(&u)
 			chain := cfgSnap.IngressGateway.DiscoveryChain[uid]
 			if chain == nil {
-				// Note that if we continue here we must also do this in the cluster generation
-				s.Logger.Warn("could not find discovery chain for ingress upstream",
-					"listener", listenerKey, "upstream", uid)
 				continue
 			}
 
@@ -382,9 +382,6 @@ func (s *ResourceGenerator) routesForIngressGateway(cfgSnap *proxycfg.ConfigSnap
 			if err != nil {
 				return nil, err
 			}
-			if virtualHost == nil {
-				continue
-			}
 
 			// Lookup listener and service config details from ingress gateway
 			// definition.
@@ -413,7 +410,7 @@ func (s *ResourceGenerator) routesForIngressGateway(cfgSnap *proxycfg.ConfigSnap
 			} else {
 				svcRoute := &envoy_route_v3.RouteConfiguration{
 					Name:             svcRouteName,
-					ValidateClusters: response.MakeBoolValue(true),
+					ValidateClusters: makeBoolValue(true),
 					VirtualHosts:     []*envoy_route_v3.VirtualHost{virtualHost},
 				}
 				result = append(result, svcRoute)
@@ -449,7 +446,7 @@ func (s *ResourceGenerator) routesForAPIGateway(cfgSnap *proxycfg.ConfigSnapshot
 			// ValidateClusters defaults to true when defined statically and false
 			// when done via RDS. Re-set the reasonable value of true to prevent
 			// null-routing traffic.
-			ValidateClusters: response.MakeBoolValue(true),
+			ValidateClusters: makeBoolValue(true),
 		}
 
 		route, ok := cfgSnap.APIGateway.HTTPRoutes.Get(routeRef)
@@ -469,7 +466,6 @@ func (s *ResourceGenerator) routesForAPIGateway(cfgSnap *proxycfg.ConfigSnapshot
 			uid := proxycfg.NewUpstreamID(&upstream)
 			chain := cfgSnap.APIGateway.DiscoveryChain[uid]
 			if chain == nil {
-				// Note that if we continue here we must also do this in the cluster generation
 				s.Logger.Debug("Discovery chain not found for flattened route", "discovery chain ID", uid)
 				continue
 			}
@@ -480,9 +476,6 @@ func (s *ResourceGenerator) routesForAPIGateway(cfgSnap *proxycfg.ConfigSnapshot
 			if err != nil {
 				return nil, err
 			}
-			if virtualHost == nil {
-				continue
-			}
 
 			defaultRoute.VirtualHosts = append(defaultRoute.VirtualHosts, virtualHost)
 		}
@@ -516,7 +509,7 @@ func makeHeadersValueOptions(vals map[string]string, add bool) []*envoy_core_v3.
 				Key:   k,
 				Value: v,
 			},
-			Append: response.MakeBoolValue(add),
+			Append: makeBoolValue(add),
 		}
 		opts = append(opts, o)
 	}
@@ -753,7 +746,7 @@ func (s *ResourceGenerator) makeUpstreamRouteForDiscoveryChain(
 func getRetryPolicyForDestination(destination *structs.ServiceRouteDestination) *envoy_route_v3.RetryPolicy {
 	retryPolicy := &envoy_route_v3.RetryPolicy{}
 	if destination.NumRetries > 0 {
-		retryPolicy.NumRetries = response.MakeUint32Value(int(destination.NumRetries))
+		retryPolicy.NumRetries = makeUint32Value(int(destination.NumRetries))
 	}
 
 	// The RetryOn magic values come from: https://www.envoyproxy.io/docs/envoy/v1.10.0/configuration/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on
@@ -806,7 +799,7 @@ func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *en
 		}
 	case match.HTTP.PathRegex != "":
 		em.PathSpecifier = &envoy_route_v3.RouteMatch_SafeRegex{
-			SafeRegex: response.MakeEnvoyRegexMatch(match.HTTP.PathRegex),
+			SafeRegex: makeEnvoyRegexMatch(match.HTTP.PathRegex),
 		}
 	default:
 		em.PathSpecifier = &envoy_route_v3.RouteMatch_Prefix{
@@ -828,7 +821,7 @@ func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *en
 				}
 			case hdr.Regex != "":
 				eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
-					SafeRegexMatch: response.MakeEnvoyRegexMatch(hdr.Regex),
+					SafeRegexMatch: makeEnvoyRegexMatch(hdr.Regex),
 				}
 			case hdr.Prefix != "":
 				eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PrefixMatch{
@@ -860,7 +853,7 @@ func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *en
 		eh := &envoy_route_v3.HeaderMatcher{
 			Name: ":method",
 			HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
-				SafeRegexMatch: response.MakeEnvoyRegexMatch(methodHeaderRegex),
+				SafeRegexMatch: makeEnvoyRegexMatch(methodHeaderRegex),
 			},
 		}
 
@@ -887,7 +880,7 @@ func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *en
 				eq.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{
 					StringMatch: &envoy_matcher_v3.StringMatcher{
 						MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
-							SafeRegex: response.MakeEnvoyRegexMatch(qm.Regex),
+							SafeRegex: makeEnvoyRegexMatch(qm.Regex),
 						},
 					},
 				}
@@ -925,7 +918,7 @@ func (s *ResourceGenerator) makeRouteActionForChainCluster(
 	chain *structs.CompiledDiscoveryChain,
 	forMeshGateway bool,
 ) (*envoy_route_v3.Route_Route, bool) {
-	clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway)
+	clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway, false)
 	if clusterName == "" {
 		return nil, false
 	}
@@ -958,7 +951,7 @@ func (s *ResourceGenerator) makeRouteActionForSplitter(
 		}
 		targetID := nextNode.Resolver.Target
 
-		clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway)
+		clusterName := s.getTargetClusterName(upstreamsSnapshot, chain, targetID, forMeshGateway, false)
 		if clusterName == "" {
 			continue
 		}
@@ -968,7 +961,7 @@ func (s *ResourceGenerator) makeRouteActionForSplitter(
 		weight := int(split.Weight * 100)
 		totalWeight += weight
 		cw := &envoy_route_v3.WeightedCluster_ClusterWeight{
-			Weight: response.MakeUint32Value(weight),
+			Weight: makeUint32Value(weight),
 			Name:   clusterName,
 		}
 		if err := injectHeaderManipToWeightedCluster(split.Definition, cw); err != nil {
@@ -982,18 +975,19 @@ func (s *ResourceGenerator) makeRouteActionForSplitter(
 		return nil, fmt.Errorf("number of clusters in splitter must be > 0; got %d", len(clusters))
 	}
 
-	var envoyWeightScale *wrapperspb.UInt32Value
-	if totalWeight == 10000 {
-		envoyWeightScale = response.MakeUint32Value(10000)
+	envoyWeightScale := 10000
+	if envoyWeightScale < totalWeight {
+		clusters[0].Weight.Value += uint32(totalWeight - envoyWeightScale)
+	} else {
+		clusters[0].Weight.Value += uint32(envoyWeightScale - totalWeight)
 	}
 
 	return &envoy_route_v3.Route_Route{
 		Route: &envoy_route_v3.RouteAction{
 			ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{
 				WeightedClusters: &envoy_route_v3.WeightedCluster{
-					Clusters: clusters,
-					// this field is deprecated, and we should get the desired behavior with the front-end validation
-					TotalWeight: envoyWeightScale, // scaled up 100%
+					Clusters:    clusters,
+					TotalWeight: makeUint32Value(envoyWeightScale), // scaled up 100%
 				},
 			},
 		},
diff --git a/agent/xds/routes_test.go b/agent/xds/routes_test.go
index e2f7d73b5e7c..eaa8d48c0fc3 100644
--- a/agent/xds/routes_test.go
+++ b/agent/xds/routes_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -10,16 +10,14 @@ import (
 	"time"
 
 	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
+	"github.com/hashicorp/consul/agent/xds/testcommon"
+
 	testinf "github.com/mitchellh/go-testing-interface"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/durationpb"
 
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/proxystateconverter"
-	"github.com/hashicorp/consul/agent/xds/response"
-	"github.com/hashicorp/consul/agent/xds/testcommon"
-	"github.com/hashicorp/consul/agent/xdsv2"
 	"github.com/hashicorp/consul/envoyextensions/xdscommon"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
@@ -28,7 +26,6 @@ type routeTestCase struct {
 	name               string
 	create             func(t testinf.T) *proxycfg.ConfigSnapshot
 	overrideGoldenName string
-	alsoRunTestForV2   bool
 }
 
 func makeRouteDiscoChainTests(enterprise bool) []routeTestCase {
@@ -38,77 +35,48 @@ func makeRouteDiscoChainTests(enterprise bool) []routeTestCase {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-external-sni",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
-		},
-		{
-			name: "connect-proxy-splitter-overweight",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-overweight", enterprise, nil, nil)
-			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-overrides",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "splitter-with-resolver-redirect",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-splitter",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-splitter", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-grpc-router",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "grpc-router", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-with-chain-and-router",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-router", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
 		},
 		{
 			name: "connect-proxy-lb-in-resolver",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil)
 			},
-			alsoRunTestForV2: true,
-		},
-		{
-			name: "connect-proxy-route-to-lb-resolver",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "redirect-to-lb-node", enterprise, nil, nil)
-			},
-			alsoRunTestForV2: true,
-		},
-		{
-			name: "connect-proxy-resolver-with-lb",
-			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
-				return proxycfg.TestConfigSnapshotDiscoveryChain(t, "resolver-with-lb", enterprise, nil, nil)
-			},
-			alsoRunTestForV2: true,
 		},
 	}
 }
@@ -129,8 +97,6 @@ func TestRoutesFromSnapshot(t *testing.T) {
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-defaults-no-chain",
@@ -138,8 +104,6 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp",
 					"default", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain",
@@ -147,8 +111,6 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"simple", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-external-sni",
@@ -156,8 +118,6 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp",
 					"external-sni", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-splitter-with-resolver-redirect",
@@ -165,8 +125,6 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"splitter-with-resolver-redirect-multidc", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-splitter",
@@ -174,8 +132,6 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"chain-and-splitter", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-grpc-router",
@@ -183,8 +139,6 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"grpc-router", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-router",
@@ -192,8 +146,6 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"chain-and-router", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-lb-in-resolver",
@@ -201,66 +153,48 @@ func TestRoutesFromSnapshot(t *testing.T) {
 				return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http",
 					"lb-resolver", nil, nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "ingress-http-multiple-services",
 			create: proxycfg.TestConfigSnapshotIngress_HTTPMultipleServices,
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "ingress-grpc-multiple-services",
 			create: proxycfg.TestConfigSnapshotIngress_GRPCMultipleServices,
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-chain-and-router-header-manip",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "router-header-manip", nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-sds-listener-level",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-listener-level", nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-sds-listener-level-wildcard",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-listener-level-wildcard", nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-sds-service-level",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-service-level", nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name: "ingress-with-sds-service-level-mixed-tls",
 			create: func(t testinf.T) *proxycfg.ConfigSnapshot {
 				return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-service-level-mixed-tls", nil, nil)
 			},
-			// TODO(proxystate): ingress gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 		{
 			name:   "terminating-gateway-lb-config",
 			create: proxycfg.TestConfigSnapshotTerminatingGatewayLBConfig,
-			// TODO(proxystate): terminating gateway will come at a later time
-			alsoRunTestForV2: false,
 		},
 	}
 
@@ -290,10 +224,10 @@ func TestRoutesFromSnapshot(t *testing.T) {
 					sort.Slice(routes, func(i, j int) bool {
 						return routes[i].(*envoy_route_v3.RouteConfiguration).Name < routes[j].(*envoy_route_v3.RouteConfiguration).Name
 					})
-					r, err := response.CreateResponse(xdscommon.RouteType, "00000001", "00000001", routes)
+					r, err := createResponse(xdscommon.RouteType, "00000001", "00000001", routes)
 					require.NoError(t, err)
 
-					t.Run("current-xdsv1", func(t *testing.T) {
+					t.Run("current", func(t *testing.T) {
 						gotJSON := protoToJSON(t, r)
 
 						gName := tt.name
@@ -303,39 +237,6 @@ func TestRoutesFromSnapshot(t *testing.T) {
 
 						require.JSONEq(t, goldenEnvoy(t, filepath.Join("routes", gName), envoyVersion, latestEnvoyVersion, gotJSON), gotJSON)
 					})
-
-					if tt.alsoRunTestForV2 {
-						generator := xdsv2.NewResourceGenerator(testutil.Logger(t))
-
-						converter := proxystateconverter.NewConverter(testutil.Logger(t), &mockCfgFetcher{addressLan: "10.10.10.10"})
-						proxyState, err := converter.ProxyStateFromSnapshot(snap)
-						require.NoError(t, err)
-
-						res, err := generator.AllResourcesFromIR(proxyState)
-						require.NoError(t, err)
-
-						routes = res[xdscommon.RouteType]
-						// The order of routes returned via RDS isn't relevant, so it's safe
-						// to sort these for the purposes of test comparisons.
-						sort.Slice(routes, func(i, j int) bool {
-							return routes[i].(*envoy_route_v3.Route).Name < routes[j].(*envoy_route_v3.Route).Name
-						})
-
-						r, err := response.CreateResponse(xdscommon.RouteType, "00000001", "00000001", routes)
-						require.NoError(t, err)
-
-						t.Run("current-xdsv2", func(t *testing.T) {
-							gotJSON := protoToJSON(t, r)
-
-							gName := tt.name
-							if tt.overrideGoldenName != "" {
-								gName = tt.overrideGoldenName
-							}
-
-							expectedJSON := goldenEnvoy(t, filepath.Join("routes", gName), envoyVersion, latestEnvoyVersion, gotJSON)
-							require.JSONEq(t, expectedJSON, gotJSON)
-						})
-					}
 				})
 			}
 		})
@@ -542,11 +443,6 @@ func TestEnvoyLBConfig_InjectToRouteAction(t *testing.T) {
 						FieldValue: "special-header",
 						Terminal:   true,
 					},
-					{
-						Field:      structs.HashPolicyQueryParam,
-						FieldValue: "my-pretty-param",
-						Terminal:   true,
-					},
 				},
 			},
 			expected: &envoy_route_v3.RouteAction{
@@ -585,14 +481,6 @@ func TestEnvoyLBConfig_InjectToRouteAction(t *testing.T) {
 						},
 						Terminal: true,
 					},
-					{
-						PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter_{
-							QueryParameter: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter{
-								Name: "my-pretty-param",
-							},
-						},
-						Terminal: true,
-					},
 				},
 			},
 		},
diff --git a/agent/xds/secrets.go b/agent/xds/secrets.go
index 628cec7905ba..d150a12dc161 100644
--- a/agent/xds/secrets.go
+++ b/agent/xds/secrets.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
diff --git a/agent/xds/server.go b/agent/xds/server.go
index 45c11fa0b3a1..2e012a4cb6fd 100644
--- a/agent/xds/server.go
+++ b/agent/xds/server.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -9,9 +9,12 @@ import (
 	"sync/atomic"
 	"time"
 
+	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
+
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+
 	"github.com/armon/go-metrics"
 	"github.com/armon/go-metrics/prometheus"
-	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
 	"github.com/hashicorp/go-hclog"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
@@ -20,10 +23,8 @@ import (
 	"github.com/hashicorp/consul/acl"
 	external "github.com/hashicorp/consul/agent/grpc-external"
 	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/agent/xds/configfetcher"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/agent/proxycfg"
+	"github.com/hashicorp/consul/agent/structs"
 )
 
 var (
@@ -69,6 +70,13 @@ const (
 	// services named "local_agent" in the future.
 	LocalAgentClusterName = "local_agent"
 
+	// OriginalDestinationClusterName is the name we give to the passthrough
+	// cluster which redirects transparently-proxied requests to their original
+	// destination outside the mesh. This cluster prevents Consul from blocking
+	// connections to destinations outside of the catalog when in transparent
+	// proxy mode.
+	OriginalDestinationClusterName = "original-destination"
+
 	// DefaultAuthCheckFrequency is the default value for
 	// Server.AuthCheckFrequency to use when the zero value is provided.
 	DefaultAuthCheckFrequency = 5 * time.Minute
@@ -80,10 +88,16 @@ const (
 // coupling this to the agent.
 type ACLResolverFunc func(id string) (acl.Authorizer, error)
 
+// ConfigFetcher is the interface the agent needs to expose
+// for the xDS server to fetch agent config, currently only one field is fetched
+type ConfigFetcher interface {
+	AdvertiseAddrLAN() string
+}
+
 // ProxyConfigSource is the interface xds.Server requires to consume proxy
 // config updates.
-type ProxyWatcher interface {
-	Watch(proxyID *pbresource.ID, nodeName string, token string) (<-chan proxysnapshot.ProxySnapshot, limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error)
+type ProxyConfigSource interface {
+	Watch(id structs.ServiceID, nodeName string, token string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error)
 }
 
 // Server represents a gRPC server that can handle xDS requests from Envoy. All
@@ -94,9 +108,9 @@ type ProxyWatcher interface {
 type Server struct {
 	NodeName     string
 	Logger       hclog.Logger
-	ProxyWatcher ProxyWatcher
+	CfgSrc       ProxyConfigSource
 	ResolveToken ACLResolverFunc
-	CfgFetcher   configfetcher.ConfigFetcher
+	CfgFetcher   ConfigFetcher
 
 	// AuthCheckFrequency is how often we should re-check the credentials used
 	// during a long-lived gRPC Stream after it has been initially established.
@@ -145,14 +159,14 @@ func (c *activeStreamCounters) Increment(ctx context.Context) func() {
 func NewServer(
 	nodeName string,
 	logger hclog.Logger,
-	proxyWatcher ProxyWatcher,
+	cfgMgr ProxyConfigSource,
 	resolveTokenSecret ACLResolverFunc,
-	cfgFetcher configfetcher.ConfigFetcher,
+	cfgFetcher ConfigFetcher,
 ) *Server {
 	return &Server{
 		NodeName:           nodeName,
 		Logger:             logger,
-		ProxyWatcher:       proxyWatcher,
+		CfgSrc:             cfgMgr,
 		ResolveToken:       resolveTokenSecret,
 		CfgFetcher:         cfgFetcher,
 		AuthCheckFrequency: DefaultAuthCheckFrequency,
@@ -200,9 +214,9 @@ func (s *Server) authenticate(ctx context.Context) (acl.Authorizer, error) {
 // using a token with the same permissions, and that it stores the data by
 // proxy ID. We assume that any data in the snapshot was already filtered,
 // which allows this authorization to be a shallow authorization check
-// for all the data in a ProxySnapshot.
-func (s *Server) authorize(ctx context.Context, proxySnapshot proxysnapshot.ProxySnapshot) error {
-	if proxySnapshot == nil {
+// for all the data in a ConfigSnapshot.
+func (s *Server) authorize(ctx context.Context, cfgSnap *proxycfg.ConfigSnapshot) error {
+	if cfgSnap == nil {
 		return status.Errorf(codes.Unauthenticated, "unauthenticated: no config snapshot")
 	}
 
@@ -211,5 +225,22 @@ func (s *Server) authorize(ctx context.Context, proxySnapshot proxysnapshot.Prox
 		return err
 	}
 
-	return proxySnapshot.Authorize(authz)
+	var authzContext acl.AuthorizerContext
+	switch cfgSnap.Kind {
+	case structs.ServiceKindConnectProxy:
+		cfgSnap.ProxyID.EnterpriseMeta.FillAuthzContext(&authzContext)
+		if err := authz.ToAllowAuthorizer().ServiceWriteAllowed(cfgSnap.Proxy.DestinationServiceName, &authzContext); err != nil {
+			return status.Errorf(codes.PermissionDenied, err.Error())
+		}
+	case structs.ServiceKindMeshGateway, structs.ServiceKindTerminatingGateway, structs.ServiceKindIngressGateway, structs.ServiceKindAPIGateway:
+		cfgSnap.ProxyID.EnterpriseMeta.FillAuthzContext(&authzContext)
+		if err := authz.ToAllowAuthorizer().ServiceWriteAllowed(cfgSnap.Service, &authzContext); err != nil {
+			return status.Errorf(codes.PermissionDenied, err.Error())
+		}
+	default:
+		return status.Errorf(codes.Internal, "Invalid service kind")
+	}
+
+	// Authed OK!
+	return nil
 }
diff --git a/agent/xds/server_ce.go b/agent/xds/server_ce.go
index a01e9bf493f7..c1d651c0ad59 100644
--- a/agent/xds/server_ce.go
+++ b/agent/xds/server_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/agent/xds/testcommon/testcommon.go b/agent/xds/testcommon/testcommon.go
index 44d2cc3bbe6d..1b0d6ebcbf50 100644
--- a/agent/xds/testcommon/testcommon.go
+++ b/agent/xds/testcommon/testcommon.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package testcommon
 
diff --git a/agent/xds/testdata/clusters/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-http-route-and-inline-certificate.latest.golden
similarity index 100%
rename from agent/xds/testdata/clusters/api-gateway-with-http-route.latest.golden
rename to agent/xds/testdata/clusters/api-gateway-with-http-route-and-inline-certificate.latest.golden
diff --git a/agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
deleted file mode 100644
index f18e7e0d9766..000000000000
--- a/agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "altStatName": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
-        }
-      },
-      "connectTimeout": "5s",
-      "circuitBreakers": {},
-      "outlierDetection": {},
-      "commonLbConfig": {
-        "healthyPanicThreshold": {}
-      },
-      "transportSocket": {
-        "name": "tls",
-        "typedConfig": {
-          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext": {
-            "tlsParams": {},
-            "tlsCertificates": [
-              {
-                "certificateChain": {
-                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey": {
-                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext": {
-              "trustedCa": {
-                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames": [
-                {
-                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service"
-                }
-              ]
-            }
-          },
-          "sni": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-        }
-      }
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden
deleted file mode 100644
index e20479dfd1cf..000000000000
--- a/agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "altStatName":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
-        }
-      },
-      "connectTimeout":  "5s",
-      "circuitBreakers":  {},
-      "outlierDetection":  {},
-      "commonLbConfig":  {
-        "healthyPanicThreshold":  {}
-      },
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
-              {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames":  [
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service"
-                }
-              ]
-            }
-          },
-          "sni":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-        }
-      }
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden
index a6334a035a79..fd63324de86c 100644
--- a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden
+++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden
@@ -8,30 +8,42 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {},
+          "ads": {
+
+          },
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "66s",
-      "circuitBreakers": {},
+      "circuitBreakers": {
+
+      },
       "typedExtensionProtocolOptions": {
         "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
           "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
           "explicitHttpConfig": {
-            "http2ProtocolOptions": {}
+            "http2ProtocolOptions": {
+
+            }
           }
         }
       },
-      "outlierDetection": {},
+      "outlierDetection": {
+
+      },
       "commonLbConfig": {
-        "healthyPanicThreshold": {}
+        "healthyPanicThreshold": {
+
+        }
       },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {},
+            "tlsParams": {
+
+            },
             "tlsCertificates": [
               {
                 "certificateChain": {
@@ -63,19 +75,27 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {},
+          "ads": {
+
+          },
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "5s",
-      "circuitBreakers": {},
-      "outlierDetection": {},
+      "circuitBreakers": {
+
+      },
+      "outlierDetection": {
+
+      },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {},
+            "tlsParams": {
+
+            },
             "tlsCertificates": [
               {
                 "certificateChain": {
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden
deleted file mode 100644
index 4e3181dcffc9..000000000000
--- a/agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden
+++ /dev/null
@@ -1,135 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "altStatName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
-        }
-      },
-      "connectTimeout":  "33s",
-      "circuitBreakers":  {},
-      "typedExtensionProtocolOptions":  {
-        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions":  {
-          "@type":  "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
-          "explicitHttpConfig":  {
-            "http2ProtocolOptions":  {}
-          }
-        }
-      },
-      "outlierDetection":  {},
-      "commonLbConfig":  {
-        "healthyPanicThreshold":  {}
-      },
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
-              {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames":  [
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
-                }
-              ]
-            }
-          },
-          "sni":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-        }
-      }
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
-        }
-      },
-      "connectTimeout":  "5s",
-      "circuitBreakers":  {},
-      "outlierDetection":  {},
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
-              {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames":  [
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
-                },
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
-                }
-              ]
-            }
-          },
-          "sni":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
-        }
-      }
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "local_app",
-      "type":  "STATIC",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "local_app",
-        "endpoints":  [
-          {
-            "lbEndpoints":  [
-              {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "127.0.0.1",
-                      "portValue":  8080
-                    }
-                  }
-                }
-              }
-            ]
-          }
-        ]
-      }
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
deleted file mode 100644
index 23c82215d715..000000000000
--- a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
+++ /dev/null
@@ -1,135 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "local_app",
-      "type": "STATIC",
-      "connectTimeout": "5s",
-      "loadAssignment": {
-        "clusterName": "local_app",
-        "endpoints": [
-          {
-            "lbEndpoints": [
-              {
-                "endpoint": {
-                  "address": {
-                    "socketAddress": {
-                      "address": "127.0.0.1",
-                      "portValue": 8080
-                    }
-                  }
-                }
-              }
-            ]
-          }
-        ]
-      }
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "payments?peer=cloud:custom-upstream",
-      "connectTimeout": "15s",
-      "loadAssignment": {
-        "clusterName": "payments?peer=cloud:custom-upstream",
-        "endpoints": [
-          {
-            "lbEndpoints": [
-              {
-                "endpoint": {
-                  "address": {
-                    "socketAddress": {
-                      "address": "1.2.3.4",
-                      "portValue": 8443
-                    }
-                  }
-                }
-              }
-            ]
-          }
-        ]
-      },
-      "transportSocket": {
-        "name": "tls",
-        "typedConfig": {
-          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext": {
-            "tlsParams": {},
-            "tlsCertificates": [
-              {
-                "certificateChain": {
-                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey": {
-                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext": {
-              "trustedCa": {
-                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames": [
-                {
-                  "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments"
-                }
-              ]
-            }
-          },
-          "sni": "payments.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
-        }
-      }
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
-        }
-      },
-      "connectTimeout": "5s",
-      "circuitBreakers": {},
-      "outlierDetection": {
-        "maxEjectionPercent": 100
-      },
-      "commonLbConfig": {
-        "healthyPanicThreshold": {}
-      },
-      "transportSocket": {
-        "name": "tls",
-        "typedConfig": {
-          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext": {
-            "tlsParams": {},
-            "tlsCertificates": [
-              {
-                "certificateChain": {
-                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey": {
-                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext": {
-              "trustedCa": {
-                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames": [
-                {
-                  "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds"
-                }
-              ]
-            }
-          },
-          "sni": "refunds.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
-        }
-      }
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden
deleted file mode 100644
index 8f3b49b0a2e7..000000000000
--- a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden
+++ /dev/null
@@ -1,163 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "local_app",
-      "type":  "STATIC",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "local_app",
-        "endpoints":  [
-          {
-            "lbEndpoints":  [
-              {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "127.0.0.1",
-                      "portValue":  8080
-                    }
-                  }
-                }
-              }
-            ]
-          }
-        ]
-      }
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "payments.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-      "type":  "LOGICAL_DNS",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "payments.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-        "endpoints":  [
-          {
-            "lbEndpoints":  [
-              {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "123.us-east-1.elb.notaws.com",
-                      "portValue":  8443
-                    }
-                  }
-                },
-                "healthStatus":  "HEALTHY",
-                "loadBalancingWeight":  1
-              }
-            ]
-          }
-        ]
-      },
-      "circuitBreakers":  {},
-      "typedExtensionProtocolOptions":  {
-        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions":  {
-          "@type":  "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
-          "explicitHttpConfig":  {
-            "http2ProtocolOptions":  {}
-          }
-        }
-      },
-      "dnsRefreshRate":  "10s",
-      "dnsLookupFamily":  "V4_ONLY",
-      "outlierDetection":  {
-        "maxEjectionPercent":  100
-      },
-      "commonLbConfig":  {
-        "healthyPanicThreshold":  {}
-      },
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
-              {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames":  [
-                {
-                  "exact":  "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments"
-                }
-              ]
-            }
-          },
-          "sni":  "payments.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
-        }
-      }
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
-        }
-      },
-      "connectTimeout":  "5s",
-      "circuitBreakers":  {},
-      "typedExtensionProtocolOptions":  {
-        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions":  {
-          "@type":  "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
-          "explicitHttpConfig":  {
-            "http2ProtocolOptions":  {}
-          }
-        }
-      },
-      "outlierDetection":  {
-        "maxEjectionPercent":  100
-      },
-      "commonLbConfig":  {
-        "healthyPanicThreshold":  {}
-      },
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
-              {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames":  [
-                {
-                  "exact":  "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds"
-                }
-              ]
-            }
-          },
-          "sni":  "refunds.default.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
-        }
-      }
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden b/agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden
deleted file mode 100644
index 4cc45b94c841..000000000000
--- a/agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden
+++ /dev/null
@@ -1,133 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "altStatName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
-        }
-      },
-      "connectTimeout":  "5s",
-      "circuitBreakers":  {},
-      "outlierDetection":  {
-        "consecutive5xx":  5,
-        "interval":  "10s",
-        "baseEjectionTime":  "10s",
-        "maxEjectionPercent":  100,
-        "enforcingConsecutive5xx":  0
-      },
-      "commonLbConfig":  {
-        "healthyPanicThreshold":  {}
-      },
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
-              {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames":  [
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
-                }
-              ]
-            }
-          },
-          "sni":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-        }
-      }
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
-        }
-      },
-      "connectTimeout":  "5s",
-      "circuitBreakers":  {},
-      "outlierDetection":  {},
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
-              {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames":  [
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
-                },
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
-                }
-              ]
-            }
-          },
-          "sni":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
-        }
-      }
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "local_app",
-      "type":  "STATIC",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "local_app",
-        "endpoints":  [
-          {
-            "lbEndpoints":  [
-              {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "127.0.0.1",
-                      "portValue":  8080
-                    }
-                  }
-                }
-              }
-            ]
-          }
-        ]
-      }
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden b/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden
deleted file mode 100644
index b57d44e8ab56..000000000000
--- a/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden
+++ /dev/null
@@ -1,136 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "db:custom-upstream",
-      "connectTimeout":  "15s",
-      "loadAssignment":  {
-        "clusterName":  "db:custom-upstream",
-        "endpoints":  [
-          {
-            "lbEndpoints":  [
-              {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "1.2.3.4",
-                      "portValue":  8443
-                    }
-                  }
-                }
-              }
-            ]
-          }
-        ]
-      },
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
-              {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-              }
-            }
-          },
-          "sni":  "db.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
-        }
-      }
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
-        }
-      },
-      "connectTimeout":  "5s",
-      "circuitBreakers":  {},
-      "typedExtensionProtocolOptions":  {
-        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions":  {
-          "@type":  "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
-          "explicitHttpConfig":  {
-            "http2ProtocolOptions":  {}
-          }
-        }
-      },
-      "outlierDetection":  {},
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
-              {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames":  [
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
-                },
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
-                }
-              ]
-            }
-          },
-          "sni":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
-        }
-      }
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "local_app",
-      "type":  "STATIC",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "local_app",
-        "endpoints":  [
-          {
-            "lbEndpoints":  [
-              {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "127.0.0.1",
-                      "portValue":  8080
-                    }
-                  }
-                }
-              }
-            ]
-          }
-        ]
-      }
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/enterprise-connect-proxy-with-chain-http2.latest.golden b/agent/xds/testdata/clusters/enterprise-connect-proxy-with-chain-http2.latest.golden
deleted file mode 100644
index 322c36c0b0fb..000000000000
--- a/agent/xds/testdata/clusters/enterprise-connect-proxy-with-chain-http2.latest.golden
+++ /dev/null
@@ -1,135 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "db.foo.bar.dc1.internal-v1.11111111-2222-3333-4444-555555555555.consul",
-      "altStatName":  "db.foo.bar.dc1.internal-v1.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
-        }
-      },
-      "connectTimeout":  "33s",
-      "circuitBreakers":  {},
-      "typedExtensionProtocolOptions":  {
-        "envoy.extensions.upstreams.http.v3.HttpProtocolOptions":  {
-          "@type":  "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
-          "explicitHttpConfig":  {
-            "http2ProtocolOptions":  {}
-          }
-        }
-      },
-      "outlierDetection":  {},
-      "commonLbConfig":  {
-        "healthyPanicThreshold":  {}
-      },
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
-              {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames":  [
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ap/bar/ns/foo/dc/dc1/svc/db"
-                }
-              ]
-            }
-          },
-          "sni":  "db.foo.bar.dc1.internal-v1.11111111-2222-3333-4444-555555555555.consul"
-        }
-      }
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
-        }
-      },
-      "connectTimeout":  "5s",
-      "circuitBreakers":  {},
-      "outlierDetection":  {},
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
-              {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                }
-              }
-            ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-              },
-              "matchSubjectAltNames":  [
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
-                },
-                {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
-                }
-              ]
-            }
-          },
-          "sni":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
-        }
-      }
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "local_app",
-      "type":  "STATIC",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "local_app",
-        "endpoints":  [
-          {
-            "lbEndpoints":  [
-              {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "127.0.0.1",
-                      "portValue":  8080
-                    }
-                  }
-                }
-              }
-            ]
-          }
-        ]
-      }
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/expose-checks.latest.golden b/agent/xds/testdata/clusters/expose-checks.latest.golden
deleted file mode 100644
index 4079d6267ed3..000000000000
--- a/agent/xds/testdata/clusters/expose-checks.latest.golden
+++ /dev/null
@@ -1,57 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "exposed_cluster_8181",
-      "type":  "STATIC",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "exposed_cluster_8181",
-        "endpoints":  [
-          {
-            "lbEndpoints":  [
-              {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "127.0.0.1",
-                      "portValue":  8181
-                    }
-                  }
-                }
-              }
-            ]
-          }
-        ]
-      }
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "local_app",
-      "type":  "STATIC",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "local_app",
-        "endpoints":  [
-          {
-            "lbEndpoints":  [
-              {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "127.0.0.1",
-                      "portValue":  8080
-                    }
-                  }
-                }
-              }
-            ]
-          }
-        ]
-      }
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden b/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden
index 71ec2c92ac2e..fbbcc9856c65 100644
--- a/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden
+++ b/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden
@@ -8,7 +8,9 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {},
+          "ads": {
+
+          },
           "resourceApiVersion": "V3"
         }
       },
@@ -25,18 +27,21 @@
       "outlierDetection": {
         "consecutive5xx": 10,
         "interval": "5s",
-        "maxEjectionPercent": 90,
         "enforcingConsecutive5xx": 80
       },
       "commonLbConfig": {
-        "healthyPanicThreshold": {}
+        "healthyPanicThreshold": {
+
+        }
       },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {},
+            "tlsParams": {
+
+            },
             "tlsCertificates": [
               {
                 "certificateChain": {
diff --git a/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden b/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden
index af2488846500..6c9e0802a3dc 100644
--- a/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden
+++ b/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden
@@ -1,67 +1,71 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "altStatName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {
+
+          },
+          "resourceApiVersion": "V3"
         }
       },
-      "connectTimeout":  "33s",
-      "circuitBreakers":  {
-        "thresholds":  [
+      "connectTimeout": "33s",
+      "circuitBreakers": {
+        "thresholds": [
           {
-            "maxConnections":  4096,
-            "maxPendingRequests":  2048
+            "maxConnections": 4096,
+            "maxPendingRequests": 2048
           }
         ]
       },
-      "outlierDetection":  {
-        "interval":  "8s",
-        "baseEjectionTime":  "12s",
-        "maxEjectionPercent":  90,
-        "enforcingConsecutive5xx":  50
+      "outlierDetection": {
+        "interval": "8s",
+        "enforcingConsecutive5xx": 50
       },
-      "commonLbConfig":  {
-        "healthyPanicThreshold":  {}
+      "commonLbConfig": {
+        "healthyPanicThreshold": {
+
+        }
       },
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "tlsParams": {
+
+            },
+            "tlsCertificates": [
               {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                "certificateChain": {
+                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                 },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                "privateKey": {
+                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                 }
               }
             ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+            "validationContext": {
+              "trustedCa": {
+                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
               },
-              "matchSubjectAltNames":  [
+              "matchSubjectAltNames": [
                 {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
+                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
                 }
               ]
             }
           },
-          "sni":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+          "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
         }
       }
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden b/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden
index 2122e1f3a75e..892846151b9a 100644
--- a/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden
+++ b/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden
@@ -1,65 +1,70 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "altStatName":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {
+
+          },
+          "resourceApiVersion": "V3"
         }
       },
-      "connectTimeout":  "33s",
-      "circuitBreakers":  {
-        "thresholds":  [
+      "connectTimeout": "33s",
+      "circuitBreakers": {
+        "thresholds": [
           {
-            "maxConnections":  4096
+            "maxConnections": 4096
           }
         ]
       },
-      "outlierDetection":  {
-        "consecutive5xx":  10,
-        "interval":  "5s",
-        "maxEjectionPercent":  90
+      "outlierDetection": {
+        "consecutive5xx": 10,
+        "interval": "5s"
       },
-      "commonLbConfig":  {
-        "healthyPanicThreshold":  {}
+      "commonLbConfig": {
+        "healthyPanicThreshold": {
+
+        }
       },
-      "transportSocket":  {
-        "name":  "tls",
-        "typedConfig":  {
-          "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
-          "commonTlsContext":  {
-            "tlsParams":  {},
-            "tlsCertificates":  [
+      "transportSocket": {
+        "name": "tls",
+        "typedConfig": {
+          "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
+          "commonTlsContext": {
+            "tlsParams": {
+
+            },
+            "tlsCertificates": [
               {
-                "certificateChain":  {
-                  "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
+                "certificateChain": {
+                  "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
                 },
-                "privateKey":  {
-                  "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
+                "privateKey": {
+                  "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
                 }
               }
             ],
-            "validationContext":  {
-              "trustedCa":  {
-                "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
+            "validationContext": {
+              "trustedCa": {
+                "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
               },
-              "matchSubjectAltNames":  [
+              "matchSubjectAltNames": [
                 {
-                  "exact":  "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
+                  "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
                 }
               ]
             }
           },
-          "sni":  "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
+          "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
         }
       }
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden
deleted file mode 100644
index 9b177efb4652..000000000000
--- a/agent/xds/testdata/clusters/mesh-gateway-using-federation-control-plane.latest.golden
+++ /dev/null
@@ -1,205 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
-        }
-      },
-      "connectTimeout": "5s",
-      "outlierDetection": {}
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "dc2.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
-        }
-      },
-      "connectTimeout": "5s",
-      "outlierDetection": {}
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "dc4.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type": "LOGICAL_DNS",
-      "connectTimeout": "5s",
-      "loadAssignment": {
-        "clusterName": "dc4.internal.11111111-2222-3333-4444-555555555555.consul",
-        "endpoints": [
-          {
-            "lbEndpoints": [
-              {
-                "endpoint": {
-                  "address": {
-                    "socketAddress": {
-                      "address": "123.us-west-2.elb.notaws.com",
-                      "portValue": 443
-                    }
-                  }
-                },
-                "healthStatus": "HEALTHY",
-                "loadBalancingWeight": 1
-              }
-            ]
-          }
-        ]
-      },
-      "dnsRefreshRate": "10s",
-      "dnsLookupFamily": "V4_ONLY",
-      "outlierDetection": {}
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "dc6.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type": "LOGICAL_DNS",
-      "connectTimeout": "5s",
-      "loadAssignment": {
-        "clusterName": "dc6.internal.11111111-2222-3333-4444-555555555555.consul",
-        "endpoints": [
-          {
-            "lbEndpoints": [
-              {
-                "endpoint": {
-                  "address": {
-                    "socketAddress": {
-                      "address": "123.us-east-1.elb.notaws.com",
-                      "portValue": 443
-                    }
-                  }
-                },
-                "healthStatus": "UNHEALTHY",
-                "loadBalancingWeight": 1
-              }
-            ]
-          }
-        ]
-      },
-      "dnsRefreshRate": "10s",
-      "dnsLookupFamily": "V4_ONLY",
-      "outlierDetection": {}
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
-        }
-      },
-      "connectTimeout": "5s",
-      "outlierDetection": {}
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "node1.server.dc1.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
-        }
-      },
-      "connectTimeout": "5s",
-      "outlierDetection": {}
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "node2.server.dc1.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
-        }
-      },
-      "connectTimeout": "5s",
-      "outlierDetection": {}
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "server.dc2.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
-        }
-      },
-      "connectTimeout": "5s",
-      "outlierDetection": {}
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "server.dc4.consul",
-      "type": "LOGICAL_DNS",
-      "connectTimeout": "5s",
-      "loadAssignment": {
-        "clusterName": "server.dc4.consul",
-        "endpoints": [
-          {
-            "lbEndpoints": [
-              {
-                "endpoint": {
-                  "address": {
-                    "socketAddress": {
-                      "address": "123.us-west-2.elb.notaws.com",
-                      "portValue": 443
-                    }
-                  }
-                },
-                "healthStatus": "HEALTHY",
-                "loadBalancingWeight": 1
-              }
-            ]
-          }
-        ]
-      },
-      "dnsRefreshRate": "10s",
-      "dnsLookupFamily": "V4_ONLY",
-      "outlierDetection": {}
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "server.dc6.consul",
-      "type": "LOGICAL_DNS",
-      "connectTimeout": "5s",
-      "loadAssignment": {
-        "clusterName": "server.dc6.consul",
-        "endpoints": [
-          {
-            "lbEndpoints": [
-              {
-                "endpoint": {
-                  "address": {
-                    "socketAddress": {
-                      "address": "123.us-east-1.elb.notaws.com",
-                      "portValue": 443
-                    }
-                  }
-                },
-                "healthStatus": "UNHEALTHY",
-                "loadBalancingWeight": 1
-              }
-            ]
-          }
-        ]
-      },
-      "dnsRefreshRate": "10s",
-      "dnsLookupFamily": "V4_ONLY",
-      "outlierDetection": {}
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
index 36b196675ca1..8c85bbc827ad 100644
--- a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
+++ b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
@@ -7,25 +7,16 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
-        }
-      },
-      "connectTimeout": "5s",
-      "outlierDetection": {}
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
+          "ads": {
+
+          },
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "5s",
-      "outlierDetection": {}
+      "outlierDetection": {
+
+      }
     },
     {
       "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
@@ -33,12 +24,16 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {},
+          "ads": {
+
+          },
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "5s",
-      "outlierDetection": {}
+      "outlierDetection": {
+
+      }
     },
     {
       "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
@@ -47,22 +42,32 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {},
+          "ads": {
+
+          },
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "5s",
-      "circuitBreakers": {},
-      "outlierDetection": {},
+      "circuitBreakers": {
+
+      },
+      "outlierDetection": {
+
+      },
       "commonLbConfig": {
-        "healthyPanicThreshold": {}
+        "healthyPanicThreshold": {
+
+        }
       },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {},
+            "tlsParams": {
+
+            },
             "tlsCertificates": [
               {
                 "certificateChain": {
@@ -95,22 +100,32 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {},
+          "ads": {
+
+          },
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "33s",
-      "circuitBreakers": {},
-      "outlierDetection": {},
+      "circuitBreakers": {
+
+      },
+      "outlierDetection": {
+
+      },
       "commonLbConfig": {
-        "healthyPanicThreshold": {}
+        "healthyPanicThreshold": {
+
+        }
       },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {},
+            "tlsParams": {
+
+            },
             "tlsCertificates": [
               {
                 "certificateChain": {
@@ -143,22 +158,32 @@
       "type": "EDS",
       "edsClusterConfig": {
         "edsConfig": {
-          "ads": {},
+          "ads": {
+
+          },
           "resourceApiVersion": "V3"
         }
       },
       "connectTimeout": "5s",
-      "circuitBreakers": {},
-      "outlierDetection": {},
+      "circuitBreakers": {
+
+      },
+      "outlierDetection": {
+
+      },
       "commonLbConfig": {
-        "healthyPanicThreshold": {}
+        "healthyPanicThreshold": {
+
+        }
       },
       "transportSocket": {
         "name": "tls",
         "typedConfig": {
           "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
           "commonTlsContext": {
-            "tlsParams": {},
+            "tlsParams": {
+
+            },
             "tlsCertificates": [
               {
                 "certificateChain": {
@@ -183,34 +208,8 @@
           "sni": "v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
         }
       }
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "v1.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
-        }
-      },
-      "connectTimeout": "5s",
-      "outlierDetection": {}
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name": "v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "type": "EDS",
-      "edsClusterConfig": {
-        "edsConfig": {
-          "ads": {},
-          "resourceApiVersion": "V3"
-        }
-      },
-      "connectTimeout": "5s",
-      "outlierDetection": {}
     }
   ],
   "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
   "nonce": "00000001"
-}
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-imported-peered-services.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-imported-peered-services.latest.golden
index f69ce54c6cb3..88f75c886890 100644
--- a/agent/xds/testdata/clusters/mesh-gateway-with-imported-peered-services.latest.golden
+++ b/agent/xds/testdata/clusters/mesh-gateway-with-imported-peered-services.latest.golden
@@ -1,50 +1,56 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "alt.default.default.peer-b.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-      "type":  "STRICT_DNS",
-      "connectTimeout":  "5s",
-      "loadAssignment":  {
-        "clusterName":  "alt.default.default.peer-b.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-        "endpoints":  [
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "alt.default.default.peer-b.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+      "type": "LOGICAL_DNS",
+      "connectTimeout": "5s",
+      "loadAssignment": {
+        "clusterName": "alt.default.default.peer-b.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+        "endpoints": [
           {
-            "lbEndpoints":  [
+            "lbEndpoints": [
               {
-                "endpoint":  {
-                  "address":  {
-                    "socketAddress":  {
-                      "address":  "alt.us-east-1.elb.notaws.com",
-                      "portValue":  8443
+                "endpoint": {
+                  "address": {
+                    "socketAddress": {
+                      "address": "alt.us-east-1.elb.notaws.com",
+                      "portValue": 8443
                     }
                   }
                 },
-                "healthStatus":  "HEALTHY",
-                "loadBalancingWeight":  1
+                "healthStatus": "HEALTHY",
+                "loadBalancingWeight": 1
               }
             ]
           }
         ]
       },
-      "dnsRefreshRate":  "10s",
-      "dnsLookupFamily":  "V4_ONLY",
-      "outlierDetection":  {}
+      "dnsRefreshRate": "10s",
+      "dnsLookupFamily": "V4_ONLY",
+      "outlierDetection": {
+
+      }
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-      "name":  "db.default.default.peer-a.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-      "type":  "EDS",
-      "edsClusterConfig":  {
-        "edsConfig":  {
-          "ads":  {},
-          "resourceApiVersion":  "V3"
+      "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+      "name": "db.default.default.peer-a.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
+      "type": "EDS",
+      "edsClusterConfig": {
+        "edsConfig": {
+          "ads": {
+
+          },
+          "resourceApiVersion": "V3"
         }
       },
-      "connectTimeout":  "5s",
-      "outlierDetection":  {}
+      "connectTimeout": "5s",
+      "outlierDetection": {
+
+      }
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.cluster.v3.Cluster",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/endpoints/api-gateway-with-http-route-and-inline-certificate.latest.golden
similarity index 100%
rename from agent/xds/testdata/endpoints/api-gateway-with-http-route.latest.golden
rename to agent/xds/testdata/endpoints/api-gateway-with-http-route-and-inline-certificate.latest.golden
diff --git a/agent/xds/testdata/endpoints/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/endpoints/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
deleted file mode 100644
index bda159302a84..000000000000
--- a/agent/xds/testdata/endpoints/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
+++ /dev/null
@@ -1,41 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "endpoints": [
-        {
-          "lbEndpoints": [
-            {
-              "endpoint": {
-                "address": {
-                  "socketAddress": {
-                    "address": "10.10.1.1",
-                    "portValue": 8080
-                  }
-                }
-              },
-              "healthStatus": "HEALTHY",
-              "loadBalancingWeight": 1
-            },
-            {
-              "endpoint": {
-                "address": {
-                  "socketAddress": {
-                    "address": "10.10.1.2",
-                    "portValue": 8080
-                  }
-                }
-              },
-              "healthStatus": "HEALTHY",
-              "loadBalancingWeight": 1
-            }
-          ]
-        }
-      ]
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/api-gateway-with-multiple-inline-certificates.latest.golden b/agent/xds/testdata/endpoints/api-gateway-with-multiple-inline-certificates.latest.golden
deleted file mode 100644
index 47b46bca225b..000000000000
--- a/agent/xds/testdata/endpoints/api-gateway-with-multiple-inline-certificates.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "typeUrl":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
deleted file mode 100644
index 9dc909faf7c0..000000000000
--- a/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName": "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-      "endpoints": [
-        {
-          "lbEndpoints": [
-            {
-              "endpoint": {
-                "address": {
-                  "socketAddress": {
-                    "address": "106.96.90.233",
-                    "portValue": 443
-                  }
-                }
-              },
-              "healthStatus": "HEALTHY",
-              "loadBalancingWeight": 1
-            }
-          ]
-        }
-      ]
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-http2.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-http2.latest.golden
deleted file mode 100644
index edcc68b8acda..000000000000
--- a/agent/xds/testdata/endpoints/connect-proxy-with-peered-upstreams-http2.latest.golden
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName":  "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul",
-      "endpoints":  [
-        {
-          "lbEndpoints":  [
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "106.96.90.233",
-                    "portValue":  443
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            }
-          ]
-        }
-      ]
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/mesh-gateway-using-federation-control-plane.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-using-federation-control-plane.latest.golden
deleted file mode 100644
index 231f4b9b2c99..000000000000
--- a/agent/xds/testdata/endpoints/mesh-gateway-using-federation-control-plane.latest.golden
+++ /dev/null
@@ -1,249 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName":  "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "endpoints":  [
-        {
-          "lbEndpoints":  [
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "172.16.1.6",
-                    "portValue":  2222
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            },
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "172.16.1.7",
-                    "portValue":  2222
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            },
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "172.16.1.8",
-                    "portValue":  2222
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName":  "dc2.internal.11111111-2222-3333-4444-555555555555.consul",
-      "endpoints":  [
-        {
-          "lbEndpoints":  [
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "198.18.1.1",
-                    "portValue":  443
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            },
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "198.18.1.2",
-                    "portValue":  443
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName":  "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "endpoints":  [
-        {
-          "lbEndpoints":  [
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "172.16.1.3",
-                    "portValue":  2222
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            },
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "172.16.1.4",
-                    "portValue":  2222
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            },
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "172.16.1.5",
-                    "portValue":  2222
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            },
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "172.16.1.9",
-                    "portValue":  2222
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName":  "node1.server.dc1.consul",
-      "endpoints":  [
-        {
-          "lbEndpoints":  [
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "127.0.0.1",
-                    "portValue":  0
-                  }
-                }
-              }
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName":  "node2.server.dc1.consul",
-      "endpoints":  [
-        {
-          "lbEndpoints":  [
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "127.0.0.2",
-                    "portValue":  0
-                  }
-                }
-              }
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName":  "server.dc1.consul",
-      "endpoints":  [
-        {
-          "lbEndpoints":  [
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "127.0.0.1",
-                    "portValue":  0
-                  }
-                }
-              }
-            },
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "127.0.0.2",
-                    "portValue":  0
-                  }
-                }
-              }
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName":  "server.dc2.consul",
-      "endpoints":  [
-        {
-          "lbEndpoints":  [
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "198.18.1.1",
-                    "portValue":  443
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            },
-            {
-              "endpoint":  {
-                "address":  {
-                  "socketAddress":  {
-                    "address":  "198.18.1.2",
-                    "portValue":  443
-                  }
-                }
-              },
-              "healthStatus":  "HEALTHY",
-              "loadBalancingWeight":  1
-            }
-          ]
-        }
-      ]
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
index 03bd971ef6e8..b993f6a71e49 100644
--- a/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
+++ b/agent/xds/testdata/endpoints/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden
@@ -35,40 +35,6 @@
         }
       ]
     },
-    {
-      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "endpoints": [
-        {
-          "lbEndpoints": [
-            {
-              "endpoint": {
-                "address": {
-                  "socketAddress": {
-                    "address": "10.10.1.3",
-                    "portValue": 8080
-                  }
-                }
-              },
-              "healthStatus": "HEALTHY",
-              "loadBalancingWeight": 128
-            },
-            {
-              "endpoint": {
-                "address": {
-                  "socketAddress": {
-                    "address": "10.10.1.4",
-                    "portValue": 8080
-                  }
-                }
-              },
-              "healthStatus": "HEALTHY",
-              "loadBalancingWeight": 1
-            }
-          ]
-        }
-      ]
-    },
     {
       "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
       "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
@@ -170,72 +136,6 @@
           ]
         }
       ]
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName": "exported~v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "endpoints": [
-        {
-          "lbEndpoints": [
-            {
-              "endpoint": {
-                "address": {
-                  "socketAddress": {
-                    "address": "10.10.1.4",
-                    "portValue": 8080
-                  }
-                }
-              },
-              "healthStatus": "HEALTHY",
-              "loadBalancingWeight": 1
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName": "v1.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "endpoints": [
-        {
-          "lbEndpoints": [
-            {
-              "endpoint": {
-                "address": {
-                  "socketAddress": {
-                    "address": "10.10.1.3",
-                    "portValue": 8080
-                  }
-                }
-              },
-              "healthStatus": "HEALTHY",
-              "loadBalancingWeight": 128
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
-      "clusterName": "v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "endpoints": [
-        {
-          "lbEndpoints": [
-            {
-              "endpoint": {
-                "address": {
-                  "socketAddress": {
-                    "address": "10.10.1.4",
-                    "portValue": 8080
-                  }
-                }
-              },
-              "healthStatus": "HEALTHY",
-              "loadBalancingWeight": 1
-            }
-          ]
-        }
-      ]
     }
   ],
   "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
diff --git a/agent/xds/testdata/listeners/api-gateway-with-http-route-and-inline-certificate.latest.golden b/agent/xds/testdata/listeners/api-gateway-with-http-route-and-inline-certificate.latest.golden
new file mode 100644
index 000000000000..97fe8332eecf
--- /dev/null
+++ b/agent/xds/testdata/listeners/api-gateway-with-http-route-and-inline-certificate.latest.golden
@@ -0,0 +1,54 @@
+{
+  "versionInfo": "00000001",
+  "resources": [
+    {
+      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
+      "name": "http:1.2.3.4:8080",
+      "address": {
+        "socketAddress": {
+          "address": "1.2.3.4",
+          "portValue": 8080
+        }
+      },
+      "filterChains": [
+        {
+          "filters": [
+            {
+              "name": "envoy.filters.network.http_connection_manager",
+              "typedConfig": {
+                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                "statPrefix": "ingress_upstream_8080",
+                "rds": {
+                  "configSource": {
+                    "ads": {},
+                    "resourceApiVersion": "V3"
+                  },
+                  "routeConfigName": "8080"
+                },
+                "httpFilters": [
+                  {
+                    "name": "envoy.filters.http.router",
+                    "typedConfig": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                    }
+                  }
+                ],
+                "tracing": {
+                  "randomSampling": {}
+                },
+                "upgradeConfigs": [
+                  {
+                    "upgradeType": "websocket"
+                  }
+                ]
+              }
+            }
+          ]
+        }
+      ],
+      "trafficDirection": "OUTBOUND"
+    }
+  ],
+  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
+  "nonce": "00000001"
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/listeners/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
deleted file mode 100644
index 935e330a5983..000000000000
--- a/agent/xds/testdata/listeners/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
+++ /dev/null
@@ -1,85 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "http:1.2.3.4:8080",
-      "address": {
-        "socketAddress": {
-          "address": "1.2.3.4",
-          "portValue": 8080
-        }
-      },
-      "filterChains": [
-        {
-          "filters": [
-            {
-              "name": "envoy.filters.network.http_connection_manager",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix": "ingress_upstream_certificate",
-                "rds": {
-                  "configSource": {
-                    "ads": {},
-                    "resourceApiVersion": "V3"
-                  },
-                  "routeConfigName": "8080"
-                },
-                "httpFilters": [
-                  {
-                    "name": "envoy.filters.http.router",
-                    "typedConfig": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing": {
-                  "randomSampling": {}
-                },
-                "upgradeConfigs": [
-                  {
-                    "upgradeType": "websocket"
-                  }
-                ]
-              }
-            }
-          ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {},
-                "tlsCertificates": [
-                  {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICljCCAX4CCQCQMDsYO8FrPjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJV\nUzAeFw0yMjEyMjAxNzUwMjVaFw0yNzEyMTkxNzUwMjVaMA0xCzAJBgNVBAYTAlVT\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx95Opa6t4lGEpiTUogEB\nptqOdam2ch4BHQGhNhX/MrDwwuZQhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2\njQlhqTodElkbsd5vWY8R/bxJWQSoNvVE12TlzECxGpJEiHt4W0r8pGffk+rvplji\nUyCfnT1kGF3znOSjK1hRMTn6RKWCyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409\ng9X5VU88/Bmmrz4cMyxce86Kc2ug5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftr\nXOvuCbO5IBRHMOBHiHTZ4rtGuhMaIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+W\nmQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfCqoUIdPf/HGSbOorPyZWbyizNtHJ\nGL7x9cAeIYxpI5Y/WcO1o5v94lvrgm3FNfJoGKbV66+JxOge731FrfMpHplhar1Z\nRahYIzNLRBTLrwadLAZkApUpZvB8qDK4knsTWFYujNsylCww2A6ajzIMFNU4GkUK\nNtyHRuD+KYRmjXtyX1yHNqfGN3vOQmwavHq2R8wHYuBSc6LAHHV9vG+j0VsgMELO\nqwxn8SmLkSKbf2+MsQVzLCXXN5u+D8Yv+4py+oKP4EQ5aFZuDEx+r/G/31rTthww\nAAJAMaoXmoYVdgXV+CPuBb2M4XCpuzLu3bcA2PXm5ipSyIgntMKwXV7r\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAx95Opa6t4lGEpiTUogEBptqOdam2ch4BHQGhNhX/MrDwwuZQ\nhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2jQlhqTodElkbsd5vWY8R/bxJWQSo\nNvVE12TlzECxGpJEiHt4W0r8pGffk+rvpljiUyCfnT1kGF3znOSjK1hRMTn6RKWC\nyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409g9X5VU88/Bmmrz4cMyxce86Kc2ug\n5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftrXOvuCbO5IBRHMOBHiHTZ4rtGuhMa\nIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+WmQIDAQABAoIBACYvceUzp2MK4gYA\nGWPOP2uKbBdM0l+hHeNV0WAM+dHMfmMuL4pkT36ucqt0ySOLjw6rQyOZG5nmA6t9\nsv0g4ae2eCMlyDIeNi1Yavu4Wt6YX4cTXbQKThm83C6W2X9THKbauBbxD621bsDK\n7PhiGPN60yPue7YwFQAPqqD4YaK+s22HFIzk9gwM/rkvAUNwRv7SyHMiFe4Igc1C\nEev7iHWzvj5Heoz6XfF+XNF9DU+TieSUAdjd56VyUb8XL4+uBTOhHwLiXvAmfaMR\nHvpcxeKnYZusS6NaOxcUHiJnsLNWrxmJj9WEGgQzuLxcLjTe4vVmELVZD8t3QUKj\nPAxu8tUCgYEA7KIWVn9dfVpokReorFym+J8FzLwSktP9RZYEMonJo00i8aii3K9s\nu/aSwRWQSCzmON1ZcxZzWhwQF9usz6kGCk//9+4hlVW90GtNK0RD+j7sp4aT2JI8\n9eLEjTG+xSXa7XWe98QncjjL9lu/yrRncSTxHs13q/XP198nn2aYuQ8CgYEA2Dnt\nsRBzv0fFEvzzFv7G/5f85mouN38TUYvxNRTjBLCXl9DeKjDkOVZ2b6qlfQnYXIru\nH+W+v+AZEb6fySXc8FRab7lkgTMrwE+aeI4rkW7asVwtclv01QJ5wMnyT84AgDD/\nDgt/RThFaHgtU9TW5GOZveL+l9fVPn7vKFdTJdcCgYEArJ99zjHxwJ1whNAOk1av\n09UmRPm6TvRo4heTDk8oEoIWCNatoHI0z1YMLuENNSnT9Q280FFDayvnrY/qnD7A\nkktT/sjwJOG8q8trKzIMqQS4XWm2dxoPcIyyOBJfCbEY6XuRsUuePxwh5qF942EB\nyS9a2s6nC4Ix0lgPrqAIr48CgYBgS/Q6riwOXSU8nqCYdiEkBYlhCJrKpnJxF9T1\nofa0yPzKZP/8ZEfP7VzTwHjxJehQ1qLUW9pG08P2biH1UEKEWdzo8vT6wVJT1F/k\nHtTycR8+a+Hlk2SHVRHqNUYQGpuIe8mrdJ1as4Pd0d/F/P0zO9Rlh+mAsGPM8HUM\nT0+9gwKBgHDoerX7NTskg0H0t8O+iSMevdxpEWp34ZYa9gHiftTQGyrRgERCa7Gj\nnZPAxKb2JoWyfnu3v7G5gZ8fhDFsiOxLbZv6UZJBbUIh1MjJISpXrForDrC2QNLX\nkHrHfwBFDB3KMudhQknsJzEJKCL/KmFH6o0MvsoaT9yzEl3K+ah/\n-----END RSA PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "alpnProtocols": [
-                  "http/1.1"
-                ]
-              },
-              "requireClientCertificate": false
-            }
-          }
-        }
-      ],
-      "listenerFilters": [
-        {
-          "name": "envoy.filters.listener.tls_inspector",
-          "typedConfig": {
-            "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
-          }
-        }
-      ],
-      "trafficDirection": "OUTBOUND"
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden
deleted file mode 100644
index 935e330a5983..000000000000
--- a/agent/xds/testdata/listeners/api-gateway-with-http-route.latest.golden
+++ /dev/null
@@ -1,85 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "http:1.2.3.4:8080",
-      "address": {
-        "socketAddress": {
-          "address": "1.2.3.4",
-          "portValue": 8080
-        }
-      },
-      "filterChains": [
-        {
-          "filters": [
-            {
-              "name": "envoy.filters.network.http_connection_manager",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix": "ingress_upstream_certificate",
-                "rds": {
-                  "configSource": {
-                    "ads": {},
-                    "resourceApiVersion": "V3"
-                  },
-                  "routeConfigName": "8080"
-                },
-                "httpFilters": [
-                  {
-                    "name": "envoy.filters.http.router",
-                    "typedConfig": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing": {
-                  "randomSampling": {}
-                },
-                "upgradeConfigs": [
-                  {
-                    "upgradeType": "websocket"
-                  }
-                ]
-              }
-            }
-          ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {},
-                "tlsCertificates": [
-                  {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICljCCAX4CCQCQMDsYO8FrPjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJV\nUzAeFw0yMjEyMjAxNzUwMjVaFw0yNzEyMTkxNzUwMjVaMA0xCzAJBgNVBAYTAlVT\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx95Opa6t4lGEpiTUogEB\nptqOdam2ch4BHQGhNhX/MrDwwuZQhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2\njQlhqTodElkbsd5vWY8R/bxJWQSoNvVE12TlzECxGpJEiHt4W0r8pGffk+rvplji\nUyCfnT1kGF3znOSjK1hRMTn6RKWCyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409\ng9X5VU88/Bmmrz4cMyxce86Kc2ug5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftr\nXOvuCbO5IBRHMOBHiHTZ4rtGuhMaIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+W\nmQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfCqoUIdPf/HGSbOorPyZWbyizNtHJ\nGL7x9cAeIYxpI5Y/WcO1o5v94lvrgm3FNfJoGKbV66+JxOge731FrfMpHplhar1Z\nRahYIzNLRBTLrwadLAZkApUpZvB8qDK4knsTWFYujNsylCww2A6ajzIMFNU4GkUK\nNtyHRuD+KYRmjXtyX1yHNqfGN3vOQmwavHq2R8wHYuBSc6LAHHV9vG+j0VsgMELO\nqwxn8SmLkSKbf2+MsQVzLCXXN5u+D8Yv+4py+oKP4EQ5aFZuDEx+r/G/31rTthww\nAAJAMaoXmoYVdgXV+CPuBb2M4XCpuzLu3bcA2PXm5ipSyIgntMKwXV7r\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAx95Opa6t4lGEpiTUogEBptqOdam2ch4BHQGhNhX/MrDwwuZQ\nhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2jQlhqTodElkbsd5vWY8R/bxJWQSo\nNvVE12TlzECxGpJEiHt4W0r8pGffk+rvpljiUyCfnT1kGF3znOSjK1hRMTn6RKWC\nyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409g9X5VU88/Bmmrz4cMyxce86Kc2ug\n5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftrXOvuCbO5IBRHMOBHiHTZ4rtGuhMa\nIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+WmQIDAQABAoIBACYvceUzp2MK4gYA\nGWPOP2uKbBdM0l+hHeNV0WAM+dHMfmMuL4pkT36ucqt0ySOLjw6rQyOZG5nmA6t9\nsv0g4ae2eCMlyDIeNi1Yavu4Wt6YX4cTXbQKThm83C6W2X9THKbauBbxD621bsDK\n7PhiGPN60yPue7YwFQAPqqD4YaK+s22HFIzk9gwM/rkvAUNwRv7SyHMiFe4Igc1C\nEev7iHWzvj5Heoz6XfF+XNF9DU+TieSUAdjd56VyUb8XL4+uBTOhHwLiXvAmfaMR\nHvpcxeKnYZusS6NaOxcUHiJnsLNWrxmJj9WEGgQzuLxcLjTe4vVmELVZD8t3QUKj\nPAxu8tUCgYEA7KIWVn9dfVpokReorFym+J8FzLwSktP9RZYEMonJo00i8aii3K9s\nu/aSwRWQSCzmON1ZcxZzWhwQF9usz6kGCk//9+4hlVW90GtNK0RD+j7sp4aT2JI8\n9eLEjTG+xSXa7XWe98QncjjL9lu/yrRncSTxHs13q/XP198nn2aYuQ8CgYEA2Dnt\nsRBzv0fFEvzzFv7G/5f85mouN38TUYvxNRTjBLCXl9DeKjDkOVZ2b6qlfQnYXIru\nH+W+v+AZEb6fySXc8FRab7lkgTMrwE+aeI4rkW7asVwtclv01QJ5wMnyT84AgDD/\nDgt/RThFaHgtU9TW5GOZveL+l9fVPn7vKFdTJdcCgYEArJ99zjHxwJ1whNAOk1av\n09UmRPm6TvRo4heTDk8oEoIWCNatoHI0z1YMLuENNSnT9Q280FFDayvnrY/qnD7A\nkktT/sjwJOG8q8trKzIMqQS4XWm2dxoPcIyyOBJfCbEY6XuRsUuePxwh5qF942EB\nyS9a2s6nC4Ix0lgPrqAIr48CgYBgS/Q6riwOXSU8nqCYdiEkBYlhCJrKpnJxF9T1\nofa0yPzKZP/8ZEfP7VzTwHjxJehQ1qLUW9pG08P2biH1UEKEWdzo8vT6wVJT1F/k\nHtTycR8+a+Hlk2SHVRHqNUYQGpuIe8mrdJ1as4Pd0d/F/P0zO9Rlh+mAsGPM8HUM\nT0+9gwKBgHDoerX7NTskg0H0t8O+iSMevdxpEWp34ZYa9gHiftTQGyrRgERCa7Gj\nnZPAxKb2JoWyfnu3v7G5gZ8fhDFsiOxLbZv6UZJBbUIh1MjJISpXrForDrC2QNLX\nkHrHfwBFDB3KMudhQknsJzEJKCL/KmFH6o0MvsoaT9yzEl3K+ah/\n-----END RSA PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "alpnProtocols": [
-                  "http/1.1"
-                ]
-              },
-              "requireClientCertificate": false
-            }
-          }
-        }
-      ],
-      "listenerFilters": [
-        {
-          "name": "envoy.filters.listener.tls_inspector",
-          "typedConfig": {
-            "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
-          }
-        }
-      ],
-      "trafficDirection": "OUTBOUND"
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/api-gateway-with-multiple-inline-certificates.latest.golden b/agent/xds/testdata/listeners/api-gateway-with-multiple-inline-certificates.latest.golden
deleted file mode 100644
index 272946812374..000000000000
--- a/agent/xds/testdata/listeners/api-gateway-with-multiple-inline-certificates.latest.golden
+++ /dev/null
@@ -1,102 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "service:1.2.3.4:8080",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8080
-        }
-      },
-      "filterChains":  [
-        {
-          "filterChainMatch":  {
-            "serverNames":  [
-              ""
-            ]
-          },
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "ingress_upstream_certificate",
-                "cluster":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
-                  {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICljCCAX4CCQCQMDsYO8FrPjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJV\nUzAeFw0yMjEyMjAxNzUwMjVaFw0yNzEyMTkxNzUwMjVaMA0xCzAJBgNVBAYTAlVT\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx95Opa6t4lGEpiTUogEB\nptqOdam2ch4BHQGhNhX/MrDwwuZQhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2\njQlhqTodElkbsd5vWY8R/bxJWQSoNvVE12TlzECxGpJEiHt4W0r8pGffk+rvplji\nUyCfnT1kGF3znOSjK1hRMTn6RKWCyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409\ng9X5VU88/Bmmrz4cMyxce86Kc2ug5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftr\nXOvuCbO5IBRHMOBHiHTZ4rtGuhMaIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+W\nmQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfCqoUIdPf/HGSbOorPyZWbyizNtHJ\nGL7x9cAeIYxpI5Y/WcO1o5v94lvrgm3FNfJoGKbV66+JxOge731FrfMpHplhar1Z\nRahYIzNLRBTLrwadLAZkApUpZvB8qDK4knsTWFYujNsylCww2A6ajzIMFNU4GkUK\nNtyHRuD+KYRmjXtyX1yHNqfGN3vOQmwavHq2R8wHYuBSc6LAHHV9vG+j0VsgMELO\nqwxn8SmLkSKbf2+MsQVzLCXXN5u+D8Yv+4py+oKP4EQ5aFZuDEx+r/G/31rTthww\nAAJAMaoXmoYVdgXV+CPuBb2M4XCpuzLu3bcA2PXm5ipSyIgntMKwXV7r\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAx95Opa6t4lGEpiTUogEBptqOdam2ch4BHQGhNhX/MrDwwuZQ\nhttBwMfngQ/wd9NmYEPAwj0dumUoAITIq6i2jQlhqTodElkbsd5vWY8R/bxJWQSo\nNvVE12TlzECxGpJEiHt4W0r8pGffk+rvpljiUyCfnT1kGF3znOSjK1hRMTn6RKWC\nyYaBvXQiB4SGilfLgJcEpOJKtISIxmZ+S409g9X5VU88/Bmmrz4cMyxce86Kc2ug\n5/MOv0CjWDJwlrv8njneV2zvraQ61DDwQftrXOvuCbO5IBRHMOBHiHTZ4rtGuhMa\nIr21V4vb6n8c4YzXiFvhUYcyX7rltGZzVd+WmQIDAQABAoIBACYvceUzp2MK4gYA\nGWPOP2uKbBdM0l+hHeNV0WAM+dHMfmMuL4pkT36ucqt0ySOLjw6rQyOZG5nmA6t9\nsv0g4ae2eCMlyDIeNi1Yavu4Wt6YX4cTXbQKThm83C6W2X9THKbauBbxD621bsDK\n7PhiGPN60yPue7YwFQAPqqD4YaK+s22HFIzk9gwM/rkvAUNwRv7SyHMiFe4Igc1C\nEev7iHWzvj5Heoz6XfF+XNF9DU+TieSUAdjd56VyUb8XL4+uBTOhHwLiXvAmfaMR\nHvpcxeKnYZusS6NaOxcUHiJnsLNWrxmJj9WEGgQzuLxcLjTe4vVmELVZD8t3QUKj\nPAxu8tUCgYEA7KIWVn9dfVpokReorFym+J8FzLwSktP9RZYEMonJo00i8aii3K9s\nu/aSwRWQSCzmON1ZcxZzWhwQF9usz6kGCk//9+4hlVW90GtNK0RD+j7sp4aT2JI8\n9eLEjTG+xSXa7XWe98QncjjL9lu/yrRncSTxHs13q/XP198nn2aYuQ8CgYEA2Dnt\nsRBzv0fFEvzzFv7G/5f85mouN38TUYvxNRTjBLCXl9DeKjDkOVZ2b6qlfQnYXIru\nH+W+v+AZEb6fySXc8FRab7lkgTMrwE+aeI4rkW7asVwtclv01QJ5wMnyT84AgDD/\nDgt/RThFaHgtU9TW5GOZveL+l9fVPn7vKFdTJdcCgYEArJ99zjHxwJ1whNAOk1av\n09UmRPm6TvRo4heTDk8oEoIWCNatoHI0z1YMLuENNSnT9Q280FFDayvnrY/qnD7A\nkktT/sjwJOG8q8trKzIMqQS4XWm2dxoPcIyyOBJfCbEY6XuRsUuePxwh5qF942EB\nyS9a2s6nC4Ix0lgPrqAIr48CgYBgS/Q6riwOXSU8nqCYdiEkBYlhCJrKpnJxF9T1\nofa0yPzKZP/8ZEfP7VzTwHjxJehQ1qLUW9pG08P2biH1UEKEWdzo8vT6wVJT1F/k\nHtTycR8+a+Hlk2SHVRHqNUYQGpuIe8mrdJ1as4Pd0d/F/P0zO9Rlh+mAsGPM8HUM\nT0+9gwKBgHDoerX7NTskg0H0t8O+iSMevdxpEWp34ZYa9gHiftTQGyrRgERCa7Gj\nnZPAxKb2JoWyfnu3v7G5gZ8fhDFsiOxLbZv6UZJBbUIh1MjJISpXrForDrC2QNLX\nkHrHfwBFDB3KMudhQknsJzEJKCL/KmFH6o0MvsoaT9yzEl3K+ah/\n-----END RSA PRIVATE KEY-----\n"
-                    }
-                  }
-                ]
-              },
-              "requireClientCertificate":  false
-            }
-          }
-        },
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "ingress_upstream_default",
-                "cluster":  "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
-                  {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                }
-              },
-              "requireClientCertificate":  false
-            }
-          }
-        }
-      ],
-      "listenerFilters":  [
-        {
-          "name":  "envoy.filters.listener.tls_inspector",
-          "typedConfig":  {
-            "@type":  "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
-          }
-        }
-      ],
-      "trafficDirection":  "OUTBOUND"
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden
index 1fc03f74705d..03e15abeaa72 100644
--- a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden
+++ b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-overrides.latest.golden
@@ -148,4 +148,4 @@
   ],
   "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
   "nonce": "00000001"
-}
+}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
deleted file mode 100644
index 76c41c8b7c97..000000000000
--- a/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
+++ /dev/null
@@ -1,114 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "payments?peer=cloud:custom-upstream",
-      "address": {
-        "socketAddress": {
-          "address": "11.11.11.11",
-          "portValue": 11111
-        }
-      },
-      "filterChains": [
-        {
-          "filters": [
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "foo-stats",
-                "cluster": "random-cluster"
-              }
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "public_listener:0.0.0.0:9999",
-      "address": {
-        "socketAddress": {
-          "address": "0.0.0.0",
-          "portValue": 9999
-        }
-      },
-      "filterChains": [
-        {
-          "filters": [
-            {
-              "name": "envoy.filters.network.rbac",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {},
-                "statPrefix": "connect_authz"
-              }
-            },
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "public_listener",
-                "cluster": "local_app"
-              }
-            }
-          ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {},
-                "tlsCertificates": [
-                  {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                }
-              },
-              "requireClientCertificate": true
-            }
-          }
-        }
-      ],
-      "trafficDirection": "INBOUND"
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "refunds?peer=cloud:127.0.0.1:9090",
-      "address": {
-        "socketAddress": {
-          "address": "127.0.0.1",
-          "portValue": 9090
-        }
-      },
-      "filterChains": [
-        {
-          "filters": [
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "upstream_peered.refunds.default.cloud",
-                "cluster": "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
-              }
-            }
-          ]
-        }
-      ],
-      "trafficDirection": "OUTBOUND"
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-http2.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-http2.latest.golden
deleted file mode 100644
index a18dfc148402..000000000000
--- a/agent/xds/testdata/listeners/connect-proxy-with-peered-upstreams-http2.latest.golden
+++ /dev/null
@@ -1,189 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "payments?peer=cloud:127.0.0.1:9090",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9090
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream_peered.payments.default.cloud",
-                "routeConfig":  {
-                  "name":  "payments?peer=cloud",
-                  "virtualHosts":  [
-                    {
-                      "name":  "payments.default.cloud",
-                      "domains":  [
-                        "*"
-                      ],
-                      "routes":  [
-                        {
-                          "match":  {
-                            "prefix":  "/"
-                          },
-                          "route":  {
-                            "cluster":  "payments.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
-                          }
-                        }
-                      ]
-                    }
-                  ]
-                },
-                "httpFilters":  [
-                  {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing":  {
-                  "randomSampling":  {}
-                },
-                "http2ProtocolOptions":  {},
-                "upgradeConfigs":  [
-                  {
-                    "upgradeType":  "websocket"
-                  }
-                ]
-              }
-            }
-          ]
-        }
-      ],
-      "trafficDirection":  "OUTBOUND"
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
-              }
-            },
-            {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "public_listener",
-                "cluster":  "local_app"
-              }
-            }
-          ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
-                  {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                }
-              },
-              "requireClientCertificate":  true
-            }
-          }
-        }
-      ],
-      "trafficDirection":  "INBOUND"
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "refunds?peer=cloud:127.0.0.1:9090",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.0.0.1",
-          "portValue":  9090
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "upstream_peered.refunds.default.cloud",
-                "routeConfig":  {
-                  "name":  "refunds?peer=cloud",
-                  "virtualHosts":  [
-                    {
-                      "name":  "refunds.default.cloud",
-                      "domains":  [
-                        "*"
-                      ],
-                      "routes":  [
-                        {
-                          "match":  {
-                            "prefix":  "/"
-                          },
-                          "route":  {
-                            "cluster":  "refunds.default.cloud.external.1c053652-8512-4373-90cf-5a7f6263a994.consul"
-                          }
-                        }
-                      ]
-                    }
-                  ]
-                },
-                "httpFilters":  [
-                  {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing":  {
-                  "randomSampling":  {}
-                },
-                "http2ProtocolOptions":  {},
-                "upgradeConfigs":  [
-                  {
-                    "upgradeType":  "websocket"
-                  }
-                ]
-              }
-            }
-          ]
-        }
-      ],
-      "trafficDirection":  "OUTBOUND"
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden
index f091cd40b552..549af29cb445 100644
--- a/agent/xds/testdata/listeners/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden
+++ b/agent/xds/testdata/listeners/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden
@@ -28,11 +28,11 @@
     },
     {
       "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "outbound_listener:127.0.0.1:1234",
+      "name": "outbound_listener:127.0.0.1:15001",
       "address": {
         "socketAddress": {
           "address": "127.0.0.1",
-          "portValue": 1234
+          "portValue": 15001
         }
       },
       "defaultFilterChain": {
@@ -166,4 +166,4 @@
   ],
   "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
   "nonce": "00000001"
-}
\ No newline at end of file
+}
diff --git a/agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden b/agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden
deleted file mode 100644
index 636fb2f606b8..000000000000
--- a/agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden
+++ /dev/null
@@ -1,114 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "db:custom-upstream",
-      "address":  {
-        "socketAddress":  {
-          "address":  "11.11.11.11",
-          "portValue":  11111
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "foo-stats",
-                "cluster":  "random-cluster"
-              }
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "prepared_query:geo-cache:127.10.10.10:8181",
-      "address":  {
-        "socketAddress":  {
-          "address":  "127.10.10.10",
-          "portValue":  8181
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "upstream.prepared_query_geo-cache",
-                "cluster":  "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ]
-        }
-      ],
-      "trafficDirection":  "OUTBOUND"
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "public_listener:0.0.0.0:9999",
-      "address":  {
-        "socketAddress":  {
-          "address":  "0.0.0.0",
-          "portValue":  9999
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.rbac",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules":  {},
-                "statPrefix":  "connect_authz"
-              }
-            },
-            {
-              "name":  "envoy.filters.network.tcp_proxy",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix":  "public_listener",
-                "cluster":  "local_app"
-              }
-            }
-          ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {},
-                "tlsCertificates":  [
-                  {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                }
-              },
-              "requireClientCertificate":  true
-            }
-          }
-        }
-      ],
-      "trafficDirection":  "INBOUND"
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/expose-checks-grpc.latest.golden b/agent/xds/testdata/listeners/expose-checks-grpc.latest.golden
deleted file mode 100644
index 6551d151fc66..000000000000
--- a/agent/xds/testdata/listeners/expose-checks-grpc.latest.golden
+++ /dev/null
@@ -1,143 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "exposed_path_grpchealthv1HealthCheck:1.2.3.4:21501",
-      "address": {
-        "socketAddress": {
-          "address": "1.2.3.4",
-          "portValue": 21501
-        }
-      },
-      "filterChains": [
-        {
-          "filterChainMatch": {
-            "sourcePrefixRanges": [
-              {
-                "addressPrefix": "127.0.0.1",
-                "prefixLen": 8
-              },
-              {
-                "addressPrefix": "192.0.2.1",
-                "prefixLen": 32
-              },
-              {
-                "addressPrefix": "::1",
-                "prefixLen": 128
-              }
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.http_connection_manager",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix": "exposed_path_filter_grpchealthv1HealthCheck_21501",
-                "routeConfig": {
-                  "name": "exposed_path_filter_grpchealthv1HealthCheck_21501",
-                  "virtualHosts": [
-                    {
-                      "name": "exposed_path_filter_grpchealthv1HealthCheck_21501",
-                      "domains": [
-                        "*"
-                      ],
-                      "routes": [
-                        {
-                          "match": {
-                            "path": "/grpc.health.v1.Health/Check"
-                          },
-                          "route": {
-                            "cluster": "exposed_cluster_9090"
-                          }
-                        }
-                      ]
-                    }
-                  ]
-                },
-                "httpFilters": [
-                  {
-                    "name": "envoy.filters.http.router",
-                    "typedConfig": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing": {
-                  "randomSampling": {}
-                },
-                "http2ProtocolOptions": {},
-                "upgradeConfigs": [
-                  {
-                    "upgradeType": "websocket"
-                  }
-                ]
-              }
-            }
-          ]
-        }
-      ],
-      "trafficDirection": "INBOUND"
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "public_listener:1.2.3.4:9090",
-      "address": {
-        "socketAddress": {
-          "address": "1.2.3.4",
-          "portValue": 9090
-        }
-      },
-      "filterChains": [
-        {
-          "filters": [
-            {
-              "name": "envoy.filters.network.rbac",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {},
-                "statPrefix": "connect_authz"
-              }
-            },
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "public_listener",
-                "cluster": "local_app"
-              }
-            }
-          ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {},
-                "tlsCertificates": [
-                  {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                }
-              },
-              "requireClientCertificate": true
-            }
-          }
-        }
-      ],
-      "trafficDirection": "INBOUND"
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden b/agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden
deleted file mode 100644
index 79f3555eb278..000000000000
--- a/agent/xds/testdata/listeners/expose-checks-http-with-bind-override.latest.golden
+++ /dev/null
@@ -1,142 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "exposed_path_debug:6.7.8.9:21500",
-      "address": {
-        "socketAddress": {
-          "address": "6.7.8.9",
-          "portValue": 21500
-        }
-      },
-      "filterChains": [
-        {
-          "filterChainMatch": {
-            "sourcePrefixRanges": [
-              {
-                "addressPrefix": "127.0.0.1",
-                "prefixLen": 8
-              },
-              {
-                "addressPrefix": "192.0.2.1",
-                "prefixLen": 32
-              },
-              {
-                "addressPrefix": "::1",
-                "prefixLen": 128
-              }
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.http_connection_manager",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix": "exposed_path_filter_debug_21500",
-                "routeConfig": {
-                  "name": "exposed_path_filter_debug_21500",
-                  "virtualHosts": [
-                    {
-                      "name": "exposed_path_filter_debug_21500",
-                      "domains": [
-                        "*"
-                      ],
-                      "routes": [
-                        {
-                          "match": {
-                            "path": "/debug"
-                          },
-                          "route": {
-                            "cluster": "exposed_cluster_8181"
-                          }
-                        }
-                      ]
-                    }
-                  ]
-                },
-                "httpFilters": [
-                  {
-                    "name": "envoy.filters.http.router",
-                    "typedConfig": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing": {
-                  "randomSampling": {}
-                },
-                "upgradeConfigs": [
-                  {
-                    "upgradeType": "websocket"
-                  }
-                ]
-              }
-            }
-          ]
-        }
-      ],
-      "trafficDirection": "INBOUND"
-    },
-    {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "public_listener:6.7.8.9:8080",
-      "address": {
-        "socketAddress": {
-          "address": "6.7.8.9",
-          "portValue": 8080
-        }
-      },
-      "filterChains": [
-        {
-          "filters": [
-            {
-              "name": "envoy.filters.network.rbac",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {},
-                "statPrefix": "connect_authz"
-              }
-            },
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "public_listener",
-                "cluster": "local_app"
-              }
-            }
-          ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {},
-                "tlsCertificates": [
-                  {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                }
-              },
-              "requireClientCertificate": true
-            }
-          }
-        }
-      ],
-      "trafficDirection": "INBOUND"
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/expose-checks-http.latest.golden b/agent/xds/testdata/listeners/expose-checks.latest.golden
similarity index 100%
rename from agent/xds/testdata/listeners/expose-checks-http.latest.golden
rename to agent/xds/testdata/listeners/expose-checks.latest.golden
diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
deleted file mode 100644
index 08b36fef2433..000000000000
--- a/agent/xds/testdata/listeners/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden
+++ /dev/null
@@ -1,166 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "http:1.2.3.4:8080",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8080
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "ingress_upstream_8080",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
-                  },
-                  "routeConfigName":  "8080"
-                },
-                "httpFilters":  [
-                  {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing":  {
-                  "randomSampling":  {}
-                },
-                "upgradeConfigs":  [
-                  {
-                    "upgradeType":  "websocket"
-                  }
-                ]
-              }
-            }
-          ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {
-                  "cipherSuites":  [
-                    "ECDHE-RSA-AES256-SHA"
-                  ]
-                },
-                "tlsCertificates":  [
-                  {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                },
-                "alpnProtocols":  [
-                  "http/1.1"
-                ]
-              },
-              "requireClientCertificate":  false
-            }
-          }
-        }
-      ],
-      "trafficDirection":  "OUTBOUND"
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "http:1.2.3.4:8081",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8081
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "ingress_upstream_8081",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
-                  },
-                  "routeConfigName":  "8081"
-                },
-                "httpFilters":  [
-                  {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing":  {
-                  "randomSampling":  {}
-                },
-                "upgradeConfigs":  [
-                  {
-                    "upgradeType":  "websocket"
-                  }
-                ]
-              }
-            }
-          ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {
-                  "cipherSuites":  [
-                    "ECDHE-RSA-CHACHA20-POLY1305",
-                    "ECDHE-ECDSA-CHACHA20-POLY1305"
-                  ]
-                },
-                "tlsCertificates":  [
-                  {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                },
-                "alpnProtocols":  [
-                  "http/1.1"
-                ]
-              },
-              "requireClientCertificate":  false
-            }
-          }
-        }
-      ],
-      "trafficDirection":  "OUTBOUND"
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden b/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
deleted file mode 100644
index c9e56105a5c5..000000000000
--- a/agent/xds/testdata/listeners/ingress-with-tls-mixed-max-version-listeners.latest.golden
+++ /dev/null
@@ -1,238 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "resources":  [
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "http:1.2.3.4:8080",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8080
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "ingress_upstream_8080",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
-                  },
-                  "routeConfigName":  "8080"
-                },
-                "httpFilters":  [
-                  {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing":  {
-                  "randomSampling":  {}
-                },
-                "upgradeConfigs":  [
-                  {
-                    "upgradeType":  "websocket"
-                  }
-                ]
-              }
-            }
-          ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {
-                  "tlsMaximumProtocolVersion":  "TLSv1_2"
-                },
-                "tlsCertificates":  [
-                  {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                },
-                "alpnProtocols":  [
-                  "http/1.1"
-                ]
-              },
-              "requireClientCertificate":  false
-            }
-          }
-        }
-      ],
-      "trafficDirection":  "OUTBOUND"
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "http:1.2.3.4:8081",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8081
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "ingress_upstream_8081",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
-                  },
-                  "routeConfigName":  "8081"
-                },
-                "httpFilters":  [
-                  {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing":  {
-                  "randomSampling":  {}
-                },
-                "upgradeConfigs":  [
-                  {
-                    "upgradeType":  "websocket"
-                  }
-                ]
-              }
-            }
-          ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {
-                  "tlsMaximumProtocolVersion":  "TLSv1_0"
-                },
-                "tlsCertificates":  [
-                  {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                },
-                "alpnProtocols":  [
-                  "http/1.1"
-                ]
-              },
-              "requireClientCertificate":  false
-            }
-          }
-        }
-      ],
-      "trafficDirection":  "OUTBOUND"
-    },
-    {
-      "@type":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name":  "http:1.2.3.4:8082",
-      "address":  {
-        "socketAddress":  {
-          "address":  "1.2.3.4",
-          "portValue":  8082
-        }
-      },
-      "filterChains":  [
-        {
-          "filters":  [
-            {
-              "name":  "envoy.filters.network.http_connection_manager",
-              "typedConfig":  {
-                "@type":  "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                "statPrefix":  "ingress_upstream_8082",
-                "rds":  {
-                  "configSource":  {
-                    "ads":  {},
-                    "resourceApiVersion":  "V3"
-                  },
-                  "routeConfigName":  "8082"
-                },
-                "httpFilters":  [
-                  {
-                    "name":  "envoy.filters.http.router",
-                    "typedConfig":  {
-                      "@type":  "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                    }
-                  }
-                ],
-                "tracing":  {
-                  "randomSampling":  {}
-                },
-                "upgradeConfigs":  [
-                  {
-                    "upgradeType":  "websocket"
-                  }
-                ]
-              }
-            }
-          ],
-          "transportSocket":  {
-            "name":  "tls",
-            "typedConfig":  {
-              "@type":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext":  {
-                "tlsParams":  {
-                  "tlsMaximumProtocolVersion":  "TLSv1_3"
-                },
-                "tlsCertificates":  [
-                  {
-                    "certificateChain":  {
-                      "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey":  {
-                      "inlineString":  "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext":  {
-                  "trustedCa":  {
-                    "inlineString":  "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                },
-                "alpnProtocols":  [
-                  "http/1.1"
-                ]
-              },
-              "requireClientCertificate":  false
-            }
-          }
-        }
-      ],
-      "trafficDirection":  "OUTBOUND"
-    }
-  ],
-  "typeUrl":  "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
deleted file mode 100644
index fef17ff195ae..000000000000
--- a/agent/xds/testdata/listeners/mesh-gateway-using-federation-control-plane.latest.golden
+++ /dev/null
@@ -1,181 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "default:1.2.3.4:8443",
-      "address": {
-        "socketAddress": {
-          "address": "1.2.3.4",
-          "portValue": 8443
-        }
-      },
-      "filterChains": [
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "mesh_gateway_remote.default.dc2",
-                "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ]
-        },
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "mesh_gateway_remote.default.dc4",
-                "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ]
-        },
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "mesh_gateway_remote.default.dc6",
-                "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ]
-        },
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "*.server.dc2.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "mesh_gateway_remote.default.dc2",
-                "cluster": "server.dc2.consul"
-              }
-            }
-          ]
-        },
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "*.server.dc4.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "mesh_gateway_remote.default.dc4",
-                "cluster": "server.dc4.consul"
-              }
-            }
-          ]
-        },
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "*.server.dc6.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "mesh_gateway_remote.default.dc6",
-                "cluster": "server.dc6.consul"
-              }
-            }
-          ]
-        },
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "node1.server.dc1.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "mesh_gateway_local_server.default.dc1",
-                "cluster": "node1.server.dc1.consul"
-              }
-            }
-          ]
-        },
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "node2.server.dc1.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "mesh_gateway_local_server.default.dc1",
-                "cluster": "node2.server.dc1.consul"
-              }
-            }
-          ]
-        },
-        {
-          "filters": [
-            {
-              "name": "envoy.filters.network.sni_cluster",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
-              }
-            },
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "mesh_gateway_local.default",
-                "cluster": ""
-              }
-            }
-          ]
-        }
-      ],
-      "listenerFilters": [
-        {
-          "name": "envoy.filters.listener.tls_inspector",
-          "typedConfig": {
-            "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
-          }
-        }
-      ]
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/listeners/terminating-gateway-custom-trace-listener.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-custom-trace-listener.latest.golden
deleted file mode 100644
index e85075430303..000000000000
--- a/agent/xds/testdata/listeners/terminating-gateway-custom-trace-listener.latest.golden
+++ /dev/null
@@ -1,246 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
-      "name": "default:1.2.3.4:8443",
-      "address": {
-        "socketAddress": {
-          "address": "1.2.3.4",
-          "portValue": 8443
-        }
-      },
-      "filterChains": [
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.rbac",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {},
-                "statPrefix": "connect_authz"
-              }
-            },
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "upstream.api.default.default.dc1",
-                "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {},
-                "tlsCertificates": [
-                  {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                }
-              },
-              "requireClientCertificate": true
-            }
-          }
-        },
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.rbac",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {},
-                "statPrefix": "connect_authz"
-              }
-            },
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "upstream.cache.default.default.dc1",
-                "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {},
-                "tlsCertificates": [
-                  {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                }
-              },
-              "requireClientCertificate": true
-            }
-          }
-        },
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.rbac",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {},
-                "statPrefix": "connect_authz"
-              }
-            },
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "upstream.db.default.default.dc1",
-                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {},
-                "tlsCertificates": [
-                  {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                }
-              },
-              "requireClientCertificate": true
-            }
-          }
-        },
-        {
-          "filterChainMatch": {
-            "serverNames": [
-              "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-            ]
-          },
-          "filters": [
-            {
-              "name": "envoy.filters.network.rbac",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {},
-                "statPrefix": "connect_authz"
-              }
-            },
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "upstream.web.default.default.dc1",
-                "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ],
-          "transportSocket": {
-            "name": "tls",
-            "typedConfig": {
-              "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
-              "commonTlsContext": {
-                "tlsParams": {},
-                "tlsCertificates": [
-                  {
-                    "certificateChain": {
-                      "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
-                    },
-                    "privateKey": {
-                      "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
-                    }
-                  }
-                ],
-                "validationContext": {
-                  "trustedCa": {
-                    "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
-                  }
-                }
-              },
-              "requireClientCertificate": true
-            }
-          }
-        },
-        {
-          "filters": [
-            {
-              "name": "envoy.filters.network.sni_cluster",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
-              }
-            },
-            {
-              "name": "envoy.filters.network.tcp_proxy",
-              "typedConfig": {
-                "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
-                "statPrefix": "terminating_gateway.default",
-                "cluster": ""
-              }
-            }
-          ]
-        }
-      ],
-      "listenerFilters": [
-        {
-          "name": "envoy.filters.listener.tls_inspector",
-          "typedConfig": {
-            "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
-          }
-        }
-      ],
-      "trafficDirection": "INBOUND"
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/routes/api-gateway-with-http-route-and-inline-certificate.latest.golden
similarity index 94%
rename from agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
rename to agent/xds/testdata/routes/api-gateway-with-http-route-and-inline-certificate.latest.golden
index 4a41a6d6dfb1..a1669268ec4e 100644
--- a/agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
+++ b/agent/xds/testdata/routes/api-gateway-with-http-route-and-inline-certificate.latest.golden
@@ -17,8 +17,7 @@
                 "prefix": "/"
               },
               "route": {
-                "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-                "idleTimeout": "30s"
+                "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
               },
               "requestHeadersToAdd": [
                 {
diff --git a/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden
deleted file mode 100644
index c79697246fc7..000000000000
--- a/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden
+++ /dev/null
@@ -1,59 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name": "8080",
-      "virtualHosts": [
-        {
-          "name": "api-gateway-listener-9b9265b",
-          "domains": [
-            "*",
-            "*:8080"
-          ],
-          "routes": [
-            {
-              "match": {
-                "prefix": "/"
-              },
-              "route": {
-                "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-                "timeout": "30s",
-                "idleTimeout": "30s",
-                "retryPolicy": {
-                  "retryOn": "cancelled,connect-failure,retriable-status-codes",
-                  "numRetries": 3,
-                  "retriableStatusCodes": [
-                    500
-                  ]
-                }
-              },
-              "requestHeadersToAdd": [
-                {
-                  "header": {
-                    "key": "X-Header-Add",
-                    "value": "added"
-                  },
-                  "append": true
-                },
-                {
-                  "header": {
-                    "key": "X-Header-Set",
-                    "value": "set"
-                  },
-                  "append": false
-                }
-              ],
-              "requestHeadersToRemove": [
-                "X-Header-Remove"
-              ]
-            }
-          ]
-        }
-      ],
-      "validateClusters": true
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/api-gateway-with-multiple-inline-certificates.latest.golden b/agent/xds/testdata/routes/api-gateway-with-multiple-inline-certificates.latest.golden
deleted file mode 100644
index 306f5220e7b9..000000000000
--- a/agent/xds/testdata/routes/api-gateway-with-multiple-inline-certificates.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "typeUrl":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden b/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden
index 75fe8ccc350f..9cac48040255 100644
--- a/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden
+++ b/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden
@@ -47,11 +47,6 @@
                       "headerName": "x-user-id"
                     }
                   },
-                  {
-                    "queryParameter": {
-                      "name": "my-pretty-param"
-                    }
-                  },
                   {
                     "connectionProperties": {
                       "sourceIp": true
diff --git a/agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden b/agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden
deleted file mode 100644
index 547b923b0d6e..000000000000
--- a/agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden
+++ /dev/null
@@ -1,30 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name": "db",
-      "virtualHosts": [
-        {
-          "name": "db",
-          "domains": [
-            "*"
-          ],
-          "routes": [
-            {
-              "match": {
-                "prefix": "/"
-              },
-              "route": {
-                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ]
-        }
-      ],
-      "validateClusters": true
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden b/agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden
deleted file mode 100644
index b364c9f9d0c7..000000000000
--- a/agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name": "db",
-      "virtualHosts": [
-        {
-          "name": "db",
-          "domains": [
-            "*"
-          ],
-          "routes": [
-            {
-              "match": {
-                "prefix": "/web"
-              },
-              "route": {
-                "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            },
-            {
-              "match": {
-                "prefix": "/"
-              },
-              "route": {
-                "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
-              }
-            }
-          ]
-        }
-      ],
-      "validateClusters": true
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden b/agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden
deleted file mode 100644
index 776509501f62..000000000000
--- a/agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden
+++ /dev/null
@@ -1,99 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "resources": [
-    {
-      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name": "db",
-      "virtualHosts": [
-        {
-          "name": "db",
-          "domains": [
-            "*"
-          ],
-          "routes": [
-            {
-              "match": {
-                "prefix": "/"
-              },
-              "route": {
-                "weightedClusters": {
-                  "clusters": [
-                    {
-                      "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-                      "weight": 10000,
-                      "requestHeadersToAdd": [
-                        {
-                          "header": {
-                            "key": "x-split-leg",
-                            "value": "big"
-                          },
-                          "append": false
-                        }
-                      ],
-                      "responseHeadersToAdd": [
-                        {
-                          "header": {
-                            "key": "x-split-leg",
-                            "value": "big"
-                          },
-                          "append": false
-                        }
-                      ]
-                    },
-                    {
-                      "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-                      "weight": 10000,
-                      "requestHeadersToAdd": [
-                        {
-                          "header": {
-                            "key": "x-split-leg",
-                            "value": "goldilocks"
-                          },
-                          "append": false
-                        }
-                      ],
-                      "responseHeadersToAdd": [
-                        {
-                          "header": {
-                            "key": "x-split-leg",
-                            "value": "goldilocks"
-                          },
-                          "append": false
-                        }
-                      ]
-                    },
-                    {
-                      "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-                      "weight": 10000,
-                      "requestHeadersToAdd": [
-                        {
-                          "header": {
-                            "key": "x-split-leg",
-                            "value": "small"
-                          },
-                          "append": false
-                        }
-                      ],
-                      "responseHeadersToAdd": [
-                        {
-                          "header": {
-                            "key": "x-split-leg",
-                            "value": "small"
-                          },
-                          "append": false
-                        }
-                      ]
-                    }
-                  ]
-                }
-              }
-            }
-          ]
-        }
-      ],
-      "validateClusters": true
-    }
-  ],
-  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
deleted file mode 100644
index 9c050cbe6b4d..000000000000
--- a/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-http2.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-http2.latest.golden
deleted file mode 100644
index 306f5220e7b9..000000000000
--- a/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-http2.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "typeUrl":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden b/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden
index 959cc72d4ef0..f2bc276d8e99 100644
--- a/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden
+++ b/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden
@@ -48,11 +48,6 @@
                       "headerName": "x-user-id"
                     }
                   },
-                  {
-                    "queryParameter": {
-                      "name": "my-pretty-param"
-                    }
-                  },
                   {
                     "connectionProperties": {
                       "sourceIp": true
diff --git a/agent/xds/testdata/routes/terminating-gateway-lb-config.latest.golden b/agent/xds/testdata/routes/terminating-gateway-lb-config.latest.golden
index 30b36d92d194..cc49c907cce5 100644
--- a/agent/xds/testdata/routes/terminating-gateway-lb-config.latest.golden
+++ b/agent/xds/testdata/routes/terminating-gateway-lb-config.latest.golden
@@ -1,41 +1,40 @@
 {
-  "versionInfo":  "00000001",
-  "resources":  [
+  "versionInfo": "00000001",
+  "resources": [
     {
-      "@type":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name":  "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "virtualHosts":  [
+      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "virtualHosts": [
         {
-          "name":  "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-          "domains":  [
+          "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+          "domains": [
             "*"
           ],
-          "routes":  [
+          "routes": [
             {
-              "match":  {
-                "prefix":  "/"
+              "match": {
+                "prefix": "/"
               },
-              "route":  {
-                "cluster":  "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-                "autoHostRewrite":  true,
-                "timeout":  "0.200s",
-                "hashPolicy":  [
+              "route": {
+                "cluster": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+                "autoHostRewrite": true,
+                "hashPolicy": [
                   {
-                    "cookie":  {
-                      "name":  "chocolate-chip"
+                    "cookie": {
+                      "name": "chocolate-chip"
                     },
-                    "terminal":  true
+                    "terminal": true
                   },
                   {
-                    "header":  {
-                      "headerName":  "x-user-id"
+                    "header": {
+                      "headerName": "x-user-id"
                     }
                   },
                   {
-                    "connectionProperties":  {
-                      "sourceIp":  true
+                    "connectionProperties": {
+                      "sourceIp": true
                     },
-                    "terminal":  true
+                    "terminal": true
                   }
                 ]
               }
@@ -43,43 +42,42 @@
           ]
         }
       ],
-      "validateClusters":  true
+      "validateClusters": true
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name":  "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "virtualHosts":  [
+      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "virtualHosts": [
         {
-          "name":  "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-          "domains":  [
+          "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+          "domains": [
             "*"
           ],
-          "routes":  [
+          "routes": [
             {
-              "match":  {
-                "prefix":  "/"
+              "match": {
+                "prefix": "/"
               },
-              "route":  {
-                "cluster":  "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-                "autoHostRewrite":  true,
-                "timeout":  "0.200s",
-                "hashPolicy":  [
+              "route": {
+                "cluster": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+                "autoHostRewrite": true,
+                "hashPolicy": [
                   {
-                    "cookie":  {
-                      "name":  "chocolate-chip"
+                    "cookie": {
+                      "name": "chocolate-chip"
                     },
-                    "terminal":  true
+                    "terminal": true
                   },
                   {
-                    "header":  {
-                      "headerName":  "x-user-id"
+                    "header": {
+                      "headerName": "x-user-id"
                     }
                   },
                   {
-                    "connectionProperties":  {
-                      "sourceIp":  true
+                    "connectionProperties": {
+                      "sourceIp": true
                     },
-                    "terminal":  true
+                    "terminal": true
                   }
                 ]
               }
@@ -87,43 +85,42 @@
           ]
         }
       ],
-      "validateClusters":  true
+      "validateClusters": true
     },
     {
-      "@type":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-      "name":  "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-      "virtualHosts":  [
+      "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+      "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+      "virtualHosts": [
         {
-          "name":  "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-          "domains":  [
+          "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+          "domains": [
             "*"
           ],
-          "routes":  [
+          "routes": [
             {
-              "match":  {
-                "prefix":  "/"
+              "match": {
+                "prefix": "/"
               },
-              "route":  {
-                "cluster":  "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
-                "autoHostRewrite":  true,
-                "timeout":  "0.200s",
-                "hashPolicy":  [
+              "route": {
+                "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
+                "autoHostRewrite": true,
+                "hashPolicy": [
                   {
-                    "cookie":  {
-                      "name":  "chocolate-chip"
+                    "cookie": {
+                      "name": "chocolate-chip"
                     },
-                    "terminal":  true
+                    "terminal": true
                   },
                   {
-                    "header":  {
-                      "headerName":  "x-user-id"
+                    "header": {
+                      "headerName": "x-user-id"
                     }
                   },
                   {
-                    "connectionProperties":  {
-                      "sourceIp":  true
+                    "connectionProperties": {
+                      "sourceIp": true
                     },
-                    "terminal":  true
+                    "terminal": true
                   }
                 ]
               }
@@ -131,9 +128,9 @@
           ]
         }
       ],
-      "validateClusters":  true
+      "validateClusters": true
     }
   ],
-  "typeUrl":  "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
-  "nonce":  "00000001"
+  "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
+  "nonce": "00000001"
 }
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/secrets/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
deleted file mode 100644
index 95612291de70..000000000000
--- a/agent/xds/testdata/secrets/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/secrets/api-gateway-with-http-route.latest.golden
deleted file mode 100644
index e6c25e165c65..000000000000
--- a/agent/xds/testdata/secrets/api-gateway-with-http-route.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "typeUrl":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/api-gateway-with-multiple-inline-certificates.latest.golden b/agent/xds/testdata/secrets/api-gateway-with-multiple-inline-certificates.latest.golden
deleted file mode 100644
index e6c25e165c65..000000000000
--- a/agent/xds/testdata/secrets/api-gateway-with-multiple-inline-certificates.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "typeUrl":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
deleted file mode 100644
index 95612291de70..000000000000
--- a/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-http2.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-http2.latest.golden
deleted file mode 100644
index e6c25e165c65..000000000000
--- a/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-http2.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "versionInfo":  "00000001",
-  "typeUrl":  "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
-  "nonce":  "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-listener-override.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-listener-override.latest.golden
deleted file mode 100644
index 95612291de70..000000000000
--- a/agent/xds/testdata/secrets/connect-proxy-with-peered-upstreams-listener-override.latest.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "versionInfo": "00000001",
-  "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
-  "nonce": "00000001"
-}
\ No newline at end of file
diff --git a/agent/xds/testing.go b/agent/xds/testing.go
index 916bbd9b5077..446f1a37a651 100644
--- a/agent/xds/testing.go
+++ b/agent/xds/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
diff --git a/agent/xds/validateupstream-test/validateupstream_test.go b/agent/xds/validateupstream-test/validateupstream_test.go
index 9c57bdf81aaf..f2810bb1c02e 100644
--- a/agent/xds/validateupstream-test/validateupstream_test.go
+++ b/agent/xds/validateupstream-test/validateupstream_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package validateupstream_test
 
diff --git a/agent/xds/xds.go b/agent/xds/xds.go
index aab5bc7aaf14..07fe1c473107 100644
--- a/agent/xds/xds.go
+++ b/agent/xds/xds.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package xds provides an implementation of a gRPC service that exports Envoy's
 // xDS API for config discovery. Specifically we support the Aggregated
diff --git a/agent/xds/xds_protocol_helpers_test.go b/agent/xds/xds_protocol_helpers_test.go
index 655e0458f49e..958a27474c44 100644
--- a/agent/xds/xds_protocol_helpers_test.go
+++ b/agent/xds/xds_protocol_helpers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
@@ -9,7 +9,10 @@ import (
 	"testing"
 	"time"
 
-	"github.com/armon/go-metrics"
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/grpc-external/limiter"
+	"github.com/hashicorp/consul/envoyextensions/xdscommon"
+
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
@@ -24,6 +27,8 @@ import (
 	envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
 	envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
 	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
+
+	"github.com/armon/go-metrics"
 	"github.com/mitchellh/copystructure"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/proto"
@@ -31,15 +36,8 @@ import (
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
 
-	"github.com/hashicorp/consul/agent/connect"
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
 	"github.com/hashicorp/consul/agent/proxycfg"
-	"github.com/hashicorp/consul/agent/proxycfg-sources/catalog"
 	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/agent/xds/response"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
 
@@ -73,14 +71,14 @@ func newTestSnapshot(
 // testing. It also implements ConnectAuthz to allow control over authorization.
 type testManager struct {
 	sync.Mutex
-	stateChans map[structs.ServiceID]chan proxysnapshot.ProxySnapshot
+	stateChans map[structs.ServiceID]chan *proxycfg.ConfigSnapshot
 	drainChans map[structs.ServiceID]chan struct{}
 	cancels    chan structs.ServiceID
 }
 
 func newTestManager(t *testing.T) *testManager {
 	return &testManager{
-		stateChans: map[structs.ServiceID]chan proxysnapshot.ProxySnapshot{},
+		stateChans: map[structs.ServiceID]chan *proxycfg.ConfigSnapshot{},
 		drainChans: map[structs.ServiceID]chan struct{}{},
 		cancels:    make(chan structs.ServiceID, 10),
 	}
@@ -90,12 +88,12 @@ func newTestManager(t *testing.T) *testManager {
 func (m *testManager) RegisterProxy(t *testing.T, proxyID structs.ServiceID) {
 	m.Lock()
 	defer m.Unlock()
-	m.stateChans[proxyID] = make(chan proxysnapshot.ProxySnapshot, 1)
+	m.stateChans[proxyID] = make(chan *proxycfg.ConfigSnapshot, 1)
 	m.drainChans[proxyID] = make(chan struct{})
 }
 
 // Deliver simulates a proxy registration
-func (m *testManager) DeliverConfig(t *testing.T, proxyID structs.ServiceID, cfg proxysnapshot.ProxySnapshot) {
+func (m *testManager) DeliverConfig(t *testing.T, proxyID structs.ServiceID, cfg *proxycfg.ConfigSnapshot) {
 	t.Helper()
 	m.Lock()
 	defer m.Unlock()
@@ -122,10 +120,7 @@ func (m *testManager) DrainStreams(proxyID structs.ServiceID) {
 }
 
 // Watch implements ConfigManager
-func (m *testManager) Watch(id *pbresource.ID, _ string, _ string) (<-chan proxysnapshot.ProxySnapshot,
-	limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error) {
-	// Create service ID
-	proxyID := structs.NewServiceID(id.Name, catalog.GetEnterpriseMetaFromResourceID(id))
+func (m *testManager) Watch(proxyID structs.ServiceID, _ string, _ string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
 	m.Lock()
 	defer m.Unlock()
 
@@ -233,7 +228,7 @@ func xdsNewEndpoint(ip string, port int) *envoy_endpoint_v3.LbEndpoint {
 	return &envoy_endpoint_v3.LbEndpoint{
 		HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
 			Endpoint: &envoy_endpoint_v3.Endpoint{
-				Address: response.MakeAddress(ip, port),
+				Address: makeAddress(ip, port),
 			},
 		},
 	}
@@ -242,7 +237,7 @@ func xdsNewEndpoint(ip string, port int) *envoy_endpoint_v3.LbEndpoint {
 func xdsNewEndpointWithHealth(ip string, port int, health envoy_core_v3.HealthStatus, weight int) *envoy_endpoint_v3.LbEndpoint {
 	ep := xdsNewEndpoint(ip, port)
 	ep.HealthStatus = health
-	ep.LoadBalancingWeight = response.MakeUint32Value(weight)
+	ep.LoadBalancingWeight = makeUint32Value(weight)
 	return ep
 }
 
@@ -302,7 +297,7 @@ func xdsNewTransportSocket(
 	if downstream {
 		var requireClientCertPB *wrapperspb.BoolValue
 		if requireClientCert {
-			requireClientCertPB = response.MakeBoolValue(true)
+			requireClientCertPB = makeBoolValue(true)
 		}
 
 		tlsContext = &envoy_tls_v3.DownstreamTlsContext{
@@ -602,7 +597,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 		return &envoy_listener_v3.Listener{
 			// Envoy can't bind to port 1
 			Name:             "public_listener:0.0.0.0:1",
-			Address:          response.MakeAddress("0.0.0.0", 1),
+			Address:          makeAddress("0.0.0.0", 1),
 			TrafficDirection: envoy_core_v3.TrafficDirection_INBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -625,7 +620,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "tcp:public_listener":
 		return &envoy_listener_v3.Listener{
 			Name:             "public_listener:0.0.0.0:9999",
-			Address:          response.MakeAddress("0.0.0.0", 9999),
+			Address:          makeAddress("0.0.0.0", 9999),
 			TrafficDirection: envoy_core_v3.TrafficDirection_INBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -648,7 +643,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "tcp:db":
 		return &envoy_listener_v3.Listener{
 			Name:             "db:127.0.0.1:9191",
-			Address:          response.MakeAddress("127.0.0.1", 9191),
+			Address:          makeAddress("127.0.0.1", 9191),
 			TrafficDirection: envoy_core_v3.TrafficDirection_OUTBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -666,7 +661,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "http2:db":
 		return &envoy_listener_v3.Listener{
 			Name:             "db:127.0.0.1:9191",
-			Address:          response.MakeAddress("127.0.0.1", 9191),
+			Address:          makeAddress("127.0.0.1", 9191),
 			TrafficDirection: envoy_core_v3.TrafficDirection_OUTBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -694,7 +689,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "http2:db:rds":
 		return &envoy_listener_v3.Listener{
 			Name:             "db:127.0.0.1:9191",
-			Address:          response.MakeAddress("127.0.0.1", 9191),
+			Address:          makeAddress("127.0.0.1", 9191),
 			TrafficDirection: envoy_core_v3.TrafficDirection_OUTBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -725,7 +720,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "http:db:rds":
 		return &envoy_listener_v3.Listener{
 			Name:             "db:127.0.0.1:9191",
-			Address:          response.MakeAddress("127.0.0.1", 9191),
+			Address:          makeAddress("127.0.0.1", 9191),
 			TrafficDirection: envoy_core_v3.TrafficDirection_OUTBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -756,7 +751,7 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
 	case "tcp:geo-cache":
 		return &envoy_listener_v3.Listener{
 			Name:             "prepared_query:geo-cache:127.10.10.10:8181",
-			Address:          response.MakeAddress("127.10.10.10", 8181),
+			Address:          makeAddress("127.10.10.10", 8181),
 			TrafficDirection: envoy_core_v3.TrafficDirection_OUTBOUND,
 			FilterChains: []*envoy_listener_v3.FilterChain{
 				{
@@ -782,7 +777,7 @@ func makeTestRoute(t *testing.T, fixtureName string) *envoy_route_v3.RouteConfig
 	case "http2:db", "http:db":
 		return &envoy_route_v3.RouteConfiguration{
 			Name:             "db",
-			ValidateClusters: response.MakeBoolValue(true),
+			ValidateClusters: makeBoolValue(true),
 			VirtualHosts: []*envoy_route_v3.VirtualHost{
 				{
 					Name:    "db",
diff --git a/agent/xds/z_xds_packages_test.go b/agent/xds/z_xds_packages_test.go
index f5f043518933..149490678cf2 100644
--- a/agent/xds/z_xds_packages_test.go
+++ b/agent/xds/z_xds_packages_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xds
 
diff --git a/agent/xdsv2/cluster_resources.go b/agent/xdsv2/cluster_resources.go
deleted file mode 100644
index 5eedd1f21f37..000000000000
--- a/agent/xdsv2/cluster_resources.go
+++ /dev/null
@@ -1,348 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xdsv2
-
-import (
-	"errors"
-	"fmt"
-
-	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
-	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
-	envoy_aggregate_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/aggregate/v3"
-	envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
-	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
-
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/types/known/anypb"
-)
-
-func (pr *ProxyResources) doesEnvoyClusterAlreadyExist(name string) bool {
-	// TODO(proxystate): consider using a map instead of [] for this kind of lookup
-	for _, envoyCluster := range pr.envoyResources[xdscommon.ClusterType] {
-		if envoyCluster.(*envoy_cluster_v3.Cluster).Name == name {
-			return true
-		}
-	}
-	return false
-}
-
-func (pr *ProxyResources) makeXDSClusters() ([]proto.Message, error) {
-	clusters := make([]proto.Message, 0)
-
-	for clusterName := range pr.proxyState.Clusters {
-		protoCluster, err := pr.makeClusters(clusterName)
-		// TODO: aggregate errors for clusters and still return any properly formed clusters.
-		if err != nil {
-			return nil, err
-		}
-		clusters = append(clusters, protoCluster...)
-	}
-
-	return clusters, nil
-}
-
-func (pr *ProxyResources) makeClusters(name string) ([]proto.Message, error) {
-	clusters := make([]proto.Message, 0)
-	proxyStateCluster, ok := pr.proxyState.Clusters[name]
-	if !ok {
-		return nil, fmt.Errorf("cluster %q not found", name)
-	}
-
-	if pr.doesEnvoyClusterAlreadyExist(name) {
-		// don't error
-		return []proto.Message{}, nil
-	}
-
-	switch proxyStateCluster.Group.(type) {
-	case *pbproxystate.Cluster_FailoverGroup:
-		fg := proxyStateCluster.GetFailoverGroup()
-		clusters, err := pr.makeEnvoyAggregateCluster(name, proxyStateCluster.Protocol, fg)
-		if err != nil {
-			return nil, err
-		}
-		for _, c := range clusters {
-			clusters = append(clusters, c)
-		}
-
-	case *pbproxystate.Cluster_EndpointGroup:
-		eg := proxyStateCluster.GetEndpointGroup()
-		cluster, err := pr.makeEnvoyCluster(name, proxyStateCluster.Protocol, eg)
-		if err != nil {
-			return nil, err
-		}
-		clusters = append(clusters, cluster)
-
-	default:
-		return nil, errors.New("cluster group type should be Endpoint Group or Failover Group")
-	}
-	return clusters, nil
-}
-
-func (pr *ProxyResources) makeEnvoyCluster(name string, protocol string, eg *pbproxystate.EndpointGroup) (*envoy_cluster_v3.Cluster, error) {
-	if eg != nil {
-		switch t := eg.Group.(type) {
-		case *pbproxystate.EndpointGroup_Dynamic:
-			dynamic := eg.GetDynamic()
-			return pr.makeEnvoyDynamicCluster(name, protocol, dynamic)
-		case *pbproxystate.EndpointGroup_Static:
-			static := eg.GetStatic()
-			return pr.makeEnvoyStaticCluster(name, protocol, static)
-		case *pbproxystate.EndpointGroup_Dns:
-			dns := eg.GetDns()
-			return pr.makeEnvoyDnsCluster(name, protocol, dns)
-		case *pbproxystate.EndpointGroup_Passthrough:
-			passthrough := eg.GetPassthrough()
-			return pr.makeEnvoyPassthroughCluster(name, protocol, passthrough)
-		default:
-			return nil, fmt.Errorf("unsupported endpoint group type: %s", t)
-		}
-	}
-	return nil, fmt.Errorf("no endpoint group")
-}
-
-func (pr *ProxyResources) makeEnvoyDynamicCluster(name string, protocol string, dynamic *pbproxystate.DynamicEndpointGroup) (*envoy_cluster_v3.Cluster, error) {
-	cluster := &envoy_cluster_v3.Cluster{
-		Name:                 name,
-		ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_EDS},
-		EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{
-			EdsConfig: &envoy_core_v3.ConfigSource{
-				ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
-				ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{
-					Ads: &envoy_core_v3.AggregatedConfigSource{},
-				},
-			},
-		},
-	}
-	err := addHttpProtocolOptions(protocol, cluster)
-	if err != nil {
-		return nil, err
-	}
-	if dynamic.Config != nil {
-		if dynamic.Config.UseAltStatName {
-			cluster.AltStatName = name
-		}
-		cluster.ConnectTimeout = dynamic.Config.ConnectTimeout
-		if !dynamic.Config.DisablePanicThreshold {
-			cluster.CommonLbConfig = &envoy_cluster_v3.Cluster_CommonLbConfig{
-				HealthyPanicThreshold: &envoy_type_v3.Percent{
-					Value: 0, // disable panic threshold
-				},
-			}
-		}
-		addEnvoyCircuitBreakers(dynamic.Config.CircuitBreakers, cluster)
-		addEnvoyOutlierDetection(dynamic.Config.OutlierDetection, cluster)
-
-		err := addEnvoyLBToCluster(dynamic.Config, cluster)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	if dynamic.OutboundTls != nil {
-		envoyTransportSocket, err := pr.makeEnvoyTransportSocket(dynamic.OutboundTls)
-		if err != nil {
-			return nil, err
-		}
-		cluster.TransportSocket = envoyTransportSocket
-	}
-
-	return cluster, nil
-
-}
-
-func (pr *ProxyResources) makeEnvoyStaticCluster(name string, protocol string, static *pbproxystate.StaticEndpointGroup) (*envoy_cluster_v3.Cluster, error) {
-	endpointList, ok := pr.proxyState.Endpoints[name]
-	if !ok || endpointList == nil {
-		return nil, fmt.Errorf("static cluster %q is missing endpoints", name)
-	}
-	cluster := &envoy_cluster_v3.Cluster{
-		Name:                 name,
-		ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STATIC},
-		LoadAssignment:       makeEnvoyClusterLoadAssignment(name, endpointList.Endpoints),
-	}
-	err := addHttpProtocolOptions(protocol, cluster)
-	if err != nil {
-		return nil, err
-	}
-
-	if static.Config != nil {
-		cluster.ConnectTimeout = static.Config.ConnectTimeout
-		addEnvoyCircuitBreakers(static.GetConfig().CircuitBreakers, cluster)
-	}
-	return cluster, nil
-}
-func (pr *ProxyResources) makeEnvoyDnsCluster(name string, protocol string, dns *pbproxystate.DNSEndpointGroup) (*envoy_cluster_v3.Cluster, error) {
-	return nil, nil
-}
-func (pr *ProxyResources) makeEnvoyPassthroughCluster(name string, protocol string, passthrough *pbproxystate.PassthroughEndpointGroup) (*envoy_cluster_v3.Cluster, error) {
-	cluster := &envoy_cluster_v3.Cluster{
-		Name:                 name,
-		ConnectTimeout:       passthrough.Config.ConnectTimeout,
-		LbPolicy:             envoy_cluster_v3.Cluster_CLUSTER_PROVIDED,
-		ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_ORIGINAL_DST},
-	}
-	if passthrough.OutboundTls != nil {
-		envoyTransportSocket, err := pr.makeEnvoyTransportSocket(passthrough.OutboundTls)
-		if err != nil {
-			return nil, err
-		}
-		cluster.TransportSocket = envoyTransportSocket
-	}
-	err := addHttpProtocolOptions(protocol, cluster)
-	if err != nil {
-		return nil, err
-	}
-	return cluster, nil
-}
-
-func (pr *ProxyResources) makeEnvoyAggregateCluster(name string, protocol string, fg *pbproxystate.FailoverGroup) ([]*envoy_cluster_v3.Cluster, error) {
-	var clusters []*envoy_cluster_v3.Cluster
-	if fg != nil {
-
-		var egNames []string
-		for _, eg := range fg.EndpointGroups {
-			cluster, err := pr.makeEnvoyCluster(name, protocol, eg)
-			if err != nil {
-				return nil, err
-			}
-			egNames = append(egNames, cluster.Name)
-			clusters = append(clusters, cluster)
-		}
-		aggregateClusterConfig, err := anypb.New(&envoy_aggregate_cluster_v3.ClusterConfig{
-			Clusters: egNames,
-		})
-
-		if err != nil {
-			return nil, err
-		}
-
-		c := &envoy_cluster_v3.Cluster{
-			Name:           name,
-			AltStatName:    name,
-			ConnectTimeout: fg.Config.ConnectTimeout,
-			LbPolicy:       envoy_cluster_v3.Cluster_CLUSTER_PROVIDED,
-			ClusterDiscoveryType: &envoy_cluster_v3.Cluster_ClusterType{
-				ClusterType: &envoy_cluster_v3.Cluster_CustomClusterType{
-					Name:        "envoy.clusters.aggregate",
-					TypedConfig: aggregateClusterConfig,
-				},
-			},
-		}
-		err = addHttpProtocolOptions(protocol, c)
-		if err != nil {
-			return nil, err
-		}
-		clusters = append(clusters, c)
-	}
-	return clusters, nil
-}
-
-func addHttpProtocolOptions(protocol string, c *envoy_cluster_v3.Cluster) error {
-	if !(protocol == "http2" || protocol == "grpc") {
-		// do not error.  returning nil means it won't get set.
-		return nil
-	}
-	cfg := &envoy_upstreams_v3.HttpProtocolOptions{
-		UpstreamProtocolOptions: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_{
-			ExplicitHttpConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig{
-				ProtocolConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{
-					Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{},
-				},
-			},
-		},
-	}
-	any, err := anypb.New(cfg)
-	if err != nil {
-		return err
-	}
-	c.TypedExtensionProtocolOptions = map[string]*anypb.Any{
-		"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": any,
-	}
-	return nil
-}
-
-// addEnvoyOutlierDetection will add outlier detection config to the cluster, and if nil, add empty OutlierDetection to
-// enable it with default values
-func addEnvoyOutlierDetection(outlierDetection *pbproxystate.OutlierDetection, c *envoy_cluster_v3.Cluster) {
-	if outlierDetection == nil {
-		return
-	}
-	od := &envoy_cluster_v3.OutlierDetection{
-		BaseEjectionTime:         outlierDetection.GetBaseEjectionTime(),
-		Consecutive_5Xx:          outlierDetection.GetConsecutive_5Xx(),
-		EnforcingConsecutive_5Xx: outlierDetection.GetEnforcingConsecutive_5Xx(),
-		Interval:                 outlierDetection.GetInterval(),
-		MaxEjectionPercent:       outlierDetection.GetMaxEjectionPercent(),
-	}
-	c.OutlierDetection = od
-
-}
-
-func addEnvoyCircuitBreakers(circuitBreakers *pbproxystate.CircuitBreakers, c *envoy_cluster_v3.Cluster) {
-	if circuitBreakers != nil {
-		if circuitBreakers.UpstreamLimits == nil {
-			c.CircuitBreakers = &envoy_cluster_v3.CircuitBreakers{}
-			return
-		}
-		threshold := &envoy_cluster_v3.CircuitBreakers_Thresholds{}
-		threshold.MaxConnections = circuitBreakers.UpstreamLimits.MaxConnections
-		threshold.MaxPendingRequests = circuitBreakers.UpstreamLimits.MaxPendingRequests
-		threshold.MaxRequests = circuitBreakers.UpstreamLimits.MaxConcurrentRequests
-
-		c.CircuitBreakers = &envoy_cluster_v3.CircuitBreakers{
-			Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{threshold},
-		}
-	}
-}
-
-func addEnvoyLBToCluster(dynamicConfig *pbproxystate.DynamicEndpointGroupConfig, c *envoy_cluster_v3.Cluster) error {
-	if dynamicConfig == nil || dynamicConfig.LbPolicy == nil {
-		return nil
-	}
-
-	switch d := dynamicConfig.LbPolicy.(type) {
-	case *pbproxystate.DynamicEndpointGroupConfig_LeastRequest:
-		c.LbPolicy = envoy_cluster_v3.Cluster_LEAST_REQUEST
-
-		lb := dynamicConfig.LbPolicy.(*pbproxystate.DynamicEndpointGroupConfig_LeastRequest)
-		if lb.LeastRequest != nil {
-			c.LbConfig = &envoy_cluster_v3.Cluster_LeastRequestLbConfig_{
-				LeastRequestLbConfig: &envoy_cluster_v3.Cluster_LeastRequestLbConfig{
-					ChoiceCount: lb.LeastRequest.ChoiceCount,
-				},
-			}
-		}
-	case *pbproxystate.DynamicEndpointGroupConfig_RoundRobin:
-		c.LbPolicy = envoy_cluster_v3.Cluster_ROUND_ROBIN
-
-	case *pbproxystate.DynamicEndpointGroupConfig_Random:
-		c.LbPolicy = envoy_cluster_v3.Cluster_RANDOM
-
-	case *pbproxystate.DynamicEndpointGroupConfig_RingHash:
-		c.LbPolicy = envoy_cluster_v3.Cluster_RING_HASH
-
-		lb := dynamicConfig.LbPolicy.(*pbproxystate.DynamicEndpointGroupConfig_RingHash)
-		if lb.RingHash != nil {
-			c.LbConfig = &envoy_cluster_v3.Cluster_RingHashLbConfig_{
-				RingHashLbConfig: &envoy_cluster_v3.Cluster_RingHashLbConfig{
-					MinimumRingSize: lb.RingHash.MinimumRingSize,
-					MaximumRingSize: lb.RingHash.MaximumRingSize,
-				},
-			}
-		}
-	case *pbproxystate.DynamicEndpointGroupConfig_Maglev:
-		c.LbPolicy = envoy_cluster_v3.Cluster_MAGLEV
-
-	default:
-		return fmt.Errorf("unsupported load balancer policy %q for cluster %q", d, c.Name)
-	}
-	return nil
-}
-
-// TODO(proxystate): In a future PR this will create clusters and add it to ProxyResources.proxyState
-func (pr *ProxyResources) makeEnvoyClusterFromL4Destination(name string) error {
-	return nil
-}
diff --git a/agent/xdsv2/endpoint_resources.go b/agent/xdsv2/endpoint_resources.go
deleted file mode 100644
index ba67364e9e0b..000000000000
--- a/agent/xdsv2/endpoint_resources.go
+++ /dev/null
@@ -1,61 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xdsv2
-
-import (
-	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
-	envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
-	"github.com/hashicorp/consul/agent/xds/response"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"google.golang.org/protobuf/proto"
-)
-
-func makeEnvoyLbEndpoint(endpoint *pbproxystate.Endpoint) *envoy_endpoint_v3.LbEndpoint {
-	hs := int32(endpoint.GetHealthStatus().Number())
-	return &envoy_endpoint_v3.LbEndpoint{
-		HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
-			Endpoint: makeEnvoyEndpoint(endpoint),
-		},
-		HealthStatus:        envoy_core_v3.HealthStatus(hs),
-		LoadBalancingWeight: endpoint.GetLoadBalancingWeight(),
-	}
-}
-
-func makeEnvoyEndpoint(endpoint *pbproxystate.Endpoint) *envoy_endpoint_v3.Endpoint {
-	var address *envoy_core_v3.Address
-	if endpoint.GetUnixSocket() != nil {
-		address = response.MakePipeAddress(endpoint.GetUnixSocket().GetPath(), 0)
-	} else {
-		address = response.MakeAddress(endpoint.GetHostPort().GetHost(), int(endpoint.GetHostPort().Port))
-	}
-
-	return &envoy_endpoint_v3.Endpoint{
-		Address: address,
-	}
-}
-
-func makeEnvoyClusterLoadAssignment(clusterName string, endpoints []*pbproxystate.Endpoint) *envoy_endpoint_v3.ClusterLoadAssignment {
-	localityLbEndpoints := &envoy_endpoint_v3.LocalityLbEndpoints{}
-	for _, endpoint := range endpoints {
-		localityLbEndpoints.LbEndpoints = append(localityLbEndpoints.LbEndpoints, makeEnvoyLbEndpoint(endpoint))
-	}
-	return &envoy_endpoint_v3.ClusterLoadAssignment{
-		ClusterName: clusterName,
-		Endpoints:   []*envoy_endpoint_v3.LocalityLbEndpoints{localityLbEndpoints},
-	}
-}
-
-func (pr *ProxyResources) makeXDSEndpoints() ([]proto.Message, error) {
-	endpoints := make([]proto.Message, 0)
-
-	for clusterName, eps := range pr.proxyState.GetEndpoints() {
-		if clusterName != xdscommon.LocalAppClusterName {
-			protoEndpoint := makeEnvoyClusterLoadAssignment(clusterName, eps.Endpoints)
-			endpoints = append(endpoints, protoEndpoint)
-		}
-	}
-
-	return endpoints, nil
-}
diff --git a/agent/xdsv2/listener_resources.go b/agent/xdsv2/listener_resources.go
deleted file mode 100644
index f3a241f0cbe3..000000000000
--- a/agent/xdsv2/listener_resources.go
+++ /dev/null
@@ -1,984 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xdsv2
-
-import (
-	"fmt"
-	"sort"
-	"strconv"
-
-	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
-	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
-	envoy_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3"
-	envoy_grpc_http1_bridge_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_http1_bridge/v3"
-	envoy_grpc_stats_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_stats/v3"
-	envoy_http_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3"
-	envoy_extensions_filters_listener_http_inspector_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/http_inspector/v3"
-	envoy_original_dst_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_dst/v3"
-	envoy_tls_inspector_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3"
-	envoy_connection_limit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/connection_limit/v3"
-	envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
-	envoy_network_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rbac/v3"
-	envoy_sni_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_cluster/v3"
-	envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3"
-	envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
-	envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
-	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
-	"google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/types/known/anypb"
-	"google.golang.org/protobuf/types/known/durationpb"
-	"google.golang.org/protobuf/types/known/wrapperspb"
-
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/lib"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-)
-
-const (
-	envoyNetworkFilterName                     = "envoy.filters.network.tcp_proxy"
-	envoyOriginalDestinationListenerFilterName = "envoy.filters.listener.original_dst"
-	envoyTLSInspectorListenerFilterName        = "envoy.filters.listener.tls_inspector"
-	envoyHttpInspectorListenerFilterName       = "envoy.filters.listener.http_inspector"
-	envoyHttpConnectionManagerFilterName       = "envoy.filters.network.http_connection_manager"
-)
-
-func (pr *ProxyResources) makeXDSListeners() ([]proto.Message, error) {
-	listeners := make([]proto.Message, 0)
-
-	for _, l := range pr.proxyState.Listeners {
-		protoListener, err := pr.makeListener(l)
-		// TODO: aggregate errors for listeners and still return any properly formed listeners.
-		if err != nil {
-			return nil, err
-		}
-		listeners = append(listeners, protoListener)
-	}
-	return listeners, nil
-}
-
-func (pr *ProxyResources) makeListener(listener *pbproxystate.Listener) (*envoy_listener_v3.Listener, error) {
-	envoyListener := &envoy_listener_v3.Listener{}
-
-	// Listener Address
-	var address *envoy_core_v3.Address
-	switch listener.BindAddress.(type) {
-	case *pbproxystate.Listener_HostPort:
-		address = makeIpPortEnvoyAddress(listener.BindAddress.(*pbproxystate.Listener_HostPort))
-	case *pbproxystate.Listener_UnixSocket:
-		address = makeUnixSocketEnvoyAddress(listener.BindAddress.(*pbproxystate.Listener_UnixSocket))
-	default:
-		// This should be impossible to reach because we're using protobufs.
-		return nil, fmt.Errorf("invalid listener bind address type: %t", listener.BindAddress)
-	}
-	envoyListener.Address = address
-
-	// Listener Direction
-	var direction envoy_core_v3.TrafficDirection
-	switch listener.Direction {
-	case pbproxystate.Direction_DIRECTION_OUTBOUND:
-		direction = envoy_core_v3.TrafficDirection_OUTBOUND
-	case pbproxystate.Direction_DIRECTION_INBOUND:
-		direction = envoy_core_v3.TrafficDirection_INBOUND
-	case pbproxystate.Direction_DIRECTION_UNSPECIFIED:
-		direction = envoy_core_v3.TrafficDirection_UNSPECIFIED
-	default:
-		return nil, fmt.Errorf("no direction for listener %+v", listener.Name)
-	}
-	envoyListener.TrafficDirection = direction
-
-	// Before creating the filter chains, sort routers by match to avoid draining if the list is provided out of order.
-	sortRouters(listener.Routers)
-
-	// Listener filter chains
-	for _, r := range listener.Routers {
-		filterChain, err := pr.makeEnvoyListenerFilterChain(r)
-		if err != nil {
-			return nil, fmt.Errorf("could not make filter chain: %w", err)
-		}
-		envoyListener.FilterChains = append(envoyListener.FilterChains, filterChain)
-	}
-
-	if listener.DefaultRouter != nil {
-		defaultFilterChain, err := pr.makeEnvoyListenerFilterChain(listener.DefaultRouter)
-		if err != nil {
-			return nil, fmt.Errorf("could not make filter chain: %w", err)
-		}
-		envoyListener.DefaultFilterChain = defaultFilterChain
-	}
-
-	// Envoy builtin listener filters
-	for _, c := range listener.Capabilities {
-		listenerFilter, err := makeEnvoyListenerFilter(c)
-		if err != nil {
-			return nil, fmt.Errorf("could not make listener filter: %w", err)
-		}
-		envoyListener.ListenerFilters = append(envoyListener.ListenerFilters, listenerFilter)
-	}
-
-	err := addEnvoyListenerConnectionBalanceConfig(listener.BalanceConnections, envoyListener)
-	if err != nil {
-		return nil, err
-	}
-
-	envoyListener.Name = listener.Name
-	envoyListener.Address = address
-	envoyListener.TrafficDirection = direction
-
-	return envoyListener, nil
-}
-
-func makeEnvoyConnectionLimitFilter(maxInboundConns uint64) (*envoy_listener_v3.Filter, error) {
-	cfg := &envoy_connection_limit_v3.ConnectionLimit{
-		StatPrefix:     "inbound_connection_limit",
-		MaxConnections: wrapperspb.UInt64(maxInboundConns),
-	}
-
-	return makeEnvoyFilter("envoy.filters.network.connection_limit", cfg)
-}
-
-func addEnvoyListenerConnectionBalanceConfig(balanceType pbproxystate.BalanceConnections, listener *envoy_listener_v3.Listener) error {
-	switch balanceType {
-	case pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_DEFAULT:
-		// Default with no balancing.
-		return nil
-	case pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_EXACT:
-		listener.ConnectionBalanceConfig = &envoy_listener_v3.Listener_ConnectionBalanceConfig{
-			BalanceType: &envoy_listener_v3.Listener_ConnectionBalanceConfig_ExactBalance_{},
-		}
-		return nil
-	default:
-		// This should be impossible using protobufs.
-		return fmt.Errorf("unsupported connection balance option: %+v", balanceType)
-	}
-}
-
-func makeIpPortEnvoyAddress(address *pbproxystate.Listener_HostPort) *envoy_core_v3.Address {
-	return &envoy_core_v3.Address{
-		Address: &envoy_core_v3.Address_SocketAddress{
-			SocketAddress: &envoy_core_v3.SocketAddress{
-				Address: address.HostPort.Host,
-				PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{
-					PortValue: address.HostPort.Port,
-				},
-			},
-		},
-	}
-}
-
-func makeUnixSocketEnvoyAddress(address *pbproxystate.Listener_UnixSocket) *envoy_core_v3.Address {
-	modeInt, err := strconv.ParseUint(address.UnixSocket.Mode, 0, 32)
-	if err != nil {
-		modeInt = 0
-	}
-	return &envoy_core_v3.Address{
-		Address: &envoy_core_v3.Address_Pipe{
-			Pipe: &envoy_core_v3.Pipe{
-				Path: address.UnixSocket.Path,
-				Mode: uint32(modeInt),
-			},
-		},
-	}
-}
-
-func (pr *ProxyResources) makeEnvoyListenerFilterChain(router *pbproxystate.Router) (*envoy_listener_v3.FilterChain, error) {
-	envoyFilterChain := &envoy_listener_v3.FilterChain{}
-
-	if router == nil {
-		return nil, fmt.Errorf("no router to create filter chain")
-	}
-
-	// Router Match
-	match := makeEnvoyFilterChainMatch(router.Match)
-	if match != nil {
-		envoyFilterChain.FilterChainMatch = match
-	}
-
-	// Router Destination
-	var envoyFilters []*envoy_listener_v3.Filter
-	switch router.Destination.(type) {
-	case *pbproxystate.Router_L4:
-		l4Filters, err := pr.makeEnvoyResourcesForL4Destination(router.Destination.(*pbproxystate.Router_L4))
-		if err != nil {
-			return nil, err
-		}
-		envoyFilters = append(envoyFilters, l4Filters...)
-	case *pbproxystate.Router_L7:
-		l7 := router.Destination.(*pbproxystate.Router_L7)
-		l7Filters, err := pr.makeEnvoyResourcesForL7Destination(l7)
-		if err != nil {
-			return nil, err
-		}
-
-		// Inject ALPN protocols to router's TLS if destination is L7
-		if router.InboundTls != nil {
-			router.InboundTls.AlpnProtocols = getAlpnProtocols(l7.L7.Protocol)
-		}
-		envoyFilters = append(envoyFilters, l7Filters...)
-	case *pbproxystate.Router_Sni:
-		sniFilters, err := pr.makeEnvoyResourcesForSNIDestination(router.Destination.(*pbproxystate.Router_Sni))
-		if err != nil {
-			return nil, err
-		}
-		envoyFilters = append(envoyFilters, sniFilters...)
-	default:
-		// This should be impossible using protobufs.
-		return nil, fmt.Errorf("unsupported destination type: %t", router.Destination)
-
-	}
-
-	// Router TLS
-	ts, err := pr.makeEnvoyTransportSocket(router.InboundTls)
-	if err != nil {
-		return nil, err
-	}
-	envoyFilterChain.TransportSocket = ts
-
-	envoyFilterChain.Filters = envoyFilters
-	return envoyFilterChain, err
-}
-
-func makeEnvoyFilterChainMatch(routerMatch *pbproxystate.Match) *envoy_listener_v3.FilterChainMatch {
-	var envoyFilterChainMatch *envoy_listener_v3.FilterChainMatch
-	if routerMatch != nil {
-		envoyFilterChainMatch = &envoy_listener_v3.FilterChainMatch{}
-
-		envoyFilterChainMatch.DestinationPort = routerMatch.DestinationPort
-
-		if len(routerMatch.ServerNames) > 0 {
-			var serverNames []string
-			for _, n := range routerMatch.ServerNames {
-				serverNames = append(serverNames, n)
-			}
-			envoyFilterChainMatch.ServerNames = serverNames
-		}
-		if len(routerMatch.PrefixRanges) > 0 {
-			sortPrefixRanges(routerMatch.PrefixRanges)
-			var ranges []*envoy_core_v3.CidrRange
-			for _, r := range routerMatch.PrefixRanges {
-				cidrRange := &envoy_core_v3.CidrRange{
-					PrefixLen:     r.PrefixLen,
-					AddressPrefix: r.AddressPrefix,
-				}
-				ranges = append(ranges, cidrRange)
-			}
-			envoyFilterChainMatch.PrefixRanges = ranges
-		}
-		if len(routerMatch.SourcePrefixRanges) > 0 {
-			var ranges []*envoy_core_v3.CidrRange
-			for _, r := range routerMatch.SourcePrefixRanges {
-				cidrRange := &envoy_core_v3.CidrRange{
-					PrefixLen:     r.PrefixLen,
-					AddressPrefix: r.AddressPrefix,
-				}
-				ranges = append(ranges, cidrRange)
-			}
-			envoyFilterChainMatch.SourcePrefixRanges = ranges
-		}
-	}
-	return envoyFilterChainMatch
-}
-
-func (pr *ProxyResources) makeEnvoyResourcesForSNIDestination(sni *pbproxystate.Router_Sni) ([]*envoy_listener_v3.Filter, error) {
-	var envoyFilters []*envoy_listener_v3.Filter
-	sniFilter, err := makeEnvoyFilter("envoy.filters.network.sni_cluster", &envoy_sni_cluster_v3.SniCluster{})
-	if err != nil {
-		return nil, err
-	}
-	tcp := &envoy_tcp_proxy_v3.TcpProxy{
-		StatPrefix:       sni.Sni.StatPrefix,
-		ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_Cluster{Cluster: ""},
-	}
-	tcpFilter, err := makeEnvoyFilter(envoyNetworkFilterName, tcp)
-	if err != nil {
-		return nil, err
-	}
-	envoyFilters = append(envoyFilters, sniFilter, tcpFilter)
-	return envoyFilters, err
-}
-
-func (pr *ProxyResources) makeEnvoyResourcesForL4Destination(l4 *pbproxystate.Router_L4) ([]*envoy_listener_v3.Filter, error) {
-	err := pr.makeEnvoyClusterFromL4Destination(l4.L4.Name)
-	if err != nil {
-		return nil, err
-	}
-	envoyFilters, err := makeL4Filters(l4.L4)
-	return envoyFilters, err
-}
-
-func (pr *ProxyResources) makeEnvoyResourcesForL7Destination(l7 *pbproxystate.Router_L7) ([]*envoy_listener_v3.Filter, error) {
-	envoyFilters, err := pr.makeL7Filters(l7.L7)
-	if err != nil {
-		return nil, err
-	}
-	return envoyFilters, err
-}
-
-func getAlpnProtocols(protocol pbproxystate.L7Protocol) []string {
-	var alpnProtocols []string
-
-	switch protocol {
-	case pbproxystate.L7Protocol_L7_PROTOCOL_GRPC, pbproxystate.L7Protocol_L7_PROTOCOL_HTTP2:
-		alpnProtocols = append(alpnProtocols, "h2", "http/1.1")
-	case pbproxystate.L7Protocol_L7_PROTOCOL_HTTP:
-		alpnProtocols = append(alpnProtocols, "http/1.1")
-	}
-
-	return alpnProtocols
-}
-
-func makeL4Filters(l4 *pbproxystate.L4Destination) ([]*envoy_listener_v3.Filter, error) {
-	var envoyFilters []*envoy_listener_v3.Filter
-	if l4 != nil {
-		// Add rbac filter. RBAC filter needs to be added first so any
-		// unauthorized connections will get rejected.
-		// TODO(proxystate): Intentions will be added in the future.
-		if l4.AddEmptyIntention {
-			rbacFilter, err := makeEmptyRBACNetworkFilter()
-			if err != nil {
-				return nil, err
-			}
-			envoyFilters = append(envoyFilters, rbacFilter)
-		}
-
-		if l4.MaxInboundConnections > 0 {
-			connectionLimitFilter, err := makeEnvoyConnectionLimitFilter(l4.MaxInboundConnections)
-			if err != nil {
-				return nil, err
-			}
-			envoyFilters = append(envoyFilters, connectionLimitFilter)
-		}
-
-		// Add tcp proxy filter
-		tcp := &envoy_tcp_proxy_v3.TcpProxy{
-			ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_Cluster{Cluster: l4.Name},
-			StatPrefix:       l4.StatPrefix,
-		}
-		tcpFilter, err := makeEnvoyFilter(envoyNetworkFilterName, tcp)
-		if err != nil {
-			return nil, err
-		}
-		envoyFilters = append(envoyFilters, tcpFilter)
-	}
-	return envoyFilters, nil
-
-}
-
-func makeEmptyRBACNetworkFilter() (*envoy_listener_v3.Filter, error) {
-	cfg := &envoy_network_rbac_v3.RBAC{
-		StatPrefix: "connect_authz",
-		Rules:      &envoy_rbac_v3.RBAC{},
-	}
-	filter, err := makeEnvoyFilter("envoy.filters.network.rbac", cfg)
-	if err != nil {
-		return nil, err
-	}
-	return filter, nil
-}
-
-// TODO: Forward client cert details will be added as part of L7 listeners task.
-func (pr *ProxyResources) makeL7Filters(l7 *pbproxystate.L7Destination) ([]*envoy_listener_v3.Filter, error) {
-	var envoyFilters []*envoy_listener_v3.Filter
-	var httpConnMgr *envoy_http_v3.HttpConnectionManager
-
-	if l7 != nil {
-		// TODO: Intentions will be added in the future.
-		if l7.MaxInboundConnections > 0 {
-			connLimitFilter, err := makeEnvoyConnectionLimitFilter(l7.MaxInboundConnections)
-			if err != nil {
-				return nil, err
-			}
-			envoyFilters = append(envoyFilters, connLimitFilter)
-		}
-		envoyHttpRouter, err := makeEnvoyHTTPFilter("envoy.filters.http.router", &envoy_http_router_v3.Router{})
-		if err != nil {
-			return nil, err
-		}
-
-		httpConnMgr = &envoy_http_v3.HttpConnectionManager{
-			StatPrefix: l7.StatPrefix,
-			CodecType:  envoy_http_v3.HttpConnectionManager_AUTO,
-			HttpFilters: []*envoy_http_v3.HttpFilter{
-				envoyHttpRouter,
-			},
-			Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{
-				// Don't trace any requests by default unless the client application
-				// explicitly propagates trace headers that indicate this should be
-				// sampled.
-				RandomSampling: &envoy_type_v3.Percent{Value: 0.0},
-			},
-			// Explicitly enable WebSocket upgrades for all HTTP listeners
-			UpgradeConfigs: []*envoy_http_v3.HttpConnectionManager_UpgradeConfig{
-				{UpgradeType: "websocket"},
-			},
-		}
-
-		routeConfig, err := pr.makeEnvoyRoute(l7.Name)
-		if err != nil {
-			return nil, err
-		}
-
-		if l7.StaticRoute {
-			httpConnMgr.RouteSpecifier = &envoy_http_v3.HttpConnectionManager_RouteConfig{
-				RouteConfig: routeConfig,
-			}
-		} else {
-			// Add Envoy route under the route resource since it's not inlined.
-			pr.envoyResources[xdscommon.RouteType] = append(pr.envoyResources[xdscommon.RouteType], routeConfig)
-
-			httpConnMgr.RouteSpecifier = &envoy_http_v3.HttpConnectionManager_Rds{
-				Rds: &envoy_http_v3.Rds{
-					RouteConfigName: l7.Name,
-					ConfigSource: &envoy_core_v3.ConfigSource{
-						ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
-						ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{
-							Ads: &envoy_core_v3.AggregatedConfigSource{},
-						},
-					},
-				},
-			}
-		}
-
-		// Add http2 protocol options
-		if l7.Protocol == pbproxystate.L7Protocol_L7_PROTOCOL_HTTP2 || l7.Protocol == pbproxystate.L7Protocol_L7_PROTOCOL_GRPC {
-			httpConnMgr.Http2ProtocolOptions = &envoy_core_v3.Http2ProtocolOptions{}
-		}
-
-		// Add grpc envoy http filters.
-		if l7.Protocol == pbproxystate.L7Protocol_L7_PROTOCOL_GRPC {
-			grpcHttp1Bridge, err := makeEnvoyHTTPFilter(
-				"envoy.filters.http.grpc_http1_bridge",
-				&envoy_grpc_http1_bridge_v3.Config{},
-			)
-			if err != nil {
-				return nil, err
-			}
-
-			// In envoy 1.14.x the default value "stats_for_all_methods=true" was
-			// deprecated, and was changed to "false" in 1.18.x. Avoid using the
-			// default. TODO: we may want to expose this to users somehow easily.
-			grpcStatsFilter, err := makeEnvoyHTTPFilter(
-				"envoy.filters.http.grpc_stats",
-				&envoy_grpc_stats_v3.FilterConfig{
-					PerMethodStatSpecifier: &envoy_grpc_stats_v3.FilterConfig_StatsForAllMethods{
-						StatsForAllMethods: &wrapperspb.BoolValue{Value: true},
-					},
-				},
-			)
-			if err != nil {
-				return nil, err
-			}
-
-			// Add grpc bridge before envoyRouter and authz, and the stats in front of that.
-			httpConnMgr.HttpFilters = append([]*envoy_http_v3.HttpFilter{
-				grpcStatsFilter,
-				grpcHttp1Bridge,
-			}, httpConnMgr.HttpFilters...)
-		}
-
-		httpFilter, err := makeEnvoyFilter(envoyHttpConnectionManagerFilterName, httpConnMgr)
-		if err != nil {
-			return nil, err
-		}
-		envoyFilters = append(envoyFilters, httpFilter)
-	}
-	return envoyFilters, nil
-}
-
-func (pr *ProxyResources) makeEnvoyTLSParameters(defaultParams *pbproxystate.TLSParameters, overrideParams *pbproxystate.TLSParameters) *envoy_tls_v3.TlsParameters {
-	tlsParams := &envoy_tls_v3.TlsParameters{}
-
-	if overrideParams != nil {
-		if overrideParams.MinVersion != pbproxystate.TLSVersion_TLS_VERSION_UNSPECIFIED {
-			if minVersion, ok := envoyTLSVersions[overrideParams.MinVersion]; ok {
-				tlsParams.TlsMinimumProtocolVersion = minVersion
-			}
-		}
-		if overrideParams.MaxVersion != pbproxystate.TLSVersion_TLS_VERSION_UNSPECIFIED {
-			if maxVersion, ok := envoyTLSVersions[overrideParams.MaxVersion]; ok {
-				tlsParams.TlsMaximumProtocolVersion = maxVersion
-			}
-		}
-		if len(overrideParams.CipherSuites) != 0 {
-			tlsParams.CipherSuites = marshalEnvoyTLSCipherSuiteStrings(overrideParams.CipherSuites)
-		}
-		return tlsParams
-	}
-
-	if defaultParams != nil {
-		if defaultParams.MinVersion != pbproxystate.TLSVersion_TLS_VERSION_UNSPECIFIED {
-			if minVersion, ok := envoyTLSVersions[defaultParams.MinVersion]; ok {
-				tlsParams.TlsMinimumProtocolVersion = minVersion
-			}
-		}
-		if defaultParams.MaxVersion != pbproxystate.TLSVersion_TLS_VERSION_UNSPECIFIED {
-			if maxVersion, ok := envoyTLSVersions[defaultParams.MaxVersion]; ok {
-				tlsParams.TlsMaximumProtocolVersion = maxVersion
-			}
-		}
-		if len(defaultParams.CipherSuites) != 0 {
-			tlsParams.CipherSuites = marshalEnvoyTLSCipherSuiteStrings(defaultParams.CipherSuites)
-		}
-		return tlsParams
-	}
-
-	return tlsParams
-
-}
-
-func (pr *ProxyResources) makeEnvoyTransportSocket(ts *pbproxystate.TransportSocket) (*envoy_core_v3.TransportSocket, error) {
-	if ts == nil {
-		return nil, nil
-	}
-	commonTLSContext := &envoy_tls_v3.CommonTlsContext{}
-
-	// Create connection TLS. Listeners should only look at inbound TLS.
-	switch ts.ConnectionTls.(type) {
-	case *pbproxystate.TransportSocket_InboundMesh:
-		downstreamContext := &envoy_tls_v3.DownstreamTlsContext{}
-		downstreamContext.CommonTlsContext = commonTLSContext
-		// Set TLS Parameters.
-		tlsParams := pr.makeEnvoyTLSParameters(pr.proxyState.Tls.InboundTlsParameters, ts.TlsParameters)
-		commonTLSContext.TlsParams = tlsParams
-
-		// Set the certificate config on the tls context.
-		// For inbound mesh, we need to add the identity certificate
-		// and the validation context for the mesh depending on the provided trust bundle names.
-		if pr.proxyState.Tls == nil {
-			// if tls is nil but connection tls is provided, then the proxy state is misconfigured
-			return nil, fmt.Errorf("proxyState.Tls is required to generate router's transport socket")
-		}
-		im := ts.ConnectionTls.(*pbproxystate.TransportSocket_InboundMesh).InboundMesh
-		leaf, ok := pr.proxyState.LeafCertificates[im.IdentityKey]
-		if !ok {
-			return nil, fmt.Errorf("failed to create transport socket: leaf certificate %q not found", im.IdentityKey)
-		}
-		err := pr.makeEnvoyCertConfig(commonTLSContext, leaf)
-		if err != nil {
-			return nil, fmt.Errorf("failed to create transport socket: %w", err)
-		}
-
-		// Create validation context.
-		// When there's only one trust bundle name, we create a simple validation context
-		if len(im.ValidationContext.TrustBundlePeerNameKeys) == 1 {
-			peerName := im.ValidationContext.TrustBundlePeerNameKeys[0]
-			tb, ok := pr.proxyState.TrustBundles[peerName]
-			if !ok {
-				return nil, fmt.Errorf("failed to create transport socket: provided trust bundle name does not exist in proxystate trust bundle map: %s", peerName)
-			}
-			commonTLSContext.ValidationContextType = &envoy_tls_v3.CommonTlsContext_ValidationContext{
-				ValidationContext: &envoy_tls_v3.CertificateValidationContext{
-					// TODO(banks): later for L7 support we may need to configure ALPN here.
-					TrustedCa: &envoy_core_v3.DataSource{
-						Specifier: &envoy_core_v3.DataSource_InlineString{
-							InlineString: RootPEMsAsString(tb.Roots),
-						},
-					},
-				},
-			}
-		} else if len(im.ValidationContext.TrustBundlePeerNameKeys) > 1 {
-			cfg := &envoy_tls_v3.SPIFFECertValidatorConfig{
-				TrustDomains: make([]*envoy_tls_v3.SPIFFECertValidatorConfig_TrustDomain, 0, len(im.ValidationContext.TrustBundlePeerNameKeys)),
-			}
-
-			for _, peerName := range im.ValidationContext.TrustBundlePeerNameKeys {
-				// Look up the trust bundle ca in the map.
-				tb, ok := pr.proxyState.TrustBundles[peerName]
-				if !ok {
-					return nil, fmt.Errorf("failed to create transport socket: provided bundle name does not exist in trust bundle map: %s", peerName)
-				}
-				cfg.TrustDomains = append(cfg.TrustDomains, &envoy_tls_v3.SPIFFECertValidatorConfig_TrustDomain{
-					Name: tb.TrustDomain,
-					TrustBundle: &envoy_core_v3.DataSource{
-						Specifier: &envoy_core_v3.DataSource_InlineString{
-							InlineString: RootPEMsAsString(tb.Roots),
-						},
-					},
-				})
-			}
-			// Sort the trust domains so the output is stable.
-			sortTrustDomains(cfg.TrustDomains)
-
-			spiffeConfig, err := anypb.New(cfg)
-			if err != nil {
-				return nil, err
-			}
-			commonTLSContext.ValidationContextType = &envoy_tls_v3.CommonTlsContext_ValidationContext{
-				ValidationContext: &envoy_tls_v3.CertificateValidationContext{
-					CustomValidatorConfig: &envoy_core_v3.TypedExtensionConfig{
-						// The typed config name is hard-coded because it is not available as a wellknown var in the control plane lib.
-						Name:        "envoy.tls.cert_validator.spiffe",
-						TypedConfig: spiffeConfig,
-					},
-				},
-			}
-		}
-		// Always require client certificate
-		downstreamContext.RequireClientCertificate = &wrapperspb.BoolValue{Value: true}
-		transportSocket, err := makeTransportSocket("tls", downstreamContext)
-		if err != nil {
-			return nil, err
-		}
-		return transportSocket, nil
-	case *pbproxystate.TransportSocket_InboundNonMesh:
-		downstreamContext := &envoy_tls_v3.DownstreamTlsContext{}
-		downstreamContext.CommonTlsContext = commonTLSContext
-		// Set TLS Parameters
-		tlsParams := pr.makeEnvoyTLSParameters(pr.proxyState.Tls.InboundTlsParameters, ts.TlsParameters)
-		commonTLSContext.TlsParams = tlsParams
-		// For non-mesh, we don't care about validation context as currently we don't support mTLS for non-mesh connections.
-		nonMeshTLS := ts.ConnectionTls.(*pbproxystate.TransportSocket_InboundNonMesh).InboundNonMesh
-		err := pr.addNonMeshCertConfig(commonTLSContext, nonMeshTLS)
-		if err != nil {
-			return nil, fmt.Errorf("failed to create transport socket: %w", err)
-		}
-		transportSocket, err := makeTransportSocket("tls", downstreamContext)
-		if err != nil {
-			return nil, err
-		}
-		return transportSocket, nil
-	case *pbproxystate.TransportSocket_OutboundMesh:
-		upstreamContext := &envoy_tls_v3.UpstreamTlsContext{}
-		upstreamContext.CommonTlsContext = commonTLSContext
-		// Set TLS Parameters
-		tlsParams := pr.makeEnvoyTLSParameters(pr.proxyState.Tls.OutboundTlsParameters, ts.TlsParameters)
-		commonTLSContext.TlsParams = tlsParams
-		// For outbound mesh, we need to insert the mesh identity certificate
-		// and the validation context for the mesh depending on the provided trust bundle names.
-		if pr.proxyState.Tls == nil {
-			// if tls is nil but connection tls is provided, then the proxy state is misconfigured
-			return nil, fmt.Errorf("proxyState.Tls is required to generate router's transport socket")
-		}
-		om := ts.GetOutboundMesh()
-		leaf, ok := pr.proxyState.LeafCertificates[om.IdentityKey]
-		if !ok {
-			return nil, fmt.Errorf("leaf %s not found in proxyState", om.IdentityKey)
-		}
-		err := pr.makeEnvoyCertConfig(commonTLSContext, leaf)
-		if err != nil {
-			return nil, fmt.Errorf("failed to create transport socket: %w", err)
-		}
-
-		// Create validation context
-		peerName := om.ValidationContext.TrustBundlePeerNameKey
-		tb, ok := pr.proxyState.TrustBundles[peerName]
-		if !ok {
-			return nil, fmt.Errorf("failed to create transport socket: provided peer name does not exist in trust bundle map: %s", peerName)
-		}
-
-		var matchers []*envoy_matcher_v3.StringMatcher
-		if len(om.ValidationContext.SpiffeIds) > 0 {
-			matchers = make([]*envoy_matcher_v3.StringMatcher, 0)
-			for _, m := range om.ValidationContext.SpiffeIds {
-				matchers = append(matchers, &envoy_matcher_v3.StringMatcher{
-					MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{
-						Exact: m,
-					},
-				})
-			}
-		}
-		commonTLSContext.ValidationContextType = &envoy_tls_v3.CommonTlsContext_ValidationContext{
-			ValidationContext: &envoy_tls_v3.CertificateValidationContext{
-				// TODO(banks): later for L7 support we may need to configure ALPN here.
-				TrustedCa: &envoy_core_v3.DataSource{
-					Specifier: &envoy_core_v3.DataSource_InlineString{
-						InlineString: RootPEMsAsString(tb.Roots),
-					},
-				},
-				MatchSubjectAltNames: matchers,
-			},
-		}
-
-		upstreamContext.Sni = om.Sni
-		transportSocket, err := makeTransportSocket("tls", upstreamContext)
-		if err != nil {
-			return nil, err
-		}
-		return transportSocket, nil
-	default:
-		return nil, nil
-	}
-
-}
-
-func (pr *ProxyResources) makeEnvoyCertConfig(common *envoy_tls_v3.CommonTlsContext, certificate *pbproxystate.LeafCertificate) error {
-	if certificate == nil {
-		return fmt.Errorf("no leaf certificate provided")
-	}
-	common.TlsCertificates = []*envoy_tls_v3.TlsCertificate{
-		{
-			CertificateChain: &envoy_core_v3.DataSource{
-				Specifier: &envoy_core_v3.DataSource_InlineString{
-					InlineString: lib.EnsureTrailingNewline(certificate.Cert),
-				},
-			},
-			PrivateKey: &envoy_core_v3.DataSource{
-				Specifier: &envoy_core_v3.DataSource_InlineString{
-					InlineString: lib.EnsureTrailingNewline(certificate.Key),
-				},
-			},
-		},
-	}
-	return nil
-}
-
-func (pr *ProxyResources) makeEnvoySDSCertConfig(common *envoy_tls_v3.CommonTlsContext, certificate *pbproxystate.SDSCertificate) error {
-	if certificate == nil {
-		return fmt.Errorf("no SDS certificate provided")
-	}
-	common.TlsCertificateSdsSecretConfigs = []*envoy_tls_v3.SdsSecretConfig{
-		{
-			Name: certificate.CertResource,
-			SdsConfig: &envoy_core_v3.ConfigSource{
-				ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{
-					ApiConfigSource: &envoy_core_v3.ApiConfigSource{
-						ApiType:             envoy_core_v3.ApiConfigSource_GRPC,
-						TransportApiVersion: envoy_core_v3.ApiVersion_V3,
-						// Note ClusterNames can't be set here - that's only for REST type
-						// we need a full GRPC config instead.
-						GrpcServices: []*envoy_core_v3.GrpcService{
-							{
-								TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{
-									EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{
-										ClusterName: certificate.ClusterName,
-									},
-								},
-								Timeout: &durationpb.Duration{Seconds: 5},
-							},
-						},
-					},
-				},
-				ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
-			},
-		},
-	}
-	return nil
-}
-
-func (pr *ProxyResources) addNonMeshCertConfig(common *envoy_tls_v3.CommonTlsContext, tls *pbproxystate.InboundNonMeshTLS) error {
-	if tls == nil {
-		return fmt.Errorf("no inbound non-mesh TLS provided")
-	}
-
-	switch tls.Identity.(type) {
-	case *pbproxystate.InboundNonMeshTLS_LeafKey:
-		leafKey := tls.Identity.(*pbproxystate.InboundNonMeshTLS_LeafKey).LeafKey
-		leaf, ok := pr.proxyState.LeafCertificates[leafKey]
-		if !ok {
-			return fmt.Errorf("leaf key %s not found in leaf certificate map", leafKey)
-		}
-		common.TlsCertificates = []*envoy_tls_v3.TlsCertificate{
-			{
-				CertificateChain: &envoy_core_v3.DataSource{
-					Specifier: &envoy_core_v3.DataSource_InlineString{
-						InlineString: lib.EnsureTrailingNewline(leaf.Cert),
-					},
-				},
-				PrivateKey: &envoy_core_v3.DataSource{
-					Specifier: &envoy_core_v3.DataSource_InlineString{
-						InlineString: lib.EnsureTrailingNewline(leaf.Key),
-					},
-				},
-			},
-		}
-	case *pbproxystate.InboundNonMeshTLS_Sds:
-		c := tls.Identity.(*pbproxystate.InboundNonMeshTLS_Sds).Sds
-		common.TlsCertificateSdsSecretConfigs = []*envoy_tls_v3.SdsSecretConfig{
-			{
-				Name: c.CertResource,
-				SdsConfig: &envoy_core_v3.ConfigSource{
-					ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{
-						ApiConfigSource: &envoy_core_v3.ApiConfigSource{
-							ApiType:             envoy_core_v3.ApiConfigSource_GRPC,
-							TransportApiVersion: envoy_core_v3.ApiVersion_V3,
-							// Note ClusterNames can't be set here - that's only for REST type
-							// we need a full GRPC config instead.
-							GrpcServices: []*envoy_core_v3.GrpcService{
-								{
-									TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{
-										EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{
-											ClusterName: c.ClusterName,
-										},
-									},
-									Timeout: &durationpb.Duration{Seconds: 5},
-								},
-							},
-						},
-					},
-					ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
-				},
-			},
-		}
-	}
-
-	return nil
-}
-
-func makeTransportSocket(name string, config proto.Message) (*envoy_core_v3.TransportSocket, error) {
-	any, err := anypb.New(config)
-	if err != nil {
-		return nil, err
-	}
-	return &envoy_core_v3.TransportSocket{
-		Name: name,
-		ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{
-			TypedConfig: any,
-		},
-	}, nil
-}
-
-func makeEnvoyListenerFilter(c pbproxystate.Capability) (*envoy_listener_v3.ListenerFilter, error) {
-	var lf proto.Message
-	var name string
-
-	switch c {
-	case pbproxystate.Capability_CAPABILITY_TRANSPARENT:
-		lf = &envoy_original_dst_v3.OriginalDst{}
-		name = envoyOriginalDestinationListenerFilterName
-	case pbproxystate.Capability_CAPABILITY_L4_TLS_INSPECTION:
-		name = envoyTLSInspectorListenerFilterName
-		lf = &envoy_tls_inspector_v3.TlsInspector{}
-	case pbproxystate.Capability_CAPABILITY_L7_PROTOCOL_INSPECTION:
-		name = envoyHttpInspectorListenerFilterName
-		lf = &envoy_extensions_filters_listener_http_inspector_v3.HttpInspector{}
-	default:
-		return nil, fmt.Errorf("unsupported listener captability: %s", c)
-	}
-	lfAsAny, err := anypb.New(lf)
-	if err != nil {
-		return nil, err
-	}
-
-	return &envoy_listener_v3.ListenerFilter{
-		Name:       name,
-		ConfigType: &envoy_listener_v3.ListenerFilter_TypedConfig{TypedConfig: lfAsAny},
-	}, nil
-}
-
-func makeEnvoyFilter(name string, cfg proto.Message) (*envoy_listener_v3.Filter, error) {
-	any, err := anypb.New(cfg)
-	if err != nil {
-		return nil, err
-	}
-
-	return &envoy_listener_v3.Filter{
-		Name:       name,
-		ConfigType: &envoy_listener_v3.Filter_TypedConfig{TypedConfig: any},
-	}, nil
-}
-
-func makeEnvoyHTTPFilter(name string, cfg proto.Message) (*envoy_http_v3.HttpFilter, error) {
-	any, err := anypb.New(cfg)
-	if err != nil {
-		return nil, err
-	}
-
-	return &envoy_http_v3.HttpFilter{
-		Name:       name,
-		ConfigType: &envoy_http_v3.HttpFilter_TypedConfig{TypedConfig: any},
-	}, nil
-}
-
-func RootPEMsAsString(rootPEMs []string) string {
-	var rootPEMsString string
-	for _, root := range rootPEMs {
-		rootPEMsString += lib.EnsureTrailingNewline(root)
-	}
-	return rootPEMsString
-}
-
-func marshalEnvoyTLSCipherSuiteStrings(cipherSuites []pbproxystate.TLSCipherSuite) []string {
-	envoyTLSCipherSuiteStrings := map[pbproxystate.TLSCipherSuite]string{
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256: "ECDHE-ECDSA-AES128-GCM-SHA256",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305: "ECDHE-ECDSA-CHACHA20-POLY1305",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256:   "ECDHE-RSA-AES128-GCM-SHA256",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305:   "ECDHE-RSA-CHACHA20-POLY1305",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA:        "ECDHE-ECDSA-AES128-SHA",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA:          "ECDHE-RSA-AES128-SHA",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES128_GCM_SHA256:             "AES128-GCM-SHA256",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES128_SHA:                    "AES128-SHA",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384: "ECDHE-ECDSA-AES256-GCM-SHA384",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384:   "ECDHE-RSA-AES256-GCM-SHA384",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA:        "ECDHE-ECDSA-AES256-SHA",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA:          "ECDHE-RSA-AES256-SHA",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES256_GCM_SHA384:             "AES256-GCM-SHA384",
-		pbproxystate.TLSCipherSuite_TLS_CIPHER_SUITE_AES256_SHA:                    "AES256-SHA",
-	}
-
-	var cipherSuiteStrings []string
-
-	for _, c := range cipherSuites {
-		if s, ok := envoyTLSCipherSuiteStrings[c]; ok {
-			cipherSuiteStrings = append(cipherSuiteStrings, s)
-		}
-	}
-
-	return cipherSuiteStrings
-}
-
-var envoyTLSVersions = map[pbproxystate.TLSVersion]envoy_tls_v3.TlsParameters_TlsProtocol{
-	pbproxystate.TLSVersion_TLS_VERSION_AUTO: envoy_tls_v3.TlsParameters_TLS_AUTO,
-	pbproxystate.TLSVersion_TLS_VERSION_1_0:  envoy_tls_v3.TlsParameters_TLSv1_0,
-	pbproxystate.TLSVersion_TLS_VERSION_1_1:  envoy_tls_v3.TlsParameters_TLSv1_1,
-	pbproxystate.TLSVersion_TLS_VERSION_1_2:  envoy_tls_v3.TlsParameters_TLSv1_2,
-	pbproxystate.TLSVersion_TLS_VERSION_1_3:  envoy_tls_v3.TlsParameters_TLSv1_3,
-}
-
-// Sort the trust domains so that the output is stable.
-// This benefits tests but also prevents Envoy from mistakenly thinking the listener
-// changed and needs to be drained only because this ordering is different.
-func sortTrustDomains(trustDomains []*envoy_tls_v3.SPIFFECertValidatorConfig_TrustDomain) {
-	sort.Slice(trustDomains, func(i int, j int) bool {
-		return trustDomains[i].Name < trustDomains[j].Name
-	})
-}
-
-// sortRouters stable sorts routers with a Match to avoid draining if the list is provided out of order.
-// xdsv1 used to sort the filter chains on outbound listeners, so this adds that functionality by sorting routers with matches.
-func sortRouters(routers []*pbproxystate.Router) {
-	if routers == nil {
-		return
-	}
-	sort.SliceStable(routers, func(i, j int) bool {
-		si := ""
-		sj := ""
-		if routers[i].Match != nil {
-			if len(routers[i].Match.PrefixRanges) > 0 {
-				si += routers[i].Match.PrefixRanges[0].AddressPrefix +
-					"/" + routers[i].Match.PrefixRanges[0].PrefixLen.String() +
-					":" + routers[i].Match.DestinationPort.String()
-			}
-			if len(routers[i].Match.ServerNames) > 0 {
-				si += routers[i].Match.ServerNames[0] +
-					":" + routers[i].Match.DestinationPort.String()
-			} else {
-				si += routers[i].Match.DestinationPort.String()
-			}
-		}
-
-		if routers[j].Match != nil {
-			if len(routers[j].Match.PrefixRanges) > 0 {
-				sj += routers[j].Match.PrefixRanges[0].AddressPrefix +
-					"/" + routers[j].Match.PrefixRanges[0].PrefixLen.String() +
-					":" + routers[j].Match.DestinationPort.String()
-			}
-			if len(routers[j].Match.ServerNames) > 0 {
-				sj += routers[j].Match.ServerNames[0] +
-					":" + routers[j].Match.DestinationPort.String()
-			} else {
-				sj += routers[j].Match.DestinationPort.String()
-			}
-		}
-
-		return si < sj
-	})
-}
-
-func sortPrefixRanges(prefixRanges []*pbproxystate.CidrRange) {
-	if prefixRanges == nil {
-		return
-	}
-	sort.SliceStable(prefixRanges, func(i, j int) bool {
-		return prefixRanges[i].AddressPrefix < prefixRanges[j].AddressPrefix
-	})
-}
diff --git a/agent/xdsv2/resources.go b/agent/xdsv2/resources.go
deleted file mode 100644
index fa5f7179e6a5..000000000000
--- a/agent/xdsv2/resources.go
+++ /dev/null
@@ -1,75 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xdsv2
-
-import (
-	"fmt"
-
-	"github.com/hashicorp/go-hclog"
-	"google.golang.org/protobuf/proto"
-
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
-)
-
-// ResourceGenerator is associated with a single gRPC stream and creates xDS
-// resources for a single client.
-type ResourceGenerator struct {
-	Logger        hclog.Logger
-	ProxyFeatures xdscommon.SupportedProxyFeatures
-}
-
-func NewResourceGenerator(
-	logger hclog.Logger,
-) *ResourceGenerator {
-	return &ResourceGenerator{
-		Logger: logger,
-	}
-}
-
-type ProxyResources struct {
-	proxyState     *proxytracker.ProxyState
-	envoyResources map[string][]proto.Message
-}
-
-func (g *ResourceGenerator) AllResourcesFromIR(proxyState *proxytracker.ProxyState) (map[string][]proto.Message, error) {
-	pr := &ProxyResources{
-		proxyState:     proxyState,
-		envoyResources: make(map[string][]proto.Message),
-	}
-	err := pr.generateXDSResources()
-	if err != nil {
-		return nil, fmt.Errorf("failed to generate xDS resources for ProxyState: %v", err)
-	}
-	return pr.envoyResources, nil
-}
-
-func (pr *ProxyResources) generateXDSResources() error {
-	listeners, err := pr.makeXDSListeners()
-	if err != nil {
-		return err
-	}
-
-	pr.envoyResources[xdscommon.ListenerType] = listeners
-
-	clusters, err := pr.makeXDSClusters()
-	if err != nil {
-		return err
-	}
-	pr.envoyResources[xdscommon.ClusterType] = clusters
-
-	endpoints, err := pr.makeXDSEndpoints()
-	if err != nil {
-		return err
-	}
-	pr.envoyResources[xdscommon.EndpointType] = endpoints
-
-	routes, err := pr.makeXDSRoutes()
-	if err != nil {
-		return err
-	}
-	pr.envoyResources[xdscommon.RouteType] = routes
-
-	return nil
-}
diff --git a/agent/xdsv2/route_resources.go b/agent/xdsv2/route_resources.go
deleted file mode 100644
index 931d48f26078..000000000000
--- a/agent/xdsv2/route_resources.go
+++ /dev/null
@@ -1,525 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xdsv2
-
-import (
-	"fmt"
-	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
-	envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
-	"github.com/hashicorp/consul/agent/xds/response"
-	"github.com/hashicorp/consul/envoyextensions/xdscommon"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"google.golang.org/protobuf/types/known/wrapperspb"
-	"strings"
-
-	envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
-	"google.golang.org/protobuf/proto"
-)
-
-func (pr *ProxyResources) makeXDSRoutes() ([]proto.Message, error) {
-	routes := make([]proto.Message, 0)
-
-	for name, r := range pr.proxyState.Routes {
-		protoRoute := pr.makeEnvoyRouteConfigFromProxystateRoute(name, r)
-		// TODO: aggregate errors for routes and still return any properly formed routes.
-		routes = append(routes, protoRoute)
-	}
-
-	return routes, nil
-}
-
-func (pr *ProxyResources) makeEnvoyRoute(name string) (*envoy_route_v3.RouteConfiguration, error) {
-	var route *envoy_route_v3.RouteConfiguration
-	// TODO(proxystate): This will make routes in the future. This function should distinguish between static routes
-	// inlined into listeners and non-static routes that should be added as top level Envoy resources.
-	_, ok := pr.proxyState.Routes[name]
-	if !ok {
-		// This should not happen with a valid proxy state.
-		return nil, fmt.Errorf("could not find route in ProxyState: %s", name)
-
-	}
-	return route, nil
-}
-
-// makeEnvoyRouteConfigFromProxystateRoute converts the proxystate representation of a Route into Envoy proto message
-// form. We don't throw any errors here, since the proxystate has already been validated.
-func (pr *ProxyResources) makeEnvoyRouteConfigFromProxystateRoute(name string, psRoute *pbproxystate.Route) *envoy_route_v3.RouteConfiguration {
-
-	envoyRouteConfig := &envoy_route_v3.RouteConfiguration{
-		Name: name,
-		// ValidateClusters defaults to true when defined statically and false
-		// when done via RDS. Re-set the reasonable value of true to prevent
-		// null-routing traffic.
-		ValidateClusters: response.MakeBoolValue(true),
-	}
-
-	for _, vh := range psRoute.GetVirtualHosts() {
-		envoyRouteConfig.VirtualHosts = append(envoyRouteConfig.VirtualHosts, pr.makeEnvoyVHFromProxystateVH(vh))
-	}
-
-	return envoyRouteConfig
-}
-
-func (pr *ProxyResources) makeEnvoyVHFromProxystateVH(psVirtualHost *pbproxystate.VirtualHost) *envoy_route_v3.VirtualHost {
-	envoyVirtualHost := &envoy_route_v3.VirtualHost{
-		Name:    psVirtualHost.Name,
-		Domains: psVirtualHost.GetDomains(),
-	}
-
-	for _, rr := range psVirtualHost.GetRouteRules() {
-		envoyVirtualHost.Routes = append(envoyVirtualHost.Routes, pr.makeEnvoyRouteFromProxystateRouteRule(rr))
-	}
-
-	for _, hm := range psVirtualHost.GetHeaderMutations() {
-		injectEnvoyVirtualHostWithProxystateHeaderMutation(envoyVirtualHost, hm)
-	}
-
-	return envoyVirtualHost
-}
-
-func (pr *ProxyResources) makeEnvoyRouteFromProxystateRouteRule(psRouteRule *pbproxystate.RouteRule) *envoy_route_v3.Route {
-	envoyRouteRule := &envoy_route_v3.Route{
-		Match:  makeEnvoyRouteMatchFromProxystateRouteMatch(psRouteRule.GetMatch()),
-		Action: pr.makeEnvoyRouteActionFromProxystateRouteDestination(psRouteRule.GetDestination()),
-	}
-
-	for _, hm := range psRouteRule.GetHeaderMutations() {
-		injectEnvoyRouteRuleWithProxystateHeaderMutation(envoyRouteRule, hm)
-	}
-
-	return envoyRouteRule
-}
-
-func makeEnvoyRouteMatchFromProxystateRouteMatch(psRouteMatch *pbproxystate.RouteMatch) *envoy_route_v3.RouteMatch {
-	envoyRouteMatch := &envoy_route_v3.RouteMatch{}
-
-	switch psRouteMatch.PathMatch.GetPathMatch().(type) {
-	case *pbproxystate.PathMatch_Exact:
-		envoyRouteMatch.PathSpecifier = &envoy_route_v3.RouteMatch_Path{
-			Path: psRouteMatch.PathMatch.GetExact(),
-		}
-	case *pbproxystate.PathMatch_Prefix:
-		envoyRouteMatch.PathSpecifier = &envoy_route_v3.RouteMatch_Prefix{
-			Prefix: psRouteMatch.PathMatch.GetPrefix(),
-		}
-	case *pbproxystate.PathMatch_Regex:
-		envoyRouteMatch.PathSpecifier = &envoy_route_v3.RouteMatch_SafeRegex{
-			SafeRegex: makeEnvoyRegexMatch(psRouteMatch.PathMatch.GetRegex()),
-		}
-	default:
-		// This shouldn't be possible considering the types of PathMatch
-		return nil
-	}
-
-	if len(psRouteMatch.GetHeaderMatches()) > 0 {
-		envoyRouteMatch.Headers = make([]*envoy_route_v3.HeaderMatcher, 0, len(psRouteMatch.GetHeaderMatches()))
-	}
-	for _, psHM := range psRouteMatch.GetHeaderMatches() {
-		envoyRouteMatch.Headers = append(envoyRouteMatch.Headers, makeEnvoyHeaderMatcherFromProxystateHeaderMatch(psHM))
-	}
-
-	if len(psRouteMatch.MethodMatches) > 0 {
-		methodHeaderRegex := strings.Join(psRouteMatch.MethodMatches, "|")
-
-		eh := &envoy_route_v3.HeaderMatcher{
-			Name: ":method",
-			HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
-				SafeRegexMatch: makeEnvoyRegexMatch(methodHeaderRegex),
-			},
-		}
-
-		envoyRouteMatch.Headers = append(envoyRouteMatch.Headers, eh)
-	}
-
-	if len(psRouteMatch.GetQueryParameterMatches()) > 0 {
-		envoyRouteMatch.QueryParameters = make([]*envoy_route_v3.QueryParameterMatcher, 0, len(psRouteMatch.GetQueryParameterMatches()))
-	}
-	for _, psQM := range psRouteMatch.GetQueryParameterMatches() {
-		envoyRouteMatch.QueryParameters = append(envoyRouteMatch.QueryParameters, makeEnvoyQueryParamFromProxystateQueryMatch(psQM))
-	}
-
-	return envoyRouteMatch
-}
-
-func makeEnvoyRegexMatch(pattern string) *envoy_matcher_v3.RegexMatcher {
-	return &envoy_matcher_v3.RegexMatcher{
-		EngineType: &envoy_matcher_v3.RegexMatcher_GoogleRe2{
-			GoogleRe2: &envoy_matcher_v3.RegexMatcher_GoogleRE2{},
-		},
-		Regex: pattern,
-	}
-}
-
-func makeEnvoyHeaderMatcherFromProxystateHeaderMatch(psMatch *pbproxystate.HeaderMatch) *envoy_route_v3.HeaderMatcher {
-	envoyHeaderMatcher := &envoy_route_v3.HeaderMatcher{
-		Name: psMatch.Name,
-	}
-
-	switch psMatch.Match.(type) {
-	case *pbproxystate.HeaderMatch_Exact:
-		envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_ExactMatch{
-			ExactMatch: psMatch.GetExact(),
-		}
-	case *pbproxystate.HeaderMatch_Regex:
-		envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SafeRegexMatch{
-			SafeRegexMatch: makeEnvoyRegexMatch(psMatch.GetRegex()),
-		}
-	case *pbproxystate.HeaderMatch_Prefix:
-		envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PrefixMatch{
-			PrefixMatch: psMatch.GetPrefix(),
-		}
-	case *pbproxystate.HeaderMatch_Suffix:
-		envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SuffixMatch{
-			SuffixMatch: psMatch.GetSuffix(),
-		}
-	case *pbproxystate.HeaderMatch_Present:
-		envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PresentMatch{
-			PresentMatch: true,
-		}
-	default:
-		// This shouldn't be possible considering the types of HeaderMatch
-		return nil
-	}
-
-	if psMatch.GetInvertMatch() {
-		envoyHeaderMatcher.InvertMatch = true
-	}
-
-	return envoyHeaderMatcher
-}
-
-func makeEnvoyQueryParamFromProxystateQueryMatch(psMatch *pbproxystate.QueryParameterMatch) *envoy_route_v3.QueryParameterMatcher {
-	envoyQueryParamMatcher := &envoy_route_v3.QueryParameterMatcher{
-		Name: psMatch.Name,
-	}
-
-	switch psMatch.Match.(type) {
-	case *pbproxystate.QueryParameterMatch_Exact:
-		envoyQueryParamMatcher.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{
-			StringMatch: &envoy_matcher_v3.StringMatcher{
-				MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{
-					Exact: psMatch.GetExact(),
-				},
-			},
-		}
-
-	case *pbproxystate.QueryParameterMatch_Regex:
-		envoyQueryParamMatcher.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{
-			StringMatch: &envoy_matcher_v3.StringMatcher{
-				MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
-					SafeRegex: makeEnvoyRegexMatch(psMatch.GetRegex()),
-				},
-			},
-		}
-	case *pbproxystate.QueryParameterMatch_Present:
-		envoyQueryParamMatcher.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_PresentMatch{
-			PresentMatch: true,
-		}
-	default:
-		// This shouldn't be possible considering the types of QueryMatch
-		return nil
-	}
-
-	return envoyQueryParamMatcher
-}
-
-// TODO (dans): Will this always be envoy_route_v3.Route_Route?
-// Definitely for connect proxies this is the only option.
-func (pr *ProxyResources) makeEnvoyRouteActionFromProxystateRouteDestination(psRouteDestination *pbproxystate.RouteDestination) *envoy_route_v3.Route_Route {
-	envoyRouteRoute := &envoy_route_v3.Route_Route{
-		Route: &envoy_route_v3.RouteAction{},
-	}
-
-	switch psRouteDestination.Destination.(type) {
-	case *pbproxystate.RouteDestination_Cluster:
-		psCluster := psRouteDestination.GetCluster()
-		envoyRouteRoute.Route.ClusterSpecifier = &envoy_route_v3.RouteAction_Cluster{
-			Cluster: psCluster.GetName(),
-		}
-		clusters, _ := pr.makeClusters(psCluster.Name)
-		pr.envoyResources[xdscommon.ClusterType] = append(pr.envoyResources[xdscommon.ClusterType], clusters...)
-
-	case *pbproxystate.RouteDestination_WeightedClusters:
-		psWeightedClusters := psRouteDestination.GetWeightedClusters()
-		envoyClusters := make([]*envoy_route_v3.WeightedCluster_ClusterWeight, 0, len(psWeightedClusters.GetClusters()))
-		totalWeight := 0
-		for _, psCluster := range psWeightedClusters.GetClusters() {
-			clusters, _ := pr.makeClusters(psCluster.Name)
-			pr.envoyResources[xdscommon.ClusterType] = append(pr.envoyResources[xdscommon.ClusterType], clusters...)
-			totalWeight += int(psCluster.Weight.GetValue())
-			envoyClusters = append(envoyClusters, makeEnvoyClusterWeightFromProxystateWeightedCluster(psCluster))
-		}
-		var envoyWeightScale *wrapperspb.UInt32Value
-		if totalWeight == 10000 {
-			envoyWeightScale = response.MakeUint32Value(10000)
-		}
-
-		envoyRouteRoute.Route.ClusterSpecifier = &envoy_route_v3.RouteAction_WeightedClusters{
-			WeightedClusters: &envoy_route_v3.WeightedCluster{
-				Clusters:    envoyClusters,
-				TotalWeight: envoyWeightScale,
-			},
-		}
-	default:
-		// This shouldn't be possible considering the types of Destination
-		return nil
-	}
-
-	injectEnvoyRouteActionWithProxystateDestinationConfig(envoyRouteRoute.Route, psRouteDestination.GetDestinationConfiguration())
-
-	if psRouteDestination.GetDestinationConfiguration() != nil {
-		config := psRouteDestination.GetDestinationConfiguration()
-		action := envoyRouteRoute.Route
-
-		action.PrefixRewrite = config.GetPrefixRewrite()
-
-		if config.GetTimeoutConfig().GetTimeout() != nil {
-			action.Timeout = config.GetTimeoutConfig().GetTimeout()
-		}
-
-		if config.GetTimeoutConfig().GetTimeout() != nil {
-			action.Timeout = config.GetTimeoutConfig().GetTimeout()
-		}
-
-		if config.GetTimeoutConfig().GetIdleTimeout() != nil {
-			action.IdleTimeout = config.GetTimeoutConfig().GetIdleTimeout()
-		}
-
-		if config.GetRetryPolicy() != nil {
-			action.RetryPolicy = makeEnvoyRetryPolicyFromProxystateRetryPolicy(config.GetRetryPolicy())
-		}
-	}
-
-	return envoyRouteRoute
-}
-
-func makeEnvoyClusterWeightFromProxystateWeightedCluster(cluster *pbproxystate.L7WeightedDestinationCluster) *envoy_route_v3.WeightedCluster_ClusterWeight {
-	envoyClusterWeight := &envoy_route_v3.WeightedCluster_ClusterWeight{
-		Name:   cluster.GetName(),
-		Weight: cluster.GetWeight(),
-	}
-
-	for _, hm := range cluster.GetHeaderMutations() {
-		injectEnvoyClusterWeightWithProxystateHeaderMutation(envoyClusterWeight, hm)
-	}
-
-	return envoyClusterWeight
-}
-
-func injectEnvoyClusterWeightWithProxystateHeaderMutation(envoyClusterWeight *envoy_route_v3.WeightedCluster_ClusterWeight, mutation *pbproxystate.HeaderMutation) {
-
-	mutation.GetAction()
-	switch mutation.GetAction().(type) {
-	case *pbproxystate.HeaderMutation_RequestHeaderAdd:
-		action := mutation.GetRequestHeaderAdd()
-		header := action.GetHeader()
-		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-
-		hvo := &envoy_core_v3.HeaderValueOption{
-			Header: &envoy_core_v3.HeaderValue{
-				Key:   header.GetKey(),
-				Value: header.GetValue(),
-			},
-			Append: response.MakeBoolValue(app),
-		}
-		envoyClusterWeight.RequestHeadersToAdd = append(envoyClusterWeight.RequestHeadersToAdd, hvo)
-
-	case *pbproxystate.HeaderMutation_RequestHeaderRemove:
-		action := mutation.GetRequestHeaderRemove()
-		envoyClusterWeight.RequestHeadersToRemove = append(envoyClusterWeight.RequestHeadersToRemove, action.GetHeaderKeys()...)
-
-	case *pbproxystate.HeaderMutation_ResponseHeaderAdd:
-		action := mutation.GetResponseHeaderAdd()
-		header := action.GetHeader()
-		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-
-		hvo := &envoy_core_v3.HeaderValueOption{
-			Header: &envoy_core_v3.HeaderValue{
-				Key:   header.GetKey(),
-				Value: header.GetValue(),
-			},
-			Append: response.MakeBoolValue(app),
-		}
-		envoyClusterWeight.ResponseHeadersToAdd = append(envoyClusterWeight.ResponseHeadersToAdd, hvo)
-
-	case *pbproxystate.HeaderMutation_ResponseHeaderRemove:
-		action := mutation.GetResponseHeaderRemove()
-		envoyClusterWeight.ResponseHeadersToRemove = append(envoyClusterWeight.ResponseHeadersToRemove, action.GetHeaderKeys()...)
-
-	default:
-		// This shouldn't be possible considering the types of Destination
-		return
-	}
-}
-
-func injectEnvoyRouteActionWithProxystateDestinationConfig(envoyAction *envoy_route_v3.RouteAction, config *pbproxystate.DestinationConfiguration) {
-	if config == nil {
-		return
-	}
-
-	if len(config.GetHashPolicies()) > 0 {
-		envoyAction.HashPolicy = make([]*envoy_route_v3.RouteAction_HashPolicy, 0, len(config.GetHashPolicies()))
-	}
-	for _, policy := range config.GetHashPolicies() {
-		envoyPolicy := makeEnvoyHashPolicyFromProxystateLBHashPolicy(policy)
-		envoyAction.HashPolicy = append(envoyAction.HashPolicy, envoyPolicy)
-	}
-
-	if config.AutoHostRewrite != nil {
-		envoyAction.HostRewriteSpecifier = &envoy_route_v3.RouteAction_AutoHostRewrite{
-			AutoHostRewrite: config.AutoHostRewrite,
-		}
-	}
-}
-
-func makeEnvoyHashPolicyFromProxystateLBHashPolicy(psPolicy *pbproxystate.LoadBalancerHashPolicy) *envoy_route_v3.RouteAction_HashPolicy {
-
-	switch psPolicy.GetPolicy().(type) {
-	case *pbproxystate.LoadBalancerHashPolicy_ConnectionProperties:
-		return &envoy_route_v3.RouteAction_HashPolicy{
-			PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties_{
-				ConnectionProperties: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties{
-					SourceIp: true, // always true
-				},
-			},
-			Terminal: psPolicy.GetConnectionProperties().GetTerminal(),
-		}
-
-	case *pbproxystate.LoadBalancerHashPolicy_Header:
-		return &envoy_route_v3.RouteAction_HashPolicy{
-			PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Header_{
-				Header: &envoy_route_v3.RouteAction_HashPolicy_Header{
-					HeaderName: psPolicy.GetHeader().GetName(),
-				},
-			},
-			Terminal: psPolicy.GetHeader().GetTerminal(),
-		}
-
-	case *pbproxystate.LoadBalancerHashPolicy_Cookie:
-		cookie := &envoy_route_v3.RouteAction_HashPolicy_Cookie{
-			Name: psPolicy.GetCookie().GetName(),
-			Path: psPolicy.GetCookie().GetPath(),
-			Ttl:  psPolicy.GetCookie().GetTtl(),
-		}
-
-		return &envoy_route_v3.RouteAction_HashPolicy{
-			PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{
-				Cookie: cookie,
-			},
-			Terminal: psPolicy.GetCookie().GetTerminal(),
-		}
-
-	case *pbproxystate.LoadBalancerHashPolicy_QueryParameter:
-		return &envoy_route_v3.RouteAction_HashPolicy{
-			PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter_{
-				QueryParameter: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter{
-					Name: psPolicy.GetQueryParameter().GetName(),
-				},
-			},
-			Terminal: psPolicy.GetQueryParameter().GetTerminal(),
-		}
-	}
-	// This shouldn't be possible considering the types of LoadBalancerPolicy
-	return nil
-}
-
-func makeEnvoyRetryPolicyFromProxystateRetryPolicy(psRetryPolicy *pbproxystate.RetryPolicy) *envoy_route_v3.RetryPolicy {
-	return &envoy_route_v3.RetryPolicy{
-		NumRetries:           psRetryPolicy.GetNumRetries(),
-		RetriableStatusCodes: psRetryPolicy.GetRetriableStatusCodes(),
-		RetryOn:              psRetryPolicy.GetRetryOn(),
-	}
-}
-
-func injectEnvoyRouteRuleWithProxystateHeaderMutation(envoyRouteRule *envoy_route_v3.Route, mutation *pbproxystate.HeaderMutation) {
-
-	mutation.GetAction()
-	switch mutation.GetAction().(type) {
-	case *pbproxystate.HeaderMutation_RequestHeaderAdd:
-		action := mutation.GetRequestHeaderAdd()
-		header := action.GetHeader()
-		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-
-		hvo := &envoy_core_v3.HeaderValueOption{
-			Header: &envoy_core_v3.HeaderValue{
-				Key:   header.GetKey(),
-				Value: header.GetValue(),
-			},
-			Append: response.MakeBoolValue(app),
-		}
-		envoyRouteRule.RequestHeadersToAdd = append(envoyRouteRule.RequestHeadersToAdd, hvo)
-
-	case *pbproxystate.HeaderMutation_RequestHeaderRemove:
-		action := mutation.GetRequestHeaderRemove()
-		envoyRouteRule.RequestHeadersToRemove = append(envoyRouteRule.RequestHeadersToRemove, action.GetHeaderKeys()...)
-
-	case *pbproxystate.HeaderMutation_ResponseHeaderAdd:
-		action := mutation.GetResponseHeaderAdd()
-		header := action.GetHeader()
-		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-
-		hvo := &envoy_core_v3.HeaderValueOption{
-			Header: &envoy_core_v3.HeaderValue{
-				Key:   header.GetKey(),
-				Value: header.GetValue(),
-			},
-			Append: response.MakeBoolValue(app),
-		}
-		envoyRouteRule.ResponseHeadersToAdd = append(envoyRouteRule.ResponseHeadersToAdd, hvo)
-
-	case *pbproxystate.HeaderMutation_ResponseHeaderRemove:
-		action := mutation.GetResponseHeaderRemove()
-		envoyRouteRule.ResponseHeadersToRemove = append(envoyRouteRule.ResponseHeadersToRemove, action.GetHeaderKeys()...)
-
-	default:
-		// This shouldn't be possible considering the types of Destination
-		return
-	}
-}
-
-func injectEnvoyVirtualHostWithProxystateHeaderMutation(envoyVirtualHost *envoy_route_v3.VirtualHost, mutation *pbproxystate.HeaderMutation) {
-
-	mutation.GetAction()
-	switch mutation.GetAction().(type) {
-	case *pbproxystate.HeaderMutation_RequestHeaderAdd:
-		action := mutation.GetRequestHeaderAdd()
-		header := action.GetHeader()
-		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-
-		hvo := &envoy_core_v3.HeaderValueOption{
-			Header: &envoy_core_v3.HeaderValue{
-				Key:   header.GetKey(),
-				Value: header.GetValue(),
-			},
-			Append: response.MakeBoolValue(app),
-		}
-		envoyVirtualHost.RequestHeadersToAdd = append(envoyVirtualHost.RequestHeadersToAdd, hvo)
-
-	case *pbproxystate.HeaderMutation_RequestHeaderRemove:
-		action := mutation.GetRequestHeaderRemove()
-		envoyVirtualHost.RequestHeadersToRemove = append(envoyVirtualHost.RequestHeadersToRemove, action.GetHeaderKeys()...)
-
-	case *pbproxystate.HeaderMutation_ResponseHeaderAdd:
-		action := mutation.GetResponseHeaderAdd()
-		header := action.GetHeader()
-		app := action.GetAppendAction() == pbproxystate.AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-
-		hvo := &envoy_core_v3.HeaderValueOption{
-			Header: &envoy_core_v3.HeaderValue{
-				Key:   header.GetKey(),
-				Value: header.GetValue(),
-			},
-			Append: response.MakeBoolValue(app),
-		}
-		envoyVirtualHost.ResponseHeadersToAdd = append(envoyVirtualHost.ResponseHeadersToAdd, hvo)
-
-	case *pbproxystate.HeaderMutation_ResponseHeaderRemove:
-		action := mutation.GetResponseHeaderRemove()
-		envoyVirtualHost.ResponseHeadersToRemove = append(envoyVirtualHost.ResponseHeadersToRemove, action.GetHeaderKeys()...)
-
-	default:
-		// This shouldn't be possible considering the types of Destination
-		return
-	}
-}
diff --git a/api/LICENSE b/api/LICENSE
deleted file mode 100644
index 7c5baa45e1c2..000000000000
--- a/api/LICENSE
+++ /dev/null
@@ -1,365 +0,0 @@
-Copyright (c) 2020 HashiCorp, Inc.
-
-Mozilla Public License, version 2.0
-
-1. Definitions
-
-1.1. "Contributor"
-
-     means each individual or legal entity that creates, contributes to the
-     creation of, or owns Covered Software.
-
-1.2. "Contributor Version"
-
-     means the combination of the Contributions of others (if any) used by a
-     Contributor and that particular Contributor's Contribution.
-
-1.3. "Contribution"
-
-     means Covered Software of a particular Contributor.
-
-1.4. "Covered Software"
-
-     means Source Code Form to which the initial Contributor has attached the
-     notice in Exhibit A, the Executable Form of such Source Code Form, and
-     Modifications of such Source Code Form, in each case including portions
-     thereof.
-
-1.5. "Incompatible With Secondary Licenses"
-     means
-
-     a. that the initial Contributor has attached the notice described in
-        Exhibit B to the Covered Software; or
-
-     b. that the Covered Software was made available under the terms of
-        version 1.1 or earlier of the License, but not also under the terms of
-        a Secondary License.
-
-1.6. "Executable Form"
-
-     means any form of the work other than Source Code Form.
-
-1.7. "Larger Work"
-
-     means a work that combines Covered Software with other material, in a
-     separate file or files, that is not Covered Software.
-
-1.8. "License"
-
-     means this document.
-
-1.9. "Licensable"
-
-     means having the right to grant, to the maximum extent possible, whether
-     at the time of the initial grant or subsequently, any and all of the
-     rights conveyed by this License.
-
-1.10. "Modifications"
-
-     means any of the following:
-
-     a. any file in Source Code Form that results from an addition to,
-        deletion from, or modification of the contents of Covered Software; or
-
-     b. any new file in Source Code Form that contains any Covered Software.
-
-1.11. "Patent Claims" of a Contributor
-
-      means any patent claim(s), including without limitation, method,
-      process, and apparatus claims, in any patent Licensable by such
-      Contributor that would be infringed, but for the grant of the License,
-      by the making, using, selling, offering for sale, having made, import,
-      or transfer of either its Contributions or its Contributor Version.
-
-1.12. "Secondary License"
-
-      means either the GNU General Public License, Version 2.0, the GNU Lesser
-      General Public License, Version 2.1, the GNU Affero General Public
-      License, Version 3.0, or any later versions of those licenses.
-
-1.13. "Source Code Form"
-
-      means the form of the work preferred for making modifications.
-
-1.14. "You" (or "Your")
-
-      means an individual or a legal entity exercising rights under this
-      License. For legal entities, "You" includes any entity that controls, is
-      controlled by, or is under common control with You. For purposes of this
-      definition, "control" means (a) the power, direct or indirect, to cause
-      the direction or management of such entity, whether by contract or
-      otherwise, or (b) ownership of more than fifty percent (50%) of the
-      outstanding shares or beneficial ownership of such entity.
-
-
-2. License Grants and Conditions
-
-2.1. Grants
-
-     Each Contributor hereby grants You a world-wide, royalty-free,
-     non-exclusive license:
-
-     a. under intellectual property rights (other than patent or trademark)
-        Licensable by such Contributor to use, reproduce, make available,
-        modify, display, perform, distribute, and otherwise exploit its
-        Contributions, either on an unmodified basis, with Modifications, or
-        as part of a Larger Work; and
-
-     b. under Patent Claims of such Contributor to make, use, sell, offer for
-        sale, have made, import, and otherwise transfer either its
-        Contributions or its Contributor Version.
-
-2.2. Effective Date
-
-     The licenses granted in Section 2.1 with respect to any Contribution
-     become effective for each Contribution on the date the Contributor first
-     distributes such Contribution.
-
-2.3. Limitations on Grant Scope
-
-     The licenses granted in this Section 2 are the only rights granted under
-     this License. No additional rights or licenses will be implied from the
-     distribution or licensing of Covered Software under this License.
-     Notwithstanding Section 2.1(b) above, no patent license is granted by a
-     Contributor:
-
-     a. for any code that a Contributor has removed from Covered Software; or
-
-     b. for infringements caused by: (i) Your and any other third party's
-        modifications of Covered Software, or (ii) the combination of its
-        Contributions with other software (except as part of its Contributor
-        Version); or
-
-     c. under Patent Claims infringed by Covered Software in the absence of
-        its Contributions.
-
-     This License does not grant any rights in the trademarks, service marks,
-     or logos of any Contributor (except as may be necessary to comply with
-     the notice requirements in Section 3.4).
-
-2.4. Subsequent Licenses
-
-     No Contributor makes additional grants as a result of Your choice to
-     distribute the Covered Software under a subsequent version of this
-     License (see Section 10.2) or under the terms of a Secondary License (if
-     permitted under the terms of Section 3.3).
-
-2.5. Representation
-
-     Each Contributor represents that the Contributor believes its
-     Contributions are its original creation(s) or it has sufficient rights to
-     grant the rights to its Contributions conveyed by this License.
-
-2.6. Fair Use
-
-     This License is not intended to limit any rights You have under
-     applicable copyright doctrines of fair use, fair dealing, or other
-     equivalents.
-
-2.7. Conditions
-
-     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
-     Section 2.1.
-
-
-3. Responsibilities
-
-3.1. Distribution of Source Form
-
-     All distribution of Covered Software in Source Code Form, including any
-     Modifications that You create or to which You contribute, must be under
-     the terms of this License. You must inform recipients that the Source
-     Code Form of the Covered Software is governed by the terms of this
-     License, and how they can obtain a copy of this License. You may not
-     attempt to alter or restrict the recipients' rights in the Source Code
-     Form.
-
-3.2. Distribution of Executable Form
-
-     If You distribute Covered Software in Executable Form then:
-
-     a. such Covered Software must also be made available in Source Code Form,
-        as described in Section 3.1, and You must inform recipients of the
-        Executable Form how they can obtain a copy of such Source Code Form by
-        reasonable means in a timely manner, at a charge no more than the cost
-        of distribution to the recipient; and
-
-     b. You may distribute such Executable Form under the terms of this
-        License, or sublicense it under different terms, provided that the
-        license for the Executable Form does not attempt to limit or alter the
-        recipients' rights in the Source Code Form under this License.
-
-3.3. Distribution of a Larger Work
-
-     You may create and distribute a Larger Work under terms of Your choice,
-     provided that You also comply with the requirements of this License for
-     the Covered Software. If the Larger Work is a combination of Covered
-     Software with a work governed by one or more Secondary Licenses, and the
-     Covered Software is not Incompatible With Secondary Licenses, this
-     License permits You to additionally distribute such Covered Software
-     under the terms of such Secondary License(s), so that the recipient of
-     the Larger Work may, at their option, further distribute the Covered
-     Software under the terms of either this License or such Secondary
-     License(s).
-
-3.4. Notices
-
-     You may not remove or alter the substance of any license notices
-     (including copyright notices, patent notices, disclaimers of warranty, or
-     limitations of liability) contained within the Source Code Form of the
-     Covered Software, except that You may alter any license notices to the
-     extent required to remedy known factual inaccuracies.
-
-3.5. Application of Additional Terms
-
-     You may choose to offer, and to charge a fee for, warranty, support,
-     indemnity or liability obligations to one or more recipients of Covered
-     Software. However, You may do so only on Your own behalf, and not on
-     behalf of any Contributor. You must make it absolutely clear that any
-     such warranty, support, indemnity, or liability obligation is offered by
-     You alone, and You hereby agree to indemnify every Contributor for any
-     liability incurred by such Contributor as a result of warranty, support,
-     indemnity or liability terms You offer. You may include additional
-     disclaimers of warranty and limitations of liability specific to any
-     jurisdiction.
-
-4. Inability to Comply Due to Statute or Regulation
-
-   If it is impossible for You to comply with any of the terms of this License
-   with respect to some or all of the Covered Software due to statute,
-   judicial order, or regulation then You must: (a) comply with the terms of
-   this License to the maximum extent possible; and (b) describe the
-   limitations and the code they affect. Such description must be placed in a
-   text file included with all distributions of the Covered Software under
-   this License. Except to the extent prohibited by statute or regulation,
-   such description must be sufficiently detailed for a recipient of ordinary
-   skill to be able to understand it.
-
-5. Termination
-
-5.1. The rights granted under this License will terminate automatically if You
-     fail to comply with any of its terms. However, if You become compliant,
-     then the rights granted under this License from a particular Contributor
-     are reinstated (a) provisionally, unless and until such Contributor
-     explicitly and finally terminates Your grants, and (b) on an ongoing
-     basis, if such Contributor fails to notify You of the non-compliance by
-     some reasonable means prior to 60 days after You have come back into
-     compliance. Moreover, Your grants from a particular Contributor are
-     reinstated on an ongoing basis if such Contributor notifies You of the
-     non-compliance by some reasonable means, this is the first time You have
-     received notice of non-compliance with this License from such
-     Contributor, and You become compliant prior to 30 days after Your receipt
-     of the notice.
-
-5.2. If You initiate litigation against any entity by asserting a patent
-     infringement claim (excluding declaratory judgment actions,
-     counter-claims, and cross-claims) alleging that a Contributor Version
-     directly or indirectly infringes any patent, then the rights granted to
-     You by any and all Contributors for the Covered Software under Section
-     2.1 of this License shall terminate.
-
-5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
-     license agreements (excluding distributors and resellers) which have been
-     validly granted by You or Your distributors under this License prior to
-     termination shall survive termination.
-
-6. Disclaimer of Warranty
-
-   Covered Software is provided under this License on an "as is" basis,
-   without warranty of any kind, either expressed, implied, or statutory,
-   including, without limitation, warranties that the Covered Software is free
-   of defects, merchantable, fit for a particular purpose or non-infringing.
-   The entire risk as to the quality and performance of the Covered Software
-   is with You. Should any Covered Software prove defective in any respect,
-   You (not any Contributor) assume the cost of any necessary servicing,
-   repair, or correction. This disclaimer of warranty constitutes an essential
-   part of this License. No use of  any Covered Software is authorized under
-   this License except under this disclaimer.
-
-7. Limitation of Liability
-
-   Under no circumstances and under no legal theory, whether tort (including
-   negligence), contract, or otherwise, shall any Contributor, or anyone who
-   distributes Covered Software as permitted above, be liable to You for any
-   direct, indirect, special, incidental, or consequential damages of any
-   character including, without limitation, damages for lost profits, loss of
-   goodwill, work stoppage, computer failure or malfunction, or any and all
-   other commercial damages or losses, even if such party shall have been
-   informed of the possibility of such damages. This limitation of liability
-   shall not apply to liability for death or personal injury resulting from
-   such party's negligence to the extent applicable law prohibits such
-   limitation. Some jurisdictions do not allow the exclusion or limitation of
-   incidental or consequential damages, so this exclusion and limitation may
-   not apply to You.
-
-8. Litigation
-
-   Any litigation relating to this License may be brought only in the courts
-   of a jurisdiction where the defendant maintains its principal place of
-   business and such litigation shall be governed by laws of that
-   jurisdiction, without reference to its conflict-of-law provisions. Nothing
-   in this Section shall prevent a party's ability to bring cross-claims or
-   counter-claims.
-
-9. Miscellaneous
-
-   This License represents the complete agreement concerning the subject
-   matter hereof. If any provision of this License is held to be
-   unenforceable, such provision shall be reformed only to the extent
-   necessary to make it enforceable. Any law or regulation which provides that
-   the language of a contract shall be construed against the drafter shall not
-   be used to construe this License against a Contributor.
-
-
-10. Versions of the License
-
-10.1. New Versions
-
-      Mozilla Foundation is the license steward. Except as provided in Section
-      10.3, no one other than the license steward has the right to modify or
-      publish new versions of this License. Each version will be given a
-      distinguishing version number.
-
-10.2. Effect of New Versions
-
-      You may distribute the Covered Software under the terms of the version
-      of the License under which You originally received the Covered Software,
-      or under the terms of any subsequent version published by the license
-      steward.
-
-10.3. Modified Versions
-
-      If you create software not governed by this License, and you want to
-      create a new license for such software, you may create and use a
-      modified version of this License if you rename the license and remove
-      any references to the name of the license steward (except to note that
-      such modified license differs from this License).
-
-10.4. Distributing Source Code Form that is Incompatible With Secondary
-      Licenses If You choose to distribute Source Code Form that is
-      Incompatible With Secondary Licenses under the terms of this version of
-      the License, the notice described in Exhibit B of this License must be
-      attached.
-
-Exhibit A - Source Code Form License Notice
-
-      This Source Code Form is subject to the
-      terms of the Mozilla Public License, v.
-      2.0. If a copy of the MPL was not
-      distributed with this file, You can
-      obtain one at
-      http://mozilla.org/MPL/2.0/.
-
-If it is not possible or desirable to put the notice in a particular file,
-then You may include the notice in a location (such as a LICENSE file in a
-relevant directory) where a recipient would be likely to look for such a
-notice.
-
-You may add additional accurate notices of copyright ownership.
-
-Exhibit B - "Incompatible With Secondary Licenses" Notice
-
-      This Source Code Form is "Incompatible
-      With Secondary Licenses", as defined by
-      the Mozilla Public License, v. 2.0.
-
diff --git a/api/acl.go b/api/acl.go
index 93087cd31c95..48d2e66ee97f 100644
--- a/api/acl.go
+++ b/api/acl.go
@@ -272,6 +272,13 @@ type ACLAuthMethod struct {
 	Partition string `json:",omitempty"`
 }
 
+type ACLTokenFilterOptions struct {
+	AuthMethod  string `json:",omitempty"`
+	Policy      string `json:",omitempty"`
+	Role        string `json:",omitempty"`
+	ServiceName string `json:",omitempty"`
+}
+
 func (m *ACLAuthMethod) MarshalJSON() ([]byte, error) {
 	type Alias ACLAuthMethod
 	exported := &struct {
@@ -895,6 +902,44 @@ func (a *ACL) TokenList(q *QueryOptions) ([]*ACLTokenListEntry, *QueryMeta, erro
 	return entries, qm, nil
 }
 
+// TokenListFiltered lists all tokens that match the given filter options.
+// The listing does not contain any SecretIDs as those may only be retrieved by a call to TokenRead.
+func (a *ACL) TokenListFiltered(t ACLTokenFilterOptions, q *QueryOptions) ([]*ACLTokenListEntry, *QueryMeta, error) {
+	r := a.c.newRequest("GET", "/v1/acl/tokens")
+	r.setQueryOptions(q)
+
+	if t.AuthMethod != "" {
+		r.params.Set("authmethod", t.AuthMethod)
+	}
+	if t.Policy != "" {
+		r.params.Set("policy", t.Policy)
+	}
+	if t.Role != "" {
+		r.params.Set("role", t.Role)
+	}
+	if t.ServiceName != "" {
+		r.params.Set("servicename", t.ServiceName)
+	}
+
+	rtt, resp, err := a.c.doRequest(r)
+	if err != nil {
+		return nil, nil, err
+	}
+	defer closeResponseBody(resp)
+	if err := requireOK(resp); err != nil {
+		return nil, nil, err
+	}
+	qm := &QueryMeta{}
+	parseQueryMeta(resp, qm)
+	qm.RequestTime = rtt
+
+	var entries []*ACLTokenListEntry
+	if err := decodeBody(resp, &entries); err != nil {
+		return nil, nil, err
+	}
+	return entries, qm, nil
+}
+
 // PolicyCreate will create a new policy. It is not allowed for the policy parameters
 // ID field to be set as this will be generated by Consul while processing the request.
 func (a *ACL) PolicyCreate(policy *ACLPolicy, q *WriteOptions) (*ACLPolicy, *WriteMeta, error) {
diff --git a/api/acl_test.go b/api/acl_test.go
index f515878290cd..d5ff37c1f75b 100644
--- a/api/acl_test.go
+++ b/api/acl_test.go
@@ -553,6 +553,89 @@ func TestAPI_ACLToken_List(t *testing.T) {
 	require.NotNil(t, token5)
 }
 
+func TestAPI_ACLToken_ListFiltered(t *testing.T) {
+	t.Parallel()
+	c, s := makeACLClient(t)
+	defer s.Stop()
+
+	acl := c.ACL()
+	s.WaitForSerfCheck(t)
+
+	created1, _, err := acl.TokenCreate(&ACLToken{
+		Description: "token1",
+		ServiceIdentities: []*ACLServiceIdentity{
+			{ServiceName: "s1"},
+		},
+	}, nil)
+	require.NoError(t, err)
+	require.NotNil(t, created1)
+	require.NotEqual(t, "", created1.AccessorID)
+	require.NotEqual(t, "", created1.SecretID)
+
+	created2, _, err := acl.TokenCreate(&ACLToken{
+		Description: "token2",
+		ServiceIdentities: []*ACLServiceIdentity{
+			{ServiceName: "s2"},
+		},
+	}, nil)
+	require.NoError(t, err)
+	require.NotNil(t, created2)
+	require.NotEqual(t, "", created2.AccessorID)
+	require.NotEqual(t, "", created2.SecretID)
+
+	created3, _, err := acl.TokenCreate(&ACLToken{
+		Description: "token3",
+		ServiceIdentities: []*ACLServiceIdentity{
+			{ServiceName: "s1"},
+			{ServiceName: "s2"},
+		},
+	}, nil)
+	require.NoError(t, err)
+	require.NotNil(t, created3)
+	require.NotEqual(t, "", created3.AccessorID)
+	require.NotEqual(t, "", created3.SecretID)
+
+	tokens, qm, err := acl.TokenListFiltered(ACLTokenFilterOptions{
+		ServiceName: "s1",
+	}, nil)
+	require.NoError(t, err)
+	require.NotEqual(t, 0, qm.LastIndex)
+	require.True(t, qm.KnownLeader)
+	require.Len(t, tokens, 2)
+	found := make([]string, 0, 2)
+	for _, token := range tokens {
+		found = append(found, token.Description)
+	}
+	require.ElementsMatch(t, []string{"token1", "token3"}, found)
+
+	tokens, qm, err = acl.TokenListFiltered(ACLTokenFilterOptions{
+		ServiceName: "s2",
+	}, nil)
+	require.NoError(t, err)
+	require.NotEqual(t, 0, qm.LastIndex)
+	require.True(t, qm.KnownLeader)
+	require.Len(t, tokens, 2)
+	found = make([]string, 0, 2)
+	for _, token := range tokens {
+		found = append(found, token.Description)
+	}
+	require.ElementsMatch(t, []string{"token2", "token3"}, found)
+
+	tokens, qm, err = acl.TokenListFiltered(ACLTokenFilterOptions{
+		ServiceName: "nothing",
+	}, nil)
+	require.NoError(t, err)
+	require.NotEqual(t, 0, qm.LastIndex)
+	require.True(t, qm.KnownLeader)
+	require.Empty(t, tokens)
+
+	_, _, err = acl.TokenListFiltered(ACLTokenFilterOptions{
+		ServiceName: "s",
+		AuthMethod:  "a",
+	}, nil)
+	require.ErrorContains(t, err, "can only filter by one of")
+}
+
 func TestAPI_ACLToken_Clone(t *testing.T) {
 	t.Parallel()
 	c, s := makeACLClient(t)
diff --git a/api/agent.go b/api/agent.go
index b09ed1c1cd75..6775edf4257a 100644
--- a/api/agent.go
+++ b/api/agent.go
@@ -345,6 +345,7 @@ type AgentServiceCheck struct {
 	Method                 string              `json:",omitempty"`
 	Body                   string              `json:",omitempty"`
 	TCP                    string              `json:",omitempty"`
+	TCPUseTLS              bool                `json:",omitempty"`
 	UDP                    string              `json:",omitempty"`
 	Status                 string              `json:",omitempty"`
 	Notes                  string              `json:",omitempty"`
diff --git a/api/agent_test.go b/api/agent_test.go
index e6731bb29ad6..dce525ebc322 100644
--- a/api/agent_test.go
+++ b/api/agent_test.go
@@ -165,21 +165,6 @@ func TestAPI_AgentMembersOpts(t *testing.T) {
 	}
 
 	require.Equal(t, 1, len(members))
-
-	members, err = agent.MembersOpts(MembersOpts{
-		WAN:    true,
-		Filter: `Tags["dc"] == "not-Exist"`,
-	})
-	if err != nil {
-		t.Fatalf("err: %v", err)
-	}
-	require.Equal(t, 0, len(members))
-
-	_, err = agent.MembersOpts(MembersOpts{
-		WAN:    true,
-		Filter: `Tags["dc"] == invalid-bexpr-value`,
-	})
-	require.ErrorContains(t, err, "Failed to create boolean expression evaluator")
 }
 
 func TestAPI_AgentMembers(t *testing.T) {
diff --git a/api/config_entry.go b/api/config_entry.go
index b59c20fd3007..405e92ef2741 100644
--- a/api/config_entry.go
+++ b/api/config_entry.go
@@ -39,12 +39,11 @@ const (
 )
 
 const (
-	BuiltinAWSLambdaExtension         string = "builtin/aws/lambda"
-	BuiltinExtAuthzExtension          string = "builtin/ext-authz"
-	BuiltinLuaExtension               string = "builtin/lua"
-	BuiltinOTELAccessLoggingExtension string = "builtin/otel-access-logging"
-	BuiltinPropertyOverrideExtension  string = "builtin/property-override"
-	BuiltinWasmExtension              string = "builtin/wasm"
+	BuiltinAWSLambdaExtension        string = "builtin/aws/lambda"
+	BuiltinExtAuthzExtension         string = "builtin/ext-authz"
+	BuiltinLuaExtension              string = "builtin/lua"
+	BuiltinPropertyOverrideExtension string = "builtin/property-override"
+	BuiltinWasmExtension             string = "builtin/wasm"
 	// BuiltinValidateExtension should not be exposed directly or accepted as a valid configured
 	// extension type, as it is only used indirectly via troubleshooting tools. It is included here
 	// for common reference alongside other builtin extensions.
@@ -315,47 +314,6 @@ type UpstreamLimits struct {
 	MaxConcurrentRequests *int `alias:"max_concurrent_requests"`
 }
 
-// RateLimits is rate limiting configuration that is applied to
-// inbound traffic for a service.
-// Rate limiting is a Consul enterprise feature.
-type RateLimits struct {
-	InstanceLevel InstanceLevelRateLimits `alias:"instance_level"`
-}
-
-// InstanceLevelRateLimits represents rate limit configuration
-// that are applied per service instance.
-type InstanceLevelRateLimits struct {
-	// RequestsPerSecond is the average number of requests per second that can be
-	// made without being throttled. This field is required if RequestsMaxBurst
-	// is set. The allowed number of requests may exceed RequestsPerSecond up to
-	// the value specified in RequestsMaxBurst.
-	//
-	// Internally, this is the refill rate of the token bucket used for rate limiting.
-	RequestsPerSecond int `alias:"requests_per_second"`
-
-	// RequestsMaxBurst is the maximum number of requests that can be sent
-	// in a burst. Should be equal to or greater than RequestsPerSecond.
-	// If unset, defaults to RequestsPerSecond.
-	//
-	// Internally, this is the maximum size of the token bucket used for rate limiting.
-	RequestsMaxBurst int `alias:"requests_max_burst"`
-
-	// Routes is a list of rate limits applied to specific routes.
-	// Overrides any top-level configuration.
-	Routes []InstanceLevelRouteRateLimits
-}
-
-// InstanceLevelRouteRateLimits represents rate limit configuration
-// applied to a route matching one of PathExact/PathPrefix/PathRegex.
-type InstanceLevelRouteRateLimits struct {
-	PathExact  string `alias:"path_exact"`
-	PathPrefix string `alias:"path_prefix"`
-	PathRegex  string `alias:"path_regex"`
-
-	RequestsPerSecond int `alias:"requests_per_second"`
-	RequestsMaxBurst  int `alias:"requests_max_burst"`
-}
-
 type ServiceConfigEntry struct {
 	Kind                      string
 	Name                      string
@@ -374,7 +332,6 @@ type ServiceConfigEntry struct {
 	LocalConnectTimeoutMs     int                     `json:",omitempty" alias:"local_connect_timeout_ms"`
 	LocalRequestTimeoutMs     int                     `json:",omitempty" alias:"local_request_timeout_ms"`
 	BalanceInboundConnections string                  `json:",omitempty" alias:"balance_inbound_connections"`
-	RateLimits                *RateLimits             `json:",omitempty" alias:"rate_limits"`
 	EnvoyExtensions           []EnvoyExtension        `json:",omitempty" alias:"envoy_extensions"`
 	Meta                      map[string]string       `json:",omitempty"`
 	CreateIndex               uint64
diff --git a/api/config_entry_gateways.go b/api/config_entry_gateways.go
index baf274e2da02..b59f1c0621ff 100644
--- a/api/config_entry_gateways.go
+++ b/api/config_entry_gateways.go
@@ -284,10 +284,6 @@ type APIGatewayListener struct {
 	Protocol string
 	// TLS is the TLS settings for the listener.
 	TLS APIGatewayTLSConfiguration
-	// Override is the policy that overrides all other policy and route specific configuration
-	Override *APIGatewayPolicy `json:",omitempty"`
-	// Default is the policy that is the default for the listener and route, routes can override this behavior
-	Default *APIGatewayPolicy `json:",omitempty"`
 }
 
 // APIGatewayTLSConfiguration specifies the configuration of a listener’s
@@ -306,39 +302,3 @@ type APIGatewayTLSConfiguration struct {
 	// Only applicable to connections negotiated via TLS 1.2 or earlier
 	CipherSuites []string `json:",omitempty" alias:"cipher_suites"`
 }
-
-// APIGatewayPolicy holds the policy that configures the gateway listener, this is used in the `Override` and `Default` fields of a listener
-type APIGatewayPolicy struct {
-	// JWT holds the JWT configuration for the Listener
-	JWT *APIGatewayJWTRequirement `json:",omitempty"`
-}
-
-// APIGatewayJWTRequirement holds the list of JWT providers to be verified against
-type APIGatewayJWTRequirement struct {
-	// Providers is a list of providers to consider when verifying a JWT.
-	Providers []*APIGatewayJWTProvider `json:",omitempty"`
-}
-
-// APIGatewayJWTProvider holds the provider and claim verification information
-type APIGatewayJWTProvider struct {
-	// Name is the name of the JWT provider. There MUST be a corresponding
-	// "jwt-provider" config entry with this name.
-	Name string `json:",omitempty"`
-
-	// VerifyClaims is a list of additional claims to verify in a JWT's payload.
-	VerifyClaims []*APIGatewayJWTClaimVerification `json:",omitempty" alias:"verify_claims"`
-}
-
-// APIGatewayJWTClaimVerification holds the actual claim information to be verified
-type APIGatewayJWTClaimVerification struct {
-	// Path is the path to the claim in the token JSON.
-	Path []string `json:",omitempty"`
-
-	// Value is the expected value at the given path:
-	// - If the type at the path is a list then we verify
-	//   that this value is contained in the list.
-	//
-	// - If the type at the path is a string then we verify
-	//   that this value matches.
-	Value string `json:",omitempty"`
-}
diff --git a/api/config_entry_gateways_test.go b/api/config_entry_gateways_test.go
index 7383b0ae6803..25b0a2d515c2 100644
--- a/api/config_entry_gateways_test.go
+++ b/api/config_entry_gateways_test.go
@@ -348,150 +348,3 @@ func TestAPI_ConfigEntries_TerminatingGateway(t *testing.T) {
 	_, _, err = configEntries.Get(TerminatingGateway, "foo", nil)
 	require.Error(t, err)
 }
-
-func TestAPI_ConfigEntries_APIGateway(t *testing.T) {
-	t.Parallel()
-	c, s := makeClient(t)
-	defer s.Stop()
-
-	configEntries := c.ConfigEntries()
-	listener1 := APIGatewayListener{
-		Name:     "listener1",
-		Hostname: "host.com",
-		Port:     3360,
-		Protocol: "http",
-	}
-
-	listener2 := APIGatewayListener{
-		Name:     "listener2",
-		Hostname: "host2.com",
-		Port:     3362,
-		Protocol: "http",
-	}
-
-	apigw1 := &APIGatewayConfigEntry{
-		Kind: APIGateway,
-		Name: "foo",
-		Meta: map[string]string{
-			"foo": "bar",
-			"gir": "zim",
-		},
-		Listeners: []APIGatewayListener{listener1},
-	}
-
-	apigw2 := &APIGatewayConfigEntry{
-		Kind:      APIGateway,
-		Name:      "bar",
-		Listeners: []APIGatewayListener{listener2},
-	}
-
-	// set it
-	_, wm, err := configEntries.Set(apigw1, nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-
-	// also set the second one
-	_, wm, err = configEntries.Set(apigw2, nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-
-	// get it
-	entry, qm, err := configEntries.Get(APIGateway, "foo", nil)
-	require.NoError(t, err)
-	require.NotNil(t, qm)
-	require.NotEqual(t, 0, qm.RequestTime)
-
-	// verify it
-	readGW, ok := entry.(*APIGatewayConfigEntry)
-	require.True(t, ok)
-	require.Equal(t, apigw1.Kind, readGW.Kind)
-	require.Equal(t, apigw1.Name, readGW.Name)
-	require.Equal(t, apigw1.Meta, readGW.Meta)
-	require.Equal(t, apigw1.Meta, readGW.GetMeta())
-
-	// update it
-	apigw1.Listeners = []APIGatewayListener{
-		listener1,
-		{
-			Name:     "listener3",
-			Hostname: "host3.com",
-			Port:     3363,
-			Protocol: "http",
-		},
-	}
-
-	// CAS fail
-	written, _, err := configEntries.CAS(apigw1, 0, nil)
-	require.NoError(t, err)
-	require.False(t, written)
-
-	// CAS success
-	written, wm, err = configEntries.CAS(apigw1, readGW.ModifyIndex, nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-	require.True(t, written)
-
-	// re-setting should not yield an error
-	_, wm, err = configEntries.Set(apigw1, nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-
-	apigw2.Listeners = []APIGatewayListener{
-		listener2,
-		{
-			Name:     "listener4",
-			Hostname: "host4.com",
-			Port:     3364,
-			Protocol: "http",
-		},
-	}
-
-	_, wm, err = configEntries.Set(apigw2, nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-
-	// list them
-	entries, qm, err := configEntries.List(APIGateway, nil)
-	require.NoError(t, err)
-	require.NotNil(t, qm)
-	require.NotEqual(t, 0, qm.RequestTime)
-	require.Len(t, entries, 2)
-
-	for _, entry = range entries {
-		switch entry.GetName() {
-		case "foo":
-			// this also verifies that the update value was persisted and
-			// the updated values are seen
-			readGW, ok = entry.(*APIGatewayConfigEntry)
-			require.True(t, ok)
-			require.Equal(t, apigw1.Kind, readGW.Kind)
-			require.Equal(t, apigw1.Name, readGW.Name)
-			require.Len(t, readGW.Listeners, 2)
-
-			require.Equal(t, apigw1.Listeners, readGW.Listeners)
-		case "bar":
-			readGW, ok = entry.(*APIGatewayConfigEntry)
-			require.True(t, ok)
-			require.Equal(t, apigw2.Kind, readGW.Kind)
-			require.Equal(t, apigw2.Name, readGW.Name)
-			require.Len(t, readGW.Listeners, 2)
-
-			require.Equal(t, apigw2.Listeners, readGW.Listeners)
-		}
-	}
-
-	// delete it
-	wm, err = configEntries.Delete(APIGateway, "foo", nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-
-	// verify deletion
-	_, _, err = configEntries.Get(APIGateway, "foo", nil)
-	require.Error(t, err)
-}
diff --git a/api/config_entry_routes.go b/api/config_entry_routes.go
index 8df367093fe2..cfea394535db 100644
--- a/api/config_entry_routes.go
+++ b/api/config_entry_routes.go
@@ -3,8 +3,6 @@
 
 package api
 
-import "time"
-
 // TCPRouteConfigEntry -- TODO stub
 type TCPRouteConfigEntry struct {
 	// Kind of the config entry. This should be set to api.TCPRoute.
@@ -197,11 +195,8 @@ type HTTPQueryMatch struct {
 // HTTPFilters specifies a list of filters used to modify a request
 // before it is routed to an upstream.
 type HTTPFilters struct {
-	Headers       []HTTPHeaderFilter
-	URLRewrite    *URLRewrite
-	RetryFilter   *RetryFilter
-	TimeoutFilter *TimeoutFilter
-	JWT           *JWTFilter
+	Headers    []HTTPHeaderFilter
+	URLRewrite *URLRewrite
 }
 
 // HTTPHeaderFilter specifies how HTTP headers should be modified.
@@ -215,23 +210,6 @@ type URLRewrite struct {
 	Path string
 }
 
-type RetryFilter struct {
-	NumRetries            *uint32
-	RetryOn               []string
-	RetryOnStatusCodes    []uint32
-	RetryOnConnectFailure *bool
-}
-
-type TimeoutFilter struct {
-	RequestTimeout time.Duration
-	IdleTimeout    time.Duration
-}
-
-// JWTFilter specifies the JWT configuration for a route
-type JWTFilter struct {
-	Providers []*APIGatewayJWTProvider `json:",omitempty"`
-}
-
 // HTTPRouteRule specifies the routing rules used to determine what upstream
 // service an HTTP request is routed to.
 type HTTPRouteRule struct {
diff --git a/api/config_entry_routes_test.go b/api/config_entry_routes_test.go
deleted file mode 100644
index b878612e907e..000000000000
--- a/api/config_entry_routes_test.go
+++ /dev/null
@@ -1,134 +0,0 @@
-package api
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestAPI_ConfigEntries_HTTPRoute(t *testing.T) {
-	t.Parallel()
-	c, s := makeClient(t)
-	defer s.Stop()
-
-	configEntries := c.ConfigEntries()
-	route1 := &HTTPRouteConfigEntry{
-		Kind: HTTPRoute,
-		Name: "route1",
-	}
-
-	route2 := &HTTPRouteConfigEntry{
-		Kind: HTTPRoute,
-		Name: "route2",
-	}
-
-	// set it
-	_, wm, err := configEntries.Set(route1, nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-
-	// also set the second one
-	_, wm, err = configEntries.Set(route2, nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-
-	// get it
-	entry, qm, err := configEntries.Get(HTTPRoute, "route1", nil)
-	require.NoError(t, err)
-	require.NotNil(t, qm)
-	require.NotEqual(t, 0, qm.RequestTime)
-
-	// verify it
-	readRoute, ok := entry.(*HTTPRouteConfigEntry)
-	require.True(t, ok)
-	require.Equal(t, route1.Kind, readRoute.Kind)
-	require.Equal(t, route1.Name, readRoute.Name)
-	require.Equal(t, route1.Meta, readRoute.Meta)
-	require.Equal(t, route1.Meta, readRoute.GetMeta())
-
-	// update it
-	route1.Rules = []HTTPRouteRule{
-		{
-			Filters: HTTPFilters{
-				URLRewrite: &URLRewrite{
-					Path: "abc",
-				},
-			},
-		},
-	}
-
-	// CAS fail
-	written, _, err := configEntries.CAS(route1, 0, nil)
-	require.NoError(t, err)
-	require.False(t, written)
-
-	// CAS success
-	written, wm, err = configEntries.CAS(route1, readRoute.ModifyIndex, nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-	require.True(t, written)
-
-	// re-setting should not yield an error
-	_, wm, err = configEntries.Set(route1, nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-
-	route2.Rules = []HTTPRouteRule{
-		{
-			Filters: HTTPFilters{
-				URLRewrite: &URLRewrite{
-					Path: "def",
-				},
-			},
-		},
-	}
-
-	_, wm, err = configEntries.Set(route2, nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-
-	// list them
-	entries, qm, err := configEntries.List(HTTPRoute, nil)
-	require.NoError(t, err)
-	require.NotNil(t, qm)
-	require.NotEqual(t, 0, qm.RequestTime)
-	require.Len(t, entries, 2)
-
-	for _, entry = range entries {
-		switch entry.GetName() {
-		case "route1":
-			// this also verifies that the update value was persisted and
-			// the updated values are seen
-			readRoute, ok = entry.(*HTTPRouteConfigEntry)
-			require.True(t, ok)
-			require.Equal(t, route1.Kind, readRoute.Kind)
-			require.Equal(t, route1.Name, readRoute.Name)
-			require.Len(t, readRoute.Rules, 1)
-
-			require.Equal(t, route1.Rules, readRoute.Rules)
-		case "route2":
-			readRoute, ok = entry.(*HTTPRouteConfigEntry)
-			require.True(t, ok)
-			require.Equal(t, route2.Kind, readRoute.Kind)
-			require.Equal(t, route2.Name, readRoute.Name)
-			require.Len(t, readRoute.Rules, 1)
-
-			require.Equal(t, route2.Rules, readRoute.Rules)
-		}
-	}
-
-	// delete it
-	wm, err = configEntries.Delete(HTTPRoute, "route1", nil)
-	require.NoError(t, err)
-	require.NotNil(t, wm)
-	require.NotEqual(t, 0, wm.RequestTime)
-
-	// verify deletion
-	_, _, err = configEntries.Get(HTTPRoute, "route1", nil)
-	require.Error(t, err)
-}
diff --git a/api/health.go b/api/health.go
index 932317fdb01e..a0230020460d 100644
--- a/api/health.go
+++ b/api/health.go
@@ -67,6 +67,7 @@ type HealthCheckDefinition struct {
 	TLSServerName                          string
 	TLSSkipVerify                          bool
 	TCP                                    string
+	TCPUseTLS                              bool
 	UDP                                    string
 	GRPC                                   string
 	OSService                              string
diff --git a/api/watch/funcs_test.go b/api/watch/funcs_test.go
index 4bd79a59c14f..91318009ceac 100644
--- a/api/watch/funcs_test.go
+++ b/api/watch/funcs_test.go
@@ -1196,110 +1196,6 @@ func TestChecksWatch_Filter(t *testing.T) {
 	}
 }
 
-func TestChecksWatch_Filter_by_ServiceNameStatus(t *testing.T) {
-	t.Parallel()
-	c, s := makeClient(t)
-	defer s.Stop()
-
-	s.WaitForSerfCheck(t)
-
-	var (
-		wakeups  [][]*api.HealthCheck
-		notifyCh = make(chan struct{})
-	)
-
-	plan := mustParse(t, `{"type":"checks", "filter":"ServiceName == bar and Status == critical"}`)
-	plan.Handler = func(idx uint64, raw interface{}) {
-		if raw == nil {
-			return // ignore
-		}
-		v, ok := raw.([]*api.HealthCheck)
-		if !ok {
-			return // ignore
-		}
-		wakeups = append(wakeups, v)
-		notifyCh <- struct{}{}
-	}
-
-	var wg sync.WaitGroup
-	wg.Add(1)
-	go func() {
-		defer wg.Done()
-		if err := plan.Run(s.HTTPAddr); err != nil {
-			t.Errorf("err: %v", err)
-		}
-	}()
-	defer plan.Stop()
-
-	// Wait for first wakeup.
-	<-notifyCh
-	{
-		catalog := c.Catalog()
-
-		// we don't want to find this one
-		reg := &api.CatalogRegistration{
-			Node:       "foo",
-			Address:    "1.1.1.1",
-			Datacenter: "dc1",
-			Service: &api.AgentService{
-				ID:      "foo",
-				Service: "foo",
-				Tags:    []string{"a"},
-			},
-			Check: &api.AgentCheck{
-				Node:      "foo",
-				CheckID:   "foo",
-				Name:      "foo",
-				Status:    api.HealthPassing,
-				ServiceID: "foo",
-			},
-		}
-		if _, err := catalog.Register(reg, nil); err != nil {
-			t.Fatalf("err: %v", err)
-		}
-
-		// we want to find this one
-		reg = &api.CatalogRegistration{
-			Node:       "bar",
-			Address:    "2.2.2.2",
-			Datacenter: "dc1",
-			Service: &api.AgentService{
-				ID:      "bar",
-				Service: "bar",
-				Tags:    []string{"a", "b"},
-			},
-			Check: &api.AgentCheck{
-				Node:      "bar",
-				CheckID:   "bar",
-				Name:      "bar",
-				Status:    api.HealthCritical,
-				ServiceID: "bar",
-			},
-		}
-		if _, err := catalog.Register(reg, nil); err != nil {
-			t.Fatalf("err: %v", err)
-		}
-	}
-
-	// Wait for second wakeup.
-	<-notifyCh
-
-	plan.Stop()
-	wg.Wait()
-
-	require.Len(t, wakeups, 2)
-
-	{
-		v := wakeups[0]
-		require.Len(t, v, 0)
-	}
-	{
-		v := wakeups[1]
-		require.Len(t, v, 1)
-		require.Equal(t, "bar", v[0].CheckID)
-	}
-}
-
 func TestEventWatch(t *testing.T) {
 	t.Parallel()
 	c, s := makeClient(t)
diff --git a/buf.work.yaml b/buf.work.yaml
index 5fab419b164b..f89f53a2bd8a 100644
--- a/buf.work.yaml
+++ b/buf.work.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 version: v1
 directories:
diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile
index 2337a7270209..c5b3c8394ea3 100644
--- a/build-support/docker/Build-Go.dockerfile
+++ b/build-support/docker/Build-Go.dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 ARG GOLANG_VERSION=1.20.7
 FROM golang:${GOLANG_VERSION}
diff --git a/build-support/docker/Build-UI.dockerfile b/build-support/docker/Build-UI.dockerfile
index 9d646fb6ea69..6682458137dc 100644
--- a/build-support/docker/Build-UI.dockerfile
+++ b/build-support/docker/Build-UI.dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 FROM docker.mirror.hashicorp.services/circleci/node:16-browsers
 
diff --git a/build-support/docker/Consul-Dev-Dbg.dockerfile b/build-support/docker/Consul-Dev-Dbg.dockerfile
index 488fb053264e..cf1ae388d1f7 100644
--- a/build-support/docker/Consul-Dev-Dbg.dockerfile
+++ b/build-support/docker/Consul-Dev-Dbg.dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 FROM consul:local
 EXPOSE 4000
diff --git a/build-support/docker/Consul-Dev-Multiarch.dockerfile b/build-support/docker/Consul-Dev-Multiarch.dockerfile
index e35a98d5f890..265a1804cf11 100644
--- a/build-support/docker/Consul-Dev-Multiarch.dockerfile
+++ b/build-support/docker/Consul-Dev-Multiarch.dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 ARG CONSUL_IMAGE_VERSION=latest
 FROM hashicorp/consul:${CONSUL_IMAGE_VERSION}
diff --git a/build-support/docker/Consul-Dev.dockerfile b/build-support/docker/Consul-Dev.dockerfile
index 12f014969ab5..122bc3192a7f 100644
--- a/build-support/docker/Consul-Dev.dockerfile
+++ b/build-support/docker/Consul-Dev.dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 ARG CONSUL_IMAGE_VERSION=latest
 FROM hashicorp/consul:${CONSUL_IMAGE_VERSION}
diff --git a/build-support/functions/00-vars.sh b/build-support/functions/00-vars.sh
index ef8433c34ebb..2f16f8ce74ca 100644
--- a/build-support/functions/00-vars.sh
+++ b/build-support/functions/00-vars.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # GPG Key ID to use for publically released builds
 HASHICORP_GPG_KEY="348FFC4C"
diff --git a/build-support/functions/10-util.sh b/build-support/functions/10-util.sh
index 4bb9f35a9f38..9a47ea3722dc 100644
--- a/build-support/functions/10-util.sh
+++ b/build-support/functions/10-util.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 function err {
    if test "${COLORIZE}" -eq 1
diff --git a/build-support/functions/20-build.sh b/build-support/functions/20-build.sh
index c49ff0c59298..a2e5830196b6 100644
--- a/build-support/functions/20-build.sh
+++ b/build-support/functions/20-build.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 function supported_osarch {
    # Arguments:
diff --git a/build-support/functions/30-release.sh b/build-support/functions/30-release.sh
index 26f7c1048995..d83d9f415503 100644
--- a/build-support/functions/30-release.sh
+++ b/build-support/functions/30-release.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 function tag_release {
    # Arguments:
diff --git a/build-support/scripts/build-date.sh b/build-support/scripts/build-date.sh
index 49f3851bef47..5b52bffa2647 100755
--- a/build-support/scripts/build-date.sh
+++ b/build-support/scripts/build-date.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
 readonly SCRIPT_DIR="$(dirname ${BASH_SOURCE[0]})"
diff --git a/build-support/scripts/build-docker.sh b/build-support/scripts/build-docker.sh
index d36196e66bfd..2b72aa5fb061 100755
--- a/build-support/scripts/build-docker.sh
+++ b/build-support/scripts/build-docker.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
diff --git a/build-support/scripts/check-allowed-imports.sh b/build-support/scripts/check-allowed-imports.sh
deleted file mode 100755
index efba156c7937..000000000000
--- a/build-support/scripts/check-allowed-imports.sh
+++ /dev/null
@@ -1,124 +0,0 @@
-#!/usr/bin/env bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-
-readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
-readonly SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")"
-readonly SOURCE_DIR="$(dirname "$(dirname "${SCRIPT_DIR}")")"
-readonly FN_DIR="$(dirname "${SCRIPT_DIR}")/functions"
-
-source "${SCRIPT_DIR}/functions.sh"
-
-
-set -uo pipefail
-
-usage() {
-cat <<-EOF
-Usage: ${SCRIPT_NAME} <module root> [<allowed relative package path>...]
-
-Description:
-    Verifies that only the specified packages may be imported from the given module 
-
-Options:
-    -h | --help              Print this help text.
-EOF
-}
-
-function err_usage {
-    err "$1"
-    err ""
-    err "$(usage)"
-}
-
-function main {
-   local module_root=""
-   declare -a allowed_packages=()
-   while test $# -gt 0
-   do
-      case "$1" in
-         -h | --help )
-         usage
-         return 0
-         ;;
-      * )
-         if test -z "$module_root"
-         then
-            module_root="$1"
-         else
-            allowed_packages+="$1"
-         fi
-         shift     
-      esac
-   done
-   
-   # If we could guarantee this ran with bash 4.2+ then the final argument could
-   # be just ${allowed_packages[@]}. However that with older versions of bash
-   # in combination with set -u causes bash to emit errors about using unbound
-   # variables when no allowed packages have been specified (i.e. the module should
-   # generally be disallowed with no exceptions). This syntax is very strange
-   # but seems to be the prescribed workaround I found.
-   check_imports "$module_root" ${allowed_packages[@]+"${allowed_packages[@]}"}
-   return $?
-}
-
-function check_imports {
-   local module_root="$1"
-   shift
-   local allowed_packages="$@"
-   
-   module_imports=$( go list -test -f '{{join .TestImports "\n"}}' ./... | grep "$module_root" | sort | uniq)
-   module_test_imports=$( go list -test -f '{{join .TestImports "\n"}}' ./... | grep "$module_root" | sort | uniq)
-
-   any_error=0
-   
-   for imp in $module_imports
-   do
-      is_import_allowed "$imp" "$module_root" $allowed_packages
-      allowed=$?
-      
-      if test $any_error -ne 1
-      then
-         any_error=$allowed
-      fi
-   done
-  
-   if test $any_error -eq 1
-   then
-      echo "Only the following direct imports are allowed from module $module_root:"
-      for pkg in $allowed_packages
-      do
-         echo "   * $pkg"
-      done
-   fi
-
-   return $any_error   
-}
-
-function is_import_allowed {
-   local pkg_import=$1
-   shift
-   local module_root=$1
-   shift
-   local allowed_packages="$@"
-   
-   # check if the import path is a part of the module we are restricting imports for
-   if test "$( go list -f '{{.Module.Path}}' $pkg_import)" != "$module_root"
-   then
-      return 0
-   fi
-   
-   for pkg in $allowed_packages
-   do
-      if test "${module_root}/$pkg" == "$pkg_import"
-      then
-         return 0
-      fi
-   done
-   
-   err "Import of package $pkg_import is not allowed"
-   return 1
-}
-
-main "$@"
-exit $?
\ No newline at end of file
diff --git a/build-support/scripts/devtools.sh b/build-support/scripts/devtools.sh
index edf4b83eae66..82cf316cb334 100755
--- a/build-support/scripts/devtools.sh
+++ b/build-support/scripts/devtools.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
diff --git a/build-support/scripts/envoy-library-references.sh b/build-support/scripts/envoy-library-references.sh
index bca15806c7e4..7f5413bbf78f 100644
--- a/build-support/scripts/envoy-library-references.sh
+++ b/build-support/scripts/envoy-library-references.sh
@@ -23,7 +23,7 @@ unset CDPATH
 cd "$(dirname "$0")" # build-support/scripts
 cd ../..             # <ROOT>
 
-if [[ ! -f Makefile ]] || [[ ! -f go.mod ]]; then
+if [[ ! -f GNUmakefile ]] || [[ ! -f go.mod ]]; then
     echo "not in root consul checkout: ${PWD}" >&2
     exit 1
 fi
diff --git a/build-support/scripts/functions.sh b/build-support/scripts/functions.sh
index 4db767f13c55..42fe385c012e 100755
--- a/build-support/scripts/functions.sh
+++ b/build-support/scripts/functions.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 #
 # NOTE: This file is meant to be sourced from other bash scripts/shells
diff --git a/build-support/scripts/protobuf.sh b/build-support/scripts/protobuf.sh
index 20d06c807763..420d66d6a11b 100755
--- a/build-support/scripts/protobuf.sh
+++ b/build-support/scripts/protobuf.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
@@ -72,10 +72,6 @@ function main {
 
     status "Generated gRPC rate limit mapping file"
 
-    generate_protoset_file
-
-    status "Generated protoset file"
-
     return 0
 }
 
@@ -156,11 +152,5 @@ function generate_rate_limit_mappings {
     }
 }
 
-function generate_protoset_file {
-  local pkg_dir="${SOURCE_DIR}/pkg"
-  mkdir -p "$pkg_dir"
-  print_run buf build -o "${pkg_dir}/consul.protoset"
-}
-
 main "$@"
 exit $?
diff --git a/build-support/scripts/release.sh b/build-support/scripts/release.sh
index fa7e7c066d45..a8fbe84d8911 100755
--- a/build-support/scripts/release.sh
+++ b/build-support/scripts/release.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
diff --git a/build-support/scripts/version.sh b/build-support/scripts/version.sh
index 2bc9998813ed..46630636bbfc 100755
--- a/build-support/scripts/version.sh
+++ b/build-support/scripts/version.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 readonly SCRIPT_NAME="$(basename ${BASH_SOURCE[0]})"
diff --git a/build-support/windows/Dockerfile-consul-dev-windows b/build-support/windows/Dockerfile-consul-dev-windows
deleted file mode 100644
index 4e35ccb6e5eb..000000000000
--- a/build-support/windows/Dockerfile-consul-dev-windows
+++ /dev/null
@@ -1,4 +0,0 @@
-ARG VERSION=1.16.0
-
-FROM windows/consul:${VERSION}-local
-COPY dist/ C:\\consul
diff --git a/build-support/windows/Dockerfile-consul-local-windows b/build-support/windows/Dockerfile-consul-local-windows
deleted file mode 100644
index 992c48c286a2..000000000000
--- a/build-support/windows/Dockerfile-consul-local-windows
+++ /dev/null
@@ -1,52 +0,0 @@
-ARG VERSION=1.13.3
-
-FROM windows/test-sds-server as test-sds-server
-FROM docker.mirror.hashicorp.services/windows/openzipkin as openzipkin
-FROM windows/consul:${VERSION}
-
-# Fortio binary downloaded
-RUN mkdir fortio
-ENV FORTIO_URL=https://github.com/fortio/fortio/releases/download/v1.33.0/fortio_win_1.33.0.zip
-RUN curl %FORTIO_URL% -L -o fortio.zip
-RUN tar -xf fortio.zip -C fortio
-
-RUN choco install openssl -yf
-RUN choco install jq -yf
-RUN choco install netcat -yf
-RUN choco install openjdk -yf
-
-# Install Bats
-ENV BATS_URL=https://github.com/bats-core/bats-core/archive/refs/tags/v1.7.0.zip
-RUN curl %BATS_URL% -L -o bats.zip
-RUN mkdir bats-core
-RUN tar -xf bats.zip -C bats-core --strip-components=1
-RUN cd "C:\\Program Files\\Git\\bin" && bash.exe -c "/c/bats-core/install.sh /c/bats"
-
-# Install Jaeger
-ENV JAEGER_URL=https://github.com/jaegertracing/jaeger/releases/download/v1.11.0/jaeger-1.11.0-windows-amd64.tar.gz
-RUN curl %JAEGER_URL% -L -o jaeger.tar.gz
-RUN mkdir jaeger
-RUN tar -xf jaeger.tar.gz -C jaeger --strip-components=1
-
-# Install Socat
-ENV SOCAT_URL=https://github.com/tech128/socat-1.7.3.0-windows/archive/refs/heads/master.zip
-RUN curl %SOCAT_URL% -L -o socat.zip
-RUN mkdir socat
-RUN tar -xf socat.zip -C socat --strip-components=1
-
-# Copy test-sds-server binary and certs
-COPY --from=test-sds-server ["C:/go/src/", "C:/test-sds-server/"]
-
-# Copy openzipkin .jar file
-COPY --from=openzipkin ["C:/zipkin", "C:/zipkin"]
-
-EXPOSE 8300
-EXPOSE 8301 8301/udp 8302 8302/udp
-EXPOSE 8500 8600 8600/udp
-EXPOSE 8502 
-
-EXPOSE 19000 19001 19002 19003 19004
-EXPOSE 21000 21001 21002 21003 21004
-EXPOSE 5000 1234 2345
-
-RUN SETX /M path "%PATH%;C:\consul;C:\fortio;C:\jaeger;C:\Program Files\Git\bin;C:\Program Files\Git\usr\bin;C:\Program Files\OpenSSL-Win64\bin;C:\bats\bin\;C:\ProgramData\chocolatey\lib\jq\tools;C:\socat"
diff --git a/build-support/windows/Dockerfile-openzipkin-windows b/build-support/windows/Dockerfile-openzipkin-windows
deleted file mode 100644
index b23867f0b22c..000000000000
--- a/build-support/windows/Dockerfile-openzipkin-windows
+++ /dev/null
@@ -1,12 +0,0 @@
-FROM docker.mirror.hashicorp.services/windows/openjdk:1809
-
-RUN mkdir zipkin
-RUN curl.exe -sSL 'https://search.maven.org/remote_content?g=io.zipkin&a=zipkin-server&v=LATEST&c=exec' -o zipkin/zipkin.jar
-
-EXPOSE 9410/tcp
-
-EXPOSE 9411/tcp
-
-WORKDIR /zipkin
-
-ENTRYPOINT ["java", "-jar", "zipkin.jar"]
\ No newline at end of file
diff --git a/build-support/windows/build-consul-dev-image.sh b/build-support/windows/build-consul-dev-image.sh
deleted file mode 100644
index ddc5e521d11a..000000000000
--- a/build-support/windows/build-consul-dev-image.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/env bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-
-cd ../../
-rm -rf dist
-
-export GOOS=windows GOARCH=amd64
-VERSION=1.16.0
-CONSUL_BUILDDATE=$(date +"%Y-%m-%dT%H:%M:%SZ")
-GIT_IMPORT=github.com/hashicorp/consul/version
-GOLDFLAGS=" -X $GIT_IMPORT.Version=$VERSION -X $GIT_IMPORT.VersionPrerelease=dev -X $GIT_IMPORT.BuildDate=$CONSUL_BUILDDATE "
-
-go build -ldflags "$GOLDFLAGS" -o ./dist/ .
-
-docker build -t windows/consul:${VERSION}-dev -f build-support/windows/Dockerfile-consul-dev-windows . --build-arg VERSION=${VERSION}
diff --git a/build-support/windows/build-consul-local-images.sh b/build-support/windows/build-consul-local-images.sh
deleted file mode 100644
index 4a22b35706c4..000000000000
--- a/build-support/windows/build-consul-local-images.sh
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/usr/bin/env bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-
-readonly HASHICORP_DOCKER_PROXY="docker.mirror.hashicorp.services"
-
-# Build Consul Version 1.13.3 / 1.12.6 / 1.11.11
-VERSION=${VERSION:-"1.16.0"}
-export VERSION
-
-# Build Windows Envoy Version 1.23.1 / 1.21.5 / 1.20.7
-ENVOY_VERSION=${ENVOY_VERSION:-"1.27.0"}
-export ENVOY_VERSION
-
-echo "Building Images"
-
-
-# Pull Windows Servercore image
-echo " "
-echo "Pull Windows Servercore image"
-docker pull mcr.microsoft.com/windows/servercore:1809
-# Tag Windows Servercore image
-echo " "
-echo "Tag Windows Servercore image"
-docker tag mcr.microsoft.com/windows/servercore:1809 "${HASHICORP_DOCKER_PROXY}/windows/servercore:1809"
-
-
-# Pull Windows Nanoserver image
-echo " "
-echo "Pull Windows Nanoserver image"
-docker pull mcr.microsoft.com/windows/nanoserver:1809
-# Tag Windows Nanoserver image
-echo " "
-echo "Tag Windows Nanoserver image"
-docker tag mcr.microsoft.com/windows/nanoserver:1809 "${HASHICORP_DOCKER_PROXY}/windows/nanoserver:1809"
-
-
-# Pull Windows OpenJDK image
-echo " "
-echo "Pull Windows OpenJDK image"
-docker pull openjdk:windowsservercore-1809
-# Tag Windows OpenJDK image
-echo " "
-echo "Tag Windows OpenJDK image"
-docker tag openjdk:windowsservercore-1809 "${HASHICORP_DOCKER_PROXY}/windows/openjdk:1809"
-
-# Pull Windows Golang image
-echo " "
-echo "Pull Windows Golang image"
-docker pull golang:1.18.1-nanoserver-1809
-# Tag Windows Golang image
-echo " "
-echo "Tag Windows Golang image"
-docker tag golang:1.18.1-nanoserver-1809 "${HASHICORP_DOCKER_PROXY}/windows/golang:1809"
-
-
-# Pull Kubernetes/pause image
-echo " "
-echo "Pull Kubernetes/pause image"
-docker pull mcr.microsoft.com/oss/kubernetes/pause:3.6
-# Tag Kubernetes/pause image
-echo " "
-echo "Tag Kubernetes/pause image"
-docker tag mcr.microsoft.com/oss/kubernetes/pause:3.6 "${HASHICORP_DOCKER_PROXY}/windows/kubernetes/pause"
-
-# Pull envoy-windows image
-echo " "
-echo "Pull envoyproxy/envoy-windows image"
-docker pull envoyproxy/envoy-windows:v${ENVOY_VERSION}
-# Tag envoy-windows image
-echo " "
-echo "Tag envoyproxy/envoy-windows image"
-docker tag envoyproxy/envoy-windows:v${ENVOY_VERSION} "${HASHICORP_DOCKER_PROXY}/windows/envoy-windows:v${ENVOY_VERSION}"
-
-# Build Windows Openzipkin Image
-docker build -t "${HASHICORP_DOCKER_PROXY}/windows/openzipkin" -f Dockerfile-openzipkin-windows .
-
-
-# Build Windows Test sds server Image
-./build-test-sds-server-image.sh
-
-
-# Build windows/consul:${VERSION} Image
-echo " "
-echo "Build windows/consul:${VERSION} Image"
-docker build -t "windows/consul:${VERSION}" -f ../../Dockerfile-windows ../../ --build-arg VERSION=${VERSION}
-
-
-# Build windows/consul:${VERSION}-local Image
-echo " "
-echo "Build windows/consul:${VERSION}-local Image"
-docker build -t windows/consul:${VERSION}-local -f ./Dockerfile-consul-local-windows . --build-arg VERSION=${VERSION}
-
-echo "Building Complete!"
diff --git a/build-support/windows/build-test-sds-server-image.sh b/build-support/windows/build-test-sds-server-image.sh
deleted file mode 100644
index 6856c2f4394d..000000000000
--- a/build-support/windows/build-test-sds-server-image.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-
-cd ../../test/integration/connect/envoy
-
-docker build -t windows/test-sds-server -f ./Dockerfile-test-sds-server-windows test-sds-server
diff --git a/build-support/windows/windows-test.md b/build-support/windows/windows-test.md
deleted file mode 100644
index 5295e40757ef..000000000000
--- a/build-support/windows/windows-test.md
+++ /dev/null
@@ -1,119 +0,0 @@
-# Dockerfiles for Windows Integration Tests
-
-## Index
-
-- [About](#about-this-file)
-- [Consul Windows](#consul-windows)
-- [Consul Windows Local](#consul-windows-local)
-- [Consul Windows Dev](#consul-windows-dev)
-- [Dockerfile-openzipkin-windows](#dockerfile-openzipkin-windows)
-
-## About this File
-
-In this file you will find which Docker images that need to be pre-built to run the Envoy integration tests on Windows, as well as information on how to run each of these files individually for testing purposes.
-
-## Consul Windows
-
-The Windows/Consul:_{VERSION}_ image is built from the "Dockerfile-windows" file located at the root of the project.
-To do this, the official [windows/servercore image](https://hub.docker.com/_/microsoft-windows-servercore) is used as base image.
-To build the image, use the following command:
-
-```shell
-docker build -t windows/consul -f Dockerfile-windows . --build-arg VERSION=${VERSION}
-```
-
-You can test the built file by running the following command:
-
-```shell
-docker run --rm -p 8300:8300 -p 8301:8301 -p 8302:8302 -p 8500:8500 -p 8600:8600 --name consul --hostname "consul-primary-server" --network-alias "consul-primary-server" windows/consul agent -dev -datacenter "primary" -grpc-port -1 -client "0.0.0.0" -bind "0.0.0.0"
-```
-
-If everything works properly you should openning the browser and check the Consul UI running on: `http://localhost:8500`
-
-## Consul Windows Local
-
-The Windows/Consul:_{VERSION}_-local custom image deployed in the "Dockerfile-consul-local-windows" DockerFile is built from the selected by the shell script _build-consul-local-images.sh_.
-When executing it, all the tools required to run the Windows Connect Envoy Integration Tests will be added to the image.
-It is necessary that the _"windows/consul"_ image has been built first. This script also takes care of that.  
-
-To build this image you need to run the following command on your terminal:
-
-```shell
-./build-consul-local-images.sh
-```
-
-> [!NOTE]
-> Shell script execution may vary depending on your terminal, we recommend using **Git Bash** for Windows.  
-
-```shell
-docker run --rm -p 8300:8300 -p 8301:8301 -p 8302:8302 -p 8500:8500 -p 8600:8600 --name consul-local --hostname "consul-primary-server" --network-alias "consul-primary-server" windows/consul:_{VERSION}_-local agent -dev -datacenter "primary" -grpc-port -1 -client "0.0.0.0" -bind "0.0.0.0"
-```
-
-If everything works properly you can use your browser and check the Consul UI running on: `http://localhost:8500`
-
-## Consul Windows Dev
-
-The Windows/Consul:_{VERSION}_-dev custom image deployed in the "Dockerfile-consul-dev-windows" DockerFile is generated by the shell script named _build-consul-dev-image.sh_.
-When executing it, the compilation of Consul is carried out and it is saved in the _"dist"_ directory, this file is then copied to the _"windows/consul:_{VERSION}_-dev"_ image.
-It is necessary that the _"windows/consul_{VERSION}_-local"_ image has been built first.
-
-To build this image you need to run the following command on your terminal:
-
-```shell
-./build-consul-dev-image.sh
-```
-
-> [!NOTE]
-> Shell script execution may vary depending on your terminal, we recommend using **Git Bash** for Windows.  
-
-You can test the built file by running the following command:
-
-```shell
-docker run --rm -p 8300:8300 -p 8301:8301 -p 8302:8302 -p 8500:8500 -p 8600:8600 --name consul-local --hostname "consul-primary-server" --network-alias "consul-primary-server" windows/consul:_{VERSION}_-dev agent -dev -datacenter "primary" -grpc-port -1 -client "0.0.0.0" -bind "0.0.0.0"
-```
-
-If everything works properly you can use your browser and check the Consul UI running on: `http://localhost:8500`
-
-## Dockerfile-openzipkin-windows
-
-Due to the unavailability of an official Openzipkin Docker image for Windows, the [openjdk Windows image](https://hub.docker.com/layers/openjdk/library/openjdk/jdk-windowsservercore-1809/images/sha256-b0cc238d2ec5fb58109a0006ff9e1bcaf66a5301f49bcb8dece9599ac5be6331) was used, where the latest self-contained executable Openzipkin .jar file is downloaded.
-
-To build this image you need to run the following command on your terminal:
-
-```shell
-docker build -t openzipkin -f Dockerfile-openzipkin-windows .
-```
-
-You can test the built file by running the following command:
-
-```shell
-docker run --rm --name openzipkin
-```
-
-If everything works as it should, you will see the zipkin logo being displayed, along with the current version and port configuration:
-
-```shell
-:: version 2.23.18 :: commit 4b71677 ::
-
-20XX-XX-XX XX:XX:XX.XXX  INFO [/] 1252 --- [oss-http-*:9411] c.l.a.s.Server                           : Serving HTTP at /[0:0:0:0:0:0:0:0]:9411 - http://127.0.0.1:9411/
-```
-
-# Testing
-
-During development, it may be more convenient to check your work-in-progress by running only the tests which you expect to be affected by your changes, as the full test suite can take several minutes to execute. [Go's built-in test tool](https://golang.org/pkg/cmd/go/internal/test/) allows specifying a list of packages to test and the `-run` option to only include test names matching a regular expression.
-The `go test -short` flag can also be used to skip slower tests.
-
-Examples (run from the repository root):
-
-- `go test -v ./connect` will run all tests in the connect package (see `./connect` folder)
-- `go test -v -run TestRetryJoin ./command/agent` will run all tests in the agent package (see `./command/agent` folder) with name substring `TestRetryJoin`
-
-When a pull request is opened CI will run all tests and lint to verify the change.
-
-If you want to run the tests on Windows images you must attach the win=true flag.
-
-Example:
-
-```shell
-go test -v -timeout=30m -tags integration ./test/integration/connect/envoy -run="TestEnvoy/case-badauthz" -win=true
-```
diff --git a/command/acl/acl.go b/command/acl/acl.go
index 745fa78175d5..71ef8c9a0617 100644
--- a/command/acl/acl.go
+++ b/command/acl/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/command/acl/acl_helpers.go b/command/acl/acl_helpers.go
index 3459228c61ed..b0e65d224c75 100644
--- a/command/acl/acl_helpers.go
+++ b/command/acl/acl_helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/command/acl/acl_test.go b/command/acl/acl_test.go
index c2a46f18b042..2095795ff00b 100644
--- a/command/acl/acl_test.go
+++ b/command/acl/acl_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package acl
 
diff --git a/command/acl/agenttokens/agent_tokens.go b/command/acl/agenttokens/agent_tokens.go
index f4e0c496acf6..4e4a359ace77 100644
--- a/command/acl/agenttokens/agent_tokens.go
+++ b/command/acl/agenttokens/agent_tokens.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agenttokens
 
diff --git a/command/acl/agenttokens/agent_tokens_test.go b/command/acl/agenttokens/agent_tokens_test.go
index 84f7fa335801..d735b66d83a3 100644
--- a/command/acl/agenttokens/agent_tokens_test.go
+++ b/command/acl/agenttokens/agent_tokens_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agenttokens
 
diff --git a/command/acl/authmethod/authmethod.go b/command/acl/authmethod/authmethod.go
index 18b9e58c2633..897498024c84 100644
--- a/command/acl/authmethod/authmethod.go
+++ b/command/acl/authmethod/authmethod.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethod
 
diff --git a/command/acl/authmethod/create/authmethod_create.go b/command/acl/authmethod/create/authmethod_create.go
index 17f328d2b8be..912a647d4115 100644
--- a/command/acl/authmethod/create/authmethod_create.go
+++ b/command/acl/authmethod/create/authmethod_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethodcreate
 
diff --git a/command/acl/authmethod/create/authmethod_create_ce.go b/command/acl/authmethod/create/authmethod_create_ce.go
index 5c6ad2468393..ff2d488897ed 100644
--- a/command/acl/authmethod/create/authmethod_create_ce.go
+++ b/command/acl/authmethod/create/authmethod_create_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/acl/authmethod/create/authmethod_create_test.go b/command/acl/authmethod/create/authmethod_create_test.go
index b9392544929a..b0d6a8cfe181 100644
--- a/command/acl/authmethod/create/authmethod_create_test.go
+++ b/command/acl/authmethod/create/authmethod_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethodcreate
 
diff --git a/command/acl/authmethod/delete/authmethod_delete.go b/command/acl/authmethod/delete/authmethod_delete.go
index e3ccd0efdd01..44548a598374 100644
--- a/command/acl/authmethod/delete/authmethod_delete.go
+++ b/command/acl/authmethod/delete/authmethod_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethoddelete
 
diff --git a/command/acl/authmethod/delete/authmethod_delete_test.go b/command/acl/authmethod/delete/authmethod_delete_test.go
index fc513fde7ebd..45bd3ac561cd 100644
--- a/command/acl/authmethod/delete/authmethod_delete_test.go
+++ b/command/acl/authmethod/delete/authmethod_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethoddelete
 
diff --git a/command/acl/authmethod/formatter.go b/command/acl/authmethod/formatter.go
index 6a22443d58dd..3204af910b71 100644
--- a/command/acl/authmethod/formatter.go
+++ b/command/acl/authmethod/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethod
 
diff --git a/command/acl/authmethod/list/authmethod_list.go b/command/acl/authmethod/list/authmethod_list.go
index cae9916c12b2..1bcf24b75a63 100644
--- a/command/acl/authmethod/list/authmethod_list.go
+++ b/command/acl/authmethod/list/authmethod_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethodlist
 
diff --git a/command/acl/authmethod/list/authmethod_list_test.go b/command/acl/authmethod/list/authmethod_list_test.go
index cd1aa2ac767b..9064b252cd44 100644
--- a/command/acl/authmethod/list/authmethod_list_test.go
+++ b/command/acl/authmethod/list/authmethod_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethodlist
 
diff --git a/command/acl/authmethod/read/authmethod_read.go b/command/acl/authmethod/read/authmethod_read.go
index 72d3a6f18163..b7860ca0660d 100644
--- a/command/acl/authmethod/read/authmethod_read.go
+++ b/command/acl/authmethod/read/authmethod_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethodread
 
diff --git a/command/acl/authmethod/read/authmethod_read_test.go b/command/acl/authmethod/read/authmethod_read_test.go
index 20a18c76dfda..a24c1d2e55f2 100644
--- a/command/acl/authmethod/read/authmethod_read_test.go
+++ b/command/acl/authmethod/read/authmethod_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethodread
 
diff --git a/command/acl/authmethod/update/authmethod_update.go b/command/acl/authmethod/update/authmethod_update.go
index 1c5422e88dea..2798e6e6da8f 100644
--- a/command/acl/authmethod/update/authmethod_update.go
+++ b/command/acl/authmethod/update/authmethod_update.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethodupdate
 
diff --git a/command/acl/authmethod/update/authmethod_update_ce.go b/command/acl/authmethod/update/authmethod_update_ce.go
index d2c10d45869e..c1ea32042473 100644
--- a/command/acl/authmethod/update/authmethod_update_ce.go
+++ b/command/acl/authmethod/update/authmethod_update_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/acl/authmethod/update/authmethod_update_test.go b/command/acl/authmethod/update/authmethod_update_test.go
index 87ddf2f2c0bc..e85f270cdf69 100644
--- a/command/acl/authmethod/update/authmethod_update_test.go
+++ b/command/acl/authmethod/update/authmethod_update_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package authmethodupdate
 
diff --git a/command/acl/bindingrule/bindingrule.go b/command/acl/bindingrule/bindingrule.go
index 8d23e3ee37fa..782041e1ac67 100644
--- a/command/acl/bindingrule/bindingrule.go
+++ b/command/acl/bindingrule/bindingrule.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingrule
 
diff --git a/command/acl/bindingrule/create/bindingrule_create.go b/command/acl/bindingrule/create/bindingrule_create.go
index cdedbb744dbf..d5253c456e79 100644
--- a/command/acl/bindingrule/create/bindingrule_create.go
+++ b/command/acl/bindingrule/create/bindingrule_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingrulecreate
 
diff --git a/command/acl/bindingrule/create/bindingrule_create_test.go b/command/acl/bindingrule/create/bindingrule_create_test.go
index 2985c41abf46..43189f784c12 100644
--- a/command/acl/bindingrule/create/bindingrule_create_test.go
+++ b/command/acl/bindingrule/create/bindingrule_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingrulecreate
 
diff --git a/command/acl/bindingrule/delete/bindingrule_delete.go b/command/acl/bindingrule/delete/bindingrule_delete.go
index 3fc02d788b4b..ffb22fc73d35 100644
--- a/command/acl/bindingrule/delete/bindingrule_delete.go
+++ b/command/acl/bindingrule/delete/bindingrule_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingruledelete
 
diff --git a/command/acl/bindingrule/delete/bindingrule_delete_test.go b/command/acl/bindingrule/delete/bindingrule_delete_test.go
index 9655fbb101a4..abd10f8add5d 100644
--- a/command/acl/bindingrule/delete/bindingrule_delete_test.go
+++ b/command/acl/bindingrule/delete/bindingrule_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingruledelete
 
diff --git a/command/acl/bindingrule/formatter.go b/command/acl/bindingrule/formatter.go
index 6d96f4b71b4e..1fb1feeafcc1 100644
--- a/command/acl/bindingrule/formatter.go
+++ b/command/acl/bindingrule/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingrule
 
diff --git a/command/acl/bindingrule/list/bindingrule_list.go b/command/acl/bindingrule/list/bindingrule_list.go
index 15f395afdf2f..2f6529af5d08 100644
--- a/command/acl/bindingrule/list/bindingrule_list.go
+++ b/command/acl/bindingrule/list/bindingrule_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingrulelist
 
diff --git a/command/acl/bindingrule/list/bindingrule_list_test.go b/command/acl/bindingrule/list/bindingrule_list_test.go
index 22035341e424..bbb1188f8a0f 100644
--- a/command/acl/bindingrule/list/bindingrule_list_test.go
+++ b/command/acl/bindingrule/list/bindingrule_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingrulelist
 
diff --git a/command/acl/bindingrule/read/bindingrule_read.go b/command/acl/bindingrule/read/bindingrule_read.go
index 0ff55bd4ac2b..25858d64851f 100644
--- a/command/acl/bindingrule/read/bindingrule_read.go
+++ b/command/acl/bindingrule/read/bindingrule_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingruleread
 
diff --git a/command/acl/bindingrule/read/bindingrule_read_test.go b/command/acl/bindingrule/read/bindingrule_read_test.go
index 4a324edf2317..9e1615e003b9 100644
--- a/command/acl/bindingrule/read/bindingrule_read_test.go
+++ b/command/acl/bindingrule/read/bindingrule_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingruleread
 
diff --git a/command/acl/bindingrule/update/bindingrule_update.go b/command/acl/bindingrule/update/bindingrule_update.go
index 071e2bdc01b2..59998059f476 100644
--- a/command/acl/bindingrule/update/bindingrule_update.go
+++ b/command/acl/bindingrule/update/bindingrule_update.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingruleupdate
 
diff --git a/command/acl/bindingrule/update/bindingrule_update_test.go b/command/acl/bindingrule/update/bindingrule_update_test.go
index 6124e9df2dc8..2f7437edcd33 100644
--- a/command/acl/bindingrule/update/bindingrule_update_test.go
+++ b/command/acl/bindingrule/update/bindingrule_update_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bindingruleupdate
 
diff --git a/command/acl/bootstrap/bootstrap.go b/command/acl/bootstrap/bootstrap.go
index 2a2bfd3716d3..2f608bbdab34 100644
--- a/command/acl/bootstrap/bootstrap.go
+++ b/command/acl/bootstrap/bootstrap.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bootstrap
 
diff --git a/command/acl/bootstrap/bootstrap_test.go b/command/acl/bootstrap/bootstrap_test.go
index e9a0e8cebee2..ef5fcf41dc7a 100644
--- a/command/acl/bootstrap/bootstrap_test.go
+++ b/command/acl/bootstrap/bootstrap_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package bootstrap
 
diff --git a/command/acl/policy/create/policy_create.go b/command/acl/policy/create/policy_create.go
index 03d836ee4ad8..131d096b1cf2 100644
--- a/command/acl/policy/create/policy_create.go
+++ b/command/acl/policy/create/policy_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policycreate
 
diff --git a/command/acl/policy/create/policy_create_test.go b/command/acl/policy/create/policy_create_test.go
index 953dd978ed96..94ef7ac95f53 100644
--- a/command/acl/policy/create/policy_create_test.go
+++ b/command/acl/policy/create/policy_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policycreate
 
diff --git a/command/acl/policy/delete/policy_delete.go b/command/acl/policy/delete/policy_delete.go
index 63c02a47ddd2..eb1fbfc83bcc 100644
--- a/command/acl/policy/delete/policy_delete.go
+++ b/command/acl/policy/delete/policy_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policydelete
 
diff --git a/command/acl/policy/delete/policy_delete_test.go b/command/acl/policy/delete/policy_delete_test.go
index 33f121db981f..4e0b8ffbf627 100644
--- a/command/acl/policy/delete/policy_delete_test.go
+++ b/command/acl/policy/delete/policy_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policydelete
 
diff --git a/command/acl/policy/formatter.go b/command/acl/policy/formatter.go
index dce79c390716..1e7897641207 100644
--- a/command/acl/policy/formatter.go
+++ b/command/acl/policy/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policy
 
diff --git a/command/acl/policy/list/policy_list.go b/command/acl/policy/list/policy_list.go
index 44be10d6843d..d88f57595030 100644
--- a/command/acl/policy/list/policy_list.go
+++ b/command/acl/policy/list/policy_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policylist
 
diff --git a/command/acl/policy/list/policy_list_test.go b/command/acl/policy/list/policy_list_test.go
index b0cc05b2a5cf..d9df5cc879a5 100644
--- a/command/acl/policy/list/policy_list_test.go
+++ b/command/acl/policy/list/policy_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policylist
 
diff --git a/command/acl/policy/policy.go b/command/acl/policy/policy.go
index 565c67270646..7a7b80cba8ff 100644
--- a/command/acl/policy/policy.go
+++ b/command/acl/policy/policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policy
 
diff --git a/command/acl/policy/read/policy_read.go b/command/acl/policy/read/policy_read.go
index 36f1e6534079..e1b6b923df09 100644
--- a/command/acl/policy/read/policy_read.go
+++ b/command/acl/policy/read/policy_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policyread
 
diff --git a/command/acl/policy/read/policy_read_test.go b/command/acl/policy/read/policy_read_test.go
index 70036457cebb..08fe5d1ce96c 100644
--- a/command/acl/policy/read/policy_read_test.go
+++ b/command/acl/policy/read/policy_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policyread
 
diff --git a/command/acl/policy/update/policy_update.go b/command/acl/policy/update/policy_update.go
index 60b634073613..ec0577ebb9a2 100644
--- a/command/acl/policy/update/policy_update.go
+++ b/command/acl/policy/update/policy_update.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policyupdate
 
diff --git a/command/acl/policy/update/policy_update_test.go b/command/acl/policy/update/policy_update_test.go
index 4d77191d6433..22fa8b4c89aa 100644
--- a/command/acl/policy/update/policy_update_test.go
+++ b/command/acl/policy/update/policy_update_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package policyupdate
 
diff --git a/command/acl/role/create/role_create.go b/command/acl/role/create/role_create.go
index b951367b2c5a..588b3a0cb659 100644
--- a/command/acl/role/create/role_create.go
+++ b/command/acl/role/create/role_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package rolecreate
 
diff --git a/command/acl/role/create/role_create_test.go b/command/acl/role/create/role_create_test.go
index 7094a76e6cc7..40f15433a7bf 100644
--- a/command/acl/role/create/role_create_test.go
+++ b/command/acl/role/create/role_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package rolecreate
 
diff --git a/command/acl/role/delete/role_delete.go b/command/acl/role/delete/role_delete.go
index aaac306f01b2..21dc7c0d1b45 100644
--- a/command/acl/role/delete/role_delete.go
+++ b/command/acl/role/delete/role_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package roledelete
 
diff --git a/command/acl/role/delete/role_delete_test.go b/command/acl/role/delete/role_delete_test.go
index 61897ca24557..8a38cf2cfc3b 100644
--- a/command/acl/role/delete/role_delete_test.go
+++ b/command/acl/role/delete/role_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package roledelete
 
diff --git a/command/acl/role/formatter.go b/command/acl/role/formatter.go
index 0dba147fab0a..5df6085e46ac 100644
--- a/command/acl/role/formatter.go
+++ b/command/acl/role/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package role
 
diff --git a/command/acl/role/formatter_test.go b/command/acl/role/formatter_test.go
index ac6be59b42e7..cd1ba90fe9a1 100644
--- a/command/acl/role/formatter_test.go
+++ b/command/acl/role/formatter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package role
 
diff --git a/command/acl/role/list/role_list.go b/command/acl/role/list/role_list.go
index 558419e07067..3582f9da63c2 100644
--- a/command/acl/role/list/role_list.go
+++ b/command/acl/role/list/role_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package rolelist
 
diff --git a/command/acl/role/list/role_list_test.go b/command/acl/role/list/role_list_test.go
index 0a94d11a109d..651ab120278c 100644
--- a/command/acl/role/list/role_list_test.go
+++ b/command/acl/role/list/role_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package rolelist
 
diff --git a/command/acl/role/read/role_read.go b/command/acl/role/read/role_read.go
index 027aaa80019f..d6d06997ad13 100644
--- a/command/acl/role/read/role_read.go
+++ b/command/acl/role/read/role_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package roleread
 
diff --git a/command/acl/role/read/role_read_test.go b/command/acl/role/read/role_read_test.go
index bef1fab26016..c7be4cb4c037 100644
--- a/command/acl/role/read/role_read_test.go
+++ b/command/acl/role/read/role_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package roleread
 
diff --git a/command/acl/role/role.go b/command/acl/role/role.go
index c1da51d86401..2ea085f76331 100644
--- a/command/acl/role/role.go
+++ b/command/acl/role/role.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package role
 
diff --git a/command/acl/role/update/role_update.go b/command/acl/role/update/role_update.go
index 731bfb1726d8..c42ab7ce9e61 100644
--- a/command/acl/role/update/role_update.go
+++ b/command/acl/role/update/role_update.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package roleupdate
 
diff --git a/command/acl/role/update/role_update_test.go b/command/acl/role/update/role_update_test.go
index 07c4cb2d2da4..18d611099688 100644
--- a/command/acl/role/update/role_update_test.go
+++ b/command/acl/role/update/role_update_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package roleupdate
 
diff --git a/command/acl/token/clone/token_clone.go b/command/acl/token/clone/token_clone.go
index 127fca78762c..0f4ed2473a97 100644
--- a/command/acl/token/clone/token_clone.go
+++ b/command/acl/token/clone/token_clone.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokenclone
 
diff --git a/command/acl/token/clone/token_clone_test.go b/command/acl/token/clone/token_clone_test.go
index 7181ac0caec7..0142db743795 100644
--- a/command/acl/token/clone/token_clone_test.go
+++ b/command/acl/token/clone/token_clone_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokenclone
 
diff --git a/command/acl/token/create/token_create.go b/command/acl/token/create/token_create.go
index 25c00df60588..4f33562908e8 100644
--- a/command/acl/token/create/token_create.go
+++ b/command/acl/token/create/token_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokencreate
 
diff --git a/command/acl/token/create/token_create_test.go b/command/acl/token/create/token_create_test.go
index b92c64b0d154..747d9415171d 100644
--- a/command/acl/token/create/token_create_test.go
+++ b/command/acl/token/create/token_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokencreate
 
diff --git a/command/acl/token/delete/token_delete.go b/command/acl/token/delete/token_delete.go
index aa9f79903bb7..378c39911536 100644
--- a/command/acl/token/delete/token_delete.go
+++ b/command/acl/token/delete/token_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokendelete
 
diff --git a/command/acl/token/delete/token_delete_test.go b/command/acl/token/delete/token_delete_test.go
index 29c1fe292d60..988e4afe24dc 100644
--- a/command/acl/token/delete/token_delete_test.go
+++ b/command/acl/token/delete/token_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokendelete
 
diff --git a/command/acl/token/formatter.go b/command/acl/token/formatter.go
index 6dec483aad61..dbe1a939fcec 100644
--- a/command/acl/token/formatter.go
+++ b/command/acl/token/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package token
 
diff --git a/command/acl/token/formatter_ce_test.go b/command/acl/token/formatter_ce_test.go
index 128b05b58a1b..9faa6f4b736b 100644
--- a/command/acl/token/formatter_ce_test.go
+++ b/command/acl/token/formatter_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/acl/token/formatter_test.go b/command/acl/token/formatter_test.go
index ba4c04981d78..2a5e5414d754 100644
--- a/command/acl/token/formatter_test.go
+++ b/command/acl/token/formatter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package token
 
diff --git a/command/acl/token/list/token_list.go b/command/acl/token/list/token_list.go
index 7f500426f336..4d7177dddf64 100644
--- a/command/acl/token/list/token_list.go
+++ b/command/acl/token/list/token_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokenlist
 
diff --git a/command/acl/token/list/token_list_test.go b/command/acl/token/list/token_list_test.go
index c8586bde6b80..0a4441c47a56 100644
--- a/command/acl/token/list/token_list_test.go
+++ b/command/acl/token/list/token_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokenlist
 
diff --git a/command/acl/token/read/token_read.go b/command/acl/token/read/token_read.go
index 23496135bf72..c5798a8b9b31 100644
--- a/command/acl/token/read/token_read.go
+++ b/command/acl/token/read/token_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokenread
 
diff --git a/command/acl/token/read/token_read_test.go b/command/acl/token/read/token_read_test.go
index 69df72e72917..ea2317b79fd6 100644
--- a/command/acl/token/read/token_read_test.go
+++ b/command/acl/token/read/token_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokenread
 
diff --git a/command/acl/token/token.go b/command/acl/token/token.go
index db3771926ccc..e8bb0cd420b6 100644
--- a/command/acl/token/token.go
+++ b/command/acl/token/token.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package token
 
diff --git a/command/acl/token/update/token_update.go b/command/acl/token/update/token_update.go
index 9d636ba215df..915c358d48ad 100644
--- a/command/acl/token/update/token_update.go
+++ b/command/acl/token/update/token_update.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokenupdate
 
diff --git a/command/acl/token/update/token_update_test.go b/command/acl/token/update/token_update_test.go
index 019b8554a592..b96d95d466e8 100644
--- a/command/acl/token/update/token_update_test.go
+++ b/command/acl/token/update/token_update_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tokenupdate
 
diff --git a/command/agent/agent.go b/command/agent/agent.go
index 84515f2c94bd..c241fa2b7bc8 100644
--- a/command/agent/agent.go
+++ b/command/agent/agent.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/command/agent/agent_test.go b/command/agent/agent_test.go
index 3fa5d1e1a31a..a197c6ed4479 100644
--- a/command/agent/agent_test.go
+++ b/command/agent/agent_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/command/agent/startup_logger.go b/command/agent/startup_logger.go
index f324ac6c55c8..baa016a2a7b0 100644
--- a/command/agent/startup_logger.go
+++ b/command/agent/startup_logger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package agent
 
diff --git a/command/catalog/catalog.go b/command/catalog/catalog.go
index f68551206007..dbc229eb3522 100644
--- a/command/catalog/catalog.go
+++ b/command/catalog/catalog.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package catalog
 
diff --git a/command/catalog/catalog_test.go b/command/catalog/catalog_test.go
index 308da9452edf..5ff5ac40e2e3 100644
--- a/command/catalog/catalog_test.go
+++ b/command/catalog/catalog_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package catalog
 
diff --git a/command/catalog/helpers.go b/command/catalog/helpers.go
index f457d8f792ab..1d9ad1964d3d 100644
--- a/command/catalog/helpers.go
+++ b/command/catalog/helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package catalog
 
diff --git a/command/catalog/helpers_ce.go b/command/catalog/helpers_ce.go
index 51e04218872f..5f60fd9b1312 100644
--- a/command/catalog/helpers_ce.go
+++ b/command/catalog/helpers_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/catalog/list/dc/catalog_list_datacenters.go b/command/catalog/list/dc/catalog_list_datacenters.go
index c7531c916434..7df18e7a8b70 100644
--- a/command/catalog/list/dc/catalog_list_datacenters.go
+++ b/command/catalog/list/dc/catalog_list_datacenters.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dc
 
diff --git a/command/catalog/list/dc/catalog_list_datacenters_test.go b/command/catalog/list/dc/catalog_list_datacenters_test.go
index 68a8a8bc5055..6052db994117 100644
--- a/command/catalog/list/dc/catalog_list_datacenters_test.go
+++ b/command/catalog/list/dc/catalog_list_datacenters_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package dc
 
diff --git a/command/catalog/list/nodes/catalog_list_nodes.go b/command/catalog/list/nodes/catalog_list_nodes.go
index 1d1f3912f225..44760182cd1b 100644
--- a/command/catalog/list/nodes/catalog_list_nodes.go
+++ b/command/catalog/list/nodes/catalog_list_nodes.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package nodes
 
diff --git a/command/catalog/list/nodes/catalog_list_nodes_test.go b/command/catalog/list/nodes/catalog_list_nodes_test.go
index 59db1c666bb6..0bef492b7b77 100644
--- a/command/catalog/list/nodes/catalog_list_nodes_test.go
+++ b/command/catalog/list/nodes/catalog_list_nodes_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package nodes
 
diff --git a/command/catalog/list/services/catalog_list_services.go b/command/catalog/list/services/catalog_list_services.go
index 4bbcce653295..029c8bae94f4 100644
--- a/command/catalog/list/services/catalog_list_services.go
+++ b/command/catalog/list/services/catalog_list_services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package services
 
diff --git a/command/catalog/list/services/catalog_list_services_test.go b/command/catalog/list/services/catalog_list_services_test.go
index 905729410d95..28c7c0652e89 100644
--- a/command/catalog/list/services/catalog_list_services_test.go
+++ b/command/catalog/list/services/catalog_list_services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package services
 
diff --git a/command/cli/cli.go b/command/cli/cli.go
index a0bb5d78ddf7..4afaeb279f66 100644
--- a/command/cli/cli.go
+++ b/command/cli/cli.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cli
 
diff --git a/command/cli/formatting.go b/command/cli/formatting.go
index fec86797b057..11ca247e900b 100644
--- a/command/cli/formatting.go
+++ b/command/cli/formatting.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cli
 
diff --git a/command/config/config.go b/command/config/config.go
index ed54954cbeb9..e5fbe803a8dc 100644
--- a/command/config/config.go
+++ b/command/config/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package config
 
diff --git a/command/config/delete/config_delete.go b/command/config/delete/config_delete.go
index baec168b172a..e9a9f97c7d83 100644
--- a/command/config/delete/config_delete.go
+++ b/command/config/delete/config_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package delete
 
diff --git a/command/config/delete/config_delete_test.go b/command/config/delete/config_delete_test.go
index d7d6d9226054..66b5a47a71a2 100644
--- a/command/config/delete/config_delete_test.go
+++ b/command/config/delete/config_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package delete
 
diff --git a/command/config/list/config_list.go b/command/config/list/config_list.go
index 4dd469590cff..978804a19199 100644
--- a/command/config/list/config_list.go
+++ b/command/config/list/config_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package list
 
diff --git a/command/config/list/config_list_test.go b/command/config/list/config_list_test.go
index 3e528a062fbb..bf188f51bd96 100644
--- a/command/config/list/config_list_test.go
+++ b/command/config/list/config_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package list
 
diff --git a/command/config/read/config_read.go b/command/config/read/config_read.go
index d3e3828817b5..348d89373885 100644
--- a/command/config/read/config_read.go
+++ b/command/config/read/config_read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package read
 
diff --git a/command/config/read/config_read_test.go b/command/config/read/config_read_test.go
index 5fbf37885d0b..074c0ee30d3b 100644
--- a/command/config/read/config_read_test.go
+++ b/command/config/read/config_read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package read
 
diff --git a/command/config/write/config_write.go b/command/config/write/config_write.go
index 4edfbed3bf0c..d6a0c188b8fa 100644
--- a/command/config/write/config_write.go
+++ b/command/config/write/config_write.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package write
 
@@ -7,12 +7,17 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"time"
 
+	"github.com/hashicorp/go-multierror"
 	"github.com/mitchellh/cli"
+	"github.com/mitchellh/mapstructure"
 
+	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/command/config"
 	"github.com/hashicorp/consul/command/flags"
 	"github.com/hashicorp/consul/command/helpers"
+	"github.com/hashicorp/consul/lib/decode"
 )
 
 func New(ui cli.Ui) *cmd {
@@ -104,6 +109,67 @@ func (c *cmd) Run(args []string) int {
 	return 0
 }
 
+// There is a 'structs' variation of this in
+// agent/structs/config_entry.go:DecodeConfigEntry
+func newDecodeConfigEntry(raw map[string]interface{}) (api.ConfigEntry, error) {
+	var entry api.ConfigEntry
+
+	kindVal, ok := raw["Kind"]
+	if !ok {
+		kindVal, ok = raw["kind"]
+	}
+	if !ok {
+		return nil, fmt.Errorf("Payload does not contain a kind/Kind key at the top level")
+	}
+
+	if kindStr, ok := kindVal.(string); ok {
+		newEntry, err := api.MakeConfigEntry(kindStr, "")
+		if err != nil {
+			return nil, err
+		}
+		entry = newEntry
+	} else {
+		return nil, fmt.Errorf("Kind value in payload is not a string")
+	}
+
+	var md mapstructure.Metadata
+	decodeConf := &mapstructure.DecoderConfig{
+		DecodeHook: mapstructure.ComposeDecodeHookFunc(
+			decode.HookWeakDecodeFromSlice,
+			decode.HookTranslateKeys,
+			mapstructure.StringToTimeDurationHookFunc(),
+			mapstructure.StringToTimeHookFunc(time.RFC3339),
+		),
+		Metadata:         &md,
+		Result:           &entry,
+		WeaklyTypedInput: true,
+	}
+
+	decoder, err := mapstructure.NewDecoder(decodeConf)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := decoder.Decode(raw); err != nil {
+		return nil, err
+	}
+
+	for _, k := range md.Unused {
+		switch k {
+		case "kind", "Kind":
+			// The kind field is used to determine the target, but doesn't need
+			// to exist on the target.
+			continue
+		}
+		err = multierror.Append(err, fmt.Errorf("invalid config key %q", k))
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	return entry, nil
+}
+
 func (c *cmd) Synopsis() string {
 	return synopsis
 }
diff --git a/command/config/write/config_write_test.go b/command/config/write/config_write_test.go
index 15e7a4746532..3319084f4f21 100644
--- a/command/config/write/config_write_test.go
+++ b/command/config/write/config_write_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package write
 
diff --git a/command/connect/ca/ca.go b/command/connect/ca/ca.go
index a5edd43dbc2e..f85ae17d6b8a 100644
--- a/command/connect/ca/ca.go
+++ b/command/connect/ca/ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/command/connect/ca/ca_test.go b/command/connect/ca/ca_test.go
index 84ebe2873dd3..eb20f57c220d 100644
--- a/command/connect/ca/ca_test.go
+++ b/command/connect/ca/ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/command/connect/ca/get/connect_ca_get.go b/command/connect/ca/get/connect_ca_get.go
index 40b9b556a4bb..a2a7c6cb8b48 100644
--- a/command/connect/ca/get/connect_ca_get.go
+++ b/command/connect/ca/get/connect_ca_get.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package get
 
diff --git a/command/connect/ca/get/connect_ca_get_test.go b/command/connect/ca/get/connect_ca_get_test.go
index 0e5545152c34..7d628fb2940d 100644
--- a/command/connect/ca/get/connect_ca_get_test.go
+++ b/command/connect/ca/get/connect_ca_get_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package get
 
diff --git a/command/connect/ca/set/connect_ca_set.go b/command/connect/ca/set/connect_ca_set.go
index 2c9af4ec6ea9..ca17f3e2129a 100644
--- a/command/connect/ca/set/connect_ca_set.go
+++ b/command/connect/ca/set/connect_ca_set.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package set
 
diff --git a/command/connect/ca/set/connect_ca_set_test.go b/command/connect/ca/set/connect_ca_set_test.go
index 4193d718f0dd..1928a7dbd43f 100644
--- a/command/connect/ca/set/connect_ca_set_test.go
+++ b/command/connect/ca/set/connect_ca_set_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package set
 
diff --git a/command/connect/connect.go b/command/connect/connect.go
index c92481a723ab..675017291692 100644
--- a/command/connect/connect.go
+++ b/command/connect/connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/command/connect/connect_test.go b/command/connect/connect_test.go
index 3098962dc4ef..452207a96b65 100644
--- a/command/connect/connect_test.go
+++ b/command/connect/connect_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/command/connect/envoy/bootstrap_config.go b/command/connect/envoy/bootstrap_config.go
index 452d3679d6f2..2a0e21c4d25d 100644
--- a/command/connect/envoy/bootstrap_config.go
+++ b/command/connect/envoy/bootstrap_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package envoy
 
diff --git a/command/connect/envoy/bootstrap_config_test.go b/command/connect/envoy/bootstrap_config_test.go
index ef0578634714..86566ed80cae 100644
--- a/command/connect/envoy/bootstrap_config_test.go
+++ b/command/connect/envoy/bootstrap_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package envoy
 
diff --git a/command/connect/envoy/bootstrap_tpl.go b/command/connect/envoy/bootstrap_tpl.go
index 4b4bbc8db77f..26b8e2118b1e 100644
--- a/command/connect/envoy/bootstrap_tpl.go
+++ b/command/connect/envoy/bootstrap_tpl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package envoy
 
@@ -8,7 +8,7 @@ package envoy
 type BootstrapTplArgs struct {
 	GRPC
 
-	// ProxyCluster is the cluster name for the Envoy `node` specification and
+	// ProxyCluster is the cluster name for the the Envoy `node` specification and
 	// is typically the same as the ProxyID.
 	ProxyCluster string
 
diff --git a/command/connect/envoy/envoy.go b/command/connect/envoy/envoy.go
index 3489f1017a65..256f6fc33c1a 100644
--- a/command/connect/envoy/envoy.go
+++ b/command/connect/envoy/envoy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package envoy
 
@@ -38,7 +38,7 @@ func New(ui cli.Ui) *cmd {
 	return c
 }
 
-const DefaultAdminAccessLogPath = os.DevNull
+const DefaultAdminAccessLogPath = "/dev/null"
 
 type cmd struct {
 	UI     cli.Ui
diff --git a/command/connect/envoy/envoy_ce_test.go b/command/connect/envoy/envoy_ce_test.go
index 9e97516cf5d2..89e3fd303efe 100644
--- a/command/connect/envoy/envoy_ce_test.go
+++ b/command/connect/envoy/envoy_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/connect/envoy/envoy_test.go b/command/connect/envoy/envoy_test.go
index 0e61eea1865a..517108e0330c 100644
--- a/command/connect/envoy/envoy_test.go
+++ b/command/connect/envoy/envoy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package envoy
 
diff --git a/command/connect/envoy/exec.go b/command/connect/envoy/exec.go
index 71f903c10643..ffece038f71b 100644
--- a/command/connect/envoy/exec.go
+++ b/command/connect/envoy/exec.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package envoy
 
diff --git a/command/connect/envoy/exec_supported.go b/command/connect/envoy/exec_supported.go
deleted file mode 100644
index d61cbc850781..000000000000
--- a/command/connect/envoy/exec_supported.go
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build linux || darwin || windows
-// +build linux darwin windows
-
-package envoy
-
-import (
-	"fmt"
-	"os"
-	"strings"
-)
-
-func isHotRestartOption(s string) bool {
-	restartOpts := []string{
-		"--restart-epoch",
-		"--hot-restart-version",
-		"--drain-time-s",
-		"--parent-shutdown-time-s",
-	}
-	for _, opt := range restartOpts {
-		if s == opt {
-			return true
-		}
-		if strings.HasPrefix(s, opt+"=") {
-			return true
-		}
-	}
-	return false
-}
-
-func hasHotRestartOption(argSets ...[]string) bool {
-	for _, args := range argSets {
-		for _, opt := range args {
-			if isHotRestartOption(opt) {
-				return true
-			}
-		}
-	}
-	return false
-}
-
-// execArgs returns the command and args used to execute a binary. By default it
-// will return a command of os.Executable with the args unmodified. This is a shim
-// for testing, and can be overridden to execute using 'go run' instead.
-var execArgs = func(args ...string) (string, []string, error) {
-	execPath, err := os.Executable()
-	if err != nil {
-		return "", nil, err
-	}
-
-	if strings.HasSuffix(execPath, "/envoy.test") {
-		return "", nil, fmt.Errorf("set execArgs to use 'go run' instead of doing a self-exec")
-	}
-
-	return execPath, args, nil
-}
diff --git a/command/connect/envoy/exec_test.go b/command/connect/envoy/exec_test.go
index 0dbab3c6a035..3ffc89e2f24d 100644
--- a/command/connect/envoy/exec_test.go
+++ b/command/connect/envoy/exec_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build linux || darwin
 // +build linux darwin
diff --git a/command/connect/envoy/exec_unix.go b/command/connect/envoy/exec_unix.go
index 49d340483c5a..d3eb0765a9f9 100644
--- a/command/connect/envoy/exec_unix.go
+++ b/command/connect/envoy/exec_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build linux || darwin
 // +build linux darwin
@@ -12,12 +12,63 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strings"
 	"syscall"
 	"time"
 
 	"golang.org/x/sys/unix"
 )
 
+// testSelfExecOverride is a way for the tests to no fork-bomb themselves by
+// self-executing the whole test suite for each case recursively. It's gross but
+// the least gross option I could think of.
+var testSelfExecOverride string
+
+func isHotRestartOption(s string) bool {
+	restartOpts := []string{
+		"--restart-epoch",
+		"--hot-restart-version",
+		"--drain-time-s",
+		"--parent-shutdown-time-s",
+	}
+	for _, opt := range restartOpts {
+		if s == opt {
+			return true
+		}
+		if strings.HasPrefix(s, opt+"=") {
+			return true
+		}
+	}
+	return false
+}
+
+func hasHotRestartOption(argSets ...[]string) bool {
+	for _, args := range argSets {
+		for _, opt := range args {
+			if isHotRestartOption(opt) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+// execArgs returns the command and args used to execute a binary. By default it
+// will return a command of os.Executable with the args unmodified. This is a shim
+// for testing, and can be overridden to execute using 'go run' instead.
+var execArgs = func(args ...string) (string, []string, error) {
+	execPath, err := os.Executable()
+	if err != nil {
+		return "", nil, err
+	}
+
+	if strings.HasSuffix(execPath, "/envoy.test") {
+		return "", nil, fmt.Errorf("set execArgs to use 'go run' instead of doing a self-exec")
+	}
+
+	return execPath, args, nil
+}
+
 func makeBootstrapPipe(bootstrapJSON []byte) (string, error) {
 	pipeFile := filepath.Join(os.TempDir(),
 		fmt.Sprintf("envoy-%x-bootstrap.json", time.Now().UnixNano()+int64(os.Getpid())))
diff --git a/command/connect/envoy/exec_unsupported.go b/command/connect/envoy/exec_unsupported.go
index 87f45ec7afb8..c9686098983e 100644
--- a/command/connect/envoy/exec_unsupported.go
+++ b/command/connect/envoy/exec_unsupported.go
@@ -1,8 +1,8 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
-//go:build !linux && !darwin && !windows
-// +build !linux,!darwin,!windows
+//go:build !linux && !darwin
+// +build !linux,!darwin
 
 package envoy
 
diff --git a/command/connect/envoy/exec_windows.go b/command/connect/envoy/exec_windows.go
deleted file mode 100644
index cf262214ead2..000000000000
--- a/command/connect/envoy/exec_windows.go
+++ /dev/null
@@ -1,112 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-//go:build windows && !fips
-// +build windows,!fips
-
-package envoy
-
-import (
-	"errors"
-	"fmt"
-	"github.com/natefinch/npipe"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"time"
-)
-
-func makeBootstrapPipe(bootstrapJSON []byte) (string, error) {
-	pipeFile := filepath.Join(os.TempDir(),
-		fmt.Sprintf("envoy-%x-bootstrap.json", time.Now().UnixNano()+int64(os.Getpid())))
-
-	binary, args, err := execArgs("connect", "envoy", "pipe-bootstrap", pipeFile)
-	if err != nil {
-		return pipeFile, err
-	}
-
-	// Dial the named pipe
-	pipeConn, err := npipe.Dial(pipeFile)
-	if err != nil {
-		return pipeFile, err
-	}
-	defer pipeConn.Close()
-
-	// Start the command to connect to the named pipe
-	cmd := exec.Command(binary, args...)
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-	cmd.Stdin = pipeConn
-
-	// Start the command
-	err = cmd.Start()
-	if err != nil {
-		return pipeFile, err
-	}
-
-	// Write the config
-	n, err := pipeConn.Write(bootstrapJSON)
-	if err != nil {
-		return pipeFile, err
-	}
-
-	if n < len(bootstrapJSON) {
-		return pipeFile, fmt.Errorf("failed writing boostrap to child STDIN: %s", err)
-	}
-
-	// We can't wait for the process since we need to exec into Envoy before it
-	// will be able to complete so it will be remain as a zombie until Envoy is
-	// killed then will be reaped by the init process (pid 0). This is all a bit
-	// gross but the cleanest workaround I can think of for Envoy 1.10 not
-	// supporting /dev/fd/<fd> config paths any more. So we are done and leaving
-	// the child to run it's course without reaping it.
-	return pipeFile, nil
-}
-
-func startProc(binary string, args []string) (p *os.Process, err error) {
-	if binary, err = exec.LookPath(binary); err == nil {
-		var procAttr os.ProcAttr
-		procAttr.Files = []*os.File{os.Stdin,
-			os.Stdout, os.Stderr}
-		p, err := os.StartProcess(binary, args, &procAttr)
-		if err == nil {
-			return p, nil
-		}
-	}
-	return nil, err
-}
-
-func execEnvoy(binary string, prefixArgs, suffixArgs []string, bootstrapJSON []byte) error {
-	tempFile, err := makeBootstrapPipe(bootstrapJSON)
-	if err != nil {
-		os.RemoveAll(tempFile)
-		return err
-	}
-	// We don't defer a cleanup since we are about to Exec into Envoy which means
-	// defer will never fire. The child process cleans up for us in the happy
-	// path.
-
-	// We default to disabling hot restart because it makes it easier to run
-	// multiple envoys locally for testing without them trying to share memory and
-	// unix sockets and complain about being different IDs. But if user is
-	// actually configuring hot-restart explicitly with the --restart-epoch option
-	// then don't disable it!
-	disableHotRestart := !hasHotRestartOption(prefixArgs, suffixArgs)
-
-	// First argument needs to be the executable name.
-	envoyArgs := []string{}
-	envoyArgs = append(envoyArgs, prefixArgs...)
-	if disableHotRestart {
-		envoyArgs = append(envoyArgs, "--disable-hot-restart")
-	}
-	envoyArgs = append(envoyArgs, suffixArgs...)
-	envoyArgs = append(envoyArgs, "--config-path", tempFile)
-
-	// Exec
-	if proc, err := startProc(binary, envoyArgs); err == nil {
-		proc.Wait()
-	} else if err != nil {
-		return errors.New("Failed to exec envoy: " + err.Error())
-	}
-
-	return nil
-}
diff --git a/command/connect/envoy/exec_windows_arm64.go b/command/connect/envoy/exec_windows_arm64.go
deleted file mode 100644
index b080d7818786..000000000000
--- a/command/connect/envoy/exec_windows_arm64.go
+++ /dev/null
@@ -1,83 +0,0 @@
-//go:build fips
-// +build fips
-
-package envoy
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"time"
-)
-
-func makeBootstrapPipe(bootstrapJSON []byte) (string, error) {
-	tempFile := filepath.Join(os.TempDir(),
-		fmt.Sprintf("envoy-%x-bootstrap.json", time.Now().UnixNano()+int64(os.Getpid())))
-
-	f, err := os.Create(tempFile)
-	if err != nil {
-		return tempFile, err
-	}
-
-	defer f.Close()
-	f.Write(bootstrapJSON)
-	f.Sync()
-	// We can't wait for the process since we need to exec into Envoy before it
-	// will be able to complete so it will be remain as a zombie until Envoy is
-	// killed then will be reaped by the init process (pid 0). This is all a bit
-	// gross but the cleanest workaround I can think of for Envoy 1.10 not
-	// supporting /dev/fd/<fd> config paths any more. So we are done and leaving
-	// the child to run it's course without reaping it.
-	return tempFile, nil
-}
-
-func startProc(binary string, args []string) (p *os.Process, err error) {
-	if binary, err = exec.LookPath(binary); err == nil {
-		var procAttr os.ProcAttr
-		procAttr.Files = []*os.File{os.Stdin,
-			os.Stdout, os.Stderr}
-		p, err := os.StartProcess(binary, args, &procAttr)
-		if err == nil {
-			return p, nil
-		}
-	}
-	return nil, err
-}
-
-func execEnvoy(binary string, prefixArgs, suffixArgs []string, bootstrapJSON []byte) error {
-	tempFile, err := makeBootstrapPipe(bootstrapJSON)
-	if err != nil {
-		os.RemoveAll(tempFile)
-		return err
-	}
-	// We don't defer a cleanup since we are about to Exec into Envoy which means
-	// defer will never fire. The child process cleans up for us in the happy
-	// path.
-
-	// We default to disabling hot restart because it makes it easier to run
-	// multiple envoys locally for testing without them trying to share memory and
-	// unix sockets and complain about being different IDs. But if user is
-	// actually configuring hot-restart explicitly with the --restart-epoch option
-	// then don't disable it!
-	disableHotRestart := !hasHotRestartOption(prefixArgs, suffixArgs)
-
-	// First argument needs to be the executable name.
-	envoyArgs := []string{}
-	envoyArgs = append(envoyArgs, prefixArgs...)
-	if disableHotRestart {
-		envoyArgs = append(envoyArgs, "--disable-hot-restart")
-	}
-	envoyArgs = append(envoyArgs, suffixArgs...)
-	envoyArgs = append(envoyArgs, "--config-path", tempFile)
-
-	// Exec
-	if proc, err := startProc(binary, envoyArgs); err == nil {
-		proc.Wait()
-	} else if err != nil {
-		return errors.New("Failed to exec envoy: " + err.Error())
-	}
-
-	return nil
-}
diff --git a/command/connect/envoy/flags.go b/command/connect/envoy/flags.go
index 4d7994ccd45d..eed9698c72fa 100644
--- a/command/connect/envoy/flags.go
+++ b/command/connect/envoy/flags.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package envoy
 
diff --git a/command/connect/envoy/flags_test.go b/command/connect/envoy/flags_test.go
index 596c0fa1a22f..617f85269125 100644
--- a/command/connect/envoy/flags_test.go
+++ b/command/connect/envoy/flags_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package envoy
 
diff --git a/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go b/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go
index e6dbc33db1eb..48cec90b8145 100644
--- a/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go
+++ b/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pipebootstrap
 
diff --git a/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap_test.go b/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap_test.go
index 4f271b6e7403..8e8b982f61f8 100644
--- a/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap_test.go
+++ b/command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pipebootstrap
 
diff --git a/command/connect/expose/expose.go b/command/connect/expose/expose.go
index 569ab46bab4a..0fe3e3de74a6 100644
--- a/command/connect/expose/expose.go
+++ b/command/connect/expose/expose.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package expose
 
diff --git a/command/connect/expose/expose_test.go b/command/connect/expose/expose_test.go
index 511a495640fb..9db76a765e82 100644
--- a/command/connect/expose/expose_test.go
+++ b/command/connect/expose/expose_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package expose
 
diff --git a/command/connect/proxy/flag_upstreams.go b/command/connect/proxy/flag_upstreams.go
index 47bbb730ae86..21a70c9b3c6b 100644
--- a/command/connect/proxy/flag_upstreams.go
+++ b/command/connect/proxy/flag_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/command/connect/proxy/flag_upstreams_test.go b/command/connect/proxy/flag_upstreams_test.go
index 7e47a9ad7950..42647c98396d 100644
--- a/command/connect/proxy/flag_upstreams_test.go
+++ b/command/connect/proxy/flag_upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/command/connect/proxy/proxy.go b/command/connect/proxy/proxy.go
index 9b352dab5d0c..3585d798abee 100644
--- a/command/connect/proxy/proxy.go
+++ b/command/connect/proxy/proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/command/connect/proxy/proxy_test.go b/command/connect/proxy/proxy_test.go
index f17b04f5f8e8..fc55eadcc9b4 100644
--- a/command/connect/proxy/proxy_test.go
+++ b/command/connect/proxy/proxy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/command/connect/proxy/register.go b/command/connect/proxy/register.go
index 87d6dbb9a2d3..c3051e0f9dd1 100644
--- a/command/connect/proxy/register.go
+++ b/command/connect/proxy/register.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/command/connect/proxy/register_test.go b/command/connect/proxy/register_test.go
index 823b11d23c1b..c1845ac6256e 100644
--- a/command/connect/proxy/register_test.go
+++ b/command/connect/proxy/register_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/command/connect/redirecttraffic/redirect_traffic.go b/command/connect/redirecttraffic/redirect_traffic.go
index 8a597696b7f0..5e92193f0b00 100644
--- a/command/connect/redirecttraffic/redirect_traffic.go
+++ b/command/connect/redirecttraffic/redirect_traffic.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package redirecttraffic
 
diff --git a/command/connect/redirecttraffic/redirect_traffic_test.go b/command/connect/redirecttraffic/redirect_traffic_test.go
index de9b362416c2..209cfcc35d8a 100644
--- a/command/connect/redirecttraffic/redirect_traffic_test.go
+++ b/command/connect/redirecttraffic/redirect_traffic_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package redirecttraffic
 
diff --git a/command/debug/debug.go b/command/debug/debug.go
index 291e0d79e86b..0c3fcca57a83 100644
--- a/command/debug/debug.go
+++ b/command/debug/debug.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package debug
 
diff --git a/command/debug/debug_test.go b/command/debug/debug_test.go
index 1340ed057f8d..e916ee9e7f0d 100644
--- a/command/debug/debug_test.go
+++ b/command/debug/debug_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package debug
 
diff --git a/command/event/event.go b/command/event/event.go
index 73c19b6c5f77..5882b6005f68 100644
--- a/command/event/event.go
+++ b/command/event/event.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package event
 
diff --git a/command/event/event_test.go b/command/event/event_test.go
index 349cb0daa816..b267e8920a75 100644
--- a/command/event/event_test.go
+++ b/command/event/event_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package event
 
diff --git a/command/exec/exec.go b/command/exec/exec.go
index 53026a6f8c87..140cdea300eb 100644
--- a/command/exec/exec.go
+++ b/command/exec/exec.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package exec
 
diff --git a/command/exec/exec_test.go b/command/exec/exec_test.go
index d8335160f28a..74f446d11ca7 100644
--- a/command/exec/exec_test.go
+++ b/command/exec/exec_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package exec
 
diff --git a/command/flags/config.go b/command/flags/config.go
index 39c615554d67..162ffea5a22c 100644
--- a/command/flags/config.go
+++ b/command/flags/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package flags
 
diff --git a/command/flags/config_test.go b/command/flags/config_test.go
index 1a6d69ca4b57..bc718f1dc5b9 100644
--- a/command/flags/config_test.go
+++ b/command/flags/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package flags
 
diff --git a/command/flags/flag_map_value.go b/command/flags/flag_map_value.go
index af5fec436dd5..58afc9f5c365 100644
--- a/command/flags/flag_map_value.go
+++ b/command/flags/flag_map_value.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package flags
 
diff --git a/command/flags/flag_map_value_test.go b/command/flags/flag_map_value_test.go
index d04342a01b34..4177f452afac 100644
--- a/command/flags/flag_map_value_test.go
+++ b/command/flags/flag_map_value_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package flags
 
diff --git a/command/flags/flag_slice_value.go b/command/flags/flag_slice_value.go
index 58428e58ce9c..b965b7654679 100644
--- a/command/flags/flag_slice_value.go
+++ b/command/flags/flag_slice_value.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package flags
 
diff --git a/command/flags/flag_slice_value_test.go b/command/flags/flag_slice_value_test.go
index 24187f3f4183..84421f0f958a 100644
--- a/command/flags/flag_slice_value_test.go
+++ b/command/flags/flag_slice_value_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package flags
 
diff --git a/command/flags/http.go b/command/flags/http.go
index 16157adc8a1b..82e59431ae71 100644
--- a/command/flags/http.go
+++ b/command/flags/http.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package flags
 
diff --git a/command/flags/http_test.go b/command/flags/http_test.go
index f8b48f80cbab..baf4ac231c8d 100644
--- a/command/flags/http_test.go
+++ b/command/flags/http_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package flags
 
diff --git a/command/flags/merge.go b/command/flags/merge.go
index 251698e320fc..c7a475b4b1d5 100644
--- a/command/flags/merge.go
+++ b/command/flags/merge.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package flags
 
diff --git a/command/flags/usage.go b/command/flags/usage.go
index 3583620bd9f6..245cfd67c018 100644
--- a/command/flags/usage.go
+++ b/command/flags/usage.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package flags
 
diff --git a/command/forceleave/forceleave.go b/command/forceleave/forceleave.go
index 2c9e2ceb1def..1b3aac559f17 100644
--- a/command/forceleave/forceleave.go
+++ b/command/forceleave/forceleave.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package forceleave
 
diff --git a/command/forceleave/forceleave_test.go b/command/forceleave/forceleave_test.go
index 05d490777575..c29d2996b812 100644
--- a/command/forceleave/forceleave_test.go
+++ b/command/forceleave/forceleave_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package forceleave
 
diff --git a/command/helpers/decode_shim.go b/command/helpers/decode_shim.go
index d2a73895a57f..20ca1faeaaa8 100644
--- a/command/helpers/decode_shim.go
+++ b/command/helpers/decode_shim.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package helpers
 
diff --git a/command/helpers/helpers.go b/command/helpers/helpers.go
index bc990f76fa02..3720439df387 100644
--- a/command/helpers/helpers.go
+++ b/command/helpers/helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package helpers
 
@@ -8,14 +8,12 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"strings"
 	"time"
 
-	"github.com/mitchellh/mapstructure"
-
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/lib/decode"
 	"github.com/hashicorp/go-multierror"
+	"github.com/mitchellh/mapstructure"
 )
 
 func loadFromFile(path string) (string, error) {
@@ -126,19 +124,13 @@ func newDecodeConfigEntry(raw map[string]interface{}) (api.ConfigEntry, error) {
 	}
 
 	for _, k := range md.Unused {
-		switch {
-		case strings.ToLower(k) == "kind":
+		switch k {
+		case "kind", "Kind":
 			// The kind field is used to determine the target, but doesn't need
 			// to exist on the target.
 			continue
-
-		case strings.HasSuffix(strings.ToLower(k), "namespace"):
-			err = multierror.Append(err, fmt.Errorf("invalid config key %q, namespaces are a consul enterprise feature", k))
-		case strings.Contains(strings.ToLower(k), "jwt"):
-			err = multierror.Append(err, fmt.Errorf("invalid config key %q, api-gateway jwt validation is a consul enterprise feature", k))
-		default:
-			err = multierror.Append(err, fmt.Errorf("invalid config key %q", k))
 		}
+		err = multierror.Append(err, fmt.Errorf("invalid config key %q", k))
 	}
 	if err != nil {
 		return nil, err
diff --git a/command/helpers/helpers_test.go b/command/helpers/helpers_test.go
index 6479386747ba..8d8b2164f7e7 100644
--- a/command/helpers/helpers_test.go
+++ b/command/helpers/helpers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package helpers
 
diff --git a/command/info/info.go b/command/info/info.go
index 5bbad23eabbe..de17a53dd0d5 100644
--- a/command/info/info.go
+++ b/command/info/info.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package info
 
diff --git a/command/info/info_test.go b/command/info/info_test.go
index 0faac3acc660..5e046df8c484 100644
--- a/command/info/info_test.go
+++ b/command/info/info_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package info
 
diff --git a/command/intention/check/check.go b/command/intention/check/check.go
index dce63c75bc06..ed8119170f47 100644
--- a/command/intention/check/check.go
+++ b/command/intention/check/check.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package check
 
diff --git a/command/intention/check/check_test.go b/command/intention/check/check_test.go
index 666d44d80c55..7ecac4a92f53 100644
--- a/command/intention/check/check_test.go
+++ b/command/intention/check/check_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package check
 
diff --git a/command/intention/create/create.go b/command/intention/create/create.go
index df92dfe302a2..c1eab7b0f12c 100644
--- a/command/intention/create/create.go
+++ b/command/intention/create/create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package create
 
diff --git a/command/intention/create/create_test.go b/command/intention/create/create_test.go
index 90250368ef2b..e74c87c2bb67 100644
--- a/command/intention/create/create_test.go
+++ b/command/intention/create/create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package create
 
diff --git a/command/intention/delete/delete.go b/command/intention/delete/delete.go
index a58ee163e687..b63029d91d86 100644
--- a/command/intention/delete/delete.go
+++ b/command/intention/delete/delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package delete
 
diff --git a/command/intention/delete/delete_test.go b/command/intention/delete/delete_test.go
index 51e59c8b52db..dedcf8ff2e7d 100644
--- a/command/intention/delete/delete_test.go
+++ b/command/intention/delete/delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package delete
 
diff --git a/command/intention/format.go b/command/intention/format.go
index bd202cfa5081..868306320758 100644
--- a/command/intention/format.go
+++ b/command/intention/format.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package intention
 
diff --git a/command/intention/get/get.go b/command/intention/get/get.go
index 64dd2c8441c4..1c2437962627 100644
--- a/command/intention/get/get.go
+++ b/command/intention/get/get.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package get
 
diff --git a/command/intention/get/get_test.go b/command/intention/get/get_test.go
index 7559a3611849..6f6f31ee9e8b 100644
--- a/command/intention/get/get_test.go
+++ b/command/intention/get/get_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package get
 
diff --git a/command/intention/helpers.go b/command/intention/helpers.go
index abc7c21e73a1..60774da85c9f 100644
--- a/command/intention/helpers.go
+++ b/command/intention/helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package intention
 
diff --git a/command/intention/helpers_test.go b/command/intention/helpers_test.go
index cd2db64c6911..11dff93b108b 100644
--- a/command/intention/helpers_test.go
+++ b/command/intention/helpers_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package intention
 
diff --git a/command/intention/intention.go b/command/intention/intention.go
index 77ba5e2f5eae..450ec630a49e 100644
--- a/command/intention/intention.go
+++ b/command/intention/intention.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package intention
 
diff --git a/command/intention/intention_test.go b/command/intention/intention_test.go
index 3a728fc028f9..098fecfa938e 100644
--- a/command/intention/intention_test.go
+++ b/command/intention/intention_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package intention
 
diff --git a/command/intention/list/intention_list.go b/command/intention/list/intention_list.go
index 408f9d8dcd09..f79f454dc79c 100644
--- a/command/intention/list/intention_list.go
+++ b/command/intention/list/intention_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package list
 
diff --git a/command/intention/list/intention_list_test.go b/command/intention/list/intention_list_test.go
index ccd6faefe3c1..2227c1c508e3 100644
--- a/command/intention/list/intention_list_test.go
+++ b/command/intention/list/intention_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package list
 
diff --git a/command/intention/match/match.go b/command/intention/match/match.go
index ee115a7b1ad8..b6f00d1a0e88 100644
--- a/command/intention/match/match.go
+++ b/command/intention/match/match.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package match
 
diff --git a/command/intention/match/match_test.go b/command/intention/match/match_test.go
index 6715c7eba8d3..d2a69ceada58 100644
--- a/command/intention/match/match_test.go
+++ b/command/intention/match/match_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package match
 
diff --git a/command/join/join.go b/command/join/join.go
index f5d041ed4b4d..074813993d6a 100644
--- a/command/join/join.go
+++ b/command/join/join.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package join
 
diff --git a/command/join/join_test.go b/command/join/join_test.go
index 828cb46b6e31..e5d43c7cdea9 100644
--- a/command/join/join_test.go
+++ b/command/join/join_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package join
 
diff --git a/command/keygen/keygen.go b/command/keygen/keygen.go
index e2907bda0c0d..c7ab5337c02c 100644
--- a/command/keygen/keygen.go
+++ b/command/keygen/keygen.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package keygen
 
diff --git a/command/keygen/keygen_test.go b/command/keygen/keygen_test.go
index 59edb12896bd..a78a07cfedf7 100644
--- a/command/keygen/keygen_test.go
+++ b/command/keygen/keygen_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package keygen
 
diff --git a/command/keyring/keyring.go b/command/keyring/keyring.go
index 0e4756f6191f..2f9d96f0e266 100644
--- a/command/keyring/keyring.go
+++ b/command/keyring/keyring.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package keyring
 
diff --git a/command/keyring/keyring_test.go b/command/keyring/keyring_test.go
index 68c5e7f98219..5ee1b1a8752f 100644
--- a/command/keyring/keyring_test.go
+++ b/command/keyring/keyring_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package keyring
 
diff --git a/command/kv/del/kv_delete.go b/command/kv/del/kv_delete.go
index e58e4a229661..89bdde4508c0 100644
--- a/command/kv/del/kv_delete.go
+++ b/command/kv/del/kv_delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package del
 
diff --git a/command/kv/del/kv_delete_test.go b/command/kv/del/kv_delete_test.go
index 254fb4aa5097..29d9b7bb98c4 100644
--- a/command/kv/del/kv_delete_test.go
+++ b/command/kv/del/kv_delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package del
 
diff --git a/command/kv/exp/kv_export.go b/command/kv/exp/kv_export.go
index 2f2e835bd42d..c14acd4424d4 100644
--- a/command/kv/exp/kv_export.go
+++ b/command/kv/exp/kv_export.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package exp
 
diff --git a/command/kv/exp/kv_export_test.go b/command/kv/exp/kv_export_test.go
index 76da13dcd4e6..96e1d469113f 100644
--- a/command/kv/exp/kv_export_test.go
+++ b/command/kv/exp/kv_export_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package exp
 
diff --git a/command/kv/get/kv_get.go b/command/kv/get/kv_get.go
index 4abf0251751e..b53173c04863 100644
--- a/command/kv/get/kv_get.go
+++ b/command/kv/get/kv_get.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package get
 
diff --git a/command/kv/get/kv_get_test.go b/command/kv/get/kv_get_test.go
index 56318586de43..92b6675b80a5 100644
--- a/command/kv/get/kv_get_test.go
+++ b/command/kv/get/kv_get_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package get
 
diff --git a/command/kv/imp/kv_import.go b/command/kv/imp/kv_import.go
index 1d91d281df84..b1e6841060e6 100644
--- a/command/kv/imp/kv_import.go
+++ b/command/kv/imp/kv_import.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package imp
 
diff --git a/command/kv/imp/kv_import_test.go b/command/kv/imp/kv_import_test.go
index 6bed5684cebd..3528c2119abb 100644
--- a/command/kv/imp/kv_import_test.go
+++ b/command/kv/imp/kv_import_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package imp
 
diff --git a/command/kv/impexp/kvimpexp.go b/command/kv/impexp/kvimpexp.go
index 0dc4b394e068..3235439ee539 100644
--- a/command/kv/impexp/kvimpexp.go
+++ b/command/kv/impexp/kvimpexp.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package impexp
 
diff --git a/command/kv/kv.go b/command/kv/kv.go
index 86d8c258e058..3d98b63bdba3 100644
--- a/command/kv/kv.go
+++ b/command/kv/kv.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package kv
 
diff --git a/command/kv/kv_test.go b/command/kv/kv_test.go
index 85195ee9acba..56ee94fa7e2d 100644
--- a/command/kv/kv_test.go
+++ b/command/kv/kv_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package kv
 
diff --git a/command/kv/put/kv_put.go b/command/kv/put/kv_put.go
index 5f0580ce1431..13e6ee4b9e8e 100644
--- a/command/kv/put/kv_put.go
+++ b/command/kv/put/kv_put.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package put
 
diff --git a/command/kv/put/kv_put_test.go b/command/kv/put/kv_put_test.go
index 1f0245c8e0f2..bd07f5aab38f 100644
--- a/command/kv/put/kv_put_test.go
+++ b/command/kv/put/kv_put_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package put
 
diff --git a/command/leave/leave.go b/command/leave/leave.go
index 8d997fb83c8d..d822b5fedc54 100644
--- a/command/leave/leave.go
+++ b/command/leave/leave.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package leave
 
diff --git a/command/leave/leave_test.go b/command/leave/leave_test.go
index 317a6862b91e..67f16fefb74a 100644
--- a/command/leave/leave_test.go
+++ b/command/leave/leave_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package leave
 
diff --git a/command/lock/lock.go b/command/lock/lock.go
index a662babe041f..f1acfd4f9093 100644
--- a/command/lock/lock.go
+++ b/command/lock/lock.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lock
 
diff --git a/command/lock/lock_test.go b/command/lock/lock_test.go
index f32de5bc5e46..d90a7c0826c9 100644
--- a/command/lock/lock_test.go
+++ b/command/lock/lock_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lock
 
diff --git a/command/lock/util_unix.go b/command/lock/util_unix.go
index d2c9bf1dd41d..3c754560b4e1 100644
--- a/command/lock/util_unix.go
+++ b/command/lock/util_unix.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !windows
 // +build !windows
diff --git a/command/lock/util_windows.go b/command/lock/util_windows.go
index 12f148fa00c1..9a271af66d1d 100644
--- a/command/lock/util_windows.go
+++ b/command/lock/util_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build windows
 // +build windows
diff --git a/command/login/aws.go b/command/login/aws.go
index e7fb6af58eef..99230679c13d 100644
--- a/command/login/aws.go
+++ b/command/login/aws.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package login
 
diff --git a/command/login/login.go b/command/login/login.go
index 0ab523785292..18f2762c9954 100644
--- a/command/login/login.go
+++ b/command/login/login.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package login
 
diff --git a/command/login/login_ce.go b/command/login/login_ce.go
index 34f935177816..365d89dfd5de 100644
--- a/command/login/login_ce.go
+++ b/command/login/login_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/login/login_test.go b/command/login/login_test.go
index c3bf11767617..918e1fcbff2f 100644
--- a/command/login/login_test.go
+++ b/command/login/login_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package login
 
diff --git a/command/logout/logout.go b/command/logout/logout.go
index 35365f446954..8ff8fb677892 100644
--- a/command/logout/logout.go
+++ b/command/logout/logout.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logout
 
diff --git a/command/logout/logout_test.go b/command/logout/logout_test.go
index 7228def746b8..1e3890bb8acb 100644
--- a/command/logout/logout_test.go
+++ b/command/logout/logout_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logout
 
diff --git a/command/maint/maint.go b/command/maint/maint.go
index 252aa1de46a7..e9d189157b1f 100644
--- a/command/maint/maint.go
+++ b/command/maint/maint.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package maint
 
diff --git a/command/maint/maint_test.go b/command/maint/maint_test.go
index eabd173a623f..c182ecbdf3ab 100644
--- a/command/maint/maint_test.go
+++ b/command/maint/maint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package maint
 
diff --git a/command/members/members.go b/command/members/members.go
index 7b10612643b0..9895837f6484 100644
--- a/command/members/members.go
+++ b/command/members/members.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package members
 
diff --git a/command/members/members_test.go b/command/members/members_test.go
index 76e3bbe1260d..646c51ec6248 100644
--- a/command/members/members_test.go
+++ b/command/members/members_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package members
 
diff --git a/command/monitor/monitor.go b/command/monitor/monitor.go
index e1d0e8597d50..0703b34a0512 100644
--- a/command/monitor/monitor.go
+++ b/command/monitor/monitor.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package monitor
 
diff --git a/command/monitor/monitor_test.go b/command/monitor/monitor_test.go
index e9eacdda4caf..61abfb6c9bf0 100644
--- a/command/monitor/monitor_test.go
+++ b/command/monitor/monitor_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package monitor
 
diff --git a/command/operator/autopilot/get/operator_autopilot_get.go b/command/operator/autopilot/get/operator_autopilot_get.go
index 5cc2dc351e34..d89167278267 100644
--- a/command/operator/autopilot/get/operator_autopilot_get.go
+++ b/command/operator/autopilot/get/operator_autopilot_get.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package get
 
diff --git a/command/operator/autopilot/get/operator_autopilot_get_test.go b/command/operator/autopilot/get/operator_autopilot_get_test.go
index 264706ea2445..fc5e0f12e1ae 100644
--- a/command/operator/autopilot/get/operator_autopilot_get_test.go
+++ b/command/operator/autopilot/get/operator_autopilot_get_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package get
 
diff --git a/command/operator/autopilot/operator_autopilot.go b/command/operator/autopilot/operator_autopilot.go
index d1de582fbecf..38d51641eb59 100644
--- a/command/operator/autopilot/operator_autopilot.go
+++ b/command/operator/autopilot/operator_autopilot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autopilot
 
diff --git a/command/operator/autopilot/operator_autopilot_test.go b/command/operator/autopilot/operator_autopilot_test.go
index 9861749b172a..9fa91f988b2f 100644
--- a/command/operator/autopilot/operator_autopilot_test.go
+++ b/command/operator/autopilot/operator_autopilot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package autopilot
 
diff --git a/command/operator/autopilot/set/operator_autopilot_set.go b/command/operator/autopilot/set/operator_autopilot_set.go
index 6a8dd5fec9ae..c396dd5d966c 100644
--- a/command/operator/autopilot/set/operator_autopilot_set.go
+++ b/command/operator/autopilot/set/operator_autopilot_set.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package set
 
diff --git a/command/operator/autopilot/set/operator_autopilot_set_test.go b/command/operator/autopilot/set/operator_autopilot_set_test.go
index b92e7ef4b4fd..c8d757bdbbc7 100644
--- a/command/operator/autopilot/set/operator_autopilot_set_test.go
+++ b/command/operator/autopilot/set/operator_autopilot_set_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package set
 
diff --git a/command/operator/autopilot/state/formatter.go b/command/operator/autopilot/state/formatter.go
index 11cec09c6a16..f4e42a6578ed 100644
--- a/command/operator/autopilot/state/formatter.go
+++ b/command/operator/autopilot/state/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/command/operator/autopilot/state/operator_autopilot_state.go b/command/operator/autopilot/state/operator_autopilot_state.go
index be85fdb3ccf1..b5fd6d071886 100644
--- a/command/operator/autopilot/state/operator_autopilot_state.go
+++ b/command/operator/autopilot/state/operator_autopilot_state.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/command/operator/autopilot/state/operator_autopilot_state_test.go b/command/operator/autopilot/state/operator_autopilot_state_test.go
index adc4b65933b1..d81abcde44f7 100644
--- a/command/operator/autopilot/state/operator_autopilot_state_test.go
+++ b/command/operator/autopilot/state/operator_autopilot_state_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package state
 
diff --git a/command/operator/operator.go b/command/operator/operator.go
index 06c8c7622e48..b66924d3cb71 100644
--- a/command/operator/operator.go
+++ b/command/operator/operator.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package operator
 
diff --git a/command/operator/operator_test.go b/command/operator/operator_test.go
index d25f4fc4f8d3..822ffc52347d 100644
--- a/command/operator/operator_test.go
+++ b/command/operator/operator_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package operator
 
diff --git a/command/operator/raft/listpeers/operator_raft_list.go b/command/operator/raft/listpeers/operator_raft_list.go
index abe682c10371..29643a87cf33 100644
--- a/command/operator/raft/listpeers/operator_raft_list.go
+++ b/command/operator/raft/listpeers/operator_raft_list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package listpeers
 
diff --git a/command/operator/raft/listpeers/operator_raft_list_test.go b/command/operator/raft/listpeers/operator_raft_list_test.go
index c29ed9d418e9..0694e0dd1046 100644
--- a/command/operator/raft/listpeers/operator_raft_list_test.go
+++ b/command/operator/raft/listpeers/operator_raft_list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package listpeers
 
diff --git a/command/operator/raft/operator_raft.go b/command/operator/raft/operator_raft.go
index 52bcb446f9b1..42b6175e974d 100644
--- a/command/operator/raft/operator_raft.go
+++ b/command/operator/raft/operator_raft.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package raft
 
diff --git a/command/operator/raft/operator_raft_test.go b/command/operator/raft/operator_raft_test.go
index cac0545fa511..275606ab5aec 100644
--- a/command/operator/raft/operator_raft_test.go
+++ b/command/operator/raft/operator_raft_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package raft
 
diff --git a/command/operator/raft/removepeer/operator_raft_remove.go b/command/operator/raft/removepeer/operator_raft_remove.go
index 12692d4d5225..eea10a045d9a 100644
--- a/command/operator/raft/removepeer/operator_raft_remove.go
+++ b/command/operator/raft/removepeer/operator_raft_remove.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package removepeer
 
diff --git a/command/operator/raft/removepeer/operator_raft_remove_test.go b/command/operator/raft/removepeer/operator_raft_remove_test.go
index e7647712647d..e81fc1474a38 100644
--- a/command/operator/raft/removepeer/operator_raft_remove_test.go
+++ b/command/operator/raft/removepeer/operator_raft_remove_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package removepeer
 
diff --git a/command/operator/raft/transferleader/transfer_leader.go b/command/operator/raft/transferleader/transfer_leader.go
index ebeb77dfc82c..9e3630c05601 100644
--- a/command/operator/raft/transferleader/transfer_leader.go
+++ b/command/operator/raft/transferleader/transfer_leader.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package transferleader
 
diff --git a/command/operator/raft/transferleader/transfer_leader_test.go b/command/operator/raft/transferleader/transfer_leader_test.go
index 2b56fe1d784f..7c0fc4115dbc 100644
--- a/command/operator/raft/transferleader/transfer_leader_test.go
+++ b/command/operator/raft/transferleader/transfer_leader_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package transferleader
 
diff --git a/command/operator/usage/instances/usage_instances.go b/command/operator/usage/instances/usage_instances.go
index 83231db0a1d4..1ac90dce8d36 100644
--- a/command/operator/usage/instances/usage_instances.go
+++ b/command/operator/usage/instances/usage_instances.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package instances
 
diff --git a/command/operator/usage/instances/usage_instances_ce.go b/command/operator/usage/instances/usage_instances_ce.go
index ef614edfac26..dc9511b32ce2 100644
--- a/command/operator/usage/instances/usage_instances_ce.go
+++ b/command/operator/usage/instances/usage_instances_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/operator/usage/instances/usage_instances_ce_test.go b/command/operator/usage/instances/usage_instances_ce_test.go
index a064828a45f3..478b9f42118b 100644
--- a/command/operator/usage/instances/usage_instances_ce_test.go
+++ b/command/operator/usage/instances/usage_instances_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/operator/usage/instances/usage_instances_test.go b/command/operator/usage/instances/usage_instances_test.go
index 7dac04dd3e32..8ad38e1b0c53 100644
--- a/command/operator/usage/instances/usage_instances_test.go
+++ b/command/operator/usage/instances/usage_instances_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package instances
 
diff --git a/command/operator/usage/usage.go b/command/operator/usage/usage.go
index 6e7cde57e4bf..3d733f8f36ff 100644
--- a/command/operator/usage/usage.go
+++ b/command/operator/usage/usage.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package usage
 
diff --git a/command/peering/delete/delete.go b/command/peering/delete/delete.go
index 039ace539188..f4399b73ce2f 100644
--- a/command/peering/delete/delete.go
+++ b/command/peering/delete/delete.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package delete
 
diff --git a/command/peering/delete/delete_test.go b/command/peering/delete/delete_test.go
index 5aa299b78d52..56d0d495a897 100644
--- a/command/peering/delete/delete_test.go
+++ b/command/peering/delete/delete_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package delete
 
diff --git a/command/peering/establish/establish.go b/command/peering/establish/establish.go
index 42178f149040..ef5178eecf8a 100644
--- a/command/peering/establish/establish.go
+++ b/command/peering/establish/establish.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package establish
 
diff --git a/command/peering/establish/establish_test.go b/command/peering/establish/establish_test.go
index 25abae316bc4..515b727f78b6 100644
--- a/command/peering/establish/establish_test.go
+++ b/command/peering/establish/establish_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package establish
 
diff --git a/command/peering/generate/generate.go b/command/peering/generate/generate.go
index e2122aa7aa09..26410480f517 100644
--- a/command/peering/generate/generate.go
+++ b/command/peering/generate/generate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package generate
 
diff --git a/command/peering/generate/generate_test.go b/command/peering/generate/generate_test.go
index 863b266ed15e..529f46aacdf6 100644
--- a/command/peering/generate/generate_test.go
+++ b/command/peering/generate/generate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package generate
 
diff --git a/command/peering/list/list.go b/command/peering/list/list.go
index 10e85d9b582f..87fb6bade599 100644
--- a/command/peering/list/list.go
+++ b/command/peering/list/list.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package list
 
diff --git a/command/peering/list/list_test.go b/command/peering/list/list_test.go
index 43da9684728e..f923e6d2b761 100644
--- a/command/peering/list/list_test.go
+++ b/command/peering/list/list_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package list
 
diff --git a/command/peering/peering.go b/command/peering/peering.go
index 157dd42c63d7..2a4834e514c2 100644
--- a/command/peering/peering.go
+++ b/command/peering/peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peering
 
diff --git a/command/peering/read/read.go b/command/peering/read/read.go
index 8d15210fcfaa..ddd44cb4fe8b 100644
--- a/command/peering/read/read.go
+++ b/command/peering/read/read.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package read
 
diff --git a/command/peering/read/read_test.go b/command/peering/read/read_test.go
index 90a2ac879244..42b354466175 100644
--- a/command/peering/read/read_test.go
+++ b/command/peering/read/read_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package read
 
diff --git a/command/registry.go b/command/registry.go
index f01e3a108041..b370f14bc872 100644
--- a/command/registry.go
+++ b/command/registry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package command
 
diff --git a/command/registry_ce.go b/command/registry_ce.go
index 7ea2f73a12f9..2a7708221022 100644
--- a/command/registry_ce.go
+++ b/command/registry_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/command/reload/reload.go b/command/reload/reload.go
index 458b90cbf6a8..b0989817fdc0 100644
--- a/command/reload/reload.go
+++ b/command/reload/reload.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package reload
 
diff --git a/command/reload/reload_test.go b/command/reload/reload_test.go
index 11313fb13841..d75712c53934 100644
--- a/command/reload/reload_test.go
+++ b/command/reload/reload_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package reload
 
diff --git a/command/rtt/rtt.go b/command/rtt/rtt.go
index db9e3efd06be..f7a7414511d6 100644
--- a/command/rtt/rtt.go
+++ b/command/rtt/rtt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package rtt
 
diff --git a/command/rtt/rtt_test.go b/command/rtt/rtt_test.go
index 4b0621cfe33f..8534fc1a59bc 100644
--- a/command/rtt/rtt_test.go
+++ b/command/rtt/rtt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package rtt
 
diff --git a/command/services/config.go b/command/services/config.go
index 1a173078d6f0..f881778956d6 100644
--- a/command/services/config.go
+++ b/command/services/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package services
 
diff --git a/command/services/config_test.go b/command/services/config_test.go
index b8a2207fb9e8..e8770337d4d9 100644
--- a/command/services/config_test.go
+++ b/command/services/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package services
 
diff --git a/command/services/deregister/deregister.go b/command/services/deregister/deregister.go
index bff2c972704a..69a4ef9437d7 100644
--- a/command/services/deregister/deregister.go
+++ b/command/services/deregister/deregister.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package deregister
 
diff --git a/command/services/deregister/deregister_test.go b/command/services/deregister/deregister_test.go
index 2ee9d8de5fab..15d9ffddb22b 100644
--- a/command/services/deregister/deregister_test.go
+++ b/command/services/deregister/deregister_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package deregister
 
diff --git a/command/services/export/export.go b/command/services/export/export.go
index 49a575660200..637553f93e6c 100644
--- a/command/services/export/export.go
+++ b/command/services/export/export.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package export
 
 import (
diff --git a/command/services/export/export_test.go b/command/services/export/export_test.go
index aa13aff63c23..6a2dfa9d67b0 100644
--- a/command/services/export/export_test.go
+++ b/command/services/export/export_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package export
 
 import (
diff --git a/command/services/register/register.go b/command/services/register/register.go
index 33599dda0132..6e5f7a0fcfa5 100644
--- a/command/services/register/register.go
+++ b/command/services/register/register.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package register
 
diff --git a/command/services/register/register_test.go b/command/services/register/register_test.go
index 24d5f4fb87ea..2004610cf50d 100644
--- a/command/services/register/register_test.go
+++ b/command/services/register/register_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package register
 
diff --git a/command/services/services.go b/command/services/services.go
index 521092f063ae..9c12445def7e 100644
--- a/command/services/services.go
+++ b/command/services/services.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package services
 
diff --git a/command/services/services_test.go b/command/services/services_test.go
index a2d4b45262be..11a31cd16dbe 100644
--- a/command/services/services_test.go
+++ b/command/services/services_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package services
 
diff --git a/command/snapshot/inspect/formatter.go b/command/snapshot/inspect/formatter.go
index 53da998b25c8..2898bf174fb0 100644
--- a/command/snapshot/inspect/formatter.go
+++ b/command/snapshot/inspect/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inspect
 
diff --git a/command/snapshot/inspect/formatter_test.go b/command/snapshot/inspect/formatter_test.go
index 48b8d1da4d96..b55ea6b972a2 100644
--- a/command/snapshot/inspect/formatter_test.go
+++ b/command/snapshot/inspect/formatter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inspect
 
diff --git a/command/snapshot/inspect/snapshot_inspect.go b/command/snapshot/inspect/snapshot_inspect.go
index 483e937eb481..018d3f3dec34 100644
--- a/command/snapshot/inspect/snapshot_inspect.go
+++ b/command/snapshot/inspect/snapshot_inspect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inspect
 
diff --git a/command/snapshot/inspect/snapshot_inspect_test.go b/command/snapshot/inspect/snapshot_inspect_test.go
index 1f7ff69f1bc3..f6a799078368 100644
--- a/command/snapshot/inspect/snapshot_inspect_test.go
+++ b/command/snapshot/inspect/snapshot_inspect_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inspect
 
diff --git a/command/snapshot/restore/snapshot_restore.go b/command/snapshot/restore/snapshot_restore.go
index aaa08a162d7a..170e77685dc2 100644
--- a/command/snapshot/restore/snapshot_restore.go
+++ b/command/snapshot/restore/snapshot_restore.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package restore
 
diff --git a/command/snapshot/restore/snapshot_restore_test.go b/command/snapshot/restore/snapshot_restore_test.go
index 61c8b2bed0d6..076df99a6bdd 100644
--- a/command/snapshot/restore/snapshot_restore_test.go
+++ b/command/snapshot/restore/snapshot_restore_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package restore
 
diff --git a/command/snapshot/save/snapshot_save.go b/command/snapshot/save/snapshot_save.go
index 2395a4f3a038..11569d60c519 100644
--- a/command/snapshot/save/snapshot_save.go
+++ b/command/snapshot/save/snapshot_save.go
@@ -1,12 +1,15 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package save
 
 import (
 	"flag"
 	"fmt"
+	"golang.org/x/exp/slices"
 	"os"
+	"path/filepath"
+	"strings"
 
 	"github.com/mitchellh/cli"
 	"github.com/rboyer/safeio"
@@ -23,10 +26,18 @@ func New(ui cli.Ui) *cmd {
 }
 
 type cmd struct {
-	UI    cli.Ui
-	flags *flag.FlagSet
-	http  *flags.HTTPFlags
-	help  string
+	UI                 cli.Ui
+	flags              *flag.FlagSet
+	http               *flags.HTTPFlags
+	help               string
+	appendFileNameFlag flags.StringValue
+}
+
+func (c *cmd) getAppendFileNameFlag() *flag.FlagSet {
+	fs := flag.NewFlagSet("", flag.ContinueOnError)
+	fs.Var(&c.appendFileNameFlag, "append-filename", "Append filename flag supports the following "+
+		"comma-separated arguments. 1. version, 2. dc. It appends these values to the filename provided in the command")
+	return fs
 }
 
 func (c *cmd) init() {
@@ -34,6 +45,7 @@ func (c *cmd) init() {
 	c.http = &flags.HTTPFlags{}
 	flags.Merge(c.flags, c.http.ClientFlags())
 	flags.Merge(c.flags, c.http.ServerFlags())
+	flags.Merge(c.flags, c.getAppendFileNameFlag())
 	c.help = flags.Usage(help, c.flags)
 }
 
@@ -58,6 +70,47 @@ func (c *cmd) Run(args []string) int {
 
 	// Create and test the HTTP client
 	client, err := c.http.APIClient()
+
+	appendFileNameFlags := strings.Split(c.appendFileNameFlag.String(), ",")
+
+	if len(appendFileNameFlags) != 0 && len(c.appendFileNameFlag.String()) > 0 {
+		fileExt := filepath.Ext(file)
+		fileNameWithoutExt := strings.TrimSuffix(file, fileExt)
+
+		if slices.Contains(appendFileNameFlags, "version") {
+			operatorHealthResponse, err := client.Operator().AutopilotServerHealth(nil)
+			if err != nil {
+				c.UI.Error(fmt.Sprintf("Error fetching version of Consul agent Leader: %s", err))
+				return 1
+			}
+			var version string
+			for _, server := range operatorHealthResponse.Servers {
+				if server.Leader {
+					version = server.Version
+					break
+				}
+			}
+			fileNameWithoutExt = fileNameWithoutExt + "-" + version
+		}
+
+		if slices.Contains(appendFileNameFlags, "dc") {
+			agentSelfResponse, err := client.Agent().Self()
+			if err != nil {
+				c.UI.Error(fmt.Sprintf("Error connecting to Consul agent and fetching datacenter/version: %s", err))
+				return 1
+			}
+
+			if config, ok := agentSelfResponse["Config"]; ok {
+				if datacenter, ok := config["Datacenter"]; ok {
+					fileNameWithoutExt = fileNameWithoutExt + "-" + datacenter.(string)
+				}
+			}
+		}
+
+		//adding extension back
+		file = fileNameWithoutExt + fileExt
+	}
+
 	if err != nil {
 		c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))
 		return 1
diff --git a/command/snapshot/save/snapshot_save_test.go b/command/snapshot/save/snapshot_save_test.go
index a95b537e9475..15f31784847f 100644
--- a/command/snapshot/save/snapshot_save_test.go
+++ b/command/snapshot/save/snapshot_save_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package save
 
@@ -72,6 +72,71 @@ func TestSnapshotSaveCommand_Validation(t *testing.T) {
 	}
 }
 
+func TestSnapshotSaveCommandWithAppendFileNameFlag(t *testing.T) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	t.Parallel()
+	a := agent.NewTestAgent(t, ``)
+	defer a.Shutdown()
+	client := a.Client()
+
+	ui := cli.NewMockUi()
+	c := New(ui)
+
+	dir := testutil.TempDir(t, "snapshot")
+	file := filepath.Join(dir, "backup.tgz")
+	args := []string{
+		"-append-filename=version,dc",
+		"-http-addr=" + a.HTTPAddr(),
+		file,
+	}
+
+	// We need to use the self endpoint here for ENT, which returns the product suffix (+ent)
+	self, err := client.Agent().Self()
+	require.NoError(t, err)
+
+	cfg, ok := self["Config"]
+	require.True(t, ok)
+
+	dc, ok := cfg["Datacenter"]
+	require.True(t, ok)
+
+	datacenter := dc.(string)
+
+	operatorHealth, error := client.Operator().AutopilotServerHealth(nil)
+	require.NoError(t, error)
+
+	var version string
+	for _, server := range operatorHealth.Servers {
+		if server.Leader {
+			version = server.Version
+		}
+	}
+
+	newFilePath := filepath.Join(dir, "backup"+"-"+version+"-"+datacenter+".tgz")
+
+	code := c.Run(args)
+	if code != 0 {
+		t.Fatalf("bad: %d. %#v", code, ui.ErrorWriter.String())
+	}
+
+	fi, err := os.Stat(newFilePath)
+	require.NoError(t, err)
+	require.Equal(t, fi.Mode(), os.FileMode(0600))
+
+	f, err := os.Open(newFilePath)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	defer f.Close()
+
+	if err := client.Snapshot().Restore(nil, f); err != nil {
+		t.Fatalf("err: %v", err)
+	}
+}
+
 func TestSnapshotSaveCommand(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
diff --git a/command/snapshot/snapshot_command.go b/command/snapshot/snapshot_command.go
index 2e96550e191f..7378f5449f29 100644
--- a/command/snapshot/snapshot_command.go
+++ b/command/snapshot/snapshot_command.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package snapshot
 
diff --git a/command/snapshot/snapshot_command_test.go b/command/snapshot/snapshot_command_test.go
index d38f5cde9271..99db9533a31d 100644
--- a/command/snapshot/snapshot_command_test.go
+++ b/command/snapshot/snapshot_command_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package snapshot
 
diff --git a/command/tls/ca/create/tls_ca_create.go b/command/tls/ca/create/tls_ca_create.go
index 43a9c249f154..4c25f8aec7a2 100644
--- a/command/tls/ca/create/tls_ca_create.go
+++ b/command/tls/ca/create/tls_ca_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package create
 
diff --git a/command/tls/ca/create/tls_ca_create_test.go b/command/tls/ca/create/tls_ca_create_test.go
index aee2b69062cf..d9e837e56d7f 100644
--- a/command/tls/ca/create/tls_ca_create_test.go
+++ b/command/tls/ca/create/tls_ca_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package create
 
diff --git a/command/tls/ca/tls_ca.go b/command/tls/ca/tls_ca.go
index ef943a4fbfe0..65207c0dc8ba 100644
--- a/command/tls/ca/tls_ca.go
+++ b/command/tls/ca/tls_ca.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/command/tls/ca/tls_ca_test.go b/command/tls/ca/tls_ca_test.go
index d24c15665f30..74cd8de37da4 100644
--- a/command/tls/ca/tls_ca_test.go
+++ b/command/tls/ca/tls_ca_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ca
 
diff --git a/command/tls/cert/create/tls_cert_create.go b/command/tls/cert/create/tls_cert_create.go
index 9e0f92173bd1..7af36bc986cd 100644
--- a/command/tls/cert/create/tls_cert_create.go
+++ b/command/tls/cert/create/tls_cert_create.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package create
 
diff --git a/command/tls/cert/create/tls_cert_create_test.go b/command/tls/cert/create/tls_cert_create_test.go
index 6e807d4a4fc7..9f9fa1385a21 100644
--- a/command/tls/cert/create/tls_cert_create_test.go
+++ b/command/tls/cert/create/tls_cert_create_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package create
 
diff --git a/command/tls/cert/tls_cert.go b/command/tls/cert/tls_cert.go
index 38551ef6c621..17795507e431 100644
--- a/command/tls/cert/tls_cert.go
+++ b/command/tls/cert/tls_cert.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cert
 
diff --git a/command/tls/cert/tls_cert_test.go b/command/tls/cert/tls_cert_test.go
index 912ff3e58e4b..ab5144813de6 100644
--- a/command/tls/cert/tls_cert_test.go
+++ b/command/tls/cert/tls_cert_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cert
 
diff --git a/command/tls/tls.go b/command/tls/tls.go
index a25a313ed02e..fda3c4a12331 100644
--- a/command/tls/tls.go
+++ b/command/tls/tls.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tls
 
diff --git a/command/tls/tls_test.go b/command/tls/tls_test.go
index 7bd99fd4c11c..dd34df10fd28 100644
--- a/command/tls/tls_test.go
+++ b/command/tls/tls_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tls
 
diff --git a/command/troubleshoot/proxy/troubleshoot_proxy.go b/command/troubleshoot/proxy/troubleshoot_proxy.go
index 1f513043fb17..08928b9e5453 100644
--- a/command/troubleshoot/proxy/troubleshoot_proxy.go
+++ b/command/troubleshoot/proxy/troubleshoot_proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/command/troubleshoot/troubleshoot.go b/command/troubleshoot/troubleshoot.go
index 36c77ff10435..431c671ee732 100644
--- a/command/troubleshoot/troubleshoot.go
+++ b/command/troubleshoot/troubleshoot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
diff --git a/command/troubleshoot/troubleshoot_test.go b/command/troubleshoot/troubleshoot_test.go
index a0e3f1c06957..9ec2f68665a3 100644
--- a/command/troubleshoot/troubleshoot_test.go
+++ b/command/troubleshoot/troubleshoot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
diff --git a/command/troubleshoot/upstreams/troubleshoot_upstreams.go b/command/troubleshoot/upstreams/troubleshoot_upstreams.go
index 5796dac58376..19737c735330 100644
--- a/command/troubleshoot/upstreams/troubleshoot_upstreams.go
+++ b/command/troubleshoot/upstreams/troubleshoot_upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package upstreams
 
diff --git a/command/validate/validate.go b/command/validate/validate.go
index 1a9630c65f47..a44120a89f8b 100644
--- a/command/validate/validate.go
+++ b/command/validate/validate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package validate
 
diff --git a/command/validate/validate_test.go b/command/validate/validate_test.go
index dc5b519dbe31..fdd0c7b2f2ff 100644
--- a/command/validate/validate_test.go
+++ b/command/validate/validate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package validate
 
diff --git a/command/version/formatter.go b/command/version/formatter.go
index 612c305a7985..c7c16da4419b 100644
--- a/command/version/formatter.go
+++ b/command/version/formatter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package version
 
diff --git a/command/version/formatter_test.go b/command/version/formatter_test.go
index 45e4019dfb5c..b5c0bd2482b9 100644
--- a/command/version/formatter_test.go
+++ b/command/version/formatter_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package version
 
diff --git a/command/version/version.go b/command/version/version.go
index da8978c3e72f..1c2157a8eae8 100644
--- a/command/version/version.go
+++ b/command/version/version.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package version
 
diff --git a/command/version/version_test.go b/command/version/version_test.go
index d0af11506e38..45bd4fc6ac4c 100644
--- a/command/version/version_test.go
+++ b/command/version/version_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package version
 
diff --git a/command/watch/watch.go b/command/watch/watch.go
index 205ff3fb083d..b187fa369ab4 100644
--- a/command/watch/watch.go
+++ b/command/watch/watch.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package watch
 
diff --git a/command/watch/watch_test.go b/command/watch/watch_test.go
index ba29c2731a8c..ed830a2aa7f3 100644
--- a/command/watch/watch_test.go
+++ b/command/watch/watch_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package watch
 
diff --git a/connect/certgen/certgen.go b/connect/certgen/certgen.go
index 509e7f8df4f3..ced3720cd81b 100644
--- a/connect/certgen/certgen.go
+++ b/connect/certgen/certgen.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // certgen: a tool for generating test certificates on disk for use as
 // test-fixtures and for end-to-end testing and local development.
diff --git a/connect/example_test.go b/connect/example_test.go
index 51571bf1818c..666f2f09db6d 100644
--- a/connect/example_test.go
+++ b/connect/example_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/connect/proxy/config.go b/connect/proxy/config.go
index 19476d48d49f..9d5e85bf4dee 100644
--- a/connect/proxy/config.go
+++ b/connect/proxy/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/connect/proxy/config_test.go b/connect/proxy/config_test.go
index a19695831681..55bd64e1b18a 100644
--- a/connect/proxy/config_test.go
+++ b/connect/proxy/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/connect/proxy/conn.go b/connect/proxy/conn.go
index acc1a49eb4b7..2c9314642ee2 100644
--- a/connect/proxy/conn.go
+++ b/connect/proxy/conn.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/connect/proxy/conn_test.go b/connect/proxy/conn_test.go
index b5be7952d0ee..95836af0d9e4 100644
--- a/connect/proxy/conn_test.go
+++ b/connect/proxy/conn_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/connect/proxy/listener.go b/connect/proxy/listener.go
index fc823d271284..97d607c751f6 100644
--- a/connect/proxy/listener.go
+++ b/connect/proxy/listener.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/connect/proxy/listener_test.go b/connect/proxy/listener_test.go
index 5554ecf353a6..9b4e573a4aa1 100644
--- a/connect/proxy/listener_test.go
+++ b/connect/proxy/listener_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/connect/proxy/proxy.go b/connect/proxy/proxy.go
index c365862ad8ec..f5e7f913460f 100644
--- a/connect/proxy/proxy.go
+++ b/connect/proxy/proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/connect/proxy/proxy_test.go b/connect/proxy/proxy_test.go
index 20b4cdd55efe..876a91c81a4d 100644
--- a/connect/proxy/proxy_test.go
+++ b/connect/proxy/proxy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/connect/proxy/testing.go b/connect/proxy/testing.go
index 6756f16a2567..7f8604394af7 100644
--- a/connect/proxy/testing.go
+++ b/connect/proxy/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package proxy
 
diff --git a/connect/resolver.go b/connect/resolver.go
index fa89bc36d33d..eb68b1c12335 100644
--- a/connect/resolver.go
+++ b/connect/resolver.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/connect/resolver_test.go b/connect/resolver_test.go
index 3aece268b5dc..51bc13ee28d4 100644
--- a/connect/resolver_test.go
+++ b/connect/resolver_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/connect/service.go b/connect/service.go
index ea38dd59b2e5..1260b065a068 100644
--- a/connect/service.go
+++ b/connect/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/connect/service_test.go b/connect/service_test.go
index 0f6ed51a8b45..87f522214cee 100644
--- a/connect/service_test.go
+++ b/connect/service_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/connect/testing.go b/connect/testing.go
index 1017ee15f5e7..4fe1a54f6e09 100644
--- a/connect/testing.go
+++ b/connect/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/connect/tls.go b/connect/tls.go
index 3d29cf48e1c0..a0e0286bc1af 100644
--- a/connect/tls.go
+++ b/connect/tls.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
@@ -425,7 +425,7 @@ func (cfg *dynamicTLSConfig) Ready() bool {
 	return cfg.VerifyLeafWithRoots() == nil
 }
 
-// ReadyWait returns a chan that is closed when the Service becomes ready
+// ReadyWait returns a chan that is closed when the the Service becomes ready
 // for use for the first time. Note that if the Service is ready when it is
 // called it returns a nil chan. Ready means that it has root and leaf
 // certificates configured but not that the combination is valid nor that
diff --git a/connect/tls_test.go b/connect/tls_test.go
index 74609b1740e3..5c96371c9443 100644
--- a/connect/tls_test.go
+++ b/connect/tls_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package connect
 
diff --git a/docs/README.md b/docs/README.md
index 0d61b30fa577..d3483710b33b 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -40,8 +40,6 @@ Also see the [FAQ](./faq.md).
 
 1. [Integration Tests](../test/integration/connect/envoy/README.md)
 1. [Upgrade Tests](../test/integration/consul-container/test/upgrade/README.md)
-1. [Remote Debugging Integration Tests](../test/integration/consul-container/test/debugging.md)
-1. [Peering Common Topology Tests](../test-integ/peering_commontopo/README.md)
 
 ## Important Directories
 
@@ -56,7 +54,7 @@ contain other important source related to Consul.
 * [.changelog] contains markdown files that are used by [hashicorp/go-changelog] to produce the
   [CHANGELOG.md].
 * [build-support] contains bash functions and scripts used to automate.
-  development tasks. Generally these scripts are called from the [Makefile].
+  development tasks. Generally these scripts are called from the [GNUmakefile].
 * [grafana] contains the source for a [Grafana dashboard] that can be used to
   monitor Consul.
 
@@ -67,7 +65,7 @@ contain other important source related to Consul.
 [hashicorp/go-changelog]: https://github.com/hashicorp/go-changelog
 [CHANGELOG.md]: https://github.com/hashicorp/consul/blob/main/CHANGELOG.md
 [build-support]: https://github.com/hashicorp/consul/tree/main/build-support
-[Makefile]: https://github.com/hashicorp/consul/tree/main/Makefile
+[GNUmakefile]: https://github.com/hashicorp/consul/tree/main/GNUmakefile
 [Grafana dashboard]: https://grafana.com/grafana/dashboards
 [grafana]: https://github.com/hashicorp/consul/tree/main/grafana
 
diff --git a/docs/resources/guide.md b/docs/resources/guide.md
index c19566577b72..b3f389c006a6 100644
--- a/docs/resources/guide.md
+++ b/docs/resources/guide.md
@@ -61,10 +61,8 @@ func RegisterTypes(r resource.Registry) {
 }
 ```
 
-Update the `NewTypeRegistry` method in [`type_registry.go`] to call your
-package's type registration method:
-
-[`type_registry.go`]: ../../agent/consul/type_registry.go
+Update the `registerResources` method in [`server.go`] to call your package's
+type registration method:
 
 ```Go
 import (
@@ -73,13 +71,15 @@ import (
 	// …
 )
 
-func NewTypeRegistry() resource.Registry {
+func (s *Server) registerResources() {
 	// …
-    foo.RegisterTypes(registry)
+	foo.RegisterTypes(s.typeRegistry)
 	// …
 }
 ```
 
+[`server.go`]: ../../agent/consul/server.go
+
 That should be all you need to start using your new resource type. Test it out
 by starting an agent in dev mode:
 
@@ -277,9 +277,7 @@ func (barReconciler) Reconcile(ctx context.Context, rt controller.Runtime, req c
 
 Next, register your controller with the controller manager. Another common
 pattern is to have your package expose a method for registering controllers,
-which is called from `registerControllers` in [`server.go`].
-
-[`server.go`]: ../../agent/consul/server.go
+which is also called from `registerResources` in [`server.go`].
 
 ```Go
 package foo
@@ -292,7 +290,7 @@ func RegisterControllers(mgr *controller.Manager) {
 ```Go
 package consul
 
-func (s *Server) registerControllers() {
+func (s *Server) registerResources() {
 	// …
 	foo.RegisterControllers(s.controllerManager)
 	// …
diff --git a/envoyextensions/extensioncommon/basic_envoy_extender.go b/envoyextensions/extensioncommon/basic_envoy_extender.go
index 86cee8f14a4e..a99d7439fea8 100644
--- a/envoyextensions/extensioncommon/basic_envoy_extender.go
+++ b/envoyextensions/extensioncommon/basic_envoy_extender.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/basic_extension_adapter.go b/envoyextensions/extensioncommon/basic_extension_adapter.go
index 39e1e8c8363b..fbf73f34c298 100644
--- a/envoyextensions/extensioncommon/basic_extension_adapter.go
+++ b/envoyextensions/extensioncommon/basic_extension_adapter.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/envoy_extender.go b/envoyextensions/extensioncommon/envoy_extender.go
index 269f01acd6de..0c8f9141c925 100644
--- a/envoyextensions/extensioncommon/envoy_extender.go
+++ b/envoyextensions/extensioncommon/envoy_extender.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extensioncommon
 
@@ -21,7 +21,7 @@ type EnvoyExtender interface {
 
 	// Extend updates indexed xDS structures to include patches for
 	// built-in extensions. It is responsible for applying extensions to
-	// the appropriate xDS resources. If any portion of this function fails,
+	// the the appropriate xDS resources. If any portion of this function fails,
 	// it will attempt continue and return an error. The caller can then determine
 	// if it is better to use a partially applied extension or error out.
 	Extend(*xdscommon.IndexedResources, *RuntimeConfig) (*xdscommon.IndexedResources, error)
diff --git a/envoyextensions/extensioncommon/envoy_extender_test.go b/envoyextensions/extensioncommon/envoy_extender_test.go
index 9fe6b49aeb33..48e338ed896f 100644
--- a/envoyextensions/extensioncommon/envoy_extender_test.go
+++ b/envoyextensions/extensioncommon/envoy_extender_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package extensioncommon
 
 import (
diff --git a/envoyextensions/extensioncommon/resources.go b/envoyextensions/extensioncommon/resources.go
index c5febfb6dd30..22c6c3ffa9ee 100644
--- a/envoyextensions/extensioncommon/resources.go
+++ b/envoyextensions/extensioncommon/resources.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extensioncommon
 
@@ -411,8 +411,8 @@ func getSNI(chain *envoy_listener_v3.FilterChain) string {
 }
 
 // GetHTTPConnectionManager returns the Envoy HttpConnectionManager filter from the list of network filters.
-// It also returns the index within the list of filters where the connection manager was found in case the
-// caller needs to overwrite the original filter.
+// It also returns the index within the list of filters where the connection manager was found in case the caller
+// needs this information.
 // It returns a non-nil error if the HttpConnectionManager is not found.
 func GetHTTPConnectionManager(filters ...*envoy_listener_v3.Filter) (*envoy_http_v3.HttpConnectionManager, int, error) {
 	for idx, filter := range filters {
@@ -491,11 +491,9 @@ func InsertHTTPFilter(filters []*envoy_listener_v3.Filter, filter *envoy_http_v3
 	if err != nil {
 		return filters, errors.New("failed to insert new HTTP connection manager filter")
 	}
-	filtersCopy := make([]*envoy_listener_v3.Filter, len(filters))
-	copy(filtersCopy, filters)
-	filtersCopy[idx] = newHttpConMan
+	filters[idx] = newHttpConMan
 
-	return filtersCopy, nil
+	return filters, nil
 }
 
 // InsertNetworkFilter inserts the given network filter into the filter chain in the location
diff --git a/envoyextensions/extensioncommon/resources_test.go b/envoyextensions/extensioncommon/resources_test.go
index 477e66494ce5..659da8770ea6 100644
--- a/envoyextensions/extensioncommon/resources_test.go
+++ b/envoyextensions/extensioncommon/resources_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/runtime_config.go b/envoyextensions/extensioncommon/runtime_config.go
index 2a5e7d60077b..a20e4ed04e64 100644
--- a/envoyextensions/extensioncommon/runtime_config.go
+++ b/envoyextensions/extensioncommon/runtime_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/runtime_config_test.go b/envoyextensions/extensioncommon/runtime_config_test.go
index 8c4c9bed6eb6..fa2ac8df5f42 100644
--- a/envoyextensions/extensioncommon/runtime_config_test.go
+++ b/envoyextensions/extensioncommon/runtime_config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extensioncommon
 
diff --git a/envoyextensions/extensioncommon/upstream_envoy_extender.go b/envoyextensions/extensioncommon/upstream_envoy_extender.go
index 35cebe2fa530..135aca3f82e7 100644
--- a/envoyextensions/extensioncommon/upstream_envoy_extender.go
+++ b/envoyextensions/extensioncommon/upstream_envoy_extender.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package extensioncommon
 
diff --git a/envoyextensions/go.mod b/envoyextensions/go.mod
index 5d90d18653ad..ff839c348d35 100644
--- a/envoyextensions/go.mod
+++ b/envoyextensions/go.mod
@@ -2,10 +2,7 @@ module github.com/hashicorp/consul/envoyextensions
 
 go 1.20
 
-replace (
-	github.com/hashicorp/consul/api => ../api
-	github.com/hashicorp/consul/sdk => ../sdk
-)
+replace github.com/hashicorp/consul/api => ../api
 
 require (
 	github.com/envoyproxy/go-control-plane v0.11.0
diff --git a/envoyextensions/go.sum b/envoyextensions/go.sum
index 77c098c2c2bf..801e497f9c47 100644
--- a/envoyextensions/go.sum
+++ b/envoyextensions/go.sum
@@ -62,6 +62,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/hashicorp/consul/sdk v0.14.1 h1:ZiwE2bKb+zro68sWzZ1SgHF3kRMBZ94TwOCFRF4ylPs=
+github.com/hashicorp/consul/sdk v0.14.1/go.mod h1:vFt03juSzocLRFo59NkeQHHmQa6+g7oU0pfzdI1mUhg=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
diff --git a/envoyextensions/xdscommon/envoy_versioning.go b/envoyextensions/xdscommon/envoy_versioning.go
index c5f9d4798c10..393a96bf9e80 100644
--- a/envoyextensions/xdscommon/envoy_versioning.go
+++ b/envoyextensions/xdscommon/envoy_versioning.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xdscommon
 
diff --git a/envoyextensions/xdscommon/envoy_versioning_test.go b/envoyextensions/xdscommon/envoy_versioning_test.go
index bc02e9c4aadc..74d26aac1bf2 100644
--- a/envoyextensions/xdscommon/envoy_versioning_test.go
+++ b/envoyextensions/xdscommon/envoy_versioning_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xdscommon
 
@@ -151,10 +151,10 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) {
 	}
 	*/
 	for _, v := range []string{
+		"1.23.0", "1.23.1", "1.23.2", "1.23.3", "1.23.4", "1.23.5", "1.23.6", "1.23.7", "1.23.8", "1.23.9", "1.23.10", "1.23.11", "1.23.12",
 		"1.24.0", "1.24.1", "1.24.2", "1.24.3", "1.24.4", "1.24.5", "1.24.6", "1.24.7", "1.24.8", "1.24.9", "1.24.10",
 		"1.25.0", "1.25.1", "1.25.2", "1.25.3", "1.25.4", "1.25.5", "1.25.6", "1.25.7", "1.25.8", "1.25.9",
 		"1.26.0", "1.26.1", "1.26.2", "1.26.3", "1.26.4",
-		"1.27.0",
 	} {
 		cases[v] = testcase{expect: SupportedProxyFeatures{}}
 	}
diff --git a/envoyextensions/xdscommon/proxysupport.go b/envoyextensions/xdscommon/proxysupport.go
index 764d967616f6..6645405571ed 100644
--- a/envoyextensions/xdscommon/proxysupport.go
+++ b/envoyextensions/xdscommon/proxysupport.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xdscommon
 
@@ -12,10 +12,10 @@ import "strings"
 //
 // see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions
 var EnvoyVersions = []string{
-	"1.27.0",
 	"1.26.4",
 	"1.25.9",
 	"1.24.10",
+	"1.23.12",
 }
 
 // UnsupportedEnvoyVersions lists any unsupported Envoy versions (mainly minor versions) that fall
diff --git a/envoyextensions/xdscommon/proxysupport_test.go b/envoyextensions/xdscommon/proxysupport_test.go
index cc90b726c9d9..042ab5ad874e 100644
--- a/envoyextensions/xdscommon/proxysupport_test.go
+++ b/envoyextensions/xdscommon/proxysupport_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xdscommon
 
diff --git a/envoyextensions/xdscommon/xdscommon.go b/envoyextensions/xdscommon/xdscommon.go
index efc2c5a87dd5..30c82de9ae56 100644
--- a/envoyextensions/xdscommon/xdscommon.go
+++ b/envoyextensions/xdscommon/xdscommon.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package xdscommon
 
diff --git a/envoyextensions/xdscommon/xdscommon_test.go b/envoyextensions/xdscommon/xdscommon_test.go
index 2d1aec40b54f..5cca6e13a619 100644
--- a/envoyextensions/xdscommon/xdscommon_test.go
+++ b/envoyextensions/xdscommon/xdscommon_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package xdscommon
 
 import (
diff --git a/fixup_acl_move.sh b/fixup_acl_move.sh
index ac57c8c7e933..2dbc9c6aefe7 100644
--- a/fixup_acl_move.sh
+++ b/fixup_acl_move.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 GOIMPORTS=~/go/bin/goimports
diff --git a/go.mod b/go.mod
index 2747f4b91b5e..db5c7052cc8b 100644
--- a/go.mod
+++ b/go.mod
@@ -61,9 +61,8 @@ require (
 	github.com/hashicorp/go-version v1.2.1
 	github.com/hashicorp/golang-lru v0.5.4
 	github.com/hashicorp/hcl v1.0.0
-	github.com/hashicorp/hcl/v2 v2.6.0
 	github.com/hashicorp/hcp-scada-provider v0.2.3
-	github.com/hashicorp/hcp-sdk-go v0.61.0
+	github.com/hashicorp/hcp-sdk-go v0.55.0
 	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038
 	github.com/hashicorp/memberlist v0.5.0
 	github.com/hashicorp/raft v1.5.0
@@ -87,7 +86,6 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/mitchellh/pointerstructure v1.2.1
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce
 	github.com/oklog/ulid/v2 v2.1.0
 	github.com/olekukonko/tablewriter v0.0.4
 	github.com/patrickmn/go-cache v2.1.0+incompatible
@@ -97,7 +95,6 @@ require (
 	github.com/ryanuber/columnize v2.1.2+incompatible
 	github.com/shirou/gopsutil/v3 v3.22.8
 	github.com/stretchr/testify v1.8.3
-	github.com/zclconf/go-cty v1.2.0
 	go.etcd.io/bbolt v1.3.7
 	go.opentelemetry.io/otel v1.16.0
 	go.opentelemetry.io/otel/metric v1.16.0
@@ -120,7 +117,6 @@ require (
 	k8s.io/api v0.26.2
 	k8s.io/apimachinery v0.26.2
 	k8s.io/client-go v0.26.2
-	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5
 )
 
 require (
@@ -140,9 +136,6 @@ require (
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/agext/levenshtein v1.2.1 // indirect
-	github.com/apparentlymart/go-textseg v1.0.0 // indirect
-	github.com/apparentlymart/go-textseg/v12 v12.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/benbjohnson/immutable v0.4.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -212,7 +205,6 @@ require (
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
-	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
@@ -244,7 +236,6 @@ require (
 	github.com/tklauser/numcpus v0.4.0 // indirect
 	github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect
 	github.com/vmware/govmomi v0.18.0 // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	go.mongodb.org/mongo-driver v1.11.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
@@ -259,12 +250,12 @@ require (
 	google.golang.org/appengine v1.6.7 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.66.2 // indirect
-	gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect
 	gopkg.in/resty.v1 v1.12.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.90.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
+	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
diff --git a/go.sum b/go.sum
index 92213557b715..a2c02795985c 100644
--- a/go.sum
+++ b/go.sum
@@ -111,8 +111,6 @@ github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdko
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af h1:DBNMBMuMiWYu0b+8KMJuWmfCkcxl09JwdlqwDZZ6U14=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw=
-github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
-github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -120,11 +118,6 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 h1:K4N91T1+RlSlx+t2dujeDviy4ehSGVjEltluDgmeHS4=
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.156/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
-github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0=
-github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
-github.com/apparentlymart/go-textseg/v12 v12.0.0 h1:bNEQyAGak9tojivJNkoqWErVCQbjdL7GzRt3F8NvfJ0=
-github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e h1:QEF07wC0T1rKkctt1RINW/+RMTVmiwxETico2l3gxJA=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
@@ -319,7 +312,6 @@ github.com/go-ozzo/ozzo-validation v3.6.0+incompatible/go.mod h1:gsEKFIVnabGBt6m
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
-github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
 github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
@@ -375,7 +367,6 @@ github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71
 github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -561,12 +552,10 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/hcl/v2 v2.6.0 h1:3krZOfGY6SziUXa6H9PJU6TyohHn7I+ARYnhbeNBz+o=
-github.com/hashicorp/hcl/v2 v2.6.0/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY=
 github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
 github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
-github.com/hashicorp/hcp-sdk-go v0.61.0 h1:x4hJ8SlLI5WCE8Uzcu4q5jfdOEz/hFxfUkhAdoFdzSg=
-github.com/hashicorp/hcp-sdk-go v0.61.0/go.mod h1:xP7wmWAmdMxs/7+ovH3jZn+MCDhHRj50Rn+m7JIY3Ck=
+github.com/hashicorp/hcp-sdk-go v0.55.0 h1:T4sQtgQfQJOD0uucT4hS+GZI1FmoHAQMADj277W++xw=
+github.com/hashicorp/hcp-sdk-go v0.55.0/go.mod h1:hZqky4HEzsKwvLOt4QJlZUrjeQmb4UCZUhDP2HyQFfc=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
@@ -664,8 +653,6 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
-github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/linode/linodego v0.7.1/go.mod h1:ga11n3ivecUrPCHN0rANxKmfWBJVkOXfLMZinAbj2sY=
 github.com/linode/linodego v0.10.0 h1:AMdb82HVgY8o3mjBXJcUv9B+fnJjfDMn2rNRGbX+jvM=
@@ -723,8 +710,6 @@ github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-testing-interface v1.14.0 h1:/x0XQ6h+3U3nAyk1yx+bHPURrKa9sVVvYbuqZ7pIAtI=
 github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
-github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 h1:hOY53G+kBFhbYFpRVxHl5eS7laP6B1+Cq+Z9Dry1iMU=
 github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ=
@@ -754,8 +739,6 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce h1:TqjP/BTDrwN7zP9xyXVuLsMBXYMt6LLYi55PlrIcq8U=
-github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:ifHPsLndGGzvgzcaXUvzmt6LxKT4pJ+uzEhtnMt+f7A=
 github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2 h1:BQ1HW7hr4IVovMwWg0E0PYcyW8CzqDcVmaew9cujU4s=
 github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2/go.mod h1:TLb2Sg7HQcgGdloNxkrmtgDNR9uVYF3lfdFIN4Ro6Sk=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
@@ -862,7 +845,6 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUt
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM=
 github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY=
-github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/shirou/gopsutil/v3 v3.22.8 h1:a4s3hXogo5mE2PfdfJIonDbstO/P+9JszdfhAHSzD9Y=
 github.com/shirou/gopsutil/v3 v3.22.8/go.mod h1:s648gW4IywYzUfE/KjXxUsqrqx/T2xO5VqOXxONeRfI=
 github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
@@ -887,7 +869,6 @@ github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -929,7 +910,6 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK
 github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
-github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/vmware/govmomi v0.18.0 h1:f7QxSmP7meCtoAmiKZogvVbLInT+CZx6Px6K5rYsJZo=
 github.com/vmware/govmomi v0.18.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
@@ -937,8 +917,6 @@ github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+
 github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
 github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
 github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
@@ -950,8 +928,6 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
 github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-github.com/zclconf/go-cty v1.2.0 h1:sPHsy7ADcIZQP3vILvTjrh74ZA175TFP5vqiNK1UmlI=
-github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
@@ -996,7 +972,6 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
-golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -1058,7 +1033,6 @@ golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180611182652-db08ff08e862/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1161,7 +1135,6 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1485,8 +1458,6 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
 gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce h1:+JknDZhAj8YMt7GC73Ei8pv4MzjDUNPHgQWJdtMAaDU=
-gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:5AcXVHNjg+BDxry382+8OKon8SEWiKktQR07RKPsv1c=
 gopkg.in/resty.v1 v1.9.1/go.mod h1:vo52Hzryw9PnPHcJfPsBiFW62XhNx5OczbV9y+IMpgc=
 gopkg.in/resty.v1 v1.12.0 h1:CuXP0Pjfw9rOuY6EP+UvtNvt5DSqHpIxILZKT/quCZI=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
diff --git a/grafana/README.md b/grafana/README.md
index 2e8b2b588b75..b3dec68183a9 100644
--- a/grafana/README.md
+++ b/grafana/README.md
@@ -9,7 +9,3 @@ The page for publishing this dashboard is https://grafana.com/grafana/dashboards
     - Click "share" and export for external publishing
     - Login to Grafana via the team account (message a manager)
     - Publish as a new version, including change notes.
-
-### Grafana dashboard for consul-k8s (control plane)
-
-A grafana dashboard for monitoring consul-k8s (control plane) can also be found in this directory: `consul-k8s-control-plane-monitoring.json`. This dashboard has not been published to https://grafana.com.
diff --git a/grafana/consul-k8s-control-plane-monitoring.json b/grafana/consul-k8s-control-plane-monitoring.json
deleted file mode 100644
index e84fe8c6b963..000000000000
--- a/grafana/consul-k8s-control-plane-monitoring.json
+++ /dev/null
@@ -1,3467 +0,0 @@
-{
-    "annotations": {
-        "list": [
-            {
-                "builtIn": 1,
-                "datasource": {
-                    "type": "grafana",
-                    "uid": "-- Grafana --"
-                },
-                "enable": true,
-                "hide": true,
-                "iconColor": "rgba(0, 211, 255, 1)",
-                "name": "Annotations & Alerts",
-                "target": {
-                    "limit": 100,
-                    "matchAny": false,
-                    "tags": [],
-                    "type": "dashboard"
-                },
-                "type": "dashboard"
-            }
-        ]
-    },
-    "editable": true,
-    "fiscalYearStartMonth": 0,
-    "graphTooltip": 0,
-    "id": 1,
-    "links": [],
-    "liveNow": false,
-    "panels": [
-        {
-            "collapsed": false,
-            "gridPos": {
-                "h": 1,
-                "w": 24,
-                "x": 0,
-                "y": 0
-            },
-            "id": 16,
-            "panels": [],
-            "title": "Cluster Status",
-            "type": "row"
-        },
-        {
-            "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-            },
-            "fieldConfig": {
-                "defaults": {
-                    "mappings": [],
-                    "thresholds": {
-                        "mode": "absolute",
-                        "steps": [
-                            {
-                                "color": "green",
-                                "value": null
-                            },
-                            {
-                                "color": "red",
-                                "value": 80
-                            }
-                        ]
-                    },
-                    "unit": "short"
-                },
-                "overrides": []
-            },
-            "gridPos": {
-                "h": 8,
-                "w": 6,
-                "x": 0,
-                "y": 1
-            },
-            "id": 10,
-            "options": {
-                "colorMode": "value",
-                "graphMode": "none",
-                "justifyMode": "auto",
-                "orientation": "auto",
-                "reduceOptions": {
-                    "calcs": [
-                        "last"
-                    ],
-                    "fields": "",
-                    "limit": 1,
-                    "values": true
-                },
-                "textMode": "auto"
-            },
-            "pluginVersion": "9.5.5",
-            "targets": [
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "editorMode": "code",
-                    "exemplar": false,
-                    "expr": "consul_consul_server_0_members_servers{pod=\"consul-server-0\"}",
-                    "hide": false,
-                    "instant": true,
-                    "legendFormat": "__auto",
-                    "range": false,
-                    "refId": "A"
-                }
-            ],
-            "title": "Number of Consul Servers",
-            "type": "stat"
-        },
-        {
-            "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-            },
-            "description": "No data in agentless mode",
-            "fieldConfig": {
-                "defaults": {
-                    "mappings": [],
-                    "thresholds": {
-                        "mode": "absolute",
-                        "steps": [
-                            {
-                                "color": "green",
-                                "value": null
-                            },
-                            {
-                                "color": "red",
-                                "value": 80
-                            }
-                        ]
-                    },
-                    "unit": "short"
-                },
-                "overrides": []
-            },
-            "gridPos": {
-                "h": 8,
-                "w": 8,
-                "x": 6,
-                "y": 1
-            },
-            "id": 29,
-            "options": {
-                "colorMode": "value",
-                "graphMode": "none",
-                "justifyMode": "auto",
-                "orientation": "auto",
-                "reduceOptions": {
-                    "calcs": [
-                        "last"
-                    ],
-                    "fields": "",
-                    "values": false
-                },
-                "textMode": "auto"
-            },
-            "pluginVersion": "9.5.5",
-            "targets": [
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "editorMode": "code",
-                    "exemplar": false,
-                    "expr": "count(kube_pod_container_resource_limits{pod=~\"consul-client-.*\", container=\"consul\", resource=\"memory\"})",
-                    "hide": false,
-                    "instant": true,
-                    "legendFormat": "__auto",
-                    "range": false,
-                    "refId": "A"
-                }
-            ],
-            "title": "Number of Consul Clients (No data in agentless mode)",
-            "type": "stat"
-        },
-        {
-            "datasource": {
-                "type": "prometheus",
-                "uid": "PBFA97CFB590B2093"
-            },
-            "description": "Must be 1",
-            "fieldConfig": {
-                "defaults": {
-                    "color": {
-                        "mode": "palette-classic"
-                    },
-                    "custom": {
-                        "axisCenteredZero": false,
-                        "axisColorMode": "text",
-                        "axisLabel": "",
-                        "axisPlacement": "auto",
-                        "barAlignment": 0,
-                        "drawStyle": "line",
-                        "fillOpacity": 0,
-                        "gradientMode": "none",
-                        "hideFrom": {
-                            "legend": false,
-                            "tooltip": false,
-                            "viz": false
-                        },
-                        "lineInterpolation": "linear",
-                        "lineWidth": 1,
-                        "pointSize": 5,
-                        "scaleDistribution": {
-                            "type": "linear"
-                        },
-                        "showPoints": "auto",
-                        "spanNulls": false,
-                        "stacking": {
-                            "group": "A",
-                            "mode": "none"
-                        },
-                        "thresholdsStyle": {
-                            "mode": "off"
-                        }
-                    },
-                    "mappings": [],
-                    "thresholds": {
-                        "mode": "absolute",
-                        "steps": [
-                            {
-                                "color": "green",
-                                "value": null
-                            },
-                            {
-                                "color": "red",
-                                "value": 1
-                            }
-                        ]
-                    }
-                },
-                "overrides": []
-            },
-            "gridPos": {
-                "h": 8,
-                "w": 10,
-                "x": 14,
-                "y": 1
-            },
-            "id": 12,
-            "options": {
-                "legend": {
-                    "calcs": [],
-                    "displayMode": "list",
-                    "placement": "bottom",
-                    "showLegend": true
-                },
-                "tooltip": {
-                    "mode": "single",
-                    "sort": "none"
-                }
-            },
-            "targets": [
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "editorMode": "code",
-                    "exemplar": false,
-                    "expr": "sum({__name__=~\".+server_isLeader\"})",
-                    "instant": false,
-                    "legendFormat": "__auto",
-                    "range": true,
-                    "refId": "A"
-                }
-            ],
-            "title": "Number of Leader (1: Healthy)",
-            "type": "timeseries"
-        },
-        {
-            "collapsed": true,
-            "gridPos": {
-                "h": 1,
-                "w": 24,
-                "x": 0,
-                "y": 9
-            },
-            "id": 40,
-            "panels": [
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 0,
-                        "y": 10
-                    },
-                    "id": 22,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "builder",
-                            "expr": "consul_raft_leader_lastContact{quantile=\"0.5\"}",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        },
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "consul_raft_leader_lastContact{quantile=\"0.99\"}",
-                            "hide": false,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "B"
-                        }
-                    ],
-                    "title": "Raft Leader LastContact 99th and 50th (ms)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "Use consul.raft.rpc.appendEntries to understand how long it takes a follower node to process newly received Raft logs from the leader. Like consul.raft.commitTime, increases in this metric can indicate higher load on your Consul servers, and come with a risk of stale data. Since this metric is exposed within each follower, you should aggregate it as both an average (to track overall load on your Raft servers) and a percentile (to watch for outlier nodes).",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 12,
-                        "y": 10
-                    },
-                    "id": 18,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "consul_raft_rpc_appendEntries{quantile=\"0.99\"}",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        },
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "consul_raft_rpc_appendEntries{quantile=\"0.5\"}",
-                            "hide": false,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "B"
-                        }
-                    ],
-                    "title": "Follower Append Entries Latency 99th and 50th (ms)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 0,
-                        "y": 18
-                    },
-                    "id": 20,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "consul_raft_commitTime{quantile=\"0.99\"}",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        },
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "consul_raft_commitTime{quantile=\"0.5\"}",
-                            "hide": false,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "B"
-                        }
-                    ],
-                    "title": "Leader Raft Commit Latency 99th and 50th (ms)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 12,
-                        "y": 18
-                    },
-                    "id": 46,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_raft_fsm_apply_sum[5m])\n/\nrate(consul_raft_fsm_apply_count[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Average Raft FSM Apply Latency per 5 minutes (ms)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 0,
-                        "y": 26
-                    },
-                    "id": 47,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "sum(rate(consul_raft_apply[5m]))",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Raft Apply Rate per 5 minutes",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "An approximate measurement of the proportion of time the main Raft goroutine is busy and unavailable to accept new work.",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 12,
-                        "y": 26
-                    },
-                    "id": 41,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "builder",
-                            "expr": "consul_raft_thread_main_saturation{pod=~\"consul-server-.*\",quantile=\"0.9\"}",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Raft thread main saturation (percentage)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "An approximate measurement of the proportion of time the FSM Raft goroutine is busy and unavailable to accept new work.",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 0,
-                        "y": 34
-                    },
-                    "id": 42,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "builder",
-                            "expr": "consul_raft_thread_fsm_saturation{pod=~\"consul-server-.*\", quantile=\"0.9\"}",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Raft thread FSM saturation (percentage)",
-                    "type": "timeseries"
-                }
-            ],
-            "title": "Raft",
-            "type": "row"
-        },
-        {
-            "collapsed": true,
-            "gridPos": {
-                "h": 1,
-                "w": 24,
-                "x": 0,
-                "y": 10
-            },
-            "id": 43,
-            "panels": [
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "Measures the time spent updating the raft store from the serf member information.",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 0,
-                        "y": 11
-                    },
-                    "id": 44,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_leader_reconcile_sum{pod=~\"consul-server-.*\"}[5m])\n/ \nrate(consul_leader_reconcile_count{pod=~\"consul-server-.*\"}[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Average latency of leader reconcile per 5 minutes (ms)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "Increments whenever a Consul server becomes a leader.",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 12,
-                        "y": 11
-                    },
-                    "id": 45,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "sum(consul_raft_state_leader{pod=~\"consul-server-.*\"})",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Count of a new leader elected [so far] (increasing only)",
-                    "type": "timeseries"
-                }
-            ],
-            "title": "Leadership Changes",
-            "type": "row"
-        },
-        {
-            "collapsed": true,
-            "gridPos": {
-                "h": 1,
-                "w": 24,
-                "x": 0,
-                "y": 11
-            },
-            "id": 14,
-            "panels": [
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 15,
-                        "x": 0,
-                        "y": 12
-                    },
-                    "id": 6,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "builder",
-                            "expr": "rate(container_cpu_usage_seconds_total{container=\"consul\", pod=~\"consul-server-.*\"}[5m])",
-                            "hide": false,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        },
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "builder",
-                            "expr": "kube_pod_container_resource_limits{resource=\"cpu\", container=\"consul\"}",
-                            "hide": true,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "B"
-                        }
-                    ],
-                    "title": "CPU Usage in Seconds (Consul servers)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "All consul servers have the same limit",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "thresholds"
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 9,
-                        "x": 15,
-                        "y": 12
-                    },
-                    "id": 4,
-                    "options": {
-                        "orientation": "auto",
-                        "reduceOptions": {
-                            "calcs": [
-                                "lastNotNull"
-                            ],
-                            "fields": "",
-                            "values": false
-                        },
-                        "showThresholdLabels": false,
-                        "showThresholdMarkers": true
-                    },
-                    "pluginVersion": "9.5.5",
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "builder",
-                            "exemplar": false,
-                            "expr": "kube_pod_container_resource_limits{resource=\"cpu\", pod=\"consul-server-0\"}",
-                            "instant": true,
-                            "legendFormat": "__auto",
-                            "range": false,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "CPU Limit in Seconds (Consul Servers)",
-                    "type": "gauge"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            },
-                            "unit": "bytes"
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 15,
-                        "x": 0,
-                        "y": 20
-                    },
-                    "id": 2,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "builder",
-                            "expr": "container_memory_working_set_bytes{container=\"consul\", pod=~\"consul-server-.*\"}",
-                            "hide": false,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Memory Usage (Consul servers)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "All consul servers have the same limit",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "continuous-BlYlRd"
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            },
-                            "unit": "bytes"
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 9,
-                        "x": 15,
-                        "y": 20
-                    },
-                    "id": 8,
-                    "options": {
-                        "orientation": "auto",
-                        "reduceOptions": {
-                            "calcs": [
-                                "lastNotNull"
-                            ],
-                            "fields": "",
-                            "values": false
-                        },
-                        "showThresholdLabels": false,
-                        "showThresholdMarkers": true
-                    },
-                    "pluginVersion": "9.5.5",
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "exemplar": false,
-                            "expr": "kube_pod_container_resource_limits{resource=\"memory\", pod=\"consul-server-0\"}",
-                            "instant": true,
-                            "legendFormat": "__auto",
-                            "range": false,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Memory Limit (Consul Servers)",
-                    "type": "gauge"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            },
-                            "unit": "bytes"
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 15,
-                        "x": 0,
-                        "y": 28
-                    },
-                    "id": 48,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "sum(rate(container_network_receive_bytes_total{pod=~\"consul-server-.*\"}[5m])) by (pod)",
-                            "hide": false,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Received bytes total per 5 minutes (Consul servers)",
-                    "type": "timeseries"
-                }
-            ],
-            "title": "Resource Utilization (Consul Servers)",
-            "type": "row"
-        },
-        {
-            "collapsed": true,
-            "gridPos": {
-                "h": 1,
-                "w": 24,
-                "x": 0,
-                "y": 12
-            },
-            "id": 24,
-            "panels": [
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 15,
-                        "x": 0,
-                        "y": 13
-                    },
-                    "id": 26,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(container_cpu_usage_seconds_total{container=\"consul\", pod=~\"consul-client-.*\"}[5m])",
-                            "hide": false,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        },
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "builder",
-                            "expr": "kube_pod_container_resource_limits{resource=\"cpu\", container=\"consul\"}",
-                            "hide": true,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "B"
-                        }
-                    ],
-                    "title": "CPU Usage in Seconds (Consul Clients)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "All consul clients have the same limit",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "thresholds"
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 9,
-                        "x": 15,
-                        "y": 13
-                    },
-                    "id": 28,
-                    "options": {
-                        "orientation": "auto",
-                        "reduceOptions": {
-                            "calcs": [
-                                "lastNotNull"
-                            ],
-                            "fields": "",
-                            "values": false
-                        },
-                        "showThresholdLabels": false,
-                        "showThresholdMarkers": true
-                    },
-                    "pluginVersion": "9.5.5",
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "exemplar": false,
-                            "expr": "max(kube_pod_container_resource_limits{resource=\"cpu\", pod=~\"consul-client-.*\"})",
-                            "instant": true,
-                            "legendFormat": "__auto",
-                            "range": false,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "CPU Limit in Seconds (Consul Clients)",
-                    "type": "gauge"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            },
-                            "unit": "bytes"
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 15,
-                        "x": 0,
-                        "y": 21
-                    },
-                    "id": 23,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "container_memory_working_set_bytes{container=\"consul\", pod=~\"consul-client-.*\"}",
-                            "hide": false,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Memory Usage (Consul clients)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "All consul servers have the same limit",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "continuous-BlYlRd"
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            },
-                            "unit": "bytes"
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 9,
-                        "x": 15,
-                        "y": 21
-                    },
-                    "id": 25,
-                    "options": {
-                        "orientation": "auto",
-                        "reduceOptions": {
-                            "calcs": [
-                                "lastNotNull"
-                            ],
-                            "fields": "",
-                            "values": false
-                        },
-                        "showThresholdLabels": false,
-                        "showThresholdMarkers": true
-                    },
-                    "pluginVersion": "9.5.5",
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "exemplar": false,
-                            "expr": "max(kube_pod_container_resource_limits{resource=\"memory\", pod=~\"consul-client-.*\"})",
-                            "instant": true,
-                            "legendFormat": "__auto",
-                            "range": false,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Memory Limit (Consul Clients)",
-                    "type": "gauge"
-                }
-            ],
-            "title": "Resource Utilization (Consul Clients) - N/A in agentless mode",
-            "type": "row"
-        },
-        {
-            "collapsed": true,
-            "gridPos": {
-                "h": 1,
-                "w": 24,
-                "x": 0,
-                "y": 13
-            },
-            "id": 54,
-            "panels": [
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 15,
-                        "x": 0,
-                        "y": 17
-                    },
-                    "id": 55,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(container_cpu_usage_seconds_total{pod=~\".*-connect-injector-.*\",container=\"sidecar-injector\"}[5m])",
-                            "hide": false,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        },
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "builder",
-                            "expr": "kube_pod_container_resource_limits{resource=\"cpu\", container=\"consul\"}",
-                            "hide": true,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "B"
-                        }
-                    ],
-                    "title": "CPU Usage in Seconds (Connect Injector)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "All consul servers have the same limit",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "thresholds"
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 9,
-                        "x": 15,
-                        "y": 17
-                    },
-                    "id": 56,
-                    "options": {
-                        "orientation": "auto",
-                        "reduceOptions": {
-                            "calcs": [
-                                "lastNotNull"
-                            ],
-                            "fields": "",
-                            "values": false
-                        },
-                        "showThresholdLabels": false,
-                        "showThresholdMarkers": true
-                    },
-                    "pluginVersion": "9.5.5",
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "exemplar": false,
-                            "expr": "max(kube_pod_container_resource_limits{resource=\"cpu\", container=\"sidecar-injector\"})",
-                            "instant": true,
-                            "legendFormat": "__auto",
-                            "range": false,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "CPU Limit in Seconds (Connect Injector)",
-                    "type": "gauge"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            },
-                            "unit": "bytes"
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 15,
-                        "x": 0,
-                        "y": 25
-                    },
-                    "id": 59,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "container_memory_working_set_bytes{pod=~\".*-connect-injector-.*\",container=\"sidecar-injector\"}",
-                            "hide": false,
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Memory Usage (Connect Injector)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "All consul servers have the same limit",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "continuous-BlYlRd"
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            },
-                            "unit": "bytes"
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 9,
-                        "x": 15,
-                        "y": 25
-                    },
-                    "id": 58,
-                    "options": {
-                        "orientation": "auto",
-                        "reduceOptions": {
-                            "calcs": [
-                                "lastNotNull"
-                            ],
-                            "fields": "",
-                            "values": false
-                        },
-                        "showThresholdLabels": false,
-                        "showThresholdMarkers": true
-                    },
-                    "pluginVersion": "9.5.5",
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "exemplar": false,
-                            "expr": "max(kube_pod_container_resource_limits{resource=\"memory\", container=\"sidecar-injector\"})",
-                            "instant": true,
-                            "legendFormat": "__auto",
-                            "range": false,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Memory Limit (Connect Injector)",
-                    "type": "gauge"
-                }
-            ],
-            "title": "Resource Utilization (Connect Injector)",
-            "type": "row"
-        },
-        {
-            "collapsed": true,
-            "gridPos": {
-                "h": 1,
-                "w": 24,
-                "x": 0,
-                "y": 14
-            },
-            "id": 30,
-            "panels": [
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 0,
-                        "y": 15
-                    },
-                    "id": 31,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "sum(rate(consul_catalog_register_count{pod=~\"consul-server-.*\"}[5m]))",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Catalog Register Count per 5 minutes",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 12,
-                        "y": 15
-                    },
-                    "id": 34,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_catalog_register_sum{pod=~\"consul-server-.*\"}[5m])\n/\nrate(consul_catalog_register_count{pod=~\"consul-server-.*\"}[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Average latency of catalog register per 5 minutes (ms)",
-                    "type": "timeseries"
-                }
-            ],
-            "title": "Feature: Catalog",
-            "type": "row"
-        },
-        {
-            "collapsed": true,
-            "gridPos": {
-                "h": 1,
-                "w": 24,
-                "x": 0,
-                "y": 15
-            },
-            "id": 49,
-            "panels": [
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 0,
-                        "y": 16
-                    },
-                    "id": 50,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "sum(rate(consul_acl_ResolveToken_count{pod=~\"consul-server-.*\"}[5m]))",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "ACL Token Resolve Count per 5 minutes",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 12,
-                        "y": 16
-                    },
-                    "id": 51,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_acl_ResolveToken_sum{pod=~\"consul-server-.*\"}[5m])/rate(consul_acl_ResolveToken_count{pod=~\"consul-server-.*\"}[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Average latency of resolving ACL token per 5 minutes (ms)",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 0,
-                        "y": 24
-                    },
-                    "id": 52,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_acl_token_cache_hit{pod=~\"consul-server-.*\"}[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Rate of ACL token cache hit per 5 minutes",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green"
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 12,
-                        "y": 24
-                    },
-                    "id": 53,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_acl_token_cache_miss{pod=~\"consul-server-.*\"}[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Rate of ACL token cache miss per 5 minutes",
-                    "type": "timeseries"
-                }
-            ],
-            "title": "ACL",
-            "type": "row"
-        },
-        {
-            "collapsed": true,
-            "gridPos": {
-                "h": 1,
-                "w": 24,
-                "x": 0,
-                "y": 16
-            },
-            "id": 33,
-            "panels": [
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 0,
-                        "y": 14
-                    },
-                    "id": 37,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_client_rpc{namespace=\"consul\"}[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Rate of RPC requests per 5 minutes - client side ",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "Increments when a server accepts an RPC connection.",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 12,
-                        "y": 14
-                    },
-                    "id": 36,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_rpc_accept_conn{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "RPC Accept Connection Count Rate per 5 minutes - server side",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails.",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 0,
-                        "y": 22
-                    },
-                    "id": 39,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_client_rpc_failed{namespace=\"consul\"}[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Rate of Failed RPC requests per 5 minutes - client side ",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "Increments when a server receives a Consul-related RPC request.",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 12,
-                        "y": 22
-                    },
-                    "id": 32,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_rpc_request{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Rate of RPC requests per 5 minutes - server side",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's limits configuration.",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 0,
-                        "y": 30
-                    },
-                    "id": 38,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_client_rpc_exceeded{namespace=\"consul\"}[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Rate of Exceeded RPC requests per 5 minutes - client side ",
-                    "type": "timeseries"
-                },
-                {
-                    "datasource": {
-                        "type": "prometheus",
-                        "uid": "PBFA97CFB590B2093"
-                    },
-                    "description": "Increments when a server returns an error from an RPC request.",
-                    "fieldConfig": {
-                        "defaults": {
-                            "color": {
-                                "mode": "palette-classic"
-                            },
-                            "custom": {
-                                "axisCenteredZero": false,
-                                "axisColorMode": "text",
-                                "axisLabel": "",
-                                "axisPlacement": "auto",
-                                "barAlignment": 0,
-                                "drawStyle": "line",
-                                "fillOpacity": 0,
-                                "gradientMode": "none",
-                                "hideFrom": {
-                                    "legend": false,
-                                    "tooltip": false,
-                                    "viz": false
-                                },
-                                "lineInterpolation": "linear",
-                                "lineWidth": 1,
-                                "pointSize": 5,
-                                "scaleDistribution": {
-                                    "type": "linear"
-                                },
-                                "showPoints": "auto",
-                                "spanNulls": false,
-                                "stacking": {
-                                    "group": "A",
-                                    "mode": "none"
-                                },
-                                "thresholdsStyle": {
-                                    "mode": "off"
-                                }
-                            },
-                            "mappings": [],
-                            "thresholds": {
-                                "mode": "absolute",
-                                "steps": [
-                                    {
-                                        "color": "green",
-                                        "value": null
-                                    },
-                                    {
-                                        "color": "red",
-                                        "value": 80
-                                    }
-                                ]
-                            }
-                        },
-                        "overrides": []
-                    },
-                    "gridPos": {
-                        "h": 8,
-                        "w": 12,
-                        "x": 12,
-                        "y": 30
-                    },
-                    "id": 35,
-                    "options": {
-                        "legend": {
-                            "calcs": [],
-                            "displayMode": "list",
-                            "placement": "bottom",
-                            "showLegend": true
-                        },
-                        "tooltip": {
-                            "mode": "single",
-                            "sort": "none"
-                        }
-                    },
-                    "targets": [
-                        {
-                            "datasource": {
-                                "type": "prometheus",
-                                "uid": "PBFA97CFB590B2093"
-                            },
-                            "editorMode": "code",
-                            "expr": "rate(consul_rpc_request_error{namespace=\"consul\",pod=~\"consul-server-.*\"}[5m])",
-                            "legendFormat": "__auto",
-                            "range": true,
-                            "refId": "A"
-                        }
-                    ],
-                    "title": "Error rate of RPC requests per 5 minutes - server side",
-                    "type": "timeseries"
-                }
-            ],
-            "title": "RPC",
-            "type": "row"
-        }
-    ],
-    "refresh": "30s",
-    "revision": 1,
-    "schemaVersion": 38,
-    "style": "dark",
-    "tags": [],
-    "templating": {
-        "list": []
-    },
-    "time": {
-        "from": "now-30m",
-        "to": "now"
-    },
-    "timepicker": {},
-    "timezone": "",
-    "title": "Consul K8s monitoring (control plane)",
-    "version": 2,
-    "weekStart": ""
-}
\ No newline at end of file
diff --git a/internal/catalog/catalogtest/run_test.go b/internal/catalog/catalogtest/run_test.go
index 7e4d56aa90af..7c17052d8246 100644
--- a/internal/catalog/catalogtest/run_test.go
+++ b/internal/catalog/catalogtest/run_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package catalogtest
 
 import (
@@ -40,8 +37,3 @@ func TestControllers_Integration(t *testing.T) {
 	client := runInMemResourceServiceAndControllers(t, catalog.DefaultControllerDependencies())
 	RunCatalogV1Alpha1IntegrationTest(t, client)
 }
-
-func TestControllers_Lifecycle(t *testing.T) {
-	client := runInMemResourceServiceAndControllers(t, catalog.DefaultControllerDependencies())
-	RunCatalogV1Alpha1LifecycleIntegrationTest(t, client)
-}
diff --git a/internal/catalog/catalogtest/test_integration_v1alpha1.go b/internal/catalog/catalogtest/test_integration_v1alpha1.go
index e034502c4503..8a7f4cd9a248 100644
--- a/internal/catalog/catalogtest/test_integration_v1alpha1.go
+++ b/internal/catalog/catalogtest/test_integration_v1alpha1.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package catalogtest
 
 import (
@@ -701,7 +698,6 @@ func expectedGRPCApiServiceEndpoints(t *testing.T, c *rtest.Client) *pbcatalog.S
 }
 
 func verifyServiceEndpoints(t *testing.T, c *rtest.Client, id *pbresource.ID, expected *pbcatalog.ServiceEndpoints) {
-	t.Helper()
 	c.WaitForResourceState(t, id, func(t rtest.T, res *pbresource.Resource) {
 		var actual pbcatalog.ServiceEndpoints
 		err := res.Data.UnmarshalTo(&actual)
diff --git a/internal/catalog/catalogtest/test_lifecycle_v1alpha1.go b/internal/catalog/catalogtest/test_lifecycle_v1alpha1.go
deleted file mode 100644
index 55e9d2bbe28f..000000000000
--- a/internal/catalog/catalogtest/test_lifecycle_v1alpha1.go
+++ /dev/null
@@ -1,709 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package catalogtest
-
-import (
-	"testing"
-
-	"github.com/hashicorp/consul/internal/catalog"
-	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/sdk/testutil"
-)
-
-// RunCatalogV1Alpha1LifecycleIntegrationTest intends to excercise functionality of
-// managing catalog resources over their normal lifecycle where they will be modified
-// several times, change state etc.
-func RunCatalogV1Alpha1LifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) {
-	t.Helper()
-
-	testutil.RunStep(t, "node-lifecycle", func(t *testing.T) {
-		RunCatalogV1Alpha1NodeLifecycleIntegrationTest(t, client)
-	})
-
-	testutil.RunStep(t, "workload-lifecycle", func(t *testing.T) {
-		RunCatalogV1Alpha1WorkloadLifecycleIntegrationTest(t, client)
-	})
-
-	testutil.RunStep(t, "endpoints-lifecycle", func(t *testing.T) {
-		RunCatalogV1Alpha1EndpointsLifecycleIntegrationTest(t, client)
-	})
-}
-
-// RunCatalogV1Alpha1NodeLifecycleIntegrationTest verifies correct functionality of
-// the node-health controller. This test will exercise the following behaviors:
-//
-// * Creating a Node without associated HealthStatuses will mark the node as passing
-// * Associating a HealthStatus with a Node will cause recomputation of the Health
-// * Changing HealthStatus to a worse health will cause recomputation of the Health
-// * Changing HealthStatus to a better health will cause recomputation of the Health
-// * Deletion of associated HealthStatuses will recompute the Health (back to passing)
-// * Deletion of the node will cause deletion of associated health statuses
-func RunCatalogV1Alpha1NodeLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) {
-	c := rtest.NewClient(client)
-
-	nodeName := "test-lifecycle"
-	nodeHealthName := "test-lifecycle-node-status"
-
-	// initial node creation
-	node := rtest.Resource(catalog.NodeV1Alpha1Type, nodeName).
-		WithData(t, &pbcatalog.Node{
-			Addresses: []*pbcatalog.NodeAddress{
-				{Host: "172.16.2.3"},
-				{Host: "198.18.2.3", External: true},
-			},
-		}).
-		Write(t, c)
-
-	// wait for the node health controller to mark the node as healthy
-	c.WaitForStatusCondition(t, node.Id,
-		catalog.NodeHealthStatusKey,
-		catalog.NodeHealthConditions[pbcatalog.Health_HEALTH_PASSING])
-
-	// Its easy enough to simply repeatedly set the health status and it proves
-	// that going both from better to worse health and worse to better all
-	// happen as expected. We leave the health in a warning state to allow for
-	// the subsequent health status deletion to cause the health to go back
-	// to passing.
-	healthChanges := []pbcatalog.Health{
-		pbcatalog.Health_HEALTH_PASSING,
-		pbcatalog.Health_HEALTH_WARNING,
-		pbcatalog.Health_HEALTH_CRITICAL,
-		pbcatalog.Health_HEALTH_MAINTENANCE,
-		pbcatalog.Health_HEALTH_CRITICAL,
-		pbcatalog.Health_HEALTH_WARNING,
-		pbcatalog.Health_HEALTH_PASSING,
-		pbcatalog.Health_HEALTH_WARNING,
-	}
-
-	// This will be set within the loop and used afterwards to delete the health status
-	var nodeHealth *pbresource.Resource
-
-	// Iterate through the various desired health statuses, updating
-	// a HealthStatus resource owned by the node and waiting for
-	// reconciliation at each point
-	for _, health := range healthChanges {
-		// update the health check
-		nodeHealth = setHealthStatus(t, c, node.Id, nodeHealthName, health)
-
-		// wait for reconciliation to kick in and put the node into the right
-		// health status.
-		c.WaitForStatusCondition(t, node.Id,
-			catalog.NodeHealthStatusKey,
-			catalog.NodeHealthConditions[health])
-	}
-
-	// now delete the health status and ensure things go back to passing
-	c.MustDelete(t, nodeHealth.Id)
-
-	// wait for the node health controller to mark the node as healthy
-	c.WaitForStatusCondition(t, node.Id,
-		catalog.NodeHealthStatusKey,
-		catalog.NodeHealthConditions[pbcatalog.Health_HEALTH_PASSING])
-
-	// Add the health status back once more, the actual status doesn't matter.
-	// It just must be owned by the node so that we can show cascading
-	// deletions of owned health statuses working.
-	healthStatus := setHealthStatus(t, c, node.Id, nodeHealthName, pbcatalog.Health_HEALTH_CRITICAL)
-
-	// Delete the node and wait for the health status to be deleted.
-	c.MustDelete(t, node.Id)
-	c.WaitForDeletion(t, healthStatus.Id)
-}
-
-// RunCatalogV1Alpha1WorkloadLifecycleIntegrationTest verifies correct functionality of
-// the workload-health controller. This test will exercise the following behaviors:
-//
-//   - Associating a workload with a node causes recomputation of the health and takes
-//     into account the nodes health
-//   - Modifying the workloads associated node causes health recomputation and takes into
-//     account the new nodes health
-//   - Removal of the node association causes recomputation of health and for no node health
-//     to be taken into account.
-//   - Creating a workload without associated health statuses or node association will
-//     be marked passing
-//   - Creating a workload without associated health statuses but with a node will
-//     inherit its health from the node.
-//   - Changing HealthStatus to a worse health will cause recompuation of the Health
-//   - Changing HealthStatus to a better health will cause recompuation of the Health
-//   - Overall health is computed as the worst health amongst the nodes health and all
-//     of the workloads associated HealthStatuses
-//   - Deletion of the workload will cause deletion of all associated health statuses.
-func RunCatalogV1Alpha1WorkloadLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) {
-	c := rtest.NewClient(client)
-	testutil.RunStep(t, "nodeless-workload", func(t *testing.T) {
-		runV1Alpha1NodelessWorkloadLifecycleIntegrationTest(t, c)
-	})
-
-	testutil.RunStep(t, "node-associated-workload", func(t *testing.T) {
-		runV1Alpha1NodeAssociatedWorkloadLifecycleIntegrationTest(t, c)
-	})
-}
-
-// runV1Alpha1NodelessWorkloadLifecycleIntegrationTest verifies correct functionality of
-// the workload-health controller for workloads without node associations. In particular
-// the following behaviors are being tested
-//
-//   - Creating a workload without associated health statuses or node association will
-//     be marked passing
-//   - Changing HealthStatus to a worse health will cause recompuation of the Health
-//   - Changing HealthStatus to a better health will cause recompuation of the Health
-//   - Deletion of associated HealthStatus for a nodeless workload will be set back to passing
-//   - Deletion of the workload will cause deletion of all associated health statuses.
-func runV1Alpha1NodelessWorkloadLifecycleIntegrationTest(t *testing.T, c *rtest.Client) {
-	workloadName := "test-lifecycle-workload"
-	workloadHealthName := "test-lifecycle-workload-status"
-
-	// create a workload without a node association or health statuses yet
-	workload := rtest.Resource(catalog.WorkloadV1Alpha1Type, workloadName).
-		WithData(t, &pbcatalog.Workload{
-			Addresses: []*pbcatalog.WorkloadAddress{
-				{Host: "198.18.9.8"},
-			},
-			Ports: map[string]*pbcatalog.WorkloadPort{
-				"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
-			},
-			Identity: "test-lifecycle",
-		}).
-		Write(t, c)
-
-	// wait for the workload health controller to mark the workload as healthy
-	c.WaitForStatusCondition(t, workload.Id,
-		catalog.WorkloadHealthStatusKey,
-		catalog.WorkloadHealthConditions[pbcatalog.Health_HEALTH_PASSING])
-
-	// We may not need to iterate through all of these states but its easy
-	// enough and quick enough to do so. The general rationale is that we
-	// should move through changing the workloads associated health status
-	// in this progression. We can prove that moving from better to worse
-	// health or worse to better both function correctly.
-	healthChanges := []pbcatalog.Health{
-		pbcatalog.Health_HEALTH_PASSING,
-		pbcatalog.Health_HEALTH_WARNING,
-		pbcatalog.Health_HEALTH_CRITICAL,
-		pbcatalog.Health_HEALTH_MAINTENANCE,
-		pbcatalog.Health_HEALTH_CRITICAL,
-		pbcatalog.Health_HEALTH_WARNING,
-		pbcatalog.Health_HEALTH_PASSING,
-		pbcatalog.Health_HEALTH_WARNING,
-	}
-
-	var workloadHealth *pbresource.Resource
-	// Iterate through the various desired health statuses, updating
-	// a HealthStatus resource owned by the workload and waiting for
-	// reconciliation at each point
-	for _, health := range healthChanges {
-		// update the health status
-		workloadHealth = setHealthStatus(t, c, workload.Id, workloadHealthName, health)
-
-		// wait for reconciliation to kick in and put the workload into
-		// the right health status.
-		c.WaitForStatusCondition(t, workload.Id,
-			catalog.WorkloadHealthStatusKey,
-			catalog.WorkloadHealthConditions[health])
-	}
-
-	// Now delete the health status, things should go back to passing status
-	c.MustDelete(t, workloadHealth.Id)
-
-	// ensure the workloads health went back to passing
-	c.WaitForStatusCondition(t, workload.Id,
-		catalog.WorkloadHealthStatusKey,
-		catalog.WorkloadHealthConditions[pbcatalog.Health_HEALTH_PASSING])
-
-	// Reset the workload health. The actual health is irrelevant, we just want it
-	// to exist to provde that Health Statuses get deleted along with the workload
-	// when its deleted.
-	workloadHealth = setHealthStatus(t, c, workload.Id, workloadHealthName, pbcatalog.Health_HEALTH_WARNING)
-
-	// Delete the workload and wait for the HealthStatus to also be deleted
-	c.MustDelete(t, workload.Id)
-	c.WaitForDeletion(t, workloadHealth.Id)
-}
-
-// runV1Alpha1NodeAssociatedWorkloadLifecycleIntegrationTest verifies correct functionality of
-// the workload-health controller. This test will exercise the following behaviors:
-//
-//   - Associating a workload with a node causes recomputation of the health and takes
-//     into account the nodes health
-//   - Modifying the workloads associated node causes health recomputation and takes into
-//     account the new nodes health
-//   - Removal of the node association causes recomputation of health and for no node health
-//     to be taken into account.
-//   - Creating a workload without associated health statuses but with a node will
-//     inherit its health from the node.
-//   - Overall health is computed as the worst health amongst the nodes health and all
-//     of the workloads associated HealthStatuses
-func runV1Alpha1NodeAssociatedWorkloadLifecycleIntegrationTest(t *testing.T, c *rtest.Client) {
-	workloadName := "test-lifecycle"
-	workloadHealthName := "test-lifecycle"
-	nodeName1 := "test-lifecycle-1"
-	nodeName2 := "test-lifecycle-2"
-	nodeHealthName1 := "test-lifecycle-node-1"
-	nodeHealthName2 := "test-lifecycle-node-2"
-
-	// Insert a some nodes to link the workloads to at various points throughout the test
-	node1 := rtest.Resource(catalog.NodeV1Alpha1Type, nodeName1).
-		WithData(t, &pbcatalog.Node{
-			Addresses: []*pbcatalog.NodeAddress{{Host: "172.17.9.10"}},
-		}).
-		Write(t, c)
-	node2 := rtest.Resource(catalog.NodeV1Alpha1Type, nodeName2).
-		WithData(t, &pbcatalog.Node{
-			Addresses: []*pbcatalog.NodeAddress{{Host: "172.17.9.11"}},
-		}).
-		Write(t, c)
-
-	// Set some non-passing health statuses for those nodes. Using non-passing will make
-	// it easy to see that changing a passing workloads node association appropriately
-	// impacts the overall workload health.
-	setHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_CRITICAL)
-	setHealthStatus(t, c, node2.Id, nodeHealthName2, pbcatalog.Health_HEALTH_WARNING)
-
-	// Add the workload but don't immediately associate with any node.
-	workload := rtest.Resource(catalog.WorkloadV1Alpha1Type, workloadName).
-		WithData(t, &pbcatalog.Workload{
-			Addresses: []*pbcatalog.WorkloadAddress{
-				{Host: "198.18.9.8"},
-			},
-			Ports: map[string]*pbcatalog.WorkloadPort{
-				"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
-			},
-			Identity: "test-lifecycle",
-		}).
-		Write(t, c)
-
-	// wait for the workload health controller to mark the workload as healthy
-	c.WaitForStatusCondition(t, workload.Id,
-		catalog.WorkloadHealthStatusKey,
-		catalog.WorkloadHealthConditions[pbcatalog.Health_HEALTH_PASSING])
-
-	// now modify the workload to associate it with node 1 (currently with CRITICAL health)
-	workload = rtest.ResourceID(workload.Id).
-		WithData(t, &pbcatalog.Workload{
-			Addresses: []*pbcatalog.WorkloadAddress{{Host: "198.18.9.8"}},
-			Ports:     map[string]*pbcatalog.WorkloadPort{"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
-			Identity:  "test-lifecycle",
-			// this is the only difference from the previous write
-			NodeName: node1.Id.Name,
-		}).
-		Write(t, c)
-
-	// wait for the workload health controller to mark the workload as critical (due to node 1 having critical health)
-	c.WaitForStatusCondition(t, workload.Id,
-		catalog.WorkloadHealthStatusKey,
-		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_PASSING][pbcatalog.Health_HEALTH_CRITICAL])
-
-	// Now reassociate the workload with node 2. This should cause recalculation of its health into the warning state
-	workload = rtest.ResourceID(workload.Id).
-		WithData(t, &pbcatalog.Workload{
-			Addresses: []*pbcatalog.WorkloadAddress{{Host: "198.18.9.8"}},
-			Ports:     map[string]*pbcatalog.WorkloadPort{"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
-			Identity:  "test-lifecycle",
-			// this is the only difference from the previous write
-			NodeName: node2.Id.Name,
-		}).
-		Write(t, c)
-
-	// Wait for the workload health controller to mark the workload as warning (due to node 2 having warning health)
-	c.WaitForStatusCondition(t, workload.Id,
-		catalog.WorkloadHealthStatusKey,
-		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_PASSING][pbcatalog.Health_HEALTH_WARNING])
-
-	// Delete the node, this should cause the health to be recalculated as critical because the node association
-	// is broken.
-	c.MustDelete(t, node2.Id)
-
-	// Wait for the workload health controller to mark the workload as critical due to the missing node
-	c.WaitForStatusCondition(t, workload.Id,
-		catalog.WorkloadHealthStatusKey,
-		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_PASSING][pbcatalog.Health_HEALTH_CRITICAL])
-
-	// Now fixup the node association to point at node 1
-	workload = rtest.ResourceID(workload.Id).
-		WithData(t, &pbcatalog.Workload{
-			Addresses: []*pbcatalog.WorkloadAddress{{Host: "198.18.9.8"}},
-			Ports:     map[string]*pbcatalog.WorkloadPort{"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
-			Identity:  "test-lifecycle",
-			// this is the only difference from the previous write
-			NodeName: node1.Id.Name,
-		}).
-		Write(t, c)
-
-	// Also set node 1 health down to WARNING
-	setHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_WARNING)
-
-	// Wait for the workload health controller to mark the workload as warning (due to node 1 having warning health now)
-	c.WaitForStatusCondition(t, workload.Id,
-		catalog.WorkloadHealthStatusKey,
-		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_PASSING][pbcatalog.Health_HEALTH_WARNING])
-
-	// Now add a critical workload health check to ensure that both node and workload health are accounted for.
-	setHealthStatus(t, c, workload.Id, workloadHealthName, pbcatalog.Health_HEALTH_CRITICAL)
-
-	// Wait for the workload health to be recomputed and put into the critical status.
-	c.WaitForStatusCondition(t, workload.Id,
-		catalog.WorkloadHealthStatusKey,
-		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_CRITICAL][pbcatalog.Health_HEALTH_WARNING])
-
-	// Reset the workloads health to passing. We expect the overall health to go back to warning
-	setHealthStatus(t, c, workload.Id, workloadHealthName, pbcatalog.Health_HEALTH_PASSING)
-	c.WaitForStatusCondition(t, workload.Id,
-		catalog.WorkloadHealthStatusKey,
-		catalog.WorkloadAndNodeHealthConditions[pbcatalog.Health_HEALTH_PASSING][pbcatalog.Health_HEALTH_WARNING])
-
-	// Remove the node association and wait for the health to go back to passing
-	workload = rtest.ResourceID(workload.Id).
-		WithData(t, &pbcatalog.Workload{
-			Addresses: []*pbcatalog.WorkloadAddress{{Host: "198.18.9.8"}},
-			Ports:     map[string]*pbcatalog.WorkloadPort{"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
-			Identity:  "test-lifecycle",
-		}).
-		Write(t, c)
-	c.WaitForStatusCondition(t, workload.Id,
-		catalog.WorkloadHealthStatusKey,
-		catalog.WorkloadHealthConditions[pbcatalog.Health_HEALTH_PASSING])
-}
-
-// RunCatalogV1Alpha1EndpointsLifecycleIntegrationTest verifies the correct functionality of
-// the endpoints controller. This test will exercise the following behaviors:
-//
-// * Services without a selector get marked with status indicating their endpoints are unmanaged
-// * Services with a selector get marked with status indicating their endpoints are managed
-// * Deleting a service will delete the associated endpoints (regardless of them being managed or not)
-// * Moving from managed to unmanaged endpoints will delete the managed endpoints
-// * Moving from unmanaged to managed endpoints will overwrite any previous endpoints.
-// * A service with a selector that matches no workloads will still have the endpoints object written.
-// * Adding ports to a service will recalculate the endpoints
-// * Removing ports from a service will recalculate the endpoints
-// * Changing the workload will recalculate the endpoints (ports, addresses, or health)
-func RunCatalogV1Alpha1EndpointsLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) {
-	c := rtest.NewClient(client)
-	serviceName := "test-lifecycle"
-
-	// Create the service without a selector. We should not see endpoints generated but we should see the
-	// status updated to note endpoints are not being managed.
-	service := rtest.Resource(catalog.ServiceV1Alpha1Type, serviceName).
-		WithData(t, &pbcatalog.Service{
-			Ports: []*pbcatalog.ServicePort{{TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
-		}).
-		Write(t, c)
-
-	// Wait to ensure the status is updated accordingly
-	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionUnmanaged)
-
-	// Verify that no endpoints were created.
-	endpointsID := rtest.Resource(catalog.ServiceEndpointsV1Alpha1Type, serviceName).ID()
-	c.RequireResourceNotFound(t, endpointsID)
-
-	// Add some empty endpoints (type validations enforce that they are owned by the service)
-	rtest.ResourceID(endpointsID).
-		WithData(t, &pbcatalog.ServiceEndpoints{}).
-		WithOwner(service.Id).
-		Write(t, c)
-
-	// Now delete the service and ensure that they are cleaned up.
-	c.MustDelete(t, service.Id)
-	c.WaitForDeletion(t, endpointsID)
-
-	// Add some workloads to eventually select by the service
-
-	// api-1 has all ports (http, grpc and mesh). It also has a mixture of Addresses
-	// that select individual ports and one that selects all ports implicitly
-	api1 := rtest.Resource(catalog.WorkloadV1Alpha1Type, "api-1").
-		WithData(t, &pbcatalog.Workload{
-			Addresses: []*pbcatalog.WorkloadAddress{
-				{Host: "127.0.0.1"},
-				{Host: "::1", Ports: []string{"grpc"}},
-				{Host: "127.0.0.2", Ports: []string{"http"}},
-				{Host: "172.17.1.1", Ports: []string{"mesh"}},
-			},
-			Ports: map[string]*pbcatalog.WorkloadPort{
-				"mesh": {Port: 10000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH},
-				"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
-				"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
-			},
-			Identity: "api",
-		}).
-		Write(t, c)
-
-	// api-2 has only grpc and mesh ports. It also has a mixture of Addresses that
-	// select individual ports and one that selects all ports implicitly
-	api2 := rtest.Resource(catalog.WorkloadV1Alpha1Type, "api-2").
-		WithData(t, &pbcatalog.Workload{
-			Addresses: []*pbcatalog.WorkloadAddress{
-				{Host: "127.0.0.1"},
-				{Host: "::1", Ports: []string{"grpc"}},
-				{Host: "172.17.1.2", Ports: []string{"mesh"}},
-			},
-			Ports: map[string]*pbcatalog.WorkloadPort{
-				"mesh": {Port: 10000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH},
-				"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
-			},
-			Identity: "api",
-		}).
-		Write(t, c)
-
-	// api-3 has the mesh and HTTP ports. It also has a mixture of Addresses that
-	// select individual ports and one that selects all ports.
-	api3 := rtest.Resource(catalog.WorkloadV1Alpha1Type, "api-3").
-		WithData(t, &pbcatalog.Workload{
-			Addresses: []*pbcatalog.WorkloadAddress{
-				{Host: "127.0.0.1"},
-				{Host: "172.17.1.3", Ports: []string{"mesh"}},
-			},
-			Ports: map[string]*pbcatalog.WorkloadPort{
-				"mesh": {Port: 10000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH},
-				"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
-			},
-			Identity: "api",
-		}).
-		Write(t, c)
-
-	// Now create a service with unmanaged endpoints again
-	service = rtest.Resource(catalog.ServiceV1Alpha1Type, serviceName).
-		WithData(t, &pbcatalog.Service{
-			Ports: []*pbcatalog.ServicePort{{TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
-		}).
-		Write(t, c)
-
-	// Inject the endpoints resource. We want to prove that transition from unmanaged to
-	// managed endpoints results in overwriting of the old endpoints
-	rtest.ResourceID(endpointsID).
-		WithData(t, &pbcatalog.ServiceEndpoints{
-			Endpoints: []*pbcatalog.Endpoint{
-				{
-					Addresses: []*pbcatalog.WorkloadAddress{
-						{Host: "198.18.1.1", External: true},
-					},
-					Ports: map[string]*pbcatalog.WorkloadPort{
-						"http": {Port: 443, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
-					},
-					HealthStatus: pbcatalog.Health_HEALTH_PASSING,
-				},
-			},
-		}).
-		WithOwner(service.Id).
-		Write(t, c)
-
-	// Wait to ensure the status is updated accordingly
-	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionUnmanaged)
-
-	// Now move the service to having managed endpoints
-	service = rtest.ResourceID(service.Id).
-		WithData(t, &pbcatalog.Service{
-			Workloads: &pbcatalog.WorkloadSelector{Names: []string{"bar"}},
-			Ports:     []*pbcatalog.ServicePort{{TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
-		}).
-		Write(t, c)
-
-	// Verify that this status is updated to show this service as having managed endpoints
-	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionManaged)
-
-	// Verify that the service endpoints are created. In this case they will be empty
-	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{})
-
-	// Rewrite the service to select the API workloads - just select the singular port for now
-	service = rtest.ResourceID(service.Id).
-		WithData(t, &pbcatalog.Service{
-			Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
-			Ports:     []*pbcatalog.ServicePort{{TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}},
-		}).
-		Write(t, c)
-
-	// Wait for the status to be updated. The condition itself will remain unchanged but we are waiting for
-	// the generations to match to know that the endpoints would have been regenerated
-	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionManaged)
-
-	// ensure that api-1 and api-3 are selected but api-2 is excluded due to not having the desired port
-	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{
-		Endpoints: []*pbcatalog.Endpoint{
-			{
-				TargetRef: api1.Id,
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{Host: "127.0.0.1", Ports: []string{"http"}},
-					{Host: "127.0.0.2", Ports: []string{"http"}},
-				},
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
-				},
-				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
-			},
-			{
-				TargetRef: api3.Id,
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{Host: "127.0.0.1", Ports: []string{"http"}},
-				},
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
-				},
-				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
-			},
-		},
-	})
-
-	// Rewrite the service to select the API workloads - changing from selecting the HTTP port to the gRPC port
-	service = rtest.ResourceID(service.Id).
-		WithData(t, &pbcatalog.Service{
-			Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
-			Ports:     []*pbcatalog.ServicePort{{TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}},
-		}).
-		Write(t, c)
-
-	// Wait for the status to be updated. The condition itself will remain unchanged but we are waiting for
-	// the generations to match to know that the endpoints would have been regenerated
-	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionManaged)
-
-	// Check that the endpoints were generated as expected
-	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{
-		Endpoints: []*pbcatalog.Endpoint{
-			{
-				TargetRef: api1.Id,
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{Host: "127.0.0.1", Ports: []string{"grpc"}},
-					{Host: "::1", Ports: []string{"grpc"}},
-				},
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
-				},
-				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
-			},
-			{
-				TargetRef: api2.Id,
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{Host: "127.0.0.1", Ports: []string{"grpc"}},
-					{Host: "::1", Ports: []string{"grpc"}},
-				},
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
-				},
-				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
-			},
-		},
-	})
-
-	// Update the service to change the ports used. This should result in the workload being removed
-	// from the endpoints
-	rtest.ResourceID(api2.Id).
-		WithData(t, &pbcatalog.Workload{
-			Addresses: []*pbcatalog.WorkloadAddress{
-				{Host: "127.0.0.1"},
-				{Host: "::1", Ports: []string{"http"}},
-				{Host: "172.17.1.2", Ports: []string{"mesh"}},
-			},
-			Ports: map[string]*pbcatalog.WorkloadPort{
-				"mesh": {Port: 10000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH},
-				"http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP},
-			},
-			Identity: "api",
-		}).
-		Write(t, c)
-
-	// Verify that api-2 was removed from the service endpoints as it no longer has a grpc port
-	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{
-		Endpoints: []*pbcatalog.Endpoint{
-			{
-				TargetRef: api1.Id,
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{Host: "127.0.0.1", Ports: []string{"grpc"}},
-					{Host: "::1", Ports: []string{"grpc"}},
-				},
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
-				},
-				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
-			},
-		},
-	})
-
-	// Remove the ::1 address from workload api1 which should result in recomputing endpoints
-	rtest.ResourceID(api1.Id).
-		WithData(t, &pbcatalog.Workload{
-			Addresses: []*pbcatalog.WorkloadAddress{
-				{Host: "127.0.0.1"},
-				{Host: "172.17.1.1", Ports: []string{"mesh"}},
-			},
-			Ports: map[string]*pbcatalog.WorkloadPort{
-				"mesh": {Port: 10000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH},
-				"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
-			},
-			Identity: "api",
-		}).
-		Write(t, c)
-
-	// Verify that api-1 had its addresses modified appropriately
-	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{
-		Endpoints: []*pbcatalog.Endpoint{
-			{
-				TargetRef: api1.Id,
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{Host: "127.0.0.1", Ports: []string{"grpc"}},
-				},
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
-				},
-				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
-			},
-		},
-	})
-
-	// Add a failing health status to the api1 workload to force recomputation of endpoints
-	setHealthStatus(t, c, api1.Id, "api-failed", pbcatalog.Health_HEALTH_CRITICAL)
-
-	// Verify that api-1 within the endpoints has the expected health
-	verifyServiceEndpoints(t, c, endpointsID, &pbcatalog.ServiceEndpoints{
-		Endpoints: []*pbcatalog.Endpoint{
-			{
-				TargetRef: api1.Id,
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{Host: "127.0.0.1", Ports: []string{"grpc"}},
-				},
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"grpc": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC},
-				},
-				HealthStatus: pbcatalog.Health_HEALTH_CRITICAL,
-			},
-		},
-	})
-
-	// Move the service to being unmanaged. We should see the ServiceEndpoints being removed.
-	service = rtest.ResourceID(service.Id).
-		WithData(t, &pbcatalog.Service{
-			Ports: []*pbcatalog.ServicePort{{TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}},
-		}).
-		Write(t, c)
-
-	// Wait for the endpoints controller to inform us that the endpoints are not being managed
-	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionUnmanaged)
-	// Ensure that the managed endpoints were deleted
-	c.WaitForDeletion(t, endpointsID)
-
-	// Put the service back into managed mode.
-	service = rtest.ResourceID(service.Id).
-		WithData(t, &pbcatalog.Service{
-			Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
-			Ports:     []*pbcatalog.ServicePort{{TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}},
-		}).
-		Write(t, c)
-
-	// Wait for the service endpoints to be regenerated
-	c.WaitForStatusCondition(t, service.Id, catalog.EndpointsStatusKey, catalog.EndpointsStatusConditionManaged)
-	c.RequireResourceExists(t, endpointsID)
-
-	// Now delete the service and ensure that the endpoints eventually are deleted as well
-	c.MustDelete(t, service.Id)
-	c.WaitForDeletion(t, endpointsID)
-
-}
-
-func setHealthStatus(t *testing.T, client *rtest.Client, owner *pbresource.ID, name string, health pbcatalog.Health) *pbresource.Resource {
-	return rtest.Resource(catalog.HealthStatusV1Alpha1Type, name).
-		WithData(t, &pbcatalog.HealthStatus{
-			Type:   "synthetic",
-			Status: health,
-		}).
-		WithOwner(owner).
-		Write(t, client)
-}
diff --git a/internal/catalog/exports.go b/internal/catalog/exports.go
index 566c2e2b6edf..61247091be1c 100644
--- a/internal/catalog/exports.go
+++ b/internal/catalog/exports.go
@@ -1,22 +1,15 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package catalog
 
 import (
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers"
-	"github.com/hashicorp/consul/internal/catalog/internal/controllers/endpoints"
-	"github.com/hashicorp/consul/internal/catalog/internal/controllers/failover"
-	"github.com/hashicorp/consul/internal/catalog/internal/controllers/nodehealth"
-	"github.com/hashicorp/consul/internal/catalog/internal/controllers/workloadhealth"
-	"github.com/hashicorp/consul/internal/catalog/internal/mappers/failovermapper"
 	"github.com/hashicorp/consul/internal/catalog/internal/mappers/nodemapper"
 	"github.com/hashicorp/consul/internal/catalog/internal/mappers/selectiontracker"
 	"github.com/hashicorp/consul/internal/catalog/internal/types"
 	"github.com/hashicorp/consul/internal/controller"
 	"github.com/hashicorp/consul/internal/resource"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 var (
@@ -36,7 +29,6 @@ var (
 	HealthStatusKind     = types.HealthStatusKind
 	HealthChecksKind     = types.HealthChecksKind
 	DNSPolicyKind        = types.DNSPolicyKind
-	FailoverPolicyKind   = types.FailoverPolicyKind
 
 	// Resource Types for the v1alpha1 version.
 
@@ -48,43 +40,6 @@ var (
 	HealthStatusV1Alpha1Type     = types.HealthStatusV1Alpha1Type
 	HealthChecksV1Alpha1Type     = types.HealthChecksV1Alpha1Type
 	DNSPolicyV1Alpha1Type        = types.DNSPolicyV1Alpha1Type
-	FailoverPolicyV1Alpha1Type   = types.FailoverPolicyV1Alpha1Type
-
-	// Resource Types for the latest version.
-
-	WorkloadType         = types.WorkloadType
-	ServiceType          = types.ServiceType
-	ServiceEndpointsType = types.ServiceEndpointsType
-	VirtualIPsType       = types.VirtualIPsType
-	NodeType             = types.NodeType
-	HealthStatusType     = types.HealthStatusType
-	HealthChecksType     = types.HealthChecksType
-	DNSPolicyType        = types.DNSPolicyType
-	FailoverPolicyType   = types.FailoverPolicyType
-
-	// Controller Statuses
-	NodeHealthStatusKey              = nodehealth.StatusKey
-	NodeHealthStatusConditionHealthy = nodehealth.StatusConditionHealthy
-	NodeHealthConditions             = nodehealth.Conditions
-
-	WorkloadHealthStatusKey              = workloadhealth.StatusKey
-	WorkloadHealthStatusConditionHealthy = workloadhealth.StatusConditionHealthy
-	WorkloadHealthConditions             = workloadhealth.WorkloadConditions
-	WorkloadAndNodeHealthConditions      = workloadhealth.NodeAndWorkloadConditions
-
-	EndpointsStatusKey                       = endpoints.StatusKey
-	EndpointsStatusConditionEndpointsManaged = endpoints.StatusConditionEndpointsManaged
-	EndpointsStatusConditionManaged          = endpoints.ConditionManaged
-	EndpointsStatusConditionUnmanaged        = endpoints.ConditionUnmanaged
-
-	FailoverStatusKey                                              = failover.StatusKey
-	FailoverStatusConditionAccepted                                = failover.StatusConditionAccepted
-	FailoverStatusConditionAcceptedOKReason                        = failover.OKReason
-	FailoverStatusConditionAcceptedMissingServiceReason            = failover.MissingServiceReason
-	FailoverStatusConditionAcceptedUnknownPortReason               = failover.UnknownPortReason
-	FailoverStatusConditionAcceptedMissingDestinationServiceReason = failover.MissingDestinationServiceReason
-	FailoverStatusConditionAcceptedUnknownDestinationPortReason    = failover.UnknownDestinationPortReason
-	FailoverStatusConditionAcceptedUsingMeshDestinationPortReason  = failover.UsingMeshDestinationPortReason
 )
 
 // RegisterTypes adds all resource types within the "catalog" API group
@@ -99,7 +54,6 @@ func DefaultControllerDependencies() ControllerDependencies {
 	return ControllerDependencies{
 		WorkloadHealthNodeMapper: nodemapper.New(),
 		EndpointsWorkloadMapper:  selectiontracker.New(),
-		FailoverMapper:           failovermapper.New(),
 	}
 }
 
@@ -108,21 +62,3 @@ func DefaultControllerDependencies() ControllerDependencies {
 func RegisterControllers(mgr *controller.Manager, deps ControllerDependencies) {
 	controllers.Register(mgr, deps)
 }
-
-// SimplifyFailoverPolicy fully populates the PortConfigs map and clears the
-// Configs map using the provided Service.
-func SimplifyFailoverPolicy(svc *pbcatalog.Service, failover *pbcatalog.FailoverPolicy) *pbcatalog.FailoverPolicy {
-	return types.SimplifyFailoverPolicy(svc, failover)
-}
-
-// FailoverPolicyMapper maintains the bidirectional tracking relationship of a
-// FailoverPolicy to the Services related to it.
-type FailoverPolicyMapper interface {
-	TrackFailover(failover *resource.DecodedResource[*pbcatalog.FailoverPolicy])
-	UntrackFailover(failoverID *pbresource.ID)
-	FailoverIDsByService(svcID *pbresource.ID) []*pbresource.ID
-}
-
-func NewFailoverPolicyMapper() FailoverPolicyMapper {
-	return failovermapper.New()
-}
diff --git a/internal/catalog/internal/controllers/endpoints/controller.go b/internal/catalog/internal/controllers/endpoints/controller.go
index af10d40d3baa..1be2a3fd2fad 100644
--- a/internal/catalog/internal/controllers/endpoints/controller.go
+++ b/internal/catalog/internal/controllers/endpoints/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package endpoints
 
diff --git a/internal/catalog/internal/controllers/endpoints/controller_test.go b/internal/catalog/internal/controllers/endpoints/controller_test.go
index 646bb288d353..ff53509057a2 100644
--- a/internal/catalog/internal/controllers/endpoints/controller_test.go
+++ b/internal/catalog/internal/controllers/endpoints/controller_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package endpoints
 
 import (
diff --git a/internal/catalog/internal/controllers/endpoints/reconciliation_data.go b/internal/catalog/internal/controllers/endpoints/reconciliation_data.go
index 0194d471b0c2..f00ac1595a21 100644
--- a/internal/catalog/internal/controllers/endpoints/reconciliation_data.go
+++ b/internal/catalog/internal/controllers/endpoints/reconciliation_data.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package endpoints
 
 import (
diff --git a/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go b/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go
index b16223827069..c0c83deda98d 100644
--- a/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go
+++ b/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package endpoints
 
 import (
diff --git a/internal/catalog/internal/controllers/endpoints/status.go b/internal/catalog/internal/controllers/endpoints/status.go
index 75066978361c..5388a0fda912 100644
--- a/internal/catalog/internal/controllers/endpoints/status.go
+++ b/internal/catalog/internal/controllers/endpoints/status.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package endpoints
 
diff --git a/internal/catalog/internal/controllers/failover/controller.go b/internal/catalog/internal/controllers/failover/controller.go
deleted file mode 100644
index 9accb62aa447..000000000000
--- a/internal/catalog/internal/controllers/failover/controller.go
+++ /dev/null
@@ -1,276 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package failover
-
-import (
-	"context"
-
-	"github.com/hashicorp/consul/internal/catalog/internal/types"
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/resource"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-// FailoverMapper tracks the relationship between a FailoverPolicy an a Service
-// it references whether due to name-alignment or from a reference in a
-// FailoverDestination leg.
-type FailoverMapper interface {
-	// TrackFailover extracts all Service references from the provided
-	// FailoverPolicy and indexes them so that MapService can turn Service
-	// events into FailoverPolicy events properly.
-	TrackFailover(failover *resource.DecodedResource[*pbcatalog.FailoverPolicy])
-
-	// UntrackFailover forgets the links inserted by TrackFailover for the
-	// provided FailoverPolicyID.
-	UntrackFailover(failoverID *pbresource.ID)
-
-	// MapService will take a Service resource and return controller requests
-	// for all FailoverPolicies associated with the Service.
-	MapService(ctx context.Context, rt controller.Runtime, res *pbresource.Resource) ([]controller.Request, error)
-}
-
-func FailoverPolicyController(mapper FailoverMapper) controller.Controller {
-	if mapper == nil {
-		panic("No FailoverMapper was provided to the FailoverPolicyController constructor")
-	}
-	return controller.ForType(types.FailoverPolicyType).
-		WithWatch(types.ServiceType, mapper.MapService).
-		WithReconciler(newFailoverPolicyReconciler(mapper))
-}
-
-type failoverPolicyReconciler struct {
-	mapper FailoverMapper
-}
-
-func newFailoverPolicyReconciler(mapper FailoverMapper) *failoverPolicyReconciler {
-	return &failoverPolicyReconciler{
-		mapper: mapper,
-	}
-}
-
-func (r *failoverPolicyReconciler) Reconcile(ctx context.Context, rt controller.Runtime, req controller.Request) error {
-	// The runtime is passed by value so replacing it here for the remainder of this
-	// reconciliation request processing will not affect future invocations.
-	rt.Logger = rt.Logger.With("resource-id", req.ID, "controller", StatusKey)
-
-	rt.Logger.Trace("reconciling failover policy")
-
-	failoverPolicyID := req.ID
-
-	failoverPolicy, err := getFailoverPolicy(ctx, rt, failoverPolicyID)
-	if err != nil {
-		rt.Logger.Error("error retrieving failover policy", "error", err)
-		return err
-	}
-	if failoverPolicy == nil {
-		r.mapper.UntrackFailover(failoverPolicyID)
-
-		// Either the failover policy was deleted, or it doesn't exist but an
-		// update to a Service came through and we can ignore it.
-		return nil
-	}
-
-	r.mapper.TrackFailover(failoverPolicy)
-
-	// FailoverPolicy is name-aligned with the Service it controls.
-	serviceID := &pbresource.ID{
-		Type:    types.ServiceType,
-		Tenancy: failoverPolicyID.Tenancy,
-		Name:    failoverPolicyID.Name,
-	}
-
-	service, err := getService(ctx, rt, serviceID)
-	if err != nil {
-		rt.Logger.Error("error retrieving corresponding service", "error", err)
-		return err
-	}
-	destServices := make(map[resource.ReferenceKey]*resource.DecodedResource[*pbcatalog.Service])
-	if service != nil {
-		destServices[resource.NewReferenceKey(serviceID)] = service
-	}
-
-	// Denorm the ports and stuff. After this we have no empty ports.
-	if service != nil {
-		failoverPolicy.Data = types.SimplifyFailoverPolicy(
-			service.Data,
-			failoverPolicy.Data,
-		)
-	}
-
-	// Fetch services.
-	for _, dest := range failoverPolicy.Data.GetUnderlyingDestinations() {
-		if dest.Ref == nil || !isServiceType(dest.Ref.Type) || dest.Ref.Section != "" {
-			continue // invalid, not possible due to validation hook
-		}
-
-		key := resource.NewReferenceKey(dest.Ref)
-
-		if _, ok := destServices[key]; ok {
-			continue
-		}
-
-		destID := resource.IDFromReference(dest.Ref)
-
-		destService, err := getService(ctx, rt, destID)
-		if err != nil {
-			rt.Logger.Error("error retrieving destination service", "service", key, "error", err)
-			return err
-		}
-
-		if destService != nil {
-			destServices[key] = destService
-		}
-	}
-
-	newStatus := computeNewStatus(failoverPolicy, service, destServices)
-
-	if resource.EqualStatus(failoverPolicy.Resource.Status[StatusKey], newStatus, false) {
-		rt.Logger.Trace("resource's failover policy status is unchanged",
-			"conditions", newStatus.Conditions)
-		return nil
-	}
-
-	_, err = rt.Client.WriteStatus(ctx, &pbresource.WriteStatusRequest{
-		Id:     failoverPolicy.Resource.Id,
-		Key:    StatusKey,
-		Status: newStatus,
-	})
-
-	if err != nil {
-		rt.Logger.Error("error encountered when attempting to update the resource's failover policy status", "error", err)
-		return err
-	}
-
-	rt.Logger.Trace("resource's failover policy status was updated",
-		"conditions", newStatus.Conditions)
-	return nil
-}
-
-func getFailoverPolicy(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*resource.DecodedResource[*pbcatalog.FailoverPolicy], error) {
-	return resource.GetDecodedResource[*pbcatalog.FailoverPolicy](ctx, rt.Client, id)
-}
-
-func getService(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*resource.DecodedResource[*pbcatalog.Service], error) {
-	return resource.GetDecodedResource[*pbcatalog.Service](ctx, rt.Client, id)
-}
-
-func computeNewStatus(
-	failoverPolicy *resource.DecodedResource[*pbcatalog.FailoverPolicy],
-	service *resource.DecodedResource[*pbcatalog.Service],
-	destServices map[resource.ReferenceKey]*resource.DecodedResource[*pbcatalog.Service],
-) *pbresource.Status {
-	if service == nil {
-		return &pbresource.Status{
-			ObservedGeneration: failoverPolicy.Resource.Generation,
-			Conditions: []*pbresource.Condition{
-				ConditionMissingService,
-			},
-		}
-	}
-
-	allowedPortProtocols := make(map[string]pbcatalog.Protocol)
-	for _, port := range service.Data.Ports {
-		if port.Protocol == pbcatalog.Protocol_PROTOCOL_MESH {
-			continue // skip
-		}
-		allowedPortProtocols[port.TargetPort] = port.Protocol
-	}
-
-	var conditions []*pbresource.Condition
-
-	if failoverPolicy.Data.Config != nil {
-		for _, dest := range failoverPolicy.Data.Config.Destinations {
-			// We know from validation that a Ref must be set, and the type it
-			// points to is a Service.
-			//
-			// Rather than do additional validation, just do a quick
-			// belt-and-suspenders check-and-skip if something looks weird.
-			if dest.Ref == nil || !isServiceType(dest.Ref.Type) {
-				continue
-			}
-
-			if cond := serviceHasPort(dest, destServices); cond != nil {
-				conditions = append(conditions, cond)
-			}
-		}
-		// TODO: validate that referenced sameness groups exist
-	}
-
-	for port, pc := range failoverPolicy.Data.PortConfigs {
-		if _, ok := allowedPortProtocols[port]; !ok {
-			conditions = append(conditions, ConditionUnknownPort(port))
-		}
-
-		for _, dest := range pc.Destinations {
-			// We know from validation that a Ref must be set, and the type it
-			// points to is a Service.
-			//
-			// Rather than do additional validation, just do a quick
-			// belt-and-suspenders check-and-skip if something looks weird.
-			if dest.Ref == nil || !isServiceType(dest.Ref.Type) {
-				continue
-			}
-
-			if cond := serviceHasPort(dest, destServices); cond != nil {
-				conditions = append(conditions, cond)
-			}
-		}
-
-		// TODO: validate that referenced sameness groups exist
-	}
-
-	if len(conditions) > 0 {
-		return &pbresource.Status{
-			ObservedGeneration: failoverPolicy.Resource.Generation,
-			Conditions:         conditions,
-		}
-	}
-
-	return &pbresource.Status{
-		ObservedGeneration: failoverPolicy.Resource.Generation,
-		Conditions: []*pbresource.Condition{
-			ConditionOK,
-		},
-	}
-}
-
-func serviceHasPort(
-	dest *pbcatalog.FailoverDestination,
-	destServices map[resource.ReferenceKey]*resource.DecodedResource[*pbcatalog.Service],
-) *pbresource.Condition {
-	key := resource.NewReferenceKey(dest.Ref)
-	destService, ok := destServices[key]
-	if !ok {
-		return ConditionMissingDestinationService(dest.Ref)
-	}
-
-	found := false
-	mesh := false
-	for _, port := range destService.Data.Ports {
-		if port.TargetPort == dest.Port {
-			found = true
-			if port.Protocol == pbcatalog.Protocol_PROTOCOL_MESH {
-				mesh = true
-			}
-			break
-		}
-	}
-
-	if !found {
-		return ConditionUnknownDestinationPort(dest.Ref, dest.Port)
-	} else if mesh {
-		return ConditionUsingMeshDestinationPort(dest.Ref, dest.Port)
-	}
-
-	return nil
-}
-
-func isServiceType(typ *pbresource.Type) bool {
-	switch {
-	case resource.EqualType(typ, types.ServiceType):
-		return true
-	}
-	return false
-}
diff --git a/internal/catalog/internal/controllers/failover/controller_test.go b/internal/catalog/internal/controllers/failover/controller_test.go
deleted file mode 100644
index de42844ae6b2..000000000000
--- a/internal/catalog/internal/controllers/failover/controller_test.go
+++ /dev/null
@@ -1,268 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package failover
-
-import (
-	"context"
-	"testing"
-
-	"github.com/stretchr/testify/suite"
-
-	svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing"
-	"github.com/hashicorp/consul/internal/catalog/internal/mappers/failovermapper"
-	"github.com/hashicorp/consul/internal/catalog/internal/types"
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/resource"
-	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/sdk/testutil"
-)
-
-type controllerSuite struct {
-	suite.Suite
-
-	ctx    context.Context
-	client *rtest.Client
-	rt     controller.Runtime
-
-	failoverMapper FailoverMapper
-
-	ctl failoverPolicyReconciler
-}
-
-func (suite *controllerSuite) SetupTest() {
-	suite.ctx = testutil.TestContext(suite.T())
-	client := svctest.RunResourceService(suite.T(), types.Register)
-	suite.rt = controller.Runtime{
-		Client: client,
-		Logger: testutil.Logger(suite.T()),
-	}
-	suite.client = rtest.NewClient(client)
-
-	suite.failoverMapper = failovermapper.New()
-}
-
-func (suite *controllerSuite) TestController() {
-	// This test's purpose is to exercise the controller in a halfway realistic
-	// way, verifying the event triggers work in the live code.
-
-	// Run the controller manager
-	mgr := controller.NewManager(suite.client, suite.rt.Logger)
-	mgr.Register(FailoverPolicyController(suite.failoverMapper))
-	mgr.SetRaftLeader(true)
-	go mgr.Run(suite.ctx)
-
-	// Create an advance pointer to some services.
-	apiServiceRef := resource.Reference(rtest.Resource(types.ServiceType, "api").ID(), "")
-	otherServiceRef := resource.Reference(rtest.Resource(types.ServiceType, "other").ID(), "")
-
-	// create a failover without any services
-	failoverData := &pbcatalog.FailoverPolicy{
-		Config: &pbcatalog.FailoverConfig{
-			Destinations: []*pbcatalog.FailoverDestination{{
-				Ref: apiServiceRef,
-			}},
-		},
-	}
-	failover := rtest.Resource(types.FailoverPolicyType, "api").
-		WithData(suite.T(), failoverData).
-		Write(suite.T(), suite.client)
-
-	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionMissingService)
-
-	// Provide the service.
-	apiServiceData := &pbcatalog.Service{
-		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
-		Ports: []*pbcatalog.ServicePort{{
-			TargetPort: "http",
-			Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-		}},
-	}
-	_ = rtest.Resource(types.ServiceType, "api").
-		WithData(suite.T(), apiServiceData).
-		Write(suite.T(), suite.client)
-	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK)
-
-	// Update the failover to reference an unknown port
-	failoverData = &pbcatalog.FailoverPolicy{
-		PortConfigs: map[string]*pbcatalog.FailoverConfig{
-			"http": {
-				Destinations: []*pbcatalog.FailoverDestination{{
-					Ref:  apiServiceRef,
-					Port: "http",
-				}},
-			},
-			"admin": {
-				Destinations: []*pbcatalog.FailoverDestination{{
-					Ref:  apiServiceRef,
-					Port: "admin",
-				}},
-			},
-		},
-	}
-	_ = rtest.Resource(types.FailoverPolicyType, "api").
-		WithData(suite.T(), failoverData).
-		Write(suite.T(), suite.client)
-	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownPort("admin"))
-
-	// update the service to fix the stray reference, but point to a mesh port
-	apiServiceData = &pbcatalog.Service{
-		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
-		Ports: []*pbcatalog.ServicePort{
-			{
-				TargetPort: "http",
-				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-			},
-			{
-				TargetPort: "admin",
-				Protocol:   pbcatalog.Protocol_PROTOCOL_MESH,
-			},
-		},
-	}
-	_ = rtest.Resource(types.ServiceType, "api").
-		WithData(suite.T(), apiServiceData).
-		Write(suite.T(), suite.client)
-	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUsingMeshDestinationPort(apiServiceRef, "admin"))
-
-	// update the service to fix the stray reference to not be a mesh port
-	apiServiceData = &pbcatalog.Service{
-		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
-		Ports: []*pbcatalog.ServicePort{
-			{
-				TargetPort: "http",
-				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-			},
-			{
-				TargetPort: "admin",
-				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-			},
-		},
-	}
-	_ = rtest.Resource(types.ServiceType, "api").
-		WithData(suite.T(), apiServiceData).
-		Write(suite.T(), suite.client)
-	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK)
-
-	// change failover leg to point to missing service
-	failoverData = &pbcatalog.FailoverPolicy{
-		PortConfigs: map[string]*pbcatalog.FailoverConfig{
-			"http": {
-				Destinations: []*pbcatalog.FailoverDestination{{
-					Ref:  apiServiceRef,
-					Port: "http",
-				}},
-			},
-			"admin": {
-				Destinations: []*pbcatalog.FailoverDestination{{
-					Ref:  otherServiceRef,
-					Port: "admin",
-				}},
-			},
-		},
-	}
-	_ = rtest.Resource(types.FailoverPolicyType, "api").
-		WithData(suite.T(), failoverData).
-		Write(suite.T(), suite.client)
-	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionMissingDestinationService(otherServiceRef))
-
-	// Create the missing service, but forget the port.
-	otherServiceData := &pbcatalog.Service{
-		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}},
-		Ports: []*pbcatalog.ServicePort{{
-			TargetPort: "http",
-			Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-		}},
-	}
-	_ = rtest.Resource(types.ServiceType, "other").
-		WithData(suite.T(), otherServiceData).
-		Write(suite.T(), suite.client)
-	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownDestinationPort(otherServiceRef, "admin"))
-
-	// fix the destination leg's port
-	otherServiceData = &pbcatalog.Service{
-		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}},
-		Ports: []*pbcatalog.ServicePort{
-			{
-				TargetPort: "http",
-				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-			},
-			{
-				TargetPort: "admin",
-				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-			},
-		},
-	}
-	_ = rtest.Resource(types.ServiceType, "other").
-		WithData(suite.T(), otherServiceData).
-		Write(suite.T(), suite.client)
-	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK)
-
-	// Update the two services to use differnet port names so the easy path doesn't work
-	apiServiceData = &pbcatalog.Service{
-		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
-		Ports: []*pbcatalog.ServicePort{
-			{
-				TargetPort: "foo",
-				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-			},
-			{
-				TargetPort: "bar",
-				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-			},
-		},
-	}
-	_ = rtest.Resource(types.ServiceType, "api").
-		WithData(suite.T(), apiServiceData).
-		Write(suite.T(), suite.client)
-
-	otherServiceData = &pbcatalog.Service{
-		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}},
-		Ports: []*pbcatalog.ServicePort{
-			{
-				TargetPort: "foo",
-				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-			},
-			{
-				TargetPort: "baz",
-				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-			},
-		},
-	}
-	_ = rtest.Resource(types.ServiceType, "other").
-		WithData(suite.T(), otherServiceData).
-		Write(suite.T(), suite.client)
-
-	failoverData = &pbcatalog.FailoverPolicy{
-		Config: &pbcatalog.FailoverConfig{
-			Destinations: []*pbcatalog.FailoverDestination{{
-				Ref: otherServiceRef,
-			}},
-		},
-	}
-	failover = rtest.Resource(types.FailoverPolicyType, "api").
-		WithData(suite.T(), failoverData).
-		Write(suite.T(), suite.client)
-
-	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownDestinationPort(otherServiceRef, "bar"))
-
-	// and fix it the silly way by removing it from api+failover
-	apiServiceData = &pbcatalog.Service{
-		Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}},
-		Ports: []*pbcatalog.ServicePort{
-			{
-				TargetPort: "foo",
-				Protocol:   pbcatalog.Protocol_PROTOCOL_HTTP,
-			},
-		},
-	}
-	_ = rtest.Resource(types.ServiceType, "api").
-		WithData(suite.T(), apiServiceData).
-		Write(suite.T(), suite.client)
-
-	suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK)
-}
-
-func TestFailoverController(t *testing.T) {
-	suite.Run(t, new(controllerSuite))
-}
diff --git a/internal/catalog/internal/controllers/failover/status.go b/internal/catalog/internal/controllers/failover/status.go
deleted file mode 100644
index b2801c41ed93..000000000000
--- a/internal/catalog/internal/controllers/failover/status.go
+++ /dev/null
@@ -1,84 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package failover
-
-import (
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	StatusKey               = "consul.io/failover-policy"
-	StatusConditionAccepted = "accepted"
-
-	OKReason  = "Ok"
-	OKMessage = "failover policy was accepted"
-
-	MissingServiceReason  = "MissingService"
-	MissingServiceMessage = "service for failover policy does not exist"
-
-	UnknownPortReason        = "UnknownPort"
-	UnknownPortMessagePrefix = "port is not defined on service: "
-
-	MissingDestinationServiceReason        = "MissingDestinationService"
-	MissingDestinationServiceMessagePrefix = "destination service for failover policy does not exist: "
-
-	UnknownDestinationPortReason        = "UnknownDestinationPort"
-	UnknownDestinationPortMessagePrefix = "port is not defined on destination service: "
-
-	UsingMeshDestinationPortReason        = "UsingMeshDestinationPort"
-	UsingMeshDestinationPortMessagePrefix = "port is a special unroutable mesh port on destination service: "
-)
-
-var (
-	ConditionOK = &pbresource.Condition{
-		Type:    StatusConditionAccepted,
-		State:   pbresource.Condition_STATE_TRUE,
-		Reason:  OKReason,
-		Message: OKMessage,
-	}
-
-	ConditionMissingService = &pbresource.Condition{
-		Type:    StatusConditionAccepted,
-		State:   pbresource.Condition_STATE_FALSE,
-		Reason:  MissingServiceReason,
-		Message: MissingServiceMessage,
-	}
-)
-
-func ConditionUnknownPort(port string) *pbresource.Condition {
-	return &pbresource.Condition{
-		Type:    StatusConditionAccepted,
-		State:   pbresource.Condition_STATE_FALSE,
-		Reason:  UnknownPortReason,
-		Message: UnknownPortMessagePrefix + port,
-	}
-}
-
-func ConditionMissingDestinationService(ref *pbresource.Reference) *pbresource.Condition {
-	return &pbresource.Condition{
-		Type:    StatusConditionAccepted,
-		State:   pbresource.Condition_STATE_FALSE,
-		Reason:  MissingDestinationServiceReason,
-		Message: MissingDestinationServiceMessagePrefix + resource.ReferenceToString(ref),
-	}
-}
-
-func ConditionUnknownDestinationPort(ref *pbresource.Reference, port string) *pbresource.Condition {
-	return &pbresource.Condition{
-		Type:    StatusConditionAccepted,
-		State:   pbresource.Condition_STATE_FALSE,
-		Reason:  UnknownDestinationPortReason,
-		Message: UnknownDestinationPortMessagePrefix + port + " on " + resource.ReferenceToString(ref),
-	}
-}
-
-func ConditionUsingMeshDestinationPort(ref *pbresource.Reference, port string) *pbresource.Condition {
-	return &pbresource.Condition{
-		Type:    StatusConditionAccepted,
-		State:   pbresource.Condition_STATE_FALSE,
-		Reason:  UnknownDestinationPortReason,
-		Message: UnknownDestinationPortMessagePrefix + port + " on " + resource.ReferenceToString(ref),
-	}
-}
diff --git a/internal/catalog/internal/controllers/nodehealth/controller.go b/internal/catalog/internal/controllers/nodehealth/controller.go
index 362ac1578c81..4e3aff9993ba 100644
--- a/internal/catalog/internal/controllers/nodehealth/controller.go
+++ b/internal/catalog/internal/controllers/nodehealth/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package nodehealth
 
diff --git a/internal/catalog/internal/controllers/nodehealth/controller_test.go b/internal/catalog/internal/controllers/nodehealth/controller_test.go
index 9723dabf9320..8150fe0bdda3 100644
--- a/internal/catalog/internal/controllers/nodehealth/controller_test.go
+++ b/internal/catalog/internal/controllers/nodehealth/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package nodehealth
 
diff --git a/internal/catalog/internal/controllers/nodehealth/status.go b/internal/catalog/internal/controllers/nodehealth/status.go
index d3cf0d8a8dc1..14a3151484b5 100644
--- a/internal/catalog/internal/controllers/nodehealth/status.go
+++ b/internal/catalog/internal/controllers/nodehealth/status.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package nodehealth
 
diff --git a/internal/catalog/internal/controllers/register.go b/internal/catalog/internal/controllers/register.go
index df1f7c88c7b2..5f7fc631a543 100644
--- a/internal/catalog/internal/controllers/register.go
+++ b/internal/catalog/internal/controllers/register.go
@@ -1,11 +1,10 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package controllers
 
 import (
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers/endpoints"
-	"github.com/hashicorp/consul/internal/catalog/internal/controllers/failover"
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers/nodehealth"
 	"github.com/hashicorp/consul/internal/catalog/internal/controllers/workloadhealth"
 	"github.com/hashicorp/consul/internal/controller"
@@ -14,12 +13,10 @@ import (
 type Dependencies struct {
 	WorkloadHealthNodeMapper workloadhealth.NodeMapper
 	EndpointsWorkloadMapper  endpoints.WorkloadMapper
-	FailoverMapper           failover.FailoverMapper
 }
 
 func Register(mgr *controller.Manager, deps Dependencies) {
 	mgr.Register(nodehealth.NodeHealthController())
 	mgr.Register(workloadhealth.WorkloadHealthController(deps.WorkloadHealthNodeMapper))
 	mgr.Register(endpoints.ServiceEndpointsController(deps.EndpointsWorkloadMapper))
-	mgr.Register(failover.FailoverPolicyController(deps.FailoverMapper))
 }
diff --git a/internal/catalog/internal/controllers/workloadhealth/controller.go b/internal/catalog/internal/controllers/workloadhealth/controller.go
index d8a33c922236..77009697bcd7 100644
--- a/internal/catalog/internal/controllers/workloadhealth/controller.go
+++ b/internal/catalog/internal/controllers/workloadhealth/controller.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package workloadhealth
 
 import (
diff --git a/internal/catalog/internal/controllers/workloadhealth/controller_test.go b/internal/catalog/internal/controllers/workloadhealth/controller_test.go
index 1afb06243a6e..29d93f088d45 100644
--- a/internal/catalog/internal/controllers/workloadhealth/controller_test.go
+++ b/internal/catalog/internal/controllers/workloadhealth/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package workloadhealth
 
diff --git a/internal/catalog/internal/controllers/workloadhealth/status.go b/internal/catalog/internal/controllers/workloadhealth/status.go
index f7bf000da273..05cc989ddd93 100644
--- a/internal/catalog/internal/controllers/workloadhealth/status.go
+++ b/internal/catalog/internal/controllers/workloadhealth/status.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package workloadhealth
 
 import (
diff --git a/internal/catalog/internal/mappers/failovermapper/failover_mapper.go b/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
deleted file mode 100644
index 4ae6776cb66c..000000000000
--- a/internal/catalog/internal/mappers/failovermapper/failover_mapper.go
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package failovermapper
-
-import (
-	"context"
-
-	"github.com/hashicorp/consul/internal/catalog/internal/types"
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/resource/mappers/bimapper"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-// Mapper tracks the relationship between a FailoverPolicy an a Service it
-// references whether due to name-alignment or from a reference in a
-// FailoverDestination leg.
-type Mapper struct {
-	b *bimapper.Mapper
-}
-
-// New creates a new Mapper.
-func New() *Mapper {
-	return &Mapper{
-		b: bimapper.New(types.FailoverPolicyType, types.ServiceType),
-	}
-}
-
-// TrackFailover extracts all Service references from the provided
-// FailoverPolicy and indexes them so that MapService can turn Service events
-// into FailoverPolicy events properly.
-func (m *Mapper) TrackFailover(failover *resource.DecodedResource[*pbcatalog.FailoverPolicy]) {
-	destRefs := failover.Data.GetUnderlyingDestinationRefs()
-	destRefs = append(destRefs, &pbresource.Reference{
-		Type:    types.ServiceType,
-		Tenancy: failover.Resource.Id.Tenancy,
-		Name:    failover.Resource.Id.Name,
-	})
-	m.trackFailover(failover.Resource.Id, destRefs)
-}
-
-func (m *Mapper) trackFailover(failover *pbresource.ID, services []*pbresource.Reference) {
-	var servicesAsIDsOrRefs []resource.ReferenceOrID
-	for _, s := range services {
-		servicesAsIDsOrRefs = append(servicesAsIDsOrRefs, s)
-	}
-	m.b.TrackItem(failover, servicesAsIDsOrRefs)
-}
-
-// UntrackFailover forgets the links inserted by TrackFailover for the provided
-// FailoverPolicyID.
-func (m *Mapper) UntrackFailover(failoverID *pbresource.ID) {
-	m.b.UntrackItem(failoverID)
-}
-
-func (m *Mapper) MapService(ctx context.Context, rt controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) {
-	return m.b.MapLink(ctx, rt, res)
-}
-
-func (m *Mapper) FailoverIDsByService(svcID *pbresource.ID) []*pbresource.ID {
-	return m.b.ItemsForLink(svcID)
-}
diff --git a/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go b/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go
deleted file mode 100644
index 048f444eca61..000000000000
--- a/internal/catalog/internal/mappers/failovermapper/failover_mapper_test.go
+++ /dev/null
@@ -1,190 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package failovermapper
-
-import (
-	"context"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/internal/catalog/internal/types"
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/resource"
-	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/proto/private/prototest"
-)
-
-func TestMapper_Tracking(t *testing.T) {
-	registry := resource.NewRegistry()
-	types.Register(registry)
-
-	// Create an advance pointer to some services.
-	randoSvc := rtest.Resource(types.ServiceType, "rando").
-		WithData(t, &pbcatalog.Service{}).
-		Build()
-	rtest.ValidateAndNormalize(t, registry, randoSvc)
-
-	apiSvc := rtest.Resource(types.ServiceType, "api").
-		WithData(t, &pbcatalog.Service{}).
-		Build()
-	rtest.ValidateAndNormalize(t, registry, apiSvc)
-
-	fooSvc := rtest.Resource(types.ServiceType, "foo").
-		WithData(t, &pbcatalog.Service{}).
-		Build()
-	rtest.ValidateAndNormalize(t, registry, fooSvc)
-
-	barSvc := rtest.Resource(types.ServiceType, "bar").
-		WithData(t, &pbcatalog.Service{}).
-		Build()
-	rtest.ValidateAndNormalize(t, registry, barSvc)
-
-	wwwSvc := rtest.Resource(types.ServiceType, "www").
-		WithData(t, &pbcatalog.Service{}).
-		Build()
-	rtest.ValidateAndNormalize(t, registry, wwwSvc)
-
-	fail1 := rtest.Resource(types.FailoverPolicyType, "api").
-		WithData(t, &pbcatalog.FailoverPolicy{
-			Config: &pbcatalog.FailoverConfig{
-				Destinations: []*pbcatalog.FailoverDestination{
-					{Ref: newRef(types.ServiceType, "foo")},
-					{Ref: newRef(types.ServiceType, "bar")},
-				},
-			},
-		}).
-		Build()
-	rtest.ValidateAndNormalize(t, registry, fail1)
-	failDec1 := rtest.MustDecode[*pbcatalog.FailoverPolicy](t, fail1)
-
-	fail2 := rtest.Resource(types.FailoverPolicyType, "www").
-		WithData(t, &pbcatalog.FailoverPolicy{
-			Config: &pbcatalog.FailoverConfig{
-				Destinations: []*pbcatalog.FailoverDestination{
-					{Ref: newRef(types.ServiceType, "www"), Datacenter: "dc2"},
-					{Ref: newRef(types.ServiceType, "foo")},
-				},
-			},
-		}).
-		Build()
-	rtest.ValidateAndNormalize(t, registry, fail2)
-	failDec2 := rtest.MustDecode[*pbcatalog.FailoverPolicy](t, fail2)
-
-	fail1_updated := rtest.Resource(types.FailoverPolicyType, "api").
-		WithData(t, &pbcatalog.FailoverPolicy{
-			Config: &pbcatalog.FailoverConfig{
-				Destinations: []*pbcatalog.FailoverDestination{
-					{Ref: newRef(types.ServiceType, "bar")},
-				},
-			},
-		}).
-		Build()
-	rtest.ValidateAndNormalize(t, registry, fail1_updated)
-	failDec1_updated := rtest.MustDecode[*pbcatalog.FailoverPolicy](t, fail1_updated)
-
-	m := New()
-
-	// Nothing tracked yet so we assume nothing.
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc)
-	requireServicesTracked(t, m, fooSvc)
-	requireServicesTracked(t, m, barSvc)
-	requireServicesTracked(t, m, wwwSvc)
-
-	// no-ops
-	m.UntrackFailover(fail1.Id)
-
-	// still nothing
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc)
-	requireServicesTracked(t, m, fooSvc)
-	requireServicesTracked(t, m, barSvc)
-	requireServicesTracked(t, m, wwwSvc)
-
-	// Actually insert some data.
-	m.TrackFailover(failDec1)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc, fail1.Id)
-	requireServicesTracked(t, m, fooSvc, fail1.Id)
-	requireServicesTracked(t, m, barSvc, fail1.Id)
-	requireServicesTracked(t, m, wwwSvc)
-
-	// track it again, no change
-	m.TrackFailover(failDec1)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc, fail1.Id)
-	requireServicesTracked(t, m, fooSvc, fail1.Id)
-	requireServicesTracked(t, m, barSvc, fail1.Id)
-	requireServicesTracked(t, m, wwwSvc)
-
-	// track new one that overlaps slightly
-	m.TrackFailover(failDec2)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc, fail1.Id)
-	requireServicesTracked(t, m, fooSvc, fail1.Id, fail2.Id)
-	requireServicesTracked(t, m, barSvc, fail1.Id)
-	requireServicesTracked(t, m, wwwSvc, fail2.Id)
-
-	// update the original to change it
-	m.TrackFailover(failDec1_updated)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc, fail1.Id)
-	requireServicesTracked(t, m, fooSvc, fail2.Id)
-	requireServicesTracked(t, m, barSvc, fail1.Id)
-	requireServicesTracked(t, m, wwwSvc, fail2.Id)
-
-	// delete the original
-	m.UntrackFailover(fail1.Id)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc)
-	requireServicesTracked(t, m, fooSvc, fail2.Id)
-	requireServicesTracked(t, m, barSvc)
-	requireServicesTracked(t, m, wwwSvc, fail2.Id)
-
-	// delete the other one
-	m.UntrackFailover(fail2.Id)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc)
-	requireServicesTracked(t, m, fooSvc)
-	requireServicesTracked(t, m, barSvc)
-	requireServicesTracked(t, m, wwwSvc)
-}
-
-func requireServicesTracked(t *testing.T, mapper *Mapper, svc *pbresource.Resource, failovers ...*pbresource.ID) {
-	t.Helper()
-
-	reqs, err := mapper.MapService(
-		context.Background(),
-		controller.Runtime{},
-		svc,
-	)
-	require.NoError(t, err)
-
-	require.Len(t, reqs, len(failovers))
-
-	for _, failover := range failovers {
-		prototest.AssertContainsElement(t, reqs, controller.Request{ID: failover})
-	}
-}
-
-func newRef(typ *pbresource.Type, name string) *pbresource.Reference {
-	return rtest.Resource(typ, name).Reference("")
-}
-
-func defaultTenancy() *pbresource.Tenancy {
-	return &pbresource.Tenancy{
-		Partition: "default",
-		Namespace: "default",
-		PeerName:  "local",
-	}
-}
diff --git a/internal/catalog/internal/mappers/nodemapper/node_mapper.go b/internal/catalog/internal/mappers/nodemapper/node_mapper.go
index 11e575f30752..8eea26dd08ca 100644
--- a/internal/catalog/internal/mappers/nodemapper/node_mapper.go
+++ b/internal/catalog/internal/mappers/nodemapper/node_mapper.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package nodemapper
 
 import (
diff --git a/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go b/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go
index 763e192ebf16..acfe67cf6b10 100644
--- a/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go
+++ b/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package nodemapper
 
 import (
diff --git a/internal/catalog/internal/mappers/selectiontracker/selection_tracker.go b/internal/catalog/internal/mappers/selectiontracker/selection_tracker.go
index 3cfe0489dd3f..3bf229bff65e 100644
--- a/internal/catalog/internal/mappers/selectiontracker/selection_tracker.go
+++ b/internal/catalog/internal/mappers/selectiontracker/selection_tracker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package selectiontracker
 
diff --git a/internal/catalog/internal/mappers/selectiontracker/selection_tracker_test.go b/internal/catalog/internal/mappers/selectiontracker/selection_tracker_test.go
index be4f7121d321..75fa0967c94b 100644
--- a/internal/catalog/internal/mappers/selectiontracker/selection_tracker_test.go
+++ b/internal/catalog/internal/mappers/selectiontracker/selection_tracker_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package selectiontracker
 
 import (
diff --git a/internal/catalog/internal/types/dns_policy.go b/internal/catalog/internal/types/dns_policy.go
index d2b6001b5dbc..4c3456027667 100644
--- a/internal/catalog/internal/types/dns_policy.go
+++ b/internal/catalog/internal/types/dns_policy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/dns_policy_test.go b/internal/catalog/internal/types/dns_policy_test.go
index 93ee62804197..b4c2da3c78aa 100644
--- a/internal/catalog/internal/types/dns_policy_test.go
+++ b/internal/catalog/internal/types/dns_policy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/errors.go b/internal/catalog/internal/types/errors.go
index 3b331a9a6302..6f0b44c1b378 100644
--- a/internal/catalog/internal/types/errors.go
+++ b/internal/catalog/internal/types/errors.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/errors_test.go b/internal/catalog/internal/types/errors_test.go
index 08f227166aa2..7a8157727350 100644
--- a/internal/catalog/internal/types/errors_test.go
+++ b/internal/catalog/internal/types/errors_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/failover_policy.go b/internal/catalog/internal/types/failover_policy.go
deleted file mode 100644
index 03993d707c9d..000000000000
--- a/internal/catalog/internal/types/failover_policy.go
+++ /dev/null
@@ -1,265 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/hashicorp/go-multierror"
-	"google.golang.org/protobuf/proto"
-
-	"github.com/hashicorp/consul/internal/resource"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	FailoverPolicyKind = "FailoverPolicy"
-)
-
-var (
-	FailoverPolicyV1Alpha1Type = &pbresource.Type{
-		Group:        GroupName,
-		GroupVersion: VersionV1Alpha1,
-		Kind:         FailoverPolicyKind,
-	}
-
-	FailoverPolicyType = FailoverPolicyV1Alpha1Type
-)
-
-func RegisterFailoverPolicy(r resource.Registry) {
-	r.Register(resource.Registration{
-		Type:     FailoverPolicyV1Alpha1Type,
-		Proto:    &pbcatalog.FailoverPolicy{},
-		Mutate:   MutateFailoverPolicy,
-		Validate: ValidateFailoverPolicy,
-	})
-}
-
-func MutateFailoverPolicy(res *pbresource.Resource) error {
-	var failover pbcatalog.FailoverPolicy
-
-	if err := res.Data.UnmarshalTo(&failover); err != nil {
-		return resource.NewErrDataParse(&failover, err)
-	}
-
-	changed := false
-
-	// Handle eliding empty configs.
-	if failover.Config != nil && failover.Config.IsEmpty() {
-		failover.Config = nil
-		changed = true
-	}
-	for port, pc := range failover.PortConfigs {
-		if pc.IsEmpty() {
-			delete(failover.PortConfigs, port)
-			changed = true
-		}
-	}
-	if len(failover.PortConfigs) == 0 {
-		failover.PortConfigs = nil
-		changed = true
-	}
-
-	// TODO(rb): normalize dest ref tenancies
-
-	if !changed {
-		return nil
-	}
-
-	return res.Data.MarshalFrom(&failover)
-}
-
-func ValidateFailoverPolicy(res *pbresource.Resource) error {
-	var failover pbcatalog.FailoverPolicy
-
-	if err := res.Data.UnmarshalTo(&failover); err != nil {
-		return resource.NewErrDataParse(&failover, err)
-	}
-
-	var merr error
-
-	if failover.Config == nil && len(failover.PortConfigs) == 0 {
-		merr = multierror.Append(merr, resource.ErrInvalidField{
-			Name:    "config",
-			Wrapped: fmt.Errorf("at least one of config or port_configs must be set"),
-		})
-	}
-
-	if failover.Config != nil {
-		for _, err := range validateFailoverConfig(failover.Config, false) {
-			merr = multierror.Append(merr, resource.ErrInvalidField{
-				Name:    "config",
-				Wrapped: err,
-			})
-		}
-	}
-
-	for portName, pc := range failover.PortConfigs {
-		if portNameErr := validatePortName(portName); portNameErr != nil {
-			merr = multierror.Append(merr, resource.ErrInvalidMapKey{
-				Map:     "port_configs",
-				Key:     portName,
-				Wrapped: portNameErr,
-			})
-		}
-
-		for _, err := range validateFailoverConfig(pc, true) {
-			merr = multierror.Append(merr, resource.ErrInvalidMapValue{
-				Map:     "port_configs",
-				Key:     portName,
-				Wrapped: err,
-			})
-		}
-
-		// TODO: should sameness group be a ref once that's a resource?
-	}
-
-	return merr
-}
-
-func validateFailoverConfig(config *pbcatalog.FailoverConfig, ported bool) []error {
-	var errs []error
-
-	if (len(config.Destinations) > 0) == (config.SamenessGroup != "") {
-		errs = append(errs, resource.ErrInvalidField{
-			Name:    "destinations",
-			Wrapped: fmt.Errorf("exactly one of destinations or sameness_group should be set"),
-		})
-	}
-	for i, dest := range config.Destinations {
-		for _, err := range validateFailoverPolicyDestination(dest, ported) {
-			errs = append(errs, resource.ErrInvalidListElement{
-				Name:    "destinations",
-				Index:   i,
-				Wrapped: err,
-			})
-		}
-	}
-
-	switch config.Mode {
-	case pbcatalog.FailoverMode_FAILOVER_MODE_UNSPECIFIED:
-		// means pbcatalog.FailoverMode_FAILOVER_MODE_SEQUENTIAL
-	case pbcatalog.FailoverMode_FAILOVER_MODE_SEQUENTIAL:
-	case pbcatalog.FailoverMode_FAILOVER_MODE_ORDER_BY_LOCALITY:
-	default:
-		errs = append(errs, resource.ErrInvalidField{
-			Name:    "mode",
-			Wrapped: fmt.Errorf("not a supported enum value: %v", config.Mode),
-		})
-	}
-
-	// TODO: validate sameness group requirements
-
-	return errs
-}
-
-func validateFailoverPolicyDestination(dest *pbcatalog.FailoverDestination, ported bool) []error {
-	var errs []error
-	if dest.Ref == nil {
-		errs = append(errs, resource.ErrInvalidField{
-			Name:    "ref",
-			Wrapped: resource.ErrMissing,
-		})
-	} else if !resource.EqualType(dest.Ref.Type, ServiceType) {
-		errs = append(errs, resource.ErrInvalidField{
-			Name: "ref",
-			Wrapped: resource.ErrInvalidReferenceType{
-				AllowedType: ServiceType,
-			},
-		})
-	} else if dest.Ref.Section != "" {
-		errs = append(errs, resource.ErrInvalidField{
-			Name: "ref",
-			Wrapped: resource.ErrInvalidField{
-				Name:    "section",
-				Wrapped: errors.New("section not supported for failover policy dest refs"),
-			},
-		})
-	}
-
-	// NOTE: Destinations here cannot define ports. Port equality is
-	// assumed and will be reconciled.
-	if dest.Port != "" {
-		if ported {
-			if portNameErr := validatePortName(dest.Port); portNameErr != nil {
-				errs = append(errs, resource.ErrInvalidField{
-					Name:    "port",
-					Wrapped: portNameErr,
-				})
-			}
-		} else {
-			errs = append(errs, resource.ErrInvalidField{
-				Name:    "port",
-				Wrapped: fmt.Errorf("ports cannot be specified explicitly for the general failover section since it relies upon port alignment"),
-			})
-		}
-	}
-
-	hasPeer := false
-	if dest.Ref != nil {
-		hasPeer = dest.Ref.Tenancy.PeerName != "local"
-	}
-
-	if hasPeer && dest.Datacenter != "" {
-		errs = append(errs, resource.ErrInvalidField{
-			Name:    "datacenter",
-			Wrapped: fmt.Errorf("ref.tenancy.peer_name and datacenter are mutually exclusive fields"),
-		})
-	}
-
-	return errs
-}
-
-// SimplifyFailoverPolicy fully populates the PortConfigs map and clears the
-// Configs map using the provided Service.
-func SimplifyFailoverPolicy(svc *pbcatalog.Service, failover *pbcatalog.FailoverPolicy) *pbcatalog.FailoverPolicy {
-	if failover == nil {
-		panic("failover is required")
-	}
-	if svc == nil {
-		panic("service is required")
-	}
-
-	// Copy so we can edit it.
-	dup := proto.Clone(failover)
-	failover = dup.(*pbcatalog.FailoverPolicy)
-
-	if failover.PortConfigs == nil {
-		failover.PortConfigs = make(map[string]*pbcatalog.FailoverConfig)
-	}
-
-	for _, port := range svc.Ports {
-		if port.Protocol == pbcatalog.Protocol_PROTOCOL_MESH {
-			continue // skip
-		}
-
-		if pc, ok := failover.PortConfigs[port.TargetPort]; ok {
-			for i, dest := range pc.Destinations {
-				// Assume port alignment.
-				if dest.Port == "" {
-					dest.Port = port.TargetPort
-					pc.Destinations[i] = dest
-				}
-			}
-			continue
-		}
-
-		if failover.Config != nil {
-			// Duplicate because each port will get this uniquely.
-			pc2 := proto.Clone(failover.Config).(*pbcatalog.FailoverConfig)
-			for _, dest := range pc2.Destinations {
-				dest.Port = port.TargetPort
-			}
-			failover.PortConfigs[port.TargetPort] = pc2
-		}
-	}
-
-	if failover.Config != nil {
-		failover.Config = nil
-	}
-
-	return failover
-}
diff --git a/internal/catalog/internal/types/failover_policy_test.go b/internal/catalog/internal/types/failover_policy_test.go
deleted file mode 100644
index d80e9b2f880e..000000000000
--- a/internal/catalog/internal/types/failover_policy_test.go
+++ /dev/null
@@ -1,599 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/proto"
-
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/proto/private/prototest"
-	"github.com/hashicorp/consul/sdk/testutil"
-)
-
-func TestMutateFailoverPolicy(t *testing.T) {
-	type testcase struct {
-		failover  *pbcatalog.FailoverPolicy
-		expect    *pbcatalog.FailoverPolicy
-		expectErr string
-	}
-
-	run := func(t *testing.T, tc testcase) {
-		res := resourcetest.Resource(FailoverPolicyType, "api").
-			WithData(t, tc.failover).
-			Build()
-
-		err := MutateFailoverPolicy(res)
-
-		got := resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, res)
-
-		if tc.expectErr == "" {
-			require.NoError(t, err)
-			prototest.AssertDeepEqual(t, tc.expect, got.Data)
-		} else {
-			testutil.RequireErrorContains(t, err, tc.expectErr)
-		}
-	}
-
-	cases := map[string]testcase{
-		"empty-1": {
-			failover: &pbcatalog.FailoverPolicy{},
-			expect:   &pbcatalog.FailoverPolicy{},
-		},
-		"empty-config-1": {
-			failover: &pbcatalog.FailoverPolicy{
-				Config: &pbcatalog.FailoverConfig{},
-			},
-			expect: &pbcatalog.FailoverPolicy{},
-		},
-		"empty-config-2": {
-			failover: &pbcatalog.FailoverPolicy{
-				Config: &pbcatalog.FailoverConfig{
-					Destinations: make([]*pbcatalog.FailoverDestination, 0),
-				},
-			},
-			expect: &pbcatalog.FailoverPolicy{},
-		},
-		"empty-map-1": {
-			failover: &pbcatalog.FailoverPolicy{
-				PortConfigs: make(map[string]*pbcatalog.FailoverConfig),
-			},
-			expect: &pbcatalog.FailoverPolicy{},
-		},
-		"empty-map-config-1": {
-			failover: &pbcatalog.FailoverPolicy{
-				PortConfigs: map[string]*pbcatalog.FailoverConfig{
-					"http": {},
-				},
-			},
-			expect: &pbcatalog.FailoverPolicy{},
-		},
-		"empty-map-config-2": {
-			failover: &pbcatalog.FailoverPolicy{
-				PortConfigs: map[string]*pbcatalog.FailoverConfig{
-					"http": {
-						Destinations: make([]*pbcatalog.FailoverDestination, 0),
-					},
-				},
-			},
-			expect: &pbcatalog.FailoverPolicy{},
-		},
-		"normal": {
-			failover: &pbcatalog.FailoverPolicy{
-				Config: &pbcatalog.FailoverConfig{
-					Mode:    pbcatalog.FailoverMode_FAILOVER_MODE_SEQUENTIAL,
-					Regions: []string{"foo", "bar"},
-					Destinations: []*pbcatalog.FailoverDestination{
-						{Ref: newRef(ServiceType, "a")},
-						{Ref: newRef(ServiceType, "b")},
-					},
-				},
-				PortConfigs: map[string]*pbcatalog.FailoverConfig{
-					"http": {
-						Destinations: []*pbcatalog.FailoverDestination{
-							{Ref: newRef(ServiceType, "foo")},
-							{Ref: newRef(ServiceType, "bar")},
-						},
-					},
-					"admin": {
-						Destinations: []*pbcatalog.FailoverDestination{
-							{Ref: newRef(ServiceType, "y")},
-							{Ref: newRef(ServiceType, "z")},
-						},
-					},
-				},
-			},
-			expect: &pbcatalog.FailoverPolicy{
-				Config: &pbcatalog.FailoverConfig{
-					Mode:    pbcatalog.FailoverMode_FAILOVER_MODE_SEQUENTIAL,
-					Regions: []string{"foo", "bar"},
-					Destinations: []*pbcatalog.FailoverDestination{
-						{Ref: newRef(ServiceType, "a")},
-						{Ref: newRef(ServiceType, "b")},
-					},
-				},
-				PortConfigs: map[string]*pbcatalog.FailoverConfig{
-					"http": {
-						Destinations: []*pbcatalog.FailoverDestination{
-							{Ref: newRef(ServiceType, "foo")},
-							{Ref: newRef(ServiceType, "bar")},
-						},
-					},
-					"admin": {
-						Destinations: []*pbcatalog.FailoverDestination{
-							{Ref: newRef(ServiceType, "y")},
-							{Ref: newRef(ServiceType, "z")},
-						},
-					},
-				},
-			},
-		},
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
-
-func TestValidateFailoverPolicy(t *testing.T) {
-	type configTestcase struct {
-		config    *pbcatalog.FailoverConfig
-		expectErr string
-	}
-
-	type testcase struct {
-		failover  *pbcatalog.FailoverPolicy
-		expectErr string
-	}
-
-	run := func(t *testing.T, tc testcase) {
-		res := resourcetest.Resource(FailoverPolicyType, "api").
-			WithData(t, tc.failover).
-			Build()
-
-		require.NoError(t, MutateFailoverPolicy(res))
-
-		// Verify that mutate didn't actually change the object.
-		got := resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, res)
-		prototest.AssertDeepEqual(t, tc.failover, got.Data)
-
-		err := ValidateFailoverPolicy(res)
-
-		// Verify that validate didn't actually change the object.
-		got = resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, res)
-		prototest.AssertDeepEqual(t, tc.failover, got.Data)
-
-		if tc.expectErr == "" {
-			require.NoError(t, err)
-		} else {
-			testutil.RequireErrorContains(t, err, tc.expectErr)
-		}
-	}
-
-	configCases := map[string]configTestcase{
-		"dest with sameness": {
-			config: &pbcatalog.FailoverConfig{
-				Destinations: []*pbcatalog.FailoverDestination{
-					{Ref: newRef(ServiceType, "api-backup")},
-				},
-				SamenessGroup: "blah",
-			},
-			expectErr: `invalid "destinations" field: exactly one of destinations or sameness_group should be set`,
-		},
-		"dest without sameness": {
-			config: &pbcatalog.FailoverConfig{
-				Destinations: []*pbcatalog.FailoverDestination{
-					{Ref: newRef(ServiceType, "api-backup")},
-				},
-			},
-		},
-		"sameness without dest": {
-			config: &pbcatalog.FailoverConfig{
-				SamenessGroup: "blah",
-			},
-		},
-		"mode: invalid": {
-			config: &pbcatalog.FailoverConfig{
-				Mode: 99,
-				Destinations: []*pbcatalog.FailoverDestination{
-					{Ref: newRef(ServiceType, "api-backup")},
-				},
-			},
-			expectErr: `invalid "mode" field: not a supported enum value: 99`,
-		},
-		"dest: no ref": {
-			config: &pbcatalog.FailoverConfig{
-				Destinations: []*pbcatalog.FailoverDestination{
-					{},
-				},
-			},
-			expectErr: `invalid element at index 0 of list "destinations": invalid "ref" field: missing required field`,
-		},
-		"dest: non-service ref": {
-			config: &pbcatalog.FailoverConfig{
-				Destinations: []*pbcatalog.FailoverDestination{
-					{Ref: newRef(WorkloadType, "api-backup")},
-				},
-			},
-			expectErr: `invalid element at index 0 of list "destinations": invalid "ref" field: reference must have type catalog.v1alpha1.Service`,
-		},
-		"dest: ref with section": {
-			config: &pbcatalog.FailoverConfig{
-				Destinations: []*pbcatalog.FailoverDestination{
-					{Ref: resourcetest.Resource(ServiceType, "api").Reference("blah")},
-				},
-			},
-			expectErr: `invalid element at index 0 of list "destinations": invalid "ref" field: invalid "section" field: section not supported for failover policy dest refs`,
-		},
-		"dest: ref peer and datacenter": {
-			config: &pbcatalog.FailoverConfig{
-				Destinations: []*pbcatalog.FailoverDestination{
-					{Ref: newRefWithPeer(ServiceType, "api", "peer1"), Datacenter: "dc2"},
-				},
-			},
-			expectErr: `invalid element at index 0 of list "destinations": invalid "datacenter" field: ref.tenancy.peer_name and datacenter are mutually exclusive fields`,
-		},
-		"dest: ref peer without datacenter": {
-			config: &pbcatalog.FailoverConfig{
-				Destinations: []*pbcatalog.FailoverDestination{
-					{Ref: newRefWithPeer(ServiceType, "api", "peer1")},
-				},
-			},
-		},
-		"dest: ref datacenter without peer": {
-			config: &pbcatalog.FailoverConfig{
-				Destinations: []*pbcatalog.FailoverDestination{
-					{Ref: newRef(ServiceType, "api"), Datacenter: "dc2"},
-				},
-			},
-		},
-	}
-
-	cases := map[string]testcase{
-		// emptiness
-		"empty": {
-			failover:  &pbcatalog.FailoverPolicy{},
-			expectErr: `invalid "config" field: at least one of config or port_configs must be set`,
-		},
-		"non-empty: one port config but no plain config": {
-			failover: &pbcatalog.FailoverPolicy{
-				PortConfigs: map[string]*pbcatalog.FailoverConfig{
-					"http": {
-						Destinations: []*pbcatalog.FailoverDestination{
-							{Ref: newRef(ServiceType, "api-backup")},
-						},
-					},
-				},
-			},
-		},
-		"non-empty: some plain config but no port configs": {
-			failover: &pbcatalog.FailoverPolicy{
-				Config: &pbcatalog.FailoverConfig{
-					Destinations: []*pbcatalog.FailoverDestination{
-						{Ref: newRef(ServiceType, "api-backup")},
-					},
-				},
-			},
-		},
-		// plain config
-		"plain config: bad dest: any port name": {
-			failover: &pbcatalog.FailoverPolicy{
-				Config: &pbcatalog.FailoverConfig{
-					Destinations: []*pbcatalog.FailoverDestination{
-						{Ref: newRef(ServiceType, "api-backup"), Port: "web"},
-					},
-				},
-			},
-			expectErr: `invalid "config" field: invalid element at index 0 of list "destinations": invalid "port" field: ports cannot be specified explicitly for the general failover section since it relies upon port alignment`,
-		},
-		// ported config
-		"ported config: bad dest: invalid port name": {
-			failover: &pbcatalog.FailoverPolicy{
-				PortConfigs: map[string]*pbcatalog.FailoverConfig{
-					"http": {
-						Destinations: []*pbcatalog.FailoverDestination{
-							{Ref: newRef(ServiceType, "api-backup"), Port: "$bad$"},
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid element at index 0 of list "destinations": invalid "port" field: value must match regex: ^[a-z0-9]([a-z0-9\-_]*[a-z0-9])?$`,
-		},
-		"ported config: bad ported in map": {
-			failover: &pbcatalog.FailoverPolicy{
-				PortConfigs: map[string]*pbcatalog.FailoverConfig{
-					"$bad$": {
-						Destinations: []*pbcatalog.FailoverDestination{
-							{Ref: newRef(ServiceType, "api-backup"), Port: "http"},
-						},
-					},
-				},
-			},
-			expectErr: `map port_configs contains an invalid key - "$bad$": value must match regex: ^[a-z0-9]([a-z0-9\-_]*[a-z0-9])?$`,
-		},
-	}
-
-	maybeWrap := func(wrapPrefix, base string) string {
-		if base != "" {
-			return wrapPrefix + base
-		}
-		return ""
-	}
-
-	for name, tc := range configCases {
-		cases["plain config: "+name] = testcase{
-			failover: &pbcatalog.FailoverPolicy{
-				Config: proto.Clone(tc.config).(*pbcatalog.FailoverConfig),
-			},
-			expectErr: maybeWrap(`invalid "config" field: `, tc.expectErr),
-		}
-
-		cases["ported config: "+name] = testcase{
-			failover: &pbcatalog.FailoverPolicy{
-				PortConfigs: map[string]*pbcatalog.FailoverConfig{
-					"http": proto.Clone(tc.config).(*pbcatalog.FailoverConfig),
-				},
-			},
-			expectErr: maybeWrap(`invalid value of key "http" within port_configs: `, tc.expectErr),
-		}
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
-
-func TestSimplifyFailoverPolicy(t *testing.T) {
-	registry := resource.NewRegistry()
-	Register(registry)
-
-	type testcase struct {
-		svc      *pbresource.Resource
-		failover *pbresource.Resource
-		expect   *pbresource.Resource
-	}
-	run := func(t *testing.T, tc testcase) {
-		// Ensure we only use valid inputs.
-		resourcetest.ValidateAndNormalize(t, registry, tc.svc)
-		resourcetest.ValidateAndNormalize(t, registry, tc.failover)
-		resourcetest.ValidateAndNormalize(t, registry, tc.expect)
-
-		svc := resourcetest.MustDecode[*pbcatalog.Service](t, tc.svc)
-		failover := resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, tc.failover)
-		expect := resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, tc.expect)
-
-		inputFailoverCopy := proto.Clone(failover.Data).(*pbcatalog.FailoverPolicy)
-
-		got := SimplifyFailoverPolicy(svc.Data, failover.Data)
-		prototest.AssertDeepEqual(t, expect.Data, got)
-
-		// verify input was not altered
-		prototest.AssertDeepEqual(t, inputFailoverCopy, failover.Data)
-	}
-
-	newPort := func(name string, virtualPort uint32, protocol pbcatalog.Protocol) *pbcatalog.ServicePort {
-		return &pbcatalog.ServicePort{
-			VirtualPort: virtualPort,
-			TargetPort:  name,
-			Protocol:    protocol,
-		}
-	}
-
-	cases := map[string]testcase{
-		"implicit with mesh port skipping": {
-			svc: resourcetest.Resource(ServiceType, "api").
-				WithData(t, &pbcatalog.Service{
-					Ports: []*pbcatalog.ServicePort{
-						newPort("mesh", 21001, pbcatalog.Protocol_PROTOCOL_MESH),
-						newPort("http", 8080, pbcatalog.Protocol_PROTOCOL_HTTP),
-					},
-				}).
-				Build(),
-			failover: resourcetest.Resource(FailoverPolicyType, "api").
-				WithData(t, &pbcatalog.FailoverPolicy{
-					Config: &pbcatalog.FailoverConfig{
-						Destinations: []*pbcatalog.FailoverDestination{
-							{
-								Ref: newRef(ServiceType, "api-backup"),
-							},
-						},
-					},
-				}).
-				Build(),
-			expect: resourcetest.Resource(FailoverPolicyType, "api").
-				WithData(t, &pbcatalog.FailoverPolicy{
-					PortConfigs: map[string]*pbcatalog.FailoverConfig{
-						"http": {
-							Destinations: []*pbcatalog.FailoverDestination{
-								{
-									Ref:  newRef(ServiceType, "api-backup"),
-									Port: "http", // port defaulted
-								},
-							},
-						},
-					},
-				}).
-				Build(),
-		},
-		"explicit with port aligned defaulting": {
-			svc: resourcetest.Resource(ServiceType, "api").
-				WithData(t, &pbcatalog.Service{
-					Ports: []*pbcatalog.ServicePort{
-						newPort("mesh", 9999, pbcatalog.Protocol_PROTOCOL_MESH),
-						newPort("http", 8080, pbcatalog.Protocol_PROTOCOL_HTTP),
-						newPort("rest", 8282, pbcatalog.Protocol_PROTOCOL_HTTP2),
-					},
-				}).
-				Build(),
-			failover: resourcetest.Resource(FailoverPolicyType, "api").
-				WithData(t, &pbcatalog.FailoverPolicy{
-					PortConfigs: map[string]*pbcatalog.FailoverConfig{
-						"http": {
-							Destinations: []*pbcatalog.FailoverDestination{
-								{
-									Ref:  newRef(ServiceType, "api-backup"),
-									Port: "www",
-								},
-								{
-									Ref: newRef(ServiceType, "api-double-backup"),
-								},
-							},
-						},
-					},
-				}).
-				Build(),
-			expect: resourcetest.Resource(FailoverPolicyType, "api").
-				WithData(t, &pbcatalog.FailoverPolicy{
-					PortConfigs: map[string]*pbcatalog.FailoverConfig{
-						"http": {
-							Destinations: []*pbcatalog.FailoverDestination{
-								{
-									Ref:  newRef(ServiceType, "api-backup"),
-									Port: "www",
-								},
-								{
-									Ref:  newRef(ServiceType, "api-double-backup"),
-									Port: "http", // port defaulted
-								},
-							},
-						},
-					},
-				}).
-				Build(),
-		},
-		"implicit port explosion": {
-			svc: resourcetest.Resource(ServiceType, "api").
-				WithData(t, &pbcatalog.Service{
-					Ports: []*pbcatalog.ServicePort{
-						newPort("http", 8080, pbcatalog.Protocol_PROTOCOL_HTTP),
-						newPort("rest", 8282, pbcatalog.Protocol_PROTOCOL_HTTP2),
-					},
-				}).
-				Build(),
-			failover: resourcetest.Resource(FailoverPolicyType, "api").
-				WithData(t, &pbcatalog.FailoverPolicy{
-					Config: &pbcatalog.FailoverConfig{
-						Destinations: []*pbcatalog.FailoverDestination{
-							{
-								Ref: newRef(ServiceType, "api-backup"),
-							},
-							{
-								Ref: newRef(ServiceType, "api-double-backup"),
-							},
-						},
-					},
-				}).
-				Build(),
-			expect: resourcetest.Resource(FailoverPolicyType, "api").
-				WithData(t, &pbcatalog.FailoverPolicy{
-					PortConfigs: map[string]*pbcatalog.FailoverConfig{
-						"http": {
-							Destinations: []*pbcatalog.FailoverDestination{
-								{
-									Ref:  newRef(ServiceType, "api-backup"),
-									Port: "http",
-								},
-								{
-									Ref:  newRef(ServiceType, "api-double-backup"),
-									Port: "http",
-								},
-							},
-						},
-						"rest": {
-							Destinations: []*pbcatalog.FailoverDestination{
-								{
-									Ref:  newRef(ServiceType, "api-backup"),
-									Port: "rest",
-								},
-								{
-									Ref:  newRef(ServiceType, "api-double-backup"),
-									Port: "rest",
-								},
-							},
-						},
-					},
-				}).
-				Build(),
-		},
-		"mixed port explosion with skip": {
-			svc: resourcetest.Resource(ServiceType, "api").
-				WithData(t, &pbcatalog.Service{
-					Ports: []*pbcatalog.ServicePort{
-						newPort("http", 8080, pbcatalog.Protocol_PROTOCOL_HTTP),
-						newPort("rest", 8282, pbcatalog.Protocol_PROTOCOL_HTTP2),
-					},
-				}).
-				Build(),
-			failover: resourcetest.Resource(FailoverPolicyType, "api").
-				WithData(t, &pbcatalog.FailoverPolicy{
-					Config: &pbcatalog.FailoverConfig{
-						Destinations: []*pbcatalog.FailoverDestination{
-							{
-								Ref: newRef(ServiceType, "api-backup"),
-							},
-							{
-								Ref: newRef(ServiceType, "api-double-backup"),
-							},
-						},
-					},
-					PortConfigs: map[string]*pbcatalog.FailoverConfig{
-						"rest": {
-							Mode:          pbcatalog.FailoverMode_FAILOVER_MODE_ORDER_BY_LOCALITY,
-							Regions:       []string{"us", "eu"},
-							SamenessGroup: "sameweb",
-						},
-					},
-				}).
-				Build(),
-			expect: resourcetest.Resource(FailoverPolicyType, "api").
-				WithData(t, &pbcatalog.FailoverPolicy{
-					PortConfigs: map[string]*pbcatalog.FailoverConfig{
-						"http": {
-							Destinations: []*pbcatalog.FailoverDestination{
-								{
-									Ref:  newRef(ServiceType, "api-backup"),
-									Port: "http",
-								},
-								{
-									Ref:  newRef(ServiceType, "api-double-backup"),
-									Port: "http",
-								},
-							},
-						},
-						"rest": {
-							Mode:          pbcatalog.FailoverMode_FAILOVER_MODE_ORDER_BY_LOCALITY,
-							Regions:       []string{"us", "eu"},
-							SamenessGroup: "sameweb",
-						},
-					},
-				}).
-				Build(),
-		},
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
-
-func newRef(typ *pbresource.Type, name string) *pbresource.Reference {
-	return resourcetest.Resource(typ, name).Reference("")
-}
-
-func newRefWithPeer(typ *pbresource.Type, name string, peer string) *pbresource.Reference {
-	ref := newRef(typ, name)
-	ref.Tenancy.PeerName = peer
-	return ref
-}
diff --git a/internal/catalog/internal/types/health_checks.go b/internal/catalog/internal/types/health_checks.go
index f22f9bea97f8..7df200ec28eb 100644
--- a/internal/catalog/internal/types/health_checks.go
+++ b/internal/catalog/internal/types/health_checks.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/health_checks_test.go b/internal/catalog/internal/types/health_checks_test.go
index 8ae722959e60..12c13d3c1a22 100644
--- a/internal/catalog/internal/types/health_checks_test.go
+++ b/internal/catalog/internal/types/health_checks_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/health_status.go b/internal/catalog/internal/types/health_status.go
index 29c4094f9a0a..5e5a659475d8 100644
--- a/internal/catalog/internal/types/health_status.go
+++ b/internal/catalog/internal/types/health_status.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/health_status_test.go b/internal/catalog/internal/types/health_status_test.go
index d504b64b76a2..be9d30d50115 100644
--- a/internal/catalog/internal/types/health_status_test.go
+++ b/internal/catalog/internal/types/health_status_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/node.go b/internal/catalog/internal/types/node.go
index 2d9bc6e821d1..0d2c795abaa5 100644
--- a/internal/catalog/internal/types/node.go
+++ b/internal/catalog/internal/types/node.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/node_test.go b/internal/catalog/internal/types/node_test.go
index 4f3ca2c0a598..93e5ecea329a 100644
--- a/internal/catalog/internal/types/node_test.go
+++ b/internal/catalog/internal/types/node_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/service.go b/internal/catalog/internal/types/service.go
index 91c0c732e2e8..27e13530e5f3 100644
--- a/internal/catalog/internal/types/service.go
+++ b/internal/catalog/internal/types/service.go
@@ -1,16 +1,15 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
 import (
 	"math"
 
-	"github.com/hashicorp/go-multierror"
-
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/go-multierror"
 )
 
 const (
@@ -88,17 +87,6 @@ func ValidateService(res *pbresource.Resource) error {
 			})
 		}
 
-		if protoErr := validateProtocol(port.Protocol); protoErr != nil {
-			err = multierror.Append(err, resource.ErrInvalidListElement{
-				Name:  "ports",
-				Index: idx,
-				Wrapped: resource.ErrInvalidField{
-					Name:    "protocol",
-					Wrapped: protoErr,
-				},
-			})
-		}
-
 		// validate the virtual port is within the allowed range - 0 is allowed
 		// to signify that no virtual port should be used and the port will not
 		// be available for transparent proxying within the mesh.
diff --git a/internal/catalog/internal/types/service_endpoints.go b/internal/catalog/internal/types/service_endpoints.go
index a8a591ef26e2..8c3d1cf10956 100644
--- a/internal/catalog/internal/types/service_endpoints.go
+++ b/internal/catalog/internal/types/service_endpoints.go
@@ -1,16 +1,15 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
 import (
 	"math"
 
-	"github.com/hashicorp/go-multierror"
-
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/go-multierror"
 )
 
 const (
@@ -45,16 +44,6 @@ func MutateServiceEndpoints(res *pbresource.Resource) error {
 		}
 	}
 
-	return nil
-}
-
-func ValidateServiceEndpoints(res *pbresource.Resource) error {
-	var svcEndpoints pbcatalog.ServiceEndpoints
-
-	if err := res.Data.UnmarshalTo(&svcEndpoints); err != nil {
-		return resource.NewErrDataParse(&svcEndpoints, err)
-	}
-
 	var err error
 	if !resource.EqualType(res.Owner.Type, ServiceV1Alpha1Type) {
 		err = multierror.Append(err, resource.ErrOwnerTypeInvalid{
@@ -65,7 +54,6 @@ func ValidateServiceEndpoints(res *pbresource.Resource) error {
 
 	if !resource.EqualTenancy(res.Owner.Tenancy, res.Id.Tenancy) {
 		err = multierror.Append(err, resource.ErrOwnerTenantInvalid{
-			ResourceType:    ServiceEndpointsV1Alpha1Type,
 			ResourceTenancy: res.Id.Tenancy,
 			OwnerTenancy:    res.Owner.Tenancy,
 		})
@@ -81,6 +69,17 @@ func ValidateServiceEndpoints(res *pbresource.Resource) error {
 		})
 	}
 
+	return err
+}
+
+func ValidateServiceEndpoints(res *pbresource.Resource) error {
+	var svcEndpoints pbcatalog.ServiceEndpoints
+
+	if err := res.Data.UnmarshalTo(&svcEndpoints); err != nil {
+		return resource.NewErrDataParse(&svcEndpoints, err)
+	}
+
+	var err error
 	for idx, endpoint := range svcEndpoints.Endpoints {
 		if endpointErr := validateEndpoint(endpoint, res); endpointErr != nil {
 			err = multierror.Append(err, resource.ErrInvalidListElement{
@@ -129,13 +128,6 @@ func validateEndpoint(endpoint *pbcatalog.Endpoint, res *pbresource.Resource) er
 		})
 	}
 
-	if healthErr := validateHealth(endpoint.HealthStatus); healthErr != nil {
-		err = multierror.Append(err, resource.ErrInvalidField{
-			Name:    "health_status",
-			Wrapped: healthErr,
-		})
-	}
-
 	// Validate the endpoints ports
 	for portName, port := range endpoint.Ports {
 		// Port names must be DNS labels
@@ -147,17 +139,6 @@ func validateEndpoint(endpoint *pbcatalog.Endpoint, res *pbresource.Resource) er
 			})
 		}
 
-		if protoErr := validateProtocol(port.Protocol); protoErr != nil {
-			err = multierror.Append(err, resource.ErrInvalidMapValue{
-				Map: "ports",
-				Key: portName,
-				Wrapped: resource.ErrInvalidField{
-					Name:    "protocol",
-					Wrapped: protoErr,
-				},
-			})
-		}
-
 		// As the physical port is the real port the endpoint will be bound to
 		// it must be in the standard 1-65535 range.
 		if port.Port < 1 || port.Port > math.MaxUint16 {
@@ -165,7 +146,7 @@ func validateEndpoint(endpoint *pbcatalog.Endpoint, res *pbresource.Resource) er
 				Map: "ports",
 				Key: portName,
 				Wrapped: resource.ErrInvalidField{
-					Name:    "physical_port",
+					Name:    "phsical_port",
 					Wrapped: errInvalidPhysicalPort,
 				},
 			})
diff --git a/internal/catalog/internal/types/service_endpoints_test.go b/internal/catalog/internal/types/service_endpoints_test.go
index 9b45d7d2ca63..bd902d624683 100644
--- a/internal/catalog/internal/types/service_endpoints_test.go
+++ b/internal/catalog/internal/types/service_endpoints_test.go
@@ -1,17 +1,17 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
 import (
 	"testing"
 
-	"github.com/stretchr/testify/require"
-
 	"github.com/hashicorp/consul/internal/resource"
-	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/types/known/anypb"
 )
 
 var (
@@ -20,13 +20,22 @@ var (
 		Namespace: "default",
 		PeerName:  "local",
 	}
+)
 
-	badEndpointTenancy = &pbresource.Tenancy{
-		Partition: "default",
-		Namespace: "bad",
-		PeerName:  "local",
+func createServiceEndpointsResource(t *testing.T, data protoreflect.ProtoMessage) *pbresource.Resource {
+	res := &pbresource.Resource{
+		Id: &pbresource.ID{
+			Type:    ServiceEndpointsType,
+			Tenancy: defaultEndpointTenancy,
+			Name:    "test-service",
+		},
 	}
-)
+
+	var err error
+	res.Data, err = anypb.New(data)
+	require.NoError(t, err)
+	return res
+}
 
 func TestValidateServiceEndpoints_Ok(t *testing.T) {
 	data := &pbcatalog.ServiceEndpoints{
@@ -53,14 +62,8 @@ func TestValidateServiceEndpoints_Ok(t *testing.T) {
 		},
 	}
 
-	res := rtest.Resource(ServiceEndpointsType, "test-service").
-		WithData(t, data).
-		Build()
+	res := createServiceEndpointsResource(t, data)
 
-	// fill in owner automatically
-	require.NoError(t, MutateServiceEndpoints(res))
-
-	// Now validate that everything is good.
 	err := ValidateServiceEndpoints(res)
 	require.NoError(t, err)
 }
@@ -70,7 +73,7 @@ func TestValidateServiceEndpoints_ParseError(t *testing.T) {
 	// to cause the error we are expecting
 	data := &pbcatalog.IP{Address: "198.18.0.1"}
 
-	res := rtest.Resource(ServiceEndpointsType, "test-service").WithData(t, data).Build()
+	res := createServiceEndpointsResource(t, data)
 
 	err := ValidateServiceEndpoints(res)
 	require.Error(t, err)
@@ -101,7 +104,6 @@ func TestValidateServiceEndpoints_EndpointInvalid(t *testing.T) {
 	}
 
 	type testCase struct {
-		owner       *pbresource.ID
 		modify      func(*pbcatalog.Endpoint)
 		validateErr func(t *testing.T, err error)
 	}
@@ -131,20 +133,6 @@ func TestValidateServiceEndpoints_EndpointInvalid(t *testing.T) {
 				require.ErrorIs(t, err, resource.ErrEmpty)
 			},
 		},
-		"invalid-health-status": {
-			modify: func(endpoint *pbcatalog.Endpoint) {
-				endpoint.Ports["foo"] = &pbcatalog.WorkloadPort{
-					Port: 42,
-				}
-				endpoint.HealthStatus = 99
-			},
-			validateErr: func(t *testing.T, err error) {
-				rtest.RequireError(t, err, resource.ErrInvalidField{
-					Name:    "health_status",
-					Wrapped: resource.NewConstError("not a supported enum value: 99"),
-				})
-			},
-		},
 		"invalid-port-name": {
 			modify: func(endpoint *pbcatalog.Endpoint) {
 				endpoint.Ports[""] = &pbcatalog.WorkloadPort{
@@ -152,29 +140,11 @@ func TestValidateServiceEndpoints_EndpointInvalid(t *testing.T) {
 				}
 			},
 			validateErr: func(t *testing.T, err error) {
-				rtest.RequireError(t, err, resource.ErrInvalidMapKey{
-					Map:     "ports",
-					Key:     "",
-					Wrapped: resource.ErrEmpty,
-				})
-			},
-		},
-		"invalid-port-protocol": {
-			modify: func(endpoint *pbcatalog.Endpoint) {
-				endpoint.Ports["foo"] = &pbcatalog.WorkloadPort{
-					Port:     42,
-					Protocol: 99,
-				}
-			},
-			validateErr: func(t *testing.T, err error) {
-				rtest.RequireError(t, err, resource.ErrInvalidMapValue{
-					Map: "ports",
-					Key: "foo",
-					Wrapped: resource.ErrInvalidField{
-						Name:    "protocol",
-						Wrapped: resource.NewConstError("not a supported enum value: 99"),
-					},
-				})
+				var mapErr resource.ErrInvalidMapKey
+				require.ErrorAs(t, err, &mapErr)
+				require.Equal(t, "ports", mapErr.Map)
+				require.Equal(t, "", mapErr.Key)
+				require.Equal(t, resource.ErrEmpty, mapErr.Wrapped)
 			},
 		},
 		"port-0": {
@@ -193,50 +163,18 @@ func TestValidateServiceEndpoints_EndpointInvalid(t *testing.T) {
 				require.ErrorIs(t, err, errInvalidPhysicalPort)
 			},
 		},
-		"invalid-owner": {
-			owner: &pbresource.ID{
-				Type:    DNSPolicyType,
-				Tenancy: badEndpointTenancy,
-				Name:    "wrong",
-			},
-			validateErr: func(t *testing.T, err error) {
-				rtest.RequireError(t, err, resource.ErrOwnerTypeInvalid{
-					ResourceType: ServiceEndpointsType,
-					OwnerType:    DNSPolicyType})
-				rtest.RequireError(t, err, resource.ErrOwnerTenantInvalid{
-					ResourceType:    ServiceEndpointsType,
-					ResourceTenancy: defaultEndpointTenancy,
-					OwnerTenancy:    badEndpointTenancy,
-				})
-				rtest.RequireError(t, err, resource.ErrInvalidField{
-					Name: "name",
-					Wrapped: errInvalidEndpointsOwnerName{
-						Name:      "test-service",
-						OwnerName: "wrong"},
-				})
-			},
-		},
 	}
 
 	for name, tcase := range cases {
 		t.Run(name, func(t *testing.T) {
-			endpoint := genData()
-			if tcase.modify != nil {
-				tcase.modify(endpoint)
-			}
+			data := genData()
+			tcase.modify(data)
 
-			data := &pbcatalog.ServiceEndpoints{
+			res := createServiceEndpointsResource(t, &pbcatalog.ServiceEndpoints{
 				Endpoints: []*pbcatalog.Endpoint{
-					endpoint,
+					data,
 				},
-			}
-			res := rtest.Resource(ServiceEndpointsType, "test-service").
-				WithOwner(tcase.owner).
-				WithData(t, data).
-				Build()
-
-			// Run the mututation to setup defaults
-			require.NoError(t, MutateServiceEndpoints(res))
+			})
 
 			err := ValidateServiceEndpoints(res)
 			require.Error(t, err)
@@ -244,13 +182,3 @@ func TestValidateServiceEndpoints_EndpointInvalid(t *testing.T) {
 		})
 	}
 }
-
-func TestMutateServiceEndpoints_PopulateOwner(t *testing.T) {
-	res := rtest.Resource(ServiceEndpointsType, "test-service").Build()
-
-	require.NoError(t, MutateServiceEndpoints(res))
-	require.NotNil(t, res.Owner)
-	require.True(t, resource.EqualType(res.Owner.Type, ServiceType))
-	require.True(t, resource.EqualTenancy(res.Owner.Tenancy, defaultEndpointTenancy))
-	require.Equal(t, res.Owner.Name, res.Id.Name)
-}
diff --git a/internal/catalog/internal/types/service_test.go b/internal/catalog/internal/types/service_test.go
index 4f53a5c0a62b..1a0a035d9161 100644
--- a/internal/catalog/internal/types/service_test.go
+++ b/internal/catalog/internal/types/service_test.go
@@ -1,18 +1,17 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
 import (
 	"testing"
 
-	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/types/known/anypb"
-
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/types/known/anypb"
 )
 
 func createServiceResource(t *testing.T, data protoreflect.ProtoMessage) *pbresource.Resource {
@@ -172,37 +171,6 @@ func TestValidateService_VirtualPortReused(t *testing.T) {
 	require.EqualValues(t, 42, actual.Value)
 }
 
-func TestValidateService_InvalidPortProtocol(t *testing.T) {
-	data := &pbcatalog.Service{
-		Workloads: &pbcatalog.WorkloadSelector{
-			Prefixes: []string{""},
-		},
-		Ports: []*pbcatalog.ServicePort{
-			{
-				TargetPort: "foo",
-				Protocol:   99,
-			},
-		},
-	}
-
-	res := createServiceResource(t, data)
-
-	err := ValidateService(res)
-
-	expected := resource.ErrInvalidListElement{
-		Name:  "ports",
-		Index: 0,
-		Wrapped: resource.ErrInvalidField{
-			Name:    "protocol",
-			Wrapped: resource.NewConstError("not a supported enum value: 99"),
-		},
-	}
-
-	var actual resource.ErrInvalidListElement
-	require.ErrorAs(t, err, &actual)
-	require.Equal(t, expected, actual)
-}
-
 func TestValidateService_VirtualPortInvalid(t *testing.T) {
 	data := &pbcatalog.Service{
 		Workloads: &pbcatalog.WorkloadSelector{
diff --git a/internal/catalog/internal/types/types.go b/internal/catalog/internal/types/types.go
index 4d64f2137cc8..6ab3730bb293 100644
--- a/internal/catalog/internal/types/types.go
+++ b/internal/catalog/internal/types/types.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
@@ -22,5 +22,4 @@ func Register(r resource.Registry) {
 	RegisterHealthChecks(r)
 	RegisterDNSPolicy(r)
 	RegisterVirtualIPs(r)
-	RegisterFailoverPolicy(r)
 }
diff --git a/internal/catalog/internal/types/types_test.go b/internal/catalog/internal/types/types_test.go
index e63fd044eae6..d40fc42dd07c 100644
--- a/internal/catalog/internal/types/types_test.go
+++ b/internal/catalog/internal/types/types_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/validators.go b/internal/catalog/internal/types/validators.go
index 94691107f934..e9fc08562784 100644
--- a/internal/catalog/internal/types/validators.go
+++ b/internal/catalog/internal/types/validators.go
@@ -1,20 +1,18 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
 import (
-	"fmt"
 	"net"
 	"regexp"
 	"strings"
 
-	"github.com/hashicorp/go-multierror"
-	"google.golang.org/protobuf/proto"
-
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/go-multierror"
+	"google.golang.org/protobuf/proto"
 )
 
 const (
@@ -137,19 +135,6 @@ func validatePortName(name string) error {
 	return nil
 }
 
-func validateProtocol(protocol pbcatalog.Protocol) error {
-	switch protocol {
-	case pbcatalog.Protocol_PROTOCOL_TCP,
-		pbcatalog.Protocol_PROTOCOL_HTTP,
-		pbcatalog.Protocol_PROTOCOL_HTTP2,
-		pbcatalog.Protocol_PROTOCOL_GRPC,
-		pbcatalog.Protocol_PROTOCOL_MESH:
-		return nil
-	default:
-		return resource.NewConstError(fmt.Sprintf("not a supported enum value: %v", protocol))
-	}
-}
-
 // validateWorkloadAddress will validate the WorkloadAddress type. This involves validating
 // the Host within the workload address and the ports references. For ports references we
 // ensure that values in the addresses ports array are present in the set of map keys.
@@ -222,16 +207,3 @@ func validateReference(allowedType *pbresource.Type, allowedTenancy *pbresource.
 
 	return err
 }
-
-func validateHealth(health pbcatalog.Health) error {
-	switch health {
-	case pbcatalog.Health_HEALTH_ANY,
-		pbcatalog.Health_HEALTH_PASSING,
-		pbcatalog.Health_HEALTH_WARNING,
-		pbcatalog.Health_HEALTH_CRITICAL,
-		pbcatalog.Health_HEALTH_MAINTENANCE:
-		return nil
-	default:
-		return resource.NewConstError(fmt.Sprintf("not a supported enum value: %v", health))
-	}
-}
diff --git a/internal/catalog/internal/types/validators_test.go b/internal/catalog/internal/types/validators_test.go
index a3790e9f9e05..cd3a12c5c074 100644
--- a/internal/catalog/internal/types/validators_test.go
+++ b/internal/catalog/internal/types/validators_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
@@ -8,12 +8,11 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/hashicorp/go-multierror"
-	"github.com/stretchr/testify/require"
-
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/go-multierror"
+	"github.com/stretchr/testify/require"
 )
 
 func TestIsValidDNSLabel(t *testing.T) {
diff --git a/internal/catalog/internal/types/virtual_ips.go b/internal/catalog/internal/types/virtual_ips.go
index 73cb4855d42c..a27f08df0a77 100644
--- a/internal/catalog/internal/types/virtual_ips.go
+++ b/internal/catalog/internal/types/virtual_ips.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/virtual_ips_test.go b/internal/catalog/internal/types/virtual_ips_test.go
index 16edac73ce32..76d55e7ecd74 100644
--- a/internal/catalog/internal/types/virtual_ips_test.go
+++ b/internal/catalog/internal/types/virtual_ips_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/catalog/internal/types/workload.go b/internal/catalog/internal/types/workload.go
index b26506d175e4..a0dc7142d1e0 100644
--- a/internal/catalog/internal/types/workload.go
+++ b/internal/catalog/internal/types/workload.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
@@ -7,11 +7,10 @@ import (
 	"math"
 	"sort"
 
-	"github.com/hashicorp/go-multierror"
-
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/go-multierror"
 )
 
 const (
@@ -77,17 +76,6 @@ func ValidateWorkload(res *pbresource.Resource) error {
 			})
 		}
 
-		if protoErr := validateProtocol(port.Protocol); protoErr != nil {
-			err = multierror.Append(err, resource.ErrInvalidMapValue{
-				Map: "ports",
-				Key: portName,
-				Wrapped: resource.ErrInvalidField{
-					Name:    "protocol",
-					Wrapped: protoErr,
-				},
-			})
-		}
-
 		// Collect the list of mesh ports
 		if port.Protocol == pbcatalog.Protocol_PROTOCOL_MESH {
 			meshPorts = append(meshPorts, portName)
diff --git a/internal/catalog/internal/types/workload_test.go b/internal/catalog/internal/types/workload_test.go
index 6763fba54c97..03662472f225 100644
--- a/internal/catalog/internal/types/workload_test.go
+++ b/internal/catalog/internal/types/workload_test.go
@@ -1,18 +1,17 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
 import (
 	"testing"
 
-	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/types/known/anypb"
-
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/types/known/anypb"
 )
 
 func createWorkloadResource(t *testing.T, data protoreflect.ProtoMessage) *pbresource.Resource {
@@ -228,30 +227,6 @@ func TestValidateWorkload_InvalidPortName(t *testing.T) {
 	require.Equal(t, expected, actual)
 }
 
-func TestValidateWorkload_InvalidPortProtocol(t *testing.T) {
-	data := validWorkload()
-	data.Ports["foo"] = &pbcatalog.WorkloadPort{
-		Port:     42,
-		Protocol: 99,
-	}
-
-	res := createWorkloadResource(t, data)
-
-	err := ValidateWorkload(res)
-	require.Error(t, err)
-	expected := resource.ErrInvalidMapValue{
-		Map: "ports",
-		Key: "foo",
-		Wrapped: resource.ErrInvalidField{
-			Name:    "protocol",
-			Wrapped: resource.NewConstError("not a supported enum value: 99"),
-		},
-	}
-	var actual resource.ErrInvalidMapValue
-	require.ErrorAs(t, err, &actual)
-	require.Equal(t, expected, actual)
-}
-
 func TestValidateWorkload_Port0(t *testing.T) {
 	data := validWorkload()
 	data.Ports["bar"] = &pbcatalog.WorkloadPort{Port: 0}
diff --git a/internal/controller/api.go b/internal/controller/api.go
index 5c2fc2e78271..8f5d873368b5 100644
--- a/internal/controller/api.go
+++ b/internal/controller/api.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package controller
 
@@ -11,7 +11,6 @@ import (
 
 	"github.com/hashicorp/go-hclog"
 
-	"github.com/hashicorp/consul/agent/consul/controller/queue"
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
@@ -47,21 +46,6 @@ func (c Controller) WithWatch(watchedType *pbresource.Type, mapper DependencyMap
 	return c
 }
 
-// WithCustomWatch adds a custom watch on the given dependency to the controller. Custom mapper
-// will be called to map events produced by source to the controller's watched type.
-func (c Controller) WithCustomWatch(source *Source, mapper CustomDependencyMapper) Controller {
-	if source == nil {
-		panic("source must not be nil")
-	}
-
-	if mapper == nil {
-		panic("mapper must not be nil")
-	}
-
-	c.customWatches = append(c.customWatches, customWatch{source, mapper})
-	return c
-}
-
 // WithLogger changes the controller's logger.
 func (c Controller) WithLogger(logger hclog.Logger) Controller {
 	if logger == nil {
@@ -123,14 +107,13 @@ func (c Controller) backoff() (time.Duration, time.Duration) {
 // Use the builder methods in this package (starting with ForType) to construct
 // a controller, and then pass it to a Manager to be executed.
 type Controller struct {
-	managedType   *pbresource.Type
-	reconciler    Reconciler
-	logger        hclog.Logger
-	watches       []watch
-	customWatches []customWatch
-	baseBackoff   time.Duration
-	maxBackoff    time.Duration
-	placement     Placement
+	managedType *pbresource.Type
+	reconciler  Reconciler
+	logger      hclog.Logger
+	watches     []watch
+	baseBackoff time.Duration
+	maxBackoff  time.Duration
+	placement   Placement
 }
 
 type watch struct {
@@ -138,45 +121,6 @@ type watch struct {
 	mapper      DependencyMapper
 }
 
-// Watch is responsible for watching for custom events from source and adding them to
-// the event queue.
-func (s *Source) Watch(ctx context.Context, add func(e Event)) error {
-	for {
-		select {
-		case <-ctx.Done():
-			return nil
-		case evt, ok := <-s.Source:
-			if !ok {
-				return nil
-			}
-			add(evt)
-		}
-	}
-}
-
-// Source is used as a generic source of events. This can be used when events aren't coming from resources
-// stored by the resource API.
-type Source struct {
-	Source <-chan Event
-}
-
-// Event captures an event in the system which the API can choose to respond to.
-type Event struct {
-	Obj queue.ItemType
-}
-
-// Key returns a string that will be used to de-duplicate items in the queue.
-func (e Event) Key() string {
-	return e.Obj.Key()
-}
-
-// customWatch represent a Watch on a custom Event source and a Mapper to map said
-// Events into Requests that the controller can respond to.
-type customWatch struct {
-	source *Source
-	mapper CustomDependencyMapper
-}
-
 // Request represents a request to reconcile the resource with the given ID.
 type Request struct {
 	// ID of the resource that needs to be reconciled.
diff --git a/internal/controller/api_test.go b/internal/controller/api_test.go
index 40d3ec99bebd..e80a2d7d7133 100644
--- a/internal/controller/api_test.go
+++ b/internal/controller/api_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package controller_test
 
@@ -25,20 +25,9 @@ func TestController_API(t *testing.T) {
 	rec := newTestReconciler()
 	client := svctest.RunResourceService(t, demo.RegisterTypes)
 
-	concertsChan := make(chan controller.Event)
-	defer close(concertsChan)
-	concertSource := &controller.Source{Source: concertsChan}
-	concertMapper := func(ctx context.Context, rt controller.Runtime, event controller.Event) ([]controller.Request, error) {
-		artistID := event.Obj.(*Concert).artistID
-		var requests []controller.Request
-		requests = append(requests, controller.Request{ID: artistID})
-		return requests, nil
-	}
-
 	ctrl := controller.
 		ForType(demo.TypeV2Artist).
 		WithWatch(demo.TypeV2Album, controller.MapOwner).
-		WithCustomWatch(concertSource, concertMapper).
 		WithBackoff(10*time.Millisecond, 100*time.Millisecond).
 		WithReconciler(rec)
 
@@ -80,32 +69,6 @@ func TestController_API(t *testing.T) {
 		prototest.AssertDeepEqual(t, rsp.Resource.Id, req.ID)
 	})
 
-	t.Run("custom watched resource type", func(t *testing.T) {
-		res, err := demo.GenerateV2Artist()
-		require.NoError(t, err)
-
-		rsp, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: res})
-		require.NoError(t, err)
-
-		req := rec.wait(t)
-		prototest.AssertDeepEqual(t, rsp.Resource.Id, req.ID)
-
-		rec.expectNoRequest(t, 500*time.Millisecond)
-
-		concertsChan <- controller.Event{Obj: &Concert{name: "test-concert", artistID: rsp.Resource.Id}}
-
-		watchedReq := rec.wait(t)
-		prototest.AssertDeepEqual(t, req.ID, watchedReq.ID)
-
-		otherArtist, err := demo.GenerateV2Artist()
-		require.NoError(t, err)
-
-		concertsChan <- controller.Event{Obj: &Concert{name: "test-concert", artistID: otherArtist.Id}}
-
-		watchedReq = rec.wait(t)
-		prototest.AssertDeepEqual(t, otherArtist.Id, watchedReq.ID)
-	})
-
 	t.Run("error retries", func(t *testing.T) {
 		rec.failNext(errors.New("KABOOM"))
 
@@ -303,12 +266,3 @@ func testContext(t *testing.T) context.Context {
 
 	return ctx
 }
-
-type Concert struct {
-	name     string
-	artistID *pbresource.ID
-}
-
-func (c Concert) Key() string {
-	return c.name
-}
diff --git a/internal/controller/controller.go b/internal/controller/controller.go
index ac901d355b6e..54d5c57386a3 100644
--- a/internal/controller/controller.go
+++ b/internal/controller/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package controller
 
@@ -40,39 +40,20 @@ func (c *controllerRunner) run(ctx context.Context) error {
 		})
 	})
 
-	for _, w := range c.ctrl.watches {
+	for _, watch := range c.ctrl.watches {
+		watch := watch
 		mapQueue := runQueue[mapperRequest](groupCtx, c.ctrl)
-		watcher := w
+
 		// Watched Type Events → Mapper Queue
 		group.Go(func() error {
-			return c.watch(groupCtx, watcher.watchedType, func(res *pbresource.Resource) {
+			return c.watch(groupCtx, watch.watchedType, func(res *pbresource.Resource) {
 				mapQueue.Add(mapperRequest{res: res})
 			})
 		})
 
 		// Mapper Queue → Mapper → Reconciliation Queue
 		group.Go(func() error {
-			return c.runMapper(groupCtx, watcher, mapQueue, recQueue, func(ctx context.Context, runtime Runtime, itemType queue.ItemType) ([]Request, error) {
-				return watcher.mapper(ctx, runtime, itemType.(mapperRequest).res)
-			})
-		})
-	}
-
-	for _, cw := range c.ctrl.customWatches {
-		customMapQueue := runQueue[Event](groupCtx, c.ctrl)
-		watcher := cw
-		// Custom Events → Mapper Queue
-		group.Go(func() error {
-			return watcher.source.Watch(groupCtx, func(e Event) {
-				customMapQueue.Add(e)
-			})
-		})
-
-		// Mapper Queue → Mapper → Reconciliation Queue
-		group.Go(func() error {
-			return c.runCustomMapper(groupCtx, watcher, customMapQueue, recQueue, func(ctx context.Context, runtime Runtime, itemType queue.ItemType) ([]Request, error) {
-				return watcher.mapper(ctx, runtime, itemType.(Event))
-			})
+			return c.runMapper(groupCtx, watch, mapQueue, recQueue)
 		})
 	}
 
@@ -90,7 +71,7 @@ func runQueue[T queue.ItemType](ctx context.Context, ctrl Controller) queue.Work
 }
 
 func (c *controllerRunner) watch(ctx context.Context, typ *pbresource.Type, add func(*pbresource.Resource)) error {
-	wl, err := c.client.WatchList(ctx, &pbresource.WatchListRequest{
+	watch, err := c.client.WatchList(ctx, &pbresource.WatchListRequest{
 		Type: typ,
 		Tenancy: &pbresource.Tenancy{
 			Partition: storage.Wildcard,
@@ -104,7 +85,7 @@ func (c *controllerRunner) watch(ctx context.Context, typ *pbresource.Type, add
 	}
 
 	for {
-		event, err := wl.Recv()
+		event, err := watch.Recv()
 		if err != nil {
 			c.logger.Warn("error received from watch", "error", err)
 			return err
@@ -118,7 +99,6 @@ func (c *controllerRunner) runMapper(
 	w watch,
 	from queue.WorkQueue[mapperRequest],
 	to queue.WorkQueue[Request],
-	mapper func(ctx context.Context, runtime Runtime, itemType queue.ItemType) ([]Request, error),
 ) error {
 	logger := c.logger.With("watched_resource_type", resource.ToGVK(w.watchedType))
 
@@ -128,36 +108,27 @@ func (c *controllerRunner) runMapper(
 			return nil
 		}
 
-		if err := c.doMap(ctx, mapper, to, item, logger); err != nil {
+		var reqs []Request
+		err := c.handlePanic(func() error {
+			var err error
+			reqs, err = w.mapper(ctx, c.runtime(), item.res)
+			return err
+		})
+		if err != nil {
 			from.AddRateLimited(item)
 			from.Done(item)
 			continue
 		}
 
-		from.Forget(item)
-		from.Done(item)
-	}
-}
-
-func (c *controllerRunner) runCustomMapper(
-	ctx context.Context,
-	cw customWatch,
-	from queue.WorkQueue[Event],
-	to queue.WorkQueue[Request],
-	mapper func(ctx context.Context, runtime Runtime, itemType queue.ItemType) ([]Request, error),
-) error {
-	logger := c.logger.With("watched_event", cw.source)
-
-	for {
-		item, shutdown := from.Get()
-		if shutdown {
-			return nil
-		}
-
-		if err := c.doMap(ctx, mapper, to, item, logger); err != nil {
-			from.AddRateLimited(item)
-			from.Done(item)
-			continue
+		for _, r := range reqs {
+			if !resource.EqualType(r.ID.Type, c.ctrl.managedType) {
+				logger.Error("dependency mapper returned request for a resource of the wrong type",
+					"type_expected", resource.ToGVK(c.ctrl.managedType),
+					"type_got", resource.ToGVK(r.ID.Type),
+				)
+				continue
+			}
+			to.Add(r)
 		}
 
 		from.Forget(item)
@@ -165,29 +136,6 @@ func (c *controllerRunner) runCustomMapper(
 	}
 }
 
-func (c *controllerRunner) doMap(ctx context.Context, mapper func(ctx context.Context, runtime Runtime, itemType queue.ItemType) ([]Request, error), to queue.WorkQueue[Request], item queue.ItemType, logger hclog.Logger) error {
-	var reqs []Request
-	if err := c.handlePanic(func() error {
-		var err error
-		reqs, err = mapper(ctx, c.runtime(), item)
-		return err
-	}); err != nil {
-		return err
-	}
-
-	for _, r := range reqs {
-		if !resource.EqualType(r.ID.Type, c.ctrl.managedType) {
-			logger.Error("dependency mapper returned request for a resource of the wrong type",
-				"type_expected", resource.ToGVK(c.ctrl.managedType),
-				"type_got", resource.ToGVK(r.ID.Type),
-			)
-			continue
-		}
-		to.Add(r)
-	}
-	return nil
-}
-
 func (c *controllerRunner) runReconciler(ctx context.Context, queue queue.WorkQueue[Request]) error {
 	for {
 		req, shutdown := queue.Get()
diff --git a/internal/controller/dependency_mappers.go b/internal/controller/dependency_mappers.go
index 1ac331ffafdd..c054c4369e94 100644
--- a/internal/controller/dependency_mappers.go
+++ b/internal/controller/dependency_mappers.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package controller
 
 import (
@@ -18,14 +15,6 @@ type DependencyMapper func(
 	res *pbresource.Resource,
 ) ([]Request, error)
 
-// CustomDependencyMapper is called when an Event occurs to determine which of the
-// controller's managed resources need to be reconciled.
-type CustomDependencyMapper func(
-	ctx context.Context,
-	rt Runtime,
-	event Event,
-) ([]Request, error)
-
 // MapOwner implements a DependencyMapper that returns the updated resource's owner.
 func MapOwner(_ context.Context, _ Runtime, res *pbresource.Resource) ([]Request, error) {
 	var reqs []Request
diff --git a/internal/controller/dependency_mappers_test.go b/internal/controller/dependency_mappers_test.go
index b9956cdb71f4..b5300bfb9ac9 100644
--- a/internal/controller/dependency_mappers_test.go
+++ b/internal/controller/dependency_mappers_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package controller
 
 import (
diff --git a/internal/controller/doc.go b/internal/controller/doc.go
index db7d944e932e..28953791525c 100644
--- a/internal/controller/doc.go
+++ b/internal/controller/doc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package controller provides an API for implementing control loops on top of
 // Consul resources. It is heavily inspired by [Kubebuilder] and the Kubernetes
diff --git a/internal/controller/lease.go b/internal/controller/lease.go
index 596bd2546bce..2cb00d133019 100644
--- a/internal/controller/lease.go
+++ b/internal/controller/lease.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package controller
 
 // Lease is used to ensure controllers are run as singletons (i.e. one leader-
diff --git a/internal/controller/manager.go b/internal/controller/manager.go
index 1e7e91021061..92c5829c581e 100644
--- a/internal/controller/manager.go
+++ b/internal/controller/manager.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package controller
 
 import (
diff --git a/internal/controller/supervisor.go b/internal/controller/supervisor.go
index 4abb841f60e0..5983ff4c4b7b 100644
--- a/internal/controller/supervisor.go
+++ b/internal/controller/supervisor.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package controller
 
 import (
diff --git a/internal/controller/supervisor_test.go b/internal/controller/supervisor_test.go
index e455565d88b7..1792b8b95c21 100644
--- a/internal/controller/supervisor_test.go
+++ b/internal/controller/supervisor_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package controller
 
 import (
diff --git a/internal/go-sso/oidcauth/auth.go b/internal/go-sso/oidcauth/auth.go
index a2f35763a3d0..c50940780e77 100644
--- a/internal/go-sso/oidcauth/auth.go
+++ b/internal/go-sso/oidcauth/auth.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // package oidcauth bundles up an opinionated approach to authentication using
 // both the OIDC authorization code workflow and simple JWT decoding (via
diff --git a/internal/go-sso/oidcauth/config.go b/internal/go-sso/oidcauth/config.go
index 84bbac9e0cbe..3d51aff19f9b 100644
--- a/internal/go-sso/oidcauth/config.go
+++ b/internal/go-sso/oidcauth/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/config_test.go b/internal/go-sso/oidcauth/config_test.go
index c72a69e0845f..0ef4abcd69e5 100644
--- a/internal/go-sso/oidcauth/config_test.go
+++ b/internal/go-sso/oidcauth/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/internal/strutil/util.go b/internal/go-sso/oidcauth/internal/strutil/util.go
index 9cdc0b1acb1c..50cd24c32491 100644
--- a/internal/go-sso/oidcauth/internal/strutil/util.go
+++ b/internal/go-sso/oidcauth/internal/strutil/util.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package strutil
 
diff --git a/internal/go-sso/oidcauth/internal/strutil/util_test.go b/internal/go-sso/oidcauth/internal/strutil/util_test.go
index 06d76a6c69d5..2e3fd1919aca 100644
--- a/internal/go-sso/oidcauth/internal/strutil/util_test.go
+++ b/internal/go-sso/oidcauth/internal/strutil/util_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package strutil
 
diff --git a/internal/go-sso/oidcauth/jwt.go b/internal/go-sso/oidcauth/jwt.go
index fbb6a31669c8..0695a60c5527 100644
--- a/internal/go-sso/oidcauth/jwt.go
+++ b/internal/go-sso/oidcauth/jwt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/jwt_test.go b/internal/go-sso/oidcauth/jwt_test.go
index 621fb6660b53..9a8d9cf07ed1 100644
--- a/internal/go-sso/oidcauth/jwt_test.go
+++ b/internal/go-sso/oidcauth/jwt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/oidc.go b/internal/go-sso/oidcauth/oidc.go
index df00dfcc25f6..dbbf22582abf 100644
--- a/internal/go-sso/oidcauth/oidc.go
+++ b/internal/go-sso/oidcauth/oidc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/oidc_test.go b/internal/go-sso/oidcauth/oidc_test.go
index 48de99b64181..288c704d0838 100644
--- a/internal/go-sso/oidcauth/oidc_test.go
+++ b/internal/go-sso/oidcauth/oidc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/oidcauthtest/testing.go b/internal/go-sso/oidcauth/oidcauthtest/testing.go
index 0956673c0515..432bcae333e4 100644
--- a/internal/go-sso/oidcauth/oidcauthtest/testing.go
+++ b/internal/go-sso/oidcauth/oidcauthtest/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // package oidcauthtest exposes tools to assist in writing unit tests of OIDC
 // and JWT authentication workflows.
diff --git a/internal/go-sso/oidcauth/oidcjwt.go b/internal/go-sso/oidcauth/oidcjwt.go
index 14a6b4def2ad..fec78dae232e 100644
--- a/internal/go-sso/oidcauth/oidcjwt.go
+++ b/internal/go-sso/oidcauth/oidcjwt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/oidcjwt_test.go b/internal/go-sso/oidcauth/oidcjwt_test.go
index 49574856332a..e1bd0cd919b2 100644
--- a/internal/go-sso/oidcauth/oidcjwt_test.go
+++ b/internal/go-sso/oidcauth/oidcjwt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/util.go b/internal/go-sso/oidcauth/util.go
index 709798dee635..06cc9054b89c 100644
--- a/internal/go-sso/oidcauth/util.go
+++ b/internal/go-sso/oidcauth/util.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package oidcauth
 
diff --git a/internal/go-sso/oidcauth/util_test.go b/internal/go-sso/oidcauth/util_test.go
index 6cf8bae1b3bd..1bef6d51c6ae 100644
--- a/internal/go-sso/oidcauth/util_test.go
+++ b/internal/go-sso/oidcauth/util_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package oidcauth
 
diff --git a/internal/mesh/exports.go b/internal/mesh/exports.go
index 6a6f97221f30..753c10a7ba93 100644
--- a/internal/mesh/exports.go
+++ b/internal/mesh/exports.go
@@ -1,11 +1,9 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package mesh
 
 import (
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/mesh/internal/controllers"
 	"github.com/hashicorp/consul/internal/mesh/internal/types"
 	"github.com/hashicorp/consul/internal/resource"
 )
@@ -19,39 +17,13 @@ var (
 
 	// Resource Kind Names.
 
-	ProxyConfigurationKind     = types.ProxyConfigurationKind
-	UpstreamsKind              = types.UpstreamsKind
-	UpstreamsConfigurationKind = types.UpstreamsConfigurationKind
-	ProxyStateKind             = types.ProxyStateTemplateKind
-	HTTPRouteKind              = types.HTTPRouteKind
-	GRPCRouteKind              = types.GRPCRouteKind
-	TCPRouteKind               = types.TCPRouteKind
-	DestinationPolicyKind      = types.DestinationPolicyKind
-	ComputedRoutesKind         = types.ComputedRoutesKind
+	ProxyConfigurationKind = types.ProxyConfigurationKind
+	UpstreamsKind          = types.UpstreamsKind
 
 	// Resource Types for the v1alpha1 version.
 
-	ProxyConfigurationV1Alpha1Type              = types.ProxyConfigurationV1Alpha1Type
-	UpstreamsV1Alpha1Type                       = types.UpstreamsV1Alpha1Type
-	UpstreamsConfigurationV1Alpha1Type          = types.UpstreamsConfigurationV1Alpha1Type
-	ProxyStateTemplateConfigurationV1Alpha1Type = types.ProxyStateTemplateV1Alpha1Type
-	HTTPRouteV1Alpha1Type                       = types.HTTPRouteV1Alpha1Type
-	GRPCRouteV1Alpha1Type                       = types.GRPCRouteV1Alpha1Type
-	TCPRouteV1Alpha1Type                        = types.TCPRouteV1Alpha1Type
-	DestinationPolicyV1Alpha1Type               = types.DestinationPolicyV1Alpha1Type
-	ComputedRoutesV1Alpha1Type                  = types.ComputedRoutesV1Alpha1Type
-
-	// Resource Types for the latest version.
-
-	ProxyConfigurationType              = types.ProxyConfigurationType
-	UpstreamsType                       = types.UpstreamsType
-	UpstreamsConfigurationType          = types.UpstreamsConfigurationType
-	ProxyStateTemplateConfigurationType = types.ProxyStateTemplateType
-	HTTPRouteType                       = types.HTTPRouteType
-	GRPCRouteType                       = types.GRPCRouteType
-	TCPRouteType                        = types.TCPRouteType
-	DestinationPolicyType               = types.DestinationPolicyType
-	ComputedRoutesType                  = types.ComputedRoutesType
+	ProxyConfigurationV1Alpha1Type = types.ProxyConfigurationV1Alpha1Type
+	UpstreamsV1Alpha1Type          = types.UpstreamsV1Alpha1Type
 )
 
 // RegisterTypes adds all resource types within the "catalog" API group
@@ -59,11 +31,3 @@ var (
 func RegisterTypes(r resource.Registry) {
 	types.Register(r)
 }
-
-// RegisterControllers registers controllers for the mesh types with
-// the given controller Manager.
-func RegisterControllers(mgr *controller.Manager, deps ControllerDependencies) {
-	controllers.Register(mgr, deps)
-}
-
-type ControllerDependencies = controllers.Dependencies
diff --git a/internal/mesh/internal/controllers/register.go b/internal/mesh/internal/controllers/register.go
deleted file mode 100644
index adfdd5c8afc0..000000000000
--- a/internal/mesh/internal/controllers/register.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package controllers
-
-import (
-	"github.com/hashicorp/consul/internal/catalog"
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/mesh/internal/controllers/xds"
-	"github.com/hashicorp/consul/internal/mesh/internal/types"
-	"github.com/hashicorp/consul/internal/resource/mappers/bimapper"
-)
-
-type Dependencies struct {
-	TrustBundleFetcher xds.TrustBundleFetcher
-	ProxyUpdater       xds.ProxyUpdater
-}
-
-func Register(mgr *controller.Manager, deps Dependencies) {
-	mapper := bimapper.New(types.ProxyStateTemplateType, catalog.ServiceEndpointsType)
-	mgr.Register(xds.Controller(mapper, deps.ProxyUpdater, deps.TrustBundleFetcher))
-}
diff --git a/internal/mesh/internal/controllers/xds/controller.go b/internal/mesh/internal/controllers/xds/controller.go
deleted file mode 100644
index 04afeecc50c4..000000000000
--- a/internal/mesh/internal/controllers/xds/controller.go
+++ /dev/null
@@ -1,184 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xds
-
-import (
-	"context"
-
-	"github.com/hashicorp/consul/internal/catalog"
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/mesh/internal/controllers/xds/status"
-	"github.com/hashicorp/consul/internal/mesh/internal/types"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/resource/mappers/bimapper"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const ControllerName = "consul.io/xds-controller"
-
-func Controller(mapper *bimapper.Mapper, updater ProxyUpdater, fetcher TrustBundleFetcher) controller.Controller {
-	if mapper == nil || updater == nil || fetcher == nil {
-		panic("mapper, updater and fetcher are required")
-	}
-
-	return controller.ForType(types.ProxyStateTemplateType).
-		WithWatch(catalog.ServiceEndpointsType, mapper.MapLink).
-		WithCustomWatch(proxySource(updater), proxyMapper).
-		WithPlacement(controller.PlacementEachServer).
-		WithReconciler(&xdsReconciler{bimapper: mapper, updater: updater, fetchTrustBundle: fetcher})
-}
-
-type xdsReconciler struct {
-	bimapper         *bimapper.Mapper
-	updater          ProxyUpdater
-	fetchTrustBundle TrustBundleFetcher
-}
-
-type TrustBundleFetcher func() (*pbproxystate.TrustBundle, error)
-
-// ProxyUpdater is an interface that defines the ability to push proxy updates to the updater
-// and also check its connectivity to the server.
-type ProxyUpdater interface {
-	// PushChange allows pushing a computed ProxyState to xds for xds resource generation to send to a proxy.
-	PushChange(id *pbresource.ID, snapshot proxysnapshot.ProxySnapshot) error
-
-	// ProxyConnectedToServer returns whether this id is connected to this server.
-	ProxyConnectedToServer(id *pbresource.ID) bool
-
-	// EventChannel returns a channel of events that are consumed by the Custom Watcher.
-	EventChannel() chan controller.Event
-}
-
-func (r *xdsReconciler) Reconcile(ctx context.Context, rt controller.Runtime, req controller.Request) error {
-	rt.Logger = rt.Logger.With("resource-id", req.ID, "controller", ControllerName)
-
-	rt.Logger.Trace("reconciling  proxy state template", "id", req.ID)
-
-	// Get the ProxyStateTemplate.
-	proxyStateTemplate, err := getProxyStateTemplate(ctx, rt, req.ID)
-	if err != nil {
-		rt.Logger.Error("error reading proxy state template", "error", err)
-		return err
-	}
-
-	if proxyStateTemplate == nil || proxyStateTemplate.Template == nil || !r.updater.ProxyConnectedToServer(req.ID) {
-		rt.Logger.Trace("proxy state template has been deleted or this controller is not responsible for this proxy state template", "id", req.ID)
-
-		// If the proxy state was deleted, we should remove references to it in the mapper.
-		r.bimapper.UntrackItem(req.ID)
-
-		return nil
-	}
-
-	var (
-		statusCondition *pbresource.Condition
-		pstResource     *pbresource.Resource
-	)
-	pstResource = proxyStateTemplate.Resource
-
-	// Initialize the ProxyState endpoints map.
-	if proxyStateTemplate.Template.ProxyState == nil {
-		rt.Logger.Error("proxy state was missing from proxy state template")
-		// Set the status.
-		statusCondition = status.ConditionRejectedNilProxyState(status.KeyFromID(req.ID))
-		status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
-
-		return err
-	}
-
-	// TODO: Fetch trust bundles for all peers when peering is supported.
-	trustBundle, err := r.fetchTrustBundle()
-	if err != nil {
-		rt.Logger.Error("error fetching root trust bundle", "error", err)
-		// Set the status.
-		statusCondition = status.ConditionRejectedTrustBundleFetchFailed(status.KeyFromID(req.ID))
-		status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
-		return err
-	}
-
-	if proxyStateTemplate.Template.ProxyState.TrustBundles == nil {
-		proxyStateTemplate.Template.ProxyState.TrustBundles = make(map[string]*pbproxystate.TrustBundle)
-	}
-	// TODO: Figure out the correct key for the default trust bundle.
-	proxyStateTemplate.Template.ProxyState.TrustBundles["local"] = trustBundle
-
-	if proxyStateTemplate.Template.ProxyState.Endpoints == nil {
-		proxyStateTemplate.Template.ProxyState.Endpoints = make(map[string]*pbproxystate.Endpoints)
-	}
-
-	// Iterate through the endpoint references.
-	// For endpoints, the controller should:
-	//  1. Resolve ServiceEndpoint references
-	//  2. Translate them into pbproxystate.Endpoints
-	//  3. Add the pbproxystate.Endpoints to the ProxyState endpoints map.
-	//  4. Track relationships between ProxyState and ServiceEndpoints, such that we can look up ServiceEndpoints and
-	//  figure out which ProxyStates are associated with it (for mapping watches) and vice versa (for looking up
-	//  references). The bimapper package is useful for tracking these relationships.
-	endpointReferencesMap := proxyStateTemplate.Template.RequiredEndpoints
-	var endpointsInProxyStateTemplate []resource.ReferenceOrID
-	for xdsClusterName, endpointRef := range endpointReferencesMap {
-
-		// Step 1: Resolve the reference by looking up the ServiceEndpoints.
-		// serviceEndpoints will not be nil unless there is an error.
-		serviceEndpoints, err := getServiceEndpoints(ctx, rt, endpointRef.Id)
-		if err != nil {
-			rt.Logger.Error("error reading service endpoint", "id", endpointRef.Id, "error", err)
-			// Set the status.
-			statusCondition = status.ConditionRejectedErrorReadingEndpoints(status.KeyFromID(endpointRef.Id), err.Error())
-			status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
-
-			return err
-		}
-
-		// Step 2: Translate it into pbproxystate.Endpoints.
-		psEndpoints, err := generateProxyStateEndpoints(serviceEndpoints, endpointRef.Port)
-		if err != nil {
-			rt.Logger.Error("error translating service endpoints to proxy state endpoints", "endpoint", endpointRef.Id, "error", err)
-
-			// Set the status.
-			statusCondition = status.ConditionRejectedCreatingProxyStateEndpoints(status.KeyFromID(endpointRef.Id), err.Error())
-			status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
-
-			return err
-		}
-
-		// Step 3: Add the endpoints to ProxyState.
-		proxyStateTemplate.Template.ProxyState.Endpoints[xdsClusterName] = psEndpoints
-
-		// Track all the endpoints that are used by this ProxyStateTemplate, so we can use this for step 4.
-		endpointResourceRef := resource.Reference(endpointRef.Id, "")
-		endpointsInProxyStateTemplate = append(endpointsInProxyStateTemplate, endpointResourceRef)
-
-	}
-
-	// Step 4: Track relationships between ProxyStateTemplates and ServiceEndpoints.
-	r.bimapper.TrackItem(req.ID, endpointsInProxyStateTemplate)
-
-	computedProxyState := proxyStateTemplate.Template.ProxyState
-
-	err = r.updater.PushChange(req.ID, &proxytracker.ProxyState{ProxyState: computedProxyState})
-	if err != nil {
-		// Set the status.
-		statusCondition = status.ConditionRejectedPushChangeFailed(status.KeyFromID(req.ID))
-		status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
-		return err
-	}
-
-	// Set the status.
-	statusCondition = status.ConditionAccepted()
-	status.WriteStatusIfChanged(ctx, rt, pstResource, statusCondition)
-	return nil
-}
-
-func resourceIdToReference(id *pbresource.ID) *pbresource.Reference {
-	ref := &pbresource.Reference{
-		Name:    id.GetName(),
-		Type:    id.GetType(),
-		Tenancy: id.GetTenancy(),
-	}
-	return ref
-}
diff --git a/internal/mesh/internal/controllers/xds/controller_test.go b/internal/mesh/internal/controllers/xds/controller_test.go
deleted file mode 100644
index 627615d54e71..000000000000
--- a/internal/mesh/internal/controllers/xds/controller_test.go
+++ /dev/null
@@ -1,736 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xds
-
-import (
-	"context"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	"github.com/stretchr/testify/suite"
-
-	svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing"
-	"github.com/hashicorp/consul/internal/catalog"
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/mesh/internal/controllers/xds/status"
-	"github.com/hashicorp/consul/internal/mesh/internal/types"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/resource/mappers/bimapper"
-	"github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/proto/private/prototest"
-	"github.com/hashicorp/consul/sdk/testutil"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
-)
-
-type xdsControllerTestSuite struct {
-	suite.Suite
-
-	ctx     context.Context
-	client  *resourcetest.Client
-	runtime controller.Runtime
-
-	ctl     *xdsReconciler
-	mapper  *bimapper.Mapper
-	updater *mockUpdater
-	fetcher TrustBundleFetcher
-
-	fooProxyStateTemplate          *pbresource.Resource
-	barProxyStateTemplate          *pbresource.Resource
-	barEndpointRefs                map[string]*pbproxystate.EndpointRef
-	fooEndpointRefs                map[string]*pbproxystate.EndpointRef
-	fooEndpoints                   *pbresource.Resource
-	fooService                     *pbresource.Resource
-	fooBarEndpoints                *pbresource.Resource
-	fooBarService                  *pbresource.Resource
-	expectedFooProxyStateEndpoints map[string]*pbproxystate.Endpoints
-	expectedBarProxyStateEndpoints map[string]*pbproxystate.Endpoints
-	expectedTrustBundle            map[string]*pbproxystate.TrustBundle
-}
-
-func (suite *xdsControllerTestSuite) SetupTest() {
-	suite.ctx = testutil.TestContext(suite.T())
-	resourceClient := svctest.RunResourceService(suite.T(), types.Register, catalog.RegisterTypes)
-	suite.runtime = controller.Runtime{Client: resourceClient, Logger: testutil.Logger(suite.T())}
-	suite.client = resourcetest.NewClient(resourceClient)
-	suite.fetcher = mockFetcher
-
-	suite.mapper = bimapper.New(types.ProxyStateTemplateType, catalog.ServiceEndpointsType)
-	suite.updater = newMockUpdater()
-
-	suite.ctl = &xdsReconciler{
-		bimapper:         suite.mapper,
-		updater:          suite.updater,
-		fetchTrustBundle: suite.fetcher,
-	}
-}
-
-func mockFetcher() (*pbproxystate.TrustBundle, error) {
-	var bundle pbproxystate.TrustBundle
-	bundle = pbproxystate.TrustBundle{
-		TrustDomain: "some-trust-domain",
-		Roots:       []string{"some-root", "some-other-root"},
-	}
-	return &bundle, nil
-}
-
-// This test ensures when a ProxyState is deleted, it is no longer tracked in the mapper.
-func (suite *xdsControllerTestSuite) TestReconcile_NoProxyStateTemplate() {
-	// Track the id of a non-existent ProxyStateTemplate.
-	proxyStateTemplateId := resourcetest.Resource(types.ProxyStateTemplateType, "not-found").ID()
-	suite.mapper.TrackItem(proxyStateTemplateId, []resource.ReferenceOrID{})
-
-	// Run the reconcile, and since no ProxyStateTemplate is stored, this simulates a deletion.
-	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
-		ID: proxyStateTemplateId,
-	})
-	require.NoError(suite.T(), err)
-
-	// Assert that nothing is tracked in the mapper.
-	require.True(suite.T(), suite.mapper.IsEmpty())
-}
-
-// This test ensures if the controller was previously tracking a ProxyStateTemplate, and now that proxy has
-// disconnected from this server, it's ignored and removed from the mapper.
-func (suite *xdsControllerTestSuite) TestReconcile_RemoveTrackingProxiesNotConnectedToServer() {
-	// Store the initial ProxyStateTemplate and track it in the mapper.
-	proxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "test").
-		WithData(suite.T(), &pbmesh.ProxyStateTemplate{}).
-		Write(suite.T(), suite.client)
-
-	suite.mapper.TrackItem(proxyStateTemplate.Id, []resource.ReferenceOrID{})
-
-	// Simulate the proxy disconnecting from this server. The resource still exists, but this proxy might be connected
-	// to a different server now, so we no longer need to track it.
-	suite.updater.notConnected = true
-
-	// Run the reconcile.
-	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
-		ID: proxyStateTemplate.Id,
-	})
-	require.NoError(suite.T(), err)
-
-	// Assert that nothing is tracked in the mapper.
-	require.True(suite.T(), suite.mapper.IsEmpty())
-}
-
-// This test sets up the updater to return an error when calling PushChange, and ensures the status is set
-// correctly.
-func (suite *xdsControllerTestSuite) TestReconcile_PushChangeError() {
-	// Have the mock simulate an error from the PushChange call.
-	suite.updater.pushChangeError = true
-
-	// Setup a happy path scenario.
-	suite.setupFooProxyStateTemplateAndEndpoints()
-
-	// Run the reconcile.
-	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
-		ID: suite.fooProxyStateTemplate.Id,
-	})
-	require.Error(suite.T(), err)
-
-	// Assert on the status reflecting endpoint not found.
-	suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedPushChangeFailed(status.KeyFromID(suite.fooProxyStateTemplate.Id)))
-}
-
-// This test sets up a ProxyStateTemplate that references a ServiceEndpoints that doesn't exist, and ensures the
-// status is correct.
-func (suite *xdsControllerTestSuite) TestReconcile_MissingEndpoint() {
-	// Set fooProxyStateTemplate with a reference to fooEndpoints, without storing fooEndpoints so the controller should
-	// notice it's missing.
-	fooEndpointsId := resourcetest.Resource(catalog.ServiceEndpointsType, "foo-service").ID()
-	fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef)
-	fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{
-		Id:   fooEndpointsId,
-		Port: "mesh",
-	}
-
-	fooProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "foo-pst").
-		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
-			RequiredEndpoints: fooRequiredEndpoints,
-			ProxyState:        &pbmesh.ProxyState{},
-		}).
-		Write(suite.T(), suite.client)
-
-	retry.Run(suite.T(), func(r *retry.R) {
-		suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id)
-	})
-
-	// Run the reconcile.
-	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
-		ID: fooProxyStateTemplate.Id,
-	})
-	require.Error(suite.T(), err)
-
-	// Assert on the status reflecting endpoint not found.
-	suite.client.RequireStatusCondition(suite.T(), fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedErrorReadingEndpoints(status.KeyFromID(fooEndpointsId), "rpc error: code = NotFound desc = resource not found"))
-}
-
-// This test sets up a ProxyStateTemplate that references a ServiceEndpoints that can't be read correctly, and
-// checks the status is correct.
-func (suite *xdsControllerTestSuite) TestReconcile_ReadEndpointError() {
-	badID := &pbresource.ID{
-		Type: &pbresource.Type{
-			Group:        "not",
-			Kind:         "found",
-			GroupVersion: "vfake",
-		},
-		Tenancy: &pbresource.Tenancy{Namespace: "default", Partition: "default", PeerName: "local"},
-	}
-	fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef)
-	fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{
-		Id:   badID,
-		Port: "mesh",
-	}
-
-	fooProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "foo-pst").
-		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
-			RequiredEndpoints: fooRequiredEndpoints,
-			ProxyState:        &pbmesh.ProxyState{},
-		}).
-		Write(suite.T(), suite.client)
-
-	retry.Run(suite.T(), func(r *retry.R) {
-		suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id)
-	})
-
-	// Run the reconcile.
-	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
-		ID: fooProxyStateTemplate.Id,
-	})
-	require.Error(suite.T(), err)
-
-	// Assert on the status reflecting endpoint couldn't be read.
-	suite.client.RequireStatusCondition(suite.T(), fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedErrorReadingEndpoints(status.KeyFromID(badID), "rpc error: code = InvalidArgument desc = id.name is required"))
-}
-
-// This test is a happy path creation test to make sure pbproxystate.Endpoints are created in the computed
-// pbmesh.ProxyState from the RequiredEndpoints references. More specific translations between endpoint references
-// and pbproxystate.Endpoints are unit tested in endpoint_builder.go.
-func (suite *xdsControllerTestSuite) TestReconcile_ProxyStateTemplateComputesEndpoints() {
-	// Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints and store them in the state store.
-	// This setup saves expected values in the suite so it can be asserted against later.
-	suite.setupFooProxyStateTemplateAndEndpoints()
-
-	// Run the reconcile.
-	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
-		ID: suite.fooProxyStateTemplate.Id,
-	})
-	require.NoError(suite.T(), err)
-
-	// Assert on the status.
-	suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
-
-	// Assert that the endpoints computed in the controller matches the expected endpoints.
-	actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
-	prototest.AssertDeepEqual(suite.T(), suite.expectedFooProxyStateEndpoints, actualEndpoints)
-}
-
-func (suite *xdsControllerTestSuite) TestReconcile_ProxyStateTemplateSetsTrustBundles() {
-	// This test is a happy path creation test to make sure pbproxystate.Template.TrustBundles are created in the computed
-	// pbmesh.ProxyState from the TrustBundleFetcher.
-	suite.setupFooProxyStateTemplateAndEndpoints()
-
-	// Run the reconcile.
-	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
-		ID: suite.fooProxyStateTemplate.Id,
-	})
-	require.NoError(suite.T(), err)
-
-	// Assert on the status.
-	suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
-
-	// Assert that the endpoints computed in the controller matches the expected endpoints.
-	actualTrustBundle := suite.updater.GetTrustBundle(suite.fooProxyStateTemplate.Id.Name)
-	prototest.AssertDeepEqual(suite.T(), suite.expectedTrustBundle, actualTrustBundle)
-}
-
-// This test is a happy path creation test that calls reconcile multiple times with a more complex setup. This
-// scenario is trickier to test in the controller test because the end computation of the xds controller is not
-// stored in the state store. So this test ensures that between multiple reconciles the correct ProxyStates are
-// computed for each ProxyStateTemplate.
-func (suite *xdsControllerTestSuite) TestReconcile_MultipleProxyStateTemplatesComputesMultipleEndpoints() {
-	// Set up fooProxyStateTemplate and barProxyStateTemplate and their associated resources and store them. Resources
-	// and expected results are stored in the suite to assert against.
-	suite.setupFooBarProxyStateTemplateAndEndpoints()
-
-	// Reconcile the fooProxyStateTemplate.
-	err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
-		ID: suite.fooProxyStateTemplate.Id,
-	})
-	require.NoError(suite.T(), err)
-
-	// Assert on the status.
-	suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
-
-	// Assert that the endpoints computed in the controller matches the expected endpoints.
-	actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
-	prototest.AssertDeepEqual(suite.T(), suite.expectedFooProxyStateEndpoints, actualEndpoints)
-
-	// Reconcile the barProxyStateTemplate.
-	err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{
-		ID: suite.barProxyStateTemplate.Id,
-	})
-	require.NoError(suite.T(), err)
-
-	// Assert on the status.
-	suite.client.RequireStatusCondition(suite.T(), suite.barProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
-
-	// Assert that the endpoints computed in the controller matches the expected endpoints.
-	actualBarEndpoints := suite.updater.GetEndpoints(suite.barProxyStateTemplate.Id.Name)
-	prototest.AssertDeepEqual(suite.T(), suite.expectedBarProxyStateEndpoints, actualBarEndpoints)
-}
-
-// Sets up a full controller, and tests that reconciles are getting triggered for the events it should.
-func (suite *xdsControllerTestSuite) TestController_ComputeAddUpdateEndpoints() {
-	// Run the controller manager.
-	mgr := controller.NewManager(suite.client, suite.runtime.Logger)
-	mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher))
-	mgr.SetRaftLeader(true)
-	go mgr.Run(suite.ctx)
-
-	// Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints. These need to be stored
-	// because the controller reconcile looks them up.
-	suite.setupFooProxyStateTemplateAndEndpoints()
-
-	// Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to
-	// be in a retry block unlike the Reconcile tests because the controller triggers asynchronously.
-	retry.Run(suite.T(), func(r *retry.R) {
-		actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
-		// Assert on the status.
-		suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
-		// Assert that the endpoints computed in the controller matches the expected endpoints.
-		prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints)
-	})
-
-	// Now, update the endpoint to be unhealthy. This will ensure the controller is getting triggered on changes to this
-	// endpoint that it should be tracking, even when the ProxyStateTemplate does not change.
-	resourcetest.Resource(catalog.ServiceEndpointsType, "foo-service").
-		WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{
-			{
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"mesh": {
-						Port:     20000,
-						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
-					},
-				},
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{
-						Host:  "10.1.1.1",
-						Ports: []string{"mesh"},
-					},
-					{
-						Host:  "10.2.2.2",
-						Ports: []string{"mesh"},
-					},
-				},
-				HealthStatus: pbcatalog.Health_HEALTH_CRITICAL,
-			},
-		}}).
-		WithOwner(suite.fooService.Id).
-		Write(suite.T(), suite.client)
-
-	// Wait for the endpoint to be written.
-	retry.Run(suite.T(), func(r *retry.R) {
-		suite.client.RequireVersionChanged(suite.T(), suite.fooEndpoints.Id, suite.fooEndpoints.Version)
-	})
-
-	// Update the expected endpoints to also have unhealthy status.
-	suite.expectedFooProxyStateEndpoints["test-cluster-1"].Endpoints[0].HealthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
-	suite.expectedFooProxyStateEndpoints["test-cluster-1"].Endpoints[1].HealthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
-
-	retry.Run(suite.T(), func(r *retry.R) {
-		actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
-		// Assert on the status.
-		suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
-		// Assert that the endpoints computed in the controller matches the expected endpoints.
-		prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints)
-	})
-
-	// Now add a new endpoint reference and endpoint to the fooProxyStateTemplate. This will ensure that the controller
-	// now tracks the newly added endpoint.
-	secondService := resourcetest.Resource(catalog.ServiceType, "second-service").
-		WithData(suite.T(), &pbcatalog.Service{}).
-		Write(suite.T(), suite.client)
-
-	secondEndpoints := resourcetest.Resource(catalog.ServiceEndpointsType, "second-service").
-		WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{
-			{
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"mesh": {
-						Port:     20000,
-						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
-					},
-				},
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{
-						Host:  "10.5.5.5",
-						Ports: []string{"mesh"},
-					},
-					{
-						Host:  "10.6.6.6",
-						Ports: []string{"mesh"},
-					},
-				},
-			},
-		}}).
-		WithOwner(secondService.Id).
-		Write(suite.T(), suite.client)
-
-	// Update the endpoint references on the fooProxyStateTemplate.
-	suite.fooEndpointRefs["test-cluster-2"] = &pbproxystate.EndpointRef{
-		Id:   secondEndpoints.Id,
-		Port: "mesh",
-	}
-	oldVersion := suite.fooProxyStateTemplate.Version
-	fooProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "foo-pst").
-		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
-			RequiredEndpoints: suite.fooEndpointRefs,
-			ProxyState:        &pbmesh.ProxyState{},
-		}).
-		Write(suite.T(), suite.client)
-
-	retry.Run(suite.T(), func(r *retry.R) {
-		suite.client.RequireVersionChanged(r, fooProxyStateTemplate.Id, oldVersion)
-	})
-
-	// Update the expected endpoints with this new endpoints.
-	suite.expectedFooProxyStateEndpoints["test-cluster-2"] = &pbproxystate.Endpoints{
-		Endpoints: []*pbproxystate.Endpoint{
-			{
-				Address: &pbproxystate.Endpoint_HostPort{
-					HostPort: &pbproxystate.HostPortAddress{
-						Host: "10.5.5.5",
-						Port: 20000,
-					},
-				},
-				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-			},
-			{
-				Address: &pbproxystate.Endpoint_HostPort{
-					HostPort: &pbproxystate.HostPortAddress{
-						Host: "10.6.6.6",
-						Port: 20000,
-					},
-				},
-				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-			},
-		},
-	}
-
-	retry.Run(suite.T(), func(r *retry.R) {
-		actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
-		// Assert on the status.
-		suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
-		// Assert that the endpoints computed in the controller matches the expected endpoints.
-		prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints)
-	})
-
-}
-
-// Sets up a full controller, and tests that reconciles are getting triggered for the events it should.
-func (suite *xdsControllerTestSuite) TestController_ComputeEndpointForProxyConnections() {
-	// Run the controller manager.
-	mgr := controller.NewManager(suite.client, suite.runtime.Logger)
-
-	mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher))
-	mgr.SetRaftLeader(true)
-	go mgr.Run(suite.ctx)
-
-	// Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints. These need to be stored
-	// because the controller reconcile looks them up.
-	suite.setupFooProxyStateTemplateAndEndpoints()
-
-	// Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to
-	// be in a retry block unlike the Reconcile tests because the controller triggers asynchronously.
-	retry.Run(suite.T(), func(r *retry.R) {
-		actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name)
-		// Assert on the status.
-		suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted())
-		// Assert that the endpoints computed in the controller matches the expected endpoints.
-		prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints)
-	})
-
-	eventChannel := suite.updater.EventChannel()
-	eventChannel <- controller.Event{Obj: &proxytracker.ProxyConnection{ProxyID: suite.fooProxyStateTemplate.Id}}
-
-	// Wait for the proxy state template to be re-evaluated.
-	proxyStateTemp := suite.client.WaitForNewVersion(suite.T(), suite.fooProxyStateTemplate.Id, suite.fooProxyStateTemplate.Version)
-	require.NotNil(suite.T(), proxyStateTemp)
-}
-
-// Setup: fooProxyStateTemplate with an EndpointsRef to fooEndpoints
-// Saves all related resources to the suite so they can be modified if needed.
-func (suite *xdsControllerTestSuite) setupFooProxyStateTemplateAndEndpoints() {
-	fooService := resourcetest.Resource(catalog.ServiceType, "foo-service").
-		WithData(suite.T(), &pbcatalog.Service{}).
-		Write(suite.T(), suite.client)
-
-	fooEndpoints := resourcetest.Resource(catalog.ServiceEndpointsType, "foo-service").
-		WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{
-			{
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"mesh": {
-						Port:     20000,
-						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
-					},
-				},
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{
-						Host:  "10.1.1.1",
-						Ports: []string{"mesh"},
-					},
-					{
-						Host:  "10.2.2.2",
-						Ports: []string{"mesh"},
-					},
-				},
-			},
-		}}).
-		WithOwner(fooService.Id).
-		Write(suite.T(), suite.client)
-
-	fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef)
-	fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{
-		Id:   fooEndpoints.Id,
-		Port: "mesh",
-	}
-
-	fooProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "foo-pst").
-		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
-			RequiredEndpoints: fooRequiredEndpoints,
-			ProxyState:        &pbmesh.ProxyState{},
-		}).
-		Write(suite.T(), suite.client)
-
-	retry.Run(suite.T(), func(r *retry.R) {
-		suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id)
-	})
-
-	expectedFooProxyStateEndpoints := map[string]*pbproxystate.Endpoints{
-		"test-cluster-1": {Endpoints: []*pbproxystate.Endpoint{
-			{
-				Address: &pbproxystate.Endpoint_HostPort{
-					HostPort: &pbproxystate.HostPortAddress{
-						Host: "10.1.1.1",
-						Port: 20000,
-					},
-				},
-				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-			},
-			{
-				Address: &pbproxystate.Endpoint_HostPort{
-					HostPort: &pbproxystate.HostPortAddress{
-						Host: "10.2.2.2",
-						Port: 20000,
-					},
-				},
-				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-			},
-		}},
-	}
-
-	expectedTrustBundle := map[string]*pbproxystate.TrustBundle{
-		"local": {
-			TrustDomain: "some-trust-domain",
-			Roots:       []string{"some-root", "some-other-root"},
-		},
-	}
-
-	suite.fooService = fooService
-	suite.fooEndpoints = fooEndpoints
-	suite.fooEndpointRefs = fooRequiredEndpoints
-	suite.fooProxyStateTemplate = fooProxyStateTemplate
-	suite.expectedFooProxyStateEndpoints = expectedFooProxyStateEndpoints
-	suite.expectedTrustBundle = expectedTrustBundle
-}
-
-// Setup:
-//   - fooProxyStateTemplate with an EndpointsRef to fooEndpoints and fooBarEndpoints.
-//   - barProxyStateTemplate with an EndpointsRef to fooBarEndpoints.
-//
-// Saves all related resources to the suite so they can be modified if needed.
-func (suite *xdsControllerTestSuite) setupFooBarProxyStateTemplateAndEndpoints() {
-	fooService := resourcetest.Resource(catalog.ServiceType, "foo-service").
-		WithData(suite.T(), &pbcatalog.Service{}).
-		Write(suite.T(), suite.client)
-
-	fooEndpoints := resourcetest.Resource(catalog.ServiceEndpointsType, "foo-service").
-		WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{
-			{
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"mesh": {
-						Port:     20000,
-						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
-					},
-				},
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{
-						Host:  "10.1.1.1",
-						Ports: []string{"mesh"},
-					},
-					{
-						Host:  "10.2.2.2",
-						Ports: []string{"mesh"},
-					},
-				},
-			},
-		}}).
-		WithOwner(fooService.Id).
-		Write(suite.T(), suite.client)
-
-	fooBarService := resourcetest.Resource(catalog.ServiceType, "foo-bar-service").
-		WithData(suite.T(), &pbcatalog.Service{}).
-		Write(suite.T(), suite.client)
-
-	fooBarEndpoints := resourcetest.Resource(catalog.ServiceEndpointsType, "foo-bar-service").
-		WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{
-			{
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"mesh": {
-						Port:     20000,
-						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
-					},
-				},
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{
-						Host:  "10.3.3.3",
-						Ports: []string{"mesh"},
-					},
-					{
-						Host:  "10.4.4.4",
-						Ports: []string{"mesh"},
-					},
-				},
-			},
-		}}).
-		WithOwner(fooBarService.Id).
-		Write(suite.T(), suite.client)
-
-	fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef)
-	fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{
-		Id:   fooEndpoints.Id,
-		Port: "mesh",
-	}
-	fooRequiredEndpoints["test-cluster-2"] = &pbproxystate.EndpointRef{
-		Id:   fooBarEndpoints.Id,
-		Port: "mesh",
-	}
-
-	barRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef)
-	barRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{
-		Id: fooBarEndpoints.Id,
-		// Sidecar proxy controller will usually set mesh port here.
-		Port: "mesh",
-	}
-
-	fooProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "foo-pst").
-		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
-			// Contains the foo and foobar endpoints.
-			RequiredEndpoints: fooRequiredEndpoints,
-			ProxyState:        &pbmesh.ProxyState{},
-		}).
-		Write(suite.T(), suite.client)
-
-	retry.Run(suite.T(), func(r *retry.R) {
-		suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id)
-	})
-
-	barProxyStateTemplate := resourcetest.Resource(types.ProxyStateTemplateType, "bar-pst").
-		WithData(suite.T(), &pbmesh.ProxyStateTemplate{
-			// Contains the foobar endpoint.
-			RequiredEndpoints: barRequiredEndpoints,
-			ProxyState:        &pbmesh.ProxyState{},
-		}).
-		Write(suite.T(), suite.client)
-
-	retry.Run(suite.T(), func(r *retry.R) {
-		suite.client.RequireResourceExists(r, barProxyStateTemplate.Id)
-	})
-
-	expectedFooProxyStateEndpoints := map[string]*pbproxystate.Endpoints{
-		"test-cluster-1": {Endpoints: []*pbproxystate.Endpoint{
-			{
-				Address: &pbproxystate.Endpoint_HostPort{
-					HostPort: &pbproxystate.HostPortAddress{
-						Host: "10.1.1.1",
-						Port: 20000,
-					},
-				},
-				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-			},
-			{
-				Address: &pbproxystate.Endpoint_HostPort{
-					HostPort: &pbproxystate.HostPortAddress{
-						Host: "10.2.2.2",
-						Port: 20000,
-					},
-				},
-				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-			},
-		}},
-		"test-cluster-2": {Endpoints: []*pbproxystate.Endpoint{
-			{
-				Address: &pbproxystate.Endpoint_HostPort{
-					HostPort: &pbproxystate.HostPortAddress{
-						Host: "10.3.3.3",
-						Port: 20000,
-					},
-				},
-				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-			},
-			{
-				Address: &pbproxystate.Endpoint_HostPort{
-					HostPort: &pbproxystate.HostPortAddress{
-						Host: "10.4.4.4",
-						Port: 20000,
-					},
-				},
-				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-			},
-		}},
-	}
-
-	expectedBarProxyStateEndpoints := map[string]*pbproxystate.Endpoints{
-		"test-cluster-1": {Endpoints: []*pbproxystate.Endpoint{
-			{
-				Address: &pbproxystate.Endpoint_HostPort{
-					HostPort: &pbproxystate.HostPortAddress{
-						Host: "10.3.3.3",
-						Port: 20000,
-					},
-				},
-				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-			},
-			{
-				Address: &pbproxystate.Endpoint_HostPort{
-					HostPort: &pbproxystate.HostPortAddress{
-						Host: "10.4.4.4",
-						Port: 20000,
-					},
-				},
-				HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-			},
-		}},
-	}
-
-	suite.fooProxyStateTemplate = fooProxyStateTemplate
-	suite.barProxyStateTemplate = barProxyStateTemplate
-	suite.barEndpointRefs = barRequiredEndpoints
-	suite.fooEndpointRefs = fooRequiredEndpoints
-	suite.fooEndpoints = fooEndpoints
-	suite.fooService = fooService
-	suite.fooBarEndpoints = fooBarEndpoints
-	suite.fooBarService = fooBarService
-	suite.expectedFooProxyStateEndpoints = expectedFooProxyStateEndpoints
-	suite.expectedBarProxyStateEndpoints = expectedBarProxyStateEndpoints
-}
-
-func TestXdsController(t *testing.T) {
-	suite.Run(t, new(xdsControllerTestSuite))
-}
diff --git a/internal/mesh/internal/controllers/xds/endpoint_builder.go b/internal/mesh/internal/controllers/xds/endpoint_builder.go
deleted file mode 100644
index 715dd2544bed..000000000000
--- a/internal/mesh/internal/controllers/xds/endpoint_builder.go
+++ /dev/null
@@ -1,75 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xds
-
-import (
-	"fmt"
-	"net"
-
-	"golang.org/x/exp/slices"
-
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-)
-
-func generateProxyStateEndpoints(serviceEndpoints *ServiceEndpointsData, portName string) (*pbproxystate.Endpoints, error) {
-	var psEndpoints []*pbproxystate.Endpoint
-
-	if serviceEndpoints.Endpoints == nil || serviceEndpoints.Resource == nil {
-		return nil, fmt.Errorf("service endpoints requires both endpoints and resource")
-	}
-	eps := serviceEndpoints.Endpoints.GetEndpoints()
-
-	for _, ep := range eps {
-		for _, addr := range ep.Addresses {
-			// Check if the address is using the portName name this proxy state endpoints is for. If it does, create the
-			// endpoint.
-			if slices.Contains(addr.Ports, portName) {
-				// Lookup the portName number from the portName name.
-				wlPort, ok := ep.Ports[portName]
-				if !ok {
-					// This should never happen, as it should be validated by the ServiceEndpoints controller.
-					return nil, fmt.Errorf("could not find portName %q in endpoint %s", portName, serviceEndpoints.Resource.Id)
-				}
-				portNum := wlPort.Port
-
-				psEndpoint, err := createProxyStateEndpoint(addr.Host, portNum, ep.HealthStatus)
-				if err != nil {
-					return nil, err
-				}
-				psEndpoints = append(psEndpoints, psEndpoint)
-			}
-		}
-	}
-
-	return &pbproxystate.Endpoints{Endpoints: psEndpoints}, nil
-}
-
-func createProxyStateEndpoint(host string, port uint32, health pbcatalog.Health) (*pbproxystate.Endpoint, error) {
-	addr := net.ParseIP(host)
-	if addr == nil {
-		return nil, fmt.Errorf("host is not an ip")
-	}
-
-	psEndpoint := &pbproxystate.Endpoint{
-		Address: &pbproxystate.Endpoint_HostPort{
-			HostPort: &pbproxystate.HostPortAddress{
-				Host: host,
-				Port: port,
-			},
-		},
-		HealthStatus: endpointHealth(health),
-		// TODO(xds): Weight will be added later. More information is potentially needed in the reference.
-	}
-	return psEndpoint, nil
-}
-
-func endpointHealth(catalogHealth pbcatalog.Health) pbproxystate.HealthStatus {
-	health := pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY
-
-	if catalogHealth == pbcatalog.Health_HEALTH_CRITICAL {
-		health = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY
-	}
-	return health
-}
diff --git a/internal/mesh/internal/controllers/xds/endpoint_builder_test.go b/internal/mesh/internal/controllers/xds/endpoint_builder_test.go
deleted file mode 100644
index 3340014e0625..000000000000
--- a/internal/mesh/internal/controllers/xds/endpoint_builder_test.go
+++ /dev/null
@@ -1,236 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xds
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/internal/catalog"
-	"github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"github.com/hashicorp/consul/proto/private/prototest"
-)
-
-func TestMakeProxyStateEndpointsFromServiceEndpoints(t *testing.T) {
-	type test struct {
-		name                        string
-		serviceEndpointsData        *ServiceEndpointsData
-		portName                    string
-		expErr                      string
-		expectedProxyStateEndpoints *pbproxystate.Endpoints
-	}
-	cases := []test{
-		{
-			name:                 "endpoints with passing health",
-			serviceEndpointsData: serviceEndpointsData("passing"),
-			portName:             "mesh",
-			expectedProxyStateEndpoints: &pbproxystate.Endpoints{
-				Endpoints: []*pbproxystate.Endpoint{
-					{
-						Address: &pbproxystate.Endpoint_HostPort{
-							HostPort: &pbproxystate.HostPortAddress{
-								Host: "10.1.1.1",
-								Port: 20000,
-							},
-						},
-						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-					},
-					{
-						Address: &pbproxystate.Endpoint_HostPort{
-							HostPort: &pbproxystate.HostPortAddress{
-								Host: "10.2.2.2",
-								Port: 20000,
-							},
-						},
-						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-					},
-					{
-						Address: &pbproxystate.Endpoint_HostPort{
-							HostPort: &pbproxystate.HostPortAddress{
-								Host: "10.3.3.3",
-								Port: 20000,
-							},
-						},
-						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-					},
-				},
-			},
-		},
-		{
-			name:                 "endpoints with critical health",
-			serviceEndpointsData: serviceEndpointsData("critical"),
-			portName:             "mesh",
-			expectedProxyStateEndpoints: &pbproxystate.Endpoints{
-				Endpoints: []*pbproxystate.Endpoint{
-					{
-						Address: &pbproxystate.Endpoint_HostPort{
-							HostPort: &pbproxystate.HostPortAddress{
-								Host: "10.1.1.1",
-								Port: 20000,
-							},
-						},
-						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY,
-					},
-					{
-						Address: &pbproxystate.Endpoint_HostPort{
-							HostPort: &pbproxystate.HostPortAddress{
-								Host: "10.2.2.2",
-								Port: 20000,
-							},
-						},
-						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY,
-					},
-					{
-						Address: &pbproxystate.Endpoint_HostPort{
-							HostPort: &pbproxystate.HostPortAddress{
-								Host: "10.3.3.3",
-								Port: 20000,
-							},
-						},
-						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY,
-					},
-				},
-			},
-		},
-		{
-			name:                 "endpoints with any health are considered healthy",
-			serviceEndpointsData: serviceEndpointsData("any"),
-			portName:             "mesh",
-			expectedProxyStateEndpoints: &pbproxystate.Endpoints{
-				Endpoints: []*pbproxystate.Endpoint{
-					{
-						Address: &pbproxystate.Endpoint_HostPort{
-							HostPort: &pbproxystate.HostPortAddress{
-								Host: "10.1.1.1",
-								Port: 20000,
-							},
-						},
-						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-					},
-					{
-						Address: &pbproxystate.Endpoint_HostPort{
-							HostPort: &pbproxystate.HostPortAddress{
-								Host: "10.2.2.2",
-								Port: 20000,
-							},
-						},
-						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-					},
-					{
-						Address: &pbproxystate.Endpoint_HostPort{
-							HostPort: &pbproxystate.HostPortAddress{
-								Host: "10.3.3.3",
-								Port: 20000,
-							},
-						},
-						HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY,
-					},
-				},
-			},
-		},
-		{
-			name:                 "endpoints with missing ports returns an error",
-			serviceEndpointsData: serviceEndpointsData("missing port lookup"),
-			portName:             "mesh",
-			expErr:               "could not find portName",
-		},
-		{
-			name:                 "nil endpoints returns an error",
-			serviceEndpointsData: serviceEndpointsData("nil endpoints"),
-			portName:             "mesh",
-			expErr:               "service endpoints requires both endpoints and resource",
-		},
-		{
-			name:                 "nil resource returns an error",
-			serviceEndpointsData: serviceEndpointsData("nil resource"),
-			portName:             "mesh",
-			expErr:               "service endpoints requires both endpoints and resource",
-		},
-		{
-			name:                 "portName doesn't exist in endpoints results in empty endpoints",
-			serviceEndpointsData: serviceEndpointsData("passing"),
-			portName:             "does-not-exist",
-			expectedProxyStateEndpoints: &pbproxystate.Endpoints{
-				Endpoints: []*pbproxystate.Endpoint{},
-			},
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.name, func(t *testing.T) {
-			actualEndpoints, err := generateProxyStateEndpoints(tc.serviceEndpointsData, tc.portName)
-			if tc.expErr != "" {
-				require.ErrorContains(t, err, tc.expErr)
-			} else {
-				prototest.AssertDeepEqual(t, tc.expectedProxyStateEndpoints, actualEndpoints)
-			}
-		})
-	}
-}
-
-func serviceEndpointsData(variation string) *ServiceEndpointsData {
-	r := resourcetest.Resource(catalog.ServiceEndpointsType, "test").Build()
-	eps := &pbcatalog.ServiceEndpoints{
-		Endpoints: []*pbcatalog.Endpoint{
-			{
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"mesh": {
-						Port:     20000,
-						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
-					},
-				},
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{
-						Host:  "10.1.1.1",
-						Ports: []string{"mesh"},
-					},
-					{
-						Host:  "10.2.2.2",
-						Ports: []string{"mesh"},
-					},
-				},
-				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
-			},
-			{
-				Ports: map[string]*pbcatalog.WorkloadPort{
-					"mesh": {
-						Port:     20000,
-						Protocol: pbcatalog.Protocol_PROTOCOL_MESH,
-					},
-				},
-				Addresses: []*pbcatalog.WorkloadAddress{
-					{
-						Host:  "10.3.3.3",
-						Ports: []string{"mesh"},
-					},
-				},
-				HealthStatus: pbcatalog.Health_HEALTH_PASSING,
-			},
-		},
-	}
-
-	switch variation {
-	case "passing":
-	case "critical":
-		eps.Endpoints[0].HealthStatus = pbcatalog.Health_HEALTH_CRITICAL
-		eps.Endpoints[1].HealthStatus = pbcatalog.Health_HEALTH_CRITICAL
-	case "any":
-		eps.Endpoints[0].HealthStatus = pbcatalog.Health_HEALTH_ANY
-		eps.Endpoints[1].HealthStatus = pbcatalog.Health_HEALTH_ANY
-	case "missing port lookup":
-		delete(eps.Endpoints[0].Ports, "mesh")
-	case "nil endpoints":
-		eps = nil
-	case "nil resource":
-		r = nil
-	}
-
-	return &ServiceEndpointsData{
-		Resource:  r,
-		Endpoints: eps,
-	}
-}
diff --git a/internal/mesh/internal/controllers/xds/mock_updater.go b/internal/mesh/internal/controllers/xds/mock_updater.go
deleted file mode 100644
index f17a388e8e8b..000000000000
--- a/internal/mesh/internal/controllers/xds/mock_updater.go
+++ /dev/null
@@ -1,112 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xds
-
-import (
-	"fmt"
-	"sync"
-
-	"github.com/hashicorp/consul/internal/controller"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
-	"github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-// mockUpdater mocks the updater functions, and stores ProxyStates from calls to PushChange, so we can assert it was
-// computed correctly in the controller.
-type mockUpdater struct {
-	lock sync.Mutex
-	// latestPs is a map from a ProxyStateTemplate's id.Name in string form to the last computed ProxyState for that
-	// ProxyStateTemplate.
-	latestPs        map[string]proxysnapshot.ProxySnapshot
-	notConnected    bool
-	pushChangeError bool
-	eventChan       chan controller.Event
-}
-
-func newMockUpdater() *mockUpdater {
-	return &mockUpdater{
-		latestPs: make(map[string]proxysnapshot.ProxySnapshot),
-	}
-}
-
-func (m *mockUpdater) SetPushChangeErrorTrue() {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	m.pushChangeError = true
-}
-
-func (m *mockUpdater) SetProxyAsNotConnected() {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	m.notConnected = true
-}
-
-func (m *mockUpdater) PushChange(id *pbresource.ID, snapshot proxysnapshot.ProxySnapshot) error {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	if m.pushChangeError {
-		return fmt.Errorf("mock push change error")
-	} else {
-		m.setUnsafe(id.Name, snapshot.(*proxytracker.ProxyState))
-	}
-	return nil
-}
-
-func (m *mockUpdater) ProxyConnectedToServer(_ *pbresource.ID) bool {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	if m.notConnected {
-		return false
-	}
-	return true
-}
-
-func (m *mockUpdater) EventChannel() chan controller.Event {
-	if m.eventChan == nil {
-		m.eventChan = make(chan controller.Event)
-	}
-	return m.eventChan
-}
-
-func (p *mockUpdater) Get(name string) *proxytracker.ProxyState {
-	p.lock.Lock()
-	defer p.lock.Unlock()
-	ps, ok := p.latestPs[name]
-	if ok {
-		return ps.(*proxytracker.ProxyState)
-	}
-	return nil
-}
-
-func (p *mockUpdater) GetEndpoints(name string) map[string]*pbproxystate.Endpoints {
-	p.lock.Lock()
-	defer p.lock.Unlock()
-	ps, ok := p.latestPs[name]
-	if ok {
-		return ps.(*proxytracker.ProxyState).Endpoints
-	}
-	return nil
-}
-
-func (p *mockUpdater) GetTrustBundle(name string) map[string]*pbproxystate.TrustBundle {
-	p.lock.Lock()
-	defer p.lock.Unlock()
-	ps, ok := p.latestPs[name]
-	if ok {
-		return ps.(*proxytracker.ProxyState).TrustBundles
-	}
-	return nil
-}
-
-func (p *mockUpdater) Set(name string, ps *proxytracker.ProxyState) {
-	p.lock.Lock()
-	defer p.lock.Unlock()
-	p.setUnsafe(name, ps)
-}
-
-func (p *mockUpdater) setUnsafe(name string, ps *proxytracker.ProxyState) {
-	p.latestPs[name] = ps
-}
diff --git a/internal/mesh/internal/controllers/xds/proxy_tracker_watch.go b/internal/mesh/internal/controllers/xds/proxy_tracker_watch.go
deleted file mode 100644
index 419a200a9104..000000000000
--- a/internal/mesh/internal/controllers/xds/proxy_tracker_watch.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package xds
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/hashicorp/consul/internal/controller"
-	proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker"
-)
-
-func proxySource(updater ProxyUpdater) *controller.Source {
-	return &controller.Source{Source: updater.EventChannel()}
-}
-
-func proxyMapper(ctx context.Context, rt controller.Runtime, event controller.Event) ([]controller.Request, error) {
-	connection, ok := event.Obj.(*proxytracker.ProxyConnection)
-	if !ok {
-		return nil, fmt.Errorf("expected event to be of type *proxytracker.ProxyConnection but was %+v", event)
-	}
-	return []controller.Request{{ID: connection.ProxyID}}, nil
-}
diff --git a/internal/mesh/internal/controllers/xds/reconciliation_data.go b/internal/mesh/internal/controllers/xds/reconciliation_data.go
deleted file mode 100644
index a4aae8fdc43f..000000000000
--- a/internal/mesh/internal/controllers/xds/reconciliation_data.go
+++ /dev/null
@@ -1,61 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package xds
-
-import (
-	"context"
-
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/resource"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-type ServiceEndpointsData struct {
-	Resource  *pbresource.Resource
-	Endpoints *pbcatalog.ServiceEndpoints
-}
-
-type ProxyStateTemplateData struct {
-	Resource *pbresource.Resource
-	Template *pbmesh.ProxyStateTemplate
-}
-
-// getServiceEndpoints will return a non-nil &ServiceEndpointsData unless there is an error.
-func getServiceEndpoints(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*ServiceEndpointsData, error) {
-	rsp, err := rt.Client.Read(ctx, &pbresource.ReadRequest{Id: id})
-	if err != nil {
-		return nil, err
-	}
-
-	var se pbcatalog.ServiceEndpoints
-	err = rsp.Resource.Data.UnmarshalTo(&se)
-	if err != nil {
-		return nil, resource.NewErrDataParse(&se, err)
-	}
-
-	return &ServiceEndpointsData{Resource: rsp.Resource, Endpoints: &se}, nil
-}
-
-func getProxyStateTemplate(ctx context.Context, rt controller.Runtime, id *pbresource.ID) (*ProxyStateTemplateData, error) {
-	rsp, err := rt.Client.Read(ctx, &pbresource.ReadRequest{Id: id})
-	switch {
-	case status.Code(err) == codes.NotFound:
-		return nil, nil
-	case err != nil:
-		return nil, err
-	}
-
-	var pst pbmesh.ProxyStateTemplate
-	err = rsp.Resource.Data.UnmarshalTo(&pst)
-	if err != nil {
-		return nil, resource.NewErrDataParse(&pst, err)
-	}
-
-	return &ProxyStateTemplateData{Resource: rsp.Resource, Template: &pst}, nil
-}
diff --git a/internal/mesh/internal/controllers/xds/status/status.go b/internal/mesh/internal/controllers/xds/status/status.go
deleted file mode 100644
index 0aff944f5495..000000000000
--- a/internal/mesh/internal/controllers/xds/status/status.go
+++ /dev/null
@@ -1,104 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package status
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	StatusConditionProxyStateAccepted             = "ProxyStateAccepted"
-	StatusReasonNilProxyState                     = "ProxyStateNil"
-	StatusReasonProxyStateReferencesComputed      = "ProxyStateReferencesComputed"
-	StatusReasonEndpointNotRead                   = "ProxyStateEndpointReferenceReadError"
-	StatusReasonCreatingProxyStateEndpointsFailed = "ProxyStateEndpointsNotComputed"
-	StatusReasonPushChangeFailed                  = "ProxyStatePushChangeFailed"
-	StatusReasonTrustBundleFetchFailed            = "ProxyStateTrustBundleFetchFailed"
-)
-
-func KeyFromID(id *pbresource.ID) string {
-	return fmt.Sprintf("%s/%s/%s",
-		resource.ToGVK(id.Type),
-		resource.TenancyToString(id.Tenancy),
-		id.Name)
-}
-
-func ConditionAccepted() *pbresource.Condition {
-	return &pbresource.Condition{
-		Type:    StatusConditionProxyStateAccepted,
-		State:   pbresource.Condition_STATE_TRUE,
-		Reason:  StatusReasonProxyStateReferencesComputed,
-		Message: fmt.Sprintf("proxy state was computed and pushed."),
-	}
-}
-func ConditionRejectedNilProxyState(pstRef string) *pbresource.Condition {
-	return &pbresource.Condition{
-		Type:    StatusConditionProxyStateAccepted,
-		State:   pbresource.Condition_STATE_FALSE,
-		Reason:  StatusReasonNilProxyState,
-		Message: fmt.Sprintf("nil proxy state is not valid %q.", pstRef),
-	}
-}
-func ConditionRejectedErrorReadingEndpoints(endpointRef string, err string) *pbresource.Condition {
-	return &pbresource.Condition{
-		Type:    StatusConditionProxyStateAccepted,
-		State:   pbresource.Condition_STATE_FALSE,
-		Reason:  StatusReasonEndpointNotRead,
-		Message: fmt.Sprintf("error reading referenced service endpoints %q: %s", endpointRef, err),
-	}
-}
-func ConditionRejectedCreatingProxyStateEndpoints(endpointRef string, err string) *pbresource.Condition {
-	return &pbresource.Condition{
-		Type:    StatusConditionProxyStateAccepted,
-		State:   pbresource.Condition_STATE_FALSE,
-		Reason:  StatusReasonCreatingProxyStateEndpointsFailed,
-		Message: fmt.Sprintf("could not create proxy state endpoints from service endpoints %q: %s", endpointRef, err),
-	}
-}
-func ConditionRejectedPushChangeFailed(pstRef string) *pbresource.Condition {
-	return &pbresource.Condition{
-		Type:    StatusConditionProxyStateAccepted,
-		State:   pbresource.Condition_STATE_FALSE,
-		Reason:  StatusReasonPushChangeFailed,
-		Message: fmt.Sprintf("failed to push change for proxy state template %q", pstRef),
-	}
-}
-func ConditionRejectedTrustBundleFetchFailed(pstRef string) *pbresource.Condition {
-	return &pbresource.Condition{
-		Type:    StatusConditionProxyStateAccepted,
-		State:   pbresource.Condition_STATE_FALSE,
-		Reason:  StatusReasonTrustBundleFetchFailed,
-		Message: fmt.Sprintf("failed to fetch trust bundle for proxy state template %q", pstRef),
-	}
-}
-
-// WriteStatusIfChanged updates the ProxyStateTemplate status if it has changed.
-func WriteStatusIfChanged(ctx context.Context, rt controller.Runtime, res *pbresource.Resource, condition *pbresource.Condition) {
-	newStatus := &pbresource.Status{
-		ObservedGeneration: res.Generation,
-		Conditions: []*pbresource.Condition{
-			condition,
-		},
-	}
-	// If the status is unchanged then we should return and avoid the unnecessary write
-	const controllerName = "consul.io/xds-controller"
-	if resource.EqualStatus(res.Status[controllerName], newStatus, false) {
-		return
-	} else {
-		_, err := rt.Client.WriteStatus(ctx, &pbresource.WriteStatusRequest{
-			Id:     res.Id,
-			Key:    controllerName,
-			Status: newStatus,
-		})
-
-		if err != nil {
-			rt.Logger.Error("error updating the proxy state template status", "error", err, "proxyStateTeamplate", res.Id)
-		}
-	}
-}
diff --git a/internal/mesh/internal/types/computed_routes.go b/internal/mesh/internal/types/computed_routes.go
deleted file mode 100644
index c43627c896c4..000000000000
--- a/internal/mesh/internal/types/computed_routes.go
+++ /dev/null
@@ -1,77 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"github.com/hashicorp/go-multierror"
-
-	"github.com/hashicorp/consul/internal/resource"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	ComputedRoutesKind = "ComputedRoutes"
-)
-
-var (
-	ComputedRoutesV1Alpha1Type = &pbresource.Type{
-		Group:        GroupName,
-		GroupVersion: VersionV1Alpha1,
-		Kind:         ComputedRoutesKind,
-	}
-
-	ComputedRoutesType = ComputedRoutesV1Alpha1Type
-)
-
-func RegisterComputedRoutes(r resource.Registry) {
-	r.Register(resource.Registration{
-		Type:     ComputedRoutesV1Alpha1Type,
-		Proto:    &pbmesh.ComputedRoutes{},
-		Validate: ValidateComputedRoutes,
-	})
-}
-
-func ValidateComputedRoutes(res *pbresource.Resource) error {
-	var config pbmesh.ComputedRoutes
-
-	if err := res.Data.UnmarshalTo(&config); err != nil {
-		return resource.NewErrDataParse(&config, err)
-	}
-
-	var merr error
-
-	if len(config.PortedConfigs) == 0 {
-		merr = multierror.Append(merr, resource.ErrInvalidField{
-			Name:    "ported_configs",
-			Wrapped: resource.ErrEmpty,
-		})
-	}
-
-	// TODO(rb): do more elaborate validation
-
-	for port, pmc := range config.PortedConfigs {
-		wrapErr := func(err error) error {
-			return resource.ErrInvalidMapValue{
-				Map:     "ported_configs",
-				Key:     port,
-				Wrapped: err,
-			}
-		}
-		if pmc.Config == nil {
-			merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
-				Name:    "config",
-				Wrapped: resource.ErrEmpty,
-			}))
-		}
-		if len(pmc.Targets) == 0 {
-			merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
-				Name:    "targets",
-				Wrapped: resource.ErrEmpty,
-			}))
-		}
-	}
-
-	return merr
-}
diff --git a/internal/mesh/internal/types/computed_routes_test.go b/internal/mesh/internal/types/computed_routes_test.go
deleted file mode 100644
index 46b2f890a71e..000000000000
--- a/internal/mesh/internal/types/computed_routes_test.go
+++ /dev/null
@@ -1,92 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto/private/prototest"
-	"github.com/hashicorp/consul/sdk/testutil"
-)
-
-func TestValidateComputedRoutes(t *testing.T) {
-	type testcase struct {
-		routes    *pbmesh.ComputedRoutes
-		expectErr string
-	}
-
-	run := func(t *testing.T, tc testcase) {
-		res := resourcetest.Resource(ComputedRoutesType, "api").
-			WithData(t, tc.routes).
-			Build()
-
-		err := ValidateComputedRoutes(res)
-
-		// Verify that validate didn't actually change the object.
-		got := resourcetest.MustDecode[*pbmesh.ComputedRoutes](t, res)
-		prototest.AssertDeepEqual(t, tc.routes, got.Data)
-
-		if tc.expectErr == "" {
-			require.NoError(t, err)
-		} else {
-			testutil.RequireErrorContains(t, err, tc.expectErr)
-		}
-	}
-
-	cases := map[string]testcase{
-		"empty": {
-			routes:    &pbmesh.ComputedRoutes{},
-			expectErr: `invalid "ported_configs" field: cannot be empty`,
-		},
-		"empty config": {
-			routes: &pbmesh.ComputedRoutes{
-				PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{
-					"http": {
-						Config: nil,
-						Targets: map[string]*pbmesh.BackendTargetDetails{
-							"foo": {},
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within ported_configs: invalid "config" field: cannot be empty`,
-		},
-		"empty targets": {
-			routes: &pbmesh.ComputedRoutes{
-				PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{
-					"http": {
-						Config: &pbmesh.ComputedPortRoutes_Tcp{
-							Tcp: &pbmesh.InterpretedTCPRoute{},
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within ported_configs: invalid "targets" field: cannot be empty`,
-		},
-		"valid": {
-			routes: &pbmesh.ComputedRoutes{
-				PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{
-					"http": {
-						Config: &pbmesh.ComputedPortRoutes_Tcp{
-							Tcp: &pbmesh.InterpretedTCPRoute{},
-						},
-						Targets: map[string]*pbmesh.BackendTargetDetails{
-							"foo": {},
-						},
-					},
-				},
-			},
-		},
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
diff --git a/internal/mesh/internal/types/decoded.go b/internal/mesh/internal/types/decoded.go
deleted file mode 100644
index 90ce21233327..000000000000
--- a/internal/mesh/internal/types/decoded.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"github.com/hashicorp/consul/internal/resource"
-	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-)
-
-type (
-	DecodedHTTPRoute         = resource.DecodedResource[*pbmesh.HTTPRoute]
-	DecodedGRPCRoute         = resource.DecodedResource[*pbmesh.GRPCRoute]
-	DecodedTCPRoute          = resource.DecodedResource[*pbmesh.TCPRoute]
-	DecodedDestinationPolicy = resource.DecodedResource[*pbmesh.DestinationPolicy]
-	DecodedComputedRoutes    = resource.DecodedResource[*pbmesh.ComputedRoutes]
-	DecodedFailoverPolicy    = resource.DecodedResource[*pbcatalog.FailoverPolicy]
-	DecodedService           = resource.DecodedResource[*pbcatalog.Service]
-)
diff --git a/internal/mesh/internal/types/destination_policy.go b/internal/mesh/internal/types/destination_policy.go
deleted file mode 100644
index 1c1cbd57d2e1..000000000000
--- a/internal/mesh/internal/types/destination_policy.go
+++ /dev/null
@@ -1,226 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/hashicorp/go-multierror"
-
-	"github.com/hashicorp/consul/internal/resource"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	DestinationPolicyKind = "DestinationPolicy"
-)
-
-var (
-	DestinationPolicyV1Alpha1Type = &pbresource.Type{
-		Group:        GroupName,
-		GroupVersion: VersionV1Alpha1,
-		Kind:         DestinationPolicyKind,
-	}
-
-	DestinationPolicyType = DestinationPolicyV1Alpha1Type
-)
-
-func RegisterDestinationPolicy(r resource.Registry) {
-	r.Register(resource.Registration{
-		Type:     DestinationPolicyV1Alpha1Type,
-		Proto:    &pbmesh.DestinationPolicy{},
-		Validate: ValidateDestinationPolicy,
-	})
-}
-
-func ValidateDestinationPolicy(res *pbresource.Resource) error {
-	var policy pbmesh.DestinationPolicy
-
-	if err := res.Data.UnmarshalTo(&policy); err != nil {
-		return resource.NewErrDataParse(&policy, err)
-	}
-
-	var merr error
-
-	if len(policy.PortConfigs) == 0 {
-		merr = multierror.Append(merr, resource.ErrInvalidField{
-			Name:    "port_configs",
-			Wrapped: resource.ErrEmpty,
-		})
-	}
-
-	for port, pc := range policy.PortConfigs {
-		wrapErr := func(err error) error {
-			return resource.ErrInvalidMapValue{
-				Map:     "port_configs",
-				Key:     port,
-				Wrapped: err,
-			}
-		}
-
-		if dur := pc.ConnectTimeout.AsDuration(); dur < 0 {
-			merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
-				Name:    "connect_timeout",
-				Wrapped: fmt.Errorf("'%v', must be >= 0", dur),
-			}))
-		}
-		if dur := pc.RequestTimeout.AsDuration(); dur < 0 {
-			merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{
-				Name:    "request_timeout",
-				Wrapped: fmt.Errorf("'%v', must be >= 0", dur),
-			}))
-		}
-
-		if pc.LoadBalancer != nil {
-			lb := pc.LoadBalancer
-			wrapLBErr := func(err error) error {
-				return wrapErr(resource.ErrInvalidField{
-					Name:    "load_balancer",
-					Wrapped: err,
-				})
-			}
-
-			switch lb.Policy {
-			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_UNSPECIFIED:
-				// means just do the default
-			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RANDOM:
-			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_ROUND_ROBIN:
-			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST:
-			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV:
-			case pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH:
-			default:
-				merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
-					Name:    "policy",
-					Wrapped: fmt.Errorf("not a supported enum value: %v", lb.Policy),
-				}))
-			}
-
-			if lb.Policy != pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH && lb.Config != nil {
-				if _, ok := lb.Config.(*pbmesh.LoadBalancer_RingHashConfig); ok {
-					merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
-						Name:    "config",
-						Wrapped: fmt.Errorf("ring_hash_config specified for incompatible load balancing policy %q", lb.Policy),
-					}))
-				}
-			}
-
-			if lb.Policy != pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST && lb.Config != nil {
-				if _, ok := lb.Config.(*pbmesh.LoadBalancer_LeastRequestConfig); ok {
-					merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
-						Name:    "config",
-						Wrapped: fmt.Errorf("least_request_config specified for incompatible load balancing policy %q", lb.Policy),
-					}))
-				}
-			}
-
-			if !lb.Policy.IsHashBased() && len(lb.HashPolicies) > 0 {
-				merr = multierror.Append(merr, wrapLBErr(resource.ErrInvalidField{
-					Name:    "hash_policies",
-					Wrapped: fmt.Errorf("hash_policies specified for non-hash-based policy %q", lb.Policy),
-				}))
-			}
-
-		LOOP:
-			for i, hp := range lb.HashPolicies {
-				wrapHPErr := func(err error) error {
-					return wrapLBErr(resource.ErrInvalidListElement{
-						Name:    "hash_policies",
-						Index:   i,
-						Wrapped: err,
-					})
-				}
-
-				var hasField bool
-				switch hp.Field {
-				case pbmesh.HashPolicyField_HASH_POLICY_FIELD_UNSPECIFIED:
-				case pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
-					pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
-					pbmesh.HashPolicyField_HASH_POLICY_FIELD_QUERY_PARAMETER:
-					hasField = true
-				default:
-					merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
-						Name:    "field",
-						Wrapped: fmt.Errorf("not a supported enum value: %v", hp.Field),
-					}))
-					continue LOOP // no need to keep validating
-				}
-
-				if hp.SourceIp {
-					if hasField {
-						merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
-							Name:    "field",
-							Wrapped: fmt.Errorf("a single hash policy cannot hash both a source address and a %q", hp.Field),
-						}))
-					}
-					if hp.FieldValue != "" {
-						merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
-							Name:    "field_value",
-							Wrapped: errors.New("cannot be specified when hashing source_ip"),
-						}))
-					}
-				}
-
-				if hasField && hp.FieldValue == "" {
-					merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
-						Name:    "field_value",
-						Wrapped: fmt.Errorf("field %q was specified without a field_value", hp.Field),
-					}))
-				}
-				if hp.FieldValue != "" && !hasField {
-					merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
-						Name:    "field",
-						Wrapped: resource.ErrMissing,
-					}))
-					merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
-						Name:    "field_value",
-						Wrapped: errors.New("requires a field to apply to"),
-					}))
-				}
-				if hp.CookieConfig != nil {
-					if hp.Field != pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE {
-						merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
-							Name:    "cookie_config",
-							Wrapped: fmt.Errorf("incompatible with field %q", hp.Field),
-						}))
-					}
-					if hp.CookieConfig.Session && hp.CookieConfig.Ttl.AsDuration() != 0 {
-						merr = multierror.Append(merr, wrapHPErr(resource.ErrInvalidField{
-							Name: "cookie_config",
-							Wrapped: resource.ErrInvalidField{
-								Name:    "ttl",
-								Wrapped: fmt.Errorf("a session cookie cannot have an associated TTL"),
-							},
-						}))
-					}
-				}
-			}
-		}
-
-		if pc.LocalityPrioritization != nil {
-			lp := pc.LocalityPrioritization
-			wrapLPErr := func(err error) error {
-				return wrapErr(resource.ErrInvalidField{
-					Name:    "locality_prioritization",
-					Wrapped: err,
-				})
-			}
-
-			switch lp.Mode {
-			case pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED:
-				// means pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_NONE
-			case pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_NONE:
-			case pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_FAILOVER:
-			default:
-				merr = multierror.Append(merr, wrapLPErr(resource.ErrInvalidField{
-					Name:    "mode",
-					Wrapped: fmt.Errorf("not a supported enum value: %v", lp.Mode),
-				}))
-			}
-		}
-	}
-
-	return merr
-}
diff --git a/internal/mesh/internal/types/destination_policy_test.go b/internal/mesh/internal/types/destination_policy_test.go
deleted file mode 100644
index 960c42aedea2..000000000000
--- a/internal/mesh/internal/types/destination_policy_test.go
+++ /dev/null
@@ -1,510 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/types/known/durationpb"
-
-	"github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto/private/prototest"
-	"github.com/hashicorp/consul/sdk/testutil"
-)
-
-func TestValidateDestinationPolicy(t *testing.T) {
-	type testcase struct {
-		policy     *pbmesh.DestinationPolicy
-		expectErr  string
-		expectErrs []string
-	}
-
-	run := func(t *testing.T, tc testcase) {
-		res := resourcetest.Resource(DestinationPolicyType, "api").
-			WithData(t, tc.policy).
-			Build()
-
-		err := ValidateDestinationPolicy(res)
-
-		// Verify that validate didn't actually change the object.
-		got := resourcetest.MustDecode[*pbmesh.DestinationPolicy](t, res)
-		prototest.AssertDeepEqual(t, tc.policy, got.Data)
-
-		if tc.expectErr != "" && len(tc.expectErrs) > 0 {
-			t.Fatalf("cannot test singular and list errors at the same time")
-		}
-
-		if tc.expectErr == "" && len(tc.expectErrs) == 0 {
-			require.NoError(t, err)
-		} else if tc.expectErr != "" {
-			testutil.RequireErrorContains(t, err, tc.expectErr)
-		} else {
-			for _, expectErr := range tc.expectErrs {
-				testutil.RequireErrorContains(t, err, expectErr)
-			}
-		}
-	}
-
-	cases := map[string]testcase{
-		// emptiness
-		"empty": {
-			policy:    &pbmesh.DestinationPolicy{},
-			expectErr: `invalid "port_configs" field: cannot be empty`,
-		},
-		"good connect timeout": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-					},
-				},
-			},
-		},
-		"bad connect timeout": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(-55 * time.Second),
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "connect_timeout" field: '-55s', must be >= 0`,
-		},
-		"good request timeout": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						RequestTimeout: durationpb.New(55 * time.Second),
-					},
-				},
-			},
-		},
-		"bad request timeout": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						RequestTimeout: durationpb.New(-55 * time.Second),
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "request_timeout" field: '-55s', must be >= 0`,
-		},
-		// load balancer
-		"lbpolicy: missing enum": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer:   &pbmesh.LoadBalancer{},
-					},
-				},
-			},
-		},
-		"lbpolicy: bad enum": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: 99,
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "policy" field: not a supported enum value: 99`,
-		},
-		"lbpolicy: supported": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RANDOM,
-						},
-					},
-				},
-			},
-		},
-		"lbpolicy: bad for least request config": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH,
-							Config: &pbmesh.LoadBalancer_LeastRequestConfig{
-								LeastRequestConfig: &pbmesh.LeastRequestConfig{
-									ChoiceCount: 10,
-								},
-							},
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "config" field: least_request_config specified for incompatible load balancing policy "LOAD_BALANCER_POLICY_RING_HASH"`,
-		},
-		"lbpolicy: bad for ring hash config": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST,
-							Config: &pbmesh.LoadBalancer_RingHashConfig{
-								RingHashConfig: &pbmesh.RingHashConfig{
-									MinimumRingSize: 1024,
-								},
-							},
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "config" field: ring_hash_config specified for incompatible load balancing policy "LOAD_BALANCER_POLICY_LEAST_REQUEST"`,
-		},
-		"lbpolicy: good for least request config": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST,
-							Config: &pbmesh.LoadBalancer_LeastRequestConfig{
-								LeastRequestConfig: &pbmesh.LeastRequestConfig{
-									ChoiceCount: 10,
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		"lbpolicy: good for ring hash config": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH,
-							Config: &pbmesh.LoadBalancer_RingHashConfig{
-								RingHashConfig: &pbmesh.RingHashConfig{
-									MinimumRingSize: 1024,
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		"lbpolicy: empty policy with hash policy": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							HashPolicies: []*pbmesh.HashPolicy{
-								{SourceIp: true},
-							},
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid "hash_policies" field: hash_policies specified for non-hash-based policy "LOAD_BALANCER_POLICY_UNSPECIFIED"`,
-		},
-		"lbconfig: cookie config with header policy": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
-							HashPolicies: []*pbmesh.HashPolicy{
-								{
-									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
-									FieldValue: "x-user-id",
-									CookieConfig: &pbmesh.CookieConfig{
-										Ttl:  durationpb.New(10 * time.Second),
-										Path: "/root",
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "cookie_config" field: incompatible with field "HASH_POLICY_FIELD_HEADER"`,
-		},
-		"lbconfig: cannot generate session cookie with ttl": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
-							HashPolicies: []*pbmesh.HashPolicy{
-								{
-									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
-									FieldValue: "good-cookie",
-									CookieConfig: &pbmesh.CookieConfig{
-										Session: true,
-										Ttl:     durationpb.New(10 * time.Second),
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "cookie_config" field: invalid "ttl" field: a session cookie cannot have an associated TTL`,
-		},
-		"lbconfig: valid cookie policy": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
-							HashPolicies: []*pbmesh.HashPolicy{
-								{
-									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
-									FieldValue: "good-cookie",
-									CookieConfig: &pbmesh.CookieConfig{
-										Ttl:  durationpb.New(10 * time.Second),
-										Path: "/oven",
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		"lbconfig: bad match field": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
-							HashPolicies: []*pbmesh.HashPolicy{
-								{
-									Field:      99,
-									FieldValue: "X-Consul-Token",
-								},
-							},
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field" field: not a supported enum value: 99`,
-		},
-		"lbconfig: supported match field": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
-							HashPolicies: []*pbmesh.HashPolicy{
-								{
-									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
-									FieldValue: "X-Consul-Token",
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		"lbconfig: missing match field": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
-							HashPolicies: []*pbmesh.HashPolicy{
-								{
-									FieldValue: "X-Consul-Token",
-								},
-							},
-						},
-					},
-				},
-			},
-			expectErrs: []string{
-				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field" field: missing required field`,
-				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: requires a field to apply to`,
-			},
-		},
-		"lbconfig: cannot match on source address and custom field": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
-							HashPolicies: []*pbmesh.HashPolicy{
-								{
-									Field:    pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
-									SourceIp: true,
-								},
-							},
-						},
-					},
-				},
-			},
-			expectErrs: []string{
-				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field" field: a single hash policy cannot hash both a source address and a "HASH_POLICY_FIELD_HEADER"`,
-				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: field "HASH_POLICY_FIELD_HEADER" was specified without a field_value`,
-			},
-		},
-		"lbconfig: matchvalue not compatible with source address": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
-							HashPolicies: []*pbmesh.HashPolicy{
-								{
-									FieldValue: "X-Consul-Token",
-									SourceIp:   true,
-								},
-							},
-						},
-					},
-				},
-			},
-			expectErrs: []string{
-				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: cannot be specified when hashing source_ip`,
-				`invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: requires a field to apply to`,
-			},
-		},
-		"lbconfig: field without match value": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
-							HashPolicies: []*pbmesh.HashPolicy{
-								{
-									Field: pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
-								},
-							},
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: field "HASH_POLICY_FIELD_HEADER" was specified without a field_value`,
-		},
-		"lbconfig: matchvalue without field": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
-							HashPolicies: []*pbmesh.HashPolicy{
-								{
-									FieldValue: "my-cookie",
-								},
-							},
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "load_balancer" field: invalid element at index 0 of list "hash_policies": invalid "field_value" field: requires a field to apply to`,
-		},
-		"lbconfig: ring hash kitchen sink": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH,
-							Config: &pbmesh.LoadBalancer_RingHashConfig{
-								RingHashConfig: &pbmesh.RingHashConfig{
-									MaximumRingSize: 10,
-									MinimumRingSize: 2,
-								},
-							},
-							HashPolicies: []*pbmesh.HashPolicy{
-								{
-									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_COOKIE,
-									FieldValue: "my-cookie",
-								},
-								{
-									Field:      pbmesh.HashPolicyField_HASH_POLICY_FIELD_HEADER,
-									FieldValue: "alt-header",
-									Terminal:   true,
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		"lbconfig: least request kitchen sink": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						ConnectTimeout: durationpb.New(55 * time.Second),
-						LoadBalancer: &pbmesh.LoadBalancer{
-							Policy: pbmesh.LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST,
-							Config: &pbmesh.LoadBalancer_LeastRequestConfig{
-								LeastRequestConfig: &pbmesh.LeastRequestConfig{
-									ChoiceCount: 10,
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		"locality: good mode": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						LocalityPrioritization: &pbmesh.LocalityPrioritization{
-							Mode: pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_FAILOVER,
-						},
-					},
-				},
-			},
-		},
-		"locality: unset mode": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						LocalityPrioritization: &pbmesh.LocalityPrioritization{
-							Mode: pbmesh.LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED,
-						},
-					},
-				},
-			},
-		},
-		"locality: bad mode": {
-			policy: &pbmesh.DestinationPolicy{
-				PortConfigs: map[string]*pbmesh.DestinationConfig{
-					"http": {
-						LocalityPrioritization: &pbmesh.LocalityPrioritization{
-							Mode: 99,
-						},
-					},
-				},
-			},
-			expectErr: `invalid value of key "http" within port_configs: invalid "locality_prioritization" field: invalid "mode" field: not a supported enum value: 99`,
-		},
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
diff --git a/internal/mesh/internal/types/grpc_route.go b/internal/mesh/internal/types/grpc_route.go
deleted file mode 100644
index 0d6c8df07f4e..000000000000
--- a/internal/mesh/internal/types/grpc_route.go
+++ /dev/null
@@ -1,237 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/hashicorp/go-multierror"
-
-	"github.com/hashicorp/consul/internal/resource"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	GRPCRouteKind = "GRPCRoute"
-)
-
-var (
-	GRPCRouteV1Alpha1Type = &pbresource.Type{
-		Group:        GroupName,
-		GroupVersion: VersionV1Alpha1,
-		Kind:         GRPCRouteKind,
-	}
-
-	GRPCRouteType = GRPCRouteV1Alpha1Type
-)
-
-func RegisterGRPCRoute(r resource.Registry) {
-	r.Register(resource.Registration{
-		Type:  GRPCRouteV1Alpha1Type,
-		Proto: &pbmesh.GRPCRoute{},
-		// TODO(rb): normalize parent/backend ref tenancies in a Mutate hook
-		Validate: ValidateGRPCRoute,
-	})
-}
-
-func ValidateGRPCRoute(res *pbresource.Resource) error {
-	var route pbmesh.GRPCRoute
-
-	if err := res.Data.UnmarshalTo(&route); err != nil {
-		return resource.NewErrDataParse(&route, err)
-	}
-
-	var merr error
-	if err := validateParentRefs(route.ParentRefs); err != nil {
-		merr = multierror.Append(merr, err)
-	}
-
-	if len(route.Hostnames) > 0 {
-		merr = multierror.Append(merr, resource.ErrInvalidField{
-			Name:    "hostnames",
-			Wrapped: errors.New("should not populate hostnames"),
-		})
-	}
-
-	for i, rule := range route.Rules {
-		wrapRuleErr := func(err error) error {
-			return resource.ErrInvalidListElement{
-				Name:    "rules",
-				Index:   i,
-				Wrapped: err,
-			}
-		}
-
-		for j, match := range rule.Matches {
-			wrapMatchErr := func(err error) error {
-				return wrapRuleErr(resource.ErrInvalidListElement{
-					Name:    "matches",
-					Index:   j,
-					Wrapped: err,
-				})
-			}
-
-			if match.Method != nil {
-				switch match.Method.Type {
-				case pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_UNSPECIFIED:
-					merr = multierror.Append(merr, wrapMatchErr(
-						resource.ErrInvalidField{
-							Name:    "type",
-							Wrapped: resource.ErrMissing,
-						},
-					))
-				case pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT:
-				case pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_REGEX:
-				default:
-					merr = multierror.Append(merr, wrapMatchErr(
-						resource.ErrInvalidField{
-							Name:    "type",
-							Wrapped: fmt.Errorf("not a supported enum value: %v", match.Method.Type),
-						},
-					))
-				}
-				if match.Method.Service == "" && match.Method.Method == "" {
-					merr = multierror.Append(merr, wrapMatchErr(
-						resource.ErrInvalidField{
-							Name:    "service",
-							Wrapped: errors.New("at least one of \"service\" or \"method\" must be set"),
-						},
-					))
-				}
-			}
-
-			for k, header := range match.Headers {
-				wrapMatchHeaderErr := func(err error) error {
-					return wrapRuleErr(resource.ErrInvalidListElement{
-						Name:    "headers",
-						Index:   k,
-						Wrapped: err,
-					})
-				}
-
-				if err := validateHeaderMatchType(header.Type); err != nil {
-					merr = multierror.Append(merr, wrapMatchHeaderErr(
-						resource.ErrInvalidField{
-							Name:    "type",
-							Wrapped: err,
-						}),
-					)
-				}
-
-				if header.Name == "" {
-					merr = multierror.Append(merr, wrapMatchHeaderErr(
-						resource.ErrInvalidField{
-							Name:    "name",
-							Wrapped: resource.ErrMissing,
-						}),
-					)
-				}
-			}
-		}
-
-		for j, filter := range rule.Filters {
-			wrapFilterErr := func(err error) error {
-				return wrapRuleErr(resource.ErrInvalidListElement{
-					Name:    "filters",
-					Index:   j,
-					Wrapped: err,
-				})
-			}
-			set := 0
-			if filter.RequestHeaderModifier != nil {
-				set++
-			}
-			if filter.ResponseHeaderModifier != nil {
-				set++
-			}
-			if filter.UrlRewrite != nil {
-				set++
-				if filter.UrlRewrite.PathPrefix == "" {
-					merr = multierror.Append(merr, wrapFilterErr(
-						resource.ErrInvalidField{
-							Name: "url_rewrite",
-							Wrapped: resource.ErrInvalidField{
-								Name:    "path_prefix",
-								Wrapped: errors.New("field should not be empty if enclosing section is set"),
-							},
-						},
-					))
-				}
-			}
-			if set != 1 {
-				merr = multierror.Append(merr, wrapFilterErr(
-					errors.New("exactly one of request_header_modifier, response_header_modifier, or url_rewrite is required"),
-				))
-			}
-		}
-
-		if len(rule.BackendRefs) == 0 {
-			/*
-				BackendRefs (optional)¶
-
-				BackendRefs defines API objects where matching requests should be
-				sent. If unspecified, the rule performs no forwarding. If
-				unspecified and no filters are specified that would result in a
-				response being sent, a 404 error code is returned.
-			*/
-			merr = multierror.Append(merr, wrapRuleErr(
-				resource.ErrInvalidField{
-					Name:    "backend_refs",
-					Wrapped: resource.ErrEmpty,
-				},
-			))
-		}
-		for j, hbref := range rule.BackendRefs {
-			wrapBackendRefErr := func(err error) error {
-				return wrapRuleErr(resource.ErrInvalidListElement{
-					Name:    "backend_refs",
-					Index:   j,
-					Wrapped: err,
-				})
-			}
-			for _, err := range validateBackendRef(hbref.BackendRef) {
-				merr = multierror.Append(merr, wrapBackendRefErr(
-					resource.ErrInvalidField{
-						Name:    "backend_ref",
-						Wrapped: err,
-					},
-				))
-			}
-
-			if len(hbref.Filters) > 0 {
-				merr = multierror.Append(merr, wrapBackendRefErr(
-					resource.ErrInvalidField{
-						Name:    "filters",
-						Wrapped: errors.New("filters are not supported at this level yet"),
-					},
-				))
-			}
-		}
-
-		if rule.Timeouts != nil {
-			for _, err := range validateHTTPTimeouts(rule.Timeouts) {
-				merr = multierror.Append(merr, wrapRuleErr(
-					resource.ErrInvalidField{
-						Name:    "timeouts",
-						Wrapped: err,
-					},
-				))
-			}
-		}
-		if rule.Retries != nil {
-			for _, err := range validateHTTPRetries(rule.Retries) {
-				merr = multierror.Append(merr, wrapRuleErr(
-					resource.ErrInvalidField{
-						Name:    "retries",
-						Wrapped: err,
-					},
-				))
-			}
-		}
-	}
-
-	return merr
-}
diff --git a/internal/mesh/internal/types/grpc_route_test.go b/internal/mesh/internal/types/grpc_route_test.go
deleted file mode 100644
index e9abc118c654..000000000000
--- a/internal/mesh/internal/types/grpc_route_test.go
+++ /dev/null
@@ -1,523 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/internal/catalog"
-	"github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto/private/prototest"
-	"github.com/hashicorp/consul/sdk/testutil"
-)
-
-func TestValidateGRPCRoute(t *testing.T) {
-	type testcase struct {
-		route     *pbmesh.GRPCRoute
-		expectErr string
-	}
-
-	run := func(t *testing.T, tc testcase) {
-		res := resourcetest.Resource(GRPCRouteType, "api").
-			WithData(t, tc.route).
-			Build()
-
-		err := ValidateGRPCRoute(res)
-
-		// Verify that validate didn't actually change the object.
-		got := resourcetest.MustDecode[*pbmesh.GRPCRoute](t, res)
-		prototest.AssertDeepEqual(t, tc.route, got.Data)
-
-		if tc.expectErr == "" {
-			require.NoError(t, err)
-		} else {
-			testutil.RequireErrorContains(t, err, tc.expectErr)
-		}
-	}
-
-	cases := map[string]testcase{
-		"hostnames not supported for services": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Hostnames: []string{"foo.local"},
-			},
-			expectErr: `invalid "hostnames" field: should not populate hostnames`,
-		},
-		"no rules": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-			},
-		},
-		"rules with no matches": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"rules with matches that are empty": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Matches: []*pbmesh.GRPCRouteMatch{{
-						// none
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"method match with no type is bad": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Matches: []*pbmesh.GRPCRouteMatch{{
-						Method: &pbmesh.GRPCMethodMatch{
-							Service: "foo",
-						},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "type" field: missing required field`,
-		},
-		"method match with unknown type is bad": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Matches: []*pbmesh.GRPCRouteMatch{{
-						Method: &pbmesh.GRPCMethodMatch{
-							Type:    99,
-							Service: "foo",
-						},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "type" field: not a supported enum value: 99`,
-		},
-		"method match with no service nor method is bad": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Matches: []*pbmesh.GRPCRouteMatch{{
-						Method: &pbmesh.GRPCMethodMatch{
-							Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
-						},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "service" field: at least one of "service" or "method" must be set`,
-		},
-		"method match is good (1)": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Matches: []*pbmesh.GRPCRouteMatch{{
-						Method: &pbmesh.GRPCMethodMatch{
-							Type:    pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
-							Service: "foo",
-						},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"method match is good (2)": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Matches: []*pbmesh.GRPCRouteMatch{{
-						Method: &pbmesh.GRPCMethodMatch{
-							Type:   pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
-							Method: "bar",
-						},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"method match is good (3)": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Matches: []*pbmesh.GRPCRouteMatch{{
-						Method: &pbmesh.GRPCMethodMatch{
-							Type:    pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT,
-							Service: "foo",
-							Method:  "bar",
-						},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"header match with no type is bad": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Matches: []*pbmesh.GRPCRouteMatch{{
-						Headers: []*pbmesh.GRPCHeaderMatch{{
-							Name: "x-foo",
-						}},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "headers": invalid "type" field: missing required field`,
-		},
-		"header match with unknown type is bad": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Matches: []*pbmesh.GRPCRouteMatch{{
-						Headers: []*pbmesh.GRPCHeaderMatch{{
-							Type: 99,
-							Name: "x-foo",
-						}},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "headers": invalid "type" field: not a supported enum value: 99`,
-		},
-		"header match with no name is bad": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Matches: []*pbmesh.GRPCRouteMatch{{
-						Headers: []*pbmesh.GRPCHeaderMatch{{
-							Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
-						}},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "headers": invalid "name" field: missing required field`,
-		},
-		"header match is good": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Matches: []*pbmesh.GRPCRouteMatch{{
-						Headers: []*pbmesh.GRPCHeaderMatch{{
-							Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
-							Name: "x-foo",
-						}},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"filter empty is bad": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Filters: []*pbmesh.GRPCRouteFilter{{
-						// none
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
-		},
-		"filter req header mod is ok": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Filters: []*pbmesh.GRPCRouteFilter{{
-						RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"filter resp header mod is ok": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Filters: []*pbmesh.GRPCRouteFilter{{
-						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"filter rewrite header mod missing path prefix": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Filters: []*pbmesh.GRPCRouteFilter{{
-						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": invalid "url_rewrite" field: invalid "path_prefix" field: field should not be empty if enclosing section is set`,
-		},
-		"filter rewrite header mod is ok": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Filters: []*pbmesh.GRPCRouteFilter{{
-						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
-							PathPrefix: "/blah",
-						},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"filter req+resp header mod is bad": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Filters: []*pbmesh.GRPCRouteFilter{{
-						RequestHeaderModifier:  &pbmesh.HTTPHeaderFilter{},
-						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
-		},
-		"filter req+rewrite header mod is bad": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Filters: []*pbmesh.GRPCRouteFilter{{
-						RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
-							PathPrefix: "/blah",
-						},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
-		},
-		"filter resp+rewrite header mod is bad": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Filters: []*pbmesh.GRPCRouteFilter{{
-						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
-							PathPrefix: "/blah",
-						},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
-		},
-		"filter req+resp+rewrite header mod is bad": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Filters: []*pbmesh.GRPCRouteFilter{{
-						RequestHeaderModifier:  &pbmesh.HTTPHeaderFilter{},
-						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
-							PathPrefix: "/blah",
-						},
-					}},
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
-		},
-		"backend ref with filters is unsupported": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-						Filters: []*pbmesh.GRPCRouteFilter{{
-							RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-						}},
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "filters" field: filters are not supported at this level yet`,
-		},
-		"nil backend ref": {
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					BackendRefs: []*pbmesh.GRPCBackendRef{nil},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "backend_ref" field: missing required field`,
-		},
-	}
-
-	// Add common timeouts test cases.
-	for name, timeoutsTC := range getXRouteTimeoutsTestCases() {
-		cases["timeouts: "+name] = testcase{
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Timeouts: timeoutsTC.timeouts,
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: timeoutsTC.expectErr,
-		}
-	}
-
-	// Add common retries test cases.
-	for name, retriesTC := range getXRouteRetriesTestCases() {
-		cases["retries: "+name] = testcase{
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{{
-					Retries: retriesTC.retries,
-					BackendRefs: []*pbmesh.GRPCBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: retriesTC.expectErr,
-		}
-	}
-
-	// Add common parent refs test cases.
-	for name, parentTC := range getXRouteParentRefTestCases() {
-		cases["parent-ref: "+name] = testcase{
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: parentTC.refs,
-			},
-			expectErr: parentTC.expectErr,
-		}
-	}
-	// add common backend ref test cases.
-	for name, backendTC := range getXRouteBackendRefTestCases() {
-		var refs []*pbmesh.GRPCBackendRef
-		for _, br := range backendTC.refs {
-			refs = append(refs, &pbmesh.GRPCBackendRef{
-				BackendRef: br,
-			})
-		}
-		cases["backend-ref: "+name] = testcase{
-			route: &pbmesh.GRPCRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.GRPCRouteRule{
-					{BackendRefs: refs},
-				},
-			},
-			expectErr: backendTC.expectErr,
-		}
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
diff --git a/internal/mesh/internal/types/http_route.go b/internal/mesh/internal/types/http_route.go
deleted file mode 100644
index d348091a7e92..000000000000
--- a/internal/mesh/internal/types/http_route.go
+++ /dev/null
@@ -1,349 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"errors"
-	"fmt"
-	"net/http"
-	"strings"
-
-	"github.com/hashicorp/go-multierror"
-
-	"github.com/hashicorp/consul/internal/resource"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	HTTPRouteKind = "HTTPRoute"
-)
-
-var (
-	HTTPRouteV1Alpha1Type = &pbresource.Type{
-		Group:        GroupName,
-		GroupVersion: VersionV1Alpha1,
-		Kind:         HTTPRouteKind,
-	}
-
-	HTTPRouteType = HTTPRouteV1Alpha1Type
-)
-
-func RegisterHTTPRoute(r resource.Registry) {
-	r.Register(resource.Registration{
-		Type:     HTTPRouteV1Alpha1Type,
-		Proto:    &pbmesh.HTTPRoute{},
-		Mutate:   MutateHTTPRoute,
-		Validate: ValidateHTTPRoute,
-	})
-}
-
-func MutateHTTPRoute(res *pbresource.Resource) error {
-	var route pbmesh.HTTPRoute
-
-	if err := res.Data.UnmarshalTo(&route); err != nil {
-		return resource.NewErrDataParse(&route, err)
-	}
-
-	changed := false
-
-	for _, rule := range route.Rules {
-		for _, match := range rule.Matches {
-			if match.Method != "" {
-				norm := strings.ToUpper(match.Method)
-				if match.Method != norm {
-					match.Method = norm
-					changed = true
-				}
-			}
-		}
-	}
-
-	// TODO(rb): normalize parent/backend ref tenancies
-
-	if !changed {
-		return nil
-	}
-
-	return res.Data.MarshalFrom(&route)
-}
-
-func ValidateHTTPRoute(res *pbresource.Resource) error {
-	var route pbmesh.HTTPRoute
-
-	if err := res.Data.UnmarshalTo(&route); err != nil {
-		return resource.NewErrDataParse(&route, err)
-	}
-
-	var merr error
-	if err := validateParentRefs(route.ParentRefs); err != nil {
-		merr = multierror.Append(merr, err)
-	}
-
-	if len(route.Hostnames) > 0 {
-		merr = multierror.Append(merr, resource.ErrInvalidField{
-			Name:    "hostnames",
-			Wrapped: errors.New("should not populate hostnames"),
-		})
-	}
-
-	for i, rule := range route.Rules {
-		wrapRuleErr := func(err error) error {
-			return resource.ErrInvalidListElement{
-				Name:    "rules",
-				Index:   i,
-				Wrapped: err,
-			}
-		}
-
-		for j, match := range rule.Matches {
-			wrapMatchErr := func(err error) error {
-				return wrapRuleErr(resource.ErrInvalidListElement{
-					Name:    "matches",
-					Index:   j,
-					Wrapped: err,
-				})
-			}
-
-			if match.Path != nil {
-				wrapMatchPathErr := func(err error) error {
-					return wrapMatchErr(resource.ErrInvalidField{
-						Name:    "path",
-						Wrapped: err,
-					})
-				}
-				switch match.Path.Type {
-				case pbmesh.PathMatchType_PATH_MATCH_TYPE_UNSPECIFIED:
-					merr = multierror.Append(merr, wrapMatchPathErr(
-						resource.ErrInvalidField{
-							Name:    "type",
-							Wrapped: resource.ErrMissing,
-						},
-					))
-				case pbmesh.PathMatchType_PATH_MATCH_TYPE_EXACT:
-					if !strings.HasPrefix(match.Path.Value, "/") {
-						merr = multierror.Append(merr, wrapMatchPathErr(
-							resource.ErrInvalidField{
-								Name:    "value",
-								Wrapped: fmt.Errorf("exact patch value does not start with '/': %q", match.Path.Value),
-							},
-						))
-					}
-				case pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX:
-					if !strings.HasPrefix(match.Path.Value, "/") {
-						merr = multierror.Append(merr, wrapMatchPathErr(
-							resource.ErrInvalidField{
-								Name:    "value",
-								Wrapped: fmt.Errorf("prefix patch value does not start with '/': %q", match.Path.Value),
-							},
-						))
-					}
-				default:
-					merr = multierror.Append(merr, wrapMatchPathErr(
-						resource.ErrInvalidField{
-							Name:    "type",
-							Wrapped: fmt.Errorf("not a supported enum value: %v", match.Path.Type),
-						},
-					))
-				}
-			}
-
-			for k, hdr := range match.Headers {
-				wrapMatchHeaderErr := func(err error) error {
-					return wrapMatchErr(resource.ErrInvalidListElement{
-						Name:    "headers",
-						Index:   k,
-						Wrapped: err,
-					})
-				}
-
-				if err := validateHeaderMatchType(hdr.Type); err != nil {
-					merr = multierror.Append(merr, wrapMatchHeaderErr(
-						resource.ErrInvalidField{
-							Name:    "type",
-							Wrapped: err,
-						}),
-					)
-				}
-
-				if hdr.Name == "" {
-					merr = multierror.Append(merr, wrapMatchHeaderErr(
-						resource.ErrInvalidField{
-							Name:    "name",
-							Wrapped: resource.ErrMissing,
-						}),
-					)
-				}
-			}
-
-			for k, qm := range match.QueryParams {
-				wrapMatchParamErr := func(err error) error {
-					return wrapMatchErr(resource.ErrInvalidListElement{
-						Name:    "query_params",
-						Index:   k,
-						Wrapped: err,
-					})
-				}
-
-				switch qm.Type {
-				case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_UNSPECIFIED:
-					merr = multierror.Append(merr, wrapMatchParamErr(
-						resource.ErrInvalidField{
-							Name:    "type",
-							Wrapped: resource.ErrMissing,
-						}),
-					)
-				case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_EXACT:
-				case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_REGEX:
-				case pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_PRESENT:
-				default:
-					merr = multierror.Append(merr, wrapMatchParamErr(
-						resource.ErrInvalidField{
-							Name:    "type",
-							Wrapped: fmt.Errorf("not a supported enum value: %v", qm.Type),
-						},
-					))
-				}
-
-				if qm.Name == "" {
-					merr = multierror.Append(merr, wrapMatchParamErr(
-						resource.ErrInvalidField{
-							Name:    "name",
-							Wrapped: resource.ErrMissing,
-						}),
-					)
-				}
-			}
-
-			if match.Method != "" && !isValidHTTPMethod(match.Method) {
-				merr = multierror.Append(merr, wrapMatchErr(
-					resource.ErrInvalidField{
-						Name:    "method",
-						Wrapped: fmt.Errorf("not a valid http method: %q", match.Method),
-					},
-				))
-			}
-		}
-
-		for j, filter := range rule.Filters {
-			wrapFilterErr := func(err error) error {
-				return wrapRuleErr(resource.ErrInvalidListElement{
-					Name:    "filters",
-					Index:   j,
-					Wrapped: err,
-				})
-			}
-			set := 0
-			if filter.RequestHeaderModifier != nil {
-				set++
-			}
-			if filter.ResponseHeaderModifier != nil {
-				set++
-			}
-			if filter.UrlRewrite != nil {
-				set++
-				if filter.UrlRewrite.PathPrefix == "" {
-					merr = multierror.Append(merr, wrapFilterErr(
-						resource.ErrInvalidField{
-							Name: "url_rewrite",
-							Wrapped: resource.ErrInvalidField{
-								Name:    "path_prefix",
-								Wrapped: errors.New("field should not be empty if enclosing section is set"),
-							},
-						},
-					))
-				}
-			}
-			if set != 1 {
-				merr = multierror.Append(merr, wrapFilterErr(
-					errors.New("exactly one of request_header_modifier, response_header_modifier, or url_rewrite is required"),
-				))
-			}
-		}
-
-		if len(rule.BackendRefs) == 0 {
-			/*
-				BackendRefs (optional)¶
-
-				BackendRefs defines API objects where matching requests should be
-				sent. If unspecified, the rule performs no forwarding. If
-				unspecified and no filters are specified that would result in a
-				response being sent, a 404 error code is returned.
-			*/
-			merr = multierror.Append(merr, wrapRuleErr(
-				resource.ErrInvalidField{
-					Name:    "backend_refs",
-					Wrapped: resource.ErrEmpty,
-				},
-			))
-		}
-		for j, hbref := range rule.BackendRefs {
-			wrapBackendRefErr := func(err error) error {
-				return wrapRuleErr(resource.ErrInvalidListElement{
-					Name:    "backend_refs",
-					Index:   j,
-					Wrapped: err,
-				})
-			}
-
-			for _, err := range validateBackendRef(hbref.BackendRef) {
-				merr = multierror.Append(merr, wrapBackendRefErr(
-					resource.ErrInvalidField{
-						Name:    "backend_ref",
-						Wrapped: err,
-					},
-				))
-			}
-
-			if len(hbref.Filters) > 0 {
-				merr = multierror.Append(merr, wrapBackendRefErr(
-					resource.ErrInvalidField{
-						Name:    "filters",
-						Wrapped: errors.New("filters are not supported at this level yet"),
-					},
-				))
-			}
-		}
-
-		if rule.Timeouts != nil {
-			for _, err := range validateHTTPTimeouts(rule.Timeouts) {
-				merr = multierror.Append(merr, wrapRuleErr(
-					resource.ErrInvalidField{
-						Name:    "timeouts",
-						Wrapped: err,
-					},
-				))
-			}
-		}
-		if rule.Retries != nil {
-			for _, err := range validateHTTPRetries(rule.Retries) {
-				merr = multierror.Append(merr, wrapRuleErr(
-					resource.ErrInvalidField{
-						Name:    "retries",
-						Wrapped: err,
-					},
-				))
-			}
-		}
-	}
-
-	return merr
-}
-
-func isValidHTTPMethod(method string) bool {
-	switch method {
-	case http.MethodGet,
-		http.MethodHead,
-		http.MethodPost,
-		http.MethodPut,
-		http.MethodPatch,
-		http.MethodDelete,
-		http.MethodConnect,
-		http.MethodOptions,
-		http.MethodTrace:
-		return true
-	default:
-		return false
-	}
-}
diff --git a/internal/mesh/internal/types/http_route_test.go b/internal/mesh/internal/types/http_route_test.go
deleted file mode 100644
index 0f4626aa7094..000000000000
--- a/internal/mesh/internal/types/http_route_test.go
+++ /dev/null
@@ -1,980 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/types/known/durationpb"
-
-	"github.com/hashicorp/consul/internal/catalog"
-	"github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/proto/private/prototest"
-	"github.com/hashicorp/consul/sdk/testutil"
-)
-
-func TestMutateHTTPRoute(t *testing.T) {
-	type testcase struct {
-		route     *pbmesh.HTTPRoute
-		expect    *pbmesh.HTTPRoute
-		expectErr string
-	}
-
-	run := func(t *testing.T, tc testcase) {
-		res := resourcetest.Resource(HTTPRouteType, "api").
-			WithData(t, tc.route).
-			Build()
-
-		err := MutateHTTPRoute(res)
-
-		got := resourcetest.MustDecode[*pbmesh.HTTPRoute](t, res)
-
-		if tc.expectErr == "" {
-			require.NoError(t, err)
-
-			if tc.expect == nil {
-				tc.expect = proto.Clone(tc.route).(*pbmesh.HTTPRoute)
-			}
-
-			prototest.AssertDeepEqual(t, tc.expect, got.Data)
-		} else {
-			testutil.RequireErrorContains(t, err, tc.expectErr)
-		}
-	}
-
-	cases := map[string]testcase{
-		"no-rules": {
-			route: &pbmesh.HTTPRoute{},
-		},
-		"rules-with-no-matches": {
-			route: &pbmesh.HTTPRoute{
-				Rules: []*pbmesh.HTTPRouteRule{{
-					// none
-				}},
-			},
-		},
-		"rules-with-matches-no-methods": {
-			route: &pbmesh.HTTPRoute{
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Path: &pbmesh.HTTPPathMatch{
-							Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
-							Value: "/foo",
-						},
-					}},
-				}},
-			},
-		},
-		"rules-with-matches-methods-uppercase": {
-			route: &pbmesh.HTTPRoute{
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{
-						{
-							Path: &pbmesh.HTTPPathMatch{
-								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
-								Value: "/foo",
-							},
-							Method: "GET",
-						},
-						{
-							Path: &pbmesh.HTTPPathMatch{
-								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
-								Value: "/bar",
-							},
-							Method: "POST",
-						},
-					},
-				}},
-			},
-		},
-		"rules-with-matches-methods-lowercase": {
-			route: &pbmesh.HTTPRoute{
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{
-						{
-							Path: &pbmesh.HTTPPathMatch{
-								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
-								Value: "/foo",
-							},
-							Method: "get",
-						},
-						{
-							Path: &pbmesh.HTTPPathMatch{
-								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
-								Value: "/bar",
-							},
-							Method: "post",
-						},
-					},
-				}},
-			},
-			expect: &pbmesh.HTTPRoute{
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{
-						{
-							Path: &pbmesh.HTTPPathMatch{
-								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
-								Value: "/foo",
-							},
-							Method: "GET",
-						},
-						{
-							Path: &pbmesh.HTTPPathMatch{
-								Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
-								Value: "/bar",
-							},
-							Method: "POST",
-						},
-					},
-				}},
-			},
-		},
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
-
-func TestValidateHTTPRoute(t *testing.T) {
-	type testcase struct {
-		route     *pbmesh.HTTPRoute
-		expectErr string
-	}
-
-	run := func(t *testing.T, tc testcase) {
-		res := resourcetest.Resource(HTTPRouteType, "api").
-			WithData(t, tc.route).
-			Build()
-
-		err := MutateHTTPRoute(res)
-		require.NoError(t, err)
-
-		err = ValidateHTTPRoute(res)
-
-		// Verify that validate didn't actually change the object.
-		got := resourcetest.MustDecode[*pbmesh.HTTPRoute](t, res)
-		prototest.AssertDeepEqual(t, tc.route, got.Data)
-
-		if tc.expectErr == "" {
-			require.NoError(t, err)
-		} else {
-			testutil.RequireErrorContains(t, err, tc.expectErr)
-		}
-	}
-
-	cases := map[string]testcase{
-		"hostnames not supported for services": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Hostnames: []string{"foo.local"},
-			},
-			expectErr: `invalid "hostnames" field: should not populate hostnames`,
-		},
-		"no rules": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-			},
-		},
-		"rules with no matches": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"rules with matches that are empty": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						// none
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"path match with no type is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Path: &pbmesh.HTTPPathMatch{
-							Value: "/foo",
-						},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "type" field: missing required field`,
-		},
-		"path match with unknown type is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Path: &pbmesh.HTTPPathMatch{
-							Type:  99,
-							Value: "/foo",
-						},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "type" field: not a supported enum value: 99`,
-		},
-		"exact path match with no leading slash is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Path: &pbmesh.HTTPPathMatch{
-							Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_EXACT,
-							Value: "foo",
-						},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "value" field: exact patch value does not start with '/': "foo"`,
-		},
-		"prefix path match with no leading slash is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Path: &pbmesh.HTTPPathMatch{
-							Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
-							Value: "foo",
-						},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "path" field: invalid "value" field: prefix patch value does not start with '/': "foo"`,
-		},
-		"exact path match with leading slash is good": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Path: &pbmesh.HTTPPathMatch{
-							Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_EXACT,
-							Value: "/foo",
-						},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"prefix path match with leading slash is good": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Path: &pbmesh.HTTPPathMatch{
-							Type:  pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX,
-							Value: "/foo",
-						},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"header match with no type is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Headers: []*pbmesh.HTTPHeaderMatch{{
-							Name: "x-foo",
-						}},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "headers": invalid "type" field: missing required field`,
-		},
-		"header match with unknown type is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Headers: []*pbmesh.HTTPHeaderMatch{{
-							Type: 99,
-							Name: "x-foo",
-						}},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "headers": invalid "type" field: not a supported enum value: 99`,
-		},
-		"header match with no name is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Headers: []*pbmesh.HTTPHeaderMatch{{
-							Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
-						}},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "headers": invalid "name" field: missing required field`,
-		},
-		"header match is good": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Headers: []*pbmesh.HTTPHeaderMatch{{
-							Type: pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT,
-							Name: "x-foo",
-						}},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"queryparam match with no type is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						QueryParams: []*pbmesh.HTTPQueryParamMatch{{
-							Name: "x-foo",
-						}},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "query_params": invalid "type" field: missing required field`,
-		},
-		"queryparam match with unknown type is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						QueryParams: []*pbmesh.HTTPQueryParamMatch{{
-							Type: 99,
-							Name: "x-foo",
-						}},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "query_params": invalid "type" field: not a supported enum value: 99`,
-		},
-		"queryparam match with no name is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						QueryParams: []*pbmesh.HTTPQueryParamMatch{{
-							Type: pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_EXACT,
-						}},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid element at index 0 of list "query_params": invalid "name" field: missing required field`,
-		},
-		"queryparam match is good": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						QueryParams: []*pbmesh.HTTPQueryParamMatch{{
-							Type: pbmesh.QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_EXACT,
-							Name: "x-foo",
-						}},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"method match is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Method: "BOB",
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "matches": invalid "method" field: not a valid http method: "BOB"`,
-		},
-		"method match is good": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Matches: []*pbmesh.HTTPRouteMatch{{
-						Method: "DELETE",
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"filter empty is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Filters: []*pbmesh.HTTPRouteFilter{{
-						// none
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
-		},
-		"filter req header mod is ok": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Filters: []*pbmesh.HTTPRouteFilter{{
-						RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"filter resp header mod is ok": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Filters: []*pbmesh.HTTPRouteFilter{{
-						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"filter rewrite header mod missing path prefix": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Filters: []*pbmesh.HTTPRouteFilter{{
-						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": invalid "url_rewrite" field: invalid "path_prefix" field: field should not be empty if enclosing section is set`,
-		},
-		"filter rewrite header mod is ok": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Filters: []*pbmesh.HTTPRouteFilter{{
-						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
-							PathPrefix: "/blah",
-						},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-		},
-		"filter req+resp header mod is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Filters: []*pbmesh.HTTPRouteFilter{{
-						RequestHeaderModifier:  &pbmesh.HTTPHeaderFilter{},
-						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
-		},
-		"filter req+rewrite header mod is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Filters: []*pbmesh.HTTPRouteFilter{{
-						RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
-							PathPrefix: "/blah",
-						},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
-		},
-		"filter resp+rewrite header mod is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Filters: []*pbmesh.HTTPRouteFilter{{
-						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
-							PathPrefix: "/blah",
-						},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
-		},
-		"filter req+resp+rewrite header mod is bad": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Filters: []*pbmesh.HTTPRouteFilter{{
-						RequestHeaderModifier:  &pbmesh.HTTPHeaderFilter{},
-						ResponseHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-						UrlRewrite: &pbmesh.HTTPURLRewriteFilter{
-							PathPrefix: "/blah",
-						},
-					}},
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "filters": exactly one of request_header_modifier, response_header_modifier, or url_rewrite`,
-		},
-		"backend ref with filters is unsupported": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-						Filters: []*pbmesh.HTTPRouteFilter{{
-							RequestHeaderModifier: &pbmesh.HTTPHeaderFilter{},
-						}},
-					}},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "filters" field: filters are not supported at this level yet`,
-		},
-		"nil backend ref": {
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					BackendRefs: []*pbmesh.HTTPBackendRef{nil},
-				}},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 0 of list "backend_refs": invalid "backend_ref" field: missing required field`,
-		},
-	}
-
-	// Add common timeouts test cases.
-	for name, timeoutsTC := range getXRouteTimeoutsTestCases() {
-		cases["timeouts: "+name] = testcase{
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Timeouts: timeoutsTC.timeouts,
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: timeoutsTC.expectErr,
-		}
-	}
-
-	// Add common retries test cases.
-	for name, retriesTC := range getXRouteRetriesTestCases() {
-		cases["retries: "+name] = testcase{
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{{
-					Retries: retriesTC.retries,
-					BackendRefs: []*pbmesh.HTTPBackendRef{{
-						BackendRef: newBackendRef(catalog.ServiceType, "api", ""),
-					}},
-				}},
-			},
-			expectErr: retriesTC.expectErr,
-		}
-	}
-
-	// Add common parent refs test cases.
-	for name, parentTC := range getXRouteParentRefTestCases() {
-		cases["parent-ref: "+name] = testcase{
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: parentTC.refs,
-			},
-			expectErr: parentTC.expectErr,
-		}
-	}
-	// add common backend ref test cases.
-	for name, backendTC := range getXRouteBackendRefTestCases() {
-		var refs []*pbmesh.HTTPBackendRef
-		for _, br := range backendTC.refs {
-			refs = append(refs, &pbmesh.HTTPBackendRef{
-				BackendRef: br,
-			})
-		}
-		cases["backend-ref: "+name] = testcase{
-			route: &pbmesh.HTTPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.HTTPRouteRule{
-					{BackendRefs: refs},
-				},
-			},
-			expectErr: backendTC.expectErr,
-		}
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
-
-type xRouteParentRefTestcase struct {
-	refs      []*pbmesh.ParentReference
-	expectErr string
-}
-
-func getXRouteParentRefTestCases() map[string]xRouteParentRefTestcase {
-	return map[string]xRouteParentRefTestcase{
-		"no parent refs": {
-			expectErr: `invalid "parent_refs" field: cannot be empty`,
-		},
-		"parent ref with nil ref": {
-			refs: []*pbmesh.ParentReference{
-				newParentRef(catalog.ServiceType, "api", ""),
-				{
-					Ref:  nil,
-					Port: "http",
-				},
-			},
-			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: missing required field`,
-		},
-		"parent ref with bad type ref": {
-			refs: []*pbmesh.ParentReference{
-				newParentRef(catalog.ServiceType, "api", ""),
-				newParentRef(catalog.WorkloadType, "api", ""),
-			},
-			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: reference must have type catalog.v1alpha1.Service`,
-		},
-		"parent ref with section": {
-			refs: []*pbmesh.ParentReference{
-				newParentRef(catalog.ServiceType, "api", ""),
-				{
-					Ref:  resourcetest.Resource(catalog.ServiceType, "web").Reference("section2"),
-					Port: "http",
-				},
-			},
-			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: invalid "section" field: section not supported for service parent refs`,
-		},
-		"duplicate exact parents": {
-			refs: []*pbmesh.ParentReference{
-				newParentRef(catalog.ServiceType, "api", "http"),
-				newParentRef(catalog.ServiceType, "api", "http"),
-			},
-			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for port "http" exists twice`,
-		},
-		"duplicate wild parents": {
-			refs: []*pbmesh.ParentReference{
-				newParentRef(catalog.ServiceType, "api", ""),
-				newParentRef(catalog.ServiceType, "api", ""),
-			},
-			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for wildcard port exists twice`,
-		},
-		"duplicate parents via exact+wild overlap": {
-			refs: []*pbmesh.ParentReference{
-				newParentRef(catalog.ServiceType, "api", "http"),
-				newParentRef(catalog.ServiceType, "api", ""),
-			},
-			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for ports [http] covered by wildcard port already`,
-		},
-		"duplicate parents via exact+wild overlap (reversed)": {
-			refs: []*pbmesh.ParentReference{
-				newParentRef(catalog.ServiceType, "api", ""),
-				newParentRef(catalog.ServiceType, "api", "http"),
-			},
-			expectErr: `invalid element at index 1 of list "parent_refs": invalid "ref" field: parent ref "catalog.v1alpha1.Service/default.local.default/api" for port "http" covered by wildcard port already`,
-		},
-		"good single parent ref": {
-			refs: []*pbmesh.ParentReference{
-				newParentRef(catalog.ServiceType, "api", "http"),
-			},
-		},
-		"good muliple parent refs": {
-			refs: []*pbmesh.ParentReference{
-				newParentRef(catalog.ServiceType, "api", "http"),
-				newParentRef(catalog.ServiceType, "web", ""),
-			},
-		},
-	}
-}
-
-type xRouteBackendRefTestcase struct {
-	refs      []*pbmesh.BackendReference
-	expectErr string
-}
-
-func getXRouteBackendRefTestCases() map[string]xRouteBackendRefTestcase {
-	return map[string]xRouteBackendRefTestcase{
-		"no backend refs": {
-			expectErr: `invalid "backend_refs" field: cannot be empty`,
-		},
-		"backend ref with nil ref": {
-			refs: []*pbmesh.BackendReference{
-				newBackendRef(catalog.ServiceType, "api", ""),
-				{
-					Ref:  nil,
-					Port: "http",
-				},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "ref" field: missing required field`,
-		},
-		"backend ref with bad type ref": {
-			refs: []*pbmesh.BackendReference{
-				newBackendRef(catalog.ServiceType, "api", ""),
-				newBackendRef(catalog.WorkloadType, "api", ""),
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "ref" field: reference must have type catalog.v1alpha1.Service`,
-		},
-		"backend ref with section": {
-			refs: []*pbmesh.BackendReference{
-				newBackendRef(catalog.ServiceType, "api", ""),
-				{
-					Ref:  resourcetest.Resource(catalog.ServiceType, "web").Reference("section2"),
-					Port: "http",
-				},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "ref" field: invalid "section" field: section not supported for service backend refs`,
-		},
-		"backend ref with datacenter": {
-			refs: []*pbmesh.BackendReference{
-				newBackendRef(catalog.ServiceType, "api", ""),
-				{
-					Ref:        newRef(catalog.ServiceType, "db"),
-					Port:       "http",
-					Datacenter: "dc2",
-				},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid element at index 1 of list "backend_refs": invalid "backend_ref" field: invalid "datacenter" field: datacenter is not yet supported on backend refs`,
-		},
-		"good backend ref": {
-			refs: []*pbmesh.BackendReference{
-				newBackendRef(catalog.ServiceType, "api", ""),
-				{
-					Ref:  newRef(catalog.ServiceType, "db"),
-					Port: "http",
-				},
-			},
-		},
-	}
-}
-
-type xRouteTimeoutsTestcase struct {
-	timeouts  *pbmesh.HTTPRouteTimeouts
-	expectErr string
-}
-
-func getXRouteTimeoutsTestCases() map[string]xRouteTimeoutsTestcase {
-	return map[string]xRouteTimeoutsTestcase{
-		"bad request": {
-			timeouts: &pbmesh.HTTPRouteTimeouts{
-				Request: durationpb.New(-1 * time.Second),
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid "timeouts" field: invalid "request" field: timeout cannot be negative: -1s`,
-		},
-		"bad backend request": {
-			timeouts: &pbmesh.HTTPRouteTimeouts{
-				BackendRequest: durationpb.New(-1 * time.Second),
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid "timeouts" field: invalid "backend_request" field: timeout cannot be negative: -1s`,
-		},
-		"bad idle": {
-			timeouts: &pbmesh.HTTPRouteTimeouts{
-				Idle: durationpb.New(-1 * time.Second),
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid "timeouts" field: invalid "idle" field: timeout cannot be negative: -1s`,
-		},
-		"good all": {
-			timeouts: &pbmesh.HTTPRouteTimeouts{
-				Request:        durationpb.New(1 * time.Second),
-				BackendRequest: durationpb.New(2 * time.Second),
-				Idle:           durationpb.New(3 * time.Second),
-			},
-		},
-	}
-}
-
-type xRouteRetriesTestcase struct {
-	retries   *pbmesh.HTTPRouteRetries
-	expectErr string
-}
-
-func getXRouteRetriesTestCases() map[string]xRouteRetriesTestcase {
-	return map[string]xRouteRetriesTestcase{
-		"bad number": {
-			retries: &pbmesh.HTTPRouteRetries{
-				Number: -5,
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid "retries" field: invalid "number" field: cannot be negative: -5`,
-		},
-		"bad conditions": {
-			retries: &pbmesh.HTTPRouteRetries{
-				OnConditions: []string{"garbage"},
-			},
-			expectErr: `invalid element at index 0 of list "rules": invalid "retries" field: invalid element at index 0 of list "on_conditions": not a valid retry condition: "garbage"`,
-		},
-		"good all": {
-			retries: &pbmesh.HTTPRouteRetries{
-				Number:       5,
-				OnConditions: []string{"internal"},
-			},
-		},
-	}
-}
-
-func newRef(typ *pbresource.Type, name string) *pbresource.Reference {
-	return resourcetest.Resource(typ, name).Reference("")
-}
-
-func newBackendRef(typ *pbresource.Type, name, port string) *pbmesh.BackendReference {
-	return &pbmesh.BackendReference{
-		Ref:  newRef(typ, name),
-		Port: port,
-	}
-}
-
-func newParentRef(typ *pbresource.Type, name, port string) *pbmesh.ParentReference {
-	return &pbmesh.ParentReference{
-		Ref:  newRef(typ, name),
-		Port: port,
-	}
-}
diff --git a/internal/mesh/internal/types/proxy_configuration.go b/internal/mesh/internal/types/proxy_configuration.go
index e85a00494f0f..9205dc81b132 100644
--- a/internal/mesh/internal/types/proxy_configuration.go
+++ b/internal/mesh/internal/types/proxy_configuration.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
@@ -16,7 +16,7 @@ const (
 var (
 	ProxyConfigurationV1Alpha1Type = &pbresource.Type{
 		Group:        GroupName,
-		GroupVersion: VersionV1Alpha1,
+		GroupVersion: CurrentVersion,
 		Kind:         ProxyConfigurationKind,
 	}
 
@@ -25,9 +25,8 @@ var (
 
 func RegisterProxyConfiguration(r resource.Registry) {
 	r.Register(resource.Registration{
-		Type:  ProxyConfigurationV1Alpha1Type,
-		Proto: &pbmesh.ProxyConfiguration{},
-		// TODO(rb): add validation for proxy configuration
+		Type:     ProxyConfigurationV1Alpha1Type,
+		Proto:    &pbmesh.ProxyConfiguration{},
 		Validate: nil,
 	})
 }
diff --git a/internal/mesh/internal/types/proxy_state_template.go b/internal/mesh/internal/types/proxy_state_template.go
deleted file mode 100644
index 526e0e48cb5a..000000000000
--- a/internal/mesh/internal/types/proxy_state_template.go
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/internal/resource"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	ProxyStateTemplateKind = "ProxyStateTemplate"
-)
-
-var (
-	ProxyStateTemplateV1Alpha1Type = &pbresource.Type{
-		Group:        GroupName,
-		GroupVersion: VersionV1Alpha1,
-		Kind:         ProxyStateTemplateKind,
-	}
-
-	ProxyStateTemplateType = ProxyStateTemplateV1Alpha1Type
-)
-
-func RegisterProxyStateTemplate(r resource.Registry) {
-	r.Register(resource.Registration{
-		Type:     ProxyStateTemplateV1Alpha1Type,
-		Proto:    &pbmesh.ProxyStateTemplate{},
-		Validate: nil,
-		ACLs: &resource.ACLHooks{
-			Read: func(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID) error {
-				// Check service:read and operator:read permissions.
-				// If service:read is not allowed, check operator:read. We want to allow both as this
-				// resource is mostly useful for debuggability and we want to cover
-				// the most cases that serve that purpose.
-				serviceReadErr := authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.Name, authzContext)
-				operatorReadErr := authorizer.ToAllowAuthorizer().OperatorReadAllowed(authzContext)
-
-				switch {
-				case serviceReadErr != nil:
-					return serviceReadErr
-				case operatorReadErr != nil:
-					return operatorReadErr
-				}
-
-				return nil
-			},
-			Write: func(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, p *pbresource.Resource) error {
-				// Require operator:write only for "break-glass" scenarios as this resource should be mostly
-				// managed by a controller.
-				return authorizer.ToAllowAuthorizer().OperatorWriteAllowed(authzContext)
-			},
-			List: func(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error {
-				// No-op List permission as we want to default to filtering resources
-				// from the list using the Read enforcement.
-				return nil
-			},
-		},
-	})
-}
diff --git a/internal/mesh/internal/types/tcp_route.go b/internal/mesh/internal/types/tcp_route.go
deleted file mode 100644
index c7a6ccf87430..000000000000
--- a/internal/mesh/internal/types/tcp_route.go
+++ /dev/null
@@ -1,95 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"github.com/hashicorp/go-multierror"
-
-	"github.com/hashicorp/consul/internal/resource"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	TCPRouteKind = "TCPRoute"
-)
-
-var (
-	TCPRouteV1Alpha1Type = &pbresource.Type{
-		Group:        GroupName,
-		GroupVersion: VersionV1Alpha1,
-		Kind:         TCPRouteKind,
-	}
-
-	TCPRouteType = TCPRouteV1Alpha1Type
-)
-
-func RegisterTCPRoute(r resource.Registry) {
-	r.Register(resource.Registration{
-		Type:  TCPRouteV1Alpha1Type,
-		Proto: &pbmesh.TCPRoute{},
-		// TODO(rb): normalize parent/backend ref tenancies in a Mutate hook
-		Validate: ValidateTCPRoute,
-	})
-}
-
-func ValidateTCPRoute(res *pbresource.Resource) error {
-	var route pbmesh.TCPRoute
-
-	if err := res.Data.UnmarshalTo(&route); err != nil {
-		return resource.NewErrDataParse(&route, err)
-	}
-
-	var merr error
-
-	if err := validateParentRefs(route.ParentRefs); err != nil {
-		merr = multierror.Append(merr, err)
-	}
-
-	for i, rule := range route.Rules {
-		wrapRuleErr := func(err error) error {
-			return resource.ErrInvalidListElement{
-				Name:    "rules",
-				Index:   i,
-				Wrapped: err,
-			}
-		}
-
-		if len(rule.BackendRefs) == 0 {
-			/*
-				BackendRefs (optional)¶
-
-				BackendRefs defines API objects where matching requests should be
-				sent. If unspecified, the rule performs no forwarding. If
-				unspecified and no filters are specified that would result in a
-				response being sent, a 404 error code is returned.
-			*/
-			merr = multierror.Append(merr, wrapRuleErr(
-				resource.ErrInvalidField{
-					Name:    "backend_refs",
-					Wrapped: resource.ErrEmpty,
-				},
-			))
-		}
-		for j, hbref := range rule.BackendRefs {
-			wrapBackendRefErr := func(err error) error {
-				return wrapRuleErr(resource.ErrInvalidListElement{
-					Name:    "backend_refs",
-					Index:   j,
-					Wrapped: err,
-				})
-			}
-			for _, err := range validateBackendRef(hbref.BackendRef) {
-				merr = multierror.Append(merr, wrapBackendRefErr(
-					resource.ErrInvalidField{
-						Name:    "backend_ref",
-						Wrapped: err,
-					},
-				))
-			}
-		}
-	}
-
-	return merr
-}
diff --git a/internal/mesh/internal/types/tcp_route_test.go b/internal/mesh/internal/types/tcp_route_test.go
deleted file mode 100644
index 2619a06a3ac2..000000000000
--- a/internal/mesh/internal/types/tcp_route_test.go
+++ /dev/null
@@ -1,79 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/internal/catalog"
-	"github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto/private/prototest"
-	"github.com/hashicorp/consul/sdk/testutil"
-)
-
-func TestValidateTCPRoute(t *testing.T) {
-	type testcase struct {
-		route     *pbmesh.TCPRoute
-		expectErr string
-	}
-
-	run := func(t *testing.T, tc testcase) {
-		res := resourcetest.Resource(TCPRouteType, "api").
-			WithData(t, tc.route).
-			Build()
-
-		err := ValidateTCPRoute(res)
-
-		// Verify that validate didn't actually change the object.
-		got := resourcetest.MustDecode[*pbmesh.TCPRoute](t, res)
-		prototest.AssertDeepEqual(t, tc.route, got.Data)
-
-		if tc.expectErr == "" {
-			require.NoError(t, err)
-		} else {
-			testutil.RequireErrorContains(t, err, tc.expectErr)
-		}
-	}
-
-	cases := map[string]testcase{}
-
-	// Add common parent refs test cases.
-	for name, parentTC := range getXRouteParentRefTestCases() {
-		cases["parent-ref: "+name] = testcase{
-			route: &pbmesh.TCPRoute{
-				ParentRefs: parentTC.refs,
-			},
-			expectErr: parentTC.expectErr,
-		}
-	}
-	// add common backend ref test cases.
-	for name, backendTC := range getXRouteBackendRefTestCases() {
-		var refs []*pbmesh.TCPBackendRef
-		for _, br := range backendTC.refs {
-			refs = append(refs, &pbmesh.TCPBackendRef{
-				BackendRef: br,
-			})
-		}
-		cases["backend-ref: "+name] = testcase{
-			route: &pbmesh.TCPRoute{
-				ParentRefs: []*pbmesh.ParentReference{
-					newParentRef(catalog.ServiceType, "web", ""),
-				},
-				Rules: []*pbmesh.TCPRouteRule{
-					{BackendRefs: refs},
-				},
-			},
-			expectErr: backendTC.expectErr,
-		}
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
diff --git a/internal/mesh/internal/types/types.go b/internal/mesh/internal/types/types.go
index 3b800f36d7dc..3eeb69bd101c 100644
--- a/internal/mesh/internal/types/types.go
+++ b/internal/mesh/internal/types/types.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
@@ -16,11 +16,4 @@ const (
 func Register(r resource.Registry) {
 	RegisterProxyConfiguration(r)
 	RegisterUpstreams(r)
-	RegisterUpstreamsConfiguration(r)
-	RegisterProxyStateTemplate(r)
-	RegisterHTTPRoute(r)
-	RegisterTCPRoute(r)
-	RegisterGRPCRoute(r)
-	RegisterDestinationPolicy(r)
-	RegisterComputedRoutes(r)
 }
diff --git a/internal/mesh/internal/types/types_test.go b/internal/mesh/internal/types/types_test.go
index b481a75d0ad5..4324e8707830 100644
--- a/internal/mesh/internal/types/types_test.go
+++ b/internal/mesh/internal/types/types_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/internal/mesh/internal/types/upstreams.go b/internal/mesh/internal/types/upstreams.go
index f96e40d1ff41..54fd14b098d5 100644
--- a/internal/mesh/internal/types/upstreams.go
+++ b/internal/mesh/internal/types/upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
@@ -16,7 +16,7 @@ const (
 var (
 	UpstreamsV1Alpha1Type = &pbresource.Type{
 		Group:        GroupName,
-		GroupVersion: VersionV1Alpha1,
+		GroupVersion: CurrentVersion,
 		Kind:         UpstreamsKind,
 	}
 
diff --git a/internal/mesh/internal/types/upstreams_configuration.go b/internal/mesh/internal/types/upstreams_configuration.go
deleted file mode 100644
index ae7ba0d5b073..000000000000
--- a/internal/mesh/internal/types/upstreams_configuration.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"github.com/hashicorp/consul/internal/resource"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	UpstreamsConfigurationKind = "UpstreamsConfiguration"
-)
-
-var (
-	UpstreamsConfigurationV1Alpha1Type = &pbresource.Type{
-		Group:        GroupName,
-		GroupVersion: VersionV1Alpha1,
-		Kind:         UpstreamsConfigurationKind,
-	}
-
-	UpstreamsConfigurationType = UpstreamsConfigurationV1Alpha1Type
-)
-
-func RegisterUpstreamsConfiguration(r resource.Registry) {
-	r.Register(resource.Registration{
-		Type:     UpstreamsConfigurationV1Alpha1Type,
-		Proto:    &pbmesh.UpstreamsConfiguration{},
-		Validate: nil,
-	})
-}
diff --git a/internal/mesh/internal/types/util.go b/internal/mesh/internal/types/util.go
deleted file mode 100644
index 5a0e45d0201e..000000000000
--- a/internal/mesh/internal/types/util.go
+++ /dev/null
@@ -1,52 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"github.com/hashicorp/consul/internal/catalog"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-func IsRouteType(typ *pbresource.Type) bool {
-	switch {
-	case resource.EqualType(typ, HTTPRouteType),
-		resource.EqualType(typ, GRPCRouteType),
-		resource.EqualType(typ, TCPRouteType):
-		return true
-	}
-	return false
-}
-
-func IsFailoverPolicyType(typ *pbresource.Type) bool {
-	switch {
-	case resource.EqualType(typ, catalog.FailoverPolicyType):
-		return true
-	}
-	return false
-}
-
-func IsDestinationPolicyType(typ *pbresource.Type) bool {
-	switch {
-	case resource.EqualType(typ, DestinationPolicyType):
-		return true
-	}
-	return false
-}
-
-func IsServiceType(typ *pbresource.Type) bool {
-	switch {
-	case resource.EqualType(typ, catalog.ServiceType):
-		return true
-	}
-	return false
-}
-
-func IsComputedRoutesType(typ *pbresource.Type) bool {
-	switch {
-	case resource.EqualType(typ, ComputedRoutesType):
-		return true
-	}
-	return false
-}
diff --git a/internal/mesh/internal/types/xroute.go b/internal/mesh/internal/types/xroute.go
deleted file mode 100644
index 572e7f53138b..000000000000
--- a/internal/mesh/internal/types/xroute.go
+++ /dev/null
@@ -1,296 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package types
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/hashicorp/go-multierror"
-	"google.golang.org/protobuf/proto"
-
-	"github.com/hashicorp/consul/internal/catalog"
-	"github.com/hashicorp/consul/internal/resource"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-)
-
-type XRouteData interface {
-	proto.Message
-	XRouteWithRefs
-}
-
-type XRouteWithRefs interface {
-	GetParentRefs() []*pbmesh.ParentReference
-	GetUnderlyingBackendRefs() []*pbmesh.BackendReference
-}
-
-type portedRefKey struct {
-	Key  resource.ReferenceKey
-	Port string
-}
-
-func validateParentRefs(parentRefs []*pbmesh.ParentReference) error {
-	var merr error
-	if len(parentRefs) == 0 {
-		merr = multierror.Append(merr, resource.ErrInvalidField{
-			Name:    "parent_refs",
-			Wrapped: resource.ErrEmpty,
-		})
-	}
-
-	var (
-		seen    = make(map[portedRefKey]struct{})
-		seenAny = make(map[resource.ReferenceKey][]string)
-	)
-	for i, parent := range parentRefs {
-		wrapErr := func(err error) error {
-			return resource.ErrInvalidListElement{
-				Name:    "parent_refs",
-				Index:   i,
-				Wrapped: err,
-			}
-		}
-		if parent.Ref == nil {
-			merr = multierror.Append(merr, wrapErr(
-				resource.ErrInvalidField{
-					Name:    "ref",
-					Wrapped: resource.ErrMissing,
-				},
-			))
-		} else {
-			if !IsServiceType(parent.Ref.Type) {
-				merr = multierror.Append(merr, wrapErr(
-					resource.ErrInvalidField{
-						Name: "ref",
-						Wrapped: resource.ErrInvalidReferenceType{
-							AllowedType: catalog.ServiceType,
-						},
-					},
-				))
-			}
-			if parent.Ref.Section != "" {
-				merr = multierror.Append(merr, wrapErr(
-					resource.ErrInvalidField{
-						Name: "ref",
-						Wrapped: resource.ErrInvalidField{
-							Name:    "section",
-							Wrapped: errors.New("section not supported for service parent refs"),
-						},
-					},
-				))
-			}
-
-			prk := portedRefKey{
-				Key:  resource.NewReferenceKey(parent.Ref),
-				Port: parent.Port,
-			}
-
-			_, portExist := seen[prk]
-
-			if parent.Port == "" {
-				coveredPorts, exactExists := seenAny[prk.Key]
-
-				if portExist { // check for duplicate wild
-					merr = multierror.Append(merr, wrapErr(
-						resource.ErrInvalidField{
-							Name: "ref",
-							Wrapped: fmt.Errorf(
-								"parent ref %q for wildcard port exists twice",
-								resource.ReferenceToString(parent.Ref),
-							),
-						},
-					))
-				} else if exactExists { // check for existing exact
-					merr = multierror.Append(merr, wrapErr(
-						resource.ErrInvalidField{
-							Name: "ref",
-							Wrapped: fmt.Errorf(
-								"parent ref %q for ports %v covered by wildcard port already",
-								resource.ReferenceToString(parent.Ref),
-								coveredPorts,
-							),
-						},
-					))
-				} else {
-					seen[prk] = struct{}{}
-				}
-
-			} else {
-				prkWild := prk
-				prkWild.Port = ""
-				_, wildExist := seen[prkWild]
-
-				if portExist { // check for duplicate exact
-					merr = multierror.Append(merr, wrapErr(
-						resource.ErrInvalidField{
-							Name: "ref",
-							Wrapped: fmt.Errorf(
-								"parent ref %q for port %q exists twice",
-								resource.ReferenceToString(parent.Ref),
-								parent.Port,
-							),
-						},
-					))
-				} else if wildExist { // check for existing wild
-					merr = multierror.Append(merr, wrapErr(
-						resource.ErrInvalidField{
-							Name: "ref",
-							Wrapped: fmt.Errorf(
-								"parent ref %q for port %q covered by wildcard port already",
-								resource.ReferenceToString(parent.Ref),
-								parent.Port,
-							),
-						},
-					))
-				} else {
-					seen[prk] = struct{}{}
-					seenAny[prk.Key] = append(seenAny[prk.Key], parent.Port)
-				}
-			}
-		}
-	}
-
-	return merr
-}
-
-func validateBackendRef(backendRef *pbmesh.BackendReference) []error {
-	var errs []error
-	if backendRef == nil {
-		errs = append(errs, resource.ErrMissing)
-
-	} else if backendRef.Ref == nil {
-		errs = append(errs, resource.ErrInvalidField{
-			Name:    "ref",
-			Wrapped: resource.ErrMissing,
-		})
-
-	} else {
-		if !IsServiceType(backendRef.Ref.Type) {
-			errs = append(errs, resource.ErrInvalidField{
-				Name: "ref",
-				Wrapped: resource.ErrInvalidReferenceType{
-					AllowedType: catalog.ServiceType,
-				},
-			})
-		}
-
-		if backendRef.Ref.Section != "" {
-			errs = append(errs, resource.ErrInvalidField{
-				Name: "ref",
-				Wrapped: resource.ErrInvalidField{
-					Name:    "section",
-					Wrapped: errors.New("section not supported for service backend refs"),
-				},
-			})
-		}
-
-		if backendRef.Datacenter != "" {
-			errs = append(errs, resource.ErrInvalidField{
-				Name:    "datacenter",
-				Wrapped: errors.New("datacenter is not yet supported on backend refs"),
-			})
-		}
-	}
-	return errs
-}
-
-func validateHeaderMatchType(typ pbmesh.HeaderMatchType) error {
-	switch typ {
-	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_UNSPECIFIED:
-		return resource.ErrMissing
-	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_EXACT:
-	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_REGEX:
-	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_PRESENT:
-	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_PREFIX:
-	case pbmesh.HeaderMatchType_HEADER_MATCH_TYPE_SUFFIX:
-	default:
-		return fmt.Errorf("not a supported enum value: %v", typ)
-	}
-	return nil
-}
-
-func validateHTTPTimeouts(timeouts *pbmesh.HTTPRouteTimeouts) []error {
-	if timeouts == nil {
-		return nil
-	}
-
-	var errs []error
-
-	if timeouts.Request != nil {
-		val := timeouts.Request.AsDuration()
-		if val < 0 {
-			errs = append(errs, resource.ErrInvalidField{
-				Name:    "request",
-				Wrapped: fmt.Errorf("timeout cannot be negative: %v", val),
-			})
-		}
-	}
-	if timeouts.BackendRequest != nil {
-		val := timeouts.BackendRequest.AsDuration()
-		if val < 0 {
-			errs = append(errs, resource.ErrInvalidField{
-				Name:    "backend_request",
-				Wrapped: fmt.Errorf("timeout cannot be negative: %v", val),
-			})
-		}
-	}
-	if timeouts.Idle != nil {
-		val := timeouts.Idle.AsDuration()
-		if val < 0 {
-			errs = append(errs, resource.ErrInvalidField{
-				Name:    "idle",
-				Wrapped: fmt.Errorf("timeout cannot be negative: %v", val),
-			})
-		}
-	}
-
-	return errs
-}
-
-func validateHTTPRetries(retries *pbmesh.HTTPRouteRetries) []error {
-	if retries == nil {
-		return nil
-	}
-
-	var errs []error
-
-	if retries.Number < 0 {
-		errs = append(errs, resource.ErrInvalidField{
-			Name:    "number",
-			Wrapped: fmt.Errorf("cannot be negative: %v", retries.Number),
-		})
-	}
-
-	for i, condition := range retries.OnConditions {
-		if !isValidRetryCondition(condition) {
-			errs = append(errs, resource.ErrInvalidListElement{
-				Name:    "on_conditions",
-				Index:   i,
-				Wrapped: fmt.Errorf("not a valid retry condition: %q", condition),
-			})
-		}
-	}
-
-	return errs
-}
-
-func isValidRetryCondition(retryOn string) bool {
-	switch retryOn {
-	case "5xx",
-		"gateway-error",
-		"reset",
-		"connect-failure",
-		"envoy-ratelimited",
-		"retriable-4xx",
-		"refused-stream",
-		"cancelled",
-		"deadline-exceeded",
-		"internal",
-		"resource-exhausted",
-		"unavailable":
-		return true
-	default:
-		return false
-	}
-}
diff --git a/internal/mesh/proxy-snapshot/proxy_snapshot.go b/internal/mesh/proxy-snapshot/proxy_snapshot.go
deleted file mode 100644
index 40763f568c17..000000000000
--- a/internal/mesh/proxy-snapshot/proxy_snapshot.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package proxysnapshot
-
-import "github.com/hashicorp/consul/acl"
-
-// ProxySnapshot is an abstraction that allows interchangeability between
-// Catalog V1 ConfigSnapshot and Catalog V2 ProxyState.
-type ProxySnapshot interface {
-	AllowEmptyListeners() bool
-	AllowEmptyRoutes() bool
-	AllowEmptyClusters() bool
-	Authorize(authz acl.Authorizer) error
-	LoggerName() string
-}
-
-// CancelFunc is a type for a returned function that can be called to cancel a
-// watch.
-type CancelFunc func()
diff --git a/internal/mesh/proxy-tracker/mock_SessionLimiter.go b/internal/mesh/proxy-tracker/mock_SessionLimiter.go
deleted file mode 100644
index 32375dbdc386..000000000000
--- a/internal/mesh/proxy-tracker/mock_SessionLimiter.go
+++ /dev/null
@@ -1,53 +0,0 @@
-// Code generated by mockery v2.33.1. DO NOT EDIT.
-
-package proxytracker
-
-import (
-	limiter "github.com/hashicorp/consul/agent/grpc-external/limiter"
-	mock "github.com/stretchr/testify/mock"
-)
-
-// MockSessionLimiter is an autogenerated mock type for the SessionLimiter type
-type MockSessionLimiter struct {
-	mock.Mock
-}
-
-// BeginSession provides a mock function with given fields:
-func (_m *MockSessionLimiter) BeginSession() (limiter.Session, error) {
-	ret := _m.Called()
-
-	var r0 limiter.Session
-	var r1 error
-	if rf, ok := ret.Get(0).(func() (limiter.Session, error)); ok {
-		return rf()
-	}
-	if rf, ok := ret.Get(0).(func() limiter.Session); ok {
-		r0 = rf()
-	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(limiter.Session)
-		}
-	}
-
-	if rf, ok := ret.Get(1).(func() error); ok {
-		r1 = rf()
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// NewMockSessionLimiter creates a new instance of MockSessionLimiter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-// The first argument is typically a *testing.T value.
-func NewMockSessionLimiter(t interface {
-	mock.TestingT
-	Cleanup(func())
-}) *MockSessionLimiter {
-	mock := &MockSessionLimiter{}
-	mock.Mock.Test(t)
-
-	t.Cleanup(func() { mock.AssertExpectations(t) })
-
-	return mock
-}
diff --git a/internal/mesh/proxy-tracker/proxy_state_exports.go b/internal/mesh/proxy-tracker/proxy_state_exports.go
deleted file mode 100644
index 59c4e1070f10..000000000000
--- a/internal/mesh/proxy-tracker/proxy_state_exports.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package proxytracker
-
-import (
-	"github.com/hashicorp/consul/acl"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-)
-
-// ProxyState is an implementation of the ProxySnapshot interface for pbmesh.ProxyState.
-// It is a simple wrapper around pbmesh.ProxyState so that it can be used
-// by the ProxyWatcher interface in XDS processing.  This struct is necessary
-// because pbmesh.ProxyState is a proto definition and there were complications
-// adding these functions directly to that proto definition.
-type ProxyState struct {
-	*pbmesh.ProxyState
-}
-
-// TODO(proxystate): need to modify ProxyState to carry a type/kind (connect proxy, mesh gateway, etc.)
-// for sidecar proxies, all Allow* functions
-// should return false, but for different gateways we'd need to add it to IR.
-
-func (p *ProxyState) AllowEmptyListeners() bool {
-	return false
-}
-
-func (p *ProxyState) AllowEmptyRoutes() bool {
-	return false
-}
-
-func (p *ProxyState) AllowEmptyClusters() bool {
-	return false
-}
-
-func (p *ProxyState) Authorize(authz acl.Authorizer) error {
-	// TODO(proxystate): we'll need to implement this once identity policy is implemented
-
-	// Authed OK!
-	return nil
-}
-
-func (p *ProxyState) LoggerName() string {
-	return ""
-}
diff --git a/internal/mesh/proxy-tracker/proxy_tracker.go b/internal/mesh/proxy-tracker/proxy_tracker.go
deleted file mode 100644
index a40353aaf699..000000000000
--- a/internal/mesh/proxy-tracker/proxy_tracker.go
+++ /dev/null
@@ -1,281 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package proxytracker
-
-import (
-	"errors"
-	"fmt"
-	"sync"
-
-	"github.com/hashicorp/go-hclog"
-
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/mesh/internal/types"
-	proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-// ProxyConnection implements the queue.ItemType interface so that it can be used in a controller.Event.
-// It is sent on the newProxyConnectionCh channel.
-// TODO(ProxyState): needs to support tenancy in the future.
-type ProxyConnection struct {
-	ProxyID *pbresource.ID
-}
-
-// Key is current resourceID.Name.
-func (e *ProxyConnection) Key() string {
-	return e.ProxyID.GetName()
-}
-
-// proxyWatchData is a handle on all of the relevant bits that is created by calling Watch().
-// It is meant to be stored in the proxies cache by proxyID so that watches can be notified
-// when the ProxyState for that proxyID has changed.
-type proxyWatchData struct {
-	// notifyCh is the channel that the watcher receives updates from ProxyTracker.
-	notifyCh chan proxysnapshot.ProxySnapshot
-	// state is the current/last updated ProxyState for a given proxy.
-	state proxysnapshot.ProxySnapshot
-	// token is the ACL token provided by the watcher.
-	token string
-	// nodeName is the node where the given proxy resides.
-	nodeName string
-}
-
-type ProxyTrackerConfig struct {
-	// logger will be used to write log messages.
-	Logger hclog.Logger
-
-	// sessionLimiter is used to enforce xDS concurrency limits.
-	SessionLimiter SessionLimiter
-}
-
-// ProxyTracker implements the Watcher and Updater interfaces. The Watcher is used by the xds server to add a new proxy
-// to this server, and get back a channel for updates. The Updater is used by the ProxyState controller running on the
-// server to push ProxyState updates to the notify channel.
-type ProxyTracker struct {
-	config ProxyTrackerConfig
-	// proxies is a cache of the proxies connected to this server and configuration information for each one.
-	proxies map[resource.ReferenceKey]*proxyWatchData
-	// newProxyConnectionCh is the channel that the "updater" retains to receive messages from ProxyTracker that a new
-	// proxy has connected to ProxyTracker and a signal the "updater" should call PushChanges with a new state.
-	newProxyConnectionCh chan controller.Event
-	// shutdownCh is a channel that closes when ProxyTracker is shutdown. ShutdownChannel is never written to, only closed to
-	// indicate a shutdown has been initiated.
-	shutdownCh chan struct{}
-	// mu is a mutex that is used internally for locking when reading and modifying ProxyTracker state, namely the proxies map.
-	mu sync.Mutex
-}
-
-// NewProxyTracker returns a ProxyTracker instance given a configuration.
-func NewProxyTracker(cfg ProxyTrackerConfig) *ProxyTracker {
-	return &ProxyTracker{
-		config:  cfg,
-		proxies: make(map[resource.ReferenceKey]*proxyWatchData),
-		// buffering this channel since ProxyTracker will be registering watches for all proxies.
-		// using the buffer will limit errors related to controller and the proxy are both running
-		// but the controllers listening function is not blocking on the particular receive line.
-		// This channel is meant to error when the controller is "not ready" which means up and alive.
-		// This buffer will try to reduce false negatives and limit unnecessary erroring.
-		newProxyConnectionCh: make(chan controller.Event, 1000),
-		shutdownCh:           make(chan struct{}),
-	}
-}
-
-// Watch connects a proxy with ProxyTracker and returns the consumer a channel to receive updates,
-// a channel to notify of xDS terminated session, and a cancel function to cancel the watch.
-func (pt *ProxyTracker) Watch(proxyID *pbresource.ID,
-	nodeName string, token string) (<-chan proxysnapshot.ProxySnapshot,
-	limiter.SessionTerminatedChan, proxysnapshot.CancelFunc, error) {
-	pt.config.Logger.Trace("watch initiated", "proxyID", proxyID, "nodeName", nodeName)
-	if err := pt.validateWatchArgs(proxyID, nodeName); err != nil {
-		pt.config.Logger.Error("args failed validation", err)
-		return nil, nil, nil, err
-	}
-	// Begin a session with the xDS session concurrency limiter.
-	//
-	// See: https://github.com/hashicorp/consul/issues/15753
-	session, err := pt.config.SessionLimiter.BeginSession()
-	if err != nil {
-		pt.config.Logger.Error("failed to begin session with xDS session concurrency limiter", err)
-		return nil, nil, nil, err
-	}
-
-	// This buffering is crucial otherwise we'd block immediately trying to
-	// deliver the current snapshot below if we already have one.
-
-	proxyStateChan := make(chan proxysnapshot.ProxySnapshot, 1)
-	watchData := &proxyWatchData{
-		notifyCh: proxyStateChan,
-		state:    nil,
-		token:    token,
-		nodeName: nodeName,
-	}
-
-	proxyReferenceKey := resource.NewReferenceKey(proxyID)
-	cancel := func() {
-		pt.mu.Lock()
-		defer pt.mu.Unlock()
-		pt.cancelWatchLocked(proxyReferenceKey, proxyStateChan, session)
-	}
-
-	pt.mu.Lock()
-	defer pt.mu.Unlock()
-
-	pt.proxies[proxyReferenceKey] = watchData
-
-	//Send an event to the controller
-	err = pt.notifyNewProxyChannel(proxyID)
-	if err != nil {
-		pt.config.Logger.Error("failed to notify controller of new proxy connection", err)
-		pt.cancelWatchLocked(proxyReferenceKey, watchData.notifyCh, session)
-		return nil, nil, nil, err
-	}
-	pt.config.Logger.Trace("controller notified of watch created", "proxyID", proxyID, "nodeName", nodeName)
-
-	return proxyStateChan, session.Terminated(), cancel, nil
-}
-
-// notifyNewProxyChannel attempts to send a message to newProxyConnectionCh and will return an error if there's no receiver.
-// This will handle conditions where a proxy is connected but there's no controller for some reason to receive the event.
-// This will error back to the proxy's Watch call and will cause the proxy call Watch again to retry connection until the controller
-// is available.
-func (pt *ProxyTracker) notifyNewProxyChannel(proxyID *pbresource.ID) error {
-	controllerEvent := controller.Event{
-		Obj: &ProxyConnection{
-			ProxyID: proxyID,
-		},
-	}
-	select {
-	case pt.newProxyConnectionCh <- controllerEvent:
-		return nil
-		// using default here to return errors is only safe when we have a large buffer.
-		// the receiver is on a loop to read from the channel.  If the sequence of
-		// sender blocks on the channel and then the receiver blocks on the channel is not
-		// aligned, then extraneous errors could be returned to the proxy that are just
-		// false negatives and the controller could be up and healthy.
-	default:
-		return fmt.Errorf("failed to notify the controller of the proxy connecting")
-	}
-}
-
-// cancelWatchLocked does the following:
-// - deletes the key from the proxies array.
-// - ends the session with xDS session limiter.
-// - closes the proxy state channel assigned to the proxy.
-// This function assumes the state lock is already held.
-func (pt *ProxyTracker) cancelWatchLocked(proxyReferenceKey resource.ReferenceKey, proxyStateChan chan proxysnapshot.ProxySnapshot, session limiter.Session) {
-	delete(pt.proxies, proxyReferenceKey)
-	session.End()
-	close(proxyStateChan)
-	pt.config.Logger.Trace("watch cancelled", "proxyReferenceKey", proxyReferenceKey)
-}
-
-// validateWatchArgs checks the proxyIDand nodeName passed to Watch
-// and returns an error if the args are not properly constructed.
-func (pt *ProxyTracker) validateWatchArgs(proxyID *pbresource.ID,
-	nodeName string) error {
-	if proxyID == nil {
-		return errors.New("proxyID is required")
-	} else if proxyID.GetType().GetKind() != types.ProxyStateTemplateType.Kind {
-		return fmt.Errorf("proxyID must be a %s", types.ProxyStateTemplateType.GetKind())
-	} else if nodeName == "" {
-		return errors.New("nodeName is required")
-	}
-
-	return nil
-}
-
-// PushChange allows pushing a computed ProxyState to xds for xds resource generation to send to a proxy.
-func (pt *ProxyTracker) PushChange(proxyID *pbresource.ID, proxyState proxysnapshot.ProxySnapshot) error {
-	pt.config.Logger.Trace("push change called for proxy", "proxyID", proxyID)
-	proxyReferenceKey := resource.NewReferenceKey(proxyID)
-	pt.mu.Lock()
-	defer pt.mu.Unlock()
-	if data, ok := pt.proxies[proxyReferenceKey]; ok {
-		data.state = proxyState
-
-		pt.deliverLatest(proxyID, proxyState, data.notifyCh)
-	} else {
-		return errors.New("proxyState change could not be sent because proxy is not connected")
-	}
-
-	return nil
-}
-
-func (pt *ProxyTracker) deliverLatest(proxyID *pbresource.ID, proxyState proxysnapshot.ProxySnapshot, ch chan proxysnapshot.ProxySnapshot) {
-	pt.config.Logger.Trace("delivering latest proxy snapshot to proxy", "proxyID", proxyID)
-	// Send if chan is empty
-	select {
-	case ch <- proxyState:
-		return
-	default:
-	}
-
-	// Not empty, drain the chan of older snapshots and redeliver. For now we only
-	// use 1-buffered chans but this will still work if we change that later.
-OUTER:
-	for {
-		select {
-		case <-ch:
-			continue
-		default:
-			break OUTER
-		}
-	}
-
-	// Now send again
-	select {
-	case ch <- proxyState:
-		return
-	default:
-		// This should not be possible since we should be the only sender, enforced
-		// by m.mu but error and drop the update rather than panic.
-		pt.config.Logger.Error("failed to deliver proxyState to proxy",
-			"proxy", proxyID.String(),
-		)
-	}
-}
-
-// EventChannel returns an event channel that sends controller events when a proxy connects to a server.
-func (pt *ProxyTracker) EventChannel() chan controller.Event {
-	return pt.newProxyConnectionCh
-}
-
-// ShutdownChannel returns a channel that closes when ProxyTracker is shutdown. ShutdownChannel is never written to, only closed to
-// indicate a shutdown has been initiated.
-func (pt *ProxyTracker) ShutdownChannel() chan struct{} {
-	return pt.shutdownCh
-}
-
-// ProxyConnectedToServer returns whether this id is connected to this server.
-func (pt *ProxyTracker) ProxyConnectedToServer(proxyID *pbresource.ID) bool {
-	pt.mu.Lock()
-	defer pt.mu.Unlock()
-	proxyReferenceKey := resource.NewReferenceKey(proxyID)
-	_, ok := pt.proxies[proxyReferenceKey]
-	return ok
-}
-
-// Shutdown removes all state and close all channels.
-func (pt *ProxyTracker) Shutdown() {
-	pt.config.Logger.Info("proxy tracker shutdown initiated")
-	pt.mu.Lock()
-	defer pt.mu.Unlock()
-
-	// Close all current watchers first
-	for proxyID, watchData := range pt.proxies {
-		close(watchData.notifyCh)
-		delete(pt.proxies, proxyID)
-	}
-
-	close(pt.newProxyConnectionCh)
-	close(pt.shutdownCh)
-}
-
-//go:generate mockery --name SessionLimiter --inpackage
-type SessionLimiter interface {
-	BeginSession() (limiter.Session, error)
-}
diff --git a/internal/mesh/proxy-tracker/proxy_tracker_test.go b/internal/mesh/proxy-tracker/proxy_tracker_test.go
deleted file mode 100644
index 09e5be13ac52..000000000000
--- a/internal/mesh/proxy-tracker/proxy_tracker_test.go
+++ /dev/null
@@ -1,344 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package proxytracker
-
-import (
-	"errors"
-	"fmt"
-	"testing"
-
-	"github.com/stretchr/testify/mock"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/agent/grpc-external/limiter"
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/mesh/internal/types"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/resource/resourcetest"
-	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/sdk/testutil"
-)
-
-func TestProxyTracker_Watch(t *testing.T) {
-	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
-	proxyReferenceKey := resource.NewReferenceKey(resourceID)
-	lim := NewMockSessionLimiter(t)
-	session1 := newMockSession(t)
-	session1TermCh := make(limiter.SessionTerminatedChan)
-	session1.On("Terminated").Return(session1TermCh)
-	session1.On("End").Return()
-	lim.On("BeginSession").Return(session1, nil)
-	logger := testutil.Logger(t)
-
-	pt := NewProxyTracker(ProxyTrackerConfig{
-		Logger:         logger,
-		SessionLimiter: lim,
-	})
-
-	// Watch()
-	proxyStateChan, _, cancelFunc, err := pt.Watch(resourceID, "node 1", "token")
-	require.NoError(t, err)
-
-	// ensure New Proxy Connection message is sent
-	newProxyMsg := <-pt.EventChannel()
-	require.Equal(t, resourceID.Name, newProxyMsg.Obj.Key())
-
-	// watchData is stored in the proxies array with a nil state
-	watchData, ok := pt.proxies[proxyReferenceKey]
-	require.True(t, ok)
-	require.NotNil(t, watchData)
-	require.Nil(t, watchData.state)
-
-	// calling cancelFunc does the following:
-	// - closes the proxy state channel
-	// - and removes the map entry for the proxy
-	// - session is ended
-	cancelFunc()
-
-	// read channel to see if there is data and it is open.
-	receivedState, channelOpen := <-proxyStateChan
-	require.Nil(t, receivedState)
-	require.False(t, channelOpen)
-
-	// key is removed from proxies array
-	_, ok = pt.proxies[proxyReferenceKey]
-	require.False(t, ok)
-
-	// session ended
-	session1.AssertCalled(t, "Terminated")
-	session1.AssertCalled(t, "End")
-}
-
-func TestProxyTracker_Watch_ErrorConsumerNotReady(t *testing.T) {
-	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
-	proxyReferenceKey := resource.NewReferenceKey(resourceID)
-	lim := NewMockSessionLimiter(t)
-	session1 := newMockSession(t)
-	session1.On("End").Return()
-	lim.On("BeginSession").Return(session1, nil)
-	logger := testutil.Logger(t)
-
-	pt := NewProxyTracker(ProxyTrackerConfig{
-		Logger:         logger,
-		SessionLimiter: lim,
-	})
-
-	//fill up buffered channel while the consumer is not ready to simulate the error
-	for i := 0; i < 1000; i++ {
-		event := controller.Event{Obj: &ProxyConnection{ProxyID: resourcetest.Resource(types.ProxyStateTemplateType, fmt.Sprintf("test%d", i)).ID()}}
-		pt.newProxyConnectionCh <- event
-	}
-
-	// Watch()
-	proxyStateChan, sessionTerminatedCh, cancelFunc, err := pt.Watch(resourceID, "node 1", "token")
-	require.Nil(t, cancelFunc)
-	require.Nil(t, proxyStateChan)
-	require.Nil(t, sessionTerminatedCh)
-	require.Error(t, err)
-	require.Equal(t, "failed to notify the controller of the proxy connecting", err.Error())
-
-	// it is not stored in the proxies array
-	watchData, ok := pt.proxies[proxyReferenceKey]
-	require.False(t, ok)
-	require.Nil(t, watchData)
-}
-
-func TestProxyTracker_Watch_ArgValidationErrors(t *testing.T) {
-	type testcase struct {
-		description   string
-		proxyID       *pbresource.ID
-		nodeName      string
-		token         string
-		expectedError error
-	}
-	testcases := []*testcase{
-		{
-			description:   "Empty proxyID",
-			proxyID:       nil,
-			nodeName:      "something",
-			token:         "something",
-			expectedError: errors.New("proxyID is required"),
-		},
-		{
-			description:   "Empty nodeName",
-			proxyID:       resourcetest.Resource(types.ProxyStateTemplateType, "test").ID(),
-			nodeName:      "",
-			token:         "something",
-			expectedError: errors.New("nodeName is required"),
-		},
-		{
-			description:   "resource is not ProxyStateTemplate",
-			proxyID:       resourcetest.Resource(types.ProxyConfigurationType, "test").ID(),
-			nodeName:      "something",
-			token:         "something else",
-			expectedError: errors.New("proxyID must be a ProxyStateTemplate"),
-		},
-	}
-	for _, tc := range testcases {
-		lim := NewMockSessionLimiter(t)
-		lim.On("BeginSession").Return(nil, nil).Maybe()
-		logger := testutil.Logger(t)
-
-		pt := NewProxyTracker(ProxyTrackerConfig{
-			Logger:         logger,
-			SessionLimiter: lim,
-		})
-
-		// Watch()
-		proxyStateChan, sessionTerminateCh, cancelFunc, err := pt.Watch(tc.proxyID, tc.nodeName, tc.token)
-		require.Error(t, err)
-		require.Equal(t, tc.expectedError, err)
-		require.Nil(t, proxyStateChan)
-		require.Nil(t, sessionTerminateCh)
-		require.Nil(t, cancelFunc)
-	}
-}
-
-func TestProxyTracker_Watch_SessionLimiterError(t *testing.T) {
-	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
-	lim := NewMockSessionLimiter(t)
-	lim.On("BeginSession").Return(nil, errors.New("kaboom"))
-	logger := testutil.Logger(t)
-	pt := NewProxyTracker(ProxyTrackerConfig{
-		Logger:         logger,
-		SessionLimiter: lim,
-	})
-
-	// Watch()
-	proxyStateChan, sessionTerminateCh, cancelFunc, err := pt.Watch(resourceID, "node 1", "token")
-	require.Error(t, err)
-	require.Equal(t, "kaboom", err.Error())
-	require.Nil(t, proxyStateChan)
-	require.Nil(t, sessionTerminateCh)
-	require.Nil(t, cancelFunc)
-}
-
-func TestProxyTracker_PushChange(t *testing.T) {
-	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
-	proxyReferenceKey := resource.NewReferenceKey(resourceID)
-	lim := NewMockSessionLimiter(t)
-	session1 := newMockSession(t)
-	session1TermCh := make(limiter.SessionTerminatedChan)
-	session1.On("Terminated").Return(session1TermCh)
-	lim.On("BeginSession").Return(session1, nil)
-	logger := testutil.Logger(t)
-
-	pt := NewProxyTracker(ProxyTrackerConfig{
-		Logger:         logger,
-		SessionLimiter: lim,
-	})
-
-	// Watch()
-	proxyStateChan, _, _, err := pt.Watch(resourceID, "node 1", "token")
-	require.NoError(t, err)
-
-	// PushChange
-	proxyState := &ProxyState{ProxyState: &pbmesh.ProxyState{
-		IntentionDefaultAllow: true,
-	}}
-
-	// using a goroutine so that the channel and main test thread do not cause
-	// blocking issues with each other
-	go func() {
-		err = pt.PushChange(resourceID, proxyState)
-		require.NoError(t, err)
-	}()
-
-	// channel receives a copy
-	receivedState, channelOpen := <-proxyStateChan
-	require.True(t, channelOpen)
-	require.Equal(t, proxyState, receivedState)
-
-	// it is stored in the proxies array
-	watchData, ok := pt.proxies[proxyReferenceKey]
-	require.True(t, ok)
-	require.Equal(t, proxyState, watchData.state)
-}
-
-func TestProxyTracker_PushChanges_ErrorProxyNotConnected(t *testing.T) {
-	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
-	lim := NewMockSessionLimiter(t)
-	logger := testutil.Logger(t)
-
-	pt := NewProxyTracker(ProxyTrackerConfig{
-		Logger:         logger,
-		SessionLimiter: lim,
-	})
-
-	// PushChange
-	proxyState := &ProxyState{ProxyState: &pbmesh.ProxyState{
-		IntentionDefaultAllow: true,
-	}}
-
-	err := pt.PushChange(resourceID, proxyState)
-	require.Error(t, err)
-	require.Equal(t, "proxyState change could not be sent because proxy is not connected", err.Error())
-}
-
-func TestProxyTracker_ProxyConnectedToServer(t *testing.T) {
-	type testcase struct {
-		name              string
-		shouldExist       bool
-		preProcessingFunc func(pt *ProxyTracker, resourceID *pbresource.ID, limiter *MockSessionLimiter, session *mockSession, channel limiter.SessionTerminatedChan)
-	}
-	testsCases := []*testcase{
-		{
-			name:        "Resource that has not been sent through Watch() should return false",
-			shouldExist: false,
-			preProcessingFunc: func(pt *ProxyTracker, resourceID *pbresource.ID, limiter *MockSessionLimiter, session *mockSession, channel limiter.SessionTerminatedChan) {
-				session.On("Terminated").Return(channel).Maybe()
-				session.On("End").Return().Maybe()
-				limiter.On("BeginSession").Return(session, nil).Maybe()
-			},
-		},
-		{
-			name:        "Resource used that is already passed in through Watch() should return true",
-			shouldExist: true,
-			preProcessingFunc: func(pt *ProxyTracker, resourceID *pbresource.ID, limiter *MockSessionLimiter, session *mockSession, channel limiter.SessionTerminatedChan) {
-				session.On("Terminated").Return(channel).Maybe()
-				session.On("End").Return().Maybe()
-				limiter.On("BeginSession").Return(session, nil)
-				_, _, _, _ = pt.Watch(resourceID, "node 1", "token")
-			},
-		},
-	}
-
-	for _, tc := range testsCases {
-		lim := NewMockSessionLimiter(t)
-		session1 := newMockSession(t)
-		session1TermCh := make(limiter.SessionTerminatedChan)
-		logger := testutil.Logger(t)
-
-		pt := NewProxyTracker(ProxyTrackerConfig{
-			Logger:         logger,
-			SessionLimiter: lim,
-		})
-		resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
-		tc.preProcessingFunc(pt, resourceID, lim, session1, session1TermCh)
-		require.Equal(t, tc.shouldExist, pt.ProxyConnectedToServer(resourceID))
-	}
-}
-
-func TestProxyTracker_Shutdown(t *testing.T) {
-	resourceID := resourcetest.Resource(types.ProxyStateTemplateType, "test").ID()
-	proxyReferenceKey := resource.NewReferenceKey(resourceID)
-	lim := NewMockSessionLimiter(t)
-	session1 := newMockSession(t)
-	session1TermCh := make(limiter.SessionTerminatedChan)
-	session1.On("Terminated").Return(session1TermCh)
-	session1.On("End").Return().Maybe()
-	lim.On("BeginSession").Return(session1, nil)
-	logger := testutil.Logger(t)
-
-	pt := NewProxyTracker(ProxyTrackerConfig{
-		Logger:         logger,
-		SessionLimiter: lim,
-	})
-
-	// Watch()
-	proxyStateChan, _, _, err := pt.Watch(resourceID, "node 1", "token")
-	require.NoError(t, err)
-
-	pt.Shutdown()
-
-	// proxy channels are all disconnected and proxy is removed from proxies map
-	receivedState, channelOpen := <-proxyStateChan
-	require.Nil(t, receivedState)
-	require.False(t, channelOpen)
-	_, ok := pt.proxies[proxyReferenceKey]
-	require.False(t, ok)
-
-	// shutdownCh is closed
-	select {
-	case <-pt.ShutdownChannel():
-	default:
-		t.Fatalf("shutdown channel should be closed")
-	}
-	// newProxyConnectionCh is closed
-	select {
-	case <-pt.EventChannel():
-	default:
-		t.Fatalf("shutdown channel should be closed")
-	}
-}
-
-type mockSession struct {
-	mock.Mock
-}
-
-func newMockSession(t *testing.T) *mockSession {
-	m := &mockSession{}
-	m.Mock.Test(t)
-
-	t.Cleanup(func() { m.AssertExpectations(t) })
-
-	return m
-}
-
-func (m *mockSession) End() { m.Called() }
-
-func (m *mockSession) Terminated() limiter.SessionTerminatedChan {
-	return m.Called().Get(0).(limiter.SessionTerminatedChan)
-}
diff --git a/internal/protohcl/any.go b/internal/protohcl/any.go
deleted file mode 100644
index 87b4549bfd07..000000000000
--- a/internal/protohcl/any.go
+++ /dev/null
@@ -1,117 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package protohcl
-
-import (
-	"fmt"
-	"strings"
-
-	"google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/reflect/protoregistry"
-	"google.golang.org/protobuf/types/known/anypb"
-)
-
-const wellKnownTypeAny = "google.protobuf.Any"
-
-type AnyTypeProvider interface {
-	AnyType(*UnmarshalContext, MessageDecoder) (protoreflect.FullName, MessageDecoder, error)
-}
-
-type AnyTypeURLProvider struct {
-	TypeURLFieldName string
-}
-
-func (p *AnyTypeURLProvider) AnyType(ctx *UnmarshalContext, decoder MessageDecoder) (protoreflect.FullName, MessageDecoder, error) {
-	typeURLFieldName := "type_url"
-	if p != nil {
-		typeURLFieldName = p.TypeURLFieldName
-	}
-
-	var typeURL *IterField
-	err := decoder.EachField(FieldIterator{
-		Desc: (&anypb.Any{}).ProtoReflect().Descriptor(),
-		Func: func(field *IterField) error {
-			if field.Name == typeURLFieldName {
-				typeURL = field
-			}
-			return nil
-		},
-		IgnoreUnknown: true,
-	})
-	if err != nil {
-		return "", nil, err
-	}
-
-	if typeURL == nil || typeURL.Val == nil {
-		return "", nil, fmt.Errorf("%s field is required to decode Any", typeURLFieldName)
-	}
-
-	url, err := stringFromCty(*typeURL.Val)
-	if err != nil {
-		return "", nil, err
-	}
-
-	slashIdx := strings.LastIndex(url, "/")
-	typeName := url
-	// strip all "hostname" parts of the URL path
-	if slashIdx > 1 && slashIdx+1 < len(url) {
-		typeName = url[slashIdx+1:]
-	}
-
-	return protoreflect.FullName(typeName), decoder.SkipFields(typeURLFieldName), nil
-}
-
-func (u UnmarshalOptions) decodeAny(ctx *UnmarshalContext, decoder MessageDecoder, msg protoreflect.Message) error {
-	var typeProvider AnyTypeProvider = &AnyTypeURLProvider{TypeURLFieldName: "type_url"}
-	if u.AnyTypeProvider != nil {
-		typeProvider = u.AnyTypeProvider
-	}
-
-	var (
-		typeName protoreflect.FullName
-		err      error
-	)
-	typeName, decoder, err = typeProvider.AnyType(ctx, decoder)
-	if err != nil {
-		return fmt.Errorf("error getting type for Any field: %w", err)
-	}
-
-	// the type.googleapis.come/ should be optional
-	mt, err := protoregistry.GlobalTypes.FindMessageByName(typeName)
-	if err != nil {
-		return fmt.Errorf("error looking up type information for %s: %w", typeName, err)
-	}
-
-	newMsg := mt.New()
-
-	err = u.decodeMessage(&UnmarshalContext{
-		Parent:  ctx.Parent,
-		Name:    ctx.Name,
-		Message: newMsg,
-	}, decoder, newMsg)
-	if err != nil {
-		return err
-	}
-
-	enc, err := proto.Marshal(newMsg.Interface())
-	if err != nil {
-		return fmt.Errorf("error marshalling Any data as protobuf value: %w", err)
-	}
-
-	anyValue := msg.Interface().(*anypb.Any)
-
-	// This will look like <proto package>.<proto Message name> and not quite like a full URL with a path
-	anyValue.TypeUrl = string(newMsg.Descriptor().FullName())
-	anyValue.Value = enc
-
-	return nil
-}
-
-func isAnyField(desc protoreflect.FieldDescriptor) bool {
-	if desc.Kind() != protoreflect.MessageKind {
-		return false
-	}
-	return desc.Message().FullName() == wellKnownTypeAny
-}
diff --git a/internal/protohcl/attributes.go b/internal/protohcl/attributes.go
deleted file mode 100644
index 90501722b1fe..000000000000
--- a/internal/protohcl/attributes.go
+++ /dev/null
@@ -1,157 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package protohcl
-
-import (
-	"fmt"
-
-	"github.com/pkg/errors"
-	"github.com/zclconf/go-cty/cty"
-	"google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/reflect/protoreflect"
-)
-
-func (u UnmarshalOptions) decodeAttribute(ctx *UnmarshalContext, newMessage newMessageFn, f protoreflect.FieldDescriptor, val cty.Value, listAllowed bool) (protoreflect.Value, error) {
-	if f.IsMap() {
-		return u.decodeAttributeToMap(ctx, newMessage, f, val)
-	}
-
-	if f.IsList() && listAllowed {
-		return u.decodeAttributeToList(ctx, newMessage, f, val)
-	}
-
-	ok, value, err := decodeAttributeToWellKnownType(f, val)
-	if ok {
-		return value, errors.Wrapf(err, "%s: Failed to unmarshal argument %s", ctx.ErrorRange(), ctx.Name)
-	}
-
-	ok, value, err = u.decodeAttributeToMessage(ctx, newMessage, f, val)
-	if ok {
-		return value, err
-	}
-
-	value, err = decodeAttributeToPrimitive(f, val)
-	if err != nil {
-		return value, errors.Wrapf(err, "%s: Failed to unmarshal argument %s", ctx.ErrorRange(), ctx.Name)
-	}
-	return value, nil
-}
-
-func (u UnmarshalOptions) decodeAttributeToMessage(ctx *UnmarshalContext, newMessage newMessageFn, desc protoreflect.FieldDescriptor, val cty.Value) (bool, protoreflect.Value, error) {
-	if desc.Kind() != protoreflect.MessageKind {
-		return false, protoreflect.Value{}, nil
-	}
-
-	msg := newMessage().Message()
-
-	ctx = &UnmarshalContext{
-		Parent:  ctx.Parent,
-		Name:    ctx.Name,
-		Message: msg,
-		Range:   ctx.Range,
-	}
-
-	// We have limited support for HCL functions, essentially just those that
-	// return a protobuf message (like the resource `gvk` function) in which
-	// case, the message will be wrapped in a cty capsule.
-	if val.Type().IsCapsuleType() {
-		msg, ok := val.EncapsulatedValue().(proto.Message)
-		if ok {
-			return true, protoreflect.ValueOf(msg.ProtoReflect()), nil
-		} else {
-			return true, protoreflect.Value{}, fmt.Errorf("expected encapsulated value to be a message, actual type: %T", val.EncapsulatedValue())
-		}
-	}
-
-	if !val.Type().IsObjectType() {
-		return false, protoreflect.Value{}, nil
-	}
-
-	decoder := newObjectDecoder(val, u.FieldNamer, ctx.ErrorRange())
-
-	if err := u.decodeMessage(ctx, decoder, msg); err != nil {
-		return true, protoreflect.Value{}, err
-	}
-	return true, protoreflect.ValueOf(msg), nil
-}
-
-func (u UnmarshalOptions) decodeAttributeToList(ctx *UnmarshalContext, newMessage newMessageFn, desc protoreflect.FieldDescriptor, value cty.Value) (protoreflect.Value, error) {
-	if value.IsNull() {
-		return protoreflect.Value{}, nil
-	}
-
-	valueType := value.Type()
-	if !valueType.IsListType() && !valueType.IsTupleType() {
-		return protoreflect.Value{}, fmt.Errorf("expected list/tuple type after HCL decode but the actual type was %s", valueType.FriendlyName())
-	}
-
-	if value.LengthInt() < 1 {
-		return protoreflect.Value{}, nil
-	}
-
-	protoList := newMessage().List()
-
-	var err error
-	var idx int
-	value.ForEachElement(func(_ cty.Value, val cty.Value) bool {
-		var protoVal protoreflect.Value
-		protoVal, err = u.decodeAttribute(&UnmarshalContext{
-			Parent: ctx,
-			Name:   fmt.Sprintf("%s[%d]", u.FieldNamer.NameField(desc), idx),
-		}, protoList.NewElement, desc, val, false)
-		if err != nil {
-			return true
-		}
-
-		idx++
-		protoList.Append(protoVal)
-		return false
-	})
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-
-	return protoreflect.ValueOfList(protoList), nil
-}
-
-func (u UnmarshalOptions) decodeAttributeToMap(ctx *UnmarshalContext, newMessage newMessageFn, desc protoreflect.FieldDescriptor, value cty.Value) (protoreflect.Value, error) {
-	if value.IsNull() {
-		return protoreflect.Value{}, nil
-	}
-
-	valueType := value.Type()
-	if !valueType.IsMapType() && !valueType.IsObjectType() {
-		return protoreflect.Value{}, fmt.Errorf("expected map/object type after HCL decode but the actual type was %s", valueType.FriendlyName())
-	}
-
-	if value.LengthInt() < 1 {
-		return protoreflect.Value{}, nil
-	}
-
-	protoMap := newMessage().Map()
-	protoValueDesc := desc.MapValue()
-	var err error
-
-	value.ForEachElement(func(key cty.Value, val cty.Value) (stop bool) {
-		var protoVal protoreflect.Value
-		protoVal, err = u.decodeAttribute(&UnmarshalContext{
-			Parent:  ctx,
-			Name:    fmt.Sprintf("%s[%q]", u.FieldNamer.NameField(desc), key.AsString()),
-			Message: nil, // TODO: what should this really be?
-		}, protoMap.NewValue, protoValueDesc, val, false)
-		if err != nil {
-			return true
-		}
-		if protoVal.IsValid() {
-			// HCL doesn't support non-string keyed maps so we blindly use string keys
-			protoMap.Set(protoreflect.ValueOfString(key.AsString()).MapKey(), protoVal)
-		}
-		return false
-	})
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-
-	return protoreflect.ValueOfMap(protoMap), nil
-}
diff --git a/internal/protohcl/blocks.go b/internal/protohcl/blocks.go
deleted file mode 100644
index cafffa99367d..000000000000
--- a/internal/protohcl/blocks.go
+++ /dev/null
@@ -1,115 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package protohcl
-
-import (
-	"fmt"
-
-	"github.com/hashicorp/hcl/v2"
-	"google.golang.org/protobuf/reflect/protoreflect"
-)
-
-func (u UnmarshalOptions) decodeBlocks(ctx *UnmarshalContext, blocks hcl.Blocks, msg protoreflect.Message, f protoreflect.FieldDescriptor) (protoreflect.Value, error) {
-	if f.Kind() != protoreflect.MessageKind {
-		return protoreflect.Value{}, fmt.Errorf("only protobuf message kinds can use HCL block syntax")
-	}
-
-	if f.IsMap() {
-		return u.decodeBlocksToMap(ctx, blocks, msg, f)
-	}
-
-	if f.IsList() {
-		return u.decodeBlocksToList(ctx, blocks, msg, f)
-	}
-
-	return u.decodeBlocksToMessage(ctx, blocks, msg, f)
-}
-
-func (u UnmarshalOptions) decodeBlocksToMap(ctx *UnmarshalContext, blocks hcl.Blocks, msg protoreflect.Message, f protoreflect.FieldDescriptor) (protoreflect.Value, error) {
-	val := msg.NewField(f)
-	mapVal := val.Map()
-
-	for _, block := range blocks {
-		if len(block.Labels) != 1 {
-			return protoreflect.Value{}, fmt.Errorf("protobuf map fields must have 1 HCL block label")
-		}
-
-		key := protoreflect.ValueOfString(block.Labels[0])
-		value := mapVal.NewValue()
-		msgVal := value.Message()
-
-		err := u.decodeMessage(
-			&UnmarshalContext{
-				Parent:  ctx,
-				Name:    fmt.Sprintf("%s[%q]", u.FieldNamer.NameField(f), block.Labels[0]),
-				Message: msgVal,
-				Range:   block.DefRange,
-			},
-			u.bodyDecoder(block.Body),
-			msgVal,
-		)
-		if err != nil {
-			return protoreflect.Value{}, err
-		}
-
-		mapVal.Set(key.MapKey(), value)
-	}
-	return val, nil
-}
-
-func (u UnmarshalOptions) decodeBlocksToList(ctx *UnmarshalContext, blocks hcl.Blocks, msg protoreflect.Message, f protoreflect.FieldDescriptor) (protoreflect.Value, error) {
-	val := msg.NewField(f)
-	listVal := val.List()
-
-	var err error
-	for idx, block := range blocks {
-		if len(block.Labels) > 0 {
-			return protoreflect.Value{}, fmt.Errorf("repeated protobuf fields must not have HCL block labels")
-		}
-		elem := listVal.NewElement()
-		elemMsg := elem.Message()
-
-		err = u.decodeMessage(
-			&UnmarshalContext{
-				Parent:  ctx,
-				Name:    fmt.Sprintf("%s[%d]", u.FieldNamer.NameField(f), idx),
-				Message: elemMsg,
-				Range:   block.DefRange,
-			},
-			u.bodyDecoder(block.Body),
-			elemMsg,
-		)
-		if err != nil {
-			return protoreflect.Value{}, err
-		}
-		listVal.Append(elem)
-	}
-
-	return val, nil
-}
-
-func (u UnmarshalOptions) decodeBlocksToMessage(ctx *UnmarshalContext, blocks hcl.Blocks, msg protoreflect.Message, f protoreflect.FieldDescriptor) (protoreflect.Value, error) {
-	if len(blocks) > 1 {
-		return protoreflect.Value{}, fmt.Errorf("only one HCL block may be specified for a non-repeated protobuf Message")
-	}
-
-	val := msg.NewField(f)
-	valMsg := val.Message()
-
-	err := u.decodeMessage(
-		&UnmarshalContext{
-			Parent:  ctx,
-			Name:    blocks[0].Type,
-			Message: valMsg,
-			Range:   blocks[0].DefRange,
-		},
-		u.bodyDecoder(blocks[0].Body),
-		valMsg,
-	)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-
-	return val, nil
-}
diff --git a/internal/protohcl/cty.go b/internal/protohcl/cty.go
deleted file mode 100644
index e7ed37ed1699..000000000000
--- a/internal/protohcl/cty.go
+++ /dev/null
@@ -1,149 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package protohcl
-
-import (
-	"encoding/base64"
-	"fmt"
-
-	"github.com/zclconf/go-cty/cty"
-	"github.com/zclconf/go-cty/cty/gocty"
-)
-
-func boolFromCty(val cty.Value) (bool, error) {
-	if val.Type() != cty.Bool {
-		return false, fmt.Errorf("expected value of type %s but actual type is %s", cty.Bool.FriendlyName(), val.Type().FriendlyName())
-	}
-
-	if val.IsNull() {
-		return false, nil
-	}
-
-	return val.True(), nil
-}
-
-func int32FromCty(val cty.Value) (int32, error) {
-	if val.Type() != cty.Number {
-		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
-	}
-
-	if val.IsNull() {
-		return 0, nil
-	}
-
-	var goVal int32
-	if err := gocty.FromCtyValue(val, &goVal); err != nil {
-		return 0, fmt.Errorf("error converting cty value of type %s to int32: %w", val.Type().FriendlyName(), err)
-	}
-	return goVal, nil
-}
-
-func uint32FromCty(val cty.Value) (uint32, error) {
-	if val.Type() != cty.Number {
-		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
-	}
-
-	if val.IsNull() {
-		return 0, nil
-	}
-
-	var goVal uint32
-	if err := gocty.FromCtyValue(val, &goVal); err != nil {
-		return 0, fmt.Errorf("error converting cty value of type %s to uint32: %w", val.Type().FriendlyName(), err)
-	}
-	return goVal, nil
-}
-
-func int64FromCty(val cty.Value) (int64, error) {
-	if val.Type() != cty.Number {
-		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
-	}
-
-	if val.IsNull() {
-		return 0, nil
-	}
-
-	var goVal int64
-	if err := gocty.FromCtyValue(val, &goVal); err != nil {
-		return 0, fmt.Errorf("error converting cty value of type %s to int64: %w", val.Type().FriendlyName(), err)
-	}
-	return goVal, nil
-}
-
-func uint64FromCty(val cty.Value) (uint64, error) {
-	if val.Type() != cty.Number {
-		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
-	}
-
-	if val.IsNull() {
-		return 0, nil
-	}
-
-	var goVal uint64
-	if err := gocty.FromCtyValue(val, &goVal); err != nil {
-		return 0, fmt.Errorf("error converting cty value of type %s to uint64: %w", val.Type().FriendlyName(), err)
-	}
-	return goVal, nil
-}
-
-func floatFromCty(val cty.Value) (float32, error) {
-	if val.Type() != cty.Number {
-		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
-	}
-
-	if val.IsNull() {
-		return 0, nil
-	}
-
-	var goVal float32
-	if err := gocty.FromCtyValue(val, &goVal); err != nil {
-		return 0, fmt.Errorf("error converting cty value of type %s to float32: %w", val.Type().FriendlyName(), err)
-	}
-	return goVal, nil
-}
-
-func doubleFromCty(val cty.Value) (float64, error) {
-	if val.Type() != cty.Number {
-		return 0, fmt.Errorf("expected value of type %s but actual type is %s", cty.Number.FriendlyName(), val.Type().FriendlyName())
-	}
-
-	if val.IsNull() {
-		return 0, nil
-	}
-
-	var goVal float64
-	if err := gocty.FromCtyValue(val, &goVal); err != nil {
-		return 0, fmt.Errorf("error converting cty value of type %s to float64: %w", val.Type().FriendlyName(), err)
-	}
-	return goVal, nil
-}
-
-func stringFromCty(val cty.Value) (string, error) {
-	if val.Type() != cty.String {
-		return "", fmt.Errorf("expected value of type %s but actual type is %s", cty.String.FriendlyName(), val.Type().FriendlyName())
-	}
-
-	if val.IsNull() {
-		return "", nil
-	}
-	return val.AsString(), nil
-}
-
-func bytesFromCty(val cty.Value) ([]byte, error) {
-	if val.Type() != cty.String {
-		return nil, fmt.Errorf("expected value of type %s but actual type is %s", cty.String.FriendlyName(), val.Type().FriendlyName())
-	}
-
-	if val.IsNull() {
-		return nil, nil
-	}
-
-	encoded := val.AsString()
-	decoded, err := base64.StdEncoding.DecodeString(encoded)
-	if err != nil {
-		return nil, fmt.Errorf("error base64 decoding byte string: %w", err)
-	}
-
-	return decoded, nil
-}
diff --git a/internal/protohcl/decoder.go b/internal/protohcl/decoder.go
deleted file mode 100644
index 67ee074ec1c0..000000000000
--- a/internal/protohcl/decoder.go
+++ /dev/null
@@ -1,287 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package protohcl
-
-import (
-	"fmt"
-	"sort"
-
-	"github.com/hashicorp/hcl/v2"
-	"github.com/zclconf/go-cty/cty"
-	"github.com/zclconf/go-cty/cty/function"
-	"google.golang.org/protobuf/reflect/protoreflect"
-)
-
-// MessageDecoder provides an abstract way to decode protobuf messages from HCL
-// blocks or objects.
-type MessageDecoder interface {
-	// EachField calls the given iterator for each field provided in the HCL source.
-	EachField(iter FieldIterator) error
-
-	// SkipFields returns a MessageDecoder that skips over the given fields. It is
-	// primarily used for doing two-pass decoding of protobuf `Any` fields.
-	SkipFields(fields ...string) MessageDecoder
-}
-
-// IterField represents a field discovered by the MessageDecoder.
-type IterField struct {
-	// Name is the HCL name of the field.
-	Name string
-
-	// Desc is the protobuf field descriptor.
-	Desc protoreflect.FieldDescriptor
-
-	// Val is the field value, only if it was given using HCL attribute syntax.
-	Val *cty.Value
-
-	// Blocks contains the HCL blocks that were given for this field.
-	Blocks []*hcl.Block
-
-	// Range determines where in the HCL source the field was given, it is useful
-	// for error messages.
-	Range hcl.Range
-}
-
-// FieldIterator is given to MessageDecoder.EachField to iterate over all of the
-// fields in a given HCL block or object.
-type FieldIterator struct {
-	// IgnoreUnknown instructs the MessageDecoder to skip over any fields not
-	// included in Desc.
-	IgnoreUnknown bool
-
-	// Desc is the protobuf descriptor for the message the caller is decoding into.
-	// It is used to determine which fields are valid.
-	Desc protoreflect.MessageDescriptor
-
-	// Func is called for each field in the given HCL block or object.
-	Func func(field *IterField) error
-}
-
-func newBodyDecoder(
-	body hcl.Body,
-	namer FieldNamer,
-	functions map[string]function.Function,
-) MessageDecoder {
-	return bodyDecoder{
-		body:       body,
-		namer:      namer,
-		functions:  functions,
-		skipFields: make(map[string]struct{}),
-	}
-}
-
-type bodyDecoder struct {
-	body       hcl.Body
-	namer      FieldNamer
-	functions  map[string]function.Function
-	skipFields map[string]struct{}
-}
-
-func (bd bodyDecoder) EachField(iter FieldIterator) error {
-	schema, err := bd.schema(iter.Desc)
-	if err != nil {
-		return err
-	}
-
-	var (
-		content *hcl.BodyContent
-		diags   hcl.Diagnostics
-	)
-	if iter.IgnoreUnknown {
-		content, _, diags = bd.body.PartialContent(schema)
-	} else {
-		content, diags = bd.body.Content(schema)
-	}
-	if diags.HasErrors() {
-		return diags
-	}
-
-	fields := make([]*IterField, 0)
-
-	for _, attr := range content.Attributes {
-		if _, ok := bd.skipFields[attr.Name]; ok {
-			continue
-		}
-
-		desc := bd.namer.GetField(iter.Desc.Fields(), attr.Name)
-
-		val, err := attr.Expr.Value(&hcl.EvalContext{Functions: bd.functions})
-		if err != nil {
-			return err
-		}
-
-		fields = append(fields, &IterField{
-			Name:  attr.Name,
-			Desc:  desc,
-			Val:   &val,
-			Range: attr.Expr.Range(),
-		})
-	}
-
-	for blockType, blocks := range content.Blocks.ByType() {
-		if _, ok := bd.skipFields[blockType]; ok {
-			continue
-		}
-
-		desc := bd.namer.GetField(iter.Desc.Fields(), blockType)
-
-		fields = append(fields, &IterField{
-			Name:   blockType,
-			Desc:   desc,
-			Blocks: blocks,
-		})
-	}
-
-	// Always handle Any fields last, as decoding them may require type information
-	// gathered from other fields (e.g. as in the case of Resource GVKs).
-	sort.Slice(fields, func(a, b int) bool {
-		if isAnyField(fields[b].Desc) && !isAnyField(fields[a].Desc) {
-			return true
-		}
-		return a < b
-	})
-
-	for _, field := range fields {
-		if err := iter.Func(field); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (bd bodyDecoder) SkipFields(fields ...string) MessageDecoder {
-	skip := make(map[string]struct{}, len(fields)+len(bd.skipFields))
-	for k, v := range bd.skipFields {
-		skip[k] = v
-	}
-	for _, field := range fields {
-		skip[field] = struct{}{}
-	}
-
-	// Note: we rely on the fact bd isn't a pointer to copy the struct here.
-	bd.skipFields = skip
-	return bd
-}
-
-func (bd bodyDecoder) schema(desc protoreflect.MessageDescriptor) (*hcl.BodySchema, error) {
-	var schema hcl.BodySchema
-
-	fields := desc.Fields()
-	for i := 0; i < fields.Len(); i++ {
-		f := fields.Get(i)
-
-		kind := f.Kind()
-		// maps are special and whether they use block or attribute syntax depends
-		// on the value type
-		if f.IsMap() {
-			valueDesc := f.MapValue()
-			valueKind := valueDesc.Kind()
-
-			wktHint := wellKnownTypeSchemaHint(valueDesc)
-
-			// Message types should generally be encoded as blocks unless its a special Well Known Type
-			// that should use attribute encoding
-			if valueKind == protoreflect.MessageKind && wktHint != wellKnownAttribute {
-				schema.Blocks = append(schema.Blocks, hcl.BlockHeaderSchema{
-					Type:       bd.namer.NameField(f),
-					LabelNames: []string{"key"},
-				})
-				continue
-			}
-
-			// non-message types or Well Known Message types that need attribute encoding
-			// get decoded as attributes
-			schema.Attributes = append(schema.Attributes, hcl.AttributeSchema{
-				Name: bd.namer.NameField(f),
-			})
-			continue
-		}
-
-		wktHint := wellKnownTypeSchemaHint(f)
-
-		// message types generally will use block syntax unless its a well known
-		// message type that requires attribute syntax specifically.
-		if kind == protoreflect.MessageKind && wktHint != wellKnownAttribute {
-			schema.Blocks = append(schema.Blocks, hcl.BlockHeaderSchema{
-				Type: bd.namer.NameField(f),
-			})
-		}
-
-		// by default use attribute encoding
-		// - primitives
-		// - repeated primitives
-		// - Well Known Types requiring attribute syntax
-		// - repeated Well Known Types requiring attribute syntax
-		schema.Attributes = append(schema.Attributes, hcl.AttributeSchema{
-			Name: bd.namer.NameField(f),
-		})
-		continue
-	}
-
-	// Add skipped fields to the schema so HCL doesn't throw an error when it finds them.
-	for field := range bd.skipFields {
-		schema.Attributes = append(schema.Attributes, hcl.AttributeSchema{Name: field})
-		schema.Blocks = append(schema.Blocks, hcl.BlockHeaderSchema{Type: field})
-	}
-
-	return &schema, nil
-}
-
-func newObjectDecoder(object cty.Value, namer FieldNamer, rng hcl.Range) MessageDecoder {
-	return objectDecoder{
-		object:     object,
-		namer:      namer,
-		rng:        rng,
-		skipFields: make(map[string]struct{}),
-	}
-}
-
-type objectDecoder struct {
-	object     cty.Value
-	namer      FieldNamer
-	rng        hcl.Range
-	skipFields map[string]struct{}
-}
-
-func (od objectDecoder) EachField(iter FieldIterator) error {
-	for attr := range od.object.Type().AttributeTypes() {
-		if _, ok := od.skipFields[attr]; ok {
-			continue
-		}
-
-		desc := od.namer.GetField(iter.Desc.Fields(), attr)
-		if desc == nil {
-			if iter.IgnoreUnknown {
-				continue
-			} else {
-				return fmt.Errorf("%s: Unsupported argument; An argument named %q is not expected here.", od.rng, attr)
-			}
-		}
-
-		val := od.object.GetAttr(attr)
-		if err := iter.Func(&IterField{
-			Name: attr,
-			Desc: desc,
-			Val:  &val,
-		}); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (od objectDecoder) SkipFields(fields ...string) MessageDecoder {
-	skip := make(map[string]struct{}, len(fields)+len(od.skipFields))
-	for k, v := range od.skipFields {
-		skip[k] = v
-	}
-	for _, field := range fields {
-		skip[field] = struct{}{}
-	}
-
-	// Note: we rely on the fact od isn't a pointer to copy the struct here.
-	od.skipFields = skip
-	return od
-}
diff --git a/internal/protohcl/doc.go b/internal/protohcl/doc.go
deleted file mode 100644
index e3270f7cdcf1..000000000000
--- a/internal/protohcl/doc.go
+++ /dev/null
@@ -1,79 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-// The protohcl package aims to define a canonical way to translate between
-// protobuf and HCL encodings of data.
-//
-// Similar to google.golang.org/protobuf/encoding/protojson it intends to be
-// opinionated about what the canonical HCL representation of a protobuf type
-// should be.
-//
-// As HCL is a user centric data format as opposed to JSON/Protobuf which
-// are intended to be used more by machines, efficiency is not a primary goal
-// of this package as it is expected that users are either doing the encoding to and
-// decoding from HCL at the edge (such as within the Consul CLI) or that even
-// when done on servers, the rate that servers perform these translations should
-// be low enough to have any inefficiency produce a tangible performance impact.
-//
-// HCL has two different syntaxes that could be used to represent data: attribute and block
-//
-// This implementation chooses to represent primitive values, enums and the well known wrapper types and
-// collections of these values (maps and repeated fields) with attribute syntax. Other messages and collections
-// with message value types will be represented with block syntax for example
-//
-// message Foo {
-//    map<string, int32> map_of_ints = 1;
-//	   map<string, OtherMessage> map_of_messages = 2;
-// }
-//
-// would have HCL like:
-//
-// map_of_ints = {
-//    "foo": 1,
-//    "bar": 2,
-// }
-// map_of_messages "foo" {
-//    ...other fields
-// }
-// map_of_messages "bar" {
-//    ...other fields
-// }
-//
-// Similar goes for list of primitives vs list of messages (except the block syntax uses no labels). The differences
-// between primitive fields outside of a collection and a message field really just amounts to not having to specify
-// the "=" between the field name and the "{" character.
-//
-// Field Mapping
-// | proto3                 | HCL Type      | example | notes                                                                           |
-// |------------------------+---------------+---------+---------------------------------------------------------------------------------+
-// | message                | Object        |         | Represented as a block                                                          |
-// | enum                   | String        |         |                                                                                 |
-// | map<K,V>               | Map           |         | All keys are converted to/from strings.                                         |
-// | repeated V             | List          |         |                                                                                 |
-// | bool                   | Bool          |         |                                                                                 |
-// | string                 | String        |         |                                                                                 |
-// | bytes                  | base64 String |         |                                                                                 |
-// | int32, fixed32, uint32 | Number        |         |                                                                                 |
-// | int64, fixed64, uint64 | Number        |         |                                                                                 |
-// | float, double          | Number        |         |                                                                                 |
-//
-// ----- Well Known Types -----
-//
-// | Any                    | Object        |         |                                                                                 |
-// | Timestamp              | String        |         | RFC 3339 compliant                                                              |
-// | Duration               | String        |         | String form is what would be accepted by time.ParseDuration                     |
-// | Struct                 | Map           |         |                                                                                 |
-// | Empty                  | Object        |         | An object with no fields                                                        |
-// | BoolValue              | Bool          |         | Mostly the same as a regular bool except null values in the HCL are preserved   |
-// | BytesValue             | Bytes         |         | Mostly the same as a regular bytes except null values in the HCL are preserved  |
-// | StringValue            | String        |         | Mostly the same as a regular string except null values in the HCL are preserved |
-// | FloatValue             | Number        |         | Mostly the same as a regular float except null values in the HCL are preserved  |
-// | DoubleValue            | Number        |         | Mostly the same as a regular double except null values in the HCL are preserved |
-// | Int32Value             | Number        |         | Mostly the same as a regular int32 except null values in the HCL are preserved  |
-// | UInt32Value            | Number        |         | Mostly the same as a regular uint32 except null values in the HCL are preserved |
-// | Int64Value             | Number        |         | Mostly the same as a regular int64 except null values in the HCL are preserved  |
-// | UInt64Value            | Number        |         | Mostly the same as a regular uint64 except null values in the HCL are preserved |
-// | FieldMask              | String        |         | Each string of the FieldMask will be joined with a '.'                          |
-//
-
-package protohcl
diff --git a/internal/protohcl/naming.go b/internal/protohcl/naming.go
deleted file mode 100644
index d8eef2275fd7..000000000000
--- a/internal/protohcl/naming.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package protohcl
-
-import "google.golang.org/protobuf/reflect/protoreflect"
-
-type FieldNamer interface {
-	NameField(protoreflect.FieldDescriptor) string
-	GetField(protoreflect.FieldDescriptors, string) protoreflect.FieldDescriptor
-}
-
-type textFieldNamer struct{}
-
-func (textFieldNamer) NameField(fd protoreflect.FieldDescriptor) string {
-	return fd.TextName()
-}
-
-func (textFieldNamer) GetField(fds protoreflect.FieldDescriptors, name string) protoreflect.FieldDescriptor {
-	return fds.ByTextName(name)
-}
diff --git a/internal/protohcl/oneof.go b/internal/protohcl/oneof.go
deleted file mode 100644
index 0c95326614bd..000000000000
--- a/internal/protohcl/oneof.go
+++ /dev/null
@@ -1,54 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package protohcl
-
-import (
-	"fmt"
-	"strings"
-
-	"google.golang.org/protobuf/reflect/protoreflect"
-)
-
-type oneOfTracker struct {
-	namer FieldNamer
-	set   map[protoreflect.FullName]string
-}
-
-func newOneOfTracker(namer FieldNamer) *oneOfTracker {
-	return &oneOfTracker{
-		namer: namer,
-		set:   make(map[protoreflect.FullName]string),
-	}
-}
-
-func (o *oneOfTracker) markFieldAsSet(desc protoreflect.FieldDescriptor) error {
-	oneof := desc.ContainingOneof()
-	if oneof == nil {
-		return nil
-	}
-
-	oneOfName := oneof.FullName()
-
-	if otherFieldName, ok := o.set[oneOfName]; ok {
-		oneOfFields := oneof.Fields()
-		var builder strings.Builder
-
-		for i := 0; i < oneOfFields.Len(); i++ {
-			name := o.namer.NameField(oneOfFields.Get(i))
-
-			if i == oneOfFields.Len()-1 {
-				builder.WriteString(fmt.Sprintf("%q", name))
-			} else if i == oneOfFields.Len()-2 {
-				builder.WriteString(fmt.Sprintf("%q and ", name))
-			} else {
-				builder.WriteString(fmt.Sprintf("%q, ", name))
-			}
-		}
-
-		return fmt.Errorf("Cannot set %q because %q was previously set. Only one of %s may be set.", o.namer.NameField(desc), otherFieldName, builder.String())
-	}
-
-	o.set[oneOfName] = o.namer.NameField(desc)
-	return nil
-}
diff --git a/internal/protohcl/primitives.go b/internal/protohcl/primitives.go
deleted file mode 100644
index 4d1f22033026..000000000000
--- a/internal/protohcl/primitives.go
+++ /dev/null
@@ -1,141 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package protohcl
-
-import (
-	"fmt"
-
-	"github.com/zclconf/go-cty/cty"
-	"google.golang.org/protobuf/reflect/protoreflect"
-)
-
-func decodeAttributeToPrimitive(desc protoreflect.FieldDescriptor, val cty.Value) (protoreflect.Value, error) {
-	switch kind := desc.Kind(); kind {
-	case protoreflect.BoolKind:
-		return protoBoolFromCty(val)
-	case protoreflect.EnumKind:
-		return protoEnumFromCty(desc, val)
-	case protoreflect.Int32Kind:
-		return protoInt32FromCty(val)
-	case protoreflect.Sint32Kind:
-		return protoInt32FromCty(val)
-	case protoreflect.Uint32Kind:
-		return protoUint32FromCty(val)
-	case protoreflect.Int64Kind:
-		return protoInt64FromCty(val)
-	case protoreflect.Sint64Kind:
-		return protoInt64FromCty(val)
-	case protoreflect.Uint64Kind:
-		return protoUint64FromCty(val)
-	case protoreflect.Sfixed32Kind:
-		return protoInt32FromCty(val)
-	case protoreflect.Fixed32Kind:
-		return protoUint32FromCty(val)
-	case protoreflect.FloatKind:
-		return protoFloatFromCty(val)
-	case protoreflect.Sfixed64Kind:
-		return protoInt64FromCty(val)
-	case protoreflect.Fixed64Kind:
-		return protoUint64FromCty(val)
-	case protoreflect.DoubleKind:
-		return protoDoubleFromCty(val)
-	case protoreflect.StringKind:
-		return protoStringFromCty(val)
-	case protoreflect.BytesKind:
-		return protoBytesFromCty(val)
-	default:
-		return protoreflect.Value{}, fmt.Errorf("unknown primitive protobuf kind: %q", kind.String())
-	}
-}
-
-func protoBoolFromCty(val cty.Value) (protoreflect.Value, error) {
-	goVal, err := boolFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoreflect.ValueOfBool(goVal), nil
-}
-
-func protoEnumFromCty(desc protoreflect.FieldDescriptor, val cty.Value) (protoreflect.Value, error) {
-	if val.Type() != cty.String {
-		return protoreflect.Value{}, fmt.Errorf("expected value of type %s but actual type is %s", cty.String.FriendlyName(), val.Type().FriendlyName())
-	}
-
-	if val.IsNull() {
-		defaultValDesc := desc.DefaultEnumValue()
-		return protoreflect.ValueOfEnum(defaultValDesc.Number()), nil
-	}
-
-	valDesc := desc.Enum().Values().ByName(protoreflect.Name(val.AsString()))
-	if valDesc == nil {
-		defaultValDesc := desc.DefaultEnumValue()
-		return protoreflect.ValueOfEnum(defaultValDesc.Number()), nil
-	}
-
-	return protoreflect.ValueOfEnum(valDesc.Number()), nil
-}
-
-func protoInt32FromCty(val cty.Value) (protoreflect.Value, error) {
-	goVal, err := int32FromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoreflect.ValueOfInt32(goVal), nil
-}
-
-func protoUint32FromCty(val cty.Value) (protoreflect.Value, error) {
-	goVal, err := uint32FromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoreflect.ValueOfUint32(goVal), nil
-}
-
-func protoInt64FromCty(val cty.Value) (protoreflect.Value, error) {
-	goVal, err := int64FromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoreflect.ValueOfInt64(goVal), nil
-}
-
-func protoUint64FromCty(val cty.Value) (protoreflect.Value, error) {
-	goVal, err := uint64FromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoreflect.ValueOfUint64(goVal), nil
-}
-
-func protoFloatFromCty(val cty.Value) (protoreflect.Value, error) {
-	goVal, err := floatFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoreflect.ValueOfFloat32(goVal), nil
-}
-
-func protoDoubleFromCty(val cty.Value) (protoreflect.Value, error) {
-	goVal, err := doubleFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoreflect.ValueOfFloat64(goVal), nil
-}
-
-func protoStringFromCty(val cty.Value) (protoreflect.Value, error) {
-	goVal, err := stringFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoreflect.ValueOfString(goVal), nil
-}
-
-func protoBytesFromCty(val cty.Value) (protoreflect.Value, error) {
-	goVal, err := bytesFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoreflect.ValueOfBytes(goVal), nil
-}
diff --git a/internal/protohcl/testproto/buf.gen.yaml b/internal/protohcl/testproto/buf.gen.yaml
deleted file mode 100644
index fecee5cf2496..000000000000
--- a/internal/protohcl/testproto/buf.gen.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-version: v1
-managed:
-  enabled: true
-  go_package_prefix:
-    default: github.com/hashicorp/consul/internal/protohcl/testproto
-plugins:
-  - name: go
-    out: .
-    opt: paths=source_relative
diff --git a/internal/protohcl/testproto/example.pb.go b/internal/protohcl/testproto/example.pb.go
deleted file mode 100644
index 304eac53d6d9..000000000000
--- a/internal/protohcl/testproto/example.pb.go
+++ /dev/null
@@ -1,997 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: example.proto
-
-package testproto
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	anypb "google.golang.org/protobuf/types/known/anypb"
-	durationpb "google.golang.org/protobuf/types/known/durationpb"
-	emptypb "google.golang.org/protobuf/types/known/emptypb"
-	structpb "google.golang.org/protobuf/types/known/structpb"
-	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
-	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type Protocol int32
-
-const (
-	Protocol_PROTOCOL_UNSPECIFIED Protocol = 0
-	Protocol_PROTOCOL_TCP         Protocol = 1
-	Protocol_PROTOCOL_UDP         Protocol = 2
-)
-
-// Enum value maps for Protocol.
-var (
-	Protocol_name = map[int32]string{
-		0: "PROTOCOL_UNSPECIFIED",
-		1: "PROTOCOL_TCP",
-		2: "PROTOCOL_UDP",
-	}
-	Protocol_value = map[string]int32{
-		"PROTOCOL_UNSPECIFIED": 0,
-		"PROTOCOL_TCP":         1,
-		"PROTOCOL_UDP":         2,
-	}
-)
-
-func (x Protocol) Enum() *Protocol {
-	p := new(Protocol)
-	*p = x
-	return p
-}
-
-func (x Protocol) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (Protocol) Descriptor() protoreflect.EnumDescriptor {
-	return file_example_proto_enumTypes[0].Descriptor()
-}
-
-func (Protocol) Type() protoreflect.EnumType {
-	return &file_example_proto_enumTypes[0]
-}
-
-func (x Protocol) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use Protocol.Descriptor instead.
-func (Protocol) EnumDescriptor() ([]byte, []int) {
-	return file_example_proto_rawDescGZIP(), []int{0}
-}
-
-type Primitives struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	DoubleVal   float64 `protobuf:"fixed64,1,opt,name=double_val,json=doubleVal,proto3" json:"double_val,omitempty"`
-	FloatVal    float32 `protobuf:"fixed32,2,opt,name=float_val,json=floatVal,proto3" json:"float_val,omitempty"`
-	Int32Val    int32   `protobuf:"varint,3,opt,name=int32_val,json=int32Val,proto3" json:"int32_val,omitempty"`
-	Int64Val    int64   `protobuf:"varint,4,opt,name=int64_val,json=int64Val,proto3" json:"int64_val,omitempty"`
-	Uint32Val   uint32  `protobuf:"varint,5,opt,name=uint32_val,json=uint32Val,proto3" json:"uint32_val,omitempty"`
-	Uint64Val   uint64  `protobuf:"varint,6,opt,name=uint64_val,json=uint64Val,proto3" json:"uint64_val,omitempty"`
-	Sint32Val   int32   `protobuf:"zigzag32,7,opt,name=sint32_val,json=sint32Val,proto3" json:"sint32_val,omitempty"`
-	Sint64Val   int64   `protobuf:"zigzag64,8,opt,name=sint64_val,json=sint64Val,proto3" json:"sint64_val,omitempty"`
-	Fixed32Val  uint32  `protobuf:"fixed32,9,opt,name=fixed32_val,json=fixed32Val,proto3" json:"fixed32_val,omitempty"`
-	Fixed64Val  uint64  `protobuf:"fixed64,10,opt,name=fixed64_val,json=fixed64Val,proto3" json:"fixed64_val,omitempty"`
-	Sfixed32Val int32   `protobuf:"fixed32,11,opt,name=sfixed32_val,json=sfixed32Val,proto3" json:"sfixed32_val,omitempty"`
-	Sfixed64Val int64   `protobuf:"fixed64,12,opt,name=sfixed64_val,json=sfixed64Val,proto3" json:"sfixed64_val,omitempty"`
-	BoolVal     bool    `protobuf:"varint,13,opt,name=bool_val,json=boolVal,proto3" json:"bool_val,omitempty"`
-	StringVal   string  `protobuf:"bytes,14,opt,name=string_val,json=stringVal,proto3" json:"string_val,omitempty"`
-	ByteVal     []byte  `protobuf:"bytes,15,opt,name=byte_val,json=byteVal,proto3" json:"byte_val,omitempty"`
-}
-
-func (x *Primitives) Reset() {
-	*x = Primitives{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_example_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Primitives) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Primitives) ProtoMessage() {}
-
-func (x *Primitives) ProtoReflect() protoreflect.Message {
-	mi := &file_example_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Primitives.ProtoReflect.Descriptor instead.
-func (*Primitives) Descriptor() ([]byte, []int) {
-	return file_example_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Primitives) GetDoubleVal() float64 {
-	if x != nil {
-		return x.DoubleVal
-	}
-	return 0
-}
-
-func (x *Primitives) GetFloatVal() float32 {
-	if x != nil {
-		return x.FloatVal
-	}
-	return 0
-}
-
-func (x *Primitives) GetInt32Val() int32 {
-	if x != nil {
-		return x.Int32Val
-	}
-	return 0
-}
-
-func (x *Primitives) GetInt64Val() int64 {
-	if x != nil {
-		return x.Int64Val
-	}
-	return 0
-}
-
-func (x *Primitives) GetUint32Val() uint32 {
-	if x != nil {
-		return x.Uint32Val
-	}
-	return 0
-}
-
-func (x *Primitives) GetUint64Val() uint64 {
-	if x != nil {
-		return x.Uint64Val
-	}
-	return 0
-}
-
-func (x *Primitives) GetSint32Val() int32 {
-	if x != nil {
-		return x.Sint32Val
-	}
-	return 0
-}
-
-func (x *Primitives) GetSint64Val() int64 {
-	if x != nil {
-		return x.Sint64Val
-	}
-	return 0
-}
-
-func (x *Primitives) GetFixed32Val() uint32 {
-	if x != nil {
-		return x.Fixed32Val
-	}
-	return 0
-}
-
-func (x *Primitives) GetFixed64Val() uint64 {
-	if x != nil {
-		return x.Fixed64Val
-	}
-	return 0
-}
-
-func (x *Primitives) GetSfixed32Val() int32 {
-	if x != nil {
-		return x.Sfixed32Val
-	}
-	return 0
-}
-
-func (x *Primitives) GetSfixed64Val() int64 {
-	if x != nil {
-		return x.Sfixed64Val
-	}
-	return 0
-}
-
-func (x *Primitives) GetBoolVal() bool {
-	if x != nil {
-		return x.BoolVal
-	}
-	return false
-}
-
-func (x *Primitives) GetStringVal() string {
-	if x != nil {
-		return x.StringVal
-	}
-	return ""
-}
-
-func (x *Primitives) GetByteVal() []byte {
-	if x != nil {
-		return x.ByteVal
-	}
-	return nil
-}
-
-type NestedAndCollections struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Primitives     *Primitives            `protobuf:"bytes,1,opt,name=primitives,proto3" json:"primitives,omitempty"`
-	PrimitivesList []*Primitives          `protobuf:"bytes,2,rep,name=primitives_list,json=primitivesList,proto3" json:"primitives_list,omitempty"`
-	PrimitivesMap  map[string]*Primitives `protobuf:"bytes,3,rep,name=primitives_map,json=primitivesMap,proto3" json:"primitives_map,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	ProtocolMap    map[string]Protocol    `protobuf:"bytes,4,rep,name=protocol_map,json=protocolMap,proto3" json:"protocol_map,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3,enum=hashicorp.consul.internal.protohcl.testproto.Protocol"`
-	IntList        []int32                `protobuf:"varint,5,rep,packed,name=int_list,json=intList,proto3" json:"int_list,omitempty"`
-}
-
-func (x *NestedAndCollections) Reset() {
-	*x = NestedAndCollections{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_example_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *NestedAndCollections) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*NestedAndCollections) ProtoMessage() {}
-
-func (x *NestedAndCollections) ProtoReflect() protoreflect.Message {
-	mi := &file_example_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use NestedAndCollections.ProtoReflect.Descriptor instead.
-func (*NestedAndCollections) Descriptor() ([]byte, []int) {
-	return file_example_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *NestedAndCollections) GetPrimitives() *Primitives {
-	if x != nil {
-		return x.Primitives
-	}
-	return nil
-}
-
-func (x *NestedAndCollections) GetPrimitivesList() []*Primitives {
-	if x != nil {
-		return x.PrimitivesList
-	}
-	return nil
-}
-
-func (x *NestedAndCollections) GetPrimitivesMap() map[string]*Primitives {
-	if x != nil {
-		return x.PrimitivesMap
-	}
-	return nil
-}
-
-func (x *NestedAndCollections) GetProtocolMap() map[string]Protocol {
-	if x != nil {
-		return x.ProtocolMap
-	}
-	return nil
-}
-
-func (x *NestedAndCollections) GetIntList() []int32 {
-	if x != nil {
-		return x.IntList
-	}
-	return nil
-}
-
-type Wrappers struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	DoubleVal *wrapperspb.DoubleValue `protobuf:"bytes,1,opt,name=double_val,json=doubleVal,proto3" json:"double_val,omitempty"`
-	FloatVal  *wrapperspb.FloatValue  `protobuf:"bytes,2,opt,name=float_val,json=floatVal,proto3" json:"float_val,omitempty"`
-	Int32Val  *wrapperspb.Int32Value  `protobuf:"bytes,3,opt,name=int32_val,json=int32Val,proto3" json:"int32_val,omitempty"`
-	Int64Val  *wrapperspb.Int64Value  `protobuf:"bytes,4,opt,name=int64_val,json=int64Val,proto3" json:"int64_val,omitempty"`
-	Uint32Val *wrapperspb.UInt32Value `protobuf:"bytes,5,opt,name=uint32_val,json=uint32Val,proto3" json:"uint32_val,omitempty"`
-	Uint64Val *wrapperspb.UInt64Value `protobuf:"bytes,6,opt,name=uint64_val,json=uint64Val,proto3" json:"uint64_val,omitempty"`
-	BoolVal   *wrapperspb.BoolValue   `protobuf:"bytes,13,opt,name=bool_val,json=boolVal,proto3" json:"bool_val,omitempty"`
-	StringVal *wrapperspb.StringValue `protobuf:"bytes,14,opt,name=string_val,json=stringVal,proto3" json:"string_val,omitempty"`
-	BytesVal  *wrapperspb.BytesValue  `protobuf:"bytes,15,opt,name=bytes_val,json=bytesVal,proto3" json:"bytes_val,omitempty"`
-}
-
-func (x *Wrappers) Reset() {
-	*x = Wrappers{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_example_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Wrappers) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Wrappers) ProtoMessage() {}
-
-func (x *Wrappers) ProtoReflect() protoreflect.Message {
-	mi := &file_example_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Wrappers.ProtoReflect.Descriptor instead.
-func (*Wrappers) Descriptor() ([]byte, []int) {
-	return file_example_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *Wrappers) GetDoubleVal() *wrapperspb.DoubleValue {
-	if x != nil {
-		return x.DoubleVal
-	}
-	return nil
-}
-
-func (x *Wrappers) GetFloatVal() *wrapperspb.FloatValue {
-	if x != nil {
-		return x.FloatVal
-	}
-	return nil
-}
-
-func (x *Wrappers) GetInt32Val() *wrapperspb.Int32Value {
-	if x != nil {
-		return x.Int32Val
-	}
-	return nil
-}
-
-func (x *Wrappers) GetInt64Val() *wrapperspb.Int64Value {
-	if x != nil {
-		return x.Int64Val
-	}
-	return nil
-}
-
-func (x *Wrappers) GetUint32Val() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.Uint32Val
-	}
-	return nil
-}
-
-func (x *Wrappers) GetUint64Val() *wrapperspb.UInt64Value {
-	if x != nil {
-		return x.Uint64Val
-	}
-	return nil
-}
-
-func (x *Wrappers) GetBoolVal() *wrapperspb.BoolValue {
-	if x != nil {
-		return x.BoolVal
-	}
-	return nil
-}
-
-func (x *Wrappers) GetStringVal() *wrapperspb.StringValue {
-	if x != nil {
-		return x.StringVal
-	}
-	return nil
-}
-
-func (x *Wrappers) GetBytesVal() *wrapperspb.BytesValue {
-	if x != nil {
-		return x.BytesVal
-	}
-	return nil
-}
-
-type OneOf struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Types that are assignable to Data:
-	//
-	//	*OneOf_Int32Val
-	//	*OneOf_Primitives
-	Data isOneOf_Data `protobuf_oneof:"data"`
-}
-
-func (x *OneOf) Reset() {
-	*x = OneOf{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_example_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *OneOf) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*OneOf) ProtoMessage() {}
-
-func (x *OneOf) ProtoReflect() protoreflect.Message {
-	mi := &file_example_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use OneOf.ProtoReflect.Descriptor instead.
-func (*OneOf) Descriptor() ([]byte, []int) {
-	return file_example_proto_rawDescGZIP(), []int{3}
-}
-
-func (m *OneOf) GetData() isOneOf_Data {
-	if m != nil {
-		return m.Data
-	}
-	return nil
-}
-
-func (x *OneOf) GetInt32Val() int32 {
-	if x, ok := x.GetData().(*OneOf_Int32Val); ok {
-		return x.Int32Val
-	}
-	return 0
-}
-
-func (x *OneOf) GetPrimitives() *Primitives {
-	if x, ok := x.GetData().(*OneOf_Primitives); ok {
-		return x.Primitives
-	}
-	return nil
-}
-
-type isOneOf_Data interface {
-	isOneOf_Data()
-}
-
-type OneOf_Int32Val struct {
-	Int32Val int32 `protobuf:"varint,1,opt,name=int32_val,json=int32Val,proto3,oneof"`
-}
-
-type OneOf_Primitives struct {
-	Primitives *Primitives `protobuf:"bytes,2,opt,name=primitives,proto3,oneof"` // note repeated fields (including maps) are not allowed in oneofs
-}
-
-func (*OneOf_Int32Val) isOneOf_Data() {}
-
-func (*OneOf_Primitives) isOneOf_Data() {}
-
-type NonDynamicWellKnown struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	EmptyVal     *emptypb.Empty         `protobuf:"bytes,1,opt,name=empty_val,json=emptyVal,proto3" json:"empty_val,omitempty"`
-	TimestampVal *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=timestamp_val,json=timestampVal,proto3" json:"timestamp_val,omitempty"`
-	DurationVal  *durationpb.Duration   `protobuf:"bytes,3,opt,name=duration_val,json=durationVal,proto3" json:"duration_val,omitempty"`
-}
-
-func (x *NonDynamicWellKnown) Reset() {
-	*x = NonDynamicWellKnown{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_example_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *NonDynamicWellKnown) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*NonDynamicWellKnown) ProtoMessage() {}
-
-func (x *NonDynamicWellKnown) ProtoReflect() protoreflect.Message {
-	mi := &file_example_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use NonDynamicWellKnown.ProtoReflect.Descriptor instead.
-func (*NonDynamicWellKnown) Descriptor() ([]byte, []int) {
-	return file_example_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *NonDynamicWellKnown) GetEmptyVal() *emptypb.Empty {
-	if x != nil {
-		return x.EmptyVal
-	}
-	return nil
-}
-
-func (x *NonDynamicWellKnown) GetTimestampVal() *timestamppb.Timestamp {
-	if x != nil {
-		return x.TimestampVal
-	}
-	return nil
-}
-
-func (x *NonDynamicWellKnown) GetDurationVal() *durationpb.Duration {
-	if x != nil {
-		return x.DurationVal
-	}
-	return nil
-}
-
-type DynamicWellKnown struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	AnyVal    *anypb.Any       `protobuf:"bytes,1,opt,name=any_val,json=anyVal,proto3" json:"any_val,omitempty"`
-	StructVal *structpb.Struct `protobuf:"bytes,2,opt,name=struct_val,json=structVal,proto3" json:"struct_val,omitempty"`
-	AnyList   []*anypb.Any     `protobuf:"bytes,3,rep,name=any_list,json=anyList,proto3" json:"any_list,omitempty"`
-}
-
-func (x *DynamicWellKnown) Reset() {
-	*x = DynamicWellKnown{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_example_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *DynamicWellKnown) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*DynamicWellKnown) ProtoMessage() {}
-
-func (x *DynamicWellKnown) ProtoReflect() protoreflect.Message {
-	mi := &file_example_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use DynamicWellKnown.ProtoReflect.Descriptor instead.
-func (*DynamicWellKnown) Descriptor() ([]byte, []int) {
-	return file_example_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *DynamicWellKnown) GetAnyVal() *anypb.Any {
-	if x != nil {
-		return x.AnyVal
-	}
-	return nil
-}
-
-func (x *DynamicWellKnown) GetStructVal() *structpb.Struct {
-	if x != nil {
-		return x.StructVal
-	}
-	return nil
-}
-
-func (x *DynamicWellKnown) GetAnyList() []*anypb.Any {
-	if x != nil {
-		return x.AnyList
-	}
-	return nil
-}
-
-var File_example_proto protoreflect.FileDescriptor
-
-var file_example_proto_rawDesc = []byte{
-	0x0a, 0x0d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
-	0x2c, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65,
-	0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65,
-	0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61,
-	0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x22, 0xdb, 0x03, 0x0a, 0x0a, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69,
-	0x76, 0x65, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61,
-	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56,
-	0x61, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x08, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x56, 0x61, 0x6c, 0x12,
-	0x1b, 0x0a, 0x09, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x05, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x1b, 0x0a, 0x09,
-	0x69, 0x6e, 0x74, 0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52,
-	0x08, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x69, 0x6e,
-	0x74, 0x33, 0x32, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x75,
-	0x69, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x69, 0x6e, 0x74,
-	0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x75, 0x69,
-	0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x69, 0x6e, 0x74, 0x33,
-	0x32, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x11, 0x52, 0x09, 0x73, 0x69, 0x6e,
-	0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x69, 0x6e, 0x74, 0x36, 0x34,
-	0x5f, 0x76, 0x61, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x12, 0x52, 0x09, 0x73, 0x69, 0x6e, 0x74,
-	0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x69, 0x78, 0x65, 0x64, 0x33, 0x32,
-	0x5f, 0x76, 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x07, 0x52, 0x0a, 0x66, 0x69, 0x78, 0x65,
-	0x64, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x69, 0x78, 0x65, 0x64, 0x36,
-	0x34, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x06, 0x52, 0x0a, 0x66, 0x69, 0x78,
-	0x65, 0x64, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x66, 0x69, 0x78, 0x65,
-	0x64, 0x33, 0x32, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0f, 0x52, 0x0b, 0x73,
-	0x66, 0x69, 0x78, 0x65, 0x64, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x66,
-	0x69, 0x78, 0x65, 0x64, 0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x10,
-	0x52, 0x0b, 0x73, 0x66, 0x69, 0x78, 0x65, 0x64, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x19, 0x0a,
-	0x08, 0x62, 0x6f, 0x6f, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x07, 0x62, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x72, 0x69,
-	0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74,
-	0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x79, 0x74, 0x65, 0x5f,
-	0x76, 0x61, 0x6c, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x62, 0x79, 0x74, 0x65, 0x56,
-	0x61, 0x6c, 0x22, 0xd8, 0x05, 0x0a, 0x14, 0x4e, 0x65, 0x73, 0x74, 0x65, 0x64, 0x41, 0x6e, 0x64,
-	0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x0a, 0x70,
-	0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x50,
-	0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6d, 0x69,
-	0x74, 0x69, 0x76, 0x65, 0x73, 0x12, 0x61, 0x0a, 0x0f, 0x70, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69,
-	0x76, 0x65, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x50, 0x72,
-	0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x52, 0x0e, 0x70, 0x72, 0x69, 0x6d, 0x69, 0x74,
-	0x69, 0x76, 0x65, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x7c, 0x0a, 0x0e, 0x70, 0x72, 0x69, 0x6d,
-	0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x55, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
-	0x4e, 0x65, 0x73, 0x74, 0x65, 0x64, 0x41, 0x6e, 0x64, 0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x4d,
-	0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, 0x70, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69,
-	0x76, 0x65, 0x73, 0x4d, 0x61, 0x70, 0x12, 0x76, 0x0a, 0x0c, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63,
-	0x6f, 0x6c, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x53, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63,
-	0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4e, 0x65, 0x73, 0x74,
-	0x65, 0x64, 0x41, 0x6e, 0x64, 0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x4d, 0x61, 0x70, 0x12, 0x19,
-	0x0a, 0x08, 0x69, 0x6e, 0x74, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x05, 0x20, 0x03, 0x28, 0x05,
-	0x52, 0x07, 0x69, 0x6e, 0x74, 0x4c, 0x69, 0x73, 0x74, 0x1a, 0x7a, 0x0a, 0x12, 0x50, 0x72, 0x69,
-	0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
-	0x79, 0x12, 0x4e, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
-	0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x76, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
-	0x6c, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x4c, 0x0a, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e,
-	0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
-	0x6f, 0x6c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x9d, 0x04,
-	0x0a, 0x08, 0x57, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x12, 0x3b, 0x0a, 0x0a, 0x64, 0x6f,
-	0x75, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x44, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x64, 0x6f,
-	0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x12, 0x38, 0x0a, 0x09, 0x66, 0x6c, 0x6f, 0x61, 0x74,
-	0x5f, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x6c, 0x6f,
-	0x61, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x56, 0x61,
-	0x6c, 0x12, 0x38, 0x0a, 0x09, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75,
-	0x65, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x38, 0x0a, 0x09, 0x69,
-	0x6e, 0x74, 0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x69, 0x6e, 0x74,
-	0x36, 0x34, 0x56, 0x61, 0x6c, 0x12, 0x3b, 0x0a, 0x0a, 0x75, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x5f,
-	0x76, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74,
-	0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x75, 0x69, 0x6e, 0x74, 0x33, 0x32, 0x56,
-	0x61, 0x6c, 0x12, 0x3b, 0x0a, 0x0a, 0x75, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c,
-	0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x75, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x12,
-	0x35, 0x0a, 0x08, 0x62, 0x6f, 0x6f, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x62,
-	0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x12, 0x3b, 0x0a, 0x0a, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67,
-	0x5f, 0x76, 0x61, 0x6c, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72,
-	0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67,
-	0x56, 0x61, 0x6c, 0x12, 0x38, 0x0a, 0x09, 0x62, 0x79, 0x74, 0x65, 0x73, 0x5f, 0x76, 0x61, 0x6c,
-	0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x79, 0x74, 0x65, 0x73, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x52, 0x08, 0x62, 0x79, 0x74, 0x65, 0x73, 0x56, 0x61, 0x6c, 0x22, 0x8a, 0x01,
-	0x0a, 0x05, 0x4f, 0x6e, 0x65, 0x4f, 0x66, 0x12, 0x1d, 0x0a, 0x09, 0x69, 0x6e, 0x74, 0x33, 0x32,
-	0x5f, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x48, 0x00, 0x52, 0x08, 0x69, 0x6e,
-	0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x12, 0x5a, 0x0a, 0x0a, 0x70, 0x72, 0x69, 0x6d, 0x69, 0x74,
-	0x69, 0x76, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e,
-	0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74,
-	0x69, 0x76, 0x65, 0x73, 0x48, 0x00, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76,
-	0x65, 0x73, 0x42, 0x06, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0xc9, 0x01, 0x0a, 0x13, 0x4e,
-	0x6f, 0x6e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f,
-	0x77, 0x6e, 0x12, 0x33, 0x0a, 0x09, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x5f, 0x76, 0x61, 0x6c, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x52, 0x08, 0x65,
-	0x6d, 0x70, 0x74, 0x79, 0x56, 0x61, 0x6c, 0x12, 0x3f, 0x0a, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x73,
-	0x74, 0x61, 0x6d, 0x70, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x74, 0x69, 0x6d, 0x65,
-	0x73, 0x74, 0x61, 0x6d, 0x70, 0x56, 0x61, 0x6c, 0x12, 0x3c, 0x0a, 0x0c, 0x64, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x64, 0x75, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x22, 0xaa, 0x01, 0x0a, 0x10, 0x44, 0x79, 0x6e, 0x61, 0x6d,
-	0x69, 0x63, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x12, 0x2d, 0x0a, 0x07, 0x61,
-	0x6e, 0x79, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41,
-	0x6e, 0x79, 0x52, 0x06, 0x61, 0x6e, 0x79, 0x56, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x0a, 0x73, 0x74,
-	0x72, 0x75, 0x63, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x09, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x56,
-	0x61, 0x6c, 0x12, 0x2f, 0x0a, 0x08, 0x61, 0x6e, 0x79, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x03,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x61, 0x6e, 0x79, 0x4c,
-	0x69, 0x73, 0x74, 0x2a, 0x48, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12,
-	0x18, 0x0a, 0x14, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x55, 0x4e, 0x53, 0x50,
-	0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f,
-	0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x54, 0x43, 0x50, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x50,
-	0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x55, 0x44, 0x50, 0x10, 0x02, 0x42, 0xcf, 0x02,
-	0x0a, 0x30, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x42, 0x0c, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f,
-	0x50, 0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63,
-	0x6c, 0x2f, 0x74, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0xa2, 0x02, 0x05, 0x48, 0x43,
-	0x49, 0x50, 0x54, 0xaa, 0x02, 0x2c, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x2e, 0x54, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0xca, 0x02, 0x2c, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50,
-	0x72, 0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x5c, 0x54, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0xe2, 0x02, 0x38, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x72,
-	0x6f, 0x74, 0x6f, 0x68, 0x63, 0x6c, 0x5c, 0x54, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x30, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x50, 0x72, 0x6f, 0x74,
-	0x6f, 0x68, 0x63, 0x6c, 0x3a, 0x3a, 0x54, 0x65, 0x73, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_example_proto_rawDescOnce sync.Once
-	file_example_proto_rawDescData = file_example_proto_rawDesc
-)
-
-func file_example_proto_rawDescGZIP() []byte {
-	file_example_proto_rawDescOnce.Do(func() {
-		file_example_proto_rawDescData = protoimpl.X.CompressGZIP(file_example_proto_rawDescData)
-	})
-	return file_example_proto_rawDescData
-}
-
-var file_example_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_example_proto_msgTypes = make([]protoimpl.MessageInfo, 8)
-var file_example_proto_goTypes = []interface{}{
-	(Protocol)(0),                  // 0: hashicorp.consul.internal.protohcl.testproto.Protocol
-	(*Primitives)(nil),             // 1: hashicorp.consul.internal.protohcl.testproto.Primitives
-	(*NestedAndCollections)(nil),   // 2: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections
-	(*Wrappers)(nil),               // 3: hashicorp.consul.internal.protohcl.testproto.Wrappers
-	(*OneOf)(nil),                  // 4: hashicorp.consul.internal.protohcl.testproto.OneOf
-	(*NonDynamicWellKnown)(nil),    // 5: hashicorp.consul.internal.protohcl.testproto.NonDynamicWellKnown
-	(*DynamicWellKnown)(nil),       // 6: hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown
-	nil,                            // 7: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.PrimitivesMapEntry
-	nil,                            // 8: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.ProtocolMapEntry
-	(*wrapperspb.DoubleValue)(nil), // 9: google.protobuf.DoubleValue
-	(*wrapperspb.FloatValue)(nil),  // 10: google.protobuf.FloatValue
-	(*wrapperspb.Int32Value)(nil),  // 11: google.protobuf.Int32Value
-	(*wrapperspb.Int64Value)(nil),  // 12: google.protobuf.Int64Value
-	(*wrapperspb.UInt32Value)(nil), // 13: google.protobuf.UInt32Value
-	(*wrapperspb.UInt64Value)(nil), // 14: google.protobuf.UInt64Value
-	(*wrapperspb.BoolValue)(nil),   // 15: google.protobuf.BoolValue
-	(*wrapperspb.StringValue)(nil), // 16: google.protobuf.StringValue
-	(*wrapperspb.BytesValue)(nil),  // 17: google.protobuf.BytesValue
-	(*emptypb.Empty)(nil),          // 18: google.protobuf.Empty
-	(*timestamppb.Timestamp)(nil),  // 19: google.protobuf.Timestamp
-	(*durationpb.Duration)(nil),    // 20: google.protobuf.Duration
-	(*anypb.Any)(nil),              // 21: google.protobuf.Any
-	(*structpb.Struct)(nil),        // 22: google.protobuf.Struct
-}
-var file_example_proto_depIdxs = []int32{
-	1,  // 0: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.primitives:type_name -> hashicorp.consul.internal.protohcl.testproto.Primitives
-	1,  // 1: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.primitives_list:type_name -> hashicorp.consul.internal.protohcl.testproto.Primitives
-	7,  // 2: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.primitives_map:type_name -> hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.PrimitivesMapEntry
-	8,  // 3: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.protocol_map:type_name -> hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.ProtocolMapEntry
-	9,  // 4: hashicorp.consul.internal.protohcl.testproto.Wrappers.double_val:type_name -> google.protobuf.DoubleValue
-	10, // 5: hashicorp.consul.internal.protohcl.testproto.Wrappers.float_val:type_name -> google.protobuf.FloatValue
-	11, // 6: hashicorp.consul.internal.protohcl.testproto.Wrappers.int32_val:type_name -> google.protobuf.Int32Value
-	12, // 7: hashicorp.consul.internal.protohcl.testproto.Wrappers.int64_val:type_name -> google.protobuf.Int64Value
-	13, // 8: hashicorp.consul.internal.protohcl.testproto.Wrappers.uint32_val:type_name -> google.protobuf.UInt32Value
-	14, // 9: hashicorp.consul.internal.protohcl.testproto.Wrappers.uint64_val:type_name -> google.protobuf.UInt64Value
-	15, // 10: hashicorp.consul.internal.protohcl.testproto.Wrappers.bool_val:type_name -> google.protobuf.BoolValue
-	16, // 11: hashicorp.consul.internal.protohcl.testproto.Wrappers.string_val:type_name -> google.protobuf.StringValue
-	17, // 12: hashicorp.consul.internal.protohcl.testproto.Wrappers.bytes_val:type_name -> google.protobuf.BytesValue
-	1,  // 13: hashicorp.consul.internal.protohcl.testproto.OneOf.primitives:type_name -> hashicorp.consul.internal.protohcl.testproto.Primitives
-	18, // 14: hashicorp.consul.internal.protohcl.testproto.NonDynamicWellKnown.empty_val:type_name -> google.protobuf.Empty
-	19, // 15: hashicorp.consul.internal.protohcl.testproto.NonDynamicWellKnown.timestamp_val:type_name -> google.protobuf.Timestamp
-	20, // 16: hashicorp.consul.internal.protohcl.testproto.NonDynamicWellKnown.duration_val:type_name -> google.protobuf.Duration
-	21, // 17: hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown.any_val:type_name -> google.protobuf.Any
-	22, // 18: hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown.struct_val:type_name -> google.protobuf.Struct
-	21, // 19: hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown.any_list:type_name -> google.protobuf.Any
-	1,  // 20: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.PrimitivesMapEntry.value:type_name -> hashicorp.consul.internal.protohcl.testproto.Primitives
-	0,  // 21: hashicorp.consul.internal.protohcl.testproto.NestedAndCollections.ProtocolMapEntry.value:type_name -> hashicorp.consul.internal.protohcl.testproto.Protocol
-	22, // [22:22] is the sub-list for method output_type
-	22, // [22:22] is the sub-list for method input_type
-	22, // [22:22] is the sub-list for extension type_name
-	22, // [22:22] is the sub-list for extension extendee
-	0,  // [0:22] is the sub-list for field type_name
-}
-
-func init() { file_example_proto_init() }
-func file_example_proto_init() {
-	if File_example_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_example_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Primitives); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_example_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NestedAndCollections); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_example_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Wrappers); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_example_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*OneOf); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_example_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NonDynamicWellKnown); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_example_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DynamicWellKnown); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_example_proto_msgTypes[3].OneofWrappers = []interface{}{
-		(*OneOf_Int32Val)(nil),
-		(*OneOf_Primitives)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_example_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   8,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_example_proto_goTypes,
-		DependencyIndexes: file_example_proto_depIdxs,
-		EnumInfos:         file_example_proto_enumTypes,
-		MessageInfos:      file_example_proto_msgTypes,
-	}.Build()
-	File_example_proto = out.File
-	file_example_proto_rawDesc = nil
-	file_example_proto_goTypes = nil
-	file_example_proto_depIdxs = nil
-}
diff --git a/internal/protohcl/testproto/example.proto b/internal/protohcl/testproto/example.proto
deleted file mode 100644
index 17bf737fa3ac..000000000000
--- a/internal/protohcl/testproto/example.proto
+++ /dev/null
@@ -1,77 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-syntax = "proto3";
-
-package hashicorp.consul.internal.protohcl.testproto;
-
-import "google/protobuf/duration.proto";
-import "google/protobuf/empty.proto";
-import "google/protobuf/timestamp.proto";
-import "google/protobuf/wrappers.proto";
-import "google/protobuf/any.proto";
-import "google/protobuf/struct.proto";
-
-message Primitives {
-  double double_val = 1;
-  float float_val = 2;
-  int32 int32_val = 3;
-  int64 int64_val = 4;
-  uint32 uint32_val = 5;
-  uint64 uint64_val = 6;
-  sint32 sint32_val = 7;
-  sint64 sint64_val = 8;
-  fixed32 fixed32_val = 9;
-  fixed64 fixed64_val = 10;
-  sfixed32 sfixed32_val = 11;
-  sfixed64 sfixed64_val = 12;
-  bool bool_val = 13;
-  string string_val = 14;
-  bytes byte_val = 15;
-}
-
-enum Protocol {
-  PROTOCOL_UNSPECIFIED = 0;
-  PROTOCOL_TCP = 1;
-  PROTOCOL_UDP = 2;
-}
-
-message NestedAndCollections {
-  Primitives primitives = 1;
-  repeated Primitives primitives_list = 2;
-  map<string, Primitives> primitives_map = 3;
-  map<string, Protocol> protocol_map = 4;
-  repeated int32 int_list = 5;
-}
-
-message Wrappers {
-  google.protobuf.DoubleValue double_val = 1;
-  google.protobuf.FloatValue float_val = 2;
-  google.protobuf.Int32Value int32_val = 3;
-  google.protobuf.Int64Value int64_val = 4;
-  google.protobuf.UInt32Value uint32_val = 5;
-  google.protobuf.UInt64Value uint64_val = 6;
-  google.protobuf.BoolValue bool_val = 13;
-  google.protobuf.StringValue string_val = 14;
-  google.protobuf.BytesValue bytes_val = 15;
-}
-
-message OneOf {
-  oneof data {
-    int32 int32_val = 1;
-    Primitives primitives = 2;
-    // note repeated fields (including maps) are not allowed in oneofs
-  }
-}
-
-message NonDynamicWellKnown {
-  google.protobuf.Empty empty_val = 1;
-  google.protobuf.Timestamp timestamp_val = 2;
-  google.protobuf.Duration duration_val = 3;
-}
-
-message DynamicWellKnown {
-  google.protobuf.Any any_val = 1;
-  google.protobuf.Struct struct_val = 2;
-  repeated google.protobuf.Any any_list = 3;
-}
diff --git a/internal/protohcl/unmarshal.go b/internal/protohcl/unmarshal.go
deleted file mode 100644
index 0f3c80a4c26e..000000000000
--- a/internal/protohcl/unmarshal.go
+++ /dev/null
@@ -1,137 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package protohcl
-
-import (
-	"github.com/hashicorp/hcl/v2"
-	"github.com/hashicorp/hcl/v2/hclparse"
-	"github.com/zclconf/go-cty/cty/function"
-	"google.golang.org/protobuf/reflect/protoreflect"
-)
-
-// UnmarshalContext provides information about the context in which we are
-// unmarshalling HCL. It is primarily used for decoding Any fields based on
-// surrounding information (e.g. the resource Type block).
-type UnmarshalContext struct {
-	// Parent context.
-	Parent *UnmarshalContext
-
-	// Name of the field that we are unmarshalling.
-	Name string
-
-	// Message is the protobuf message that we are unmarshalling into (may be nil).
-	Message protoreflect.Message
-
-	// Range of where this field was in the HCL source.
-	Range hcl.Range
-}
-
-// ErrorRange returns a range that can be used in error messages.
-func (ctx *UnmarshalContext) ErrorRange() hcl.Range {
-	for {
-		if !ctx.Range.Empty() || ctx.Parent == nil {
-			return ctx.Range
-		}
-		ctx = ctx.Parent
-	}
-}
-
-func Unmarshal(src []byte, dest protoreflect.ProtoMessage) error {
-	return UnmarshalOptions{}.Unmarshal(src, dest)
-}
-
-type UnmarshalOptions struct {
-	AnyTypeProvider AnyTypeProvider
-	SourceFileName  string
-	FieldNamer      FieldNamer
-	Functions       map[string]function.Function
-}
-
-func (u UnmarshalOptions) Unmarshal(src []byte, dest protoreflect.ProtoMessage) error {
-	rmsg := dest.ProtoReflect()
-
-	file, diags := hclparse.NewParser().ParseHCL(src, u.SourceFileName)
-
-	// error performing basic HCL parsing
-	if diags.HasErrors() {
-		return diags
-	}
-
-	u.clearAll(rmsg)
-
-	if u.FieldNamer == nil {
-		u.FieldNamer = textFieldNamer{}
-	}
-
-	return u.decodeMessage(
-		&UnmarshalContext{Message: rmsg},
-		u.bodyDecoder(file.Body),
-		rmsg,
-	)
-}
-
-func (u UnmarshalOptions) bodyDecoder(body hcl.Body) MessageDecoder {
-	return newBodyDecoder(body, u.FieldNamer, u.Functions)
-}
-
-func (u UnmarshalOptions) decodeMessage(ctx *UnmarshalContext, decoder MessageDecoder, msg protoreflect.Message) error {
-	desc := msg.Descriptor()
-
-	if desc.FullName() == wellKnownTypeAny {
-		return u.decodeAny(ctx, decoder, msg)
-	}
-
-	tracker := newOneOfTracker(u.FieldNamer)
-
-	return decoder.EachField(FieldIterator{
-		Desc: desc,
-		Func: func(field *IterField) error {
-			if err := tracker.markFieldAsSet(field.Desc); err != nil {
-				return err
-			}
-
-			var (
-				protoVal protoreflect.Value
-				err      error
-			)
-			switch {
-			case field.Val != nil:
-				protoVal, err = u.decodeAttribute(
-					&UnmarshalContext{
-						Parent: ctx,
-						Name:   field.Name,
-						Range:  field.Range,
-					},
-					func() protoreflect.Value { return msg.NewField(field.Desc) },
-					field.Desc,
-					*field.Val,
-					true,
-				)
-			case len(field.Blocks) != 0:
-				protoVal, err = u.decodeBlocks(ctx, field.Blocks, msg, field.Desc)
-			default:
-				panic("decoder yielded no blocks or attributes")
-			}
-			if err != nil {
-				return err
-			}
-
-			if protoVal.IsValid() {
-				msg.Set(field.Desc, protoVal)
-			}
-
-			return nil
-		},
-	})
-}
-
-type newMessageFn func() protoreflect.Value
-
-func (u UnmarshalOptions) clearAll(msg protoreflect.Message) {
-	fields := msg.Descriptor().Fields()
-
-	for i := 0; i < fields.Len(); i++ {
-		msg.Clear(fields.Get(i))
-	}
-}
diff --git a/internal/protohcl/unmarshal_test.go b/internal/protohcl/unmarshal_test.go
deleted file mode 100644
index ef00de3ffbb6..000000000000
--- a/internal/protohcl/unmarshal_test.go
+++ /dev/null
@@ -1,560 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package protohcl
-
-import (
-	"encoding/json"
-	"fmt"
-	"reflect"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/require"
-	"github.com/zclconf/go-cty/cty"
-	"github.com/zclconf/go-cty/cty/function"
-	"google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/types/known/anypb"
-
-	"github.com/hashicorp/consul/internal/protohcl/testproto"
-	"github.com/hashicorp/hcl/v2/hclparse"
-)
-
-func TestPrimitives(t *testing.T) {
-	hcl := `
-		double_val = 1.234
-  		float_val = 2.345
-  		int32_val = 536870912
-  		int64_val = 25769803776
-  		uint32_val = 2148532224
-  		uint64_val = 9223372041149743104
-  		sint32_val = 536870912
-  		sint64_val = 25769803776
-  		fixed32_val = 2148532224
-  		fixed64_val = 9223372041149743104
-  		sfixed32_val = 536870912
-  		sfixed64_val = 25769803776
-  		bool_val = true
-  		string_val = "foo"
-		// This is base64 encoded "bar"
-  		byte_val = "YmFy"
-	`
-
-	var out testproto.Primitives
-
-	err := Unmarshal([]byte(hcl), &out)
-	require.NoError(t, err)
-
-	require.Equal(t, out.DoubleVal, float64(1.234))
-	require.Equal(t, out.FloatVal, float32(2.345))
-	require.Equal(t, out.Int32Val, int32(536870912))
-	require.Equal(t, out.Int64Val, int64(25769803776))
-	require.Equal(t, out.Uint32Val, uint32(2148532224))
-	require.Equal(t, out.Uint64Val, uint64(9223372041149743104))
-	require.Equal(t, out.Sint32Val, int32(536870912))
-	require.Equal(t, out.Sint64Val, int64(25769803776))
-	require.Equal(t, out.Fixed32Val, uint32(2148532224))
-	require.Equal(t, out.Fixed64Val, uint64(9223372041149743104))
-	require.Equal(t, out.Sfixed32Val, int32(536870912))
-	require.Equal(t, out.Sfixed64Val, int64(25769803776))
-	require.Equal(t, out.BoolVal, true)
-	require.Equal(t, out.StringVal, "foo")
-	require.Equal(t, out.ByteVal, []byte("bar"))
-}
-
-func TestNestedAndCollections(t *testing.T) {
-	hcl := `
-		primitives {
-			uint32_val = 42
-		}
-		
-		primitives_map "foo" {
-			uint32_val = 42
-		}
-		
-		protocol_map = {
-			"foo" = "PROTOCOL_TCP"
-		}
-		
-		primitives_list {
-			uint32_val = 42
-		}
-		
-		primitives_list {
-			uint32_val = 56
-		}
-		
-		int_list = [
-			1,
-			2
-		]
-	
-	`
-
-	var out testproto.NestedAndCollections
-
-	err := Unmarshal([]byte(hcl), &out)
-	require.NoError(t, err)
-
-	require.NotNil(t, out.Primitives)
-	require.Equal(t, out.Primitives.Uint32Val, uint32(42))
-	require.NotNil(t, out.PrimitivesMap)
-	require.Equal(t, out.PrimitivesMap["foo"].Uint32Val, uint32(42))
-	require.NotNil(t, out.ProtocolMap)
-	require.Equal(t, out.ProtocolMap["foo"], testproto.Protocol_PROTOCOL_TCP)
-	require.Len(t, out.PrimitivesList, 2)
-	require.Equal(t, out.PrimitivesList[0].Uint32Val, uint32(42))
-	require.Equal(t, out.PrimitivesList[1].Uint32Val, uint32(56))
-	require.Len(t, out.IntList, 2)
-	require.Equal(t, out.IntList[1], int32(2))
-}
-
-func TestPrimitiveWrappers(t *testing.T) {
-	hcl := `
-		double_val = 1.234
-  		float_val = 2.345
-  		int32_val = 536870912
-  		int64_val = 25769803776
-  		uint32_val = 2148532224
-  		uint64_val = 9223372041149743104
-  		bool_val = true
-  		string_val = "foo"
-		// This is base64 encoded "bar"
-  		bytes_val = "YmFy"
-	`
-	var out testproto.Wrappers
-
-	err := Unmarshal([]byte(hcl), &out)
-	require.NoError(t, err)
-	require.Equal(t, out.DoubleVal.Value, float64(1.234))
-	require.Equal(t, out.FloatVal.Value, float32(2.345))
-	require.Equal(t, out.Int32Val.Value, int32(536870912))
-	require.Equal(t, out.Int64Val.Value, int64(25769803776))
-	require.Equal(t, out.Uint32Val.Value, uint32(2148532224))
-	require.Equal(t, out.Uint64Val.Value, uint64(9223372041149743104))
-	require.Equal(t, out.BoolVal.Value, true)
-	require.Equal(t, out.StringVal.Value, "foo")
-	require.Equal(t, out.BytesVal.Value, []byte("bar"))
-}
-
-func TestNonDynamicWellKnown(t *testing.T) {
-	hcl := `
-		empty_val = {}
-		timestamp_val = "2023-02-27T12:34:56.789Z"
-		duration_val = "12s"
-	`
-	var out testproto.NonDynamicWellKnown
-
-	err := Unmarshal([]byte(hcl), &out)
-	require.NoError(t, err)
-	require.NotNil(t, out.EmptyVal)
-	require.NotNil(t, out.TimestampVal)
-	require.Equal(t, out.TimestampVal.AsTime(), time.Date(2023, 2, 27, 12, 34, 56, 789000000, time.UTC))
-	require.NotNil(t, out.DurationVal)
-	require.Equal(t, out.DurationVal.AsDuration(), time.Second*12)
-}
-
-func TestInvalidTimestamp(t *testing.T) {
-	if testing.Short() {
-		t.Skip("too slow for testing.Short")
-	}
-
-	t.Parallel()
-
-	cases := map[string]struct {
-		hcl       string
-		expectXDS bool
-	}{
-		"invalid": {
-			hcl: `
-				timestamp_val = "Sat Jun 12 2023 14:59:57 GMT+0200"
-			`,
-		},
-		"range error": {
-			hcl: `
-				timestamp_val = "2023-02-27T25:34:56.789Z"
-			`,
-		},
-	}
-
-	for name, tc := range cases {
-		tc := tc
-		var out testproto.NonDynamicWellKnown
-		t.Run(name, func(t *testing.T) {
-
-			err := Unmarshal([]byte(tc.hcl), &out)
-			require.Error(t, err)
-			require.Nil(t, out.TimestampVal)
-			require.ErrorContains(t, err, "error parsing timestamp")
-		})
-	}
-}
-
-func TestInvalidDuration(t *testing.T) {
-	hcl := `
-		duration_val = "abc"
-	`
-	var out testproto.NonDynamicWellKnown
-
-	err := Unmarshal([]byte(hcl), &out)
-	require.ErrorContains(t, err, "error parsing string duration:")
-	require.Nil(t, out.DurationVal)
-}
-
-func TestOneOf(t *testing.T) {
-	hcl1 := `
-		int32_val = 3
-	`
-
-	hcl2 := `
-		primitives {
-			int32_val = 3
-		}
-	`
-
-	hcl3 := `
-		int32_val = 3
-		primitives {
-			int32_val = 4
-		}
-	`
-
-	var out testproto.OneOf
-
-	err := Unmarshal([]byte(hcl1), &out)
-	require.NoError(t, err)
-	require.Equal(t, out.GetInt32Val(), int32(3))
-
-	err = Unmarshal([]byte(hcl2), &out)
-	require.NoError(t, err)
-	primitives := out.GetPrimitives()
-	require.NotNil(t, primitives)
-	require.Equal(t, primitives.Int32Val, int32(3))
-
-	err = Unmarshal([]byte(hcl3), &out)
-	require.Error(t, err)
-}
-
-func TestAny(t *testing.T) {
-	hcl := `
-		any_val {
-		    type_url = "hashicorp.consul.internal.protohcl.testproto.Primitives"
-		    uint32_val = 42
-		}
-
-		any_list = [
-			{
-				type_url = "hashicorp.consul.internal.protohcl.testproto.Primitives"
-				uint32_val = 123
-			},
-			{
-				type_url = "hashicorp.consul.internal.protohcl.testproto.Wrappers"
-				uint32_val = 321
-			}
-		]
-	`
-	var out testproto.DynamicWellKnown
-
-	err := Unmarshal([]byte(hcl), &out)
-	require.NoError(t, err)
-	require.NotNil(t, out.AnyVal)
-	require.Equal(t, out.AnyVal.TypeUrl, "hashicorp.consul.internal.protohcl.testproto.Primitives")
-
-	raw, err := anypb.UnmarshalNew(out.AnyVal, proto.UnmarshalOptions{})
-	require.NoError(t, err)
-	require.NotNil(t, raw)
-
-	primitives, ok := raw.(*testproto.Primitives)
-	require.True(t, ok)
-	require.Equal(t, primitives.Uint32Val, uint32(42))
-}
-
-func TestAnyTypeDynamicWellKnown(t *testing.T) {
-	hcl := `
-		any_val {
-			type_url = "hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown"
-		    any_val {
-				type_url = "hashicorp.consul.internal.protohcl.testproto.Primitives"
-				uint32_val = 42
-			}
-		}
-	`
-	var out testproto.DynamicWellKnown
-
-	err := Unmarshal([]byte(hcl), &out)
-	require.NoError(t, err)
-	require.NotNil(t, out.AnyVal)
-	require.Equal(t, out.AnyVal.TypeUrl, "hashicorp.consul.internal.protohcl.testproto.DynamicWellKnown")
-
-	raw, err := anypb.UnmarshalNew(out.AnyVal, proto.UnmarshalOptions{})
-	require.NoError(t, err)
-	require.NotNil(t, raw)
-
-	anyVal, ok := raw.(*testproto.DynamicWellKnown)
-	require.True(t, ok)
-
-	res, err := anypb.UnmarshalNew(anyVal.AnyVal, proto.UnmarshalOptions{})
-	require.NoError(t, err)
-	require.NotNil(t, res)
-
-	primitives, ok := res.(*testproto.Primitives)
-	require.True(t, ok)
-	require.Equal(t, primitives.Uint32Val, uint32(42))
-}
-
-func TestAnyTypeNestedAndCollections(t *testing.T) {
-	hcl := `
-		any_val {
-			type_url = "hashicorp.consul.internal.protohcl.testproto.NestedAndCollections"
-		    primitives {
-				uint32_val = 42
-			}
-		}
-	`
-	var out testproto.DynamicWellKnown
-
-	err := Unmarshal([]byte(hcl), &out)
-	require.NoError(t, err)
-	require.NotNil(t, out.AnyVal)
-	require.Equal(t, out.AnyVal.TypeUrl, "hashicorp.consul.internal.protohcl.testproto.NestedAndCollections")
-
-	raw, err := anypb.UnmarshalNew(out.AnyVal, proto.UnmarshalOptions{})
-	require.NoError(t, err)
-	require.NotNil(t, raw)
-
-	nestedCollections, ok := raw.(*testproto.NestedAndCollections)
-	require.True(t, ok)
-	require.NotNil(t, nestedCollections.Primitives)
-	require.Equal(t, nestedCollections.Primitives.Uint32Val, uint32(42))
-}
-
-func TestAnyTypeErrors(t *testing.T) {
-	type testCase struct {
-		description string
-		hcl         string
-		error       string
-	}
-	testCases := []testCase{
-		{
-			description: "type_url is expected",
-			hcl: `
-			  any_val {
-				uint32_val = 42
-			}
-			`,
-			error: "type_url field is required to decode Any",
-		},
-		{
-			description: "type_url is unknown",
-			hcl: `
-			  any_val {
-				type_url = "hashicorp.consul.internal.protohcl.testproto.Integer"
-				uint32_val = 42
-			}
-			`,
-			error: "error looking up type information for hashicorp.consul.internal.protohcl.testproto.Integer",
-		},
-		{
-			description: "unknown field",
-			hcl: `
-			  any_val {
-				type_url = "hashicorp.consul.internal.protohcl.testproto.Primitives"
-				int_val = 42
-			}
-			`,
-			error: "Unsupported argument; An argument named \"int_val\" is not expected here",
-		},
-	}
-
-	for _, tc := range testCases {
-		tc := tc
-		t.Run(tc.description, func(t *testing.T) {
-			t.Parallel()
-			var out testproto.DynamicWellKnown
-
-			err := Unmarshal([]byte(tc.hcl), &out)
-			require.Error(t, err)
-			require.Contains(t, err.Error(), tc.error)
-		})
-	}
-}
-
-func TestStruct(t *testing.T) {
-	hcl := `
-		struct_val = {
-			"null"= null
-			"bool"= true
-			"foo" = "bar"
-			"baz" = 1.234
-			"nested" = {
-				"foo" = 12,
-				"bar" = "something"
-			}
-		}
-	`
-
-	var out testproto.DynamicWellKnown
-
-	err := Unmarshal([]byte(hcl), &out)
-	require.NoError(t, err)
-	require.NotNil(t, out.StructVal)
-
-	valMap := out.StructVal.AsMap()
-	jsonVal, err := json.Marshal(valMap)
-	require.NoError(t, err)
-
-	expected := `{
-		"null": null,
-		"bool": true,
-		"foo": "bar",
-		"baz": 1.234,
-		"nested": {
-			"foo": 12,
-			"bar": "something"
-		}
-	}
-	`
-	require.JSONEq(t, expected, string(jsonVal))
-}
-
-func TestStructList(t *testing.T) {
-	hcl := `
-		struct_val = {
-			"list_int" = [
-				1,
-				2,
-				3,
-			]
-			"list_string": [
-				"abc",
-				"def"
-			]
-			"list_bool": [
-				true,
-				false
-			]
-			"list_maps" = [
-				{
-					"arrr" = "matey"
-				},
-				{
-					"hoist" = "the colors"
-				}
-			]
-			"list_list" = [
-				[
-					"hello",
-					"world",
-					null
-				]
-			]
-		}
-	`
-
-	var out testproto.DynamicWellKnown
-
-	err := Unmarshal([]byte(hcl), &out)
-	require.NoError(t, err)
-	require.NotNil(t, out.StructVal)
-
-	valMap := out.StructVal.AsMap()
-	jsonVal, err := json.Marshal(valMap)
-	require.NoError(t, err)
-
-	expected := `{
-		"list_int": [
-			1,
-			2,
-			3
-		],
-		"list_string": [
-			"abc",
-			"def"
-		],
-		"list_bool": [
-			true,
-			false
-		],
-		"list_maps": [
-			{
-				"arrr": "matey"
-			},
-			{
-				"hoist": "the colors"
-			}
-		],
-		"list_list": [
-			[
-				"hello",
-				"world",
-				null
-			]
-		]
-	}
-	`
-	require.JSONEq(t, expected, string(jsonVal))
-}
-
-func TestFunctionExecution(t *testing.T) {
-	hcl := `
-		primitives = primitive_defaults()
-	`
-
-	var out testproto.NestedAndCollections
-
-	var (
-		testType = cty.Capsule("type", reflect.TypeOf(testproto.Primitives{}))
-
-		test = function.New(&function.Spec{
-			Params: []function.Parameter{},
-			Type:   function.StaticReturnType(testType),
-			Impl: func(args []cty.Value, _ cty.Type) (cty.Value, error) {
-				t := &testproto.Primitives{
-					StringVal: "test",
-					Int32Val:  10,
-					BoolVal:   false,
-				}
-				return cty.CapsuleVal(testType, t), nil
-			},
-		})
-	)
-
-	err := UnmarshalOptions{
-		Functions: map[string]function.Function{"primitive_defaults": test},
-	}.Unmarshal([]byte(hcl), &out)
-
-	require.NoError(t, err)
-
-	require.NotNil(t, out.Primitives)
-	require.Equal(t, out.Primitives.StringVal, "test")
-	require.Equal(t, out.Primitives.Int32Val, int32(10))
-	require.Equal(t, out.Primitives.BoolVal, false)
-}
-
-func TestSkipFields(t *testing.T) {
-
-	u := UnmarshalOptions{}
-
-	hcl := `
-		any_val {
-			type_url = "hashicorp.consul.internal.protohcl.testproto.Primitives"
-			uint32_val = 10
-		}`
-
-	file, diags := hclparse.NewParser().ParseHCL([]byte(hcl), "")
-
-	require.False(t, diags.HasErrors())
-
-	decoder := u.bodyDecoder(file.Body)
-
-	decoder = decoder.SkipFields("type_url")
-
-	decoder = decoder.SkipFields("type_url", "uint32_val")
-
-	expected := map[string]struct{}{
-		"type_url":   {},
-		"uint32_val": {},
-	}
-
-	require.Contains(t, fmt.Sprintf("%v", decoder), fmt.Sprintf("%v", expected))
-}
diff --git a/internal/protohcl/well_known_types.go b/internal/protohcl/well_known_types.go
deleted file mode 100644
index 756f908fc413..000000000000
--- a/internal/protohcl/well_known_types.go
+++ /dev/null
@@ -1,421 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package protohcl
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/zclconf/go-cty/cty"
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/types/known/durationpb"
-	"google.golang.org/protobuf/types/known/emptypb"
-	"google.golang.org/protobuf/types/known/structpb"
-	"google.golang.org/protobuf/types/known/timestamppb"
-	"google.golang.org/protobuf/types/known/wrapperspb"
-)
-
-const (
-	// maximum time in seconds that a time.Time which comes from
-	// an RFC 3339 timestamp can represent
-	maxTimestampSeconds = 253402300799
-	// minimum time in seconds that a time.Time which comes from
-	// an RFC 3339 timestamp can represent. This is negative
-	// because RFC 3339 base time is year 0001 whereas time.Time
-	// starts in 1970
-	minTimestampSeconds = -62135596800
-)
-
-var (
-	// minTime is the earliest time representable as both an
-	// RFC 3339 timestamp and a time.Time value
-	minTime = time.Unix(minTimestampSeconds, 0)
-	// maxTime is the latest time respresentable as both an
-	// RFC 3339 timestamp and a time.Time value
-	maxTime = time.Unix(maxTimestampSeconds, 999999999)
-)
-
-type wktSchemaHint int
-
-const (
-	notWellKnownType wktSchemaHint = iota
-	wellKnownBlock
-	wellKnownAttribute
-)
-
-// wellKnownTypeSchemaHint returns what sort of syntax should be used to represent
-// the well known type field.
-//
-// NotWellKnownType - use attribute block syntax based on other information
-// WellKnownAttribute - use attribute syntax
-// WellKnownBlock - use block syntax
-func wellKnownTypeSchemaHint(desc protoreflect.FieldDescriptor) wktSchemaHint {
-	if desc.Kind() != protoreflect.MessageKind {
-		return notWellKnownType
-	}
-
-	switch desc.Message().FullName() {
-	case "google.protobuf.DoubleValue":
-		return wellKnownAttribute
-	case "google.protobuf.FloatValue":
-		return wellKnownAttribute
-	case "google.protobuf.Int32Value":
-		return wellKnownAttribute
-	case "google.protobuf.Int64Value":
-		return wellKnownAttribute
-	case "google.protobuf.UInt32Value":
-		return wellKnownAttribute
-	case "google.protobuf.UInt64Value":
-		return wellKnownAttribute
-	case "google.protobuf.BoolValue":
-		return wellKnownAttribute
-	case "google.protobuf.StringValue":
-		return wellKnownAttribute
-	case "google.protobuf.BytesValue":
-		return wellKnownAttribute
-	case "google.protobuf.Empty":
-		// block syntax is used for Empty to allow transitioning to using
-		// a different proto message with fields in the future.
-		return wellKnownBlock
-	case "google.protobuf.Timestamp":
-		return wellKnownAttribute
-	case "google.protobuf.Duration":
-		return wellKnownAttribute
-	case "google.protobuf.Struct":
-		// as the Struct has completely free form fields that we cannot
-		// know about in advance we cannot use block syntax
-		return wellKnownAttribute
-	case "google.protobuf.Any":
-		return wellKnownBlock
-	default:
-		return notWellKnownType
-	}
-}
-
-func decodeAttributeToWellKnownType(desc protoreflect.FieldDescriptor, val cty.Value) (bool, protoreflect.Value, error) {
-	if desc.Kind() != protoreflect.MessageKind {
-		return false, protoreflect.Value{}, nil
-	}
-
-	switch desc.Message().FullName() {
-	case "google.protobuf.DoubleValue":
-		protoVal, err := protoDoubleWrapperFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.FloatValue":
-		protoVal, err := protoFloatWrapperFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.Int32Value":
-		protoVal, err := protoInt32WrapperFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.Int64Value":
-		protoVal, err := protoInt64WrapperFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.UInt32Value":
-		protoVal, err := protoUint32WrapperFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.UInt64Value":
-		protoVal, err := protoUint64WrapperFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.BoolValue":
-		protoVal, err := protoBoolWrapperFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.StringValue":
-		protoVal, err := protoStringWrapperFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.BytesValue":
-		protoVal, err := protoBytesWrapperFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.Empty":
-		protoVal, err := protoEmptyFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.Timestamp":
-		protoVal, err := protoTimestampFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.Duration":
-		protoVal, err := protoDurationFromCty(val)
-		return true, protoVal, err
-	case "google.protobuf.Struct":
-		protoVal, err := protoStructFromCty(val)
-		return true, protoVal, err
-	default:
-		return false, protoreflect.Value{}, nil
-	}
-}
-
-func protoWrapperFromBool(v bool) protoreflect.Value {
-	return protoreflect.ValueOfMessage(wrapperspb.Bool(v).ProtoReflect())
-}
-func protoWrapperFromInt32(v int32) protoreflect.Value {
-	return protoreflect.ValueOfMessage(wrapperspb.Int32(v).ProtoReflect())
-}
-func protoWrapperFromInt64(v int64) protoreflect.Value {
-	return protoreflect.ValueOfMessage(wrapperspb.Int64(v).ProtoReflect())
-}
-func protoWrapperFromUint32(v uint32) protoreflect.Value {
-	return protoreflect.ValueOfMessage(wrapperspb.UInt32(v).ProtoReflect())
-}
-func protoWrapperFromUint64(v uint64) protoreflect.Value {
-	return protoreflect.ValueOfMessage(wrapperspb.UInt64(v).ProtoReflect())
-}
-func protoWrapperFromFloat(v float32) protoreflect.Value {
-	return protoreflect.ValueOfMessage(wrapperspb.Float(v).ProtoReflect())
-}
-func protoWrapperFromDouble(v float64) protoreflect.Value {
-	return protoreflect.ValueOfMessage(wrapperspb.Double(v).ProtoReflect())
-}
-func protoWrapperFromString(v string) protoreflect.Value {
-	return protoreflect.ValueOfMessage(wrapperspb.String(v).ProtoReflect())
-}
-func protoWrapperFromBytes(v []byte) protoreflect.Value {
-	return protoreflect.ValueOfMessage(wrapperspb.Bytes(v).ProtoReflect())
-}
-
-func protoBoolWrapperFromCty(val cty.Value) (protoreflect.Value, error) {
-	v, err := boolFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoWrapperFromBool(v), nil
-}
-func protoInt32WrapperFromCty(val cty.Value) (protoreflect.Value, error) {
-	v, err := int32FromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoWrapperFromInt32(v), nil
-}
-func protoInt64WrapperFromCty(val cty.Value) (protoreflect.Value, error) {
-	v, err := int64FromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoWrapperFromInt64(v), nil
-}
-func protoUint32WrapperFromCty(val cty.Value) (protoreflect.Value, error) {
-	v, err := uint32FromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoWrapperFromUint32(v), nil
-}
-func protoUint64WrapperFromCty(val cty.Value) (protoreflect.Value, error) {
-	v, err := uint64FromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoWrapperFromUint64(v), nil
-}
-func protoFloatWrapperFromCty(val cty.Value) (protoreflect.Value, error) {
-	v, err := floatFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoWrapperFromFloat(v), nil
-}
-func protoDoubleWrapperFromCty(val cty.Value) (protoreflect.Value, error) {
-	v, err := doubleFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoWrapperFromDouble(v), nil
-}
-func protoStringWrapperFromCty(val cty.Value) (protoreflect.Value, error) {
-	v, err := stringFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoWrapperFromString(v), nil
-}
-func protoBytesWrapperFromCty(val cty.Value) (protoreflect.Value, error) {
-	v, err := bytesFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-	return protoWrapperFromBytes(v), nil
-}
-
-func protoEmptyFromCty(val cty.Value) (protoreflect.Value, error) {
-	var e emptypb.Empty
-	if val.IsNull() {
-		return protoreflect.Value{}, nil
-	}
-
-	valType := val.Type()
-	if (valType.IsObjectType() || valType.IsMapType()) && val.LengthInt() == 0 {
-		return protoreflect.ValueOfMessage(e.ProtoReflect()), nil
-	}
-
-	return protoreflect.Value{}, fmt.Errorf("well known empty type can only be represented as an hcl map/object - actual type %q", valType.FriendlyName())
-}
-
-func protoTimestampFromCty(val cty.Value) (protoreflect.Value, error) {
-	v, err := stringFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-
-	t, err := time.Parse(time.RFC3339Nano, v)
-	if err != nil {
-		return protoreflect.Value{}, fmt.Errorf("error parsing timestamp: %w", err)
-	}
-
-	if t.Before(minTime) || t.After(maxTime) {
-		return protoreflect.Value{}, fmt.Errorf("time is out of range %s to %s - %s", minTime.String(), maxTime.String(), v)
-	}
-
-	return protoreflect.ValueOfMessage(timestamppb.New(t).ProtoReflect()), nil
-}
-
-func protoDurationFromCty(val cty.Value) (protoreflect.Value, error) {
-	v, err := stringFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-
-	d, err := time.ParseDuration(v)
-	if err != nil {
-		return protoreflect.Value{}, fmt.Errorf("error parsing string duration: %w", err)
-	}
-
-	return protoreflect.ValueOfMessage(durationpb.New(d).ProtoReflect()), nil
-}
-
-func protoStructFromCty(val cty.Value) (protoreflect.Value, error) {
-	s, err := protoStructObjectFromCty(val)
-	if err != nil {
-		return protoreflect.Value{}, err
-	}
-
-	return protoreflect.ValueOfMessage(s.ProtoReflect()), nil
-}
-
-func protoStructObjectFromCty(val cty.Value) (*structpb.Struct, error) {
-	valType := val.Type()
-	if !valType.IsObjectType() && !valType.IsMapType() {
-		return nil, fmt.Errorf("Struct type must be either an object or map type")
-	}
-
-	structValues := make(map[string]*structpb.Value)
-
-	for k, v := range val.AsValueMap() {
-		vType := v.Type()
-
-		if v.IsNull() {
-			structValues[k] = structpb.NewNullValue()
-		} else if vType.IsListType() || vType.IsSetType() || vType.IsTupleType() {
-			listVal, err := protoStructListValueFromCty(v)
-			if err != nil {
-				return nil, err
-			}
-			structValues[k] = structpb.NewListValue(listVal)
-		} else if vType.IsMapType() || vType.IsObjectType() {
-			objVal, err := protoStructObjectFromCty(v)
-			if err != nil {
-				return nil, err
-			}
-			structValues[k] = structpb.NewStructValue(objVal)
-		} else if vType.IsPrimitiveType() {
-			switch vType {
-			case cty.String:
-				stringVal, err := stringFromCty(v)
-				if err != nil {
-					return nil, err
-				}
-
-				structValues[k] = structpb.NewStringValue(stringVal)
-			case cty.Bool:
-				boolVal, err := boolFromCty(v)
-				if err != nil {
-					return nil, err
-				}
-
-				structValues[k] = structpb.NewBoolValue(boolVal)
-			case cty.Number:
-				doubleVal, err := doubleFromCty(v)
-				if err != nil {
-					return nil, err
-				}
-
-				structValues[k] = structpb.NewNumberValue(doubleVal)
-			default:
-				return nil, fmt.Errorf("unknown cty primitive type: %s", vType.FriendlyName())
-			}
-		} else {
-			return nil, fmt.Errorf("unsupported cty type: %s", vType.FriendlyName())
-		}
-	}
-
-	return &structpb.Struct{
-		Fields: structValues,
-	}, nil
-}
-
-func protoStructListValueFromCty(val cty.Value) (*structpb.ListValue, error) {
-	var values []*structpb.Value
-
-	var err error
-	val.ForEachElement(func(_ cty.Value, value cty.Value) bool {
-		vType := value.Type()
-
-		if value.IsNull() {
-			values = append(values, structpb.NewNullValue())
-		} else if vType.IsListType() || vType.IsSetType() || vType.IsTupleType() {
-			var listVal *structpb.ListValue
-			listVal, err = protoStructListValueFromCty(value)
-			if err != nil {
-				return true
-			}
-			values = append(values, structpb.NewListValue(listVal))
-		} else if vType.IsMapType() || vType.IsObjectType() {
-			var objVal *structpb.Struct
-			objVal, err = protoStructObjectFromCty(value)
-			if err != nil {
-				return true
-			}
-			values = append(values, structpb.NewStructValue(objVal))
-		} else if vType.IsPrimitiveType() {
-			switch vType {
-			case cty.String:
-				var stringVal string
-				stringVal, err = stringFromCty(value)
-				if err != nil {
-					return true
-				}
-
-				values = append(values, structpb.NewStringValue(stringVal))
-			case cty.Bool:
-				var boolVal bool
-				boolVal, err = boolFromCty(value)
-				if err != nil {
-					return true
-				}
-
-				values = append(values, structpb.NewBoolValue(boolVal))
-			case cty.Number:
-				var doubleVal float64
-				doubleVal, err = doubleFromCty(value)
-				if err != nil {
-					return true
-				}
-
-				values = append(values, structpb.NewNumberValue(doubleVal))
-			default:
-				err = fmt.Errorf("unknown cty primitive type: %s", vType.FriendlyName())
-				return true
-			}
-		} else {
-			err = fmt.Errorf("unsupported cty type: %s", vType.FriendlyName())
-			return true
-		}
-		return false
-	})
-
-	if err != nil {
-		return nil, err
-	}
-
-	return &structpb.ListValue{
-		Values: values,
-	}, nil
-}
diff --git a/internal/radix/doc.go b/internal/radix/doc.go
index f69f68a2d6b0..47e8961d0d0a 100644
--- a/internal/radix/doc.go
+++ b/internal/radix/doc.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 // This packages contents were originally copied from github.com/armon/go-radix.
 // After the intial copy all the data structures were made to use Go 1.18 generics
 // instead of relying on the use of interface{} or the any type.
diff --git a/internal/radix/radix.go b/internal/radix/radix.go
index c2b7ee838935..0f1d8d772ac7 100644
--- a/internal/radix/radix.go
+++ b/internal/radix/radix.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package radix
 
 import (
diff --git a/internal/radix/radix_test.go b/internal/radix/radix_test.go
index ea7015dc29c2..9f616b73f438 100644
--- a/internal/radix/radix_test.go
+++ b/internal/radix/radix_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package radix
 
 import (
diff --git a/internal/resource/authz_ce.go b/internal/resource/authz_ce.go
deleted file mode 100644
index 4d68ccd6b98a..000000000000
--- a/internal/resource/authz_ce.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package resource
-
-import (
-	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-// AuthorizerContext builds an ACL AuthorizerContext for the given tenancy.
-func AuthorizerContext(t *pbresource.Tenancy) *acl.AuthorizerContext {
-	return &acl.AuthorizerContext{Peer: t.PeerName}
-}
diff --git a/internal/resource/decode.go b/internal/resource/decode.go
deleted file mode 100644
index 35ee0886035b..000000000000
--- a/internal/resource/decode.go
+++ /dev/null
@@ -1,69 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resource
-
-import (
-	"context"
-
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
-
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-// DecodedResource is a generic holder to contain an original Resource and its
-// decoded contents.
-type DecodedResource[T proto.Message] struct {
-	Resource *pbresource.Resource
-	Data     T
-}
-
-func (d *DecodedResource[T]) GetResource() *pbresource.Resource {
-	if d == nil {
-		return nil
-	}
-
-	return d.Resource
-}
-
-func (d *DecodedResource[T]) GetData() T {
-	if d == nil {
-		var zero T
-		return zero
-	}
-
-	return d.Data
-}
-
-// Decode will generically decode the provided resource into a 2-field
-// structure that holds onto the original Resource and the decoded contents.
-//
-// Returns an ErrDataParse on unmarshalling errors.
-func Decode[T proto.Message](res *pbresource.Resource) (*DecodedResource[T], error) {
-	var zero T
-	data := zero.ProtoReflect().New().Interface().(T)
-
-	if err := res.Data.UnmarshalTo(data); err != nil {
-		return nil, NewErrDataParse(data, err)
-	}
-	return &DecodedResource[T]{
-		Resource: res,
-		Data:     data,
-	}, nil
-}
-
-// GetDecodedResource will generically read the requested resource using the
-// client and either return nil on a NotFound or decode the response value.
-func GetDecodedResource[T proto.Message](ctx context.Context, client pbresource.ResourceServiceClient, id *pbresource.ID) (*DecodedResource[T], error) {
-	rsp, err := client.Read(ctx, &pbresource.ReadRequest{Id: id})
-	switch {
-	case status.Code(err) == codes.NotFound:
-		return nil, nil
-	case err != nil:
-		return nil, err
-	}
-
-	return Decode[T](rsp.Resource)
-}
diff --git a/internal/resource/decode_test.go b/internal/resource/decode_test.go
deleted file mode 100644
index a516673e4391..000000000000
--- a/internal/resource/decode_test.go
+++ /dev/null
@@ -1,113 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resource_test
-
-import (
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/types/known/anypb"
-
-	svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/resource/demo"
-	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	pbdemo "github.com/hashicorp/consul/proto/private/pbdemo/v2"
-	"github.com/hashicorp/consul/proto/private/prototest"
-	"github.com/hashicorp/consul/sdk/testutil"
-)
-
-func TestGetDecodedResource(t *testing.T) {
-	var (
-		baseClient = svctest.RunResourceService(t, demo.RegisterTypes)
-		client     = rtest.NewClient(baseClient)
-		ctx        = testutil.TestContext(t)
-	)
-
-	babypantsID := &pbresource.ID{
-		Type:    demo.TypeV2Artist,
-		Tenancy: resource.DefaultNamespacedTenancy(),
-		Name:    "babypants",
-	}
-
-	testutil.RunStep(t, "not found", func(t *testing.T) {
-		got, err := resource.GetDecodedResource[*pbdemo.Artist](ctx, client, babypantsID)
-		require.NoError(t, err)
-		require.Nil(t, got)
-	})
-
-	testutil.RunStep(t, "found", func(t *testing.T) {
-		data := &pbdemo.Artist{
-			Name: "caspar babypants",
-		}
-		res := rtest.Resource(demo.TypeV2Artist, "babypants").
-			WithData(t, data).
-			Write(t, client)
-
-		got, err := resource.GetDecodedResource[*pbdemo.Artist](ctx, client, babypantsID)
-		require.NoError(t, err)
-		require.NotNil(t, got)
-
-		// Clone generated fields over.
-		res.Id.Uid = got.Resource.Id.Uid
-		res.Version = got.Resource.Version
-		res.Generation = got.Resource.Generation
-
-		// Clone defaulted fields over
-		data.Genre = pbdemo.Genre_GENRE_DISCO
-
-		prototest.AssertDeepEqual(t, res, got.Resource)
-		prototest.AssertDeepEqual(t, data, got.Data)
-	})
-}
-
-func TestDecode(t *testing.T) {
-	t.Run("good", func(t *testing.T) {
-		fooData := &pbdemo.Artist{
-			Name: "caspar babypants",
-		}
-		any, err := anypb.New(fooData)
-		require.NoError(t, err)
-
-		foo := &pbresource.Resource{
-			Id: &pbresource.ID{
-				Type:    demo.TypeV2Artist,
-				Tenancy: resource.DefaultNamespacedTenancy(),
-				Name:    "babypants",
-			},
-			Data: any,
-			Metadata: map[string]string{
-				"generated_at": time.Now().Format(time.RFC3339),
-			},
-		}
-
-		dec, err := resource.Decode[*pbdemo.Artist](foo)
-		require.NoError(t, err)
-
-		prototest.AssertDeepEqual(t, foo, dec.Resource)
-		prototest.AssertDeepEqual(t, fooData, dec.Data)
-	})
-
-	t.Run("bad", func(t *testing.T) {
-		foo := &pbresource.Resource{
-			Id: &pbresource.ID{
-				Type:    demo.TypeV2Artist,
-				Tenancy: resource.DefaultNamespacedTenancy(),
-				Name:    "babypants",
-			},
-			Data: &anypb.Any{
-				TypeUrl: "garbage",
-				Value:   []byte("more garbage"),
-			},
-			Metadata: map[string]string{
-				"generated_at": time.Now().Format(time.RFC3339),
-			},
-		}
-
-		_, err := resource.Decode[*pbdemo.Artist](foo)
-		require.Error(t, err)
-	})
-}
diff --git a/internal/resource/demo/controller.go b/internal/resource/demo/controller.go
index 7f1bba902ea5..11afc3bac5e6 100644
--- a/internal/resource/demo/controller.go
+++ b/internal/resource/demo/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package demo
 
diff --git a/internal/resource/demo/controller_test.go b/internal/resource/demo/controller_test.go
index a8c2640d615a..8d4ee79c73e0 100644
--- a/internal/resource/demo/controller_test.go
+++ b/internal/resource/demo/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package demo
 
diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go
index 0a8f2e440095..20ad89c962c4 100644
--- a/internal/resource/demo/demo.go
+++ b/internal/resource/demo/demo.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package demo includes fake resource types for working on Consul's generic
 // state storage without having to refer to specific features.
@@ -22,12 +22,11 @@ import (
 )
 
 var (
-	// TypeV1RecordLabel represents a record label which artists are signed to.
-	// Used specifically as a resource to test partition only scoped resources.
-	TypeV1RecordLabel = &pbresource.Type{
-		Group:        "demo",
-		GroupVersion: "v1",
-		Kind:         "RecordLabel",
+	// TenancyDefault contains the default values for all tenancy units.
+	TenancyDefault = &pbresource.Tenancy{
+		Partition: "default",
+		PeerName:  "local",
+		Namespace: "default",
 	}
 
 	// TypeV1Artist represents a musician or group of musicians.
@@ -73,20 +72,20 @@ const (
 // TODO(spatel): We're standing-in key ACLs for demo resources until our ACL
 // system can be more modularly extended (or support generic resource permissions).
 func RegisterTypes(r resource.Registry) {
-	readACL := func(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID) error {
+	readACL := func(authz acl.Authorizer, id *pbresource.ID) error {
 		key := fmt.Sprintf("resource/%s/%s", resource.ToGVK(id.Type), id.Name)
-		return authz.ToAllowAuthorizer().KeyReadAllowed(key, authzContext)
+		return authz.ToAllowAuthorizer().KeyReadAllowed(key, &acl.AuthorizerContext{})
 	}
 
-	writeACL := func(authz acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error {
-		key := fmt.Sprintf("resource/%s/%s", resource.ToGVK(res.Id.Type), res.Id.Name)
-		return authz.ToAllowAuthorizer().KeyWriteAllowed(key, authzContext)
+	writeACL := func(authz acl.Authorizer, id *pbresource.ID) error {
+		key := fmt.Sprintf("resource/%s/%s", resource.ToGVK(id.Type), id.Name)
+		return authz.ToAllowAuthorizer().KeyWriteAllowed(key, &acl.AuthorizerContext{})
 	}
 
-	makeListACL := func(typ *pbresource.Type) func(acl.Authorizer, *acl.AuthorizerContext) error {
-		return func(authz acl.Authorizer, authzContext *acl.AuthorizerContext) error {
+	makeListACL := func(typ *pbresource.Type) func(acl.Authorizer, *pbresource.Tenancy) error {
+		return func(authz acl.Authorizer, tenancy *pbresource.Tenancy) error {
 			key := fmt.Sprintf("resource/%s", resource.ToGVK(typ))
-			return authz.ToAllowAuthorizer().KeyListAllowed(key, authzContext)
+			return authz.ToAllowAuthorizer().KeyListAllowed(key, &acl.AuthorizerContext{})
 		}
 	}
 
@@ -125,17 +124,6 @@ func RegisterTypes(r resource.Registry) {
 		return nil
 	}
 
-	r.Register(resource.Registration{
-		Type:  TypeV1RecordLabel,
-		Proto: &pbdemov1.RecordLabel{},
-		ACLs: &resource.ACLHooks{
-			Read:  readACL,
-			Write: writeACL,
-			List:  makeListACL(TypeV1RecordLabel),
-		},
-		Scope: resource.ScopePartition,
-	})
-
 	r.Register(resource.Registration{
 		Type:  TypeV1Artist,
 		Proto: &pbdemov1.Artist{},
@@ -145,7 +133,6 @@ func RegisterTypes(r resource.Registry) {
 			List:  makeListACL(TypeV1Artist),
 		},
 		Validate: validateV1ArtistFn,
-		Scope:    resource.ScopeNamespace,
 	})
 
 	r.Register(resource.Registration{
@@ -156,7 +143,6 @@ func RegisterTypes(r resource.Registry) {
 			Write: writeACL,
 			List:  makeListACL(TypeV1Album),
 		},
-		Scope: resource.ScopeNamespace,
 	})
 
 	r.Register(resource.Registration{
@@ -169,7 +155,6 @@ func RegisterTypes(r resource.Registry) {
 		},
 		Validate: validateV2ArtistFn,
 		Mutate:   mutateV2ArtistFn,
-		Scope:    resource.ScopeNamespace,
 	})
 
 	r.Register(resource.Registration{
@@ -180,30 +165,9 @@ func RegisterTypes(r resource.Registry) {
 			Write: writeACL,
 			List:  makeListACL(TypeV2Album),
 		},
-		Scope: resource.ScopeNamespace,
 	})
 }
 
-// GenerateV1RecordLabel generates a named RecordLabel resource.
-func GenerateV1RecordLabel(name string) (*pbresource.Resource, error) {
-	data, err := anypb.New(&pbdemov1.RecordLabel{Name: name})
-	if err != nil {
-		return nil, err
-	}
-
-	return &pbresource.Resource{
-		Id: &pbresource.ID{
-			Type:    TypeV1RecordLabel,
-			Tenancy: resource.DefaultPartitionedTenancy(),
-			Name:    name,
-		},
-		Data: data,
-		Metadata: map[string]string{
-			"generated_at": time.Now().Format(time.RFC3339),
-		},
-	}, nil
-}
-
 // GenerateV2Artist generates a random Artist resource.
 func GenerateV2Artist() (*pbresource.Resource, error) {
 	adjective := adjectives[rand.Intn(len(adjectives))]
@@ -227,7 +191,7 @@ func GenerateV2Artist() (*pbresource.Resource, error) {
 	return &pbresource.Resource{
 		Id: &pbresource.ID{
 			Type:    TypeV2Artist,
-			Tenancy: resource.DefaultNamespacedTenancy(),
+			Tenancy: TenancyDefault,
 			Name:    fmt.Sprintf("%s-%s", strings.ToLower(adjective), strings.ToLower(noun)),
 		},
 		Data: data,
@@ -270,7 +234,7 @@ func generateV2Album(artistID *pbresource.ID, rand *rand.Rand) (*pbresource.Reso
 	return &pbresource.Resource{
 		Id: &pbresource.ID{
 			Type:    TypeV2Album,
-			Tenancy: clone(artistID.Tenancy),
+			Tenancy: artistID.Tenancy,
 			Name:    fmt.Sprintf("%s/%s-%s", artistID.Name, strings.ToLower(adjective), strings.ToLower(noun)),
 		},
 		Owner: artistID,
diff --git a/internal/resource/equality.go b/internal/resource/equality.go
index 25e098b1a361..c7c880cddc9e 100644
--- a/internal/resource/equality.go
+++ b/internal/resource/equality.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -20,7 +20,7 @@ func EqualType(a, b *pbresource.Type) bool {
 		a.Kind == b.Kind
 }
 
-// EqualTenancy compares two resource tenancies for equality without reflection.
+// EqualType compares two resource tenancies for equality without reflection.
 func EqualTenancy(a, b *pbresource.Tenancy) bool {
 	if a == b {
 		return true
@@ -35,7 +35,7 @@ func EqualTenancy(a, b *pbresource.Tenancy) bool {
 		a.Namespace == b.Namespace
 }
 
-// EqualID compares two resource IDs for equality without reflection.
+// EqualType compares two resource IDs for equality without reflection.
 func EqualID(a, b *pbresource.ID) bool {
 	if a == b {
 		return true
@@ -120,22 +120,6 @@ func EqualReference(a, b *pbresource.Reference) bool {
 		a.Section == b.Section
 }
 
-// ReferenceOrIDMatch compares two references or IDs to see if they both refer
-// to the same thing.
-//
-// Note that this only compares fields that are common between them as
-// represented by the ReferenceOrID interface and notably ignores the section
-// field on references and the uid field on ids.
-func ReferenceOrIDMatch(ref1, ref2 ReferenceOrID) bool {
-	if ref1 == nil || ref2 == nil {
-		return false
-	}
-
-	return EqualType(ref1.GetType(), ref2.GetType()) &&
-		EqualTenancy(ref1.GetTenancy(), ref2.GetTenancy()) &&
-		ref1.GetName() == ref2.GetName()
-}
-
 // EqualStatusMap compares two status maps for equality without reflection.
 func EqualStatusMap(a, b map[string]*pbresource.Status) bool {
 	if len(a) != len(b) {
diff --git a/internal/resource/equality_test.go b/internal/resource/equality_test.go
index 841390560638..4fb7cb666b3a 100644
--- a/internal/resource/equality_test.go
+++ b/internal/resource/equality_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource_test
 
@@ -283,310 +283,6 @@ func TestEqualID(t *testing.T) {
 	})
 }
 
-func TestEqualReference(t *testing.T) {
-	t.Run("same pointer", func(t *testing.T) {
-		id := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		require.True(t, resource.EqualReference(id, id))
-	})
-
-	t.Run("equal", func(t *testing.T) {
-		a := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		b := clone(a)
-		require.True(t, resource.EqualReference(a, b))
-	})
-
-	t.Run("nil", func(t *testing.T) {
-		a := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		require.False(t, resource.EqualReference(a, nil))
-		require.False(t, resource.EqualReference(nil, a))
-	})
-
-	t.Run("different type", func(t *testing.T) {
-		a := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		b := clone(a)
-		b.Type.Kind = "album"
-		require.False(t, resource.EqualReference(a, b))
-	})
-
-	t.Run("different tenancy", func(t *testing.T) {
-		a := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		b := clone(a)
-		b.Tenancy.Namespace = "qux"
-		require.False(t, resource.EqualReference(a, b))
-	})
-
-	t.Run("different name", func(t *testing.T) {
-		a := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		b := clone(a)
-		b.Name = "boom"
-		require.False(t, resource.EqualReference(a, b))
-	})
-
-	t.Run("different section", func(t *testing.T) {
-		a := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		b := clone(a)
-		b.Section = "not-blah"
-		require.False(t, resource.EqualReference(a, b))
-	})
-}
-
-func TestReferenceOrIDMatch(t *testing.T) {
-	t.Run("equal", func(t *testing.T) {
-		a := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		b := &pbresource.ID{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name: "qux",
-			Uid:  ulid.Make().String(),
-		}
-		require.True(t, resource.ReferenceOrIDMatch(a, b))
-	})
-
-	t.Run("nil", func(t *testing.T) {
-		a := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		b := &pbresource.ID{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name: "qux",
-			Uid:  ulid.Make().String(),
-		}
-		require.False(t, resource.ReferenceOrIDMatch(a, nil))
-		require.False(t, resource.ReferenceOrIDMatch(nil, b))
-	})
-
-	t.Run("different type", func(t *testing.T) {
-		a := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		b := &pbresource.ID{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name: "qux",
-			Uid:  ulid.Make().String(),
-		}
-		b.Type.Kind = "album"
-		require.False(t, resource.ReferenceOrIDMatch(a, b))
-	})
-
-	t.Run("different tenancy", func(t *testing.T) {
-		a := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		b := &pbresource.ID{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name: "qux",
-			Uid:  ulid.Make().String(),
-		}
-		b.Tenancy.Namespace = "qux"
-		require.False(t, resource.ReferenceOrIDMatch(a, b))
-	})
-
-	t.Run("different name", func(t *testing.T) {
-		a := &pbresource.Reference{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name:    "qux",
-			Section: "blah",
-		}
-		b := &pbresource.ID{
-			Type: &pbresource.Type{
-				Group:        "demo",
-				GroupVersion: "v2",
-				Kind:         "artist",
-			},
-			Tenancy: &pbresource.Tenancy{
-				Partition: "foo",
-				PeerName:  "bar",
-				Namespace: "baz",
-			},
-			Name: "qux",
-			Uid:  ulid.Make().String(),
-		}
-		b.Name = "boom"
-		require.False(t, resource.ReferenceOrIDMatch(a, b))
-	})
-}
-
 func TestEqualStatus(t *testing.T) {
 	orig := &pbresource.Status{
 		ObservedGeneration: ulid.Make().String(),
diff --git a/internal/resource/errors.go b/internal/resource/errors.go
index dbb624c8d004..c258f9ad35b1 100644
--- a/internal/resource/errors.go
+++ b/internal/resource/errors.go
@@ -1,9 +1,10 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
 import (
+	"errors"
 	"fmt"
 
 	"github.com/hashicorp/consul/proto-public/pbresource"
@@ -11,33 +12,11 @@ import (
 )
 
 var (
-	ErrMissing                  = NewConstError("missing required field")
-	ErrEmpty                    = NewConstError("cannot be empty")
-	ErrReferenceTenancyNotEqual = NewConstError("resource tenancy and reference tenancy differ")
+	ErrMissing                  = errors.New("missing required field")
+	ErrEmpty                    = errors.New("cannot be empty")
+	ErrReferenceTenancyNotEqual = errors.New("resource tenancy and reference tenancy differ")
 )
 
-// ConstError is more or less equivalent to the stdlib errors.errorstring. However, having
-// our own exported type allows us to more accurately compare error values in tests.
-//
-//   - go-cmp will not compared unexported fields by default.
-//   - cmp.AllowUnexported(<type>) requires a concrete struct type and due to the stdlib not
-//     exporting the errorstring type there doesn't seem to be a way to get at the type.
-//   - cmpopts.EquateErrors has issues with protobuf types within other error structs.
-//
-// Due to these factors the easiest thing to do is to create a custom comparer for
-// the ConstError type and use it where necessary.
-type ConstError struct {
-	message string
-}
-
-func NewConstError(msg string) ConstError {
-	return ConstError{message: msg}
-}
-
-func (e ConstError) Error() string {
-	return e.message
-}
-
 type ErrDataParse struct {
 	TypeName string
 	Wrapped  error
diff --git a/internal/resource/errors_test.go b/internal/resource/errors_test.go
index e6739bd7fd80..990a91607723 100644
--- a/internal/resource/errors_test.go
+++ b/internal/resource/errors_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
diff --git a/internal/resource/http/http.go b/internal/resource/http/http.go
deleted file mode 100644
index 2a5cfce1fb2b..000000000000
--- a/internal/resource/http/http.go
+++ /dev/null
@@ -1,294 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package http
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"path"
-	"strings"
-
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/metadata"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/encoding/protojson"
-	"google.golang.org/protobuf/types/known/anypb"
-
-	"github.com/hashicorp/go-hclog"
-
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	HeaderConsulToken     = "x-consul-token"
-	HeaderConsistencyMode = "x-consul-consistency-mode"
-)
-
-func NewHandler(
-	client pbresource.ResourceServiceClient,
-	registry resource.Registry,
-	parseToken func(req *http.Request, token *string),
-	logger hclog.Logger) http.Handler {
-	mux := http.NewServeMux()
-	for _, t := range registry.Types() {
-		// List Endpoint
-		base := strings.ToLower(fmt.Sprintf("/%s/%s/%s", t.Type.Group, t.Type.GroupVersion, t.Type.Kind))
-		mux.Handle(base, http.StripPrefix(base, &listHandler{t, client, parseToken, logger}))
-
-		// Individual Resource Endpoints
-		prefix := strings.ToLower(fmt.Sprintf("%s/", base))
-		logger.Info("Registered resource endpoint", "endpoint", prefix)
-		mux.Handle(prefix, http.StripPrefix(prefix, &resourceHandler{t, client, parseToken, logger}))
-	}
-
-	return mux
-}
-
-type writeRequest struct {
-	Metadata map[string]string `json:"metadata"`
-	Data     json.RawMessage   `json:"data"`
-	Owner    *pbresource.ID    `json:"owner"`
-}
-
-type resourceHandler struct {
-	reg        resource.Registration
-	client     pbresource.ResourceServiceClient
-	parseToken func(req *http.Request, token *string)
-	logger     hclog.Logger
-}
-
-func (h *resourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	var token string
-	h.parseToken(r, &token)
-	ctx := metadata.AppendToOutgoingContext(r.Context(), HeaderConsulToken, token)
-	switch r.Method {
-	case http.MethodPut:
-		h.handleWrite(w, r, ctx)
-	case http.MethodGet:
-		h.handleRead(w, r, ctx)
-	case http.MethodDelete:
-		h.handleDelete(w, r, ctx)
-	default:
-		w.WriteHeader(http.StatusMethodNotAllowed)
-		return
-	}
-}
-
-func (h *resourceHandler) handleWrite(w http.ResponseWriter, r *http.Request, ctx context.Context) {
-	var req writeRequest
-	// convert req body to writeRequest
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		w.WriteHeader(http.StatusBadRequest)
-		w.Write([]byte("Request body didn't follow schema."))
-	}
-	// convert data struct to proto message
-	data := h.reg.Proto.ProtoReflect().New().Interface()
-	if err := protojson.Unmarshal(req.Data, data); err != nil {
-		w.WriteHeader(http.StatusBadRequest)
-		w.Write([]byte("Request body didn't follow schema."))
-	}
-	// proto message to any
-	anyProtoMsg, err := anypb.New(data)
-	if err != nil {
-		w.WriteHeader(http.StatusInternalServerError)
-		h.logger.Error("Failed to convert proto message to any type", "error", err)
-		return
-	}
-
-	tenancyInfo, params := parseParams(r)
-
-	rsp, err := h.client.Write(ctx, &pbresource.WriteRequest{
-		Resource: &pbresource.Resource{
-			Id: &pbresource.ID{
-				Type:    h.reg.Type,
-				Tenancy: tenancyInfo,
-				Name:    params["resourceName"],
-			},
-			Owner:    req.Owner,
-			Version:  params["version"],
-			Metadata: req.Metadata,
-			Data:     anyProtoMsg,
-		},
-	})
-	if err != nil {
-		handleResponseError(err, w, h.logger)
-		return
-	}
-
-	output, err := jsonMarshal(rsp.Resource)
-	if err != nil {
-		w.WriteHeader(http.StatusInternalServerError)
-		h.logger.Error("Failed to unmarshal GRPC resource response", "error", err)
-		return
-	}
-	w.Write(output)
-}
-
-func (h *resourceHandler) handleRead(w http.ResponseWriter, r *http.Request, ctx context.Context) {
-	tenancyInfo, params := parseParams(r)
-	if params["consistent"] != "" {
-		ctx = metadata.AppendToOutgoingContext(ctx, "x-consul-consistency-mode", "consistent")
-	}
-
-	rsp, err := h.client.Read(ctx, &pbresource.ReadRequest{
-		Id: &pbresource.ID{
-			Type:    h.reg.Type,
-			Tenancy: tenancyInfo,
-			Name:    params["resourceName"],
-		},
-	})
-	if err != nil {
-		handleResponseError(err, w, h.logger)
-		return
-	}
-
-	output, err := jsonMarshal(rsp.Resource)
-	if err != nil {
-		w.WriteHeader(http.StatusInternalServerError)
-		h.logger.Error("Failed to unmarshal GRPC resource response", "error", err)
-		return
-	}
-	w.Write(output)
-}
-
-// Note: The HTTP endpoints do not accept UID since it is quite unlikely that the user will have access to it
-func (h *resourceHandler) handleDelete(w http.ResponseWriter, r *http.Request, ctx context.Context) {
-	tenancyInfo, params := parseParams(r)
-	_, err := h.client.Delete(ctx, &pbresource.DeleteRequest{
-		Id: &pbresource.ID{
-			Type:    h.reg.Type,
-			Tenancy: tenancyInfo,
-			Name:    params["resourceName"],
-		},
-		Version: params["version"],
-	})
-	if err != nil {
-		handleResponseError(err, w, h.logger)
-		return
-	}
-	w.WriteHeader(http.StatusNoContent)
-	w.Write([]byte("{}"))
-}
-
-func parseParams(r *http.Request) (tenancy *pbresource.Tenancy, params map[string]string) {
-	query := r.URL.Query()
-	tenancy = &pbresource.Tenancy{
-		Partition: query.Get("partition"),
-		PeerName:  query.Get("peer_name"),
-		Namespace: query.Get("namespace"),
-	}
-
-	resourceName := path.Base(r.URL.Path)
-	if resourceName == "." || resourceName == "/" {
-		resourceName = ""
-	}
-
-	params = make(map[string]string)
-	params["resourceName"] = resourceName
-	params["version"] = query.Get("version")
-	params["namePrefix"] = query.Get("name_prefix")
-	if _, ok := query["consistent"]; ok {
-		params["consistent"] = "true"
-	}
-
-	return tenancy, params
-}
-
-func jsonMarshal(res *pbresource.Resource) ([]byte, error) {
-	output, err := protojson.Marshal(res)
-	if err != nil {
-		return nil, err
-	}
-
-	var stuff map[string]any
-	if err := json.Unmarshal(output, &stuff); err != nil {
-		return nil, err
-	}
-
-	delete(stuff["data"].(map[string]any), "@type")
-	return json.MarshalIndent(stuff, "", "  ")
-}
-
-func handleResponseError(err error, w http.ResponseWriter, logger hclog.Logger) {
-	if e, ok := status.FromError(err); ok {
-		switch e.Code() {
-		case codes.InvalidArgument:
-			w.WriteHeader(http.StatusBadRequest)
-			logger.Info("User has mal-formed request", "error", err)
-		case codes.NotFound:
-			w.WriteHeader(http.StatusNotFound)
-			logger.Info("Received error from resource service: Not found", "error", err)
-		case codes.PermissionDenied:
-			w.WriteHeader(http.StatusForbidden)
-			logger.Info("Received error from resource service: User not authenticated", "error", err)
-		case codes.Aborted:
-			w.WriteHeader(http.StatusConflict)
-			logger.Info("Received error from resource service: the request conflict with the current state of the target resource", "error", err)
-		default:
-			w.WriteHeader(http.StatusInternalServerError)
-			logger.Error("Received error from resource service", "error", err)
-		}
-	} else {
-		w.WriteHeader(http.StatusInternalServerError)
-		logger.Error("Received error from resource service: not able to parse error returned", "error", err)
-	}
-	w.Write([]byte(err.Error()))
-}
-
-type listHandler struct {
-	reg        resource.Registration
-	client     pbresource.ResourceServiceClient
-	parseToken func(req *http.Request, token *string)
-	logger     hclog.Logger
-}
-
-func (h *listHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodGet {
-		w.WriteHeader(http.StatusMethodNotAllowed)
-		return
-	}
-
-	var token string
-	h.parseToken(r, &token)
-	ctx := metadata.AppendToOutgoingContext(r.Context(), HeaderConsulToken, token)
-
-	tenancyInfo, params := parseParams(r)
-	if params["consistent"] == "true" {
-		ctx = metadata.AppendToOutgoingContext(ctx, HeaderConsistencyMode, "consistent")
-	}
-
-	rsp, err := h.client.List(ctx, &pbresource.ListRequest{
-		Type:       h.reg.Type,
-		Tenancy:    tenancyInfo,
-		NamePrefix: params["namePrefix"],
-	})
-	if err != nil {
-		handleResponseError(err, w, h.logger)
-		return
-	}
-
-	output := make([]json.RawMessage, len(rsp.Resources))
-	for idx, res := range rsp.Resources {
-		b, err := jsonMarshal(res)
-		if err != nil {
-			w.WriteHeader(http.StatusInternalServerError)
-			h.logger.Error("Failed to unmarshal GRPC resource response", "error", err)
-			return
-		}
-		output[idx] = b
-	}
-
-	b, err := json.MarshalIndent(struct {
-		Resources []json.RawMessage `json:"resources"`
-	}{output}, "", "  ")
-	if err != nil {
-		w.WriteHeader(http.StatusInternalServerError)
-		h.logger.Error("Failed to correctly format the list response", "error", err)
-		return
-	}
-	w.Write(b)
-}
diff --git a/internal/resource/http/http_test.go b/internal/resource/http/http_test.go
deleted file mode 100644
index 93c458ecbf4a..000000000000
--- a/internal/resource/http/http_test.go
+++ /dev/null
@@ -1,596 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package http
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-
-	"github.com/hashicorp/go-hclog"
-	"github.com/stretchr/testify/mock"
-	"github.com/stretchr/testify/require"
-
-	resourceSvc "github.com/hashicorp/consul/agent/grpc-external/services/resource"
-	svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing"
-	pbdemov1 "github.com/hashicorp/consul/proto/private/pbdemo/v1"
-
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/resource/demo"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	pbdemov2 "github.com/hashicorp/consul/proto/private/pbdemo/v2"
-	"github.com/hashicorp/consul/sdk/testutil"
-)
-
-const testACLTokenArtistReadPolicy = "00000000-0000-0000-0000-000000000001"
-const testACLTokenArtistWritePolicy = "00000000-0000-0000-0000-000000000002"
-const testACLTokenArtistListPolicy = "00000000-0000-0000-0000-000000000003"
-const fakeToken = "fake-token"
-
-func parseToken(req *http.Request, token *string) {
-	*token = req.Header.Get("x-consul-token")
-}
-
-func TestResourceHandler_InputValidation(t *testing.T) {
-	type testCase struct {
-		description          string
-		request              *http.Request
-		response             *httptest.ResponseRecorder
-		expectedResponseCode int
-	}
-	client := svctest.RunResourceService(t, demo.RegisterTypes)
-	resourceHandler := resourceHandler{
-		resource.Registration{
-			Type:  demo.TypeV2Artist,
-			Proto: &pbdemov2.Artist{},
-		},
-		client,
-		func(req *http.Request, token *string) { return },
-		hclog.NewNullLogger(),
-	}
-
-	testCases := []testCase{
-		{
-			description: "missing resource name",
-			request: httptest.NewRequest("PUT", "/?partition=default&peer_name=local&namespace=default", strings.NewReader(`
-				{
-					"metadata": {
-						"foo": "bar"
-					},
-					"data": {
-						"name": "Keith Urban",
-						"genre": "GENRE_COUNTRY"
-					}
-				}
-			`)),
-			response:             httptest.NewRecorder(),
-			expectedResponseCode: http.StatusBadRequest,
-		},
-		{
-			description: "wrong schema",
-			request: httptest.NewRequest("PUT", "/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(`
-				{
-					"metadata": {
-						"foo": "bar"
-					},
-					"dada": {
-						"name": "Keith Urban",
-						"genre": "GENRE_COUNTRY"
-					}
-				}
-			`)),
-			response:             httptest.NewRecorder(),
-			expectedResponseCode: http.StatusBadRequest,
-		},
-		{
-			description:          "no id",
-			request:              httptest.NewRequest("DELETE", "/?partition=default&peer_name=local&namespace=default", strings.NewReader("")),
-			response:             httptest.NewRecorder(),
-			expectedResponseCode: http.StatusBadRequest,
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(tc.description, func(t *testing.T) {
-			resourceHandler.ServeHTTP(tc.response, tc.request)
-
-			require.Equal(t, tc.expectedResponseCode, tc.response.Result().StatusCode)
-		})
-	}
-}
-
-func TestResourceWriteHandler(t *testing.T) {
-	aclResolver := &resourceSvc.MockACLResolver{}
-	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything).
-		Return(svctest.AuthorizerFrom(t, demo.ArtistV1ReadPolicy, demo.ArtistV2ReadPolicy), nil)
-	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything).
-		Return(svctest.AuthorizerFrom(t, demo.ArtistV1WritePolicy, demo.ArtistV2WritePolicy), nil)
-
-	client := svctest.RunResourceServiceWithACL(t, aclResolver, demo.RegisterTypes)
-
-	r := resource.NewRegistry()
-	demo.RegisterTypes(r)
-	handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
-
-	t.Run("should be blocked if the token is not authorized", func(t *testing.T) {
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(`
-			{
-				"metadata": {
-					"foo": "bar"
-				},
-				"data": {
-					"name": "Keith Urban",
-					"genre": "GENRE_COUNTRY"
-				}
-			}
-		`))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistReadPolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusForbidden, rsp.Result().StatusCode)
-	})
-
-	t.Run("should write to the resource backend", func(t *testing.T) {
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(`
-			{
-				"metadata": {
-					"foo": "bar"
-				},
-				"data": {
-					"name": "Keith Urban",
-					"genre": "GENRE_COUNTRY"
-				}
-			}
-		`))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
-
-		var result map[string]any
-		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
-		require.Equal(t, "Keith Urban", result["data"].(map[string]any)["name"])
-		require.Equal(t, "keith-urban", result["id"].(map[string]any)["name"])
-
-		readRsp, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
-			Id: &pbresource.ID{
-				Type:    demo.TypeV2Artist,
-				Tenancy: resource.DefaultNamespacedTenancy(),
-				Name:    "keith-urban",
-			},
-		})
-		require.NoError(t, err)
-		require.NotNil(t, readRsp.Resource)
-
-		var artist pbdemov2.Artist
-		require.NoError(t, readRsp.Resource.Data.UnmarshalTo(&artist))
-		require.Equal(t, "Keith Urban", artist.Name)
-	})
-
-	t.Run("should update the record with version parameter", func(t *testing.T) {
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=1", strings.NewReader(`
-			{
-				"metadata": {
-					"foo": "bar"
-				},
-				"data": {
-					"name": "Keith Urban Two",
-					"genre": "GENRE_COUNTRY"
-				}
-			}
-		`))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
-		var result map[string]any
-		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
-		require.Equal(t, "Keith Urban Two", result["data"].(map[string]any)["name"])
-		require.Equal(t, "keith-urban", result["id"].(map[string]any)["name"])
-	})
-
-	t.Run("should fail the update if the resource's version doesn't match the version of the existing resource", func(t *testing.T) {
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=1", strings.NewReader(`
-			{
-				"metadata": {
-					"foo": "bar"
-				},
-				"data": {
-					"name": "Keith Urban",
-					"genre": "GENRE_COUNTRY"
-				}
-			}
-		`))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusConflict, rsp.Result().StatusCode)
-	})
-
-	t.Run("should write to the resource backend with owner", func(t *testing.T) {
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("PUT", "/demo/v1/artist/keith-urban-v1?partition=default&peer_name=local&namespace=default", strings.NewReader(`
-			{
-				"metadata": {
-					"foo": "bar"
-				},
-				"data": {
-					"name": "Keith Urban V1",
-					"genre": "GENRE_COUNTRY"
-				},
-				"owner": {
-					"name": "keith-urban",
-					"type": {
-						"group": "demo",
-						"group_version": "v2",
-						"kind": "Artist"
-					},
-					"tenancy": {
-						"partition": "default",
-						"peer_name": "local",
-						"namespace": "default"
-					}
-				}
-			}
-		`))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
-
-		var result map[string]any
-		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
-		require.Equal(t, "Keith Urban V1", result["data"].(map[string]any)["name"])
-		require.Equal(t, "keith-urban-v1", result["id"].(map[string]any)["name"])
-
-		readRsp, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
-			Id: &pbresource.ID{
-				Type:    demo.TypeV1Artist,
-				Tenancy: resource.DefaultNamespacedTenancy(),
-				Name:    "keith-urban-v1",
-			},
-		})
-		require.NoError(t, err)
-		require.NotNil(t, readRsp.Resource)
-		require.Equal(t, "keith-urban", readRsp.Resource.Owner.Name)
-
-		var artist pbdemov1.Artist
-		require.NoError(t, readRsp.Resource.Data.UnmarshalTo(&artist))
-		require.Equal(t, "Keith Urban V1", artist.Name)
-	})
-}
-
-type ResourceUri struct {
-	group        string
-	version      string
-	kind         string
-	resourceName string
-}
-
-func createResource(t *testing.T, artistHandler http.Handler, resourceUri *ResourceUri) map[string]any {
-	rsp := httptest.NewRecorder()
-
-	if resourceUri == nil {
-		resourceUri = &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "keith-urban"}
-	}
-
-	req := httptest.NewRequest("PUT", fmt.Sprintf("/%s/%s/%s/%s?partition=default&peer_name=local&namespace=default", resourceUri.group, resourceUri.version, resourceUri.kind, resourceUri.resourceName), strings.NewReader(`
-		{
-			"metadata": {
-				"foo": "bar"
-			},
-			"data": {
-				"name": "test",
-				"genre": "GENRE_COUNTRY"
-			}
-		}
-	`))
-
-	req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
-
-	artistHandler.ServeHTTP(rsp, req)
-	require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
-
-	var result map[string]any
-	require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
-	return result
-}
-
-func deleteResource(t *testing.T, artistHandler http.Handler, resourceUri *ResourceUri) {
-	rsp := httptest.NewRecorder()
-
-	if resourceUri == nil {
-		resourceUri = &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "keith-urban"}
-	}
-
-	req := httptest.NewRequest("DELETE", fmt.Sprintf("/%s/%s/%s/%s?partition=default&peer_name=local&namespace=default", resourceUri.group, resourceUri.version, resourceUri.kind, resourceUri.resourceName), strings.NewReader(""))
-
-	req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
-
-	artistHandler.ServeHTTP(rsp, req)
-	require.Equal(t, http.StatusNoContent, rsp.Result().StatusCode)
-}
-
-func TestResourceReadHandler(t *testing.T) {
-	aclResolver := &resourceSvc.MockACLResolver{}
-	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything).
-		Return(svctest.AuthorizerFrom(t, demo.ArtistV1ReadPolicy, demo.ArtistV2ReadPolicy), nil)
-	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything).
-		Return(svctest.AuthorizerFrom(t, demo.ArtistV1WritePolicy, demo.ArtistV2WritePolicy), nil)
-	aclResolver.On("ResolveTokenAndDefaultMeta", fakeToken, mock.Anything, mock.Anything).
-		Return(svctest.AuthorizerFrom(t, ""), nil)
-
-	client := svctest.RunResourceServiceWithACL(t, aclResolver, demo.RegisterTypes)
-
-	r := resource.NewRegistry()
-	demo.RegisterTypes(r)
-	handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
-
-	createdResource := createResource(t, handler, nil)
-
-	t.Run("Read resource", func(t *testing.T) {
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("GET", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&consistent", nil)
-
-		req.Header.Add("x-consul-token", testACLTokenArtistReadPolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
-
-		var result map[string]any
-		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
-		require.Equal(t, result, createdResource)
-	})
-
-	t.Run("should not be found if resource not exist", func(t *testing.T) {
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("GET", "/demo/v2/artist/keith-not-exist?partition=default&peer_name=local&namespace=default&consistent", nil)
-
-		req.Header.Add("x-consul-token", testACLTokenArtistReadPolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusNotFound, rsp.Result().StatusCode)
-	})
-
-	t.Run("should be blocked if the token is not authorized", func(t *testing.T) {
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("GET", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&consistent", nil)
-
-		req.Header.Add("x-consul-token", fakeToken)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusForbidden, rsp.Result().StatusCode)
-	})
-}
-
-func TestResourceDeleteHandler(t *testing.T) {
-	aclResolver := &resourceSvc.MockACLResolver{}
-	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything).
-		Return(svctest.AuthorizerFrom(t, demo.ArtistV2ReadPolicy), nil)
-	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything).
-		Return(svctest.AuthorizerFrom(t, demo.ArtistV2WritePolicy), nil)
-
-	client := svctest.RunResourceServiceWithACL(t, aclResolver, demo.RegisterTypes)
-
-	r := resource.NewRegistry()
-	demo.RegisterTypes(r)
-
-	handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
-
-	t.Run("should surface PermissionDenied error from resource service", func(t *testing.T) {
-		createResource(t, handler, nil)
-
-		deleteRsp := httptest.NewRecorder()
-		deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
-
-		deletReq.Header.Add("x-consul-token", testACLTokenArtistReadPolicy)
-
-		handler.ServeHTTP(deleteRsp, deletReq)
-
-		require.Equal(t, http.StatusForbidden, deleteRsp.Result().StatusCode)
-	})
-
-	t.Run("should delete a resource without version", func(t *testing.T) {
-		createResource(t, handler, nil)
-
-		deleteRsp := httptest.NewRecorder()
-		deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
-
-		deletReq.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
-
-		handler.ServeHTTP(deleteRsp, deletReq)
-
-		require.Equal(t, http.StatusNoContent, deleteRsp.Result().StatusCode)
-
-		var result map[string]any
-		require.NoError(t, json.NewDecoder(deleteRsp.Body).Decode(&result))
-		require.Empty(t, result)
-
-		_, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
-			Id: &pbresource.ID{
-				Type:    demo.TypeV2Artist,
-				Tenancy: resource.DefaultNamespacedTenancy(),
-				Name:    "keith-urban",
-			},
-		})
-		require.ErrorContains(t, err, "resource not found")
-	})
-
-	t.Run("should delete a resource with version", func(t *testing.T) {
-		createResource(t, handler, nil)
-
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=1", strings.NewReader(""))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
-		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusNoContent, rsp.Result().StatusCode)
-
-		_, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{
-			Id: &pbresource.ID{
-				Type:    demo.TypeV2Artist,
-				Tenancy: resource.DefaultNamespacedTenancy(),
-				Name:    "keith-urban",
-			},
-		})
-		require.ErrorContains(t, err, "resource not found")
-	})
-}
-
-func TestResourceListHandler(t *testing.T) {
-	aclResolver := &resourceSvc.MockACLResolver{}
-	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistListPolicy, mock.Anything, mock.Anything).
-		Return(svctest.AuthorizerFrom(t, demo.ArtistV2ListPolicy), nil)
-	aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything).
-		Return(svctest.AuthorizerFrom(t, demo.ArtistV2WritePolicy), nil)
-
-	client := svctest.RunResourceServiceWithACL(t, aclResolver, demo.RegisterTypes)
-
-	r := resource.NewRegistry()
-	demo.RegisterTypes(r)
-
-	handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
-
-	t.Run("should return MethodNotAllowed", func(t *testing.T) {
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("PUT", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusMethodNotAllowed, rsp.Result().StatusCode)
-	})
-
-	t.Run("should be blocked if the token is not authorized", func(t *testing.T) {
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusForbidden, rsp.Result().StatusCode)
-	})
-
-	t.Run("should return list of resources", func(t *testing.T) {
-		resourceUri1 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "steve"}
-		resource1 := createResource(t, handler, resourceUri1)
-		resourceUri2 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "elvis"}
-		resource2 := createResource(t, handler, resourceUri2)
-
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
-
-		var result map[string]any
-		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
-
-		resources, _ := result["resources"].([]any)
-		require.Len(t, resources, 2)
-
-		expected := []map[string]any{resource1, resource2}
-		require.Contains(t, expected, resources[0])
-		require.Contains(t, expected, resources[1])
-
-		// clean up
-		deleteResource(t, handler, resourceUri1)
-		deleteResource(t, handler, resourceUri2)
-	})
-
-	t.Run("should return empty list when no resources are found", func(t *testing.T) {
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
-
-		var result map[string]any
-		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
-
-		resources, _ := result["resources"].([]any)
-		require.Len(t, resources, 0)
-	})
-
-	t.Run("should return empty list when name prefix matches don't match", func(t *testing.T) {
-		createResource(t, handler, nil)
-
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default&name_prefix=noname", strings.NewReader(""))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
-
-		var result map[string]any
-		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
-
-		resources, _ := result["resources"].([]any)
-		require.Len(t, resources, 0)
-
-		// clean up
-		deleteResource(t, handler, nil)
-	})
-
-	t.Run("should return list of resources matching name prefix", func(t *testing.T) {
-		resourceUri1 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "steve"}
-		resource1 := createResource(t, handler, resourceUri1)
-		resourceUri2 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "elvis"}
-		createResource(t, handler, resourceUri2)
-
-		rsp := httptest.NewRecorder()
-		req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default&name_prefix=steve", strings.NewReader(""))
-
-		req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
-
-		handler.ServeHTTP(rsp, req)
-
-		require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
-
-		var result map[string]any
-		require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
-
-		resources, _ := result["resources"].([]any)
-		require.Len(t, resources, 1)
-
-		require.Equal(t, resource1, resources[0])
-
-		// clean up
-		deleteResource(t, handler, resourceUri1)
-		deleteResource(t, handler, resourceUri2)
-	})
-}
diff --git a/internal/resource/mappers/bimapper/bimapper.go b/internal/resource/mappers/bimapper/bimapper.go
deleted file mode 100644
index b17381306737..000000000000
--- a/internal/resource/mappers/bimapper/bimapper.go
+++ /dev/null
@@ -1,304 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package bimapper
-
-import (
-	"context"
-	"fmt"
-	"sync"
-
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-// Mapper tracks bidirectional lookup for an item that contains references to
-// other items. For example: an HTTPRoute has many references to Services.
-//
-// The primary object is called the "item" and an item has many "links".
-// Tracking is done on items.
-type Mapper struct {
-	itemType, linkType *pbresource.Type
-
-	lock       sync.Mutex
-	itemToLink map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}
-	linkToItem map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}
-}
-
-// New creates a bimapper between the two required provided types.
-func New(itemType, linkType *pbresource.Type) *Mapper {
-	if itemType == nil {
-		panic("itemType is required")
-	}
-	if linkType == nil {
-		panic("linkType is required")
-	}
-	return &Mapper{
-		itemType:   itemType,
-		linkType:   linkType,
-		itemToLink: make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}),
-		linkToItem: make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}),
-	}
-}
-
-// Reset clears the internal mappings.
-func (m *Mapper) Reset() {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	m.itemToLink = make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{})
-	m.linkToItem = make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{})
-}
-
-// IsEmpty returns true if the internal structures are empty.
-func (m *Mapper) IsEmpty() bool {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	return len(m.itemToLink) == 0 && len(m.linkToItem) == 0
-}
-
-// UntrackItem removes tracking for the provided item. The item type MUST match
-// the type configured for the item.
-func (m *Mapper) UntrackItem(item resource.ReferenceOrID) {
-	if !resource.EqualType(item.GetType(), m.itemType) {
-		panic(fmt.Sprintf("expected item type %q got %q",
-			resource.TypeToString(m.itemType),
-			resource.TypeToString(item.GetType()),
-		))
-	}
-	m.untrackItem(resource.NewReferenceKey(item))
-}
-
-// UntrackLink removes tracking for the provided link. The link type MUST match
-// the type configured for the link.
-func (m *Mapper) UntrackLink(link resource.ReferenceOrID) {
-	if !resource.EqualType(link.GetType(), m.linkType) {
-		panic(fmt.Sprintf("expected link type %q got %q",
-			resource.TypeToString(m.linkType),
-			resource.TypeToString(link.GetType()),
-		))
-	}
-	m.untrackLink(resource.NewReferenceKey(link))
-}
-
-func (m *Mapper) untrackLink(link resource.ReferenceKey) {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	m.removeLinkLocked(link)
-}
-
-func (m *Mapper) untrackItem(item resource.ReferenceKey) {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	m.removeItemLocked(item)
-}
-
-// TrackItem adds tracking for the provided item. The item and link types MUST
-// match the types configured for the items and links.
-func (m *Mapper) TrackItem(item resource.ReferenceOrID, links []resource.ReferenceOrID) {
-	if !resource.EqualType(item.GetType(), m.itemType) {
-		panic(fmt.Sprintf("expected item type %q got %q",
-			resource.TypeToString(m.itemType),
-			resource.TypeToString(item.GetType()),
-		))
-	}
-
-	linksAsKeys := make([]resource.ReferenceKey, 0, len(links))
-	for _, link := range links {
-		if !resource.EqualType(link.GetType(), m.linkType) {
-			panic(fmt.Sprintf("expected link type %q got %q",
-				resource.TypeToString(m.linkType),
-				resource.TypeToString(link.GetType()),
-			))
-		}
-		linksAsKeys = append(linksAsKeys, resource.NewReferenceKey(link))
-	}
-
-	m.trackItem(resource.NewReferenceKey(item), linksAsKeys)
-}
-
-func (m *Mapper) trackItem(item resource.ReferenceKey, links []resource.ReferenceKey) {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-
-	m.removeItemLocked(item)
-	m.addItemLocked(item, links)
-}
-
-// you must hold the lock before calling this function
-func (m *Mapper) removeItemLocked(item resource.ReferenceKey) {
-	for link := range m.itemToLink[item] {
-		delete(m.linkToItem[link], item)
-		if len(m.linkToItem[link]) == 0 {
-			delete(m.linkToItem, link)
-		}
-	}
-	delete(m.itemToLink, item)
-}
-
-func (m *Mapper) removeLinkLocked(link resource.ReferenceKey) {
-	for item := range m.linkToItem[link] {
-		delete(m.itemToLink[item], link)
-		if len(m.itemToLink[item]) == 0 {
-			delete(m.itemToLink, item)
-		}
-	}
-	delete(m.linkToItem, link)
-}
-
-// you must hold the lock before calling this function
-func (m *Mapper) addItemLocked(item resource.ReferenceKey, links []resource.ReferenceKey) {
-	if m.itemToLink[item] == nil {
-		m.itemToLink[item] = make(map[resource.ReferenceKey]struct{})
-	}
-	for _, link := range links {
-		m.itemToLink[item][link] = struct{}{}
-
-		if m.linkToItem[link] == nil {
-			m.linkToItem[link] = make(map[resource.ReferenceKey]struct{})
-		}
-		m.linkToItem[link][item] = struct{}{}
-	}
-}
-
-// LinksForItem returns references to links related to the requested item.
-// Deprecated: use LinksRefs
-func (m *Mapper) LinksForItem(item *pbresource.ID) []*pbresource.Reference {
-	return m.LinkRefsForItem(item)
-}
-
-// LinkRefsForItem returns references to links related to the requested item.
-func (m *Mapper) LinkRefsForItem(item *pbresource.ID) []*pbresource.Reference {
-	if !resource.EqualType(item.Type, m.itemType) {
-		panic(fmt.Sprintf("expected item type %q got %q",
-			resource.TypeToString(m.itemType),
-			resource.TypeToString(item.Type),
-		))
-	}
-
-	m.lock.Lock()
-	defer m.lock.Unlock()
-
-	links, ok := m.itemToLink[resource.NewReferenceKey(item)]
-	if !ok {
-		return nil
-	}
-
-	out := make([]*pbresource.Reference, 0, len(links))
-	for link := range links {
-		out = append(out, link.ToReference())
-	}
-	return out
-}
-
-// LinkIDsForItem returns IDs to links related to the requested item.
-func (m *Mapper) LinkIDsForItem(item *pbresource.ID) []*pbresource.ID {
-	if !resource.EqualType(item.Type, m.itemType) {
-		panic(fmt.Sprintf("expected item type %q got %q",
-			resource.TypeToString(m.itemType),
-			resource.TypeToString(item.Type),
-		))
-	}
-
-	m.lock.Lock()
-	defer m.lock.Unlock()
-
-	links, ok := m.itemToLink[resource.NewReferenceKey(item)]
-	if !ok {
-		return nil
-	}
-
-	out := make([]*pbresource.ID, 0, len(links))
-	for l := range links {
-		out = append(out, l.ToID())
-	}
-	return out
-}
-
-// ItemsForLink returns item ids for items related to the provided link.
-// Deprecated: use ItemIDsForLink
-func (m *Mapper) ItemsForLink(link *pbresource.ID) []*pbresource.ID {
-	return m.ItemIDsForLink(link)
-}
-
-// ItemIDsForLink returns item ids for items related to the provided link.
-func (m *Mapper) ItemIDsForLink(link *pbresource.ID) []*pbresource.ID {
-	if !resource.EqualType(link.Type, m.linkType) {
-		panic(fmt.Sprintf("expected link type %q got %q",
-			resource.TypeToString(m.linkType),
-			resource.TypeToString(link.Type),
-		))
-	}
-
-	return m.itemIDsByLink(resource.NewReferenceKey(link))
-}
-
-// ItemRefsForLink returns item references for items related to the provided link.
-func (m *Mapper) ItemRefsForLink(link *pbresource.ID) []*pbresource.Reference {
-	if !resource.EqualType(link.Type, m.linkType) {
-		panic(fmt.Sprintf("expected link type %q got %q",
-			resource.TypeToString(m.linkType),
-			resource.TypeToString(link.Type),
-		))
-	}
-
-	return m.itemRefsByLink(resource.NewReferenceKey(link))
-}
-
-// MapLink is suitable as a DependencyMapper to map the provided link event to its item.
-func (m *Mapper) MapLink(_ context.Context, _ controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) {
-	link := res.Id
-
-	if !resource.EqualType(link.Type, m.linkType) {
-		return nil, fmt.Errorf("expected type %q got %q",
-			resource.TypeToString(m.linkType),
-			resource.TypeToString(link.Type),
-		)
-	}
-
-	itemIDs := m.itemIDsByLink(resource.NewReferenceKey(link))
-
-	out := make([]controller.Request, 0, len(itemIDs))
-	for _, item := range itemIDs {
-		if !resource.EqualType(item.Type, m.itemType) {
-			return nil, fmt.Errorf("expected type %q got %q",
-				resource.TypeToString(m.itemType),
-				resource.TypeToString(item.Type),
-			)
-		}
-		out = append(out, controller.Request{ID: item})
-	}
-	return out, nil
-}
-
-func (m *Mapper) itemIDsByLink(link resource.ReferenceKey) []*pbresource.ID {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-
-	items, ok := m.linkToItem[link]
-	if !ok {
-		return nil
-	}
-
-	out := make([]*pbresource.ID, 0, len(items))
-	for item := range items {
-		out = append(out, item.ToID())
-	}
-	return out
-}
-
-func (m *Mapper) itemRefsByLink(link resource.ReferenceKey) []*pbresource.Reference {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-
-	items, ok := m.linkToItem[link]
-	if !ok {
-		return nil
-	}
-
-	out := make([]*pbresource.Reference, 0, len(items))
-	for item := range items {
-		out = append(out, item.ToReference())
-	}
-	return out
-}
diff --git a/internal/resource/mappers/bimapper/bimapper_test.go b/internal/resource/mappers/bimapper/bimapper_test.go
deleted file mode 100644
index ce355bfc416d..000000000000
--- a/internal/resource/mappers/bimapper/bimapper_test.go
+++ /dev/null
@@ -1,356 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package bimapper
-
-import (
-	"context"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/internal/controller"
-	"github.com/hashicorp/consul/internal/resource"
-	rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/proto/private/prototest"
-)
-
-const (
-	fakeGroupName = "catalog"
-	fakeVersion   = "v1"
-)
-
-var (
-	fakeFooType = &pbresource.Type{
-		Group:        fakeGroupName,
-		GroupVersion: fakeVersion,
-		Kind:         "Foo",
-	}
-	fakeBarType = &pbresource.Type{
-		Group:        fakeGroupName,
-		GroupVersion: fakeVersion,
-		Kind:         "Bar",
-	}
-)
-
-func TestMapper(t *testing.T) {
-	// Create an advance pointer to some services.
-
-	randoSvc := rtest.Resource(fakeBarType, "rando").Build()
-	apiSvc := rtest.Resource(fakeBarType, "api").Build()
-	fooSvc := rtest.Resource(fakeBarType, "foo").Build()
-	barSvc := rtest.Resource(fakeBarType, "bar").Build()
-	wwwSvc := rtest.Resource(fakeBarType, "www").Build()
-
-	apiRef := newRef(fakeBarType, "api")
-	fooRef := newRef(fakeBarType, "foo")
-	barRef := newRef(fakeBarType, "bar")
-	wwwRef := newRef(fakeBarType, "www")
-
-	fail1 := rtest.Resource(fakeFooType, "api").Build()
-	fail1Refs := []resource.ReferenceOrID{
-		apiRef,
-		fooRef,
-		barRef,
-	}
-
-	fail2 := rtest.Resource(fakeFooType, "www").Build()
-	fail2Refs := []resource.ReferenceOrID{
-		wwwRef,
-		fooRef,
-	}
-
-	fail1UpdatedRefs := []resource.ReferenceOrID{
-		apiRef,
-		barRef,
-	}
-
-	m := New(fakeFooType, fakeBarType)
-
-	// Nothing tracked yet so we assume nothing.
-	requireLinksForItem(t, m, fail1.Id)
-	requireLinksForItem(t, m, fail2.Id)
-	requireItemsForLink(t, m, apiRef)
-	requireItemsForLink(t, m, fooRef)
-	requireItemsForLink(t, m, barRef)
-	requireItemsForLink(t, m, wwwRef)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc)
-	requireServicesTracked(t, m, fooSvc)
-	requireServicesTracked(t, m, barSvc)
-	requireServicesTracked(t, m, wwwSvc)
-
-	// no-ops
-	m.UntrackItem(fail1.Id)
-
-	// still nothing
-	requireLinksForItem(t, m, fail1.Id)
-	requireLinksForItem(t, m, fail2.Id)
-	requireItemsForLink(t, m, apiRef)
-	requireItemsForLink(t, m, fooRef)
-	requireItemsForLink(t, m, barRef)
-	requireItemsForLink(t, m, wwwRef)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc)
-	requireServicesTracked(t, m, fooSvc)
-	requireServicesTracked(t, m, barSvc)
-	requireServicesTracked(t, m, wwwSvc)
-
-	// Actually insert some data.
-	m.TrackItem(fail1.Id, fail1Refs)
-
-	// Check links mapping
-	requireLinksForItem(t, m, fail1.Id, fail1Refs...)
-
-	requireLinksForItem(t, m, fail1.Id, fail1Refs...)
-	requireItemsForLink(t, m, apiRef, fail1.Id)
-	requireItemsForLink(t, m, fooRef, fail1.Id)
-	requireItemsForLink(t, m, barRef, fail1.Id)
-	requireItemsForLink(t, m, wwwRef)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc, fail1.Id)
-	requireServicesTracked(t, m, fooSvc, fail1.Id)
-	requireServicesTracked(t, m, barSvc, fail1.Id)
-	requireServicesTracked(t, m, wwwSvc)
-
-	// track it again, no change
-	m.TrackItem(fail1.Id, fail1Refs)
-
-	requireLinksForItem(t, m, fail1.Id, fail1Refs...)
-	requireItemsForLink(t, m, apiRef, fail1.Id)
-	requireItemsForLink(t, m, fooRef, fail1.Id)
-	requireItemsForLink(t, m, barRef, fail1.Id)
-	requireItemsForLink(t, m, wwwRef)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc, fail1.Id)
-	requireServicesTracked(t, m, fooSvc, fail1.Id)
-	requireServicesTracked(t, m, barSvc, fail1.Id)
-	requireServicesTracked(t, m, wwwSvc)
-
-	// track new one that overlaps slightly
-	m.TrackItem(fail2.Id, fail2Refs)
-
-	// Check links mapping for the new one
-	requireLinksForItem(t, m, fail1.Id, fail1Refs...)
-	requireLinksForItem(t, m, fail2.Id, fail2Refs...)
-	requireItemsForLink(t, m, apiRef, fail1.Id)
-	requireItemsForLink(t, m, fooRef, fail1.Id, fail2.Id)
-	requireItemsForLink(t, m, barRef, fail1.Id)
-	requireItemsForLink(t, m, wwwRef, fail2.Id)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc, fail1.Id)
-	requireServicesTracked(t, m, fooSvc, fail1.Id, fail2.Id)
-	requireServicesTracked(t, m, barSvc, fail1.Id)
-	requireServicesTracked(t, m, wwwSvc, fail2.Id)
-
-	// update the original to change it
-	m.TrackItem(fail1.Id, fail1UpdatedRefs)
-
-	requireLinksForItem(t, m, fail1.Id, fail1UpdatedRefs...)
-	requireLinksForItem(t, m, fail2.Id, fail2Refs...)
-	requireItemsForLink(t, m, apiRef, fail1.Id)
-	requireItemsForLink(t, m, fooRef, fail2.Id)
-	requireItemsForLink(t, m, barRef, fail1.Id)
-	requireItemsForLink(t, m, wwwRef, fail2.Id)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc, fail1.Id)
-	requireServicesTracked(t, m, fooSvc, fail2.Id)
-	requireServicesTracked(t, m, barSvc, fail1.Id)
-	requireServicesTracked(t, m, wwwSvc, fail2.Id)
-
-	// delete the original
-	m.UntrackItem(fail1.Id)
-
-	requireLinksForItem(t, m, fail1.Id)
-	requireLinksForItem(t, m, fail2.Id, fail2Refs...)
-	requireItemsForLink(t, m, apiRef)
-	requireItemsForLink(t, m, fooRef, fail2.Id)
-	requireItemsForLink(t, m, barRef)
-	requireItemsForLink(t, m, wwwRef, fail2.Id)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc)
-	requireServicesTracked(t, m, fooSvc, fail2.Id)
-	requireServicesTracked(t, m, barSvc)
-	requireServicesTracked(t, m, wwwSvc, fail2.Id)
-
-	// delete the link
-	m.UntrackLink(newRef(fakeBarType, "www"))
-
-	requireLinksForItem(t, m, fail2.Id, newRef(fakeBarType, "foo"))
-
-	m.UntrackLink(newRef(fakeBarType, "foo"))
-
-	requireLinksForItem(t, m, fail2.Id)
-
-	// delete another item
-	m.UntrackItem(fail2.Id)
-
-	requireLinksForItem(t, m, fail1.Id)
-	requireLinksForItem(t, m, fail2.Id)
-	requireItemsForLink(t, m, apiRef)
-	requireItemsForLink(t, m, fooRef)
-	requireItemsForLink(t, m, barRef)
-	requireItemsForLink(t, m, wwwRef)
-
-	requireServicesTracked(t, m, randoSvc)
-	requireServicesTracked(t, m, apiSvc)
-	requireServicesTracked(t, m, fooSvc)
-	requireServicesTracked(t, m, barSvc)
-	requireServicesTracked(t, m, wwwSvc)
-
-	// Reset the mapper and check that its internal maps are empty.
-	m.Reset()
-	require.True(t, m.IsEmpty())
-}
-
-func TestPanics(t *testing.T) {
-	t.Run("new mapper without types", func(t *testing.T) {
-		require.PanicsWithValue(t, "itemType is required", func() {
-			New(nil, nil)
-		})
-
-		require.PanicsWithValue(t, "itemType is required", func() {
-			New(nil, fakeBarType)
-		})
-
-		require.PanicsWithValue(t, "linkType is required", func() {
-			New(fakeFooType, nil)
-		})
-	})
-
-	t.Run("UntrackItem: mismatched type", func(t *testing.T) {
-		m := New(fakeFooType, fakeBarType)
-		require.PanicsWithValue(t, "expected item type \"catalog.v1.Foo\" got \"catalog.v1.Bar\"", func() {
-			// Calling UntrackItem with link type instead of item type
-			m.UntrackItem(rtest.Resource(fakeBarType, "test").ID())
-		})
-	})
-
-	t.Run("TrackItem: mismatched item type", func(t *testing.T) {
-		m := New(fakeFooType, fakeBarType)
-		require.PanicsWithValue(t, "expected item type \"catalog.v1.Foo\" got \"catalog.v1.Bar\"", func() {
-			// Calling UntrackItem with link type instead of item type
-			m.TrackItem(rtest.Resource(fakeBarType, "test").ID(), nil)
-		})
-	})
-
-	t.Run("TrackItem: mismatched link type", func(t *testing.T) {
-		m := New(fakeFooType, fakeBarType)
-		require.PanicsWithValue(t, "expected link type \"catalog.v1.Bar\" got \"catalog.v1.Foo\"", func() {
-			// Calling UntrackItem with link type instead of item type
-			links := []resource.ReferenceOrID{
-				rtest.Resource(fakeFooType, "link").ID(),
-			}
-			m.TrackItem(rtest.Resource(fakeFooType, "test").ID(), links)
-		})
-	})
-
-	t.Run("UntrackLink: mismatched type", func(t *testing.T) {
-		m := New(fakeFooType, fakeBarType)
-		require.PanicsWithValue(t, "expected link type \"catalog.v1.Bar\" got \"catalog.v1.Foo\"", func() {
-			m.UntrackLink(rtest.Resource(fakeFooType, "test").ID())
-		})
-	})
-
-	t.Run("LinkRefsForItem: mismatched type", func(t *testing.T) {
-		m := New(fakeFooType, fakeBarType)
-		require.PanicsWithValue(t, "expected item type \"catalog.v1.Foo\" got \"catalog.v1.Bar\"", func() {
-			m.LinkRefsForItem(rtest.Resource(fakeBarType, "test").ID())
-		})
-	})
-
-	t.Run("LinkRefsForItem: mismatched type", func(t *testing.T) {
-		m := New(fakeFooType, fakeBarType)
-		require.PanicsWithValue(t, "expected item type \"catalog.v1.Foo\" got \"catalog.v1.Bar\"", func() {
-			m.LinkIDsForItem(rtest.Resource(fakeBarType, "test").ID())
-		})
-	})
-
-	t.Run("ItemRefsForLink: mismatched type", func(t *testing.T) {
-		m := New(fakeFooType, fakeBarType)
-		require.PanicsWithValue(t, "expected link type \"catalog.v1.Bar\" got \"catalog.v1.Foo\"", func() {
-			m.ItemRefsForLink(rtest.Resource(fakeFooType, "test").ID())
-		})
-	})
-
-	t.Run("ItemIDsForLink: mismatched type", func(t *testing.T) {
-		m := New(fakeFooType, fakeBarType)
-		require.PanicsWithValue(t, "expected link type \"catalog.v1.Bar\" got \"catalog.v1.Foo\"", func() {
-			m.ItemIDsForLink(rtest.Resource(fakeFooType, "test").ID())
-		})
-	})
-}
-
-func requireServicesTracked(t *testing.T, mapper *Mapper, link *pbresource.Resource, items ...*pbresource.ID) {
-	t.Helper()
-
-	reqs, err := mapper.MapLink(
-		context.Background(),
-		controller.Runtime{},
-		link,
-	)
-	require.NoError(t, err)
-
-	require.Len(t, reqs, len(items))
-
-	// Also check items IDs and Refs for link.
-	ids := mapper.ItemIDsForLink(link.Id)
-	require.Len(t, ids, len(items))
-
-	refs := mapper.ItemRefsForLink(link.Id)
-	require.Len(t, refs, len(items))
-
-	for _, item := range items {
-		prototest.AssertContainsElement(t, reqs, controller.Request{ID: item})
-		prototest.AssertContainsElement(t, ids, item)
-		prototest.AssertContainsElement(t, refs, resource.Reference(item, ""))
-	}
-}
-
-func requireItemsForLink(t *testing.T, mapper *Mapper, link *pbresource.Reference, items ...*pbresource.ID) {
-	t.Helper()
-
-	got := mapper.ItemIDsForLink(resource.IDFromReference(link))
-
-	prototest.AssertElementsMatch(t, items, got)
-}
-
-func requireLinksForItem(t *testing.T, mapper *Mapper, item *pbresource.ID, links ...resource.ReferenceOrID) {
-	t.Helper()
-
-	var expLinkRefs []*pbresource.Reference
-	var expLinkIDs []*pbresource.ID
-
-	for _, l := range links {
-		expLinkRefs = append(expLinkRefs, &pbresource.Reference{
-			Name:    l.GetName(),
-			Tenancy: l.GetTenancy(),
-			Type:    l.GetType(),
-		})
-		expLinkIDs = append(expLinkIDs, &pbresource.ID{
-			Name:    l.GetName(),
-			Tenancy: l.GetTenancy(),
-			Type:    l.GetType(),
-		})
-	}
-
-	refs := mapper.LinkRefsForItem(item)
-	require.Len(t, refs, len(links))
-	prototest.AssertElementsMatch(t, expLinkRefs, refs)
-
-	ids := mapper.LinkIDsForItem(item)
-	require.Len(t, refs, len(links))
-	prototest.AssertElementsMatch(t, expLinkIDs, ids)
-}
-
-func newRef(typ *pbresource.Type, name string) *pbresource.Reference {
-	return rtest.Resource(typ, name).Reference("")
-}
diff --git a/internal/resource/reaper/controller.go b/internal/resource/reaper/controller.go
index f8de86f92196..7a7789f986a0 100644
--- a/internal/resource/reaper/controller.go
+++ b/internal/resource/reaper/controller.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package reaper
 
diff --git a/internal/resource/reaper/controller_test.go b/internal/resource/reaper/controller_test.go
index c06ccedab582..9e6f0f3d5a07 100644
--- a/internal/resource/reaper/controller_test.go
+++ b/internal/resource/reaper/controller_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package reaper
 
diff --git a/internal/resource/reference.go b/internal/resource/reference.go
index 47c2a0da2ded..80492c98787a 100644
--- a/internal/resource/reference.go
+++ b/internal/resource/reference.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
@@ -14,26 +14,3 @@ func Reference(id *pbresource.ID, section string) *pbresource.Reference {
 		Section: section,
 	}
 }
-
-// IDFromReference returns a Reference converted into an ID. NOTE: the UID
-// field is not populated, and the Section field of a reference is dropped.
-func IDFromReference(ref *pbresource.Reference) *pbresource.ID {
-	return &pbresource.ID{
-		Type:    ref.Type,
-		Tenancy: ref.Tenancy,
-		Name:    ref.Name,
-	}
-}
-
-// ReferenceOrID is the common accessors shared by pbresource.Reference and
-// pbresource.ID.
-type ReferenceOrID interface {
-	GetType() *pbresource.Type
-	GetTenancy() *pbresource.Tenancy
-	GetName() string
-}
-
-var (
-	_ ReferenceOrID = (*pbresource.ID)(nil)
-	_ ReferenceOrID = (*pbresource.Reference)(nil)
-)
diff --git a/internal/resource/refkey.go b/internal/resource/refkey.go
deleted file mode 100644
index 44f0765c206c..000000000000
--- a/internal/resource/refkey.go
+++ /dev/null
@@ -1,93 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resource
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-// ReferenceKey is the pointer-free representation of a ReferenceOrID
-// suitable for a go map key.
-type ReferenceKey struct {
-	GVK       string
-	Partition string // Tenancy.*
-	Namespace string // Tenancy.*
-	PeerName  string // Tenancy.*
-	Name      string
-}
-
-// String returns a string representation of the ReferenceKey. This should not
-// be relied upon nor parsed and is provided just for debugging and logging
-// reasons.
-//
-// This format should be aligned with IDToString and ReferenceToString.
-func (r ReferenceKey) String() string {
-	return fmt.Sprintf("%s/%s.%s.%s/%s",
-		r.GVK,
-		orDefault(r.Partition, "default"),
-		orDefault(r.PeerName, "local"),
-		orDefault(r.Namespace, "default"),
-		r.Name,
-	)
-}
-
-func (r ReferenceKey) GetTenancy() *pbresource.Tenancy {
-	return &pbresource.Tenancy{
-		Partition: r.Partition,
-		PeerName:  r.PeerName,
-		Namespace: r.Namespace,
-	}
-}
-
-// ToReference converts this back into a pbresource.ID.
-func (r ReferenceKey) ToID() *pbresource.ID {
-	return &pbresource.ID{
-		Type:    GVKToType(r.GVK),
-		Tenancy: r.GetTenancy(),
-		Name:    r.Name,
-	}
-}
-
-// ToReference converts this back into a pbresource.Reference.
-func (r ReferenceKey) ToReference() *pbresource.Reference {
-	return &pbresource.Reference{
-		Type:    GVKToType(r.GVK),
-		Tenancy: r.GetTenancy(),
-		Name:    r.Name,
-	}
-}
-
-func (r ReferenceKey) GoString() string { return r.String() }
-
-func NewReferenceKey(refOrID ReferenceOrID) ReferenceKey {
-	return ReferenceKey{
-		GVK:       ToGVK(refOrID.GetType()),
-		Partition: orDefault(refOrID.GetTenancy().GetPartition(), "default"),
-		Namespace: orDefault(refOrID.GetTenancy().GetNamespace(), "default"),
-		PeerName:  orDefault(refOrID.GetTenancy().GetPeerName(), "local"),
-		Name:      refOrID.GetName(),
-	}
-}
-
-func orDefault(v, def string) string {
-	if v == "" {
-		return def
-	}
-	return v
-}
-
-func GVKToType(gvk string) *pbresource.Type {
-	parts := strings.Split(gvk, ".")
-	if len(parts) != 3 {
-		panic("bad gvk")
-	}
-	return &pbresource.Type{
-		Group:        parts[0],
-		GroupVersion: parts[1],
-		Kind:         parts[2],
-	}
-}
diff --git a/internal/resource/refkey_test.go b/internal/resource/refkey_test.go
deleted file mode 100644
index 8c4b5eaf92b2..000000000000
--- a/internal/resource/refkey_test.go
+++ /dev/null
@@ -1,87 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resource_test
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/resource/demo"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/proto/private/prototest"
-)
-
-func TestReferenceKey(t *testing.T) {
-	tenancy1 := &pbresource.Tenancy{}
-	tenancy1_actual := defaultTenancy()
-	tenancy2 := &pbresource.Tenancy{
-		Partition: "ap1",
-		Namespace: "ns-billing",
-		PeerName:  "peer-dc4",
-	}
-	tenancy3 := &pbresource.Tenancy{
-		Partition: "ap2",
-		Namespace: "ns-intern",
-		PeerName:  "peer-sea",
-	}
-
-	res1, err := demo.GenerateV2Artist()
-	require.NoError(t, err)
-	res1.Id.Tenancy = tenancy1
-
-	res2, err := demo.GenerateV2Artist()
-	require.NoError(t, err)
-	res2.Id.Tenancy = tenancy2
-
-	res3, err := demo.GenerateV2Artist()
-	require.NoError(t, err)
-	res3.Id.Tenancy = tenancy3
-
-	id1 := res1.Id
-	id2 := res2.Id
-	id3 := res3.Id
-
-	ref1 := resource.Reference(id1, "")
-	ref2 := resource.Reference(id2, "")
-	ref3 := resource.Reference(id3, "")
-
-	idRK1 := resource.NewReferenceKey(id1)
-	idRK2 := resource.NewReferenceKey(id2)
-	idRK3 := resource.NewReferenceKey(id3)
-
-	refRK1 := resource.NewReferenceKey(ref1)
-	refRK2 := resource.NewReferenceKey(ref2)
-	refRK3 := resource.NewReferenceKey(ref3)
-
-	require.Equal(t, idRK1, refRK1)
-	require.Equal(t, idRK2, refRK2)
-	require.Equal(t, idRK3, refRK3)
-
-	prototest.AssertDeepEqual(t, tenancy1_actual, idRK1.GetTenancy())
-	prototest.AssertDeepEqual(t, tenancy2, idRK2.GetTenancy())
-	prototest.AssertDeepEqual(t, tenancy3, idRK3.GetTenancy())
-
-	// Now that we tested the defaulting, swap out the tenancy in the id so
-	// that the comparisons work.
-	id1.Tenancy = tenancy1_actual
-	ref1.Tenancy = tenancy1_actual
-
-	prototest.AssertDeepEqual(t, id1, idRK1.ToID())
-	prototest.AssertDeepEqual(t, id2, idRK2.ToID())
-	prototest.AssertDeepEqual(t, id3, idRK3.ToID())
-
-	prototest.AssertDeepEqual(t, ref1, refRK1.ToReference())
-	prototest.AssertDeepEqual(t, ref2, refRK2.ToReference())
-	prototest.AssertDeepEqual(t, ref3, refRK3.ToReference())
-}
-
-func defaultTenancy() *pbresource.Tenancy {
-	return &pbresource.Tenancy{
-		Partition: "default",
-		Namespace: "default",
-		PeerName:  "local",
-	}
-}
diff --git a/internal/resource/registry.go b/internal/resource/registry.go
index 575bf6feafdc..0004acfff4c6 100644
--- a/internal/resource/registry.go
+++ b/internal/resource/registry.go
@@ -1,12 +1,11 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource
 
 import (
 	"fmt"
 	"regexp"
-	"strings"
 	"sync"
 
 	"google.golang.org/protobuf/proto"
@@ -27,8 +26,6 @@ type Registry interface {
 
 	// Resolve the given resource type and its hooks.
 	Resolve(typ *pbresource.Type) (reg Registration, ok bool)
-
-	Types() []Registration
 }
 
 type Registration struct {
@@ -45,12 +42,11 @@ type Registration struct {
 	// check for required fields).
 	Validate func(*pbresource.Resource) error
 
-	// Mutate is called to fill out any autogenerated fields (e.g. UUIDs) or
-	// apply defaults before validation.
+	// Mutate is called to fill out any autogenerated fields (e.g. UUIDs).
 	Mutate func(*pbresource.Resource) error
 
-	// Scope describes the tenancy scope of a resource.
-	Scope Scope
+	// In the future, we'll add hooks, the controller etc. here.
+	// TODO: https://github.com/hashicorp/consul/pull/16622#discussion_r1134515909
 }
 
 type ACLHooks struct {
@@ -58,17 +54,17 @@ type ACLHooks struct {
 	// RPCs.
 	//
 	// If it is omitted, `operator:read` permission is assumed.
-	Read func(acl.Authorizer, *acl.AuthorizerContext, *pbresource.ID) error
+	Read func(acl.Authorizer, *pbresource.ID) error
 
 	// Write is used to authorize Write and Delete RPCs.
 	//
 	// If it is omitted, `operator:write` permission is assumed.
-	Write func(acl.Authorizer, *acl.AuthorizerContext, *pbresource.Resource) error
+	Write func(acl.Authorizer, *pbresource.ID) error
 
 	// List is used to authorize List RPCs.
 	//
 	// If it is omitted, we only filter the results using Read.
-	List func(acl.Authorizer, *acl.AuthorizerContext) error
+	List func(acl.Authorizer, *pbresource.Tenancy) error
 }
 
 // Resource type registry
@@ -120,17 +116,17 @@ func (r *TypeRegistry) Register(registration Registration) {
 		registration.ACLs = &ACLHooks{}
 	}
 	if registration.ACLs.Read == nil {
-		registration.ACLs.Read = func(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID) error {
-			return authz.ToAllowAuthorizer().OperatorReadAllowed(authzContext)
+		registration.ACLs.Read = func(authz acl.Authorizer, id *pbresource.ID) error {
+			return authz.ToAllowAuthorizer().OperatorReadAllowed(&acl.AuthorizerContext{})
 		}
 	}
 	if registration.ACLs.Write == nil {
-		registration.ACLs.Write = func(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.Resource) error {
-			return authz.ToAllowAuthorizer().OperatorWriteAllowed(authzContext)
+		registration.ACLs.Write = func(authz acl.Authorizer, id *pbresource.ID) error {
+			return authz.ToAllowAuthorizer().OperatorWriteAllowed(&acl.AuthorizerContext{})
 		}
 	}
 	if registration.ACLs.List == nil {
-		registration.ACLs.List = func(authz acl.Authorizer, authzContext *acl.AuthorizerContext) error {
+		registration.ACLs.List = func(authz acl.Authorizer, tenancy *pbresource.Tenancy) error {
 			return authz.ToAllowAuthorizer().OperatorReadAllowed(&acl.AuthorizerContext{})
 		}
 	}
@@ -158,29 +154,6 @@ func (r *TypeRegistry) Resolve(typ *pbresource.Type) (reg Registration, ok bool)
 	return Registration{}, false
 }
 
-func (r *TypeRegistry) Types() []Registration {
-	r.lock.RLock()
-	defer r.lock.RUnlock()
-
-	types := make([]Registration, 0, len(r.registrations))
-	for _, v := range r.registrations {
-		types = append(types, v)
-	}
-	return types
-}
-
 func ToGVK(resourceType *pbresource.Type) string {
 	return fmt.Sprintf("%s.%s.%s", resourceType.Group, resourceType.GroupVersion, resourceType.Kind)
 }
-
-func ParseGVK(gvk string) (*pbresource.Type, error) {
-	parts := strings.Split(gvk, ".")
-	if len(parts) != 3 {
-		return nil, fmt.Errorf("GVK string must be in the form <Group>.<GroupVersion>.<Kind>, got: %s", gvk)
-	}
-	return &pbresource.Type{
-		Group:        parts[0],
-		GroupVersion: parts[1],
-		Kind:         parts[2],
-	}, nil
-}
diff --git a/internal/resource/registry_test.go b/internal/resource/registry_test.go
index a7d3ec6a1187..c9d1777159f8 100644
--- a/internal/resource/registry_test.go
+++ b/internal/resource/registry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package resource_test
 
@@ -43,16 +43,16 @@ func TestRegister_Defaults(t *testing.T) {
 	require.True(t, ok)
 
 	// verify default read hook requires operator:read
-	require.NoError(t, reg.ACLs.Read(testutils.ACLOperatorRead(t), nil, artist.Id))
-	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Read(testutils.ACLNoPermissions(t), nil, artist.Id)))
+	require.NoError(t, reg.ACLs.Read(testutils.ACLOperatorRead(t), artist.Id))
+	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Read(testutils.ACLNoPermissions(t), artist.Id)))
 
 	// verify default write hook requires operator:write
-	require.NoError(t, reg.ACLs.Write(testutils.ACLOperatorWrite(t), nil, artist))
-	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Write(testutils.ACLNoPermissions(t), nil, artist)))
+	require.NoError(t, reg.ACLs.Write(testutils.ACLOperatorWrite(t), artist.Id))
+	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.Write(testutils.ACLNoPermissions(t), artist.Id)))
 
 	// verify default list hook requires operator:read
-	require.NoError(t, reg.ACLs.List(testutils.ACLOperatorRead(t), nil))
-	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.List(testutils.ACLNoPermissions(t), nil)))
+	require.NoError(t, reg.ACLs.List(testutils.ACLOperatorRead(t), artist.Id.Tenancy))
+	require.True(t, acl.IsErrPermissionDenied(reg.ACLs.List(testutils.ACLNoPermissions(t), artist.Id.Tenancy)))
 
 	// verify default validate is a no-op
 	require.NoError(t, reg.Validate(nil))
diff --git a/internal/resource/resourcetest/builder.go b/internal/resource/resourcetest/builder.go
index 86294ce57105..7355f38824ec 100644
--- a/internal/resource/resourcetest/builder.go
+++ b/internal/resource/resourcetest/builder.go
@@ -1,24 +1,14 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package resourcetest
 
 import (
-	"strings"
+	"context"
 
+	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/oklog/ulid/v2"
 	"github.com/stretchr/testify/require"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/types/known/anypb"
-
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/storage"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/sdk/testutil"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
 )
 
 type resourceBuilder struct {
@@ -37,8 +27,8 @@ func Resource(rtype *pbresource.Type, name string) *resourceBuilder {
 					Kind:         rtype.Kind,
 				},
 				Tenancy: &pbresource.Tenancy{
-					Partition: resource.DefaultPartitionName,
-					Namespace: resource.DefaultNamespaceName,
+					Partition: "default",
+					Namespace: "default",
 					PeerName:  "local",
 				},
 				Name: name,
@@ -47,19 +37,6 @@ func Resource(rtype *pbresource.Type, name string) *resourceBuilder {
 	}
 }
 
-func ResourceID(id *pbresource.ID) *resourceBuilder {
-	return &resourceBuilder{
-		resource: &pbresource.Resource{
-			Id: id,
-		},
-	}
-}
-
-func (b *resourceBuilder) WithTenancy(tenant *pbresource.Tenancy) *resourceBuilder {
-	b.resource.Id.Tenancy = tenant
-	return b
-}
-
 func (b *resourceBuilder) WithData(t T, data protoreflect.ProtoMessage) *resourceBuilder {
 	t.Helper()
 
@@ -128,47 +105,25 @@ func (b *resourceBuilder) ID() *pbresource.ID {
 	return b.resource.Id
 }
 
-func (b *resourceBuilder) Reference(section string) *pbresource.Reference {
-	return resource.Reference(b.ID(), section)
-}
-
 func (b *resourceBuilder) Write(t T, client pbresource.ResourceServiceClient) *pbresource.Resource {
 	t.Helper()
 
-	ctx := testutil.TestContext(t)
-
 	res := b.resource
 
-	var rsp *pbresource.WriteResponse
-	var err error
-
-	// Retry any writes where the error is a UID mismatch and the UID was not specified. This is indicative
-	// of using a follower to rewrite an object who is not perfectly in-sync with the leader.
-	retry.Run(t, func(r *retry.R) {
-		rsp, err = client.Write(ctx, &pbresource.WriteRequest{
-			Resource: res,
-		})
-
-		if err == nil || res.Id.Uid != "" || status.Code(err) != codes.FailedPrecondition {
-			if err != nil {
-				t.Logf("write saw error: %v", err)
-			}
-			return
-		}
-
-		if strings.Contains(err.Error(), storage.ErrWrongUid.Error()) {
-			r.Fatalf("resource write failed due to uid mismatch - most likely a transient issue when talking to a non-leader")
-		} else {
-			// other errors are unexpected and should cause an immediate failure
-			r.Stop(err)
-		}
+	rsp, err := client.Write(context.Background(), &pbresource.WriteRequest{
+		Resource: res,
 	})
 
+	require.NoError(t, err)
+
 	if !b.dontCleanup {
-		id := proto.Clone(rsp.Resource.Id).(*pbresource.ID)
-		id.Uid = ""
-		t.Cleanup(func() {
-			NewClient(client).MustDelete(t, id)
+		cleaner, ok := t.(CleanupT)
+		require.True(t, ok, "T does not implement a Cleanup method and cannot be used with automatic resource cleanup")
+		cleaner.Cleanup(func() {
+			_, err := client.Delete(context.Background(), &pbresource.DeleteRequest{
+				Id: rsp.Resource.Id,
+			})
+			require.NoError(t, err)
 		})
 	}
 
@@ -181,7 +136,7 @@ func (b *resourceBuilder) Write(t T, client pbresource.ResourceServiceClient) *p
 			ObservedGeneration: rsp.Resource.Generation,
 			Conditions:         original.Conditions,
 		}
-		_, err := client.WriteStatus(ctx, &pbresource.WriteStatusRequest{
+		_, err := client.WriteStatus(context.Background(), &pbresource.WriteStatusRequest{
 			Id:     rsp.Resource.Id,
 			Key:    key,
 			Status: status,
@@ -189,7 +144,7 @@ func (b *resourceBuilder) Write(t T, client pbresource.ResourceServiceClient) *p
 		require.NoError(t, err)
 	}
 
-	readResp, err := client.Read(ctx, &pbresource.ReadRequest{
+	readResp, err := client.Read(context.Background(), &pbresource.ReadRequest{
 		Id: rsp.Resource.Id,
 	})
 
diff --git a/internal/resource/resourcetest/client.go b/internal/resource/resourcetest/client.go
index f3b3bd799fe2..dab5b03c3adb 100644
--- a/internal/resource/resourcetest/client.go
+++ b/internal/resource/resourcetest/client.go
@@ -1,22 +1,17 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package resourcetest
 
 import (
-	"fmt"
+	"context"
 	"math/rand"
 	"time"
 
+	"github.com/hashicorp/consul/internal/resource"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/exp/slices"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/sdk/testutil"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
 )
 
 type Client struct {
@@ -40,14 +35,11 @@ func (client *Client) SetRetryerConfig(timeout time.Duration, wait time.Duration
 }
 
 func (client *Client) retry(t T, fn func(r *retry.R)) {
-	t.Helper()
 	retryer := &retry.Timer{Timeout: client.timeout, Wait: client.wait}
 	retry.RunWith(retryer, t, fn)
 }
 
 func (client *Client) PublishResources(t T, resources []*pbresource.Resource) {
-	ctx := testutil.TestContext(t)
-
 	// Randomize the order of insertion. Generally insertion order shouldn't matter as the
 	// controllers should eventually converge on the desired state. The exception to this
 	// is that you cannot insert resources with owner refs before the resource they are
@@ -82,17 +74,12 @@ func (client *Client) PublishResources(t T, resources []*pbresource.Resource) {
 			}
 
 			t.Logf("Writing resource %s with type %s", res.Id.Name, resource.ToGVK(res.Id.Type))
-			rsp, err := client.Write(ctx, &pbresource.WriteRequest{
+			_, err := client.Write(context.Background(), &pbresource.WriteRequest{
 				Resource: res,
 			})
 			require.NoError(t, err)
 
-			id := rsp.Resource.Id
-			t.Cleanup(func() {
-				client.MustDelete(t, id)
-			})
-
-			// track the number of resources published
+			// track the number o
 			published += 1
 			written = append(written, res.Id)
 		}
@@ -114,7 +101,7 @@ func (client *Client) PublishResources(t T, resources []*pbresource.Resource) {
 func (client *Client) RequireResourceNotFound(t T, id *pbresource.ID) {
 	t.Helper()
 
-	rsp, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{Id: id})
+	rsp, err := client.Read(context.Background(), &pbresource.ReadRequest{Id: id})
 	require.Error(t, err)
 	require.Equal(t, codes.NotFound, status.Code(err))
 	require.Nil(t, rsp)
@@ -123,7 +110,7 @@ func (client *Client) RequireResourceNotFound(t T, id *pbresource.ID) {
 func (client *Client) RequireResourceExists(t T, id *pbresource.ID) *pbresource.Resource {
 	t.Helper()
 
-	rsp, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{Id: id})
+	rsp, err := client.Read(context.Background(), &pbresource.ReadRequest{Id: id})
 	require.NoError(t, err, "error reading %s with type %s", id.Name, resource.ToGVK(id.Type))
 	require.NotNil(t, rsp)
 	return rsp.Resource
@@ -161,16 +148,6 @@ func (client *Client) RequireStatusConditionForCurrentGen(t T, id *pbresource.ID
 	return res
 }
 
-func (client *Client) RequireStatusConditionsForCurrentGen(t T, id *pbresource.ID, statusKey string, conditions []*pbresource.Condition) *pbresource.Resource {
-	t.Helper()
-
-	res := client.RequireResourceExists(t, id)
-	for _, condition := range conditions {
-		RequireStatusConditionForCurrentGen(t, res, statusKey, condition)
-	}
-	return res
-}
-
 func (client *Client) RequireResourceMeta(t T, id *pbresource.ID, key string, value string) *pbresource.Resource {
 	t.Helper()
 
@@ -204,18 +181,7 @@ func (client *Client) WaitForStatusCondition(t T, id *pbresource.ID, statusKey s
 
 	var res *pbresource.Resource
 	client.retry(t, func(r *retry.R) {
-		res = client.RequireStatusConditionForCurrentGen(r, id, statusKey, condition)
-	})
-
-	return res
-}
-
-func (client *Client) WaitForStatusConditions(t T, id *pbresource.ID, statusKey string, conditions ...*pbresource.Condition) *pbresource.Resource {
-	t.Helper()
-
-	var res *pbresource.Resource
-	client.retry(t, func(r *retry.R) {
-		res = client.RequireStatusConditionsForCurrentGen(r, id, statusKey, conditions)
+		res = client.RequireStatusConditionForCurrentGen(t, id, statusKey, condition)
 	})
 
 	return res
@@ -243,14 +209,6 @@ func (client *Client) WaitForResourceState(t T, id *pbresource.ID, verify func(T
 	return res
 }
 
-func (client *Client) WaitForDeletion(t T, id *pbresource.ID) {
-	t.Helper()
-
-	client.retry(t, func(r *retry.R) {
-		client.RequireResourceNotFound(r, id)
-	})
-}
-
 // ResolveResourceID will read the specified resource and returns its full ID.
 // This is mainly useful to get the ID with the Uid filled out.
 func (client *Client) ResolveResourceID(t T, id *pbresource.ID) *pbresource.ID {
@@ -258,24 +216,3 @@ func (client *Client) ResolveResourceID(t T, id *pbresource.ID) *pbresource.ID {
 
 	return client.RequireResourceExists(t, id).Id
 }
-
-func (client *Client) MustDelete(t T, id *pbresource.ID) {
-	t.Helper()
-	ctx := testutil.TestContext(t)
-
-	client.retry(t, func(r *retry.R) {
-		_, err := client.Delete(ctx, &pbresource.DeleteRequest{Id: id})
-		if status.Code(err) == codes.NotFound {
-			return
-		}
-
-		// codes.Aborted indicates a CAS failure and that the delete request should
-		// be retried. Anything else should be considered an unrecoverable error.
-		if err != nil && status.Code(err) != codes.Aborted {
-			r.Stop(fmt.Errorf("failed to delete the resource: %w", err))
-			return
-		}
-
-		require.NoError(r, err)
-	})
-}
diff --git a/internal/resource/resourcetest/decode.go b/internal/resource/resourcetest/decode.go
deleted file mode 100644
index d68fff865517..000000000000
--- a/internal/resource/resourcetest/decode.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resourcetest
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/proto"
-
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-func MustDecode[T proto.Message](t *testing.T, res *pbresource.Resource) *resource.DecodedResource[T] {
-	dec, err := resource.Decode[T](res)
-	require.NoError(t, err)
-	return dec
-}
diff --git a/internal/resource/resourcetest/fs.go b/internal/resource/resourcetest/fs.go
index a31ac0f10c4b..e7a1417a5908 100644
--- a/internal/resource/resourcetest/fs.go
+++ b/internal/resource/resourcetest/fs.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package resourcetest
 
 import (
diff --git a/internal/resource/resourcetest/require.go b/internal/resource/resourcetest/require.go
index b57bab8b2e3a..fff8cb2aebf2 100644
--- a/internal/resource/resourcetest/require.go
+++ b/internal/resource/resourcetest/require.go
@@ -1,42 +1,13 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package resourcetest
 
 import (
 	"github.com/google/go-cmp/cmp"
-	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 	"github.com/hashicorp/consul/proto/private/prototest"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/testing/protocmp"
 )
 
-// CompareErrorString is a helper to generate a custom go-cmp comparer method
-// that will perform an equality check on the error message. This is mainly
-// useful to get around not being able to see unexported data within errors.
-func CompareErrorString[T error]() cmp.Option {
-	return cmp.Comparer(func(e1, e2 T) bool {
-		return e1.Error() == e2.Error()
-	})
-}
-
-// default comparers for known types that don't play well with go-cmp
-var comparers = []cmp.Option{
-	CompareErrorString[resource.ConstError](),
-}
-
-// RequireError is useful for asserting that some chained multierror contains a specific error.
-func RequireError[E error](t T, err error, expected E, opts ...cmp.Option) {
-	t.Helper()
-
-	var actual E
-	require.ErrorAs(t, err, &actual)
-
-	opts = append(opts, comparers...)
-	prototest.AssertDeepEqual(t, expected, actual, opts...)
-}
-
 func RequireVersionUnchanged(t T, res *pbresource.Resource, version string) {
 	t.Helper()
 	require.Equal(t, version, res.Version)
diff --git a/internal/resource/resourcetest/testing.go b/internal/resource/resourcetest/testing.go
index 1be9947226bd..d02b70da9d03 100644
--- a/internal/resource/resourcetest/testing.go
+++ b/internal/resource/resourcetest/testing.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package resourcetest
 
 // T represents the subset of testing.T methods that will be used
@@ -12,5 +9,9 @@ type T interface {
 	Errorf(format string, args ...interface{})
 	Fatalf(format string, args ...interface{})
 	FailNow()
+}
+
+type CleanupT interface {
+	T
 	Cleanup(func())
 }
diff --git a/internal/resource/resourcetest/validation.go b/internal/resource/resourcetest/validation.go
deleted file mode 100644
index d7588221186f..000000000000
--- a/internal/resource/resourcetest/validation.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resourcetest
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-func ValidateAndNormalize(t *testing.T, registry resource.Registry, res *pbresource.Resource) {
-	typ := res.Id.Type
-
-	typeInfo, ok := registry.Resolve(typ)
-	if !ok {
-		t.Fatalf("unhandled resource type: %q", resource.ToGVK(typ))
-	}
-
-	if typeInfo.Mutate != nil {
-		require.NoError(t, typeInfo.Mutate(res), "failed to apply type mutation to resource")
-	}
-
-	if typeInfo.Validate != nil {
-		require.NoError(t, typeInfo.Validate(res), "failed to validate resource")
-	}
-}
diff --git a/internal/resource/stringer.go b/internal/resource/stringer.go
deleted file mode 100644
index 075c08ac0d9c..000000000000
--- a/internal/resource/stringer.go
+++ /dev/null
@@ -1,60 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resource
-
-import (
-	"fmt"
-
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-// IDToString returns a string representation of pbresource.ID. This should not
-// be relied upon nor parsed and is provided just for debugging and logging
-// reasons.
-//
-// This format should be aligned with ReferenceToString and
-// (ReferenceKey).String.
-func IDToString(id *pbresource.ID) string {
-	s := fmt.Sprintf("%s/%s/%s",
-		TypeToString(id.Type),
-		TenancyToString(id.Tenancy),
-		id.Name,
-	)
-	if id.Uid != "" {
-		return s + "?uid=" + id.Uid
-	}
-	return s
-}
-
-// ReferenceToString returns a string representation of pbresource.Reference.
-// This should not be relied upon nor parsed and is provided just for debugging
-// and logging reasons.
-//
-// This format should be aligned with IDToString and (ReferenceKey).String.
-func ReferenceToString(ref *pbresource.Reference) string {
-	s := fmt.Sprintf("%s/%s/%s",
-		TypeToString(ref.Type),
-		TenancyToString(ref.Tenancy),
-		ref.Name,
-	)
-
-	if ref.Section != "" {
-		return s + "?section=" + ref.Section
-	}
-	return s
-}
-
-// TenancyToString returns a string representation of pbresource.Tenancy. This
-// should not be relied upon nor parsed and is provided just for debugging and
-// logging reasons.
-func TenancyToString(tenancy *pbresource.Tenancy) string {
-	return fmt.Sprintf("%s.%s.%s", tenancy.Partition, tenancy.PeerName, tenancy.Namespace)
-}
-
-// TypeToString returns a string representation of pbresource.Type. This should
-// not be relied upon nor parsed and is provided just for debugging and logging
-// reasons.
-func TypeToString(typ *pbresource.Type) string {
-	return ToGVK(typ)
-}
diff --git a/internal/resource/tenancy.go b/internal/resource/tenancy.go
deleted file mode 100644
index 16032205badd..000000000000
--- a/internal/resource/tenancy.go
+++ /dev/null
@@ -1,80 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resource
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-const (
-	DefaultPartitionName = "default"
-	DefaultNamespaceName = "default"
-)
-
-// Scope describes the tenancy scope of a resource.
-type Scope int
-
-const (
-	// There is no default scope, it must be set explicitly.
-	ScopeUndefined Scope = iota
-	// ScopeCluster describes a resource that is scoped to a cluster.
-	ScopeCluster
-	// ScopePartition describes a resource that is scoped to a partition.
-	ScopePartition
-	// ScopeNamespace applies to a resource that is scoped to a partition and namespace.
-	ScopeNamespace
-)
-
-func (s Scope) String() string {
-	switch s {
-	case ScopeUndefined:
-		return "undefined"
-	case ScopeCluster:
-		return "cluster"
-	case ScopePartition:
-		return "partition"
-	case ScopeNamespace:
-		return "namespace"
-	}
-	panic(fmt.Sprintf("string mapping missing for scope %v", int(s)))
-}
-
-// Normalize lowercases the partition and namespace.
-func Normalize(tenancy *pbresource.Tenancy) {
-	if tenancy == nil {
-		return
-	}
-	tenancy.Partition = strings.ToLower(tenancy.Partition)
-	tenancy.Namespace = strings.ToLower(tenancy.Namespace)
-}
-
-// DefaultClusteredTenancy returns the default tenancy for a cluster scoped resource.
-func DefaultClusteredTenancy() *pbresource.Tenancy {
-	return &pbresource.Tenancy{
-		// TODO(spatel): Remove as part of "peer is not part of tenancy" ADR
-		PeerName: "local",
-	}
-}
-
-// DefaultPartitionedTenancy returns the default tenancy for a partition scoped resource.
-func DefaultPartitionedTenancy() *pbresource.Tenancy {
-	return &pbresource.Tenancy{
-		Partition: DefaultPartitionName,
-		// TODO(spatel): Remove as part of "peer is not part of tenancy" ADR
-		PeerName: "local",
-	}
-}
-
-// DefaultNamespedTenancy returns the default tenancy for a namespace scoped resource.
-func DefaultNamespacedTenancy() *pbresource.Tenancy {
-	return &pbresource.Tenancy{
-		Partition: DefaultPartitionName,
-		Namespace: DefaultNamespaceName,
-		// TODO(spatel): Remove as part of "peer is not part of tenancy" ADR
-		PeerName: "local",
-	}
-}
diff --git a/internal/resource/tombstone.go b/internal/resource/tombstone.go
index d86ae96ec4d5..6d0285c602de 100644
--- a/internal/resource/tombstone.go
+++ b/internal/resource/tombstone.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package resource
 
 import "github.com/hashicorp/consul/proto-public/pbresource"
diff --git a/internal/resourcehcl/any.go b/internal/resourcehcl/any.go
deleted file mode 100644
index 3d797c48e5b8..000000000000
--- a/internal/resourcehcl/any.go
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resourcehcl
-
-import (
-	"errors"
-	"fmt"
-
-	"google.golang.org/protobuf/reflect/protoreflect"
-
-	"github.com/hashicorp/consul/internal/protohcl"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-// anyProvider implements protohcl.AnyTypeProvider to infer the `Data` block
-// type from `ID.Type`.
-type anyProvider struct {
-	base protohcl.AnyTypeProvider
-	reg  resource.Registry
-}
-
-func (p anyProvider) AnyType(ctx *protohcl.UnmarshalContext, decoder protohcl.MessageDecoder) (protoreflect.FullName, protohcl.MessageDecoder, error) {
-	if ctx.Name != "Data" {
-		return p.base.AnyType(ctx, decoder)
-	}
-
-	if ctx.Parent == nil || ctx.Parent.Message == nil {
-		return p.base.AnyType(ctx, decoder)
-	}
-
-	res, isResource := ctx.Parent.Message.Interface().(*pbresource.Resource)
-	if !isResource {
-		return p.base.AnyType(ctx, decoder)
-	}
-
-	resourceType := res.GetId().GetType()
-	if res == nil {
-		return "", nil, errors.New("ID.Type not found")
-	}
-
-	reg, ok := p.reg.Resolve(resourceType)
-	if !ok {
-		return "", nil, fmt.Errorf("unknown resource type: %s", resource.ToGVK(resourceType))
-	}
-
-	return reg.Proto.ProtoReflect().Descriptor().FullName(), decoder, nil
-}
diff --git a/internal/resourcehcl/naming.go b/internal/resourcehcl/naming.go
deleted file mode 100644
index a1160cc32363..000000000000
--- a/internal/resourcehcl/naming.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resourcehcl
-
-import (
-	"strings"
-
-	"google.golang.org/protobuf/reflect/protoreflect"
-)
-
-// fieldNamer implements protohcl.FieldNamer to name fields using PascalCase
-// with support for acroynms (e.g. ID, TCP).
-type fieldNamer struct{ acroynms []string }
-
-func (n fieldNamer) NameField(fd protoreflect.FieldDescriptor) string {
-	camel := fd.JSONName()
-	upper := strings.ToUpper(camel)
-
-	for _, a := range n.acroynms {
-		if upper == a {
-			return a
-		}
-	}
-
-	return strings.ToUpper(camel[:1]) + camel[1:]
-}
-
-func (n fieldNamer) GetField(fds protoreflect.FieldDescriptors, name string) protoreflect.FieldDescriptor {
-	for _, a := range n.acroynms {
-		if name == a {
-			return fds.ByJSONName(strings.ToLower(a))
-		}
-	}
-
-	camel := strings.ToLower(name[:1]) + name[1:]
-	return fds.ByJSONName(camel)
-}
diff --git a/internal/resourcehcl/testdata/gvk-no-arguments.error b/internal/resourcehcl/testdata/gvk-no-arguments.error
deleted file mode 100644
index 1c290dd3d613..000000000000
--- a/internal/resourcehcl/testdata/gvk-no-arguments.error
+++ /dev/null
@@ -1 +0,0 @@
-gvk-no-arguments.hcl:2,14-15: Not enough function arguments; Function "gvk" expects 1 argument(s). Missing value for "GVK String".
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/gvk-no-arguments.hcl b/internal/resourcehcl/testdata/gvk-no-arguments.hcl
deleted file mode 100644
index 69aee02b2cfa..000000000000
--- a/internal/resourcehcl/testdata/gvk-no-arguments.hcl
+++ /dev/null
@@ -1,4 +0,0 @@
-ID {
-  Type = gvk()
-  Name = "foo"
-}
diff --git a/internal/resourcehcl/testdata/invalid-group.error b/internal/resourcehcl/testdata/invalid-group.error
deleted file mode 100644
index 6db3a339c2a1..000000000000
--- a/internal/resourcehcl/testdata/invalid-group.error
+++ /dev/null
@@ -1 +0,0 @@
-invalid-group.hcl:3,13-17: Failed to unmarshal argument Group: expected value of type string but actual type is number
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/invalid-group.hcl b/internal/resourcehcl/testdata/invalid-group.hcl
deleted file mode 100644
index ca6920163ecc..000000000000
--- a/internal/resourcehcl/testdata/invalid-group.hcl
+++ /dev/null
@@ -1,8 +0,0 @@
-ID {
-  Type {
-    Group = 1234
-    GroupVersion = "v1"
-    Kind = "Artist"
-  }
-  Name = "foo"
-}
diff --git a/internal/resourcehcl/testdata/invalid-gvk.error b/internal/resourcehcl/testdata/invalid-gvk.error
deleted file mode 100644
index 92ebca5eb0c1..000000000000
--- a/internal/resourcehcl/testdata/invalid-gvk.error
+++ /dev/null
@@ -1 +0,0 @@
-invalid-gvk.hcl:2,10-14: Error in function call; Call to function "gvk" failed: GVK string must be in the form <Group>.<GroupVersion>.<Kind>, got: nope.
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/invalid-gvk.hcl b/internal/resourcehcl/testdata/invalid-gvk.hcl
deleted file mode 100644
index 565a4cc3f9c8..000000000000
--- a/internal/resourcehcl/testdata/invalid-gvk.hcl
+++ /dev/null
@@ -1,4 +0,0 @@
-ID {
-  Type = gvk("nope")
-  Name = "foo"
-}
diff --git a/internal/resourcehcl/testdata/invalid-metadata.error b/internal/resourcehcl/testdata/invalid-metadata.error
deleted file mode 100644
index 352f2ffa056c..000000000000
--- a/internal/resourcehcl/testdata/invalid-metadata.error
+++ /dev/null
@@ -1 +0,0 @@
-invalid-metadata.hcl:6,12-8,2: Failed to unmarshal argument Metadata["foo"]: expected value of type string but actual type is tuple
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/invalid-metadata.hcl b/internal/resourcehcl/testdata/invalid-metadata.hcl
deleted file mode 100644
index aa10b5686e7f..000000000000
--- a/internal/resourcehcl/testdata/invalid-metadata.hcl
+++ /dev/null
@@ -1,8 +0,0 @@
-ID {
-  Type = gvk("demo.v1.Artist")
-  Name = "korn"
-}
-
-Metadata = {
-  "foo" = ["bar"]
-}
diff --git a/internal/resourcehcl/testdata/invalid-name.error b/internal/resourcehcl/testdata/invalid-name.error
deleted file mode 100644
index ba977a2e279c..000000000000
--- a/internal/resourcehcl/testdata/invalid-name.error
+++ /dev/null
@@ -1 +0,0 @@
-invalid-name.hcl:3,10-14: Failed to unmarshal argument Name: expected value of type string but actual type is number
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/invalid-name.hcl b/internal/resourcehcl/testdata/invalid-name.hcl
deleted file mode 100644
index 54ca6b186bbc..000000000000
--- a/internal/resourcehcl/testdata/invalid-name.hcl
+++ /dev/null
@@ -1,4 +0,0 @@
-ID {
-  Type = gvk("demo.v1.Artist")
-  Name = 1234
-}
diff --git a/internal/resourcehcl/testdata/no-blocks-any-first.golden b/internal/resourcehcl/testdata/no-blocks-any-first.golden
deleted file mode 100644
index 18a7cfd9aeec..000000000000
--- a/internal/resourcehcl/testdata/no-blocks-any-first.golden
+++ /dev/null
@@ -1 +0,0 @@
-{"id":{"name":"korn","type":{"group":"demo","groupVersion":"v1","kind":"Artist"}},"data":{"@type":"hashicorp.consul.internal.demo.v1.Artist","name":"Korn"}}
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/no-blocks-any-first.hcl b/internal/resourcehcl/testdata/no-blocks-any-first.hcl
deleted file mode 100644
index 8eb8d75f4317..000000000000
--- a/internal/resourcehcl/testdata/no-blocks-any-first.hcl
+++ /dev/null
@@ -1,8 +0,0 @@
-Data = {
-  Name = "Korn"
-}
-
-ID = {
-  Type = gvk("demo.v1.Artist")
-  Name = "korn"
-}
diff --git a/internal/resourcehcl/testdata/no-blocks.golden b/internal/resourcehcl/testdata/no-blocks.golden
deleted file mode 100644
index c7243ad16163..000000000000
--- a/internal/resourcehcl/testdata/no-blocks.golden
+++ /dev/null
@@ -1 +0,0 @@
-{"id":{"type":{"group":"mesh","groupVersion":"v1alpha1","kind":"Upstreams"}},"data":{"@type":"hashicorp.consul.mesh.v1alpha1.Upstreams","workloads":{"prefixes":["api"]},"upstreams":[{"destinationRef":{"name":"db","type":{"group":"catalog","groupVersion":"v1alpha1","kind":"Service"}},"destinationPort":"tcp","ipPort":{"port":1234}}]}}
diff --git a/internal/resourcehcl/testdata/no-blocks.hcl b/internal/resourcehcl/testdata/no-blocks.hcl
deleted file mode 100644
index b134e8124621..000000000000
--- a/internal/resourcehcl/testdata/no-blocks.hcl
+++ /dev/null
@@ -1,33 +0,0 @@
-ID = {
-  Type = {
-    Group = "mesh"
-    GroupVersion = "v1alpha1"
-    Kind = "Upstreams"
-  }
-}
-
-Data = {
-  Workloads = {
-    Prefixes = ["api"]
-  }
-
-  Upstreams = [
-    {
-      DestinationRef = {
-        Type = {
-          Group = "catalog"
-          GroupVersion = "v1alpha1"
-          Kind = "Service"
-        }
-
-        Name = "db"
-      }
-
-      DestinationPort = "tcp"
-
-      IpPort = {
-        Port = 1234
-      }
-    }
-  ]
-}
diff --git a/internal/resourcehcl/testdata/owner.golden b/internal/resourcehcl/testdata/owner.golden
deleted file mode 100644
index 9054db09bfd3..000000000000
--- a/internal/resourcehcl/testdata/owner.golden
+++ /dev/null
@@ -1 +0,0 @@
-{"id":{"name":"twisted-transistor","type":{"group":"demo","groupVersion":"v1","kind":"Album"}},"owner":{"name":"korn","type":{"group":"demo","groupVersion":"v1","kind":"Artist"}}}
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/owner.hcl b/internal/resourcehcl/testdata/owner.hcl
deleted file mode 100644
index 2cc65e4c6658..000000000000
--- a/internal/resourcehcl/testdata/owner.hcl
+++ /dev/null
@@ -1,9 +0,0 @@
-ID {
-  Type = gvk("demo.v1.Album")
-  Name = "twisted-transistor"
-}
-
-Owner {
-  Type = gvk("demo.v1.Artist")
-  Name = "korn"
-}
diff --git a/internal/resourcehcl/testdata/simple-gvk.golden b/internal/resourcehcl/testdata/simple-gvk.golden
deleted file mode 100644
index ba3fddcd6d17..000000000000
--- a/internal/resourcehcl/testdata/simple-gvk.golden
+++ /dev/null
@@ -1 +0,0 @@
-{"id":{"name":"korn","type":{"group":"demo","groupVersion":"v1","kind":"Artist"}},"metadata":{"foo":"bar"},"data":{"@type":"hashicorp.consul.internal.demo.v1.Artist","name":"Korn","genre":"GENRE_METAL"}}
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/simple-gvk.hcl b/internal/resourcehcl/testdata/simple-gvk.hcl
deleted file mode 100644
index adddcd42c8c1..000000000000
--- a/internal/resourcehcl/testdata/simple-gvk.hcl
+++ /dev/null
@@ -1,13 +0,0 @@
-ID {
-  Type = gvk("demo.v1.Artist")
-  Name = "korn"
-}
-
-Data {
-  Name = "Korn"
-  Genre = "GENRE_METAL"
-}
-
-Metadata = {
-  "foo" = "bar"
-}
diff --git a/internal/resourcehcl/testdata/type-block.golden b/internal/resourcehcl/testdata/type-block.golden
deleted file mode 100644
index 963695616bee..000000000000
--- a/internal/resourcehcl/testdata/type-block.golden
+++ /dev/null
@@ -1 +0,0 @@
-{"id":{"name":"korn","type":{"group":"demo","groupVersion":"v1","kind":"Artist"}}}
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/type-block.hcl b/internal/resourcehcl/testdata/type-block.hcl
deleted file mode 100644
index f927fbe2fe61..000000000000
--- a/internal/resourcehcl/testdata/type-block.hcl
+++ /dev/null
@@ -1,8 +0,0 @@
-ID {
-  Type {
-    Group = "demo"
-    GroupVersion = "v1"
-    Kind = "Artist"
-  }
-  Name = "korn"
-}
diff --git a/internal/resourcehcl/testdata/unknown-field-block.error b/internal/resourcehcl/testdata/unknown-field-block.error
deleted file mode 100644
index 602212543d66..000000000000
--- a/internal/resourcehcl/testdata/unknown-field-block.error
+++ /dev/null
@@ -1 +0,0 @@
-unknown-field-block.hcl:2,3-6: Unsupported argument; An argument named "Foo" is not expected here.
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/unknown-field-block.hcl b/internal/resourcehcl/testdata/unknown-field-block.hcl
deleted file mode 100644
index 534fdb11b8d2..000000000000
--- a/internal/resourcehcl/testdata/unknown-field-block.hcl
+++ /dev/null
@@ -1,3 +0,0 @@
-ID {
-  Foo = "bar"
-}
diff --git a/internal/resourcehcl/testdata/unknown-field-object.error b/internal/resourcehcl/testdata/unknown-field-object.error
deleted file mode 100644
index b7651d5eb0d5..000000000000
--- a/internal/resourcehcl/testdata/unknown-field-object.error
+++ /dev/null
@@ -1 +0,0 @@
-unknown-field-object.hcl:1,6-3,2: Unsupported argument; An argument named "Foo" is not expected here.
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/unknown-field-object.hcl b/internal/resourcehcl/testdata/unknown-field-object.hcl
deleted file mode 100644
index 43220099bb0a..000000000000
--- a/internal/resourcehcl/testdata/unknown-field-object.hcl
+++ /dev/null
@@ -1,3 +0,0 @@
-ID = {
-  Foo = "bar"
-}
diff --git a/internal/resourcehcl/testdata/unknown-type.error b/internal/resourcehcl/testdata/unknown-type.error
deleted file mode 100644
index 81e0ea1c8159..000000000000
--- a/internal/resourcehcl/testdata/unknown-type.error
+++ /dev/null
@@ -1 +0,0 @@
-error getting type for Any field: unknown resource type: foo.bar.Baz
\ No newline at end of file
diff --git a/internal/resourcehcl/testdata/unknown-type.hcl b/internal/resourcehcl/testdata/unknown-type.hcl
deleted file mode 100644
index f1669b8ba882..000000000000
--- a/internal/resourcehcl/testdata/unknown-type.hcl
+++ /dev/null
@@ -1,8 +0,0 @@
-ID {
-  Type = gvk("foo.bar.Baz")
-  Name = "qux"
-}
-
-Data {
-  Foo = "bar"
-}
diff --git a/internal/resourcehcl/testdata/upstreams.golden b/internal/resourcehcl/testdata/upstreams.golden
deleted file mode 100644
index 26608ae3d5d7..000000000000
--- a/internal/resourcehcl/testdata/upstreams.golden
+++ /dev/null
@@ -1 +0,0 @@
-{"id":{"name":"api","type":{"group":"mesh","groupVersion":"v1alpha1","kind":"Upstreams"}},"data":{"@type":"hashicorp.consul.mesh.v1alpha1.Upstreams","workloads":{"prefixes":["api"]},"upstreams":[{"destinationRef":{"name":"db","type":{"group":"catalog","groupVersion":"v1alpha1","kind":"Service"}},"destinationPort":"tcp","ipPort":{"port":1234}}]}}
diff --git a/internal/resourcehcl/testdata/upstreams.hcl b/internal/resourcehcl/testdata/upstreams.hcl
deleted file mode 100644
index c0993e4d5bac..000000000000
--- a/internal/resourcehcl/testdata/upstreams.hcl
+++ /dev/null
@@ -1,25 +0,0 @@
-ID {
-  Type = gvk("mesh.v1alpha1.Upstreams")
-  Name = "api"
-}
-
-Data {
-  Workloads {
-    Prefixes = ["api"]
-  }
-
-  Upstreams = [
-    {
-      DestinationRef = {
-        Type = gvk("catalog.v1alpha1.Service")
-        Name = "db"
-      }
-
-      DestinationPort = "tcp"
-
-      IpPort = {
-        Port = 1234
-      }
-    }
-  ]
-}
diff --git a/internal/resourcehcl/unmarshal.go b/internal/resourcehcl/unmarshal.go
deleted file mode 100644
index 610ebc641b82..000000000000
--- a/internal/resourcehcl/unmarshal.go
+++ /dev/null
@@ -1,55 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resourcehcl
-
-import (
-	"reflect"
-
-	"github.com/zclconf/go-cty/cty"
-	"github.com/zclconf/go-cty/cty/function"
-
-	"github.com/hashicorp/consul/internal/protohcl"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-// Unmarshal the given HCL source into a resource.
-func Unmarshal(src []byte, reg resource.Registry) (*pbresource.Resource, error) {
-	return UnmarshalOptions{}.Unmarshal(src, reg)
-}
-
-type UnmarshalOptions struct{ SourceFileName string }
-
-// Unmarshal the given HCL source into a resource.
-func (u UnmarshalOptions) Unmarshal(src []byte, reg resource.Registry) (*pbresource.Resource, error) {
-	var out pbresource.Resource
-	err := (protohcl.UnmarshalOptions{
-		SourceFileName: u.SourceFileName,
-		AnyTypeProvider: anyProvider{
-			base: &protohcl.AnyTypeURLProvider{TypeURLFieldName: "Type"},
-			reg:  reg,
-		},
-		FieldNamer: fieldNamer{acroynms: []string{"ID", "TCP", "UDP", "HTTP"}},
-		Functions:  map[string]function.Function{"gvk": gvk},
-	}).Unmarshal(src, &out)
-	return &out, err
-}
-
-var (
-	typeType = cty.Capsule("type", reflect.TypeOf(pbresource.Type{}))
-
-	gvk = function.New(&function.Spec{
-		Params: []function.Parameter{
-			{Name: "GVK String", Type: cty.String},
-		},
-		Type: function.StaticReturnType(typeType),
-		Impl: func(args []cty.Value, _ cty.Type) (cty.Value, error) {
-			t, err := resource.ParseGVK(args[0].AsString())
-			if err != nil {
-				return cty.NilVal, err
-			}
-			return cty.CapsuleVal(typeType, t), nil
-		},
-	})
-)
diff --git a/internal/resourcehcl/unmarshal_test.go b/internal/resourcehcl/unmarshal_test.go
deleted file mode 100644
index 5e35f7df66b1..000000000000
--- a/internal/resourcehcl/unmarshal_test.go
+++ /dev/null
@@ -1,106 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package resourcehcl_test
-
-import (
-	"flag"
-	"fmt"
-	"os"
-	"path"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/encoding/protojson"
-
-	"github.com/hashicorp/consul/internal/mesh"
-	"github.com/hashicorp/consul/internal/resource"
-	"github.com/hashicorp/consul/internal/resource/demo"
-	"github.com/hashicorp/consul/internal/resourcehcl"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	"github.com/hashicorp/consul/proto/private/prototest"
-)
-
-var update = flag.Bool("update", false, "update golden files")
-
-func TestUnmarshal(t *testing.T) {
-	entries, err := os.ReadDir("./testdata")
-	require.NoError(t, err)
-
-	read := func(t *testing.T, path string) ([]byte, bool) {
-		t.Helper()
-
-		bytes, err := os.ReadFile(fmt.Sprintf("./testdata/%s", path))
-		switch {
-		case err == nil:
-			return bytes, true
-		case os.IsNotExist(err):
-			return nil, false
-		}
-
-		t.Fatalf("failed to read file %s %v", path, err)
-		return nil, false
-	}
-
-	write := func(t *testing.T, path string, src []byte) {
-		t.Helper()
-
-		require.NoError(t, os.WriteFile(fmt.Sprintf("./testdata/%s", path), src, 0o600))
-	}
-
-	for _, entry := range entries {
-		name := entry.Name()
-		ext := path.Ext(name)
-
-		if ext != ".hcl" {
-			continue
-		}
-
-		base := name[0 : len(name)-len(ext)]
-
-		t.Run(base, func(t *testing.T) {
-			input, _ := read(t, name)
-
-			registry := resource.NewRegistry()
-			demo.RegisterTypes(registry)
-			mesh.RegisterTypes(registry)
-
-			output, err := resourcehcl.UnmarshalOptions{SourceFileName: name}.
-				Unmarshal(input, registry)
-
-			if *update {
-				if err == nil {
-					json, err := protojson.Marshal(output)
-					require.NoError(t, err)
-					write(t, base+".golden", json)
-				} else {
-					write(t, base+".error", []byte(err.Error()))
-				}
-			}
-
-			goldenJSON, haveGoldenJSON := read(t, base+".golden")
-			goldenError, haveGoldenError := read(t, base+".error")
-
-			if haveGoldenError && haveGoldenJSON {
-				t.Fatalf("both %s.golden and %s.error exist, delete one", base, base)
-			}
-
-			if !haveGoldenError && !haveGoldenJSON && !*update {
-				t.Fatalf("neither %s.golden or %s.error exist, run the tests again with the -update flag to create one", base, base)
-			}
-
-			if haveGoldenError {
-				require.Error(t, err)
-				require.Equal(t, string(goldenError), err.Error())
-			}
-
-			if haveGoldenJSON {
-				require.NoError(t, err)
-
-				var exp pbresource.Resource
-				require.NoError(t, protojson.Unmarshal(goldenJSON, &exp))
-				prototest.AssertDeepEqual(t, &exp, output)
-			}
-		})
-	}
-}
diff --git a/internal/storage/conformance/conformance.go b/internal/storage/conformance/conformance.go
index 543a574fb5a6..22356a88a9c1 100644
--- a/internal/storage/conformance/conformance.go
+++ b/internal/storage/conformance/conformance.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package conformance
 
diff --git a/internal/storage/inmem/backend.go b/internal/storage/inmem/backend.go
index bf256e508f4d..fc22aa5ace81 100644
--- a/internal/storage/inmem/backend.go
+++ b/internal/storage/inmem/backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inmem
 
diff --git a/internal/storage/inmem/backend_test.go b/internal/storage/inmem/backend_test.go
index 7978dcdf2993..e37de15afab4 100644
--- a/internal/storage/inmem/backend_test.go
+++ b/internal/storage/inmem/backend_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inmem_test
 
diff --git a/internal/storage/inmem/event_index.go b/internal/storage/inmem/event_index.go
index f71e809289ac..68d9ec13b142 100644
--- a/internal/storage/inmem/event_index.go
+++ b/internal/storage/inmem/event_index.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inmem
 
diff --git a/internal/storage/inmem/schema.go b/internal/storage/inmem/schema.go
index 37e39dbc5707..6a58eacd586b 100644
--- a/internal/storage/inmem/schema.go
+++ b/internal/storage/inmem/schema.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inmem
 
diff --git a/internal/storage/inmem/snapshot.go b/internal/storage/inmem/snapshot.go
index 36739ac65b20..6233f4d30bfe 100644
--- a/internal/storage/inmem/snapshot.go
+++ b/internal/storage/inmem/snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inmem
 
diff --git a/internal/storage/inmem/snapshot_test.go b/internal/storage/inmem/snapshot_test.go
index f3e1bdbaa79e..b703495d2c7f 100644
--- a/internal/storage/inmem/snapshot_test.go
+++ b/internal/storage/inmem/snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inmem_test
 
diff --git a/internal/storage/inmem/store.go b/internal/storage/inmem/store.go
index d9c27d339fa3..5c50b1c138a3 100644
--- a/internal/storage/inmem/store.go
+++ b/internal/storage/inmem/store.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inmem
 
diff --git a/internal/storage/inmem/watch.go b/internal/storage/inmem/watch.go
index bdab0fc5ee86..85c657e3a3c6 100644
--- a/internal/storage/inmem/watch.go
+++ b/internal/storage/inmem/watch.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package inmem
 
diff --git a/internal/storage/raft/backend.go b/internal/storage/raft/backend.go
index 8a7a973c3e7c..4e1cd05bbb18 100644
--- a/internal/storage/raft/backend.go
+++ b/internal/storage/raft/backend.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package raft
 
diff --git a/internal/storage/raft/conformance_test.go b/internal/storage/raft/conformance_test.go
index 6c75e462d21c..ef79087e171d 100644
--- a/internal/storage/raft/conformance_test.go
+++ b/internal/storage/raft/conformance_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package raft_test
 
diff --git a/internal/storage/raft/forwarding.go b/internal/storage/raft/forwarding.go
index 2700339afbe5..798ca58465d5 100644
--- a/internal/storage/raft/forwarding.go
+++ b/internal/storage/raft/forwarding.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package raft
 
diff --git a/internal/storage/storage.go b/internal/storage/storage.go
index 2a86a769fee9..24a763e39547 100644
--- a/internal/storage/storage.go
+++ b/internal/storage/storage.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package storage
 
diff --git a/internal/testing/golden/golden.go b/internal/testing/golden/golden.go
index 4466ad4cbcff..079f69f02aa5 100644
--- a/internal/testing/golden/golden.go
+++ b/internal/testing/golden/golden.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package golden
 
diff --git a/internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go b/internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go
index 6e76027299de..59d2a19b8c9b 100644
--- a/internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go
+++ b/internal/tools/proto-gen-rpc-glue/e2e/consul/agent/structs/structs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package structs
 
diff --git a/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go b/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go
index 1395e682edd3..5c1b497e5518 100644
--- a/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go
+++ b/internal/tools/proto-gen-rpc-glue/e2e/consul/proto/pbcommon/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbcommon
 
diff --git a/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go b/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go
index c69dac63b5c0..3a83b8431752 100644
--- a/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go
+++ b/internal/tools/proto-gen-rpc-glue/e2e/source.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build example
 // +build example
diff --git a/internal/tools/proto-gen-rpc-glue/main.go b/internal/tools/proto-gen-rpc-glue/main.go
index 2412c3386208..65a25122bc70 100644
--- a/internal/tools/proto-gen-rpc-glue/main.go
+++ b/internal/tools/proto-gen-rpc-glue/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package main
 
diff --git a/internal/tools/proto-gen-rpc-glue/main_test.go b/internal/tools/proto-gen-rpc-glue/main_test.go
index 01eb28e92a31..87ed4e3917ed 100644
--- a/internal/tools/proto-gen-rpc-glue/main_test.go
+++ b/internal/tools/proto-gen-rpc-glue/main_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package main
 
diff --git a/internal/tools/protoc-gen-consul-rate-limit/main.go b/internal/tools/protoc-gen-consul-rate-limit/main.go
index 349c371c28e9..b4bf5711584a 100644
--- a/internal/tools/protoc-gen-consul-rate-limit/main.go
+++ b/internal/tools/protoc-gen-consul-rate-limit/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // protoc-gen-consul-rate-limit
 // This protoc plugin maintains the mapping of gRPC method names to
diff --git a/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go b/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go
index b1f00a2dcdd7..bd9ea5779ce1 100644
--- a/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go
+++ b/internal/tools/protoc-gen-consul-rate-limit/postprocess/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package main
 
diff --git a/ipaddr/detect.go b/ipaddr/detect.go
index bc2bf56c350c..e208b13ed5be 100644
--- a/ipaddr/detect.go
+++ b/ipaddr/detect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ipaddr
 
diff --git a/ipaddr/detect_test.go b/ipaddr/detect_test.go
index c199492c174f..865421e10cf0 100644
--- a/ipaddr/detect_test.go
+++ b/ipaddr/detect_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ipaddr
 
diff --git a/ipaddr/ipaddr.go b/ipaddr/ipaddr.go
index 89f8c70a4ceb..92a04e80181d 100644
--- a/ipaddr/ipaddr.go
+++ b/ipaddr/ipaddr.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ipaddr
 
diff --git a/ipaddr/ipaddr_test.go b/ipaddr/ipaddr_test.go
index 009144c2de25..a8aae7f32dde 100644
--- a/ipaddr/ipaddr_test.go
+++ b/ipaddr/ipaddr_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ipaddr
 
diff --git a/lib/cluster.go b/lib/cluster.go
index a97ceea722e9..3b121da59835 100644
--- a/lib/cluster.go
+++ b/lib/cluster.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/cluster_test.go b/lib/cluster_test.go
index 3493a6fb39f1..44b77332dfec 100644
--- a/lib/cluster_test.go
+++ b/lib/cluster_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/decode/decode.go b/lib/decode/decode.go
index 645916d2d665..fc1558a9f789 100644
--- a/lib/decode/decode.go
+++ b/lib/decode/decode.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 /*
 Package decode provides tools for customizing the decoding of configuration,
diff --git a/lib/decode/decode_test.go b/lib/decode/decode_test.go
index 3219e96b4bf9..b1250ebcc81a 100644
--- a/lib/decode/decode_test.go
+++ b/lib/decode/decode_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package decode
 
diff --git a/lib/eof.go b/lib/eof.go
index e208ca73d753..b8f6ac0e240e 100644
--- a/lib/eof.go
+++ b/lib/eof.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/eof_test.go b/lib/eof_test.go
index 330a1152a8eb..373846a72c94 100644
--- a/lib/eof_test.go
+++ b/lib/eof_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/file/atomic.go b/lib/file/atomic.go
index 4053f443d8b3..3fa5890052c8 100644
--- a/lib/file/atomic.go
+++ b/lib/file/atomic.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package file
 
diff --git a/lib/file/atomic_test.go b/lib/file/atomic_test.go
index baf4bc1771f8..a74b2d2ecd49 100644
--- a/lib/file/atomic_test.go
+++ b/lib/file/atomic_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package file
 
diff --git a/lib/hoststats/collector.go b/lib/hoststats/collector.go
index fb316e0dce38..c4c57b35c5c2 100644
--- a/lib/hoststats/collector.go
+++ b/lib/hoststats/collector.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package hoststats
 
 import (
diff --git a/lib/hoststats/cpu.go b/lib/hoststats/cpu.go
index 420a80ef9424..45633b40df06 100644
--- a/lib/hoststats/cpu.go
+++ b/lib/hoststats/cpu.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package hoststats
 
 import (
diff --git a/lib/hoststats/cpu_test.go b/lib/hoststats/cpu_test.go
index dcc1df9aab50..5d5efbe9769a 100644
--- a/lib/hoststats/cpu_test.go
+++ b/lib/hoststats/cpu_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package hoststats
 
 import (
diff --git a/lib/hoststats/host.go b/lib/hoststats/host.go
index 3a44618d20f1..426cf43ea21e 100644
--- a/lib/hoststats/host.go
+++ b/lib/hoststats/host.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package hoststats
 
 import (
diff --git a/lib/hoststats/metrics.go b/lib/hoststats/metrics.go
index 95055cea43fb..c89d40b813ff 100644
--- a/lib/hoststats/metrics.go
+++ b/lib/hoststats/metrics.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package hoststats
 
 import (
diff --git a/lib/json.go b/lib/json.go
index 7e58942a823d..c5ae22b2f90c 100644
--- a/lib/json.go
+++ b/lib/json.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/map_walker.go b/lib/map_walker.go
index 1be33b61f15f..3e8cec77ca64 100644
--- a/lib/map_walker.go
+++ b/lib/map_walker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/map_walker_test.go b/lib/map_walker_test.go
index 6156abe4624f..2a3b4c189d9e 100644
--- a/lib/map_walker_test.go
+++ b/lib/map_walker_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/maps/maps.go b/lib/maps/maps.go
index ae19d030a2c0..1996d5f4cd9a 100644
--- a/lib/maps/maps.go
+++ b/lib/maps/maps.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package maps
 
diff --git a/lib/maps/maps_test.go b/lib/maps/maps_test.go
index 5d0f4edbc44e..bebb9afb5f15 100644
--- a/lib/maps/maps_test.go
+++ b/lib/maps/maps_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package maps
 
diff --git a/lib/math.go b/lib/math.go
index 673dfb84e99c..75859a2a6580 100644
--- a/lib/math.go
+++ b/lib/math.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/math_test.go b/lib/math_test.go
index 2ce631fe75dc..7ac4141a268c 100644
--- a/lib/math_test.go
+++ b/lib/math_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib_test
 
diff --git a/lib/mutex/mutex.go b/lib/mutex/mutex.go
index 8101204c2e00..a28290c0b3b4 100644
--- a/lib/mutex/mutex.go
+++ b/lib/mutex/mutex.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 /*
 Package mutex implements the sync.Locker interface using x/sync/semaphore. It
diff --git a/lib/mutex/mutex_test.go b/lib/mutex/mutex_test.go
index 2d51706e4e85..000681d03e86 100644
--- a/lib/mutex/mutex_test.go
+++ b/lib/mutex/mutex_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package mutex
 
diff --git a/lib/path.go b/lib/path.go
index fd45378ec180..347de0cbde09 100644
--- a/lib/path.go
+++ b/lib/path.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/retry/retry.go b/lib/retry/retry.go
index e0605f89c4a8..ee9a8b2354e6 100644
--- a/lib/retry/retry.go
+++ b/lib/retry/retry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package retry
 
diff --git a/lib/retry/retry_test.go b/lib/retry/retry_test.go
index d8a822f6b606..74bb982b91ed 100644
--- a/lib/retry/retry_test.go
+++ b/lib/retry/retry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package retry
 
diff --git a/lib/routine/routine.go b/lib/routine/routine.go
index b5ebe85e22f1..3bcbd1fbee45 100644
--- a/lib/routine/routine.go
+++ b/lib/routine/routine.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package routine
 
diff --git a/lib/routine/routine_test.go b/lib/routine/routine_test.go
index c04311ac59f4..cfb98d98c3c8 100644
--- a/lib/routine/routine_test.go
+++ b/lib/routine/routine_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package routine
 
diff --git a/lib/rtt.go b/lib/rtt.go
index d716e6fcbe1c..5d90431f5d65 100644
--- a/lib/rtt.go
+++ b/lib/rtt.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/rtt_test.go b/lib/rtt_test.go
index 1e7779b9adde..a8a6786ecf62 100644
--- a/lib/rtt_test.go
+++ b/lib/rtt_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/semaphore/semaphore.go b/lib/semaphore/semaphore.go
index fdfbbb34db02..662d21152868 100644
--- a/lib/semaphore/semaphore.go
+++ b/lib/semaphore/semaphore.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Package semaphore implements a simple semaphore that is based on
 // golang.org/x/sync/semaphore but doesn't support weights. It's advantage over
diff --git a/lib/semaphore/semaphore_test.go b/lib/semaphore/semaphore_test.go
index b3182e1107af..d7da1979b00f 100644
--- a/lib/semaphore/semaphore_test.go
+++ b/lib/semaphore/semaphore_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package semaphore
 
diff --git a/lib/serf/serf.go b/lib/serf/serf.go
index 932fed427ba9..ad5297e58b61 100644
--- a/lib/serf/serf.go
+++ b/lib/serf/serf.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package serf
 
diff --git a/lib/stop_context.go b/lib/stop_context.go
index 98bde25e452b..ea560e0929e9 100644
--- a/lib/stop_context.go
+++ b/lib/stop_context.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/stop_context_test.go b/lib/stop_context_test.go
index b62749513f2f..6da3a6fc61ae 100644
--- a/lib/stop_context_test.go
+++ b/lib/stop_context_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/strings.go b/lib/strings.go
index 7213a9325914..d268845acc9c 100644
--- a/lib/strings.go
+++ b/lib/strings.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/stringslice/stringslice.go b/lib/stringslice/stringslice.go
index 7c32864b9458..325f603d778d 100644
--- a/lib/stringslice/stringslice.go
+++ b/lib/stringslice/stringslice.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stringslice
 
diff --git a/lib/stringslice/stringslice_test.go b/lib/stringslice/stringslice_test.go
index dd2507175744..975fe34976ec 100644
--- a/lib/stringslice/stringslice_test.go
+++ b/lib/stringslice/stringslice_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package stringslice
 
diff --git a/lib/telemetry.go b/lib/telemetry.go
index e06341eefb05..b66ec721b1dc 100644
--- a/lib/telemetry.go
+++ b/lib/telemetry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/telemetry_test.go b/lib/telemetry_test.go
index ab0f7e5b9141..a2c0075598ec 100644
--- a/lib/telemetry_test.go
+++ b/lib/telemetry_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/template/hil.go b/lib/template/hil.go
index 502f10d258b2..5b9cc0e2cf14 100644
--- a/lib/template/hil.go
+++ b/lib/template/hil.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package template
 
diff --git a/lib/template/hil_test.go b/lib/template/hil_test.go
index 4f582f61d168..84f3558a4a6a 100644
--- a/lib/template/hil_test.go
+++ b/lib/template/hil_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package template
 
diff --git a/lib/translate.go b/lib/translate.go
index 6fd49010fc81..adb58539c0fd 100644
--- a/lib/translate.go
+++ b/lib/translate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/translate_test.go b/lib/translate_test.go
index f36588b7404b..36d113004a74 100644
--- a/lib/translate_test.go
+++ b/lib/translate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/ttlcache/eviction.go b/lib/ttlcache/eviction.go
index 5d5012e7dbac..3e20bb09b627 100644
--- a/lib/ttlcache/eviction.go
+++ b/lib/ttlcache/eviction.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 /*
 Package ttlcache provides an ExpiryHeap that can be used by a cache to track the
diff --git a/lib/ttlcache/eviction_test.go b/lib/ttlcache/eviction_test.go
index 18bf2fbbc78b..fe55b68cf176 100644
--- a/lib/ttlcache/eviction_test.go
+++ b/lib/ttlcache/eviction_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ttlcache
 
diff --git a/lib/useragent.go b/lib/useragent.go
index 89c73dec5529..e967ed11ffc7 100644
--- a/lib/useragent.go
+++ b/lib/useragent.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/useragent_test.go b/lib/useragent_test.go
index 23df537c9d4a..4890e454a598 100644
--- a/lib/useragent_test.go
+++ b/lib/useragent_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/lib/uuid.go b/lib/uuid.go
index 2c0d657f5b06..8db9517d7022 100644
--- a/lib/uuid.go
+++ b/lib/uuid.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package lib
 
diff --git a/logging/gated_writer.go b/logging/gated_writer.go
index 5a28c8cf5233..2e0023369a77 100644
--- a/logging/gated_writer.go
+++ b/logging/gated_writer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logging
 
diff --git a/logging/gated_writer_test.go b/logging/gated_writer_test.go
index cc44ad04b2b9..f0adc8de85a1 100644
--- a/logging/gated_writer_test.go
+++ b/logging/gated_writer_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logging
 
diff --git a/logging/grpc.go b/logging/grpc.go
index ebe2207e454b..f565b865fbd9 100644
--- a/logging/grpc.go
+++ b/logging/grpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logging
 
diff --git a/logging/grpc_test.go b/logging/grpc_test.go
index 0a90f1106609..29f1c976e555 100644
--- a/logging/grpc_test.go
+++ b/logging/grpc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logging
 
diff --git a/logging/log_levels.go b/logging/log_levels.go
index 5ed830ee3050..dc3bb8b530b8 100644
--- a/logging/log_levels.go
+++ b/logging/log_levels.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logging
 
diff --git a/logging/logfile.go b/logging/logfile.go
index bc7b38d91c26..f84d12de4b19 100644
--- a/logging/logfile.go
+++ b/logging/logfile.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logging
 
@@ -60,31 +60,50 @@ func (l *LogFile) fileNamePattern() string {
 }
 
 func (l *LogFile) openNew() error {
-	fileNamePattern := l.fileNamePattern()
-
-	createTime := now()
-	newfileName := fmt.Sprintf(fileNamePattern, strconv.FormatInt(createTime.UnixNano(), 10))
+	newfileName := l.fileName
 	newfilePath := filepath.Join(l.logPath, newfileName)
 
-	// Try creating a file. We truncate the file because we are the only authority to write the logs
-	filePointer, err := os.OpenFile(newfilePath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0640)
+	// Try creating or opening the active log file. Since the active log file
+	// always has the same name, append log entries to prevent overwriting
+	// previous log data.
+	filePointer, err := os.OpenFile(newfilePath, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0640)
 	if err != nil {
 		return err
 	}
 
 	l.FileInfo = filePointer
+	stat, err := filePointer.Stat()
+	if err != nil {
+		return err
+	}
 	// New file, new bytes tracker, new creation time :)
-	l.LastCreated = createTime
+	l.LastCreated = l.createTime(stat)
 	l.BytesWritten = 0
 	return nil
 }
 
+func (l *LogFile) renameCurrentFile() error {
+	fileNamePattern := l.fileNamePattern()
+
+	createTime := now()
+	// Current file is consul.log always
+	currentFilePath := filepath.Join(l.logPath, l.fileName)
+
+	oldFileName := fmt.Sprintf(fileNamePattern, strconv.FormatInt(createTime.UnixNano(), 10))
+	oldFilePath := filepath.Join(l.logPath, oldFileName)
+
+	return os.Rename(currentFilePath, oldFilePath)
+}
+
 func (l *LogFile) rotate() error {
 	// Get the time from the last point of contact
 	timeElapsed := time.Since(l.LastCreated)
 	// Rotate if we hit the byte file limit or the time limit
 	if (l.BytesWritten >= int64(l.MaxBytes) && (l.MaxBytes > 0)) || timeElapsed >= l.duration {
 		l.FileInfo.Close()
+		if err := l.renameCurrentFile(); err != nil {
+			return err
+		}
 		if err := l.pruneFiles(); err != nil {
 			return err
 		}
diff --git a/logging/logfile_bsd.go b/logging/logfile_bsd.go
new file mode 100644
index 000000000000..d81d065be1ce
--- /dev/null
+++ b/logging/logfile_bsd.go
@@ -0,0 +1,16 @@
+//go:build darwin || freebsd || netbsd || openbsd
+// +build darwin freebsd netbsd openbsd
+
+package logging
+
+import (
+	"os"
+	"syscall"
+	"time"
+)
+
+func (l *LogFile) createTime(stat os.FileInfo) time.Time {
+	stat_t := stat.Sys().(*syscall.Stat_t)
+	createTime := stat_t.Ctimespec
+	return time.Unix(int64(createTime.Sec), int64(createTime.Nsec))
+}
diff --git a/logging/logfile_linux.go b/logging/logfile_linux.go
new file mode 100644
index 000000000000..6cdacfe80e22
--- /dev/null
+++ b/logging/logfile_linux.go
@@ -0,0 +1,17 @@
+//go:build dragonfly || linux
+// +build dragonfly linux
+
+package logging
+
+import (
+	"os"
+	"syscall"
+	"time"
+)
+
+func (l *LogFile) createTime(stat os.FileInfo) time.Time {
+	stat_t := stat.Sys().(*syscall.Stat_t)
+	createTime := stat_t.Ctim
+	// Sec and Nsec are int32 in 32-bit architectures.
+	return time.Unix(int64(createTime.Sec), int64(createTime.Nsec)) //nolint:unconvert
+}
diff --git a/logging/logfile_solaris.go b/logging/logfile_solaris.go
new file mode 100644
index 000000000000..b64610cc38fc
--- /dev/null
+++ b/logging/logfile_solaris.go
@@ -0,0 +1,17 @@
+//go:build solaris
+// +build solaris
+
+package logging
+
+import (
+	"os"
+	"syscall"
+	"time"
+)
+
+func (l *LogFile) createTime(stat os.FileInfo) time.Time {
+	stat_t := stat.Sys().(*syscall.Stat_t)
+	createTime := stat_t.Ctim
+	// Sec and Nsec are int32 in 32-bit architectures.
+	return time.Unix(int64(createTime.Sec), int64(createTime.Nsec)) //nolint:unconvert
+}
diff --git a/logging/logfile_test.go b/logging/logfile_test.go
index ae9d8fb1b0cd..6f9730566297 100644
--- a/logging/logfile_test.go
+++ b/logging/logfile_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logging
 
@@ -51,6 +51,22 @@ func TestLogFile_openNew(t *testing.T) {
 	require.Contains(t, string(content), msg)
 }
 
+func TestLogFile_renameCurrentFile(t *testing.T) {
+	logFile := LogFile{
+		fileName: "consul.log",
+		logPath:  testutil.TempDir(t, ""),
+		duration: defaultRotateDuration,
+	}
+	err := logFile.openNew()
+	require.NoError(t, err)
+
+	err = logFile.renameCurrentFile()
+	require.NoError(t, err)
+
+	_, err = os.ReadFile(logFile.FileInfo.Name())
+	require.Contains(t, err.Error(), "no such file or directory")
+}
+
 func TestLogFile_Rotation_MaxBytes(t *testing.T) {
 	tempDir := testutil.TempDir(t, "LogWriterBytes")
 	logFile := LogFile{
diff --git a/logging/logfile_windows.go b/logging/logfile_windows.go
new file mode 100644
index 000000000000..688a8351cdbe
--- /dev/null
+++ b/logging/logfile_windows.go
@@ -0,0 +1,14 @@
+package logging
+
+import (
+	"os"
+	"time"
+)
+
+func (l *LogFile) createTime(stat os.FileInfo) time.Time {
+	// Use `ModTime` as an approximation if the exact create time is not
+	// available.
+	// On Windows, the file create time is not updated after the active log
+	// rotates, so use `ModTime` as an approximation as well.
+	return stat.ModTime()
+}
diff --git a/logging/logger.go b/logging/logger.go
index 8d63ed7e15eb..fb5128790fd0 100644
--- a/logging/logger.go
+++ b/logging/logger.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logging
 
diff --git a/logging/logger_test.go b/logging/logger_test.go
index 5cb0c1e44189..ca5f1eecd248 100644
--- a/logging/logger_test.go
+++ b/logging/logger_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logging
 
diff --git a/logging/monitor/monitor.go b/logging/monitor/monitor.go
index 6a812a879f64..7440a6586f63 100644
--- a/logging/monitor/monitor.go
+++ b/logging/monitor/monitor.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package monitor
 
diff --git a/logging/monitor/monitor_test.go b/logging/monitor/monitor_test.go
index 5f834f4f2322..ba77eab36fdd 100644
--- a/logging/monitor/monitor_test.go
+++ b/logging/monitor/monitor_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package monitor
 
diff --git a/logging/names.go b/logging/names.go
index 69a859443cfb..1c7ecc448787 100644
--- a/logging/names.go
+++ b/logging/names.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logging
 
diff --git a/logging/syslog.go b/logging/syslog.go
index ceb0ae0ac2f2..8eb1391fcb3b 100644
--- a/logging/syslog.go
+++ b/logging/syslog.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package logging
 
diff --git a/logging/syslog_test.go b/logging/syslog_test.go
index 1b3d66feba0c..fdef92b5284b 100644
--- a/logging/syslog_test.go
+++ b/logging/syslog_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build linux || darwin || dragonfly || freebsd || netbsd || openbsd || solaris
 // +build linux darwin dragonfly freebsd netbsd openbsd solaris
diff --git a/logging/syslog_unsupported_test.go b/logging/syslog_unsupported_test.go
index dab3d47d72fc..d616580d2f22 100644
--- a/logging/syslog_unsupported_test.go
+++ b/logging/syslog_unsupported_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build windows || plan9 || nacl
 // +build windows plan9 nacl
diff --git a/main.go b/main.go
index d29454035b12..63f5a4f26dd8 100644
--- a/main.go
+++ b/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package main
 
diff --git a/proto-public/LICENSE b/proto-public/LICENSE
deleted file mode 100644
index 7c5baa45e1c2..000000000000
--- a/proto-public/LICENSE
+++ /dev/null
@@ -1,365 +0,0 @@
-Copyright (c) 2020 HashiCorp, Inc.
-
-Mozilla Public License, version 2.0
-
-1. Definitions
-
-1.1. "Contributor"
-
-     means each individual or legal entity that creates, contributes to the
-     creation of, or owns Covered Software.
-
-1.2. "Contributor Version"
-
-     means the combination of the Contributions of others (if any) used by a
-     Contributor and that particular Contributor's Contribution.
-
-1.3. "Contribution"
-
-     means Covered Software of a particular Contributor.
-
-1.4. "Covered Software"
-
-     means Source Code Form to which the initial Contributor has attached the
-     notice in Exhibit A, the Executable Form of such Source Code Form, and
-     Modifications of such Source Code Form, in each case including portions
-     thereof.
-
-1.5. "Incompatible With Secondary Licenses"
-     means
-
-     a. that the initial Contributor has attached the notice described in
-        Exhibit B to the Covered Software; or
-
-     b. that the Covered Software was made available under the terms of
-        version 1.1 or earlier of the License, but not also under the terms of
-        a Secondary License.
-
-1.6. "Executable Form"
-
-     means any form of the work other than Source Code Form.
-
-1.7. "Larger Work"
-
-     means a work that combines Covered Software with other material, in a
-     separate file or files, that is not Covered Software.
-
-1.8. "License"
-
-     means this document.
-
-1.9. "Licensable"
-
-     means having the right to grant, to the maximum extent possible, whether
-     at the time of the initial grant or subsequently, any and all of the
-     rights conveyed by this License.
-
-1.10. "Modifications"
-
-     means any of the following:
-
-     a. any file in Source Code Form that results from an addition to,
-        deletion from, or modification of the contents of Covered Software; or
-
-     b. any new file in Source Code Form that contains any Covered Software.
-
-1.11. "Patent Claims" of a Contributor
-
-      means any patent claim(s), including without limitation, method,
-      process, and apparatus claims, in any patent Licensable by such
-      Contributor that would be infringed, but for the grant of the License,
-      by the making, using, selling, offering for sale, having made, import,
-      or transfer of either its Contributions or its Contributor Version.
-
-1.12. "Secondary License"
-
-      means either the GNU General Public License, Version 2.0, the GNU Lesser
-      General Public License, Version 2.1, the GNU Affero General Public
-      License, Version 3.0, or any later versions of those licenses.
-
-1.13. "Source Code Form"
-
-      means the form of the work preferred for making modifications.
-
-1.14. "You" (or "Your")
-
-      means an individual or a legal entity exercising rights under this
-      License. For legal entities, "You" includes any entity that controls, is
-      controlled by, or is under common control with You. For purposes of this
-      definition, "control" means (a) the power, direct or indirect, to cause
-      the direction or management of such entity, whether by contract or
-      otherwise, or (b) ownership of more than fifty percent (50%) of the
-      outstanding shares or beneficial ownership of such entity.
-
-
-2. License Grants and Conditions
-
-2.1. Grants
-
-     Each Contributor hereby grants You a world-wide, royalty-free,
-     non-exclusive license:
-
-     a. under intellectual property rights (other than patent or trademark)
-        Licensable by such Contributor to use, reproduce, make available,
-        modify, display, perform, distribute, and otherwise exploit its
-        Contributions, either on an unmodified basis, with Modifications, or
-        as part of a Larger Work; and
-
-     b. under Patent Claims of such Contributor to make, use, sell, offer for
-        sale, have made, import, and otherwise transfer either its
-        Contributions or its Contributor Version.
-
-2.2. Effective Date
-
-     The licenses granted in Section 2.1 with respect to any Contribution
-     become effective for each Contribution on the date the Contributor first
-     distributes such Contribution.
-
-2.3. Limitations on Grant Scope
-
-     The licenses granted in this Section 2 are the only rights granted under
-     this License. No additional rights or licenses will be implied from the
-     distribution or licensing of Covered Software under this License.
-     Notwithstanding Section 2.1(b) above, no patent license is granted by a
-     Contributor:
-
-     a. for any code that a Contributor has removed from Covered Software; or
-
-     b. for infringements caused by: (i) Your and any other third party's
-        modifications of Covered Software, or (ii) the combination of its
-        Contributions with other software (except as part of its Contributor
-        Version); or
-
-     c. under Patent Claims infringed by Covered Software in the absence of
-        its Contributions.
-
-     This License does not grant any rights in the trademarks, service marks,
-     or logos of any Contributor (except as may be necessary to comply with
-     the notice requirements in Section 3.4).
-
-2.4. Subsequent Licenses
-
-     No Contributor makes additional grants as a result of Your choice to
-     distribute the Covered Software under a subsequent version of this
-     License (see Section 10.2) or under the terms of a Secondary License (if
-     permitted under the terms of Section 3.3).
-
-2.5. Representation
-
-     Each Contributor represents that the Contributor believes its
-     Contributions are its original creation(s) or it has sufficient rights to
-     grant the rights to its Contributions conveyed by this License.
-
-2.6. Fair Use
-
-     This License is not intended to limit any rights You have under
-     applicable copyright doctrines of fair use, fair dealing, or other
-     equivalents.
-
-2.7. Conditions
-
-     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
-     Section 2.1.
-
-
-3. Responsibilities
-
-3.1. Distribution of Source Form
-
-     All distribution of Covered Software in Source Code Form, including any
-     Modifications that You create or to which You contribute, must be under
-     the terms of this License. You must inform recipients that the Source
-     Code Form of the Covered Software is governed by the terms of this
-     License, and how they can obtain a copy of this License. You may not
-     attempt to alter or restrict the recipients' rights in the Source Code
-     Form.
-
-3.2. Distribution of Executable Form
-
-     If You distribute Covered Software in Executable Form then:
-
-     a. such Covered Software must also be made available in Source Code Form,
-        as described in Section 3.1, and You must inform recipients of the
-        Executable Form how they can obtain a copy of such Source Code Form by
-        reasonable means in a timely manner, at a charge no more than the cost
-        of distribution to the recipient; and
-
-     b. You may distribute such Executable Form under the terms of this
-        License, or sublicense it under different terms, provided that the
-        license for the Executable Form does not attempt to limit or alter the
-        recipients' rights in the Source Code Form under this License.
-
-3.3. Distribution of a Larger Work
-
-     You may create and distribute a Larger Work under terms of Your choice,
-     provided that You also comply with the requirements of this License for
-     the Covered Software. If the Larger Work is a combination of Covered
-     Software with a work governed by one or more Secondary Licenses, and the
-     Covered Software is not Incompatible With Secondary Licenses, this
-     License permits You to additionally distribute such Covered Software
-     under the terms of such Secondary License(s), so that the recipient of
-     the Larger Work may, at their option, further distribute the Covered
-     Software under the terms of either this License or such Secondary
-     License(s).
-
-3.4. Notices
-
-     You may not remove or alter the substance of any license notices
-     (including copyright notices, patent notices, disclaimers of warranty, or
-     limitations of liability) contained within the Source Code Form of the
-     Covered Software, except that You may alter any license notices to the
-     extent required to remedy known factual inaccuracies.
-
-3.5. Application of Additional Terms
-
-     You may choose to offer, and to charge a fee for, warranty, support,
-     indemnity or liability obligations to one or more recipients of Covered
-     Software. However, You may do so only on Your own behalf, and not on
-     behalf of any Contributor. You must make it absolutely clear that any
-     such warranty, support, indemnity, or liability obligation is offered by
-     You alone, and You hereby agree to indemnify every Contributor for any
-     liability incurred by such Contributor as a result of warranty, support,
-     indemnity or liability terms You offer. You may include additional
-     disclaimers of warranty and limitations of liability specific to any
-     jurisdiction.
-
-4. Inability to Comply Due to Statute or Regulation
-
-   If it is impossible for You to comply with any of the terms of this License
-   with respect to some or all of the Covered Software due to statute,
-   judicial order, or regulation then You must: (a) comply with the terms of
-   this License to the maximum extent possible; and (b) describe the
-   limitations and the code they affect. Such description must be placed in a
-   text file included with all distributions of the Covered Software under
-   this License. Except to the extent prohibited by statute or regulation,
-   such description must be sufficiently detailed for a recipient of ordinary
-   skill to be able to understand it.
-
-5. Termination
-
-5.1. The rights granted under this License will terminate automatically if You
-     fail to comply with any of its terms. However, if You become compliant,
-     then the rights granted under this License from a particular Contributor
-     are reinstated (a) provisionally, unless and until such Contributor
-     explicitly and finally terminates Your grants, and (b) on an ongoing
-     basis, if such Contributor fails to notify You of the non-compliance by
-     some reasonable means prior to 60 days after You have come back into
-     compliance. Moreover, Your grants from a particular Contributor are
-     reinstated on an ongoing basis if such Contributor notifies You of the
-     non-compliance by some reasonable means, this is the first time You have
-     received notice of non-compliance with this License from such
-     Contributor, and You become compliant prior to 30 days after Your receipt
-     of the notice.
-
-5.2. If You initiate litigation against any entity by asserting a patent
-     infringement claim (excluding declaratory judgment actions,
-     counter-claims, and cross-claims) alleging that a Contributor Version
-     directly or indirectly infringes any patent, then the rights granted to
-     You by any and all Contributors for the Covered Software under Section
-     2.1 of this License shall terminate.
-
-5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
-     license agreements (excluding distributors and resellers) which have been
-     validly granted by You or Your distributors under this License prior to
-     termination shall survive termination.
-
-6. Disclaimer of Warranty
-
-   Covered Software is provided under this License on an "as is" basis,
-   without warranty of any kind, either expressed, implied, or statutory,
-   including, without limitation, warranties that the Covered Software is free
-   of defects, merchantable, fit for a particular purpose or non-infringing.
-   The entire risk as to the quality and performance of the Covered Software
-   is with You. Should any Covered Software prove defective in any respect,
-   You (not any Contributor) assume the cost of any necessary servicing,
-   repair, or correction. This disclaimer of warranty constitutes an essential
-   part of this License. No use of  any Covered Software is authorized under
-   this License except under this disclaimer.
-
-7. Limitation of Liability
-
-   Under no circumstances and under no legal theory, whether tort (including
-   negligence), contract, or otherwise, shall any Contributor, or anyone who
-   distributes Covered Software as permitted above, be liable to You for any
-   direct, indirect, special, incidental, or consequential damages of any
-   character including, without limitation, damages for lost profits, loss of
-   goodwill, work stoppage, computer failure or malfunction, or any and all
-   other commercial damages or losses, even if such party shall have been
-   informed of the possibility of such damages. This limitation of liability
-   shall not apply to liability for death or personal injury resulting from
-   such party's negligence to the extent applicable law prohibits such
-   limitation. Some jurisdictions do not allow the exclusion or limitation of
-   incidental or consequential damages, so this exclusion and limitation may
-   not apply to You.
-
-8. Litigation
-
-   Any litigation relating to this License may be brought only in the courts
-   of a jurisdiction where the defendant maintains its principal place of
-   business and such litigation shall be governed by laws of that
-   jurisdiction, without reference to its conflict-of-law provisions. Nothing
-   in this Section shall prevent a party's ability to bring cross-claims or
-   counter-claims.
-
-9. Miscellaneous
-
-   This License represents the complete agreement concerning the subject
-   matter hereof. If any provision of this License is held to be
-   unenforceable, such provision shall be reformed only to the extent
-   necessary to make it enforceable. Any law or regulation which provides that
-   the language of a contract shall be construed against the drafter shall not
-   be used to construe this License against a Contributor.
-
-
-10. Versions of the License
-
-10.1. New Versions
-
-      Mozilla Foundation is the license steward. Except as provided in Section
-      10.3, no one other than the license steward has the right to modify or
-      publish new versions of this License. Each version will be given a
-      distinguishing version number.
-
-10.2. Effect of New Versions
-
-      You may distribute the Covered Software under the terms of the version
-      of the License under which You originally received the Covered Software,
-      or under the terms of any subsequent version published by the license
-      steward.
-
-10.3. Modified Versions
-
-      If you create software not governed by this License, and you want to
-      create a new license for such software, you may create and use a
-      modified version of this License if you rename the license and remove
-      any references to the name of the license steward (except to note that
-      such modified license differs from this License).
-
-10.4. Distributing Source Code Form that is Incompatible With Secondary
-      Licenses If You choose to distribute Source Code Form that is
-      Incompatible With Secondary Licenses under the terms of this version of
-      the License, the notice described in Exhibit B of this License must be
-      attached.
-
-Exhibit A - Source Code Form License Notice
-
-      This Source Code Form is subject to the
-      terms of the Mozilla Public License, v.
-      2.0. If a copy of the MPL was not
-      distributed with this file, You can
-      obtain one at
-      http://mozilla.org/MPL/2.0/.
-
-If it is not possible or desirable to put the notice in a particular file,
-then You may include the notice in a location (such as a LICENSE file in a
-relevant directory) where a recipient would be likely to look for such a
-notice.
-
-You may add additional accurate notices of copyright ownership.
-
-Exhibit B - "Incompatible With Secondary Licenses" Notice
-
-      This Source Code Form is "Incompatible
-      With Secondary Licenses", as defined by
-      the Mozilla Public License, v. 2.0.
-
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy.pb.binary.go b/proto-public/pbcatalog/v1alpha1/failover_policy.pb.binary.go
deleted file mode 100644
index 85aa74cd41db..000000000000
--- a/proto-public/pbcatalog/v1alpha1/failover_policy.pb.binary.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbcatalog/v1alpha1/failover_policy.proto
-
-package catalogv1alpha1
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *FailoverPolicy) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *FailoverPolicy) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *FailoverConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *FailoverConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *FailoverDestination) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *FailoverDestination) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go b/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
deleted file mode 100644
index 568405a1cd53..000000000000
--- a/proto-public/pbcatalog/v1alpha1/failover_policy.pb.go
+++ /dev/null
@@ -1,457 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbcatalog/v1alpha1/failover_policy.proto
-
-package catalogv1alpha1
-
-import (
-	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type FailoverMode int32
-
-const (
-	FailoverMode_FAILOVER_MODE_UNSPECIFIED       FailoverMode = 0
-	FailoverMode_FAILOVER_MODE_SEQUENTIAL        FailoverMode = 1
-	FailoverMode_FAILOVER_MODE_ORDER_BY_LOCALITY FailoverMode = 2
-)
-
-// Enum value maps for FailoverMode.
-var (
-	FailoverMode_name = map[int32]string{
-		0: "FAILOVER_MODE_UNSPECIFIED",
-		1: "FAILOVER_MODE_SEQUENTIAL",
-		2: "FAILOVER_MODE_ORDER_BY_LOCALITY",
-	}
-	FailoverMode_value = map[string]int32{
-		"FAILOVER_MODE_UNSPECIFIED":       0,
-		"FAILOVER_MODE_SEQUENTIAL":        1,
-		"FAILOVER_MODE_ORDER_BY_LOCALITY": 2,
-	}
-)
-
-func (x FailoverMode) Enum() *FailoverMode {
-	p := new(FailoverMode)
-	*p = x
-	return p
-}
-
-func (x FailoverMode) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (FailoverMode) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbcatalog_v1alpha1_failover_policy_proto_enumTypes[0].Descriptor()
-}
-
-func (FailoverMode) Type() protoreflect.EnumType {
-	return &file_pbcatalog_v1alpha1_failover_policy_proto_enumTypes[0]
-}
-
-func (x FailoverMode) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use FailoverMode.Descriptor instead.
-func (FailoverMode) EnumDescriptor() ([]byte, []int) {
-	return file_pbcatalog_v1alpha1_failover_policy_proto_rawDescGZIP(), []int{0}
-}
-
-// This is a Resource type.
-type FailoverPolicy struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Config defines failover for any named port not present in PortConfigs.
-	Config *FailoverConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
-	// PortConfigs defines failover for a specific port on this service and takes
-	// precedence over Config.
-	PortConfigs map[string]*FailoverConfig `protobuf:"bytes,2,rep,name=port_configs,json=portConfigs,proto3" json:"port_configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-}
-
-func (x *FailoverPolicy) Reset() {
-	*x = FailoverPolicy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FailoverPolicy) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FailoverPolicy) ProtoMessage() {}
-
-func (x *FailoverPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FailoverPolicy.ProtoReflect.Descriptor instead.
-func (*FailoverPolicy) Descriptor() ([]byte, []int) {
-	return file_pbcatalog_v1alpha1_failover_policy_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *FailoverPolicy) GetConfig() *FailoverConfig {
-	if x != nil {
-		return x.Config
-	}
-	return nil
-}
-
-func (x *FailoverPolicy) GetPortConfigs() map[string]*FailoverConfig {
-	if x != nil {
-		return x.PortConfigs
-	}
-	return nil
-}
-
-type FailoverConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Destinations specifies a fixed list of failover destinations to try. We
-	// never try a destination multiple times, so those are subtracted from this
-	// list before proceeding.
-	Destinations []*FailoverDestination `protobuf:"bytes,1,rep,name=destinations,proto3" json:"destinations,omitempty"`
-	// Mode specifies the type of failover that will be performed. Valid values are
-	// "sequential", "" (equivalent to "sequential") and "order-by-locality".
-	Mode    FailoverMode `protobuf:"varint,2,opt,name=mode,proto3,enum=hashicorp.consul.catalog.v1alpha1.FailoverMode" json:"mode,omitempty"`
-	Regions []string     `protobuf:"bytes,3,rep,name=regions,proto3" json:"regions,omitempty"`
-	// SamenessGroup specifies the sameness group to failover to.
-	SamenessGroup string `protobuf:"bytes,4,opt,name=sameness_group,json=samenessGroup,proto3" json:"sameness_group,omitempty"`
-}
-
-func (x *FailoverConfig) Reset() {
-	*x = FailoverConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FailoverConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FailoverConfig) ProtoMessage() {}
-
-func (x *FailoverConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FailoverConfig.ProtoReflect.Descriptor instead.
-func (*FailoverConfig) Descriptor() ([]byte, []int) {
-	return file_pbcatalog_v1alpha1_failover_policy_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *FailoverConfig) GetDestinations() []*FailoverDestination {
-	if x != nil {
-		return x.Destinations
-	}
-	return nil
-}
-
-func (x *FailoverConfig) GetMode() FailoverMode {
-	if x != nil {
-		return x.Mode
-	}
-	return FailoverMode_FAILOVER_MODE_UNSPECIFIED
-}
-
-func (x *FailoverConfig) GetRegions() []string {
-	if x != nil {
-		return x.Regions
-	}
-	return nil
-}
-
-func (x *FailoverConfig) GetSamenessGroup() string {
-	if x != nil {
-		return x.SamenessGroup
-	}
-	return ""
-}
-
-type FailoverDestination struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// This must be a Service.
-	Ref *pbresource.Reference `protobuf:"bytes,1,opt,name=ref,proto3" json:"ref,omitempty"`
-	// TODO: what should an empty port mean?
-	Port       string `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
-	Datacenter string `protobuf:"bytes,3,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
-}
-
-func (x *FailoverDestination) Reset() {
-	*x = FailoverDestination{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FailoverDestination) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FailoverDestination) ProtoMessage() {}
-
-func (x *FailoverDestination) ProtoReflect() protoreflect.Message {
-	mi := &file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FailoverDestination.ProtoReflect.Descriptor instead.
-func (*FailoverDestination) Descriptor() ([]byte, []int) {
-	return file_pbcatalog_v1alpha1_failover_policy_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *FailoverDestination) GetRef() *pbresource.Reference {
-	if x != nil {
-		return x.Ref
-	}
-	return nil
-}
-
-func (x *FailoverDestination) GetPort() string {
-	if x != nil {
-		return x.Port
-	}
-	return ""
-}
-
-func (x *FailoverDestination) GetDatacenter() string {
-	if x != nil {
-		return x.Datacenter
-	}
-	return ""
-}
-
-var File_pbcatalog_v1alpha1_failover_policy_proto protoreflect.FileDescriptor
-
-var file_pbcatalog_v1alpha1_failover_policy_proto_rawDesc = []byte{
-	0x0a, 0x28, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2f, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x21, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74,
-	0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x19, 0x70,
-	0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
-	0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb5, 0x02, 0x0a, 0x0e, 0x46, 0x61, 0x69,
-	0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x49, 0x0a, 0x06, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63,
-	0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x65, 0x0a, 0x0c, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
-	0x50, 0x6f, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79,
-	0x52, 0x0b, 0x70, 0x6f, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x71, 0x0a,
-	0x10, 0x50, 0x6f, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
-	0x6b, 0x65, 0x79, 0x12, 0x47, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
-	0x22, 0xf2, 0x01, 0x0a, 0x0e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x12, 0x5a, 0x0a, 0x0c, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74,
-	0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x61,
-	0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x0c, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
-	0x43, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04,
-	0x6d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x73, 0x18,
-	0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25,
-	0x0a, 0x0e, 0x73, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x22, 0x81, 0x01, 0x0a, 0x13, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76,
-	0x65, 0x72, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x36, 0x0a,
-	0x03, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
-	0x52, 0x03, 0x72, 0x65, 0x66, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74,
-	0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64,
-	0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x2a, 0x70, 0x0a, 0x0c, 0x46, 0x61, 0x69,
-	0x6c, 0x6f, 0x76, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1d, 0x0a, 0x19, 0x46, 0x41, 0x49,
-	0x4c, 0x4f, 0x56, 0x45, 0x52, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45,
-	0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x46, 0x41, 0x49, 0x4c,
-	0x4f, 0x56, 0x45, 0x52, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x45, 0x51, 0x55, 0x45, 0x4e,
-	0x54, 0x49, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x46, 0x41, 0x49, 0x4c, 0x4f, 0x56,
-	0x45, 0x52, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x4f, 0x52, 0x44, 0x45, 0x52, 0x5f, 0x42, 0x59,
-	0x5f, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x49, 0x54, 0x59, 0x10, 0x02, 0x42, 0xb0, 0x02, 0x0a, 0x25,
-	0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x13, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x4b, 0x67, 0x69,
-	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
-	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67,
-	0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f,
-	0x67, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x43, 0xaa,
-	0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c,
-	0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d,
-	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x43, 0x61, 0x74,
-	0x61, 0x6c, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbcatalog_v1alpha1_failover_policy_proto_rawDescOnce sync.Once
-	file_pbcatalog_v1alpha1_failover_policy_proto_rawDescData = file_pbcatalog_v1alpha1_failover_policy_proto_rawDesc
-)
-
-func file_pbcatalog_v1alpha1_failover_policy_proto_rawDescGZIP() []byte {
-	file_pbcatalog_v1alpha1_failover_policy_proto_rawDescOnce.Do(func() {
-		file_pbcatalog_v1alpha1_failover_policy_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbcatalog_v1alpha1_failover_policy_proto_rawDescData)
-	})
-	return file_pbcatalog_v1alpha1_failover_policy_proto_rawDescData
-}
-
-var file_pbcatalog_v1alpha1_failover_policy_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
-var file_pbcatalog_v1alpha1_failover_policy_proto_goTypes = []interface{}{
-	(FailoverMode)(0),            // 0: hashicorp.consul.catalog.v1alpha1.FailoverMode
-	(*FailoverPolicy)(nil),       // 1: hashicorp.consul.catalog.v1alpha1.FailoverPolicy
-	(*FailoverConfig)(nil),       // 2: hashicorp.consul.catalog.v1alpha1.FailoverConfig
-	(*FailoverDestination)(nil),  // 3: hashicorp.consul.catalog.v1alpha1.FailoverDestination
-	nil,                          // 4: hashicorp.consul.catalog.v1alpha1.FailoverPolicy.PortConfigsEntry
-	(*pbresource.Reference)(nil), // 5: hashicorp.consul.resource.Reference
-}
-var file_pbcatalog_v1alpha1_failover_policy_proto_depIdxs = []int32{
-	2, // 0: hashicorp.consul.catalog.v1alpha1.FailoverPolicy.config:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverConfig
-	4, // 1: hashicorp.consul.catalog.v1alpha1.FailoverPolicy.port_configs:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverPolicy.PortConfigsEntry
-	3, // 2: hashicorp.consul.catalog.v1alpha1.FailoverConfig.destinations:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverDestination
-	0, // 3: hashicorp.consul.catalog.v1alpha1.FailoverConfig.mode:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverMode
-	5, // 4: hashicorp.consul.catalog.v1alpha1.FailoverDestination.ref:type_name -> hashicorp.consul.resource.Reference
-	2, // 5: hashicorp.consul.catalog.v1alpha1.FailoverPolicy.PortConfigsEntry.value:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverConfig
-	6, // [6:6] is the sub-list for method output_type
-	6, // [6:6] is the sub-list for method input_type
-	6, // [6:6] is the sub-list for extension type_name
-	6, // [6:6] is the sub-list for extension extendee
-	0, // [0:6] is the sub-list for field type_name
-}
-
-func init() { file_pbcatalog_v1alpha1_failover_policy_proto_init() }
-func file_pbcatalog_v1alpha1_failover_policy_proto_init() {
-	if File_pbcatalog_v1alpha1_failover_policy_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FailoverPolicy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FailoverConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FailoverDestination); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbcatalog_v1alpha1_failover_policy_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   4,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbcatalog_v1alpha1_failover_policy_proto_goTypes,
-		DependencyIndexes: file_pbcatalog_v1alpha1_failover_policy_proto_depIdxs,
-		EnumInfos:         file_pbcatalog_v1alpha1_failover_policy_proto_enumTypes,
-		MessageInfos:      file_pbcatalog_v1alpha1_failover_policy_proto_msgTypes,
-	}.Build()
-	File_pbcatalog_v1alpha1_failover_policy_proto = out.File
-	file_pbcatalog_v1alpha1_failover_policy_proto_rawDesc = nil
-	file_pbcatalog_v1alpha1_failover_policy_proto_goTypes = nil
-	file_pbcatalog_v1alpha1_failover_policy_proto_depIdxs = nil
-}
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy.proto b/proto-public/pbcatalog/v1alpha1/failover_policy.proto
deleted file mode 100644
index 69dcec0d973d..000000000000
--- a/proto-public/pbcatalog/v1alpha1/failover_policy.proto
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.catalog.v1alpha1;
-
-import "pbresource/resource.proto";
-
-// This is a Resource type.
-message FailoverPolicy {
-  // Config defines failover for any named port not present in PortConfigs.
-  FailoverConfig config = 1;
-
-  // PortConfigs defines failover for a specific port on this service and takes
-  // precedence over Config.
-  map<string, FailoverConfig> port_configs = 2;
-}
-
-message FailoverConfig {
-  // Destinations specifies a fixed list of failover destinations to try. We
-  // never try a destination multiple times, so those are subtracted from this
-  // list before proceeding.
-  repeated FailoverDestination destinations = 1;
-
-  // Mode specifies the type of failover that will be performed. Valid values are
-  // "sequential", "" (equivalent to "sequential") and "order-by-locality".
-  FailoverMode mode = 2;
-  repeated string regions = 3;
-
-  // SamenessGroup specifies the sameness group to failover to.
-  string sameness_group = 4;
-}
-
-message FailoverDestination {
-  // This must be a Service.
-  hashicorp.consul.resource.Reference ref = 1;
-  // TODO: what should an empty port mean?
-  string port = 2;
-  string datacenter = 3;
-}
-
-enum FailoverMode {
-  FAILOVER_MODE_UNSPECIFIED = 0;
-  FAILOVER_MODE_SEQUENTIAL = 1;
-  FAILOVER_MODE_ORDER_BY_LOCALITY = 2;
-}
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go b/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
deleted file mode 100644
index 8c1f2d104cae..000000000000
--- a/proto-public/pbcatalog/v1alpha1/failover_policy_extras.go
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package catalogv1alpha1
-
-import pbresource "github.com/hashicorp/consul/proto-public/pbresource"
-
-// GetUnderlyingDestinations will collect FailoverDestinations from all
-// internal fields and bundle them up in one slice.
-//
-// NOTE: no deduplication occurs.
-func (x *FailoverPolicy) GetUnderlyingDestinations() []*FailoverDestination {
-	if x == nil {
-		return nil
-	}
-
-	estimate := 0
-	if x.Config != nil {
-		estimate += len(x.Config.Destinations)
-	}
-	for _, pc := range x.PortConfigs {
-		estimate += len(pc.Destinations)
-	}
-
-	out := make([]*FailoverDestination, 0, estimate)
-	if x.Config != nil {
-		out = append(out, x.Config.Destinations...)
-	}
-	for _, pc := range x.PortConfigs {
-		out = append(out, pc.Destinations...)
-	}
-	return out
-}
-
-// GetUnderlyingDestinationRefs is like GetUnderlyingDestinations except it
-// returns a slice of References.
-//
-// NOTE: no deduplication occurs.
-func (x *FailoverPolicy) GetUnderlyingDestinationRefs() []*pbresource.Reference {
-	if x == nil {
-		return nil
-	}
-
-	dests := x.GetUnderlyingDestinations()
-
-	out := make([]*pbresource.Reference, 0, len(dests))
-	for _, dest := range dests {
-		if dest.Ref != nil {
-			out = append(out, dest.Ref)
-		}
-	}
-
-	return out
-}
-
-// IsEmpty returns true if a config has no definition.
-func (x *FailoverConfig) IsEmpty() bool {
-	if x == nil {
-		return true
-	}
-	return len(x.Destinations) == 0 &&
-		x.Mode == 0 &&
-		len(x.Regions) == 0 &&
-		x.SamenessGroup == ""
-}
diff --git a/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go b/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go
deleted file mode 100644
index f9fe3e879dca..000000000000
--- a/proto-public/pbcatalog/v1alpha1/failover_policy_extras_test.go
+++ /dev/null
@@ -1,171 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-package catalogv1alpha1
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/encoding/protojson"
-	"google.golang.org/protobuf/proto"
-
-	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-func TestFailoverPolicy_IsEmpty(t *testing.T) {
-	t.Run("nil", func(t *testing.T) {
-		var fc *FailoverConfig
-		require.True(t, fc.IsEmpty())
-	})
-	t.Run("empty", func(t *testing.T) {
-		fc := &FailoverConfig{}
-		require.True(t, fc.IsEmpty())
-	})
-	t.Run("dest", func(t *testing.T) {
-		fc := &FailoverConfig{
-			Destinations: []*FailoverDestination{
-				newFailoverDestination("foo"),
-			},
-		}
-		require.False(t, fc.IsEmpty())
-	})
-	t.Run("regions", func(t *testing.T) {
-		fc := &FailoverConfig{
-			Regions: []string{"us-east"},
-		}
-		require.False(t, fc.IsEmpty())
-	})
-	t.Run("regions", func(t *testing.T) {
-		fc := &FailoverConfig{
-			SamenessGroup: "blah",
-		}
-		require.False(t, fc.IsEmpty())
-	})
-}
-
-func TestFailoverPolicy_GetUnderlyingDestinations_AndRefs(t *testing.T) {
-	type testcase struct {
-		failover    *FailoverPolicy
-		expectDests []*FailoverDestination
-		expectRefs  []*pbresource.Reference
-	}
-
-	run := func(t *testing.T, tc testcase) {
-		assertSliceEquals(t, tc.expectDests, tc.failover.GetUnderlyingDestinations())
-		assertSliceEquals(t, tc.expectRefs, tc.failover.GetUnderlyingDestinationRefs())
-	}
-
-	cases := map[string]testcase{
-		"nil": {},
-		"kitchen sink dests": {
-			failover: &FailoverPolicy{
-				Config: &FailoverConfig{
-					Destinations: []*FailoverDestination{
-						newFailoverDestination("foo"),
-						newFailoverDestination("bar"),
-					},
-				},
-				PortConfigs: map[string]*FailoverConfig{
-					"admin": {
-						Destinations: []*FailoverDestination{
-							newFailoverDestination("admin"),
-						},
-					},
-					"web": {
-						Destinations: []*FailoverDestination{
-							newFailoverDestination("foo"), // duplicated
-							newFailoverDestination("www"),
-						},
-					},
-				},
-			},
-			expectDests: []*FailoverDestination{
-				newFailoverDestination("foo"),
-				newFailoverDestination("bar"),
-				newFailoverDestination("admin"),
-				newFailoverDestination("foo"), // duplicated
-				newFailoverDestination("www"),
-			},
-			expectRefs: []*pbresource.Reference{
-				newFailoverRef("foo"),
-				newFailoverRef("bar"),
-				newFailoverRef("admin"),
-				newFailoverRef("foo"), // duplicated
-				newFailoverRef("www"),
-			},
-		},
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
-
-func assertSliceEquals[V proto.Message](t *testing.T, expect, got []V) {
-	t.Helper()
-
-	require.Len(t, got, len(expect))
-
-	// O(N*M) scan
-	var expectedMissing []string
-	for _, expectVal := range expect {
-		found := false
-		for j, gotVal := range got {
-			if proto.Equal(expectVal, gotVal) {
-				found = true
-				got = append(got[:j], got[j+1:]...) // remove found item
-				break
-			}
-		}
-
-		if !found {
-			expectedMissing = append(expectedMissing, protoToString(t, expectVal))
-		}
-	}
-
-	if len(expectedMissing) > 0 || len(got) > 0 {
-		var gotMissing []string
-		for _, gotVal := range got {
-			gotMissing = append(gotMissing, protoToString(t, gotVal))
-		}
-
-		t.Fatalf("assertion failed: unmatched values\n\texpected: %s\n\tactual: %s",
-			expectedMissing,
-			gotMissing,
-		)
-	}
-}
-
-func protoToString[V proto.Message](t *testing.T, pb V) string {
-	m := protojson.MarshalOptions{
-		Indent: "  ",
-	}
-	gotJSON, err := m.Marshal(pb)
-	require.NoError(t, err)
-	return string(gotJSON)
-}
-
-func newFailoverRef(name string) *pbresource.Reference {
-	return &pbresource.Reference{
-		Type: &pbresource.Type{
-			Group:        "fake",
-			GroupVersion: "v1alpha1",
-			Kind:         "fake",
-		},
-		Tenancy: &pbresource.Tenancy{
-			Partition: "default",
-			Namespace: "default",
-			PeerName:  "local",
-		},
-		Name: name,
-	}
-}
-
-func newFailoverDestination(name string) *FailoverDestination {
-	return &FailoverDestination{
-		Ref: newFailoverRef(name),
-	}
-}
diff --git a/proto-public/pbcatalog/v1alpha1/protocol.pb.go b/proto-public/pbcatalog/v1alpha1/protocol.pb.go
index 6e2ba0efb000..71e89aab4aa5 100644
--- a/proto-public/pbcatalog/v1alpha1/protocol.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/protocol.pb.go
@@ -26,32 +26,30 @@ const (
 type Protocol int32
 
 const (
-	Protocol_PROTOCOL_UNSPECIFIED Protocol = 0
-	Protocol_PROTOCOL_TCP         Protocol = 1
-	Protocol_PROTOCOL_HTTP        Protocol = 2
-	Protocol_PROTOCOL_HTTP2       Protocol = 3
-	Protocol_PROTOCOL_GRPC        Protocol = 4
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	Protocol_PROTOCOL_TCP   Protocol = 0
+	Protocol_PROTOCOL_HTTP  Protocol = 1
+	Protocol_PROTOCOL_HTTP2 Protocol = 2
+	Protocol_PROTOCOL_GRPC  Protocol = 3
 	// Protocol Mesh indicates that this port can speak Consul's mTLS based mesh protocol.
-	Protocol_PROTOCOL_MESH Protocol = 5
+	Protocol_PROTOCOL_MESH Protocol = 4
 )
 
 // Enum value maps for Protocol.
 var (
 	Protocol_name = map[int32]string{
-		0: "PROTOCOL_UNSPECIFIED",
-		1: "PROTOCOL_TCP",
-		2: "PROTOCOL_HTTP",
-		3: "PROTOCOL_HTTP2",
-		4: "PROTOCOL_GRPC",
-		5: "PROTOCOL_MESH",
+		0: "PROTOCOL_TCP",
+		1: "PROTOCOL_HTTP",
+		2: "PROTOCOL_HTTP2",
+		3: "PROTOCOL_GRPC",
+		4: "PROTOCOL_MESH",
 	}
 	Protocol_value = map[string]int32{
-		"PROTOCOL_UNSPECIFIED": 0,
-		"PROTOCOL_TCP":         1,
-		"PROTOCOL_HTTP":        2,
-		"PROTOCOL_HTTP2":       3,
-		"PROTOCOL_GRPC":        4,
-		"PROTOCOL_MESH":        5,
+		"PROTOCOL_TCP":   0,
+		"PROTOCOL_HTTP":  1,
+		"PROTOCOL_HTTP2": 2,
+		"PROTOCOL_GRPC":  3,
+		"PROTOCOL_MESH":  4,
 	}
 )
 
@@ -89,35 +87,33 @@ var file_pbcatalog_v1alpha1_protocol_proto_rawDesc = []byte{
 	0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x12, 0x21, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2a, 0x83, 0x01, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f,
-	0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f,
-	0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a,
-	0x0c, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x54, 0x43, 0x50, 0x10, 0x01, 0x12,
-	0x11, 0x0a, 0x0d, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50,
-	0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x48,
-	0x54, 0x54, 0x50, 0x32, 0x10, 0x03, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43,
-	0x4f, 0x4c, 0x5f, 0x47, 0x52, 0x50, 0x43, 0x10, 0x04, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x52, 0x4f,
-	0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x4d, 0x45, 0x53, 0x48, 0x10, 0x05, 0x42, 0xaa, 0x02, 0x0a,
-	0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
-	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x4b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
-	0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69,
-	0x63, 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x43, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x43, 0x61,
-	0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02,
-	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x3a,
-	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2a, 0x69, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
+	0x6f, 0x6c, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x54,
+	0x43, 0x50, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c,
+	0x5f, 0x48, 0x54, 0x54, 0x50, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x54, 0x4f,
+	0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x32, 0x10, 0x02, 0x12, 0x11, 0x0a, 0x0d, 0x50,
+	0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x47, 0x52, 0x50, 0x43, 0x10, 0x03, 0x12, 0x11,
+	0x0a, 0x0d, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x4d, 0x45, 0x53, 0x48, 0x10,
+	0x04, 0x42, 0xaa, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c,
+	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d, 0x50, 0x72, 0x6f,
+	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x4b, 0x67, 0x69,
+	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
+	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67,
+	0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f,
+	0x67, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x43, 0xaa,
+	0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c,
+	0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x43, 0x61, 0x74,
+	0x61, 0x6c, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/proto-public/pbcatalog/v1alpha1/protocol.proto b/proto-public/pbcatalog/v1alpha1/protocol.proto
index 909271b9a6cc..a18351c5d6d8 100644
--- a/proto-public/pbcatalog/v1alpha1/protocol.proto
+++ b/proto-public/pbcatalog/v1alpha1/protocol.proto
@@ -6,12 +6,12 @@ syntax = "proto3";
 package hashicorp.consul.catalog.v1alpha1;
 
 enum Protocol {
-  PROTOCOL_UNSPECIFIED = 0;
-  PROTOCOL_TCP = 1;
-  PROTOCOL_HTTP = 2;
-  PROTOCOL_HTTP2 = 3;
-  PROTOCOL_GRPC = 4;
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+  PROTOCOL_TCP = 0;
+  PROTOCOL_HTTP = 1;
+  PROTOCOL_HTTP2 = 2;
+  PROTOCOL_GRPC = 3;
 
   // Protocol Mesh indicates that this port can speak Consul's mTLS based mesh protocol.
-  PROTOCOL_MESH = 5;
+  PROTOCOL_MESH = 4;
 }
diff --git a/proto-public/pbcatalog/v1alpha1/selector.pb.go b/proto-public/pbcatalog/v1alpha1/selector.pb.go
index 8caf0f51d6c8..a6f5a3ef880d 100644
--- a/proto-public/pbcatalog/v1alpha1/selector.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/selector.pb.go
@@ -31,7 +31,6 @@ type WorkloadSelector struct {
 
 	Prefixes []string `protobuf:"bytes,1,rep,name=prefixes,proto3" json:"prefixes,omitempty"`
 	Names    []string `protobuf:"bytes,2,rep,name=names,proto3" json:"names,omitempty"`
-	Filter   string   `protobuf:"bytes,3,opt,name=filter,proto3" json:"filter,omitempty"`
 }
 
 func (x *WorkloadSelector) Reset() {
@@ -80,13 +79,6 @@ func (x *WorkloadSelector) GetNames() []string {
 	return nil
 }
 
-func (x *WorkloadSelector) GetFilter() string {
-	if x != nil {
-		return x.Filter
-	}
-	return ""
-}
-
 var File_pbcatalog_v1alpha1_selector_proto protoreflect.FileDescriptor
 
 var file_pbcatalog_v1alpha1_selector_proto_rawDesc = []byte{
@@ -94,32 +86,31 @@ var file_pbcatalog_v1alpha1_selector_proto_rawDesc = []byte{
 	0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x12, 0x21, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0x5c, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0x44, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f,
 	0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72,
 	0x65, 0x66, 0x69, 0x78, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72,
 	0x65, 0x66, 0x69, 0x78, 0x65, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18,
-	0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06,
-	0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x69,
-	0x6c, 0x74, 0x65, 0x72, 0x42, 0xaa, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61,
-	0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d,
-	0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
-	0x4b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61,
-	0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74,
-	0x61, 0x6c, 0x6f, 0x67, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48,
-	0x43, 0x43, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f,
-	0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61,
-	0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47,
-	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a,
-	0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x42, 0xaa, 0x02, 0x0a,
+	0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x4b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69,
+	0x63, 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x43, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x43, 0x61,
+	0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02,
+	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
+	0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x3a,
+	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
 }
 
 var (
diff --git a/proto-public/pbcatalog/v1alpha1/selector.proto b/proto-public/pbcatalog/v1alpha1/selector.proto
index 1b5aa366e07f..b1b39409ba3a 100644
--- a/proto-public/pbcatalog/v1alpha1/selector.proto
+++ b/proto-public/pbcatalog/v1alpha1/selector.proto
@@ -9,5 +9,4 @@ package hashicorp.consul.catalog.v1alpha1;
 message WorkloadSelector {
   repeated string prefixes = 1;
   repeated string names = 2;
-  string filter = 3;
 }
diff --git a/proto-public/pbcatalog/v1alpha1/service.pb.go b/proto-public/pbcatalog/v1alpha1/service.pb.go
index ac4afa2c9efa..cd72ccf268ff 100644
--- a/proto-public/pbcatalog/v1alpha1/service.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/service.pb.go
@@ -158,7 +158,7 @@ func (x *ServicePort) GetProtocol() Protocol {
 	if x != nil {
 		return x.Protocol
 	}
-	return Protocol_PROTOCOL_UNSPECIFIED
+	return Protocol_PROTOCOL_TCP
 }
 
 var File_pbcatalog_v1alpha1_service_proto protoreflect.FileDescriptor
diff --git a/proto-public/pbcatalog/v1alpha1/workload.pb.go b/proto-public/pbcatalog/v1alpha1/workload.pb.go
index e6fa7936d0b3..e1f75d810cb8 100644
--- a/proto-public/pbcatalog/v1alpha1/workload.pb.go
+++ b/proto-public/pbcatalog/v1alpha1/workload.pb.go
@@ -269,7 +269,7 @@ func (x *WorkloadPort) GetProtocol() Protocol {
 	if x != nil {
 		return x.Protocol
 	}
-	return Protocol_PROTOCOL_UNSPECIFIED
+	return Protocol_PROTOCOL_TCP
 }
 
 type Locality struct {
diff --git a/proto-public/pbmesh/v1alpha1/common.pb.binary.go b/proto-public/pbmesh/v1alpha1/common.pb.binary.go
deleted file mode 100644
index a02a97e494a1..000000000000
--- a/proto-public/pbmesh/v1alpha1/common.pb.binary.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/common.proto
-
-package meshv1alpha1
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *ParentReference) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *ParentReference) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *BackendReference) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *BackendReference) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/common.pb.go b/proto-public/pbmesh/v1alpha1/common.pb.go
deleted file mode 100644
index 4262d3872c3d..000000000000
--- a/proto-public/pbmesh/v1alpha1/common.pb.go
+++ /dev/null
@@ -1,307 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/common.proto
-
-package meshv1alpha1
-
-import (
-	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// NOTE: roughly equivalent to structs.ResourceReference
-type ParentReference struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// For east/west configuration, this should point to a pbcatalog.Service.
-	// For north/south it should point to a gateway (TBD)
-	Ref *pbresource.Reference `protobuf:"bytes,1,opt,name=ref,proto3" json:"ref,omitempty"`
-	// Port is the network port this Route targets. It can be interpreted
-	// differently based on the type of parent resource.
-	//
-	// When the parent resource is a Gateway, this targets all listeners
-	// listening on the specified port that also support this kind of Route(and
-	// select this Route). It’s not recommended to set Port unless the networking
-	// behaviors specified in a Route must apply to a specific port as opposed to
-	// a listener(s) whose port(s) may be changed. When both Port and SectionName
-	// are specified, the name and port of the selected listener must match both
-	// specified values.
-	//
-	// Implementations MAY choose to support other parent resources.
-	// Implementations supporting other types of parent resources MUST clearly
-	// document how/if Port is interpreted.
-	//
-	// For the purpose of status, an attachment is considered successful as long
-	// as the parent resource accepts it partially. For example, Gateway
-	// listeners can restrict which Routes can attach to them by Route kind,
-	// namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
-	// the referencing Route, the Route MUST be considered successfully attached.
-	// If no Gateway listeners accept attachment from this Route, the Route MUST
-	// be considered detached from the Gateway.
-	//
-	// For east/west this is the name of the consul port.
-	// For north/south this is the stringified integer port expected by GAMMA.
-	//
-	// https://gateway-api.sigs.k8s.io/geps/gep-957/
-	Port string `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
-}
-
-func (x *ParentReference) Reset() {
-	*x = ParentReference{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_common_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ParentReference) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ParentReference) ProtoMessage() {}
-
-func (x *ParentReference) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_common_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ParentReference.ProtoReflect.Descriptor instead.
-func (*ParentReference) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_common_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *ParentReference) GetRef() *pbresource.Reference {
-	if x != nil {
-		return x.Ref
-	}
-	return nil
-}
-
-func (x *ParentReference) GetPort() string {
-	if x != nil {
-		return x.Port
-	}
-	return ""
-}
-
-type BackendReference struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// For east/west configuration, this should point to either a
-	// pbcatalog.Service or ServiceSubset.
-	//
-	// For Partition/PeerName fields likely we could map them to ServiceImports
-	// (MCS+GAMMA) when translating
-	Ref *pbresource.Reference `protobuf:"bytes,1,opt,name=ref,proto3" json:"ref,omitempty"`
-	// For east/west this is the name of the consul port.
-	Port string `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
-	// NOT IN GAMMA; multi-cluster + GWapi is still unknown
-	//
-	// Likely we could map this to ServiceImports (MCS+GAMMA) when translating
-	// to/from k8s.
-	//
-	// https://gateway-api.sigs.k8s.io/geps/gep-1748/
-	Datacenter string `protobuf:"bytes,3,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
-}
-
-func (x *BackendReference) Reset() {
-	*x = BackendReference{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_common_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *BackendReference) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*BackendReference) ProtoMessage() {}
-
-func (x *BackendReference) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_common_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use BackendReference.ProtoReflect.Descriptor instead.
-func (*BackendReference) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_common_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *BackendReference) GetRef() *pbresource.Reference {
-	if x != nil {
-		return x.Ref
-	}
-	return nil
-}
-
-func (x *BackendReference) GetPort() string {
-	if x != nil {
-		return x.Port
-	}
-	return ""
-}
-
-func (x *BackendReference) GetDatacenter() string {
-	if x != nil {
-		return x.Datacenter
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_common_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_common_proto_rawDesc = []byte{
-	0x0a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x19,
-	0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75,
-	0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x5d, 0x0a, 0x0f, 0x50, 0x61, 0x72,
-	0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x36, 0x0a, 0x03,
-	0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52,
-	0x03, 0x72, 0x65, 0x66, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x7e, 0x0a, 0x10, 0x42, 0x61, 0x63, 0x6b,
-	0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x36, 0x0a, 0x03,
-	0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52,
-	0x03, 0x72, 0x65, 0x66, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61,
-	0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x61,
-	0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x42, 0x93, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42,
-	0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45,
-	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d,
-	0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
-	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a,
-	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47,
-	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a,
-	0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_common_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_common_proto_rawDescData = file_pbmesh_v1alpha1_common_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_common_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_common_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_common_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_common_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_common_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
-var file_pbmesh_v1alpha1_common_proto_goTypes = []interface{}{
-	(*ParentReference)(nil),      // 0: hashicorp.consul.mesh.v1alpha1.ParentReference
-	(*BackendReference)(nil),     // 1: hashicorp.consul.mesh.v1alpha1.BackendReference
-	(*pbresource.Reference)(nil), // 2: hashicorp.consul.resource.Reference
-}
-var file_pbmesh_v1alpha1_common_proto_depIdxs = []int32{
-	2, // 0: hashicorp.consul.mesh.v1alpha1.ParentReference.ref:type_name -> hashicorp.consul.resource.Reference
-	2, // 1: hashicorp.consul.mesh.v1alpha1.BackendReference.ref:type_name -> hashicorp.consul.resource.Reference
-	2, // [2:2] is the sub-list for method output_type
-	2, // [2:2] is the sub-list for method input_type
-	2, // [2:2] is the sub-list for extension type_name
-	2, // [2:2] is the sub-list for extension extendee
-	0, // [0:2] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_common_proto_init() }
-func file_pbmesh_v1alpha1_common_proto_init() {
-	if File_pbmesh_v1alpha1_common_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_common_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ParentReference); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_common_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*BackendReference); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_common_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   2,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_common_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_common_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_common_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_common_proto = out.File
-	file_pbmesh_v1alpha1_common_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_common_proto_goTypes = nil
-	file_pbmesh_v1alpha1_common_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/common.proto b/proto-public/pbmesh/v1alpha1/common.proto
deleted file mode 100644
index 48668e59dd5a..000000000000
--- a/proto-public/pbmesh/v1alpha1/common.proto
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1;
-
-import "pbresource/resource.proto";
-
-// NOTE: roughly equivalent to structs.ResourceReference
-message ParentReference {
-  // For east/west configuration, this should point to a pbcatalog.Service.
-  // For north/south it should point to a gateway (TBD)
-  hashicorp.consul.resource.Reference ref = 1;
-
-  // Port is the network port this Route targets. It can be interpreted
-  // differently based on the type of parent resource.
-  //
-  // When the parent resource is a Gateway, this targets all listeners
-  // listening on the specified port that also support this kind of Route(and
-  // select this Route). It’s not recommended to set Port unless the networking
-  // behaviors specified in a Route must apply to a specific port as opposed to
-  // a listener(s) whose port(s) may be changed. When both Port and SectionName
-  // are specified, the name and port of the selected listener must match both
-  // specified values.
-  //
-  // Implementations MAY choose to support other parent resources.
-  // Implementations supporting other types of parent resources MUST clearly
-  // document how/if Port is interpreted.
-  //
-  // For the purpose of status, an attachment is considered successful as long
-  // as the parent resource accepts it partially. For example, Gateway
-  // listeners can restrict which Routes can attach to them by Route kind,
-  // namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
-  // the referencing Route, the Route MUST be considered successfully attached.
-  // If no Gateway listeners accept attachment from this Route, the Route MUST
-  // be considered detached from the Gateway.
-  //
-  // For east/west this is the name of the consul port.
-  // For north/south this is the stringified integer port expected by GAMMA.
-  //
-  // https://gateway-api.sigs.k8s.io/geps/gep-957/
-  string port = 2;
-}
-
-message BackendReference {
-  // For east/west configuration, this should point to either a
-  // pbcatalog.Service or ServiceSubset.
-  //
-  // For Partition/PeerName fields likely we could map them to ServiceImports
-  // (MCS+GAMMA) when translating
-  hashicorp.consul.resource.Reference ref = 1;
-
-  // For east/west this is the name of the consul port.
-  string port = 2;
-
-  // NOT IN GAMMA; multi-cluster + GWapi is still unknown
-  //
-  // Likely we could map this to ServiceImports (MCS+GAMMA) when translating
-  // to/from k8s.
-  //
-  // https://gateway-api.sigs.k8s.io/geps/gep-1748/
-  string datacenter = 3;
-}
diff --git a/proto-public/pbmesh/v1alpha1/computed_routes.pb.binary.go b/proto-public/pbmesh/v1alpha1/computed_routes.pb.binary.go
deleted file mode 100644
index cd30ceac2707..000000000000
--- a/proto-public/pbmesh/v1alpha1/computed_routes.pb.binary.go
+++ /dev/null
@@ -1,128 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/computed_routes.proto
-
-package meshv1alpha1
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *ComputedRoutes) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *ComputedRoutes) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *ComputedPortRoutes) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *ComputedPortRoutes) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InterpretedHTTPRoute) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InterpretedHTTPRoute) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InterpretedHTTPRouteRule) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InterpretedHTTPRouteRule) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InterpretedHTTPBackendRef) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InterpretedHTTPBackendRef) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InterpretedGRPCRoute) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InterpretedGRPCRoute) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InterpretedGRPCRouteRule) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InterpretedGRPCRouteRule) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InterpretedGRPCBackendRef) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InterpretedGRPCBackendRef) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InterpretedTCPRoute) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InterpretedTCPRoute) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InterpretedTCPRouteRule) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InterpretedTCPRouteRule) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InterpretedTCPBackendRef) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InterpretedTCPBackendRef) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *BackendTargetDetails) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *BackendTargetDetails) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/computed_routes.pb.go b/proto-public/pbmesh/v1alpha1/computed_routes.pb.go
deleted file mode 100644
index 605e4fbd679e..000000000000
--- a/proto-public/pbmesh/v1alpha1/computed_routes.pb.go
+++ /dev/null
@@ -1,1321 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/computed_routes.proto
-
-package meshv1alpha1
-
-import (
-	v1alpha1 "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// This is a Resource type.
-type ComputedRoutes struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	PortedConfigs map[string]*ComputedPortRoutes `protobuf:"bytes,1,rep,name=ported_configs,json=portedConfigs,proto3" json:"ported_configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-}
-
-func (x *ComputedRoutes) Reset() {
-	*x = ComputedRoutes{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ComputedRoutes) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ComputedRoutes) ProtoMessage() {}
-
-func (x *ComputedRoutes) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ComputedRoutes.ProtoReflect.Descriptor instead.
-func (*ComputedRoutes) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *ComputedRoutes) GetPortedConfigs() map[string]*ComputedPortRoutes {
-	if x != nil {
-		return x.PortedConfigs
-	}
-	return nil
-}
-
-type ComputedPortRoutes struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Types that are assignable to Config:
-	//
-	//	*ComputedPortRoutes_Http
-	//	*ComputedPortRoutes_Grpc
-	//	*ComputedPortRoutes_Tcp
-	Config             isComputedPortRoutes_Config `protobuf_oneof:"config"`
-	UsingDefaultConfig bool                        `protobuf:"varint,4,opt,name=using_default_config,json=usingDefaultConfig,proto3" json:"using_default_config,omitempty"` // TODO
-	// map key is an opaque string; like disco chain target name
-	Targets map[string]*BackendTargetDetails `protobuf:"bytes,5,rep,name=targets,proto3" json:"targets,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-}
-
-func (x *ComputedPortRoutes) Reset() {
-	*x = ComputedPortRoutes{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ComputedPortRoutes) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ComputedPortRoutes) ProtoMessage() {}
-
-func (x *ComputedPortRoutes) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ComputedPortRoutes.ProtoReflect.Descriptor instead.
-func (*ComputedPortRoutes) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{1}
-}
-
-func (m *ComputedPortRoutes) GetConfig() isComputedPortRoutes_Config {
-	if m != nil {
-		return m.Config
-	}
-	return nil
-}
-
-func (x *ComputedPortRoutes) GetHttp() *InterpretedHTTPRoute {
-	if x, ok := x.GetConfig().(*ComputedPortRoutes_Http); ok {
-		return x.Http
-	}
-	return nil
-}
-
-func (x *ComputedPortRoutes) GetGrpc() *InterpretedGRPCRoute {
-	if x, ok := x.GetConfig().(*ComputedPortRoutes_Grpc); ok {
-		return x.Grpc
-	}
-	return nil
-}
-
-func (x *ComputedPortRoutes) GetTcp() *InterpretedTCPRoute {
-	if x, ok := x.GetConfig().(*ComputedPortRoutes_Tcp); ok {
-		return x.Tcp
-	}
-	return nil
-}
-
-func (x *ComputedPortRoutes) GetUsingDefaultConfig() bool {
-	if x != nil {
-		return x.UsingDefaultConfig
-	}
-	return false
-}
-
-func (x *ComputedPortRoutes) GetTargets() map[string]*BackendTargetDetails {
-	if x != nil {
-		return x.Targets
-	}
-	return nil
-}
-
-type isComputedPortRoutes_Config interface {
-	isComputedPortRoutes_Config()
-}
-
-type ComputedPortRoutes_Http struct {
-	Http *InterpretedHTTPRoute `protobuf:"bytes,1,opt,name=http,proto3,oneof"`
-}
-
-type ComputedPortRoutes_Grpc struct {
-	Grpc *InterpretedGRPCRoute `protobuf:"bytes,2,opt,name=grpc,proto3,oneof"`
-}
-
-type ComputedPortRoutes_Tcp struct {
-	Tcp *InterpretedTCPRoute `protobuf:"bytes,3,opt,name=tcp,proto3,oneof"`
-}
-
-func (*ComputedPortRoutes_Http) isComputedPortRoutes_Config() {}
-
-func (*ComputedPortRoutes_Grpc) isComputedPortRoutes_Config() {}
-
-func (*ComputedPortRoutes_Tcp) isComputedPortRoutes_Config() {}
-
-type InterpretedHTTPRoute struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ParentRef *ParentReference            `protobuf:"bytes,1,opt,name=parent_ref,json=parentRef,proto3" json:"parent_ref,omitempty"`
-	Rules     []*InterpretedHTTPRouteRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
-}
-
-func (x *InterpretedHTTPRoute) Reset() {
-	*x = InterpretedHTTPRoute{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InterpretedHTTPRoute) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InterpretedHTTPRoute) ProtoMessage() {}
-
-func (x *InterpretedHTTPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InterpretedHTTPRoute.ProtoReflect.Descriptor instead.
-func (*InterpretedHTTPRoute) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *InterpretedHTTPRoute) GetParentRef() *ParentReference {
-	if x != nil {
-		return x.ParentRef
-	}
-	return nil
-}
-
-func (x *InterpretedHTTPRoute) GetRules() []*InterpretedHTTPRouteRule {
-	if x != nil {
-		return x.Rules
-	}
-	return nil
-}
-
-type InterpretedHTTPRouteRule struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Matches     []*HTTPRouteMatch            `protobuf:"bytes,1,rep,name=matches,proto3" json:"matches,omitempty"`
-	Filters     []*HTTPRouteFilter           `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"`
-	BackendRefs []*InterpretedHTTPBackendRef `protobuf:"bytes,3,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
-	Timeouts    *HTTPRouteTimeouts           `protobuf:"bytes,4,opt,name=timeouts,proto3" json:"timeouts,omitempty"`
-	Retries     *HTTPRouteRetries            `protobuf:"bytes,5,opt,name=retries,proto3" json:"retries,omitempty"`
-}
-
-func (x *InterpretedHTTPRouteRule) Reset() {
-	*x = InterpretedHTTPRouteRule{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InterpretedHTTPRouteRule) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InterpretedHTTPRouteRule) ProtoMessage() {}
-
-func (x *InterpretedHTTPRouteRule) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InterpretedHTTPRouteRule.ProtoReflect.Descriptor instead.
-func (*InterpretedHTTPRouteRule) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *InterpretedHTTPRouteRule) GetMatches() []*HTTPRouteMatch {
-	if x != nil {
-		return x.Matches
-	}
-	return nil
-}
-
-func (x *InterpretedHTTPRouteRule) GetFilters() []*HTTPRouteFilter {
-	if x != nil {
-		return x.Filters
-	}
-	return nil
-}
-
-func (x *InterpretedHTTPRouteRule) GetBackendRefs() []*InterpretedHTTPBackendRef {
-	if x != nil {
-		return x.BackendRefs
-	}
-	return nil
-}
-
-func (x *InterpretedHTTPRouteRule) GetTimeouts() *HTTPRouteTimeouts {
-	if x != nil {
-		return x.Timeouts
-	}
-	return nil
-}
-
-func (x *InterpretedHTTPRouteRule) GetRetries() *HTTPRouteRetries {
-	if x != nil {
-		return x.Retries
-	}
-	return nil
-}
-
-type InterpretedHTTPBackendRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	BackendTarget string             `protobuf:"bytes,1,opt,name=backend_target,json=backendTarget,proto3" json:"backend_target,omitempty"`
-	Weight        uint32             `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
-	Filters       []*HTTPRouteFilter `protobuf:"bytes,3,rep,name=filters,proto3" json:"filters,omitempty"`
-}
-
-func (x *InterpretedHTTPBackendRef) Reset() {
-	*x = InterpretedHTTPBackendRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InterpretedHTTPBackendRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InterpretedHTTPBackendRef) ProtoMessage() {}
-
-func (x *InterpretedHTTPBackendRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InterpretedHTTPBackendRef.ProtoReflect.Descriptor instead.
-func (*InterpretedHTTPBackendRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *InterpretedHTTPBackendRef) GetBackendTarget() string {
-	if x != nil {
-		return x.BackendTarget
-	}
-	return ""
-}
-
-func (x *InterpretedHTTPBackendRef) GetWeight() uint32 {
-	if x != nil {
-		return x.Weight
-	}
-	return 0
-}
-
-func (x *InterpretedHTTPBackendRef) GetFilters() []*HTTPRouteFilter {
-	if x != nil {
-		return x.Filters
-	}
-	return nil
-}
-
-type InterpretedGRPCRoute struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ParentRef *ParentReference            `protobuf:"bytes,1,opt,name=parent_ref,json=parentRef,proto3" json:"parent_ref,omitempty"`
-	Rules     []*InterpretedGRPCRouteRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
-}
-
-func (x *InterpretedGRPCRoute) Reset() {
-	*x = InterpretedGRPCRoute{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InterpretedGRPCRoute) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InterpretedGRPCRoute) ProtoMessage() {}
-
-func (x *InterpretedGRPCRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InterpretedGRPCRoute.ProtoReflect.Descriptor instead.
-func (*InterpretedGRPCRoute) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *InterpretedGRPCRoute) GetParentRef() *ParentReference {
-	if x != nil {
-		return x.ParentRef
-	}
-	return nil
-}
-
-func (x *InterpretedGRPCRoute) GetRules() []*InterpretedGRPCRouteRule {
-	if x != nil {
-		return x.Rules
-	}
-	return nil
-}
-
-type InterpretedGRPCRouteRule struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Matches     []*GRPCRouteMatch            `protobuf:"bytes,1,rep,name=matches,proto3" json:"matches,omitempty"`
-	Filters     []*GRPCRouteFilter           `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"`
-	BackendRefs []*InterpretedGRPCBackendRef `protobuf:"bytes,3,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
-	Timeouts    *HTTPRouteTimeouts           `protobuf:"bytes,4,opt,name=timeouts,proto3" json:"timeouts,omitempty"`
-	Retries     *HTTPRouteRetries            `protobuf:"bytes,5,opt,name=retries,proto3" json:"retries,omitempty"`
-}
-
-func (x *InterpretedGRPCRouteRule) Reset() {
-	*x = InterpretedGRPCRouteRule{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InterpretedGRPCRouteRule) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InterpretedGRPCRouteRule) ProtoMessage() {}
-
-func (x *InterpretedGRPCRouteRule) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InterpretedGRPCRouteRule.ProtoReflect.Descriptor instead.
-func (*InterpretedGRPCRouteRule) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *InterpretedGRPCRouteRule) GetMatches() []*GRPCRouteMatch {
-	if x != nil {
-		return x.Matches
-	}
-	return nil
-}
-
-func (x *InterpretedGRPCRouteRule) GetFilters() []*GRPCRouteFilter {
-	if x != nil {
-		return x.Filters
-	}
-	return nil
-}
-
-func (x *InterpretedGRPCRouteRule) GetBackendRefs() []*InterpretedGRPCBackendRef {
-	if x != nil {
-		return x.BackendRefs
-	}
-	return nil
-}
-
-func (x *InterpretedGRPCRouteRule) GetTimeouts() *HTTPRouteTimeouts {
-	if x != nil {
-		return x.Timeouts
-	}
-	return nil
-}
-
-func (x *InterpretedGRPCRouteRule) GetRetries() *HTTPRouteRetries {
-	if x != nil {
-		return x.Retries
-	}
-	return nil
-}
-
-type InterpretedGRPCBackendRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	BackendTarget string             `protobuf:"bytes,1,opt,name=backend_target,json=backendTarget,proto3" json:"backend_target,omitempty"`
-	Weight        uint32             `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
-	Filters       []*GRPCRouteFilter `protobuf:"bytes,3,rep,name=filters,proto3" json:"filters,omitempty"`
-}
-
-func (x *InterpretedGRPCBackendRef) Reset() {
-	*x = InterpretedGRPCBackendRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InterpretedGRPCBackendRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InterpretedGRPCBackendRef) ProtoMessage() {}
-
-func (x *InterpretedGRPCBackendRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InterpretedGRPCBackendRef.ProtoReflect.Descriptor instead.
-func (*InterpretedGRPCBackendRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *InterpretedGRPCBackendRef) GetBackendTarget() string {
-	if x != nil {
-		return x.BackendTarget
-	}
-	return ""
-}
-
-func (x *InterpretedGRPCBackendRef) GetWeight() uint32 {
-	if x != nil {
-		return x.Weight
-	}
-	return 0
-}
-
-func (x *InterpretedGRPCBackendRef) GetFilters() []*GRPCRouteFilter {
-	if x != nil {
-		return x.Filters
-	}
-	return nil
-}
-
-type InterpretedTCPRoute struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ParentRef *ParentReference           `protobuf:"bytes,1,opt,name=parent_ref,json=parentRef,proto3" json:"parent_ref,omitempty"`
-	Rules     []*InterpretedTCPRouteRule `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"`
-}
-
-func (x *InterpretedTCPRoute) Reset() {
-	*x = InterpretedTCPRoute{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InterpretedTCPRoute) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InterpretedTCPRoute) ProtoMessage() {}
-
-func (x *InterpretedTCPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InterpretedTCPRoute.ProtoReflect.Descriptor instead.
-func (*InterpretedTCPRoute) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{8}
-}
-
-func (x *InterpretedTCPRoute) GetParentRef() *ParentReference {
-	if x != nil {
-		return x.ParentRef
-	}
-	return nil
-}
-
-func (x *InterpretedTCPRoute) GetRules() []*InterpretedTCPRouteRule {
-	if x != nil {
-		return x.Rules
-	}
-	return nil
-}
-
-type InterpretedTCPRouteRule struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	BackendRefs []*InterpretedTCPBackendRef `protobuf:"bytes,1,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
-}
-
-func (x *InterpretedTCPRouteRule) Reset() {
-	*x = InterpretedTCPRouteRule{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[9]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InterpretedTCPRouteRule) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InterpretedTCPRouteRule) ProtoMessage() {}
-
-func (x *InterpretedTCPRouteRule) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[9]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InterpretedTCPRouteRule.ProtoReflect.Descriptor instead.
-func (*InterpretedTCPRouteRule) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{9}
-}
-
-func (x *InterpretedTCPRouteRule) GetBackendRefs() []*InterpretedTCPBackendRef {
-	if x != nil {
-		return x.BackendRefs
-	}
-	return nil
-}
-
-// TODO: look into smuggling the target through a different typeURL, or just
-// skip in favor of letting the caller do their own lookups?
-type InterpretedTCPBackendRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	BackendTarget string `protobuf:"bytes,1,opt,name=backend_target,json=backendTarget,proto3" json:"backend_target,omitempty"`
-	Weight        uint32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
-}
-
-func (x *InterpretedTCPBackendRef) Reset() {
-	*x = InterpretedTCPBackendRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[10]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InterpretedTCPBackendRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InterpretedTCPBackendRef) ProtoMessage() {}
-
-func (x *InterpretedTCPBackendRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[10]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InterpretedTCPBackendRef.ProtoReflect.Descriptor instead.
-func (*InterpretedTCPBackendRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{10}
-}
-
-func (x *InterpretedTCPBackendRef) GetBackendTarget() string {
-	if x != nil {
-		return x.BackendTarget
-	}
-	return ""
-}
-
-func (x *InterpretedTCPBackendRef) GetWeight() uint32 {
-	if x != nil {
-		return x.Weight
-	}
-	return 0
-}
-
-type BackendTargetDetails struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// identity info
-	BackendRef        *BackendReference        `protobuf:"bytes,1,opt,name=backend_ref,json=backendRef,proto3" json:"backend_ref,omitempty"`
-	NullRouteTraffic  bool                     `protobuf:"varint,2,opt,name=null_route_traffic,json=nullRouteTraffic,proto3" json:"null_route_traffic,omitempty"`
-	Service           *v1alpha1.Service        `protobuf:"bytes,3,opt,name=service,proto3" json:"service,omitempty"`
-	FailoverPolicy    *v1alpha1.FailoverPolicy `protobuf:"bytes,4,opt,name=failover_policy,json=failoverPolicy,proto3" json:"failover_policy,omitempty"`
-	DestinationPolicy *DestinationPolicy       `protobuf:"bytes,5,opt,name=destination_policy,json=destinationPolicy,proto3" json:"destination_policy,omitempty"`
-}
-
-func (x *BackendTargetDetails) Reset() {
-	*x = BackendTargetDetails{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[11]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *BackendTargetDetails) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*BackendTargetDetails) ProtoMessage() {}
-
-func (x *BackendTargetDetails) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[11]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use BackendTargetDetails.ProtoReflect.Descriptor instead.
-func (*BackendTargetDetails) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP(), []int{11}
-}
-
-func (x *BackendTargetDetails) GetBackendRef() *BackendReference {
-	if x != nil {
-		return x.BackendRef
-	}
-	return nil
-}
-
-func (x *BackendTargetDetails) GetNullRouteTraffic() bool {
-	if x != nil {
-		return x.NullRouteTraffic
-	}
-	return false
-}
-
-func (x *BackendTargetDetails) GetService() *v1alpha1.Service {
-	if x != nil {
-		return x.Service
-	}
-	return nil
-}
-
-func (x *BackendTargetDetails) GetFailoverPolicy() *v1alpha1.FailoverPolicy {
-	if x != nil {
-		return x.FailoverPolicy
-	}
-	return nil
-}
-
-func (x *BackendTargetDetails) GetDestinationPolicy() *DestinationPolicy {
-	if x != nil {
-		return x.DestinationPolicy
-	}
-	return nil
-}
-
-var File_pbmesh_v1alpha1_computed_routes_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_computed_routes_proto_rawDesc = []byte{
-	0x0a, 0x25, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65,
-	0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x28, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c,
-	0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x66, 0x61, 0x69, 0x6c,
-	0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x1a, 0x20, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x1a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62, 0x6d,
-	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x67, 0x72, 0x70,
-	0x63, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70,
-	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x68,
-	0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
-	0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x72, 0x65, 0x74, 0x72,
-	0x69, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, 0x70, 0x62, 0x6d, 0x65, 0x73,
-	0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f,
-	0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf0, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65,
-	0x64, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x68, 0x0a, 0x0e, 0x70, 0x6f, 0x72, 0x74, 0x65,
-	0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x2e,
-	0x50, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74,
-	0x72, 0x79, 0x52, 0x0d, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x73, 0x1a, 0x74, 0x0a, 0x12, 0x50, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x48, 0x0a, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74,
-	0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x52, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xfe, 0x03, 0x0a, 0x12, 0x43, 0x6f, 0x6d, 0x70,
-	0x75, 0x74, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x4a,
-	0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x48, 0x00, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x12, 0x4a, 0x0a, 0x04, 0x67, 0x72,
-	0x70, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70,
-	0x72, 0x65, 0x74, 0x65, 0x64, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x48, 0x00,
-	0x52, 0x04, 0x67, 0x72, 0x70, 0x63, 0x12, 0x47, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64,
-	0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x48, 0x00, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12,
-	0x30, 0x0a, 0x14, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
-	0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x75,
-	0x73, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x12, 0x59, 0x0a, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74,
-	0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x52, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x1a, 0x70, 0x0a, 0x0c,
-	0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
-	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x4a,
-	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42,
-	0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x44, 0x65, 0x74, 0x61,
-	0x69, 0x6c, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x08,
-	0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xbc, 0x01, 0x0a, 0x14, 0x49, 0x6e, 0x74,
-	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74,
-	0x65, 0x12, 0x4e, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x66,
-	0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65,
-	0x66, 0x12, 0x4e, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x48, 0x54, 0x54,
-	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65,
-	0x73, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xa8, 0x03, 0x0a, 0x18, 0x49, 0x6e, 0x74, 0x65,
-	0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65,
-	0x52, 0x75, 0x6c, 0x65, 0x12, 0x48, 0x0a, 0x07, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18,
-	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x49,
-	0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72,
-	0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x5c, 0x0a, 0x0c, 0x62, 0x61, 0x63,
-	0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50,
-	0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b, 0x62, 0x61, 0x63, 0x6b,
-	0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x6f,
-	0x75, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52,
-	0x6f, 0x75, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x52, 0x08, 0x74, 0x69,
-	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x12, 0x4a, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65,
-	0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69,
-	0x65, 0x73, 0x22, 0xa5, 0x01, 0x0a, 0x19, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
-	0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66,
-	0x12, 0x25, 0x0a, 0x0e, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x74, 0x61, 0x72, 0x67,
-	0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e,
-	0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68,
-	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12,
-	0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65,
-	0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x22, 0xbc, 0x01, 0x0a, 0x14, 0x49,
-	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f,
-	0x75, 0x74, 0x65, 0x12, 0x4e, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65,
-	0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x52,
-	0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
-	0x52, 0x65, 0x66, 0x12, 0x4e, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x47,
-	0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x72, 0x75,
-	0x6c, 0x65, 0x73, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xa8, 0x03, 0x0a, 0x18, 0x49, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x48, 0x0a, 0x07, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65,
-	0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73,
-	0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74,
-	0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x5c, 0x0a, 0x0c, 0x62,
-	0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x47, 0x52,
-	0x50, 0x43, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b, 0x62, 0x61,
-	0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x74, 0x69, 0x6d,
-	0x65, 0x6f, 0x75, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54,
-	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x52, 0x08,
-	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x12, 0x4a, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72,
-	0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52,
-	0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x07, 0x72, 0x65, 0x74,
-	0x72, 0x69, 0x65, 0x73, 0x22, 0xa5, 0x01, 0x0a, 0x19, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
-	0x65, 0x74, 0x65, 0x64, 0x47, 0x52, 0x50, 0x43, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52,
-	0x65, 0x66, 0x12, 0x25, 0x0a, 0x0e, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x74, 0x61,
-	0x72, 0x67, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x62, 0x61, 0x63, 0x6b,
-	0x65, 0x6e, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69,
-	0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68,
-	0x74, 0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c,
-	0x74, 0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x22, 0xb4, 0x01, 0x0a,
-	0x13, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x54, 0x43, 0x50, 0x52,
-	0x6f, 0x75, 0x74, 0x65, 0x12, 0x4e, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72,
-	0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74,
-	0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e,
-	0x74, 0x52, 0x65, 0x66, 0x12, 0x4d, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64,
-	0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x72, 0x75,
-	0x6c, 0x65, 0x73, 0x22, 0x76, 0x0a, 0x17, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
-	0x65, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x5b,
-	0x0a, 0x0c, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x73, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65,
-	0x64, 0x54, 0x43, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b,
-	0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x73, 0x22, 0x59, 0x0a, 0x18, 0x49,
-	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x54, 0x43, 0x50, 0x42, 0x61, 0x63,
-	0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12, 0x25, 0x0a, 0x0e, 0x62, 0x61, 0x63, 0x6b, 0x65,
-	0x6e, 0x64, 0x5f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0d, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16,
-	0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06,
-	0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0x9b, 0x03, 0x0a, 0x14, 0x42, 0x61, 0x63, 0x6b, 0x65,
-	0x6e, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12,
-	0x51, 0x0a, 0x0b, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66,
-	0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52,
-	0x65, 0x66, 0x12, 0x2c, 0x0a, 0x12, 0x6e, 0x75, 0x6c, 0x6c, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65,
-	0x5f, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10,
-	0x6e, 0x75, 0x6c, 0x6c, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63,
-	0x12, 0x44, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x07, 0x73,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5a, 0x0a, 0x0f, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76,
-	0x65, 0x72, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x52, 0x0e, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x12, 0x60, 0x0a, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63,
-	0x79, 0x52, 0x11, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x42, 0x9b, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x13, 0x43, 0x6f, 0x6d,
-	0x70, 0x75, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f,
-	0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d,
-	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73,
-	0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa,
-	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02,
-	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_computed_routes_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_computed_routes_proto_rawDescData = file_pbmesh_v1alpha1_computed_routes_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_computed_routes_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_computed_routes_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_computed_routes_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_computed_routes_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_computed_routes_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_computed_routes_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
-var file_pbmesh_v1alpha1_computed_routes_proto_goTypes = []interface{}{
-	(*ComputedRoutes)(nil),            // 0: hashicorp.consul.mesh.v1alpha1.ComputedRoutes
-	(*ComputedPortRoutes)(nil),        // 1: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes
-	(*InterpretedHTTPRoute)(nil),      // 2: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRoute
-	(*InterpretedHTTPRouteRule)(nil),  // 3: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule
-	(*InterpretedHTTPBackendRef)(nil), // 4: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPBackendRef
-	(*InterpretedGRPCRoute)(nil),      // 5: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRoute
-	(*InterpretedGRPCRouteRule)(nil),  // 6: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule
-	(*InterpretedGRPCBackendRef)(nil), // 7: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCBackendRef
-	(*InterpretedTCPRoute)(nil),       // 8: hashicorp.consul.mesh.v1alpha1.InterpretedTCPRoute
-	(*InterpretedTCPRouteRule)(nil),   // 9: hashicorp.consul.mesh.v1alpha1.InterpretedTCPRouteRule
-	(*InterpretedTCPBackendRef)(nil),  // 10: hashicorp.consul.mesh.v1alpha1.InterpretedTCPBackendRef
-	(*BackendTargetDetails)(nil),      // 11: hashicorp.consul.mesh.v1alpha1.BackendTargetDetails
-	nil,                               // 12: hashicorp.consul.mesh.v1alpha1.ComputedRoutes.PortedConfigsEntry
-	nil,                               // 13: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.TargetsEntry
-	(*ParentReference)(nil),           // 14: hashicorp.consul.mesh.v1alpha1.ParentReference
-	(*HTTPRouteMatch)(nil),            // 15: hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch
-	(*HTTPRouteFilter)(nil),           // 16: hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
-	(*HTTPRouteTimeouts)(nil),         // 17: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
-	(*HTTPRouteRetries)(nil),          // 18: hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
-	(*GRPCRouteMatch)(nil),            // 19: hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch
-	(*GRPCRouteFilter)(nil),           // 20: hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
-	(*BackendReference)(nil),          // 21: hashicorp.consul.mesh.v1alpha1.BackendReference
-	(*v1alpha1.Service)(nil),          // 22: hashicorp.consul.catalog.v1alpha1.Service
-	(*v1alpha1.FailoverPolicy)(nil),   // 23: hashicorp.consul.catalog.v1alpha1.FailoverPolicy
-	(*DestinationPolicy)(nil),         // 24: hashicorp.consul.mesh.v1alpha1.DestinationPolicy
-}
-var file_pbmesh_v1alpha1_computed_routes_proto_depIdxs = []int32{
-	12, // 0: hashicorp.consul.mesh.v1alpha1.ComputedRoutes.ported_configs:type_name -> hashicorp.consul.mesh.v1alpha1.ComputedRoutes.PortedConfigsEntry
-	2,  // 1: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.http:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRoute
-	5,  // 2: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.grpc:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRoute
-	8,  // 3: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.tcp:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedTCPRoute
-	13, // 4: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.targets:type_name -> hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.TargetsEntry
-	14, // 5: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRoute.parent_ref:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
-	3,  // 6: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule
-	15, // 7: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule.matches:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch
-	16, // 8: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule.filters:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
-	4,  // 9: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedHTTPBackendRef
-	17, // 10: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule.timeouts:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
-	18, // 11: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPRouteRule.retries:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
-	16, // 12: hashicorp.consul.mesh.v1alpha1.InterpretedHTTPBackendRef.filters:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
-	14, // 13: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRoute.parent_ref:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
-	6,  // 14: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule
-	19, // 15: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule.matches:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch
-	20, // 16: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule.filters:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
-	7,  // 17: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedGRPCBackendRef
-	17, // 18: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule.timeouts:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
-	18, // 19: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCRouteRule.retries:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
-	20, // 20: hashicorp.consul.mesh.v1alpha1.InterpretedGRPCBackendRef.filters:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
-	14, // 21: hashicorp.consul.mesh.v1alpha1.InterpretedTCPRoute.parent_ref:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
-	9,  // 22: hashicorp.consul.mesh.v1alpha1.InterpretedTCPRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedTCPRouteRule
-	10, // 23: hashicorp.consul.mesh.v1alpha1.InterpretedTCPRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.InterpretedTCPBackendRef
-	21, // 24: hashicorp.consul.mesh.v1alpha1.BackendTargetDetails.backend_ref:type_name -> hashicorp.consul.mesh.v1alpha1.BackendReference
-	22, // 25: hashicorp.consul.mesh.v1alpha1.BackendTargetDetails.service:type_name -> hashicorp.consul.catalog.v1alpha1.Service
-	23, // 26: hashicorp.consul.mesh.v1alpha1.BackendTargetDetails.failover_policy:type_name -> hashicorp.consul.catalog.v1alpha1.FailoverPolicy
-	24, // 27: hashicorp.consul.mesh.v1alpha1.BackendTargetDetails.destination_policy:type_name -> hashicorp.consul.mesh.v1alpha1.DestinationPolicy
-	1,  // 28: hashicorp.consul.mesh.v1alpha1.ComputedRoutes.PortedConfigsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes
-	11, // 29: hashicorp.consul.mesh.v1alpha1.ComputedPortRoutes.TargetsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.BackendTargetDetails
-	30, // [30:30] is the sub-list for method output_type
-	30, // [30:30] is the sub-list for method input_type
-	30, // [30:30] is the sub-list for extension type_name
-	30, // [30:30] is the sub-list for extension extendee
-	0,  // [0:30] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_computed_routes_proto_init() }
-func file_pbmesh_v1alpha1_computed_routes_proto_init() {
-	if File_pbmesh_v1alpha1_computed_routes_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_common_proto_init()
-	file_pbmesh_v1alpha1_destination_policy_proto_init()
-	file_pbmesh_v1alpha1_grpc_route_proto_init()
-	file_pbmesh_v1alpha1_http_route_proto_init()
-	file_pbmesh_v1alpha1_http_route_retries_proto_init()
-	file_pbmesh_v1alpha1_http_route_timeouts_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ComputedRoutes); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ComputedPortRoutes); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InterpretedHTTPRoute); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InterpretedHTTPRouteRule); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InterpretedHTTPBackendRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InterpretedGRPCRoute); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InterpretedGRPCRouteRule); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InterpretedGRPCBackendRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InterpretedTCPRoute); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InterpretedTCPRouteRule); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InterpretedTCPBackendRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*BackendTargetDetails); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_computed_routes_proto_msgTypes[1].OneofWrappers = []interface{}{
-		(*ComputedPortRoutes_Http)(nil),
-		(*ComputedPortRoutes_Grpc)(nil),
-		(*ComputedPortRoutes_Tcp)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_computed_routes_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   14,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_computed_routes_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_computed_routes_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_computed_routes_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_computed_routes_proto = out.File
-	file_pbmesh_v1alpha1_computed_routes_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_computed_routes_proto_goTypes = nil
-	file_pbmesh_v1alpha1_computed_routes_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/computed_routes.proto b/proto-public/pbmesh/v1alpha1/computed_routes.proto
deleted file mode 100644
index d48d417d6823..000000000000
--- a/proto-public/pbmesh/v1alpha1/computed_routes.proto
+++ /dev/null
@@ -1,99 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1;
-
-import "pbcatalog/v1alpha1/failover_policy.proto";
-import "pbcatalog/v1alpha1/service.proto";
-import "pbmesh/v1alpha1/common.proto";
-import "pbmesh/v1alpha1/destination_policy.proto";
-import "pbmesh/v1alpha1/grpc_route.proto";
-import "pbmesh/v1alpha1/http_route.proto";
-import "pbmesh/v1alpha1/http_route_retries.proto";
-import "pbmesh/v1alpha1/http_route_timeouts.proto";
-
-// This is a Resource type.
-message ComputedRoutes {
-  map<string, ComputedPortRoutes> ported_configs = 1;
-}
-
-message ComputedPortRoutes {
-  oneof config {
-    InterpretedHTTPRoute http = 1;
-    InterpretedGRPCRoute grpc = 2;
-    InterpretedTCPRoute tcp = 3;
-  }
-  bool using_default_config = 4; // TODO
-
-  // map key is an opaque string; like disco chain target name
-  map<string, BackendTargetDetails> targets = 5;
-}
-
-message InterpretedHTTPRoute {
-  ParentReference parent_ref = 1;
-  reserved 2; // hostnames
-  repeated InterpretedHTTPRouteRule rules = 3;
-}
-
-message InterpretedHTTPRouteRule {
-  repeated HTTPRouteMatch matches = 1;
-  repeated HTTPRouteFilter filters = 2;
-  repeated InterpretedHTTPBackendRef backend_refs = 3;
-  HTTPRouteTimeouts timeouts = 4;
-  HTTPRouteRetries retries = 5;
-}
-
-message InterpretedHTTPBackendRef {
-  string backend_target = 1;
-  uint32 weight = 2;
-  repeated HTTPRouteFilter filters = 3;
-}
-
-message InterpretedGRPCRoute {
-  ParentReference parent_ref = 1;
-  reserved 2; // hostnames
-  repeated InterpretedGRPCRouteRule rules = 3;
-}
-
-message InterpretedGRPCRouteRule {
-  repeated GRPCRouteMatch matches = 1;
-  repeated GRPCRouteFilter filters = 2;
-  repeated InterpretedGRPCBackendRef backend_refs = 3;
-  HTTPRouteTimeouts timeouts = 4;
-  HTTPRouteRetries retries = 5;
-}
-
-message InterpretedGRPCBackendRef {
-  string backend_target = 1;
-  uint32 weight = 2;
-  repeated GRPCRouteFilter filters = 3;
-}
-
-message InterpretedTCPRoute {
-  ParentReference parent_ref = 1;
-  repeated InterpretedTCPRouteRule rules = 2;
-}
-
-message InterpretedTCPRouteRule {
-  repeated InterpretedTCPBackendRef backend_refs = 1;
-}
-
-// TODO: look into smuggling the target through a different typeURL, or just
-// skip in favor of letting the caller do their own lookups?
-message InterpretedTCPBackendRef {
-  string backend_target = 1;
-  uint32 weight = 2;
-}
-
-message BackendTargetDetails {
-  // identity info
-  BackendReference backend_ref = 1;
-
-  bool null_route_traffic = 2;
-
-  hashicorp.consul.catalog.v1alpha1.Service service = 3;
-  hashicorp.consul.catalog.v1alpha1.FailoverPolicy failover_policy = 4;
-  DestinationPolicy destination_policy = 5;
-}
diff --git a/proto-public/pbmesh/v1alpha1/connection.pb.go b/proto-public/pbmesh/v1alpha1/connection.pb.go
index 221845b26dbb..5edc0ee76d1d 100644
--- a/proto-public/pbmesh/v1alpha1/connection.pb.go
+++ b/proto-public/pbmesh/v1alpha1/connection.pb.go
@@ -12,7 +12,6 @@ package meshv1alpha1
 import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	durationpb "google.golang.org/protobuf/types/known/durationpb"
 	reflect "reflect"
 	sync "sync"
 )
@@ -24,61 +23,60 @@ const (
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )
 
-type BalanceConnections int32
+type BalanceInboundConnections int32
 
 const (
 	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	BalanceConnections_BALANCE_CONNECTIONS_DEFAULT BalanceConnections = 0
-	BalanceConnections_BALANCE_CONNECTIONS_EXACT   BalanceConnections = 1
+	BalanceInboundConnections_BALANCE_INBOUND_CONNECTIONS_DEFAULT BalanceInboundConnections = 0
+	BalanceInboundConnections_BALANCE_INBOUND_CONNECTIONS_EXACT   BalanceInboundConnections = 1
 )
 
-// Enum value maps for BalanceConnections.
+// Enum value maps for BalanceInboundConnections.
 var (
-	BalanceConnections_name = map[int32]string{
-		0: "BALANCE_CONNECTIONS_DEFAULT",
-		1: "BALANCE_CONNECTIONS_EXACT",
+	BalanceInboundConnections_name = map[int32]string{
+		0: "BALANCE_INBOUND_CONNECTIONS_DEFAULT",
+		1: "BALANCE_INBOUND_CONNECTIONS_EXACT",
 	}
-	BalanceConnections_value = map[string]int32{
-		"BALANCE_CONNECTIONS_DEFAULT": 0,
-		"BALANCE_CONNECTIONS_EXACT":   1,
+	BalanceInboundConnections_value = map[string]int32{
+		"BALANCE_INBOUND_CONNECTIONS_DEFAULT": 0,
+		"BALANCE_INBOUND_CONNECTIONS_EXACT":   1,
 	}
 )
 
-func (x BalanceConnections) Enum() *BalanceConnections {
-	p := new(BalanceConnections)
+func (x BalanceInboundConnections) Enum() *BalanceInboundConnections {
+	p := new(BalanceInboundConnections)
 	*p = x
 	return p
 }
 
-func (x BalanceConnections) String() string {
+func (x BalanceInboundConnections) String() string {
 	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 
-func (BalanceConnections) Descriptor() protoreflect.EnumDescriptor {
+func (BalanceInboundConnections) Descriptor() protoreflect.EnumDescriptor {
 	return file_pbmesh_v1alpha1_connection_proto_enumTypes[0].Descriptor()
 }
 
-func (BalanceConnections) Type() protoreflect.EnumType {
+func (BalanceInboundConnections) Type() protoreflect.EnumType {
 	return &file_pbmesh_v1alpha1_connection_proto_enumTypes[0]
 }
 
-func (x BalanceConnections) Number() protoreflect.EnumNumber {
+func (x BalanceInboundConnections) Number() protoreflect.EnumNumber {
 	return protoreflect.EnumNumber(x)
 }
 
-// Deprecated: Use BalanceConnections.Descriptor instead.
-func (BalanceConnections) EnumDescriptor() ([]byte, []int) {
+// Deprecated: Use BalanceInboundConnections.Descriptor instead.
+func (BalanceInboundConnections) EnumDescriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_connection_proto_rawDescGZIP(), []int{0}
 }
 
-// Referenced by ProxyConfiguration
 type ConnectionConfig struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	ConnectTimeout *durationpb.Duration `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
-	RequestTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=request_timeout,json=requestTimeout,proto3" json:"request_timeout,omitempty"`
+	ConnectTimeoutMs uint64 `protobuf:"varint,2,opt,name=connect_timeout_ms,json=connectTimeoutMs,proto3" json:"connect_timeout_ms,omitempty"`
+	RequestTimeoutMs uint64 `protobuf:"varint,3,opt,name=request_timeout_ms,json=requestTimeoutMs,proto3" json:"request_timeout_ms,omitempty"`
 }
 
 func (x *ConnectionConfig) Reset() {
@@ -113,28 +111,27 @@ func (*ConnectionConfig) Descriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_connection_proto_rawDescGZIP(), []int{0}
 }
 
-func (x *ConnectionConfig) GetConnectTimeout() *durationpb.Duration {
+func (x *ConnectionConfig) GetConnectTimeoutMs() uint64 {
 	if x != nil {
-		return x.ConnectTimeout
+		return x.ConnectTimeoutMs
 	}
-	return nil
+	return 0
 }
 
-func (x *ConnectionConfig) GetRequestTimeout() *durationpb.Duration {
+func (x *ConnectionConfig) GetRequestTimeoutMs() uint64 {
 	if x != nil {
-		return x.RequestTimeout
+		return x.RequestTimeoutMs
 	}
-	return nil
+	return 0
 }
 
-// Referenced by ProxyConfiguration
 type InboundConnectionsConfig struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	MaxInboundConnections     uint64             `protobuf:"varint,12,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
-	BalanceInboundConnections BalanceConnections `protobuf:"varint,13,opt,name=balance_inbound_connections,json=balanceInboundConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceConnections" json:"balance_inbound_connections,omitempty"`
+	MaxInboundConnections     uint64                    `protobuf:"varint,12,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
+	BalanceInboundConnections BalanceInboundConnections `protobuf:"varint,13,opt,name=balance_inbound_connections,json=balanceInboundConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections" json:"balance_inbound_connections,omitempty"`
 }
 
 func (x *InboundConnectionsConfig) Reset() {
@@ -176,11 +173,11 @@ func (x *InboundConnectionsConfig) GetMaxInboundConnections() uint64 {
 	return 0
 }
 
-func (x *InboundConnectionsConfig) GetBalanceInboundConnections() BalanceConnections {
+func (x *InboundConnectionsConfig) GetBalanceInboundConnections() BalanceInboundConnections {
 	if x != nil {
 		return x.BalanceInboundConnections
 	}
-	return BalanceConnections_BALANCE_CONNECTIONS_DEFAULT
+	return BalanceInboundConnections_BALANCE_INBOUND_CONNECTIONS_DEFAULT
 }
 
 var File_pbmesh_v1alpha1_connection_proto protoreflect.FileDescriptor
@@ -190,54 +187,52 @@ var file_pbmesh_v1alpha1_connection_proto_rawDesc = []byte{
 	0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
 	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x22, 0x9a, 0x01, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x42, 0x0a, 0x0f, 0x72,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22,
-	0xc6, 0x01, 0x0a, 0x18, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x17,
-	0x6d, 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, 0x6d,
-	0x61, 0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x72, 0x0a, 0x1b, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x5f,
-	0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e,
-	0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x62,
-	0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2a, 0x54, 0x0a, 0x12, 0x42, 0x61, 0x6c, 0x61,
-	0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1f,
-	0x0a, 0x1b, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43,
-	0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12,
-	0x1d, 0x0a, 0x19, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x4e, 0x45,
-	0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x45, 0x58, 0x41, 0x43, 0x54, 0x10, 0x01, 0x42, 0x97,
-	0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c,
-	0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2,
-	0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x61, 0x31, 0x22, 0x6e, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2c, 0x0a, 0x12, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x04, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x4d, 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f,
+	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04,
+	0x52, 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
+	0x4d, 0x73, 0x22, 0xcd, 0x01, 0x0a, 0x18, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
+	0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04,
+	0x52, 0x15, 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x79, 0x0a, 0x1b, 0x62, 0x61, 0x6c, 0x61, 0x6e,
+	0x63, 0x65, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61,
+	0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65,
+	0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x2a, 0x6b, 0x0a, 0x19, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
+	0x27, 0x0a, 0x23, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x49, 0x4e, 0x42, 0x4f, 0x55,
+	0x4e, 0x44, 0x5f, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x44,
+	0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x25, 0x0a, 0x21, 0x42, 0x41, 0x4c, 0x41,
+	0x4e, 0x43, 0x45, 0x5f, 0x49, 0x4e, 0x42, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x43, 0x4f, 0x4e, 0x4e,
+	0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x45, 0x58, 0x41, 0x43, 0x54, 0x10, 0x01, 0x42,
+	0x97, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0f, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75,
+	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62,
+	0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
 	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
-	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
+	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
+	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
+	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
 }
 
 var (
@@ -255,20 +250,17 @@ func file_pbmesh_v1alpha1_connection_proto_rawDescGZIP() []byte {
 var file_pbmesh_v1alpha1_connection_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
 var file_pbmesh_v1alpha1_connection_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
 var file_pbmesh_v1alpha1_connection_proto_goTypes = []interface{}{
-	(BalanceConnections)(0),          // 0: hashicorp.consul.mesh.v1alpha1.BalanceConnections
+	(BalanceInboundConnections)(0),   // 0: hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections
 	(*ConnectionConfig)(nil),         // 1: hashicorp.consul.mesh.v1alpha1.ConnectionConfig
 	(*InboundConnectionsConfig)(nil), // 2: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig
-	(*durationpb.Duration)(nil),      // 3: google.protobuf.Duration
 }
 var file_pbmesh_v1alpha1_connection_proto_depIdxs = []int32{
-	3, // 0: hashicorp.consul.mesh.v1alpha1.ConnectionConfig.connect_timeout:type_name -> google.protobuf.Duration
-	3, // 1: hashicorp.consul.mesh.v1alpha1.ConnectionConfig.request_timeout:type_name -> google.protobuf.Duration
-	0, // 2: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig.balance_inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceConnections
-	3, // [3:3] is the sub-list for method output_type
-	3, // [3:3] is the sub-list for method input_type
-	3, // [3:3] is the sub-list for extension type_name
-	3, // [3:3] is the sub-list for extension extendee
-	0, // [0:3] is the sub-list for field type_name
+	0, // 0: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig.balance_inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
 }
 
 func init() { file_pbmesh_v1alpha1_connection_proto_init() }
diff --git a/proto-public/pbmesh/v1alpha1/connection.proto b/proto-public/pbmesh/v1alpha1/connection.proto
index 8cae7c1c1099..8a1f4f0e7c57 100644
--- a/proto-public/pbmesh/v1alpha1/connection.proto
+++ b/proto-public/pbmesh/v1alpha1/connection.proto
@@ -5,22 +5,18 @@ syntax = "proto3";
 
 package hashicorp.consul.mesh.v1alpha1;
 
-import "google/protobuf/duration.proto";
-
-// Referenced by ProxyConfiguration
 message ConnectionConfig {
-  google.protobuf.Duration connect_timeout = 1;
-  google.protobuf.Duration request_timeout = 2;
+  uint64 connect_timeout_ms = 2;
+  uint64 request_timeout_ms = 3;
 }
 
-// Referenced by ProxyConfiguration
 message InboundConnectionsConfig {
   uint64 max_inbound_connections = 12;
-  BalanceConnections balance_inbound_connections = 13;
+  BalanceInboundConnections balance_inbound_connections = 13;
 }
 
-enum BalanceConnections {
+enum BalanceInboundConnections {
   // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  BALANCE_CONNECTIONS_DEFAULT = 0;
-  BALANCE_CONNECTIONS_EXACT = 1;
+  BALANCE_INBOUND_CONNECTIONS_DEFAULT = 0;
+  BALANCE_INBOUND_CONNECTIONS_EXACT = 1;
 }
diff --git a/proto-public/pbmesh/v1alpha1/destination_policy.pb.binary.go b/proto-public/pbmesh/v1alpha1/destination_policy.pb.binary.go
deleted file mode 100644
index e77b66710870..000000000000
--- a/proto-public/pbmesh/v1alpha1/destination_policy.pb.binary.go
+++ /dev/null
@@ -1,88 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/destination_policy.proto
-
-package meshv1alpha1
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *DestinationPolicy) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *DestinationPolicy) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *DestinationConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *DestinationConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *LocalityPrioritization) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *LocalityPrioritization) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *LoadBalancer) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *LoadBalancer) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *RingHashConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *RingHashConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *LeastRequestConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *LeastRequestConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HashPolicy) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HashPolicy) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *CookieConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *CookieConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/destination_policy.pb.go b/proto-public/pbmesh/v1alpha1/destination_policy.pb.go
deleted file mode 100644
index 44a3049d5eb2..000000000000
--- a/proto-public/pbmesh/v1alpha1/destination_policy.pb.go
+++ /dev/null
@@ -1,1091 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/destination_policy.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	durationpb "google.golang.org/protobuf/types/known/durationpb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type LocalityPrioritizationMode int32
-
-const (
-	LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED LocalityPrioritizationMode = 0
-	LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_NONE        LocalityPrioritizationMode = 1
-	LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_FAILOVER    LocalityPrioritizationMode = 2
-)
-
-// Enum value maps for LocalityPrioritizationMode.
-var (
-	LocalityPrioritizationMode_name = map[int32]string{
-		0: "LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED",
-		1: "LOCALITY_PRIORITIZATION_MODE_NONE",
-		2: "LOCALITY_PRIORITIZATION_MODE_FAILOVER",
-	}
-	LocalityPrioritizationMode_value = map[string]int32{
-		"LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED": 0,
-		"LOCALITY_PRIORITIZATION_MODE_NONE":        1,
-		"LOCALITY_PRIORITIZATION_MODE_FAILOVER":    2,
-	}
-)
-
-func (x LocalityPrioritizationMode) Enum() *LocalityPrioritizationMode {
-	p := new(LocalityPrioritizationMode)
-	*p = x
-	return p
-}
-
-func (x LocalityPrioritizationMode) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (LocalityPrioritizationMode) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[0].Descriptor()
-}
-
-func (LocalityPrioritizationMode) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[0]
-}
-
-func (x LocalityPrioritizationMode) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use LocalityPrioritizationMode.Descriptor instead.
-func (LocalityPrioritizationMode) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{0}
-}
-
-type LoadBalancerPolicy int32
-
-const (
-	LoadBalancerPolicy_LOAD_BALANCER_POLICY_UNSPECIFIED   LoadBalancerPolicy = 0
-	LoadBalancerPolicy_LOAD_BALANCER_POLICY_RANDOM        LoadBalancerPolicy = 1
-	LoadBalancerPolicy_LOAD_BALANCER_POLICY_ROUND_ROBIN   LoadBalancerPolicy = 2
-	LoadBalancerPolicy_LOAD_BALANCER_POLICY_LEAST_REQUEST LoadBalancerPolicy = 3
-	LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV        LoadBalancerPolicy = 4
-	LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH     LoadBalancerPolicy = 5
-)
-
-// Enum value maps for LoadBalancerPolicy.
-var (
-	LoadBalancerPolicy_name = map[int32]string{
-		0: "LOAD_BALANCER_POLICY_UNSPECIFIED",
-		1: "LOAD_BALANCER_POLICY_RANDOM",
-		2: "LOAD_BALANCER_POLICY_ROUND_ROBIN",
-		3: "LOAD_BALANCER_POLICY_LEAST_REQUEST",
-		4: "LOAD_BALANCER_POLICY_MAGLEV",
-		5: "LOAD_BALANCER_POLICY_RING_HASH",
-	}
-	LoadBalancerPolicy_value = map[string]int32{
-		"LOAD_BALANCER_POLICY_UNSPECIFIED":   0,
-		"LOAD_BALANCER_POLICY_RANDOM":        1,
-		"LOAD_BALANCER_POLICY_ROUND_ROBIN":   2,
-		"LOAD_BALANCER_POLICY_LEAST_REQUEST": 3,
-		"LOAD_BALANCER_POLICY_MAGLEV":        4,
-		"LOAD_BALANCER_POLICY_RING_HASH":     5,
-	}
-)
-
-func (x LoadBalancerPolicy) Enum() *LoadBalancerPolicy {
-	p := new(LoadBalancerPolicy)
-	*p = x
-	return p
-}
-
-func (x LoadBalancerPolicy) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (LoadBalancerPolicy) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[1].Descriptor()
-}
-
-func (LoadBalancerPolicy) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[1]
-}
-
-func (x LoadBalancerPolicy) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use LoadBalancerPolicy.Descriptor instead.
-func (LoadBalancerPolicy) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{1}
-}
-
-type HashPolicyField int32
-
-const (
-	HashPolicyField_HASH_POLICY_FIELD_UNSPECIFIED     HashPolicyField = 0
-	HashPolicyField_HASH_POLICY_FIELD_HEADER          HashPolicyField = 1
-	HashPolicyField_HASH_POLICY_FIELD_COOKIE          HashPolicyField = 2
-	HashPolicyField_HASH_POLICY_FIELD_QUERY_PARAMETER HashPolicyField = 3
-)
-
-// Enum value maps for HashPolicyField.
-var (
-	HashPolicyField_name = map[int32]string{
-		0: "HASH_POLICY_FIELD_UNSPECIFIED",
-		1: "HASH_POLICY_FIELD_HEADER",
-		2: "HASH_POLICY_FIELD_COOKIE",
-		3: "HASH_POLICY_FIELD_QUERY_PARAMETER",
-	}
-	HashPolicyField_value = map[string]int32{
-		"HASH_POLICY_FIELD_UNSPECIFIED":     0,
-		"HASH_POLICY_FIELD_HEADER":          1,
-		"HASH_POLICY_FIELD_COOKIE":          2,
-		"HASH_POLICY_FIELD_QUERY_PARAMETER": 3,
-	}
-)
-
-func (x HashPolicyField) Enum() *HashPolicyField {
-	p := new(HashPolicyField)
-	*p = x
-	return p
-}
-
-func (x HashPolicyField) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (HashPolicyField) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[2].Descriptor()
-}
-
-func (HashPolicyField) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_destination_policy_proto_enumTypes[2]
-}
-
-func (x HashPolicyField) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use HashPolicyField.Descriptor instead.
-func (HashPolicyField) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{2}
-}
-
-// DestinationPolicy is the destination-controlled set of defaults that
-// are used when similar controls defined in an UpstreamConfig are left
-// unspecified.
-//
-// Users may wish to share commonly configured settings for communicating with
-// a service in one place, but yet retain the ability to tweak those on a
-// client-by-client basis, which is why there are separate resources to control
-// the definition of these values from either end of the connection.
-//
-// This is a Resource type.
-type DestinationPolicy struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	PortConfigs map[string]*DestinationConfig `protobuf:"bytes,1,rep,name=port_configs,json=portConfigs,proto3" json:"port_configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-}
-
-func (x *DestinationPolicy) Reset() {
-	*x = DestinationPolicy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *DestinationPolicy) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*DestinationPolicy) ProtoMessage() {}
-
-func (x *DestinationPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use DestinationPolicy.ProtoReflect.Descriptor instead.
-func (*DestinationPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *DestinationPolicy) GetPortConfigs() map[string]*DestinationConfig {
-	if x != nil {
-		return x.PortConfigs
-	}
-	return nil
-}
-
-type DestinationConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// ConnectTimeout is the timeout for establishing new network connections
-	// to this service.
-	ConnectTimeout *durationpb.Duration `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
-	// RequestTimeout is the timeout for an HTTP request to complete before the
-	// connection is automatically terminated. If unspecified, defaults to 15
-	// seconds.
-	RequestTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=request_timeout,json=requestTimeout,proto3" json:"request_timeout,omitempty"`
-	// LoadBalancer determines the load balancing policy and configuration for
-	// services issuing requests to this upstream service.
-	LoadBalancer *LoadBalancer `protobuf:"bytes,3,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"`
-	// LocalityPrioritization controls whether the locality of services within the
-	// local partition will be used to prioritize connectivity.
-	LocalityPrioritization *LocalityPrioritization `protobuf:"bytes,4,opt,name=locality_prioritization,json=localityPrioritization,proto3" json:"locality_prioritization,omitempty"`
-}
-
-func (x *DestinationConfig) Reset() {
-	*x = DestinationConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *DestinationConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*DestinationConfig) ProtoMessage() {}
-
-func (x *DestinationConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use DestinationConfig.ProtoReflect.Descriptor instead.
-func (*DestinationConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *DestinationConfig) GetConnectTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.ConnectTimeout
-	}
-	return nil
-}
-
-func (x *DestinationConfig) GetRequestTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.RequestTimeout
-	}
-	return nil
-}
-
-func (x *DestinationConfig) GetLoadBalancer() *LoadBalancer {
-	if x != nil {
-		return x.LoadBalancer
-	}
-	return nil
-}
-
-func (x *DestinationConfig) GetLocalityPrioritization() *LocalityPrioritization {
-	if x != nil {
-		return x.LocalityPrioritization
-	}
-	return nil
-}
-
-type LocalityPrioritization struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Mode specifies the type of prioritization that will be performed
-	// when selecting nodes in the local partition.
-	// Valid values are: "" (default "none"), "none", and "failover".
-	Mode LocalityPrioritizationMode `protobuf:"varint,1,opt,name=mode,proto3,enum=hashicorp.consul.mesh.v1alpha1.LocalityPrioritizationMode" json:"mode,omitempty"`
-}
-
-func (x *LocalityPrioritization) Reset() {
-	*x = LocalityPrioritization{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LocalityPrioritization) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LocalityPrioritization) ProtoMessage() {}
-
-func (x *LocalityPrioritization) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LocalityPrioritization.ProtoReflect.Descriptor instead.
-func (*LocalityPrioritization) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *LocalityPrioritization) GetMode() LocalityPrioritizationMode {
-	if x != nil {
-		return x.Mode
-	}
-	return LocalityPrioritizationMode_LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED
-}
-
-// LoadBalancer determines the load balancing policy and configuration
-// for services issuing requests to this upstream service.
-type LoadBalancer struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Policy is the load balancing policy used to select a host
-	Policy LoadBalancerPolicy `protobuf:"varint,1,opt,name=policy,proto3,enum=hashicorp.consul.mesh.v1alpha1.LoadBalancerPolicy" json:"policy,omitempty"`
-	// HashPolicies is a list of hash policies to use for hashing load balancing
-	// algorithms. Hash policies are evaluated individually and combined such
-	// that identical lists result in the same hash.
-	//
-	// If no hash policies are present, or none are successfully evaluated,
-	// then a random backend host will be selected.
-	HashPolicies []*HashPolicy `protobuf:"bytes,2,rep,name=hash_policies,json=hashPolicies,proto3" json:"hash_policies,omitempty"`
-	// Types that are assignable to Config:
-	//
-	//	*LoadBalancer_RingHashConfig
-	//	*LoadBalancer_LeastRequestConfig
-	Config isLoadBalancer_Config `protobuf_oneof:"config"`
-}
-
-func (x *LoadBalancer) Reset() {
-	*x = LoadBalancer{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LoadBalancer) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LoadBalancer) ProtoMessage() {}
-
-func (x *LoadBalancer) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LoadBalancer.ProtoReflect.Descriptor instead.
-func (*LoadBalancer) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *LoadBalancer) GetPolicy() LoadBalancerPolicy {
-	if x != nil {
-		return x.Policy
-	}
-	return LoadBalancerPolicy_LOAD_BALANCER_POLICY_UNSPECIFIED
-}
-
-func (x *LoadBalancer) GetHashPolicies() []*HashPolicy {
-	if x != nil {
-		return x.HashPolicies
-	}
-	return nil
-}
-
-func (m *LoadBalancer) GetConfig() isLoadBalancer_Config {
-	if m != nil {
-		return m.Config
-	}
-	return nil
-}
-
-func (x *LoadBalancer) GetRingHashConfig() *RingHashConfig {
-	if x, ok := x.GetConfig().(*LoadBalancer_RingHashConfig); ok {
-		return x.RingHashConfig
-	}
-	return nil
-}
-
-func (x *LoadBalancer) GetLeastRequestConfig() *LeastRequestConfig {
-	if x, ok := x.GetConfig().(*LoadBalancer_LeastRequestConfig); ok {
-		return x.LeastRequestConfig
-	}
-	return nil
-}
-
-type isLoadBalancer_Config interface {
-	isLoadBalancer_Config()
-}
-
-type LoadBalancer_RingHashConfig struct {
-	// RingHashConfig contains configuration for the "ring_hash" policy type
-	RingHashConfig *RingHashConfig `protobuf:"bytes,3,opt,name=ring_hash_config,json=ringHashConfig,proto3,oneof"`
-}
-
-type LoadBalancer_LeastRequestConfig struct {
-	// LeastRequestConfig contains configuration for the "least_request" policy type
-	LeastRequestConfig *LeastRequestConfig `protobuf:"bytes,4,opt,name=least_request_config,json=leastRequestConfig,proto3,oneof"`
-}
-
-func (*LoadBalancer_RingHashConfig) isLoadBalancer_Config() {}
-
-func (*LoadBalancer_LeastRequestConfig) isLoadBalancer_Config() {}
-
-// RingHashConfig contains configuration for the "ring_hash" policy type
-type RingHashConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// MinimumRingSize determines the minimum number of entries in the hash ring
-	MinimumRingSize uint64 `protobuf:"varint,1,opt,name=minimum_ring_size,json=minimumRingSize,proto3" json:"minimum_ring_size,omitempty"`
-	// MaximumRingSize determines the maximum number of entries in the hash ring
-	MaximumRingSize uint64 `protobuf:"varint,2,opt,name=maximum_ring_size,json=maximumRingSize,proto3" json:"maximum_ring_size,omitempty"`
-}
-
-func (x *RingHashConfig) Reset() {
-	*x = RingHashConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RingHashConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RingHashConfig) ProtoMessage() {}
-
-func (x *RingHashConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RingHashConfig.ProtoReflect.Descriptor instead.
-func (*RingHashConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *RingHashConfig) GetMinimumRingSize() uint64 {
-	if x != nil {
-		return x.MinimumRingSize
-	}
-	return 0
-}
-
-func (x *RingHashConfig) GetMaximumRingSize() uint64 {
-	if x != nil {
-		return x.MaximumRingSize
-	}
-	return 0
-}
-
-// LeastRequestConfig contains configuration for the "least_request" policy type
-type LeastRequestConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// ChoiceCount determines the number of random healthy hosts from which to select the one with the least requests.
-	ChoiceCount uint32 `protobuf:"varint,1,opt,name=choice_count,json=choiceCount,proto3" json:"choice_count,omitempty"`
-}
-
-func (x *LeastRequestConfig) Reset() {
-	*x = LeastRequestConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LeastRequestConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LeastRequestConfig) ProtoMessage() {}
-
-func (x *LeastRequestConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LeastRequestConfig.ProtoReflect.Descriptor instead.
-func (*LeastRequestConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *LeastRequestConfig) GetChoiceCount() uint32 {
-	if x != nil {
-		return x.ChoiceCount
-	}
-	return 0
-}
-
-// HashPolicy defines which attributes will be hashed by hash-based LB algorithms
-type HashPolicy struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Field is the attribute type to hash on.
-	// Must be one of "header","cookie", or "query_parameter".
-	// Cannot be specified along with SourceIP.
-	Field HashPolicyField `protobuf:"varint,1,opt,name=field,proto3,enum=hashicorp.consul.mesh.v1alpha1.HashPolicyField" json:"field,omitempty"`
-	// FieldValue is the value to hash.
-	// ie. header name, cookie name, URL query parameter name
-	// Cannot be specified along with SourceIP.
-	FieldValue string `protobuf:"bytes,2,opt,name=field_value,json=fieldValue,proto3" json:"field_value,omitempty"`
-	// CookieConfig contains configuration for the "cookie" hash policy type.
-	CookieConfig *CookieConfig `protobuf:"bytes,3,opt,name=cookie_config,json=cookieConfig,proto3" json:"cookie_config,omitempty"`
-	// SourceIP determines whether the hash should be of the source IP rather than of a field and field value.
-	// Cannot be specified along with Field or FieldValue.
-	SourceIp bool `protobuf:"varint,4,opt,name=source_ip,json=sourceIp,proto3" json:"source_ip,omitempty"`
-	// Terminal will short circuit the computation of the hash when multiple hash policies are present.
-	// If a hash is computed when a Terminal policy is evaluated,
-	// then that hash will be used and subsequent hash policies will be ignored.
-	Terminal bool `protobuf:"varint,5,opt,name=terminal,proto3" json:"terminal,omitempty"`
-}
-
-func (x *HashPolicy) Reset() {
-	*x = HashPolicy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HashPolicy) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HashPolicy) ProtoMessage() {}
-
-func (x *HashPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HashPolicy.ProtoReflect.Descriptor instead.
-func (*HashPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *HashPolicy) GetField() HashPolicyField {
-	if x != nil {
-		return x.Field
-	}
-	return HashPolicyField_HASH_POLICY_FIELD_UNSPECIFIED
-}
-
-func (x *HashPolicy) GetFieldValue() string {
-	if x != nil {
-		return x.FieldValue
-	}
-	return ""
-}
-
-func (x *HashPolicy) GetCookieConfig() *CookieConfig {
-	if x != nil {
-		return x.CookieConfig
-	}
-	return nil
-}
-
-func (x *HashPolicy) GetSourceIp() bool {
-	if x != nil {
-		return x.SourceIp
-	}
-	return false
-}
-
-func (x *HashPolicy) GetTerminal() bool {
-	if x != nil {
-		return x.Terminal
-	}
-	return false
-}
-
-// CookieConfig contains configuration for the "cookie" hash policy type.
-// This is specified to have Envoy generate a cookie for a client on its first request.
-type CookieConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Generates a session cookie with no expiration.
-	Session bool `protobuf:"varint,1,opt,name=session,proto3" json:"session,omitempty"`
-	// TTL for generated cookies. Cannot be specified for session cookies.
-	Ttl *durationpb.Duration `protobuf:"bytes,2,opt,name=ttl,proto3" json:"ttl,omitempty"`
-	// The path to set for the cookie
-	Path string `protobuf:"bytes,3,opt,name=path,proto3" json:"path,omitempty"`
-}
-
-func (x *CookieConfig) Reset() {
-	*x = CookieConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CookieConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CookieConfig) ProtoMessage() {}
-
-func (x *CookieConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CookieConfig.ProtoReflect.Descriptor instead.
-func (*CookieConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *CookieConfig) GetSession() bool {
-	if x != nil {
-		return x.Session
-	}
-	return false
-}
-
-func (x *CookieConfig) GetTtl() *durationpb.Duration {
-	if x != nil {
-		return x.Ttl
-	}
-	return nil
-}
-
-func (x *CookieConfig) GetPath() string {
-	if x != nil {
-		return x.Path
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_destination_policy_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_destination_policy_proto_rawDesc = []byte{
-	0x0a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xed, 0x01, 0x0a, 0x11, 0x44,
-	0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x12, 0x65, 0x0a, 0x0c, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73,
-	0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x70, 0x6f, 0x72, 0x74,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x71, 0x0a, 0x10, 0x50, 0x6f, 0x72, 0x74, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b,
-	0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x47, 0x0a,
-	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65,
-	0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
-	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdf, 0x02, 0x0a, 0x11, 0x44,
-	0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65,
-	0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d,
-	0x65, 0x6f, 0x75, 0x74, 0x12, 0x42, 0x0a, 0x0f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f,
-	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x51, 0x0a, 0x0d, 0x6c, 0x6f, 0x61, 0x64,
-	0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x52, 0x0c, 0x6c,
-	0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x6f, 0x0a, 0x17, 0x6c,
-	0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f,
-	0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x7a, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x16, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x50, 0x72,
-	0x69, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x68, 0x0a, 0x16,
-	0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x50, 0x72,
-	0x69, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65,
-	0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x22, 0xf9, 0x02, 0x0a, 0x0c, 0x4c, 0x6f, 0x61, 0x64, 0x42,
-	0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x4a, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63,
-	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c,
-	0x61, 0x6e, 0x63, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x06, 0x70, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x12, 0x4f, 0x0a, 0x0d, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x70, 0x6f, 0x6c, 0x69,
-	0x63, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68,
-	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0c, 0x68, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x69, 0x65, 0x73, 0x12, 0x5a, 0x0a, 0x10, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73,
-	0x68, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00,
-	0x52, 0x0e, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x12, 0x66, 0x0a, 0x14, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x48, 0x00, 0x52, 0x12, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x08, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x22, 0x68, 0x0a, 0x0e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f,
-	0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52,
-	0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65,
-	0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67,
-	0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x6d, 0x61, 0x78,
-	0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x37, 0x0a, 0x12,
-	0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6f, 0x75,
-	0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x63, 0x68, 0x6f, 0x69, 0x63, 0x65,
-	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x80, 0x02, 0x0a, 0x0a, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x12, 0x45, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x46,
-	0x69, 0x65, 0x6c, 0x64, 0x52, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x66,
-	0x69, 0x65, 0x6c, 0x64, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0a, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x51, 0x0a, 0x0d,
-	0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x52, 0x0c, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
-	0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x1a, 0x0a, 0x08,
-	0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08,
-	0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x69, 0x0a, 0x0c, 0x43, 0x6f, 0x6f, 0x6b,
-	0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x73, 0x73,
-	0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x65, 0x73, 0x73, 0x69,
-	0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x12,
-	0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70,
-	0x61, 0x74, 0x68, 0x2a, 0x9c, 0x01, 0x0a, 0x1a, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79,
-	0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f,
-	0x64, 0x65, 0x12, 0x2c, 0x0a, 0x28, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x50,
-	0x52, 0x49, 0x4f, 0x52, 0x49, 0x54, 0x49, 0x5a, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4d, 0x4f,
-	0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00,
-	0x12, 0x25, 0x0a, 0x21, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x50, 0x52, 0x49,
-	0x4f, 0x52, 0x49, 0x54, 0x49, 0x5a, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4d, 0x4f, 0x44, 0x45,
-	0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x29, 0x0a, 0x25, 0x4c, 0x4f, 0x43, 0x41, 0x4c,
-	0x49, 0x54, 0x59, 0x5f, 0x50, 0x52, 0x49, 0x4f, 0x52, 0x49, 0x54, 0x49, 0x5a, 0x41, 0x54, 0x49,
-	0x4f, 0x4e, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x4f, 0x56, 0x45, 0x52,
-	0x10, 0x02, 0x2a, 0xee, 0x01, 0x0a, 0x12, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e,
-	0x63, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x24, 0x0a, 0x20, 0x4c, 0x4f, 0x41,
-	0x44, 0x5f, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x52, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43,
-	0x59, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
-	0x1f, 0x0a, 0x1b, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x52,
-	0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x52, 0x41, 0x4e, 0x44, 0x4f, 0x4d, 0x10, 0x01,
-	0x12, 0x24, 0x0a, 0x20, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45,
-	0x52, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x52, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x52,
-	0x4f, 0x42, 0x49, 0x4e, 0x10, 0x02, 0x12, 0x26, 0x0a, 0x22, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x42,
-	0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x52, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x4c,
-	0x45, 0x41, 0x53, 0x54, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x03, 0x12, 0x1f,
-	0x0a, 0x1b, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x52, 0x5f,
-	0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x4d, 0x41, 0x47, 0x4c, 0x45, 0x56, 0x10, 0x04, 0x12,
-	0x22, 0x0a, 0x1e, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x52,
-	0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x48, 0x41, 0x53,
-	0x48, 0x10, 0x05, 0x2a, 0x97, 0x01, 0x0a, 0x0f, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x21, 0x0a, 0x1d, 0x48, 0x41, 0x53, 0x48, 0x5f,
-	0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x55, 0x4e, 0x53,
-	0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x41,
-	0x53, 0x48, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f,
-	0x48, 0x45, 0x41, 0x44, 0x45, 0x52, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x41, 0x53, 0x48,
-	0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x43, 0x4f,
-	0x4f, 0x4b, 0x49, 0x45, 0x10, 0x02, 0x12, 0x25, 0x0a, 0x21, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x50,
-	0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x51, 0x55, 0x45, 0x52,
-	0x59, 0x5f, 0x50, 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x10, 0x03, 0x42, 0x9e, 0x02,
-	0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x42, 0x16, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45,
-	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d,
-	0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
-	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a,
-	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47,
-	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a,
-	0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_destination_policy_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_destination_policy_proto_rawDescData = file_pbmesh_v1alpha1_destination_policy_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_destination_policy_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_destination_policy_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_destination_policy_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_destination_policy_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_destination_policy_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_destination_policy_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
-var file_pbmesh_v1alpha1_destination_policy_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
-var file_pbmesh_v1alpha1_destination_policy_proto_goTypes = []interface{}{
-	(LocalityPrioritizationMode)(0), // 0: hashicorp.consul.mesh.v1alpha1.LocalityPrioritizationMode
-	(LoadBalancerPolicy)(0),         // 1: hashicorp.consul.mesh.v1alpha1.LoadBalancerPolicy
-	(HashPolicyField)(0),            // 2: hashicorp.consul.mesh.v1alpha1.HashPolicyField
-	(*DestinationPolicy)(nil),       // 3: hashicorp.consul.mesh.v1alpha1.DestinationPolicy
-	(*DestinationConfig)(nil),       // 4: hashicorp.consul.mesh.v1alpha1.DestinationConfig
-	(*LocalityPrioritization)(nil),  // 5: hashicorp.consul.mesh.v1alpha1.LocalityPrioritization
-	(*LoadBalancer)(nil),            // 6: hashicorp.consul.mesh.v1alpha1.LoadBalancer
-	(*RingHashConfig)(nil),          // 7: hashicorp.consul.mesh.v1alpha1.RingHashConfig
-	(*LeastRequestConfig)(nil),      // 8: hashicorp.consul.mesh.v1alpha1.LeastRequestConfig
-	(*HashPolicy)(nil),              // 9: hashicorp.consul.mesh.v1alpha1.HashPolicy
-	(*CookieConfig)(nil),            // 10: hashicorp.consul.mesh.v1alpha1.CookieConfig
-	nil,                             // 11: hashicorp.consul.mesh.v1alpha1.DestinationPolicy.PortConfigsEntry
-	(*durationpb.Duration)(nil),     // 12: google.protobuf.Duration
-}
-var file_pbmesh_v1alpha1_destination_policy_proto_depIdxs = []int32{
-	11, // 0: hashicorp.consul.mesh.v1alpha1.DestinationPolicy.port_configs:type_name -> hashicorp.consul.mesh.v1alpha1.DestinationPolicy.PortConfigsEntry
-	12, // 1: hashicorp.consul.mesh.v1alpha1.DestinationConfig.connect_timeout:type_name -> google.protobuf.Duration
-	12, // 2: hashicorp.consul.mesh.v1alpha1.DestinationConfig.request_timeout:type_name -> google.protobuf.Duration
-	6,  // 3: hashicorp.consul.mesh.v1alpha1.DestinationConfig.load_balancer:type_name -> hashicorp.consul.mesh.v1alpha1.LoadBalancer
-	5,  // 4: hashicorp.consul.mesh.v1alpha1.DestinationConfig.locality_prioritization:type_name -> hashicorp.consul.mesh.v1alpha1.LocalityPrioritization
-	0,  // 5: hashicorp.consul.mesh.v1alpha1.LocalityPrioritization.mode:type_name -> hashicorp.consul.mesh.v1alpha1.LocalityPrioritizationMode
-	1,  // 6: hashicorp.consul.mesh.v1alpha1.LoadBalancer.policy:type_name -> hashicorp.consul.mesh.v1alpha1.LoadBalancerPolicy
-	9,  // 7: hashicorp.consul.mesh.v1alpha1.LoadBalancer.hash_policies:type_name -> hashicorp.consul.mesh.v1alpha1.HashPolicy
-	7,  // 8: hashicorp.consul.mesh.v1alpha1.LoadBalancer.ring_hash_config:type_name -> hashicorp.consul.mesh.v1alpha1.RingHashConfig
-	8,  // 9: hashicorp.consul.mesh.v1alpha1.LoadBalancer.least_request_config:type_name -> hashicorp.consul.mesh.v1alpha1.LeastRequestConfig
-	2,  // 10: hashicorp.consul.mesh.v1alpha1.HashPolicy.field:type_name -> hashicorp.consul.mesh.v1alpha1.HashPolicyField
-	10, // 11: hashicorp.consul.mesh.v1alpha1.HashPolicy.cookie_config:type_name -> hashicorp.consul.mesh.v1alpha1.CookieConfig
-	12, // 12: hashicorp.consul.mesh.v1alpha1.CookieConfig.ttl:type_name -> google.protobuf.Duration
-	4,  // 13: hashicorp.consul.mesh.v1alpha1.DestinationPolicy.PortConfigsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.DestinationConfig
-	14, // [14:14] is the sub-list for method output_type
-	14, // [14:14] is the sub-list for method input_type
-	14, // [14:14] is the sub-list for extension type_name
-	14, // [14:14] is the sub-list for extension extendee
-	0,  // [0:14] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_destination_policy_proto_init() }
-func file_pbmesh_v1alpha1_destination_policy_proto_init() {
-	if File_pbmesh_v1alpha1_destination_policy_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DestinationPolicy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DestinationConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LocalityPrioritization); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LoadBalancer); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RingHashConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LeastRequestConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HashPolicy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CookieConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_destination_policy_proto_msgTypes[3].OneofWrappers = []interface{}{
-		(*LoadBalancer_RingHashConfig)(nil),
-		(*LoadBalancer_LeastRequestConfig)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_destination_policy_proto_rawDesc,
-			NumEnums:      3,
-			NumMessages:   9,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_destination_policy_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_destination_policy_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_destination_policy_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_destination_policy_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_destination_policy_proto = out.File
-	file_pbmesh_v1alpha1_destination_policy_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_destination_policy_proto_goTypes = nil
-	file_pbmesh_v1alpha1_destination_policy_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/destination_policy.proto b/proto-public/pbmesh/v1alpha1/destination_policy.proto
deleted file mode 100644
index cc03f38d8c05..000000000000
--- a/proto-public/pbmesh/v1alpha1/destination_policy.proto
+++ /dev/null
@@ -1,147 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1;
-
-import "google/protobuf/duration.proto";
-
-// DestinationPolicy is the destination-controlled set of defaults that
-// are used when similar controls defined in an UpstreamConfig are left
-// unspecified.
-//
-// Users may wish to share commonly configured settings for communicating with
-// a service in one place, but yet retain the ability to tweak those on a
-// client-by-client basis, which is why there are separate resources to control
-// the definition of these values from either end of the connection.
-//
-// This is a Resource type.
-message DestinationPolicy {
-  map<string, DestinationConfig> port_configs = 1;
-}
-
-message DestinationConfig {
-  // ConnectTimeout is the timeout for establishing new network connections
-  // to this service.
-  google.protobuf.Duration connect_timeout = 1;
-
-  // RequestTimeout is the timeout for an HTTP request to complete before the
-  // connection is automatically terminated. If unspecified, defaults to 15
-  // seconds.
-  google.protobuf.Duration request_timeout = 2;
-
-  // LoadBalancer determines the load balancing policy and configuration for
-  // services issuing requests to this upstream service.
-  LoadBalancer load_balancer = 3;
-
-  // LocalityPrioritization controls whether the locality of services within the
-  // local partition will be used to prioritize connectivity.
-  LocalityPrioritization locality_prioritization = 4;
-}
-
-message LocalityPrioritization {
-  // Mode specifies the type of prioritization that will be performed
-  // when selecting nodes in the local partition.
-  // Valid values are: "" (default "none"), "none", and "failover".
-  LocalityPrioritizationMode mode = 1;
-}
-
-enum LocalityPrioritizationMode {
-  LOCALITY_PRIORITIZATION_MODE_UNSPECIFIED = 0;
-  LOCALITY_PRIORITIZATION_MODE_NONE = 1;
-  LOCALITY_PRIORITIZATION_MODE_FAILOVER = 2;
-}
-
-// LoadBalancer determines the load balancing policy and configuration
-// for services issuing requests to this upstream service.
-//
-message LoadBalancer {
-  // Policy is the load balancing policy used to select a host
-  LoadBalancerPolicy policy = 1;
-
-  // HashPolicies is a list of hash policies to use for hashing load balancing
-  // algorithms. Hash policies are evaluated individually and combined such
-  // that identical lists result in the same hash.
-  //
-  // If no hash policies are present, or none are successfully evaluated,
-  // then a random backend host will be selected.
-  repeated HashPolicy hash_policies = 2;
-
-  oneof config {
-    // RingHashConfig contains configuration for the "ring_hash" policy type
-    RingHashConfig ring_hash_config = 3;
-
-    // LeastRequestConfig contains configuration for the "least_request" policy type
-    LeastRequestConfig least_request_config = 4;
-  }
-}
-
-enum LoadBalancerPolicy {
-  LOAD_BALANCER_POLICY_UNSPECIFIED = 0;
-  LOAD_BALANCER_POLICY_RANDOM = 1;
-  LOAD_BALANCER_POLICY_ROUND_ROBIN = 2;
-  LOAD_BALANCER_POLICY_LEAST_REQUEST = 3;
-  LOAD_BALANCER_POLICY_MAGLEV = 4;
-  LOAD_BALANCER_POLICY_RING_HASH = 5;
-}
-
-// RingHashConfig contains configuration for the "ring_hash" policy type
-message RingHashConfig {
-  // MinimumRingSize determines the minimum number of entries in the hash ring
-  uint64 minimum_ring_size = 1;
-
-  // MaximumRingSize determines the maximum number of entries in the hash ring
-  uint64 maximum_ring_size = 2;
-}
-
-// LeastRequestConfig contains configuration for the "least_request" policy type
-message LeastRequestConfig {
-  // ChoiceCount determines the number of random healthy hosts from which to select the one with the least requests.
-  uint32 choice_count = 1;
-}
-
-// HashPolicy defines which attributes will be hashed by hash-based LB algorithms
-message HashPolicy {
-  // Field is the attribute type to hash on.
-  // Must be one of "header","cookie", or "query_parameter".
-  // Cannot be specified along with SourceIP.
-  HashPolicyField field = 1;
-
-  // FieldValue is the value to hash.
-  // ie. header name, cookie name, URL query parameter name
-  // Cannot be specified along with SourceIP.
-  string field_value = 2;
-
-  // CookieConfig contains configuration for the "cookie" hash policy type.
-  CookieConfig cookie_config = 3;
-
-  // SourceIP determines whether the hash should be of the source IP rather than of a field and field value.
-  // Cannot be specified along with Field or FieldValue.
-  bool source_ip = 4;
-
-  // Terminal will short circuit the computation of the hash when multiple hash policies are present.
-  // If a hash is computed when a Terminal policy is evaluated,
-  // then that hash will be used and subsequent hash policies will be ignored.
-  bool terminal = 5;
-}
-
-enum HashPolicyField {
-  HASH_POLICY_FIELD_UNSPECIFIED = 0;
-  HASH_POLICY_FIELD_HEADER = 1;
-  HASH_POLICY_FIELD_COOKIE = 2;
-  HASH_POLICY_FIELD_QUERY_PARAMETER = 3;
-}
-
-// CookieConfig contains configuration for the "cookie" hash policy type.
-// This is specified to have Envoy generate a cookie for a client on its first request.
-message CookieConfig {
-  // Generates a session cookie with no expiration.
-  bool session = 1;
-
-  // TTL for generated cookies. Cannot be specified for session cookies.
-  google.protobuf.Duration ttl = 2;
-
-  // The path to set for the cookie
-  string path = 3;
-}
diff --git a/proto-public/pbmesh/v1alpha1/grpc_route.pb.binary.go b/proto-public/pbmesh/v1alpha1/grpc_route.pb.binary.go
deleted file mode 100644
index 40efa6110d0b..000000000000
--- a/proto-public/pbmesh/v1alpha1/grpc_route.pb.binary.go
+++ /dev/null
@@ -1,78 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/grpc_route.proto
-
-package meshv1alpha1
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *GRPCRoute) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *GRPCRoute) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *GRPCRouteRule) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *GRPCRouteRule) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *GRPCRouteMatch) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *GRPCRouteMatch) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *GRPCMethodMatch) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *GRPCMethodMatch) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *GRPCHeaderMatch) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *GRPCHeaderMatch) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *GRPCRouteFilter) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *GRPCRouteFilter) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *GRPCBackendRef) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *GRPCBackendRef) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/grpc_route.pb.go b/proto-public/pbmesh/v1alpha1/grpc_route.pb.go
deleted file mode 100644
index 2f25aae654e7..000000000000
--- a/proto-public/pbmesh/v1alpha1/grpc_route.pb.go
+++ /dev/null
@@ -1,887 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/grpc_route.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type GRPCMethodMatchType int32
-
-const (
-	GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_UNSPECIFIED GRPCMethodMatchType = 0
-	GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT       GRPCMethodMatchType = 1
-	GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_REGEX       GRPCMethodMatchType = 2
-)
-
-// Enum value maps for GRPCMethodMatchType.
-var (
-	GRPCMethodMatchType_name = map[int32]string{
-		0: "GRPC_METHOD_MATCH_TYPE_UNSPECIFIED",
-		1: "GRPC_METHOD_MATCH_TYPE_EXACT",
-		2: "GRPC_METHOD_MATCH_TYPE_REGEX",
-	}
-	GRPCMethodMatchType_value = map[string]int32{
-		"GRPC_METHOD_MATCH_TYPE_UNSPECIFIED": 0,
-		"GRPC_METHOD_MATCH_TYPE_EXACT":       1,
-		"GRPC_METHOD_MATCH_TYPE_REGEX":       2,
-	}
-)
-
-func (x GRPCMethodMatchType) Enum() *GRPCMethodMatchType {
-	p := new(GRPCMethodMatchType)
-	*p = x
-	return p
-}
-
-func (x GRPCMethodMatchType) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (GRPCMethodMatchType) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_grpc_route_proto_enumTypes[0].Descriptor()
-}
-
-func (GRPCMethodMatchType) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_grpc_route_proto_enumTypes[0]
-}
-
-func (x GRPCMethodMatchType) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use GRPCMethodMatchType.Descriptor instead.
-func (GRPCMethodMatchType) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{0}
-}
-
-// NOTE: this should align to the GAMMA/gateway-api version, or at least be
-// easily translatable.
-//
-// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.GRPCRoute
-//
-// This is a Resource type.
-type GRPCRoute struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// ParentRefs references the resources (usually Gateways) that a Route wants
-	// to be attached to. Note that the referenced parent resource needs to allow
-	// this for the attachment to be complete. For Gateways, that means the
-	// Gateway needs to allow attachment from Routes of this kind and namespace.
-	//
-	// It is invalid to reference an identical parent more than once. It is valid
-	// to reference multiple distinct sections within the same parent resource,
-	// such as 2 Listeners within a Gateway.
-	ParentRefs []*ParentReference `protobuf:"bytes,1,rep,name=parent_refs,json=parentRefs,proto3" json:"parent_refs,omitempty"`
-	Hostnames  []string           `protobuf:"bytes,2,rep,name=hostnames,proto3" json:"hostnames,omitempty"`
-	// Rules are a list of GRPC matchers, filters and actions.
-	Rules []*GRPCRouteRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
-}
-
-func (x *GRPCRoute) Reset() {
-	*x = GRPCRoute{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GRPCRoute) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GRPCRoute) ProtoMessage() {}
-
-func (x *GRPCRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GRPCRoute.ProtoReflect.Descriptor instead.
-func (*GRPCRoute) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *GRPCRoute) GetParentRefs() []*ParentReference {
-	if x != nil {
-		return x.ParentRefs
-	}
-	return nil
-}
-
-func (x *GRPCRoute) GetHostnames() []string {
-	if x != nil {
-		return x.Hostnames
-	}
-	return nil
-}
-
-func (x *GRPCRoute) GetRules() []*GRPCRouteRule {
-	if x != nil {
-		return x.Rules
-	}
-	return nil
-}
-
-type GRPCRouteRule struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Matches     []*GRPCRouteMatch  `protobuf:"bytes,1,rep,name=matches,proto3" json:"matches,omitempty"`
-	Filters     []*GRPCRouteFilter `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"`
-	BackendRefs []*GRPCBackendRef  `protobuf:"bytes,3,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
-	// ALTERNATIVE: Timeouts defines the timeouts that can be configured for an HTTP request.
-	Timeouts *HTTPRouteTimeouts `protobuf:"bytes,4,opt,name=timeouts,proto3" json:"timeouts,omitempty"`
-	// ALTERNATIVE:
-	Retries *HTTPRouteRetries `protobuf:"bytes,5,opt,name=retries,proto3" json:"retries,omitempty"`
-}
-
-func (x *GRPCRouteRule) Reset() {
-	*x = GRPCRouteRule{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GRPCRouteRule) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GRPCRouteRule) ProtoMessage() {}
-
-func (x *GRPCRouteRule) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GRPCRouteRule.ProtoReflect.Descriptor instead.
-func (*GRPCRouteRule) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *GRPCRouteRule) GetMatches() []*GRPCRouteMatch {
-	if x != nil {
-		return x.Matches
-	}
-	return nil
-}
-
-func (x *GRPCRouteRule) GetFilters() []*GRPCRouteFilter {
-	if x != nil {
-		return x.Filters
-	}
-	return nil
-}
-
-func (x *GRPCRouteRule) GetBackendRefs() []*GRPCBackendRef {
-	if x != nil {
-		return x.BackendRefs
-	}
-	return nil
-}
-
-func (x *GRPCRouteRule) GetTimeouts() *HTTPRouteTimeouts {
-	if x != nil {
-		return x.Timeouts
-	}
-	return nil
-}
-
-func (x *GRPCRouteRule) GetRetries() *HTTPRouteRetries {
-	if x != nil {
-		return x.Retries
-	}
-	return nil
-}
-
-type GRPCRouteMatch struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Method specifies a gRPC request service/method matcher. If this field is
-	// not specified, all services and methods will match.
-	Method *GRPCMethodMatch `protobuf:"bytes,1,opt,name=method,proto3" json:"method,omitempty"`
-	// Headers specifies gRPC request header matchers. Multiple match values are
-	// ANDed together, meaning, a request MUST match all the specified headers to
-	// select the route.
-	Headers []*GRPCHeaderMatch `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
-}
-
-func (x *GRPCRouteMatch) Reset() {
-	*x = GRPCRouteMatch{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GRPCRouteMatch) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GRPCRouteMatch) ProtoMessage() {}
-
-func (x *GRPCRouteMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GRPCRouteMatch.ProtoReflect.Descriptor instead.
-func (*GRPCRouteMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *GRPCRouteMatch) GetMethod() *GRPCMethodMatch {
-	if x != nil {
-		return x.Method
-	}
-	return nil
-}
-
-func (x *GRPCRouteMatch) GetHeaders() []*GRPCHeaderMatch {
-	if x != nil {
-		return x.Headers
-	}
-	return nil
-}
-
-type GRPCMethodMatch struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Type specifies how to match against the service and/or method. Support:
-	// Core (Exact with service and method specified)
-	Type GRPCMethodMatchType `protobuf:"varint,1,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.GRPCMethodMatchType" json:"type,omitempty"`
-	// Value of the service to match against. If left empty or omitted, will
-	// match any service.
-	//
-	// At least one of Service and Method MUST be a non-empty string.
-	Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"`
-	// Value of the method to match against. If left empty or omitted, will match
-	// all services.
-	//
-	// At least one of Service and Method MUST be a non-empty string.}
-	Method string `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"`
-}
-
-func (x *GRPCMethodMatch) Reset() {
-	*x = GRPCMethodMatch{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GRPCMethodMatch) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GRPCMethodMatch) ProtoMessage() {}
-
-func (x *GRPCMethodMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GRPCMethodMatch.ProtoReflect.Descriptor instead.
-func (*GRPCMethodMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *GRPCMethodMatch) GetType() GRPCMethodMatchType {
-	if x != nil {
-		return x.Type
-	}
-	return GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_UNSPECIFIED
-}
-
-func (x *GRPCMethodMatch) GetService() string {
-	if x != nil {
-		return x.Service
-	}
-	return ""
-}
-
-func (x *GRPCMethodMatch) GetMethod() string {
-	if x != nil {
-		return x.Method
-	}
-	return ""
-}
-
-type GRPCHeaderMatch struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Type  HeaderMatchType `protobuf:"varint,1,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.HeaderMatchType" json:"type,omitempty"`
-	Name  string          `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
-	Value string          `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
-}
-
-func (x *GRPCHeaderMatch) Reset() {
-	*x = GRPCHeaderMatch{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GRPCHeaderMatch) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GRPCHeaderMatch) ProtoMessage() {}
-
-func (x *GRPCHeaderMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GRPCHeaderMatch.ProtoReflect.Descriptor instead.
-func (*GRPCHeaderMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *GRPCHeaderMatch) GetType() HeaderMatchType {
-	if x != nil {
-		return x.Type
-	}
-	return HeaderMatchType_HEADER_MATCH_TYPE_UNSPECIFIED
-}
-
-func (x *GRPCHeaderMatch) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *GRPCHeaderMatch) GetValue() string {
-	if x != nil {
-		return x.Value
-	}
-	return ""
-}
-
-type GRPCRouteFilter struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// RequestHeaderModifier defines a schema for a filter that modifies request
-	// headers.
-	RequestHeaderModifier *HTTPHeaderFilter `protobuf:"bytes,1,opt,name=request_header_modifier,json=requestHeaderModifier,proto3" json:"request_header_modifier,omitempty"`
-	// ResponseHeaderModifier defines a schema for a filter that modifies
-	// response headers.
-	ResponseHeaderModifier *HTTPHeaderFilter `protobuf:"bytes,2,opt,name=response_header_modifier,json=responseHeaderModifier,proto3" json:"response_header_modifier,omitempty"`
-	// URLRewrite defines a schema for a filter that modifies a request during
-	// forwarding.
-	UrlRewrite *HTTPURLRewriteFilter `protobuf:"bytes,5,opt,name=url_rewrite,json=urlRewrite,proto3" json:"url_rewrite,omitempty"`
-}
-
-func (x *GRPCRouteFilter) Reset() {
-	*x = GRPCRouteFilter{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GRPCRouteFilter) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GRPCRouteFilter) ProtoMessage() {}
-
-func (x *GRPCRouteFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GRPCRouteFilter.ProtoReflect.Descriptor instead.
-func (*GRPCRouteFilter) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *GRPCRouteFilter) GetRequestHeaderModifier() *HTTPHeaderFilter {
-	if x != nil {
-		return x.RequestHeaderModifier
-	}
-	return nil
-}
-
-func (x *GRPCRouteFilter) GetResponseHeaderModifier() *HTTPHeaderFilter {
-	if x != nil {
-		return x.ResponseHeaderModifier
-	}
-	return nil
-}
-
-func (x *GRPCRouteFilter) GetUrlRewrite() *HTTPURLRewriteFilter {
-	if x != nil {
-		return x.UrlRewrite
-	}
-	return nil
-}
-
-type GRPCBackendRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	BackendRef *BackendReference `protobuf:"bytes,1,opt,name=backend_ref,json=backendRef,proto3" json:"backend_ref,omitempty"`
-	// Weight specifies the proportion of requests forwarded to the referenced
-	// backend. This is computed as weight/(sum of all weights in this
-	// BackendRefs list). For non-zero values, there may be some epsilon from the
-	// exact proportion defined here depending on the precision an implementation
-	// supports. Weight is not a percentage and the sum of weights does not need
-	// to equal 100.
-	//
-	// If only one backend is specified and it has a weight greater than 0, 100%
-	// of the traffic is forwarded to that backend. If weight is set to 0, no
-	// traffic should be forwarded for this entry. If unspecified, weight defaults
-	// to 1.
-	Weight uint32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
-	// Filters defined at this level should be executed if and only if the
-	// request is being forwarded to the backend defined here.
-	Filters []*GRPCRouteFilter `protobuf:"bytes,3,rep,name=filters,proto3" json:"filters,omitempty"`
-}
-
-func (x *GRPCBackendRef) Reset() {
-	*x = GRPCBackendRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GRPCBackendRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GRPCBackendRef) ProtoMessage() {}
-
-func (x *GRPCBackendRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GRPCBackendRef.ProtoReflect.Descriptor instead.
-func (*GRPCBackendRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *GRPCBackendRef) GetBackendRef() *BackendReference {
-	if x != nil {
-		return x.BackendRef
-	}
-	return nil
-}
-
-func (x *GRPCBackendRef) GetWeight() uint32 {
-	if x != nil {
-		return x.Weight
-	}
-	return 0
-}
-
-func (x *GRPCBackendRef) GetFilters() []*GRPCRouteFilter {
-	if x != nil {
-		return x.Filters
-	}
-	return nil
-}
-
-var File_pbmesh_v1alpha1_grpc_route_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_grpc_route_proto_rawDesc = []byte{
-	0x0a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x1a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x1a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x1a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x72,
-	0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, 0x70, 0x62,
-	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x68, 0x74,
-	0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
-	0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc0, 0x01, 0x0a, 0x09, 0x47, 0x52, 0x50, 0x43,
-	0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x50, 0x0a, 0x0b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f,
-	0x72, 0x65, 0x66, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65,
-	0x6e, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x72,
-	0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x6e,
-	0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x68, 0x6f, 0x73, 0x74,
-	0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x43, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52,
-	0x75, 0x6c, 0x65, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x22, 0x92, 0x03, 0x0a, 0x0d, 0x47,
-	0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x48, 0x0a, 0x07,
-	0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47,
-	0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x6d,
-	0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72,
-	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72,
-	0x73, 0x12, 0x51, 0x0a, 0x0c, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66,
-	0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x42, 0x61, 0x63,
-	0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64,
-	0x52, 0x65, 0x66, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74,
-	0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x52, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x6f,
-	0x75, 0x74, 0x73, 0x12, 0x4a, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52,
-	0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x22,
-	0xa4, 0x01, 0x0a, 0x0e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x12, 0x47, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x49, 0x0a, 0x07, 0x68,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52,
-	0x50, 0x43, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x68,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x8c, 0x01, 0x0a, 0x0f, 0x47, 0x52, 0x50, 0x43, 0x4d,
-	0x65, 0x74, 0x68, 0x6f, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x47, 0x0a, 0x04, 0x74, 0x79,
-	0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74,
-	0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x16, 0x0a,
-	0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d,
-	0x65, 0x74, 0x68, 0x6f, 0x64, 0x22, 0x80, 0x01, 0x0a, 0x0f, 0x47, 0x52, 0x50, 0x43, 0x48, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x43, 0x0a, 0x04, 0x74, 0x79, 0x70,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12,
-	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xbe, 0x02, 0x0a, 0x0f, 0x47, 0x52, 0x50,
-	0x43, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x68, 0x0a, 0x17,
-	0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d,
-	0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48,
-	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52,
-	0x15, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f,
-	0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x6a, 0x0a, 0x18, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x6f, 0x64, 0x69, 0x66, 0x69,
-	0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x16, 0x72, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69,
-	0x65, 0x72, 0x12, 0x55, 0x0a, 0x0b, 0x75, 0x72, 0x6c, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74,
-	0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x55, 0x52, 0x4c,
-	0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0a, 0x75,
-	0x72, 0x6c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0xc6, 0x01, 0x0a, 0x0e, 0x47, 0x52,
-	0x50, 0x43, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12, 0x51, 0x0a, 0x0b,
-	0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65,
-	0x6e, 0x63, 0x65, 0x52, 0x0a, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12,
-	0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52,
-	0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65,
-	0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x6f,
-	0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65,
-	0x72, 0x73, 0x2a, 0x81, 0x01, 0x0a, 0x13, 0x47, 0x52, 0x50, 0x43, 0x4d, 0x65, 0x74, 0x68, 0x6f,
-	0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x26, 0x0a, 0x22, 0x47, 0x52,
-	0x50, 0x43, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f,
-	0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
-	0x10, 0x00, 0x12, 0x20, 0x0a, 0x1c, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f,
-	0x44, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x41,
-	0x43, 0x54, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x4d, 0x45, 0x54,
-	0x48, 0x4f, 0x44, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52,
-	0x45, 0x47, 0x45, 0x58, 0x10, 0x02, 0x42, 0x96, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0e, 0x47,
-	0x72, 0x70, 0x63, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
-	0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68,
-	0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e,
-	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02,
-	0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c,
-	0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a,
-	0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62,
-	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_grpc_route_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_grpc_route_proto_rawDescData = file_pbmesh_v1alpha1_grpc_route_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_grpc_route_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_grpc_route_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_grpc_route_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_grpc_route_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_grpc_route_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_grpc_route_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbmesh_v1alpha1_grpc_route_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
-var file_pbmesh_v1alpha1_grpc_route_proto_goTypes = []interface{}{
-	(GRPCMethodMatchType)(0),     // 0: hashicorp.consul.mesh.v1alpha1.GRPCMethodMatchType
-	(*GRPCRoute)(nil),            // 1: hashicorp.consul.mesh.v1alpha1.GRPCRoute
-	(*GRPCRouteRule)(nil),        // 2: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule
-	(*GRPCRouteMatch)(nil),       // 3: hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch
-	(*GRPCMethodMatch)(nil),      // 4: hashicorp.consul.mesh.v1alpha1.GRPCMethodMatch
-	(*GRPCHeaderMatch)(nil),      // 5: hashicorp.consul.mesh.v1alpha1.GRPCHeaderMatch
-	(*GRPCRouteFilter)(nil),      // 6: hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
-	(*GRPCBackendRef)(nil),       // 7: hashicorp.consul.mesh.v1alpha1.GRPCBackendRef
-	(*ParentReference)(nil),      // 8: hashicorp.consul.mesh.v1alpha1.ParentReference
-	(*HTTPRouteTimeouts)(nil),    // 9: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
-	(*HTTPRouteRetries)(nil),     // 10: hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
-	(HeaderMatchType)(0),         // 11: hashicorp.consul.mesh.v1alpha1.HeaderMatchType
-	(*HTTPHeaderFilter)(nil),     // 12: hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
-	(*HTTPURLRewriteFilter)(nil), // 13: hashicorp.consul.mesh.v1alpha1.HTTPURLRewriteFilter
-	(*BackendReference)(nil),     // 14: hashicorp.consul.mesh.v1alpha1.BackendReference
-}
-var file_pbmesh_v1alpha1_grpc_route_proto_depIdxs = []int32{
-	8,  // 0: hashicorp.consul.mesh.v1alpha1.GRPCRoute.parent_refs:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
-	2,  // 1: hashicorp.consul.mesh.v1alpha1.GRPCRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteRule
-	3,  // 2: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule.matches:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch
-	6,  // 3: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule.filters:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
-	7,  // 4: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCBackendRef
-	9,  // 5: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule.timeouts:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
-	10, // 6: hashicorp.consul.mesh.v1alpha1.GRPCRouteRule.retries:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
-	4,  // 7: hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch.method:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCMethodMatch
-	5,  // 8: hashicorp.consul.mesh.v1alpha1.GRPCRouteMatch.headers:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCHeaderMatch
-	0,  // 9: hashicorp.consul.mesh.v1alpha1.GRPCMethodMatch.type:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCMethodMatchType
-	11, // 10: hashicorp.consul.mesh.v1alpha1.GRPCHeaderMatch.type:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMatchType
-	12, // 11: hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter.request_header_modifier:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
-	12, // 12: hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter.response_header_modifier:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
-	13, // 13: hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter.url_rewrite:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPURLRewriteFilter
-	14, // 14: hashicorp.consul.mesh.v1alpha1.GRPCBackendRef.backend_ref:type_name -> hashicorp.consul.mesh.v1alpha1.BackendReference
-	6,  // 15: hashicorp.consul.mesh.v1alpha1.GRPCBackendRef.filters:type_name -> hashicorp.consul.mesh.v1alpha1.GRPCRouteFilter
-	16, // [16:16] is the sub-list for method output_type
-	16, // [16:16] is the sub-list for method input_type
-	16, // [16:16] is the sub-list for extension type_name
-	16, // [16:16] is the sub-list for extension extendee
-	0,  // [0:16] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_grpc_route_proto_init() }
-func file_pbmesh_v1alpha1_grpc_route_proto_init() {
-	if File_pbmesh_v1alpha1_grpc_route_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_common_proto_init()
-	file_pbmesh_v1alpha1_http_route_proto_init()
-	file_pbmesh_v1alpha1_http_route_retries_proto_init()
-	file_pbmesh_v1alpha1_http_route_timeouts_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GRPCRoute); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GRPCRouteRule); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GRPCRouteMatch); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GRPCMethodMatch); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GRPCHeaderMatch); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GRPCRouteFilter); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_grpc_route_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GRPCBackendRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_grpc_route_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   7,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_grpc_route_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_grpc_route_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_grpc_route_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_grpc_route_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_grpc_route_proto = out.File
-	file_pbmesh_v1alpha1_grpc_route_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_grpc_route_proto_goTypes = nil
-	file_pbmesh_v1alpha1_grpc_route_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/grpc_route.proto b/proto-public/pbmesh/v1alpha1/grpc_route.proto
deleted file mode 100644
index ce4ca4d917ca..000000000000
--- a/proto-public/pbmesh/v1alpha1/grpc_route.proto
+++ /dev/null
@@ -1,121 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1;
-
-import "pbmesh/v1alpha1/common.proto";
-import "pbmesh/v1alpha1/http_route.proto";
-import "pbmesh/v1alpha1/http_route_retries.proto";
-import "pbmesh/v1alpha1/http_route_timeouts.proto";
-
-// NOTE: this should align to the GAMMA/gateway-api version, or at least be
-// easily translatable.
-//
-// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.GRPCRoute
-//
-// This is a Resource type.
-message GRPCRoute {
-  // ParentRefs references the resources (usually Gateways) that a Route wants
-  // to be attached to. Note that the referenced parent resource needs to allow
-  // this for the attachment to be complete. For Gateways, that means the
-  // Gateway needs to allow attachment from Routes of this kind and namespace.
-  //
-  // It is invalid to reference an identical parent more than once. It is valid
-  // to reference multiple distinct sections within the same parent resource,
-  // such as 2 Listeners within a Gateway.
-  repeated ParentReference parent_refs = 1;
-
-  repeated string hostnames = 2;
-
-  // Rules are a list of GRPC matchers, filters and actions.
-  repeated GRPCRouteRule rules = 3;
-}
-
-message GRPCRouteRule {
-  repeated GRPCRouteMatch matches = 1;
-  repeated GRPCRouteFilter filters = 2;
-  repeated GRPCBackendRef backend_refs = 3;
-
-  // ALTERNATIVE: Timeouts defines the timeouts that can be configured for an HTTP request.
-  HTTPRouteTimeouts timeouts = 4;
-  // ALTERNATIVE:
-  HTTPRouteRetries retries = 5;
-}
-
-message GRPCRouteMatch {
-  // Method specifies a gRPC request service/method matcher. If this field is
-  // not specified, all services and methods will match.
-  GRPCMethodMatch method = 1;
-
-  // Headers specifies gRPC request header matchers. Multiple match values are
-  // ANDed together, meaning, a request MUST match all the specified headers to
-  // select the route.
-  repeated GRPCHeaderMatch headers = 2;
-}
-
-message GRPCMethodMatch {
-  // Type specifies how to match against the service and/or method. Support:
-  // Core (Exact with service and method specified)
-  GRPCMethodMatchType type = 1;
-
-  // Value of the service to match against. If left empty or omitted, will
-  // match any service.
-  //
-  // At least one of Service and Method MUST be a non-empty string.
-  string service = 2;
-
-  // Value of the method to match against. If left empty or omitted, will match
-  // all services.
-  //
-  // At least one of Service and Method MUST be a non-empty string.}
-  string method = 3;
-}
-
-enum GRPCMethodMatchType {
-  GRPC_METHOD_MATCH_TYPE_UNSPECIFIED = 0;
-  GRPC_METHOD_MATCH_TYPE_EXACT = 1;
-  GRPC_METHOD_MATCH_TYPE_REGEX = 2;
-}
-
-message GRPCHeaderMatch {
-  HeaderMatchType type = 1;
-  string name = 2;
-  string value = 3;
-}
-
-message GRPCRouteFilter {
-  // RequestHeaderModifier defines a schema for a filter that modifies request
-  // headers.
-  HTTPHeaderFilter request_header_modifier = 1;
-
-  // ResponseHeaderModifier defines a schema for a filter that modifies
-  // response headers.
-  HTTPHeaderFilter response_header_modifier = 2;
-
-  // URLRewrite defines a schema for a filter that modifies a request during
-  // forwarding.
-  HTTPURLRewriteFilter url_rewrite = 5;
-}
-
-message GRPCBackendRef {
-  BackendReference backend_ref = 1;
-
-  // Weight specifies the proportion of requests forwarded to the referenced
-  // backend. This is computed as weight/(sum of all weights in this
-  // BackendRefs list). For non-zero values, there may be some epsilon from the
-  // exact proportion defined here depending on the precision an implementation
-  // supports. Weight is not a percentage and the sum of weights does not need
-  // to equal 100.
-  //
-  //If only one backend is specified and it has a weight greater than 0, 100%
-  //of the traffic is forwarded to that backend. If weight is set to 0, no
-  //traffic should be forwarded for this entry. If unspecified, weight defaults
-  //to 1.
-  uint32 weight = 2;
-
-  // Filters defined at this level should be executed if and only if the
-  // request is being forwarded to the backend defined here.
-  repeated GRPCRouteFilter filters = 3;
-}
diff --git a/proto-public/pbmesh/v1alpha1/http_route.pb.binary.go b/proto-public/pbmesh/v1alpha1/http_route.pb.binary.go
deleted file mode 100644
index 81b3901a5bd9..000000000000
--- a/proto-public/pbmesh/v1alpha1/http_route.pb.binary.go
+++ /dev/null
@@ -1,118 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/http_route.proto
-
-package meshv1alpha1
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPRoute) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPRoute) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPRouteRule) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPRouteRule) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPRouteMatch) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPRouteMatch) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPPathMatch) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPPathMatch) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPHeaderMatch) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPHeaderMatch) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPQueryParamMatch) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPQueryParamMatch) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPRouteFilter) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPRouteFilter) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPHeaderFilter) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPHeaderFilter) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPHeader) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPHeader) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPURLRewriteFilter) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPURLRewriteFilter) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPBackendRef) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPBackendRef) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/http_route.pb.go b/proto-public/pbmesh/v1alpha1/http_route.pb.go
deleted file mode 100644
index f69b84f22656..000000000000
--- a/proto-public/pbmesh/v1alpha1/http_route.pb.go
+++ /dev/null
@@ -1,1441 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/http_route.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// PathMatchType specifies the semantics of how HTTP paths should be compared.
-// Valid PathMatchType values, along with their support levels, are:
-//
-// PathPrefix and Exact paths must be syntactically valid:
-//
-// - Must begin with the / character
-// - Must not contain consecutive / characters (e.g. /foo///, //).
-// - Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash.
-//
-// Unknown values here must result in the implementation setting the Accepted
-// Condition for the Route to status: False, with a Reason of UnsupportedValue.
-type PathMatchType int32
-
-const (
-	PathMatchType_PATH_MATCH_TYPE_UNSPECIFIED PathMatchType = 0
-	PathMatchType_PATH_MATCH_TYPE_EXACT       PathMatchType = 1
-	PathMatchType_PATH_MATCH_TYPE_PREFIX      PathMatchType = 2
-	PathMatchType_PATH_MATCH_TYPE_REGEX       PathMatchType = 3
-)
-
-// Enum value maps for PathMatchType.
-var (
-	PathMatchType_name = map[int32]string{
-		0: "PATH_MATCH_TYPE_UNSPECIFIED",
-		1: "PATH_MATCH_TYPE_EXACT",
-		2: "PATH_MATCH_TYPE_PREFIX",
-		3: "PATH_MATCH_TYPE_REGEX",
-	}
-	PathMatchType_value = map[string]int32{
-		"PATH_MATCH_TYPE_UNSPECIFIED": 0,
-		"PATH_MATCH_TYPE_EXACT":       1,
-		"PATH_MATCH_TYPE_PREFIX":      2,
-		"PATH_MATCH_TYPE_REGEX":       3,
-	}
-)
-
-func (x PathMatchType) Enum() *PathMatchType {
-	p := new(PathMatchType)
-	*p = x
-	return p
-}
-
-func (x PathMatchType) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (PathMatchType) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_http_route_proto_enumTypes[0].Descriptor()
-}
-
-func (PathMatchType) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_http_route_proto_enumTypes[0]
-}
-
-func (x PathMatchType) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use PathMatchType.Descriptor instead.
-func (PathMatchType) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{0}
-}
-
-// HeaderMatchType specifies the semantics of how HTTP header values should be
-// compared. Valid HeaderMatchType values, along with their conformance levels,
-// are:
-//
-// Note that values may be added to this enum, implementations must ensure that
-// unknown values will not cause a crash.
-//
-// Unknown values here must result in the implementation setting the Accepted
-// Condition for the Route to status: False, with a Reason of UnsupportedValue.
-type HeaderMatchType int32
-
-const (
-	HeaderMatchType_HEADER_MATCH_TYPE_UNSPECIFIED HeaderMatchType = 0
-	HeaderMatchType_HEADER_MATCH_TYPE_EXACT       HeaderMatchType = 1
-	HeaderMatchType_HEADER_MATCH_TYPE_REGEX       HeaderMatchType = 2
-	// consul only after this point (service-router compat)
-	HeaderMatchType_HEADER_MATCH_TYPE_PRESENT HeaderMatchType = 3
-	HeaderMatchType_HEADER_MATCH_TYPE_PREFIX  HeaderMatchType = 4
-	HeaderMatchType_HEADER_MATCH_TYPE_SUFFIX  HeaderMatchType = 5
-)
-
-// Enum value maps for HeaderMatchType.
-var (
-	HeaderMatchType_name = map[int32]string{
-		0: "HEADER_MATCH_TYPE_UNSPECIFIED",
-		1: "HEADER_MATCH_TYPE_EXACT",
-		2: "HEADER_MATCH_TYPE_REGEX",
-		3: "HEADER_MATCH_TYPE_PRESENT",
-		4: "HEADER_MATCH_TYPE_PREFIX",
-		5: "HEADER_MATCH_TYPE_SUFFIX",
-	}
-	HeaderMatchType_value = map[string]int32{
-		"HEADER_MATCH_TYPE_UNSPECIFIED": 0,
-		"HEADER_MATCH_TYPE_EXACT":       1,
-		"HEADER_MATCH_TYPE_REGEX":       2,
-		"HEADER_MATCH_TYPE_PRESENT":     3,
-		"HEADER_MATCH_TYPE_PREFIX":      4,
-		"HEADER_MATCH_TYPE_SUFFIX":      5,
-	}
-)
-
-func (x HeaderMatchType) Enum() *HeaderMatchType {
-	p := new(HeaderMatchType)
-	*p = x
-	return p
-}
-
-func (x HeaderMatchType) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (HeaderMatchType) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_http_route_proto_enumTypes[1].Descriptor()
-}
-
-func (HeaderMatchType) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_http_route_proto_enumTypes[1]
-}
-
-func (x HeaderMatchType) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use HeaderMatchType.Descriptor instead.
-func (HeaderMatchType) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{1}
-}
-
-type QueryParamMatchType int32
-
-const (
-	QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_UNSPECIFIED QueryParamMatchType = 0
-	QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_EXACT       QueryParamMatchType = 1
-	QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_REGEX       QueryParamMatchType = 2
-	// consul only after this point (service-router compat)
-	QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_PRESENT QueryParamMatchType = 3
-)
-
-// Enum value maps for QueryParamMatchType.
-var (
-	QueryParamMatchType_name = map[int32]string{
-		0: "QUERY_PARAM_MATCH_TYPE_UNSPECIFIED",
-		1: "QUERY_PARAM_MATCH_TYPE_EXACT",
-		2: "QUERY_PARAM_MATCH_TYPE_REGEX",
-		3: "QUERY_PARAM_MATCH_TYPE_PRESENT",
-	}
-	QueryParamMatchType_value = map[string]int32{
-		"QUERY_PARAM_MATCH_TYPE_UNSPECIFIED": 0,
-		"QUERY_PARAM_MATCH_TYPE_EXACT":       1,
-		"QUERY_PARAM_MATCH_TYPE_REGEX":       2,
-		"QUERY_PARAM_MATCH_TYPE_PRESENT":     3,
-	}
-)
-
-func (x QueryParamMatchType) Enum() *QueryParamMatchType {
-	p := new(QueryParamMatchType)
-	*p = x
-	return p
-}
-
-func (x QueryParamMatchType) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (QueryParamMatchType) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_http_route_proto_enumTypes[2].Descriptor()
-}
-
-func (QueryParamMatchType) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_http_route_proto_enumTypes[2]
-}
-
-func (x QueryParamMatchType) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use QueryParamMatchType.Descriptor instead.
-func (QueryParamMatchType) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{2}
-}
-
-// NOTE: this should align to the GAMMA/gateway-api version, or at least be
-// easily translatable.
-//
-// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.HTTPRoute
-//
-// This is a Resource type.
-type HTTPRoute struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// ParentRefs references the resources (usually Gateways) that a Route wants
-	// to be attached to. Note that the referenced parent resource needs to allow
-	// this for the attachment to be complete. For Gateways, that means the
-	// Gateway needs to allow attachment from Routes of this kind and namespace.
-	//
-	// It is invalid to reference an identical parent more than once. It is valid
-	// to reference multiple distinct sections within the same parent resource,
-	// such as 2 Listeners within a Gateway.
-	ParentRefs []*ParentReference `protobuf:"bytes,1,rep,name=parent_refs,json=parentRefs,proto3" json:"parent_refs,omitempty"`
-	// Hostnames are the hostnames for which this HTTPRoute should respond to requests.
-	Hostnames []string `protobuf:"bytes,2,rep,name=hostnames,proto3" json:"hostnames,omitempty"`
-	// Rules are a list of HTTP-based routing rules that this route should
-	// use for constructing a routing table.
-	Rules []*HTTPRouteRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
-}
-
-func (x *HTTPRoute) Reset() {
-	*x = HTTPRoute{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPRoute) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPRoute) ProtoMessage() {}
-
-func (x *HTTPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPRoute.ProtoReflect.Descriptor instead.
-func (*HTTPRoute) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *HTTPRoute) GetParentRefs() []*ParentReference {
-	if x != nil {
-		return x.ParentRefs
-	}
-	return nil
-}
-
-func (x *HTTPRoute) GetHostnames() []string {
-	if x != nil {
-		return x.Hostnames
-	}
-	return nil
-}
-
-func (x *HTTPRoute) GetRules() []*HTTPRouteRule {
-	if x != nil {
-		return x.Rules
-	}
-	return nil
-}
-
-// HTTPRouteRule specifies the routing rules used to determine what upstream
-// service an HTTP request is routed to.
-type HTTPRouteRule struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Matches specified the matching criteria used in the routing table. If a
-	// request matches the given HTTPMatch configuration, then traffic is routed
-	// to services specified in the Services field.
-	Matches []*HTTPRouteMatch  `protobuf:"bytes,1,rep,name=matches,proto3" json:"matches,omitempty"`
-	Filters []*HTTPRouteFilter `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"`
-	// BackendRefs defines the backend(s) where matching requests should be sent.
-	//
-	// Failure behavior here depends on how many BackendRefs are specified and
-	// how many are invalid.
-	//
-	// If all entries in BackendRefs are invalid, and there are also no filters
-	// specified in this route rule, all traffic which matches this rule MUST
-	// receive a 500 status code.
-	//
-	// See the HTTPBackendRef definition for the rules about what makes a single
-	// HTTPBackendRef invalid.
-	//
-	// When a HTTPBackendRef is invalid, 500 status codes MUST be returned for
-	// requests that would have otherwise been routed to an invalid backend. If
-	// multiple backends are specified, and some are invalid, the proportion of
-	// requests that would otherwise have been routed to an invalid backend MUST
-	// receive a 500 status code.
-	//
-	// For example, if two backends are specified with equal weights, and one is
-	// invalid, 50 percent of traffic must receive a 500. Implementations may
-	// choose how that 50 percent is determined.
-	BackendRefs []*HTTPBackendRef `protobuf:"bytes,3,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
-	// ALTERNATIVE: Timeouts defines the timeouts that can be configured for an HTTP request.
-	Timeouts *HTTPRouteTimeouts `protobuf:"bytes,4,opt,name=timeouts,proto3" json:"timeouts,omitempty"`
-	// ALTERNATIVE:
-	Retries *HTTPRouteRetries `protobuf:"bytes,5,opt,name=retries,proto3" json:"retries,omitempty"`
-}
-
-func (x *HTTPRouteRule) Reset() {
-	*x = HTTPRouteRule{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPRouteRule) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPRouteRule) ProtoMessage() {}
-
-func (x *HTTPRouteRule) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPRouteRule.ProtoReflect.Descriptor instead.
-func (*HTTPRouteRule) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *HTTPRouteRule) GetMatches() []*HTTPRouteMatch {
-	if x != nil {
-		return x.Matches
-	}
-	return nil
-}
-
-func (x *HTTPRouteRule) GetFilters() []*HTTPRouteFilter {
-	if x != nil {
-		return x.Filters
-	}
-	return nil
-}
-
-func (x *HTTPRouteRule) GetBackendRefs() []*HTTPBackendRef {
-	if x != nil {
-		return x.BackendRefs
-	}
-	return nil
-}
-
-func (x *HTTPRouteRule) GetTimeouts() *HTTPRouteTimeouts {
-	if x != nil {
-		return x.Timeouts
-	}
-	return nil
-}
-
-func (x *HTTPRouteRule) GetRetries() *HTTPRouteRetries {
-	if x != nil {
-		return x.Retries
-	}
-	return nil
-}
-
-type HTTPRouteMatch struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Path specifies a HTTP request path matcher. If this field is not
-	// specified, a default prefix match on the “/” path is provided.
-	Path *HTTPPathMatch `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
-	// Headers specifies HTTP request header matchers. Multiple match values are
-	// ANDed together, meaning, a request must match all the specified headers to
-	// select the route.
-	Headers []*HTTPHeaderMatch `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
-	// QueryParams specifies HTTP query parameter matchers. Multiple match values
-	// are ANDed together, meaning, a request must match all the specified query
-	// parameters to select the route.
-	QueryParams []*HTTPQueryParamMatch `protobuf:"bytes,3,rep,name=query_params,json=queryParams,proto3" json:"query_params,omitempty"`
-	// Method specifies HTTP method matcher. When specified, this route will be
-	// matched only if the request has the specified method.
-	Method string `protobuf:"bytes,4,opt,name=method,proto3" json:"method,omitempty"`
-}
-
-func (x *HTTPRouteMatch) Reset() {
-	*x = HTTPRouteMatch{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPRouteMatch) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPRouteMatch) ProtoMessage() {}
-
-func (x *HTTPRouteMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPRouteMatch.ProtoReflect.Descriptor instead.
-func (*HTTPRouteMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *HTTPRouteMatch) GetPath() *HTTPPathMatch {
-	if x != nil {
-		return x.Path
-	}
-	return nil
-}
-
-func (x *HTTPRouteMatch) GetHeaders() []*HTTPHeaderMatch {
-	if x != nil {
-		return x.Headers
-	}
-	return nil
-}
-
-func (x *HTTPRouteMatch) GetQueryParams() []*HTTPQueryParamMatch {
-	if x != nil {
-		return x.QueryParams
-	}
-	return nil
-}
-
-func (x *HTTPRouteMatch) GetMethod() string {
-	if x != nil {
-		return x.Method
-	}
-	return ""
-}
-
-type HTTPPathMatch struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Type specifies how to match against the path Value.
-	Type PathMatchType `protobuf:"varint,1,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.PathMatchType" json:"type,omitempty"`
-	// Value of the HTTP path to match against.
-	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
-}
-
-func (x *HTTPPathMatch) Reset() {
-	*x = HTTPPathMatch{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPPathMatch) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPPathMatch) ProtoMessage() {}
-
-func (x *HTTPPathMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPPathMatch.ProtoReflect.Descriptor instead.
-func (*HTTPPathMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *HTTPPathMatch) GetType() PathMatchType {
-	if x != nil {
-		return x.Type
-	}
-	return PathMatchType_PATH_MATCH_TYPE_UNSPECIFIED
-}
-
-func (x *HTTPPathMatch) GetValue() string {
-	if x != nil {
-		return x.Value
-	}
-	return ""
-}
-
-type HTTPHeaderMatch struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Type specifies how to match against the value of the header.
-	Type HeaderMatchType `protobuf:"varint,1,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.HeaderMatchType" json:"type,omitempty"`
-	// Name is the name of the HTTP Header to be matched. Name matching MUST be
-	// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
-	//
-	// If multiple entries specify equivalent header names, only the first entry
-	// with an equivalent name MUST be considered for a match. Subsequent entries
-	// with an equivalent header name MUST be ignored. Due to the
-	// case-insensitivity of header names, “foo” and “Foo” are considered
-	// equivalent.
-	//
-	// When a header is repeated in an HTTP request, it is
-	// implementation-specific behavior as to how this is represented. Generally,
-	// proxies should follow the guidance from the RFC:
-	// https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
-	// processing a repeated header, with special handling for “Set-Cookie”.
-	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
-	// Value is the value of HTTP Header to be matched.
-	Value string `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
-	// NOTE: not in gamma; service-router compat
-	Invert bool `protobuf:"varint,4,opt,name=invert,proto3" json:"invert,omitempty"`
-}
-
-func (x *HTTPHeaderMatch) Reset() {
-	*x = HTTPHeaderMatch{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPHeaderMatch) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPHeaderMatch) ProtoMessage() {}
-
-func (x *HTTPHeaderMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPHeaderMatch.ProtoReflect.Descriptor instead.
-func (*HTTPHeaderMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *HTTPHeaderMatch) GetType() HeaderMatchType {
-	if x != nil {
-		return x.Type
-	}
-	return HeaderMatchType_HEADER_MATCH_TYPE_UNSPECIFIED
-}
-
-func (x *HTTPHeaderMatch) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *HTTPHeaderMatch) GetValue() string {
-	if x != nil {
-		return x.Value
-	}
-	return ""
-}
-
-func (x *HTTPHeaderMatch) GetInvert() bool {
-	if x != nil {
-		return x.Invert
-	}
-	return false
-}
-
-type HTTPQueryParamMatch struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Type specifies how to match against the value of the query parameter.
-	Type QueryParamMatchType `protobuf:"varint,1,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.QueryParamMatchType" json:"type,omitempty"`
-	// Name is the name of the HTTP query param to be matched. This must be an
-	// exact string match. (See
-	// https://tools.ietf.org/html/rfc7230#section-2.7.3).
-	//
-	// If multiple entries specify equivalent query param names, only the first
-	// entry with an equivalent name MUST be considered for a match. Subsequent
-	// entries with an equivalent query param name MUST be ignored.
-	//
-	// If a query param is repeated in an HTTP request, the behavior is purposely
-	// left undefined, since different data planes have different capabilities.
-	// However, it is recommended that implementations should match against the
-	// first value of the param if the data plane supports it, as this behavior
-	// is expected in other load balancing contexts outside of the Gateway API.
-	//
-	// Users SHOULD NOT route traffic based on repeated query params to guard
-	// themselves against potential differences in the implementations.
-	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
-	// Value is the value of HTTP query param to be matched.
-	Value string `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
-}
-
-func (x *HTTPQueryParamMatch) Reset() {
-	*x = HTTPQueryParamMatch{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPQueryParamMatch) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPQueryParamMatch) ProtoMessage() {}
-
-func (x *HTTPQueryParamMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPQueryParamMatch.ProtoReflect.Descriptor instead.
-func (*HTTPQueryParamMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *HTTPQueryParamMatch) GetType() QueryParamMatchType {
-	if x != nil {
-		return x.Type
-	}
-	return QueryParamMatchType_QUERY_PARAM_MATCH_TYPE_UNSPECIFIED
-}
-
-func (x *HTTPQueryParamMatch) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *HTTPQueryParamMatch) GetValue() string {
-	if x != nil {
-		return x.Value
-	}
-	return ""
-}
-
-type HTTPRouteFilter struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// RequestHeaderModifier defines a schema for a filter that modifies request
-	// headers.
-	RequestHeaderModifier *HTTPHeaderFilter `protobuf:"bytes,1,opt,name=request_header_modifier,json=requestHeaderModifier,proto3" json:"request_header_modifier,omitempty"`
-	// ResponseHeaderModifier defines a schema for a filter that modifies
-	// response headers.
-	ResponseHeaderModifier *HTTPHeaderFilter `protobuf:"bytes,2,opt,name=response_header_modifier,json=responseHeaderModifier,proto3" json:"response_header_modifier,omitempty"`
-	// URLRewrite defines a schema for a filter that modifies a request during
-	// forwarding.
-	UrlRewrite *HTTPURLRewriteFilter `protobuf:"bytes,5,opt,name=url_rewrite,json=urlRewrite,proto3" json:"url_rewrite,omitempty"`
-}
-
-func (x *HTTPRouteFilter) Reset() {
-	*x = HTTPRouteFilter{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPRouteFilter) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPRouteFilter) ProtoMessage() {}
-
-func (x *HTTPRouteFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPRouteFilter.ProtoReflect.Descriptor instead.
-func (*HTTPRouteFilter) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *HTTPRouteFilter) GetRequestHeaderModifier() *HTTPHeaderFilter {
-	if x != nil {
-		return x.RequestHeaderModifier
-	}
-	return nil
-}
-
-func (x *HTTPRouteFilter) GetResponseHeaderModifier() *HTTPHeaderFilter {
-	if x != nil {
-		return x.ResponseHeaderModifier
-	}
-	return nil
-}
-
-func (x *HTTPRouteFilter) GetUrlRewrite() *HTTPURLRewriteFilter {
-	if x != nil {
-		return x.UrlRewrite
-	}
-	return nil
-}
-
-type HTTPHeaderFilter struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Set overwrites the request with the given header (name, value) before the
-	// action.
-	Set []*HTTPHeader `protobuf:"bytes,1,rep,name=set,proto3" json:"set,omitempty"`
-	// Add adds the given header(s) (name, value) to the request before the
-	// action. It appends to any existing values associated with the header name.
-	Add []*HTTPHeader `protobuf:"bytes,2,rep,name=add,proto3" json:"add,omitempty"`
-	// Remove the given header(s) from the HTTP request before the action. The
-	// value of Remove is a list of HTTP header names. Note that the header names
-	// are case-insensitive (see
-	// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
-	Remove []string `protobuf:"bytes,3,rep,name=remove,proto3" json:"remove,omitempty"`
-}
-
-func (x *HTTPHeaderFilter) Reset() {
-	*x = HTTPHeaderFilter{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPHeaderFilter) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPHeaderFilter) ProtoMessage() {}
-
-func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPHeaderFilter.ProtoReflect.Descriptor instead.
-func (*HTTPHeaderFilter) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *HTTPHeaderFilter) GetSet() []*HTTPHeader {
-	if x != nil {
-		return x.Set
-	}
-	return nil
-}
-
-func (x *HTTPHeaderFilter) GetAdd() []*HTTPHeader {
-	if x != nil {
-		return x.Add
-	}
-	return nil
-}
-
-func (x *HTTPHeaderFilter) GetRemove() []string {
-	if x != nil {
-		return x.Remove
-	}
-	return nil
-}
-
-type HTTPHeader struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name  string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
-}
-
-func (x *HTTPHeader) Reset() {
-	*x = HTTPHeader{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPHeader) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPHeader) ProtoMessage() {}
-
-func (x *HTTPHeader) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPHeader.ProtoReflect.Descriptor instead.
-func (*HTTPHeader) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{8}
-}
-
-func (x *HTTPHeader) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *HTTPHeader) GetValue() string {
-	if x != nil {
-		return x.Value
-	}
-	return ""
-}
-
-type HTTPURLRewriteFilter struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	PathPrefix string `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"`
-}
-
-func (x *HTTPURLRewriteFilter) Reset() {
-	*x = HTTPURLRewriteFilter{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[9]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPURLRewriteFilter) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPURLRewriteFilter) ProtoMessage() {}
-
-func (x *HTTPURLRewriteFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[9]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPURLRewriteFilter.ProtoReflect.Descriptor instead.
-func (*HTTPURLRewriteFilter) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{9}
-}
-
-func (x *HTTPURLRewriteFilter) GetPathPrefix() string {
-	if x != nil {
-		return x.PathPrefix
-	}
-	return ""
-}
-
-type HTTPBackendRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	BackendRef *BackendReference `protobuf:"bytes,1,opt,name=backend_ref,json=backendRef,proto3" json:"backend_ref,omitempty"`
-	// Weight specifies the proportion of requests forwarded to the referenced
-	// backend. This is computed as weight/(sum of all weights in this
-	// BackendRefs list). For non-zero values, there may be some epsilon from the
-	// exact proportion defined here depending on the precision an implementation
-	// supports. Weight is not a percentage and the sum of weights does not need
-	// to equal 100.
-	//
-	// If only one backend is specified and it has a weight greater than 0, 100%
-	// of the traffic is forwarded to that backend. If weight is set to 0, no
-	// traffic should be forwarded for this entry. If unspecified, weight defaults
-	// to 1.
-	Weight uint32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
-	// Filters defined at this level should be executed if and only if the
-	// request is being forwarded to the backend defined here.
-	Filters []*HTTPRouteFilter `protobuf:"bytes,3,rep,name=filters,proto3" json:"filters,omitempty"`
-}
-
-func (x *HTTPBackendRef) Reset() {
-	*x = HTTPBackendRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[10]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPBackendRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPBackendRef) ProtoMessage() {}
-
-func (x *HTTPBackendRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_proto_msgTypes[10]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPBackendRef.ProtoReflect.Descriptor instead.
-func (*HTTPBackendRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP(), []int{10}
-}
-
-func (x *HTTPBackendRef) GetBackendRef() *BackendReference {
-	if x != nil {
-		return x.BackendRef
-	}
-	return nil
-}
-
-func (x *HTTPBackendRef) GetWeight() uint32 {
-	if x != nil {
-		return x.Weight
-	}
-	return 0
-}
-
-func (x *HTTPBackendRef) GetFilters() []*HTTPRouteFilter {
-	if x != nil {
-		return x.Filters
-	}
-	return nil
-}
-
-var File_pbmesh_v1alpha1_http_route_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_http_route_proto_rawDesc = []byte{
-	0x0a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x1a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x1a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x72, 0x65, 0x74,
-	0x72, 0x69, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, 0x70, 0x62, 0x6d, 0x65,
-	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x68, 0x74, 0x74, 0x70,
-	0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc0, 0x01, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f,
-	0x75, 0x74, 0x65, 0x12, 0x50, 0x0a, 0x0b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65,
-	0x66, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74,
-	0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e,
-	0x74, 0x52, 0x65, 0x66, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d,
-	0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
-	0x6d, 0x65, 0x73, 0x12, 0x43, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c,
-	0x65, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x22, 0x92, 0x03, 0x0a, 0x0d, 0x48, 0x54, 0x54,
-	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x48, 0x0a, 0x07, 0x6d, 0x61,
-	0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54,
-	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x6d, 0x61, 0x74,
-	0x63, 0x68, 0x65, 0x73, 0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18,
-	0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65,
-	0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12,
-	0x51, 0x0a, 0x0c, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x73, 0x18,
-	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65,
-	0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65,
-	0x66, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x54,
-	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x73, 0x52, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
-	0x73, 0x12, 0x4a, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x74,
-	0x72, 0x69, 0x65, 0x73, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x22, 0x8e, 0x02,
-	0x0a, 0x0e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x12, 0x41, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x04, 0x70,
-	0x61, 0x74, 0x68, 0x12, 0x49, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x56,
-	0x0a, 0x0c, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x18, 0x03,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50,
-	0x61, 0x72, 0x61, 0x6d, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x0b, 0x71, 0x75, 0x65, 0x72, 0x79,
-	0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x22, 0x68,
-	0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12,
-	0x41, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50,
-	0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79,
-	0x70, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x98, 0x01, 0x0a, 0x0f, 0x48, 0x54, 0x54,
-	0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x43, 0x0a, 0x04,
-	0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70,
-	0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x69,
-	0x6e, 0x76, 0x65, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x69, 0x6e, 0x76,
-	0x65, 0x72, 0x74, 0x22, 0x88, 0x01, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72,
-	0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x47, 0x0a, 0x04, 0x74,
-	0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79,
-	0x50, 0x61, 0x72, 0x61, 0x6d, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04,
-	0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xbe,
-	0x02, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74,
-	0x65, 0x72, 0x12, 0x68, 0x0a, 0x17, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46,
-	0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x15, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x6a, 0x0a, 0x18,
-	0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f,
-	0x6d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72,
-	0x52, 0x16, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x55, 0x0a, 0x0b, 0x75, 0x72, 0x6c, 0x5f,
-	0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48,
-	0x54, 0x54, 0x50, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x46, 0x69, 0x6c,
-	0x74, 0x65, 0x72, 0x52, 0x0a, 0x75, 0x72, 0x6c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22,
-	0xa6, 0x01, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69,
-	0x6c, 0x74, 0x65, 0x72, 0x12, 0x3c, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x03, 0x73,
-	0x65, 0x74, 0x12, 0x3c, 0x0a, 0x03, 0x61, 0x64, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x03, 0x61, 0x64, 0x64,
-	0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09,
-	0x52, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x22, 0x36, 0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50,
-	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x22, 0x37, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69,
-	0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x61, 0x74, 0x68,
-	0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70,
-	0x61, 0x74, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0xc6, 0x01, 0x0a, 0x0e, 0x48, 0x54,
-	0x54, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12, 0x51, 0x0a, 0x0b,
-	0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65,
-	0x6e, 0x63, 0x65, 0x52, 0x0a, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12,
-	0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52,
-	0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x49, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65,
-	0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f,
-	0x75, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65,
-	0x72, 0x73, 0x2a, 0x82, 0x01, 0x0a, 0x0d, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x1b, 0x50, 0x41, 0x54, 0x48, 0x5f, 0x4d, 0x41, 0x54,
-	0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
-	0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x50, 0x41, 0x54, 0x48, 0x5f, 0x4d, 0x41,
-	0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x41, 0x43, 0x54, 0x10, 0x01,
-	0x12, 0x1a, 0x0a, 0x16, 0x50, 0x41, 0x54, 0x48, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54,
-	0x59, 0x50, 0x45, 0x5f, 0x50, 0x52, 0x45, 0x46, 0x49, 0x58, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15,
-	0x50, 0x41, 0x54, 0x48, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x52, 0x45, 0x47, 0x45, 0x58, 0x10, 0x03, 0x2a, 0xc9, 0x01, 0x0a, 0x0f, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x21, 0x0a, 0x1d, 0x48,
-	0x45, 0x41, 0x44, 0x45, 0x52, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1b,
-	0x0a, 0x17, 0x48, 0x45, 0x41, 0x44, 0x45, 0x52, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54,
-	0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x41, 0x43, 0x54, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x48,
-	0x45, 0x41, 0x44, 0x45, 0x52, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x52, 0x45, 0x47, 0x45, 0x58, 0x10, 0x02, 0x12, 0x1d, 0x0a, 0x19, 0x48, 0x45, 0x41, 0x44,
-	0x45, 0x52, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50, 0x52,
-	0x45, 0x53, 0x45, 0x4e, 0x54, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x45, 0x41, 0x44, 0x45,
-	0x52, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50, 0x52, 0x45,
-	0x46, 0x49, 0x58, 0x10, 0x04, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x45, 0x41, 0x44, 0x45, 0x52, 0x5f,
-	0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x55, 0x46, 0x46, 0x49,
-	0x58, 0x10, 0x05, 0x2a, 0xa5, 0x01, 0x0a, 0x13, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72,
-	0x61, 0x6d, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x26, 0x0a, 0x22, 0x51,
-	0x55, 0x45, 0x52, 0x59, 0x5f, 0x50, 0x41, 0x52, 0x41, 0x4d, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48,
-	0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
-	0x44, 0x10, 0x00, 0x12, 0x20, 0x0a, 0x1c, 0x51, 0x55, 0x45, 0x52, 0x59, 0x5f, 0x50, 0x41, 0x52,
-	0x41, 0x4d, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58,
-	0x41, 0x43, 0x54, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, 0x51, 0x55, 0x45, 0x52, 0x59, 0x5f, 0x50,
-	0x41, 0x52, 0x41, 0x4d, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x52, 0x45, 0x47, 0x45, 0x58, 0x10, 0x02, 0x12, 0x22, 0x0a, 0x1e, 0x51, 0x55, 0x45, 0x52, 0x59,
-	0x5f, 0x50, 0x41, 0x52, 0x41, 0x4d, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50,
-	0x45, 0x5f, 0x50, 0x52, 0x45, 0x53, 0x45, 0x4e, 0x54, 0x10, 0x03, 0x42, 0x96, 0x02, 0x0a, 0x22,
-	0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x42, 0x0e, 0x48, 0x74, 0x74, 0x70, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x50, 0x72, 0x6f,
-	0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
-	0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70,
-	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d,
-	0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43,
-	0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
-	0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_http_route_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_http_route_proto_rawDescData = file_pbmesh_v1alpha1_http_route_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_http_route_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_http_route_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_http_route_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_http_route_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_http_route_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_http_route_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
-var file_pbmesh_v1alpha1_http_route_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
-var file_pbmesh_v1alpha1_http_route_proto_goTypes = []interface{}{
-	(PathMatchType)(0),           // 0: hashicorp.consul.mesh.v1alpha1.PathMatchType
-	(HeaderMatchType)(0),         // 1: hashicorp.consul.mesh.v1alpha1.HeaderMatchType
-	(QueryParamMatchType)(0),     // 2: hashicorp.consul.mesh.v1alpha1.QueryParamMatchType
-	(*HTTPRoute)(nil),            // 3: hashicorp.consul.mesh.v1alpha1.HTTPRoute
-	(*HTTPRouteRule)(nil),        // 4: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule
-	(*HTTPRouteMatch)(nil),       // 5: hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch
-	(*HTTPPathMatch)(nil),        // 6: hashicorp.consul.mesh.v1alpha1.HTTPPathMatch
-	(*HTTPHeaderMatch)(nil),      // 7: hashicorp.consul.mesh.v1alpha1.HTTPHeaderMatch
-	(*HTTPQueryParamMatch)(nil),  // 8: hashicorp.consul.mesh.v1alpha1.HTTPQueryParamMatch
-	(*HTTPRouteFilter)(nil),      // 9: hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
-	(*HTTPHeaderFilter)(nil),     // 10: hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
-	(*HTTPHeader)(nil),           // 11: hashicorp.consul.mesh.v1alpha1.HTTPHeader
-	(*HTTPURLRewriteFilter)(nil), // 12: hashicorp.consul.mesh.v1alpha1.HTTPURLRewriteFilter
-	(*HTTPBackendRef)(nil),       // 13: hashicorp.consul.mesh.v1alpha1.HTTPBackendRef
-	(*ParentReference)(nil),      // 14: hashicorp.consul.mesh.v1alpha1.ParentReference
-	(*HTTPRouteTimeouts)(nil),    // 15: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
-	(*HTTPRouteRetries)(nil),     // 16: hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
-	(*BackendReference)(nil),     // 17: hashicorp.consul.mesh.v1alpha1.BackendReference
-}
-var file_pbmesh_v1alpha1_http_route_proto_depIdxs = []int32{
-	14, // 0: hashicorp.consul.mesh.v1alpha1.HTTPRoute.parent_refs:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
-	4,  // 1: hashicorp.consul.mesh.v1alpha1.HTTPRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteRule
-	5,  // 2: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule.matches:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch
-	9,  // 3: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule.filters:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
-	13, // 4: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPBackendRef
-	15, // 5: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule.timeouts:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
-	16, // 6: hashicorp.consul.mesh.v1alpha1.HTTPRouteRule.retries:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
-	6,  // 7: hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch.path:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPPathMatch
-	7,  // 8: hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch.headers:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeaderMatch
-	8,  // 9: hashicorp.consul.mesh.v1alpha1.HTTPRouteMatch.query_params:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPQueryParamMatch
-	0,  // 10: hashicorp.consul.mesh.v1alpha1.HTTPPathMatch.type:type_name -> hashicorp.consul.mesh.v1alpha1.PathMatchType
-	1,  // 11: hashicorp.consul.mesh.v1alpha1.HTTPHeaderMatch.type:type_name -> hashicorp.consul.mesh.v1alpha1.HeaderMatchType
-	2,  // 12: hashicorp.consul.mesh.v1alpha1.HTTPQueryParamMatch.type:type_name -> hashicorp.consul.mesh.v1alpha1.QueryParamMatchType
-	10, // 13: hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter.request_header_modifier:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
-	10, // 14: hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter.response_header_modifier:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter
-	12, // 15: hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter.url_rewrite:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPURLRewriteFilter
-	11, // 16: hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter.set:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeader
-	11, // 17: hashicorp.consul.mesh.v1alpha1.HTTPHeaderFilter.add:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPHeader
-	17, // 18: hashicorp.consul.mesh.v1alpha1.HTTPBackendRef.backend_ref:type_name -> hashicorp.consul.mesh.v1alpha1.BackendReference
-	9,  // 19: hashicorp.consul.mesh.v1alpha1.HTTPBackendRef.filters:type_name -> hashicorp.consul.mesh.v1alpha1.HTTPRouteFilter
-	20, // [20:20] is the sub-list for method output_type
-	20, // [20:20] is the sub-list for method input_type
-	20, // [20:20] is the sub-list for extension type_name
-	20, // [20:20] is the sub-list for extension extendee
-	0,  // [0:20] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_http_route_proto_init() }
-func file_pbmesh_v1alpha1_http_route_proto_init() {
-	if File_pbmesh_v1alpha1_http_route_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_common_proto_init()
-	file_pbmesh_v1alpha1_http_route_retries_proto_init()
-	file_pbmesh_v1alpha1_http_route_timeouts_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_http_route_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPRoute); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_http_route_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPRouteRule); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_http_route_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPRouteMatch); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_http_route_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPPathMatch); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_http_route_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPHeaderMatch); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_http_route_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPQueryParamMatch); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_http_route_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPRouteFilter); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_http_route_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPHeaderFilter); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_http_route_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPHeader); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_http_route_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPURLRewriteFilter); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_http_route_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPBackendRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_http_route_proto_rawDesc,
-			NumEnums:      3,
-			NumMessages:   11,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_http_route_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_http_route_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_http_route_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_http_route_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_http_route_proto = out.File
-	file_pbmesh_v1alpha1_http_route_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_http_route_proto_goTypes = nil
-	file_pbmesh_v1alpha1_http_route_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/http_route.proto b/proto-public/pbmesh/v1alpha1/http_route.proto
deleted file mode 100644
index ea14176b1b7c..000000000000
--- a/proto-public/pbmesh/v1alpha1/http_route.proto
+++ /dev/null
@@ -1,259 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1;
-
-import "pbmesh/v1alpha1/common.proto";
-import "pbmesh/v1alpha1/http_route_retries.proto";
-import "pbmesh/v1alpha1/http_route_timeouts.proto";
-
-// NOTE: this should align to the GAMMA/gateway-api version, or at least be
-// easily translatable.
-//
-// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.HTTPRoute
-//
-// This is a Resource type.
-message HTTPRoute {
-  // ParentRefs references the resources (usually Gateways) that a Route wants
-  // to be attached to. Note that the referenced parent resource needs to allow
-  // this for the attachment to be complete. For Gateways, that means the
-  // Gateway needs to allow attachment from Routes of this kind and namespace.
-  //
-  // It is invalid to reference an identical parent more than once. It is valid
-  // to reference multiple distinct sections within the same parent resource,
-  // such as 2 Listeners within a Gateway.
-  repeated ParentReference parent_refs = 1;
-
-  // Hostnames are the hostnames for which this HTTPRoute should respond to requests.
-  repeated string hostnames = 2;
-
-  // Rules are a list of HTTP-based routing rules that this route should
-  // use for constructing a routing table.
-  repeated HTTPRouteRule rules = 3;
-}
-
-// HTTPRouteRule specifies the routing rules used to determine what upstream
-// service an HTTP request is routed to.
-message HTTPRouteRule {
-  // Matches specified the matching criteria used in the routing table. If a
-  // request matches the given HTTPMatch configuration, then traffic is routed
-  // to services specified in the Services field.
-  repeated HTTPRouteMatch matches = 1;
-
-  repeated HTTPRouteFilter filters = 2;
-
-  // BackendRefs defines the backend(s) where matching requests should be sent.
-  //
-  // Failure behavior here depends on how many BackendRefs are specified and
-  // how many are invalid.
-  //
-  // If all entries in BackendRefs are invalid, and there are also no filters
-  // specified in this route rule, all traffic which matches this rule MUST
-  // receive a 500 status code.
-  //
-  // See the HTTPBackendRef definition for the rules about what makes a single
-  // HTTPBackendRef invalid.
-  //
-  // When a HTTPBackendRef is invalid, 500 status codes MUST be returned for
-  // requests that would have otherwise been routed to an invalid backend. If
-  // multiple backends are specified, and some are invalid, the proportion of
-  // requests that would otherwise have been routed to an invalid backend MUST
-  // receive a 500 status code.
-  //
-  // For example, if two backends are specified with equal weights, and one is
-  // invalid, 50 percent of traffic must receive a 500. Implementations may
-  // choose how that 50 percent is determined.
-  repeated HTTPBackendRef backend_refs = 3;
-
-  // ALTERNATIVE: Timeouts defines the timeouts that can be configured for an HTTP request.
-  HTTPRouteTimeouts timeouts = 4;
-  // ALTERNATIVE:
-  HTTPRouteRetries retries = 5;
-}
-
-message HTTPRouteMatch {
-  // Path specifies a HTTP request path matcher. If this field is not
-  // specified, a default prefix match on the “/” path is provided.
-  HTTPPathMatch path = 1;
-
-  // Headers specifies HTTP request header matchers. Multiple match values are
-  // ANDed together, meaning, a request must match all the specified headers to
-  // select the route.
-  repeated HTTPHeaderMatch headers = 2;
-
-  // QueryParams specifies HTTP query parameter matchers. Multiple match values
-  // are ANDed together, meaning, a request must match all the specified query
-  // parameters to select the route.
-  repeated HTTPQueryParamMatch query_params = 3;
-
-  // Method specifies HTTP method matcher. When specified, this route will be
-  // matched only if the request has the specified method.
-  string method = 4;
-}
-
-message HTTPPathMatch {
-  // Type specifies how to match against the path Value.
-  PathMatchType type = 1;
-  // Value of the HTTP path to match against.
-  string value = 2;
-}
-
-// PathMatchType specifies the semantics of how HTTP paths should be compared.
-// Valid PathMatchType values, along with their support levels, are:
-//
-// PathPrefix and Exact paths must be syntactically valid:
-//
-// - Must begin with the / character
-// - Must not contain consecutive / characters (e.g. /foo///, //).
-// - Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash.
-//
-// Unknown values here must result in the implementation setting the Accepted
-// Condition for the Route to status: False, with a Reason of UnsupportedValue.
-enum PathMatchType {
-  PATH_MATCH_TYPE_UNSPECIFIED = 0;
-  PATH_MATCH_TYPE_EXACT = 1;
-  PATH_MATCH_TYPE_PREFIX = 2;
-  PATH_MATCH_TYPE_REGEX = 3;
-}
-
-message HTTPHeaderMatch {
-  // Type specifies how to match against the value of the header.
-  HeaderMatchType type = 1;
-
-  // Name is the name of the HTTP Header to be matched. Name matching MUST be
-  // case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
-  //
-  // If multiple entries specify equivalent header names, only the first entry
-  // with an equivalent name MUST be considered for a match. Subsequent entries
-  // with an equivalent header name MUST be ignored. Due to the
-  // case-insensitivity of header names, “foo” and “Foo” are considered
-  // equivalent.
-  //
-  // When a header is repeated in an HTTP request, it is
-  // implementation-specific behavior as to how this is represented. Generally,
-  // proxies should follow the guidance from the RFC:
-  // https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
-  // processing a repeated header, with special handling for “Set-Cookie”.
-  string name = 2;
-
-  // Value is the value of HTTP Header to be matched.
-  string value = 3;
-
-  // NOTE: not in gamma; service-router compat
-  bool invert = 4;
-}
-
-// HeaderMatchType specifies the semantics of how HTTP header values should be
-// compared. Valid HeaderMatchType values, along with their conformance levels,
-// are:
-//
-// Note that values may be added to this enum, implementations must ensure that
-// unknown values will not cause a crash.
-//
-// Unknown values here must result in the implementation setting the Accepted
-// Condition for the Route to status: False, with a Reason of UnsupportedValue.
-enum HeaderMatchType {
-  HEADER_MATCH_TYPE_UNSPECIFIED = 0;
-  HEADER_MATCH_TYPE_EXACT = 1;
-  HEADER_MATCH_TYPE_REGEX = 2;
-  // consul only after this point (service-router compat)
-  HEADER_MATCH_TYPE_PRESENT = 3;
-  HEADER_MATCH_TYPE_PREFIX = 4;
-  HEADER_MATCH_TYPE_SUFFIX = 5;
-}
-
-message HTTPQueryParamMatch {
-  // Type specifies how to match against the value of the query parameter.
-  QueryParamMatchType type = 1;
-
-  // Name is the name of the HTTP query param to be matched. This must be an
-  // exact string match. (See
-  // https://tools.ietf.org/html/rfc7230#section-2.7.3).
-  //
-  // If multiple entries specify equivalent query param names, only the first
-  // entry with an equivalent name MUST be considered for a match. Subsequent
-  // entries with an equivalent query param name MUST be ignored.
-  //
-  // If a query param is repeated in an HTTP request, the behavior is purposely
-  // left undefined, since different data planes have different capabilities.
-  // However, it is recommended that implementations should match against the
-  // first value of the param if the data plane supports it, as this behavior
-  // is expected in other load balancing contexts outside of the Gateway API.
-  //
-  // Users SHOULD NOT route traffic based on repeated query params to guard
-  // themselves against potential differences in the implementations.
-  string name = 2;
-
-  // Value is the value of HTTP query param to be matched.
-  string value = 3;
-}
-
-enum QueryParamMatchType {
-  QUERY_PARAM_MATCH_TYPE_UNSPECIFIED = 0;
-  QUERY_PARAM_MATCH_TYPE_EXACT = 1;
-  QUERY_PARAM_MATCH_TYPE_REGEX = 2;
-  // consul only after this point (service-router compat)
-  QUERY_PARAM_MATCH_TYPE_PRESENT = 3;
-}
-
-message HTTPRouteFilter {
-  // RequestHeaderModifier defines a schema for a filter that modifies request
-  // headers.
-  HTTPHeaderFilter request_header_modifier = 1;
-
-  // ResponseHeaderModifier defines a schema for a filter that modifies
-  // response headers.
-  HTTPHeaderFilter response_header_modifier = 2;
-
-  // URLRewrite defines a schema for a filter that modifies a request during
-  // forwarding.
-  HTTPURLRewriteFilter url_rewrite = 5;
-}
-
-message HTTPHeaderFilter {
-  // Set overwrites the request with the given header (name, value) before the
-  // action.
-  repeated HTTPHeader set = 1;
-
-  // Add adds the given header(s) (name, value) to the request before the
-  // action. It appends to any existing values associated with the header name.
-  repeated HTTPHeader add = 2;
-
-  // Remove the given header(s) from the HTTP request before the action. The
-  // value of Remove is a list of HTTP header names. Note that the header names
-  // are case-insensitive (see
-  // https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
-  repeated string remove = 3;
-}
-
-message HTTPHeader {
-  string name = 1;
-  string value = 2;
-}
-
-message HTTPURLRewriteFilter {
-  string path_prefix = 1;
-}
-
-message HTTPBackendRef {
-  BackendReference backend_ref = 1;
-
-  // Weight specifies the proportion of requests forwarded to the referenced
-  // backend. This is computed as weight/(sum of all weights in this
-  // BackendRefs list). For non-zero values, there may be some epsilon from the
-  // exact proportion defined here depending on the precision an implementation
-  // supports. Weight is not a percentage and the sum of weights does not need
-  // to equal 100.
-  //
-  //If only one backend is specified and it has a weight greater than 0, 100%
-  //of the traffic is forwarded to that backend. If weight is set to 0, no
-  //traffic should be forwarded for this entry. If unspecified, weight defaults
-  //to 1.
-  uint32 weight = 2;
-
-  // Filters defined at this level should be executed if and only if the
-  // request is being forwarded to the backend defined here.
-  repeated HTTPRouteFilter filters = 3;
-}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_retries.pb.binary.go b/proto-public/pbmesh/v1alpha1/http_route_retries.pb.binary.go
deleted file mode 100644
index b84704f0e1aa..000000000000
--- a/proto-public/pbmesh/v1alpha1/http_route_retries.pb.binary.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/http_route_retries.proto
-
-package meshv1alpha1
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPRouteRetries) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPRouteRetries) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go b/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
deleted file mode 100644
index 5a34d26a3260..000000000000
--- a/proto-public/pbmesh/v1alpha1/http_route_retries.pb.go
+++ /dev/null
@@ -1,206 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/http_route_retries.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// ALTERNATIVE: not using policy attachment semantics
-type HTTPRouteRetries struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// NumRetries is the number of times to retry the request when a retryable
-	// result occurs.
-	Number int32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"`
-	// RetryOnConnectFailure allows for connection failure errors to trigger a
-	// retry.
-	OnConnectFailure bool `protobuf:"varint,2,opt,name=on_connect_failure,json=onConnectFailure,proto3" json:"on_connect_failure,omitempty"`
-	// RetryOn allows setting envoy specific conditions when a request should
-	// be automatically retried.
-	OnConditions []string `protobuf:"bytes,3,rep,name=on_conditions,json=onConditions,proto3" json:"on_conditions,omitempty"`
-	// RetryOnStatusCodes is a flat list of http response status codes that are
-	// eligible for retry. This again should be feasible in any reasonable proxy.
-	OnStatusCodes []uint32 `protobuf:"varint,4,rep,packed,name=on_status_codes,json=onStatusCodes,proto3" json:"on_status_codes,omitempty"`
-}
-
-func (x *HTTPRouteRetries) Reset() {
-	*x = HTTPRouteRetries{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_retries_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPRouteRetries) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPRouteRetries) ProtoMessage() {}
-
-func (x *HTTPRouteRetries) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_retries_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPRouteRetries.ProtoReflect.Descriptor instead.
-func (*HTTPRouteRetries) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_retries_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *HTTPRouteRetries) GetNumber() int32 {
-	if x != nil {
-		return x.Number
-	}
-	return 0
-}
-
-func (x *HTTPRouteRetries) GetOnConnectFailure() bool {
-	if x != nil {
-		return x.OnConnectFailure
-	}
-	return false
-}
-
-func (x *HTTPRouteRetries) GetOnConditions() []string {
-	if x != nil {
-		return x.OnConditions
-	}
-	return nil
-}
-
-func (x *HTTPRouteRetries) GetOnStatusCodes() []uint32 {
-	if x != nil {
-		return x.OnStatusCodes
-	}
-	return nil
-}
-
-var File_pbmesh_v1alpha1_http_route_retries_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_http_route_retries_proto_rawDesc = []byte{
-	0x0a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x72, 0x65, 0x74,
-	0x72, 0x69, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0xa5, 0x01, 0x0a, 0x10, 0x48,
-	0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12,
-	0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52,
-	0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x2c, 0x0a, 0x12, 0x6f, 0x6e, 0x5f, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x10, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61,
-	0x69, 0x6c, 0x75, 0x72, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x64,
-	0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x6f, 0x6e,
-	0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6f, 0x6e,
-	0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x73, 0x18, 0x04, 0x20,
-	0x03, 0x28, 0x0d, 0x52, 0x0d, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64,
-	0x65, 0x73, 0x42, 0x9d, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x15, 0x48, 0x74, 0x74, 0x70, 0x52,
-	0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f,
-	0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d,
-	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73,
-	0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa,
-	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02,
-	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_http_route_retries_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_http_route_retries_proto_rawDescData = file_pbmesh_v1alpha1_http_route_retries_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_http_route_retries_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_http_route_retries_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_http_route_retries_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_http_route_retries_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_http_route_retries_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_http_route_retries_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_pbmesh_v1alpha1_http_route_retries_proto_goTypes = []interface{}{
-	(*HTTPRouteRetries)(nil), // 0: hashicorp.consul.mesh.v1alpha1.HTTPRouteRetries
-}
-var file_pbmesh_v1alpha1_http_route_retries_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_http_route_retries_proto_init() }
-func file_pbmesh_v1alpha1_http_route_retries_proto_init() {
-	if File_pbmesh_v1alpha1_http_route_retries_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_http_route_retries_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPRouteRetries); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_http_route_retries_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   1,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_http_route_retries_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_http_route_retries_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_http_route_retries_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_http_route_retries_proto = out.File
-	file_pbmesh_v1alpha1_http_route_retries_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_http_route_retries_proto_goTypes = nil
-	file_pbmesh_v1alpha1_http_route_retries_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_retries.proto b/proto-public/pbmesh/v1alpha1/http_route_retries.proto
deleted file mode 100644
index 3ea112027abe..000000000000
--- a/proto-public/pbmesh/v1alpha1/http_route_retries.proto
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1;
-
-// ALTERNATIVE: not using policy attachment semantics
-message HTTPRouteRetries {
-  // NumRetries is the number of times to retry the request when a retryable
-  // result occurs.
-  int32 number = 1;
-
-  // RetryOnConnectFailure allows for connection failure errors to trigger a
-  // retry.
-  bool on_connect_failure = 2;
-
-  // RetryOn allows setting envoy specific conditions when a request should
-  // be automatically retried.
-  repeated string on_conditions = 3;
-
-  // RetryOnStatusCodes is a flat list of http response status codes that are
-  // eligible for retry. This again should be feasible in any reasonable proxy.
-  repeated uint32 on_status_codes = 4;
-}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.binary.go b/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.binary.go
deleted file mode 100644
index cb38ff24c577..000000000000
--- a/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.binary.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/http_route_timeouts.proto
-
-package meshv1alpha1
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HTTPRouteTimeouts) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HTTPRouteTimeouts) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go b/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
deleted file mode 100644
index 0fc421e43e5b..000000000000
--- a/proto-public/pbmesh/v1alpha1/http_route_timeouts.pb.go
+++ /dev/null
@@ -1,223 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/http_route_timeouts.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	durationpb "google.golang.org/protobuf/types/known/durationpb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// HTTPRouteTimeouts defines timeouts that can be configured for an HTTPRoute.
-// Timeout values are formatted like 1h/1m/1s/1ms as parsed by Golang time.ParseDuration
-// and MUST BE >= 1ms.
-//
-// ALTERNATIVE: not using policy attachment semantics
-type HTTPRouteTimeouts struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Request specifies the duration for processing an HTTP client request after which the
-	// gateway will time out if unable to send a response.
-	// Whether the gateway starts the timeout before or after the entire client request stream
-	// has been received, is implementation-dependent.
-	//
-	// For example, setting the `rules.timeouts.request` field to the value `10s` in an
-	// `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds
-	// to complete.
-	//
-	// When this field is unspecified, request timeout behavior is implementation-dependent.
-	Request *durationpb.Duration `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"`
-	// BackendRequest specifies a timeout for an individual request from the gateway
-	// to a backend service. Typically used in conjuction with retry configuration,
-	// if supported by an implementation.
-	//
-	// The value of BackendRequest defaults to and must be <= the value of Request timeout.
-	//
-	// Support: Extended
-	//
-	// TODO(rb): net-new feature
-	BackendRequest *durationpb.Duration `protobuf:"bytes,2,opt,name=backend_request,json=backendRequest,proto3" json:"backend_request,omitempty"`
-	// TODO(RB): this is a consul-only feature
-	Idle *durationpb.Duration `protobuf:"bytes,3,opt,name=idle,proto3" json:"idle,omitempty"`
-}
-
-func (x *HTTPRouteTimeouts) Reset() {
-	*x = HTTPRouteTimeouts{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_http_route_timeouts_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPRouteTimeouts) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPRouteTimeouts) ProtoMessage() {}
-
-func (x *HTTPRouteTimeouts) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_http_route_timeouts_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPRouteTimeouts.ProtoReflect.Descriptor instead.
-func (*HTTPRouteTimeouts) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *HTTPRouteTimeouts) GetRequest() *durationpb.Duration {
-	if x != nil {
-		return x.Request
-	}
-	return nil
-}
-
-func (x *HTTPRouteTimeouts) GetBackendRequest() *durationpb.Duration {
-	if x != nil {
-		return x.BackendRequest
-	}
-	return nil
-}
-
-func (x *HTTPRouteTimeouts) GetIdle() *durationpb.Duration {
-	if x != nil {
-		return x.Idle
-	}
-	return nil
-}
-
-var File_pbmesh_v1alpha1_http_route_timeouts_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDesc = []byte{
-	0x0a, 0x29, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d,
-	0x65, 0x6f, 0x75, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xbb, 0x01, 0x0a, 0x11,
-	0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
-	0x73, 0x12, 0x33, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x72,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x42, 0x0a, 0x0f, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e,
-	0x64, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x62, 0x61, 0x63, 0x6b,
-	0x65, 0x6e, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x04, 0x69, 0x64,
-	0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x04, 0x69, 0x64, 0x6c, 0x65, 0x42, 0x9e, 0x02, 0x0a, 0x22, 0x63, 0x6f,
-	0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x42, 0x16, 0x48, 0x74, 0x74, 0x70, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f,
-	0x75, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68,
-	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75,
-	0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
-	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
-	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65,
-	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68,
-	0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescData = file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_http_route_timeouts_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_pbmesh_v1alpha1_http_route_timeouts_proto_goTypes = []interface{}{
-	(*HTTPRouteTimeouts)(nil),   // 0: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts
-	(*durationpb.Duration)(nil), // 1: google.protobuf.Duration
-}
-var file_pbmesh_v1alpha1_http_route_timeouts_proto_depIdxs = []int32{
-	1, // 0: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts.request:type_name -> google.protobuf.Duration
-	1, // 1: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts.backend_request:type_name -> google.protobuf.Duration
-	1, // 2: hashicorp.consul.mesh.v1alpha1.HTTPRouteTimeouts.idle:type_name -> google.protobuf.Duration
-	3, // [3:3] is the sub-list for method output_type
-	3, // [3:3] is the sub-list for method input_type
-	3, // [3:3] is the sub-list for extension type_name
-	3, // [3:3] is the sub-list for extension extendee
-	0, // [0:3] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_http_route_timeouts_proto_init() }
-func file_pbmesh_v1alpha1_http_route_timeouts_proto_init() {
-	if File_pbmesh_v1alpha1_http_route_timeouts_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_http_route_timeouts_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPRouteTimeouts); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   1,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_http_route_timeouts_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_http_route_timeouts_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_http_route_timeouts_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_http_route_timeouts_proto = out.File
-	file_pbmesh_v1alpha1_http_route_timeouts_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_http_route_timeouts_proto_goTypes = nil
-	file_pbmesh_v1alpha1_http_route_timeouts_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto b/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
deleted file mode 100644
index f33587496b55..000000000000
--- a/proto-public/pbmesh/v1alpha1/http_route_timeouts.proto
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1;
-
-import "google/protobuf/duration.proto";
-
-// HTTPRouteTimeouts defines timeouts that can be configured for an HTTPRoute.
-// Timeout values are formatted like 1h/1m/1s/1ms as parsed by Golang time.ParseDuration
-// and MUST BE >= 1ms.
-//
-// ALTERNATIVE: not using policy attachment semantics
-message HTTPRouteTimeouts {
-  // Request specifies the duration for processing an HTTP client request after which the
-  // gateway will time out if unable to send a response.
-  // Whether the gateway starts the timeout before or after the entire client request stream
-  // has been received, is implementation-dependent.
-  //
-  // For example, setting the `rules.timeouts.request` field to the value `10s` in an
-  // `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds
-  // to complete.
-  //
-  // When this field is unspecified, request timeout behavior is implementation-dependent.
-  google.protobuf.Duration request = 1;
-
-  // BackendRequest specifies a timeout for an individual request from the gateway
-  // to a backend service. Typically used in conjuction with retry configuration,
-  // if supported by an implementation.
-  //
-  // The value of BackendRequest defaults to and must be <= the value of Request timeout.
-  //
-  // Support: Extended
-  //
-  // TODO(rb): net-new feature
-  google.protobuf.Duration backend_request = 2;
-
-  // TODO(RB): this is a consul-only feature
-  google.protobuf.Duration idle = 3;
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.binary.go
deleted file mode 100644
index 813f6d3ebb6a..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.binary.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/pbproxystate/access_logs.proto
-
-package pbproxystate
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *AccessLogs) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *AccessLogs) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
deleted file mode 100644
index bedb5f988072..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.pb.go
+++ /dev/null
@@ -1,325 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/pbproxystate/access_logs.proto
-
-package pbproxystate
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type LogSinkType int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	LogSinkType_LOG_SINK_TYPE_DEFAULT LogSinkType = 0
-	LogSinkType_LOG_SINK_TYPE_FILE    LogSinkType = 1
-	LogSinkType_LOG_SINK_TYPE_STDERR  LogSinkType = 2
-	LogSinkType_LOG_SINK_TYPE_STDOUT  LogSinkType = 3
-)
-
-// Enum value maps for LogSinkType.
-var (
-	LogSinkType_name = map[int32]string{
-		0: "LOG_SINK_TYPE_DEFAULT",
-		1: "LOG_SINK_TYPE_FILE",
-		2: "LOG_SINK_TYPE_STDERR",
-		3: "LOG_SINK_TYPE_STDOUT",
-	}
-	LogSinkType_value = map[string]int32{
-		"LOG_SINK_TYPE_DEFAULT": 0,
-		"LOG_SINK_TYPE_FILE":    1,
-		"LOG_SINK_TYPE_STDERR":  2,
-		"LOG_SINK_TYPE_STDOUT":  3,
-	}
-)
-
-func (x LogSinkType) Enum() *LogSinkType {
-	p := new(LogSinkType)
-	*p = x
-	return p
-}
-
-func (x LogSinkType) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (LogSinkType) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_enumTypes[0].Descriptor()
-}
-
-func (LogSinkType) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_enumTypes[0]
-}
-
-func (x LogSinkType) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use LogSinkType.Descriptor instead.
-func (LogSinkType) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescGZIP(), []int{0}
-}
-
-type AccessLogs struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// enabled enables access logging.
-	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
-	// disable_listener_logs turns off just listener logs for connections rejected by Envoy because they don't
-	// have a matching listener filter.
-	DisableListenerLogs bool `protobuf:"varint,2,opt,name=disable_listener_logs,json=disableListenerLogs,proto3" json:"disable_listener_logs,omitempty"`
-	// type selects the output for logs: "file", "stderr". "stdout"
-	Type LogSinkType `protobuf:"varint,3,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.LogSinkType" json:"type,omitempty"`
-	// path is the output file to write logs
-	Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
-	// The presence of one format string or the other implies the access log string encoding.
-	// Defining both is invalid.
-	//
-	// Types that are assignable to Format:
-	//
-	//	*AccessLogs_Json
-	//	*AccessLogs_Text
-	Format isAccessLogs_Format `protobuf_oneof:"format"`
-}
-
-func (x *AccessLogs) Reset() {
-	*x = AccessLogs{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AccessLogs) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AccessLogs) ProtoMessage() {}
-
-func (x *AccessLogs) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AccessLogs.ProtoReflect.Descriptor instead.
-func (*AccessLogs) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *AccessLogs) GetEnabled() bool {
-	if x != nil {
-		return x.Enabled
-	}
-	return false
-}
-
-func (x *AccessLogs) GetDisableListenerLogs() bool {
-	if x != nil {
-		return x.DisableListenerLogs
-	}
-	return false
-}
-
-func (x *AccessLogs) GetType() LogSinkType {
-	if x != nil {
-		return x.Type
-	}
-	return LogSinkType_LOG_SINK_TYPE_DEFAULT
-}
-
-func (x *AccessLogs) GetPath() string {
-	if x != nil {
-		return x.Path
-	}
-	return ""
-}
-
-func (m *AccessLogs) GetFormat() isAccessLogs_Format {
-	if m != nil {
-		return m.Format
-	}
-	return nil
-}
-
-func (x *AccessLogs) GetJson() string {
-	if x, ok := x.GetFormat().(*AccessLogs_Json); ok {
-		return x.Json
-	}
-	return ""
-}
-
-func (x *AccessLogs) GetText() string {
-	if x, ok := x.GetFormat().(*AccessLogs_Text); ok {
-		return x.Text
-	}
-	return ""
-}
-
-type isAccessLogs_Format interface {
-	isAccessLogs_Format()
-}
-
-type AccessLogs_Json struct {
-	Json string `protobuf:"bytes,5,opt,name=json,proto3,oneof"`
-}
-
-type AccessLogs_Text struct {
-	Text string `protobuf:"bytes,6,opt,name=text,proto3,oneof"`
-}
-
-func (*AccessLogs_Json) isAccessLogs_Format() {}
-
-func (*AccessLogs_Text) isAccessLogs_Format() {}
-
-var File_pbmesh_v1alpha1_pbproxystate_access_logs_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDesc = []byte{
-	0x0a, 0x2e, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x61,
-	0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x12, 0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0xf2, 0x01,
-	0x0a, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07,
-	0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65,
-	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x32, 0x0a, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c,
-	0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x4c, 0x69,
-	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x4c, 0x0a, 0x04, 0x74, 0x79,
-	0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79,
-	0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x14, 0x0a, 0x04,
-	0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x04, 0x6a, 0x73,
-	0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x04, 0x74, 0x65, 0x78, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09,
-	0x48, 0x00, 0x52, 0x04, 0x74, 0x65, 0x78, 0x74, 0x42, 0x08, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d,
-	0x61, 0x74, 0x2a, 0x74, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70,
-	0x65, 0x12, 0x19, 0x0a, 0x15, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12,
-	0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49,
-	0x4c, 0x45, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b,
-	0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x45, 0x52, 0x52, 0x10, 0x02, 0x12, 0x18,
-	0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x53, 0x54, 0x44, 0x4f, 0x55, 0x54, 0x10, 0x03, 0x42, 0xdb, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0f, 0x41, 0x63,
-	0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
-	0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68,
-	0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02,
-	0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
-	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
-	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
-	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_goTypes = []interface{}{
-	(LogSinkType)(0),   // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.LogSinkType
-	(*AccessLogs)(nil), // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.AccessLogs
-}
-var file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_depIdxs = []int32{
-	0, // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.AccessLogs.type:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LogSinkType
-	1, // [1:1] is the sub-list for method output_type
-	1, // [1:1] is the sub-list for method input_type
-	1, // [1:1] is the sub-list for extension type_name
-	1, // [1:1] is the sub-list for extension extendee
-	0, // [0:1] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_init() }
-func file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_init() {
-	if File_pbmesh_v1alpha1_pbproxystate_access_logs_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AccessLogs); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes[0].OneofWrappers = []interface{}{
-		(*AccessLogs_Json)(nil),
-		(*AccessLogs_Text)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   1,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_pbproxystate_access_logs_proto = out.File
-	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_goTypes = nil
-	file_pbmesh_v1alpha1_pbproxystate_access_logs_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
deleted file mode 100644
index 00770c0c146e..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/access_logs.proto
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1.pbproxystate;
-
-message AccessLogs {
-  // enabled enables access logging.
-  bool enabled = 1;
-  // disable_listener_logs turns off just listener logs for connections rejected by Envoy because they don't
-  // have a matching listener filter.
-  bool disable_listener_logs = 2;
-  // type selects the output for logs: "file", "stderr". "stdout"
-  LogSinkType type = 3;
-  // path is the output file to write logs
-  string path = 4;
-  // The presence of one format string or the other implies the access log string encoding.
-  // Defining both is invalid.
-  oneof format {
-    string json = 5;
-    string text = 6;
-  }
-}
-
-enum LogSinkType {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  LOG_SINK_TYPE_DEFAULT = 0;
-  LOG_SINK_TYPE_FILE = 1;
-  LOG_SINK_TYPE_STDERR = 2;
-  LOG_SINK_TYPE_STDOUT = 3;
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.binary.go
deleted file mode 100644
index 84ba62db4083..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.binary.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/pbproxystate/address.proto
-
-package pbproxystate
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HostPortAddress) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HostPortAddress) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *UnixSocketAddress) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *UnixSocketAddress) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
deleted file mode 100644
index 0afb768f4aa4..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/address.pb.go
+++ /dev/null
@@ -1,254 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/pbproxystate/address.proto
-
-package pbproxystate
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type HostPortAddress struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
-	Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
-}
-
-func (x *HostPortAddress) Reset() {
-	*x = HostPortAddress{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HostPortAddress) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HostPortAddress) ProtoMessage() {}
-
-func (x *HostPortAddress) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HostPortAddress.ProtoReflect.Descriptor instead.
-func (*HostPortAddress) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *HostPortAddress) GetHost() string {
-	if x != nil {
-		return x.Host
-	}
-	return ""
-}
-
-func (x *HostPortAddress) GetPort() uint32 {
-	if x != nil {
-		return x.Port
-	}
-	return 0
-}
-
-type UnixSocketAddress struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// path is the file system path at which to bind a Unix domain socket listener.
-	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
-	// mode is the Unix file mode for the socket file. It should be provided
-	// in the numeric notation, for example, "0600".
-	Mode string `protobuf:"bytes,2,opt,name=mode,proto3" json:"mode,omitempty"`
-}
-
-func (x *UnixSocketAddress) Reset() {
-	*x = UnixSocketAddress{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *UnixSocketAddress) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*UnixSocketAddress) ProtoMessage() {}
-
-func (x *UnixSocketAddress) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use UnixSocketAddress.ProtoReflect.Descriptor instead.
-func (*UnixSocketAddress) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *UnixSocketAddress) GetPath() string {
-	if x != nil {
-		return x.Path
-	}
-	return ""
-}
-
-func (x *UnixSocketAddress) GetMode() string {
-	if x != nil {
-		return x.Mode
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_pbproxystate_address_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDesc = []byte{
-	0x0a, 0x2a, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x61,
-	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x39, 0x0a, 0x0f, 0x48, 0x6f, 0x73,
-	0x74, 0x50, 0x6f, 0x72, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04,
-	0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74,
-	0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04,
-	0x70, 0x6f, 0x72, 0x74, 0x22, 0x3b, 0x0a, 0x11, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b,
-	0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74,
-	0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a,
-	0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6d, 0x6f, 0x64,
-	0x65, 0x42, 0xd8, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0c, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72,
-	0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
-	0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f,
-	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48,
-	0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47,
-	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a,
-	0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a,
-	0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
-var file_pbmesh_v1alpha1_pbproxystate_address_proto_goTypes = []interface{}{
-	(*HostPortAddress)(nil),   // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.HostPortAddress
-	(*UnixSocketAddress)(nil), // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.UnixSocketAddress
-}
-var file_pbmesh_v1alpha1_pbproxystate_address_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_pbproxystate_address_proto_init() }
-func file_pbmesh_v1alpha1_pbproxystate_address_proto_init() {
-	if File_pbmesh_v1alpha1_pbproxystate_address_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HostPortAddress); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UnixSocketAddress); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   2,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_address_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_address_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_address_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_pbproxystate_address_proto = out.File
-	file_pbmesh_v1alpha1_pbproxystate_address_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_pbproxystate_address_proto_goTypes = nil
-	file_pbmesh_v1alpha1_pbproxystate_address_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
deleted file mode 100644
index 2d08199a0ecc..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/address.proto
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1.pbproxystate;
-
-message HostPortAddress {
-  string host = 1;
-  uint32 port = 2;
-}
-
-message UnixSocketAddress {
-  // path is the file system path at which to bind a Unix domain socket listener.
-  string path = 1;
-
-  // mode is the Unix file mode for the socket file. It should be provided
-  // in the numeric notation, for example, "0600".
-  string mode = 2;
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.binary.go
deleted file mode 100644
index 54087655a2c8..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.binary.go
+++ /dev/null
@@ -1,258 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/pbproxystate/cluster.proto
-
-package pbproxystate
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *Cluster) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *Cluster) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *FailoverGroup) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *FailoverGroup) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *FailoverGroupConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *FailoverGroupConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *EndpointGroup) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *EndpointGroup) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *DynamicEndpointGroup) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *DynamicEndpointGroup) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *PassthroughEndpointGroup) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *PassthroughEndpointGroup) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *DNSEndpointGroup) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *DNSEndpointGroup) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *StaticEndpointGroup) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *StaticEndpointGroup) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *L4WeightedClusterGroup) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *L4WeightedClusterGroup) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *L7WeightedClusterGroup) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *L7WeightedClusterGroup) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *L4WeightedDestinationCluster) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *L4WeightedDestinationCluster) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *L7WeightedDestinationCluster) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *L7WeightedDestinationCluster) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *DynamicEndpointGroupConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *DynamicEndpointGroupConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *LBPolicyLeastRequest) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *LBPolicyLeastRequest) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *LBPolicyRoundRobin) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *LBPolicyRoundRobin) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *LBPolicyRandom) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *LBPolicyRandom) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *LBPolicyRingHash) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *LBPolicyRingHash) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *LBPolicyMaglev) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *LBPolicyMaglev) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *CircuitBreakers) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *CircuitBreakers) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *UpstreamLimits) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *UpstreamLimits) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *OutlierDetection) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *OutlierDetection) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *UpstreamConnectionOptions) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *UpstreamConnectionOptions) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *PassthroughEndpointGroupConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *PassthroughEndpointGroupConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *DNSEndpointGroupConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *DNSEndpointGroupConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *StaticEndpointGroupConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *StaticEndpointGroupConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
deleted file mode 100644
index a641988f422a..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.pb.go
+++ /dev/null
@@ -1,2554 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/pbproxystate/cluster.proto
-
-package pbproxystate
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	durationpb "google.golang.org/protobuf/types/known/durationpb"
-	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type DiscoveryType int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	DiscoveryType_DISCOVERY_TYPE_LOGICAL DiscoveryType = 0
-	DiscoveryType_DISCOVERY_TYPE_STRICT  DiscoveryType = 1
-)
-
-// Enum value maps for DiscoveryType.
-var (
-	DiscoveryType_name = map[int32]string{
-		0: "DISCOVERY_TYPE_LOGICAL",
-		1: "DISCOVERY_TYPE_STRICT",
-	}
-	DiscoveryType_value = map[string]int32{
-		"DISCOVERY_TYPE_LOGICAL": 0,
-		"DISCOVERY_TYPE_STRICT":  1,
-	}
-)
-
-func (x DiscoveryType) Enum() *DiscoveryType {
-	p := new(DiscoveryType)
-	*p = x
-	return p
-}
-
-func (x DiscoveryType) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (DiscoveryType) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_enumTypes[0].Descriptor()
-}
-
-func (DiscoveryType) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_enumTypes[0]
-}
-
-func (x DiscoveryType) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use DiscoveryType.Descriptor instead.
-func (DiscoveryType) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{0}
-}
-
-type Cluster struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name is the name of the cluster.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// group is either a failover group or endpoint group. If this cluster needs to failover to other clusters, use the failover group. If this cluster routes directly to endpoints, use the endpoint group.
-	//
-	// Types that are assignable to Group:
-	//
-	//	*Cluster_FailoverGroup
-	//	*Cluster_EndpointGroup
-	Group isCluster_Group `protobuf_oneof:"group"`
-	// escape_hatch_cluster_json configures a user configured escape hatch cluster.
-	EscapeHatchClusterJson string `protobuf:"bytes,4,opt,name=escape_hatch_cluster_json,json=escapeHatchClusterJson,proto3" json:"escape_hatch_cluster_json,omitempty"`
-	// alt_stat_name is the name used for observability in place of cluster name if provided.
-	AltStatName string `protobuf:"bytes,5,opt,name=alt_stat_name,json=altStatName,proto3" json:"alt_stat_name,omitempty"`
-	// protocol is the local path protocol or the service protocol.
-	Protocol string `protobuf:"bytes,6,opt,name=protocol,proto3" json:"protocol,omitempty"`
-}
-
-func (x *Cluster) Reset() {
-	*x = Cluster{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Cluster) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Cluster) ProtoMessage() {}
-
-func (x *Cluster) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Cluster.ProtoReflect.Descriptor instead.
-func (*Cluster) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Cluster) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (m *Cluster) GetGroup() isCluster_Group {
-	if m != nil {
-		return m.Group
-	}
-	return nil
-}
-
-func (x *Cluster) GetFailoverGroup() *FailoverGroup {
-	if x, ok := x.GetGroup().(*Cluster_FailoverGroup); ok {
-		return x.FailoverGroup
-	}
-	return nil
-}
-
-func (x *Cluster) GetEndpointGroup() *EndpointGroup {
-	if x, ok := x.GetGroup().(*Cluster_EndpointGroup); ok {
-		return x.EndpointGroup
-	}
-	return nil
-}
-
-func (x *Cluster) GetEscapeHatchClusterJson() string {
-	if x != nil {
-		return x.EscapeHatchClusterJson
-	}
-	return ""
-}
-
-func (x *Cluster) GetAltStatName() string {
-	if x != nil {
-		return x.AltStatName
-	}
-	return ""
-}
-
-func (x *Cluster) GetProtocol() string {
-	if x != nil {
-		return x.Protocol
-	}
-	return ""
-}
-
-type isCluster_Group interface {
-	isCluster_Group()
-}
-
-type Cluster_FailoverGroup struct {
-	FailoverGroup *FailoverGroup `protobuf:"bytes,2,opt,name=failover_group,json=failoverGroup,proto3,oneof"`
-}
-
-type Cluster_EndpointGroup struct {
-	EndpointGroup *EndpointGroup `protobuf:"bytes,3,opt,name=endpoint_group,json=endpointGroup,proto3,oneof"`
-}
-
-func (*Cluster_FailoverGroup) isCluster_Group() {}
-
-func (*Cluster_EndpointGroup) isCluster_Group() {}
-
-type FailoverGroup struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// endpoint_groups is an ordered list of which groups to failover to.
-	EndpointGroups []*EndpointGroup     `protobuf:"bytes,1,rep,name=endpoint_groups,json=endpointGroups,proto3" json:"endpoint_groups,omitempty"`
-	Config         *FailoverGroupConfig `protobuf:"bytes,2,opt,name=config,proto3" json:"config,omitempty"`
-}
-
-func (x *FailoverGroup) Reset() {
-	*x = FailoverGroup{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FailoverGroup) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FailoverGroup) ProtoMessage() {}
-
-func (x *FailoverGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FailoverGroup.ProtoReflect.Descriptor instead.
-func (*FailoverGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *FailoverGroup) GetEndpointGroups() []*EndpointGroup {
-	if x != nil {
-		return x.EndpointGroups
-	}
-	return nil
-}
-
-func (x *FailoverGroup) GetConfig() *FailoverGroupConfig {
-	if x != nil {
-		return x.Config
-	}
-	return nil
-}
-
-type FailoverGroupConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	UseAltStatName bool                 `protobuf:"varint,1,opt,name=use_alt_stat_name,json=useAltStatName,proto3" json:"use_alt_stat_name,omitempty"`
-	ConnectTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
-}
-
-func (x *FailoverGroupConfig) Reset() {
-	*x = FailoverGroupConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FailoverGroupConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FailoverGroupConfig) ProtoMessage() {}
-
-func (x *FailoverGroupConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FailoverGroupConfig.ProtoReflect.Descriptor instead.
-func (*FailoverGroupConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *FailoverGroupConfig) GetUseAltStatName() bool {
-	if x != nil {
-		return x.UseAltStatName
-	}
-	return false
-}
-
-func (x *FailoverGroupConfig) GetConnectTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.ConnectTimeout
-	}
-	return nil
-}
-
-type EndpointGroup struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Types that are assignable to Group:
-	//
-	//	*EndpointGroup_Dynamic
-	//	*EndpointGroup_Static
-	//	*EndpointGroup_Dns
-	//	*EndpointGroup_Passthrough
-	Group isEndpointGroup_Group `protobuf_oneof:"group"`
-}
-
-func (x *EndpointGroup) Reset() {
-	*x = EndpointGroup{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *EndpointGroup) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*EndpointGroup) ProtoMessage() {}
-
-func (x *EndpointGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use EndpointGroup.ProtoReflect.Descriptor instead.
-func (*EndpointGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{3}
-}
-
-func (m *EndpointGroup) GetGroup() isEndpointGroup_Group {
-	if m != nil {
-		return m.Group
-	}
-	return nil
-}
-
-func (x *EndpointGroup) GetDynamic() *DynamicEndpointGroup {
-	if x, ok := x.GetGroup().(*EndpointGroup_Dynamic); ok {
-		return x.Dynamic
-	}
-	return nil
-}
-
-func (x *EndpointGroup) GetStatic() *StaticEndpointGroup {
-	if x, ok := x.GetGroup().(*EndpointGroup_Static); ok {
-		return x.Static
-	}
-	return nil
-}
-
-func (x *EndpointGroup) GetDns() *DNSEndpointGroup {
-	if x, ok := x.GetGroup().(*EndpointGroup_Dns); ok {
-		return x.Dns
-	}
-	return nil
-}
-
-func (x *EndpointGroup) GetPassthrough() *PassthroughEndpointGroup {
-	if x, ok := x.GetGroup().(*EndpointGroup_Passthrough); ok {
-		return x.Passthrough
-	}
-	return nil
-}
-
-type isEndpointGroup_Group interface {
-	isEndpointGroup_Group()
-}
-
-type EndpointGroup_Dynamic struct {
-	// dynamic endpoint group is used to reach mesh destinations that are dynamically configured from Consul's catalog.
-	Dynamic *DynamicEndpointGroup `protobuf:"bytes,1,opt,name=dynamic,proto3,oneof"`
-}
-
-type EndpointGroup_Static struct {
-	// static endpoint group is used to reach local app ports.
-	Static *StaticEndpointGroup `protobuf:"bytes,2,opt,name=static,proto3,oneof"`
-}
-
-type EndpointGroup_Dns struct {
-	// dns is used to reach mesh and non-mesh destinations using a hostname.
-	Dns *DNSEndpointGroup `protobuf:"bytes,3,opt,name=dns,proto3,oneof"`
-}
-
-type EndpointGroup_Passthrough struct {
-	// passthrough is used to reach destinations that don't have endpoints saved in Consul.
-	Passthrough *PassthroughEndpointGroup `protobuf:"bytes,4,opt,name=passthrough,proto3,oneof"`
-}
-
-func (*EndpointGroup_Dynamic) isEndpointGroup_Group() {}
-
-func (*EndpointGroup_Static) isEndpointGroup_Group() {}
-
-func (*EndpointGroup_Dns) isEndpointGroup_Group() {}
-
-func (*EndpointGroup_Passthrough) isEndpointGroup_Group() {}
-
-type DynamicEndpointGroup struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// config configures how to connect to the endpoints.
-	Config *DynamicEndpointGroupConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
-	// outbound_tls will configure what TLS information to use when connecting to an upstream.
-	OutboundTls *TransportSocket `protobuf:"bytes,2,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
-}
-
-func (x *DynamicEndpointGroup) Reset() {
-	*x = DynamicEndpointGroup{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *DynamicEndpointGroup) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*DynamicEndpointGroup) ProtoMessage() {}
-
-func (x *DynamicEndpointGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use DynamicEndpointGroup.ProtoReflect.Descriptor instead.
-func (*DynamicEndpointGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *DynamicEndpointGroup) GetConfig() *DynamicEndpointGroupConfig {
-	if x != nil {
-		return x.Config
-	}
-	return nil
-}
-
-func (x *DynamicEndpointGroup) GetOutboundTls() *TransportSocket {
-	if x != nil {
-		return x.OutboundTls
-	}
-	return nil
-}
-
-type PassthroughEndpointGroup struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// config configures how to connect to the endpoints.
-	Config *PassthroughEndpointGroupConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
-	// outbound_tls will configure what TLS information to use when connecting to an upstream.
-	OutboundTls *TransportSocket `protobuf:"bytes,2,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
-}
-
-func (x *PassthroughEndpointGroup) Reset() {
-	*x = PassthroughEndpointGroup{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *PassthroughEndpointGroup) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*PassthroughEndpointGroup) ProtoMessage() {}
-
-func (x *PassthroughEndpointGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use PassthroughEndpointGroup.ProtoReflect.Descriptor instead.
-func (*PassthroughEndpointGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *PassthroughEndpointGroup) GetConfig() *PassthroughEndpointGroupConfig {
-	if x != nil {
-		return x.Config
-	}
-	return nil
-}
-
-func (x *PassthroughEndpointGroup) GetOutboundTls() *TransportSocket {
-	if x != nil {
-		return x.OutboundTls
-	}
-	return nil
-}
-
-type DNSEndpointGroup struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// config configures how to connect to the endpoints.
-	Config *DNSEndpointGroupConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
-	// outbound_tls will configure what TLS information to use when connecting to an upstream.
-	OutboundTls *TransportSocket `protobuf:"bytes,2,opt,name=outbound_tls,json=outboundTls,proto3" json:"outbound_tls,omitempty"`
-}
-
-func (x *DNSEndpointGroup) Reset() {
-	*x = DNSEndpointGroup{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *DNSEndpointGroup) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*DNSEndpointGroup) ProtoMessage() {}
-
-func (x *DNSEndpointGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use DNSEndpointGroup.ProtoReflect.Descriptor instead.
-func (*DNSEndpointGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *DNSEndpointGroup) GetConfig() *DNSEndpointGroupConfig {
-	if x != nil {
-		return x.Config
-	}
-	return nil
-}
-
-func (x *DNSEndpointGroup) GetOutboundTls() *TransportSocket {
-	if x != nil {
-		return x.OutboundTls
-	}
-	return nil
-}
-
-// StaticEndpointGroup is used to reach local app ports.
-type StaticEndpointGroup struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// config configures how to connect to the endpoints.
-	Config *StaticEndpointGroupConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
-}
-
-func (x *StaticEndpointGroup) Reset() {
-	*x = StaticEndpointGroup{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *StaticEndpointGroup) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*StaticEndpointGroup) ProtoMessage() {}
-
-func (x *StaticEndpointGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use StaticEndpointGroup.ProtoReflect.Descriptor instead.
-func (*StaticEndpointGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *StaticEndpointGroup) GetConfig() *StaticEndpointGroupConfig {
-	if x != nil {
-		return x.Config
-	}
-	return nil
-}
-
-type L4WeightedClusterGroup struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// clusters to route to by weight.
-	Clusters []*L4WeightedDestinationCluster `protobuf:"bytes,1,rep,name=clusters,proto3" json:"clusters,omitempty"`
-}
-
-func (x *L4WeightedClusterGroup) Reset() {
-	*x = L4WeightedClusterGroup{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L4WeightedClusterGroup) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L4WeightedClusterGroup) ProtoMessage() {}
-
-func (x *L4WeightedClusterGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L4WeightedClusterGroup.ProtoReflect.Descriptor instead.
-func (*L4WeightedClusterGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{8}
-}
-
-func (x *L4WeightedClusterGroup) GetClusters() []*L4WeightedDestinationCluster {
-	if x != nil {
-		return x.Clusters
-	}
-	return nil
-}
-
-type L7WeightedClusterGroup struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// clusters to route to by weight.
-	Clusters []*L7WeightedDestinationCluster `protobuf:"bytes,1,rep,name=clusters,proto3" json:"clusters,omitempty"`
-}
-
-func (x *L7WeightedClusterGroup) Reset() {
-	*x = L7WeightedClusterGroup{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[9]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L7WeightedClusterGroup) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L7WeightedClusterGroup) ProtoMessage() {}
-
-func (x *L7WeightedClusterGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[9]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L7WeightedClusterGroup.ProtoReflect.Descriptor instead.
-func (*L7WeightedClusterGroup) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{9}
-}
-
-func (x *L7WeightedClusterGroup) GetClusters() []*L7WeightedDestinationCluster {
-	if x != nil {
-		return x.Clusters
-	}
-	return nil
-}
-
-type L4WeightedDestinationCluster struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name is the name of the cluster. This will be used to look up a cluster in the clusters map.
-	Name   string                  `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Weight *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=weight,proto3" json:"weight,omitempty"`
-}
-
-func (x *L4WeightedDestinationCluster) Reset() {
-	*x = L4WeightedDestinationCluster{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[10]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L4WeightedDestinationCluster) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L4WeightedDestinationCluster) ProtoMessage() {}
-
-func (x *L4WeightedDestinationCluster) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[10]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L4WeightedDestinationCluster.ProtoReflect.Descriptor instead.
-func (*L4WeightedDestinationCluster) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{10}
-}
-
-func (x *L4WeightedDestinationCluster) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *L4WeightedDestinationCluster) GetWeight() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.Weight
-	}
-	return nil
-}
-
-type L7WeightedDestinationCluster struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name is the name of the cluster. This will be used to look up a cluster in the clusters map.
-	Name            string                  `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Weight          *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=weight,proto3" json:"weight,omitempty"`
-	HeaderMutations []*HeaderMutation       `protobuf:"bytes,3,rep,name=header_mutations,json=headerMutations,proto3" json:"header_mutations,omitempty"`
-}
-
-func (x *L7WeightedDestinationCluster) Reset() {
-	*x = L7WeightedDestinationCluster{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[11]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L7WeightedDestinationCluster) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L7WeightedDestinationCluster) ProtoMessage() {}
-
-func (x *L7WeightedDestinationCluster) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[11]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L7WeightedDestinationCluster.ProtoReflect.Descriptor instead.
-func (*L7WeightedDestinationCluster) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{11}
-}
-
-func (x *L7WeightedDestinationCluster) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *L7WeightedDestinationCluster) GetWeight() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.Weight
-	}
-	return nil
-}
-
-func (x *L7WeightedDestinationCluster) GetHeaderMutations() []*HeaderMutation {
-	if x != nil {
-		return x.HeaderMutations
-	}
-	return nil
-}
-
-type DynamicEndpointGroupConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ConnectTimeout        *durationpb.Duration `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
-	DisablePanicThreshold bool                 `protobuf:"varint,2,opt,name=disable_panic_threshold,json=disablePanicThreshold,proto3" json:"disable_panic_threshold,omitempty"`
-	// Types that are assignable to LbPolicy:
-	//
-	//	*DynamicEndpointGroupConfig_LeastRequest
-	//	*DynamicEndpointGroupConfig_RoundRobin
-	//	*DynamicEndpointGroupConfig_Random
-	//	*DynamicEndpointGroupConfig_RingHash
-	//	*DynamicEndpointGroupConfig_Maglev
-	LbPolicy                  isDynamicEndpointGroupConfig_LbPolicy `protobuf_oneof:"lb_policy"`
-	CircuitBreakers           *CircuitBreakers                      `protobuf:"bytes,8,opt,name=circuit_breakers,json=circuitBreakers,proto3" json:"circuit_breakers,omitempty"`
-	OutlierDetection          *OutlierDetection                     `protobuf:"bytes,9,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"`
-	UpstreamConnectionOptions *UpstreamConnectionOptions            `protobuf:"bytes,10,opt,name=upstream_connection_options,json=upstreamConnectionOptions,proto3" json:"upstream_connection_options,omitempty"`
-	UseAltStatName            bool                                  `protobuf:"varint,11,opt,name=use_alt_stat_name,json=useAltStatName,proto3" json:"use_alt_stat_name,omitempty"`
-}
-
-func (x *DynamicEndpointGroupConfig) Reset() {
-	*x = DynamicEndpointGroupConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[12]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *DynamicEndpointGroupConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*DynamicEndpointGroupConfig) ProtoMessage() {}
-
-func (x *DynamicEndpointGroupConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[12]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use DynamicEndpointGroupConfig.ProtoReflect.Descriptor instead.
-func (*DynamicEndpointGroupConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{12}
-}
-
-func (x *DynamicEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.ConnectTimeout
-	}
-	return nil
-}
-
-func (x *DynamicEndpointGroupConfig) GetDisablePanicThreshold() bool {
-	if x != nil {
-		return x.DisablePanicThreshold
-	}
-	return false
-}
-
-func (m *DynamicEndpointGroupConfig) GetLbPolicy() isDynamicEndpointGroupConfig_LbPolicy {
-	if m != nil {
-		return m.LbPolicy
-	}
-	return nil
-}
-
-func (x *DynamicEndpointGroupConfig) GetLeastRequest() *LBPolicyLeastRequest {
-	if x, ok := x.GetLbPolicy().(*DynamicEndpointGroupConfig_LeastRequest); ok {
-		return x.LeastRequest
-	}
-	return nil
-}
-
-func (x *DynamicEndpointGroupConfig) GetRoundRobin() *LBPolicyRoundRobin {
-	if x, ok := x.GetLbPolicy().(*DynamicEndpointGroupConfig_RoundRobin); ok {
-		return x.RoundRobin
-	}
-	return nil
-}
-
-func (x *DynamicEndpointGroupConfig) GetRandom() *LBPolicyRandom {
-	if x, ok := x.GetLbPolicy().(*DynamicEndpointGroupConfig_Random); ok {
-		return x.Random
-	}
-	return nil
-}
-
-func (x *DynamicEndpointGroupConfig) GetRingHash() *LBPolicyRingHash {
-	if x, ok := x.GetLbPolicy().(*DynamicEndpointGroupConfig_RingHash); ok {
-		return x.RingHash
-	}
-	return nil
-}
-
-func (x *DynamicEndpointGroupConfig) GetMaglev() *LBPolicyMaglev {
-	if x, ok := x.GetLbPolicy().(*DynamicEndpointGroupConfig_Maglev); ok {
-		return x.Maglev
-	}
-	return nil
-}
-
-func (x *DynamicEndpointGroupConfig) GetCircuitBreakers() *CircuitBreakers {
-	if x != nil {
-		return x.CircuitBreakers
-	}
-	return nil
-}
-
-func (x *DynamicEndpointGroupConfig) GetOutlierDetection() *OutlierDetection {
-	if x != nil {
-		return x.OutlierDetection
-	}
-	return nil
-}
-
-func (x *DynamicEndpointGroupConfig) GetUpstreamConnectionOptions() *UpstreamConnectionOptions {
-	if x != nil {
-		return x.UpstreamConnectionOptions
-	}
-	return nil
-}
-
-func (x *DynamicEndpointGroupConfig) GetUseAltStatName() bool {
-	if x != nil {
-		return x.UseAltStatName
-	}
-	return false
-}
-
-type isDynamicEndpointGroupConfig_LbPolicy interface {
-	isDynamicEndpointGroupConfig_LbPolicy()
-}
-
-type DynamicEndpointGroupConfig_LeastRequest struct {
-	LeastRequest *LBPolicyLeastRequest `protobuf:"bytes,3,opt,name=least_request,json=leastRequest,proto3,oneof"`
-}
-
-type DynamicEndpointGroupConfig_RoundRobin struct {
-	RoundRobin *LBPolicyRoundRobin `protobuf:"bytes,4,opt,name=round_robin,json=roundRobin,proto3,oneof"`
-}
-
-type DynamicEndpointGroupConfig_Random struct {
-	Random *LBPolicyRandom `protobuf:"bytes,5,opt,name=random,proto3,oneof"`
-}
-
-type DynamicEndpointGroupConfig_RingHash struct {
-	RingHash *LBPolicyRingHash `protobuf:"bytes,6,opt,name=ring_hash,json=ringHash,proto3,oneof"`
-}
-
-type DynamicEndpointGroupConfig_Maglev struct {
-	Maglev *LBPolicyMaglev `protobuf:"bytes,7,opt,name=maglev,proto3,oneof"`
-}
-
-func (*DynamicEndpointGroupConfig_LeastRequest) isDynamicEndpointGroupConfig_LbPolicy() {}
-
-func (*DynamicEndpointGroupConfig_RoundRobin) isDynamicEndpointGroupConfig_LbPolicy() {}
-
-func (*DynamicEndpointGroupConfig_Random) isDynamicEndpointGroupConfig_LbPolicy() {}
-
-func (*DynamicEndpointGroupConfig_RingHash) isDynamicEndpointGroupConfig_LbPolicy() {}
-
-func (*DynamicEndpointGroupConfig_Maglev) isDynamicEndpointGroupConfig_LbPolicy() {}
-
-type LBPolicyLeastRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ChoiceCount *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=choice_count,json=choiceCount,proto3" json:"choice_count,omitempty"`
-}
-
-func (x *LBPolicyLeastRequest) Reset() {
-	*x = LBPolicyLeastRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[13]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LBPolicyLeastRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LBPolicyLeastRequest) ProtoMessage() {}
-
-func (x *LBPolicyLeastRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[13]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LBPolicyLeastRequest.ProtoReflect.Descriptor instead.
-func (*LBPolicyLeastRequest) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{13}
-}
-
-func (x *LBPolicyLeastRequest) GetChoiceCount() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.ChoiceCount
-	}
-	return nil
-}
-
-type LBPolicyRoundRobin struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-}
-
-func (x *LBPolicyRoundRobin) Reset() {
-	*x = LBPolicyRoundRobin{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[14]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LBPolicyRoundRobin) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LBPolicyRoundRobin) ProtoMessage() {}
-
-func (x *LBPolicyRoundRobin) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[14]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LBPolicyRoundRobin.ProtoReflect.Descriptor instead.
-func (*LBPolicyRoundRobin) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{14}
-}
-
-type LBPolicyRandom struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-}
-
-func (x *LBPolicyRandom) Reset() {
-	*x = LBPolicyRandom{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[15]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LBPolicyRandom) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LBPolicyRandom) ProtoMessage() {}
-
-func (x *LBPolicyRandom) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[15]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LBPolicyRandom.ProtoReflect.Descriptor instead.
-func (*LBPolicyRandom) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{15}
-}
-
-type LBPolicyRingHash struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	MinimumRingSize *wrapperspb.UInt64Value `protobuf:"bytes,1,opt,name=minimum_ring_size,json=minimumRingSize,proto3" json:"minimum_ring_size,omitempty"`
-	MaximumRingSize *wrapperspb.UInt64Value `protobuf:"bytes,2,opt,name=maximum_ring_size,json=maximumRingSize,proto3" json:"maximum_ring_size,omitempty"`
-}
-
-func (x *LBPolicyRingHash) Reset() {
-	*x = LBPolicyRingHash{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[16]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LBPolicyRingHash) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LBPolicyRingHash) ProtoMessage() {}
-
-func (x *LBPolicyRingHash) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[16]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LBPolicyRingHash.ProtoReflect.Descriptor instead.
-func (*LBPolicyRingHash) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{16}
-}
-
-func (x *LBPolicyRingHash) GetMinimumRingSize() *wrapperspb.UInt64Value {
-	if x != nil {
-		return x.MinimumRingSize
-	}
-	return nil
-}
-
-func (x *LBPolicyRingHash) GetMaximumRingSize() *wrapperspb.UInt64Value {
-	if x != nil {
-		return x.MaximumRingSize
-	}
-	return nil
-}
-
-type LBPolicyMaglev struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-}
-
-func (x *LBPolicyMaglev) Reset() {
-	*x = LBPolicyMaglev{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[17]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LBPolicyMaglev) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LBPolicyMaglev) ProtoMessage() {}
-
-func (x *LBPolicyMaglev) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[17]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LBPolicyMaglev.ProtoReflect.Descriptor instead.
-func (*LBPolicyMaglev) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{17}
-}
-
-type CircuitBreakers struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	UpstreamLimits *UpstreamLimits `protobuf:"bytes,1,opt,name=upstream_limits,json=upstreamLimits,proto3" json:"upstream_limits,omitempty"`
-}
-
-func (x *CircuitBreakers) Reset() {
-	*x = CircuitBreakers{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[18]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CircuitBreakers) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CircuitBreakers) ProtoMessage() {}
-
-func (x *CircuitBreakers) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[18]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CircuitBreakers.ProtoReflect.Descriptor instead.
-func (*CircuitBreakers) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{18}
-}
-
-func (x *CircuitBreakers) GetUpstreamLimits() *UpstreamLimits {
-	if x != nil {
-		return x.UpstreamLimits
-	}
-	return nil
-}
-
-type UpstreamLimits struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	MaxConnections        *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"`
-	MaxPendingRequests    *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=max_pending_requests,json=maxPendingRequests,proto3" json:"max_pending_requests,omitempty"`
-	MaxConcurrentRequests *wrapperspb.UInt32Value `protobuf:"bytes,3,opt,name=max_concurrent_requests,json=maxConcurrentRequests,proto3" json:"max_concurrent_requests,omitempty"`
-}
-
-func (x *UpstreamLimits) Reset() {
-	*x = UpstreamLimits{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[19]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *UpstreamLimits) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*UpstreamLimits) ProtoMessage() {}
-
-func (x *UpstreamLimits) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[19]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use UpstreamLimits.ProtoReflect.Descriptor instead.
-func (*UpstreamLimits) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{19}
-}
-
-func (x *UpstreamLimits) GetMaxConnections() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.MaxConnections
-	}
-	return nil
-}
-
-func (x *UpstreamLimits) GetMaxPendingRequests() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.MaxPendingRequests
-	}
-	return nil
-}
-
-func (x *UpstreamLimits) GetMaxConcurrentRequests() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.MaxConcurrentRequests
-	}
-	return nil
-}
-
-type OutlierDetection struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Interval                 *durationpb.Duration    `protobuf:"bytes,1,opt,name=interval,proto3" json:"interval,omitempty"`
-	Consecutive_5Xx          *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=consecutive_5xx,json=consecutive5xx,proto3" json:"consecutive_5xx,omitempty"`
-	EnforcingConsecutive_5Xx *wrapperspb.UInt32Value `protobuf:"bytes,3,opt,name=enforcing_consecutive_5xx,json=enforcingConsecutive5xx,proto3" json:"enforcing_consecutive_5xx,omitempty"`
-	MaxEjectionPercent       *wrapperspb.UInt32Value `protobuf:"bytes,4,opt,name=max_ejection_percent,json=maxEjectionPercent,proto3" json:"max_ejection_percent,omitempty"`
-	BaseEjectionTime         *durationpb.Duration    `protobuf:"bytes,5,opt,name=base_ejection_time,json=baseEjectionTime,proto3" json:"base_ejection_time,omitempty"`
-}
-
-func (x *OutlierDetection) Reset() {
-	*x = OutlierDetection{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[20]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *OutlierDetection) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*OutlierDetection) ProtoMessage() {}
-
-func (x *OutlierDetection) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[20]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use OutlierDetection.ProtoReflect.Descriptor instead.
-func (*OutlierDetection) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{20}
-}
-
-func (x *OutlierDetection) GetInterval() *durationpb.Duration {
-	if x != nil {
-		return x.Interval
-	}
-	return nil
-}
-
-func (x *OutlierDetection) GetConsecutive_5Xx() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.Consecutive_5Xx
-	}
-	return nil
-}
-
-func (x *OutlierDetection) GetEnforcingConsecutive_5Xx() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.EnforcingConsecutive_5Xx
-	}
-	return nil
-}
-
-func (x *OutlierDetection) GetMaxEjectionPercent() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.MaxEjectionPercent
-	}
-	return nil
-}
-
-func (x *OutlierDetection) GetBaseEjectionTime() *durationpb.Duration {
-	if x != nil {
-		return x.BaseEjectionTime
-	}
-	return nil
-}
-
-type UpstreamConnectionOptions struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	TcpKeepaliveTime     *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=tcp_keepalive_time,json=tcpKeepaliveTime,proto3" json:"tcp_keepalive_time,omitempty"`
-	TcpKeepaliveInterval *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=tcp_keepalive_interval,json=tcpKeepaliveInterval,proto3" json:"tcp_keepalive_interval,omitempty"`
-	TcpKeepaliveProbes   *wrapperspb.UInt32Value `protobuf:"bytes,3,opt,name=tcp_keepalive_probes,json=tcpKeepaliveProbes,proto3" json:"tcp_keepalive_probes,omitempty"`
-}
-
-func (x *UpstreamConnectionOptions) Reset() {
-	*x = UpstreamConnectionOptions{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[21]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *UpstreamConnectionOptions) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*UpstreamConnectionOptions) ProtoMessage() {}
-
-func (x *UpstreamConnectionOptions) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[21]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use UpstreamConnectionOptions.ProtoReflect.Descriptor instead.
-func (*UpstreamConnectionOptions) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{21}
-}
-
-func (x *UpstreamConnectionOptions) GetTcpKeepaliveTime() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.TcpKeepaliveTime
-	}
-	return nil
-}
-
-func (x *UpstreamConnectionOptions) GetTcpKeepaliveInterval() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.TcpKeepaliveInterval
-	}
-	return nil
-}
-
-func (x *UpstreamConnectionOptions) GetTcpKeepaliveProbes() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.TcpKeepaliveProbes
-	}
-	return nil
-}
-
-type PassthroughEndpointGroupConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ConnectTimeout *durationpb.Duration `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
-}
-
-func (x *PassthroughEndpointGroupConfig) Reset() {
-	*x = PassthroughEndpointGroupConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[22]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *PassthroughEndpointGroupConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*PassthroughEndpointGroupConfig) ProtoMessage() {}
-
-func (x *PassthroughEndpointGroupConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[22]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use PassthroughEndpointGroupConfig.ProtoReflect.Descriptor instead.
-func (*PassthroughEndpointGroupConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{22}
-}
-
-func (x *PassthroughEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.ConnectTimeout
-	}
-	return nil
-}
-
-type DNSEndpointGroupConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ConnectTimeout            *durationpb.Duration       `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
-	DisablePanicThreshold     bool                       `protobuf:"varint,2,opt,name=disable_panic_threshold,json=disablePanicThreshold,proto3" json:"disable_panic_threshold,omitempty"`
-	DiscoveryType             DiscoveryType              `protobuf:"varint,3,opt,name=discovery_type,json=discoveryType,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.DiscoveryType" json:"discovery_type,omitempty"`
-	CircuitBreakers           *CircuitBreakers           `protobuf:"bytes,4,opt,name=circuit_breakers,json=circuitBreakers,proto3" json:"circuit_breakers,omitempty"`
-	OutlierDetection          *OutlierDetection          `protobuf:"bytes,5,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"`
-	UpstreamConnectionOptions *UpstreamConnectionOptions `protobuf:"bytes,6,opt,name=upstream_connection_options,json=upstreamConnectionOptions,proto3" json:"upstream_connection_options,omitempty"`
-	UseAltStatName            bool                       `protobuf:"varint,7,opt,name=use_alt_stat_name,json=useAltStatName,proto3" json:"use_alt_stat_name,omitempty"`
-}
-
-func (x *DNSEndpointGroupConfig) Reset() {
-	*x = DNSEndpointGroupConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[23]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *DNSEndpointGroupConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*DNSEndpointGroupConfig) ProtoMessage() {}
-
-func (x *DNSEndpointGroupConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[23]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use DNSEndpointGroupConfig.ProtoReflect.Descriptor instead.
-func (*DNSEndpointGroupConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{23}
-}
-
-func (x *DNSEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.ConnectTimeout
-	}
-	return nil
-}
-
-func (x *DNSEndpointGroupConfig) GetDisablePanicThreshold() bool {
-	if x != nil {
-		return x.DisablePanicThreshold
-	}
-	return false
-}
-
-func (x *DNSEndpointGroupConfig) GetDiscoveryType() DiscoveryType {
-	if x != nil {
-		return x.DiscoveryType
-	}
-	return DiscoveryType_DISCOVERY_TYPE_LOGICAL
-}
-
-func (x *DNSEndpointGroupConfig) GetCircuitBreakers() *CircuitBreakers {
-	if x != nil {
-		return x.CircuitBreakers
-	}
-	return nil
-}
-
-func (x *DNSEndpointGroupConfig) GetOutlierDetection() *OutlierDetection {
-	if x != nil {
-		return x.OutlierDetection
-	}
-	return nil
-}
-
-func (x *DNSEndpointGroupConfig) GetUpstreamConnectionOptions() *UpstreamConnectionOptions {
-	if x != nil {
-		return x.UpstreamConnectionOptions
-	}
-	return nil
-}
-
-func (x *DNSEndpointGroupConfig) GetUseAltStatName() bool {
-	if x != nil {
-		return x.UseAltStatName
-	}
-	return false
-}
-
-type StaticEndpointGroupConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ConnectTimeout  *durationpb.Duration `protobuf:"bytes,1,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
-	CircuitBreakers *CircuitBreakers     `protobuf:"bytes,2,opt,name=circuit_breakers,json=circuitBreakers,proto3" json:"circuit_breakers,omitempty"`
-}
-
-func (x *StaticEndpointGroupConfig) Reset() {
-	*x = StaticEndpointGroupConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[24]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *StaticEndpointGroupConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*StaticEndpointGroupConfig) ProtoMessage() {}
-
-func (x *StaticEndpointGroupConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[24]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use StaticEndpointGroupConfig.ProtoReflect.Descriptor instead.
-func (*StaticEndpointGroupConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP(), []int{24}
-}
-
-func (x *StaticEndpointGroupConfig) GetConnectTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.ConnectTimeout
-	}
-	return nil
-}
-
-func (x *StaticEndpointGroupConfig) GetCircuitBreakers() *CircuitBreakers {
-	if x != nil {
-		return x.CircuitBreakers
-	}
-	return nil
-}
-
-var File_pbmesh_v1alpha1_pbproxystate_cluster_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDesc = []byte{
-	0x0a, 0x2a, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x63,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70,
-	0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73,
-	0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d,
-	0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x33,
-	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x74, 0x72, 0x61,
-	0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x22, 0xeb, 0x02, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12,
-	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x63, 0x0a, 0x0e, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f,
-	0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76,
-	0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d, 0x66, 0x61, 0x69, 0x6c, 0x6f,
-	0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x63, 0x0a, 0x0e, 0x65, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d,
-	0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x39, 0x0a,
-	0x19, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x63, 0x6c,
-	0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x16, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6c, 0x75,
-	0x73, 0x74, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0d, 0x61, 0x6c, 0x74, 0x5f,
-	0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0b, 0x61, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75,
-	0x70, 0x22, 0xce, 0x01, 0x0a, 0x0d, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72,
-	0x6f, 0x75, 0x70, 0x12, 0x63, 0x0a, 0x0f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f,
-	0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69,
-	0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x58, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47,
-	0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x22, 0x84, 0x01, 0x0a, 0x13, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47,
-	0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73,
-	0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61,
-	0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x91, 0x03, 0x0a, 0x0d, 0x45, 0x6e,
-	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5d, 0x0a, 0x07, 0x64,
-	0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d,
-	0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48,
-	0x00, 0x52, 0x07, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x12, 0x5a, 0x0a, 0x06, 0x73, 0x74,
-	0x61, 0x74, 0x69, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x06,
-	0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x12, 0x51, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f,
-	0x75, 0x70, 0x48, 0x00, 0x52, 0x03, 0x64, 0x6e, 0x73, 0x12, 0x69, 0x0a, 0x0b, 0x70, 0x61, 0x73,
-	0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x73,
-	0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72,
-	0x6f, 0x75, 0x67, 0x68, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xd8, 0x01,
-	0x0a, 0x14, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e,
-	0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5f, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x47, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
-	0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f,
-	0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e,
-	0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0xe0, 0x01, 0x0a, 0x18, 0x50, 0x61, 0x73,
-	0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x63, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a, 0x0c, 0x6f, 0x75,
-	0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54,
-	0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b,
-	0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0xd0, 0x01, 0x0a, 0x10,
-	0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70,
-	0x12, 0x5b, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44,
-	0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5f, 0x0a,
-	0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65,
-	0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0x75,
-	0x0a, 0x13, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5e, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69,
-	0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x7f, 0x0a, 0x16, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68,
-	0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12,
-	0x65, 0x0a, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x49, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
-	0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c,
-	0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x22, 0x7f, 0x0a, 0x16, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67,
-	0x68, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70,
-	0x12, 0x65, 0x0a, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x49, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69,
-	0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x22, 0x68, 0x0a, 0x1c, 0x4c, 0x34, 0x57, 0x65, 0x69,
-	0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77,
-	0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49,
-	0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68,
-	0x74, 0x22, 0xd0, 0x01, 0x0a, 0x1c, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64,
-	0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74,
-	0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x66, 0x0a, 0x10,
-	0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x22, 0x88, 0x08, 0x0a, 0x1a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63,
-	0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74,
-	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61, 0x62,
-	0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f,
-	0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c,
-	0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12,
-	0x68, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61,
-	0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x6c, 0x65, 0x61,
-	0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x62, 0x0a, 0x0b, 0x72, 0x6f, 0x75,
-	0x6e, 0x64, 0x5f, 0x72, 0x6f, 0x62, 0x69, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x48,
-	0x00, 0x52, 0x0a, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x12, 0x55, 0x0a,
-	0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x48, 0x00, 0x52, 0x06, 0x72, 0x61,
-	0x6e, 0x64, 0x6f, 0x6d, 0x12, 0x5c, 0x0a, 0x09, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73,
-	0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69,
-	0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x48, 0x00, 0x52, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61,
-	0x73, 0x68, 0x12, 0x55, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, 0x07, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x48,
-	0x00, 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, 0x67, 0x0a, 0x10, 0x63, 0x69, 0x72,
-	0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x08, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72,
-	0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65,
-	0x72, 0x73, 0x12, 0x6a, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65,
-	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x6c,
-	0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75,
-	0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x86,
-	0x01, 0x0a, 0x1b, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0a,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61,
-	0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61,
-	0x6d, 0x65, 0x42, 0x0b, 0x0a, 0x09, 0x6c, 0x62, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22,
-	0x57, 0x0a, 0x14, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, 0x73, 0x74,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x0c, 0x63, 0x68, 0x6f, 0x69, 0x63,
-	0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x63, 0x68, 0x6f,
-	0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x14, 0x0a, 0x12, 0x4c, 0x42, 0x50, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x22, 0x10,
-	0x0a, 0x0e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d,
-	0x22, 0xa6, 0x01, 0x0a, 0x10, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e,
-	0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x48, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d,
-	0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f,
-	0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x12,
-	0x48, 0x0a, 0x11, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f,
-	0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e,
-	0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75,
-	0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x22, 0x77, 0x0a, 0x0f, 0x43,
-	0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x64,
-	0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74,
-	0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69,
-	0x6d, 0x69, 0x74, 0x73, 0x52, 0x0e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69,
-	0x6d, 0x69, 0x74, 0x73, 0x22, 0xfd, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
-	0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x45, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e,
-	0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4e,
-	0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55,
-	0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50,
-	0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x54,
-	0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74,
-	0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x6d,
-	0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x73, 0x22, 0x83, 0x03, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72,
-	0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c,
-	0x12, 0x45, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f,
-	0x35, 0x78, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74,
-	0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75,
-	0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x12, 0x58, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, 0x72,
-	0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65,
-	0x5f, 0x35, 0x78, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e,
-	0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63,
-	0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78,
-	0x78, 0x12, 0x4e, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d,
-	0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e,
-	0x74, 0x12, 0x47, 0x0a, 0x12, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x8b, 0x02, 0x0a, 0x19, 0x55,
-	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4a, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f,
-	0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x52, 0x10, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65,
-	0x54, 0x69, 0x6d, 0x65, 0x12, 0x52, 0x0a, 0x16, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70,
-	0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x52, 0x14, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65,
-	0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x4e, 0x0a, 0x14, 0x74, 0x63, 0x70, 0x5f,
-	0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69,
-	0x76, 0x65, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x1e, 0x50, 0x61, 0x73, 0x73,
-	0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47,
-	0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e,
-	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x80,
-	0x05, 0x0a, 0x16, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72,
-	0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a,
-	0x17, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74,
-	0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15,
-	0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, 0x65,
-	0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x61, 0x0a, 0x0e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
-	0x72, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x69, 0x73, 0x63,
-	0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0d, 0x64, 0x69, 0x73, 0x63, 0x6f,
-	0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x67, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63,
-	0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73,
-	0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72,
-	0x73, 0x12, 0x6a, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69,
-	0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74,
-	0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x86, 0x01,
-	0x0a, 0x1b, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70, 0x73,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c,
-	0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d,
-	0x65, 0x22, 0xc8, 0x01, 0x0a, 0x19, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
-	0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f,
-	0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65,
-	0x6f, 0x75, 0x74, 0x12, 0x67, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x5f, 0x62,
-	0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x72, 0x63,
-	0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72,
-	0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x2a, 0x46, 0x0a, 0x0d,
-	0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a,
-	0x16, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x45, 0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x4c, 0x4f, 0x47, 0x49, 0x43, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x53,
-	0x43, 0x4f, 0x56, 0x45, 0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49,
-	0x43, 0x54, 0x10, 0x01, 0x42, 0xd8, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65,
-	0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c,
-	0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2,
-	0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f,
-	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62,
-	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes = make([]protoimpl.MessageInfo, 25)
-var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_goTypes = []interface{}{
-	(DiscoveryType)(0),                     // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.DiscoveryType
-	(*Cluster)(nil),                        // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.Cluster
-	(*FailoverGroup)(nil),                  // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroup
-	(*FailoverGroupConfig)(nil),            // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroupConfig
-	(*EndpointGroup)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup
-	(*DynamicEndpointGroup)(nil),           // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroup
-	(*PassthroughEndpointGroup)(nil),       // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroup
-	(*DNSEndpointGroup)(nil),               // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroup
-	(*StaticEndpointGroup)(nil),            // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroup
-	(*L4WeightedClusterGroup)(nil),         // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4WeightedClusterGroup
-	(*L7WeightedClusterGroup)(nil),         // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedClusterGroup
-	(*L4WeightedDestinationCluster)(nil),   // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4WeightedDestinationCluster
-	(*L7WeightedDestinationCluster)(nil),   // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedDestinationCluster
-	(*DynamicEndpointGroupConfig)(nil),     // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig
-	(*LBPolicyLeastRequest)(nil),           // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyLeastRequest
-	(*LBPolicyRoundRobin)(nil),             // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRoundRobin
-	(*LBPolicyRandom)(nil),                 // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRandom
-	(*LBPolicyRingHash)(nil),               // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRingHash
-	(*LBPolicyMaglev)(nil),                 // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyMaglev
-	(*CircuitBreakers)(nil),                // 19: hashicorp.consul.mesh.v1alpha1.pbproxystate.CircuitBreakers
-	(*UpstreamLimits)(nil),                 // 20: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamLimits
-	(*OutlierDetection)(nil),               // 21: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection
-	(*UpstreamConnectionOptions)(nil),      // 22: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions
-	(*PassthroughEndpointGroupConfig)(nil), // 23: hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroupConfig
-	(*DNSEndpointGroupConfig)(nil),         // 24: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig
-	(*StaticEndpointGroupConfig)(nil),      // 25: hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroupConfig
-	(*durationpb.Duration)(nil),            // 26: google.protobuf.Duration
-	(*TransportSocket)(nil),                // 27: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
-	(*wrapperspb.UInt32Value)(nil),         // 28: google.protobuf.UInt32Value
-	(*HeaderMutation)(nil),                 // 29: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
-	(*wrapperspb.UInt64Value)(nil),         // 30: google.protobuf.UInt64Value
-}
-var file_pbmesh_v1alpha1_pbproxystate_cluster_proto_depIdxs = []int32{
-	2,  // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Cluster.failover_group:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroup
-	4,  // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.Cluster.endpoint_group:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup
-	4,  // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroup.endpoint_groups:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup
-	3,  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroupConfig
-	26, // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.FailoverGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
-	5,  // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup.dynamic:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroup
-	8,  // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup.static:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroup
-	7,  // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup.dns:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroup
-	6,  // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointGroup.passthrough:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroup
-	13, // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig
-	27, // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
-	23, // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroupConfig
-	27, // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
-	24, // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig
-	27, // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
-	25, // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroup.config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroupConfig
-	11, // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L4WeightedDestinationCluster
-	12, // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedDestinationCluster
-	28, // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value
-	28, // 19: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value
-	29, // 20: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedDestinationCluster.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
-	26, // 21: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
-	14, // 22: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.least_request:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyLeastRequest
-	15, // 23: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.round_robin:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRoundRobin
-	16, // 24: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.random:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRandom
-	17, // 25: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.ring_hash:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRingHash
-	18, // 26: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.maglev:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyMaglev
-	19, // 27: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CircuitBreakers
-	21, // 28: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection
-	22, // 29: hashicorp.consul.mesh.v1alpha1.pbproxystate.DynamicEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions
-	28, // 30: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyLeastRequest.choice_count:type_name -> google.protobuf.UInt32Value
-	30, // 31: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRingHash.minimum_ring_size:type_name -> google.protobuf.UInt64Value
-	30, // 32: hashicorp.consul.mesh.v1alpha1.pbproxystate.LBPolicyRingHash.maximum_ring_size:type_name -> google.protobuf.UInt64Value
-	20, // 33: hashicorp.consul.mesh.v1alpha1.pbproxystate.CircuitBreakers.upstream_limits:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamLimits
-	28, // 34: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamLimits.max_connections:type_name -> google.protobuf.UInt32Value
-	28, // 35: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamLimits.max_pending_requests:type_name -> google.protobuf.UInt32Value
-	28, // 36: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamLimits.max_concurrent_requests:type_name -> google.protobuf.UInt32Value
-	26, // 37: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection.interval:type_name -> google.protobuf.Duration
-	28, // 38: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection.consecutive_5xx:type_name -> google.protobuf.UInt32Value
-	28, // 39: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection.enforcing_consecutive_5xx:type_name -> google.protobuf.UInt32Value
-	28, // 40: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection.max_ejection_percent:type_name -> google.protobuf.UInt32Value
-	26, // 41: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration
-	28, // 42: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_time:type_name -> google.protobuf.UInt32Value
-	28, // 43: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_interval:type_name -> google.protobuf.UInt32Value
-	28, // 44: hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_probes:type_name -> google.protobuf.UInt32Value
-	26, // 45: hashicorp.consul.mesh.v1alpha1.pbproxystate.PassthroughEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
-	26, // 46: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
-	0,  // 47: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig.discovery_type:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DiscoveryType
-	19, // 48: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CircuitBreakers
-	21, // 49: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.OutlierDetection
-	22, // 50: hashicorp.consul.mesh.v1alpha1.pbproxystate.DNSEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.UpstreamConnectionOptions
-	26, // 51: hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration
-	19, // 52: hashicorp.consul.mesh.v1alpha1.pbproxystate.StaticEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CircuitBreakers
-	53, // [53:53] is the sub-list for method output_type
-	53, // [53:53] is the sub-list for method input_type
-	53, // [53:53] is the sub-list for extension type_name
-	53, // [53:53] is the sub-list for extension extendee
-	0,  // [0:53] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_pbproxystate_cluster_proto_init() }
-func file_pbmesh_v1alpha1_pbproxystate_cluster_proto_init() {
-	if File_pbmesh_v1alpha1_pbproxystate_cluster_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_init()
-	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Cluster); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FailoverGroup); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FailoverGroupConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EndpointGroup); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DynamicEndpointGroup); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PassthroughEndpointGroup); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DNSEndpointGroup); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*StaticEndpointGroup); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L4WeightedClusterGroup); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L7WeightedClusterGroup); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L4WeightedDestinationCluster); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L7WeightedDestinationCluster); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DynamicEndpointGroupConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LBPolicyLeastRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LBPolicyRoundRobin); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LBPolicyRandom); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LBPolicyRingHash); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LBPolicyMaglev); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CircuitBreakers); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpstreamLimits); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*OutlierDetection); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpstreamConnectionOptions); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PassthroughEndpointGroupConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DNSEndpointGroupConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*StaticEndpointGroupConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[0].OneofWrappers = []interface{}{
-		(*Cluster_FailoverGroup)(nil),
-		(*Cluster_EndpointGroup)(nil),
-	}
-	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[3].OneofWrappers = []interface{}{
-		(*EndpointGroup_Dynamic)(nil),
-		(*EndpointGroup_Static)(nil),
-		(*EndpointGroup_Dns)(nil),
-		(*EndpointGroup_Passthrough)(nil),
-	}
-	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes[12].OneofWrappers = []interface{}{
-		(*DynamicEndpointGroupConfig_LeastRequest)(nil),
-		(*DynamicEndpointGroupConfig_RoundRobin)(nil),
-		(*DynamicEndpointGroupConfig_Random)(nil),
-		(*DynamicEndpointGroupConfig_RingHash)(nil),
-		(*DynamicEndpointGroupConfig_Maglev)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   25,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_cluster_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_cluster_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_cluster_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_cluster_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_pbproxystate_cluster_proto = out.File
-	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_goTypes = nil
-	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
deleted file mode 100644
index 802e873401e8..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/cluster.proto
+++ /dev/null
@@ -1,180 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1.pbproxystate;
-
-import "google/protobuf/duration.proto";
-import "google/protobuf/wrappers.proto";
-import "pbmesh/v1alpha1/pbproxystate/header_mutations.proto";
-import "pbmesh/v1alpha1/pbproxystate/transport_socket.proto";
-
-message Cluster {
-  // name is the name of the cluster.
-  string name = 1;
-  // group is either a failover group or endpoint group. If this cluster needs to failover to other clusters, use the failover group. If this cluster routes directly to endpoints, use the endpoint group.
-  oneof group {
-    FailoverGroup failover_group = 2;
-    EndpointGroup endpoint_group = 3;
-  }
-  // escape_hatch_cluster_json configures a user configured escape hatch cluster.
-  string escape_hatch_cluster_json = 4;
-  // alt_stat_name is the name used for observability in place of cluster name if provided.
-  string alt_stat_name = 5;
-  // protocol is the local path protocol or the service protocol.
-  string protocol = 6;
-}
-
-message FailoverGroup {
-  // endpoint_groups is an ordered list of which groups to failover to.
-  repeated EndpointGroup endpoint_groups = 1;
-  FailoverGroupConfig config = 2;
-}
-
-message FailoverGroupConfig {
-  bool use_alt_stat_name = 1;
-  google.protobuf.Duration connect_timeout = 2;
-}
-
-message EndpointGroup {
-  oneof group {
-    // dynamic endpoint group is used to reach mesh destinations that are dynamically configured from Consul's catalog.
-    DynamicEndpointGroup dynamic = 1;
-    // static endpoint group is used to reach local app ports.
-    StaticEndpointGroup static = 2;
-    // dns is used to reach mesh and non-mesh destinations using a hostname.
-    DNSEndpointGroup dns = 3;
-    // passthrough is used to reach destinations that don't have endpoints saved in Consul.
-    PassthroughEndpointGroup passthrough = 4;
-  }
-}
-
-message DynamicEndpointGroup {
-  // config configures how to connect to the endpoints.
-  DynamicEndpointGroupConfig config = 1;
-  // outbound_tls will configure what TLS information to use when connecting to an upstream.
-  TransportSocket outbound_tls = 2;
-}
-
-message PassthroughEndpointGroup {
-  // config configures how to connect to the endpoints.
-  PassthroughEndpointGroupConfig config = 1;
-  // outbound_tls will configure what TLS information to use when connecting to an upstream.
-  TransportSocket outbound_tls = 2;
-}
-
-message DNSEndpointGroup {
-  // config configures how to connect to the endpoints.
-  DNSEndpointGroupConfig config = 1;
-  // outbound_tls will configure what TLS information to use when connecting to an upstream.
-  TransportSocket outbound_tls = 2;
-}
-
-// StaticEndpointGroup is used to reach local app ports.
-message StaticEndpointGroup {
-  // config configures how to connect to the endpoints.
-  StaticEndpointGroupConfig config = 1;
-}
-
-message L4WeightedClusterGroup {
-  // clusters to route to by weight.
-  repeated L4WeightedDestinationCluster clusters = 1;
-}
-
-message L7WeightedClusterGroup {
-  // clusters to route to by weight.
-  repeated L7WeightedDestinationCluster clusters = 1;
-}
-
-message L4WeightedDestinationCluster {
-  // name is the name of the cluster. This will be used to look up a cluster in the clusters map.
-  string name = 1;
-  google.protobuf.UInt32Value weight = 2;
-}
-
-message L7WeightedDestinationCluster {
-  // name is the name of the cluster. This will be used to look up a cluster in the clusters map.
-  string name = 1;
-  google.protobuf.UInt32Value weight = 2;
-  repeated HeaderMutation header_mutations = 3;
-}
-
-message DynamicEndpointGroupConfig {
-  google.protobuf.Duration connect_timeout = 1;
-  bool disable_panic_threshold = 2;
-  oneof lb_policy {
-    LBPolicyLeastRequest least_request = 3;
-    LBPolicyRoundRobin round_robin = 4;
-    LBPolicyRandom random = 5;
-    LBPolicyRingHash ring_hash = 6;
-    LBPolicyMaglev maglev = 7;
-  }
-  CircuitBreakers circuit_breakers = 8;
-  OutlierDetection outlier_detection = 9;
-  UpstreamConnectionOptions upstream_connection_options = 10;
-  bool use_alt_stat_name = 11;
-}
-
-message LBPolicyLeastRequest {
-  google.protobuf.UInt32Value choice_count = 1;
-}
-message LBPolicyRoundRobin {}
-
-message LBPolicyRandom {}
-
-message LBPolicyRingHash {
-  google.protobuf.UInt64Value minimum_ring_size = 1;
-  google.protobuf.UInt64Value maximum_ring_size = 2;
-}
-
-message LBPolicyMaglev {}
-
-message CircuitBreakers {
-  UpstreamLimits upstream_limits = 1;
-}
-
-message UpstreamLimits {
-  google.protobuf.UInt32Value max_connections = 1;
-  google.protobuf.UInt32Value max_pending_requests = 2;
-  google.protobuf.UInt32Value max_concurrent_requests = 3;
-}
-
-message OutlierDetection {
-  google.protobuf.Duration interval = 1;
-  google.protobuf.UInt32Value consecutive_5xx = 2;
-  google.protobuf.UInt32Value enforcing_consecutive_5xx = 3;
-  google.protobuf.UInt32Value max_ejection_percent = 4;
-  google.protobuf.Duration base_ejection_time = 5;
-}
-
-message UpstreamConnectionOptions {
-  google.protobuf.UInt32Value tcp_keepalive_time = 1;
-  google.protobuf.UInt32Value tcp_keepalive_interval = 2;
-  google.protobuf.UInt32Value tcp_keepalive_probes = 3;
-}
-
-message PassthroughEndpointGroupConfig {
-  google.protobuf.Duration connect_timeout = 1;
-}
-
-message DNSEndpointGroupConfig {
-  google.protobuf.Duration connect_timeout = 1;
-  bool disable_panic_threshold = 2;
-  DiscoveryType discovery_type = 3;
-  CircuitBreakers circuit_breakers = 4;
-  OutlierDetection outlier_detection = 5;
-  UpstreamConnectionOptions upstream_connection_options = 6;
-  bool use_alt_stat_name = 7;
-}
-
-enum DiscoveryType {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  DISCOVERY_TYPE_LOGICAL = 0;
-  DISCOVERY_TYPE_STRICT = 1;
-}
-
-message StaticEndpointGroupConfig {
-  google.protobuf.Duration connect_timeout = 1;
-  CircuitBreakers circuit_breakers = 2;
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.binary.go
deleted file mode 100644
index 62f943ca762e..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.binary.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/pbproxystate/endpoints.proto
-
-package pbproxystate
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *Endpoints) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *Endpoints) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *Endpoint) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *Endpoint) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
deleted file mode 100644
index ce14e15f722d..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.pb.go
+++ /dev/null
@@ -1,386 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/pbproxystate/endpoints.proto
-
-package pbproxystate
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type HealthStatus int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	HealthStatus_HEALTH_STATUS_UNKNOWN   HealthStatus = 0
-	HealthStatus_HEALTH_STATUS_HEALTHY   HealthStatus = 1
-	HealthStatus_HEALTH_STATUS_UNHEALTHY HealthStatus = 2
-)
-
-// Enum value maps for HealthStatus.
-var (
-	HealthStatus_name = map[int32]string{
-		0: "HEALTH_STATUS_UNKNOWN",
-		1: "HEALTH_STATUS_HEALTHY",
-		2: "HEALTH_STATUS_UNHEALTHY",
-	}
-	HealthStatus_value = map[string]int32{
-		"HEALTH_STATUS_UNKNOWN":   0,
-		"HEALTH_STATUS_HEALTHY":   1,
-		"HEALTH_STATUS_UNHEALTHY": 2,
-	}
-)
-
-func (x HealthStatus) Enum() *HealthStatus {
-	p := new(HealthStatus)
-	*p = x
-	return p
-}
-
-func (x HealthStatus) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (HealthStatus) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_enumTypes[0].Descriptor()
-}
-
-func (HealthStatus) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_enumTypes[0]
-}
-
-func (x HealthStatus) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use HealthStatus.Descriptor instead.
-func (HealthStatus) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescGZIP(), []int{0}
-}
-
-type Endpoints struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Endpoints []*Endpoint `protobuf:"bytes,1,rep,name=endpoints,proto3" json:"endpoints,omitempty"`
-}
-
-func (x *Endpoints) Reset() {
-	*x = Endpoints{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Endpoints) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Endpoints) ProtoMessage() {}
-
-func (x *Endpoints) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Endpoints.ProtoReflect.Descriptor instead.
-func (*Endpoints) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Endpoints) GetEndpoints() []*Endpoint {
-	if x != nil {
-		return x.Endpoints
-	}
-	return nil
-}
-
-type Endpoint struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Types that are assignable to Address:
-	//
-	//	*Endpoint_HostPort
-	//	*Endpoint_UnixSocket
-	Address             isEndpoint_Address      `protobuf_oneof:"address"`
-	HealthStatus        HealthStatus            `protobuf:"varint,3,opt,name=health_status,json=healthStatus,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.HealthStatus" json:"health_status,omitempty"`
-	LoadBalancingWeight *wrapperspb.UInt32Value `protobuf:"bytes,4,opt,name=load_balancing_weight,json=loadBalancingWeight,proto3" json:"load_balancing_weight,omitempty"`
-}
-
-func (x *Endpoint) Reset() {
-	*x = Endpoint{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Endpoint) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Endpoint) ProtoMessage() {}
-
-func (x *Endpoint) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Endpoint.ProtoReflect.Descriptor instead.
-func (*Endpoint) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescGZIP(), []int{1}
-}
-
-func (m *Endpoint) GetAddress() isEndpoint_Address {
-	if m != nil {
-		return m.Address
-	}
-	return nil
-}
-
-func (x *Endpoint) GetHostPort() *HostPortAddress {
-	if x, ok := x.GetAddress().(*Endpoint_HostPort); ok {
-		return x.HostPort
-	}
-	return nil
-}
-
-func (x *Endpoint) GetUnixSocket() *UnixSocketAddress {
-	if x, ok := x.GetAddress().(*Endpoint_UnixSocket); ok {
-		return x.UnixSocket
-	}
-	return nil
-}
-
-func (x *Endpoint) GetHealthStatus() HealthStatus {
-	if x != nil {
-		return x.HealthStatus
-	}
-	return HealthStatus_HEALTH_STATUS_UNKNOWN
-}
-
-func (x *Endpoint) GetLoadBalancingWeight() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.LoadBalancingWeight
-	}
-	return nil
-}
-
-type isEndpoint_Address interface {
-	isEndpoint_Address()
-}
-
-type Endpoint_HostPort struct {
-	HostPort *HostPortAddress `protobuf:"bytes,1,opt,name=host_port,json=hostPort,proto3,oneof"`
-}
-
-type Endpoint_UnixSocket struct {
-	UnixSocket *UnixSocketAddress `protobuf:"bytes,2,opt,name=unix_socket,json=unixSocket,proto3,oneof"`
-}
-
-func (*Endpoint_HostPort) isEndpoint_Address() {}
-
-func (*Endpoint_UnixSocket) isEndpoint_Address() {}
-
-var File_pbmesh_v1alpha1_pbproxystate_endpoints_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDesc = []byte{
-	0x0a, 0x2c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x65,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x1a, 0x1e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61,
-	0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2a, 0x70, 0x62, 0x6d,
-	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
-	0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x60, 0x0a, 0x09, 0x45, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x73, 0x12, 0x53, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
-	0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x09,
-	0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x22, 0x87, 0x03, 0x0a, 0x08, 0x45, 0x6e,
-	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x5b, 0x0a, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x70,
-	0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74,
-	0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x50,
-	0x6f, 0x72, 0x74, 0x12, 0x61, 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6f, 0x63, 0x6b,
-	0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65,
-	0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x0a, 0x75, 0x6e, 0x69, 0x78,
-	0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x5e, 0x0a, 0x0d, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68,
-	0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x6c,
-	0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x50, 0x0a, 0x15, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62,
-	0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x52, 0x13, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69,
-	0x6e, 0x67, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x42, 0x09, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72,
-	0x65, 0x73, 0x73, 0x2a, 0x61, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54,
-	0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x19,
-	0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
-	0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x59, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x48, 0x45, 0x41,
-	0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x48, 0x45, 0x41,
-	0x4c, 0x54, 0x48, 0x59, 0x10, 0x02, 0x42, 0xda, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0e, 0x45, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69,
-	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
-	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d,
-	0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
-	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
-	0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
-var file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_goTypes = []interface{}{
-	(HealthStatus)(0),              // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.HealthStatus
-	(*Endpoints)(nil),              // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoints
-	(*Endpoint)(nil),               // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint
-	(*HostPortAddress)(nil),        // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.HostPortAddress
-	(*UnixSocketAddress)(nil),      // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.UnixSocketAddress
-	(*wrapperspb.UInt32Value)(nil), // 5: google.protobuf.UInt32Value
-}
-var file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_depIdxs = []int32{
-	2, // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoints.endpoints:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint
-	3, // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint.host_port:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HostPortAddress
-	4, // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint.unix_socket:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.UnixSocketAddress
-	0, // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint.health_status:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HealthStatus
-	5, // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoint.load_balancing_weight:type_name -> google.protobuf.UInt32Value
-	5, // [5:5] is the sub-list for method output_type
-	5, // [5:5] is the sub-list for method input_type
-	5, // [5:5] is the sub-list for extension type_name
-	5, // [5:5] is the sub-list for extension extendee
-	0, // [0:5] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_init() }
-func file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_init() {
-	if File_pbmesh_v1alpha1_pbproxystate_endpoints_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_pbproxystate_address_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Endpoints); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Endpoint); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes[1].OneofWrappers = []interface{}{
-		(*Endpoint_HostPort)(nil),
-		(*Endpoint_UnixSocket)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   2,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_pbproxystate_endpoints_proto = out.File
-	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_goTypes = nil
-	file_pbmesh_v1alpha1_pbproxystate_endpoints_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
deleted file mode 100644
index 28ff53b7eec1..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/endpoints.proto
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1.pbproxystate;
-
-import "google/protobuf/wrappers.proto";
-import "pbmesh/v1alpha1/pbproxystate/address.proto";
-
-message Endpoints {
-  repeated Endpoint endpoints = 1;
-}
-
-message Endpoint {
-  oneof address {
-    HostPortAddress host_port = 1;
-    UnixSocketAddress unix_socket = 2;
-  }
-  HealthStatus health_status = 3;
-  google.protobuf.UInt32Value load_balancing_weight = 4;
-}
-
-enum HealthStatus {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  HEALTH_STATUS_UNKNOWN = 0;
-  HEALTH_STATUS_HEALTHY = 1;
-  HEALTH_STATUS_UNHEALTHY = 2;
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.binary.go
deleted file mode 100644
index b684a26f32e0..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.binary.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
-
-package pbproxystate
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *EscapeHatches) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *EscapeHatches) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
deleted file mode 100644
index 9250341dbef5..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.pb.go
+++ /dev/null
@@ -1,173 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
-
-package pbproxystate
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type EscapeHatches struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// listener_tracing_json contains user provided tracing configuration.
-	ListenerTracingJson string `protobuf:"bytes,1,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"`
-}
-
-func (x *EscapeHatches) Reset() {
-	*x = EscapeHatches{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *EscapeHatches) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*EscapeHatches) ProtoMessage() {}
-
-func (x *EscapeHatches) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use EscapeHatches.ProtoReflect.Descriptor instead.
-func (*EscapeHatches) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *EscapeHatches) GetListenerTracingJson() string {
-	if x != nil {
-		return x.ListenerTracingJson
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDesc = []byte{
-	0x0a, 0x31, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x65,
-	0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x22, 0x43, 0x0a, 0x0d, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x65,
-	0x73, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x74, 0x72,
-	0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e,
-	0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x42, 0xde, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x12, 0x45, 0x73, 0x63, 0x61, 0x70,
-	0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
-	0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68,
-	0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02,
-	0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
-	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
-	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
-	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_goTypes = []interface{}{
-	(*EscapeHatches)(nil), // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.EscapeHatches
-}
-var file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_init() }
-func file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_init() {
-	if File_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EscapeHatches); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   1,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto = out.File
-	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_goTypes = nil
-	file_pbmesh_v1alpha1_pbproxystate_escape_hatches_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
deleted file mode 100644
index ab8871182780..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/escape_hatches.proto
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1.pbproxystate;
-
-message EscapeHatches {
-  // listener_tracing_json contains user provided tracing configuration.
-  string listener_tracing_json = 1;
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.binary.go
deleted file mode 100644
index 55d9155e9f7a..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.binary.go
+++ /dev/null
@@ -1,68 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/pbproxystate/header_mutations.proto
-
-package pbproxystate
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HeaderMutation) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HeaderMutation) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *RequestHeaderAdd) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *RequestHeaderAdd) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *RequestHeaderRemove) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *RequestHeaderRemove) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *ResponseHeaderAdd) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *ResponseHeaderAdd) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *ResponseHeaderRemove) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *ResponseHeaderRemove) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *Header) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *Header) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
deleted file mode 100644
index 71d0b5dc3c02..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.pb.go
+++ /dev/null
@@ -1,693 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/pbproxystate/header_mutations.proto
-
-package pbproxystate
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type AppendAction int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD    AppendAction = 0
-	AppendAction_APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD AppendAction = 1
-)
-
-// Enum value maps for AppendAction.
-var (
-	AppendAction_name = map[int32]string{
-		0: "APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD",
-		1: "APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD",
-	}
-	AppendAction_value = map[string]int32{
-		"APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD":    0,
-		"APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD": 1,
-	}
-)
-
-func (x AppendAction) Enum() *AppendAction {
-	p := new(AppendAction)
-	*p = x
-	return p
-}
-
-func (x AppendAction) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (AppendAction) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_enumTypes[0].Descriptor()
-}
-
-func (AppendAction) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_enumTypes[0]
-}
-
-func (x AppendAction) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use AppendAction.Descriptor instead.
-func (AppendAction) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{0}
-}
-
-// Note: it's nice to have this list of header mutations as opposed to configuration similar to Envoy because it
-// translates more nicely from GAMMA HTTPRoute, and our existing service router config. Then xds code can handle turning
-// it into envoy xds.
-type HeaderMutation struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Types that are assignable to Action:
-	//
-	//	*HeaderMutation_RequestHeaderAdd
-	//	*HeaderMutation_RequestHeaderRemove
-	//	*HeaderMutation_ResponseHeaderAdd
-	//	*HeaderMutation_ResponseHeaderRemove
-	Action isHeaderMutation_Action `protobuf_oneof:"action"`
-}
-
-func (x *HeaderMutation) Reset() {
-	*x = HeaderMutation{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HeaderMutation) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HeaderMutation) ProtoMessage() {}
-
-func (x *HeaderMutation) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HeaderMutation.ProtoReflect.Descriptor instead.
-func (*HeaderMutation) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{0}
-}
-
-func (m *HeaderMutation) GetAction() isHeaderMutation_Action {
-	if m != nil {
-		return m.Action
-	}
-	return nil
-}
-
-func (x *HeaderMutation) GetRequestHeaderAdd() *RequestHeaderAdd {
-	if x, ok := x.GetAction().(*HeaderMutation_RequestHeaderAdd); ok {
-		return x.RequestHeaderAdd
-	}
-	return nil
-}
-
-func (x *HeaderMutation) GetRequestHeaderRemove() *RequestHeaderRemove {
-	if x, ok := x.GetAction().(*HeaderMutation_RequestHeaderRemove); ok {
-		return x.RequestHeaderRemove
-	}
-	return nil
-}
-
-func (x *HeaderMutation) GetResponseHeaderAdd() *ResponseHeaderAdd {
-	if x, ok := x.GetAction().(*HeaderMutation_ResponseHeaderAdd); ok {
-		return x.ResponseHeaderAdd
-	}
-	return nil
-}
-
-func (x *HeaderMutation) GetResponseHeaderRemove() *ResponseHeaderRemove {
-	if x, ok := x.GetAction().(*HeaderMutation_ResponseHeaderRemove); ok {
-		return x.ResponseHeaderRemove
-	}
-	return nil
-}
-
-type isHeaderMutation_Action interface {
-	isHeaderMutation_Action()
-}
-
-type HeaderMutation_RequestHeaderAdd struct {
-	RequestHeaderAdd *RequestHeaderAdd `protobuf:"bytes,1,opt,name=request_header_add,json=requestHeaderAdd,proto3,oneof"`
-}
-
-type HeaderMutation_RequestHeaderRemove struct {
-	RequestHeaderRemove *RequestHeaderRemove `protobuf:"bytes,2,opt,name=request_header_remove,json=requestHeaderRemove,proto3,oneof"`
-}
-
-type HeaderMutation_ResponseHeaderAdd struct {
-	ResponseHeaderAdd *ResponseHeaderAdd `protobuf:"bytes,3,opt,name=response_header_add,json=responseHeaderAdd,proto3,oneof"`
-}
-
-type HeaderMutation_ResponseHeaderRemove struct {
-	ResponseHeaderRemove *ResponseHeaderRemove `protobuf:"bytes,4,opt,name=response_header_remove,json=responseHeaderRemove,proto3,oneof"`
-}
-
-func (*HeaderMutation_RequestHeaderAdd) isHeaderMutation_Action() {}
-
-func (*HeaderMutation_RequestHeaderRemove) isHeaderMutation_Action() {}
-
-func (*HeaderMutation_ResponseHeaderAdd) isHeaderMutation_Action() {}
-
-func (*HeaderMutation_ResponseHeaderRemove) isHeaderMutation_Action() {}
-
-type RequestHeaderAdd struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Header       *Header      `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
-	AppendAction AppendAction `protobuf:"varint,2,opt,name=append_action,json=appendAction,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.AppendAction" json:"append_action,omitempty"`
-}
-
-func (x *RequestHeaderAdd) Reset() {
-	*x = RequestHeaderAdd{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RequestHeaderAdd) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RequestHeaderAdd) ProtoMessage() {}
-
-func (x *RequestHeaderAdd) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RequestHeaderAdd.ProtoReflect.Descriptor instead.
-func (*RequestHeaderAdd) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *RequestHeaderAdd) GetHeader() *Header {
-	if x != nil {
-		return x.Header
-	}
-	return nil
-}
-
-func (x *RequestHeaderAdd) GetAppendAction() AppendAction {
-	if x != nil {
-		return x.AppendAction
-	}
-	return AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-}
-
-type RequestHeaderRemove struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	HeaderKeys []string `protobuf:"bytes,1,rep,name=header_keys,json=headerKeys,proto3" json:"header_keys,omitempty"`
-}
-
-func (x *RequestHeaderRemove) Reset() {
-	*x = RequestHeaderRemove{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RequestHeaderRemove) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RequestHeaderRemove) ProtoMessage() {}
-
-func (x *RequestHeaderRemove) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RequestHeaderRemove.ProtoReflect.Descriptor instead.
-func (*RequestHeaderRemove) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *RequestHeaderRemove) GetHeaderKeys() []string {
-	if x != nil {
-		return x.HeaderKeys
-	}
-	return nil
-}
-
-type ResponseHeaderAdd struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Header       *Header      `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
-	AppendAction AppendAction `protobuf:"varint,2,opt,name=append_action,json=appendAction,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.AppendAction" json:"append_action,omitempty"`
-}
-
-func (x *ResponseHeaderAdd) Reset() {
-	*x = ResponseHeaderAdd{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ResponseHeaderAdd) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ResponseHeaderAdd) ProtoMessage() {}
-
-func (x *ResponseHeaderAdd) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ResponseHeaderAdd.ProtoReflect.Descriptor instead.
-func (*ResponseHeaderAdd) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *ResponseHeaderAdd) GetHeader() *Header {
-	if x != nil {
-		return x.Header
-	}
-	return nil
-}
-
-func (x *ResponseHeaderAdd) GetAppendAction() AppendAction {
-	if x != nil {
-		return x.AppendAction
-	}
-	return AppendAction_APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD
-}
-
-type ResponseHeaderRemove struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	HeaderKeys []string `protobuf:"bytes,1,rep,name=header_keys,json=headerKeys,proto3" json:"header_keys,omitempty"`
-}
-
-func (x *ResponseHeaderRemove) Reset() {
-	*x = ResponseHeaderRemove{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ResponseHeaderRemove) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ResponseHeaderRemove) ProtoMessage() {}
-
-func (x *ResponseHeaderRemove) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ResponseHeaderRemove.ProtoReflect.Descriptor instead.
-func (*ResponseHeaderRemove) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *ResponseHeaderRemove) GetHeaderKeys() []string {
-	if x != nil {
-		return x.HeaderKeys
-	}
-	return nil
-}
-
-type Header struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Key   string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
-	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
-}
-
-func (x *Header) Reset() {
-	*x = Header{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Header) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Header) ProtoMessage() {}
-
-func (x *Header) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Header.ProtoReflect.Descriptor instead.
-func (*Header) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *Header) GetKey() string {
-	if x != nil {
-		return x.Key
-	}
-	return ""
-}
-
-func (x *Header) GetValue() string {
-	if x != nil {
-		return x.Value
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_pbproxystate_header_mutations_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDesc = []byte{
-	0x0a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x68,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x22, 0xee, 0x03, 0x0a, 0x0e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x6d, 0x0a, 0x12, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x61, 0x64, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64,
-	0x48, 0x00, 0x52, 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x41, 0x64, 0x64, 0x12, 0x76, 0x0a, 0x15, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f,
-	0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52,
-	0x65, 0x6d, 0x6f, 0x76, 0x65, 0x48, 0x00, 0x52, 0x13, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x70, 0x0a, 0x13,
-	0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f,
-	0x61, 0x64, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x48, 0x00, 0x52, 0x11, 0x72, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x79,
-	0x0a, 0x16, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76,
-	0x65, 0x48, 0x00, 0x52, 0x14, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x42, 0x08, 0x0a, 0x06, 0x61, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x22, 0xbf, 0x01, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x12, 0x4b, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x68,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x5e, 0x0a, 0x0d, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f,
-	0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x6e,
-	0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x36, 0x0a, 0x13, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b,
-	0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
-	0x09, 0x52, 0x0a, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x73, 0x22, 0xc0, 0x01,
-	0x0a, 0x11, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x41, 0x64, 0x64, 0x12, 0x4b, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x12, 0x5e, 0x0a, 0x0d, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x0c, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x22, 0x37, 0x0a, 0x14, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x68,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x30, 0x0a, 0x06, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x2a, 0x67, 0x0a, 0x0c, 0x41,
-	0x70, 0x70, 0x65, 0x6e, 0x64, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x29, 0x0a, 0x25, 0x41,
-	0x50, 0x50, 0x45, 0x4e, 0x44, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x41, 0x50, 0x50,
-	0x45, 0x4e, 0x44, 0x5f, 0x49, 0x46, 0x5f, 0x45, 0x58, 0x49, 0x53, 0x54, 0x53, 0x5f, 0x4f, 0x52,
-	0x5f, 0x41, 0x44, 0x44, 0x10, 0x00, 0x12, 0x2c, 0x0a, 0x28, 0x41, 0x50, 0x50, 0x45, 0x4e, 0x44,
-	0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x57, 0x52, 0x49, 0x54,
-	0x45, 0x5f, 0x49, 0x46, 0x5f, 0x45, 0x58, 0x49, 0x53, 0x54, 0x53, 0x5f, 0x4f, 0x52, 0x5f, 0x41,
-	0x44, 0x44, 0x10, 0x01, 0x42, 0xe0, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x14, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
-	0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01,
-	0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73,
-	0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa,
-	0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b,
-	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d,
-	0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
-	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
-	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
-var file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_goTypes = []interface{}{
-	(AppendAction)(0),            // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.AppendAction
-	(*HeaderMutation)(nil),       // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
-	(*RequestHeaderAdd)(nil),     // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderAdd
-	(*RequestHeaderRemove)(nil),  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderRemove
-	(*ResponseHeaderAdd)(nil),    // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderAdd
-	(*ResponseHeaderRemove)(nil), // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderRemove
-	(*Header)(nil),               // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.Header
-}
-var file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_depIdxs = []int32{
-	2, // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation.request_header_add:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderAdd
-	3, // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation.request_header_remove:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderRemove
-	4, // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation.response_header_add:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderAdd
-	5, // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation.response_header_remove:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderRemove
-	6, // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderAdd.header:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Header
-	0, // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.RequestHeaderAdd.append_action:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.AppendAction
-	6, // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderAdd.header:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Header
-	0, // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.ResponseHeaderAdd.append_action:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.AppendAction
-	8, // [8:8] is the sub-list for method output_type
-	8, // [8:8] is the sub-list for method input_type
-	8, // [8:8] is the sub-list for extension type_name
-	8, // [8:8] is the sub-list for extension extendee
-	0, // [0:8] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_init() }
-func file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_init() {
-	if File_pbmesh_v1alpha1_pbproxystate_header_mutations_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HeaderMutation); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RequestHeaderAdd); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RequestHeaderRemove); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ResponseHeaderAdd); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ResponseHeaderRemove); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Header); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes[0].OneofWrappers = []interface{}{
-		(*HeaderMutation_RequestHeaderAdd)(nil),
-		(*HeaderMutation_RequestHeaderRemove)(nil),
-		(*HeaderMutation_ResponseHeaderAdd)(nil),
-		(*HeaderMutation_ResponseHeaderRemove)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   6,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_pbproxystate_header_mutations_proto = out.File
-	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_goTypes = nil
-	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
deleted file mode 100644
index ca3bd6ee79cc..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/header_mutations.proto
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1.pbproxystate;
-
-// Note: it's nice to have this list of header mutations as opposed to configuration similar to Envoy because it
-// translates more nicely from GAMMA HTTPRoute, and our existing service router config. Then xds code can handle turning
-// it into envoy xds.
-message HeaderMutation {
-  oneof action {
-    RequestHeaderAdd request_header_add = 1;
-    RequestHeaderRemove request_header_remove = 2;
-    ResponseHeaderAdd response_header_add = 3;
-    ResponseHeaderRemove response_header_remove = 4;
-  }
-}
-
-message RequestHeaderAdd {
-  Header header = 1;
-  AppendAction append_action = 2;
-}
-
-message RequestHeaderRemove {
-  repeated string header_keys = 1;
-}
-
-message ResponseHeaderAdd {
-  Header header = 1;
-  AppendAction append_action = 2;
-}
-
-message ResponseHeaderRemove {
-  repeated string header_keys = 1;
-}
-
-message Header {
-  string key = 1;
-  string value = 2;
-}
-
-enum AppendAction {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  APPEND_ACTION_APPEND_IF_EXISTS_OR_ADD = 0;
-  APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD = 1;
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.binary.go
deleted file mode 100644
index 7eb87f443f19..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.binary.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/pbproxystate/intentions.proto
-
-package pbproxystate
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *L7Intention) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *L7Intention) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *L4Intention) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *L4Intention) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
deleted file mode 100644
index 171c5f357f37..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.pb.go
+++ /dev/null
@@ -1,211 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/pbproxystate/intentions.proto
-
-package pbproxystate
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type L7Intention struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-}
-
-func (x *L7Intention) Reset() {
-	*x = L7Intention{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L7Intention) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L7Intention) ProtoMessage() {}
-
-func (x *L7Intention) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L7Intention.ProtoReflect.Descriptor instead.
-func (*L7Intention) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescGZIP(), []int{0}
-}
-
-type L4Intention struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-}
-
-func (x *L4Intention) Reset() {
-	*x = L4Intention{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L4Intention) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L4Intention) ProtoMessage() {}
-
-func (x *L4Intention) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L4Intention.ProtoReflect.Descriptor instead.
-func (*L4Intention) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescGZIP(), []int{1}
-}
-
-var File_pbmesh_v1alpha1_pbproxystate_intentions_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDesc = []byte{
-	0x0a, 0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x69,
-	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
-	0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x0d, 0x0a, 0x0b,
-	0x4c, 0x37, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x0d, 0x0a, 0x0b, 0x4c,
-	0x34, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0xdb, 0x02, 0x0a, 0x2f, 0x63,
-	0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0f,
-	0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
-	0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65,
-	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50,
-	0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02,
-	0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c,
-	0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
-	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65,
-	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68,
-	0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
-var file_pbmesh_v1alpha1_pbproxystate_intentions_proto_goTypes = []interface{}{
-	(*L7Intention)(nil), // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Intention
-	(*L4Intention)(nil), // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Intention
-}
-var file_pbmesh_v1alpha1_pbproxystate_intentions_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_pbproxystate_intentions_proto_init() }
-func file_pbmesh_v1alpha1_pbproxystate_intentions_proto_init() {
-	if File_pbmesh_v1alpha1_pbproxystate_intentions_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L7Intention); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L4Intention); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   2,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_intentions_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_intentions_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_intentions_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_pbproxystate_intentions_proto = out.File
-	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_goTypes = nil
-	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
deleted file mode 100644
index 37f009cc3039..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/intentions.proto
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1.pbproxystate;
-
-message L7Intention {}
-
-message L4Intention {}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.binary.go
deleted file mode 100644
index 333fa99892e0..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.binary.go
+++ /dev/null
@@ -1,78 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/pbproxystate/listener.proto
-
-package pbproxystate
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *Listener) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *Listener) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *Router) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *Router) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *Match) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *Match) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *CidrRange) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *CidrRange) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *L4Destination) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *L4Destination) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *L7Destination) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *L7Destination) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *SNIDestination) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *SNIDestination) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
deleted file mode 100644
index 24c6f5fc8ce5..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.pb.go
+++ /dev/null
@@ -1,1269 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/pbproxystate/listener.proto
-
-package pbproxystate
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type Direction int32
-
-const (
-	// DIRECTION_UNSPECIFIED is used by mesh gateway listeners.
-	Direction_DIRECTION_UNSPECIFIED Direction = 0
-	Direction_DIRECTION_INBOUND     Direction = 1
-	Direction_DIRECTION_OUTBOUND    Direction = 2
-)
-
-// Enum value maps for Direction.
-var (
-	Direction_name = map[int32]string{
-		0: "DIRECTION_UNSPECIFIED",
-		1: "DIRECTION_INBOUND",
-		2: "DIRECTION_OUTBOUND",
-	}
-	Direction_value = map[string]int32{
-		"DIRECTION_UNSPECIFIED": 0,
-		"DIRECTION_INBOUND":     1,
-		"DIRECTION_OUTBOUND":    2,
-	}
-)
-
-func (x Direction) Enum() *Direction {
-	p := new(Direction)
-	*p = x
-	return p
-}
-
-func (x Direction) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (Direction) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[0].Descriptor()
-}
-
-func (Direction) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[0]
-}
-
-func (x Direction) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use Direction.Descriptor instead.
-func (Direction) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{0}
-}
-
-type BalanceConnections int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	BalanceConnections_BALANCE_CONNECTIONS_DEFAULT BalanceConnections = 0
-	BalanceConnections_BALANCE_CONNECTIONS_EXACT   BalanceConnections = 1
-)
-
-// Enum value maps for BalanceConnections.
-var (
-	BalanceConnections_name = map[int32]string{
-		0: "BALANCE_CONNECTIONS_DEFAULT",
-		1: "BALANCE_CONNECTIONS_EXACT",
-	}
-	BalanceConnections_value = map[string]int32{
-		"BALANCE_CONNECTIONS_DEFAULT": 0,
-		"BALANCE_CONNECTIONS_EXACT":   1,
-	}
-)
-
-func (x BalanceConnections) Enum() *BalanceConnections {
-	p := new(BalanceConnections)
-	*p = x
-	return p
-}
-
-func (x BalanceConnections) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (BalanceConnections) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[1].Descriptor()
-}
-
-func (BalanceConnections) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[1]
-}
-
-func (x BalanceConnections) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use BalanceConnections.Descriptor instead.
-func (BalanceConnections) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{1}
-}
-
-// Capabilities map to proxy functionality to enable. These enable tproxy, l7 protocol/alpn inspection, or l4 sni/alpn inspection.
-type Capability int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	Capability_CAPABILITY_TRANSPARENT            Capability = 0
-	Capability_CAPABILITY_L7_PROTOCOL_INSPECTION Capability = 1
-	Capability_CAPABILITY_L4_TLS_INSPECTION      Capability = 2
-)
-
-// Enum value maps for Capability.
-var (
-	Capability_name = map[int32]string{
-		0: "CAPABILITY_TRANSPARENT",
-		1: "CAPABILITY_L7_PROTOCOL_INSPECTION",
-		2: "CAPABILITY_L4_TLS_INSPECTION",
-	}
-	Capability_value = map[string]int32{
-		"CAPABILITY_TRANSPARENT":            0,
-		"CAPABILITY_L7_PROTOCOL_INSPECTION": 1,
-		"CAPABILITY_L4_TLS_INSPECTION":      2,
-	}
-)
-
-func (x Capability) Enum() *Capability {
-	p := new(Capability)
-	*p = x
-	return p
-}
-
-func (x Capability) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (Capability) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[2].Descriptor()
-}
-
-func (Capability) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[2]
-}
-
-func (x Capability) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use Capability.Descriptor instead.
-func (Capability) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{2}
-}
-
-type L7Protocol int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	L7Protocol_L7_PROTOCOL_HTTP  L7Protocol = 0
-	L7Protocol_L7_PROTOCOL_HTTP2 L7Protocol = 1
-	L7Protocol_L7_PROTOCOL_GRPC  L7Protocol = 2
-)
-
-// Enum value maps for L7Protocol.
-var (
-	L7Protocol_name = map[int32]string{
-		0: "L7_PROTOCOL_HTTP",
-		1: "L7_PROTOCOL_HTTP2",
-		2: "L7_PROTOCOL_GRPC",
-	}
-	L7Protocol_value = map[string]int32{
-		"L7_PROTOCOL_HTTP":  0,
-		"L7_PROTOCOL_HTTP2": 1,
-		"L7_PROTOCOL_GRPC":  2,
-	}
-)
-
-func (x L7Protocol) Enum() *L7Protocol {
-	p := new(L7Protocol)
-	*p = x
-	return p
-}
-
-func (x L7Protocol) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (L7Protocol) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[3].Descriptor()
-}
-
-func (L7Protocol) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes[3]
-}
-
-func (x L7Protocol) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use L7Protocol.Descriptor instead.
-func (L7Protocol) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{3}
-}
-
-type Listener struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name is the name of the listener.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// direction tells the listener the direction of traffic.
-	Direction Direction `protobuf:"varint,2,opt,name=direction,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.Direction" json:"direction,omitempty"`
-	// bind_address describes where to listen.
-	//
-	// Types that are assignable to BindAddress:
-	//
-	//	*Listener_HostPort
-	//	*Listener_UnixSocket
-	BindAddress isListener_BindAddress `protobuf_oneof:"bind_address"`
-	// routers describes how to route traffic from this listener.
-	Routers []*Router `protobuf:"bytes,5,rep,name=routers,proto3" json:"routers,omitempty"`
-	// default_router describes where to route if none of the other router matches match the connection.
-	DefaultRouter *Router `protobuf:"bytes,6,opt,name=default_router,json=defaultRouter,proto3" json:"default_router,omitempty"`
-	// capabilities describe Envoy proxy functionality to enable. These map closely to Envoy listener filters.
-	Capabilities []Capability `protobuf:"varint,7,rep,packed,name=capabilities,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.Capability" json:"capabilities,omitempty"`
-	// balance_connections configures how the listener should balance connections.
-	BalanceConnections BalanceConnections `protobuf:"varint,8,opt,name=balance_connections,json=balanceConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.BalanceConnections" json:"balance_connections,omitempty"`
-	// escape_hatch_listener_json configures a user configured escape hatch listener.
-	EscapeHatchListener string `protobuf:"bytes,9,opt,name=escape_hatch_listener,json=escapeHatchListener,proto3" json:"escape_hatch_listener,omitempty"`
-	// use_escape_hatch_tracing configures whether to use the top level user configured tracing escape hatch for this listener.
-	UseEscapeHatchTracing bool `protobuf:"varint,10,opt,name=use_escape_hatch_tracing,json=useEscapeHatchTracing,proto3" json:"use_escape_hatch_tracing,omitempty"`
-}
-
-func (x *Listener) Reset() {
-	*x = Listener{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Listener) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Listener) ProtoMessage() {}
-
-func (x *Listener) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Listener.ProtoReflect.Descriptor instead.
-func (*Listener) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Listener) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *Listener) GetDirection() Direction {
-	if x != nil {
-		return x.Direction
-	}
-	return Direction_DIRECTION_UNSPECIFIED
-}
-
-func (m *Listener) GetBindAddress() isListener_BindAddress {
-	if m != nil {
-		return m.BindAddress
-	}
-	return nil
-}
-
-func (x *Listener) GetHostPort() *HostPortAddress {
-	if x, ok := x.GetBindAddress().(*Listener_HostPort); ok {
-		return x.HostPort
-	}
-	return nil
-}
-
-func (x *Listener) GetUnixSocket() *UnixSocketAddress {
-	if x, ok := x.GetBindAddress().(*Listener_UnixSocket); ok {
-		return x.UnixSocket
-	}
-	return nil
-}
-
-func (x *Listener) GetRouters() []*Router {
-	if x != nil {
-		return x.Routers
-	}
-	return nil
-}
-
-func (x *Listener) GetDefaultRouter() *Router {
-	if x != nil {
-		return x.DefaultRouter
-	}
-	return nil
-}
-
-func (x *Listener) GetCapabilities() []Capability {
-	if x != nil {
-		return x.Capabilities
-	}
-	return nil
-}
-
-func (x *Listener) GetBalanceConnections() BalanceConnections {
-	if x != nil {
-		return x.BalanceConnections
-	}
-	return BalanceConnections_BALANCE_CONNECTIONS_DEFAULT
-}
-
-func (x *Listener) GetEscapeHatchListener() string {
-	if x != nil {
-		return x.EscapeHatchListener
-	}
-	return ""
-}
-
-func (x *Listener) GetUseEscapeHatchTracing() bool {
-	if x != nil {
-		return x.UseEscapeHatchTracing
-	}
-	return false
-}
-
-type isListener_BindAddress interface {
-	isListener_BindAddress()
-}
-
-type Listener_HostPort struct {
-	HostPort *HostPortAddress `protobuf:"bytes,3,opt,name=host_port,json=hostPort,proto3,oneof"`
-}
-
-type Listener_UnixSocket struct {
-	UnixSocket *UnixSocketAddress `protobuf:"bytes,4,opt,name=unix_socket,json=unixSocket,proto3,oneof"`
-}
-
-func (*Listener_HostPort) isListener_BindAddress() {}
-
-func (*Listener_UnixSocket) isListener_BindAddress() {}
-
-type Router struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// match specifies how to match traffic coming into this listener. If the traffic matches, it will be routed to the
-	// destination.
-	Match *Match `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"`
-	// Types that are assignable to Destination:
-	//
-	//	*Router_L4
-	//	*Router_L7
-	//	*Router_Sni
-	Destination isRouter_Destination `protobuf_oneof:"destination"`
-	// inbound_tls is used by inbound listeners that terminate TLS.
-	InboundTls *TransportSocket `protobuf:"bytes,5,opt,name=inbound_tls,json=inboundTls,proto3" json:"inbound_tls,omitempty"`
-}
-
-func (x *Router) Reset() {
-	*x = Router{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Router) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Router) ProtoMessage() {}
-
-func (x *Router) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Router.ProtoReflect.Descriptor instead.
-func (*Router) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *Router) GetMatch() *Match {
-	if x != nil {
-		return x.Match
-	}
-	return nil
-}
-
-func (m *Router) GetDestination() isRouter_Destination {
-	if m != nil {
-		return m.Destination
-	}
-	return nil
-}
-
-func (x *Router) GetL4() *L4Destination {
-	if x, ok := x.GetDestination().(*Router_L4); ok {
-		return x.L4
-	}
-	return nil
-}
-
-func (x *Router) GetL7() *L7Destination {
-	if x, ok := x.GetDestination().(*Router_L7); ok {
-		return x.L7
-	}
-	return nil
-}
-
-func (x *Router) GetSni() *SNIDestination {
-	if x, ok := x.GetDestination().(*Router_Sni); ok {
-		return x.Sni
-	}
-	return nil
-}
-
-func (x *Router) GetInboundTls() *TransportSocket {
-	if x != nil {
-		return x.InboundTls
-	}
-	return nil
-}
-
-type isRouter_Destination interface {
-	isRouter_Destination()
-}
-
-type Router_L4 struct {
-	// l4 is an l4 destination to route to, which will have a reference to a cluster.
-	L4 *L4Destination `protobuf:"bytes,2,opt,name=l4,proto3,oneof"`
-}
-
-type Router_L7 struct {
-	// l7 is an l7 destination to route to, which will have a reference to a route.
-	L7 *L7Destination `protobuf:"bytes,3,opt,name=l7,proto3,oneof"`
-}
-
-type Router_Sni struct {
-	// sni is an SNI destination, which means there will be no references, but the SNI name will be tied to the cluster
-	// name, so we should generate all clusters.
-	Sni *SNIDestination `protobuf:"bytes,4,opt,name=sni,proto3,oneof"`
-}
-
-func (*Router_L4) isRouter_Destination() {}
-
-func (*Router_L7) isRouter_Destination() {}
-
-func (*Router_Sni) isRouter_Destination() {}
-
-type Match struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	DestinationPort    *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
-	PrefixRanges       []*CidrRange            `protobuf:"bytes,2,rep,name=prefix_ranges,json=prefixRanges,proto3" json:"prefix_ranges,omitempty"`
-	SourcePrefixRanges []*CidrRange            `protobuf:"bytes,3,rep,name=source_prefix_ranges,json=sourcePrefixRanges,proto3" json:"source_prefix_ranges,omitempty"`
-	// server_names matches based on SNI of the incoming request.
-	ServerNames []string `protobuf:"bytes,4,rep,name=server_names,json=serverNames,proto3" json:"server_names,omitempty"`
-}
-
-func (x *Match) Reset() {
-	*x = Match{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Match) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Match) ProtoMessage() {}
-
-func (x *Match) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Match.ProtoReflect.Descriptor instead.
-func (*Match) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *Match) GetDestinationPort() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.DestinationPort
-	}
-	return nil
-}
-
-func (x *Match) GetPrefixRanges() []*CidrRange {
-	if x != nil {
-		return x.PrefixRanges
-	}
-	return nil
-}
-
-func (x *Match) GetSourcePrefixRanges() []*CidrRange {
-	if x != nil {
-		return x.SourcePrefixRanges
-	}
-	return nil
-}
-
-func (x *Match) GetServerNames() []string {
-	if x != nil {
-		return x.ServerNames
-	}
-	return nil
-}
-
-type CidrRange struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	AddressPrefix string                  `protobuf:"bytes,1,opt,name=address_prefix,json=addressPrefix,proto3" json:"address_prefix,omitempty"`
-	PrefixLen     *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=prefix_len,json=prefixLen,proto3" json:"prefix_len,omitempty"`
-}
-
-func (x *CidrRange) Reset() {
-	*x = CidrRange{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CidrRange) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CidrRange) ProtoMessage() {}
-
-func (x *CidrRange) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CidrRange.ProtoReflect.Descriptor instead.
-func (*CidrRange) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *CidrRange) GetAddressPrefix() string {
-	if x != nil {
-		return x.AddressPrefix
-	}
-	return ""
-}
-
-func (x *CidrRange) GetPrefixLen() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.PrefixLen
-	}
-	return nil
-}
-
-type L4Destination struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name is a key in the top level clusters map. This specifies which cluster to go to in this L4 destination.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
-	StatPrefix string `protobuf:"bytes,2,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
-	// intentions is a list of intentions for this destination.
-	Intentions []*L4Intention `protobuf:"bytes,3,rep,name=intentions,proto3" json:"intentions,omitempty"`
-	// add_empty_intention specifies whether to add an empty intention for this destination, when there are no other intentions specified.
-	AddEmptyIntention bool `protobuf:"varint,4,opt,name=add_empty_intention,json=addEmptyIntention,proto3" json:"add_empty_intention,omitempty"`
-	// max_inbound_connections specifies how many connections this destination can accept.
-	MaxInboundConnections uint64 `protobuf:"varint,5,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
-}
-
-func (x *L4Destination) Reset() {
-	*x = L4Destination{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L4Destination) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L4Destination) ProtoMessage() {}
-
-func (x *L4Destination) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L4Destination.ProtoReflect.Descriptor instead.
-func (*L4Destination) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *L4Destination) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *L4Destination) GetStatPrefix() string {
-	if x != nil {
-		return x.StatPrefix
-	}
-	return ""
-}
-
-func (x *L4Destination) GetIntentions() []*L4Intention {
-	if x != nil {
-		return x.Intentions
-	}
-	return nil
-}
-
-func (x *L4Destination) GetAddEmptyIntention() bool {
-	if x != nil {
-		return x.AddEmptyIntention
-	}
-	return false
-}
-
-func (x *L4Destination) GetMaxInboundConnections() uint64 {
-	if x != nil {
-		return x.MaxInboundConnections
-	}
-	return 0
-}
-
-type L7Destination struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name is a key in the top level routes map. This specifies which route to go to in this L7 destination.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
-	StatPrefix string `protobuf:"bytes,2,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
-	// protocol for the destination.
-	Protocol L7Protocol `protobuf:"varint,3,opt,name=protocol,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Protocol" json:"protocol,omitempty"`
-	// intentions is a list of intentions for this destination.
-	Intentions []*L7Intention `protobuf:"bytes,4,rep,name=intentions,proto3" json:"intentions,omitempty"`
-	// add_empty_intention specifies whether to add an empty intention for this destination, when there are no other intentions specified.
-	AddEmptyIntention bool `protobuf:"varint,5,opt,name=add_empty_intention,json=addEmptyIntention,proto3" json:"add_empty_intention,omitempty"`
-	// include_xfcc specifies whether to add xfcc header.
-	IncludeXfcc bool `protobuf:"varint,6,opt,name=include_xfcc,json=includeXfcc,proto3" json:"include_xfcc,omitempty"`
-	// static_route specifies whether this is a static route that is inlined in the listener filter. This is required to
-	// match existing xds config.
-	StaticRoute bool `protobuf:"varint,7,opt,name=static_route,json=staticRoute,proto3" json:"static_route,omitempty"`
-	// max_inbound_connections specifies how many connections this destination can accept.
-	MaxInboundConnections uint64 `protobuf:"varint,8,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"`
-}
-
-func (x *L7Destination) Reset() {
-	*x = L7Destination{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *L7Destination) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*L7Destination) ProtoMessage() {}
-
-func (x *L7Destination) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use L7Destination.ProtoReflect.Descriptor instead.
-func (*L7Destination) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *L7Destination) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *L7Destination) GetStatPrefix() string {
-	if x != nil {
-		return x.StatPrefix
-	}
-	return ""
-}
-
-func (x *L7Destination) GetProtocol() L7Protocol {
-	if x != nil {
-		return x.Protocol
-	}
-	return L7Protocol_L7_PROTOCOL_HTTP
-}
-
-func (x *L7Destination) GetIntentions() []*L7Intention {
-	if x != nil {
-		return x.Intentions
-	}
-	return nil
-}
-
-func (x *L7Destination) GetAddEmptyIntention() bool {
-	if x != nil {
-		return x.AddEmptyIntention
-	}
-	return false
-}
-
-func (x *L7Destination) GetIncludeXfcc() bool {
-	if x != nil {
-		return x.IncludeXfcc
-	}
-	return false
-}
-
-func (x *L7Destination) GetStaticRoute() bool {
-	if x != nil {
-		return x.StaticRoute
-	}
-	return false
-}
-
-func (x *L7Destination) GetMaxInboundConnections() uint64 {
-	if x != nil {
-		return x.MaxInboundConnections
-	}
-	return 0
-}
-
-type SNIDestination struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
-	StatPrefix string `protobuf:"bytes,1,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
-}
-
-func (x *SNIDestination) Reset() {
-	*x = SNIDestination{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SNIDestination) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SNIDestination) ProtoMessage() {}
-
-func (x *SNIDestination) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SNIDestination.ProtoReflect.Descriptor instead.
-func (*SNIDestination) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *SNIDestination) GetStatPrefix() string {
-	if x != nil {
-		return x.StatPrefix
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_pbproxystate_listener_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDesc = []byte{
-	0x0a, 0x2b, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x6c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70,
-	0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2a, 0x70, 0x62, 0x6d, 0x65,
-	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f,
-	0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xab, 0x06, 0x0a, 0x08, 0x4c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x54, 0x0a, 0x09, 0x64,
-	0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x69, 0x72,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x12, 0x5b, 0x0a, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65,
-	0x73, 0x73, 0x48, 0x00, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x61,
-	0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72,
-	0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x0a, 0x75, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65,
-	0x74, 0x12, 0x4d, 0x0a, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x52, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x73,
-	0x12, 0x5a, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x72, 0x6f, 0x75, 0x74,
-	0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x52, 0x0d, 0x64,
-	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x12, 0x5b, 0x0a, 0x0c,
-	0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03,
-	0x28, 0x0e, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x0c, 0x63, 0x61, 0x70,
-	0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x70, 0x0a, 0x13, 0x62, 0x61, 0x6c,
-	0x61, 0x6e, 0x63, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x12, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65,
-	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x32, 0x0a, 0x15, 0x65,
-	0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x69, 0x73, 0x74,
-	0x65, 0x6e, 0x65, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x65, 0x73, 0x63, 0x61,
-	0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12,
-	0x37, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x5f, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61,
-	0x74, 0x63, 0x68, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x18, 0x0a, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x15, 0x75, 0x73, 0x65, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63,
-	0x68, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x0e, 0x0a, 0x0c, 0x62, 0x69, 0x6e, 0x64,
-	0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, 0xad, 0x03, 0x0a, 0x06, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x72, 0x12, 0x48, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x4c, 0x0a,
-	0x02, 0x6c, 0x34, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x34, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x02, 0x6c, 0x34, 0x12, 0x4c, 0x0a, 0x02, 0x6c,
-	0x37, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x02, 0x6c, 0x37, 0x12, 0x4f, 0x0a, 0x03, 0x73, 0x6e, 0x69,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x4e, 0x49, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, 0x5d, 0x0a, 0x0b, 0x69, 0x6e,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72,
-	0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0a, 0x69,
-	0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x42, 0x0d, 0x0a, 0x0b, 0x64, 0x65, 0x73,
-	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xba, 0x02, 0x0a, 0x05, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x12, 0x47, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55,
-	0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x64, 0x65, 0x73, 0x74,
-	0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x5b, 0x0a, 0x0d, 0x70,
-	0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x66,
-	0x69, 0x78, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x12, 0x68, 0x0a, 0x14, 0x73, 0x6f, 0x75, 0x72,
-	0x63, 0x65, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x73,
-	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x12,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x52, 0x61, 0x6e, 0x67,
-	0x65, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x6f, 0x0a, 0x09, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e,
-	0x67, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x70, 0x72,
-	0x65, 0x66, 0x69, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x61, 0x64, 0x64, 0x72,
-	0x65, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x3b, 0x0a, 0x0a, 0x70, 0x72, 0x65,
-	0x66, 0x69, 0x78, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x70, 0x72, 0x65,
-	0x66, 0x69, 0x78, 0x4c, 0x65, 0x6e, 0x22, 0x86, 0x02, 0x0a, 0x0d, 0x4c, 0x34, 0x44, 0x65, 0x73,
-	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b,
-	0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x58, 0x0a,
-	0x0a, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
-	0x4c, 0x34, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x69, 0x6e, 0x74,
-	0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2e, 0x0a, 0x13, 0x61, 0x64, 0x64, 0x5f, 0x65,
-	0x6d, 0x70, 0x74, 0x79, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x61, 0x64, 0x64, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x49, 0x6e,
-	0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x69,
-	0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x62,
-	0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22,
-	0xa1, 0x03, 0x0a, 0x0d, 0x4c, 0x37, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72,
-	0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74,
-	0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x53, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63,
-	0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
-	0x6c, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x58, 0x0a, 0x0a, 0x69,
-	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37,
-	0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x69, 0x6e, 0x74, 0x65, 0x6e,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2e, 0x0a, 0x13, 0x61, 0x64, 0x64, 0x5f, 0x65, 0x6d, 0x70,
-	0x74, 0x79, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x11, 0x61, 0x64, 0x64, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x49, 0x6e, 0x74, 0x65,
-	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65,
-	0x5f, 0x78, 0x66, 0x63, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x6e, 0x63,
-	0x6c, 0x75, 0x64, 0x65, 0x58, 0x66, 0x63, 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x74, 0x61, 0x74,
-	0x69, 0x63, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b,
-	0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x17, 0x6d,
-	0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, 0x6d, 0x61,
-	0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x22, 0x31, 0x0a, 0x0e, 0x53, 0x4e, 0x49, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72,
-	0x65, 0x66, 0x69, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74,
-	0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x2a, 0x55, 0x0a, 0x09, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e,
-	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15,
-	0x0a, 0x11, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x49, 0x4e, 0x42, 0x4f,
-	0x55, 0x4e, 0x44, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49,
-	0x4f, 0x4e, 0x5f, 0x4f, 0x55, 0x54, 0x42, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x02, 0x2a, 0x54, 0x0a,
-	0x12, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x12, 0x1f, 0x0a, 0x1b, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f, 0x43,
-	0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55,
-	0x4c, 0x54, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x42, 0x41, 0x4c, 0x41, 0x4e, 0x43, 0x45, 0x5f,
-	0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x45, 0x58, 0x41, 0x43,
-	0x54, 0x10, 0x01, 0x2a, 0x71, 0x0a, 0x0a, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74,
-	0x79, 0x12, 0x1a, 0x0a, 0x16, 0x43, 0x41, 0x50, 0x41, 0x42, 0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f,
-	0x54, 0x52, 0x41, 0x4e, 0x53, 0x50, 0x41, 0x52, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, 0x25, 0x0a,
-	0x21, 0x43, 0x41, 0x50, 0x41, 0x42, 0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x4c, 0x37, 0x5f, 0x50,
-	0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x49, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x54, 0x49,
-	0x4f, 0x4e, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, 0x43, 0x41, 0x50, 0x41, 0x42, 0x49, 0x4c, 0x49,
-	0x54, 0x59, 0x5f, 0x4c, 0x34, 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x49, 0x4e, 0x53, 0x50, 0x45, 0x43,
-	0x54, 0x49, 0x4f, 0x4e, 0x10, 0x02, 0x2a, 0x4f, 0x0a, 0x0a, 0x4c, 0x37, 0x50, 0x72, 0x6f, 0x74,
-	0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x14, 0x0a, 0x10, 0x4c, 0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f,
-	0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x4c, 0x37,
-	0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x32, 0x10,
-	0x01, 0x12, 0x14, 0x0a, 0x10, 0x4c, 0x37, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c,
-	0x5f, 0x47, 0x52, 0x50, 0x43, 0x10, 0x02, 0x42, 0xd9, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0d, 0x4c, 0x69, 0x73,
-	0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69,
-	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
-	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d,
-	0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73,
-	0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
-	0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes = make([]protoimpl.EnumInfo, 4)
-var file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
-var file_pbmesh_v1alpha1_pbproxystate_listener_proto_goTypes = []interface{}{
-	(Direction)(0),                 // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Direction
-	(BalanceConnections)(0),        // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.BalanceConnections
-	(Capability)(0),                // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.Capability
-	(L7Protocol)(0),                // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Protocol
-	(*Listener)(nil),               // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener
-	(*Router)(nil),                 // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router
-	(*Match)(nil),                  // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.Match
-	(*CidrRange)(nil),              // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.CidrRange
-	(*L4Destination)(nil),          // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Destination
-	(*L7Destination)(nil),          // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Destination
-	(*SNIDestination)(nil),         // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.SNIDestination
-	(*HostPortAddress)(nil),        // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.HostPortAddress
-	(*UnixSocketAddress)(nil),      // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.UnixSocketAddress
-	(*TransportSocket)(nil),        // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
-	(*wrapperspb.UInt32Value)(nil), // 14: google.protobuf.UInt32Value
-	(*L4Intention)(nil),            // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Intention
-	(*L7Intention)(nil),            // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Intention
-}
-var file_pbmesh_v1alpha1_pbproxystate_listener_proto_depIdxs = []int32{
-	0,  // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.direction:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Direction
-	11, // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.host_port:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HostPortAddress
-	12, // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.unix_socket:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.UnixSocketAddress
-	5,  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.routers:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Router
-	5,  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.default_router:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Router
-	2,  // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.capabilities:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Capability
-	1,  // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener.balance_connections:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.BalanceConnections
-	6,  // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router.match:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Match
-	8,  // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router.l4:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Destination
-	9,  // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router.l7:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Destination
-	10, // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router.sni:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.SNIDestination
-	13, // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.Router.inbound_tls:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
-	14, // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.Match.destination_port:type_name -> google.protobuf.UInt32Value
-	7,  // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.Match.prefix_ranges:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CidrRange
-	7,  // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.Match.source_prefix_ranges:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CidrRange
-	14, // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.CidrRange.prefix_len:type_name -> google.protobuf.UInt32Value
-	15, // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Destination.intentions:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L4Intention
-	3,  // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Destination.protocol:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Protocol
-	16, // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Destination.intentions:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L7Intention
-	19, // [19:19] is the sub-list for method output_type
-	19, // [19:19] is the sub-list for method input_type
-	19, // [19:19] is the sub-list for extension type_name
-	19, // [19:19] is the sub-list for extension extendee
-	0,  // [0:19] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_pbproxystate_listener_proto_init() }
-func file_pbmesh_v1alpha1_pbproxystate_listener_proto_init() {
-	if File_pbmesh_v1alpha1_pbproxystate_listener_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_pbproxystate_address_proto_init()
-	file_pbmesh_v1alpha1_pbproxystate_intentions_proto_init()
-	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Listener); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Router); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Match); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CidrRange); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L4Destination); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*L7Destination); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SNIDestination); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[0].OneofWrappers = []interface{}{
-		(*Listener_HostPort)(nil),
-		(*Listener_UnixSocket)(nil),
-	}
-	file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes[1].OneofWrappers = []interface{}{
-		(*Router_L4)(nil),
-		(*Router_L7)(nil),
-		(*Router_Sni)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDesc,
-			NumEnums:      4,
-			NumMessages:   7,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_listener_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_listener_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_listener_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_listener_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_pbproxystate_listener_proto = out.File
-	file_pbmesh_v1alpha1_pbproxystate_listener_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_pbproxystate_listener_proto_goTypes = nil
-	file_pbmesh_v1alpha1_pbproxystate_listener_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
deleted file mode 100644
index d4a4dcda9f35..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/listener.proto
+++ /dev/null
@@ -1,132 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1.pbproxystate;
-
-import "google/protobuf/wrappers.proto";
-import "pbmesh/v1alpha1/pbproxystate/address.proto";
-import "pbmesh/v1alpha1/pbproxystate/intentions.proto";
-import "pbmesh/v1alpha1/pbproxystate/transport_socket.proto";
-
-message Listener {
-  // name is the name of the listener.
-  string name = 1;
-  // direction tells the listener the direction of traffic.
-  Direction direction = 2;
-  // bind_address describes where to listen.
-  oneof bind_address {
-    HostPortAddress host_port = 3;
-    UnixSocketAddress unix_socket = 4;
-  }
-
-  // routers describes how to route traffic from this listener.
-  repeated Router routers = 5;
-  // default_router describes where to route if none of the other router matches match the connection.
-  Router default_router = 6;
-  // capabilities describe Envoy proxy functionality to enable. These map closely to Envoy listener filters.
-  repeated Capability capabilities = 7;
-  // balance_connections configures how the listener should balance connections.
-  BalanceConnections balance_connections = 8;
-  // escape_hatch_listener_json configures a user configured escape hatch listener.
-  string escape_hatch_listener = 9;
-  // use_escape_hatch_tracing configures whether to use the top level user configured tracing escape hatch for this listener.
-  bool use_escape_hatch_tracing = 10;
-}
-
-enum Direction {
-  // DIRECTION_UNSPECIFIED is used by mesh gateway listeners.
-  DIRECTION_UNSPECIFIED = 0;
-  DIRECTION_INBOUND = 1;
-  DIRECTION_OUTBOUND = 2;
-}
-
-enum BalanceConnections {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  BALANCE_CONNECTIONS_DEFAULT = 0;
-  BALANCE_CONNECTIONS_EXACT = 1;
-}
-
-// Capabilities map to proxy functionality to enable. These enable tproxy, l7 protocol/alpn inspection, or l4 sni/alpn inspection.
-enum Capability {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  CAPABILITY_TRANSPARENT = 0;
-  CAPABILITY_L7_PROTOCOL_INSPECTION = 1;
-  CAPABILITY_L4_TLS_INSPECTION = 2;
-}
-
-message Router {
-  // match specifies how to match traffic coming into this listener. If the traffic matches, it will be routed to the
-  // destination.
-  Match match = 1;
-  oneof destination {
-    // l4 is an l4 destination to route to, which will have a reference to a cluster.
-    L4Destination l4 = 2;
-    // l7 is an l7 destination to route to, which will have a reference to a route.
-    L7Destination l7 = 3;
-    // sni is an SNI destination, which means there will be no references, but the SNI name will be tied to the cluster
-    // name, so we should generate all clusters.
-    SNIDestination sni = 4;
-  }
-  // inbound_tls is used by inbound listeners that terminate TLS.
-  TransportSocket inbound_tls = 5;
-}
-
-message Match {
-  google.protobuf.UInt32Value destination_port = 1;
-  repeated CidrRange prefix_ranges = 2;
-  repeated CidrRange source_prefix_ranges = 3;
-  // server_names matches based on SNI of the incoming request.
-  repeated string server_names = 4;
-}
-
-message CidrRange {
-  string address_prefix = 1;
-  google.protobuf.UInt32Value prefix_len = 2;
-}
-
-message L4Destination {
-  // name is a key in the top level clusters map. This specifies which cluster to go to in this L4 destination.
-  string name = 1;
-  // stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
-  string stat_prefix = 2;
-  // intentions is a list of intentions for this destination.
-  repeated L4Intention intentions = 3;
-  // add_empty_intention specifies whether to add an empty intention for this destination, when there are no other intentions specified.
-  bool add_empty_intention = 4;
-  // max_inbound_connections specifies how many connections this destination can accept.
-  uint64 max_inbound_connections = 5;
-}
-
-message L7Destination {
-  // name is a key in the top level routes map. This specifies which route to go to in this L7 destination.
-  string name = 1;
-  // stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
-  string stat_prefix = 2;
-  // protocol for the destination.
-  L7Protocol protocol = 3;
-  // intentions is a list of intentions for this destination.
-  repeated L7Intention intentions = 4;
-  // add_empty_intention specifies whether to add an empty intention for this destination, when there are no other intentions specified.
-  bool add_empty_intention = 5;
-  // include_xfcc specifies whether to add xfcc header.
-  bool include_xfcc = 6;
-  // static_route specifies whether this is a static route that is inlined in the listener filter. This is required to
-  // match existing xds config.
-  bool static_route = 7;
-  // max_inbound_connections specifies how many connections this destination can accept.
-  uint64 max_inbound_connections = 8;
-}
-
-enum L7Protocol {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  L7_PROTOCOL_HTTP = 0;
-  L7_PROTOCOL_HTTP2 = 1;
-  L7_PROTOCOL_GRPC = 2;
-}
-
-message SNIDestination {
-  // stat_prefix is for compatibility with v1 xds configuration, so it is generated in exactly the same way.
-  string stat_prefix = 1;
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.binary.go
deleted file mode 100644
index 5d42cb386296..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.binary.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/pbproxystate/references.proto
-
-package pbproxystate
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *LeafCertificateRef) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *LeafCertificateRef) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *TrustBundleRef) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *TrustBundleRef) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *EndpointRef) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *EndpointRef) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
deleted file mode 100644
index cee7c44bc46b..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/references.pb.go
+++ /dev/null
@@ -1,371 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/pbproxystate/references.proto
-
-package pbproxystate
-
-import (
-	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type LeafCertificateRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name       string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Namespace  string   `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
-	Partition  string   `protobuf:"bytes,3,opt,name=partition,proto3" json:"partition,omitempty"`
-	Host       string   `protobuf:"bytes,4,opt,name=host,proto3" json:"host,omitempty"`
-	Datacenter string   `protobuf:"bytes,5,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
-	DnsSan     []string `protobuf:"bytes,6,rep,name=dns_san,json=dnsSan,proto3" json:"dns_san,omitempty"`
-}
-
-func (x *LeafCertificateRef) Reset() {
-	*x = LeafCertificateRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LeafCertificateRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LeafCertificateRef) ProtoMessage() {}
-
-func (x *LeafCertificateRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LeafCertificateRef.ProtoReflect.Descriptor instead.
-func (*LeafCertificateRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *LeafCertificateRef) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *LeafCertificateRef) GetNamespace() string {
-	if x != nil {
-		return x.Namespace
-	}
-	return ""
-}
-
-func (x *LeafCertificateRef) GetPartition() string {
-	if x != nil {
-		return x.Partition
-	}
-	return ""
-}
-
-func (x *LeafCertificateRef) GetHost() string {
-	if x != nil {
-		return x.Host
-	}
-	return ""
-}
-
-func (x *LeafCertificateRef) GetDatacenter() string {
-	if x != nil {
-		return x.Datacenter
-	}
-	return ""
-}
-
-func (x *LeafCertificateRef) GetDnsSan() []string {
-	if x != nil {
-		return x.DnsSan
-	}
-	return nil
-}
-
-type TrustBundleRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Peer        string `protobuf:"bytes,1,opt,name=peer,proto3" json:"peer,omitempty"`
-	TrustDomain string `protobuf:"bytes,2,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
-}
-
-func (x *TrustBundleRef) Reset() {
-	*x = TrustBundleRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TrustBundleRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TrustBundleRef) ProtoMessage() {}
-
-func (x *TrustBundleRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TrustBundleRef.ProtoReflect.Descriptor instead.
-func (*TrustBundleRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *TrustBundleRef) GetPeer() string {
-	if x != nil {
-		return x.Peer
-	}
-	return ""
-}
-
-func (x *TrustBundleRef) GetTrustDomain() string {
-	if x != nil {
-		return x.TrustDomain
-	}
-	return ""
-}
-
-type EndpointRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// id is the ServiceEndpoints resource id.
-	Id *pbresource.ID `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	// port is the name of the port in the ServiceEndpoints to generate the Endpoints from.
-	Port string `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
-}
-
-func (x *EndpointRef) Reset() {
-	*x = EndpointRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *EndpointRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*EndpointRef) ProtoMessage() {}
-
-func (x *EndpointRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use EndpointRef.ProtoReflect.Descriptor instead.
-func (*EndpointRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *EndpointRef) GetId() *pbresource.ID {
-	if x != nil {
-		return x.Id
-	}
-	return nil
-}
-
-func (x *EndpointRef) GetPort() string {
-	if x != nil {
-		return x.Port
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_pbproxystate_references_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDesc = []byte{
-	0x0a, 0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x72,
-	0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
-	0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x1a, 0x19, 0x70, 0x62,
-	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb1, 0x01, 0x0a, 0x12, 0x4c, 0x65, 0x61, 0x66,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x66, 0x12, 0x12,
-	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65,
-	0x12, 0x1c, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12,
-	0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f,
-	0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74,
-	0x65, 0x72, 0x12, 0x17, 0x0a, 0x07, 0x64, 0x6e, 0x73, 0x5f, 0x73, 0x61, 0x6e, 0x18, 0x06, 0x20,
-	0x03, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6e, 0x73, 0x53, 0x61, 0x6e, 0x22, 0x47, 0x0a, 0x0e, 0x54,
-	0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x66, 0x12, 0x12, 0x0a,
-	0x04, 0x70, 0x65, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x65, 0x65,
-	0x72, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69,
-	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f,
-	0x6d, 0x61, 0x69, 0x6e, 0x22, 0x50, 0x0a, 0x0b, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
-	0x52, 0x65, 0x66, 0x12, 0x2d, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x1d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x49, 0x44, 0x52, 0x02,
-	0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x42, 0xdb, 0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x0f, 0x52, 0x65, 0x66, 0x65,
-	0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67,
-	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
-	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68,
-	0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
-var file_pbmesh_v1alpha1_pbproxystate_references_proto_goTypes = []interface{}{
-	(*LeafCertificateRef)(nil), // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificateRef
-	(*TrustBundleRef)(nil),     // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundleRef
-	(*EndpointRef)(nil),        // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointRef
-	(*pbresource.ID)(nil),      // 3: hashicorp.consul.resource.ID
-}
-var file_pbmesh_v1alpha1_pbproxystate_references_proto_depIdxs = []int32{
-	3, // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointRef.id:type_name -> hashicorp.consul.resource.ID
-	1, // [1:1] is the sub-list for method output_type
-	1, // [1:1] is the sub-list for method input_type
-	1, // [1:1] is the sub-list for extension type_name
-	1, // [1:1] is the sub-list for extension extendee
-	0, // [0:1] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_pbproxystate_references_proto_init() }
-func file_pbmesh_v1alpha1_pbproxystate_references_proto_init() {
-	if File_pbmesh_v1alpha1_pbproxystate_references_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LeafCertificateRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TrustBundleRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EndpointRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   3,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_references_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_references_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_references_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_pbproxystate_references_proto = out.File
-	file_pbmesh_v1alpha1_pbproxystate_references_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_pbproxystate_references_proto_goTypes = nil
-	file_pbmesh_v1alpha1_pbproxystate_references_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
deleted file mode 100644
index 3e2c1ddd45ca..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/references.proto
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1.pbproxystate;
-
-import "pbresource/resource.proto";
-
-message LeafCertificateRef {
-  string name = 1;
-  string namespace = 2;
-  string partition = 3;
-  string host = 4;
-  string datacenter = 5;
-  repeated string dns_san = 6;
-}
-
-message TrustBundleRef {
-  string peer = 1;
-  string trust_domain = 2;
-}
-
-message EndpointRef {
-  // id is the ServiceEndpoints resource id.
-  hashicorp.consul.resource.ID id = 1;
-  // port is the name of the port in the ServiceEndpoints to generate the Endpoints from.
-  string port = 2;
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.binary.go
deleted file mode 100644
index 5d6ba14ecc91..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.binary.go
+++ /dev/null
@@ -1,178 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/pbproxystate/route.proto
-
-package pbproxystate
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *Route) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *Route) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *VirtualHost) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *VirtualHost) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *RouteRule) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *RouteRule) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *RouteMatch) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *RouteMatch) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *PathMatch) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *PathMatch) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *QueryParameterMatch) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *QueryParameterMatch) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HeaderMatch) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HeaderMatch) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *RouteDestination) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *RouteDestination) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *DestinationConfiguration) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *DestinationConfiguration) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *RetryPolicy) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *RetryPolicy) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *TimeoutConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *TimeoutConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *LoadBalancerHashPolicy) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *LoadBalancerHashPolicy) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *CookiePolicy) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *CookiePolicy) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *HeaderPolicy) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *HeaderPolicy) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *QueryParameterPolicy) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *QueryParameterPolicy) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *ConnectionPropertiesPolicy) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *ConnectionPropertiesPolicy) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *DestinationCluster) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *DestinationCluster) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
deleted file mode 100644
index c6840dd18aaa..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/route.pb.go
+++ /dev/null
@@ -1,1891 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/pbproxystate/route.proto
-
-package pbproxystate
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	durationpb "google.golang.org/protobuf/types/known/durationpb"
-	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type Route struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// virtual_hosts is a list of virtual hosts. A virtual host is selected based on an incoming request's host header.
-	VirtualHosts []*VirtualHost `protobuf:"bytes,1,rep,name=virtual_hosts,json=virtualHosts,proto3" json:"virtual_hosts,omitempty"`
-}
-
-func (x *Route) Reset() {
-	*x = Route{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Route) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Route) ProtoMessage() {}
-
-func (x *Route) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Route.ProtoReflect.Descriptor instead.
-func (*Route) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Route) GetVirtualHosts() []*VirtualHost {
-	if x != nil {
-		return x.VirtualHosts
-	}
-	return nil
-}
-
-type VirtualHost struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// domains are used to match an incoming request's host header and determine which virtual host to use.
-	Domains []string `protobuf:"bytes,2,rep,name=domains,proto3" json:"domains,omitempty"`
-	// header_mutations to apply to the request when it matches this virtual host. These are applied after any headers in
-	// the RouteRule.
-	HeaderMutations []*HeaderMutation `protobuf:"bytes,3,rep,name=header_mutations,json=headerMutations,proto3" json:"header_mutations,omitempty"`
-	// route_rules are a list of rules to use for what to do next with this request. The first rule with a match will be
-	// used.
-	RouteRules []*RouteRule `protobuf:"bytes,4,rep,name=route_rules,json=routeRules,proto3" json:"route_rules,omitempty"`
-}
-
-func (x *VirtualHost) Reset() {
-	*x = VirtualHost{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *VirtualHost) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*VirtualHost) ProtoMessage() {}
-
-func (x *VirtualHost) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use VirtualHost.ProtoReflect.Descriptor instead.
-func (*VirtualHost) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *VirtualHost) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *VirtualHost) GetDomains() []string {
-	if x != nil {
-		return x.Domains
-	}
-	return nil
-}
-
-func (x *VirtualHost) GetHeaderMutations() []*HeaderMutation {
-	if x != nil {
-		return x.HeaderMutations
-	}
-	return nil
-}
-
-func (x *VirtualHost) GetRouteRules() []*RouteRule {
-	if x != nil {
-		return x.RouteRules
-	}
-	return nil
-}
-
-type RouteRule struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// match determines how to match the request. The first match determines which destination the request will go to.
-	Match *RouteMatch `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"`
-	// destination is where to send the request to.
-	Destination *RouteDestination `protobuf:"bytes,2,opt,name=destination,proto3" json:"destination,omitempty"`
-	// header_mutations to apply to the request. These are applied before the VirtualHost header mutations.
-	HeaderMutations []*HeaderMutation `protobuf:"bytes,3,rep,name=header_mutations,json=headerMutations,proto3" json:"header_mutations,omitempty"`
-}
-
-func (x *RouteRule) Reset() {
-	*x = RouteRule{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RouteRule) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RouteRule) ProtoMessage() {}
-
-func (x *RouteRule) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RouteRule.ProtoReflect.Descriptor instead.
-func (*RouteRule) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *RouteRule) GetMatch() *RouteMatch {
-	if x != nil {
-		return x.Match
-	}
-	return nil
-}
-
-func (x *RouteRule) GetDestination() *RouteDestination {
-	if x != nil {
-		return x.Destination
-	}
-	return nil
-}
-
-func (x *RouteRule) GetHeaderMutations() []*HeaderMutation {
-	if x != nil {
-		return x.HeaderMutations
-	}
-	return nil
-}
-
-// RouteMatch has configuration to match a request.
-type RouteMatch struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	PathMatch             *PathMatch             `protobuf:"bytes,1,opt,name=path_match,json=pathMatch,proto3" json:"path_match,omitempty"`
-	HeaderMatches         []*HeaderMatch         `protobuf:"bytes,2,rep,name=header_matches,json=headerMatches,proto3" json:"header_matches,omitempty"`
-	MethodMatches         []string               `protobuf:"bytes,3,rep,name=method_matches,json=methodMatches,proto3" json:"method_matches,omitempty"`
-	QueryParameterMatches []*QueryParameterMatch `protobuf:"bytes,4,rep,name=query_parameter_matches,json=queryParameterMatches,proto3" json:"query_parameter_matches,omitempty"`
-}
-
-func (x *RouteMatch) Reset() {
-	*x = RouteMatch{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RouteMatch) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RouteMatch) ProtoMessage() {}
-
-func (x *RouteMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RouteMatch.ProtoReflect.Descriptor instead.
-func (*RouteMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *RouteMatch) GetPathMatch() *PathMatch {
-	if x != nil {
-		return x.PathMatch
-	}
-	return nil
-}
-
-func (x *RouteMatch) GetHeaderMatches() []*HeaderMatch {
-	if x != nil {
-		return x.HeaderMatches
-	}
-	return nil
-}
-
-func (x *RouteMatch) GetMethodMatches() []string {
-	if x != nil {
-		return x.MethodMatches
-	}
-	return nil
-}
-
-func (x *RouteMatch) GetQueryParameterMatches() []*QueryParameterMatch {
-	if x != nil {
-		return x.QueryParameterMatches
-	}
-	return nil
-}
-
-type PathMatch struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Types that are assignable to PathMatch:
-	//
-	//	*PathMatch_Exact
-	//	*PathMatch_Prefix
-	//	*PathMatch_Regex
-	PathMatch isPathMatch_PathMatch `protobuf_oneof:"path_match"`
-}
-
-func (x *PathMatch) Reset() {
-	*x = PathMatch{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *PathMatch) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*PathMatch) ProtoMessage() {}
-
-func (x *PathMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use PathMatch.ProtoReflect.Descriptor instead.
-func (*PathMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{4}
-}
-
-func (m *PathMatch) GetPathMatch() isPathMatch_PathMatch {
-	if m != nil {
-		return m.PathMatch
-	}
-	return nil
-}
-
-func (x *PathMatch) GetExact() string {
-	if x, ok := x.GetPathMatch().(*PathMatch_Exact); ok {
-		return x.Exact
-	}
-	return ""
-}
-
-func (x *PathMatch) GetPrefix() string {
-	if x, ok := x.GetPathMatch().(*PathMatch_Prefix); ok {
-		return x.Prefix
-	}
-	return ""
-}
-
-func (x *PathMatch) GetRegex() string {
-	if x, ok := x.GetPathMatch().(*PathMatch_Regex); ok {
-		return x.Regex
-	}
-	return ""
-}
-
-type isPathMatch_PathMatch interface {
-	isPathMatch_PathMatch()
-}
-
-type PathMatch_Exact struct {
-	Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"`
-}
-
-type PathMatch_Prefix struct {
-	Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"`
-}
-
-type PathMatch_Regex struct {
-	Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"`
-}
-
-func (*PathMatch_Exact) isPathMatch_PathMatch() {}
-
-func (*PathMatch_Prefix) isPathMatch_PathMatch() {}
-
-func (*PathMatch_Regex) isPathMatch_PathMatch() {}
-
-type QueryParameterMatch struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// Types that are assignable to Match:
-	//
-	//	*QueryParameterMatch_Exact
-	//	*QueryParameterMatch_Regex
-	//	*QueryParameterMatch_Present
-	Match isQueryParameterMatch_Match `protobuf_oneof:"match"`
-}
-
-func (x *QueryParameterMatch) Reset() {
-	*x = QueryParameterMatch{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *QueryParameterMatch) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*QueryParameterMatch) ProtoMessage() {}
-
-func (x *QueryParameterMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use QueryParameterMatch.ProtoReflect.Descriptor instead.
-func (*QueryParameterMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *QueryParameterMatch) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (m *QueryParameterMatch) GetMatch() isQueryParameterMatch_Match {
-	if m != nil {
-		return m.Match
-	}
-	return nil
-}
-
-func (x *QueryParameterMatch) GetExact() string {
-	if x, ok := x.GetMatch().(*QueryParameterMatch_Exact); ok {
-		return x.Exact
-	}
-	return ""
-}
-
-func (x *QueryParameterMatch) GetRegex() string {
-	if x, ok := x.GetMatch().(*QueryParameterMatch_Regex); ok {
-		return x.Regex
-	}
-	return ""
-}
-
-func (x *QueryParameterMatch) GetPresent() bool {
-	if x, ok := x.GetMatch().(*QueryParameterMatch_Present); ok {
-		return x.Present
-	}
-	return false
-}
-
-type isQueryParameterMatch_Match interface {
-	isQueryParameterMatch_Match()
-}
-
-type QueryParameterMatch_Exact struct {
-	Exact string `protobuf:"bytes,2,opt,name=exact,proto3,oneof"`
-}
-
-type QueryParameterMatch_Regex struct {
-	Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"`
-}
-
-type QueryParameterMatch_Present struct {
-	Present bool `protobuf:"varint,4,opt,name=present,proto3,oneof"`
-}
-
-func (*QueryParameterMatch_Exact) isQueryParameterMatch_Match() {}
-
-func (*QueryParameterMatch_Regex) isQueryParameterMatch_Match() {}
-
-func (*QueryParameterMatch_Present) isQueryParameterMatch_Match() {}
-
-type HeaderMatch struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// Types that are assignable to Match:
-	//
-	//	*HeaderMatch_Exact
-	//	*HeaderMatch_Prefix
-	//	*HeaderMatch_Suffix
-	//	*HeaderMatch_Regex
-	//	*HeaderMatch_Present
-	Match       isHeaderMatch_Match `protobuf_oneof:"match"`
-	InvertMatch bool                `protobuf:"varint,7,opt,name=invert_match,json=invertMatch,proto3" json:"invert_match,omitempty"`
-}
-
-func (x *HeaderMatch) Reset() {
-	*x = HeaderMatch{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HeaderMatch) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HeaderMatch) ProtoMessage() {}
-
-func (x *HeaderMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HeaderMatch.ProtoReflect.Descriptor instead.
-func (*HeaderMatch) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *HeaderMatch) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (m *HeaderMatch) GetMatch() isHeaderMatch_Match {
-	if m != nil {
-		return m.Match
-	}
-	return nil
-}
-
-func (x *HeaderMatch) GetExact() string {
-	if x, ok := x.GetMatch().(*HeaderMatch_Exact); ok {
-		return x.Exact
-	}
-	return ""
-}
-
-func (x *HeaderMatch) GetPrefix() string {
-	if x, ok := x.GetMatch().(*HeaderMatch_Prefix); ok {
-		return x.Prefix
-	}
-	return ""
-}
-
-func (x *HeaderMatch) GetSuffix() string {
-	if x, ok := x.GetMatch().(*HeaderMatch_Suffix); ok {
-		return x.Suffix
-	}
-	return ""
-}
-
-func (x *HeaderMatch) GetRegex() string {
-	if x, ok := x.GetMatch().(*HeaderMatch_Regex); ok {
-		return x.Regex
-	}
-	return ""
-}
-
-func (x *HeaderMatch) GetPresent() bool {
-	if x, ok := x.GetMatch().(*HeaderMatch_Present); ok {
-		return x.Present
-	}
-	return false
-}
-
-func (x *HeaderMatch) GetInvertMatch() bool {
-	if x != nil {
-		return x.InvertMatch
-	}
-	return false
-}
-
-type isHeaderMatch_Match interface {
-	isHeaderMatch_Match()
-}
-
-type HeaderMatch_Exact struct {
-	Exact string `protobuf:"bytes,2,opt,name=exact,proto3,oneof"`
-}
-
-type HeaderMatch_Prefix struct {
-	Prefix string `protobuf:"bytes,3,opt,name=prefix,proto3,oneof"`
-}
-
-type HeaderMatch_Suffix struct {
-	Suffix string `protobuf:"bytes,4,opt,name=suffix,proto3,oneof"`
-}
-
-type HeaderMatch_Regex struct {
-	Regex string `protobuf:"bytes,5,opt,name=regex,proto3,oneof"`
-}
-
-type HeaderMatch_Present struct {
-	Present bool `protobuf:"varint,6,opt,name=present,proto3,oneof"`
-}
-
-func (*HeaderMatch_Exact) isHeaderMatch_Match() {}
-
-func (*HeaderMatch_Prefix) isHeaderMatch_Match() {}
-
-func (*HeaderMatch_Suffix) isHeaderMatch_Match() {}
-
-func (*HeaderMatch_Regex) isHeaderMatch_Match() {}
-
-func (*HeaderMatch_Present) isHeaderMatch_Match() {}
-
-// RouteDestination has configuration for where to send a request.
-type RouteDestination struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// destination is one or more clusters to route to.
-	//
-	// Types that are assignable to Destination:
-	//
-	//	*RouteDestination_Cluster
-	//	*RouteDestination_WeightedClusters
-	Destination              isRouteDestination_Destination `protobuf_oneof:"destination"`
-	DestinationConfiguration *DestinationConfiguration      `protobuf:"bytes,3,opt,name=destination_configuration,json=destinationConfiguration,proto3" json:"destination_configuration,omitempty"`
-}
-
-func (x *RouteDestination) Reset() {
-	*x = RouteDestination{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RouteDestination) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RouteDestination) ProtoMessage() {}
-
-func (x *RouteDestination) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RouteDestination.ProtoReflect.Descriptor instead.
-func (*RouteDestination) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{7}
-}
-
-func (m *RouteDestination) GetDestination() isRouteDestination_Destination {
-	if m != nil {
-		return m.Destination
-	}
-	return nil
-}
-
-func (x *RouteDestination) GetCluster() *DestinationCluster {
-	if x, ok := x.GetDestination().(*RouteDestination_Cluster); ok {
-		return x.Cluster
-	}
-	return nil
-}
-
-func (x *RouteDestination) GetWeightedClusters() *L7WeightedClusterGroup {
-	if x, ok := x.GetDestination().(*RouteDestination_WeightedClusters); ok {
-		return x.WeightedClusters
-	}
-	return nil
-}
-
-func (x *RouteDestination) GetDestinationConfiguration() *DestinationConfiguration {
-	if x != nil {
-		return x.DestinationConfiguration
-	}
-	return nil
-}
-
-type isRouteDestination_Destination interface {
-	isRouteDestination_Destination()
-}
-
-type RouteDestination_Cluster struct {
-	Cluster *DestinationCluster `protobuf:"bytes,1,opt,name=cluster,proto3,oneof"`
-}
-
-type RouteDestination_WeightedClusters struct {
-	WeightedClusters *L7WeightedClusterGroup `protobuf:"bytes,2,opt,name=weighted_clusters,json=weightedClusters,proto3,oneof"`
-}
-
-func (*RouteDestination_Cluster) isRouteDestination_Destination() {}
-
-func (*RouteDestination_WeightedClusters) isRouteDestination_Destination() {}
-
-type DestinationConfiguration struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	AutoHostRewrite *wrapperspb.BoolValue     `protobuf:"bytes,1,opt,name=auto_host_rewrite,json=autoHostRewrite,proto3" json:"auto_host_rewrite,omitempty"`
-	HashPolicies    []*LoadBalancerHashPolicy `protobuf:"bytes,2,rep,name=hash_policies,json=hashPolicies,proto3" json:"hash_policies,omitempty"`
-	TimeoutConfig   *TimeoutConfig            `protobuf:"bytes,3,opt,name=timeout_config,json=timeoutConfig,proto3" json:"timeout_config,omitempty"`
-	PrefixRewrite   string                    `protobuf:"bytes,4,opt,name=prefix_rewrite,json=prefixRewrite,proto3" json:"prefix_rewrite,omitempty"`
-	RetryPolicy     *RetryPolicy              `protobuf:"bytes,5,opt,name=retry_policy,json=retryPolicy,proto3" json:"retry_policy,omitempty"`
-}
-
-func (x *DestinationConfiguration) Reset() {
-	*x = DestinationConfiguration{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *DestinationConfiguration) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*DestinationConfiguration) ProtoMessage() {}
-
-func (x *DestinationConfiguration) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use DestinationConfiguration.ProtoReflect.Descriptor instead.
-func (*DestinationConfiguration) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{8}
-}
-
-func (x *DestinationConfiguration) GetAutoHostRewrite() *wrapperspb.BoolValue {
-	if x != nil {
-		return x.AutoHostRewrite
-	}
-	return nil
-}
-
-func (x *DestinationConfiguration) GetHashPolicies() []*LoadBalancerHashPolicy {
-	if x != nil {
-		return x.HashPolicies
-	}
-	return nil
-}
-
-func (x *DestinationConfiguration) GetTimeoutConfig() *TimeoutConfig {
-	if x != nil {
-		return x.TimeoutConfig
-	}
-	return nil
-}
-
-func (x *DestinationConfiguration) GetPrefixRewrite() string {
-	if x != nil {
-		return x.PrefixRewrite
-	}
-	return ""
-}
-
-func (x *DestinationConfiguration) GetRetryPolicy() *RetryPolicy {
-	if x != nil {
-		return x.RetryPolicy
-	}
-	return nil
-}
-
-type RetryPolicy struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RetryOn              string                  `protobuf:"bytes,1,opt,name=retry_on,json=retryOn,proto3" json:"retry_on,omitempty"`
-	NumRetries           *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=num_retries,json=numRetries,proto3" json:"num_retries,omitempty"`
-	RetriableStatusCodes []uint32                `protobuf:"varint,3,rep,packed,name=retriable_status_codes,json=retriableStatusCodes,proto3" json:"retriable_status_codes,omitempty"`
-}
-
-func (x *RetryPolicy) Reset() {
-	*x = RetryPolicy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[9]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RetryPolicy) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RetryPolicy) ProtoMessage() {}
-
-func (x *RetryPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[9]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RetryPolicy.ProtoReflect.Descriptor instead.
-func (*RetryPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{9}
-}
-
-func (x *RetryPolicy) GetRetryOn() string {
-	if x != nil {
-		return x.RetryOn
-	}
-	return ""
-}
-
-func (x *RetryPolicy) GetNumRetries() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.NumRetries
-	}
-	return nil
-}
-
-func (x *RetryPolicy) GetRetriableStatusCodes() []uint32 {
-	if x != nil {
-		return x.RetriableStatusCodes
-	}
-	return nil
-}
-
-type TimeoutConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Timeout     *durationpb.Duration `protobuf:"bytes,1,opt,name=timeout,proto3" json:"timeout,omitempty"`
-	IdleTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"`
-}
-
-func (x *TimeoutConfig) Reset() {
-	*x = TimeoutConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[10]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TimeoutConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TimeoutConfig) ProtoMessage() {}
-
-func (x *TimeoutConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[10]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TimeoutConfig.ProtoReflect.Descriptor instead.
-func (*TimeoutConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{10}
-}
-
-func (x *TimeoutConfig) GetTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.Timeout
-	}
-	return nil
-}
-
-func (x *TimeoutConfig) GetIdleTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.IdleTimeout
-	}
-	return nil
-}
-
-type LoadBalancerHashPolicy struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Types that are assignable to Policy:
-	//
-	//	*LoadBalancerHashPolicy_Cookie
-	//	*LoadBalancerHashPolicy_Header
-	//	*LoadBalancerHashPolicy_QueryParameter
-	//	*LoadBalancerHashPolicy_ConnectionProperties
-	Policy isLoadBalancerHashPolicy_Policy `protobuf_oneof:"policy"`
-}
-
-func (x *LoadBalancerHashPolicy) Reset() {
-	*x = LoadBalancerHashPolicy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[11]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LoadBalancerHashPolicy) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LoadBalancerHashPolicy) ProtoMessage() {}
-
-func (x *LoadBalancerHashPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[11]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LoadBalancerHashPolicy.ProtoReflect.Descriptor instead.
-func (*LoadBalancerHashPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{11}
-}
-
-func (m *LoadBalancerHashPolicy) GetPolicy() isLoadBalancerHashPolicy_Policy {
-	if m != nil {
-		return m.Policy
-	}
-	return nil
-}
-
-func (x *LoadBalancerHashPolicy) GetCookie() *CookiePolicy {
-	if x, ok := x.GetPolicy().(*LoadBalancerHashPolicy_Cookie); ok {
-		return x.Cookie
-	}
-	return nil
-}
-
-func (x *LoadBalancerHashPolicy) GetHeader() *HeaderPolicy {
-	if x, ok := x.GetPolicy().(*LoadBalancerHashPolicy_Header); ok {
-		return x.Header
-	}
-	return nil
-}
-
-func (x *LoadBalancerHashPolicy) GetQueryParameter() *QueryParameterPolicy {
-	if x, ok := x.GetPolicy().(*LoadBalancerHashPolicy_QueryParameter); ok {
-		return x.QueryParameter
-	}
-	return nil
-}
-
-func (x *LoadBalancerHashPolicy) GetConnectionProperties() *ConnectionPropertiesPolicy {
-	if x, ok := x.GetPolicy().(*LoadBalancerHashPolicy_ConnectionProperties); ok {
-		return x.ConnectionProperties
-	}
-	return nil
-}
-
-type isLoadBalancerHashPolicy_Policy interface {
-	isLoadBalancerHashPolicy_Policy()
-}
-
-type LoadBalancerHashPolicy_Cookie struct {
-	Cookie *CookiePolicy `protobuf:"bytes,1,opt,name=cookie,proto3,oneof"`
-}
-
-type LoadBalancerHashPolicy_Header struct {
-	Header *HeaderPolicy `protobuf:"bytes,2,opt,name=header,proto3,oneof"`
-}
-
-type LoadBalancerHashPolicy_QueryParameter struct {
-	QueryParameter *QueryParameterPolicy `protobuf:"bytes,3,opt,name=query_parameter,json=queryParameter,proto3,oneof"`
-}
-
-type LoadBalancerHashPolicy_ConnectionProperties struct {
-	ConnectionProperties *ConnectionPropertiesPolicy `protobuf:"bytes,4,opt,name=connection_properties,json=connectionProperties,proto3,oneof"`
-}
-
-func (*LoadBalancerHashPolicy_Cookie) isLoadBalancerHashPolicy_Policy() {}
-
-func (*LoadBalancerHashPolicy_Header) isLoadBalancerHashPolicy_Policy() {}
-
-func (*LoadBalancerHashPolicy_QueryParameter) isLoadBalancerHashPolicy_Policy() {}
-
-func (*LoadBalancerHashPolicy_ConnectionProperties) isLoadBalancerHashPolicy_Policy() {}
-
-type CookiePolicy struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name     string               `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Ttl      *durationpb.Duration `protobuf:"bytes,2,opt,name=ttl,proto3" json:"ttl,omitempty"`
-	Path     string               `protobuf:"bytes,3,opt,name=path,proto3" json:"path,omitempty"`
-	Terminal bool                 `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
-}
-
-func (x *CookiePolicy) Reset() {
-	*x = CookiePolicy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[12]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CookiePolicy) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CookiePolicy) ProtoMessage() {}
-
-func (x *CookiePolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[12]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CookiePolicy.ProtoReflect.Descriptor instead.
-func (*CookiePolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{12}
-}
-
-func (x *CookiePolicy) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *CookiePolicy) GetTtl() *durationpb.Duration {
-	if x != nil {
-		return x.Ttl
-	}
-	return nil
-}
-
-func (x *CookiePolicy) GetPath() string {
-	if x != nil {
-		return x.Path
-	}
-	return ""
-}
-
-func (x *CookiePolicy) GetTerminal() bool {
-	if x != nil {
-		return x.Terminal
-	}
-	return false
-}
-
-type HeaderPolicy struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name     string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Terminal bool   `protobuf:"varint,2,opt,name=terminal,proto3" json:"terminal,omitempty"`
-}
-
-func (x *HeaderPolicy) Reset() {
-	*x = HeaderPolicy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[13]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HeaderPolicy) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HeaderPolicy) ProtoMessage() {}
-
-func (x *HeaderPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[13]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HeaderPolicy.ProtoReflect.Descriptor instead.
-func (*HeaderPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{13}
-}
-
-func (x *HeaderPolicy) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *HeaderPolicy) GetTerminal() bool {
-	if x != nil {
-		return x.Terminal
-	}
-	return false
-}
-
-type QueryParameterPolicy struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name     string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Terminal bool   `protobuf:"varint,2,opt,name=terminal,proto3" json:"terminal,omitempty"`
-}
-
-func (x *QueryParameterPolicy) Reset() {
-	*x = QueryParameterPolicy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[14]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *QueryParameterPolicy) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*QueryParameterPolicy) ProtoMessage() {}
-
-func (x *QueryParameterPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[14]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use QueryParameterPolicy.ProtoReflect.Descriptor instead.
-func (*QueryParameterPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{14}
-}
-
-func (x *QueryParameterPolicy) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *QueryParameterPolicy) GetTerminal() bool {
-	if x != nil {
-		return x.Terminal
-	}
-	return false
-}
-
-type ConnectionPropertiesPolicy struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	SourceIp bool `protobuf:"varint,1,opt,name=source_ip,json=sourceIp,proto3" json:"source_ip,omitempty"`
-	Terminal bool `protobuf:"varint,2,opt,name=terminal,proto3" json:"terminal,omitempty"`
-}
-
-func (x *ConnectionPropertiesPolicy) Reset() {
-	*x = ConnectionPropertiesPolicy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[15]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ConnectionPropertiesPolicy) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ConnectionPropertiesPolicy) ProtoMessage() {}
-
-func (x *ConnectionPropertiesPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[15]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ConnectionPropertiesPolicy.ProtoReflect.Descriptor instead.
-func (*ConnectionPropertiesPolicy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{15}
-}
-
-func (x *ConnectionPropertiesPolicy) GetSourceIp() bool {
-	if x != nil {
-		return x.SourceIp
-	}
-	return false
-}
-
-func (x *ConnectionPropertiesPolicy) GetTerminal() bool {
-	if x != nil {
-		return x.Terminal
-	}
-	return false
-}
-
-type DestinationCluster struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name is the name of the cluster. This will be used to look up a cluster in the clusters map.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-}
-
-func (x *DestinationCluster) Reset() {
-	*x = DestinationCluster{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[16]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *DestinationCluster) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*DestinationCluster) ProtoMessage() {}
-
-func (x *DestinationCluster) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[16]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use DestinationCluster.ProtoReflect.Descriptor instead.
-func (*DestinationCluster) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP(), []int{16}
-}
-
-func (x *DestinationCluster) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_pbproxystate_route_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDesc = []byte{
-	0x0a, 0x28, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x72,
-	0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72,
-	0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2a, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x1a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x66, 0x0a, 0x05, 0x52, 0x6f, 0x75, 0x74,
-	0x65, 0x12, 0x5d, 0x0a, 0x0d, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x68, 0x6f, 0x73,
-	0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f,
-	0x73, 0x74, 0x52, 0x0c, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x73,
-	0x22, 0xfc, 0x01, 0x0a, 0x0b, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74,
-	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18,
-	0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x12, 0x66,
-	0x0a, 0x10, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x57, 0x0a, 0x0b, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f,
-	0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52,
-	0x75, 0x6c, 0x65, 0x52, 0x0a, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x22,
-	0xa3, 0x02, 0x0a, 0x09, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x4d, 0x0a,
-	0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x5f, 0x0a, 0x0b,
-	0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e,
-	0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x66, 0x0a,
-	0x10, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe5, 0x02, 0x0a, 0x0a, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x12, 0x55, 0x0a, 0x0a, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x6d, 0x61, 0x74,
-	0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x52, 0x09, 0x70, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x5f, 0x0a, 0x0e, 0x68,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x0d, 0x68,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e,
-	0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x03,
-	0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x65, 0x73, 0x12, 0x78, 0x0a, 0x17, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72,
-	0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x04,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
-	0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x15, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72,
-	0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x22, 0x63, 0x0a,
-	0x09, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78,
-	0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61,
-	0x63, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x05,
-	0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x72,
-	0x65, 0x67, 0x65, 0x78, 0x42, 0x0c, 0x0a, 0x0a, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x6d, 0x61, 0x74,
-	0x63, 0x68, 0x22, 0x7e, 0x0a, 0x13, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d,
-	0x65, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a,
-	0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05,
-	0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x12, 0x1a, 0x0a,
-	0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00,
-	0x52, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x42, 0x07, 0x0a, 0x05, 0x6d, 0x61, 0x74,
-	0x63, 0x68, 0x22, 0xcd, 0x01, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x18,
-	0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00,
-	0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x75, 0x66, 0x66,
-	0x69, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x75, 0x66, 0x66,
-	0x69, 0x78, 0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28,
-	0x09, 0x48, 0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x12, 0x1a, 0x0a, 0x07, 0x70, 0x72,
-	0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x07, 0x70,
-	0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x76, 0x65, 0x72, 0x74,
-	0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x6e,
-	0x76, 0x65, 0x72, 0x74, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x42, 0x07, 0x0a, 0x05, 0x6d, 0x61, 0x74,
-	0x63, 0x68, 0x22, 0xf7, 0x02, 0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74,
-	0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5b, 0x0a, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74,
-	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x48, 0x00, 0x52, 0x07, 0x63, 0x6c, 0x75,
-	0x73, 0x74, 0x65, 0x72, 0x12, 0x72, 0x0a, 0x11, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64,
-	0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37,
-	0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47,
-	0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x10, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64,
-	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x82, 0x01, 0x0a, 0x19, 0x64, 0x65, 0x73,
-	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69,
-	0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x18, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x0d, 0x0a,
-	0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xb3, 0x03, 0x0a,
-	0x18, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x11, 0x61, 0x75, 0x74,
-	0x6f, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x52, 0x0f, 0x61, 0x75, 0x74, 0x6f, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74,
-	0x65, 0x12, 0x68, 0x0a, 0x0d, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69,
-	0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e,
-	0x63, 0x65, 0x72, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0c, 0x68,
-	0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x61, 0x0a, 0x0e, 0x74,
-	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
-	0x0d, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25,
-	0x0a, 0x0e, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x52, 0x65,
-	0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x5b, 0x0a, 0x0c, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x70,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0b, 0x72, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x22, 0x9d, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x6f, 0x6e, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x3d, 0x0a,
-	0x0b, 0x6e, 0x75, 0x6d, 0x5f, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x52, 0x0a, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x16,
-	0x72, 0x65, 0x74, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x5f, 0x63, 0x6f, 0x64, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x14, 0x72, 0x65,
-	0x74, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64,
-	0x65, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, 0x6c,
-	0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, 0x65,
-	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0xba, 0x03, 0x0a, 0x16, 0x4c, 0x6f, 0x61, 0x64,
-	0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x12, 0x53, 0x0a, 0x06, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52,
-	0x06, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x53, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x48, 0x00, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x6c, 0x0a, 0x0f,
-	0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74,
-	0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52, 0x0e, 0x71, 0x75, 0x65, 0x72,
-	0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x12, 0x7e, 0x0a, 0x15, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74,
-	0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x47, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x48, 0x00, 0x52, 0x14, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x42, 0x08, 0x0a, 0x06, 0x70, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x22, 0x7f, 0x0a, 0x0c, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x50, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2b, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x03, 0x74, 0x74, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72,
-	0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72,
-	0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x3e, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72,
-	0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72,
-	0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x46, 0x0a, 0x14, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61,
-	0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x55, 0x0a,
-	0x1a, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x65,
-	0x72, 0x74, 0x69, 0x65, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x73,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x72, 0x6d,
-	0x69, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x65, 0x72, 0x6d,
-	0x69, 0x6e, 0x61, 0x6c, 0x22, 0x28, 0x0a, 0x12, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0xd6,
-	0x02, 0x0a, 0x2f, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x42, 0x0a, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01,
-	0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73,
-	0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa,
-	0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b,
-	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d,
-	0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
-	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a,
-	0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
-var file_pbmesh_v1alpha1_pbproxystate_route_proto_goTypes = []interface{}{
-	(*Route)(nil),                      // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Route
-	(*VirtualHost)(nil),                // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.VirtualHost
-	(*RouteRule)(nil),                  // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteRule
-	(*RouteMatch)(nil),                 // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteMatch
-	(*PathMatch)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.PathMatch
-	(*QueryParameterMatch)(nil),        // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.QueryParameterMatch
-	(*HeaderMatch)(nil),                // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMatch
-	(*RouteDestination)(nil),           // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteDestination
-	(*DestinationConfiguration)(nil),   // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration
-	(*RetryPolicy)(nil),                // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.RetryPolicy
-	(*TimeoutConfig)(nil),              // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.TimeoutConfig
-	(*LoadBalancerHashPolicy)(nil),     // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy
-	(*CookiePolicy)(nil),               // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.CookiePolicy
-	(*HeaderPolicy)(nil),               // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderPolicy
-	(*QueryParameterPolicy)(nil),       // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.QueryParameterPolicy
-	(*ConnectionPropertiesPolicy)(nil), // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.ConnectionPropertiesPolicy
-	(*DestinationCluster)(nil),         // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationCluster
-	(*HeaderMutation)(nil),             // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
-	(*L7WeightedClusterGroup)(nil),     // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedClusterGroup
-	(*wrapperspb.BoolValue)(nil),       // 19: google.protobuf.BoolValue
-	(*wrapperspb.UInt32Value)(nil),     // 20: google.protobuf.UInt32Value
-	(*durationpb.Duration)(nil),        // 21: google.protobuf.Duration
-}
-var file_pbmesh_v1alpha1_pbproxystate_route_proto_depIdxs = []int32{
-	1,  // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.Route.virtual_hosts:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.VirtualHost
-	17, // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.VirtualHost.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
-	2,  // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.VirtualHost.route_rules:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteRule
-	3,  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteRule.match:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteMatch
-	7,  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteRule.destination:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteDestination
-	17, // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteRule.header_mutations:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMutation
-	4,  // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteMatch.path_match:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.PathMatch
-	6,  // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteMatch.header_matches:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderMatch
-	5,  // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteMatch.query_parameter_matches:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.QueryParameterMatch
-	16, // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteDestination.cluster:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationCluster
-	18, // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteDestination.weighted_clusters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.L7WeightedClusterGroup
-	8,  // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.RouteDestination.destination_configuration:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration
-	19, // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration.auto_host_rewrite:type_name -> google.protobuf.BoolValue
-	11, // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration.hash_policies:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy
-	10, // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration.timeout_config:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TimeoutConfig
-	9,  // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.DestinationConfiguration.retry_policy:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.RetryPolicy
-	20, // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.RetryPolicy.num_retries:type_name -> google.protobuf.UInt32Value
-	21, // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.TimeoutConfig.timeout:type_name -> google.protobuf.Duration
-	21, // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.TimeoutConfig.idle_timeout:type_name -> google.protobuf.Duration
-	12, // 19: hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy.cookie:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.CookiePolicy
-	13, // 20: hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy.header:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.HeaderPolicy
-	14, // 21: hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy.query_parameter:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.QueryParameterPolicy
-	15, // 22: hashicorp.consul.mesh.v1alpha1.pbproxystate.LoadBalancerHashPolicy.connection_properties:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.ConnectionPropertiesPolicy
-	21, // 23: hashicorp.consul.mesh.v1alpha1.pbproxystate.CookiePolicy.ttl:type_name -> google.protobuf.Duration
-	24, // [24:24] is the sub-list for method output_type
-	24, // [24:24] is the sub-list for method input_type
-	24, // [24:24] is the sub-list for extension type_name
-	24, // [24:24] is the sub-list for extension extendee
-	0,  // [0:24] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_pbproxystate_route_proto_init() }
-func file_pbmesh_v1alpha1_pbproxystate_route_proto_init() {
-	if File_pbmesh_v1alpha1_pbproxystate_route_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_pbproxystate_cluster_proto_init()
-	file_pbmesh_v1alpha1_pbproxystate_header_mutations_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Route); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*VirtualHost); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RouteRule); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RouteMatch); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PathMatch); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*QueryParameterMatch); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HeaderMatch); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RouteDestination); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DestinationConfiguration); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RetryPolicy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TimeoutConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LoadBalancerHashPolicy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CookiePolicy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HeaderPolicy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*QueryParameterPolicy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ConnectionPropertiesPolicy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DestinationCluster); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[4].OneofWrappers = []interface{}{
-		(*PathMatch_Exact)(nil),
-		(*PathMatch_Prefix)(nil),
-		(*PathMatch_Regex)(nil),
-	}
-	file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[5].OneofWrappers = []interface{}{
-		(*QueryParameterMatch_Exact)(nil),
-		(*QueryParameterMatch_Regex)(nil),
-		(*QueryParameterMatch_Present)(nil),
-	}
-	file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[6].OneofWrappers = []interface{}{
-		(*HeaderMatch_Exact)(nil),
-		(*HeaderMatch_Prefix)(nil),
-		(*HeaderMatch_Suffix)(nil),
-		(*HeaderMatch_Regex)(nil),
-		(*HeaderMatch_Present)(nil),
-	}
-	file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[7].OneofWrappers = []interface{}{
-		(*RouteDestination_Cluster)(nil),
-		(*RouteDestination_WeightedClusters)(nil),
-	}
-	file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes[11].OneofWrappers = []interface{}{
-		(*LoadBalancerHashPolicy_Cookie)(nil),
-		(*LoadBalancerHashPolicy_Header)(nil),
-		(*LoadBalancerHashPolicy_QueryParameter)(nil),
-		(*LoadBalancerHashPolicy_ConnectionProperties)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   17,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_route_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_route_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_route_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_pbproxystate_route_proto = out.File
-	file_pbmesh_v1alpha1_pbproxystate_route_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_pbproxystate_route_proto_goTypes = nil
-	file_pbmesh_v1alpha1_pbproxystate_route_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
deleted file mode 100644
index 2ec10f3737d1..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/route.proto
+++ /dev/null
@@ -1,136 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1.pbproxystate;
-
-import "google/protobuf/duration.proto";
-import "google/protobuf/wrappers.proto";
-import "pbmesh/v1alpha1/pbproxystate/cluster.proto";
-import "pbmesh/v1alpha1/pbproxystate/header_mutations.proto";
-
-message Route {
-  // virtual_hosts is a list of virtual hosts. A virtual host is selected based on an incoming request's host header.
-  repeated VirtualHost virtual_hosts = 1;
-}
-
-message VirtualHost {
-  string name = 1;
-  // domains are used to match an incoming request's host header and determine which virtual host to use.
-  repeated string domains = 2;
-  // header_mutations to apply to the request when it matches this virtual host. These are applied after any headers in
-  // the RouteRule.
-  repeated HeaderMutation header_mutations = 3;
-  // route_rules are a list of rules to use for what to do next with this request. The first rule with a match will be
-  // used.
-  repeated RouteRule route_rules = 4;
-}
-
-message RouteRule {
-  // match determines how to match the request. The first match determines which destination the request will go to.
-  RouteMatch match = 1;
-  // destination is where to send the request to.
-  RouteDestination destination = 2;
-  // header_mutations to apply to the request. These are applied before the VirtualHost header mutations.
-  repeated HeaderMutation header_mutations = 3;
-}
-
-// RouteMatch has configuration to match a request.
-message RouteMatch {
-  PathMatch path_match = 1;
-  repeated HeaderMatch header_matches = 2;
-  repeated string method_matches = 3;
-  repeated QueryParameterMatch query_parameter_matches = 4;
-}
-
-message PathMatch {
-  oneof path_match {
-    string exact = 1;
-    string prefix = 2;
-    string regex = 3;
-  }
-}
-
-message QueryParameterMatch {
-  string name = 1;
-  oneof match {
-    string exact = 2;
-    string regex = 3;
-    bool present = 4;
-  }
-}
-
-message HeaderMatch {
-  string name = 1;
-  oneof match {
-    string exact = 2;
-    string prefix = 3;
-    string suffix = 4;
-    string regex = 5;
-    bool present = 6;
-  }
-  bool invert_match = 7;
-}
-
-// RouteDestination has configuration for where to send a request.
-message RouteDestination {
-  // destination is one or more clusters to route to.
-  oneof destination {
-    DestinationCluster cluster = 1;
-    L7WeightedClusterGroup weighted_clusters = 2;
-  }
-  DestinationConfiguration destination_configuration = 3;
-}
-
-message DestinationConfiguration {
-  google.protobuf.BoolValue auto_host_rewrite = 1;
-  repeated LoadBalancerHashPolicy hash_policies = 2;
-  TimeoutConfig timeout_config = 3;
-  string prefix_rewrite = 4;
-  RetryPolicy retry_policy = 5;
-}
-
-message RetryPolicy {
-  string retry_on = 1;
-  google.protobuf.UInt32Value num_retries = 2;
-  repeated uint32 retriable_status_codes = 3;
-}
-
-message TimeoutConfig {
-  google.protobuf.Duration timeout = 1;
-  google.protobuf.Duration idle_timeout = 2;
-}
-
-message LoadBalancerHashPolicy {
-  oneof policy {
-    CookiePolicy cookie = 1;
-    HeaderPolicy header = 2;
-    QueryParameterPolicy query_parameter = 3;
-    ConnectionPropertiesPolicy connection_properties = 4;
-  }
-}
-
-message CookiePolicy {
-  string name = 1;
-  google.protobuf.Duration ttl = 2;
-  string path = 3;
-  bool terminal = 4;
-}
-message HeaderPolicy {
-  string name = 1;
-  bool terminal = 2;
-}
-message QueryParameterPolicy {
-  string name = 1;
-  bool terminal = 2;
-}
-message ConnectionPropertiesPolicy {
-  bool source_ip = 1;
-  bool terminal = 2;
-}
-
-message DestinationCluster {
-  // name is the name of the cluster. This will be used to look up a cluster in the clusters map.
-  string name = 1;
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.binary.go b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.binary.go
deleted file mode 100644
index c659541c9214..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.binary.go
+++ /dev/null
@@ -1,138 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/pbproxystate/transport_socket.proto
-
-package pbproxystate
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *TLS) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *TLS) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *TransportSocket) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *TransportSocket) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InboundMeshMTLS) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InboundMeshMTLS) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *OutboundMeshMTLS) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *OutboundMeshMTLS) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InboundNonMeshTLS) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InboundNonMeshTLS) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *OutboundNonMeshTLS) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *OutboundNonMeshTLS) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *MeshInboundValidationContext) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *MeshInboundValidationContext) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *MeshOutboundValidationContext) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *MeshOutboundValidationContext) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *NonMeshOutboundValidationContext) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *NonMeshOutboundValidationContext) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *SDSCertificate) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *SDSCertificate) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *TLSParameters) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *TLSParameters) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *LeafCertificate) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *LeafCertificate) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *TrustBundle) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *TrustBundle) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
deleted file mode 100644
index 816ddb717b0c..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.pb.go
+++ /dev/null
@@ -1,1505 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/pbproxystate/transport_socket.proto
-
-package pbproxystate
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type TLSVersion int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	TLSVersion_TLS_VERSION_AUTO        TLSVersion = 0
-	TLSVersion_TLS_VERSION_1_0         TLSVersion = 1
-	TLSVersion_TLS_VERSION_1_1         TLSVersion = 2
-	TLSVersion_TLS_VERSION_1_2         TLSVersion = 3
-	TLSVersion_TLS_VERSION_1_3         TLSVersion = 4
-	TLSVersion_TLS_VERSION_INVALID     TLSVersion = 5
-	TLSVersion_TLS_VERSION_UNSPECIFIED TLSVersion = 6
-)
-
-// Enum value maps for TLSVersion.
-var (
-	TLSVersion_name = map[int32]string{
-		0: "TLS_VERSION_AUTO",
-		1: "TLS_VERSION_1_0",
-		2: "TLS_VERSION_1_1",
-		3: "TLS_VERSION_1_2",
-		4: "TLS_VERSION_1_3",
-		5: "TLS_VERSION_INVALID",
-		6: "TLS_VERSION_UNSPECIFIED",
-	}
-	TLSVersion_value = map[string]int32{
-		"TLS_VERSION_AUTO":        0,
-		"TLS_VERSION_1_0":         1,
-		"TLS_VERSION_1_1":         2,
-		"TLS_VERSION_1_2":         3,
-		"TLS_VERSION_1_3":         4,
-		"TLS_VERSION_INVALID":     5,
-		"TLS_VERSION_UNSPECIFIED": 6,
-	}
-)
-
-func (x TLSVersion) Enum() *TLSVersion {
-	p := new(TLSVersion)
-	*p = x
-	return p
-}
-
-func (x TLSVersion) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (TLSVersion) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes[0].Descriptor()
-}
-
-func (TLSVersion) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes[0]
-}
-
-func (x TLSVersion) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use TLSVersion.Descriptor instead.
-func (TLSVersion) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{0}
-}
-
-type TLSCipherSuite int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256 TLSCipherSuite = 0
-	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305 TLSCipherSuite = 1
-	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256   TLSCipherSuite = 2
-	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305   TLSCipherSuite = 3
-	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA        TLSCipherSuite = 4
-	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA          TLSCipherSuite = 5
-	TLSCipherSuite_TLS_CIPHER_SUITE_AES128_GCM_SHA256             TLSCipherSuite = 6
-	TLSCipherSuite_TLS_CIPHER_SUITE_AES128_SHA                    TLSCipherSuite = 7
-	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384 TLSCipherSuite = 8
-	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384   TLSCipherSuite = 9
-	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA        TLSCipherSuite = 10
-	TLSCipherSuite_TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA          TLSCipherSuite = 11
-	TLSCipherSuite_TLS_CIPHER_SUITE_AES256_GCM_SHA384             TLSCipherSuite = 12
-	TLSCipherSuite_TLS_CIPHER_SUITE_AES256_SHA                    TLSCipherSuite = 13
-)
-
-// Enum value maps for TLSCipherSuite.
-var (
-	TLSCipherSuite_name = map[int32]string{
-		0:  "TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256",
-		1:  "TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305",
-		2:  "TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256",
-		3:  "TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305",
-		4:  "TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA",
-		5:  "TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA",
-		6:  "TLS_CIPHER_SUITE_AES128_GCM_SHA256",
-		7:  "TLS_CIPHER_SUITE_AES128_SHA",
-		8:  "TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384",
-		9:  "TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384",
-		10: "TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA",
-		11: "TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA",
-		12: "TLS_CIPHER_SUITE_AES256_GCM_SHA384",
-		13: "TLS_CIPHER_SUITE_AES256_SHA",
-	}
-	TLSCipherSuite_value = map[string]int32{
-		"TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256": 0,
-		"TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305": 1,
-		"TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256":   2,
-		"TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305":   3,
-		"TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA":        4,
-		"TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA":          5,
-		"TLS_CIPHER_SUITE_AES128_GCM_SHA256":             6,
-		"TLS_CIPHER_SUITE_AES128_SHA":                    7,
-		"TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384": 8,
-		"TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384":   9,
-		"TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA":        10,
-		"TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA":          11,
-		"TLS_CIPHER_SUITE_AES256_GCM_SHA384":             12,
-		"TLS_CIPHER_SUITE_AES256_SHA":                    13,
-	}
-)
-
-func (x TLSCipherSuite) Enum() *TLSCipherSuite {
-	p := new(TLSCipherSuite)
-	*p = x
-	return p
-}
-
-func (x TLSCipherSuite) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (TLSCipherSuite) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes[1].Descriptor()
-}
-
-func (TLSCipherSuite) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes[1]
-}
-
-func (x TLSCipherSuite) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use TLSCipherSuite.Descriptor instead.
-func (TLSCipherSuite) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{1}
-}
-
-type TLS struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// inbound_tls_parameters has default TLS parameter configuration for inbound connections. These can be overridden per
-	// transport socket.
-	InboundTlsParameters *TLSParameters `protobuf:"bytes,1,opt,name=inbound_tls_parameters,json=inboundTlsParameters,proto3" json:"inbound_tls_parameters,omitempty"`
-	// outbound_tls_parameters has default TLS parameter configuration for inbound connections. These can be overridden per transport socket.
-	OutboundTlsParameters *TLSParameters `protobuf:"bytes,2,opt,name=outbound_tls_parameters,json=outboundTlsParameters,proto3" json:"outbound_tls_parameters,omitempty"`
-}
-
-func (x *TLS) Reset() {
-	*x = TLS{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TLS) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TLS) ProtoMessage() {}
-
-func (x *TLS) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TLS.ProtoReflect.Descriptor instead.
-func (*TLS) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *TLS) GetInboundTlsParameters() *TLSParameters {
-	if x != nil {
-		return x.InboundTlsParameters
-	}
-	return nil
-}
-
-func (x *TLS) GetOutboundTlsParameters() *TLSParameters {
-	if x != nil {
-		return x.OutboundTlsParameters
-	}
-	return nil
-}
-
-type TransportSocket struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// name of the transport socket
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// Types that are assignable to ConnectionTls:
-	//
-	//	*TransportSocket_InboundMesh
-	//	*TransportSocket_OutboundMesh
-	//	*TransportSocket_InboundNonMesh
-	//	*TransportSocket_OutboundNonMesh
-	ConnectionTls isTransportSocket_ConnectionTls `protobuf_oneof:"connection_tls"`
-	// tls_parameters can override any top level tls parameters that are configured.
-	TlsParameters *TLSParameters `protobuf:"bytes,6,opt,name=tls_parameters,json=tlsParameters,proto3" json:"tls_parameters,omitempty"`
-	AlpnProtocols []string       `protobuf:"bytes,7,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"`
-}
-
-func (x *TransportSocket) Reset() {
-	*x = TransportSocket{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TransportSocket) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TransportSocket) ProtoMessage() {}
-
-func (x *TransportSocket) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TransportSocket.ProtoReflect.Descriptor instead.
-func (*TransportSocket) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *TransportSocket) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (m *TransportSocket) GetConnectionTls() isTransportSocket_ConnectionTls {
-	if m != nil {
-		return m.ConnectionTls
-	}
-	return nil
-}
-
-func (x *TransportSocket) GetInboundMesh() *InboundMeshMTLS {
-	if x, ok := x.GetConnectionTls().(*TransportSocket_InboundMesh); ok {
-		return x.InboundMesh
-	}
-	return nil
-}
-
-func (x *TransportSocket) GetOutboundMesh() *OutboundMeshMTLS {
-	if x, ok := x.GetConnectionTls().(*TransportSocket_OutboundMesh); ok {
-		return x.OutboundMesh
-	}
-	return nil
-}
-
-func (x *TransportSocket) GetInboundNonMesh() *InboundNonMeshTLS {
-	if x, ok := x.GetConnectionTls().(*TransportSocket_InboundNonMesh); ok {
-		return x.InboundNonMesh
-	}
-	return nil
-}
-
-func (x *TransportSocket) GetOutboundNonMesh() *OutboundNonMeshTLS {
-	if x, ok := x.GetConnectionTls().(*TransportSocket_OutboundNonMesh); ok {
-		return x.OutboundNonMesh
-	}
-	return nil
-}
-
-func (x *TransportSocket) GetTlsParameters() *TLSParameters {
-	if x != nil {
-		return x.TlsParameters
-	}
-	return nil
-}
-
-func (x *TransportSocket) GetAlpnProtocols() []string {
-	if x != nil {
-		return x.AlpnProtocols
-	}
-	return nil
-}
-
-type isTransportSocket_ConnectionTls interface {
-	isTransportSocket_ConnectionTls()
-}
-
-type TransportSocket_InboundMesh struct {
-	// inbound_mesh is for incoming connections FROM the mesh.
-	InboundMesh *InboundMeshMTLS `protobuf:"bytes,2,opt,name=inbound_mesh,json=inboundMesh,proto3,oneof"`
-}
-
-type TransportSocket_OutboundMesh struct {
-	// outbound_mesh is for outbound connections TO mesh destinations.
-	OutboundMesh *OutboundMeshMTLS `protobuf:"bytes,3,opt,name=outbound_mesh,json=outboundMesh,proto3,oneof"`
-}
-
-type TransportSocket_InboundNonMesh struct {
-	// inbound_non_mesh is for incoming connections FROM non mesh.
-	InboundNonMesh *InboundNonMeshTLS `protobuf:"bytes,4,opt,name=inbound_non_mesh,json=inboundNonMesh,proto3,oneof"`
-}
-
-type TransportSocket_OutboundNonMesh struct {
-	// outbound_non_mesh is for outbound connections TO non mesh destinations.
-	OutboundNonMesh *OutboundNonMeshTLS `protobuf:"bytes,5,opt,name=outbound_non_mesh,json=outboundNonMesh,proto3,oneof"`
-}
-
-func (*TransportSocket_InboundMesh) isTransportSocket_ConnectionTls() {}
-
-func (*TransportSocket_OutboundMesh) isTransportSocket_ConnectionTls() {}
-
-func (*TransportSocket_InboundNonMesh) isTransportSocket_ConnectionTls() {}
-
-func (*TransportSocket_OutboundNonMesh) isTransportSocket_ConnectionTls() {}
-
-type InboundMeshMTLS struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// identity_key is UUID key to use to look up the leaf certificate in ProxyState to present for incoming connections.
-	IdentityKey string `protobuf:"bytes,1,opt,name=identity_key,json=identityKey,proto3" json:"identity_key,omitempty"`
-	// validation_context has what is needed to validate incoming connections.
-	ValidationContext *MeshInboundValidationContext `protobuf:"bytes,2,opt,name=validation_context,json=validationContext,proto3" json:"validation_context,omitempty"`
-}
-
-func (x *InboundMeshMTLS) Reset() {
-	*x = InboundMeshMTLS{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InboundMeshMTLS) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InboundMeshMTLS) ProtoMessage() {}
-
-func (x *InboundMeshMTLS) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InboundMeshMTLS.ProtoReflect.Descriptor instead.
-func (*InboundMeshMTLS) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *InboundMeshMTLS) GetIdentityKey() string {
-	if x != nil {
-		return x.IdentityKey
-	}
-	return ""
-}
-
-func (x *InboundMeshMTLS) GetValidationContext() *MeshInboundValidationContext {
-	if x != nil {
-		return x.ValidationContext
-	}
-	return nil
-}
-
-type OutboundMeshMTLS struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// identity_key is UUID key to use to look up the leaf certificate in ProxyState when connecting to destinations.
-	IdentityKey string `protobuf:"bytes,1,opt,name=identity_key,json=identityKey,proto3" json:"identity_key,omitempty"`
-	// validation_context has what is needed to validate the destination.
-	ValidationContext *MeshOutboundValidationContext `protobuf:"bytes,2,opt,name=validation_context,json=validationContext,proto3" json:"validation_context,omitempty"`
-	// sni to use when connecting to the destination.
-	Sni string `protobuf:"bytes,3,opt,name=sni,proto3" json:"sni,omitempty"`
-}
-
-func (x *OutboundMeshMTLS) Reset() {
-	*x = OutboundMeshMTLS{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *OutboundMeshMTLS) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*OutboundMeshMTLS) ProtoMessage() {}
-
-func (x *OutboundMeshMTLS) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use OutboundMeshMTLS.ProtoReflect.Descriptor instead.
-func (*OutboundMeshMTLS) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *OutboundMeshMTLS) GetIdentityKey() string {
-	if x != nil {
-		return x.IdentityKey
-	}
-	return ""
-}
-
-func (x *OutboundMeshMTLS) GetValidationContext() *MeshOutboundValidationContext {
-	if x != nil {
-		return x.ValidationContext
-	}
-	return nil
-}
-
-func (x *OutboundMeshMTLS) GetSni() string {
-	if x != nil {
-		return x.Sni
-	}
-	return ""
-}
-
-type InboundNonMeshTLS struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// identity is the reference to the leaf certificate to present for incoming connections.
-	//
-	// Types that are assignable to Identity:
-	//
-	//	*InboundNonMeshTLS_LeafKey
-	//	*InboundNonMeshTLS_Sds
-	Identity isInboundNonMeshTLS_Identity `protobuf_oneof:"identity"`
-}
-
-func (x *InboundNonMeshTLS) Reset() {
-	*x = InboundNonMeshTLS{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InboundNonMeshTLS) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InboundNonMeshTLS) ProtoMessage() {}
-
-func (x *InboundNonMeshTLS) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InboundNonMeshTLS.ProtoReflect.Descriptor instead.
-func (*InboundNonMeshTLS) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{4}
-}
-
-func (m *InboundNonMeshTLS) GetIdentity() isInboundNonMeshTLS_Identity {
-	if m != nil {
-		return m.Identity
-	}
-	return nil
-}
-
-func (x *InboundNonMeshTLS) GetLeafKey() string {
-	if x, ok := x.GetIdentity().(*InboundNonMeshTLS_LeafKey); ok {
-		return x.LeafKey
-	}
-	return ""
-}
-
-func (x *InboundNonMeshTLS) GetSds() *SDSCertificate {
-	if x, ok := x.GetIdentity().(*InboundNonMeshTLS_Sds); ok {
-		return x.Sds
-	}
-	return nil
-}
-
-type isInboundNonMeshTLS_Identity interface {
-	isInboundNonMeshTLS_Identity()
-}
-
-type InboundNonMeshTLS_LeafKey struct {
-	// leaf_key is the UUID key to use to look up the leaf certificate in the ProxyState leaf certificate map.
-	LeafKey string `protobuf:"bytes,1,opt,name=leaf_key,json=leafKey,proto3,oneof"`
-}
-
-type InboundNonMeshTLS_Sds struct {
-	// sds refers to certificates retrieved via Envoy SDS.
-	Sds *SDSCertificate `protobuf:"bytes,2,opt,name=sds,proto3,oneof"`
-}
-
-func (*InboundNonMeshTLS_LeafKey) isInboundNonMeshTLS_Identity() {}
-
-func (*InboundNonMeshTLS_Sds) isInboundNonMeshTLS_Identity() {}
-
-type OutboundNonMeshTLS struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// cert_file is a filename for a certificate to present for outbound connections.
-	CertFile string `protobuf:"bytes,1,opt,name=cert_file,json=certFile,proto3" json:"cert_file,omitempty"`
-	// key_file is a filename for a key for outbound connections.
-	KeyFile string `protobuf:"bytes,2,opt,name=key_file,json=keyFile,proto3" json:"key_file,omitempty"`
-	// validation_context has what is needed to validate the destination.
-	ValidationContext *NonMeshOutboundValidationContext `protobuf:"bytes,3,opt,name=validation_context,json=validationContext,proto3" json:"validation_context,omitempty"`
-}
-
-func (x *OutboundNonMeshTLS) Reset() {
-	*x = OutboundNonMeshTLS{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *OutboundNonMeshTLS) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*OutboundNonMeshTLS) ProtoMessage() {}
-
-func (x *OutboundNonMeshTLS) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use OutboundNonMeshTLS.ProtoReflect.Descriptor instead.
-func (*OutboundNonMeshTLS) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *OutboundNonMeshTLS) GetCertFile() string {
-	if x != nil {
-		return x.CertFile
-	}
-	return ""
-}
-
-func (x *OutboundNonMeshTLS) GetKeyFile() string {
-	if x != nil {
-		return x.KeyFile
-	}
-	return ""
-}
-
-func (x *OutboundNonMeshTLS) GetValidationContext() *NonMeshOutboundValidationContext {
-	if x != nil {
-		return x.ValidationContext
-	}
-	return nil
-}
-
-type MeshInboundValidationContext struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// trust_bundle_peer_name_keys is which trust bundles to use for validating incoming connections. If this workload is exported
-	// to peers, the incoming connection could be from a different peer, requiring that trust bundle to validate the
-	// connection. These could be local or peered trust bundles. This will be a key in the trust bundle map.
-	TrustBundlePeerNameKeys []string `protobuf:"bytes,1,rep,name=trust_bundle_peer_name_keys,json=trustBundlePeerNameKeys,proto3" json:"trust_bundle_peer_name_keys,omitempty"`
-}
-
-func (x *MeshInboundValidationContext) Reset() {
-	*x = MeshInboundValidationContext{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *MeshInboundValidationContext) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*MeshInboundValidationContext) ProtoMessage() {}
-
-func (x *MeshInboundValidationContext) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use MeshInboundValidationContext.ProtoReflect.Descriptor instead.
-func (*MeshInboundValidationContext) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *MeshInboundValidationContext) GetTrustBundlePeerNameKeys() []string {
-	if x != nil {
-		return x.TrustBundlePeerNameKeys
-	}
-	return nil
-}
-
-type MeshOutboundValidationContext struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// trust_bundle_peer_name_key is which trust bundle to use for the destination. It could be the local or a peer's trust bundle.
-	// This will be a key in the trust bundle map.
-	TrustBundlePeerNameKey string `protobuf:"bytes,1,opt,name=trust_bundle_peer_name_key,json=trustBundlePeerNameKey,proto3" json:"trust_bundle_peer_name_key,omitempty"`
-	// spiffe_ids is one or more spiffe IDs to validate.
-	SpiffeIds []string `protobuf:"bytes,2,rep,name=spiffe_ids,json=spiffeIds,proto3" json:"spiffe_ids,omitempty"`
-}
-
-func (x *MeshOutboundValidationContext) Reset() {
-	*x = MeshOutboundValidationContext{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *MeshOutboundValidationContext) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*MeshOutboundValidationContext) ProtoMessage() {}
-
-func (x *MeshOutboundValidationContext) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use MeshOutboundValidationContext.ProtoReflect.Descriptor instead.
-func (*MeshOutboundValidationContext) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *MeshOutboundValidationContext) GetTrustBundlePeerNameKey() string {
-	if x != nil {
-		return x.TrustBundlePeerNameKey
-	}
-	return ""
-}
-
-func (x *MeshOutboundValidationContext) GetSpiffeIds() []string {
-	if x != nil {
-		return x.SpiffeIds
-	}
-	return nil
-}
-
-type NonMeshOutboundValidationContext struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// ca_file is a filename for a ca for outbound connections to validate the destination.
-	CaFile string `protobuf:"bytes,1,opt,name=ca_file,json=caFile,proto3" json:"ca_file,omitempty"`
-}
-
-func (x *NonMeshOutboundValidationContext) Reset() {
-	*x = NonMeshOutboundValidationContext{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *NonMeshOutboundValidationContext) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*NonMeshOutboundValidationContext) ProtoMessage() {}
-
-func (x *NonMeshOutboundValidationContext) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use NonMeshOutboundValidationContext.ProtoReflect.Descriptor instead.
-func (*NonMeshOutboundValidationContext) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{8}
-}
-
-func (x *NonMeshOutboundValidationContext) GetCaFile() string {
-	if x != nil {
-		return x.CaFile
-	}
-	return ""
-}
-
-type SDSCertificate struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ClusterName  string `protobuf:"bytes,1,opt,name=cluster_name,json=clusterName,proto3" json:"cluster_name,omitempty"`
-	CertResource string `protobuf:"bytes,2,opt,name=cert_resource,json=certResource,proto3" json:"cert_resource,omitempty"`
-}
-
-func (x *SDSCertificate) Reset() {
-	*x = SDSCertificate{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[9]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SDSCertificate) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SDSCertificate) ProtoMessage() {}
-
-func (x *SDSCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[9]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SDSCertificate.ProtoReflect.Descriptor instead.
-func (*SDSCertificate) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{9}
-}
-
-func (x *SDSCertificate) GetClusterName() string {
-	if x != nil {
-		return x.ClusterName
-	}
-	return ""
-}
-
-func (x *SDSCertificate) GetCertResource() string {
-	if x != nil {
-		return x.CertResource
-	}
-	return ""
-}
-
-type TLSParameters struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	MinVersion   TLSVersion       `protobuf:"varint,1,opt,name=min_version,json=minVersion,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSVersion" json:"min_version,omitempty"`
-	MaxVersion   TLSVersion       `protobuf:"varint,2,opt,name=max_version,json=maxVersion,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSVersion" json:"max_version,omitempty"`
-	CipherSuites []TLSCipherSuite `protobuf:"varint,3,rep,packed,name=cipher_suites,json=cipherSuites,proto3,enum=hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSCipherSuite" json:"cipher_suites,omitempty"`
-}
-
-func (x *TLSParameters) Reset() {
-	*x = TLSParameters{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[10]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TLSParameters) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TLSParameters) ProtoMessage() {}
-
-func (x *TLSParameters) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[10]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TLSParameters.ProtoReflect.Descriptor instead.
-func (*TLSParameters) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{10}
-}
-
-func (x *TLSParameters) GetMinVersion() TLSVersion {
-	if x != nil {
-		return x.MinVersion
-	}
-	return TLSVersion_TLS_VERSION_AUTO
-}
-
-func (x *TLSParameters) GetMaxVersion() TLSVersion {
-	if x != nil {
-		return x.MaxVersion
-	}
-	return TLSVersion_TLS_VERSION_AUTO
-}
-
-func (x *TLSParameters) GetCipherSuites() []TLSCipherSuite {
-	if x != nil {
-		return x.CipherSuites
-	}
-	return nil
-}
-
-type LeafCertificate struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Cert string `protobuf:"bytes,1,opt,name=cert,proto3" json:"cert,omitempty"`
-	Key  string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
-}
-
-func (x *LeafCertificate) Reset() {
-	*x = LeafCertificate{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[11]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LeafCertificate) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LeafCertificate) ProtoMessage() {}
-
-func (x *LeafCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[11]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LeafCertificate.ProtoReflect.Descriptor instead.
-func (*LeafCertificate) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{11}
-}
-
-func (x *LeafCertificate) GetCert() string {
-	if x != nil {
-		return x.Cert
-	}
-	return ""
-}
-
-func (x *LeafCertificate) GetKey() string {
-	if x != nil {
-		return x.Key
-	}
-	return ""
-}
-
-type TrustBundle struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	TrustDomain string   `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
-	Roots       []string `protobuf:"bytes,2,rep,name=roots,proto3" json:"roots,omitempty"`
-}
-
-func (x *TrustBundle) Reset() {
-	*x = TrustBundle{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[12]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TrustBundle) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TrustBundle) ProtoMessage() {}
-
-func (x *TrustBundle) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[12]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TrustBundle.ProtoReflect.Descriptor instead.
-func (*TrustBundle) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP(), []int{12}
-}
-
-func (x *TrustBundle) GetTrustDomain() string {
-	if x != nil {
-		return x.TrustDomain
-	}
-	return ""
-}
-
-func (x *TrustBundle) GetRoots() []string {
-	if x != nil {
-		return x.Roots
-	}
-	return nil
-}
-
-var File_pbmesh_v1alpha1_pbproxystate_transport_socket_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDesc = []byte{
-	0x0a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x74,
-	0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2b, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x22, 0xeb, 0x01, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x70, 0x0a, 0x16, 0x69, 0x6e,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65,
-	0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61,
-	0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x14, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54,
-	0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x72, 0x0a, 0x17,
-	0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x70, 0x61, 0x72,
-	0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x50,
-	0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f,
-	0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73,
-	0x22, 0xe5, 0x04, 0x0a, 0x0f, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f,
-	0x63, 0x6b, 0x65, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x61, 0x0a, 0x0c, 0x69, 0x6e, 0x62, 0x6f,
-	0x75, 0x6e, 0x64, 0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x49, 0x6e, 0x62,
-	0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0b,
-	0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x64, 0x0a, 0x0d, 0x6f,
-	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c,
-	0x53, 0x48, 0x00, 0x52, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73,
-	0x68, 0x12, 0x6a, 0x0a, 0x10, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e,
-	0x5f, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e,
-	0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0e, 0x69,
-	0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x6d, 0x0a,
-	0x11, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x5f, 0x6d, 0x65,
-	0x73, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e,
-	0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x48, 0x00, 0x52, 0x0f, 0x6f, 0x75, 0x74,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x61, 0x0a, 0x0e,
-	0x74, 0x6c, 0x73, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x06,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73,
-	0x52, 0x0d, 0x74, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12,
-	0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
-	0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x61, 0x6c, 0x70, 0x6e, 0x50, 0x72, 0x6f,
-	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x22, 0xae, 0x01, 0x0a, 0x0f, 0x49, 0x6e, 0x62,
-	0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x12, 0x21, 0x0a, 0x0c,
-	0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x4b, 0x65, 0x79, 0x12,
-	0x78, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f,
-	0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x49, 0x6e,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43,
-	0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0xc2, 0x01, 0x0a, 0x10, 0x4f, 0x75,
-	0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x4d, 0x54, 0x4c, 0x53, 0x12, 0x21,
-	0x0a, 0x0c, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x4b, 0x65,
-	0x79, 0x12, 0x79, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
-	0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x73, 0x68,
-	0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x10, 0x0a, 0x03,
-	0x73, 0x6e, 0x69, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x22, 0x8d,
-	0x01, 0x0a, 0x11, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73,
-	0x68, 0x54, 0x4c, 0x53, 0x12, 0x1b, 0x0a, 0x08, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x6b, 0x65, 0x79,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x07, 0x6c, 0x65, 0x61, 0x66, 0x4b, 0x65,
-	0x79, 0x12, 0x4f, 0x0a, 0x03, 0x73, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x44, 0x53,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x03, 0x73,
-	0x64, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0xca,
-	0x01, 0x0a, 0x12, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4e, 0x6f, 0x6e, 0x4d, 0x65,
-	0x73, 0x68, 0x54, 0x4c, 0x53, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69,
-	0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x65, 0x72, 0x74, 0x46, 0x69,
-	0x6c, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x7c, 0x0a,
-	0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74,
-	0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4d, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x4f,
-	0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x5c, 0x0a, 0x1c, 0x4d,
-	0x65, 0x73, 0x68, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3c, 0x0a, 0x1b, 0x74,
-	0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72,
-	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09,
-	0x52, 0x17, 0x74, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65,
-	0x72, 0x4e, 0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x7a, 0x0a, 0x1d, 0x4d, 0x65, 0x73,
-	0x68, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x3a, 0x0a, 0x1a, 0x74, 0x72,
-	0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f,
-	0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x65, 0x65, 0x72, 0x4e,
-	0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65,
-	0x5f, 0x69, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x70, 0x69, 0x66,
-	0x66, 0x65, 0x49, 0x64, 0x73, 0x22, 0x3b, 0x0a, 0x20, 0x4e, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x68,
-	0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x5f,
-	0x66, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x63, 0x61, 0x46, 0x69,
-	0x6c, 0x65, 0x22, 0x58, 0x0a, 0x0e, 0x53, 0x44, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6c, 0x75, 0x73,
-	0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x65, 0x72, 0x74, 0x5f,
-	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c,
-	0x63, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0xa5, 0x02, 0x0a,
-	0x0d, 0x54, 0x4c, 0x53, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x58,
-	0x0a, 0x0b, 0x6d, 0x69, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x6d, 0x69,
-	0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x58, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f,
-	0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x37, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x56,
-	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69,
-	0x6f, 0x6e, 0x12, 0x60, 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69,
-	0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f,
-	0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68, 0x65,
-	0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75,
-	0x69, 0x74, 0x65, 0x73, 0x22, 0x37, 0x0a, 0x0f, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6b,
-	0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x22, 0x46, 0x0a,
-	0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x21, 0x0a, 0x0c,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12,
-	0x14, 0x0a, 0x05, 0x72, 0x6f, 0x6f, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05,
-	0x72, 0x6f, 0x6f, 0x74, 0x73, 0x2a, 0xac, 0x01, 0x0a, 0x0a, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72,
-	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53,
-	0x49, 0x4f, 0x4e, 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c,
-	0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12,
-	0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31,
-	0x5f, 0x31, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53,
-	0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x32, 0x10, 0x03, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53,
-	0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x12, 0x17,
-	0x0a, 0x13, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x49, 0x4e,
-	0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x54, 0x4c, 0x53, 0x5f, 0x56,
-	0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
-	0x45, 0x44, 0x10, 0x06, 0x2a, 0x84, 0x05, 0x0a, 0x0e, 0x54, 0x4c, 0x53, 0x43, 0x69, 0x70, 0x68,
-	0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43,
-	0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48,
-	0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x47,
-	0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x00, 0x12, 0x32, 0x0a, 0x2e, 0x54,
-	0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f,
-	0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x43, 0x48, 0x41, 0x43,
-	0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x10, 0x01, 0x12,
-	0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55,
-	0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45,
-	0x53, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10,
-	0x02, 0x12, 0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f,
-	0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f,
-	0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30,
-	0x35, 0x10, 0x03, 0x12, 0x2b, 0x0a, 0x27, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
-	0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43,
-	0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x04,
-	0x12, 0x29, 0x0a, 0x25, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53,
-	0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41,
-	0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x05, 0x12, 0x26, 0x0a, 0x22, 0x54,
-	0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f,
-	0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35,
-	0x36, 0x10, 0x06, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45,
-	0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x53,
-	0x48, 0x41, 0x10, 0x07, 0x12, 0x32, 0x0a, 0x2e, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48,
-	0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45,
-	0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f,
-	0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x08, 0x12, 0x30, 0x0a, 0x2c, 0x54, 0x4c, 0x53, 0x5f,
-	0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44,
-	0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43,
-	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x09, 0x12, 0x2b, 0x0a, 0x27, 0x54, 0x4c,
-	0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45,
-	0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35,
-	0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0a, 0x12, 0x29, 0x0a, 0x25, 0x54, 0x4c, 0x53, 0x5f, 0x43,
-	0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48,
-	0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41,
-	0x10, 0x0b, 0x12, 0x26, 0x0a, 0x22, 0x54, 0x4c, 0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52,
-	0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41, 0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43,
-	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x4c,
-	0x53, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x41,
-	0x45, 0x53, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x10, 0x0d, 0x42, 0xe0, 0x02, 0x0a, 0x2f,
-	0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42,
-	0x14, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74,
-	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
-	0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69,
-	0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02,
-	0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2b, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0xe2, 0x02, 0x37, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2f, 0x48,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescData = file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
-var file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes = make([]protoimpl.MessageInfo, 13)
-var file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_goTypes = []interface{}{
-	(TLSVersion)(0),                          // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSVersion
-	(TLSCipherSuite)(0),                      // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSCipherSuite
-	(*TLS)(nil),                              // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLS
-	(*TransportSocket)(nil),                  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket
-	(*InboundMeshMTLS)(nil),                  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundMeshMTLS
-	(*OutboundMeshMTLS)(nil),                 // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundMeshMTLS
-	(*InboundNonMeshTLS)(nil),                // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundNonMeshTLS
-	(*OutboundNonMeshTLS)(nil),               // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundNonMeshTLS
-	(*MeshInboundValidationContext)(nil),     // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.MeshInboundValidationContext
-	(*MeshOutboundValidationContext)(nil),    // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.MeshOutboundValidationContext
-	(*NonMeshOutboundValidationContext)(nil), // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.NonMeshOutboundValidationContext
-	(*SDSCertificate)(nil),                   // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.SDSCertificate
-	(*TLSParameters)(nil),                    // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters
-	(*LeafCertificate)(nil),                  // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificate
-	(*TrustBundle)(nil),                      // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundle
-}
-var file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_depIdxs = []int32{
-	12, // 0: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLS.inbound_tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters
-	12, // 1: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLS.outbound_tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters
-	4,  // 2: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket.inbound_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundMeshMTLS
-	5,  // 3: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket.outbound_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundMeshMTLS
-	6,  // 4: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket.inbound_non_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundNonMeshTLS
-	7,  // 5: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket.outbound_non_mesh:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundNonMeshTLS
-	12, // 6: hashicorp.consul.mesh.v1alpha1.pbproxystate.TransportSocket.tls_parameters:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters
-	8,  // 7: hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundMeshMTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.MeshInboundValidationContext
-	9,  // 8: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundMeshMTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.MeshOutboundValidationContext
-	11, // 9: hashicorp.consul.mesh.v1alpha1.pbproxystate.InboundNonMeshTLS.sds:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.SDSCertificate
-	10, // 10: hashicorp.consul.mesh.v1alpha1.pbproxystate.OutboundNonMeshTLS.validation_context:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.NonMeshOutboundValidationContext
-	0,  // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters.min_version:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSVersion
-	0,  // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters.max_version:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSVersion
-	1,  // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSParameters.cipher_suites:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLSCipherSuite
-	14, // [14:14] is the sub-list for method output_type
-	14, // [14:14] is the sub-list for method input_type
-	14, // [14:14] is the sub-list for extension type_name
-	14, // [14:14] is the sub-list for extension extendee
-	0,  // [0:14] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_init() }
-func file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_init() {
-	if File_pbmesh_v1alpha1_pbproxystate_transport_socket_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TLS); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TransportSocket); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InboundMeshMTLS); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*OutboundMeshMTLS); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InboundNonMeshTLS); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*OutboundNonMeshTLS); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*MeshInboundValidationContext); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*MeshOutboundValidationContext); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NonMeshOutboundValidationContext); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SDSCertificate); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TLSParameters); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LeafCertificate); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TrustBundle); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[1].OneofWrappers = []interface{}{
-		(*TransportSocket_InboundMesh)(nil),
-		(*TransportSocket_OutboundMesh)(nil),
-		(*TransportSocket_InboundNonMesh)(nil),
-		(*TransportSocket_OutboundNonMesh)(nil),
-	}
-	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes[4].OneofWrappers = []interface{}{
-		(*InboundNonMeshTLS_LeafKey)(nil),
-		(*InboundNonMeshTLS_Sds)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDesc,
-			NumEnums:      2,
-			NumMessages:   13,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_pbproxystate_transport_socket_proto = out.File
-	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_goTypes = nil
-	file_pbmesh_v1alpha1_pbproxystate_transport_socket_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto b/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
deleted file mode 100644
index 4d191ba580dd..000000000000
--- a/proto-public/pbmesh/v1alpha1/pbproxystate/transport_socket.proto
+++ /dev/null
@@ -1,137 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1.pbproxystate;
-
-message TLS {
-  // inbound_tls_parameters has default TLS parameter configuration for inbound connections. These can be overridden per
-  // transport socket.
-  TLSParameters inbound_tls_parameters = 1;
-  // outbound_tls_parameters has default TLS parameter configuration for inbound connections. These can be overridden per transport socket.
-  TLSParameters outbound_tls_parameters = 2;
-}
-
-message TransportSocket {
-  // name of the transport socket
-  string name = 1;
-  oneof connection_tls {
-    // inbound_mesh is for incoming connections FROM the mesh.
-    InboundMeshMTLS inbound_mesh = 2;
-    // outbound_mesh is for outbound connections TO mesh destinations.
-    OutboundMeshMTLS outbound_mesh = 3;
-    // inbound_non_mesh is for incoming connections FROM non mesh.
-    InboundNonMeshTLS inbound_non_mesh = 4;
-    // outbound_non_mesh is for outbound connections TO non mesh destinations.
-    OutboundNonMeshTLS outbound_non_mesh = 5;
-  }
-  // tls_parameters can override any top level tls parameters that are configured.
-  TLSParameters tls_parameters = 6;
-  repeated string alpn_protocols = 7;
-}
-
-message InboundMeshMTLS {
-  // identity_key is UUID key to use to look up the leaf certificate in ProxyState to present for incoming connections.
-  string identity_key = 1;
-  // validation_context has what is needed to validate incoming connections.
-  MeshInboundValidationContext validation_context = 2;
-}
-
-message OutboundMeshMTLS {
-  // identity_key is UUID key to use to look up the leaf certificate in ProxyState when connecting to destinations.
-  string identity_key = 1;
-  // validation_context has what is needed to validate the destination.
-  MeshOutboundValidationContext validation_context = 2;
-  // sni to use when connecting to the destination.
-  string sni = 3;
-}
-
-message InboundNonMeshTLS {
-  // identity is the reference to the leaf certificate to present for incoming connections.
-  oneof identity {
-    // leaf_key is the UUID key to use to look up the leaf certificate in the ProxyState leaf certificate map.
-    string leaf_key = 1;
-    // sds refers to certificates retrieved via Envoy SDS.
-    SDSCertificate sds = 2;
-  }
-}
-
-message OutboundNonMeshTLS {
-  // cert_file is a filename for a certificate to present for outbound connections.
-  string cert_file = 1;
-  // key_file is a filename for a key for outbound connections.
-  string key_file = 2;
-  // validation_context has what is needed to validate the destination.
-  NonMeshOutboundValidationContext validation_context = 3;
-}
-
-message MeshInboundValidationContext {
-  // trust_bundle_peer_name_keys is which trust bundles to use for validating incoming connections. If this workload is exported
-  // to peers, the incoming connection could be from a different peer, requiring that trust bundle to validate the
-  // connection. These could be local or peered trust bundles. This will be a key in the trust bundle map.
-  repeated string trust_bundle_peer_name_keys = 1;
-}
-
-message MeshOutboundValidationContext {
-  // trust_bundle_peer_name_key is which trust bundle to use for the destination. It could be the local or a peer's trust bundle.
-  // This will be a key in the trust bundle map.
-  string trust_bundle_peer_name_key = 1;
-  // spiffe_ids is one or more spiffe IDs to validate.
-  repeated string spiffe_ids = 2;
-}
-
-message NonMeshOutboundValidationContext {
-  // ca_file is a filename for a ca for outbound connections to validate the destination.
-  string ca_file = 1;
-}
-
-message SDSCertificate {
-  string cluster_name = 1;
-  string cert_resource = 2;
-}
-
-message TLSParameters {
-  TLSVersion min_version = 1;
-  TLSVersion max_version = 2;
-  repeated TLSCipherSuite cipher_suites = 3;
-}
-
-message LeafCertificate {
-  string cert = 1;
-  string key = 2;
-}
-
-message TrustBundle {
-  string trust_domain = 1;
-  repeated string roots = 2;
-}
-
-enum TLSVersion {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  TLS_VERSION_AUTO = 0;
-  TLS_VERSION_1_0 = 1;
-  TLS_VERSION_1_1 = 2;
-  TLS_VERSION_1_2 = 3;
-  TLS_VERSION_1_3 = 4;
-  TLS_VERSION_INVALID = 5;
-  TLS_VERSION_UNSPECIFIED = 6;
-}
-
-enum TLSCipherSuite {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_GCM_SHA256 = 0;
-  TLS_CIPHER_SUITE_ECDHE_ECDSA_CHACHA20_POLY1305 = 1;
-  TLS_CIPHER_SUITE_ECDHE_RSA_AES128_GCM_SHA256 = 2;
-  TLS_CIPHER_SUITE_ECDHE_RSA_CHACHA20_POLY1305 = 3;
-  TLS_CIPHER_SUITE_ECDHE_ECDSA_AES128_SHA = 4;
-  TLS_CIPHER_SUITE_ECDHE_RSA_AES128_SHA = 5;
-  TLS_CIPHER_SUITE_AES128_GCM_SHA256 = 6;
-  TLS_CIPHER_SUITE_AES128_SHA = 7;
-  TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_GCM_SHA384 = 8;
-  TLS_CIPHER_SUITE_ECDHE_RSA_AES256_GCM_SHA384 = 9;
-  TLS_CIPHER_SUITE_ECDHE_ECDSA_AES256_SHA = 10;
-  TLS_CIPHER_SUITE_ECDHE_RSA_AES256_SHA = 11;
-  TLS_CIPHER_SUITE_AES256_GCM_SHA384 = 12;
-  TLS_CIPHER_SUITE_AES256_SHA = 13;
-}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.binary.go b/proto-public/pbmesh/v1alpha1/proxy.pb.binary.go
similarity index 67%
rename from proto-public/pbmesh/v1alpha1/proxy_configuration.pb.binary.go
rename to proto-public/pbmesh/v1alpha1/proxy.pb.binary.go
index bb706d5da3d6..f39ae6afec84 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/proxy.pb.binary.go
@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/proxy_configuration.proto
+// source: pbmesh/v1alpha1/proxy.proto
 
 package meshv1alpha1
 
@@ -46,23 +46,3 @@ func (msg *BootstrapConfig) MarshalBinary() ([]byte, error) {
 func (msg *BootstrapConfig) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *AccessLogsConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *AccessLogsConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *EnvoyExtension) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *EnvoyExtension) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/proxy.pb.go b/proto-public/pbmesh/v1alpha1/proxy.pb.go
new file mode 100644
index 000000000000..b6ef2edf873b
--- /dev/null
+++ b/proto-public/pbmesh/v1alpha1/proxy.pb.go
@@ -0,0 +1,816 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        (unknown)
+// source: pbmesh/v1alpha1/proxy.proto
+
+package meshv1alpha1
+
+import (
+	v1alpha1 "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	structpb "google.golang.org/protobuf/types/known/structpb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type ProxyMode int32
+
+const (
+	// ProxyModeDefault represents no specific mode and should
+	// be used to indicate that a different layer of the configuration
+	// chain should take precedence
+	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
+	ProxyMode_PROXY_MODE_DEFAULT ProxyMode = 0
+	// ProxyModeTransparent represents that inbound and outbound application
+	// traffic is being captured and redirected through the proxy.
+	ProxyMode_PROXY_MODE_TRANSPARENT ProxyMode = 1
+	// ProxyModeDirect represents that the proxy's listeners must be dialed directly
+	// by the local application and other proxies.
+	ProxyMode_PROXY_MODE_DIRECT ProxyMode = 2
+)
+
+// Enum value maps for ProxyMode.
+var (
+	ProxyMode_name = map[int32]string{
+		0: "PROXY_MODE_DEFAULT",
+		1: "PROXY_MODE_TRANSPARENT",
+		2: "PROXY_MODE_DIRECT",
+	}
+	ProxyMode_value = map[string]int32{
+		"PROXY_MODE_DEFAULT":     0,
+		"PROXY_MODE_TRANSPARENT": 1,
+		"PROXY_MODE_DIRECT":      2,
+	}
+)
+
+func (x ProxyMode) Enum() *ProxyMode {
+	p := new(ProxyMode)
+	*p = x
+	return p
+}
+
+func (x ProxyMode) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ProxyMode) Descriptor() protoreflect.EnumDescriptor {
+	return file_pbmesh_v1alpha1_proxy_proto_enumTypes[0].Descriptor()
+}
+
+func (ProxyMode) Type() protoreflect.EnumType {
+	return &file_pbmesh_v1alpha1_proxy_proto_enumTypes[0]
+}
+
+func (x ProxyMode) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ProxyMode.Descriptor instead.
+func (ProxyMode) EnumDescriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP(), []int{0}
+}
+
+type ProxyConfiguration struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Selection of workloads this proxy configuration should apply to.
+	// These can be prefixes or specific workload names.
+	Workloads *v1alpha1.WorkloadSelector `protobuf:"bytes,1,opt,name=workloads,proto3" json:"workloads,omitempty"`
+	// dynamic_config is the configuration that could be changed
+	// dynamically (i.e. without needing restart).
+	DynamicConfig *DynamicConfig `protobuf:"bytes,2,opt,name=dynamic_config,json=dynamicConfig,proto3" json:"dynamic_config,omitempty"`
+	// bootstrap_config is the configuration that requires proxies
+	// to be restarted to be applied.
+	BootstrapConfig *BootstrapConfig `protobuf:"bytes,3,opt,name=bootstrap_config,json=bootstrapConfig,proto3" json:"bootstrap_config,omitempty"`
+	// deprecated: prevent usage when using v2 APIs directly.
+	// needed for backwards compatibility
+	//
+	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+	OpaqueConfig *structpb.Struct `protobuf:"bytes,4,opt,name=opaque_config,json=opaqueConfig,proto3" json:"opaque_config,omitempty"`
+}
+
+func (x *ProxyConfiguration) Reset() {
+	*x = ProxyConfiguration{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ProxyConfiguration) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProxyConfiguration) ProtoMessage() {}
+
+func (x *ProxyConfiguration) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProxyConfiguration.ProtoReflect.Descriptor instead.
+func (*ProxyConfiguration) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ProxyConfiguration) GetWorkloads() *v1alpha1.WorkloadSelector {
+	if x != nil {
+		return x.Workloads
+	}
+	return nil
+}
+
+func (x *ProxyConfiguration) GetDynamicConfig() *DynamicConfig {
+	if x != nil {
+		return x.DynamicConfig
+	}
+	return nil
+}
+
+func (x *ProxyConfiguration) GetBootstrapConfig() *BootstrapConfig {
+	if x != nil {
+		return x.BootstrapConfig
+	}
+	return nil
+}
+
+// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+func (x *ProxyConfiguration) GetOpaqueConfig() *structpb.Struct {
+	if x != nil {
+		return x.OpaqueConfig
+	}
+	return nil
+}
+
+type DynamicConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// mode indicates the proxy's mode. This will default to 'transparent'.
+	Mode             ProxyMode         `protobuf:"varint,1,opt,name=mode,proto3,enum=hashicorp.consul.mesh.v1alpha1.ProxyMode" json:"mode,omitempty"`
+	TransparentProxy *TransparentProxy `protobuf:"bytes,2,opt,name=transparent_proxy,json=transparentProxy,proto3" json:"transparent_proxy,omitempty"`
+	// local_connection is the configuration that should be used
+	// to connect to the local application provided per-port.
+	// The map keys should correspond to port names on the workload.
+	LocalConnection map[string]*ConnectionConfig `protobuf:"bytes,3,rep,name=local_connection,json=localConnection,proto3" json:"local_connection,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// inbound_connections configures inbound connections to the proxy.
+	InboundConnections  *InboundConnectionsConfig `protobuf:"bytes,4,opt,name=inbound_connections,json=inboundConnections,proto3" json:"inbound_connections,omitempty"`
+	MeshGatewayMode     MeshGatewayMode           `protobuf:"varint,5,opt,name=mesh_gateway_mode,json=meshGatewayMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MeshGatewayMode" json:"mesh_gateway_mode,omitempty"`
+	ExposeConfig        *ExposeConfig             `protobuf:"bytes,6,opt,name=expose_config,json=exposeConfig,proto3" json:"expose_config,omitempty"`
+	PublicListenerJson  string                    `protobuf:"bytes,7,opt,name=public_listener_json,json=publicListenerJson,proto3" json:"public_listener_json,omitempty"`
+	ListenerTracingJson string                    `protobuf:"bytes,8,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"`
+	LocalClusterJson    string                    `protobuf:"bytes,9,opt,name=local_cluster_json,json=localClusterJson,proto3" json:"local_cluster_json,omitempty"`
+	// deprecated:
+	// local_workload_address, local_workload_port, and local_workload_socket_path
+	// are deprecated and are only needed for migration of existing resources.
+	//
+	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+	LocalWorkloadAddress string `protobuf:"bytes,10,opt,name=local_workload_address,json=localWorkloadAddress,proto3" json:"local_workload_address,omitempty"`
+	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+	LocalWorkloadPort uint32 `protobuf:"varint,11,opt,name=local_workload_port,json=localWorkloadPort,proto3" json:"local_workload_port,omitempty"`
+	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+	LocalWorkloadSocketPath string `protobuf:"bytes,12,opt,name=local_workload_socket_path,json=localWorkloadSocketPath,proto3" json:"local_workload_socket_path,omitempty"`
+}
+
+func (x *DynamicConfig) Reset() {
+	*x = DynamicConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DynamicConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DynamicConfig) ProtoMessage() {}
+
+func (x *DynamicConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DynamicConfig.ProtoReflect.Descriptor instead.
+func (*DynamicConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *DynamicConfig) GetMode() ProxyMode {
+	if x != nil {
+		return x.Mode
+	}
+	return ProxyMode_PROXY_MODE_DEFAULT
+}
+
+func (x *DynamicConfig) GetTransparentProxy() *TransparentProxy {
+	if x != nil {
+		return x.TransparentProxy
+	}
+	return nil
+}
+
+func (x *DynamicConfig) GetLocalConnection() map[string]*ConnectionConfig {
+	if x != nil {
+		return x.LocalConnection
+	}
+	return nil
+}
+
+func (x *DynamicConfig) GetInboundConnections() *InboundConnectionsConfig {
+	if x != nil {
+		return x.InboundConnections
+	}
+	return nil
+}
+
+func (x *DynamicConfig) GetMeshGatewayMode() MeshGatewayMode {
+	if x != nil {
+		return x.MeshGatewayMode
+	}
+	return MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED
+}
+
+func (x *DynamicConfig) GetExposeConfig() *ExposeConfig {
+	if x != nil {
+		return x.ExposeConfig
+	}
+	return nil
+}
+
+func (x *DynamicConfig) GetPublicListenerJson() string {
+	if x != nil {
+		return x.PublicListenerJson
+	}
+	return ""
+}
+
+func (x *DynamicConfig) GetListenerTracingJson() string {
+	if x != nil {
+		return x.ListenerTracingJson
+	}
+	return ""
+}
+
+func (x *DynamicConfig) GetLocalClusterJson() string {
+	if x != nil {
+		return x.LocalClusterJson
+	}
+	return ""
+}
+
+// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+func (x *DynamicConfig) GetLocalWorkloadAddress() string {
+	if x != nil {
+		return x.LocalWorkloadAddress
+	}
+	return ""
+}
+
+// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+func (x *DynamicConfig) GetLocalWorkloadPort() uint32 {
+	if x != nil {
+		return x.LocalWorkloadPort
+	}
+	return 0
+}
+
+// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy.proto.
+func (x *DynamicConfig) GetLocalWorkloadSocketPath() string {
+	if x != nil {
+		return x.LocalWorkloadSocketPath
+	}
+	return ""
+}
+
+type TransparentProxy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// outbound_listener_port is the port for the proxy's outbound listener.
+	// This defaults to 15001.
+	OutboundListenerPort uint32 `protobuf:"varint,1,opt,name=outbound_listener_port,json=outboundListenerPort,proto3" json:"outbound_listener_port,omitempty"`
+	// dialed_directly indicates whether this proxy should be dialed using original destination IP
+	// in the connection rather than load balance between all endpoints.
+	DialedDirectly bool `protobuf:"varint,2,opt,name=dialed_directly,json=dialedDirectly,proto3" json:"dialed_directly,omitempty"`
+}
+
+func (x *TransparentProxy) Reset() {
+	*x = TransparentProxy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TransparentProxy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TransparentProxy) ProtoMessage() {}
+
+func (x *TransparentProxy) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TransparentProxy.ProtoReflect.Descriptor instead.
+func (*TransparentProxy) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *TransparentProxy) GetOutboundListenerPort() uint32 {
+	if x != nil {
+		return x.OutboundListenerPort
+	}
+	return 0
+}
+
+func (x *TransparentProxy) GetDialedDirectly() bool {
+	if x != nil {
+		return x.DialedDirectly
+	}
+	return false
+}
+
+// BootstrapConfig is equivalent to configuration defined
+// in our docs.
+type BootstrapConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	StatsdUrl           string   `protobuf:"bytes,1,opt,name=statsd_url,json=statsdUrl,proto3" json:"statsd_url,omitempty"`
+	DogstatsdUrl        string   `protobuf:"bytes,2,opt,name=dogstatsd_url,json=dogstatsdUrl,proto3" json:"dogstatsd_url,omitempty"`
+	StatsTags           []string `protobuf:"bytes,3,rep,name=stats_tags,json=statsTags,proto3" json:"stats_tags,omitempty"`
+	PrometheusBindAddr  string   `protobuf:"bytes,4,opt,name=prometheus_bind_addr,json=prometheusBindAddr,proto3" json:"prometheus_bind_addr,omitempty"`
+	StatsBindAddr       string   `protobuf:"bytes,5,opt,name=stats_bind_addr,json=statsBindAddr,proto3" json:"stats_bind_addr,omitempty"`
+	ReadyBindAddr       string   `protobuf:"bytes,6,opt,name=ready_bind_addr,json=readyBindAddr,proto3" json:"ready_bind_addr,omitempty"`
+	OverrideJsonTpl     string   `protobuf:"bytes,7,opt,name=override_json_tpl,json=overrideJsonTpl,proto3" json:"override_json_tpl,omitempty"`
+	StaticClustersJson  string   `protobuf:"bytes,8,opt,name=static_clusters_json,json=staticClustersJson,proto3" json:"static_clusters_json,omitempty"`
+	StaticListenersJson string   `protobuf:"bytes,9,opt,name=static_listeners_json,json=staticListenersJson,proto3" json:"static_listeners_json,omitempty"`
+	StatsSinksJson      string   `protobuf:"bytes,10,opt,name=stats_sinks_json,json=statsSinksJson,proto3" json:"stats_sinks_json,omitempty"`
+	StatsConfigJson     string   `protobuf:"bytes,11,opt,name=stats_config_json,json=statsConfigJson,proto3" json:"stats_config_json,omitempty"`
+	StatsFlushInterval  string   `protobuf:"bytes,12,opt,name=stats_flush_interval,json=statsFlushInterval,proto3" json:"stats_flush_interval,omitempty"`
+	TracingConfigJson   string   `protobuf:"bytes,13,opt,name=tracing_config_json,json=tracingConfigJson,proto3" json:"tracing_config_json,omitempty"`
+}
+
+func (x *BootstrapConfig) Reset() {
+	*x = BootstrapConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *BootstrapConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BootstrapConfig) ProtoMessage() {}
+
+func (x *BootstrapConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_proxy_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use BootstrapConfig.ProtoReflect.Descriptor instead.
+func (*BootstrapConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *BootstrapConfig) GetStatsdUrl() string {
+	if x != nil {
+		return x.StatsdUrl
+	}
+	return ""
+}
+
+func (x *BootstrapConfig) GetDogstatsdUrl() string {
+	if x != nil {
+		return x.DogstatsdUrl
+	}
+	return ""
+}
+
+func (x *BootstrapConfig) GetStatsTags() []string {
+	if x != nil {
+		return x.StatsTags
+	}
+	return nil
+}
+
+func (x *BootstrapConfig) GetPrometheusBindAddr() string {
+	if x != nil {
+		return x.PrometheusBindAddr
+	}
+	return ""
+}
+
+func (x *BootstrapConfig) GetStatsBindAddr() string {
+	if x != nil {
+		return x.StatsBindAddr
+	}
+	return ""
+}
+
+func (x *BootstrapConfig) GetReadyBindAddr() string {
+	if x != nil {
+		return x.ReadyBindAddr
+	}
+	return ""
+}
+
+func (x *BootstrapConfig) GetOverrideJsonTpl() string {
+	if x != nil {
+		return x.OverrideJsonTpl
+	}
+	return ""
+}
+
+func (x *BootstrapConfig) GetStaticClustersJson() string {
+	if x != nil {
+		return x.StaticClustersJson
+	}
+	return ""
+}
+
+func (x *BootstrapConfig) GetStaticListenersJson() string {
+	if x != nil {
+		return x.StaticListenersJson
+	}
+	return ""
+}
+
+func (x *BootstrapConfig) GetStatsSinksJson() string {
+	if x != nil {
+		return x.StatsSinksJson
+	}
+	return ""
+}
+
+func (x *BootstrapConfig) GetStatsConfigJson() string {
+	if x != nil {
+		return x.StatsConfigJson
+	}
+	return ""
+}
+
+func (x *BootstrapConfig) GetStatsFlushInterval() string {
+	if x != nil {
+		return x.StatsFlushInterval
+	}
+	return ""
+}
+
+func (x *BootstrapConfig) GetTracingConfigJson() string {
+	if x != nil {
+		return x.TracingConfigJson
+	}
+	return ""
+}
+
+var File_pbmesh_v1alpha1_proxy_proto protoreflect.FileDescriptor
+
+var file_pbmesh_v1alpha1_proxy_proto_rawDesc = []byte{
+	0x0a, 0x1b, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1c, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73,
+	0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x70, 0x62, 0x63,
+	0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
+	0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20,
+	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
+	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x1a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2f, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d,
+	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
+	0x72, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xdb, 0x02,
+	0x0a, 0x12, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x51, 0x0a, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64,
+	0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c,
+	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b,
+	0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x09, 0x77, 0x6f,
+	0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x12, 0x54, 0x0a, 0x0e, 0x64, 0x79, 0x6e, 0x61, 0x6d,
+	0x69, 0x63, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0d,
+	0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5a, 0x0a,
+	0x10, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72,
+	0x61, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0f, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74,
+	0x72, 0x61, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x40, 0x0a, 0x0d, 0x6f, 0x70, 0x61,
+	0x71, 0x75, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0c, 0x6f,
+	0x70, 0x61, 0x71, 0x75, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xf0, 0x07, 0x0a, 0x0d,
+	0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3d, 0x0a,
+	0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f,
+	0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x5d, 0x0a, 0x11,
+	0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61,
+	0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x10, 0x74, 0x72, 0x61, 0x6e, 0x73,
+	0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x6d, 0x0a, 0x10, 0x6c,
+	0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x69, 0x0a, 0x13, 0x69, 0x6e,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x12, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5b, 0x0a, 0x11, 0x6d, 0x65, 0x73, 0x68, 0x5f, 0x67, 0x61,
+	0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e,
+	0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64,
+	0x65, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f,
+	0x64, 0x65, 0x12, 0x51, 0x0a, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x5f, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73,
+	0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0c, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f,
+	0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x07, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65,
+	0x6e, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65,
+	0x6e, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e,
+	0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
+	0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x6c,
+	0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f,
+	0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6c,
+	0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x16, 0x6c, 0x6f, 0x63,
+	0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72,
+	0x65, 0x73, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x14, 0x6c,
+	0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x41, 0x64, 0x64, 0x72,
+	0x65, 0x73, 0x73, 0x12, 0x32, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72,
+	0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d,
+	0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c,
+	0x6f, 0x61, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x3f, 0x0a, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
+	0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74,
+	0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52,
+	0x17, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x6f,
+	0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x74, 0x0a, 0x14, 0x4c, 0x6f, 0x63, 0x61,
+	0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b,
+	0x65, 0x79, 0x12, 0x46, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x71,
+	0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f,
+	0x78, 0x79, 0x12, 0x34, 0x0a, 0x16, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6c,
+	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0d, 0x52, 0x14, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74,
+	0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x61, 0x6c,
+	0x65, 0x64, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x0e, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c,
+	0x79, 0x22, 0xc0, 0x04, 0x0a, 0x0f, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f,
+	0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73,
+	0x64, 0x55, 0x72, 0x6c, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, 0x73,
+	0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x6f, 0x67,
+	0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61,
+	0x74, 0x73, 0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73,
+	0x74, 0x61, 0x74, 0x73, 0x54, 0x61, 0x67, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x72, 0x6f, 0x6d,
+	0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
+	0x75, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x73, 0x74,
+	0x61, 0x74, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x05, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x74, 0x61, 0x74, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64,
+	0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x72, 0x65, 0x61, 0x64, 0x79, 0x5f, 0x62, 0x69, 0x6e, 0x64,
+	0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x72, 0x65, 0x61,
+	0x64, 0x79, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x76,
+	0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x74, 0x70, 0x6c, 0x18,
+	0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x4a,
+	0x73, 0x6f, 0x6e, 0x54, 0x70, 0x6c, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63,
+	0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x08,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x43, 0x6c, 0x75, 0x73,
+	0x74, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x73, 0x74, 0x61, 0x74,
+	0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f,
+	0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x4c,
+	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x28, 0x0a, 0x10,
+	0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x73, 0x69, 0x6e, 0x6b, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e,
+	0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x73, 0x53, 0x69, 0x6e,
+	0x6b, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73,
+	0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x66, 0x6c, 0x75, 0x73,
+	0x68, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x73, 0x46, 0x6c, 0x75, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65,
+	0x72, 0x76, 0x61, 0x6c, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x11, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x4a, 0x73, 0x6f, 0x6e, 0x2a, 0x56, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64,
+	0x65, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f,
+	0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x50, 0x52, 0x4f,
+	0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x50, 0x41, 0x52,
+	0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d,
+	0x4f, 0x44, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x10, 0x02, 0x42, 0x92, 0x02, 0x0a,
+	0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x42, 0x0a, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+	0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65,
+	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02,
+	0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca,
+	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pbmesh_v1alpha1_proxy_proto_rawDescOnce sync.Once
+	file_pbmesh_v1alpha1_proxy_proto_rawDescData = file_pbmesh_v1alpha1_proxy_proto_rawDesc
+)
+
+func file_pbmesh_v1alpha1_proxy_proto_rawDescGZIP() []byte {
+	file_pbmesh_v1alpha1_proxy_proto_rawDescOnce.Do(func() {
+		file_pbmesh_v1alpha1_proxy_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_proxy_proto_rawDescData)
+	})
+	return file_pbmesh_v1alpha1_proxy_proto_rawDescData
+}
+
+var file_pbmesh_v1alpha1_proxy_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_pbmesh_v1alpha1_proxy_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
+var file_pbmesh_v1alpha1_proxy_proto_goTypes = []interface{}{
+	(ProxyMode)(0),                    // 0: hashicorp.consul.mesh.v1alpha1.ProxyMode
+	(*ProxyConfiguration)(nil),        // 1: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration
+	(*DynamicConfig)(nil),             // 2: hashicorp.consul.mesh.v1alpha1.DynamicConfig
+	(*TransparentProxy)(nil),          // 3: hashicorp.consul.mesh.v1alpha1.TransparentProxy
+	(*BootstrapConfig)(nil),           // 4: hashicorp.consul.mesh.v1alpha1.BootstrapConfig
+	nil,                               // 5: hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry
+	(*v1alpha1.WorkloadSelector)(nil), // 6: hashicorp.consul.catalog.v1alpha1.WorkloadSelector
+	(*structpb.Struct)(nil),           // 7: google.protobuf.Struct
+	(*InboundConnectionsConfig)(nil),  // 8: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig
+	(MeshGatewayMode)(0),              // 9: hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
+	(*ExposeConfig)(nil),              // 10: hashicorp.consul.mesh.v1alpha1.ExposeConfig
+	(*ConnectionConfig)(nil),          // 11: hashicorp.consul.mesh.v1alpha1.ConnectionConfig
+}
+var file_pbmesh_v1alpha1_proxy_proto_depIdxs = []int32{
+	6,  // 0: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
+	2,  // 1: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.dynamic_config:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicConfig
+	4,  // 2: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.bootstrap_config:type_name -> hashicorp.consul.mesh.v1alpha1.BootstrapConfig
+	7,  // 3: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.opaque_config:type_name -> google.protobuf.Struct
+	0,  // 4: hashicorp.consul.mesh.v1alpha1.DynamicConfig.mode:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyMode
+	3,  // 5: hashicorp.consul.mesh.v1alpha1.DynamicConfig.transparent_proxy:type_name -> hashicorp.consul.mesh.v1alpha1.TransparentProxy
+	5,  // 6: hashicorp.consul.mesh.v1alpha1.DynamicConfig.local_connection:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry
+	8,  // 7: hashicorp.consul.mesh.v1alpha1.DynamicConfig.inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig
+	9,  // 8: hashicorp.consul.mesh.v1alpha1.DynamicConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
+	10, // 9: hashicorp.consul.mesh.v1alpha1.DynamicConfig.expose_config:type_name -> hashicorp.consul.mesh.v1alpha1.ExposeConfig
+	11, // 10: hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.ConnectionConfig
+	11, // [11:11] is the sub-list for method output_type
+	11, // [11:11] is the sub-list for method input_type
+	11, // [11:11] is the sub-list for extension type_name
+	11, // [11:11] is the sub-list for extension extendee
+	0,  // [0:11] is the sub-list for field type_name
+}
+
+func init() { file_pbmesh_v1alpha1_proxy_proto_init() }
+func file_pbmesh_v1alpha1_proxy_proto_init() {
+	if File_pbmesh_v1alpha1_proxy_proto != nil {
+		return
+	}
+	file_pbmesh_v1alpha1_connection_proto_init()
+	file_pbmesh_v1alpha1_expose_proto_init()
+	file_pbmesh_v1alpha1_routing_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_pbmesh_v1alpha1_proxy_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ProxyConfiguration); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_proxy_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DynamicConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_proxy_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TransparentProxy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_proxy_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*BootstrapConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pbmesh_v1alpha1_proxy_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   5,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_pbmesh_v1alpha1_proxy_proto_goTypes,
+		DependencyIndexes: file_pbmesh_v1alpha1_proxy_proto_depIdxs,
+		EnumInfos:         file_pbmesh_v1alpha1_proxy_proto_enumTypes,
+		MessageInfos:      file_pbmesh_v1alpha1_proxy_proto_msgTypes,
+	}.Build()
+	File_pbmesh_v1alpha1_proxy_proto = out.File
+	file_pbmesh_v1alpha1_proxy_proto_rawDesc = nil
+	file_pbmesh_v1alpha1_proxy_proto_goTypes = nil
+	file_pbmesh_v1alpha1_proxy_proto_depIdxs = nil
+}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_configuration.proto b/proto-public/pbmesh/v1alpha1/proxy.proto
similarity index 60%
rename from proto-public/pbmesh/v1alpha1/proxy_configuration.proto
rename to proto-public/pbmesh/v1alpha1/proxy.proto
index c20ff3d47c44..06ebecbf4aba 100644
--- a/proto-public/pbmesh/v1alpha1/proxy_configuration.proto
+++ b/proto-public/pbmesh/v1alpha1/proxy.proto
@@ -11,7 +11,6 @@ import "pbmesh/v1alpha1/connection.proto";
 import "pbmesh/v1alpha1/expose.proto";
 import "pbmesh/v1alpha1/routing.proto";
 
-// This is a Resource type.
 message ProxyConfiguration {
   // Selection of workloads this proxy configuration should apply to.
   // These can be prefixes or specific workload names.
@@ -36,35 +35,28 @@ message DynamicConfig {
 
   TransparentProxy transparent_proxy = 2;
 
-  MutualTLSMode mutual_tls_mode = 3;
-
   // local_connection is the configuration that should be used
   // to connect to the local application provided per-port.
   // The map keys should correspond to port names on the workload.
-  map<string, ConnectionConfig> local_connection = 4;
+  map<string, ConnectionConfig> local_connection = 3;
 
   // inbound_connections configures inbound connections to the proxy.
-  InboundConnectionsConfig inbound_connections = 5;
-
-  MeshGatewayMode mesh_gateway_mode = 6;
-
-  ExposeConfig expose_config = 7;
+  InboundConnectionsConfig inbound_connections = 4;
 
-  // AccessLogs configures the output and format of Envoy access logs
-  AccessLogsConfig access_logs = 8;
+  MeshGatewayMode mesh_gateway_mode = 5;
 
-  repeated EnvoyExtension envoy_extensions = 9;
+  ExposeConfig expose_config = 6;
 
-  string public_listener_json = 10;
-  string listener_tracing_json = 11;
-  string local_cluster_json = 12;
+  string public_listener_json = 7;
+  string listener_tracing_json = 8;
+  string local_cluster_json = 9;
 
   // deprecated:
   // local_workload_address, local_workload_port, and local_workload_socket_path
   // are deprecated and are only needed for migration of existing resources.
-  string local_workload_address = 13 [deprecated = true];
-  uint32 local_workload_port = 14 [deprecated = true];
-  string local_workload_socket_path = 15 [deprecated = true];
+  string local_workload_address = 10 [deprecated = true];
+  uint32 local_workload_port = 11 [deprecated = true];
+  string local_workload_socket_path = 12 [deprecated = true];
 }
 
 message TransparentProxy {
@@ -110,49 +102,3 @@ enum ProxyMode {
   // by the local application and other proxies.
   PROXY_MODE_DIRECT = 2;
 }
-
-// AccessLogsConfig contains the associated default settings for all Envoy
-// instances within the datacenter or partition
-message AccessLogsConfig {
-  // Enabled turns off all access logging
-  bool enabled = 1;
-
-  // DisableListenerLogs turns off just listener logs for connections rejected by Envoy because they don't
-  // have a matching listener filter.
-  bool disable_listener_logs = 2;
-
-  // Type selects the output for logs: "file", "stderr". "stdout"
-  LogSinkType type = 3;
-
-  // Path is the output file to write logs
-  string path = 4;
-
-  // The presence of one format string or the other implies the access log string encoding.
-  // Defining Both is invalid.
-  string json_format = 5;
-  string text_format = 6;
-}
-
-enum LogSinkType {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  LOG_SINK_TYPE_DEFAULT = 0;
-  LOG_SINK_TYPE_FILE = 1;
-  LOG_SINK_TYPE_STDERR = 2;
-  LOG_SINK_TYPE_STDOUT = 3;
-}
-
-// EnvoyExtension has configuration for an extension that patches Envoy resources.
-message EnvoyExtension {
-  string name = 1;
-  bool required = 2;
-  google.protobuf.Struct arguments = 3;
-  string consul_version = 4;
-  string envoy_version = 5;
-}
-
-enum MutualTLSMode {
-  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-  MUTUAL_TLS_MODE_DEFAULT = 0;
-  MUTUAL_TLS_MODE_STRICT = 1;
-  MUTUAL_TLS_MODE_PERMISSIVE = 2;
-}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go b/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
deleted file mode 100644
index 0072714553da..000000000000
--- a/proto-public/pbmesh/v1alpha1/proxy_configuration.pb.go
+++ /dev/null
@@ -1,1214 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/proxy_configuration.proto
-
-package meshv1alpha1
-
-import (
-	v1alpha1 "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	structpb "google.golang.org/protobuf/types/known/structpb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type ProxyMode int32
-
-const (
-	// ProxyModeDefault represents no specific mode and should
-	// be used to indicate that a different layer of the configuration
-	// chain should take precedence
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	ProxyMode_PROXY_MODE_DEFAULT ProxyMode = 0
-	// ProxyModeTransparent represents that inbound and outbound application
-	// traffic is being captured and redirected through the proxy.
-	ProxyMode_PROXY_MODE_TRANSPARENT ProxyMode = 1
-	// ProxyModeDirect represents that the proxy's listeners must be dialed directly
-	// by the local application and other proxies.
-	ProxyMode_PROXY_MODE_DIRECT ProxyMode = 2
-)
-
-// Enum value maps for ProxyMode.
-var (
-	ProxyMode_name = map[int32]string{
-		0: "PROXY_MODE_DEFAULT",
-		1: "PROXY_MODE_TRANSPARENT",
-		2: "PROXY_MODE_DIRECT",
-	}
-	ProxyMode_value = map[string]int32{
-		"PROXY_MODE_DEFAULT":     0,
-		"PROXY_MODE_TRANSPARENT": 1,
-		"PROXY_MODE_DIRECT":      2,
-	}
-)
-
-func (x ProxyMode) Enum() *ProxyMode {
-	p := new(ProxyMode)
-	*p = x
-	return p
-}
-
-func (x ProxyMode) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (ProxyMode) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[0].Descriptor()
-}
-
-func (ProxyMode) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[0]
-}
-
-func (x ProxyMode) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use ProxyMode.Descriptor instead.
-func (ProxyMode) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{0}
-}
-
-type LogSinkType int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	LogSinkType_LOG_SINK_TYPE_DEFAULT LogSinkType = 0
-	LogSinkType_LOG_SINK_TYPE_FILE    LogSinkType = 1
-	LogSinkType_LOG_SINK_TYPE_STDERR  LogSinkType = 2
-	LogSinkType_LOG_SINK_TYPE_STDOUT  LogSinkType = 3
-)
-
-// Enum value maps for LogSinkType.
-var (
-	LogSinkType_name = map[int32]string{
-		0: "LOG_SINK_TYPE_DEFAULT",
-		1: "LOG_SINK_TYPE_FILE",
-		2: "LOG_SINK_TYPE_STDERR",
-		3: "LOG_SINK_TYPE_STDOUT",
-	}
-	LogSinkType_value = map[string]int32{
-		"LOG_SINK_TYPE_DEFAULT": 0,
-		"LOG_SINK_TYPE_FILE":    1,
-		"LOG_SINK_TYPE_STDERR":  2,
-		"LOG_SINK_TYPE_STDOUT":  3,
-	}
-)
-
-func (x LogSinkType) Enum() *LogSinkType {
-	p := new(LogSinkType)
-	*p = x
-	return p
-}
-
-func (x LogSinkType) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (LogSinkType) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[1].Descriptor()
-}
-
-func (LogSinkType) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[1]
-}
-
-func (x LogSinkType) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use LogSinkType.Descriptor instead.
-func (LogSinkType) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{1}
-}
-
-type MutualTLSMode int32
-
-const (
-	// buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX
-	MutualTLSMode_MUTUAL_TLS_MODE_DEFAULT    MutualTLSMode = 0
-	MutualTLSMode_MUTUAL_TLS_MODE_STRICT     MutualTLSMode = 1
-	MutualTLSMode_MUTUAL_TLS_MODE_PERMISSIVE MutualTLSMode = 2
-)
-
-// Enum value maps for MutualTLSMode.
-var (
-	MutualTLSMode_name = map[int32]string{
-		0: "MUTUAL_TLS_MODE_DEFAULT",
-		1: "MUTUAL_TLS_MODE_STRICT",
-		2: "MUTUAL_TLS_MODE_PERMISSIVE",
-	}
-	MutualTLSMode_value = map[string]int32{
-		"MUTUAL_TLS_MODE_DEFAULT":    0,
-		"MUTUAL_TLS_MODE_STRICT":     1,
-		"MUTUAL_TLS_MODE_PERMISSIVE": 2,
-	}
-)
-
-func (x MutualTLSMode) Enum() *MutualTLSMode {
-	p := new(MutualTLSMode)
-	*p = x
-	return p
-}
-
-func (x MutualTLSMode) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (MutualTLSMode) Descriptor() protoreflect.EnumDescriptor {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[2].Descriptor()
-}
-
-func (MutualTLSMode) Type() protoreflect.EnumType {
-	return &file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes[2]
-}
-
-func (x MutualTLSMode) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use MutualTLSMode.Descriptor instead.
-func (MutualTLSMode) EnumDescriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{2}
-}
-
-// This is a Resource type.
-type ProxyConfiguration struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Selection of workloads this proxy configuration should apply to.
-	// These can be prefixes or specific workload names.
-	Workloads *v1alpha1.WorkloadSelector `protobuf:"bytes,1,opt,name=workloads,proto3" json:"workloads,omitempty"`
-	// dynamic_config is the configuration that could be changed
-	// dynamically (i.e. without needing restart).
-	DynamicConfig *DynamicConfig `protobuf:"bytes,2,opt,name=dynamic_config,json=dynamicConfig,proto3" json:"dynamic_config,omitempty"`
-	// bootstrap_config is the configuration that requires proxies
-	// to be restarted to be applied.
-	BootstrapConfig *BootstrapConfig `protobuf:"bytes,3,opt,name=bootstrap_config,json=bootstrapConfig,proto3" json:"bootstrap_config,omitempty"`
-	// deprecated: prevent usage when using v2 APIs directly.
-	// needed for backwards compatibility
-	//
-	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
-	OpaqueConfig *structpb.Struct `protobuf:"bytes,4,opt,name=opaque_config,json=opaqueConfig,proto3" json:"opaque_config,omitempty"`
-}
-
-func (x *ProxyConfiguration) Reset() {
-	*x = ProxyConfiguration{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ProxyConfiguration) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ProxyConfiguration) ProtoMessage() {}
-
-func (x *ProxyConfiguration) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ProxyConfiguration.ProtoReflect.Descriptor instead.
-func (*ProxyConfiguration) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *ProxyConfiguration) GetWorkloads() *v1alpha1.WorkloadSelector {
-	if x != nil {
-		return x.Workloads
-	}
-	return nil
-}
-
-func (x *ProxyConfiguration) GetDynamicConfig() *DynamicConfig {
-	if x != nil {
-		return x.DynamicConfig
-	}
-	return nil
-}
-
-func (x *ProxyConfiguration) GetBootstrapConfig() *BootstrapConfig {
-	if x != nil {
-		return x.BootstrapConfig
-	}
-	return nil
-}
-
-// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
-func (x *ProxyConfiguration) GetOpaqueConfig() *structpb.Struct {
-	if x != nil {
-		return x.OpaqueConfig
-	}
-	return nil
-}
-
-type DynamicConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// mode indicates the proxy's mode. This will default to 'transparent'.
-	Mode             ProxyMode         `protobuf:"varint,1,opt,name=mode,proto3,enum=hashicorp.consul.mesh.v1alpha1.ProxyMode" json:"mode,omitempty"`
-	TransparentProxy *TransparentProxy `protobuf:"bytes,2,opt,name=transparent_proxy,json=transparentProxy,proto3" json:"transparent_proxy,omitempty"`
-	MutualTlsMode    MutualTLSMode     `protobuf:"varint,3,opt,name=mutual_tls_mode,json=mutualTlsMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MutualTLSMode" json:"mutual_tls_mode,omitempty"`
-	// local_connection is the configuration that should be used
-	// to connect to the local application provided per-port.
-	// The map keys should correspond to port names on the workload.
-	LocalConnection map[string]*ConnectionConfig `protobuf:"bytes,4,rep,name=local_connection,json=localConnection,proto3" json:"local_connection,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	// inbound_connections configures inbound connections to the proxy.
-	InboundConnections *InboundConnectionsConfig `protobuf:"bytes,5,opt,name=inbound_connections,json=inboundConnections,proto3" json:"inbound_connections,omitempty"`
-	MeshGatewayMode    MeshGatewayMode           `protobuf:"varint,6,opt,name=mesh_gateway_mode,json=meshGatewayMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MeshGatewayMode" json:"mesh_gateway_mode,omitempty"`
-	ExposeConfig       *ExposeConfig             `protobuf:"bytes,7,opt,name=expose_config,json=exposeConfig,proto3" json:"expose_config,omitempty"`
-	// AccessLogs configures the output and format of Envoy access logs
-	AccessLogs          *AccessLogsConfig `protobuf:"bytes,8,opt,name=access_logs,json=accessLogs,proto3" json:"access_logs,omitempty"`
-	EnvoyExtensions     []*EnvoyExtension `protobuf:"bytes,9,rep,name=envoy_extensions,json=envoyExtensions,proto3" json:"envoy_extensions,omitempty"`
-	PublicListenerJson  string            `protobuf:"bytes,10,opt,name=public_listener_json,json=publicListenerJson,proto3" json:"public_listener_json,omitempty"`
-	ListenerTracingJson string            `protobuf:"bytes,11,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"`
-	LocalClusterJson    string            `protobuf:"bytes,12,opt,name=local_cluster_json,json=localClusterJson,proto3" json:"local_cluster_json,omitempty"`
-	// deprecated:
-	// local_workload_address, local_workload_port, and local_workload_socket_path
-	// are deprecated and are only needed for migration of existing resources.
-	//
-	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
-	LocalWorkloadAddress string `protobuf:"bytes,13,opt,name=local_workload_address,json=localWorkloadAddress,proto3" json:"local_workload_address,omitempty"`
-	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
-	LocalWorkloadPort uint32 `protobuf:"varint,14,opt,name=local_workload_port,json=localWorkloadPort,proto3" json:"local_workload_port,omitempty"`
-	// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
-	LocalWorkloadSocketPath string `protobuf:"bytes,15,opt,name=local_workload_socket_path,json=localWorkloadSocketPath,proto3" json:"local_workload_socket_path,omitempty"`
-}
-
-func (x *DynamicConfig) Reset() {
-	*x = DynamicConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *DynamicConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*DynamicConfig) ProtoMessage() {}
-
-func (x *DynamicConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use DynamicConfig.ProtoReflect.Descriptor instead.
-func (*DynamicConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *DynamicConfig) GetMode() ProxyMode {
-	if x != nil {
-		return x.Mode
-	}
-	return ProxyMode_PROXY_MODE_DEFAULT
-}
-
-func (x *DynamicConfig) GetTransparentProxy() *TransparentProxy {
-	if x != nil {
-		return x.TransparentProxy
-	}
-	return nil
-}
-
-func (x *DynamicConfig) GetMutualTlsMode() MutualTLSMode {
-	if x != nil {
-		return x.MutualTlsMode
-	}
-	return MutualTLSMode_MUTUAL_TLS_MODE_DEFAULT
-}
-
-func (x *DynamicConfig) GetLocalConnection() map[string]*ConnectionConfig {
-	if x != nil {
-		return x.LocalConnection
-	}
-	return nil
-}
-
-func (x *DynamicConfig) GetInboundConnections() *InboundConnectionsConfig {
-	if x != nil {
-		return x.InboundConnections
-	}
-	return nil
-}
-
-func (x *DynamicConfig) GetMeshGatewayMode() MeshGatewayMode {
-	if x != nil {
-		return x.MeshGatewayMode
-	}
-	return MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED
-}
-
-func (x *DynamicConfig) GetExposeConfig() *ExposeConfig {
-	if x != nil {
-		return x.ExposeConfig
-	}
-	return nil
-}
-
-func (x *DynamicConfig) GetAccessLogs() *AccessLogsConfig {
-	if x != nil {
-		return x.AccessLogs
-	}
-	return nil
-}
-
-func (x *DynamicConfig) GetEnvoyExtensions() []*EnvoyExtension {
-	if x != nil {
-		return x.EnvoyExtensions
-	}
-	return nil
-}
-
-func (x *DynamicConfig) GetPublicListenerJson() string {
-	if x != nil {
-		return x.PublicListenerJson
-	}
-	return ""
-}
-
-func (x *DynamicConfig) GetListenerTracingJson() string {
-	if x != nil {
-		return x.ListenerTracingJson
-	}
-	return ""
-}
-
-func (x *DynamicConfig) GetLocalClusterJson() string {
-	if x != nil {
-		return x.LocalClusterJson
-	}
-	return ""
-}
-
-// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
-func (x *DynamicConfig) GetLocalWorkloadAddress() string {
-	if x != nil {
-		return x.LocalWorkloadAddress
-	}
-	return ""
-}
-
-// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
-func (x *DynamicConfig) GetLocalWorkloadPort() uint32 {
-	if x != nil {
-		return x.LocalWorkloadPort
-	}
-	return 0
-}
-
-// Deprecated: Marked as deprecated in pbmesh/v1alpha1/proxy_configuration.proto.
-func (x *DynamicConfig) GetLocalWorkloadSocketPath() string {
-	if x != nil {
-		return x.LocalWorkloadSocketPath
-	}
-	return ""
-}
-
-type TransparentProxy struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// outbound_listener_port is the port for the proxy's outbound listener.
-	// This defaults to 15001.
-	OutboundListenerPort uint32 `protobuf:"varint,1,opt,name=outbound_listener_port,json=outboundListenerPort,proto3" json:"outbound_listener_port,omitempty"`
-	// dialed_directly indicates whether this proxy should be dialed using original destination IP
-	// in the connection rather than load balance between all endpoints.
-	DialedDirectly bool `protobuf:"varint,2,opt,name=dialed_directly,json=dialedDirectly,proto3" json:"dialed_directly,omitempty"`
-}
-
-func (x *TransparentProxy) Reset() {
-	*x = TransparentProxy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TransparentProxy) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TransparentProxy) ProtoMessage() {}
-
-func (x *TransparentProxy) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TransparentProxy.ProtoReflect.Descriptor instead.
-func (*TransparentProxy) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *TransparentProxy) GetOutboundListenerPort() uint32 {
-	if x != nil {
-		return x.OutboundListenerPort
-	}
-	return 0
-}
-
-func (x *TransparentProxy) GetDialedDirectly() bool {
-	if x != nil {
-		return x.DialedDirectly
-	}
-	return false
-}
-
-// BootstrapConfig is equivalent to configuration defined
-// in our docs.
-type BootstrapConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	StatsdUrl           string   `protobuf:"bytes,1,opt,name=statsd_url,json=statsdUrl,proto3" json:"statsd_url,omitempty"`
-	DogstatsdUrl        string   `protobuf:"bytes,2,opt,name=dogstatsd_url,json=dogstatsdUrl,proto3" json:"dogstatsd_url,omitempty"`
-	StatsTags           []string `protobuf:"bytes,3,rep,name=stats_tags,json=statsTags,proto3" json:"stats_tags,omitempty"`
-	PrometheusBindAddr  string   `protobuf:"bytes,4,opt,name=prometheus_bind_addr,json=prometheusBindAddr,proto3" json:"prometheus_bind_addr,omitempty"`
-	StatsBindAddr       string   `protobuf:"bytes,5,opt,name=stats_bind_addr,json=statsBindAddr,proto3" json:"stats_bind_addr,omitempty"`
-	ReadyBindAddr       string   `protobuf:"bytes,6,opt,name=ready_bind_addr,json=readyBindAddr,proto3" json:"ready_bind_addr,omitempty"`
-	OverrideJsonTpl     string   `protobuf:"bytes,7,opt,name=override_json_tpl,json=overrideJsonTpl,proto3" json:"override_json_tpl,omitempty"`
-	StaticClustersJson  string   `protobuf:"bytes,8,opt,name=static_clusters_json,json=staticClustersJson,proto3" json:"static_clusters_json,omitempty"`
-	StaticListenersJson string   `protobuf:"bytes,9,opt,name=static_listeners_json,json=staticListenersJson,proto3" json:"static_listeners_json,omitempty"`
-	StatsSinksJson      string   `protobuf:"bytes,10,opt,name=stats_sinks_json,json=statsSinksJson,proto3" json:"stats_sinks_json,omitempty"`
-	StatsConfigJson     string   `protobuf:"bytes,11,opt,name=stats_config_json,json=statsConfigJson,proto3" json:"stats_config_json,omitempty"`
-	StatsFlushInterval  string   `protobuf:"bytes,12,opt,name=stats_flush_interval,json=statsFlushInterval,proto3" json:"stats_flush_interval,omitempty"`
-	TracingConfigJson   string   `protobuf:"bytes,13,opt,name=tracing_config_json,json=tracingConfigJson,proto3" json:"tracing_config_json,omitempty"`
-}
-
-func (x *BootstrapConfig) Reset() {
-	*x = BootstrapConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *BootstrapConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*BootstrapConfig) ProtoMessage() {}
-
-func (x *BootstrapConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use BootstrapConfig.ProtoReflect.Descriptor instead.
-func (*BootstrapConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *BootstrapConfig) GetStatsdUrl() string {
-	if x != nil {
-		return x.StatsdUrl
-	}
-	return ""
-}
-
-func (x *BootstrapConfig) GetDogstatsdUrl() string {
-	if x != nil {
-		return x.DogstatsdUrl
-	}
-	return ""
-}
-
-func (x *BootstrapConfig) GetStatsTags() []string {
-	if x != nil {
-		return x.StatsTags
-	}
-	return nil
-}
-
-func (x *BootstrapConfig) GetPrometheusBindAddr() string {
-	if x != nil {
-		return x.PrometheusBindAddr
-	}
-	return ""
-}
-
-func (x *BootstrapConfig) GetStatsBindAddr() string {
-	if x != nil {
-		return x.StatsBindAddr
-	}
-	return ""
-}
-
-func (x *BootstrapConfig) GetReadyBindAddr() string {
-	if x != nil {
-		return x.ReadyBindAddr
-	}
-	return ""
-}
-
-func (x *BootstrapConfig) GetOverrideJsonTpl() string {
-	if x != nil {
-		return x.OverrideJsonTpl
-	}
-	return ""
-}
-
-func (x *BootstrapConfig) GetStaticClustersJson() string {
-	if x != nil {
-		return x.StaticClustersJson
-	}
-	return ""
-}
-
-func (x *BootstrapConfig) GetStaticListenersJson() string {
-	if x != nil {
-		return x.StaticListenersJson
-	}
-	return ""
-}
-
-func (x *BootstrapConfig) GetStatsSinksJson() string {
-	if x != nil {
-		return x.StatsSinksJson
-	}
-	return ""
-}
-
-func (x *BootstrapConfig) GetStatsConfigJson() string {
-	if x != nil {
-		return x.StatsConfigJson
-	}
-	return ""
-}
-
-func (x *BootstrapConfig) GetStatsFlushInterval() string {
-	if x != nil {
-		return x.StatsFlushInterval
-	}
-	return ""
-}
-
-func (x *BootstrapConfig) GetTracingConfigJson() string {
-	if x != nil {
-		return x.TracingConfigJson
-	}
-	return ""
-}
-
-// AccessLogsConfig contains the associated default settings for all Envoy
-// instances within the datacenter or partition
-type AccessLogsConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Enabled turns off all access logging
-	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
-	// DisableListenerLogs turns off just listener logs for connections rejected by Envoy because they don't
-	// have a matching listener filter.
-	DisableListenerLogs bool `protobuf:"varint,2,opt,name=disable_listener_logs,json=disableListenerLogs,proto3" json:"disable_listener_logs,omitempty"`
-	// Type selects the output for logs: "file", "stderr". "stdout"
-	Type LogSinkType `protobuf:"varint,3,opt,name=type,proto3,enum=hashicorp.consul.mesh.v1alpha1.LogSinkType" json:"type,omitempty"`
-	// Path is the output file to write logs
-	Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
-	// The presence of one format string or the other implies the access log string encoding.
-	// Defining Both is invalid.
-	JsonFormat string `protobuf:"bytes,5,opt,name=json_format,json=jsonFormat,proto3" json:"json_format,omitempty"`
-	TextFormat string `protobuf:"bytes,6,opt,name=text_format,json=textFormat,proto3" json:"text_format,omitempty"`
-}
-
-func (x *AccessLogsConfig) Reset() {
-	*x = AccessLogsConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AccessLogsConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AccessLogsConfig) ProtoMessage() {}
-
-func (x *AccessLogsConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AccessLogsConfig.ProtoReflect.Descriptor instead.
-func (*AccessLogsConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *AccessLogsConfig) GetEnabled() bool {
-	if x != nil {
-		return x.Enabled
-	}
-	return false
-}
-
-func (x *AccessLogsConfig) GetDisableListenerLogs() bool {
-	if x != nil {
-		return x.DisableListenerLogs
-	}
-	return false
-}
-
-func (x *AccessLogsConfig) GetType() LogSinkType {
-	if x != nil {
-		return x.Type
-	}
-	return LogSinkType_LOG_SINK_TYPE_DEFAULT
-}
-
-func (x *AccessLogsConfig) GetPath() string {
-	if x != nil {
-		return x.Path
-	}
-	return ""
-}
-
-func (x *AccessLogsConfig) GetJsonFormat() string {
-	if x != nil {
-		return x.JsonFormat
-	}
-	return ""
-}
-
-func (x *AccessLogsConfig) GetTextFormat() string {
-	if x != nil {
-		return x.TextFormat
-	}
-	return ""
-}
-
-// EnvoyExtension has configuration for an extension that patches Envoy resources.
-type EnvoyExtension struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name          string           `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Required      bool             `protobuf:"varint,2,opt,name=required,proto3" json:"required,omitempty"`
-	Arguments     *structpb.Struct `protobuf:"bytes,3,opt,name=arguments,proto3" json:"arguments,omitempty"`
-	ConsulVersion string           `protobuf:"bytes,4,opt,name=consul_version,json=consulVersion,proto3" json:"consul_version,omitempty"`
-	EnvoyVersion  string           `protobuf:"bytes,5,opt,name=envoy_version,json=envoyVersion,proto3" json:"envoy_version,omitempty"`
-}
-
-func (x *EnvoyExtension) Reset() {
-	*x = EnvoyExtension{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *EnvoyExtension) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*EnvoyExtension) ProtoMessage() {}
-
-func (x *EnvoyExtension) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use EnvoyExtension.ProtoReflect.Descriptor instead.
-func (*EnvoyExtension) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *EnvoyExtension) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *EnvoyExtension) GetRequired() bool {
-	if x != nil {
-		return x.Required
-	}
-	return false
-}
-
-func (x *EnvoyExtension) GetArguments() *structpb.Struct {
-	if x != nil {
-		return x.Arguments
-	}
-	return nil
-}
-
-func (x *EnvoyExtension) GetConsulVersion() string {
-	if x != nil {
-		return x.ConsulVersion
-	}
-	return ""
-}
-
-func (x *EnvoyExtension) GetEnvoyVersion() string {
-	if x != nil {
-		return x.EnvoyVersion
-	}
-	return ""
-}
-
-var File_pbmesh_v1alpha1_proxy_configuration_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc = []byte{
-	0x0a, 0x29, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1c, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72,
-	0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x70, 0x62, 0x63, 0x61, 0x74,
-	0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x65,
-	0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62,
-	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c,
-	0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f,
-	0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x62,
-	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x72, 0x6f,
-	0x75, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xdb, 0x02, 0x0a, 0x12,
-	0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x51, 0x0a, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f,
-	0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b,
-	0x6c, 0x6f, 0x61, 0x64, 0x73, 0x12, 0x54, 0x0a, 0x0e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63,
-	0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44,
-	0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0d, 0x64, 0x79,
-	0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5a, 0x0a, 0x10, 0x62,
-	0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0f, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61,
-	0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x40, 0x0a, 0x0d, 0x6f, 0x70, 0x61, 0x71, 0x75,
-	0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0c, 0x6f, 0x70, 0x61,
-	0x71, 0x75, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xf5, 0x09, 0x0a, 0x0d, 0x44, 0x79,
-	0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3d, 0x0a, 0x04, 0x6d,
-	0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79,
-	0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x5d, 0x0a, 0x11, 0x74, 0x72,
-	0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65,
-	0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x10, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61,
-	0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x55, 0x0a, 0x0f, 0x6d, 0x75, 0x74,
-	0x75, 0x61, 0x6c, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64,
-	0x65, 0x52, 0x0d, 0x6d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x6c, 0x73, 0x4d, 0x6f, 0x64, 0x65,
-	0x12, 0x6d, 0x0a, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x79, 0x6e, 0x61,
-	0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f,
-	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12,
-	0x69, 0x0a, 0x13, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x6e,
-	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x12, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5b, 0x0a, 0x11, 0x6d, 0x65,
-	0x73, 0x68, 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18,
-	0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77,
-	0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65,
-	0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x51, 0x0a, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73,
-	0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0c, 0x65, 0x78,
-	0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x51, 0x0a, 0x0b, 0x61, 0x63,
-	0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x59, 0x0a,
-	0x10, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
-	0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78,
-	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78,
-	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x75, 0x62, 0x6c,
-	0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e,
-	0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4c, 0x69,
-	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69,
-	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a,
-	0x73, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65,
-	0x6e, 0x65, 0x72, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2c,
-	0x0a, 0x12, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f,
-	0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x6c, 0x6f, 0x63, 0x61,
-	0x6c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x16,
-	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x61,
-	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01,
-	0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x41,
-	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x32, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f,
-	0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0e, 0x20,
-	0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f,
-	0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x3f, 0x0a, 0x1a, 0x6c, 0x6f,
-	0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x6f, 0x63,
-	0x6b, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02,
-	0x18, 0x01, 0x52, 0x17, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61,
-	0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x74, 0x0a, 0x14, 0x4c,
-	0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x46, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
-	0x01, 0x22, 0x71, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
-	0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x34, 0x0a, 0x16, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e,
-	0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x14, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64,
-	0x69, 0x61, 0x6c, 0x65, 0x64, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65,
-	0x63, 0x74, 0x6c, 0x79, 0x22, 0xc0, 0x04, 0x0a, 0x0f, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72,
-	0x61, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74,
-	0x73, 0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74,
-	0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x6f, 0x67, 0x73, 0x74,
-	0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c,
-	0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x1d, 0x0a, 0x0a,
-	0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09,
-	0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, 0x54, 0x61, 0x67, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70,
-	0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61,
-	0x64, 0x64, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, 0x6f, 0x6d, 0x65,
-	0x74, 0x68, 0x65, 0x75, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a,
-	0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x74, 0x61, 0x74, 0x73, 0x42, 0x69, 0x6e,
-	0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x72, 0x65, 0x61, 0x64, 0x79, 0x5f, 0x62,
-	0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d,
-	0x72, 0x65, 0x61, 0x64, 0x79, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x2a, 0x0a,
-	0x11, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x74,
-	0x70, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69,
-	0x64, 0x65, 0x4a, 0x73, 0x6f, 0x6e, 0x54, 0x70, 0x6c, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61,
-	0x74, 0x69, 0x63, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f,
-	0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x43,
-	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x73,
-	0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x5f,
-	0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x73, 0x74, 0x61, 0x74,
-	0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12,
-	0x28, 0x0a, 0x10, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x73, 0x69, 0x6e, 0x6b, 0x73, 0x5f, 0x6a,
-	0x73, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x73,
-	0x53, 0x69, 0x6e, 0x6b, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x74, 0x61,
-	0x74, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x66,
-	0x6c, 0x75, 0x73, 0x68, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0c, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x73, 0x46, 0x6c, 0x75, 0x73, 0x68, 0x49,
-	0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x63, 0x69,
-	0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0d,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x22, 0xf7, 0x01, 0x0a, 0x10, 0x41, 0x63, 0x63, 0x65,
-	0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07,
-	0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65,
-	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x32, 0x0a, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c,
-	0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x4c, 0x69,
-	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x3f, 0x0a, 0x04, 0x74, 0x79,
-	0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e,
-	0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70,
-	0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12,
-	0x1f, 0x0a, 0x0b, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6a, 0x73, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74,
-	0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18,
-	0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x65, 0x78, 0x74, 0x46, 0x6f, 0x72, 0x6d, 0x61,
-	0x74, 0x22, 0xc3, 0x01, 0x0a, 0x0e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e,
-	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x71, 0x75,
-	0x69, 0x72, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x71, 0x75,
-	0x69, 0x72, 0x65, 0x64, 0x12, 0x35, 0x0a, 0x09, 0x61, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74,
-	0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74,
-	0x52, 0x09, 0x61, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69,
-	0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73,
-	0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x65, 0x6e, 0x76, 0x6f, 0x79,
-	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x2a, 0x56, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79,
-	0x4d, 0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f,
-	0x44, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16,
-	0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53,
-	0x50, 0x41, 0x52, 0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x50, 0x52, 0x4f, 0x58,
-	0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x10, 0x02, 0x2a,
-	0x74, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19,
-	0x0a, 0x15, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4c, 0x4f, 0x47,
-	0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10,
-	0x01, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x45, 0x52, 0x52, 0x10, 0x02, 0x12, 0x18, 0x0a, 0x14, 0x4c,
-	0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44,
-	0x4f, 0x55, 0x54, 0x10, 0x03, 0x2a, 0x68, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54,
-	0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c,
-	0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c,
-	0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c,
-	0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x01, 0x12,
-	0x1e, 0x0a, 0x1a, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f,
-	0x44, 0x45, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x02, 0x42,
-	0x9f, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x17, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
-	0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65,
-	0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02,
-	0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca,
-	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21,
-	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescData = file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_proxy_configuration_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
-var file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
-var file_pbmesh_v1alpha1_proxy_configuration_proto_goTypes = []interface{}{
-	(ProxyMode)(0),                    // 0: hashicorp.consul.mesh.v1alpha1.ProxyMode
-	(LogSinkType)(0),                  // 1: hashicorp.consul.mesh.v1alpha1.LogSinkType
-	(MutualTLSMode)(0),                // 2: hashicorp.consul.mesh.v1alpha1.MutualTLSMode
-	(*ProxyConfiguration)(nil),        // 3: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration
-	(*DynamicConfig)(nil),             // 4: hashicorp.consul.mesh.v1alpha1.DynamicConfig
-	(*TransparentProxy)(nil),          // 5: hashicorp.consul.mesh.v1alpha1.TransparentProxy
-	(*BootstrapConfig)(nil),           // 6: hashicorp.consul.mesh.v1alpha1.BootstrapConfig
-	(*AccessLogsConfig)(nil),          // 7: hashicorp.consul.mesh.v1alpha1.AccessLogsConfig
-	(*EnvoyExtension)(nil),            // 8: hashicorp.consul.mesh.v1alpha1.EnvoyExtension
-	nil,                               // 9: hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry
-	(*v1alpha1.WorkloadSelector)(nil), // 10: hashicorp.consul.catalog.v1alpha1.WorkloadSelector
-	(*structpb.Struct)(nil),           // 11: google.protobuf.Struct
-	(*InboundConnectionsConfig)(nil),  // 12: hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig
-	(MeshGatewayMode)(0),              // 13: hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
-	(*ExposeConfig)(nil),              // 14: hashicorp.consul.mesh.v1alpha1.ExposeConfig
-	(*ConnectionConfig)(nil),          // 15: hashicorp.consul.mesh.v1alpha1.ConnectionConfig
-}
-var file_pbmesh_v1alpha1_proxy_configuration_proto_depIdxs = []int32{
-	10, // 0: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
-	4,  // 1: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.dynamic_config:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicConfig
-	6,  // 2: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.bootstrap_config:type_name -> hashicorp.consul.mesh.v1alpha1.BootstrapConfig
-	11, // 3: hashicorp.consul.mesh.v1alpha1.ProxyConfiguration.opaque_config:type_name -> google.protobuf.Struct
-	0,  // 4: hashicorp.consul.mesh.v1alpha1.DynamicConfig.mode:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyMode
-	5,  // 5: hashicorp.consul.mesh.v1alpha1.DynamicConfig.transparent_proxy:type_name -> hashicorp.consul.mesh.v1alpha1.TransparentProxy
-	2,  // 6: hashicorp.consul.mesh.v1alpha1.DynamicConfig.mutual_tls_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MutualTLSMode
-	9,  // 7: hashicorp.consul.mesh.v1alpha1.DynamicConfig.local_connection:type_name -> hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry
-	12, // 8: hashicorp.consul.mesh.v1alpha1.DynamicConfig.inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.InboundConnectionsConfig
-	13, // 9: hashicorp.consul.mesh.v1alpha1.DynamicConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
-	14, // 10: hashicorp.consul.mesh.v1alpha1.DynamicConfig.expose_config:type_name -> hashicorp.consul.mesh.v1alpha1.ExposeConfig
-	7,  // 11: hashicorp.consul.mesh.v1alpha1.DynamicConfig.access_logs:type_name -> hashicorp.consul.mesh.v1alpha1.AccessLogsConfig
-	8,  // 12: hashicorp.consul.mesh.v1alpha1.DynamicConfig.envoy_extensions:type_name -> hashicorp.consul.mesh.v1alpha1.EnvoyExtension
-	1,  // 13: hashicorp.consul.mesh.v1alpha1.AccessLogsConfig.type:type_name -> hashicorp.consul.mesh.v1alpha1.LogSinkType
-	11, // 14: hashicorp.consul.mesh.v1alpha1.EnvoyExtension.arguments:type_name -> google.protobuf.Struct
-	15, // 15: hashicorp.consul.mesh.v1alpha1.DynamicConfig.LocalConnectionEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.ConnectionConfig
-	16, // [16:16] is the sub-list for method output_type
-	16, // [16:16] is the sub-list for method input_type
-	16, // [16:16] is the sub-list for extension type_name
-	16, // [16:16] is the sub-list for extension extendee
-	0,  // [0:16] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_proxy_configuration_proto_init() }
-func file_pbmesh_v1alpha1_proxy_configuration_proto_init() {
-	if File_pbmesh_v1alpha1_proxy_configuration_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_connection_proto_init()
-	file_pbmesh_v1alpha1_expose_proto_init()
-	file_pbmesh_v1alpha1_routing_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ProxyConfiguration); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DynamicConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TransparentProxy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*BootstrapConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AccessLogsConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EnvoyExtension); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc,
-			NumEnums:      3,
-			NumMessages:   7,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_proxy_configuration_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_proxy_configuration_proto_depIdxs,
-		EnumInfos:         file_pbmesh_v1alpha1_proxy_configuration_proto_enumTypes,
-		MessageInfos:      file_pbmesh_v1alpha1_proxy_configuration_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_proxy_configuration_proto = out.File
-	file_pbmesh_v1alpha1_proxy_configuration_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_proxy_configuration_proto_goTypes = nil
-	file_pbmesh_v1alpha1_proxy_configuration_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.pb.binary.go b/proto-public/pbmesh/v1alpha1/proxy_state.pb.binary.go
deleted file mode 100644
index 747ffba08044..000000000000
--- a/proto-public/pbmesh/v1alpha1/proxy_state.pb.binary.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/proxy_state.proto
-
-package meshv1alpha1
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *ProxyStateTemplate) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *ProxyStateTemplate) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *ProxyState) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *ProxyState) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go b/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
deleted file mode 100644
index 59337a5fffbc..000000000000
--- a/proto-public/pbmesh/v1alpha1/proxy_state.pb.go
+++ /dev/null
@@ -1,563 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/proxy_state.proto
-
-package meshv1alpha1
-
-import (
-	pbproxystate "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate"
-	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type ProxyStateTemplate struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// proxy_state is the partially filled out ProxyState resource. The Endpoints, LeafCertificates and TrustBundles fields will need filling in after the resource is stored.
-	ProxyState *ProxyState `protobuf:"bytes,1,opt,name=proxy_state,json=proxyState,proto3" json:"proxy_state,omitempty"`
-	// required_endpoints is a map of arbitrary string names to endpoint refs that need fetching by the proxy state controller.
-	RequiredEndpoints map[string]*pbproxystate.EndpointRef `protobuf:"bytes,2,rep,name=required_endpoints,json=requiredEndpoints,proto3" json:"required_endpoints,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	// required_leaf_certificates is a map of arbitrary string names to leaf certificates that need fetching/generation by the proxy state controller.
-	RequiredLeafCertificates map[string]*pbproxystate.LeafCertificateRef `protobuf:"bytes,3,rep,name=required_leaf_certificates,json=requiredLeafCertificates,proto3" json:"required_leaf_certificates,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	// required_trust_bundles is a map of arbitrary string names to trust bundle refs that need fetching by the proxy state controller.
-	RequiredTrustBundles map[string]*pbproxystate.TrustBundleRef `protobuf:"bytes,4,rep,name=required_trust_bundles,json=requiredTrustBundles,proto3" json:"required_trust_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-}
-
-func (x *ProxyStateTemplate) Reset() {
-	*x = ProxyStateTemplate{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ProxyStateTemplate) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ProxyStateTemplate) ProtoMessage() {}
-
-func (x *ProxyStateTemplate) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ProxyStateTemplate.ProtoReflect.Descriptor instead.
-func (*ProxyStateTemplate) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_state_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *ProxyStateTemplate) GetProxyState() *ProxyState {
-	if x != nil {
-		return x.ProxyState
-	}
-	return nil
-}
-
-func (x *ProxyStateTemplate) GetRequiredEndpoints() map[string]*pbproxystate.EndpointRef {
-	if x != nil {
-		return x.RequiredEndpoints
-	}
-	return nil
-}
-
-func (x *ProxyStateTemplate) GetRequiredLeafCertificates() map[string]*pbproxystate.LeafCertificateRef {
-	if x != nil {
-		return x.RequiredLeafCertificates
-	}
-	return nil
-}
-
-func (x *ProxyStateTemplate) GetRequiredTrustBundles() map[string]*pbproxystate.TrustBundleRef {
-	if x != nil {
-		return x.RequiredTrustBundles
-	}
-	return nil
-}
-
-type ProxyState struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// identity is a reference to the identity of the workload this proxy is for.
-	Identity *pbresource.Reference `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
-	// listeners is a list of listeners for this proxy.
-	Listeners []*pbproxystate.Listener `protobuf:"bytes,2,rep,name=listeners,proto3" json:"listeners,omitempty"`
-	// clusters is a map from cluster name to clusters. The keys are referenced from listeners or routes.
-	Clusters map[string]*pbproxystate.Cluster `protobuf:"bytes,3,rep,name=clusters,proto3" json:"clusters,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	// routes is a map from route name to routes. The keys are referenced from listeners.
-	Routes map[string]*pbproxystate.Route `protobuf:"bytes,4,rep,name=routes,proto3" json:"routes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	// endpoints is a map from cluster name to endpoints.
-	Endpoints map[string]*pbproxystate.Endpoints `protobuf:"bytes,5,rep,name=endpoints,proto3" json:"endpoints,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	// leaf certificates is a map from UUID to leaf certificates.
-	LeafCertificates map[string]*pbproxystate.LeafCertificate `protobuf:"bytes,6,rep,name=leaf_certificates,json=leafCertificates,proto3" json:"leaf_certificates,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	// trust bundles is a map from peer name to trust bundles.
-	TrustBundles map[string]*pbproxystate.TrustBundle `protobuf:"bytes,7,rep,name=trust_bundles,json=trustBundles,proto3" json:"trust_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	// tls has TLS configuration for this proxy.
-	Tls *pbproxystate.TLS `protobuf:"bytes,8,opt,name=tls,proto3" json:"tls,omitempty"`
-	// intention_default_allow is the default action for intentions. This determines how the Envoy RBAC filters are generated.
-	IntentionDefaultAllow bool `protobuf:"varint,9,opt,name=intention_default_allow,json=intentionDefaultAllow,proto3" json:"intention_default_allow,omitempty"`
-	// escape defines top level escape hatches. These are user configured json strings that configure an entire piece of listener or cluster Envoy configuration.
-	Escape *pbproxystate.EscapeHatches `protobuf:"bytes,10,opt,name=escape,proto3" json:"escape,omitempty"`
-	// access_logs configures access logging for this proxy.
-	AccessLogs *pbproxystate.AccessLogs `protobuf:"bytes,11,opt,name=access_logs,json=accessLogs,proto3" json:"access_logs,omitempty"`
-}
-
-func (x *ProxyState) Reset() {
-	*x = ProxyState{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ProxyState) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ProxyState) ProtoMessage() {}
-
-func (x *ProxyState) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ProxyState.ProtoReflect.Descriptor instead.
-func (*ProxyState) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_proxy_state_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *ProxyState) GetIdentity() *pbresource.Reference {
-	if x != nil {
-		return x.Identity
-	}
-	return nil
-}
-
-func (x *ProxyState) GetListeners() []*pbproxystate.Listener {
-	if x != nil {
-		return x.Listeners
-	}
-	return nil
-}
-
-func (x *ProxyState) GetClusters() map[string]*pbproxystate.Cluster {
-	if x != nil {
-		return x.Clusters
-	}
-	return nil
-}
-
-func (x *ProxyState) GetRoutes() map[string]*pbproxystate.Route {
-	if x != nil {
-		return x.Routes
-	}
-	return nil
-}
-
-func (x *ProxyState) GetEndpoints() map[string]*pbproxystate.Endpoints {
-	if x != nil {
-		return x.Endpoints
-	}
-	return nil
-}
-
-func (x *ProxyState) GetLeafCertificates() map[string]*pbproxystate.LeafCertificate {
-	if x != nil {
-		return x.LeafCertificates
-	}
-	return nil
-}
-
-func (x *ProxyState) GetTrustBundles() map[string]*pbproxystate.TrustBundle {
-	if x != nil {
-		return x.TrustBundles
-	}
-	return nil
-}
-
-func (x *ProxyState) GetTls() *pbproxystate.TLS {
-	if x != nil {
-		return x.Tls
-	}
-	return nil
-}
-
-func (x *ProxyState) GetIntentionDefaultAllow() bool {
-	if x != nil {
-		return x.IntentionDefaultAllow
-	}
-	return false
-}
-
-func (x *ProxyState) GetEscape() *pbproxystate.EscapeHatches {
-	if x != nil {
-		return x.Escape
-	}
-	return nil
-}
-
-func (x *ProxyState) GetAccessLogs() *pbproxystate.AccessLogs {
-	if x != nil {
-		return x.AccessLogs
-	}
-	return nil
-}
-
-var File_pbmesh_v1alpha1_proxy_state_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_proxy_state_proto_rawDesc = []byte{
-	0x0a, 0x21, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x1a, 0x2e, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x1a, 0x2a, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
-	0x2c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x65, 0x6e,
-	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x31, 0x70,
-	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x65, 0x73, 0x63, 0x61,
-	0x70, 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x1a, 0x2b, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x6c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2d, 0x70,
-	0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x72, 0x65, 0x66, 0x65,
-	0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x28, 0x70, 0x62,
-	0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x33, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73,
-	0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x70, 0x62, 0x72,
-	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x87, 0x07, 0x0a, 0x12, 0x50, 0x72, 0x6f, 0x78, 0x79,
-	0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x12, 0x4b, 0x0a,
-	0x0b, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x78, 0x0a, 0x12, 0x72, 0x65,
-	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73,
-	0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69,
-	0x72, 0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x52, 0x11, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x73, 0x12, 0x8e, 0x01, 0x0a, 0x1a, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
-	0x64, 0x5f, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x50, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79,
-	0x53, 0x74, 0x61, 0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65,
-	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x18, 0x72, 0x65, 0x71,
-	0x75, 0x69, 0x72, 0x65, 0x64, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x82, 0x01, 0x0a, 0x16, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72,
-	0x65, 0x64, 0x5f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73,
-	0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x4c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x69,
-	0x72, 0x65, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45,
-	0x6e, 0x74, 0x72, 0x79, 0x52, 0x14, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x54, 0x72,
-	0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x1a, 0x7e, 0x0a, 0x16, 0x52, 0x65,
-	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45,
-	0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x4e, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x52,
-	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x8c, 0x01, 0x0a, 0x1d, 0x52,
-	0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69,
-	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
-	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x55,
-	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70,
-	0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x65, 0x61, 0x66,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x66, 0x52, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x84, 0x01, 0x0a, 0x19, 0x52, 0x65,
-	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c,
-	0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x51, 0x0a, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64,
-	0x6c, 0x65, 0x52, 0x65, 0x66, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
-	0x22, 0xf5, 0x0b, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
-	0x40, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x24, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x52, 0x65,
-	0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
-	0x79, 0x12, 0x53, 0x0a, 0x09, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x6c, 0x69, 0x73,
-	0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x54, 0x0a, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65,
-	0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53,
-	0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74,
-	0x72, 0x79, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4e, 0x0a, 0x06,
-	0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72,
-	0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x45,
-	0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x57, 0x0a, 0x09,
-	0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x6d, 0x0a, 0x11, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x65, 0x61,
-	0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74,
-	0x72, 0x79, 0x52, 0x10, 0x6c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x73, 0x12, 0x61, 0x0a, 0x0d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x62, 0x75,
-	0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f,
-	0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e,
-	0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74,
-	0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x12, 0x42, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x08,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x2e, 0x54, 0x4c, 0x53, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x36, 0x0a, 0x17, 0x69,
-	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
-	0x5f, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x69, 0x6e,
-	0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x41, 0x6c,
-	0x6c, 0x6f, 0x77, 0x12, 0x52, 0x0a, 0x06, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x18, 0x0a, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x45, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x52,
-	0x06, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x12, 0x58, 0x0a, 0x0b, 0x61, 0x63, 0x63, 0x65, 0x73,
-	0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62,
-	0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73,
-	0x73, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67,
-	0x73, 0x1a, 0x71, 0x0a, 0x0d, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74,
-	0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x03, 0x6b, 0x65, 0x79, 0x12, 0x4a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x3a, 0x02, 0x38, 0x01, 0x1a, 0x6d, 0x0a, 0x0b, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x48, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
-	0x02, 0x38, 0x01, 0x1a, 0x74, 0x0a, 0x0e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73,
-	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x4c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x52, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x81, 0x01, 0x0a, 0x15, 0x4c, 0x65,
-	0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x52, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x2e, 0x4c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x79, 0x0a,
-	0x11, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74,
-	0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x03, 0x6b, 0x65, 0x79, 0x12, 0x4e, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74,
-	0x65, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x97, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42,
-	0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f,
-	0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d,
-	0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73,
-	0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa,
-	0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02,
-	0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_proxy_state_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_proxy_state_proto_rawDescData = file_pbmesh_v1alpha1_proxy_state_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_proxy_state_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_proxy_state_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_proxy_state_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_proxy_state_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_proxy_state_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_proxy_state_proto_msgTypes = make([]protoimpl.MessageInfo, 10)
-var file_pbmesh_v1alpha1_proxy_state_proto_goTypes = []interface{}{
-	(*ProxyStateTemplate)(nil),              // 0: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate
-	(*ProxyState)(nil),                      // 1: hashicorp.consul.mesh.v1alpha1.ProxyState
-	nil,                                     // 2: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredEndpointsEntry
-	nil,                                     // 3: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredLeafCertificatesEntry
-	nil,                                     // 4: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredTrustBundlesEntry
-	nil,                                     // 5: hashicorp.consul.mesh.v1alpha1.ProxyState.ClustersEntry
-	nil,                                     // 6: hashicorp.consul.mesh.v1alpha1.ProxyState.RoutesEntry
-	nil,                                     // 7: hashicorp.consul.mesh.v1alpha1.ProxyState.EndpointsEntry
-	nil,                                     // 8: hashicorp.consul.mesh.v1alpha1.ProxyState.LeafCertificatesEntry
-	nil,                                     // 9: hashicorp.consul.mesh.v1alpha1.ProxyState.TrustBundlesEntry
-	(*pbresource.Reference)(nil),            // 10: hashicorp.consul.resource.Reference
-	(*pbproxystate.Listener)(nil),           // 11: hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener
-	(*pbproxystate.TLS)(nil),                // 12: hashicorp.consul.mesh.v1alpha1.pbproxystate.TLS
-	(*pbproxystate.EscapeHatches)(nil),      // 13: hashicorp.consul.mesh.v1alpha1.pbproxystate.EscapeHatches
-	(*pbproxystate.AccessLogs)(nil),         // 14: hashicorp.consul.mesh.v1alpha1.pbproxystate.AccessLogs
-	(*pbproxystate.EndpointRef)(nil),        // 15: hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointRef
-	(*pbproxystate.LeafCertificateRef)(nil), // 16: hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificateRef
-	(*pbproxystate.TrustBundleRef)(nil),     // 17: hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundleRef
-	(*pbproxystate.Cluster)(nil),            // 18: hashicorp.consul.mesh.v1alpha1.pbproxystate.Cluster
-	(*pbproxystate.Route)(nil),              // 19: hashicorp.consul.mesh.v1alpha1.pbproxystate.Route
-	(*pbproxystate.Endpoints)(nil),          // 20: hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoints
-	(*pbproxystate.LeafCertificate)(nil),    // 21: hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificate
-	(*pbproxystate.TrustBundle)(nil),        // 22: hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundle
-}
-var file_pbmesh_v1alpha1_proxy_state_proto_depIdxs = []int32{
-	1,  // 0: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.proxy_state:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState
-	2,  // 1: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.required_endpoints:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredEndpointsEntry
-	3,  // 2: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.required_leaf_certificates:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredLeafCertificatesEntry
-	4,  // 3: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.required_trust_bundles:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredTrustBundlesEntry
-	10, // 4: hashicorp.consul.mesh.v1alpha1.ProxyState.identity:type_name -> hashicorp.consul.resource.Reference
-	11, // 5: hashicorp.consul.mesh.v1alpha1.ProxyState.listeners:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Listener
-	5,  // 6: hashicorp.consul.mesh.v1alpha1.ProxyState.clusters:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.ClustersEntry
-	6,  // 7: hashicorp.consul.mesh.v1alpha1.ProxyState.routes:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.RoutesEntry
-	7,  // 8: hashicorp.consul.mesh.v1alpha1.ProxyState.endpoints:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.EndpointsEntry
-	8,  // 9: hashicorp.consul.mesh.v1alpha1.ProxyState.leaf_certificates:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.LeafCertificatesEntry
-	9,  // 10: hashicorp.consul.mesh.v1alpha1.ProxyState.trust_bundles:type_name -> hashicorp.consul.mesh.v1alpha1.ProxyState.TrustBundlesEntry
-	12, // 11: hashicorp.consul.mesh.v1alpha1.ProxyState.tls:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TLS
-	13, // 12: hashicorp.consul.mesh.v1alpha1.ProxyState.escape:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.EscapeHatches
-	14, // 13: hashicorp.consul.mesh.v1alpha1.ProxyState.access_logs:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.AccessLogs
-	15, // 14: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredEndpointsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.EndpointRef
-	16, // 15: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredLeafCertificatesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificateRef
-	17, // 16: hashicorp.consul.mesh.v1alpha1.ProxyStateTemplate.RequiredTrustBundlesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundleRef
-	18, // 17: hashicorp.consul.mesh.v1alpha1.ProxyState.ClustersEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Cluster
-	19, // 18: hashicorp.consul.mesh.v1alpha1.ProxyState.RoutesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Route
-	20, // 19: hashicorp.consul.mesh.v1alpha1.ProxyState.EndpointsEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.Endpoints
-	21, // 20: hashicorp.consul.mesh.v1alpha1.ProxyState.LeafCertificatesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.LeafCertificate
-	22, // 21: hashicorp.consul.mesh.v1alpha1.ProxyState.TrustBundlesEntry.value:type_name -> hashicorp.consul.mesh.v1alpha1.pbproxystate.TrustBundle
-	22, // [22:22] is the sub-list for method output_type
-	22, // [22:22] is the sub-list for method input_type
-	22, // [22:22] is the sub-list for extension type_name
-	22, // [22:22] is the sub-list for extension extendee
-	0,  // [0:22] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_proxy_state_proto_init() }
-func file_pbmesh_v1alpha1_proxy_state_proto_init() {
-	if File_pbmesh_v1alpha1_proxy_state_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ProxyStateTemplate); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_proxy_state_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ProxyState); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_proxy_state_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   10,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_proxy_state_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_proxy_state_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_proxy_state_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_proxy_state_proto = out.File
-	file_pbmesh_v1alpha1_proxy_state_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_proxy_state_proto_goTypes = nil
-	file_pbmesh_v1alpha1_proxy_state_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/proxy_state.proto b/proto-public/pbmesh/v1alpha1/proxy_state.proto
deleted file mode 100644
index a97b54ddc410..000000000000
--- a/proto-public/pbmesh/v1alpha1/proxy_state.proto
+++ /dev/null
@@ -1,55 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1;
-
-import "pbmesh/v1alpha1/pbproxystate/access_logs.proto";
-import "pbmesh/v1alpha1/pbproxystate/cluster.proto";
-import "pbmesh/v1alpha1/pbproxystate/endpoints.proto";
-import "pbmesh/v1alpha1/pbproxystate/escape_hatches.proto";
-import "pbmesh/v1alpha1/pbproxystate/listener.proto";
-import "pbmesh/v1alpha1/pbproxystate/references.proto";
-import "pbmesh/v1alpha1/pbproxystate/route.proto";
-import "pbmesh/v1alpha1/pbproxystate/transport_socket.proto";
-import "pbresource/resource.proto";
-
-message ProxyStateTemplate {
-  // proxy_state is the partially filled out ProxyState resource. The Endpoints, LeafCertificates and TrustBundles fields will need filling in after the resource is stored.
-  ProxyState proxy_state = 1;
-
-  // required_endpoints is a map of arbitrary string names to endpoint refs that need fetching by the proxy state controller.
-  map<string, pbproxystate.EndpointRef> required_endpoints = 2;
-
-  // required_leaf_certificates is a map of arbitrary string names to leaf certificates that need fetching/generation by the proxy state controller.
-  map<string, pbproxystate.LeafCertificateRef> required_leaf_certificates = 3;
-
-  // required_trust_bundles is a map of arbitrary string names to trust bundle refs that need fetching by the proxy state controller.
-  map<string, pbproxystate.TrustBundleRef> required_trust_bundles = 4;
-}
-
-message ProxyState {
-  // identity is a reference to the identity of the workload this proxy is for.
-  hashicorp.consul.resource.Reference identity = 1;
-  // listeners is a list of listeners for this proxy.
-  repeated pbproxystate.Listener listeners = 2;
-  // clusters is a map from cluster name to clusters. The keys are referenced from listeners or routes.
-  map<string, pbproxystate.Cluster> clusters = 3;
-  // routes is a map from route name to routes. The keys are referenced from listeners.
-  map<string, pbproxystate.Route> routes = 4;
-  // endpoints is a map from cluster name to endpoints.
-  map<string, pbproxystate.Endpoints> endpoints = 5;
-  // leaf certificates is a map from UUID to leaf certificates.
-  map<string, pbproxystate.LeafCertificate> leaf_certificates = 6;
-  // trust bundles is a map from peer name to trust bundles.
-  map<string, pbproxystate.TrustBundle> trust_bundles = 7;
-  // tls has TLS configuration for this proxy.
-  pbproxystate.TLS tls = 8;
-  // intention_default_allow is the default action for intentions. This determines how the Envoy RBAC filters are generated.
-  bool intention_default_allow = 9;
-  // escape defines top level escape hatches. These are user configured json strings that configure an entire piece of listener or cluster Envoy configuration.
-  pbproxystate.EscapeHatches escape = 10;
-  // access_logs configures access logging for this proxy.
-  pbproxystate.AccessLogs access_logs = 11;
-}
diff --git a/proto-public/pbmesh/v1alpha1/tcp_route.pb.binary.go b/proto-public/pbmesh/v1alpha1/tcp_route.pb.binary.go
deleted file mode 100644
index 6a7885b9ca72..000000000000
--- a/proto-public/pbmesh/v1alpha1/tcp_route.pb.binary.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/tcp_route.proto
-
-package meshv1alpha1
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *TCPRoute) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *TCPRoute) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *TCPRouteRule) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *TCPRouteRule) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *TCPBackendRef) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *TCPBackendRef) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/tcp_route.pb.go b/proto-public/pbmesh/v1alpha1/tcp_route.pb.go
deleted file mode 100644
index 6a8cf5700fc4..000000000000
--- a/proto-public/pbmesh/v1alpha1/tcp_route.pb.go
+++ /dev/null
@@ -1,362 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/tcp_route.proto
-
-package meshv1alpha1
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// NOTE: this should align to the GAMMA/gateway-api version, or at least be
-// easily translatable.
-//
-// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.TCPRoute
-//
-// This is a Resource type.
-type TCPRoute struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// ParentRefs references the resources (usually Gateways) that a Route wants
-	// to be attached to. Note that the referenced parent resource needs to allow
-	// this for the attachment to be complete. For Gateways, that means the
-	// Gateway needs to allow attachment from Routes of this kind and namespace.
-	//
-	// It is invalid to reference an identical parent more than once. It is valid
-	// to reference multiple distinct sections within the same parent resource,
-	// such as 2 Listeners within a Gateway.
-	ParentRefs []*ParentReference `protobuf:"bytes,1,rep,name=parent_refs,json=parentRefs,proto3" json:"parent_refs,omitempty"`
-	// Rules are a list of TCP matchers and actions.
-	Rules []*TCPRouteRule `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"`
-}
-
-func (x *TCPRoute) Reset() {
-	*x = TCPRoute{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TCPRoute) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TCPRoute) ProtoMessage() {}
-
-func (x *TCPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TCPRoute.ProtoReflect.Descriptor instead.
-func (*TCPRoute) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_tcp_route_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *TCPRoute) GetParentRefs() []*ParentReference {
-	if x != nil {
-		return x.ParentRefs
-	}
-	return nil
-}
-
-func (x *TCPRoute) GetRules() []*TCPRouteRule {
-	if x != nil {
-		return x.Rules
-	}
-	return nil
-}
-
-type TCPRouteRule struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// BackendRefs defines the backend(s) where matching requests should be sent.
-	// If unspecified or invalid (refers to a non-existent resource or a Service
-	// with no endpoints), the underlying implementation MUST actively reject
-	// connection attempts to this backend. Connection rejections must respect
-	// weight; if an invalid backend is requested to have 80% of connections,
-	// then 80% of connections must be rejected instead.
-	BackendRefs []*TCPBackendRef `protobuf:"bytes,1,rep,name=backend_refs,json=backendRefs,proto3" json:"backend_refs,omitempty"`
-}
-
-func (x *TCPRouteRule) Reset() {
-	*x = TCPRouteRule{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TCPRouteRule) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TCPRouteRule) ProtoMessage() {}
-
-func (x *TCPRouteRule) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TCPRouteRule.ProtoReflect.Descriptor instead.
-func (*TCPRouteRule) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_tcp_route_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *TCPRouteRule) GetBackendRefs() []*TCPBackendRef {
-	if x != nil {
-		return x.BackendRefs
-	}
-	return nil
-}
-
-type TCPBackendRef struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	BackendRef *BackendReference `protobuf:"bytes,1,opt,name=backend_ref,json=backendRef,proto3" json:"backend_ref,omitempty"`
-	// Weight specifies the proportion of requests forwarded to the referenced
-	// backend. This is computed as weight/(sum of all weights in this
-	// BackendRefs list). For non-zero values, there may be some epsilon from the
-	// exact proportion defined here depending on the precision an implementation
-	// supports. Weight is not a percentage and the sum of weights does not need
-	// to equal 100.
-	//
-	// If only one backend is specified and it has a weight greater than 0, 100%
-	// of the traffic is forwarded to that backend. If weight is set to 0, no
-	// traffic should be forwarded for this entry. If unspecified, weight defaults
-	// to 1.
-	Weight uint32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
-}
-
-func (x *TCPBackendRef) Reset() {
-	*x = TCPBackendRef{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TCPBackendRef) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TCPBackendRef) ProtoMessage() {}
-
-func (x *TCPBackendRef) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TCPBackendRef.ProtoReflect.Descriptor instead.
-func (*TCPBackendRef) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_tcp_route_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *TCPBackendRef) GetBackendRef() *BackendReference {
-	if x != nil {
-		return x.BackendRef
-	}
-	return nil
-}
-
-func (x *TCPBackendRef) GetWeight() uint32 {
-	if x != nil {
-		return x.Weight
-	}
-	return 0
-}
-
-var File_pbmesh_v1alpha1_tcp_route_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_tcp_route_proto_rawDesc = []byte{
-	0x0a, 0x1f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x74, 0x63, 0x70, 0x5f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x1a, 0x1c, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22,
-	0xa0, 0x01, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x50, 0x0a, 0x0b,
-	0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e,
-	0x63, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x73, 0x12, 0x42,
-	0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54,
-	0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x72, 0x75, 0x6c,
-	0x65, 0x73, 0x22, 0x60, 0x0a, 0x0c, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75,
-	0x6c, 0x65, 0x12, 0x50, 0x0a, 0x0c, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65,
-	0x66, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x43, 0x50, 0x42, 0x61, 0x63,
-	0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x52, 0x0b, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64,
-	0x52, 0x65, 0x66, 0x73, 0x22, 0x7a, 0x0a, 0x0d, 0x54, 0x43, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65,
-	0x6e, 0x64, 0x52, 0x65, 0x66, 0x12, 0x51, 0x0a, 0x0b, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64,
-	0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
-	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x63, 0x6b,
-	0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x62, 0x61,
-	0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x65, 0x66, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67,
-	0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74,
-	0x42, 0x95, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0d, 0x54, 0x63, 0x70, 0x52, 0x6f, 0x75, 0x74,
-	0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c,
-	0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2,
-	0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
-	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a,
-	0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_tcp_route_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_tcp_route_proto_rawDescData = file_pbmesh_v1alpha1_tcp_route_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_tcp_route_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_tcp_route_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_tcp_route_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_tcp_route_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_tcp_route_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_tcp_route_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
-var file_pbmesh_v1alpha1_tcp_route_proto_goTypes = []interface{}{
-	(*TCPRoute)(nil),         // 0: hashicorp.consul.mesh.v1alpha1.TCPRoute
-	(*TCPRouteRule)(nil),     // 1: hashicorp.consul.mesh.v1alpha1.TCPRouteRule
-	(*TCPBackendRef)(nil),    // 2: hashicorp.consul.mesh.v1alpha1.TCPBackendRef
-	(*ParentReference)(nil),  // 3: hashicorp.consul.mesh.v1alpha1.ParentReference
-	(*BackendReference)(nil), // 4: hashicorp.consul.mesh.v1alpha1.BackendReference
-}
-var file_pbmesh_v1alpha1_tcp_route_proto_depIdxs = []int32{
-	3, // 0: hashicorp.consul.mesh.v1alpha1.TCPRoute.parent_refs:type_name -> hashicorp.consul.mesh.v1alpha1.ParentReference
-	1, // 1: hashicorp.consul.mesh.v1alpha1.TCPRoute.rules:type_name -> hashicorp.consul.mesh.v1alpha1.TCPRouteRule
-	2, // 2: hashicorp.consul.mesh.v1alpha1.TCPRouteRule.backend_refs:type_name -> hashicorp.consul.mesh.v1alpha1.TCPBackendRef
-	4, // 3: hashicorp.consul.mesh.v1alpha1.TCPBackendRef.backend_ref:type_name -> hashicorp.consul.mesh.v1alpha1.BackendReference
-	4, // [4:4] is the sub-list for method output_type
-	4, // [4:4] is the sub-list for method input_type
-	4, // [4:4] is the sub-list for extension type_name
-	4, // [4:4] is the sub-list for extension extendee
-	0, // [0:4] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_tcp_route_proto_init() }
-func file_pbmesh_v1alpha1_tcp_route_proto_init() {
-	if File_pbmesh_v1alpha1_tcp_route_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_common_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPRoute); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPRouteRule); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_tcp_route_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPBackendRef); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_tcp_route_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   3,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_tcp_route_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_tcp_route_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_tcp_route_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_tcp_route_proto = out.File
-	file_pbmesh_v1alpha1_tcp_route_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_tcp_route_proto_goTypes = nil
-	file_pbmesh_v1alpha1_tcp_route_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/tcp_route.proto b/proto-public/pbmesh/v1alpha1/tcp_route.proto
deleted file mode 100644
index 0a6c974c046b..000000000000
--- a/proto-public/pbmesh/v1alpha1/tcp_route.proto
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1;
-
-import "pbmesh/v1alpha1/common.proto";
-
-// NOTE: this should align to the GAMMA/gateway-api version, or at least be
-// easily translatable.
-//
-// https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.TCPRoute
-//
-// This is a Resource type.
-message TCPRoute {
-  // ParentRefs references the resources (usually Gateways) that a Route wants
-  // to be attached to. Note that the referenced parent resource needs to allow
-  // this for the attachment to be complete. For Gateways, that means the
-  // Gateway needs to allow attachment from Routes of this kind and namespace.
-  //
-  // It is invalid to reference an identical parent more than once. It is valid
-  // to reference multiple distinct sections within the same parent resource,
-  // such as 2 Listeners within a Gateway.
-  repeated ParentReference parent_refs = 1;
-
-  // Rules are a list of TCP matchers and actions.
-  repeated TCPRouteRule rules = 2;
-}
-
-message TCPRouteRule {
-  // BackendRefs defines the backend(s) where matching requests should be sent.
-  // If unspecified or invalid (refers to a non-existent resource or a Service
-  // with no endpoints), the underlying implementation MUST actively reject
-  // connection attempts to this backend. Connection rejections must respect
-  // weight; if an invalid backend is requested to have 80% of connections,
-  // then 80% of connections must be rejected instead.
-  repeated TCPBackendRef backend_refs = 1;
-}
-
-message TCPBackendRef {
-  BackendReference backend_ref = 1;
-
-  // Weight specifies the proportion of requests forwarded to the referenced
-  // backend. This is computed as weight/(sum of all weights in this
-  // BackendRefs list). For non-zero values, there may be some epsilon from the
-  // exact proportion defined here depending on the precision an implementation
-  // supports. Weight is not a percentage and the sum of weights does not need
-  // to equal 100.
-  //
-  //If only one backend is specified and it has a weight greater than 0, 100%
-  //of the traffic is forwarded to that backend. If weight is set to 0, no
-  //traffic should be forwarded for this entry. If unspecified, weight defaults
-  //to 1.
-  uint32 weight = 2;
-}
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.pb.binary.go b/proto-public/pbmesh/v1alpha1/upstreams.pb.binary.go
index d67b41e3a9d0..cc8214e75a68 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.pb.binary.go
+++ b/proto-public/pbmesh/v1alpha1/upstreams.pb.binary.go
@@ -28,12 +28,12 @@ func (msg *Upstream) UnmarshalBinary(b []byte) error {
 }
 
 // MarshalBinary implements encoding.BinaryMarshaler
-func (msg *IPPortAddress) MarshalBinary() ([]byte, error) {
+func (msg *TCPAddress) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
 }
 
 // UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *IPPortAddress) UnmarshalBinary(b []byte) error {
+func (msg *TCPAddress) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
 
@@ -56,3 +56,33 @@ func (msg *PreparedQueryUpstream) MarshalBinary() ([]byte, error) {
 func (msg *PreparedQueryUpstream) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *UpstreamConfig) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *UpstreamConfig) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *UpstreamLimits) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *UpstreamLimits) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
+
+// MarshalBinary implements encoding.BinaryMarshaler
+func (msg *PassiveHealthCheck) MarshalBinary() ([]byte, error) {
+	return proto.Marshal(msg)
+}
+
+// UnmarshalBinary implements encoding.BinaryUnmarshaler
+func (msg *PassiveHealthCheck) UnmarshalBinary(b []byte) error {
+	return proto.Unmarshal(b, msg)
+}
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.pb.go b/proto-public/pbmesh/v1alpha1/upstreams.pb.go
index e8e9e4f9cf89..575fe43006e4 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.pb.go
+++ b/proto-public/pbmesh/v1alpha1/upstreams.pb.go
@@ -14,6 +14,7 @@ import (
 	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
 	reflect "reflect"
 	sync "sync"
 )
@@ -32,12 +33,10 @@ type Upstreams struct {
 
 	// Selection of workloads these upstreams should apply to.
 	// These can be prefixes or specific workload names.
-	Workloads *v1alpha1.WorkloadSelector `protobuf:"bytes,1,opt,name=workloads,proto3" json:"workloads,omitempty"`
-	// upstreams is the list of explicit upstreams to define for the selected workloads.
-	Upstreams []*Upstream `protobuf:"bytes,2,rep,name=upstreams,proto3" json:"upstreams,omitempty"`
-	// pq_upstreams is the list of prepared query upstreams. This field is not supported directly in v2
-	// and should only be used for migration reasons.
-	PqUpstreams []*PreparedQueryUpstream `protobuf:"bytes,3,rep,name=pq_upstreams,json=pqUpstreams,proto3" json:"pq_upstreams,omitempty"`
+	Workloads      *v1alpha1.WorkloadSelector `protobuf:"bytes,1,opt,name=workloads,proto3" json:"workloads,omitempty"`
+	Upstreams      []*Upstream                `protobuf:"bytes,2,rep,name=upstreams,proto3" json:"upstreams,omitempty"`
+	PqUpstreams    []*PreparedQueryUpstream   `protobuf:"bytes,3,rep,name=pq_upstreams,json=pqUpstreams,proto3" json:"pq_upstreams,omitempty"`
+	UpstreamConfig *UpstreamConfig            `protobuf:"bytes,4,opt,name=upstream_config,json=upstreamConfig,proto3" json:"upstream_config,omitempty"`
 }
 
 func (x *Upstreams) Reset() {
@@ -93,26 +92,27 @@ func (x *Upstreams) GetPqUpstreams() []*PreparedQueryUpstream {
 	return nil
 }
 
+func (x *Upstreams) GetUpstreamConfig() *UpstreamConfig {
+	if x != nil {
+		return x.UpstreamConfig
+	}
+	return nil
+}
+
 type Upstream struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// destination_ref is the reference to an upstream service. This has to be pbcatalog.Service type.
-	DestinationRef *pbresource.Reference `protobuf:"bytes,1,opt,name=destination_ref,json=destinationRef,proto3" json:"destination_ref,omitempty"`
-	// destination_port is the port name of the upstream service. This should be the name
-	// of the service's target port.
-	DestinationPort string `protobuf:"bytes,2,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
-	// datacenter is the datacenter for where this upstream service lives.
-	Datacenter string `protobuf:"bytes,3,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
-	// listen_addr is the address where Envoy will listen for requests to this upstream.
-	// It can provided either as an ip:port or as a Unix domain socket.
-	//
+	DestinationRef  *pbresource.ID `protobuf:"bytes,1,opt,name=destination_ref,json=destinationRef,proto3" json:"destination_ref,omitempty"`
+	DestinationPort string         `protobuf:"bytes,2,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
+	Datacenter      string         `protobuf:"bytes,3,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
 	// Types that are assignable to ListenAddr:
 	//
-	//	*Upstream_IpPort
+	//	*Upstream_Tcp
 	//	*Upstream_Unix
-	ListenAddr isUpstream_ListenAddr `protobuf_oneof:"listen_addr"`
+	ListenAddr     isUpstream_ListenAddr `protobuf_oneof:"listen_addr"`
+	UpstreamConfig *UpstreamConfig       `protobuf:"bytes,7,opt,name=upstream_config,json=upstreamConfig,proto3" json:"upstream_config,omitempty"`
 }
 
 func (x *Upstream) Reset() {
@@ -147,7 +147,7 @@ func (*Upstream) Descriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP(), []int{1}
 }
 
-func (x *Upstream) GetDestinationRef() *pbresource.Reference {
+func (x *Upstream) GetDestinationRef() *pbresource.ID {
 	if x != nil {
 		return x.DestinationRef
 	}
@@ -175,9 +175,9 @@ func (m *Upstream) GetListenAddr() isUpstream_ListenAddr {
 	return nil
 }
 
-func (x *Upstream) GetIpPort() *IPPortAddress {
-	if x, ok := x.GetListenAddr().(*Upstream_IpPort); ok {
-		return x.IpPort
+func (x *Upstream) GetTcp() *TCPAddress {
+	if x, ok := x.GetListenAddr().(*Upstream_Tcp); ok {
+		return x.Tcp
 	}
 	return nil
 }
@@ -189,35 +189,40 @@ func (x *Upstream) GetUnix() *UnixSocketAddress {
 	return nil
 }
 
+func (x *Upstream) GetUpstreamConfig() *UpstreamConfig {
+	if x != nil {
+		return x.UpstreamConfig
+	}
+	return nil
+}
+
 type isUpstream_ListenAddr interface {
 	isUpstream_ListenAddr()
 }
 
-type Upstream_IpPort struct {
-	IpPort *IPPortAddress `protobuf:"bytes,4,opt,name=ip_port,json=ipPort,proto3,oneof"`
+type Upstream_Tcp struct {
+	Tcp *TCPAddress `protobuf:"bytes,4,opt,name=tcp,proto3,oneof"`
 }
 
 type Upstream_Unix struct {
 	Unix *UnixSocketAddress `protobuf:"bytes,5,opt,name=unix,proto3,oneof"`
 }
 
-func (*Upstream_IpPort) isUpstream_ListenAddr() {}
+func (*Upstream_Tcp) isUpstream_ListenAddr() {}
 
 func (*Upstream_Unix) isUpstream_ListenAddr() {}
 
-type IPPortAddress struct {
+type TCPAddress struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// ip is an IPv4 or an IPv6 address.
-	Ip string `protobuf:"bytes,1,opt,name=ip,proto3" json:"ip,omitempty"`
-	// port is the port number.
+	Ip   string `protobuf:"bytes,1,opt,name=ip,proto3" json:"ip,omitempty"`
 	Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
 }
 
-func (x *IPPortAddress) Reset() {
-	*x = IPPortAddress{}
+func (x *TCPAddress) Reset() {
+	*x = TCPAddress{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[2]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -225,13 +230,13 @@ func (x *IPPortAddress) Reset() {
 	}
 }
 
-func (x *IPPortAddress) String() string {
+func (x *TCPAddress) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*IPPortAddress) ProtoMessage() {}
+func (*TCPAddress) ProtoMessage() {}
 
-func (x *IPPortAddress) ProtoReflect() protoreflect.Message {
+func (x *TCPAddress) ProtoReflect() protoreflect.Message {
 	mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[2]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -243,19 +248,19 @@ func (x *IPPortAddress) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use IPPortAddress.ProtoReflect.Descriptor instead.
-func (*IPPortAddress) Descriptor() ([]byte, []int) {
+// Deprecated: Use TCPAddress.ProtoReflect.Descriptor instead.
+func (*TCPAddress) Descriptor() ([]byte, []int) {
 	return file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP(), []int{2}
 }
 
-func (x *IPPortAddress) GetIp() string {
+func (x *TCPAddress) GetIp() string {
 	if x != nil {
 		return x.Ip
 	}
 	return ""
 }
 
-func (x *IPPortAddress) GetPort() uint32 {
+func (x *TCPAddress) GetPort() uint32 {
 	if x != nil {
 		return x.Port
 	}
@@ -267,10 +272,7 @@ type UnixSocketAddress struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// path is the file system path at which to bind a Unix domain socket listener.
 	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
-	// mode is the Unix file mode for the socket file. It should be provided
-	// in the numeric notation, for example, "0600".
 	Mode string `protobuf:"bytes,2,opt,name=mode,proto3" json:"mode,omitempty"`
 }
 
@@ -325,13 +327,8 @@ type PreparedQueryUpstream struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// name is the name of the prepared query to use as an upstream.
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// datacenter is the datacenter for where this upstream service lives.
+	Name       string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	Datacenter string `protobuf:"bytes,2,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
-	// listen_addr is the address where Envoy will listen for requests to this upstream.
-	// It can provided either as an ip:port or as a Unix domain socket.
-	//
 	// Types that are assignable to ListenAddr:
 	//
 	//	*PreparedQueryUpstream_Tcp
@@ -393,7 +390,7 @@ func (m *PreparedQueryUpstream) GetListenAddr() isPreparedQueryUpstream_ListenAd
 	return nil
 }
 
-func (x *PreparedQueryUpstream) GetTcp() *IPPortAddress {
+func (x *PreparedQueryUpstream) GetTcp() *TCPAddress {
 	if x, ok := x.GetListenAddr().(*PreparedQueryUpstream_Tcp); ok {
 		return x.Tcp
 	}
@@ -419,7 +416,7 @@ type isPreparedQueryUpstream_ListenAddr interface {
 }
 
 type PreparedQueryUpstream_Tcp struct {
-	Tcp *IPPortAddress `protobuf:"bytes,4,opt,name=tcp,proto3,oneof"`
+	Tcp *TCPAddress `protobuf:"bytes,4,opt,name=tcp,proto3,oneof"`
 }
 
 type PreparedQueryUpstream_Unix struct {
@@ -430,6 +427,229 @@ func (*PreparedQueryUpstream_Tcp) isPreparedQueryUpstream_ListenAddr() {}
 
 func (*PreparedQueryUpstream_Unix) isPreparedQueryUpstream_ListenAddr() {}
 
+type UpstreamConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ConnectTimeoutMs          uint64                    `protobuf:"varint,2,opt,name=connect_timeout_ms,json=connectTimeoutMs,proto3" json:"connect_timeout_ms,omitempty"`
+	Limits                    *UpstreamLimits           `protobuf:"bytes,3,opt,name=limits,proto3" json:"limits,omitempty"`
+	PassiveHealthCheck        *PassiveHealthCheck       `protobuf:"bytes,4,opt,name=passive_health_check,json=passiveHealthCheck,proto3" json:"passive_health_check,omitempty"`
+	BalanceInboundConnections BalanceInboundConnections `protobuf:"varint,5,opt,name=balance_inbound_connections,json=balanceInboundConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections" json:"balance_inbound_connections,omitempty"`
+	MeshGatewayMode           MeshGatewayMode           `protobuf:"varint,6,opt,name=mesh_gateway_mode,json=meshGatewayMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MeshGatewayMode" json:"mesh_gateway_mode,omitempty"`
+}
+
+func (x *UpstreamConfig) Reset() {
+	*x = UpstreamConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UpstreamConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpstreamConfig) ProtoMessage() {}
+
+func (x *UpstreamConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpstreamConfig.ProtoReflect.Descriptor instead.
+func (*UpstreamConfig) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *UpstreamConfig) GetConnectTimeoutMs() uint64 {
+	if x != nil {
+		return x.ConnectTimeoutMs
+	}
+	return 0
+}
+
+func (x *UpstreamConfig) GetLimits() *UpstreamLimits {
+	if x != nil {
+		return x.Limits
+	}
+	return nil
+}
+
+func (x *UpstreamConfig) GetPassiveHealthCheck() *PassiveHealthCheck {
+	if x != nil {
+		return x.PassiveHealthCheck
+	}
+	return nil
+}
+
+func (x *UpstreamConfig) GetBalanceInboundConnections() BalanceInboundConnections {
+	if x != nil {
+		return x.BalanceInboundConnections
+	}
+	return BalanceInboundConnections_BALANCE_INBOUND_CONNECTIONS_DEFAULT
+}
+
+func (x *UpstreamConfig) GetMeshGatewayMode() MeshGatewayMode {
+	if x != nil {
+		return x.MeshGatewayMode
+	}
+	return MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED
+}
+
+// UpstreamLimits describes the limits that are associated with a specific
+// upstream of a service instance.
+type UpstreamLimits struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// MaxConnections is the maximum number of connections the local proxy can
+	// make to the upstream service.
+	MaxConnections int32 `protobuf:"varint,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"`
+	// MaxPendingRequests is the maximum number of requests that will be queued
+	// waiting for an available connection. This is mostly applicable to HTTP/1.1
+	// clusters since all HTTP/2 requests are streamed over a single
+	// connection.
+	MaxPendingRequests int32 `protobuf:"varint,2,opt,name=max_pending_requests,json=maxPendingRequests,proto3" json:"max_pending_requests,omitempty"`
+	// MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed
+	// to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
+	// clusters since all HTTP/1.1 requests are limited by MaxConnections.
+	MaxConcurrentRequests int32 `protobuf:"varint,3,opt,name=max_concurrent_requests,json=maxConcurrentRequests,proto3" json:"max_concurrent_requests,omitempty"`
+}
+
+func (x *UpstreamLimits) Reset() {
+	*x = UpstreamLimits{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UpstreamLimits) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpstreamLimits) ProtoMessage() {}
+
+func (x *UpstreamLimits) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpstreamLimits.ProtoReflect.Descriptor instead.
+func (*UpstreamLimits) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *UpstreamLimits) GetMaxConnections() int32 {
+	if x != nil {
+		return x.MaxConnections
+	}
+	return 0
+}
+
+func (x *UpstreamLimits) GetMaxPendingRequests() int32 {
+	if x != nil {
+		return x.MaxPendingRequests
+	}
+	return 0
+}
+
+func (x *UpstreamLimits) GetMaxConcurrentRequests() int32 {
+	if x != nil {
+		return x.MaxConcurrentRequests
+	}
+	return 0
+}
+
+type PassiveHealthCheck struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Interval between health check analysis sweeps. Each sweep may remove
+	// hosts or return hosts to the pool.
+	Interval *durationpb.Duration `protobuf:"bytes,1,opt,name=interval,proto3" json:"interval,omitempty"`
+	// MaxFailures is the count of consecutive failures that results in a host
+	// being removed from the pool.
+	MaxFailures uint32 `protobuf:"varint,2,opt,name=max_failures,json=maxFailures,proto3" json:"max_failures,omitempty"`
+	// EnforcingConsecutive5xx is the % chance that a host will be actually ejected
+	// when an outlier status is detected through consecutive 5xx.
+	// This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
+	EnforcingConsecutive_5Xx uint32 `protobuf:"varint,3,opt,name=enforcing_consecutive_5xx,json=enforcingConsecutive5xx,proto3" json:"enforcing_consecutive_5xx,omitempty"`
+}
+
+func (x *PassiveHealthCheck) Reset() {
+	*x = PassiveHealthCheck{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *PassiveHealthCheck) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PassiveHealthCheck) ProtoMessage() {}
+
+func (x *PassiveHealthCheck) ProtoReflect() protoreflect.Message {
+	mi := &file_pbmesh_v1alpha1_upstreams_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use PassiveHealthCheck.ProtoReflect.Descriptor instead.
+func (*PassiveHealthCheck) Descriptor() ([]byte, []int) {
+	return file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *PassiveHealthCheck) GetInterval() *durationpb.Duration {
+	if x != nil {
+		return x.Interval
+	}
+	return nil
+}
+
+func (x *PassiveHealthCheck) GetMaxFailures() uint32 {
+	if x != nil {
+		return x.MaxFailures
+	}
+	return 0
+}
+
+func (x *PassiveHealthCheck) GetEnforcingConsecutive_5Xx() uint32 {
+	if x != nil {
+		return x.EnforcingConsecutive_5Xx
+	}
+	return 0
+}
+
 var File_pbmesh_v1alpha1_upstreams_proto protoreflect.FileDescriptor
 
 var file_pbmesh_v1alpha1_upstreams_proto_rawDesc = []byte{
@@ -437,95 +657,158 @@ var file_pbmesh_v1alpha1_upstreams_proto_rawDesc = []byte{
 	0x31, 0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74,
 	0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
 	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x1a, 0x21, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61,
+	0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x1a, 0x21, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61,
 	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x5f,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f,
-	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x80,
-	0x02, 0x0a, 0x09, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x51, 0x0a, 0x09,
-	0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65,
-	0x63, 0x74, 0x6f, 0x72, 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x12,
-	0x46, 0x0a, 0x09, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x09, 0x75, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x58, 0x0a, 0x0c, 0x70, 0x71, 0x5f, 0x75, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50,
-	0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x64, 0x51, 0x75, 0x65, 0x72, 0x79, 0x55, 0x70, 0x73, 0x74,
-	0x72, 0x65, 0x61, 0x6d, 0x52, 0x0b, 0x70, 0x71, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d,
-	0x73, 0x22, 0xc6, 0x02, 0x0a, 0x08, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x4d,
-	0x0a, 0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65,
-	0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75,
-	0x72, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0e, 0x64,
-	0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x66, 0x12, 0x29, 0x0a,
-	0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x72,
-	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61,
-	0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x61,
-	0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x48, 0x0a, 0x07, 0x69, 0x70, 0x5f, 0x70,
-	0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x22, 0xd9, 0x02, 0x0a, 0x09, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x51,
+	0x0a, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65,
+	0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64,
+	0x73, 0x12, 0x46, 0x0a, 0x09, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x02,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x09,
+	0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x58, 0x0a, 0x0c, 0x70, 0x71, 0x5f,
+	0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
+	0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x64, 0x51, 0x75, 0x65, 0x72, 0x79, 0x55, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x0b, 0x70, 0x71, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65,
+	0x61, 0x6d, 0x73, 0x12, 0x57, 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x75, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x8e, 0x03, 0x0a,
+	0x08, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x46, 0x0a, 0x0f, 0x64, 0x65, 0x73,
+	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x49,
+	0x44, 0x52, 0x0e, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
+	0x66, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x73,
+	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0a,
+	0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x3e, 0x0a, 0x03,
+	0x74, 0x63, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73,
-	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x50, 0x50, 0x6f, 0x72,
-	0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x06, 0x69, 0x70, 0x50, 0x6f,
-	0x72, 0x74, 0x12, 0x47, 0x0a, 0x04, 0x75, 0x6e, 0x69, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72,
-	0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x04, 0x75, 0x6e, 0x69, 0x78, 0x42, 0x0d, 0x0a, 0x0b, 0x6c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x22, 0x33, 0x0a, 0x0d, 0x49, 0x50,
-	0x50, 0x6f, 0x72, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x69,
+	0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x43, 0x50, 0x41, 0x64,
+	0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x47, 0x0a, 0x04,
+	0x75, 0x6e, 0x69, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65,
+	0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e, 0x69, 0x78,
+	0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52,
+	0x04, 0x75, 0x6e, 0x69, 0x78, 0x12, 0x57, 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
+	0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
+	0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e,
+	0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x0d,
+	0x0a, 0x0b, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x22, 0x30, 0x0a,
+	0x0a, 0x54, 0x43, 0x50, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x69,
 	0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x70,
 	0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22,
 	0x3b, 0x0a, 0x11, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64,
 	0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01,
 	0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x22, 0xbf, 0x02, 0x0a,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x22, 0xbc, 0x02, 0x0a,
 	0x15, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x64, 0x51, 0x75, 0x65, 0x72, 0x79, 0x55, 0x70,
 	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
 	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61,
 	0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a,
-	0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x03, 0x74, 0x63,
-	0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x63,
+	0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
 	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x50, 0x50, 0x6f, 0x72, 0x74, 0x41,
-	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x47, 0x0a,
-	0x04, 0x75, 0x6e, 0x69, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
-	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e, 0x69,
-	0x78, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00,
-	0x52, 0x04, 0x75, 0x6e, 0x69, 0x78, 0x12, 0x57, 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65,
-	0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x43, 0x50, 0x41, 0x64, 0x64, 0x72,
+	0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x47, 0x0a, 0x04, 0x75, 0x6e,
+	0x69, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6f,
+	0x63, 0x6b, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x48, 0x00, 0x52, 0x04, 0x75,
+	0x6e, 0x69, 0x78, 0x12, 0x57, 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x75, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x0d, 0x0a, 0x0b,
+	0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x22, 0xc4, 0x03, 0x0a, 0x0e,
+	0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2c,
+	0x0a, 0x12, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75,
+	0x74, 0x5f, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x12, 0x46, 0x0a, 0x06,
+	0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x52, 0x06, 0x6c, 0x69,
+	0x6d, 0x69, 0x74, 0x73, 0x12, 0x64, 0x0a, 0x14, 0x70, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x5f,
+	0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74,
+	0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x12, 0x70, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48,
+	0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x79, 0x0a, 0x1b, 0x62, 0x61,
+	0x6c, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32,
+	0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
 	0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
-	0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
-	0x0e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42,
-	0x0d, 0x0a, 0x0b, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x42, 0x96,
-	0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73,
-	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
-	0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69,
-	0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02,
-	0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64,
-	0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a,
-	0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x62, 0x61, 0x6c, 0x61,
+	0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5b, 0x0a, 0x11, 0x6d, 0x65, 0x73, 0x68, 0x5f, 0x67, 0x61,
+	0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e,
+	0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
+	0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64,
+	0x65, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f,
+	0x64, 0x65, 0x22, 0xa3, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c,
+	0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e,
+	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e,
+	0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30,
+	0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12, 0x6d, 0x61,
+	0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73,
+	0x12, 0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65,
+	0x6e, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x05, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0xaa, 0x01, 0x0a, 0x12, 0x50, 0x61, 0x73,
+	0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12,
+	0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x78, 0x5f, 0x66, 0x61,
+	0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x61,
+	0x78, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x65, 0x6e, 0x66,
+	0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69,
+	0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x65, 0x6e,
+	0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69,
+	0x76, 0x65, 0x35, 0x78, 0x78, 0x42, 0x96, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d,
+	0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0e, 0x55, 0x70,
+	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45,
+	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d,
+	0x65, 0x73, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c,
+	0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a,
+	0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47,
+	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a,
+	0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -540,32 +823,44 @@ func file_pbmesh_v1alpha1_upstreams_proto_rawDescGZIP() []byte {
 	return file_pbmesh_v1alpha1_upstreams_proto_rawDescData
 }
 
-var file_pbmesh_v1alpha1_upstreams_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
+var file_pbmesh_v1alpha1_upstreams_proto_msgTypes = make([]protoimpl.MessageInfo, 8)
 var file_pbmesh_v1alpha1_upstreams_proto_goTypes = []interface{}{
 	(*Upstreams)(nil),                 // 0: hashicorp.consul.mesh.v1alpha1.Upstreams
 	(*Upstream)(nil),                  // 1: hashicorp.consul.mesh.v1alpha1.Upstream
-	(*IPPortAddress)(nil),             // 2: hashicorp.consul.mesh.v1alpha1.IPPortAddress
+	(*TCPAddress)(nil),                // 2: hashicorp.consul.mesh.v1alpha1.TCPAddress
 	(*UnixSocketAddress)(nil),         // 3: hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
 	(*PreparedQueryUpstream)(nil),     // 4: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream
-	(*v1alpha1.WorkloadSelector)(nil), // 5: hashicorp.consul.catalog.v1alpha1.WorkloadSelector
-	(*pbresource.Reference)(nil),      // 6: hashicorp.consul.resource.Reference
-	(*UpstreamConfig)(nil),            // 7: hashicorp.consul.mesh.v1alpha1.UpstreamConfig
+	(*UpstreamConfig)(nil),            // 5: hashicorp.consul.mesh.v1alpha1.UpstreamConfig
+	(*UpstreamLimits)(nil),            // 6: hashicorp.consul.mesh.v1alpha1.UpstreamLimits
+	(*PassiveHealthCheck)(nil),        // 7: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck
+	(*v1alpha1.WorkloadSelector)(nil), // 8: hashicorp.consul.catalog.v1alpha1.WorkloadSelector
+	(*pbresource.ID)(nil),             // 9: hashicorp.consul.resource.ID
+	(BalanceInboundConnections)(0),    // 10: hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections
+	(MeshGatewayMode)(0),              // 11: hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
+	(*durationpb.Duration)(nil),       // 12: google.protobuf.Duration
 }
 var file_pbmesh_v1alpha1_upstreams_proto_depIdxs = []int32{
-	5, // 0: hashicorp.consul.mesh.v1alpha1.Upstreams.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
-	1, // 1: hashicorp.consul.mesh.v1alpha1.Upstreams.upstreams:type_name -> hashicorp.consul.mesh.v1alpha1.Upstream
-	4, // 2: hashicorp.consul.mesh.v1alpha1.Upstreams.pq_upstreams:type_name -> hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream
-	6, // 3: hashicorp.consul.mesh.v1alpha1.Upstream.destination_ref:type_name -> hashicorp.consul.resource.Reference
-	2, // 4: hashicorp.consul.mesh.v1alpha1.Upstream.ip_port:type_name -> hashicorp.consul.mesh.v1alpha1.IPPortAddress
-	3, // 5: hashicorp.consul.mesh.v1alpha1.Upstream.unix:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
-	2, // 6: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.tcp:type_name -> hashicorp.consul.mesh.v1alpha1.IPPortAddress
-	3, // 7: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.unix:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
-	7, // 8: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.upstream_config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
-	9, // [9:9] is the sub-list for method output_type
-	9, // [9:9] is the sub-list for method input_type
-	9, // [9:9] is the sub-list for extension type_name
-	9, // [9:9] is the sub-list for extension extendee
-	0, // [0:9] is the sub-list for field type_name
+	8,  // 0: hashicorp.consul.mesh.v1alpha1.Upstreams.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
+	1,  // 1: hashicorp.consul.mesh.v1alpha1.Upstreams.upstreams:type_name -> hashicorp.consul.mesh.v1alpha1.Upstream
+	4,  // 2: hashicorp.consul.mesh.v1alpha1.Upstreams.pq_upstreams:type_name -> hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream
+	5,  // 3: hashicorp.consul.mesh.v1alpha1.Upstreams.upstream_config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
+	9,  // 4: hashicorp.consul.mesh.v1alpha1.Upstream.destination_ref:type_name -> hashicorp.consul.resource.ID
+	2,  // 5: hashicorp.consul.mesh.v1alpha1.Upstream.tcp:type_name -> hashicorp.consul.mesh.v1alpha1.TCPAddress
+	3,  // 6: hashicorp.consul.mesh.v1alpha1.Upstream.unix:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
+	5,  // 7: hashicorp.consul.mesh.v1alpha1.Upstream.upstream_config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
+	2,  // 8: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.tcp:type_name -> hashicorp.consul.mesh.v1alpha1.TCPAddress
+	3,  // 9: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.unix:type_name -> hashicorp.consul.mesh.v1alpha1.UnixSocketAddress
+	5,  // 10: hashicorp.consul.mesh.v1alpha1.PreparedQueryUpstream.upstream_config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
+	6,  // 11: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.limits:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamLimits
+	7,  // 12: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.passive_health_check:type_name -> hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck
+	10, // 13: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.balance_inbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceInboundConnections
+	11, // 14: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
+	12, // 15: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck.interval:type_name -> google.protobuf.Duration
+	16, // [16:16] is the sub-list for method output_type
+	16, // [16:16] is the sub-list for method input_type
+	16, // [16:16] is the sub-list for extension type_name
+	16, // [16:16] is the sub-list for extension extendee
+	0,  // [0:16] is the sub-list for field type_name
 }
 
 func init() { file_pbmesh_v1alpha1_upstreams_proto_init() }
@@ -573,7 +868,8 @@ func file_pbmesh_v1alpha1_upstreams_proto_init() {
 	if File_pbmesh_v1alpha1_upstreams_proto != nil {
 		return
 	}
-	file_pbmesh_v1alpha1_upstreams_configuration_proto_init()
+	file_pbmesh_v1alpha1_connection_proto_init()
+	file_pbmesh_v1alpha1_routing_proto_init()
 	if !protoimpl.UnsafeEnabled {
 		file_pbmesh_v1alpha1_upstreams_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Upstreams); i {
@@ -600,7 +896,7 @@ func file_pbmesh_v1alpha1_upstreams_proto_init() {
 			}
 		}
 		file_pbmesh_v1alpha1_upstreams_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*IPPortAddress); i {
+			switch v := v.(*TCPAddress); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -635,9 +931,45 @@ func file_pbmesh_v1alpha1_upstreams_proto_init() {
 				return nil
 			}
 		}
+		file_pbmesh_v1alpha1_upstreams_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UpstreamConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_upstreams_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UpstreamLimits); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pbmesh_v1alpha1_upstreams_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PassiveHealthCheck); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
 	}
 	file_pbmesh_v1alpha1_upstreams_proto_msgTypes[1].OneofWrappers = []interface{}{
-		(*Upstream_IpPort)(nil),
+		(*Upstream_Tcp)(nil),
 		(*Upstream_Unix)(nil),
 	}
 	file_pbmesh_v1alpha1_upstreams_proto_msgTypes[4].OneofWrappers = []interface{}{
@@ -650,7 +982,7 @@ func file_pbmesh_v1alpha1_upstreams_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_pbmesh_v1alpha1_upstreams_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   5,
+			NumMessages:   8,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto-public/pbmesh/v1alpha1/upstreams.proto b/proto-public/pbmesh/v1alpha1/upstreams.proto
index a78d8c3f9792..9239bac774b8 100644
--- a/proto-public/pbmesh/v1alpha1/upstreams.proto
+++ b/proto-public/pbmesh/v1alpha1/upstreams.proto
@@ -5,8 +5,10 @@ syntax = "proto3";
 
 package hashicorp.consul.mesh.v1alpha1;
 
+import "google/protobuf/duration.proto";
 import "pbcatalog/v1alpha1/selector.proto";
-import "pbmesh/v1alpha1/upstreams_configuration.proto";
+import "pbmesh/v1alpha1/connection.proto";
+import "pbmesh/v1alpha1/routing.proto";
 import "pbresource/resource.proto";
 
 message Upstreams {
@@ -14,63 +16,85 @@ message Upstreams {
   // These can be prefixes or specific workload names.
   hashicorp.consul.catalog.v1alpha1.WorkloadSelector workloads = 1;
 
-  // upstreams is the list of explicit upstreams to define for the selected workloads.
   repeated Upstream upstreams = 2;
-
-  // pq_upstreams is the list of prepared query upstreams. This field is not supported directly in v2
-  // and should only be used for migration reasons.
   repeated PreparedQueryUpstream pq_upstreams = 3;
+
+  UpstreamConfig upstream_config = 4;
 }
 
 message Upstream {
-  // destination_ref is the reference to an upstream service. This has to be pbcatalog.Service type.
-  hashicorp.consul.resource.Reference destination_ref = 1;
-
-  // destination_port is the port name of the upstream service. This should be the name
-  // of the service's target port.
+  hashicorp.consul.resource.ID destination_ref = 1;
   string destination_port = 2;
-
-  // datacenter is the datacenter for where this upstream service lives.
   string datacenter = 3;
 
-  // listen_addr is the address where Envoy will listen for requests to this upstream.
-  // It can provided either as an ip:port or as a Unix domain socket.
   oneof listen_addr {
-    IPPortAddress ip_port = 4;
+    TCPAddress tcp = 4;
     UnixSocketAddress unix = 5;
   }
+
+  UpstreamConfig upstream_config = 7;
 }
 
-message IPPortAddress {
-  // ip is an IPv4 or an IPv6 address.
+message TCPAddress {
   string ip = 1;
-
-  // port is the port number.
   uint32 port = 2;
 }
 
 message UnixSocketAddress {
-  // path is the file system path at which to bind a Unix domain socket listener.
   string path = 1;
-
-  // mode is the Unix file mode for the socket file. It should be provided
-  // in the numeric notation, for example, "0600".
   string mode = 2;
 }
 
 message PreparedQueryUpstream {
-  // name is the name of the prepared query to use as an upstream.
   string name = 1;
-
-  // datacenter is the datacenter for where this upstream service lives.
   string datacenter = 2;
 
-  // listen_addr is the address where Envoy will listen for requests to this upstream.
-  // It can provided either as an ip:port or as a Unix domain socket.
   oneof listen_addr {
-    IPPortAddress tcp = 4;
+    TCPAddress tcp = 4;
     UnixSocketAddress unix = 5;
   }
 
   UpstreamConfig upstream_config = 6;
 }
+
+message UpstreamConfig {
+  uint64 connect_timeout_ms = 2;
+  UpstreamLimits limits = 3;
+  PassiveHealthCheck passive_health_check = 4;
+  BalanceInboundConnections balance_inbound_connections = 5;
+  MeshGatewayMode mesh_gateway_mode = 6;
+}
+
+// UpstreamLimits describes the limits that are associated with a specific
+// upstream of a service instance.
+message UpstreamLimits {
+  // MaxConnections is the maximum number of connections the local proxy can
+  // make to the upstream service.
+  int32 max_connections = 1;
+
+  // MaxPendingRequests is the maximum number of requests that will be queued
+  // waiting for an available connection. This is mostly applicable to HTTP/1.1
+  // clusters since all HTTP/2 requests are streamed over a single
+  // connection.
+  int32 max_pending_requests = 2;
+
+  // MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed
+  // to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
+  // clusters since all HTTP/1.1 requests are limited by MaxConnections.
+  int32 max_concurrent_requests = 3;
+}
+
+message PassiveHealthCheck {
+  // Interval between health check analysis sweeps. Each sweep may remove
+  // hosts or return hosts to the pool.
+  google.protobuf.Duration interval = 1;
+
+  // MaxFailures is the count of consecutive failures that results in a host
+  // being removed from the pool.
+  uint32 max_failures = 2;
+
+  // EnforcingConsecutive5xx is the % chance that a host will be actually ejected
+  // when an outlier status is detected through consecutive 5xx.
+  // This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
+  uint32 enforcing_consecutive_5xx = 3;
+}
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.binary.go b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.binary.go
deleted file mode 100644
index f4a5db281324..000000000000
--- a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.binary.go
+++ /dev/null
@@ -1,58 +0,0 @@
-// Code generated by protoc-gen-go-binary. DO NOT EDIT.
-// source: pbmesh/v1alpha1/upstreams_configuration.proto
-
-package meshv1alpha1
-
-import (
-	"google.golang.org/protobuf/proto"
-)
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *UpstreamsConfiguration) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *UpstreamsConfiguration) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *UpstreamConfigOverrides) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *UpstreamConfigOverrides) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *UpstreamConfig) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *UpstreamConfig) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *UpstreamLimits) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *UpstreamLimits) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *PassiveHealthCheck) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *PassiveHealthCheck) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go b/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
deleted file mode 100644
index 61f9709cdcd1..000000000000
--- a/proto-public/pbmesh/v1alpha1/upstreams_configuration.pb.go
+++ /dev/null
@@ -1,695 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        (unknown)
-// source: pbmesh/v1alpha1/upstreams_configuration.proto
-
-package meshv1alpha1
-
-import (
-	v1alpha1 "github.com/hashicorp/consul/proto-public/pbcatalog/v1alpha1"
-	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	durationpb "google.golang.org/protobuf/types/known/durationpb"
-	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type UpstreamsConfiguration struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Selection of workloads these upstreams should apply to.
-	// These can be prefixes or specific workload names.
-	Workloads *v1alpha1.WorkloadSelector `protobuf:"bytes,1,opt,name=workloads,proto3" json:"workloads,omitempty"`
-	// default_config applies to all upstreams for the workloads selected by this resource.
-	DefaultConfig *UpstreamConfig `protobuf:"bytes,2,opt,name=default_config,json=defaultConfig,proto3" json:"default_config,omitempty"`
-	// config_overrides provides per-upstream or per-upstream-port config overrides.
-	ConfigOverrides []*UpstreamConfigOverrides `protobuf:"bytes,3,rep,name=config_overrides,json=configOverrides,proto3" json:"config_overrides,omitempty"`
-}
-
-func (x *UpstreamsConfiguration) Reset() {
-	*x = UpstreamsConfiguration{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *UpstreamsConfiguration) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*UpstreamsConfiguration) ProtoMessage() {}
-
-func (x *UpstreamsConfiguration) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use UpstreamsConfiguration.ProtoReflect.Descriptor instead.
-func (*UpstreamsConfiguration) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *UpstreamsConfiguration) GetWorkloads() *v1alpha1.WorkloadSelector {
-	if x != nil {
-		return x.Workloads
-	}
-	return nil
-}
-
-func (x *UpstreamsConfiguration) GetDefaultConfig() *UpstreamConfig {
-	if x != nil {
-		return x.DefaultConfig
-	}
-	return nil
-}
-
-func (x *UpstreamsConfiguration) GetConfigOverrides() []*UpstreamConfigOverrides {
-	if x != nil {
-		return x.ConfigOverrides
-	}
-	return nil
-}
-
-// UpstreamConfigOverrides allow to override upstream configuration per destination_ref/port/datacenter.
-// In that sense, those three fields (destination_ref, destination_port and datacenter) are treated
-// sort of like map keys and config is a like a map value for that key.
-type UpstreamConfigOverrides struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// destination_ref is the reference to an upstream service that this configuration applies to.
-	// This has to be pbcatalog.Service type.
-	DestinationRef *pbresource.Reference `protobuf:"bytes,1,opt,name=destination_ref,json=destinationRef,proto3" json:"destination_ref,omitempty"`
-	// destination_port is the port name of the upstream service. This should be the name
-	// of the service's target port. If not provided, this configuration will apply to all ports of an upstream.
-	DestinationPort string `protobuf:"bytes,2,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"`
-	// datacenter is the datacenter for where this upstream service lives.
-	Datacenter string `protobuf:"bytes,3,opt,name=datacenter,proto3" json:"datacenter,omitempty"`
-	// config is the configuration that should apply to this upstream.
-	Config *UpstreamConfig `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"`
-}
-
-func (x *UpstreamConfigOverrides) Reset() {
-	*x = UpstreamConfigOverrides{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *UpstreamConfigOverrides) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*UpstreamConfigOverrides) ProtoMessage() {}
-
-func (x *UpstreamConfigOverrides) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use UpstreamConfigOverrides.ProtoReflect.Descriptor instead.
-func (*UpstreamConfigOverrides) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *UpstreamConfigOverrides) GetDestinationRef() *pbresource.Reference {
-	if x != nil {
-		return x.DestinationRef
-	}
-	return nil
-}
-
-func (x *UpstreamConfigOverrides) GetDestinationPort() string {
-	if x != nil {
-		return x.DestinationPort
-	}
-	return ""
-}
-
-func (x *UpstreamConfigOverrides) GetDatacenter() string {
-	if x != nil {
-		return x.Datacenter
-	}
-	return ""
-}
-
-func (x *UpstreamConfigOverrides) GetConfig() *UpstreamConfig {
-	if x != nil {
-		return x.Config
-	}
-	return nil
-}
-
-type UpstreamConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// protocol overrides upstream's port protocol. If no port for an upstream is specified
-	// or if used in the default configuration, this protocol will be used for all ports
-	// or for all ports of all upstreams respectively.
-	Protocol v1alpha1.Protocol `protobuf:"varint,1,opt,name=protocol,proto3,enum=hashicorp.consul.catalog.v1alpha1.Protocol" json:"protocol,omitempty"`
-	// connect_timeout is the timeout used when making a new
-	// connection to this upstream. Defaults to 5 seconds if not set.
-	ConnectTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
-	// limits are the set of limits that are applied to the proxy for a specific upstream.
-	Limits *UpstreamLimits `protobuf:"bytes,3,opt,name=limits,proto3" json:"limits,omitempty"`
-	// passive_health_check configuration determines how upstream proxy instances will
-	// be monitored for removal from the load balancing pool.
-	PassiveHealthCheck *PassiveHealthCheck `protobuf:"bytes,4,opt,name=passive_health_check,json=passiveHealthCheck,proto3" json:"passive_health_check,omitempty"`
-	// balance_outbound_connections indicates how the proxy should attempt to distribute
-	// connections across worker threads.
-	BalanceOutboundConnections BalanceConnections `protobuf:"varint,5,opt,name=balance_outbound_connections,json=balanceOutboundConnections,proto3,enum=hashicorp.consul.mesh.v1alpha1.BalanceConnections" json:"balance_outbound_connections,omitempty"`
-	// MeshGatewayMode is the Mesh Gateway routing mode.
-	MeshGatewayMode MeshGatewayMode `protobuf:"varint,6,opt,name=mesh_gateway_mode,json=meshGatewayMode,proto3,enum=hashicorp.consul.mesh.v1alpha1.MeshGatewayMode" json:"mesh_gateway_mode,omitempty"`
-}
-
-func (x *UpstreamConfig) Reset() {
-	*x = UpstreamConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *UpstreamConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*UpstreamConfig) ProtoMessage() {}
-
-func (x *UpstreamConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use UpstreamConfig.ProtoReflect.Descriptor instead.
-func (*UpstreamConfig) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *UpstreamConfig) GetProtocol() v1alpha1.Protocol {
-	if x != nil {
-		return x.Protocol
-	}
-	return v1alpha1.Protocol(0)
-}
-
-func (x *UpstreamConfig) GetConnectTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.ConnectTimeout
-	}
-	return nil
-}
-
-func (x *UpstreamConfig) GetLimits() *UpstreamLimits {
-	if x != nil {
-		return x.Limits
-	}
-	return nil
-}
-
-func (x *UpstreamConfig) GetPassiveHealthCheck() *PassiveHealthCheck {
-	if x != nil {
-		return x.PassiveHealthCheck
-	}
-	return nil
-}
-
-func (x *UpstreamConfig) GetBalanceOutboundConnections() BalanceConnections {
-	if x != nil {
-		return x.BalanceOutboundConnections
-	}
-	return BalanceConnections_BALANCE_CONNECTIONS_DEFAULT
-}
-
-func (x *UpstreamConfig) GetMeshGatewayMode() MeshGatewayMode {
-	if x != nil {
-		return x.MeshGatewayMode
-	}
-	return MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED
-}
-
-// UpstreamLimits describes the limits that are associated with a specific
-// upstream of a service instance.
-type UpstreamLimits struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// max_connections is the maximum number of connections the local proxy can
-	// make to the upstream service.
-	MaxConnections *wrapperspb.UInt32Value `protobuf:"bytes,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"`
-	// max_pending_requests is the maximum number of requests that will be queued
-	// waiting for an available connection. This is mostly applicable to HTTP/1.1
-	// clusters since all HTTP/2 requests are streamed over a single
-	// connection.
-	MaxPendingRequests *wrapperspb.UInt32Value `protobuf:"bytes,2,opt,name=max_pending_requests,json=maxPendingRequests,proto3" json:"max_pending_requests,omitempty"`
-	// max_concurrent_requests is the maximum number of in-flight requests that will be allowed
-	// to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
-	// clusters since all HTTP/1.1 requests are limited by MaxConnections.
-	MaxConcurrentRequests *wrapperspb.UInt32Value `protobuf:"bytes,3,opt,name=max_concurrent_requests,json=maxConcurrentRequests,proto3" json:"max_concurrent_requests,omitempty"`
-}
-
-func (x *UpstreamLimits) Reset() {
-	*x = UpstreamLimits{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *UpstreamLimits) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*UpstreamLimits) ProtoMessage() {}
-
-func (x *UpstreamLimits) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use UpstreamLimits.ProtoReflect.Descriptor instead.
-func (*UpstreamLimits) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *UpstreamLimits) GetMaxConnections() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.MaxConnections
-	}
-	return nil
-}
-
-func (x *UpstreamLimits) GetMaxPendingRequests() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.MaxPendingRequests
-	}
-	return nil
-}
-
-func (x *UpstreamLimits) GetMaxConcurrentRequests() *wrapperspb.UInt32Value {
-	if x != nil {
-		return x.MaxConcurrentRequests
-	}
-	return nil
-}
-
-type PassiveHealthCheck struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// interval between health check analysis sweeps. Each sweep may remove
-	// hosts or return hosts to the pool.
-	Interval *durationpb.Duration `protobuf:"bytes,1,opt,name=interval,proto3" json:"interval,omitempty"`
-	// max_failures is the count of consecutive failures that results in a host
-	// being removed from the pool.
-	MaxFailures uint32 `protobuf:"varint,2,opt,name=max_failures,json=maxFailures,proto3" json:"max_failures,omitempty"`
-	// enforcing_consecutive_5xx is the % chance that a host will be actually ejected
-	// when an outlier status is detected through consecutive 5xx.
-	// This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
-	EnforcingConsecutive_5Xx uint32 `protobuf:"varint,3,opt,name=enforcing_consecutive_5xx,json=enforcingConsecutive5xx,proto3" json:"enforcing_consecutive_5xx,omitempty"`
-}
-
-func (x *PassiveHealthCheck) Reset() {
-	*x = PassiveHealthCheck{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *PassiveHealthCheck) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*PassiveHealthCheck) ProtoMessage() {}
-
-func (x *PassiveHealthCheck) ProtoReflect() protoreflect.Message {
-	mi := &file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use PassiveHealthCheck.ProtoReflect.Descriptor instead.
-func (*PassiveHealthCheck) Descriptor() ([]byte, []int) {
-	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *PassiveHealthCheck) GetInterval() *durationpb.Duration {
-	if x != nil {
-		return x.Interval
-	}
-	return nil
-}
-
-func (x *PassiveHealthCheck) GetMaxFailures() uint32 {
-	if x != nil {
-		return x.MaxFailures
-	}
-	return 0
-}
-
-func (x *PassiveHealthCheck) GetEnforcingConsecutive_5Xx() uint32 {
-	if x != nil {
-		return x.EnforcingConsecutive_5Xx
-	}
-	return 0
-}
-
-var File_pbmesh_v1alpha1_upstreams_configuration_proto protoreflect.FileDescriptor
-
-var file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDesc = []byte{
-	0x0a, 0x2d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
-	0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a,
-	0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
-	0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
-	0x21, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x1a, 0x21, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
-	0x63, 0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x22, 0xa6, 0x02, 0x0a, 0x16, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x51, 0x0a, 0x09,
-	0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65,
-	0x63, 0x74, 0x6f, 0x72, 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x12,
-	0x55, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
-	0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x62, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x5f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x52, 0x0f, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x22, 0xfb, 0x01, 0x0a, 0x17, 0x55,
-	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4f, 0x76, 0x65,
-	0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x12, 0x4d, 0x0a, 0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x24, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x66, 0x65,
-	0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0e, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x65, 0x66, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74,
-	0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72,
-	0x12, 0x46, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x9e, 0x04, 0x0a, 0x0e, 0x55, 0x70, 0x73,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x47, 0x0a, 0x08, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f,
-	0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x46, 0x0a, 0x06, 0x6c, 0x69, 0x6d, 0x69,
-	0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65,
-	0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x52, 0x06, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73,
-	0x12, 0x64, 0x0a, 0x14, 0x70, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x6c,
-	0x74, 0x68, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e,
-	0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65,
-	0x63, 0x6b, 0x52, 0x12, 0x70, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74,
-	0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x74, 0x0a, 0x1c, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63,
-	0x65, 0x5f, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x42, 0x61,
-	0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x52, 0x1a, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e,
-	0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5b, 0x0a, 0x11,
-	0x6d, 0x65, 0x73, 0x68, 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x6d, 0x6f, 0x64,
-	0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74,
-	0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x68, 0x47, 0x61,
-	0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0xfd, 0x01, 0x0a, 0x0e, 0x55, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x45, 0x0a, 0x0f,
-	0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x12, 0x4e, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69,
-	0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52,
-	0x12, 0x6d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x73, 0x12, 0x54, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75,
-	0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e,
-	0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0xaa, 0x01, 0x0a, 0x12, 0x50, 0x61,
-	0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b,
-	0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x78, 0x5f, 0x66,
-	0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x6d,
-	0x61, 0x78, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x65, 0x6e,
-	0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74,
-	0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x65,
-	0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74,
-	0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x42, 0xa3, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x1b, 0x55,
-	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69,
-	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d,
-	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73,
-	0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65,
-	0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d,
-	0x65, 0x73, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42,
-	0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65,
-	0x73, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescOnce sync.Once
-	file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescData = file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDesc
-)
-
-func file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescGZIP() []byte {
-	file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescOnce.Do(func() {
-		file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescData)
-	})
-	return file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDescData
-}
-
-var file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
-var file_pbmesh_v1alpha1_upstreams_configuration_proto_goTypes = []interface{}{
-	(*UpstreamsConfiguration)(nil),    // 0: hashicorp.consul.mesh.v1alpha1.UpstreamsConfiguration
-	(*UpstreamConfigOverrides)(nil),   // 1: hashicorp.consul.mesh.v1alpha1.UpstreamConfigOverrides
-	(*UpstreamConfig)(nil),            // 2: hashicorp.consul.mesh.v1alpha1.UpstreamConfig
-	(*UpstreamLimits)(nil),            // 3: hashicorp.consul.mesh.v1alpha1.UpstreamLimits
-	(*PassiveHealthCheck)(nil),        // 4: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck
-	(*v1alpha1.WorkloadSelector)(nil), // 5: hashicorp.consul.catalog.v1alpha1.WorkloadSelector
-	(*pbresource.Reference)(nil),      // 6: hashicorp.consul.resource.Reference
-	(v1alpha1.Protocol)(0),            // 7: hashicorp.consul.catalog.v1alpha1.Protocol
-	(*durationpb.Duration)(nil),       // 8: google.protobuf.Duration
-	(BalanceConnections)(0),           // 9: hashicorp.consul.mesh.v1alpha1.BalanceConnections
-	(MeshGatewayMode)(0),              // 10: hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
-	(*wrapperspb.UInt32Value)(nil),    // 11: google.protobuf.UInt32Value
-}
-var file_pbmesh_v1alpha1_upstreams_configuration_proto_depIdxs = []int32{
-	5,  // 0: hashicorp.consul.mesh.v1alpha1.UpstreamsConfiguration.workloads:type_name -> hashicorp.consul.catalog.v1alpha1.WorkloadSelector
-	2,  // 1: hashicorp.consul.mesh.v1alpha1.UpstreamsConfiguration.default_config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
-	1,  // 2: hashicorp.consul.mesh.v1alpha1.UpstreamsConfiguration.config_overrides:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfigOverrides
-	6,  // 3: hashicorp.consul.mesh.v1alpha1.UpstreamConfigOverrides.destination_ref:type_name -> hashicorp.consul.resource.Reference
-	2,  // 4: hashicorp.consul.mesh.v1alpha1.UpstreamConfigOverrides.config:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamConfig
-	7,  // 5: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.protocol:type_name -> hashicorp.consul.catalog.v1alpha1.Protocol
-	8,  // 6: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.connect_timeout:type_name -> google.protobuf.Duration
-	3,  // 7: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.limits:type_name -> hashicorp.consul.mesh.v1alpha1.UpstreamLimits
-	4,  // 8: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.passive_health_check:type_name -> hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck
-	9,  // 9: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.balance_outbound_connections:type_name -> hashicorp.consul.mesh.v1alpha1.BalanceConnections
-	10, // 10: hashicorp.consul.mesh.v1alpha1.UpstreamConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v1alpha1.MeshGatewayMode
-	11, // 11: hashicorp.consul.mesh.v1alpha1.UpstreamLimits.max_connections:type_name -> google.protobuf.UInt32Value
-	11, // 12: hashicorp.consul.mesh.v1alpha1.UpstreamLimits.max_pending_requests:type_name -> google.protobuf.UInt32Value
-	11, // 13: hashicorp.consul.mesh.v1alpha1.UpstreamLimits.max_concurrent_requests:type_name -> google.protobuf.UInt32Value
-	8,  // 14: hashicorp.consul.mesh.v1alpha1.PassiveHealthCheck.interval:type_name -> google.protobuf.Duration
-	15, // [15:15] is the sub-list for method output_type
-	15, // [15:15] is the sub-list for method input_type
-	15, // [15:15] is the sub-list for extension type_name
-	15, // [15:15] is the sub-list for extension extendee
-	0,  // [0:15] is the sub-list for field type_name
-}
-
-func init() { file_pbmesh_v1alpha1_upstreams_configuration_proto_init() }
-func file_pbmesh_v1alpha1_upstreams_configuration_proto_init() {
-	if File_pbmesh_v1alpha1_upstreams_configuration_proto != nil {
-		return
-	}
-	file_pbmesh_v1alpha1_connection_proto_init()
-	file_pbmesh_v1alpha1_routing_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpstreamsConfiguration); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpstreamConfigOverrides); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpstreamConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpstreamLimits); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PassiveHealthCheck); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   5,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_pbmesh_v1alpha1_upstreams_configuration_proto_goTypes,
-		DependencyIndexes: file_pbmesh_v1alpha1_upstreams_configuration_proto_depIdxs,
-		MessageInfos:      file_pbmesh_v1alpha1_upstreams_configuration_proto_msgTypes,
-	}.Build()
-	File_pbmesh_v1alpha1_upstreams_configuration_proto = out.File
-	file_pbmesh_v1alpha1_upstreams_configuration_proto_rawDesc = nil
-	file_pbmesh_v1alpha1_upstreams_configuration_proto_goTypes = nil
-	file_pbmesh_v1alpha1_upstreams_configuration_proto_depIdxs = nil
-}
diff --git a/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto b/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
deleted file mode 100644
index 81bbbf5f8269..000000000000
--- a/proto-public/pbmesh/v1alpha1/upstreams_configuration.proto
+++ /dev/null
@@ -1,104 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: MPL-2.0
-
-syntax = "proto3";
-
-package hashicorp.consul.mesh.v1alpha1;
-
-import "google/protobuf/duration.proto";
-import "google/protobuf/wrappers.proto";
-import "pbcatalog/v1alpha1/protocol.proto";
-import "pbcatalog/v1alpha1/selector.proto";
-import "pbmesh/v1alpha1/connection.proto";
-import "pbmesh/v1alpha1/routing.proto";
-import "pbresource/resource.proto";
-
-message UpstreamsConfiguration {
-  // Selection of workloads these upstreams should apply to.
-  // These can be prefixes or specific workload names.
-  hashicorp.consul.catalog.v1alpha1.WorkloadSelector workloads = 1;
-
-  // default_config applies to all upstreams for the workloads selected by this resource.
-  UpstreamConfig default_config = 2;
-
-  // config_overrides provides per-upstream or per-upstream-port config overrides.
-  repeated UpstreamConfigOverrides config_overrides = 3;
-}
-
-// UpstreamConfigOverrides allow to override upstream configuration per destination_ref/port/datacenter.
-// In that sense, those three fields (destination_ref, destination_port and datacenter) are treated
-// sort of like map keys and config is a like a map value for that key.
-message UpstreamConfigOverrides {
-  // destination_ref is the reference to an upstream service that this configuration applies to.
-  // This has to be pbcatalog.Service type.
-  hashicorp.consul.resource.Reference destination_ref = 1;
-
-  // destination_port is the port name of the upstream service. This should be the name
-  // of the service's target port. If not provided, this configuration will apply to all ports of an upstream.
-  string destination_port = 2;
-
-  // datacenter is the datacenter for where this upstream service lives.
-  string datacenter = 3;
-
-  // config is the configuration that should apply to this upstream.
-  UpstreamConfig config = 4;
-}
-
-message UpstreamConfig {
-  // protocol overrides upstream's port protocol. If no port for an upstream is specified
-  // or if used in the default configuration, this protocol will be used for all ports
-  // or for all ports of all upstreams respectively.
-  hashicorp.consul.catalog.v1alpha1.Protocol protocol = 1;
-
-  // connect_timeout is the timeout used when making a new
-  // connection to this upstream. Defaults to 5 seconds if not set.
-  google.protobuf.Duration connect_timeout = 2;
-
-  // limits are the set of limits that are applied to the proxy for a specific upstream.
-  UpstreamLimits limits = 3;
-
-  // passive_health_check configuration determines how upstream proxy instances will
-  // be monitored for removal from the load balancing pool.
-  PassiveHealthCheck passive_health_check = 4;
-
-  // balance_outbound_connections indicates how the proxy should attempt to distribute
-  // connections across worker threads.
-  BalanceConnections balance_outbound_connections = 5;
-
-  // MeshGatewayMode is the Mesh Gateway routing mode.
-  MeshGatewayMode mesh_gateway_mode = 6;
-}
-
-// UpstreamLimits describes the limits that are associated with a specific
-// upstream of a service instance.
-message UpstreamLimits {
-  // max_connections is the maximum number of connections the local proxy can
-  // make to the upstream service.
-  google.protobuf.UInt32Value max_connections = 1;
-
-  // max_pending_requests is the maximum number of requests that will be queued
-  // waiting for an available connection. This is mostly applicable to HTTP/1.1
-  // clusters since all HTTP/2 requests are streamed over a single
-  // connection.
-  google.protobuf.UInt32Value max_pending_requests = 2;
-
-  // max_concurrent_requests is the maximum number of in-flight requests that will be allowed
-  // to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
-  // clusters since all HTTP/1.1 requests are limited by MaxConnections.
-  google.protobuf.UInt32Value max_concurrent_requests = 3;
-}
-
-message PassiveHealthCheck {
-  // interval between health check analysis sweeps. Each sweep may remove
-  // hosts or return hosts to the pool.
-  google.protobuf.Duration interval = 1;
-
-  // max_failures is the count of consecutive failures that results in a host
-  // being removed from the pool.
-  uint32 max_failures = 2;
-
-  // enforcing_consecutive_5xx is the % chance that a host will be actually ejected
-  // when an outlier status is detected through consecutive 5xx.
-  // This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
-  uint32 enforcing_consecutive_5xx = 3;
-}
diff --git a/proto-public/pbmesh/v1alpha1/xroute_addons.go b/proto-public/pbmesh/v1alpha1/xroute_addons.go
deleted file mode 100644
index e85177d5160e..000000000000
--- a/proto-public/pbmesh/v1alpha1/xroute_addons.go
+++ /dev/null
@@ -1,91 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package meshv1alpha1
-
-// GetUnderlyingBackendRefs will collect BackendReferences from all rules and
-// bundle them up in one slice, unwrapping the HTTP-specifics in the process.
-//
-// This implements an XRouteWithRefs interface in the internal/mesh package.
-//
-// NOTE: no deduplication occurs.
-func (x *HTTPRoute) GetUnderlyingBackendRefs() []*BackendReference {
-	if x == nil {
-		return nil
-	}
-
-	estimate := 0
-	for _, rule := range x.Rules {
-		estimate += len(rule.BackendRefs)
-	}
-
-	backendRefs := make([]*BackendReference, 0, estimate)
-	for _, rule := range x.Rules {
-		for _, backendRef := range rule.BackendRefs {
-			backendRefs = append(backendRefs, backendRef.BackendRef)
-		}
-	}
-	return backendRefs
-}
-
-// GetUnderlyingBackendRefs will collect BackendReferences from all rules and
-// bundle them up in one slice, unwrapping the GRPC-specifics in the process.
-//
-// This implements an XRouteWithRefs interface in the internal/mesh package.
-//
-// NOTE: no deduplication occurs.
-func (x *GRPCRoute) GetUnderlyingBackendRefs() []*BackendReference {
-	if x == nil {
-		return nil
-	}
-
-	estimate := 0
-	for _, rule := range x.Rules {
-		estimate += len(rule.BackendRefs)
-	}
-
-	backendRefs := make([]*BackendReference, 0, estimate)
-	for _, rule := range x.Rules {
-		for _, backendRef := range rule.BackendRefs {
-			backendRefs = append(backendRefs, backendRef.BackendRef)
-		}
-	}
-	return backendRefs
-}
-
-// GetUnderlyingBackendRefs will collect BackendReferences from all rules and
-// bundle them up in one slice, unwrapping the TCP-specifics in the process.
-//
-// This implements an XRouteWithRefs interface in the internal/mesh package.
-//
-// NOTE: no deduplication occurs.
-func (x *TCPRoute) GetUnderlyingBackendRefs() []*BackendReference {
-	if x == nil {
-		return nil
-	}
-
-	estimate := 0
-	for _, rule := range x.Rules {
-		estimate += len(rule.BackendRefs)
-	}
-
-	backendRefs := make([]*BackendReference, 0, estimate)
-
-	for _, rule := range x.Rules {
-		for _, backendRef := range rule.BackendRefs {
-			backendRefs = append(backendRefs, backendRef.BackendRef)
-		}
-	}
-	return backendRefs
-}
-
-// IsHashBased returns true if the policy is a hash-based policy such as maglev
-// or ring hash.
-func (p LoadBalancerPolicy) IsHashBased() bool {
-	switch p {
-	case LoadBalancerPolicy_LOAD_BALANCER_POLICY_MAGLEV,
-		LoadBalancerPolicy_LOAD_BALANCER_POLICY_RING_HASH:
-		return true
-	}
-	return false
-}
diff --git a/proto-public/pbmesh/v1alpha1/xroute_addons_test.go b/proto-public/pbmesh/v1alpha1/xroute_addons_test.go
deleted file mode 100644
index ce15282de825..000000000000
--- a/proto-public/pbmesh/v1alpha1/xroute_addons_test.go
+++ /dev/null
@@ -1,174 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package meshv1alpha1
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/encoding/protojson"
-	"google.golang.org/protobuf/proto"
-
-	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-type routeWithAddons interface {
-	proto.Message
-	GetUnderlyingBackendRefs() []*BackendReference
-}
-
-func TestXRoute_GetUnderlyingBackendRefs(t *testing.T) {
-	type testcase struct {
-		route  routeWithAddons
-		expect []*BackendReference
-	}
-
-	run := func(t *testing.T, tc testcase) {
-		got := tc.route.GetUnderlyingBackendRefs()
-		require.ElementsMatch(t, stringifyList(tc.expect), stringifyList(got))
-	}
-
-	cases := map[string]testcase{
-		"http: nil": {
-			route: (*HTTPRoute)(nil),
-		},
-		"grpc: nil": {
-			route: (*GRPCRoute)(nil),
-		},
-		"tcp: nil": {
-			route: (*TCPRoute)(nil),
-		},
-		"http: kitchen sink": {
-			route: &HTTPRoute{
-				Rules: []*HTTPRouteRule{
-					{BackendRefs: []*HTTPBackendRef{
-						{BackendRef: newBackendRef("aa")},
-					}},
-					{BackendRefs: []*HTTPBackendRef{
-						{BackendRef: newBackendRef("bb")},
-					}},
-					{BackendRefs: []*HTTPBackendRef{
-						{BackendRef: newBackendRef("cc")},
-						{BackendRef: newBackendRef("dd")},
-					}},
-					{BackendRefs: []*HTTPBackendRef{
-						{BackendRef: newBackendRef("ee")},
-						{BackendRef: newBackendRef("ff")},
-					}},
-				},
-			},
-			expect: []*BackendReference{
-				newBackendRef("aa"),
-				newBackendRef("bb"),
-				newBackendRef("cc"),
-				newBackendRef("dd"),
-				newBackendRef("ee"),
-				newBackendRef("ff"),
-			},
-		},
-		"grpc: kitchen sink": {
-			route: &GRPCRoute{
-				Rules: []*GRPCRouteRule{
-					{BackendRefs: []*GRPCBackendRef{
-						{BackendRef: newBackendRef("aa")},
-					}},
-					{BackendRefs: []*GRPCBackendRef{
-						{BackendRef: newBackendRef("bb")},
-					}},
-					{BackendRefs: []*GRPCBackendRef{
-						{BackendRef: newBackendRef("cc")},
-						{BackendRef: newBackendRef("dd")},
-					}},
-					{BackendRefs: []*GRPCBackendRef{
-						{BackendRef: newBackendRef("ee")},
-						{BackendRef: newBackendRef("ff")},
-					}},
-				},
-			},
-			expect: []*BackendReference{
-				newBackendRef("aa"),
-				newBackendRef("bb"),
-				newBackendRef("cc"),
-				newBackendRef("dd"),
-				newBackendRef("ee"),
-				newBackendRef("ff"),
-			},
-		},
-		"tcp: kitchen sink": {
-			route: &TCPRoute{
-				Rules: []*TCPRouteRule{
-					{BackendRefs: []*TCPBackendRef{
-						{BackendRef: newBackendRef("aa")},
-					}},
-					{BackendRefs: []*TCPBackendRef{
-						{BackendRef: newBackendRef("bb")},
-					}},
-					{BackendRefs: []*TCPBackendRef{
-						{BackendRef: newBackendRef("cc")},
-						{BackendRef: newBackendRef("dd")},
-					}},
-					{BackendRefs: []*TCPBackendRef{
-						{BackendRef: newBackendRef("ee")},
-						{BackendRef: newBackendRef("ff")},
-					}},
-				},
-			},
-			expect: []*BackendReference{
-				newBackendRef("aa"),
-				newBackendRef("bb"),
-				newBackendRef("cc"),
-				newBackendRef("dd"),
-				newBackendRef("ee"),
-				newBackendRef("ff"),
-			},
-		},
-	}
-
-	for name, tc := range cases {
-		t.Run(name, func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
-
-func protoToString[V proto.Message](pb V) string {
-	m := protojson.MarshalOptions{
-		Indent: "  ",
-	}
-	gotJSON, err := m.Marshal(pb)
-	if err != nil {
-		return "<ERR: " + err.Error() + ">"
-	}
-	return string(gotJSON)
-}
-
-func newRouteRef(name string) *pbresource.Reference {
-	return &pbresource.Reference{
-		Type: &pbresource.Type{
-			Group:        "fake",
-			GroupVersion: "v1alpha1",
-			Kind:         "fake",
-		},
-		Tenancy: &pbresource.Tenancy{
-			Partition: "default",
-			Namespace: "default",
-			PeerName:  "local",
-		},
-		Name: name,
-	}
-}
-
-func newBackendRef(name string) *BackendReference {
-	return &BackendReference{
-		Ref: newRouteRef(name),
-	}
-}
-
-func stringifyList[V proto.Message](list []V) []string {
-	out := make([]string, 0, len(list))
-	for _, item := range list {
-		out = append(out, protoToString(item))
-	}
-	return out
-}
diff --git a/proto/buf.gen.yaml b/proto/buf.gen.yaml
index efb9703b10ba..e8a1a956ab86 100644
--- a/proto/buf.gen.yaml
+++ b/proto/buf.gen.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 version: v1
 managed:
diff --git a/proto/buf.yaml b/proto/buf.yaml
index d367418c824b..de63034c3c1b 100644
--- a/proto/buf.yaml
+++ b/proto/buf.yaml
@@ -1,9 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 version: v1
-deps:
-  - buf.build/hashicorp/consul
 lint:
   use:
     - DEFAULT
diff --git a/proto/private/pbacl/acl.go b/proto/private/pbacl/acl.go
index 5c9cc6285e6c..3d3b8de5204a 100644
--- a/proto/private/pbacl/acl.go
+++ b/proto/private/pbacl/acl.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbacl
 
diff --git a/proto/private/pbacl/acl.pb.go b/proto/private/pbacl/acl.pb.go
index f6aa5c3418cf..e8d0719e8d6b 100644
--- a/proto/private/pbacl/acl.pb.go
+++ b/proto/private/pbacl/acl.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbacl/acl.proto b/proto/private/pbacl/acl.proto
index 0fa9ecd89dc6..4a96f2671c31 100644
--- a/proto/private/pbacl/acl.proto
+++ b/proto/private/pbacl/acl.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto/private/pbautoconf/auto_config.go b/proto/private/pbautoconf/auto_config.go
index 39d37d1dc8b0..e2de2f18d9cc 100644
--- a/proto/private/pbautoconf/auto_config.go
+++ b/proto/private/pbautoconf/auto_config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbautoconf
 
diff --git a/proto/private/pbautoconf/auto_config.pb.go b/proto/private/pbautoconf/auto_config.pb.go
index a9b4c2c89168..55da1b07f972 100644
--- a/proto/private/pbautoconf/auto_config.pb.go
+++ b/proto/private/pbautoconf/auto_config.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbautoconf/auto_config.proto b/proto/private/pbautoconf/auto_config.proto
index a0f4440d7904..a16710765593 100644
--- a/proto/private/pbautoconf/auto_config.proto
+++ b/proto/private/pbautoconf/auto_config.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto/private/pbautoconf/auto_config_ce.go b/proto/private/pbautoconf/auto_config_ce.go
index 032ca67ba3c7..1cab31f171c3 100644
--- a/proto/private/pbautoconf/auto_config_ce.go
+++ b/proto/private/pbautoconf/auto_config_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/proto/private/pbcommon/common.go b/proto/private/pbcommon/common.go
index ecf935d75f14..e05c0a970a88 100644
--- a/proto/private/pbcommon/common.go
+++ b/proto/private/pbcommon/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbcommon
 
diff --git a/proto/private/pbcommon/common.pb.go b/proto/private/pbcommon/common.pb.go
index fc6928184132..dd6240ad85e9 100644
--- a/proto/private/pbcommon/common.pb.go
+++ b/proto/private/pbcommon/common.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbcommon/common.proto b/proto/private/pbcommon/common.proto
index 2296dc69d628..a86aa2dde53d 100644
--- a/proto/private/pbcommon/common.proto
+++ b/proto/private/pbcommon/common.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto/private/pbcommon/common_ce.go b/proto/private/pbcommon/common_ce.go
index 94aef583a1a2..c0ce9b27f850 100644
--- a/proto/private/pbcommon/common_ce.go
+++ b/proto/private/pbcommon/common_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/proto/private/pbcommon/convert_pbstruct.go b/proto/private/pbcommon/convert_pbstruct.go
index f21d9a40ed49..e48dce9ae6e0 100644
--- a/proto/private/pbcommon/convert_pbstruct.go
+++ b/proto/private/pbcommon/convert_pbstruct.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbcommon
 
diff --git a/proto/private/pbcommon/convert_pbstruct_test.go b/proto/private/pbcommon/convert_pbstruct_test.go
index 82f52c699288..543129fdfd2f 100644
--- a/proto/private/pbcommon/convert_pbstruct_test.go
+++ b/proto/private/pbcommon/convert_pbstruct_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbcommon
 
diff --git a/proto/private/pbconfig/config.pb.go b/proto/private/pbconfig/config.pb.go
index ce8e43c7ce91..61c394944f7a 100644
--- a/proto/private/pbconfig/config.pb.go
+++ b/proto/private/pbconfig/config.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbconfig/config.proto b/proto/private/pbconfig/config.proto
index 96a0f1cae04e..79b4a3669e8b 100644
--- a/proto/private/pbconfig/config.proto
+++ b/proto/private/pbconfig/config.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto/private/pbconfigentry/config_entry.gen.go b/proto/private/pbconfigentry/config_entry.gen.go
index 61238fc91d80..ca75146af425 100644
--- a/proto/private/pbconfigentry/config_entry.gen.go
+++ b/proto/private/pbconfigentry/config_entry.gen.go
@@ -53,16 +53,6 @@ func APIGatewayListenerToStructs(s *APIGatewayListener, t *structs.APIGatewayLis
 	if s.TLS != nil {
 		APIGatewayTLSConfigurationToStructs(s.TLS, &t.TLS)
 	}
-	if s.Override != nil {
-		var x structs.APIGatewayPolicy
-		APIGatewayPolicyToStructs(s.Override, &x)
-		t.Override = &x
-	}
-	if s.Default != nil {
-		var x structs.APIGatewayPolicy
-		APIGatewayPolicyToStructs(s.Default, &x)
-		t.Default = &x
-	}
 }
 func APIGatewayListenerFromStructs(t *structs.APIGatewayListener, s *APIGatewayListener) {
 	if s == nil {
@@ -77,28 +67,6 @@ func APIGatewayListenerFromStructs(t *structs.APIGatewayListener, s *APIGatewayL
 		APIGatewayTLSConfigurationFromStructs(&t.TLS, &x)
 		s.TLS = &x
 	}
-	if t.Override != nil {
-		var x APIGatewayPolicy
-		APIGatewayPolicyFromStructs(t.Override, &x)
-		s.Override = &x
-	}
-	if t.Default != nil {
-		var x APIGatewayPolicy
-		APIGatewayPolicyFromStructs(t.Default, &x)
-		s.Default = &x
-	}
-}
-func APIGatewayPolicyToStructs(s *APIGatewayPolicy, t *structs.APIGatewayPolicy) {
-	if s == nil {
-		return
-	}
-	t.JWT = gwJWTRequirementToStructs(s.JWT)
-}
-func APIGatewayPolicyFromStructs(t *structs.APIGatewayPolicy, s *APIGatewayPolicy) {
-	if s == nil {
-		return
-	}
-	s.JWT = gwJWTRequirementFromStructs(t.JWT)
 }
 func APIGatewayTLSConfigurationToStructs(s *APIGatewayTLSConfiguration, t *structs.APIGatewayTLSConfiguration) {
 	if s == nil {
@@ -401,17 +369,6 @@ func HTTPFiltersToStructs(s *HTTPFilters, t *structs.HTTPFilters) {
 		URLRewriteToStructs(s.URLRewrite, &x)
 		t.URLRewrite = &x
 	}
-	if s.RetryFilter != nil {
-		var x structs.RetryFilter
-		RetryFilterToStructs(s.RetryFilter, &x)
-		t.RetryFilter = &x
-	}
-	if s.TimeoutFilter != nil {
-		var x structs.TimeoutFilter
-		TimeoutFilterToStructs(s.TimeoutFilter, &x)
-		t.TimeoutFilter = &x
-	}
-	t.JWT = routeJWTFilterToStructs(s.JWT)
 }
 func HTTPFiltersFromStructs(t *structs.HTTPFilters, s *HTTPFilters) {
 	if s == nil {
@@ -432,17 +389,6 @@ func HTTPFiltersFromStructs(t *structs.HTTPFilters, s *HTTPFilters) {
 		URLRewriteFromStructs(t.URLRewrite, &x)
 		s.URLRewrite = &x
 	}
-	if t.RetryFilter != nil {
-		var x RetryFilter
-		RetryFilterFromStructs(t.RetryFilter, &x)
-		s.RetryFilter = &x
-	}
-	if t.TimeoutFilter != nil {
-		var x TimeoutFilter
-		TimeoutFilterFromStructs(t.TimeoutFilter, &x)
-		s.TimeoutFilter = &x
-	}
-	s.JWT = routeJWTFilterFromStructs(t.JWT)
 }
 func HTTPHeaderFilterToStructs(s *HTTPHeaderFilter, t *structs.HTTPHeaderFilter) {
 	if s == nil {
@@ -938,58 +884,6 @@ func InlineCertificateFromStructs(t *structs.InlineCertificateConfigEntry, s *In
 	s.PrivateKey = t.PrivateKey
 	s.Meta = t.Meta
 }
-func InstanceLevelRateLimitsToStructs(s *InstanceLevelRateLimits, t *structs.InstanceLevelRateLimits) {
-	if s == nil {
-		return
-	}
-	t.RequestsPerSecond = int(s.RequestsPerSecond)
-	t.RequestsMaxBurst = int(s.RequestsMaxBurst)
-	{
-		t.Routes = make([]structs.InstanceLevelRouteRateLimits, len(s.Routes))
-		for i := range s.Routes {
-			if s.Routes[i] != nil {
-				InstanceLevelRouteRateLimitsToStructs(s.Routes[i], &t.Routes[i])
-			}
-		}
-	}
-}
-func InstanceLevelRateLimitsFromStructs(t *structs.InstanceLevelRateLimits, s *InstanceLevelRateLimits) {
-	if s == nil {
-		return
-	}
-	s.RequestsPerSecond = uint32(t.RequestsPerSecond)
-	s.RequestsMaxBurst = uint32(t.RequestsMaxBurst)
-	{
-		s.Routes = make([]*InstanceLevelRouteRateLimits, len(t.Routes))
-		for i := range t.Routes {
-			{
-				var x InstanceLevelRouteRateLimits
-				InstanceLevelRouteRateLimitsFromStructs(&t.Routes[i], &x)
-				s.Routes[i] = &x
-			}
-		}
-	}
-}
-func InstanceLevelRouteRateLimitsToStructs(s *InstanceLevelRouteRateLimits, t *structs.InstanceLevelRouteRateLimits) {
-	if s == nil {
-		return
-	}
-	t.PathExact = s.PathExact
-	t.PathPrefix = s.PathPrefix
-	t.PathRegex = s.PathRegex
-	t.RequestsPerSecond = int(s.RequestsPerSecond)
-	t.RequestsMaxBurst = int(s.RequestsMaxBurst)
-}
-func InstanceLevelRouteRateLimitsFromStructs(t *structs.InstanceLevelRouteRateLimits, s *InstanceLevelRouteRateLimits) {
-	if s == nil {
-		return
-	}
-	s.PathExact = t.PathExact
-	s.PathPrefix = t.PathPrefix
-	s.PathRegex = t.PathRegex
-	s.RequestsPerSecond = uint32(t.RequestsPerSecond)
-	s.RequestsMaxBurst = uint32(t.RequestsMaxBurst)
-}
 func IntentionHTTPHeaderPermissionToStructs(s *IntentionHTTPHeaderPermission, t *structs.IntentionHTTPHeaderPermission) {
 	if s == nil {
 		return
@@ -1700,24 +1594,6 @@ func PeeringMeshConfigFromStructs(t *structs.PeeringMeshConfig, s *PeeringMeshCo
 	}
 	s.PeerThroughMeshGateways = t.PeerThroughMeshGateways
 }
-func RateLimitsToStructs(s *RateLimits, t *structs.RateLimits) {
-	if s == nil {
-		return
-	}
-	if s.InstanceLevel != nil {
-		InstanceLevelRateLimitsToStructs(s.InstanceLevel, &t.InstanceLevel)
-	}
-}
-func RateLimitsFromStructs(t *structs.RateLimits, s *RateLimits) {
-	if s == nil {
-		return
-	}
-	{
-		var x InstanceLevelRateLimits
-		InstanceLevelRateLimitsFromStructs(&t.InstanceLevel, &x)
-		s.InstanceLevel = &x
-	}
-}
 func RemoteJWKSToStructs(s *RemoteJWKS, t *structs.RemoteJWKS) {
 	if s == nil {
 		return
@@ -1774,24 +1650,6 @@ func ResourceReferenceFromStructs(t *structs.ResourceReference, s *ResourceRefer
 	s.SectionName = t.SectionName
 	s.EnterpriseMeta = enterpriseMetaFromStructs(t.EnterpriseMeta)
 }
-func RetryFilterToStructs(s *RetryFilter, t *structs.RetryFilter) {
-	if s == nil {
-		return
-	}
-	t.NumRetries = &s.NumRetries
-	t.RetryOn = s.RetryOn
-	t.RetryOnStatusCodes = s.RetryOnStatusCodes
-	t.RetryOnConnectFailure = &s.RetryOnConnectFailure
-}
-func RetryFilterFromStructs(t *structs.RetryFilter, s *RetryFilter) {
-	if s == nil {
-		return
-	}
-	s.NumRetries = *t.NumRetries
-	s.RetryOn = t.RetryOn
-	s.RetryOnStatusCodes = t.RetryOnStatusCodes
-	s.RetryOnConnectFailure = *t.RetryOnConnectFailure
-}
 func RetryPolicyBackOffToStructs(s *RetryPolicyBackOff, t *structs.RetryPolicyBackOff) {
 	if s == nil {
 		return
@@ -1903,11 +1761,6 @@ func ServiceDefaultsToStructs(s *ServiceDefaults, t *structs.ServiceConfigEntry)
 	t.LocalConnectTimeoutMs = int(s.LocalConnectTimeoutMs)
 	t.LocalRequestTimeoutMs = int(s.LocalRequestTimeoutMs)
 	t.BalanceInboundConnections = s.BalanceInboundConnections
-	if s.RateLimits != nil {
-		var x structs.RateLimits
-		RateLimitsToStructs(s.RateLimits, &x)
-		t.RateLimits = &x
-	}
 	t.EnvoyExtensions = EnvoyExtensionsToStructs(s.EnvoyExtensions)
 	t.Meta = s.Meta
 }
@@ -1948,11 +1801,6 @@ func ServiceDefaultsFromStructs(t *structs.ServiceConfigEntry, s *ServiceDefault
 	s.LocalConnectTimeoutMs = int32(t.LocalConnectTimeoutMs)
 	s.LocalRequestTimeoutMs = int32(t.LocalRequestTimeoutMs)
 	s.BalanceInboundConnections = t.BalanceInboundConnections
-	if t.RateLimits != nil {
-		var x RateLimits
-		RateLimitsFromStructs(t.RateLimits, &x)
-		s.RateLimits = &x
-	}
 	s.EnvoyExtensions = EnvoyExtensionsFromStructs(t.EnvoyExtensions)
 	s.Meta = t.Meta
 }
@@ -2376,20 +2224,6 @@ func TCPServiceFromStructs(t *structs.TCPService, s *TCPService) {
 	s.Name = t.Name
 	s.EnterpriseMeta = enterpriseMetaFromStructs(t.EnterpriseMeta)
 }
-func TimeoutFilterToStructs(s *TimeoutFilter, t *structs.TimeoutFilter) {
-	if s == nil {
-		return
-	}
-	t.RequestTimeout = structs.DurationFromProto(s.RequestTimeout)
-	t.IdleTimeout = structs.DurationFromProto(s.IdleTimeout)
-}
-func TimeoutFilterFromStructs(t *structs.TimeoutFilter, s *TimeoutFilter) {
-	if s == nil {
-		return
-	}
-	s.RequestTimeout = structs.DurationToProto(t.RequestTimeout)
-	s.IdleTimeout = structs.DurationToProto(t.IdleTimeout)
-}
 func TransparentProxyConfigToStructs(s *TransparentProxyConfig, t *structs.TransparentProxyConfig) {
 	if s == nil {
 		return
diff --git a/proto/private/pbconfigentry/config_entry.go b/proto/private/pbconfigentry/config_entry.go
index 8ddfde8cccfb..705c87d0131e 100644
--- a/proto/private/pbconfigentry/config_entry.go
+++ b/proto/private/pbconfigentry/config_entry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbconfigentry
 
diff --git a/proto/private/pbconfigentry/config_entry.pb.binary.go b/proto/private/pbconfigentry/config_entry.pb.binary.go
index 9d8e6dc97022..bd9bac6c7e76 100644
--- a/proto/private/pbconfigentry/config_entry.pb.binary.go
+++ b/proto/private/pbconfigentry/config_entry.pb.binary.go
@@ -457,36 +457,6 @@ func (msg *DestinationConfig) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
 
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *RateLimits) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *RateLimits) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InstanceLevelRateLimits) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InstanceLevelRateLimits) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *InstanceLevelRouteRateLimits) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *InstanceLevelRouteRateLimits) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
 // MarshalBinary implements encoding.BinaryMarshaler
 func (msg *APIGateway) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
@@ -537,46 +507,6 @@ func (msg *APIGatewayTLSConfiguration) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
 
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *APIGatewayPolicy) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *APIGatewayPolicy) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *APIGatewayJWTRequirement) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *APIGatewayJWTRequirement) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *APIGatewayJWTProvider) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *APIGatewayJWTProvider) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *APIGatewayJWTClaimVerification) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *APIGatewayJWTClaimVerification) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
 // MarshalBinary implements encoding.BinaryMarshaler
 func (msg *ResourceReference) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
@@ -697,36 +627,6 @@ func (msg *URLRewrite) UnmarshalBinary(b []byte) error {
 	return proto.Unmarshal(b, msg)
 }
 
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *RetryFilter) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *RetryFilter) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *TimeoutFilter) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *TimeoutFilter) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *JWTFilter) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *JWTFilter) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
 // MarshalBinary implements encoding.BinaryMarshaler
 func (msg *HTTPHeaderFilter) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
diff --git a/proto/private/pbconfigentry/config_entry.pb.go b/proto/private/pbconfigentry/config_entry.pb.go
index 2369142dddf8..2977d593f824 100644
--- a/proto/private/pbconfigentry/config_entry.pb.go
+++ b/proto/private/pbconfigentry/config_entry.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
@@ -3475,7 +3475,6 @@ type ServiceDefaults struct {
 	// mog: func-to=int func-from=int32
 	LocalRequestTimeoutMs     int32             `protobuf:"varint,11,opt,name=LocalRequestTimeoutMs,proto3" json:"LocalRequestTimeoutMs,omitempty"`
 	BalanceInboundConnections string            `protobuf:"bytes,12,opt,name=BalanceInboundConnections,proto3" json:"BalanceInboundConnections,omitempty"`
-	RateLimits                *RateLimits       `protobuf:"bytes,16,opt,name=RateLimits,proto3" json:"RateLimits,omitempty"`
 	Meta                      map[string]string `protobuf:"bytes,13,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// mog: func-to=EnvoyExtensionsToStructs func-from=EnvoyExtensionsFromStructs
 	EnvoyExtensions []*pbcommon.EnvoyExtension `protobuf:"bytes,14,rep,name=EnvoyExtensions,proto3" json:"EnvoyExtensions,omitempty"`
@@ -3599,13 +3598,6 @@ func (x *ServiceDefaults) GetBalanceInboundConnections() string {
 	return ""
 }
 
-func (x *ServiceDefaults) GetRateLimits() *RateLimits {
-	if x != nil {
-		return x.RateLimits
-	}
-	return nil
-}
-
 func (x *ServiceDefaults) GetMeta() map[string]string {
 	if x != nil {
 		return x.Meta
@@ -4301,214 +4293,6 @@ func (x *DestinationConfig) GetPort() int32 {
 	return 0
 }
 
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.RateLimits
-// output=config_entry.gen.go
-// name=Structs
-type RateLimits struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	InstanceLevel *InstanceLevelRateLimits `protobuf:"bytes,1,opt,name=InstanceLevel,proto3" json:"InstanceLevel,omitempty"`
-}
-
-func (x *RateLimits) Reset() {
-	*x = RateLimits{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[45]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RateLimits) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RateLimits) ProtoMessage() {}
-
-func (x *RateLimits) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[45]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RateLimits.ProtoReflect.Descriptor instead.
-func (*RateLimits) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{45}
-}
-
-func (x *RateLimits) GetInstanceLevel() *InstanceLevelRateLimits {
-	if x != nil {
-		return x.InstanceLevel
-	}
-	return nil
-}
-
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.InstanceLevelRateLimits
-// output=config_entry.gen.go
-// name=Structs
-type InstanceLevelRateLimits struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// mog: func-to=int func-from=uint32
-	RequestsPerSecond uint32 `protobuf:"varint,1,opt,name=RequestsPerSecond,proto3" json:"RequestsPerSecond,omitempty"`
-	// mog: func-to=int func-from=uint32
-	RequestsMaxBurst uint32                          `protobuf:"varint,2,opt,name=RequestsMaxBurst,proto3" json:"RequestsMaxBurst,omitempty"`
-	Routes           []*InstanceLevelRouteRateLimits `protobuf:"bytes,3,rep,name=Routes,proto3" json:"Routes,omitempty"`
-}
-
-func (x *InstanceLevelRateLimits) Reset() {
-	*x = InstanceLevelRateLimits{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[46]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InstanceLevelRateLimits) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InstanceLevelRateLimits) ProtoMessage() {}
-
-func (x *InstanceLevelRateLimits) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[46]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InstanceLevelRateLimits.ProtoReflect.Descriptor instead.
-func (*InstanceLevelRateLimits) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{46}
-}
-
-func (x *InstanceLevelRateLimits) GetRequestsPerSecond() uint32 {
-	if x != nil {
-		return x.RequestsPerSecond
-	}
-	return 0
-}
-
-func (x *InstanceLevelRateLimits) GetRequestsMaxBurst() uint32 {
-	if x != nil {
-		return x.RequestsMaxBurst
-	}
-	return 0
-}
-
-func (x *InstanceLevelRateLimits) GetRoutes() []*InstanceLevelRouteRateLimits {
-	if x != nil {
-		return x.Routes
-	}
-	return nil
-}
-
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.InstanceLevelRouteRateLimits
-// output=config_entry.gen.go
-// name=Structs
-type InstanceLevelRouteRateLimits struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	PathExact  string `protobuf:"bytes,1,opt,name=PathExact,proto3" json:"PathExact,omitempty"`
-	PathPrefix string `protobuf:"bytes,2,opt,name=PathPrefix,proto3" json:"PathPrefix,omitempty"`
-	PathRegex  string `protobuf:"bytes,3,opt,name=PathRegex,proto3" json:"PathRegex,omitempty"`
-	// mog: func-to=int func-from=uint32
-	RequestsPerSecond uint32 `protobuf:"varint,4,opt,name=RequestsPerSecond,proto3" json:"RequestsPerSecond,omitempty"`
-	// mog: func-to=int func-from=uint32
-	RequestsMaxBurst uint32 `protobuf:"varint,5,opt,name=RequestsMaxBurst,proto3" json:"RequestsMaxBurst,omitempty"`
-}
-
-func (x *InstanceLevelRouteRateLimits) Reset() {
-	*x = InstanceLevelRouteRateLimits{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[47]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *InstanceLevelRouteRateLimits) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*InstanceLevelRouteRateLimits) ProtoMessage() {}
-
-func (x *InstanceLevelRouteRateLimits) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[47]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use InstanceLevelRouteRateLimits.ProtoReflect.Descriptor instead.
-func (*InstanceLevelRouteRateLimits) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{47}
-}
-
-func (x *InstanceLevelRouteRateLimits) GetPathExact() string {
-	if x != nil {
-		return x.PathExact
-	}
-	return ""
-}
-
-func (x *InstanceLevelRouteRateLimits) GetPathPrefix() string {
-	if x != nil {
-		return x.PathPrefix
-	}
-	return ""
-}
-
-func (x *InstanceLevelRouteRateLimits) GetPathRegex() string {
-	if x != nil {
-		return x.PathRegex
-	}
-	return ""
-}
-
-func (x *InstanceLevelRouteRateLimits) GetRequestsPerSecond() uint32 {
-	if x != nil {
-		return x.RequestsPerSecond
-	}
-	return 0
-}
-
-func (x *InstanceLevelRouteRateLimits) GetRequestsMaxBurst() uint32 {
-	if x != nil {
-		return x.RequestsMaxBurst
-	}
-	return 0
-}
-
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.APIGatewayConfigEntry
@@ -4528,7 +4312,7 @@ type APIGateway struct {
 func (x *APIGateway) Reset() {
 	*x = APIGateway{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[48]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[45]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4541,7 +4325,7 @@ func (x *APIGateway) String() string {
 func (*APIGateway) ProtoMessage() {}
 
 func (x *APIGateway) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[48]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[45]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4554,7 +4338,7 @@ func (x *APIGateway) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use APIGateway.ProtoReflect.Descriptor instead.
 func (*APIGateway) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{48}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{45}
 }
 
 func (x *APIGateway) GetMeta() map[string]string {
@@ -4594,7 +4378,7 @@ type Status struct {
 func (x *Status) Reset() {
 	*x = Status{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[49]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[46]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4607,7 +4391,7 @@ func (x *Status) String() string {
 func (*Status) ProtoMessage() {}
 
 func (x *Status) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[49]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[46]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4620,7 +4404,7 @@ func (x *Status) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Status.ProtoReflect.Descriptor instead.
 func (*Status) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{49}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{46}
 }
 
 func (x *Status) GetConditions() []*Condition {
@@ -4652,7 +4436,7 @@ type Condition struct {
 func (x *Condition) Reset() {
 	*x = Condition{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[47]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4665,7 +4449,7 @@ func (x *Condition) String() string {
 func (*Condition) ProtoMessage() {}
 
 func (x *Condition) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[47]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4678,7 +4462,7 @@ func (x *Condition) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Condition.ProtoReflect.Descriptor instead.
 func (*Condition) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{50}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{47}
 }
 
 func (x *Condition) GetType() string {
@@ -4740,14 +4524,12 @@ type APIGatewayListener struct {
 	// mog: func-to=apiGatewayProtocolToStructs func-from=apiGatewayProtocolFromStructs
 	Protocol APIGatewayListenerProtocol  `protobuf:"varint,4,opt,name=Protocol,proto3,enum=hashicorp.consul.internal.configentry.APIGatewayListenerProtocol" json:"Protocol,omitempty"`
 	TLS      *APIGatewayTLSConfiguration `protobuf:"bytes,5,opt,name=TLS,proto3" json:"TLS,omitempty"`
-	Override *APIGatewayPolicy           `protobuf:"bytes,6,opt,name=Override,proto3" json:"Override,omitempty"`
-	Default  *APIGatewayPolicy           `protobuf:"bytes,7,opt,name=Default,proto3" json:"Default,omitempty"`
 }
 
 func (x *APIGatewayListener) Reset() {
 	*x = APIGatewayListener{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[48]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4760,7 +4542,7 @@ func (x *APIGatewayListener) String() string {
 func (*APIGatewayListener) ProtoMessage() {}
 
 func (x *APIGatewayListener) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[48]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4773,7 +4555,7 @@ func (x *APIGatewayListener) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use APIGatewayListener.ProtoReflect.Descriptor instead.
 func (*APIGatewayListener) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{51}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{48}
 }
 
 func (x *APIGatewayListener) GetName() string {
@@ -4811,20 +4593,6 @@ func (x *APIGatewayListener) GetTLS() *APIGatewayTLSConfiguration {
 	return nil
 }
 
-func (x *APIGatewayListener) GetOverride() *APIGatewayPolicy {
-	if x != nil {
-		return x.Override
-	}
-	return nil
-}
-
-func (x *APIGatewayListener) GetDefault() *APIGatewayPolicy {
-	if x != nil {
-		return x.Default
-	}
-	return nil
-}
-
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.APIGatewayTLSConfiguration
@@ -4847,7 +4615,7 @@ type APIGatewayTLSConfiguration struct {
 func (x *APIGatewayTLSConfiguration) Reset() {
 	*x = APIGatewayTLSConfiguration{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[49]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4860,7 +4628,7 @@ func (x *APIGatewayTLSConfiguration) String() string {
 func (*APIGatewayTLSConfiguration) ProtoMessage() {}
 
 func (x *APIGatewayTLSConfiguration) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[49]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4873,7 +4641,7 @@ func (x *APIGatewayTLSConfiguration) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use APIGatewayTLSConfiguration.ProtoReflect.Descriptor instead.
 func (*APIGatewayTLSConfiguration) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{52}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{49}
 }
 
 func (x *APIGatewayTLSConfiguration) GetCertificates() []*ResourceReference {
@@ -4906,35 +4674,38 @@ func (x *APIGatewayTLSConfiguration) GetCipherSuites() []string {
 
 // mog annotation:
 //
-// target=github.com/hashicorp/consul/agent/structs.APIGatewayPolicy
+// target=github.com/hashicorp/consul/agent/structs.ResourceReference
 // output=config_entry.gen.go
 // name=Structs
-type APIGatewayPolicy struct {
+type ResourceReference struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// mog: func-to=gwJWTRequirementToStructs func-from=gwJWTRequirementFromStructs
-	JWT *APIGatewayJWTRequirement `protobuf:"bytes,1,opt,name=JWT,proto3" json:"JWT,omitempty"`
+	Kind        string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"Kind,omitempty"`
+	Name        string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"`
+	SectionName string `protobuf:"bytes,3,opt,name=SectionName,proto3" json:"SectionName,omitempty"`
+	// mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs
+	EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,4,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"`
 }
 
-func (x *APIGatewayPolicy) Reset() {
-	*x = APIGatewayPolicy{}
+func (x *ResourceReference) Reset() {
+	*x = ResourceReference{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
 }
 
-func (x *APIGatewayPolicy) String() string {
+func (x *ResourceReference) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*APIGatewayPolicy) ProtoMessage() {}
+func (*ResourceReference) ProtoMessage() {}
 
-func (x *APIGatewayPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
+func (x *ResourceReference) ProtoReflect() protoreflect.Message {
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[50]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4945,271 +4716,58 @@ func (x *APIGatewayPolicy) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use APIGatewayPolicy.ProtoReflect.Descriptor instead.
-func (*APIGatewayPolicy) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{53}
+// Deprecated: Use ResourceReference.ProtoReflect.Descriptor instead.
+func (*ResourceReference) Descriptor() ([]byte, []int) {
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{50}
 }
 
-func (x *APIGatewayPolicy) GetJWT() *APIGatewayJWTRequirement {
+func (x *ResourceReference) GetKind() string {
 	if x != nil {
-		return x.JWT
+		return x.Kind
+	}
+	return ""
+}
+
+func (x *ResourceReference) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *ResourceReference) GetSectionName() string {
+	if x != nil {
+		return x.SectionName
+	}
+	return ""
+}
+
+func (x *ResourceReference) GetEnterpriseMeta() *pbcommon.EnterpriseMeta {
+	if x != nil {
+		return x.EnterpriseMeta
 	}
 	return nil
 }
 
-type APIGatewayJWTRequirement struct {
+// mog annotation:
+//
+// target=github.com/hashicorp/consul/agent/structs.BoundAPIGatewayConfigEntry
+// output=config_entry.gen.go
+// name=Structs
+// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
+type BoundAPIGateway struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Providers []*APIGatewayJWTProvider `protobuf:"bytes,1,rep,name=Providers,proto3" json:"Providers,omitempty"`
+	Meta      map[string]string          `protobuf:"bytes,1,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	Listeners []*BoundAPIGatewayListener `protobuf:"bytes,2,rep,name=Listeners,proto3" json:"Listeners,omitempty"`
 }
 
-func (x *APIGatewayJWTRequirement) Reset() {
-	*x = APIGatewayJWTRequirement{}
+func (x *BoundAPIGateway) Reset() {
+	*x = BoundAPIGateway{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *APIGatewayJWTRequirement) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*APIGatewayJWTRequirement) ProtoMessage() {}
-
-func (x *APIGatewayJWTRequirement) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use APIGatewayJWTRequirement.ProtoReflect.Descriptor instead.
-func (*APIGatewayJWTRequirement) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{54}
-}
-
-func (x *APIGatewayJWTRequirement) GetProviders() []*APIGatewayJWTProvider {
-	if x != nil {
-		return x.Providers
-	}
-	return nil
-}
-
-type APIGatewayJWTProvider struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name         string                            `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
-	VerifyClaims []*APIGatewayJWTClaimVerification `protobuf:"bytes,2,rep,name=VerifyClaims,proto3" json:"VerifyClaims,omitempty"`
-}
-
-func (x *APIGatewayJWTProvider) Reset() {
-	*x = APIGatewayJWTProvider{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *APIGatewayJWTProvider) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*APIGatewayJWTProvider) ProtoMessage() {}
-
-func (x *APIGatewayJWTProvider) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use APIGatewayJWTProvider.ProtoReflect.Descriptor instead.
-func (*APIGatewayJWTProvider) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{55}
-}
-
-func (x *APIGatewayJWTProvider) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *APIGatewayJWTProvider) GetVerifyClaims() []*APIGatewayJWTClaimVerification {
-	if x != nil {
-		return x.VerifyClaims
-	}
-	return nil
-}
-
-type APIGatewayJWTClaimVerification struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Path  []string `protobuf:"bytes,1,rep,name=Path,proto3" json:"Path,omitempty"`
-	Value string   `protobuf:"bytes,2,opt,name=Value,proto3" json:"Value,omitempty"`
-}
-
-func (x *APIGatewayJWTClaimVerification) Reset() {
-	*x = APIGatewayJWTClaimVerification{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *APIGatewayJWTClaimVerification) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*APIGatewayJWTClaimVerification) ProtoMessage() {}
-
-func (x *APIGatewayJWTClaimVerification) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use APIGatewayJWTClaimVerification.ProtoReflect.Descriptor instead.
-func (*APIGatewayJWTClaimVerification) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{56}
-}
-
-func (x *APIGatewayJWTClaimVerification) GetPath() []string {
-	if x != nil {
-		return x.Path
-	}
-	return nil
-}
-
-func (x *APIGatewayJWTClaimVerification) GetValue() string {
-	if x != nil {
-		return x.Value
-	}
-	return ""
-}
-
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.ResourceReference
-// output=config_entry.gen.go
-// name=Structs
-type ResourceReference struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Kind        string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"Kind,omitempty"`
-	Name        string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"`
-	SectionName string `protobuf:"bytes,3,opt,name=SectionName,proto3" json:"SectionName,omitempty"`
-	// mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs
-	EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,4,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"`
-}
-
-func (x *ResourceReference) Reset() {
-	*x = ResourceReference{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ResourceReference) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ResourceReference) ProtoMessage() {}
-
-func (x *ResourceReference) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ResourceReference.ProtoReflect.Descriptor instead.
-func (*ResourceReference) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{57}
-}
-
-func (x *ResourceReference) GetKind() string {
-	if x != nil {
-		return x.Kind
-	}
-	return ""
-}
-
-func (x *ResourceReference) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *ResourceReference) GetSectionName() string {
-	if x != nil {
-		return x.SectionName
-	}
-	return ""
-}
-
-func (x *ResourceReference) GetEnterpriseMeta() *pbcommon.EnterpriseMeta {
-	if x != nil {
-		return x.EnterpriseMeta
-	}
-	return nil
-}
-
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.BoundAPIGatewayConfigEntry
-// output=config_entry.gen.go
-// name=Structs
-// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
-type BoundAPIGateway struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Meta      map[string]string          `protobuf:"bytes,1,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	Listeners []*BoundAPIGatewayListener `protobuf:"bytes,2,rep,name=Listeners,proto3" json:"Listeners,omitempty"`
-}
-
-func (x *BoundAPIGateway) Reset() {
-	*x = BoundAPIGateway{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5222,7 +4780,7 @@ func (x *BoundAPIGateway) String() string {
 func (*BoundAPIGateway) ProtoMessage() {}
 
 func (x *BoundAPIGateway) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[51]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5235,7 +4793,7 @@ func (x *BoundAPIGateway) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use BoundAPIGateway.ProtoReflect.Descriptor instead.
 func (*BoundAPIGateway) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{58}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{51}
 }
 
 func (x *BoundAPIGateway) GetMeta() map[string]string {
@@ -5270,7 +4828,7 @@ type BoundAPIGatewayListener struct {
 func (x *BoundAPIGatewayListener) Reset() {
 	*x = BoundAPIGatewayListener{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5283,7 +4841,7 @@ func (x *BoundAPIGatewayListener) String() string {
 func (*BoundAPIGatewayListener) ProtoMessage() {}
 
 func (x *BoundAPIGatewayListener) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[52]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5296,7 +4854,7 @@ func (x *BoundAPIGatewayListener) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use BoundAPIGatewayListener.ProtoReflect.Descriptor instead.
 func (*BoundAPIGatewayListener) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{59}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{52}
 }
 
 func (x *BoundAPIGatewayListener) GetName() string {
@@ -5339,7 +4897,7 @@ type InlineCertificate struct {
 func (x *InlineCertificate) Reset() {
 	*x = InlineCertificate{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5352,7 +4910,7 @@ func (x *InlineCertificate) String() string {
 func (*InlineCertificate) ProtoMessage() {}
 
 func (x *InlineCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[53]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5365,7 +4923,7 @@ func (x *InlineCertificate) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use InlineCertificate.ProtoReflect.Descriptor instead.
 func (*InlineCertificate) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{60}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{53}
 }
 
 func (x *InlineCertificate) GetMeta() map[string]string {
@@ -5410,7 +4968,7 @@ type HTTPRoute struct {
 func (x *HTTPRoute) Reset() {
 	*x = HTTPRoute{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5423,7 +4981,7 @@ func (x *HTTPRoute) String() string {
 func (*HTTPRoute) ProtoMessage() {}
 
 func (x *HTTPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[54]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5436,7 +4994,7 @@ func (x *HTTPRoute) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPRoute.ProtoReflect.Descriptor instead.
 func (*HTTPRoute) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{61}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{54}
 }
 
 func (x *HTTPRoute) GetMeta() map[string]string {
@@ -5492,7 +5050,7 @@ type HTTPRouteRule struct {
 func (x *HTTPRouteRule) Reset() {
 	*x = HTTPRouteRule{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5505,7 +5063,7 @@ func (x *HTTPRouteRule) String() string {
 func (*HTTPRouteRule) ProtoMessage() {}
 
 func (x *HTTPRouteRule) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[55]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5518,7 +5076,7 @@ func (x *HTTPRouteRule) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPRouteRule.ProtoReflect.Descriptor instead.
 func (*HTTPRouteRule) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{62}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{55}
 }
 
 func (x *HTTPRouteRule) GetFilters() *HTTPFilters {
@@ -5562,7 +5120,7 @@ type HTTPMatch struct {
 func (x *HTTPMatch) Reset() {
 	*x = HTTPMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5575,7 +5133,7 @@ func (x *HTTPMatch) String() string {
 func (*HTTPMatch) ProtoMessage() {}
 
 func (x *HTTPMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[56]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5588,7 +5146,7 @@ func (x *HTTPMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPMatch.ProtoReflect.Descriptor instead.
 func (*HTTPMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{63}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{56}
 }
 
 func (x *HTTPMatch) GetHeaders() []*HTTPHeaderMatch {
@@ -5638,7 +5196,7 @@ type HTTPHeaderMatch struct {
 func (x *HTTPHeaderMatch) Reset() {
 	*x = HTTPHeaderMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5651,7 +5209,7 @@ func (x *HTTPHeaderMatch) String() string {
 func (*HTTPHeaderMatch) ProtoMessage() {}
 
 func (x *HTTPHeaderMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[57]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5664,7 +5222,7 @@ func (x *HTTPHeaderMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPHeaderMatch.ProtoReflect.Descriptor instead.
 func (*HTTPHeaderMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{64}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{57}
 }
 
 func (x *HTTPHeaderMatch) GetMatch() HTTPHeaderMatchType {
@@ -5706,7 +5264,7 @@ type HTTPPathMatch struct {
 func (x *HTTPPathMatch) Reset() {
 	*x = HTTPPathMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5719,7 +5277,7 @@ func (x *HTTPPathMatch) String() string {
 func (*HTTPPathMatch) ProtoMessage() {}
 
 func (x *HTTPPathMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[58]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5732,7 +5290,7 @@ func (x *HTTPPathMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPPathMatch.ProtoReflect.Descriptor instead.
 func (*HTTPPathMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{65}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{58}
 }
 
 func (x *HTTPPathMatch) GetMatch() HTTPPathMatchType {
@@ -5768,7 +5326,7 @@ type HTTPQueryMatch struct {
 func (x *HTTPQueryMatch) Reset() {
 	*x = HTTPQueryMatch{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5781,7 +5339,7 @@ func (x *HTTPQueryMatch) String() string {
 func (*HTTPQueryMatch) ProtoMessage() {}
 
 func (x *HTTPQueryMatch) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[59]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5794,7 +5352,7 @@ func (x *HTTPQueryMatch) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPQueryMatch.ProtoReflect.Descriptor instead.
 func (*HTTPQueryMatch) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{66}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{59}
 }
 
 func (x *HTTPQueryMatch) GetMatch() HTTPQueryMatchType {
@@ -5828,18 +5386,14 @@ type HTTPFilters struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Headers       []*HTTPHeaderFilter `protobuf:"bytes,1,rep,name=Headers,proto3" json:"Headers,omitempty"`
-	URLRewrite    *URLRewrite         `protobuf:"bytes,2,opt,name=URLRewrite,proto3" json:"URLRewrite,omitempty"`
-	RetryFilter   *RetryFilter        `protobuf:"bytes,3,opt,name=RetryFilter,proto3" json:"RetryFilter,omitempty"`
-	TimeoutFilter *TimeoutFilter      `protobuf:"bytes,4,opt,name=TimeoutFilter,proto3" json:"TimeoutFilter,omitempty"`
-	// mog: func-to=routeJWTFilterToStructs func-from=routeJWTFilterFromStructs
-	JWT *JWTFilter `protobuf:"bytes,5,opt,name=JWT,proto3" json:"JWT,omitempty"`
+	Headers    []*HTTPHeaderFilter `protobuf:"bytes,1,rep,name=Headers,proto3" json:"Headers,omitempty"`
+	URLRewrite *URLRewrite         `protobuf:"bytes,2,opt,name=URLRewrite,proto3" json:"URLRewrite,omitempty"`
 }
 
 func (x *HTTPFilters) Reset() {
 	*x = HTTPFilters{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5852,7 +5406,7 @@ func (x *HTTPFilters) String() string {
 func (*HTTPFilters) ProtoMessage() {}
 
 func (x *HTTPFilters) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[60]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5865,7 +5419,7 @@ func (x *HTTPFilters) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPFilters.ProtoReflect.Descriptor instead.
 func (*HTTPFilters) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{67}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{60}
 }
 
 func (x *HTTPFilters) GetHeaders() []*HTTPHeaderFilter {
@@ -5882,27 +5436,6 @@ func (x *HTTPFilters) GetURLRewrite() *URLRewrite {
 	return nil
 }
 
-func (x *HTTPFilters) GetRetryFilter() *RetryFilter {
-	if x != nil {
-		return x.RetryFilter
-	}
-	return nil
-}
-
-func (x *HTTPFilters) GetTimeoutFilter() *TimeoutFilter {
-	if x != nil {
-		return x.TimeoutFilter
-	}
-	return nil
-}
-
-func (x *HTTPFilters) GetJWT() *JWTFilter {
-	if x != nil {
-		return x.JWT
-	}
-	return nil
-}
-
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.URLRewrite
@@ -5919,7 +5452,7 @@ type URLRewrite struct {
 func (x *URLRewrite) Reset() {
 	*x = URLRewrite{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -5932,7 +5465,7 @@ func (x *URLRewrite) String() string {
 func (*URLRewrite) ProtoMessage() {}
 
 func (x *URLRewrite) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[61]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -5945,7 +5478,7 @@ func (x *URLRewrite) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use URLRewrite.ProtoReflect.Descriptor instead.
 func (*URLRewrite) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{68}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{61}
 }
 
 func (x *URLRewrite) GetPath() string {
@@ -5955,191 +5488,6 @@ func (x *URLRewrite) GetPath() string {
 	return ""
 }
 
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.RetryFilter
-// output=config_entry.gen.go
-// name=Structs
-type RetryFilter struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	NumRetries            uint32   `protobuf:"varint,1,opt,name=NumRetries,proto3" json:"NumRetries,omitempty"`
-	RetryOn               []string `protobuf:"bytes,2,rep,name=RetryOn,proto3" json:"RetryOn,omitempty"`
-	RetryOnStatusCodes    []uint32 `protobuf:"varint,3,rep,packed,name=RetryOnStatusCodes,proto3" json:"RetryOnStatusCodes,omitempty"`
-	RetryOnConnectFailure bool     `protobuf:"varint,4,opt,name=RetryOnConnectFailure,proto3" json:"RetryOnConnectFailure,omitempty"`
-}
-
-func (x *RetryFilter) Reset() {
-	*x = RetryFilter{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RetryFilter) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RetryFilter) ProtoMessage() {}
-
-func (x *RetryFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RetryFilter.ProtoReflect.Descriptor instead.
-func (*RetryFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{69}
-}
-
-func (x *RetryFilter) GetNumRetries() uint32 {
-	if x != nil {
-		return x.NumRetries
-	}
-	return 0
-}
-
-func (x *RetryFilter) GetRetryOn() []string {
-	if x != nil {
-		return x.RetryOn
-	}
-	return nil
-}
-
-func (x *RetryFilter) GetRetryOnStatusCodes() []uint32 {
-	if x != nil {
-		return x.RetryOnStatusCodes
-	}
-	return nil
-}
-
-func (x *RetryFilter) GetRetryOnConnectFailure() bool {
-	if x != nil {
-		return x.RetryOnConnectFailure
-	}
-	return false
-}
-
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.TimeoutFilter
-// output=config_entry.gen.go
-// name=Structs
-type TimeoutFilter struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
-	RequestTimeout *durationpb.Duration `protobuf:"bytes,1,opt,name=RequestTimeout,proto3" json:"RequestTimeout,omitempty"`
-	// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
-	IdleTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=IdleTimeout,proto3" json:"IdleTimeout,omitempty"`
-}
-
-func (x *TimeoutFilter) Reset() {
-	*x = TimeoutFilter{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TimeoutFilter) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TimeoutFilter) ProtoMessage() {}
-
-func (x *TimeoutFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TimeoutFilter.ProtoReflect.Descriptor instead.
-func (*TimeoutFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{70}
-}
-
-func (x *TimeoutFilter) GetRequestTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.RequestTimeout
-	}
-	return nil
-}
-
-func (x *TimeoutFilter) GetIdleTimeout() *durationpb.Duration {
-	if x != nil {
-		return x.IdleTimeout
-	}
-	return nil
-}
-
-type JWTFilter struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Providers []*APIGatewayJWTProvider `protobuf:"bytes,1,rep,name=Providers,proto3" json:"Providers,omitempty"`
-}
-
-func (x *JWTFilter) Reset() {
-	*x = JWTFilter{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *JWTFilter) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*JWTFilter) ProtoMessage() {}
-
-func (x *JWTFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use JWTFilter.ProtoReflect.Descriptor instead.
-func (*JWTFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{71}
-}
-
-func (x *JWTFilter) GetProviders() []*APIGatewayJWTProvider {
-	if x != nil {
-		return x.Providers
-	}
-	return nil
-}
-
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.HTTPHeaderFilter
@@ -6158,7 +5506,7 @@ type HTTPHeaderFilter struct {
 func (x *HTTPHeaderFilter) Reset() {
 	*x = HTTPHeaderFilter{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6171,7 +5519,7 @@ func (x *HTTPHeaderFilter) String() string {
 func (*HTTPHeaderFilter) ProtoMessage() {}
 
 func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[62]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6184,7 +5532,7 @@ func (x *HTTPHeaderFilter) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPHeaderFilter.ProtoReflect.Descriptor instead.
 func (*HTTPHeaderFilter) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{62}
 }
 
 func (x *HTTPHeaderFilter) GetAdd() map[string]string {
@@ -6229,7 +5577,7 @@ type HTTPService struct {
 func (x *HTTPService) Reset() {
 	*x = HTTPService{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6242,7 +5590,7 @@ func (x *HTTPService) String() string {
 func (*HTTPService) ProtoMessage() {}
 
 func (x *HTTPService) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[63]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6255,7 +5603,7 @@ func (x *HTTPService) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HTTPService.ProtoReflect.Descriptor instead.
 func (*HTTPService) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{63}
 }
 
 func (x *HTTPService) GetName() string {
@@ -6306,7 +5654,7 @@ type TCPRoute struct {
 func (x *TCPRoute) Reset() {
 	*x = TCPRoute{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6319,7 +5667,7 @@ func (x *TCPRoute) String() string {
 func (*TCPRoute) ProtoMessage() {}
 
 func (x *TCPRoute) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[64]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6332,7 +5680,7 @@ func (x *TCPRoute) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TCPRoute.ProtoReflect.Descriptor instead.
 func (*TCPRoute) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{64}
 }
 
 func (x *TCPRoute) GetMeta() map[string]string {
@@ -6381,7 +5729,7 @@ type TCPService struct {
 func (x *TCPService) Reset() {
 	*x = TCPService{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6394,7 +5742,7 @@ func (x *TCPService) String() string {
 func (*TCPService) ProtoMessage() {}
 
 func (x *TCPService) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[65]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6407,7 +5755,7 @@ func (x *TCPService) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TCPService.ProtoReflect.Descriptor instead.
 func (*TCPService) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{65}
 }
 
 func (x *TCPService) GetName() string {
@@ -6447,7 +5795,7 @@ type SamenessGroup struct {
 func (x *SamenessGroup) Reset() {
 	*x = SamenessGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6460,7 +5808,7 @@ func (x *SamenessGroup) String() string {
 func (*SamenessGroup) ProtoMessage() {}
 
 func (x *SamenessGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[66]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6473,7 +5821,7 @@ func (x *SamenessGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SamenessGroup.ProtoReflect.Descriptor instead.
 func (*SamenessGroup) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{66}
 }
 
 func (x *SamenessGroup) GetName() string {
@@ -6535,7 +5883,7 @@ type SamenessGroupMember struct {
 func (x *SamenessGroupMember) Reset() {
 	*x = SamenessGroupMember{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6548,7 +5896,7 @@ func (x *SamenessGroupMember) String() string {
 func (*SamenessGroupMember) ProtoMessage() {}
 
 func (x *SamenessGroupMember) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[67]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6561,7 +5909,7 @@ func (x *SamenessGroupMember) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SamenessGroupMember.ProtoReflect.Descriptor instead.
 func (*SamenessGroupMember) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{67}
 }
 
 func (x *SamenessGroupMember) GetPartition() string {
@@ -6603,7 +5951,7 @@ type JWTProvider struct {
 func (x *JWTProvider) Reset() {
 	*x = JWTProvider{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6616,7 +5964,7 @@ func (x *JWTProvider) String() string {
 func (*JWTProvider) ProtoMessage() {}
 
 func (x *JWTProvider) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[68]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6629,7 +5977,7 @@ func (x *JWTProvider) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTProvider.ProtoReflect.Descriptor instead.
 func (*JWTProvider) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{68}
 }
 
 func (x *JWTProvider) GetJSONWebKeySet() *JSONWebKeySet {
@@ -6705,7 +6053,7 @@ type JSONWebKeySet struct {
 func (x *JSONWebKeySet) Reset() {
 	*x = JSONWebKeySet{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6718,7 +6066,7 @@ func (x *JSONWebKeySet) String() string {
 func (*JSONWebKeySet) ProtoMessage() {}
 
 func (x *JSONWebKeySet) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[69]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6731,7 +6079,7 @@ func (x *JSONWebKeySet) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JSONWebKeySet.ProtoReflect.Descriptor instead.
 func (*JSONWebKeySet) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{69}
 }
 
 func (x *JSONWebKeySet) GetLocal() *LocalJWKS {
@@ -6765,7 +6113,7 @@ type LocalJWKS struct {
 func (x *LocalJWKS) Reset() {
 	*x = LocalJWKS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6778,7 +6126,7 @@ func (x *LocalJWKS) String() string {
 func (*LocalJWKS) ProtoMessage() {}
 
 func (x *LocalJWKS) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[70]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6791,7 +6139,7 @@ func (x *LocalJWKS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LocalJWKS.ProtoReflect.Descriptor instead.
 func (*LocalJWKS) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{80}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{70}
 }
 
 func (x *LocalJWKS) GetJWKS() string {
@@ -6831,7 +6179,7 @@ type RemoteJWKS struct {
 func (x *RemoteJWKS) Reset() {
 	*x = RemoteJWKS{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6844,7 +6192,7 @@ func (x *RemoteJWKS) String() string {
 func (*RemoteJWKS) ProtoMessage() {}
 
 func (x *RemoteJWKS) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[71]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6857,7 +6205,7 @@ func (x *RemoteJWKS) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RemoteJWKS.ProtoReflect.Descriptor instead.
 func (*RemoteJWKS) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{81}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{71}
 }
 
 func (x *RemoteJWKS) GetURI() string {
@@ -6921,7 +6269,7 @@ type JWKSCluster struct {
 func (x *JWKSCluster) Reset() {
 	*x = JWKSCluster{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -6934,7 +6282,7 @@ func (x *JWKSCluster) String() string {
 func (*JWKSCluster) ProtoMessage() {}
 
 func (x *JWKSCluster) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[72]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -6947,7 +6295,7 @@ func (x *JWKSCluster) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSCluster.ProtoReflect.Descriptor instead.
 func (*JWKSCluster) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{82}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{72}
 }
 
 func (x *JWKSCluster) GetDiscoveryType() string {
@@ -6988,7 +6336,7 @@ type JWKSTLSCertificate struct {
 func (x *JWKSTLSCertificate) Reset() {
 	*x = JWKSTLSCertificate{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7001,7 +6349,7 @@ func (x *JWKSTLSCertificate) String() string {
 func (*JWKSTLSCertificate) ProtoMessage() {}
 
 func (x *JWKSTLSCertificate) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[73]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7014,7 +6362,7 @@ func (x *JWKSTLSCertificate) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertificate.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertificate) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{83}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{73}
 }
 
 func (x *JWKSTLSCertificate) GetCaCertificateProviderInstance() *JWKSTLSCertProviderInstance {
@@ -7048,7 +6396,7 @@ type JWKSTLSCertProviderInstance struct {
 func (x *JWKSTLSCertProviderInstance) Reset() {
 	*x = JWKSTLSCertProviderInstance{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7061,7 +6409,7 @@ func (x *JWKSTLSCertProviderInstance) String() string {
 func (*JWKSTLSCertProviderInstance) ProtoMessage() {}
 
 func (x *JWKSTLSCertProviderInstance) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[84]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[74]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7074,7 +6422,7 @@ func (x *JWKSTLSCertProviderInstance) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertProviderInstance.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertProviderInstance) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{84}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{74}
 }
 
 func (x *JWKSTLSCertProviderInstance) GetInstanceName() string {
@@ -7110,7 +6458,7 @@ type JWKSTLSCertTrustedCA struct {
 func (x *JWKSTLSCertTrustedCA) Reset() {
 	*x = JWKSTLSCertTrustedCA{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7123,7 +6471,7 @@ func (x *JWKSTLSCertTrustedCA) String() string {
 func (*JWKSTLSCertTrustedCA) ProtoMessage() {}
 
 func (x *JWKSTLSCertTrustedCA) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[85]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[75]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7136,7 +6484,7 @@ func (x *JWKSTLSCertTrustedCA) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSTLSCertTrustedCA.ProtoReflect.Descriptor instead.
 func (*JWKSTLSCertTrustedCA) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{85}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{75}
 }
 
 func (x *JWKSTLSCertTrustedCA) GetFilename() string {
@@ -7185,7 +6533,7 @@ type JWKSRetryPolicy struct {
 func (x *JWKSRetryPolicy) Reset() {
 	*x = JWKSRetryPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7198,7 +6546,7 @@ func (x *JWKSRetryPolicy) String() string {
 func (*JWKSRetryPolicy) ProtoMessage() {}
 
 func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[86]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[76]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7211,7 +6559,7 @@ func (x *JWKSRetryPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWKSRetryPolicy.ProtoReflect.Descriptor instead.
 func (*JWKSRetryPolicy) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{86}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{76}
 }
 
 func (x *JWKSRetryPolicy) GetNumRetries() int32 {
@@ -7247,7 +6595,7 @@ type RetryPolicyBackOff struct {
 func (x *RetryPolicyBackOff) Reset() {
 	*x = RetryPolicyBackOff{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7260,7 +6608,7 @@ func (x *RetryPolicyBackOff) String() string {
 func (*RetryPolicyBackOff) ProtoMessage() {}
 
 func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[87]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[77]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7273,7 +6621,7 @@ func (x *RetryPolicyBackOff) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RetryPolicyBackOff.ProtoReflect.Descriptor instead.
 func (*RetryPolicyBackOff) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{87}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{77}
 }
 
 func (x *RetryPolicyBackOff) GetBaseInterval() *durationpb.Duration {
@@ -7308,7 +6656,7 @@ type JWTLocation struct {
 func (x *JWTLocation) Reset() {
 	*x = JWTLocation{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7321,7 +6669,7 @@ func (x *JWTLocation) String() string {
 func (*JWTLocation) ProtoMessage() {}
 
 func (x *JWTLocation) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[88]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[78]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7334,7 +6682,7 @@ func (x *JWTLocation) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocation.ProtoReflect.Descriptor instead.
 func (*JWTLocation) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{88}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{78}
 }
 
 func (x *JWTLocation) GetHeader() *JWTLocationHeader {
@@ -7376,7 +6724,7 @@ type JWTLocationHeader struct {
 func (x *JWTLocationHeader) Reset() {
 	*x = JWTLocationHeader{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7389,7 +6737,7 @@ func (x *JWTLocationHeader) String() string {
 func (*JWTLocationHeader) ProtoMessage() {}
 
 func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[89]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[79]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7402,7 +6750,7 @@ func (x *JWTLocationHeader) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationHeader.ProtoReflect.Descriptor instead.
 func (*JWTLocationHeader) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{89}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{79}
 }
 
 func (x *JWTLocationHeader) GetName() string {
@@ -7442,7 +6790,7 @@ type JWTLocationQueryParam struct {
 func (x *JWTLocationQueryParam) Reset() {
 	*x = JWTLocationQueryParam{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[90]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7455,7 +6803,7 @@ func (x *JWTLocationQueryParam) String() string {
 func (*JWTLocationQueryParam) ProtoMessage() {}
 
 func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[90]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[80]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7468,7 +6816,7 @@ func (x *JWTLocationQueryParam) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationQueryParam.ProtoReflect.Descriptor instead.
 func (*JWTLocationQueryParam) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{90}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{80}
 }
 
 func (x *JWTLocationQueryParam) GetName() string {
@@ -7494,7 +6842,7 @@ type JWTLocationCookie struct {
 func (x *JWTLocationCookie) Reset() {
 	*x = JWTLocationCookie{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[91]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7507,7 +6855,7 @@ func (x *JWTLocationCookie) String() string {
 func (*JWTLocationCookie) ProtoMessage() {}
 
 func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[91]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[81]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7520,7 +6868,7 @@ func (x *JWTLocationCookie) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTLocationCookie.ProtoReflect.Descriptor instead.
 func (*JWTLocationCookie) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{91}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{81}
 }
 
 func (x *JWTLocationCookie) GetName() string {
@@ -7547,7 +6895,7 @@ type JWTForwardingConfig struct {
 func (x *JWTForwardingConfig) Reset() {
 	*x = JWTForwardingConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[92]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7560,7 +6908,7 @@ func (x *JWTForwardingConfig) String() string {
 func (*JWTForwardingConfig) ProtoMessage() {}
 
 func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[92]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[82]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7573,7 +6921,7 @@ func (x *JWTForwardingConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTForwardingConfig.ProtoReflect.Descriptor instead.
 func (*JWTForwardingConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{92}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{82}
 }
 
 func (x *JWTForwardingConfig) GetHeaderName() string {
@@ -7607,7 +6955,7 @@ type JWTCacheConfig struct {
 func (x *JWTCacheConfig) Reset() {
 	*x = JWTCacheConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[93]
+		mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7620,7 +6968,7 @@ func (x *JWTCacheConfig) String() string {
 func (*JWTCacheConfig) ProtoMessage() {}
 
 func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[93]
+	mi := &file_private_pbconfigentry_config_entry_proto_msgTypes[83]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7633,7 +6981,7 @@ func (x *JWTCacheConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use JWTCacheConfig.ProtoReflect.Descriptor instead.
 func (*JWTCacheConfig) Descriptor() ([]byte, []int) {
-	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{93}
+	return file_private_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{83}
 }
 
 func (x *JWTCacheConfig) GetSize() int32 {
@@ -8297,7 +7645,7 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x06, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x12, 0x14, 0x0a, 0x05, 0x52, 0x65, 0x67, 0x65, 0x78,
 	0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x52, 0x65, 0x67, 0x65, 0x78, 0x12, 0x16, 0x0a,
 	0x06, 0x49, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x49,
-	0x6e, 0x76, 0x65, 0x72, 0x74, 0x22, 0xe5, 0x09, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x6e, 0x76, 0x65, 0x72, 0x74, 0x22, 0x92, 0x09, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
 	0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f,
 	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f,
 	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x44, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20,
@@ -8350,881 +7698,761 @@ var file_private_pbconfigentry_config_entry_proto_rawDesc = []byte{
 	0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
 	0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x19, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63,
 	0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x12, 0x51, 0x0a, 0x0a, 0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74,
-	0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x52, 0x0a, 0x52, 0x61, 0x74, 0x65,
-	0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x54, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0d,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x2e, 0x4d, 0x65, 0x74,
-	0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x5a, 0x0a, 0x0f,
-	0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18,
-	0x0e, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78,
-	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78,
-	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75,
-	0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0e, 0x32,
-	0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c,
-	0x53, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53,
-	0x4d, 0x6f, 0x64, 0x65, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
-	0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x74, 0x0a,
-	0x16, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78,
-	0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f,
-	0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x44,
-	0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x0e, 0x44, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63,
-	0x74, 0x6c, 0x79, 0x22, 0x5f, 0x0a, 0x11, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77,
-	0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4a, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d,
-	0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04,
-	0x4d, 0x6f, 0x64, 0x65, 0x22, 0x6f, 0x0a, 0x0c, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x12, 0x16, 0x0a, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x12, 0x47, 0x0a, 0x05,
-	0x50, 0x61, 0x74, 0x68, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74, 0x68, 0x52, 0x05,
-	0x50, 0x61, 0x74, 0x68, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0a, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65,
-	0x50, 0x61, 0x74, 0x68, 0x12, 0x22, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
-	0x50, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x4c, 0x69, 0x73, 0x74,
-	0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x24, 0x0a, 0x0d,
-	0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f,
-	0x72, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x28,
-	0x0a, 0x0f, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x65, 0x63,
-	0x6b, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x46,
-	0x72, 0x6f, 0x6d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x22, 0xbf, 0x01, 0x0a, 0x15, 0x55, 0x70, 0x73,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x53, 0x0a, 0x09, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x18,
-	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x09, 0x4f, 0x76,
-	0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x12, 0x51, 0x0a, 0x08, 0x44, 0x65, 0x66, 0x61, 0x75,
-	0x6c, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x52, 0x08, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x22, 0x8a, 0x05, 0x0a, 0x0e, 0x55,
-	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a,
-	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d,
-	0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d,
-	0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74,
-	0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74,
-	0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2c, 0x0a, 0x11, 0x45,
-	0x6e, 0x76, 0x6f, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x4c, 0x69, 0x73,
-	0x74, 0x65, 0x6e, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x2a, 0x0a, 0x10, 0x45, 0x6e, 0x76,
-	0x6f, 0x79, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x10, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65,
-	0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
-	0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
-	0x6c, 0x12, 0x2a, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65,
-	0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x12, 0x4d, 0x0a,
-	0x06, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69,
-	0x6d, 0x69, 0x74, 0x73, 0x52, 0x06, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x69, 0x0a, 0x12,
-	0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65,
-	0x63, 0x6b, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68,
-	0x65, 0x63, 0x6b, 0x52, 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c,
-	0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x5a, 0x0a, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47,
-	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68,
+	0x6f, 0x6e, 0x73, 0x12, 0x54, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0d, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x5a, 0x0a, 0x0f, 0x45, 0x6e, 0x76,
+	0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0e, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54,
+	0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x68,
 	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
 	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65,
-	0x77, 0x61, 0x79, 0x12, 0x3e, 0x0a, 0x1a, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75,
-	0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65,
-	0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x22, 0x9e, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74,
-	0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x4d, 0x61,
-	0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x05, 0x52, 0x0e, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x12, 0x2e, 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12,
-	0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x73, 0x12, 0x34, 0x0a, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72,
-	0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x05, 0x52, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0x9e, 0x02, 0x0a, 0x12, 0x50, 0x61, 0x73,
-	0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12,
-	0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e,
-	0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x46, 0x61, 0x69,
-	0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x4d, 0x61, 0x78,
-	0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x17, 0x45, 0x6e, 0x66, 0x6f,
-	0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65,
-	0x35, 0x78, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x45, 0x6e, 0x66, 0x6f, 0x72,
-	0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35,
-	0x78, 0x78, 0x12, 0x2e, 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x12,
-	0x4d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65,
-	0x6e, 0x74, 0x12, 0x45, 0x0a, 0x10, 0x42, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x42, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x45, 0x0a, 0x11, 0x44, 0x65, 0x73,
-	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1c,
-	0x0a, 0x09, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
-	0x09, 0x52, 0x09, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04,
-	0x50, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74,
-	0x22, 0x72, 0x0a, 0x0a, 0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x64,
-	0x0a, 0x0d, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e,
-	0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x61, 0x74, 0x65, 0x4c,
-	0x69, 0x6d, 0x69, 0x74, 0x73, 0x52, 0x0d, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4c,
-	0x65, 0x76, 0x65, 0x6c, 0x22, 0xd0, 0x01, 0x0a, 0x17, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63,
-	0x65, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73,
-	0x12, 0x2c, 0x0a, 0x11, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x50, 0x65, 0x72, 0x53,
-	0x65, 0x63, 0x6f, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x73, 0x50, 0x65, 0x72, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x12, 0x2a,
-	0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x4d, 0x61, 0x78, 0x42, 0x75, 0x72,
-	0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x73, 0x4d, 0x61, 0x78, 0x42, 0x75, 0x72, 0x73, 0x74, 0x12, 0x5b, 0x0a, 0x06, 0x52, 0x6f,
-	0x75, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x2e, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4c, 0x65, 0x76, 0x65, 0x6c,
-	0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x52,
-	0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0xd4, 0x01, 0x0a, 0x1c, 0x49, 0x6e, 0x73, 0x74,
-	0x61, 0x6e, 0x63, 0x65, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x61,
-	0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68,
-	0x45, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x74,
-	0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x61, 0x74, 0x68, 0x50, 0x72,
-	0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x50, 0x61, 0x74, 0x68,
-	0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68, 0x52, 0x65,
-	0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x74, 0x68, 0x52,
-	0x65, 0x67, 0x65, 0x78, 0x12, 0x2c, 0x0a, 0x11, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73,
-	0x50, 0x65, 0x72, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52,
-	0x11, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x50, 0x65, 0x72, 0x53, 0x65, 0x63, 0x6f,
-	0x6e, 0x64, 0x12, 0x2a, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x4d, 0x61,
-	0x78, 0x42, 0x75, 0x72, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x10, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x4d, 0x61, 0x78, 0x42, 0x75, 0x72, 0x73, 0x74, 0x22, 0xb6,
-	0x02, 0x0a, 0x0a, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x4f, 0x0a,
-	0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x4d,
-	0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x57,
-	0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74,
-	0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69,
-	0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x37,
-	0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b,
-	0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a,
-	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x5a, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x12, 0x50, 0x0a, 0x0a, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
-	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x6f,
-	0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x22, 0x8b, 0x02, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f,
-	0x6e, 0x12, 0x12, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a,
-	0x06, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x52,
-	0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12,
-	0x54, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72,
-	0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x08, 0x52, 0x65, 0x73,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x4a, 0x0a, 0x12, 0x4c, 0x61, 0x73, 0x74, 0x54, 0x72, 0x61,
-	0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x12, 0x4c,
-	0x61, 0x73, 0x74, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d,
-	0x65, 0x22, 0xb4, 0x03, 0x0a, 0x12, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
-	0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08,
-	0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
-	0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x5d, 0x0a, 0x08,
-	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x41,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
-	0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
-	0x6c, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x53, 0x0a, 0x03, 0x54,
-	0x4c, 0x53, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f,
+	0x64, 0x65, 0x52, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64,
+	0x65, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
+	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
+	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x74, 0x0a, 0x16, 0x54, 0x72,
+	0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64,
+	0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x05, 0x52, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74,
+	0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x44, 0x69, 0x61, 0x6c,
+	0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x0e, 0x44, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79,
+	0x22, 0x5f, 0x0a, 0x11, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4a, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68,
+	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x4d, 0x6f, 0x64,
+	0x65, 0x22, 0x6f, 0x0a, 0x0c, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x12, 0x16, 0x0a, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x12, 0x47, 0x0a, 0x05, 0x50, 0x61, 0x74,
+	0x68, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
 	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x4c, 0x53,
-	0x12, 0x53, 0x0a, 0x08, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74, 0x68, 0x52, 0x05, 0x50, 0x61, 0x74,
+	0x68, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0a, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74,
+	0x68, 0x12, 0x22, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72,
+	0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65,
+	0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x24, 0x0a, 0x0d, 0x4c, 0x6f, 0x63,
+	0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05,
+	0x52, 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x12,
+	0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x28, 0x0a, 0x0f, 0x50,
+	0x61, 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d,
+	0x43, 0x68, 0x65, 0x63, 0x6b, 0x22, 0xbf, 0x01, 0x0a, 0x15, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65,
+	0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
+	0x53, 0x0a, 0x09, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61,
-	0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x08, 0x4f, 0x76, 0x65,
-	0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x51, 0x0a, 0x07, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
-	0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72,
+	0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x09, 0x4f, 0x76, 0x65, 0x72, 0x72,
+	0x69, 0x64, 0x65, 0x73, 0x12, 0x51, 0x0a, 0x08, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41,
-	0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52,
-	0x07, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x22, 0xde, 0x01, 0x0a, 0x1a, 0x41, 0x50, 0x49,
-	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5c, 0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69,
-	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65,
-	0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73,
-	0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65,
-	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73,
-	0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4d, 0x61, 0x78, 0x56, 0x65,
-	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53,
-	0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, 0x70,
-	0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x65, 0x0a, 0x10, 0x41, 0x50, 0x49,
-	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x51, 0x0a,
-	0x03, 0x4a, 0x57, 0x54, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55,
+	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, 0x44,
+	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x22, 0x8a, 0x05, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74,
+	0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
+	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58,
+	0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70,
+	0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70,
+	0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2c, 0x0a, 0x11, 0x45, 0x6e, 0x76, 0x6f,
+	0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x11, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
+	0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x2a, 0x0a, 0x10, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x10, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x53,
+	0x4f, 0x4e, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x2a,
+	0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
+	0x4d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x12, 0x4d, 0x0a, 0x06, 0x4c, 0x69,
+	0x6d, 0x69, 0x74, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73,
 	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
 	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54,
-	0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x03, 0x4a, 0x57, 0x54,
-	0x22, 0x76, 0x0a, 0x18, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57,
-	0x54, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x5a, 0x0a, 0x09,
-	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77,
-	0x61, 0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x09, 0x50,
-	0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x22, 0x96, 0x01, 0x0a, 0x15, 0x41, 0x50, 0x49,
-	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
-	0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x69, 0x0a, 0x0c, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79,
-	0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a,
-	0x57, 0x54, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x6c, 0x61, 0x69, 0x6d,
-	0x73, 0x22, 0x4a, 0x0a, 0x1e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a,
-	0x57, 0x54, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28,
-	0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xb7, 0x01,
-	0x0a, 0x11, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65,
-	0x6e, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x53,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0b, 0x53, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a,
-	0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x72, 0x79, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74,
+	0x73, 0x52, 0x06, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x69, 0x0a, 0x12, 0x50, 0x61, 0x73,
+	0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x18,
+	0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
 	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
-	0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
-	0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfe, 0x01, 0x0a, 0x0f, 0x42, 0x6f, 0x75, 0x6e,
-	0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x54, 0x0a, 0x04, 0x4d,
-	0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x50, 0x61,
+	0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b,
+	0x52, 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43,
+	0x68, 0x65, 0x63, 0x6b, 0x12, 0x5a, 0x0a, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65,
+	0x77, 0x61, 0x79, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
-	0x79, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74,
-	0x61, 0x12, 0x5c, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
-	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x42, 0x6f, 0x75,
-	0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74,
-	0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x1a,
-	0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
-	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14,
-	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdd, 0x01, 0x0a, 0x17, 0x42, 0x6f, 0x75,
-	0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74,
-	0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x5c, 0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52,
-	0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73,
-	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x52, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
+	0x12, 0x3e, 0x0a, 0x1a, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75, 0x74, 0x62, 0x6f,
+	0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0a,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75, 0x74,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x50, 0x65, 0x65, 0x72, 0x22, 0x9e, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61,
+	0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x4d, 0x61, 0x78, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x0e, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
+	0x2e, 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12, 0x4d, 0x61, 0x78,
+	0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12,
+	0x34, 0x0a, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15,
+	0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0x9e, 0x02, 0x0a, 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76,
+	0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x35, 0x0a, 0x08,
+	0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72,
+	0x76, 0x61, 0x6c, 0x12, 0x20, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72,
+	0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x4d, 0x61, 0x78, 0x46, 0x61, 0x69,
+	0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x17, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69,
+	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e,
+	0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x12,
+	0x2e, 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65,
+	0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x12, 0x4d, 0x61, 0x78,
+	0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12,
+	0x45, 0x0a, 0x10, 0x42, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54,
+	0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x42, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x45, 0x0a, 0x11, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1c, 0x0a, 0x09, 0x41,
+	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09,
+	0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72,
+	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x22, 0xb6, 0x02,
+	0x0a, 0x0a, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x4f, 0x0a, 0x04,
+	0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
+	0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x4d, 0x65,
+	0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x57, 0x0a,
+	0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65,
+	0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69, 0x73,
+	0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52,
-	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
-	0x52, 0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0xe6, 0x01, 0x0a, 0x11, 0x49, 0x6e, 0x6c,
-	0x69, 0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x56,
-	0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68,
-	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69,
-	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79,
-	0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x72, 0x69, 0x76,
-	0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x50, 0x72,
-	0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61,
-	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
-	0x01, 0x22, 0x99, 0x03, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12,
-	0x4e, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x2e,
-	0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12,
-	0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a,
+	0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65,
+	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x5a, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x12, 0x50, 0x0a, 0x0a, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x6f, 0x6e,
+	0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x22, 0x8b, 0x02, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x12, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06,
+	0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65,
+	0x61, 0x73, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x54,
+	0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
 	0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
 	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
 	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
-	0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x07, 0x50, 0x61, 0x72, 0x65,
-	0x6e, 0x74, 0x73, 0x12, 0x4a, 0x0a, 0x05, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52,
-	0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x12,
-	0x1c, 0x0a, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03,
-	0x28, 0x09, 0x52, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x45, 0x0a,
-	0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e,
+	0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x12, 0x4a, 0x0a, 0x12, 0x4c, 0x61, 0x73, 0x74, 0x54, 0x72, 0x61, 0x6e,
+	0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x12, 0x4c, 0x61,
+	0x73, 0x74, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65,
+	0x22, 0x8c, 0x02, 0x0a, 0x12, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c,
+	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x48,
+	0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x48,
+	0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x5d, 0x0a, 0x08, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x41, 0x2e,
 	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
 	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
-	0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf9, 0x01,
-	0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x12,
-	0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c,
-	0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x4a, 0x0a,
-	0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x52, 0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x4e, 0x0a, 0x08, 0x53, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52,
-	0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x22, 0xc4, 0x02, 0x0a, 0x09, 0x48, 0x54,
-	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
+	0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
+	0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x53, 0x0a, 0x03, 0x54, 0x4c,
+	0x53, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
+	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x22,
+	0xde, 0x01, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c,
+	0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5c,
+	0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0c,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a,
+	0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0a, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a,
+	0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0a, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c,
+	0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73,
+	0x22, 0xb7, 0x01, 0x0a, 0x11, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66,
+	0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
+	0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20,
+	0x0a, 0x0b, 0x53, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0b, 0x53, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65,
+	0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
+	0x74, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
 	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x52, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x4e, 0x0a, 0x06, 0x4d, 0x65, 0x74,
-	0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f,
-	0x64, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x48, 0x0a, 0x04, 0x50, 0x61, 0x74,
-	0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65,
+	0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65,
+	0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfe, 0x01, 0x0a, 0x0f, 0x42,
+	0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x54,
+	0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74,
+	0x65, 0x77, 0x61, 0x79, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04,
+	0x4d, 0x65, 0x74, 0x61, 0x12, 0x5c, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
+	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
 	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
 	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x04, 0x50,
-	0x61, 0x74, 0x68, 0x12, 0x4b, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x18, 0x04, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
-	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x51,
-	0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79,
-	0x22, 0x8d, 0x01, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50,
-	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52,
-	0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x22, 0x75, 0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x12, 0x4e, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e,
-	0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74,
-	0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x8b, 0x01, 0x0a, 0x0e, 0x48, 0x54, 0x54, 0x50,
-	0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x4f, 0x0a, 0x05, 0x4d, 0x61,
-	0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c,
+	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65,
+	0x72, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
+	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
+	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdd, 0x01, 0x0a, 0x17,
+	0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c,
+	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x5c, 0x0a, 0x0c, 0x43,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0c, 0x43, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x06, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x4e,
-	0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12,
-	0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
-	0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xa9, 0x03, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69,
-	0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73,
-	0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48,
-	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52,
-	0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52,
-	0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68,
+	0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65,
+	0x6e, 0x63, 0x65, 0x52, 0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0xe6, 0x01, 0x0a, 0x11,
+	0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x12, 0x56, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x43, 0x65,
+	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x50,
+	0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0a, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x1a, 0x37, 0x0a, 0x09, 0x4d,
+	0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x3a, 0x02, 0x38, 0x01, 0x22, 0x99, 0x03, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x12, 0x4e, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65,
+	0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x07, 0x50,
+	0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4a, 0x0a, 0x05, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x18,
+	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54,
+	0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x52, 0x75, 0x6c,
+	0x65, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73,
+	0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
+	0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45,
+	0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
+	0x22, 0xf9, 0x01, 0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x75,
+	0x6c, 0x65, 0x12, 0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50,
+	0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73,
+	0x12, 0x4a, 0x0a, 0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x52, 0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x4e, 0x0a, 0x08,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x52, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x22, 0xc4, 0x02, 0x0a,
+	0x09, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x07, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x52, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x4e, 0x0a, 0x06,
+	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68,
 	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
 	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x52,
-	0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x54, 0x0a, 0x0b, 0x52,
-	0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69,
-	0x6c, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65,
-	0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74,
-	0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x2e, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0d,
-	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x42, 0x0a,
-	0x03, 0x4a, 0x57, 0x54, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x48, 0x0a, 0x04,
+	0x50, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73,
 	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
 	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x03, 0x4a, 0x57,
-	0x54, 0x22, 0x20, 0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12,
-	0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50,
-	0x61, 0x74, 0x68, 0x22, 0xad, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x46, 0x69, 0x6c,
-	0x74, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65,
-	0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72,
-	0x69, 0x65, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x18, 0x02,
-	0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x2e, 0x0a,
-	0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f,
-	0x64, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79,
-	0x4f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x34, 0x0a,
-	0x15, 0x52, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46,
-	0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x52, 0x65,
-	0x74, 0x72, 0x79, 0x4f, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x46, 0x61, 0x69, 0x6c,
-	0x75, 0x72, 0x65, 0x22, 0x8f, 0x01, 0x0a, 0x0d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x46,
-	0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x3b, 0x0a, 0x0b, 0x49, 0x64, 0x6c, 0x65,
-	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x49, 0x64, 0x6c, 0x65, 0x54, 0x69,
-	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x67, 0x0a, 0x09, 0x4a, 0x57, 0x54, 0x46, 0x69, 0x6c, 0x74,
-	0x65, 0x72, 0x12, 0x5a, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18,
-	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x4b, 0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
 	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x41, 0x50,
-	0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69,
-	0x64, 0x65, 0x72, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x22, 0xc2,
-	0x02, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c,
-	0x74, 0x65, 0x72, 0x12, 0x52, 0x0a, 0x03, 0x41, 0x64, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74,
-	0x72, 0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76,
-	0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12,
-	0x52, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54,
+	0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x51, 0x75,
+	0x65, 0x72, 0x79, 0x22, 0x8d, 0x01, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x50, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48,
+	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79,
+	0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a,
+	0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x22, 0x75, 0x0a, 0x0d, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x12, 0x4e, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50,
+	0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x8b, 0x01, 0x0a, 0x0e, 0x48,
+	0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x4f, 0x0a,
+	0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68,
 	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
 	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46,
-	0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03,
-	0x53, 0x65, 0x74, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
-	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a, 0x08, 0x53,
-	0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
-	0x02, 0x38, 0x01, 0x22, 0xe1, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68,
-	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12,
-	0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x6c,
-	0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x58, 0x0a,
-	0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
-	0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
-	0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfc, 0x02, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52,
-	0x6f, 0x75, 0x74, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12,
+	0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61,
+	0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xb3, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54,
+	0x50, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74,
+	0x65, 0x72, 0x52, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0a, 0x55,
+	0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69,
+	0x74, 0x65, 0x52, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0x20,
+	0x0a, 0x0a, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04,
+	0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68,
+	0x22, 0xc2, 0x02, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x46,
+	0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x52, 0x0a, 0x03, 0x41, 0x64, 0x64, 0x18, 0x01, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x41, 0x64, 0x64, 0x45,
+	0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x6d,
+	0x6f, 0x76, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76,
+	0x65, 0x12, 0x52, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x52, 0x03, 0x53, 0x65, 0x74, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
+	0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a,
+	0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xe1, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65,
+	0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x57, 0x65, 0x69,
+	0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x57, 0x65, 0x69, 0x67, 0x68,
+	0x74, 0x12, 0x4c, 0x0a, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
 	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f,
-	0x75, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d,
-	0x65, 0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46,
+	0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x52, 0x07, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12,
+	0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74,
+	0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72,
+	0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72,
+	0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x22, 0xfc, 0x02, 0x0a, 0x08, 0x54, 0x43,
+	0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
 	0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x07,
-	0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08, 0x53, 0x65,
-	0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
+	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50,
+	0x52, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
+	0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73,
+	0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
 	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53,
-	0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x37, 0x0a,
-	0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65,
-	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x7a, 0x0a, 0x0a, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65,
-	0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+	0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52,
+	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
+	0x52, 0x07, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x4d, 0x0a, 0x08, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
+	0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a,
+	0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
+	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14,
+	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x7a, 0x0a, 0x0a, 0x54, 0x43, 0x50, 0x53,
+	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e,
+	0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65,
+	0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65,
+	0x4d, 0x65, 0x74, 0x61, 0x22, 0xb4, 0x03, 0x0a, 0x0d, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73,
+	0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e, 0x0a, 0x12, 0x44, 0x65,
+	0x66, 0x61, 0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x46,
+	0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e,
+	0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x0c, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x54,
+	0x0a, 0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73,
+	0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x52, 0x07, 0x4d, 0x65, 0x6d,
+	0x62, 0x65, 0x72, 0x73, 0x12, 0x52, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63,
+	0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e,
+	0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74,
+	0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65,
+	0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
 	0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
 	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
 	0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
 	0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65,
-	0x74, 0x61, 0x22, 0xb4, 0x03, 0x0a, 0x0d, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47,
-	0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e, 0x0a, 0x12, 0x44, 0x65, 0x66, 0x61,
-	0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x46, 0x6f, 0x72,
-	0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x63, 0x6c,
-	0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c,
-	0x49, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x54, 0x0a, 0x07,
-	0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72,
-	0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x52, 0x07, 0x4d, 0x65, 0x6d, 0x62, 0x65,
-	0x72, 0x73, 0x12, 0x52, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73,
-	0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79,
-	0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70,
-	0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61,
-	0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61,
-	0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a,
-	0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12,
-	0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x47, 0x0a, 0x13, 0x53, 0x61, 0x6d,
-	0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72,
-	0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12,
-	0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65,
-	0x65, 0x72, 0x22, 0xdd, 0x04, 0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
-	0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79,
-	0x53, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x52,
-	0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x16,
-	0x0a, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
-	0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e,
-	0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x41, 0x75, 0x64, 0x69, 0x65,
-	0x6e, 0x63, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x4c, 0x6f, 0x63,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72,
-	0x64, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73,
-	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
-	0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69,
-	0x6e, 0x67, 0x12, 0x57, 0x0a, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x4a, 0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b,
-	0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x50, 0x0a, 0x04, 0x4d,
-	0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
+	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
+	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x47, 0x0a, 0x13, 0x53,
+	0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62,
+	0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x50, 0x65, 0x65, 0x72, 0x22, 0xdd, 0x04, 0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76,
+	0x69, 0x64, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b,
+	0x65, 0x79, 0x53, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65,
+	0x74, 0x52, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x74,
+	0x12, 0x16, 0x0a, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x06, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x75, 0x64, 0x69,
+	0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x41, 0x75, 0x64,
+	0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x50, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e, 0x4d, 0x65,
-	0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2a, 0x0a,
-	0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64,
-	0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b,
-	0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74,
-	0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02,
-	0x38, 0x01, 0x22, 0xa2, 0x01, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65,
-	0x79, 0x53, 0x65, 0x74, 0x12, 0x46, 0x0a, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61,
-	0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x49, 0x0a, 0x06,
-	0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68,
+	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x4c,
+	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5a, 0x0a, 0x0a, 0x46, 0x6f, 0x72, 0x77,
+	0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68,
 	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
 	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65,
-	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57, 0x4b, 0x53, 0x52,
-	0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x22, 0x3b, 0x0a, 0x09, 0x4c, 0x6f, 0x63, 0x61, 0x6c,
-	0x4a, 0x57, 0x4b, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65,
-	0x6e, 0x61, 0x6d, 0x65, 0x22, 0xed, 0x02, 0x0a, 0x0a, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a,
-	0x57, 0x4b, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x2a, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52,
-	0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d,
-	0x73, 0x12, 0x3f, 0x0a, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63,
-	0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f,
-	0x75, 0x73, 0x6c, 0x79, 0x12, 0x58, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69,
+	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72,
+	0x64, 0x69, 0x6e, 0x67, 0x12, 0x57, 0x0a, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63,
-	0x79, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x54,
-	0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18, 0x06, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53,
-	0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75,
-	0x73, 0x74, 0x65, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75,
-	0x73, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72,
-	0x79, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x44, 0x69, 0x73,
-	0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x63, 0x0a, 0x0f, 0x54, 0x4c,
-	0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x79, 0x2e, 0x4a, 0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x52, 0x0b, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x50, 0x0a,
+	0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e,
+	0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12,
+	0x2a, 0x0a, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f,
+	0x6e, 0x64, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6c, 0x6f, 0x63, 0x6b,
+	0x53, 0x6b, 0x65, 0x77, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d,
+	0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x3a, 0x02, 0x38, 0x01, 0x22, 0xa2, 0x01, 0x0a, 0x0d, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62,
+	0x4b, 0x65, 0x79, 0x53, 0x65, 0x74, 0x12, 0x46, 0x0a, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f,
+	0x63, 0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x05, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x49,
+	0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4a, 0x57, 0x4b,
+	0x53, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x22, 0x3b, 0x0a, 0x09, 0x4c, 0x6f, 0x63,
+	0x61, 0x6c, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69,
+	0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69,
+	0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xed, 0x02, 0x0a, 0x0a, 0x52, 0x65, 0x6d, 0x6f, 0x74,
+	0x65, 0x4a, 0x57, 0x4b, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x2a, 0x0a, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x05, 0x52, 0x10, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75,
+	0x74, 0x4d, 0x73, 0x12, 0x3f, 0x0a, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x43, 0x61, 0x63, 0x68, 0x65, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79,
+	0x6e, 0x63, 0x68, 0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x13, 0x46, 0x65, 0x74, 0x63, 0x68, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x68, 0x72, 0x6f,
+	0x6e, 0x6f, 0x75, 0x73, 0x6c, 0x79, 0x12, 0x58, 0x0a, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x52, 0x0b, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x12, 0x54, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57,
+	0x4b, 0x53, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x22, 0xdb, 0x01, 0x0a, 0x0b, 0x4a, 0x57, 0x4b, 0x53, 0x43,
+	0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
+	0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x44,
+	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x63, 0x0a, 0x0f,
+	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57,
+	0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x52, 0x0f, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x73, 0x12, 0x41, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d,
+	0x65, 0x6f, 0x75, 0x74, 0x22, 0xfa, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x88, 0x01, 0x0a, 0x1d,
+	0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f,
+	0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
 	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
 	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53,
-	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x0f,
-	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12,
-	0x41, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75,
-	0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f,
-	0x75, 0x74, 0x22, 0xfa, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x88, 0x01, 0x0a, 0x1d, 0x43, 0x61,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69,
-	0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c,
-	0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73,
-	0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x1d, 0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74,
-	0x61, 0x6e, 0x63, 0x65, 0x12, 0x59, 0x0a, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43,
-	0x41, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e,
-	0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74,
-	0x65, 0x64, 0x43, 0x41, 0x52, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x22,
-	0x6b, 0x0a, 0x1b, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72,
-	0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x22,
-	0x0a, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61,
-	0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xaa, 0x01, 0x0a,
-	0x14, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75, 0x73,
-	0x74, 0x65, 0x64, 0x43, 0x41, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74,
-	0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13,
-	0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61,
-	0x62, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x72,
-	0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e,
-	0x65, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x49, 0x6e, 0x6c, 0x69, 0x6e,
-	0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x49, 0x6e,
-	0x6c, 0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x0f, 0x4a, 0x57,
-	0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1e, 0x0a,
-	0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x05, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x69, 0x0a,
-	0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b,
-	0x4f, 0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68,
+	0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49,
+	0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x1d, 0x43, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e,
+	0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x59, 0x0a, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65,
+	0x64, 0x43, 0x41, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68,
 	0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63,
-	0x6b, 0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63,
-	0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22, 0x90, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x74,
-	0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x12,
-	0x3d, 0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x3b,
-	0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b,
-	0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x22, 0x8f, 0x02, 0x0a, 0x0b,
-	0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x06, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x5c, 0x0a,
-	0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x52,
-	0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x50, 0x0a, 0x06, 0x43,
-	0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61,
+	0x79, 0x2e, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72, 0x75,
+	0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x52, 0x09, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43,
+	0x41, 0x22, 0x6b, 0x0a, 0x1b, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74,
+	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
+	0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
+	0x4e, 0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x43,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xaa,
+	0x01, 0x0a, 0x14, 0x4a, 0x57, 0x4b, 0x53, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x54, 0x72,
+	0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x41, 0x12, 0x1a, 0x0a, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x46, 0x69, 0x6c, 0x65, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65,
+	0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72,
+	0x69, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x53,
+	0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x49, 0x6e, 0x6c,
+	0x69, 0x6e, 0x65, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x49, 0x6e, 0x6c,
+	0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b,
+	0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x0f,
+	0x4a, 0x57, 0x4b, 0x53, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12,
+	0x1e, 0x0a, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x05, 0x52, 0x0a, 0x4e, 0x75, 0x6d, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12,
+	0x69, 0x0a, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61,
+	0x63, 0x6b, 0x4f, 0x66, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61,
 	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
 	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
-	0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43,
-	0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22, 0x63, 0x0a,
-	0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x50,
-	0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x46, 0x6f, 0x72, 0x77,
-	0x61, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61,
-	0x72, 0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x4e,
-	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22,
-	0x27, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f,
-	0x6f, 0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x6f, 0x0a, 0x13, 0x4a, 0x57, 0x54, 0x46,
-	0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
-	0x1e, 0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12,
-	0x38, 0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61, 0x79,
-	0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61, 0x79, 0x6c,
-	0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0e, 0x4a, 0x57, 0x54,
-	0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x53,
-	0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x53, 0x69, 0x7a, 0x65, 0x2a,
-	0xa9, 0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69, 0x6e, 0x64,
-	0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e,
-	0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x01, 0x12, 0x17, 0x0a,
-	0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f,
-	0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e,
-	0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x03, 0x12, 0x19,
-	0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74,
-	0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e,
-	0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73,
-	0x10, 0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x6c, 0x69, 0x6e, 0x65,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x10, 0x06, 0x12, 0x12, 0x0a,
-	0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10,
-	0x07, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x41, 0x50,
-	0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d, 0x4b, 0x69,
-	0x6e, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x09, 0x12, 0x10, 0x0a,
-	0x0c, 0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x0a, 0x12,
-	0x15, 0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47,
-	0x72, 0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x69, 0x6e, 0x64, 0x4a, 0x57,
-	0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x10, 0x0c, 0x2a, 0x26, 0x0a, 0x0f, 0x49,
-	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08,
-	0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x6c, 0x6c, 0x6f,
-	0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e,
-	0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d,
-	0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65,
-	0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x50, 0x72, 0x6f,
-	0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e,
-	0x74, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65,
-	0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5f, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75,
-	0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x75, 0x74,
-	0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c,
-	0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53,
-	0x4d, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17,
-	0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x50, 0x65, 0x72,
-	0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02, 0x2a, 0x7b, 0x0a, 0x0f, 0x4d, 0x65, 0x73,
-	0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a, 0x16,
-	0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44,
-	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x65, 0x73, 0x68,
-	0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4e, 0x6f, 0x6e, 0x65, 0x10,
-	0x01, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79,
-	0x4d, 0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4d,
-	0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x65,
-	0x6d, 0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74,
-	0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74,
-	0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72,
-	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x17,
-	0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
-	0x6f, 0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92, 0x02, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50,
-	0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x16, 0x0a, 0x12, 0x48,
-	0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x41, 0x6c,
-	0x6c, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10, 0x01, 0x12,
-	0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68,
-	0x6f, 0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54,
-	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x47, 0x65, 0x74,
-	0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d,
-	0x65, 0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64, 0x10, 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x48,
-	0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x61, 0x74, 0x63, 0x68, 0x10,
-	0x06, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10, 0x07, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54,
-	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x75, 0x74,
-	0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d,
-	0x65, 0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63, 0x65, 0x10, 0x09, 0x2a, 0xa7, 0x01, 0x0a,
-	0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x19,
-	0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54,
-	0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73,
-	0x65, 0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45,
-	0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x48,
-	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x53, 0x75,
-	0x66, 0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a, 0x11, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61,
-	0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x48,
-	0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63,
-	0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d,
-	0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e,
-	0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67,
-	0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03,
-	0x2a, 0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74,
-	0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75,
-	0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00, 0x12,
-	0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63,
-	0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x48, 0x54,
-	0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75,
-	0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x42,
-	0xae, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x10, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
-	0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x62, 0x63,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49,
-	0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72,
-	0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74,
-	0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79,
-	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42,
+	0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x52, 0x12, 0x52, 0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66, 0x66, 0x22, 0x90, 0x01, 0x0a, 0x12, 0x52,
+	0x65, 0x74, 0x72, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x4f, 0x66,
+	0x66, 0x12, 0x3d, 0x0a, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
+	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x0c, 0x42, 0x61, 0x73, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c,
+	0x12, 0x3b, 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x0b, 0x4d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x22, 0x8f, 0x02,
+	0x0a, 0x0b, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a,
+	0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12,
+	0x5c, 0x0a, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c,
+	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61,
+	0x6d, 0x52, 0x0a, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x50, 0x0a,
+	0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x52, 0x06, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x22,
+	0x63, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x46, 0x6f,
+	0x72, 0x77, 0x61, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x46, 0x6f, 0x72,
+	0x77, 0x61, 0x72, 0x64, 0x22, 0x2b, 0x0a, 0x15, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x12, 0x0a,
+	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d,
+	0x65, 0x22, 0x27, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x6f, 0x0a, 0x13, 0x4a, 0x57,
+	0x54, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d,
+	0x65, 0x12, 0x38, 0x0a, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50,
+	0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x17, 0x50, 0x61, 0x64, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x50, 0x61,
+	0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22, 0x24, 0x0a, 0x0e, 0x4a,
+	0x57, 0x54, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a,
+	0x04, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x53, 0x69, 0x7a,
+	0x65, 0x2a, 0xa9, 0x02, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69,
+	0x6e, 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b,
+	0x69, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x01, 0x12,
+	0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65,
+	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64,
+	0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x03,
+	0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49,
+	0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x4b,
+	0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c,
+	0x74, 0x73, 0x10, 0x05, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x6c, 0x69,
+	0x6e, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x10, 0x06, 0x12,
+	0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61,
+	0x79, 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x42, 0x6f, 0x75, 0x6e, 0x64,
+	0x41, 0x50, 0x49, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d,
+	0x4b, 0x69, 0x6e, 0x64, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10, 0x09, 0x12,
+	0x10, 0x0a, 0x0c, 0x4b, 0x69, 0x6e, 0x64, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x10,
+	0x0a, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73,
+	0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x69, 0x6e, 0x64,
+	0x4a, 0x57, 0x54, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x10, 0x0c, 0x2a, 0x26, 0x0a,
+	0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x08, 0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x6c,
+	0x6c, 0x6f, 0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69,
+	0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, 0x50, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78,
+	0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
+	0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x50,
+	0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72,
+	0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f,
+	0x64, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5f, 0x0a, 0x0d, 0x4d, 0x75,
+	0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4d,
+	0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61,
+	0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54,
+	0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x72, 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x1b,
+	0x0a, 0x17, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x50,
+	0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x76, 0x65, 0x10, 0x02, 0x2a, 0x7b, 0x0a, 0x0f, 0x4d,
+	0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a,
+	0x0a, 0x16, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64,
+	0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x65,
+	0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4e, 0x6f, 0x6e,
+	0x65, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77,
+	0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x10, 0x02, 0x12, 0x19, 0x0a,
+	0x15, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65,
+	0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x1a, 0x41, 0x50, 0x49, 0x47,
+	0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e,
+	0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00,
+	0x12, 0x17, 0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x54, 0x43, 0x50, 0x10, 0x01, 0x2a, 0x92, 0x02, 0x0a, 0x0f, 0x48, 0x54,
+	0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x16, 0x0a,
+	0x12, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x41, 0x6c, 0x6c, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10,
+	0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12,
+	0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x47,
+	0x65, 0x74, 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x48, 0x65, 0x61, 0x64, 0x10, 0x04, 0x12, 0x1a, 0x0a,
+	0x16, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54,
+	0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x61, 0x74, 0x63,
+	0x68, 0x10, 0x06, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50, 0x6f, 0x73, 0x74, 0x10, 0x07, 0x12, 0x16, 0x0a, 0x12,
+	0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x50,
+	0x75, 0x74, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63,
+	0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x54, 0x72, 0x61, 0x63, 0x65, 0x10, 0x09, 0x2a, 0xa7,
+	0x01, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74,
+	0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10, 0x00,
+	0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x48,
+	0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72,
+	0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x02, 0x12, 0x24, 0x0a, 0x20, 0x48, 0x54, 0x54, 0x50, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x67, 0x75, 0x6c, 0x61,
+	0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0x03, 0x12, 0x19, 0x0a,
+	0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68,
+	0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x10, 0x04, 0x2a, 0x68, 0x0a, 0x11, 0x48, 0x54, 0x54, 0x50,
+	0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a,
+	0x12, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78,
+	0x61, 0x63, 0x74, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74,
+	0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x10, 0x01, 0x12, 0x22,
+	0x0a, 0x1e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52,
+	0x65, 0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
+	0x10, 0x03, 0x2a, 0x6d, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d,
+	0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50,
+	0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x10,
+	0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61,
+	0x74, 0x63, 0x68, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f,
+	0x48, 0x54, 0x54, 0x50, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65,
+	0x67, 0x75, 0x6c, 0x61, 0x72, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x10,
+	0x03, 0x42, 0xae, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42,
+	0x10, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x50, 0x01, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70,
+	0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x04, 0x48,
+	0x43, 0x49, 0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, 0x25, 0x48, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e,
+	0x74, 0x72, 0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74,
+	0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -9240,7 +8468,7 @@ func file_private_pbconfigentry_config_entry_proto_rawDescGZIP() []byte {
 }
 
 var file_private_pbconfigentry_config_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 11)
-var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 114)
+var file_private_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 104)
 var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(Kind)(0),                                   // 0: hashicorp.consul.internal.configentry.Kind
 	(IntentionAction)(0),                        // 1: hashicorp.consul.internal.configentry.IntentionAction
@@ -9298,111 +8526,101 @@ var file_private_pbconfigentry_config_entry_proto_goTypes = []interface{}{
 	(*UpstreamLimits)(nil),                      // 53: hashicorp.consul.internal.configentry.UpstreamLimits
 	(*PassiveHealthCheck)(nil),                  // 54: hashicorp.consul.internal.configentry.PassiveHealthCheck
 	(*DestinationConfig)(nil),                   // 55: hashicorp.consul.internal.configentry.DestinationConfig
-	(*RateLimits)(nil),                          // 56: hashicorp.consul.internal.configentry.RateLimits
-	(*InstanceLevelRateLimits)(nil),             // 57: hashicorp.consul.internal.configentry.InstanceLevelRateLimits
-	(*InstanceLevelRouteRateLimits)(nil),        // 58: hashicorp.consul.internal.configentry.InstanceLevelRouteRateLimits
-	(*APIGateway)(nil),                          // 59: hashicorp.consul.internal.configentry.APIGateway
-	(*Status)(nil),                              // 60: hashicorp.consul.internal.configentry.Status
-	(*Condition)(nil),                           // 61: hashicorp.consul.internal.configentry.Condition
-	(*APIGatewayListener)(nil),                  // 62: hashicorp.consul.internal.configentry.APIGatewayListener
-	(*APIGatewayTLSConfiguration)(nil),          // 63: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
-	(*APIGatewayPolicy)(nil),                    // 64: hashicorp.consul.internal.configentry.APIGatewayPolicy
-	(*APIGatewayJWTRequirement)(nil),            // 65: hashicorp.consul.internal.configentry.APIGatewayJWTRequirement
-	(*APIGatewayJWTProvider)(nil),               // 66: hashicorp.consul.internal.configentry.APIGatewayJWTProvider
-	(*APIGatewayJWTClaimVerification)(nil),      // 67: hashicorp.consul.internal.configentry.APIGatewayJWTClaimVerification
-	(*ResourceReference)(nil),                   // 68: hashicorp.consul.internal.configentry.ResourceReference
-	(*BoundAPIGateway)(nil),                     // 69: hashicorp.consul.internal.configentry.BoundAPIGateway
-	(*BoundAPIGatewayListener)(nil),             // 70: hashicorp.consul.internal.configentry.BoundAPIGatewayListener
-	(*InlineCertificate)(nil),                   // 71: hashicorp.consul.internal.configentry.InlineCertificate
-	(*HTTPRoute)(nil),                           // 72: hashicorp.consul.internal.configentry.HTTPRoute
-	(*HTTPRouteRule)(nil),                       // 73: hashicorp.consul.internal.configentry.HTTPRouteRule
-	(*HTTPMatch)(nil),                           // 74: hashicorp.consul.internal.configentry.HTTPMatch
-	(*HTTPHeaderMatch)(nil),                     // 75: hashicorp.consul.internal.configentry.HTTPHeaderMatch
-	(*HTTPPathMatch)(nil),                       // 76: hashicorp.consul.internal.configentry.HTTPPathMatch
-	(*HTTPQueryMatch)(nil),                      // 77: hashicorp.consul.internal.configentry.HTTPQueryMatch
-	(*HTTPFilters)(nil),                         // 78: hashicorp.consul.internal.configentry.HTTPFilters
-	(*URLRewrite)(nil),                          // 79: hashicorp.consul.internal.configentry.URLRewrite
-	(*RetryFilter)(nil),                         // 80: hashicorp.consul.internal.configentry.RetryFilter
-	(*TimeoutFilter)(nil),                       // 81: hashicorp.consul.internal.configentry.TimeoutFilter
-	(*JWTFilter)(nil),                           // 82: hashicorp.consul.internal.configentry.JWTFilter
-	(*HTTPHeaderFilter)(nil),                    // 83: hashicorp.consul.internal.configentry.HTTPHeaderFilter
-	(*HTTPService)(nil),                         // 84: hashicorp.consul.internal.configentry.HTTPService
-	(*TCPRoute)(nil),                            // 85: hashicorp.consul.internal.configentry.TCPRoute
-	(*TCPService)(nil),                          // 86: hashicorp.consul.internal.configentry.TCPService
-	(*SamenessGroup)(nil),                       // 87: hashicorp.consul.internal.configentry.SamenessGroup
-	(*SamenessGroupMember)(nil),                 // 88: hashicorp.consul.internal.configentry.SamenessGroupMember
-	(*JWTProvider)(nil),                         // 89: hashicorp.consul.internal.configentry.JWTProvider
-	(*JSONWebKeySet)(nil),                       // 90: hashicorp.consul.internal.configentry.JSONWebKeySet
-	(*LocalJWKS)(nil),                           // 91: hashicorp.consul.internal.configentry.LocalJWKS
-	(*RemoteJWKS)(nil),                          // 92: hashicorp.consul.internal.configentry.RemoteJWKS
-	(*JWKSCluster)(nil),                         // 93: hashicorp.consul.internal.configentry.JWKSCluster
-	(*JWKSTLSCertificate)(nil),                  // 94: hashicorp.consul.internal.configentry.JWKSTLSCertificate
-	(*JWKSTLSCertProviderInstance)(nil),         // 95: hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
-	(*JWKSTLSCertTrustedCA)(nil),                // 96: hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
-	(*JWKSRetryPolicy)(nil),                     // 97: hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	(*RetryPolicyBackOff)(nil),                  // 98: hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	(*JWTLocation)(nil),                         // 99: hashicorp.consul.internal.configentry.JWTLocation
-	(*JWTLocationHeader)(nil),                   // 100: hashicorp.consul.internal.configentry.JWTLocationHeader
-	(*JWTLocationQueryParam)(nil),               // 101: hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	(*JWTLocationCookie)(nil),                   // 102: hashicorp.consul.internal.configentry.JWTLocationCookie
-	(*JWTForwardingConfig)(nil),                 // 103: hashicorp.consul.internal.configentry.JWTForwardingConfig
-	(*JWTCacheConfig)(nil),                      // 104: hashicorp.consul.internal.configentry.JWTCacheConfig
-	nil,                                         // 105: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
-	nil,                                         // 106: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
-	nil,                                         // 107: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	nil,                                         // 108: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	nil,                                         // 109: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
-	nil,                                         // 110: hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	nil,                                         // 111: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	nil,                                         // 112: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
-	nil,                                         // 113: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
-	nil,                                         // 114: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	nil,                                         // 115: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	nil,                                         // 116: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
-	nil,                                         // 117: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
-	nil,                                         // 118: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	nil,                                         // 119: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
-	nil,                                         // 120: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	nil,                                         // 121: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
-	nil,                                         // 122: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
-	nil,                                         // 123: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	nil,                                         // 124: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
-	(*pbcommon.EnterpriseMeta)(nil),             // 125: hashicorp.consul.internal.common.EnterpriseMeta
-	(*pbcommon.RaftIndex)(nil),                  // 126: hashicorp.consul.internal.common.RaftIndex
-	(*durationpb.Duration)(nil),                 // 127: google.protobuf.Duration
-	(*timestamppb.Timestamp)(nil),               // 128: google.protobuf.Timestamp
-	(*pbcommon.EnvoyExtension)(nil),             // 129: hashicorp.consul.internal.common.EnvoyExtension
+	(*APIGateway)(nil),                          // 56: hashicorp.consul.internal.configentry.APIGateway
+	(*Status)(nil),                              // 57: hashicorp.consul.internal.configentry.Status
+	(*Condition)(nil),                           // 58: hashicorp.consul.internal.configentry.Condition
+	(*APIGatewayListener)(nil),                  // 59: hashicorp.consul.internal.configentry.APIGatewayListener
+	(*APIGatewayTLSConfiguration)(nil),          // 60: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
+	(*ResourceReference)(nil),                   // 61: hashicorp.consul.internal.configentry.ResourceReference
+	(*BoundAPIGateway)(nil),                     // 62: hashicorp.consul.internal.configentry.BoundAPIGateway
+	(*BoundAPIGatewayListener)(nil),             // 63: hashicorp.consul.internal.configentry.BoundAPIGatewayListener
+	(*InlineCertificate)(nil),                   // 64: hashicorp.consul.internal.configentry.InlineCertificate
+	(*HTTPRoute)(nil),                           // 65: hashicorp.consul.internal.configentry.HTTPRoute
+	(*HTTPRouteRule)(nil),                       // 66: hashicorp.consul.internal.configentry.HTTPRouteRule
+	(*HTTPMatch)(nil),                           // 67: hashicorp.consul.internal.configentry.HTTPMatch
+	(*HTTPHeaderMatch)(nil),                     // 68: hashicorp.consul.internal.configentry.HTTPHeaderMatch
+	(*HTTPPathMatch)(nil),                       // 69: hashicorp.consul.internal.configentry.HTTPPathMatch
+	(*HTTPQueryMatch)(nil),                      // 70: hashicorp.consul.internal.configentry.HTTPQueryMatch
+	(*HTTPFilters)(nil),                         // 71: hashicorp.consul.internal.configentry.HTTPFilters
+	(*URLRewrite)(nil),                          // 72: hashicorp.consul.internal.configentry.URLRewrite
+	(*HTTPHeaderFilter)(nil),                    // 73: hashicorp.consul.internal.configentry.HTTPHeaderFilter
+	(*HTTPService)(nil),                         // 74: hashicorp.consul.internal.configentry.HTTPService
+	(*TCPRoute)(nil),                            // 75: hashicorp.consul.internal.configentry.TCPRoute
+	(*TCPService)(nil),                          // 76: hashicorp.consul.internal.configentry.TCPService
+	(*SamenessGroup)(nil),                       // 77: hashicorp.consul.internal.configentry.SamenessGroup
+	(*SamenessGroupMember)(nil),                 // 78: hashicorp.consul.internal.configentry.SamenessGroupMember
+	(*JWTProvider)(nil),                         // 79: hashicorp.consul.internal.configentry.JWTProvider
+	(*JSONWebKeySet)(nil),                       // 80: hashicorp.consul.internal.configentry.JSONWebKeySet
+	(*LocalJWKS)(nil),                           // 81: hashicorp.consul.internal.configentry.LocalJWKS
+	(*RemoteJWKS)(nil),                          // 82: hashicorp.consul.internal.configentry.RemoteJWKS
+	(*JWKSCluster)(nil),                         // 83: hashicorp.consul.internal.configentry.JWKSCluster
+	(*JWKSTLSCertificate)(nil),                  // 84: hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	(*JWKSTLSCertProviderInstance)(nil),         // 85: hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	(*JWKSTLSCertTrustedCA)(nil),                // 86: hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	(*JWKSRetryPolicy)(nil),                     // 87: hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	(*RetryPolicyBackOff)(nil),                  // 88: hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	(*JWTLocation)(nil),                         // 89: hashicorp.consul.internal.configentry.JWTLocation
+	(*JWTLocationHeader)(nil),                   // 90: hashicorp.consul.internal.configentry.JWTLocationHeader
+	(*JWTLocationQueryParam)(nil),               // 91: hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	(*JWTLocationCookie)(nil),                   // 92: hashicorp.consul.internal.configentry.JWTLocationCookie
+	(*JWTForwardingConfig)(nil),                 // 93: hashicorp.consul.internal.configentry.JWTForwardingConfig
+	(*JWTCacheConfig)(nil),                      // 94: hashicorp.consul.internal.configentry.JWTCacheConfig
+	nil,                                         // 95: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	nil,                                         // 96: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	nil,                                         // 97: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	nil,                                         // 98: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	nil,                                         // 99: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	nil,                                         // 100: hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	nil,                                         // 101: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	nil,                                         // 102: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	nil,                                         // 103: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	nil,                                         // 104: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	nil,                                         // 105: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	nil,                                         // 106: hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	nil,                                         // 107: hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	nil,                                         // 108: hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	nil,                                         // 109: hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	nil,                                         // 110: hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	nil,                                         // 111: hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	nil,                                         // 112: hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	nil,                                         // 113: hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	nil,                                         // 114: hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	(*pbcommon.EnterpriseMeta)(nil),             // 115: hashicorp.consul.internal.common.EnterpriseMeta
+	(*pbcommon.RaftIndex)(nil),                  // 116: hashicorp.consul.internal.common.RaftIndex
+	(*durationpb.Duration)(nil),                 // 117: google.protobuf.Duration
+	(*timestamppb.Timestamp)(nil),               // 118: google.protobuf.Timestamp
+	(*pbcommon.EnvoyExtension)(nil),             // 119: hashicorp.consul.internal.common.EnvoyExtension
 }
 var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	0,   // 0: hashicorp.consul.internal.configentry.ConfigEntry.Kind:type_name -> hashicorp.consul.internal.configentry.Kind
-	125, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	126, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
+	115, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	116, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex
 	12,  // 3: hashicorp.consul.internal.configentry.ConfigEntry.MeshConfig:type_name -> hashicorp.consul.internal.configentry.MeshConfig
 	18,  // 4: hashicorp.consul.internal.configentry.ConfigEntry.ServiceResolver:type_name -> hashicorp.consul.internal.configentry.ServiceResolver
 	30,  // 5: hashicorp.consul.internal.configentry.ConfigEntry.IngressGateway:type_name -> hashicorp.consul.internal.configentry.IngressGateway
 	38,  // 6: hashicorp.consul.internal.configentry.ConfigEntry.ServiceIntentions:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions
 	46,  // 7: hashicorp.consul.internal.configentry.ConfigEntry.ServiceDefaults:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults
-	59,  // 8: hashicorp.consul.internal.configentry.ConfigEntry.APIGateway:type_name -> hashicorp.consul.internal.configentry.APIGateway
-	69,  // 9: hashicorp.consul.internal.configentry.ConfigEntry.BoundAPIGateway:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway
-	85,  // 10: hashicorp.consul.internal.configentry.ConfigEntry.TCPRoute:type_name -> hashicorp.consul.internal.configentry.TCPRoute
-	72,  // 11: hashicorp.consul.internal.configentry.ConfigEntry.HTTPRoute:type_name -> hashicorp.consul.internal.configentry.HTTPRoute
-	71,  // 12: hashicorp.consul.internal.configentry.ConfigEntry.InlineCertificate:type_name -> hashicorp.consul.internal.configentry.InlineCertificate
-	87,  // 13: hashicorp.consul.internal.configentry.ConfigEntry.SamenessGroup:type_name -> hashicorp.consul.internal.configentry.SamenessGroup
-	89,  // 14: hashicorp.consul.internal.configentry.ConfigEntry.JWTProvider:type_name -> hashicorp.consul.internal.configentry.JWTProvider
+	56,  // 8: hashicorp.consul.internal.configentry.ConfigEntry.APIGateway:type_name -> hashicorp.consul.internal.configentry.APIGateway
+	62,  // 9: hashicorp.consul.internal.configentry.ConfigEntry.BoundAPIGateway:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway
+	75,  // 10: hashicorp.consul.internal.configentry.ConfigEntry.TCPRoute:type_name -> hashicorp.consul.internal.configentry.TCPRoute
+	65,  // 11: hashicorp.consul.internal.configentry.ConfigEntry.HTTPRoute:type_name -> hashicorp.consul.internal.configentry.HTTPRoute
+	64,  // 12: hashicorp.consul.internal.configentry.ConfigEntry.InlineCertificate:type_name -> hashicorp.consul.internal.configentry.InlineCertificate
+	77,  // 13: hashicorp.consul.internal.configentry.ConfigEntry.SamenessGroup:type_name -> hashicorp.consul.internal.configentry.SamenessGroup
+	79,  // 14: hashicorp.consul.internal.configentry.ConfigEntry.JWTProvider:type_name -> hashicorp.consul.internal.configentry.JWTProvider
 	13,  // 15: hashicorp.consul.internal.configentry.MeshConfig.TransparentProxy:type_name -> hashicorp.consul.internal.configentry.TransparentProxyMeshConfig
 	14,  // 16: hashicorp.consul.internal.configentry.MeshConfig.TLS:type_name -> hashicorp.consul.internal.configentry.MeshTLSConfig
 	16,  // 17: hashicorp.consul.internal.configentry.MeshConfig.HTTP:type_name -> hashicorp.consul.internal.configentry.MeshHTTPConfig
-	105, // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
+	95,  // 18: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry
 	17,  // 19: hashicorp.consul.internal.configentry.MeshConfig.Peering:type_name -> hashicorp.consul.internal.configentry.PeeringMeshConfig
 	15,  // 20: hashicorp.consul.internal.configentry.MeshTLSConfig.Incoming:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
 	15,  // 21: hashicorp.consul.internal.configentry.MeshTLSConfig.Outgoing:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig
-	106, // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
+	96,  // 22: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry
 	20,  // 23: hashicorp.consul.internal.configentry.ServiceResolver.Redirect:type_name -> hashicorp.consul.internal.configentry.ServiceResolverRedirect
-	107, // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
-	127, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
+	97,  // 24: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry
+	117, // 25: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration
 	25,  // 26: hashicorp.consul.internal.configentry.ServiceResolver.LoadBalancer:type_name -> hashicorp.consul.internal.configentry.LoadBalancer
-	108, // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
-	127, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
+	98,  // 27: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry
+	117, // 28: hashicorp.consul.internal.configentry.ServiceResolver.RequestTimeout:type_name -> google.protobuf.Duration
 	23,  // 29: hashicorp.consul.internal.configentry.ServiceResolver.PrioritizeByLocality:type_name -> hashicorp.consul.internal.configentry.ServiceResolverPrioritizeByLocality
 	24,  // 30: hashicorp.consul.internal.configentry.ServiceResolverFailover.Targets:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverTarget
 	22,  // 31: hashicorp.consul.internal.configentry.ServiceResolverFailover.Policy:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverPolicy
@@ -9410,10 +8628,10 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	27,  // 33: hashicorp.consul.internal.configentry.LoadBalancer.LeastRequestConfig:type_name -> hashicorp.consul.internal.configentry.LeastRequestConfig
 	28,  // 34: hashicorp.consul.internal.configentry.LoadBalancer.HashPolicies:type_name -> hashicorp.consul.internal.configentry.HashPolicy
 	29,  // 35: hashicorp.consul.internal.configentry.HashPolicy.CookieConfig:type_name -> hashicorp.consul.internal.configentry.CookieConfig
-	127, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
+	117, // 36: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration
 	32,  // 37: hashicorp.consul.internal.configentry.IngressGateway.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig
 	34,  // 38: hashicorp.consul.internal.configentry.IngressGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.IngressListener
-	109, // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
+	99,  // 39: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry
 	31,  // 40: hashicorp.consul.internal.configentry.IngressGateway.Defaults:type_name -> hashicorp.consul.internal.configentry.IngressServiceConfig
 	54,  // 41: hashicorp.consul.internal.configentry.IngressServiceConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 42: hashicorp.consul.internal.configentry.GatewayTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
@@ -9422,24 +8640,24 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	36,  // 45: hashicorp.consul.internal.configentry.IngressService.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayServiceTLSConfig
 	37,  // 46: hashicorp.consul.internal.configentry.IngressService.RequestHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
 	37,  // 47: hashicorp.consul.internal.configentry.IngressService.ResponseHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers
-	110, // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
-	125, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	100, // 48: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry
+	115, // 49: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	54,  // 50: hashicorp.consul.internal.configentry.IngressService.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
 	33,  // 51: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig
-	111, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
-	112, // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
+	101, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry
+	102, // 53: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry
 	42,  // 54: hashicorp.consul.internal.configentry.ServiceIntentions.Sources:type_name -> hashicorp.consul.internal.configentry.SourceIntention
-	113, // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
+	103, // 55: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry
 	39,  // 56: hashicorp.consul.internal.configentry.ServiceIntentions.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
 	40,  // 57: hashicorp.consul.internal.configentry.IntentionJWTRequirement.Providers:type_name -> hashicorp.consul.internal.configentry.IntentionJWTProvider
 	41,  // 58: hashicorp.consul.internal.configentry.IntentionJWTProvider.VerifyClaims:type_name -> hashicorp.consul.internal.configentry.IntentionJWTClaimVerification
 	1,   // 59: hashicorp.consul.internal.configentry.SourceIntention.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	43,  // 60: hashicorp.consul.internal.configentry.SourceIntention.Permissions:type_name -> hashicorp.consul.internal.configentry.IntentionPermission
 	2,   // 61: hashicorp.consul.internal.configentry.SourceIntention.Type:type_name -> hashicorp.consul.internal.configentry.IntentionSourceType
-	114, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
-	128, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
-	128, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
-	125, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	104, // 62: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry
+	118, // 63: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp
+	118, // 64: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp
+	115, // 65: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
 	1,   // 66: hashicorp.consul.internal.configentry.IntentionPermission.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction
 	44,  // 67: hashicorp.consul.internal.configentry.IntentionPermission.HTTP:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPPermission
 	39,  // 68: hashicorp.consul.internal.configentry.IntentionPermission.JWT:type_name -> hashicorp.consul.internal.configentry.IntentionJWTRequirement
@@ -9450,103 +8668,89 @@ var file_private_pbconfigentry_config_entry_proto_depIdxs = []int32{
 	49,  // 73: hashicorp.consul.internal.configentry.ServiceDefaults.Expose:type_name -> hashicorp.consul.internal.configentry.ExposeConfig
 	51,  // 74: hashicorp.consul.internal.configentry.ServiceDefaults.UpstreamConfig:type_name -> hashicorp.consul.internal.configentry.UpstreamConfiguration
 	55,  // 75: hashicorp.consul.internal.configentry.ServiceDefaults.Destination:type_name -> hashicorp.consul.internal.configentry.DestinationConfig
-	56,  // 76: hashicorp.consul.internal.configentry.ServiceDefaults.RateLimits:type_name -> hashicorp.consul.internal.configentry.RateLimits
-	115, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
-	129, // 78: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
-	4,   // 79: hashicorp.consul.internal.configentry.ServiceDefaults.MutualTLSMode:type_name -> hashicorp.consul.internal.configentry.MutualTLSMode
-	5,   // 80: hashicorp.consul.internal.configentry.MeshGatewayConfig.Mode:type_name -> hashicorp.consul.internal.configentry.MeshGatewayMode
-	50,  // 81: hashicorp.consul.internal.configentry.ExposeConfig.Paths:type_name -> hashicorp.consul.internal.configentry.ExposePath
-	52,  // 82: hashicorp.consul.internal.configentry.UpstreamConfiguration.Overrides:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
-	52,  // 83: hashicorp.consul.internal.configentry.UpstreamConfiguration.Defaults:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
-	125, // 84: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	53,  // 85: hashicorp.consul.internal.configentry.UpstreamConfig.Limits:type_name -> hashicorp.consul.internal.configentry.UpstreamLimits
-	54,  // 86: hashicorp.consul.internal.configentry.UpstreamConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
-	48,  // 87: hashicorp.consul.internal.configentry.UpstreamConfig.MeshGateway:type_name -> hashicorp.consul.internal.configentry.MeshGatewayConfig
-	127, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
-	127, // 89: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
-	57,  // 90: hashicorp.consul.internal.configentry.RateLimits.InstanceLevel:type_name -> hashicorp.consul.internal.configentry.InstanceLevelRateLimits
-	58,  // 91: hashicorp.consul.internal.configentry.InstanceLevelRateLimits.Routes:type_name -> hashicorp.consul.internal.configentry.InstanceLevelRouteRateLimits
-	116, // 92: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
-	62,  // 93: hashicorp.consul.internal.configentry.APIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.APIGatewayListener
-	60,  // 94: hashicorp.consul.internal.configentry.APIGateway.Status:type_name -> hashicorp.consul.internal.configentry.Status
-	61,  // 95: hashicorp.consul.internal.configentry.Status.Conditions:type_name -> hashicorp.consul.internal.configentry.Condition
-	68,  // 96: hashicorp.consul.internal.configentry.Condition.Resource:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	128, // 97: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
-	6,   // 98: hashicorp.consul.internal.configentry.APIGatewayListener.Protocol:type_name -> hashicorp.consul.internal.configentry.APIGatewayListenerProtocol
-	63,  // 99: hashicorp.consul.internal.configentry.APIGatewayListener.TLS:type_name -> hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
-	64,  // 100: hashicorp.consul.internal.configentry.APIGatewayListener.Override:type_name -> hashicorp.consul.internal.configentry.APIGatewayPolicy
-	64,  // 101: hashicorp.consul.internal.configentry.APIGatewayListener.Default:type_name -> hashicorp.consul.internal.configentry.APIGatewayPolicy
-	68,  // 102: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	65,  // 103: hashicorp.consul.internal.configentry.APIGatewayPolicy.JWT:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTRequirement
-	66,  // 104: hashicorp.consul.internal.configentry.APIGatewayJWTRequirement.Providers:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTProvider
-	67,  // 105: hashicorp.consul.internal.configentry.APIGatewayJWTProvider.VerifyClaims:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTClaimVerification
-	125, // 106: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	117, // 107: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
-	70,  // 108: hashicorp.consul.internal.configentry.BoundAPIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.BoundAPIGatewayListener
-	68,  // 109: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	68,  // 110: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Routes:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	118, // 111: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
-	119, // 112: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
-	68,  // 113: hashicorp.consul.internal.configentry.HTTPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	73,  // 114: hashicorp.consul.internal.configentry.HTTPRoute.Rules:type_name -> hashicorp.consul.internal.configentry.HTTPRouteRule
-	60,  // 115: hashicorp.consul.internal.configentry.HTTPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
-	78,  // 116: hashicorp.consul.internal.configentry.HTTPRouteRule.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
-	74,  // 117: hashicorp.consul.internal.configentry.HTTPRouteRule.Matches:type_name -> hashicorp.consul.internal.configentry.HTTPMatch
-	84,  // 118: hashicorp.consul.internal.configentry.HTTPRouteRule.Services:type_name -> hashicorp.consul.internal.configentry.HTTPService
-	75,  // 119: hashicorp.consul.internal.configentry.HTTPMatch.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatch
-	7,   // 120: hashicorp.consul.internal.configentry.HTTPMatch.Method:type_name -> hashicorp.consul.internal.configentry.HTTPMatchMethod
-	76,  // 121: hashicorp.consul.internal.configentry.HTTPMatch.Path:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatch
-	77,  // 122: hashicorp.consul.internal.configentry.HTTPMatch.Query:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatch
-	8,   // 123: hashicorp.consul.internal.configentry.HTTPHeaderMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatchType
-	9,   // 124: hashicorp.consul.internal.configentry.HTTPPathMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatchType
-	10,  // 125: hashicorp.consul.internal.configentry.HTTPQueryMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatchType
-	83,  // 126: hashicorp.consul.internal.configentry.HTTPFilters.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter
-	79,  // 127: hashicorp.consul.internal.configentry.HTTPFilters.URLRewrite:type_name -> hashicorp.consul.internal.configentry.URLRewrite
-	80,  // 128: hashicorp.consul.internal.configentry.HTTPFilters.RetryFilter:type_name -> hashicorp.consul.internal.configentry.RetryFilter
-	81,  // 129: hashicorp.consul.internal.configentry.HTTPFilters.TimeoutFilter:type_name -> hashicorp.consul.internal.configentry.TimeoutFilter
-	82,  // 130: hashicorp.consul.internal.configentry.HTTPFilters.JWT:type_name -> hashicorp.consul.internal.configentry.JWTFilter
-	127, // 131: hashicorp.consul.internal.configentry.TimeoutFilter.RequestTimeout:type_name -> google.protobuf.Duration
-	127, // 132: hashicorp.consul.internal.configentry.TimeoutFilter.IdleTimeout:type_name -> google.protobuf.Duration
-	66,  // 133: hashicorp.consul.internal.configentry.JWTFilter.Providers:type_name -> hashicorp.consul.internal.configentry.APIGatewayJWTProvider
-	120, // 134: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
-	121, // 135: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
-	78,  // 136: hashicorp.consul.internal.configentry.HTTPService.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
-	125, // 137: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	122, // 138: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
-	68,  // 139: hashicorp.consul.internal.configentry.TCPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
-	86,  // 140: hashicorp.consul.internal.configentry.TCPRoute.Services:type_name -> hashicorp.consul.internal.configentry.TCPService
-	60,  // 141: hashicorp.consul.internal.configentry.TCPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
-	125, // 142: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	88,  // 143: hashicorp.consul.internal.configentry.SamenessGroup.Members:type_name -> hashicorp.consul.internal.configentry.SamenessGroupMember
-	123, // 144: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
-	125, // 145: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
-	90,  // 146: hashicorp.consul.internal.configentry.JWTProvider.JSONWebKeySet:type_name -> hashicorp.consul.internal.configentry.JSONWebKeySet
-	99,  // 147: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
-	103, // 148: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
-	104, // 149: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
-	124, // 150: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
-	91,  // 151: hashicorp.consul.internal.configentry.JSONWebKeySet.Local:type_name -> hashicorp.consul.internal.configentry.LocalJWKS
-	92,  // 152: hashicorp.consul.internal.configentry.JSONWebKeySet.Remote:type_name -> hashicorp.consul.internal.configentry.RemoteJWKS
-	127, // 153: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
-	97,  // 154: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
-	93,  // 155: hashicorp.consul.internal.configentry.RemoteJWKS.JWKSCluster:type_name -> hashicorp.consul.internal.configentry.JWKSCluster
-	94,  // 156: hashicorp.consul.internal.configentry.JWKSCluster.TLSCertificates:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertificate
-	127, // 157: hashicorp.consul.internal.configentry.JWKSCluster.ConnectTimeout:type_name -> google.protobuf.Duration
-	95,  // 158: hashicorp.consul.internal.configentry.JWKSTLSCertificate.CaCertificateProviderInstance:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
-	96,  // 159: hashicorp.consul.internal.configentry.JWKSTLSCertificate.TrustedCA:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
-	98,  // 160: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
-	127, // 161: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
-	127, // 162: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
-	100, // 163: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
-	101, // 164: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
-	102, // 165: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
-	19,  // 166: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
-	21,  // 167: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
-	168, // [168:168] is the sub-list for method output_type
-	168, // [168:168] is the sub-list for method input_type
-	168, // [168:168] is the sub-list for extension type_name
-	168, // [168:168] is the sub-list for extension extendee
-	0,   // [0:168] is the sub-list for field type_name
+	105, // 76: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry
+	119, // 77: hashicorp.consul.internal.configentry.ServiceDefaults.EnvoyExtensions:type_name -> hashicorp.consul.internal.common.EnvoyExtension
+	4,   // 78: hashicorp.consul.internal.configentry.ServiceDefaults.MutualTLSMode:type_name -> hashicorp.consul.internal.configentry.MutualTLSMode
+	5,   // 79: hashicorp.consul.internal.configentry.MeshGatewayConfig.Mode:type_name -> hashicorp.consul.internal.configentry.MeshGatewayMode
+	50,  // 80: hashicorp.consul.internal.configentry.ExposeConfig.Paths:type_name -> hashicorp.consul.internal.configentry.ExposePath
+	52,  // 81: hashicorp.consul.internal.configentry.UpstreamConfiguration.Overrides:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
+	52,  // 82: hashicorp.consul.internal.configentry.UpstreamConfiguration.Defaults:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig
+	115, // 83: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	53,  // 84: hashicorp.consul.internal.configentry.UpstreamConfig.Limits:type_name -> hashicorp.consul.internal.configentry.UpstreamLimits
+	54,  // 85: hashicorp.consul.internal.configentry.UpstreamConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck
+	48,  // 86: hashicorp.consul.internal.configentry.UpstreamConfig.MeshGateway:type_name -> hashicorp.consul.internal.configentry.MeshGatewayConfig
+	117, // 87: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration
+	117, // 88: hashicorp.consul.internal.configentry.PassiveHealthCheck.BaseEjectionTime:type_name -> google.protobuf.Duration
+	106, // 89: hashicorp.consul.internal.configentry.APIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.APIGateway.MetaEntry
+	59,  // 90: hashicorp.consul.internal.configentry.APIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.APIGatewayListener
+	57,  // 91: hashicorp.consul.internal.configentry.APIGateway.Status:type_name -> hashicorp.consul.internal.configentry.Status
+	58,  // 92: hashicorp.consul.internal.configentry.Status.Conditions:type_name -> hashicorp.consul.internal.configentry.Condition
+	61,  // 93: hashicorp.consul.internal.configentry.Condition.Resource:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	118, // 94: hashicorp.consul.internal.configentry.Condition.LastTransitionTime:type_name -> google.protobuf.Timestamp
+	6,   // 95: hashicorp.consul.internal.configentry.APIGatewayListener.Protocol:type_name -> hashicorp.consul.internal.configentry.APIGatewayListenerProtocol
+	60,  // 96: hashicorp.consul.internal.configentry.APIGatewayListener.TLS:type_name -> hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration
+	61,  // 97: hashicorp.consul.internal.configentry.APIGatewayTLSConfiguration.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	115, // 98: hashicorp.consul.internal.configentry.ResourceReference.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	107, // 99: hashicorp.consul.internal.configentry.BoundAPIGateway.Meta:type_name -> hashicorp.consul.internal.configentry.BoundAPIGateway.MetaEntry
+	63,  // 100: hashicorp.consul.internal.configentry.BoundAPIGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.BoundAPIGatewayListener
+	61,  // 101: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Certificates:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	61,  // 102: hashicorp.consul.internal.configentry.BoundAPIGatewayListener.Routes:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	108, // 103: hashicorp.consul.internal.configentry.InlineCertificate.Meta:type_name -> hashicorp.consul.internal.configentry.InlineCertificate.MetaEntry
+	109, // 104: hashicorp.consul.internal.configentry.HTTPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.HTTPRoute.MetaEntry
+	61,  // 105: hashicorp.consul.internal.configentry.HTTPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	66,  // 106: hashicorp.consul.internal.configentry.HTTPRoute.Rules:type_name -> hashicorp.consul.internal.configentry.HTTPRouteRule
+	57,  // 107: hashicorp.consul.internal.configentry.HTTPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
+	71,  // 108: hashicorp.consul.internal.configentry.HTTPRouteRule.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
+	67,  // 109: hashicorp.consul.internal.configentry.HTTPRouteRule.Matches:type_name -> hashicorp.consul.internal.configentry.HTTPMatch
+	74,  // 110: hashicorp.consul.internal.configentry.HTTPRouteRule.Services:type_name -> hashicorp.consul.internal.configentry.HTTPService
+	68,  // 111: hashicorp.consul.internal.configentry.HTTPMatch.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatch
+	7,   // 112: hashicorp.consul.internal.configentry.HTTPMatch.Method:type_name -> hashicorp.consul.internal.configentry.HTTPMatchMethod
+	69,  // 113: hashicorp.consul.internal.configentry.HTTPMatch.Path:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatch
+	70,  // 114: hashicorp.consul.internal.configentry.HTTPMatch.Query:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatch
+	8,   // 115: hashicorp.consul.internal.configentry.HTTPHeaderMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderMatchType
+	9,   // 116: hashicorp.consul.internal.configentry.HTTPPathMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPPathMatchType
+	10,  // 117: hashicorp.consul.internal.configentry.HTTPQueryMatch.Match:type_name -> hashicorp.consul.internal.configentry.HTTPQueryMatchType
+	73,  // 118: hashicorp.consul.internal.configentry.HTTPFilters.Headers:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter
+	72,  // 119: hashicorp.consul.internal.configentry.HTTPFilters.URLRewrite:type_name -> hashicorp.consul.internal.configentry.URLRewrite
+	110, // 120: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.AddEntry
+	111, // 121: hashicorp.consul.internal.configentry.HTTPHeaderFilter.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderFilter.SetEntry
+	71,  // 122: hashicorp.consul.internal.configentry.HTTPService.Filters:type_name -> hashicorp.consul.internal.configentry.HTTPFilters
+	115, // 123: hashicorp.consul.internal.configentry.HTTPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	112, // 124: hashicorp.consul.internal.configentry.TCPRoute.Meta:type_name -> hashicorp.consul.internal.configentry.TCPRoute.MetaEntry
+	61,  // 125: hashicorp.consul.internal.configentry.TCPRoute.Parents:type_name -> hashicorp.consul.internal.configentry.ResourceReference
+	76,  // 126: hashicorp.consul.internal.configentry.TCPRoute.Services:type_name -> hashicorp.consul.internal.configentry.TCPService
+	57,  // 127: hashicorp.consul.internal.configentry.TCPRoute.Status:type_name -> hashicorp.consul.internal.configentry.Status
+	115, // 128: hashicorp.consul.internal.configentry.TCPService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	78,  // 129: hashicorp.consul.internal.configentry.SamenessGroup.Members:type_name -> hashicorp.consul.internal.configentry.SamenessGroupMember
+	113, // 130: hashicorp.consul.internal.configentry.SamenessGroup.Meta:type_name -> hashicorp.consul.internal.configentry.SamenessGroup.MetaEntry
+	115, // 131: hashicorp.consul.internal.configentry.SamenessGroup.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta
+	80,  // 132: hashicorp.consul.internal.configentry.JWTProvider.JSONWebKeySet:type_name -> hashicorp.consul.internal.configentry.JSONWebKeySet
+	89,  // 133: hashicorp.consul.internal.configentry.JWTProvider.Locations:type_name -> hashicorp.consul.internal.configentry.JWTLocation
+	93,  // 134: hashicorp.consul.internal.configentry.JWTProvider.Forwarding:type_name -> hashicorp.consul.internal.configentry.JWTForwardingConfig
+	94,  // 135: hashicorp.consul.internal.configentry.JWTProvider.CacheConfig:type_name -> hashicorp.consul.internal.configentry.JWTCacheConfig
+	114, // 136: hashicorp.consul.internal.configentry.JWTProvider.Meta:type_name -> hashicorp.consul.internal.configentry.JWTProvider.MetaEntry
+	81,  // 137: hashicorp.consul.internal.configentry.JSONWebKeySet.Local:type_name -> hashicorp.consul.internal.configentry.LocalJWKS
+	82,  // 138: hashicorp.consul.internal.configentry.JSONWebKeySet.Remote:type_name -> hashicorp.consul.internal.configentry.RemoteJWKS
+	117, // 139: hashicorp.consul.internal.configentry.RemoteJWKS.CacheDuration:type_name -> google.protobuf.Duration
+	87,  // 140: hashicorp.consul.internal.configentry.RemoteJWKS.RetryPolicy:type_name -> hashicorp.consul.internal.configentry.JWKSRetryPolicy
+	83,  // 141: hashicorp.consul.internal.configentry.RemoteJWKS.JWKSCluster:type_name -> hashicorp.consul.internal.configentry.JWKSCluster
+	84,  // 142: hashicorp.consul.internal.configentry.JWKSCluster.TLSCertificates:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertificate
+	117, // 143: hashicorp.consul.internal.configentry.JWKSCluster.ConnectTimeout:type_name -> google.protobuf.Duration
+	85,  // 144: hashicorp.consul.internal.configentry.JWKSTLSCertificate.CaCertificateProviderInstance:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertProviderInstance
+	86,  // 145: hashicorp.consul.internal.configentry.JWKSTLSCertificate.TrustedCA:type_name -> hashicorp.consul.internal.configentry.JWKSTLSCertTrustedCA
+	88,  // 146: hashicorp.consul.internal.configentry.JWKSRetryPolicy.RetryPolicyBackOff:type_name -> hashicorp.consul.internal.configentry.RetryPolicyBackOff
+	117, // 147: hashicorp.consul.internal.configentry.RetryPolicyBackOff.BaseInterval:type_name -> google.protobuf.Duration
+	117, // 148: hashicorp.consul.internal.configentry.RetryPolicyBackOff.MaxInterval:type_name -> google.protobuf.Duration
+	90,  // 149: hashicorp.consul.internal.configentry.JWTLocation.Header:type_name -> hashicorp.consul.internal.configentry.JWTLocationHeader
+	91,  // 150: hashicorp.consul.internal.configentry.JWTLocation.QueryParam:type_name -> hashicorp.consul.internal.configentry.JWTLocationQueryParam
+	92,  // 151: hashicorp.consul.internal.configentry.JWTLocation.Cookie:type_name -> hashicorp.consul.internal.configentry.JWTLocationCookie
+	19,  // 152: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset
+	21,  // 153: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover
+	154, // [154:154] is the sub-list for method output_type
+	154, // [154:154] is the sub-list for method input_type
+	154, // [154:154] is the sub-list for extension type_name
+	154, // [154:154] is the sub-list for extension extendee
+	0,   // [0:154] is the sub-list for field type_name
 }
 
 func init() { file_private_pbconfigentry_config_entry_proto_init() }
@@ -10096,42 +9300,6 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			}
 		}
 		file_private_pbconfigentry_config_entry_proto_msgTypes[45].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RateLimits); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[46].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InstanceLevelRateLimits); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[47].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*InstanceLevelRouteRateLimits); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[48].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*APIGateway); i {
 			case 0:
 				return &v.state
@@ -10143,7 +9311,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[49].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[46].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Status); i {
 			case 0:
 				return &v.state
@@ -10155,7 +9323,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[50].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[47].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Condition); i {
 			case 0:
 				return &v.state
@@ -10167,7 +9335,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[51].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[48].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*APIGatewayListener); i {
 			case 0:
 				return &v.state
@@ -10179,7 +9347,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[52].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[49].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*APIGatewayTLSConfiguration); i {
 			case 0:
 				return &v.state
@@ -10191,55 +9359,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[53].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*APIGatewayPolicy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[54].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*APIGatewayJWTRequirement); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[55].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*APIGatewayJWTProvider); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[56].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*APIGatewayJWTClaimVerification); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[57].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[50].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*ResourceReference); i {
 			case 0:
 				return &v.state
@@ -10251,7 +9371,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[58].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[51].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*BoundAPIGateway); i {
 			case 0:
 				return &v.state
@@ -10263,7 +9383,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[59].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[52].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*BoundAPIGatewayListener); i {
 			case 0:
 				return &v.state
@@ -10275,7 +9395,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[60].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[53].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*InlineCertificate); i {
 			case 0:
 				return &v.state
@@ -10287,7 +9407,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[61].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[54].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HTTPRoute); i {
 			case 0:
 				return &v.state
@@ -10299,7 +9419,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[62].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[55].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HTTPRouteRule); i {
 			case 0:
 				return &v.state
@@ -10311,7 +9431,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[63].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[56].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HTTPMatch); i {
 			case 0:
 				return &v.state
@@ -10323,7 +9443,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[64].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[57].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HTTPHeaderMatch); i {
 			case 0:
 				return &v.state
@@ -10335,7 +9455,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[65].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[58].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HTTPPathMatch); i {
 			case 0:
 				return &v.state
@@ -10347,7 +9467,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[66].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[59].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HTTPQueryMatch); i {
 			case 0:
 				return &v.state
@@ -10359,7 +9479,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[67].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[60].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HTTPFilters); i {
 			case 0:
 				return &v.state
@@ -10371,7 +9491,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[68].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[61].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*URLRewrite); i {
 			case 0:
 				return &v.state
@@ -10383,43 +9503,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[69].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RetryFilter); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[70].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TimeoutFilter); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[71].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JWTFilter); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[72].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[62].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HTTPHeaderFilter); i {
 			case 0:
 				return &v.state
@@ -10431,7 +9515,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[73].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[63].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HTTPService); i {
 			case 0:
 				return &v.state
@@ -10443,7 +9527,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[74].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[64].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*TCPRoute); i {
 			case 0:
 				return &v.state
@@ -10455,7 +9539,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[75].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[65].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*TCPService); i {
 			case 0:
 				return &v.state
@@ -10467,7 +9551,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[76].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[66].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*SamenessGroup); i {
 			case 0:
 				return &v.state
@@ -10479,7 +9563,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[77].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[67].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*SamenessGroupMember); i {
 			case 0:
 				return &v.state
@@ -10491,7 +9575,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[78].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[68].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTProvider); i {
 			case 0:
 				return &v.state
@@ -10503,7 +9587,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[79].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[69].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JSONWebKeySet); i {
 			case 0:
 				return &v.state
@@ -10515,7 +9599,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[80].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[70].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*LocalJWKS); i {
 			case 0:
 				return &v.state
@@ -10527,7 +9611,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[81].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[71].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*RemoteJWKS); i {
 			case 0:
 				return &v.state
@@ -10539,7 +9623,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[82].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[72].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWKSCluster); i {
 			case 0:
 				return &v.state
@@ -10551,7 +9635,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[83].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[73].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWKSTLSCertificate); i {
 			case 0:
 				return &v.state
@@ -10563,7 +9647,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[84].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[74].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWKSTLSCertProviderInstance); i {
 			case 0:
 				return &v.state
@@ -10575,7 +9659,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[85].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[75].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWKSTLSCertTrustedCA); i {
 			case 0:
 				return &v.state
@@ -10587,7 +9671,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[86].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[76].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWKSRetryPolicy); i {
 			case 0:
 				return &v.state
@@ -10599,7 +9683,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[87].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[77].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*RetryPolicyBackOff); i {
 			case 0:
 				return &v.state
@@ -10611,7 +9695,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[88].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[78].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTLocation); i {
 			case 0:
 				return &v.state
@@ -10623,7 +9707,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[89].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[79].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTLocationHeader); i {
 			case 0:
 				return &v.state
@@ -10635,7 +9719,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[90].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[80].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTLocationQueryParam); i {
 			case 0:
 				return &v.state
@@ -10647,7 +9731,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[91].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[81].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTLocationCookie); i {
 			case 0:
 				return &v.state
@@ -10659,7 +9743,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[92].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[82].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTForwardingConfig); i {
 			case 0:
 				return &v.state
@@ -10671,7 +9755,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbconfigentry_config_entry_proto_msgTypes[93].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbconfigentry_config_entry_proto_msgTypes[83].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*JWTCacheConfig); i {
 			case 0:
 				return &v.state
@@ -10704,7 +9788,7 @@ func file_private_pbconfigentry_config_entry_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_private_pbconfigentry_config_entry_proto_rawDesc,
 			NumEnums:      11,
-			NumMessages:   114,
+			NumMessages:   104,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto/private/pbconfigentry/config_entry.proto b/proto/private/pbconfigentry/config_entry.proto
index c5bb243a5caf..5c675ec16c0c 100644
--- a/proto/private/pbconfigentry/config_entry.proto
+++ b/proto/private/pbconfigentry/config_entry.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
@@ -507,7 +507,6 @@ message ServiceDefaults {
   // mog: func-to=int func-from=int32
   int32 LocalRequestTimeoutMs = 11;
   string BalanceInboundConnections = 12;
-  RateLimits RateLimits = 16;
   map<string, string> Meta = 13;
   // mog: func-to=EnvoyExtensionsToStructs func-from=EnvoyExtensionsFromStructs
   repeated hashicorp.consul.internal.common.EnvoyExtension EnvoyExtensions = 14;
@@ -653,43 +652,6 @@ message DestinationConfig {
   int32 Port = 2;
 }
 
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.RateLimits
-// output=config_entry.gen.go
-// name=Structs
-message RateLimits {
-  InstanceLevelRateLimits InstanceLevel = 1;
-}
-
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.InstanceLevelRateLimits
-// output=config_entry.gen.go
-// name=Structs
-message InstanceLevelRateLimits {
-  // mog: func-to=int func-from=uint32
-  uint32 RequestsPerSecond = 1;
-  // mog: func-to=int func-from=uint32
-  uint32 RequestsMaxBurst = 2;
-  repeated InstanceLevelRouteRateLimits Routes = 3;
-}
-
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.InstanceLevelRouteRateLimits
-// output=config_entry.gen.go
-// name=Structs
-message InstanceLevelRouteRateLimits {
-  string PathExact = 1;
-  string PathPrefix = 2;
-  string PathRegex = 3;
-  // mog: func-to=int func-from=uint32
-  uint32 RequestsPerSecond = 4;
-  // mog: func-to=int func-from=uint32
-  uint32 RequestsMaxBurst = 5;
-}
-
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.APIGatewayConfigEntry
@@ -744,8 +706,6 @@ message APIGatewayListener {
   // mog: func-to=apiGatewayProtocolToStructs func-from=apiGatewayProtocolFromStructs
   APIGatewayListenerProtocol Protocol = 4;
   APIGatewayTLSConfiguration TLS = 5;
-  APIGatewayPolicy Override = 6;
-  APIGatewayPolicy Default = 7;
 }
 
 // mog annotation:
@@ -763,30 +723,6 @@ message APIGatewayTLSConfiguration {
   repeated string CipherSuites = 4;
 }
 
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.APIGatewayPolicy
-// output=config_entry.gen.go
-// name=Structs
-message APIGatewayPolicy {
-  // mog: func-to=gwJWTRequirementToStructs func-from=gwJWTRequirementFromStructs
-  APIGatewayJWTRequirement JWT = 1;
-}
-
-message APIGatewayJWTRequirement {
-  repeated APIGatewayJWTProvider Providers = 1;
-}
-
-message APIGatewayJWTProvider {
-  string Name = 1;
-  repeated APIGatewayJWTClaimVerification VerifyClaims = 2;
-}
-
-message APIGatewayJWTClaimVerification {
-  repeated string Path = 1;
-  string Value = 2;
-}
-
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.ResourceReference
@@ -948,10 +884,6 @@ message HTTPQueryMatch {
 message HTTPFilters {
   repeated HTTPHeaderFilter Headers = 1;
   URLRewrite URLRewrite = 2;
-  RetryFilter RetryFilter = 3;
-  TimeoutFilter TimeoutFilter = 4;
-  // mog: func-to=routeJWTFilterToStructs func-from=routeJWTFilterFromStructs
-  JWTFilter JWT = 5;
 }
 
 // mog annotation:
@@ -963,34 +895,6 @@ message URLRewrite {
   string Path = 1;
 }
 
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.RetryFilter
-// output=config_entry.gen.go
-// name=Structs
-message RetryFilter {
-  uint32 NumRetries = 1;
-  repeated string RetryOn = 2;
-  repeated uint32 RetryOnStatusCodes = 3;
-  bool RetryOnConnectFailure = 4;
-}
-
-// mog annotation:
-//
-// target=github.com/hashicorp/consul/agent/structs.TimeoutFilter
-// output=config_entry.gen.go
-// name=Structs
-message TimeoutFilter {
-  // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
-  google.protobuf.Duration RequestTimeout = 1;
-  // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
-  google.protobuf.Duration IdleTimeout = 2;
-}
-
-message JWTFilter {
-  repeated APIGatewayJWTProvider Providers = 1;
-}
-
 // mog annotation:
 //
 // target=github.com/hashicorp/consul/agent/structs.HTTPHeaderFilter
diff --git a/proto/private/pbconfigentry/config_entry_ce.go b/proto/private/pbconfigentry/config_entry_ce.go
deleted file mode 100644
index b81e07686136..000000000000
--- a/proto/private/pbconfigentry/config_entry_ce.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-//go:build !consulent
-// +build !consulent
-
-package pbconfigentry
-
-import "github.com/hashicorp/consul/agent/structs"
-
-func gwJWTRequirementToStructs(m *APIGatewayJWTRequirement) *structs.APIGatewayJWTRequirement {
-	return &structs.APIGatewayJWTRequirement{}
-}
-
-func gwJWTRequirementFromStructs(*structs.APIGatewayJWTRequirement) *APIGatewayJWTRequirement {
-	return &APIGatewayJWTRequirement{}
-}
-
-func routeJWTFilterToStructs(m *JWTFilter) *structs.JWTFilter {
-	return &structs.JWTFilter{}
-}
-
-func routeJWTFilterFromStructs(*structs.JWTFilter) *JWTFilter {
-	return &JWTFilter{}
-}
diff --git a/proto/private/pbconnect/connect.go b/proto/private/pbconnect/connect.go
index 9c3ed9d7355e..85f8a35b7d37 100644
--- a/proto/private/pbconnect/connect.go
+++ b/proto/private/pbconnect/connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbconnect
 
diff --git a/proto/private/pbconnect/connect.pb.go b/proto/private/pbconnect/connect.pb.go
index 18942ff7dea5..278114b3b4aa 100644
--- a/proto/private/pbconnect/connect.pb.go
+++ b/proto/private/pbconnect/connect.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbconnect/connect.proto b/proto/private/pbconnect/connect.proto
index f829dd22629a..afd1a4e1a4dd 100644
--- a/proto/private/pbconnect/connect.proto
+++ b/proto/private/pbconnect/connect.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto/private/pbdemo/v1/demo.pb.binary.go b/proto/private/pbdemo/v1/demo.pb.binary.go
index b52d5f33496e..45a3c34e5536 100644
--- a/proto/private/pbdemo/v1/demo.pb.binary.go
+++ b/proto/private/pbdemo/v1/demo.pb.binary.go
@@ -7,16 +7,6 @@ import (
 	"google.golang.org/protobuf/proto"
 )
 
-// MarshalBinary implements encoding.BinaryMarshaler
-func (msg *RecordLabel) MarshalBinary() ([]byte, error) {
-	return proto.Marshal(msg)
-}
-
-// UnmarshalBinary implements encoding.BinaryUnmarshaler
-func (msg *RecordLabel) UnmarshalBinary(b []byte) error {
-	return proto.Unmarshal(b, msg)
-}
-
 // MarshalBinary implements encoding.BinaryMarshaler
 func (msg *Artist) MarshalBinary() ([]byte, error) {
 	return proto.Marshal(msg)
diff --git a/proto/private/pbdemo/v1/demo.pb.go b/proto/private/pbdemo/v1/demo.pb.go
index ebc5bc3700ae..9ee119d76f54 100644
--- a/proto/private/pbdemo/v1/demo.pb.go
+++ b/proto/private/pbdemo/v1/demo.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
@@ -105,61 +105,6 @@ func (Genre) EnumDescriptor() ([]byte, []int) {
 	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{0}
 }
 
-type RecordLabel struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Name        string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
-}
-
-func (x *RecordLabel) Reset() {
-	*x = RecordLabel{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbdemo_v1_demo_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RecordLabel) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RecordLabel) ProtoMessage() {}
-
-func (x *RecordLabel) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbdemo_v1_demo_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RecordLabel.ProtoReflect.Descriptor instead.
-func (*RecordLabel) Descriptor() ([]byte, []int) {
-	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *RecordLabel) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *RecordLabel) GetDescription() string {
-	if x != nil {
-		return x.Description
-	}
-	return ""
-}
-
 type Artist struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -174,7 +119,7 @@ type Artist struct {
 func (x *Artist) Reset() {
 	*x = Artist{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbdemo_v1_demo_proto_msgTypes[1]
+		mi := &file_private_pbdemo_v1_demo_proto_msgTypes[0]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -187,7 +132,7 @@ func (x *Artist) String() string {
 func (*Artist) ProtoMessage() {}
 
 func (x *Artist) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbdemo_v1_demo_proto_msgTypes[1]
+	mi := &file_private_pbdemo_v1_demo_proto_msgTypes[0]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -200,7 +145,7 @@ func (x *Artist) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Artist.ProtoReflect.Descriptor instead.
 func (*Artist) Descriptor() ([]byte, []int) {
-	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{1}
+	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{0}
 }
 
 func (x *Artist) GetName() string {
@@ -245,7 +190,7 @@ type Album struct {
 func (x *Album) Reset() {
 	*x = Album{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_private_pbdemo_v1_demo_proto_msgTypes[2]
+		mi := &file_private_pbdemo_v1_demo_proto_msgTypes[1]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -258,7 +203,7 @@ func (x *Album) String() string {
 func (*Album) ProtoMessage() {}
 
 func (x *Album) ProtoReflect() protoreflect.Message {
-	mi := &file_private_pbdemo_v1_demo_proto_msgTypes[2]
+	mi := &file_private_pbdemo_v1_demo_proto_msgTypes[1]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -271,7 +216,7 @@ func (x *Album) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Album.ProtoReflect.Descriptor instead.
 func (*Album) Descriptor() ([]byte, []int) {
-	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{2}
+	return file_private_pbdemo_v1_demo_proto_rawDescGZIP(), []int{1}
 }
 
 func (x *Album) GetName() string {
@@ -309,63 +254,59 @@ var file_private_pbdemo_v1_demo_proto_rawDesc = []byte{
 	0x2f, 0x76, 0x31, 0x2f, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x21,
 	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
 	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x76,
-	0x31, 0x22, 0x43, 0x0a, 0x0b, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x4c, 0x61, 0x62, 0x65, 0x6c,
-	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72,
-	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xa3, 0x01, 0x0a, 0x06, 0x41, 0x72, 0x74, 0x69, 0x73,
-	0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63,
-	0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x05, 0x67, 0x65, 0x6e, 0x72, 0x65,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
-	0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2e, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x6e, 0x72, 0x65,
-	0x52, 0x05, 0x67, 0x65, 0x6e, 0x72, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x67, 0x72, 0x6f, 0x75, 0x70,
-	0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c,
-	0x67, 0x72, 0x6f, 0x75, 0x70, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x22, 0x8c, 0x01, 0x0a,
-	0x05, 0x41, 0x6c, 0x62, 0x75, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x26, 0x0a, 0x0f, 0x79, 0x65,
-	0x61, 0x72, 0x5f, 0x6f, 0x66, 0x5f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x0d, 0x79, 0x65, 0x61, 0x72, 0x4f, 0x66, 0x52, 0x65, 0x6c, 0x65, 0x61,
-	0x73, 0x65, 0x12, 0x2f, 0x0a, 0x13, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x6c, 0x79,
-	0x5f, 0x61, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x12, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x6c, 0x79, 0x41, 0x63, 0x6c, 0x61, 0x69,
-	0x6d, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x73, 0x18, 0x04, 0x20,
-	0x03, 0x28, 0x09, 0x52, 0x06, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x73, 0x2a, 0xe9, 0x01, 0x0a, 0x05,
-	0x47, 0x65, 0x6e, 0x72, 0x65, 0x12, 0x15, 0x0a, 0x11, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x55,
-	0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a,
-	0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x4a, 0x41, 0x5a, 0x5a, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a,
-	0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x46, 0x4f, 0x4c, 0x4b, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09,
-	0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x50, 0x4f, 0x50, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x47,
-	0x45, 0x4e, 0x52, 0x45, 0x5f, 0x4d, 0x45, 0x54, 0x41, 0x4c, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a,
-	0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x50, 0x55, 0x4e, 0x4b, 0x10, 0x05, 0x12, 0x0f, 0x0a, 0x0b,
-	0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x42, 0x4c, 0x55, 0x45, 0x53, 0x10, 0x06, 0x12, 0x11, 0x0a,
-	0x0d, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x52, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x42, 0x10, 0x07,
-	0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x52,
-	0x59, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x44, 0x49, 0x53,
-	0x43, 0x4f, 0x10, 0x09, 0x12, 0x0d, 0x0a, 0x09, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x53, 0x4b,
-	0x41, 0x10, 0x0a, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x48, 0x49, 0x50,
-	0x5f, 0x48, 0x4f, 0x50, 0x10, 0x0b, 0x12, 0x0f, 0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f,
-	0x49, 0x4e, 0x44, 0x49, 0x45, 0x10, 0x0c, 0x42, 0x97, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e,
-	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x76,
-	0x31, 0x42, 0x09, 0x44, 0x65, 0x6d, 0x6f, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3a,
-	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69,
-	0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x62, 0x64, 0x65, 0x6d, 0x6f,
-	0x2f, 0x76, 0x31, 0x3b, 0x64, 0x65, 0x6d, 0x6f, 0x76, 0x31, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49,
-	0x44, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x44, 0x65,
-	0x6d, 0x6f, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
-	0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
-	0x6c, 0x5c, 0x44, 0x65, 0x6d, 0x6f, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x44, 0x65, 0x6d, 0x6f, 0x5c, 0x56, 0x31, 0x5c, 0x47, 0x50,
-	0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68,
-	0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x44, 0x65, 0x6d, 0x6f, 0x3a, 0x3a, 0x56,
-	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x31, 0x22, 0xa3, 0x01, 0x0a, 0x06, 0x41, 0x72, 0x74, 0x69, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x05, 0x67, 0x65, 0x6e, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0e, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x64, 0x65,
+	0x6d, 0x6f, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x6e, 0x72, 0x65, 0x52, 0x05, 0x67, 0x65, 0x6e,
+	0x72, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x6d, 0x65, 0x6d, 0x62,
+	0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x67, 0x72, 0x6f, 0x75, 0x70,
+	0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x22, 0x8c, 0x01, 0x0a, 0x05, 0x41, 0x6c, 0x62, 0x75,
+	0x6d, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x26, 0x0a, 0x0f, 0x79, 0x65, 0x61, 0x72, 0x5f, 0x6f, 0x66,
+	0x5f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d,
+	0x79, 0x65, 0x61, 0x72, 0x4f, 0x66, 0x52, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x12, 0x2f, 0x0a,
+	0x13, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x6c, 0x79, 0x5f, 0x61, 0x63, 0x6c, 0x61,
+	0x69, 0x6d, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x63, 0x72, 0x69, 0x74,
+	0x69, 0x63, 0x61, 0x6c, 0x6c, 0x79, 0x41, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x65, 0x64, 0x12, 0x16,
+	0x0a, 0x06, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06,
+	0x74, 0x72, 0x61, 0x63, 0x6b, 0x73, 0x2a, 0xe9, 0x01, 0x0a, 0x05, 0x47, 0x65, 0x6e, 0x72, 0x65,
+	0x12, 0x15, 0x0a, 0x11, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
+	0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x47, 0x45, 0x4e, 0x52, 0x45,
+	0x5f, 0x4a, 0x41, 0x5a, 0x5a, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x47, 0x45, 0x4e, 0x52, 0x45,
+	0x5f, 0x46, 0x4f, 0x4c, 0x4b, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x47, 0x45, 0x4e, 0x52, 0x45,
+	0x5f, 0x50, 0x4f, 0x50, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f,
+	0x4d, 0x45, 0x54, 0x41, 0x4c, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x47, 0x45, 0x4e, 0x52, 0x45,
+	0x5f, 0x50, 0x55, 0x4e, 0x4b, 0x10, 0x05, 0x12, 0x0f, 0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45,
+	0x5f, 0x42, 0x4c, 0x55, 0x45, 0x53, 0x10, 0x06, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x52,
+	0x45, 0x5f, 0x52, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x42, 0x10, 0x07, 0x12, 0x11, 0x0a, 0x0d, 0x47,
+	0x45, 0x4e, 0x52, 0x45, 0x5f, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x52, 0x59, 0x10, 0x08, 0x12, 0x0f,
+	0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x10, 0x09, 0x12,
+	0x0d, 0x0a, 0x09, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x53, 0x4b, 0x41, 0x10, 0x0a, 0x12, 0x11,
+	0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x48, 0x49, 0x50, 0x5f, 0x48, 0x4f, 0x50, 0x10,
+	0x0b, 0x12, 0x0f, 0x0a, 0x0b, 0x47, 0x45, 0x4e, 0x52, 0x45, 0x5f, 0x49, 0x4e, 0x44, 0x49, 0x45,
+	0x10, 0x0c, 0x42, 0x97, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69,
+	0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x64, 0x65, 0x6d, 0x6f, 0x2e, 0x76, 0x31, 0x42, 0x09, 0x44, 0x65,
+	0x6d, 0x6f, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75,
+	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69,
+	0x76, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x62, 0x64, 0x65, 0x6d, 0x6f, 0x2f, 0x76, 0x31, 0x3b, 0x64,
+	0x65, 0x6d, 0x6f, 0x76, 0x31, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x44, 0xaa, 0x02, 0x21, 0x48,
+	0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e,
+	0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x44, 0x65, 0x6d, 0x6f, 0x2e, 0x56, 0x31,
+	0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e,
+	0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x44, 0x65, 0x6d,
+	0x6f, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x5c, 0x44, 0x65, 0x6d, 0x6f, 0x5c, 0x56, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
+	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70,
+	0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x3a, 0x3a, 0x44, 0x65, 0x6d, 0x6f, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -381,12 +322,11 @@ func file_private_pbdemo_v1_demo_proto_rawDescGZIP() []byte {
 }
 
 var file_private_pbdemo_v1_demo_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_private_pbdemo_v1_demo_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
+var file_private_pbdemo_v1_demo_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
 var file_private_pbdemo_v1_demo_proto_goTypes = []interface{}{
-	(Genre)(0),          // 0: hashicorp.consul.internal.demo.v1.Genre
-	(*RecordLabel)(nil), // 1: hashicorp.consul.internal.demo.v1.RecordLabel
-	(*Artist)(nil),      // 2: hashicorp.consul.internal.demo.v1.Artist
-	(*Album)(nil),       // 3: hashicorp.consul.internal.demo.v1.Album
+	(Genre)(0),     // 0: hashicorp.consul.internal.demo.v1.Genre
+	(*Artist)(nil), // 1: hashicorp.consul.internal.demo.v1.Artist
+	(*Album)(nil),  // 2: hashicorp.consul.internal.demo.v1.Album
 }
 var file_private_pbdemo_v1_demo_proto_depIdxs = []int32{
 	0, // 0: hashicorp.consul.internal.demo.v1.Artist.genre:type_name -> hashicorp.consul.internal.demo.v1.Genre
@@ -404,18 +344,6 @@ func file_private_pbdemo_v1_demo_proto_init() {
 	}
 	if !protoimpl.UnsafeEnabled {
 		file_private_pbdemo_v1_demo_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RecordLabel); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_private_pbdemo_v1_demo_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Artist); i {
 			case 0:
 				return &v.state
@@ -427,7 +355,7 @@ func file_private_pbdemo_v1_demo_proto_init() {
 				return nil
 			}
 		}
-		file_private_pbdemo_v1_demo_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+		file_private_pbdemo_v1_demo_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Album); i {
 			case 0:
 				return &v.state
@@ -446,7 +374,7 @@ func file_private_pbdemo_v1_demo_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_private_pbdemo_v1_demo_proto_rawDesc,
 			NumEnums:      1,
-			NumMessages:   3,
+			NumMessages:   2,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto/private/pbdemo/v1/demo.proto b/proto/private/pbdemo/v1/demo.proto
index a0498cbd4fe3..60ce1d0a4f50 100644
--- a/proto/private/pbdemo/v1/demo.proto
+++ b/proto/private/pbdemo/v1/demo.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
@@ -7,11 +7,6 @@ syntax = "proto3";
 // Consul's generic storage APIs.
 package hashicorp.consul.internal.demo.v1;
 
-message RecordLabel {
-  string name = 1;
-  string description = 2;
-}
-
 message Artist {
   string name = 1;
   string description = 2;
diff --git a/proto/private/pbdemo/v2/demo.pb.go b/proto/private/pbdemo/v2/demo.pb.go
index a4c52a99d6a6..2ffed20dcc6f 100644
--- a/proto/private/pbdemo/v2/demo.pb.go
+++ b/proto/private/pbdemo/v2/demo.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbdemo/v2/demo.proto b/proto/private/pbdemo/v2/demo.proto
index 546cfe697261..b208324801c1 100644
--- a/proto/private/pbdemo/v2/demo.proto
+++ b/proto/private/pbdemo/v2/demo.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto/private/pboperator/operator.pb.go b/proto/private/pboperator/operator.pb.go
index e7e457bc7389..5f264c53937a 100644
--- a/proto/private/pboperator/operator.pb.go
+++ b/proto/private/pboperator/operator.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pboperator/operator.proto b/proto/private/pboperator/operator.proto
index 8669f03041fd..4f8b99358d4e 100644
--- a/proto/private/pboperator/operator.proto
+++ b/proto/private/pboperator/operator.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto/private/pbpeering/peering.go b/proto/private/pbpeering/peering.go
index 5759061afce2..0fec964c46b1 100644
--- a/proto/private/pbpeering/peering.go
+++ b/proto/private/pbpeering/peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbpeering
 
diff --git a/proto/private/pbpeering/peering.pb.go b/proto/private/pbpeering/peering.pb.go
index a0c7bd21676d..65a75ada268f 100644
--- a/proto/private/pbpeering/peering.pb.go
+++ b/proto/private/pbpeering/peering.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
@@ -324,7 +324,7 @@ type Peering struct {
 	PeerCAPems []string `protobuf:"bytes,8,rep,name=PeerCAPems,proto3" json:"PeerCAPems,omitempty"`
 	// PeerServerName is the name of the remote server as it relates to TLS.
 	PeerServerName string `protobuf:"bytes,9,opt,name=PeerServerName,proto3" json:"PeerServerName,omitempty"`
-	// PeerServerAddresses contains all the connection addresses for the remote peer.
+	// PeerServerAddresses contains all the the connection addresses for the remote peer.
 	PeerServerAddresses []string `protobuf:"bytes,10,rep,name=PeerServerAddresses,proto3" json:"PeerServerAddresses,omitempty"`
 	// StreamStatus contains information computed on read based on the state of the stream.
 	//
diff --git a/proto/private/pbpeering/peering.proto b/proto/private/pbpeering/peering.proto
index 02fddbf17fea..098c8f6387d5 100644
--- a/proto/private/pbpeering/peering.proto
+++ b/proto/private/pbpeering/peering.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
@@ -229,7 +229,7 @@ message Peering {
   // PeerServerName is the name of the remote server as it relates to TLS.
   string PeerServerName = 9;
 
-  // PeerServerAddresses contains all the connection addresses for the remote peer.
+  // PeerServerAddresses contains all the the connection addresses for the remote peer.
   repeated string PeerServerAddresses = 10;
 
   // StreamStatus contains information computed on read based on the state of the stream.
diff --git a/proto/private/pbpeering/peering_ce.go b/proto/private/pbpeering/peering_ce.go
index 4c4dd959e8a7..04d1107d02c8 100644
--- a/proto/private/pbpeering/peering_ce.go
+++ b/proto/private/pbpeering/peering_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/proto/private/pbpeerstream/convert.go b/proto/private/pbpeerstream/convert.go
index d71dc5d3b15f..27848e0e399e 100644
--- a/proto/private/pbpeerstream/convert.go
+++ b/proto/private/pbpeerstream/convert.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbpeerstream
 
diff --git a/proto/private/pbpeerstream/peerstream.go b/proto/private/pbpeerstream/peerstream.go
index 3dc6aa6093d8..85d44785d04e 100644
--- a/proto/private/pbpeerstream/peerstream.go
+++ b/proto/private/pbpeerstream/peerstream.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbpeerstream
 
diff --git a/proto/private/pbpeerstream/peerstream.pb.go b/proto/private/pbpeerstream/peerstream.pb.go
index aeb1bdb22082..f20496642d30 100644
--- a/proto/private/pbpeerstream/peerstream.pb.go
+++ b/proto/private/pbpeerstream/peerstream.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbpeerstream/peerstream.proto b/proto/private/pbpeerstream/peerstream.proto
index b46fcf2270db..a66e823e049e 100644
--- a/proto/private/pbpeerstream/peerstream.proto
+++ b/proto/private/pbpeerstream/peerstream.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto/private/pbpeerstream/types.go b/proto/private/pbpeerstream/types.go
index bf2250c64dd9..6b55bfb42566 100644
--- a/proto/private/pbpeerstream/types.go
+++ b/proto/private/pbpeerstream/types.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbpeerstream
 
diff --git a/proto/private/pbservice/convert.go b/proto/private/pbservice/convert.go
index 8396ff7c649f..973369f03dcd 100644
--- a/proto/private/pbservice/convert.go
+++ b/proto/private/pbservice/convert.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbservice
 
diff --git a/proto/private/pbservice/convert_ce.go b/proto/private/pbservice/convert_ce.go
index 482a2640c74a..938495b96b77 100644
--- a/proto/private/pbservice/convert_ce.go
+++ b/proto/private/pbservice/convert_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/proto/private/pbservice/convert_ce_test.go b/proto/private/pbservice/convert_ce_test.go
index 59a29c6ca762..2367f3e73aeb 100644
--- a/proto/private/pbservice/convert_ce_test.go
+++ b/proto/private/pbservice/convert_ce_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/proto/private/pbservice/convert_test.go b/proto/private/pbservice/convert_test.go
index 5b3c97680ef6..0093a76dd9fb 100644
--- a/proto/private/pbservice/convert_test.go
+++ b/proto/private/pbservice/convert_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbservice
 
diff --git a/proto/private/pbservice/healthcheck.gen.go b/proto/private/pbservice/healthcheck.gen.go
index 092a4ded9e82..1c608d88c7a7 100644
--- a/proto/private/pbservice/healthcheck.gen.go
+++ b/proto/private/pbservice/healthcheck.gen.go
@@ -21,6 +21,7 @@ func CheckTypeToStructs(s *CheckType, t *structs.CheckType) {
 	t.Body = s.Body
 	t.DisableRedirects = s.DisableRedirects
 	t.TCP = s.TCP
+	t.TCPUseTLS = s.TCPUseTLS
 	t.UDP = s.UDP
 	t.Interval = structs.DurationFromProto(s.Interval)
 	t.AliasNode = s.AliasNode
@@ -59,6 +60,7 @@ func CheckTypeFromStructs(t *structs.CheckType, s *CheckType) {
 	s.Body = t.Body
 	s.DisableRedirects = t.DisableRedirects
 	s.TCP = t.TCP
+	s.TCPUseTLS = t.TCPUseTLS
 	s.UDP = t.UDP
 	s.Interval = structs.DurationToProto(t.Interval)
 	s.AliasNode = t.AliasNode
@@ -142,6 +144,7 @@ func HealthCheckDefinitionToStructs(s *HealthCheckDefinition, t *structs.HealthC
 	t.Body = s.Body
 	t.DisableRedirects = s.DisableRedirects
 	t.TCP = s.TCP
+	t.TCPUseTLS = s.TCPUseTLS
 	t.UDP = s.UDP
 	t.H2PING = s.H2PING
 	t.OSService = s.OSService
@@ -171,6 +174,7 @@ func HealthCheckDefinitionFromStructs(t *structs.HealthCheckDefinition, s *Healt
 	s.Body = t.Body
 	s.DisableRedirects = t.DisableRedirects
 	s.TCP = t.TCP
+	s.TCPUseTLS = t.TCPUseTLS
 	s.UDP = t.UDP
 	s.H2PING = t.H2PING
 	s.OSService = t.OSService
diff --git a/proto/private/pbservice/healthcheck.pb.go b/proto/private/pbservice/healthcheck.pb.go
index ba0edbde9d64..524d95d6663d 100644
--- a/proto/private/pbservice/healthcheck.pb.go
+++ b/proto/private/pbservice/healthcheck.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
@@ -279,6 +279,7 @@ type HealthCheckDefinition struct {
 	Body             string                  `protobuf:"bytes,18,opt,name=Body,proto3" json:"Body,omitempty"`
 	DisableRedirects bool                    `protobuf:"varint,22,opt,name=DisableRedirects,proto3" json:"DisableRedirects,omitempty"`
 	TCP              string                  `protobuf:"bytes,5,opt,name=TCP,proto3" json:"TCP,omitempty"`
+	TCPUseTLS        bool                    `protobuf:"varint,25,opt,name=TCPUseTLS,proto3" json:"TCPUseTLS,omitempty"`
 	UDP              string                  `protobuf:"bytes,23,opt,name=UDP,proto3" json:"UDP,omitempty"`
 	OSService        string                  `protobuf:"bytes,24,opt,name=OSService,proto3" json:"OSService,omitempty"`
 	// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
@@ -390,6 +391,13 @@ func (x *HealthCheckDefinition) GetTCP() string {
 	return ""
 }
 
+func (x *HealthCheckDefinition) GetTCPUseTLS() bool {
+	if x != nil {
+		return x.TCPUseTLS
+	}
+	return false
+}
+
 func (x *HealthCheckDefinition) GetUDP() string {
 	if x != nil {
 		return x.UDP
@@ -532,6 +540,7 @@ type CheckType struct {
 	Body             string                  `protobuf:"bytes,26,opt,name=Body,proto3" json:"Body,omitempty"`
 	DisableRedirects bool                    `protobuf:"varint,31,opt,name=DisableRedirects,proto3" json:"DisableRedirects,omitempty"`
 	TCP              string                  `protobuf:"bytes,8,opt,name=TCP,proto3" json:"TCP,omitempty"`
+	TCPUseTLS        bool                    `protobuf:"varint,34,opt,name=TCPUseTLS,proto3" json:"TCPUseTLS,omitempty"`
 	UDP              string                  `protobuf:"bytes,32,opt,name=UDP,proto3" json:"UDP,omitempty"`
 	OSService        string                  `protobuf:"bytes,33,opt,name=OSService,proto3" json:"OSService,omitempty"`
 	// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
@@ -677,6 +686,13 @@ func (x *CheckType) GetTCP() string {
 	return ""
 }
 
+func (x *CheckType) GetTCPUseTLS() bool {
+	if x != nil {
+		return x.TCPUseTLS
+	}
+	return false
+}
+
 func (x *CheckType) GetUDP() string {
 	if x != nil {
 		return x.UDP
@@ -884,7 +900,7 @@ var file_private_pbservice_healthcheck_proto_rawDesc = []byte{
 	0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
 	0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x23, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64,
 	0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x92, 0x08,
+	0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xb0, 0x08,
 	0x0a, 0x15, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x44, 0x65, 0x66,
 	0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18,
 	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x24, 0x0a, 0x0d, 0x54,
@@ -905,153 +921,157 @@ var file_private_pbservice_healthcheck_proto_rawDesc = []byte{
 	0x72, 0x65, 0x63, 0x74, 0x73, 0x18, 0x16, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x44, 0x69, 0x73,
 	0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x12, 0x10, 0x0a,
 	0x03, 0x54, 0x43, 0x50, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12,
-	0x10, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x44,
-	0x50, 0x12, 0x1c, 0x0a, 0x09, 0x4f, 0x53, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x18,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4f, 0x53, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12,
-	0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e,
-	0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74,
-	0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x4f,
-	0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x33, 0x0a, 0x07,
-	0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75,
-	0x74, 0x12, 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43,
+	0x1c, 0x0a, 0x09, 0x54, 0x43, 0x50, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x19, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x09, 0x54, 0x43, 0x50, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x10, 0x0a,
+	0x03, 0x55, 0x44, 0x50, 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x44, 0x50, 0x12,
+	0x1c, 0x0a, 0x09, 0x4f, 0x53, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x18, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x09, 0x4f, 0x53, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x35, 0x0a,
+	0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65,
+	0x72, 0x76, 0x61, 0x6c, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61,
+	0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x4f, 0x75, 0x74,
+	0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69,
+	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12,
+	0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69,
+	0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65,
+	0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x72,
+	0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66, 0x74,
+	0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73,
+	0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72,
+	0x67, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74,
+	0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44,
+	0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44,
+	0x12, 0x14, 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47,
+	0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22,
+	0x0a, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x15,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54,
+	0x4c, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73,
+	0x65, 0x54, 0x4c, 0x53, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43,
+	0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e,
+	0x6f, 0x64, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73,
+	0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61,
+	0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18,
+	0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x03, 0x54, 0x54, 0x4c, 0x1a, 0x69, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45,
+	0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x44, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72,
+	0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
+	0x22, 0xd2, 0x0a, 0x0a, 0x09, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18,
+	0x0a, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a,
+	0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x48, 0x54,
+	0x54, 0x50, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x50,
+	0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38,
+	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
+	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79,
+	0x18, 0x1a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x2a, 0x0a, 0x10,
+	0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73,
+	0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52,
+	0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x18,
+	0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x54, 0x43,
+	0x50, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x22, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x54,
+	0x43, 0x50, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x18,
+	0x20, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x44, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x4f, 0x53,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x21, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4f,
+	0x53, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65,
+	0x72, 0x76, 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12,
+	0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x0a, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, 0x0a,
+	0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x0b, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61,
+	0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x44, 0x6f,
+	0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12,
+	0x14, 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
+	0x53, 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x18,
+	0x1c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47, 0x12, 0x22, 0x0a,
+	0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x1e, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c,
+	0x53, 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55, 0x73, 0x65,
+	0x54, 0x4c, 0x53, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52, 0x50, 0x43, 0x55,
+	0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c,
+	0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x54,
+	0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x10, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66,
+	0x79, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x11, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x54,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x12, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03,
+	0x54, 0x54, 0x4c, 0x12, 0x32, 0x0a, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65,
+	0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, 0x15, 0x20, 0x01, 0x28,
+	0x05, 0x52, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65,
+	0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x34, 0x0a, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75,
+	0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67,
+	0x18, 0x1d, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73,
+	0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x36, 0x0a,
+	0x16, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43,
+	0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28, 0x05, 0x52, 0x16, 0x46,
+	0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x69,
+	0x74, 0x69, 0x63, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x54,
+	0x54, 0x50, 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48,
+	0x54, 0x54, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50, 0x43,
+	0x18, 0x18, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x47, 0x52, 0x50,
+	0x43, 0x12, 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43,
 	0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x66,
-	0x74, 0x65, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x74, 0x65, 0x72, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
 	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
 	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72,
 	0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41,
-	0x66, 0x74, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72,
-	0x67, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74,
-	0x41, 0x72, 0x67, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f,
-	0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72,
-	0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50, 0x49,
-	0x4e, 0x47, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e, 0x47,
-	0x12, 0x22, 0x0a, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53,
-	0x18, 0x15, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73,
-	0x65, 0x54, 0x4c, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0d, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50, 0x43,
-	0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47, 0x52,
-	0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61,
-	0x73, 0x4e, 0x6f, 0x64, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69,
-	0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c,
-	0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54,
-	0x4c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, 0x4c, 0x1a, 0x69, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x44, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63,
-	0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02,
-	0x38, 0x01, 0x22, 0xb4, 0x0a, 0x0a, 0x09, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65,
-	0x12, 0x18, 0x0a, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x07, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x49, 0x44, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61,
-	0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16,
-	0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a,
-	0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09,
-	0x52, 0x0a, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x41, 0x72, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04,
-	0x48, 0x54, 0x54, 0x50, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50,
-	0x12, 0x50, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e,
-	0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x48,
-	0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64,
-	0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x07, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x42, 0x6f,
-	0x64, 0x79, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x2a,
-	0x0a, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63,
-	0x74, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c,
-	0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x54, 0x43,
-	0x50, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x54, 0x43, 0x50, 0x12, 0x10, 0x0a, 0x03,
-	0x55, 0x44, 0x50, 0x18, 0x20, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x44, 0x50, 0x12, 0x1c,
-	0x0a, 0x09, 0x4f, 0x53, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x21, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x09, 0x4f, 0x53, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x35, 0x0a, 0x08,
-	0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72,
-	0x76, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64, 0x65,
-	0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x4e, 0x6f, 0x64,
-	0x65, 0x12, 0x22, 0x0a, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x53, 0x65,
-	0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2c, 0x0a, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43,
-	0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x11, 0x44, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65,
-	0x72, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x18, 0x0d, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x05, 0x53, 0x68, 0x65, 0x6c, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x48, 0x32, 0x50,
-	0x49, 0x4e, 0x47, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x48, 0x32, 0x50, 0x49, 0x4e,
-	0x47, 0x12, 0x22, 0x0a, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x65, 0x54, 0x4c,
-	0x53, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x48, 0x32, 0x50, 0x69, 0x6e, 0x67, 0x55,
-	0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x12, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x18, 0x0e, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, 0x1e, 0x0a, 0x0a, 0x47, 0x52, 0x50,
-	0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x47,
-	0x52, 0x50, 0x43, 0x55, 0x73, 0x65, 0x54, 0x4c, 0x53, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12,
-	0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79,
-	0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x53, 0x6b, 0x69, 0x70, 0x56,
-	0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x33, 0x0a, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
-	0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x07, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54,
-	0x4c, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, 0x4c, 0x12, 0x32, 0x0a, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65,
-	0x73, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18,
-	0x15, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x65,
-	0x66, 0x6f, 0x72, 0x65, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x34, 0x0a, 0x15, 0x46,
-	0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72,
-	0x6e, 0x69, 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x46, 0x61, 0x69, 0x6c,
-	0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e,
-	0x67, 0x12, 0x36, 0x0a, 0x16, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66,
-	0x6f, 0x72, 0x65, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28,
-	0x05, 0x52, 0x16, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72,
-	0x65, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f,
-	0x78, 0x79, 0x48, 0x54, 0x54, 0x50, 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72,
-	0x6f, 0x78, 0x79, 0x48, 0x54, 0x54, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79,
-	0x47, 0x52, 0x50, 0x43, 0x18, 0x18, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x72, 0x6f, 0x78,
-	0x79, 0x47, 0x52, 0x50, 0x43, 0x12, 0x61, 0x0a, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73,
-	0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1e, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69,
-	0x73, 0x74, 0x65, 0x72, 0x43, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70,
-	0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x19, 0x20, 0x01, 0x28, 0x05, 0x52,
-	0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x69,
-	0x0a, 0x0b, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a,
-	0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12,
-	0x44, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e,
-	0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75,
-	0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x96, 0x02, 0x0a, 0x25, 0x63, 0x6f,
-	0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73,
-	0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x42, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b,
-	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x33, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
-	0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61,
-	0x74, 0x65, 0x2f, 0x70, 0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xa2, 0x02, 0x04, 0x48,
-	0x43, 0x49, 0x53, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e,
-	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e,
-	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x66, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x4d, 0x61,
+	0x78, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x19, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x4f, 0x75, 0x74,
+	0x70, 0x75, 0x74, 0x4d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x69, 0x0a, 0x0b, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x44, 0x0a, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x68, 0x61, 0x73,
+	0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x48,
+	0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x96, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61,
+	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42,
+	0x10, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x50, 0x01, 0x5a, 0x33, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+	0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
+	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70,
+	0x62, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x53, 0xaa,
+	0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c,
+	0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
 	0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x5c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0xe2, 0x02, 0x2d, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49,
-	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5c,
-	0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a,
-	0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6e, 0x61, 0x6c, 0x5c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63,
+	0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/proto/private/pbservice/healthcheck.proto b/proto/private/pbservice/healthcheck.proto
index b3cbf050448b..681cfae9754e 100644
--- a/proto/private/pbservice/healthcheck.proto
+++ b/proto/private/pbservice/healthcheck.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
@@ -66,6 +66,7 @@ message HealthCheckDefinition {
   string Body = 18;
   bool DisableRedirects = 22;
   string TCP = 5;
+  bool TCPUseTLS = 25;
   string UDP = 23;
   string OSService = 24;
   // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
@@ -117,6 +118,7 @@ message CheckType {
   string Body = 26;
   bool DisableRedirects = 31;
   string TCP = 8;
+  bool TCPUseTLS = 34;
   string UDP = 32;
   string OSService = 33;
   // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
diff --git a/proto/private/pbservice/ids.go b/proto/private/pbservice/ids.go
index bac74d6f7e80..8ab248c3e8d5 100644
--- a/proto/private/pbservice/ids.go
+++ b/proto/private/pbservice/ids.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbservice
 
diff --git a/proto/private/pbservice/ids_test.go b/proto/private/pbservice/ids_test.go
index 9477bb8d9bb7..9a56604ee8c1 100644
--- a/proto/private/pbservice/ids_test.go
+++ b/proto/private/pbservice/ids_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbservice
 
diff --git a/proto/private/pbservice/node.pb.go b/proto/private/pbservice/node.pb.go
index 3d562fe31f71..7b8fa6a3345b 100644
--- a/proto/private/pbservice/node.pb.go
+++ b/proto/private/pbservice/node.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbservice/node.proto b/proto/private/pbservice/node.proto
index 6b81f0b6c06d..85e82de7082e 100644
--- a/proto/private/pbservice/node.proto
+++ b/proto/private/pbservice/node.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto/private/pbservice/service.pb.go b/proto/private/pbservice/service.pb.go
index 871b6a04118c..13826aa752ea 100644
--- a/proto/private/pbservice/service.pb.go
+++ b/proto/private/pbservice/service.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbservice/service.proto b/proto/private/pbservice/service.proto
index b89f1717b17c..4573a920a6eb 100644
--- a/proto/private/pbservice/service.proto
+++ b/proto/private/pbservice/service.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto/private/pbstorage/raft.pb.go b/proto/private/pbstorage/raft.pb.go
index 6efa5c8f8fb1..8ae22a6aba91 100644
--- a/proto/private/pbstorage/raft.pb.go
+++ b/proto/private/pbstorage/raft.pb.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbstorage/raft.proto b/proto/private/pbstorage/raft.proto
index ed7954a8690e..1dbae409e28a 100644
--- a/proto/private/pbstorage/raft.proto
+++ b/proto/private/pbstorage/raft.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 syntax = "proto3";
 
diff --git a/proto/private/pbsubscribe/subscribe.go b/proto/private/pbsubscribe/subscribe.go
index 918c3d298078..53b708124536 100644
--- a/proto/private/pbsubscribe/subscribe.go
+++ b/proto/private/pbsubscribe/subscribe.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package pbsubscribe
 
diff --git a/proto/private/pbsubscribe/subscribe.pb.go b/proto/private/pbsubscribe/subscribe.pb.go
index 93dcf9c21c23..f71a855107c5 100644
--- a/proto/private/pbsubscribe/subscribe.pb.go
+++ b/proto/private/pbsubscribe/subscribe.pb.go
@@ -1,8 +1,8 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //
-//Package event provides a service for subscribing to state change events.
+// Package event provides a service for subscribing to state change events.
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
diff --git a/proto/private/pbsubscribe/subscribe.proto b/proto/private/pbsubscribe/subscribe.proto
index c327c92c7f02..37124b5d0277 100644
--- a/proto/private/pbsubscribe/subscribe.proto
+++ b/proto/private/pbsubscribe/subscribe.proto
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 /*
    Package event provides a service for subscribing to state change events.
diff --git a/proto/private/prototest/testing.go b/proto/private/prototest/testing.go
index 32839a78aa80..28341012afa6 100644
--- a/proto/private/prototest/testing.go
+++ b/proto/private/prototest/testing.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package prototest
 
@@ -13,12 +13,12 @@ type TestingT interface {
 	Fatalf(string, ...any)
 }
 
-func AssertDeepEqual(t TestingT, exp, got interface{}, opts ...cmp.Option) {
+func AssertDeepEqual(t TestingT, x, y interface{}, opts ...cmp.Option) {
 	t.Helper()
 
 	opts = append(opts, protocmp.Transform())
 
-	if diff := cmp.Diff(exp, got, opts...); diff != "" {
+	if diff := cmp.Diff(x, y, opts...); diff != "" {
 		t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff)
 	}
 }
@@ -32,7 +32,6 @@ func AssertDeepEqual(t TestingT, exp, got interface{}, opts ...cmp.Option) {
 func AssertElementsMatch[V any](
 	t TestingT, listX, listY []V, opts ...cmp.Option,
 ) {
-	t.Helper()
 	diff := diffElements(listX, listY, opts...)
 	if diff != "" {
 		t.Fatalf("assertion failed: slices do not have matching elements\n--- expected\n+++ actual\n%v", diff)
@@ -101,5 +100,5 @@ func AssertContainsElement[V any](t TestingT, list []V, element V, opts ...cmp.O
 		}
 	}
 
-	t.Fatalf("assertion failed: list does not contain element\n--- list\n%+v\n--- element: %+v", list, element)
+	t.Fatalf("assertion failed: list does not contain element\n--- list\n%#v\n--- element: %#v", list, element)
 }
diff --git a/proto/private/prototest/testing_test.go b/proto/private/prototest/testing_test.go
index 2ee383baa1da..22c1848821dd 100644
--- a/proto/private/prototest/testing_test.go
+++ b/proto/private/prototest/testing_test.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package prototest
 
 import (
diff --git a/sdk/LICENSE b/sdk/LICENSE
deleted file mode 100644
index 7c5baa45e1c2..000000000000
--- a/sdk/LICENSE
+++ /dev/null
@@ -1,365 +0,0 @@
-Copyright (c) 2020 HashiCorp, Inc.
-
-Mozilla Public License, version 2.0
-
-1. Definitions
-
-1.1. "Contributor"
-
-     means each individual or legal entity that creates, contributes to the
-     creation of, or owns Covered Software.
-
-1.2. "Contributor Version"
-
-     means the combination of the Contributions of others (if any) used by a
-     Contributor and that particular Contributor's Contribution.
-
-1.3. "Contribution"
-
-     means Covered Software of a particular Contributor.
-
-1.4. "Covered Software"
-
-     means Source Code Form to which the initial Contributor has attached the
-     notice in Exhibit A, the Executable Form of such Source Code Form, and
-     Modifications of such Source Code Form, in each case including portions
-     thereof.
-
-1.5. "Incompatible With Secondary Licenses"
-     means
-
-     a. that the initial Contributor has attached the notice described in
-        Exhibit B to the Covered Software; or
-
-     b. that the Covered Software was made available under the terms of
-        version 1.1 or earlier of the License, but not also under the terms of
-        a Secondary License.
-
-1.6. "Executable Form"
-
-     means any form of the work other than Source Code Form.
-
-1.7. "Larger Work"
-
-     means a work that combines Covered Software with other material, in a
-     separate file or files, that is not Covered Software.
-
-1.8. "License"
-
-     means this document.
-
-1.9. "Licensable"
-
-     means having the right to grant, to the maximum extent possible, whether
-     at the time of the initial grant or subsequently, any and all of the
-     rights conveyed by this License.
-
-1.10. "Modifications"
-
-     means any of the following:
-
-     a. any file in Source Code Form that results from an addition to,
-        deletion from, or modification of the contents of Covered Software; or
-
-     b. any new file in Source Code Form that contains any Covered Software.
-
-1.11. "Patent Claims" of a Contributor
-
-      means any patent claim(s), including without limitation, method,
-      process, and apparatus claims, in any patent Licensable by such
-      Contributor that would be infringed, but for the grant of the License,
-      by the making, using, selling, offering for sale, having made, import,
-      or transfer of either its Contributions or its Contributor Version.
-
-1.12. "Secondary License"
-
-      means either the GNU General Public License, Version 2.0, the GNU Lesser
-      General Public License, Version 2.1, the GNU Affero General Public
-      License, Version 3.0, or any later versions of those licenses.
-
-1.13. "Source Code Form"
-
-      means the form of the work preferred for making modifications.
-
-1.14. "You" (or "Your")
-
-      means an individual or a legal entity exercising rights under this
-      License. For legal entities, "You" includes any entity that controls, is
-      controlled by, or is under common control with You. For purposes of this
-      definition, "control" means (a) the power, direct or indirect, to cause
-      the direction or management of such entity, whether by contract or
-      otherwise, or (b) ownership of more than fifty percent (50%) of the
-      outstanding shares or beneficial ownership of such entity.
-
-
-2. License Grants and Conditions
-
-2.1. Grants
-
-     Each Contributor hereby grants You a world-wide, royalty-free,
-     non-exclusive license:
-
-     a. under intellectual property rights (other than patent or trademark)
-        Licensable by such Contributor to use, reproduce, make available,
-        modify, display, perform, distribute, and otherwise exploit its
-        Contributions, either on an unmodified basis, with Modifications, or
-        as part of a Larger Work; and
-
-     b. under Patent Claims of such Contributor to make, use, sell, offer for
-        sale, have made, import, and otherwise transfer either its
-        Contributions or its Contributor Version.
-
-2.2. Effective Date
-
-     The licenses granted in Section 2.1 with respect to any Contribution
-     become effective for each Contribution on the date the Contributor first
-     distributes such Contribution.
-
-2.3. Limitations on Grant Scope
-
-     The licenses granted in this Section 2 are the only rights granted under
-     this License. No additional rights or licenses will be implied from the
-     distribution or licensing of Covered Software under this License.
-     Notwithstanding Section 2.1(b) above, no patent license is granted by a
-     Contributor:
-
-     a. for any code that a Contributor has removed from Covered Software; or
-
-     b. for infringements caused by: (i) Your and any other third party's
-        modifications of Covered Software, or (ii) the combination of its
-        Contributions with other software (except as part of its Contributor
-        Version); or
-
-     c. under Patent Claims infringed by Covered Software in the absence of
-        its Contributions.
-
-     This License does not grant any rights in the trademarks, service marks,
-     or logos of any Contributor (except as may be necessary to comply with
-     the notice requirements in Section 3.4).
-
-2.4. Subsequent Licenses
-
-     No Contributor makes additional grants as a result of Your choice to
-     distribute the Covered Software under a subsequent version of this
-     License (see Section 10.2) or under the terms of a Secondary License (if
-     permitted under the terms of Section 3.3).
-
-2.5. Representation
-
-     Each Contributor represents that the Contributor believes its
-     Contributions are its original creation(s) or it has sufficient rights to
-     grant the rights to its Contributions conveyed by this License.
-
-2.6. Fair Use
-
-     This License is not intended to limit any rights You have under
-     applicable copyright doctrines of fair use, fair dealing, or other
-     equivalents.
-
-2.7. Conditions
-
-     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
-     Section 2.1.
-
-
-3. Responsibilities
-
-3.1. Distribution of Source Form
-
-     All distribution of Covered Software in Source Code Form, including any
-     Modifications that You create or to which You contribute, must be under
-     the terms of this License. You must inform recipients that the Source
-     Code Form of the Covered Software is governed by the terms of this
-     License, and how they can obtain a copy of this License. You may not
-     attempt to alter or restrict the recipients' rights in the Source Code
-     Form.
-
-3.2. Distribution of Executable Form
-
-     If You distribute Covered Software in Executable Form then:
-
-     a. such Covered Software must also be made available in Source Code Form,
-        as described in Section 3.1, and You must inform recipients of the
-        Executable Form how they can obtain a copy of such Source Code Form by
-        reasonable means in a timely manner, at a charge no more than the cost
-        of distribution to the recipient; and
-
-     b. You may distribute such Executable Form under the terms of this
-        License, or sublicense it under different terms, provided that the
-        license for the Executable Form does not attempt to limit or alter the
-        recipients' rights in the Source Code Form under this License.
-
-3.3. Distribution of a Larger Work
-
-     You may create and distribute a Larger Work under terms of Your choice,
-     provided that You also comply with the requirements of this License for
-     the Covered Software. If the Larger Work is a combination of Covered
-     Software with a work governed by one or more Secondary Licenses, and the
-     Covered Software is not Incompatible With Secondary Licenses, this
-     License permits You to additionally distribute such Covered Software
-     under the terms of such Secondary License(s), so that the recipient of
-     the Larger Work may, at their option, further distribute the Covered
-     Software under the terms of either this License or such Secondary
-     License(s).
-
-3.4. Notices
-
-     You may not remove or alter the substance of any license notices
-     (including copyright notices, patent notices, disclaimers of warranty, or
-     limitations of liability) contained within the Source Code Form of the
-     Covered Software, except that You may alter any license notices to the
-     extent required to remedy known factual inaccuracies.
-
-3.5. Application of Additional Terms
-
-     You may choose to offer, and to charge a fee for, warranty, support,
-     indemnity or liability obligations to one or more recipients of Covered
-     Software. However, You may do so only on Your own behalf, and not on
-     behalf of any Contributor. You must make it absolutely clear that any
-     such warranty, support, indemnity, or liability obligation is offered by
-     You alone, and You hereby agree to indemnify every Contributor for any
-     liability incurred by such Contributor as a result of warranty, support,
-     indemnity or liability terms You offer. You may include additional
-     disclaimers of warranty and limitations of liability specific to any
-     jurisdiction.
-
-4. Inability to Comply Due to Statute or Regulation
-
-   If it is impossible for You to comply with any of the terms of this License
-   with respect to some or all of the Covered Software due to statute,
-   judicial order, or regulation then You must: (a) comply with the terms of
-   this License to the maximum extent possible; and (b) describe the
-   limitations and the code they affect. Such description must be placed in a
-   text file included with all distributions of the Covered Software under
-   this License. Except to the extent prohibited by statute or regulation,
-   such description must be sufficiently detailed for a recipient of ordinary
-   skill to be able to understand it.
-
-5. Termination
-
-5.1. The rights granted under this License will terminate automatically if You
-     fail to comply with any of its terms. However, if You become compliant,
-     then the rights granted under this License from a particular Contributor
-     are reinstated (a) provisionally, unless and until such Contributor
-     explicitly and finally terminates Your grants, and (b) on an ongoing
-     basis, if such Contributor fails to notify You of the non-compliance by
-     some reasonable means prior to 60 days after You have come back into
-     compliance. Moreover, Your grants from a particular Contributor are
-     reinstated on an ongoing basis if such Contributor notifies You of the
-     non-compliance by some reasonable means, this is the first time You have
-     received notice of non-compliance with this License from such
-     Contributor, and You become compliant prior to 30 days after Your receipt
-     of the notice.
-
-5.2. If You initiate litigation against any entity by asserting a patent
-     infringement claim (excluding declaratory judgment actions,
-     counter-claims, and cross-claims) alleging that a Contributor Version
-     directly or indirectly infringes any patent, then the rights granted to
-     You by any and all Contributors for the Covered Software under Section
-     2.1 of this License shall terminate.
-
-5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
-     license agreements (excluding distributors and resellers) which have been
-     validly granted by You or Your distributors under this License prior to
-     termination shall survive termination.
-
-6. Disclaimer of Warranty
-
-   Covered Software is provided under this License on an "as is" basis,
-   without warranty of any kind, either expressed, implied, or statutory,
-   including, without limitation, warranties that the Covered Software is free
-   of defects, merchantable, fit for a particular purpose or non-infringing.
-   The entire risk as to the quality and performance of the Covered Software
-   is with You. Should any Covered Software prove defective in any respect,
-   You (not any Contributor) assume the cost of any necessary servicing,
-   repair, or correction. This disclaimer of warranty constitutes an essential
-   part of this License. No use of  any Covered Software is authorized under
-   this License except under this disclaimer.
-
-7. Limitation of Liability
-
-   Under no circumstances and under no legal theory, whether tort (including
-   negligence), contract, or otherwise, shall any Contributor, or anyone who
-   distributes Covered Software as permitted above, be liable to You for any
-   direct, indirect, special, incidental, or consequential damages of any
-   character including, without limitation, damages for lost profits, loss of
-   goodwill, work stoppage, computer failure or malfunction, or any and all
-   other commercial damages or losses, even if such party shall have been
-   informed of the possibility of such damages. This limitation of liability
-   shall not apply to liability for death or personal injury resulting from
-   such party's negligence to the extent applicable law prohibits such
-   limitation. Some jurisdictions do not allow the exclusion or limitation of
-   incidental or consequential damages, so this exclusion and limitation may
-   not apply to You.
-
-8. Litigation
-
-   Any litigation relating to this License may be brought only in the courts
-   of a jurisdiction where the defendant maintains its principal place of
-   business and such litigation shall be governed by laws of that
-   jurisdiction, without reference to its conflict-of-law provisions. Nothing
-   in this Section shall prevent a party's ability to bring cross-claims or
-   counter-claims.
-
-9. Miscellaneous
-
-   This License represents the complete agreement concerning the subject
-   matter hereof. If any provision of this License is held to be
-   unenforceable, such provision shall be reformed only to the extent
-   necessary to make it enforceable. Any law or regulation which provides that
-   the language of a contract shall be construed against the drafter shall not
-   be used to construe this License against a Contributor.
-
-
-10. Versions of the License
-
-10.1. New Versions
-
-      Mozilla Foundation is the license steward. Except as provided in Section
-      10.3, no one other than the license steward has the right to modify or
-      publish new versions of this License. Each version will be given a
-      distinguishing version number.
-
-10.2. Effect of New Versions
-
-      You may distribute the Covered Software under the terms of the version
-      of the License under which You originally received the Covered Software,
-      or under the terms of any subsequent version published by the license
-      steward.
-
-10.3. Modified Versions
-
-      If you create software not governed by this License, and you want to
-      create a new license for such software, you may create and use a
-      modified version of this License if you rename the license and remove
-      any references to the name of the license steward (except to note that
-      such modified license differs from this License).
-
-10.4. Distributing Source Code Form that is Incompatible With Secondary
-      Licenses If You choose to distribute Source Code Form that is
-      Incompatible With Secondary Licenses under the terms of this version of
-      the License, the notice described in Exhibit B of this License must be
-      attached.
-
-Exhibit A - Source Code Form License Notice
-
-      This Source Code Form is subject to the
-      terms of the Mozilla Public License, v.
-      2.0. If a copy of the MPL was not
-      distributed with this file, You can
-      obtain one at
-      http://mozilla.org/MPL/2.0/.
-
-If it is not possible or desirable to put the notice in a particular file,
-then You may include the notice in a location (such as a LICENSE file in a
-relevant directory) where a recipient would be likely to look for such a
-notice.
-
-You may add additional accurate notices of copyright ownership.
-
-Exhibit B - "Incompatible With Secondary Licenses" Notice
-
-      This Source Code Form is "Incompatible
-      With Secondary Licenses", as defined by
-      the Mozilla Public License, v. 2.0.
-
diff --git a/sdk/iptables/iptables.go b/sdk/iptables/iptables.go
index 32f089a6c9a8..5b965a6322ac 100644
--- a/sdk/iptables/iptables.go
+++ b/sdk/iptables/iptables.go
@@ -149,7 +149,7 @@ func Setup(cfg Config) error {
 		// Redirect remaining outbound traffic to Envoy.
 		cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", ProxyOutputChain, "-j", ProxyOutputRedirectChain)
 
-		// We are using "insert" (-I) instead of "append" (-A) so the provided rules take precedence over default ones.
+		// We are using "insert" (-I) instead of "append" (-A) so the the provided rules take precedence over default ones.
 		for _, outboundPort := range cfg.ExcludeOutboundPorts {
 			cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-I", ProxyOutputChain, "-p", "tcp", "--dport", outboundPort, "-j", "RETURN")
 		}
diff --git a/sdk/testutil/context.go b/sdk/testutil/context.go
index 47ff794c96c6..257f205aa298 100644
--- a/sdk/testutil/context.go
+++ b/sdk/testutil/context.go
@@ -5,14 +5,10 @@ package testutil
 
 import (
 	"context"
+	"testing"
 )
 
-type CleanerT interface {
-	Helper()
-	Cleanup(func())
-}
-
-func TestContext(t CleanerT) context.Context {
+func TestContext(t *testing.T) context.Context {
 	t.Helper()
 	ctx, cancel := context.WithCancel(context.Background())
 	t.Cleanup(cancel)
diff --git a/sdk/testutil/retry/counter.go b/sdk/testutil/retry/counter.go
deleted file mode 100644
index 96a37ab9d2fc..000000000000
--- a/sdk/testutil/retry/counter.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package retry
-
-import "time"
-
-// Counter repeats an operation a given number of
-// times and waits between subsequent operations.
-type Counter struct {
-	Count int
-	Wait  time.Duration
-
-	count int
-}
-
-func (r *Counter) Continue() bool {
-	if r.count == r.Count {
-		return false
-	}
-	if r.count > 0 {
-		time.Sleep(r.Wait)
-	}
-	r.count++
-	return true
-}
diff --git a/sdk/testutil/retry/retry.go b/sdk/testutil/retry/retry.go
index af468460d592..ce0e4b6ecd2d 100644
--- a/sdk/testutil/retry/retry.go
+++ b/sdk/testutil/retry/retry.go
@@ -53,8 +53,6 @@ type R struct {
 	// and triggers t.FailNow()
 	done   bool
 	output []string
-
-	cleanups []func()
 }
 
 func (r *R) Logf(format string, args ...interface{}) {
@@ -67,41 +65,6 @@ func (r *R) Log(args ...interface{}) {
 
 func (r *R) Helper() {}
 
-// Cleanup register a function to be run to cleanup resources that
-// were allocated during the retry attempt. These functions are executed
-// after a retry attempt. If they panic, it will not stop further retry
-// attempts but will be cause for the overall test failure.
-func (r *R) Cleanup(fn func()) {
-	r.cleanups = append(r.cleanups, fn)
-}
-
-func (r *R) runCleanup() {
-
-	// Make sure that if a cleanup function panics,
-	// we still run the remaining cleanup functions.
-	defer func() {
-		err := recover()
-		if err != nil {
-			r.Stop(fmt.Errorf("error when performing test cleanup: %v", err))
-		}
-		if len(r.cleanups) > 0 {
-			r.runCleanup()
-		}
-	}()
-
-	for len(r.cleanups) > 0 {
-		var cleanup func()
-		if len(r.cleanups) > 0 {
-			last := len(r.cleanups) - 1
-			cleanup = r.cleanups[last]
-			r.cleanups = r.cleanups[:last]
-		}
-		if cleanup != nil {
-			cleanup()
-		}
-	}
-}
-
 // runFailed is a sentinel value to indicate that the func itself
 // didn't panic, rather that `FailNow` was called.
 type runFailed struct{}
@@ -227,7 +190,6 @@ func run(r Retryer, t Failer, f func(r *R)) {
 		// run f(rr), but if recover yields a runFailed value, we know
 		// FailNow was called.
 		func() {
-			defer rr.runCleanup()
 			defer func() {
 				if p := recover(); p != nil && p != (runFailed{}) {
 					panic(p)
@@ -254,6 +216,22 @@ func DefaultFailer() *Timer {
 	return &Timer{Timeout: 7 * time.Second, Wait: 25 * time.Millisecond}
 }
 
+// ThirtySeconds repeats an operation for thirty seconds and waits 500ms in between.
+// Best for known slower operations like waiting on eventually consistent state.
+func ThirtySeconds() *Timer {
+	return &Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond}
+}
+
+// TwoSeconds repeats an operation for two seconds and waits 25ms in between.
+func TwoSeconds() *Timer {
+	return &Timer{Timeout: 2 * time.Second, Wait: 25 * time.Millisecond}
+}
+
+// ThreeTimes repeats an operation three times and waits 25ms in between.
+func ThreeTimes() *Counter {
+	return &Counter{Count: 3, Wait: 25 * time.Millisecond}
+}
+
 // Retryer provides an interface for repeating operations
 // until they succeed or an exit condition is met.
 type Retryer interface {
@@ -261,3 +239,47 @@ type Retryer interface {
 	// returns false to indicate retrying should stop.
 	Continue() bool
 }
+
+// Counter repeats an operation a given number of
+// times and waits between subsequent operations.
+type Counter struct {
+	Count int
+	Wait  time.Duration
+
+	count int
+}
+
+func (r *Counter) Continue() bool {
+	if r.count == r.Count {
+		return false
+	}
+	if r.count > 0 {
+		time.Sleep(r.Wait)
+	}
+	r.count++
+	return true
+}
+
+// Timer repeats an operation for a given amount
+// of time and waits between subsequent operations.
+type Timer struct {
+	Timeout time.Duration
+	Wait    time.Duration
+
+	// stop is the timeout deadline.
+	// TODO: Next()?
+	// Set on the first invocation of Next().
+	stop time.Time
+}
+
+func (r *Timer) Continue() bool {
+	if r.stop.IsZero() {
+		r.stop = time.Now().Add(r.Timeout)
+		return true
+	}
+	if time.Now().After(r.stop) {
+		return false
+	}
+	time.Sleep(r.Wait)
+	return true
+}
diff --git a/sdk/testutil/retry/retry_test.go b/sdk/testutil/retry/retry_test.go
index 77bc2d4d9f96..1f7eda7b3133 100644
--- a/sdk/testutil/retry/retry_test.go
+++ b/sdk/testutil/retry/retry_test.go
@@ -128,69 +128,6 @@ func TestRunWith(t *testing.T) {
 	})
 }
 
-func TestCleanup(t *testing.T) {
-	t.Run("basic", func(t *testing.T) {
-		ft := &fakeT{}
-		cleanupsExecuted := 0
-		RunWith(&Counter{Count: 2, Wait: time.Millisecond}, ft, func(r *R) {
-			r.Cleanup(func() {
-				cleanupsExecuted += 1
-			})
-		})
-
-		require.Equal(t, 0, ft.fails)
-		require.Equal(t, 1, cleanupsExecuted)
-	})
-	t.Run("cleanup-panic-recovery", func(t *testing.T) {
-		ft := &fakeT{}
-		cleanupsExecuted := 0
-		RunWith(&Counter{Count: 2, Wait: time.Millisecond}, ft, func(r *R) {
-			r.Cleanup(func() {
-				cleanupsExecuted += 1
-			})
-
-			r.Cleanup(func() {
-				cleanupsExecuted += 1
-				panic(fmt.Errorf("fake test error"))
-			})
-
-			r.Cleanup(func() {
-				cleanupsExecuted += 1
-			})
-
-			// test is successful but should fail due to the cleanup panicing
-		})
-
-		require.Equal(t, 3, cleanupsExecuted)
-		require.Equal(t, 1, ft.fails)
-		require.Contains(t, ft.out[0], "fake test error")
-	})
-
-	t.Run("cleanup-per-retry", func(t *testing.T) {
-		ft := &fakeT{}
-		iter := 0
-		cleanupsExecuted := 0
-		RunWith(&Counter{Count: 3, Wait: time.Millisecond}, ft, func(r *R) {
-			if cleanupsExecuted != iter {
-				r.Stop(fmt.Errorf("cleanups not executed between retries"))
-				return
-			}
-			iter += 1
-
-			r.Cleanup(func() {
-				cleanupsExecuted += 1
-			})
-
-			r.FailNow()
-		})
-
-		require.Equal(t, 3, cleanupsExecuted)
-		// ensure that r.Stop hadn't been called. If it was then we would
-		// have log output
-		require.Len(t, ft.out, 0)
-	})
-}
-
 type fakeT struct {
 	fails int
 	out   []string
diff --git a/sdk/testutil/retry/timer.go b/sdk/testutil/retry/timer.go
deleted file mode 100644
index 16433e9ec7b0..000000000000
--- a/sdk/testutil/retry/timer.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package retry
-
-import "time"
-
-// ThirtySeconds repeats an operation for thirty seconds and waits 500ms in between.
-// Best for known slower operations like waiting on eventually consistent state.
-func ThirtySeconds() *Timer {
-	return &Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond}
-}
-
-// TwoSeconds repeats an operation for two seconds and waits 25ms in between.
-func TwoSeconds() *Timer {
-	return &Timer{Timeout: 2 * time.Second, Wait: 25 * time.Millisecond}
-}
-
-// ThreeTimes repeats an operation three times and waits 25ms in between.
-func ThreeTimes() *Counter {
-	return &Counter{Count: 3, Wait: 25 * time.Millisecond}
-}
-
-// Timer repeats an operation for a given amount
-// of time and waits between subsequent operations.
-type Timer struct {
-	Timeout time.Duration
-	Wait    time.Duration
-
-	// stop is the timeout deadline.
-	// TODO: Next()?
-	// Set on the first invocation of Next().
-	stop time.Time
-}
-
-func (r *Timer) Continue() bool {
-	if r.stop.IsZero() {
-		r.stop = time.Now().Add(r.Timeout)
-		return true
-	}
-	if time.Now().After(r.stop) {
-		return false
-	}
-	time.Sleep(r.Wait)
-	return true
-}
diff --git a/sdk/testutil/server.go b/sdk/testutil/server.go
index 148fb03d6a95..a20f95123aab 100644
--- a/sdk/testutil/server.go
+++ b/sdk/testutil/server.go
@@ -131,7 +131,6 @@ type TestServerConfig struct {
 	ReturnPorts         func()                 `json:"-"`
 	Audit               *TestAuditConfig       `json:"audit,omitempty"`
 	Version             string                 `json:"version,omitempty"`
-	Experiments         []string               `json:"experiments,omitempty"`
 }
 
 type TestACLs struct {
diff --git a/sentinel/evaluator.go b/sentinel/evaluator.go
index fd609fff9009..d37a82704e61 100644
--- a/sentinel/evaluator.go
+++ b/sentinel/evaluator.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package sentinel
 
diff --git a/sentinel/scope.go b/sentinel/scope.go
index 4a6a87e146ab..7f2fb5d721ef 100644
--- a/sentinel/scope.go
+++ b/sentinel/scope.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package sentinel
 
diff --git a/sentinel/sentinel_ce.go b/sentinel/sentinel_ce.go
index 9b21607c431b..fc688bcb933e 100644
--- a/sentinel/sentinel_ce.go
+++ b/sentinel/sentinel_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/service_os/service.go b/service_os/service.go
index 8a23c093475a..cba71b23acf9 100644
--- a/service_os/service.go
+++ b/service_os/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package service_os
 
diff --git a/service_os/service_windows.go b/service_os/service_windows.go
index 6a9ca4386a68..0ff9f2e7c968 100644
--- a/service_os/service_windows.go
+++ b/service_os/service_windows.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build windows
 // +build windows
diff --git a/snapshot/archive.go b/snapshot/archive.go
index 38aad441bf0a..3560e0ac2319 100644
--- a/snapshot/archive.go
+++ b/snapshot/archive.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // The archive utilities manage the internal format of a snapshot, which is a
 // tar file with the following contents:
diff --git a/snapshot/archive_test.go b/snapshot/archive_test.go
index 74148b84e8f6..d7568edb80ce 100644
--- a/snapshot/archive_test.go
+++ b/snapshot/archive_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package snapshot
 
diff --git a/snapshot/snapshot.go b/snapshot/snapshot.go
index f09f8870e325..a1deee9153dc 100644
--- a/snapshot/snapshot.go
+++ b/snapshot/snapshot.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 // snapshot manages the interactions between Consul and Raft in order to take
 // and restore snapshots for disaster recovery. The internal format of a
diff --git a/snapshot/snapshot_test.go b/snapshot/snapshot_test.go
index 4e9701360dfa..d59061e9eab6 100644
--- a/snapshot/snapshot_test.go
+++ b/snapshot/snapshot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package snapshot
 
diff --git a/test-integ/README.md b/test-integ/README.md
deleted file mode 100644
index ebc611efa2bc..000000000000
--- a/test-integ/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# test-integ
-
-Go integration tests for consul. `/test/integration` also holds integration tests; they need migrating.
\ No newline at end of file
diff --git a/test-integ/go.mod b/test-integ/go.mod
deleted file mode 100644
index 76c91af83ca9..000000000000
--- a/test-integ/go.mod
+++ /dev/null
@@ -1,246 +0,0 @@
-module github.com/hashicorp/consul/test-integ
-
-go 1.20
-
-require (
-	github.com/hashicorp/consul/api v1.24.0
-	github.com/hashicorp/consul/sdk v0.14.1
-	github.com/hashicorp/consul/test/integration/consul-container v0.0.0-20230628201853-bdf4fad7c5a5
-	github.com/hashicorp/consul/testing/deployer v0.0.0-00010101000000-000000000000
-	github.com/hashicorp/go-cleanhttp v0.5.2
-	github.com/itchyny/gojq v0.12.13
-	github.com/mitchellh/copystructure v1.2.0
-	github.com/stretchr/testify v1.8.4
-)
-
-require (
-	cloud.google.com/go/compute v1.20.1 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.1 // indirect
-	dario.cat/mergo v1.0.0 // indirect
-	fortio.org/dflag v1.5.2 // indirect
-	fortio.org/fortio v1.54.0 // indirect
-	fortio.org/log v1.3.0 // indirect
-	fortio.org/sets v1.0.2 // indirect
-	fortio.org/version v1.0.2 // indirect
-	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/agext/levenshtein v1.2.1 // indirect
-	github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 // indirect
-	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
-	github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e // indirect
-	github.com/armon/go-metrics v0.4.1 // indirect
-	github.com/armon/go-radix v1.0.0 // indirect
-	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/avast/retry-go v3.0.0+incompatible // indirect
-	github.com/aws/aws-sdk-go v1.44.289 // indirect
-	github.com/benbjohnson/immutable v0.4.0 // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/boltdb/bolt v1.3.1 // indirect
-	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
-	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
-	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect
-	github.com/circonus-labs/circonusllhist v0.1.3 // indirect
-	github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
-	github.com/containerd/containerd v1.7.3 // indirect
-	github.com/coreos/etcd v3.3.27+incompatible // indirect
-	github.com/coreos/go-oidc v2.1.0+incompatible // indirect
-	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
-	github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf // indirect
-	github.com/cpuguy83/dockercfg v0.3.1 // indirect
-	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/docker/distribution v2.8.2+incompatible // indirect
-	github.com/docker/docker v24.0.5+incompatible // indirect
-	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-units v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
-	github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f // indirect
-	github.com/envoyproxy/protoc-gen-validate v0.10.1 // indirect
-	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
-	github.com/fatih/color v1.14.1 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
-	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/analysis v0.21.4 // indirect
-	github.com/go-openapi/errors v0.20.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.20.0 // indirect
-	github.com/go-openapi/loads v0.21.2 // indirect
-	github.com/go-openapi/runtime v0.25.0 // indirect
-	github.com/go-openapi/spec v0.20.8 // indirect
-	github.com/go-openapi/strfmt v0.21.3 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
-	github.com/go-openapi/validate v0.22.1 // indirect
-	github.com/go-ozzo/ozzo-validation v3.6.0+incompatible // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/btree v1.0.1 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/s2a-go v0.1.4 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
-	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
-	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
-	github.com/hashicorp/consul v0.0.0-00010101000000-000000000000 // indirect
-	github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 // indirect
-	github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 // indirect
-	github.com/hashicorp/consul/envoyextensions v0.4.1 // indirect
-	github.com/hashicorp/consul/proto-public v0.4.1 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-bexpr v0.1.2 // indirect
-	github.com/hashicorp/go-connlimit v0.3.0 // indirect
-	github.com/hashicorp/go-hclog v1.5.0 // indirect
-	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
-	github.com/hashicorp/go-memdb v1.3.4 // indirect
-	github.com/hashicorp/go-msgpack v1.1.5 // indirect
-	github.com/hashicorp/go-msgpack/v2 v2.0.0 // indirect
-	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.5 // indirect
-	github.com/hashicorp/go-raftchunking v0.7.0 // indirect
-	github.com/hashicorp/go-retryablehttp v0.6.7 // indirect
-	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
-	github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 // indirect
-	github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect
-	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
-	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
-	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
-	github.com/hashicorp/go-syslog v1.0.0 // indirect
-	github.com/hashicorp/go-uuid v1.0.3 // indirect
-	github.com/hashicorp/go-version v1.2.1 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/hcl/v2 v2.16.2 // indirect
-	github.com/hashicorp/hcp-scada-provider v0.2.3 // indirect
-	github.com/hashicorp/hcp-sdk-go v0.61.0 // indirect
-	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 // indirect
-	github.com/hashicorp/memberlist v0.5.0 // indirect
-	github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 // indirect
-	github.com/hashicorp/raft v1.5.0 // indirect
-	github.com/hashicorp/raft-autopilot v0.1.6 // indirect
-	github.com/hashicorp/raft-boltdb/v2 v2.2.2 // indirect
-	github.com/hashicorp/raft-wal v0.3.0 // indirect
-	github.com/hashicorp/serf v0.10.1 // indirect
-	github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 // indirect
-	github.com/hashicorp/vault/api v1.8.3 // indirect
-	github.com/hashicorp/vault/api/auth/gcp v0.3.0 // indirect
-	github.com/hashicorp/vault/sdk v0.7.0 // indirect
-	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
-	github.com/imdario/mergo v0.3.15 // indirect
-	github.com/itchyny/timefmt-go v0.1.5 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.16.7 // indirect
-	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
-	github.com/miekg/dns v1.1.50 // indirect
-	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
-	github.com/mitchellh/go-testing-interface v1.14.0 // indirect
-	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
-	github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 // indirect
-	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/mitchellh/pointerstructure v1.2.1 // indirect
-	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/moby/patternmatcher v0.5.0 // indirect
-	github.com/moby/sys/sequential v0.5.0 // indirect
-	github.com/moby/term v0.5.0 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/oklog/run v1.0.0 // indirect
-	github.com/oklog/ulid v1.3.1 // indirect
-	github.com/oklog/ulid/v2 v2.1.0 // indirect
-	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
-	github.com/opencontainers/runc v1.1.8 // indirect
-	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
-	github.com/otiai10/copy v1.10.0 // indirect
-	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
-	github.com/pierrec/lz4 v2.5.2+incompatible // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.39.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/rboyer/safeio v0.2.3 // indirect
-	github.com/ryanuber/go-glob v1.0.0 // indirect
-	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
-	github.com/segmentio/fasthash v1.0.3 // indirect
-	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
-	github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 // indirect
-	github.com/testcontainers/testcontainers-go v0.22.0 // indirect
-	github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
-	github.com/zclconf/go-cty v1.12.1 // indirect
-	go.etcd.io/bbolt v1.3.7 // indirect
-	go.mongodb.org/mongo-driver v1.11.0 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.16.0 // indirect
-	go.opentelemetry.io/otel/metric v1.16.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.16.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v0.39.0 // indirect
-	go.opentelemetry.io/otel/trace v1.16.0 // indirect
-	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	golang.org/x/crypto v0.12.0 // indirect
-	golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b // indirect
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.14.0 // indirect
-	golang.org/x/oauth2 v0.8.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.11.0 // indirect
-	golang.org/x/term v0.11.0 // indirect
-	golang.org/x/text v0.12.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.11.1 // indirect
-	google.golang.org/api v0.126.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 // indirect
-	google.golang.org/grpc v1.57.0 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
-	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/ini.v1 v1.66.2 // indirect
-	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.26.2 // indirect
-	k8s.io/apimachinery v0.26.2 // indirect
-	k8s.io/client-go v0.26.2 // indirect
-	k8s.io/klog/v2 v2.90.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
-	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
-)
-
-replace (
-	github.com/hashicorp/consul => ../
-	github.com/hashicorp/consul/api => ../api
-	github.com/hashicorp/consul/envoyextensions => ../envoyextensions
-	github.com/hashicorp/consul/proto-public => ../proto-public
-	github.com/hashicorp/consul/sdk => ../sdk
-	github.com/hashicorp/consul/test/integration/consul-container => ../test/integration/consul-container
-	github.com/hashicorp/consul/testing/deployer => ../testing/deployer
-)
diff --git a/test-integ/go.sum b/test-integ/go.sum
deleted file mode 100644
index e662768b13d0..000000000000
--- a/test-integ/go.sum
+++ /dev/null
@@ -1,1336 +0,0 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
-cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
-cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
-cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
-cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
-cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
-cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
-cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
-cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
-cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
-cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
-cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y=
-cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
-dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-fortio.org/assert v1.1.4 h1:Za1RaG+OjsTMpQS3J3UCvTF6wc4+IOHCz+jAOU37Y4o=
-fortio.org/dflag v1.5.2 h1:F9XVRj4Qr2IbJP7BMj7XZc9wB0Q/RZ61Ool+4YPVad8=
-fortio.org/dflag v1.5.2/go.mod h1:ppb/A8u+KKg+qUUYZNYuvRnXuVb8IsdHb/XGzsmjkN8=
-fortio.org/fortio v1.54.0 h1:2jn8yTd6hcIEoKY4CjI0lI6XxTWVxsMYF2bMiWOmv+Y=
-fortio.org/fortio v1.54.0/go.mod h1:SRaZbikL31UoAkw0On2hwpvHrQ0rRVnsAz3UGVNvMRw=
-fortio.org/log v1.3.0 h1:bESPvuQGKejw7rrx41Sg3GoF+tsrB7oC08PxBs5/AM0=
-fortio.org/log v1.3.0/go.mod h1:u/8/2lyczXq52aT5Nw6reD+3cR6m/EbS2jBiIYhgiTU=
-fortio.org/sets v1.0.2 h1:gSWZFg9rgzl1zJfI/93lDJKBFw8WZ3Uxe3oQ5uDM4T4=
-fortio.org/sets v1.0.2/go.mod h1:xVjulHr0FhlmReSymI+AhDtQ4FgjiazQ3JmuNpYFMs8=
-fortio.org/version v1.0.2 h1:8NwxdX58aoeKx7T5xAPO0xlUu1Hpk42nRz5s6e6eKZ0=
-fortio.org/version v1.0.2/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
-github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
-github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/DataDog/datadog-go v4.8.2+incompatible h1:qbcKSx29aBLD+5QLvlQZlGmRMF/FfGqFLFev/1TDzRo=
-github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
-github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
-github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 h1:K4N91T1+RlSlx+t2dujeDviy4ehSGVjEltluDgmeHS4=
-github.com/aliyun/alibaba-cloud-sdk-go v1.62.156/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
-github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e h1:QEF07wC0T1rKkctt1RINW/+RMTVmiwxETico2l3gxJA=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-metrics v0.0.0-20190430140413-ec5e00d3c878/go.mod h1:3AMJUQhVx52RsWOnlkpikZr01T/yAVN2gn0861vByNg=
-github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
-github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
-github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
-github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
-github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0=
-github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
-github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
-github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0=
-github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/benbjohnson/immutable v0.4.0 h1:CTqXbEerYso8YzVPxmWxh2gnoRQbbB9X1quUC8+vGZA=
-github.com/benbjohnson/immutable v0.4.0/go.mod h1:iAr8OjJGLnLmVUr9MZ/rz4PWUy6Ouc2JLYuMArmvAJM=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
-github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
-github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
-github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
-github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
-github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
-github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible h1:C29Ae4G5GtYyYMm1aztcyj/J5ckgJm2zwdDajFbx1NY=
-github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
-github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA=
-github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
-github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/containerd/containerd v1.7.3 h1:cKwYKkP1eTj54bP3wCdXXBymmKRQMrWjkLSWZZJDa8o=
-github.com/containerd/containerd v1.7.3/go.mod h1:32FOM4/O0RkNg7AjQj3hDzN9cUGtu+HMvaKUNiqCZB8=
-github.com/coreos/etcd v3.3.27+incompatible h1:QIudLb9KeBsE5zyYxd1mjzRSkzLg9Wf9QlRwFgd6oTA=
-github.com/coreos/etcd v3.3.27+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
-github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf h1:GOPo6vn/vTN+3IwZBvXX0y5doJfSC7My0cdzelyOCsQ=
-github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E=
-github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
-github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
-github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v24.0.5+incompatible h1:WmgcE4fxyI6EEXxBRxsHnZXrO1pQ3smi0k/jho4HLeY=
-github.com/docker/docker v24.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
-github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
-github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
-github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f h1:7T++XKzy4xg7PKy+bM+Sa9/oe1OC88yz2hXQUISoXfA=
-github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8=
-github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
-github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
-github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
-github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
-github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
-github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
-github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
-github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y=
-github.com/frankban/quicktest v1.13.0 h1:yNZif1OkDfNoDfb9zZa9aXIpejNR4F23Wely0c+Qdqk=
-github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
-github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
-github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
-github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc=
-github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo=
-github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc=
-github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
-github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
-github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
-github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
-github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
-github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
-github.com/go-openapi/runtime v0.25.0 h1:7yQTCdRbWhX8vnIjdzU8S00tBYf7Sg71EBeorlPHvhc=
-github.com/go-openapi/runtime v0.25.0/go.mod h1:Ux6fikcHXyyob6LNWxtE96hWwjBPYF0DXgVFuMTneOs=
-github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
-github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
-github.com/go-openapi/spec v0.20.8 h1:ubHmXNY3FCIOinT8RNrrPfGc9t7I1qhPtdOGoG2AxRU=
-github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
-github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
-github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
-github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o=
-github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU=
-github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
-github.com/go-ozzo/ozzo-validation v3.6.0+incompatible h1:msy24VGS42fKO9K1vLz82/GeYW1cILu7Nuuj1N3BBkE=
-github.com/go-ozzo/ozzo-validation v3.6.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU=
-github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
-github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
-github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
-github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
-github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
-github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
-github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
-github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs=
-github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
-github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
-github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk=
-github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28=
-github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo=
-github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk=
-github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw=
-github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360=
-github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg=
-github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE=
-github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8=
-github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
-github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
-github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
-github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
-github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
-github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
-github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
-github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
-github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
-github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
-github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
-github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
-github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
-github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 h1:AtvtonGEH/fZK0XPNNBdB6swgy7Iudfx88wzyIpwqJ8=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4=
-github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
-github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
-github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 h1:lLT7ZLSzGLI08vc9cpd+tYmNWjdKDqyr/2L+f6U12Fk=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
-github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 h1:1ZEjnveDe20yFa6lSkfdQZm5BR/b271n0MsB5R2L3us=
-github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706/go.mod h1:1Cs8FlmD1BfSQXJGcFLSV5FuIx1AbJP+EJGdxosoS2g=
-github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 h1:wzWurXrxfSyG1PHskIZlfuXlTSCj1Tsyatp9DtaasuY=
-github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69/go.mod h1:svUZZDvotY8zTODknUePc6mZ9pX8nN0ViGwWcUSOBEA=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
-github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-bexpr v0.1.2 h1:ijMXI4qERbzxbCnkxmfUtwMyjrrk3y+Vt0MxojNCbBs=
-github.com/hashicorp/go-bexpr v0.1.2/go.mod h1:ANbpTX1oAql27TZkKVeW8p1w8NTdnyzPe/0qqPCKohU=
-github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
-github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-connlimit v0.3.0 h1:oAojHGjFxUTTTA8c5XXnDqWJ2HLuWbDiBPTpWvNzvqM=
-github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0=
-github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
-github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
-github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0/go.mod h1:xvb32K2keAc+R8DSFG2IwDcydK9DBQE+fGA5fsw6hSk=
-github.com/hashicorp/go-memdb v1.3.4 h1:XSL3NR682X/cVk2IeV0d70N4DZ9ljI885xAEU8IoK3c=
-github.com/hashicorp/go-memdb v1.3.4/go.mod h1:uBTr1oQbtuMgd1SSGoR8YV27eT3sBHbYiNm53bMpgSg=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-msgpack v1.1.5 h1:9byZdVjKTe5mce63pRVNP1L7UAmdHOTEMGehn6KvJWs=
-github.com/hashicorp/go-msgpack v1.1.5/go.mod h1:gWVc3sv/wbDmR3rQsj1CAktEZzoz1YNK9NfGLXJ69/4=
-github.com/hashicorp/go-msgpack/v2 v2.0.0 h1:c1fiLq1LNghmLOry1ipGhvLDi+/zEoaEP2JrE1oFJ9s=
-github.com/hashicorp/go-msgpack/v2 v2.0.0/go.mod h1:JIxYkkFJRDDRSoWQBSh7s9QAVThq+82iWmUpmE4jKak=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
-github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
-github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo=
-github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
-github.com/hashicorp/go-raftchunking v0.7.0 h1:APNMnCXmTOhumkFv/GpJIbq7HteWF7EnGZ3875lRN0Y=
-github.com/hashicorp/go-raftchunking v0.7.0/go.mod h1:Dg/eBOaJzE0jYKNwNLs5IA5j0OSmL5HoCUiMy3mDmrI=
-github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
-github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
-github.com/hashicorp/go-retryablehttp v0.6.7 h1:8/CAEZt/+F7kR7GevNHulKkUjLht3CPmn7egmhieNKo=
-github.com/hashicorp/go-retryablehttp v0.6.7/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
-github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
-github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
-github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA=
-github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg=
-github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
-github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 h1:cCRo8gK7oq6A2L6LICkUZ+/a5rLiRXFMf1Qd4xSwxTc=
-github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
-github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo=
-github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
-github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
-github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
-github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
-github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
-github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
-github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
-github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/hcl/v2 v2.16.2 h1:mpkHZh/Tv+xet3sy3F9Ld4FyI2tUpWe9x3XtPx9f1a0=
-github.com/hashicorp/hcl/v2 v2.16.2/go.mod h1:JRmR89jycNkrrqnMmvPDMd56n1rQJ2Q6KocSLCMCXng=
-github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
-github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
-github.com/hashicorp/hcp-sdk-go v0.61.0 h1:x4hJ8SlLI5WCE8Uzcu4q5jfdOEz/hFxfUkhAdoFdzSg=
-github.com/hashicorp/hcp-sdk-go v0.61.0/go.mod h1:xP7wmWAmdMxs/7+ovH3jZn+MCDhHRj50Rn+m7JIY3Ck=
-github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
-github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
-github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM=
-github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0=
-github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 h1:kBpVVl1sl3MaSrs97e0+pDQhSrqJv9gVbSUrPpVfl1w=
-github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0/go.mod h1:6pdNz0vo0mF0GvhwDG56O3N18qBrAz/XRIcfINfTbwo=
-github.com/hashicorp/raft v1.1.0/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM=
-github.com/hashicorp/raft v1.2.0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8=
-github.com/hashicorp/raft v1.3.11/go.mod h1:J8naEwc6XaaCfts7+28whSeRvCqTd6e20BlCU3LtEO4=
-github.com/hashicorp/raft v1.5.0 h1:uNs9EfJ4FwiArZRxxfd/dQ5d33nV31/CdCHArH89hT8=
-github.com/hashicorp/raft v1.5.0/go.mod h1:pKHB2mf/Y25u3AHNSXVRv+yT+WAnmeTX0BwVppVQV+M=
-github.com/hashicorp/raft-autopilot v0.1.6 h1:C1q3RNF2FfXNZfHWbvVAu0QixaQK8K5pX4O5lh+9z4I=
-github.com/hashicorp/raft-autopilot v0.1.6/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw=
-github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk=
-github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I=
-github.com/hashicorp/raft-boltdb v0.0.0-20220329195025-15018e9b97e0 h1:CO8dBMLH6dvE1jTn/30ZZw3iuPsNfajshWoJTnVc5cc=
-github.com/hashicorp/raft-boltdb/v2 v2.2.2 h1:rlkPtOllgIcKLxVT4nutqlTH2NRFn+tO1wwZk/4Dxqw=
-github.com/hashicorp/raft-boltdb/v2 v2.2.2/go.mod h1:N8YgaZgNJLpZC+h+by7vDu5rzsRgONThTEeUS3zWbfY=
-github.com/hashicorp/raft-wal v0.3.0 h1:Mi6RPoRbsxIIYZryI+bSTXHD97Ua6rIYO51ibYV9bkY=
-github.com/hashicorp/raft-wal v0.3.0/go.mod h1:A6vP5o8hGOs1LHfC1Okh9xPwWDcmb6Vvuz/QyqUXlOE=
-github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
-github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
-github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 h1:O6tNk0s/arubLUbLeCyaRs5xGo9VwmbQazISY/BfPK4=
-github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0/go.mod h1:We3fJplmALwK1VpjwrLuXr/4QCQHYMdnXLHmLUU6Ntg=
-github.com/hashicorp/vault/api v1.8.0/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
-github.com/hashicorp/vault/api v1.8.3 h1:cHQOLcMhBR+aVI0HzhPxO62w2+gJhIrKguQNONPzu6o=
-github.com/hashicorp/vault/api v1.8.3/go.mod h1:4g/9lj9lmuJQMtT6CmVMHC5FW1yENaVv+Nv4ZfG8fAg=
-github.com/hashicorp/vault/api/auth/gcp v0.3.0 h1:taum+3pCmOXnNgEKHlQbmgXmKw5daWHk7YJrLPP/w8g=
-github.com/hashicorp/vault/api/auth/gcp v0.3.0/go.mod h1:gnNBFOASYUaFunedTHOzdir7vKcHL3skWBUzEn263bo=
-github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
-github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg=
-github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
-github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
-github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 h1:xixZ2bWeofWV68J+x6AzmKuVM/JWCQwkWm6GW/MUR6I=
-github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
-github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU=
-github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4=
-github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE=
-github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8=
-github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
-github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
-github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
-github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
-github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
-github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
-github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
-github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
-github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
-github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
-github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
-github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
-github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
-github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
-github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
-github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=
-github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw=
-github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
-github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
-github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
-github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-testing-interface v1.14.0 h1:/x0XQ6h+3U3nAyk1yx+bHPURrKa9sVVvYbuqZ7pIAtI=
-github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
-github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
-github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 h1:hOY53G+kBFhbYFpRVxHl5eS7laP6B1+Cq+Z9Dry1iMU=
-github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ=
-github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
-github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/pointerstructure v1.2.1 h1:ZhBBeX8tSlRpu/FFhXH4RC4OJzFlqsQhoHZAz4x7TIw=
-github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4=
-github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
-github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
-github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
-github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
-github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
-github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
-github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
-github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
-github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
-github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs=
-github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
-github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
-github.com/opencontainers/runc v1.1.8 h1:zICRlc+C1XzivLc3nzE+cbJV4LIi8tib6YG0MqC6OqA=
-github.com/opencontainers/runc v1.1.8/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
-github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A=
-github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU=
-github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
-github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
-github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
-github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
-github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
-github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
-github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
-github.com/pierrec/lz4 v2.5.2+incompatible h1:WCjObylUIOlKy/+7Abdn34TLIkXiA4UWUMhxq9m9ZXI=
-github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
-github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
-github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
-github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
-github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI=
-github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/rboyer/safeio v0.2.3 h1:gUybicx1kp8nuM4vO0GA5xTBX58/OBd8MQuErBfDxP8=
-github.com/rboyer/safeio v0.2.3/go.mod h1:d7RMmt7utQBJZ4B7f0H/cU/EdZibQAU1Y8NWepK2dS8=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
-github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM=
-github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY=
-github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
-github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
-github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 h1:xzABM9let0HLLqFypcxvLmlvEciCHL7+Lv+4vwZqecI=
-github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569/go.mod h1:2Ly+NIftZN4de9zRmENdYbvPQeaVIYKWpLFStLFEBgI=
-github.com/testcontainers/testcontainers-go v0.22.0 h1:hOK4NzNu82VZcKEB1aP9LO1xYssVFMvlfeuDW9JMmV0=
-github.com/testcontainers/testcontainers-go v0.22.0/go.mod h1:k0YiPa26xJCRUbUkYqy5rY6NGvSbVCeUBXCvucscBR4=
-github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
-github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
-github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
-github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o=
-github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
-github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg=
-github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
-github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
-github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
-github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
-github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
-github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/zclconf/go-cty v1.12.1 h1:PcupnljUm9EIvbgSHQnHhUr3fO6oFmkOrvs2BAFNXXY=
-github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA=
-go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
-go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
-go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
-go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
-go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
-go.mongodb.org/mongo-driver v1.11.0 h1:FZKhBSTydeuffHj9CBjXlR8vQLee1cQyTWYPA6/tqiE=
-go.mongodb.org/mongo-driver v1.11.0/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
-go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
-go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
-go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
-go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
-go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE=
-go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4=
-go.opentelemetry.io/otel/sdk/metric v0.39.0 h1:Kun8i1eYf48kHH83RucG93ffz0zGV1sh46FAScOTuDI=
-go.opentelemetry.io/otel/sdk/metric v0.39.0/go.mod h1:piDIRgjcK7u0HCL5pCA4e74qpK/jk3NiUoAHATVAmiI=
-go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
-go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw=
-go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
-go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
-go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
-golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b h1:r+vk0EmXNmekl0S0BascoeeoHk/L7wmaW2QF90K+kYI=
-golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
-golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
-golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
-golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
-golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
-golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
-golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190424220101-1e8e1cfdf96b/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.11.1 h1:ojD5zOW8+7dOGzdnNgersm8aPfcDjhMp12UfG93NIMc=
-golang.org/x/tools v0.11.1/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
-google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
-google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
-google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
-google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
-google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
-google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
-google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o=
-google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
-google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
-google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
-google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e h1:xIXmWJ303kJCuogpj0bHq+dcjcZHU+XFyc1I0Yl9cRg=
-google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:0ggbjUrZYpy1q+ANUS30SEoGZ53cdfwtbuG7Ptgy108=
-google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU=
-google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 h1:eSaPbMR4T7WfH9FvABk36NBMacoTUKdWCvV0dx+KfOg=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5/go.mod h1:zBEcrKX2ZOcEkHWxBPAIvYUWOKKMIhYcmNiUIu2ji3I=
-google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
-google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
-google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
-google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
-gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ=
-k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU=
-k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
-k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
-k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
-k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
-k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
-k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
-k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
-k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
-k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
diff --git a/test-integ/peering_commontopo/README.md b/test-integ/peering_commontopo/README.md
deleted file mode 100644
index 96466bb29b86..000000000000
--- a/test-integ/peering_commontopo/README.md
+++ /dev/null
@@ -1,66 +0,0 @@
-# CONSUL PEERING COMMON TOPOLOGY TESTS
-
-These peering tests all use a `commonTopo` (read: "common topology") to enable sharing a deployment of a Consul. Sharing a deployment of Consul cuts down on setup time.
-
-To run these tests, you will need to have docker installed. Next, make sure that you have all the required consul containers built:
-
-```
-make test-compat-integ-setup
-```
-
-## Non-Shared CommonTopo Tests
-
-The tests in question are designed in a manner that modifies the topology. As a result, it is not possible to share the testing environment across these tests.
-
-## Shared CommonTopo Tests
-
-The tests in question are designed in a manner that does not modify the topology in any way that would interfere with other tests. As a result, it is possible to share the testing environment across these tests.
-
-To run all consul peering tests with no shared topology, run the following command:
-
-```
-cd /path/to/peering_commontopo
-go test -timeout=10m -v -no-share-topo . 
-```
-
-To run all peering tests with shared topology only:
-
-```
-cd /path/to/peering_commontopo
-go test -timeout=10m -run '^TestSuitesOnSharedTopo' -v . 
-```
-
-To run individual peering topology tests:
-
-```
-cd /path/to/peering_commontopo
-go test -timeout=10m -run '^TestSuiteExample' -v -no-share-topo .    
-```
-
-## Local Development and Testing
-
-If writing tests for peering with no shared topology, this recommendation does not apply. The following methods below not necessarily need to be implmented. For shared topology tests, all the methods in the `sharedTopoSuite` interface must be implemented.
-
-- `testName()` prepends the test suite name to each test in the test suite.
-- `setup()` phase must ensure that any resources added to the topology cannot interfere with other tests. Principally by prefixing.
-- `test()` phase must be "passive" and not mutate the topology in any way that would interfere with other tests.
-
-Common topology peering tests are defined in the [test-integ/peering_commontopo/](/test-integ/peering_commontopo/) directory and new peering integration tests should always be added to this location. Adding integration tests that does not modify the topology should always start by invoking
-
-```go
-runShareableSuites(t, testSuiteExample)
-```
-
-else
-
-```go
-func TestSuiteExample(t *testing.T) {
- ct := NewCommonTopo(t)
- s := &testSuiteExample{}
- s.setup(t, ct)
- ct.Launch(t)
- s.test(t, ct)
-}
-```
-
-Some of these tests *do* mutate in their `test()` phase, and while they use `commonTopo` for the purpose of code sharing, they are not included in the "shared topo" tests in `sharedtopology_test.go`.
diff --git a/test-integ/peering_commontopo/ac1_basic_test.go b/test-integ/peering_commontopo/ac1_basic_test.go
deleted file mode 100644
index 85aaee4e6b55..000000000000
--- a/test-integ/peering_commontopo/ac1_basic_test.go
+++ /dev/null
@@ -1,275 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-
-	"github.com/hashicorp/consul/api"
-)
-
-type ac1BasicSuite struct {
-	// inputs
-	DC   string
-	Peer string
-
-	// test points
-	sidServerHTTP  topology.ServiceID
-	sidServerTCP   topology.ServiceID
-	nodeServerHTTP topology.NodeID
-	nodeServerTCP  topology.NodeID
-
-	// 1.1
-	sidClientTCP  topology.ServiceID
-	nodeClientTCP topology.NodeID
-
-	// 1.2
-	sidClientHTTP  topology.ServiceID
-	nodeClientHTTP topology.NodeID
-
-	upstreamHTTP *topology.Upstream
-	upstreamTCP  *topology.Upstream
-}
-
-var ac1BasicSuites []sharedTopoSuite = []sharedTopoSuite{
-	&ac1BasicSuite{DC: "dc1", Peer: "dc2"},
-	&ac1BasicSuite{DC: "dc2", Peer: "dc1"},
-}
-
-func TestAC1Basic(t *testing.T) {
-	runShareableSuites(t, ac1BasicSuites)
-}
-
-func (s *ac1BasicSuite) testName() string {
-	return fmt.Sprintf("ac1 basic %s->%s", s.DC, s.Peer)
-}
-
-// creates clients in s.DC and servers in s.Peer
-func (s *ac1BasicSuite) setup(t *testing.T, ct *commonTopo) {
-	clu := ct.ClusterByDatacenter(t, s.DC)
-	peerClu := ct.ClusterByDatacenter(t, s.Peer)
-
-	partition := "default"
-	peer := LocalPeerName(peerClu, "default")
-	cluPeerName := LocalPeerName(clu, "default")
-	const prefix = "ac1-"
-
-	tcpServerSID := topology.ServiceID{
-		Name:      prefix + "server-tcp",
-		Partition: partition,
-	}
-	httpServerSID := topology.ServiceID{
-		Name:      prefix + "server-http",
-		Partition: partition,
-	}
-	upstreamHTTP := &topology.Upstream{
-		ID: topology.ServiceID{
-			Name:      httpServerSID.Name,
-			Partition: partition,
-		},
-		LocalPort: 5001,
-		Peer:      peer,
-	}
-	upstreamTCP := &topology.Upstream{
-		ID: topology.ServiceID{
-			Name:      tcpServerSID.Name,
-			Partition: partition,
-		},
-		LocalPort: 5000,
-		Peer:      peer,
-	}
-
-	// Make clients which have server upstreams
-	setupClientServiceAndConfigs := func(protocol string) (serviceExt, *topology.Node) {
-		sid := topology.ServiceID{
-			Name:      prefix + "client-" + protocol,
-			Partition: partition,
-		}
-		svc := serviceExt{
-			Service: NewFortioServiceWithDefaults(
-				clu.Datacenter,
-				sid,
-				func(s *topology.Service) {
-					s.Upstreams = []*topology.Upstream{
-						upstreamTCP,
-						upstreamHTTP,
-					}
-				},
-			),
-			Config: &api.ServiceConfigEntry{
-				Kind:      api.ServiceDefaults,
-				Name:      sid.Name,
-				Partition: ConfigEntryPartition(sid.Partition),
-				Protocol:  protocol,
-				UpstreamConfig: &api.UpstreamConfiguration{
-					Defaults: &api.UpstreamConfig{
-						MeshGateway: api.MeshGatewayConfig{
-							Mode: api.MeshGatewayModeLocal,
-						},
-					},
-				},
-			},
-		}
-
-		node := ct.AddServiceNode(clu, svc)
-
-		return svc, node
-	}
-	tcpClient, tcpClientNode := setupClientServiceAndConfigs("tcp")
-	httpClient, httpClientNode := setupClientServiceAndConfigs("http")
-
-	httpServer := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			peerClu.Datacenter,
-			httpServerSID,
-			nil,
-		),
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      httpServerSID.Name,
-			Partition: ConfigEntryPartition(httpServerSID.Partition),
-			Protocol:  "http",
-		},
-		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
-		Intentions: &api.ServiceIntentionsConfigEntry{
-			Kind:      api.ServiceIntentions,
-			Name:      httpServerSID.Name,
-			Partition: ConfigEntryPartition(httpServerSID.Partition),
-			Sources: []*api.SourceIntention{
-				{
-					Name:   tcpClient.ID.Name,
-					Peer:   cluPeerName,
-					Action: api.IntentionActionAllow,
-				},
-				{
-					Name:   httpClient.ID.Name,
-					Peer:   cluPeerName,
-					Action: api.IntentionActionAllow,
-				},
-			},
-		},
-	}
-	tcpServer := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			peerClu.Datacenter,
-			tcpServerSID,
-			nil,
-		),
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      tcpServerSID.Name,
-			Partition: ConfigEntryPartition(tcpServerSID.Partition),
-			Protocol:  "tcp",
-		},
-		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
-		Intentions: &api.ServiceIntentionsConfigEntry{
-			Kind:      api.ServiceIntentions,
-			Name:      tcpServerSID.Name,
-			Partition: ConfigEntryPartition(tcpServerSID.Partition),
-			Sources: []*api.SourceIntention{
-				{
-					Name:   tcpClient.ID.Name,
-					Peer:   cluPeerName,
-					Action: api.IntentionActionAllow,
-				},
-				{
-					Name:   httpClient.ID.Name,
-					Peer:   cluPeerName,
-					Action: api.IntentionActionAllow,
-				},
-			},
-		},
-	}
-
-	httpServerNode := ct.AddServiceNode(peerClu, httpServer)
-	tcpServerNode := ct.AddServiceNode(peerClu, tcpServer)
-
-	s.sidClientHTTP = httpClient.ID
-	s.nodeClientHTTP = httpClientNode.ID()
-	s.sidClientTCP = tcpClient.ID
-	s.nodeClientTCP = tcpClientNode.ID()
-	s.upstreamHTTP = upstreamHTTP
-	s.upstreamTCP = upstreamTCP
-
-	// these are references in Peer
-	s.sidServerHTTP = httpServerSID
-	s.nodeServerHTTP = httpServerNode.ID()
-	s.sidServerTCP = tcpServerSID
-	s.nodeServerTCP = tcpServerNode.ID()
-}
-
-// implements https://docs.google.com/document/d/1Fs3gNMhCqE4zVNMFcbzf02ZrB0kxxtJpI2h905oKhrs/edit#heading=h.wtzvyryyb56v
-func (s *ac1BasicSuite) test(t *testing.T, ct *commonTopo) {
-	dc := ct.Sprawl.Topology().Clusters[s.DC]
-	peer := ct.Sprawl.Topology().Clusters[s.Peer]
-	ac := s
-
-	// refresh this from Topology
-	svcClientTCP := dc.ServiceByID(
-		ac.nodeClientTCP,
-		ac.sidClientTCP,
-	)
-	svcClientHTTP := dc.ServiceByID(
-		ac.nodeClientHTTP,
-		ac.sidClientHTTP,
-	)
-	// our ac has the node/sid for server in the peer DC
-	svcServerHTTP := peer.ServiceByID(
-		ac.nodeServerHTTP,
-		ac.sidServerHTTP,
-	)
-	svcServerTCP := peer.ServiceByID(
-		ac.nodeServerTCP,
-		ac.sidServerTCP,
-	)
-
-	// preconditions
-	// these could be done parallel with each other, but complexity
-	// probably not worth the speed boost
-	ct.Assert.HealthyWithPeer(t, dc.Name, svcServerHTTP.ID, LocalPeerName(peer, "default"))
-	ct.Assert.HealthyWithPeer(t, dc.Name, svcServerTCP.ID, LocalPeerName(peer, "default"))
-	ct.Assert.UpstreamEndpointHealthy(t, svcClientTCP, ac.upstreamTCP)
-	ct.Assert.UpstreamEndpointHealthy(t, svcClientTCP, ac.upstreamHTTP)
-
-	tcs := []struct {
-		acSub int
-		proto string
-		svc   *topology.Service
-	}{
-		{1, "tcp", svcClientTCP},
-		{2, "http", svcClientHTTP},
-	}
-	for _, tc := range tcs {
-		tc := tc
-		t.Run(fmt.Sprintf("1.%d. %s in A can call HTTP upstream", tc.acSub, tc.proto), func(t *testing.T) {
-			t.Parallel()
-			ct.Assert.FortioFetch2HeaderEcho(t, tc.svc, ac.upstreamHTTP)
-		})
-		t.Run(fmt.Sprintf("1.%d. %s in A can call TCP upstream", tc.acSub, tc.proto), func(t *testing.T) {
-			t.Parallel()
-			ct.Assert.FortioFetch2HeaderEcho(t, tc.svc, ac.upstreamTCP)
-		})
-		t.Run(fmt.Sprintf("1.%d. via %s in A, FORTIO_NAME of HTTP upstream", tc.acSub, tc.proto), func(t *testing.T) {
-			t.Parallel()
-			ct.Assert.FortioFetch2FortioName(t,
-				tc.svc,
-				ac.upstreamHTTP,
-				peer.Name,
-				svcServerHTTP.ID,
-			)
-		})
-		t.Run(fmt.Sprintf("1.%d. via %s in A, FORTIO_NAME of TCP upstream", tc.acSub, tc.proto), func(t *testing.T) {
-			t.Parallel()
-			ct.Assert.FortioFetch2FortioName(t,
-				tc.svc,
-				ac.upstreamTCP,
-				peer.Name,
-				svcServerTCP.ID,
-			)
-		})
-	}
-}
diff --git a/test-integ/peering_commontopo/ac2_disco_chain_test.go b/test-integ/peering_commontopo/ac2_disco_chain_test.go
deleted file mode 100644
index 448ab2840bfe..000000000000
--- a/test-integ/peering_commontopo/ac2_disco_chain_test.go
+++ /dev/null
@@ -1,206 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/api"
-)
-
-type ac2DiscoChainSuite struct {
-	DC   string
-	Peer string
-
-	clientSID topology.ServiceID
-}
-
-var ac2DiscoChainSuites []sharedTopoSuite = []sharedTopoSuite{
-	&ac2DiscoChainSuite{DC: "dc1", Peer: "dc2"},
-	&ac2DiscoChainSuite{DC: "dc2", Peer: "dc1"},
-}
-
-func TestAC2DiscoChain(t *testing.T) {
-	runShareableSuites(t, ac2DiscoChainSuites)
-}
-
-func (s *ac2DiscoChainSuite) testName() string {
-	return fmt.Sprintf("ac2 disco chain %s->%s", s.DC, s.Peer)
-}
-
-func (s *ac2DiscoChainSuite) setup(t *testing.T, ct *commonTopo) {
-	clu := ct.ClusterByDatacenter(t, s.DC)
-	peerClu := ct.ClusterByDatacenter(t, s.Peer)
-	partition := "default"
-	peer := LocalPeerName(peerClu, "default")
-
-	// Make an HTTP server with discovery chain config entries
-	server := NewFortioServiceWithDefaults(
-		clu.Datacenter,
-		topology.ServiceID{
-			Name:      "ac2-disco-chain-svc",
-			Partition: partition,
-		},
-		nil,
-	)
-	ct.ExportService(clu, partition,
-		api.ExportedService{
-			Name: server.ID.Name,
-			Consumers: []api.ServiceConsumer{
-				{
-					Peer: peer,
-				},
-			},
-		},
-	)
-
-	clu.InitialConfigEntries = append(clu.InitialConfigEntries,
-		&api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      server.ID.Name,
-			Partition: ConfigEntryPartition(partition),
-			Protocol:  "http",
-		},
-		&api.ServiceSplitterConfigEntry{
-			Kind:      api.ServiceSplitter,
-			Name:      server.ID.Name,
-			Partition: ConfigEntryPartition(partition),
-			Splits: []api.ServiceSplit{
-				{
-					Weight: 100.0,
-					ResponseHeaders: &api.HTTPHeaderModifiers{
-						Add: map[string]string{
-							"X-Split": "test",
-						},
-					},
-				},
-			},
-		},
-	)
-	ct.AddServiceNode(clu, serviceExt{Service: server})
-
-	// Define server as upstream for client
-	upstream := &topology.Upstream{
-		ID: topology.ServiceID{
-			Name:      server.ID.Name,
-			Partition: partition, // TODO: iterate over all possible partitions
-		},
-		// TODO: we need to expose this on 0.0.0.0 so we can check it
-		// through our forward proxy. not realistic IMO
-		LocalAddress: "0.0.0.0",
-		LocalPort:    5000,
-		Peer:         peer,
-	}
-
-	// Make client which will dial server
-	clientSID := topology.ServiceID{
-		Name:      "ac2-client",
-		Partition: partition,
-	}
-	client := NewFortioServiceWithDefaults(
-		clu.Datacenter,
-		clientSID,
-		func(s *topology.Service) {
-			s.Upstreams = []*topology.Upstream{
-				upstream,
-			}
-		},
-	)
-	ct.ExportService(clu, partition,
-		api.ExportedService{
-			Name: client.ID.Name,
-			Consumers: []api.ServiceConsumer{
-				{
-					Peer: peer,
-				},
-			},
-		},
-	)
-	ct.AddServiceNode(clu, serviceExt{Service: client})
-
-	clu.InitialConfigEntries = append(clu.InitialConfigEntries,
-		&api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      client.ID.Name,
-			Partition: ConfigEntryPartition(partition),
-			Protocol:  "http",
-			UpstreamConfig: &api.UpstreamConfiguration{
-				Defaults: &api.UpstreamConfig{
-					MeshGateway: api.MeshGatewayConfig{
-						Mode: api.MeshGatewayModeLocal,
-					},
-				},
-			},
-		},
-	)
-
-	// Add intention allowing client to call server
-	clu.InitialConfigEntries = append(clu.InitialConfigEntries,
-		&api.ServiceIntentionsConfigEntry{
-			Kind:      api.ServiceIntentions,
-			Name:      server.ID.Name,
-			Partition: ConfigEntryPartition(partition),
-			Sources: []*api.SourceIntention{
-				{
-					Name:   client.ID.Name,
-					Peer:   peer,
-					Action: api.IntentionActionAllow,
-				},
-			},
-		},
-	)
-
-	s.clientSID = clientSID
-}
-
-func (s *ac2DiscoChainSuite) test(t *testing.T, ct *commonTopo) {
-	dc := ct.Sprawl.Topology().Clusters[s.DC]
-
-	svcs := dc.ServicesByID(s.clientSID)
-	require.Len(t, svcs, 1, "expected exactly one client in datacenter")
-
-	client := svcs[0]
-	require.Len(t, client.Upstreams, 1, "expected exactly one upstream for client")
-	u := client.Upstreams[0]
-
-	t.Run("peered upstream exists in catalog", func(t *testing.T) {
-		t.Parallel()
-		ct.Assert.CatalogServiceExists(t, s.DC, u.ID.Name, &api.QueryOptions{
-			Peer: u.Peer,
-		})
-	})
-
-	t.Run("peered upstream endpoint status is healthy", func(t *testing.T) {
-		t.Parallel()
-		ct.Assert.UpstreamEndpointStatus(t, client, peerClusterPrefix(u), "HEALTHY", 1)
-	})
-
-	t.Run("response contains header injected by splitter", func(t *testing.T) {
-		t.Parallel()
-		// TODO: not sure we should call u.LocalPort? it's not realistic from a security
-		// standpoint. prefer the fortio fetch2 stuff myself
-		ct.Assert.HTTPServiceEchoesResHeader(t, client, u.LocalPort, "",
-			map[string]string{
-				"X-Split": "test",
-			},
-		)
-	})
-}
-
-// For reference see consul/xds/clusters.go:
-//
-//	func (s *ResourceGenerator) getTargetClusterName
-//
-// and connect/sni.go
-func peerClusterPrefix(u *topology.Upstream) string {
-	if u.Peer == "" {
-		panic("upstream is not from a peer")
-	}
-	u.ID.Normalize()
-	return u.ID.Name + "." + u.ID.Namespace + "." + u.Peer + ".external"
-}
diff --git a/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go b/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go
deleted file mode 100644
index 586103c11127..000000000000
--- a/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go
+++ /dev/null
@@ -1,267 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/hashicorp/go-cleanhttp"
-	"github.com/itchyny/gojq"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
-	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
-)
-
-var ac3SvcDefaultsSuites []sharedTopoSuite = []sharedTopoSuite{
-	&ac3SvcDefaultsSuite{DC: "dc1", Peer: "dc2"},
-	&ac3SvcDefaultsSuite{DC: "dc2", Peer: "dc1"},
-}
-
-func TestAC3SvcDefaults(t *testing.T) {
-	runShareableSuites(t, ac3SvcDefaultsSuites)
-}
-
-type ac3SvcDefaultsSuite struct {
-	// inputs
-	DC   string
-	Peer string
-
-	// test points
-	sidServer  topology.ServiceID
-	nodeServer topology.NodeID
-	sidClient  topology.ServiceID
-	nodeClient topology.NodeID
-
-	upstream *topology.Upstream
-}
-
-func (s *ac3SvcDefaultsSuite) testName() string {
-	return fmt.Sprintf("ac3 service defaults upstreams %s->%s", s.DC, s.Peer)
-}
-
-// creates clients in s.DC and servers in s.Peer
-func (s *ac3SvcDefaultsSuite) setup(t *testing.T, ct *commonTopo) {
-	clu := ct.ClusterByDatacenter(t, s.DC)
-	peerClu := ct.ClusterByDatacenter(t, s.Peer)
-
-	partition := "default"
-	peer := LocalPeerName(peerClu, "default")
-	cluPeerName := LocalPeerName(clu, "default")
-
-	serverSID := topology.ServiceID{
-		Name:      "ac3-server",
-		Partition: partition,
-	}
-	upstream := &topology.Upstream{
-		ID: topology.ServiceID{
-			Name:      serverSID.Name,
-			Partition: partition,
-		},
-		LocalPort: 5001,
-		Peer:      peer,
-	}
-
-	sid := topology.ServiceID{
-		Name:      "ac3-client",
-		Partition: partition,
-	}
-	client := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			clu.Datacenter,
-			sid,
-			func(s *topology.Service) {
-				s.Upstreams = []*topology.Upstream{
-					upstream,
-				}
-			},
-		),
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      sid.Name,
-			Partition: ConfigEntryPartition(sid.Partition),
-			Protocol:  "http",
-			UpstreamConfig: &api.UpstreamConfiguration{
-				Overrides: []*api.UpstreamConfig{
-					{
-						Name:      upstream.ID.Name,
-						Namespace: upstream.ID.Namespace,
-						Peer:      peer,
-						PassiveHealthCheck: &api.PassiveHealthCheck{
-							MaxFailures: 1,
-							Interval:    10 * time.Minute,
-						},
-					},
-				},
-				Defaults: &api.UpstreamConfig{
-					MeshGateway: api.MeshGatewayConfig{
-						Mode: api.MeshGatewayModeLocal,
-					},
-				},
-			},
-		},
-	}
-
-	clientNode := ct.AddServiceNode(clu, client)
-
-	server := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			peerClu.Datacenter,
-			serverSID,
-			nil,
-		),
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      serverSID.Name,
-			Partition: ConfigEntryPartition(serverSID.Partition),
-			Protocol:  "http",
-		},
-		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
-		Intentions: &api.ServiceIntentionsConfigEntry{
-			Kind:      api.ServiceIntentions,
-			Name:      serverSID.Name,
-			Partition: ConfigEntryPartition(serverSID.Partition),
-			Sources: []*api.SourceIntention{
-				{
-					Name:   client.ID.Name,
-					Peer:   cluPeerName,
-					Action: api.IntentionActionAllow,
-				},
-			},
-		},
-	}
-
-	serverNode := ct.AddServiceNode(peerClu, server)
-
-	s.sidClient = client.ID
-	s.nodeClient = clientNode.ID()
-	s.upstream = upstream
-
-	// these are references in Peer
-	s.sidServer = serverSID
-	s.nodeServer = serverNode.ID()
-}
-
-// make two requests to upstream via client's fetch2 with status=<nonceStatus>
-// the first time, it should return nonceStatus
-// the second time, we expect the upstream to have been removed from the envoy cluster,
-// and thereby get some other 5xx
-func (s *ac3SvcDefaultsSuite) test(t *testing.T, ct *commonTopo) {
-	dc := ct.Sprawl.Topology().Clusters[s.DC]
-	peer := ct.Sprawl.Topology().Clusters[s.Peer]
-
-	// refresh this from Topology
-	svcClient := dc.ServiceByID(
-		s.nodeClient,
-		s.sidClient,
-	)
-	// our ac has the node/sid for server in the peer DC
-	svcServer := peer.ServiceByID(
-		s.nodeServer,
-		s.sidServer,
-	)
-
-	// preconditions
-	// these could be done parallel with each other, but complexity
-	// probably not worth the speed boost
-	ct.Assert.HealthyWithPeer(t, dc.Name, svcServer.ID, LocalPeerName(peer, "default"))
-	ct.Assert.UpstreamEndpointHealthy(t, svcClient, s.upstream)
-	// TODO: we need to let the upstream start serving properly before we do this. if it
-	// isn't ready and returns a 5xx (which it will do if it's not up yet!), it will stick
-	// in a down state for PassiveHealthCheck.Interval
-	time.Sleep(30 * time.Second)
-	ct.Assert.FortioFetch2HeaderEcho(t, svcClient, s.upstream)
-
-	// TODO: use proxied HTTP client
-	client := cleanhttp.DefaultClient()
-	// TODO: what is default? namespace? partition?
-	clusterName := fmt.Sprintf("%s.default.%s.external", s.upstream.ID.Name, s.upstream.Peer)
-	nonceStatus := http.StatusInsufficientStorage
-	url507 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", svcClient.ExposedPort,
-		url.QueryEscape(fmt.Sprintf("http://localhost:%d/?status=%d", s.upstream.LocalPort, nonceStatus)),
-	)
-
-	// we only make this call once
-	req, err := http.NewRequest(http.MethodGet, url507, nil)
-	require.NoError(t, err)
-	res, err := client.Do(req)
-	require.NoError(t, err)
-	defer res.Body.Close()
-	require.Equal(t, nonceStatus, res.StatusCode)
-
-	// this is a modified version of assertEnvoyUpstreamHealthy
-	envoyAddr := fmt.Sprintf("localhost:%d", svcClient.ExposedEnvoyAdminPort)
-	retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
-		// BOOKMARK: avoid libassert, but we need to resurrect this method in asserter first
-		clusters, statusCode, err := libassert.GetEnvoyOutputWithClient(client, envoyAddr, "clusters", map[string]string{"format": "json"})
-		if err != nil {
-			r.Fatal("could not fetch envoy clusters")
-		}
-		require.Equal(r, 200, statusCode)
-
-		filter := fmt.Sprintf(
-			`.cluster_statuses[]
-			| select(.name|contains("%s"))
-			| [.host_statuses[].health_status.failed_outlier_check]
-			|.[0]`,
-			clusterName)
-		result, err := jqOne(clusters, filter)
-		require.NoErrorf(r, err, "could not found cluster name %q: %v \n%s", clusterName, err, clusters)
-
-		resultAsBool, ok := result.(bool)
-		require.True(r, ok)
-		require.True(r, resultAsBool)
-	})
-
-	url200 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", svcClient.ExposedPort,
-		url.QueryEscape(fmt.Sprintf("http://localhost:%d/", s.upstream.LocalPort)),
-	)
-	retry.RunWith(&retry.Timer{Timeout: time.Minute * 1, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
-		req, err := http.NewRequest(http.MethodGet, url200, nil)
-		require.NoError(r, err)
-		res, err := client.Do(req)
-		require.NoError(r, err)
-		defer res.Body.Close()
-		require.True(r, res.StatusCode >= 500 && res.StatusCode < 600 && res.StatusCode != nonceStatus)
-	})
-}
-
-// Executes the JQ filter against the given JSON string.
-// Iff there is one result, return that.
-func jqOne(config, filter string) (interface{}, error) {
-	query, err := gojq.Parse(filter)
-	if err != nil {
-		return nil, err
-	}
-
-	var m interface{}
-	err = json.Unmarshal([]byte(config), &m)
-	if err != nil {
-		return nil, err
-	}
-
-	iter := query.Run(m)
-	result := []interface{}{}
-	for {
-		v, ok := iter.Next()
-		if !ok {
-			break
-		}
-		if err, ok := v.(error); ok {
-			return nil, err
-		}
-		result = append(result, v)
-	}
-	if len(result) != 1 {
-		return nil, fmt.Errorf("required result of len 1, but is %d: %v", len(result), result)
-	}
-	return result[0], nil
-}
diff --git a/test-integ/peering_commontopo/ac4_proxy_defaults_test.go b/test-integ/peering_commontopo/ac4_proxy_defaults_test.go
deleted file mode 100644
index c413820c6f2b..000000000000
--- a/test-integ/peering_commontopo/ac4_proxy_defaults_test.go
+++ /dev/null
@@ -1,216 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"fmt"
-	"net/http"
-	"net/url"
-	"testing"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/hashicorp/go-cleanhttp"
-	"github.com/stretchr/testify/require"
-)
-
-type ac4ProxyDefaultsSuite struct {
-	DC   string
-	Peer string
-
-	nodeClient topology.NodeID
-	nodeServer topology.NodeID
-
-	serverSID topology.ServiceID
-	clientSID topology.ServiceID
-	upstream  *topology.Upstream
-}
-
-var ac4ProxyDefaultsSuites []sharedTopoSuite = []sharedTopoSuite{
-	&ac4ProxyDefaultsSuite{DC: "dc1", Peer: "dc2"},
-	&ac4ProxyDefaultsSuite{DC: "dc2", Peer: "dc1"},
-}
-
-func TestAC4ProxyDefaults(t *testing.T) {
-	runShareableSuites(t, ac4ProxyDefaultsSuites)
-}
-
-func (s *ac4ProxyDefaultsSuite) testName() string {
-	return fmt.Sprintf("ac4 proxy defaults %s->%s", s.DC, s.Peer)
-}
-
-// creates clients in s.DC and servers in s.Peer
-func (s *ac4ProxyDefaultsSuite) setup(t *testing.T, ct *commonTopo) {
-	clu := ct.ClusterByDatacenter(t, s.DC)
-	peerClu := ct.ClusterByDatacenter(t, s.Peer)
-
-	partition := "default"
-	peer := LocalPeerName(peerClu, "default")
-	cluPeerName := LocalPeerName(clu, "default")
-
-	serverSID := topology.ServiceID{
-		Name:      "ac4-server-http",
-		Partition: partition,
-	}
-	// Define server as upstream for client
-	upstream := &topology.Upstream{
-		ID:        serverSID,
-		LocalPort: 5000,
-		Peer:      peer,
-	}
-
-	// Make client which will dial server
-	clientSID := topology.ServiceID{
-		Name:      "ac4-http-client",
-		Partition: partition,
-	}
-	client := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			clu.Datacenter,
-			clientSID,
-			func(s *topology.Service) {
-				s.Upstreams = []*topology.Upstream{
-					upstream,
-				}
-			},
-		),
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      clientSID.Name,
-			Partition: ConfigEntryPartition(clientSID.Partition),
-			Protocol:  "http",
-			UpstreamConfig: &api.UpstreamConfiguration{
-				Defaults: &api.UpstreamConfig{
-					MeshGateway: api.MeshGatewayConfig{
-						Mode: api.MeshGatewayModeLocal,
-					},
-				},
-			},
-		},
-	}
-	clientNode := ct.AddServiceNode(clu, client)
-
-	server := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			peerClu.Datacenter,
-			serverSID,
-			nil,
-		),
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      serverSID.Name,
-			Partition: ConfigEntryPartition(serverSID.Partition),
-			Protocol:  "http",
-		},
-		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
-		Intentions: &api.ServiceIntentionsConfigEntry{
-			Kind:      api.ServiceIntentions,
-			Name:      serverSID.Name,
-			Partition: ConfigEntryPartition(serverSID.Partition),
-			Sources: []*api.SourceIntention{
-				{
-					Name:   client.ID.Name,
-					Peer:   cluPeerName,
-					Action: api.IntentionActionAllow,
-				},
-			},
-		},
-	}
-
-	peerClu.InitialConfigEntries = append(peerClu.InitialConfigEntries,
-		&api.ProxyConfigEntry{
-			Kind:      api.ProxyDefaults,
-			Name:      api.ProxyConfigGlobal,
-			Partition: ConfigEntryPartition(server.ID.Partition),
-			Config: map[string]interface{}{
-				"protocol":                 "http",
-				"local_request_timeout_ms": 500,
-			},
-			MeshGateway: api.MeshGatewayConfig{
-				Mode: api.MeshGatewayModeLocal,
-			},
-		},
-	)
-
-	serverNode := ct.AddServiceNode(peerClu, server)
-
-	s.clientSID = clientSID
-	s.serverSID = serverSID
-	s.nodeServer = serverNode.ID()
-	s.nodeClient = clientNode.ID()
-	s.upstream = upstream
-}
-
-func (s *ac4ProxyDefaultsSuite) test(t *testing.T, ct *commonTopo) {
-	var client *topology.Service
-
-	dc := ct.Sprawl.Topology().Clusters[s.DC]
-	peer := ct.Sprawl.Topology().Clusters[s.Peer]
-
-	clientSVC := dc.ServiceByID(
-		s.nodeClient,
-		s.clientSID,
-	)
-	serverSVC := peer.ServiceByID(
-		s.nodeServer,
-		s.serverSID,
-	)
-
-	// preconditions check
-	ct.Assert.HealthyWithPeer(t, dc.Name, serverSVC.ID, LocalPeerName(peer, "default"))
-	ct.Assert.UpstreamEndpointHealthy(t, clientSVC, s.upstream)
-	ct.Assert.FortioFetch2HeaderEcho(t, clientSVC, s.upstream)
-
-	t.Run("Validate services exist in catalog", func(t *testing.T) {
-		dcSvcs := dc.ServicesByID(s.clientSID)
-		require.Len(t, dcSvcs, 1, "expected exactly one client")
-		client = dcSvcs[0]
-		require.Len(t, client.Upstreams, 1, "expected exactly one upstream for client")
-
-		server := dc.ServicesByID(s.serverSID)
-		require.Len(t, server, 1, "expected exactly one server")
-		require.Len(t, server[0].Upstreams, 0, "expected no upstream for server")
-	})
-
-	t.Run("peered upstream exists in catalog", func(t *testing.T) {
-		ct.Assert.CatalogServiceExists(t, s.DC, s.upstream.ID.Name, &api.QueryOptions{
-			Peer: s.upstream.Peer,
-		})
-	})
-
-	t.Run("HTTP service fails due to connection timeout", func(t *testing.T) {
-		url504 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", client.ExposedPort,
-			url.QueryEscape(fmt.Sprintf("http://localhost:%d/?delay=1000ms", s.upstream.LocalPort)),
-		)
-
-		url200 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", client.ExposedPort,
-			url.QueryEscape(fmt.Sprintf("http://localhost:%d/", s.upstream.LocalPort)),
-		)
-
-		// validate request timeout error where service has 1000ms response delay and
-		// proxy default is set to local_request_timeout_ms: 500ms
-		// return 504
-		httpClient := cleanhttp.DefaultClient()
-		req, err := http.NewRequest(http.MethodGet, url504, nil)
-		require.NoError(t, err)
-
-		res, err := httpClient.Do(req)
-		require.NoError(t, err)
-
-		defer res.Body.Close()
-		require.Equal(t, http.StatusGatewayTimeout, res.StatusCode)
-
-		// validate successful GET request where service has no response delay and
-		// proxy default is set to local_request_timeout_ms: 500ms
-		// return 200
-		req, err = http.NewRequest(http.MethodGet, url200, nil)
-		require.NoError(t, err)
-
-		res, err = httpClient.Do(req)
-		require.NoError(t, err)
-
-		defer res.Body.Close()
-		require.Equal(t, http.StatusOK, res.StatusCode)
-	})
-}
diff --git a/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go b/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go
deleted file mode 100644
index 9706eba63ca9..000000000000
--- a/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go
+++ /dev/null
@@ -1,132 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"fmt"
-
-	"testing"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
-	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/stretchr/testify/require"
-)
-
-type ac5_1NoSvcMeshSuite struct {
-	DC   string
-	Peer string
-
-	serverSID topology.ServiceID
-	clientSID topology.ServiceID
-}
-
-var (
-	ac5_1NoSvcMeshSuites []sharedTopoSuite = []sharedTopoSuite{
-		&ac5_1NoSvcMeshSuite{DC: "dc1", Peer: "dc2"},
-		&ac5_1NoSvcMeshSuite{DC: "dc2", Peer: "dc1"},
-	}
-)
-
-func TestAC5ServiceMeshDisabledSuite(t *testing.T) {
-	runShareableSuites(t, ac5_1NoSvcMeshSuites)
-}
-
-func (s *ac5_1NoSvcMeshSuite) testName() string {
-	return fmt.Sprintf("ac5.1 no service mesh %s->%s", s.DC, s.Peer)
-}
-
-// creates clients in s.DC and servers in s.Peer
-func (s *ac5_1NoSvcMeshSuite) setup(t *testing.T, ct *commonTopo) {
-	clu := ct.ClusterByDatacenter(t, s.DC)
-	peerClu := ct.ClusterByDatacenter(t, s.Peer)
-
-	// TODO: handle all partitions
-	partition := "default"
-	peer := LocalPeerName(peerClu, partition)
-
-	serverSID := topology.ServiceID{
-		Name:      "ac5-server-http",
-		Partition: partition,
-	}
-
-	// Make client which will dial server
-	clientSID := topology.ServiceID{
-		Name:      "ac5-http-client",
-		Partition: partition,
-	}
-
-	// disable service mesh for client in s.DC
-	client := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			clu.Datacenter,
-			clientSID,
-			func(s *topology.Service) {
-				s.EnvoyAdminPort = 0
-				s.DisableServiceMesh = true
-			},
-		),
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      clientSID.Name,
-			Partition: ConfigEntryPartition(clientSID.Partition),
-			Protocol:  "http",
-		},
-		Exports: []api.ServiceConsumer{{Peer: peer}},
-	}
-	ct.AddServiceNode(clu, client)
-
-	server := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			clu.Datacenter,
-			serverSID,
-			nil,
-		),
-		Exports: []api.ServiceConsumer{{Peer: peer}},
-	}
-
-	ct.AddServiceNode(clu, server)
-
-	s.clientSID = clientSID
-	s.serverSID = serverSID
-}
-
-func (s *ac5_1NoSvcMeshSuite) test(t *testing.T, ct *commonTopo) {
-	dc := ct.Sprawl.Topology().Clusters[s.DC]
-	peer := ct.Sprawl.Topology().Clusters[s.Peer]
-	cl := ct.APIClientForCluster(t, dc)
-	peerName := LocalPeerName(peer, "default")
-
-	s.testServiceHealthInCatalog(t, ct, cl, peerName)
-	s.testProxyDisabledInDC2(t, cl, peerName)
-}
-
-func (s *ac5_1NoSvcMeshSuite) testServiceHealthInCatalog(t *testing.T, ct *commonTopo, cl *api.Client, peer string) {
-	t.Run("validate service health in catalog", func(t *testing.T) {
-		libassert.CatalogServiceExists(t, cl, s.clientSID.Name, &api.QueryOptions{
-			Peer: peer,
-		})
-		require.NotEqual(t, s.serverSID.Name, s.Peer)
-		assertServiceHealth(t, cl, s.serverSID.Name, 1)
-	})
-}
-
-func (s *ac5_1NoSvcMeshSuite) testProxyDisabledInDC2(t *testing.T, cl *api.Client, peer string) {
-	t.Run("service mesh is disabled", func(t *testing.T) {
-		var (
-			services map[string][]string
-			err      error
-			expected = fmt.Sprintf("%s-sidecar-proxy", s.clientSID.Name)
-		)
-		retry.Run(t, func(r *retry.R) {
-			services, _, err = cl.Catalog().Services(&api.QueryOptions{
-				Peer: peer,
-			})
-			require.NoError(r, err, "error reading service data")
-			require.Greater(r, len(services), 0, "did not find service(s) in catalog")
-		})
-		require.NotContains(t, services, expected, fmt.Sprintf("error: should not create proxy for service: %s", services))
-	})
-}
diff --git a/test-integ/peering_commontopo/ac5_2_pq_failover_test.go b/test-integ/peering_commontopo/ac5_2_pq_failover_test.go
deleted file mode 100644
index 94930647408f..000000000000
--- a/test-integ/peering_commontopo/ac5_2_pq_failover_test.go
+++ /dev/null
@@ -1,401 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"fmt"
-	"time"
-
-	"testing"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/stretchr/testify/require"
-)
-
-// 1. Setup: put health service instances in each of the 3 clusters and create the PQ in one of them
-// 2. Execute the PQ: Validate that failover count == 0 and that the pq results come from the local cluster
-// 3. Register a failing TTL health check with the agent managing the service instance in the local cluster
-// 4. Execute the PQ: Validate that failover count == 1 and that the pq results come from the first failover target peer
-// 5. Register a failing TTL health check with the agent managing the service instance in the first failover peer
-// 6. Execute the PQ: Validate that failover count == 2 and that the pq results come from the second failover target
-// 7. Delete failing health check from step 5
-// 8. Repeat step 4
-// 9. Delete failing health check from step 3
-// 10. Repeat step 2
-type ac5_2PQFailoverSuite struct {
-	clientSID  topology.ServiceID
-	serverSID  topology.ServiceID
-	nodeServer topology.NodeID
-}
-
-var ac5_2Context = make(map[nodeKey]ac5_2PQFailoverSuite)
-
-func TestAC5PreparedQueryFailover(t *testing.T) {
-	ct := NewCommonTopo(t)
-	s := &ac5_2PQFailoverSuite{}
-	s.setup(t, ct)
-	ct.Launch(t)
-	s.test(t, ct)
-}
-
-func (s *ac5_2PQFailoverSuite) setup(t *testing.T, ct *commonTopo) {
-	s.setupDC(ct, ct.DC1, ct.DC2)
-	s.setupDC(ct, ct.DC2, ct.DC1)
-	s.setupDC3(ct, ct.DC3, ct.DC1, ct.DC2)
-}
-
-func (s *ac5_2PQFailoverSuite) setupDC(ct *commonTopo, clu, peerClu *topology.Cluster) {
-	// TODO: handle all partitions
-	partition := "default"
-	peer := LocalPeerName(peerClu, partition)
-
-	serverSID := topology.ServiceID{
-		Name:      "ac5-server-http",
-		Partition: partition,
-	}
-
-	clientSID := topology.ServiceID{
-		Name:      "ac5-client-http",
-		Partition: partition,
-	}
-
-	client := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			clu.Datacenter,
-			clientSID,
-			func(s *topology.Service) {
-				s.EnvoyAdminPort = 0
-				s.DisableServiceMesh = true
-			},
-		),
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      clientSID.Name,
-			Partition: ConfigEntryPartition(clientSID.Partition),
-			Protocol:  "http",
-		},
-		Exports: []api.ServiceConsumer{{Peer: peer}},
-	}
-
-	ct.AddServiceNode(clu, client)
-
-	server := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			clu.Datacenter,
-			serverSID,
-			nil,
-		),
-		Exports: []api.ServiceConsumer{{Peer: peer}},
-	}
-	serverNode := ct.AddServiceNode(clu, server)
-
-	ac5_2Context[nodeKey{clu.Datacenter, partition}] = ac5_2PQFailoverSuite{
-		clientSID:  clientSID,
-		serverSID:  serverSID,
-		nodeServer: serverNode.ID(),
-	}
-}
-
-func (s *ac5_2PQFailoverSuite) setupDC3(ct *commonTopo, clu, peer1, peer2 *topology.Cluster) {
-	var (
-		peers     []string
-		partition = "default"
-	)
-	peers = append(peers, LocalPeerName(peer1, partition), LocalPeerName(peer2, partition))
-
-	serverSID := topology.ServiceID{
-		Name:      "ac5-server-http",
-		Partition: partition,
-	}
-
-	clientSID := topology.ServiceID{
-		Name:      "ac5-client-http",
-		Partition: partition,
-	}
-
-	// disable service mesh for client in DC3
-	client := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			clu.Datacenter,
-			clientSID,
-			func(s *topology.Service) {
-				s.EnvoyAdminPort = 0
-				s.DisableServiceMesh = true
-			},
-		),
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      clientSID.Name,
-			Partition: ConfigEntryPartition(clientSID.Partition),
-			Protocol:  "http",
-		},
-		Exports: func() []api.ServiceConsumer {
-			var consumers []api.ServiceConsumer
-			for _, peer := range peers {
-				consumers = append(consumers, api.ServiceConsumer{
-					Peer: peer,
-				})
-			}
-			return consumers
-		}(),
-	}
-
-	ct.AddServiceNode(clu, client)
-
-	server := serviceExt{
-		Service: NewFortioServiceWithDefaults(
-			clu.Datacenter,
-			serverSID,
-			nil,
-		),
-		Exports: func() []api.ServiceConsumer {
-			var consumers []api.ServiceConsumer
-			for _, peer := range peers {
-				consumers = append(consumers, api.ServiceConsumer{
-					Peer: peer,
-				})
-			}
-			return consumers
-		}(),
-	}
-
-	serverNode := ct.AddServiceNode(clu, server)
-
-	ac5_2Context[nodeKey{clu.Datacenter, partition}] = ac5_2PQFailoverSuite{
-		clientSID:  clientSID,
-		serverSID:  serverSID,
-		nodeServer: serverNode.ID(),
-	}
-}
-
-func (s *ac5_2PQFailoverSuite) createPreparedQuery(t *testing.T, ct *commonTopo, c *api.Client, serviceName, partition string) (*api.PreparedQueryDefinition, *api.PreparedQuery) {
-	var (
-		peers []string
-		err   error
-	)
-	peers = append(peers, LocalPeerName(ct.DC2, partition), LocalPeerName(ct.DC3, partition))
-
-	def := &api.PreparedQueryDefinition{
-		Name: "ac5-prepared-query",
-		Service: api.ServiceQuery{
-			Service:     serviceName,
-			Partition:   ConfigEntryPartition(partition),
-			OnlyPassing: true,
-			Failover: api.QueryFailoverOptions{
-				Targets: func() []api.QueryFailoverTarget {
-					var queryFailoverTargets []api.QueryFailoverTarget
-					for _, peer := range peers {
-						queryFailoverTargets = append(queryFailoverTargets, api.QueryFailoverTarget{
-							Peer: peer,
-						})
-					}
-					return queryFailoverTargets
-				}(),
-			},
-		},
-	}
-
-	query := c.PreparedQuery()
-	def.ID, _, err = query.Create(def, nil)
-	require.NoError(t, err, "error creating prepared query in cluster")
-
-	return def, query
-}
-
-func (s *ac5_2PQFailoverSuite) test(t *testing.T, ct *commonTopo) {
-	partition := "default"
-	dc1 := ct.Sprawl.Topology().Clusters[ct.DC1.Name]
-	dc2 := ct.Sprawl.Topology().Clusters[ct.DC2.Name]
-	dc3 := ct.Sprawl.Topology().Clusters[ct.DC3.Name]
-
-	type testcase struct {
-		cluster       *topology.Cluster
-		peer          *topology.Cluster
-		targetCluster *topology.Cluster
-	}
-	tcs := []testcase{
-		{
-			cluster:       dc1,
-			peer:          dc2,
-			targetCluster: dc3,
-		},
-	}
-	for _, tc := range tcs {
-		client := ct.APIClientForCluster(t, tc.cluster)
-
-		t.Run(fmt.Sprintf("%#v", tc), func(t *testing.T) {
-			svc := ac5_2Context[nodeKey{tc.cluster.Name, partition}]
-			require.NotNil(t, svc.serverSID.Name, "expected service name to not be nil")
-			require.NotNil(t, svc.nodeServer, "expected node server to not be nil")
-
-			assertServiceHealth(t, client, svc.serverSID.Name, 1)
-			def, _ := s.createPreparedQuery(t, ct, client, svc.serverSID.Name, partition)
-			s.testPreparedQueryZeroFailover(t, client, def, tc.cluster)
-			s.testPreparedQuerySingleFailover(t, ct, client, def, tc.cluster, tc.peer, partition)
-			s.testPreparedQueryTwoFailovers(t, ct, client, def, tc.cluster, tc.peer, tc.targetCluster, partition)
-
-			// delete failing health check in peer cluster & validate single failover
-			s.testPQSingleFailover(t, ct, client, def, tc.cluster, tc.peer, partition)
-			// delete failing health check in cluster & validate zero failover
-			s.testPQZeroFailover(t, ct, client, def, tc.cluster, tc.peer, partition)
-		})
-	}
-}
-
-func (s *ac5_2PQFailoverSuite) testPreparedQueryZeroFailover(t *testing.T, cl *api.Client, def *api.PreparedQueryDefinition, cluster *topology.Cluster) {
-	t.Run(fmt.Sprintf("prepared query should not failover %s", cluster.Name), func(t *testing.T) {
-
-		// Validate prepared query exists in cluster
-		queryDef, _, err := cl.PreparedQuery().Get(def.ID, nil)
-		require.NoError(t, err)
-		require.Len(t, queryDef, 1, "expected 1 prepared query")
-		require.Equal(t, 2, len(queryDef[0].Service.Failover.Targets), "expected 2 prepared query failover targets to dc2 and dc3")
-
-		retry.RunWith(&retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
-			queryResult, _, err := cl.PreparedQuery().Execute(def.ID, nil)
-			require.NoError(r, err)
-
-			// expected outcome should show 0 failover
-			require.Equal(r, 0, queryResult.Failovers, "expected 0 prepared query failover")
-			require.Equal(r, cluster.Name, queryResult.Nodes[0].Node.Datacenter, "pq results should come from the local cluster")
-		})
-	})
-}
-
-func (s *ac5_2PQFailoverSuite) testPreparedQuerySingleFailover(t *testing.T, ct *commonTopo, cl *api.Client, def *api.PreparedQueryDefinition, cluster, peerClu *topology.Cluster, partition string) {
-	t.Run(fmt.Sprintf("prepared query with single failover %s", cluster.Name), func(t *testing.T) {
-		cfg := ct.Sprawl.Config()
-		svc := ac5_2Context[nodeKey{cluster.Name, partition}]
-
-		nodeCfg := DisableNode(t, cfg, cluster.Name, svc.nodeServer)
-		require.NoError(t, ct.Sprawl.Relaunch(nodeCfg))
-
-		// assert server health status
-		assertServiceHealth(t, cl, svc.serverSID.Name, 0)
-
-		// Validate prepared query exists in cluster
-		queryDef, _, err := cl.PreparedQuery().Get(def.ID, nil)
-		require.NoError(t, err)
-		require.Len(t, queryDef, 1, "expected 1 prepared query")
-
-		pqFailoverTargets := queryDef[0].Service.Failover.Targets
-		require.Len(t, pqFailoverTargets, 2, "expected 2 prepared query failover targets to dc2 and dc3")
-
-		retry.RunWith(&retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
-			queryResult, _, err := cl.PreparedQuery().Execute(def.ID, nil)
-			require.NoError(r, err)
-
-			require.Equal(r, 1, queryResult.Failovers, "expected 1 prepared query failover")
-			require.Equal(r, peerClu.Name, queryResult.Nodes[0].Node.Datacenter, fmt.Sprintf("the pq results should originate from peer clu %s", peerClu.Name))
-			require.Equal(r, pqFailoverTargets[0].Peer, queryResult.Nodes[0].Checks[0].PeerName,
-				fmt.Sprintf("pq results should come from the first failover target peer %s", pqFailoverTargets[0].Peer))
-		})
-	})
-}
-
-func (s *ac5_2PQFailoverSuite) testPreparedQueryTwoFailovers(t *testing.T, ct *commonTopo, cl *api.Client, def *api.PreparedQueryDefinition, cluster, peerClu, targetCluster *topology.Cluster, partition string) {
-	t.Run(fmt.Sprintf("prepared query with two failovers %s", cluster.Name), func(t *testing.T) {
-		cfg := ct.Sprawl.Config()
-
-		svc := ac5_2Context[nodeKey{peerClu.Name, partition}]
-
-		cfg = DisableNode(t, cfg, peerClu.Name, svc.nodeServer)
-		require.NoError(t, ct.Sprawl.Relaunch(cfg))
-
-		// assert server health status
-		assertServiceHealth(t, cl, ac5_2Context[nodeKey{cluster.Name, partition}].serverSID.Name, 0) // cluster: failing
-		assertServiceHealth(t, cl, svc.serverSID.Name, 0)                                            // peer cluster: failing
-
-		queryDef, _, err := cl.PreparedQuery().Get(def.ID, nil)
-		require.NoError(t, err)
-		require.Len(t, queryDef, 1, "expected 1 prepared query")
-
-		pqFailoverTargets := queryDef[0].Service.Failover.Targets
-		require.Len(t, pqFailoverTargets, 2, "expected 2 prepared query failover targets to dc2 and dc3")
-
-		retry.RunWith(&retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
-			queryResult, _, err := cl.PreparedQuery().Execute(def.ID, nil)
-			require.NoError(r, err)
-			require.Equal(r, 2, queryResult.Failovers, "expected 2 prepared query failover")
-
-			require.Equal(r, targetCluster.Name, queryResult.Nodes[0].Node.Datacenter, fmt.Sprintf("the pq results should originate from cluster %s", targetCluster.Name))
-			require.Equal(r, pqFailoverTargets[1].Peer, queryResult.Nodes[0].Checks[0].PeerName,
-				fmt.Sprintf("pq results should come from the second failover target peer %s", pqFailoverTargets[1].Peer))
-		})
-	})
-}
-
-func (s *ac5_2PQFailoverSuite) testPQSingleFailover(t *testing.T, ct *commonTopo, cl *api.Client, def *api.PreparedQueryDefinition, cluster, peerClu *topology.Cluster, partition string) {
-	t.Run(fmt.Sprintf("delete failing health check in %s and validate single failover %s", peerClu.Name, cluster.Name), func(t *testing.T) {
-		cfg := ct.Sprawl.Config()
-
-		svc := ac5_2Context[nodeKey{peerClu.Name, partition}]
-
-		cfg = EnableNode(t, cfg, peerClu.Name, svc.nodeServer)
-		require.NoError(t, ct.Sprawl.Relaunch(cfg))
-
-		queryDef, _, err := cl.PreparedQuery().Get(def.ID, nil)
-		require.NoError(t, err)
-
-		pqFailoverTargets := queryDef[0].Service.Failover.Targets
-		require.Len(t, pqFailoverTargets, 2, "expected 2 prepared query failover targets to dc2 and dc3")
-
-		retry.RunWith(&retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
-			queryResult, _, err := cl.PreparedQuery().Execute(def.ID, nil)
-			require.NoError(r, err)
-			require.Equal(r, 1, queryResult.Failovers, "expected 1 prepared query failover")
-
-			require.Equal(r, peerClu.Name, queryResult.Nodes[0].Node.Datacenter, fmt.Sprintf("the pq results should originate from cluster %s", peerClu.Name))
-			require.Equal(r, pqFailoverTargets[0].Peer, queryResult.Nodes[0].Checks[0].PeerName,
-				fmt.Sprintf("pq results should come from the second failover target peer %s", pqFailoverTargets[0].Peer))
-		})
-	})
-}
-
-func (s *ac5_2PQFailoverSuite) testPQZeroFailover(t *testing.T, ct *commonTopo, cl *api.Client, def *api.PreparedQueryDefinition, cluster, peerClu *topology.Cluster, partition string) {
-	t.Run(fmt.Sprintf("delete failing health check in %s and validate zero failover %s", cluster.Name, cluster.Name), func(t *testing.T) {
-		cfg := ct.Sprawl.Config()
-
-		svc := ac5_2Context[nodeKey{cluster.Name, partition}]
-
-		cfg = EnableNode(t, cfg, cluster.Name, svc.nodeServer)
-		require.NoError(t, ct.Sprawl.Relaunch(cfg))
-
-		// assert server health status
-		assertServiceHealth(t, cl, ac5_2Context[nodeKey{cluster.Name, partition}].serverSID.Name, 1) // cluster: passing
-		assertServiceHealth(t, cl, svc.serverSID.Name, 1)                                            // peer cluster: passing
-
-		queryDef, _, err := cl.PreparedQuery().Get(def.ID, nil)
-		require.NoError(t, err)
-
-		pqFailoverTargets := queryDef[0].Service.Failover.Targets
-		require.Len(t, pqFailoverTargets, 2, "expected 2 prepared query failover targets to dc2 and dc3")
-
-		retry.RunWith(&retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
-			queryResult, _, err := cl.PreparedQuery().Execute(def.ID, nil)
-			require.NoError(r, err)
-			// expected outcome should show 0 failover
-			require.Equal(r, 0, queryResult.Failovers, "expected 0 prepared query failover")
-			require.Equal(r, cluster.Name, queryResult.Nodes[0].Node.Datacenter, "pq results should come from the local cluster")
-		})
-	})
-}
-
-// assertServiceHealth checks that a service health status before running tests
-func assertServiceHealth(t *testing.T, cl *api.Client, serverSVC string, count int) {
-	t.Helper()
-	t.Log("validate service health in catalog")
-	retry.RunWith(&retry.Timer{Timeout: time.Second * 20, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
-		svcs, _, err := cl.Health().Service(
-			serverSVC,
-			"",
-			true,
-			nil,
-		)
-		require.NoError(r, err)
-		require.Equal(r, count, len(svcs))
-	})
-}
diff --git a/test-integ/peering_commontopo/ac6_failovers_test.go b/test-integ/peering_commontopo/ac6_failovers_test.go
deleted file mode 100644
index fe3cd181b203..000000000000
--- a/test-integ/peering_commontopo/ac6_failovers_test.go
+++ /dev/null
@@ -1,432 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
-)
-
-// note: unlike other *Suite structs that are per-peering direction,
-// this one is special and does all directions itself, because the
-// setup is not exactly symmetrical
-type ac6FailoversSuite struct {
-	ac6 map[nodeKey]ac6FailoversContext
-}
-type ac6FailoversContext struct {
-	clientSID topology.ServiceID
-	serverSID topology.ServiceID
-
-	// used to remove the node and trigger failover
-	serverNode topology.NodeID
-}
-type nodeKey struct {
-	dc        string
-	partition string
-}
-
-// Note: this test cannot share topo
-func TestAC6Failovers(t *testing.T) {
-	ct := NewCommonTopo(t)
-	s := &ac6FailoversSuite{}
-	s.setup(t, ct)
-	ct.Launch(t)
-	s.test(t, ct)
-}
-
-func (s *ac6FailoversSuite) setup(t *testing.T, ct *commonTopo) {
-	// TODO: update setups to loop through a cluster's partitions+namespaces internally
-	s.setupAC6Failovers(ct, ct.DC1, ct.DC2)
-	s.setupAC6Failovers(ct, ct.DC2, ct.DC1)
-	s.setupAC6FailoversDC3(ct, ct.DC3, ct.DC1, ct.DC2)
-}
-
-// dc1 is peered with dc2 and dc3.
-// dc1 has an ac6-client in "default" and "part1" partitions (only default in CE).
-// ac6-client has a single upstream ac6-failover-svc in its respective partition^.
-//
-// ac6-failover-svc has the following failovers:
-//   - peer-dc2-default
-//   - peer-dc2-part1 (not in CE)
-//   - peer-dc3-default
-//
-// This setup is mirrored from dc2->dc1 as well
-// (both dcs have dc3 as the last failover target)
-//
-// ^NOTE: There are no cross-partition upstreams because MeshGatewayMode = local
-// and failover information gets stripped out by the mesh gateways so we
-// can't test failovers.
-func (s *ac6FailoversSuite) setupAC6Failovers(ct *commonTopo, clu, peerClu *topology.Cluster) {
-	for _, part := range clu.Partitions {
-		partition := part.Name
-
-		// There is a peering per partition in the peered cluster
-		var peers []string
-		for _, peerPart := range peerClu.Partitions {
-			peers = append(peers, LocalPeerName(peerClu, peerPart.Name))
-		}
-
-		// Make an HTTP server with various failover targets
-		serverSID := topology.ServiceID{
-			Name:      "ac6-failover-svc",
-			Partition: partition,
-		}
-		server := NewFortioServiceWithDefaults(
-			clu.Datacenter,
-			serverSID,
-			nil,
-		)
-		// Export to all known peers
-		ct.ExportService(clu, partition,
-			api.ExportedService{
-				Name: server.ID.Name,
-				Consumers: func() []api.ServiceConsumer {
-					var consumers []api.ServiceConsumer
-					for _, peer := range peers {
-						consumers = append(consumers, api.ServiceConsumer{
-							Peer: peer,
-						})
-					}
-					return consumers
-				}(),
-			},
-		)
-		serverNode := ct.AddServiceNode(clu, serviceExt{Service: server})
-
-		clu.InitialConfigEntries = append(clu.InitialConfigEntries,
-			&api.ServiceConfigEntry{
-				Kind:      api.ServiceDefaults,
-				Name:      server.ID.Name,
-				Partition: ConfigEntryPartition(partition),
-				Protocol:  "http",
-			},
-			&api.ServiceResolverConfigEntry{
-				Kind:      api.ServiceResolver,
-				Name:      server.ID.Name,
-				Partition: ConfigEntryPartition(partition),
-				Failover: map[string]api.ServiceResolverFailover{
-					"*": {
-						Targets: func() []api.ServiceResolverFailoverTarget {
-							// Make a failover target for every partition in the peer cluster
-							var targets []api.ServiceResolverFailoverTarget
-							for _, peer := range peers {
-								targets = append(targets, api.ServiceResolverFailoverTarget{
-									Peer: peer,
-								})
-							}
-							// Just hard code default partition for dc3, since the exhaustive
-							// testing will be done against dc2.
-							targets = append(targets, api.ServiceResolverFailoverTarget{
-								Peer: "peer-dc3-default",
-							})
-							return targets
-						}(),
-					},
-				},
-			},
-		)
-
-		// Make client which will dial server
-		clientSID := topology.ServiceID{
-			Name:      "ac6-client",
-			Partition: partition,
-		}
-		client := NewFortioServiceWithDefaults(
-			clu.Datacenter,
-			clientSID,
-			func(s *topology.Service) {
-				// Upstream per partition
-				s.Upstreams = []*topology.Upstream{
-					{
-						ID: topology.ServiceID{
-							Name:      server.ID.Name,
-							Partition: part.Name,
-						},
-						LocalPort: 5000,
-						// exposed so we can hit it directly
-						// TODO: we shouldn't do this; it's not realistic
-						LocalAddress: "0.0.0.0",
-					},
-				}
-			},
-		)
-		ct.ExportService(clu, partition,
-			api.ExportedService{
-				Name: client.ID.Name,
-				Consumers: func() []api.ServiceConsumer {
-					var consumers []api.ServiceConsumer
-					// Export to each peer
-					for _, peer := range peers {
-						consumers = append(consumers, api.ServiceConsumer{
-							Peer: peer,
-						})
-					}
-					return consumers
-				}(),
-			},
-		)
-		ct.AddServiceNode(clu, serviceExt{Service: client})
-
-		clu.InitialConfigEntries = append(clu.InitialConfigEntries,
-			&api.ServiceConfigEntry{
-				Kind:      api.ServiceDefaults,
-				Name:      client.ID.Name,
-				Partition: ConfigEntryPartition(partition),
-				Protocol:  "http",
-			},
-		)
-
-		// Add intention allowing local and peered clients to call server
-		clu.InitialConfigEntries = append(clu.InitialConfigEntries,
-			&api.ServiceIntentionsConfigEntry{
-				Kind:      api.ServiceIntentions,
-				Name:      server.ID.Name,
-				Partition: ConfigEntryPartition(partition),
-				// SourceIntention for local client and peered clients
-				Sources: func() []*api.SourceIntention {
-					ixns := []*api.SourceIntention{
-						{
-							Name:      client.ID.Name,
-							Partition: ConfigEntryPartition(part.Name),
-							Action:    api.IntentionActionAllow,
-						},
-					}
-					for _, peer := range peers {
-						ixns = append(ixns, &api.SourceIntention{
-							Name:   client.ID.Name,
-							Peer:   peer,
-							Action: api.IntentionActionAllow,
-						})
-					}
-					return ixns
-				}(),
-			},
-		)
-		if s.ac6 == nil {
-			s.ac6 = map[nodeKey]ac6FailoversContext{}
-		}
-		s.ac6[nodeKey{clu.Datacenter, partition}] = struct {
-			clientSID  topology.ServiceID
-			serverSID  topology.ServiceID
-			serverNode topology.NodeID
-		}{
-			clientSID:  clientSID,
-			serverSID:  serverSID,
-			serverNode: serverNode.ID(),
-		}
-	}
-}
-
-func (s *ac6FailoversSuite) setupAC6FailoversDC3(ct *commonTopo, clu, peer1, peer2 *topology.Cluster) {
-	var peers []string
-	for _, part := range peer1.Partitions {
-		peers = append(peers, LocalPeerName(peer1, part.Name))
-	}
-	for _, part := range peer2.Partitions {
-		peers = append(peers, LocalPeerName(peer2, part.Name))
-	}
-
-	partition := "default"
-
-	// Make an HTTP server
-	server := NewFortioServiceWithDefaults(
-		clu.Datacenter,
-		topology.ServiceID{
-			Name:      "ac6-failover-svc",
-			Partition: partition,
-		},
-		nil,
-	)
-
-	ct.AddServiceNode(clu, serviceExt{
-		Service: server,
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      server.ID.Name,
-			Partition: ConfigEntryPartition(partition),
-			Protocol:  "http",
-		},
-		Intentions: &api.ServiceIntentionsConfigEntry{
-			Kind:      api.ServiceIntentions,
-			Name:      server.ID.Name,
-			Partition: ConfigEntryPartition(partition),
-			Sources: func() []*api.SourceIntention {
-				var ixns []*api.SourceIntention
-				for _, peer := range peers {
-					ixns = append(ixns, &api.SourceIntention{
-						Name:   "ac6-client",
-						Peer:   peer,
-						Action: api.IntentionActionAllow,
-					})
-				}
-				return ixns
-			}(),
-		},
-		Exports: func() []api.ServiceConsumer {
-			var consumers []api.ServiceConsumer
-			for _, peer := range peers {
-				consumers = append(consumers, api.ServiceConsumer{
-					Peer: peer,
-				})
-			}
-			return consumers
-		}(),
-	})
-}
-
-func (s *ac6FailoversSuite) test(t *testing.T, ct *commonTopo) {
-	dc1 := ct.Sprawl.Topology().Clusters["dc1"]
-	dc2 := ct.Sprawl.Topology().Clusters["dc2"]
-
-	type testcase struct {
-		name      string
-		cluster   *topology.Cluster
-		peer      *topology.Cluster
-		partition string
-	}
-	tcs := []testcase{
-		{
-			name:      "dc1 default partition failovers",
-			cluster:   dc1,
-			peer:      dc2, // dc3 is hardcoded
-			partition: "default",
-		},
-		{
-			name:      "dc1 part1 partition failovers",
-			cluster:   dc1,
-			peer:      dc2, // dc3 is hardcoded
-			partition: "part1",
-		},
-		{
-			name:      "dc2 default partition failovers",
-			cluster:   dc2,
-			peer:      dc1, // dc3 is hardcoded
-			partition: "default",
-		},
-		{
-			name:      "dc2 part1 partition failovers",
-			cluster:   dc2,
-			peer:      dc1, // dc3 is hardcoded
-			partition: "part1",
-		},
-	}
-	for _, tc := range tcs {
-		t.Run(tc.name, func(t *testing.T) {
-			// NOTE: *not parallel* because we mutate resources that are shared
-			// between test cases (disable/enable nodes)
-			if !utils.IsEnterprise() && tc.partition != "default" {
-				t.Skip("skipping enterprise test")
-			}
-			partition := tc.partition
-			clu := tc.cluster
-			peerClu := tc.peer
-
-			svcs := clu.ServicesByID(s.ac6[nodeKey{clu.Datacenter, partition}].clientSID)
-			require.Len(t, svcs, 1, "expected exactly one client in datacenter")
-
-			serverSID := s.ac6[nodeKey{clu.Datacenter, partition}].serverSID
-			serverSID.Normalize()
-
-			client := svcs[0]
-			require.Len(t, client.Upstreams, 1, "expected one upstream for client")
-
-			u := client.Upstreams[0]
-			ct.Assert.CatalogServiceExists(t, clu.Name, u.ID.Name, utils.CompatQueryOpts(&api.QueryOptions{
-				Partition: u.ID.Partition,
-			}))
-
-			t.Cleanup(func() {
-				cfg := ct.Sprawl.Config()
-				for _, part := range clu.Partitions {
-					EnableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, part.Name}].serverNode)
-				}
-				for _, part := range peerClu.Partitions {
-					EnableNode(t, cfg, peerClu.Name, s.ac6[nodeKey{peerClu.Datacenter, part.Name}].serverNode)
-				}
-				require.NoError(t, ct.Sprawl.Relaunch(cfg))
-			})
-
-			fmt.Println("### preconditions")
-			// TODO: deduce this number, instead of hard-coding
-			nFailoverTargets := 4
-			// in CE, we don't have failover targets for non-default partitions
-			if !utils.IsEnterprise() {
-				nFailoverTargets = 3
-			}
-			for i := 0; i < nFailoverTargets; i++ {
-				ct.Assert.UpstreamEndpointStatus(t, client, fmt.Sprintf("failover-target~%d~%s", i, clusterPrefix(u, clu.Datacenter)), "HEALTHY", 1)
-			}
-
-			ct.Assert.FortioFetch2FortioName(t, client, u, clu.Name, serverSID)
-
-			if t.Failed() {
-				t.Fatalf("failed preconditions")
-			}
-
-			fmt.Println("### Failover to peer target")
-			cfg := ct.Sprawl.Config()
-			DisableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, partition}].serverNode)
-			require.NoError(t, ct.Sprawl.Relaunch(cfg))
-			// Clusters for imported services rely on outlier detection for
-			// failovers, NOT eds_health_status. This means that killing the
-			// node above does not actually make the envoy cluster UNHEALTHY
-			// so we do not assert for it.
-			expectUID := topology.ServiceID{
-				Name:      u.ID.Name,
-				Partition: "default",
-			}
-			expectUID.Normalize()
-			ct.Assert.FortioFetch2FortioName(t, client, u, peerClu.Name, expectUID)
-
-			if utils.IsEnterprise() {
-				fmt.Println("### Failover to peer target in non-default partition")
-				cfg = ct.Sprawl.Config()
-				DisableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, partition}].serverNode)
-				DisableNode(t, cfg, peerClu.Name, s.ac6[nodeKey{peerClu.Datacenter, "default"}].serverNode)
-				require.NoError(t, ct.Sprawl.Relaunch(cfg))
-				// Retry until outlier_detection deems the cluster
-				// unhealthy and fails over to peer part1.
-				expectUID = topology.ServiceID{
-					Name:      u.ID.Name,
-					Partition: "part1",
-				}
-				expectUID.Normalize()
-				ct.Assert.FortioFetch2FortioName(t, client, u, peerClu.Name, expectUID)
-			}
-
-			fmt.Println("### Failover to dc3 peer target")
-			cfg = ct.Sprawl.Config()
-			DisableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, partition}].serverNode)
-			// Disable all partitions for peer
-			for _, part := range peerClu.Partitions {
-				DisableNode(t, cfg, peerClu.Name, s.ac6[nodeKey{peerClu.Datacenter, part.Name}].serverNode)
-			}
-			require.NoError(t, ct.Sprawl.Relaunch(cfg))
-			// This will retry until outlier_detection deems the cluster
-			// unhealthy and fails over to dc3.
-			expectUID = topology.ServiceID{
-				Name:      u.ID.Name,
-				Partition: "default",
-			}
-			expectUID.Normalize()
-			ct.Assert.FortioFetch2FortioName(t, client, u, "dc3", expectUID)
-		})
-	}
-}
-
-func clusterPrefix(u *topology.Upstream, dc string) string {
-	u.ID.Normalize()
-	switch u.ID.Partition {
-	case "default":
-		return fmt.Sprintf("%s.%s.%s.internal", u.ID.Name, u.ID.Namespace, dc)
-	default:
-		return fmt.Sprintf("%s.%s.%s.%s.internal-v1", u.ID.Name, u.ID.Namespace, u.ID.Partition, dc)
-	}
-}
diff --git a/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go b/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go
deleted file mode 100644
index b8da4e34bf99..000000000000
--- a/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go
+++ /dev/null
@@ -1,191 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"fmt"
-	"strings"
-	"testing"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/api"
-)
-
-// TestRotateGW ensures that peered services continue to be able to talk to their
-// upstreams during a mesh gateway rotation
-// NOTE: because suiteRotateGW needs to mutate the topo, we actually *DO NOT* share a topo
-
-type suiteRotateGW struct {
-	DC   string
-	Peer string
-
-	sidServer  topology.ServiceID
-	nodeServer topology.NodeID
-
-	sidClient  topology.ServiceID
-	nodeClient topology.NodeID
-
-	upstream *topology.Upstream
-
-	newMGWNodeName string
-}
-
-func TestRotateGW(t *testing.T) {
-	suites := []*suiteRotateGW{
-		{DC: "dc1", Peer: "dc2"},
-		{DC: "dc2", Peer: "dc1"},
-	}
-	ct := NewCommonTopo(t)
-	for _, s := range suites {
-		s.setup(t, ct)
-	}
-	ct.Launch(t)
-	for _, s := range suites {
-		s := s
-		t.Run(fmt.Sprintf("%s->%s", s.DC, s.Peer), func(t *testing.T) {
-			// no t.Parallel() due to Relaunch
-			s.test(t, ct)
-		})
-	}
-}
-
-func (s *suiteRotateGW) setup(t *testing.T, ct *commonTopo) {
-	const prefix = "ac7-1-"
-
-	clu := ct.ClusterByDatacenter(t, s.DC)
-	peerClu := ct.ClusterByDatacenter(t, s.Peer)
-	partition := "default"
-	peer := LocalPeerName(peerClu, "default")
-	cluPeerName := LocalPeerName(clu, "default")
-
-	server := NewFortioServiceWithDefaults(
-		peerClu.Datacenter,
-		topology.ServiceID{
-			Name:      prefix + "server-http",
-			Partition: partition,
-		},
-		nil,
-	)
-
-	// Make clients which have server upstreams
-	upstream := &topology.Upstream{
-		ID: topology.ServiceID{
-			Name:      server.ID.Name,
-			Partition: partition,
-		},
-		// TODO: we shouldn't need this, need to investigate
-		LocalAddress: "0.0.0.0",
-		LocalPort:    5001,
-		Peer:         peer,
-	}
-	// create client in us
-	client := NewFortioServiceWithDefaults(
-		clu.Datacenter,
-		topology.ServiceID{
-			Name:      prefix + "client",
-			Partition: partition,
-		},
-		func(s *topology.Service) {
-			s.Upstreams = []*topology.Upstream{
-				upstream,
-			}
-		},
-	)
-	clientNode := ct.AddServiceNode(clu, serviceExt{Service: client,
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      client.ID.Name,
-			Partition: ConfigEntryPartition(client.ID.Partition),
-			Protocol:  "http",
-			UpstreamConfig: &api.UpstreamConfiguration{
-				Defaults: &api.UpstreamConfig{
-					MeshGateway: api.MeshGatewayConfig{
-						Mode: api.MeshGatewayModeLocal,
-					},
-				},
-			},
-		},
-	})
-	// actually to be used by the other pairing
-	serverNode := ct.AddServiceNode(peerClu, serviceExt{
-		Service: server,
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      server.ID.Name,
-			Partition: ConfigEntryPartition(partition),
-			Protocol:  "http",
-		},
-		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
-		Intentions: &api.ServiceIntentionsConfigEntry{
-			Kind:      api.ServiceIntentions,
-			Name:      server.ID.Name,
-			Partition: ConfigEntryPartition(partition),
-			Sources: []*api.SourceIntention{
-				{
-					Name:   client.ID.Name,
-					Peer:   cluPeerName,
-					Action: api.IntentionActionAllow,
-				},
-			},
-		},
-	})
-
-	s.sidClient = client.ID
-	s.nodeClient = clientNode.ID()
-	s.upstream = upstream
-	s.sidServer = server.ID
-	s.nodeServer = serverNode.ID()
-
-	// add a second mesh gateway "new"
-	s.newMGWNodeName = fmt.Sprintf("new-%s-default-mgw", clu.Name)
-	clu.Nodes = append(clu.Nodes, newTopologyMeshGatewaySet(
-		topology.NodeKindClient,
-		"default",
-		s.newMGWNodeName,
-		1,
-		[]string{clu.Datacenter, "wan"},
-		func(i int, node *topology.Node) {
-			node.Disabled = true
-		},
-	)...)
-}
-
-func (s *suiteRotateGW) test(t *testing.T, ct *commonTopo) {
-	dc := ct.Sprawl.Topology().Clusters[s.DC]
-	peer := ct.Sprawl.Topology().Clusters[s.Peer]
-
-	svcHTTPServer := peer.ServiceByID(
-		s.nodeServer,
-		s.sidServer,
-	)
-	svcHTTPClient := dc.ServiceByID(
-		s.nodeClient,
-		s.sidClient,
-	)
-	ct.Assert.HealthyWithPeer(t, dc.Name, svcHTTPServer.ID, LocalPeerName(peer, "default"))
-
-	ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)
-
-	t.Log("relaunching with new gateways")
-	cfg := ct.Sprawl.Config()
-	for _, n := range dc.Nodes {
-		if strings.HasPrefix(n.Name, s.newMGWNodeName) {
-			n.Disabled = false
-		}
-	}
-	require.NoError(t, ct.Sprawl.Relaunch(cfg))
-	ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)
-
-	t.Log("relaunching without old gateways")
-	cfg = ct.Sprawl.Config()
-	for _, n := range dc.Nodes {
-		if strings.HasPrefix(n.Name, fmt.Sprintf("%s-default-mgw", dc.Name)) {
-			n.Disabled = true
-		}
-	}
-	require.NoError(t, ct.Sprawl.Relaunch(cfg))
-	ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)
-}
diff --git a/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go b/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go
deleted file mode 100644
index 986e015a0244..000000000000
--- a/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go
+++ /dev/null
@@ -1,217 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"fmt"
-	"testing"
-	"time"
-
-	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/mitchellh/copystructure"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
-)
-
-// TestAC7_2RotateLeader ensures that after a leader rotation, information continues to replicate to peers
-// NOTE: because suiteRotateLeader needs to mutate the topo, we actually *DO NOT* share a topo
-type ac7_2RotateLeaderSuite struct {
-	DC   string
-	Peer string
-
-	sidServer  topology.ServiceID
-	nodeServer topology.NodeID
-
-	sidClient  topology.ServiceID
-	nodeClient topology.NodeID
-
-	upstream *topology.Upstream
-}
-
-func TestAC7_2RotateLeader(t *testing.T) {
-	suites := []*ac7_2RotateLeaderSuite{
-		{DC: "dc1", Peer: "dc2"},
-		{DC: "dc2", Peer: "dc1"},
-	}
-	ct := NewCommonTopo(t)
-	for _, s := range suites {
-		s.setup(t, ct)
-	}
-	ct.Launch(t)
-	for _, s := range suites {
-		s := s
-		t.Run(fmt.Sprintf("%s->%s", s.DC, s.Peer), func(t *testing.T) {
-			// no t.Parallel() due to Relaunch
-			s.test(t, ct)
-		})
-	}
-}
-
-// makes client in clu, server in peerClu
-func (s *ac7_2RotateLeaderSuite) setup(t *testing.T, ct *commonTopo) {
-	const prefix = "ac7-2-"
-
-	clu := ct.ClusterByDatacenter(t, s.DC)
-	peerClu := ct.ClusterByDatacenter(t, s.Peer)
-	partition := "default"
-	peer := LocalPeerName(peerClu, "default")
-	cluPeerName := LocalPeerName(clu, "default")
-
-	server := NewFortioServiceWithDefaults(
-		peerClu.Datacenter,
-		topology.ServiceID{
-			Name:      prefix + "server-http",
-			Partition: partition,
-		},
-		nil,
-	)
-
-	// Make clients which have server upstreams
-	upstream := &topology.Upstream{
-		ID: topology.ServiceID{
-			Name:      server.ID.Name,
-			Partition: partition,
-		},
-		LocalPort: 5001,
-		Peer:      peer,
-	}
-	// create client in us
-	client := NewFortioServiceWithDefaults(
-		clu.Datacenter,
-		topology.ServiceID{
-			Name:      prefix + "client",
-			Partition: partition,
-		},
-		func(s *topology.Service) {
-			s.Upstreams = []*topology.Upstream{
-				upstream,
-			}
-		},
-	)
-	clientNode := ct.AddServiceNode(clu, serviceExt{Service: client,
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      client.ID.Name,
-			Partition: ConfigEntryPartition(client.ID.Partition),
-			Protocol:  "http",
-			UpstreamConfig: &api.UpstreamConfiguration{
-				Defaults: &api.UpstreamConfig{
-					MeshGateway: api.MeshGatewayConfig{
-						Mode: api.MeshGatewayModeLocal,
-					},
-				},
-			},
-		},
-	})
-	// actually to be used by the other pairing
-	serverNode := ct.AddServiceNode(peerClu, serviceExt{
-		Service: server,
-		Config: &api.ServiceConfigEntry{
-			Kind:      api.ServiceDefaults,
-			Name:      server.ID.Name,
-			Partition: ConfigEntryPartition(partition),
-			Protocol:  "http",
-		},
-		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
-		Intentions: &api.ServiceIntentionsConfigEntry{
-			Kind:      api.ServiceIntentions,
-			Name:      server.ID.Name,
-			Partition: ConfigEntryPartition(partition),
-			Sources: []*api.SourceIntention{
-				{
-					Name:   client.ID.Name,
-					Peer:   cluPeerName,
-					Action: api.IntentionActionAllow,
-				},
-			},
-		},
-	})
-
-	s.sidClient = client.ID
-	s.nodeClient = clientNode.ID()
-	s.upstream = upstream
-	s.sidServer = server.ID
-	s.nodeServer = serverNode.ID()
-}
-
-func (s *ac7_2RotateLeaderSuite) test(t *testing.T, ct *commonTopo) {
-	dc := ct.Sprawl.Topology().Clusters[s.DC]
-	peer := ct.Sprawl.Topology().Clusters[s.Peer]
-	clDC := ct.APIClientForCluster(t, dc)
-	clPeer := ct.APIClientForCluster(t, peer)
-
-	svcServer := peer.ServiceByID(s.nodeServer, s.sidServer)
-	svcClient := dc.ServiceByID(s.nodeClient, s.sidClient)
-	ct.Assert.HealthyWithPeer(t, dc.Name, svcServer.ID, LocalPeerName(peer, "default"))
-
-	ct.Assert.FortioFetch2HeaderEcho(t, svcClient, s.upstream)
-
-	// force leader election
-	rotateLeader(t, clDC)
-	rotateLeader(t, clPeer)
-
-	// unexport httpServer
-	ce, _, err := clPeer.ConfigEntries().Get(api.ExportedServices, s.sidServer.Partition, nil)
-	require.NoError(t, err)
-	// ceAsES = config entry as ExportedServicesConfigEntry
-	ceAsES := ce.(*api.ExportedServicesConfigEntry)
-	origCE, err := copystructure.Copy(ceAsES)
-	require.NoError(t, err)
-	found := 0
-	foundI := 0
-	for i, svc := range ceAsES.Services {
-		if svc.Name == s.sidServer.Name && svc.Namespace == utils.DefaultToEmpty(s.sidServer.Namespace) {
-			found += 1
-			foundI = i
-		}
-	}
-	require.Equal(t, found, 1)
-	// remove found entry
-	ceAsES.Services = append(ceAsES.Services[:foundI], ceAsES.Services[foundI+1:]...)
-	_, _, err = clPeer.ConfigEntries().Set(ceAsES, nil)
-	require.NoError(t, err)
-	t.Cleanup(func() {
-		//restore for next pairing
-		_, _, err = clPeer.ConfigEntries().Set(origCE.(*api.ExportedServicesConfigEntry), nil)
-		require.NoError(t, err)
-	})
-
-	// expect health entry in for peer to disappear
-	retry.RunWith(&retry.Timer{Timeout: time.Minute, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
-		svcs, _, err := clDC.Health().Service(s.sidServer.Name, "", true, utils.CompatQueryOpts(&api.QueryOptions{
-			Partition: s.sidServer.Partition,
-			Namespace: s.sidServer.Namespace,
-			Peer:      LocalPeerName(peer, "default"),
-		}))
-		require.NoError(r, err)
-		assert.Equal(r, len(svcs), 0, "health entry for imported service gone")
-	})
-}
-
-func rotateLeader(t *testing.T, cl *api.Client) {
-	t.Helper()
-	oldLeader := findLeader(t, cl)
-	cl.Operator().RaftLeaderTransfer(nil)
-	retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: time.Second}, t, func(r *retry.R) {
-		newLeader := findLeader(r, cl)
-		require.NotEqual(r, oldLeader.ID, newLeader.ID)
-	})
-}
-
-func findLeader(t require.TestingT, cl *api.Client) *api.RaftServer {
-	raftConfig, err := cl.Operator().RaftGetConfiguration(nil)
-	require.NoError(t, err)
-	var leader *api.RaftServer
-	for _, svr := range raftConfig.Servers {
-		if svr.Leader {
-			leader = svr
-		}
-	}
-	require.NotNil(t, leader)
-	return leader
-}
diff --git a/test-integ/peering_commontopo/asserter.go b/test-integ/peering_commontopo/asserter.go
deleted file mode 100644
index 1fa1b81ef1f4..000000000000
--- a/test-integ/peering_commontopo/asserter.go
+++ /dev/null
@@ -1,301 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"regexp"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
-	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
-	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
-)
-
-// asserter is a utility to help in reducing boilerplate in invoking test
-// assertions against consul-topology Sprawl components.
-//
-// The methods should largely take in *topology.Service instances in lieu of
-// ip/ports if there is only one port that makes sense for the assertion (such
-// as use of the envoy admin port 19000).
-//
-// If it's up to the test (like picking an upstream) leave port as an argument
-// but still take the service and use that to grab the local ip from the
-// topology.Node.
-type asserter struct {
-	sp sprawlLite
-}
-
-// *sprawl.Sprawl satisfies this. We don't need anything else.
-type sprawlLite interface {
-	HTTPClientForCluster(clusterName string) (*http.Client, error)
-	APIClientForNode(clusterName string, nid topology.NodeID, token string) (*api.Client, error)
-	Topology() *topology.Topology
-}
-
-// newAsserter creates a new assertion helper for the provided sprawl.
-func newAsserter(sp sprawlLite) *asserter {
-	return &asserter{
-		sp: sp,
-	}
-}
-
-func (a *asserter) mustGetHTTPClient(t *testing.T, cluster string) *http.Client {
-	client, err := a.httpClientFor(cluster)
-	require.NoError(t, err)
-	return client
-}
-
-func (a *asserter) mustGetAPIClient(t *testing.T, cluster string) *api.Client {
-	cl, err := a.apiClientFor(cluster)
-	require.NoError(t, err)
-	return cl
-}
-
-func (a *asserter) apiClientFor(cluster string) (*api.Client, error) {
-	clu := a.sp.Topology().Clusters[cluster]
-	// TODO: this always goes to the first client, but we might want to balance this
-	cl, err := a.sp.APIClientForNode(cluster, clu.FirstClient().ID(), "")
-	return cl, err
-}
-
-// httpClientFor returns a pre-configured http.Client that proxies requests
-// through the embedded squid instance in each LAN.
-//
-// Use this in methods below to magically pick the right proxied http client
-// given the home of each node being checked.
-func (a *asserter) httpClientFor(cluster string) (*http.Client, error) {
-	client, err := a.sp.HTTPClientForCluster(cluster)
-	if err != nil {
-		return nil, err
-	}
-	return client, nil
-}
-
-// UpstreamEndpointStatus validates that proxy was configured with provided clusterName in the healthStatus
-//
-// Exposes libassert.UpstreamEndpointStatus for use against a Sprawl.
-//
-// NOTE: this doesn't take a port b/c you always want to use the envoy admin port.
-func (a *asserter) UpstreamEndpointStatus(
-	t *testing.T,
-	service *topology.Service,
-	clusterName string,
-	healthStatus string,
-	count int,
-) {
-	t.Helper()
-	node := service.Node
-	ip := node.LocalAddress()
-	port := service.EnvoyAdminPort
-	addr := fmt.Sprintf("%s:%d", ip, port)
-
-	client := a.mustGetHTTPClient(t, node.Cluster)
-	libassert.AssertUpstreamEndpointStatusWithClient(t, client, addr, clusterName, healthStatus, count)
-}
-
-// HTTPServiceEchoes verifies that a post to the given ip/port combination
-// returns the data in the response body. Optional path can be provided to
-// differentiate requests.
-//
-// Exposes libassert.HTTPServiceEchoes for use against a Sprawl.
-//
-// NOTE: this takes a port b/c you may want to reach this via your choice of upstream.
-func (a *asserter) HTTPServiceEchoes(
-	t *testing.T,
-	service *topology.Service,
-	port int,
-	path string,
-) {
-	t.Helper()
-	require.True(t, port > 0)
-
-	node := service.Node
-	ip := node.LocalAddress()
-	addr := fmt.Sprintf("%s:%d", ip, port)
-
-	client := a.mustGetHTTPClient(t, node.Cluster)
-	libassert.HTTPServiceEchoesWithClient(t, client, addr, path)
-}
-
-// HTTPServiceEchoesResHeader verifies that a post to the given ip/port combination
-// returns the data in the response body with expected response headers.
-// Optional path can be provided to differentiate requests.
-//
-// Exposes libassert.HTTPServiceEchoes for use against a Sprawl.
-//
-// NOTE: this takes a port b/c you may want to reach this via your choice of upstream.
-func (a *asserter) HTTPServiceEchoesResHeader(
-	t *testing.T,
-	service *topology.Service,
-	port int,
-	path string,
-	expectedResHeader map[string]string,
-) {
-	t.Helper()
-	require.True(t, port > 0)
-
-	node := service.Node
-	ip := node.LocalAddress()
-	addr := fmt.Sprintf("%s:%d", ip, port)
-
-	client := a.mustGetHTTPClient(t, node.Cluster)
-	libassert.HTTPServiceEchoesResHeaderWithClient(t, client, addr, path, expectedResHeader)
-}
-
-func (a *asserter) HTTPStatus(
-	t *testing.T,
-	service *topology.Service,
-	port int,
-	status int,
-) {
-	t.Helper()
-	require.True(t, port > 0)
-
-	node := service.Node
-	ip := node.LocalAddress()
-	addr := fmt.Sprintf("%s:%d", ip, port)
-
-	client := a.mustGetHTTPClient(t, node.Cluster)
-
-	url := "http://" + addr
-
-	retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
-		resp, err := client.Get(url)
-		if err != nil {
-			r.Fatalf("could not make request to %q: %v", url, err)
-		}
-		defer resp.Body.Close()
-		if resp.StatusCode != status {
-			r.Fatalf("expected status %d, got %d", status, resp.StatusCode)
-		}
-	})
-}
-
-// asserts that the service sid in cluster and exported by peer localPeerName is passing health checks,
-func (a *asserter) HealthyWithPeer(t *testing.T, cluster string, sid topology.ServiceID, peerName string) {
-	t.Helper()
-	cl := a.mustGetAPIClient(t, cluster)
-	retry.RunWith(&retry.Timer{Timeout: time.Minute * 1, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
-		svcs, _, err := cl.Health().Service(
-			sid.Name,
-			"",
-			true,
-			utils.CompatQueryOpts(&api.QueryOptions{
-				Partition: sid.Partition,
-				Namespace: sid.Namespace,
-				Peer:      peerName,
-			}),
-		)
-		require.NoError(r, err)
-		assert.GreaterOrEqual(r, len(svcs), 1)
-	})
-}
-
-func (a *asserter) UpstreamEndpointHealthy(t *testing.T, svc *topology.Service, upstream *topology.Upstream) {
-	t.Helper()
-	node := svc.Node
-	ip := node.LocalAddress()
-	port := svc.EnvoyAdminPort
-	addr := fmt.Sprintf("%s:%d", ip, port)
-
-	client := a.mustGetHTTPClient(t, node.Cluster)
-	libassert.AssertUpstreamEndpointStatusWithClient(t,
-		client,
-		addr,
-		// TODO: what is default? namespace? partition?
-		fmt.Sprintf("%s.default.%s.external", upstream.ID.Name, upstream.Peer),
-		"HEALTHY",
-		1,
-	)
-}
-
-// does a fortio /fetch2 to the given fortio service, targetting the given upstream. Returns
-// the body, and response with response.Body already Closed.
-//
-// We treat 400, 503, and 504s as retryable errors
-func (a *asserter) fortioFetch2Upstream(t *testing.T, fortioSvc *topology.Service, upstream *topology.Upstream, path string) (body []byte, res *http.Response) {
-	t.Helper()
-
-	// TODO: fortioSvc.ID.Normalize()? or should that be up to the caller?
-
-	node := fortioSvc.Node
-	client := a.mustGetHTTPClient(t, node.Cluster)
-	urlbase := fmt.Sprintf("%s:%d", node.LocalAddress(), fortioSvc.Port)
-
-	url := fmt.Sprintf("http://%s/fortio/fetch2?url=%s", urlbase,
-		url.QueryEscape(fmt.Sprintf("http://localhost:%d/%s", upstream.LocalPort, path)),
-	)
-
-	req, err := http.NewRequest(http.MethodPost, url, nil)
-	require.NoError(t, err)
-	retry.RunWith(&retry.Timer{Timeout: 60 * time.Second, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
-		res, err = client.Do(req)
-		require.NoError(r, err)
-		defer res.Body.Close()
-		// not sure when these happen, suspect it's when the mesh gateway in the peer is not yet ready
-		require.NotEqual(r, http.StatusServiceUnavailable, res.StatusCode)
-		require.NotEqual(r, http.StatusGatewayTimeout, res.StatusCode)
-		// not sure when this happens, suspect it's when envoy hasn't configured the local upstream yet
-		require.NotEqual(r, http.StatusBadRequest, res.StatusCode)
-		body, err = io.ReadAll(res.Body)
-		require.NoError(r, err)
-	})
-
-	return body, res
-}
-
-// uses the /fortio/fetch2 endpoint to do a header echo check against an
-// upstream fortio
-func (a *asserter) FortioFetch2HeaderEcho(t *testing.T, fortioSvc *topology.Service, upstream *topology.Upstream) {
-	const kPassphrase = "x-passphrase"
-	const passphrase = "hello"
-	path := (fmt.Sprintf("/?header=%s:%s", kPassphrase, passphrase))
-
-	retry.RunWith(&retry.Timer{Timeout: 60 * time.Second, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
-		_, res := a.fortioFetch2Upstream(t, fortioSvc, upstream, path)
-		require.Equal(t, http.StatusOK, res.StatusCode)
-		v := res.Header.Get(kPassphrase)
-		require.Equal(t, passphrase, v)
-	})
-}
-
-// similar to libassert.AssertFortioName,
-// uses the /fortio/fetch2 endpoint to hit the debug endpoint on the upstream,
-// and assert that the FORTIO_NAME == name
-func (a *asserter) FortioFetch2FortioName(t *testing.T, fortioSvc *topology.Service, upstream *topology.Upstream, clusterName string, sid topology.ServiceID) {
-	t.Helper()
-
-	var fortioNameRE = regexp.MustCompile(("\nFORTIO_NAME=(.+)\n"))
-	path := "/debug?env=dump"
-
-	retry.RunWith(&retry.Timer{Timeout: 60 * time.Second, Wait: time.Millisecond * 500}, t, func(r *retry.R) {
-		body, res := a.fortioFetch2Upstream(t, fortioSvc, upstream, path)
-		require.Equal(t, http.StatusOK, res.StatusCode)
-
-		// TODO: not sure we should retry these?
-		m := fortioNameRE.FindStringSubmatch(string(body))
-		require.GreaterOrEqual(r, len(m), 2)
-		// TODO: dedupe from NewFortioService
-		require.Equal(r, fmt.Sprintf("%s::%s", clusterName, sid.String()), m[1])
-	})
-}
-
-// CatalogServiceExists is the same as libassert.CatalogServiceExists, except that it uses
-// a proxied API client
-func (a *asserter) CatalogServiceExists(t *testing.T, cluster string, svc string, opts *api.QueryOptions) {
-	t.Helper()
-	cl := a.mustGetAPIClient(t, cluster)
-	libassert.CatalogServiceExists(t, cl, svc, opts)
-}
diff --git a/test-integ/peering_commontopo/commontopo.go b/test-integ/peering_commontopo/commontopo.go
deleted file mode 100644
index d0e2c8e55dcb..000000000000
--- a/test-integ/peering_commontopo/commontopo.go
+++ /dev/null
@@ -1,613 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"strconv"
-	"testing"
-	"text/tabwriter"
-	"time"
-
-	"github.com/hashicorp/consul/testing/deployer/sprawl"
-	"github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
-	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
-)
-
-// commonTopo helps create a shareable topology configured to represent
-// the common denominator between tests.
-//
-// Use NewCommonTopo to create.
-//
-// Compatible suites should implement sharedTopoSuite.
-//
-// Style:
-//   - avoid referencing components using strings, prefer IDs like Service ID, etc.
-//   - avoid passing addresses and ports, etc. Instead, look up components in sprawl.Topology
-//     by ID to find a concrete type, then pass that to helper functions that know which port to use
-//   - minimize the surface area of information passed between setup and test code (via members)
-//     to those that are strictly necessary
-type commonTopo struct {
-	//
-	Cfg *topology.Config
-	// shortcuts to corresponding entry in Cfg
-	DC1 *topology.Cluster
-	DC2 *topology.Cluster
-	DC3 *topology.Cluster
-
-	// set after Launch. Should be considered read-only
-	Sprawl *sprawl.Sprawl
-	Assert *asserter
-
-	// track per-DC services to prevent duplicates
-	services map[string]map[topology.ServiceID]struct{}
-}
-
-func NewCommonTopo(t *testing.T) *commonTopo {
-	t.Helper()
-
-	ct := commonTopo{}
-
-	// Make 3-server clusters in dc1 and dc2
-	// For simplicity, the Name and Datacenter of the clusters are the same.
-	// dc1 and dc2 should be symmetric.
-	dc1 := clusterWithJustServers("dc1", 3)
-	ct.DC1 = dc1
-	dc2 := clusterWithJustServers("dc2", 3)
-	ct.DC2 = dc2
-	// dc3 is a failover cluster for both dc1 and dc2
-	dc3 := clusterWithJustServers("dc3", 1)
-	// dc3 is only used for certain failover scenarios and does not need tenancies
-	dc3.Partitions = []*topology.Partition{{Name: "default"}}
-	ct.DC3 = dc3
-
-	injectTenancies(dc1)
-	injectTenancies(dc2)
-	// dc3 is only used for certain failover scenarios and does not need tenancies
-	dc3.Partitions = []*topology.Partition{{Name: "default"}}
-
-	ct.services = map[string]map[topology.ServiceID]struct{}{}
-	for _, dc := range []*topology.Cluster{dc1, dc2, dc3} {
-		ct.services[dc.Datacenter] = map[topology.ServiceID]struct{}{}
-	}
-
-	peerings := addPeerings(dc1, dc2)
-	peerings = append(peerings, addPeerings(dc1, dc3)...)
-	peerings = append(peerings, addPeerings(dc2, dc3)...)
-
-	addMeshGateways(dc1, topology.NodeKindClient)
-	addMeshGateways(dc2, topology.NodeKindClient)
-	addMeshGateways(dc3, topology.NodeKindClient)
-	// TODO: consul-topology doesn't support this yet
-	// addMeshGateways(dc2, topology.NodeKindDataplane)
-
-	setupGlobals(dc1)
-	setupGlobals(dc2)
-	setupGlobals(dc3)
-
-	// Build final configuration
-	ct.Cfg = &topology.Config{
-		Images: utils.TargetImages(),
-		Networks: []*topology.Network{
-			{Name: dc1.Datacenter}, // "dc1" LAN
-			{Name: dc2.Datacenter}, // "dc2" LAN
-			{Name: dc3.Datacenter}, // "dc3" LAN
-			{Name: "wan", Type: "wan"},
-		},
-		Clusters: []*topology.Cluster{
-			dc1,
-			dc2,
-			dc3,
-		},
-		Peerings: peerings,
-	}
-	return &ct
-}
-
-// calls sprawltest.Launch followed by s.postLaunchChecks
-func (ct *commonTopo) Launch(t *testing.T) {
-	if ct.Sprawl != nil {
-		t.Fatalf("Launch must only be called once")
-	}
-	ct.Sprawl = sprawltest.Launch(t, ct.Cfg)
-
-	ct.Assert = newAsserter(ct.Sprawl)
-	ct.postLaunchChecks(t)
-}
-
-// tests that use Relaunch might want to call this again afterwards
-func (ct *commonTopo) postLaunchChecks(t *testing.T) {
-	t.Logf("TESTING RELATIONSHIPS: \n%s",
-		renderRelationships(computeRelationships(ct.Sprawl.Topology())),
-	)
-
-	// check that exports line up as expected
-	for _, clu := range ct.Sprawl.Config().Clusters {
-		// expected exports per peer
-		type key struct {
-			peer      string
-			partition string
-			namespace string
-		}
-		eepp := map[key]int{}
-		for _, e := range clu.InitialConfigEntries {
-			if e.GetKind() == api.ExportedServices {
-				asExport := e.(*api.ExportedServicesConfigEntry)
-				// do we care about the partition?
-				for _, svc := range asExport.Services {
-					for _, con := range svc.Consumers {
-						// do we care about con.Partition?
-						// TODO: surely there is code to normalize this
-						partition := asExport.Partition
-						if partition == "" {
-							partition = "default"
-						}
-						namespace := svc.Namespace
-						if namespace == "" {
-							namespace = "default"
-						}
-						eepp[key{peer: con.Peer, partition: partition, namespace: namespace}] += 1
-					}
-				}
-			}
-		}
-		cl := ct.APIClientForCluster(t, clu)
-		// TODO: these could probably be done in parallel
-		for k, v := range eepp {
-			retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) {
-				peering, _, err := cl.Peerings().Read(context.Background(), k.peer, utils.CompatQueryOpts(&api.QueryOptions{
-					Partition: k.partition,
-					Namespace: k.namespace,
-				}))
-				require.Nil(r, err, "reading peering data")
-				require.NotNilf(r, peering, "peering not found %q", k.peer)
-				assert.Len(r, peering.StreamStatus.ExportedServices, v, "peering exported services")
-			})
-		}
-	}
-
-	if t.Failed() {
-		t.Fatal("failing fast: post-Launch assertions failed")
-	}
-}
-
-// PeerName is how you'd address a remote dc+partition locally
-// as your peer name.
-func LocalPeerName(clu *topology.Cluster, partition string) string {
-	return fmt.Sprintf("peer-%s-%s", clu.Datacenter, partition)
-}
-
-// TODO: move these to topology
-// TODO: alternatively, delete it: we only use it in one place, to bundle up args
-type serviceExt struct {
-	*topology.Service
-
-	// default NodeKindClient
-	NodeKind topology.NodeKind
-
-	Exports    []api.ServiceConsumer
-	Config     *api.ServiceConfigEntry
-	Intentions *api.ServiceIntentionsConfigEntry
-}
-
-func (ct *commonTopo) AddServiceNode(clu *topology.Cluster, svc serviceExt) *topology.Node {
-	clusterName := clu.Name
-	if _, ok := ct.services[clusterName][svc.ID]; ok {
-		panic(fmt.Sprintf("duplicate service %q in cluster %q", svc.ID, clusterName))
-	}
-	ct.services[clusterName][svc.ID] = struct{}{}
-
-	// TODO: inline
-	serviceHostnameString := func(dc string, id topology.ServiceID) string {
-		n := id.Name
-		// prepend <namespace>- and <partition>- if they are not default/empty
-		// avoids hostname limit of 63 chars in most cases
-		// TODO: this obviously isn't scalable
-		if id.Namespace != "default" && id.Namespace != "" {
-			n = id.Namespace + "-" + n
-		}
-		if id.Partition != "default" && id.Partition != "" {
-			n = id.Partition + "-" + n
-		}
-		n = dc + "-" + n
-		// TODO: experimentally, when this is larger than 63, docker can't start
-		// the host. confirmed by internet rumor https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27763
-		if len(n) > 63 {
-			panic(fmt.Sprintf("docker hostname must not be longer than 63 chars: %q", n))
-		}
-		return n
-	}
-
-	node := &topology.Node{
-		Kind:      topology.NodeKindClient,
-		Name:      serviceHostnameString(clu.Datacenter, svc.ID),
-		Partition: svc.ID.Partition,
-		Addresses: []*topology.Address{
-			{Network: clu.Datacenter},
-		},
-		Services: []*topology.Service{
-			svc.Service,
-		},
-		Cluster: clusterName,
-	}
-	if svc.NodeKind != "" {
-		node.Kind = svc.NodeKind
-	}
-	clu.Nodes = append(clu.Nodes, node)
-
-	// Export if necessary
-	if len(svc.Exports) > 0 {
-		ct.ExportService(clu, svc.ID.Partition, api.ExportedService{
-			Name:      svc.ID.Name,
-			Namespace: svc.ID.Namespace,
-			Consumers: svc.Exports,
-		})
-	}
-
-	// Add any config entries
-	if svc.Config != nil {
-		clu.InitialConfigEntries = append(clu.InitialConfigEntries, svc.Config)
-	}
-	if svc.Intentions != nil {
-		clu.InitialConfigEntries = append(clu.InitialConfigEntries, svc.Intentions)
-	}
-
-	return node
-}
-
-func (ct *commonTopo) APIClientForCluster(t *testing.T, clu *topology.Cluster) *api.Client {
-	cl, err := ct.Sprawl.APIClientForNode(clu.Name, clu.FirstClient().ID(), "")
-	require.NoError(t, err)
-	return cl
-}
-
-// ExportService looks for an existing ExportedServicesConfigEntry for the given partition
-// and inserts svcs. If none is found, it inserts a new ExportedServicesConfigEntry.
-func (ct *commonTopo) ExportService(clu *topology.Cluster, partition string, svcs ...api.ExportedService) {
-	var found bool
-	for _, ce := range clu.InitialConfigEntries {
-		// We check Name because it must be "default" in CE whereas Partition will be "".
-		if ce.GetKind() == api.ExportedServices && ce.GetName() == partition {
-			found = true
-			e := ce.(*api.ExportedServicesConfigEntry)
-			e.Services = append(e.Services, svcs...)
-		}
-	}
-	if !found {
-		clu.InitialConfigEntries = append(clu.InitialConfigEntries,
-			&api.ExportedServicesConfigEntry{
-				Name:      partition, // this NEEDs to be "default" in CE
-				Partition: ConfigEntryPartition(partition),
-				Services:  svcs,
-			},
-		)
-	}
-}
-
-func (ct *commonTopo) ClusterByDatacenter(t *testing.T, name string) *topology.Cluster {
-	t.Helper()
-
-	for _, clu := range ct.Cfg.Clusters {
-		if clu.Datacenter == name {
-			return clu
-		}
-	}
-	t.Fatalf("cluster %q not found", name)
-	return nil
-}
-
-// Since CE config entries do not contain the partition field,
-// this func converts default partition to empty string.
-func ConfigEntryPartition(p string) string {
-	if p == "default" {
-		return "" // make this CE friendly
-	}
-	return p
-}
-
-// disableNode is a no-op if the node is already disabled.
-func DisableNode(t *testing.T, cfg *topology.Config, clusterName string, nid topology.NodeID) *topology.Config {
-	nodes := cfg.Cluster(clusterName).Nodes
-	var found bool
-	for _, n := range nodes {
-		if n.ID() == nid {
-			found = true
-			if n.Disabled {
-				return cfg
-			}
-			t.Logf("disabling node %s in cluster %s", nid.String(), clusterName)
-			n.Disabled = true
-			break
-		}
-	}
-	require.True(t, found, "expected to find nodeID %q in cluster %q", nid.String(), clusterName)
-	return cfg
-}
-
-// enableNode is a no-op if the node is already enabled.
-func EnableNode(t *testing.T, cfg *topology.Config, clusterName string, nid topology.NodeID) *topology.Config {
-	nodes := cfg.Cluster(clusterName).Nodes
-	var found bool
-	for _, n := range nodes {
-		if n.ID() == nid {
-			found = true
-			if !n.Disabled {
-				return cfg
-			}
-			t.Logf("enabling node %s in cluster %s", nid.String(), clusterName)
-			n.Disabled = false
-			break
-		}
-	}
-	require.True(t, found, "expected to find nodeID %q in cluster %q", nid.String(), clusterName)
-	return cfg
-}
-
-func setupGlobals(clu *topology.Cluster) {
-	for _, part := range clu.Partitions {
-		clu.InitialConfigEntries = append(clu.InitialConfigEntries,
-			&api.ProxyConfigEntry{
-				Name:      api.ProxyConfigGlobal,
-				Kind:      api.ProxyDefaults,
-				Partition: ConfigEntryPartition(part.Name),
-				MeshGateway: api.MeshGatewayConfig{
-					// Although we define service-defaults for most upstreams in
-					// this test suite, failover tests require a global mode
-					// because the default for peered targets is MeshGatewayModeRemote.
-					Mode: api.MeshGatewayModeLocal,
-				},
-			},
-		)
-	}
-}
-
-// addMeshGateways adds a mesh gateway for every partition in the cluster.
-// Assumes that the LAN network name is equal to datacenter name.
-func addMeshGateways(c *topology.Cluster, kind topology.NodeKind) {
-	for _, p := range c.Partitions {
-		c.Nodes = topology.MergeSlices(c.Nodes, newTopologyMeshGatewaySet(
-			kind,
-			p.Name,
-			fmt.Sprintf("%s-%s-mgw", c.Name, p.Name),
-			1,
-			[]string{c.Datacenter, "wan"},
-			nil,
-		))
-	}
-}
-
-func clusterWithJustServers(name string, numServers int) *topology.Cluster {
-	return &topology.Cluster{
-		Enterprise: utils.IsEnterprise(),
-		Name:       name,
-		Datacenter: name,
-		Nodes: newTopologyServerSet(
-			name+"-server",
-			numServers,
-			[]string{name, "wan"},
-			nil,
-		),
-	}
-}
-
-func addPeerings(acc *topology.Cluster, dial *topology.Cluster) []*topology.Peering {
-	peerings := []*topology.Peering{}
-	for _, accPart := range acc.Partitions {
-		for _, dialPart := range dial.Partitions {
-			peerings = append(peerings, &topology.Peering{
-				Accepting: topology.PeerCluster{
-					Name:      acc.Datacenter,
-					Partition: accPart.Name,
-					PeerName:  LocalPeerName(dial, dialPart.Name),
-				},
-				Dialing: topology.PeerCluster{
-					Name:      dial.Datacenter,
-					Partition: dialPart.Name,
-					PeerName:  LocalPeerName(acc, accPart.Name),
-				},
-			})
-		}
-	}
-	return peerings
-}
-
-func injectTenancies(clu *topology.Cluster) {
-	if !utils.IsEnterprise() {
-		clu.Partitions = []*topology.Partition{
-			{
-				Name: "default",
-				Namespaces: []string{
-					"default",
-				},
-			},
-		}
-		return
-	}
-
-	for _, part := range []string{"default", "part1"} {
-		clu.Partitions = append(clu.Partitions,
-			&topology.Partition{
-				Name: part,
-				Namespaces: []string{
-					"default",
-					"ns1",
-				},
-			},
-		)
-	}
-}
-
-func newTopologyServerSet(
-	namePrefix string,
-	num int,
-	networks []string,
-	mutateFn func(i int, node *topology.Node),
-) []*topology.Node {
-	var out []*topology.Node
-	for i := 1; i <= num; i++ {
-		name := namePrefix + strconv.Itoa(i)
-
-		node := &topology.Node{
-			Kind: topology.NodeKindServer,
-			Name: name,
-		}
-		for _, net := range networks {
-			node.Addresses = append(node.Addresses, &topology.Address{Network: net})
-		}
-
-		if mutateFn != nil {
-			mutateFn(i, node)
-		}
-
-		out = append(out, node)
-	}
-	return out
-}
-
-func newTopologyMeshGatewaySet(
-	nodeKind topology.NodeKind,
-	partition string,
-	namePrefix string,
-	num int,
-	networks []string,
-	mutateFn func(i int, node *topology.Node),
-) []*topology.Node {
-	var out []*topology.Node
-	for i := 1; i <= num; i++ {
-		name := namePrefix + strconv.Itoa(i)
-
-		node := &topology.Node{
-			Kind:      nodeKind,
-			Partition: partition,
-			Name:      name,
-			Services: []*topology.Service{{
-				ID:             topology.ServiceID{Name: "mesh-gateway"},
-				Port:           8443,
-				EnvoyAdminPort: 19000,
-				IsMeshGateway:  true,
-			}},
-		}
-		for _, net := range networks {
-			node.Addresses = append(node.Addresses, &topology.Address{Network: net})
-		}
-
-		if mutateFn != nil {
-			mutateFn(i, node)
-		}
-
-		out = append(out, node)
-	}
-	return out
-}
-
-const HashicorpDockerProxy = "docker.mirror.hashicorp.services"
-
-func NewFortioServiceWithDefaults(
-	cluster string,
-	sid topology.ServiceID,
-	mut func(s *topology.Service),
-) *topology.Service {
-	const (
-		httpPort  = 8080
-		grpcPort  = 8079
-		adminPort = 19000
-	)
-	sid.Normalize()
-
-	svc := &topology.Service{
-		ID:             sid,
-		Image:          HashicorpDockerProxy + "/fortio/fortio",
-		Port:           httpPort,
-		EnvoyAdminPort: adminPort,
-		CheckTCP:       "127.0.0.1:" + strconv.Itoa(httpPort),
-		Env: []string{
-			"FORTIO_NAME=" + cluster + "::" + sid.String(),
-		},
-		Command: []string{
-			"server",
-			"-http-port", strconv.Itoa(httpPort),
-			"-grpc-port", strconv.Itoa(grpcPort),
-			"-redirect-port", "-disabled",
-		},
-	}
-	if mut != nil {
-		mut(svc)
-	}
-	return svc
-}
-
-// computeRelationships will analyze a full topology and generate all of the
-// downstream/upstream information for all of them.
-func computeRelationships(topo *topology.Topology) []Relationship {
-	var out []Relationship
-	for _, cluster := range topo.Clusters {
-		for _, n := range cluster.Nodes {
-			for _, s := range n.Services {
-				for _, u := range s.Upstreams {
-					out = append(out, Relationship{
-						Caller:   s,
-						Upstream: u,
-					})
-				}
-			}
-		}
-	}
-	return out
-}
-
-// renderRelationships will take the output of ComputeRelationships and display
-// it in tabular form.
-func renderRelationships(ships []Relationship) string {
-	var buf bytes.Buffer
-	w := tabwriter.NewWriter(&buf, 0, 0, 3, ' ', tabwriter.Debug)
-	fmt.Fprintf(w, "DOWN\tnode\tservice\tport\tUP\tservice\t\n")
-	for _, r := range ships {
-		fmt.Fprintf(w,
-			"%s\t%s\t%s\t%d\t%s\t%s\t\n",
-			r.downCluster(),
-			r.Caller.Node.ID().String(),
-			r.Caller.ID.String(),
-			r.Upstream.LocalPort,
-			r.upCluster(),
-			r.Upstream.ID.String(),
-		)
-	}
-	fmt.Fprintf(w, "\t\t\t\t\t\t\n")
-
-	w.Flush()
-	return buf.String()
-}
-
-type Relationship struct {
-	Caller   *topology.Service
-	Upstream *topology.Upstream
-}
-
-func (r Relationship) String() string {
-	return fmt.Sprintf(
-		"%s on %s in %s via :%d => %s in %s",
-		r.Caller.ID.String(),
-		r.Caller.Node.ID().String(),
-		r.downCluster(),
-		r.Upstream.LocalPort,
-		r.Upstream.ID.String(),
-		r.upCluster(),
-	)
-}
-
-func (r Relationship) downCluster() string {
-	return r.Caller.Node.Cluster
-}
-
-func (r Relationship) upCluster() string {
-	return r.Upstream.Cluster
-}
diff --git a/test-integ/peering_commontopo/sharedtopology_test.go b/test-integ/peering_commontopo/sharedtopology_test.go
deleted file mode 100644
index f51b05e41ef7..000000000000
--- a/test-integ/peering_commontopo/sharedtopology_test.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package peering
-
-import (
-	"flag"
-	"testing"
-)
-
-// Tests that use commonTopo should implement sharedTopoSuite.
-//
-// Tests that use commonTopo are either cooperative or non-cooperative. Non-cooperative
-// uses of commonTopo include is anything that may interfere with other tests, namely
-// mutations, such as:
-// - any calls to commonTopo.Relaunch; this is generally disruptive to other tests
-// - stopping or disabling nodes
-// - ...
-//
-// Cooperative tests should just call testFuncMayReuseCommonTopo() to ensure they
-// are run in the correct `sharetopo` mode. They should also ensure they are included
-// in the commonTopoSuites slice in TestSuitesOnSharedTopo.
-type sharedTopoSuite interface {
-	testName() string
-	setup(*testing.T, *commonTopo)
-	test(*testing.T, *commonTopo)
-}
-
-var flagNoShareTopo = flag.Bool("no-share-topo", false, "do not share topology; run each test in its own isolated topology")
-
-func runShareableSuites(t *testing.T, suites []sharedTopoSuite) {
-	t.Helper()
-	if !*flagNoShareTopo {
-		names := []string{}
-		for _, s := range suites {
-			names = append(names, s.testName())
-		}
-		t.Skipf(`Will run as part of "TestSuitesOnSharedTopo": %v`, names)
-	}
-	ct := NewCommonTopo(t)
-	for _, s := range suites {
-		s.setup(t, ct)
-	}
-	ct.Launch(t)
-	for _, s := range suites {
-		s := s
-		t.Run(s.testName(), func(t *testing.T) {
-			t.Parallel()
-			s.test(t, ct)
-		})
-	}
-}
-
-// Tests that can share topo must implement sharedTopoSuite and be appended to the sharedTopoSuites
-// slice inside
-func TestSuitesOnSharedTopo(t *testing.T) {
-	if *flagNoShareTopo {
-		t.Skip(`shared topo suites disabled by -no-share-topo`)
-	}
-	ct := NewCommonTopo(t)
-
-	sharedTopoSuites := []sharedTopoSuite{}
-	sharedTopoSuites = append(sharedTopoSuites, ac1BasicSuites...)
-	sharedTopoSuites = append(sharedTopoSuites, ac2DiscoChainSuites...)
-	sharedTopoSuites = append(sharedTopoSuites, ac3SvcDefaultsSuites...)
-	sharedTopoSuites = append(sharedTopoSuites, ac4ProxyDefaultsSuites...)
-	sharedTopoSuites = append(sharedTopoSuites, ac5_1NoSvcMeshSuites...)
-
-	for _, s := range sharedTopoSuites {
-		s.setup(t, ct)
-	}
-	ct.Launch(t)
-	for _, s := range sharedTopoSuites {
-		s := s
-		t.Run(s.testName(), func(t *testing.T) {
-			t.Parallel()
-			s.test(t, ct)
-		})
-	}
-}
-
-func TestCommonTopologySetup(t *testing.T) {
-	ct := NewCommonTopo(t)
-	ct.Launch(t)
-}
diff --git a/test/bin/cluster.bash b/test/bin/cluster.bash
index a6bc7d336f11..8b856c4a2c9a 100755
--- a/test/bin/cluster.bash
+++ b/test/bin/cluster.bash
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 #
 # Script for bringing up an N node consul cluster
diff --git a/test/ca/generate.sh b/test/ca/generate.sh
index 7159431f4c49..897071dda8a0 100755
--- a/test/ca/generate.sh
+++ b/test/ca/generate.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 set -e
 
diff --git a/test/client_certs/generate.sh b/test/client_certs/generate.sh
index f5c645d7bbb7..e93f568dcb12 100755
--- a/test/client_certs/generate.sh
+++ b/test/client_certs/generate.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/hostname/generate.sh b/test/hostname/generate.sh
index 8e43dbee4e8a..61febd2a3675 100755
--- a/test/hostname/generate.sh
+++ b/test/hostname/generate.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/Dockerfile-consul-envoy-windows b/test/integration/connect/envoy/Dockerfile-consul-envoy-windows
deleted file mode 100644
index b760fd5754f7..000000000000
--- a/test/integration/connect/envoy/Dockerfile-consul-envoy-windows
+++ /dev/null
@@ -1,12 +0,0 @@
-# From Consul Version 1.13.3 / 1.12.6 / 1.11.11
-ARG VERSION=1.16.0-dev
-# From Envoy version 1.23.1 / 1.21.5 / 1.20.7
-ARG ENVOY_VERSION
-
-FROM docker.mirror.hashicorp.services/windows/envoy-windows:v${ENVOY_VERSION} as envoy
-FROM windows/consul:${VERSION}
-
-# Copy envoy.exe from FROM windows/envoy-windows:${ENVOY_VERSION}
-COPY --from=envoy ["C:/Program Files/envoy/", "C:/envoy/"]
-
-RUN SETX /M path "%PATH%;C:\envoy;"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/Dockerfile-tcpdump-windows b/test/integration/connect/envoy/Dockerfile-tcpdump-windows
deleted file mode 100644
index cbf5041630b9..000000000000
--- a/test/integration/connect/envoy/Dockerfile-tcpdump-windows
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM mcr.microsoft.com/windows/servercore:ltsc2019
-
-COPY ["tcpdump.exe", "C:/Program Files/"]
-
-ENTRYPOINT ["C:/Program Files/tcpdump.exe"]
-
-# docker.exe build -t envoy-tcpdump -f Dockerfile-tcpdump-windows .
diff --git a/test/integration/connect/envoy/Dockerfile-test-sds-server-windows b/test/integration/connect/envoy/Dockerfile-test-sds-server-windows
deleted file mode 100644
index fc5e45b88d35..000000000000
--- a/test/integration/connect/envoy/Dockerfile-test-sds-server-windows
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM docker.mirror.hashicorp.services/windows/golang:1809
-
-WORKDIR /go/src
-COPY ./ .
-
-RUN go build -v -o test-sds-server.exe sds.go
-
-CMD ["test-sds-server.exe"]
diff --git a/test/integration/connect/envoy/README.md b/test/integration/connect/envoy/README.md
index ef358e7a2b44..a97acc710a95 100644
--- a/test/integration/connect/envoy/README.md
+++ b/test/integration/connect/envoy/README.md
@@ -52,7 +52,6 @@ Where `case-basic` can be replaced by any directory name from this directory.
 * When tests fail in CI, logs and additional debugging data are available in the artifacts of the test run.
 * You can re-run the tests locally by running `make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/<case-directory>"` where `<case-directory>` is
   replaced with the name of the directory, e.g. `case-basic`.
-* You can override the envoy version by specifying `ENVOY_VERSION=<your envoy version>` eg. `ENVOY_VERSION=1.27.0 make test-envoy-integ`.
 * Locally, all the logs of the failed test will be available in `workdir` in this directory.
 * You can run with `DEBUG=1` to print out all the commands being run, e.g. `DEBUG=1 make test-envoy-integ GO_TEST_FLAGS="-run TestEnvoy/case-basic"`.
 * If you want to prevent the Docker containers from being spun down after test failure, add a `sleep 9999` to the `verify.bats` test case that's failing.
diff --git a/test/integration/connect/envoy/WINDOWS-TEST.md b/test/integration/connect/envoy/WINDOWS-TEST.md
deleted file mode 100644
index d9217f7a385a..000000000000
--- a/test/integration/connect/envoy/WINDOWS-TEST.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# Envoy Integration Tests on Windows
-
-## Index
-
-- [About](#about)
-- [Pre-built core images](#pre-built-core-images)
-- [Test images](#integration-test-images)
-- [Run Tests](#run-tests)
-
-## About
-
-This file is the entrypoint to understand how to execute Envoy integration tests on Windows as well as to understand the differences between Linux tests and Windows tests. Below you can find a list of relevant documentation that has been written while working on supporting the Envoy integration tests on Windows.
-
-- [Windows Testing Architecture](test/integration/connect/envoy/docs/windows-testing-architecture.md): On this file you will find why the testing architecture on Windows differs from Linux's.
-- [Build Images](build-support-windows/BUILD-IMAGES.md): Here you will find how to build the images required for executing the tests.
-- [Windows Troubleshooting](test/integration/connect/envoy/WindowsTroubleshooting.md): This file lists, among other things everything we needed to change/adapt for the existing tests to run in Windows containers.
-
-## Pre-built core images
-
-Before running the integration tests, you must pre-build the core images that the tests require to be ran on the Windows environment. Make sure to check out the `BUILD-IMAGES` file [here](build-support-windows/BUILD-IMAGES.md) for this purpose.
-
-## Integration test images
-
-During the execution of the integration tests, several images are built based-on the pre-built core images. To get more information about these and how to run them independently, please check out the `docker.windows` file [here](test/integration/connect/envoy/docker.windows.md).
-
-## Run tests
-
-To run all the integration tests, you need to execute next command
-
-```shell
-go test -v -timeout=30s -tags integration ./test/integration/connect/envoy -run="TestEnvoy" -win=true
-```
-
-To run a single test case, the name should be specified. For instance, to run the `case-badauthz` test, you need to execute next command
-
-```shell
-go test -v -timeout=30m -tags integration ./test/integration/connect/envoy -run="TestEnvoy/case-badauthz" -win=true
-```
-
-> :warning: Note that the flag `-win=true` must be specified as shown in the above commands. This flag is very important because the same allows to indicate that the tests will be executed on the Windows environment. When executing the Envoy integration tests the **End of Line Sequence** of every related file and or script will be automatically changed from **LF to CRLF**.  
diff --git a/test/integration/connect/envoy/case-api-gateway-http-hostnames/capture.sh b/test/integration/connect/envoy/case-api-gateway-http-hostnames/capture.sh
index 92123f3f4c07..13eb01ba5f82 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-hostnames/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-hostnames/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-http-hostnames/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-http-hostnames/service_gateway.hcl
index 1d0d5fffe26b..c0af862f92e3 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-hostnames/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-http-hostnames/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-hostnames/setup.sh b/test/integration/connect/envoy/case-api-gateway-http-hostnames/setup.sh
index 3b3db8326891..754e461f847e 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-hostnames/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-hostnames/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-http-hostnames/vars.sh b/test/integration/connect/envoy/case-api-gateway-http-hostnames/vars.sh
index 1456b6a5ad02..87f668072e22 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-hostnames/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-hostnames/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-simple/capture.sh b/test/integration/connect/envoy/case-api-gateway-http-simple/capture.sh
index 92123f3f4c07..13eb01ba5f82 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-simple/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-simple/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-http-simple/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-http-simple/service_gateway.hcl
index 1d0d5fffe26b..c0af862f92e3 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-simple/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-http-simple/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-simple/setup.sh b/test/integration/connect/envoy/case-api-gateway-http-simple/setup.sh
index e25e92ba0011..350eea0c5fde 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-simple/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-simple/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-http-simple/vars.sh b/test/integration/connect/envoy/case-api-gateway-http-simple/vars.sh
index 1456b6a5ad02..87f668072e22 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-simple/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-simple/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/capture.sh b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/capture.sh
index 92123f3f4c07..13eb01ba5f82 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_gateway.hcl
index 1d0d5fffe26b..c0af862f92e3 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_s3.hcl b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_s3.hcl
index b41ec0349862..3b11b245d4fd 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_s3.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s3"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/setup.sh b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/setup.sh
index 622df90c297a..da74ff07c123 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/vars.sh b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/vars.sh
index 1456b6a5ad02..87f668072e22 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-splitter-targets/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/capture.sh b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/capture.sh
index 92123f3f4c07..13eb01ba5f82 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/service_gateway.hcl
index 1d0d5fffe26b..c0af862f92e3 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/setup.sh b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/setup.sh
index 23076cd00e28..bb058d96fd75 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/vars.sh b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/vars.sh
index 1456b6a5ad02..87f668072e22 100644
--- a/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-http-tls-overlapping-hosts/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/capture.sh b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/capture.sh
index 92123f3f4c07..13eb01ba5f82 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/service_gateway.hcl
index 1d0d5fffe26b..c0af862f92e3 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh
index a4529b6772ed..35d01c8bb931 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/vars.sh b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/vars.sh
index 1456b6a5ad02..87f668072e22 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-conflicted/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-simple/capture.sh b/test/integration/connect/envoy/case-api-gateway-tcp-simple/capture.sh
index 92123f3f4c07..13eb01ba5f82 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-simple/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-simple/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-simple/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-tcp-simple/service_gateway.hcl
index 1d0d5fffe26b..c0af862f92e3 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-simple/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-simple/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh b/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh
index 152e0772104e..82504d09f509 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-simple/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-simple/vars.sh b/test/integration/connect/envoy/case-api-gateway-tcp-simple/vars.sh
index 1456b6a5ad02..87f668072e22 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-simple/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-simple/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/capture.sh b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/capture.sh
index 92123f3f4c07..13eb01ba5f82 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/capture.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 api-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/service_gateway.hcl b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/service_gateway.hcl
index 1d0d5fffe26b..c0af862f92e3 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "api-gateway"
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/setup.sh b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/setup.sh
index ca9568e34884..a4be961ebb5b 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/setup.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/vars.sh b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/vars.sh
index 1456b6a5ad02..87f668072e22 100644
--- a/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/vars.sh
+++ b/test/integration/connect/envoy/case-api-gateway-tcp-tls-overlapping-hosts/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES api-gateway-primary"
diff --git a/test/integration/connect/envoy/case-badauthz/capture.sh b/test/integration/connect/envoy/case-badauthz/capture.sh
index c6b9e36ed1df..94c0278ce256 100644
--- a/test/integration/connect/envoy/case-badauthz/capture.sh
+++ b/test/integration/connect/envoy/case-badauthz/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 || true
diff --git a/test/integration/connect/envoy/case-badauthz/setup.sh b/test/integration/connect/envoy/case-badauthz/setup.sh
index 1aa0962cf6fb..6bd91b1f4e66 100644
--- a/test/integration/connect/envoy/case-badauthz/setup.sh
+++ b/test/integration/connect/envoy/case-badauthz/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-basic/capture.sh b/test/integration/connect/envoy/case-basic/capture.sh
index 14dc00afc65b..5268305f8ff6 100644
--- a/test/integration/connect/envoy/case-basic/capture.sh
+++ b/test/integration/connect/envoy/case-basic/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-basic/setup.sh b/test/integration/connect/envoy/case-basic/setup.sh
index 3fb3ade6c5fb..b88cc9012968 100644
--- a/test/integration/connect/envoy/case-basic/setup.sh
+++ b/test/integration/connect/envoy/case-basic/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-centralconf/capture.sh b/test/integration/connect/envoy/case-centralconf/capture.sh
index 8bc4413d09f9..21ebba78787b 100644
--- a/test/integration/connect/envoy/case-centralconf/capture.sh
+++ b/test/integration/connect/envoy/case-centralconf/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-centralconf/service_s1.hcl b/test/integration/connect/envoy/case-centralconf/service_s1.hcl
index 54c6ac6501b4..6eaca129855b 100644
--- a/test/integration/connect/envoy/case-centralconf/service_s1.hcl
+++ b/test/integration/connect/envoy/case-centralconf/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-centralconf/service_s2.hcl b/test/integration/connect/envoy/case-centralconf/service_s2.hcl
index 1a89f855944d..dfb92edce636 100644
--- a/test/integration/connect/envoy/case-centralconf/service_s2.hcl
+++ b/test/integration/connect/envoy/case-centralconf/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-centralconf/setup.sh b/test/integration/connect/envoy/case-centralconf/setup.sh
index 934ea006fddb..10038488c8c2 100644
--- a/test/integration/connect/envoy/case-centralconf/setup.sh
+++ b/test/integration/connect/envoy/case-centralconf/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/base.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/base.hcl
index 8cd6db14878a..899e81705a4c 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_gateway.hcl
index 640b9b6ce753..82ddd559eb3a 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s1.hcl
index b065abc9055e..11acde14f427 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s2.hcl
index 90d2315f4d2c..42252eb82f68 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/setup.sh
index af71eccb8e18..917d0ba6c125 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/bind.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/bind.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/capture.sh b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/capture.sh
index 0921d3c32a0e..e1b411ab9517 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/base.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/base.hcl
index 55c268b37e78..189b8e0ccf72 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s1.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s1.hcl
index 63dfc2994f3d..c9da404077ff 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s2.hcl b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s2.hcl
index 90d2315f4d2c..42252eb82f68 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/setup.sh
index d84fe0a86991..830ecb23b73c 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/vars.sh
index 41b95915331d..9d1f5c977a9b 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-cluster-peering-failover/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy s2-alpha s2-sidecar-proxy-alpha gateway-alpha tcpdump-primary tcpdump-alpha"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/bind.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/bind.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/capture.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/capture.sh
index 0ee4884a1521..93352a5228b9 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/primary/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/primary/setup.sh
index 8b24664564cb..e9a9055ab6a5 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/join.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/join.hcl
index f0bd3fbd4ac7..0f63220d549f 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_gateway.hcl
index 4f91a740182a..8c2315b9ae36 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_s1.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_s1.hcl
index 8b4d4a83a42d..06af757cd68e 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # we don't want an s1 service in the secondary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/setup.sh
index ed13954a1f5e..1af35392b9c2 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/vars.sh
index 11e14176e389..e33bd22ca618 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-none/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/bind.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/bind.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/capture.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/capture.sh
index 0ee4884a1521..93352a5228b9 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/primary/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/primary/setup.sh
index 25a7c173f08b..33a1a035c53a 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/join.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/join.hcl
index f0bd3fbd4ac7..0f63220d549f 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_gateway.hcl
index 4f91a740182a..8c2315b9ae36 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_s1.hcl b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_s1.hcl
index 8b4d4a83a42d..06af757cd68e 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # we don't want an s1 service in the secondary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/setup.sh
index ed13954a1f5e..1af35392b9c2 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/vars.sh
index 11e14176e389..e33bd22ca618 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-dc-failover-gateways-remote/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v1.hcl b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v1.hcl
index b96b473cf4fb..9dd3cb782fd3 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v2.hcl b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v2.hcl
index d642e71fa31b..451f835e8688 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/service_s2-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s2-v2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/setup.sh
index 043dd7f7fc66..20dd92172327 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/vars.sh
index 358c95541fda..50c5f8f67f9b 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-defaultsubset/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-features/capture.sh b/test/integration/connect/envoy/case-cfg-resolver-features/capture.sh
index b1782df01e27..39878041c367 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-features/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-features/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v1.hcl b/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v1.hcl
index b96b473cf4fb..9dd3cb782fd3 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v2.hcl b/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v2.hcl
index d642e71fa31b..451f835e8688 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-features/service_s2-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s2-v2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-features/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-features/setup.sh
index 2e3078edc872..c3f2fa3a1d4f 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-features/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-features/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-features/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-features/vars.sh
index 358c95541fda..50c5f8f67f9b 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-features/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-features/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/service_s2-v1.hcl b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/service_s2-v1.hcl
index d45b1462723f..551db8a322a9 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/setup.sh
index 606cadd8f1fb..229247da4f51 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/vars.sh
index aab3c8c39ea5..9f9b54a8e9eb 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-onlypassing/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v1.hcl b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v1.hcl
index d9a050a16f65..af20754d254d 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s3-v1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v2.hcl b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v2.hcl
index 19e2c7cac150..22a40609e19e 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s3-v2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3.hcl b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3.hcl
index 973e69b01c89..82db490a879b 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/setup.sh
index 7d02158a6325..e1fb33c3dca3 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/vars.sh
index a9a2bcd57188..f76eb49ceb2d 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-subset-redirect/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v1.hcl b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v1.hcl
index d9a050a16f65..af20754d254d 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s3-v1"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v2.hcl b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v2.hcl
index 19e2c7cac150..22a40609e19e 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s3-v2"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3.hcl b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3.hcl
index 973e69b01c89..82db490a879b 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/setup.sh
index eae9bd4feaf1..b4472fd8a207 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/vars.sh
index a9a2bcd57188..f76eb49ceb2d 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-failover/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-failover/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/service_s3.hcl b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/service_s3.hcl
index 94e31c3df895..59209aab121c 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/setup.sh
index 097f1fa75666..640e1519ea47 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/vars.sh
index 63c854f959c9..bbc811fa66db 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-http/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES s3 s3-sidecar-proxy"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/service_s3.hcl b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/service_s3.hcl
index 94e31c3df895..59209aab121c 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/setup.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/setup.sh
index fd106032bf2e..9ce5a82f7546 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/vars.sh b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/vars.sh
index 63c854f959c9..bbc811fa66db 100644
--- a/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-resolver-svc-redirect-tcp/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES s3 s3-sidecar-proxy"
diff --git a/test/integration/connect/envoy/case-cfg-router-features/capture.sh b/test/integration/connect/envoy/case-cfg-router-features/capture.sh
index b1782df01e27..39878041c367 100644
--- a/test/integration/connect/envoy/case-cfg-router-features/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-router-features/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-router-features/service_s2-v1.hcl b/test/integration/connect/envoy/case-cfg-router-features/service_s2-v1.hcl
index b96b473cf4fb..9dd3cb782fd3 100644
--- a/test/integration/connect/envoy/case-cfg-router-features/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-router-features/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-cfg-router-features/service_s2-v2.hcl b/test/integration/connect/envoy/case-cfg-router-features/service_s2-v2.hcl
index d642e71fa31b..451f835e8688 100644
--- a/test/integration/connect/envoy/case-cfg-router-features/service_s2-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-router-features/service_s2-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s2-v2"
diff --git a/test/integration/connect/envoy/case-cfg-router-features/setup.sh b/test/integration/connect/envoy/case-cfg-router-features/setup.sh
index 577b3512b4fe..247bc00c33be 100644
--- a/test/integration/connect/envoy/case-cfg-router-features/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-router-features/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-router-features/vars.sh b/test/integration/connect/envoy/case-cfg-router-features/vars.sh
index 358c95541fda..50c5f8f67f9b 100644
--- a/test/integration/connect/envoy/case-cfg-router-features/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-router-features/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/base.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/base.hcl
index 8cd6db14878a..899e81705a4c 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_gateway.hcl
index 640b9b6ce753..82ddd559eb3a 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s1.hcl
index b065abc9055e..11acde14f427 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s2.hcl
index 26b5f481f377..6666a63ba257 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/setup.sh b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/setup.sh
index 99c4eb46f218..5aabbbbee0e5 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/bind.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/bind.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/capture.sh b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/capture.sh
index 0921d3c32a0e..e1b411ab9517 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/base.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/base.hcl
index 55c268b37e78..189b8e0ccf72 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s1.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s1.hcl
index d50d8cb04979..70caaaebc900 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s2.hcl b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s2.hcl
index 26b5f481f377..6666a63ba257 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/setup.sh b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/setup.sh
index 9b274b375f87..8bc36b6d0229 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/vars.sh b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/vars.sh
index 7c231bcfad68..17f98153dd14 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-cluster-peering/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy s2-alpha s2-sidecar-proxy-alpha gateway-alpha"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-features/capture.sh b/test/integration/connect/envoy/case-cfg-splitter-features/capture.sh
index b1782df01e27..39878041c367 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-features/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-features/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v1.hcl b/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v1.hcl
index b96b473cf4fb..9dd3cb782fd3 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v2.hcl b/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v2.hcl
index d642e71fa31b..451f835e8688 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v2.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-features/service_s2-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s2-v2"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-features/setup.sh b/test/integration/connect/envoy/case-cfg-splitter-features/setup.sh
index 311799fccfbc..68c8ac0a6cb4 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-features/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-features/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-splitter-features/vars.sh b/test/integration/connect/envoy/case-cfg-splitter-features/vars.sh
index 358c95541fda..50c5f8f67f9b 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-features/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-features/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/base.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/base.hcl
index 8cd6db14878a..899e81705a4c 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_gateway.hcl
index 640b9b6ce753..82ddd559eb3a 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s1.hcl
index ca196db64f0f..976e0e993d4d 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s2.hcl
index 26b5f481f377..6666a63ba257 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/setup.sh b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/setup.sh
index 47127ab03d48..8c24708aebe2 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/bind.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/bind.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/capture.sh b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/capture.sh
index 965f136de682..a3dd69ed05b8 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/capture.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/base.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/base.hcl
index 55c268b37e78..189b8e0ccf72 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/service_ingress.hcl b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/service_ingress.hcl
index a1324f7f8379..fbb1d402f986 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/service_ingress.hcl
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/service_ingress.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/setup.sh b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/setup.sh
index ed0da099d652..d69a26f1d89c 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/vars.sh b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/vars.sh
index e5b080741aa2..2a2aa6fb1e9c 100644
--- a/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/vars.sh
+++ b/test/integration/connect/envoy/case-cfg-splitter-peering-ingress-gateways/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s1-alpha s1-sidecar-proxy-alpha s2-alpha s2-sidecar-proxy-alpha gateway-alpha ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-consul-exec/setup.sh b/test/integration/connect/envoy/case-consul-exec/setup.sh
index 7e869b53f17a..fe3505623b54 100644
--- a/test/integration/connect/envoy/case-consul-exec/setup.sh
+++ b/test/integration/connect/envoy/case-consul-exec/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-consul-exec/vars.sh b/test/integration/connect/envoy/case-consul-exec/vars.sh
index 81ee77741457..4af0cb775d38 100644
--- a/test/integration/connect/envoy/case-consul-exec/vars.sh
+++ b/test/integration/connect/envoy/case-consul-exec/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 # Bring up s1 and it's proxy as well because the check that it has a cert causes
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/base.hcl
index 8cd6db14878a..899e81705a4c 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_gateway.hcl
index 640b9b6ce753..82ddd559eb3a 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s1.hcl
index b065abc9055e..11acde14f427 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s2.hcl
index 90d2315f4d2c..42252eb82f68 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/setup.sh b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/setup.sh
index ca05659843d7..a7fb502a2815 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/bind.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/bind.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/capture.sh b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/capture.sh
index b4316246f3ab..8168b3de6416 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/capture.sh
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19001 mesh-gateway primary || true
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/base.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/base.hcl
index 55c268b37e78..189b8e0ccf72 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_gateway.hcl
index a6b33968ad02..9ea00427e9e7 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s1.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s1.hcl
index b3230f6dcfa1..b8bd0f20be46 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s2.hcl b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s2.hcl
index d0f6294f7280..acd65faf3d61 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/setup.sh b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/setup.sh
index d107c44ea6f3..cf57a59db873 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/vars.sh b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/vars.sh
index 93ac3281f128..475b7f231278 100644
--- a/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/vars.sh
+++ b/test/integration/connect/envoy/case-cross-peer-control-plane-mgw/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-alpha s2-sidecar-proxy-alpha gateway-alpha"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl
index 8cd6db14878a..899e81705a4c 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_gateway.hcl
index 640b9b6ce753..82ddd559eb3a 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s1.hcl
index b065abc9055e..11acde14f427 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s2.hcl
index 90d2315f4d2c..42252eb82f68 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s3.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s3.hcl
index 94e31c3df895..59209aab121c 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/setup.sh b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/setup.sh
index 00ab68e36144..e852ef7d3d26 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/bind.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/bind.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/capture.sh b/test/integration/connect/envoy/case-cross-peers-http-router/capture.sh
index be4068fd193b..bcea1e921c6d 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/capture.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl
index 55c268b37e78..189b8e0ccf72 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_gateway.hcl
index a6b33968ad02..9ea00427e9e7 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s1.hcl
index ec6c29b8e158..026636c814f7 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s2.hcl
index d0f6294f7280..acd65faf3d61 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/setup.sh b/test/integration/connect/envoy/case-cross-peers-http-router/primary/setup.sh
index 47c9eff11432..2a06124a7d60 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/vars.sh b/test/integration/connect/envoy/case-cross-peers-http-router/vars.sh
index b11c21c52407..44ed49bb7961 100644
--- a/test/integration/connect/envoy/case-cross-peers-http-router/vars.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http-router/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-alpha s2-sidecar-proxy-alpha s3-alpha s3-sidecar-proxy-alpha gateway-alpha tcpdump-primary tcpdump-alpha"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl
index 8cd6db14878a..899e81705a4c 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_gateway.hcl
index 640b9b6ce753..82ddd559eb3a 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s1.hcl
index b065abc9055e..11acde14f427 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s2.hcl
index 90d2315f4d2c..42252eb82f68 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/setup.sh b/test/integration/connect/envoy/case-cross-peers-http/alpha/setup.sh
index 267d9403dba7..f7ac96c41a7a 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-http/bind.hcl b/test/integration/connect/envoy/case-cross-peers-http/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/bind.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-http/capture.sh b/test/integration/connect/envoy/case-cross-peers-http/capture.sh
index 3e81bd44657f..62c8c60d702c 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/capture.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl
index 55c268b37e78..189b8e0ccf72 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-http/primary/service_gateway.hcl
index a6b33968ad02..9ea00427e9e7 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-http/primary/service_s1.hcl
index ec6c29b8e158..026636c814f7 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-http/primary/service_s2.hcl
index d0f6294f7280..acd65faf3d61 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-http/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/setup.sh b/test/integration/connect/envoy/case-cross-peers-http/primary/setup.sh
index 7c5ac5fdb8ba..997bb504f62d 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-http/vars.sh b/test/integration/connect/envoy/case-cross-peers-http/vars.sh
index d999e45dd263..0c1c07b28b9c 100644
--- a/test/integration/connect/envoy/case-cross-peers-http/vars.sh
+++ b/test/integration/connect/envoy/case-cross-peers-http/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-alpha s2-sidecar-proxy-alpha gateway-alpha tcpdump-primary tcpdump-alpha"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl
index 8cd6db14878a..899e81705a4c 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_gateway.hcl
index 640b9b6ce753..82ddd559eb3a 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s1.hcl
index b065abc9055e..11acde14f427 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s2.hcl
index 90d2315f4d2c..42252eb82f68 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s3.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s3.hcl
index 94e31c3df895..59209aab121c 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s3.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/setup.sh b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/setup.sh
index 3cc1a2eb2de8..6574ecf873a6 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/bind.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/bind.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/capture.sh b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/capture.sh
index be4068fd193b..bcea1e921c6d 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/capture.sh
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl
index 55c268b37e78..189b8e0ccf72 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_gateway.hcl
index a6b33968ad02..9ea00427e9e7 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s1.hcl
index ec6c29b8e158..026636c814f7 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s2.hcl
index d0f6294f7280..acd65faf3d61 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/setup.sh b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/setup.sh
index d72b0798f5d8..ad70bad80a86 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/vars.sh b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/vars.sh
index b11c21c52407..44ed49bb7961 100644
--- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/vars.sh
+++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-alpha s2-sidecar-proxy-alpha s3-alpha s3-sidecar-proxy-alpha gateway-alpha tcpdump-primary tcpdump-alpha"
diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl
index 8cd6db14878a..899e81705a4c 100644
--- a/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers/alpha/service_gateway.hcl
index 640b9b6ce753..82ddd559eb3a 100644
--- a/test/integration/connect/envoy/case-cross-peers/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers/alpha/service_s1.hcl
index b065abc9055e..11acde14f427 100644
--- a/test/integration/connect/envoy/case-cross-peers/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers/alpha/service_s2.hcl
index 90d2315f4d2c..42252eb82f68 100644
--- a/test/integration/connect/envoy/case-cross-peers/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/setup.sh b/test/integration/connect/envoy/case-cross-peers/alpha/setup.sh
index f5fd3d003aa6..afaa580684a7 100644
--- a/test/integration/connect/envoy/case-cross-peers/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers/bind.hcl b/test/integration/connect/envoy/case-cross-peers/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-cross-peers/bind.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers/capture.sh b/test/integration/connect/envoy/case-cross-peers/capture.sh
index 3e81bd44657f..62c8c60d702c 100644
--- a/test/integration/connect/envoy/case-cross-peers/capture.sh
+++ b/test/integration/connect/envoy/case-cross-peers/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-cross-peers/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers/primary/base.hcl
index 55c268b37e78..189b8e0ccf72 100644
--- a/test/integration/connect/envoy/case-cross-peers/primary/base.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-cross-peers/primary/service_gateway.hcl b/test/integration/connect/envoy/case-cross-peers/primary/service_gateway.hcl
index a6b33968ad02..9ea00427e9e7 100644
--- a/test/integration/connect/envoy/case-cross-peers/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-cross-peers/primary/service_s1.hcl b/test/integration/connect/envoy/case-cross-peers/primary/service_s1.hcl
index b3230f6dcfa1..b8bd0f20be46 100644
--- a/test/integration/connect/envoy/case-cross-peers/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-cross-peers/primary/service_s2.hcl b/test/integration/connect/envoy/case-cross-peers/primary/service_s2.hcl
index d0f6294f7280..acd65faf3d61 100644
--- a/test/integration/connect/envoy/case-cross-peers/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-cross-peers/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-cross-peers/primary/setup.sh b/test/integration/connect/envoy/case-cross-peers/primary/setup.sh
index d72b0798f5d8..ad70bad80a86 100644
--- a/test/integration/connect/envoy/case-cross-peers/primary/setup.sh
+++ b/test/integration/connect/envoy/case-cross-peers/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-cross-peers/vars.sh b/test/integration/connect/envoy/case-cross-peers/vars.sh
index d999e45dd263..0c1c07b28b9c 100644
--- a/test/integration/connect/envoy/case-cross-peers/vars.sh
+++ b/test/integration/connect/envoy/case-cross-peers/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-alpha s2-sidecar-proxy-alpha gateway-alpha tcpdump-primary tcpdump-alpha"
diff --git a/test/integration/connect/envoy/case-dogstatsd-udp/service_s1.hcl b/test/integration/connect/envoy/case-dogstatsd-udp/service_s1.hcl
index a4e91f3aa41b..a75675751d52 100644
--- a/test/integration/connect/envoy/case-dogstatsd-udp/service_s1.hcl
+++ b/test/integration/connect/envoy/case-dogstatsd-udp/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-dogstatsd-udp/setup.sh b/test/integration/connect/envoy/case-dogstatsd-udp/setup.sh
index 3fb3ade6c5fb..b88cc9012968 100644
--- a/test/integration/connect/envoy/case-dogstatsd-udp/setup.sh
+++ b/test/integration/connect/envoy/case-dogstatsd-udp/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-dogstatsd-udp/vars.sh b/test/integration/connect/envoy/case-dogstatsd-udp/vars.sh
index 7fa5a238ce93..c599f12e8232 100644
--- a/test/integration/connect/envoy/case-dogstatsd-udp/vars.sh
+++ b/test/integration/connect/envoy/case-dogstatsd-udp/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES fake-statsd"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-dogstatsd-udp/verify.bats b/test/integration/connect/envoy/case-dogstatsd-udp/verify.bats
index dfc238ad6d9d..55b0ad76849c 100644
--- a/test/integration/connect/envoy/case-dogstatsd-udp/verify.bats
+++ b/test/integration/connect/envoy/case-dogstatsd-udp/verify.bats
@@ -24,11 +24,14 @@ load helpers
 }
 
 @test "s1 proxy should be sending metrics to statsd" {
-  run retry_default must_match_in_statsd_logs '^envoy\.' primary  
+  run retry_default cat /workdir/primary/statsd/statsd.log
 
-  echo "METRICS: $output"
+  echo "METRICS:"
+  echo "$output"
+  echo "COUNT: $(echo "$output" | grep -Ec '^envoy\.')"
 
-  [ "$status" == 0 ]  
+  [ "$status" == 0 ]
+  [ $(echo $output | grep -Ec '^envoy\.') -gt "0" ]
 }
 
 @test "s1 proxy should be sending dogstatsd tagged metrics" {
diff --git a/test/integration/connect/envoy/case-expose-checks/capture.sh b/test/integration/connect/envoy/case-expose-checks/capture.sh
index c6b9e36ed1df..94c0278ce256 100644
--- a/test/integration/connect/envoy/case-expose-checks/capture.sh
+++ b/test/integration/connect/envoy/case-expose-checks/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 || true
diff --git a/test/integration/connect/envoy/case-expose-checks/service_s1.hcl b/test/integration/connect/envoy/case-expose-checks/service_s1.hcl
index b2b685c08abe..9a883739e4fa 100644
--- a/test/integration/connect/envoy/case-expose-checks/service_s1.hcl
+++ b/test/integration/connect/envoy/case-expose-checks/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-expose-checks/service_s2.hcl b/test/integration/connect/envoy/case-expose-checks/service_s2.hcl
index f5cb3fb0374c..b09d152fc5f0 100644
--- a/test/integration/connect/envoy/case-expose-checks/service_s2.hcl
+++ b/test/integration/connect/envoy/case-expose-checks/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-expose-checks/setup.sh b/test/integration/connect/envoy/case-expose-checks/setup.sh
index 3fb3ade6c5fb..b88cc9012968 100644
--- a/test/integration/connect/envoy/case-expose-checks/setup.sh
+++ b/test/integration/connect/envoy/case-expose-checks/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-gateway-without-services/bind.hcl b/test/integration/connect/envoy/case-gateway-without-services/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/bind.hcl
+++ b/test/integration/connect/envoy/case-gateway-without-services/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateway-without-services/capture.sh b/test/integration/connect/envoy/case-gateway-without-services/capture.sh
index ad74026c7ace..fc5238fb6d6b 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/capture.sh
+++ b/test/integration/connect/envoy/case-gateway-without-services/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 mesh-gateway primary || true
diff --git a/test/integration/connect/envoy/case-gateway-without-services/service_gateway.hcl b/test/integration/connect/envoy/case-gateway-without-services/service_gateway.hcl
index 2026fb2a94b8..446a2698e595 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-gateway-without-services/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-gateway-without-services/service_s1.hcl b/test/integration/connect/envoy/case-gateway-without-services/service_s1.hcl
index 0891eebceb9c..f74a67a5aef0 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/service_s1.hcl
+++ b/test/integration/connect/envoy/case-gateway-without-services/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service
diff --git a/test/integration/connect/envoy/case-gateway-without-services/service_s2.hcl b/test/integration/connect/envoy/case-gateway-without-services/service_s2.hcl
index ca644bb3ffa2..1f3f2edd4789 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/service_s2.hcl
+++ b/test/integration/connect/envoy/case-gateway-without-services/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service
diff --git a/test/integration/connect/envoy/case-gateway-without-services/setup.sh b/test/integration/connect/envoy/case-gateway-without-services/setup.sh
index 6e4f5d8ee9bf..002ef312bc34 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/setup.sh
+++ b/test/integration/connect/envoy/case-gateway-without-services/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-gateway-without-services/vars.sh b/test/integration/connect/envoy/case-gateway-without-services/vars.sh
index 21ab024ab537..2d42d0baf5d3 100644
--- a/test/integration/connect/envoy/case-gateway-without-services/vars.sh
+++ b/test/integration/connect/envoy/case-gateway-without-services/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="gateway-primary"
diff --git a/test/integration/connect/envoy/case-gateways-local/bind.hcl b/test/integration/connect/envoy/case-gateways-local/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-gateways-local/bind.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-local/capture.sh b/test/integration/connect/envoy/case-gateways-local/capture.sh
index f4727b52c72a..f7ca8e958648 100644
--- a/test/integration/connect/envoy/case-gateways-local/capture.sh
+++ b/test/integration/connect/envoy/case-gateways-local/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-gateways-local/primary/service_gateway.hcl b/test/integration/connect/envoy/case-gateways-local/primary/service_gateway.hcl
index 2026fb2a94b8..446a2698e595 100644
--- a/test/integration/connect/envoy/case-gateways-local/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-gateways-local/primary/service_s1.hcl b/test/integration/connect/envoy/case-gateways-local/primary/service_s1.hcl
index 75fa1acc0e7e..a759b590b07c 100644
--- a/test/integration/connect/envoy/case-gateways-local/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-gateways-local/primary/service_s2.hcl b/test/integration/connect/envoy/case-gateways-local/primary/service_s2.hcl
index d0f6294f7280..acd65faf3d61 100644
--- a/test/integration/connect/envoy/case-gateways-local/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-local/primary/setup.sh b/test/integration/connect/envoy/case-gateways-local/primary/setup.sh
index 29720753ba51..a8bfb7c9ffe5 100644
--- a/test/integration/connect/envoy/case-gateways-local/primary/setup.sh
+++ b/test/integration/connect/envoy/case-gateways-local/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-gateways-local/secondary/join.hcl b/test/integration/connect/envoy/case-gateways-local/secondary/join.hcl
index f0bd3fbd4ac7..0f63220d549f 100644
--- a/test/integration/connect/envoy/case-gateways-local/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-gateways-local/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-gateways-local/secondary/service_gateway.hcl
index 4f91a740182a..8c2315b9ae36 100644
--- a/test/integration/connect/envoy/case-gateways-local/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-gateways-local/secondary/service_s1.hcl b/test/integration/connect/envoy/case-gateways-local/secondary/service_s1.hcl
index 8b4d4a83a42d..06af757cd68e 100644
--- a/test/integration/connect/envoy/case-gateways-local/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-gateways-local/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # we don't want an s1 service in the secondary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh b/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh
index ede2b4c4b9f7..938135c9f4ff 100644
--- a/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-gateways-local/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
@@ -9,4 +9,4 @@ register_services secondary
 
 gen_envoy_bootstrap s2 19001 secondary
 gen_envoy_bootstrap mesh-gateway 19003 secondary true
-retry_default docker_consul secondary curl -s  "http://localhost:8500/v1/catalog/service/consul?dc=primary" > /dev/null
+retry_default docker_consul secondary curl -s  "http://localhost:8500/v1/catalog/service/consul?dc=primary" >/dev/null
diff --git a/test/integration/connect/envoy/case-gateways-local/vars.sh b/test/integration/connect/envoy/case-gateways-local/vars.sh
index d9a319933f8d..c5ab45789beb 100644
--- a/test/integration/connect/envoy/case-gateways-local/vars.sh
+++ b/test/integration/connect/envoy/case-gateways-local/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-secondary s2-sidecar-proxy-secondary gateway-secondary"
diff --git a/test/integration/connect/envoy/case-gateways-remote/bind.hcl b/test/integration/connect/envoy/case-gateways-remote/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-gateways-remote/bind.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-remote/capture.sh b/test/integration/connect/envoy/case-gateways-remote/capture.sh
index f4727b52c72a..f7ca8e958648 100644
--- a/test/integration/connect/envoy/case-gateways-remote/capture.sh
+++ b/test/integration/connect/envoy/case-gateways-remote/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-gateways-remote/primary/service_s1.hcl b/test/integration/connect/envoy/case-gateways-remote/primary/service_s1.hcl
index 4cb4fbc41d1e..789717ee5229 100644
--- a/test/integration/connect/envoy/case-gateways-remote/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-gateways-remote/primary/service_s2.hcl b/test/integration/connect/envoy/case-gateways-remote/primary/service_s2.hcl
index d0f6294f7280..acd65faf3d61 100644
--- a/test/integration/connect/envoy/case-gateways-remote/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-remote/primary/setup.sh b/test/integration/connect/envoy/case-gateways-remote/primary/setup.sh
index 6dd0f0622bd3..f79f346477e4 100644
--- a/test/integration/connect/envoy/case-gateways-remote/primary/setup.sh
+++ b/test/integration/connect/envoy/case-gateways-remote/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-gateways-remote/secondary/join.hcl b/test/integration/connect/envoy/case-gateways-remote/secondary/join.hcl
index f0bd3fbd4ac7..0f63220d549f 100644
--- a/test/integration/connect/envoy/case-gateways-remote/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-gateways-remote/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-gateways-remote/secondary/service_gateway.hcl
index 4f91a740182a..8c2315b9ae36 100644
--- a/test/integration/connect/envoy/case-gateways-remote/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-gateways-remote/secondary/service_s1.hcl b/test/integration/connect/envoy/case-gateways-remote/secondary/service_s1.hcl
index 8b4d4a83a42d..06af757cd68e 100644
--- a/test/integration/connect/envoy/case-gateways-remote/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-gateways-remote/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # we don't want an s1 service in the secondary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-gateways-remote/secondary/setup.sh b/test/integration/connect/envoy/case-gateways-remote/secondary/setup.sh
index 43a4c713cee9..938135c9f4ff 100644
--- a/test/integration/connect/envoy/case-gateways-remote/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-gateways-remote/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-gateways-remote/vars.sh b/test/integration/connect/envoy/case-gateways-remote/vars.sh
index d9a319933f8d..c5ab45789beb 100644
--- a/test/integration/connect/envoy/case-gateways-remote/vars.sh
+++ b/test/integration/connect/envoy/case-gateways-remote/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy gateway-primary s2-secondary s2-sidecar-proxy-secondary gateway-secondary"
diff --git a/test/integration/connect/envoy/case-grpc/service_s1.hcl b/test/integration/connect/envoy/case-grpc/service_s1.hcl
index 7d7814800c4d..b22ba221fa1d 100644
--- a/test/integration/connect/envoy/case-grpc/service_s1.hcl
+++ b/test/integration/connect/envoy/case-grpc/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
@@ -20,7 +20,7 @@ services {
           protocol = "grpc"
           envoy_dogstatsd_url = "udp://127.0.0.1:8125"
           envoy_stats_tags = ["foo=bar"]
-          envoy_stats_flush_interval = "5s"
+          envoy_stats_flush_interval = "1s"
         }
       }
     }
diff --git a/test/integration/connect/envoy/case-grpc/service_s2.hcl b/test/integration/connect/envoy/case-grpc/service_s2.hcl
index aaebecf62732..f7d7a267343d 100644
--- a/test/integration/connect/envoy/case-grpc/service_s2.hcl
+++ b/test/integration/connect/envoy/case-grpc/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-grpc/setup.sh b/test/integration/connect/envoy/case-grpc/setup.sh
index 3fb3ade6c5fb..b88cc9012968 100644
--- a/test/integration/connect/envoy/case-grpc/setup.sh
+++ b/test/integration/connect/envoy/case-grpc/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-grpc/vars.sh b/test/integration/connect/envoy/case-grpc/vars.sh
index 7fa5a238ce93..c599f12e8232 100644
--- a/test/integration/connect/envoy/case-grpc/vars.sh
+++ b/test/integration/connect/envoy/case-grpc/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES fake-statsd"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-grpc/verify.bats b/test/integration/connect/envoy/case-grpc/verify.bats
index fc7ca15b5b94..422258a0c0ef 100644
--- a/test/integration/connect/envoy/case-grpc/verify.bats
+++ b/test/integration/connect/envoy/case-grpc/verify.bats
@@ -43,7 +43,7 @@ load helpers
     metrics_query='envoy.cluster.grpc.PingServer.total.*[#,]local_cluster:s1(,|$)'
   fi
 
-  run retry_long must_match_in_statsd_logs "${metrics_query}"
+  run retry_default must_match_in_statsd_logs "${metrics_query}"
   echo "OUTPUT: $output"
 
   [ "$status" == 0 ]
diff --git a/test/integration/connect/envoy/case-http-badauthz/capture.sh b/test/integration/connect/envoy/case-http-badauthz/capture.sh
index c6b9e36ed1df..94c0278ce256 100644
--- a/test/integration/connect/envoy/case-http-badauthz/capture.sh
+++ b/test/integration/connect/envoy/case-http-badauthz/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 || true
diff --git a/test/integration/connect/envoy/case-http-badauthz/service_s1.hcl b/test/integration/connect/envoy/case-http-badauthz/service_s1.hcl
index 25d2c1e380f2..96f67dcf4099 100644
--- a/test/integration/connect/envoy/case-http-badauthz/service_s1.hcl
+++ b/test/integration/connect/envoy/case-http-badauthz/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-http-badauthz/service_s2.hcl b/test/integration/connect/envoy/case-http-badauthz/service_s2.hcl
index fb857d005ee9..4b6632beb836 100644
--- a/test/integration/connect/envoy/case-http-badauthz/service_s2.hcl
+++ b/test/integration/connect/envoy/case-http-badauthz/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-http-badauthz/setup.sh b/test/integration/connect/envoy/case-http-badauthz/setup.sh
index d15f836e6584..6bd91b1f4e66 100644
--- a/test/integration/connect/envoy/case-http-badauthz/setup.sh
+++ b/test/integration/connect/envoy/case-http-badauthz/setup.sh
@@ -1,14 +1,14 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
 
-register_services primary
-
 # Setup deny intention
 setup_upsert_l4_intention s1 s2 deny
 
+register_services primary
+
 gen_envoy_bootstrap s1 19000 primary
 gen_envoy_bootstrap s2 19001 primary
diff --git a/test/integration/connect/envoy/case-http/capture.sh b/test/integration/connect/envoy/case-http/capture.sh
index 14dc00afc65b..5268305f8ff6 100644
--- a/test/integration/connect/envoy/case-http/capture.sh
+++ b/test/integration/connect/envoy/case-http/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-http/service_s1.hcl b/test/integration/connect/envoy/case-http/service_s1.hcl
index 42a62acfb9f6..0c3f594fbc7d 100644
--- a/test/integration/connect/envoy/case-http/service_s1.hcl
+++ b/test/integration/connect/envoy/case-http/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-http/service_s2.hcl b/test/integration/connect/envoy/case-http/service_s2.hcl
index fb857d005ee9..4b6632beb836 100644
--- a/test/integration/connect/envoy/case-http/service_s2.hcl
+++ b/test/integration/connect/envoy/case-http/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-http/setup.sh b/test/integration/connect/envoy/case-http/setup.sh
index 3fb3ade6c5fb..b88cc9012968 100644
--- a/test/integration/connect/envoy/case-http/setup.sh
+++ b/test/integration/connect/envoy/case-http/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-grpc/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-grpc/capture.sh
index 4214ba8274aa..1c244823aba8 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-grpc/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-grpc/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
diff --git a/test/integration/connect/envoy/case-ingress-gateway-grpc/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-grpc/service_gateway.hcl
index a1324f7f8379..fbb1d402f986 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-grpc/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-grpc/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-grpc/service_s1.hcl b/test/integration/connect/envoy/case-ingress-gateway-grpc/service_s1.hcl
index f525d48868ce..ff23e6fea3a0 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-grpc/service_s1.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-grpc/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-grpc/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-grpc/setup.sh
index 387d079e3bd2..40e2802f02cc 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-grpc/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-grpc/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-grpc/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-grpc/vars.sh
index 8b34fe36ef2a..32dc504c49ce 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-grpc/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-grpc/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-http/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-http/capture.sh
index c2b55d229a59..ab02875e6135 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-http/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-http/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-http/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-http/service_gateway.hcl
index a1324f7f8379..fbb1d402f986 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-http/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-http/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-http/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-http/setup.sh
index 33d06b516c72..03f2184e6d06 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-http/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-http/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-http/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-http/vars.sh
index 8b34fe36ef2a..32dc504c49ce 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-http/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-http/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/capture.sh
index c2b55d229a59..ab02875e6135 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/service_gateway.hcl
index a1324f7f8379..fbb1d402f986 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/setup.sh
index 858d2f9ce53a..f80e42cb7332 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/vars.sh
index 8b34fe36ef2a..32dc504c49ce 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/base.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/base.hcl
index 8cd6db14878a..899e81705a4c 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/base.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 primary_datacenter = "alpha"
 log_level          = "trace"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_gateway.hcl
index 640b9b6ce753..82ddd559eb3a 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s1.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s1.hcl
index b065abc9055e..11acde14f427 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s1.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service in this peer
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s2.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s2.hcl
index 26b5f481f377..6666a63ba257 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s2.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/setup.sh
index 99c4eb46f218..5aabbbbee0e5 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/alpha/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/bind.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/bind.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/capture.sh
index ca10f2773107..20ad858ecdb6 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/base.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/base.hcl
index 55c268b37e78..189b8e0ccf72 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/base.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 peering {
   enabled = true
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_ingress.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_ingress.hcl
index a1324f7f8379..fbb1d402f986 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_ingress.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_ingress.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s1.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s1.hcl
index 18be60cdbf96..85f8da974002 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't need an s1 because requests go through the gateway and not a sidecar.
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s2.hcl b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s2.hcl
index 26b5f481f377..6666a63ba257 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/setup.sh
index b4a8dd736fee..58f12866948f 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/vars.sh
index 8f9ac12cb1e3..08bfe96a9d3b 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-peering-failover/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-peering-failover/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s2 s2-sidecar-proxy s2-alpha s2-sidecar-proxy-alpha gateway-alpha ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-sds/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-sds/capture.sh
index c2b55d229a59..ab02875e6135 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-sds/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-sds/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-sds/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-sds/service_gateway.hcl
index 1ffa476e6ff9..176a66f1afef 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-sds/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-sds/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-sds/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-sds/setup.sh
index fbef09b014cf..fb98b05aad30 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-sds/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-sds/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-sds/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-sds/vars.sh
index 6bbbcfd6fe52..0c98c8fe0450 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-sds/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-sds/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary test-sds-server"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-simple/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-simple/capture.sh
index c2b55d229a59..ab02875e6135 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-simple/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-simple/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-simple/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-simple/service_gateway.hcl
index a1324f7f8379..fbb1d402f986 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-simple/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-simple/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-simple/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-simple/setup.sh
index aaaa4d91cb4d..8bcd42aa5075 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-simple/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-simple/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-simple/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-simple/vars.sh
index 8b34fe36ef2a..32dc504c49ce 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-simple/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-simple/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-tls/capture.sh b/test/integration/connect/envoy/case-ingress-gateway-tls/capture.sh
index c2b55d229a59..ab02875e6135 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-tls/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-tls/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-gateway-tls/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-gateway-tls/service_gateway.hcl
index a1324f7f8379..fbb1d402f986 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-tls/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-gateway-tls/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-tls/setup.sh b/test/integration/connect/envoy/case-ingress-gateway-tls/setup.sh
index a485eeaa5b29..accafeb7353e 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-tls/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-tls/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-gateway-tls/vars.sh b/test/integration/connect/envoy/case-ingress-gateway-tls/vars.sh
index 8b34fe36ef2a..32dc504c49ce 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-tls/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-gateway-tls/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-ingress-gateway-tls/verify.bats b/test/integration/connect/envoy/case-ingress-gateway-tls/verify.bats
index 92a158e51b6a..61eaaf97ccdf 100644
--- a/test/integration/connect/envoy/case-ingress-gateway-tls/verify.bats
+++ b/test/integration/connect/envoy/case-ingress-gateway-tls/verify.bats
@@ -19,7 +19,7 @@ load helpers
 }
 
 @test "ingress-gateway should have healthy endpoints for s1" {
-   assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1
+  assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1
 }
 
 @test "should be able to connect to s1 through the TLS-enabled ingress port" {
@@ -29,8 +29,8 @@ load helpers
   run retry_default curl --cacert <(get_ca_root) -s -f -d hello \
     --resolve s1.ingress.consul:9998:127.0.0.1 \
     https://s1.ingress.consul:9998
-    [ "$status" -eq 0 ]
-    [[ "$output" == *"hello"* ]]
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"hello"* ]]
 }
 
 @test "should be able to connect to s1 through the TLS-enabled ingress port using the custom host" {
@@ -38,6 +38,6 @@ load helpers
   run retry_default curl --cacert <(get_ca_root) -s -f -d hello \
     --resolve test.example.com:9999:127.0.0.1 \
     https://test.example.com:9999
-    [ "$status" -eq 0 ]
-    [[ "$output" == *"hello"* ]]
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"hello"* ]]
 }
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/bind.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/bind.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/capture.sh b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/capture.sh
index 3bbc13144aa2..556a296756f0 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/capture.sh
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_gateway.hcl
index 2026fb2a94b8..446a2698e595 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_ingress.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_ingress.hcl
index a1324f7f8379..fbb1d402f986 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_ingress.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_ingress.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "ingress-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s1.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s1.hcl
index e6f778e5c811..b9772c7da862 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service in the primary dc
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s2.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s2.hcl
index d0f6294f7280..acd65faf3d61 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/setup.sh b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/setup.sh
index f7e31ac0db5a..72025d4f8efe 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/join.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/join.hcl
index f0bd3fbd4ac7..0f63220d549f 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/service_gateway.hcl
index 4f91a740182a..8c2315b9ae36 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/setup.sh b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/setup.sh
index 59f303a5eafd..a012c03b9e96 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/vars.sh b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/vars.sh
index 85c791704a87..8d492ea3af8d 100644
--- a/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/vars.sh
+++ b/test/integration/connect/envoy/case-ingress-mesh-gateways-resolver/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="gateway-primary s1-secondary s1-sidecar-proxy-secondary s2-secondary s2-sidecar-proxy-secondary gateway-secondary ingress-gateway-primary"
diff --git a/test/integration/connect/envoy/case-l7-intentions/acl.hcl b/test/integration/connect/envoy/case-l7-intentions/acl.hcl
index 3d80d4f69420..41e2b1995359 100644
--- a/test/integration/connect/envoy/case-l7-intentions/acl.hcl
+++ b/test/integration/connect/envoy/case-l7-intentions/acl.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 acl {
   default_policy = "deny"
diff --git a/test/integration/connect/envoy/case-l7-intentions/capture.sh b/test/integration/connect/envoy/case-l7-intentions/capture.sh
index d588be9381ea..c93e4c6cea95 100644
--- a/test/integration/connect/envoy/case-l7-intentions/capture.sh
+++ b/test/integration/connect/envoy/case-l7-intentions/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-l7-intentions/setup.sh b/test/integration/connect/envoy/case-l7-intentions/setup.sh
index 6946ce3263a9..705eac06255b 100644
--- a/test/integration/connect/envoy/case-l7-intentions/setup.sh
+++ b/test/integration/connect/envoy/case-l7-intentions/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-lua/capture.sh b/test/integration/connect/envoy/case-lua/capture.sh
index 14dc00afc65b..5268305f8ff6 100644
--- a/test/integration/connect/envoy/case-lua/capture.sh
+++ b/test/integration/connect/envoy/case-lua/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-lua/service_s1.hcl b/test/integration/connect/envoy/case-lua/service_s1.hcl
index 54c6ac6501b4..6eaca129855b 100644
--- a/test/integration/connect/envoy/case-lua/service_s1.hcl
+++ b/test/integration/connect/envoy/case-lua/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-lua/service_s2.hcl b/test/integration/connect/envoy/case-lua/service_s2.hcl
index a16737977662..c01f4b2fefe5 100644
--- a/test/integration/connect/envoy/case-lua/service_s2.hcl
+++ b/test/integration/connect/envoy/case-lua/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-lua/setup.sh b/test/integration/connect/envoy/case-lua/setup.sh
index 56a668c0ac06..e6b7e3eca3dd 100644
--- a/test/integration/connect/envoy/case-lua/setup.sh
+++ b/test/integration/connect/envoy/case-lua/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-lua/vars.sh b/test/integration/connect/envoy/case-lua/vars.sh
index ac0664606f93..091a358e13df 100644
--- a/test/integration/connect/envoy/case-lua/vars.sh
+++ b/test/integration/connect/envoy/case-lua/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy"
diff --git a/test/integration/connect/envoy/case-mesh-to-lambda/capture.sh b/test/integration/connect/envoy/case-mesh-to-lambda/capture.sh
index b64ad4d05a9c..3c3c6a928a0c 100644
--- a/test/integration/connect/envoy/case-mesh-to-lambda/capture.sh
+++ b/test/integration/connect/envoy/case-mesh-to-lambda/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-mesh-to-lambda/service_gateway.hcl b/test/integration/connect/envoy/case-mesh-to-lambda/service_gateway.hcl
index 63c212da3ace..e1b3ea8a8fde 100644
--- a/test/integration/connect/envoy/case-mesh-to-lambda/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-mesh-to-lambda/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "terminating-gateway"
diff --git a/test/integration/connect/envoy/case-mesh-to-lambda/service_s1.hcl b/test/integration/connect/envoy/case-mesh-to-lambda/service_s1.hcl
index 11e8328a82fa..9bc567caa0a9 100644
--- a/test/integration/connect/envoy/case-mesh-to-lambda/service_s1.hcl
+++ b/test/integration/connect/envoy/case-mesh-to-lambda/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-mesh-to-lambda/setup.sh b/test/integration/connect/envoy/case-mesh-to-lambda/setup.sh
index 406914e3cf5a..359fbd863fc4 100644
--- a/test/integration/connect/envoy/case-mesh-to-lambda/setup.sh
+++ b/test/integration/connect/envoy/case-mesh-to-lambda/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-mesh-to-lambda/vars.sh b/test/integration/connect/envoy/case-mesh-to-lambda/vars.sh
index 8643eead0d26..fbe042a40b47 100644
--- a/test/integration/connect/envoy/case-mesh-to-lambda/vars.sh
+++ b/test/integration/connect/envoy/case-mesh-to-lambda/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 # Ensure that the environment variables required to configure and invoke the Lambda function are present, otherwise skip.
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/bind.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/bind.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/ca_config.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/ca_config.hcl
index 0f8d98ac6be5..e5db7ec1b885 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/ca_config.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/ca_config.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 connect {
   enabled = true
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/capture.sh b/test/integration/connect/envoy/case-multidc-rsa-ca/capture.sh
index daf25ad57495..170c0e3cdfb6 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/capture.sh
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s1.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s1.hcl
index b4eb4b1f04fd..e4f73b127142 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s2.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s2.hcl
index d0f6294f7280..acd65faf3d61 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service in the primary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/setup.sh b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/setup.sh
index de07522f12f7..efbac1091d62 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/primary/setup.sh
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/join.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/join.hcl
index f0bd3fbd4ac7..0f63220d549f 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/join.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/join.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 retry_join_wan = ["consul-primary-server"]
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/service_s1.hcl b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/service_s1.hcl
index 8b4d4a83a42d..06af757cd68e 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # we don't want an s1 service in the secondary dc
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/setup.sh b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/setup.sh
index 712cdd5e7945..17d9cecd2a02 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-multidc-rsa-ca/vars.sh b/test/integration/connect/envoy/case-multidc-rsa-ca/vars.sh
index 7bf4a264a204..f49887ddcdfa 100644
--- a/test/integration/connect/envoy/case-multidc-rsa-ca/vars.sh
+++ b/test/integration/connect/envoy/case-multidc-rsa-ca/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2-secondary s2-sidecar-proxy-secondary"
diff --git a/test/integration/connect/envoy/case-prometheus/capture.sh b/test/integration/connect/envoy/case-prometheus/capture.sh
index 8bc4413d09f9..21ebba78787b 100644
--- a/test/integration/connect/envoy/case-prometheus/capture.sh
+++ b/test/integration/connect/envoy/case-prometheus/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-prometheus/service_s1.hcl b/test/integration/connect/envoy/case-prometheus/service_s1.hcl
index 4ac588d9a2a0..d318f786c107 100644
--- a/test/integration/connect/envoy/case-prometheus/service_s1.hcl
+++ b/test/integration/connect/envoy/case-prometheus/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-prometheus/service_s2.hcl b/test/integration/connect/envoy/case-prometheus/service_s2.hcl
index fb857d005ee9..4b6632beb836 100644
--- a/test/integration/connect/envoy/case-prometheus/service_s2.hcl
+++ b/test/integration/connect/envoy/case-prometheus/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-prometheus/setup.sh b/test/integration/connect/envoy/case-prometheus/setup.sh
index 3fb3ade6c5fb..b88cc9012968 100644
--- a/test/integration/connect/envoy/case-prometheus/setup.sh
+++ b/test/integration/connect/envoy/case-prometheus/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-property-override/capture.sh b/test/integration/connect/envoy/case-property-override/capture.sh
index bc1ac2dcf172..88f1dd6465f2 100644
--- a/test/integration/connect/envoy/case-property-override/capture.sh
+++ b/test/integration/connect/envoy/case-property-override/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-property-override/service_s1.hcl b/test/integration/connect/envoy/case-property-override/service_s1.hcl
index a1f811b52742..6bacecf91617 100644
--- a/test/integration/connect/envoy/case-property-override/service_s1.hcl
+++ b/test/integration/connect/envoy/case-property-override/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-property-override/service_s2.hcl b/test/integration/connect/envoy/case-property-override/service_s2.hcl
index a16737977662..c01f4b2fefe5 100644
--- a/test/integration/connect/envoy/case-property-override/service_s2.hcl
+++ b/test/integration/connect/envoy/case-property-override/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-property-override/service_s3.hcl b/test/integration/connect/envoy/case-property-override/service_s3.hcl
index 4e5c7cb78e03..d616906e4c67 100644
--- a/test/integration/connect/envoy/case-property-override/service_s3.hcl
+++ b/test/integration/connect/envoy/case-property-override/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s3"
diff --git a/test/integration/connect/envoy/case-property-override/setup.sh b/test/integration/connect/envoy/case-property-override/setup.sh
index dd82af3487d8..744055f94966 100644
--- a/test/integration/connect/envoy/case-property-override/setup.sh
+++ b/test/integration/connect/envoy/case-property-override/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-property-override/vars.sh b/test/integration/connect/envoy/case-property-override/vars.sh
index 172824ba73d1..358866872a13 100644
--- a/test/integration/connect/envoy/case-property-override/vars.sh
+++ b/test/integration/connect/envoy/case-property-override/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy s3 s3-sidecar-proxy"
diff --git a/test/integration/connect/envoy/case-stats-proxy/service_s1.hcl b/test/integration/connect/envoy/case-stats-proxy/service_s1.hcl
index 3be3803cb488..25d959520cfe 100644
--- a/test/integration/connect/envoy/case-stats-proxy/service_s1.hcl
+++ b/test/integration/connect/envoy/case-stats-proxy/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-stats-proxy/service_s2.hcl b/test/integration/connect/envoy/case-stats-proxy/service_s2.hcl
index fb857d005ee9..4b6632beb836 100644
--- a/test/integration/connect/envoy/case-stats-proxy/service_s2.hcl
+++ b/test/integration/connect/envoy/case-stats-proxy/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-stats-proxy/setup.sh b/test/integration/connect/envoy/case-stats-proxy/setup.sh
index 3fb3ade6c5fb..b88cc9012968 100644
--- a/test/integration/connect/envoy/case-stats-proxy/setup.sh
+++ b/test/integration/connect/envoy/case-stats-proxy/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-stats-proxy/verify.bats b/test/integration/connect/envoy/case-stats-proxy/verify.bats
index a200a5a31367..2d02010dc185 100644
--- a/test/integration/connect/envoy/case-stats-proxy/verify.bats
+++ b/test/integration/connect/envoy/case-stats-proxy/verify.bats
@@ -40,7 +40,7 @@ load helpers
     must_match_in_stats_proxy_response localhost:1239 \
     'stats' '^http.envoy_metrics.downstream_rq_active'
 
-  # Response should include the local cluster request.
+  # Response should include the the local cluster request.
   retry_default \
     must_match_in_stats_proxy_response localhost:1239 \
     'stats' 'cluster.local_agent.upstream_rq_active'
diff --git a/test/integration/connect/envoy/case-statsd-udp/service_s1.hcl b/test/integration/connect/envoy/case-statsd-udp/service_s1.hcl
index a416ce25a0ce..2748dc59b084 100644
--- a/test/integration/connect/envoy/case-statsd-udp/service_s1.hcl
+++ b/test/integration/connect/envoy/case-statsd-udp/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-statsd-udp/setup.sh b/test/integration/connect/envoy/case-statsd-udp/setup.sh
index 883c78e1eb7f..66e5af830037 100644
--- a/test/integration/connect/envoy/case-statsd-udp/setup.sh
+++ b/test/integration/connect/envoy/case-statsd-udp/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-statsd-udp/vars.sh b/test/integration/connect/envoy/case-statsd-udp/vars.sh
index 7fa5a238ce93..c599f12e8232 100644
--- a/test/integration/connect/envoy/case-statsd-udp/vars.sh
+++ b/test/integration/connect/envoy/case-statsd-udp/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES fake-statsd"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/capture.sh b/test/integration/connect/envoy/case-terminating-gateway-hostnames/capture.sh
index f5515165d799..fbfd74951abf 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/capture.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 terminating-gateway primary || true
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_gateway.hcl b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_gateway.hcl
index 63c212da3ace..e1b3ea8a8fde 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "terminating-gateway"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s1.hcl b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s1.hcl
index da98b2729cbf..a0f80d75676c 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s1.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s4.hcl b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s4.hcl
index 3fba0f792ebd..ce8a7bbcf67a 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s4.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/service_s4.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s4"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/setup.sh b/test/integration/connect/envoy/case-terminating-gateway-hostnames/setup.sh
index 919f9cfd1e9a..bca191d6d11d 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/setup.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-terminating-gateway-hostnames/vars.sh b/test/integration/connect/envoy/case-terminating-gateway-hostnames/vars.sh
index a86dca2e7e31..e4e3560ceea5 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-hostnames/vars.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-hostnames/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 # There is no sidecar proxy for s2, since the terminating gateway acts as the proxy
diff --git a/test/integration/connect/envoy/case-terminating-gateway-simple/service_gateway.hcl b/test/integration/connect/envoy/case-terminating-gateway-simple/service_gateway.hcl
index 63c212da3ace..e1b3ea8a8fde 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-simple/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-simple/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "terminating-gateway"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-simple/setup.sh b/test/integration/connect/envoy/case-terminating-gateway-simple/setup.sh
index f8638925a4a1..c4d33d8fe1df 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-simple/setup.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-simple/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-terminating-gateway-simple/vars.sh b/test/integration/connect/envoy/case-terminating-gateway-simple/vars.sh
index 02ed45703c1e..12cb3aa9ae1f 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-simple/vars.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-simple/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 # There is no sidecar proxy for s2, since the terminating gateway acts as the proxy
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/capture.sh b/test/integration/connect/envoy/case-terminating-gateway-subsets/capture.sh
index 8a28a10f3a6d..30d597a96aa5 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/capture.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:20000 terminating-gateway primary || true
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_gateway.hcl b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_gateway.hcl
index f294b64e6966..b9af6a07093d 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "terminating-gateway"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v1.hcl b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v1.hcl
index 2191385000f6..4812ba8db390 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v1.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s2-v1"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v2.hcl b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v2.hcl
index cc7df98777eb..aa8f453a17e6 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v2.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s2-v2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id   = "s2-v2"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s3.hcl b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s3.hcl
index 3269b33a8117..30b3f9e6658b 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s3.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/service_s3.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   id = "s3"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/setup.sh b/test/integration/connect/envoy/case-terminating-gateway-subsets/setup.sh
index ec38097fd273..63e0708aca59 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/setup.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/case-terminating-gateway-subsets/vars.sh b/test/integration/connect/envoy/case-terminating-gateway-subsets/vars.sh
index e6d96721e4c5..0dd7176570f2 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-subsets/vars.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-subsets/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 # There is no sidecar proxy for s2-v1, since the terminating gateway acts as the proxy
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/bind.hcl b/test/integration/connect/envoy/case-terminating-gateway-without-services/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/bind.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_gateway.hcl b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_gateway.hcl
index fee3bb25b00b..4f784aab291b 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "terminating-gateway"
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s1.hcl b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s1.hcl
index 0891eebceb9c..f74a67a5aef0 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s1.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s2.hcl b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s2.hcl
index ca644bb3ffa2..1f3f2edd4789 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s2.hcl
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/setup.sh b/test/integration/connect/envoy/case-terminating-gateway-without-services/setup.sh
index 91f82633b3d5..4192820bd514 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/setup.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-terminating-gateway-without-services/vars.sh b/test/integration/connect/envoy/case-terminating-gateway-without-services/vars.sh
index a8d23fead535..d6e7573ffff2 100644
--- a/test/integration/connect/envoy/case-terminating-gateway-without-services/vars.sh
+++ b/test/integration/connect/envoy/case-terminating-gateway-without-services/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="terminating-gateway-primary"
diff --git a/test/integration/connect/envoy/case-upstream-config/service_s1.hcl b/test/integration/connect/envoy/case-upstream-config/service_s1.hcl
index 3bfcb906db70..6d3da674ed96 100644
--- a/test/integration/connect/envoy/case-upstream-config/service_s1.hcl
+++ b/test/integration/connect/envoy/case-upstream-config/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-upstream-config/service_s2.hcl b/test/integration/connect/envoy/case-upstream-config/service_s2.hcl
index a16737977662..c01f4b2fefe5 100644
--- a/test/integration/connect/envoy/case-upstream-config/service_s2.hcl
+++ b/test/integration/connect/envoy/case-upstream-config/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-upstream-config/setup.sh b/test/integration/connect/envoy/case-upstream-config/setup.sh
index 3fb3ade6c5fb..b88cc9012968 100644
--- a/test/integration/connect/envoy/case-upstream-config/setup.sh
+++ b/test/integration/connect/envoy/case-upstream-config/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-wanfed-gw/bind.hcl b/test/integration/connect/envoy/case-wanfed-gw/bind.hcl
index e54caa47a492..057e0e727f66 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/bind.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/bind.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 bind_addr = "0.0.0.0"
 advertise_addr = "{{ GetInterfaceIP \"eth0\" }}"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-wanfed-gw/capture.sh b/test/integration/connect/envoy/case-wanfed-gw/capture.sh
index 5c24811d1172..17a53a432040 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/capture.sh
+++ b/test/integration/connect/envoy/case-wanfed-gw/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 mesh-gateway primary || true
diff --git a/test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh b/test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh
deleted file mode 100644
index 080d5abf94f1..000000000000
--- a/test/integration/connect/envoy/case-wanfed-gw/global-setup-windows.sh
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-
-# initialize the outputs for each dc
-for dc in primary secondary; do
-    rm -rf "workdir/${dc}/tls"
-    mkdir -p "workdir/${dc}/tls"
-done
-
-container="consul-envoy-integ-tls-init--${CASE_NAME}"
-
-scriptlet="
-mkdir /out ;
-cd /out ;
-consul tls ca create ;
-consul tls cert create -dc=primary -server -node=pri ;
-consul tls cert create -dc=secondary -server -node=sec ;
-"
-
-docker.exe rm -f "$container" &>/dev/null || true
-docker.exe run -i --net=none --name="$container" windows/consul:local bash -c "${scriptlet}"
-
-# primary
-for f in \
-    consul-agent-ca.pem \
-    primary-server-consul-0-key.pem \
-    primary-server-consul-0.pem \
-    ; do
-    docker.exe cp "${container}:C:\\Program Files\\Git\\out\\$f" workdir/primary/tls
-done
-
-# secondary
-for f in \
-    consul-agent-ca.pem \
-    secondary-server-consul-0-key.pem \
-    secondary-server-consul-0.pem \
-    ; do
-    docker.exe cp "${container}:C:\\Program Files\\Git\\out\\$f" workdir/secondary/tls
-done
-
-# Private keys have 600 perms but tests are run as another user
-chmod 666 workdir/primary/tls/primary-server-consul-0-key.pem
-chmod 666 workdir/secondary/tls/secondary-server-consul-0-key.pem
-
-docker.exe rm -f "$container" >/dev/null || true
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-wanfed-gw/global-setup.sh b/test/integration/connect/envoy/case-wanfed-gw/global-setup.sh
index 0e21aef6893a..50625daf0787 100755
--- a/test/integration/connect/envoy/case-wanfed-gw/global-setup.sh
+++ b/test/integration/connect/envoy/case-wanfed-gw/global-setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 # initialize the outputs for each dc
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl
index 06ad70b29aaf..d30c465429cc 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/common.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 tls {
   internal_rpc {
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl
index e694d94c441e..ee2d77e48637 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/server.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 node_name = "pri"
 connect {
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/service_gateway.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/service_gateway.hcl
index 0a33536b9c8d..31c8747b9308 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/service_s1.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/service_s1.hcl
index 0891eebceb9c..f74a67a5aef0 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/service_s2.hcl b/test/integration/connect/envoy/case-wanfed-gw/primary/service_s2.hcl
index ca644bb3ffa2..1f3f2edd4789 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service
diff --git a/test/integration/connect/envoy/case-wanfed-gw/primary/setup.sh b/test/integration/connect/envoy/case-wanfed-gw/primary/setup.sh
index 11d5abf14d59..f39cf66dd009 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/primary/setup.sh
+++ b/test/integration/connect/envoy/case-wanfed-gw/primary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl b/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl
index 6b76d377d821..570fa9d0594e 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/common.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 tls {
   internal_rpc {
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/server.hcl b/test/integration/connect/envoy/case-wanfed-gw/secondary/server.hcl
index 027174bf632d..6265b917445e 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/server.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/server.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 node_name = "sec"
 connect {
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_gateway.hcl b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_gateway.hcl
index bba04fd97146..c010c4d4e4a2 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_gateway.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_gateway.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "mesh-gateway"
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s1.hcl b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s1.hcl
index 0891eebceb9c..f74a67a5aef0 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s1.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s1.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s1 service
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s2.hcl b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s2.hcl
index ca644bb3ffa2..1f3f2edd4789 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s2.hcl
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/service_s2.hcl
@@ -1,4 +1,4 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # We don't want an s2 service
diff --git a/test/integration/connect/envoy/case-wanfed-gw/secondary/setup.sh b/test/integration/connect/envoy/case-wanfed-gw/secondary/setup.sh
index 0f4313108c8c..ef5032115a59 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/secondary/setup.sh
+++ b/test/integration/connect/envoy/case-wanfed-gw/secondary/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-wanfed-gw/vars.sh b/test/integration/connect/envoy/case-wanfed-gw/vars.sh
index 4de3b552dcf8..79007fcfe8d2 100644
--- a/test/integration/connect/envoy/case-wanfed-gw/vars.sh
+++ b/test/integration/connect/envoy/case-wanfed-gw/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="gateway-primary gateway-secondary"
diff --git a/test/integration/connect/envoy/case-wasm/capture.sh b/test/integration/connect/envoy/case-wasm/capture.sh
index 14dc00afc65b..5268305f8ff6 100644
--- a/test/integration/connect/envoy/case-wasm/capture.sh
+++ b/test/integration/connect/envoy/case-wasm/capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 snapshot_envoy_admin localhost:19000 s1 primary || true
diff --git a/test/integration/connect/envoy/case-wasm/service_s1.hcl b/test/integration/connect/envoy/case-wasm/service_s1.hcl
index 54c6ac6501b4..6eaca129855b 100644
--- a/test/integration/connect/envoy/case-wasm/service_s1.hcl
+++ b/test/integration/connect/envoy/case-wasm/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-wasm/service_s2.hcl b/test/integration/connect/envoy/case-wasm/service_s2.hcl
index a16737977662..c01f4b2fefe5 100644
--- a/test/integration/connect/envoy/case-wasm/service_s2.hcl
+++ b/test/integration/connect/envoy/case-wasm/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-wasm/setup.sh b/test/integration/connect/envoy/case-wasm/setup.sh
index 54ab4d4c72ce..d491aa92fc1d 100644
--- a/test/integration/connect/envoy/case-wasm/setup.sh
+++ b/test/integration/connect/envoy/case-wasm/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-wasm/vars.sh b/test/integration/connect/envoy/case-wasm/vars.sh
index ac0664606f93..091a358e13df 100644
--- a/test/integration/connect/envoy/case-wasm/vars.sh
+++ b/test/integration/connect/envoy/case-wasm/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy"
diff --git a/test/integration/connect/envoy/case-zipkin/service_s1.hcl b/test/integration/connect/envoy/case-zipkin/service_s1.hcl
index 5f6935fedfbf..7adcedd7db9e 100644
--- a/test/integration/connect/envoy/case-zipkin/service_s1.hcl
+++ b/test/integration/connect/envoy/case-zipkin/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/case-zipkin/service_s2.hcl b/test/integration/connect/envoy/case-zipkin/service_s2.hcl
index 21b8f859b8f2..a537840dff69 100644
--- a/test/integration/connect/envoy/case-zipkin/service_s2.hcl
+++ b/test/integration/connect/envoy/case-zipkin/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/case-zipkin/setup.sh b/test/integration/connect/envoy/case-zipkin/setup.sh
index 3fb3ade6c5fb..b88cc9012968 100644
--- a/test/integration/connect/envoy/case-zipkin/setup.sh
+++ b/test/integration/connect/envoy/case-zipkin/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/case-zipkin/vars.sh b/test/integration/connect/envoy/case-zipkin/vars.sh
index 7f4fb54ac6d7..c4221f8b1aca 100644
--- a/test/integration/connect/envoy/case-zipkin/vars.sh
+++ b/test/integration/connect/envoy/case-zipkin/vars.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES jaeger"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/case-zipkin/verify.bats b/test/integration/connect/envoy/case-zipkin/verify.bats
index 509345689069..d771d523639a 100644
--- a/test/integration/connect/envoy/case-zipkin/verify.bats
+++ b/test/integration/connect/envoy/case-zipkin/verify.bats
@@ -35,17 +35,14 @@ load helpers
   # Send traced request through upstream. Debug echoes headers back which we can
   # use to get the traceID generated (no way to force one I can find with Envoy
   # currently?)
-  # Fixed from /Debug -> /debug. Reason: /Debug return null
-  run curl -s -f -H 'x-client-trace-id:test-sentinel' localhost:5000/debug -m 5
+  run curl -s -f -H 'x-client-trace-id:test-sentinel' localhost:5000/Debug
 
   echo "OUTPUT $output"
 
   [ "$status" == "0" ]
 
   # Get the traceID from the output
-  # Replaced grep by jq to filter the TraceId.
-  # Reason: Grep did not filter and return the entire raw string and the test was failing
-  TRACEID=$(echo $output | jq -rR 'split("X-B3-Traceid: ") | last' | cut -c -16)
+  TRACEID=$(echo $output | grep 'X-B3-Traceid:' | cut -c 15-)
 
   # Get the trace from Jaeger. Won't bother parsing it just seeing it show up
   # there is enough to know that the tracing config worked.
diff --git a/test/integration/connect/envoy/consul-base-cfg/base.hcl b/test/integration/connect/envoy/consul-base-cfg/base.hcl
index 941f68aa26f6..49116ea6e9b0 100644
--- a/test/integration/connect/envoy/consul-base-cfg/base.hcl
+++ b/test/integration/connect/envoy/consul-base-cfg/base.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 primary_datacenter = "primary"
 log_level          = "trace"
\ No newline at end of file
diff --git a/test/integration/connect/envoy/consul-base-cfg/service_s1.hcl b/test/integration/connect/envoy/consul-base-cfg/service_s1.hcl
index b2b685c08abe..9a883739e4fa 100644
--- a/test/integration/connect/envoy/consul-base-cfg/service_s1.hcl
+++ b/test/integration/connect/envoy/consul-base-cfg/service_s1.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s1"
diff --git a/test/integration/connect/envoy/consul-base-cfg/service_s2.hcl b/test/integration/connect/envoy/consul-base-cfg/service_s2.hcl
index 73d779829781..0869e74f2406 100644
--- a/test/integration/connect/envoy/consul-base-cfg/service_s2.hcl
+++ b/test/integration/connect/envoy/consul-base-cfg/service_s2.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 services {
   name = "s2"
diff --git a/test/integration/connect/envoy/defaults.sh b/test/integration/connect/envoy/defaults.sh
index f92c2cfb1fa9..ad428e49eaf5 100644
--- a/test/integration/connect/envoy/defaults.sh
+++ b/test/integration/connect/envoy/defaults.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 export DEFAULT_REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 s2-sidecar-proxy"
diff --git a/test/integration/connect/envoy/docker-windows.md b/test/integration/connect/envoy/docker-windows.md
deleted file mode 100644
index a9f2bbcaca1c..000000000000
--- a/test/integration/connect/envoy/docker-windows.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# Docker Files for Windows Integration Tests
-
-## Index
-
-- [About](#about-this-file)
-- [Pre-requisites](#pre-requisites)
-- [Dockerfile-test-sds-server-windows](#dockerfile-test-sds-server-windows)
-
-## About this File
-
-In this file you will find which Dockerfiles are needed to run the Envoy integration tests on Windows, as well as information on how to run each of these files individually for testing purposes.
-
-## Pre-requisites
-
-After building and running the images and containers, you need to have pre-built the base images used by these Dockerfiles. See [pre-built images required in Windows](../../../../build-support-windows/BUILD-IMAGES.md)
-
-## Dockerfile-test-sds-server-windows
-
-This file sole purpose is to build the test-sds-server executable using Go. To do so, we use an official [golang image](https://hub.docker.com/_/golang/) provided in docker hub with Windows nano server.
-To build this image you need to run the following command on your terminal:
-
-```shell
-docker build -t test-sds-server -f Dockerfile-test-sds-server-windows test-sds-server
-```
-
-This is the same command used in run-tests.sh
-
-You can test the built file by running the following command:
-
-```shell
-docker run --rm -p 1234:1234 --name test-sds-server test-sds-server
-```
-
-If everything works properly you should get the following output:
-
-```shell
-20XX-XX-XXTXX:XX:XX.XXX-XXX [INFO]  Loaded cert from file: name=ca-root
-20XX-XX-XXTXX:XX:XX.XXX-XXX [INFO]  Loaded cert from file: name=foo.example.com
-20XX-XX-XXTXX:XX:XX.XXX-XXX [INFO]  Loaded cert from file: name=wildcard.ingress.consul
-20XX-XX-XXTXX:XX:XX.XXX-XXX [INFO]  Loaded cert from file: name=www.example.com
-20XX-XX-XXTXX:XX:XX.XXX-XXX [INFO]  ==> SDS listening: addr=0.0.0.0:1234
-```
diff --git a/test/integration/connect/envoy/docs/img/linux-arch.png b/test/integration/connect/envoy/docs/img/linux-arch.png
deleted file mode 100644
index 710b83b24570baad3e673b71d2c59c8e8018edd5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 63964
zcmeGEcQl+)+cykLFCuygL5SW-5Is?YD8r22Ym82GLPYPKM2kU;nbD125~4>pdWqf%
zqPO=P$#vb|{j6uL_xt->-&nJpCo_BRqaXWs9QzDaRhGlMPkA2)2M167wX_-z&aKBd
zIM-M1UI+e?m{XVs{JQ3>CMStg*z<T5xVdThO6e62PDwQGnei>){+`2YZD$;uht1gc
zwKjXW84k{|qrCJhu)D#=`F0V**r%D$eP5oMqCZVR($zTiIvgKbd`v02eCV!`lTG4U
zSG$gxhEbsIy$$~n7r?;PH$u_HU`xO_KyuR|g#GU1hoC3c!%tHATA+pFieEa^@GvGt
zKFIdlkp+e3hgDsJ9N=ojLH!mB{?z&H?(J$72^V@kd$Z~G_K5c0J0I$LJ$jtq%gCm^
zn2D&1RXNA582duqgi-#zGLj*{{Jp|q_lMv9d#Obz&Hwl6Ti6rCwZE4dH$ixRuZrnI
zpntFYNMC`u=b8d>RmAp(rl+SjCo03O&-JREWFo_wo15pxDTf#jH`g%8mcKI>H@_po
z#3dwi>6bQ<5Pc%&Hb^*NAEPqy^_@AtHzeh<F^;xooSRJW%=ARG3HL7SE_T`d`St5d
z)op3}a$S2L-*m>IjybGsaBxPAd&n@3&ZQkOYGv}P(o{b8F4U$xWreq+{#eMMDP7hJ
zN{{DS!aK(&Cgzp@lH>P63LFeeiV_wUu5sJWNUOA;NqSP}Fx!+A0(Fz}39m)171Vkv
z>!oV7y<QGowk7+=niy>cM09j?LD3Jg=}#PDUTQmJnksx%LxKMo<|jZFx>mL0^|hwf
zX|b~<oc!?M;IZ#)Qy{>DHG`f0e$W|t`2$A9)(5u~TV(v8s!lso7II<FWY8OHzD<du
z;^JImd3yDp{K8-SCMxYG$Uv!SlsXq~c6g$`a|D^v?S^{K>YV=|D4n_=ZO3yUAgPUx
zoI`JEzz>+SQ{w8`!ev|@6Y(w_NmkiV-!8FS7~!FQYC_^sX<g@fg8O^N#~qJz+7oZA
zC(`@JU%3^h$iRf9of!StCAlGHAIMEOh>1Y=*}8^a_S~wexhbZt;wZKcW~ouNBOR`c
zBFtLxr)Y2>J|6aw3Hj+k->01A=dlll3A;VH3#uUmP5s1Ep?Edi8cSuL)J{t~O8gNz
zoQeBaN;dbLWn3CkYqWY_gB6coC+NJ&H-f(sTD*t%h+dlrECU-SP#&1RPe9kCo15<F
z=O9)Me*Y&q0g?0BfHR9UDb@K64Jy$#w`3~dHY_WDSGA&)`U}$rC`Sz1LSvd20up4*
zz1P@BqdqgVe6%1b8>;vtWb$~A0D|5+wy<*#m=Sk*QSSJMxyj@RR(;2$^7Lu6hY0Z%
z6O0s7*b!2_AshiU1Zsl=?1=k>srOz{)qr28@~4wNeCzZTCqAc$KKGn0`fgrI<sDdN
zQ-+6dpE4nYA3JAj;mKwMK2wgs<~@@axCaoop+_TRr9y)MFEma|)|(y~d#F@weK_jz
zk4hQ_{0jCp(X1ow62hohL=YgUkdNTJsl`|=rJDHe#&QL{F_~a|>W@CjE*ag#xN>!l
z(Ho2=crZ@`JVqadNiu`Jj;)^)q+dTxP&OLjFDq9>J@33NM1D1@5pqQiZ1_nG&M~A<
zAgSnIU1h<-cX3ZB0V8Uccj?`eurVZdZ?&pdd-b`?lT!bdIF(V>rlOw5G&Hi_t=Gcd
zmB#tIhQSdKwJ?wOA~N#5Z|mEpbB?#i_Qc<XWVLuDTP;<z3c5)KEQ*QR=MdT~QD4o9
zgF|Im2q%*nOuMlDBg*zYtwT~V5sa9q5l(=xciW5HVVsjsCo^OsACAQM%2|>riW}z@
z8<GlOtbWleiCJxs^#2f*7wWaoV_6+b?#-6K-TE2s7`nFhLfiZ3ug9^80hIL8&DxPa
zM!-43Om}a|Sv`eSJfoU%lR@R?a$dO0_gv{=E10{=c@}eYRMZ)FCoY2_##kf}8J1xk
z{9{wyD<HnRGcujtQ$$6rXK#X4L0E>%{bQ2(bRkdo<nYlguNOhwI&zeU)ANyojzpKb
z53eXIhHwyJj%l{*s8Z=NOBo)P46*$Ta1PvnzoMM3rgmhFb<t^1x1F*U(VR~3-Z4WD
z=h@y9B<$p|76s-zR=@2fUB=eW#@Zs<nBF8G*;A@sl=Zt;C8A`%-WtovLkDk~EPdnX
z1LMiqsN%J0uhD|^zXXrI2$x2Oq+;R(2S&-_;~Yv889$Kh%3tpoQ0`H{WtII75+$)<
z870tkyrUJXX(>^QeyLO)a`zLWw12kGO8I{9Dms5r@*b}5*o!Ws+0rn#fqFIPSwd#g
zZg^0pL@GhQ?xTYvWz_FcNaw{$Mv3~1M|>{dxpY22BS^9ApwM|hcaRrNj3+S7N@&dM
zI^z|c<C-7#;%`te@&cTvVn+ZJN}rpPf{J>h4i@<YdNX<6bI8D63P!RJ+QJpHzRz*J
zYwZq9BJSpC32;CYMbQ>@O84qV-({tEj^v};j=V$F;(Qp8E?FU~NrZ>`scA7iQ9!pa
z>2CO$rk@0}=CA>O**O-}JmkzAC>N`^c=DGs6#>tr(barjRc`H6@~;?u<TPI&zor(_
zEb6=;YlGo53pi2Rsd`Gy!m3SmGPy5JTu>h7fga#s6eHV(TpMUjs`BI{d`ACfzbe?#
zm){dv+F$s9)G;FL#kck`oy0hgU*n*yP}RCiR<SLcW&0uA#Kb{7G!z`aZunui_enra
z-ek=8Ehtj%NBU)5Fs6h8<(fXj6y5YR^6TEWdCuS8{w*?0`9Dz==kxz-*u3%Aicoj|
z^PT_KNc@KhA#s#>W-9PMuZqM<dd`|1l9w|Hrq=Q&B$$@JURNuQRNAEk=LF|p$bNbo
zgqM2j|GOLWW$Aq&jsqd=`9^kj_MCsL!~Pni-f`~esHzIPXrtv<;ARW$<B&B&uwk9M
z<JXkwWgrCrf_jbX=I0xpuh7-IUCG?!Ba|^FZtRI?xQ%~|9Sc4k5xfFi4%zmD{qBpB
zx8Qp7Er-V7o7e#(D5dvbm%RA=t-B{N8h#<O|NZ;-P$Q_6=jn94*FzEJ=8!dyUGB5`
zavFsD_YV~F`~#zmPt9FM;KR$FA_|^b1egrB6Uv6@OmxOw?07edKf=blc1tFyQiGEZ
ziM65%y`>94U=h|rgZi4rM*HPl#pJL<?|?YH^;AKXi@?U@;o1mB6E3}~FC%qSPmya2
z*B=+TA##Gvrwyj4>+S$!<NFyrlmUkJ!z=v=J26udy?~UER{}#rNm_K`=%mqAKt6%_
zva%RYfqSoHSg^M(82<3j@52Gl<dOx7`mN2)7O~5Agm5)Z+f#&K;NeTd=EG}!U0K-m
z7QZ6EJZ%Y|xW^&KA7;YY@e-y3WKb;^XWZX~{kRP3C@wisrT5uAo-t7G9|SznEatBc
z3<we29>`TZkjCo_6ItMM>fVYNhuCg8th;6Tc!#XL#P==dvYTlr5SP}(z?}9*ro=|u
z_b*L@nN^D(XNK-{Is|90rkO{pF7C*}75n3l?0>)62$*~)s?2dYQ+1f<pROlrwm4oC
zbv)&G9(J!WF3b(xWN57!9!BCJO=_pZ%a*G-=AnrUmgFt*nr{cC#PJ5aq&ZeJaSf0z
z+I>iJP>cL<2mPg)=|G-I+(K<<rI-pm!@{wAl6lKy`Oc2YO*WcpHZ2zlfO?~em*8lU
zq5vd%ouZ#549(CSx)wv6Wr?y$HN#LhF*!I=dnliDha+ISE3!<`11fG*r!>h=X)Tv8
z!4eOt?`6Q*vM)rQ2&ctLn5lj7)MFrSF(1`PF*oROa(Kr*pYf9zLsnm*FYj(PO1%BW
z&Ge9NndcZ;Pl?ykW3x4VUyyT%xW%1TwpMcc>z|zK97@zrM4S>MV(;TC87tQ)a<O|8
ztYJhZPkG9bj?RoF1dx@7aMF=&sLun<$W}rmO^@u^MU2l6M1mJG2iH^YK5m{3gev$B
zK-f1|f4Chi5Ju*u(<P)9{>{RnAw8*IxL7)EI-}o2?R`C>XDvz*WidY;*F4v%_6uRb
znT8U;(DE~g2nwn_2Q)$6{?6Pdn9gVs&RAC8pNwN_%qd}TxENjHx$FIU2v?zzWrt}f
zqllRb$sb+zyue_G?)USN{)-(%?Cr({RqtmrkW}KG7=?{HBlfXRO^Vkx<vW<$OjP1S
z9M20U`8Bl>GxF5y(^Pah)ZA%*GM+mc)=<X&9%F>jY$KlqKc*%gzuc`d+JM|*8K}7N
z^OG9_6XUd}yVTHvGZn9w*Xupw;+CDIDZ{m8*H&VtHz_&p^<r9lmcF{F#T|d4Kc6!a
zjt0^4Y?YlF&JH6#%55ue(P7zg@DW~k_fxic0hyPl3m;j16H@vZO$K?x(T}EyDrRd9
zf5W)vq(hU%^ar6}Vr<CCTE9yIi7-GeuKd*xDq_s|s<K7;uR~p}dTEHZRf@Zai`h|M
zhyRaTi*9Ptb=FbC<c)`f0{G;;>5i{rTMFW;Tc9sM-mfg_Wn~$}zOk`WmQp-BsA7)&
zLq#~cIw;GW65qP4oA$mmyZ@F{R0<+%B`X)zzIOPg{17aC4nF^Y4C^_<DYiY!|8Q6g
z?PJ-UrJI;1%1~fCUZW<uu~Qgg)h@G(DyP`K=2DxZQk&-~`Z(T;h&siM3w$TqODhuV
zlZ{eefi>NgQZ?V{5JNF+CQ2;2yd?ztl7e>vn2|TS3hNXkR@)wQG0s*jbWj)XhGA;i
z4olU+UH!Z;5Q(*X5HTjJ>TIcHIvSvw=58Zn#a=44bk2-b?2L?;j$?{JdYaqKR1f1>
zH(R=g?0BYmr$w`Jnt?&I!SDIkH0YT;=WggMOC^$?Hp*{wuvzVj%n^3XYfSPU&g7{k
z)AdqmZq$#`@xr;J(Mm(cZSKsY0$ikGB?d0F!$@BKDjRW*$h53xF}%Q_k(cyH-02%0
zLnSJof7E?l+5l-fk3rwce%$rS)5P>W#->o;Dn7t_+#@O1C%&y~amtyCeAU4$2NwRW
z5lc$=FcOwkZZ6oY2SGin-xwMg>G-z33>6ZV#VUM<159{J(#x$f=-7uSszjffk%>O{
zx%bPEn0)1mxf?S3B4eI6@9Z@-ZNKlqEqiuSB&AW`JupsPC_AO_Lz;MJM=g<5q(VL|
zURgs#VEV};ve9u(@mOzN_atrbyJR}KSg0Oo*s`imWK@5@dVEb89V-7_<a-6EP_&<z
znO}H}4C(m0YQqG?Df!wum<1`M!uieXr4P%hdi04iUj%c97>IeEz-c+qBmw1Gs`{!v
zktQna2M#v+R}f3Pw604PESj0s)x>8}6x~>KB%Dw59$Izhq}CTL4hrKL6S5*<$}@20
z)5v;7Dq!#*12+K`?EAbnWT)NsjJ0>M(9g>Wh>uqaoWJoJo>6>`F`xC<z7COI$2h9<
za&w&VB}6=Y{rknsw<)dy__YM_5JzU+(3DBy?E!eVc2WpEi3RZ;a9*Zs>G@i*d8%0o
zX?6&ddeXdoua(qG<(l!bC)vCPqDS-S2}kIotv6et2N^+DQlqS*co4T=X!eDlnIxXU
zEN?z0mKfO!?!eFAKcYRxM12mPW~H4S?&!{fRP9cB0Oa~{-UOwGx;U{r%C)T@XoW+w
zv^*r!(L{&(X(-P*@gKrv3b*&pvZb<FhU5OYKH(z35Yf;@ONnUTyK8>TncODlXHWn;
zKe)R}=EZ=I!h==K)WvugO5E>sc*URfw3nXkPC3o@?{&p`jd6|}YnWIlSCCC~O+iD;
z>-5DrGMgqz-l&Z?BpqTUT5(T)Y7^#@O{LZ3z20Z;TslWlY||6^kWFiLvaLR%`&siq
z$aBv4HpU=QEz8s#J`S%A4c1#kB($;Dgg|MZZM|ve-KbwXr0@H-2-c8i{#5Y3)owLJ
z;!Z~-VtE&iaOZv#)ls!44u&!JK<5M<$CR<g{NMphc-|a}j<K7g64jA~`oN8f;tN6}
z$XoY@F&|7m8$)Q9T&yyD-@V0V2mE1cObs6%9o>CPG$3R0gv8VcZ5qjNwzT-#ob}Vb
zv4w_X!TJ(bxQ;7Yq5PqAx`~j0_k}@LmQ1a>`wZj}C=U@=gO^8~2XCx<%MhZ@?fuK6
zieJZ(!vXXR=FW#2(%n!+-X?pujb1L;xbScQrC_1b>2RVKb6b`Fi`HGcRsUer4#Ekt
zK5Ra*dJj|t)s!cXmFpH#lp)E_DGO*?02ThWB;H+#R4;b8oPUOkmG34X-+ne_?QX`m
zt++azxTY;!wK|_YjlGvVF)hf9DtyoG4vS<&@y?ZZ@)RMMfBY69SC1awFK7#!)?XC<
z$@k=4Y;32Rwsp{Bf-n}l#r*fdtg`Z?L#LF9ikk3@K4rSQ$R##OGY#X}UP&41cGHpB
zRA<b)^_LMFD+mdGxT>EsG6Nn8e<sWP{AH#@kD9Z`rS-D3CfXAA<-rIOY_Fs!!MvX;
zO~~vNIZ@D^PJ22SOOx<c%p#%_VbuapFhE{IFgqpvc(5pY{=qG_GwBbjxI0Ql#@UXK
z<~2rD4%{eGq+wD7{k2mFkwca4euAOS3|L0$AxVc)8;`U6kA1LqJ*rHAc~mfykV~qM
zzTT_VT~P@B*gPiq7~RgXDwOtTo&&VWWi_^%13IjG6ZwxDC*&9$5&yuNKeqDNB>$Vx
zOR(lqp}dQr%y&nX_AU@3`Q7bXf;Bmnim+6;277}o@hvIP^1m+wXdFB2o-#9y;0Nsd
zp2n6k=y$8%<B!(E+VUDnI5*tXinzGEp9*Iep9RVh8j?U>jm(=}G<_8dmqCXh7>@L#
z*WS?*V8s03LFrAjLy(#G*m3+4$6kS`D?QlfW*BlKb7OqEbXW}T3tR>p9Tg-6is|HA
z=x?4*I0<VS%gM<dUsR;RFEB%wIokQ={FGA~=}?*6&&H<GSaSw8HX7g6wfNmwJosvV
zT3&a?f`Z>ZkG=x=D05^Xw_Oz3Do<wLXo$o90gJ^R1eh+9oyjx%A0F?u9{k(x$UcC1
zYR|R3<x0Qk+nC+3)Lu-;yZOrU-*<RS2r%rb=Vj#)A3uI<ktn^jr*#}63BKAheOtnA
zKVJR23HkrueEa_e9th>ZHFgXt)TlRT{(;LByj}OhzQQlIFD2~Lou!60`2PEk5a=k!
z|NW+x34ys}*DOr<QLI<%s#Gx3;8UApeEUC2_wyheYGuU#ne`ES*4#2VreOEzO?L#`
z&U{gj<lpW%)sh2N!*DUj&1KktTIg&#5;cED&ZVcSqF~Yr>>D3Ge5e4!lXhXp5Mt7^
zWYA5cqocAViScBB6&MjD>AwdPy>4L-tZS;M!cT;g4PzKf7}!R`;Tp6#NJW#NxNvJ(
zaAoO<uJ%PnYSi*e?lxg6s)?FP^P($6ec5bmQI7G0Cn06{X&(t@Ab0n5wy;&CEwHsV
z%VV9+%LuFOEamjkmp@_*wfvxBo^O+G<NMqa71O+$V@rq*Wow1i)D&=v9QMV^?(lwt
zzANydp<eSXNxBK@ZfzYd<@AEw@cUkMQR`JQC43^i=y5pv(a`&xC$7k69d~=uhck}*
z{l<;3%j0ATq71`}-&FVp4P+hjmf|@$^+9sgVWA7X;+N&u!7A?4@Atpzgfi$4$R?L7
z6)AT5yOeG0X2-p(zZ==&^EM1h7mY5tm6tB*%Azu+{Y<yJ<_js>+QBZN(`f|34|Z(v
zSDSTP)|YYvQ5)}ex!O{niV8o6n{eKPeU6MQFxNdm+{XF%eU8S+{l#{W@&7QzNMDC2
zFQD$Hu=?xI3bvhZIT;tqAL8fR6j<w;ts)VU>jI$_0bx~C-LBbjTQFf+hNqti2rIty
zW@nG<PidEE#s42X=b_jZ_g3Y=p}0RI5d6PL=mgJ{CB`LC2ZjDph`Qa$59*X*s|i_K
z35qecEYoK-o>6nv;)Z#?%9IQCG(a)_U&n4dIx#N6!TH)!+7+#EeV_h0+2Qx=r3@CY
zwSweiU#n(uAp0y>=a2NHl75f^?z`AX;Nba0q(Uh?X<77Y=(f%qtF~v<y&nvsTm%Fv
zT<p6HFgQj$N0e;eemhL#HUH1JS#kMliQ29T-Aj67+UY@@LQsAx^Tm7hpPxRn41*pj
zy<Q|6K~*T2)~<3O%4VK+PDS;1yd}lZlRx68eEomuM@s9QL3mkxy%?t<fSBm$;phU+
zn&L{g;pAB*Rrtf1pW+<Dax6OB)hrcC$+jPNu+<|<E2u4+Jifxo!g^~o7hD4q%i3W&
z(v_Bn)!gU<hYxTvE<0Fnwp2PdHinFij_Ookm7a$JGj{>NJO)2fxR8aB4m)!)F55>(
zTCVGJPP`hwxE}I|hO8NDxgKX(WobPF41?o?>!-DlwVs<Y`)-$*%(rf51$h#B$8ELe
z^AbnRG;)8cxzC6(Uq?E7TayF}S#Wf_tY=OnODvA;q+}+wQiA!R@((1*Fk5>U7Y!R#
zDy1p$AhF|gSwFg0V0?g|_)54fpZml6jP8|pf#tw%6_Vh~iPWO*!o<Lt<MhTqwZ6-y
z1FaCPw$0A6US!<mZ;6xCL|?ShewCs`)rGp3-lgS330mIu=^>5vkOh){Ui&pf+L*d+
zp>6v`S)}89*!5y`o%12ur28(26N_&R7wR|Auh3J?uB^N+;NCxf=|%xyb^du<|Fasl
z=Sfpq*EjjFE~kJ1lax<N6uhe$t6%Y61}*YbGSChH&2&|KwJyASk2BBr>^sViG6Z0s
z3%XiKZy8zVZ>6Ba)~eKf+}+)0n{M6N*xo*sEs1aKJOJu)4<{xjtVtJo)XtTKwdAvy
zyk~Tk^Ud$Ti98Y#)T?)oXb*;TEpPcA1vAgI-v3Z=pR`C#`S!yKxGUshTl|qir?1t4
z_mf13ub%Wr7qdl8;)f3>PwGl=?q<|TJm}(*cvnGYEsN~aay9)AI~Bnq$5X!h%$L)R
zm$WR$nip$^;VE0X+c2G71F`<~#`@#Wq7zRM=V*sb<nObsnd21ExZznVyAWsv7nLT7
zUx9fB{GsHRusPwDnJTW(M-P+ecv-92(X86y>?b$1k&38JS4g5T>HFVWxoL|f4YpxW
zjD@Yu_aY`Uq|VqU?G0j>=e0rv^mUbex40McPbyr$U+Xi?#T&a)%T^^8aCdIq{D-d5
zSPc^hgWB!{{yrkAlKzrVknX#_ir?mzLHdiTf~fxT*mnnip#wHvs;*rM$-8dWm5rFY
zT_p20PNT=Q^()70ie95k{u+3_P`$mUNq47Tutjm*^KRUCUM{>Jya&iH=g0B4?mU-q
z*~lHGg0cjCS<?I1&hN#s)wnrIN)vKQrrnPRVaYQ!$r%SbKWFgWcX?M4Yo`aosYn8<
zh9R}3K$>=uXU=YH>{}6N6AHaI?v-~4D}Y6I>a6S7Bb~+&+TZ!WeM;@bykzA>$S}ur
zI)roK#_O71yAi~Tr+I*BQfl$ng7#ls*OFg%4mZ9P%;t)QzOD$b?G4k^e#Ex!`PuXu
z!9Ua6E7!vDDc&VS=fZSSpXZ1s`K#qUyqmMLkX%^y29IQW9IQ9jM?c8c@8<ZdA=`SN
zqCLLSp@xoCcElb;DTZJA+raNf-g?nV(X>v2POZgfV3hp|NJ-FB-R1|iP5fSUTfP<O
zZdj+d+wk>C_!`HmIzzEO)dXBnn*ZByDIlNj9J2+$Ud383Y{HM&(BRxZIiea_vP7Dn
z0rpE(b%s>%X@hlte7*(K5!R5$*qb9yHhbH-^+Yun#ib!VPPJ<l!t-`ir$~_ju394w
zoa-R52iPQnofcG29kNc0ag-P~QDN)xSC?0mTU8SxU203M7LXS?mIBqr#h{1+6m-UP
z#1KL)Z{wNmJBj$b2X&RI-s6HWOpS`w%8G_<aG^(?Xs3fI{a|g6noB#K4%K$9jJ8Fd
z7O?Kc?W*Q8`49Hgweg7WB7^eLl~&gAoI{>w`84~lPW!Z@-btMAe2~~Krhd9FZb`Kt
z1iwvzn{_+2;|#JkEP_!h8z?ylL24H1_$U2|*9t!oKw~UIjAy30IT#Uv{B`@jT%>;~
z-H`<-#Us0<$riD14E`0%Htp6z9&zg>SY;}h{{uXzyL6WjGx1@x2%aQbCKuLIt*xd*
z-)U$iX`l7Fpq}$LEc6W-2Ete(G*Gc#PUKogT9laMD1j803x2BD?m9?HhsdsKrvD`9
z@~wF&DlV)0B0g;3;-_hvrL_p_UJksl)JCN1e5a3%07E<q<ng*)y^UwFfS)5xFKI7_
z7do)wDjP%cb8@~u&jaT=ya{Be48M!9$&;~R>RRH6rvBtSB_GdjpNQ^p+R;l4riBP~
zZMIU}I5j__ZDQ9Gm}kO~-XHSOBK{}02^Iunhj%u_1R~!dv#hhhDmYZSJ;=tfwZg_k
zV%5OBp#WA5(hV(8i^hEAFcyIhBj<gbwWeaG>eOv@Q^Tt+dx%P>d>0XWQGb>wA{F09
zcNq&Y2`ryPmDq?B>`lpIex2vjuzhN?o}lFdp9%$AIVag#R!j8Pl#Mc#(IKu?B&}J)
zFFM~nVPsvUILw?!_5j@se|(HibHf-j62X4{QYvgr7x>ko=7{^U=MDEZ5O0#Y$x4{m
zXNNDfTo>u0*(U?G*_ILBcf=KrqbeJ}7vhZMk1VA_g&+#<`0Wz*960_(zW6s_lmcCy
zazn16YY{gcCV!W+bZhm?bLkk}L3E;pzTGN#keXPIXoEVNF=P|9>8e>w+HFZCI5`8<
zrJj@Toq=@Gi@uo$ZjERU)khFG^l8_5C8Fr<6lYKACQ5YRXWjeKNNXwZ4I55%{YhQ?
zHnHFQvqc`;+uMpfxVSb}t8sWdcck}uo*<0NP~OtEf$*f!K^*_aUCqnSKcEe{C>#&e
zvwgOS6II>G;iQ>E#j-CDMy}jqy-+I%z<77t*of1GhIQl#XUgKA`Z*4MDT9;Dn5i_V
zLtR<IJ3E5+Gq%G>^RjK`O1mw!tvrFqcK#|9+k-|?UIRB>bF{OKNa=lN;tC%X@ssSW
zV@{rsH7lEtwa6zzCGL*gVh&lGkCfTJ1l1supNS0L+V@6ZYG8iM`LBK4@ZNj&^aDvH
zyQWk#_`JbuH9b40tRhUFYim1w+CJLrm$hVDC{^cA5jf8E|3#jKsp&)o9;lv>028h)
zdcXzqbfkSQ3sEC_R^eRjx?EjEW-a;Pm{=pOPnc*ZE#?C(h^y|X1fK+V_}*Vhk^IeI
zrNH(#tu#BD#?%_U?`hoclV9&3z{L3yT2aH@nG4=$v)#Kri$YPP@(27ZZf(!~O#Q60
zR9y>&Ad;)el*AKynL$uqrcBD1&EfUf!uOquQkBs=6>SrZKlfr$?JGGqV9IVxPAcPe
z8^oj~a@wV0Zy3|pIc9T2=ApsM-@8;;d~y6b00iKl$%nu#Oj8Gf;L~@BoQAFFGIDPe
zoS<$rb7S&y9<a+la(v_v3-8QO&G-N%;DZG{`5dLz9R*?eb`C0BgtH~bvTNdJH^Jq2
z!+v5qRh@=wb%fd|Y{6oheAi(iAV_B-;l;2IeO@!kHmIuUwXD5!ZFBR8>b0Oe&oyz>
zJ!yWMB%rD{{ZLw(pK2mOKzd)c*rLofHea)QyVa@ZBE};sw((}SszzaFH5Ub#e{_CM
zc}cCh0zpGgNQZ!^2E~;bkd&mCMUbKlW%A8~;<~SOswRo`xDX%QO}t-#^wTcb)@0Yc
zfU`w&r7$BFGck_-sj7perf+Y21UxBCPp$FGzvW6va9K$S`bvH1G_5q{t2m_1CyIF3
zg+pI<)hW;}AtE4e<)1@Uy9?zO5PFC)-g%BkplYWn0D?IT-~xMaaLtW7t;=>-TM)Xm
z=JxDVGfUbAw#kTcF+x%?PGED`gzV14@Zl*FlA@54J3%dCS2;S?fN`&Mq8F=H3=3?V
zY~5dvr&u)QPf3}Y->(ZV3bQVBKuEXqC7>}(fa=F4^m9O5ezJ7&I#q;0A64sE-f{~1
znmEgomGjxzk<dlB3tl1mGSq<3wps`CD+gN4ra`zo&h3;87HyiWxo#n}y^R;$RWX-d
z%XE?I3*>qk3%M#j#acK#BtSg>$Bebjm(l<~l&k<n71DOzVxse7{yB5zb$POVVR&h{
zm&1?qpo81@DAMG+@Lz}pVBUT;9ilRgnjBL(__3QQLK<DEpmVvgr$Ua46NJrJ{}-)z
z#g39-&4JHFS=S%nFHc>$kgLT1Wbz$C1J@JS&)AMOoN!;<Av?rrZuStoipU{Q;P2vB
z`{6#3#I%c3-`|7wm%n>-qo>Us@p(kk+?ug^?GI?Q>AEx4aix7ttGK*SX|TLe5otYA
zNKH$d{DU>wQi3`!a2#k!!yq-o-H74#@xFC4CokSFNwxU9@LdCK8iugkqoDdb9X8Ks
zwd%C`2%lEY(L_@s$;^)Lj2;{wavRiX@d<qJ;uF*NdH1fovNA6#@p;6jO>&H*+8w8p
zKZhM?6uhT#m*p%zW_kHwLy((Xbnp*Q4BzQWAb6WcYAp{yql6e68})G@B2wkC=HVGi
zO({o3N24j@YuHyGU2ML~Z-|>_(a7lbTAi0E{q8kNvhDdxd7tM2E8=qFqNqGk+ERyq
zPe{h)EF*AT`%6IWN4P;`?sV-Ndtw4Wt!x!^*B_l<`uvtSn{7PymdE)P1k_XSDvEQX
zvkY^{&Ujx<uCPB^|FCCA5k!J1s=GM25;E<Dri7t_PG<h6-lvGbfWoE7IKS`MlD_SA
zz)be5u$w6<>OpMIt9j9qItN*+y<Agia$X!;c8)7J)kyD;8_Ybtkdrvy{MdVj`~C^J
zQFCz>En&#oewI&dW8*f}_IO9r1^;(Itj*z2`>9+Pq{V^lERfI;btq5<lG?+FFv7)w
z5mnX&BX?DYQD2D@7**`XSw^)9O_x!9#E?Z14B-=)0I8epf!x@=Y-2Kjm#KaP7#lIW
zOrf*7sMUX4ubr>%iE%NmYONhNe-Eh>ejD})e<r+8ekIc5vE@6$ctr;Fl(;Vna?5vX
z-L?%nMD#oK>)b)g-1ncNq|+4AmxR@F7ouHKp)W*5-{DCruvRW6ny;Jm2(mdBk?|mF
z)h)~WB6?T^i!=h0+XtL<-qzeONbwAome?B~VL1{t6%rO!^D~%|YC|H{Y8MSII`e5f
zN&3^`OYYFC(cmk<CzA53N$a0tlnI1I%bg#8(Y&R3s?puSEoHxj+KS(=cME^ec9SNZ
zUa{szwPM+tm+oMNKb$5=DRgaXV4PW5K5cGrrp@eOp9dkck@c%s8Fb#=%qQKel6ld^
z=}#BIQe*Za*N3D@9yqb0i7HM%wGo*+kAg$%D>>N7tN}AwcU+eN`yLvehsHJTiTJW!
zAFZ($hOi4o!f%hVmOBlQAQ%%gOeISd<m-dh_6C$P+DqvqDXmz)n&qAVShrpxgWla|
zEwv%4w*5&rI1a9d3I`|t(dNKB!ZXYsM#dYYP>v9v%2CJ2z27F7<=MP>tUt*c_hq+8
zlx$y)H_H@~HD?}zl5tLPuuta?_qm+^Xb~vz2XXQCt?M{Jb#GQYX$)?wF4N;*)VYNx
zTBYs>h3)Pf(8`?Tg`8YSauc=3Z>RH;>!^>;VQan@Gj$rP3#1i*KTysu#9ROQvaK;~
zPuk^0WSj>duQ>6?ki!I`ObA3i>#NKAj&{yY)4Z6$?&^CYABX2!Es+syiaRvh0ajb^
zD3lfoK$;5L3dlj-t{I!Y2bn&Faf8zw2>i>%;Ih5Ov&KvAMenUe->n6Sqn^vAR*6f&
zOY&oh)APppoJ#JCO6F%rmz#~J%*q#;8K*O=`_C@tBpO@}gU&A7ke9lr_4*g~mv#>?
z&XJc?^|HS&XALikHV&75Nt_8@S~4sCcFTBw-mOU^_P(oQwBgT3m4#ovFV<V1&77+^
z{q{ZPzA#-DKFU1rka)NI+wdaKGx3hm)4D(T_+-|$?)zU`)Q4Z|D0i$TCOJgJB!oe}
zXc{%$N=KE$(&><>uV9bzT!`t5O~*lu?HdvH*g8M1^!}K{p94L7B3&|VAuAc7)M^9I
z9zQ;nLy0D7d05}gvNsKGQxgeZtW+7LP49^1Dm;qmqjV~Voj+BfDQeA~1NoBtluCg(
z`wMI9<&8@%G>qkwDSCS7S<0h=u^=JfQJs`Q^(5UQ7~f0$_nzMCuR1b5s?@~2XlW}}
zDZCq!Ef%kGCtF=UPeq<VH1}vSBF8pcUCk1<3D=fQo3E~ZG1Ht~DxSZXFC0?_{-K<u
z0BgyQYpW&sj|KxV%6spT&++As8|PC~-2>(QL&J+~ayv0yBH}scnaj5&IJYhRin4U1
zA#UpRFC);&n(o~^;p|0g3~7&v*Cl5=>x<R3$Fxg7!$p~q=9vl|pR5huwDkmhdx&!1
zQvi1;q=h4TTfa|JSuB>gE1~=`4QeV2`26cUkWrM<d%|?9f<EiFq`mgY)5*t9t>{I3
z+ys<p>nX!Q-tWzIj`3vkVX(dRxW>`RA&-p$*e!Ojb@{b?8f;KWIa5#QNg8fnwYt*X
z)@A*)c8FTQA5y-6&pi-U@yxePiB*cAIw5)p%%B5ax&Y3POJTtjuJnYp01agI=K%0@
z4nQEIhQ~->CHv4L0OY9}aPLgK#5&`J!;k34WW9r>8DK4voh9yPmg&d67sr*bAS_S?
zMw<s7M_>NJZ=T<DHaue9y<EO*k$|5Sq_Tk>80~x=&hzYeMbPJ7mlwWIeE+<vl`QyC
zs9G4rWckBdy>K0r(>yu*6+Uc4%9^KxAFWF=uD`1Z8$SmVD?|78ddu&WKbtB^>q@Hh
zmbJ91_lFN_5UCq`KJ|Cx{WfPXnB8}h-}JuC-I1*0OI)l*0o}3Wm`;1OGWP}>>RC1o
z=dRPhOtOKi$4KrogtNf#;ZBHI6*%#Mj@xUr;7_P2D7?V<piMlDoN0l)-_ANm4kW}$
zAuV6o&#^*}84XNc6&lFIeg3renKh!4-<BOnYA6iAZpnjRSzon?f(qtEY1ax?-fYk#
z0-In0%dOh;IZM|t7SS<s>8wE2J8vBf;kB<q*&fdDVvHcipPC<uc+@GDoP5yw03T+`
zx0q#)WY&gjGMAO2f0vbO6vjpMBNt&Vs5sD%RCCJ^<B=x}91!`pBX7Irv=t^gMmeN&
zU$gtJGvSFM_wzY|IF)3Ee<uz^>1S!W^k$Pm#Wc<H+F%@!lBY@+3Sc=~Ug0};6L&*M
zex(!C?`DuF%d&0~->NkgO6Iihel|YfsSP@xL-ty;hvxq(3Q4~C?bib)gl_DxOT>sn
zQ^!k1E+NzWWq$3+g?D@!_8Qe5q!i%&qfGbgFAo@z`*WW-wjyMfL?y#&O}oV_w_>0q
z7CTxA;QWa5Edz#+of6z{+PPuR3Swzw%8pQP&kbm4X{{^aG_#-ue=fC1{U4T(4A5SQ
zGi+=%^Y;}^#GW96jbDS#hqK+1;|5#zWPxDRJSyi!`Xyen<BL17u#a#UbXMVwi_`I7
z&EujR=A_Bs6zD>PcKbO#EDp-C26c8yp};cNq=YF1YD;FNU8I8t#btc7tEMoZT(3hG
zWK{72^{yx#0W@}-A;&qa3t)jQ)sVt=`ii&)eSt$xUoHaA>FcAZi4~=3@A4_K1^B6z
zy~@*v_@0gwafYvbg+*lr%JCNJrLiIc{rBvQt?l-DR_xCu8r4u!OCo~PmyNIdK6spB
zQd@MWGT0PN9vb}SZ?5wU$7GOzFYL-7@6HBGKcZEg`P4D<{D!YRM^;6CPH9g*a*^s7
z?lD{1uXYIrXY+)&%_TavzIRh06@CQ1@GzdsDIEGV{5l$@?XB_WJWF0#@RZf*l^3Ff
zirv9iIZJb_+dh=L1(p9SYSfu;RQ=E`jZTLDW&FQ=5c*yEbkI_|v0`70FMznDkmmE}
z2+Sn(%nbsiagqEv1q-G1?!@4k4wNQmopZOPT{rz&kaf~?yu9F5{OgkwXCVK|ubnP@
z;z}W$(k|X}F><q$P+GQu@zXb;0v_M3Zxu#B0YxDC6n`dVT4}22Y~@+Y_0gMd8K=;a
z;UMPTD(!v+WDrRl#L0q{^nPb0i`1L@>opp$%=158mW>z^CEX_DV+d7j<x3m;RORvv
zA7Ax5(1gDJ&}s{>tVwGr-+bmU%IC%ZR;5Qe-U3;ab5E?u(h}d2V`$Kge82Q#XI4m4
z_%Rco$pnBlS1gVJw!cFU6Mpw4q7Hq3>a}OtnR-$@ox;;ECtH;^{oo+7Zy=Ri3|jk3
z(8fmTafQQ*$027cY3Z2%u>4}DUE&t-lOA7EeS5zmAC9hG?R<0r@AiU7`ysnU0&J&;
zli}DHoH-=MC=TSMt3G+uvOjPPrO-WAYpoG72|yzc19IV~8XHMMqkIYkDb`&iUbBmG
z545*JRK*Y)n&^eyN_R}6j7)7UaQEv@AFPr3?A46oA+t8xL?XNzOds=?E0{lR4CyJC
z^(5(@D}$N8E#OsJMoHJg$&wbiFrqj~|003G+320HTkF7)nN;(|r-;fMgdp4R0{9&O
zK6u3X;y$$Otjnb6<aSlOMt>5zN!tUt7W=~`2Ulaa>U3!sQ)sj9%5T=(IjkS1+qP$y
zV~u=Qw2>CkEi!mtuWEG^p|Esp{!`&8LUZhd2ot~XX*=T#rX`Q_pa%yw?yp|T%ua75
z)KN@epCko%j8cUj1qJO_+Q>=^dEFq5h$1r0Cdf4>wrP%}23*xKk95b{>SvO?$I7L5
zwDy(Cw_=9t=`<+9`HNM1=P!!Wt8aU;wOCu^&TPK{JaIpVIJ-{J5`{~%eAaNig!6ap
z(4-Qo86$h2Y)zwoK``@wZ!&d@(QF-c+D8!MBwy`~YJr&zv{~e~jv(5^rrYzZz(&!t
z>(`Q7LGPq@=49e)o>Q_KuSJ>~i#u<vsj~$w1Ft0Radh8xP;K8)QBN1rA=-Et6ygUL
z5VhH>Xpr7#*aqVQAVZ8X*<r&+HU_Vp1ddNX`d9aAP^f_T5B`g&9B^Slm2#+O&I4yD
zHZ^*p3+@$<YHIDiN2?w#&DCoW4r)b=FlG>E5;Z{d$p%-x1-n|T{X6_82*#|b@+NTT
zLP<?I3O-!u>Zf%UeS1%J5ZY6f5%=Q7i{<1FU7&3A52O35+g-nIr3M-@zTmtp9o^G6
z?;1f_)w8me_WZGMOuZZ%jecJC<WMsoS=*prF)8N4x|Y0oI!%+X9c;Z<_!hF=aQxUO
zhV%383#6f&2!3bx&i*#q&L?zD{vsy{z`=`O*-`tzw5(;-lumvS=Y!*=jmYdVgB91U
zTL2j&?%m6pQ+Rz{UQ37lKL2N`&i3sTWS$DS?uVB2{;Hu*eaL|@qDbw1?RY`26>7D6
zF5BNUA}cqvByS)q2o}~1&`5n-r0U@p6OJe_M48fhs*`o$=QjE<ZiWwnY&f3w;?m+D
z`EiX>Ql49WBY<fy;mqUZf2k*d)l_n3v`-Dyc$EDXQ3qR>rGU}LwKLNjpYqts&W0_h
z*O^csG)E;LET8yLP4c%zzO!A^vepHrngyw~)6&>$pF@AyiH+~)J-{rJujxh%(Fiir
z-v&+jNP)S3Sxa2ll;9X?aU8SF3aceiD~7Da(MV{tbVoB+#9zy(!N303)b4|(mMsd{
zOOjpCIr@8C*5shgiJqk40_}kq?I;~+r*{6y(QUK=(zVupxOdBY(z3$6qO6A7)+g01
zP=WvSOHO<CZ;gCIUn9E7cksod%stg1dT2NgGnx)jYYzwl@Tq+oK-QVc?US#C^RcYU
z?WcEg)&9f16)jf|Vq#1~NuyiTWh8CNNW*^MKkNk9S4)BqtIe&L7r%DP*ULsQz6F+L
z@0aQ!m>URovtuE#x7mH6wlFcJXgl0XAI%7KnF`)4n8S$qK7WFk=yDBu5LJ->em?se
z@?E%h)@S`{gUjKKYgQp^23H19?Q+=q=RNZS*&jV&&@LX3Pxh!`iNTw_)1Rs4(^_Oa
zyr9iq5=2pco8TV#;EBtLOY=x$@U{Q)YmX_NwSHN*R8m0&%A=@_{JustK3uO<!W?}z
zkXvBLs>w*Ffq_9Y@;*(`-qO6-N)<Mm%Gj>4cE*SJx_S<N8DdN(3bT3t{8toz?WXPy
zTShvK%_LE>q^l!8U7qKP8XcnG*m>rx|0RS|cOCH2Nf&9;jkJ3Se4`v9wN=rXS!}E7
ztt^P;Nb_q2m)FG%4lKaCKn?UC&L6UtKI)BInQt{Vx@3#B1bWbU^|o(01J3Q>{|&L(
zZY@z&?Af`Mm7wiH)^61~tZUn8G~dSdIG9}fruyJu=$!fvK=mz9w}9Ioc@J`1wC$3L
z`|C07H~=&6Ga~X%;&lwqzPE+n;(76((*3Rfpt_zX6WeD!h64iIuS~*Ufwwn;;0E6q
zB$)gNzhlA9U;tntz!Ym=^*!0x*l_9^!cJN=Gc%_@b{hEZCCXnYQ$*bQzaU+J2Lm7X
zL}r^@d+;#a%WrnJj_Nkx&d30?lu9=fJIY0~;8!>GWM2UG+8wWKxawB;hgtu_(|{;Y
z)Og%kP%Efl!sdN4acA&UStKIFZL2{8+uDFF#{O-Yxx&`4KGS2VmUf95ZS>Kh?SYZI
z``QHn&&dT(`vU-4;*X<OSfq5n8eob2R6TFK2nH}NDj=3!!EeRqu#?V2_U7knK|jBL
zKPVI)5|c*1{EMvu^2xtY-tQI}!Saw}>py&10?sN_Cjy5;y3~mjOYQn=w@&U@ED8d<
zZ){fz9fJIKcX9)m!%ykkzm|_{AkG{R<_B;NMe)QNrTeF__Tq!~aktEWr;&@E`MjVa
zoQ*V|0330j+LIM){@XY~*s^&H%o9z^@`)L-$AC(i^V!v%#GX)ff`)Oe=4C*q{gW)e
zAJ+R2Pmqilo&_QxQl98b;GC(GPTHNVM3Xe@g-QljNAnKi0=YoG4PMv#(GNkK0POTv
zq@Hn;b<XGg^OXwMjU3)zEJl;CXYs3|e%7(+WEN_i<C1xY_jmrp74dWYu6}rxJD;Q$
zVI^XCx?`CfH=Gp9=ot3(M+zyYxmdrpXfQO=|9($rg=F<!!v?4Co2)W{Ow~p^7PprH
zGg?B)(w#1cFv+a;m7s`8jZr?tNn2EqI*Rd1JZKxAQ0Qv!>iG$Y3hT%2ffIgkfz2-c
zn=XGX(EdXhr7J<hh1fsr4c%fX|FbxxJJYl^0A-})>8fKS^5z<@ML$aeg;EQsI)Wq7
z84p@s3$IXjS7nTCT>&lJM=p$ZWE+HG@PFLD0`9LoO+V)F)Asu+!1gRzLHeA2yTbB2
zvNUwf@3Y1?NLpMJdcyY8lHRr?jyny?CNAgvM)Y*On16V~h8ftSjV8bkhGld#=hPQG
zFmGE2!K}^NpU=&_GSU_^37qqtpMmN~llk_f(NKa4QnJC)6&A$a!ecnnLt3^&?{c)?
z0XQ4-7ZA9rWf*+Jt<1pWRsw5Tegoosnsh6vv}A6_v%R9ZuEr_FyuiRTYd9=y;g+ER
z>(YLb$?iZm+@jKiL^Kye@rDAhpEPx_@8zOIspvtkN9zsMjkC^Z@u#}lHBnt5zo5=r
zqHH^?yLFZ(lCBytrf)JNZV2{2Ak!x53aPG%>pTwog4lho+x;_EH?m8NJ2ZfstlA!O
zZkp#Zq_0(?Mf^V;%e>%hIQke(j%(zwC3=W4VJuf3Q2W--HC-m{5*5Ke=D(i?(t_};
zF97uwp`YOIP!{fOpvX@yaqt0%9za)|K^RaI%(p}C+yc)HzO@Kn?HNQ_>UZ1I+3A98
z*>s8SVUl!1J$KXc{XrVC&p(SiF<aKw+?QspoNHgIO0Y@KgoxfwoJhZoQC{g;yJK?e
z3NxkxnjmJX9kCYo``2R9V)(GE!J?K-n*zKRo<yBnS3^|5&L-siO3nh7plL(TP@`ew
z;lccvAY2q@)LeiOQQK}sJeVC?jm)t$i?tei<jx25lkbUtA0pAGACSw<XpXcPf2$u9
z-_tpWI!hdsr;84&s-#K2aXt9c%13T?S@Y~5t1qtrc>Mpvu<+S*H|1X7oXq_!^7XoB
zuIoN!I)TeKfh&#P>15^ZiD+_qRRI6Y`)M-M<2!<9<X*9Dxws3hr=>e+N?*Ci@9S8~
zCmH_rgOIPo(Cfh%pkGwy{3QzOmz1p56~QW`*jTW7^rckG$f|@?d$%ntOJ};nuCRk-
zvhG$E4@R4)%+skf)IMl5qjFcB5ypU1fe%1$Skye4rV%YJWQ*`Xe};RRO%L7g0xIc&
z*b0R8RRUg@-z5Q*m{#c#=D|_>Q&xkE%ILF)WP2J`J&{aKgeAXDBQJuoRJ*H9L8RDI
zK{P>hGW$I4Vb44|H_4@43|DN~{@W7;IOlcyhSII*55dcWmSU77Mg>>MA5dYzHZ2Si
zV|ch)84zP%E6-If%Pwnni<OMnnK_>yO&&_H>FW~#$H{J-?FP@VkfGwulW9YsE6M#K
z&=dyWz3uaLlWU?KfN#!o%hLf0x*yN}m2P1B`KNs%e<Q>w1MulK24A&xz{%N7R~r!F
zd~`l{JFJ_!>^Ll!88A5oYDqkz_Klu<J<f)a3kBIK3v=VsK1aXE4J9HLfL^O65jVr|
z9D$b0vo6}u9B6!bNKRu&p=+~La(O?aZTv=DT(KQCQUY&4{5;X}VQcmce{xNLHszPT
z*g7-tjtAZ}0NeRHGT&W{M@#5(0PU44*jgeG7g4eE^YdQMfc{MH{WZ*-67bo)U$ry9
zC)R=Uj@V<4)(gLW{Q@2(pf-f{{FN%ccF%#bmuQZJq4)lAT*`gX+y_9nCiTC`BK7Lr
zcUD&3`uZAH+^RUg2KdhVp=*{6r?YXun0^`9iWyJ>qZASsPbxehZ^XyPPb`<f4hR6a
zNG;+yAj~gY08bcrx&3d%&FA*2cdq#OU-Jh>^2Da7SF1ZZIs(?^<>fVi@jj<YGKqto
zhzLf7VV{w3j&0QNhX?V`ZNJx5eu^+=Wjg*+3S^z`0AQ?uJ$&%rVHm>K&d+@=@+ghs
zW~_h{XV{)t>|5*U&c1!Uf)TkrFyS8dds`CT*$iKsmK!en|FStk25eaKPF^V$drot^
z!fA7yf4}S)GHBla8locqCL!@o2s}u6ver!{&t#7V4Nx!2fXF*kT2=8q{S~O&n}j{L
z`R50V^nM^N`NN0PmxKgknuU6-p#^5<AWqVBxiGi^4vdm4OGt8Ar3D+s4_JZ4v5Fs_
zNAJe#0AH>zJBR788;7pNr3h2nkYQ?pj}KpmQTAXJ6v#S2M8v@Aad7%XCb$u~a5M#1
z=<QBO@|(#=QB*Aly77uA;YV)OB0*Nvg=UcIO~t&Q3Zjh77l;sqlV1p={x(D}ujj2!
z)ibUaxDs^aKvQTO?|s6}sOv6OT8aRBX|UpBI*!-5QZg0n^FIW-faYK{#Yu%^=d<$M
z{k;7g(yuQ0F`Rm#%^W5oL6G}nxi-4Wx_cr&TbyGNGBY6>gvmq*hLb0j4eFbv6^W!3
zG1R8XoRiX|73ZkQiRs&+@C*jwSnr1Jo+!z*RzR(mc;!LoSBVZV-AeRM*c!)+$ejE{
zgbUC(7IXCAoYll?ikE}kY*wv;G?U-q-4k-q%fbrz+_dFT=pzpa7Czs{1lpJ{6`2&j
zO0P;7o^dOWSDYySV=eW0zTrjZM`hSkz<wE{??KcGXh}XkaPGZhoqJux1)?GFq$xIp
z?rBjEJ5#Z92|P+X#KUt!sSP`1%YTQI9=JC@G6%f@!V_r;FA_JrGQMb_=t)$V=q{iQ
z`5ZGdTyKe3j51E#{JYYXWd-muRLOPe0|yx<D=m=Tv~qz%dVk;vg1KXMHmfJ5zP=vN
z)pYRJ<7OSeFoORq17cP*Vf&rH2Q1YE$SHN;pn_mUldrD}=oX7|@>|U0(38Ax-a67~
z@8V84X;52-txfXQ3yW*AsDM*)OC7W)!tiz5U3Du6G02bb47RvFwIQG>PMEa2-s@0d
z`bymx5ShnY!HQQ_V?qMcc@0Ha5t|HL=ex_8-{P#S5EbN4+NtIj5oO#I+gfoRCZP_-
z6|$63ad3Xf)8mp;JUAd64mCcuHDSKXcs0$mIo4wVxhLCjfcp++xmx>5MNJ7YJdpqT
zGx2j>??t&xR%}c7pC2)>lX{8s$ci|e6u`8V0NwNWePscCu|O2Ce}8f`bG|6y^~cMe
zzJLzUN=l&=F{0l<Yi8+wO=YDU&<|_*NSgoW{8IY*pqJ`ccAI_u#S%Ls_E3iyZyo#~
zsQmUvth-o#tXJhQd$2+GVWd!hVrHhd7e@}<T*%w8T@D<Zut`!1h34>60N#@jcXi3S
zLl)fZjop_3o`oee|2K9=r3DPxN4rddX*`khHNY0y+%8rpa)n350McX&fiua*2iBP2
z;NXj`N`t-T9e`;3(6v<`^^?IF@n6_Sti0T|0ctbNjXsxC>y2Dv#aK69|5|besJj9!
zy+O|_E*pgb5|wv==@K%B0J*HB1M6CNj$PNSRZHYbSEzUNI98nnxAhub4rS%v+{HeM
z=H>PSZba;04B&`#fB}R)EvP`Je2-cgBv^q(k8((bt<8wL;|t-D0`3ntt`A^ASvgms
zz`yviJ^6y|N*Zmz-hjWHO(PpPVV=@Zog~6t>)spu!yn2Xx>L5R1<-l7n?x7_RQ`eI
zN#qn>sS?(6rL+Njw_*>yxAR}~4J`o>h!mHXii>e6AHx9NXE6u_5C2{(Fi7999-%`h
z+1KKL#N>fe|2fKj6?)Gm-Zu+NSsqqz!mnICuP~?}a0fV4pkVS)mmY!4kYdMrZ{d5#
zCxWP;|HDLhxIhJqB{m*uBm<+n6kZI~ik?BDM5B(*wL~@Auw{P_>MeSv&q-O(r$|Wi
zsj|zukIRg$fFrxE@}Zpa|3lYT2SnL*-&%-(qJX3d0uqt}A`MDPJ1}%gcQ+D>w4$`c
z0MZQI9g0W~5<_=4N;mgB;QM~x@BZ%nSAm)5Jm>7a_S$Q&Q_B#O?P$r4q!cZ;w=q8%
zcc&Gvwe5=m6PM?mCb|xAW<o+j90b3lH-McXM+y6w2W%e}5#S*oN=rz-daZ#o-%>PP
z${a!X8b2JInQ-K<*j`V*Vzbh<v<k7TnYB-5N@YsvNK@ZH6WE~Xh{Dj$2*u9q{QF~6
z+gLbVRqph6ar2Yq+^c0li_3o_&G*HdLlYB;2r{~TnHK1!haV>{$2sRwLzY8s#+uGZ
zU!qnyb^D)GJkqZSTa$Tlq#4b!6%VMH+Q?{_eHbZ`28u)2JR-VWwu#i^9tF%14g_wU
zV?^EYul|r|!D*;f4Cm4L!$b~tia%7N44d?1fizKE;*DTo-1(=yIV|4?pkMJkz6Ev%
zF5l@A7WW<KVo=CZT#<<^MLOhdBWbc%atc_K3?vh$sg&|l)w}w#gUTxqN?X@J=eZ<I
zA|ftoiqcrl><#_^YoDb1F<#@dBovs~Rc7kH1`~J<Ru$|f<K8AL{*!xE9FnlklzQ-V
z{oh=~N<S*wexb<>MMjYHXV0Zs>pT|E$F)I}aRfPp1|d~~cogB;JSsFIO=}(W<;!I@
z&30T2u(2F7?UT32HpB!I<6dg{We{OIK!lY`@XqiOaRz`*uog2?!0osnA_Fc0pF^_x
zFn2`8%?Yl&%%B@f3a%xYWp+`>j-4B<mC{sf@?Ofa^f_vpvhOP#F-P6d4oOn6o)|ch
zA3xo;>#bxsP!gH55DN{y>X+)c=k)q~5v#!zm(xe6|9Y`>V3#B*_((;4pez2a)006y
z5><hpC`XnxtrjT!Ct-QH;X5~@MmGb}H<*O@X@Bcm4EyX%Cl&iSrQYr}&9c(durJ+i
z{$A9X9AH|KFqrcNT>i_<j6Q-y&)QnvSndxkbc_ck-pm0e1R^-rk0_Wgjx)&EU!Fl{
z252w&d3nQZH^v2)mgoH?&%u}2PDZ`Qlh%xUu;37Iya10r+uIu!0G$m!h6=N-3p4^k
z=mqNX>i8U0=eDyvK29!w=C>}h`NHro4*3hNSo_i7!z{+riOxR*0A=v4ph)^Z!D1!*
zk?UbP1To3O@1jAiwHW|~>_y_gUjq-|HsyJMu}dO<yx;%d5H}cnNUa-s_w-Z{to41*
zRN&Y3AH@1nOa}z}$;szI>UYmkUWMzzA(X1|72jq=fDg*K`uB69-S^fd)j^vtdK-$y
z8J{!7RX{%21`Gj^rI9@Ys>OM>*0ZcS*9Bf^N-D`21i}AcbCAn^CqXHC{6YlQNDE;>
z+Q-QHgP!RB0a#0IY;2PB8SR1V)x4K70IuZa>*L^Sxq%S=G5b8X{3G2BFyoGE=P-ca
zWwLtyF7z%q_m!Cc>r=>hxVZx+(os%8>*ZPl^4&0a@BCY1w}H~^(xpRyOfG;l;BAhM
zj@$(J`A5%Pz8oZiAiC@?3kFrV_)t<K02ne~vocxy<La~kg}Q!rS(qxJ3VzOLxi+so
zEo59`GbJo(LBROw0qho{0=Sr<3W4<ru;L<C0dJqLiP-D6t)~L`>?G$hO}M#04$%x>
zoJZ++bS7@hvS(g;cGs%R_|>t{AR?N#5b|{!zE451a?CcG<+lz9Bag7#3_z*|mL2sk
z99Z<TR*e1;1@t_CzXI(}2{$~n26!X=0jM4@dV`4fgAOzVQNxcVY{A-m<Vejt?UbiD
ztFAvb{^YsQx!$9$r@(CXTC)dhVv_SK&s<-dnx2AOt#Z{sX=`RlRZx82W}hN^kU6c?
z+TGlVd$|nG)n$Y_QmCre88+2#gBMU0{^C1;r9s%-+pW;A%q})N73PfIUP?la&r`J(
z^^T!Fmf_au^hp&)8T=DG&w!pz8Vta3cIbyCySY(=5Hon)j~G2(C2cNQ7gOgx-Hvt|
zF1t~3TwIS|j%}mhX>9l)TdCYI<5iwUC?5V(OyeRM#}D`HQo1#oR7>Ykv%JN*lk_B_
zk5f`_RNnI-LaV;F40UJp8eCUe|7xR*t3lB{`ft8yL1nxE<O<UyI5<I^ly$o^T}051
zaMM!+<D{k_o64-02Fueh;}knQ#g8cjGlf#UMqlHy;-#LI<_(7l(T~RnMdSvsWce+|
zjg&qKLEXT3O5<(Uwfdp8QAMB<*<yyP_IlkWGLo-MP}wTEJb@C#S77Mo_#UHE5o``V
z3?T&o`3i7RkC9$GpH4?N_W{%ql=R$ud*UQ`JhErVxPtIHEc<XH@7aRWi(KjZ!<hv_
z*-`|+9%|Ue$oAf#T6bSzB{S&(k?mvqpvIDf=(RGq@-9<Ne;&5r<8b~W;^1X97s{%q
zy?wwqjodDh(6X|zY@oSKcDtWLbcY25Dp!bt1T`lsz->#`6f&E;d|(3CXlV6<CklCa
zBzbw*1gRP7Yo+^@zI&wzNbP|1McG))s{OE6Y_`i8dA0c(r8y(aGSxrDZf+h$AJa^J
zBs$B&OoXl!_AMRHa`Ly#{}dUwm}?xcjAg$uUYn9a{osTaRRs!cK3`Ez`LlC$05obL
zcIs}d*HSqXXcCXVl5?m(<2s?6wsYF6P->Qv_q(oa%N32-${Y@&s!Swp%DzVv3Wm<G
zLvZQ2vKNgMzLlX97sG~w$VAt3k6&xNtQHpKl(~ht4q{*56pOyK^{2$Xck817=xtjq
zk5{>aa}QO7jls)?8*<rA4;htKW*gpB;#d8ge!|!x)r@S(38B+77%>gvf|btkj@>FJ
zG3eIN1Y##dVfrm28o5`t?o1wyPbzaq(=t1KkZy7A_@$LER}BU%+&yweMXd!y;PNC7
zPIyDM%v-rZslN4PwznSRHUl`iiwFp=Q`D44#3ztM8%2oD$ZevaLS2v2<6v_R#A{&k
zb6}qXQX^F7eM|-`q>2fE=>v)OqY6Xjhz>G$V-P$c8ljGBW^pld2QwQ$=uaBX*5HNK
zKBE2c2ou0UDENvb*Am;r4V$O{9B~Kz>nao=)AwEipGohJe>2s2A@To>jB$Xh-};<f
zclP@upgR&zcfUDX-H$vk+JW;U6!`mF{`~m^Huh~fSdl?Icn-ugqtM|^p)Bwf{^5dD
zsTKOpU7fJ&6>p7If)w-U>;!aX{`)8J(Yd!zaL;k}X=?wYGZ?VX)SUsD2BL93YSz7R
z1vxz5Zvq5D83nk!wJ12PBcRs5_zsbbDnSVepe{;t+1}69lMVP!^$K7<#JaeJey(#`
zQ{Tcf1Qu3&7|swh><6{<#qWb)1bnJM{4S}l&mTCag2-9x4v#O2ONe(5uQ>shB<C3o
z%4*`cxVY0V48cI}B<OxLhi1+%LBvt*KlwjQZ0Gd!wA6e6LI_`)PyDTAHqzGtmO39y
z|M$nJ#5_Qr1LO$>Ie8oXI9OAVL_zWWFOenxcLi#pDdgnC#l=N1>emzr9tujHuG?JT
z#6qPI^oZ)*fLIFZ&lYw3)rW>Y6?|O!UJ^T7>x=&eF2GDu<gr;T`6HKCqz(U;<^OPE
zcoX@!BjR9<wkkk35KxE;{|gF)f?0a=4Eba5$OU)zDC)lEK1zQly7RwwhVR`{-26#E
zP#w#2GClW~SP>eR4}?S{qdCy2e*lmLQ1sJ_a>jo=E3SGp{2cD{`>BKJ&u=ff<3ZV$
zI9pF~f#5HiZMUG!DBSxClo$XBTaNIwCiYc99m~32=*`&v#T(*~ITsLE`^dCRE=~Mu
zn`@7DbXhbBeW2L$NNfji{TGlA6TEt$Be@HhqIrOSq*^~QRs#c1h+_H)3bi{2SWc&1
zpfIC?8ZPH$mcT!ZnjVh_sHP>&6Hae!{d$@zG6%X?MTP;=(JVaXdNLd1P!xT3Aub2?
zG-jlv^aeQ5LPm^t&<~&98msfrzznpkuiIbVf}V0t-XD-*-e+0=tjReu3AV)6wl#OS
zGEAU7h72DKK>vSXDsiw=XE(M{AdU%R2HxF)oI-)fyaOPB%9NwUKN>W845R;sx$4Kr
zQiG~D2X>MT;^%>bpFcu%)2kI5Jb>0OTRRYzB_Xb1D~*-#A_+2`cjnA^71@=Obzq32
zbVv6;dAG8C!bpUMO`Fv5&tKVB-p>jQq!|y9FBZ8gUH&A~_Jb8@dcppm(xgJvQL^Jy
zQK7YIVny@$r(|{W0;E2p5T|k@tXWD=Fu)9)mf~(nLZK9zd$3!%Ci4Qkyggr&N%_+U
zKrk~Y7NAMr+XhuTfGi3y<{U8hE(to6pe9$Oh^_aiCVL>Z^8@VtDzNXzCnlm*H!aN&
zT5im)(07_OHJN*C%5-j@=Vn}!tgfJ(p!!HdKW<sOu)il#D0sPTqlL-pHZJbnRVK$2
z7vs#ycX2=494)D0gRMqbb6V{SY;4HkFZV_>-3%YEe;KVE6)myKa5f^Jxek*DEhI4S
z7qFZ)?Ufmo*N;U#&EEw+)Z|%>+Ya)kY$zKC$TBlKTsnmUq%KmV&><zs2UGn1>`a1d
zcZ>8-axfGI)m1d!x0@oeTJFU2u;ZwZcE4(>@vZtS)Ne%8W7SdyFpDC=Yn&#D2|LyG
zxOiln&n8RJE|3}Mv^brub>&*z-^oyw?iqO-keTp=cYS6iQyFY9z!M0>EOX9xo{P5R
zd8Of77q~mdFB7-%Ww1Jzy2vwPbeob4%iPNmDq_u~_yt2Xp5|eh_xO25n-vCK;nh4j
z_-INX7z@JN4W<ukE~WWV@o&{@9D?iom0<Gs?*bP9!!rXOJBGbkYfhZI;H^KXz|9f&
z$=GiaeCz-0WRxm4M;uhrEXL6HzG(ijF`i!OcMp480$w3!jahOe@HGhWB;&JBQG??&
zRTyDZyqu)6VsW;Z$rSpxej|CX$Ghl=T6FaCI{N~WcyYkvB>-6ljNGOEeYL~ov6k&O
zT$zNwp?W{}C+GE6hB#RHM$Lh`I*(Eje5_POTicp)GH-dD|AZKvk+#ifRI|A8-lLzT
z7uxoOCxQfzG7L3zM<^a5zfz^A0+kF@_onY5oc``UOEKn*aP?;knnRSFG<=cf8UU((
z6|?`Q$x!?pjx#r(uH@r0ciY#3a&4RifFI=O)@V??)NleFQcFpZznbT0EWDrcw&VwM
zwZHZJ`dIZsqEuLJak49T66gD}>4a=FvI_8eo0Xxz+`2T}SnB6vZJZb>dZLZ^46kh6
z%n5uh5l=otraNfi$}|}U8o1>j+7s)?BMeBfyP<0@Q^uFkY+9nFnY&;3yfdvXU+_k0
znL9`y!AX$v{tM?aC6lFNgY^9!6#aKgwQu8tAic`nTfGOx(p&%J-F;7Rg6oigEdXo|
zKVSv&K&<}`s^NyS^D^Xb_1E75crY+m>m{=SDk-U-LhgWwTfO_g!d7ZBn4wsv=neA#
zje`0p3xNI?E>sD7;H;cmvHVj|_5-1xvQe1)8PR!v5#-i?+ctQnOE|<VFJI!2g1Vmd
zOoQ_RDg7lx{^oSQncWXz5L4<30-=b8q)Y&@jz`^p%15Z!-vciJ1TNg7nV~N8rP9Cf
z1(XE;7e?Z=Tk1&z$n}h(ROdW9fX3Da90*Uq=5T!C1k2?tj%uSRd<J!rrdlbc)fj;x
zbib!n-dR@{Kqhee9gM+qRv>KdX);;V^!X=jTL+%^t1ilY5-<>Hr(7)?@0+<EBIYP*
zfyuZB(w^~*gxAVyt;-+16`l_ewgU1cCa!Fd&d+JBxM?C-?IrZ9TAg7PGHLKj;Hg-7
zZ#n#;c<^A(-}4-LfDA9xYU~CkO~Ef=!p3|}1I%bJ2UXeuR&%5zM4X|gK>m_D9Xipe
z-8>u_e}n|HWZl&v*Y1QLOXh+&%<p!rED6^Cxx9=Bygfez3-X`l6AO?e<w;ixZ&wRK
zoE{a9>^NtLDgBVc<J2IOs6lj^Elf>E{h)1b))nK7nnpA&Jb{&dVN@~rV|B$b>AZ6y
z27IcOnxjx7P)RTidRV+7Z^(eRvou%vjK*zEqUS(&Gqe<F<|z+ylJ0|e;1PN@Ryzpk
z);4R7et%=F^CW47#8E(<LevWS+?UTgg`oo3t2ddffJI7Vs^Qnt%+#FX@2tYoDrfNc
z8Cgf?flP89k#F;{)ZFD(d`0iu#JjQupJoLu6s-qZQjXM`tvO})?sL2g8>HWIbD=$#
z2_!rMWyCgRU41=k_2K%S&~d(}_G2?wDe{KYgMay!KyBcYiu&d%>R4x;quH*-oMCU!
zU&vlFsQplMN4<vw>6AS(_M*f}DW1`kme^z%>0-Vh>yT4A;uQ5GJQKch$In>%cGpF9
z94=~{)#d+$y)zCyn(n7H`EN_l))RKplOd>@WB&`NpDfj~RUAvdv%y6D3OMwc8K}z5
zxQI)pZ;iU81<j!B)2lO`yey3CTimLL)-($O#b@`!#_upXCzX3rBk2O=HbEZ+@)I4p
z)7;!lbJTkNVYCn;8IMkb#<2iVmi7p|_ar(LE7E-`TIg83kf=usE^VnC`j*C=MpFak
zZ5~I5%vD#4JP9%-L{E2=u>%M36~yufz0r@FHsoY2H4iv%8t>WwD;{p*10&Aztk)8s
z|AET(;Ax7xgtT((fpkFbU2zs=8kUAwspC>j^*3xq0plP^j0!*GSWLPg9=Z-@0kg!2
z)97MQXATPE4hHl2YkthhO)?H67-O}rnJ#-Fxjy{yX#fql{^>NcQWRnQ3rxQQ2z%~F
zzlhihUd}yCG#jF1XO_L%uB*>B8j&I_*Bnf*P|E0K&}#EL(8N=r#~8*OvGP)}#u5Zs
zssREKleMydNv7Ov0mYhodULqj{nny8sOj_7QifQScV5}&H7xL)u3NOjA@+OyF8Q#(
zo6h06J73q;KeZ>IiSF`yv-Bmo&=w`eA}2pcy^l_S1qVSwxlV1CGL>X>iCFaMq}N&E
zaHDol*@@Qj94YyOnAFVq?(<%>E|=I&8r_C<<Mo)NO!9q`>)wvPffxvcwUkG+*MyYL
z%P8PMwCA;1tB1Hckw|j$quzMEMq>lWkV%Yn1GgBr03-x&mK6&Mqk+tL=mJnxf&UXp
z&;;b#mvMwyf&zF5z(#;Ktu}k}O$J$+KUUB(<=Gm6ZU%`0TnG@s+X<)4u+DlVXHiTI
z3;yos_s%_ga;v4=hSifBhg}#;*W{wB3TTq6qNQ{{$h?AIZHS#zu$8L=3}1!X7#{93
z@2R29tq{}KT%j$j{lXAlr=>@pP?7>VYb1Z1ssGS*s=qk=O*(OM6?Mn#rN)`+0FCx2
z=iB|F5;1O`u(5VWOjvC(_{;WBujT}v3nOzAp<E5hGz!o{hj!~E({%!LE!a`!O=MV@
zn3$mMWWeIa3|OWdjDz8CRocx3jei0~cGS~`D7M+wo$tBE8Fa`4f!y`q4mY7MID$XQ
zIV21H5lv^$gGTGS=8sB(%%sBri5LCU0kmSS4YzAKZG*Cc(CKu-CYnh_0JIBfZv7%)
zGC|$G&9L(Fz6I!Q6_ajz<Z0bI6!cD4EN!Ptc;Z_2CTxMMB+els3%sn_`?@RKQZ#M@
z&K#t$G2%{YB=ra*vi!Hod`Wcm>S7&GFTD~#=B8eDdxz1<bAY-fxV$WN-y-1`J0LCU
zXpOy@joay5^IlX-HnYNkfICGA-iZD5Q)b9RWb~u~Dd@WY;g}WCJLmCPrM*A_3xs`A
zk`2NPu-YN4Tc8B~4w~+ulyVR>LJ0}&GkQW%VC*gEuNnpezbAgCW-4Uv=cd-eBS8I0
zK>=UW78o19(&ShGRjt7f0Rz|M>pYQ!iF^z1rfR^d9v>t}nZJrcR1#veFHynTxS15$
zox&ph>uZzUzIEpWsy2UIcp;l4r7TxVPEJ0&aaBxmPP{)SRzXy*5X^b%%VEZZC1~$3
zXowk20sC?)B_BJ-`|fg|e3Ty8M7>hBqCwqqo&oJlIkM(`GJ+JFx#h6qpuL#%!x^`v
zFWe_ZLhr7Yj}Hr6QuT&trS+HmW`go2q(^bZF&4582|s=95pWu|xXw6ut<|rhMoIk)
zDnsW)xRRtySldTl!b$O~pF$)FpP{O6Q`|LYwB37yYxL$ivoA`MkSQ=ybSGzSF9TPV
z!Y9y7%NgjelsFeGhZ6hx)Au>f*hZwCDN14&44cuE$HLKAV#85*Wi7;ab=)l4vr;Wd
zVWOT*`>LgD?J<FVc6f<~bvLu5i>RfY92Cmj!)Ba`*4|#U&%mIrfa!HXT0K01{R&gm
z@OOf|+pK6>ktUBXZlMNzZEZwDdA~~%{=8l9WlHgz-K*bi3SFBneDicYP-1{L=!5u_
z0*yydoVk-oCdzfp$Fz8Ib{X-XZik6zz;cL*p?)KQ`Xp)55^+K&f7cOvKB-2TF<tAV
zTHle&pD9A|j`!M0aK@`$2Ub-_sl%&Z7tFXqVJ9-kf?F@2oUaR#rr&H^$%j|5r{EcH
zo&X3K{x8h;D?Vds;nnC3G_|PE%$SE;5(Y-r2aq}J5AE90^C6Mq(HdDra7_&AhJB{3
zv{$F2Y|ZU99}vR3A&I!?kTqyb4Gbrh#&(;`Fh}zes^n`&N;C(3x<}`0LBXhy%MMp=
z{v0Maxy=CViI2agU)8K^$2Ru0l(aD5>&VT<dXOT8Bo}i#$xs<;Q}_^OhQeXpk@DPo
zMr8A1-Ha1^Acd-EEJn5b@e*RvF!S@;w4m!7at4{*n)Sz61V%4m0)R-sKh|)RnAY8T
zPvqivv)+hK_J!;6uFPCuH%Fuqb5qA=``z41RN_lFy$|wq0!N&5N*61HOmI>D@T8nY
zM3OY2%U&f0{<`=kPiww+^@9DYLDIz^-R~!R)$)1cW^JSRdA;<7xgWm?>N4-56BO}H
zzl&(W{fu||!5%U9SeUaq0;Pj~n87!5@Zz;wq^0q0wcqc1&DmYM*>bE6PM?8w8a&7M
z103GI8#E>X^VNro4iX7s7-R;pJpInuvUF8}T*vTA=`>jcA)1Wh_<JM?*K4hZUU|&C
zGt#OhB!BpVcb^wVrIueUbcP9RWQ=&cnVnJHzk%`(4HFh8Or#cIMqQD=^5*72(stoo
z(R8W-l0$y3NF&asr&P)1?Hp6*0B^cwhgAKitD|TnmT{?*!XH~KHoL?3tre^9*1x@f
z0Z$|#KN&+v!QF-1XNP1uXupQ5NpBSoB(XEe8p1igwloPuo5}6QY6Jt$*wro%*|x(i
z%`F{XY=70iQsu3`vKSey63G{kMH`HjOa1V)4}-%Jrh0jPSH{a5ASzL9PtosASQOAh
zKin#Y?7c#aUMNu3XQa#6w_<)96mwL>!epS5((|Ko<X%#eNDoN0k84u{<4KWexS4ho
z@q!7y;exA5Pt1tAN#_`71B&>9orM2gk54WeCwb=YdSTQ0?U-rta%L}RN17Gy?<KH#
zh>{U@!wBWNS`xUlK7GNcs~^s`Au!W27n~X%O}6YRBh1shyqr<3K9x|Rf~Jq36PRS8
z<Xeu&HPqba6faLs)z;s~slp^MYT4-rK*Vlk9q_1kSV!H;R0}>w0s|&2sr<Uznw@8{
zbNsn#rEWdFaQ?Wp@iVX0=edjx1g6cBXl6G`s*!dN|5m3JVJ$~{=qQ3JTLY`vj^+KI
z9L*StoR=OyhdA2#DHB@+H3SyG<a_7i#nfX{Jb65Z%zk~mIjTC$8AXjsb*sv&>MU&=
zF+Z9jX+{*^GQhsv>?9-)oe}uDM#g8Cp>FMP|2m-(-s?}SY{Gv02lPrxn}fSl6PRI^
zM<17MQ$LCLA21a&dp&)0chyBnX~(QN%gMqS_!77iqj3`MB<*Qm#dU}<0f$+3(x(Tk
zAB$jLe43<eOMiAeQ4jBTIc%ZU91{U&%-q~+vGRn#1eXL(!5l{Zj(!+-`+&EJa9LL&
z_JP3iJYCB9lC>wkE<S-cdmzqG#r%`$+NDm~rR(~P09Ev0#S{-G!brfiKgeA(Hymj!
z-0Z#^TvU0Fjje5WGgJ6-h-uIQ{k_@s%QqX(UE9j=omu6G_&&-j<i7z%yk%MZ2cmgJ
zv7Gn(D_;`MFpZ!#mvVOEj7XLUFmD`XbAAyTHb-Fzx1-d+S8eWc`^kb7bDRoTf$gUx
z-Trjr^Vif*;)+U!u1uhJJLP6j;Tf&4r!H3dYAAeIzV*T2ixSKWf~Yol8Dk-V_Hnx|
zrHCXCxcR3s%ZE0^f<oSQ-%Y*5vp;)5RQ3&Tf#xS|4~t6tp*93zF5Th>b!R2F9pNWN
zGBo-Kx@0=xkHbT5`)=G&C^N2%5R&;QCyofRt+rcsC|XsyMSE=*96&hfCh0Q>yeFK_
zJ~m{WyoUm76>I;Us7U`A0h^e+ClUM8c30tEbD1$(qSD-OvpR`B4+W*iTp3yH{;u<V
zE3FZ+QHo%5*^XBpsTYFv>RL!D=-t2DA81WFX%PRR_&4438mwU9GQvvg@aE3y6oF!;
zAY*NMTYQ8N^E8cKd^<1#VoF45n`BuR31km$%q3>v<X@kIPpobSIK>18F1IG>^XX(n
z^mS|C^R=E&@J)XP)o>H>CE1fI3zMk5NZ{6OOu9Miw!P16NyA3?2zgMx9CDLCT;ulb
zf``A=briE{m8Q~ah=;(HG3_d^))VCJBRIdyQSX?;VojAQf3A?eR+{91akiJ;L}kt&
zlg8UBv-Awd7mo%Fz+*<;im{G3tgHqWT~w)%nBvXF^nq$U&0DAoH>-fmaidrQx0N&u
zr)zR~_M1ST^P>}d`kR6S&;3hhJ)@fW!DE{AjYLIr;WgDN9yE_WPv~Ib^>k3$`XXr9
zW<U*1G^LE8z4jv}v*>G;QifTX(9ASy)Aa!}Z@bfJLOWoV$39=-Ur>Gj17SuZR+2dv
zRkbkOVTB^Rt-b!#Omye>4^yh^`*64RZaH9&YmuMn2~C^6vkzy5>5YT0^`3G-14NG9
z^Nt<X+syTrhTx+bL2X7fgDbfAN@wTV;B|3IWQKoV!2C5?jGm5DcAUdUTkRB{DXKVt
z_l0iS7}kb)K;A<*m)s0nj0a^l=}G}a)Mnxi&dN);To!XK7q_HQL=edd>bm1ke7oNJ
z#{<Z}{{C*K!cAS-n+G@JfMkPD03=TL4fA&romU$|Y&Zo{ZSwz+h=B@>{=#E-^?tnO
zf<I=Yqd^P!5$^-w1*(vfYtUYeX%2efDbST7THtNRj;GW&ap@c?6izaIX}#=c+}_2P
z?mISXoaj|`@x4LWQ|GuHsCW5!{>{oHsC~43di4Nk#V(|*MBkT5bzMN`Nc(R^aamW^
z;()`Vj3Ur1;dBg7x$9CRAexy|XNIrBYD<B_>RbKw1^<zeAsnPK;W(h<cVj*2H5}(B
z7Bm{JiE-MqG+g_S*!7+Gd$7`<KgD8R>itt5{0u{AqbSZna}dm85-g4H2Uf5JnQ_7J
z!2(}>uHyIRWe1QvOUu~3TG2g!YS-VJtz)UVh8IsQV3z7QBey{>>bTWk68lPohK&NK
z(i{w1!p*~yV<o(t{bTOyx|AK)=&KLP^44txEU!Ic><I<dgG}dq`K86S&vXMIk+1_s
zrxs!gzX^Y7E%yi74AZG;rS>b3Axvropo=6MZ~U#bE@qZnR7Fb(V_#vu{}A?v*z2ol
zzZ_l_s;WExyG~lvZ+iuH^y{B;p>u{MH2mS&cG41jGb=;jAC8C~+$mb?c!2u$R=Q~}
z1s~mg8AixDUP3{%dVe6FY%>Xo%_)8)wykq_V2PYDkQC;#oZ|#zWKhVV8PbNGtT$pd
zUGdg_{lZ=jD2HeI$L`Tw#+lOPyRFXVayc{_mvM$uN;|o9x~Vhf^)Eia#_{p<uNp1@
z%?HlXe!xe(Kr>EDHIuI<ubKEF;xZKFC(Ed%%WUw>`#$FsiCCIFE1-3-<-6LoOi8BX
z+Ch#Ne-w2@aME#E7-b@0b6a}4HT6hWqb20DB?Jl2B?}T4TmN7=*OpMO@7pFmx9$_%
zPI~&hI+^SxXOOEypeZElawA4x%xfiqSLxRY%F2ukAy+9iXH|iG@kPcN$3`B=rA5hj
z{N3*Kb(p}D;Wc$u)c6{?)9D`$3Wk2=O^BXh8l>UX#ua~r+{zk8iuqO<%YJc8$#h66
z;_qVQHpsZ~U~xJGt546|Mr=EGxfrJGr0f{$T8qyfQNo<OUxPA8wixG8qD$H8#NMii
z^-u<d&#07SM~1WvBjBTYsxyrqUoW7Aw%Uc3FzX@gB$C1-{n4evd7zG5xvDil;|<zD
zhH#v$(rH5p`zef-MvA1>wY42bpz+3uDa%CR%lWwxK6OlaW&2u#zJ2SBQa|@k&H(z%
zNhaC{x+C~cZ6=W7ANgq(BhsHMSq{bQ<lfvH6;)Px#BINjDU{1sruMZ+kDD!MQN~k3
zW?Tqo5x=+XTmX3a=M}mEo`ZR5ooORS3BNae#|FQ6pC2wmGSpJ0mhAVJe-}~bo9d34
z_=6jNy3e-9+ffsnd}yJg<KCusT6z+qjzsaoPKsREgv4dOV8Ob2lSwhEnQP0;#*oZS
z+;w2R`eW?nI5XoTrY^@WDk%Mcqv+%KG#%~6LkQXO8rbsau&?K8nf1`5N1iLdu72>P
zl+Oe4>Ij%2ME`jI9PXSN?Xw0JDolh|F`Bn_Iq04_Mhav0F}p+ScCMDcWE%H#VinNh
zL+#(|KB!`RoLx417b#js%=_~c={Q9d_3Z(ypqioYtg&(LY({b>*Dc|wfP}EGp*H`0
zQ1&xpSAnmZbh05TTz6-hK4M1&km4#fNTzXM46cUh)x_I<Fl*t{98=Zwv71x*B2_7*
zq{3L!MaXJ_v(}S_L|^_qfnnGbmrZ4deCb(j*iLOw4QIs^*{*b4$Zv?sPg0#+qb&~+
zgn?2(3%<fxHLEtj@wIFH3maT>kf?2wKgpY({dO0ceN?$`MpDLa#8Ja)z@vE0@BMTf
zO8Gtk!ug~Otv4uKHiEQRqafTUvWLH32_Xy${5H>aJ+HY8Tf6`!K)$J$>}Lr15RZ#F
zHZPD~YA6C>7gEZ~ZtB0|v_19dB$jI>X_eE$%T<ktn175{ES>Z_O)FYPOKL4t+s>PH
zmSM#}_XXi$Gv|#1r9h-zkBY}sf7*}ur}*Kx;V@0(*KGNRXtvvC<B{X~YBi%+eV6yt
zuEI)(^~qjtE0Y^$3Dfybm(tDkWgnN-%G-T$DlOIoYS<5BRPacgDu$8o0t4huMZ<-z
znw#we*2&b;+V^<IKZ=*C{X%6w<7Jw~BahIY`L#KMxP8yPgy6g2*|*Psf_@3`-wrS%
zVbv!_ml^jqw05MJW@O#-EqZVHHRsE1LJmePn=f=W1Q>JhlhDYclrJ_xi*c-3wCWBM
z?{1)4DD3MP3z^|(IipyW7UVDYsZ|9m#&|XvjfmWZ*WZ*H>ly!?WsUU-8cRcd*Y*wq
za*Hw*cs*p#3ni_C&ITx9*6Jiy0UaC2bErzUvSk9>wYzok3&HEFRj$JH@xR{otJu<@
z6q@CHc}%A=3^c=h(fKx*qa{DS*ndQ*xgi3N`o)}GPeQ9pF6}*=*hZOXC6Crj)GYVd
zB-4dteINDDf!Df=-L+6o6QIr5i$kJM3oUbAZpqm*CbuU`h}JM<Rei;X3fI#vJ>4*L
z<aSGwLQZe)BQ{U>@R{w7cuCl;s5Xw#Ab%6}{PCa&&K$q~v~+&SD%V7NnVZL&nHT<4
zEc(YAFqaA*jbq_TLqCL(;7qD5h=n@!oX7&H9INZtUQ7?{UOI7fTzM=w6}1mz*LkJo
znuE`@MI~6kP%H#jR-|yMgkuH~Q(_QL_VWdqIVyY`6WfubGt&9UvP7!%#V*nUDY~Kk
zN&PBM)?({e5lMD)&P#zFsT7umKT6HXbZnWfXrt2ma0d1LhkuID5?Tg3j!z6~G&bE!
z$V3D`+F`7p&ANj~as@WV7n_GkfR63IZf^d-#fdr47x+$sE{IbI<px}SqkH0t*cif|
zWj!|_b)v+f1->cnBuD1knx#UQ8&Y(=xFh6V0i9Awt1$6RgrccqHg_N+>8``KnVyvx
zhQ3hrulXr4K!SMG>DGwoJ;b$Q30wVCKu<$G6Ve($HMUa#!-L^xP&@i+eId5?Y8mb?
zaMdSPZsHkl4!m8tf8*!2-4g>OqMlvk)M^?VwEqZ19XCuiNfj26xsgI_qukmrBYp^9
zTz$aT3{pOniS`VksTo~2p}JaHlxu++UMKasIPc>Z)2ZEail~YJsXE?{cg?M;A^V;=
zHtdQ^_r0X~vCVwH8l;t?L~}KeSm+wvm}!Amw`3&`IAA_PSMG#40isf^#ND5Mu+{Z2
zceA>WKW99<>%sh2RAwUbSA|~~m&D0(XP6Md-jpHNjM$v@EsbBVotc{5{R7g~*XMLw
zI@}eb3;`5p`t1}RvcdPSrb2gNa+a44>i<<!FYpiM1f)Kda>ETW_2Wc`nirpz<Y4;}
zeQ#}*QCxT_+Nv+PaWC%R>|=FG!uyhhj34TI-c1^`w-tw#N+mD1<qzyHe&c&|z2|;(
z)^X?9U@EdQu(VJwHX?v$c_7ilAUU$%1$Lm(NaQf6#xveF^aFMCke8&RhRaaxFXIZj
zMK218K)VZau`I0x>eT)ppK)RVH6{l7g1%r1Ll`6lVwfdq&84OQDc5J{(9+EM%T}Cm
zoIR3+mS+nVzz2zI-B@!;=^OhaP3fP&i;buuw{e?1(+`-1%J!%m&Ip>NJ<6S+;>vVD
zNHf<REmPstovy)5D4sdHNOr*LalR05I6sT9G#`A2t3h&vTl34R#9|j^L9}$D`--M;
zO9cpSG+J2e#!oB!!I<p1)8!f=TIg(30*GU4*=IQ{pk9Msn2$OptH-iWlR6e-6bGlD
z-ur8kl3fL49cFDs5-*3BN_)cl<zx-bm53OmMQyXUo8A@Ubmm>RswGo*hAR&`F&1*@
zThHbP;AA)7*z!;}6>A#leY8%eqJ)8B4pd~wkQlBaP`7<^S|IY&y+?hm2G{(<sW<fx
zul^1};my#8hXN!(fN`Fzho#DD+zV)VJ-_^2SjZ8$I&<Df#+#E3`no{cd#<YNmk9tq
zSuY!2E=2su;s=HfI1~QcogEDA&Z%ixb^`ryS;-}`oT4bDnjn=wpDmF?-#3n(k%aM>
zh5|Wqyh{(lFya^o%s-%ls<5}7L`FKltBSzL%?_i}+a5RFaQ#xukho9u{3*Q0zHj5o
zeb!`sx1FOnKB4?!ZhT>t><XWh3Jm+2qb)%l?yhgIzD`$Oy`%_LAG&kY*sxnGO^g}+
zO?vev%=p1@)edmb9@U>RS168!ZcT)3-g-{SMqNl5-w}jLkm^zuQ8r^RBS33O;YCW*
zwkih~?F`3j<TQxA>|a+!295@;em29mrkjb!tCV9&kY>JHo079Fde=0_Z0FHW`ua7D
z*Siv_+R~yaNRu(^Aii{uv^L+HzG}Wz6|WxCL~8UHPq}c-il<yXIEhus-7TB()w@r-
zd2gz1OVC+WaQBBR?)4PxF@OI1id0dvO`klHR5e<8>KlrR7hATQ-!M{;yfqS1N=8;C
z+Ae^;@juUJ_(g3baXtSHnFWV>p6i@Sk4HnRBLv3v!xHc2_-NxkLrf|>P`k2J)8dT7
z+*K5TAH|EFB~UOMN5a#D?;wYPq=&P#{BtkcfuE~0Kh;2zGF*~eE}(=qctJra`O?O%
zue8%T!M;MTeg#Om`8la?i(W0iUY2R^-R%O{Hs#bq%{9_yxOI53UGv?^TI8i6+&gv*
z&VMqllM<@bAkic<%)P2eZRSkn+8+ANB)CQmo+oka(YLD|m~rvN*vkAQqN^peG<uR3
zNBIgb*Nkc|Zo6T3;RFBC>Bnh0+DHAwL8W*89+`36ALC*>P(ETJ;V4{xytI?F^HIHZ
zr5I~cEaRtPQ2A{?&0mm?+O1x&NwKYpV+viYk{0>i=NrlVbWf-yAFy5^nEAbZ_R1oM
z3Auqd{nQ9l4MMW_HgCEuteZEf|8*bg+XcO`#I$QG`q}*g)YG8$*G@AXSW=4kAV{)L
z$p&Ttm2&=t<+_xLS^`IT8*S1W+(IMvwnN{2fG~s2!CUgGH2#shD<g#k%X;z8>|n~S
zq<>>5_yn{0QB&_s?OSW*C%qD+rkHte{2F=pQ6H(Tl$~dRPpL|d>D0z+WgUiHDn~Yg
zBjL{LLkYp{MC3QYOl>jP9S7A53%D*^W@qNs&3n7P^`ET?kxcb3a2fG3i2LWGao(Ku
zpJ7tM8{eJb{jPqK^{2(z%U$jp&DdqM+R2{iDY4ID7mrx!&wC<H3tNI}TmU>_0Go3H
zVst{P-m^YUQiAY5UK*zJVG|r#je0B^{QC2*vI%Cw9nq>?r)V*i{ra+~6N#KrjgN9`
z^Ei#u=H9S8)`jJ;D|gdVm$SY<%`|y=xrn;q)XdARoIX31FW<d}Vtcu~qZ)>Y$Pn##
z6?JSTHs<t!f75(F#QDoBZ$@~OG?t^dVPu>}_wQ`j4MK-5Uu3RRQry<K%@?FXr$AkM
zr8EPhRPycEu7ZO#pFK|?t3FmqeDkX3<PYfbm4f*Q7vNUGLd0YcmOM<Lm0<HBpE$T%
z6P7&n#zikb53jKpfhp4Lr9F0c;rL9jey8p!PX6m{vS?GS=WBsX_o!HY)M=|Ue=@WA
zlHC)x;`mORaDz&?RLtAnIBh~Aw`JlaIe+-+eZuZvPpJsu1i8&+{^<!3+dQvCkW%?H
zwVr^Xzy>Kjoe8P`Z2J)*6@xjsd}u<FfGMwdepFUMeT2iCSDjy?Y=nE083LCyIQbfi
z7_wz&T8^1wI0DPy&v@^1ti}vn($BzL7aU0`zz@wMB1?BpqMCEa3x?a3@Qm@TcBqYn
zSMSQ-q}zR6$5dIiShnYVY^B02^OW(!SaR)Jc69tR(GSuUreX}wxu1)-T4@$Urs?vy
zzlr8JU%1UyL!OiV(=o5T=(E-Cjas#u6E@HraXTM0GwyD0PPtTYSHp80k>Ot0(IQQj
zkFA%6Cw)aHcI`uHI1X=Cb}>Mzws?D`8j%tj>ZE?X<oQ&{m1=~mRv`&1`KFmMIoolV
zAf`4gqLP0lG~{;Lf0!kYQytBM`)wQujEsPTZZ;}f*;==sABNUCNEO3#mf`GPIhlc7
za-H2$hvVr1>AnbT#wA=)fxP~f5YxhT&gUJ=+?0o_2x|Ec@PWwqoZorD?UAN(d$@e|
z{kyX)edr3@gH76}*W5Rc3_sacC#NRn{Awx{5f(O2?GEyfVT4<a*9JLc(c^c{xrx^B
zExd_l1g4bRZ;79V^==&ZmNRG6<^u1?E`-@fuAA1OC4a^fPsQWH@g8=8xl7d%rdd`C
zNJ|eC{QdI=*BB4>D|JkRQ?-2&NU1W7(66I9XMd<Ii$8~x)FP9{?^+@?CCk@G!}IZv
zQ-qv5Ssd|?kG%3a4O4{LPSA7|CiVqp_66fQmMr(aF`WLko*0PoiQL(psL1I2X2+}Q
z*p{U)z8iS9ccz)&7A6tbE?%&Fyj6eNel~HoSTBTy;e9!#Aaj?7Psi0azqslLAL+m%
zLx=gLd<};fCmE(E?-}>5G(>x9Rc~Q{67m-7vrYW(7%3cDHZ<YH=m&p!Lg4DWss&m)
z@@9W*^^*eSPe02LnJRrL)$CA<osZCbqJK#JbN>DU7UQuMV>Tyo&i0gEETYw+=K2k~
zt&B_G`RI&Pon2nSa<$ZVMkz2wg|y=0<*s*LE>m7~E>rl<GLplgxE5rRS80FW73Ey1
z*AGt|_}~Q|f>A+GO%5n9#0*Z1OdowSs-*cO8li32u8+=8S>eKz_KBR77kp(&q_wFU
zw}d|I{FWz0uYh`GLOGkWBK3PorI&d*9v<Zzj|}tdo!7lB>Y|C%bh@^J{zfj`XJJUf
zDUq1C_;cyE&cVGi1kzDKEvgh-xp$Z;j(QMv!>JluS!4MA>ipfDlcY{bjOsBdcy(p?
zWXu(3_Svds72AQyRBghXCzg3n-t8bSHQ!hm4(RtCL1*)`&=-B}WTU#rJ7{sWL03i<
ze)KL=`i<{Nh$#!!2i9M0jy?FiL?o2OwH7vr+ySdxs)#waY5Ofz3l~KCw4Bqo2g)>P
zWKJM8CunkFl20m}@Y9_mzyB+*@ld>4Z57@M`S2kFPKuiymL6LyoW=W?U;n3ZP~M{z
z`k8m%Tcxsb7=M15sGcmF$I`kbT4}6(_5Eu6Qx<afM#-g~e)1|hrKm8wc{bjh;YQg}
zWfqgwPk5c#oohj135u_a-KnftqaE($F%MflBi`O*QR#?XUV{@_pX?j=*nLgYFD8mK
zEAlK(D$*suH|??hdLrDSR<EYx`z-wHrCLFt5lL}RV~8yBv@g){MGVK^td}w^7REuO
zYg)_s>G*Nc4YUn-9s|-+?dEZ&>!myAOh)c3|JW8rVWetCXSKLH7GAWzPW}wFBb|Qj
z>(((%>i{IV&YV78rc!v=!F3nn<Ads7^d&X%Dx)IVQEb^TW{c}dGyXuZ{m&g7pyguk
ziCS*eBS#~;%;Zc_Y6(;#ZOR-*X(}9G0Q?VSCXRZ07Q=#*!3&M#BhKeea<TI_SFn8#
zvk*}mhsuOxG;<x*dBcrWnyul56S5NQnaAvQmTyN0X#_I98|`)En0T<zt44l7jv3j%
zVBN6uWn>Bz{LNvJDwGx<mt3V|HCAi8h1&T$EwSzS=H4aUqb0i+@y;K2(=;pPmfhAk
zBl8EefB%rO9(NOg@2GyvuCSPpRXZLlcg?(~P7UU9J9V;f_)F&5jWC`*RYLPNK$mX7
zz_lp=VpkxN4?9|u9eXTLYI&WBI?s${XvAdlNsS|aEbV18FP&r=jIOV@<kan!iSC&<
z<iu7b^dr*0eC{W6TwF#9r=-Ta4k&4DF5r<KjXAKGFnB3xOgf24c4ZX|32-nTda7wX
z^iawUaEj|RM4dtJ-^|*a6B&L!izHTBPkYOl3f3ua<~VyS-+am2kY@qgY%D&*z3!p<
z^)CH!&SB{rb5Rae+DBJywGO3!E-@tUY_1Us2aNAO(ej%%bh%tWhWt@$cEasB4xWy`
zVg8+&2hf_{1*Q3p(?hF_%(9!>&$C~eqtxmq7Kh4s^sB<=Rf?GFx9;bXxH7ezczo@b
zry_om&)j=L_E2M1I#~5dquK3>#zJWg_nuKlT=QIxnRNRXGqn$>V^!iVUYe^)idwfq
zKijZYSpOfacjm$Wc{pfu=h8)|?(m+wr6fb*RzRv!BKeBufQOc3(cHqAYt=%wnLX*}
z81Mq|g)3<gc>`$YdS3xq!+XK+L5te`Hp4U@W-zB0F+7ky@V$mLi@tJ_`ryrmbJKfp
zzv(~DjiB@HfzsjH5zSI#b$~JEQsp|LHu>|+;yBWU6fLk_<W*0_U+LPe(5eghX?E0<
z$?TbXhY6pCB^0{&<vK~zIDfS6nAaMp@{g-9-KlY_uPNtbp<6)D*9C?N<`%dSWK&)%
zPEO0gQI>_HjO+=aBxWSL<Ae+XeIp>{WM*rnn9v52Q12-yKk!Nrt7*LsHg|GXAzoBv
z=zz{%C=Rwxe(g{5&YmDfWuV<`){cS)U(4q~pf&a51A}I<Q_8~RTud0BcBeuQ=o6hd
zSi1!Xqw_o5*Pf3)gE8}0&kemY5o}`^;IQD#C_$-31t&OVGfjjN9qg7ah{8I%`;&9S
z?TAOYLbH`LD6ROkuNpb_d1M=@Dy79*;_UHnztJ3=-on5PsPR(YvmxMOF7Zzh=0l5q
zFx0jz)Q~zXvDlI0$*~K9UMa?wKgRIe@$7D^;>sZVx^}|ibT>Ywrq5jkKs|Q~NN5J4
zc;LIH>q5(f^zEmtV_F7x4p$KyQT6L?<#lTd!x<AbHEa?1J0`b2-wX16^>gJK-f$gX
zUAI<g*b2<Mh-x4-UDQEjC0k*2vO)UphDd0%fO+!FQOE_Aa8dCJp3zX2eEuCV1&X^L
z?8)jJ-I8J)u^j1<Uw&`TW=TDz7I_=|rn;KX_VTY$GM}Jvr<&`7YFg_2L4)`5cs{)(
z-<be&XHy?8?J@IG8?@V}7dZ4HANkE-i;eqlnFYh5w|PVzYhI8AGyDmtxt9W>4&j1V
zG&<_gR8wB^{{0^sPq6>BU%+B(9obl!TvM?I4L-l=G5@*fE9K!^&hj`{wQhOX_7%N|
z<zOYO(G9Opl`nM4RTi{;Va>w)o~1(lx{D!IpNYMeagF+&193SCxM*&3k;F+y`BPDc
zB+0-<aqW1xi3yE~<$oR4ubD)#s+^ro{4}Nx`?I$RUGO`czxdK2=8vaIH5D~hK4g*p
z+A7sIP$6)hJk8{wspXID6=BYP_K^xFmu2A69%VFs-93r{!VQ6elmR5+S8tM{!x?jL
z3!VoL@4s4`qBVoRUPi{YI4U3g+EB6Qu6t+pipIl@T3}B!b2DABCF^q3k5&A*qa@^;
z?vJpiapra?XCB^P2IID9gtlCsmQmOleI4z&R~9hsJDy%KuU~N?2c$*z6k&w&W13sH
z{sMAZ7SPIDNlRxRH57(NZ|@JyJG-`ouK=G6NB|9z)o(1^hTj$ku3W9A-x5<3&lESX
z?2kMA|5J8CObyh)h$X6Pt#s}u=yUoA`rXW4(U{u5AoX-1G#&*;fB%Ge`vTpiA13G=
zo!V(`9huuDw8rSn@ez1^vSaJqShQsRo5+9`Fe9kGLDS<!%LI#H`0~hrqMlx|Tl<8e
z0}7}C&uhT<KDVH@=T(l4YSX$LRwHLoPUnkIY6*JBONtas{Ut#2h(#w_Dm3??n=UJO
zXcIh{@gO9umOMS|12*wCg+Q4gXhwdi<3c78#=JqE6Bt5~4h;Z6_w?jv&Yxayh$Y#i
zWP@S|G(KJy1Ni~|KRUTkosdEI0y5oU;>Izu`&aI{v|k5$dKZ#Y&=X!b_u$l}yl-)-
zv3PFbLGO2~O`rh&Bo37WpxJxg_Xd4KQo9$BaJAR{kSnN)FDC(7IEW>KE)%(kt3YWB
z%%i|S*LK_I+kudM<s+{QH#Z-30_dj~E@%=g@b>|u{r8U>p)gbl_#e&3zl4L4{RgC*
zuq_~bErs^=e@SA`JIi{)50QNAvnlhJ8;*eo)#HBUqPa1j^JMIudEGnjrmLMSXrN!K
zN1{VrF-L&^hQk<kp4Q6trF)kazyIyloNtW(<_$C?66wJg#!fzr|D9B{4phdNm~&QV
zU{2r{`jP-3)BZq&8v6^-9yiy6-WHfz2U=#}V>Ep(1jhmPU`@a+2@D%(;$N~61Wj*W
z2TgbAg#l$OM9e#}qvf&tztu=|vfe>gC1_RJHSGfRL1bUH1x99o_8eZN%PD)M593|U
zqTVKjv=1ljvkt)rWtE5Xr`(J-dDg`vL=2e*<`kE%r_5LrTVi{T8*(jG6#OmL&M$m{
zx@r{o_5kPr`K>bOXv_<kfop)_g^qSNU_-!r&q7*<a)fu3w;!e4_sU9|YN%|kgwa;S
zO66O(6g=VT`}X0y<8GpcbeG?DM?#7<dl~hQ`^94h1RxiNbDjYjuQKy4eDb?>2ke2S
zSZsVWWT`2Ag@}Dax0s&utKCO_FyIq%bIE)xZiCs_?pCOS4UPAVRi(Ph2Oy7ORQg@x
zHeL3t;ks#p^M>}>&WP8{c*=x(aVi%!PR&^Azfs&5++V@NU5RQ1R{=oOioy7|DBnyL
zU7|ekR+eOSvE&HH(w3bsEp0#rJVb;RW?L7*&13jP!u3^d*oLLydg}sWZoB@d-76ia
zYVXZL!PlJfKgW2&V?Rmt(l1647L!yVx`P$Pt~Yy)P3m+#pZmjS(t<O05mO|lbweXC
zI3_mkYYV$ugq63cg3VO&tVDyA3bISbiC9(?b}w1nNpx0&Y`kVV+<%DwH4}wsC~)g4
zxRD3^eZfYfFrh5Y!RBjxz_4DN%np9q5+?M>mKc`neP{MX9zV75y3gtzblpOZcN;+@
zBct=rO^wTx#h0J8bk?5<<<B};Y&P$L>OZnv=xn84)75>;>y7lg`fWldzyBE!E+}3R
zJ#AouwltOntg?STIiqJmM2VFe#ub$GW`_$8%MX(K=4D^Y<+C2)diybLRS)*yD)H{q
zKrOmte2gvv^mnn%(=I;#y&omKm!CC3?nMw&^LSaJelPvFuomnGHP<6R;-D%cL%yTH
zFeQY4|9Mqi=W>z$KvDGo-p9|S1<mD1@!z6Kqk?CZ*}!q-3Lf{(X$8*(dh$gu$ra{<
z!#!}_tV5x0G^9>>ey-HuuY_1oH~F*EHsIWn!x=8-*x#YtZR_7(Zp>VUC>2<3kxAId
z1lIyB*Wj3Tp1~WhS3)9`e*m4C`+qe@LFDl(`wRJ>2-P9PN+XKvcbGp#+Gl$zcPNjs
zj)kJ_cVz9nJA2&5CDqRkKT$;ffMzkT{FSUsK%%QlNh;HEZwtV*XX9~dltD4A^Xn4}
zjs5!cEg(vGRyu?{N`u1MUxCbjb}(pZ#PSg9UI7yU(8%HAK&--B^@<Oik*qp(t8s%G
z=M6gG-x@@jC|-Hxd`#dQ3sh44jba&YVB^q0Z&S}Q#K-5V>`C&D`=rMADAx7Mw5^}(
z<0`HMERO*o`<GQNu!ka_0^AGC{h_m)q4TM8&~048LwY813YfOFJ^Nv#?pcTGHAXH>
zzCAGDW%nC2uspizv7I{cEJ`W9fswAho65?#{pRKcBLW<%WdV3|y5D5L9j$;}Vq;#V
zeJ}yC8Dz6^E{>7DBIB0-DBZU-t>BrHf?eMXI{SnubLB>Y?>51zQ}(2ViM_8h#(!s=
zbFbcias=r2T*HaA$G?J)`kONgd;uQt|4ZkB3t-PL7(DOPTIT@~-6!iS@_v>sQbVdP
zP#Pt=bhGJv|CIfY^a!Hu)(cv2WBI1>poI{0jkGs3e{!+EKtKtk*u&78jJn(K`}|@z
zbH*tgrfOi5A`T|hE>*G5w$hv|EeJPSegCiLhOSR;Qf~o+c}Y5Lg{6-G4%mR)KB4c%
zgv@Z(iRMF(z23PAF0(Zo6h4>g5%p9jT_W)V7(_%+8VgKoY~HJcM%TB=;Y30*7{=%7
zsGp3`X3(@E?5wbxlWHZwS}yi`h5!4}gWJ-goFDGio!%<2hhPEg>Ez5X6K=izOp7NU
zq6VC7@Zt<b3%pz_uy+MUZYURVk~l>j2_0wy4{dsIce7DpSs2DxI9099)Vnoc`ukB%
zg&Ii=&MUYB3&hntt;58Za^~(p(MNN_uv*eXMD(+*^P5vp+B>?RDxTXh0A4|eC}Tz_
z-zo^>Y$E#H#-zewNkOuq1ssqPpsP9;lD$vtTgJt_cMinLliY!u=kWpUZ$)_l$F<?s
zGc4^&J25r4NQv3$pmIfS?is$RbmUOx&U7qKN+6ir;8WW)I&rvF8IH?=7mujkb$!w7
z-vgp)Dv;UD6BC0C!n+Xv5Lw;$?fMh`-aBZbLP|g405B@#O=whTc7Rklilb-8(NCf3
zmWtZmTo|7HL}V}0Ey<VSIV5Y$N%aIIt;gV90p(eez3vn4!ApL|eaY%Y9Q5O);67#q
z)vQ&TZruB0+`CN1lKg7+N|76O8ZWa|)OxDJ-8z+G?mt%7r|mf3h0NDpT&6a37u)%K
zn;u-ORCY}I><JB|i(3FQMM0&JOpDt6G3-UxZq=HlnretS66N)SF{N-A0@p^t5YfRc
zEuPkuBE(L`7+-ns?bDi-n|F0KoxDR5cK|>*e_9C6U2NHZCfiRanaOy2oqclSeV-zC
zkbyZE$-J)+XxXI?MWdO>*bF<gC=GJ#GoPBKe9*FyQm)6y0|1>Z@1U#2-Y{c3k;<`<
z+)M~z0~avYNx0>x4LqdO_o&4voC`mGx2~iPXN*!US!@Yp;&D87AVzPhu9V@65xvo`
zS#q|y-$N_vs1)hG-Z(xs{^H_~VstsYNT3>cpFY+z=q>LJ7wHVXwMrJSY!8X2!FKuZ
zM|W$sMi;9NuSQ(w$y-)N#p+MCL$Sm*$wF@U=;h;gwNqnCV+<Y9V@#imgmB0S%Q*(Z
zRd7a}K3@aDg?TZ-$#i^#sKbp5v28`X$=G2XrGNk7bVI?!)7yj;lrR1~I~LURU47F*
zqQvOs*zp4vdOMOn4xwj$`>W&cf3=h^mloI`y9r@lKXp`;w|AWmiE(&fLWPRHRm$1%
z1L;SUBdja&9Pp<=e~9RQV4*#4mM~h@ly{hd#jlgW@PF8P>wu`bFI*T!L_t9sl@O3l
z6{JC0x@PDSRAc~=mR1m@m6YxnhDL@?rBlSAOS;n`q`p04yuW+D`>zh?oW1tmtJm{*
zQg8;EESEgJD%CFJljNPCG^6<aO=0n%aSJ+AtV{QJt*@Np{jV=NG3UV&>TE%~_m?+-
zzbeP@C+3_5tVlB>oRPg$v)<cJYHq)kQx4T*ZtN|c?<*bwMTQCCvy~CDr^zWEvfAmK
zMJ%2@k>IlUdUfz^=so1BYvs>t*KfbPr?)w>=bs(%5s|hMV*mJ)MgN;)&G(5VQ$`5{
zBG+sB?*P)@j~DTW<8s}pxr1ihcTSUM*149QMAfcdzFv4w#46`<PJnNfHy&I4ZMFS!
zF*>W%;x%C_Atb3s>1Y;5dS*hf*Zd?$E|;Js<dNEQ(0Vg0jcI5E-@j=}(x<q&*x2a!
z+~{u7cmI1lttjX{p2qs6>eO7GMi$e8P+0rNJ%T6E5us?=wsJ-x{Nc$_3Y^A(mtZ^$
zRJ4W8G8SY$qa|GDt4bIb4t2(v)j!8Wyh^s36GYj4RL~?W<k_9Hn@Uj>TII;)C73pw
zeDIEFHp=A$TAKvpIsfwpo?mSS1U8v!<R?GJ5;fmnRcT9MZ!c==q1(<hM*E`pq_Dio
zFe;?v5|kq84o9pw-BZQPWVTjSY81N<U1<QFJbQ*no_xg{S9%Gy|DpmbZBtR*r%LIg
zANwl3R|(>a#_g?KV~b56+1nTJe52?L?c{V|uDYp=oHygukTs!!SiGKiQ*(ij8cV36
zBd0xXvt#%X9+rETY}b?1Z4m95H^jHrM^@Bc)vLwa|K`g3Ld5N_-??o#Z~aPKA2;84
z#FIz;WF##1*#y7nHGxGI*`GRSS!4lQ_en@E1e%Mxp@LjwGVy+tlUqHJIl|eJ*WW0x
z=*2v4juKDHOzh<@EN3ZygLNPcJ1}E*0DdI9hioWhm+z`3?ZJ+n6JC$*^O5>F4{?(4
z>PikPL){V2i2{x1Cj1wm{*3V^hyo5h`3t&W85cCY)auW6=qU($XO8g`Ecw#n3Mzjw
zarBicHH-0zW!w<uyw1{KPLr)G3Uy?zh`KpYx}y87JfL*<jXCtbIf62ycU(sG$UgL0
zXzq<3+c-An3}+1l>yVid$BU%?IQRg(a=##?*3NP2G5n#E*<?KdL>)DzQWm=({lQc`
zzj{&dVee9d=2gP@;ai3h9gbH=Rl`yaHLzVD;X9`Svxz^wiLfxm*4I4o&?~YZyFCS<
zcTKBim1uPJkMgXGdCHWYs!v<HDBd=Dl>b52sQ4qyTIz)W<*=&W*ThK7EUexO$_$}l
zF~x-{L2&3wuLQe^UOCFs7Xh5XP^$A4@FA|P5HSwJABe|gYUrwWFy<SuQ2QE}Afuc>
zt*XiZDL2^`(J%U%>cjnU2*mJ@N3j9K<Ywxqb(S6zyebc9@Fe#ge$k8yXhzS5?PYLL
zcz<7(Z@nGEedkQ?&Ju8l7M7yq_<0&p>1hUx)W**fsGKS6<bx2>X*18=N6HuQ6#R?3
zic?=VQMWWLT)w~HLjulGyj4OZ>=UU!`;berhq$Efr|S4F)KduG${hm7{ix`?&=~}b
zHr=3%sMEsUwsgMRL*^9jIQTJgrb;c1kuKcN_-iyIDewk)ZtpN)@le#ndp!4^A#Y+S
z(6Ay&0bw?_QC{<Xw2m9lKp0*E`G?V3A4O5tx)fY&o63y~rtDq}R6Tk5pVsz~4b`dD
z7sp;R&UPmCqYR>&Z3L!8C}_NgiUz-IOvZ2oqFymF>GcM5*fyy($(Z+c{BaO$b~6^l
zQ*QQ^rDv*dcN?X}-TR0f_*7Oz{u);{`K5&esGhu`*O#(J5(N8xT2XHw!kcdmAg4i<
zx6WC=djVy>lTkg>e!nWpBE;inP5aP|q3cP2QC($irPeNkmHA}Oadh3@-#wITr1$RL
zk=ApEKDn^In(E5rkUn&?+T{J;Ee6pxZu@4cPRD!z&53FLM0r$r`Gki0z)!_=dKR|g
ztYXCLER|&ZK%Hmu^N@F2GqYsOr9J#!TT*8Nlz#0ef3@vwBCfF*T$Kxi0_4HC*WH}Y
z*WeNd3bP((4u)mKInu(E$k2m9{M1yN<6Z@zdjIb}8g*1~fu=>A8eGs>i=kWKp-gPK
zO<e9AuyVZ2+9(X#ybJd?mOa<@e{LVXJo+h0HU4_ZAKOSE5Bx|>Czfwh>|9ehk!DhZ
z{Dl{4puK!`xbE0rqU6Dd+5^ZUFP%=${K+&=-0^$T(~D0uY6)FOx5Qo^2A*-o0hAp1
zP7q~+No9R5oFxibfh!j=P8jGuHN34Wz5Q*?bm|l03K%;;`Dl`=o6FJCqZH+Wv)9GV
z#)3v&phhlhB51K7yF@I#A0`cgeVk~Y7ZMY+V)8H;^bqbpd0H&n5%6)6DN9oeJ|JwO
z1Hj5rA5iJ<tdRLeN1t96y7;?4^FeYZ+DycK8Q69Jj%Ii%2!FDu!K^XE9X@I?kjsjZ
zHs}{L;Jzd`9*sOmloOZAx=m}xLCd*4@^g&o^9VVrKTZjy;LrHI=u$&SB6(qxDtuJ`
zK#@Kjy`?)#ieTNOsfhi;QDWS&g8^-@8n`Q1a1jWS>xDy7BtR9VBJ9P?JY4C+`fIk#
zgw>WL)NfI#QJMbcb2^Wq*9pekiAoUepLP5T#e9vcQ27)^Vx`89bZTRejJmPV!t)&K
z+~n7rKC4y=XJlTsr2BYTlRMFRjRXc7lZr`_g>?G>5fJuuWZqhNqJPq46TTaYYzAaX
zB5yAw<@S?}Nq_HEp-j0e9Yug*V&Gs}opXEhxTi_ePji1f4lhWz2pSWhSvE6Do~rvJ
zn~I;|JK22o!%J4o6*>?s(=H}QLCwzXH~<5haa`n=EGGQ?D!h0>bApzr+$uxPXYl5t
zlu{!stxd!=W;+N*i>s4tFE%`=$skjtf9E0~EW2^Hl#+0#F_h;TY9-kN?u&Yjs25g-
zM{z=8#WjlqkFNQeK2mx+rAC%+U^{P|#;032v^E8hM@c})5fyXzL_i21r}cA;<d>&M
zn89yg*{L(&d$3{7A=^~;i?teIE$%HHonF18b*}N%=1(#&)b{n6F8Yd_MVljN;f$&|
z?(=4vM)!hNJI;!YH4YmAJjK}7;nGPiZiaK4d*4{0OMTGMi%t<?cp`(oXwb^D@3PyC
z=q0ENxecR_#D{dWk<mf3tCl?7)9=$0Pja5QIQU@_X>4YhKV7oX-b5kx>@gjVQy-q4
z?*Rb$RwmLoIKKTL&$U~=z|XB-Vfl3TbM<WzKEvvYq6v?jHcqv*-QA%oGvemtvf*Ob
z4tjKb1$9n3T2{T3n`wnubT!4s?oC*OaTz=1acyv)#P!K{(sT{_<+M6KaK_w4KT}pg
zyk{T713jrL<?zSKO_N`)`V+`A2VEA`r8xLnsvWL6zc#C?I#(J5`Bo07wRaTMOHJ7(
z#qEO&WG01ZsrE1%s%(@)b?=;J!Ls7L@RByi$eh|I_WG*v%wCkqCcDktI?s%^q0EcT
zv<ZUOkQ9#lpczL=#pwQE=;+F~3fjlmkvmU7W&sK(Er;|1n^`OI*+jf1assw14#j4B
z8pW*gvtcc0>7tV19_<uyH~oB;bPf+$N1~$hA!5lfj_QvW3H7<Mm47LoOKqq2rnC8e
zZQ>bie6G7Fr>nF}b!tf)#f|yV-1v#BL+oScs_cG{Yw`^h#V2??p!+c$a=w-r7kLvE
zL^CbH$^LkleZ2Y#a(*Gipu6KWaDRu8ZSs0w>xTQ7CqiFRg}Bs5u+U4UzZ|H#^(A@a
zkrt73L)S`(joZ$)=g$3<m>z}F7q#uQ0Zbge(RrB(0pp%FgrchU0@>`$%JMhDUi7dW
z2?F#Q;O{K1yHVG`2W!bbMK1`c%Osz(=rknwxbFRE>o#0sj<AuSfU`c{r7uvF5;ylE
z)VY#ky_;HYvTs%1Sp1V+O~-J<#Zr3=Fh1}P7A1%IEtZTZO#=4<SSuo4M(7z<%<#CK
zqjij5JRVm(^kOG*ThWf?aINLk)KQ7($u>M<f1fjBGzc$vrptDVBgCw(`ev!I&lT3U
z*U<d$DB;O4qjHM11EVTm+FN~!U#$dfI47%if3c`v7~2%TCVx#_us<#Ye?H!?_Flp{
zB@W%@4{|^Ge%XD0{WQZ56M)TZ9EOGoo@bG1`$7urR+g7|$$6kss}JU_w+^?_mDS&P
z8>tp*pIzfL(nYL#Z9@FC4Bf8Vv#glV-LiSZZEDvPC3M!5ttcP)cF8#X<)Cd+7Uye7
zKS$l?;;HB{O5q`Wx1FdT{ZLR3=U{s8QRt2c9tunqLqncqq^&41j3MQajGg6sowDLk
zf6e=@*@}h2dxy349RU+Oj3xrj$^5}L1vn-{I#l@;){Vkzs2=sxlhwF0*&N>XdAeV#
zd++9W+*c}WKO1I(?O|@w0O!Dw@D^sU=*9(OBLVBhuAK0Jk9xc$$1obRpjC4J!-(mu
zSM7LtT@CiHl$K$%y6yk~s9)}hPSfQP0Mc!F>RGp6sp9CgqDZ8p0$CM#()?iO+8ZY5
zxbnL-qX%@xEV{}2>h|JpQqXS`WRn(E0V}R#Bb%DB;~g{ZrQTrpsXXcaxofD!xnRkI
zmzY+5pW>Fe;;_g&97PK}s+S5ry-SKWL|Dn*AsWa_Lg+s#4|SL?TNfSxzAi$tPp&nI
zD^T0P7WS}%joL9a;M_$b?K8)Hb6I9K21|i5mG4YU`(i<GRyXha1j#7l7d;#s?QUL?
zBr=q4v4yM=!g&+|Q3;pQx%+955uFrO`TND6)6e8-+eIInff?0D5l)`Xz*NaAc_o>|
zP4>OU`t~wuU2`2zs?uV-0?{DY%Bt3DMQh0$H84#MSrp+I-Pge-i3}wCRBF>6$K)7H
z)JxkHD$k0_D>g1zZ`^*ajAj#x7t)XDzBnH{epu}98ZTb8NI^ta_$lzbdFJaGi_r8i
zIelG<tI#f{CsmRT)s^qAp}UAO^cy<m8zCdu+}LrZj;nl$`<{NvA`p@OE$G}~=RmN@
zm*R$aMTf#p#9OhP%fNqLP#G3s@0bnb3AnC~lJD7N;oncY{VgCK6$E=02hTz9jrJtn
z>2<KJS{Pp3{YClKs$K!nd9FwP9>;vWKyJK--dgAq45|Fvg}&PH|C`7H`30@fB2Lb)
zN5aLqS+P7Zj69*GUV%NUIBCI8jL`G%SDzaxc%3V6s2=Rp(Nj!}Sk*0@T}1LQvh2$?
z<C)Bb1;V*A%v|+~0D{Yb@qJ=hh_k%Crd)ZtgaX-hRHSQoJ1$9;-QArB4mDMfp9Q0G
zPfbn`tgr+Q!_zAX>x&q|BR#&$V(%biHr+O={LU|{uiZ%z<kZwtu_j>=`!W}({4zcW
zb}u<fX(q~OP&Ng9!}c<Cj7C}DT<2b9{Lyuw5a!&;$*$&-zMs&}>*~~bKo=Gfe)A+{
zNDzN)SqZ^2-!4Wl5)LVHn5WS6%O!YQkUarSW9(mF(z4#iaiIa2s0lHv`!E%GNU*0>
z)DLAF=g_EoJl*!H(C5u#d+7?g=76X3K7N(=n0HS>-+4m&*F}R5`tP`=envhq-%it|
z(6ohd3Vy_AEaf&|%kH$zLf({yvMUSa!mx=afC^ERJQi>&J7pdchlln!`0T9qUUOXR
zja6~a`}n@d2P*7<{<E9)dLK9QOh@iF$CuMMB-$D(I?~ZEt0{RVMHZVw9vekpIW+E+
zCHoQ5D{8eC!s#DQ>+t{`^>skR@ZD1f@v3`nw@Qi_wW{`pU-ZCMyX)noerUNZ%4YPF
z>B8f8AKcwN?oT(UV0C40s|bT6y0IH^8hYpa!VZ%bD}x-^XcVgPFfIbVCpSuEbG^Ru
zX->QDN#zoO>1Ti5>iYbZ^n{|C0tniJ<d(Yis&rMMHg{*a_FR}8KIOFc3Mva?ghKQ#
z0YD@83M7}hbm?2VxfopM`}3c-FKYGYH#Oa%6wR=6x79(Wo<2a%_p4r%MGL!OAW56_
zRd&n<zL%Jh8pgFaGCgnwZul&KgTcC9nBfGBA6q@Ud*zpOUYt3zF{^pBcE{+4$CM5(
zPfIDGFL=h3pbf#ndKS4=*ZPQD=2b;SeA2rjCzIb<mj~(8s8vgQq<e?g+$Q(ThU=(=
zC^rR_Oaz@Dx2#AQBQQ8|fL(H{?XN&^9D+G8@+u*-%;HpG)+x_rW#Dyzk+|khu8KH`
z#K1A5!Z>FjnT!oX{8A|*DEV8{yV#anB6Y<Wh~`812wQFuR%ygmdG{NAfT9T%n>ieG
z%03{iogNrRNbZ|54(MmUOlfY(V4&y=M?FaAZsQ!D6%f7)Z#AjCEJ#9b_r-36_pzX>
znWO7`z1x0#fK`FyMYi;oz>@i?D{t7rSaZPBgyXndjersoJBb9!jt{{wsd$X=5Uk+#
zXxSYcm5|?F_{{Ix@0FGq$<Q54Lo^t?{GCHwobQZ0i_d#JIE;e{O8Yv@By-VuK0g=F
zHh9lQDl62F8@kLu0=xX!m5c<1Ny=wmO|Qm3Zkc^G_Puz%EZL~RYin|L(Hlxy{DDCZ
zSsp>n$`s#mj^#^CimM7C0NvRK7|u)}6fAaxuzs8?iyAXLa-~0+OlZL)bi=gEBA)`F
z*W&Yk${Cvyo*Ma}^pDNJUVJ4$LKy#H;53^j-F*yHqZ+{k&?CabmLcL`<h2WUSn>az
z`~Zb<>*z#z2yY93SEaD-QF#Dqz!11&`a7_P`gf!#+eWO7QEvyo1RHy|yB1GZmDJi;
zN(yim>rVtXI=na4eRg{{Q<kbROdMg`4JKzRk;F8|i#{hGNsbdzB+4)4`^prG9{iZ9
z=dHPZyn#05yx!y@U;OzoyxrG~H5!VSR~gX@tuXWx=pHmf>&q{Is!kB{>35$^Mo{<A
z1oPFu6aJnK{!yXa7dS2yq`UL6+(J|_<MD~{davQOj4B<R?|P02r~u2#c~qafEiu4m
z5)q<a67EpeJgGh?3|BAYDj-3r-bN(U%wx^#VD|-CfqTN(q<>pkaYF500WbOQ$mMTk
zB=p>w7&_Zq1q@J+)<BAwCpeV@Ve5u?30B7@298n|R-y2XOOm-L+P`Dqb4fKt6#t$<
zU+Y<*XE6<k-yW5-c(G-(B4%?M1bGm=eZ>VOHjCaSF>X`sXdiYN|Fag6T`aqaHJH`G
z;RKN<m?+1z0%0z$ySXDzdbQ|{F!D`MX|IriSQ^1@2<D|Rfpe5hZ&6MHM6rpPOgsN7
z?ImWc|Ihf$@8jwZ&|Z~K4=?7LtVh|F-YqNbd^6zC1^Ws|B$C^YY2O`A&VN@>x2~JC
zBdhh;U;i+J^vJlJ@%h;T<rnsJyA4M=E4Gd`C(jFuIAe%o70o2kYoJ?h=L6^WYUMyS
z_$VmwuTfPkPAW4qg|CK?;O#1fhH?A6?b*Y0SF{-11Enjy*I{S1)$Fb4Gq10p?g6Us
zE50bmpqbL!_Oi)x?uO`Ox%heDiqhcW<^i4(<_ziUX=3xb;tY%VGhjB8sjH_-`lyc_
z1!Fe<F22tvYW)7B-2an9Y>3#ka8Z_V!7;aI1#{CZorqBa^Gl4b>g7uFnsasJa*qke
zUR(S$_;!^)rsd0ZLb9V9?bTM3x!B&V!T7jW@C7qm>SS)o%~(n>U`D_6r({ESKt*-C
zLOS*`dkKftRh_^GBb1SQhVPL|Mfq}hN)Gz|{##^-93>_GPQCFlo$s<vje0WGXDs|L
zqA9*m!P>npA*RKu;V<ZjdcE4&@>U!<G5NO=Nym`(q$^?{+_<YRHmF*>!&7xVP%Lo#
zjHwBM*b1AELl)}Am89TCt3b5~5Yneyw?1{2J|t{mHg?sz<pyzsgI?$tj{_cLJnoQa
z@hy)CL-4uQQ$!b(<+YKDlb4VsQfx<G2sII|x^)1K91X8nSx92ZKs-dWtrsCTGMR!p
zG7M$g(vwBmwzW~W5fR33lm)F|fh+$zb#sfRrw@N;Hov8F>SXLYnoZ&c4aqWBFLZpr
zX3PSKk<+DwOFMU386y295_6W`eC9f@`s_1-@TZkkHU#HugTO~5K~AsLh{$O|dkHrf
z5xCKai=2Ic@g64ghV!XOaH+8+GT1;NO7q3{&1pCB>r7&|pR&gj%Pq1ZtM6^85aG=H
zu0{QCO6*B^p<WPhIbTb*NB!(f??RO3X3SYZ0|$+x;l0vo@;V^|g%>h&KR>R3Nebo+
z6=yIA+|ZB9e@!u~!yofvfx(pog<x>;=eT?s(SE6yRM0h*V!j&v01ZjLRRL!)FeEP(
z|F*D{{*Y7it3}FCX!zf92Y`H22DNOfPY-puTAF2%mzJM!T&B`<GjPuhusI49mqv8c
zDGU6_yi5z1kbR|DdZFi1+D&hY@OvVgZyCAB#QT_{ZF4RyFO?`T(-|M&E)w9!UZRYK
z6N$EG1dG!galrQi+r{mf_dw4Aqwea=9=`A`j&Mz*99hXWLeo0KAkeVzv_$R4>eR&b
zgJo)*TYqK_F`mYEkhB0^xhSK5j6gz!e(LA*w-pStB(4w>#+UG&)9k^Vt3L*!;rIto
zr(lc;tNh0fSF-^!d~;$=(bu`1kcd~RUwlELY_V0dWDvl@<LChF48wN6kD?R$n5ak!
z!mD~(&kw*AL$*G|Zj?!!9R1eLSQGR=l^0I{B5lTVtcDi;0lJ>P>|(;G|3eYsh~l&A
zx&r-6%y9&G01fg5KrZ1AV947UK+MPWKh+Lwffv-dFJrVTt<B`II)3=~J@8BeLxmlr
zo!1YbXyvpLW_$p<sjSwo<EE}5#^uEzO!n#BA~4rE+!3dNHvayLpk)RT@$eh7t&`%|
z?V8N-0%nm8(JWin>baqNnDqhczwStf<F24vX)cBDy*tp>BH}NK0y~f4>BAID1#t2&
z%R0MyA5GVRQHzWSYT)bQ;H;5fBEXhqMZJ|T;Ka-u(~&w#y!`bSGX3EXAIvncDUjKd
zXPpM#Ie(c^GC@V!g-ES%<2S#SA2?p&074SeB~(4YfxvM8nHK;qEzBD*ITv7xrZAOo
zkU+bJQr-r}lWLV5%kqIGTESFZ>vzX>0f>0rZ{A%!0Ji=IxBVeFIXI$ifa;JFq+9?k
zz<!?kAhGfy_}4$n!#Wu+976H_dm(6yO7e?bO~fL0Tlav^#WBkP?h-~)UaL!F7|;zV
zh-(gdc?vs<CIGey=T#C&Fa8l$;BQ(`{Vl8%{a&ZO3jaI==!6!&{YowE^E%7;Z542a
z*)dK9I7Xsv*kosu(r=Mq<^JcxxLaz5e2nw8>oM%4|NAk2D)$rES*(+`_e$n3z>{!_
zwg31*-usVEd_r)(5@Kq*XFqQKAMXS+=4Y4|4X~2KdEy35uB8XsgWmsc0FDcolKs=S
z08-TkAP_%L<OZHd6GjYw-wZHGK_`Ug?@RONPh<redz(6t<PC?*v*t;k)nNb@7ejJ`
zy?EI63#{-`06WOvEdo+K>75wD4B|Rq`abb2x5w}|PgWw)yd)UL1wE{8#t{WwS@Hy?
zfYD+YBeFjW#h#@N;J<;r)df<*(A{92!~gw%aMm!l7DGnz|N6hb+w|Mlz_hafU!#DS
z!vj+d7>ozY#c5Q-Y$EVPeqpTxIEr)_&!(94I1?}&VJQOs95rnFq!j*S-RY`%(oPG#
zXYK#-{l6;)E4`SbxGL!lA@%$3@ch~Fq(}_e+rRhz{;I!?m;~wW?30Hl27}(1G~)mD
zqj*d9bNPWOUZ=~LwpuJ>683hLqD;^B_5gMYJoE8`mzWX$QAR8O)Z(pLFn$h-1p*OZ
zR3w}et6eYvEw@d<*e9m@<u;Q26tm#l&;(iU+shGx)tR=L#=c<~s|i@8^8fFX-*|ru
zc)L7<?0?0g(TF)MI9#C6fk7F@B!4m2X<_I04ike=920E(JJ)}HZv!Sy0AUULHFE6r
zzzIG8y=p<uzsFnt>IRJV0Y7_H^>?LUhcHmIv4A!Myo~SfA3IukX^dc-ak1JR98?el
zkc0Er=<xTtfu0Z`e4OHdw!RaDUJjNP@Skk|KDG<&*$_DjNECb9|NadP2Kn>f9r*ib
z#{b7A{e2K2mc4_I`riWnZ*l&8bin@UPeGuJu@roI_<w&t4}u!Zt@`^eBdlWf+L2OB
z#5QsK-vZ*stPR{B-}9J?6^<DR@S06Z)UfEv|F-bYJNc-7Yu5jyhuJ@zD;NL%F%Kzf
z^Vpl)+U<{`|8Iw@35R@KdCNfqE?f*mWLv>S^z#1<)edMDez1)RyFOzevt}{Y$_?Ch
z^3<U%Hr+en$0Lg=I<HnP_W`6@2xoYv^5{}T`LeU3zM&f34Lf-G#IhFE-wh3Zc|2YO
zP6M`nSrAteyn^A4e=*rKEcNGWy5}p1Cjk>>6E(nU4<*8(CY_QTchEQ$ZO7`_q<^9i
z#x(bv7sP1>gM$R{{Y4+{3)21*zbTL@kke_G4+NNM*l%=bOsAjb5>ysV1cI#&%<YW@
z8;ZPJ@<v2V%yUJt(70wHzexz-7}Wq^Yc8u-f#7%RpuH~=v{&QsebmwHNm}7)CS94H
zZZr^~Hh}<CbNzJ$EAv%8P5Ct4DK9;r6MU9FtRDIALrFGImhFO^34k-;uLMyZ6saNs
zy^TyE(!ce%Z_<yZE@Me$x&Pe`kk}n)71OlEa6$1JRo=1yApZcE$9n{zfde!s$5;$z
zt6C61>&2jSsST02HWZ`){;iqJj&y_YQox@J^}B-18h<MI#yq`h?frCP!7B98p6ou(
z+sEXBuNBgc(@d)ymj52hs^h&T5A4~%w5VeRhVgAii<hqE+a!4ZICCo>L~_K0MRR9y
z)EqX9XqE49YL#~pbWJFIy)TD8pN@!-XqnLHVNTLWQf-($hkXeNN)%KzS%@*`R{1&-
z9>)CLT+<8S#e)?X1LC!+9m{YV1}`V4%vgQzDpoGMnu?0W%u<`K;!DI(8h$xsP-VVc
zWl;OxZnyLmPAmHjn7<8`ZpD+DJc7ve!WF0s<fdT7xwntV-6=Hd{DA4)!RRN-e!y^u
z<+w4pr%j5AK&oBbGrUbWA}vqZ5tDtF>xs;VU?U?^-SXywXj}AzT|YTW6I$4&|5=}d
z!gTSz!~M;NHTkQ#z*shhNEg*(!fH;ElzcpiPrZImNi|7nx7uJm>hsgbG?Ke%=Kt+7
z4=7i6g3)+?xl)Q!s!E0@w7ey-AGW9!(GIO?6B%XDr5B+m1v%m=126DC@`^NK%N?TD
z{W+reDwL1lw;7GzQj8DmNMnj=c0+9E8j#Yqli}I?Q+Y<$P@Imyhq<3`aL<I(Qh+n@
ziRjd)pt0T__nlF}=j?_Tb;0{N=UkyHKNNq+MqPCPyPbw+*(&cx9QW})Gxjr4c6aNY
z!jHuV-3VA=VZ55V$)|PX^*<6ze0yLz?Y;X^$1QelGv%MITz=}d_AzPm;k%1r1osXN
zlXMzNp2yr%It+7i`XZR(Z_YJ3AL6s917H@*Lyn#8pNtUmQ5Oilt_aPNMfNJCWJ(YC
z(m%RIQ<T||KJ$3`-e~!3-euX{Z!<+@m&Sse*eP_8JMB6d+ioc#LffBA#a&;d{+b`6
zA!X8P8f3S2cRC~b@2X!z8B-rv!?&+)MVQ>w88zs%X6K?Ppp5>`QS}(tCQ8%u#N#!*
zxBYs`qbK<Wc?b98oKG9OmW*6<zLKK|HQH!&*exGbZFDeLXc`|v`*>7tfj}Mvt~jsc
zjzPmQ#cC9Wdk5oXt!y0p!8CketvX&ik5^2>!h-NJF-;Utl#HOPV|W!kZ{)#c6dED@
z_AEmdHn@XQw0x4T#!5TuF<W23^~783i~e(6MpL@$N(OxIGIh1y-iR)^@wmpy)lgCQ
zX2ldMh*ExE2_8%$4dWnU{D_S(J4-jK8W50sI%~JnrE0zk1Nxyt>#_luOWek@x=u0>
z^;PwKgmkNKe#jRNP1_nolm14mQ|Zz5Vbh6l7yTja62kOfO<nV<Vq|}fivtD-{kIFF
zygkz<p^?wMfc1e$qf-S=?Sg}IToFv{HCk1l>3nj>wv`C3>ptx>3J^u9weDB=A&6Q1
z`$$psgtV@iC(Mq)u#wYZb-1p*p`oI{kGYNC9e<V>-wI>7^_q($4pa4VFs-s!rM%)w
zKX`N%=K<HjFIQ%Smv!~$2qbuuJ4&dv{0jT<*9s{fYlMVQw+kxqlQcxPo%b>S8ABG5
zmD%pw7TWIj?qJ*l&fVam-QXS^nE`jQmt)URx(drACvkbpX}<s}T!U7Xv^&&YPc2vH
zOuIE-Lw{+(XB^NrO7l=dyj~RBTFS8#T2!QSv7*EU8RWPdY6^7GO0pv>rVrno41i?S
zKfQi(^6?C=XZ`ehdVG-&XkcLLtuc<J@f<t;wx(P8234QP?6D72!W`BklCG}S%K@Ke
z42(JUr`V>Affm7UoSyg|f``B!@(k+#b(mssH77uX0y;xxYFAHhEp201g)n?T4eE=$
zg<s77nnp)VG!PG5SHLC?d|i2N1jdyEuC+}6$@Q+AZ`8+KK5X=5Dg5)ZGAMtiqH*}h
zGb%5Kz$c~tN2AOA9vorEcCuohrZ0&7SW%XDwErv`@EEM0=n2{pWB5MqA4yF_B>VaB
zKP+Ot%Ji6gaY8xemsyFK<==&O<7w924OpT0@GCkSU9=ehCT)xW#d&W;9f$X|5(M|M
zun?EGD%C|9yX_x89(~+jQW4rT6UCw|iV*%iltyZFkiic~0DnZtwW0ff!=MvpXQw^`
z!%)M2uvar)H~fmRz01P45Q3ipp89cpFkmOZf;@9)9~E&nJzhFpQu_Ne2cY&<9~yx{
zo~+xaGrW%tt*<gUk)XcJ-uw<MrPo9*9iHb*x!=DN_2<5mgKzLp@i}AyAfhj}XIh%d
zDAV0vmVH4}9;HlrxMe8V=iK-on}YRu>pV_|nC}Pysn_Kv0Ki&i;k~`ROu?V-z@n{K
z83I{+Fl`01O2=MS?^^b=vb5&9D||v5NRsg8fDtb+^XCZXPSW0aI-|g!f}UsOF#JZV
z@xl{ncp@n##&z9RZ^@<K;6~}i4X=5|QIFmoTDy4>t6DoIJwICtRN?*l6r**@4C?64
zsYkt{MpwBDrK)x~RkFs<5P1|E<uh_uq-x3#_rtDEU7)Pe6~Wo5Nu`|afg&9cHW;wH
zSps9kM?Z#NTry8;YWst)`<uu?HvcKXdBA5TUozMo77SCC>Yxr}w7Snp$(-e;)SO#e
z!V$?I!BV2&-f@mH=zqcM6xkX-JbGT|ez&|i^NaMCl)#qS72P&5wh`u{s}*BwKK>%p
z64tj6Ivy&xfs>sX`CP+XKV*>uKM~WU{E;6=e>hYd)QQBQa^qd3p5y}LItNXU;SN~a
z({pP?%?V5G5kvA}t{IxPlx2HDD$X3OGQmWI(G*ztI@pGbhmqg<F8!6bB+}p94o$r;
zFv0zQr;L#fQ*jWP_c!dLwC-6eg~!|tZznnQPJQA+Nq3LJ@eisT$Hprz=QT)dB&D~~
z(=1Cg=lD56?mG)c7K?E~g0uC`L&jl6KMl$DT_#mGv*G0g(bG;^CnXx>`jET;G5uWk
z{UB;-_~6#F_Z`b8*`tt8wzF?{0ID40uTQZ7y39~PejZkT3)$044-Q(9A~bbc%usu`
z+C{I2dfW2PP4Q)b1~U71{eQ3`brvvnn?WT#=KC#~D6@8kksdz6%xmxJx#OavIf*Y@
z#(iwbEP44GElwxi_6`;;E+d;Fkz!4ZW<(QW*pO?$>L+HxaFYL6o7sKe{rgI+O}J~9
z`MA4I=JSegaKaa!sFEecaa)(tD)mwWqM4Jc4aB5`R`kx{6itg_)ORPjx9JMH!Td7y
zkjq_ydE%3AC#ru{PInd*;<MO#z2fST`FAj+7wkdEx-4i_tHNyecrjBmHqqVr+X|aC
zU)NgYIS(zl1TLqhufowf6+x@%FYnQPH0gt+p}6;3^di_n>Y?f7yXFUpA${b&um(By
z>(_~;-kOg;cNMpR$VSP^bf<LGzC4l{OfKsex<CG-axt-lqZjo{Xq!QIz0ic{ZHQ<#
zL)1^iF<=m38>I9Dx(}pd+%UO?;17k^AXbN}x9WNMgLnmJ!BSGS2oZ<3)8U@Zv3Tzz
z8S*?Ob%f$_ox&QJ>F}5*qimE0THwyg0%`G!6T=W)TAhh!(2o!fGJyjo90sc#Ei4Y4
z5Ua)6h3KgcH@!OD6wz*(Buz<Zn*CK~yRe6YbVAon7+w6=p4P&TS#9~lLh)!_+8mG)
zII`N@`xrbsKielDKKNgUSQxl8OL7q1Ab6m8{3BK8xzT({?mX!<{}&E-2fho}TUlYC
z-;AF#32LfK8wf`0v8_Cf`Gfr?=jmfuwB7IL`tV9-m5<7N3RR3ffE9dZn;#1Rp~4>S
zS<=Tn%Mvhwoa(3TSui0wg*bJs=WWa_FM82l$#yF)Xl47k@_X#-Ki!TAyN&?HN>nrZ
z->7)>?#pvQB$h!iYfT^Aad!dh%t(&W)4q`%Q6D=aEhD-*4!yT;tUL5BJCB{Oypi2j
z=zYKDJ6?1|na)*vdZbo_+I<QS<kW)y6D~XyD&qNc$sf=+s*c^?pl|DnH$yEfq~39d
zc;TBo6EwK*VR=9Jr#Bxw;^ljtr+|Ra<pb~{bicX%wWZ}zn!zg{CD2Xg1#c(-`=896
zbW*iwA@Ue;>2GR9Y4<~s+S-kVwf>!?n&TW^CDUutpYj-f=xBd`%|TK=p|sY$lGi2Q
zqaP)2NyAc5naXM}DeN;QHai|6l;zM%*0KBIH@@4<V`rQ0)#BDAVj<~c%bqo++w_;y
zr~J}*HN}Gx8W$63%tFAF)cSi(8{dEK4;a*|1nCD1Q=oNEhyf%e@|t9HMEI-lUiLuY
z&$+pfv$ORH$q*XL<jL(WTH(=dy$6lVL{V%y4zCm0glNo!Z-rcqYCo^@nz#6pkRIo)
z3-r`N*D9M>D4j-MZJm1?gU|J1i-1sSQ1NxlwWbFw&BC$66b$B;c8c80?wiLdlAFgr
zXAMtss&lHVCs#J{{aOv}>d=FRs0k=q1^qK%Q%0w%-&4ULj$?mT1r-{#(Zrr-uqh8K
zYGEqRwOsttzAMTKLq`fCf_f$yNQN07v?fDBE0i51Csjf@-YXb}<J!uOKg(ED6Zg1B
zWh{Ya$Fa+ZS~iwJHaGrUS`;kT9M3+YY2jpWKvKG<lvLt6iXG*7H@pa^l93BuJlB1*
zV&MHX`m@$G5-<tGe3~`b%j4bFEr=ucNdA$GSR7fBH9~CmioSo@k}9GmiZqFnC3mem
zx9w76(`6&Z(!E7EiyJqGC_-4LWn9S<;l_?Hx5>sT9++?94-2eIE6}JTFc@r5Xg^ZL
z-Mck!bIqzRiZVBp4s~mAgS7>Bz~FlUJoTwsnu$?a6w9vrkfTRYJ7?&*xkY7xZ#~tc
zW6yaF2I~~XNM?F1@PiWOhmwuvTFh3yTC^uvWVOUdxE~&6@jrUA!Xyj-y@0H&v|p=s
zKBh_@gHCX|xoZ8uhq+7&w_0L7E52^$2i1p(KpzIPAvp@4<z9NTvKOsuvi#I8&~OPL
z#raG!?x!N*k;91r<H}YqpO;68*gtl*C}4c|LgAUMW}JzJ->?aC$i)o@<*i*u8Ip_)
zXazuV6}ibQeVw@4xSLP`jghOe(eVjnYwiX{>nK}SGNoX=qA~=3sFGp0pi*56*^eQ0
zw1}qUWaF{9_I$b@t?3m~(Sp3PVJ$MZXbrD7mr$|d(x5Kjv?uo@Nw2HIXaCOZ>Qnr*
zEUT+b0UE~H#4s4|Tb4;z;>}4eW}48*Rb3@3vh#R1<iKS2`ZdH+tTlYkcxvT7ODlhp
zhIkW|4B2Llhu|a!_-)(1`hUN5raL=$#GZ82@lKK>OWaxnB6)C7rxj1-^R)6;e(CvS
zj-f94m#uOttPu6BmaomK)7O1Mp3t}hO3aoe&G{8|vvM%NCa|vqh+5Ag)lwg1TmpRq
zy^+NA>{<OJh@4g*=X^G3b{`3%ZLXoo<V<0KDRv<^?d+Wmae#&wiT6ntAtBEy1=6sv
z{?kDit}A1f3-O<&+iWfM(I0PkGz`9H_1WF*J@wXlG!|VSUGQ_&r+&V58~xPuY`Vhz
zc(0Wn(du*j?kwl?7s(@z8!0Czd&KIFvkH<21qKqQed+?ICyx7$v*7L{Z|0?TJj;LD
zuP1=mystyN!g?d`EGtwXd0a1}CzSRGX<SwEV&Y0jQQ$r;{=49p%UK^MRi^TCxYiT8
zJ6j8vHz!=D(52f6sdp{@edS_CjU;cDxVDM&V_TA;p2matms4Ke>nN?y*N(l=qO#`m
zTZ_GCj;GJXe-53c)RC}#Wdr-FLY{V`Q73H6YagX+S{HG;I;PB92RU(c@G&vyzjG#2
zbL`q)ub%fb`3fxcmnZ&#rR0(R&n;dmpYFt=`Cl8lO&;OsGgy5(fL{(W95BA&XBe|Q
zS?$M5hA;PL50V-VQ4f8(N1WiNYoS!immBrsD=&+g?dTr-#E%91HlgUHj^lOv(}YI~
z);*}qv8DcV!)cJn=k#DOKmXSO>)eJ^vd4z7GwB_P!Fg(<6J*2Z;)DXl7K(Rnp$d6>
z@>a&%oUeGMayP<!ID_wO+<{EhyXQvTXV6I1d;`N7COQK&@h<nx;4Wspg0E>mF-zx<
z1$@ipM8nPU<1clqwWE3->x%TiVmepuPfdjO8H*-z8t3IFiw_y))*5Gf4Da=pkJ%xE
zc+j_=m=ph!T)sfSAEa>=XN&=|zujTo7eo50gnxT`GwtHCX!Qi&vSFt^?nqiSY#~2S
zKl!Js759>&{bDC7+3AJXr``AC<5jECsOV~eILUJxcouwKPCnYj@}7I5IVZH0k#|e*
z-@v-*(f~HZ?sUJMl2u<k5lYo)9QU3hByH4(u;3CxI>xUM61l*I&`)-HqjP&N6OwYG
zqhIaAyPkmRf4}RQuYAWa^03^E-oQwiz0a<@W5RGlRGU?cW$%?n=m-;Nl92^U)g~)&
ze<D)B@{DL}hDJg+u)%hN43YKgLM3ZbI&D?Ur&0vHkCNDi-I4dp`g4<!n|3vvw(SU&
zjVq>J)1HDR#&N@byi-0o|4F%5UE)}ief>J-Fk#N!_MV(wUc8KRbWDx=TiE^rsPNG~
zLWQ<Ojv!tX(m`DAZ=4PF$GL|+D+qUTbiTb(@Z7Ixh9WvpT&NDUKk!$^WGE-N_sjjK
z?B}SvGz4Go!{Bo%7F##OWzb2Yu8>*vS4W?w?28Qf*(VNG-urN##4P`;vKP={@X7SV
zzY#4tZETxeVVnf;q7&UQvOP(0`m2~cPu4e;vEto-UJF&iX}$Yhb-L~b2ju9};LS7h
zDoZ$Jo33+$<dJRRviDT1Xy5jjYZc0SvCmt#TE@8#mj$Nz?tf(Ja<I245r06<!FNx!
zcJm@l=BGkm>t599v{T$L3*@N$QwI8*erJh6F(hd!Y9rfyf4XFTPdxX_aiDz>^XEee
zQY2iRoy_CGAB!RSW<}x>3VVZ-j2g6*sItv+UoJm@Q*$MMx3DTvh3~O8+M-mgG@tfz
zuDms5eW6*%108$OXP{$kf49$C-^pk}2Vpz@aJ?&HF+qpL<mIE`W}cM#Q%`nV>3_HK
zbgl>-FrX#Nzcn9iY@bAG-SCar;w-A2*<x3!{m5(Dn=(FVgj!U87A&2?5lz?iQy2v|
zVQ^Vi=tKo>N(T?ZlXrup-#CV5LTtYnlBXHZ)7Tp~K<Xu@6g)``hKK}*-~D+RpQh@&
zmA;}n1B{%fRi{sc-%eEu|KbT9ZwnOtZC-2^7wU+ApLd*A!8O%s@i;H|UW&M@oge+D
zQ+1Ko=R+C6*>#bqKHAk9{gf>uK!0|zb*TC1`5r#L4`to2JexC$eR-;5iv|0^Qe0_)
zr|-cXB?CsNm_i!ebXbIp&I1dOcK%NSwDs_OVrc<BiAmSk>;XfshQp8tujMfwhv>0#
zfkb5`e(QdJ*A#Eo<r*)v7W<E9o`<KRS!I|1e##}3mzbLqSks5Cn-xsWZ4GxkF#4v~
zPoaSwYruTA_jY`~uAE)JNpvu!@%qqehJ`Qf*Ci4J_J^_XY#B5{nazLYK>gln+r2rM
z8Jp@HR2ogf2(j417_X!h&w~uG*pYWIw}m*%NzdJ$yXU6O<J<GFXIAJ&O5L{kzxD8G
zDo`Lc$EzYY4UXu)fL!?6+U|_c4l75c$@gf^EQq+R6)qH(b*Bq=>xRIU3KCU!F*?I7
zBkt%k>#)u0kC&$(#9u<4G+er&5CFt*)djE71E(>3+759fROOu&m7M*MCe5G<BK2L^
z#S5+@Y-z`=7mXf1u`G_$i5j8^g<em3DQ99=Z%dc7C=i5ChQ4EljvJ78aqXnR;_y}c
z!&7RVv&}5lKT5e*XzH{;c7L_&?CW#5x93@ARPurbOqjHY7!@AMoL=NxIQmR#NO$~E
zch8CLIX!f5H*{;y0D&x8VdZ#@8$YT#%}Vd7t#lcP6YcZuGWj!L#c;}H;2RlzZ4DH%
zOi>HP9M;m#&BpeHG4RV9Y2U7XNjF~CptX1*^&SD~8rS3RTCa1V+Tp$QN+!<0#OuJ)
z^yIYaXzKXq>fO2ra0%&uYIrE+7|On`O@R=|JqEbr+R5Y}nWE^7QZ&{JUbsYyc`KNI
z++~cAK?>t~^u3`8;mngpRyqa>=vcc}+)?8lqa}TDjqD1l;b^i59hre<EfQZnABLZH
z<CCBZd@zB-TcTkP2Hl<OU#7A%4eJ2T6Wx?#pyHW$E5H~{U+CJO60Spc#UB4eFQOj2
z*UYGbkwu<vNTJCDfV=hGz`S&sA@};Lk#?{%y>UH(YIs>fZE^x#kpm?wsgNg-P{|!z
z9_xE`Sz6qs{7ne^eJX;gFDl}5?gGIY1->k(TQHhU3oSy#>#p?hXIfXY%g^i+vt907
zORK(FU=MM!H&jZvhUkZv$e{h+PjNC|0d_BB0qbUXX+gjvLZ~n=)!*Q9O7`&_eI)v>
z&TsWPqK<(_wB8^^6oqiLSZ=j(oIwstt~4F>K<MN2$17F1o)vOtjdo1#y1i^XH*q3(
z#{F*C>eLfmbatAecBUsEGW()*CXch`5(@09I}6Z*&z?^nrAF;3{@|X<by?AV;|R}7
zPs;5<*aV(v!h7Rr9>6ysXR|5ZhX-xMXZsB&x=-$h$)9yWqy=sWxWHMC))mjrpg5_Q
zgL=-EO^+2$gd}-4B9gb?CGOT~PjMkD)4X0(6q#^j>F<(hvb>VnrB6~-cmr#*no3>J
z+WLE6hkJ!gAuK+6Cq9T-HFSbqy>QQ1rh-FRk%S@<&EWS*R|1r<+Rcx?3ISL<+t(aE
zPJTYyEYT;I*;*P|nrNrWdqQ(S{-O-ORS>y9Q6YHx^<>xTlyvLTp|$JLEl7r@#XFeK
z2wKBQs$=L2^-xjcv+Qe#ocDgDeD%P+egn&wg3D*L5}|G$?ggK5eVrnxS@3X`zl3rV
z({4p`^2Ou7_twUS81=5R1zP9%Vg?Mg57p7uFIpVl0Jr50j32h9QMWC5st`ayG3Zko
zu0bm#caG`k*Vxn%D@(?Q)dEDfzmc8hvIebV#$==pbV0hX0&$nhp$-~d1^(A?q`5_$
z@1AM>nHsw)wJsNSp$X$t5QP9}Vi^Cb;o#|AIv*6GivwOq6&_Hpnc-{weGJ$WQm>W%
zli0C<n*j|kS$>hYLQif&QI&$Ct1}Pch2Edv-7-DfkX+I{w}U=Ar24hJALHeHrhBSu
z=(C$=UATXB9is-v^&ACqW1tponu3GAg~va6&pt{!^A83M^1JlWPn=ZAN8HTgg3dP7
zp{E3{hYAP^?opmhO`WEUA5f*75u@PKt!MLgXD9jtyU7_P@m0yIPt81mr4|yRVF0$m
z4$J|^>Ac^LE(crHrB>csXQG3rD?%sAeH1xI;s<qk=u$_i`{{XBr@?JXr@Eo^_}VB-
z+6#jIuMVw#%}yB!;?7#ncnPizt)^ZEnqyKH=!4Fn&j^-}Z(;aW+rEWPA1GUlSxv;<
z3x#ghs75)OQASUEszE;#yYkV3`uTLtAbvC0LP=mh41ajNvvS{ADg(Y1_Drn2bG3{4
zM$iin%MU|-lLS>@s)nx?lxd@Q%Wq-at2G009xfF`-|9t^tf)7dh^PyMfk+3O;FAYe
zZ{S=UYF0HPB2riiuHgOnjpgqdI5J~u7HM+vbK=RHUg9+Q8coza(yFm8y}vsq3|SOK
zMK9&3ybsg3+O0kS^lHpZ&^%VnqMm&pPII44;CQD;A?tsv&|4UyvF^}Ywjt$jV*zYJ
z#pT{TI(0hv0J-!OzXPDNfU|GJPm4JGq-f?zUw3?>70>s_zOm3EytGG`htOIRxjN0z
zeB<uJ=Z5L>wFmk}ljMjeC9*%Z)-KNMnRt8!4D(C4IB)x%;0x7mG$MkBKlwqvaPY9-
zhfcsO1pvllA|!0At;z$j5FF3FxbRLxJnUdTSA~1$urKV`V=k*aDEE}RxV%E82np?5
zwaSw5U$IPfd)hO(wXx!zsuHb(pj1K)q}<(A_-11zDZW3M#=l)Zc7PU%P5B+q{?;U?
z$D?^!Z=|-z2+X`Mp=LF*9p)UXO(I8Hb8h93$7`F;&)jj22H$2v%K#C*Xl**rm)|k$
zVc;B9XOZXNeQvIluI{q?ZHVc3Ytc~Cu~@y2)?fW9u=nP-w0||VZAO1nBljjZV?2LV
zS=`W>Q>(1?c@~?FTMSi*SoRGC0jS8UdBdcBmH8zdl3wK&BmHU<=d4yWSK+P}j>L--
z?{BtUf^PYe*7Orr=ePC-Ep&3Z$7J1P=BT-=6MhtOCoi84qUWUVq6;yAC~;ArSeL~+
zjnq~^;d_QiR*(WA^|-r<za0zx>RZAvlNJ+L_A)LxljZq&$KPrML_a`{^n^R950^9^
z)7Zj$NqR@D9t7*{8*}9g!D0fNtGWn9jH=>fY`A8^6@s)!&h-UbHwD-V4;3g`-}(Mr
z<L8Zuz%i#Thr#NB$>`B<Y<WJsu}KA@=xl|dytSsKetq5VT32st!C~n%!FhK(-RzMe
zt%&``@7@0S?!M-HQYUjako!8ZLxptas2K{Yv%DwI6BXF<lCu?;&ltvVSA1I1Pl~+g
zlx&%1qOULjU+SVq1sQ^P^`}nN_&L6tz!eRqS*La2Vueew3Cw3kK^Zvm%=I#Pxk;@w
z(kFL}P@)X790QpZg)6t=CA*d;M~H9;34aWQz*i1PyRG?py0j}!zau%9e1gYP=WIyR
zTw$VS#)mJ6F^@76zI@Z%XEu|1j*D?3-4>D559pHfVLI8Yxq*541=7x93GT46GvnvJ
z@{@zF_Je?-xVbi=2A9ak22(iQE&Xp{+ju{}!QJdPYO5!m-vqbM5t?g1i7w(FT2}TK
zdkB@k_@Oq6Dehybo{nv`R7p+#*iwl>#?j9MV|ES&8skxxBK{)IW-WK4YEAbL=mmj6
z4z6F25pF8u81d=QZyAJzWz-4yTz9_5B9$l*pY$w{btb_pyIZm+b5BdK8(moX%cm}E
z&qpj_@@(QGP5f6(ssPc?CXH4pws?Igyr3a|z9r{jP8ig>a43(Oa+%Y&M6PbWisPA%
ziSnBZ;?*qL9w^HV80sOy8xlsrZJVLSn55%nz(s)<9NH<ar<PXLN3F8KaTi8z#Ot;-
z^QcD3HH#vY+gy+N?Z<t;W{urlX1B6$w2K#d*32LDDPz9F`_bITH*-`8ra0~p+z#H0
zNc$)Jy+4gS3T68YY9U!enYxSm2H`BwEv~>JMJWBrB9eFgtQ~wcd~<T0>ie$v)?B|8
zd%?9fso>dBiG#+EeW~jpn!spDY)Zlk;W=O6TjVvA@_f9NYDvQNfIvv(j_GP!OG&4J
z2A=pYC4=={W@KkXWWqdD@5;AN>4wpDmAZA$JXm-OFHYPyC=v~)HqqgxsLNf$6A+Bi
z(!aVhsll+&Iup#()#@(u6JC0w%@@TJfyhe1)AmY^LP%}tG_x$?Aw@p!#<*wk7}B*q
z7TA{5`DI$ttj*;9bk_feB}a1b@p+wlJv(GcDH>?9q7t48F0#e4hmZvUgk!X$U3|z#
zo&5G5quh^PAsSbk{j*N`z5%BZB-DVig3?R541#sHjD1wL!lS?HrPqIsjY#ka<Py&W
z@JHTWLx6BZ1fm|($2C}RXUMW1HWXcQ^B`Ui0#{?KkGOAYd1N%p>7gm<wk^i#R6~LM
z>03g8)C{$NMH4{6p7;5#;YlN%1Uo%DW1d|X)fVW_VG)m&`=~69Z1ydQat)hLt8S%5
zOnc2ZEc~KQn+x|?r<94vGK}Zsej7?_LxJd`^Z8}9!zrAMCoZ*J+J7(E5D}N6(2!^}
zGEa1pPOx&%1UFr=0e<ZMBFidt`)z2J!zXI_a>SYb%2_5E*w^T`kG5z}VjEBG!{bHV
zEFvxY5XTY9t9@Y_A~;p~zFiVr3;Ku6`n3IGU2Rh0O8Ii!88rC%0xwjZHY}XB`uTLL
zM=oXiXkTh92MLyx+C3Zg9$z&A`#Jg#)wH`RuScwB1lJ7xVW#?rD?EiWVk4}OJc*c~
zu21lene%rk_a84bIZc({p`$X2OUO;t=fQ{SjGu8~0z1E?uKgPb=cw)1tqPp<n~(qt
zI04V9rZ_y+A`X6S9p&etJ%Z3EC>=`oZJv3as%Dg-07Ycs&vw?DK;5~6rLOvrT%3Lg
zY-U1b<)(Vuo)=A@^V99?1k}w&GRUPQ(oHGT2HTs69xA&-Sn-Ut7)5nge9_O&W??~-
z+O)1w$9ojj#sw=rF(7qWr}z#=F~ephd~vagqcXou&&X4DH*MfuzmSOXM$f9V7mq?;
z)5%imvM+G}jO;|#1F7jp-ED$CGmyh6xCK#vM}$UInO(CdJ$JDm#M!e$s~75)XG(j9
zY_`2MM?M+R+o>DBmCL6<>Dt|?Fm<%042Gv<Z2}Z7;wLkS7iT#e16Hf_H<ZwHhlo?l
z+%w7CKmH8XqT=C?PAk!$^P9~hu;<fidV+5}pe14x9q4H9MCrOZS!*)1SX%8Yyw4@^
z*rSj;UJ`0yO*D=hKZ54OVSwNcD}f|(sA&<IlWH{Yn3Ed|k7#Lp;a5)*Hdrw~B(J{A
zWG^A#vnrNKx9U63K@d;Q{Iqf>^;<}fIZjp2w^PgIpM#z6FG4_s0rAop*6-VIoIPUA
zD)S{4K|N}T<~WGWQjB(n1mSA)1mhMHK_${#?5=WFRp`k<bt-t;I1s%xGR~jE?N10W
z4$`k56A4)t%(zbM&eLB5ZZRCBpZ|F3QxKvus8;BMRT{$<vor7htH(=a`Qtb7pf0u)
zh>R><sx*<8+{rZ@t((L-Y-ZlzEdI$xeLG{>I%f|oE@mI^OC#-w5^e~M%V)7rJfqE-
z#T85L?%`^i02W2|87hFOj9`P$(yGTnSrZo(@+v{P@faMSs^{4JNSNOjY(jyB3UPDh
z)_N&Z1)aEXeW*`9QK~S;-L#tVYNO~P`GxV;u&P52J_)+Gj<Vf(=r4dE<oFumj%weP
zpGB{Z-R`7_n7;hsFF2s9^+*tS&-cCSh{8b1FZ6~eq%WlKqV%cR;X$Q0-a^i@#>pX4
zSJ`TZX1&{I^d8;~MS<AkZ8%TQjdgzhCXJ+;l^s)O{alfu0wc8h)@cPyx29Bu20|wI
zy2@NwdOWvvEtD2vXIckQq9*?%nX8&J4)PB1BGdFck0&(hlI7LlE?`<(U@vo!kw^5l
zb<T3XKz0YUViZd8XG&L|h;Y<@PRnn<7vr@2f7M-QSQA^jjRhMjDj<juk8)H9iIqqP
zL5hYB3C&Q%gGf|b=txmi#0aP%sPq;}LV|z+LO|s}K#C$Is0dMM!5|<dAVs)4;Q7A$
zJ@@{*zixiynVDy1&+I*W?{~dxt(lRjR9v5t2bdR;_!*QoO7UUD9da5ixo-ty83{4g
zgIpPsmIKd(r$o2}Gb%^rIKhTcfz_CGmdg`^kCO&5`SrmkR2?*a+TXes{naX2&t+`?
zownZR56<|H9rL;=mGEK98~@mf`VoJ10o0<^^9zcAQp6NQNKR@?A(UX?SxioT`H5nS
z!LO7X(K$Dxc_>S_v_f^Yj6?L23JFai^T2iCK>#(sb>#9H|F>s*v3|PlmV$53k`&<x
z$7~o<`skB&$x*HVUX8R7VHzR9K8XBt?30`U>7ng{;d3K#)~Tvr5V78r7(wL?jh0wO
zPy+J)ursN6bDKHC!~Q$@!x2)oB;B@^YhtNeirz;hU_y5ur8g<?*x;!w3z6|Pf+4-v
zj_jO`MD~&x=WU@(&^pXr)3OiiL970uhs=#x0WKiz)`kbbg;~qDp)ApRE?wl)44e(A
zuQTQ(hE%fxrKlUPS+0Ni+M_q;FvfP*#UD#P)7zN24ySA+L@aBRVm%Rwj_NQ%c<1Ri
zSjFP2fkF1uDMarvRPzwRpR6BB)7t&KhXeDp-c|@c3e7pLGOiwjU{Hwb`dm*>Zyj>y
z^>v=Ff=#1d7X?rIg<Kh2lc~2l@K#2Vv;@!6B|PpFnm~6YS@~A&d7x2b^#E^~bHY)D
z6`NmzN=q7{&cLDyPB?q>$SK2B3G5P#%SlE{?7`WgHWWO+1m@UvGi`4VyhtI$I#XGl
zC$LFQG|<8AkVC<<%qr(>N_$>bJe`d>PdOCe_!nBzm1rv9wn&#9#@kZ!sf*w33Y#gk
z83*)hmRaW^9SzLkjnk`q;-{}8{)>y3dh<@8Ti>z^%7ZZQFv)F4Uf!M(ZACwICg<K@
zR-?Vvzr4@-b^jaSfE3B5V5;hL;YFs6-&lHC@V5;hMTBEKT~i%FE@+Z!+HMf%Zu~7o
zIZs2_#rDAYh*pel>7+x7xXoZOMX8|v52r4vcTC<`Nh0yWbk}GX#k4tVAM*7Y`L5)R
z7b)@FEcfv>@j8K$3pw3t%xVv5&v&VqwkKL;D8@aUSDghF5v%2bIc(?kNon`!;uw)C
zql0v$IL~9p;V(l3ojlvWJ-c3F8I?gh=gH&-O+`)_?{WE^ybVVP{OYse?6{)UIdOx=
z#_8)~4}Q(uk`rB-I#<$Cw1JcFvGc@+x@*^ukBYiF4;db|aa_}IyAT>iDxC3Q!ePzr
zkc=jZw)*C|c5G?Yk%?oK=Mz2+a9vaEL4TgkZm_fDA{>q-3adPH*{4--zzK`wR`*S?
z3hRqAwzSa(6N>|UT8k}VMm$nal%JHJJ;CUt7o*w6-}kiXVmygPx2rS{dEJW6ota45
zqYsU8dO&qD{xxVDZi@_O+?OhAatIAfA8>r=92-uvDdI={AxtYYHtwK^U71(84Y^AF
zW})>lyP6*3ALh|3gAdCcvCPv@xl6@KQmE&h*-1sNVFr62v*)s~w>6ar{!c4+A*l9F
zO;z`>-<140q3zfLc6QkGA?O9~<gwh_J?2mo?hb|zS*D_%xa;Ao5y1zvI06rQz}9nj
z)ePp<p|Y*qW@Y#G%|D|o6+WI~oZotG5~X#?p3|7A>_g&2Jm4tRh1xA(TW{m0hxH5)
z_^>L8gD>?3ClnY;Y47sUUK8EcUO4fn7?qm?wq{k#Ka0)|YAQk>*<_Y{3f=0&YGNui
z_a8SkEX7Tk%HgWr`gRE8P)*#@Eq-m%lIecPrvm^V(2ZD+%cOYCBPZ5i?La_Y0s(nW
zt%Mv!ox0FM8$cJ3v%Z%npDAqKPN(=7VxoP!{B~md5k<bY>@Xm?;vdZG!FmBgMVY3D
zbaOqv%M|7JXmDaZC+Oh^u8Dx_5k2{F@6p76Sc_jPTH6M;mr~^1{*|*ocItI{a3tcf
z)0%ZG5XRmwkN8VS$cYHX2w2MX;Ymt)e4=mlnIa|AU#h2!k};DdxIOz%h3s&@D3;5&
zASDfcDAa?y_F6c$Idq<un=kH619c9}M;-m}rqx&}4@`1~AP5y7zJ*(f%!l6>CA7nb
zL(sNVH&@kdj^DC2uTa|nvk#l*`6bEcH>XjzGN(ty=gJn!V(npQ-S@JnC?)(|OjK1y
zw|@Rx0W{COF{^akQ-g=#Ta|8V_q5-}*uwD?XX%NU)>9BFs&|(@8=C`x2C#g;be3+=
ze#3MfAyWXUZ?9Xn`-nhm98{mCWSo<#JfNoGRM~!Dmr*j@cE}BXHx>%tVB<gh6;o_~
zttY-bKj}*FMH=6JGAM`jG^y}_U-_lKfC2`x1IA*|^Qg4(H6@?ZTE6G*fPhQ@4`@lD
znnJZ0Rmhhvuv2JCX(Cz%l%mWsal753&5x3r$E-zYM`S_~M|e9}Ff^-nQ!Q>EVZES#
ziBaEU2cn2|&6_&Jd%(~}#<yT&>wKeDM#(15$r{uBLcU~0XQD5^A5k!Y)g{JoB~+;v
zGAUW6sgJu8=*`my8u)Dp{9Q*$%E3VC(bOP>7s2{@kdJvtVo)N6+MHEewL50Nnu|NL
z{P>E3!hh=0uy*PU5O_#))#C|!B}JOoCkcLxy|L=PwR-FJU0-xkykLQS`Fl5W=ZF^x
zhpv7qdfylrIr=R9ulnut%cKJUzZ^ifu3#N7rQSd$5c<R^QkmY8>5+02^Y45A4e5UV
zoHdzVb{2s+05<A{P!uvX5i~?wT{5v+l5hQavQ29u-FZkyy|+nJ)Xi0#b{Uu1ef0i`
ziRXMVYd|ei+CRTTc^3H=m_`^XX^is(Nfp*_$Y1`^dw@!Ii{GFV{&O@|Cn4sq5~Bs=
zM~|Bl99fA}I$rNeQW=?MA$O$_y=RR^(^!Liqg%wCxx#N9gBOrKB=*0Gks?nGr-gs6
zA~kX));=peq$k)H9yHGy|25y1u9Kf7#64SxD7jzb*JsL=H59iS;H<v**ppzPe?D4w
z4UI}!JLw!=SwB)@r)jJ1DRS6-WXPR{rYeZ@5@&33)0f=!9I!;n^oF4&Oo3Z3rT~?y
z-~569!S<>8EWa~erjG0FW+1=~mB>_(^~nhow{;dZ$Rx=qA7ho*@-3mr-3eBV5BrNV
zJm^;z2Zk88aDmL~Eri}5y@x`}sTt7DdQw(>u&;tC)@|Z(q|xxym7>-0&u2~5hzJut
z!KlQX{u6V{jbDkLPoF@;$3Yx9li97K=HNV#F;L+ewJ(SYmp~WvSG8)yS*efLL8hez
z_s%_hBP)k_Et+&CW!F>>4C}_XkxPt;BZ~$oVZ>AGu<<&4hDY({B=RNLfR?p?Rzua@
zras@hsM&sB?q+*5<>`Wy*ohgdKu9qexBHW%kd`X0*tkQK!d=&qExO<9#XwDkY?f}J
zSye^1t$9{g->+O|uuk2kXoGyi5n<?lBueQ0-mmqANNm<N{w6y_d?1<?lA3=#30=cG
zi=h}2aT!K!Pfbd%Yg?0d>x?L;Dq?;V*jBaoFwGOwBnfqu&s{tVn=TiHlv`FqF<g-1
zAJcKqoR7{k*Zz5_Nk`~E*-61a7c&1Pdp;4)<kx)-QDEXHEY<n`g>f=+17RsDZ|<GE
z4K*GOw(|{x(pp8`4v1V55Ls_J4;_8vVV~{{!+3G;op@NEabu9(+j2g01Jn+F-rtpC
zS>0^B7e3SV@hpYOf4T6dp%?S~gqc%!#O{l4Kap7NSTSHNFbD<Tc-KEg@9a#LDh%+b
zI_7$H_qzPD=eSb|9p^vOTuUkdtp7dv%q_NAx6YnkUjBJhTWzr9?FH@4%s;fR)HgP|
zt7`E(CEZm?oR)acLZfDPeGavF3vOtsm)nf9A`$M~UYM}L^xNGQbs&Ut_nBF~TD(5h
zQ6y<`cxfs=V%|-XBFLWac)9TGYQ32soU=wVj=ZjYe+VX^oj(bW)orSCrN3RPU7A1<
zk^34J@B=<EcQ!t4D_sha)kr?iJ3fFX2DMP%$}?5UTd+ktZNfr6Kubg8w6gU$cDqxx
z$StZ;ENXYH%;~E^7VD7s{a%mv9+itsp$SqJT0W6cvx-S0+idsi!~|cZI8UPwQ7;tr
zU6R3r_b9#ScA~N6+j^waE`RK~s_>r*%BSl~!v(xh7pi=Lxf!z%Z<k_(*&(T1Kum1K
zXxFlX--^7MRKsWuXuEmXhgC)dj_H}q*LfuQrDHDA%Aeb%xL(v;=%@>pc(phXAE9BU
zGxudL$9$&pW5bUV4}ZR+oeBBtm}C|_34G8yXW^9-PUAx3HgtA}t~T4R;0!}i+`PH=
zN8}VN(bsFFoNfXS3Zlg8)|VJ-d{n*j!I9I)f602<cAi5EoNQk+&?^}>G}`1CJmOnZ
zxuAP7Ad0LsdhZfuVOVV@ifvKtK~K=^UW0sSyP3114GC-J@j25WPa!qYPj8Zma+^{_
zk+jw35_adANGUfPf3u{NIw&G!7SzvOdw$k$OwZ|YG7}$bLB#Y+M`DNz@9GY}fV7z3
z;@|D)!sZ9OjyYQ>BR85|xGoe<t_@E~_G=l3eq}i#$Yy|~4(k5M#QAhjhJ>}-9}VdU
zs_YFgH-V<X!X|fZLzY?I9<CF`X%=&g*-!8~C4MJ4uR;w8b+0DP#<u@)hyO6tlS?1A
zR(_xD-~Yi7N#9`2xbHYx6Li96KP>d*!8`lg@J{boe-BoXaZeXyEyRQUser=Q1i5jj
z@ez1HX`ThG^x+`>$<IF#+SWL_Ia%A7&1?d9u1~ufF(jcq7qcZz$x}9!^@W)vNvOcb
z>i1*2RlDngX7XaD6e8y=^XYxhO*PT(>UT!YLf!Ys)rY;aiOv6h$>H6$KVkhppm`fC
z#ps1y<i_hx_{8R>`<>Sc6)Lzk0-#)IN^d(lztus1TT@*}-s>Lx)rwE&1AlNGVFTg%
zh>Owdk#^m*D>)jFz$*@xfh_dCFr4T8V@IXs8#TI+eGe<n=w!;=X>!1|{kUJ=Hu(oW
z%yXZRs#Av_*>KF%9GdzYfIX`X0W?W1OU3xx4!<Qr>Gu|IsEGHDWxx3btB`J+&l$%}
z-S-?nc+h2D=<Wg^KPVHdkdHz(5{R%bUeDGz^(6CViM(iF%%}zQ>%uF*JN)MJiq9a8
z+O_6ZBqPWnmkkl8&gC28e_JWBTcARbPH5<mh8l(bhj8baIe(k|{thXIkvlcZd8xS!
zWe~oYAtTRyt=uE+3_xiu;3&5D4a}4N1q*b5<gPesw4F1ud^6-yX3~f)g!s4a=Kr?0
z&<pbqh$!FX(IEoJ8~H5;g9@x0%YxgQ_@$S*jJsD-Qu@=~^RMotAdO?QH}bswN6sNT
zu#D-PCIY#+&r<OS%N#Mr4DqX3u9pv_o{LAtbMFzp%uBw?(G)rxfk6A81V#J4Wg9F1
zZa-ZnTBNl-2VWrCM5f!;2zCWhvNIa)7MZd8W?&Uur03908$Q$W2Ym2?tzmlK28z$U
zuAnNM7(9>~Qr?)|y(dorLe$F#?9cL<vW<11k%fj5hb<hKLXvtDjFr~=!|`3uCQe-4
z5u?Pe68e3+k&?t%kzP_kt(8L$?rpJJH14sZx7QHkvf`WAiOU9<^5a!K%WuuRNX{yd
zR}%mBC9bM&T4;@mp-|?Fn!Oh|2li5T2-MK5FK$vNjiuw#vNsl3d2W^8(#Ouu@I=}Y
zVN^o`@0_G81z&#riFB>Oilt^fMEsTi$rY7*VJSq;#9}#O#t<a(KqEA;@0|6Q)L@qf
zOIowtEKd$vJ(jP#r&owevDH#J?2fd)C^?<a#*0zz`>P>BrFW$^^c@Lu%u1xR_4QiN
z8hU6-7@NIflLr7Pbxct<A#!5k#hI0W{2_C`F}uSGXXGCpEEJ)iB(!paiW4CB$uY^V
zu*I^OpKOnk{*`(NdvbvspvxeUy8lg1=kHrKGzTjGF~t=Md5yHOxUK#F=&iSKCgQ;G
zVU(X1v*b+O1d;!8Sxji`bR;+zMTzp4&2d7604_+_Nh_Z%Vz|-%yti^<xialf<OhWP
z#oJ=75S-K5V9pUq<*F~FtA_pdWe9mozY86kIXA%Qm=U7i|E*ueMNEE=*iAE9Ch`J5
zhuM<i3MckuI=(xQbt(xRb-A#Son`(j+v9yj`jcs?FjgTQ9iZd6d-<)yXm8#~za{#c
z8FmjL=+Dr<6}P;~>0wRS06(7bZ>~;ASLK{xSmob*z6F)Hr8ur4E0T}Wg1xZG?EZ+k
zru>a88;RL-+XP7u)X5?lLTqZ>q+GW?YKGo#*dt<VSlScrz0!i}-3txNsw#&BzzkDx
z<k!VX&>FxW>}sWhi&)^3pP;pMgie_0*?SQ)^#seQFa5LAzzgHG3AY=mu16t0`RnZb
zg|qWd2OlU0_9>rDQ~V|S=>d8;3Zw$2>S)5v{1Uo&(Yi7vK?Mx`SuLIsg8rxl_moU;
zY%D_~`U2^JEdgqt@q{LdZA~nx*s-9*mS^N6mWG8p1dVAAAG1Y)*NB{s5;Df?GP^z0
zc-#~hr0rK5kvIOy<V=S*%1;rVn(2t)rQVj(Ec3=dT9lNJnwVjHF>rE)_mp1?goERc
zDgGAV5hC52$oEQKd>%PH5<+rh9zyfn`UA=@F%1z67ZVD3sPelT=M@p)Xef2YDYcuW
z`yz~H>TNt*2C`95kaFy5hVz>t1sXjBVk!^p0@lkvRYE2MjlntuWHs4B2Q2tS8-d{@
z%*5hEKrK3c_cv~AIcjqhn28~f43E_-3k#tx9)@itfX)Po%oXZ>+DlsE-|avdE9cxv
zaqkn3o3&trjQ(n&6T;E48Em+`W0eYynCvcHmC64(>~|i$vI@*)a$n3Ced!U<>x*gO
zu9KxIPK7d>RiRVhdR!*~<frJG@Oj`Y;9+%HB1pS|P`-;eZ@B=5Bs(WWW2GBh!_!o7
zNzg}p@Yaz?VA^X_7!%e5qN=&-@C1wALBE~45XhGwn^rAi;0+#Me;c2{akcWRb~Lba
zw9%?B5-e_yU$p^(MOo;o*$*uKp9;RSm9zMxR!ryLe;UgPm)9t}Jrg!GxTs<vY6use
p$phY3_|sUqE&o3^%<&?YmV@_ou2r~FmMW~wIRi6&x}M9;{{oZqy6OM`

diff --git a/test/integration/connect/envoy/docs/img/windows-arch-singlecontainer.png b/test/integration/connect/envoy/docs/img/windows-arch-singlecontainer.png
deleted file mode 100644
index 1ad5f4aabbcaf67e5bb6793d58dd64c554619ecb..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 114040
zcmeFZc{H2r|2C?F4peowhL)n;t=6oip{StRs-mHZDW<9_5%W9+ooK6u-5M%N%mfK4
zF^iUB8)FI;Q&ED5d5Rd$qr3fn_wSs4&L3y3^R9Qj&stsaBu(->_x%~K>-yxi{(UVj
z4gn4}Ha0HpySE;&u^rA}V>@{N$RXev58<~U;9;M~1Ff5E`1Z5Yz{x>74LuDuwxTG`
zEo*k*{HW_)Qx7&ap|HJw`=TZmZQ0m%GqrDNz<e!dw>hf}DX95v$o<4+2kN=L<dUx^
zIKMR<dZDGRdSvpigBn+b4S4k5f4f_Th%mku{q-~tyX@&a^Zbn796_FEQC{PR9{ARC
zon>F`zlAF?cX*Y`5O@Eh`(yVCbD5^nyTJghee)Pvvqa7l*LSL{3YyL?gC{?D;Hp2=
zC^bxZZ@oAOT;Q)GM2;mJbnN#T8=Jc6AJKdF`0Icj+=ux6H}K-^6aUM<NT8BXtalpE
z4~Y&{czHbUs`O?o>8N1p!}%4H^Foz8CO1UYoflE^!8?I92Sc=30iV3+Mm0RYZnEQ#
zKcesC30-$R*I(&VfVpSB`K`z%D0jKP%C8t=D`i&Fn%yzX^MmVvX`T^oNr!3`I8wFP
zAP8pvoUyIiPeN5<_W$}M&s)5lcY`-Z!<ydkO1{HFvlXz64C~q#M`c_y(E1ih%_%<f
z!+On^olYycXGpd<a1`!K3y>!nbDGu!p^90SpjVu)OS^r-4RBj8Ir%rSy65O$4vVZn
z|FawR+_v0zB~RcUdW?`z?@f!Jh~^m=I6oNBR&f0GeZSU$!^b@}jGVd+ai+zWlma&j
zG0lwCJ}VzvB`4}N^p)F&ujj3X@?Kgh`2F}x3+?1Hf?8+7oFS^Kuy(Qz92YpTXT|><
zjO_e<2=+KbmQsGE$*X7i+^Q?ln44F5zSnGwg{yd}wK-|8JDNa^K`eu+WwP2x_NU>1
zc~#84?Dz+dIIi(mWGgxkPC?Hg8jnYuzFM38`(xQUgq!)IOCEaaI9%+CcbMj>s$3rq
z*ye#>I39^ND{ar#e;Y1S@pty85~qPlXxl{I(C$oL!6wXu!>Ey%PF7tv$J~3@nXYwt
zd9rO8`WpFk6kj>F^gkAe^RAW8kQesL)Z%#KWg?N-^yT^C_v4LGl^Wf}cH}kWIU_5p
z5fdW;;CLqv&DzK`&9yjAC@pSRZpr>MhHgz|43x599%dzui`dDoXO!`Vh-K{CfVuMQ
zMGxQul7G~4%C6}A`-V<N8$~n{zUMq^_ww?R5$nl@h^Q&Lb?d~-cs(@&VO0=a7i$h8
zLXQif^WnrdlVJw2EB%r4detA_<+*Gqjs$jRqg&SB-5&f{8hIwD;6I<7vKb?KZhN+v
zya|hQSdp0e7_}d#;xniFr2XSG?Xg&NCfn>sB@c7?@6`e8&Rvc3DH_lBY_7tKqrcR}
zN-lV3>+z4j|I%AaMKIK?mcKk2Xxu)=Ux`xU6%3TLV`{_CIEaMv%eJ5K)J@;c34S7^
zA_L*7kHJ2BH_8-C${VpxvMR$bITBhY8+%@qN_VGh@zphJHx@a0-Dft7OLgDW1g$$I
z^~Nt(&Xed+y@@<k>2iGV)orb?^;kR#p74^MvlS7UhZGu?hnIdMzwQk$?eo;Bx!_3_
z+eKik+q$dc=)>G(gXg_%qLzw%ObNBoYMk}<=4ue)4zk9j+a5FOw(2KmG&x$tVIe=E
zBn44998nh-)_AmEsbL}u<&ca|=xxdzq@8kTQ$5A8erisWX|&@$p+(DL5bjsuLVE`f
z|60qC<FmeJ>=hRaedaA|2-gmC3*Q(99H$4B#dYD%Ti1aMQ-Zz0jKX5HWI?^NTELoP
z&F$%~NCPXY`FI78>-W!>=+lEX6H;neEVijqP1=kU=vT~KRI*pLygU+}r`x^uKCh~)
zxtAxv3G`M(ZP+C?b=o)S=0pZE-W!vNOGMhYp^OlSzT38Ek@oiXpCadKT;ZBjZ;49Z
zY64xj;FOih>%PuyjJIChc_+234-7BHnAZ{miorfoYlLR$BG%5_m+ZTSm_V;p{|Q)h
zTQ66EMiB=4U{~SmdR#N^n;hg64cZO31X7M18XcK{tR|difaBaTQ3!^rjb~DLe-vr?
zCSqhCGxPyz+#^=>*Se(G*n4qJ6VUg8Rk(ZT*y-=t_tN39Vca5X(3e=m_dI+>GsG5K
zGQcPunaf^Mas3_wobnkL4afpP5oaZy+nFU`7qC9J>LE8*L6^ZaOBgd>N2)kc3017_
zPe6ELVh5L21wY=gMdyV+0!hH`S9s&9wft9SCZH6%m8ni}EYWZI38wiC>#32n9m?uO
zSIIz;O&G*BQ>a+<J`k6TCBY)nWG}Vc-L0Dg^dK2RWG5<(3@gIefIRTjoYd*=Y!=MO
zJkeCaiTVR-T8=gwDRD}K*iHozkR8<dfd@G*3y<&#%{Q#tT$i_&$(K3#WmcfmFky-D
zoAj43;rg>RXKB#LfIF}{CJ<<39Mo9r^Xu5R?K?u;zZS{9+~{z|h#yS|(|iwkuk_u@
zIW_0dl~6(F1#FjiSz6dcX2<4)L#Su#hpT#MB_RbzllLSq-XpnKtQ*QLUK7sLF4~uM
zuY8`w3e4TwT%VtZzFeK{@6Lu_#(ivz64^VQ>a5Gog$BwX_LWGRm2AKolxQEjXIXzb
zRhAC>w`9xR6ED5_hHETyC~C8nMqjUhNi*mEVE?P``*6P<h5<EoQ#T!>TX*fJFwwd$
zZR<|h6?d(oKHYsk0^97un`PQQKRtkw&=&TeO8rQmNFV3ltn8pJi}$Hs;J&e--svYE
zb}y*$z^~iQ)yg~2r4=Q-ip}pm*uJ?+r|rk*g31G#OBo~*Sjl%Gg?iuXx$tma@QlgX
zuWyj2kX9w!T-5n0zvaQA3ZMD8zUI4}cqup`=c<SRGPp=f1l5x*p+n3h-&odFqrl3W
zAy2yrpC6h;0+y`zOo4e!_{O&gFGu$7SlNN7Lwb!MTi(-Hm{q!jri!=jm-Z_z^=l)!
z3?Nz$Dj;YV+!A^z6p&IJm)mE<KF_5eO+mTJdgyCSK<K9P9|n<?=~DbLk-StHh6yfn
z{s0OL+o{kpoJ=LKt}^5c=+3N86PC0Q)h7xp?`?(9S7ykcJ+$7V7QEH3ORrRMO0HUJ
zmITM93e>u(uf5ZeS;Y3DMoMDVGU<;;TsFaP3KH_o%e%6dy1k0$MPnB)MBNyhlw|v8
zBo7ZhHLE<Z*bQE;-?6ZtX2#Hy|GNH7HDGP_Qm`69#KLUIY;lC?z>54GlVE?1<1$D>
z#6;H|&)_H^BuV+U`ue5rDC%kUG~z-hTH;xmdYMT9*se8$*^VxEnXIj@rC9G93}kbR
zcv~-ydoxZtZc|2@Afm?)Z_G&2MEfQ!`faZ9N=KDySJreb!CO%u;^xsgHNAnJH4Ou$
zkM(Q%GR0Q<U&lus*_1d=LmrtY5?F?;d#4KGy`{&!u4Tl!T<tq=`7<(-{JdO{re)3_
zO9`yo7@T?6T-`!(bnnRGaLVo^fo}VJNubNGk^X{qMpkl-RdO0Jkrn{hbNAAjcn_)<
zr8>DpP1{VZZ{#530;yf#=EMz*`-uGFk~z}>8yD0VHu8HFLL##%po{@c3>XzCQCfB>
z4t-7Nn!Wy~NA+*2^vW7ggZJ=gZ2FyuC2ao9wz|0Y=$>9?Ozwvz9eU$B6<M%~m1590
z=>_XhoJW`TWhSh#*mL>;;HdQRvX1Rk>N7X!bgo;Dz)(HB)Hw-4yl+k?o}e^GAU#9%
zZf38FI5lX2YU^0@#6HVq>@gwDMhSi)6<lC9c*MG<905`>Ouxoh&YWEJAUZtk+WfxV
zTS}UMwq;V@a;^Vmw0vVWT!kcT9pOMR=Sqx^Lh904pc~}4pplZEiFm7IczZ?UqUwj<
zE=^rxss~E8VdN!sw>3e28wRC@%{?_qg@2Y--CLKsFz$8iG0Gd`-QJl>Wt>^q1Fs+R
zzQ6oYy~WT;9j^B^7yDQ>8gs?^=6i4~i09MerjwZF2O&<q`KB@pY1>)sN4wDH<_Ah$
zipP=qR^%d}6x@KdP_*=tgm3s>vGXY80O#aC!b#VBc;;QcUm;W9^`3^r1Y)m1Sc)-9
zws?*2ujjX#&6e{l0Iz)m%HPfUZH=&BixeqDhn}(SU;uew4SQ^;n=<o^Qw9is)w??^
zaBQsX!cI9E)t=oYenj}Nyp``LJI29Z)e|#aAEtl0Ffws18H}oc*b-J)B_}!9ce;OY
z#?18>H)hLmFoOS%J`Xk&W=0y%1x!vRx;T52rzQ@9Ou>%duB<0n<ZvD!jqm%l5=B59
z2BPyk)D%HP>ZBeX&W!~Dspj$O4COY(H5}{hfCpc{&7#yT?p6Fs6rHCJ+2eagTus6a
zc%;4&5brU~Vp>eYXAb@1yBrV1A#NCg#gL(~#RT5Yo<Svw)*R8t@5GJ=;7(iD)Sm1m
zL_9~&s8KU0cPwjyss$TIF4K|&@DMMV%-)N_S008yCgSGVpI*VOjy<fP5R6G<)FnF%
zssv)|nKeIPf|X|f7`W5~HuRey*{xWl^YeCD2AxFN(dXanZ$rr5T>MXdx!XMxvVzD?
znuMDApRkyD?w<ZISJ=1lX?dLf37_@3p{AvY7LP-HJ%rh@`tWTSed>G=T)u50?ctZV
zXXLkFM&I7LDzy}R<azZ#S|tM-QM*z9^maHOF$duQx_q{`&}I5W-!bVsaHsnef}y^0
z)#dR^m~OD*K#7ybc$qo;!GRKaiAfa&2Kzn=toMW^H#^gdt2X3QvxP=uVS-Di4}yy7
z?;R<n%sl4?FJNb&t*YtBN)K9lMpjmqDRlGB(<jyHr^Zx-e{E8<4v;?leUtbCP0HOf
zA+eY68rh#?9fq;}GgnNEq}Z!@QlPH5)YS9DU@~j2lAPW3vawAOxTgR~A7;XJF%u5<
z3%sv5uzugm5bk=VUxD=T11j{sSqsFW$#JkPNu>|sbvF0unP8ErttG&L$1bHCK38;}
zG-b(TJ#h`trgxW`xD`)4BDQo_0i6XnmbcX8s`KD=z*&UH1L4tXB$=5S6~{@lF*=V#
z<GK^Fe&32Yu_T=Lu<iJE<FG$n8q++}SAc=U%8W2!W64(?o><`Ab3)53BVV@|072eF
zz<B9DciT}Eo5?**fLG><8|qrUpRwzDmgAoz)HiE5l9B7j-<ze2lpvhuNS3vz=utK2
ze%W~ThHoKIL#;UweRr5NltjyZjtQw6LW&h!$=*tF$n!ns9{=GBx7Y8OOO|9lort&e
z2Qr(dOJ=Mg(ST{;-ESKtq4^YJm+aR7@w$O%yG5g`Q9t?&`vEBn{z0~8>l3E=Z~kLW
zNQ6d1qe$?L)#Xf9b%%}+;^~)w`RcxGbmelp3Q9r}uZkz5&gxTWe>xtrki~tYsp1WA
zWTU|z|Dx^3{L83;2g+dt_g)`Z)h;1k<lY~_{0_V2JC~*cE+22@TRwSPhn#(KU02ty
zujQ&NX(J8u-fQ;TRYm-Y&y8PZkYXdLqrM45Xg%D^tgLjymV2l#q1*$8bOQ~0)g0sK
z2J|1quz^%ycL{FgYpG#_)+5CTf@P`m(BM@9$w~HJ4G>y_a?1&*ytQ0(LIg4y0cZ8O
z`LEA0x?<DhU<+Uz<bEEzDSqiaA;`aG73Ts{(i$*M4Z0a6tU3cVm4H-Uj#1OILakDq
zl`({KDf`v=&UJxfjiPbic67!Aj6o-HPw-28eO=PobbKY=RD=jo+xC3Ve?%GmvjLU!
z406+#X9&M#iN;+oi|6~>S(c-xp7_NJUy-$z&}}lpy(uGg5vNeRY1!*zzcKWlUa9_+
zM)+(um|a%F`Fz|uME>~w8F}GDw^mJGKYxp3lAOeoo^LjB*F>$9N0|vkU;o=OcO!_8
zmH3e6FoKh4xgPRyt=1?%lLnm&xP#I}stTzLTGH0rRpvLalg-Tkgo~*ck@4D2PB`jQ
z=guoZTfQ~%<Jgw)GkntUAM37Lz9<xGM!7un>4C$W((;pSiSZSdspnfYiwJsD(i@?e
zK7Fck{V{~!JSER~rlS5>#i6Vo`X9$fgWlqeslYkHb2k%*)btI$N8K#{N`J|sR{FRU
zPcTC_z&InINYQPp*=v~=kP60A$=#&o*L_h1Nj$}o8AGLuw8zY)iMC#G@4G5<v;D=;
zKItcSS^0NUS-K-b=PfXV)oWtGMGw?QGKU*+%$<&Ho)LM(NO^g4J7GoTGGk)`jBy{9
zN6>!=db(&M+r`^8sU-MPDeo_f(pPPMpb77h^3>Cdz)0wsXiDP9o%aF&AR|y>9LOBr
zAjiC<C0_s{*ucJZkHeq`q>V^R4<eeM8t8TPmI1K_B~fEp?a%8qSat|urnJ}0@M;lV
zRQ6Nm+I`e=_@2lx(Z<4RL4g#?S<DST_s$XC`ux&|U!J9{^LP2Un0xeRP<|Y*CsLLz
zo)h9u-Qx`&F?vuA7c{B#c5;wB$FxU*46WJ&6c~XLZe$*t;VQp~;L4Wm|8AT)fPC<Q
zPQk6Lth$~fR*&W#p2_+UM)&V12pcW`=uJg{V=-&#VM`oYVJn|&@OZrGNZ!ksiXa{F
zk#Iigd){+{K-(XizV#NL9r->A@1?1!>CT*pXDLm;IXWdaQor&?ejqPL6&;@AM+LAj
zrc!zAN!TqnxIoWa)?ddXgj9O7bHhlI$-ZN+pRGrMT@aW)6YPlUnot(`7PuU2-0XAq
zduyMTC;U_=ZkyzE6t%+{>sKBrI>T-DW#Z9p2|^WDz<AS%UKXdRLTA@g=4czXIqv`M
z9F)&kK`Ul^j?Ds_p9pdp%rll%gy^}#JunCd2M4s1%A>DG`fd?R_Ilv1s)Al_Y(E5-
zhk8Lrbld<D6X!SXG!|{YV0ENy=_bf!PN6b8z1?=Y_DoqpI8VR0zKgoViIwt_u3IG*
zT#=;?$01Z1YFS=hLqr@d?+ZRGj=xwWJwVs?B)(vJ!92#r3@_IzD(zBIbDbMb?(IzR
zazDD9tucUpR8Y;uT(WZVbYAr8O+hBj?@&IOV~CHyHj5<{1&`|UFEocY5B7Ew-z1hQ
zz>Qh2=S7Bst>1qg-62Scum<ZV>_^xu$jh;|cWwEF%`{2N+Leb!s|6+d)|~_xDub9q
zE#b}Qq(qX^o25pIJlm~>iF!p7V#-;~YBG=s&Bk`atgJoIf}xr|E+$*?1VPJ2ew<e^
zW%aHtE;58W+$X+F(v`om!siWf>C69t7R`rNAp6<Wd8rj%NVzAir`2MM>^svQ&kdFb
z<=RX;(th`E>gR2pJ_-JEn!N{2b%Fn$>Hl#s<99s;Jj<)`|9sIf&#ES<31}I&VPjo;
zr8iUvVy7bV`!hJEy|)fx{skAOIOd$^`u!>!Th5XFUH?4`d2{aE|2Hqba&CkyOy|nY
zehNeFLG(Y56b2~2x-+{u&#crL%+5y1Gq-;1aQF980RKfIZ3cPQc!qJ|*BjVEuEj<g
zm~c%?aCNdxjWurz-RAoL1MHsmF7aI)%K$Fhd1|QA=O-S0P+bRr9%at}{m-}^a;66x
zboBRC=iGVoema4aJfH3{?F!(sj*QS&(9|76Hi!B*yfRk|+Z0@eXQA5e8w;b4S!)cy
zBA5$x-0%OoprufLyyE^IZjH=Hl()M-zDXsW5W0Nq8Z`we)LrFU{UCIe-p5j%;7@+e
zwM-+g>vUty9W7#^#F1>FHo*1X0pQ{$_M&OEKN0fVa6%k1t|z=8uXieWmW2@Zmw0PV
zrU@GE%h|)D_aNvm8tifgN&w*Dyae=SEbK9hY(#g~1XoFD%NV2EkxCF>4WHU!0XR#3
zx>nRCtfgvuZ2%lQ^2xR(Py#tx`_k|E;!hYxS4lkNKYLA$l*lrjxM~PKpnt|9t;w1F
z@MYZ(>iQK)KRa^x{7Zhz1#A{i#xM~Xk7=IjOb>$)TXPK319NSK0~a(f4kFfi?&wl=
zV;gDy9QJ1p>GKlE=?gfo->s<Ah5Qe9bh6YZJU2pCHWtVCFk{8z9J;-|y%o&!6q2ae
z5E%Bn?Cb<y?GO`f88lZ;3zV>#Y)#Oc;}RSTu<1;@jipBjt5OR(<tk{@V#q?_B|kXM
zJw?7)B<dx+$DX?}QV7{<j5Krqy{#!!uL^;#1BZ^?m8n{&&A{VjOi6*|n8Z{zYb7N8
zPeo9yGmo#hR(W3eoIa5DAhs|~wJ)Q7EkiydjQ?WZ>V4hV#91S*{yj7s`xeM_QSdIO
zhYfGfXct&kZ^8VUw_jgQUcl;p_W_JbZ~y09_WT`T>U(s<@%eHtK?MR*`oAuaqUyB?
z&Y%Q)-X(gCqf74WgRauBS=G3C3;J`|7qVfV5filB?GGQ>JVHrPw-skynL%Eg<Gg-+
zcCvZ>@4qg*2k0o;?7Di3qXj+RYM+Hlas%$@!mwMT5SX$F?@~TYaaE*Yf=PmnvS+JS
zx^%#lAbib^Kc?AUPkQ=60d9`p>@uHoL4ZMRfX+ISTAk)MTJ1Q{;92lZS)gmPfkKLL
znNTw~W_GB4ko6UDw!x(Du{@J{E!|5P9p7E#tL4Nsru}PzN6CClAT4jp-ohfFvpQv&
zs~}-5VJ+zq-QMqfoUF=yslIhnJUw%nxav8~e6b$ajw9CE&}~oHEIYnpCB~a$KzjU}
z!zIX5mg5AuE<#+y8TkgX_PYU>nrb&eE(Asv05%Ra$1mmC{EjyIlt^Q2YP^h_rXyeq
zjj>LG4FI|q|3l%?*H@PYS`!t?vP}ResI-T#T%u=k0iJSWxTE8Hsl&|oFVAJv5CbnY
zQK;&XG2h}<ub?}u@MRv1i<6U+0kfA`Uuz?Y^Qv{a_JY}@MdNYdr&&##1n!heS&^!m
z{FPlgiAQMJLKor+TFw3(jJLpSoL*EtHPSe$Y7KXH8mC7i3j-T4T(KTfG67tBc&$$H
z6LRv<<D`w`ZkmjFGE#robN*|s7c6LT@tTQJR;;F&Ofc6dsDn9SW|{wpWb7%7kcyJv
z7E&1r8biIXwZX(*8>L+y4vVW_*P=$p1*0I;B?1yr8z5-~4(AOP`5`cd#4>7cWOGS`
z6FfRgUgC=q<ZSQFEV&kvvyK+nQUPpM_8%|EXyHv4;}0M`U*iQ!Mq=7xZ<3D_Wf^sA
z*&1YCklKhxS9G$)jMAg4Mf-5^;f%|Hb6AvvWvboKsE3*AE|02wUvaZ*uyQHk8&sxz
z?T-dgN75lefxA`MeJf3Pz5>o~JVG&0LX$X>rI$GAu*jG8B$cc(U)6*DkXyvp+l-WE
z$hLOB=6<r&Do@_P>f*{@pSsK!>yl(eqPDAe&$`lMpa3|9ro5AZbzg}uET21Ng~nrC
z&nSD^7w_Z_RQ5YF*Gg*`0M$i&xr~@5GKQ-w1^K&*?I4PKu!mrx7rmDW>y48(3zX1V
z*O4NX0Nq;_#MU9S0mu6zjT}9<9oTbl3y6JNFa*pfH&#G-QA_@esy_i>y8c0NrUj_$
zZ@`rRUb;EyUH4jTEP}}L5@tG_%*!`SH)1I*+B7g|U%5kne2x0h@MMt~Rd{LcHowIW
zDASC~_h*>uu77HPGeeP0^A0NGo9{MKuDA?WU22S6F1W<f!}E!M1^12GRe)Ad5B*>X
zf{AvTzBq>Y>JUC~>IP)%x@VvEGORuA)7?s0FWG6T{lJ32K#9@)G;&B}@Yvxv%=?R%
zgF-+}16`Rq+wWRcAFr49c7vUEmE-W7|Lk$dTBhB2cCvqNfYIs3S1aZQ%fu@Ez+2?b
zRVm*+^rrq$<XNRL0RI@q(ms@ks6ww%vnLS%yF=L=1IRuAyN(o6nS_VI&fXzQ)NM}>
zt{gL$*5Y$$GN2_RMT(!axwGyf`%fnQy(nSWF3`m+QF0qsG|kd*d1X(U!tquobxQgR
z-ga?&vBGz^%v^KBC~Wvo1291(ApKTMysIGYf}7KW>Z>PfG)|Fjr)^7cmqbpe3~Pyj
zy{QkG;sEUJ$AvHe*M5?W3A-jy;F?r63rceFlQK>yg_RX748Mu8S&y0eFe(>ol|$?^
zs+|z%`f8h4Vi`D(d^J+_W<9+WtxL7jq`A=2-L>;nag3XbON1}YS4kqESCPCJ$c7RK
zF~YeBlK6^GZSclljZJ5$Szab-buFEVa|+a(-B2Deue}jkONPP2Po^P-<7_vo`QofL
z5{|s2^K7=3+}dEaT)xq_aQ5aXO&Z_iwCoWJMKA2Mu5X_jK2Sb){+~U79Rg)khAx~j
z$J-?^zmjWKs|?5|R*&hAFEG<X&B+OMfm7vq$=XzKE$wfC6{!dGMzX}}F$40Xld9@E
zaob*>ntT-bw-?FUa%{W5sE#SHq$*+vuJfwfenI0?tJGpitb659C8<XH5JM~FaW88_
zUT~!@Xy$9s`869kOQDwI+}Yq4ZYdWnFZV5u$x5(4)eUsyLfg@SmD^-awMY#{wby-}
z5IH0;ek0>`fx(ujVEoI_z%PjeIhP1mD{ATMmW#(K>TT1!^px<p7cJL*oE)jNX3hv7
ziSIvgSZSQB^?|m*4aF}-k}pf?9F6Z!38=#po3H3L((iqY4}99OKnh=eaMzb>{IkDU
zt6i0)Z`2PKxJa$5A~N;L?xNkDTAMJI@fqrtFQ#arF)osyL(L8`a$%G?!Evzkj_;Ov
ztw)=W>|Ok-V^H7@^Mx&Do^@F&J#ge#>J(Gk-({h>aSY!>`|Ll5Alr41UB46<iC$|p
zWED+NA*nQMd9rvY`Gtq-e2+)Nf|4I~nZ976kRc?0BRP~{_W^BZo1wvc(+4fDC(nUW
zP_Zm!&)1hKm;1}y(jm5ku60~s3hdiQT+t<WO5ply*(31^?=M5vuw7Nm$;2j#u@xg*
zPOm?==`rZG;G4uz!}o^(Ed){_hxt;Ul=UiGH{o3mg(3>n8m`^SS(#?z05;>)<>)l{
z(d+!ElD(Q+Hwk@wU6zSH>MZHNxA9fvidrm!dL4&dHxb1<fh*=xod!ynuq@{6H3#Yi
z$3K;wXIKC=?QH|<wr&Fp4sj#?N#kNYTiXC&`5xfQ8$n#M5-vK~1|FBKE$?rQBD-$5
z>$1R$Leqy(GWY(78!dAi56mquoSxcdtpkiZW_OE*%2h%NsO}u+XklWrlL6EpfK+?4
z(UXfm5&A4Wm+YgZ;gvVbCeg@132gxU9*3GnsqK^rVm9{m&a!a07c>C{kK_h$%c7kL
zlONQG%R+L1^q_BcwplD#7H8Ok{I7a11*N+1`9Opoas)uelrSFmlaz^z%(Ue31~Ri&
zMs9UbSz6{4c%EpNcV4xW;4Ht|>i*>!yNpn`{EDbf+y?fd-%`_Mltd{SjsDq$N$8L}
z7|fg(WV47zAfr2R1sh7FW<BzEt%E~X(w3)B?wc;G4k+635Ir7;n)ARcV<&6BKN35B
za7Hs$_DWpTv$xhGY@2EKSSKYf6`JPCw_mTzZq~8=V@(t%JNSt8&Iq&5Iz@VpdobtY
zP1&l2XAok+^$on5{!7>xb<(3<iM9c|b9xE@9f~2M_>u1&EwVMUP`&4k6}yaN)cTOm
z(6=8f#}{AvAN}C$$|@rHw&6;LXP^`OhwOlUA#wBOQ?A%F5$UzV=6%<W$58F`WiP%^
za~%$1IRRP7ApH&#rfi`TaOPsrQ+15C8Q-othgx6hkawbBY1o1}#V&xlT6DgT^CYql
z?{ot~=e#4U7L#6cDmFDJ<jsx|)`fpHGYx6n{#o%?KInSs7I`z42PlZ?Q0-4BmN%yP
zh@_;2>lbz~B__E(RD)q+q75MjF4yPO+AY462o;w((P(wky7f}vutTkh9w`tJgypU4
zDDr$A;%UyQZ1tUZ7WC{em%tBbX7~u3!3mr>ag68MGyvpc9L(ILrymVh`~|@G?b&iX
zCOVva^<NqYY~}&4klMx)(LHFSVBeKK5qZuxVZm=#!mixlXPM)yYK9~9%*T~`(BwPF
zdW<wXSDv<sV2ODa1TzQK3yz*b_lL{Io4dajERCUb+_zDKc|u<9qb_(P6&&&dz1h7p
zHNnXqF72A{PFe3Pw5~J9P4*tjG7PtJIY&(lRqiDqy3N0vfj<3est7=o<wWk}y2m|I
zDi0M_^)K@h#osc`4=iFQ5|Ezxgc~n3H>z%o1l0v*D^0{e10^g>#IG3_4*lRvOCP7N
z08L@<7`%h&upOK3?SR}L8E+NjR~#}7kUHkBnAO$Qh&E1|z;PjESX@Ye&Q$otd{LZw
zHfe?9^?|m`oX{tgqQDbs`jW=@6=*#o94S~cn(>LVAZmXv2Oa|OtK_Dw^PQ+O3J_`L
zP7VO@G-gwWPeE>sLeEqj9{4jQ-n+UhG|(l12-`5S+_;1WaTd_2)R02Z<x`}dhqd_Q
zM)@YA(0=%a8)J42)=JaWgv-w>A8s@LZlTv?wqUaU&5xGUH<Ln`<3a(Kk4!vBGQ3bp
zwaov=VAv|2*)&E1;pb)~T(MO#2YLULPw?qOsGqdF!#(ntbgwO0L{lsB>>^fIClcXz
zB<zYaU#TbjzO~cbTJDwCGab_hy4+4RZKi~_{qa>J2A~GW+34^@nW^FGfcHg3>J~bx
z0PUr>l=->NtIvX#Em!-bQPg=XRRA0HbRk@BwoXCMB)nMkpH9-MVnpiIMZ~ts3+gyE
z83=U%{9cN!y;P3t=b{Tz#ax9-)E_=Yo(fi2X}sKLcOgjQy!7XOf!wAF`_4brVpG*x
zC+y)$3V|E0nC2?+KFgIqUsZokJ6C8~X23Lq%5iu$xFqo|k2l&|t)0=!6UWJwDl%q2
zRJ5;M$RHAn&5#S<zkm%l%)?VZ6P_(_2uog(mcU#&JtE-H_Idw^5#Aq>jZ0+yigO+A
zedZoO>-ZuzbPfR3d+et6q+F1RIVwSP?1QPOq0YobLezbsXrmM7@YX6e4aYFeuhhz-
zZY;fmfOrq{tehtXxq~8~+aY`N7qL>P*Cx9drkMK5N;d@P?AhPfX8mPIm&rJ1hgY`(
zmH&iUPu*=Yw&`_n6JYo4a*(2?JaN+WznTKy53&xf=eRV%dCz!;Iw=`m7MDL)dZokB
zud7;^1WU>4t5d{|!AS^AggNM|2x`Ru)0}fF!n&I055*xN1*8yKEjY;L{epvkIge)O
zF+iLp`-wm-2wKep$ND{0f6o3_LDkYd#p5q!g}xG-ZLB2^S~Hl@u?3OX`6~f`++M#O
zpxC$llc#+57)Xr(>&T%yP;E3fe}3Dw65s%~VDHXecm16G%i;(iFRui?;=e&($)wdP
zvIJ2)$hFthuKYuc#QIc1Zm(6DYpNNZmTO&gUattJ;b7llq=z->CVEu>kciJ_h(rjF
z!qamc$HmU^zClij`(|9yXFN~co_;PePcIp81|(%0oIlJ)HjUozJd3@IdM)P5@2!ss
zcc`t`^Vy><B3R)Els4aWDTQeuJNe_#qDCXtl#Y>{X7OY8aJ{B$Zr{Q9Btacc=a>76
z*LZd`{tBd7;E{rH#U|%W*1gS<iuu~eT6GVTwNah3ZiTC9;W9ur-6&3lH*M<nSLbg{
z$=kJEPb@5_xxaayuS_o6in+`>APf9)$Ol{z%J-@Uz;8Hu-{Bui&lE<vCRKullIU%U
z)wdp^UgkND#k;*-a%{Ve+_hf*p6a>-g{a1sdV4GJLUk-KIx5B%<2PkF>sg(fn~quA
z(Oug~bdMk^BAW?&w^yxzDIYB#HXH7^)NGgh29@j~I9yByEqt_CTh$n*druDu`FOo(
zvA;aIF4wF3CMY5gd)p#FK^m4nO;rw5hl_aT)#s$TjF9FI2n6pFJ8fZXOw0bn!}I!p
zTW)#Y!w81#@jH?se;jUExpQyh%LAv+00LFcAc{;hJv#-I8$RPVmq0@}*^gyRYxXG5
zkA*i@US_gAB(d3>aU!*8Y2WiGV>}kzd4DDA!1amxT;vki6iyThEO6hBafsmnR*GmL
zg->uA`vl=s7OeLC!>sV((*do!7;%=Pz3Je)r|mTztIpz#QvL2B+;&|~z#<@z^g;|Z
z)`fC;d@&p9<8VZFa35>y=46LkYOl$?n7hDQJXy;32M0^FkNBX&kV&k{TPvI6XT8lm
zGj0CGwykuW{;fn0&X{%QKw|UaN@7tPwST=>e?}@E_n>$yTd{|EC0zr^^FOz7og@4>
zn*oy)YCFjJnU?J%%+c7_mahsKwec4`tKDO3P@zOjiNk|m0Yd%GmaYu0>s}GS7SWPL
zC4^ySX7uFjP;$@emI3)Hpjb^>E@uLgSfC9X4&Fs!9D=Qlqh40%IqIEBJ8<1HGt{!;
zD_7Aek&5wV@1nZb+=T;^0H6`X-G=Co5r;k~jXI2rM_O@lan1Q62KrMNngFoo^2ywf
zD`{g1@yY!8WWs}H8-O|r%6ogWQRX(lU}>|I7ul(gQG%_nWd|=ULjupUM48iP>loK&
zhbsGI+r(&oI%Tp96_F&ZG7^_WjR_Kuo2v2{ib61ZHWBn0_zTb7Y#jf{z<HE{yT!8a
z-(IR?t6j~lU)R$^O+Jd~B@#aU?Nep`raH9Zev#`yVB_(5nmKHzB$8{9_NNgP3SD67
zwh%4PFRp)kEdmYFo|pnt+-k?EC*rf0jHk?<^i9!$n5%+g<S1<xzUxGgf(Od#TZ&B>
z^Pgm{&iwJlASPUOT!Y1dspIn}iExhJV<t!OKO&#jQ4JCcIy8u;g<2>4@V9i~zzKp6
zx2>C-kUhrj*6gh&NXLcnp(_AxiS7}&?=hxHA3kS*sr9$H)#gddt-cJ;qS^u3+`00U
zVzt$~R76{!``+sM%inHPS=@(oJY*Cza?0vX#6Vc>6I<diuo2s^Q1k$0;A(22i*3>X
zknV<*N3Y&yb>EQgE*ggqy^OSYGdEPJST6I@;c4Ea`$lNg$Bj=**o#V@Q_&FHCGUD(
z;|=UqZPvTCBAdoQi3@?yyKits$vVEmFVW3qfIBBzT-M8`xH`5Gc_(hS`AiLSwcJ|w
zFt>pcNORrMCE>_h^d0VkSo`Y2g0T-^K|sRliP09iKw9&bQ64EXMV$(gA);!6wzps&
zaK2;@^PrO>&y`Ck?~F{v)GqabBraBkB1R-7I8jzp0T+7HwYU{~{eGzQC94KhxcQQ<
z#s-@lQg%)aFvMx)ggWD^kfgXqy-(Sl>n0|>Ob5I8@HyxzpjX=!pbyqvD!$FsVa@SP
zm@Rvf>F`jObGgTeNpUZ2A2)W|L5YpsQ}TIa&9bDfQM+Xzue-52NVW95RZm?Zl|I40
zeq{!UpNb=_qs}Yl6w?FFk1`7P1uEILM|bPrVD{xv{x-Kb^QPi#Ptg(%dfb{n)1Txp
zq#oKMk>TYR-kz73)&;gO47FG*6jTJbi->(}Lh(WNCf&1}qXuH<j{ox=gzS5bVm(Qz
zFvP2@7X1_b6^+o$=)%|2*WO>!b9kVkJ4DA;>ZYS|PLjp5KaSBZHUYkCQP^Lx5nfRK
ztj^fN%dnl4W2jLtaWA)a=tt9gD5fB{35i2C{-I|T#GD9{=>AwL5oNky%xg7v?~!#v
zhBP;Cv2$5u&dF#)xc_pSqF`kL%(8x|!7d$WL{;8|Tw_Z~TX}vD6&fA{n>zeU8mZrQ
z<gO2wTOr{D<t9EaZy9<fb5`@qp6G1@drVa=2@or3gI-XmHt-f~?qWW*vwltocfA4k
zFiz#1wDrr(YZ85XSeW+1Wbz#VKJbBsApz#9qX=LKnt*1u{?~e|gY?f`o0TbuCZL-*
zYT<nm*2Vp4C}gsiJPT-InWCoFSKxHXLP2gfuw5H^0$mZwI|GLDh7x2M#d|^%orc0h
zC><^r@9IbLq7bbCOtpCKC<w>oSjyuoi*@<v;u+Wj%s9Y$0Q_1oSijT!SDT`|-{Ee$
zbiP#$IN`cmnvSG?9xaENjFAX&)H9d-8>cR-e{}DCo~IrDY<Sk`KOj94g$4YpQq5gj
zXs_N~|2=a-ng6Mrx>!CQsls72$(%8+nE}|EsgCoQ{kbB*w1s+o)#gl|bABnSRzwGJ
zTm(G(8{Y3Ao>lel$?n1yOlt}IeT9fNiN>3cLDg5&o1A~G4_gSEo_D(R>_BOOc5u_o
zh~MnDq9!1KY<;}QoJx;+2Q=>GSrrt~v>aLcRbDRGz4Ds$BmX7I4j#Fijst}05(xl5
z)G2*e!hRcoLNB5=R~9`&mL%7Gc=Wt~W87?PjE4Y+&;$gG_kcq2@}4;Pfelsch$?_5
zW&n$g&C9!RI^uYkz<)WweE=ah)%-s=!l@Jg`hI|<dj{Coe~y$t|IdqT|7Q^Zd-&gK
z5h{e#zGUY$7q$p{kB1T!E3W=Fcy+TJ&$nrNOz=m^TQ-dad|w?x@R=PxFzo;EnVcj4
zBDN3aW`?dTt9_VjU`#BzfJYnl-t+QbPRAB<{OSK&r>ckn)FS0U?mi6a1kIBRAdB5;
zs&?&X)eh&}_!pNiR*7P*i2`)6_r4C_4?t`OCQJfL?+1JXhNc8XRJ>aw2D$--qD6vk
zk}`$d)V9C5K0oov?#{OJpyfm){`J2ur+E&L7c`C5g<1G-Z7fFA0cY<4BJv_2&ey&3
z_Vnnpe2awUTSf(zNrAvHl}u6#r)<^thM!=|0ik{WnofhkEG#U>3+>3l#+rVBE?VZH
zDxe6J5sDF3_RQhzY5_Q(!RryvC>-z>0BjsQJ$2;&z71|l-@yCW)cs<X=l_X8>cpH|
zZ~x4=6fbK0sv&ZBi#w~*EuefW5mM%+(_&5U#Wj7nYGbb4SDsrw1F(Ur(}0rd6Tqou
zKrrASZQFiOPC)_WPLwdCi=o{XpVv_KY^D6!GP>Y9isZ#nv}A;HtUk+@A-*DHDDkfi
zO|fVNq>Ys0MtajAWba0~DZQ`2XIoTKJxc@i015vxXHJkBeA1Dk(FBbAyqQrnMVTQ5
zaUu`EjtLCtm!Y!PPC}Y3UV+lZPBHTqmEKGux^nD|<luFy;-PXh-C6rgy(5d@6yu_j
z9o?+nc#{2ZkW-^^|LF-AKmZ)k!V^gLimZ>5SB{f0)vTx<5!=s}l8$5y6#ZkPl(zz1
zXPgWGI?dbF9BHgEYTFW5PS`{nF%ZZ(vpsDOyEcxm=$pbGU$$@Fb=RA#R-nuKhEw)x
zen|;{@dN@~wDT}9CWfin*`&Ai5<PkYJC&93OABM+vXi(7-1oe8X+{-KG@yTQDMtUu
zj5ELsbaCv@vzjLejC<c-R4@t!Mz5TuL?$3KDPYdU!^Xl)x|=zD`khfrWsLhBTi(q`
z3En-!(3jgY*%)V*VFDV+TAtqN$x1(<>W#P6mD6$iyAX72*6i2Urz`+@-VeM<(Vqz*
zWSoxVg7U-9Z1F~n$L#W=$G=K!ln3ty8DB6P3-QE1^gR6*HJM<CK6uM15fIjb<`i%6
zPoP@jr14QxkG}b3vLmHC@ZaYF@@uFnF2+D~f7d5qSmH4t43H5LHmkjnSF*YX|0%Z`
zV<+A=OZcdxFIE0lQn2Y8Ci~BbE0Tc10L^}vcLVnQLG2TgG2VQ-fg_{=^cIvP`2qXT
z1%3rC3;-gEMpv%klLF|t(u&3LD7CqUqHIi1#neN>TS3M4h;B5aWU@lGV(L%DxV;N`
z@x|VNYI*F)^Uk!T!oX?(@^Y5KiQB={_Uta?oq?tRTS%8F7s3IkL6s$UdQ;_7Lp|>V
z^hTG+aUeTG^ZA@jkbMqJK>u)w-_kcV5nx|O(24Doiv(P@IzoV=z}MnaMEe-N2{$@L
zvF4fwxKYipPa{Rr;_3H#qVEq}8rkV`xDgL;&ylJWo{(_)x491mu5@ZS=ZECwnA*MP
zvyUYQ?<|93GlS3*8Sn4Ak3TZ${+8P*csN~?<5d>dBc@E)bho_hd6NkHen7`97)B(S
z!S7JM$3XAz&FD3oJdY{<*je(gx*=s~PgCL?2y9%%BG9)CmcjPMny_P7B?P-NMYqI(
zhn9v;D-SK~bw}zY-{_C1dr~QV9W@baTv0?Iyv?<MGpYLR?so?M{I7l~#M=gSU=Iw9
zsJoOrPKs#*c;xX0pxpJeDI&ebHF#aU4`x2@>nqOjqZdxP*#k40U_;Z~OjX-vo_M1X
zvT`tcw&8OXsra}!gY%g&7NP`0rF5r%&EBe4>f;`-KFx<W8>yJ^gzzHq$|cT2%8KCm
zs^vkG{OOrJJ#a*L=1vw3=+(R8Exb+NvlVQ{@v(;uH1E}g4Uij)x5k-f(aJsV<eF^(
zIgoRe(}05FanpyD@2Ke?JH7wCMtb5?mA;FQj3rHbJiWh#EjyJCO*VK;wrT@kI@9%J
zXN%bs$|Z<qFT!cl0hb32JOQTjoGZ-%N?Dkn$Ix}Ff{tJIc>g2L%-L-mK>iB)!Hl!{
zA~Wu16rDc`)&Q>F1c=6`x{S@;UJ8c6AKWQFc1G@NgrT>!v@N3%Zy-w4Qc7q19xqOM
zBb>52H>5J%i!+mR|8ZAMQHPtb($U`A`60{<2t=_UV3M{$qo#8cAS?!hSPYqma47Ws
zUbZPnxau*f+jp>Z^QEx-leYtR24+eJYF}~=c>`0Nh?8H9<a>ee;XUn}2$1`iT&fmB
z&Emq*4ZT5iI~lREjP9kY_8lotXs#<$2BpsBFWS5%#c=2j&9LKM-Kl^l$#6WQU#G_J
zU#3R218klgE@Ms1jv(|aH^QD?c_qN@e<YnvVjIh=)wVUQ5jVBZayB;)?+#LP6pC1%
zADQo(NC~s6aIQ!$-#iC&1ydY*gH_Mc(x?>*Ieee?V_V{7A>Q-DLsF-mW@csvl{unk
ze3D8iE>i3=pd`KwLp>yWS$7FArudhYB%(Eb$-d`@&o>MKG~~pBCCB=x9A=LISv|G3
zVHHmj%x3l`Vz3tzuG)k`K*kPd_U6kX#)C3>3Bv%HsB(E5+#3YD1IP*HwnT>;+KYhf
z<$U&&S9jc*mT>XRkDW!HDnZX6#<AA%s<RDTNEgp>_d*nS_xZFlFf<OI{8?~JY^iXu
zsoRxq=MFpHm`TudJ_{}O%sm<%MRC0wumA}C?^41(3d>EWQreSLw%@gD+WIZl^H+NG
z)Jdsk$Sdz!*M*i7nxWk4w~5mE<S)Gsu26gW`YO@NY#qEjn`VbSFUGzycrm+v6MsUF
z_*LHb&_PeVm!$N2zvX(l(L3V>8le3=*ZJ5@C@>4;S)c-8Xu)jK<R7qYbfjwHw`v~}
zrncG=?2@M)p4p2TU->D6?BLlqeSE6ACRp-}(uRB!CNL|&efq2HMtRO9N?-&@asE=g
zESK6))fe*KEVMq3N6g~W<JXwxYhJJ70%%D-fj{+V9ehXb(o)sa*yqMZsd<-0xur>x
z%=(@6ZK@N^xMuUZlK;vpoto`p#i25R94V<Id80b%5TB?0*Gh&XJn)Mi%JC2I2B*)-
zz=VT|v!e}O#;V(zYNgjkRasHH3;3Uy=+xgvIQYco5GO0eNUZ^o=DEzS-@hj7%s1G}
z&0?4VBPogPr3L0dpV?WKv{@aAZE|d}^VMYpERNOVYi1Y9(EK8OOIh3Y36VD4)L`FZ
z49GP|_Y7x;SXqIefM-zL@nu^_mU&C~A8`?D*;(~<%akCH6`{2qTKD4UDS`Nxgyi;-
zO<Zq^M_(0TmBL*fXUfdrqGlJZ)@@6YD`<PALCWca8Owk3-_75hhP;~yW~wjMdxVyq
zJOA!S@HSmd@sPFcE_qkHJb2Uxn0YE0E{ck*a5Gj|n)TS@Zg&}Q%)Qdh1jiGbQJX00
zPu$(p8^Hbl0-D^P6N{P}EdXl!bHv^8jag66I^fb4=el#w&~NhCe*{|c0Zb7J2h8J<
zn;6TO-74UHfQ$ys{+{<>NuY$71YC;=^Y~#cKc<YIM3|OgE@;W^X7>aUbQ_Bhpr)aB
zPnyDxof(5(-kJ9r8ypX;0a|cyY?}|Z2SV)ho1O@{60D5hTsJyl*;0#4aqpI6e-*KR
z5DuXge3Dc4X$$W&hPTxq6JjA?4*P-4(VbYkArB7NUaPEr{$NHpY<WDQNo{BBgP`SL
zp=!C)@cx>M+H+PLLdIqSZQ`z&ytr#}?PuhBv*p}D={R>-w3YwLR6?NjtZ)3Dy0)WS
z{FN_YaDe!7Z(1J^Mgpa>ww|7zJHY-l1Z4*RL$q<?zV<{@-e`P5fe*q4WjLVB_qb;b
zKw6y>8ukL-GN-|Ao42DMgV+a%<e4-K5EaU&(!vKffZ*hCtaawPGB=mEu5=6UG42Bu
z%ws~zJxMKTx5KwS>X!F2B@0Cku@v{_YR>>^<psocc}RfcisZLEWagJhoO;nSN{Q~o
ziM8`PpAT@C5jwqr80JHtxj`Vc>x``e399e(tKRLjRWG$~t6ijPkUsr=e(VG%6i}#o
zo^6TRPqB7#06Z)xK6v@Hw-8&(*&}yLKht&`?=D63D_+tOW+ByRUxQnBmY)8INZRd&
zShw<%en7Ru6XWJ2{MTlZ%r_<g$<#YXrgjnpL|K@;4=~lQ`5|lKdzP6L3yR7=m&$Iz
zt6RNL%V|Lsi#7)sg8jJwtl_rYGw*p?eYhsL2EzMf-(AXnqZ7v0EGs+_az1nBiWaYy
z9$ETNi(;A&_A$(P4pPePlUKuW9uzlEVF5m=ze&e-HpZg>y#k+<;rA^<_x)uL9Yr9+
z178o6Nnf(NmWSZV#ukbel3aTXxmA~ELNo9y1)pTUNXk9|s=_7!xEwU0zv-<R4HYzp
z*RJmUQbGfV*Z}CkLVp*Bf*|`3hGj=}hRv(UQ<F4cz<2fM9o^MZui)k3Id-5RxN=Sj
z)0~TPi=gv=+uWw4kg&WNs_xgTvDYZkT%`t9tuuCIA9ivnr9>zGL(hn~wNzBU`-CPl
z{N=Vvo)Mk_9pIzSdXS=5c4tK@SBlmA)22uzyggCN*e!cY^KLlJj&7e&!o}Jy*$M}+
z(Oi!=>vph9)=JbxkEG{l$I>ka3%%e#sezA{R~z*HCRqT3>p#lTHH!ddJg?J#Y28x<
zD>Vitdy&f5VlPQy0&Rs#4(Vf&59!oudsbH<ustb~&^A+c?(xZtZeR+$F8iJh(U$ik
z%;TH%wB+@CjkC@*HjT$I&4+Mx=)d>Wq7YlLG6y26?jhnXF-Y1Z_j7p(0*frD2BaYh
z145HmkCl{$ZazM~ETG^eEUPk|@gA7L*f({vc2$$_p-k4>+K{bsTJqiuqdNGQFHrn0
zAxr{n47u1k1P*4HP3Ku*fT_*{uQ?tKdk$d~>HH=rXz;q(h%PB;HRFi}!f838K+pM8
z1R7zaZ``tEkfN{mI2`Snd}Z-uyivz|7iVJ`%H%ycEl@0YF$foIC%xOu%dapeKUi{F
zv8`=Qq}rXy9Vns5u9$7%A5<JDp@z<`dZ96DqtUUx^K!&%Aapw@?-(&+|5rF)9JXD2
z81oHO?7^o(YQAzj#Q_BZ6o!-vG-)+-+PT8Sx_F4HHRxEngrM;$^x;@q>wnE<FAUzM
zC3>Sgj<S|_D8T$C_HAMQ2-EaA#Bfqz%HuJx?qcZPtq0F$fu&d1$`Yti=;`fMIP`{B
zEF!VMsKfZ_19myw6XLTz=~RK{JD_-qaiN1wo|R2HDV%YA^x+pcyOeYd$1`|wyLEK;
zvtH|(W{3UC!`YPNIKp>3odfd-7^@GR9tT3o?e3ZYgSLV?N<h;Yas5icCqsGq1+7R&
zDfv~&qy~qOJYB}^eNHY2N~=OIq;yL7NWtqvP~DKTdl%MsN4+9;=Q}rx3A+?+&l3VY
z0X>8X3Z?tNw;{VjC8dJ|G1v8l?f%I|7^}O)praGWP720Bw*Fn)8H2k`Mr_cw(D0J&
zP7k^Tw1dM$V#>~swNtHTAIB{ukDJ6k%O6#W9s5?4jz8pwC1wywOF3KO7?q&4<p%gv
zvkv}q$+JXd5vS}gk$Fx$=Spm;m?WR7nhmt6aEwUPtfb&$<A>K6{?qVSxU*aFkW1B0
zF2vR`z_u6ya>BFXYRXEkvgMD%lVkZOv|}1ej*P{P3rvAwCoF2^xX4=j*35A~#gIv{
z`>U)|Hb|_wWvniS%yC*mKPivTO`Hd2R8wmtZwfqy1OSzH(0yxby)i(<(H{}3h0reU
zqc)&3@fl{$<@MQe+jsKf2<-J{@8<74IA{9Bj(sV7T8H(s>T`@X9WZN~ChRnE9zC!D
zEGt`dXo#mIR&DxPl-gPfkRrL`w)MvSG1I~K<aPu44<F|1h!NRd<p9FhytMhdV<OBE
z3;2Nj=4d9QV*11WYU_x>iQsMX@kO8-bv_m;@la`Xrl69r#%wd2EGJ}u6lL7>3r&o|
zOJd+%%>$5<oz{q0HG>p|{Flj+Ik@jMZj2?Zr27iWsO0Eht_f@W$v$N@6!PQ5>wTc&
z8)9mF>V_SZl73h`<FHeMSLroNS&O_YW#;*X{d23b3OK{vnKk1;i2?Ic2c(&vb5eRF
z($B~;=JN75EqM{!EZzt@GGDhKpR!0OcrxcUM6M_RTI&$}<d64&G|sWR1^6W(_b+!1
z3Sl5D&WN~~=q$b}nGb%;`~CQOvFqqfV;xhy$6=r{rz459<H(beC#r+C{naQ{2<P<4
z((bjq(T>y-zpKE+m>W2@?3{~<V6}OhSA4kTohvh1EPz|X=daw<Kqopk6H+qIxtj>W
zLD@t-{KEiWt9nh}w!JR@9M`^S4t;3|=YGi(b{aQrG!$%z@9QStLPU(V1RF*^ZW9~E
zrTu0L5@*$pp(Agw&SIJipI}6dQ`VnqCEK6mkuo&VffGH=9u%)ahq_rL4%AxAQ<)CL
z{q64Vz+C1h*I>0^HE4kP7Yn4f3IlE7+IbP!$=%h0-PwlGRb`v6rr_AcST*vBmC>8R
ze&>mL^kL(K{{M@u^A2lb>)Jlxi5@}0qco{{RHR6;1O%js9gz;wMWiJZ=~5C91XQFP
zr5S{PNGJ5(f}kKEHIUE)(h0qj5cu}sdEWPVuj|VnDiX-do|(PZUhBSpt6)9A-?WU1
z-AmwYopHs_=onfgUV3hNA6IkuByl2K>5%z#Nm|`poutw-wD=@Zwnqc!m!7Z)2|#&1
ztIhd-tGt?Qo@U?!cF;Daf@lqR*H)i`jZ;1f#4MG?CNB5WLPbu)5mDfdYYh92|I<`t
z&b%K}8j~;W4TKo{MO>%YpAglUcBsL`Ru=tGqc)%H%mt~8oY)gLEt{<OBPzkZ^#H8o
z-~CslV`{m^SR9kHUC!w_lVAR}iWb-!zwNtNXr?oN0uS1~h@BmICS{>1rTb8-{6zKz
zT++^3cB0Fy3Hv954?klc?cTH$=yiIY`uK$0{8huX`YYW@Lg{Vz-8D&+X!eD#)HtS6
zi?+E9NqS#c!$6&d>u|D$-&B!ev|jj)5?IyYr;_?VxH?XEPw>3j`YP$S;(Bmom4_)8
z`vCT%A-zzSrJwp(U$DdC44nOl07u5Lra4KY!NFR$d4741@?xf+E1Ns7;BOm*QX7nZ
z3}9h>CE@LaaNJa(UXeH8L#b2qbBljVS&mcnja`S&M#paua4T?<$$0nK-uyDIKYrC#
zy0_^yRxVnvPR#Es>0LEzbyK)Sx~pQpVd&TdZC3nEKm^r2qOd=z^AS_BU_mq=f~rh3
z^{d9<@GxI;U**TR^+kC-EV1Np)4e)n5m_^EjBh<%Q4ej`<`GgdgsWK0l`zoR0l!Px
z=H%gH4QRC9DWj5@+h0v64F)BV9DTjiB5SKE#Rn;<IA{as&~vwV=K8?MCWnChd{ZU2
z9sI2x?RsuAc<Kg(zG};RK$I%5<(A$Y8`7^I7)~3&P&nbvj&2F_-m_+}*Yd7(xYONG
z&{=K%3Pd!KdV0!>Z9nFQgeOx{6f;`8Y-FMHYL5UjSP*K>?1l3hI?%QE25Y?LUJaQR
zrC~LRxGCR8!mn`Uir8p55Cr#n%`4sJ^Y*O6C@gXgKYEqiD_)g+X|VpNnswTt)^CaJ
zJ--sIqSaUgWe^(}u;#q;O4UfJ2V?4lEAMw4J~C+5e65XNn#8Y`eVK2nc`+jVTdv>0
z6I3!3)hFBsMQRM}uP`QmVuur-uC93pv(#WI4{{hlTduWJfa8ca9>&6XZLkqztMB)9
zKyd^cZi>*<e`z|Yz)n<@h7t-Tz8p_V7^?aTIJisBR0}^w9A*=k*D(YhFsGk><w{3M
zY+I+QKsL}<G$m@Pa^X|-k;(7tOJs8T`)44VqZs{HE~&_du-_2WTE7Nj8Xpruvc>6a
zFLzT_O8Vets!<!KJy9_SZ+F~?JQKu_ot#U-QF47Q+z9T*q+6x-#6hBuPB?g?U@-lL
zy46V?{8XdGaU&Md;Ckg`1go+C)tuDbqF{R+>!6HGpfs?L*`EX|**92JJJ-<Tkr#A5
zEW*b^d^TFF`_L58q^L!Ou_?b}>;X%Bnf}83Q^dy*5^_ta8pK*kREqsoo7C6w3;K~G
zEf*YfX&M2Fm@;aT`%D|jd@XZG9TifEjY27NBu2D6-MFf>t`p56ZH1@o56?o?Pi0cl
z=uEO|2v6Xvv7|jTfx5$yy@MD;<hXN8lz7dVUymvcgZXmY0=CILBc2z>Xrjc(?0#ed
zo+$@N4D3xv;rvJHqqlr%EFGpa7CY3Sv_Y7~(ZD9=x~UdV9(kKd6|c*3Z1Sb;@Gl$o
zAKPWwB|<yylEg1r)+9Y4Nez(>vEAr=OrQh47(!c3L9r|!``pwsTIa>FRCvS_s8-<r
z^hBg1Bg|(X(ch4(VV%NLLtH8fcnczuO0`xQ8$aA-Vce5-1#)Yxl>&+wrWk$R;9=_@
z#kXJHV=+M*^DlwKLB;H~ELq;eSEh$OYIrr`UcBKAW$MjN+_SLE*Q4oa(m~ch()c*p
zHz&p|d8)i*Xf>q(bJmGv3{IoIDP*M`F;H|<uScFR%R91EMZo11_IgwHr3phGY9NOd
zB6;ImNq~Es_>Vj;K{u1C(#l+mwVCfd!iqjUK(KgT<C0(Bu;2i;<?s3FiuV#VzeK^p
zVeAx_xa;OxYN$vX3gg>7t#lv~5}j_oSS0=?b)$dyABBw`9d+s~D{WdI=g8Cs#(|*)
zh;aYuDO&-_lqy~c0VPpr$3Nr?56XGs#<yIxQo3}Fn55^w5juU$c@Uw*8L7u`ZRnBR
z;GL4E3vmO)@YoJ<Pv5)(J8OQ`ukx_w*c+Q9$3$N!0B^rRFA4(#QG*Kz%Sz=XiiQWF
zECwr(IlCpdKM+>n1b2ObOM-KQa_r`k2d9t0E}5(yjbD(qP^WgLL?{s+OUvb&8k-tq
z8{#PD53#M@USBs;uaM};^vp~3Pf!<T1qv)h_Q~4=6OG6xSb2HiN-}y1X5_H8=+YiQ
zRKwgTcXDDD&QR*W8JAIICv}=pu{TR-x{C|yTM;d)s+n#b#aps7az=ZEMGKU)TR6iN
zY-~PxuK5E?nVjB2E|4UGVFfj!DqxvY)WmlZ{mKKn5Oe(h890Fornk%knRXVi&wkal
ziY1$wi2M7?v+lsh!FjDeqEt`adSiOGCP-~}C`XXASKKend`I-24JEt7j)gCnBC^f5
zNWd8CM{3Zekb?Rt`u2DuPH962$_)4Z0^8n?)X={+gXlYikR4qemL<R9`vUbFj)^|$
z@>|a<S`4k++bhi72o^=%bVXF523*N34)|e?#s*E=kRFoY_Hst^-b&lCV)RePaCujX
zDaq9ozH8+6b2qS0zrp9NTJ&b&pEzuZ3UQQy+Hwn@qNz%p5dKvgno>Ss@R(pWnc`o%
zC??;OpVNvueygebax|NKnyo@j@v`S&A)Ex_Bhd@21ERvYqfu~!!M{vh+u*r*hLh&%
zyP^!H$6un8cxrZ6TNT}Z?OW=kO)MZQQ#5hY!NI}Sbd^wQl>YwkT$8;0Q)u(R(2_j3
zB8tL5_Tb@i3y0GC6k;Kivn<VAI0{xX_Z^w5xI0jhuai@krlS(%iwfra%#et2EUDEW
zj7MA+%hv?H{7oT!v5F;aVeZ`pC%?fB!vTHvNd0AEZczXsUdG7-RaE+_)NgmC$=ID0
z*B00=QXRv5&uOT<;IamW2zQ#@)9TyI_O4pVu(@Ko0Or~L<ucZU`xl<FpQS6thEwas
z{M&IuWGzTE0;Z4Gy?;wD;rDAb+#fPuYg&JL$N2DX0hu!C)`2bCG#n8yr>=3_4mF#_
zSu8Hu^QC}zls451h9&uh*Ncagbi=_um*z5c44dM1QZscxk$q9g%+V`fW%3kDY&uLv
z)ney6>Lk+4*D+`nqhW*}70m{DLDnrUfevDcPyJ@9YyK4j@BTuo+-65y%8rqwqD-5l
z8~&BoePaXKL*v|?x$)lBC#`QQJVZ5+iJl<Taa0fy!s|;&zalBthU=R_BhSEa_8=2J
zqs{*K#@3Ll>G8*K^PDs0+)29rivYRi*$NltKO$hsyt)9ydpL6_XCE((bH?%@E5fa4
zJ(tImN=geRKkuPSB;yS--Yh@&fx~f@M$4K_-k=<V5tm_>Ga}dX{1R#_$raZjr-*(q
z(M2N;4-gF);H<jAlN{5xCsSPuTuI)T_S*ou$D>W?!$``NwhXSOP)@{z2}gXMv}>!#
z<}7IU0XZ~Be$!B~yy|WTuEo1edajEVGbXx(fz`jqYEp|aLTs_d{)TO~**TZkEUpgj
z<R(D%1%Bgs#Y@4P{AOyVAM(ll+Dlpo=MAl+;7TgTey;n><n|O?C65AO?yNdf?jALk
z8;$HyI^>?uC^6eIU~rIuK#rA`!6+#twfQ1;UFS42dn5ZT3H|aK*kRB4zOlv@ofnUQ
z-QHz<`BRUKv&2{}$Ir4+YaZAG+@)KLJ>?aY{OVuT8AG~gkFerIV#jx45d+>-H9qf*
zb9qf};3nR>jYsLCGr{iVknb<L@V?w4(0vWNVYaUW%%`WNlnJ{V>(VLM-rBII5V-_-
z97b)RU6VkHObS4;BLjo!se`(@n;r8>9+rn8Z6`uXJVQC819SX8Gx>}uj`P&mvG?gM
z=nkgoj(OehV|Vj?#Qf^5cn8-X3Of@YP@)M;^`(NxE$ZOvAW8y;%deE1ZTFh$8Spg>
zPuS1vAE!uZ>@dxxYC71$s&BuvgOMAa_?~q(%o=L&<#feHxhy=epmo)poD%67@cB(<
zbvyo>RnWooiui}~^{A7!#ZytY2St>5mO7Z;?AR(984Skqd^sMNOPntP*e>bP)f6kl
zo-C_1mzv5$m=w;?_BeBQ%&&tg;V(mR53LghggetGrNtanWihctMcsDh`jEC)T&-sQ
zQqE=#b>51T<sO%-$PGxlz}~1B;!w)L$Rr_uGYno3O<abiozG^yM8Y5Resb<}E5elP
zM;6231{~lhP+4IJ73)((@6ui4Q7Oez#9!0hc)xwlBXBmp>!UiSfku(1`!akC=fFO}
z5w^B*R-EWt+Hz~WydSyIY9hk?P4ol~DR3C!E;u9C@AaB^G%tSDN@cp3b`BTpwq2;2
z11Cv@nF(nY{rdiTsVnyxDKP~g51?1~?-CkQ)`Aypp-e^^nC{w4r&Ek@%zq$EVH$eb
zJ%~8bd#5GJ&d!I(q>VlUSWlgdJ0;<N<q8rbiKWb|1FPkng>9sy-R#p-F`8!{m$>0R
z+Q0%sag)ejDB-?%{S^7MsUnWL-s@i!<D(;%`QXJ<u$Pet%j}#`S&eLQM=wnV5;Y2B
zdy(AIlDRH_8iv^q>f4(h$5nXP%_p)%B&!&?M0n`8n(d}P>n<}_lb+u-_#Ij>ysG3U
zohlQ(_Iu)92y--HE$x{0lNtt9Y2{Xvy|#-(<)8f0Uxq*UdL4GMVW40}jy<lo^)NFg
z1YXqT{?j|-Y(K5lyaMcFb_Sbs_MIPGK~D&l&;Dm7W~~59n}p+jl+KU3f8Y75FjgV^
z+O0!Lp^&f*e!#*=3IaYdLe9tMZl;3!RHY9`^cRvFe~UpFf7kdrZvv0miz4fKMkd0+
zh(G&Xv^7#u=jt-?B$WUG3aRXBWN_W@A6tij7)Eu}$Xc())aD53z4}yeGH6eFYwU0w
z8qUa&z=67#ay6OFj=|LMUp1cpdqd?)?R}9$Kzb3kp{ZK96^mchnN{3qCO@im*|T}C
zWOBJreJxUep%dVm@7UZ_=212P?ge4YJhYlHBr&nSPNXaCUEk^29cxaV-duBK)UAiO
z$bg1+9+K^_bzFNGCv~<T@Da=psuVtFf7iB^Pk(=DtA0p$7*t+A06YCfG5wr-io468
zBqa+=xciR#9{@qVbifmiKhG;|e{Zp7%S@?v1BeD&qOpxYWx-CR3F0-=@K)aa4<)f@
zo$;Z%kG#+3UFdG%&ban(oivK^rEO9*P=b7binq-<hDGnA#SEwwZFc-Dx4<JJ1ywhB
z*}v$A&F0=?!=wYdcFP@0^^{7H@+2d=euE!`hCRyQX3vZX7LWUKobz!nS&U8>l(vtH
zmj<{9&+(YUPgp(zlL(@Ay(TBNYPE)&B(Pp}Z?fk-11k5*VbQREB}h2sGd#9R-cq2(
z+YQY46Tn-jHr1X$2~Lpr6oRO|t^SC#(KTQ|9C#tw3Pe5tw$NDs0MSV+-wOa$IGt6&
zd;NK96@XnfQsYNrMqZ2`mm!8a#9XZDOIxz48A`2lgTqpB)!v))vyG{?c~=fYWq1F#
zv<)Z4M<a6i!=S>~>E%1Q+i~LcVbNP`fw$Qn0=UwAcfo-#>HP#)HZ`d0v*YQNrD!^}
zB4qA!L7EndeMobm6xvSPISMcg)aNSP{op6Nj;HGmW@Klp@y{=9fx0Jzt+*J%%I`vO
zZ~%iH=G7hQ00iTUo<Asg_{1CQovLWurVJ>T8$1%9jY+9#<u>Iy5YAj?zD1(bBi_T@
zN$2zCQBVOiY3;hrb3vvq<)9ghd<7|}l0qL!t2g>$^T|0_!=lcg5h`Yw?AYbl>2kq8
zdPDx0+K$_dY(8%opaZPA`yp>=?M~tR{!Y3y+e1%wfctQ?clchL$5?y}e5mcqt-U?m
zvx(7;^M0!z7n=`iqhgl51SPkoE=}4m9wn{}M~gGw4L%*^cF;|({C<9*q;-Q_0YJVo
zKvog;3<BhVFn#D6LvgAg-X#gaM3{T4ijs+4McLxiZFwm)FCbW5{El_G4wk9m>-Np{
ztC{07+lX#s!km~fdF77Xr1-q5F{Ke6??5wwCmI0ZZcMfkvdbIuh@xsld1ZCkW#Wer
zO<cEe?#|6=t3k1)iWb6Z@~$0ztYWTwfa?jkw#qEKa|VJJ0XEfn)>4q)ef)u}$NV`E
z_#eXW)}<GQ^C?aQ5TR1<K`E;PHgM#nEp$FVmVmFqF~_J2D#pK5Y->AY>(qN9PT!C4
zRC1pEvwt3S)L_BNefR+N1F~))mBu?9s#L*LjpLZo`TA@F?qC|$=UE-D0C<V9GBCRa
zbS8Lki09*Oc+5YRL5~Hk6JgjFzmCe3N<7>II)p}MrV#e)`dAXPboQldGfQgaWM8YC
z8=1Uspe;(ZXh%y`8UdVMfmJJKS#A3UPy)M&qcc9bE`%msgD%<3XrlRs?&`1;>MFF$
zdv6z;xHQe=5ULDjKGP3~2Qyy{9<!V?7k?WmaArU{OYdx!#b+b_EG>)HVy8AjVc+h~
z8ZW7c=iJUrazgKbrT}5)dP{_W#6Ts_e6@>0Uyny=ZKK^zSkMj|l29BI&OcRU;$_#i
zQHoI*+tZ6Fm0Y-(JDD>3g7@eWzk(b5!JzN)76TtMF8SO|n+KWh?1c`+wKF%|ItDN6
zhHuJVvFJ~`UnS(cAaq>LW1!)gsZw@V>RGZ4Jk7!V({hm`t#j99M5E;c&Nz4J4RH>T
z8(88p^xbl&W*C!dbaldJZ?2b_!(%sGA~3{6dCy#4G3BgS^m<uR9A0h5o?JT|#_>E%
zWG1W5QB^gNg19yOF5{yU%|{ffgbv$$qic)3K;p$NY9!7#GVeC-^wzrZIeb`h3f>bi
zI%C+RZ3s;DfaJAD6w{CkU(KjS7*Co`pJDzYrgWL#K*csX$RP#q>H_6cFDpYEf?{sy
zuBjAK5Y{>K0DfVeK{UrAIV3<o^d@D(`%l}FyAyzVvv@WRQ9kqavq0tP1>?2iORTJ{
zKy;J-eqyCba4U02Ki8zcZ|JE}Wc#WVl6c9$=Yl<^t6h!l7yJ6#wa)_=OEqv+b_AhV
z5J?w;1i4c5QO)Sk)u*Vgm~)bo<s+4icSvSzb_ZADE}M$#*rASP^ijeN9{}2$=7ok|
z1mc=ImZyzy=T60770Mr_xc-H6q7{ZLe|9keg(0>0e0#z-(ygyX!!nhuW6~|yRfipd
zyVe;)k_PsaC01`E^wVa((RxMK^xeU^>ti;i#cXW`Uawy6J{H;10b0`G$1N)gTC7ke
zjqw!X_Mr^x=szD)mJDu8&}uvG`su8D-WwM9_R<K|F_-!`3d=<u#73ZbM?eTHfoc^m
zD|eosO~-mPvCPKFl_I!1KFJa~+BEB^;qr^mXD?!XyTgtg<L=~M4qrnOg3R8FZf<Ew
z06cyaub5Md<-O@A@H!H(oHw4OqczVMO<OqDZ0O5`?-NrfkV=ey2)jFLcOL)<O}(L7
zb)&NJ_QF0jo)h+Yn!YeGktV2N%g0Km;i(tyuhvab-Ye{HUR8=dujIQyQzs6utj$NP
za-mEA-kD9DSCxS^Hn<~4UUW*{e_zIG?@7BNcc(lz92q4zd6_*o`|J%e%-tO6!8%qc
zSE`lx%k@uEuPk?hu`l?Kh~AD3wf7UTcQ>WwL!O%+Kbv3<{r3R2%NcrKSe^>><qG_D
z$5|5tuPZItQ$ftbcUNRzQDR&K?JBxFQitx^O`l)|f2~Y^j-m-GhCCnEUQ8+OxGl1!
zRomeK{@kq)o>Y9>!KmE&Sn4N}mN!GH(W$Ka$trd%!H5Ki8=ku61pt?(b!u#jx?-wu
z(VlNf0#ZEU@c@Z}ZQ%y`Fk^G}*KY&A6-b?U0d{#*-C#ucV}bKO?|$Oqr&O=CBR#4I
z9jn^Fef#xD5!t}5J|t|wbDJTL&-!QFm`+8!-!%)f_58~})h^@$cRP8Q`;x9KC9X8$
z=_dfv3nP6O2!GoxZQgKPW@vP(Y|H&kt0qlv54dDV6V-Y`-+M;&P7gMiI^?aDcBrTg
zyAjkS;w}x?<nCr#7Yf7;t}I-AT9R}N8zCzjKoLE}!Xwt9&uQ002xYW`7g+`^UR0<n
zTkR@fS-85J_&V@UhE8JQK)%vx&(_kn$CL)PS^T1Q+2a!Fow?5j2XWbUm#Fe5*u0&y
zFBIcuQpM@?cSn3=TQJcQ!Dc3f$`xiwh2&tWe5}}+Px{Dyvy)YTZ7_7*8gD+&_YFPW
zh#$<UScH(2VXj?E=jb&AvMp?9gO<X+xz&L{HVLU?CK{pK#CT+jD7rao2=CCf;{N~F
zZ>8<Og!yY{=2;^Jj8#UXHEaaG#Ku#D^<9Tt2CHGsGS;z6K7ZL}w&FkTT+YE0oa@A5
zRq%e^F2iy4Y<)nqmQ!jTooOcnslA4@W*K99&-6CP_O6B+GPDQi!{P8YfnS;T&3Xfl
ziCo|4vy6ayC8du3BXF1p-psAItuxvhpjEMYj#(gEP)RHQf%;J%g?!z}wt%jIjsO@7
zM&U6*aXr7YU2QN!RyBqG>ZKG6@1pQd$Ez<8U%YCEbD2yvAsMp;i;vp<a?ww0xDl*k
z0>h6F$emm?P*I1gpGM|UJ_})0TLKX`zfb=)(g5jXthdY_bKa3W^oo&CzFR+@uCS+8
zCA6YAjzqdiK&%4oa}OomGhzz0)>56rF2jmJItI;kt6i_u!fQtUEbe2M_ENfwuSRju
zvfOkfHrv!@$N0!SD4#=1bj&*u7BCzX(2b=|I9)tMqnll!`RzJiStj78r(=Y6+kjEf
z6^A6#m?yG?9Ixj^ZaW!cit$Cvi&^G#AQY?ZCokTd{=zA}UUh}E#Puf6Z`<cPnx(IL
z+ezEV>-DNTkju&JsAtDYHQe|zsjy3nrSSB7*pbe(huAIo@Zoe8DR&`sU8kry_caki
z7dumz=Gh(r22CKflFK>Dnsm)u*!t^z1#X??i(vvu;)aFaG_2y!{k+Tell{fpL(a^K
z$dCO8to&Ccw^uhJK<1`n2P8roR)L)7nqoQOP>G59tZ2D)iS8{GIfYMGnb9Kt*4>zE
z?693nGnpX?S+k~&EunC_u=84kkhz&Cs%G4!o#VVC4pA;q$(dKPX*8#57o8n$<1#7v
z<%!qs^O};$*isEsY}I0AtA<ry#ka54u(*w#%PWDXuDuOq1@j~_W;-g3SB9#K4g#Wv
z>UD)=WP%VG*r?ntFyCV1?>p!9WOH=lrEH)v-#bSZ@0WKOi%e9LpSTGR#Zm)_<aZ{F
zlfLtwRwC=3t$X1EOVYd{c*|8SGhks|XjjD#uV0A?__2dNr-qED9e#U&K8%9Bv}54^
zo@{OvfA@$crd)QsI0<)Da3mF$c9Z$}WLAOj0rc65I(}T_3GRsF=McXN%y@}%$~X1D
zg4t$k=?hLYT{+lTeMkUA-_@`(acRDw7+r-Q$mipTYc&YR{k7@NeYjh7XSLgmRCRKI
zR+&N6%%$6*x4XX|FrgAKrR`ju4sU#E@8bXNt%;(TG(uDiajwJfL%ovBf6~8nIBYBY
zWk%7gT{;ScqjK732C5<Mww}VJ{N1j*f)&m`D^W+y@0~*a8UzY(veSXwmP^$yrMEuV
zj6rANxfY9%cb8P`vZqOIZ0QK-WFWKHf0f{VUQ?8*d*(U9+~k9a&&HSk3Bw(?yJrX=
zmfEUBfTVHP&sSf8-q7eULZg)p-Ec^8C}A`90E)@-@h@Fhj5XS%xmF2nygVe*3PG3+
z=pb7YVgZe_U5w;>jZEw<{hq&@z1z~3`=;?O>$D?A<mXnHYd5V+Y7E}0hn9;00I{I%
z0l!@2>B5CeN*?BYwYrYqO_m~8IYuNaR-Lwh)VzA8&m)5K^Tw~;rfcL)@s@ZDQ`v%B
z-eij)IDW7lcQdm{$^nsguE+CQm6v~ipp3<^Gw&uq@a<@cV<+$sWG*^21Wk0pt+F4k
zF8&!{<}LjAp*S~0k7lR{@ZNl`)l_^W9Qb4FZqgY`?>q*z&I*FSt*KVE)Z8sVa$nSO
zNG~DXmXymdY%vMMd~Q$gR6rjfSEh_6UBAM(wsm)AsGMTCr}^i|c)UjH*5!|Pwyb<5
zqd)i2MCR3QEMj$5Q5ql(P5SFlSKtvgk8xjd^I|R<@B7Uv-T6rc_)&pEvZJ@k1Hahy
zcx6f5N!nn11R})v`7WreJAMkSDUYV4ic`4cclnP+0kfRkG1xHswW`@lC5<^h>IV?^
zokQP$4|Z8f7drN4-b_G+mY2gO;ry+&|Ey=5qvn}h2JQ?Z1g93THM8L<PoDBURzS_1
z21OvhDv7};9SNluQiSS{Zc4M~u`Pu+F73A-8S)C6ukJA@V2W`z+Zz<z1)@yH!J9zA
z*W~Wlonk{M%WE0Cif!9X?k(xp$I_G%m4@FtxFG4|+>K1P__;kISh){morP|X#v6~R
z*V1rK(p8dC#65R$_oWGz<pGZ-MY%a*)q4Hq-1)GU1*j&d6EtgtqJM)ItqS;3PdC4M
z(=W67or&n7!8>`osrJRLu%{pUXCK+0emwDc8<(8sVh2hI0EGqDWc?$JkzvL+oUeIr
zMBmRD!6ZdKahN!Q+A_t8;(zPJh#t}w`BFLXOBSbs4hU?MTRR<oBkA3T@+=%k(*Z*M
zx4+6{2W1}db6z00yhV;QvT?IarW)mWs+CMt-dO!{F87$raljf|MV9`&|8<Rt<*mo9
zATxo>%yN_qj2i`+tKmzj5B@~npcpk_hkePXK%U0^n{si1zRUX4G0)ny1Zy&7vn);F
z@zpWJ6?wFsx@5&{Szw0WTqL@xKQxAruHiZUv?{Wb#YK*s&$mvq2A*Px;XHFCnfC8y
zLl|JrEQ)QI>cB1q%y?HsaNg?F{^Lv6Sz+bvXfX-<V>}T%^|9|SM9|%}f$r2XZiA~#
zNWuFV=B?(FvbZxN3goH=*u<B8oBh6p@lr1qlhID$xa|f!RZS^+W%7Ri)Me)0YCZq*
z%M8AM`%S;I8*qz8d^P$VkHIc++&UK64Jn3P#$qMcbndV2W&yRIn=x8@8mMQJ+A0Bp
zb^5IxDC(Z?-$4-2!#64B_B^ljHD$xvdznf^@sjV_Hg8`L-FNbJaIw_XqnPYO&xTEM
z#e^;L53BA3bh~VSyIhjEphHsLG8X9$=u-0aHtjAlaFTJTcfYlxSL@C;V|HR#5K=Iy
z#kPw3IXjFyyYnSrQE2}M`E~0RhvI9a7#SAEK47<XLAY`o&8%$P)lmNwAy5{DNPfIv
zq7d~iuzSp{f`)vQ-NqxGopI!!<nq(=4_J^?z%-yMMr&nO>r%bTbdkAg$x|ZZLNfn6
zVr$;WH&L;H1%=wZuQI6***&?{YuXGZ;fy=Xik{z;-Jq@ki%$7_xmyc^G9RTZ0(jT!
zKkO0hhvIPDy)n8ehV<*9W=6c%Y$ID^8&6$)<hF)HAhi7?4Q0-4@)q?m<QvI%k%{?y
zm!9Ost}>VGT9jm#)V4T6mMp6ZNS)M<P)OIzmQ<F2uJq5U1!^NhGE<ir)-3j6^$V9P
zz7u|)4Q;MV57FyG)W#%Cz>6RRi?Q+}#yYG${o`Phj5RrKw|p~Q;*2f(C~IJyTq2Am
zI^9=g)*<g1@~9ZzLRnj-FaPl3))HOigYRRry*Vf1wZzy}z9T=H)PE?NygpP@AeA@$
zX^@Iec-qj;J*!g@xKSx#;o#;qzF~mM$~4_ydW3C>GXH_;k!HT-ltqsAbsBr$xa#v_
z_Cs?hZ>h}TP4^l%$;p%}L~l{on)xJT63wBh1D$B1xRH&<4ZS^nhmv~KxG6k!SCm|N
z#7%N$guQC3^?SgsN5|~0M=hPjz(e`M@mZOcbcQ4ps?sJ+<O%~$$J`vtr-ZJ~P(k(S
zVS4}mCtudA_hvy-Y=G7z`n7f2nc(#kSB^!7(2YV+vLWy)vD+mfE^s~msZ>q!t6q;9
z<Iix??XNAxt|dU;H8iY$mXaJIfXI21OVehf@bd6rqHR)rH?sTpNg<>gyNR8uJ_4nO
zW|-Sg52dR!bpfRYcuvhm3XQ6nzXazX-)zG!(;W;(^~u8ncS>Hsg&`|+57!YwA3AiQ
z{%-?C)w!mM(o!OQug6JhQVq{_4M*0iKsZrSg~i0^?GIVb8*`l=y8?^im>@dwiycYr
zjaY|3ibgwYW<aq_BzcI+FQ_uwMdziBr!|NRR+tTmO<__fXU>FWrPrmw7Ig!!u|C9f
z(EB5wHM;i;Mb9DPw~nyuJU3>ni(?Albc>Oa66G@cg!8J(l&BH>(<@iV*itsfP@JVU
zexd5#%ce{NzhMn{s?pc7p?@5LtEVzAV*dD{C%~DnpCn_T)Wqy>{6q)-RIjRX$n7|&
zm>Zd)iJiN5m2;K7AE(f&CDoTR-$l3jbx!!QKMV`3{d_~bdS45q4X$&|u^3Hea`CON
zzU-<cYzq2p@4;Y!U4=mL@7GpYJ67;+QGGZiI*H!6WpZKhD9DDnnF0IXR_0t}w(Lm$
zQmqtsbR*{4rHKU3k(JD$dWMQgl{TS)KrMwCF<qThlWt5__}WROC-3wIHykq&l@iII
z3R;)mZSFF2Ot(GD!b-RG0UL#7*k_WxHYpjId*lALf>twnm@!GLd&{>#(rMNypBQHD
zsFSa^MyRyzl4dSP@cI<kO}8gBD{Kwvtdre*R(@gzB+eTsT2iY3$13egr(12zvvut#
zB7w?$B3(<$xV1sK$hNk9I6NKH!-7_GHyTj33j7ywm&64@zpwcl3}?Y*;yUbmQ9W@=
zXSSW&IR@zAvIo&~pa&I;oWXPBJ6O<P=fQiw-H<etxv3(2@LCB~nDx*%A^Tiol>w>I
z4C@qJOnv}12r(l1+!oA67UK+FF9a&6C9Hu}v1ZQE8qwz5Ic&7I(jE%#ibVF(mcMa#
zd>*&T;VK-jPRF}~!dyVN#oDml4zt4Yk5i8E+L?`|z1|&M?^yHj-%x5HZVnARv`NjG
zks}OAR}T`@=<T^JI=jDi7=OHj-7I};t?WTB@z>M~+)-;E<+L-pLz4N>CR;H&6V6LK
z(|-HqwX2}R9Tp*aEHeA_eb|o%>*R(y+ti>EEY1UQ*(-C3GOWGeZd$*`M>y!N)LUGt
zW8*Sf#|RYm!-H2&@H3ltLd`;Wxu}Uyj+b&G@=ovIW((-Q5sWCC;<-7;avi%kye5NR
zneFfel5ZV#ZRBC2(q5bRDQO_pvxwB^8TolQszY`w^mcD`ueT6uWC+~U6&}ss9ziRV
zNN16(>;d{IiUy(Of-4xMaUtLS)C-p+wK|Ci<&dw>j>d}QC+JsQ_t?w;<8^-oQckCa
z29m!EOLL3+Z0!aDTB|2l<zCQYuQqC|dJXW${d4c4?h(=zI$bQ<)M0CHkB*dHptx!z
zf~eEFZ8=TrjQowfgN_^B4#SltmovmFs2FvY$Po2ExCRBE$O<ppv|Y(+zL%g1#%Gf<
zd=iXL&k@Vqq+-NuFg&!<`}pt!vdsz$&v#!9FeFLtfYC5#II2~<QqtU9tk%&X&z+rM
zB0_54Wx=)(smB!xb}g_7qZFfXe%cQZd9A4i@93h(yg>-D0Xhp!l`vGasI|F<u)iyH
z(KT=V{zsj$sC}t1=}gWJ-{JSYTkd@k8)=pJjm&pcthM>AKWWV|=JYvBaAOietf>2<
z6Fo}DkqS{|PLgm{fz2biKIhC&3vOGLib!Lc4>Ke!9H-I=C}!nM_P%3*QCaF3$roQ3
zJ~25saQx6MdP(HVqgF$W8cd8<H~#SjIhk!;A>|U_JXGq9VyfUW_bmWTH_5Md5Jkc2
zul#6(WJh~WBStOQoxyI0GOMbvO5iOFZBZ*RUy4CQP(E7<3-iZ@wLEMp@y{^ho5_K@
z;n=jgrmrq2c7eo^e20c!@FEi4CgH7eZg-b!P7RXUhyx0KLJU)0G&}K%e$lY=XfNiO
zep306N>edUEs$j$t|8$vS2Ev8JrUUYZgSMZb=snBI^VjSsaceZ#f-GSeo-Bx=(m#!
zuwi>V!;@%36;Mac#tn2=9(nsuo{%E=2+gpb5R<+m6kzs!55Vh{XL64NFQxMuWLE@&
zhc*~?;B7#6V|ex%^V+GG91O>hcK}~;;h=iq)h9a(nWPEa*L9UCP&bQNlVWndb>UH@
zOIdWjkmm~p=E>9n5Q`Q!xoe#^+L;y5t7yY2Daisg7Vn{7pE2|Vz1@I7rVdcLdoJk>
zQW}frq9ag^qO-u9xso}rpgH67d8oc4^0<XxB1jiGmIBpGQp(?F!dNE-{hV`V#(Y>}
zw{fDX@FxvvUmEHt)L1m&M;`h<>9Q$nzMPqpFZe6p92o`|XWlFQB0HxYq_SjCW<&d0
zXw=yf0-J4^`iXOz&);{5cCJ9W8IyY_-PVTW<9oERo`V~isL&?#PAHbf&cI+R28yG_
z;fO!7*{rfHgqbr$ULylBo~(iPfXcO%*%B}73gE~=C4sJ5qk8bfumD}4(Mw<U)lDe@
z9WgQnij8Ex)IH<A<|J0>DBk@0o}f@p#v~)gvWGY&O!~Nedsjf11vLq+nr(l8z3OvX
zd0G*qy0<<z0ps^D>U^d2m`%aSZp?t>l+R}q_E&65s?x6{@6CJ<e^F5i3ZpZx!PBPt
zhW5tM>4T64h-tlYr<@?i8b0nQgBrK+qqTP99okjtAR?0U%od0;=*CSbLxZ;gBXfg>
zm$)UeVB!{v^@{0byI<PFdjBXrN<%+7l^fr&m_c56po#DD7-7y(^4({O4R>Eczt^w|
zSOS+~VV5c+c+qEX!3M;xYMGp4z&2^hp#Jq7i_~e@i0&yDz!bj^I({IMG}^XA|GcQ+
zV~xHG?!gUX+u?G~wD5njvD1BE*&1iM$s8QS__(VWp+y3QO6$x}hk>1gR%!1x|GdKs
z*K@Fv_`Vry98TdsoawVZGp4f>)Rr8wrJQkr7F}8^A*x#QE$IsLl6Z9Lq6}<(Z8ABo
z@O8gCbDmd5RH0b0<f$o#10iba+6!PS!$b#eX8W`%n#Yv6OelmY;#cVA^INxM*D0iq
z^aq4)pn_r;;AOPat;v_B9LTM+<X*irph(Kv=gJ!_j3^zYULDzdP?|U4Tffohdv@@=
zhw!n;Jd>4JM?N6KJ?tmu@asEJmpG%qFdMN6I)naN)K8^XhUPjh|8(u^C_a6CMgt|P
z!&?zIRnUMLfTni9O(l8nm@7@EpCsk2XQlhiq!-rj<%Ay1&<TY+puG<mufZaEe$InZ
zF7FYTB!_Rjyr*Nk&~x}csGmBb7S0LckTi+n+?l@8+VH;)uQ7L3GC!p7*$eVq!wn>)
z5})+$)iXF69bYW{oR)<HjTmmIbzvwt2M7AoR^>^D!6;XJw*cw3ie|Ld3n$RAgr9jh
z<$KiapSd4$y)fD>xt+BSw+-9e{Zjukcr6;W<0b2rA?*q>G^Xl+u~d+9j0v~ek+iaH
zy#YFaL;-D%ZjIE7@@Fesp@_p3;z2J-l>=OuYhZ+4tE%qj{S&707^X`Ih)Kp9ZRQ(m
z^bC~*l-q&q22+W?s$tvx>4DsncM?(IU?BsSh?<QS{m>B^oy@e;QUoKrZs2isPTQaB
zSMLh0XS!t>3KDxBvAD#xF8{Nyumc=4%V5U`3Vua~ZD`ynv;6@sQn?$CxXu%(%ZPH*
zmoxG3hHReX?}txm8JckUg86$h^C1N?KV<MRb!T`ZRtEw+nIEH__S(DxyR%Yr7@Uk@
zx#?zfcSsr8v728|;W#O4;Mc~S@rX9(1}Y+KBc3)Nc)p!YXr;5@$H96gPsWo$r!ZO#
zx=~M2?_+Jwnyk%3>6vUyhp`{VPVR=i{?IGbBQk!uD(vf)uh-rj$p*ke4WGjn2*TVq
zC>?p=6s}Mt9o3J!#C}+OvwXvScN=}o{Mq(Mbv&kbl}LpQycHmyvgHa+slvp?dlLDT
z(f>E%_kNm2$DZHug-}X&Nv5Q=&smkWfb0!$dJMX(;JPTloCIH-H&)gC+H_T8-`-{X
z6Vl{F_hEHEyY<;-U>f*^NCm+Q8#=T_8)w;T#0mQeboNrCaZ?oXHjBX_;Pa<9l7ub-
zk3s;;%{kv|#GM(FpV8(Y6R-YokicS&|1vWB^1dX1FjHx$slTHc=5U{K$_U;VwsBQ_
zXEnz~(~BFnpl8OsIG~Wc`pIK<CydcCx~!!}+;=H41Y<(ZGgoL%Z3`<yrQa8y4Q+}*
z{H)5QPe|^Qn^*C^b>eItr$Aw`{i4!J=ETpAQd7Zy7%EEvLF59j^fPnC#2d2v`=`33
z%Ozd_UIQv?yS4{h*G`v%%)|D!fnQPDW&exJ55@kp3ruTZnD?UvDy@P^T#<4I+ro@|
zl&)2`8KRMg>|QSpC}oDuj<sVNq#q!w(XVtDodt82S3Iy_F;lVYZRJO~c69ZPB4v-6
z#RHd3h^|1^ioLEGVq{?PC`&--X5K2XU?3p8XnF50?~>u<ZAP1vNhNPb)CZq|RY#Ip
zYYdPLH^*MILIQ&yn8dFi5NAIo#ZuebZmV=V4p&B7b=F22i;!Rm9gr*r6ufD`4!b#k
z1Tiu-`w{I^w4ALH_)${;5^>{ZegO8flhkRw6Eepp-b{(iWK8;%E#P{dSmQOYpw~)w
z4edTiFq)Xzn!*fmF~!1hMi0R){2&*kE}#@lE~kAtTbHcJXx7?J<NTD$l1Xkte=+BC
zqbKF!8U2gpCN8j#<9nr{4o`QdDm*J!wPe4)e4(CgqF2i%iMrw>HL!Y`Y*4W~vV_WV
z9$vh-@q9dPkrCGBP*a{~D^612pEmXCx*@KkPFsFFreOcJS?%$nksydma~7BUCUh7y
z4d>Dy_ncpjHZYs*w)JyxH!a?O{%$TG)ONvB2RenE2Pp7m9dNoCQUB9f=b>Nzabzf4
zJ;zg;@7|GXexdE^bldD%7p)|h=|TK+I|kucP#l_lkPHM_j7j1LOO`ykR%E9>DQ(z}
z!NCGhSGdmKRdD?Q#9K4=+r}a7Urt_r8)>8w`QQC^l1>>_>>dHxM?!523pY4~JE(i7
z-W{lz7;NSL`1116)Q>S$bxd&W@@KXGZT17$oY42uayNsZjHiUDy*UxOT+JF=Icp-|
zU*M(7!)TZE!Rx74n$xKYk16wQ-AX-;eW{%f9d1q=QZCCjy8_?_&Wfi-jw~-;MgQAe
zCi;#t&&(|-!~LGFw0|*nalc>b5#-GVvaNq#{+pl#KXa?+#@2zQ8(p|zbHBr^hW_47
zCvVStoQgXQr7Q4v|MPx^Goc4+BY%m>pB>@<eR$A2OdAg#xc3Ab>VF;h|NJb2^6lS}
zzRuKY_a{|AEd;%ix_`qvX0D*=@ev;qXnwyAO!FZ0wEL};bUQt#N~PHNk$(S#|7Ia5
zazRaontL*J=zMPazu$K7+cZ5mp97j^8J4gDbsd7>Z&z$P&v-g=YMPcHqRkI|m-Cp9
z;}w*3`4-mY^;_@OnYz3B!|Zpvd)@aiJ~jZVYvfM|Xa{{N9)fB{44<5v@M(~m;f2^u
z2SIPvVE0=NF%xB9fF(e)Y9{>W6na9|EjP+&zt8?{%9G-Nc7V-s;fe$xLDvSTWqW^-
zO_lNnkfaUEIg9~egCa~<=3glpbOOq(g6M4v%LN-)icR~c*>1q)R%`}|lMevM{sj;%
z&=UWr^VPy5)FZLwY{hh(-_+4lLKE}Yex~mhe(ftKv<bwqO5jnwl(jSs*h}TsO}!?b
zeD7E@C1-*Agqk_O^NkMpmY<2f;v{Jvd+=O3rW8++(LQM~sW1oA=-2|(7yb_F7E$i(
zWG{6$5eU%6(G4yS#I{VPFO=4r8aNm{tVmh=tszZPo2C2sjp``74}c!+AC5eiwoMdR
z1&G0syn_sg0JA15uk=s24~|?r7w`4$^<NNzMVn@$AF1=z0GG!w4ea?QMg34V{|-Kt
zqrAi&o?*QP@v%rhz*f`U@dmJ>%SZ&H%LaGW=XzVgJn66@qX4Sr)?Wv~S(X=2gNPoy
zGLH5`QyV06&%wTZm@dm;%$r6GQ3?R5Wi;%ub~%1aFA{)cuyVAj#Rv3b%H=EB2jO|u
zB=a+@_gv;;b-U93Zlj9<I=bn4XAb2VC3H1os@+}Psd83GhAjai8iLoqH#xB&Vn-xN
z4#?-~6c|qWWPDLsUq<};_9i#&=G~~g;5(_0+amJQ{sdRlplq6qj^U$j`EBSdXh>Qa
z)fuWkT>`A}jkap2<7jQ|2+WP6^H^X)R!NRBF5sJy=i*RBZofV3-sEblr03dg{Lu|#
zqpy0#27%q*dwTRVO(e=knPemy2Z4rfHH{&!UA3v(%TSXB%4Y84aqT*kd7$}m=4B}+
zgZ>IYht+2!4FK3OxPmk|D2FOInju955dkJ%1_HWfpOb3$@Y;Zl+cMY!;hz@eX5~cx
zbO4F{rSc8EO^-*+_b76+)Z~BF!VJpMg&_~dRC%@3VG6|*+tuFA4EAhD;P0QKuwN=>
zsJT@#5roBMyscXYm@<=2ZONyN>Q8}sL=M74nm{UXH%l!BU8t{u4AkqvW4tY1rmCR0
z$>}Bx!7&f@pv8W$*wIUp3j;;;M<r!#ppHKDcu=@}gcDLa<j6Yl8-MkhT&ZV~Tz9?7
zex5|F46jUVMBGtY`F2XZ{r;roK3-+|?t#}pId+vo_MHc$tdtOG;wAI#NXYqP`v$vc
zXu$E(4tbJ>LFPJ-$CYqDgGXN=wT9b$ohCezZ|fb=3o|K^W+#q1Aer;katFR1XalW8
zB9T_hi&aaN&Z()rhs#zC`m>c5U*yMH<Gh@Zr|<8F9HkMZq3&`bZXW-cyqNDOEqju{
z&0-0*jV=JjBNKD8P1{(f-@<{px3crbhL(-`c_VT!xQ&1I8<b2TL7$nVU3SDx6Snl?
zT!lJqvP)@AOi-~OzykZ>K5TYsPFqf=eWmu7y2CY^PVx^D2`3QEvfvW92`%u)jet(`
zyjYO2apY5Dv3>+`ov^4)LmBDK_^UY|bNm-WC2MB_x)BZ;5N3MI$=K~e3VDFK;Gi<N
zy#?a>zQIJ@Mnt8&K+Zh0k7{h(V++jv&#bSCy60z8Pu><u8rMqd6<B?I{HRFJAIZG}
zM@dCT3=wmh^omT8nyVc*2)$;S4#zk2_>ZJ=R1<yS4e3)G*KCb9nqoD8-pLfb!Jt_j
zmIk-|*rlqnV2<kP-zy0da1^=6e>j!nodD=IU+6r3hx93ls3&FQwLcojHY7KI55F)F
z!LJi&H+yihcNRF}h)xCCptRl|wjr;N=ir#>UAj;A=yAduJJs}x%Vd27rsxeH4ZK%L
zf|=Q+G&VbAsx4>?;b?M<?x9y(ya2itVE%BFmx~?)n<iIQ=OPNj?}wa0j-huXpQn>K
zBdzzO-BFm?M&v_!S7sgp7HHFvxDYc8xc-jzwV*+3#R@3IO<~x|&@092ip=atGV_bp
z_ZQT7XpO`xT|2YMN$ui8`_Q%*&2DQ3@`1(%kj_{JO`T0YXeWZJ0=>Osxx{!E%%O`J
zp82(S{S&xJ<%&vK9}cnvLg*OYrkqqkpRZa1FGd+<h)%cZ9y&<|`0@EN%OTIAjI?6(
zk{um@ORKz?IgND)6`%a}b{uzs+P2F1a&G0E=+>1?s<9*JPkA!m;i!+SE0B;ln!Gic
z9MC>6>TraRiU0O9RE}njkJDc`uJBmLVHDI88}qunneT`x^D5>S4V;%V%eVkHc)J1c
ztCa-^;~5o;AFFGC8d6m-F?TgzH~Pj!FbxnhXf(kKGV~WW$2Hd)13?8BEcQOD4F>on
zkge>%({q|D+3edr^uGA7R^t;uZ*J*ogQ2DSu(aNVf5Hv!ZyK+s#+tc+XY%B;mlj>E
z@2KKP$qS;LK7cDLlfd~dJd-mIRu7pE8Y@h^CZip5$W0ZMrGLS`;Z8qqEt-m6y)ql`
zR6DC<$Q(E5wAKOIk~s3UaGViP^eyLg8Z2!KQw7|ya1D-*fHAprfRH!o@hqE}Bo!z5
z4Gqc3N&a4pE01lQ<yU&mnDtR0((cdr%38o3#K7#0Rp}MqX{{R!9RhusrFWB!&Zia%
z6>f}5%$sX8VBpB1D+)iZfSwNS<GhaL$$F@Ly;bO18d=t3Q5PUJ%ea)owm2A*W3w`%
zJJf#ihR#Jafxb7ZPONdCw*=o<-y2rC$BC9*^J#gvKcuG^9bb8)8=c2n^n*X|ea;&j
z*vH<~2lp7CAg8E+jNob6wRD}XcxkFE39XZ5l_>Q(i;O0Ex&yPy&~+~OmILljQ$XEs
zTg{-iW0lCgrKO9O5BbUyuG)laq!N~%0-(BGPOSFrX}&#uLAa=^X-}9s=B#RPc|i+&
z7nfb#j)Avoa4dnT)=iReCbfOZcUr!!U7b{Kq<oUD)PQyhnLdxvukD2Yi#tntV7S(u
zHEW^HW(IY2wj0!OI0gI8ag7)#3_qJY@Yf{!CXS2sq;ywC8fWirvcS!(&2lD+w-mP$
zyVw`;b`UHiojZD{ixg(~$rsec_9uwlOF1v{M^h0evQzoAl63J4#U|rGEMB<-lvxr|
z_UrPG@N65#Quc;FN{{;yASM{h8$9BJFYH-z<~%(v!?U<9Jsw5-A$TVXfMO<$){W+p
zFqw%Nlob)TNpRO64~=PwUrn`~{!C6|?g7}sOh+=0*pi%q*try*ADBGyH;)mXcVMzz
z>p_=1q=@8kK9TGlC_xTij&91op(jwu>HOTpi%6x`I81+WFG2Y#&Q$-71{pdTXI{n&
z2+dmP_`n`+Bt1gOQ7n>R&U!3gG{qydU!f@91DV#&MuYZvD9a~CY=<}ev!jySj6Z>`
ztMXmVH_F8b0Woe7Y61tF#j>^}A0QS=@0Ai<=zD}>^jZ+y>Gm3jZSS5Q3+ZrIDOEik
zQ}>ytZ){27_=9XgJ9@iBFoHI>mA+~D)p{^CEqZI&lWG~EK;(Yj%Mt^$g;=DEiR4F7
zVf)FGRltonT)RGKP9w@9_6H;!sm5Ldg;t^RT+ts9zQ$@dKTnEUiis^~H1+N+RQo{c
z|HgpH3PhL~TT3X@K+Ik6i9%&?amV7?RqiPj${c16Gc9_=O=9@bZb+_GO}atf|L|cU
zFe!HbtD6ki7m2&>$Y7t3yX++#_AgBms^aP~CFE4dC5hYPv&wiQywmJ7;c3>3x<$&r
z_6sSDu>v`>jN#PgtEFKAw?xW$bRzZH(CeK|i0F*qV1akD$q5LHCf%xAs|wPc&Y*wy
z)2%1>*`|JlyecU6<(5wr_`;#1dLd2d&jpnPf$;uA(qi!@)2GEY!1HPNeGhj?F5tm8
z;hW!giCO12G#u#n#7@v>6A!&t3;ub@*kR^D5%~qxbQfeC;go<oZNAxnE0eII7S`K>
z7884oQx@+`{NJvtrojTmL)7o~<_P7xDMDMfRE!l~T}5PRu)hmK9zn_-GmHHY(Be7d
z9HO=aGC*OWe{E%7WKIj+;4&436~taL{MBuTQsFW_EUo}esNrea>aJxMV4udH6n}E-
zz7P14aR1H!#5dhE&;7b||M0tPgE@I+P+zIA+iMFJgQ{!_6OCY_Btf!CVCuuAGHe43
z_^=`n_d&ACS<pDD%2|=<I|@95zZ#Pv083bJlm)jv7yn&&WrNU(-lb27+E-@i9V;1D
z<YQxX`)C!u42h<LmG>493QQ;$oBilv3G+UygP+ccus)6$yHk?Rk%RvA=AoD$!@z<2
z0$Ro*Ay;Bpthh1pi}d;dixKc}-Pk63Cdi<sz(X5G;sAHM>IixuePO>xN5j31dCnrK
zcck5>Cqv6Iry41^xvaT9s`=Fe9*sNldd@(jsZ$Oxd)?bY1pz}GhwM3)f=e%GH)Rv(
zz5C<`^`x$1Np3*DcDO4@G0waWUgzySd#LM<<g+aKnEVK9-u1sfqYdUf&4#93;6<^b
z2QiK^<U0Zfs~nrG_(d=~T~b0<26q4U%ie2QE69@MUh_n)6CR+KgX2em+J(M?28Gvy
zH9np$ji+tO-R;RwOZ*NVih}KJ@3{0@EDmc8bKvMpka0@%;f^EfK7HtAfd3hD7lwu0
zFtI|pWE*h<21B-!?#II1AGWa_Y8x<{PWP`O5*`yEvg79H3c&jTO8-jnBA}ZsO~sBw
zi%6&9y0JP+d}*kHu;GdfOxvisVh>M0r<oYNzdiXN>FSKfuPH~Yz#0p;M}LFkQ2yo}
z8Hpo<;0_Xw`2C2jwx08mcT;C@Ga1Zl>1pBL_<0sQhDk+ZPW*Bopqn3Tv|PvkJEg&(
zH|^=O32pQJSI=<+_ZM^+9+kR4p~>G+Zd`gHUf@R4!LB^vPzi8MCGbOrG)-0D;kpB<
zI6<g=cH=DlVC{##g7);lCamdxz<?IL%{U9$a#--yjU9{w;k`V-C03LYd`<2UfU5o%
zT%A3cq-6enm$Xl}Q-ZvKNea+M^d<)bcSZ&~c&{>PHCqxDx7*%u@d6&ceF_a44txjS
z_Rj^3U+7~yna!1GRsR|b{U4k=aEK+fZckiPj6Mdcd~{I5fnK7(Oyyq)>h<P@h+a{p
z=<;<y4Sb)elP(0d<;mE88$W{KXb*?pDF1v^c@;o;0L|_o)8M<k{A_8Yrnx0rjBWzn
zwW$Rnp#T2Vq|dtY-lKIdp;G*ZONNE#`$20nb8w?}ZXRSmUZU*&?Q)%j152u=2XKd}
zdCd3y1L69;mcJhP06nRaAlA1v2T2hq2LmO$!0W(}*5U}6m!Nb(c3!RAEFnFDA`jiy
zzh9<oAh_j7KC=!I0Pia+<&-Yo2Sn%LXW$)43O&Fi^_v0-n4}<aq<kC5fW-RCoUl-0
z<lxhyYxX04XGs{8Q$gxP^RGFjO0cFjL$yI*$1C?@enjy7x61%{m`Fg2s@#tPtn1wU
z8BjKs$;9C{09X~6gPK7parfUb2L~r752CJ?MWA?BKg`M(_w$qNRat;L+l9t(?)hTf
z{@8z?<-pIof+&y-1lay@NE&rztfTh-<cy+*L1N`YLkQc&P%g<wirb@yWHjh^L07GW
z<}dd@08`b!FJU(K)C$nZ^ceuUpdZn+A1d!Kz5>_v?c*vBhgA^RUL>Tct4Z7UMIPgo
z&M7$U1YOeN@#*+~ahdw;!XT1@5===4J+I^B+!4@ygFkF!IoT3@fYd&1aOnFVQGx;8
zC%`F+KAq`IhRkK}sZ?(nkf(|j<OG91OoysuN5b`+27f_^)~PqspD%g|@K-K@b|sou
z(7P{Wa?EN5^blDwXApM}nuRR(7p3zWV9bO%)nFA&?KR#TF5}QVdbv^>`k)7Go=9$J
zD-E*7ooJAjx{ywIdT{#|bHGwK++v{Zg1?)oX#y{+z>T<{i3)?Ttjzm^a)<<|OSFUj
z<$17PC`Lab8SZFJ!u`Rh=<ArDI3@H@7!jxBS4;j+1MAL@ndX++bil+IO0@(nW#6Z&
z#R`Ggtmg|%?lL$MBXuQqApJG&k$U#y1fB!j7PJ?XI*)&|ZQUSdeh)5G)l}v96SsS9
zN=<M(Ql2@v?^1Cv)N^9C7}Jx*k>d{WK>G|z9Ma!vXX#$xJVUB2wg-Z;Oj^+bXmo-U
zEL9RG{6D__J0PknXdlN>gC-a?g`%LKQ3OFCAWhnW#)`1?UQ|TN!XjlsI$|sl0V7R7
zSfol>dR>|gkluS!R(kI&u<UovV)B~z{rx`o4`Sf%-FxpjXU@zs&phMxN9}t#0TQKZ
z>aJC=g-~mkCH(pb4iGwjPdi-N_=}KxrA$9%i)DFy5l|Lfyd!VR5gimjGKbR7JFOFZ
z2Cba$JoLR<YvS@cI~I~AlRzHlpEf{D<Y<xplJ+DRo0`c%I;CsguJmp=JOe0ude48F
zr+Z9d&~&ayb$WX4bGX3%=HPmGi~X(*&>y++R0DLD<Epg;*b9#VOws10uBIlXvrZ2x
zLnARz?ngnRXJu<<<&VSRxK@9j&3N_d?d+-dP({?VB8k1f5HDw0CX{1lRSp}-l6y_&
zbc^1Agd}QzSJnJelEepd>kW02b20_L+szkoO*f8MMa{hw&v$HbeN-FFXNV~g&KHSN
zer?n#*>|y%ec0UGP<UIcfw2x0yY+>7_6iri@%MYhnK7YB*3B@v0zPTB<EU!q;1Vi@
z%o&VTNN%+rNQX(-UO52L_`SEGL=kV0m&>R6a%^1!1($t;&=;xC`Ns5@XA7?s((`zL
zRXvQrIM=2!+wddGRRbV$ZJ3egba=Y4M(I3s{x;0N^Z8w6L=V*nf`yq)0=JBXtjo0K
zVjY)V$=|09az8FlLVIY(mX(xg;gsq$b3|~BG|9eog|coCianb_%Fo(Fs~Z1w;sP=?
zuake=M_mtwIG^!gFxR%roCcv!cQu#<<DS>uvk>VQ=Q3YD4^n!1XRp6uk|HUjpr-C&
zIzKr9{-qMJ8%aF(>)mS>XVFUy#7$qyB{3^Ox$x%z^IGv}P#;z<U+yr3g6<kez5Oif
z6LP~~w+Iv?Rwf-L-N{M0b3GQ)*ijJO?5kY-d+sHpK9Qu}fD<eja7*P9yc0Nq%xm{c
zhniFPkDW>4o~Vd+Wo10Nn_dE@7I1uMmsW#h4x}Z4fh2{xUvfQav$H>_77~P2==Rr+
zlbT5)o0fY)YlRqBa6;C!LZk210;PLkN)L4bGi#R=4wG(-T|CWz2rG4dE#bZB&pBK<
zES=<F+WWh-KjRkkZTiXWrSb_%-rt=*a^OJ((ouXJkM$bTtR|STZ-dy166%wYCv`LD
z8A`NyCPlj<*f-PJ?aHW$T&qZc+3yuD=42g*h{@DL<a~-)Mdg>}zXodOj@$^}W~qLs
zAY#qtjbn45vCKG(BPE1Nk#dAE+6NRKI7mBud5mRC99>U&AZOE+c?+u6tD&#V%<g5X
z(SD=ebhIPuX#Uzi@#x$=t7e{1jjblw{&Ew})3-9Vx7OG3pus=rPxRh$l@dNNrMve2
z0A?vU@oPx{m`RrtMGeUsZT^X<>5RXldRc?)tla8LZy+DwJvP_ur9h*3BhMfy$JFo(
z_|=N3$p`kfKL*Y1Yb_*0DXD?X8~2r~kbdx{4m^YHY-c%Dn)*3)aFwwu`CKJ0)Cl(L
zd5UKM;GNJ4_2Vg7?}FM>(0u2r0;qqqk|oBO_4vi7cPO1E?f^h^q&f5I5j#3u9EH);
za{%hWEzs~tpRCu25JPB}M@nYHU0ZcXG&9xQ9B)aehSWiSuLi2X^u8Vvu&2}*{GcWi
zu<Il<o^2Pv=c)#&3uPCUP}kh`ll!410F<Q$f!46ZZb`f1X-TPQ*sRQ+^;klqrU}Rs
zin%V_!W69gA3odS&jV__l|64cQ+MjVx^9m{%KIT9)^e$sF*SqENc(zol}G)AhiNOz
zjCi49>}e-^1=QKc*r0lDuj^xheL@9&LoM?$J#AkH+9&<STVLjCun9){jFwgUKnjfG
zaeGsN-QX?2-tk4umr#PkdcxW>uQK_1dPlpnf$ol4*z*cUn~ywbxWalzeljhmkNOgY
z<UKoALSn=;%*E8bn<kDMROOe&3LQkf_lkOIQ>xR4Sxf{K)8t0PtlRjdba-0H7deMw
zT++^%7_vS>ewwBu_k5%_+*td$`t7biJr8~Tte+PrCRQ>>U%02YFCv{pBGjHI5D5N4
z_5znv2yD4pb2_c|6@0h|8Pe=$w6)rodHu!q{XYGmc2p=&c~-A%czej~RJpa1)@WQ$
zjSSCnMt@UNQ&*a6A>c3TMfNX6f}DkQcH2Aly6I$qs>E~`RIpp0c5jyG0mX8`K_sI0
zDbKeZg@VQGzwl_XH94sWJtG}mL=DbbY!>^Rg%e+P>Nte_oT6MnnfSYeWnb~s4Jo{y
zdmPuUF`3H#Y@zO@PiIlWFUEuQsfn74O7>hWZu2k{Wvu*Pk2v{jN0vU5V-fVeEuLy`
zYMout4yK#KTLH1inchAWITnb$TiAv9kKW2#jV^(_^m5ZpZ^%4p?f#06!g)TzV|2MK
zK`2!bV7S7)(3V*Yr0j2XrW*^>K0o4ta?orb!*#aZ4}G)<E0%Fg-+v?Sa}~-;V}ASU
zR-HZs%gkXSIf?u!cV|-pB%n|-q6OE{<Z>MRPDA46homtK!-;h``uo0^UjSTr{n(_`
zjTf?Egd+ou(ekqTSvM~%04jeHL;|qFC3Ek-fV|mNwD3B&)31<0-3xaLieBK{NiWu&
z3EHu1ci|E<htV_WFV&b(e}ylK;ZUNR^y#9P(e)OZdA5`<Jfz>9)7|2yp8B1}c%37|
z^yyJ1#c{X^{$e!7CyPn+F))0RhZH>SE<gfCVug$Lb`Q@9)IR~XA)kDdfOvWO^+p84
z<?)$VmMtJ)RoBBXX&>iI?WpqJ!F}ZAHIZt&!1avk+4SiUk0IZ|dB+_wPGCcWqpU9?
z`M|9>z_cQ5`U*w$^KJAUmfLmtpz(w1#el=%b>V0DioQHo-ULsQ$rb>5Q<s^Wj4+Am
z@q>F~gEafuF9o~3--+z-2}LXRw?x&bh{JMsf48!<ybQ(nL8y62HKaM8gKZKj0xT#9
zQ9Mb=aqMuT&+x2)W5dMs1~eViPQfi{T|-_Tgb?IhYZXC~E2OYgZo^6*LHq=C^c;YC
zZbk^v{rV7oAE+i?J$dcLGnqO7ATuC_Y+7MtNgcOiE+^yfVt3@SAwxF;k~a3|!LJB{
z))tBTQ8!c^Tr@Y(l)HPBVQQNsPOV)#%Gv%2Ec`WS=MXW~TSae|J%c`dQN<pow%8XM
zuxH)>>!|yzEdRCF3(?zI#8$rcV8~Hwe8Tql4|D#eRCX0;t=tx02M*_K=j;8@B={PT
z6)6i(8X(=l*mKt7ZZ91-Lpk1m-CZ`w_#H)}A<BU~m@@k@u%p>-%hnu^jUc^jIKYXR
ziaT_pl`X~&(Lib=f}t@2JqHCBe?ES(P>d*Te^bAv#0W&uKX3Qga8gBkWe=kZ;dzXh
zq}{+2@-tJa7`gQSNqhHPMNNTXj*f#f*}v(~_7sfJYpfD#Z)x(~3o-Mn+3u@&-4PH8
zyavxYIijuUT94u=2p+VVtJS?2-vUlhKbNiBE?dxot5%Wf4~C{{?-M9DkTkC#if%;5
zR<WxP?}P8;t`E&W!C$%B+CQ8S(d0l|?&L!{<5ub}kt~}6-~X5kO<|a7&e`d;LoXEo
zy;Wd3j;}MT%Wyvg0r~=T5p+0d--r?SCqL05R(0&jt4vWLjlA~X*=^tqsy@Y5{t~t!
zNgwjHi8Z2=rutP+k{v=qE9!kx58R&a4T$r!jLM}ci;mvN6%pcK4p>f;?>pHkTJx%F
zQKKx+Xf)nD-+$q?W8OF@Tu?^Z^P&@5t!pOrB6vcL)61%qi-et3Y>a#Dcxww%A>@xa
zy+rv8Q1&&XiZYO{k;8Mf>OO<|)6;sulvcJ)FX&M|xCw2Fh#<~=`7ClsD3$){R<qC}
zhZkvfPyVX!dCZWh2&_-K_m_LS_K>aoNyG{0`c&*{V49a{>OL(YWy?CH^=n7=jrY5u
zM~RTxbS=Mhio%Q4scy<byb|e=z)$JdEe|)HUXgpc5LYrG4N<0})e%!O+c-1U_X}wq
z*Zh9S4s|e@$kq(j71HePo^LBn5=g9Ow2R8(i@y8L9|1{~40RZ3#f)tAL*pfEzjug=
z=a*HTPxxZGk%x;-1X-~m_6*3fE`T{&%Tsf%N^NUW4lCTD*twVxS+EYPTG5rZ;eA-P
zY{PqcK@%{I8HxzE+!oP}_6TfM%-xUxb$&U`ienMk$r%}quIUWzeTn@?<nGSh%`hqL
z%LKU+j8q)#p|)pWmSOnJkV92gndQ1TlE7WH5(43u?&6;PhsQ>5HC~t$2s|bmHn%2p
z_CS5k4b&KQW}bpX{V@@yVDU#s5|?c;J*w0vi#Au~Gv*?!2W50V)~KE@!5Ah^KQ%5c
zJgv17!DA|Q1oKkYdMoK#_|OQOW&m{5x_rI}!9f?s{EwH?5>AS~JEnUEk)v%<-4rYG
zuHi{#)l{^(v|6<#Oxs%$mw9c$%cNL;Hwcz4y^-?FIvbSetcMdNT%$&w2&UgLYk$12
z6r4J|96VP+c_#aGz!BL#J?fc2h4t55A_lpy^&Ke;cOC<(`OtspY#_wbQsbkp5a0Wg
z0?SaBo|l0gc9xcRs?@l(G}i#wRIz<WZd+uLr!BS4=pBnnwU(?!jl8<LoL+@$wQsIK
zylcD_CTu)0diyE2Jh{3=W6}G|$DfJk3>o|7Qrx-vTQ&nFMb&d1hIUj5w6xG+{J=Lu
zlK--RwHFl{*Wi9RVT`28Q>}&z-v#Y9Q@O+u>yx}QlI70Bx2D?B(2peI#s0{p{E@`Q
zv!jQl*m3U+sey~}pK`_yCQ6LXGinF3RnHEy5(NSp3{~`C^AZ2y8j;YUuM)u`vRra*
zqVi1r(s*mXG(NvKVzLaiU6AJ3OMWEs-4_k(t!XzzIY{<Yk2~j~GM;iis9&)v;iOpG
zmy78q6<J=P=8kGt8q2nPV6Dl>B8{h9=))LxsjI~Ca$`WdO`gPg((PdX2$Ou<g?%?P
zn>(f)yTlzoM&R>rXOgbqNOt3yhb)H$ZFCHBRbL(JOXMBBv8aX5Iyb6!S#Mz1{lt&c
zFQ^aaN*s(^n+Ae!7u%ZLwaHr4a6N?6DSqLYNBP1vgtOWJMX<3lODnm!oa}{D8~`8k
z7lV7p2hrv2oDtN(uBSJ{d(nQO;~sq+nPR}1l+evBqRe@scC7@SOfD-kY0i9kzE8_Z
zLFc#&#EtmPiPQ|pieAQHAey(fX)(-uq#e12lmc6`a!b1IK>D&=N9Sx~oP^eZ^Hz%J
z;m-Z4wUPU*MneK4rggfXNVM8gZd%J1#OqJzdi4G@YMMtO7zcBNRDh(EQEG<0;|M<w
zvbU<<ipv!$jvR~|1Cwpk#*_J1Wcn5(YFJLQvce7M-_vJ)C3G<DQ_jvHmM5v>7RW#7
zlh&~rY)^bS+H4?WIyrb&XTp`up<bf1FiWD>ww_=}9H8pu^gzWifpRlA!n@xc$id{)
zYbM^bWgx0j15BSdAR9WhRFR=@N*JYAbkwC8dpd$-(J@x@jx*WXRrBEio|#Il0yUm1
zY>2ixxSBkYb~{}_BU#c(Z&#0RV@kyaN=+}J)^%NaM?2Sfh2teg)lUi7F`HD>6t^u3
zgoY4JcB+vakLcRpziIs^bQ&7;pJw*;Fo^VSAA$J)FXb><{=n1lHUx&Ao@ux|Q%Kpr
zdQwvw^<l~YSF=f>lIR@r)tvkJ#_1fF_)*KmeL4@H7EyyX=<#RPd6jHLMoio><;=NP
zX3%rBKmE!KDzs4XBgX^-Dp>R;+4rS=Sa3m~gCEx*Xsy&6>}fALZBo)TT%Y?zu10A?
zdpL7>vUB6?p`z{Eu4y#c`2wUsxEet{+kY<<Qb}}ayX#jSI8{g*sZvR%&O(`8PPQv`
zIILgqtrf$aHct|nE^-`A-2a&ed<>ubm1?Yq05A`)Y`YvyIzt`e$oB(3qK=sxoa@QX
z8adPS<YarR<>^$WSld=maJ|)&YbC69NM<^>m2=mN`@8p98)0rKS>T>;fIOqKS+gix
ze4aVG;=b{2aQJeJe|HDXOaH1vpl%}@1|*`=E5Ei1oekX9l5)KU9m=ak9Yb7_N3~hp
ze|TeUjzyis;Bnj`5)~#<45P&nLnA1nRj9hW=49U}YG6|Yplxf$J;ofl*;evkK%wQQ
za{GT;#g6r%&QLo&V~<)%zh+-3ab0{4uR;n}sjpPIzP?_`2@UlCFk^II4U}Jb5oyQz
zMytH3C&{-2y6;&|J?i3DOq;&o`XumB$AEw2q$JC8fsbi4P+1D9tVtTF+EK63cwWgq
zYb5tPxJ7fxn{86r0m(<9HJ)>w$FOmY>v+VIVF{kp@zXs8=}L7GqXA(L%q?7Hz%h%2
z$Zr{E9{k*!xk_8ICu~}?mFzv_phW%O?V`+>j`&5qY2q?DMthr@nu_aayJFKP)caiJ
zKs03=8BB8TP*>(;B0o0u9Do1Cg<IhimGqW4=Ljhn)dVxvlw*S0oUuEaDp2oX$V=3y
z(!}@=lB5Ec%oCLCj#nf80Psd*<QWXq@~yzY|E49}A#H1HYblX@qph#f*rh)t&9I=M
z5#<8hC(gS8!=Pe&%5PIDEzj^pIX(aS8(5t&g23^JnL<4rBgS+vEf?$WqDfyp_xU~T
zFmnB}{sp%G$pD--Cbumgmj`(J7Wj)-knA~xtS6)fJ#vuLUd(jzfpL)bdH3ztzW#oh
zhh)%l=62m>fPEv|+S*QlqMRy%2|5{80{u|5Krl<ij|YE08jb|0SYu9p%`U+ooAOZR
z<7d>d4b_DMX#~DFojL>bZ7LE@pEkQ(PM=}K1OKEwRNsyQ3+N<>eFPGNl7-;0TtMxw
z$>KP?8w`pdpIg1RoBz*8P_NE(NvA2u-Z;OtMmNPc80wtC{Z>g)q2T)+>n0OYi9sh2
zCvyR@ULsI7Y1#@{EOpyE!!}7Z*cin`K+(Jf3oAX5ku=i8%C}2UJfW-MdLDeJX8`Rf
z*`G_3{xhggP|l#Gsp%Pf@c1EFXB&sv($$mj#u8CHZmA1N9<r$4e?M|a#>tY=(+4fN
z_Lu*JxZ4RA_$tLPhp|CA1FeSt`wxruUU_lDx1$ArM~4p`<4)fduT2=;*h;l~81&4i
z>H6&nvHcW9O^K%m`KhDFJ_VoHxg*Fd_8~^*keBFjNrNKJeU@?I5&V|F9@n|bEGHTk
zuKq?n-Q?2c`{jQ>@jpzpkWhc0>^pKW;Pb$>m>qBL{NkW$ib?G(&@b(7Y{j}@iZ{l+
z1~O7AOx!UWjXk(oFLL)_X~#~cqrXC+vVB+RXE>U)wFpDKT_2&XW&qJ|7eYHMmS$JO
zpCQ){p0@+S@v&^=i$lt*;0ltWfHzoneGBN52MpnAPUTy)-GzH@)68D{^AUjv4EqAF
zdEav2hSmE-SsJV2tQce{7^1e2aLfEq1YT^>WIDXB#iEfJseT-0(_{P7F^&rBL-wo5
zRU!_=gRLT`cQD2Lu3yD3ARw@r`^R~4rW&KH@;J+5`(no6LZ3m(sO{uIA%yV&W!d=a
z4WQdLMT?+0d9NLz(G$?W%=ikRiFtPR!{6kGr;5&`kC@th55@x>AAteRbRj9U+4`6~
zfLw#}tI!jy4^@6awy$5RY~DW;;(x`})`KmAWt%tueN1>WAOC<Xk2_@H`m2NZ`k_X^
zLlNAUfqDQ=(*AwZK4l2SsY9Uqp2QGF_fEn@+uRS^-wr=(zBZ^eKW}y!qqkac<7-cM
zeQ*kn{tC=nCv9!*^w`)~6)<BuddNIjyp&&6|G51XM{zK$to;xs^#dr`PbwIgsPYfc
zgr?<s|0Y$LJddD<bU_r!8}Gg=xK;fN2JiF|%m^1ujIYPnx8~0+-xDQm|LzFJOAZEr
ziGLq$W8a+uY+MzBL10GDASKb}ebD>MrIUtQd4c81y#gWA0UVsZ^b~VMPVCF}HJ?d<
zC-Fq}-YBH5$PmwiQe0x*6@#x22-jKwlDuNGRod9d$Vi)(t}X|<oiQ(q#wdG?>*U6_
zuL7<ZV`KT_c<MzHj*)LJFJ=!obAj`;L4m_?jieRCls5nh@rhPn?rwYl<`*5=C@*mG
zB<SjS&E4lIL~Xa^L7-y>awywKGvln_1L$t?Py_2l26{&U<Qt_RO@MJ;f?c%_Qq`Ll
zaGv}F(XY#hjIzGruTxSSKwfU2qYyjLp`a01!tZ;))Y2NFWhwh<BctCwL(CZ3B%p8O
zbk*NFUeFsD50p(j6p-VAICw*daTn;v5&?~Al)*(^UESg;Zuh!Ts8EEaGL*h==j7MZ
z*Ja?gA@@dgAf5(E@>xzUu72=EXkzFsh<R_iocm@%#TX)eYX5_xztu4Y3$5PTM=C#j
zyBPkx4aJi%$>IO_1x4r{w%^V-_+_wv&S*nn4VG^I?UF!eb8((u&qyuf{Ld(50qay(
zTYDJRa!<T|&g}>PhFMHaohaq)1hAVkv@LW&(O+sthFy>~4)@*wE+|j2cx1wYHYhl5
zp{zx$EFd(IAfRCgE^8#%`ABhOS^in4h6m*SGew@@p=sC*Ea@5Wgl>GZ@_t6ELJAVW
zgT|}SzTp#Gr1|9ZU^yo3AJ3a<d-=v{esTpD4Zl3mjt7s>_IW70m!<eC-d-x-z82P~
z$|ra{UR4FqZZw=eGo9swOfLPS><_-V{p|-qKN%+Z)@_)xcnF&n0HUuuqTnIz0gIr?
zao{ZZ%(v@EEDJziVjW~;W&!n6R0HI8=`|Vy7dnyt%eOE4iK@~lT5V9Lu^}24vj2$8
z7o>t0?K%?v?>kzo8a(o!&&&XVg@<-?cmS?$T=A2gDSVIWJkT`RK4LOZlrjc1f-%EC
z_z?Nv7@FvgXp*CU!Qqp}7|9MX1GCG$FPedJV?VgHQqT`AF10ZS;N)M$A1+}B*1f)+
zG9N#nU_IZqw-55-#uqL;hy)I0Dy%9$b|Dtr_IJZi#@8SH)tZ-tFP@y7^t86Iae~+U
z4}Ss92;PMjf&^hgiwI4@e-4FTEu|eJQiHzT&G<R}50P@AU9%LfBdsmhraL=R5}EhO
zK|7yfi}j%YELTh6(j^TddSa*+iH;C1-&{ave?8X8PeuYCcw9N;LZf)~WR9z1nAH^0
zi#AkNdk$cD(93-?37bt>f;dym?8ca1Reut9`A5&2*UB@$WAb@->qy+|*RSVVf7#c}
z#P3)EiGl}cW&;4)TWD|gLe>rp5gy`SbVo58rw-D_%KN$h?~nnt=teq;hc<SJF&wlu
zvGsfU^n?F7@uE;1Y7yN5a4eb(i}nVEcV2Oc-uy!km1J%o+gpU=`jXWu&|ixIWiL!j
zJV^{}eR}9jAGGB?*s=ScQ@`#MPmjoUw70hxX{YKGT?sl#^?1qH-JHgnwqGgim=bii
z^WTm&KN-yEI@7-i5vCfb^<@f|_S!5o1UQ?Sg1RG!{_oB6+BFE1XrK0A?ueAk`66Y2
z&4Vow|886{9>}eAf^cT86<pc8Ls&P+?9M<5)7BYe1DjwCuD(eld^@y9e}zpI517)8
z^a@l3p)69$ie8!9Lth5133efF#=eShUBEDC(k(T1kkkd^FgOi7v3=Zf(*M^;)Q(L|
zSg(SVA=Lwt@UV5iG$cDEZ&XT^{ro>0TVR=&`?v4p<A;UeTF-0`PtQ^u%xS;^S8CCn
z_>w21y(?VaeY=M>C#TMU2sRmr9glb$RK7LkFaOWJiyZMXcl^$#ujA&UQGmKPtE+$R
zNH^vRjVYc&57U)(yzW&70>T)Z6ClmiB0$GcbNJ6vbxHzi@cJ7&F{>iqck*m6at9Q!
zQ8L3x3I7-`(lWfzVMum#B!;yNpv?*y%I^|3q|v6TTAphG76=cyQo6F3>N+nN;ijPf
zu^eNnfch@CLZMY5(7o2<OF{t#?b&nE^`S@f!z!&zFM!eUuwRmvPXfv?w`hH%uOC6-
zyC@ZE`ugKZ!2MX#TvCA%yEW9JEJ6TzWIO~$wk?pl=kEAt-Ui2^sS5loA_VIc03Jt(
ze11Dg)<VWJtWR~0i!e{J-NoD3ED;i9WFdZqO=xw}YOQX@8LE$-O_E_bboTX4A+ISk
zMuhRk#GRL*B0-}S9E5jht706|Xh)%McKN2ED;rB=AT6eFkn~xU?avO!)h?Kq{g8C_
zJpX%48^c^q{C0w57=rS%FtiV0qwtBIuNN%ma6nh{(TF{YBM|Z$Q4Nk4XKRi{UUa^2
zTu9p!J+srJv2XG@uU1e*a6Av5mZyz&=c`<6Boq4X5)E`o5oR(E6*}ih6*(i?TPx%q
zFSKr!K)PsQ$A&oj$G~xEH-!u_eQMjZivjhI$z-`$w_N+Oylcy>c4os;`Q8a@%sbly
z8@khjrUgk2q?hv+)oz;Iw(_ZyMr2A)3<YKC$e==243yCaMfnKMLWXwC3;B!MM4Hj|
zBoB^2dTLn2A;3tmga$zVyC7Ppsi~6K(N)7~c9s-rXB%gqoF~HNt#AAXj>l@UDwjll
z-*K=iQqq=1IcgB!@bYX~uMOc$dORUF-8aJi(;_TNuauem<?tG7GsVfXZo(`x1_fQ6
zMvneO_H*~z)Z;Ev@r{INnb7A321y}UEy*LwqX}+WCcTy^ZY`3xAtWFTbM%%!_uoOf
zUN~`ypkUP!-?5x0VthZB;@2K>VzNH{KEXJhntRc{-`=+AN<FXjRHqL0yO>pA<5+I3
z?JcHKOj+uAysI}nUM__!&WreDI^#_@8v?esnwZ4~kI#CGJOflucnL9gAck2=%l-4b
zczD(#^xi$7+``)lYkjHlWu8ragoIakv&>32)a|`%3AMGs%sVuDY^KRjHw}n5lZ|#q
zyErqeq7DoQbnErRlF8(Hg%2IrUR{NrM@N#5FWH#%CZD#aYH`e4hzb%lj0yx&+b1D+
z^}dBY--|Oue>gBOV-t2(5$T6rWkc@2>D$d)INJsfnK^alo#N1usyMe7oS-<V7;%#a
z<fSGq>zb-@iYY6H6A$u2`X#3}Zfv_aZucRLNy;0Zfr`R+E$kB`8w2jM%T&PgsL7T;
z-d5-MG!c3>k!sYKLNc7Isk!=3z&BS-#eV?$mB`q|jcE6o`PL+&R}VHQ+H<8_azj8e
z#8Bv!_RJn0k4zP+_|{U2cB+SoP)I9avxzGGDQP-(z~e}VVWk+S;wcnCZxr@#B9ddS
z8hJO!OPjY8_8@T}Oo&FAWK1od=|a4z_4<W4Qv=AKE>op>y~klzIu#&KNtC|f{UgKG
z^%?jCwJ-~<5B74bTRq>|9*Yn2-zR8g?87kx6d7k-Q_s9czWdEL`yWqAbB0N)0_#1N
ze$7}hDO}#&`J?&!2II!hK|A!-)pXxl|5fEK8D{LP|1rvCJR$6%QKw3{SOwN`-)gwB
zL5v>d9AC&n9*Xe}HHkciWX2=3!dqU6#*6TDED*1wMXoshR~0qS{x2jvniOW_@E7r9
z0<(~9B$DyP?#+VEhJ(Kt%KMDSgj!x3%00opG>vCTR4zN3UFkF<Y@Jo=Jl)d~GY3H6
zd%o_g#llxxG&^@ATc}uW2^N`s<Yl9-me!i-5V+X;mH%<*ECpvCcJHib`Nc)cB4538
z5EzJaLRNO=w3W=IbM^K0XEou_OI<{ubCSK^?8-|ySFtZ{p+mc@-^$_pq+NP#3-WgV
z=}2HRv9ap>pdp&RPX=*9Vr4zoop1$QZjrVXPuTE_BlTse&wy9jCIU|4*s1>sC9eAC
z#kXfZt0aHfntOkMCVoXp?JvVO`2{M%6YKgL&00bpt+)E;1n|`*=Cz^EYVE+Fd$~=t
zox-S?kt#{Uu34wJV}u*onmY9wA`E^nEGtt;3lZY12sw$|z=W(rOONhXUf0XKzM~u{
zQi_2s2V080sRm!I(l5-RB;M&GE`6Vq#BP509s{*Jx-{`>gI^HBj7=!Db!c{ORM<#s
zOns2STzr9)R8e`N;YrQ)9n0nPjq=r2aTX>+yM&IEo=OeXmcnLh3FzW!z%d&2x5q$6
z$F$7DnzCEf&pU8UN63>sF^&vd2?{eCQlurnIcVmJTYQ8fE5>mJ9EBwkE`dz$K|A`W
zIVAhMQmzxS+p`UR>OJ^&KF3nx*)O(n*KMx#et55XGWni1co&VPU~owk0|YgCt$#co
zXq1U1#brGwa96~zSF&&eBHjtMWzzRkMgYcj;Y$Zot{Z>*x^+m&-T9#oF+bl4s1{gq
zB`6PQv!5<t@4Pafbz#w^pP>7q_M&KpKlyOy@A1{Nm_^2|BT@p2CQLonhi`jJzvg-d
zWWNo$uMZF-cS<_>Xeuu=9l?r*odQ2?LRRj9gyHK889Q@hb!u4-TFa`8)`e5T?7A{v
zsr+Q<$_)K-bFJ{Ov3f;9Rn(fTO;@#1sEDc8+q*3+>()epq!p{-rZQA)!gH{()7<&e
z*vobeL#5k!Oi*EdYx3+^p-frjA0~kNbiFImHF2%Lvi->;VXcMh7LU$pIB%|7JDi?9
z^OjJbCdV?6k`+;7rR2nXk8Mp?KU*ga7q_TpTn(5Ijnx=IMJJbPHSD-5%KLJ!m4ATs
z;nt#koUXZT_Q*km)HI(2-?Y%SA)R}c%sU<B&v)d2ftA`g_8aWQnu<D$oJ74H)hC$q
z*<N?pPrqQfEO^Ii2mX-U-AtlELFY+sY)_>_zGq6E&VCi`{XzvDePYmk0i*pa|4f^P
z;jm8shtZ=3&VT^y^__#XE$QA}QmU<%PKeN<F%Ch)p28MLJFpbxI|(^?><z`GIBJ{a
z+4kmBDXGi3zHd@wC5!+wU+gt7=8`RI579H(PzmaLbgD8>{YXzX=r*jKBB#gdAO9;X
z#=a9Xle8~#W=WGN0UF;n8LDv#{^swMoF}DFA>mR!ZnE)t^!>KC8MWBV5m=0s_xgL|
z!wWAIGC!!6x%i6xtw!uIPA2p8u0i!&@VUhg$S*y^vRq76ewusB%=PPZfN*6Ng^HGK
zM;<;W=QbIhv8pBy!ym^^p#}J#fVuwh&&N@?%dd?vpG(*y`@cmZE+l2eThvDkBb0Kn
zDv;*@Q5sO5tC$rZg}^Xm)gK}JVp5@i|7)1a0K;zGM92zwpk94r$Q3~JC(iS3V2Bjx
zLw+I;^Zv1bOidi%fIa&QHmlCAuCXeAP>ga01q1?Q*6*CLXh6QWGkxv=odN4?2Q{vv
zV-4TNlOI0-@!g;*Xsacx?8|;0ysQr80*5gx^4<C`nO(N)TGjj3+2<!iA5^MvvF+v<
zB)EzZW%dAOGn3FahQtUVs^}X1pSzP{xQEt<N`dZx@mi|jFr9)hc?7f)rtxLe+b%;N
zevq;s`U83Ouy8vcAOOh?Q~EUN7FhiefOUtHwufZ+3E1UpbwHU0tgcQ%T)Yqvt0Gje
z4~x1OVx}VC1vkrY&b{}7{JzhO4#Lii>`|b@*9~p&y^k@BFXx_=?VGFl0Yz<qmcJ%i
zZ(8O>K$qV%(|kY`3oM&|qaOlm>oNiH^u|cY;9kdW{bFZQYI^#L_i7)o0!a6^a{@jN
zAhD)+GT)|q2zm0*sARNwls%6%RvV(ju~f9{nB4u$Om}I5KlK9#@)rfhmj|=Zyh*XK
zz83A%YUj@^uYfWS0K7{OeNb_!dVieK@C>!?W&nQ8;~c@2emVtxP?xn|835q*Tv;Gy
zqTv`jR4&tf(4ivX5s>8S?m$Llo)p`Do<XJkRDwbspBw4ofDmNfb`Cgvb|^_MwE?@Y
z9)OAw28t5DBq5o<>1~?zSR?Lw?u4fQS`7nBasfv~%Hhl9L7`PN3qoOLFO?wAW1k&{
zedLK9kTcSYin?9eZG!_D107?8n%rUeuD$pKR4-R0P7uSOAC8JMQD*BBc?e;`#yE7V
z*<>|70|hY{Qd-)QW*mEK|FYOcEDAt+J^q1V&Oo>(-%9+^u_B=$Dx}4d3Y9XRVHRlo
z)n;@^2E!8*6T+9>syU)y+CVfTL$FQfNN=C}(O3!`OH-nXiVC1U8aDM&%qU>PLlc}W
z4k9<%3rb_W!Uq<p8|8HO)%Fap_C|PrOA^3_azd-$J5~RR*%d$ErioBxigGHOq8+FA
zHtrmg3R}lExYLToOrxy<h-DL17c%iBFp_T1$<qx`nNsY@;dm7#zPwM(LSrRIKosym
zJ;b-fU-9Bbx8I~tIwlJmsU7LBCEB|xi`<AU4xZc@8Pkr-w-Y!XQkEqu^Gc13_@@o4
znpUpDJV-Wg%R&nPQ$QfdNlaaJx7VLcHj3@2fg;a#r4oOWCmj}*D;ccB;;q0GTZ-71
z6dqDiBf%!lG27P3Bcy*NA$i16z0}|=WjSaxTJE83+@cP3ZvtgF^-P>OS$KYJq^4^0
zh~H{z{9@C}bk<_a`o%@Jd&aDnvOEPUWZdgC5I}yijrIX{O(TfvvHt%4XUpHfGn4&%
zn-6pd!5}5Q$sxbc)G(pHk|Rt67lY<FZ4@awUkW%p&#<G4c$UKY@H18N^v%VsVH1B*
zA?Q4%I_-J&?Ny=9Q5HpOPnEn<X4*|RFO;<?FI&mjt<6a>s5&jqPqG;3DG0bhxtXeb
zds=gcT3q(H9*UZYy)U|D1^_|!Y?5$Qa7#>&zMRJ+v8jQ=A{ve>E-ZFAJc}mS-BlsO
zCvmtnpR-DjIR294^&Gl%ysn}@LbNzyij7QJO}giJU*5Gvt9u$z_b0RoCcrWZ%2$?M
z{UW+Vx0Wq9S6omA`JK)Ah4%2V!_(w0vJ8hYN4u-on=<67(t2DiJ=<@%4=sv0%Vpti
zRyz&9;7us{!=Kh8KxA4nPV#mamhhaHmDOO__;x#QZ!)z^H~oNP#qzv2OC)S}?~NQC
zVa6^(Mr6~0_pe1JpQ$M7yQ~pR$>IjU?~0$Z84Rm;$0F*wT(K{Hf8`3urme;%{Zz9U
zjXn<i_#0Pp8Uul!J$s%$_@sN`i`T^DWbf%#1&V{Xq~t?v1kEkKM82nCB?s(vX6}O#
z3Vp-M+W@-}*m!B<F~+aEEM&;h7J|WaSdz6;b_0h)^D~!QU&}$zVe42HYu<CQ^~Ho~
zEd?Bn9#O5`^;}Uop6tXp+c;W9ZN-G_pr}*XgY4;GmgF->l$Uvkk1P#kz3Nu}mJ2-h
zVU*2pl21i9pqtIge451o!fb)kpA)5=homBcI~@q8elEY4TRtDWF+nR9zWhAjV=~%w
zqY)O$)n?Sagg(+7Ie69Wy#Xms!a4W(fMn;hlV+7qe=tOANzqkfuU4Lie=F=G?~;VT
zCiDS*(FZbi?|&IxM96z%m5@vOx~>qmeP|U}mMqFBVX*9L9!nrR1)k-fybb*zbmEn=
zkT(jYl=H0scny|1U0W0=eoe?-(FHJu+hgvn<Y=5(26THHZTFP|CluH7<AdaZE7Nzs
z#&W~WbbZQV2*Q}L+TKU9plZRi;G(%kR1KsWH?^Xn0TqTsBH235+*~Hn1(RG?x-Do_
zXRTL+#0A`4(wZF58dJYWcf6v`bo^RXw-dqmao2OmS%uU2y?s#N;pxIL5lw;3ex-J~
zc5G_{a#OOaRMGSO#2=}*UesbItvnI5l0a{p#C*B^{^7nE6!pPYFefsSyjNV_=LLj$
zdJGSJq1Uzb+4HLv8m6WhiD9<S$&SJwfO@~_gi6~4*l)drG&>4U=T7d5ufA@p;JnGe
zI~>(Bjah$E;l{H5*iL8TwLLvrD_nf~OGD0$S5MyhW<B`svzgVsp}QWp%#4*&x!ahX
zUz&K#U!d!!U%zWXryD($i9AHE54b;>Kb07Xx1Mg1!^zv%okl<>>-ukPBEb(I?xt^7
zPQ2HpWjDX?0-7kbAmh0mr#3yQ{QIKKt=pBvq8&6k!!>eJrF-q_dm>V>`ABN-`hlW>
z65W>fyJ@tz`FM$p^1qix7}=PZJJvVSOwI~DE&>AfT(zs)A-&!EIKL$I-vH{cms|4%
z4yu)~PQJ$ub^jav#!IJ7>AL>A-uEj}E+p}0`FLQ}1ugTk11C>RGygyvG|4(pajuOC
z>%XKGra$qQ+3kBMHf-|QbknRFc%mW21M3$Ltedlgo6pY~Txpd-`3&}TY}ytjg??0k
z_mLRd?tL0wEEs79CPv37<{I=N@MyKhYDZmeIti#VhaCEon$m;aV{NRKyftYUZ6%du
z%ZMLYEQIj;h}WL*F0oDy697H3oj5^i&o^kAyx=JDF6U_0gvNVk^8~(taJ1El#TAep
zm}AYR^PVRXkn6E;3bQ)jrHd;0O&O3k|I00J0)&SfF)@|g9c{j06Em__{|2Me`#VAw
z9`SgMB^9x1NaAee(MDbGOZL$DU9&&J5StWAK7Yztio{WaI>qfOMPjO&e9oS&uYZpA
z{XphuCmV`fxz%r7#227{4MEQSURDOU7-)KuT3^CjY8xD!5h6~CgMN^rQSvU8@+d=`
zUI?5k3Hrklx5vrg`;S9WgI73ti-Cx<UZku{&^1_Cg!QxI`?I1T=ATKDG_iNd6f0ey
zNcD<Pb~kS=Y?jewKGa%iKJzs9Q-*JI?9tm<0h-@4yH`~D3G)KCl}t>BVjE40Htul?
zBCU^ttsF{<(jGfFQ6YER1^FKQ09bY0ez`aAsVdj%Z=DCZi@uH`Yf$C0veCWRhebmz
z-rw1kE_X=Ef8ftBM+G^0jC<tQa`^s4eX6Kdi$tdpWf$4{3P~qJlt3eOBvj;If4dW-
zt*p%)V&-<Lo6};vOGlEBbC?)Z12t{uhy_Q@boEkAaQ0Cr^^^2nXdW<58{@|V<s6jc
zlTVXP<ojEsx@(MwvzW@%yHN>UMz}gv=(Vi~w^Q)Wy4a25)ZdhJs-}KGZ~DQ&?wn9X
z>hpoy%0V4hBRZNPBe$33s)drsKq+)gxiM2RGbP4Ip1SQ~4hbs73FzN(f>fec8U=jk
z^<fqRfj6?S`_f&Xo9y<2N(&DY3f+3j%GSb6&7#@C;NAzYjzprQZN!1Y6E6_!p7Qf7
zR7H57%qUrSLKL`5a%^%lFg4das<BbMJXLZ$&HawQsLiOI(se?+5GXjUEGNe|vUzA5
zTU^-T8bvg?ml{3QGqx$=oRhALrIk}tO=&5_0guJ{tu2kH*ET5_T(@mo6nW;7@tNWd
zawv-t&bXAdS%2lXdn<9Y3GU~o1H1cCJb$QKrzJN4CU@yyTgP8N+6ytyvfXLHam)&5
zpuk|4CfX|0gin7=IvVL~U7ZW~6TN6>U5((g<c>0U=+|jFAFS6-02^dQGww}NWvBKh
zZ6%ZGjO66%Mx4iWv(mdK3#6>;jrf`0O4)RMYOHOz^7fAqLo-t@<_rmZ4s&K+bVnzh
z4g8l@GxigzT)Hy4*mxFeV8pIDHi?RB&nBYM@BGj!%gOAu$S4o1J(G4F=-_qjW9eLh
z7C{c}$?ZW6o$3CGWJ!ZE%jVe35vrNf$;<d*f!qcsqa&tOE%bhE5t%*xm!t;n#+g>F
zB;XsSx1MC=O&G4;>N7Nm@EBc2{flS<mKn4O@@3sX{i^~I#kkys{hZ%q^SJRQWt}wg
zxJwyfDPs011htUUy9zW7{qnZ{GxCx6Vm6-+F4{UazS(=tZ$43$DTea@pTSc4Q+-3E
zfx%T(*Ys+v`_<&&U5cyxOR_0y-^HJ~Zd%7AGgI!haJAr-L-@u-a#ep}4xJqW2%mwp
zU~WDBqqOV&=L&{uMIQ2209geh)Hzqena;=oz1==#4?#LGCg=Oh1yHQXFH*7pa;v$N
z&+~<_a`#%}^$nLk)2+aQcfWu&9k{T=l2DZxUt*xr`@$FvGZWMBL-v+KpHz;;;2K`i
zb{P|PF*WT89vZCZZ$2ku1!-xNNO9`j$0YB=-U9YG_JNb(2YH_b1RHyDzl8>a&q7cX
zZf8O*Ma%~{7-?YmubNJZ!bZ`z(K7r}k<ZG*l29EbGCfc#n+7iwo#+L#68_6Ch*%%T
zItd)cPU;_r8AY0qx&C@tHIuJraUrZg*S|!#j)0gBP`zPXe1#z(3rXPPVAJ8Kxd=Pn
z!Sk@Gz!Ad*ku>99j32k4B@X<<Cp-Jb;DPhsup`i^h-2asuod>rvs^4d>1Z}KHvGqD
z$7X=mcf)EFB?4!aH(o;3i5}3Vwhy&3R5W77_au(>>O4Dd%nJ~P?v;>~Tpx#!vJdb-
z&oV((qQdklDzRE_jn0M0oz9$*Yfq`nWc}wNOSf634DJ`7ka&^P<-<!td1`JyHUM8+
zuxyu31rG_aJMMV$z(-u|mVN3hNSpnMAe*Zd1fn4Wbzov*ZP;0CwZjniJL3AF&aFh&
zX9GaDi-hWOJJ7us{N@ey#be4(Zi6RkMyWa^2S}+a9FcMQNYc-#6frGz%j*Tbn#Ntj
zXo~%FJi7-q8%4;r(UZK_`7q2i`*w`~5-Vk9<Kvo;k|Hqp;Cvr*E-HW#(bYXLPlhCR
z@pWUaMnx-7KG<5kYiOG^d<Ec~)s5EC{L&is^3q>t4T-$nqT(u{sX3_Qq`}E)-9^L=
zToaFqa`X`9tUbn^b4-DQ6n0VpZxL_ox8|05O{d(d^VD?xsbY>H$5u&$L<%qOYGi0G
zHf}?aa5&KOm6=tz0*dwhC%onxw;2j!csJ)L57j8ihV1C`lV?<da?=%*{Zz)f^QJq;
z?nZQGE&nLzC7I#Tv$%AVjDoVZN+*2a&F@ow6*O~i9A?8jCQ>Fndi`oGz3uys4{lM`
zHT!$>S{Gi_s9P50Wvt0q5+ktbTw$804h<@aG#kZMdfA3xOPeG23V2RD26y|maX_v(
zzzvx?j*CdBu`^3cU%$Jrsp+Q<JRVX*b~GCxgu*-WREBZ?!BAX^2N0W#$o%N%f2|$~
zYyQw{X&i)eb$4i2UwC;l#m{IoE#5QYE_FNMGhYN?h1hA8ByuJJGA{31-eo+<uU^(S
z5;o4sC7ib6fk^bm^lf6JE=TB8M6L_Z*cnuf_DtDgOSqwj5oaaM(lh}fSt3}J-ASV!
znB7!>*`ZdLX2!bmGEY8Xfu3?R<amJnn0|3|QdQ$Cip7c>ce?qy+^GPL6WyXv|HBpf
z(i?BrJFZ_8+I?p6%i@yJ(CFrsd^w?+SEF0&r-eeF-&($5o|`?|Gq6I6x1~&LSJm*<
z2KObAI86OsknEO|mh<pN(Q9Wyu2ioiSslizO<k<ju8fG_EKkqx%(s84+^IG>E}f4Z
zrr`W+UJrykdBEPnt7u2DoMNJ`Jp#gCMU3E-!q&oKzx0oQr+FtXi_eu>mIjtTrMdCY
ze=2ZZjk&jk%6Ev^>>bOtbRPPrb=M+rPR=zjdJ7PYr#l1Y=fes&)@t8~%;Md8c}W3U
z3Q>-nr57B*4J`0Vx93bV!N51v=3;R_Z_abPAl85|+93xauk}{qL!;hh8No94l-|2U
zXb!#Hx^}p}pqw`S4EJjC)nd!pZo>LnE!@_k7m`ReQP|S3BkeU-CS{ntR=BXyl8qP=
z)JQxzx!yCzvuZU$!F?p$!ULd?n1ZH*EjiG1XPXkRv|rYavn4M1VA>vRv!ktlMw)#n
z6hgJGrx`R(k(MVR45Dc@#s-l*3v7GY9fY!ix&Y<-oYZOT5=E@c^_Hh7+?|WT<R?Di
z80&ToZ7ha_0s#ZGzY^j|+$hcM;UG|qW!MSOs+Mj8h^noDV=74f#n@_vT{SRm+|0{3
z(Vnpqx8C6<*^zfs74o)eTe)QcakdphMo+M)?=tEk$VZA>4x0ZH9ON!6QcElVo?7_~
zP<V$|fv}-R4{ulmC7#vJOI3iLVE2v>Jo0h+;qK61eCHadJkoo=4>&0LuCe!kjzcL_
zU~g<fq}mT;lrB!aHjax6d%K{iZYhDj{x;8c$sA{TGf6dSL9=KgC3RD)N=^5Nb+NG@
zpv|7c$FnX#{>_iRKXFXgXAMv$+`cyxd$APp#}msuTc3G6Ob|6DX<mfSv$|r4n&C~G
zJk}}UETmO1zjwzkrhLYRztY8;sAF!HDUQEP3+^|lDvzJ$$So@&2wkYk^eC~jO)|Y4
zYif{UG2J^OvAEQVeYB0EgT*ZBKI6_TH0@g2oMSD&5ynWDMqlb(qytTVBYBLP7j0ok
zNh?$e@5-6Or59CV&3cIPv+OF!TP6-7l^FI&^2_|uX;du%BcqrrUm(TO(nH;v(1nKY
z>buT2yH@mCdNSjMcC+TJYpZqnmdCzmg=+F&Mp{ml#jGo5uZ3`)Gw6?SpDC)sQtqBR
zW*i2jYMC!h96vo1-eI5V2vFNGmscK><9p;x@&Ukjh7;U!`1>x`#%FHmMMZovpmUWg
zl3ZLdssNH2&v2mm;PR)Dq5V(2J0~lBsW(U2=?*O-XZAMrib$#7k<@<_#Wu@V)Oc5c
zI@~{yR|thn=hB7tHt?;6UGzTq0sz-PjrQ8wm9GsQMa(O^tc|cydIuxe(~ul4N_>9R
zcpf+$)Nv?&fQ($Utl^wa+OhCFH+FX~PdaUN!>Z4~pmBM*&){BbuEl5QUU&gAuhqO^
ze;V2M5ju^%4x97(`yDR0o?mGmB?`Gn3}UU*w9<wN2DrIfeINB`iOf@^S4P6%8=8I0
zGZ#HPZMb7iTE9syfUm3Q^*!VC-J#HUd}RkAFJ0%QK<8S=*pcrqhrKvg{<Nhdhv!o|
z`SU}r&9FTF$3-_QSa=?{hgtNo{UJJDe}wCqf+}YrCb?APk6+7g#HBX`ZAf-Z7@9WN
z<8T`q0rzu?49r}T;Mxz3l%)>3St;IM>vdI$loayl2@NqGH7CvFl@1g9Rr;=)^xJ$`
zPGqGkHMNQe!Yp$7(Cui^SBoj1v%7}2Va5Ek5XW?;I|gRI?|ofqES~yET|G^)v6LcQ
zI_NejgrRj5lnp1zD-AcFapGl;Z@-`Fn^mpTINiLsA)SePJ1QRaLy8NpbhMxEtkspF
zj-H9Px}B=au`e!aYlj5xsZg@0uxYz#*n3J9wH4jCdpVs+@+wfZj1)0nCTf(71wWYn
zw7$^xqRvx@$?C1kUxUB7eSW~P**4Jg{3Z;+kL%27BG$}Lm-nX2+bcWlZNj<Z&eGy|
zXdkh%=T<MVm*=8qK!>NFyx+|C^4=Y1JZy3MM%sSs;k<t8_A&OU{Oij|iX0w+azjc=
zY9oHP{lpOYcw_VOl<7Si`SQT~Wc%}38s?)>p>1rg*G7}c*>4ykXj~U7m8?pgV(iP<
zGBo03D$Z+(%<pCSI)e90ttKn%sy_7NU4ZE2cK(9tPn;hW@S-#*L0I<?9j`q;y;tCD
zz@JVd(;QLfd$vM`MA8fWSeRXx_coM$Ve=5uap|v!k-ArhDoUWRc#}G|SI(dO!_UUG
zg%Y`CQ+X<V{;p|>i6g!;Il-IEj9?d@Qjv4=`3BO?Xg#r4x@zC>2l8JXIc}sl=?BcQ
zLUT68ZmE-FH}{uz_p{Q~?u)5&46gK<UQy~c0)eIb&jgLw{SU~JvCJ>o;<E4^Y+<gS
z?(G5a?zBn5r?Q*JVr3?9{(Kui0_Hu6f5mm6ju>nwUn=^Gi1Oq{c@FDqsGin-AxnQC
zhH#0HTdpnSo|z|WeW*b58ScjYVZI9E7v<EE$YWuq*}XG`hJgXjNq<YYM_wbuy(z7U
z_Vc=8C}>TXC5hlScoRi7Zb^;JOZU&OA>yFt+u`?HW?$2!etExmZRgNAAJwBAx<7Mv
zJAWhjOTJ?6&PEoX>8t`MznQ&u$lERl1aL5=s{`(y*M1vx^hOHc#7Z+8t_tRso2u+~
zS2j-L-*o<*kL3~}$2r;Q9TqT+(a-v+m}ls-iuyV%MIY(0L#y5yJTm@!V}x10fIz{D
z=9P38D0?p0&A)8k8-foeT=Q)14lD5Ohl=A>S1Q=biKO+|0;v!u8(Y5hcN(266|9}j
zU>QcsFKY|8-`^KXjL*vSujF`K#iJIL{E{>5X!nrJOup<4%LZr@?kj4E73(=`Nk$k%
zpw;I0#X8lZuiBR%&19|d?qq&VV#`~}aLYH{nR33LtEVy@I39|2%|JYq^4_GDry}dd
z)c@Y?kM=VYx8fw_9rLpuQa<xl_%^WU;U3rDvP)#SE_m_AdkwFxMdE7fz!Z?gj&+_B
z{reKP>xsIk)dUgGYOHn=d+X1n44p6RQcv{#7T1c(`ETDO<;d0y=?a*Mjl{n2z4?QE
zrlI{`g(VBE#H}{0P?>p_fZycf8r;1lly*Gjwg+a3qUpPpmB(d=+vue`AFTW4iCk|!
z5WTxR?28+FaJv_Dq`E?!Wtp}E+{}y4$!}tMJC;^;&!jZLOiPE9A#$2_j(^1Pa<vSn
z6y69|l-sA^H?FK~Y;cgdI?um7ye1ic^m&Ux*rbO8!Kz=gEhIn7T}d-4h?(d=5ZfZn
zW~D`3zmUG(EOImlY5^pbY}&*750Is%Z2zT$_rx8|CdiUTo2`FO1RQ=MJZCK2EBg{Q
zOQ+RMILb!Jvt3)4nyesLVL?4|gXG=*QMGZBEx27v^k?}vtcJ0E-(|vUZjBHdTCQ|G
zQcf`wc(Tv(Nb&9`;g+=AyUOmTz09)&i}MBiZn8Y#;k`d4VCQjQ>?MIVRl&SZB~>pZ
zzf<O_Kt{kTGeW|RlVlzUY_cpGx#<@U(_<$0C}XtjkE*+R9_tNz-dwWY(CIZKe7KF2
z&&<|Z_Q&o6+=m@Ti$8UQ{S6A1>out!5KP&wWO!{5j5dC2%hI}?my#!XIQO)dCa+1s
zal6d1uAYLZz!fv|Y|oyyF=aK%aa{4*nc=)^L|*Tr@y#Xu(`Sj;O<rjbzk7zG8+2Jn
z`d1M3ql8S$`iR~hCgcO+Ci%2;`ID&y4^MZcnN?9#Ej{Dj<dpuLfZ6YKBxu#QCdTwC
z`2c|i)6XsPd^y$iA4)^?smbu%Xwg*r5Z{l0!+M!CPA*>q)RKAcxrV$-?x&pL-Dj4J
zdV3w+na>6deZJCbHaX%RF!(o(cf6=%LTUNc=rYR}ftk3``Hlp_!eLgaY`uHY<EbXg
zMy6Row~YU~dDOn7f|GcvBTlETTG~&KRv{V~FYRUCsiWz~rx&BIrFz7)b6{piJt$?D
z<}DXP*TN@Q%OkwQ+6_kg=G4dn5o~`8C{fbA`><S+{o_fc)eVsk*T#cKBQ{ybtXM7@
z3cAp;v1P{+LmN*DT}I6ELkVjx^JtHJ=owgqun6E-H-&jFRZwO$15Ljuh$fl>_NaIR
z5<^{Qy1(UItKHrjCvGLz-))+gZgS&#avcKQv0Cwm;t1P-!)FE()%?5cT~2a3DjDOu
z?lwuP7Wp<$>}RA07^m>F?`%;#q?S4gs61x(d56tC{zWnKC&X{x_pgT&n!;!kx4zm*
zCPY!VC-&-k&hB*#kW6P62U|c0tPeQA{lJBI7XjychE+cE$}UTIgnC`TaVzkf;QRkq
z9T%JvllH&sw&0iiT!@Q#pl-eD8#Lqp0wL%-;P|INY`d}}!n^d?x2y^{A$Xtvu~Gy<
zfptR%s>Rs;7y9|n$G`pt)tA9P8F<Q`$t}tMeXWq3QH5`dI=+7F|8b$ES*bVuix2p|
za#R>qJ#f0B{-K3&%n$$1d)j^^zR9pZ|9hHGHt_H)wubA!<%XlXPSf&Sas0Nb;eT%L
zU-W1psGy98LDE(0aUKwlm!N$vNZQQybO~5oEZ?aA8B<<9l0n-{Hl3PVoRwc<!wlxS
z<Pb5rEBi6@S-Z5=#aT>oT_aET(qm$$)}n#10d}!RHJ7JeaEGD=BzoW*)g=F0MWpsx
zDK6>ZVJ4?*7Z$6|mBl|T-m=Hob~z;xS5B^kHZhh5e2o7REQYL|Es$z<LN#kJ@yBZa
zU$~@y-c4>VS}7Dp_rGeIeSNO^+%|58-o$sOellixYf0FHH}>77cxf9*Q_~p<q^mNl
ziK3P4dTYDFa_(xVcLg8Q*pJ_$OT+IIx8FFwEqd6b=#_9xc^@C^;82C1=julwzWu1|
zmI2CY8;;>pb|!i)XCYm&vXPvU!lK;N`weKvujK8~zLV(I)5V5aOg?k^^4VJ-pJje0
z%4|9e+*Yri$S4KR9xUX9#*?B5Q09iQ1$wRK64GXYhX@V{^DdKQ6w}1yY74o&gBvLx
zJUovs<O(br%rwhhd}D-!;OQMrT;IO>hx<5x9)Sxm#pKd9xF$U(tTtv2k7{CbK1uov
z00swtVN4-D8dYL@3SI4emFKe7)~Z15{;crtK%z@9@hhD_SvQ}Y<nLYbHtA+dSM`LK
zJ1SIwq9i<sTBfI@)QGfdEs6@Ej6ox+HfS`2Cdr_*iSG}49surUKxU<@0hX95IET94
z+owxp47W6kaZYD6i8=jQ^V*YST-*^>Uy~7!uOk>`$z(2u13WokhVwQ61l$4V&NV1=
zs>qv^kv)8KGNCzZIXv-!MrqZsw!+|iGa~w-n-nCJuZ=P=Tc4JdFc(@5R(|?Gx%{xE
z=n>F(!*X$PdHzm-TB!8w>=u<5zrPh}-GqY4O&Ku&8tLJd^7V#dEFS|nC2B~(;75)i
zXxNYeD+CZilBZ5}w~)}Ml<Q+qs_6Mit15H&h)^8V;8dVi17UA#&H{I46*LSs#GH8f
zJ-=M8l^#GXUd@|CbG?sTQd$S`)gB)2g)h}xIjG{q43QjpdUtkQyl2krh?LmM1KKS#
zHG>9CsxJ3dPUzWqwhux*_iz~RFc)UCEje_fCXuS=syz$*r{&H95LlTtt<rsVI05vl
z;Ncl#IcT|AzHMTH^EJ!6K5JroX)fNMHQ8Ce*S=E#^_|nuVI*lEm*iR_Y8iF^nFh4o
zMGTuomR#$B=jt&UZ>xbFSez8?R)Y`_EZZCHCY>G1y{6aRYBQ%FfC8LAo>@&6p|}$0
zQ;CO;Bwn7qVJoTT3m<;Pu372w7m^fn0$$O0<nA^#PWB<%<gO3E3*<N~+s#7Fs^VT8
zy}iSkWVfN|Y3bc*>g}mlT!D($!f;%qq-BB}^P{|s)ACSruyv5-++-oS3~AdzagFu9
zCYL-mnQYLGMY9ndG2fLIYzitY6Ic#HHHSpq*}>AhooNg<wQZomLP|)cZw7GS_A48r
zTAx|Xdu>R`>a;xe?KS4~#Z$RYS)QlxuApt}IlD_=vlx5f&T``fioj7^l^X8zBW|~k
zqilC|^$87?0VF2ZI)k%<O*~<`8}7g<qLpb4NPoojZmv~fRwfTc75KL3yFrD5M>y-B
z0m+9!6r!LJss3Tr4YnsH<A#G{zyPkdwI<4Se$mt!`jp&U_~FPaQ11qGJW%xIwT^uS
z1otDw^OaoZg$vR{n|-@0EH9){D&Jmb2zhCds)EdqNZPz0R#xde)8FC7TtHDQZr*C2
zE}8<a8&>Fdl5NX`SxxY%W4azXCWO>zXV1aA{~u@X9uH;y|NpDjwo9cghf>IPBBxXc
zId!s8ksLAxl_VzQFqFfvTD6<dCY002F^3sphQ_hBLgZ|WhM{#D3?}Ep7=F)dsCV0Y
zKcCO<_Pzetwz#gj<~qDyujljmc-|j9>&tD3ZaIxmU|D`cA{G~7R^AY=58RyD-~N)_
zPaqaYyj$H0QqA$^Y}x&pQB7_Qr1V`@m>LMQnCWvtL%c)<nc5i5fA5q+K{GLj+#!ib
zM3YFLN1XYYZ6Ar8j-=(uI&~!3wyX!9zFW;3@jh#?+ZY`kaR(Jpk4Bb$R7scwfxMqw
z_uK@t@W+^_hv(DJ2BX>V4!&<;Ih|5kl{mS4P~KIO(c@qi>3fAoff*u1NpNdEqec$1
zM~HfRE}#sueVzFmJZ?eo#69#O6Unei)0F4J%%0UrZqr(^C&?SHYmCax;XN}g{^R+t
zVI+)LoCui6Fiqj#T?uTjbSG)6`!5|FENLJ2>C+F_r2Z^vq2b(NPyHLDCVq?6aygUD
zhyXgHsP=68Re&!`(^?VkqbEoJaN_xi-oD*-?H5`Hw7#zKuorcfcJmevx{lkHZr+BW
zC|p~sDm_6Jn*4Om2>xCNbY1TVe;C4Npc5Ir@sasP4;WG}Df+(aQL-sH+-q>VBGO#W
zrSTBaDAHP?)GT`FXUJM1Z~sKn#2@wNCRD>bnxHe3JE^ZTe~zUZlZlxC7*%I|p?)Q(
zL8s@S4$lf=<=l$A1g*N4el$RokFX)l+VxTa-aKt543xatBz>gVBhD!G<?19SY*t|Z
z18HVu0fMT`0*%nGjlj5R3vgk9%N2qA)-_7L3K1hBa#nn1W~N_=BmaBDcR(Q>WEm1t
z%v7_KsPQPDtS~%e?VfuHhBgwMC+D7>OGdFQu*CYNwin<YK9%H5BJ?X%p?`<=iH7KR
z)mgfQ)2Z`RKVslvAIaqtMNT$wlj*)+KN7#IK!{Q40+%bYYX*AV58nLr@d3tgl?lH;
z)yHC0Es~fsigSIJbul$4PQZA`V|O2P9WOX2lQ%{E{kpmM1pD+>kzVr4VWbBc3hv!C
z&+O!G#B@ZD>{LJNAui`YcOxWtP-Az66U-|SoGx}VEjp-7<1RE@m7hJ0ErC8ERhn*l
zE4YmAHjGMXjVx$n(sNLSm~GTQD%xy-iDtW3dkH;rzdGqa#&yxht!2k)=t`MBm!=xa
z6CN3%Ns?c$cQjp{Zf$d@_Bg}CxjafX;TF#}xZ*~Uk|Vr8|NDZccC?%$s53G+7OSwu
zTA;^rO_j~lu5-cAfr(r$WKkF}-a4}~3#jrZ`D$!Y5I7E=a}AcuD+=VY@;zu?j47Y~
zkx%3Hf7ZdeKQ<ZvqPpG0Xnr7?J^LMB{PJ+CYdP2aYUgq%w(;*ZQKj9R`8-#kkM_v{
z<*P=g9pygHI<oaDb1lu^bE&3y@Yw!(_<P0(m=P;$AMN7y|BmnSW**jYwZ2w9(_pc%
zyv$s}QoCm70s`zxm)DsAlj&L9g+I@P&)zz7qDCcW>Ug`O4d*8)u4!!e&*!HO7M5?|
zEsS-ao|U-v<4suSnH>s{?=`G`!IGM3zH`QV-qAHlEjUHE2s9E9Od7~8TKi3RY@LCg
z)KSUDQ{f;HPgMH<*W-#DV0rr-F+2)|0&)W)0D|q`YqiTee2Fps#}H-Z_f~?BmA_Se
z_n&tG;)Ty$?JL0%>L0!0uuC=AE-&xN>j7Ok2>kISq=`d>IP>!(-$o7BpB0b(YaRTK
z-@MV+ZTSB==I3+c(H|_!cl}qGWE+2EJ1@vsK~;R&_4D^w`G*5v9yCOC{cV_oq@pYk
zRrf!Cu(I!$8xgslgWK}Wr`h*F6SK?vrA4W41FsKIkBSzG{YUTlm(vS8y)vzt+bqt}
zdDA6adju!~zk)CVd}fqv1;1ANf7$ha`eskm=hOb{KuCleU_C|sUnAVWyz%^FN?+q3
z;KOu39QGZ(uQ}EpAoR^?AUDHyhH~PY`@3?2yjwQg21Xx@2hzvTNXI%7yMPK{KFK?5
zblumN*l!q+ZU}ln8&<8SbVh2!q;y81{gwq)?m@r}{DervA*#OAW%rK{^KSsFuO6gd
zwh&CL)ST(0=fbI{36mg1@RRc=x9WiP9*i!_TVN+|n$|k4@Szf9^Z<b1mY`Ttuw4Jr
zOfXOj7hYHD(AD=_5RK*pbT>?%e<Vo`N;vG6<oa#{-+(sKvbmfe;^in-B?`r8`4+$w
z;111TFc&JypO9_bg0zX<K-3Ep)ob|j5WK+*(yPh~l3+wcfFFFG2l<m#DhiAGqv&*0
zA!N_+%eoMFxs?Ev%BQQQ38H6wrkN+y77>I4{M<9#Hvan7e5vJc^kL_YP;>DbPXrKp
zr1{>xd#xbGmoG$g66P+5kcw3wtEMFHhSPL*<uqw%+zE>$L6ewjrTlM^W}Mm+_Qp?O
zQbo<URvOE_1$OOSmG*lzrAPpEsPM%C-8IUzA9`&IWRoBEW6LOY@18A!jf&T+>CBzh
z_~|-tnCc1bZ4}g#ZjL^uId8gpr+FHQV`Sf?9N~H0DyP(!w38)zTf%52jls@b8*k^Q
zG~_3kk=$D!%`K_m{E-toBsb!4AZnU2wCC1(v;He{!?R<QYdXOT+1G3{@g%&VgjHp}
zMontNd_(Sa>oe_H4vk~ZI*v2e%Il=GOUP!EAW(j70$miy1L`{$e|^b(IoYI}vLciA
zNmdgxoo_)XP={DvRngG4%~KH+ym&xBBp>CSu(+aM$DalU{|{CL*REf`4zQgGFvaj-
z745S!k+wI^%+4-JlsB=qW)y{ukNgoHSx|ntvCQnMra7wGn*i{Q^M$AOSXaVD3ntJr
zL7HG~#Azm1S?uwTVt2~+#x)W3{1mI1&7DPK>VqA{`?M3L8J+3{7WxGVT))&2IqjUI
zb$b^}O7YPz{6Nca%DU2|40EoEY~G|XhYP!2dUWWRj!=Pom-dMnzmo9jvb*;bv<ryR
ze3M?KW9-X(x?S%5f|W5#pX%7ixD#BXaq?1qAYY=e2r#}xn?4Z)5IyBYWMm`}!Z<2$
z#z_bj6p2DD?d+0^LF?G=eCZ|v2kZm@BzK{M;^A-j5+c#^faIPE!VUn>H~Prm0#ov%
ziVO%W#og-|J}d&H-3j772Y!#-X(<}|w?@F?f*`6^5k->ejk7BC!FEox-fGJwb)gkZ
ziVX<Q&CIuXdx2lVqR(L5A!^A03OqHbOuNhpAl}@e6tv4_a4sf~P&Fu}EG__2Ux1m%
z?18}!vqF0GQ2Ri>t3S)?5>Wy3!HFr{6@W-X6)gPNld4d(a4mIli{Hz7_5iQsPn^mw
zGgTX_KjW|~;Hro9F@|Q5xj5&7C!~ztjcPUeP*4UrR)s|JFufuy_0a<5G)_N7HbuLP
z!(iWu^UzuNTj-dg^+IX#1Z`&1%9z175VY~JqB`lpsHB^m9Xaeh_2+`3z}CN}DZ59M
zK6IZatd~oUx({{}e@BQqm0rV#o_3tt9x@Yg{p~Zmc8BV8vU>{!8t4kKS|du7gzAfU
zCdP7W;g(u69qZKb3T7PZF!`xHF)eo%C71Eu@gX5Tg7!;``@zoWheHQ$E$s@=nA;_n
zW0LoNWU#7Wgs=@Cfns=>`5iILthpkw+iE6_TKI-@u1R%Yej~2OU(8*5Z1GVO&b%A{
z?(puK47*Al?;@$DYn1BE(OOX*Mnq1FcHyHOZO^k~MUGu-_bi^hmZO3d?RM|a+{rg^
z#$bxw-6O><hkV`u3-D2V1M-Nf-hs#5@O;9VE-aUDuj4`_>cu1ZIBP-Oji4Y#MZM5M
zhC4{(i`@^+Y`tToHD&tP!==5zS(?@j{+2&dqRh)E6|QE6moPtNv_5c?J4yBovy#i&
z?nu~<B?77O3Z~}l2pc-LCU0#n%r>p5Lz{YE1$w)*1$v)VN8TY~Wg7_a{aD>s<QivD
zwAR)F$5oQCFzzB)sn=)@;q?gxD>L>x7>Al1`fJs?)=?%pah#C{9xh0fN}G9B_$%}j
z+ZyZ7Z>2y%?KS$6j%`s6u;535MlBvi>ZqsSaDta~^55a1L`8E@){K4}R_a8}+|TR)
zl#G<S^PqO4TX$Y1317@E(|oTUkTBwiTuG1Q*3Nf$k7Q0qHNn54OCLx$Fe~cJyA~o1
z%*Y1mU(c=QpIhkJo_i^~^+=fP^MlYwzn|&uRf!S4k$2J9qy+!M(7937jc>wsvCsA>
zk?^8;6gsZ&phKc<aq7KsLX&;_?hfQ19>^X|w{z1qu)dIvmD=u2Bj~yjb*(H)L4hUB
z>;S_pVfR7PJF`9&G}NyJh))j_<n<`lA3+}>uQ5J%sL0!$zp^hgizuMZ1cy2?cc!)5
zTM^jRC}6(%0n5tC$!XlHN77b^>P-|=exF~j9XrD$9~|et@4VR)Dotw&#S%SaTT25F
z6+xWGUZaF{ln#N6aA;yt?2YpUL&;;vxx2*Mm9bakf{>iuvbxEB7<gL(lqlWIp!aho
z9q!{$<XuPcoLjB#NQkt9WQlWCpQ}AQ{#$y?Y46PcawL|FS3fA;ubXh)@`)-D>;C>j
z_8YsSh>2^jz-C((#9+e0*P4C$!T4f5MUY&WbNI#MJuV`I-1j0sTzBpGIGPrf4>;}j
zvE%%I0%IGwE_dDJdVzoO8(M>WM5*BD?VK^e?;Nu$S2fO@ls5Gq^R9&igqXJMY3Zq_
zoNAlADk|sb!U4ktt<S3mK8<j=k1!*fR*}C0rgv<V+FR=%nS#b%kwJ!{Ee3+yWw$t6
zTV$zV4?MVvKP650C4#l9IDHYJnz%a`_p9p6z7jf0bT*{PV@cTSeuQ>GnV6fUH#wKj
zXQ8mGoIRC>=8fVGH`=nMiv-yl1U4#J7aelFXS-$K{;ak(B>bwTw4rNDIvP(Lfushq
zo`SqEI+h*N?ozCfZHAunv28HiIKBG*Xt{jQ;_|b%Ec6`MPd*@@(&uLJMj;gP2;1Bh
z@?73Nz8;_X@)0@PRB-69F43=J<d!d?+&7CvEC@M8u!!if$s#hL7Yz`l*jHK&450gL
zai@@J0^$mj2a}`MdpZ}3zhOV)X@I={zQABmn*l?|oPy#5VRk&^>s4A#K|!mEnwr?7
zn3$M*+Bj#E?T7CbGtDuUn77Y%xQP<BG*`T;rRE)|LwdB~T?M|oR&QRi5AART<nzkP
zdX%%Nm%TpZ+2hLg4&aP9mcK_-Fivt1^HcIx4{Jitl!-n%+DBbluqdomrD!w@7$LJI
zZ%U;+EsQ>|sCd+)PdxaB+<MAteK)y^!@tBC(hujJ3eMiVwyMXC(BtPW&yvU5-|qtx
z0L|WUInUC|&Ex>kt9L+yAva{x$sR*7cY;qA41U4rb~iF-Qz?4W+GOt$dY@ILw?qAE
zf!||+h(I-(nz+(8RHFqwqRU&uW+=wz9v%=```X|H>Z8mkQFFtlO8Ey0Ao@42>J!b0
z$ja)3o6s63@Su``#T55mXniY+r$N`>G2(utD@mOR=^;_~xwkBP#tC0>DicOSddbZP
zIU&sH3QC>(_Tg!g_jUf`BQ_7Af*p+R+7up&kRPuu9*pR}v(4oPN|Z}6m34F>$#9``
z4c|a4QZSLs=Cpqm4k+3U{rsWmg!%sL^vc0A_pG*O*{241wf=1R%98(&<_=^8V0H-M
zKCO|uQGEgrZ=V09I)qQC*sJ(x9dh0QJ=?l|pbR4*$=*25-$DUf+y{l_yK?RHVKRVZ
zv~$r*7d9#fO=-&6>+~)ri&*>`;1c5QV&Y(3P(^koB&2Zk6|#Nrg-Lj8;V0i8tp9Dh
zf@dEHAOtDh=Qkd~jU9hA07K*9i!e3CB8{B3HxGOj2-bAKuWoa%TYI%f*{peBV!BmU
zl)q2@M#{$lq>f@UPQGlaE4zWz1rtMto+JMY=$WR9-!$7{%vj6Zv^G;1ZOSru=OoWc
zxrw&IDs89fpMKSkq|&t}8;)H%Ww=q%#W9YJ!f=p9i#iiGnJg8IRz<Q>d`Cva9X~+(
zrbNHuaJ3I26pQAh3XJ#ykLMDR`E1=jLz4p+I-@IpmO6CJxJo_1x|v8BI%aprK^FIG
zFZ5lxju4AAeKg>8{hmLSr-I;X(E64TNmBa&IZmDUadZSestBag1>aveu5el8aqh=I
zi?(%wXB@`+-B1~YNUUSpfec%kiS{itd&=5(I8yYq=_h4dxu#w(0r9NhF%b*&-%J&4
z_l_iUJW^U_M7<PPZMB0Ao&?I_#kW_-xII5yW?pnwV=rsovc^p4<SQNik3AT|j*_9>
z&c5%kE>8Yh&h$h0daTal>DEv-f8+;ZBZpniu8}I={~U>A!guHV5eBNVNx?eS?8Bd+
zg#vx*xSpwgdpiYl-3hx^l2xTH@-uu!dABIjtM-tWZ^!yuWj$WKOhW;6{Lz`MctaH9
zt!MZLb!5q!u;u>fE9g-tQ_=)p+Pc5nJqqH+8z8nUPPCdPMrnza{_s;53vl;$N|aKC
zBW!-Z1#+y{9k<5n3vr9xlB-*G>Uu{C@!d-;<XW%e8}R+tB40PtiqAMxV`4#zTB*73
zlwEm2b$aJOEq|o;lqfL9FbUAXHu@~c1eQ5%d4!ws)1Frt)z#IitgP(dHgKThZ%<1F
zGSeZoLx+ANjJE^ph`(K|$T=5c547=}E8@UoaH4n;z;xzG(U}8K?zuxyG_|$uDoU7+
zHu7bOnn+sjjMNH^Voi`n9(fA!$S&$lb%dQv(;p;uYTF#aM|r+SGiAn#f@OOB1Q-tE
z=<z>t(yJe&;Ga(86tU~tjVx*s49A(j*bki@VF*z+@lC2C<$j)EdF@icVR%>Oiw@cz
zZe6(RjYG(5GU!(2dn5;)U7P+eb;`IfkhiTY1Vuhh0HTw^c#D&AnrJ-I-w(@MgioSw
zwFaY=v5sNSv||b9xpWX-2y58nqc%Z$z5&s}N9$ZAm{NZ>A-D)i?6kD@XuoxDoS{`V
z4mEqL95b{iH8s8&dVNi5QZa<qG{^Q3YX|c7TAF|t_z@Cl2-^`C6Vj^U$jUsjFTXm0
z<>wjdj!nJJG_|s7@9(6Rc`7=IltLGaYTxgb391t6>2=2bnVs0PWB#tpXC75FYZCQL
ziL-WaoY7OxeU{v)mu9GhA!j?(G3qNP52j!qmMlG@9Vni;u4Ap>tLP>++r&@^ZytR$
z{bq`vZy+Wu94Eoc=`<XSiH$wAYg0z=`P>G3@9zg<p1Xz=|8D-=>ebmD89N#1WQR8l
zFSyN~oSNNy#v2UA*xg9;`dXG~k%(>Cje+kVDmxa<fG&`sT4ez~85Mv)Xz2EoRrH7;
zbb9HviE8I^Hjd49e+T_)%UcyBITP1FZ=;`~IF=lj6JpPoiUDRF47r6c(Lp-r(QTxC
zq&=PbwXC3FRrrzdU#dj3qf`Q$@&MOY2*TO@`Y`Pohb?;U?-^f?hdsqWc=2n?TQ&?D
zemIE3T!8GQjjvhG%bbXA20!7~lB<M|EgUohR%>DU8vdMSoT6p~NonQ$_@H;eF;RC}
zB|O7m<J5WsJ(qzSw<eF2qJM?}(*+jn+CqFXQvbyz&APUDp(^^(7qUik=N0CeV+)>N
zrKJ~&FRU7bB;GKRnEoF`DLx+eSMwRHS6D7qBiYc6_mTQP2vJUcm2dt}1~U74+sy0#
zN`(P;Gd_8xU;=s!1PuH6TYlMf<sZJJ9s7#v6~2*S1m^LCYlHPU{}&eYOR4zl%pP))
zxJ$1CznX!O?_#V96PvAtzsgq=+kc;4V)nvtgW)&A3*N4+YyOYq<;pkvoTSZ0YY*#y
zR)V)7JP7z7-46qRrHIv89R23xR`&fO?QkDZ(-Hbln6q3Ja6=N_CwpqXUIN07JcY}@
zWPQIq=6F^_=)Zljh$+Kw600kFKKOB2O0oRc|KwBe`1OCAOisMc6UQ9nzWcwv*mTD~
z;LdPtnQa0mbuJX{|K`5@zlnWF_ocao-(H~XZ*j#dUl9KI_eA}2MI=G#$ku=46(KcW
z{lIAH)Yn<c|2kCSbzXM<UsCCyUh-%3g?tTEguRz5Gv9Q9tsM2sTLO{qQZIr1Rph(;
zNc_ulva;*vl={kFzdV)irIzCV>%~QK*#EDIbmVn={e9>^aMtjlNDA9%eggB&w_Q1%
z&yQBM0Yhm~{VU3>uGG0@NN)!KrC%e-qFs*b2Gzuu*k3(Zigp6%4d4i|R=Fp|9_CLE
z0KNW*nYMwJE^i1<JvZ+?dtFPX53y9xVHqOnXlR;E{^Ilmecp#4bUyuS4gBKl0@!R>
zMH~Ul1p@kW;YCAgbb!umQ*nBP;4|C7-;OmWd&3uaV-z3<Pf-$)i@&@X8~pIgYXCxE
zK*e~52=SPbEm)T246jDL8bDUKYdheF43N&y<GMhz?e}0Fs0BP0LLwTiGOqJ=NgyK%
z48jqorHP!<=@^hyIf)Q1PD0v{fwZgK*&rdV?U)OI8(KrdN5IoaM!_j0Zbx3c+WD;V
zugA(>Q@Dufyk?YhHFlw|vqy=|*M=P-kM|y6HrxZD?b)rZh^|MX7}cZB6wgB0>13@#
z)wfd1=*f17@`p+NOEVfydw#rv<c!wd9gm^AVHM}moaecjgpwF1?a(?k$z~L5Pw~k@
zA5fy}UvN*bzJ2Axmk~A41XPO|!WYSj#85efbR+x*iYMeXCYx`TLeJprAf!nckRt8?
zyFvyKjQj+zV`B-qnGp~^SW&AjU!ky4#1!*7WL~_mQ%$ZgOa&-uc%|Qh>VQ@}(RW@K
z#Uz0K1c1#mzYaaF_$V5BijYXIwu0h9VdH_?y=!U(s#$(ipY}RK7UuovW2&8aR=Xby
zF4>MkM)|P67T@xzPMUw0;<k!hO%`nssLtH&rYtj%xq}o$7O$BDB?8XRfd`(^5h3%n
z774UCX(6ZOC#{geYgQ@+p$C_=vDMw`P#LK@tp`!&Aj@jq{MA&)N(*CaX37+)tO*+J
z795<O5<Zq8ZC*Ud0fCw7KXen$rm7P}qv)Po{MYaH5tcT}5%^@<RVeV21!y7V`AM4W
z7QznK4yQTz>)3gTdJ;`QQ&4=b6(LF_kT%<t3vF9PyiR!<xZ|ata^e!E?xSwDZ|Oi<
zb<Z~<?l%n{Fa<7*dH>_1_%BDcY`V~*F~_o9Dq`;`zR<$;au0B{c7mi3J^GlQ6ZV!w
z;r_a6Ak_AzBgnSqUDVJE-XBjn5~{FerwZ`UD)z3hdU?43AHp|(V0F`{7I(`GXvg+W
zCS3dklyfQV5gP$iIT$Z#%McWE5Ug5Pd_mEsdIZ43oqTAhIM$qU8Edr&+%|HUAwjfd
zNWAoc3o_6eAGwP|)_lB;0h%|(#KerysgConOt1m|pFZkY0R5#VX)Kl+c~iPC*PNyr
z<tbg1CFdMjTk*Ky<s>M*tSWQh^mGg0+kXRp-bsbzUT^wLS3o&_4_04|?j&0Z7%6Ya
z+817}6)!*is(l(Pfp`sFuR4#`I9fXfKw=aZgAkl`$cnYa26m_A_FDt?d?q8%7xi4r
z;@0w+!hZuh0|O74SbNl};4;md+$=tbcUiWidLL-Zy2T%!{~Q+Ft%+lxN#Pz6i)5^>
zMBGvEY3Cl?f+kgMS3;((|CE`|nY`R&gj}2cHYw^O<X3a*0YCS~$R40mxcUBA*LlZb
zB#d8KD!_*(l74z{av%9@>xHH~9M?xjM8QIgzG<zmNJspUTX{kky{QP8NwE9yM}m2y
zYTX3HR}1j@=NMrj6^S-L!{UGC!Jm{<Hb2xFRWEQe1hvoV0Uc4uDS%}NlMQ}6IwR}&
zr-5wH=5zWSB^xsa12rcDjhpKOD9am#zp#ph3@@w47<`xtxGvxyV&SBWiHn{$YHEI8
zzBE-J4e2HEFbl?qHeAKc6n9OX=l2!47_Wkfg4A0aQuBj0uqizDEx@OcG%*{oB`SB_
z&HqZJE<dQZHAY>EpQN%#dKNcUCLCvGY{4mECipIBK(WZ#+7^$%xUeb^Vujff-SE^T
zN<NPo9+gGR?nJDCtZXqy95IoK)$Qu6gK{BtZ*7ESew!xv%ODnj^1xn~u|=lDLL;lM
z7XbFBSDCz1QOpa<X%+WDWJCL$&SWdcPd!<k?L^7mF$l>l29f}v<@$$^7r;#IIeyRX
z@Eoq(Y?f~J>P*q+RAoY+hxDOEQpGj%52ohr(c|>!iW_0K+fe~9i)lY2Ms=cSLBsU$
zpblkBMts)dLuOWDA)pg7I!WMR1D6F2L4@lE=SN)y&at)@udWcXdY<{2uYJe0QtvLZ
zP-CKqR~Se~?aIbTO`5Zlwl%4+UV4F7y<XI8<QoyMwtlP`QFzG0FByj+wTZN@Mf&==
zNjykpb#15ri@Z1ZCDuar;7NjUU(_kf<_7QsU8EX6b2{Mb#L<`8;LAcQG5cA&%ktTI
zB6bI`Ro_{GQZ4^8&ktkyf8oFXUW#A&@t0Ku(re$bCcpI?bwOZW(&wqVXzjNWjO2^Z
z|9JzkjqqUfKu<k5T>J&kP4I62b_m+Ib55vC&oiD%+YuWI+55z&b%bK})6TO~sq-f}
zo<^BO&+w?&&QFYU2C6O{11!Xh{L+u~WcJTgsBupGwJC8%1F4-(PPKovxGs7x8<@Oy
zTvVQPx0bhNAsIh#Ksb~D3%qn{<}d=dQiXPX$6Uy?W>1xfBvzfkCSmh7q$OxzGiyo0
zgSf`hPe}f5cW^G|Ca}^$IczOgyvG2kNl*AIw-NB_R5iUp@SHZaj<kD_tLEqZ=pi!U
zI(nCvBz94zeH{R)aLJK<v5Uc*jxXo3J^aIGrq~{jHehMoZ))lGr-i!p;e|nve~@JE
zfVC2D)<#}QAX+u=(bfFSg=;Rm3`8Obt6{+P_<ry3DnI3*j8X>Tck9`ZsE2cs*Nww|
zG<~(*T8@!k<Pdo_?(pACWSr3!d-EKx&e?k0#mk7UML#FHaZO$#y8<jtibdqif7{(q
zvvb-XAtY-r`G++f=xq+z#LFh|^eBS|%wdL<T7Xg@4c@p0ga;4k_}QpzlxQJo8*l+J
zE-ur*vdXSOaE_Zt+U#WAn?nSO#6%TP!cim{uPh4MGoTeT!Z3Es`I?`q@m!D9(E$|U
zrP?w*9gj>`?z*3K7!jFSex(w<$(*%SK{hGpSpM82EN>;$Gwp|6Ovt4#p4iSkq6l?`
zY(P~aTcX;|9o7{st4|>gW(bcP9}V=X*}$_0KDI?8X-`~cYd5KCpL3B~w7jMJD=jFM
z;%H0|Dfg%I8SiV^N4Hs=2c)BL)XyUvv{F}F$O-V6nL3}?29p>>Y+o;{`OjIj4pp1m
zovEDMZ&`z^dTHloVp~T>K=z@uC4_#BQc>UH<LC$)?@P4{q=YcLcG<2ct$!k*UxbS|
z7gkV}r>xiG_QGsK<QaVGxdu(iHI~>$8w*;&nIm;+L&Xo2jm<=zBg}KW)|1)0BD<=u
zd7iGd(rPbLxRGccSa60ucAVBljE&bP7VT@nb3fpN(SLWl%M6MSq0$;D!tOb5bv74W
z^|HN|iMc+9e#ki4KJ7@e<b<$y5@NlKp1F`arc+Z!+!-Dkw3`exGv-RyW+2Ep>hx%&
z&z=Ym>#TWKWVA<9D9d+5?kdx@^1R81?9=9F?N~CqSu%5sR3DSMhcm9`*h{STF>)80
zcFt6l5S<<2=Q;eM>=0GCIV_oTWbWXjtOXPi>$!n$;U`&LIdz#{?3GlaU}RT$sy)C$
z#6%mcFlS~Qw%;6CCt=iePJ*jwU~}F%f;HnY9_M*RaBj|MsA>k&WFKuU>aOdB!ye%J
ziZ0*lt=AOKeU;RVECPhQDogb7{!2$EU<v(Kljqdb6pqoWa2{4F(X~*trhs;xN$vuQ
zbOEs(+=!lgg&=zFK2$lP2!Gv5JK&sy-9>XVvx&5-A(u@*_5Xm&1nOMOoTbFTVS0M}
z?S8v4pWHil?zB2*4;K(kP>c#@%J?1{&6K&>FzX<dqHtb)yiw&jcW(x9@`=eq35&`D
z<~DN4t&In=)=In{dPPibQy$*lTvsYLe55<CKObP7t?mQp?6WFTtbx+BdcyY1&BaP2
z`LfC;q9q;MRAMsTnUAq!v9=Vr_MPzy&&=M3Pb-iwJ9&8~GCu3!cyLP=qkW$d+Cd`<
z9uI<ja7T@o^@xV!Ho0QPv4T+TLOXHlEkD9_seSm-RgEPDjT!}|sV|Pa%ai$V%Sn7G
z+u@v8fzfVF@7O}SYf{Qq`prk*%!I&+8ohg?BUTWwyIqyAU@n@aPl)J9%gt5Jwr(SD
z&Jr7u3zeV^S(9@7+J%!E#&?q~I?<+T<`!Pg-Ixa@(_UfI)>kU;=Qxbd<k!iTNus*?
zM=k_EDsEuY(ARw>ww2m~jBug73-40Kj%2|&otUFJ5o}i*aFaO$IfTH!ruw(=^F0z@
z-L!Q;VU;7l;N(l1<owXDZrhFjc>C*v$6BAvn_dqcetc1HtwQ*R*CU57ToQT}*?oZI
zjn-NSceL`oCb?G1z47+cP3v~o@u#=kwd^XJC>4F?T5s@g<+p59q7{h#ZepT-8m;EW
zy~j_Y3vRq7Rlx4m?*4dud|_C;LeDTO<i-7mSz-4jj>&FleY5KMl^ZF>q9w)#-@kIt
zwX2{hoY7~iSlOP!@11eQ#&qD@9Nf4-S+^Syr;lIJwVW6u=dvDVTV;9gmP_{E`>Z4W
z=>Zgl)YVIFa2tLM_sCq5k?f{LcY8QfO7$=47!4)OpKbCnaO}40FG_PO6)RRuN$!%k
zjNRlKVMJFx&fKhY-rq@!A?G${CYdEPB9}JN=-ysVO-`H67q(45nqy7mylQhJC!8v_
z(8%05W1d|)-k&sLYBYB1_sC;2ChzOc$=-?|7T+Dv+SBLdzpK+iy3gE_<WdqI_S_e>
z(k`Qgbaf##p*6Z=kR{&Qd^i+FSQi+-5gl7u))3SyQoVHAB}bB>AQRq)8Kp2Kb%17&
zgTGg#OwC0stHWJeLNkiYs16YP{9x#TSazW8?NhDF{BB)nI?ACy<AXmi=B9A;pAf7;
zm#dwfU9t6}A+)CpY6)C*OD>-70k4L+l8RK-p)_+&t12SBxIi~?kuaKiI0<0Cd7s9|
zF>u$0PGfUM^E|L)a`Yuc;e$g^b^GWi`*M30C)0JN&fE1U+ae(VY8{A>91m(!M%TpO
zErAoj(Iv5ZSuSpoErem`LPmeR(Ts<mZC|p6!f^+-3V0IGdpJjlrPC-KvT}!=S3TLH
ztNzHueZ0AaMPX}vV@bso5k_*6nyDJkvEx3qc<65+OH9-tfS>fYpTHl|=7xfXk5c(m
zs}&A}MTG?!l@KHr5Ze=YYJJ)f#L)p|W##)yh0HEmrsCf_Cl)_9x{)C$wM2By2NL>a
z%gTn_2v$~IkNtFM8k_QBVPANekl9)AWQcWTgwvyWH=pF%rL7Zr*}6E}(|gWyJz{T>
zuFTP<avx0>Tha0#bk$#`O;zeFy2WzPGk=b9kBZE5V@}T8_t)tJngdQi*a}&}spTx#
z@C5C!?gOD_v^xJO#4ZN><UdNGSkif`n}JC-+Hf;geA@xsO@((mLV5*nLJcJtjq|xc
zaNoBv<KwLZNKB3^^;<<pdu|Z*qyR^4;`@GuEomRmjdz^TTf=YvCg=dbV<%y3zY1h2
zY41*6WLqTZ$i#$6YKglKg2lXs4tf43!Q(^dx2qeHdSnw1UHa>{mI+oiDOXPkR3Q)K
z?(?G}<v%^;yR(`aTz2}>suGBTWtpW-k-pAQq|DG+Be2fux#Hs1^ZSh}P5jfH#qty5
z`3pUAeJ25nlF?V_&I{wflXavfZAWB<&&WWCZ0;34G~6$y;H=2Jzp{O`u#Q>cnHhZt
z%fQpv82Q4Wnj}n2+7@i%6Lwfwp4idhzDV>i^Jw|Ohp)~x&b$Si9KX(LiQ?{iaz{sx
zg!bS~voX<;Cj0RI_|(z{vjMgPM=O;TGkrNc-c?#)4tFM*9S6+?HHfvB30o=g0#YCN
zDl_={{Dar4n?>b|!9@Ob`dd3a6hF56Zi~+k&aWDfW^PAc)06!55${kp5o)xNW;JTB
z(^Bgum0GYJ9f5w63;~0*!E1cxo;Gk{^_~M*a~|N0Q7`&tAoasFrJc}|;s1H0=mM(+
z5uxEw29r&JDF1x`h|Zo07NGu#niJdf3sqZqfm-^^nM&8N$by^!M$~j6I$%yrCz7WJ
zAf#T?Zms4fg(!|UPY-Nwu6A9;(!2frTt<*NLbzMnYMpyIxOlcZgaLJGt2JhCO$JJ@
z>k+Qh^c>znmt?d%MdnOVAKEC1$+UI;xx-SP&|#3|!+I9Bi1zL;PBxy7zdCbF5y&kG
z_<apvrqDo1zUM!3kC0xS&Q>dZxvBhRVprGOhwLKJ%$;31xoahFzFd-QDtKpugjUEl
zY4cr5<DJ#^qA8}jDQ&;X<X()EJk0vLR5C5=M1kZ`)(KNz!m-dGGtoz<4TFy?)Y(H}
z3XDZ!Jowe9LnKW|C8Z~%r;<dSm8n@n=&9=p9#fkF$#+UXTgYt*iuaO2-|CCRp)!S!
zQ?<xo87H-|WzI5$>Sro7v}pe7x?mjQ;=A@@#6ABUg$vJL8iAnKSt{5woaiz91C|_X
z?qcXBHYAXTESz2K^cJBb9y`dC&1mqoJRhmobwc3bVDZtet+sR377I+B`Nr@Cl9q<f
z$T91<kf4#GemB9Xqp6WJlc$6NJ8LdQG3{u1b5VZQ&}Exqd1M$^Vx9OC^oA*AFOBzU
zjB}kPpOm?h%8ItE&71zxxw<SWN9(TIsI{>!2o?5WjRSTt^X`n#W1?=7B-%UWgsHOC
zZ@Xn>(s!h+4gkWVl^A6%=%8rFnF4n|fUz7S-jMS9q*sOQ3{~rd-jWS67n3IPbxHgQ
zgl$gzh9c{R>jE!W$n19}yd-G$9+i1ac=^Zb+t8C9u;+Hp+cKJGfMuc??Nt%0wPw{j
zBDVQL&ELR7Z!l_aZseS?Z+M)m;Y#Kc;g7gS9nXi$Les;h_%xCmy@SgRPBNadB3nhg
z6a^k+P}71&1SB)dG@AvF=USC}O)`rPc1Z;9>(xAy&Fc5l`bn5hFWMMvQ+(9tWYy8!
zQNr{<@H)YpK$WJ{h6ql_8?Sr2P$t*QG4phpKh4?&`Kr7dQ0-B3n-%*id=wXJIOdOi
zB0GXz!#LOKZpPTedP>qdO<RM(s52x(J>&#T?HhyI+g?<|g%Xm|?l9^xCn~edF9@|M
zJktc}wN7ZIld47q*v)V3uiJ)DFHl({#OH}`SvlpM^xcL0Nd%QlV#w;0rp^m_j`w~#
z%$6@c8^6`aLa&>bTI^Ad+#TXuJ2Z{R=}^V20=KgEWWL93UX(U&8ixMiVmvC4?%&*b
zxNl?--ZYl%59#b5IAsXA2zzI>wSc4n(LB{r&%yUp`h(V);DKw_p75R}(>Z4ks%9VU
zcpGrKFV|f(|86jvR);%lme33Cu=2Jx_e9)XvB719_S8%>37@UW#$z+qbgXqb&c6za
zrq5(G*5{W#PD@btsWCJjU?5#=ic;pYF9w!h!U0&n*&7H2s-z|JONL5zV%F)uOTuQ8
zvwgv>S?P!E!UjTIf^Q42(P}L-#)5{o9ywqp)IcD|@(<VvB(hc&Np`Ysj?E3U@f<6B
ze^45V=>W%)tds3SJ}DB+C@Yt-^JFI*z|7ZIdMfnz_u1(=j2IGr@3}~M)|XL7D>}Le
z?+-gY`1y|K<mYukL4QHvq2yzk2=!Mgp5Z`g!*%-}r@dUQE&8}-+=eqxD<4f4SVW>H
z;U??C3(;Lp=N_+nl;tvvGj1@TS<y^&Xz%dq&fCg=NHV_{6HaSZM;R_1t@N%>O`geP
zoVWgQHH&G$6v^l4V>jo&ERJ`5UoqV(xbK~Yh5z7|eF0B3P`pV#G7C&SYgH)&i}`lD
zSf^)RFywrs|FU`3aA=WYe9NV1a8E#ehIa9|W=aDl9e+MHU^usO!PN9BHMTC@7`new
z#}eC{|Mbmz{7`G>fK8)+i&>^VXX`JEXY)r%g69TivYrhO`RmO{tZ)qY5`{4T43zS~
zAo{8`E)~Qc{fO<BuoC9lwI48r);i`$q~zFs$gv$n9wf!^i0N~n6Ypqi+tT{pzXKw5
z6$Gk11*{4#v|n3AzwN7kTW48$Dmkxhv8mNCtMUa}1D^sh6$wWiM{OmQQbUJSL|r4i
zN)bX_>veqfBM^hRHMO}#*xzRz#U={p*x^&DWQP7b|2=~-bX>QOac2~3JAE^|a#W)I
zZa+5QNmwVwOA(c>HKyG(Dw10tF(qnS*{lAh()>gBe51oyQ4G{~TG7uFYMJ|N<;&K(
z!yB-jR=T_WELOrci&R8g>~`+v?q-X$cTPWLZKnC6nbY~(*hW(hdCx*_a*vj4UY9r{
z_@@_$5>+z2C1_C?EzPKhL%YjVFXQ*t$e7!@scX8Abo*McKID=JBYVrD9B1wcyE9Jf
zSEpmiXG;>C9Wu1M!susdR?Nf^()(%4Ds^%HG~tkPrEEXduFl2N`enAxTE(;`6FN7j
zGu3oS5$Cux$G#4l3a@`C-C4`|z7ZX_5$W$z^3&JS1fIWn^}UvS>+R7iJ6^5MN2y(X
z6>{a{o3>-u@*#Rvt-L3t(eCbSr|0PVoM3-yU$UfW`|X>%BaN8CI*;o2Dj5GMy!Kl6
z%jCub63umHr<f7zetBam<VG>u5T76KN?&s`@*Hb-c=C=D<34@K+_q^qzB44L_5dPZ
z3V&Zyol(s&uE~_?c)i>ad+pb#qpO87_eM$+bw-MJ(yX(!ou&4<(o2;jD70bRJF@`g
zk>=^>tYLHf^ueE+bDOFkW!q&P1X@Z#^W2`9*pBq^cbr{fBQ@23hEx50XY%+hM?4JQ
zjXxn36=KBj#bFX%vC0z7)v5mJ)bQ$y9Do(!qbl!Ni={yr<P|RBt`pN+e<$89ug+AP
zYB65cq}*IhJa8?Z#Ccbp<Dn)|>P62XWF27LED%x%2~Z>vN0hG47^B0`8YX44^Zf?F
zzbyI<-7JD7(KY77Bl>ps22I+eP>Exe`Ru*U=YL`BVoOuc(PuEyQxCHi2DA_XOxNO~
z=Y)R_8j%(8JQ8&sfJ+eAozb8}{4Vq>00T564i0%B%8z>!EpIc5M6L6$hDyb%UbQam
zpWm)~>m2PJ*iqlmvnU(d;{%Y#GRy#}{?|IhKNf12o>J?D&wcKy`+|A}(e-e$lB74@
zXW{3WKa{x$#8sd<)=rqu*a_gKTHW=F!}Z8=)7G&`d#!PTBD6U_&~$}-pLF!1dc!&K
z`WLymJY$b9ik!sX0ZMA6fPT?n<O(Jth<OOF2^Dcnuu99of~h7M5un=&>CQEI|B6^I
z2I#lV1ea;@GWYt3gHLUZysiTyV2O(uhECS4di2MWWY_<wNEC|?>P9o>z*_LN7Q{G+
zUS2zK7b2vAwYm01E!WN?V9C_tgoWkSqP@sL#4y8p2JvFzY1Tms^HYG>8a^L!Yp*qY
z8X=0ss}gVi@QXv>T32L7;r$5dZe6(%Pr>sGHv7JBTw>wh0`m~fhWGT0!`Jyb_`!-0
zWXd97^EV0u<WR8Vm*zFErE&6CtMbpyYx8~hob}&yjV<r`?-_Gl%Zzyl7FNXLmOPR$
zC`XXuvHwIh`<ul1@{#`2?HCEYQU7Qw`~1~r#x*ftFHm4dULD|@%E`*{;E(@&u^1eO
z^>1ISF`!uM8!5=j?*FCL7?doSNRuWEB6x^sr1u%W#BdFpo#Uzmj4+M3m+#^O*iUn2
z=h8}JxeEvuW4SXmVCjQBZm}v&f1xBThUVVr6GQV#;$E}ih)C#9Xb_)mkFlT}?`tV}
zn0u@4SC57x%$MpnHpJb|y`{O9Pllh%@!#{6U_mR}sc|zRt0{`*f8Ud+uB3Eh!(Zwo
zt-EC@NLTIGR;ZNzO)ArvEWe@9PPFmhW-x)zomtw#I-fB&RiA+2mimt-N8o^9HMcaz
zE}xuOKV#j;G%B-TGrRmh)!-Iq6D+t3uT%;-w?+&X+jVHObGBu(&zI3HUZ<V+(!=}7
zwvBFwa(eDnKfRTu6M25ZprT)WZJpl4+aq^-nG#g$$SS^p%zx?>UBk}t>1M!SBCTru
zb)9H4=EQ+M${wBCN))NVL>w4G*k13QflZeP#X5i%!O_nx48toz*S9?~sy#J(Vsx|J
zeDH37|E8%`%J3z&K;}m1yhTW>!cG{rsI!&Z{PwB%D8IMau;zv|f0E|5`-(irrEd&c
zXPz6n+Kj@b@wd$Qo_tezU6oOfQTvt_{}VM^npj`GL`8Skb4<ua5MtS<innyX-M^ze
z95)wc<RAKV@2qbd(s~T4L0j`oJq4R}YsQPOe~?@D@!{i(KcQQ6*Z)%hVe&^9=dw+2
zqe`}X->Wu|lQ!QXBIQ3H;Q}3^m@{{A6BD2Q@HkV>CHsQ;(tg^{HWso`s#1GHg`7!U
zH*G4Z8akSj4|$~?ljTPh=}ZwS?!_2_wN#>#+(~0OLFCXgoyTm)GUV#Gca2_D*y*^!
zq4Rb8l8E^_6JvQ3rF&%px94ODYx)e`h~44QtiR+Mi;dNu$Ic$-%vW)TdjH-}+qBTC
zLD#3g#S5<3=sh5R>j6A+23SCEjM9Nnkq)wFO~Gr{UIC8ehXt*TuXD<2Myp6vYB^@E
zcne=c^MA{AOVv-V;!6c0x7P50kp<_wNfkt2vx1%mx9|ytr+kmn&#(2GHFXmHeb1Kl
zy~~W2<?oG*h@+Pf($3yQ;p-hQ8VR6DH!2>2oCnSaAPL@3vBIx4E;CSh_BP~_E)L<*
ztQ1TJ<X6LIhUcI@Zmzx?RO+OX-TE3<$?FV#JHaRwDJn6b@1JWr!DlT0`HmmMus{3Q
z^L9sGMeV0-O>pyNSD;?mkj0}APQEPAgg@_sw5G#TgKWzud!$!R$jSK#Q1lV*%iZ0n
z4j?&3l8xFq8U3pgFBnYCNGRP|H8*x}8KxLW{CNlC^}zSJuIIA`pyiW-SjrdNO8_%)
zd{hk7czD)U{ry*Us7LsO4OgDxaGUS=9u*_bxu9xaRx%-=BCTxG%9i799iW?c0k1-B
zTTrj4x^@mDG#BQo#JERJ#vx*_0~fY9Na)&n&3?KB=DCe~Wce89K)kc(8V_E6Ya?9p
zfLk;j&TnOd$c5JM9z}bDE<(+B`Z}0i_ob~o*xt~K@4q^*3~|iGJxf9g4mL^hNLe2o
zQslC!T;Ywb>{)?8Ic((WPvSP2TjXEl@Ddrjkeiy0%YD7~kt((n%pOro7kA)%ap2?R
z0<a67M|5pL1wdu2POvUjB4#d4qfhNJuR~GNQ6Z<3PE#L1Hw}0Y(w)c8`48y*QK!>c
zShSbsAYsoj%(7KrS7~EA=|+B?1$eZO{_uQeS@wo*XROVL)`i?2N2#Q#sRuHhMi!FO
zZHs22$(*y5`F7VNY74!$$7ea`gASwoG%UrJ&_XXfZT1}-M>$$S)uxReP~uXC5vRo#
zG#7a-#)!J>JiA{Yq^UodZL;2J?DCceUAt|q0D=GyIC#E;UoRn`Ja&HG2hsU%;Eo_d
zl(|dcyaz@7Q1r80TdThFu9N*i26%zSKe3Gm#l^*Az%1!Qwp29w6kaT|tgNiI;4O4i
z=OUp@f%-`l7=*90iW3V+2pLMw%gd`Ra%*xxIxNqBAMc?EZLw9wI=exUH7?t$kvfw8
zphu2u@x7H1Gd?Q}F`lPOIB*&k1t}F!(Y#b6n6bSeff(8vT1b8*>>90Pxz#QvJjV#u
zZL=waS>`cTJFeTgy;zJCO2~TTm6Ocjj=#O@zfWavSJuprx~j8QV!E<<<?0^X_-Ex>
zBd*?OoI4lGTKrDq2VFm2SeU`M`~R_&Q0N>H&;zMTwuP*=%Q$-qy|nk2MZBr(;x<j&
z4-u6OWhCd4_fgUJ{%rzz8tf^w?T}BVk&JcMd}|>ZI$-OwSkB~|i?cd3ZT|(lTX{AV
zy#j0mBz=dKmrj<S26U6Ro<kq9NJWZ}eG-8BwN2mIqA@*`mE#5al1~%#@ac4)=iH%u
z$RfQ!aK+g1b1Vz;>E~QWDf99eC!0x1YYo-lRkb}$RuLLI^+<RGZ(Pz?A`t*@uyaAa
z$0kB@RPhM;kvWU;BFu9bi8B3^uPr&nU#DG|!B->lsv1|Mx@{F)$V9w}S@-J9>_cbl
zJV%Gh8m>u59JH)V%FDR#W_WdK<3?I(g}G4yx^*5B0qZ;zXca!9v!mYStn~5MQj7b0
zn@XqY7-^b`&d!tffAAPMg^ai9CKH|GIkVsGU@T8X{_lX5@-dyVc-Ayrn_a$yd+f2e
zv^B<c1H&g|v9tC>JNSPlWBvPjrW9Q9S=;B!A@Ge~0)+@r*HKv*h32L6k4Rw!KXFIk
z;Ldo1c}*PxGZ|ra*PmFLG3i9zW6BjTDy0C-d)Q;du${j2cKDzI(ybL}F14ipbXTOI
zpyQ*0@FkDV`8(bV{kJUMaNc+8H%x<a?v|b$b(&<MNd47c8xr1vDB*#dpu=&_m)afg
z@vy*b>l7u;$t-RUu3dZ1tL#*i+(-%4$*S^{jeev>O;fcDJ$l-aW1D{!9!dpH$HOoY
z_Ib|Wz|`-%XL5>uk@LVNkv-_jn9T(7M<nYK7e8k+@3A7v(95B=RznQGM3+=1?Qv^i
zy=lVZYCF8_Zg%Mfzx&gu^U0h?PJ)BpQVV%Td`;LXHfmAvd*ge<OIs)dOKYcRo-KNv
zUDVk{DQ(SNa%fwcxm<8M;5EIAOj%s|i7h7<sW3N_H~nOxU5zlDdqrJ9!I$3EHvJ?G
znd5kF5{LMNg%nbJ+w{x*D)&B01C5nZZ(OXlzfV;p@x|Lg&?er~a3OczDKw{y_ed?x
z28r@(By<kv5M3NU#MLK<Yt!lXKoTb91zCxyxm~5sItNMn!Nt2IF_KiLu1Eu^1m33;
zadHG|0k&&#y72Ww(bi4Uv~3G?8Z>)J^vAWA`TJHuA<S}+7BZ8;6=wN7QyC{(7n{^9
ze7r4GP%soFX6vWi>)t%o^upV1t{bzBX6fuqup(VM_ZVY{&Bi#k{Jc}Wb0We>`vXeb
zT4-B6)W8X8C-AHzm-mIEG-J`s)Sf}fjU!Cx86LYeSt7KU6R8~;Q!|PX^9JwuXV3wh
z7vesJOEIsCw()U%T->lb8okL~EU%RYb3XymBH}Es!^|jcapax*dIS>C=Ppf$Cv6XH
zvBfu1yM|`Kle%C24lX5+N|QR6SEDGX&IA+1;0JQnZpIeYR|{#Sp89VXJLGo6$OXy^
zxH!f83ICv~)^X!lRceUs_iYpphbr>#w;Khr_uTGP_D@T6)PF1Fbrx}2qG)l3^KY@z
zvxIf)MLJr?XM+Q$R}U1OEwZ7=7+)9475-S-7iHzAEykav@G)C#gYe<-48Ke%4`_Xy
z<Ct3aZ1Yd>!U1~Tx=MWp;iIFi#{4s*x4Kg|7ul{%((I<#XwG+h{(snXMv^YwnOvQ{
zxL7+AAS?(a=OxWUYIwFryU9X8B#)mxwyOpUV@%86H{E4ZhGXal_(z+IzT>@TyO5Pk
z1YTlvvq3ZHj@wE7h)YME+x`3`(G+nZc?)`;z2SxYVDcXG{l>2<4u5JFabvN7jSsiD
zM(l@{vTQ6#^1=4QH(t^(MB#96fAB(lfEk--<=jQL2l`n&^BWuMi5d^SrZhmnM0qJF
zSZ4i=rVHjF>|P;C6h{?5P3*IBEfsOE3zxF^CD4NP1bPb9dh5<}cd^gQrK9winL7NB
zN0{e?e(dpWDp?q>0oe}J4!60>@c(n6)DSK6EHfdXrO6_Iy{%LxL-f_W{02#uYyII*
zK9GH94vSR#C^vOYIg)I-3JVR#go1Y~uqu{Z4Yz4($j*)DRwqyV;aI|ilTmq}8gjdB
zBvR{C&zZee4;_BGhFq(LwTGf*DjuB7XlSd5Y<%&;K>V&@kDH3uWk30Cw`)v%yRpqC
z?tZzwk1GxK1wemTom<SAk~0s(?C>H76kSVj?tY{z5}vzu*Q<58X&hw=v*j!dB)i_Q
zNHCx7>f^{~l=_~YA^NBJX-inr-n6HL?o^onaB30lSXPS9xEVLtTSg}MN4aJnnY?ei
zG^~y{sO?;`%l>MdslF~ha5xnd)a6}MOR`pb=K@w+?G<Gobl%1-jbR<MN?^ItXW5-M
zt@@lPCcXjXl>vp|&B#9XF6__joGX+bjiKtL+IykO&<PX&c1sheS%G+P388c1jf+}_
z%n52eY9E1V$ZhX;VnA?`Cs^@LVGrh~m>LjH9U}&#o@W{|>2$iP^<K=8F5r*Mxs?^s
zBfZO%oAbbr>aPcK8_0QPHQwYszZWmnnT*HmCPTw@1fZ^h(N<1dHx;Ica*w=KIM?LI
zW!b{Rp`2;w=FJ$p*(|gEZfob?=QFk<STnvR?wFaNA1n@k(fV{qt#Bj;Rdd-eN`7pq
zylKB$L0EtLX5=fAgX*T9DAZF;Pyq+iowG_5EKEL3G%^cZ{5r?99}RDLH*XN7N!*EX
z<}FN*LUe@$<wi2j^Frl|9t7ZUmkPu^0a4fN4p(!KlhGH_b)Ga8^_m-_gv2&T9vOg2
zZ^P9i4*b?CU6F~N@EtXrAi<NtjFj6gwGkUxp;$1Qgta!aEvg$+X0cdY=G!EUC|l==
zXD#R6%?0-3qLY4$bIjLhLF>C$#3oPq=)D<rD82Sm&JqmVhkMb*cGk(9$dxs9rl{86
zn?VeYXnz@Ea)?whF%DVj222j>X+QODIQBii&s18`>gd*oX1|iAE4U*+3Y?Y;EQT&j
zDbvt3x1jK>ZTswn8T-$jZv{Jr^Ud7#*YpXjt9&&8hPHF_LnA^FkVSr3eu2kJsL3gv
zYDw1ZXwn+>{|Lfem%_?brN=MYAR=F?ps1Gu7C)i;eDd>(KW5qmz+N|`ORrd-JNGvT
zz(L;n7caWh-Lz^@Qgu*gNe$n?k-3p!-rNt(z5<k{6vgIl(TsPk86y;=226bZ@(OXZ
zZ`TKZD+?4RTuMh9NCG{fYDbCt-7a!ltz4&8Ep#T920EjKtk=H}+j?+MZyY4btg8CN
za-u~yBFTO~InTzBpXSx?*+$(2=DVME^fs3l(!Hpn5p(}H3~c2p%%iZ+t7$+WsX<_^
zn6gB>prl{2kr&ocAX8bCxVO?|^gi*(u0Pg<2wY_f{tRHe7b+hg8y=}})wjY_YA?;z
z-$fgSF#Y;WJ{};1OiY)+BrI(q-g3f^m`JMA(XIqXL)Bgl2c*@x;%C>Ky@3!(%}*UC
z)KTAhohJO!Qd@ehylbw`+fRGc1w6V5(IGb5e`ibaC-;o>1gaS5uMF_64Fehf2>wS(
z9Dg^GIpf4n_~=C3!Q5;V$HuABE>IY!ULEC^^WdN8zIa)`*xmf1vZSWfs#jNxO{Y?N
z<PzHwz&UbfFKTs%z?FW8Ko(mr4uB7oRZXhyH5BDIHtFLK#H-+F`Tcs0u6^T!>G-pZ
zv#%HkPT+my_t-N8AM^M(rnvZk?HkRxp20!oZqanGhya_01gw9QqP2K`9H%iHC+yCA
zYmLpaCy@<kT#@p}iBs<UjJ|DMvnRn%1V-ONFB)Njt)RfDS+A#%=v_3tXn|N+Bb!E6
zlBK_4<bN!;n>*jEet$jzGv4f{k*8RM55lQd<Q55+fmp(S5n%7yzdI2EsZHls<z5lI
z!msB&+Of4CRRZD(=hX!e97)qI1MWl2)6rUnAFHtA*~OF~4^dBl@LWLM_R51AfM8Ih
z_|p3nf0Y40Few)8N7Y%qGLSgNO#Mg*dWzD9R{K_$S1LFxT^&)jlF8ZEG)up`F_;>C
zXLnsGC=6UcHbc;BJz4|S9opXhtt~C%6KR1=1UNWD!0=4=qS)ehZ$ZXZ?7ka87YCkO
zk2P~ji&&XAmo(PO<r8y@&eOCqIMq>xM4xc>W=4Rxn3fbZ0w)R#C2T4t8-riCwUHs_
z7CpU5N{t|i-ClZVqc^h@>|pRl=grKpdWL?XBSegl@V&0ry0~;)<M_k&#PXqzu00F)
zSN$)Eu8j}s_=Gy=!wv^Vg#_IOT5NeD=JFqF=)u(@pX84p*dJ?1OthBPGvkl%F|Rl!
z@S7{0^bTK0wI;rNCTvo9l2fOmO0G_A9d^@IJw-FnYntt#(q~|Rs4I>SDiFBOiZhVj
z0jSK6m8ZhiyvZd^+{Yf;p&%gI<=K3OpHc6~F~y9+v=FS$T=UM+x{BrV{>j0;@5yl(
zdVN$%X~RXOZHbefD$gQCa1Lwcuu~4d;g$Jxjgb5=k}`q$$n(Sc-lvH%K^aaX8KO^>
z`S;MWEqh=veths^>l5YJ;sYSKFB6!|u+OL#J3mK8<Cy}cC>l**xG%|BWS41t+k6r?
zOIvuqxj(R@I+SQ-h}3?<(X^6Mo$X9MU1_q>A0(-NM+j!11sa@m=7?tF9aIB!`|f)E
zTMFktm{uSr(|xLE_N9#8J291&2ng3PO6EF^fOsP!M&8SL*J!~JDeP^69lib-+9FA#
zfFq~yQo_5Ci20MHO`B?1JcCjj>4zHZj}+0lx~*F5(mqJCwaEN(GI3qi$iV;{<x9Q?
z4CU5HIR2Q&VK4q=w3o|V0<G<XJuK0-QnL<c@3PjGfm;Zu)Toj;`vkvQMhLo#p;Zh}
zJx~OIXkmHo4wxO0#q;q=B)iZRwh*GA)z~n0bz|z5`>i3Drroy$3UWu)^uN4^A&>~<
zkwf_c!z>G3VD+h!rfOjIc|hul@A=2Ca(W%^!V*-b1A)7>60BawdGJ=pPfb5hTeDUo
z%dfaKlD%vk`i@V-1sX;GNdR?|Z5p1}9v{otM@<xcrMg4MhQ9o(x)#X1cE4tA;zlTf
zIH&cU?a>bzvO~Ix!<#;5Mp>gSBTKY^CH&_e(Xt@q+>5&%03)r9bhl9`AB-9cw0Sj>
zq(_lM7iy8DW+8Gl)3dpkm}~};493lrHUo{3x6KP6OW~D!Flo;aX&I7%EUZt|>c(;|
zD#B=Kg5hzAmt%sqp-sr|mfkIcqzvBxj+css1T_BMnO_I;m&zlwHxiDl990qd&6Zy!
zU@UKlwugi6gM$`Dqx7==KknZ9t;wwW9tIJ05REfZ6a{1)l`5zp0)`?gC@Q^o%g{mT
zB%xWr4kHpAr3y$Vhy(-@B4Puimna>jCejIkguuIR(C5+5^<3XS;N>?j1G&pNXYalC
zT5DT-@}@R$W<#&14=W|H?0>nH@6d19IJMKBAHfKpfZQY}Gjq}f=EL=GO+JF)rWyGx
z`(;ijOLNwXpwS<~oYh&IxT<2P(fuEu=Z*OS)>q*www`7Le9f{iTAR8aTr)Ms&I;fv
zV5Uho$iiR$F${Q4H~5OY-r4A9%lX``#BAsm7q95HUF?5-^;%=7;-CgHL(i6}(aXNZ
zo_%)u|90A-_msRFHNHg8rcAX^Nc1F*007oE<A}F)@}7zZ_HmbB7_@?cqidQai!~PK
z9wsd{WvpLt(HV6L9SL2IV7I)e#mS7$Nm@)+PoVgrYb5Y~-+uOP^8+`}t>NYp1)(0-
zZ5VsCPIbC5Vf`#un0I4avY8pC^Nu4TkpQg27v{EwQ~-XnY5T!6zr--b(`Oe;^2=!I
z%p@=kQ^*UOby`~1UTp-;?p!%mNMapTt0@*&@V~G>gzn;@4HHb;G&j*Z0U@GY1c&%O
zsKE#@@D!Y$(G;5NR;kZ8KR=L{bcJUQ*UnhhSYN(8)}X#(Q3!87nXns>*QNPvUUfzq
zg1mw)-^La1Tql|cJdk|JzYTI8VOs7uF56?7;ulQ)mX||fIwu%d_HSPt7^w5}7VBe-
z+;<)9+b7_z*p$*o&1{_3?s()JuJyIeYT>{qMe?-Uyw#M*jY`*JxeA#EJHARf|Cx0y
zZSi20dDdC3oa=hi&u<!0JUnMS#=9zdUi4Nyu2XlaS2^S~r~Y;3AKCULzjm05>r)>+
z)8m#0%Ee}H#%)h8uc%_LUNKvY6#A5*?ecu>DLtN13T~M)xAxh;@~fVs4kNpFB|QK7
zWa7oc^r}ddwVl1aIE-zya&>mT2@FU9FoD=x2Ba@Q8(1IigB{QxZ5v!SUC$NcZ)xm=
zJpFl3-O{c{5j}|jTU16?BH~cUPAv%|;OF$lI-K@+{&+^ZtAPWHP7!q(4NaN}{ZyRq
zvz#=zx}mnI!V3G=5>RYea}DgVPJ*dbp)VlFJN_`yqBUqNAH_g2_$3vQMJZjg;{5aW
znj_y4w~;ZJ9L3<L$g!~HSf(d-8{$QEyChLLWO3dZFy`6Y?~=<#3Y+lRr^so`^kwwx
zq5Edht2fN0y^(wLu5GCUG5u&6sOz2r+4gf`1TQaFveC8QTeIIdXl$E<g4g<$rQ)nV
zj1p{ZYI4lV%ae2U^em37MATqv>ppb+Gc;i-!oS?9w7jQmWLZRvu)0+pGIzn_H0<>%
zd}t1?*Ea@fM8U_f*fz;$OX$SFh{E%1-!r;Z4_uEJ8HQQ=n6S5`ixew*1RBK-4o_bo
z+SQZV!2oYUCGG*fWzDyaXB>cSizRAI_a!vgr|!CH{BKA8h33E=&LeHnHM-@A7u8rx
z$F$S2+Z_{{1KA6Hf!2|O7+a!zkb0h5xl!grZ|+@+kF@f<`RA@VB9?3<ffJy6aV-J?
zpfi;A_*rrp?B5Zv;peZu*EQd{Z^HU}8Yg{1Q}x2WfczH^&Amud5rbf_{k$s}ELf(R
zZ&WN!>($1*ceXI%Ef#zkuk4j5=T_l52sg5wWZLKh4gMyW3Fv};XJuve?LDT>1A!6d
zGhYi7ne7S!mGfazmL0*{S3N;v`x*71Lab*C=w?3c?8t6`CPH4u<9YyHKPGZb!mM#w
z`BtArC^8Ch0QuwZ)Mp$7KaCSI_SAf^R#NhHv%r@GbVTQs?I)i^xU;n|hTcn~P9>X;
z%yk+o^9>;qoHtk`=#M>}`z;6y<71BY7-34ew$!*8xD|-=BN8H#fF(@AD!(FQPyFr+
zW^y~s_uV;;KRKOb*l0`+3$|!tkMDT7pd|RRbxS&p``JRanwpx&C$NvM5~IKbVdCNq
zVY>pc3o!GLSbB(|%4^7;h8eq-|MF$ij$+6)pDCfC`ma>-B1^84`Hsni<x@v-e54xr
zkg1Keg2yKph%Fc??5p`mjm4Bf)sw?5ey$c~bxmWJa^#L{c~3avK>lsH1gvT+vFTmJ
zs~>I*{ockg=IZKf>(sBjxaqeXjEuoVVhGDc&5SX3*l^q<g?hSla7|e4>P@y>JC{!|
z+#hyy+tgSVqTGg`u+zUs*MAZWkR?7`&-a(>{H1g++}9n&`3`AoGI>7V(c`w*WJnXR
zF>7#I031*@?mW3b@408U>c)6!XAz?<Ou(xP2R%CX$19sqa~+-!HTr9?KR3vlZ)p#b
z9|H5YI`0gz*L;8H>_o+DfW94{lX0a`u1$z0CkN+x!6FQHr~Ss-8(Fyo+9RjZ^?5Cs
zJ9#4oTTuk<*7od9Q08K5%%05ia0PVxnG<jjCGmPc-4Wt)|26%?$-2fWd(5ZxA97N2
zJb!t4CmXChrBDKAOdL$ek=-y&Z#_=833Ao9dc(HBTb*hST1w@BC45pxOzAdJ!mF%^
zH|<fJ>e+g=iBDHt!j0?v621k+^H<zvhHQ@Pz{h>*FROB_C%>PCT1!s9j5F6M7YeTN
za?}O1?u3@>RDYRZu32MQw7Ff-Tkzv+$?t`s9IAG-&3EZNGLP~P8{{YU_j3qoHeAu9
zb;Nb-N`-sU{i&We#g>}29a!}l?-i#<x+1Z1-&KpTf5IWs;^kflFGoGcsURX|&asH0
z9dxiy)nYc4e6@`4uIv3vyr-1CdTh+}50cHO(Pu=|t$_mbN3BdsPXpf<nMu)gzaO1P
zsuydq`mA`NPxzu;92g39egWKdFO<$-?&h-*5Xo0dqn{}cA>Kg}Xzvnm5v?WKGnbom
z#EFbF?^@n4xZ1)%g)=Ss&X0LGo35}rQ^Z<W*5>2d7Me=I^vYhCud?#9a$Ja03Yv|2
zBtK<~e;kDIUC)nh<co0oa2a(5@uPnX0is&Vg)u))qe(wv?Ql2WVvqaeDV}eQzK5P)
z9E`KKvdf2{VNq~wFvy@Yl0N6)XW#1YLLHM*5oX#iv#5bmg_>+=H+&)X)W`{QO^dYF
z&?*(s7QUcJ&Loq`)SDu#daAa?EdHe3UH3;W-!s8X0pz?7;o$Uw27K1g-%lM2?^Fo0
zloL5<HO$l`44E!1G=z#x$eq)eGmk-4j*We-^6T|!K;!j}4EUvJvOp#+r$6^;Zr6>P
zO_6l7f-->{Yie9fDk5}*#m^lk-8WEytu_F44&$05OPxu%;^=^Z{C4V(=sYB>{(Ppq
zlf~2+*)2qU1qJ5wuCw3_I1TV9bvk;z`TED0o$Tml7axttcVJ9a8q!A?YRt%vxjLZk
zUV@?~#P@!Vyu^?wiNSde0Tfc{Jv?KQ({=gfc*Q*DR8PryvCzdUZUkul?#Q<GGn=%p
zN-IBI!^>6eW*{SviWr@^wWei>c`Vd?TiK4F$x*dV*`JphY5BwO%&v(Za=H1Id9~h!
z`-6}5j&xOkLH`aj?5?{zRi>{>=poY}YB$!s{iaAMWKIXeAPe~o4sOBK5B89U0`ea+
z|6F=2AL7VuyJ>4;ZZDWYx|i1f%de1G*IGea_=e6;h^R1oWj)Ah9Gw|vZjN`ZXaXuf
zLt2^S<*4~tY9wVwl~@Hd#@x*soKgKe4l<0bv*i5S+lh(YgZPbH`w5{F({m1wDq6yi
zR<o;OR+rre4G>7xvK4Of<x0PjZa_2R2cL?)qP<NQv*CN>YUjkcnV<Y@{nhoap)}3w
zD!}oc6$b64xZxwr0&7ceHXT|ln3|@ttD`)XSZ(@IZ$RlS#f*a6?z_s@ZKC-ZHg*$S
z8WPb$8_rFK!I+NhfFo;PUTy5y&z>85VdL8i=%~9TYQxA;)uabksX$kt2PMp_D0;o5
zYE^x}BmjNiuG7r3l&cTcs>nypQn96`-d#yU5~tXVS5X@&6XCf7L745Ux6--}xs|H;
z$Ld~FFjhoXf0~PqMA1@7=PbWXqj_QJ%t;R~uae|ve+_HTIqJf+AkQGlu`a$z>6gKC
z-z;V9OWOrsnl|)TWZs7?>Ndn)47_t~O3moV$cSk@v;*Yy+dD^D&DXWCqA@%3JG1uZ
z<>irSPs8$QPZ`Ik0(jwid1*eg!18nd9(?PakwW&nw<MCFf6C7kjRcp@{KR@yO7Xr(
z9xAz2$>qc4iL-XD-$SW_I6r&3R(>o+6irH<2)+0CIT!%wu{;w%h={v*v1MP{)YmFx
zp9Xpfkm2+c{<faAn;x_>`V@rS><B-O9w}aC>)&X{pyB%UvV=V_Y{+HdVV;xRdX`@J
zM&2dC54xMzZ{{Mt;;}N{Z{ZPSx9Cz8CA-{yjq;rISdmlNW^V7%JN$M;YftD)nKZ)#
ziZv%oXSe)L&NIwfTB6{WfmFxEm1#=cnaUMLN{RG+SI@aZ*ps|v(^z)j4a_c>Z(xvf
zj`F-3&aW-#ZI#YVA4I_*?nTpIvk7ANNhwYHakKY}9E$FWC`sE%>!%ZV25zh2t^RZR
zp+==8GxlvDpKKJaQ_fCodR(rel6IJ@^>&OJ)lwbP?p-_cTAXjklm})DPur_yKV<i{
zN@H|+UcEvt=H%T3*WYwggPsW9HEU40+Qj7wg-g)JleJB4C01*q&!J-Gd4S=B{Alih
zjM=?wH^FL6^Id>en|G}P^O>j;E=><eYVNGB3j2bjF5f?$Y_vA*&|HarPsv)YR|a@$
zvJfhQ`|UkeNX*Y4@K0O7LSnG32G;49N`>T?GQzpVKObEC%iN3L7a|HF9t0}zOO7KM
z`+sg8GR3V)BSk-dgJ>@<>E~~li=xE;@`05D`THHEBQ?Mz&sI2-6dn!&LFbyI=9LRV
z=u1DJ;K5_`-M@Um2}S%RS&a$hIO%b5@m~r8mW9JMgRZ2*iyweAiu@QzA%g#8+K>DD
z{X)in-yK{&vf6-&m2x*($l%F4^mO)5*UrtQ+4ke2hL>JafBKW#pA<53k>_&os+FdP
zY8lH6E&%z_gj?d_3d@EJY~_tCjrCG4{Cqc}^VQ07+}dx!B0u$?-P@OhG`-dm!#Wg0
z>Lz|k0z#KK@q0`fbi{)%YBj@wc>>EkXyb1G?(X&r9z^fKnn1k;b;z#*T^vB%OQj)x
z+<~>`olZ%?e=|>cfDH#LkbYx!y9GGSqa~9s#JbrM^ivydl@K5FY`sxqzP)33V#gkG
zF&I;3xbw^Xcyby`-p#+<CKPddOx}Z3Lrh6g@pyT_#Ql=wZM+-7+t#u6$zhMeooyLh
z&&3`~My{#A0Hw$6i`=Nd-F7EUrg3;59*=hh_`Eouy6;*u>mv+-k;BZ?DW^iLQnLf<
z?cZA8{)$Zr=98s=diLzu2pC4+^?cbMvGHp2ApTy;9)gyf7{81x?$hyJV-~;DiQauj
zP4M@sP-nnUZslhsTVGkA{6{&_>QFk20ESuIC(HtW)x)(gMCt-L9$cY4=|L$hp!l8u
zQ~anB{!N2(lI8}w-1aUW9z@a>GSf7~+S<AZl0;`1@zn%9@NZ(`s=ksP;4p-{2v8G6
z19Z@LKwr2O8Siz!7jk;Adi2uzrtl$`opMm%y4k;~X2S*vzV)DodZ*(r15XqUPn0nX
zNy=pZZq)TtowHoJc<!#H=3#5poe_!jckfQJ<B|6_)l;eL_<Aii`9|_=-`C~r)jJ!J
zhmep;J;gx!q(a+TqG-VGxLNXa8!>iGY!7`dfWl4~{1Atv5La#a)<o@4-rw{19644{
zw|OcBdR-RC>>-Q&e2G%?X<R<rW+`AQor;vZ)1W)NSh@(4VG9?LT(3*cs^~*~mJb&7
z&AawpV+=LfER^O462-*zrv-`_e_@vCDVa-WLZj0GLbu4Lq_Xl=06pQ{%M=o?p%}cf
zM7{U`J{EHC`y3U&k1?1PhOFxn`g#_Mog*HuB<qwnJ7g3s<8iJlIz-dlA(ztHVl~Jv
zMA>KKAZ`|;)8<T!I$6)F%SLrLFyHL6y1d?{$f|vGMn^{Bv7X%xC0Lb?#I%D%!b7o3
z*)eNm5T_Skn1}jVp}|q}z^UOGuB+4+1}JkvWR20~cN5n0A_*Gqokh&2aa$8J3_iQY
z8TB?ur^aJtU0Wtu3{3ZM5j&Y9ZB89wv=rW_7CKu5$;)g%dX6=!AL@$!NARQEjr`r!
z*It8&w*Z+%%u`DNn*=K{5zq(@Lg+2FX;rhDh$+H2m*aqffseC39Fd5m_K=Zs>ZW{Q
znIuY#GQ#vbn8)%)=qYjG)3C7L=#92M)4p>3uGOo8xu4$g4$2S{Uw9Byx`_+1ZCFEc
zscV0v5AVS$l`F9_uY{$QEX?_MT?PAWN<0%7yV?~#u&&_1^&^YB7S?iSbPeCy?2w)p
zdIHyxT0Ax@xWZmLl~#6?D_6YRZ+~~v<W3BkVuomyYmo`rwc3c7Hx}(jYYo(Mq;1N(
zfZoP}2D)Y9&Spy!9h61R`yAR+kFp_!SO2EbTio#S_MU_m;;2&3UUgDghuOs2W8t%a
zF&(s1ZRp)9ZGK78!m6HK8jsCoT6yok*k(IyUY^D~)ONw1nmO0zb`cD7(M&`1ZDQ^$
zG($fX3mT1MJ9~{!sb=JNf`bqiZ;zXLi;sMuwTtrZm|rOnnZBlb4nDk>B1O>3b471^
z1`l$3Owoi>vf0j+V{`S%3DRq_rUKjxOz!j~*gItjjmSlx5fv4k>cOdA`EtGOMQN!@
zPjd;JKDP;V_MI^C%MTj5fo|sJPEHvfgdBP>0h-?)?06NQFLJ}9i!PUL-KSQ78%LmC
zoM`HFY*ANx``_;~&((KoUy4|?NiT}2X@3q_^b~%k^TFWll2aC_sj<^3$2>A;T*~wH
z$3_=bWBi!juh|xv?!*gL+g<o#|M8C^_D-C#aGLVjJ3%g%y1_i07L4gNc|GwWU*c?V
zFnLVB-IUtTj;91{3_e%X5XGDk$}TC%qUOXG9#9-)czs=7oDa3gz8<=nj~u`W77tP9
zVAC6&-Y*NK1@EJ&9q(OWjkg9w7ms3d$Yiv7p>hIMV>l$YM*1B+{!BkJc_iM>yqCZz
zY6!FlwT+{mDh)MHOE2hNR4Q9a^QJWmx9JlYbEf%on;Ym%1NH+(Q(3Xhjnh)f1Qz>q
z9o=bVE3=Gh!SD3L4h+QTk!)+ZOX=$4WI+)nR}<1heUWozAcV(s2#Nezwv%=vr~hHq
z!^5pJ;5vq3tTQFl!vRNkd~6m43U5_ARWE4r;+Lo6zz)XAr6ayVbqIk?e7Zp3*B)cR
zJcFKy@3;U?c<sB7<VGgZSKyGhf%49bPkyQaFxoKo$+t_nJr&+aQ9EuzhzQIaQmj5q
zf*zindDLh@+_$sJ-4}yYw2$nog}JiDgB+>dV`4cOsqJlts}sp0fA;h~IprD`zU^3r
z4Ja)O25GnQCF&SU?d%cY{S_PjUXxCj(NUQxfz7P2WhG?0B)eQ(BOZRdclUme>ygnY
zTT!uq>5BoVaRjgmxOMWvBXG9jpeLJlJqRsP6uEY?XYwD_hqIh#O$xVR0Oiv*sz#J*
zQo9o0^_GB}^;r|Dy@b&XMfpv;AMD0oXHWzFIhoYxHY=)#nH_1Jk#b3znUJaL6qPR7
z|90dP_zr&>5oX;tf0BMLBxNFm)7{p)MtthEi)|+(pf1+R)9&nNO#9DaT8-Inr)T-O
z)F*=zD8q6rCzHF^#0O<8_%N;&hxD}>)D157#Upxoc9Z%U09SFOk|UhU@-EyF3I(G_
z3$WdOR7<hxzGo5a&B*l1@qa>Ws8L-|tKMS9X9Oh;A~>8)>)x`A>SUM4kYcoZ6Hjb=
zWWJ*os%58AW3J=P`3F3#VZOta6Qoval}iE#w_MVl7Q;I1@z{USFk1J4)?#?JeyPA(
zFE_Ur%&S9%ZEQAhO@w3(cOCDn?WdY&dk-bamAJR!;UvwTa(E=>+uXaii5Vc(Tb16}
z%N_i;V0@cR8w;Dlm9h9mm{MRP&^ODKcfY0T*lDYA`othO`i&h~K1$O{nDpbr$wX&!
zdF$vz1}6pDg4e*<wzK-thi$J?mtn-r++&#PvoSs+LBBd9S~5+;?^H9-T0YMlS<XFU
zwahx-Zr0|uUi;usRkZK33w~$S$=AIpCqpmic6qPX&0#4w0V8~uhifx3o84WyESW2Q
zS#U9zm-Ua8#y8q}r#5SiBW_E*$9x8bQpKUVair1Lvnz${sDLJXO`mBMTdI0FqJ!al
z7$aY}W7zka=c8COb6_y&en%QJa*fi`QhQ+!vuuLTq7=wkP1BSm1_4e;^gPaP`dE@m
z(xHx6<HHJ%AliV5S_I=S#>ci{J@Taz&u$U%rcgd#nwS54-=~I<xkI%atPP8Hqg#CG
z6<*ABYJxjsy~Cn}vUt$$fzXU~H133@);*`*k4y}K^OSs`f_`s`E0z(+>?_XKdS3(c
zL)&Cf;yYzZx{h`P4D0@s-8#9yDao)pwlG_jA98t4>^$p0#Y6Fg^$#L?9~wofPzE08
z$wG!i8I(ZP+~7WDsDH`!$<+zg0efw11}}HpI+{|3!z^$s{_ez$(9hf5#+v2?SZ;d=
zj{t*Gm{NV#mii!a&9rP#RPYAc3Ph3ya~?hg*RXYYmKtv`^M%F5l*c;M7bmrAy(k?2
z+7sadWaXCe(&8M^qq-)ZpSNL<k~?#KmB6A&Guv(!oh7w(owx7WO_T&#`LXi9fh=u?
z3f`<_vaA^*&*nL;E_duf=zVaJ_o&sT@uH)9?{Tv99_YuVP~P_IN+jAGx%hGk^^~1U
z`KL^|hM|0j|Gv4={?$07&<cI{Pb<X+3lZeripw4bACGU0)QUAltmpPxrADC+%)VZr
zNV)`lz*@oM;DqHR*6?|cM0#y9%}+FYtgl)<eA_JQ0PhYZ$|WgAGm7Qdr%>J5KAa}R
zI2kv<!zF?@@i59cUHV>ZfU5AkdRN0x-IKAUOscg?>k{8Zln|NVOYpUIwB2a?1TP*m
z@VoV9aqmX#nFrcsIidoOM)g0xa@Y<J1NX?~tY07M6vDdiQF|#+6vAjTA1gnh%|Lwq
z3mS0q4u*RcE2X4nnd$M4EOx4uUsHgIchQzT!5P&^f)^li-loWYj00v?9T=n1!J+B_
z`{mESoI%*k?mtdvh_|+FJ*APK6Yviv6w&{OY}m|W#aDwt{WT$)o}BHaw{9!@srWsl
z8KIWcoLA!Cpz>JAX8&<+RmQXC$@sE$ggbb_ZDw0`^MC0^usE45avd3cMfXkhN1`L_
z%|CZ!Bs*{WwEy^}zjz`~iM+G**s=LSzQlQ=2c$)4rWQ5%g1|toX?oWMUUfx&LdU15
zHilb;1u=45D<$l>gmN#=M}Jpm@7A{?hx*<xTw8;QVizkIq++BN)DyIQ2zQ2}QBpVC
znw!u2H60xe@vt)Mbhh6%zkno%6Fj`8q;ZT!rs#w4e}81lO3)4qD6ZJZ=-EtBTOT8K
zu-T@L<({>l@20Ed)KY84W9{%bm<S@JXmvAV0N2;AxRw=yj2$7hTO$vVTA_}}8<8J_
z=lSs>q3_q}5l6Zg{P3rzk|@2dzon~P`EuMGoMPg7DiRU*v$oHlw~IH)1)Vv#CrUmo
zJ^k%{FE6hN81_O73f9)vHrLV7!L<gddfD3cvqOhIZkKrhDgkq#?s`o9-VKMLN7DUG
zqb$>q4i%FKJL7MQ5|rX1`i89FnD<$n*N58=WIvf6Sl}G3K5QP;k?(f4**{kNv<&3Y
zPsg(L?MZiyCZ1>J5qqQBI3_A(lv5q{xnkADXWXKqsU-${_DN>?wim3>w$n=R;L@7F
zn6hkG)hy`wbgk5mZTy3ab?2rh6w?1%R&RIOKR{^0YTOGIzTS&o`d2?>pX!*g^t<I}
zlA}JIaYdM$afTy@#)p5S%&@X40;)+fGZE}yYZX7KHw^@~nREhm8PD#$KM<Uk)<sg8
z4ZUAtlC^|;hdjq!daF>6#4cOj#mU1(^Qh4qA%8V&ZEFhMrZeg~D#k<1ra*c*+HlQr
zDIw=!nnU`;MvC?8v1(1%ZGHUqhqiFLjLMAckoL``5)8uH?1k008K2WEGbruI5NOYM
zP$tma)#d(PDCfch%E_R>iPtlxMxH&h%w^&t1({v1nfE6UU3elT$`ASDW`gly;eA!g
zsCV%lV0;+5IGC1BDqUnP;MYBl$ntV^EgZbOImCkym2o(5aq7LCFnFD5e`3a=8pO|?
zoq`ID@zGQRbV9W<Q<GIF>%_zRh!J0?4+Vgh+5{bmuX*XE&=HXf9Zm?4l|Pa0*CepD
zDq<6z@fhYBb$XLe&h+hb$@GaG^`$6kl+;jXdCLgu<f_|(GMJ8vF7FxVFIy9S=?i5{
zxW8CC8yB)TrxLF;afoZ+l-)I}Hk^X{(&D&g$&lCPYgJ;prkXyWX+7LfKIE?fdLKon
z`kkFrail_p7Twzsge=x@beh$fta4xQuZafS*c~Cc+af!5<jK~Z8e@P7%|-n%e*|1j
zmV1wM`pm7f&g|iBzmt`=pYIs9F%&HQ@OL`W^788NN~nsO$ztP43}}AHVnQ#0ktj>W
z_1je}&0&JazoV={zD<`>e*sSr6zlrp4wys&sVdklmWWph@3-0JrByl|5*2O*XqZ{3
z82`)!Kd*YrnFLj0hH_CwYQh?5_U08&fR?D;$1?m2aO+P%Ln}{oYl!$gvF>h9#Jg_r
zRP{^_j#q1kh)Awe{sX+<IbMU>f9A+9!3jl1?^5=Xw0*dl?X`A5=ETJzmA04Nl3#3;
zKt4Om{02n$Tg;Q_u}9y!Z9Q#YW4~x!&afMV$_0($4eXTqkn3}lGuu*Zi%u{tE~YC<
z5DDXvVjB$PU8RU!B-Q3c^napogiF_Wpo;n4kC@lf^$92oJ3SyWG*3%eH&|`vdS#xl
zzUUocfjk&=g>~;NK8h8>ob2Gj&?lDN7D5qE-Y_fE|EBf>^?oY|;L=<*8$W$A-1%yg
zrsG$$3fG@es|3~<2EP5j5Zg^J{a^ZS`7bYI{elxB6~oV+hNc&I0PP$ke*k0k!M_4(
zYMgg_fBA+IvBi5ofpLfCrZ&pJU;HmlxO>Onzd(6$_8Pr#mTFtVl0CX@oj?Gx`;Zgi
zN7M7s34MSr|9c7Q!A?(p{)Tr^xHcy2xf3lJ`cY8H2#s|=p)BaV0Br4dw<o1O!|$w{
z@9k7+{==0Dc0yS7ji+Pwp1qBXAqw;=Gt$sd^@NtloLJNI8sgGtr=+(!v(L&#7SmhP
zy9)o&58`0oBj_gX<mx3g+5<lOPT^)-I+r<|+eIMM2;BH!rNK^_|FW@m{o^&=e1D#I
zi0#Y=d-1yv_MK|w<m3#Ejg5Ur8dIDh76|P;XG|N`;l3bR;?lA=C$1(5YLYyeM+y8p
zv9<s%`KT2`DGW97aaY?Kxg86!-$CF5w^uKLiv>)vchjmFLk0za+Hbtvjhm?xnmo1~
zkH)qem1YZ$EM?1-*a{-uhbaHC4nffEDR#WPa-p@O!<8)t*+#AQAT9(ES8d#1LL^$2
zO4|>E+UY(oIRK`7ihmY$umhzP@4w86Ua$B0c4XC#7fw-Q<_*IJDwlTmeurd_3|S(q
zd^k8mk<RqWYv(7ythCQ-JZV={&cC@CC^OlX)=&v%Q(uUlAZjVLsidXB^QNWb_SEnx
z?28OG@3Tw{p0lhS1j_P@#W>31C10R<b`%0k-h=Uwng6C80Hxiu+zO<~bNl;RTlvxz
z2)aw0X;pK32sO9h2y?w#hH-^KDVnAo@r4qMr#7H?A(^Q#1WXqya{Z_0I!Hk;JWyHa
z*w*3@_d-v;=^Hb{v?H;in>D`qsO98FV;*IzS9I4l&HV*<49|gp;`-sSzT4gFZBvUE
zE;m@sT{xB<V71-R`ewcsJ2t1gik(b9V|?nf$hnTFHnij$`_v1wrBm!=YS!HWmA@>-
z_wZVoni-`q4YS5N?9)R+Rx;nV7}Zgj{C1m0qvh^<p@y3;7=#8^!k`3i`XCI`DImd$
z^ZJ45BE9~f5!3tm6;Qi?`C{AFPtz(kEo+_xrE1z9$;kEQr5$ses9iE5oaNm~&9ipW
z=5^a}VUs;MaOz8I^6b>t_o+w&a?P#mq%}_GwBBA`vgxI`e?C~gA9YdsNQTeo()Hm+
zI)~^D?Kq1iV0&ANVTS&7%KZkd+jrJ1o#9P_<*3KQ=AAS;-J_e}2Nc5M{d~pQ%pAMa
zp64BezSIU({19Z&MgG()s&-5*k2unDEIyA@Mk&J^WpWs$O>FI90|yIo05sTo=5Ko1
zB^8iO2$0krdVJWUgO?Fk#59x|vy$HQuUxjdQC3nC$Y!kUGKGn>9jcf6!UkOi5vbIT
zX6E_%LkZI14pHF$P`-LJt*k-m_E_Vu6Q3Nigve@?dLt?Iz*&lA&F!8w)j$UNeWES{
z<iQr`Cr_Syl?!%ramkwRSR{f`pe@V+x>e%u=jZR=0p8tEz<~oraRabod%P3tlg#iV
zfn#nS9`{OoKOc~`KUE9anEzec010jK_lJfybG3yl*#QSaZ1Y>$(KuUOwy%e4ZFGkw
zp^2diK9YeHR5hKD=AJ$<bweOKYTP(Dn8SN1NbUNtAc0cz+rpH~#BQnf{B&uPjI{Gf
z;=RHZ`?Nzghvwm9n**QFl#Dz-YwoF8c(Ms67+iQEFa7k?cBCU_kmHKTu7k8uqj&FN
z2Tb)Wr|j@4U~~9ZZ(%^2Q2_>K?erpwqD^50ZnJSm;~=O<UpmxxBEXJP{4c=HzTt-0
z|ANlnv7OBKc^DmfqMR+JA}*yv8=a-(d&L5!K}ChmYuB!~3Z1xyxthZ)$sewjrxdaK
zs>#6n26jemoczT04$Gokv5Nl2I(YesO^%<_b=!5A?)|TC6fXiaROx+BHJO!}Se;14
z<c%kdU$M}Ln^PCrK=UK0j-qW`y(X8oA(6keL~noTUv|=G;jmF#Av7uPes_)ts>rO~
zeCUd;{H*j4RzhE4q0jKSjk>q428@l32|0f(zqdoV!=MgkVHWhqwM3}xZ>tDqyMGu~
zK(D~|U-q7hcP_n}c*;fl5BBAew?hqW3Uw(!WB7zN>ND4>1-$$Xw!VC<xKlP1&LUZ1
z;;nI)Qto!|*<tnh#aDcPxqYB1xafK|DNLv97W<`N5*86Dv!UAf+#4LOPk6Bi{ULlt
z-3?hJ0~v&=3WY}>&Z*Pn(VEHYcg<>60#EmAUYlt>yRkFXqzxB!q3=5pL9^$7_V@~)
zYSu$%Lop<u_ZR|K(3-LwF1Wenv|0NcblYs76k58I=8;QB8HcXvYTIHL*O0Tr2pi~i
z$q?nmOArs4ceEzp!(XCkN?lD&|2$R{_6aq4@y#mTp=c-_50KcbS|1wB18dRqi32_-
z)k3-Uj-emmyuKg0dAZ_XgD_qLGP$2qf;;<nc>FeKtUrF@j*#W9BCzgXlL{oEo6ODk
zVN1761DwE2xrqdipbwE`vn@(#5^vBWIms_D#m{(WTG!DSIp3iK#5bxoC##v==kY9T
z1f&JV#_426j-|g;PcYNARwrtF$sITrOChH)aB|3sBUpah1OAh!;|=G%=tXWVH@Pqh
z$Fv`)c`?r?aigq$z3%_j^1QxO3evwX>9ioALtuHYD)kbs5=4Z`Tl=1&@;C!A`c`6A
z;LSA{a#vC_L*k8KvT>ui_C=Wu84GDKxP0eL%K2hFe66O3Mjr1SQxDwIbM4+aKjTgp
zv9Cp?F@hFMiTYa8y22QE%T#*Dtk~xwml!#HaHa9)4KWob+XG<h*7kzj)!(*}=q91+
znS8D3Y4My2DTew?rF0KYpN;)%VY>mR)zeY!;m>ieVnO}CIi#Np?#s@{3iRJ<)dJKV
zg5*8}&QqJ=j&=(=fG|dD7Y>ko`OW||XnR<EBG%l_rD_4gWe_fddMz!91uT?Z0sVZT
zcoUQz`Q&&7d;CF!j2Y?@?~OJ!OOuF^c)rbUJ!6+Med^M4eFRy~F1l{0i}K*WQ;eSZ
zc&NSH@{-KRw?&Jw8T#~e%&;Kv#(`3yJ64g2Rx0tfNQ#b7j2rNa#fXD7f&0v1nS%Li
z;)}aj^IxN|`ArRS{p27pQp>wrUtgctmnPoX+}v!uFRp!v$JAe9NrWsvt3K&7Pd0hw
z%b?AWwFK8DsrWpTV?TG@Nc^`(cik;EMqJR1st5{^=a^Bg8$~LQl_vb=L!^giwie&$
z@lkzepBgEpD5v>>P)8r15GAHY7@MQ~%^_+Kyq6BI`G7*5jIx}4I5_y_1qzOlWV1GJ
z7-r?2A(Qd0_j#p}93~(nA>HVqk8D{2V8J=hpBoyMB|@DPpAQ!dajW{m1F0aG=piTP
zkHccI=CEEH=ulFWsj8}eNv&@QqSN?#TVPt7#lK+VOs)Yk_noMbb|mfcb=Rd5rd#S$
z4$eM4Kdf&QWEWL5@PKMc3vOgYj6J(>Ox3Q_q<Bt-iYfFU=5t)*(vEqkZ@DD=h0w$?
zoc0;15R%p*G%fhWQ*}I2i_b_82AkyC#*jj87)>*(u}{uav*SsJiQ3a-db2tY#v`TS
zA{?KT`@|kMDX*noeU0a9lU3&_2m<y~6=ANWg4Wu+IPe6ozr;wA(^(2cjov@rP<M2?
zCyiEZm0KdqB0R8b<C>1_d7^m*>EEjtreGgNdH;w-BQT(tCsHNt&@)ZNN@xCu9-U>w
zPNH{Jh}_9L`CNk>Wb`ZM7{BAW(%3B#;y>{ZM7I5@&i;1j3A3c4V(DsWI`=NOA8F6c
z=f*#uHU~Cc7}4JTXD`B2mLF^ZtwSopGPZho*^$J1&GF3!jM<v>U75VC&#pv~{#*O_
z=)%4E3?3keadCa_pHML9D%BV#;@*_VV3V&mAoYHj)!UuTTnd**BoYpAj=V?t0-NBR
zmK@5RJ5yB093Y&PIKu^GG#7}vem^dc!eIyeLdD|ISa^n1P%DfA5u`7;`irZCO^xM{
z`X9v&M)HhL*V0${eI6X(PPlWtl1N^39rJEix_Z|<0!OxMKxLCB4or-^q>u|Sc}ZQR
z_3g2DirsAA-?Gc_i`^}4PFIZ@Az7KDk29Jv^OKL;V|P+tDd{Q^DyiRL?$Zdi`DUN0
z+*Fkeb(akf{P*Qe+6y8$w0@u@|HzZjrJp}|BJLj0MqU}jy-&tBNQ{NvVMIS_4-T9{
zo+W*E1-h-B!szpI=S<UwJ6TYNeP(4&D1T;+Sk`*jmO7WW`^As=S(&Rm^(N-e+^o;>
zYtuH7&qLOdhiy^*K#@KjE+CoVYNH*<zxq@R@*QoL|BxT9xo)X%(Nj9ZUF&v>`N!Ay
zYVhB<*s107$j6A;cyJAiR-Oe-&3}GOcz>D7V7lf1Pybo}sX|T1iZ$HZ@R`-We(xt1
zLg;9ZQVeZqZvfg;o;Yax@{-W4p7i(1y-xI`iWhb58X=D9-<OD+ZRd&iF1CcNv8jHs
zGOAJSes+fFqI}FPT9)6Q;gy%*mmludC-QRLFulK+#7D1TN4PbrQXARdIrb~7HF`O7
z11yHa3)Im2anp2&`(MA;*<7zQMcNtiQ{MS!9x<*DCa8%Qknn*M4-n+SPB-g4vZgF2
z?OG955y@sTR2crPnU_5XmgobU&}oN!--_xXAb^R~qe1Sxqb-?x?%J%e(XGO=4Zg0v
z;T4vY^K9-Q0%~Nt?s?=#E1}DAkDNuP%8ZGwh=jSgHgJ#fC&11?_FJ~qZ+{<f{VjU@
zY3<3MX+_!ysTJ9Brg>{$Y$LAK4Orz$Az!m{myLteh81#^sZ6EpNjdIj&R7id=OZWO
zz@5ZGWLNz7z&-1QpZP_HW>@K$3MOr*748`7h4~^o<p&%L#HH=3s{xzel=#QT^R0jE
z>TWUxR@mx|BE(zmRSd)-GdtEnC>75&`hQUs7DAKz`4Xm<O;>*%p=t0Zu)o?Npv#ZH
zFPilI0j>P6sBLi0k0;c$Q9$?o$oK4Rg`OgEz#qAp|2)6@3vH|ay@G5gj{jpW$4x{g
zjW$82O4g&d0^P&MMclf2AFEKz%9X6#M<{zBSWi<(;D{Y1gcG(lx*<VLSpGy4%;SKS
zlbNu3bNeYF72ns<3cJl0c_9i#lCQv8y9=4MfhI>l`My=ovhc5ta%J(V%4{+C{yPZO
zD9Db+>oAh_{V}P-lK<r|ApoMIb0CL7mD`ZVHE~D2Vp}k%x~CE)5%{DC{Fa=-jzZ|s
zx-i1+AM0gy$CIBA@RVEnzE;P^j1@2d&5*A)f_w=Nh3;3mZh=R3r3X9vK7z0mLrb@z
za~W*<@jm}gZ62{S6&HgyV6X5_=rr0>ATf*pgB2kq$%?{M7+2td275vm2VkmT0m7z=
zocyvH8rbz*DsAUZ7J=pdHgk_=+0PX%vP>eyA36L+^m=pi_x2quz&D$~)+!aKK#Dyr
z9>6GTf&pz`iJnOA9mnM`@?$Zb8@F-#Z}b}FUm@b9%psH^jJ7b{<tRM%z~8tkRDXP}
zF~!#F=U+IBBm)xm5TRc<BMSlHydhmnAm8q_G_agGVV<3mB4H<D(OKeEQU=gkVMYa#
zlesk#)0#p=GpMsC1|!E(sIu@vRlzV3cYL(90#q{k9`+v8C8HqnYx<lw-=<sRO!Kip
zk1Z8uGgzild|6V1_`$|0*QkPcaN_EyI32jqZ}Sz?JBkb0ESk!ws84lcQ0F;D<u{o2
ze)_3&Bhd%U(}XrRz69&R$oE3!8II+neyZ&R`yi=_^=(bHnFHusv>(spWH6=r#}56q
zVPk+*RZ}a6H(oy5B>Aw2V&td-`Q21|O#<YekODq8FLfD(VFFV!^&6SOPp2W>!-zgP
zQ?@z%GC8`qxH!M8tjvy}zjus!<?Tc7q~;o_!Nt?TZIw~RojLnmF3k-uVYW+C9%8#%
zTLmc7$NI^@?k%`bMa7)vvp1Iw64kasP3Zgh_>eM`+ulbtP1&8B@2Ke6h`A@8^Ki~i
zr+8`c$=`ZGCCiC`qHeSJ(W_WJTI&=zTL&Be8%nDy)XK5(=YVA}ee5)P^EDl`wGyfb
z7UDkER8;6rTY&kCD`3|22*5CRV5rXTh?{qDtTy>9I3#=}N+Qd&G@Y%D)&^nkg<4uL
z2UtcY5Lr~7I2zN6xsy#Dg()TbA5pEyr)*OQ;RWd99^PX_>Pe`5?;t`Sw~blAxkErq
zYfl%K=Rrj=CQ%^ye(Pok=DY&k-nDY=6`^1+kqY&(9BfTvlJadxo}VI6liP5Xs9#=)
zdV)3j23WG6who0_0ZRiXUuW$sHO6c=8CxPpx9bA56HQ=4Ns)Kou~d4W$2Na2wKi>!
zK0;Gjhvl$j>*n+gwQ-Z^f7_RgMsPH_3V^z-&9L(fI%}_f;!fC(T{XY;^3aGodo~hd
z>+?#R_qbm$M7P!VW6zK?GC+||;LyuSFAj-lgy2Z+-Nu|UdOp20VlpJhoC)6W9+sDc
z*`ym2GHr%*uCVYKBp6VT)==D?<q71F|4v%&GSpO!s^CMXjUIR)@91@w!P@EU7-h`J
zJUb_ycRaLahAN$Ys@;4nMnLTAsm=%RI+|MUSd?M}GYq}J7J+=R<vRHWtTrP8!V9U7
zAw?mQE)N&#pVE4lFbmN0m`d!yQ8F&FGvk-KdM_@x-YHVuhgHi+I5Z|U>ev6gOyit~
zu$Xn`Cel65%Obl*SFc_e$}<|+8~3e0k2SBJUJ!DsUxh_Gd(VAwcme{H!4npH*>s7r
z5pE*ctVvshYu#oaT_;`ii4nO6;xxl=o}{UFz+BB#9x3yqe<4a*Rp1tQ(fC@y`q-Sr
ze2$#_C`_!p75CH`Ai^wiY}@V<km1?MfFe+gK6)az@O2^}v%Y5Xc7_d~2X?+K`+K5a
zhPEf(znd16FGd1)jZjkh6HG()KCceq%^D+lpAx5r#K5eAvNBb*{j$b`{H+`VR6mE!
z%xGUgXpl4IFaqF>-i<6L7954xHu-P7V#StvdU}XnE-+7-_<TIwIEpraYtYx=`08_f
zHE`-a-8vJW37oR~(X`Z_`us+}Q5*(!v!-<P*%SBe3*JccVfq~T2zlSWu$k6FWz9WJ
ztARHR63+7=RlE~d7WtQ$F3{k-^fk?@#KAPEySPi-(SZ3XoagXEhNj^w18zq!)cY1V
zdW`Q+Wo6~}ZlkXqAKr=G(_h6UvKK9|E>+Ot?2dDtF7|u0pR%KeSBZu<$dj)(^74G+
zkx&uv*X?ZEoKN5?yV}WjQuvRa0Ny}0CP~_2jN6G!5j=v*3UL(&sRbW4sRw%PQ~2>Y
zz48jgGQy6=xqN&C(N@Nl^+w+4`0ewbk9b>)R}-3*`#^xRh?SBr8U>xQv9>41GyC>o
zN6d~@T1>o^0`8F1wj;(Uqq+raNyKbn>Yr|s^7E_Ve1|u;E|wyQ5~(%#e#M$#^^(gX
zyed@=q#Cnwq0^3*k7ZP5=Q_RK>yde;IVr3g!zgS`+*3kw$+%?)d3Jytv2iqK4B=$H
z(;FUsynkT5#=I8k;W&aTk_0|4cBHQj^owVMcI^wWZPcroSyW?k@<w9PnvY9CCeb!b
zsZn6h+QLV110OPe#PV+`{{I0+fRjFw6sqC$+d^{R6U?Istx*X7Cy==G%5e`mTJX4a
z;l)!Vp%buicq8xN-`)|{0hyZ2BM`1s&wucQky%8pB*{-8(IO#9iGO_&mt7X(Cne7i
zt1tb-K4jq%sa4d%<cW};D^I}uWIw!L$EZ1PsmmI{tXXF;ylR3WrF@B@yG9bzyY=)r
z=w4uu?v(c{@d~|;;<CYx5vPo<^k1o7zabuTDH5G^g0Ai!AmKPM0XAAvcC=>=sTw0G
z>qVtUH$_!yDQwL22<@2M{qyauw0)z+X?{7HzS}k!N9%`c^ODW-ZGtL~mfn!ug{#`6
zJiE5f<nNS)z=ZW<eBiIF_a)tv@2Q)vQypW+x<$n#!kRq3vbg}s2^j+Epq&T~QR|Tu
z6@2wuXKcgSm**#3Pxrh?s~8WGlbYoU7jxZ!HM*m&AB_GsiI~>e(GpWt1vXPf>y_^<
z{>aHzln|?11QBlW+xmWX*83pLTiu#!9PZ4E5j^4ppye(v`{t`nZ->VHU`OABkjeL~
zNTO8mp<S7;i!X3{GU2Ucyf2a*$!09AP1jhO{~DOJtmy00;U{=nq&R4o%lLWm{Z>rV
zv2^y%#22ZlRdXnT?iU4%7n{-I(ytdN+9G`DoyB&(;t#YN_l<J@b9rsp<UBCm4%^*c
zck!IRiT?LuKzSv<UA<gHw3mYL(y!x;9IV27fSPOF*NiQcjy7}e={<d|iIe`SXwA#@
zD6yhs*KHqQI9&0d(T$lS%#uhy=Uv!6NveJzExEU*%25Hcyu@j@<A^>u>gK36Z&Sz9
zk3`tG+jRPody-q`d{H{$76lGkNxL_XNUULYxDhP#nQ6Ux<OVm6*k->UStSBd{Dg0>
zW|h&Qd^QnUgCJDgV@H$AaqxXGl(iX~wilZ*w<kVn0S=uhBgeNG!+paa$MwUopt_wh
z5+Kjit4$fXybgK}{c~sTMXN^hSBKprm)8AFC>?qnD0RCBf@omY%gL8TVGu|)dJdHk
z#qKr^OW-WN3~MZx$_XDt4zMijCr_fz5u1Q*1t-;i6g$6yBcuHH>}RlgnVVKfgb(-2
zS2|OZ`qHj`=#Ou8(Y~QJrdL1lM4*1k+S6;S5q5BQU>2M77S1&rp_~8-7;1AbZdyzG
zjWFM7I;+Z!v;xl7*uc6Zk7J+z!*vk`FQF#_7^>7Qof4bc@*Kxc3?j3Vh=Z43dXNKr
zZ6q+4cj1;Lw~1D$^IPmr`jOIx0(;<RsiXGdt2lWYFAQvba8;{5BM~EQS9UqSOZI9L
zpOCbLrQ{>wbz5b&*Qmr(EXSU@@k{BJfmXvA*b7tm*W*CS2+S%kDPHsM+YuX=%0}oG
z%zhlrD>h3$C})v#*zmGauJsXqM5h_UQsoU0mbcqU7`ztotUdUgTc~a5wk>At*~qJu
z{^$-Fvs}p|4KKzU3NO_{{KQOG?*nq->y$D^(4^fcpG_oc@5swzS^*14x(0>R?x>^9
zhippnDQ1|m(Ac(`UR9)Eo#Ogl1hL#KsFXLgr3W3`x8eiFaj&MW3McCS!RxPNfcNuh
z;|I((`nZJ%N{$Ts>~z!Z7hmjKUyK{?QrY;FRZvA6%?h*l#1jOp5VY1oDJ3psN{ac;
z<0b}Fo~wK(rH>42QK6w*Y98Ft*(rad0Sdw|>5`|}A_ifTK)@aUE%5eL0GNXYc|D$v
z_2`uWt7)j`oY7<lw)S?1p_W(dFxXjn?D(^*;a@X(-X|-mm953Oz_E^iId|r;LJ+#_
zJqkS=&A?HQeuT(V>Tut!`#m^fy>%OAwE1%c@dUR?Rl1lx9G&e;t`n0z&OMU@lOumr
z=<{_yiS9U+bYqf}T3m)G$2qYi=7Tw|lYu=&{;ff?jhaW|nZPdfPyu4>1x$jmVhMJ>
zZ*8MEQnA(s8SszPiMM9@>avZN?N^|wAmdeP#hPYQ0~*R}Q8P~7kt=Tt?|SC9&pwrn
zZydRv@4T@lF<p1v-y5X_ie&a=KK{0lkTz$q%Sg+Xp!Yo4Ny_7!z(tLa#XwT~6U@OJ
zs(%XR7FCYq&zQ4?t=~k=TH?Dab0h)GGl0)t7qfHSO>GzIc4_4mhn}F}1mU$KEore?
z%)0Bp4M(b*?NagB5Y!z7eff88-PFg6?xjWRMHU@-2CPG`S#lM&^)3^pmu-=gjCdP{
zpz-gF_*UQeGL~R<OkFbbncXwmSe96d1n*wZ$fQD`Pha=3i1J5u3Z*usrvNN^oLr_C
zvnj=Hp(&c_sNlR;b`oV~wl8Y<I*$|D4v!fxfVISgl+*0UYps36D=DfV>v%S2z9ksW
zxv9jBqw#!=d+B@n$*1kgF}LV`s*&~-XUk3#<+dpp&-{EWabIk+KhFuKrq&hSke2cA
z{ES94elp~G6<#>ivB2-#^3m%adt5Ihbau)}?ew%|K5fJem5EFDrf+H)M_LkrS=P_p
zPFA$mbbS;dzR}sweK}EVZ-4mr0&aFaIxQzGaTgaWwF6z?W_rXu;CWB$2VvAnecaQQ
zY0?)jWdl)MG4g2stJsTJD(cq(Z0W7bBY)J%oQxxtBONK4zCG8PUL%$Fifjw{4aj^E
z1)lGmLHQmo%_|6(I_}RW#yg0qW>+m&aGtQ9mGo)#!>fqWDl8&^h`F4>oNCHSpe_-u
zW_L_3a}~H){j8=RV6)%RCrNiGtl^*r>x~nLizaCuf4tRB;zf}3Hi7+%dx#&@IEvl_
zADqX#N)LZTD{N6@9-7fWI>2y+8c41)Kg5>h*38V$&o^H(9S&C_zF%B8`o`D|jzCkr
zRJ?O*7?kTLTArP~13mWELzFVa@2&}fNa~&_H{4$Udx9_M)hpwQ-UO%>Yc|0H&$SDY
z!er*;)Oyc)Mr9fQ`&GEjP$m_Rn{Co*+N9jIMHD1fJ%5~l?ztft_YO*k9)j#Aa8u?-
z1i}0n<3d!Qh(s?N9vtzYYxQVLMxJny^9C&AzIx!KLlH2qYQdEO%ll05;otL~-><|H
z3Cf5a2L!@GQ}|*Kx*yFZ5TcMO5n8(^&29ZmNg18sfZ_3Byb&;>FME=4-=&1e-$0an
zP9xvhQ3#NT{1M4M9B5geR#9bi^CU>&;gdu{)X#FXi0=x_6;$k!lIyLA7I2*LTzLVI
z*x?cRo{t7(hAQgWIN%c8jSE{+S$wtj=j?1`RbRRS>a{yWSxp0%$g(jAV#wh)#SI(f
z9t&e&Z8SjziCD8p_E;st9(%8+xx5H1fnV^)@0=?H9bEZC5TUIbEx|?lX>sx4C&E@)
zM4}QfM-dvy)8BVX({1w|$)e=+Ch=8K=gN~bas7XV21GbJEgP|cm&-vRP=SR&sEOu1
zYM25sftJRur^(1H(x(74wYIN+-9yHvLMHvz?H}IKJ9R3XOpLRZ<q=>$jFj~sfOqyg
z%gaP+O9IoOh<_+^4>(>Ur64E?c|`8wLB;k~&#?8=CtU>*j`#lylD%j3Wp|tj@`Asn
zO9K5v^X<&>3>cK`(_qjC{lY)wxnmdpkMD^#qCJ(;16o(1qjro7=-}p34|8#G3}q^F
zE5(S%(Q$)dty`j!wxTNJq$E-y5Z|PhU2Afj+>!YPIW>P?xd^;&ga<R7i=`p_)Tpng
zp_$iS?g~t0p@MaAK0v-E^371M*t6R;6njEz6abDBFgN)wUe>bNO?Sd5c<!@P6Pnp|
z;Zik-m7b>S#dREP6#t(faS$R0a0b&e{C#l^F+X45PyW2Q>z`7ExcYLkVB=gvyWSeQ
z*WPQxIG>-B^TLB~FL=U9Jq8E)dnQISgC4$<^!Z7N7sx<HeE5=T8SQ65tCRD^sxx{)
zil7_Igf2Zk6sD(JZsyV~g<TN~fFs}O9O0EW4KP-sSj*FYP8ao<8>oU+nPy4Nx^=Hh
zQOsYSOD|?p89z+}jbhOvoFfHYF1m(whZ0WCoO823vRo8$hFT14yAISaV0}@@mg#)x
zhOR^Ag}L2#6D{|?G&+NI{a~EXLZ@q|Jmb716cX)QcXu_=35MhZYKB3y=5Xs08QZWN
zm_yAO59vOw8kvulwI(#Fi<;lG*Pky_bk*RMTEz9V_tQ!FE@Rmq9dYq`Brwf+1<9#Q
zt)ZU4(RSt(n8bNpe{flH0tBnp=TawZuQp{Cla@ojo1rb}0J4hcf{pCRi_^7u&=8E_
z)sm79*1^SN2EAeKKrNz^)rgn3F8&y?uMIWa@r-d%(?qKgf^kQwVtm$v`=Ma0^L6)a
zV*^X=M8v(Ty~Ub<IM{edn#9J$CmAyuO9gQ4M-#2uaUC@bk+x2kauUqe#77G3oK%G&
z1?}DmbV#A@!+`Cr2_SuP%J<~m;yWhYd99T8Z+@|1aP!a>Qw0mZW+j1*M@CdzLqtNl
zJM{<mHXvnxt!c?5&Z_+|`ENL?r`nrqdAZDCrIYSjJ*DvU_m&+CWo|fmp<p2B_=+G5
z!r;wcIO;4T+LgAnk}xA6os-gY=zwn8BG}Rx(34jvQB2<%YMKk+cfmCYHFMNV(xeSg
zpU~{rGb1ktij78<FysgMdj^Kx+}-b%_|B+G5{rx9S(gJ!qlTq5_w;ynlI})Ctg}Wf
zs1uV~u5^G!V=EnFQgS&7oM@E*5wWhH33e2XA%SB-_1p|KlKFnZ^3z_pCEF;O5*sef
z!Px|w)T!ReC8qYN+Uki*4#_*+$W){B>B-fUC-b-*Ob*%Q1<l(OL>gXm4NfQqf29rR
zd(nj=U+qXdpF3TFtK816b-8Jjpua-DJ3$VUAzpaD8Os6fOe#R|(mfq@4H=~>EfHOw
zK=VSzd=pMI!O1hGG!1+<i;$MH%9i=Xr||tV9=-mZ9^i`e{C*AqoMOSVO?DnxWgedj
zD)DU_JL_O};&hSS721NFU8Ew+e|<OzAhK{*c@pQF6J7(D6Zl&2@9u8di_pl*mP5vj
zz-3~W<>ni<_bYc2kEe!Z2KXEyYD>mTYxTaBz`)zPbbz9|a*}gJ2tjZbVSdQLPity8
z({;R1n`OcfOJ(~ljbrk>ficZPdUN7^6Qr5?t3FD?(};#R-=SdW@VULi+P5MB855RI
z81`{d<BVtk=i7R7<d|9Xt7{*`6wDmV1wNhKC^WyN`%Cz59xcI*1>KGXufa5>Q=nYl
zZheAU&=_C)of`jaDk6rd6?tHN>ab^*b1CwYq5*_KT21Md$u4rUw%L)Dv&sf7X7fzM
z2mL9)EAMqq&XpXQh3Lgxo0_m>Car5Lo8_MT$InIq7G1`w0Tq1O{>u$f%aQ4_qjJe6
z&fCTYqN!il&GVBDKql*t?sgIR+MiOTdcDe0X7thJ`H}M^QpJOaul^Nsx!3f{pA|Wl
z2U{OmEJg*3RUDQYV=37L6v~PVl@t6M4+QVoq@5^GY;6@>MHN2nGPq{mmEF+mMSK__
zew5WKyD4IF;{5Z6bHVns-j_vdFNRB$Bi*o8>4<OZ!oq=M$1m!#lnAy`UOmsA?X?a8
zC{tG4oyLuu?5hOKq7LJgvkzj^3<fiSf0~-AO{ow*<3c9trHeJvKJVPzIR@4=0D9wV
z!Ik}Y`B<GQ=R2q-xpaQ2=;`vm^${#2N>v|C>IOxnu)M8g-ckLPODsq5<Y`X@9l0jm
zZ6bzGOJR_uL@7gAzmupDf4H(c@aw%Pqo4=F+@~3<fp=x4tN<DaJ4-4Gcg~^C!^Zi;
zH^exHb-*s%g*Q%+%PjcyE{_AiO1mAmE-|8XPBT1WY_7k|^gY6V^PhSZ9^oW60Ehw}
z83^fZsA;G5+oq<xl(OKLo|^>iXh%~9`Tg=2P7B(YFO;pby;J}1vo48NZX6L#Upm5O
za48tUhA?PthnIck9io<oT(Buw+rgx^gFbH*Q_o}a<$v|wYIdV;-flpB!?A(fA%_yA
zTXu@m&K85&s<nF1blTvJGl=aDqGPv{>)FbJtZM9EJ=M=oJZ4A6*Kfux4gOX4d!FWt
ztFNlXI+<NQQG*2X+~Yl^2!l`lS!1xwaqc06<tU0AwRyJX?Zs|A&66qDz$}RiFf21W
z9Xako|JDBVf1l#2;sZ015-A%BTv*uvB)3?s-k0?4Hw)<`#5(Vln~FeMn+iC@{oysb
ze|fB=xA+q3|7-6|qnbL~caK_1%cxcyP#Io}7G$t0AYd4!D2U861bl(YAcD*U!=!>$
z8AOIwWClTo1Q`VaQK_YZfIvc!A&3|PL<m!e5QcN_psjZG|KWT%>#TLw$y$C;5jW4?
z`+4r+x_<ZE&bQ5uUcdUVR*cL<7%7K2!}i9g9MRt`JKs93PFmM^udPs<yJfY?T#hdk
z$Ltl^La1*-2J5Dx`o!-c4%lLRQtP*|jNTdu3v3%=SDMP~YdiXn=Fj7uh)vdt{z5`P
zJ)O+v+Xj1;>(dM5B~VV^N{}UPypFU`Xf_+>U6B7=CK)5FdE_ZTj84AbKO57ma@bjh
z{{tEdEIYS00w&OVh@LquBIH;m$%N{q+>!mMcr6bn{~rz)71tHILCDhuLlescrFngo
zc2(m%BtsJ1$spRHV*Cy@E_<@?=Zjr(pyXi2>jSXGvHfRt%MW_EUlPhGbAFW6Au3Fn
zLOmfXNbN5?%DVTl8ats%S81A!a|f&(O7{k%X;Nx48C44Im%Vb7M{CYn2%M<|?n@?e
zUjqE-YG1_IUQQC{WeoXG7@mlDBtSnC4$fjQ-^iD#W;E_9+nkH|#7M7SzwXfu`TfQ`
zMG3LstU8<l2gn%$slCnmh*cCi1)p7kne!BWX*OnJ)z~O#y2k)|zNP>UTmabrKu}?1
zX@0eCi2RxJ3FAOG{KK$O=5$%jtaIaJ4#UiG$BE&`m-D=hzZ347(!Hk6bS(2rvUt$i
zt3lLnC5!h@i-^jBdv5OC%vf<{zx|bOd}OK}czhvZY~?_nY4ru^rMZ4h8r_ldZDnRT
z!Job*m6C)Fj<34X+FO~rCB=;C%F4HT0%^<WtQAku{^~iEJH#Qa`UI!(%&~WfCR1@&
zmOS#rekPakdr5zyKmt+6+$9n_U5@4`4)vnB(^2D4&E!7ZJkZAINW|O@!EckCfIOrk
zw9pNLh}11wW$-fea?OE})PFcEqV6Lj!R07}J&=5*$ivr4Azg)kz_LL3Cq6%slL)F%
zy?bx5&?=eT$y0>-RNUN9U2rb~dJxB<O(qs?tL447a$M$%JN(4BiA#1t(#G3%oAcEX
zf8xfqBT$$<h)4#pgA{Q)8=Br9?tHEYI6nK!Irw&eDI<pdAt%e>idR2orO3D6i=3+;
zmj*%Xy#o0S6b?U=W+2$1jW6I<1{SzroGaw_Lk%io$`@^_Ao>px*hq7^*ZU<@=7Rgm
zy<vNu8iea<l%+AWIsb3>iDEavwycoML1TG5FT`sJ=8b+Bxtsvd$-s0-KMA}T9_N?8
z{@4rd@}|jEr`8K2m7N;5pv66Gj;pQf*NmIYUJWlr7gBbadp6$j`Lxvk)Tl{?ziFek
zrX0?LOMUGJ?J=Ymi{$b5pvBEgPei6NrA8pt0T{mE)>fpzI%w@|rQPrM!??P4f7LkB
z{Z0*7vwejkU&sNnFWP*(GCTGJqR-gmvi_a`nscNy;Hzz7r|nH1X;&Gp@(U!4vk=-S
zE#Hh0w^EWq47_b;X7gd@7x7cAb2;)@VloGHV{K%U!N$^l6s`o8NW1Dk#Vsx_A~_LP
z?ttX{Tz?k=sN2{0P=5hngLwd)>|2glXRZ&;5q3kLmP95iy%YbTC|{+HFHV#PW~$t-
zMW5c331e1IL8+n(j+Uv)azJOgLr_?wx#zgmz~oaQ-W(Xc!CM9Y)n19$Q)?V%0^-a#
znNl(um<jV{-Jy80>#K6ZG8Io<=pQVb8}qt1vLk-o@jIDb`0CG1)mmA>SaBBHEK47I
zDGL@bg!v{NQZrPkjtORF269F22eIqKa1}lkc@q5>UjDibABaq?q%FKWOGo8em)e})
zbf(%|p3go;R_G!2&6B7iXmD(P@_c;LmQXl>xQTeG-cu|pBwNyd_sS9(AMUmUFRy1E
zjCHxgTS79oqwnIKToCUH)1#?oT!7KXH7nhQina<g(%$MEc#&2oUaTSkEsjqS@G$x8
zCh>Zctx9d^=c^+J{yQG^9V*ff0-9otnNeNNF8&iGac<DxO3ho|-2wVZ<g<#%Q4n|8
z!=3Jr&k6NBl=y`_(00`*beHh4;(UpE&N2FBut+q^9zL<RBPBiP-0CYFwpGcZB9+{9
z-q{*&Y7gL7+ZPfO0;?fRnr8!>YPeV2mTg8i!IR92^sA!d`4y-TDAmXd{&4W2(X$+M
zpfP{fkNtQxj>8`#UIe46A^f4K#v-g|nn_NDAy$(Sh>4rN(|=4(*E_@Nr-y74(wc$n
z@PHxSa*v&rh@NSumSRcYRUZBi;_5+i_tXMC2?ajf7DWIRrk8jvA&|gbtavM*$s-|C
zRgT>J0A<1kx+P`q74Qb+H4%4?*_n;kO6-QIA&3VqYTFxw8hB!lk<I~LQU#Y!NoH+u
zVmdNWUU|;fL>_0?e}r!#>&D$Oj=vo+m#1ZjP#&U_a;a!d7-Hb9+PUL<i$>AGdDY9J
zr`55`0as3`2}#R|+Z=9zciam#vH+9ERZ6McBhB*(l8#g@S`0noDc&5XMqKo0Xf+ct
zZ+}`6>Ds4mgi4_SOm$K<c5^0ds!>~c7fAvRjji37>W3|r(^C+ei2KN#Wtk-qV<p1-
zdM$Ax4flWA^af(|feM^9r2;siC0<fMh^cVQ10YmfbX|P{e@C$q>1%3@8Z#r9x`$X%
zTa_J?R+e4ZI#ZuEAKnCx&WmVTdAKJ7LRS@yTzggaD@0l`=Df%*oqla;?MU`-%spC#
zOWvs^T)=z#))K>MT}&}U1rrdw^;xVSTQVf40u?z$4P&C(6oJv(rh9#}0j+oMk`<(~
zo{-A2E1D#(b$xGAa!{k|FEpf$^|?5r%hdwAh3OSFL+sMbEN|)@uArd6&?n`HlCtt2
zVe=(moGwB1Nry9VMwGtZ-km-&akWNsf!q`qkxiuHaPjf+nWIpB94(`Z7GI4gBkmuj
zBAnrR6dXb{aba|mNUkkawY4qw^-FcnTm(Fz{pSL8fo(pjM0s0WtNH#U)+?p)rfaOg
z{s%kIwH>s9Kp`o|!kR-2oc9ZMQQEfDGK#3|ffvl*aEAyN&hHsn^ke2o;Ms;^#Fk=x
zX~N3!VwW6$2DStnjwkF-nqnj|^)!8QFkV?^QqL!a1oIW+g8(H%WC~yvR<PpX!bw?W
z-><I;F0mgs>06|(V@<pLKJ0(Du)l!vP)^f|byi*ZT~?#3LGKyL$nb>0vIc4C8Sy)X
zQesmu;avZ;_phnXl;@ZORdcN1A1;2Ef@c{tsaWba_A-i2hB}6e^sM1?>fN(izexdG
z^a`GcJ^#?GV2x{y=9zo&Ns!y|>b34v>Rd<I=@^pNF(ygf5|!KbTdjGsp_j(cAAkIT
zMy2XCV(-elW~fdDLU5KvgFfP;llhrlFVMMSxwe5Ot9RWd`c!57mpyTg`<bX;kR|mV
zeEi7T*u0&27_{94+FQEWZv_hmmOf67E+Om8CeEccXaOm;Wnk`=WCGErv9(ue1*kN)
zDGJFKbu-|GQ&R(tq{#MHLdKiEZ?kG_m3LX1qcu+d)@t+EH%ESbL?oh|kQ6o!RK$r8
zkC{Q3hk)|e^y>4Ch$z|hnC+`b0f6J%f+q5F|7ZVo=SCQ<4W3YljJUd>ArhO*Hs#~*
z3chA`dRRV}Xes8QeL!J6%*c%~U$SlI%I>b=A_lGjM>#FD+>kf5hPC_?4$QFDo!Bf7
z#{=OvT4$Kwtd@~Aq=g=q%};!AO_(WPgW`YXwu1rpYZ&Wd9&~g5b%|V}Ptv}rQxTlw
znCtydol54a(e4&EbplF%Qa9yH`uy5&M9CoFURPci2rk4qQQnc1HBL3GOK2I$tN8qD
zKcZEAecM39_q_>4P;D-fr~ejH(JS(NIm%8~lF{<kl}9ySBAO-UNas3|=rVojXOX;+
zy>o2--2)-1jGa~U60cYF*T0w8t{OTG10ZdtwMVP8ium?7?mzBOJBU<6cI9Q?<kNqa
zy#fWT()IvqITkzprpoK=-ln?UL&W2>uTTPeZXCtcjfu6Po>)wvlFh^gce|?<@|_mm
zcfy(JEmVeM-_qbDEjk<gNPDSL5*qwt0Fp`??+thLkd)!6bAGznzPDL!i{5bUGQqPc
zu-&rEVUrP7Ula1YS<^dM&BKu;l2zj4UCo9i*7$gsMA0{&XeOn0&W%Gik8r7)jv8u_
zh#*|h2+e4ww_7<vgUSukz@Ups6sMjYMGBaVwVw+zI@zLmL}OX=h+EKOz_eN*(yE}_
zo8O!-Z`!)L-`v;UZDN@u?5W}yY;T|LnAUVaZ#V<`LXX^5*PpI`Jt<yf6cD$zRR<Cm
zWXA{Pu@EAIK=`%QTAKHYDdyJJ6ke3iyul_LRySFsk>9;|7X|Q_8U0(%43H|%lJ2Tb
zEeA}!*s+-0Zg*lGAAU{bYI6rYd{L`vjL@4fie2qfq*mIYB2bdd7hA|^1<wRbE~9cP
z%bzA5vOS{wKZ3aYS=GFuI2EdUX#WZ+bV}$3{z264>QloB2vy(=fAr1h++}q&ljE&A
zA8KuubVX3EZCoZA7c|4qb8B<UNYS3+TjF*-!#jE1dVY#F*{ZJkRxjei@FCvSX7qUO
zlLqnb?Y!fhT$cqEZ%}vby8U$?F$H6y&whP%KrJf)GdrKPK3KzG=HfK3gy4Zu;EJR%
z8w;}0B%5t#+v>2!V=prUX{f{n7vCTD+!h~~tc-q}w6du_ailrc9w%Pnaq<lv@H4(9
zjWY!Ol4zduimHVpdNga|a?0v>8QQMkt31mlj1@zF)zt)jhW;H>=HLr-b57M8SNSj`
z8Dyh>PZ?|`AO_a=SkZ78tIj@WXJR)XdSf;_vG$i*(?4U+5WxT?-}1@=4jN>Ym{_ba
zhR5Q#S#$(jc!z|WRKRml>)#FOMhI1vH=$XofMclr^D2rQtbLS6Zh3%l;MDtp+RnLG
zBH=SvK@K<0yt~8m!g_ot0+?1DgO2zkhjo>2^ta5udnVP4C@I<KsrQr&SeK-~XhbkD
zBZix12@1F0O+WtXsXOZue^^Q@QfFIYQJj22oh<l7K1he9K5SYZLG6)51|7+t$c`+>
zjCc?+?h_vp!}nPmE2OOUxg@-<X^Qa{WiC1V;9KO}fFWFOY-nPYfsa>sn?mtjk@NPq
zjwc89;p&x{GUK}KR(>L!x4O3wMd#epH}iM!cGa@f?sodnIgN$v$h3G73BQ@njQ$_4
zNVqQ{K{u_c^Wc%buR+L;<@<1?2Lhl+Og$`>?5`}q4<e45H4XRVt?ds9pqL0}KVva-
zbb4e?+r1))J!6jQh=ivcyB^sSY;|J$jYAPUZ4xK9XHa5YDQi_8#~f5?W6%G!ZAi|M
zpt7!(vo-3c>lqh02@xwUZF=+eld%|<yV((?_htF{p)zeb;$~vG2=#CgLzA`E{>2RQ
zA9a!c8mB9_M@P#VE<rux{XWo`SFPr%$-ddvVL5?HVIoXDU7&255=hxa7z@KkPja%_
zu2Pnx(DSL2`a#v$5Fs@m`5vVY*skgcRKAzcRVmtFv)M{Z#7ZpfULmP%@^Df9=t+;=
zY+w66doyi+-c&*+zm10@b6X=mi8+)7>XaZM{@f22&f+bf7!EX__hfCohM6jfBU#DX
zw|Lnyg{BO@zC(yNcs?1|Z-P96(4c}xQ010}p{>yK(%AR~+nx)yq;%_uyGbH)DR~Hr
zh5>Hd+i72?j^&=)yX|-LIiCxC2d_V9Peh7X+)vE4FDm?rWso2RfWAC%!W%~dlpdK%
z6=zQEoHjO;&9hKz0-JM(Db&gtvc$T&ItD0&XHAD-_q!MYWe@^Q2blKk`l3?6d*Yzm
z`MZ8VPf)=-)c~pveP&ryJ>qoBWdF^H_wUc5kkG3zBM_a@lVFtTG|=7e;8uM5`;;<D
zQJIbhZHMeYn@Psa*{}zrJvbR7h|>8TU496qzC#(q$fklB2U&gALPg3-qXW3=DR1$n
zIF?QznC2=wv(vH`Lj%Ik+VL}xRf_nIV{W`Ieuk4tqU&&yV^@@xapy*vONp%%<woTf
z#JujwHw#M(%j4?#JHk6=!g@OkIxkDD4ebio+*v|2RChYfNdgW{4pV}x&FNYD`un9N
zR)(eQdin!p7UdArOBx=;_2q$Gsj`-bhq-o$M2j!<AX)EiyuQ`F8t&dJ(oy{+Vz;rt
z?f+!(Ip5?p<8de=LYHxFozT=}CVi7PpY`VY;>7uzN1P`IdZO#a-&pW31qT;w@<_7^
zk_zuQ!c$7zkN&BDc$;IPX6bf~_vWQ*9SJf!9<%0SSf-MX`@9G*bwot2ubju3^>-~b
zE7uo}Gz#Dwll)>~Kn`-RJw?F?wfltN>x>+(aDVq%G3DOaZHmW-5Ap~m<FVLl1%$n<
z)q{px5RZVeQB+JBTSn-2`fG~A{K&#q(CjB5xYm%eh%3uC60-~gi<8%aUj9N)vKANC
z$K@15AK_dB6=J!H*lc9x*GEdtb1otLf$-^$0ldfN1r<E-*q~$?M5qp%_Ar{t*&&Pv
zC2X)gj*@S*Et`{fG$XzXMXH`eGce%0_s)8t<V#CUKg6{(Y&^3Ya>2_jW`<9k0ooc%
zL$p9N9up&|W2n{nXB2oM(Hl)ef_P1P2wHD;Ga;Z<>Vj&!oK0zL%rXPfnq(J6<IqhV
z(j``96$CSo`Bw3Uir%)wS~hhfWyZ|dOlZ@JNjTQam_M+=h1Oa+6}Xz9&dj?WmMoQg
zJT^t~ve@NVJND8F1wtQ}d5k*QwB;}s2%)pR)0}P~O19nGH9T<615^M(5unjN&k?;r
zA*?~}_fy+*`fHJ^owVe174E2(jh~9EKj0dfjs%RitP{dO#6A@}mwu^Uh8pd6d-t97
z%uKCJlEIM@&AikPY@Hn9Ch9Tkrvv3Gxaj&xBgRuhUVVEzyWFdMB6c$t1G*Z;dj0HI
z!14m2m_<{o`HVS@vBDo+TU)CS^LFDBWQ{7WkeQINT1D{YTQ((a?oy+J?F7Rc`JADN
zS#WPdNIB%qwX)_c%XA0-cBNVBJgPxIPRy;YX9=O~tza@Ha~YR_X~c3h_U0`oHyMCl
zD6Tfhd>|koVBzGEH<SmI@qM1wUDX`ayw`V*Yym}rbDMa1s##lmI^v%B)H_!?I~vsT
zKdI5Uk^@h{ZTvi1;#|oAKcCe6lQ8}H?A=Go4OY2;8=iMYfA{qgoNTy-K!d1p0$<*B
z#Al^{kNAbN<s*}tTkY#ElGgD1HgcW|1=zS1pNn(;F6bc)z%L4lT-nQp>5S{b**2W{
znfntuKpSZ6zZ_H3|6t_g+z~p)HMf0INYXV1y*~HTe4M-R_a%H-m)*F+jndFYh4HWN
zAK&?T;RwNgY_F)sau(g;q~n^hjP4zm!GPy!w9ywHf$Bw7@YuknjZB_#NzPM--lRSv
zBFg>I<&VC`eX4%>Wf7oAnB6uJ&>2{&VfcJ}{z0dWOqL4%R;zrq0wyjZlRZs~$~uXt
zl^V680&agS`b4fFVjQHusuKh<<2{IOC>41&5$rQ!M}l)h-Zy3*pc4XZL}bPcUsCiS
zza-9ys6ma6GP%?s`zvr<otdjhx$c6F_8XW2WSgiWzqQmGV{;y9F3__g#C?qDSt|Pr
zD`1<*gVQEIoJvqot8Jys-aTZjV7H66hIJ1Hdbijo@_j6D?w>FDD1;({*2f(|tLp^q
z5cK*VaW|&*NKqQb0H&tpiD_R-9>x_KXT@KF#{D?FI9&*Z^4KGo%~%APq&O)AirsGy
zG|0GL0TaERPt(!^Z2ZlxM*#bM6#1yt;<Z`}z)CL?F&eR4gpLCsbY9cVS{VMtT6L2Z
z@a}+`oWK5XdD-&eS8*#JC14ZCD2Xo~J4C~x6GS@f54-fNT`i<`_Bdyy8Ox)9nd6*w
zz)Td(rv8~K`c*0{gWWVDdewve{7%Vp;qghCVbiK@5ld}Oi?R{WAy7UV72T;3P>azl
zIaC!*ncTnM%*38c))|7p;iAahqBSmv`adF{^s#ODtS>BI+%BhGHZ@iw!AoZT#n|=9
zDgO~!na2g0_sH3EN(s1_GmA^90vYE11D;uaLN29l)jlUQE79L|WHH>N>CajI(zRiA
z{Wz_x)Vqx)dQjLK_nICy`vCUSM1>%UDlB+?Y6vj1Hq#}^?T1%3t%J?=!qO>O1d;1w
zM1|^$Q$5w=Aw)$xg`Wbu>cEP#N>WW?zm#U=DR+n7%~JR73HPRiuGq*_J92az^F+i?
z?sg0$TY@-OSVH4s9r|v5cGVRiI;2J*Z0C|%|D+C@_DmwiIBnpV#8pJPhm__yAFii-
zk&+<x=j34ic$sY4d~-4VZD+)qzkSCsURO&W-mxo9cD#>{%U%9a?3@irz0zT_S`~=j
z={~mfi%?xg%uWKO1-!EoS7x-mjLAmYhJ{Z&{MH;;{~^EnlmBRp_A8|8h>VeD-Pese
z$NJu~(~5<$WLomhc1IVA#n`eJ!7h<dyD$v06R15fn~N<=-uIuHDsV|&8`WHEuK8ti
z-Mugylvkr5*;e;>A#XekX1z33I6odzeRaCI)VA{NfsVtq7g@iPXX_Q!YIYR2ATt%%
zK2Z8V`KK_@Fc%vwL4G=*!#?L-l<nWoIXw{AuGTwTTTtco(833V;9hdU=Z)!2$oS~F
zD#~pxV<%`~+_X)A70~O@eTGKjy;}0A53>RKLiR1K=k<P`EBp7#k#mFT6k9P_7+q1n
zVD+sz@D2$oM8r!6Vzsx`-4p!*aR|XMwL4_sdnXkHI7jX87xS5zoP-e<s!f%Z$EX-|
zj@q~l!gpR>n+wZ#2$)g>Bj&Lh1t|0codwDQSc0++pHz;MD6HT0mO^7CnoaBWGww6Z
zS9Oc=tycV@sJks3>^FGgU`1f5S%@OXtVlyvcfeAS&N2;?X6pBI{$w^x{uZ=;v)bz+
z;kK)Ne%IxC>hb=<<Ucw`@GOR`1+$5IYi(JF^W$Srn$KGk&VZ0$vT;ypwS|m^J@WH<
zTK;`1Z8V1WqL!bb2MYwd(v_G}>Ah{$TZJwVV6Yj(RBX{^r%=NEvoEN{9(WLrbL55r
zo<);lm9s`}X2jgH+HbM$YO7||h$V+9@0$(<bbSy3(^VW>Hb$fZqYIDD)3`qiYBis_
z4|NtlS7Uy)@{`cvPV}k|a;!Wg#3;>duJ5fvL-X(zH!s54xIfIl=x8jht9yts>K4Lu
zd0pe3PJ0oW`aJ9z5!4{5v53W`cu*6f0xGn6?B(zeHV`}QNLV5L?lpI;R4|A%zdh22
zOk(={@Y)~l99=+|m&y~(zKiVpi0_Ja(wqkmdu0r|*SCvbxsX>OBj#MMS3m}sXyR%!
z3!QzAW`H?@YTt)c(kVx%T-uIFug5&S6{)_5&J6;VsNA9XN+Itbq5+m+?&F?5d_oj?
zfW)WM$R^X+({pvPprgO2>kxY;>XHmi!vVaDz!^$OMkPi$@z%0@qvk`aZ?#vJ=G5Ko
z#(7J+yNC1ASWA>wO!63W$}BWpav1hHC2l(qqYlyJ7d<>g{%IjV+5$0OrI-&pI<q#k
zz&T~?>LtiMw2GqR@3p9?UckE#Kv&DTZSuwaAZ-1jYpc1|dwj&I7r20`&I&9;%b+<m
zOw!IDeV8Xp5G|7LH?8|4l#Wb6RpmL!#1{Shy4nCW#qzx>uGK{+5*HG$<u@u~JKR+e
z;!bnjpSl_nO5DbhryFUzbNNSBANK`AG_3A(`1On5lJlNaM3*5`_9BZgc@WqsQwQXc
z!U<1)^dqy$BXkYH%O{fk$H8w>IT(h%6@5iur(AjFpOfvy=rRC$IS|+c<Y-wdaawJ~
zj27?mRl3@ROXir|s2zBGd9*a`l3lTdQrq;c>EHUD*e{n7$!nS4hVnQy7MI8i{&Xl-
z44+&Z_{eKMn*}y#Ib)9CIJShH5c8Y9HymtMWw5OZ)_j!fB3F*IcAJg@*XKdV1R+ZJ
zCohe$se#%Suc6~ayaN#TQrUWeCW&TG4cag4Gs7yqt67W<gi8;TKV29aPENPvDCIxq
zTfV=!ng89x_buXKFKaB1O87<O5AlgS3oA#xo2v07%eLwAPaYg-*hiLAKch`e)I73P
zxP4l;kP~+B-KG`47;D8|+;xisyX9*K{ch1-c=d!?&;^Ej_|crf(HEVOV~%N_!p9P#
zz};VJCszH{?z0<8W#saCib&-Oaq9PV|8201Vm@iq<hMHq^zF(!=>=E>kw*804GMTP
zf&&kv@~e%s`>U3`5Qj~s3+L#?z9W0r?4r)I7Qi*RH?MX$d?1>{j|0o?5sjl2lIdeI
zRz71@BZ*ECtAXkMwmWtc;9bp2&|K@=9IU3l`y|_?nI|_b>m>e~+u?71RX%k29w?{>
zszb0kV*j;m{G|t1lFX4*JLgT`)WQsBH=sDHgT+jkoaUY0ue-@5W&hXlt9|dR?Q@hB
z3oj124B4|56jIXgoCjVc)n{Q3v%UJl!V%*Ks<2Um`tu9P*<}`E>gg6Cd32FV@S`B3
z?&=N*_a>{agf0W_ei$3vnYcJvMgaMo{Z6uUY4F_qsCN#V1~srPdz0*^vX`atPnl_x
zxl|UWbBQi9C0;ar$T&!(_I=BBCb^u-6WNVj?oftsB)kduJL?U|YJc2VgLfo$<b5_7
zK(RnPwiV8R!V(<roaq@ugwzIbuUYD)k+rJ)qXq?|FbH63AE<I`aB~nfHbBGXI|*_b
zVhgK9l!yxXE&<^X-6D8h1O#y9l!~{tL8dNUK0p}n^l1Lj#2`A&)e{7cF5TQ^d=X@B
zE0v*(7i#OOc^AkKA7`C;-cKM^RO9cnuN7%v94}nB&{>gomynk0KRHO<X;5qozKScq
zhpKh7DddBz_M!L6{p)5S3O+qLGOw*XC=Xot$xbvcqC^R0g5~k7#>nt_|2Je7mkq4t
zJ;_|RURwVrjAs){yXl_n1S(yW`LGyWd!FeaNYFvmL;<>BDgDpkOOiuK3033gE_1LN
zckYDsi?q`dL23anrG&0LcmLH*Liso6<B^^{M~ErHECI<d{!`Xsw?8Hm*FO0^BcHzW
zU(;B4r3<1DB}iEe8&xKre(Ny)uU<;s7U?vH?TR!C+_-&EPtsEv3NR<|k{>L7-BkR|
z&zq{JkYfGk=Y<h?Ft*2h-M)<gDNBev5sLD=LE)-g53@{0<%<rs%ixfI`za9p$6z1b
zU5?8A5GMac@Ay~4-sfbDk1P!2aoUjnOGK!CDIobbK?W$Ld)<dK4upl5QykLm)*%P1
z2?y_QO*o)eYr;WxWN)p|j|<#?2$Ru^?KqcG5}2Wnq?R?)jg_K1D3}w$4|-GXFM14Z
z8ON0MTBiC6Ib4Nb2ye&1S4e65%eSk|O5ad?N0e3uh!HKHNB(d5GypDQEikWti|;MZ
z!kCE3#{@d%Ul=P1cQ@#;fX5O2zk$bjUXF|SCC%UMS?M7;=HOB!t=biqZG#JAUXvM@
zhAe!xG6?}`&Bcg!Bfs7FL>6bqg3M>*qZJ7#7{ProKkL(<@bDBzBQl^*pKMuV0@Gig
z|Nob;6#u6d;lF=-LuNldnLIpC-Y^E2v<P1T@(Pvzkr;#A4$C_OU)<LIpJ31V>!bDm
p7KrKNW{LcG|2x1b(NkUPBBILy-3uMogUCNVqj&BUPRBX=e*rJ%AJqT=

diff --git a/test/integration/connect/envoy/docs/img/windows-linux-arch.png b/test/integration/connect/envoy/docs/img/windows-linux-arch.png
deleted file mode 100644
index d1c05533e51f21a971153bbcfff5ae81714bbae9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 61475
zcmeFZbyQSw`!9+C3P_hAk|GUCHwrTXgT%lL9U|S`Wq>pY5=t}FFm!iFcgc`~(hVZr
zXM?_Z&i$>s&boizS&QZ1?7ip7&y!z*loe(0aHw!FFfj1sWI-wz7?{);7&lk$-UR+9
zCZix5_~(YBii{LSK|l2>@XKw}=L*j;Fp48^&kQhu-?8mvH61Z9@LR5aZgkipjW95_
ztK>k>VQzXG=iYh7njSL&{B(C;zwAjAO%;Cf^5aKtx+g_11DY`dS)QB)+|~)a8>T$J
z!gi1EvDFO~g`ZzRY7ai+m{rSQht9p^AiU2IN2qo0ScZbctY(oYn9*5G$`aCMz`nVl
zhIf}4#g*3O<e%Sf?fQvdS6r1>yw`D{bW7AWzkZ<lG_iC*VtM2I)L{OVcip<K<!1fp
z<ht;wm)LFqK={?Gh&a&V&$~Bd&tbRzyv@6dp!)Of6_^nH=N$(7J0#Yhw;Dts{y*=U
zg6UAp4sLEoy}Sd|)YM{bzfvDrCnpHnqEzh9PxhnA)R7Z5m-*V2kYTEg(~0Yw-V8aG
zBV#k_TsGs$vOac-2@6L~vQB8vt*mrzVvk7iZyan+wY|0u{$ZNDI<y?~y~@5NhK80l
zE+cI)#u?pr(LP}lJT+KvQH{XIl^HV%G5teyDz19qn%l2&BiWpZ3_e6y!);&t$}h?N
zo>;YDN?|2oNw;53t5VIi8F~(zll-Ph$;oUU4i2wN^^#$Xs2f+5z3R|>gp!8JGs^KK
zrKGS!iRIt@`t{3B22`GqR^eZxYB@c^Uo2Q0l-&O*L_0dtzB(5reVI^NS{n6~QKGph
zh@k7A5BkE6%1p{L1#v4qJk2cIFmKb2@`(D{Hf97WuUSQb<>HC9)$U713hWSS57#`}
z$N4L6m&9s>NXAHv$I?<?0y8u7PMFSW?)q4v`ap1I>)f|C93z9rMjXeaSie(O=Cb=L
zNY#Ta{ByVc*tNuM$SQ57gRwg4e3yjlSfRSOylLUfuGDi$cQfNMC?$kFVgfdV=N+Sr
zGwP1NjY!2TDS};jN?0dyRj9?iZ#w#dx8hH>KuJ%tTZ@9e&2b^OaV(L3f|={E@%E#6
zED80s)X?Q13w>2>9D?d!S-h)GWUj%3U1i?Ru?rLJG{hDziH^0Ki>d_IDt@B26uhR)
z5ra{17gHrNQ~qxL%T9rySV#pW6W1Vb+lsj)6RS6=@E+XXBaTdWAKR2@nxcT=w&N$l
zk0nkJrkhDDMo$Kmm{5+lZsJN7(?cKP@Gh7oqB~Vu5}D>m=0)BrntKFB-@UyC)|neM
zAY^`SZ2dT%qNj6wnfcyt>@G%nE^iv%;0llaZord)S1LjmChtrtx3eeR^OzV-ET+P!
zCc}1Ls#A)c&nVDHPMHk5GOawL-k46xk9&|;fbigxyxi)<3t5O<^(tBfVp1(Kwa~9M
zp*GhIM>4L(CkB+@$>p#mGRS8e5wRq)AjasE*?VLuL<}twCaJe|Sd=%2hZqHY9wH8q
zEXm;YM8BvAUP7MnY;};~+$1>o7gMZ#Rj@$EVu)UVBata<e^G(|kDkuB844-Za2$Wr
z#bl4e4n|eb_IG`PX~JcXm}SiOgnu~Eg#|bfrQH%GR{3V}NXI|0&o32EmraUvu@&b5
zUk;zer$MLztFC%xpe*Tb|1)x1#h`w*K0Cx+b$We(LiHcggpg@rsK)^7b0^cU)oY4n
zl5D}bIqYPU{Lw|})fUbjK?=~MA4GxQ9t4q>F(^jXa1SVkmXb~i`4xXOhKt>H|Lp%Z
z5R&e?71>gsD0fZM=ey@2Yajh%;q-U?VVaAat#GDl>7W?5Tgw#;&&eWG5<p{8+5FC_
z_6Q9-tl%~*(7qS}laE|yKW3N?jwgvkfLiwGmmQ2B6zn4G<{nUo7rRCk$unypFl@Yu
zZ{R~ZLvmOGDwbs>Yw0=59OwJNnFI1>?U@p@JAb}ih5(`UdwyZz(TFY~16#5kmFCI&
zT87pEF}6+8=#3FE?Ce3=w6A{mM&5MdG(X<cK&vtb%c>hbqHB>byrn4;|9~!$r5Ucu
z74N>PNXjI^I1_~oW&bU$Rr*sQ;EY9xrtNg7pk^D%@50AlkQMleM7{9~1B!%yyN(~A
zt$B!!LsuSYCdjV{``kt6kzM?B7wWsAzsy-l`A1=LwMcTXhS<6A)Z>^}{YK9jm}Ax|
zh;bvoLBya|Djdmb&1olo&W22%c+$Q}?Hj8%2Q{xcjKi|uhV+sID3U_KPG=BG^F$WN
z+3J88H(}RnR%nu>C}9fcVRkxL2b8oXWNQ)R2!7O#w#^D$1NDj8_La^e?fCBYAemCA
z8&&C;p^?1^*JHWbdx)=(m#=~v1_rE`483DEMw@C4c4!kIe$p2(KyUl*qaea#vO3Sn
zo|T9P9X-;sr>qv`KkB1!PR@X`C?fIK1@|~h%^g>(`lTx@w+At3J$P8iv79Lijdm;1
zv3sjVSCGS{3?pI?n~|<|-_07Z7F*))`!wO<kxN1bHMsRn>_K>N)$PX?*ypqg@Zf|s
zEFlh0ylPD!aX-IA88iZgdrceNXLi&s@5~^KEX}{<5k7wu7}j1bHTz51yp-LZHIgi{
zRY|U%R0`j88EUvvMyP)Au{7vTMKj#bs)xWNiGjLrn@0%DryG=|!?!z}#6k_<=D^>d
ztX(KIofTAb(0>hU_2fd=(%Z+*tqH1voXO@sjWb{+5YK;gOAJG*bJ_=gG%geFe<2o#
z&n$6#Z2ho)X$B7Jng0_bt|iBCJJc_LFSIQK6w=%srFPH!k@xGTBube6;Akr&>NaVE
z5AX2$NR-|fvw|PVeKOYY4+$g`V|##ykGF&@`l6R0!Wmsu1nc3^sIrpfsDz-w!BuvA
z>1z$tA{K~p93k)~)Yt#CKt(ZPiIN#dMw*gK2+U5>ui#VoJd7hJ4ixdyIaW&*<Rn=`
z8MDT4V%3T!H6UMBU7mpV@N_R_bqA5$%2uZkq=-~nJdx_G=FZeh`Xkvvqex^d2R3*F
z^jlg$^Y}9a{=uue^D&Jq8zGpDoTdHs&<FUJzByK>cC^1Di30D0AFR|ZggNDlS@rqd
z@(I@G-(s-cZNE>jBquN@vXI(zw>7=9Q(&9W)b&SAFzrX(e*#5)VR#J#38H^5Jqe7k
zTP`IEB0H{0Kx!=nLx%4)hP{Rie>3_MuipfN5tFhoS&|PwBePWaqCXggg2Em1X`~-%
zJL6(X%^=;xBJoLM^6<QEBtzO>=6+V^>{A(bNV{cBXKfXfJNEi1WA8!-=RIr6eE0-X
z{RUZaSnzlgOEEeIQ9UmLwF&xIpU4i~bcO5}Tg1Q-?8CyYWpW3NJPyPcxdOQRlbQ&N
zjJs{?TV+{+M^4WgaE|>}_D)o4m>ga|NY8^jS-%%o2TFVydFKU<d9^Feg92zF&axno
z_FcW=bvXZ;14b&@zvn{Nc?1TA+HEM_pDT+P{x8z2NFUIC<0-|3z@2}+I=W>d$*0}0
zQf<4(wUTE*&e(sxi=zt%QR9bkg7NnoJ?|l?Dscbi69@M}{8kiy3EX%ZXfe+9mz;4!
zLUfVtV`dbsn46uQU8+q=a&qjWad?%+72S4BSC@)DLMbUKj>PxQ&d!!wj@kTZuzs)i
zQBbtee*T5rBnFUgIB*X83EIwZ<nU$?B<amz<I37QIl-b#)Xi?>*DKpE18G}IN=n=a
z<!L4~p!)jJMPqcRLsIs1A~8vAQ_wyKDiecyPxZm@RE&_$7XzpG#9DHDH#ZFxQ;=Ga
zKC#I6#H1wQ`qt&a$&e_)^r$_>jTzU*Z$l^KO&D~j`oX>ZhA1p_w9;dM=+GGKU<*k$
z+^(W*4a%@rt~LFElhH^Qn5=2L^qA#XLCnbheGQmAbe*4ls*`O;o<l#qaja0En=%g6
z<BWg|Q(G;e*yXnKw!CfiqUoQ*Jj?c&P~H;Eo;-l0U*)}2hUr^Ho=!2@;BGt16p6yQ
zA!hC;lp(mFav@2{N+HtvIuhPc#oZ%2PLDnwp%RGKhniJTm+kr*<X(uGy9|_5bIY~p
zw~?dTVFM$oGDJpRzbA8G+2{}LWT5@zx%#cUF4=2fY)&OfL;GSR`S2IT0Rmh8H;Rgi
zbMl>R+TQ(|Jn%T?+ts1@T?rzaljW9**aY3d%<VWv12&;+F@k~`$?|&5^U_Gln36CK
z8HGLQ!CF=eI^pin?{I_`S#^OGttOMisjOY1T>Y9AkgYeZ3iKx?Cr@SvF0~B=E#i{a
z+l|CA_M-~qVMbn=8$V_iF1tgR2%v*l3P$NF)$c7{cGcEVOKes^8EvO)7Ipk%K5zPm
zv|_^L9U7w_94HP<lfrl0kt4l}stb+{sj3ZGT!_cV3r8U1xs1gKKNdUVsVn<(!MS2L
ztXNOp%NF`qj_N?hNI{P;{Z7pYO2I&Hw*$%c&$XlJ>-00#cQX)YM7(<3%Rp@+%wBZ6
zL;<PE%CsDB=585AnUKSP%~{F2q-`WjCBe&va0G6V{m@2<D@V>6WvxgQYgdDVlS|px
zL$4FL$=G%ytpdFJ{pV5}&U^P|Q2j@xG<Ftdi2<9Kokitf>(*X<Xmfu)X>HA8!vN<n
zqf}B&99PxC*ebTFs-xEn%I8sc(629DYO7Q&++)^1rI#*`vWYmlNc%)@aqlj3tvD}X
z1MIz$d<GL7YJhr5Zg=?~_$e4}-m0I<>#Tjgc^|IkDWACx2Qm-a*N(Z<S%NJByY2jj
z>ZMd%E*TaPY$|TI6O{H5ezDmp#cr8Ma>Yu4LAVoatXCa2#`qybRm%I=0Y{gOf`BrM
zG=#)o8Wa3nUyDgA;I8L^zaWoVaEu)IGb;ykLFVr#ymim86tVXgx7?hth8$dtZU{J1
z=p=az^%57z7TQ0a9w`Fs+{~JfQ8Dt@#9(gv7WBRl8$p_G?gwmr+;W-15boHIUuu=H
z$DW13a=gNfSUvScXLmn&Pd?*>X<Q_&bIcZ0PuS>jvDc|oiTBNMy<XO}+l8T8O*yur
zJM6@)2C5FKPTJL(U9W)ZRpT?5dTYO?sQBjj-kRCQTYteY$l<5YgmjY@A2f~U!wL}Y
zj40As&dfwVuTIZbvtdZ2)t=U-;vvyrX;kGQN9A1kda(3u4W5z|#H-MAWxx0kphynp
zLORKS$EO@e8jdCdG{d!m;F=6nw#Muu0@(`^FXX*w$Y1eRD(mi&mh2{y;TulgO}RnV
z1)W9aC>EYSNMW)Rn>}8#<1c(YBVzFYyvwBRRa^jy<zkS0JM}oA0x*l3^ybXDN42H)
z=5=~i`uOU<;hNP|amgC44m(`EmNV}Z!MEa>A+g=R(F7=xtNg0Sl@7&T_r7lmW=&N7
ztv|uq-<af7B~u+Ml33KhV3F8U*M2CRlKf_~Gb@u|Q-V7#1O4*ONX=x@7UN&<-+@3k
zJG`4Ixchx{Yz@lkyyU3+DMate>zhXwB2=}Czvw+o5`3rdS(r*!IklUZST@+CFK5Rz
z;l2xl*34vKXdgnK+`%QL6v33=8(g6uJ=klJ&6KE^W!W{>xven%3|5l=d&3T0-bS$w
zLAa5W4+=<NqtP%(Su3v0NNy~UA#F*~1iT0`n4cRu)TzVmTXJ5FMmYv^K}xNh@zFl6
zAZyjHb!J!0ZeRwkg;xG3=Dk;^dpOTG1@p9h;HR{GEX{T&wxie_R%LFYUc9--1*=t%
zxwS2oJH0A_(2E}Yy~j&lNQ#bSYR;}j_m0Vpx6fKce=dsl`Spg73f}KrMn*t->{{l0
z`;LLyocSxbW?H3o7bEu{?qHGW1yTi%QXJIEGUP_4JSx)r)}omc9$V{VA=@A&HGIz(
zCuUKWA>5-eRc`yrW36mIKc$k&gsC8y*24Qg#1#G52xMx})!;z2)y?Ue2`Cw40!BNi
zIV`7&<{341Kv<FHbNNB1#6bRWS^$r4yl+60cCb`L;g~!#wQO_`Y;kkzD``Xhm8L91
zR_5MTE*fOng;RZDg%%1^B@CzXOzDq=5Njp-w9mbUa<&m$bjN?q)|15=f8mEHrTJB=
zKSU}<^GwQzfm$g@_X#^97+FsxNCq$}H=(9Uo{1Z1^TINB=trvw3faod<UO*;VJTMp
z3{<X1O2pjlsFYk9>q4g(nQk8y#%-BsF$L4Tvf0*UubtK3i^u{Kc(<t%5Blw3!ImdY
zK(p=XVkMThlvKINswdNxB4Mc^bL@+*3|{!VO~{X5J|J1_uX)6{;?aR-=Z%cE1lZ6L
z<!u;4ER{-T%k7^Im;e4@+(m8ZmEOrr+F$Ka1X`>T%HN#rNN#R^#?lj~!%B0*qdfRv
zktph^Vx&!3f6!cmTN=iuBo5opcPJ@FZlf3X%ff%s^#YNRA6_T(6Xg2j>`t1SbTYW7
zkQ651cqc4I1Gbs>S=d6_NoF6_&SE*uVnlcP+0cF_lo_tW5$Q>)KI*99<HZJoEtp*y
zuRKzG3zmmZ)}PN6dvgC_<Z{+q6$g1QPFRje47%h;ch2MnZ|slkyI*w4w%?s(mcX|Q
zHel_{eH1KOb9rh`L<#9c0Ozmbp2JM*8pEs)#OmnB+Lfljl%4^UQ&zL$UY2B(6MTIr
zfnLkuy1jbodX}`sRZ|WDurrCS!_?=GMr3J5kEW!aVUbJL%!HrJ8Os~9#>W_#ELG{a
z6}!3lYX%JzmEbu*(9h>N($rX~I16DqBnj|z-juS=5)Lb#0lHz%fl$R%l6(w>t;kS*
zUHKPM*^{~?ia9kEN3V^62=(aR2#qjNLj(C2Dc0ag?bPUQgOLPuNs-{<WOZM>IxiL+
zeg^SMc0O3pvEfXhaP5Y2hw~`cAb3qFj-*)BWdqp3;$*yni_*`#OP&I}HtD@V_M53@
z=PiZv8B!v25wv%Obv9x3ymbzzYjc2_vFex1O66iEF8<-9hWM>ycuwZdYuX*b1qBY)
zkCReM=s$(t{@kr4W%PcqcxO-P!g`6>jSaa@)z9>4q2u)nq+Yf<8m^(&Z5^aPXV18x
zKlE#KvO|czzr2B1-Gat7+oLXr%a5llp2wjeSO;YG8^$Yx7FI8;ewBzYi_p67gQCef
zsG^oK&h477I3~WWu9vq0Lr;Wikv$yAZLYR%U_hhqUB2yu)wOc(m<5sK`ji)lHVpR7
z>3;MT)GKfGB*YcTv?Pstp((Nng|Lj}!(&4h4%kzXoL8af02Ac=;#Az&yfjYmE!oWX
z3LBkU*1wGzot5VttIRs!h)IQEwQtb$CHFCrcjwt2P^q48rAVy%>{`Zr-!g3FuUkqd
zx1hSSGLO+MWRx9_jN6K2x^#631C^l}Za$r+32g|i@*{I)(tF^fz5|M@0Coq8H;A2Y
z7H@tmED6wnvDan<E_Yhp`6i3aF6jGaWHo#Z-R4gVGBwK5%@x1z`&|W@dM*?%IkFlJ
zJj{<B+vhY=sqzMN`c|ODeL)}7f|IK2nr^S{HrQEgDL>GbAM!w+{xq`uV?C+WT@zoL
zsa3U}X4c6n6Wz__DTq@+ucGPYscH##O0fEmtmrUe_VPSP`o!-XEf~tYA_7UlR3;W^
z@g{dC9?nUA(b;#i>=l{n6{Q-Tx54}I8dB;h>#;B!g#dO<QxN^%hG`ESDz0s=`gpO`
zeYFUvHLkA50P2i2<Dko|YL{b*d?3M&ND*XzF-ZAupOPUPIP#n9=Np~V7}rBt{(fQw
zT=G8^D}Ni&MICe~gIc=36hu6SwYdE4TQ||XM}FA++ogUZjs?Y=!u-FfivIsE`u|vT
znyRo|H*OjGJKt{oLm#~*?+~o0%j3)Cq4+xplkWc)`ZTdXXl*vS@0tYN>)D*DgrB~@
zLja*R`RAPz-cU}wJP0q7Ars8Y8#>JvQ8>~YxTZE*o%)ZWm*<oLCBHy$`KvwbL2v;_
z=oo8)u$UN39%9rE6u99L5%L*$AZK=TpjPm6aCxtgkkG*#%O`Tcs9zDrPW!-!W!u>O
z>za$J@M4hUqiCj*M{MIENVNwUx$;II5Fz4>C~eJSmEbh6Gryg%kdVtSje~-#nMu*(
z9vewE?2(W`jqe|_kg;6wU_Mm(==joA3CG8@|HX7Jr=&Ty!G(A=s+G6Jv;<b6=;8r0
z&HKnW1PuVYk;H_7o%c1gXTM8nQ%%U+$(<>$aNkxwl{a%IL<4h|{o)N>JPfS){s9`G
zn7`*6O?fxLXkt@_>8%G5RmjvJDO!qkw4FRrkrXH3H%!RVBv+H73{i1s`9%(gYrd8=
znK}mx*{V&QxDy51Aj`>rGv6@b5Z@Vfg<E}Jzd~tyX3!X~o{WFLb&p`z=Ki%PkQ8Zv
z97Z#l9OOEC@_79-az?Ul=4bj5=eJ0+X|IcLl<dXi4%R3jxY8JGUX;$*4eP>WB1i+-
zK%Y6yc4weT1(_Q4Mp^UJE5><_c6L@L*Rp#5b&2Mc+h^C7qK$*}sAu(e!`iIPx?z%~
zF;Os~n~y`;g{fG^K&%uwD-5V~N~s&n0_!ov2aLuE`wS?GGC(FhfK1f5zpM(~@t|A>
zM3W#9Tc3NQ=~Yqno%=LP(@!{R&ykOmxup#4A8^nCTJtl`U?C)ivGlN&X?BlGcy>lr
zy#`8e^4@mVK93eTax_F!2F48#T&yT_B8>TP`5Cui();&@-#SWM`7!R_6F9_ZX{meg
z!MKt(2AD^fao9*Rsb;d3ZbZlTRpXdCQyFwYb0=7GqX%;*cpNj4E>nIm8@YJ*T)v9j
zeuPMNtxWaAkSL}WxV#g5K;@kAUm|ZWt{z+3`1$kMRGfCDP0XV=53!))_x@!~SnC5X
zyQ)AcrAA`;yiA(%Yt&tA^{5j3sb0`r3_`0@VqGtColLEtA;f~HFIjxKVRW(?6QNaA
z6(q3z(83FwlK>I_{(bsiA;A((cXu6aU%!mg9a9q$7KZNj_xF?9OzUv9<9u(s@!`&&
z?=Itr9t_p<!_rP=RSiRC-cLYY3`?FUB!#D(tVXD>o_d~b>Yv2Wc<xPHu2C#16v9RB
z$VgPBV{CAsmu8e6u+4pK7R!Um8xfWuT@oU~!%4%JAB9w}pueS<-@Z=_+P_lLV2QF6
zFJQe^Z?j(VBVu2lB2H4KPm?C<OMcyw{1usU-s20Ntm0XB`|h=4EPQ-;aW1KzS?JOk
zk+2sds_z<nF6nu0>))3}fJRR;G6kD`Cg6t$31^CISa%*cZp?pui22I&3p0vL0_fei
zZ2l&CPBDR#ot=&H&KbB<^A%`+kq53BXt<oF8K?P~l;MOK6I47?&7y+J7kfjkzi83h
zBlo&XdWH&-E`}iF;4~3ha{n8xx`)rwnXAwKHmmUtuQiBYChol`PE-Fd7}oJ=4VdH6
z($Gx)1m>Is!4LV>Du4!B$;8*M&vWTqW6wk_48i`WUyim+5YDM*iqQxpaZE0$uYpp&
zv)V8AMu#2qJi>7Y7S9+5zM^7qx$g0lHx3JG&$9H#9Tm;;4)BPkw%RJHx&5tW$`}R4
zTO`euMaJhd@ukDfI6R9m<9V)7?IAHb+-H^cd@1E*M>2mU;%p`5Zo-z#HZVca;~ZL-
ztUVNkOgw~cM)<GmfV&4S78?<ya_h3@G=Uc3Tz6ba-y|6)Bk`qDgQJ{+B<*z>c&+l@
zv}P<6jAR)d=dGw3<#QFIige*?u%mzuw#7Ws^(g@D1T775ec)+D-`NtsOh_=HC|;?<
z!Ohl|6%)(`diof*5gu2FVwM~`c#mv*k!9<Z2aM5z)kP7u9!TKV5zxeRGt(;RNLBKD
z=cu>z-dU3x;;`^M+gF-Z6Q=FLCU0;Y{k9nrnd{bM8JUBODJ7X#jxAC+u!XXvpr$4K
zn>F2fBqkqwn(Mkg=Mg%|3?FY_Wn0-h>wkwAj}YlsNyLMb>MA=Q(3O}Twr#o!Df)}f
zRe;s_r14|S5>|5X-NS>U^}MN*43!ABSTIC;0IzCQo%r@m)z^Fiq9G(6;NJ{P6w8+5
z1`zp(ux_n&E!&>z=HDEKn6N=O3zHRx8Izi^VG2FUv7njAIYGA&ZvP?(a7Xi3?k<@Y
z?{60&MwiK3c<|v?l_*&Q3fBbV!V(;0-Z|gtO*%sK6%I=8mH`dkS4l+WAqcGiz6=!(
z%uGdVLfLs%-I{(L{*U$bIaRG`;4C;IWzOUbG`99s86v?jL?-uivJq@vCf3>Pd4o9R
zK)+l+znrDqrH>C>j=yf5``TH?z?rw1>|o=f=3F?>&;;IJT}u8FvRK;69obYN7+x;{
zWJ01nV$f--m{2hh5r<%V5B!iLmU39;UWQ7ZRM?{ezU&fG{8`kqk(e&TB*Q2NA$qtt
zxVteX|4dXo-D!4iB4&!PAaT(HZN=Z-C!koEEL*$rt^wmN;Nw?WTplk1=%6N$pm)SZ
zUn{Zozf*<E%dDy}b@xizn%G9UKnTFr%=DT}cgf02$~|DtB|~Y^UM%t~KLch^%@>@Y
zMTJ!^<CNHj3aB#<%UJh>lB>1J;_5-I1z4KC)@>`U&q(#*G09JXT~SOQr;Qig@0GIB
zw`_Uyqz%$08RdOOu#%)rCx$oortbJOw#=^N3<!7V(E?d;Qf4i(pElFRTZNOK{oy*P
z{rV`U{2;L}l_gX%t77ur(~a!fFPWh7q7Ri91DQ87aVZ80zW=aW1RU+im3G=KyB2pV
zXX6~^_56={U-jBYDWT_~Z9d@gg)gcZD~SnAnM{abc7+v2(wy>2Og&g+7ox_2IDqqE
zg%Z2Ll=hC6993nhg(II(iC=R;4FkxTv{Dnan}$`DAOgi%u{-fkcam_VUG{g@iFVh5
zscYhk_H5dZu@Ryfh5o87skpNYSzyPCt7rhvL1tv}Wy3Oy6#O4mhTL^`L4d6u_bhQl
zSbuSxmi?4e*{x+-?dGz$6~Jy<J+or?(+Ts;{})bNUlq<3m|y{^d7Sf$k^UeHIUY%~
z7!5egVW^tivm38`W4Vkcgt?{!8yug4Jrx8L`&x6z5kqGdc_HfLeG5-XYBgR`8;Kkj
zjewA<^L}ES+VgJsy!C2}z*^k!G<Sk=f>7c*(83lS68RApeJ4e!TzTlbe!%&Xlyh?F
z7kpFU4US4?3s>?EGkg$#Q@@J!)_LUWGl<IY(`3mGnIvFBaYjA9s?tV05ZwK&J&oCz
z<cGA)>o2Hxvp)#lZgv|@SP@y45Zj!$mm~#<71)vapb~YDvAv>yli2#c)5SW-8C&{f
z!GwzbMX7vJ_aCO|A`3Hp^k)8THrTv9SkYnVrszj@&(gQJT9g7wWvGs|B4bcX&?YA<
zZ-HPXJ)~O16x%;xlVW$cMca9yQ0cVvhsgJwQ0i`Lqv~_DeX{)QHb6)0hkU$+Nz|v#
zK-%gOTWqtHA23gO^x;=W9S{c}efGz!D0Aw<`g{w(#J@%}MS&*vTzmG5QSyZOk=ib!
zF(pfzh-x8@Htkwq$0X!%cbLO$u{F~uHtDn4zQ)6nF`^+i#jWgy-?m@#K$7hJD!dDs
zjeZ+z3ttcVRYt0xXPlas>TxEVi&gL2eR2?WM#>!gEOEHM3JJQXnPAKPG+)HY&Z|CK
zl+q>RIU=Ti^F5NL<1G?vT=PYBwPd5$49!53pr2nEd-nqK8b&@HD&PiCXBh+F<b9PY
z7F*sycsQD!Hn`m>RPgnRbyirAnSm^@+04{cU+mVzY`<Vzu^mSB;S6}{R9|#OnjXiI
zq!qD=Tb<^w>Y79+oYG%5Lr4Z`aVc;(k|Qv#lAWtj)OD43=Z=gw9ZIm{r79z8xkO{m
zMOZjwDpg|15h(fIa6Q@na778`6%|9vZ;><9DkD+;TIK%eq{ao-ye%m~$OSysr<*O$
zrzK{;sPwFEj73mPXxbo+A-MZ}`tQQ%CoTohSQ7svWRetgVyYc8X@%5&XX)$W)E&i$
z7n8nD%5bDr;+?cSRNhV(_JhpMUZ}hBh&3UKp~UL|#P>`Sr{_gXO{!gN=g`XhR@2`+
z_6<;ymh=a%nQ}0ogoWCj00sgU5}o7s({6f{uc^ic?h(dD5?j`Xu#BxTL>s)QKA_t-
z!?wtHq^n#w+9f6666I{t&I7-}--74D+guIb@m~%7W%z!@zvv6Gu5zc!0W^b6l(+hs
zA_9lPUZb-&zuT1c!Tn0j8xuY5um$AJp-G)>#eXE#|0iOcax!xk62V!ZByxL0;pM%L
z?iG>VPvg__?3nTdq|4(8KSJa5biYGSt-95-Z*wu|B;8bWwT!vH8Okw_bp#jSrNx9#
zZ=?pIbi3g~;PHf(e&V+I%n|h_tlwF7Xo^~RQ@KnSB;~lO3Euf^)@=5Fl1#_TyOK<(
zebg_G-J5a^gw7SA(Gc1XxzC0;Zo<2v^;+-N;6unsmNCpEb_ek6Hxryz&JKz6RB&Et
zXvnzs2n~zHfRq3m7s6snU03aOMwM)$xZsPoqXN;LUeJea>?o{zy^?39wlT`@`ox=l
z{qGh->^AB~?uTziBpBr$<)T=b;Z)<C?(mQd(p3Oi+b~H5c@E|VIvE6bl)o+Y6YH$D
zxW{`3B&3eWRUOx)2estesiiu_5tlUDIUVn5K;df~nMj66aTaQ0IK=sQVLYgGF0pew
ztoXTefr$i{azUStXF;*XfEaGTe4>@V<l)%ms{Xm;g(SOq-~XfaxW3I3&JK!k33^E!
zWI?N`Rr<HC`O_2uip~=;LUe6YE4Z8%64wdCh9+h5CwRV@HJHJ>bv+rrO7{n(Rrl2|
zXSZPwJn-?ub%n~RefN&07AtTt-oN<+_Q22>aJQ7}B4_+|Oyb3W&+5AV88gAe-x}}=
zovv$7Zy+~(qnjG_&F5L)l8<S%_vyjJgl3SAgW<ugqe<jLYU=Mb&bb*jx61n(hwrdA
z0kslQpvC1&lc1)Cx5%ZRKUa32!ESBbj7b!*+HxgXg>SZ_@HEeG&UbcphK7c^y5zdX
zv241Ioc32&SHFIJTcb9Y@YY@MUM)AuP~{F}Z|`tHOAXeMqHrH9-|ivy`P{MNoxTZB
z)_>pnp}p}~#2jdBori(}emXv1MG!9KF7uWpA3<SJ(Qh^{*9uxqj|gTmP9R>n8twuq
zncLh^coHpH88%ozv3QRa<-46k;1n%us>Qzxq>C35Lq6mzvs-j1b;BG>^`QYOKY)e%
z--bleFB`YdL-ddH8{rHXMNH%0w~1oCW-O!|WjT+m-?<H{^9bAmO6L!x=)%V1uxnla
zIIF!pR~bHm^wotU$%$*ucH78-=GuNK7ClPXL+s*!`#iXPPw9NGBX_SYU<1A;f4L&a
zxVRL;z04wWm>xeA^)2Q6H?zcf+q~)Jg;LxjjB#SCtwSKWS{ket7ZLgW-ZjZ+b`S3>
zAo5vodBoOm4V?G1*lzukMUW9VtQTT|AVyP-OTBfo$RB&6JlgvWvs(pHFxfe-X)xca
znU<}y$c#3iYfcEBO8Az(5eO9oYU>lt_kh~PX$JHzwW+>c&NN;wqpqogNKHa9xyav`
zCS%_U-;(KF`S|TBf7CWD>N^J(Kwsa=u8(%{Szcad+IC=eb#Op{Y;juhG;|<IOA;!X
z(KM$5?o~eLHR5+!Gj-xzWAhV)C6T@PT1~yK+3jZOlwnYtnS31E$jrsEA*Wk)PxrBd
zT$bt!BX>l+g~i2V-s(+DP4&R{Cmd{jf!<6F1vDw$9;;b}bt_uAlvCA_vxWgJM@U5@
zA}lbN8=C8wyB1yWhHI<$u<c?d8+>Ex_Er*yeBG^TIo`u_D>EQ`(0s5CTH6|)B*_MG
z?d%<X?!}6yczQz{H<$xe4|03Q7l*4rJ8M?~L$GzP;s?A%1-^UEm8r$B;j+{Kny?a3
zo7>25T4Uk`>L!{9J<xvK#gHxA$yMe0<mZZy8A{E83W`_6c(1g2tY1zZS)n``hTX*m
z-lswhXbWb7Vs9~IL{_{GRzoS#Sed9t+0pkJZ8J#CAh;fAY+w>Q3$X9xYM`F3HF)H!
z%hW&RKOk9_!BY+%_LlPNb0Uu3nyZMs4L|AjhI$&2h^XNk7ryD#;!D7;9M$BV+OGE=
zbXs|%ho*7v3&IclzBJgy(}_7Bh5g_Nl#@dvPd*?)MtKO{k3EXg87XU5tHQmigjHde
zYm#S45avQVubmVzj;+a}{(F2EF+xf(83dG%`*Az()4QJBtUG#eGBT9buKZh_bd^Mw
z=#@1cf0Fm3bM2+@w`}qUTib!=$;hodJ)ZZ-rIno(Fw8N}@oeB?en8D(G61~4@B3>f
z@hIg|@Di8lqTTiqmF_#Ad0Bm{@kIObPNwAHV&eufV&J@zg8k?c*pUItT=x7p(qG@7
zXuPET?t5A=d>NvB$)0^$we#ZwZFRO=c@d@8a^!nRa1p0?XfO}>=Vg6*+finU&+haX
zt)%;c8Fk8K_vPaUmwlSN61$m=AHyzpfoBPgwfim$US_3_U4HdNs%K(Y`QH#YoT)e8
zjpmQ4P=)L%%8vu<p>14)qEBYug{x@|1<~i`Wi5!U4HrBmPMSmIc6?UM1O2{P!}mg0
zjZa>*XM=;nni1jtSWy-j3fU*p76Yqj%fOVeA&i7Zd($eGJH^g}@3D4G)rPcGZVxo1
zKSIU97tKvZa0z|lYOu6)lfUGVt_4Bl)Dj4-G1p_5!c;<eRUc*{^@5i^tzB-!HTbw(
z)<=ooQK})XZZ#bL#D4E}ndxt*C-IPY38tuDQFGOl(15V43=>4ltmfO#^VKz<w<8fH
z$s>>)s*k0x)*vZGM0;`6X)Q-?Trb@f1QDXOCB@Qh&wgB>jE$&!Byui(+g?txAL?^N
z675WI`y%`>uuR|d)q`RCeCP+Q<DTvTV|=AmzY7$by9A24NnN(WlDgRvnR2n0g|)0t
zVUVDS-Pa-lk8iuYYD;iM1gp*Iz^nxX4kn(kAGUeECd=!O(L(GgmkNAp$r8*AF?*RS
zy`2UZ(^spko>&a6Ulhb8%~uH>kV{mW?HJQ6<L=2r`3RH&@q?hH0_02~Y%L}OSs+#r
zWb$w@elM%@W=XM}?*2gS=T11xZ;uS;E<8!MOG1gyfZ0Zc)b>DDafA&M#leJv1%*bh
z!8qEk{gw7|V`lqoL;r$Z@^`wgR2=ARM9H^q*sU9Wa_z*^l6l6ZN8+68a$mqiv=>ht
zN5A+kt6%E59lfPJl7+{SE&aI2)DI%1O*t?0fv);)N}fM}d#uw3@D#Les&9Es^DluO
z`mS|cmJO%liIAa~6#X60{7fI}@fRl}IINej1i|GZ?D9;g16lhpsciYx7^I6R+&^99
z?9^1`mdF<yjsC?>ndBi&twK7Kb9AT1ef@}6jrU(U7A``~E@87yQ*MsrL#a`bYWeiX
zQWIL86WM|;WTRhZWfJPB_m?x{re~bZL%sS>PQ<@6V(OrRvGSQSL>`!wHz3>9c(Xf%
z6HOmSb0KEb<PQ;$vR8ymGcQV0Ltx$%Gg+qcjogD}8~y*1`Y%LHZK8kzHrrB=McA&`
zi1yIS4F;5dZ*zj9;iwSG`Pob&Lo}j2y7OM;H;F~IQM@?k@y$vFw5D)liRh`~)^^D?
z5{%O4n9MSVF>4~#WlBrRf0dT06(A~xau*TKc?f80fU#+yfhQqxtOM~R|5}M#?63<T
zJ}#7Xn5};QBUZAz_u~))dDTdMugtP}*b2PQvC!XQpdfLjfknQ4&|TGo3Du&#*N-KY
z`JIvS=n*K_>#=`26tWCz|07Gs7us6f>?nQjdE<vnJmhCYJH$8cCw>J60mC&FJ2Z+y
zRAxPyt>bI%O5_B>55uMt;5IXuSTVG|L4r7Jsb=N+by00$#hr;Vvi5>`6HB8cD*MeG
zTOkOx82g$8ilJ0U%C$tF=ErV<OONu*yz>Y8`<=8FWU45tuO+*q_rY~@X0b9jcx&7s
z$O>4HzREmk#V-z2946hSSt8}dLd7T9Zz<q_-$%s{?ya(*{F6RgI2=#cSQR2EV!waT
zu!z2&`*Dia?-PpK!ot!1K4o=dPl-p@J)mI()*8)KdoLm-_n|I2$_b&zi7Wj?n_8`A
zEXV;_R6-g%#bKF`@NcVz7j!aIL^bH*S8_IT6MD?t91n=8D4}-FSxLu-KMYbFvY$16
zaZtz@vX+GiF8~KyZRqH*qWnX5&1cPMc1`wvocemD`DOLVyEY!yKY#O<@+B;;le%u!
zGT!}=yjGkQc{X8^yK*#K5>^g%<WoJ~N#=f3?|p*p=t?g5qEET3{OK2WYa4NTICn3w
zIAEFx2#+}+91DIT#%n*z&Yy)It~Vo3Av@O_dz789Nm`w%ifVYkZr7-krtY7RLaZOG
z30Dst=YI}>!AAsDYL^HjDy29O8C&qp*i3@5;x^u~DOC51W~7$%+Arx<4v9^jnn@^`
zI-jK$tqaX+xJkXmY?8RXJ6{Nr@_@sfDrhU~$6Y(iU2SZMc($=2H$nPvLiA3!^p?M4
zt|N=Q<u*GoAv$Zg)$z`7qIObj#{DvXM||YGSv`f5{*CpM&&coqvivd&S$fUPR*p=m
z=f_0GfpP}AV{Awc{#`-Ob9w{wS7~n^*>`DtV1GaoVY4)g-(A(pZ7xpVS8AZP(jx|R
zR%Yz+m%m_N17W7;5QhZ2Rt@>KLZ|e-D3h<6K`ziuy;H_p5@g3xg-!qT$*U~C=P&R0
z50TF#wES&A-WnIIJwt?<2Fl(C+6F_g59Cd=*~4oh9LmxzF2ZLTLVI;n<mWgOR?pXw
z4rDelTQOU3A({E2JLMHQNaw0Gwx`1_2?MCRw`%*C{S0S@;*brO2fCLkho6u3C?Yxz
zzqpJuVvT>-UgmQ)Y-fN(A2CJ2A-yVWq|uUcpW(Tx@wDD$yLoQ@wC1QPWjcx0DpFjk
zc@8)gL72Avodo9WeLrB)Uo(w+v`IuAzI)axBvuA7PIn>-GcR}Ij&Cys%a3VU#|M=X
zZz8lbVryZJ7##n?{(tAV;#ESxLO~zLnGrRnv&MySvAXxo@6cSc9<A9tFPP6Gd+XJA
zF=AUjRW9h<BIjB*ho<gPg<zSEU7Cz_q*GzDFjat37Fm@Y+8(C3l*#^tJq)S0xFQdW
zh#K%(ouh4o+<s+u#i$+RzzF<^lbMoyuFpYMh)PzCwKz&eO?h-JUvoG%jch)>Eygb9
zEwQmJx%>}I<VIb4)y((%^a*E=CLZQZKGsr_U7sLi-)p1NKrZfhjR#G<S7mFnG|6ln
z`+NnwnqF#UPJIFvAJV1DPra7jl@fD$3;Hz8c%-SnQiDrAm~{VF;{`pS0fK24m9uqu
zX&k{#Vtq9?CK6~5v`X4d^Aoh5hG)_GvQ0(J@KhaZuCo(JGFOsdn@CEz=6;v*tauwf
zDsf_`wxZ|n$cOK$-(H}FlAsA%M<({lA5IV&5ZW;MUu&CY@sq_{<OfckUSNQu>~9ni
z9mVuXsQ#>;i=BPejLwirO@+;qT`ta#mbFDEGMF^PuMtz6yOI%?ic!4KL`Xf1D15D4
zWA72Ft;D++OD$pgk$VLL+41v341^Z(B)sRP;-d(3hB3HYu^g{;j+?4i8lEd+D9PmD
zRksw-r49J>zbm<)$L*`ZtU9)0Pb0^{8EoP=Kj6c`!Fjyi8sC?=ADlAxade(T*Vb}u
z;}`{%6mTwaPOB?L7nf&6yx6qRwX_m44@k)s+!N7-2}z=hYez?iFCrR1`z)6#^1pU$
z#~I#RZ!w`Wl<Gc0_~mY!?5Lejs=dnBkYknSr>BQS5l1~EjvWmKj!*^jKq~w4d-N%^
z-?oK88%I75<_-rFhiUF>eiGDPAyL70PH9pLtF+RWy49n7*MYxK1nn}#HZq;F62iII
z4K>WyX2M}wvfM0Pkbhihk&sfq{0{D{V3o=heH7IyXU3z{Rrqg>z`!-1@FVb6)@WaV
z{|{ga5zv<LeQChw)UI0${$;Tee_cb}0I#l@=(W)4p`o2;_?=aek)qKWD^~SL1X9@}
z<EV2@{h{k7wD5;9a;8yv3X!d7@62FDh@K_@?cYqkoOEQmU4)laS6#V~>$jd<0+0=h
zJGwB0fA{iyE%+}L;6SIR4D#8F<DAPgbaz=TDS%bQ{@78#?mq&{mlkZrD*HRw7WHcT
zE|PgE(?@RoRy!N5Yt?1@))HiFXsh=KhQnr=OrP@){&wiJ*m=?AG$hy!msbX8iPqA3
z2d%lz_{z%!g$7dSoqA#4xYr*oc<2N9e&Xl8tx>_vNP_k$@-1q2oxk(%y+LPNnOGMU
z8xd-><+#Q>7b5h<?W!+_%389{%fV7R?P;Xi!Dm&TIV~re3k?h8YWp8jW9s9VD}hMs
zHW5Vse%=iA!_BgZZJI&9vovXaKifp|;|Ju{AICqn{qgX}rQcVYrxShk#-EWA(2WQU
z?yO_?rA?kfZruA{kO!VP=#G*3PsbtV=R)UM{~@Yn`Xtu+WtkEwh?2z<dClCfYb2AS
z^$Nw=q?z(@6+Rg{ic)!~7w*Z~U#4j&)mNtp_?v3PC7s7+$-8|O_tF$|<hYoOCcG@0
z@GJ$UBIe*?%r&JuvN|{uZE$~Lv{W1p)VeQaYN-;7t&%!lMjxSd;^?I>xuo9xs`jOe
zBdxDAd@gPy9hp29hgs%>>ESE<8QNtC;{Q8+Aw<thp53j?F&7qEdI-oK$^bpT%IiTG
zSONdpB71uH>(-QeM6Ixp)|I*FRbMg?<QjzhW32wS{j@}L(d54WW%;OK=XLy#!KKfg
zK&YTu*SGNAVo%|qfAiJAk>H6~Z>_;IU~T7mkx0hptck!2)KN!EtbGsRQ3AA&Z=`!A
zU>w~2J6ZobdLaEXr#>M@7dGttKJr0s^ttNOE&_UK`1e-pyFVSJE5we8+e(flZ2I|M
zBwlsMfTwKNU5*~nto`-}y31BuH$DUaEu}x_BY=*W#1$MQY&ZB^Zq@=B;Z=ua$2;rc
zf6(-|Lk5W4Bid_8o_3kL{MEmS;}Bo>-BhJ*T;~N)=w3Cs0Fr+Ao^Bl_!*GFN3ei9I
z2Bs;{zzGWKEERR5@CaAev9u+66y861H9SvQ^CZ}g{tq_#fL#>_PC=XR%8($At}O6&
z);U412nEHTRgJ(k%(`Eb%kp<$J@^;r{(LBu+pnL`g9<zT`+7j@9ZED|zqyl!&_!S^
z!NZP@j!B%`-ka?hO+b(_kcHMy(nj}^pxudL73926RKL&t`lTGCg^)k{Vj3Tj8dLIf
zcg82s8Zu0Kk@g+MP%m;0Y}Y`_gb2Q~O$d##Oh=8k#bib!#i`kTlFox>Xa1eP^o5xg
z(TEf=HljCQfoZ&<>5}fyl2iE^_xLZ)7oxnj8yE+;f3o2pUWfZizB@<9h2oXbWfh?u
zk@97a+EHe#>;C<7!Z1tHXnVB^vhJiq1KZ3FVv*ck*8TNhhg+bG2kgtla@96^LZl_3
zCM+M<gNts)Tzbn)v!*RRhXIQxBY&OdQlhOe`m0N|3Jlj8_q7aKG|=KR9nkr>uLnC_
z;mYTf0G36-Rz9@6<VKX1Lyic{iaw*FS7c#xAww$E{bZdg!k)^R)8KLve^EF?PQ(`2
zMFV`8^nKk}v)%{`P|ee<bZ)3P#Od(7H%>y20popXG_pY8nS073&veqXH{bm0grU(H
z@(yaiKn=_;m&2uQy&xvz@9I3$PAPc*)fE5(MQ(Wn*KiGS3PWM;3-;t#2xej?TFIdB
zQ|TG*YffjI$HA3zDkjOu*gLaDy{|RNAA+6r5^wSIA9k|DpKpt<DPnUDTo<|c;ZGl4
z8H&Rtc-liA$Y}~l(KxLYO)3H|VlxE7R=nE<RwkOcW8=tj1cQ4^oNKUqBU3`1Gw<&W
zt<cbpvIp;pfVt2Ie(-*r@97vv#JOwo&Mg+jGa&ngYiQO)uoJeUXTQ6{=2RD)2U_24
z<k3xiuJgevK$vrsJW`_@U4yVKi@wuYG_KJ4!dST$r>)0;{e#0{itX}L(XvqVx^jts
zZ}{@syBaSzB@Sbhu6!9V!%3X`{_<;Zgot)~vej3g{?0tM&(01<kqQF5F~w}%Q=)H@
zFoCI&W$;?2nM6+PS_PH<GbV{JwF-@`x?T@7`h<M0g3MiYf>^FoyMXCzfnOCfJ?|#e
z+~$q4P+`q)l1!ZtU^=E!=IpJuvjQt{rG_yZumT%JSH=>$`V7YXGqX1PDpHb5=2QfS
zCn>u^^X;O4Z$ZkokkOxUCwWLR>kLWghstmDOo<x2A78k!@fa|p@mS;*L$(4(#N*Kd
z;*>~mma*y2wjz*8ujd_Ad8cAo+ZYc#K`rxi7ffnrH9eCUJth&hXas{z{;Bc%CX>gL
zKc|AB6ThC|kK_<*(Ofs@y@BINGRM-!x#!q-p6PRtqnou^0{jof@ja!Ne%*vx*Ex14
z@G_R_D2t-96dqTaCKpqiq+rxy0i(qa6zJ*2Jsh(yVKJJpT$>0p^L%nUjWA%q`%mit
zV4=9V#bTTRIAWe={oJakY$BK=vm-oha)$N$_fK6_$9JVnerq!DN(xW55=c`gSMGiy
zfihs!0swy1<p!L3GBHsAU8BW0BF<xL?r(ez_rQQ+?aB|j18Tg|s4C<s0O74@NG1vB
zCd1gL+h5Oc^;JW`Tnyx14MQnUNPj0jATPjhA^C#=0bk`4yX0*e=}@OqaXJ6olmbW<
z{Ne5W&Gr_-Kz8AYx$>K^=D+ikClXM+(>949i}0O?m)|arE>$w^LVp4)eN<itJt-dx
zxB%SwM@RyeeSj3#XW{`AFMVO)eBW0~3PZ_pdp2oDJck?z4GjMoCdMBF0MP;DjO#m}
zWDaR&Sb;|kEhPi1VMpn`&&D792_}E90`KD%dN=q1tAMGJe<mkI3WVq<5r2_4<vRHS
zJ{1Qj05(`Z;5oRsxJb+cKng4gvE^Wc_+R2koC0SGi?ILR{v6m=wEfY*3FgEnAei5N
zaSO!XD}Azy7S!X4EN&`{1~#3oZvI)Qwfgw!)2DCWzNM!#`g0Z~(EzbpMHc1@#4PTs
z_4gIv=~sKVRv$}Cc~>obf1REH&?zDgglI7uNq3kO;~enRB?Dl)_u2NJIBzh|N2`42
znt$JOZLjOt{$EcjZE0zF|Nhphg~SD({8I?@e0cgBF>qew&Bayd2ex*xc1#;Nvx(3}
zr0HjAB|y@*4g~c7B8US8OvR5B`I}fIzu^PS0~4p~pXYP)KRjZZxUK}#I}hCFyL?^=
zG2*yVDhvG;B@y04=&=G_RrC@dLndc+U@TQJIdO(uEkS1gR%Ku`PQqtE&06#i4DgdB
z3?T6kR7><w@dhP`?@35U;dkF+5b%^#<^w4hu(L%&>$|P=jI`lu_jKbCdx%BO%6C=J
z{%b&k6!}E)l4JxlVk{GJS8~0g;3s!EaI=T$A-LQH*bQRhaT%H5KxJbfs03~zs79|s
z-r<i1Z3f1hSKF|IqQE386Io8l6^Ydi|MXIfGW<@PV&&sF4QIY&2Uost5;{ZO)h%OO
zUt-)|+{ji3FLYxuxa_aN<Z51qqWmAszvJD-b%;dDvryF&Lbvr&vEl}Q1Ec`5dJ+M>
z$Q+$#j(Bmb2-riD3$P-aPbK|BP1gNGMcGAJa#?d37a0z&Xz>@Yl}sswzBalg_S@*0
zfa8u%25N`^0dLLpO9VZL{+t4<&1>lnE>adcDJZfdi<#IeRkS=^Wd?E|GY0pDJ`)-G
zEPG(O>>jEDYrM`r012EJ`huOw6JHFEK+rW~463qTA1+9X%eTy8$x7^41B_Gn?fB>@
zBA>fVWvKM;g350mi*@oeJ|xtHXS<}V{KUC#4bm{h-_p&x0qAGvs4IQv{G`(D!g3(y
z>aQW}wQhy1DWk}uBGcFuI>#UydS;8yLFLW)h???qi#n^D%v|K?A*`oLwzX?3BU>c(
z8gJ3^CWPp85Q!W~dm&Q}9^h8MHoRN)AIEgjhsjr|%}p4=&82*_5A||lMdRTHaSj>>
znzsUc3P8>-mJYACI$uK{c58O>D9ZOs!MO1N3FtKX=<+W71d_ZJ*-zbkmm0WGyxor%
zb%(zcgF-QVGVcNF!z3FGNOBbHbe8xFtBR#;ruy*6>ymV>EwjgE!Vw&qxB)R5{CTV>
z$Cf>d(+y?T*(dVGvnBXF63tQuV~bA^9?pblLol&c@X6jDOm!#`I8<9F4=9-R5lV75
zGa~NpwK((wE$DM{Pzr%^xSe#-83F^sY{FDHYAo_tI8J;d6@2)jx(8Qq-l{o-tCNHm
z>S)cHXl9-SE-yM0uqXCI1g@c<!<2wE{N8y0)0p@e^njKqjT&%Xd#}F%ICsDfVA>zl
zyYl+k+=19XYWRpaY58#;9!`AYGk{;#0Digux;{5G7)cM_cWt;>IFvl_jPTvk&EUTc
zJcF*IH05@k^LlKvhd8ifEi7yw3jl)HmUta+11+29*}@QzdjlyF;2b0^Ar`c<mQSwk
zx=4BtfXbaxTI@Pt$UHOzy}+{rG#Cc;$$AKgxYkM@#+d&VF#Y!$vV!{Z0)WlzF4Yz`
z?p|nLCGn?=O3~N!cElr2-s>N|zn*37#x+8}f87H>2@Cj}1xvFVKTw7Gjavgg>-?8O
z68`}UVmZJr_e#>HM2^p;>CEv#l5LFD=PR7&h#Caunx>|vII@PPr)a=fAGet{o?&08
z0B1B(T`QPSk>6ec&_$Gyl8>-`^qbcLIH=(M-P3LPV#-zC2z0%|?qTW%4NLq09N)f1
z38QG=oc;b&+pynBSE#wklYzY0@}y<RP6JTm!E@r1gUzYf(Q6y-HH=1_Tqh-f#Lk~)
zAocJzgW=|OUUf<-Iz3_PRT%{Vt?%k$Ixk8U^{+9DG@eaHMg~}SRT*14JF7F&zfzf)
z&u`g()!hKtEB!CNzB(?du4~)E02M((K~PYnK_vwNB}71wff-=v28WUuI#fiu6b1na
z2g#vRI;BHm=#cJ`?r+baxA*hD@ALVO{(j)hIeYK3*0rv6t?MlKCUFGAPv^oof*&T;
zkB$Ovns{*(t6D11-;*o`J$LY#0I(*Yk-lc(BBLy$9l1}81)~EWaruJdI1HBpz;;cm
z*fvdkD)TnF2=Oo%m)+1(^>yVsJYPkYg-R6Z_1<VPgEQ89W{)8yPe@4xSfIQ#jlY)o
z%qndAV*E4hy6Q#g8AI=AqA8bezMqm*PZs*8DqUJ;#HO`j4|4lz;!GKegrvJL=)Sa4
zW_cuCM3leU!QMjn%tkjv4-9GJ!CT;`wY4>%+H5)3N!AN87a1vb1{fc`9`2)r(CE)H
zU0}J<{r+Kgsyz)wBO#Z!ltDuU<YDfVP0`gH1hQAn(pO<XP-rm46!RR0eQ*^L_X=H&
zYTR62U-^i+Ds87^9<6}xW8t`Ayphq}ubt?XkdE*E&XL4jx3aO}j-;ZrzpIar$gYXI
zAOYYe62Nz7Fk(d`^(E6D>V5pokmREeiSmdi&%-8nRI@cwNwB-K(xn(H_7O6?uP`6u
z^(-CunJM1|o8jS86Gw`EkFy(<ezVZnyvAukL{-R+=48#pG5(G<#x>L4L%@Py?b>99
zn=hyHMjt-&M)wLrXvW}7@}mbiKG3-?0Y!r}mMGRzL<1s*ygNRdZB<77D<Tv+AL<C(
zq$uFxdvPB$ci9Ui3lRi^lg%D=iCJ!6o(g=oxW8};@%(owF-KzU=;#P;QH_J+XHWST
z!8kJP{yHDXHg|iqAd8PN{LQ3Y&tTFQ=dr&!0yFgEl&O0YtFOb0o=IR?`alB#^yHXh
z$K;xs3K03Ps;#(KAVW4hZEm-e3s-@x47J{QPJF|w5GVugzNpA>6SMnQlsG6@Mjc1K
zVQ<9CartP%?LtclnE10W7Kum%t5I^}f~0+u2EDh#Zcd7*Var$weN7tm&wfnG>4z^9
znpBcZOI(65t?3~g#4ugfY<1InchV9IZsWV3iQqv@sKvE9@dw!(;E5;kXUW;Gzc7+;
z^wvt?H}z&+olOd6i4J87>5|c)QMqPhzzSsiuSmw<)(Sk#)HWx_nj>sAVKgnR25JXk
z^?u!q`)W`8LEVY32!(Wkwx0Wb4Un`L%1OzButjT8wzn&|3<M;4qd8iK;y8zg$8I2T
zytf4L;*u5k<LH=Dv9nWXgIsI51Hv@!!SB?1L_3+00e%+`;_yIje0_f8;SD?<0oZKf
z7>|GvG~7HCb&XbY5ULD0-(6XGvi$JU(Dg~;P=KTUh3;}xlw&@B=Dw*2m<sS6$APGH
zXK9`RH}Lxxqgront+%}TllE=4#u#zKF0mlS9HTUV+)|qX{IChB_xhW)&m0?6@YXjp
zGyq}94PgNRQD}9|=nLFP7cU5&IQt4-FX%e3omgGXBFkeshI!zr0o0Gx-;@gO56pq-
z<bZ4_qZ$(x6}sJtyX9xlI1KnC$KUrmaQq<HrGQxDj&m@Zq4|w>uj20xRF~Ud9^jtF
z<599|UR*AE%ABHQzqrP51{YF)gL3~@&d#Y>p+H(>>Y4-O8*AT=HivNROud(Uxisz|
zI)d1Y(?WVAy=VP)U+fJSrtn6T;-PfcPc1wu{Id%a+uQtykpiAL+>S%AJrJ<#Tw1&K
z$GiUf-rRxv**Jg|8DNf1grEPX6pxLh&u-M#2upC*$}A^sxy@GYF;WHKWu(MGF_a1v
z$BxE<>=q2!EViVngZY|N)(ij%3qE?p7ObHg1-vIl5x~kL?V+us<L=K&_YWZ;_kG<S
zR2FW~LV$H!Zw>H8EPBH9oDFj_`u9k&bc#c*SeuPd{|2L2L4|g-_!TVCV`v~SKI3Y+
zS^W_)(^~3j_Y@SO$1&}?0@Q80c%&UdKeVDZN7{EkJBb2NO7NP^XPjt9BOLN?X9H>f
z#{~EOE}xANI9@!BoIW4{m`434S{PdDP}No7LFlQET@d-n^W|Y^QdCaOSJDmDSxqO!
z*p4|CtI^4DBQho_F36mC`)(n?$@55+&G?Db>vCl2e6LmquNC~LcMBjCxnNhpY_4KH
z*W7Zm(b`+fHU(kEfo5YY>MQK%4%qTV{Cz07cY(15jNS}v04)e*<MW_Is^GX+lC;^b
zp(^vMWqnBTX1Xo9n&J)0O)jG*?cxnsQBHOMHhmylk*OyS%o1@^8)ZMw^Jle+Z&&S8
z$(yRxk9o*8&U8(jIWFmZA+;F=OzT}WeSy*}i7m#8$Rj7aZwgGQX>WYE4gy_!eQRgz
z1vC}K3P8K0R3vR~i-o^~H!4X}N!3K}(MPAnF-1sI6&sDexS?qZtfV6sK4X|7E)l7!
zjARyKO3qoA&!>;LL)^~WW1@4zpX7nD^odE$zH1+gIYs(l`aH#KTzuae8!rvqn1{B%
z7zc{+sfh{k+ib>iNL-zH_!W5nX<r3sRAk#jBopY+qAWDTMK+>4qqYy*O5!rJ%XXSZ
z<Zt<5stYyb7fC%YL-~a;(pMYrne;zv9^-wbE1_67RYX=F=p_>_W14VKQk5=aKpq|5
z(+{hqG*IxV@|D<VF1aEb@p2B>-Psj3`V<Xnd-Bx@z}7qY#WzBJW5KmKYR<5F6<mW+
za%cM(;cZFfK?|_<l3x$Lo}e*KQ4jVo*Z#uPKA#PgZ1C)e?iwHUu#H4tCLxjJ%cfV~
zrKXAJ1=C)hZfx;~aBm5<de_UUvZdsRh35f1x;xGA-v!v;-v`J#Zlora=onV-Y*^qk
zG@xym663c-AFGbTe=!Sn={+5oGTim}_E|{C9Glhg@yi?7AQsHOLXi@|gROoGSU*y!
zTpz@B$<rZ`FdHrwJx^@3@rOA=V*HNh2jz>2^Y~qob^rMB>LojZ%a<>2%dpS1f~e0^
z=2-;FLSKA{iW-&J$bOLs(+dhsL0V~7s$bC1v;0JE7_SG@pBiVT_J}eD>b;aE;h~E?
z*Yw-fJ{b1$Q|ZZ4H%qI7T$;7+|GEJ=dDnx_4jgoIDSPW+{)Wwkl_`}(A6F{RB-;B_
z2UK-CdHU)&+~@bJr<_0p3L@hVK{21X<+80&1uI8=^+*W4KV!p3e992r1!XiaBm{m$
zt~Xh6=oJ)taY?v<T^WRS95Z&h8JOyUhU>kcI3^Nu)~*A1ndYYAk3+hE_XaUST3_5R
z8#hx7(vZ*{0jHCJ$^LS{?S>c>#o${M^_)ds;;MX5>)`VTo*@Cujs`%b9-#d?{vXj8
zUuHam{6Y7CqQ~+5csTG+hUx3;14(9;!3X7sua?SIutqyF?Eeb(XM@pYwu}9XGTSkK
z0@(&=kNhhcx<7*!9M0I`v)nJvyr(-7mf-)V9giA=tPDsRz;l#R9VSv0aY+LXfflUF
z!YNP|0I#LqTR3|pN5`{hD%99<O?BL81FP^SkG9a$fpTVX>O}~syq*(A<4idJQa51g
z4@hX$i)|NiX@G$T<RXWX-P$G`<8+(@0)MRv;)?s<>Fex6Vc~$AEFj*4ystg>47xTy
z0=}*E&jo*w*Z{IxFhEOl8HYy!@nYgkj9e~vp*&_I{#>|1m#3#EXfohLnWv7w7k5&=
z|3hRk{@x}y$R_L%7k~m?T{S-dJ5j)jN$`jq{F|*J0a)iNdV>W*!;RztMU^FJtc>q{
zd2qiGM@;+!T;72hIbhJV!Cy%ndJ=b+_#OYVP?yH0u_U&)aHkJ<qVP51KefZ3%Lb{Y
zfYWU?QtRk_yggur0QOJ`N^+fDdg%>T;qi;#iB<6##KfKe+@W(K6-Df5`|kI>`>P%q
z!cEn9V2)c$JYP9VxZg5I`V!17S2g{}yIxl(VLj|*Zxo^>@)WmE>z9w=N<IkL?@(Vr
zi2+D9&nW)J@~$EP4scB)5KHI($>v4Kc`(cA{+tO1Wm&=M{#f~84B<z8h4{=VFO{o^
zf@}N%CXjwlJg8R!02K1UEqwtPkyg5&V;CnD=keMnvOP3Jdiw=Wmv5@$;liK0a#xW9
z!0nkT*z$YC>|#_b;PgRNPFms&PyPK?g`9w8VlTlTc(yNQ(9r>&=)+o50{rElBc?SD
z;$P?il*kT1TRHoyIE=9t_0N*vl6Rry_*noOl{;8cj2`NVp(C`8{tc>vfYa6vS1His
zx&OEoj23?Q@S%W!z-LQm=T-47@C1C<WdobXfiozJwM$@5$ulSdc4FQYO8CzPXRYQ#
zIRoqVhQ-X=+J>E-9VS3E9QU)p(m3jBiEp$-^1+Y^`l;gOXn_LRz0D6r_fs!R>mRjC
zvEo`f)#Tem*f${x4c`Fp69vAI6XHbkpkt;R1VYwYC+=B@)GilCdN-FbC(n$vAvt0t
zA!$M?*vwEj9;G2jwY0vl*Br1@Q;wA)cZ-X^ho(|(Z*&64`wN=<5vm8YgR!G4pRSD@
zW9}#+a%@#mkvQrrCj>mkW_e$BMhY<P5NO~<5D9&NJ1jU6-V7oM-3uKi4aMM^=sCsa
z*`%BR(8VpmrZQBfk%fV`p}RN1Q7N_5CNx?C8EW3dW*!(AXt2P>6Zf@MzLJ30Kh(s6
zKE>BiP($UTk)F=@U~<q>p+a7x!XR&<L!nR7khgGnVW65gJAg94qJ%!B&Zk_ST_f$n
zZQW?2E7)7PRKrC`nUn0nSr3MfAD*QZ<DbfnU^#dz4}B0iE=jMyCtmfa%5v*I%Usp3
ztoDwzT|f~<$Dd<BkxnQsLB7U2Cpw$OmlI?wahb@-fD1;VL$_zF#@l43h*mFD6qe{7
zrf8F+1oK^TZF#0Nd5L%vD=%EO*;=)Q0`lkzphz^IZ&1xo;qzU&4Jv8M6L$rUMmNv`
zr=F^I6}3}k7bYvEn_4le39wmJ5;Qt!qC%|~TEv+~Sy;DZMjfp9B0=xxo!urI^{5Sr
zgjKoiyP2NfRN?)Ihg3_VSAPQj8XvHHR1_o|*0h`gJh9+QN^{E5s(TYZf=KS^m|mK#
z@yku>@L-D?qbE-hg|CI=oX=7n%`g0RAu1-4-HHhNUK%PX=zrBZ9u6hy>&>~Se&-d5
zau{_!vMU-m`{0Sh+fT<e-8HSBW&kq9Xg{7pU4l&tlqlJkJ?lUU`n|h*keq75caJE(
zXivX<W&+u>NoS8z`(n292ofcv&oap-dO;apI4ljFcC_9q_CoZD_xWK=c<p_~%l}})
z)#pK<m3mJN%z`7sqANu;sf8HAb&`egoH%k53RQ!!wnNM!!GtLt4})OneCDZPs3%1W
zfpv28DF}N=BnEYknpKD_+ap)4SOsdNTsT=s!N4-N@(5z4EW5fe_jw7GYwPd~t@VdN
z043F4#s{+QRAadd;u|&Xx~e2H9ZV7%|J1{Q2c+2W50>6rq6wrv49M0DH;i`Dh%TSl
ztQ=JPO%g>TyMY2TT>%5nteZ@q5`-P?Rh7?;NYgaylz{rq`4yh@nxg<r?8L&tb05_V
zs`ZmcikDXQd!kwCz)sEJs_lD9AWo5_Yn5|Ir1gxS8A*Qc%~fW!41Qb;nDpZsF-AG8
zej$zuTaCa~Q6OXq;F<t{!3R+txBP!19q5&SM#8?4Dz0hHUACa}9~ci8>~Ya2*auX_
zsH5jHqo8rWm#2R_MMwCzOrQ)DzsKdxpI-)lH{$c5jNJ>Fe`-G*SQ1y=1r2ghRi;}2
z-TmrG0k;we@j<xmQsZFt?^M7~+sqVv9hWNsi803n<kUE{i>D|5K`$WsH8gmi?dw}u
z&RbV~zyZGUt34n`w_Q7c2hHECf&&NZ>s=#pn<n_62WX#<h~KpHb4e&LzJBa)VV)w{
zK#QaR*LSDsr8p1UcTkttZq1L7VmV7TcSu1NejVLQ32|AQl7&Sjmr*$|6en|Gzf$v=
zhdgszABNA8K<G=+wkTY00VKuF5s*6pAarEMH>Z3+D!M_8FT0I!u{E`(0=?VsM;aa&
zk!y!my|e_;&aj4)U|;b>oTbVJ$Z$up9AEhYrjT~h!VzyM11k1XIsu=#OIhu$^eH+b
zK|bBjnS%T1$7YsG*DB{NT&q3Bk?(*kHlO`u4X*J9*i#_khaMBfx36HqB{h<Uc37iV
z;(q=Jmm_m1kGkLqCznK@&q`5Z9x}VSy4qoSBTb=#S?4a<QpcmdkS=KP_cW^H8tDqo
z%_;hXI~vhCaj&FG#U%!VXFR+DLhQ#$ZJxvf4iOv}oB_j2)0ckH(b0$$;4EQ$#fj<}
zR7Qp`FlTSMknOeo<e~5QRqTEY@C&K9s{-oroj!NXfHCvS@L%3Pg8I2U)uBZM2=aXY
zPvq>2VV*zUU1xZ2EhWy{`*{Y%KQt=;q3`*d^S-Ybvcs#)r{7LB-0DdCXmDe;5T*Tw
z&qIt018cXxE=d%b1XW2HK2K!eO$v`Tp7_%x0ee9^1L6>&a?HVDq}x_`23ekhG;Kwa
z!$0j3aZcbA+8rAQNZp6eX5mA5RBA@=%}w(fKJXZ;z9&u3hB_s+gm;*RMf9bTV$)ha
z`lB!V0&nY}Msf`S*6efFd(Bu2TOMG<H%bg`zU1l99P?Px+)ss0(g(d1PMx~X^ZX57
zbpxK#^|~@&MAOd-0i{~maOK(Ols5dvvZjum96~IOn{czn3f|hhb2@k1P}xKge5|Wv
z9Oxbggsr8KkuYJO7#D-Q7P<ut@-!m*lClI@V4_Vqcy2Sq*pHTmW_IJ}&x(_lwzf*y
zF|H~tdI)1HT%XoO1;>WrCOc$syp5x7h6Iv<CeJ88U{P0n_W8It9JTG2P#|9gWE#!-
z3z;3&slG`l*^rjhyD4!`+vi3_ogSryOPE_P8P*!b2{<W}UQ#=58Fk(f!Qb5(Z-nas
zc#c8dR)wmustTw+eIEeh{~AXYYi0H$g^P<cd{q48fKeM<Kq;*e!G)1mrm0dHtta#@
zj&-oYvP7#fWWj&RzTxL$8D5W_6Zcj}hZwJwI9jt0!M{8^rf;*ib$9}kzl8qQ!FhlR
zh~^lY1Ad%K$&b`NKzho6#~Ai99hyd-BTAX;c-2S1<xNrmy<Ed$n<2tBY$}-{2Tj2D
zm_Y4&n##`>ovXA~x|kO{xBA(#<27l>A$oRD;O%0BryTTGs}Zz{VytodGVGN-I1bLy
zNDI`cp(H*Cf5QNmhpw|CJH!~W02+}-?tw>t>0MkO_j+OyAo^!Q=@@(dkxS8UWBvsg
zPd`@vq;B#Huo*a}?BC_tiJ}J+6L^#?lnnH0V8i~9fB2s`;v?OG8ag5aW+(0riY#1X
zy&~!>f~C$T;K3;hP`iRw`PtX$_X@iwJbHxNs^<dk^`3ZdR5wl2RK-1O4@^05b>xX3
zxXS~X>jpm12v$j7zV}E_cv*!aL8@*(;LoRAd|3E&CrlO8RSx?T5bp|6m4=i5@mY~i
zjc~6fVE6zix!TqH#22q%-Cx~{6Q8mMF;gQD^w>$y_1=H~Ssk>GEuGO3N1b!6URw;n
zK_Q?`5asc*W3}jZ%4w-V0FWQ1zILQ~X2S160KEYzJrNay({vz}4Xd~3I^&-(=WNu)
z>lf|=V^$RZ;}@A<;5S{9Qg7ey1<6oY?Mb=hysS%{@k3Z?$@qmhqdH25r6-+V$B~lI
zbD>F>4Mr2~SVzRBLnWY*fLFSVE@BmE(vY(O%0OD&DE5t5#@-*P4Kj8P7!2$E-jY}Y
zAO>+^Z#^N{8o>E$(EWH#F546!$g%WB>`f(moalaTNhrvr8tw2UD>PWtaj;f+8lG4N
z*DeRNwIf(B-OR<Rx9^kQduO@}Ciz9$xw@wBe1f~VtVr&I>QB1lG$=KiDBfUa_}R9e
zLHD9{Rk6#!!YPEDP-zoHZbGK-vpHzW-dIsrFif)Zk{m0|MjNvU|6mwH-D6_@p>tAx
zG)WYqMo2x~J(bKN!&qcOPw0abPAFsVS~x~zKz5?)#baD@8F3PpE8R7}G2aul^dvT^
zE<DH3T$+Tz2SD*lE)0lA%yW~l3_?tOvokQnj(^0YEY@h^=qJNd0T+cAqONtC*W!q2
zp8VAcf6d;)h_5z%PE1X1gT(q*#|0BTEr0f_MV=c^2-|B32~L{oDHkMlXXiA&p2(-n
z<&pQp;W}k25-O+56Iqbd2%?JZk~o}Y&;=6uQRPl3wXnfY>C;;Q66E=~^)`>5)~@9;
zX6CkrWr{12Vsj$O3v4Q;z!Eu;U`ua&AG+Zz#vBai$_-bpI6dH9q&1U1YV$?y>EK=c
zxYTEqmyJTM8IYf+24mq<v7xeqUko{XOId)z4Z^!;`Ozv^-NX8JN+zp<9r{@i`xZ%F
zIsTy!r<2H|Y^gZS&3pd|?I5}4E1{bcvM0&6&ezAWH?pu<eXDA6taX1rkW5-GPR=}}
zwdk8XHkReWZ7vn<N+i#zo>IeUiEJ@Ezw^20(KSBhVHU@UzY>fjNw2wp8tt{W6g6hw
zq$xF9N?P~w)5z6yGUPr~a$%N7UA+0uWsy3H$zM>-*hw$iL-(70=|Lz52fI<gdI{dE
zPbgQkVDeQk?P2G55^8kxY;K_Dedl!KOTTD)bi0lCiR;5Br))+-A8n6c4s9~D*}4!P
z``YIWb|_71dtHM$aK)?9XwcWgM;vNEj#Q~v2zkcBMD1X$8yli-yKKCfBnVtMD#i0`
zx#rSVUIz)_UYnud^Yrz(@HkN&V)bMt0%-TZZ7ow`g2m6jA|rS+t;5J$eKHxcAiaj^
z8ZhG|=DGH%gBVS6C6p-{3`skN2<;f^@2wyxOonkTNJ@~|>gkRoB)xcB@I_RIa?5$8
zThWlP%_JIqPxt*G=;m_fozcQ9J-f)uY5YdH{#no5R|Y1|A^07q_>L5YNVqE;o!7lX
zBgN^ry7X1Kd<s3sGXk^If?`QCd~~Mz$>pIZGo}lZ*?`N=@lvhbAd|buZJB$^USJ-U
zBgNdR;4@{xcAnCMbG2mCaqK!v?pI^_fyZy2wek1BHR&h%;<?=>pLm=5^_&Zzh3PO(
z**JOG=sD%}&HkFb)O%(Y|8P!|Ogf>esVYQIj@;&ELq^um^}CM@AcJ!ruo#Poo+SSD
zz1~ba2BskjDR{I;NmUB*Xk?kol;3Th+&VAQM)gILUxGhAPq8>qRTG#ewyE5B4t073
zJ>8_tt##<@`%sWM)FppCo1d%X-pcE>Z>z@Ea7)O8oo1QBsx%ls!h(EQ`=QKy-r3yK
zIUOU_XU!2Xj~rEM=Dlwo*BBhz!Yum;THHyvCR|NI&=E0*OL7<UK^XgmxNGS9<9kZ{
zMxT>BfsLMRtm*{`j-@=PN%q#@&RL6JW9o&CuAdn`$A9lDeA6<RQlWuiyX4Dqu{p?h
zpYWT*{q|FBsR-iRx+7X+T#uqow@p3@=CO_nZRn`tACh2+kxliCWZ&8|M#0FXw>m;z
zn(rh$uG4w=mJv%uM>vnIR)C9EKhDsJ9V_)kJoIKE%X}g8`q3})jn`pqE1b|fDfQ{%
z27NU`*#nP<(@obdqXUjTaL--Eej#?5%&nMBaiZ%yzY=Q+rGDVy5<ZS@RB3-C4;4Sn
zKx&Yj+0&wO)9AgyB$9ue1zNo6Ts5p7SFLHrx}bg*kr=5uiuwkFaekiU`pNd?)izXR
z;M+6hn;O1oNB<>GV_LsYbX#h;<|3|P3R-ahs4|=(@~%Wt=04YKc~@06suH_CH(i0<
z&49HwMZhqWLhRpjuuD!Ob(f*V7fXU{)u9@Crm`hN1>sfc8cE6NAb#1tp`+X(f3>EI
zCXmh|4Omn^KMpU<7FG#%tbJ&Ja(EJ5ADyOYt-p{uMQQ^%%=QX9PYzwo^0p!oabN9H
zO3zm_f1U3uy(K+1)~L`c^X7B?^OI@hOTmk!v9kUF)mB>Kd7PHs%@M(pVQ4CHx%L?a
z{-=40`d1+S*GCLkpwfB#sjofzPFYb;+;e8R;!1`JKUV^Cj~smkrOO$NGVSxpjyRjb
zJvVf_D;OjPV8pA9R-O5PseY4Q)ScQpc;<cxc>n}mQ{REUOV*7cW&euY;UpAkNuBu)
z4|tW3XWKK=&(%(vk&}RIE{seoeT7OChknUC=i<>Z1n7%6qKI?14ePelira8hMxz}e
z?~{wX8LHPav>kY^wp#ITc8UUDqe$0ZDdcV6R4HK@@A9|iC=IN+bakM;)E<P_dlQ(W
z<4l7h&)vHySXN)`a3B8J_>olU+Wo$}p0c4I7_CCF>!zkt^r8MaH*8UfIhz)$I&5-&
zofx4{BmE}n7eohI!+Tz~TdFMiCQ;B@Bv7d;U8PkP9S!<c6-R$3>8V`nr3sNG148>x
z?6-({^BA3{sKZS|XfIg{dVI!Qhj^H#(88(*_$Hmte*Q4<qd$2_lAROJ99;&S+%x!D
zA_6kl7%+0UGxg;shB~gM3B8e{X^@;mA?(kx*N*Y@iegF~gtsT6dI+)R%8naP?<qZ(
z(2HS2Gtj@cy13+5Jf5HgR!wH7rOQ}<JH&q;hEDisQ2yxCm0qxRdIt3e-Jm5<n<%mq
zn!N<_#p!83<$GxlNhk>G5O;OGH+R{{ey~gv$Yx~OM1Gqu;7HlI4%w1`#j8i58cnA{
z6*DMh<|eORs6-R08P!X;5)3|Sdon6M&YbFPQ95e;yf%DCaZ@fhtLLOFpM;QDsiVCv
zOHWRRQ%bYMP80nweXY7Js=D=;&F0f4(khHkXX(M3)#y+xX_`^U46ST9IDmlw1Ajn1
zg#s)7XOK%xW7Mxvu0y=JjeBy{yTWh)^MJy&12k=)-~p=s&(J|f6&ZDJi;K$}dASG(
z`EaAt$4i+=Tjz6=Q!mGiyU#OHC2RS1JjXQh47Z(c>Ss$~cjx-`dBmNowNV08z0cE2
z;U1k_>E;NK@s1hbB-dJcv}4#yj+wLqicjaCr}H?B=C!S57TrEg%qv2C^CxRd%R$kn
zsi)U%gJ`rShDzpc)4l092);tsa)VTvKTF(ju*9L0UR_ifvTUn+H^nr`d?&;x(MWv|
z9^C_p%em1SW9_i=^9}2VH$68bLTO*5kds5=^3@R0rJxsi3df!R*D9~M)sGes-QhHX
zyH!CS=R@~6%W%y61Ntjin(OuqZF}SX3X30b{0ij7YYpu>J9)jKpHdYjvOg4VwJZ?l
zTwF;G7eeFk>2FT`WWx8Lk0zk+iv&d*>0698!?|nGG%<F18WbGE+D=p=m1jF~SQ+mR
z2Jm~QZhgZ>;{jzIBhWi9xQJzbIDN4#pshHIgQ%b*kc^hw^(l#frX8SLfkhP=no3(0
zR0N(kS?15XU(&X>bso-Qd;T$?2NY2_{lf{3>sD6&%Za}`89!P6C(i#{GvE&B)};yD
z*a2Rfs&bz7Va3YAc8MPR(_NYj!DAZgL{Zg*>Q!7}SbX~;@9WXNRfoFld$Pw@1mqYe
zYz)Bl{}rNj-4;hm{`W7%O`(A{S>)@`8~^R%@jUjB&hKSoBRWR^cpu!y%HU+;LOqjP
zCvK}ySJ>W#I@^IaRFngD8t0hmd>OE?{R*Eye-7bap!?r-5U!d60s~xOM*7C%UT^mk
zs%^k$@!1oAcenvLf>?S$V8-^t6Ikr`i;mNvZwlDf($D)~|NdSGzIB4%=6OKMjd#ZE
zOT+C{8kBFZht5hs!K+3Zv7v#nBv>`N;m5O+6U+ZzQ82qo2)T5R{oha6E|Hc?zPL7B
z>ICa6TU$dHhLg@VHeVkDKI696+~_Jb6DTbnCBG;6&tvnpA@43Aw;X7d?A}%8p90)p
zP#I{zpsG5Qiz;uY)cMP81AeW1eYmM%<llSt=M;e|2aGw5VJu42aa!G>V9m1weSP6~
zJZ%!pk&dOdi>ezYYM^qFR{jZI*XEjQ!j()$t%4gCu88qMd9kmG?2AdkvGL+`jD$u{
z=GUhzTnfDmUP<aNBoO8u;Yez|?va#9Kt>Rzj0-D^exGcC&y^{J%qKN$BHo*-BBNTy
z)*7%c?`OA%U!-=ZXH;)dS$I+?9TqNKC<Ievb#67_yg?xlFH?v;QLp?2ZfOY<_h$LP
zSx_ZSLRbvtbf@bdbo`}^dm>F&{?xj_i%JxF`nfMCiNQ%T39-0p>a}q$GCo${Pd|}6
zlH3>F@#y=Q!mx_46cyZyaF&63o39Ak-CpsQWj#>ne0-A>Q^gg}bPefd$nE<txxk@-
zsWdm0Q%%V+tN)6wb$Q9stJHO(08SIE7IhzaM-@Y6U{HD2DN2fA4mNvv@3THv6vC)4
zO_Qc20-mn^BmD-2d0}g29M-$#K%q!sjJ`j6A}@GR<K?%Ox3<v(#+mXyuM*d(#G1kc
ziK!E3?ugqTR0aVe)C-jNd~_*1$vkNk&C+RxstnR+5@f?jc!+_;Pwq7<t5U0@@2dxU
zUAVsU`E=cu$^@Yx@qqfa)9g7pEAn0MsxHtNyTp(2)<?21Ha0_uL?m)La(2nhUt>_$
ztkW%ZQJTtQ`N(#Sxdb*rA4CDK$a*XAO^i<{y2_p<YcR#DA3xX0iq`H7ZT&>*GCZL)
zU8kcb5%D6zgoLIbUx$+s#&su}hJ0;scc2OJDpy)AWlVZC^w&<onEzneSuvoJyqz$P
zT-Ja(l{#*EmWy!8UzZ&aIcgV4h#Ma}JwDY)l6L}kC)!qNZTOC>Hl4|3UQErLPV5R-
zLy#CDUkh8%zC6TOFg}U*MF62-phk#+X74#A13BVQY?o)>T4=pyuK6;Hx|1ZtOlnXA
zs>Q9l**-%W0|{qVZcmV2pG9V1gNY=~VmzWfv3g2hmtMw0D7E)eblN}6bUiA7v!Anc
zxjp1wBibLwk-bZG@p=r(*<VTTAG%>#8MGbBSM+W=EVns7&ydwHlQ@`qaTpXJJCDHT
zeap)vO11X?9ld$VVh$;o=9W?)_NIE}HU)PyL4Q3Ry}|Q95v@s+C(uaM{6LVlLi3yP
zM-Pr`0$?y*$+ABeMxFQlo0em#f=7S$T>m4shOSR@2L$6+NoleyAK6{{Olt^{e&a`-
z@R)2i-P7O4i?nbdnZ{Npy0lZQJ3pdjzBrSmb(5Bn)(ZQ+IIJ=#S?;iLVf(VrrC}U3
z<V1-TIm`+y+q^2m1R3hWeo2bjTOf9GlY}gKFsR5kepJmMG=i`b&$q2>gIV7#K0ePU
zix7;i?66B$KYjuSf69hHFWC7e>JUE!KRrMV&Y6;#I?LG0uW`e9XFdo>U#uM8D_XH_
zY!8CD(z4!YfeO^ckOsaTzJna}BuE)jkgZ>PJM_NoF_uRnH2MOuE79X;{Tk)2Ld)sS
zqWTNQ*o;_dyJQEIQsrgAW-)(=;N*{9v4+SvS7cU5wD<H1A>X1z=rAHbw$fZBf9nE?
zY~Em#c71a(Q&aZ1AQP`WE;E3Q@^vUuy=u!N!OkruNadt357Xf!kqh(OFe=JC`bMzb
zJ++emih68m+&K5u7JT~5ru7^N_Qc+)k0!ErQg$|$1HiuJPXAbJ83-n*Pk7l4mE4?C
zD>i^JaWBifi@R<#ITUzPRkdTU((tg%(yr@6Q1{xVQJPVOV9xWU1lxPR?h+)~l-8;d
z3)8g+8<sy09e(65%hD#B>Tl5bRYiR>H>JKf>v>lPf-_}ZDTm;aEwIM5;<bF>UUt?!
z+zx^=_<QCwpuP#|-OU<s2$5_@{DObj66x#(<X6>^d^v`ctpH>?L_`_r7&19Q>>hUB
zLgM^9zzoZ~q^0@@_ZFX-M!RnYw^=6pppwHswy*wF%7Ne3_-4Epoik~7IQY$NTsq@{
z(&MT;{nU36W+w;xWn<o?m}tlk<W4L0*$2#BC4Jkn%WmZ^-BZ{#wixF-6N0ioy(K!G
z=};x3AF!)Y@yJQ5Pd-1*kci4uXMu4=G_gIqk1+@Sb*u6gqvbDU!+#=i*#!tYi^c)*
z;i7vedESpZX6)$NPxX0KU0q82zKH8J&wJ?O*f@FUM~F&(oq@$`-k)kvo{lK#YVx*3
zostVo5YW(XE2F$-S2tlJF;rK9A{0+VnPFFwHvhCHPwWA#hQnA4Py3Q(GpDq3bPE;q
zn$0Woeyv9dW0;$0zYK+Ht}UwDi+!}?s!d^oqP)h2g;L#?EqHleEy8+=;<BrBdPo_$
zTA$|8twrB$-v6wm3fYu<IhOY6Q$c~XxwpCkLs4QH;}`OQX+A;m9ELRWX&x1qb?O^*
zhdG9u=NoQ6Sr@!kGUWHM{DEMZyRJJQfJ9rDyb+Mux#N3A`Jn7QR)=bIGDbBS4DaS8
zrJI&;x8x9KKk=aa_{}aU6=A889x@5b>Vw|TDZ1xNU*^JZ+GegJ7j`w~>R#3xNEa;i
zN6IJ!3mo3?n%$F|9w4oOA<3mE)l|y**D43fKf%1Hvgj*vlgs(v>XfCQhP@C-6gMn*
zOtSTIJhF88$D0_jT^+;FNyd&2XkQ=?Oi`g<Z1@6Fa+8HNTQ-_UX)+OcdNefvR?lzO
z==iOlyrCANGwtX<?4YI?UKrWf$oNFI@ojf{2q|xot$@?g6nODf%qcG)>HQ8dB!oiS
ziR4lzCd0yf|53qxQr+pqG2VbNie}4=>C*DdR_!GD)xp=HeXBHN)Fn82*g_6U#7^Kg
zt94W+-*vQIC({49U1LR+gj?By{k*2FGv!+2EiMnE9ZD1J=Jk6NeVV*gvn<rU4nZ_Z
z^$sEAnrbD3%tD+G(qzf|3QetU#yvB4&=yH=VwxLc%|+Owdyc!iK+bT-yD%5R&87E|
z&=-JVv&r!hstZN3!o>|D@e@)=$?lt`Wf?>oibIwjaq#ws4Ed*?ZUKu2yUCTizt~6K
zS^MAcfW=ignx(TV{S@Up{Lpn>h9}shK@T>zh>qc+?`i*TlI($g5#poX6^zn~xnl5;
z<&k2@4E<%!d)AIBzzBj{U1G6}$@~+al;}yoLV0s=K&2s*sBKv9FnM8z@#8YhwZS>l
z0nPeaLwc?Af^E}-h7Jqf$g}RjVg+<|b!5H_$BTyjQNKRm%u4L{7!&ik9=3J8K$s?D
zZ%RCG%Ic6dFR=TluZT3Nbn1|9MC)B!8hL`UD0Q>xv=4%0Q`!$EQLA&a{&{VSQ+SZ&
zW_To|p(nGMx2ly!DYi<YtE5DfYOf(pq011rbX{NnJXb$_3?-UNTSmjnTe*ATxf*M&
z88v&_gCCnBordmC53!Bsr|9u$9N-2wmVL*l(P5Pd7dWuN3_(*8WvM75xby{?D8wp+
zd9Q(Q*-skYd%h66QZMLUp>{I(<|n&4q3m;5dd5OQx{e4oO_@pYv%=J(uo`7wk1cEL
z>mDgzRMPnHph{O?MN&D-wP=H6US*?NUaWzYlKH2L&PoQcnU~&?h7JtIw1|B-;4GNa
zQ-81#kHDTPK!iF53o=+((m9hyOjpu0yUTiWonyUxmV_})Dof=9C?5NMroEmr^ur=l
zIDBhuFBX26kuJ9>S)wMzTFw`s4i^FsF>8lL7^0#xs%p~u@A=SKhcmi6gN`mM9di=)
zs1X>H)l`3ckkBAcvnIs@NKz1AUgacLN!(CcOv4yst@K1JS>B;J%0w~m868Vc;h)zp
z<Sm5$t+FpJE?PikhGYCsq&*OJO8B~23Cc`RH=I7&3prbT_b}u^bw&u%sD`!BF5Y3}
zgxG`TmiXJnyw`A*U8NdoK5RtH@|H<p{ExIBS0xK1$|HFvF3#cMVPt_T(ydZyRN96L
z)8bB$LwV9fB1SEq$uu4jNi=VcRz2H|CdzEPXN?Rt7ZFWI7diam;e&mnyo`B<Nl~uM
z3@&Yxnv`UkqeusF#+&xHqo1)vj%b{<+EqQb_M&l(2ue1{gI(>P4I6mHt`A7HMo1S4
z_B$!%Ky4^<hT=hY=%Ao`$?4Z``l2G6E?<5RN+r`3l*H-h^zwH1=Rb#@i}ZEswzs>F
zziI$X*31ulN8W1raXhg;iY4QD%A~wKn0`A&gV#7TuPTg3o;h)kG%`tMB1OVP(PKz}
z4Q+Q9(J(7V5^QWin6%ugnh&dvdmsAa7k+;3y%IMow?F~U{Y}a!KK7-<ccZ329~2$I
z{5*ZCMZqpklPu4Ec8Qr7Blw`ZGGX*9{Ce@3k6VOm*ZR&O^6Qrd)oowh0~N1Yxx?Ym
z$(W}^A5uM1FQtlxP7>+o=vq4HUDCO-y<;{*=%BJfb5d(^Dovd47Im2Yxd}zreZwO8
z<&u;4LR%r}aZTvMr(r|e&T_o6b@Rg+N!{{0?aO<&!M$RYM#~Qi4)fyE`xDwLnuuh0
z-s_05(L#K$=Ok^?lViSgH>!N{vkFa@inq!5%IlkFy6O|&!xIlB(v7~Ld4P#bUn$5(
z9ndS8r#U7%uKDY%3RN)m6j<{}oqeDPb!Fi~vao!3Q>F8Bea?9|mkCoNxa{OiyFMo~
z)tU5^C0?aj9@PQ!jWDB*XVMrdC~bLnaX}u=!O(Rr6lR_-F_hs*2mQfLX{8qRSa~`}
zhpX_zG;M~J`G-ay(pmSZiCr+1<+?)Two;im%({Ar<5qzPMa4$qSBq7PNPOxxZrWco
zGl*tnFylRCQOVD1Bb*d*d1#etM|+)&C6el#NOzsO>7j_0wfL<xxIJ-P&o|lmvvVQ!
zR*!4^d$;Bh`}OWE3(}N5duK`;hb7*Xc)YPTiZAy>KpeLs%Sw_3S<vapk}OFqs&)Cr
z38;{5swDct4ij&S=zyM5El8R*=3{c?VTqcXDY?xvSH6N*YT_CgTX#WhNmjPKIJ;pk
zT0lvRQ^66*9r%nhSTnZNxc_MeDp|9fEYC$g?Gx&iXcPK#%`cjqo@^G3tX|W;+5=@$
zWU?tYzfv#j^2u87rEdcZWZ~q#HU;v0E~gBV#ixs&MK7WY2L~1!VFSL!tuJgCTXo9V
z`_#Axj2_RXEB8L<rm20|-nTg<1N<jv!d_vsL*8V*ImJ+HS*?Wf3+)|;wI-!91q;`I
zY_i&IZyzW>${KOnw_Zkd9rku>A+Bq5r(*ULx^UAV7b;;3+hEu`1b0Rg9kN>L)u@&U
zbrVU{PK`uFU2|fjw1L_gO;a(}$_{RsKMX9&<?<6xw5Nm&jYNIgBKKXLqFc6|A{pXb
z<yqmKZCr#0f}nQ*<Zv1XAKmr?TZ=cGFqtMksx{Ae#WYiy;}kVSo48aVW)DM@1!Sqy
zGU>Y|2fS3cg|<RSF$1Bj2^8=hD0g{UQut5t7Z8yFGDzMlbTjCEjxx46d*~$~3(t9l
z2NI!Mgda+KN6(dgh$9z9S{6TOnH)A$<~XA{=n+A+MK?11uIOiobLnSY-67`HM4F;+
za?hR_Z*U_l`EtZ2r#e|>!hGl<8k@Jr=29I(Sr>A|cPl>1SnWoZ?_X+qc{38&HaaVq
zag)x8#P8Qv9xZE?q%95HI(74K$<Bs9MfqIFuc!=>_WN8rV&^~`cWqH{q+`_h8td)^
zpYRV7NGTy>V`x>n#K}q5`JS8epTgC9XJ7<Kh)sPVI(?{+@+JdrEWjwN=-%Ou$dA$N
zcG^kTmE<j(UX@|f)Ok#`LAA>Fk)v=s8+|<km+`jf`OGX*GqxD%u1}C{`h)4C#~F<Z
zK9|ET>Fw;hi|lY7dAhB|Xni_W@!C%Xx`&EdE~(mr4~^0IJJ}da3BBH8FOnU&%X_V=
zwe;jln%35mvlu1TwK~$j#N$<^@pH<BGY~UJN~|cQrR57G_E#-&!gIg^1iJFh7vD`O
zP5M6I|As<1zOFgz8KyaPQn#h!LE_9?@=lBUygmG!D#1%dzrG?XrEhX1^nH3>=k)p&
zcRA55XDi(yOLtE)tUx@h>A?1JZs%~wjPZ{JZH$;!pY(-d(@vuV0dk1O+C;Ba3r77u
zCMCuJ;X2QG=oRt;)d`2nkig5~R8pC6b7l#8=?p^F?<p@bx-EE7XIX1w9A6Bx6@}=U
zB`DAHQ4fR$#gmGC@d(OEXRQspDO-?a4TV!!Suq?WRM#$fZ5NBIxHSS{*J@Ru%LL<L
zZ~0#B=uwl#`8K8ZqYwM{p<EorN4qfx%Uy<&p$2ePJy=?G_Cvp@YqjahwJ9>5{u)t!
zNLm|y7QG%dZ-la)&LhR20q@nr+{g>gNp7&{h0kVI-|NO)G`;<K{&5$FdWL4`*jxH@
zHoZ?LUZ0JuK5_5bZ3=7|-5iA$u$AO4I8)1KJSl*<Ktp|Tk;2fUabRq-&vCh%LlnMw
zbvd%muzHW1+%A{MJo7WOIQwosR8rdc(qLtLf8kv<GVF;VzzS|~QP{~sow9xu#XYW-
zNjb%fK_{r@h$aiLl<3wv`2e%?5X&c{#_?DWa=p}LjaM3L@6rX(gCNd`0=j^M)~FgX
z+tE!?!~jE~rJG%H;mG%q-vEuoFXYJG7CBGOAY7-D<3LZ#8D>wtNwL9;A#yBiB+p6N
z4NsgpI;1=d$yJX}LaO*m^MD<ahi6{!=AJG1;Yv4=I+B_p8p(X?bg8iGubEW`%XkH_
zVVjs&=*yC~HR5elzIezfrW1pIpS&4BsNtKM)U&S$MlZFT(%=1Lv2_NvM$%6?Q`Ed&
z`b(U03$9oSZXO5>E7);wQlkc24&Ep2Z*ydf1t5C98oQntCMZAR=pr)XoF=#HNil0i
zK&c~70y&LlCf+E1DIqCZa$_P#RWZT@6;>aVjrD=gV*NTis#otO5vevcgjx$`$8xkE
z(8j(Bh?pWY@f2O`l4_#=YGq6Y(-lTyuXis>Gha_Ep7S~jD>~Ju_R~?qyUnuKG&-C-
zjq$DDWDWGs%Gj#VyZmfmIAER}B*Pw90aZSJuHa-c*+!1Z5wpP*Zn|*0tzat*<ge3y
z9{_Zj=gw%lWH~I<Utl#Ukg_r2#4?gmI_e!YT!Onx6@SdPD%S{7Q5WW}i;Ka7cS@%M
zy9kz4t*LWP%|)o^*}f730rsEv#+bR!94n=7w?s~%VPE7(xoP?*A0HJ>u2z=drZ#1@
zjy;VA`@x~$@bb+f@hzu{X4%EWjjs)NzalB<LdD{eNY|1v5ffXtAIRBZ3uBWzSS{ZC
zIRl1D>rMtp_jQdl`Z+VDF!&LRa&rnI!-OZLVWUOs@V&&wp2(V<RKInEkHB3E&LUNG
zM0wX-eSpQ%$)^pVxqytArbZjAJenGcEA@~!_fFi)8@bYxR<5tUM6YTwGEDbw1_}T2
zdVzf9tTxX?O&Y>Q&~=#CkYKQK>OI2xf7~Nt`77lQmJYC;F?^1BX6c`7JNBRDPugk5
z8N`thS(UO3?#fM^n!*|sjhrT<*y*OHNX-;DZT{+WM>mT5MO2Hbi=jG_!`L}LPI9fJ
zP!lp{eWSIQy2S^To!>tD;T}<;fd#}Or>J>Xxlk9_1Fm)D%5g}|%X;B_QNZ-f#kZ|T
z2}dEnfczeaGya_~%P_nJC&L}Kj4kLw)W&9A7ZY1{3`au}vi)U6z1voD&XKQvbpIYv
zPGm(deP^^ka^Mqr5-;!RAOEyx!0TIZaaJCICDQ1U#ym68$SDbEGPC}^?&KqTa+#nh
z<~$*rxrW62K#*^^a@edZu{@Ni6ucu?QwP(j(4aAXE@!7JFM9NDx+;4{dRSZj?&QoP
z3-d^(RT)pLL~7BMW^j`nDliBGF9xHshTFtBfL=jAyZR^|^*+cDlWU_0iTr^TP&y>?
zUp)M}Lz^`Y{O%#y<7?(oQw}k4k*Q0W3@`H+=Figj?%<!z!q}CAey5Udwjps{BlLi0
z0R#4KrIVZy&(<|%G<~0rJ?rYb;(SqZ*%bel6aTT3>E4J@EPKX#(RqkcA-Dsccw|eq
z`g*pS!OLJ6x;`+Y^ezz1<x`kxgcSeG_g+v!dVE{7C;qgPG@z80X~ocXnW*5=9qGZ|
zu>%5XFK1WPwpUk`*=^oef4K^iST~3+;AdxWh36M3@M1{6rvh)Qw>vGTq8`U!lM3J(
z-y{C)?#059{>CGyNrmw(v!xfz$AhZMfA70x>ZQ(>8H5i$^rQ6t)vR-oc7dA|=>8pj
z3x?SbD{(@P(~~w@$6Vg3jOLG>8-lU-1zrpxFU;ruj;8L{3e~Nv8%A&6@F`jByK>y*
zI<^!2=8hJ~4O;mynxyIb{Q+8)wcR7`dJB1{^mBWMUkVHns4o=~u7g8S-%c8vfw?Xd
z!Qs=NRfbdtefg<3KRbOT%Nr@|U=O}_)?AJIDN||)t4BNr^>HSE#>e^cw1cl^*ftef
zfFo#^o^dJog<jV{YP#+LCbg(b4sQc_BTU->=x1<4$Uu^<<bBbr*2wy^z73Uf@9vrE
za>dNVzsI`VLA4agx84F7IQz1-B-*JuVV$(Rra!NLr{+@W2I`BTNB+s-@bfT%<=WAq
zw_bH8hE^}J<_jT=T))zxPs;j8@co+lDyqTylsfL8t|cyU$pdyKRdq@?>H~Mt;rdN-
zdy?iCpFAj|rgq23)n(M?eUiz4%;%YrrBf_bECS~NXNTMbPgNA(20c+4$JU7gx-e2#
zs+(KnF+zLoCNSTiCpPfKRiVc^4E>LLV+E>Zp~=l%P*|{w()5oWOdrk26D&|*IR{0n
z(NC0wGle8wM%6D+L=N0iE}MPI8G+@2udzs;j%cP<9(ppJ+OVQUHllUS^h9+IIQbz>
zZ|&s!<3sqlXO3l%ppUCZfi3plP*A)s7k&lHP<FKN3r1^Yg=4T;-IDVl+n^8cXU}l1
z7Y^!be=GQk;Ou<)ypZm{I;)QI`$20zQ?%qGselioplj&4Xj~VZ<xAEr$U$L-b2ezv
z>1i~av<(M&VqA@4fArhbbWeyqgR*PLvh@DL#_!xBaeR;dIaGuYA*RC<)*C13+={lP
zQ(kBVdIx*Y(UdpNeCBaDE=sGkPvd*T;M1mDcv}iKzJph5|I?U$0^AHQFpB4mOb&TS
zlvCR7vk)Km?3j*R=J3PRm7=vpA5Jek_>Vs4zj|OwhYBX0D~#CxPd63sH+W|Tr=7W?
zPViqlz%lq~tV+?}TM%HN6Y)ECfWd*8MnGwR@H@V@VL^rjt<e9Jmi}!ygKr7=<(5*{
zlYFW2|JJF3{;W7YSN-?yHf}luKOKkbT9PPP{g<9J513LT-Nz_NPF>0eqSV<k^1(8f
zV*L{p{eSx;I0-FI1Aut_^8UmGRXlEBr-;iUQwn<XW?13@m@gAoKD}Na;kyrP2@<Ap
zZ~owuM_trc8k4CyYw<r<;2)WwcnKI>f2U2ic2<o73;YCeFXRN~0`pm|^qk3{x4YhR
z=<haJC$ibDq>(0W(D2w0GmAKGXW(Q6;DxVvS@DBzAiSw8smy;2op-ebGF;D_kL+WU
zG|5qKd}d(G^ptHk?-p2k_{rE7!Bavki%v<~`0r#D_D^l{v%X5dnIp&sm2dCnJ#n$N
z(YJ(rBS&QaVEG_CuoQHKdb_YnU5y{!G%Iyt|EOaBzRBm9X$HMToMf2cjPiZ3B9-r1
z^5rhmrGTlLw9NPn`CfrRfo|`#B(!>%csB4=vK{kL&+v;wy^6l{u1P>WUQ*-4fbMX~
z-ilqhqNsIdlIv)lFn!Bl7Zwhg54w(~D*D^a23Z#DfQ!x_l8J~E8?)EQh$ELQGT|W+
z@`X>C*Tj+e7iUd|B4gN%vOT@}zmZm~=Bnp4)p}=JvWKod5?NKD*7oI|9x7ONo~L%(
z++S@gRU2CiPsEkdZ;!iT|Jv=!3Du9BN1GX|Ky8BCC3Mjn_%|vEFrh^5t<a67-@6|i
z3N*TeYG69*+ois5R<yk7qW(4&g(uYRv<WuNjvVza&w`h9N?_8LWFSO;B+CDmfXM7x
zha3rSgmb!-yyNxe{<<-72yVyV$vk6qd*^;;L0r;h{To%i`o!dgm%t121eLkawT->z
zX$2llMInkO^1Y@tP@OW~i1se53p1kf?{UMwEehYC!|5&0Iz?*Jqg9g<=_EsG;nKuX
zgA&lDTW1`CqKra54aC0kLWo$So`jONhK5q>?XbHC^_@_gC^#Gogjxw)j;~vtnOP*L
zTi&lZ+I!)4baclC$%J5FnI}G+C|BRvzIoW<#!;!&PxukMe9EcvuXX_+HKOsBpZB!L
z!sMFJ{n@fA{j*pI-6G?SVP=gU2()<h@*Z7gR)_{$O5AuAv+P)x_bd8w2k?5%XTnE2
z@1{|oy2W3o#X4+(a((Bg;xf!<7i=14onLr=Xqip8Z1=m{uegyd$>IHmo7rfk#}IH`
z#mg?=e$lmL^mHhF!Wo(p{eF7Ee#YP(b<Ie<bFUy3UZb45KNCJXBhaJDffoF3b2c(v
zw0i<<-joJITCv-{8npcRRP{)PlG1(E3x9VH|KtH_27WHe^<WPt%y`H9oB|8yQj@5=
zswxtl*K6CobT2sckqG2muK>1$=;e?Gl+SHm(5>82R-@(r+9eRL(gR4Z6U7{kt=@Ah
z1BO%~IU*ZrWUSLl2W*j1j+z3&p(VR_9#+`CjI#UCJ+iw|$B-S=?bep!T3|}^@6W`A
zT0(r=(i6;iHyE-nRqgiaj9SP}XKe4@&+AK`j>k!K;6}rFEOTquU1kw~g!%s#8zDg*
zgcr5@d1-9N%-JirjMrWgsTqEPkK2<DTfjC0{BheKznMmsXU(d?&UHOwg@g8gPaWXI
zJoq{0Tp=)nmbdQP-S%ereCh<q(yb+6Y^y)!Xy&HV8lzj1Lf2iJyo>r%H*HiX{;zA|
z0Ty~-KCTn9hvS)nrw^Papw_NltMCZjc_3&OnssEz<`)|2AGHU14+i64*kU`}&A_xx
z$29L|E$5Js85Jul^?V+-cSG}KYNi*hfgV1;n6wH?O~&kxyX7V)`6Kf#Dk*lo{a=|&
z=G1e?4Dnizy!cFBTc}mn0T$EAF3+d)h-<d4cSEW6VQlr~um=?Q+d3>M2J^faG;gEo
z^f?mvf6iEd+;!*79rX+URhI?O2&3?YM^v_>%8i=@|99r{0J0vhxuySm)PwwPPsH|g
zSuD|iRbnw5%#L`xfBBzNAZ1{XWG3uEKJGp3c<B)-cHAkw>EqneZ?W0$0gf#WrW0qu
zFgX5q@Q=7_65HV?!t{5))mrSv!~WEKjdAGfxWWJHPH+25T4VhEBLk{QffFS#w$WDI
zk2&%^TAeQYB}GHw33diqbd{#`*hz+I1<2f@mfUF5{SKOW{m9LD-Z$Vc)QLTXn3$NR
z3~0E9XAyX9-aSX0xMD2yXyzP4A`)lb1t}+FRDDTAq&I1($LJI9Cs|8bwrdI)Qv5ye
zi|6qR3j?zQRqu*uFhk!C%y2$Y08Qa2XI@eDZ<s|CQScbbDkO5obt>El=Mqx^rmaKc
zmE*nC)i>qHcw4unz9m1R#%g{r^oD!~a<Uuj4mq~{V&-34o?n};NiNm;VW|RU_uN37
zcuoZN0(g4={cJ`Fs+3-O-WuRen)d3vb~rp$wQLSME2|&wkp&4(Vvuo+H?oipq_UQ1
zf5!OU%_Gtq7Wni<osM_X`vaidyT|@X{T_JZG9Jzp#5$0Me~5Y_6_up|6@<JSOd~V>
z7&P+6FI0v8g;Tov4s(G=u4*VlDRpwsLZiM+JAzAB;IfQ3&jKe7%v4Uit<=suiPsSl
zv@{7QzF~VJmO=HhUkO-nVUT(Ct`B~_JS_?9ZuiR}OImlxm3&k0Q#0uIm}*$~bYED>
zh5vD%kB;)DfzIe{<yrh}5e4@PRc@Pvn6qjRiC#kIVOQZq;>cSuSg~2ZZ1rUI7RAC8
z;8>Dg@6RUn0=!QH)15Et`R9l@iq_PjwHxmhYTvtN>JBkm(gC`a615*C(!Pi~(nwTL
znW#6&dhsgr`J@sQ&blSx=6ZS3Az$yLuqvAuGA2g~J^6E^b3`Q_1P<PVS5$3f3{D@O
z`pSYBHq}PNT6a(2oacZp>gKsf%4q_%m9(EiyKf1c;SeE}n?qKmsO?S_5*XhTq@wp-
z%8&<^y4@O^7TGb*AEP4tfW8qdei344%+bE)+6tBo2+}w)W~R3$Dm!at6CPUr$|PX`
zwkx-#bspOAuRLyvlS%V=8On!(@G^oKhMxidES=U*0}jqXYVsmguQf9<<fWX<6!cUY
zK|-zY+~=sbT1QK*!<Tq1tn=iS`VEyA+fPL=E0UM_hSqcFgm(0s4xPg?D}IP}y_Kvf
zsY1!Hr1fw?M#+OcN&V&J|3}z&2SWY-@hcw<Lbl8#>#WMmj7Xh%+?_qj%pM`Tl7vuk
zWF?23v-c(mAtcToMaWsn-oMvLeLj7@pWpBIM}O$<-tX6VzMik=d^|KC0te)`)dpn8
zPk{@&9A53|8z}tjW|tM0__+)EpbhFIx>9<UQe60jm)`=FV2Fo_;D!Ou)eNy`F8;$`
zAA$CWGVvIF{SGxDXQ<9a<SjimY!joQI5RzhS9XW@Vn;$v=Brc}CWq8}q+7ja#5`7T
zClAINn%o{G1uwV0=nd7n71a*090u4LT1mU%2{iMFTn%iPM;)eL8Q8Q6(Msawn)>!_
zU`hF<&qqR05-`62wyp4E>EcuubNb4GX<4OVtY4(3g3idI`tmg)N-ttqO1AbTlrc8<
zLdP)*UBCOc-#)TZ2UUu<z%kF3?=Pn9j44x2_B9Ew7Dv958VgPMs;n1=b)q-9>&A&<
zQ}ugsGOnd!eqKqRgVQi8;x&@#lJE?)Ox>=3kKcy}TY2H59qlP2A6j_7;2i}XkO(5p
zia8NB+>NvlhFW+WLkoTJXgYIYEmNt4gIQ%e)$^KoMQB&iM3~I_tDpUCHv=-AlCv&y
z!{)2p?d?F~XWc$1$x`IYowymH1!s5ZJS|7by!RTeA~D#urh=3fpJ!O%3+nwJ-<T0b
z|E`_BPCW##2N5agD0{AJoLA-@ey@A^Ex&7S(bw}>tv5AUiGLYX1~puIEI#d=d$H_7
zEGoQ^g(3knBFg+!HY~rh<gw)Kifb41bQCOwEs|k^2<C@qXf_kO6=EnJ@gxBxx+{*W
z|11XHZqxD1M4bu7P|ymVDN1muwQjDhXAa8m*)@a(yGxro?;~?%;cyCNcn#bbRdDpC
z(JIO7lg#mAn}7t%;OBZ*KL{bg+FQQ$qBlF&>-B{WCs{yk4~-3PU%@MR#l$sSt0)j?
zt0T108s2#K3c@Uo2>&8drq$*@%xU0&g}NDY$5KNqeZ1bsz+iu=xm(4<*XSHIamTjd
zw{Uk$+O2S6&)XkBnwtO7n)hgT(#JE?ov}O0cEo$R-LT8I6WPCwEzgv$shpgR$ORqy
zQzIh@(v*nv@}vTYzM~UAS2(+c;1YsT7$4B}cYUfvqIVNnXcp!!eN-b4Ig^-G_(N;t
zgi)$V5v?eFD4j?8m09g%LyQ3$jZA>XS|z{6tM*SDJgj<kB^L&_etp9-*=39llc*GB
z@ybdPrZj}U_}Uf^WZA1(*5=UdGp+T^FbcjH0xAK9BPX~W#*y<rzV>ohhv2Sj9Ak^&
zp%Q}1lUkVaER)h)ucj}jU!P)TVti7=Xm4U>zRQ3*pY;(sWCTypuy}10ygWF&T48`g
z7<(kZ>c5*?Oil6eSA~ze(lKdUrrxb(eHadC<~RavP%fFyXlL3}PNgpEZsD(IM7oP5
z<dj`Fer&=6SxeRLh`+6HfQEcm>i=V)TNT|;)Zh|}%^j|li%Ye!&DZMLSST#wB>3-(
zA4e-$8Io>CyQEFmye)KZxnVD7ai$4+D#3_BjZ|FJ?gv1PF$Bw6CDUL1G9kP5l1UtY
zvFlW!#tLL!TG@>F8N;Yv;$)h^cTRpAcm5(?Nw)xnT47!Z@ADJRL$*<itZ#EcJ%y@r
zY(s)pf5<te%URzuBOdC9n4-lcN6O)hVfdZco{T!P#i=;^<Xt$A^UB=Dxz4{A8J{q0
z3kL7QPLn`AQfIwB8D?1f-C;<)U^74XI%VR}d0)~^flN)OOXwqQy_Uo@O^S4lCQA4F
zW9rk)t`>3cq$54AUG6Wmn5Po#NpP-`+vGm#Qx7^;f7|?fpE{FV$CSn1+yTX?E!MRw
zOQ2?-anfw)A!gL_ODJYk8U&17DC2)t#IJ#hcS6}}z1b7jd<RANbR^Y0(_?&%Iq1s$
zTS@#h4;W4z`?n?d(?lZFpdS`){o9WFpX>W~Ywh1g2S8TM09l#;iNu%^EG9x#IAPNN
z_fP-JxCDCn$ZHbdSsd!xxd}61=QfFS%B1#DkBPSj6nle43hk-goW7DXT!ljd8%09y
z3i{V}1v5neKzBk&DeY!*%bidtzB|M2{<2H{#B#(xmA=FS3E9Dm(HmMeW3R|nLhRXa
zCDMkP-%cEy2xfbOvXa*~Ud$I_Og^aTES6!A-Zti|T#mN%EkdZq{8Q*Qs?s=<to$+2
ziVJ>HGTi^#5O;+#=MkfD9f2p)vgCRn3ekgQJ5b6zEuTfS)S_}cCRfN%Gp;4%%v`}e
z{9uy9l14qaRBCsI>X1OL!TmUkAs1xTHU-yXLYQ*NlbQ=m5&{bh-sB1|V&yU{LNJiG
zC><p?^1M?|w5tWCV|WvtEK)>NWzsS9`q$RotQ)S1rk2<>`NMsY<34-Jk_?X6rv<x@
zO?Mhi@4V@Mb)#t8QS(V~>zh3~En-)nVN;SG;Q>k5dr6h%`akrZ<wBA@-<mOe)`Xe)
z#E7ZiY<SYc?%21M<~%N3qx2YZFSjDa`NBML3%l`0$|_h51i7O!kBIlP&gIuIojm&?
z(VIZt3DM)jyYiNeP#Cl$Cz7Fz+KY*-k^1&$ZvCFd_$e`Y3GJC$)Z^-v7PSrsC!W?&
z<wAXTJ89H-x@4>vmLE@d=|u3&Y+Z?~H@71flo;M>7TMk3wGi3Xg|768uL<)|(US=&
zyc++~T8?(sKBMG`70KkTAZuOC6xrN)^5~B{hzz}Tbi}Sk@Eh6K>T;6L#nI#6dUN}p
zi&m}s1b#}I+DkR<9geu`i8u!+We+dO_cmRpbI^{g)%eofPbju5t*Bd;6!#g9WDHd_
zoST;77k)`v?unw&skj7nX`9Tb^x|XULkwUrl{&okPG68p1HH(&R!w-)?umhoCkUQW
zTND0EkBc0zYjB6h!`R$!KDg3WdzL?yOm2CyyTxCc*kyI8$3qp1yZ&P07r17q<2GyA
zJQs}eSN9x<QJ<#XBv7YBSI2#<37Go)ATihZMpC-2VdC?yUg?ta%x&DmgBeG=o(+@S
zRHa+j;NlTFyDk)!G`$RLxKT}h{M5<h0wbk8V`U9bVKqmK8{UI;p|L%sQQ}7l{p!G7
zY5{6TFCf2hJU^s`u_LR5pDd@^TM}lcTJi+c33|JuW!gU6Of}+?niK23No6@HpQqdu
z4roFOB@k&gv`@sel#UZ8WbRgYb*0{l*1Cl&QJYkm_r#(65<5@4=*_jXVD~#oScH7d
zNu+yA<aX|`q`RVJ(ST(C9|oF0WwN{Vm~zR-B*eM_Y+QtP71^*pQ|>l9IyY3*;L=Cw
zGq&nC?J-au7OdVR4oMd{9{oblEnK{VybX1Y6Nf!9l+$p3-Z*yWy(Csk-?LS`Vu^}g
z?zTpYU|xP)ekb>($1jf+M%F|y(Ob@g!X@=PI=pT3FmzZI*%#9<Cq#F%>=~cXfqUnz
zsja)U@UaAIKa;BBvjV3LylQ^@K=+-HtTDLZn%mlX)uj8OU5}j`m%VXx^mvfaV>(U8
zhUIFKb_d>PJ*lq^VeW!Dn;}?!`7d=+1<Uc)76Q=ou#yZ{YW2{j7Z@ofbL{Jgz(34r
z%Y|KgzH4W(;R|`^7T%F=FU$^k3^%$vMI=4^G!es6<}kLJWHK^H=jcdV7%(~LZ!&+*
z-c?m;jz`Jy#R;b~XR7MG5xMr~Ml9V_lqN+&!&(dJN-ksHzt@ygKIf_QwUqCv^z+&F
zbhHDG@6z&4o910+etVnVuRr7Xh`C0yWhQOG{DMNUu1{Yk72kP}-Z@vK*ZWrOZcqzZ
z?DtD_jv^+}(67&pdX*AZncPoSIIN``5Yern<A=_OR?**`EZ!gH+&sBoP#J2IrvF*L
zabgZ3s;bPaw9>aa_+k3vmtk@JYj@RvuQkCY`m=p&PFS$)I~`*<hJI5c`(7E-W{f~I
zqvv>e5WmD6>)M*)(1{?Cc4O7G#e7q@d65Q1dq1qKmgom^On%uDgN1Q#1eKSLaYf}Y
z)w70kTaMUaq(K75SE&A5ScSXjga8SI(zd$HlvK$F?a<Zy;pqNCZGPuc{i9>Y%wvxm
zn*4R^2H%qEE!md44t(^Q!YGplV&=zs4{jAuyN*v9l;53=r{RBIz)uprpv{ea{LZF2
zwJF3U;{s{(nWxFOyl09CD!0deXu2D<8=aOBYhzvn2<Xa$7?p}tcc{xC$-%x92yB|1
zpOdY_(2GB1e8o-WOcZ8~qN&W5q#E}=<gN6{V7l^hk<Q2S4}g6XHp`amw44Lqb8lNW
zt}F3KG1`WQlS;$BK2j#8|LlRsrNfOJCq<YNrO!c<A#}#{#<tPn(zsB3c#M(?B%aNl
z#n0tdv3j1mF4@lUA2B`>OoSs20Eq~lI?;jZs?86S?Jeo^!mDn?2GJgXaQxGBFnu+m
zc2ahCAisYSUMTKCP4BAl!9ox+VN{B0tqTk5H_xm*-6>wWY$eGQkkS@4`Z8G7P&vy)
zW&R`I7t^oYC(oGjVJ&HPpBLD(I4U1=EShb1C&`(C!WmoxQXNqI=@K-C&n9mL$_A0Q
z$Nz+$BaF&{hCfhuk$Qmr4qG+)twzDWE^y(G9aor{qRLK$dM|%v)qLDg9hI+js_-dU
zP~0xr_6PW0(D_@Im-!9e4~j9p;^vbrGd<U>|2j=BJWNFy@=`D>Ldm!^wqV<?&{Au)
zCXL%jSxcLFCT3Uh%hXBxm$}2@$tE=7IeV#r=WJQd*xQ(005)53sc7sgu`b)FF`8k9
zJ8VB#k9+*v@2#On+Hrk)9e%_koX_3{z;K+00m=*2>ih5Bv^vEf+DZMg2mO?P7*cu4
zt8z5}&y#rWZ0gv@>o9f}7Mbmav4A^wdazkyn)^E{`!6B@DzF&<hprdisb373TVLDS
zU{D#`K2Jt;3b6HgoCXcFY)Y$@Hm3ed`d?J<s*y`;%pTNB%58>ILM@UD(1eu7kJ04K
z7bXdngP~jP$vYgZSu=QmPZ2>qp!r|p0-bBNt~WGP0l&HTHX(!YeC<pKo_)Vx#dJG_
zJsRVP$7}U;_<@$H020_P0aNSaBVcU4AqB_!ch}}m8})Guo$Fw74{I=ne)*2OaH#in
zU>@cl{b#1|XVgiw0&-dQ5==0@5&(PU3o9Q`nG9Y4v1YydKtcX)d)xy-#255+s|*2Y
z&%0f&+qb=`7~3dfV2|4aDW2u_<hqaUV>^>h{Y|Dddmx%WutCTnoSInl-3?JTvt)4{
zX<FR>AWbR}UgtM$82YGyra{k&6!ZS5xeAKQd<Gvd&3QZ}YrnqE?<w7Czz_MY$ijl7
z_}57oA?2hjIcz(r1%ZQ<`scuofI!z-K-nNm2zGsGq0<(RIE_h7@it)%t=tyDBVn?P
z|26(mA4j>}GLx#nw6>+CD|J!Tw79x3&2X8D!eX{$3_WO}+)&-$S`R|+HOudHffzW+
zzNs+>Y(z%zARlGZ0L)}F5@3G*Zn*^pedY1<c4ZsZ1^_xpF5O#j$wVItpB--Pe=@QE
zDL$(0leaJ0V1g$ga!_S<-yZZoWa3yoIuG*Le<x9a=`QP>j)}Q2^i+=ahs-5d&I9@a
zL%^M8C7E42Hw91vy`tL2wAsi}=wG$!b{F?T-KP$K)EyW>8*cWSf8g*CoCV4wApC=m
zpe3NtfRv)Ok?miUSsD2$gyJWV2?U5*WP5eqY-4_lSNER`Ag}y~7_E{Jx=MGJiM4B_
zU^k;sDJTRtwP0EHv2deF%;V;l&+9c>y!!`-W`1NwKMu{lkhS7GekV5PadTZo({<V|
z@v_V7qR|!_#eR&|#KDt0P*@W4=@Q2DuR^*Qk63D$*65RNI_Jvwg6sN_Ga+*#-n1Y1
zOFW<WUrpu5Z7u3A@6`>aS1uFk&i`8+Yv0&H>@Fx@wJ>m!&c4Gh8z$OT!4l&_dn!9d
z)q<WpnDpTfc;(K+#G=q5!<uU`Sw&YffNn&n_G7$2n@ur$hO|H;s-5;dD^<nKw+?QS
zo;fJ{VI_TpvBDjNuTy;4+7%3&0?JfDK@ImERt(0;dtw_$1{j)ZQYrwve5C&v`)!D=
z&J2EkYiz48ElYKjC0_F<ta>p(;QQaR=6C-q@`MNn7g9N=9zuo5Z%pgXX*NjL?M0)a
zjF46wI}dl@u(rU)90vgMPy9qIZOBQHSXaNxFD0~4i3;ViU@Vy!9PY+^sTDgo40SX?
zm?w7HbGmX8ds>);uYGPSUVP$n)y>~uC`mwY1Wrh}P_!&Inm?)Q0o`%`BXPF33kYQn
zp-=@7?jw7jT`2HL(d9;;G3|9eS2iC{hU|RH$5&EqT58{sraX^ueZf2y+KL>+`GwGj
zN}lW>-G)B6mc?Rh<_p}QQU>*<)OREgGNdkRWZS~~r;93U5s^pNmErBBek(3xXLcVo
zRc`U@Z?HR1K+KK(($Vxe=q&<^MhZCy)8C^bge!jalmnyW(=C#w-888aU6zWL`gbhv
zL%!;SP_!A^k4^JQafpOnp^48|4AEb8r^TWCG4JwEC|6$LIesYuI(<f$+Vdg=;f~~6
z7L6Q!Wb(Ydnu)Ho6Hi;R#>+YJ-D$#0a6sjCe#*04$0X_dcifxp26te0_O!F4=U)D+
zWT8&rIsM3)I7}(lexU;O2}_+*1p%@1#G_te!V|r$0hX_wv)0_)y~Ca1X;4o7D6xEd
zqp&UNkcu{Ar4pHUnNOphzA8L5A>iUhYyiu(qx_lyJ?R>bMVDMl$@dwYGp4=GMOwMI
z9A5xVq&|(3`+qp>^f$s5K<Fdvsmbf-&i7Fn>9L`_b9W|aIS^B{s$yR-Cs{G#5AVZ@
z8QV{!Fwa2Hz((RHEmA9%S%=@`34I!|;3Mg>cuv+iH~;=gb65!e#PJGGmq!yuB)H2|
z6<i+UD<BnXQ6{voa+dia4d`^{>gw19MuE1>UWKRXH)^@P5!PeOe*yxm#Tpo7H`RvW
zBd(`dw!gNa$K(^WbRjb-8yX&2nf|8=p(Y@0yS=PcjA9mn{#8m2B8;H;<@U+{R$9U;
zd)1<mnK#*QUhPimHQo0I7{}26*1HEl2$c={@Vx&?xcv&VRC2;b0Q**_|0WIBf1k;N
ztjmG3q4M7tY`-!ys!JeC&6lEjSNj+6^I^;+OB!g<2B+Pv3F<Q}1ZZtF(!aAX1~dnF
zdIz|ezmi7UqLzXH4iq4P6UfefKLr4+0$@cm0HAsJMO{w=<yAs=z9KW|rzRqb0_+RF
zCKfY3<XMYQjQz<&lmOs-e|^#mAb9`%Xu<#~<yK8XjNUfa0R%h(5Z$jp);t-wD2ZOs
zf?WFV_|XAm=7Gxn;{)8mh5+=qpL_SmMDY{{Q@Q}I-CxfEUuTDG&&A5a{$m2Y59@jW
z+eSZuFX`8NX~$}pbEqr7x|wcT{MRcwJjb@b8`kZWD;)!Q%s&_80Mr3;piYSH-2f=!
zzxS;xx&&k)1^?rt5s(@LuzZAs=dabP?1o@X{U#=VUO0cuzJzvcb1RCv@;?R+NTUG0
zs5-z<|Mk|9&4a#~%yr<f5r6>?tTduGX`l-Frx~S|>jx?-{+vV1IH+#WQ;a<@$`53o
z$V~eWc?j6uCZMbzh%(UyzCXlA6Nuiw#3ukVci>$f9JN2T%Yf#9yy;K5^xf_#gMNG7
z={FhmpRf3T$$1ojbIf`u4p?P~h`0gV_Al`gY?KJ7jVUqRn>XeE|7=0qLZ~eurzK~#
zjIT!&9|DH|L-gAsLT!oe8Gn{G4bc8u@)eE{_KwI5oF%ZA2}Fl~ze*wi{U1*TiG868
zz*P2Ip8g^sgjm6I4$eu`(O<t8BFqj5-$7jV*IR!*jP>VgT{um9a9)W9fz3@sbn4iH
zql9@9U6Ia_hp+uC^f_FC!%yB&|2m<+-=pb25eVM%v$EvRZ(li3C9g4T09%`&M}Cc!
z>n;KF^S4Csnh`Vv(TB+ddDFH*LKPG0w|r^6A;=ezP4L0-Vm$Th5gtI75YUZ(@4>5k
z1X(4z5K9@bF3ol4WI!g#f!a8nVGK|y|NMLK9|8>^!v8)_htJ6m1Ew)STz?Plrz{^N
zj{iOK;)Vk%mVd0@!2znj@@w=e=q<wB41Ouk!-on0i<ZpOf9>8OSSIUh+Y8M~5w4qg
ze{bU-%liS`RMbcBrSyk+HIH9V04TQr9iE72-gmu*G6C&<fncQ(G#`PA;ouY1?*Pc=
z(5E6CJwQv_Knt!lu-Ji`HM)wizMEwMIX~q*2I%7|0F3_{;58Gy0wQ8(d5g?_cWc%9
z<rDzY>|lBV__%OBuCChSM4Vu)|Nd?g64oAt7kWnzxY_#+qyPo)7yzDG#d2{`T+jxG
zIsv?yl(3#tKfWybXFL=l)G%m;*tQs`lmUuGZtxFqhKi{HFNo+3HK;)Vu7k%Gz;pzm
zcsfadM=vd{Q~4Hv#sJzjakt!5*KrJBp(8*cQP1<d^f#0TR65<TDCH6Xx>^89FT?w)
zGJ44V(NlGJY<GjC^Sn1IP6zEpbQM655_q<B2(s|;K>Hp@+|T_N;fAs54TyIK)h*lS
z*dYX1v+|>{Z`&8GR0kl&F{D-5`NKJXIq1NJ&l;gNxEvqJ#NJhuOPDD=&ImyM0cWi3
z3qT?P&Y=Y<fKo28149K+g|4}uimsPFm6Mf4wF}hA(8N3dR65RZeF}avDmJX7O{guM
zi+-3h9jw33n*Np^EX=Knj<l*gJ|{l`A`&zLuYs^QPJ9u6bK#G@OW#bwAC#{;ya4Gs
zu!_VPhUdwGf{yB+H;jjv@i9Lz`a1r+oK$t#U;vrCORo-N%`IfNK53l^_e~t)E!b2V
zw4BcX+f58G)}==E$z+Op75GDVpHXZ$luT8*=F9z>jmL&+4oV+Ds)t$dTR1siZ5=eZ
zg?l@M#c4iIe^V12bE5A1b3Fz4HeYe_^`W}%-KR#p*uHPN#RIT=Ir(+y!6;Fhu&XKp
zA<NnmnFi-r-;<H70PS`tVM?p5aJ1A!jVrR~tv<!HHFBxHVuokYZ{k^@rE_B|x>9k*
zBc0xaRzqpvtOTVQBgiG>iP+64<Z;!?%$6OQ0=FXHJ%Vz`SPgF7SX~4H*h-lwg3Q-%
zCk<K_;R^U}$hXw5f8?Z9x}@=!9VIDIXUPv=HQfz%n`-q#V6B>Isb~B*1T4(Ea^G!8
zl@YMcNWVsg@wd$o1zwbc<>=4cfD{XC@SJ)$Pq(T9XCaqKWi9n9xo2Z+u=9-mOTK_H
zv~d#2N1FBNZk^`+7aNz21<PE{?nC>SsAaY5d%5g<f5|=2J|jW*CDxZtey1K|L=FzN
z+VKm}<uK9VgeokE?NNRVxHDW$K6+=edRzB^S2_0mQhZwnX*?iTw|&tLQ0E2uY9uWL
zuvvFD<K7+xVtg>~7j0$!yDle<f2K5njvrw?L>VJ5UVGQBVnSqi(*ixXyk)UAu|rkz
zjr>Tqz_e83TO2Qh_PYc$%}UUe)g8(0D`m?p&%9n_$+ui|ro**{dJ_t}0wbGxx)KU`
z1*MBQ9%NjSkb@a%npg)c(uYev4b<TV=tP7(t5<+~Hb)j!myGaY&&gHt(XzeLz85i9
zg`rTe1N}|DR}Ajw-v)$$p=ibXB>HCn9l+q1*1)3S3o{mFBF^5chq9QYaHuTx9{kqF
z_tF{TFl%Lk8bZl%75EqEBx%OR)sa$NIIpwYS_0Wp+F;klj)zvs7xZ`VRLzu$kYafY
zM^Mf?Hb-NNkm*Ij5t34@zjUD+p(Ydck&8eVd#Lelf#r#O%`c$OkK)hP4R>HcULh4<
zad_Gmk0lp(E5~-|b71+Sg=lU3InqnGxSV=^ZRjA-U`SxaUXa=5$7*(Ku2?&!v*UEH
zz%q0py4Uldl>9I(&b0Lf9i(b_r!gGxU>aS(44Rn-C()$~JTVR{WI-$&1<{s#8nLgz
zBF?oUO*yDE*d=}+J8-)Zn7R)=1wOz!5qU~pyiR<ZLFi^l-n-|rvcG5bELSK+6&zC`
zpkN;XNOsN*1@E9_GtEB~DmW&LAh;Ld?C<YCKUlJ{b!YGMmguj`pm=#?UCw?_Yv7>d
zVE2m?F*2YdTDhdq;;e{@Cp*XxfB&ccv8TB)nVOnfx8}6NPeA3dGG;{^gb<3a*OYaO
zoCt6FheE9I1@vOT(KsN|={b(<>D>FiUbk*7w>GG`W7dnKKP=q-uittc19VGacn1GD
z&QBjuxiRQH>;0jzQ_4A4tsdLz(UZRzDw6LJT)MoW83^JT`N97jWwFSIeRyX#PP=En
zLxo}u1|wT*=YJK(uRa?vMg?HN0Lhx+e&}}a<H^!@(`H2*62^?DjK=|^jc3I*-9K-N
zMoN^Je}E57-QEZ`YhCx?NoVN<E!~}+&$^_y<>c$_S8h|Sw6xp^={y3fp#zn8^Rq%=
zhX5zS;XRz6QrBaP$L}I~9{4SjUN;)4_9{}^`%Xz$+RJne)LjQRQ(`D7D1bLM0mSOy
zhPn`Y;DlACjj==8;FaD1bR}kE!(<@NRbxZg?O+uiqgcHnz(q6!B8L}$%TDd~Xz+pO
zaptf2oPd?>z4r<7n^%!Nq`cU7&uipY3Z3MnrK7$ACfBE<paI6N4{JIkB_ji`JPK+c
zW#auz2CbIZ9>PPZmnTdoG?lE6c+K_-^6LRqwCV1JpQvc9F?Wyu4U3jaPBtQBplXb4
z_RBRo?|*Gnvl=yvS*jp6cP~Z2ha7z6Dx?Iji9=BG4T+lN5QAT!XuALuZP<Pw?Ars4
z+mqr=kJyif4MWK9`O?A7jf^S~=+-H)wAynY)4k7}>arq%m$n6&00Z+MrUIa*aXh&i
z?y<aCR_nL1jcbKm^Le|qZKbNv!WeSywm3h%@^YqDXg(xL^f|Xn=*n|)0a{Qa_)l=O
zr#EwJwk+*KZX^Ufs-q6`+SF|r<_l6aVa_cZ*drBt<A7B8inLZ^4e5m_>+9$1zYW2s
z%^;c@ZN$&IzeU-Ufkyl+9mM>D*5~}eL6hj8*l0)l$sdQ=v_0>;R_dAlMV!naqhC$V
zaw1nbFsPN(6PkCiI6h;9Z|(E<tw0W-QVD#KhZ=n%*{AHGkQV{+wTB;d5OIHAXIkS~
z>D}&E6dm##675Ci3o^wo4=IXkwOyDkGAEScF57;|ut9nw>)w((<EYI$#5Ah4m#l_M
z7b@G<Q2ut~y&XQ^Mrd)!6zaqXtSo&fDAA{bL6KOwnsb$>v0~bHnxelgb36T*%Xd-U
zOsk-$n%7tBZ@Ymzwb}-|$^2~W=xKlFoMS3kU(+DDw8>tSC;3O;&)Z!fu%tTv67%^}
z%drONOiYR8ez*J%&30B+->`%smw00u&g?x$P=Xcxbq)%5Zo2l?){d)h^`|T^-WC{5
zWP@a7Qu4Q#G7f}2eGmr2UFsn9U@M*D#paBC?d>|du4|LeHwX`rt63;vdY%71!}4OT
zEWdW2;q4xh{#skT;`39FQ`_C1<6KYoNqmyME|4aRKga*1kA;ANR(_2@fA+W4r;$Y<
zm!gX#k4;Cw>?ZcU*ZG<UxUa@<Taoe1NZhVg<8q?yfN_d&;c>96)a-hJqKPAOL1E(h
z-yWp6L2?}F`jo+<3fGuqD!QlS4F3om_tJabQtKU1zwuB>g(ZBQ_5r?HnUCbs!h@rQ
zE;S>o`7pr5L4GlSYk4k-t#Az;(bVr8I1%U8gq5sXm0Wt7rJ)Ou|0W(~l5y2S{%N|q
z9Vqs#T~)yl{`toJrO1F{?Vi@H&kTE4Dh;|m;x0wGtY<thOk;q_M&fT<a3!91k7j(J
zlF?=*mlg3S`#Jx#RD9;02zf3x60T8N2WWRA#zR$%qjQ<f9-Aqi#a4{H0YM!=nAtqU
zz}e2raa`)?l9X3KEqs&79?e>3ol0rKB)QtmrF?CtYLOyl7*Tzfsa1X(pnipcbhEia
z;7I;lFYy&ooGX}s4tXgGTqlmdY!kf)qx%^KK1&3QyfuI`r-kfML>mOJqQIR}<SxE&
z^-~xomlj4dAle>}e?OWnFPNp666EYE+TC;6-{$s>#p4OaY@8A>RYd~{VH;k&RZOEH
zx2Mh^LOG2HmD_iBww~v_)F&DF*U)6^n1c4Bd^QdO3EYjhBCfCbu*YH2aVGE?P+nrr
zX=Is*8Zo$>AQ`7%8dxuSe8~2XOM-Co?GWsO_gsV)f|IMk#UC~ImgM8<O7bztHxSih
z+h~k3z|_BV_edcXVB@xf1somr7PCtuV{jOAE8XcxW{#!R4K=aMzW30sMen58(9v@I
z>unSAM+=zfrVyETZavT&QiCk2IIjdSQd+nUNat;%-TGy|a9uJz-)a7`CeNOC=x|8|
zpX~l+@=er0eA_}iY(<Xo>-pTS)_)Gzo;~CtR4E8BZQygIJnoCFw<85~ZBGq6hDz#_
zPjy=kaGsxEVY2PklNKYXZZyOQP&MX!>I;ZW9q4)Lj5E`tzf46@6(bpkQ;7}77V(BR
z^{W}UD5#Emx$YHvHC1rA-atuep6_f}+ia)kvJXkc^}pydTkUdkez?&Y4;~)*SJ$E$
zi29WOvK>B5{)}H726-%CHJ;fOP83Tzd}mHF&LmRDaVEw?5gV5+(wW1PudC`<%J;(6
zZ``It>LY4&&-u_%4sdt&2B%ExB71&BNh4aUlAoTo=Qul|25H=-9*C^UL{6?@81z3r
zdPmM|EbZkXVJ(!rMSE|X7wU@uJViIXS69R3NQXr8U{4-?#6cXBVZ#qD=k8UnGxVN0
zMF)AwoPX(`r)vHb2>Iry0gpzWh?ZJ}n)z*4_P0dsnKO3pp=m)9Fxhn4FGiPc+_clE
zc|=5!{YLqE?}8pS#3<}-jBO0!nIToOtz)BN7f&lx^C2=%spN4{iV3gr5!CATiOuTF
zddIYK8zm``#&ZMT5XWFu!lBHs4Zb3I&jMx<1_nsFO|Iv~QcvYvQKqMPvD!*Hvjo&E
zOm<C3`RTVE6MvB=OcwBfVPB&dc{I$bBM<|e)jz!K-JiK58UUaXdL7HDdbZ`oPBB0Z
zdR`kNg}P40C#IQ;fuB&UAb_3f_=Mek`0{U*s;;D`!#Nl)aXV!V0ey#TNa2aHhsa2%
zFQ725E7YwUzK5^oGbU*$3dOYJ;tJH=;}TKK+{DR<Grac1DN2)8Bvp)bu{FcuRayd8
z<)0v37zAE<A-cLT==(-yQ^-zvpjSSh%amDT{n_y}F+O_L|23g392V>LWGR(a9dB{;
zV0+Do6ydQO$bpi25NQ0Zq4WQGj2C+1J~o$8i!)bad=9Ftr6n2v3?cwPfNQ|*A@ENT
z;y<GbJ8@s|MXl6#p+;(ZZ$z>i79QhSSx!C1^S$C=7z^vldW+LFi<tzZOQTR<VsM-e
zgAoM(B?b5|i%fgH1!?dQz^l$i9dO)dDfYv0Gl}EGXz!J~J7E)NDD0GSUT3j?@Sk|2
zp>$(}=$EObT)i){xU<*nuNj=`w3{Bbs0p=~?usl-_urj16pu)jAfVvjS6iHXwaySo
zc441EBcIF@;o7?0%=N;hZTa<Ffx69Q%`@^+-qOqg0KR2N?}#!;Bj3!XO_vCtRPcYR
zw`UlRdugBDYh~W%zsk=Hj98+EKn$BKFasq%E#hyeZgUhB7wA+HSWRNXJs&`uj)CKO
z5aSW3{~2w+=8b#q&VF<3)CHNx_><#fS*8lqs=@5Wdv1HSY?Z%kkACHY=n)Mq4umfH
zKGoGGB__fHG!{BlRi&oni`&MouDKb+U1oZJWoGl_cMzO;+fYB(_Mt*3Ln455RGEGs
z=Np90g@meftM?o;jJazaA1?fi9Bl1@Wux~Xc7bBWQUgSI1R8skO5SD2zY(}0;E=7W
zvYgkvDcum$+luHB_bwqS<wf+Y)dMaN6kC9zBjq^Y(bQ0EQZbIH$Cd4JJ#r|$LZ_?u
zAxjoJn51pIM1O@wKGU%@fX~W72~M01BDElN`pX-#wnYy<xGeuy=?8j_TMnFQ8c7)4
zlji9U%}Nz>*|?><Y?1n;Z4UmG%*j=ylChOYy_ZRLiM%z&<E(mXEv56ZSagWYW9ot5
z`^|L)?g^sY7i6NSasKEb+9>}t7RslBSbh;ZW6R6<;7^cmn0&VxTNObgC(*t4?Hx%%
zIYPJ`o4vov$*!4Ke)P>SJF+yen7yX^MgwZ`TM%PD6BwcoBANHnUqoZpJX5$7_V?#U
z)G>l>`b|s3)TiF%F+Yj>i}>1uS4u}2&S|jz6%1ii8DEinuSCq0c)lpGKGW*-aSB%v
zZLQ~5uDEd+-MT<b^YMlZ<9QDD#HR^)K5jJ6H|AD*{1<(&J~_rUYg^y&Tl@VWppb>l
zs#?b{OlSM8AvxL<bg{~A^f-vHlp;U14-A{Ui`0L;Z#u}1Y?ka;E)Z<A7o3W0H^fwV
z^L38JMP;y8u&W1N*Ow$#6uWi>BtFH?!HM-O-e}cm?u<>vXbIvp@A-7`4L&ohhGaD@
zX@)dU5ADgw1Q3nBPj>R*oqu1ews6XH_synDbw#1`v4^%#?rD(|k@<e>UgS>~;r#h5
z<MheQCaw7{mU~HP&g{y9yBCKTI>a8db~MfJOG|aXr^*qFx}6)LRP)XJyI*z6-_NmA
z!W_$ge=lXLqw_xV)zyjSNW?@k(R!zUv-JpCIj%`}f1~V^lfH($L~ax0D?6Y31FK2)
z@3|h`+qv~gql=oUH~yX&iOE*ICv@h+2^<mq83=saI%jc*y)8V&fW=hIes93Zt$k%Z
z-0M3_-7a6*Ap3677-|MC`{N`{iOm&0GV3dtrW4?o`9yWQRU|1)<<%*QC6cp{@+qTv
z_Cz5vRmBo{50B!P#_23s5$X7~t24K;>nC0sI*wf@o=Rq1N1jVe=7fbcMgKiFveQ_@
z)7blM%z|)!J&1|aX~?lKhE)Rtfs?qslg>lyDaE`Z)8y(6IW*<Gy0KU;nZhkwevK(F
z{;K<JgV2&lPwnkb%N~8LZ>7h)2Hy$&Uipn8cHYC4FV+%-zNKWByR$*dHM(BAUbD$l
zR)SpJ<SAB8fuW$0mYXrQ@VwK~+nke3?~)b6N-@utA1OX`Yfpm<evu9RnClu*o|}x4
zPj;fJJK=zTOxaJ#2{-@iAt=M)R1~|XeC!l%_Ukuk=89&e!{vE1UALpimvknD>CL%^
zc(LyRJ}>=G$z3{>EfTrqM$PC?aa7nN0*V+D;(Y<{)w;sny7I+4o%<hr<8oN;YlTyt
z1_dqQgk9o*n<nj-mAbm?*D7O#(yLDMeiT*&%IA$R#7+ToOej(--2L3)c<#w(;vP&}
zeg1I*r^oZ_btiCwcO8!jEy5S8f+^WG_O;yZ{`lJBw-<epA@~Rt_To{()4qo<`jtd?
z*hi%d28f6!?&PH$<&?f*f=gKOG~Mssif_k3dphN|=X^$2Dy?67O_dv|W7tloFmav*
z)hSF4V(@0u_$Bt29J<6AuKU$^rQLMTo#(Z$D+WWh8tT@_g!k5%SG|pLx#5(L4<~n@
z(r?Qz{f<=vCGJN|S@mRBs*2^2H@k`F;dRsMc{*0Tx~MESbZ?*a*j|{E&&2FWoQ=Za
z`d+&lgl~>ypVrLT4ZdlFWT@KoS~^Y%cdoJF)rDqy584wWY*PzbX};5ok(W^kdds~u
z{BE$?8X(r3Tp3I98LIJIca=V23a`Uu%kgtSiBlZ+)`{*Zd=J1H7C*F|)Fy#V_cx>%
zOeWUscEy=w1e_A@e)OXhT>vpZ?eu=AojsxXvsc)7i;|z3p7~TUrBP$%54@=E?7Z`H
zCBcXI-^=P8H@26f(w|qozAt_Ti&7TU&Sjy%JqzbT=RL?B#H7yhvt8(&TFN5I_O_ma
z-1Xtd^{$80px)3WUC6`xNKfMfHdn19uJ_3MenDwNPvD4u@3hv)_!UgV6YN>06wzSB
z<<nTsg;2K=CH3zoP`4TBS#5*yF9OND5$Og~O=yJUVouf5{rg1aG2K%LziE|RxpS~K
z&w%L`&zHMf{On$t0*j}y$A61&u>AIYZK(_h+zz&x6YBO_hEGU^x27^iYre+W10@rn
zax2!2p(SN7@xGshB1IF*FU3Hn{2hH(j!*xKjBSmKzl<7hFXN+lG=ZSR1^5ija>Dn!
zm`$p_85*Z-89MER*18rSN`jFnd{(`&FRr$g<5>R5%W(d_O@-bN4U%-pW@WLqu-Sq|
zG~5#2F8{+p$WEdrL)$%0J>OPl_jr(u*=s7-ns{XlQX$Otv{=M?0VcxsbD<5l0X(pT
zHQ>q2LrP+t6Zdl8+}MEBSw;7VUYUYZnB6oQY*(IYFkbuZ4HvWfVVfTq<YCb1Gz@);
z!5QI82{cKC!|LCvcb9Gl&$F!MI*uu4Lf?;4#j={_0B%bhfQvRSy}V?=!XEy4!V25T
zQ6Jv+Hlnvu8yh&snVfOlsEfgWHqZ63>=ua4eIIiQXm^?#Q(N1U*jMYo1?(>e7`ory
z-x|#G|IsYGhxx#0ewJ`>@q(Y<9A#ME6t2?(L-`&fpXq_udFY18LMLUm*V=n|O&CSf
zVu$3*i97J;7pn&9UasbP*4T}W<;lI;O4}N8+8tb%-xvwlZ!i_gx_Ii~+>aim5Xiq6
z+8(e}Dc>Etyu6_EiFuD>dS@V0UZ7;-$~OL31@ER(G|A_|h5cIT@9P-$j@@0`^+6uR
zl8IvZS5qODSLS(=w8H(Vux0m%$&5Z&`orR?tM?b-%{;hBHd%w|=CnYgXl(NN<GHhY
zi_%>9x=mDa0=I3J>uQ4OwhsI5H<h-^%cQu=8qAsk#J2J?4{cY%v}#CL^giDbTIMPF
zdIf`wSyt&Tl0RO1%qaR^Th;#dLdEn;9XK-aCAV#uQI0OxcOXI0bZ-9N3t}_&{o=zK
z?hR^6r7-Q{CE>I8pPN#e52Npe>0iZ|$O}Q=OeTHxn>O<Mya?mht(&kmb+bl~2LJwv
zfi7kZthv+uy`22x{)-(XitaBv<6Xjz3QaMOZQC9y>kRKPKHWvtp4Zkz6VxTnE{s~+
zH+bNwru^hM^xH4V_UGZp9bs>RYE}XlH~8sOpU&oBKLi;$!Dh5r?NUd>kccV8+%oJX
z2G<${s^aOagF%b($?|HUQBNb5V?F+#PU61xL9dpK-$~OCu$VV(O6}v#dbPH2j><3f
z8cCl`F;LG<FT7VJr^LsPjho8QOgs+8?mfZU%EXVHa^WIOc5^mhSEmMYWp7e`|9<U`
zPh0Kx)y_>#hu!Y!y^htrE8AC-{Y@RSOAO#`*n$ZRb5<(<{&J^$rWR{>NeXee><{bO
zjg#%?C6M~qCieZjfRDFCdk2U6eOA()_B0)Lb{O_xVvurR(C;-%s5_}dG}%sh6V}#!
zsdi%g!mG6?4a~K=UPdhH_A36Xz;VTrHjUDbnuV+f{H&2lF}qP;sR9um*F9<~vj&Q_
zE!{&Ra@UdYC?78z!a3|{X)yc#vHa@{i_$_AhZ12Io-)W{seBU=R+KWRU@+W;qWFX^
zpM965n@4ADUKZj?@c~_^vX=icB;$*#S_An`<|-Z7w9;TLa<gZDtSi&i63#61oZ?{o
zbaH@6p8i8y1`8%Et}j``nr)y#>iTx~j9T~i6CRB=?SiEJY=n!u^6r?+?=7}Fg@a->
z^1II_wLv7eLZvG|-M?HV0<XHTyE)H-UFN}|7&8P+S;~0Ld<eJl%(!23<ITe}k|PSw
z%6@=(x*t`<&k3(e6v<K1;s8I+N*wyj+NYC8lT#^{aT-#td}Qb<Fy;PSftr*-cBu4j
zr3n_$;JDD)dD@wbJi}0V)`hfr2H6g*^0K@fxiUOzNNJE@=V5Mi{O1VDqZZU_WsiJn
z+>ZFCj5oPR=D%4xjTPqHTY~q}YweCj>@2=7q7Sm&=g(g&6G)D-^8cJswnI6&$?)uJ
z(NpQEvAfR$wAFl!ZIeeiBWd=Z$i;(Y{jDm66<6t<&F;?wBjnM!#O|c!{`-IVc##G}
zBaeTY5z@(9io*M)402pHQJtTUd|8oQ<8e9pnNhC+$|+vXxHm=1w1fkmcjjLTz|7|w
z1#a*B@|73Wl;QTz#vhbQ=Fm=x=D9Y%FTlbEirh!rlC!Ugpv?7nuH}T5T&glAPj8}#
z@)j()O=G}3QSS0Vi^MZp^2x%tLMFSnj%RZ}h-M#K$_-iX=;=dgV?DON9g)o%X=N^0
z4MpCT6PgYQY3e!)xqCF1mV8!Oa}<TH^}1L|i3tln@>1{cSTdw|lMz<#6f>4n6iT7W
z;}WH?9#CwUUh)d6-o%>09(RqQQ>GBzYWwOzRhD_$I~LB2f`MCD{J4u+c#SgUxOjKr
zaPiAx&-69XR;Dpl5u8%<i@H`kV>sgR2KLzHR;1Tm=)4$v>@o-HMMhJkLrBvKx2q}4
zQcjMEr_+MhSmso*ruH;!S}J-_<C{-m)#YT(pQ<OrtAPfa7e-8GPnlwH&L#=kaUb>G
zUI(EOmanVaj47)|u4<g1dRg+VChOQq+qrKq%4(gssgwk_LYZu6AYa7`++jDR?lTSy
z*A7DWrteiN50vSo*yhzEqB0BPug+EVPSp-R_56q)xL0|X(Iz>q!#q*nk7uI_%@FTp
zN+Xx`^T=x~KjML#G90Jxe|ht2$;Oc_XNYwC@w}IwtPGq>Tlf3n`jetL?)^F(n%bym
zN6xRi?%fd%tF=vy$vxFw>zLYS8^%@?S_M&=OLT~mh%ci<$KFo0eNBapDM+bS&W!i~
z$H|3l!reZ;$j#frx{lpsS7)Fko{#!q-Mjd}Z%jn5;^#0<;0)i~Cn>f5s^xbCYWHkw
zCCz`stETlf)f)C2<7!MF_7%d5pNe_~AFno#NcO_`iDWjxE{lr}T?@3~jkVUXS-Dh}
zS2}L|F{{-pOq(?>6YDo+p8mGBA%RC2r&UxX@>q!N*dR~lvLrKh*YBH?OpCSA*oD1P
z7;(q~T0A##ckN?YOds?~_Ch+uFVf4+B%S;=j3n>*T^;!9MgP&Qxs8NFHJ|0Qu`P+f
zM9jWwbf0JO{n92e=kM;qPLh8jWh;B<YtDmYKgu!3;U>y&wVoR%C68T{pKWd^XvJe5
znCza<S=)SOVCkau;Rm+>_YC4<cI(1|`r_c|`w^Vk;I*OEv((*fJzU3@9vLO`WGl}3
zkD@<B#3AMb%^!K_SZemSS5FApRb9O6etoh--AV6YC40P95;Rtl=reF*jC<VAe4B7;
zS@2ZXy}is)EM1uZS=mm`H`h`07=@Rppm!KGv#W?Ma;#wd?e7`s`cYl(xP7%mn7@*!
zadL{qH(1X3+5B~ebr@0DX>4b`Cw)Tii&+u*5^3wu<PhZ`Joh-y?Pa&pMKS+EhVZDW
zX~a#bY)raz6L-%wv50a6MC<Y+MBr^^^@eVm#iX|Sn(@zHZ&Y6UalS-v{_)V=?s~WP
z!&w4zUu`bRz61n2gT;M=$jrgGg`O$*r3)YBS~k|AcEZ0dqBrDP#@=i-y%)rN7!&u;
zt8i^4MvlE<5(#L#eX;I{@$JD|)eLA|NBZvfYvFY_e%dtiHSYvmBedqLQuACkH7e}x
zx&?hAd2dN)v}SoR???9&gsy1b4|lCRYC~8XZ?iIz+=wP{n~Bv|>;uZt<B0LF%7NoX
zIYK+$8lcFu_S`d6`3_BV;XREzOSN{%X`^@i3x9MQ%QSiwaKW?Wyc;L<dn}fS&WzN&
z@VeAp=J27JM0d&xVuNZ^K+#418dTDhhkvhDPSz7)(OQE|?+itws|aWPJSGJa<2I!r
zn>;F+_*P_)Evkl&?tEp{{bMfSCWy?KmrwYYJrFZFbKLG*!TI{kKK>+UAL3U(mh7_h
zxsB-i1{<V^b&_xY9@qsMKZz!vkDX4cS4%d(2+ETqcb;UtEzaA#ktZ<hIx&*)+Fn*d
z=cZIo?UF?1PiuMgkuBXg<o4xb(<PAd?7nY8wdl=HGi^3TNnDXr^ObV3=3hU%-08Yg
z&!AKi;)1Rj#3-muWs9%vkX|`~n@v&ma~GBjDG$m1D8zaiE8X3=o$L49ySvdmA$eeY
z7hR}ZAvgNc`&8Rl88&b9mSe!@0f9=J!~xHmUfYL-&Z<#MG-mHshXp9py*qu!exEO<
ztM1O}dH3p<5JBaPnV$;-b2DRw3@yJPjglH0yhWY*Rx7e^8h3Dp2@jaqRZVH)`tOsi
zpLCepq`L<^YXNX?5=Qa5HPXRbh9;I(UtQD2{{*er3vwJ*IA?l~i(g)7Y5@{E$SU78
zS<JF?{Y>{$tiIaWvN+a&sGmkCHjk|NGBAegQIL)JbY+w~B9u%=D2zB?2vLh}tYbp{
zuqg<^f<Z*6!vi%l@Ky{>%l!GWAZ!o@cH?hrO6mlT$|lJ?i*YW%^bT>Ilpz25H3gJT
zn4){}%G5ddai>PR^~R0mFZ3kf1^@vC<Lbq7$zPrf1&Fw?0OFMLaHt^Uqm)K7<@dW6
zC5l))8G`VSKVqp=Z0KanIzAap#-NX3D~N#c3XFq;>HlFiEIbY@Zi^W9ULBwOPwR>y
zW$XH$(jYr_`o~X0?%(DY_`+S%PaOMZn}-kZJF}N}Wom!0=ve#>vACTHn2v$_$dFdm
zOzyyaniON5^!+O2`?`Vi`)M!sDPvJs*0SW06)VER{LAwIlis=%UC*MziqG9(_bN30
zZghHIbb0jZYAsEQw^#AD^qX9&X8W>E%W#&u_Vcm3ZCW415_*7L#1nI*B>9e_*p@Qp
zz#Ed~47P3LX-s25Yh33{a5c!RocxZYrzVjBhQ|r31H<FQoi{}`uU$`N-I+EiK)xQz
zVS3!u>C%;;rM`DhH&GB*E|8I*(^N5vdam;LwwkA)O=5Kd-UOLu&a4yu5Y*jF9myH2
zS8K--qm>acK`l#N5MkT?ep4qY`gDAWEV$&qzq@p3ME|<V`n8gX4e6#A7M-(Q=LE<?
zL{g-$LE-v0gf%~jMABvyMx_9I<NVdK;SvZj9v3E_lyS^OyWKC)_EweS=Ob?B?vbu(
zS}@Bw#V0!R22(CFwZ}qsvZ0H4Hol9Q>m8Ou^8>6c9^U81KgP8d2zK4W#<8{7G8l-D
zlz^M=?yWP24$e;>6j-M*16rQ!t#GQN{G_+Hk++$=5Eey{8ReSE5^Udz!PLjT&zQ3m
zvYDW_DCFcKYB~Dge&$zUr|GJ@7<<u+bJ+rsG?z=6nxo)1neLd=Y=3z9*j5gb^;%#!
zH_4G-6R|LSXAzhgpZ~qbo%tyS(Z10UYeAJhKR#>6c(NSjjO0tJ2*(scpBT*ABe`S|
zQ)#h2mlr3M82qw6TieDltFpBhp}t{UDR3st!vapc*K|@uD<|iXRWS$}Bm+Bocyv3f
zj~BR);6HfI!Ixo|*=@-&@iV2xFEYIEb~Ar$Y#{nC!<6AO<5Xdw(Zf%fk6+ObWJA4S
zPF^{r2B@;}zrLwgac4bxZcFie*_zF3ux~90Z>t9!hiB$lF1PB?_h&7~R^HXzQYmZ*
zHpogWa9dYS7=85L>nxXb;x;r8u@djf+$^pl##08FLBwfU26vuFv`vo6XuZU|{CX)5
zn)Cc>D$>hv{I=RUZ&^!fqfC))-z9fAL#$Yf&1)$8IavC1GSBVpYrQO184ifNVadh3
zL8T%YiK@%5AL8x)>nyRboNzEO&+TMUKs67aMNf#bOU=baVRbCeI~?57`u1(2(U?4B
zMXVQ1#is%7RTEKNtWR-d*E^9@jv^x^pN)BQy1%qeD0#T2^O$w11x908$!E7dd#k4k
zEWXSB!Sdtc6PH`Z)0up;x+?$6#6FGf<5c-b<GLb9w)-*Vv2z51;7if89s2g?;7&(?
znaQTO>Yd03mmlUM+dT`<LjtGqe~fkTqzSc@t@_~rD-(IeRa=6S`fthlAC>vHM?<Wa
z7Pig`VxWI&iT_d1hbQ%aT+UxU!~ZDM-%}7P#n%TOPu}XuXniaDb*$ANd$FqbpB~%q
zZ?0bE_2l!jv}}aP`tOu~_)#C|wy$hQ0(Ve06lf!>amx@GR%SLZ#H>kN)4v-ZsrH@+
z4VS(9bX~Sgx1wiZPrxg)rrAX<`@h!v4i&a;zkYG=v$=3=kVOeYI`P2mAX*#?ZBnkA
z;%xjHKn#`L)@?<cIU?Q4)-2L8sS?T7xKZJ2@Go_>j^6$jw^!puMYu%3LrwkH!^XTP
zbZggr#xUqrSz#z?6qI#7*|#*IT_g1Bvv}IOM#%Kmmmy!TFr%o;h<Lc%!pkhXWObz+
zNqDRirmP*{3A|)wRw|%ORRj_Kdcgpm?s*|H54yUll@1}N7BtVB(6eM3PUx1jJ+0D!
zqQhmywb_1-p$0DA6!)tKcEu3xi5SPH)-NJ$??h{tNT2QMD()4NtMKAakuq}3d%JL<
zy0T4f4r23HiAy@h#Y6`6$5G51rCyj|Ns$^mu`Gy(_;w4D%{G9@z{?25k~-Jo+D_#b
zmqrc$FFA!;TIspVwTqI_nOYi}k9Ix$+{)r^ci<eJqJ5HFQzeM<R^WaLkkJ&eW}vVk
z3b%5m*;fZk`bl!MMd*G!%RJU)w}37zXF-3OC{LtRq(|9KEj30xNfk}HGM5?O=&$UF
zxOTbH=V%vf_2ml_;}c%%T$)Xjr^#=*jW5`mCMh{IHmln$yF5Pg5(zB%-=2A1oOKu{
zI3dk~!=8L24Zbw43h+E;lv5OBgDn$^vw@MXKq{kdqZX~P@bv_R?j&uJG4Dp^_P}kc
z8AKOXX?jFO0VK5sKXPr=8?mWIh)uZBV8?dHDNXNMwwns?wn%Wor)~U_!?cYQxrF*M
zo*!p0O;0uH!(+OXNBg|GvE@47N_s{garI3PY}IPfYn$~-diAS0xW=ma`2}RcQ@w;+
z72^ZBW2&m+))mQR3ceYV-@?Lb+KR|MRA#NXaR%Y?vLP1@*pR+Yt(!Y<b$HeN&@z~9
zc}JCRlUK5N?|l-pSol-~jw9UZ$%}->zp%17@k!7>mY~XsL$HGtYuqdQL4t$foo9Rb
z<xPqV-I2<1ij2beO<ee@?PdhVTMVhtE>k;Hl}C@Lu+zKCvW{hH<~I6>l=-nqh)PYP
zBCFHxRsP6xs#~=~V0vTm`xEN{sdG)RJAyb8ncQ@qG}V>bxwQ64M0{X$(1^hZiLW&u
zLb~$p_QGex`1UiC8b%{wJi2k9W|`$j%?+7pzx8J_@rG8peW$W6$~troa5g`KrPvBo
z)xXq64u>`%SZ}JI^^n2bkFR*T-WG1nb5_EzX7b{)f95Ci&|dFm#Cx8Lo$9Mq&suMZ
z&HD|jx#d#a?$O=O%DKyJz}!u<+TN}abeQz<98)wf;)iFwQXVPx&HKSBwBROWgIdgF
z;)vucvJ9VDk}W4I_{N-ZyUQFIUNZ9OmS<S_W+G)7FOlxEfSn<itzhA5(C}#z?Mp69
z79u=SnWl0~hoco;Vw<X3DLj|%K^-%EMXZwbtKo;}WAKE+@5M6YnvzbpVpOE7JuPoG
zckB46UE1oPaGhoucSeke?cI?uFSgZV|2lB;YXhD6)NboluSM7T*UbuU9)SY@oxKR_
z_k^Xn{uXvrOc(lc{v>eb-u%}6mD}{6#)nf3%6La&?p*y*1GQWhgraIMZ^qD<sWB9{
z)~rBq#yQa*;k$`x;&|%7s;6a>R%}KhJ-2X@+-A7(%V0a5>8P-r8bh|iPy{_G#bv4x
zL~52_wEN9Slghc~nj3vPGj#q^Jp$zD1<NnDCDySc4sAoL>eKm*>dSEy(lr;oys<0o
zs-n1l6}nreJ$rm_<yki-F8`nItu&~qD+)g?5ky;zTEsvHHP$7VSYSXzP(&6>6#@hz
zfq+VbvL_%?A{IzzKp=?9U@1@}p+I~I1dx;ninsu>iBUre0>&U1!Y+;AhP^SCL8a4~
z{_Okl<}G*LIrpA3=biI?_gI+J<OE641vumK*fYf|PF<uA_~uL*HLNUAhV)oGcTM9q
z5wLyu6DGdQ{im9H_a_JLW#;a9i5KQh5wMe48z0O~Hi8E_Wm-qH#nt*=wMoh0_hdT?
zJ6?J!Y6#t2pSzgosgcmCqVYBt!Z?Z6r`L_(i($F!y4i}h$lqy|$?vVl!jtO*y+`af
zm$vVgP{~bwxPlhp)-D*C*|YDf9vij^Zj2VZEKS-R<V|XwGCOja$J=|eA(1f@`siq3
zP-BMZ&%>?xxFEc4UakGWS^vhK-lB}D$8KxW(Lt*<*K@89mzAC!)Ue_O?z#WQ?IiP}
z!1!jjalknpUhpl`iTItY?8Ih;Aoz!yua3r?yS%e1eRI=r-bVrIzE5X65_WN(x+ZK1
zTdH!oiM~~F1Sgk=b@qcB&_%y#@cicf)+IKqm!grUO%FjBu7g9QY&(uaG{9&lW^?96
z+G72N1VkA|U$_Ygi+=qSsa(L*UiG!~*$2pOj<$HL`%PC_1@$g{CQex#20H#v0#7N!
zsAz|wxj=5HIl*wo@Bv5xEDS$|y#Y2DTAi;qyvvToF`#T4zfgOos(Yp+Fp8Fz5&3#z
zX(rZI;CYe8lp2&Cy2=S4anJh_Vk9-k(w%6X{&0;%Ax6Aioo>a`wKlp+-#Yq}_sV#W
z$7~HB-?@l5HwRzh12c$$qRS5u{caMjl%DJY7vxJ$@tx~s&oRPYv#<e%xkBJNj_E%{
zY{-%=f@vuou~!0Jw&-x_RZW*HQDCjPH$G+_h}&2sguT0?7e$hz6B}J=ZYw~Sx122$
zOEQtcWY0%(Icwi%=kJXc3>f4@a*lT*(gS)^=z*cFj{0z7+F<`gdV|U?RM&+#{@lDt
zpumqvvv;*9HLoB&u@&Xot{3(QmW<YTd)=Ti4bXctBm7aW%c9d6iDD8K=Aok6Q!y5V
zr-%GajFVnTbrA<Wgqs%pESZ}Yk-|B;6xX;??jM_HvWUhWKDuV^xTx*6yiK>@h8S^h
zWQ3<F2<m)Ao+F+T(h}Ht|BRkhb&WJMnFKrZ6thVDm;*$ZXP)=uAM9LWN#O5RE}pam
z)$TlQfP}|Xn?MRbQB0k$&9eyV5_2ANswuDe%)w__zQv3U(O*xOZ*<>3c+T|6ylb(J
zaA7G61u;{XQ)50T{gsJ|X>|LHzlg3hjQJ5zXN1Aqs5oR7A_^%Gu~ByZ*wN~p%A_K4
zAMLQ{n*1T<^TLWo+NJ5pj-WAPvLT=Cq$6vV%YMmSJg>V*=z9ci97d(KQ?YjWX(2ma
z;dB*K>&fcs^a!n#`+iXeGi{4dk`o3Z2Q<W$RxB~rY@)a{Ofnfp1zurs5#4Nvmx6PO
zov4@eUu)h$t%ny+n%yRDe-phH5Nh0+iExA~g}l*MGlZy!^5dL7z$Io{-xw{B>2L2m
z50hWtQJ(I^H8%FKD-<47e@X}u9&UT#VZ~S#O<uycPAb#{P1(?aFF|=Pc#a>b%#93p
zE+cWNTt-KATL{O~6dO>ZlNWADkKHy2>$yKG?zm3&xsxFZ4zacs__e2j?Kx0<DF`Bb
zkE9?(msVj)#mp5+LWdGl^UQ{G=VV`BSV=@03HILt7j{$+*9J-L%_6<{9w)+`M|#%8
z#g>q%-=!bl03rnh9ZLf|DR8L*<U6IvXfQ!_K@CCq!Lz*Q-y_wG>U;6(as;$~-!+>>
zD!{;M2f(wb3l9jgk!XqK>S_bLlA{0vs&+(h_iw_;mW0WuB0xz45%FKB=9`+R(izHH
zhtKzWr#?h<$hQH)R8LEpHVJ_81%n}<)d>rM9MDb+2~8Fv0E)5*Tv90-+JMIes|QJ&
zwN?VPKwmLbmx)yGN&!NQ(Et6zL*KKqx7JR}QfE&?a{h8`d~fcCcZxvYtO1)<REMKl
jGl;tWfAHW%lgo@@F6()AIqqnyYIfh+JKL4o9%TFl|C+}~

diff --git a/test/integration/connect/envoy/docs/windows-testing-architecture.md b/test/integration/connect/envoy/docs/windows-testing-architecture.md
deleted file mode 100644
index 73a29e4f17bf..000000000000
--- a/test/integration/connect/envoy/docs/windows-testing-architecture.md
+++ /dev/null
@@ -1,106 +0,0 @@
-# Windows Testing Architecture
-
-## Index
-
-- [About](#about)
-- [Testing Architectures](#testing-architectures)
-  - [Linux Test Architecture](#linux-test-architecture)
-  - [Replicating the Linux Test Architecture on Windows](#replicating-the-linux-test-architecture-on-windows)
-  - [Single Container Test Architecture](#single-container-test-architecture)
-    - [Docker Image Components](#docker-image-components)
-      - Main Components:
-        - [Bats](#bats)
-        - [Fortio](#fortio)
-        - [Jaegertracing](#jaegertracing)
-        - [Openzipkin](#openzipkin)
-        - [Socat](#socat)
-      - Additional tools:
-        - [Git Bash](#git-bash)
-        - [JQ](#jq)
-        - [Netcat](#netcat)
-        - [Openssl](#openssl)
-
-## About
-
-The purpose of this document is not only to explain why the testing architecture is different on Windows but also to describe how the Single Container test architecture is composed.
-
-## Testing Architectures
-
-### Linux Test Architecture
-
-On Linux, tests take advantage of the Host network feature (only available for Linux containers). This means that every container within the network shares the host’s networking namespace. The network stack for every container that uses this network mode won’t be isolated from the Docker host and won’t get their own IP address.  
-
-![linux-architecture](./img/linux-arch.png)
-
-Every time a test is run, a directory called workdir is created, here all the required files to run the tests are copied. Then this same directory is mounted as a **named volume**, a container with a Kubernetes pause image tagged as *envoy_workdir_1* is run to keep the volume accessible as other containers start while running the tests. Linux containers allow file system operations on runtime unlike Windows containers.  
-
-### Replicating the Linux Test Architecture on Windows
-
-As we previously mentioned, on Windows there is no Host networking feature, so we went with NAT network instead. The main consequences of this is that now each container has their own networking stack (IP address) separated from each other, they can communicate among themselves using Docker's DNS feature (using the containers name) but no longer through localhost.  
-Another problem we are facing while sticking to this architecture, is that configuration files assume that every service (services run by fortio and Envoy's sidecar proxy service) are running in localhost. Though we had some partial success on modifying those files on runtime still we are finding issues related to this.
-Test's assertions are composed of either function calls or curl executions, we managed this by mapping those calls to the corresponding container name.
-
-![windows-linux-architecture](./img/windows-linux-arch.png)
-
-Above, the failing connections are depicted. We kept the same architecture as on Linux and worked around trying to solve those connectivity issues.  
-Finally, after serveral tries, it was decided that instead of replicating the Linux architecture on Windows, it was more straightforward just to have a single container with all the required components to run the tests. This **single container** test architecture is the approach that works best on Windows.
-
-## Single Container Test Architecture
-
-As mentioned above, the single container approach, means building a Windows Docker image not only with Consul and Envoy, but also with all the tools required to execute the existing Envoy integration tests.  
-
-![windows-linux-singlecontainer](./img/windows-singlecontainer.png)
-
-Below you can find a list and a brief description of those components.  
-
-### Docker Image Components
-
-The Docker image used for the Consul - Envoy integration tests has several components needed to run those tests.
-
-- Main Components:
-  - [Bats](#bats)
-  - [Fortio](#fortio)
-  - [Jaegertracing](#jaegertracing)
-  - [Openzipkin](#openzipkin)
-  - [Socat](#socat)
-- Additional tools:
-  - [Git Bash](#git-bash)
-  - [JQ](#jq)
-  - [Netcat](#netcat)
-  - [Openssl](#openssl)
-
-#### Bats
-
-BATS stands for Bash Automated Testing System and is the one in charge of executing the tests.
-
-#### Fortio
-
-Fortio is a microservices (http, grpc) load testing library, command line tool, advanced echo server, and web UI. It is used to run the services registered into Consul during the integration tests.
-
-#### Jaegertracing
-
-Jaeger is open source software for tracing transactions between distributed services. It's used for monitoring and troubleshooting complex microservices environments. It is used along with Openzipkin in some test cases.
-
-#### Openzipkin
-
-Zipkin is also a tracing software.
-
-#### Socat
-
-Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them. On this integration tests it is used to redirect Envoy's stats. There is no official Windows version. We are using this unofficial release available [here](https://github.com/tech128/socat-1.7.3.0-windows).
-
-#### Git Bash
-
-This tool is only used in Windows tests, it was added to the Docker image to be able to use some Linux commands during test execution.  
-
-#### JQ
-
-Jq is a lightweight and flexible command-line JSON processor. It is used in several tests to modify and filter JSON outputs.
-
-#### Netcat
-
-Netcat is a simple program that reads and writes data across networks, much the same way that cat reads and writes data to files.
-
-#### Openssl
-
-Open SSL is an all-around cryptography library that offers open-source application of the TLS protocol. It is used to verify that the correct tls certificates are being provisioned during tests.
diff --git a/test/integration/connect/envoy/down.sh b/test/integration/connect/envoy/down.sh
index 28b159358d1e..d9b27bd4aedb 100755
--- a/test/integration/connect/envoy/down.sh
+++ b/test/integration/connect/envoy/down.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -euo pipefail
diff --git a/test/integration/connect/envoy/helpers.bash b/test/integration/connect/envoy/helpers.bash
index 01e59b6c2846..009c88cd90d8 100755
--- a/test/integration/connect/envoy/helpers.bash
+++ b/test/integration/connect/envoy/helpers.bash
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 # retry based on
@@ -210,7 +210,7 @@ function assert_envoy_expose_checks_listener_count {
   RANGES=$(echo "$BODY" | jq '.active_state.listener.filter_chains[0].filter_chain_match.source_prefix_ranges | length')
   echo "RANGES = $RANGES (expect 3)"
   # note: if IPv6 is not supported in the kernel per
-  # agent/xds/platform:SupportsIPv6() then this will only be 2
+  # agent/xds:kernelSupportsIPv6() then this will only be 2
   [ "${RANGES:-0}" -eq 3 ]
 
   HCM=$(echo "$BODY" | jq '.active_state.listener.filter_chains[0].filters[0]')
diff --git a/test/integration/connect/envoy/helpers.windows.bash b/test/integration/connect/envoy/helpers.windows.bash
deleted file mode 100644
index 5b6969ca8557..000000000000
--- a/test/integration/connect/envoy/helpers.windows.bash
+++ /dev/null
@@ -1,1195 +0,0 @@
-#!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-
-CONSUL_HOSTNAME=""
-MOD_ARG=""
-
-function split_hostport {
-  local HOSTPORT="$@"
-
-  if [[ $HOSTPORT == *":"* ]]; then
-    MOD_ARG=$( <<< $HOSTPORT  sed 's/:/ /' )
-  fi
-}
-
-function get_consul_hostname {
-  local DC=${1:-primary}
-
-  [[ $XDS_TARGET = "client" ]] && CONSUL_HOSTNAME="consul-$DC-client" || CONSUL_HOSTNAME="consul-$DC"
-}
-
-# retry based on
-# https://github.com/fernandoacorreia/azure-docker-registry/blob/master/tools/scripts/create-registry-server
-# under MIT license.
-function retry {
-  local n=1
-  local max=$1
-  shift
-  local delay=$1
-  shift
-
-  local errtrace=0
-  if grep -q "errtrace" <<<"$SHELLOPTS"
-  then
-    errtrace=1
-    set +E
-  fi
-
-  if [[ $1 == "curl" ]]; then
-    set -- "${@}" -m 10
-  elif [[ $1 == "nc" ]]
-  then
-    split_hostport $3
-    set -- "${@:1:2}" $MOD_ARG "${@:4}"
-  fi
-
-  # This if block, was added to check if curl is being executed directly on a test, 
-  # if so, we replace the url parameter with the correct one.
-
-  for ((i=1;i<=$max;i++))
-  do
-    if "$@"
-    then
-      if test $errtrace -eq 1
-      then
-        set -E
-      fi
-      return 0
-    else
-      echo "Command failed. Attempt $i/$max:"
-      sleep $delay
-    fi
-  done
-
-  if test $errtrace -eq 1; then
-    set -E
-  fi
-  return 1
-}
-
-function retry_default {
-  local DEFAULT_TOTAL_RETRIES=5
-  set +E
-  ret=0
-  retry $DEFAULT_TOTAL_RETRIES 1 "$@" || ret=1
-  set -E
-  return $ret
-}
-
-function retry_long {
-  retry 30 1 "$@"
-}
-
-function is_set {
-   # Arguments:
-   #   $1 - string value to check its truthiness
-   #
-   # Return:
-   #   0 - is truthy (backwards I know but allows syntax like `if is_set <var>` to work)
-   #   1 - is not truthy
-
-   local val=$(tr '[:upper:]' '[:lower:]' <<<"$1")
-   case $val in
-      1 | t | true | y | yes)
-         return 0
-         ;;
-      *)
-         return 1
-         ;;
-   esac
-}
-
-function get_cert {
-  local HOSTPORT=$1
-  local SERVER_NAME=$2
-  local CA_FILE=$3
-  local SNI_FLAG=""
-  if [ -n "$SERVER_NAME" ]; then
-    SNI_FLAG="-servername $SERVER_NAME"
-  fi
-  CERT=$(openssl s_client -connect $HOSTPORT $SNI_FLAG -showcerts </dev/null)
-  openssl x509 -noout -text <<<"$CERT"
-}
-
-function assert_proxy_presents_cert_uri {
-  local HOSTPORT=$1
-  local SERVICENAME=$2
-  local DC=${3:-primary}
-  local NS=${4:-default}
-  local PARTITION=${5:default}
-
-  CERT=$(retry_default get_cert $HOSTPORT)
-
-  echo "WANT SERVICE: ${PARTITION}/${NS}/${SERVICENAME}"
-  echo "GOT CERT:"
-  echo "$CERT"
-
-  if [[ -z $PARTITION ]] || [[ $PARTITION = "default" ]]; then
-    echo "$CERT" | grep -Eo "URI:spiffe://([a-zA-Z0-9-]+).consul/ns/${NS}/dc/${DC}/svc/$SERVICENAME"
-  else
-    echo "$CERT" | grep -Eo "URI:spiffe://([a-zA-Z0-9-]+).consul/ap/${PARTITION}/ns/${NS}/dc/${DC}/svc/$SERVICENAME"
-  fi
-}
-
-function assert_dnssan_in_cert {
-  local HOSTPORT=$1
-  local DNSSAN=$2
-  local SERVER_NAME=${3:-$DNSSAN}
-
-  CERT=$(retry_default get_cert $HOSTPORT $SERVER_NAME)
-
-  echo "WANT DNSSAN: ${DNSSAN} (SNI: ${SERVER_NAME})"
-  echo "GOT CERT:"
-  echo "$CERT"
-
-  echo "$CERT" | grep -Eo "DNS:${DNSSAN}"
-}
-
-function assert_cert_signed_by_ca {
-  local CA_FILE=$1
-  local HOSTPORT=$2
-  local DNSSAN=$3
-  local SERVER_NAME=${4:-$DNSSAN}
-  local SNI_FLAG=""
-  if [ -n "$SERVER_NAME" ]; then
-    SNI_FLAG="-servername $SERVER_NAME"
-  fi
-
-  # Fix in the CA_FILE parameter: for Windows environments, the root path starts with "/c"
-  CERT=$(openssl s_client -connect $HOSTPORT $SNI_FLAG -CAfile "/c/$CA_FILE" -showcerts </dev/null)
-
-  echo "GOT CERT:"
-  echo "$CERT"
-
-  echo "$CERT" | grep 'Verify return code: 0 (ok)'
-}
-
-function assert_cert_has_cn {
-  local HOSTPORT=$1
-  local CN=$2
-  local SERVER_NAME=${3:-$CN}
-
-  CERT=$(openssl s_client -connect $HOSTPORT -servername $SERVER_NAME -showcerts </dev/null 2>/dev/null)
-
-  echo "WANT CN: ${CN} (SNI: ${SERVER_NAME})"
-  echo "GOT CERT:"
-  echo "$CERT"
-
-  echo "$CERT" | grep "CN = ${CN}"
-}
-
-function get_upstream_endpoint {
-  local HOSTPORT=$1
-  local CLUSTER_NAME=$2
-  run curl -s -f "http://${HOSTPORT}/clusters?format=json"
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output "
-.cluster_statuses[]
-| select(.name|startswith(\"${CLUSTER_NAME}\"))"
-}
-
-function assert_upstream_missing_once {
-  local HOSTPORT=$1
-  local CLUSTER_NAME=$2
-
-  run get_upstream_endpoint $HOSTPORT $CLUSTER_NAME
-  [ "$status" -eq 0 ]
-  echo "$output"
-  [ "" == "$output" ]
-}
-
-function assert_upstream_missing {
-  local HOSTPORT=$1
-  local CLUSTER_NAME=$2
-  run retry_long assert_upstream_missing_once $HOSTPORT $CLUSTER_NAME
-  echo "OUTPUT: $output $status"
-
-  [ "$status" -eq 0 ]
-}
-
-function assert_envoy_version {
-  local ADMINPORT=$1
-  run retry_default curl -f -s localhost:$ADMINPORT/server_info
-  [ "$status" -eq 0 ]
-  # Envoy 1.8.0 returns a plain text line like
-  # envoy 5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/DEBUG live 3 3 0
-  # Later versions return JSON.
-  if (echo $output | grep '^envoy'); then
-    VERSION=$(echo $output | cut -d ' ' -f 2)
-  else
-    VERSION=$(echo $output | jq -r '.version')
-  fi
-  echo "Status=$status"
-  echo "Output=$output"
-  echo "---"
-  echo "Got version=$VERSION"
-  echo "Want version=$ENVOY_VERSION"
-
-  # 1.20.2, 1.19.3 and 1.18.6 are special snowflakes in that the version for
-  # the release is reported with a '-dev' suffix (eg 1.20.2-dev).
-  if [ "$ENVOY_VERSION" = "1.20.2" ]; then
-    ENVOY_VERSION="1.20.2-dev"
-  elif [ "$ENVOY_VERSION" = "1.19.3" ]; then
-    ENVOY_VERSION="1.19.3-dev"
-  elif [ "$ENVOY_VERSION" = "1.18.6" ]; then
-    ENVOY_VERSION="1.18.6-dev"
-  fi
-
-  echo $VERSION | grep "/$ENVOY_VERSION/"
-}
-
-function assert_envoy_expose_checks_listener_count {
-  local HOSTPORT=$1
-  local EXPECT_PATH=$2
-
-  # scrape this once
-  BODY=$(get_envoy_expose_checks_listener_once $HOSTPORT)
-  echo "BODY = $BODY"
-
-  CHAINS=$(echo "$BODY" | jq '.active_state.listener.filter_chains | length')
-  echo "CHAINS = $CHAINS (expect 1)"
-  [ "${CHAINS:-0}" -eq 1 ]
-
-  RANGES=$(echo "$BODY" | jq '.active_state.listener.filter_chains[0].filter_chain_match.source_prefix_ranges | length')
-  echo "RANGES = $RANGES (expect 3)"
-  # note: if IPv6 is not supported in the kernel per
-  # agent/xds/platform:SupportsIPv6() then this will only be 2
-  [ "${RANGES:-0}" -eq 3 ]
-
-  HCM=$(echo "$BODY" | jq '.active_state.listener.filter_chains[0].filters[0]')
-  HCM_NAME=$(echo "$HCM" | jq -r '.name')
-  HCM_PATH=$(echo "$HCM" | jq -r '.typed_config.route_config.virtual_hosts[0].routes[0].match.path')
-  echo "HCM = $HCM"
-  [ "${HCM_NAME:-}" == "envoy.filters.network.http_connection_manager" ]
-  [ "${HCM_PATH:-}" == "${EXPECT_PATH}" ]
-}
-
-function get_envoy_expose_checks_listener_once {
-  local HOSTPORT=$1
-  run curl -m 5 -s -f $HOSTPORT/config_dump
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output '.configs[] | select(.["@type"] == "type.googleapis.com/envoy.admin.v3.ListenersConfigDump") | .dynamic_listeners[] | select(.name | startswith("exposed_path_"))'
-}
-
-function get_envoy_public_listener_once {
-  local HOSTPORT=$1
-  run curl -s -f $HOSTPORT/config_dump
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output '.configs[] | select(.["@type"] == "type.googleapis.com/envoy.admin.v3.ListenersConfigDump") | .dynamic_listeners[] | select(.name | startswith("public_listener:"))'
-}
-
-function assert_envoy_http_rbac_policy_count {
-  local HOSTPORT=$1
-  local EXPECT_COUNT=$2
-
-  GOT_COUNT=$(get_envoy_http_rbac_once $HOSTPORT | jq '.rules.policies | length')
-  echo "GOT_COUNT = $GOT_COUNT"
-  [ "${GOT_COUNT:-0}" -eq $EXPECT_COUNT ]
-}
-
-function get_envoy_http_rbac_once {
-  local HOSTPORT=$1
-  run curl -m 5 -s -f $HOSTPORT/config_dump
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output '.configs[2].dynamic_listeners[].active_state.listener.filter_chains[0].filters[0].typed_config.http_filters[] | select(.name == "envoy.filters.http.rbac") | .typed_config'
-}
-
-function assert_envoy_network_rbac_policy_count {
-  local HOSTPORT=$1
-  local EXPECT_COUNT=$2
-
-  GOT_COUNT=$(get_envoy_network_rbac_once $HOSTPORT | jq '.rules.policies | length')
-  echo "GOT_COUNT = $GOT_COUNT"
-  [ "${GOT_COUNT:-0}" -eq $EXPECT_COUNT ]
-}
-
-function get_envoy_network_rbac_once {
-  local HOSTPORT=$1
-  run curl -m 5 -s -f $HOSTPORT/config_dump
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output '.configs[2].dynamic_listeners[].active_state.listener.filter_chains[0].filters[] | select(.name == "envoy.filters.network.rbac") | .typed_config'
-}
-
-function get_envoy_listener_filters {
-  local HOSTPORT=$1
-  run retry_default curl -s -f $HOSTPORT/config_dump
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output '.configs[2].dynamic_listeners[].active_state.listener | "\(.name) \( .filter_chains[0].filters | map(.name) | join(","))"'
-}
-
-function get_envoy_http_filter {
-  local HOSTPORT=$1
-  local FILTER_NAME=$2
-  run retry_default curl -s -f $HOSTPORT/config_dump
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output ".configs[2].dynamic_listeners[] | .active_state.listener.filter_chains[].filters[] | select(.name == \"envoy.filters.network.http_connection_manager\") | .typed_config.http_filters[] | select(.name == \"${FILTER_NAME}\")"
-}
-
-function get_envoy_http_filters {
-  local HOSTPORT=$1
-  run retry_default curl -s -f $HOSTPORT/config_dump
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output '.configs[2].dynamic_listeners[].active_state.listener | "\(.name) \( .filter_chains[0].filters[] | select(.name == "envoy.filters.network.http_connection_manager") | .typed_config.http_filters | map(.name) | join(","))"'
-}
-
-function get_envoy_dynamic_cluster_once {
-  local HOSTPORT=$1
-  local NAME_PREFIX=$2
-  run curl -m 5 -s -f $HOSTPORT/config_dump
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output ".configs[] | select (.[\"@type\"] == \"type.googleapis.com/envoy.admin.v3.ClustersConfigDump\") | .dynamic_active_clusters[] | select(.cluster.name | startswith(\"${NAME_PREFIX}\"))"
-}
-
-function assert_envoy_dynamic_cluster_exists_once {
-  local HOSTPORT=$1
-  local NAME_PREFIX=$2
-  local EXPECT_SNI=$3
-  BODY="$(get_envoy_dynamic_cluster_once $HOSTPORT $NAME_PREFIX)"
-  [ -n "$BODY" ]
-
-  SNI="$(echo "$BODY" | jq --raw-output ".cluster.transport_socket.typed_config.sni | select(. | startswith(\"${EXPECT_SNI}\"))")"
-  [ -n "$SNI" ]
-}
-
-function assert_envoy_dynamic_cluster_exists {
-  local HOSTPORT=$1
-  local NAME_PREFIX=$2
-  local EXPECT_SNI=$3
-  run retry_long assert_envoy_dynamic_cluster_exists_once $HOSTPORT $NAME_PREFIX $EXPECT_SNI
-  [ "$status" -eq 0 ]
-}
-
-function get_envoy_cluster_config {
-  local HOSTPORT=$1
-  local CLUSTER_NAME=$2
-  run retry_default curl -s -f $HOSTPORT/config_dump
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output "
-    .configs[1].dynamic_active_clusters[]
-    | select(.cluster.name|startswith(\"${CLUSTER_NAME}\"))
-    | .cluster
-  "
-}
-
-function get_envoy_stats_flush_interval {
-  local HOSTPORT=$1
-  run retry_default curl -s -f $HOSTPORT/config_dump
-  [ "$status" -eq 0 ]
-  #echo "$output" > /workdir/s1_envoy_dump.json
-  echo "$output" | jq --raw-output '.configs[0].bootstrap.stats_flush_interval'
-}
-
-# snapshot_envoy_admin is meant to be used from a teardown scriptlet from the host.
-function snapshot_envoy_admin {
-  local HOSTPORT=$1
-  local ENVOY_NAME=$2
-  local DC=${3:-primary}
-  local OUTDIR="${LOG_DIR}/envoy-snapshots/${DC}/${ENVOY_NAME}"
-
-  mkdir -p "${OUTDIR}"
-  docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/config_dump" > "${OUTDIR}/config_dump.json"
-  docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/clusters?format=json" > "${OUTDIR}/clusters.json"
-  docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/stats" > "${OUTDIR}/stats.txt"
-  docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/stats/prometheus"  > "${OUTDIR}/stats_prometheus.txt"
-}
-
-function reset_envoy_metrics {
-  local HOSTPORT=$1
-  curl -m 5 -s -f -XPOST $HOSTPORT/reset_counters
-  return $?
-}
-
-function get_all_envoy_metrics {
-  local HOSTPORT=$1
-  curl -m 5 -s -f $HOSTPORT/stats
-  return $?
-}
-
-function get_envoy_metrics {
-  local HOSTPORT=$1
-  local METRICS=$2
-
-  get_all_envoy_metrics $HOSTPORT | grep "$METRICS"
-}
-
-function assert_upstream_has_endpoint_port {
-  local HOSTPORT=$1
-  local CLUSTER_NAME=$2
-  local PORT_VALUE=$3
-
-  run retry_long assert_upstream_has_endpoint_port_once $HOSTPORT $CLUSTER_NAME $PORT_VALUE
-  [ "$status" -eq 0 ]
-}
-
-function get_upstream_endpoint_in_status_count {
-  local HOSTPORT=$1
-  local CLUSTER_NAME=$2
-  local HEALTH_STATUS=$3
-  run curl -m 5 -s -f "http://${HOSTPORT}/clusters?format=json"
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output "
-.cluster_statuses[]
-| select(.name|startswith(\"${CLUSTER_NAME}\"))
-| [.host_statuses[].health_status.eds_health_status]
-| [select(.[] == \"${HEALTH_STATUS}\")]
-| length"
-}
-
-function assert_upstream_has_endpoints_in_status_once {
-  local HOSTPORT=$1
-  local CLUSTER_NAME=$2
-  local HEALTH_STATUS=$3
-  local EXPECT_COUNT=$4
-
-  GOT_COUNT=$(get_upstream_endpoint_in_status_count $HOSTPORT $CLUSTER_NAME $HEALTH_STATUS)
-
-  [ "$GOT_COUNT" -eq $EXPECT_COUNT ]
-}
-
-function assert_upstream_has_endpoints_in_status {
-  local HOSTPORT=$1
-  local CLUSTER_NAME=$2
-  local HEALTH_STATUS=$3
-  local EXPECT_COUNT=$4
-  run retry_long assert_upstream_has_endpoints_in_status_once $HOSTPORT $CLUSTER_NAME $HEALTH_STATUS $EXPECT_COUNT
-  [ "$status" -eq 0 ]
-}
-
-function assert_envoy_metric {
-  set -eEuo pipefail
-  local HOSTPORT=$1
-  local METRIC=$2
-  local EXPECT_COUNT=$3
-
-  METRICS=$(get_envoy_metrics $HOSTPORT "$METRIC")
-
-  if [ -z "${METRICS}" ]; then
-    echo "Metric not found" 1>&2
-    return 1
-  fi
-
-  GOT_COUNT=$(awk -F: '{print $2}' <<<"$METRICS" | head -n 1 | tr -d ' ')
-
-  if [ -z "$GOT_COUNT" ]; then
-    echo "Couldn't parse metric count" 1>&2
-    return 1
-  fi
-
-  if [ $EXPECT_COUNT -ne $GOT_COUNT ]; then
-    echo "$METRIC - expected count: $EXPECT_COUNT, actual count: $GOT_COUNT" 1>&2
-    return 1
-  fi
-}
-
-function assert_envoy_metric_at_least {
-  set -eEuo pipefail
-  local HOSTPORT=$1
-  local METRIC=$2
-  local EXPECT_COUNT=$3
-
-  METRICS=$(get_envoy_metrics $HOSTPORT "$METRIC")
-
-  if [ -z "${METRICS}" ]; then
-    echo "Metric not found" 1>&2
-    return 1
-  fi
-
-  GOT_COUNT=$(awk -F: '{print $2}' <<<"$METRICS" | head -n 1 | tr -d ' ')
-
-  if [ -z "$GOT_COUNT" ]; then
-    echo "Couldn't parse metric count" 1>&2
-    return 1
-  fi
-
-  if [ $EXPECT_COUNT -gt $GOT_COUNT ]; then
-    echo "$METRIC - expected >= count: $EXPECT_COUNT, actual count: $GOT_COUNT" 1>&2
-    return 1
-  fi
-}
-
-function assert_envoy_aggregate_metric_at_least {
-  set -eEuo pipefail
-  local HOSTPORT=$1
-  local METRIC=$2
-  local EXPECT_COUNT=$3
-
-  METRICS=$(get_envoy_metrics $HOSTPORT "$METRIC")
-
-  if [ -z "${METRICS}" ]; then
-    echo "Metric not found" 1>&2
-    return 1
-  fi
-
-  GOT_COUNT=$(awk '{ sum += $2 } END { print sum }' <<<"$METRICS")
-
-  if [ -z "$GOT_COUNT" ]; then
-    echo "Couldn't parse metric count" 1>&2
-    return 1
-  fi
-
-  if [ $EXPECT_COUNT -gt $GOT_COUNT ]; then
-    echo "$METRIC - expected >= count: $EXPECT_COUNT, actual count: $GOT_COUNT" 1>&2
-    return 1
-  fi
-}
-
-function get_healthy_service_count {
-  local SERVICE_NAME=$1
-  local DC=$2
-  local NS=$3
-  local AP=$4
-  local PEER_NAME=$5
-
-  run curl -m 5 -s -f ${HEADERS} "consul-${DC}-client:8500/v1/health/connect/${SERVICE_NAME}?passing&ns=${NS}&partition=${AP}&peer=${PEER_NAME}"
-
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output '. | length'
-}
-
-function assert_alive_wan_member_count {
-  local DC=$1
-  local EXPECT_COUNT=$2
-  run retry_long assert_alive_wan_member_count_once $DC $EXPECT_COUNT
-  [ "$status" -eq 0 ]
-}
-
-function assert_alive_wan_member_count_once {
-  local DC=$1
-  local EXPECT_COUNT=$2
-
-  GOT_COUNT=$(get_alive_wan_member_count $DC)
-
-  [ "$GOT_COUNT" -eq "$EXPECT_COUNT" ]
-}
-
-function get_alive_wan_member_count {
-  local DC=$1
-  run retry_default curl -sL -f "consul-${DC}-server:8500/v1/agent/members?wan=1"
-  [ "$status" -eq 0 ]
-  # echo "$output" >&3
-  echo "$output" | jq '.[] | select(.Status == 1) | .Name' | wc -l
-}
-
-function assert_service_has_healthy_instances_once {
-  local SERVICE_NAME=$1
-  local EXPECT_COUNT=$2
-  local DC=${3:-primary}
-  local NS=${4:-}
-  local AP=${5:-}
-  local PEER_NAME=${6:-}
-
-  GOT_COUNT=$(get_healthy_service_count "$SERVICE_NAME" "$DC" "$NS" "$AP" "$PEER_NAME")
-
-  [ "$GOT_COUNT" -eq $EXPECT_COUNT ]
-}
-
-function assert_service_has_healthy_instances {
-  local SERVICE_NAME=$1
-  local EXPECT_COUNT=$2
-  local DC=${3:-primary}
-  local NS=${4:-}
-  local AP=${5:-}
-  local PEER_NAME=${6:-}
-
-  run retry_long assert_service_has_healthy_instances_once "$SERVICE_NAME" "$EXPECT_COUNT" "$DC" "$NS" "$AP" "$PEER_NAME"
-  [ "$status" -eq 0 ]
-}
-
-function check_intention {
-  local SOURCE=$1
-  local DESTINATION=$2
-  get_consul_hostname primary
-
-  curl -m 5 -s -f "${CONSUL_HOSTNAME}:8500/v1/connect/intentions/check?source=${SOURCE}&destination=${DESTINATION}" | jq ".Allowed"
-}
-
-function assert_intention_allowed {
-  local SOURCE=$1
-  local DESTINATION=$2
-
-  run check_intention "${SOURCE}" "${DESTINATION}"
-  [ "$status" -eq 0 ]
-  [ "$output" = "true" ]
-}
-
-function assert_intention_denied {
-  local SOURCE=$1
-  local DESTINATION=$2
-
-  run check_intention "${SOURCE}" "${DESTINATION}"
-  [ "$status" -eq 0 ]
-  [ "$output" = "false" ]
-}
-
-function docker_consul {
-  local DC=$1
-  shift 1
-  retry_default docker_exec envoy_consul-${DC}_1 "$@"
-}
-
-function docker_consul_for_proxy_bootstrap {
-  local DC=$1
-  shift 1
-
-  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$DC"_1
-
-  docker.exe exec -i $CONTAINER_NAME bash.exe -c "$@"
-}
-
-function docker_exec {
-  if ! docker.exe exec -i "$@"; then
-    echo "Failed to execute: docker exec -i $@" 1>&2
-    return 1
-  fi
-}
-
-function docker_consul_exec {
-  local DC=$1
-  shift 1
-  docker_exec envoy_consul-${DC}_1 "$@"
-}
-
-function kill_envoy {
-  local BOOTSTRAP_NAME=$1
-  local DC=${2:-primary}
-
-  PORT=$( cat /c/workdir/$DC/envoy/${BOOTSTRAP_NAME}-bootstrap.json | jq .admin.address.socket_address.port_value )
-  PID=$( netstat -qo | grep "127.0.0.1:$PORT" | sed -r "s/.* //g" )
-  tskill $PID
-}
-
-function must_match_in_statsd_logs {
-  local DC=${2:-primary}
-  local FILE="/c/workdir/${DC}/statsd/statsd.log"
-  
-  COUNT=$( grep -Ec $1 $FILE )  
-  echo "COUNT of '$1' matches: $COUNT"
- 
-  [ "$COUNT" -gt "0" ]
-}
-
-function must_match_in_prometheus_response {
-  run curl -m 5 -f -s $1/metrics
-  COUNT=$( echo "$output" | grep -Ec $2 )
-
-  echo "OUTPUT head -n 10"
-  echo "$output" | head -n 10
-  echo "COUNT of '$2' matches: $COUNT"
-
-  [ "$status" == 0 ]
-  [ "$COUNT" -gt "0" ]
-}
-
-function must_match_in_stats_proxy_response {
-  run curl -m 5 -f -s $1/$2
-  COUNT=$( echo "$output" | grep -Ec $3 )
-
-  echo "OUTPUT head -n 10"
-  echo "$output" | head -n 10
-  echo "COUNT of '$3' matches: $COUNT"
-
-  [ "$status" == 0 ]
-  [ "$COUNT" -gt "0" ]
-}
-
-# must_fail_tcp_connection checks that a request made through an upstream fails,
-# probably due to authz being denied if all other tests passed already. Although
-# we are using curl, this only works as expected for TCP upstreams as we are
-# checking TCP-level errors. HTTP upstreams will return a valid 503 generated by
-# Envoy rather than a connection-level error.
-function must_fail_tcp_connection {
-  # Attempt to curl through upstream
-  run curl -m 5 --no-keepalive -s -v -f -d hello $1
-
-  echo "OUTPUT $output"
-
-  # Should fail during handshake and return "got nothing" error
-  [ "$status" == "52" ]
-
-  # Verbose output should enclude empty reply
-  echo "$output" | grep 'Empty reply from server'
-}
-
-function must_pass_tcp_connection {
-  run curl -m 5 --no-keepalive -s -f -d hello $1
-
-  echo "OUTPUT $output"
-
-  [ "$status" == "0" ]
-  [ "$output" = "hello" ]
-}
-
-# must_fail_http_connection see must_fail_tcp_connection but this expects Envoy
-# to generate a 503 response since the upstreams have refused connection.
-function must_fail_http_connection {
-  # Attempt to curl through upstream
-  run curl -m 5 --no-keepalive -s -i -d hello "$1"
-
-  echo "OUTPUT $output"
-
-  [ "$status" == "0" ]
-
-  local expect_response="${2:-403 Forbidden}"
-  # Should fail request with 503
-  echo "$output" | grep "${expect_response}"
-}
-
-# must_pass_http_request allows you to craft a specific http request to assert
-# that envoy will NOT reject the request. Primarily of use for testing L7
-# intentions.
-function must_pass_http_request {
-  local METHOD=$1
-  local URL=$2
-  local DEBUG_HEADER_VALUE="${3:-""}"
-
-  local extra_args
-  if [[ -n "${DEBUG_HEADER_VALUE}" ]]; then
-    extra_args="-H x-test-debug:${DEBUG_HEADER_VALUE}"
-  fi
-  case "$METHOD" in
-    GET) ;;
-
-    DELETE)
-      extra_args="$extra_args -X${METHOD}"
-      ;;
-    PUT | POST)
-      extra_args="$extra_args -d'{}' -X${METHOD}"
-      ;;
-    *)
-      return 1
-      ;;
-  esac
-
-  run curl -m 5 --no-keepalive -v -s -f $extra_args "$URL"
-  [ "$status" == 0 ]
-}
-
-# must_fail_http_request allows you to craft a specific http request to assert
-# that envoy will reject the request. Primarily of use for testing L7
-# intentions.
-function must_fail_http_request {
-  local METHOD=$1
-  local URL=$2
-  local DEBUG_HEADER_VALUE="${3:-""}"
-
-  local extra_args
-  if [[ -n "${DEBUG_HEADER_VALUE}" ]]; then
-      extra_args="-H x-test-debug:${DEBUG_HEADER_VALUE}"
-  fi
-  case "$METHOD" in
-    HEAD)
-      extra_args="$extra_args -I"
-      ;;
-    GET) ;;
-
-    DELETE)
-      extra_args="$extra_args -X${METHOD}"
-      ;;
-    PUT | POST)
-      extra_args="$extra_args -d'{}' -X${METHOD}"
-      ;;
-    *)
-      return 1
-      ;;
-  esac
-
-  # Attempt to curl through upstream
-  run curl -m 5 --no-keepalive -s -i $extra_args "$URL"
-
-  echo "OUTPUT $output"
-
-  echo "$output" | grep "403 Forbidden"
-}
-
-function upsert_config_entry {
-  local DC="$1"
-  local BODY="$2"
-
-  echo "$BODY" | docker_consul "$DC" consul config write -
-}
-
-function gen_envoy_bootstrap {
-  SERVICE=$1
-  ADMIN_PORT=$2
-  DC=${3:-primary}
-  IS_GW=${4:-0}
-  EXTRA_ENVOY_BS_ARGS="${5-}"
-  ADMIN_HOST="0.0.0.0"
-
-  PROXY_ID="$SERVICE"
-  if ! is_set "$IS_GW"; then
-    PROXY_ID="$SERVICE-sidecar-proxy"
-    ADMIN_HOST="127.0.0.1"
-  fi
-
-  if output=$(docker_consul_for_proxy_bootstrap $DC "consul connect envoy -bootstrap \
-    -proxy-id $PROXY_ID \
-    -envoy-version "$ENVOY_VERSION" \
-    -http-addr envoy_consul-${DC}_1:8500 \
-    -grpc-addr envoy_consul-${DC}_1:8502 \
-    -admin-access-log-path="C:/envoy/envoy.log" \
-    -admin-bind $ADMIN_HOST:$ADMIN_PORT ${EXTRA_ENVOY_BS_ARGS} \
-    > /c/workdir/${DC}/envoy/${SERVICE}-bootstrap.json"); then
-
-    # All OK, write config to file
-    echo $output
-    #echo "$output" > /c/workdir/${DC}/envoy/$SERVICE-bootstrap.json
-  else
-    status=$?
-    # Command failed, instead of swallowing error (printed on stdout by docker
-    # it seems) by writing it to file, echo it
-    echo "$output"
-    #return $status
-  fi
-
-
-}
-
-function read_config_entry {
-  local KIND=$1
-  local NAME=$2
-  local DC=${3:-primary}
-  get_consul_hostname $DC
-  docker_consul_exec "$DC" bash -c "consul config read -kind $KIND -name $NAME -http-addr=\"$CONSUL_HOSTNAME:8500\""
-}
-
-function wait_for_namespace {
-  local NS="${1}"
-  local DC=${2:-primary}
-  get_consul_hostname $DC
-  retry_default docker_consul_exec "$DC" bash -c "curl -sLf http://${CONSUL_HOSTNAME}:8500/v1/namespace/${NS} >/dev/null"
-}
-
-function wait_for_config_entry {
-  retry_default read_config_entry "$@"
-}
-
-function assert_config_entry_status {
-  local TYPE="$1"
-  local STATUS="$2"
-  local REASON="$3"
-  local DC="$4"
-  local KIND="$5"
-  local NAME="$6"
-  local NS=${7:-}
-  local AP=${8:-}
-  local PEER=${9:-}
-
-  status=$(curl -s -f "consul-${DC}-client:8500/v1/config/${KIND}/${NAME}?passing&ns=${NS}&partition=${AP}&peer=${PEER}" | jq ".Status.Conditions[] | select(.Type == \"$TYPE\" and .Status == \"$STATUS\" and .Reason == \"$REASON\")")
-  [ -n "$status" ]
-}
-
-function delete_config_entry {
-  local KIND=$1
-  local NAME=$2
-  get_consul_hostname primary
-  retry_default curl -sL -XDELETE "http://${CONSUL_HOSTNAME}:8500/v1/config/${KIND}/${NAME}"
-}
-
-function register_services {
-  local DC=${1:-primary}
-  wait_for_leader "$DC"
-  docker_consul_exec ${DC} bash -c "consul services register workdir/${DC}/register/service_*.hcl"
-}
-
-# wait_for_leader waits until a leader is elected.
-# Its first argument must be the datacenter name.
-function wait_for_leader {
-  get_consul_hostname primary
-  retry_default docker_consul_exec "$1" bash -c "[[ $(curl --fail -sS http://${CONSUL_HOSTNAME}:8500/v1/status/leader) ]]"
-}
-
-function setup_upsert_l4_intention {
-  local SOURCE=$1
-  local DESTINATION=$2
-  local ACTION=$3
-  get_consul_hostname primary
-  retry_default docker_consul_exec primary bash -c "curl -sL -X PUT -d '{\"Action\": \"${ACTION}\"}' 'http://${CONSUL_HOSTNAME}:8500/v1/connect/intentions/exact?source=${SOURCE}&destination=${DESTINATION}'"
-}
-
-function upsert_l4_intention {
-  local SOURCE=$1
-  local DESTINATION=$2
-  local ACTION=$3
-  get_consul_hostname primary
-  retry_default curl -sL -XPUT "http://${CONSUL_HOSTNAME}:8500/v1/connect/intentions/exact?source=${SOURCE}&destination=${DESTINATION}" \
-      -d"{\"Action\": \"${ACTION}\"}" >/dev/null
-}
-
-function get_ca_root {
-  get_consul_hostname primary
-  curl -s -f "http://${CONSUL_HOSTNAME}:8500/v1/connect/ca/roots" | jq -r ".Roots[0].RootCert"
-}
-
-function wait_for_agent_service_register {
-  local SERVICE_ID=$1
-  local DC=${2:-primary}
-  get_consul_hostname $DC
-  retry_default docker_consul_exec "$DC" bash -c "curl -sLf 'http://${CONSUL_HOSTNAME}:8500/v1/agent/service/${SERVICE_ID}' >/dev/null"
-}
-
-function set_ttl_check_state {
-  local CHECK_ID=$1
-  local CHECK_STATE=$2
-  local DC=${3:-primary}
-  get_consul_hostname $DC
-
-  case "$CHECK_STATE" in
-    pass) ;;
-
-    warn) ;;
-
-    fail) ;;
-
-    *)
-      echo "invalid ttl check state '${CHECK_STATE}'" >&2
-      return 1
-      ;;
-  esac
-
-  retry_default docker_consul_exec "$DC" bash -c "curl -sL -XPUT 'http://${CONSUL_HOSTNAME}:8500/v1/agent/check/warn/${CHECK_ID}' >/dev/null"
-}
-
-function get_upstream_fortio_name {
-  local HOST=$1
-  local PORT=$2
-  local PREFIX=$3
-  local DEBUG_HEADER_VALUE="${4:-""}"
-  local extra_args
-  if [[ -n "${DEBUG_HEADER_VALUE}" ]]; then
-      extra_args="-H x-test-debug:${DEBUG_HEADER_VALUE}"
-  fi
-  # split proto if https:// is at the front of the host since the --resolve
-  # string needs just a bare host.
-  local PROTO=""
-  local CA_FILE=""
-  if [ "${HOST:0:8}" = "https://" ]; then
-    HOST="${HOST:8}"
-    PROTO="https://"
-    # Fix in the CA_FILE parameter: for Windows environments, the root path starts with "/c"
-    extra_args="${extra_args} --cacert /c/workdir/test-sds-server/certs/ca-root.crt"
-  fi
-  # We use --resolve instead of setting a Host header since we need the right
-  # name to be sent for SNI in some cases too.
-  run retry_default curl --ssl-revoke-best-effort -v -s -f --resolve "${HOST}:${PORT}:127.0.0.1" $extra_args \
-      "${PROTO}${HOST}:${PORT}${PREFIX}/debug?env=dump"
-
-  # Useful Debugging but breaks the expectation that the value output is just
-  # the grep output when things don't fail
-  if [ "$status" != 0 ]; then
-    echo "GOT FORTIO OUTPUT: $output"
-  fi
-  [ "$status" == 0 ]
-  echo "$output" | grep -E "^FORTIO_NAME="
-}
-
-function get_upstream_endpoint_port {
-  local HOSTPORT=$1
-  local CLUSTER_NAME=$2
-  local PORT_VALUE=$3
-  run curl -s -f "http://${HOSTPORT}/clusters?format=json"
-  [ "$status" -eq 0 ]
-  echo "$output" | jq --raw-output "
-.cluster_statuses[]
-| select(.name|startswith(\"${CLUSTER_NAME}\"))
-| [.host_statuses[].address.socket_address.port_value]
-| [select(.[] == ${PORT_VALUE})]
-| length"
-}
-
-function assert_upstream_has_endpoint_port_once {
-  local HOSTPORT=$1
-  local CLUSTER_NAME=$2
-  local PORT_VALUE=$3
-
-  GOT_COUNT=$(get_upstream_endpoint_port $HOSTPORT $CLUSTER_NAME $PORT_VALUE)
-
-  [ "$GOT_COUNT" -eq 1 ]
-}
-
-function assert_expected_fortio_name {
-  local EXPECT_NAME=$1
-  local HOST=${2:-"localhost"}
-  local PORT=${3:-5000}
-  local URL_PREFIX=${4:-""}
-  local DEBUG_HEADER_VALUE="${5:-""}"
-
-  run get_upstream_fortio_name ${HOST} ${PORT} "${URL_PREFIX}" "${DEBUG_HEADER_VALUE}"
-
-  echo "GOT: $output"
-
-  [ "$status" == 0 ]
-  [ "$output" == "FORTIO_NAME=${EXPECT_NAME}" ]
-}
-
-function assert_expected_fortio_name_pattern {
-  local EXPECT_NAME_PATTERN=$1
-  local HOST=${2:-"localhost"}
-  local PORT=${3:-5000}
-  local URL_PREFIX=${4:-""}
-  local DEBUG_HEADER_VALUE="${5:-""}"
-
-  GOT=$(get_upstream_fortio_name ${HOST} ${PORT} "${URL_PREFIX}" "${DEBUG_HEADER_VALUE}")
-
-  if [[ "$GOT" =~ $EXPECT_NAME_PATTERN ]]; then
-      :
-  else
-    echo "expected name pattern: $EXPECT_NAME_PATTERN, actual name: $GOT" 1>&2
-    return 1
-  fi
-}
-
-function get_upstream_fortio_host_header {
-  local HOST=$1
-  local PORT=$2
-  local PREFIX=$3
-  local DEBUG_HEADER_VALUE="${4:-""}"
-  local extra_args
-  if [[ -n "${DEBUG_HEADER_VALUE}" ]]; then
-      extra_args="-H x-test-debug:${DEBUG_HEADER_VALUE}"
-  fi
-  run retry_default curl -v -s -f -H"Host: ${HOST}" $extra_args \
-      "localhost:${PORT}${PREFIX}/debug"
-  [ "$status" == 0 ]
-  echo "$output" | grep -E "^Host: "
-}
-
-function assert_expected_fortio_host_header {
-  local EXPECT_HOST=$1
-  local HOST=${2:-"localhost"}
-  local PORT=${3:-5000}
-  local URL_PREFIX=${4:-""}
-  local DEBUG_HEADER_VALUE="${5:-""}"
-
-  GOT=$(get_upstream_fortio_host_header ${HOST} ${PORT} "${URL_PREFIX}" "${DEBUG_HEADER_VALUE}")
-
-  if [ "$GOT" != "Host: ${EXPECT_HOST}" ]; then
-    echo "expected Host header: $EXPECT_HOST, actual Host header: $GOT" 1>&2
-    return 1
-  fi
-}
-
-function create_peering {
-  local GENERATE_PEER=$1
-  local ESTABLISH_PEER=$2
-  run curl -m 5 -sL -XPOST "http://consul-${GENERATE_PEER}-client:8500/v1/peering/token" -d"{ \"PeerName\" : \"${GENERATE_PEER}-to-${ESTABLISH_PEER}\" }"
-  # echo "$output" >&3
-  [ "$status" == 0 ]
-
-  local token
-  token="$(echo "$output" | jq -r .PeeringToken)"
-  [ -n "$token" ]
-
-  run curl -m 5 -sLv -XPOST "http://consul-${ESTABLISH_PEER}-client:8500/v1/peering/establish" -d"{ \"PeerName\" : \"${ESTABLISH_PEER}-to-${GENERATE_PEER}\", \"PeeringToken\" : \"${token}\" }"
-  # echo "$output" >&3
-  [ "$status" == 0 ]
-}
-
-function assert_service_has_imported {
-  local DC=${1:-primary}
-  local SERVICE_NAME=$2
-  local PEER_NAME=$3
-
-  run curl -s -f "http://consul-${DC}-client:8500/v1/peering/${PEER_NAME}"
-  [ "$status" == 0 ]
-
-  echo "$output" | jq --raw-output '.StreamStatus.ImportedServices' | grep -e "${SERVICE_NAME}"
-  if [ $? -ne 0 ]; then
-    echo "Error finding service: ${SERVICE_NAME}"
-    return 1
-  fi
-}
-
-function get_lambda_envoy_http_filter {
-  local HOSTPORT=$1
-  local NAME_PREFIX=$2
-  run retry_default curl -s -f $HOSTPORT/config_dump
-  [ "$status" -eq 0 ]
-  # get the full http filter object so the individual fields can be validated.
-  echo "$output" | jq --raw-output ".configs[2].dynamic_listeners[] | .active_state.listener.filter_chains[].filters[] | select(.name == \"envoy.filters.network.http_connection_manager\") | .typed_config.http_filters[] | select(.name == \"envoy.filters.http.aws_lambda\") | .typed_config"
-}
-
-function register_lambdas {
-  local DC=${1:-primary}
-  # register lambdas to the catalog
-  for f in $(find workdir/${DC}/register -type f -name 'lambda_*.json'); do
-    retry_default curl -sL -XPUT -d @${f} "http://localhost:8500/v1/catalog/register" >/dev/null && \
-      echo "Registered Lambda: $(jq -r .Service.Service $f)"
-  done
-  # write service-defaults config entries for lambdas
-  for f in $(find workdir/${DC}/register -type f -name 'service_defaults_*.json'); do
-    varsub ${f} AWS_LAMBDA_REGION AWS_LAMBDA_ARN
-    retry_default curl -sL -XPUT -d @${f} "http://localhost:8500/v1/config" >/dev/null && \
-      echo "Wrote config: $(jq -r '.Kind + " / " + .Name' $f)"
-  done
-}
-
-function assert_lambda_envoy_dynamic_cluster_exists {
-  local HOSTPORT=$1
-  local NAME_PREFIX=$2
-
-  local BODY=$(get_envoy_dynamic_cluster_once $HOSTPORT $NAME_PREFIX)
-  [ -n "$BODY" ]
-
-  [ "$(echo $BODY | jq -r '.cluster.transport_socket.typed_config.sni')" == '*.amazonaws.com' ]
-}
-
-function assert_lambda_envoy_dynamic_http_filter_exists {
-  local HOSTPORT=$1
-  local NAME_PREFIX=$2
-  local ARN=$3
-
-  local FILTER=$(get_lambda_envoy_http_filter $HOSTPORT $NAME_PREFIX)
-  [ -n "$FILTER" ]
-
-  [ "$(echo $FILTER | jq -r '.arn')" == "$ARN" ]
-}
-
-function varsub {
-  local file=$1
-  shift
-  for v in "$@"; do
-    sed -i "s/\${$v}/${!v}/g" $file
-  done
-}
-
-function get_url_header {
-  local URL=$1
-  local HEADER=$2
-  run curl -s -f -X GET -I "${URL}"
-  [ "$status" == 0 ]
-  RESP=$(echo "$output" | tr -d '\r')
-  RESP=$(echo "$RESP" | grep -E "^${HEADER}: ")
-  RESP=$(echo "$RESP" | sed "s/^${HEADER}: //g")
-  echo "$RESP"
-}
-
-function assert_url_header {
-  local URL=$1
-  local HEADER=$2
-  local VALUE=$3
-  run get_url_header "$URL" "$HEADER"
-  [ "$status" == 0 ]
-  [ "$VALUE" = "$output" ]
-}
-
-# assert_upstream_message asserts both the returned code
-# and message from upstream service
-function assert_upstream_message {
-  local HOSTPORT=$1
-  run curl -s -d hello localhost:$HOSTPORT
-
-  if [ "$status" -ne 0 ]; then
-    echo "Command failed"
-    return 1
-  fi
-
-  if (echo $output | grep 'hello'); then
-    return 0
-  fi
-
-  echo "expected message not found in $output"
-  return 1
-}
\ No newline at end of file
diff --git a/test/integration/connect/envoy/main_test.go b/test/integration/connect/envoy/main_test.go
index a1aaa060b894..b81a72e37ddc 100644
--- a/test/integration/connect/envoy/main_test.go
+++ b/test/integration/connect/envoy/main_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build integration
 // +build integration
@@ -7,9 +7,6 @@
 package envoy
 
 import (
-	"flag"
-	"io/ioutil"
-	"log"
 	"os"
 	"os/exec"
 	"sort"
@@ -19,31 +16,11 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-var (
-	flagWin          = flag.Bool("win", false, "Execute tests on windows")
-	flagResourceAPIs = flag.Bool("enable-resource-apis", false, "Execute tests with resource apis enabled.")
-)
-
 func TestEnvoy(t *testing.T) {
-	flag.Parse()
-
-	if *flagWin == true {
-		dir := "../../../"
-		check_dir_files(dir)
-	}
-
-	var testcases []string
-	var err error
-	if *flagResourceAPIs == true {
-		os.Setenv("USE_RESOURCE_APIS", "true")
-		testcases, err = discoverResourceAPICases()
-	} else {
-		testcases, err = discoverCases()
-	}
+	testcases, err := discoverCases()
 	require.NoError(t, err)
 
 	runCmd(t, "suite_setup")
-
 	defer runCmd(t, "suite_teardown")
 
 	for _, tc := range testcases {
@@ -63,7 +40,7 @@ func TestEnvoy(t *testing.T) {
 	}
 }
 
-func runCmdLinux(t *testing.T, c string, env ...string) {
+func runCmd(t *testing.T, c string, env ...string) {
 	t.Helper()
 
 	cmd := exec.Command("./run-tests.sh", c)
@@ -75,35 +52,7 @@ func runCmdLinux(t *testing.T, c string, env ...string) {
 	}
 }
 
-func runCmdWindows(t *testing.T, c string, env ...string) {
-	t.Helper()
-
-	param_5 := "false"
-	if env != nil {
-		param_5 = strings.Join(env, " ")
-	}
-
-	cmd := exec.Command("cmd", "/C", "bash run-tests.windows.sh", c, param_5)
-	cmd.Env = append(os.Environ(), env...)
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-	if err := cmd.Run(); err != nil {
-		t.Fatalf("command failed: %v", err)
-	}
-}
-
-func runCmd(t *testing.T, c string, env ...string) {
-	t.Helper()
-
-	if *flagWin == true {
-		runCmdWindows(t, c, env...)
-
-	} else {
-		runCmdLinux(t, c, env...)
-	}
-}
-
-// Discover the cases so we pick up both ce and ent copies.
+// Discover the cases so we pick up both oss and ent copies.
 func discoverCases() ([]string, error) {
 	cwd, err := os.Getwd()
 	if err != nil {
@@ -125,84 +74,3 @@ func discoverCases() ([]string, error) {
 	sort.Strings(out)
 	return out, nil
 }
-
-// discoverResourceAPICases will discover the Envoy tests case files but will contain
-// a filter in it to only return those case for which functionality has been added
-// to the V2 catalog resources.
-func discoverResourceAPICases() ([]string, error) {
-	cwd, err := os.Getwd()
-	if err != nil {
-		return nil, err
-	}
-
-	dirs, err := os.ReadDir(cwd)
-	if err != nil {
-		return nil, err
-	}
-
-	var out []string
-	for _, fi := range dirs {
-		// TODO(proxystate): enable this to only include tests cases that are supported.
-		// Currently the work is in progress, so it is wired up in CI, but this excludes any tests from actually running.
-		if fi.IsDir() && strings.HasPrefix(fi.Name(), "case-don-match-me-on-anything-yet-because-i-am-not-ready") {
-			out = append(out, fi.Name())
-		}
-	}
-
-	sort.Strings(out)
-	return out, nil
-}
-
-// CRLF convert functions
-// Recursively iterates through the directory passed by parameter looking for the sh and bash files.
-// Upon finding them, it calls crlf_file_check.
-func check_dir_files(path string) {
-	files, err := ioutil.ReadDir(path)
-	if err != nil {
-		log.Fatal(err)
-	}
-	for _, fil := range files {
-
-		v := strings.Split(fil.Name(), ".")
-		file_extension := v[len(v)-1]
-
-		file_path := path + "/" + fil.Name()
-
-		if fil.IsDir() == true {
-			check_dir_files(file_path)
-		}
-
-		if file_extension == "sh" || file_extension == "bash" {
-			crlf_file_check(file_path)
-		}
-	}
-}
-
-// Check if a file contains CRLF line endings if so call crlf_normalize
-func crlf_file_check(file_name string) {
-
-	file, err := ioutil.ReadFile(file_name)
-	text := string(file)
-
-	if edit := crlf_verify(text); edit != -1 {
-		crlf_normalize(file_name, text)
-	}
-
-	if err != nil {
-		log.Fatal(err)
-	}
-}
-
-// Checks for the existence of CRLF line endings.
-func crlf_verify(text string) int {
-	position := strings.Index(text, "\r\n")
-	return position
-}
-
-// Replace CRLF line endings with LF.
-func crlf_normalize(filename, text string) {
-	text = strings.Replace(text, "\r\n", "\n", -1)
-	data := []byte(text)
-
-	ioutil.WriteFile(filename, data, 0644)
-}
diff --git a/test/integration/connect/envoy/run-tests.sh b/test/integration/connect/envoy/run-tests.sh
index 900d3cbfd33b..ba0d6fa81090 100755
--- a/test/integration/connect/envoy/run-tests.sh
+++ b/test/integration/connect/envoy/run-tests.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
@@ -15,7 +15,7 @@ DEBUG=${DEBUG:-}
 XDS_TARGET=${XDS_TARGET:-server}
 
 # ENVOY_VERSION to run each test against
-ENVOY_VERSION=${ENVOY_VERSION:-"1.27.0"}
+ENVOY_VERSION=${ENVOY_VERSION:-"1.23.1"}
 export ENVOY_VERSION
 
 export DOCKER_BUILDKIT=1
@@ -179,14 +179,6 @@ function start_consul {
     license=$(cat $CONSUL_LICENSE_PATH)
   fi
 
-  USE_RESOURCE_APIS=${USE_RESOURCE_APIS:-false}
-
-  experiments="experiments=[]"
-  # set up consul to run in V1 or V2 catalog mode
-  if [[ "${USE_RESOURCE_APIS}" == true ]]; then
-   experiments="experiments=[\"resource-apis\"]"
-  fi
-
   # We currently run these integration tests in two modes: one in which Envoy's
   # xDS sessions are served directly by a Consul server, and another in which it
   # goes through a client agent.
@@ -270,7 +262,6 @@ function start_consul {
       agent -dev -datacenter "${DC}" \
       -config-dir "/workdir/${DC}/consul" \
       -config-dir "/workdir/${DC}/consul-server" \
-      -hcl=${experiments} \
       -client "0.0.0.0" >/dev/null
   fi
 }
@@ -798,9 +789,6 @@ function common_run_container_gateway {
 function run_container_gateway-primary {
   common_run_container_gateway mesh-gateway primary
 }
-function run_container_gateway-ap1 {
-  common_run_container_gateway mesh-gateway ap1
-}
 function run_container_gateway-secondary {
   common_run_container_gateway mesh-gateway secondary
 }
diff --git a/test/integration/connect/envoy/run-tests.windows.sh b/test/integration/connect/envoy/run-tests.windows.sh
deleted file mode 100644
index c4dcff6ce486..000000000000
--- a/test/integration/connect/envoy/run-tests.windows.sh
+++ /dev/null
@@ -1,911 +0,0 @@
-#!/usr/bin/env bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-
-if [ $2 != "false" ]
-then
-  export $2
-fi
-
-readonly self_name="$0"
-
-readonly HASHICORP_DOCKER_PROXY="docker.mirror.hashicorp.services"
-
-readonly SINGLE_CONTAINER_BASE_NAME=envoy_consul
-
-# DEBUG=1 enables set -x for this script so echos every command run
-DEBUG=${DEBUG:-}
-
-XDS_TARGET=${XDS_TARGET:-server}
-
-# ENVOY_VERSION to run each test against
-ENVOY_VERSION=${ENVOY_VERSION:-"1.27.0"}
-export ENVOY_VERSION
-
-export DOCKER_BUILDKIT=0
-
-if [ ! -z "$DEBUG" ] ; then
-  set -x
-fi
-
-source helpers.windows.bash
-
-function command_error {
-  echo "ERR: command exited with status $1" 1>&2
-  echo "     command:   $2" 1>&2
-  echo "     line:      $3" 1>&2
-  echo "     function:  $4" 1>&2
-  echo "     called at: $5" 1>&2
-  # printf '%s\n' "${FUNCNAME[@]}"
-  # printf '%s\n' "${BASH_SOURCE[@]}"
-  # printf '%s\n' "${BASH_LINENO[@]}"
-}
-
-trap 'command_error $? "${BASH_COMMAND}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_SOURCE[0]}:${BASH_LINENO[0]}"' ERR
-
-readonly WORKDIR_SNIPPET="-v envoy_workdir:C:\workdir"
-
-function network_snippet {
-    local DC="$1"
-    echo "--net=envoy-tests"
-}
-
-function aws_snippet {
-  LAMBDA_TESTS_ENABLED=${LAMBDA_TESTS_ENABLED:-false}
-  if [ "$LAMBDA_TESTS_ENABLED" != false ]; then
-    local snippet=""
-
-    # The Lambda integration cases assume that a Lambda function exists in $AWS_REGION with an ARN of $AWS_LAMBDA_ARN.
-    # The AWS credentials must have permission to invoke the Lambda function.
-    [ -n "$(set | grep '^AWS_ACCESS_KEY_ID=')" ] && snippet="${snippet} -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
-    [ -n "$(set | grep '^AWS_SECRET_ACCESS_KEY=')" ] && snippet="${snippet} -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
-    [ -n "$(set | grep '^AWS_SESSION_TOKEN=')" ] && snippet="${snippet} -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN"
-    [ -n "$(set | grep '^AWS_LAMBDA_REGION=')" ] && snippet="${snippet} -e AWS_LAMBDA_REGION=$AWS_LAMBDA_REGION"
-    [ -n "$(set | grep '^AWS_LAMBDA_ARN=')" ] && snippet="${snippet} -e AWS_LAMBDA_ARN=$AWS_LAMBDA_ARN"
-
-    echo "$snippet"
-  fi
-}
-
-function init_workdir {
-  local CLUSTER="$1"
-
-  if test -z "$CLUSTER"
-  then
-    CLUSTER=primary
-  fi
-
-  # Note, we use explicit set of dirs so we don't delete .gitignore. Also,
-  # don't wipe logs between runs as they are already split and we need them to
-  # upload as artifacts later.
-  rm -rf workdir/${CLUSTER}
-  rm -rf workdir/logs
-  mkdir -p workdir/${CLUSTER}/{consul,consul-server,register,envoy,bats,statsd,data}
-
-  # Reload consul config from defaults
-  cp consul-base-cfg/*.hcl workdir/${CLUSTER}/consul/
-
-  # Add any overrides if there are any (no op if not)
-  find ${CASE_DIR} -maxdepth 1 -name '*.hcl' -type f -exec cp -f {} workdir/${CLUSTER}/consul \;
-
-  # Copy all the test files
-  find ${CASE_DIR} -maxdepth 1 -name '*.bats' -type f -exec cp -f {} workdir/${CLUSTER}/bats \;
-  # Copy CLUSTER specific bats
-  cp helpers.windows.bash workdir/${CLUSTER}/bats/helpers.bash
-
-  # Add any CLUSTER overrides
-  if test -d "${CASE_DIR}/${CLUSTER}"
-  then
-    find ${CASE_DIR}/${CLUSTER} -type f -name '*.hcl' -exec cp -f {} workdir/${CLUSTER}/consul \;
-    find ${CASE_DIR}/${CLUSTER} -type f -name '*.bats' -exec cp -f {} workdir/${CLUSTER}/bats \;
-  fi
-
-  # move all of the registration files OUT of the consul config dir now
-  find workdir/${CLUSTER}/consul -type f -name 'service_*.hcl' -exec mv -f {} workdir/${CLUSTER}/register \;
-
-  # move the server.hcl out of the consul dir so that it doesn't get picked up
-  # by the client agent (if we're running with XDS_TARGET=client).
-  if test -f "workdir/${CLUSTER}/consul/server.hcl"
-  then
-    mv workdir/${CLUSTER}/consul/server.hcl workdir/${CLUSTER}/consul-server/server.hcl
-  fi
-
-  # copy the ca-certs for SDS so we can verify the right ones are served
-  mkdir -p workdir/test-sds-server/certs
-  cp test-sds-server/certs/ca-root.crt workdir/test-sds-server/certs/ca-root.crt
-
-  if test -d "${CASE_DIR}/data"
-  then
-    cp -r ${CASE_DIR}/data/* workdir/${CLUSTER}/data
-  fi
-
-  return 0
-}
-
-function docker_kill_rm {
-  local name
-  local todo=()
-  for name in "$@"; do
-    name="envoy_${name}_1"
-    if docker.exe container inspect $name &>/dev/null; then
-      if [[ "$name" == envoy_tcpdump-* ]]; then
-        echo -n "Gracefully stopping $name..."
-        docker.exe stop $name &> /dev/null
-        echo "done"
-      fi
-      todo+=($name)
-    fi
-  done
-
-  if [[ ${#todo[@]} -eq 0 ]]; then
-      return 0
-  fi
-
-  echo -n "Killing and removing: ${todo[@]}..."
-  docker.exe rm -v -f ${todo[@]} &> /dev/null
-  echo "done"
-}
-
-function start_consul {
-  local DC=${1:-primary}
-
-  # 8500/8502 are for consul
-  # 9411 is for zipkin which shares the network with consul
-  # 16686 is for jaeger ui which also shares the network with consul
-  ports=(
-    '-p=8500:8500'
-    '-p=8502:8502'
-    '-p=9411:9411'
-    '-p=16686:16686'
-  )
-  case "$DC" in
-    secondary)
-      ports=(
-        '-p=9500:8500'
-        '-p=9502:8502'
-      )
-      ;;
-    alpha)
-      ports=(
-        '-p=9510:8500'
-        '-p=9512:8502'
-      )
-      ;;
-  esac
-
-  license="${CONSUL_LICENSE:-}"
-  # load the consul license so we can pass it into the consul
-  # containers as an env var in the case that this is a consul
-  # enterprise test
-  if test -z "$license" -a -n "${CONSUL_LICENSE_PATH:-}"
-  then
-    license=$(cat $CONSUL_LICENSE_PATH)
-  fi
-
-  # We currently run these integration tests in two modes: one in which Envoy's
-  # xDS sessions are served directly by a Consul server, and another in which it
-  # goes through a client agent.
-  #
-  # This is necessary because servers and clients source configuration data in
-  # different ways (client agents use an RPC-backed cache and servers use their
-  # own local data) and we want to catch regressions in both.
-  #
-  # In the future we should also expand these tests to register services to the
-  # catalog directly (agentless) rather than relying on the server also being
-  # an agent.
-  #
-  # When XDS_TARGET=client we'll start a Consul server with its gRPC port
-  # disabled (but only if REQUIRE_PEERS is not set), and a client agent with
-  # its gRPC port enabled.
-  #
-  # When XDS_TARGET=server (or anything else) we'll run a single Consul server
-  # with its gRPC port enabled.
-  #
-  # In either case, the hostname `consul-${DC}-server` should be used as a
-  # server address (e.g. for WAN joining) and `consul-${DC}-client` should be
-  # used as a client address (e.g. for interacting with the HTTP API).
-  #
-  # Both hostnames work in both modes because we set network aliases on the
-  # containers such that both hostnames will resolve to the same container when
-  # XDS_TARGET=server.
-  #
-  # We also join containers to the network `container:consul-${DC}_1` in many
-  # places (see: network_snippet) so that we can curl localhost etc. In both
-  # modes, you can assume that this name refers to the client's container.
-  #
-  # Any .hcl files in the case/cluster directory will be given to both clients
-  # and servers (via the -config-dir flag) *except for* server.hcl which will
-  # only be applied to the server (and service registrations which will be made
-  # against the client).
-  if [[ "$XDS_TARGET" == "client" ]]
-  then
-    docker_kill_rm consul-${DC}-server
-    docker_kill_rm consul-${DC}
-
-    server_grpc_port="-1"
-    if is_set $REQUIRE_PEERS; then
-      server_grpc_port="8502"
-    fi
-
-    docker.exe run -d --name envoy_consul-${DC}-server_1 \
-      --net=envoy-tests \
-      $WORKDIR_SNIPPET \
-      --hostname "consul-${DC}-server" \
-      --network-alias "consul-${DC}-server" \
-      -e "CONSUL_LICENSE=$license" \
-      windows/consul:local \
-      agent -dev -datacenter "${DC}" \
-      -config-dir "C:\\workdir\\${DC}\\consul" \
-      -config-dir "C:\\workdir\\${DC}\\consul-server" \
-      -grpc-port $server_grpc_port \
-      -client "0.0.0.0" \
-      -bind "0.0.0.0" >/dev/null
-
-    docker.exe run -d --name envoy_consul-${DC}_1 \
-      --net=envoy-tests \
-      $WORKDIR_SNIPPET \
-      --hostname "consul-${DC}-client" \
-      --network-alias "consul-${DC}-client" \
-      -e "CONSUL_LICENSE=$license" \
-      ${ports[@]} \
-      windows/consul:local \
-      agent -datacenter "${DC}" \
-      -config-dir "C:\\workdir\\${DC}\\consul" \
-      -data-dir "/tmp/consul" \
-      -client "0.0.0.0" \
-      -grpc-port 8502 \
-      -datacenter "${DC}" \
-      -retry-join "consul-${DC}-server" >/dev/null
-  else
-    docker_kill_rm consul-${DC}
-
-    docker.exe run -d --name envoy_consul-${DC}_1 \
-      --net=envoy-tests \
-      $WORKDIR_SNIPPET \
-      --memory 4096m \
-      --cpus 2 \
-      --hostname "consul-${DC}" \
-      --network-alias "consul-${DC}-client" \
-      --network-alias "consul-${DC}-server" \
-      -e "CONSUL_LICENSE=$license" \
-      ${ports[@]} \
-      windows/consul:local \
-      agent -dev -datacenter "${DC}" \
-      -config-dir "C:\\workdir\\${DC}\\consul" \
-      -config-dir "C:\\workdir\\${DC}\\consul-server" \
-      -client "0.0.0.0" >/dev/null
-  fi
-}
-
-function start_partitioned_client {
-  local PARTITION=${1:-ap1}
-
-  # Start consul now as setup script needs it up
-  docker_kill_rm consul-${PARTITION}
-
-  license="${CONSUL_LICENSE:-}"
-  # load the consul license so we can pass it into the consul
-  # containers as an env var in the case that this is a consul
-  # enterprise test
-  if test -z "$license" -a -n "${CONSUL_LICENSE_PATH:-}"
-  then
-    license=$(cat $CONSUL_LICENSE_PATH)
-  fi
-
-  sh -c "rm -rf /workdir/${PARTITION}/data"
-
-  # Run consul and expose some ports to the host to make debugging locally a
-  # bit easier.
-  #
-  docker.exe run -d --name envoy_consul-${PARTITION}_1 \
-    --net=envoy-tests \
-    $WORKDIR_SNIPPET \
-    --hostname "consul-${PARTITION}-client" \
-    --network-alias "consul-${PARTITION}-client" \
-    -e "CONSUL_LICENSE=$license" \
-    windows/consul:local agent \
-    -datacenter "primary" \
-    -retry-join "consul-primary-server" \
-    -grpc-port 8502 \
-    -data-dir "/tmp/consul" \
-    -config-dir "C:\\workdir\\${PARTITION}/consul" \
-    -client "0.0.0.0" >/dev/null
-}
-
-function pre_service_setup {
-  local CLUSTER=${1:-primary}
-
-  # Run test case setup (e.g. generating Envoy bootstrap, starting containers)
-  if [ -f "${CASE_DIR}/${CLUSTER}/setup.sh" ]
-  then
-    source ${CASE_DIR}/${CLUSTER}/setup.sh
-  else
-    source ${CASE_DIR}/setup.sh
-  fi
-}
-
-function start_services {
-  # Start containers required
-  if [ ! -z "$REQUIRED_SERVICES" ] ; then
-    docker_kill_rm $REQUIRED_SERVICES
-    run_containers $REQUIRED_SERVICES
-  fi
-
-  return 0
-}
-
-function verify {
-  local CLUSTER="$1"
-  if test -z "$CLUSTER"; then
-    CLUSTER="primary"
-  fi
-
-  # Execute tests
-  res=0
-
-  # Nuke any previous case's verify container.
-  docker_kill_rm verify-${CLUSTER}
-
-  echo "Running ${CLUSTER} verification step for ${CASE_DIR}..."
-
-  # need to tell the PID 1 inside of the container that it won't be actual PID
-  # 1 because we're using --pid=host so we use TINI_SUBREAPER
-  if docker.exe exec -i ${SINGLE_CONTAINER_BASE_NAME}-${CLUSTER}_1 bash \
-    -c "TINI_SUBREAPER=1 \
-    ENVOY_VERSION=${ENVOY_VERSION} \
-    XDS_TARGET=${XDS_TARGET} \
-    /c/bats/bin/bats \
-    --pretty /c/workdir/${CLUSTER}/bats" ; then
-    echo "✓ PASS"
-  else
-    echo "⨯ FAIL"
-    res=1
-  fi
-
-  return $res
-}
-
-function capture_logs {
-  local LOG_DIR="workdir/logs/${CASE_DIR}/${ENVOY_VERSION}"
-
-  init_vars
-
-  echo "Capturing Logs"
-  mkdir -p "$LOG_DIR"
-
-  services="$REQUIRED_SERVICES consul-primary"
-  if [[ "$XDS_TARGET" == "client" ]]
-  then
-    services="$services consul-primary-server"
-  fi
-
-  if is_set $REQUIRE_SECONDARY
-  then
-    services="$services consul-secondary"
-
-    if [[ "$XDS_TARGET" == "client" ]]
-    then
-      services="$services consul-secondary-server"
-    fi
-  fi
-
-  if is_set $REQUIRE_PARTITIONS
-  then
-    services="$services consul-ap1"
-  fi
-  if is_set $REQUIRE_PEERS
-  then
-    services="$services consul-alpha"
-
-    if [[ "$XDS_TARGET" == "client" ]]
-    then
-      services="$services consul-alpha-server"
-    fi
-  fi
-
-  if [ -f "${CASE_DIR}/capture.sh" ]
-  then
-    echo "Executing ${CASE_DIR}/capture.sh"
-    source ${CASE_DIR}/capture.sh || true
-  fi
-
-  for cont in $services; do
-    echo "Capturing log for $cont"
-    docker.exe logs "envoy_${cont}_1" &> "${LOG_DIR}/${cont}.log" || {
-        echo "EXIT CODE $?" > "${LOG_DIR}/${cont}.log"
-    }
-  done
-}
-
-function stop_services {
-  # Teardown
-  docker_kill_rm $REQUIRED_SERVICES
-
-  docker_kill_rm consul-primary consul-primary-server consul-secondary consul-secondary-server consul-ap1 consul-alpha consul-alpha-server
-}
-
-function init_vars {
-  source "defaults.sh"
-  if [ -f "${CASE_DIR}/vars.sh" ] ; then
-    source "${CASE_DIR}/vars.sh"
-  fi
-}
-
-function global_setup {
-  if [ -f "${CASE_DIR}/global-setup-windows.sh" ] ; then    
-    source "${CASE_DIR}/global-setup-windows.sh"
-  fi
-}
-
-function wipe_volumes {
-  docker.exe exec -w "C:\workdir" envoy_workdir_1 cmd /c "rd /s /q . 2>nul"
-}
-
-# Windows containers does not allow cp command while running.
-function stop_and_copy_files {
-    # Create CMD file to execute within the container
-    echo "icacls C:\workdir /grant:r Everyone:(OI)(CI)F /T" > copy.cmd
-    echo "XCOPY C:\workdir_bak C:\workdir /e /h /c /i /y" > copy.cmd
-    # Stop dummy container to copy local workdir to container's workdir_bak
-    docker.exe stop envoy_workdir_1 > /dev/null
-    docker.exe cp workdir/. envoy_workdir_1:/workdir_bak
-    # Copy CMD file into container
-    docker.exe cp copy.cmd envoy_workdir_1:/
-    # Start dummy container and execute the CMD file
-    docker.exe start envoy_workdir_1 > /dev/null
-    docker.exe exec envoy_workdir_1 copy.cmd
-    # Delete local CMD file after execution
-    rm copy.cmd
-}
-
-function run_tests {
-  CASE_DIR="${CASE_DIR?CASE_DIR must be set to the path of the test case}"
-  CASE_NAME=$( basename $CASE_DIR | cut -c6- )
-  export CASE_NAME
-  export SKIP_CASE=""
-
-  init_vars
-
-  # Initialize the workdir
-  init_workdir primary
-
-  if is_set $REQUIRE_SECONDARY
-  then
-    init_workdir secondary
-  fi
-  if is_set $REQUIRE_PARTITIONS
-  then
-    init_workdir ap1
-  fi
-  if is_set $REQUIRE_PEERS
-  then
-    init_workdir alpha
-  fi
-
-  global_setup
-  
-  # Allow vars.sh to set a reason to skip this test case based on the ENV
-  if [ "$SKIP_CASE" != "" ] ; then
-    echo "SKIPPING CASE: $SKIP_CASE"
-    return 0
-  fi
-
-  # Wipe state
-  wipe_volumes
-
-  # Copying base files to shared volume
-  stop_and_copy_files
-
-  # Starting Consul primary cluster
-  start_consul primary
-
-  if is_set $REQUIRE_SECONDARY; then
-    start_consul secondary
-  fi
-  if is_set $REQUIRE_PARTITIONS; then
-    docker_consul "primary" consul partition create -name ap1 > /dev/null
-    start_partitioned_client ap1
-  fi
-  if is_set $REQUIRE_PEERS; then
-    start_consul alpha
-  fi
-
-  echo "Setting up the primary datacenter"
-  pre_service_setup primary
-
-  if is_set $REQUIRE_SECONDARY; then
-    echo "Setting up the secondary datacenter"
-    pre_service_setup secondary
-  fi
-  if is_set $REQUIRE_PARTITIONS; then
-    echo "Setting up the non-default partition"
-    pre_service_setup ap1
-  fi
-  if is_set $REQUIRE_PEERS; then
-    echo "Setting up the alpha peer"
-    pre_service_setup alpha
-  fi
-
-  echo "Starting services"
-  start_services
-
-  # Run the verify container and report on the output
-  echo "Verifying the primary datacenter"
-  verify primary
-
-  if is_set $REQUIRE_SECONDARY; then
-    echo "Verifying the secondary datacenter"
-    verify secondary
-  fi
-  if is_set $REQUIRE_PEERS; then
-    echo "Verifying the alpha peer"
-    verify alpha
-  fi
-}
-
-function test_teardown {
-    init_vars
-
-    stop_services
-}
-
-function workdir_cleanup {
-  docker_kill_rm workdir
-  docker.exe volume rm -f envoy_workdir &>/dev/null || true
-}
-
-
-function suite_setup {
-  # Cleanup from any previous unclean runs.
-  suite_teardown
-
-  docker.exe network create -d "nat" envoy-tests &>/dev/null
-
-  # Start the volume container
-  #
-  # This is a dummy container that we use to create volume and keep it
-  # accessible while other containers are down.
-  docker.exe volume create envoy_workdir &>/dev/null
-  docker.exe run -d --name envoy_workdir_1 \
-      $WORKDIR_SNIPPET \
-      --user ContainerAdministrator \
-      --net=none \
-      "${HASHICORP_DOCKER_PROXY}/windows/kubernetes/pause" &>/dev/null
-
-  # pre-build the consul+envoy container
-  echo "Rebuilding 'windows/consul:local' image with envoy $ENVOY_VERSION..."
-  retry_default docker.exe build -t windows/consul:local \
-      --build-arg ENVOY_VERSION=${ENVOY_VERSION} \
-      -f Dockerfile-consul-envoy-windows .
-
-
-  local CONSUL_VERSION=$(docker image inspect --format='{{.ContainerConfig.Labels.version}}' \
-                        windows/consul:local)
-  echo "Running Tests with Consul=$CONSUL_VERSION - Envoy=$ENVOY_VERSION - XDS_TARGET=$XDS_TARGET"
-}
-
-function suite_teardown {
-    docker_kill_rm verify-primary verify-secondary verify-alpha
-
-    # this is some hilarious magic
-    docker_kill_rm $(grep "^function run_container_" $self_name | \
-        sed 's/^function run_container_\(.*\) {/\1/g')
-
-    docker_kill_rm consul-primary consul-primary-server consul-secondary consul-secondary-server consul-ap1 consul-alpha consul-alpha-server
-
-    if docker.exe network inspect envoy-tests &>/dev/null ; then
-        echo -n "Deleting network 'envoy-tests'..."
-        docker.exe network rm envoy-tests
-        echo "done"
-    fi
-
-    workdir_cleanup
-}
-
-function run_containers {
- for name in $@ ; do
-   run_container $name
- done
-}
-
-function run_container {
-  docker_kill_rm "$1"
-  "run_container_$1"
-}
-
-function common_run_container_service {
-  local service="$1"
-  local CLUSTER="$2"
-  local httpPort="$3"
-  local grpcPort="$4"
-  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$CLUSTER"_1
-
-  docker.exe exec -d $CONTAINER_NAME bash \
-    -c "FORTIO_NAME=${service} \
-    fortio.exe server \
-    -http-port ":$httpPort" \
-    -grpc-port ":$grpcPort" \
-    -redirect-port disabled"
-}
-
-function run_container_s1 {
-  common_run_container_service s1 primary 8080 8079
-}
-
-function run_container_s1-ap1 {
-  common_run_container_service s1 ap1 8080 8079
-}
-
-function run_container_s2 {
-  common_run_container_service s2 primary 8181 8179
-}
-function run_container_s2-v1 {
-  common_run_container_service s2-v1 primary 8182 8178
-}
-function run_container_s2-v2 {
-  common_run_container_service s2-v2 primary 8183 8177
-}
-
-function run_container_s3 {
-  common_run_container_service s3 primary 8282 8279
-}
-function run_container_s3-v1 {
-  common_run_container_service s3-v1 primary 8283 8278
-}
-function run_container_s3-v2 {
-  common_run_container_service s3-v2 primary 8284 8277
-}
-function run_container_s3-alt {
-  common_run_container_service s3-alt primary 8286 8280
-}
-
-function run_container_s4 {
-  common_run_container_service s4 primary 8382 8281
-}
-
-function run_container_s1-secondary {
-  common_run_container_service s1-secondary secondary 8080 8079
-}
-
-function run_container_s2-secondary {
-  common_run_container_service s2-secondary secondary 8181 8179
-}
-
-function run_container_s2-ap1 {
-  common_run_container_service s2 ap1 8480 8479
-}
-
-function run_container_s3-ap1 {
-  common_run_container_service s3 ap1 8580 8579
-}
-
-function run_container_s1-alpha {
-  common_run_container_service s1-alpha alpha 8080 8079
-}
-
-function run_container_s2-alpha {
-  common_run_container_service s2-alpha alpha 8181 8179
-}
-
-function run_container_s3-alpha {
-  common_run_container_service s3-alpha alpha 8282 8279
-}
-
-function common_run_container_sidecar_proxy {
-  local service="$1"
-  local CLUSTER="$2"
-  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$CLUSTER"_1
-
-  # Hot restart breaks since both envoys seem to interact with each other
-  # despite separate containers that don't share IPC namespace. Not quite
-  # sure how this happens but may be due to unix socket being in some shared
-  # location?
-  docker.exe exec -d $CONTAINER_NAME bash \
-    -c "envoy.exe \
-    -c /c/workdir/${CLUSTER}/envoy/${service}-bootstrap.json \
-    -l trace \
-    --disable-hot-restart \
-    --drain-time-s 1 >/dev/null"
-}
-
-function run_container_s1-sidecar-proxy {
-  common_run_container_sidecar_proxy s1 primary
-}
-
-function run_container_s1-ap1-sidecar-proxy {
-  common_run_container_sidecar_proxy s1 ap1
-}
-
-function run_container_s1-sidecar-proxy-consul-exec {
-  local CLUSTER="primary"
-  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$CLUSTER"_1
-  local ADMIN_HOST="127.0.0.1"
-  local ADMIN_PORT="19000"
-
-  docker.exe exec -d $CONTAINER_NAME bash \
-    -c "consul connect envoy -sidecar-for s1 \
-    -http-addr $CONTAINER_NAME:8500 \
-    -grpc-addr $CONTAINER_NAME:8502 \
-    -admin-bind $ADMIN_HOST:$ADMIN_PORT \
-    -envoy-version ${ENVOY_VERSION} \
-    -- \
-    -l trace >/dev/null"
-}
-
-function run_container_s2-sidecar-proxy {
-  common_run_container_sidecar_proxy s2 primary
-}
-function run_container_s2-v1-sidecar-proxy {
-  common_run_container_sidecar_proxy s2-v1 primary
-}
-function run_container_s2-v2-sidecar-proxy {
-  common_run_container_sidecar_proxy s2-v2 primary
-}
-
-function run_container_s3-sidecar-proxy {
-  common_run_container_sidecar_proxy s3 primary
-}
-function run_container_s3-v1-sidecar-proxy {
-  common_run_container_sidecar_proxy s3-v1 primary
-}
-function run_container_s3-v2-sidecar-proxy {
-  common_run_container_sidecar_proxy s3-v2 primary
-}
-
-function run_container_s3-alt-sidecar-proxy {
-  common_run_container_sidecar_proxy s3-alt primary
-}
-
-function run_container_s1-sidecar-proxy-secondary {
-  common_run_container_sidecar_proxy s1 secondary
-}
-function run_container_s2-sidecar-proxy-secondary {
-  common_run_container_sidecar_proxy s2 secondary
-}
-
-function run_container_s2-ap1-sidecar-proxy {
-  common_run_container_sidecar_proxy s2 ap1
-}
-
-function run_container_s3-ap1-sidecar-proxy {
-  common_run_container_sidecar_proxy s3 ap1
-}
-
-function run_container_s1-sidecar-proxy-alpha {
-  common_run_container_sidecar_proxy s1 alpha
-}
-function run_container_s2-sidecar-proxy-alpha {
-  common_run_container_sidecar_proxy s2 alpha
-}
-function run_container_s3-sidecar-proxy-alpha {
-  common_run_container_sidecar_proxy s3 alpha
-}
-
-function common_run_container_gateway {
-  local name="$1"
-  local DC="$2"
-  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$DC"_1
-
-  # Hot restart breaks since both envoys seem to interact with each other
-  # despite separate containers that don't share IPC namespace. Not quite
-  # sure how this happens but may be due to unix socket being in some shared
-  # location?
-  docker.exe exec -d $CONTAINER_NAME bash \
-    -c "envoy.exe \
-    -c /c/workdir/${DC}/envoy/${name}-bootstrap.json \
-    -l trace \
-    --disable-hot-restart \
-    --drain-time-s 1 >/dev/null"
-}
-
-function run_container_gateway-primary {
-  common_run_container_gateway mesh-gateway primary
-}
-function run_container_gateway-secondary {
-  common_run_container_gateway mesh-gateway secondary
-}
-function run_container_gateway-alpha {
-  common_run_container_gateway mesh-gateway alpha
-}
-
-function run_container_ingress-gateway-primary {
-  common_run_container_gateway ingress-gateway primary
-}
-
-function run_container_api-gateway-primary {
-  common_run_container_gateway api-gateway primary
-}
-
-function run_container_terminating-gateway-primary {
-  common_run_container_gateway terminating-gateway primary
-}
-
-function run_container_fake-statsd {
-  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"primary"_1
-  # This magic SYSTEM incantation is needed since Envoy doesn't add newlines and so
-  # we need each packet to be passed to echo to add a new line before
-  # appending. But it does not work on Windows.   
-  docker.exe exec -d $CONTAINER_NAME bash -c "socat -u UDP-RECVFROM:8125,fork,reuseaddr OPEN:/workdir/primary/statsd/statsd.log,create,append"                                            
-}
-
-function run_container_zipkin {
-  docker.exe run -d --name $(container_name) \
-    $WORKDIR_SNIPPET \
-    $(network_snippet primary) \
-    "${HASHICORP_DOCKER_PROXY}/windows/openzipkin"
-}
-
-function run_container_jaeger {
-  echo "Starting Jaeger service..."
-
-  local DC=${1:-primary}
-  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$DC"_1
-
-  docker.exe exec -d $CONTAINER_NAME bash -c "jaeger-all-in-one.exe \
-    --collector.zipkin.http-port=9411"
-}
-
-function run_container_test-sds-server {
-  echo "Starting test-sds-server"
-  
-  local DC=${1:-primary}
-  local CONTAINER_NAME="$SINGLE_CONTAINER_BASE_NAME"-"$DC"_1
-
-  docker.exe exec -d $CONTAINER_NAME bash -c "cd /c/test-sds-server &&
-    ./test-sds-server.exe"
-}
-
-function container_name {
-  echo "envoy_${FUNCNAME[1]/#run_container_/}_1"
-}
-function container_name_prev {
-  echo "envoy_${FUNCNAME[2]/#run_container_/}_1"
-}
-
-# This is a debugging tool. Run via 'bash run-tests.sh debug_dump_volumes' on Powershell
-function debug_dump_volumes {
-  local LINUX_PATH=$(pwd)
-  local WIN_PATH=$( echo "$LINUX_PATH" | sed 's/^\/mnt//' | sed -e 's/^\///' -e 's/\//\\/g' -e 's/^./\0:/' )  
-  docker.exe run -it \
-    $WORKDIR_SNIPPET \
-    -v "$WIN_PATH":"C:\\cwd" \
-    --net=none \
-    "${HASHICORP_DOCKER_PROXY}/windows/nanoserver:1809" \
-    cmd /c "xcopy \workdir \cwd\workdir /E /H /C /I /Y"
-}
-
-function run_container_tcpdump-primary {
-    # To use add "tcpdump-primary" to REQUIRED_SERVICES
-    common_run_container_tcpdump primary
-}
-function run_container_tcpdump-secondary {
-    # To use add "tcpdump-secondary" to REQUIRED_SERVICES
-    common_run_container_tcpdump secondary
-}
-function run_container_tcpdump-alpha {
-    # To use add "tcpdump-alpha" to REQUIRED_SERVICES
-    common_run_container_tcpdump alpha
-}
-
-function common_run_container_tcpdump {
-    local DC="$1"
-
-    # we cant run this in circle but its only here to temporarily enable.
-
-#     docker.exe build --rm=false -t envoy-tcpdump -f Dockerfile-tcpdump-windows .
-
-    docker.exe run -d --name $(container_name_prev) \
-        $(network_snippet $DC) \
-        envoy-tcpdump \
-        -v -i any \
-        -w "/data/${DC}.pcap"
-}
-
-case "${1-}" in
-  "")
-    echo "command required"
-    exit 1 ;;
-  *)
-    "$@" ;;
-esac
diff --git a/test/integration/connect/envoy/test-sds-server/Dockerfile b/test/integration/connect/envoy/test-sds-server/Dockerfile
index 73f72667b95a..5ea87089c704 100644
--- a/test/integration/connect/envoy/test-sds-server/Dockerfile
+++ b/test/integration/connect/envoy/test-sds-server/Dockerfile
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 FROM golang:latest
 
diff --git a/test/integration/connect/envoy/test-sds-server/certs/gen-certs.sh b/test/integration/connect/envoy/test-sds-server/certs/gen-certs.sh
index 2c416ad146db..bf46e5da0abf 100755
--- a/test/integration/connect/envoy/test-sds-server/certs/gen-certs.sh
+++ b/test/integration/connect/envoy/test-sds-server/certs/gen-certs.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 set -eEuo pipefail
diff --git a/test/integration/connect/envoy/test-sds-server/sds.go b/test/integration/connect/envoy/test-sds-server/sds.go
index 6223d894449d..6c1ed208cd52 100644
--- a/test/integration/connect/envoy/test-sds-server/sds.go
+++ b/test/integration/connect/envoy/test-sds-server/sds.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package main
 
diff --git a/test/integration/connect/envoy/windows-troubleshooting.md b/test/integration/connect/envoy/windows-troubleshooting.md
deleted file mode 100644
index a3a83e088808..000000000000
--- a/test/integration/connect/envoy/windows-troubleshooting.md
+++ /dev/null
@@ -1,90 +0,0 @@
-# Envoy Integration Tests on Windows
-
-## Index
-
-- [About this Guide](#about-this-guide)
-- [Prerequisites](#prerequisites)
-- [Running the Tests](#running-the-tests)
-- [Troubleshooting](#troubleshooting)
-  - [About Envoy Integration Tests on Windows](#about-envoy-integration-tests-on-windows)
-  - [Common Errors](#common-errors)
-- [Windows Scripts Changes](#windows-scripts-changes)
-- [Volume Issues](#volume-issues)  
-
-## About this Guide
-
-On this guide you will find all the information required to run the Envoy integration tests on Windows.
-
-## Prerequisites
-
-To run the integration tests yo will need to have the following installed on your System:
-
-- GO v1.18(or later).
-- Gotestsum library [installation](https://pkg.go.dev/gotest.tools/gotestsum).
-- Docker.
-
-Before running the tests, you will need to build the required Docker images, to do so, you can use the script provided [here](../../../../build-support-windows/build-images.sh):
-
-- Build Images Script Execution
-  - From a Bash console (GitBash or WSL) execute: `./build-images.sh`
-
-## Running the Tests
-
-To execute the tests you need to run the following command depending on the shell you are using:  
-**On Powershell**:  
-`go test -v -timeout=30m -tags integration ./test/integration/connect/envoy -run="TestEnvoy/<TEST CASE>" -win=true`  
-Where **TEST CASE** is the individual test case we want to execute (e.g. case-badauthz).  
-
-**On Git Bash**:  
-`ENVOY_VERSION=<ENVOY VERSION> go test -v -timeout=30m -tags integration ./test/integration/connect/envoy -run="TestEnvoy/<TEST CASE>" -win=true`  
-Where **TEST CASE** is the individual test case we want to execute (e.g. case-badauthz), and **ENVOY VERSION** is the version which you are currently testing.
-
-> [!TIP]
-> When executing the integration tests using **Powershell** you may need to set the ENVOY_VERSION value manually in line 20 of the [run-tests.windows.sh](run-tests.windows.sh) file.
-
-> [!WARNING]
-> When executing the integration tests for Windows environments, the **End of Line Sequence** of every related file and/or script will be changed from **LF** to **CRLF**.
-
-### About Envoy Integration Tests on Windows
-
-Integration tests on Linux run a multi-container architecture that take advantage of the Host Network Docker feature, using this feature means that the container's network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated (read more about this [here](https://docs.docker.com/network/host/)). This feature is only available for Linux, which made migrating the tests to Windows challenging, since replicating the same architecture created more issues, that's why a **single container** architecture was chosen to run the Envoy integration tests.  
-Using a single container architecture meant that we could use the same tests as on linux, moreover we were able to speed-up their execution by replacing *docker run* commands which started utility containers, for *docker exec* commands.
-
-### Common errors
-
-If the tests are executed without docker running, the following error will be seen:
-
-```powershell
-error during connect: This error may indicate that the docker daemon is not running.: Post "http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile-bats-windows&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&shmsize=0&t=bats-verify&target=&ulimits=null&version=1": open //./pipe/docker_engine: The system cannot find the file specified.
-```
-
-If any of the docker images does not exist or is mistagged, an error similar to the following will be displayed:
-
-```powershell
-Error response from daemon: No such container: envoy_workdir_1
-```
-
-If you run the Windows tests from WSL you will get the following error message:
-
-```bash
-main_test.go:34: command failed: exec: "cmd": executable file not found in $PATH
-```
-
-## Windows Scripts Changes
-
-- The  "http-addr", "grpc-addr" and "admin-access-log-path" flags were added to the creation of the Envoy Bootstrap files.
-- To execute commands sh was replaced by bash on our Windows container.
-- All paths were updated to use Windows format.
-- Created *stop_and_copy_files* function to copy files into the shared volume (see [volume issues](#volume-issues)).
-- Changed the *-admin-bind* value from `0.0.0.0` to `127.0.0.1` when generating the Envoy Bootstrap files.
-- Removed the *&&* from the *common_run_container_service's* docker exec command and replaced it with *\*.
-- Removed *docker_wget* and *docker_curl* functions from [helpers.windows.bash](helpers.windows.bash) file and replaced them with **docker_consul_exec**, this way we avoid starting intermediate containers when capturing logs.
-- The function *wipe_volumes* uses a `docker exec` command instead of the original `docker run`, this way we speed up test execution by avoiding to start a new container just to delete volume content before each test run.
-- For **case-grpc** we increased the `envoy_stats_flush_interval` value from 1s to 5s, on Windows, the original value caused the test to pass or fail randomly.
-- For **case-wanfed-gw** a new script was created: **global-setup-windows.sh**, this file replaces global-setup.sh when running this test in Windows. The new script uses the windows/consul:local Docker image to generate the required TLS files and copies them into host's workdir directory.
-- To use the **debug_dump_volumes** function, you need to use it via Powershell and execute the following command: `bash run-tests.windows.sh debug_dump_volumes` Make sure to be positioned with your terminal in the correct directory.
-- For **case-consul-exec** this case can only be run when using the consul-dev Docker image on this repository, since it relies on features implemented only here. These features are: Windows valid default value for "-admin-access-log-path" and `consul connect envoy` command starts Envoy. This features have also been submitted in [PR#15114](https://github.com/hashicorp/consul/pull/15114).  
-
-## Volume Issues
-
-Another difference that arose when migrating the tests from Linux to Windows, is that file system operations can't be executed while Windows containers are running. Currently, when running the tests a **named volume** is created and all of the required files are copied into that volume. Because of the constraint mentioned before, the workaround we implemented was creating a function (**stop_and_copy_files**) that stops the *kubernetes/pause* container and executes a script to copy the required files and finally starts the container again.
diff --git a/test/integration/consul-container/assets/tproxy-startup.sh b/test/integration/consul-container/assets/tproxy-startup.sh
index 974d9368cbfd..1e5963fe9fe9 100644
--- a/test/integration/consul-container/assets/tproxy-startup.sh
+++ b/test/integration/consul-container/assets/tproxy-startup.sh
@@ -1,7 +1,4 @@
 #!/usr/bin/env sh
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 
 set -ex
 
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index 8fde4fd94d8e..6b54e847e8af 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -7,23 +7,17 @@ require (
 	github.com/avast/retry-go v3.0.0+incompatible
 	github.com/docker/docker v24.0.5+incompatible
 	github.com/docker/go-connections v0.4.0
-	github.com/evanphx/json-patch v4.12.0+incompatible
 	github.com/go-jose/go-jose/v3 v3.0.0
-	github.com/hashicorp/consul v0.0.0-00010101000000-000000000000
 	github.com/hashicorp/consul/api v1.24.0
 	github.com/hashicorp/consul/envoyextensions v0.4.1
-	github.com/hashicorp/consul/proto-public v0.4.1
 	github.com/hashicorp/consul/sdk v0.14.1
-	github.com/hashicorp/consul/testing/deployer v0.0.0-00010101000000-000000000000
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-uuid v1.0.3
 	github.com/hashicorp/go-version v1.2.1
-	github.com/hashicorp/hcl v1.0.0
 	github.com/hashicorp/serf v0.10.1
 	github.com/itchyny/gojq v0.12.9
 	github.com/mitchellh/copystructure v1.2.0
-	github.com/mitchellh/mapstructure v1.5.0
 	github.com/otiai10/copy v1.10.0
 	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.8.4
@@ -34,198 +28,66 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.20.1 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.1 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	fortio.org/dflag v1.5.2 // indirect
 	fortio.org/log v1.3.0 // indirect
 	fortio.org/sets v1.0.2 // indirect
 	fortio.org/version v1.0.2 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 // indirect
-	github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
-	github.com/armon/go-radix v1.0.0 // indirect
-	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go v1.44.289 // indirect
-	github.com/benbjohnson/immutable v0.4.0 // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/boltdb/bolt v1.3.1 // indirect
-	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
-	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect
-	github.com/circonus-labs/circonusllhist v0.1.3 // indirect
 	github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
 	github.com/containerd/containerd v1.7.3 // indirect
-	github.com/coreos/etcd v3.3.27+incompatible // indirect
-	github.com/coreos/go-oidc v2.1.0+incompatible // indirect
-	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
-	github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
 	github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f // indirect
 	github.com/envoyproxy/protoc-gen-validate v0.10.1 // indirect
 	github.com/fatih/color v1.14.1 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
-	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/analysis v0.21.4 // indirect
-	github.com/go-openapi/errors v0.20.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.20.0 // indirect
-	github.com/go-openapi/loads v0.21.2 // indirect
-	github.com/go-openapi/runtime v0.25.0 // indirect
-	github.com/go-openapi/spec v0.20.8 // indirect
-	github.com/go-openapi/strfmt v0.21.3 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
-	github.com/go-openapi/validate v0.22.1 // indirect
-	github.com/go-ozzo/ozzo-validation v3.6.0+incompatible // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.0.1 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/s2a-go v0.1.4 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
-	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
-	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
-	github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 // indirect
-	github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-bexpr v0.1.2 // indirect
-	github.com/hashicorp/go-connlimit v0.3.0 // indirect
 	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
-	github.com/hashicorp/go-memdb v1.3.4 // indirect
 	github.com/hashicorp/go-msgpack v1.1.5 // indirect
-	github.com/hashicorp/go-msgpack/v2 v2.0.0 // indirect
-	github.com/hashicorp/go-plugin v1.4.5 // indirect
-	github.com/hashicorp/go-raftchunking v0.7.0 // indirect
-	github.com/hashicorp/go-retryablehttp v0.6.7 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
-	github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 // indirect
-	github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect
-	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
-	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
-	github.com/hashicorp/go-syslog v1.0.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/hashicorp/hcp-scada-provider v0.2.3 // indirect
-	github.com/hashicorp/hcp-sdk-go v0.61.0 // indirect
-	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 // indirect
 	github.com/hashicorp/memberlist v0.5.0 // indirect
-	github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 // indirect
-	github.com/hashicorp/raft v1.5.0 // indirect
-	github.com/hashicorp/raft-autopilot v0.1.6 // indirect
-	github.com/hashicorp/raft-boltdb/v2 v2.2.2 // indirect
-	github.com/hashicorp/raft-wal v0.3.0 // indirect
-	github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 // indirect
-	github.com/hashicorp/vault/api v1.8.3 // indirect
-	github.com/hashicorp/vault/api/auth/gcp v0.3.0 // indirect
-	github.com/hashicorp/vault/sdk v0.7.0 // indirect
-	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
-	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/itchyny/timefmt-go v0.1.4 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.16.7 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/miekg/dns v1.1.50 // indirect
-	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
-	github.com/mitchellh/go-testing-interface v1.14.0 // indirect
-	github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 // indirect
-	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
-	github.com/mitchellh/pointerstructure v1.2.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/patternmatcher v0.5.0 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/oklog/run v1.0.0 // indirect
-	github.com/oklog/ulid v1.3.1 // indirect
-	github.com/oklog/ulid/v2 v2.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
 	github.com/opencontainers/runc v1.1.8 // indirect
-	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
-	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
-	github.com/pierrec/lz4 v2.5.2+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.39.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
-	github.com/segmentio/fasthash v1.0.3 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
-	github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
-	go.etcd.io/bbolt v1.3.7 // indirect
-	go.mongodb.org/mongo-driver v1.11.0 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.16.0 // indirect
-	go.opentelemetry.io/otel/metric v1.16.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.16.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v0.39.0 // indirect
-	go.opentelemetry.io/otel/trace v1.16.0 // indirect
-	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
 	golang.org/x/crypto v0.12.0 // indirect
-	golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b // indirect
+	golang.org/x/exp v0.0.0-20230807204917-050eac23e9de // indirect
 	golang.org/x/net v0.14.0 // indirect
-	golang.org/x/oauth2 v0.8.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
 	golang.org/x/sys v0.11.0 // indirect
-	golang.org/x/term v0.11.0 // indirect
 	golang.org/x/text v0.12.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.11.1 // indirect
-	google.golang.org/api v0.126.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 // indirect
+	golang.org/x/tools v0.12.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
-	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/ini.v1 v1.66.2 // indirect
-	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.26.2 // indirect
-	k8s.io/apimachinery v0.26.2 // indirect
-	k8s.io/client-go v0.26.2 // indirect
-	k8s.io/klog/v2 v2.90.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
-	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
 )
 
 replace (
diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum
index 026ae8db72f3..d194eacdceb5 100644
--- a/test/integration/consul-container/go.sum
+++ b/test/integration/consul-container/go.sum
@@ -1,56 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
-cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
-cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
-cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
-cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
-cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
-cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
-cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
-cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
-cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
-cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
-cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y=
-cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 fortio.org/assert v1.1.4 h1:Za1RaG+OjsTMpQS3J3UCvTF6wc4+IOHCz+jAOU37Y4o=
 fortio.org/dflag v1.5.2 h1:F9XVRj4Qr2IbJP7BMj7XZc9wB0Q/RZ61Ool+4YPVad8=
 fortio.org/dflag v1.5.2/go.mod h1:ppb/A8u+KKg+qUUYZNYuvRnXuVb8IsdHb/XGzsmjkN8=
@@ -66,93 +16,39 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/DataDog/datadog-go v4.8.2+incompatible h1:qbcKSx29aBLD+5QLvlQZlGmRMF/FfGqFLFev/1TDzRo=
-github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 h1:K4N91T1+RlSlx+t2dujeDviy4ehSGVjEltluDgmeHS4=
-github.com/aliyun/alibaba-cloud-sdk-go v1.62.156/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e h1:QEF07wC0T1rKkctt1RINW/+RMTVmiwxETico2l3gxJA=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-metrics v0.0.0-20190430140413-ec5e00d3c878/go.mod h1:3AMJUQhVx52RsWOnlkpikZr01T/yAVN2gn0861vByNg=
-github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
 github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
-github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0=
 github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
-github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
-github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0=
-github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/benbjohnson/immutable v0.4.0 h1:CTqXbEerYso8YzVPxmWxh2gnoRQbbB9X1quUC8+vGZA=
-github.com/benbjohnson/immutable v0.4.0/go.mod h1:iAr8OjJGLnLmVUr9MZ/rz4PWUy6Ouc2JLYuMArmvAJM=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
-github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
-github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
-github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
-github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible h1:C29Ae4G5GtYyYMm1aztcyj/J5ckgJm2zwdDajFbx1NY=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
-github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
 github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/containerd v1.7.3 h1:cKwYKkP1eTj54bP3wCdXXBymmKRQMrWjkLSWZZJDa8o=
 github.com/containerd/containerd v1.7.3/go.mod h1:32FOM4/O0RkNg7AjQj3hDzN9cUGtu+HMvaKUNiqCZB8=
-github.com/coreos/etcd v3.3.27+incompatible h1:QIudLb9KeBsE5zyYxd1mjzRSkzLg9Wf9QlRwFgd6oTA=
-github.com/coreos/etcd v3.3.27+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
-github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf h1:GOPo6vn/vTN+3IwZBvXX0y5doJfSC7My0cdzelyOCsQ=
-github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E=
 github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -167,405 +63,107 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
-github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f h1:7T++XKzy4xg7PKy+bM+Sa9/oe1OC88yz2hXQUISoXfA=
 github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8=
 github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
-github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
-github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
 github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
-github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
-github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
-github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y=
-github.com/frankban/quicktest v1.13.0 h1:yNZif1OkDfNoDfb9zZa9aXIpejNR4F23Wely0c+Qdqk=
-github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
 github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
-github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
-github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc=
-github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo=
-github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc=
-github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
-github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
-github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
-github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
-github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
-github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
-github.com/go-openapi/runtime v0.25.0 h1:7yQTCdRbWhX8vnIjdzU8S00tBYf7Sg71EBeorlPHvhc=
-github.com/go-openapi/runtime v0.25.0/go.mod h1:Ux6fikcHXyyob6LNWxtE96hWwjBPYF0DXgVFuMTneOs=
-github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
-github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
-github.com/go-openapi/spec v0.20.8 h1:ubHmXNY3FCIOinT8RNrrPfGc9t7I1qhPtdOGoG2AxRU=
-github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
-github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
-github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
-github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o=
-github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU=
-github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
-github.com/go-ozzo/ozzo-validation v3.6.0+incompatible h1:msy24VGS42fKO9K1vLz82/GeYW1cILu7Nuuj1N3BBkE=
-github.com/go-ozzo/ozzo-validation v3.6.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU=
-github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
-github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
-github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
-github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
-github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
-github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
-github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
-github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs=
-github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
-github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
-github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk=
-github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28=
-github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo=
-github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk=
-github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw=
-github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360=
-github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg=
-github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE=
-github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8=
-github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
-github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
-github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
-github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
-github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
-github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
-github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
-github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
-github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
-github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
-github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
-github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
-github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 h1:AtvtonGEH/fZK0XPNNBdB6swgy7Iudfx88wzyIpwqJ8=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4=
-github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
-github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
-github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 h1:lLT7ZLSzGLI08vc9cpd+tYmNWjdKDqyr/2L+f6U12Fk=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
-github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 h1:1ZEjnveDe20yFa6lSkfdQZm5BR/b271n0MsB5R2L3us=
-github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706/go.mod h1:1Cs8FlmD1BfSQXJGcFLSV5FuIx1AbJP+EJGdxosoS2g=
-github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 h1:wzWurXrxfSyG1PHskIZlfuXlTSCj1Tsyatp9DtaasuY=
-github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69/go.mod h1:svUZZDvotY8zTODknUePc6mZ9pX8nN0ViGwWcUSOBEA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-bexpr v0.1.2 h1:ijMXI4qERbzxbCnkxmfUtwMyjrrk3y+Vt0MxojNCbBs=
-github.com/hashicorp/go-bexpr v0.1.2/go.mod h1:ANbpTX1oAql27TZkKVeW8p1w8NTdnyzPe/0qqPCKohU=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-connlimit v0.3.0 h1:oAojHGjFxUTTTA8c5XXnDqWJ2HLuWbDiBPTpWvNzvqM=
-github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0=
-github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
 github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0/go.mod h1:xvb32K2keAc+R8DSFG2IwDcydK9DBQE+fGA5fsw6hSk=
-github.com/hashicorp/go-memdb v1.3.4 h1:XSL3NR682X/cVk2IeV0d70N4DZ9ljI885xAEU8IoK3c=
-github.com/hashicorp/go-memdb v1.3.4/go.mod h1:uBTr1oQbtuMgd1SSGoR8YV27eT3sBHbYiNm53bMpgSg=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-msgpack v1.1.5 h1:9byZdVjKTe5mce63pRVNP1L7UAmdHOTEMGehn6KvJWs=
 github.com/hashicorp/go-msgpack v1.1.5/go.mod h1:gWVc3sv/wbDmR3rQsj1CAktEZzoz1YNK9NfGLXJ69/4=
-github.com/hashicorp/go-msgpack/v2 v2.0.0 h1:c1fiLq1LNghmLOry1ipGhvLDi+/zEoaEP2JrE1oFJ9s=
-github.com/hashicorp/go-msgpack/v2 v2.0.0/go.mod h1:JIxYkkFJRDDRSoWQBSh7s9QAVThq+82iWmUpmE4jKak=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
-github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo=
-github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
-github.com/hashicorp/go-raftchunking v0.7.0 h1:APNMnCXmTOhumkFv/GpJIbq7HteWF7EnGZ3875lRN0Y=
-github.com/hashicorp/go-raftchunking v0.7.0/go.mod h1:Dg/eBOaJzE0jYKNwNLs5IA5j0OSmL5HoCUiMy3mDmrI=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
-github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
-github.com/hashicorp/go-retryablehttp v0.6.7 h1:8/CAEZt/+F7kR7GevNHulKkUjLht3CPmn7egmhieNKo=
-github.com/hashicorp/go-retryablehttp v0.6.7/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
-github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA=
-github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg=
-github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
-github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 h1:cCRo8gK7oq6A2L6LICkUZ+/a5rLiRXFMf1Qd4xSwxTc=
-github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
-github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo=
-github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
-github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
-github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
-github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
-github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ=
-github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo=
-github.com/hashicorp/hcp-sdk-go v0.61.0 h1:x4hJ8SlLI5WCE8Uzcu4q5jfdOEz/hFxfUkhAdoFdzSg=
-github.com/hashicorp/hcp-sdk-go v0.61.0/go.mod h1:xP7wmWAmdMxs/7+ovH3jZn+MCDhHRj50Rn+m7JIY3Ck=
-github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok=
-github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
 github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM=
 github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0=
-github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 h1:kBpVVl1sl3MaSrs97e0+pDQhSrqJv9gVbSUrPpVfl1w=
-github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0/go.mod h1:6pdNz0vo0mF0GvhwDG56O3N18qBrAz/XRIcfINfTbwo=
-github.com/hashicorp/raft v1.1.0/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM=
-github.com/hashicorp/raft v1.2.0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8=
-github.com/hashicorp/raft v1.3.11/go.mod h1:J8naEwc6XaaCfts7+28whSeRvCqTd6e20BlCU3LtEO4=
-github.com/hashicorp/raft v1.5.0 h1:uNs9EfJ4FwiArZRxxfd/dQ5d33nV31/CdCHArH89hT8=
-github.com/hashicorp/raft v1.5.0/go.mod h1:pKHB2mf/Y25u3AHNSXVRv+yT+WAnmeTX0BwVppVQV+M=
-github.com/hashicorp/raft-autopilot v0.1.6 h1:C1q3RNF2FfXNZfHWbvVAu0QixaQK8K5pX4O5lh+9z4I=
-github.com/hashicorp/raft-autopilot v0.1.6/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw=
-github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk=
-github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I=
-github.com/hashicorp/raft-boltdb v0.0.0-20220329195025-15018e9b97e0 h1:CO8dBMLH6dvE1jTn/30ZZw3iuPsNfajshWoJTnVc5cc=
-github.com/hashicorp/raft-boltdb/v2 v2.2.2 h1:rlkPtOllgIcKLxVT4nutqlTH2NRFn+tO1wwZk/4Dxqw=
-github.com/hashicorp/raft-boltdb/v2 v2.2.2/go.mod h1:N8YgaZgNJLpZC+h+by7vDu5rzsRgONThTEeUS3zWbfY=
-github.com/hashicorp/raft-wal v0.3.0 h1:Mi6RPoRbsxIIYZryI+bSTXHD97Ua6rIYO51ibYV9bkY=
-github.com/hashicorp/raft-wal v0.3.0/go.mod h1:A6vP5o8hGOs1LHfC1Okh9xPwWDcmb6Vvuz/QyqUXlOE=
 github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
 github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
-github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 h1:O6tNk0s/arubLUbLeCyaRs5xGo9VwmbQazISY/BfPK4=
-github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0/go.mod h1:We3fJplmALwK1VpjwrLuXr/4QCQHYMdnXLHmLUU6Ntg=
-github.com/hashicorp/vault/api v1.8.0/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
-github.com/hashicorp/vault/api v1.8.3 h1:cHQOLcMhBR+aVI0HzhPxO62w2+gJhIrKguQNONPzu6o=
-github.com/hashicorp/vault/api v1.8.3/go.mod h1:4g/9lj9lmuJQMtT6CmVMHC5FW1yENaVv+Nv4ZfG8fAg=
-github.com/hashicorp/vault/api/auth/gcp v0.3.0 h1:taum+3pCmOXnNgEKHlQbmgXmKw5daWHk7YJrLPP/w8g=
-github.com/hashicorp/vault/api/auth/gcp v0.3.0/go.mod h1:gnNBFOASYUaFunedTHOzdir7vKcHL3skWBUzEn263bo=
-github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
-github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg=
-github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
-github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
-github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 h1:xixZ2bWeofWV68J+x6AzmKuVM/JWCQwkWm6GW/MUR6I=
-github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
-github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/itchyny/gojq v0.12.9 h1:biKpbKwMxVYhCU1d6mR7qMr3f0Hn9F5k5YykCVb3gmM=
 github.com/itchyny/gojq v0.12.9/go.mod h1:T4Ip7AETUXeGpD+436m+UEl3m3tokRgajd5pRfsR5oE=
 github.com/itchyny/timefmt-go v0.1.4 h1:hFEfWVdwsEi+CY8xY2FtgWHGQaBaC3JeHd+cve0ynVM=
 github.com/itchyny/timefmt-go v0.1.4/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8=
-github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
-github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
-github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
-github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
-github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
 github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
-github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
@@ -575,7 +173,6 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
@@ -583,39 +180,20 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/
 github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
 github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
 github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
 github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
-github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=
-github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw=
-github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-testing-interface v1.14.0 h1:/x0XQ6h+3U3nAyk1yx+bHPURrKa9sVVvYbuqZ7pIAtI=
-github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 h1:hOY53G+kBFhbYFpRVxHl5eS7laP6B1+Cq+Z9Dry1iMU=
-github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ=
-github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
-github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/pointerstructure v1.2.1 h1:ZhBBeX8tSlRpu/FFhXH4RC4OJzFlqsQhoHZAz4x7TIw=
-github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4=
-github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
@@ -625,48 +203,24 @@ github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWK
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
 github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
-github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
-github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
-github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs=
-github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
 github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v1.1.8 h1:zICRlc+C1XzivLc3nzE+cbJV4LIi8tib6YG0MqC6OqA=
 github.com/opencontainers/runc v1.1.8/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
-github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A=
-github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU=
 github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
 github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
-github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
-github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
-github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
-github.com/pierrec/lz4 v2.5.2+incompatible h1:WCjObylUIOlKy/+7Abdn34TLIkXiA4UWUMhxq9m9ZXI=
-github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -676,647 +230,174 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
-github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
-github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
-github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
-github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI=
-github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
-github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM=
-github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
-github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 h1:xzABM9let0HLLqFypcxvLmlvEciCHL7+Lv+4vwZqecI=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569/go.mod h1:2Ly+NIftZN4de9zRmENdYbvPQeaVIYKWpLFStLFEBgI=
 github.com/testcontainers/testcontainers-go v0.22.0 h1:hOK4NzNu82VZcKEB1aP9LO1xYssVFMvlfeuDW9JMmV0=
 github.com/testcontainers/testcontainers-go v0.22.0/go.mod h1:k0YiPa26xJCRUbUkYqy5rY6NGvSbVCeUBXCvucscBR4=
-github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
-github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
-github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o=
-github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
-github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg=
-github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
-github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
-github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
-github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
-github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
-github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
-go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
-go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
-go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
-go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
-go.mongodb.org/mongo-driver v1.11.0 h1:FZKhBSTydeuffHj9CBjXlR8vQLee1cQyTWYPA6/tqiE=
-go.mongodb.org/mongo-driver v1.11.0/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
-go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
-go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
-go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
-go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
-go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE=
-go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4=
-go.opentelemetry.io/otel/sdk/metric v0.39.0 h1:Kun8i1eYf48kHH83RucG93ffz0zGV1sh46FAScOTuDI=
-go.opentelemetry.io/otel/sdk/metric v0.39.0/go.mod h1:piDIRgjcK7u0HCL5pCA4e74qpK/jk3NiUoAHATVAmiI=
-go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
-go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw=
-go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
-go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
-go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b h1:r+vk0EmXNmekl0S0BascoeeoHk/L7wmaW2QF90K+kYI=
-golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/exp v0.0.0-20230807204917-050eac23e9de h1:l5Za6utMv/HsBWWqzt4S8X17j+kt1uVETUX5UFhn2rE=
+golang.org/x/exp v0.0.0-20230807204917-050eac23e9de/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
-golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
 golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
-golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
-golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
 golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190424220101-1e8e1cfdf96b/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.11.1 h1:ojD5zOW8+7dOGzdnNgersm8aPfcDjhMp12UfG93NIMc=
-golang.org/x/tools v0.11.1/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
+golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss=
+golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
-google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
-google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
-google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
-google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
-google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
-google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
-google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o=
-google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
-google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
-google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
-google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e h1:xIXmWJ303kJCuogpj0bHq+dcjcZHU+XFyc1I0Yl9cRg=
-google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:0ggbjUrZYpy1q+ANUS30SEoGZ53cdfwtbuG7Ptgy108=
-google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU=
-google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 h1:eSaPbMR4T7WfH9FvABk36NBMacoTUKdWCvV0dx+KfOg=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5/go.mod h1:zBEcrKX2ZOcEkHWxBPAIvYUWOKKMIhYcmNiUIu2ji3I=
-google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e h1:z3vDksarJxsAKM5dmEGv0GHwE2hKJ096wZra71Vs4sw=
+google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577 h1:wukfNtZmZUurLN/atp2hiIeTKn7QJWIQdHzqmsOnAOk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
-google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
 google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
-google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
-gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ=
-k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU=
-k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
-k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
-k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
-k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
-k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
-k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
-k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
-k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
-k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
diff --git a/test/integration/consul-container/libs/assert/common.go b/test/integration/consul-container/libs/assert/common.go
index c10cb7b9b479..5f2431f6ff2f 100644
--- a/test/integration/consul-container/libs/assert/common.go
+++ b/test/integration/consul-container/libs/assert/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package assert
 
diff --git a/test/integration/consul-container/libs/assert/envoy.go b/test/integration/consul-container/libs/assert/envoy.go
index 05add74c92b0..eef407c25021 100644
--- a/test/integration/consul-container/libs/assert/envoy.go
+++ b/test/integration/consul-container/libs/assert/envoy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package assert
 
@@ -14,12 +14,11 @@ import (
 	"testing"
 	"time"
 
+	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/hashicorp/go-cleanhttp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/hashicorp/consul/sdk/testutil/retry"
-
 	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
 	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
 )
@@ -114,7 +113,7 @@ func AssertUpstreamEndpointStatusWithClient(
 			| length`,
 			clusterName, healthStatus)
 		results, err := utils.JQFilter(clusters, filter)
-		require.NoErrorf(r, err, "could not found cluster name %q: %v \n%s", clusterName, err, clusters)
+		require.NoErrorf(r, err, "could not found cluster name %s in \n%s", clusterName, clusters)
 		require.Len(r, results, 1) // the final part of the pipeline is "length" which only ever returns 1 result
 
 		result, err := strconv.Atoi(results[0])
diff --git a/test/integration/consul-container/libs/assert/grpc.go b/test/integration/consul-container/libs/assert/grpc.go
index a41ef65af620..ec72f0a651fd 100644
--- a/test/integration/consul-container/libs/assert/grpc.go
+++ b/test/integration/consul-container/libs/assert/grpc.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package assert
 
@@ -26,7 +26,6 @@ func GRPCPing(t *testing.T, addr string) {
 	var msg *fgrpc.PingMessage
 	retries := 0
 	retry.RunWith(&retry.Timer{Timeout: time.Minute, Wait: 25 * time.Millisecond}, t, func(r *retry.R) {
-		t.Logf("making grpc call to %s", addr)
 		retries += 1
 		msg, err = pingCl.Ping(context.Background(), &fgrpc.PingMessage{
 			// use addr as payload so we have something variable to check against
diff --git a/test/integration/consul-container/libs/assert/peering.go b/test/integration/consul-container/libs/assert/peering.go
index ab000268d790..2cf842a4aed2 100644
--- a/test/integration/consul-container/libs/assert/peering.go
+++ b/test/integration/consul-container/libs/assert/peering.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package assert
 
@@ -10,8 +10,6 @@ import (
 
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 // PeeringStatus verifies the peering connection is the specified state with a default retry.
@@ -54,8 +52,14 @@ func PeeringExportsOpts(t *testing.T, client *api.Client, peerName string, expor
 
 	retry.RunWith(failer(), t, func(r *retry.R) {
 		peering, _, err := client.Peerings().Read(context.Background(), peerName, opts)
-		require.Nil(r, err, "reading peering data")
-		require.NotNilf(r, peering, "peering not found %q", peerName)
-		assert.Len(r, peering.StreamStatus.ExportedServices, exports, "peering exported services")
+		if err != nil {
+			r.Fatal("error reading peering data")
+		}
+		if peering == nil {
+			r.Fatal("peering not found")
+		}
+		if exports != len(peering.StreamStatus.ExportedServices) {
+			r.Fatal("peering exported services did not match: got ", len(peering.StreamStatus.ExportedServices), " want ", exports)
+		}
 	})
 }
diff --git a/test/integration/consul-container/libs/assert/service.go b/test/integration/consul-container/libs/assert/service.go
index 35fad6bfb15b..135403da913a 100644
--- a/test/integration/consul-container/libs/assert/service.go
+++ b/test/integration/consul-container/libs/assert/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package assert
 
@@ -34,7 +34,7 @@ func CatalogServiceExists(t *testing.T, c *api.Client, svc string, opts *api.Que
 			r.Fatal("error reading service data")
 		}
 		if len(services) == 0 {
-			r.Fatalf("did not find catalog entry for %q with opts %#v", svc, opts)
+			r.Fatal("did not find catalog entry for ", svc)
 		}
 	})
 }
diff --git a/test/integration/consul-container/libs/cluster/agent.go b/test/integration/consul-container/libs/cluster/agent.go
index 6ffc4d4f8c28..6753fd8c017e 100644
--- a/test/integration/consul-container/libs/cluster/agent.go
+++ b/test/integration/consul-container/libs/cluster/agent.go
@@ -1,23 +1,15 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cluster
 
 import (
 	"context"
-	"encoding/json"
-	"fmt"
 	"io"
 
-	jsonpatch "github.com/evanphx/json-patch"
-	"github.com/hashicorp/hcl"
-	"github.com/mitchellh/mapstructure"
 	"github.com/testcontainers/testcontainers-go"
-	"google.golang.org/grpc"
 
-	agentconfig "github.com/hashicorp/consul/agent/config"
 	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/lib/decode"
 
 	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
 )
@@ -44,7 +36,6 @@ type Agent interface {
 	Upgrade(ctx context.Context, config Config) error
 	Exec(ctx context.Context, cmd []string) (string, error)
 	DataDir() string
-	GetGRPCConn() *grpc.ClientConn
 }
 
 // Config is a set of configurations required to create a Agent
@@ -95,30 +86,6 @@ func (c Config) Clone() Config {
 	return c2
 }
 
-type decodeTarget struct {
-	agentconfig.Config `mapstructure:",squash"`
-}
-
-// MutatebyAgentConfig mutates config by applying the fields in the input hclConfig
-// Note that the precedence order is config > hclConfig, because user provider hclConfig
-// may not work with the testing environment, e.g., data dir, agent name, etc.
-// Currently only hcl config is allowed
-func (c *Config) MutatebyAgentConfig(hclConfig string) error {
-	rawConfigJson, err := convertHcl2Json(hclConfig)
-	if err != nil {
-		return fmt.Errorf("error converting to Json: %s", err)
-	}
-
-	// Merge 2 json
-	mergedConfigJosn, err := jsonpatch.MergePatch([]byte(rawConfigJson), []byte(c.JSON))
-	if err != nil {
-		return fmt.Errorf("error merging configurations: %w", err)
-	}
-
-	c.JSON = string(mergedConfigJosn)
-	return nil
-}
-
 // TODO: refactor away
 type AgentInfo struct {
 	CACertFile    string
@@ -126,39 +93,3 @@ type AgentInfo struct {
 	UseTLSForGRPC bool
 	DebugURI      string
 }
-
-func convertHcl2Json(in string) (string, error) {
-	var raw map[string]interface{}
-	err := hcl.Decode(&raw, in)
-	if err != nil {
-		return "", err
-	}
-
-	var target decodeTarget
-	var md mapstructure.Metadata
-	d, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
-		DecodeHook: mapstructure.ComposeDecodeHookFunc(
-			// decode.HookWeakDecodeFromSlice is only necessary when reading from
-			// an HCL config file. In the future we could omit it when reading from
-			// JSON configs. It is left here for now to maintain backwards compat
-			// for the unlikely scenario that someone is using malformed JSON configs
-			// and expecting this behaviour to correct their config.
-			decode.HookWeakDecodeFromSlice,
-			decode.HookTranslateKeys,
-		),
-		Metadata: &md,
-		Result:   &target,
-	})
-	if err != nil {
-		return "", err
-	}
-	if err := d.Decode(raw); err != nil {
-		return "", err
-	}
-
-	rawjson, err := json.MarshalIndent(target, "", "  ")
-	if err != nil {
-		return "", err
-	}
-	return string(rawjson), nil
-}
diff --git a/test/integration/consul-container/libs/cluster/app.go b/test/integration/consul-container/libs/cluster/app.go
index 001880b85f43..f434fcff135b 100644
--- a/test/integration/consul-container/libs/cluster/app.go
+++ b/test/integration/consul-container/libs/cluster/app.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/builder.go b/test/integration/consul-container/libs/cluster/builder.go
index 945b2bcd9ea0..72228a26d613 100644
--- a/test/integration/consul-container/libs/cluster/builder.go
+++ b/test/integration/consul-container/libs/cluster/builder.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/cluster.go b/test/integration/consul-container/libs/cluster/cluster.go
index 66e9ac5c2ddb..aedf0ac9267a 100644
--- a/test/integration/consul-container/libs/cluster/cluster.go
+++ b/test/integration/consul-container/libs/cluster/cluster.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/config.go b/test/integration/consul-container/libs/cluster/config.go
index f46be0429541..505811d35e7f 100644
--- a/test/integration/consul-container/libs/cluster/config.go
+++ b/test/integration/consul-container/libs/cluster/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/container.go b/test/integration/consul-container/libs/cluster/container.go
index d44416236473..7ed88b0d824f 100644
--- a/test/integration/consul-container/libs/cluster/container.go
+++ b/test/integration/consul-container/libs/cluster/container.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cluster
 
@@ -8,7 +8,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"net/url"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -16,14 +15,11 @@ import (
 
 	goretry "github.com/avast/retry-go"
 	dockercontainer "github.com/docker/docker/api/types/container"
-	"github.com/docker/go-connections/nat"
 	"github.com/hashicorp/go-multierror"
 	"github.com/otiai10/copy"
 	"github.com/pkg/errors"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials/insecure"
 
 	"github.com/hashicorp/consul/api"
 
@@ -62,8 +58,6 @@ type consulContainerNode struct {
 	clientCACertFile string
 	ip               string
 
-	grpcConn *grpc.ClientConn
-
 	nextAdminPortOffset   int
 	nextConnectPortOffset int
 
@@ -178,8 +172,7 @@ func NewConsulContainer(ctx context.Context, config Config, cluster *Cluster, po
 		clientAddr       string
 		clientCACertFile string
 
-		info     AgentInfo
-		grpcConn *grpc.ClientConn
+		info AgentInfo
 	)
 	debugURI := ""
 	if utils.Debug {
@@ -243,28 +236,6 @@ func NewConsulContainer(ctx context.Context, config Config, cluster *Cluster, po
 		info.CACertFile = clientCACertFile
 	}
 
-	// TODO: Support gRPC+TLS port.
-	if pc.Ports.GRPC > 0 {
-		port, err := nat.NewPort("tcp", strconv.Itoa(pc.Ports.GRPC))
-		if err != nil {
-			return nil, fmt.Errorf("failed to parse gRPC TLS port: %w", err)
-		}
-		endpoint, err := podContainer.PortEndpoint(ctx, port, "tcp")
-		if err != nil {
-			return nil, fmt.Errorf("failed to get gRPC TLS endpoint: %w", err)
-		}
-		url, err := url.Parse(endpoint)
-		if err != nil {
-			return nil, fmt.Errorf("failed to parse gRPC endpoint URL: %w", err)
-		}
-		conn, err := grpc.Dial(url.Host, grpc.WithTransportCredentials(insecure.NewCredentials()))
-		if err != nil {
-			return nil, fmt.Errorf("failed to dial gRPC connection: %w", err)
-		}
-		deferClean.Add(func() { _ = conn.Close() })
-		grpcConn = conn
-	}
-
 	ip, err := podContainer.ContainerIP(ctx)
 	if err != nil {
 		return nil, err
@@ -311,7 +282,6 @@ func NewConsulContainer(ctx context.Context, config Config, cluster *Cluster, po
 		name:       name,
 		ip:         ip,
 		info:       info,
-		grpcConn:   grpcConn,
 	}
 
 	if httpPort > 0 || httpsPort > 0 {
@@ -406,10 +376,6 @@ func (c *consulContainerNode) GetClient() *api.Client {
 	return c.client
 }
 
-func (c *consulContainerNode) GetGRPCConn() *grpc.ClientConn {
-	return c.grpcConn
-}
-
 // NewClient returns an API client by making a new one based on the provided token
 // - updateDefault: if true update the default client
 func (c *consulContainerNode) NewClient(token string, updateDefault bool) (*api.Client, error) {
@@ -542,10 +508,6 @@ func (c *consulContainerNode) terminate(retainPod bool, skipFuncs bool) error {
 				continue
 			}
 		}
-
-		// if the pod is retained and therefore the IP then the grpc conn
-		// should handle reconnecting so there is no reason to close it.
-		c.closeGRPC()
 	}
 
 	var merr error
@@ -567,16 +529,6 @@ func (c *consulContainerNode) terminate(retainPod bool, skipFuncs bool) error {
 	return merr
 }
 
-func (c *consulContainerNode) closeGRPC() error {
-	if c.grpcConn != nil {
-		if err := c.grpcConn.Close(); err != nil {
-			return err
-		}
-		c.grpcConn = nil
-	}
-	return nil
-}
-
 func (c *consulContainerNode) DataDir() string {
 	return c.dataDir
 }
@@ -613,7 +565,6 @@ func newContainerRequest(config Config, opts containerOpts, ports ...int) (podRe
 		ExposedPorts: []string{
 			"8500/tcp", // Consul HTTP API
 			"8501/tcp", // Consul HTTPs API
-			"8502/tcp", // Consul gRPC API
 
 			"8443/tcp", // Envoy Gateway Listener
 
@@ -630,8 +581,6 @@ func newContainerRequest(config Config, opts containerOpts, ports ...int) (podRe
 			"9997/tcp", // Envoy App Listener
 			"9998/tcp", // Envoy App Listener
 			"9999/tcp", // Envoy App Listener
-
-			"80/tcp", // Nginx - http port used in wasm tests
 		},
 		Hostname: opts.hostname,
 		Networks: opts.addtionalNetworks,
diff --git a/test/integration/consul-container/libs/cluster/encryption.go b/test/integration/consul-container/libs/cluster/encryption.go
index 79e7133fbbd0..3adb5a317700 100644
--- a/test/integration/consul-container/libs/cluster/encryption.go
+++ b/test/integration/consul-container/libs/cluster/encryption.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/log.go b/test/integration/consul-container/libs/cluster/log.go
index 59e69a64efda..f2a185d532f4 100644
--- a/test/integration/consul-container/libs/cluster/log.go
+++ b/test/integration/consul-container/libs/cluster/log.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cluster
 
diff --git a/test/integration/consul-container/libs/cluster/network.go b/test/integration/consul-container/libs/cluster/network.go
index be6f34c77983..e0ee10f4e35f 100644
--- a/test/integration/consul-container/libs/cluster/network.go
+++ b/test/integration/consul-container/libs/cluster/network.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package cluster
 
@@ -20,7 +20,6 @@ func createNetwork(t TestingT, name string) (testcontainers.Network, error) {
 			Name:           name,
 			Attachable:     true,
 			CheckDuplicate: true,
-			SkipReaper:     isRYUKDisabled(),
 		},
 	}
 	first := true
diff --git a/test/integration/consul-container/libs/service/common.go b/test/integration/consul-container/libs/service/common.go
index 0e0e2739571b..add9f1395d24 100644
--- a/test/integration/consul-container/libs/service/common.go
+++ b/test/integration/consul-container/libs/service/common.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package service
 
diff --git a/test/integration/consul-container/libs/service/connect.go b/test/integration/consul-container/libs/service/connect.go
index 6d283eac67d9..4028309acb3e 100644
--- a/test/integration/consul-container/libs/service/connect.go
+++ b/test/integration/consul-container/libs/service/connect.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package service
 
@@ -172,15 +172,8 @@ type SidecarConfig struct {
 // "consul connect envoy", for service name (serviceName) on the specified
 // node. The container exposes port serviceBindPort and envoy admin port
 // (19000) by mapping them onto host ports. The container's name has a prefix
-// combining datacenter and name. The customContainerConf parameter can be used
-// to mutate the testcontainers.ContainerRequest used to create the sidecar proxy.
-func NewConnectService(
-	ctx context.Context,
-	sidecarCfg SidecarConfig,
-	serviceBindPorts []int,
-	node cluster.Agent,
-	customContainerConf func(request testcontainers.ContainerRequest) testcontainers.ContainerRequest,
-) (*ConnectContainer, error) {
+// combining datacenter and name.
+func NewConnectService(ctx context.Context, sidecarCfg SidecarConfig, serviceBindPorts []int, node cluster.Agent) (*ConnectContainer, error) {
 	nodeConfig := node.GetConfig()
 	if nodeConfig.ScratchDir == "" {
 		return nil, fmt.Errorf("node ScratchDir is required")
@@ -287,11 +280,6 @@ func NewConnectService(
 	exposedPorts := make([]string, len(appPortStrs))
 	copy(exposedPorts, appPortStrs)
 	exposedPorts = append(exposedPorts, adminPortStr)
-
-	if customContainerConf != nil {
-		req = customContainerConf(req)
-	}
-
 	info, err := cluster.LaunchContainerOnNode(ctx, node, req, exposedPorts)
 	if err != nil {
 		return nil, err
diff --git a/test/integration/consul-container/libs/service/examples.go b/test/integration/consul-container/libs/service/examples.go
index cc37cdb0a750..85505c5dccc5 100644
--- a/test/integration/consul-container/libs/service/examples.go
+++ b/test/integration/consul-container/libs/service/examples.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package service
 
@@ -127,42 +127,6 @@ func (c exampleContainer) GetStatus() (string, error) {
 	return state.Status, err
 }
 
-// NewCustomService creates a new test service from a custom testcontainers.ContainerRequest.
-func NewCustomService(ctx context.Context, name string, httpPort int, grpcPort int, node libcluster.Agent, request testcontainers.ContainerRequest) (Service, error) {
-	namePrefix := fmt.Sprintf("%s-service-example-%s", node.GetDatacenter(), name)
-	containerName := utils.RandName(namePrefix)
-
-	pod := node.GetPod()
-	if pod == nil {
-		return nil, fmt.Errorf("node Pod is required")
-	}
-
-	var (
-		httpPortStr = strconv.Itoa(httpPort)
-		grpcPortStr = strconv.Itoa(grpcPort)
-	)
-
-	request.Name = containerName
-
-	info, err := libcluster.LaunchContainerOnNode(ctx, node, request, []string{httpPortStr, grpcPortStr})
-	if err != nil {
-		return nil, err
-	}
-
-	out := &exampleContainer{
-		ctx:         ctx,
-		container:   info.Container,
-		ip:          info.IP,
-		httpPort:    info.MappedPorts[httpPortStr].Int(),
-		grpcPort:    info.MappedPorts[grpcPortStr].Int(),
-		serviceName: name,
-	}
-
-	fmt.Printf("Custom service exposed http port %d, gRPC port %d\n", out.httpPort, out.grpcPort)
-
-	return out, nil
-}
-
 func NewExampleService(ctx context.Context, name string, httpPort int, grpcPort int, node libcluster.Agent, containerArgs ...string) (Service, error) {
 	namePrefix := fmt.Sprintf("%s-service-example-%s", node.GetDatacenter(), name)
 	containerName := utils.RandName(namePrefix)
diff --git a/test/integration/consul-container/libs/service/gateway.go b/test/integration/consul-container/libs/service/gateway.go
index 61bc4d31503a..fda7b7a92693 100644
--- a/test/integration/consul-container/libs/service/gateway.go
+++ b/test/integration/consul-container/libs/service/gateway.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package service
 
diff --git a/test/integration/consul-container/libs/service/helpers.go b/test/integration/consul-container/libs/service/helpers.go
index a524d9c040bf..d7168448c208 100644
--- a/test/integration/consul-container/libs/service/helpers.go
+++ b/test/integration/consul-container/libs/service/helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package service
 
@@ -9,7 +9,6 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
-	"github.com/testcontainers/testcontainers-go"
 
 	"github.com/hashicorp/consul/api"
 	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
@@ -52,7 +51,7 @@ type ServiceOpts struct {
 }
 
 // createAndRegisterStaticServerAndSidecar register the services and launch static-server containers
-func createAndRegisterStaticServerAndSidecar(node libcluster.Agent, httpPort int, grpcPort int, svc *api.AgentServiceRegistration, customContainerCfg func(testcontainers.ContainerRequest) testcontainers.ContainerRequest, containerArgs ...string) (Service, Service, error) {
+func createAndRegisterStaticServerAndSidecar(node libcluster.Agent, httpPort int, grpcPort int, svc *api.AgentServiceRegistration, containerArgs ...string) (Service, Service, error) {
 	// Do some trickery to ensure that partial completion is correctly torn
 	// down, but successful execution is not.
 	var deferClean utils.ResettableDefer
@@ -80,62 +79,10 @@ func createAndRegisterStaticServerAndSidecar(node libcluster.Agent, httpPort int
 			svc.Connect.SidecarService.Proxy != nil &&
 			svc.Connect.SidecarService.Proxy.Mode == api.ProxyModeTransparent,
 	}
-	serverConnectProxy, err := NewConnectService(context.Background(), sidecarCfg, []int{svc.Port}, node, customContainerCfg) // bindPort not used
+	serverConnectProxy, err := NewConnectService(context.Background(), sidecarCfg, []int{svc.Port}, node) // bindPort not used
 	if err != nil {
 		return nil, nil, err
 	}
-
-	deferClean.Add(func() {
-		_ = serverConnectProxy.Terminate()
-	})
-
-	// disable cleanup functions now that we have an object with a Terminate() function
-	deferClean.Reset()
-
-	return serverService, serverConnectProxy, nil
-}
-
-// createAndRegisterCustomServiceAndSidecar creates a custom service from the given testcontainers.ContainerRequest
-// and a sidecar proxy for the service. The customContainerCfg parameter is used to mutate the
-// testcontainers.ContainerRequest for the sidecar proxy.
-func createAndRegisterCustomServiceAndSidecar(node libcluster.Agent,
-	httpPort int,
-	grpcPort int,
-	svc *api.AgentServiceRegistration,
-	request testcontainers.ContainerRequest,
-	customContainerCfg func(testcontainers.ContainerRequest) testcontainers.ContainerRequest,
-) (Service, Service, error) {
-	// Do some trickery to ensure that partial completion is correctly torn
-	// down, but successful execution is not.
-	var deferClean utils.ResettableDefer
-	defer deferClean.Execute()
-
-	if err := node.GetClient().Agent().ServiceRegister(svc); err != nil {
-		return nil, nil, err
-	}
-
-	// Create a service and proxy instance
-	serverService, err := NewCustomService(context.Background(), svc.ID, httpPort, grpcPort, node, request)
-	if err != nil {
-		return nil, nil, err
-	}
-	deferClean.Add(func() {
-		_ = serverService.Terminate()
-	})
-	sidecarCfg := SidecarConfig{
-		Name:      fmt.Sprintf("%s-sidecar", svc.ID),
-		ServiceID: svc.ID,
-		Namespace: svc.Namespace,
-		EnableTProxy: svc.Connect != nil &&
-			svc.Connect.SidecarService != nil &&
-			svc.Connect.SidecarService.Proxy != nil &&
-			svc.Connect.SidecarService.Proxy.Mode == api.ProxyModeTransparent,
-	}
-	serverConnectProxy, err := NewConnectService(context.Background(), sidecarCfg, []int{svc.Port}, node, customContainerCfg) // bindPort not used
-	if err != nil {
-		return nil, nil, err
-	}
-
 	deferClean.Add(func() {
 		_ = serverConnectProxy.Terminate()
 	})
@@ -146,52 +93,7 @@ func createAndRegisterCustomServiceAndSidecar(node libcluster.Agent,
 	return serverService, serverConnectProxy, nil
 }
 
-func CreateAndRegisterCustomServiceAndSidecar(node libcluster.Agent,
-	serviceOpts *ServiceOpts,
-	request testcontainers.ContainerRequest,
-	customContainerCfg func(testcontainers.ContainerRequest) testcontainers.ContainerRequest) (Service, Service, error) {
-	// Register the static-server service and sidecar first to prevent race with sidecar
-	// trying to get xDS before it's ready
-	p := serviceOpts.HTTPPort
-	agentCheck := api.AgentServiceCheck{
-		Name:     "Static Server Listening",
-		TCP:      fmt.Sprintf("127.0.0.1:%d", p),
-		Interval: "10s",
-		Status:   api.HealthPassing,
-	}
-	if serviceOpts.RegisterGRPC {
-		p = serviceOpts.GRPCPort
-		agentCheck.TCP = ""
-		agentCheck.GRPC = fmt.Sprintf("127.0.0.1:%d", p)
-	}
-	req := &api.AgentServiceRegistration{
-		Name: serviceOpts.Name,
-		ID:   serviceOpts.ID,
-		Port: p,
-		Connect: &api.AgentServiceConnect{
-			SidecarService: &api.AgentServiceRegistration{
-				Proxy: &api.AgentServiceConnectProxyConfig{
-					Mode: api.ProxyMode(serviceOpts.Connect.Proxy.Mode),
-				},
-			},
-		},
-		Namespace: serviceOpts.Namespace,
-		Partition: serviceOpts.Partition,
-		Locality:  serviceOpts.Locality,
-		Meta:      serviceOpts.Meta,
-		Check:     &agentCheck,
-	}
-	return createAndRegisterCustomServiceAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req, request, customContainerCfg)
-}
-
-// CreateAndRegisterStaticServerAndSidecarWithCustomContainerConfig creates an example static server and a sidecar for
-// the service. The customContainerCfg parameter is a function of testcontainers.ContainerRequest to
-// testcontainers.ContainerRequest which can be used to mutate the container request for the sidecar proxy and inject
-// custom configuration and lifecycle hooks.
-func CreateAndRegisterStaticServerAndSidecarWithCustomContainerConfig(node libcluster.Agent,
-	serviceOpts *ServiceOpts,
-	customContainerCfg func(testcontainers.ContainerRequest) testcontainers.ContainerRequest,
-	containerArgs ...string) (Service, Service, error) {
+func CreateAndRegisterStaticServerAndSidecar(node libcluster.Agent, serviceOpts *ServiceOpts, containerArgs ...string) (Service, Service, error) {
 	// Register the static-server service and sidecar first to prevent race with sidecar
 	// trying to get xDS before it's ready
 	p := serviceOpts.HTTPPort
@@ -223,11 +125,7 @@ func CreateAndRegisterStaticServerAndSidecarWithCustomContainerConfig(node libcl
 		Meta:      serviceOpts.Meta,
 		Check:     &agentCheck,
 	}
-	return createAndRegisterStaticServerAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req, customContainerCfg, containerArgs...)
-}
-
-func CreateAndRegisterStaticServerAndSidecar(node libcluster.Agent, serviceOpts *ServiceOpts, containerArgs ...string) (Service, Service, error) {
-	return CreateAndRegisterStaticServerAndSidecarWithCustomContainerConfig(node, serviceOpts, nil, containerArgs...)
+	return createAndRegisterStaticServerAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req, containerArgs...)
 }
 
 func CreateAndRegisterStaticServerAndSidecarWithChecks(node libcluster.Agent, serviceOpts *ServiceOpts) (Service, Service, error) {
@@ -257,7 +155,7 @@ func CreateAndRegisterStaticServerAndSidecarWithChecks(node libcluster.Agent, se
 		Locality:  serviceOpts.Locality,
 	}
 
-	return createAndRegisterStaticServerAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req, nil)
+	return createAndRegisterStaticServerAndSidecar(node, serviceOpts.HTTPPort, serviceOpts.GRPCPort, req)
 }
 
 func CreateAndRegisterStaticClientSidecar(
@@ -339,7 +237,7 @@ func CreateAndRegisterStaticClientSidecar(
 		EnableTProxy: enableTProxy,
 	}
 
-	clientConnectProxy, err := NewConnectService(context.Background(), sidecarCfg, []int{libcluster.ServiceUpstreamLocalBindPort}, node, nil)
+	clientConnectProxy, err := NewConnectService(context.Background(), sidecarCfg, []int{libcluster.ServiceUpstreamLocalBindPort}, node)
 	if err != nil {
 		return nil, err
 	}
diff --git a/test/integration/consul-container/libs/service/log.go b/test/integration/consul-container/libs/service/log.go
index 4e64bb7e54bb..86e10a3fc719 100644
--- a/test/integration/consul-container/libs/service/log.go
+++ b/test/integration/consul-container/libs/service/log.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package service
 
diff --git a/test/integration/consul-container/libs/service/service.go b/test/integration/consul-container/libs/service/service.go
index ca186849728c..5e1af3ab14c7 100644
--- a/test/integration/consul-container/libs/service/service.go
+++ b/test/integration/consul-container/libs/service/service.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package service
 
diff --git a/test/integration/consul-container/libs/topology/peering_topology.go b/test/integration/consul-container/libs/topology/peering_topology.go
index 1d11851753a2..bd88ea58e66e 100644
--- a/test/integration/consul-container/libs/topology/peering_topology.go
+++ b/test/integration/consul-container/libs/topology/peering_topology.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package topology
 
@@ -194,22 +194,13 @@ type ClusterConfig struct {
 	ExposedPorts []int
 }
 
-func NewCluster(
-	t *testing.T,
-	config *ClusterConfig,
-) (*libcluster.Cluster, *libcluster.BuildContext, *api.Client) {
-	return NewClusterWithConfig(t, config, "", "")
-}
-
 // NewCluster creates a cluster with peering enabled. It also creates
 // and registers a mesh-gateway at the client agent. The API client returned is
 // pointed at the client agent.
 // - proxy-defaults.protocol = tcp
-func NewClusterWithConfig(
+func NewCluster(
 	t *testing.T,
 	config *ClusterConfig,
-	serverHclConfig string,
-	clientHclConfig string,
 ) (*libcluster.Cluster, *libcluster.BuildContext, *api.Client) {
 	var (
 		cluster *libcluster.Cluster
@@ -247,10 +238,6 @@ func NewClusterWithConfig(
 		serverConf.Cmd = append(serverConf.Cmd, config.Cmd)
 	}
 
-	if serverHclConfig != "" {
-		serverConf.MutatebyAgentConfig(serverHclConfig)
-	}
-
 	if config.ExposedPorts != nil {
 		cluster, err = libcluster.New(t, []libcluster.Config{*serverConf}, config.ExposedPorts...)
 	} else {
@@ -274,9 +261,6 @@ func NewClusterWithConfig(
 		RetryJoin(retryJoin...)
 	clientConf := configbuiilder.ToAgentConfig(t)
 	t.Logf("%s client config: \n%s", opts.Datacenter, clientConf.JSON)
-	if clientHclConfig != "" {
-		clientConf.MutatebyAgentConfig(clientHclConfig)
-	}
 
 	require.NoError(t, cluster.AddN(*clientConf, config.NumClients, true))
 
diff --git a/test/integration/consul-container/libs/topology/service_topology.go b/test/integration/consul-container/libs/topology/service_topology.go
index be0af12cf086..6aca247f296a 100644
--- a/test/integration/consul-container/libs/topology/service_topology.go
+++ b/test/integration/consul-container/libs/topology/service_topology.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package topology
 
@@ -7,16 +7,14 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/stretchr/testify/require"
-
 	"github.com/hashicorp/consul/api"
 	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
 	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
 	libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service"
+	"github.com/stretchr/testify/require"
 )
 
-// CreateServices
-func CreateServices(t *testing.T, cluster *libcluster.Cluster, protocol string) (libservice.Service, libservice.Service) {
+func CreateServices(t *testing.T, cluster *libcluster.Cluster) (libservice.Service, libservice.Service) {
 	node := cluster.Agents[0]
 	client := node.GetClient()
 
@@ -24,7 +22,7 @@ func CreateServices(t *testing.T, cluster *libcluster.Cluster, protocol string)
 	serviceDefault := &api.ServiceConfigEntry{
 		Kind:     api.ServiceDefaults,
 		Name:     libservice.StaticServerServiceName,
-		Protocol: protocol,
+		Protocol: "http",
 	}
 
 	ok, _, err := client.ConfigEntries().Set(serviceDefault, nil)
@@ -39,10 +37,6 @@ func CreateServices(t *testing.T, cluster *libcluster.Cluster, protocol string)
 		GRPCPort: 8079,
 	}
 
-	if protocol == "grpc" {
-		serviceOpts.RegisterGRPC = true
-	}
-
 	// Create a service and proxy instance
 	_, serverConnectProxy, err := libservice.CreateAndRegisterStaticServerAndSidecar(node, serviceOpts)
 	require.NoError(t, err)
diff --git a/test/integration/consul-container/libs/utils/debug.go b/test/integration/consul-container/libs/utils/debug.go
index fac44c4e2e00..146a7e4cacdd 100644
--- a/test/integration/consul-container/libs/utils/debug.go
+++ b/test/integration/consul-container/libs/utils/debug.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/defer.go b/test/integration/consul-container/libs/utils/defer.go
index 85d913c7dba2..867de61972a9 100644
--- a/test/integration/consul-container/libs/utils/defer.go
+++ b/test/integration/consul-container/libs/utils/defer.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/docker.go b/test/integration/consul-container/libs/utils/docker.go
index b807cf66fae2..109205855cd5 100644
--- a/test/integration/consul-container/libs/utils/docker.go
+++ b/test/integration/consul-container/libs/utils/docker.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package utils
 
@@ -9,9 +9,6 @@ import (
 	"io"
 	"os"
 	"os/exec"
-	"strings"
-
-	"github.com/hashicorp/go-version"
 )
 
 // DockerExec simply shell out to the docker CLI binary on your host.
@@ -19,18 +16,6 @@ func DockerExec(args []string, stdout io.Writer) error {
 	return cmdExec("docker", "docker", args, stdout, "")
 }
 
-// DockerImageVersion retrieves the value of the org.opencontainers.image.version label from the specified image.
-func DockerImageVersion(imageName string) (*version.Version, error) {
-	var b strings.Builder
-	err := cmdExec("docker", "docker", []string{"image", "inspect", "--format", `{{index .Config.Labels "org.opencontainers.image.version"}}`, imageName}, &b, "")
-	if err != nil {
-		return nil, err
-	}
-	output := b.String()
-
-	return version.NewVersion(strings.TrimSpace(output))
-}
-
 func cmdExec(name, binary string, args []string, stdout io.Writer, dir string) error {
 	if binary == "" {
 		panic("binary named " + name + " was not detected")
diff --git a/test/integration/consul-container/libs/utils/helpers.go b/test/integration/consul-container/libs/utils/helpers.go
index 7f08b27b9ffe..5f75e3e4b3f7 100644
--- a/test/integration/consul-container/libs/utils/helpers.go
+++ b/test/integration/consul-container/libs/utils/helpers.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/retry.go b/test/integration/consul-container/libs/utils/retry.go
index cfe5ade347cd..651a195cf116 100644
--- a/test/integration/consul-container/libs/utils/retry.go
+++ b/test/integration/consul-container/libs/utils/retry.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/tenancy.go b/test/integration/consul-container/libs/utils/tenancy.go
index 058f9cee0147..c116a55a4c27 100644
--- a/test/integration/consul-container/libs/utils/tenancy.go
+++ b/test/integration/consul-container/libs/utils/tenancy.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package utils
 
 import "github.com/hashicorp/consul/api"
@@ -25,11 +22,11 @@ func DefaultToEmpty(name string) string {
 	return name
 }
 
-// CompatQueryOpts cleans a QueryOptions so that Partition and Namespace fields
-// are compatible with CE or ENT
-// TODO: not sure why we can't do this server-side
-func CompatQueryOpts(opts *api.QueryOptions) *api.QueryOptions {
-	opts.Partition = DefaultToEmpty(opts.Partition)
-	opts.Namespace = DefaultToEmpty(opts.Namespace)
-	return opts
+// PartitionQueryOptions returns an *api.QueryOptions with the given partition
+// field set only if the partition is non-default. This helps when writing
+// tests for joint use in OSS and ENT.
+func PartitionQueryOptions(partition string) *api.QueryOptions {
+	return &api.QueryOptions{
+		Partition: DefaultToEmpty(partition),
+	}
 }
diff --git a/test/integration/consul-container/libs/utils/utils.go b/test/integration/consul-container/libs/utils/utils.go
index b3d8382ed45a..7be336eb8d50 100644
--- a/test/integration/consul-container/libs/utils/utils.go
+++ b/test/integration/consul-container/libs/utils/utils.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package utils
 
diff --git a/test/integration/consul-container/libs/utils/version.go b/test/integration/consul-container/libs/utils/version.go
index 24e66a869814..bad097550278 100644
--- a/test/integration/consul-container/libs/utils/version.go
+++ b/test/integration/consul-container/libs/utils/version.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package utils
 
@@ -7,7 +7,6 @@ import (
 	"flag"
 	"strings"
 
-	"github.com/hashicorp/consul/testing/deployer/topology"
 	"github.com/hashicorp/go-version"
 )
 
@@ -56,20 +55,6 @@ func GetLatestImageName() string {
 	return LatestImageName
 }
 
-func TargetImages() topology.Images {
-	img := DockerImage(targetImageName, TargetVersion)
-
-	if IsEnterprise() {
-		return topology.Images{
-			ConsulEnterprise: img,
-		}
-	} else {
-		return topology.Images{
-			ConsulCE: img,
-		}
-	}
-}
-
 func IsEnterprise() bool { return isInEnterpriseRepo }
 
 func DockerImage(image, version string) string {
diff --git a/test/integration/consul-container/libs/utils/version_ce.go b/test/integration/consul-container/libs/utils/version_ce.go
index 2e5b1b3656b0..2232ed8eb4e1 100644
--- a/test/integration/consul-container/libs/utils/version_ce.go
+++ b/test/integration/consul-container/libs/utils/version_ce.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 //go:build !consulent
 // +build !consulent
diff --git a/test/integration/consul-container/test/basic/connect_service_test.go b/test/integration/consul-container/test/basic/connect_service_test.go
index ee045f1286d3..650db9fef079 100644
--- a/test/integration/consul-container/test/basic/connect_service_test.go
+++ b/test/integration/consul-container/test/basic/connect_service_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package basic
 
@@ -7,8 +7,6 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/stretchr/testify/require"
-
 	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
 	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
 	"github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
@@ -39,7 +37,7 @@ func TestBasicConnectService(t *testing.T) {
 		},
 	})
 
-	_, clientService := topology.CreateServices(t, cluster, "http")
+	_, clientService := topology.CreateServices(t, cluster)
 	_, port := clientService.GetAddr()
 	_, adminPort := clientService.GetAdminAddr()
 
@@ -50,54 +48,3 @@ func TestBasicConnectService(t *testing.T) {
 	libassert.HTTPServiceEchoes(t, "localhost", port, "")
 	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", port), "static-server", "")
 }
-
-func TestConnectGRPCService_WithInputConfig(t *testing.T) {
-	serverHclConfig := `
-datacenter = "dc2"
-data_dir = "/non-existent/conssul-data-dir"
-node_name = "server-1"
-
-bind_addr = "0.0.0.0"
-max_query_time = "800s"
-	`
-
-	clientHclConfig := `
-datacenter = "dc2"
-data_dir = "/non-existent/conssul-data-dir"
-node_name = "client-1"
-
-bind_addr = "0.0.0.0"
-max_query_time = "900s"
-	`
-
-	cluster, _, _ := topology.NewClusterWithConfig(t, &topology.ClusterConfig{
-		NumServers:                1,
-		NumClients:                1,
-		ApplyDefaultProxySettings: true,
-		BuildOpts: &libcluster.BuildOptions{
-			Datacenter:             "dc1",
-			InjectAutoEncryption:   true,
-			InjectGossipEncryption: true,
-			AllowHTTPAnyway:        true,
-		},
-	},
-		serverHclConfig,
-		clientHclConfig,
-	)
-
-	// Verify the provided server config is merged to agent config
-	serverConfig := cluster.Agents[0].GetConfig()
-	require.Contains(t, serverConfig.JSON, "\"max_query_time\":\"800s\"")
-
-	clientConfig := cluster.Agents[1].GetConfig()
-	require.Contains(t, clientConfig.JSON, "\"max_query_time\":\"900s\"")
-
-	_, clientService := topology.CreateServices(t, cluster, "grpc")
-	_, port := clientService.GetAddr()
-	_, adminPort := clientService.GetAdminAddr()
-
-	libassert.AssertUpstreamEndpointStatus(t, adminPort, "static-server.default", "HEALTHY", 1)
-	libassert.GRPCPing(t, fmt.Sprintf("localhost:%d", port))
-
-	// time.Sleep(9999 * time.Second)
-}
diff --git a/test/integration/consul-container/test/catalog/catalog_test.go b/test/integration/consul-container/test/catalog/catalog_test.go
deleted file mode 100644
index a2f4216c1c45..000000000000
--- a/test/integration/consul-container/test/catalog/catalog_test.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package catalog
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
-	libtopology "github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
-
-	"github.com/hashicorp/consul/internal/catalog/catalogtest"
-	pbresource "github.com/hashicorp/consul/proto-public/pbresource"
-)
-
-func TestCatalog(t *testing.T) {
-	t.Parallel()
-
-	cluster, _, _ := libtopology.NewCluster(t, &libtopology.ClusterConfig{
-		NumServers: 3,
-		BuildOpts:  &libcluster.BuildOptions{Datacenter: "dc1"},
-		Cmd:        `-hcl=experiments=["resource-apis"]`,
-	})
-
-	followers, err := cluster.Followers()
-	require.NoError(t, err)
-	client := pbresource.NewResourceServiceClient(followers[0].GetGRPCConn())
-
-	t.Run("one-shot", func(t *testing.T) {
-		catalogtest.RunCatalogV1Alpha1IntegrationTest(t, client)
-	})
-
-	t.Run("lifecycle", func(t *testing.T) {
-		catalogtest.RunCatalogV1Alpha1LifecycleIntegrationTest(t, client)
-	})
-}
diff --git a/test/integration/consul-container/test/consul_envoy_version/consul_envoy_version.go b/test/integration/consul-container/test/consul_envoy_version/consul_envoy_version.go
index c37dfc811664..72c4964ffbf4 100644
--- a/test/integration/consul-container/test/consul_envoy_version/consul_envoy_version.go
+++ b/test/integration/consul-container/test/consul_envoy_version/consul_envoy_version.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package main
 
diff --git a/test/integration/consul-container/test/debugging.md b/test/integration/consul-container/test/debugging.md
deleted file mode 100644
index 2957b520ac07..000000000000
--- a/test/integration/consul-container/test/debugging.md
+++ /dev/null
@@ -1,78 +0,0 @@
-# Remote Debugging Integration Tests
-
-- [Introduction](#introduction)
-	- [How it works](#how-it-works)
-- [Getting Started](#getting-started)
-	- [Prerequisites](#prerequisites)
-	- [Running Upgrade integration tests](#debugging-integration-tests)
-      -  [Building images](#building-images)
-	  -  [Remote debugging using GoLand](#remote-debugging-using-goland)
-
-
-## Introduction
-
-Remote debugging integration tests allows you to attach your debugger to the consul container and debug go code running on that container. 
-
-### How it works
-The `dev-docker-dbg` Make target will build consul docker container that has the following:
-- [delve (dlv) debugger](https://github.com/go-delve/delve) installed.
-- a port exposed on the container that allows a debugger from your development environment to connect and attach to the consul process and debug it remotely.
-- logs out the host and port information so that you have the information needed to connect to the port.
-
-The integration tests have been modified to expose the `--debug` flag that will switch the test from using a `consul:local` image that can be built using `make dev-docker` to using the `consul-dbg:local` image that was built from `make dev-docker-dbg`.
-
-The test is run in debug mode with a breakpoint set to just after the cluster is created and you can retrieve the port information.  From there, you can set up a remote debugging session that connects to this port.
-
-## Getting Started
-### Prerequisites
-To run/debug integration tests locally, the following tools are required on your machine:
-- Install [Go](https://go.dev/) (the version should match that of our CI config's Go image).
-- Install [`Makefile`](https://www.gnu.org/software/make/manual/make.html).
-- Install [`Docker`](https://docs.docker.com/get-docker/) required to run tests locally.
-
-### Debugging integration tests
-#### Building images
-- Build a consul image with dlv installed and a port exposed that the debugger can attach to.
-  ```
-  make dev-docker-dbg
-  ```
-- Build a consul-envoy container image from the consul root directory that is required for testing but not for debugging. 
-  ```
-  docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=consul:local --build-arg ENVOY_VERSION=1.24.6 -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets
-  ```
-
-#### Remote debugging using GoLand
-(For additional information, see [GoLand's documentation on remote debugging](https://www.jetbrains.com/help/go/attach-to-running-go-processes-with-debugger.html#attach-to-a-process-on-a-remote-machine).)
-##### Set up the Debug Configuration for your test
-- Create the configuration for debugging the test. (You may have to debug the test once so GoLand creates the configuration for you.)
-- Go to `Run > Edit Configurations` and select the appropriate configuration.
-- Add `--debug` to `Program arguments` and click OK.
-
-  <img src="./util/test_debug_configuration.png" alt="isolated" width="550"/>
-##### Obtain the debug port of your container
-(This is required every time a test is debugged.)
-
-- Put a breakpoint in the test that you are running right after the cluster has been created. This should be on the line after the call to `topology.NewCluster()`.
-- Debug the test and wait for the debug session to stop on the breakpoint in the test.
-- In the Debug window, search for `debug info` on the Console tab and note the host and port.
-
-  <img src="./util/test_debug_info.png" alt="isolated" width="550"/>
-- Go to `Run > Edit Configurations` and add a `Go Remote` configuration with the host and port that your test has exposed.  Click OK.
-  
-  <img src="./util/test_debug_remote_configuration.png" alt="isolated" width="550"/>
-- Debug the configuration that you just created.  Verify that it shows as connected in the `Debugger` of this configuration in the `Debug` window.
-  
-  <img src="./util/test_debug_remote_connected.png" alt="isolated" width="550"/>
-##### Debug the consul backend
-- Set an appropriate breakpoint in the backend code of the endpoint that your test will call and that you wish to debug.
-- Go to the test debugging tab for the integration test in the `Debug` window and `Resume Program`.
-  
-  <img src="./util/test_debug_resume_program.png" alt="isolated" width="350"/>
-- The remote debugging session should stop on the breakpoint, and you can freely debug the code path.
-
-  <img src="./util/test_debug_breakpoint_hit.png" alt="isolated" width="550"/>
-
-#### Remote debugging using VSCode
-(For additional information, see [VSCode's documentation on remote debugging](https://github.com/golang/vscode-go/blob/master/docs/debugging.md#remote-debugging).)
-
-[comment]: <> (TODO: Openly looking for someone to add VSCode specific instructions.)
diff --git a/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go b/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
index cf00105345fa..3c43cdbdbd03 100644
--- a/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
+++ b/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package envoyextensions
 
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile
deleted file mode 100644
index 31e2dd93d042..000000000000
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/Dockerfile
+++ /dev/null
@@ -1,6 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-FROM tinygo/tinygo:sha-598cb1e4ddce53d85600a1b7724ed39eea80e119
-COPY ./build.sh /
-ENTRYPOINT ["/build.sh"]
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/README.md b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/README.md
deleted file mode 100644
index 173e27bf3709..000000000000
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/README.md
+++ /dev/null
@@ -1,14 +0,0 @@
-# Building WASM test files
-
-We have seen some issues with building the wasm test files on the build runners for the integration test. Currently,
-the theory is that there may be some differences in the clang toolchain on different runners which cause panics in
-tinygo if the job is scheduled on particular runners but not others.
-
-In order to get around this, we are just building the wasm test file and checking it into the repo.
-
-To build the wasm test file, 
-
-```bash
-~/consul/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files
-> docker run -v ./:/wasm --rm $(docker build -q .)
-```
\ No newline at end of file
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh
deleted file mode 100755
index 6affddf298eb..000000000000
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/build.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-cd /wasm
-tinygo build -o /wasm/wasm_add_header.wasm -scheduler=none -target=wasi /wasm/wasm_add_header.go
\ No newline at end of file
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod
deleted file mode 100644
index 703b71414fae..000000000000
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module main
-
-go 1.20
-
-require github.com/tetratelabs/proxy-wasm-go-sdk v0.21.0
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum
deleted file mode 100644
index e09133fbccbf..000000000000
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/go.sum
+++ /dev/null
@@ -1,6 +0,0 @@
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/tetratelabs/proxy-wasm-go-sdk v0.21.0 h1:sxuh1wxy/zz4vXwMEC+ESVpwJmej1f22eYsrJlgVn7c=
-github.com/tetratelabs/proxy-wasm-go-sdk v0.21.0/go.mod h1:jqQTUvJBI6WJ+sVCZON3A4GwmUfBDuiNnZ4kuxsvLCo=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/nginx.conf b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/nginx.conf
deleted file mode 100644
index 06533f75ac1a..000000000000
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/nginx.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
-    # send wasm files as download rather than render as html
-    location ~ ^.*/(?P<request_basename>[^/]+\.(wasm))$  {
-        root /www/downloads;
-
-       add_header Content-disposition 'attachment; filename="$request_basename"';
-       types {
-        application/octet-stream .wasm;
-       }
-       default_type application/octet-stream;
-    }
-}
-
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go
deleted file mode 100644
index 91aeae695676..000000000000
--- a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.go
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package main
-
-import (
-	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm"
-	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm/types"
-)
-
-func main() {
-	proxywasm.SetVMContext(&vmContext{})
-}
-
-type vmContext struct {
-	// Embed the default VM context here,
-	// so that we don't need to reimplement all the methods.
-	types.DefaultVMContext
-}
-
-func (*vmContext) NewPluginContext(contextID uint32) types.PluginContext {
-	return &pluginContext{}
-}
-
-type pluginContext struct {
-	// Embed the default plugin context here,
-	// so that we don't need to reimplement all the methods.
-	types.DefaultPluginContext
-}
-
-func (p *pluginContext) NewHttpContext(contextID uint32) types.HttpContext {
-	return &httpHeaders{}
-}
-
-type httpHeaders struct {
-	// Embed the default http context here,
-	// so that we don't need to reimplement all the methods.
-	types.DefaultHttpContext
-}
-
-func (ctx *httpHeaders) OnHttpResponseHeaders(int, bool) types.Action {
-	proxywasm.LogDebug("adding header: x-test:true")
-
-	err := proxywasm.AddHttpResponseHeader("x-test", "true")
-	if err != nil {
-		proxywasm.LogCriticalf("failed to add test header to response: %v", err)
-	}
-
-	return types.ActionContinue
-}
diff --git a/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.wasm b/test/integration/consul-container/test/envoy_extensions/testdata/wasm_test_files/wasm_add_header.wasm
deleted file mode 100755
index 520e7e144ada5b0bc7dc9e1860e1908d88f76add..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 400008
zcmeFadzhccRp<HMe)sOyD_OQ>w}{{04^7g>5{Mw%LThkWk9D(r5s8QKux2F3R$_O{
zwz}0;oS;Y@TX8xdf&zwU84YO$CsGnA5#X?5(F`3BgLcLX+F9|S=RvRyqgk|r1_YR(
z83f+X_f-8ZEh(8W&$ILFA8WaP^<Jt@ojP^u)Twh$)f+vz^SL;RqWEv(=GJ8I-e_yQ
zH{QE7-K$IeauY>cGp=}G2~Wt#Z_JaDUXWHS)m0RV$9uMx{X-sPd-v#Fcp%7o1i_cK
z0(<s^`gVI*mcJ38Dv7q%yLZvnTIVL(ngn2!u}b#rvC_$2V3zjoZa-BCU$s5vxmu(o
zxfoY&`QVc~pWU+a`6qYmeCCD8EjuQ*?Rs|G2fwrW{-?KmaN^m?ZBhB_<QRBr`wLHv
zZJB)bxoulMux&ERzh1s4CqA%q%g$#%yltoD`?@t+K0&Ia+n(PwxMSjlmp-&*=eEf$
z+ur~FZBI=;yKCE)r(Sq|a@$LjQLG%d`y5X`{q&Y+wmtduwuvpzJ-K7ct|zy@xGh?!
z3^ku&`wJh4()3vT#W-uw=e0P=7A0w|9>;NHf3QK4Wm%loDruUQYEdaIm6DtK`qCsx
z(xkss>Mz&J<tWOkQCw|Qqb!b-YB{P@vT`NLN{w<gP9gxNQ8ik8^DVayEV-?8`(VA4
zL{U;&ur!IjB`GCINst%3BdOm}4Ae@MB(7BAEX^YSmr{477Dd%8uJV(W;vF%_q;Zr0
zesAoirm{xmud=1(=e9lf!o-J?sQlcM+v$Sn`?B{>Y}*#SxBQg9|NhFvHh=Yx%UgC%
zJ~=TNJ-)<~;)Un8_|jV}!;^IHPsR&7?{+;G^8Zx4sPhn-zyH|}yg0Ef`gDA2=jrp?
zKB(S!ULEto^U=Y$Tf@^YeDL|5li={&mZzVbd@}m!cv+`d&%18vEpXD#ZPB6lmQKDG
zcl1K|nYeZRo9oKY^x!bDZT!V;J0}BU?2P_Jd~*jv``!Cqc=|)p&&9W0_hNG5$!E83
zo7fq>KJVqu9WOk;b6W@GXM50{*cM(I%+JMvH6eHBO$X@VIIuQvpP8K8u|?h1$rl~z
zAu>%AyKi|4V$xNgkNY~fimAUC_jm4}e&P9T(Xn_z_rbR9+bHv;cyZ?uBzbWgH9bkY
zzuZ%H^4X`xqT}s)pM2l5TXxZUx^>ISE$`m4GWz+rR*fSUH<AbbVPE`?`oI3e^o#I%
z+{mJDjT&E$6UojZYR1WMGF(J19belY714?)TH7CUACI=;@G$N?Om6frz0t#Lv>7*w
z*p<ebaXPGv(Pl!T=S4D<M6JZ_-B~2=qc88Pj*Yu1(wBrn!*Z*3YULInMKsp<Qk)9m
zc<;AHZsk}jSr!$^NOEto%$+(~0$elI1@MZ|dlKFi={-r2?4`zNLpIFweAGonJeD_j
zNBwy#z9(7E^XjMusf($G$BXkmCDmr8q_2-QByP!Q5v$x#vcx}M+GxgB9hE?{0#F%A
zW;MH&qsyYkCz7(qw}W*Nuy)Zs$x@&u_auwk$d>~0c|g8&Pm<Fs@!D+I#nkoDsjQiL
zWESWBt@1s|lA`Qx8f{jR;dGdsscte_Ti-}8X6~j<{g9xjfVmz%-^$$A;_aj0wkC?m
z9gj8BB5TILZ20UvEy|;SX$g$aC+hGvF4D1lz|*bTqRpTWajbN{AZi%$pxi?WBaAu&
zQv70^wMjweL532YR~m`#O%{`+_a=R9GE_YzY89|jQN1Ur(zpaN6lt>z!W9uA(|yc+
z;_vD9A{%X0JY@h{7=bLwi?Vw5YMo{$G>}$iy75R;fsn5F{-YGNdZa&Es<e^zX%VS2
zW{;K@G~AJ+CH>u*Qux^Jd(+4r=Lvs28Hx3P0kmM$WxJXscgXm&MF*;<{6Ar_UTkSJ
zR2S<xO!0O+K9D4g(m;~i^Qzc0-)Kxa_mxt<F&%baJzCO`1fQsx@R#w&C=(1fW7QS$
zrYzJ2+&F*GAZLvKq|AuQH@OpF%wGrNzD$e|k2fm<SX9>b!w31MzO-Q#91LJxvI|NV
z73y~y&+()yk54j`$6+io(}tXp-j_5SjpNQ2bf7-w(&r!TFXs>4-UkjoA5EuTz#ta-
zq6XbUOVmCW0WUPBnMfuS$)o)-C|Ofnx=uWhKitVO4@w05W}H7ndyr<0Hc?cF3R18u
zQV$3yscQGnbd`vIB>u|2hf<M%PAnL(5j<349J@Gwgg&H635e4pzLSesMPirmHnd6O
zD{<MR2p~BLXIyPWMGP06`H{@^=WDIaWvfDR45~vuk>UegiN~Nx88oRMH0iuSli8q2
z!=Qn&7&Jw~SSX2R;&sbl!U_C6tJ`QzJ*zh&_xt-Zw@9e`U=r_%_b?<Vy64`s%2hJ*
zHvcVnrIi+O`!d@zQcOdDn4}f&+1*NYpXd&z*t1&$au4YGlDm1XLDBeE^Mzs|5szeg
zc`6&_s+lIREKK-U@mQ<s9^PoeucZDNhjQ^)k&Q#Yc+CCn+v)g3vy3coF(ZsyghA>m
z<3;iy;xBQ@MzP9@D27#2m+o@!7;mNS<(I7<NyyZ_;%|zIZmVweVS29O?jNWAJH}mk
z68La%$qU`o;4P05p#17y)lqdHR*6(4RE!doTrlqXCMQ%hZ5Pc#(Ud0mqH(88pUPCm
z-J;0}gQRLzIBS*~P~PMb5{WKb(2$^gJC5VMkO(;usrJ~W>LSrlfur<%fj##G5GBBD
zDxO#q#p+2{-sNU>$Jm7dMK@^9^Qj$VJD#o+gtvb^+B9KQMDWlDj3k?Sn7h@KUZAPn
zE!yQS8_;$Y?K%^C(6_6Lgrgyh49Lki@J%-ClrweYoNEJ0g=-rSB|HKCJnfE&xhTve
znoyr$CP5o`EQn2nn6!bCI}?Se1QEYE5pzw&YE!Am)<m1gzyueQ{M%?0o`usG*-Rkl
z2h5KoeG&(z55Neh6Iq}z<vZ9tENC6lJ_Ix=3?y#`ph+8O;ekqv0O(Tjuko%&tlbCH
z(e4A#^?i^Tw_8PRqC9GMZQ@g{N22}u5qr=>e9&~O=Oc!^_pKfFh^_XB-6y7(5bT9j
z?sSi;D))AeAP>!l3?)6}l^*hthrGOD;uTr+gr9)v7UKlTEI6x2k1DyjNZP~sdD=sc
zWIzyBr9GM8lgO-FXWLv}E$Tpoo+Ym%F#MY}bsb$Vfj!!)J*t5d6bYs;<WF2=gUt$a
zOhq@7%?f#IuxO*Ga#h}rECtVMkxE0Z(6wkv+f9ie18@3xs7GQUNaJ4_PC|xunMjU`
zns1)9xym$2>%QC6aMU6i7B4eNtrjI#8nu$r`7KQ^!EOGDty~c`emdz61r%ZmGq9G7
zGDDz!#7Oq`)lmCN4{}~XsE)=JDhiWFtR9fYrR4x*LaK~4BXL6v9=Ej^XoW8CNtXF!
zsZW;pWU)#@qX0lXp!Eduw3WKs&`2Gmn}nrjZW%|Cr0(YR{mjJCP?AxLzp7e&t_sZ~
z2i?%C-JgEkCa+i(5BaK=y8}N{0;eTGkqfku>J4rFb=)Q^6Q`$4-lhUHlE8pQqDK{a
zNWO~RL-Pr5#IUxkHF`|+w8!1LPHKh65?xnV{^TdRSOQka_PGNe<CU-!{pR(f-Y@pq
z0{L=LqOa+D&)RWQ<bH&ixstDgiQ@c!%-2Van`vPFEli1`t|XIS|95Ed?L94qgVf@S
zAG=YD+x_y*wfH;Yytl>sd$_vOcO9;7b1>C*IM}cI;A#`}a8=-7<3lMF{-1SWKMdVW
z^q|d{F!;djm823Sng7A26lV!{X(_{oBP}*TU3EE0slm*gpeQ@01!;v<64*ATskgLX
z!5qD7kege#^P+dugdPsVWwGyQRAfz3wp7x9rOP!dpEy`@2VTv@H2-{QK7SE%{T-s?
za;3ep{NLfJ*R=>fQi93dsYI%#4RLt8wcws)roGUdDT!QxG;y1sq|oQ1`8$wfEbt;N
z^`!R-#UrGQ(^g3;N2*c%?d$sysFDz-qDh5D{g+D8rg<AY!UW3qp{bpEm1Pjrm*OX}
zP;)np4OF9gjA<_`)zDyI^IKH!aW!Lj3^kp_rm7y+(>Ks*eNlJQ`hG*{fo7>)&v(Q~
zn6ZI0s>Sq50!iIxUS;@5@M~Q!FonRJvXaYC(a_Fm5u#mC@6(zhVeRWaM=><YZn2dr
zc3L<w(WL^k${i(B+=e@(3~w6T<sNRrZ0nAZ2l8|QtyaD>mhV3D)rBXfiJS5}Jbt;}
zpSAakdEZNtbE+PNrc0B}%6wjrPe-Hf7le;T?y)vn8<b<tz&!-GY7d1ks2p=_7u;55
zzNp9N0QZZ4lMR8kKHUcQxN=-Fa8CfPBJ8JQrvCiayzUz?9V^deL79q2-B-Fu?e7q4
z%JRIWJXeH(>ev^%UsB$7RWAw56{~7D9OfB=8T6`3U8Yp6%^5pdJf6ZD;4T`lQc)AY
z$u^{C1Zf}dhm!3et+giz8zW4s)NvZnVYB0g+I~Gh0{XxFsgjf8K-o7ss2#C92b5<<
zW%c&xHR#V+p4Y6_*IA@=8*otN4pOeufP=AGa7fP&7`)JeL!BBA7_=FK_8QO-MKs~|
zR?3{@Y7DIZSp!Q?QzuP2dT_9rlQK9LBBlD=8Q#}ZxLf+s>t%*uf05hz)?Ln|y7lKx
zUeb`MlE`(6s&scbYa#4U=#Hny!_$4G7L(?=aCZf9d{o!uJff6$XG8i1=}<CVYSJa{
zVm9h#jUQN`4kd48?H;;lwVWicn*$qrdnxmI+j-_J&#b|_fFX#y=g8aXxO18CJ}nq$
z42Fh1wVdzNa>jDJsT`-tQ7`&@j<cN{r?VF1Ib(IanKk>0nn|;w=F;t`Fnc$k|D`T@
zuEoTUUYoeqn&>ChwbXoGa8C#$(w~(4MN9R|38Ul*t9{O3&t|B@;C2$V-a3Wy7kDGe
zU8Hm9o|=mvK^m2ovqG-Ay$^C-l?{iLP28+%)?wsP8?2Hq6s-Nw$HnV)Ii0mCT3D=~
z=#R;EQ9R{d{wq{jmI#Sy=7!Qm<El&LLe?aVRRCD9uAgyCzoQ{5y@Y*6J?lR2m&<FS
zpVIg{=h@!<R0;ba>))Pso-?4A1JDKIJwWFI(DT;;{WSAPlWupX1K>~32RxLVu`)x+
zn`ZYLN>0b#WMh4BP&ge4v_D8uHM9q(BS!mE;+YwrivgRpO`0>FFL<kdJgr;@JDh4f
z^m>Ow4qDzb%5wln9UeN=$#KAV=qx#glGorN4a!6s=RxKvNOeA14{KChYyF@U%7h1N
zB6KE1Vd|OZXRc{LWli)MF&O}_q+;@`VzrAQ_h-n>o2!QCRHxZ=Vd|Oel8htdxX5B(
zN=XGadXV2@%>AFyqlU||cpVRZHr_BXXj(3~gnkIbq&}{Ygq3`e=N|+`;^AKnJ#s}o
zqLtSCe*mtG4OF7Il$MjsW{fL|81k*Ru4Bk6*jEtcM!Tti{?&w~ub*htV)wP{i%lC<
z_F1t5q1b*}?ahn_t=N_8iygFL(^hOI6g#A1)?-Jk*nhdc*bytX--;a%#g3{NhD;=Y
z6}x(Uu@hG8fEAk!#ZIc2*-TGcvA?^%*l8>FniV?}ioK~~CIQY_v8n5a_Bktd(2C84
zV&_%N7@&B>y8Z2_&4Wj*M{Xb@j#!Tz!r+U1z`Vr*xh*1&(=p<!qe)XUYStAI#?1!>
z5`u`E8#1VN<<3C^IwPP!<R=K7nZQwp3^H#!LPz}XrUOKA{51o7+91Ae%{>sH>=)zM
z%D*Dp7R!D!whRDwYBn9?XEws3tN{^>ES2Vf=)>4Da=dyySua{WZ&ch;wV5#%>bgW-
zZ9#sbQeeg2fd54ocj#~9;EQVMfLbbA4P4W*b6>w@=d8w)0+o&VO6NkQ=heUnLopbi
zHjMXOkMU_Mf24x??Rh8^ezOPTqv{DTjtddz4*dm;8=-HgeSTk@`1%;1uo{mW%Z&L-
zXG5hYyBJH<&T3fe;w{a6q*uz!{k2UXQY)%s=nS}kM$vZE$h>6@J%M0C>bhT(cG}hr
zPS~7t!5Vl{>XGSqOy%b)=s62Fn4FyrCBNFMWzNQ$@y}byQ*pCT2=QQ!a`FZAd!K~X
z`Iwir>P_7r`c<zXd_r;=#80whW2K+kN?#5`caU1<Ej*S;w9S$q!ygzXX3(YQFhJJY
z%D*|+E*dhdmi+RNRa;beBQOatw4%FQk@0BATZ7GaOB220R#SN~?n=AN|BBfZZ||LC
zggxUTk)7SBAx8(yE;BO=S61_KVn&T$XZdSxR&%tn0?$~LW}3d1l92Nnmu1G{MJQp=
zWclkV&D8zLD=d=d&jH{3T@jn3YH%=$lQb)pE7e-P(bqq)AYZuXCPis1x$SnX!c+Gb
zs-}+{rZx99ySdH3`OkK<q~S`u`CGfW)!)3lPi1cLHy^i~n|+!6cC*;OIbb(8HC!10
zKWR6M{LMeJn}z=7XYD3$xWjhA()~+zG0<>dv5Wo&x_RnO+D%`>)w%f%yJ>g`zil`5
zh8y6`@7PVv<MZ$B2J?de{IT6sd{Zym4HgNt?l0{IPSMR3yTLjk^8BscV51OuKKe1W
z8+(Hqw9jskbD0^xXIZ#qMTR9w7K|l4{o#*g%=AcftWk_Gdx^W=SU{#afSPgLGbS7<
z?%}l<#T>q;<F0A4W5nq-z~L_PX3Dk+4o}C|H^DKD1mh!2+G92|L*)%@bGP+asyue?
z+^bznRi6iv-^hY^tpRSj)MyWf`Kin<QE<w+TV%;g&9KPISvD6lO38xKuTf!E9zRet
z60niL=6JAJO|-2Ux3AaIf;HW3T5m1ml4Qsy1$|M)PA0zv&l&#dq+E$hMpXk1Th3#W
zmCzrzWqmDEPwW;G98hEo_okd=I3AlxO698FmAxNS-hYT;PO(;b7Hf<q0aOFT@g&vU
zv1za<O-LxpyGYJD(6J7sMH<*;E7$b=W}mDoDne04%o<NBLJzU<IM*c4_+&MhAW#gW
zGV@9zLuO5&@wX{BM7~#{jSPn%a_v~M-6!`^)F#7mY0r>Dn9z7#lRTiLjiM1}gAii9
z=$V%OkTiuP_^S)9`oz}eYFk1=br|PNmXVlg|61$4F?uQs#IndsR|r<aA&2v^hiE0p
zjEs#TV@0A?Q<$0drao?_J+mEq+cP=;!dtklp-X&2ml}V@no)9OJx<y`YddMVKEm~_
za@cbH(I3s+KhX6%5%WGw0nFUZRNk2yG%MUOZc{?z3rUZ4+}z6WrXP@E;&A1MCT_T%
zp&4AwqM=bcO7KP|!_;Xt!O*((k9>`8;n+Ye#iUB;L6)E)V;uGRwHdHuSVTx!!?D7t
z0~nucu`KdxiC3ww&xvWncNIC|by&bmkMy(DVjPLg*Fb7hvWThnAFPRF>^FfB2V=dP
zK~*&pyQmSY^Dq&u^XAy7@mpD`JMhDxx9}Brt1vCeb{DaP)1Wuos(7BEJ1>%@O%y2A
z9r}SzZ2<tCDufQEX_T-aFf}3aaXxsI%(6`DitJ(8TtWF3wQs2|<&v>PA}ASG>+zDW
zM@CGzcmgX0@h=#qv+d$S##8`Jx#hmxkW`W`=pYVY^OXj$$;9%*C89G}75SP$XH`+o
z2T}il+^T6Hc5qtlfohn_V9sbR$>G*{Z<iXU%rA18`CPihvY~;LJxsMY{4>8iCWHx>
zVMZ{DRIPG8q>1P;V+{1`a(*XoAqTw9d-DT}B#(P6wkluA*Z~dZX&#b1!^n<3J4ELD
zfp^bMtJ{qoyiZ9+_?c-xQgwaCU;9cn2)geA`9i60vzIP(d<67VtTs=t0tpisjr(lq
zr7(gbQOpa`6&tC#3$a1S95^98fPvtJL{ik!#)=4D+v}JQ=-pN_whIW!nA^H>P@u%z
zldX6cDS~^v@#*V_`Mkj``yj3EI8wskroztnuKMxq2Xv1^#YVgL^Mzr)2s3^hM{!z8
zVtU<%ZzO*qE-s1R*e~JZ@qXiq_6XMt#s4sj`88qiUmd|rB^hlzVD7e_5ge;zEO(d*
z2fS%(+hKaWV>)j9=zJfOmw<nN(wLm<Ax$7k+q2Xv$>m9J7A3hnk1xar0vp`24v9sC
z!215!%eh`sMYuF#3z0OcSpO@6DU*0(U?bLOio_ZT3VB<s5l1AVWbWs?L^0kiVives
z0eIpv1xXj_B?ls|!zaVU{+YTTpb;7wxm6NvZRJeUc{iNM8c*Lv{=(cm9gSx3*gz6T
zCXP*jBV-T>Xq_6S@~e|9E)?2_s4(?})LcmPt{+^|JsDhL)MVU*nYx&g60*ENS=IaH
z{!tcGR6QEfBh!d<SNJ=$D))C-P|XUK88ykX%D-HVbO}-+@qXtd_??Z#63xT&)ZXjI
zc!s}<nfl}D{3)Xwr-H75%$0wM7}jfNj3Eyl{}Ln)l+}>FUQL8Y&~chb9$ePBIASx`
zBoam>60wR|(exovCCBzXi3BrOizRz)O1Temd}!RU3XuJ`7{uAb`@TT}kaV#WH4E`B
zO%8Dk8)wLR6qb#Hh;wWk=r%UsLI>)))|T~pP2nMR(&J14qPkhEB*O*vPQ7_T>Zg~^
zV7(HoNYovnAMl)cuJ+oI^@EqlV&Wic%f24~r&S05G|2F3(GkBle;HyS!yQe>7U_@$
z3F<YSWL_MA7lyD0?>*E+ve4#l^OkmW9qXfkEQ;eq+O(I4SPO1n2jOnU1P@`P3PK>$
z|BiV5&%|OwHUT*%Nf--C&{6V1ybC_Q*xG|+_pReK==e3(!5$$-_=g|2Z6T(0m{;R6
z_{oPmWO|S@lBLy(*EAl>#&lW;3N*8@InRyzH0HA5(Bx~_aIsb^(i-H~5*(A_;uCp?
zX@JXQ#7Q)jX;=*^_O(cjaZ)Mw^ih=vJ98WpiEQ&5GdyFxO{VEjcmYNTo`yWH7W;&C
zy}BPvHRl<J7=a|DEb{sdI>N_^6I0VMUm!~qAl4RSO&>O3^u=xiFl%&Ik!_1{Tq<fS
zO#^%Nu8&kfV6C@E6>61Oww^OUaw-LF)8<zmx<4@W-Wb?SMAic9P1#Q@)MH;yWLu{{
zEnrB!gTPoePY$d3zV8C+Lf@M3bv4Xe5Xel>qNe1lVVtf7JBb*a-Ly@SkJa_u(5Y2)
z5$odEcd?WZGOLT3ehdV}UxNFb&J+kbsSAP(;^+LGhzzrZ#sasNkr1s%2bkA~hDnFX
zZOr+uBv!B^rk7DCuZEZywH&gcG#7ZJlSxw|nF^uWd8k>0hZgwXk?_VhiTk5&$C!lw
zo!FbdcE`JYOqSR6krRDBz_7zVUO)f_9y9@Q1LC)(fm>jtM-U|6mSn#ov-!6r(XSAL
zrbl<BRXw>YWnnu{A|jUs*=9knuiD_%JpadCyt@)H2#fM}6V=4x^}ACIGmA3&hb#<z
zd!+0n?#R!S6zbqt^|;Y($!;;2^t+lwCW)NXiu+aWuLo%w2=n(DSiS4R-A1Pn7Uuff
zJeh<6Cc20!@xS^N(ISQ_4aJQx;(NynLHOTz;938s?ytLavVr&UAT{@RYWzJKvB%?m
z-9lH7li`lEz|~bw*_c+2%w>hXo3%CHwT!FyI|-5xZ`MlL`>r_hUMjEV(PUAAAx7Kp
zPAs54CPZH(`DO&ov9A8-ZPD?u8<MZ_vHw>H(IG=JHc*lUw<JS64eC$Zt&|j9>4^{@
z`?cPu@AjmKkNtYvK;X%+>hD1Yctl+L``zVSAj8oclVMZORAK9Yk+^4$@MGNg&YL?J
z7cn7TcQt+3qzyPfMvA2IyPbIl`R#$R#bsHMDq4T3SXeV<fQg+&<IKP=>1Y<$OtT9+
z(=4@8*h}DCsug2aqt<pYQH7?6&wc{)ANcWDyO@HJ4%I<sM0?!lK1ZI4UfP;W3B#+W
zF|^OC8VrB1^AqZyVZZ761f~eix7N9aG|p5JNlZ`6H9d9Ap3*%1pjBiNuxyYdngJzv
z%xn`DKGd{Xg0hM?Srxjkfg=$OrXYD#S4mMAN><`lAOhRl{V4Vr`7ujsIdzdT13oh`
zdCF{Cx0rIw{HUNUW&8LKW7%%g#w-aK7l)GNR&@bgK?7fmk*<)6x|J#j=9aC(D7dU$
zc!}OV&0F<`U@Ub%0`RiOfnY&BTg>_sVBqkKx{i>68#aGCV1~!s@sDRtk#|}zx2qXe
zH9L53f!lz5!2K54^7i}HTJub*uKUozBrw-f&53_rve1t%g<mqLSlX;pg6=fGs|nU>
z8#Esc=KF$}3-mTxkN(=q6oZ2GpC`2H5tgyyUo-;3@bmw{q?R5L$w5>~eqVu0!mOT+
z#^1&BS48*(JO_P~W=F53hH)t5C2%!=71-;|$ZPSo(5+RHk(|zQecMM{%raG0G0H?o
zkPv1}A%-osGMR!{S&HGMftNO-m1vKJt(MUk3<CD^D$Iu`gte=Rst(F)_(6FK>tsPA
z{wU?&)ATBtkvBCp9h<-%yBhy7_Im;M_+b>V7e4H%NgftCA62N1Z%sfxy^}hrx{V2}
z-YN?Zc@;BW-fJV2r_$UAp26U*L5mBO{T)I`83-&lFTu6-^l3MbCz7v+40fBS9<#(i
zp&|+OM0%=8n~?$uRSye7)dS_I$Eye;-%mICgRnq{;vc(-+QP$hkhx^6RYnOZy8^$f
zto@e>vy(SP0t7Xb_(DBJMIjc7EA`Wb&XYM^c~RP0gn!pBlgbK60x7pw8zNPfhMSrL
ze<t~`F=r$hWOB&IsCRD>yWWP;ejoH$#RfMb{TJJRX_{q8saz}7tMz(?&`nVx$?s`N
z+KL12Y4yLizrW}!`u`ES9Ik$!;qFd`yIcK__4g^m_mcs~3S<~nu6#8urF#q6%r4W&
zp=236TbA?zcKfwCk>839E|y)yP7D8%CRka$H2h+_1-Q9(h2AQ2#t6Mt%{rcz+WY!(
zw-ojFVR_L$2r_d26mef9PxF9=l_hXI^6xInccsHkp52wM22@$X)HnCt9vWe1FeR^t
zS^^7ngNG*{c-%FL#`_4dCBw>=uU`Gc+lJnfJVm7hy88O=ZP^$F-FsW?6Ot;MZXyGr
zt7T0lK3l+Gq$sb59%9HtiVZ%~4WS?eJd{cU@fGE_7uAPQzsj-{1c23ih3|r=wb|n;
zv=`8=tpUOkxLFZB(_BCSW;<VZ(JAm)D<{4b<FpEFZY?B&NfC3{Z>tKZC>9h83$~%I
zh#t?sr^UX?sDaueG>m)RDO6Z_I|OhCm3Mhy``EvBPqIINo{ELcG<Pea>DaKrsNBIO
zl$jJZuZ1Ezgw25)WAjo68#B|N=~VAKcSO~kjXiCNzN>g^zM?2R;>*F=M(OLJvRT7+
zMt5L+Bs@KZfISqR9VGSPwl-Wk5Ke@=$7A_U-q0QC$?)_IARG_Rj`~quaXzgwx}mAj
zZ>ASBb;awk2GgkkWyY|Z<!%Mr^=)kVU|Wq0Fj0xuERN*OP~t$W+4Zz6R@P!DP1%Dn
zg1#dAY*~|kgeqobiBBPPl%j}A_c!PQH&Y6j(#0%;1$Ue!gZ!fvzjs80>PS=*b>~z$
zkj^uW6V~Xx5wXLsXWX)~6*1an@Atj5vWRx-0T{8U_A5w@E<e#DAth<&64@9kjf?5L
zJ?ZIiqRBlTb1_O849N_qm{Wv?CUvPi8F9oV-eAOD2a$z?Y+0?0`CYbqc{Ra=f}<|p
zMG;Lrv1tRX5>_A69C*#OcY!Liudg5`$RKCbX&1>ORt15MR=rgbN`Z-0p!v||9A8Cw
zkogGQq;hZ_@L@W&%$k?!ya#b5X@QMRvc)Vpre^t8ApjH_L=v!v^7z*?b~6*!>Z_=!
zEY+$CuC*T&O|B?CL`HT3<BfmFLMFKw0~y|og;20E0Zg=up{+P;64ix=i#%C=KfO#m
zmqq{S85_=M0*}cD9MvL$sLVV?uPaL0&{uiH??Tc&v6$aW@LExQ1OrtCh9-ccNO9m(
z^ltdW*&iJ!jZL;U&q4R`2D6;zdn6Ryuf)y)XdJE7yK{AS7H6$I2S4~(8{u+D^Ae+t
zS$o#c+U*$`zrn%wjC{~$WG(&EwG+?@Y}OIIoDj#XYZTNd8SegL!u|%ca6Qt0HVMZ`
z!aQ6mRZF#UtybyG8}|U!=HTyREOh4PyTjAF^|X_BRd~AUNuJuo!Zhp2W7FM|=76TF
z!elH<3=jF;NOPW6pG2aQ=1<ZbE#}LtT2#6{N!wnL8HmIt5tB1am_TU19+HfE9YYv%
zpk-PviyQa)qq`!yD_YA-)D(WyS#YIvFBn@%N1W4<?79I+vd&K`5*@nD?~-}%2+&nA
z^6f4Or=u}<={k@mU<hA}>apDKEYgP%qM8qTCfGboC=Z!T7AzXHK|2+WbF(7aj5ZPU
z1ggN+7xLfNVqthP<X_#w>2U(YJ*tHDDS8i;006_Lm<e-YmI6M^%!Z35MD6A<1c4pq
z=Iz4eRDk`AaG5n+b{H<~TJi1e7I;F)ycr5SE@V#M7@4gdWH7yyZBvUUPM8|@+thG2
zK$^D6<c!sQAZDH~+eQ{o>`-F2Xf6#`bbCn)xpOhYRS`Vu2naA0=fm^{g8TP53Sepe
z6vEV3ideUPTZwSr*_P%OyMi>=LanGY{%L!aCJvxc4-OKXOEF`jEE%SIGnwNNT_%~t
zI!q`^kcR3H^hG7IV3x%}N;hePHe#f4Pvmidmfyx=L0w$ts!UV?p)(T01nP_vv=fif
zMEZApklCj3K)@<dz@g-CMl{y#faKs8YFA>hyE?4|5>PikR=MzOFoh(KHV(#+!TrQ<
z|M*vSZ!eOa?v4ND>V+TLsQ@M(XB%Vzh=wSejD}3D#O1rlY4QxY8q+drlEtLamN697
z=CCA==wZk}5#n{Ag59x!uzd$vz^Mb8Kr4LefJW{&*pd0;gx=f|c4V&8j!c|q-O(Eh
zN8tyEe1p|#*oe+1)yt8q=NlShW_falz9_2@M)JSbhJM|u$fy(#L7n*`vCcXPgZ8lb
z!`0V2J^pJSxb4m<(wdwuc4vQvS<sz6TFRr_1;(5{4c29>$+r0LPfD^nPQXo7COVNq
z`|#UGbUbR;c1{OdK@xvF2HGm(WOMu0rF0b!9)@Ne0yo|fg;PFw$nhZRRZ!BwAiEIi
zjc=p+c^O*pE14WC%=zbsG#(1vbAL3<Vs3p4O5Pu_tUhRDYJw^RVof`#M*EXRno<5}
z2Ri%~jrpC~apUboM{v#i$5e)s+Z!LyDA@96W-BRN!a2<!aWPh=VLFi!B4vm~=Y1^j
z=jkLanY8sZY&hAB#9GLGe<F$PJd7h5VKk~pnKwD~1GZOgDMw8B3`cvIwb5taIY7!y
z4fu-sKudPZM<QkFLBxxP$f80_fV79LL6HdpT#LX#p*!OMSfFCnHKv_C0ZDadOn0_%
zw(i8q%y}gY2ed#tdL@S8Y{M&Uu%=^~<ASEkS`vvSe%L4^oe?Zf@Il)05XlMd`R-lU
zbvyz=+!51Ae{hV>qG)_q$QQb~B^t~K@vlbDk4cJhivz&Osn+nIF=XRMM1VjBk8T1P
ziysz=5NE=(@mla($N_@kDMoh2^8%UM8;E@%GqMl65LAsch<#K%;BoN<dk;z2#%pq1
z`a3hO$YM#KJFl2B*C#9Od%PO%?IqqI#13CYvVUtt?`6aJ6K#=CX@+H=eqfaRf&2#>
z?}aQNjTaN714iVM`?gyL-p9v~z2<i{HumrGe<U`P^C#>mKJp{xC|d68g*2!F@V?`H
zVW?k+z&~LCU9S&%&ngyf?@lj9y`MSh_?Z(uSV9FXZLaY%CoGMOe}bP`3=B6}{hh`;
z8sAFuACQ?%ksnKTwU}Irbg)^ax0z4O6HI%hGT2DP3T!(WjeuAf((PI;^o=T5WeId+
z@*-|ke1~t->LavJdVzKpQ}0qOvJ0Jfq?uHEFHx%(BBw>xsHodfL~uEzqlY9gtXSSc
z>Dg}26p$P0q_1U<XH+Po6~PoRhF@LlXIi3t(hOg<L@^pPXGr%lJ9dq;iMPD_Xfe+N
z&^xHvP0z8$b9CMI{QHoQ9S<4fSo%TKxDtGszQ<sF-(wW(#PEA(gi82s5y|~@i6L41
zpT8H}U?kfd!dk(5y6Ihw65?hhAiEri1rb|$ha)i#o7=+N$Pg<QbvF%4Jo{1vPHF-Z
zuL4`K50+>ZWkbdi&+Hy_dq9CFApC&R$uJBka|oaIOnxz|%@_N+gNkzz(nPdTxYRNd
z#YXr5r#5Yk6^xij3o|J)<J`|6oV3uV{838zc}EJ}aypn~NECu`;xUb=b^&nArN5ss
z$B#OCrKhc&7)aW=_K6ec>_UWQIEv{lAsku8KdK(hliS5+OIjgXDueay-~pZ1^Y+{6
zCKy-rV9PV7J}HKV+_;9+ZF&>BZ8ewB^*--@k;b0hPAP$i0U<=WO$9^*cHrf;3o!K(
zjyX!<MK}QpzkR4ICJ7Ue{5VFA4L*4QZfA>RoY$nZQ?;Kw3<i-(HffNB_(tq13=!L{
zWx`0Dz+g4Qe1o@E<gtdE{W1%2VRniOafmz3MHmOXc)W-te5x)QVH1sP);X$Yhm1vZ
zXIdSZdhJinr+Y`H{_LY~*LIIg@n7-Spqu(KbmK&eFPGeuEYBFExtu*}ml|7$2r<rF
z2>X_!0IvJJ<i?!ViQs6<$7|wnw9Vpr`8Yog2YmpdAqc@?z96iLk5c}ml}j9QgaJI`
z7y4cpQWja&V!5%MLvJJu>posioS}ymlUe?iL?OV4EH>S(CMjtEmT19L`0J(W#brg+
z+}14ODn(yW?Mlf6p()rJ-SX=8NIH;|qytlvbnqCIRMv(x;`xHl2YyJ{u5Y~CviZE$
zoKbM5DTKgc4qFi|ZbdqHj$YA5g?N1XXycPTQ8XQi$CyIWEBdD+_<{uO2tJs}=6rYX
zliopz>}QDXI|Q5N>$F0<`eP+m;?hRxo1aoH#xaIDtj}&mzJWHu!V;E^e5=nz*fhDw
zgVNT1hE30&p@DlxUx0|qZXFGgf0P9lSGWq-`$#+P^6y3@$^$H+Bc~JB!b`~HPa3XJ
z6+?yczR%~aDz7vZ^7dI?H^hP@%D1{T`3Ab%4wwAH0|f8*w<~GH71k`S+Kkd+&CM~m
zFU6|oR!+dLzsu@6<9x|MLD6`n1=51UxqWxCsOg=BY$p)n@K;$by+gYbPI3;@JY~Fl
zhitwqizBi*bMKN{ISX#(L$Rh&o2S%#Hp6+pa@OltmKs5Wj3r9$TQ<SI@K@DgxSM=f
zyez4}?ik}b9~H{`WwMcM^-l|N=M!y4$AR~_zh0vG;4yy<8*S!_LJyFTf0%@<SVAQo
zR+9kLVmuMhniaDApK8eP9A;(aZxI;oWwYgMvopkGxWFW>6j!d8nG>fFdx{P7+EvC(
zU<*26QGel+r+vc|ORI|g-29Bc%ee!$?dnJX!5RqJe2ZrlB8Y~PVKr?Bxw(Eo&7YJQ
zQLTk#rT}l2>t`8*y~I$@e-Mt7gyvZx>Op6@B9{>};jfl+n5V8*M61?B+DSvs)dH@~
zHC*2(q_p3LYeS%bm6mZRmmWOe=Lu`#OCUzE-6WKl!h9ea?^B8xnpR4it=snNrY7zH
zqXUpK=)#ahd4N--AkVfn6*7qmh}T5(u5M`tC`2fNr&;5#62vPYU$;ty_z_)!)r{3>
zhEPN6AV!{!1Wty9jv2`;^Bc+x?pWWL?6iFL-POWrxLuZKWHagrHZpr|!nx0cvww%n
z2V<IA(XT$lhP@(U%AIJ{2SwP^23}^hL3QY?Zfh7Sxdn++G3Z!<MvqWuD!?RW)tOX3
zgYDRhb@?vqy<%ObzCy$si*@W;RrQ&yVnM65W7kx`STb-p+|24tPf&$Xs>HFNj&01+
ziy_54#=YnPt><)u`I262*<7XOT#z*lBbup@vW>S<gE|daNv!W}x0xN0F|ST3paOS&
zVfo}>aY2B=I}?)ayv^jFCgAYfwMIRIk%d3;TI4E|_+CiaabaoA-`l8YT+XgJJ{A#o
z2KCd&6JkUso{-^<`sq#R-*E4cUndbXqt%Ig^L}mQkHJ-&?199wM2U$(PNOVKl4yBq
zO4H(oadf;Q%CXs1?374|VXg)hTodIUc%OiypZL`f!_w9$pexmDDMQ2d5OH0=TIjL<
z#d6I>phjk!*R<PS-YA*cR1NAFOo98DZVf!Z>>|viNz?+PXqS?zS8XuqG7ozwRAD%2
z5SOK<Xng`Z01VV^CiL|fo(d+%3)x->0&*4H!Z@_f?-Ef#@kT#5PI6ouBY6a3Mh0t~
zHGlzWEoebyNVt8}#w~Esaw!)HuER+RN_ro#!erQc?<*_B-W&Y&GPRc34nvNWMvDiY
z@pTYh7>p!&|A}9WvTs<*C}R#0ped3Wv%&(1#p5rBAR7y~fZICiPkZXnGS5#ZiD}6k
zUEJi@=w`%U%sk<B8RRi?+bzZsp@%fr*4COqB9Yxs{-fTQStLvr%OWisq<k=MjMS%E
z*~r&8LN?uf7`>rY(y#;y=*o7ravcs1s*<jxb%Z9A#+~G_m{gL3(tt>(Lwfd*zkfq%
z<2MpB`_R0O8E<uHRO%;ri@9DdD#2WxXgk|fp`Kz|MtR-~!nm&0*{n)@0Bi(8#8Juh
z##^Bw2GjmRvhZB?pH=?a)UcHj=hC<m96Q}$JFa0K4@7O~0D<~u^=!wNS?C_lI6TBY
zw^}NMwCdByuv!IM$Br9rIxrO6Acb}hrJAT?fny@{8J1lW%m>QwreAk;40G^GEz(md
zWxt!va|uJ(85A)ur5J(e1afR3SB9jAb)*!pb{HqxzBahgokB1q!u~fRnN111(S}~L
z8_02B`!QeAb`OqBdO<@>le_KIFy8nxRie>sr-ax}m90`>r(m3+<QWDQ$<t;6va-_>
zg*0y;sfACb!CbpMV%wxYFR3h!V>ah}8pY3+%(+E(a$XX^9+K-~y{_<SwNFb@UNR0r
zSUWI@<2_x{Maed_pl?t$LqR8^O#hYbo?a6@Pcd~I$)BPq19rK7R`#~Yf(Fr0LU9fY
z?i7EHa>h+1_n&-mHh0pm?cx%iMuR@A!Mw2P&4{_3k_t*u&6h}pvQg3chmNA#hLXo%
z5WCoH^OMN0xfU<3EQDOG76i(&iKm6)x=n>}PAR$1SGl^O4nc3S4nXHY8_|KlB<4;=
zEC(mQR>qg=?U6c_j<qV1Q;u*1Vmm61!$aVx)8;#7(<i!-p86pxed4%}NUgZz$tdW;
zR#`YU$%F_;r`z68ou#xU`l8Aj<ty%soJv9m2coh4eNFTQUTY`%5=mMjN(j7Q8AI{~
z^74GCe%fT_QlXn99B!|KO%RMZ5P(-$5Q4|s(Sx)(%inJTSq?oa`MltYX-Gal9|sFt
z6{zJN;t&vF#x?+vMJMH`<WXPJUpW->aMluqXA+MVC*v4i2a|vp!mQ^X_{~3Ssp2@q
z4qnz-OCpTtWh2NDb7;<5Ymdhs{Lz@z93E}D$cpK#rE7}$qgDv20jt?ij3ZZKt@$fX
z$9Kg}XDwY*?6lQ(+KLfOWGP2^#WIRk>^QO5>8zz|iuuFD2*{zfxlru9iV=QOaXQ#6
zb~<b6nqn8NHiB^|b~zNgq++Ne6+7E1b~<b6nqpVHkJpM#1&Uu)F*>Z`bo@~4bk@=}
z#r)wz1ny89hYwlG;X@XW%W6tzEs1a1Oe-(7moC@9vBMS5Q=IH}*iu(K9O0>nFM>SX
z5fGuOC-k$m%j-IPydzHz3k>f!i0$W8ngK4hKkN%Xq?emJg}GU+<<kXnYTR4mLyB$m
z^_-uCe&wcS)1LE_dJd^pcnp;g`#}?Re$q8fJZKbtE8+YkOlt6T=$u1PIUNRNaJWJY
zjV2DYKr-qM{rU5Vy6yX{nlw!{BFJaeGfa$r^00PKTSZp|3Lll#bs*HWUp;DpOR$3V
zg^o?S2GN&9jf+^FalwJ-R4BW<i{>TtNk6|KB)Pmpf7hb<IiaaI2BG=6>(R8MDK85W
zSXxaxJngp!98HLux`%4$?V={SBeQ=3bSl;A<fpnJ`jQ9ePjAOEObKnNg6<EZhY?$m
zJI0i!IsU=%1rlqKo0`g`tDjB1cfBA83(X!|mWy9Rqidz^|G>V?njDoDA|pa3-CO@9
zlM}RvHY&6V%F{e9!XX!jK2vhPfYCPp02b(<PbDs6w?{`n|2&XHXIy_|8vTwK5SX9S
zacvf)^Cql-@^Eu)9;O;K$4z~%<e2q6_*Y^Np4>d|fw&&GS487u(ARPOjCWbeah~>|
zFGEqNR*e)6y{~bOt471I0uVQSq{NYVq3S<iBCz6<dfr=g6LBFoA2#Cmb#_h^GPI}T
zup%InVVE6CD59RkXw6r2SUNpw)R)r6GHKGFmNvGCZ4-|eyL0UwNa0BQlj#ji&|0g^
zl+kcz%3A3uyr@qnSk9oX&~xlfmoi7R5rJ96T5cqMkbXJj-zr|%9SqlX_(`E0$_1_!
zi{@ZhX&ZaO!p+R{L{Tt;z)xtdh**wVq*6=nWyJ?(n@~(OhbpSDPNZB*r#jF<DUb=b
zgH^duj9TiyRkMpd5r9r0kNZqn0lrE%5hoQ9vOzBUK8=Kpoykr=F$w#<Mq|Pukchq_
z43vc+Y6OYh&giz4Kp9}plsB+M<}%8kwJl|;1m?n-M>F`)P!VI2V-$GAQn!l}D@xa)
z1-A<=ZSD3p1hdG)H~}rX&O&gM_)%gz4N#M|hJXj<l@?|F){HfXp$N=r0huD4Cje^^
z@G;ytJ6+Wp`iadptTtiENE+4a<q-QZmt13r@Ste|pmr&{IHgELV`!PFAM}FW_5DeY
zY=@jCFhwwRyjlwmB8t8#)Qu*jM`R!LR9B#<5guhvRj{srL^I`03aJzbqF^zh%Z6`3
zrU4UZ-@^~!qVWQkcs@|-`2gQi;t6g;!&@>EnQ}UG#}Y)$jL;8u%ig|L%#(~v6*UDF
zSDkKc4?wk}!it9$YWz`&2%+Bdbe<_U{x2rI8{4(D%Medc4du6{gJ(LMz!sQTuc5X|
z8?O~unwAtb7O;HI>Z?(cNPH63OxOjB5%BtmO@s>b%{Z5iK+}cB9+`J${QzB8FBXn+
z;%|5|)mk(%b?LRA>)TUgyAMNV+DFG$-Ah``SKNi@`KCT@z@bZh@Rpm6B;u<@KH3_f
zl?5N8*^7&asMtx2Z}EgX`j=su6LIt&{pt(ow7{M>Rbf^w8kl`VZVFCHrdQl=;$9?Z
zk?O?Abt|oV>|azi55^)N`&wj&1I8C39UoIQlq>k+1Gb#fSM-mz8r%aw*b;ROwip=a
zVOs|$+9-VSP;mpO9+dl_b%o<}g|A?Ptg_<t??4CQq^L9xY}M6;mO=MLVh_Eq2fCJ3
zwrYS9ZOB?M^pCm~hzTgfWwT0G7Znal#3~V18M2be7cQkipV45GgoHL~z%qK0B^u@k
z&UB85Qsq+E!!Vc^Sia>v(!*TF;34(9?iM!(xTHj*=?zHXP(f_V7;0sm?jykss8N6i
zL-UU*9W};6JDTTGk8e$9pEY3XhKw$c({#+akKqAC*?h()Py1x6Po4;?yJo*}KHom_
z-(_hOu=wWgDKm*^Do;qC`wtPpdU29Q4Os3sbQ7gI8i}L$O%c(MD3Il}ntdkua|Izm
ziy;n)?2IH!r0zG&N&+c+vggn1^)jEi@R^6C<kQ#Umfcd>`*0s=cM9rcQQa`eZ|#vm
z3B~cj4YvGjKpRQp9?0ZTz72z7OEHH>Yn88QrLSqVYHH|g`|AtS7OJWuGr)kq2M0Z_
z4|oW}9>NCoI1IZcdK5q$Z1o6tV!+?RibDK#<UkX?p^+SXrUa*kl4>JZ#GpE2Qr)E<
zr~lRC7})92a8S{&Rl>}K43lrJPH)#841+(TuH_*@eYI>tb!now6D*z8%dn7#kB<9b
z@VfSV0Nlk$9Z@jbOE$*9mz7<+FqD27n1(#F9>}wmh~-o)n*+WPt~vLdHV+YDju{G0
zmI&bG$yhU*7^f%$*Fs)XBs!BZ(WGnmmLjmHLLFa{a1#pMDyFQ8Q&z>a)IF-$$Hqq>
z!VWs|yY9YyO>|6PwB1JOF~FF@(*?6bh@LhmFL@x71_QkbA=e_NxM*w`L|`Rs0}vt9
zhj=YE;&Q9IIRl(Z9BL^dvDO8>RiN?FfY>u0^wWGa4S8<u$N7TH)#0smw{lH%RH?TI
z)!otS@g(-o0+Fd=)YJ2E5A(4ww*j?=RRu7jE<T#NXVtp<;`Pvm6-G6uJS*H?l2&8z
zZCU5UL>mS%zUU33M8fq8l%@p_=x0N32dor~3*=-C>QPz6G#8`%-0@<ox>KVeb~WiI
z*1#j=<efCF&+AgKW#mwQc(w;nwQ2A&-$E7w5(TmQ_x9B+6_+iVuOe0r&gTTDif+e(
z2b=Yp=r9i?W(50l*TR-DmMRu|*w~8%TQHeb4cyNOoPBh$s*f(VfqvH4Vm0ruYF<}0
zg|Fu4LN)M!n13i4^3^Q!)f7|{_NOY?i6JIA9WiR@B#mKcs4<K>D2DYutG}CfnCo#y
zu~$VH{gX%+Z`if-ozVErooVS5$M5zGVsGfJiTV8)MuGQZxTZ1u0-4REK`JY5&k(km
z=y5UJOPYnAkYa<$qCI?><}d<>(F^ZL)s;Z!Pa}m`G3M-A*!m1fZCtdc!_@-2Pt$2b
z$07rF*n_{%7P1C=8kr~qKC_q%v^8&{tC@k8aUPh^uxwj)85RNDN)K*%P}n_?F%oT&
z5QYAP)JS1HW>7W=DHs%Nv^#?2p(euKkU0={B}z>a<vC!O-LhsT-)j&uTQSB~U=$wI
z(r&{rzT&WD5YTdzyA2|l--d)b`><B)L90crLGZ7Mwo{jxmuqGtzNRh<6`2918gKSv
zogGTexv#k|(4d#?>YnZ3H?bYf)_jGSH*EnHm5ThIECR8|Aw_@(MBvm&mKt<+;yC1)
z)y7Em)g}^I5;1k>Q7?b<!?IQ={sBtk(UBH9{p;B%Ct+}V$F5_$b97zaRonspSoeC%
z53Nx`c;-HGly<kuBYQvgiY{N-H*){<?vdK7MS0}j>3s|^bS(Fke^=h_7Q8s>k)b4?
zR<#coVlcS>m3^BVExxbUM<W>`8fmdUu!UXEnrdN(Q-5i(weQu8No&=_&EEK;CLs&;
z7aVHwT4bDDxg${#eMGGn(PJXlN_fti)PfTKLwmlDg)<XX<BBO=9;kiQRaFxOb^1?@
z8X-;rLa+#MI%6l62d+G_YflmHZp9<zAMk;)JTJWmnz9N%%qfGyOTNnV*hu^e`5vb?
zP*yEg9RN*UM?5kOp^q9tF-eDMSUhqe(t0C&2~y?a!>v@ZuazC69iT6DeDs)ix+wot
zt1@zEuMlG0SFx3<AZ=!9Whse{!bd@sa!Y?7mcE_3W8D=8O?phLI&w<#j6K}V&K*72
zRp>z*+r6P{`OUyUC->B_B4SY{M;p~i?-fM4#J3*000OiKjFZZeV-#rP2%iTW%h%)B
zgIp)ywa8Hw3#73A|JKNs2cF{5dx~TNB+3vcYWTtP3$Yw1-Ggc%S<k>RmkS5^5`J}q
zfm6iCAPXNI4Womb_Ml;qj8tCr<D@k5-P8LH(`oaDfq^cyN5I?hD}Drs^%()3(e6*K
z3en}K|H4MVf4o7|1Ab^f>qyqI;|8&^)QgoRu!F5z68~5pF5YTlHEEUl$9>Jd1lH3(
zy(Z$sLX(lbtPGF>IL`7HEnJNml033h(Y=ked@dA4qKu%A){iz3_te*LAN@C9`BThn
zQkSQ6xsFA?g`OG+mPzoUEGT^_SQW8}*iM^zA7+D`aR6~S$kK|}A2h+UP?pw!<|AIB
z{;&d8Q9>}wt~R<6p<GdM(AQd<DsY>L|5#~p<!aoB#ANq3B6PdDnr2?^dzwtP{6(!K
z^i+!=L(&sMSt*)RFDwjCD?UI^Y-E&^VVVZ2u(;Gl8+%!+A=9HO6vp1d<VOk73hZFE
zmT7oEA=wgWB?ik55L8e?Of}h7Y=Fr@9i&IVMKSQXCSBP8si)eiKWfp*EJD;)y$K`$
zs+O-%MzvPG?Wq<dZrgJ9V9)Td$aZ8>JUw#o-~PL={KUmipZLUHrUXW^_<iYgEB#(0
zVA?i|#Jj(jS`%g%tmmKUJ+aaF3{zw(elzPL+UKY`TT>B9UG{-QR~4y@n6dO>P?m|H
zO|(RRbbC=@CoaYcw&2_jxiGZC(y>-7G>8>HeN|g4-mD|A8}@xlF)lAzZosB&L2xKP
zno&#Zi%dK2e0Z7s46*im+Z&x9j`YH&Oy`R9^of0NfprBVdgC}YR_kl^JlI!Qc~C&c
zAL&gzMe_PShlQDlWJbX?i~I%bJbQ=os)5MfP66(K)|I`yN4znsAmSuOsY49Zt_XgR
z_@ts>wG-<KV@Lvr1?|=bp}n!k$Y1g9pPMXH2)|;e&>}4IF?oQ5vy}+kaqn6a-5YdP
z=q>d)Lva)jAs{R`(<^_OyH_h$mdMCWbV&<;H05uY5~hw3^0Zvxh$|stqQC%tr)E>{
z@Y*O70NyZ;+<h031lxSo_jou2=v#28#Dnbh_pmCFhnb(k*Jqf44`|893@vrh_3wa=
z7H{z6C*$t=8xfk)=2T*dlV|4bUTU8w<+pG!`<h7yx~G0HQ<=_-#qD4nt{+TGYP+YB
za3O$1r!R5AXt7gcyk#J54>`Kvr#f8#Hhw3GVZ)r(v!Uchan+_tp!2MW7C;p-fwW}p
zA&Eg`!Dtt+9vU&zz}&)%cGxKPc$p5C^x*Z;`E>gGVHVJVW<tlrl9x@)R5uxYz6m`3
zKi5?`5*HqiL|=GxcjH+31}-87(-g9}3}cmDUFJJZ(dmZzbWYikfzC)_XP?k5CLnF+
zmP{4w%c}8&fP81W2mFk=m`Nm<!kX;5CkDq1$&WPjn&H75ff$SstX%Po)f28aWCb#C
zd=L>d#)q?*+z=_uwEihiq?WFT6fFl+z)5+&*U$O>seeY*eGf@rbT*CY3J`r``Cb`e
zjQ^Ni9@l;^2_U??W?D6OdKJxt2eKOgvI=Hw?w5Uys35}nWN@=B@7nN<vCRwwHkimj
zH0)~GXt(O>J|K{=CRL?8eVR!Cn$Rm|)@u%=z}Aar63NH`4D(!2X>Bc-Nwk+;u_k($
zguoKj_rHbuyx_9>>?i?(h!tdl`Ab129&u}$Fn_Rv`6fUh-vsI3T#xw@VZK8kwAv)$
z14jY#N$@h)95zH-URoGM%pH>)OLXrI=~8yLD69Doh@yN$^E<PlP43ovCYrENtDm^`
z{iJx)c1Ovg0>vq141zUu!MHeOO|;RT*NBhs_Zw&q(pIg~x?BdEp8l}t<d<w_hWNBf
z3tEys%x|V=BiM|$%^qq;@F04xuDH3!p<~NeyPtpMkF}D1K2vT-%zYP@P${H*fRF+B
zrtMwm#LO+hKIo-2k!YFbCUv+Ch~ANdX^-cLn~mhFNnBwkh5ypYV`#AZK2yS95Hk{F
z&ia=;IiM$u0b7S2ylh&y*Y@b_W<NBf7tXK&Vua<rIK6zV)nNVW?%&j^4Yu-;_#;LA
z6`gaT*J!JwtwmJ55v6j`vFVZMJ>$(q8u0oD@1lTCALbksr!6=Y+kL~wqBaq0&Ud_u
zn&$hG`?<@RJA64S77e-?k_DUbUyHrY8foaIehp~N!7OF57TQEioY~{B6v<;q29nKQ
zDbGh>ios&RK6*~y`cP-`VAP}zjA`BiB8Z}Oytxvsv-43Z?vEnKhE!U_S^<I)U8c}(
zki%ki*zib%N68(gt9ndU7I}Ckk>~9k*@lv{37kWEE@`0I6NHaVROR&ntbQ2OmKU^O
zjAxf&(9iKw`A;z|UI^EG5la#6DyG;Sz_`!hYa|x|Y5dN@vYrUKJ7T#nl6#0qIA8lw
zg%xpl20h4`GtNRROYW{U(Psrz0b~ODS-C_-pe`^zwMNyK4A@KnMi3dI73T>jjj8yQ
z6}J(4l%Ba`mv4^h-%l&9kVn^328yUDuBQ{<SNjsUFJ(;ta`nw@(WSTQ?miYLFq&tx
zLHq7#eREMCnF{~qufSOT)Er5A9D^hAtIfK!Mp&Pd95*5U1con8O}5Hou<Uee0n7)?
z&boBLE5!ng7yCL;tKWZYchPvY)vc#^MK%U_O*%JqOiLP<+!x_b0;N3fh;wYK#MSH@
zvC9;s{d(*&m5E)Zj7WTS$=GE&^X$TopHGQ?WY|XriR1&iuaDd}eVDn<7LGs86L&fF
zHR!XFu$4=@op?D_Cr(=hS5jZWTPYk-AIWI%X6Ur{L8E6$hDEWUn+05((XQc%Sp&Df
zG?Fv!>CDps<S9ThD;Z-P0L9I6O@L>sF_QlPi(lIreb~!g<GbUbjvMgZajWAsH8i7Z
zRn3V|%^OtXmvk&<v;Z}vKQE-`0>IB-&&YEI@bwPT7X!2lqC?i~ZzFyLT5J00A}(@c
z1PzEEQ9WluJ^EzmHN-h%^{{^6`)^|i&@TSxLX8TQ^7xnBj0C-=IR;@iDrYE{N)BWu
zGj(LVk8g1WyI|;$kr@qw>|VYN8Ymr7J|$PjYG}oiLm3f{l=VZNA;4Nw@kR_ZeeAoa
zfB3MXkNE1GYAxzTa%`Hp;(jDCelxA5*+#z;7$*2TL$RpK254dwD+9|_h4awF<W>4O
z+1Je79_A9r*|E5QLtDgphisNGWy+FL2~OE0Rtb$UeQi-!#DcZ@Y@3K%LJ$MW)|)Vo
zMQPh_dp=QW6CB)L3;a8BP~>4zXXK$MqlIwphd>i8Rm;`-Vb0LAc?QBC%3S0RFf`E!
zE6};|sMh1!*KFHd=->~uSY|5Zh>=w#M0T>NAXl086a@6ui`jN}@XfzO`Cas)&i>-_
zz7yiuvoQ<d=n;ki%HKI@JUk?NbpX6^7s<+0bxSukZ&kx9$LO5uSiXaaP){eCw^Cbe
z0{xd4_}>eKJ?#RqJ2tg$8sxjo-8uB8!D4{Jq`-wxn42K)KyfR=fp8qMvs5i^;%pjy
z=cScw;>bjru^uL<dBXtuB>Cm#Fw?*U85YVaFrf3U%5Kqvoa|V-5nVmIiGPiZoP!l+
z7%-`SsMR>kOyk2G@bmvQ<Xo^@Lz(7bp~6ETSvm(3>5=%s==e)NvJVqNhmM5$^W|Ai
zOA;O7^c4|txb)JU=^Q>#qvNQj<LZt6>znm989~OahK$xWtfTO9AyP5`YR6jjX&P)w
zOmo4=-Vq$iuVUs$H7Ode2uV>AGSFv4v_MHoA}K)&nU*SU7*aOAA3HJ%&3ovu#FMfN
zDYa~2K9-e5$Ko%Ll*UBE2lw<Hpo?C`^6J)~o4RG!XZ$r~Z({mf2ZSw~)CHVurD6xX
zeUzGib?+uBU5IWKe;;r~LrHv=#?&bs-!nlsl=E>BZib*7&O}1^&twX)_IVc`v%Usc
zw0=TolHDM)efQ|7_FXW8&q{Wao+5R#9XX}1RriRj<BTOcx~{%i<BQe8I!@m#x#OT$
zrkCYdXxP@Cy0-Qx(v3_S_eH}`-juJTHmDU+FvAkXJJ2f@v!#d@tUt0Owlp&V*Uu%4
z48@=cl#d)DpT+AX`Ll3{z0`uHt^be{S79m?zePSnqKWfoxLJzrRXT)*b^eUTq&9-|
zN0##`A4Iqmml8R>up%e?gduelPVD{*60h7Ff>I9B&c0!W8C3v~d*DV~VPBAaJTLkN
zTV;JQ4^~p_fFa*vd7>3*+2~O5au1reYAYhlt?usiyka0#*V`n{-jdIkk#y`Sm7g&l
zBbV`T2t;2+h@v&phyLZy($uz1*9^Lz!inE13jEdRQwsM&Gqhd<G*>DuBEfhbko!(`
zDMl|f$}$i|NJrsJW;Tq9MP!{R^S^IZyYZM9*n=W=y&Q{GPun$LgEn#bR*Z&-fl?|S
z>=SE}*(=?M>yOyFgC&Pq^xFfWQLuf^rZ14Ix?lbD4{fIni(YIooFO#S+gtR}?c@is
z1&6ixlf2f^oK1EP-klKX&6x<8H&_t%ye7J1K(D9b=FMsrE0MhO`tD>$^A-Vl$>TjK
z(lA<7h1Gy0TM@Bkfg0{iXMGL$J6Uq7etXM42r9TUJ?<-*;cec1d(<d$XF3zBBJ}*Y
zAys|@O(BeX>T-F5WI8f|F7UHK(Kk+YW%rC?%{WCCnZ`j}JBmKO$w<ArtV|%RbGx*u
z1{rw^T}8}9BCVMoLq;Zp&D)BbS-KG+s9B;lP~2iNvtcqb8Eh?(M&4S;WW^|>t6te`
zVzXE{fq4g*)G*l8QjDM?fDY1v1;x#;G#ey~wS43g^*d?&ZNT5VQ%=Q?&;{@tn`RKg
zi2}tCz5@u~stMnlzaIvN`i<gd#GoB!LRTXj8)WjbQC8%6!qYQ|umjYB&4c_h;>HJy
zTXusW)fJ7+<B(#f=SGC5JS;O(r2M}d4QzBBDBKfYM$a%EN=8XGIQebO6lKr7P@exz
ze4;WM^~U;q0iI!SQo?r5R=aEr*v05U=;@R2`aNjBhwK+T*$S>Pr1%~iG;DO!-Bzzs
znL^H4uwq%P!?dE9(6ZMzXB}}iUj~qyNxjDZ<@rjjMdpal$oD1k3Gj?5xrYSuKq&Pk
zO7Z4(bRAeT?Oj72NTtKgSjmG@x5@EZD&qnpu}X&$r&Hc(Yd#`uBxk|c)t`gAHA{R!
zmHJ2+JZF0HMWH*#s*|OX`vMjB!>5QL?D2rU7}k~-SX=6TPK*G+KQ?VnpcP0D@OHdS
zsKCN`<c?D<xZ{rcdVAt+tlrDl)Js!+y;nlLZ-sg<TfM69V#Npc92Z1drnsTH58?TR
z`HiF6U-X%TTu;?M&r>%At<_}BsA@87=Bu7geZTKZeUqnBoAi%Ea;?(eKz`cA+3?_8
zNY99{3HuZRf0tK8vAav5l5qshh$ht0K$7JMT+Jj@!*W<YH6tkogeZVMUrL5C#hJZL
zlda-Q?0`mhmrf3dP@kEGY!bsPNhx2kvPir8t!O>NrQ-hAu+51>4)NhpLOQn{papm#
zVh@#FK(ThtgB=j|C>9mJ)f@uM;dy2FRP#NgFbW4y)-gL6#%4@j%UJj$j6Yf-S!8U|
z8S!89ailRQ^Ce{+HA(uLG7s@N<U$UYz3fTGf>xIB<_ivX`q2drjnFW|qSU;V1C>+Y
z-o&3&N^~6G9hcM%I1et0cBsWB%8Tlw{eJOBgHd=|i=aZQpRuc|`w=x-bM-Tj{r!Ik
z_uo!DKfrIYt!+hhll9(2Kl}ocix3e5xN#KZESAx@uucD0%t*RP+2kyt1z7PAX$oq_
zMtCb#f>;}v)GidD8^g0N$z2WbOjhX_T;MGZ@TBj6_{#N63!03_70du1v0$-}@xl=@
z0HR%p4Ogz?HOwW8#3#l5!()<w?vpS-{oE^Hh9xieTa_F9KzN{8CBPA?8rx54m1d!s
zW<dEdK`Xql`?2ex6@s?UihzL{Fyw(QGqx8>D^*wl?={UJZGx^;!D&N72i;R}6(!UL
z4Z^oVXI~a)FoY~PTN-QBXpf--C?`E5<(eU6%q_=-hJg*kd{3K+>l$1db_@yJ8>HB(
zbufHH<!zV6Ym5MmN>*Fs&R+tQ&xUKGC)+`?Y2Y*PdaC-M*dYue+SK-<oAn#ZH1)Wd
zvK)_paHIW1Sh;cgm6nl>6@yNklH;{=yq|>&0>K~ehq(n?zXqT;Z(EaM!xc@hKc-{-
zXM^z`u>*>1T<Dx09PFdZ87!G!bhBxaNbtIQ8RHub=JB7$>yT%VU-FC|W<;>#b-dLW
z-O!(LmRV5-j7BJ+%=yDY0~_-$_YS@%>t24@;P9aj9=_slw1t_uM=M_UYw?(Shu-30
z)n=>&|9t?K2`}`M2gximkRmL{S^R1<OzLdwmd{<t@7>Amk7XCFVGBdZCP(W~Jd2$5
zLhdC0ARSZ1mBotMF4~<*7JaD1ve=ngh!YJs5ugDB22m~sG@E~56^hB_YsI{K!y>yi
zX6WDloZRSC)Xss9?N10M<o1ih1P7EiawU3zDmd@xvZ}FA68fGHhj!m9=FP-GPjh9N
zgJKe1IHqYF(u%`>m=-uf7y%YOGK0HN&)@@X1EsqV%I3%p4qIA?A6y=z01W-4fNB*F
z5U!y8*+x5RP(q8c%ix#VMqZRR@~IWK(iL=x4Lj|9gJs!nhFp)qn31i8kg*wL)L>U^
zq5xS_ST1qmpPE8f%c}*m$;X8ylY!(ZZoV%CI&|V8aW(xyb^dvp;martt~><T&-+B-
zfKe8|nGAeH-bd{rg&xk@38j&cm*~CYXkt3!4v{74LE}!z)foJ-{aQ4NJHk`R6<V>F
z6IZmk^EYgjO6)!q)~GGuZiQ7bLuqFxF|5R9_<HC2cj0r{DiB9D)u#+l#w63ENXI{O
z&VnJrj@jBiU>4|ot(a?S9`BdT>*yFAJp^X=5xE^5Ubv8-F+1k&_#hu0j-n)sqLc>8
z&@ywNq%XC4Wrr2788qUN<S~p-ph6&p4%tPZGnHDbp|`+8P`L*XK&ad%&`n$F0;oRb
z6{!FKU;#j-3n2YQ0P@G+mo5enMgR!QINb4V3W@9+!5|D$X3%ykfM-Zh4AV@XOf$Pj
zR_?x!4$$!hou+h4NEtB0FI}aoB~}&91wm6r06rG`b`YGu0oaX4yc=55mQZ7OBUH^+
zT$rj?{qh>9dS$(ayw16bN%HkxT#t$9cmgS}RWyEd4KM7W)*IoY?YtvbYPnG6=I619
zRm-g)Dk;`0RYe;k48w>;nji-Y-JiMNj--p&d$cgc`!W7UiBO*p7Z9CN##sF<SXcOU
zSKvn;+|_;%)Z^F{(oMUydoTqbqcu^F?yD&plCgla3JJ>w9a>Fo5>sQQ$|Ar`m1Tss
zeAK56d5v|Z7>iB&^ZDQGKvvA*0`%cPc)Y!cwvVv2FA3rZmr6tfgwcHhjM&9}tl%hp
zP)wCDhbTBIl|}^nF&Dk8rXY$}O5lnyB9T$55Xz1J$3XQ;x3m)&t!!>1gpq=u5-Dn$
zqb-&y;j9%C(VVesGpo+BVP@5aH;GSd^8C0&W;~|*zfDogrEz7hM&O$(HjML22o^^I
zWi%WGACarG6f8X2q#i=q%MA%++A5C@;~TZ^Y2Ok)i(%i2lLd4$tu%c4(7pJQC{(8m
z^V<>5K}3FI$&py4y+bOsftM(nR${r&(|%v*{X=bV%kozY?^NowuRm(npDX7RKqcXX
zQV(r0_4gb#X46GV3pGRk-}AdX5M479pI`QhBD9lU&az$y60i)X*F-}cGkSzmB-ZeZ
z3Fm8NaN?}28Dww-7n%l9FsVsB+&b=t87O+Leqdxn-#DmSvkbE-4h+cL{o~~2<FMt)
z37*&t%7=LcsqA))yRBUie6pzvf~}Drggvu8!%XVkXB7Yg6Cj*j(Kk5(mQ$D6q)&j|
zI>xK&rM}$iORYXbwCr9QcRSXDaK<Y_=mN&w>h#Q4SL;-#XSQ{^i-Oev7_jIQ76|i2
zli1%qS`*Ygm5pI;xPOyYmVE74+8rml!(Dt&5^8HDBJTp?97dKt*1{5o%~{eYlblR#
z^7V{HXb1g|%0Q5rxZ(d-wr$A%_f@t(4DJ6b%Jzr<+m!7OU$1OG(>?@=)svUm2uX{)
zlq|ks?52sZNJF<Hi%o**1kE72UO~k}h{H%oaIe)X=1*nt7V?akzhAtenvb5zA}&Fq
zyF2-8P&hejNOM!_rVo|8%fS5}0@gI&HPLQH90nX-zmp~9?e0$IE;P-QA!mUd1TkwH
z_MKV@H4Fse#{Is{zF4QEh}rneKOR#plfNx*nTj-6ILXO|uZ{xHdOPBo2A3QL8o;cs
zQ`)JzbS|4MbXZKeh@G7pcMRER!-Rgl`xpfQH6DyJhv7-$2~oHv`UrzjFEsjCI<!Y0
zcY>l1$cOJF|4(rUx|Ph;2-c^Sw8(()IwM1~sXl1JEiPEeTUM-U?@FWuYt_WnHi?vA
zYYw=t?)x5IeC=a<adCoCNo(*D2NEEbiBgsq9b`caOl?I@9@GjG5!wr&<pc>@Mb`M)
z?g=kJ2k@b;eBW&`-CnRn^B=Q-hHD}naOWp{o&S>?yC~S*0J=|os>FBGG!WwaLrkAT
z*b;1Q)7Os7)v4ojhYrD6n$S!d#gwB1&lCU6w;_>4t15e3@L2k^-sRuLGh9e)!_rZ^
z)S<gRRp-8EUPU^RQR@WNvf47H?rTy03EK!}uNDi&eaeP9(PCD%Wn&v3$g{!MkJ=&Z
z9#X<-epY{^vYPL${;a2dgTu?m$*84}>VJ%ka6A<)wGRCn<0$`O!-QyY=vB%;OwYJG
z^Ow3~k362#e%^k$H2*WFQq(L~-B~C3Lws3=Y1edwZbrw6&NdSWPwlf%{eH3CIrEsc
zt?xkXxS<0R+AjyKh$W+I>dtnIuCRee)~h4D%%{}|%A{Bz#j=)N^RX%<Hr@9p2Y&YU
zpoPU-4;G+=3PgT&;y$mP3FRRVVVN+e`xC(DpE82+1rmRXHUf+B1rGbebAN6&C6c3#
zp_3m7&%;UC%Fi%TAVv3GI5C@dbiaOB+vh(X3SRI>Z1=tt>(R(V^jSIo(U32kt%&9+
z9-`q7dF%->6B$;K2(oluqN(&~If*o2pXhLB?p8v19sP$ub_1Lx<o&heM{`W_?+}f&
z3T6Nc7)l*$ZP^C;D9+sm67C-0VVeI0hJ|r0TSPyKgL8-DI<JA`)kecfOlq_adHs9?
ze~>Ncj%SAQp4inJ9!rAwm}=m{S_W$FZ)oa%t<v!WAwe!x#GIYjZw~C6_96Xz5i9k~
zmkf&tNG}9$+Cv5V%%IQ%`R`DW?VPM?#^BssNJI`vGtkB3CUU%{MKHGqQXXf4AjoVQ
zDWPUVL?eQggp?&48wCM%Q8N6^{F8|WQ2MM~zn#2^0y{7m#fkn)?Z2#4u2csG^8N)2
z25NQr?=-L?_b*_cTk{Y1-K1%VQAPw!M+)>ULg^JkhlD<u9u)e%-79GZyuL8xz?o(_
zX1Y1<f$uZ%eID{04S9}q^V|*pTOKwaT1{_+Jjc6vR=I*aKNj~5gghrho)f)!W(9~$
zd>z&RoeG&|No}}WZ@nA*^<6vt<j%@`GPaM?s+n(wGN)C>FY4&wP=>9td?wFLsZo@%
zka5bK4Q0-#%#fsq4oSsit92D5JLi$)mSLvBOk5_P5SQeI{)XyY0C7H~7X)ew!?^^!
zL7KwvgzrV5Sjp(n24uXIy&TG1l0+9jej7v0I`&_BNp2s<b$^2mU0?r;+%NN(8Nv*(
z^U*jiJ2My`4e1-CiZJV<amLU%p;2#WoCOWR6m$&}X8JU=X*K{kSx$x%h7ljTt9b)>
zEf~d?8<xKYI?T_~Un1fLIW`r;-d)ISlI4DZ9J#+0_HBZn4v<fU^i83uQxOOt$(x>D
zoZJY#UIR%Dx~Y)9r4pi}QmA+&)<E4K-k#G_?yrP&F626Huns5}Z_nr{Fs_F5LP*bs
z+$Syf!2ok#NH2w4=ShbWq9f|`0pWuF91;UK9kLz@>16`8j8Z6;b(_)Gh&tBkN0o=3
znhEI<rSRhGr2arcu>#}>pAzIKLQp=fT%@xhJ)snI4jCEV3{Q_MrJ<)ndNQPMkgkYk
zK%MSXR3ZwTLYP=m>SLCEFC@$6#Zq(e!-2F|ksJSoLH}sEuaYkeQpH(;27zfq?~GMI
zJPQNF@SF=ZUkK@WrQm-KQR{19#wek=Nb$xb?2VZc1Ly%*c8x@r>OOrdq!*Mzs>|X2
ze7L_D(m9F0`(bBFw@07NqE~nUi-E4!ugGIzYHFYW9uEMI*2$%Tc&~cTUY!W9-XL{n
z@X7lOffhvI)2KI<hxC+EDmiPD$eHl;q*5q$I;68i{jD|1%O)V-GXlR=bGL6o=GHhM
zaBAwFalf;MXwIY=)2MgSC{H&e7$ze$K9(Ma;5mVXpU(O=igz+8INfj(`W%;3*S(y{
zTTIm%G39bEdpL)Xt2Rx9bjH&BW;O7249wS|%m-ZBL^>ME98n5A-w5}|@j3YRxmz&3
zK*5;~1;102I)ZgZ>FY@oGzj=eh|ojVFicJmUnq=bLwY=<`$IYv(o3PXv!V7w;rXd>
ze^B>ebs(e{!t=S1o(t(|vm8qRTlO=0O!aTdaU!O8XR|5`R_L&bTPQWPVlCraQj!SL
z>AZWwuFZmCSCMRM;wXrDUT{hG1$3^4>aT?KBB3hsi&`u4+XU~jUe)qjbo~}D^Fj9R
zs!7HZS}F2f&t%jnXQ=RMI)HyoaawWC=}T4AR+K|DH8=AKEz0#77iK*9A!so=q2M1?
zInpB`ouRyx+3LoA&Lp;G!pzz!MW)cC*Oiwhy+NwA21lbBLJcCtqzL)9Cqu4N$~9|@
zfQ30XMmQZ9;Z$IRS<eWPQ*G+&Fvtz&5-EX2odJdKyNUZ9t(5q1&80N^j4DyDsS?g*
z_N6&+>|H#E!``s5c}}^wJD#Y?XBA6ZA1w$vk(@k{<af(Cp)ka@-~8HHKh$zQq!(1%
zlxl0sohg$H7x8rgo0|4%A!`_34rMN}AF<6%?v~D2x)NT$g}c$%PLkLr6W7)X<bUm%
zx9g%(It(;}KNSSR)i!{4a_EXAP4Ao?2K{u%yN}f3C#}jZwcavWe?Ylt!{u1i+Al#9
zNOc8q#AJaO55$uDG0ge05MZHcYZupGc`(%cT3h7K!_t%qYt2l^cSso8(Z(W57sLJ5
zpGN|Q9B~YWulHbhK>KB{$ME;1m6!;HkxuB-%G&sMlK%I{T(`TCeMyo)vU1c5MOd)F
z5h)HOTC-s$F(fZ(b|c?KQoQZgOcHZ;#_yEIFe~^g$_s=GHgWC?PcQ2!Bj{>K-(qB_
zztmLm<V6u$TAD<^3`FzQzx@IO0@EQqK<ZDcZa3sytcJX%hFAm6OAC!UEM*{r{h%v=
z<vyg;sgM$>X7@88B|6a88q$3sy&A^i>2Uv6xF;^n$n|<ii7T}G{UMzS>6J7QH@Byb
z+cb6fvG7h#z5AUn{LUBj9XQJN>9p92mj(w^Sl8_1BzUn?c)f{?I4{H*Cv~EMoiu~^
zB2)sGblEMZ5F%|>07%beZZUgc1`r0c9V4v7ih^*EWD?DIz4}OMs7?g76KI6uw2%Pz
zehlj4t((?FcLIk@L_%81P9ICp3O>)zg!D~dvQQ!Zw2I{dOsa0#XmcSx(cBbq_;F5I
zX%9R3KurP~jIQd2^n#_d3-m7On)Gr=FOurqETsFli`jN73PTq!i3&vQxW$|ys@5%b
zoEjtn&GS>jl&3^S+x=UDCYDtiqY6;#6z?#hNYWW(4tDX7cL<NA#0whH7Pi51H!X0y
z+^3XQWP-!SE#D*r3ielQ6@Kl5zbI;&PC_R3Wm!{S51ALM4x$YW9F}EE2@f?$MeAmZ
z{?v4>y%;y!XQWzK8HZ#TWa_>NKB7pV;~Q39=m2z9H`GWptN}g2%0>z@!<n|qj-2G^
zeEPNnbK6j|m1Z+6pHX-VQy!F;mm2_tK3e)_07U4c-CxvuDk3Bjny!f~KldEZjb2F|
zl5ZE8LD+3f%vm47UM40sYo<G|Lj3{n3%Y@fONI9wH`<YksX{wakrj$xW5O>MqNfOD
zAvdMLLWW^cp1?4>c|hff7W3#S6*~5EMYLf}WQBOd;pCRZCUyL;A_~d|5!H%+?;vW&
z;}PaZHLHo=CRx>7011O=-N&MwamEHW4Ikp!6vV;2tD!|Gw^*?zrsR`Dy29LOXMY+W
z66|N`6pfJ|5gNthZJ9gPX1RP#fud}+>AsS$ad;gqXZ8PK?oHsS`nrelbIn5{4Jy=4
zii*1Tx~?k~SE!UyQW}(5W*IUxP-KXZDMTpqP?QiEq9jC#C=DtKnJSg2ylbCxslLzi
z`#rz^|9wB7_f_kjea_kA+H0-7_u6aigN%ECxLjb}hNni71?&-^<G^kNG9jZgv!M=X
zLzzQl-Bd;b$dZ7}yHyBg<@ifpk#+3$0Iz`k9n=YR3AjuKql$r1JR&CK`U8N>v593h
zd-D^rm`14L1+~D&04x-78&kF?KZfWCcj-s-?Rb<qFkTq@3Z`=S=nx4Da%ei(f1y*t
z!Kod?m)dBcVEvoLII2F-704MhLSyhfJ+w4}T24c%<Rs`-bR&XH9$-ub#Wir@BCxSR
zEQrP-2ymg88SLUy2;~8ITTbQ)2hSsKHK-D7kmJZfOMkpR__`lPShUFkV=e46;G`J9
zLu@p{_6XW+#Ff;bz5@va+CJP02|{Q#4V0I`mSzR0ep6FeeD(=nzWK)#Rt4X}g5qTH
zhQO{B>Q4|VNW6i10wfko1XPEhG4BH78*kLz#I_0sM*sML!@(NC&u=9mqhyqXXc}4(
zaIn9z=tDv$ZLz<yh~I!t7uKwT-*_g?)!5cj_?KM4T#Z*6%_PazgslTFRFBY`^P&fH
z;T25Dr*_(KOGS7_?0|qM0AY=)_V50&7j=BxJRCecBp$FV!dG-?Cd>sk=P>S}MocQJ
zV3!7r20RIs{O@repROSl5D+j30H9p}pj|HD9l$;!SYUtTU<LBdnhGN(l2eleh}()x
zQXZ5B#vmk-Ac%?Rf$(u+PX=+t86XtqAH<yScTq5{$E}~BepAJvN&kOU96mP$6$K0U
z8MTz?%)g4nDGq$rFxC>JtJ6dWv9aiArwDD_aj^@8hHVkzg)Gpy?m!JZ+l2U$?g5^|
z8ConbHQ+#^0{ou@ArmRSN_@v0z1{>roUqppYcS+a04j`)?2R)Z96r_;*j^W6Z2{~6
zOMvj;n=%arr_RG*1`h%bOc-Ej2Lohqa^Yi}enPxS(@&UoOqqU8M=69@){q~IZOs6a
z4?Mjb#(`UVqW7NYJz;$S`NO6@<S&PD67LD40HAktzB^zVbq@v`m4Fw-8PMwpk4Fj3
zBKye~{0U6sVcmzv5rKoWk&NO)2FS3_i<06(YnsSOq>#Y*78hJ-8VU@I&l?bPgET>t
z1N=fJF0zm<Y>S}1IpD}MP$w3$cg6P>z~Y51A3z%8>j=C`JR&Cufq@?>%8Oeq3I>yK
z#z!0i$-zMePy>N>*wo@?3F`pI!?uMB>trqGVR6C;1Glut*i0@1pWlYwMY|#R{vrm*
zfWh7lOumpx8i{aRfS?{Ho`66DBOJ7xLv_aG3&;c@MI;8oN!Xvf3R%4Yk;20bC!CVF
zF+r#!vSq|ijGnwDs>8*NPr=!!e~+=eM2@3u+1&%lc>a38dIy%e_!CZaGyqcLpxv4P
zB%l6B1i1*F<p1}_>P($c1x8kcbmD@^!(<4Iw%8kd=n3o?AZyyG50(-Azy;C_buSkh
z)nR(^-~EFY3_-&Mgamj6;EyE0#YP805GN-OSeZbSR=DBf<>%+Z_1(De(gflJA6I<G
z1C2BwV9-VZ(MXm6yqyy1XfxoC=UtPcp3tKs+yaepK$ozk2BFW#pCfbO(W&RS?3jAq
zj<FCgc$1J89^Ze2Go=ALut$oYyG2R|)5eL3YHXLd$V@;6?5gphag#z+2IvOuNuB`a
z`e$?)^-)$Z&Y)_8E(~MIuy+^mQ@()cputCoJm;c3(GDM6=s<jUz7lx8P%Ee{ij7Ui
zCZpKE5-9eX$=K2m8|Nn|6Ev}t;t>^(i$^Iw7B@0w<^u;C*gFKPTaYPtkc|S2-!KZp
zxC~UFfmWcL$aGN%5iL%3@Cc6xf(9W8P3&OPd(s#W@|PtfG4L0GDv)V#A}2Td164>w
zKsUp7pEWuo4Td2y4+l7&0~>O~b_z(q`K%MfjR<}NYijfcjJl8!7J7Z0g+A2g?G5(S
zf>LNUgDkvY2881U>^Vh5=Ob)_SU?u@$oLJ;L&VDheusjIry$R)(Sb%ljc76r(ZS*x
zMjB*w4d_I6k;tM-9qeRLCAoEAxP=K3kQOqKMRbDNiCTclLX%8&F0hrw=SFyR!u$$M
zQ&35OZ%!K+QXw%rCEA6-%Yly&aDd@0o)a?t#LwKLAayCx3fKn)!xUr*2dGD8Trf_7
zSb|5$h!nn-j2a4Uf#VaA`xH@E5_AO68L}M&7afSg4;+WyVyxwCK?oBC!WI<G($Vk+
zhBRQ026mu`I&pCa1y0(5;`sqv!6F%|MU2ISYygP>f`NTX+yKX4r^Io?oQPYU^v8#;
z@vU4anV9%MBmbEA{N5l%GT^uVbskcf!{I*O-g)9kVGbgYgsLH;guci^{DT_cQiq#^
z3;mI}K<dIXT;_0ba-nVQ-%})f03g0^2Wk`Cc?q{IKqgIq(n;%(S8VZ*pAC$$h)+}F
zwph^VxrBg%xflEOpQa9o^&kqAiE{(ExFTVO=4t=>6fxXy$&T-f;G6JJ0vc-wlLXw*
zgTOan40RpuI}uC5CK13!11G)#zy}9Na&u#V4AgEQ1SEbYXNdSFBn;#*fDl37KgSX<
zsrX}L!F&4jpHJ8cf7kdQV-YSvPm=_@x&Agj2?GuzEQCNcvJ+$gakd+NWdD?H5VVar
z+l>R!6Eu`V4J~}UfCa%YW*X7mK!x8hG=pRt1>vSxKo65PLZI>9kH`ZV)Nr!!51DgL
zeaM`1@<Zk@m@Fcp%)LqYm<oBKEh(Tan4Q4!XhaT1f8Y&&4yIBl=R-($Mnbp-UgVvc
ze58W+FR|+eq61n8E_Cet;Jgf!&hfvg5#U758m$t5hmn*=ntP%$$B4vW6vgs82N7i9
z9v1l0#A9S%1Z#gdF%S*lFutL&;P)5Wp;T{ZDD*Y1-Y3EKHsm8>y$FM;KTMe+F)aTU
zVfZu=<R6ST_$S<vXBP*n0cHm{#c?2g!|y5uz)RF1Ulb__RSHG{R4EPO`5L%DrI=*A
zQWS^;Q%h7Y6L<j?!N<+usd|Bf2T?D|RK4KcAN7Js`XA)afn4p8Y!URCvQ5U9V_-`%
z^&wW6JWe@;!FgMtMna~H2&phwAgu%k3wI6%CV&M4ZkGmcAdH*c%mUKmVi5*HEE13k
zH(|gBgE4NQj?8bs=Lg*(=O(zo2UyWX7B28^4RJ>%?$C!?;h`LHk%q5Az<3M8EdZjq
z$sm-7@6&>0W)}`eSaGPKs=#1_6p$P?(*-f~N5cPrypXz>Lxds4laBOr_~}!8$MB2D
zPAL-l3L4Nf5lQi{NW@#D#z1o=WEu#xj2j1{&-!q)eu16fW-=T$!p1z{3?l>1!TJv_
z&{9Ao5Cs^BoBtO2V9-f|j)CbLtO^j)0kzOfgnf7dFVJ!Ug9c%^{WsjB?+O7S!GaMf
zY*9oM19Cv_24wV6F;E|%Wx{%V{?8h|is#9R(8B7$Z=^U_weV?MXoWXih%+l#JqhTm
zw1`hRfx&T)Ba&eKq(LPR3Yfs+0tvVVH(7*AOoJ>&Gohn!12<H4!Xy?^FRBzS0?-f$
zq|JpY09AnakP6&B;YVaA44fdDfWX04@ek)Rh!0kgQ;HU}rm93W##o~XP-9><@S{K#
zMjvm$9f!Ol3CE$S$|KC+Naw(1KZ_)2fg^-y34!$5EU5e3f1sT`*5a5KA$n#O845(~
z0SVyAG&Eu6V^>}T1{I<TdFSyeaAOF0e-=hq4*y-)e_=ZeosL`vrwZdlg#jN<7Ixu3
z7Dfyje;4*|k9FlhG>5P}RT$D*LAOj5mhc}7`#;#S#Q#{>|G}0e|J%Z@{7vmd<C6ZO
zk^kInY%+&r&~JZr9!}0^yg<~Bv5E<T9-boT_P+?am`%{!liWB((3}K8V}k!r)wk#W
zbA5^a{2RajnNt72??31jAFx3b<I?0m;x{RZ5E$Ta$@Z^ABOWfbCh>c9uJC_vj0v*j
zAuJXMLQ#VK2&5x{eNI>cKgSObg^3g*pHB1~`VVzHOy}AOxeW>mbczoeUx5W{Nkq%g
zFG>X|YGKEelT`^Tnn{*Kv{T8+CLR!+aC?VS2tQj2KJx^Wgr2dwE<l-GFs7goYrY5%
zTHyJ{!^3`5kzeR_4~bQq$-M~sT__aGf!?ur*g9QqDemb){CpTU{E;}gIk~xDWP6Ab
zp%r^O9)M%DI`II!>cInWV%9Jofb$)|t)2bN9<(S8fKNie1->eW4jqS(z$PhfaVco~
z2&yZr0>#nT%ZWZi0vLpUWbPb@1_xSVa6TvQ)&-_$5dQ~Sz(U*eK!U+mJ3<QX(1Rn=
z8^#TUP+z#Rz=n?1ex92(8;!)1zF!$6WGEbfk1t@i2AT^PQ}H1hjnwdp-6g^7oWk()
zZ7>$jpvVaTA932*1cVnhOhPkfSiOQG7_AdvCnO%FhHDD@8i}p~puJ~bli1f7*dRf6
z4EW0i)G|m^i#qBdF<L`gayX!O+KF4hAaWJMi-pf|<JUa=ijWHncKE&sc#R=igQgV2
z7>wqHFqcF~sYDTBScHR1@%uZll4W(`8N=2wDgrGrk^9-?s0i8|#2APS;RQ@2VGo#)
zf{-1mHRRR+>knu>iUwDxJ(@+J7a2$i0M~YQu`TEd5gu~Dlm?FaBPbSJN<cY;R@dIh
zj0;o2;Jb&g=?gxwm=cDjb}-S$m*Wr(d5Yt4kHKZRHJn`p9)=j&C!Pkg4mh0(BZ!(4
z_z3-jnSw0Z$b$1Ai3L46@E^JvmWT*8i^JC#Aq_0z*`BmO0pR|LJYpaOpJhaq0}~5y
zu0eCkCFn71n<16GAi5xr5V#;`I+QIBXok>bGo)Dts&KR=gyE@y{=l#l>}gSL*e!$F
zLZyJv`B<_DP;EdxjatBoYQ7vf$wF?R^MK8<KY5h{z4j+61@lliGzPXiIAOyB*B-)p
z7xaZ(JUkdItwFmDd%c9F3g*R2;e;n#U$Go0nRqFKrhPb4mlF?`;*(&MZW&q;L;Da(
zAdNSs4efmm+GOOzI}iEQvC+&8D@2>=93%|&J<^a?;(d?odXZZEIrKbk#);H4Kud@!
z1E9Czj9SF}T(GYTYz*I#hRsFvjW|F9kStif0gJ=B2h=zqM$u9Ywz*I`bnlC1>hhQj
ziYt%FLQ-gh3MPYM;Vnc?0E8-f1tLgbKG<%?`Kt?M1^cVeDS=Qvm@~oBA6%$F;vy3+
zXtIrn9~3K(f$=8LHL5Ip;&Jli3%Cb!Pc~)21^=Sy6pbuLMoY+F1Bq`W#Cb&`Aum}t
zq6`_zK&Egi?rIE{HHa4|WFF{bF4lEWpCC6IKnbX`PzP`#Qw5YOL8{<_g);FbErQ(T
zG4wSa97XOZ52B$&wnB@5GNr&Pip+CZh%_H{F42e3bzZRTi^v^sGY7;2eJ4&JOA+$O
z+%_mPVaNaz#3>wSJ3d&`u)7&$1l)lWG2U=soT-Mx890yyF{c;8NgFky6YzkL%EQL!
zAp)UB2%o4yX8#G1=w$Fe5h;&tArL9cu@TW0a{oZ3uEv(I8wwetQ%AYfP@~XexIjEW
zD&Ale8L4QwSQUVDK@m?jHlP&Hqx=iT4G_Zd6Ri=#<*}Vo;ARhbA{wNV`Jl}>1}96w
z>jEni=s~<7yeFA#!oqQY&X>otWTMj=KnkH_|F~FnP#G|b#)<lv5L6jji8u}f5L;d#
z5yzH<tQLsPk5?VzM8W`B!$I{Bm3t%BgHZ%b6xhAN^?NrGe-i*P2+tv36av2hezx-$
z+=7!g8fAk)bd&LFN+7bty}xj#0Zu2l25nIiiV!Ftm;f9SA%OcK^2ou~Ae-C}Gs9Au
zbeJG&uwek%NXBfyxg5%x1#jUZf;@7Or~}M!gP6tpZVBv=1N91l<V8A8t|`|y=x}g-
z<6>nJC_|CJ(vEOLpLCC#j1vLo_ynSOA>O|eSBU2bF$HEPoQPCfaFGMy79<h=RaBuG
z!(r^WeG4Fc83&vQ{J$ZVz=j0xmXUuEOCWXe^JlnN;JSu{7*qyU54hJ2C*k%FPq<(U
z67M()dIkO__~0Iit|&h4<N`IO1B&6Ek9E?U3we{n_8tI!MiM(?Xi*X#<b%h+E#HH<
zSfV1PNI8roFD_xx{v}TPKpQAKUl7spoY3_U24T*JvmJVjx*KOa5a3)$ZQu*;oapRG
z{05w={&1F?WsM@B9H9!}c!Q_=jZx?c_G}1V=iu!EyDYd86OKw00v#ZGaA8lC*b^HV
zUijd1DUcrZ8X0M>U@k}8Nuw~#f6yD*srd{z>Hq>+K#2JCw3w5HNRt~T(u7hC=I~Hc
zbPTmL#A2&lVA22o)Pihse)>OOK>pudkWJS2zgduVaBxj7$YALOMkM%#33NQr4kr>D
zvXde7U@klWYJtP92qo2&qKD9K{@zppO`Qk~mcS;{kaWORR4^8!B?^e!DJ>N&-}t1E
z)(yo)VaOb9hXDD5nHfa>BgK5QEdnu+P76%FfSV>0K`G?PM5xNstVQ(UGK|)V((nSf
zY#O@zJ3nGf<r9HZvS3sPmPULoON4Q|K{>P=1d2(-l0d7Z8L*+lLNj+<4T+9SLnj&G
z3zxiTeC3O)_|Ta<qr^g{nww`5x#$WAMh>t9O|ZR`=c08P;Q%|e2Z4}>7lf4Lz!wOE
zgf$Jvq`DCh1lo4CCK4$xai3&d2MIz5^mu4>0=h?-f{}2QBs>K@AHGq+eoZ3ulQ3qp
zHI7J`kFNzl2|#E>LCX*7cL)O_<sd8zK`0q?>8OY3A_qY5kYH7T)LwufBzxGJQ<x!u
zhELts+uOSmgb+GC3Az?pG(%QMBtZ(8ma-~y;2sUJNP-|#qmIY*XP}ovYE38=x)VMI
zNOUJ?^Kqh@jDvc0G7gfB?4}^yKdRFd?GbT)6CNluU@r%v<H`gzcCNUR;4c*j^gk$3
zK><RHPEbn?B8(qsx)J&X4(|Z16E68d(1QIBA)*1<=pnQZCWfF!z&+YwWI$pVSF^%a
z9Nye5Z~+|XqH;)+&4k@4f(O{B__LXll{O#};&mgChq&#JCW!2qTvzAC5Q-V-Batjv
zRs)6h5EP4t1BlnZX`2I0F!5u$KmrGGOe%RnIuNuwDHAx5Odvyr057lyM92g($_LnK
z(WK&OE}~(gu|TtU&!c|%-8Uc-ATgZ3H6<6IduA;{*ua&ph%ljTvv6H8iU==2iVzwc
zKpL<qbS1Heg7YvQX7lhr)ZCC0fqzcm4T5*stw&g4V}gt}<cJf(ervE0y9+jxes45@
z_MQa$126!i)`PYM2}aNX{iWSxZ#?`%13o1fK{P^qNCkp!QUQ){Jrjfp+2T?0Ui~`~
zG#PCa0YTw=NB^C2P9z7Gu)p^pkO*V5DZYhEXxA(LP0P^y0W}HdN)pk%Q~MG`_d=!d
z?uE%6;%L0OTx@|4Yf#iGqE|s5gQOUevm6kHn1oUhM;fkYM0S|}+?GJNV0Re4k;3sW
z9Ycb#3Z@Js!B<ms3j1$F$4t^G9B#)R#Yng{4WdUls}0dE3E3K<-or<WDcYUvHiCAc
zuBd8w<M{BA1T`B58Fp_=6R%*yj@_F;qA131B_lf`n1`eO<YPxec_48?B6=GJ9D>e~
zt`eCY|4Sygv;voVA`>Fo?@aK0Bl_f9BtB6k@SJ|L7P}jn|BQy$1ZRjCV$+2ffpAn2
zdu;drrVv~d5EKF@K;m-y9~AO`ZRd);ZS*(E6C(^xErS1O3QjHm|A~D{lKn;SK)I9D
z4)W-KMC~BU*u*}y3HOlb4Dx?P_=22ZK`a=VMOuI%gCxOV4tdJ(|K-1r|J#4~fdv2M
z&rIT|0^)ZuCnp`uZ8ZKU)4L+6!aFgn!aEdWrJUjt>{7EccQM8&RGI=^k)gy?Ha0Oe
zxA4R;jJ%D6?I)42U;rm`3tMwjmzBGWZC%YZotzw;Fl;Zx@n*lD24M~W<`xq8%91ep
zRua|)?^@v*%EQ9WWik)U93^+g__^SrmaVa+GiGV!a>&(WrKyA6Di?DXCu0|LTVoUF
zRgO*$?jG`P#?E%~mJagHW;VnV^k9{XhoiYOW@l_=k8$yBwz4<Ftn7~%+gh2KI5^l^
z*}K4hCIFQIKMFMXVbERS7XcIfP#Ne~frfsGSB@@D7Pbz?@C?5&=ujO;TXXlR0F}mc
zc5$+@w{*34HnuQdsp|k~&7DjS8QbFl3u9Ar$i&&!%GBK0$;sHm!qwi?&e#zWxthAz
zpgLj*uOfig0>IIqc-;xjVWSnt>qGW?K8R2H1Fs05C@mMJWA1Xu!3<jurE6F@ZFRNN
zvNE?dbG5fZm9{g7nwhO8J6n00lN~I`2wRX619uk^CJt9r={54?HS#Dx#(!j&;g{w6
z4EGrlRVE)jPF5iwpK2W3Prle}?!hLB)np4)Fd3R>?oM`abwTAh8QWXp1@7Y{VT+)=
zsmP|r_Vx}gWIJOUbMkWZw-c{i0K_Bz9naPl&xuWV2tg~!4)#zE-pzO_b?9q#4;ORi
z^+Z=`Ld$V9XrYdrDiiOKe_z2L|EwR;!~Z@q)K8X+1WO?d+k{%X$=*fwFUDB55+0d5
zAwpP9cC|NmcXV)qet`H!kZuV|=e*U*c8j^aj<Mqogd;sfENjR(TdmUvOzY#c#U`z(
z7C@6-&B<2IWQ03oGczZ1XJ=y*TXU=&@<sSXnDI1sav*Y=N@r?JU=h70UO`+$gT=s~
zOl}eu3A{=0<4XLZhZ8u#+dJ9s|D?hF@C?x)N{eC60Eo0q9n7G&x$s(I7@q~s)F#Ge
zcqaia$%vJVod78oPUi4C*@un<2SF}jkl$>$I+;U_9ZdfvN*=tQ3-8(VWoK^Z;N(H%
z3JeLjmM3lyQt(nywaCWK&gM=oWD8>}TXQo<U{lDLeQ|OH8DVEm##_CbY;R>tX4i&n
zW)AoRum?7FcDAy#N8ChqaUjFR$pbY9#RkUySCS_v?N26P%L=@oR}t7<O|~_+|BF);
zX^K>uB7>%=02e9>C@~?VpiF@vRT+P*ti(Vs=u9RJy`$0TR672eMx!WEP(lWkqClip
zpeRz6h&-r}Hxr~fimJq*DJv+`@$3|sR60XhiH2uNRi-E@(3uPcJZmVAp+r}pGVuKA
zN(`og5>=5&!waD)FzHmLqLMO|f>)GERi;stX-s8BMG9VNMP&ws&Y;tkl-TvBDKjZF
z1sWt&Vh~NC(v>MxDg%;2W<;};=!z6YCIu2JLqxn93QEvQWeOyxGpNe!#xfZ+23-*{
zpeaz46^V8$D^MYOMJ0%)NLOMKD4;{b7$C8g6evnc3d(GZLOqxY6b4;^p{T%QC^Mkm
zI1Zt$R7C|El}TeL10tw&0!gURN(=@?nW{hslu(pt1iom{dIiV`4VVfFPzwgs0QCx$
zt_b}FIEP{w45$i|!XVJ7L{n0P3NxsHJq0>VQJJEkKwwmXp`fI!#AHG*DpQrHG-X99
z6iFbLNo6WCmFdv0bVa5jgRZ0qr4o2nrYO^u=}Hu;k`fK@PlHUTiWGum=zs^hl7b?I
z$z(uZP$3sZrAb1f(UcUFpobOdbOpc%;2e+!l_NTWN>yMmQI9LppobWMe!w2&%_ciV
z29vG;O<*!8O!!9yqETirm6h4VNMq7zRA>hsa0CA+Kt^;Xovy6JCQ&N9rZAy)fFcTw
zLIJ{3qSI(}rXrhim8cX&I#duaMWIqCKxs@RDwRg3L466HP*kKTK^+moD2fyyJ!J(&
zU<@ks1G_Volo$$7PoQ)Pg{Fvzk)Z@>p(g;9IPo)?OsW#lG1Lp@J&J$@1qDc~sGtCJ
zOLQ@vPNy&tX)~b^AUcE$NKIoflxWan1P=o1(dj_$KwiKc3J4`Ay@CP|1e47_R4SDM
z#808o5ict;6ag_P2k2xbMVZ28D@C9iDix#vVq_&IO^HH-UIVUEfar>JHnY)ysT83n
zfzT1@QUPhueH7?<h!1JlEJy`bgBB|RN#UdnxC2fCb_5!N{soCZkO|N_lL-<5Q4Nqb
z>U1D6kP6TqploP0!LLC4%Fs?AOe7i*1p_qz>oS3Xl$an%6xdu$1t|jP0Wt+@!U-Cr
z6bJ}9u#|!_NEu)kg1MOxVnB36SU7nrAwpyTDNvvsC`N(7W_b|$@Tb>h^uVf?CKkXU
z!I#t;I#v*}pR8WyH9hL&3~t}<*m&b>&Kco33wMmY*5~OyP+9%`V%UzN^Xc#0_kP%L
z@krjte$%*!=5pDvpt+y>rL+fQ6n=O!{Re3-S6;5l$bP=8LRBT1XIYl&jJ;1(!k_4k
z4D#NUPT5m;PkYqdT->6-AZpWBd7<H39)?FM)?M;?eWm2NvxkVBT>FTgL*toOv3q;1
zdN!ZAAkOO%$$h(UMN<1Y-#0I9PrccA{=3%U6h`gV!X+2x@GTY>|5+4sR!770&D(F}
z>D^z3DZiY&-1Dr1?LrhYw;xcDFDu)Y7`^}W5Z|>^Gv6tCyUXP+-f-)>#fqSp)P}2z
zbn8{N9LdqAkjLi)t*sDWE?utuDniU=P0!8exk6Vj(R1x2+uUEA-fYsN_w-P1w_327
zlb=nNg2URwE&f$=7jD1$bNV5kD6BsC?ETD7FD;gcmx*$0EUElCG_2CHd$Z9uO5tXb
zolDHGs3WPq@&}lTWtT6q0?w^Fq0-WrdehbKRL&Nj9es+8hT4JZO%eQ&k3I~ocfR&I
z$+Iyk@Z_lA_q*>t%o15Rf73km@ej#gx4OA?E}h?!W^^G@bj+fzKuSL<CXXEWka=pu
z`C{y6o}#|tLHh#zQ>OXB2b{?lC4I8!-vSqXFuC<&6(cO;Zr9>gl52l&>d_UgrRxhs
zzu7aEEV{37ZG*guxqeojO`L$Qy;W)D#n{on^1haMp4&o8>elx;@>Cv?vtJ^hvGJqq
z?gQ50JY3AW4zt~U%O6C4>i@!}#K&E8OLX0UjH~ypm4_5+G_?J`*_=Pyb2vQdgXE&l
zaqGeBo|jJ;Q2qC5M3^mWFX8Sp+Oy^2m7j;4W*3(!ge>!yzUlBvbN*V+rupx7b&h(p
z6h2PPwxRHt+<q8pJJ&5HFlA$CwBIfNl8<+;`@f9*mHlA8!kUciWy@9;cFq!%^a`pR
zPF%7{u;l6U!@*B=x(-|!?&oz750Mqw8FE$EIN|G4xt{ylm-1<|dJlIr@0VK5CqXT@
z=f0YlLzM~S8OhoxU|MEZR}*(n?3ZIUUw-SehEh5H<L)PKCal$Yk{WWC&*)3(lC2+x
zBTi`zpWgcEt3dIm<yRLi9bhgtuuXq`r9jBy>X-Rh4zj#*_8T7Q420Dto_(rYr|IF_
zk<xG~N%lqw??>V8HRsQpi#B>)u5~iW+%%xKVA}DYzoKs+Z15B=of+TLvt--zTjf9U
z-6nE+cLp1u%XiD?XM9`Rl$9tZZ9R1JOG2w;FsG}KPt-lhTn!spXYS2Q95k9AzV-Z0
z>lax6-SX{Lx4YIpCXM|URMQ_sd}GB+wI0!w9w+rw3D3Cg?z&^W&6$>610EcgK4)gR
z+XT)O@Oh%Kiyq9<jL~b|Rbvy=uz1=N8`jXdUF8{P`iuO^E964!Yi8Im`Uf(fe5TE6
z`*u`WRpJB3rR$M;4SA|h8@@c_-S#%s=S=6#Llg0#!fMwa-Iv-QDxGW4lf1C%CO@CZ
z;_|52rwm)Ab7#_NveN`wvgOAoLNzv=zG1svl@>bf{+#dMC$7(qefQ>VxTV+A^tD%1
zet3oDE_`@4-i`IDX~u(C?eWBs7#WRxpVk>|>vyTCNsis4dQqcZI4!ZU=u?#4xZ{U}
z*U-A-XPO4NG4u7bXBH}52eLyXa!*<Fs;z4&4^z`lVC=eP+J5d5S5KOT+ulQ4rQW!1
zTj$TH=f3oC_UywPZ?g94y%oyjT<2e>v2U-CPn<qgcK`OrReq7b1Uw9S&Uv>kh<z&R
z>y)8fu5;erq_Fdh#YCuBYN%+f{Gzo2<8Nc+)h3(`8)F3%ZqY5?9SiZ22=F>I=Iy=p
z&WGC*3niQq7h5NCC?}ImZdhEKkh#3oKSyK3djI<wB_>$n#K+B2nQgP@&FUS`ELdw)
zt?K4*<9=FhXwKn;$BT5B1;YCEQpZGMuZuO_*=TK~m8`e?#EJ_$y^<10U+vU?)N8mr
zTRGktxy_g3b}XOX_%Hn#=f;%hd73U+PpzzzDLIj?ujmnwXmD#VV(sut1Ny2U{o9*w
zm=-Cz9$Okc$AL6Hkd=S&(wZec;o^Cv&+Be`WX?XIRUb6C*i9<F@BV^${ech01P_Y2
z9yt@09DdYdp=H1K_eO@H=&XUUO-1w7-h0cuE;{8qGG|YQheWqXKv-UJ|FuWW23M5$
z8>pePvkIQSOJC^6I~03bQ1#cfxR%!uo#)am?^|P*jg4imI;HLQ%azu4mZ=+ItmG#_
zbL|71zx9q8*y*{eo!iuK<zk?<u4{_&)s2Uu!@lhEdd3;8zT-ZRubn*UfTu@nXn>E(
z<FuoE-L>u~zqGe`UC%NT2ndVQUNHXTHLdBvL8DeL9{sqa!B6{_KJZHJRM~%e!N$JI
zjajQk94cSkZ`Zz_w)C0w$7hi$AA|CC{|J#ZdT78`^n`Ei-6Ojj3k^L)*PODiGn=+K
z_{h$IlhQZD#Og2c|2*DgxGFO9&?UP|FP<N--*U`wy`swZ#~gzEg0puT{<>;6Uz>FI
z=$+ST-Am8z9J?sapB&FBj8lvgNp#HXEv_-ye4n$~lvG{WQWGp8Z8<90WT<ZXveRQ!
z<44=MBWf4A)W3-Sn7t>4v1?q15h+rY5OGcH=st&acUE}5UVk(4lX`s9pj<3>`rdv0
zwsoK5&+Ga4EO(!%(WN@c@Rd<~%Vf=@6?avPrj%`^YWJ_{?vE{JypD1c_h&phaAl^J
zaHOie@1CRjZ)AN>e~pb1n|ZS-uzS_BzWEB>OI<2Yyx9GI(UBp;+U8-^Z7~~}4t>#K
znR+&^p1cFXrsaEi1XFJnM9S8P?%CAyc--#eJ)Oo6ulGMK&2E!FY*yCwHGbGg;q3LM
ztY{sNvt|7W^gD9O-g!wr`ahD|hWjn=vc9-&NP4c}bR*%8-<%O6@lD^e<hlY|8>Q~L
z%1Tg`O)eC*DjDVkow8v>&`gitTYYLt{b`rB^Hffb_zA-+x6BTIyZAW6@5fIc4j->C
zPd}9D-0<Vm%Q*T|y4v)W(?bjSWRr|K%VxU;-}YRr-=J=ED`jowOK%^(cP_)H%b)IW
z{~&Z$Z;o+F(86$AnU!IdyDYXl_U!X`P^i~&xm}_J`}&Heb@-``cZzIt!}OFM@6YEe
z&Od1KOL}mP$6NG)l=1NKt3NA!GHOpA<RkC)w(+nv6knU4(ma-@!tKJKysbB#PpuhD
ztB#L9!!twUM@RV&qcXRwu#svF`Hi#n$HNCzZsyExE%-R1EukYn`-Qmc-OoYt+%v>t
z4Na5W_qLcc7Y+})YqjpLpdYK9b2xC^uPbM{Sd0LDC`o7Sm3NAUEz@&6rziS(NAV{&
z>@o6j2^8HuuURXjvt;vqRYzvZqZMsAiGBvnF}+PMWV9~xm>%V6SiIBCXX2cCYrfc)
zT9x^H6>`h;&AbXDv@c2?EU6>c4Z1m7uU*&`KX}UNXu*k{>%J@xF!75BS)a9dTb%L5
z-m}*fmycUAueC(>zrn`1&8Q2jN4}q|dCB$S@maN7J}*yv{?1%8V@;4|%f@`&Z0YC&
zj?4`~vjwm0=D+Yl`bn<Jkzk&AgU`-BebVhM(3ZNT`@UF8Q%lCE|CWV|9&Bk!Ja9|$
zET_QZubB%ituS)+h9fJ?9eo@8U0R$wS=h+a{$(nvHO;SDYJI~Dc3_7^4vp|Px!n^J
z7*8!2v`{-c>(t?fD*c-Y4IWJteYK74TRzrQ#I{DfS(tP3n6>WS=}Ec8tFU@zhm6=I
ziPK%fGx(mSsZ{>tY5o{rXPPEyH%B`(Oq)^`ptVxt=P!R6*Vd3daVysyncW|+eevfq
z)zhy(4ylzqcsyT5<Hg-$BO&kh46b-2dpqDYC2HrlMuT~jQJ2zFH{HJkuX_<0N4mOj
z4P%G(+xJgsl#p4gZ{LoSsjq&g@jN+L^;Ujtz{i`FqX$-tWH0M3N}nxk^d<WJaN*aD
zEwf!-rq1XPExvYZQLY(%-zM=HyM&*d6SH{rf!<$^Jr&BYi@Lw0v@y{pLOp#@ZQFLk
zwc{#7R#pC5#iHAn&$yggFl|i0hU@w=gLm0ZC4Hyg4{vz>uIi2O{BNPVgssdi7Y*!*
zNOJCo=p4B&r&qo1w$&j@ae!`f@!U_H<1<&^o2$-R;H>ZD<Gk&B@K_Ar_lx0=x|{m8
zn&~bsyQ*BFU8MC*^OaAk$#H4hoDQF&5L$3akd0HiVPkal=0G!Zn(C@dd!B7GzMMQ(
za51~=*RSbE^#p1!={sGzVC?sVaqwWToC{CcX;*(u($ATGTuMcYnKL%Zz2DIr&H53O
zewQm%&TsbKZ%OHwe{5IrdNeNezQb83ChpG0cWY;!9y(R>p|km+(Yo7To*fi2u*klg
zu{4&K`}<ky^+!b_gR0RDI~=_>X}Nv;xv-`?vbU*pLLqHvAgHhK*W(MqKR+6`CRT>p
z^sY=b`&D~N@0fi_-Mu{Ln#-PzKi3{LJtQt*RrY-=-~O~|$>luq>lSTKGoBM~BJjCs
z+a~*s#b>R$g~!CJ#~OyJFLwm)UHY;5WyI*4&k~)kd$pEDj}{$SZL`0_E@rX8%#Y`<
zmwq*$#qX!EBd}a<rNO}QBx@J1JwcY0X)6YwOYAP#no^Z9Bvz!x+}II0vkNrrI-kQo
zyy()^nlD-+CRzKvgq-JQF?&IGTT*n-N>Rz@F0&d1j2_U2{G<<@E7>JIGd%XBP_g$!
zRz~iP8&<Xh=f6(87I|k>(JDG`@!Q*`BMZh<&(?*;pTC<u^yTceWBF;Lp_H=gK0gbi
zZJhI8b{IbVdi_{VQr9iBV_FYi*krC&_Z)s;(>48TxscqYGc|hmn`3Nm`z3^5Upb>l
zJGUs~C~w8R!#x^qMxL!^3GGgsa?RQ#Hp~dpK4!~((8Ry#Li<{wu9#MN!wdInzOK%!
zuG)H5L~=sggMP}xy&&*$iSl-X<xZ~}>y18ct`}kW$_AJZ7HmCV^{aSb!LP{mskFXd
z%S@!!I<J$-Ok3+2*?4e=>fYmuJbeDe%K|JKBu;)?+LZUainlIfDSf&3glY1PVU8CO
z*8_j-pxmY#P29TwCTD$%J2|J+^4LcfQ&sMV(3ULU&5@g1D+d_Me9|u@%y`vee!%0R
z05#M1v*|gGyRCDyCvJ#o=^TG-K731Y{a4McAr+4rH|wrUQJoV_>Wh8y`tT~hssmlh
zXPYjJpERr7vUh8#jPnu00LSW6o|ldfJB*67j`CWs)?Zq3F8K7;=pcr^z_&oIz`m=p
zg+oi<l&<vcYjDZYT+!We?Q(YBv%Z9IQS5$@po+u&ZCW;0YQr^@#MDad8~N)?--_`(
z^DLUpEh%Cxpx#iH^*q5pY)`lRVo~i=TA7K3eVJ7|$99K)&yIdB6%(<+%zWqP-ckAM
z-*(-KSaHIAPuYoOj?!-5U+pc_U(>Pm!*0gVyqY6@<3S%6+X#kBy&K@PNphRjJ$7ZF
zUo(V}eX#e=>42y`7jHhBRq$ahM}5bP3wo|Uzi|`<%u8OHSXH*;$;pi7A2&E(XC2%$
ztfgT0e)FXryvHtU#I|<G@0zBT;^>eX;Vb{H&g=A!n>NC_54O~Y6n7UVmc2?#PuH56
zf{{;LTe>ivH~0L*TG?sA7FbKjDtG5v>4pQR#%RK;ys<zhm0e+D@?Kvr-JED%ousy6
zTb&Kv<NJbw`iu(yO|>Fl-`w&$*;ceP`Pcon5&7eFPlXsGdGBb&(ut))P973#b<eG*
z8YZc}8>m@+uJOF-mK4{><1PVB2Qx=Y=D%K7e%0^(vBr%zUUyhsIAk2#n7glMT%6;A
z)UzELRn<3D)nlFBj9sc?Wrta|ewyE6c|Xzr!SmF4{5B;<ch8gW-!Ap<#dZoC)pPe2
z7nU7Txt7(tn6zvrbKQo;meK=@%&!VK6()TbeCs#uNF^iEYTdrG)4TXa8!u#pMmTER
z<eGksA}T3ZSXCA7TpS$rzG|bxffb)>@^9W$+4$M5EbQ}qK}O*f<^tIa?fJv4{RMfi
z&sLj0t64(Z@q%nCDEnr5E_3gRjq$q=>Ya&P%)968_V$|LguOoUN<BFq{Tr|5nTL$p
zYErvKHKgXo$cT45pD++NtG^f`ZZliBVsx1AjOr?>wI{Tk-rRlGJjjp_$`LNLZjfxB
zzR&HPf0plPZd-3bRifyI-k83U$i5w=4Sv!l*Eh7qELKhJRZf-Z^UBCwoitC#t3PDA
zSwKjBS7LLHG#BMilis|*b+f+@4qo<YljmNeUY&7pMabTwtiIqB9S@#*(UEYaLMqi<
ze@Whhhk{+@LG7h)W>l;@s4o`ceP?>Yl`D<b`<~cOFIt|EpX9njWAENmnxBFMn$29f
zUe=0Qwhj-!c`~^2EKhm(>Dl8pMyI2n=xFJ$oqMP7sPjO)U-8m4TV9{f+OohkW$#1T
zI~f*~&52Lfw!ShC*E!6k@MW3WuMo}*t?q2EqYrD|sKzQhEOX-85%V(oV4SaeM`(qb
zhF$1si*?b*zE!5~YIYvV&`$A~iM@Z38y6#U#55ynhoO+c+)5+;J-1Kf>m3s<O)C(w
zUoc#pb@lMeghS$Oy*-X~Tr;Du*9q}vn=CrKG+avP=iT#1jn+P@)i1RY$}6<iJyvu)
zt~i)mWySJ4BKy14ujPh^7=3no%e61g^UTeV#|!o-U1JXGOVoT+n>S#2Ex=;c-IrRn
zHkXxFo;%n>dNn&~t;*({#fxj++$vF_8VAki6B0OZzCYVd+&1&fapfzEw8MfG%ic%p
zOWo5Ocz*Bc&Xv#HSWk3MxVrA&Ijc`1p!ep()<=TfFPg)htzxC6v&?!lHrH%D5asXo
zu)0D%w`JW7!6B88d&>&6O`e@!)9)M7`k?PjZhpV<i?N4gn`P2IX`f6TnETSQBvM&3
zcR_wrTce|YWK*B_$dC1#<*qlLJj<bz>EW{^nfhbafo})ZFHzPf%{1t;=U=B1r}*Vt
zbKMWUfVuVwbwNUPn9rvh{y&e?^_$Et9dO%tqVrtQBbSQ_Czo^n(q=?GOE5UHgh#Z7
zOX`bH*$bc5+wTrOzTzMKO<mE$DcU;x&JGn<jR&*J<04Lp39sQUa+Ns~9)-o(-DaA;
z5Dlu4*2|asR^pA_|Hyfu?!%lPUmp)1edeN@BzfNV%dIqt(vg6^`7^@J__}X((`+BU
z?WL|rHI6DguDzhYDRI5YO4`I~UPH<7kiqbXD*u+To4?BWHx;BXXjyK>*E0h>4wbLm
zvhTIdo$|=2cOn8`H<OeSgrDZ*t^RgQGAuIq^Tpe~zIwv#`}q~0OBdX9$m98xYA!o-
zdckJ(nJZsE)?BGk<gfa@K0w!jzu{K!#x~{IsaB!ieq~A53r>8vDy|c-ce;l2jq=uk
zvc_NUIw+K=(Ex!%)bptY4Aw!%z_rIp7%POTe*S1Q_MPF@kiA9Rit9)iZS5^}&+gX9
ziYLPPx2rbAsiwieewDjS$xlzxN#VJ7lkj5S4dNSe?xts?Y*m|ST>W^3`Mfs<VnvU7
zms0t1B=(xAyxMm5yuGN;WyiGwZGZeU{NoQ}ov-E+Bza@3baYL^SVibsi?QyZ>lns*
z0#^>Tc#QQ91$3+7gg6wC9>G|r?{EondPm1#tSA&B-zvvgsVF3CGl;QnpwM@YD6kZT
z5SLof`Vx%Qf`THcEj@6Q5DG4T?|TkoeTE>n_Xzpj4UFY;7s5%@%!6++Rs;%jRooX3
z!C043`0mPEm+~>zH3;*l!4ymIB^>OBZh8W_7T-IAv6|71NzUC5?zwRC2;A^`dx{k;
zZG$6<KBBv@9DAC(pFhSrSp#<ky9HF|9LmI4=ittNRq{YXqj=S0LbHuwNxrkxjJNOc
zoxHD2ofmd9)gg8Aezh=pL?*Ppk$tb`%O5%FuB>{JeXrXsc$3k_8=B0%PkFi3lIy|!
zPxsmPI?+-mHPwze{2=bh!wEMWS7hYgO(5=NZMolWVTjICx=Y;C?$wBQR_}V{`xU=e
z^IEfihVANT!I^RRy-4Eb>$7?9A8kBeiQl*QEg*MnES+CfHjM7QHD=8m2@txW8+#-g
z-6!ck6{CL8eUqX(>lV7_%Wg9Kxuko3$hLVO(0zAZ^4@Z#riaCkhQi@i?c!SPkGbIb
zDN~bO1oscQAH>_uySKh3uPC}3?k_FIPIWo#?>pK^I}r+{ossjt^djhU*ZflzhSy;i
zJXeV<*lJI?m~662u@l4S4N@aZH8o#yq$aFg6pX=PUMun)qn|{rpU!=D*;Pz!#=#>m
zrmfj>v}L>2@aJb(t@XH-KtQVS1L@Bzj<g40o|>LqLVY26*x*oM#Pn?M_9ro#VJS|B
zynC}#n9Z%a8~nUhJWJca8b18N!u0ZK>8F+l3&X-<x7%(_Q(H4F-L8rC?QOxxggNh<
zCf&_V4^tKedQSg1T9K$Ra8fk%<S8NR74vq;f4h1w>X201r$v{;G>#;ujgDMUF6H<T
z?9f+V(5koLA>$JVpLO*TN5Sr2Vdjx?>LzU@O{qAsr83(Rznr*P)Vx|p{YjR0!qBkP
zy=yPi&HV#An}b?AeOKgu7+v)tAaO*$!PM>aGzFC{5f{dn*xWm8Q?aHst!ZM@LiZ}q
zAx-72T0=o+!m7O_WafO%xl#XiILP(<uGP<)4z~}S7rR_8F)+AeZGY{<^&wk(%U*0A
zG|k9L-y$=9r-gdSbijJZWnE@nPw1$`xb#8I1CbglL__p`zPZlmQXVXP;(BvVVf5jQ
zTOCFkhP9byTOPlEK>elFs~>nvd$nX=xo}q)tGq16G&|eoML<f*m6?(^9?1`!SQ8yx
zGb{UnPMm?+n@ekUHg!ub_|bnR$<e6j#M%1I%hn%EU80haTN}(Yf0<W)@$<~0=|h`D
zpN?Ji`!)N8(t3AWnw6q`_PrnSvnu4zaP5rd^{TGg6#f0E^3#<!b9j1>-ap`?@O=E+
zGyhP}_idLC53DVfO|ts=tfwG0XV`CA;~}9w8sD8;GZsr#w&i4mk*dQ|R0Y1Qc#^$5
zPpG|ltkdIJjpb604)g5!A$<3In0w})D<(Pa-l4iHIlrzr#n0iujinr029`Eu^B?&6
z?m+?fKB~dVZ9CnK1#9*m$n#!wFMsV7V^gaq${}taU7siQG8a6UxB3?6mfFLub`dl0
zFTQ84mb5XO>)`4}?M?0m<459EWzB>>m>lh@Y?R+DmJsQ)jaK$BRV7aHu=;mN!#f^k
zZ%_1Vgw|o^LJ@A}E??>wY;Bqu6nlbvu&30z;!x~~v_;kJ1F9E$j=Ztf9IC2VAkz1F
zYj4xtOS3NAos)fiNL1U&;L*qA((Zn5l|k)?QRknBT+y^YvwWefab2dNMrm0DZGIcS
z{FkLp-`C7?o!z%9{-ER1rEB&WycbWCv(gE-^>Le)w<^eC<?BmLZq=QI8_c4F<Hzj;
zJ!6Ba^+#g5at@RQvdW}4^s6ex-H3S=vb#{O|6Koo!F%Dm*xM85uMNCavMjV*w(7Os
z*UAeA*1mEXJcTuPdX(9Y#2PHx=NB|1>#{e`p7wtK!<AQhKU!XiifkZnbeP`Ld)9Hj
z*&ylJi|1am&T{ipuNnA-{i3r1X165n8P?id_Hr<tzV6iatoiqO9dqVhw2kh2bo;@Z
z?v}h4Ts1aLZ#XZ~7ROfR3ZIsk?N_Ab)8VT*VN*eg)k`ytvoxP;Ci-s9gx1h8ub!q8
zl}4(eC+fG^9}J#-W!uM-3Bycbg#+bpH@OYP#a_0%bXSh|amAP1{Sx}wB=2eb^<Tf$
z-dpAT)Y)|T9FC-I^*_hrUOfN#-ct6&Gab^M8HpE*NwatUe0}no<o0Be;uEc!rRwuD
zkL{IOXr9WiUKP~-&A=+J_pH0C!a-gwt3A8l$6fJ}Fw1|k15*k-U%g5``F32&;xfZv
z%SvCH;{`|E`9F1PF``R~)JAEhjk-D?G|$JhSF2=p>lRLolTyhRVrAux1!rb1?7lqV
zsot2OYS^zt%4gUrIMlof?)AREp(MhWWvH<M6D$@RUi`ZBX-0APIhWacDuvP{`)!{t
z7kT_{RmY)RrI=d(@R?or=J%}+8=p}fqgh_E%x&%qkL0eM1)fhn|9WD#Y$Wo)&i4C~
z)~}~o7#vLNik&N2N|(8~<4tg=*UE2AhLs1pdP(`3@8{<^FB}_L@9KEO&`e!YEP2uM
z3_S@C?M*z^B_}pHUEzuf3_oNlmeAqPW%aUS`ZLY3>_YW5hQ7_2nw(F<!*$z6pIpn-
zED2wHMzHGcg?-_E`}`KnYCGhXV;e#%I`xTh=u`UAr_<I)weiv>%obnO;23&T%-gf6
z?45?!!i7f$tc?|Y()dl{ZOL;EzE69carY)iig2)JwSPtjBRPz3rqUtK2Z871p6%SU
zsmg3`w~f>yDR0}dB9W{M9iM*Yz2vdUT%L3<r#mw8RJg-h!|2+(dWyB*#TJ$*FLtXB
z9w}X2l%YO0Zm&0s>&WtnHuoF8PMKEmCEADPou2vSmr&cAB~3GZtE~*H4q6yoJMk!Z
z-%!<D^ATgur{k(_tA;q3v8^7fDq_ako5qCo$Fn&7CbSL42g{jFKHv40mqhtmRv4}<
z$r|)A{&du3Z{&+>N$1D*7c7tJ`aT#p<M8*$R{?94U5s5z42!c!yB;WcihT&)@aU#!
z@9OIUxAi+sat1|<8>9-d&+!}SP;Fw4?#>c>=d~hvPN86N($CW;_6|fQygGPfQ~X<A
zXW#Ofp$4;#SA7`o&1HquhAz3%e$9T5#PxTcX7if!OFv(E8gj7C;qAes*s?^empcuF
zHr_n?a><|ym-my!{b#JNh{UDO-*vTDo15Gqm!8Y@EYf>>@(S^k1RmLmZz50C`3#4f
zHO9mIq_{jL;<Ehpv|Vy|=d4zgU7@+Vf)$n7v;W-rzzYHDpIqn2uL>V~JmXo(FGb@h
zt0MlD#|$qV^Nk9#I^lD3Z2gj8<qmq)h1Aj!&I4VR-y>HJ@rqVm<7oQgUR5&KDK2^Z
zi^k@gSB+27#GI{`KQ%FXPMdQvUA!du*YhS$*U+QKBPuSOK6gpBZe2^Y#t!Fa``xc{
zyjQHh_9NYF%z9=3-|FmK<2+KuP{PBX#hP=o&hX8d=P6Nj#pbT&TAAG!cjlhiml$)|
zDX!-0W<U3@Z+7M|Vog=k{K;$LUZl?{5Vzj#>$RpSG*h;|vUR&e@+A#B^F+bw&yPR-
z9A0ugKc!pSEOGt&J??jkE=CV7d?}P@xYmD`v19ZNbFEu_>H3d&ZcNME<1y`r)Wq%&
zp8{Idr9Y<gx7Yi>aGjVFvFgJaJ-dM!(;CZrcj{F<FB(g=%cwmxC-me>>E*IRkGpUA
zYgip8*?$*F*frn7H6=7BGphRe$@@zB8vRCX;b*Ul%{n@w_ono;wZ4q<*>8@WA^i>R
zE_P87CQ-%fi{rF{ugPHNAJuv?OH0yrTCfbRUZht3;6575V{P@Yw_^Ls4$g(6WpDcz
zYP?}deG>cpBcOWekz9!$nby6{S%WWDt;u%Dd)&VG&EYd2{q(I{RRo`G+Uje$OWyzM
zE*Do5bMAYmJB-aqIis=#wvR+h%WIhFJ4(t)Z48Ci_fEH2*^lx(a;A$JYjITe$6sH{
zp}8;RR2a$ddmG2FjIU9i`Wz>n%Ok9UZ)Z9Csj2S!A75xBHyqxP?0T5X@<d~_LajQ-
zvI)P(zP&Xjm@sP{xy&lrBk>U5yUXrJD|bB7IV5+7-{9V<Gp`zU#W|*H8lO^9oVN1&
zxk5p;BSvWf^~dtnlkeTSpqMiKVZ>;Y^{)=Yh`{gJRqJ&`?-YOa;r_KlarDEtU7xib
zgFF>HovL5zEjs#n@0^(ZTUPF=oV(5CNk;FUypQ7L&aXTihF_Y@m^RbQQDX4YK*ow3
z&0X~`&b$v=SM#XlbYwU~tZl`*D7)7y8<lvp({Czqy=W*rJ60Q8a{I2o#EhOxQUYq>
zG4YZ~vtm11@&(Rq&Yt$Lu$*&A?H(^t?E^YDB%cWTnqARYxtg-@{PP=0Z<@OUn}7B9
z?Uz2`{4(=!%GnJE<^0!WEOE&-6xlT^L@0lr+c(**qN^Uwb&a%%{iyrGAuH~wqfObV
zRrlAtorvCXMo^z5qElmQdURaydBvLdIa{+xJ3GH^ShII*`r{$NMeT<LPSX3wa?IWL
z_r7&apXD#4lgvt2p6eBT{q26eM^7_!llVnvY<#)kSds)iLsR52jY}(AU_d)Ur|TR!
za7CYw>S?iEIvJ9qMuvrlYzn(lLM#%pjYO9)ZjQWF=joDcoM)tNb8JQ1?a%Iwy*^i(
zy%&y(`tAF=<r+myy-Rv8Z?a6`dCN}<oiBgH?~uGg*>peu@^R9TTFjg^8tExdk6jqw
z>NjW<CA%;r^-K>B-%3`(8=2)dOFpH2+?sod?~KQ}J01BhmR46qu3R#xKhxiK<IA$4
zjLu}cx*T({iYK4b&c%LS{@6f(|EHMh3;TvVk*^hbUwDVMZ2s{gB=XF}^T^LbA>Ykr
zi(D<!ei~o6P+;w7)JLWA`7QJ95`;BU(zk3mQaW(gZc(6dt?x|zvyTqG((5a@&{gnd
z%}<(~{^*+vHZI}GRgzK)!M9Z1tP49%`GHnjA+=BSYPRrf?v(JwJ*{2S)zUxt>(nok
z_eoQklg}M0Dzbg3m%Pqpba7bSKFNF6=ImTzBb}*p?yDTV>{^%mtB{@FstN-i&YvHz
zRyY)r9hAT9hO=~zZ!)?1;pJ?n=qn3cE``arb>Hv#d?$F9@S11g0p^~^(pH@~Ja=3y
zI?z0zsP9*dcv$I+voF6VjDI+hWuCguOUh-rK6RJ->9Mp0tp{cNL!$y#x4u-giP$fz
za9Zi(q0c4D1JCT@)GBuV<dt?>etn*m>k4@}-`!~<Lkk}||5!HNWSL6*g==3et-s7X
z6?(MbT*>E6KI#WYNOwQQTyl<E#K?4%ke=ywSpCQ<)p`+9me1qh#RF|ELXY*vr~k@Q
z)24AT86!NYJ*Kk^?_X?v_<S9A&HDU}jc<<aDL7gqz#SRlR}}f;*-7!|4$1RJm-<M|
zEBJJ*PL_JEw>w4T!tiC&g~qESemWihV!E)g<#vDY8cSsr(_2l?Kdnh8X@8p8e!7#B
zyS$ZDC+5e;vOhm}YkIqepZw-iw-VB|A8jhTxaiUJC+|mJTv~B@dxB<sKj#hg``uxs
zb($)lcbv+89kJddLS><=^;$83y!R$^o)x#Ob{DV|y*n*oT72^O1(El6rGqTISB%TN
z@h52>H?|J@Iw0?D^!0oGvtCy8^Y6X|&Q{7vqt5OJwwpDV>M_$^_q<+gc66g)$F&ot
z`t-NFXHA~Tt&N-Cc<$hVTh^rKoASm*+#A%ASx3IP+T11S?SGyiQ14aC)tgze%vAjK
z^_zhj56Tk9G);Fd8&NTNN|w!uQp?@oA$BZN;bUEi@G@GP;l_rB?2v&?l~2lBGWU4-
zx$K>&*!Ahqe#hX!O|vKqGiFdH9Qs%KI0vt?-aqfh(&p?F6L<A~QfrG0tDc4$8u;iR
z@G8nUwytE!7uv(mE-O<$C?4!?7H^bwxTboCBD(s)^^^OWOdolBoNh|@Jg`~Ad!Y%f
z`WE-=HjC=*^B4#8lhVh2eO|HQ=~*>;T4MDL>)P!%e+_?)*_N++JJg?UdV1`!LgKEt
zibwX%?KfMn0}=7H*oJ=ZRel1z+j{s<Di&9dRT{_`m&!b-H8I)pT0Lzf-u-;BL@U#~
z?08vIL+|^T>Rn~;Oa(S{%Du?pRO?z);gVz9`J=&LuKTPQE?vXE!P*b&r!DYS60V>2
zierc8j;NA%J42TkaX<dq6z%hFZhDCodHLs+#Wfp#`W%xcztZhx!A6Iq!t*UBnjg$@
z32HvKqjxm7OLb<a<c5<H+gENVOk3>s^o8(TgYKAQ)9&x>Z#N$4OYh?s-W@ujabQ)v
zWyrIc-P_F@n&q5TpD3#Mkgh#4IFNS2i+6Ne(`HVAu9GiMeH)XxdX;PZoUyRF-^v+5
zrZ>KSjO)1T@l`pZS;n(9_m-6Vm6JP^=DP4P@8!2^KfN(qQ0QEQROm)-9|?zhjs8*{
zI=ZgR57**qF2B|GsLK4X-8dzjC+#4sI5<8*Orb^L@vSuRJNG(dKewH%8cg)X_-w<Z
zZrl|8JftJ#+;=Y(6Y!_oNF8b$vU%Mn+^yWCX3>KA%uasi`nKWIvQ@q(AA0fMe!F**
zk)DLN!^rCH<U6l6=f~&oV;)*;6qFx$pzcQ7#TT3xowU^Dn1hmXUw=H(^0BVE#A}-=
z{<a{zW8THnbEUbRgZS@7yb(8X+mUoPeSuxgw!!*hX2+$~vn~0)$trL?|LEf7%y~am
z!%odS?vpCF-pU;Zbv0C)q5{HxRSt#LyuZ2B&1|;7`qC`=x{qJxJ*Uv!>kjC=<G<0@
zSrhF<p1GDa=Xhb~!7V0BV%=|r_UsORv`?a|-R)J0eMR(#Js%6dncO@V@;<Aco~pDi
zA}=@PMyU+LDLLxb$&kB3#S%}2E@$OeH}b2Tkov@!@h(5TCsknE>P7FmLiBf6)rBTJ
zGTHXvO+e<ti=UPcIF()J_EWj+E&d@QUGu7IMpI5_wF0*V<)hQBfS|LR?vreT3%vcj
zj^&1aupS(~pu*vQ^)>lWVn>W~8u#*nQ*~8`I)Y~<uMbq^3s}Fp<y^VPqQJa8fsr=b
z1gu*&Zepx#x5}2t%l6QE8|=$}p`%)PtHzTVTLq_0o8JDZTg_^IS6<)gs72F-LuZ6I
zEIh}#NYc<eeLV9~^QWl8n=M^6tjr45JtBbu4E+fZ7YzB8puZkY;wmCTT$B8Wm}=_6
z_yeRl#s6M^;l{6ZaVq$=OK>Oh*}{5`Y!pLRTwe;;B&V%&`QfVODe@V2@~TNWaTXPF
z+u@VnVz{0$bk{V6Ld?>y7j_Ck2DnxfTxU!j?2mx&hOMo+rLirU<>+W`Z-)EgtkQCD
zvNHyEFYwDDn^?K%fn!pS5(%R~Zd;AF%5So_SOM_c3yr0|UPDvM$-`C4#lcw1%H7;d
zfksB|EaqlpH*gmt+d~m9R!7Xqj!x#LkPC*XFiDs!T>qOyC@y&&Ss9P-2=P&CkWY=d
zy@RXeA@G;7w70Ub0w*QBmd<2j3-IS5+qv3;lNeN6*TIcSNrH5!-v6_7;Da!k5HA(O
z+95rB!2|m{SMW@6aD%eIdx}ayu0DTyk>DxkDwD7k>~w$R`X3YOLOMA}_Zzw3;%8=V
zVR^{P+Q!z--of#(le3HK5jS@aPYM{sgJC{0-&dqCz-k|C)WP^1Oz^1+VE7HL3E-l@
zL_QxhDh<rq!7?9g;%Q3YfS{~^Y~aC?UV*LvX5!#ufScfhX8;Yn0KlUH4Dpq~8$cO6
zJ&;!l@@W7wb1-LTg5@^_?CZgD9&Gi&Zv$-4!LI<E2B_dRp#ZK7;0}OWw1X=NxI}=Z
zIvAfTf|~+(0f6%XR1vuWfIkFe1lH^DXut7(ll>O^?e{zFciDerzx#gI{rdlGKlnd>
z;Sx-jM%<FdL&E*+P&ggJh%Zn$6T*n{(S6Pz;j0klVn4qQVZ>M{UhyB{G6?gqpI1Ye
z7s4n_-5=pc5Jvu0==oC!Bep}~HxNdAj`HpQBm5P@g6!ucUJ@LJgyCff{SlrAVPH!9
z`BDf^hcGIe{zq6H!bm!x=i4DH!VVilcm{+~ot*v%`#@Nf{X7c7Ga-!Xn(;@t6vDIE
z&zm5O{JBsYy8Z}%hwvQsb74LbhU5;4vlPO}zYDc(-5=py5T3_=?f~KW5Jqhd{3CoB
z!pNr)Juio_1YA-3pZyX33Smk1^O^i4Yymq=h44ZMBOK}e5q5wunf*Kz!iyk`@Rj#R
z_z{GWFCcpU8Nx`GAUw_y_#IY;ur&L*A%vH(!>1s;6v7DC8GnQuA&kU0dj18%NS-0Q
zOA7uDYeIM#`?)=YmqQr!M+`fRC|3tS7r+p}8(<6o17AN50A2tE040EUfFw3NgzHZL
zZ}1U~2S@@yeyE)Q;{X`=N-hSF2hax41@Hv$2B-$81!x7pz$Y;QAPFE7AP?X%Ks&%V
z00zE%G5{0+Qve4xU_jdppbs?weE=f>O8^Y|jvIgvfC;dM4XSXx2#^kN6`&K~3&1#l
zIP}Lt0A&DGHh9Ce2;de#6F@Tn58!wjfFb}BU^Rd$z(xRF00RIcfJA^wfOh~N0KNiX
zfNw<rWdMBu0{|xgcYt#Mu>kP^nE+P-;7CJkBY-!+HGoQhPXJ>8GD3h40A&E9=_D){
zAP*oP027Ay02F{d0C@oQ0G$9|0WcBhZ-5;D4gg*Nw*ejk^Z*P4d<Vd0kgyE^x&TK2
zya7f4Fi{e=4!|2A6Ce+u4`3MJI{-Ela0DO>AObKGKm%X{z(#=006GA=Y}gG~1cm^n
z02TnY0FD4I0N5-NW(?pBa1Y=iz*BTTn}po}C<b@|fX#t&0CWNN02l$-0(b)y15^Us
z2f)NYE&xaZtN@?@r~+VfNtg;i62K>b2>_mXAY<7u4X#W86#y*&U4T6RNdV~pSpaPS
z&j7jru=&tt09}Af0F?lv0GI>`(*)23umx}g2n7fSC<ORl?7atkRz>zdJhwc_)AR78
zhdfDu(9;uIqy!9AflxvbBm@#50!d6l6$BL(8%0q;(V)_?fNNh1x+-?DAnGcj?y74+
z>;;kcd(PZ@pF*<hZ-4v#-_QH`?*r%FbEcd*bLPyMxpU`EL;!XTC<Y7#lmR9KrUNzt
zwg7ekj;4VhU~jsF{kVSvI0e|$0emu{Kfp@BnH@prDI%u`_fp6|1ot_p&w1!SfEqw8
zpbl^l@D<=V;0J)13wZ%$fJK1ifVF^<T1DIh5OwI^fYE@<0c!!xfTMuF0geN{0f>4<
z{B$|)tI_YT#{C-fQGnPB|GE$S0b>DGfZ2e0z=?Yi|EMC)1JnbS0agN51J(gH0X74g
z0pcL!1&G(+D*;^r4S)*(p8>?{s0ZLE;5&eLLlF}I(*cVC;!W@Y+-|@&+_wXE0i1_0
zMgoQaMgX?GrHGw?7Y{4q6~I;RD&l6qJpgeOV-uh)pc_DZi1`#C56}-#0vHY$1sDz3
z{}K8P;FJO4GetZNH~@GHApU_q11JMb222A~0M7ps=K=tfufP`|j$!NobOxLO7-Yau
z+{XhZ0`MM8%m&;HxDD`Uz;VDg0C61s0gwl{4zLAqH((#&2Y~nneg^OfK>Zed8*m1o
z1TYLx1{edF4yXo*@6aE9guVe^0*(WI1Bjm#(Fj-xcpGpO@C88pjJXQH2N(({155@?
z2V4$V2e=Ec7qAZ?eo@4@Ul9+O52yz;0Tu(60#*Vp1FQq=1ndPo0N4+B3UCnc7C@X(
z#0!AqfL{PKdwYL7W^g-HQS_iHN&ta}RFMI=?G;t*1sweX@joN{SDNW*Vni%vbBb4d
z4Jby)!BL8M5B+Sl!e?3J)YrouAiQL-3|j}B<}t%SH=!@Cqj11@<lBOK62g3dq@l2H
z0Nr;Q_xp|elg9le+&=@n4WMuBsob8p?+33c;%mq-W5FzZrVclWxO#*y22grR^BnFg
z4VuD*yRu<6!o~wO8sQ|Ph?5`f(_`M7py^Bsnn%%Gw##U=g$-#S_gvgJp!`PMsf?XS
z`!4Q3<4$=<%LG(bd(bR5@UaN9BR|o^M`X}RAOiCdA)W)jJcOC`p%~&h&j_0eoaVn&
zZ_?>9z|G+O(lFQubVK(>+*bjX8oDBWLO?UPQW={;Zv}*uA&(qE9LYpHsZ4?Vl!oTC
z1k^ru0NuM7_nyYRzi}UI+(#Psa^pVLxL4s$Wl;G-EUKw0!?6uGLjZ($5|ClUQyD^`
zM^h_-I=`lNK_i->ejeTQ#yOP@usB;|J&u;Z%$|;Vz~r4`CqTg*4aA2+(4@o)RlsQy
ztcb%XYXi!lwkZWpGLg>2vWDuq20HBknU>G4tE(E=FdGMn2yr1Fl7JISU@|NCgak%c
zDvKH_>jyXB@D{O(@%rj2Ns<kI51!N}#GmYUR^`0LYBVYxg)z6bZc%N<jLOF9Gw>8&
z+qo%YP9?1lC`eE9@9A9z4J;i#s&w$At{vMEK5=;I_+bWKHg@otgpL|LVer^NgbkiF
ze(b=Enyy{D;3$U3=eotg0J(}V2{P6-$io+qdF1eM<A#qK+I7mgGjMiDU-K{u<IoIw
z#7%!3?=Xd!cg@P^i(7xl_!QtxqkdFRR!l}?Q)SbF#*BvQrUebPSe%%#Bx6opBPvbH
z1GDND;GhsHz4df6a83p~=K?;n<)0_5o?qXz<X^CxS=pE|zorq3Ei>o*i=;4+>V{e@
z)X)JL3ve>WKQBG(Y#CE)Sn+A9UW`LuYOxT5<9aIUYAX;nt7bMB;+b~1eCGLQ$s4NA
zUr^oHR57Qz61swI;b$Kq*E;@4z8Q5@OG=QQo|XPcdK@r>^FU-l^~jgiLcW@+uo|J`
z*4NcGR$DUeM84e6d~|FH&c31kN57+pr{}ggO-=O`v}{#jvLL>ul<2>+`E(T4A!j`6
z56NR_y<#TLOKF0dMQ`NG#@*!HQnOT5&#UIdNLP>a?N3iHwji9IXH7m0b#+bDp47$_
zsN6${r)PGvM;q2p2f!5Llox3WP+rx7dYo(n*$jPrg?#ZLe8X#QsZIFKme2cRkhTOk
z`4T!)ihQ}icr*w22k_H$@Kesh`De-!@vM*NVTh+V`q6bG(yjt{L}~S`N-W_`7-^*^
zexG4n*^l_`$V11)H0GS1j`+TbG@m2Qz&AJ9TqkrAiLw!kpTR<m3=v7z%PNMlmqdtF
zg!HKZORO@s0xJ*kJ=&UREu=k;w5vj8Ae$Q&>`Np=?+6(lLi#PCG7Li=O9DA`zTKJ(
z5ovK85goxJdv9^Z;%uD9)KrW!uc{?Vm^^`p&d@>X3`$_6ry#Ru6lZi?2w6Wv<JloE
z4OgK@Wbq+ih+is(h$O_*6eKjB&rm}AuUJ5%smps2@eP%W=nyI9pVtC^o(LI}gF}!Z
z&PL{^^OWuo7FcKscL<Zdr!gHngoQKG;UO%tQF|W36qC%2!lxVI?=h{4VSJZIq7mP9
zDy19BQ$wPA!?X^Gj-m<rCYq*M#E06H_>+ARe=_}n2XD2xo^d~+FFt=uxwQ1E33%GS
zSmHXWPqQ~k$yG~`OjEC=RlSSw7t4!qr<FG4w^OGw#D(HEu}E90t<Y9!6Ks=hSK6+z
z9k3m=eQx{O_Ps4Cs%=zSlqcF3JtBH!^uFl*(Z5EYjLx>_*{9g2+0V0Yu^+I%VZYk3
z*0IiUo#S4|1CECsk2;=q9B@46c+v5S<1qfc=lIz1iQ{*Nf<HJL<McUWoqe2ror9c1
zox_}GIY&Cj;NN8DH0LbmLgz)!hn<f)Uv?hEzoX8Nou4?rasJ|TyKw5YE7sM=)z?+(
z8tNM6I?FZERqmSTn(CVAn&n#Ly4ZE4YmMuA*Cto9>kije*G|`N*WIp%U5~q-ay{#M
z*>w>A4&&b^u3ufk-N)U}J<?t7KF2-XJ<~nQUFTlpe%Sq}`(^hb_gn5G?vLG{xW9D^
z&uGth&rHuO&kdfNJdb(yd!F^YfPb%gKJa|v`P%cX=X;OhE%pxZPVrvkeaySx`?B|-
z_Z{zh-VeMYW?szsG4I9*-vQst_;=7Z(qHC3*FW8Vjenj0e*Z)MXZ+9k<71Oz&xt)Z
zc3JGo*iErpVt<JJIre0%h})d7CE@1;kr<blk=Qe_Byn8g^u)%*m5J{s9!>m5;_<{^
z5=D|H$(NLzl##SJX=T#xq`gT$B#Gqi$$80VB$wb{Y4ZH!`sAkMmC1XO_a;A|d@%Xl
z<Ri&#Q_@nFrL0J~B4u65rj#uycctu2*`FfXp4GOj?XtEj+kV&fx3;}f&qy7fIx=;2
z>blfNQXfk_ka{rn*HjURPftn@q-UfLP9K&&GQBK)dHTxqH`3oq|2qBK^xxBc8J#oo
zGNxtJXPlqWl(9KuOU4r!2Q!Xmh;~=CTi32rW=ZCV%;}kp-4}NMF6)=9&e`<K%buNG
zmtCK|BKwByE!kspR_1({BXSSr9?w0ItK{8~w<+&bo-P05{Nwq*HH$4*Z(X<b*{uh+
zcHdsI{ip3>#}hlA+VR4UA9iHz%-h*#XUWb*J6G;}X6GwA-`RO|=eS)JyO!-*x$B)>
zM|SnxU9x-R?y}vJcTe5@)b79T{&BamCu)ylk9SX-Jqdd<_RQT=zvrtx$M^iQN8EYG
z;k}2SJ^bR~6Nkkw^M9@X^_^eEiKr8?ClXHtPCR+yjS~Y-mYrOC^4gOJP98sb@}&4Z
z`S*<9=l)**`)|K1ryf7`)TslfUO4sYsn<^(KK1UY_f8!>b?nq{r%s-_OI)R0qus9M
z+1A<Kj~ZaFu-|Y0$iB+4%dyXK#GyO8I`f@H&R))b&U2lsoNJudI(IquIq!2m>wLi}
zT)L~PE8kV*n&w*NTJO5qb&KnHm&e`4-PJwVJ={IfeT{p)dzbq@_cQM2-5<D*yFH#Z
zp242so|T?eo_jrydJcIGdoJ-_>b=Ul)w|vMjQ4<dSj@(l$6{WNdDb`FKhZzge}#Xa
z{|Wz-{=@z@u`3fiiSrZBPfSm)NclA|DgB)Esp-?w?@xaw{k`-b(${9(&^<S+BCAvO
zj_iA~AIyFt`#|=q*@v?~$i6A31n-X4=BF3Dvg_2Y&U<qA^g7Y+#DEinP7FRV?)TZh
zFZlh_Q*O~2e=nuKSgYKsIqW^{6YSsFb!VJ2$+^P2+xwWWN1LN<{Qk=!&l>-&em%Bp
zY<_G}Y;o+=xVYrR<etfn)LyAOQ=<dUz!`!5fmwl?z}mpIfx66!^Uj$&V{ZAIx4e1R
zn~%Kt=$lW!8FeWBP~cGUp#g^m9~yIL%e&D>+aK+CR6mw+ti!P`#|n@2K305e*s&4E
z&OTOlY}~O)$Idx6_1Lsy(~r$OHuqTLvBk%hA6s$k%41uP?LM~u_`%~#etGGa>rUWF
z9J79!W$KvK(wn$k+%s_>XV4eoPP4+haHm=2_Y?8N_4CwIK>4i>`RA5=^VO5^v~<A{
zdI7@e$WOPFu4*z?nlBqM=U=7kdyXP#j4;!+T<+STdTr(WYGq^Ty;z(u4#dluRaLR5
zp{A)?NiaiZ;y}K+6?9r&#q8=P)e6T$OJfC{Fxg1qn#F;`5u&%1PXvwCO%>Hxs+dWy
zYt6}|Ek#CRK446$EAYrw!Gmy=L&nXkn;qSzqJqx*lym5rO*lBz9>C$AOJ>(mp=T~=
zz&U+Q<C-dG&Na?VbVT7jG!EEv`pw6i+#0+>&KZu2D>gi=oMPN@W<`+^GZ{>SFmd&G
z%uqg%(3@zIGSQHRy7_$aWK66XF|V#}?t=O<I%UuogU7Eqxp?o}m@{(0yq-mE((&*_
zljPh5O|yDqo=NyvoDey@b{rS#PYg>ixYkS%8y+EFsZ-84t6)BKP)5WjcIjq5#~SmU
zt~qonW<pC5cpjLan9xEF98j6$HS1Nuivh`j7Si#<?Yt#WT1wj%qOq31r*XDzsc_l>
zkeb{=E~$_}N()gnjiX?&RcWzS9Wl+7>CZ`zx6b0EnPS%*8J^Kn{pMCLY1fj#P#Fu{
z-fvc(b<1tq!Ln~G2XIJcl9@^#^2ldAa!kiKOBSA$cFiG?I>knYLeHIpVjD^MXwfch
z%qn8XM3sz*GlS+=HqISbTQzP@&8((wr{||5M!N?h%L+SKH0v}0$w;zK<Hg#@ahU~=
zs$P_v9Lab%9{Tvm)4bD|()q0Ur!nPzQ;-<R=S+EqYvFx%?xcK(>IDPmVMj(W9i&@)
z!SV~ReuN`D5xqQXAfL=h$9;~kGvdjaRTZ1E(p=xnL1zLl&l-g8*b=KV<q^78R5%|a
zc6k=bSJ^-%S}CPGk~`eSLL4?)^FNV@lx{H#FP6p6V*MK_f|b7@JShwv=L>Vv<uXUB
zTH{26mavH#Y}vw#{|C$mEg1zxhY8ilK5TjGa%F{TYPfkqvDq5o)j7T4hMN}9s+3Y&
z!y6}5Hq=yB!A8O@Mz#>nEVja1C^C!sXe$XQYIzpAs}&y<B}<;fY{Ue^BeWq?EjLpC
zVI|6JVfqVEziHq`17w*Vw<R$VXDQOm$6W~#VO5BX9KE2aC4Rx+R_iRArEKo(G7N_i
zJWP>k9EgabGr4h)_VO%PHpZ5SSR><d!@*}_sj6;nb<t^VhWDEFIL#-~A<I2a^Tfkz
zn|ht*k&GEd?}SKKCFSZ<1Xjjr&le1)wbRxl<w!%&Vt*qJh0dwLY9hQvUF|qfXDkch
z)QXjzjU%58{+7NCvp{CE&7`G|TU1&9&(bbmo<r;miTeJZFP#K5O7BPSDR>z=7w-yK
zH}WXw>i!<48kfL48)jDz@JbR{`RMGDWOMj6Tt1JIgU?@3Id5Qa{ALTH$_{FKS~(cV
zrBkmy(;D1yvNV>XE9aG3^Pf4DjdKbM23yl!qf{Q~2R03{reXE4)h212Lt{+QIIwo!
zuwcLftjkw63~ytmm|xj2cPv&}8%MzY<e}6#vu6&XId|6_T3)R_E9LYE$~6Ql_Gepy
z&u*w&gjK)#krroUZfF{bgrizufJr%K%}v##)67D#N<DMIJOmM!f%1&;>c+Ab^3H-c
zqy@$?QS*6nJl2{Bk*+X}A5>FY*|20BiqPr6@9{0i53O!0Z)=twma`Ny)28YPQM7Pg
zH*;dNaVq$vs0yyrWUG0NT;Oz0MkJ>NGv`(}Q9ZErbQt8CVyTK7rKV}tRIBY^2_q}z
z-2L20=BUOrE9<OEv~Xo@RfUz+5MdM+$fsL@TmreV!h*_BFCiUAYi=U533C=4IS$7#
zgZ^%T>0ADJE*Wd|rkU2mjG+!T)2bv$Jrfg@9DeCmHD*B_R^}&S8*O!Rc+B9&nU#2{
zHx>^VvtrDs;f-Zv+q2u40W%u$2M%V=$?rMG3Yu3vtBEJ1HEuH%y59Wr{3g{<GkcCq
zG1m&4#hZd@UN$ezOee!iYw$NA8s}TQ;2H+khEhZ763ra6k2YjKY`s;bs+xs0jWi(}
zv;-S>s~dWpA8+O{N~xY%0~2mYFoVOl<ThHh!<J$xQIiz}=JV^S@~itSh&6LtsR|1g
zrka7F8Yi`q))&Qg>4qBR$T#?1bNGRKF`kl63#7U7l9nQf)lxh@ot9%9d%O#LG78aM
zb8s27cv+k9ka05>FE_+66Y+?7p*JL5ePz`OqjXNhf|lW#9mDcUB|ao2qKCs`XID2|
zq{M`WkGWVe1Z5tWt<nQ_wG{LcB`zd2%9FvXBAJZ4REen4xW$(#Mg{8YyXIik0TY=S
z)eV;`Zj_UQxjJ69FPOhtF)B`p@UC@2b;FD+6u&H#!s^Mk2R6*U(v-vs<N@WX(EMPW
zhd&5%bwt=8JYQTB$`k4MDQ8V6PXrpzIBO%)vf|f8q&3vJJ|ftdlw2EHcW{<!yG}7$
zi|T;KnyPu#a%$JOLGdCLrX5YRbb;z#uOwM7Y~`O*s9<l4mbpP`V?`~TFMaNfir)%@
zCz0=WH!6u%U~TmxTHC3mWuCg)P0CX`$}&CJ=-N`e|8K;f<fxo~=DfN_bH*p9;s5TR
zf5|DsD{J|<uskcYh|<cY%2wt-JV7$1=KprN1G$b=CZ34#;Ad3Y^6UT0Y6aP&RiUxc
zx>{3V%P*i(%js{*{J*J6vw;6Yid>!(p-E#jyD7v*t1JVms6zAJto-G_28N;J-}$pi
zIsaE0SkMEJRT~zzS;@3KScruM9a#ldzZ<J>QJ(&<wf)!H{>7goGy4^}v!J!{cxRZ~
ztxAGrZVL=2&hD&PdGfyo_Fn`09~fBZ5N%l37Nz~^))nc>Zu{@dtoT1L@%z7MW@cJi
zs3W^QWM&qzfAbC{-m*e7ineHORgzB&H@9ML3yTZiYq>qdXPR5ZDv03@#dwE|EvHt5
z$#JJ*ynROG>6<Wjg*>>RgYfP~xtDUcQr@N8zhNKzu!Fs{a>=f1j^s9ern#$bkK(p!
zkN4VlDo^~^-~ZR&{}23q(BT-~{w~F1SyUCC5bsuEf;2Cn-lO1C0Ao)!wpcHyMmMRf
zTCz7JV^ht{x%<q{P&uQf0`D*z@%&zqS5Z)r7wyMx;0js*zy=WG&m%hCR?|duPD33%
zg((gL$;nqOv_P}aLft}(Y!=!h%0hcaTWBx4h4yw>XdkE3Dk9Gn#Pi)jyucI03%x<S
zC?<&a@CEUnZGw0&e-Q5-8^rs>S$IKSd=Sr12;v2aLA)?2h!-UX@g6Bbyl2}W-YYeT
z_YT-{NSk8A=QdYPRrQPovny(9XVraZYzM-oAl?l`A8XUL&D;fz4Y^ntubh`Fx5DH$
zHq6Y$vKsBt$)(*gGMF~b<ct%!bQd${;qQ%R7|olJ-y<h4CoiK5xyHug+}se4hpq1L
zrj0eTa_7xkI6oT}bRO1pGG@%^-J`OodS>sc9=-GN_c43+ti}NVeR>pB&!oSyhreT2
zG;2mdVRcubtW;(Bt?ba@txfci4b?|@P&Hk&1Ewpr6o6mL6*OIJZWH!D@TH=%aY^mW
znpsPDkI?_8Rb5cK2yaEWYV<7({Y)*)tHgrm9FEGDF;-MVwUukQ5heBk(M1VemEF5(
zLvQj;_*e?`D>%o4K5V}Spc1Rsi?L5^q!z$86VbZf4<R-Vuf_Qu%CIOiZS+_4IhSaT
zIT!hyl#w-GG?d6qAnoVjGP)V0n@C4FHo2)WC|juX;mhCG0Pza_R^ZM%aM5zg@ez`u
zlOWD(a1qa<(z<vWm??B6gs#WObR;zWdIMOvC;LLUtF^{LNUN)7BKU3!*`j@qt#i?;
z3fAHw3R$nkqGC2X?Ox-bS&z=Wz$$)g8)EPk>NSzXO?cLzmF71WfKI#zbks^@Jf|nf
zWcu13A{sxFRWD-IKFI2WU7$O>Xt7EsI+N%qsy(yn)H16Jh*fTo)sK@w=LMyDpQOrX
zsU9_16}HT3B(drnWW`eTi;${6OZBeFs-$IBvxwF3AS>UsphxKVHidMjG&Ae7KB5Z#
zY_b~JGOI1bYC;67i9uFlrXqgQr-trS$$B!gPCzGT-A!qk^(7Y}YgLeS8cA85Wl8yY
z574vP8MNA5NtQgD=;(P@1D(?wXjG9|%6To9QoRC68zV|-iYR44L@5i2jv8ySUL0gi
z-+P*Nbk<6+z9@qA#l$+Q-psnH<*dE0N7id1vaaE*Ys{?cf>}|hRjQv_WK%@en}QYM
z#=W_eq`1>$bxX^vzC=e<w@0wrL9C)Xl_F|qGjVyr<g&YEE=_P3>YpOG+!qvR)y0Uv
ze-BuZ^{LIn(ZSURh>rTqWc^UftWQucelmjfQ$f~T*S|bStfJs{*xH_HnbjK$!RnO=
zR<8zG{Y>!(x!p5OR<F0rs`p?d{c8lP_kyh6n2GrJgMH$8qK^<A{Sj&WgK4o4c#v7j
zhb@=#<8?^-c|<8+1WSp6>sP;A09I113DiBlI?tfBX6`=6OvBb?&-|MG$8@vkZ(1(;
zB~tsZ5k;Q}7R_q^?H;Pdg(j=tnU$R^m40R)$zKgt(F*Z$u;1ohZdZsI1t`sh_{LRr
zDC8q4KyA+B5lcCU0Ow|ty<2ISzp@Ou<0JVegz#rQB`V$GO#ZB>B!x6Z1sa-4R!CJ8
zV5llZAze8iF(pWCMS`dekf39v1f3!!=&Vpv$r`c*T|y*ag?5z%zHJuRy_Ev@o{a*F
zA`9#hQsCcd)ae<b(mtfpUaV4C<<G7_KyRhiP>NCIK2m}oO$p9uMS`sH$XyyK!Qc=H
zc27WxAspb0(~O=utQB_Un2D%kBH4`%VaK*SPFVqQU4HWY<CUun(KTt<<;qe7I19|O
zCWe$1=CjH1PLC|BQc7B8=AIdnJJgyN&O+{ak-6uGNXji)D}|{w+10ngE}e{bNhG_a
zA?(<AFNieWWs#<{TsGX*W`QeODKI+|1+I=P@QRQExi?;^+(^pY4R+iaujcZc&zbD6
zX@&hq<Tq}JWPf7_dmdIcDm#tFQ)Tbp#N|oLWCh-&kWY7hVhXTX3ZP>u$3Fg+Rs={U
z&%8ZSfE|$n?2Hs(SBL=Yy>~0*uBA6%_q~S$T<pK^RLFrl+d~>w&)rhG5>vW+T9c0K
z{Gkx(Qm#e7!y(eOFGav3A=2fNbNq9Nbg`7>Q7eny+=)^=CL3%TB*>z!{)Cih8R&GP
z_e=UFQ^F@(k??n#&AkvJA$#i=t>TpC`_4p)mqH|DgL#?DcfCQ8uP6^2t*bZl(EqAJ
zV?F88CddAR9N>DFQop9q9D^dGWk-HpxsPn`A&AP#eN&45mMQw7Rz%lHxkn;J{~$zk
zmh`BlOSPHZ<cF4<)SB5%eq^~x!z+F)JJ<K7M1PkO`E7<Ve$t9WzD!8;b)-bcBPIGq
zwp||BafQE=>_?gGzi)+o8jY+cBia8R!k&%iR7i!{c!X+>y_z&0MdjW;4+XOEXetej
z&MQH)@#vD?X$oXhTONv!*FYez8XW4m{21m=4XiY?HTkUaRat%;S^l$T`LVLRznSI7
zNm`9E^c~+y`5Q?gX(8ovap_iZ##AFi7MB5btnc=ceSedEhgR5MOB2Mb5cbbfXUSIQ
z#7p~Cn!nCLK#uy1<=oyKh=5#`W-_DzW2nkgd15iuEU-Wp=;nD-$kb_V5ptiQQcnC?
z=2;;6s;d)_;Iv8BGwTpJghg{MHQ5etr5<bO`C)8GJ-8c;Q_TsOBD=wO7TdYeWH+G|
zc6a21T}22x*7|hTx{KX?rD}F@<MD8Y%3b^clXX=qtfzMY>-mwaYeO1z{AQ%6Q-d?B
z$>i<oxkX*crNGZuw?Sp3L!&o0u=Xjy)|^fc`i<%aq;S4zO0%F9X$ncn7e-36B1D?A
zNt%^vaHctuq`62+<0EM<R`-QVbBVNtZ_UClZKd#Sw63rwvhcN1%W<Tqb?ReO4Ifr{
zc!<1Ka#CptM#s{SHqUb(>`;9Im+gJA(sHxbu^hIfc&On$WTWa|ahXkN^Nr;t4~>HA
zx43+RRVQtrdJ^b^lzX@4Y{V?zuExN9_d|#_TulMGpCY$u=M^GS=bYulu#Yz%a*U#M
zn^i9fl1=y|%`+UCyydtY?1O;&v>3W4X}4;=tW`o>hX{N_D}2#VADNN1LsNY;tk9UE
z-Kp7q^f<}Hy_!!j>jP9`wC1I%KS^?5sClUl4#Iy>JdYx)_c>f1ry_gmF?27{Ji2cx
zG+7Mir?t_AZ}>!<UPMHKZujMy!nD<WzR%(5#!^g%p5&tkM|yP7I_eodnmmxsv~GGA
zA59#X$kp?Fub4!U-dnIZ0n)&eQnW8g<Wnk#UqVvZbQV9CM1Ef5mXQm5o~0<b%?ez+
zSK-n?Ozu%*=x*1xsy^z?)S}u>RrqK?qn6d~Qgz|Ek23AY<t{3r))qr|yEfP6dk~qZ
zQ8Ww!zS&)Id?!+A^KH8D9tT!N>CdzI>8@*YY`(|w2oeo9r`5nodt-sUM}k(^V(6}G
zlWo3%X3^&&i6<9H+7#j9Ey3j+68dR1hVFLlVJUPKBDBXsg?@^JuA!VH8|&sB($m+f
zhZOD|f%d(KSiK@m%0u{Ds%JB0xsBM#B}*^a=s*(iBh5pDAFFmY1$?P_UO+<cTe#dx
zwcMh|&^<%DQuoDf#<@!H?%Eny!}Y_3prK8>4%SczYsjFOjk?q4UxtB`h+B0SAQ{>Q
z5@e{(#&{n|JQ}Tu6blGnsmIXWr!CNZSHh~<c9x(7a+Xtx&xN{OikM6yo~L`}BeYEe
zF5U}qX-ixjwivqSX(vPERE^fVow!8Xz~ydWbE#fG=rMHfqJ66eTl+hdO0E4mrT?Bv
zJp!yJrT<3v(>+7`O7~rdsZ|V|i*^j@JsX6mCgN)n8C7TExDMgkBDfC;_nIC<_YCdN
z=q%U5AfR*Y38eoJBP92Tr=dhzI%MJnq@v1CCbqBYNwV^bsPcE|-t!T<p1A%^kD<G+
z9npP1U>TcQQu~MsruIESNn&lDO-Rn|JAv|dvoYRGcw33DA-so;8)q-!{cL<<nJ(VJ
zYLvN>{mdpIPU1P(T*-#136Sz<E^cfog0pjKJV3kp5k86%=yI7`Tu-=Yk8CE_i@<e^
z7Ua4UC7#B0QzkgskV^i{!p0J}SpyK)RY8{ukGz>A$&Jc^_aAr_q3aPJO<ByJlCR>-
zutHib5-%c97yDSS%O~^kA$P#KjUp$-KqxHB3&l-R;4EaQR_KE$MA*h|1!E;@GF}|m
zqh+!<8xDZQ5wnjY#od&YR&fsA0@nk8eh%zJ+Or{=m`ya1BDxk;caXv<@jXaLp!l^7
z3y}CcGqImY$7+yo)FC>N@;bJG>`@LfnPPDU5LHB0#~G~7FR+YEjH~A&h3os9geU-_
zWGRGdSh5uQU|ceUZTJNtHFCX&Xc(qY3Kc?wDNBUwPWXVuh*Lc}q3(--lV5OO3FL9S
z6Y<z}Z$IcCI)X&rSCN=eUBs+r(|{;W_)ccx(+TyNGMeqYVmr=X11N7P+GXv~@u4B5
z`H9XPVg{(q6FOM|{@0+8^DtT=3nlP>3VPoz(C<pxWruqw`fW+)f_{+b_ar?SbS%;D
zNV*0zy;)M;m-IED6Lx_9K+<=B_EGx3O8NlB6MaO|?}J`n3tGw}Vz;9{1j@y-PD&it
z=VDGC$5k<KXC|kjYQ+0z2JsFsNaUt)kx&j+1j;$AAtjNyox_o_7w;5;Kq*zU<}SF)
zvPu;qL~I@M5h!EAL>VJliwDuQ3|mSH+7dk+xDIR)eC)C^$WEx%6YTi?TePr^1V`O&
z^a|H@M2|<Ta+aOYU`o4isR+O$yHLvQga+em!gVW*<!Z#K$L)j$<D!IXAp$6$`m>$T
z<SVxsX%)pzc=8NfIDtd46P~Q1#h9C4u@j#BE`;P1DT<x&<ZH|n9TYp^$<?@UitdV?
z@Z=4qMB@}Y;mPyNfGLWd@Z^=I9My`Q@Z?Emz<k9{c=FFEise|O*a=TQXa=lM?1U#@
zV#;xaVkbO#iW#t8u@mmP(kNE@!cM4b1}-G1_MM$j*FvLE?KeB2$)j-LcwMm*o_x$G
zQ}ZZx!jqrHg;T^UcEXdF7-ec{ik<M}F}QGwPKurI<dvonqfk}g$&<{038*Rs%rnK9
z4((8}rDnh!#ZGwg-%L3g6g%O`kD38X6+7X{b*3Dv6g%O`L(PDz6+7Xs*KQZ$PvrBa
z*a;1qiCef<z^1xEF?x-iP}h&}(@Zzm33a`R%h#0m0z09>yfMP{90I7J^sDWJx*j#@
z4R%6Zci_UjHrokxxo^hbU%&`qv)c&`^2!jdPtXG=Qk>6DXfO_E+x&unMv9BK6B>+j
z3D;uyUXmf|Tsxtzg98nEww+Mdqo~w9$QwPtPG~T%CR{fofEp~i)J~}DbzCT|y^ozx
z*FKZ(Zzt5X0S$5j@s2TeLbYfeb%)!-f%dke2#B_)#3RV5v~5l?Vq!$<bB#h2BG{$q
zHmwBbbCJ{ExK@Zs2*knr^+SZH0II5i1*?QO+!k4NVH>v<6;^C-;ufu@9s-laNW@I&
zth;a~fg_WwoQ4d1b1QuF$eXvNTZ|0!$y*zF^Z)<mme3DFGeN9dTZ%){l*HE-5<$2~
z%R&S}Y$7+jlFpHd<cYD_0Qx+AR<kggBSn1-2Ky|GBE3N?12Mr;(OMM1t=n!eCBs?a
za$=M59_SeqGL2HAa0<{crpal8Pq-HWcVgi8s7inaU$POLM^57&qnHp~5`{l(0J+Vf
zeQ=Wy1j+$T#S{PsAqhbnGL!>Ew&zjoWy<V`ci@qVM%0(ihy6GPg7nP<`5aGxDnLFu
z2juGuo<P2y9e^I<nB|B`rF`#FzV@kb7s`i>J^<gMd`4)8d-8$4MRgIGe}Q^V0Wn4V
z;8Gz7lnILV7)0;*cW~S~fdh!{v<q}TO}-{5RJi{DXr7x*k^^k#ZMO+QpsbJ_lrEfo
zg+kfmIO__|8qe7-lG(ccbt&diy7vmG;}ay*MS$M-_kfhT9{3&wGHMsys0#GUd>Y!r
zDb_TDv^B?EhG!IjvdECTtJ9Es5f|La1)2+A#D#ai3^|_zD9e<#S>=e_2qJqcE;)N~
zfsJ(rI|5~Zs!>%HDf|GH2+=tT^GO0_U06NWadEP4*D2H}@ry`Z>m|PDCg9gAREc<Q
z@0%5B@OWB9P_~4m*)G#?t6$6Ex!i8sc*9gY^VucSFn%ZFBDNFki$J+wVIx!G*uw5t
z$i$>r56WWt4nnF2LW+DSM6Aa{#QIA}n&(5rx<5p$=R(AKDMYMSrC4b{!KMh58`-Rs
zbT*0`$tK!!9XFDy+J8#6yO|A^wQ~z8r#;*H?Lk}L#%T*E?QTw6N_M`FP-)!T$++7;
zyd9wrQK*P*I}IHjfSw=Pm;>1uggDxrOfK??Xo?$I@mmMqkv9;Y``&ioKz^T&+0Gk@
zke|#DI=M1=DQXB;Ak<T;PI&%w%8sAA2A3(T;4Ks-@cqrEw-5!}i!81MnF$u2S3AnW
zZ5kb>op%XBtkURM?YuXk8%v^}QGV)I2zeVNv5a&UrYBVo(AadC#1sJ<n~ng**c2RL
z0%;gDd6=?$$qc(H(1km&*G%j4?gE-ep%@rngsP);tuK*taKX{xC`Yu#11H9?06qOM
zFX5fI83Q3D(?vIGM*11<wQvGdaRKF4bWf%p_^6keD=4iVlr}0Ttv%2mLnoKu4hrt`
zR;(7{C1MyS+EQg%HlHZk09;d2$fan;I8IXIP<SJTp1(t5aJHurlM)f*wqlARVl+`$
zf(o6DV5*S&4^+sS8rVhQe6;&&BX8D!s=eL;L$p`0p&;ZVFt%@uf-?R<L6)lRK~=k1
z)x9unQhXt*_KK7d2-8D!+)fnGT*<J|0-Ev|_UqC+<GgVsx49KU-IoI&45WupQr1&=
z8#(2orUGYLnXrX$ZX;42j0m!c!Y*K7G(jHOn$<PvEZ<agVeuU@ao3=ud_8f0Km&iM
zYn18{s>TGd1j0;3IN3v&KVT15cl>7teitzeHE_RB$+B&~+O&&{@dpFQa&0GUT31Y1
zB=MUhdU3J@%w?L8PEtvr7FtvasKpkQ3TmlErGZ*zQ5m2vw5ax=R$5diP$WrjmZUQ%
z5=By73`&-s4QiE@GB+%)0MunxT#*r%vd0Do;tN_vw8&c&>H=4ys1(_2Q)IU;yam3`
zu!+LGz`q8I|ESL?iHc|vk4W7Pp{7wdjTBQM6uG$nj2FHKY{PoBDpEI|CB(~Sadfco
zA1bc(z8xD4(L?)otSDT8G7LR(KaWyWY7K3PP5S~Rs<gVNU0~C`1rcl@9s88vZnWh#
z?MExs3Y+!|5!8dVi)<SG^(jeQf|)kXNtVQ=HZ7V6=6tzLb6YW2*fbvz+{9Pew0MiS
z#-_Ekh_yDY9T6<&dYjhSBCfM(ITmrfP3u8~7qdz2Mw`|bM6d=9p?0Q-O*U<CScKCk
z|7M#unzEDE(r&S7<wUT|%{FZ&5zP2Dn>L#WR>vJSt)2+hz&4xKXc0Tm2Z>+?yKLHW
zE6*OAb`cR=>ATQ%tYr7tv@1cRJWq0lILY=R<-LfYP9o*&h@dQyqGARgnz4gOp~sKV
zpbU}HB_gO$^kFG;wZgv!jU%r<HpKDL9}-Kw8X?x4<UR`d4(TrhJMJHJGWP${VA(DD
zL@#dXgPKkIko56RguvON&sP*QSr0a^NAyuJ_16Z3gt<gY9EF9bvWH0N91+w_^y0Sc
ziQ=xuml`}qX-cmNl&%DUpFxITL3WW+6TzXQ**@wO9Andthh=GNR4Aa@v?MIB%j%_r
zN+*g9p%bW1pn6{im!lDtMR9CcT|m)aZIf|Xpb99CXF@rk3az+2P(8w^o|KZCw*YYu
z4>P$C#c^!ZJwf$C%067_-l{C=41|_g+`_4TVQ~XN4WyD-rczLYh++>u3{)vm25*~2
ze|b*IRExM{L~#o&05ypyuJzrZz6GVyY(&GzF$F{)j(Sy9rCr;!)s$Yr>|Q$z7rhr$
zu&L5SueN5)D`7D{vtt<jgFPW8m&`~>8G&4Ch}CqJ;;J;79iakA3RQ!EA6b+ujEXZT
zwiQ)L*&M;KyXZqz#zugY2P2{~rF~$(kxly)?E8?psR#5vA5y{tA@&_G#3D_x7Fn$O
zL6P42koMK&=#(T6?jf}~Llo1Pu6B>+E~Dl}%lf>E0)L{6%;o`w6|W-jHw3EWl!)kp
zE+W&9N8gx46xXB@ap!_kSzHj)iC|Wb+q88cQf?zbHU`@#&d9n95>wA(>r?k?DKA7w
zTp;?8M^G=**of2*Q1V9N_+3Q8&eB<^N+0Tp>Qb#wf*1F@LzI>*`gEhPKZk^+$UcpB
zA`gn&S(G9~WwC|;g}Tv_M#+6>NKqH)Qt~-^AL`5M5WNpq^?E&JLj<E->88}@qf+jP
zi0UQ16=bI_sjk#zou}wh+k>H`Ex|f-4^>Y<&)X2l9)+pxL{Wdo?oAtBx}pupSE_H@
zw0%TSXQF0&90Z#?$|J|A&W%bLh?#Y0t#d@m_=uo9kup0XDAf!~VFOjnn^ff)$I9eG
zp8AYUC%g~!T=hkpdGAG!1Zr{=CKe<*jlN8MMij@jHRHHiL`B;W$EqgE1<Gs>n-AH0
zM+I#xUKEo@MHoAN)RyzDiQ-WfP2H1ngfw-!(bU7D&89Z0CF`9+h83-(%tyB9kZfH<
z<^~sPhi4Oh%QvkGGe>|nP1R@}p<^TR(ULR*h!&j>V-icCmB|!J7mhCD=y=-4fhh<r
zm5IzR(DR=K!kouq?Snuo(j@2gCg&oi`|gBjMd%nw$br$om30piJc7V}F9UfN2w1+4
z1QyFVc;qM0`Wr02Fj@8wvg`zVWtIcL(t)}%%g#U~%g(n!WCHD|!nuqJ9aXr#ncI-x
zjYk}=MB-xn-A8~n)F^Q<_;CG)a^C*UplL&cHkavmS{~MBY5$ln1Xu7M;D&Y;+Au99
zYo;m9MTRtem$X3~3>D>(8soCBq5x?9<Fkbz&|Z-R8$!M!OQGE`+8g|uTXa5qHD<~H
z&7p_Z$DvbwayzX;j8kv&gUDY_SNz<U0hxL!7Et1J?@XkajzFx|bU{1I)fz879ufmx
z_m;vw7_|qkhu$(eB2+$<zXUckai<k8V{InkgA1^p3$PuNtAUBM8fZJl>&>)P$oBP5
znOG`Ist5WVFRRfasqK4S<BXkj8D47uY&J!sbV?lOu_;9GawuXbX*{jr*?e-Lkc%h`
z!E+cFvDpP!Vg=axhAzT^;?gqz1l0%7LTGF3AHW(Wffi$Qg%{1Xj*+%brD$zbs);`u
zrapvBu}Gyl_zOYP>ax~H(qlk#`re#Ao^+_CFrLdcQmhW_CPeo%Xz(anACD2S*?Az?
zYMzGi!?dwCMRR47{SGjUw=Zp8>x6&+#kNts*;5dZGaDC~b0*@lDK1Hk;hg>c5o&8o
z5glP`-QPxLJ3Tb@Q{($Bhuq&IpkEJkyi<hK0&!wSU6O#yvP8TL#}H>bm6CN6BDx?f
zy9k$l*Fu#ggzN=!HX*M7nFM5DH7?F1*(+@^ihIx%u%MIZ6(otRs{)=P^HqqMf&lJz
z`Op@DHp6I&FTsnu-3)FDzZ3Of*E5q{PyZpH>G=}RJY=cdud-1UuIo%S?o6;1&D^<I
z!Ig-EL_(XRCS`R&W_A({K*&jO_F6N0NVm*<4SMf_eCErG&DY_N{{ghWNng@&9kR2a
ze`9yzzZ*0Q`getVBy)ZjOjxkLE1`mk%=0qvh5+1I2lvC^3A6@72QQhd8@P`B?Qj)b
z=SEp)@}~#Ef$P<z#$|nu0IpXNQX0<hiIGAOXjiD(4_F0My8KF3eT7Oym$7gOz)6L1
zw3rH<7Cz%fp+5tsHPtv;_XJM8pbLE^1Dw`x<w$Uqv~~~q{WaV)@xAMTZ{%>1|2s;d
zpF0|je$gs8pwxfufOsj8y-wJ2F?Bz7R&u#`5;)RAMHStRb>jKJqmhi>byD3XqG-J5
zp{ntMt}bH#z5`z#1F-)r#NmJ<hr@3#uuqM;czn{$NcFu=zAl$u6<}i<SDd@~cRKG3
z$}DOpS60!4TJw>0kPx8VX*A(jGz446ovh<dYe179Ljo$I{|lhGJ@#^Y_<sb=?eGY<
zL;rKoA>Ss353Ad{LnLmO$5j@I+hV_Li;GK<W<T?c=l1#w>%aR#YGmr_&#LXSX=iuV
zQE;T)$XUMw*#ac{PNI6F%RU68-#I`I0?B!gsKuZ@10sFRC8%pM2<-KAWz|DeHnux~
zu(5T&9NMRyQjjDqXB&uqi&4lvLbd{VjF6{*JP!mO;92;Scpzrq>fQ+d2+-a!`qoyI
z&f0rN4%NP2(UCCrS~=!73qhcr&@^h_PER2R>+b~9@#p6u@;Ao)M-fLa{IruA&t6J9
zrU`K-#6{Do&7Wf+AkY?S>$_m7_;;k<K9^`B#gGp>fPF~OSE9Hq+J}8JkfGESr-PNc
zEh%dR0$DM0fLPw;2jpiT5aM0Zdi559K<%vMk$X(9Ls@EP!tuAHaQ(*;*fQQ((mRid
z2!t)ujxTA;-cD%sX_U_{hEZ3o1D$prIy-@SB$Ve7=9%e$jdz0>Y_0v#X$i2sos)LF
z3<9$Rbt)wv{@rqHA)s0<RDC1#3xzmq<_i4TWblBi6!uNABbq=P#xWMbcmMU&DeR3;
z%DUIo!9ha@qVH^QT!S<;%&ARk+mcu#fV851&?f5`l4c?dqlph?(H=#jkhaZ;b_f`m
zMG_1_i8~Al95?w!Oq3E3_lHdG3)K|nP5~x&CoD~J7imwe6@ozB8mgkLtfI6d6VQhN
zYNE!vm2HwpxXA2*fozmC8C&x^um=KF(WL%5p$yia!gQz2plObP1l-%-22E|II+(TN
zN6^%qY6dlE|2TBCi{Z5JYLD8we*x&>M7QT@o_`wXKP>{?feqNd3^ct>Q!^#K6ZB={
zLFY?@r^6GN?knlPf#%}+NjeSPkm-?}KezE}<i%PHdRQ(^UsNYoBbWRgwDBpz<M}hm
zvpIcV>H>?Qkk#*^)m2P)r=dR79ZIM>STX1lw5OQ6#3MlDz|?mK5`Ko<(bUEcZF=@Y
z2*4j5KMqfuXqxE3S@1>xbvKJLxGzLz4ezGL>hLl4@2L0Q4bRwtg@5Q>pzUc7sQTyo
zNDvaS0DUTr3fU8rH3#`E39Sf7xEc{G;dUTaryYr`WI&-a^%63*OAuiro_EEvr4emf
z+SA}*SX!wAI^&Z_Xml7b3iCRE`hu*?Q6%Kbyb!F+>%q#rN|oUnj0Bf-D(%IXEO$~!
z4Xg;%APW&(gAqWi8q7e}7HjYTBBF@r%d!SUn>CmN4n_?!lQ3z;Uk)UXp*IhQRS>8f
z4Ue%3DY*(8*<-}h-U{_*Id*lyP{G!|MWxQ;9|D^En7V`G{SBbm{3OlhREE;v25|a-
z8k4mb%&o?<Vo=qCh~TOo17cOR5_u!5%3fy)BAmqZW>wae0?fL)A%$7jIZ*iJvaYt~
zRqKTyQ2%7q^;V?hy8eml+9?i|;@<ryIhL1!ra6cDGI!rxuKOdh?i&%uUG*iNBl#Zy
zeS8tpz9MOQ&(6C0QtIYg(5#!UB%KC3X8I>ipWA^1dr%#Sim={xLvn~G)cY_pzXi<F
zn-v4S{fG$GTLIV`-H^O+ah9QvSJgII%Mc(H()n+b@R<fc`!(#r`Bxr|<@`@!d4%s9
zu=pzk;IXs>y@5de!lrrPkUEWk_`S+Gfat#WW}y3IWBx%Re`QO^nui2WBar9ngAfBJ
zAhc78@km46*lOp=h_+L7$VfV9LxUo=AwnmP$82py+Vxjr=QKc_!oAHHTc=Q0YtO2j
zO|yXZJLe+F97Z{mU9m_Tb1k;f1Js<*+&Pq6l)i$3lFUA_cny3VKpiW4^-jpjW-^u%
z53Os5%^fs`P6%YFsY0v--R~SAR}r!b$PGYpZo_5NN{nTDDee5^5$l1E*i3^Pd(*-k
zctxt))HwN+mw}wzgzSH2AX=g5sy12u5hEM0<SuZ{Go!}&vyMWx#}S4}=qhNqFA#I`
zwR#C0IRNV7(V^3Ruwj#&BI(;fvk6a;qs^C~mr;hPl1{+fY<&;V=SsQ+G<T0_Obg$W
zC=rUYN_-TF3Dnsdr=VTvqFFYL6`;sNCT3d!YBLKV1N>7_2yNX_=g2}bKSOQrLm}X$
zHTS~EL4Y|jw@t^TNX~83RiVb=t`o>Lx=uGGChJ}#u)2;FgRb*BBDm`u2NKeC`XM(f
zK1=auc`?iwU1!D>*xUzDn{{bGUAWw4oh>NyR%Ba+d=OJ_ez_EHR{`oNL(FdA!^uyv
znBBj^-0?ZG3%eTMmpbfVOl!H+ExJGJSF2R6&%0pV=^#dA9JQ1+194V;tQgeiVnlF#
zwg55eL!)*ZaE^!mR8>vQdfZI(o|%aI=Xf)X6KN7KFfpSdAd*pLX1@Gu@Lap=I^i2T
zfcm~syRk^fwR=C<2<IZl9j`#>BWQ$GNMH$V#X#t-W?4^JWr@rI1w#DAZ1Lm0;a36p
z<XyJ-QM0gzgM}?bjw@eAVUM7&q>PZltQZv58xdTw2|z+x{8r><-9L&JZ$g}G@l3rC
zrY)NkpLv5IQ0oji)*&HRx-KZk8A$NVOOT@;ay*9wR;8^N$nhB>SdOT6VRF!iHY`U2
z<j6!E%faTc+>Ba`sFJX#Ys{z%5j8a|>J~F<6`~f0MeQ`Bu0#~QqcQ62DS{tYjNaB4
z1c6#&)Ojxwa-B<pbuLAMM_)vp2cpiOA%RtAD+YD8w>RqC2}p?UmmoKa6Y80eqZDz$
zI$vT&4M)`Uu&7OD)M!L43yZqPj4DUeMl(v3#=<Y1g@V|P+&D@I0`+O>;qOB_uGiDD
zGfzk2!)D@#n}i@xzcaM(rJ4G>pcXbFM>5spduSmIz1z})6$35wM+CS0R3K6dqVu_D
z<9j23ni!>3V~kb0yuXGiB1C>IUGZ}-0&)wgKwHJSuSJT*sEzP`4wN2f%}2)jL3dsP
zegxWEy7n+dGEY!Mi2SGMil6&MAU_jN?7|E36rD$7HbS6okW(c^I=c-#PZFaagdZd@
z9<7zmZLh&@K7g7SmOhcw$MK+%$aAVV9-Sr5OEYR)o^Ql+xPkMbU1}5!;qmnBuPRaW
zI3?2;grt{v?#1JgCPk&koOphmYA4gs4q#PdKDoVU9$To=Bad)Dg=@?>sY+`lskP0+
z?&C<kZ>&^Oi>XEDo1iNKZJAsqGS>Q+@w}1ij~IGl%;mM8<vh<5?h%;n<suvHWvE&W
z0l7&7CG`es_in)Sb0S36ectC6VBUcYdR(AqPa(H9rv}RVp}8B-!WmeoLH0i*RoXTv
zgh2gD4ps7r_bWE;&Szo@MWDVfA99VheV>!&_FjdUkK{XwBh;cFYs6l}K9z$<Y=G+4
zwS?IyFm4TO9uyI|&t(GtTC(7$wd0J(A15RFR<h_E(-CS1;1lT3*BlxAnnT3?3?2mP
zk6LI6KQa;Dbs=JY)94{Em;35TE<waPmSVFzK-I$p(^)XALDM7)zx)TgOT@h&NC#?t
z7=0sZ#A`1i5OuY=3?uT%l=wGUrB23sd_z9%qDPm49kJG~m4XAnjeUxR>xSb=ADL;(
zSkfQZ!`1qxDl|oKQ`I^U(dJ&*f>kKQ*sJK;fOLOCta`al=rB^z)vy~rQqbDaI38}j
zwY`;j@3+BZ6~2IX*YrlpJTE-nnNSXg&|kPO_@NO70KFijpl`HQd_hf6l)^>8u?LUq
z4mb5L_pgQQXf2oso`wvCXOF<biNWWO?1O7vhtClgb7LCmu#G6_0q#akirz<8Qk9~Q
zd(kcB2c$M%(Nf|fk+uPDlt3GzrNJ1Kbn?#H5W+=%XS(9&&I1w)m61*H>I(N{k#IJY
zN}%;KUZpLBPVt%s(L%fsWf_+e{BH107#IEMJw!o&%nePYdr`2tF}4=-HxqvVxM_SH
zkY*Y(lksKzfd*(@aa)Otskpr$Voc*JoC2X}f@T!*5p-wtA*;b#+lX!LjdcfT)=!^T
z>b~H%@wfnO8{bZ$NuuDJ75Gv-o69L$2g^e{u?JELjv&Tt!I}9Svs)%GD4DK^C`~C^
zh&bF%j|*~Kg5Ga%%(E3*%C%|V4@Ga77#i{>wl?KeBE(R-O?!z#+8|^DoG$m6&ycI|
z8u0ugXvO~%Jz4D%x?w#)F9Pm@d0;<pQ3|{m#5byKP)4<h3Re5{xL~!v3|70K?RKl$
z1;ruwFyKa23%Ub0Dp{aocz7Kpp~6M$QTd=W24zS?R8X4J<ATyW5hBf=#-KE<YzZ%T
z1ZfOu3g1HBNg7M@AK5(3%5IMt1e9IcwKwKNuz2&?njWeMbf-2?$J5)ln9tGFKz9;p
z-w2XU$<_J0b^B6~^y*2Hjt4-}lt_2cjDXiGbT^@*^UCE|PXOo#6=tk-VXg-iVjIUS
z5Au8QxOvr_in7HqZyC<>DE)Q$9-Rw$O}<CxQK1XGL#A4SWm;IJS(mS`z!qnKzEqYe
zi(DE~<kFBL4V;UVI8V#;i)E2Cjngk--2YaleBq*BBWV>w|J~;!{!*Ei#k(ma-_0@|
zy(gp>HTpJ5pKa#5MbhViKA)6-m!vNTO&btQdMoG$*Mr_8;}3$SFNbvb?UA3}`p_#o
z{Z1L51)4sG(jSua2+-r#f!@z_-!{<wl!4N(>Q5<-tT{-~0fE`MbUA}ALviUx=eCX`
zWG@i<oD<sq0vRz+vb0@vB}Ns1K3r<MBYncajXaz+-l;QaZs_4$dM5{H*0w>v0^TgW
zr2SulW=)RZ^rG_!v?YN)I?RSf%Le7Fqd95(vx|_bOyXSR7>RRn2F`XiU9wJ_0Ja3`
ztI|5tNpSU5GEO1Ba)R4wpF?HAf75TT52M)?alt;l4J%E?2=>n$vl*8SM*~OEq6=?_
zGJ<ip<hD+|B*zMa3k?gwe8vdVVqAC$;X_ThWZ|WU=L@GohA0RT&LvzH-a~2CeNk8)
z!t;ff5FQsU^{Ox}g{KVX60W6isl$1OYd4%rcw9Ko@Y;r_442br9OD+QiEu9ArH51D
zbqJ@zYZRU@T(a;wgtz-YOBtRoybj^D4KF>sjl#KvQ{goVr^4k7*QYTw8-d}ahvy5Y
z!b_0(3J#)wn-i*QqO87d)7~76hl!BS5DNxwwPFiGK94M*4-<_Cf&%*X@0%`iu0h=a
z^NFeGy|@_^X&^|EEd(iQQ%xx-0S|L79rCGULC8mvDKEm6nGXPmf&0x#FBhjO1!GDr
zCWYq#KZ!&%5B^Vluf<c2EAW7TDM#Mlp|js1I8P^clFt4Hjov<yLkj*3+?<C!1+V(1
zoF*4^!Z`Om#zy2SumLyf+mp_m*YC68bDP$m0@LCLU;zc7x7EJ4fk*lslZhZak%ySJ
zG~Gz#F`iM8e-d%@b4Nkk?kEtCyx#U0a5F$-bt-kKfx1Q4{gB!CT6;Lhw)VC5c8r<y
zOIw3coj^|w6(}_*P-;*hMn%FeTZACc-_h>J!oHHo1KT@<i-a#P5rRN}F*Nc;icI7|
zk5Lgls~F2Us2LUuqnh791_FJQMuOR!F(A*JLo}1KK~A$s$6OdG7g>JIGOSD72$DHV
z@-Jp=#bq#J$Jb^olVuap+?;p8KQNY-HG|~5Ogfso8L^kr!kFVlkQ^(?pFr{?W-Y12
z5s%^W(;5i5mR4^Zg&@b#6zE#cTLJPa(yJt|0?F;Wne*-f$*gW+@{k#O2b15Kv0Ir;
z&oUD4X0jhhE_XMVJH?E>i(@Yb$rZeSV%s-e3K2%r`@{CNL6j5J&=YcduAf9%poPRm
zhBAjyJMkQtq=8GBYfN`2^I_0q{)!fP8VJ^V&%_Q$v?U&pg+9(dq7CS?(lD1d1F^ej
zL>}m|v@f79kh8zWCFKkl4zkeu$Pw7aO}~=cVX|6ZY_A5PHzs7YMeF<tVOf2EJPxGf
zQX>TnN9ZrRX~Uwc`33~aDBML180fFMvpG}@C7yXC{=&qpi%foBhw>YP46X31G^1X1
zXSGG^hwvOmJeMS7vwTAlXUVtF%=EG$1WSFf846a77OS($%20SexvN0moH1esXfbX{
zqavnL0r%yK=$s)q`wgMy!-R7c-pm8^$GEd3az}ZLI!YpU5=O=NO;=z$5J1J6Iz=i8
znQ&SJdZ7$REP}Vt3n`Mn_1BB3?K{vqqkaZCmk#t^QSZy>6?it&`>l5(bi}nl2a$&m
z`8Oeee(pPftU($NzLcg3Epf%hD_X$hg$s9p_;RQ(K+BhmrUq#Bk}Or}5_k;{yNq@f
zwm)x$Dfq-Ous(flFtq>%)DBUKv1gwq!2Qi(#9Dz<;h@d0n}HiSipWoE>8>Z|V9OWs
zX?8oIZan9TAAxw1?A}8dARY#d3Vb@$T(S&IzXe-^P^{hV9R&0#O5pP@T`t7CK$W;a
z>}n%zoX98E^mD(6OA(TLbUpC+RC5_e3_IBkk3h&P<?+f}vbdX?{j}B4%TeQ^MR>?p
zl-8<Ov>yx+ePKWj^;G-bbLH?vcvPEUc(gN!o5M7vF^6fwU)dH+^H<=sJVD`cs0$5w
zgg@j6ra20nrV<D*%te}ms5kIGbkc#f6m!}K?FkAhWiFAm2jRAwxd)U-Pd6k8Y1+hN
zfY-o-k|3jzW-@a9?*(a&6vQP8Z-*KmG`N@kft5gOWzHU4nLF)32ijzg9lCArg)Vif
zag-?h26mZ&@c(@^W`RqXKAocAZE!bRGz(T@w&GY=kD<JRhj#=O{48+O8a@ojDHJJt
z8hqEYhLr#I!YEJB9-yg~PZXR5j)r7KSHW{BO3{Aq1QFB##9=N<Ni-$RkLNA|JyBbL
z-Xza7(Gv;h6Y2CsTE1^TU=Wf-@!3J$o}Et?gi$OBV-o>ZokH?D3FmWwba!N4p}`TJ
z-ebS#9*gHlB~X6mG7R7-QVHmU7A3+dDjDVD&EO23P+oskI+V8`W2Ek&6UxhvN>=$N
zw;91%I-y0;FmWZX{B<)pPbaj<UxeTu<qz~XQuojaE#@Ml)H9N=Ho~J+op2cut)6iT
zGO>)&s!n(jJ%2#o^q7U4LD2(JkfH}Gc$^>BSgq7*M~qsFVOWtC4BPn6tkXuHhw|e@
zasrrN3+76_suRu&ajQn-b+L1n5O-3{N>wM^eLsk{K<Ja6ap+;Mg2o)0Y~de-+WGZD
z4g8z2+)leC8P!Es*t$8p_QTGRk6xp;B~<s)n@~n^782PA{cKGbJ)-rZiD(opvwYK~
zQpZ}RPG~`&3xb`h6u8l;^4`LXo}N6=scc#mo=ftcM~LCy@R2$~infpqwK^CS^nt9V
zL%eou5U)xP;x_^}`|<5avl{9|kp=qpU>YBAGY#z<qK6<#Ga2dMlOh%j0&e<`dtJf2
zb!Y)ohLe~dns|Olxhs&yEcYGcHTma(XU<$%Rv^e<b{)Bt13P4^R*L9x7`pgzQc#X6
zcMx9&d?{w;<fGb5#+GMvX5cha`Cr>1pSt4EQNDTp2OUipZw^wjPn+@<+=|+on%W1P
z-n>8(PNmB?FS=6jGkU$5%7wZcsS2(`Jxm?eA>70-0&bW~!Tm^M`0s)T!6#nUyWsW^
zo_#~w=<JX-ng-nDGYx4>K2MJd^0^1N>5=cGiIh?#Z{lXy`{{0QJlu8BmC{d`uNcUF
zLg!^A$Z5{x&IaDs)L!`kxGwr^L+PdvngRn2OF0B?ig_2UA-89a4)pgs!qVaSWGr{|
z$hXY9AfD^-UGn@yB~d4oJ{`CpuAvl6(8X!4ivP6v!#xuB#!g6rFJ<;$XM_vy6F_Sz
zHO>>X!MUgkpF%eg_KR7ccLqGeWz0<Euf?5y?v1#FPB&$OmZzHmnr`;SD2?}cG~Fx%
z8a~~0?ZHTS3@p`vPN@4Q;6Gt{PcKX9RX%wn7$y%7SYk1oLJMgM!k4#~W<~hBz^UsK
zK530y^B}wza56pM;z|^AdZWA182q|Q@sz*2-WXRrI-&edP4Sk$HpK|`>Vy_ON$xDB
zd}FQ=9HSE|gMH=G&0wESs0?mXJ`H;3F{_PEs2JX&H0MB?)1DR*OdGRQ5n+{lKJn>Q
zqobN6Gq3zC89f+#OpWui%0GsCVTrstp+)?)@-TT@C2!Bm+ab|VXz4EG)pQgTLBHpG
zcn@&Ph4THal7xYvY_uXMp!`x?=s85`W+$}#YD{}*%|Y#@6FOnpI)g4ou8rl2pn&p4
zW~#nAq2)DZs(w15<+EU=%w>R1sOzO6c$EY}G?z|j{(~$QOlv=oeMmv;aqIe91LXm<
z0OiMH&bR23jM@Xqiwx8q_{2ngfl<gt-`>E8<I%V1J77I2u)5wrGer4-h4`)y<BjgH
z6PmH^93cjw3)?bKr_HDn1=s=wG`wc)MQ5s@$aaVv4>eJMdk#X*>npneeI6?ZbZ^`=
z$qAh`qiBra^960`_=tWBxKe=pPIoJEFE-oNm50*)jF70a?1Z|X1|E9`c<0#zQ#Tur
zg~B@<^M)gcvcp$=iu=qyq$YcSzHQ|C$|MSA43xx)dp>c=um|Woc79ba0w3lW4DEq2
zn0@dgr!UY6{)j*1OA@@)NQY>w3teiAM&C5uDsXikxKpCNNF;5Q>XamVkG%tTB6~+y
z`=wadKvGAlPN=&XcnuKpaq%1Q91I$6@Gr9rRL9;n1kum^B9KrgCe!}APOO-o%<Xq5
z#Wb(9Z&!++X~ex;k>Qh+Vw!#0A5@BIG2H&JasRVYOmkHGV@feCP}`qSifKMze^TMO
ztvy*S_BVmfP>ZkbfqQ3F@|$Md=c+t^aC*vnVnK^c(N&=n>N*a`v=?&)w^Jvy>$@b5
z9-#f*hu~7NI6%`sY4c*jE_5m~F;5YUFlmA!C?Ml4Xz*9?@bo}vDncn>80FcI!7QU0
z7mn_U=nO<tz=Us+hFaaz%Z?*D5J~|P9zieU(B25mLnsAI7;1+0L1=G;Qow}h>!rbY
z`oRE75J~~Ov%@n+-p0vWxx7u3w{wc<Ny^h$bP5{vT*ONXo?Y^`g@;<teLUWK9x1A(
zl+{Ix>GnoZb`fs>C@QPO?WDZ@E^nubIZ!C_t{8XKxNAx=O&~nc3OAD{S?NtLM?7>A
z>_J#=F;i7aF^hD&QcUk}Jnt&S^lpOgw7bZ2#EAb;;YRl0yW-zF%he>$_X=1IgbpaA
zm=;kyiYg0jrxw$T3lHw}IOWMxi)kS8^ikRNJTui|dhnq;*`DVbmCv8>tT*o08Tac|
zDb9^5i{qW9_9U@l%52*Es6$WEK+I$uutfw}r!OBTT}0ue3+kl45`OdH8`P5w-dAeV
z{D|sFR_nVA20#Rf?Zcs31Bf7YzI8aE#UgN8Rvie*?&h8!K!d*9aWoaeikRsReqQw5
zDR29VMwcVS{k%1+jlxNAqY`nWZh{+W#=n3K!@pSGE|7uGNa{Ixdy(tz_sJ&lC(3^5
zpRBNM{Zo|Q%&7{kP>D@Ey{Y&57lP99iBxaWtA8=5--bd~YHU|BuXMRaW_$wg$4);J
zy<-?!kODGRpNY-9(eT9?dc0PK(Cc(<lDtjl8zt!a1XO9f3Aqf3!#Zo|xwZM!!|CU0
zfC)Df--&iY-8+HbKn@(<Iq2g9i4zS!Y!A#`Ww>>xcWyJjIYtJ%Pk4Oxz*abG_S+)p
zx9y_*)qc{+M@`ZRE!QrWHtI-H2z3pC-z6XF2<U{mZbV>#9dw$VQ1=<Y--m3r`0cpZ
zU4=+Amg3WOLi48pr=PnD$dIcbyHEFC0DV&;IPorJ_&kMBJur8!G1%Hg{<UVdn}K8?
zji<!!t$>C6B(v4P%~8=<_-wb<Kz#u^purfqkDqVMFf#&$$i^<Qi?`a$mKUJE!oj0k
zZ|VHXhQb|@SvWe%Tb8^P7Lo6FDEvg^m{4>pybCCL&T~v->u_8vsZG2j;n>Ct6pp+3
z9i`(zndC5g9>+T}<$Jt0&G7|Wx#I_3Xmy;Dfxq!IHC8ci^ine}k=<W>RDwDRlPZ9B
zBY(}KB+|mRcO!Xuk<cCy1a>o$_P^LUvID(Iv2Xgsfpqy_(-lAW&p<wzMfRizx|wq!
z5jbd~Ixi)UcVb#(=SPZjf#Sf|lnsVPeSznYos}CGSaO|#CIzg?O{)B&c{(PA`LmFj
zi>(8K*9iR9kW7KO3NL*k&cn6trOlMhRF>WQmw`gO$i<5MohFBUK!$-Q%?MVbrKw)%
zPxNxYTp76+1sJ_e@(&prLwj4=_pk{9`#O!-DCw-Kb*!qi4-rA&U9a5@*_CwG_j<xb
z!VlL7K@bybGzNVZ852tqB$6l+#dgryc*O*W3GhZ{`9~;X0`vfsNPp2nqGD3@5c!B_
zzE;tZhrm@#EbU)s;RuM%7Wo=T%5B8{2_$XvaTQZ@I6QFa^mfm629w=Eeocw{(xlHZ
z9Ar6>{fHEk_Ml`;P=#6YjXUwF1R$X!m;64G(;UMfXM?1o5;_uZ`=uahsx3*!9U$*U
zn<V5=_u}_<30ZU~gP5EYg(5?WX}kdsuK?d#ZSrFs!sDJqIDv12c8-QVM_?PQDbb}6
zBsPS}*L_hnfUiHdLLz-C?dwl+4?Y1=zJw^g{^U}p+~`KFk$cZWr%w5XMvKx(AdtkW
z_T})<1b#P8dPDwpIq(Tc<98G37z&bf>i5uFDKYgjM4?7j_9?Sa2*97FXwlao5)RFZ
zjE5H@uyxjG{lH!YW@Kr$&P0}7407W+ATwxq=|GPJHaDT-+)iLakkmy}+Sh`GI)L;p
zrd@G6ng!t5qG(DkN#=P}`PqZ5@{^YWzf++}bcb%h9jS!oQV;X&Rj8B2{{`a#GBPKg
z{oRlLbZ+?|s0fhkMp-MMa<wm|Xn+1Xp#5aA!)nm^0G=VLro=~~kujm6w`94S&I3L|
zrRigb9fbEJR7_h6p$R<mkVB@bjZ76kwl@;YSNR?B=pn%S&~PQ?oF_j|O$(q{0?)k~
zaaPjlU9sn0F3>^Y4;=AA+I<k*Q$!}v{xF)s^B_%*r6+1YEz>^hkIj$(PkktxdScUl
z168^gSDGxzb3UU%jv}pWB-#t$nH!pWE>|_-t_j$z3vhKad;;|wS2vO+k@h~jy0H>{
zIVkHQw1e5>o`Xvz@Wd$m31p`iU=Wl60hA-|UC_XZk%PXD{FM^-A{9BJ;Od?tjrAtd
zp9%6Jw4o=RbNUB?ZX`NW(wBk$8DpBKBcI&f|8CHab^_f&p*ocP2>J+d??I$&fLzWR
zq8!IKa0qI}e?G_yF>ZMBIAz(xpo1pR|1d~4&>AkIe>5JGKcg~cFzp`$dMW9&mTMUQ
zG5m?AiCJ~O8y3A7l6Z2J#J<;qpw1YF2K8)LTsgNRpyKl;JYgeLM`%(`yy&ZVu^RvZ
z(6I3AP&_$a1mq;+BD#0Pl@fcNQ9S+f(A<Rx=(iRU4xmJIHlOG|5!Zv1=mjOV-#JKB
zO^N8y;(S7G0J4mbCxEObq%-ng2c+*7TzWwe_+vb<sJ`rd2pFI~N{QY_>H~zF0P;Ez
z{Q7o`!3pPhV?%=*>YtI_69FZkBGw9>*Dm{K%2o(9X^8E&9EcYPvJb-TQe?+};aRM>
zXa_=6^EiZNPvaDmpYIUvT5rAqU#bComud+&u7jrscwS?(QxdOcf{lI^P?d+1&>lrK
z_8jKU6^%j8^EMlF!ujy<1g><$@Q>#b!G?c1TG~Ll52SOJ>30mnxCp7uKJX-51c5qA
zbL^rD!k*MJbq`GZ0LZyTAjc3nl>T(yacbU)?yNS2(1{;9`8#DHBo`scgiHaFNyri)
zxj;(Jz~xgEONQe4$PQhpqWNqDlGc>wi4s%Q<{7~7E1itQX+TUF=Pbujb^y-??);U=
zCYsp`ZJ^%bxDh1<yM^O^knDo4XBSj@{s>I3L)c}*9T9joN3z>Y?1;V6d^MG~nLL~0
zjd1qgnCx$1_R}|kJ%TK0KQ6^-bO6t{nj--91zXfH9AwbfITnEYmHO|G)HaUmKnAN(
z_5{daZ+6gxzlJ=@uWToeQoirFO-mO;U)@3^_{Wu)k^?;3A}hF!^>rewAV+c!Ltopu
zLTNj4P%yxAMX0a6g0hC#q)7M}W<%h4+%RKuyPn5cykIRuv!vZP5|$50X{&XMr?KSl
zXd(ztq}(ZODR&~Zpn-nA#zg-g=H5HLs$y#&-}~%2CkaVTl9QYhCLsY52p~Q5DhLQh
zh=7Ks6hWFGQp5sY3o43W0}Cn|1REAay()UW_TGEBdTn^^h!wG1{XNf`nNw8m_x-%@
z{o{8&pMB<8Q`W3mGqYy)-ZQh!T8Vd&Ao2G@a3T_}{24Z988v47hn!n|4IQ0~p<ODs
zCx$Iv`9Jtl#MZ-lc;1~bCh%Y}V>3XjDWHFr_1FWS04)RUZzlXZ(2{4743e=}PaKQ|
zN%M<^9yk#6wj)88%a9ve2|9hyX0h|bA(mUtS<25f`zQ~gAuzZ<jZysp=x3-|_*JsE
z1dTLFUi%A5Fq=Vtf`69|8z9UkcyziMe_sDD@c%y2p|D<lJXB%QWh1LW{PedADr;6`
zLimNvPOmbl*S{NL?M7PZs^y_p9f!iB(?R${w|utF^V$NqZdr99hi+uDT$DI$GYToa
zayfPA75@zi<&{4^WU8q|R5o6US|aK;*vw8QimE!t$#I%sukc5-iK%H>-j2x>ulzU6
zh+VRXhVcy<vr0sH2FIR<ERx$75*EwtWh;26(EZ;`pq9}jaAWV~f9dCT*og!`z;i$^
z#0*LSW&jib^rzMsR}?xSluxyV8dGW$t+hb}(b~k2PS=_@;RmP<Wil;qJ<w`gL6nU(
z`#j`9>ukuJn?bT01adz!`c06pV2%;wZbkYk-rxl>nbl9&b|BV=Ii}B{uiu6%(6s#7
zKR7Nzj*erFm*SE$7$nyX1{Iw3c@u6!cf?Gd;)NO?glK=Ic;+tSFNpgH=F66x3R0w%
zP%kmH6>0}pdB?Qjr@Uiw__6TC$&4Z$yBGSDh1@=DpsYG8@5~5ZqVw?>HE`v&PUD#?
zw?w5fq!}nfnh|5dS17?ASAv@$eIrZIUUYFeME;N(HRRnOr3CGn+vwLprm3a~twB`N
zQzpbx6LM2yRNsxNuku-4JqZWh(-aeudJKTbJm{6(@oCT<I)lk;03F{abtb4U0H*st
z;D5j<kRgqvQT(k$QiY`D-EulM2aR?W@*DR7>Tr7>+|~o&H|h0>FweLu5`jPYr3TDl
zaOFRSdxg}<l4fM9WJGyNv^n|sAvjwNSEM@dtIsEB!DnVwOV$Ink$c5mD366bp{R(N
z!WS(B>_H~g8`l7KdZ^5{z({9N11FY|?s8AoZZZmDZ~H$-w7ouLlNmY7H2GW%WV|BN
zP>fOI0S@Oh+MBfUOy~tyF77%fzug9hgy9Mgfb>HVD?EVDpQ=xQ^afTPFOc&SZ^ma3
zV-6;tXvtpVLKucQxFSV4FG87Vs!9z_!&^Yw7N~+qJY0XnBHtSXT%nuPtD}8yBXIMa
zrU!48S4xOiR*FebN2HjBSzkqIlOx0)_l3uRe<O!s1nv5wRRIj*1aUfyJPl#~(>XL5
zO6G^G<WQrTBo03eQBNVara7JFGW~F*KZallz{v!S0A~|C4R8^FSKktrXuC;O-|HUF
zdk?r}anaZx5MvnVv7`H8Z7x9jGMa-3CR5{8(*Y&$Z3B-1{8Du-!0>$hwMB4vVA1gJ
z%5bv=oV$O^0kw$WBh3C<DNGnSvv!96i(Y8dxT5#_@`R@KM@S$KY3}#8B3{iCpt;Ty
z5!efBZUD`PGmc&Zn(qNYvx&tN4A5z4anVQQb7L~Sjv~`6FpECuH|dx*vu?BQL`?c|
zMe9xOep|`9Ua~HcZ0jZ45@A^{EIUu>i4^1gtrZw?k7icm%qO(ij-!Vf{0v1t%-jsU
zN^y@6T*Vie(IV+lUGD+|{_-9GSO=y&B!UcOg_I|cS(yoz5G8JfH?L?P^QqHP5vY%J
zJCUKUJPE3NANlf%ZWDFd2VUE#%H|^XHgYUw4$*B)QuTEYz*{L%l?Z(s)$CP%388sK
z?@DKMSBlYHDMoh*qmER|c3~tXzFQczs)h3HY$?=u9F)x~`i!maLH%uYKVz!93bg3`
z8PQklY|v8F7ex2%yFmImXj{=2aVXV(AUf9Lufr5Xn*=c6PJmeeofebYX8`VM2}S^%
zO|TZ=VuJesHUaeKsjzoK#wI8=YO>t)ug@9hS1{WR;Pnqx;xRcQ@vZ{ZTG6o>9vv(B
z*A9Q?E^ZhG4|dY%3_o9*S%+f=;OPmvuh;)T#2SHc>K1LGy5nI?JDY!tlMLn~0y>}<
zo$1TWAlc2af5CKfFYC7a%*SU(T<m$g3fsuT$?Uh0<w6YLg>CqJvic_&z`}Mn*P?bW
zI{~nozEu?%{tK%(GRZ@=hrx5eH+ZPlJ<Dsg2GfCR2;q9@o#>ssqPN>B8#vHb+3lvv
zT7Z@+yIrcRCInh~sG(zrftD(~%X|QE;*vvP8`5$(6XNqKJUeLfAZ#?RXjVp#%#y4+
z^QmPt$G;1S(|S@BpI$}_rR8xQK(vJIG5!XvLZMiN_<DMqCoxrAVGu1~<BW^g3DZkO
z<WhtA{4-i+#7*?abc|Q@RC|XYQk=@{N+r8frTMR<)T`+0RUUw>c}1^C?>twq^LUjr
zd*W#XuIQfhz&#8s6@m6pHhBUaHBdVE9?3-t^`jK^Q&eK~C&sOop8YdBWR-Ni-{_mJ
zA?ew_($^b$3e<nElCe!SKHm$Kg)91i2s7*zC`WAI1C%G5D?LS~2beaSY7{*gav4ae
z*#~HcMqfDyt(^sXf|BI)AB^*PXtExs<fA8nJd2@EO6aj5U!kFThMaTOf_#_e=2;=P
zf;^6CpX0vboTosFb$x-Xay|hmC3;aJmtgdlV!uSPny)0HZ6uSCLp(2Kafd(D0%IhN
z$3xMMuK*9|v@eD{f;j+R5S$M11HmSMP)mU40P+dG0MG<Y24O=9L0f<>1cw0hCpZOQ
z1VI0@@OMT7?l(PTSLnCucqu$EPBy?<PZ1s*+@TN*XMrB@4fJ>-!w1nA#m3uYkC%58
zGZY$Z&Cnp4p_K?0GxXvgtk57@nVS%v&0Jq<`FkTHk5Bqdz$As?@8osllar2oXwqR2
zbSTeE23-R|W+Tor#`$zm$2&oHe2{<7@b7i}4VZ%19}t`fu#@02fIS4;0fH)k4*{YC
zAyk3}7(|_ra}hcJXjLL*x(>cReSa+%%Ssy@X{33b?$N&Po7Wxxo|JDZ;?kr>e`_w~
zGjVB2r+dbf@*&Z~h$R*sAI)ZrEO|;KWhI$y9uW0s)YlLd-NB27{OmN1bb{FCDUzry
zf@!nF+L<2dNEb=s6uUTIrpMvSW5cL&HM$<J=%)0pze&2jn59i@!KGqgHc2NRcpPGH
zCN!P=YPM@{=(e$#cL6vfeLngMujm$GY#wV#Ki)#-Gf`x}QM&3DcGa9~A=ADT<VMLw
z%;OD&!#AS8ZDRwysf>#98gGS1her_qUIMORd>mlF2k?0bKx*|)h!dv@H@7s2Ol$WN
zW3I>a5tm<Pr!9N|=9f_hZ`uH;t5aGbCY+CZNL+q#kaIrrx#lF`ri?r2f*R~WL-Z0v
z_e&}}R3dm2{P2A6D0nXnS#x#@`0<J^wu4peFl)~i%LvlC1T=RLAp##f*6ao&F>s5`
z;PnP*v2cdY8IAZ-Gjc1Mb0SDlRwpVe=Q5BFL5yfuF>&vK6a&~rtWVzlR>^Wd8XEyp
ztkzn|Ds~KLF<a{my%Drj(MB0~V)udOEoAg6c{|gdHS<IS^eVq)N7hP5)<{RGjeQW8
zwK1H1>^(->+|rty_B0xM=(W~wX67ws%EGq)?@6|stn+iE?VG-0pQEA=O2chWyHc11
z7VD8UXD%ihJDn$esNqlqf{0#<8Mb>Ko8_Lzq7|7A(CUyem~x<}qh+baaBoa^a7A0$
z%6c26kVf0e%q&hCZY!sishnw`rE&~iBJ+OpR;1=9q!sP8673Cainvl2ozf=i9c6MJ
z+kh|`PHGK(4``{GZl)$a0xdPuU1*si-Ve#epma1-#GsM3+1$9L=7^sm7S!rRyZy-=
zky<Q3PswJ4?pBlOb3oR}5r}}w!bIOsx6gcNBs!EEn)47T%t-s8+IU0Lp$o#z6tQ^6
zOgu})6+6b4BfNY$Y6O%#q)EJV9hwTR*x-Qoy1rPO*kHNuO?0{%T@qI;7O+Lzz!-7W
zrvu=hAoLRbpdntdebVMcG4pP$_(TNoicL39*8CDa{s6^3BL|Pf=9)7rhOC1Bk><m}
zg&(3&=bE+=YV33@1i=++?aREjrXB_4yI^>53L6((W7t?s(VRca>M)0_&Nj{zbb9B{
zB0GOR3~-pQZCxC$k93%p$YDNWa9E0E`Sa`L&Y!DI9nYC*`7W59^5=^z7oW>~UHtis
z-;WA7NXk1nybtt_->`$>*VfPO-wGZLAQJG5?SrAK2V?XfjQ?fuX7h;kg!fo_?{~@)
z6bipaCO^Or^`8sx03!g~T5Jq%rj|+amH5wvcRjri_Om-21HG?@XQ!+2H()KOZH(w8
z?zslXBI1gT45$p-R7Mh4v2(>n^NEgu69xX%omug9dDWMM2gxI!tao8M?gmF0qc&WJ
z4}0K>4UhpN`!i(7;V?FU+8;i@10FMEfgG6M;XVZY1@wSyJY_zMpax(a!BBuJ0WjOH
zgtB>6m&%#|zd1*s>Qd^xIhS7;C}LKd?eSSvn7Q19a0nD>tVLR01ue}+@`Yec76mP@
z9gMDgJxEytB4kdhI%8Q12C-~8`#EwrN!i4_5zN8cE9j!lCgu;pA-Rc}p{%H?)F$RZ
z#T`)tLolyos{Zi~Au#O>KTo#$He$eH9Tp6)Fk5}Sp-rYBYk0ZI!A%#VJh%#biwc^v
zsTTI82E2){R%hOey@GhW3a<*X?rMS^Ifw*3WHk=Oz|5;WS01Kj_s4Bw_OYZnWy!7t
z`R&pq$x}P!0c|cjNA?DYe9$<C3V9O9Hzp^^X&~hhu7u`HLRvnbF0UkKdAvC)7g9iy
z@~T{UyxCEnY_3E^d9o>S=D0X*b2?m&5IzPq@g8#VyrItzgPBZIO^CC6T-7y3HPSe0
zQjJ4k&U;{R&m6>RBenV~NDfogZG~($($sl%dy?MJ6EGRM-KZ_x*s>2EsNt&a70j$f
z@12Usl1VQi`+$^IC}hqVAo;koT9#_$+zOJKsFo+kGR6EJ%uy{~^}g~TFl}1fQHBSJ
zq)@flj5H{x1D{$Xr}-uhrjKE>(*!jeG~S37#H)J$;4F&xGg63%`;*LRIm!xgpi~FP
zs4tORgczCKVHAShfS-H;i^u<Fz^}Zp6W&<hsy^R#Kd#5AK3_D<d06%NA9b--qWVJW
zuZo94RbM2ZfEQI<#3oa93%ja)Zng_4_{-Y^aLx!%HbOH3W1^W<UVpXc@v6QzJ=1%c
zX(?AqRNpH+bEw+C3zYKSC#FgAe@yZh_;w1uC||EijD*4BRsFdv1@h$-it5jq+M6^9
z^6-jw5B%cyp&VY(t-g5$At!)=qAKMmPKRX<YW-!3W3ZR#i!$;m7;gsiQcejA#+$MH
zl~w4ixS~VsFwD&n(IG5SsZ5RxtnZfey#Qs74w3O(o?Q$TC{Gm*5KYKrw~q2varZ=Y
zBo|~>aZg2b6rq>50IlNkCD6KExz0OuJf~-6kpp%?@Hr-jd>fKl)1JO?uj`%Q!(ZP0
z1ZROE4&MA^qg?{%Rjk-#p^Dxx1Oplhf%Sw_F$=jF2~>6kpJGuDeqIHiZE;$lxUriq
zHzr`sVi^+gmsbt2luZTS0%s8=l2^gGyb-#Bw?hK6qntN#29KqZoZVAJ*gG8l1x+d(
z3SW5*EO@r;2t8>uct48kkK1}`Vc%p$sNd9_`nN*1M}$r{&PrKViv4AF|EoQ|hfC1y
z;Z_La!gM$cgJbt3R^a}g`{lTC>ToFeHVnALM+5(0aaY9Qp)>H$9fl!gD?|*nSA^v}
zqeI;T4~!cV8(}E2gmb8^x3lQa3et#z<lfoFZfLtf5e86@d=dylPnaiQhn3|eJ0|==
zX6J-I*zBC}_cM#^{UK&&g+J7W53}_Ce!n@xJnxp}DCoYvB9^7zew|tJ?H_2}k=7k$
z-FoXDWZltzzXr$X0ACRsMu*r4*!#gn!u~kxj<+uMf{4FeWA0C~^r6;0%(|1UJH@(F
z{eH__h6nqKST>9JGi=eY&p@hprgdl8gtN_}c7Kj_=USB<X;n4Ps&2mJbCh)#`2Egv
z8BX^VvFu9mAN2c`U|^EHVh{R?ShgPcU4niCF0=t%0!7@Hher9k!u{G|9wsSvg%z<Z
zy!UG&#%&WZN@;7|cGiENh-_N$+grDTbvs7-?Sb|7&@cVg5k;)eKMju`FldEhN)ZQ(
zKyV?Wm+yrSyq-;`-&izN9=sDeSY;FEcDM*@BoHqckxiJl3HZuGkz`P|?B<s?>_uN$
ziAe|9Wk)BXpB@bRj&qiGod-^A<Si<=*qe;A+g99gzJ*<)A0t^a#_jF3+X`&oH;PyK
z4x9{Y)fx%-%j3$w=aC8v;nQW|7kQ*tWLLb0US;f(*DkzYlK+X!a<BZ)aQx2&=z>&S
z^gkDUPvrM1IBtm{%C30#T+2VF;#5?oWYxqheh)_Ep0Eiwuiz03QG{KoNB(ka=h%SJ
zim*kcQ}Q9$=X1(<AK&Ug1K_5ZU`43k45*te16UEuCLOh)A?pg`uNEjmSr8wNcfapg
z)MP?zTe!4g{Qjmhhf5Tpti<>4H5TmehI-r>$0rQ+ylnjNcNph$(}l8aSID(pCu+M$
zk?leywu@*RubGY4+{UZ2@ml+`<;OohkbPeM34wgz*k5Mp<$(!5DKO1_YG9iGtibe>
z+18yC$W|c#>!2@BXZ1e}_vL~@(%j(Ud&<zBs=YmC408mA+3k!acDw0-yTyuerxu14
z#>Vmf|E;q=o(4nZ&iY_43wzxjgDKcyGr~@R_2?hGCB}D07ou`_hZ_o2@VlcjD5{D-
zJv&9(`hGN>I7Nd?MmPpRblK*Flhgak@d53^eYxMu?-A}Rr)%^H%N{L%c-W|Re%PqC
zFl<x~SFGbf%2dr<>n>1cAX#GF<;tYH$hwzUce8b`vF<(Aec*TQYs%#RndR3+nS9}L
z^N^qBa?2lS4#obqy}Od`tguNBSB8%@mfjLJ7IJ7r_MrJAtUD<p+r<21EPax7&$RBE
zh_TtrB1S)OxrNG~W8FinyDs9IpzN*6y3#l|%eJqqn+<h~><i9HI&7p_w@bf+!|h~n
z#Pbg0d53J1%DTgNZg&n3NXho)wC!xa_MtPAO<N`?n69wsa5!Co!+A=IV)a@Ia~ST1
zu@f73+5-@6y0n;o;6i1mcxL98mJY0?`jS&8d6S-$%w}YrOrDui+j-cZO7@?mW_~F-
z?WE3f;Xb5PSSIzKcyhmBDqUJ>;hB~$v+M}V)KaEonPHil$kb9MmB}SjXPI37Q&?t+
z(qzeOAz8kRCvYf4CWZ24=4UifdmCD(wM?~H(PT?ao;^h)?9QGdb|;e%yOT+XXO*VX
zUa~TU?@7a(3se5%(MLEFXIgj4IB=KmXD0oz9d|emUh!s`c{)O|s~0}CuYwN`jbz%V
zz@Mj=5N`qI=^4bI4o>o^O<;E5@~SRK;la2+asKW|PNeO2IO6Qc6+YNX{QtK9|D!{t
zy663Fpiy3JdkDtkK`5{XY=!UkC6vkIQ{bOJ^1mej&n3wi>9V}qOEFQIy^j&#3}Dw1
z2B9Tb4R`w-E#zw}3`WEM^LZ^YFg}MW!+9;WuY<X(vVCq$RYxyi-kd=LW|v{-?qe}d
zHo-ASunKTEk!aG?%p*<?nR&#iX0Nc{J!IxXz096qf1q^-S$99{4z=$7)*TU&eeC{$
zmd_}&C)uA8k~6PDeqUxDdPm6^9U5lF>d^FX-?^O56q>EfeuZVX%er4%_j~L95HiEY
zi0<4ZoHbHL!qC@d@)dgD?>inh79l^}m*Yq%f)Sr|)Qps&QQ^LKVI&HT4U4d$;l7NV
zbj3{IMoW&ofGb9My~#DSDI^*U`MC$L!69L&;GjVf<~<KQ9e__EK0p_e`LP$}6FYtt
z9?vK8zJY5`U8#6rT`~$!UCBddVU#%B^y5}q(I3<4j&S+Q<1UZ%lL}0P|LsWyVy%OV
zjB{CTXc*2iMFzoaMcD2bG-i97@~{Z9m)($EIrHZ)x5jB@jv|y9Z_vv(ZlT}r1>9%7
zu^c&^9#X`5uuE`8ND)gl2H1bj5hu7TB#$9-%>xTK9NY5DdA@K+!IO5{hQZ+wkn7jF
z2Ntvn?tulddtgEA9#{ZNGYB?^WOHqPe!~H{%ix12)l3n}c3xE@Il|!}ppKU`3ik&T
zK;iy?;}mHLUSOJ#TI|cDN#Q&Q&fjs;yzH%4uiAKU#s5p|e&_f5@p7BF7gEGBD^*z`
z=`pHjNVWyzoF(cA=PcD9n6f#ufma-Ex;$HMxJrZ#w-znIVVZDT=WrAZ?<e&Shi3<b
zYfV@;=SY-3Q<}ErUP5%4aSHqQ#-r|V-^{zjI2W^q#tZJu)vUn0+m3U+tM#w$g<HR1
zv}q<h|Nf6pt{%n%@`fibunz`SDZ+-oqXEi;g0mH2!zw6R=+%m_q2AGJ6k$U>x{`#S
zqX^AIuY!hGM;h-?fg+T1AVMV#>oF!WcBn)V%DmO@ZX9!zfj=mD?oVLO{Yf796PN>k
zk|+HH=A@tG5kG-B;wO2wPhigWkrrg<qHt(r{GVk0?EjQJbw{P0x)YvQ``7A}Nq;{L
zABT4hZsdIn*qZv<-H6kBt{IP>2DU?kY%R}fCmkfKUG2o2RO-FlEG9o4#LnWrVMOe{
zVMNSt7_C3p<hBYt-JGHiS|U$AW1MPWJ1U9-Fsou8fx|8ghpjS2Wri85whwL<-N<@x
zeoFRf@ON4Omn257O=@H*;y8_bfV4ajjB<^Fe;s-`aPnNjY<n&tt0t$W_S>Qq%LyA(
zxUedPhXY&XcbknkpQ8DL<^S=MPMre|hj_A#5nS~H5pj=BYs+z?&lBd5Nw?w1a1uk2
zVYC0iH0Mw6v*q}=jla(@2j4#ecUN<~jml{y#sZG$XOVFh8)vDE#W~B&Sq96bj&sHu
z=TPGuVPdW@T+T4(BlI$!`_{gems08;U{_BYs<EnktCX?!G+--{_b4R#qbb=s6(hji
zE9|r5d_|bo&BI$-fOdzSogCB-gWuktjbY@LU)};ZQ;>>J@lT(K2V!VFNcPgv7OLo%
zFw(F$cqHiMZGd~+g)n#5)8iKW1zz}uGhkWW)9T#koNRfDF!wq~mng#A1)H$C90@~R
z6k*q0!2IRy!QaYNkffQ4)?9;S_dX?w=54_{X~MjUJj`nNLQ6IE+La)N9lrOMh<h8p
zanh9h@+JTzkSaeCl9I|(8dFmHz$SN%eRhLmB)20U%m3Q{$p03{e>=cENX1FgpK7v#
z{6)XnUha{XS~b)w!rXh0we&ben0qejLe#WC5#~mRTl#oKm^<z&OP{0&^)+)W{X$3)
z>+v(K$1#B-)(aiSErBA|Z}hh@P6;bwJr*ra@>~;E#JZcyq*X)_>w_<~F@|O-V!h>D
z>+xZhBGx}ow;o?+DPmpdc<3BOtf!&<NG@0BC}MrG6aCX1MXV<}Nq^2!#QL8bZIT0;
zC}Q2;$?;7SMXV2SOn+&ji1k`0SV68L*4H=%x6f6?dOe!B$k8KL5$pY2wu5pNvHoFy
z8{?x~MXd9k9N|1gtV^66FXt&@eE|jqVftB~BG!XkHRR?iV%^^5GBjTi>r?S;TatX0
zuZZ;=r;lIq6|o*S&c+Bu6|sKL36>pI#QIn#M?9*C^%JhNiKrshm$__9ql#FUxdzoV
zs)+R>+@XjZI;x2Ee5cd0s3O*7qil?FBmvfkySi-_Rm6IRD{Vzo5$h9Owv|yuta&`6
z<kCE<i1n?mv@N2FSid^g#%LK;#Co91r7Eh3_0&skjOwT&)_1tdZWUF;I%|fF(K@P#
z^=g+(O;i!<nNF}aQAMn|gkA(|8&$-*+-2J?s)+T%(Kg0DQAMmTai*+&R1xbDPOuJ9
zMXVc~3Ohy>vA)tt+9|4t^{uX=I-~fksH<JG>=ISPy533JHL8ep;A*Zms)#ke$|a(A
ziz;Hh%eB+)QAMm<IKg^E6|ug;wbPzaMXX1<n(Gx+#JZQuws%w!>uu-QT>3;6v0mdE
zZr`XP)+1-x82!KlSTA*Q^p7gy+}*?Q+$4fgqe2n3J8f0c%I0O!-0#hbvv~aJxo6ot
z21FIH{?J*mfl)=QpFGIM*f*+(^%R&grVkB@Dq?+%YYc;<idat{XJhOaRmA#>{jJB4
zs3Okoia!y&R1wOU9%^DfhLUTXJmcgWCu*V;7^=`XMaGF4r`R|pCT84F3FDL+r>P0k
zhAJ~oxpA7AunI#}8mGB&S{SFLajJ|{Z5%VZ3AHv<jd9u-r>$|?8P@w4s=aYK7^h>y
zlc+hqkPPK0LVfHJR#_jx_yFszuJ`SVDq{V~em2IQs3O+yUSd6diz;IM<W%d?qd*bs
zHMnK^h?O?5KoRQ;PqiNV7bs%g&gC+yKoRTJi)@T>1&UZ7;~M#t0!6GZIm*VES)hpZ
zcIR<?fg;w|;J!|>T~VNj_3<vo*#(MNALkn2x&lS4?{b1&TA+ya?h7oBjRlHWZ=7vC
zt}Rf+`UY3pn+p`N{=#|uwLlT;`B&N`_ZBE(t!G+~M+y|NR;#VYvjvJ+S5LDZuNEj`
zT{Ovhyj`G(^^A+G$61AnSRd<Dcz&TG)-QIoF)k}q#Ja>))HQ{QSP$rFW87M(h;_bG
z(Dp(_tk<-)F&->b#Ck36Rz#=I7b;>s*VXN7g^F0;?Apisg^E~z>tcLbsEGBiPL8h%
z6|ru0v1R&0p(55>UGbY0DPsMUD{Z?XMXb+oJbD!=Vtvz<mdC&%MXZlK(t3<7QpEa%
z`PSovB1Np<USK`e6e(hTl=E0$q=@y)(`}5Kixjb5;A-x%B1NnxU_veWc(X_m>)qq5
z$NNQ!SeLlw@NtnM)-9b*zbaD1dLJkHuSJSjH(zggG>Iu<{ry_&5sN8e{hsR$-C~MZ
zAMG^OFQ$m~KU_;55>v#w+7<4=m?GBsjh5-bF-5GioE$S_idf&`hOebDMXdL8JWh-$
zVtu4*V`s+{vF_x?)wMB2tpDkn)a5ZntlK)Kn`4StKRUt6abrvo>q8H-9)F7|V*RWW
z?46h**8g@Y{3xb~^*=Y+BwryHV7=9O{1{WjdXY;KDOSY#`onFKf?`FiUvw%=6f0ug
z;6$%1R>b;cH?3%0tcdkGXDvGvD`Gv?)m-mlMXYa{ZgbhUSP|=UCR>l;#fn(p;&eK?
zSP|<LuK1IS6|vsOwd5m;6|t^xEqQ)1zWoA^5yxAm#}q4K-Fk@i_)D=O);CPB9;X*8
zVtt{@_MBoxtm|CyFDh2V`cc=CHy0~n-QDTqreZ~`zjOMyt5^~1GhJ!#FIL3*LnrCu
z#fn(}Wto-Zg<?glZ%TF`D2N^CsPQ(&`^Ab_Z+A8KNwFf<PcODHzA9G4db_KJpAdu9
z@QahwD^bMyFRl|tN))l~<?Kg6i6Yk3PV~|eMXYyTY;&nBQN;QX$D?(LBGyw}3+h;+
zi1nAwqkD-W)>B+A{Sbq>^mC=%uS5~+<IlFaG?XY}UFKp;E>XmKqbu#q5=E>JKhq{z
zSfYq^nVS<Gha{X6b!xORPAXBv`f(@N=_QI--{S1Yni55<7caF*E-F#Pdblh8h7v`r
zZ=PafY%Wp6dY&5!ZYWX2`U}@hZ!J;8x|`G3_7X*`Uv(9Ae~BX2Q<hk!k3&JgdbQ*6
zLWv^QXFAb8EK$UIxRdmA2u4X)xu*SXi6YkjKGib)sYDU$yIm{v<BC{+zuv~kiYsE>
z-YK~-u88$2R}H0cMXVn<*CuHmSHya^D@#pW5$i2IZHz8)MXWctY<tBOvA%Yejj?ZB
z5$kU|S&#8?MXY%&kPIh>#}%<2<@B*Qu88$0XFiXI2hHb8Q*4rx<BC`}U1U90#}%=D
z+?8crToLQ*F0wH$k1Jw5$1&X;SHzmTC`FDfaYd|0yRzIGSHwEUCAmAUi1n$?<Ds}B
z)*DZ=Jf4gzVtt0w*h_ImtnZy+W4s(!#5!w;^>`(&i1jYlfnJR(V*QqDQm@4ovA)6;
z|Mj>c*4Mh)e*;Qp?e})Myct)-`bwvuf5a8BKF#%px8jOeU+?V4+i^v#pLQPqj4NV&
zms8L?aYd}paxvbGD`I`tS+*?i!2?)7=>&T}u84Jbt&Q<PToLQPySe3#xFXi~xYB+Y
zSHwEo8R>t;6|p|?O3UM;xFXhV+zjR8xFXhx)i%Z_aYd|qIUb+J6|rvV=9Ztu6|r98
z+Q;W{MXXmj6@G!<Kox$_)iT`~SH!x;Rn(VpMXc*xZ`c)A#JZ(Z&{xQX3cAX*^{?ZK
zSYPD~$~W+!L0RtV_S?83)=%$ev;7X$0IZc$(D!jgtP5Pv-W^xOy643<$q#WwtRHa2
z--C|K;=kic`(s=Y>x*1jeu^t%{dcG2pHVMV@)>SK{sk?WBl2q3J^me6#QNI>Hrrp(
zvw`)=&f~YZBG&J@0mn-yVttaUIX|I@^&;1ALkUH!v&LJdK|&GhR<8Iep@?-?r_*pk
z5$pa=^hiPx>po6FSqVj~v++Dwx_Wj(5$oUPS&y8ABG%_QjWtOqV*Q0{$+-zdth>3w
z<s}rcu57eC@)L?!YbQrEp@{W^&Ri5E6tN!XcoZfSu|Ctav7&?`)&tz!GL}%pdZ%kr
z#R)~M`#Gj12}P`5nqcLKCls+h(oL=s2}P{`=>#iHC}N%GM$@JVMXYyivOIJ`5$gw>
zM_ED<>yw?<%M*%NZ$I27X_ipL`hBOuii9H8vz_Rb2}P_wbaScZ2}P{0b=I;)LJ{j3
zuI5@M6tR9_y3M5uascZqCtHu|gd*0DIi0pjC}MqyD}L*QBG!XkORh;MV%^=f<TeRK
ztfwDunYK+RVm)Mt^=Ow+#CrP#>#+|?3#>P}Y}+Rkv7YRT-yxxh^-JSyl8&esU_H#~
zqf<f=>u`gO(K(@r^<}QKT@s2||L7#`noz`gt(#lcCKR#0$914?2}P`zxenAlp@{Y4
zuI73q6tVu?O$2%-6tRBXRYNbtU^PTt;d&<&vA)oC!afN_tPi}zirzP&i1k1xdcTAs
z*1n6;KcR^AT*qTTLJ{jFt_2NDC}N%Cc<h@{#CoygF({#kb)75i;DjR9XP#~4*bf~D
zShsgEh9nfRzSEU<XhIR|W8B<wSV9r&&aOA?pHRelP@`o!91R9ozvUzykx<0?31>eJ
zNGM{xVyR71mr%rdoU_RXqN|Hdo?>H+L`w$NC%d6w6nYegf`4CWW7H=Uu^#F)c2GhQ
z>yKPTjZP?Hy~NEe$3TUgTW)YX#wHZ8UhhOdIH8F3WGCq%Xs49)GS{>l(CFB-3s+b<
z#w8T7e%`gh@d-t&!|w6y1T<Vep6&0HJP{_CO1|7x!=!{F)-RlEnI4)@#5&sz1&6^V
zb13**Pa9)$LJ{j5UA9vaidf%)`J|ZfsR>1_gU;4tT0#-)f4R1PctR2D$xa{BQCjNb
zP-i}8BowjUF~#yYBB6-&K8vi!%!DG=Z@99|N+@D|_eD0w?1UoLOC8fW2}P_g9&cmJ
zO(<eL)0O4Ogd*13C7Fl8f=SMC9`h55Sl@G+<#7~xHn6P135|%#ik8p;QTgIXs4glC
zQbGqt&Elz%QCTS#8fEGFs7ZHFR941>Mq7G}jW^c%A8g|vV)-@L@Nw3EyiGSDD$A2Y
z6K%XnQL}XHP)i?X<(q8NO^KRCTvKiMH0vI2^PO(<nPKA}Vd<GR-K?m5xg|8)=0C^A
zn;VrqFQFrC{CU=$Z^MtW?gGo_Xq)ds8*h>2x7fy85|!oFp<^t)G-?*H9c$Aa7nOBW
zq2q1(6RiI->n^wHPK?TqfzV%U`A)L+baGU_{t-IG#yi!fTVeT~X8ljM?ip6@l~&(p
zT6xd1=~h|(XInW}+we6u{2WW4Yx$jL-SchzTwvp^weC6_exa4;BFq0`OJ8E;S#Rk}
zt-da^^>cZ&FP9{QHdy~FtRAkk_0(wd-DusbEdNbb{>_%})z-bnhF@#>UuWIxZTc-X
z-3_*!H(LGPWa*o2dA3@4Zn5%ji^>YG(5;rf&GNn7x_`Cdci8YdEx)_0yWPrnw=M5I
zR?ffK^!M6)|8CRYXWPyFR?iPuJ`dV-57~GRTfUE2_fhLUX8AsD=_joFq|N^+OFwP-
zJ!Ac!wfQ|~!=JZuy<q)cwDe2Xec8(OigjPL@m{m;>(+h4>i<p4_a8R>Tb6#?(*Lye
z^NvmTt}VxVmVQ5K7IS`J+sTe-zs&<Y^PXmSR1xd)9@YY0l2F8YyBjk$Viv|R<B5ef
z#ukjjz`D%M^zTb3V!guI>ZdU<(^j86#wM9rs)+SSm&=M$MXVQ0wlU5vRmA$;5!U0f
zQbnw<b{<!iDq?-Lo2Xm|4^C9hagsh*s)+SL?gsSnQbnwfs<ljCDpkb#YbWXFrHWW@
zbupfAs)+UO^K6oLn<`>`+40t6cT+{IU+7{zer>9Vb(I^-BU%yb5l&+jS`q7mU5v}L
zBG%*ESRU7EMXc-3u^x|TMXb-BYdxORidY}&Jl@obSPz(EV|=O=v93M9dVH-Fv7R^E
zdhF4PShrkjJqDC1VqJ8o^*F3d5$hdJ^n1$`u@1Xxc(F_o>oc9CZ<Q%x-QCsgXJv|5
zKj-S@^D;%OUvo^qC{x6`lWRdc%M`J`$kof2Wr|o|;9AhGGDWPXx?H|0Q^fit*Mhz-
zQ^figC+Rn3idaA7JiaYc#QJX6g1#$L#Co%n^!qYJtQWc#w7X0Z>vLWE_@PV@>s&YI
z+*78A^*>yUAIlW6j-PLJ`cs)A)_1rT^mCaa)}M5-F@7mi#JZnrAO9{>#QLy>HpZ`I
zidfHgF@7sk#QJF0g1mA?tmnCU@yivl-sT!is9X{2CC(!#SH!x0j?G1tD`L&Vt7Y;R
zh6k{|e1`Rilq+Jr(lx29az(6ruC+0;%N4Qi?3z?gxgyrTy0SDWSH!xdtC!qzMXWbC
z(eug`v6%%dPMFbdNy5y=j!BqV&eDXLWgVL^v$5kWeSE^q(oRU2+0(LwnY}DenAy#V
zmfv3zve_$il66l`nAyZB3E5N^IyGTteJc`X6gw>;o9{xWCyZQYSUFZ&`b-;smd$rn
zLe@Kn&bI!m6K1x!CShiA=UBeyCd{nyJS*S%R^AJ2_*xr(oejS*(eKV-)_O0(eHO58
zvcEaWJ`^ig#JbXX6qPIDewz_(aWy6l2RHMH_3h_l3vXL^jH?I{mvf<;EZaK;h8sO=
zAp_s6P{i#X8kt;-aVh-wz8GT@Lix+P5#SM|%2%O^Eod@!NnKkk7coofU>~otZDw$#
zBGwnru^z)K6|sJ@zx8;aQW5JR?X1Uhm5Nxmc05KjSH${@={Cke%@wiP&(NpR41s;E
z+t0fFD^2(SOAoB<SJw*SFGbmVS1MxtD@6VXexYg26|p|TJ>;0xToLPcUE`nMToIcF
zcxZD|v4=G`4Rvz!e&f4Z-jkXu!6${O%v(eFZ+a$p=Xu^{oVPO#HP#P3fHj6~{XVgL
zqHph?el3G_#J&&np-9+4ueVz@n_S_m><VA*g$ehN4ISYXvKJ<Nav7R{7d|MJysKxt
z=61gX{X0D0P=4}T=*oNxy>`EtS-Q$Y5tgYGZq_Y@-F7WGL;?O>GYs6VJ#daMnESi`
zpIc>@o^E%|W~a`-$n$D>R>f_GWi5}H<GOEV^)STYs%&O86Y9ZdPl);5)Bk5yf4W*&
zHXl_ll;z2_b>PVLxXfuel)!b#%;~a&(ZX#`UH-Q@$-3lLXcozZ(5%u5ul6`_ce!2~
zPnCQ1>XiScrYZjk@OQdd4D581ud#AztC4;a{P`_#mgKi(src^m=Ja=;H)jb8mM5#N
z_Fc%}bX)))Z$M_m`QPhUN?sZKuH;R<+OJb3@Af*dt<BndQ~tBYq4P{c+Q@<VbMPvA
zpgm&*=SOeA79=uN_EV}<=iy%Mn4(m1uT3ku`(8VX?!M;EqHjkW+hS{PT#`zA53p11
z8t`<DVLXKU9Qjfu9sW;^p(`45Mq?=VYI~-N-kqDsB7V1y2jNp&i28reaMSNIEc0sf
z!QHmL+5MpF#}Fry@3Zr!lwCn(b2k~3Ee94veAz}6@oV3xPo}RuIX9&~_oaEN+kI)C
z*nMf9*nMf9_)?_h8hPSx!IMkUfoIikLH)y|W_4u){GCV->|;bat{Yrmmh9vBxEbiW
zf3(1NPs6U7-|x!#+XcyeGlYNGrE?ReIkK-Np$Px5Yv(V}iG-Ib!awZd+1G_PRfNCa
z)zdI|olUP5p?vN$)U07XMjT<=OcBaH@=!&?Q_j0W5!Rx?CoMq%@Z9#Ivu^uxXt(z2
z|JFqLiS}d@odQC;A*i+mGO-P(;Tczq){0QJ#;fKHU#~R9P|X#g*_37WT!;Nks&)s4
zBxeQpHn{9ToDXfeTK%_no*p_5MJ(}h>$>9TE|@y3{vnj(iQYtpxeI35fD%P$_8u*7
zXo`odtfQ>uim-cY{AJzJ@C7Wdc;BK38;<I2Ho#@oC_>r1nq8WE<6$`C47p{OD#EV!
z0`r&mD8M^sagwE?kHLKfG`eKhf4T@C0X)nIO;z+GxCz)IOx~sf%AqaU(I>{^@HYAu
zR=f`pWcy}`DNv79VAU33l2=!NP7@@r3Vtn>=Q$!T>Dt*%b3g55Wo)VljknJIe7N=2
zicroq$r;_y^Z--voY9J~;aHTGSvQ&Q6DGHQv4gv<U&L<f7x7yd!t6{Ux%G?wPgf^x
zvFzB-T_(bWI@LDGNp%6Y^@}N9U6SH-I>d1UrrY|(IBx3~vD^AZTnnDo+SmT0&TQAA
z|0BS*iJHZ+!(=C-8j#$8##nCS7_r+pM(j3@0ZY@*%agW{S7>&Obu>;_DPPu5v#HE{
z13K$anbBs|nr)bLxgV0QY$(G~OS0+Axj1TxJ4dtN@{oiq9JwTW)8I-xoS-D(&c#Ve
z;*XP*xI;1vE_Xy_;Y6hiTf)UjN)nD8#Lks`r&=1W<b(X3JkFJTom?qbc2%Wz&T+G8
zlB#XGF{$QmZGc~c^@q~<jn@CpUh}H^q{ka2o^K1g&aYkCG?{Vj@zGS9X|^hbpKPAO
zJ6ojMSQo_M#(CECkjhk?zSpPl{=lwvPedFy+_gg&d~mKw+Z5QDL3i{4dAdUnh@XRO
z$Nbfp`uouBe~1_b;q<rv-6U8hXall-XX>+YObxg@Y1TkH%U~-ZLAN*Ie-z>abEDq>
zxmr>J;0S=HQ<<9fbb)Q}m)okk(zde=e)2vDGqI1Zf-U0qW1O_YW(vnrY+fmf=Um_v
zmak@{ik5u@<{L<Y;>c3?>>|UVmF($^8h&utnlW(6W@JOblRKtu7#w!2XllzgtIKWK
zCU#r4iQSfM<|;xRVsgDesDjGc?%Aofb2PB6^V-mXW;-gG>`Jpqe_D77n<_l}rKJkY
zKn#cJ;4th@DI`c!D59{C1%B<$R7KT>(f*wZnPq|5bzCsm6lQ<JeS~rLHyp-^87P=1
zIxo1kR_7<nD;5$nI_3+9ySd>|)hUYdrYLGKMVYYL?W<FjeD`%p?zN8ryF1or5vNZR
z)0Y2hCg!BMkOpnp?dWAyp$y4k=n7zG3fzuf#+e5dxN6?iEoD;91$ILZZF9lxxsMLO
z$Cn{@VG~8zZWN}2b_-)=u1pE`a%^N9gz}fy1>hj0;#~i*8asXPqW?nAs3V7LGiPXy
z-XX`66`J}e(o$hXBgS1Z#GFzV%g0G958wbadPpr5M`!ief`i||rlf*fB!4$?m)gR;
z1na4!s`e?EcsD}317)a=!fTUi61H)3C=VPq1vqSpDT=MdQVDZZ5*!<oIsR$PKX9Q;
zshAuQQ&eUS<Y{w&Lo<`g&t_|#OrDuiv%CCh4)FX>QZv6)I@+cb#qoG=)PLg1d%RS-
zw9>*eEgg!PR(6DCYAI8)%&<&NWNIms%H)!%vrI1kDJ-)@X|kXUeC29utkfKp1cyRo
zQYc?$enu0?qmtNC-BC%z&s~#h&F-iq`nw~Mh~1G$#O_EWVs|7Gu{+j?*d1#`?2a`e
zcE=hKyJL-r-LXc*gRf4><Bm0=KaVwX#>SmIM1Obk5HU|4`rgbnl7|D)-yIG_><$Ma
z=HWmq?htEQ`(B?^zG2)cxgK7*JcT;|H-2j3pSC_}<Z8cZmWq?8NX^GDLmc;D>*F*%
z?*_Jfy8VK@atn<`U-Lhh6a9~lYdQ=Jlcy!|PPo9U{T>D6aZN0E2Ta1;)3>X8n==~d
zzZTe8ZuX~=&JE2@FdM^jqKYtg25j&BV4qW<2=kr*-pk=SA5aP$uJbwE^uu+2qCal!
zf+B0%^8nHh*D(?P*N5w{7v&5TyPs3%9PzA^4wJLcc%JMW_M#k1oh!q5)_c;6vW^wg
zk+s4&XBg)k6ZXBtEQ!nOpRCqqyve#+%zW0}#`&9Z9+7;TRteR#o8;ScfXvO{aExp^
zW^x|Jd0sh1_-Nt#Z2*dU$8Z`mzju{W(%2TTIcgv$O6cVcM%Y(q!1+zHE6$jO^9gYG
zlkHW!h5<ni5zVeBy9i$#x(T|5zI8QqE)V+s)Pw%5(@hPu0I!CBA8T*F3w%QT>}B}!
z2g3c{z9Mdyz_@M)?fLNE>r0q@cn|`Ay44Mk3&6j^SH$hQT$^NZ3;g%af?reMPxnEx
zCjtCTz9MdS1ejYXzJdQ<S#<rG>G2ECLJFni@Saetq55od>yIO931zw#iZ>*naCwS_
zW#xc9St-GT;o#bc@Ac%U7d#XWt|LLS96THjwj_y1!of`>Xn2E1!@(^i*nfh@!olrH
z;_+~>odhj%@I*NHI|&X4!IR<O;Uw`?ICzQ#hm_#yaPT4tHqqdjaPTGxw&md2aPUEr
zcrF}#L4reR@O(JfO@bpv@IpB7vmEhaILIf#@i%xW9B2}puLduNgPJ7qN;v3Ff;ZH`
ztKncj5<EmWcr6@^A;DRA@On5nJW0F}4i=LbeK<ni3<sx?cn}YTgMWmBi;~1!;oy1_
zr3`sH9Q=*M@?IeR84jLL67PhA4@o?_1R?K+gC9x6jsfvrI4H;l!6Rsc_aSwX_#hk%
zB*8N-gB{^u90{IN8hjWIj!qK)3J0r5$kDeSg@er`csyqCaX7dyNqiCx{y}1VcZ7Tj
zjgsJ_+u*ZsP>g5rJ#V7apNE64N#cueFq#ApLk)H!Qxbga8+;iK&Px)z!ofBYJUcb`
z3KdL(N5TbPhl6jE#5ds}(F7qpKrQ$-9P}Z<L)U`u!og$`e32G>9}ZR|iQP~y2|kSv
zeh3H8k=Q{&_k@G*lf;kVpduF`Jfki6DI5$V!Q<hApTog|B=Ji)SPvq1GhSqjgvAbS
zQ-tmEF_hRYxD?)d?}8^Gl)t<)0Sb_cv+GYTw@0OT6{}H+@*GfkEw)bfyt~NlZ#ba%
z31mx;;1T$=d;x#kLtgnxv`0lE<R0v{_+~slNd_Nm5C{jS<3JU9<n4w}WP-`A91>r+
zRHSU>psILle=9_`*Ww+=qZB;O2M>CTD}=FGh72Q(kY_|M-=jzFS65>!!wo=It|Dyr
z82+p(PJ#DcRk06WI`fzNmgDfTBGh@XPB)O_0$&lg+jd=&<;(w(rHlh$seeEU5$e#8
zBG%7dVm<B)DPkF7vh#lD&|JYY)1lqVHYWt69NIEanGQ`-c2Vt?Y%}@E!TiBJ)FgHf
zHHqCrO=9;@lh{4fBz6xqiT?qfe5*&ivCd4Qh*tq~egbU7E;TY~L$xqemCTi!<U5B&
zYBJMMvy3xQZh-tgaxdTykrf?&jXgQ>2<uL@?f~oJbUa#Kf30;FTKAria0}T34x0at
zqOlDPFrNh&EE9pySmRu3oGXoUjd3nA&W*-7&Nzz<&*zNuZichdP@kFQDLChm6&h+{
z-O{8h?*ed8AJvgtY8-QHLvEQ+LA9tOJVvw`KG--7J)eSc4Ey2W6LbO@{lfL(pha&G
z%!x#GI?)D%EM*BtLdMMw_2%dSIvkwU*Y{FXdnTlPihzGV610OP7Ls7jBsPMO^#>8Z
zXU(U^?+y5ccA%j|Fy7tN$G0z5X&#=i0T}xjU}9k$OA#2LNMtbUCCpw&b__Dq8<y%B
zgAt}AO_^$@m2or)n&-R$C>RLIDQ{oHL5|(b^Nru}X}RZ}kWQSOPOM2M&PgZMr4tt$
zLR6A>t#NKN&K<_NN9HW~oiR8-;WBvVcQM*GL|032YLh=c92~=FLQD(?$0mtG!@==M
zVsbcGmL#TzgA<d);o;z<Brzi#oRTDFr%Ny=U4psk5-foAW*WAW{DtWuOTxj*WXMtz
zk`<o<1BZ7@YNr=&+;cQOd50^%dB87>XWux=e8VQcxsWG->^_{q9BQ)X*W*KbxRJ|m
z&QG{x^ObNTQsp=2`=9J>Ah#sRoZTRsE<~vL_)q79aNE)VvYmV;<`)br`PIw>)_WR0
z6GU^(&nFGUq?cFzP$SWcNXJk6<PQ~zE^=&!l1=t;AVs2~BGK(2MWUf1(V-wkA|Z1=
z9)qW7Gr(#LXW2R7v9@r>2wCmOqe&jPsx>~3bp%WnB+NguwC-}ynB-rJFkU!rEa1@N
zw>=0i)IgCa;n#71Il9Q_+w!wQWEQ`E9{erdx(GN&{Jp}rXW}c%$ijVrYCtV=#g*SI
z6tI9bgCUiutyze4{2SIr*AR!q*lL9F17i8L!Yy_eXvwLk$yLJo87%4gie#}JF5VCc
ztKM@p2W5_e)jJ43ChXj!R&o+tm4-`DAPl%HZ|C1IVrCs0O2zLhdgv_i`-*@6yga<6
zoMrBZ^81AfJMIIIPCfazAN~eRg*5d5_(J89**K6Ez-c3N4XiP){2%;)d9?0$FrH*m
z-#_@IYYIS%&VTSlBL{;P4eXKc-NhDx7A;u%T+pKbpCsHXo`CFl1)eX>&3pn76dPL!
zn?5kxzEo%6n`EtChoJYSRoe|cFcHBO<oiJu#)#JUAR`J257IU25HuS!0??dL#oj<T
zCv!p62)Yj8Y??u-gvVLsL9q#YnrX*@Ze!B^0J<YuX3$pXs!10yE*pGK9LdgN(jsZn
z-2k_p53-PCY$`}$RAv~h1}%)rg|5C4bG+a-&Q{|MXu&~=<lp|Se7q&k0$t$8J5(X_
zo$%<eKfsRw1LgpPqpZK7yXSh|v^2F`(!=w31q(zg!yZS5qLl?yO7<3zqLc;HNzT7O
zO1Y&2=2W7{BE~`~%XpBYp(PUeZjd)#2G*wv`8vo{!K?0_gOHUH@;yQ>1^eJalIhAS
z##A+>ot!Qph2z<ht{$YMTTRj%dLhdO;M(RJs4ZT>a8tJVh%aRu&azdd7+0m_^0FqN
z4e-Ujn7WD3H?O=2#?+0+wEL^hq{Y-d3XZce#N<uj<URXrkms%-NquBr2l5I?mN!96
z9gi9vg9c~FoE->d!_S*4$~z6A>=${))NKUWqXFb%a?W`M<naSQ8r6OV@`n9DE)|VQ
z$eE&(#6%miN=TljClN0YaskMbFGM;KKZnQBu><8zVE?JQpa<Yp!m%kDe%>Z#UB$De
z^ERh^w~B8M%Jx@6FKf^Oe9qDrjpa5*pe<hE$Bo9grjr^AKQ0=(dlJ4lBc$l$a*$L}
z_;HfM9z*17hLGHa8p=K#p(m{;Df(;!a&~u;97%Fs2l*F<J}(OV9%MgA6@HVXSG>=4
zII0s@WP%^i#~0HNN`ea)AB$dsc&KL8SdW_@UXdmt`2b|iyhF`r@!-KS*6a&<Fqt(G
zdtB2JG*w{f*ecLpZUNm);>X?x-G+3zq4Tk@<gN=qR~ULG=q9jVjy?_aK56N10sVO@
zedkx(AZ~Gp_lqN6X@<NYeJP|z`m!;1AhVC)IR|C&8~M0)uJ<ec$M!i4x$sd_|Kb?#
zn~p<inWkwd(Xll=&|9a$4|XouW%hw7=M|~4ig*?**aF}oiufEf4FYKDQEYCcMzA;Z
z4shFphTuA2vpM)U5w6H}!HP;$@8h`VW%G+%M>2a6Na1}QS!W*%l7=#JoivR$AdiA&
zuw)KMwuQ)b%s1y>Ao-R0$n{K{6HLKv@H&uNB(x4BdwS$X2|X4hTeKmoXrm&Jutmo<
zA%u1ye4I3koCiQ3-4?-*Ny2wPYF5J&LdvdvwgMqzhfOsW%_jB=Z#e-si_oUDsaa@G
zydpb&`TS?iBZw}=-6>!7tyvFR+SE?TyJi_^X;X%deE?eOeYeltW8O5+y8vA+^0T2U
zK_59jNlP8KSZ3?^7e86YoiM|DC=jWdH150#%^p{HxfxAs=75Xz&*d_p);xN+?UBpn
z8@sLR5Y9S70`|!oA49S9$>m1s9f&WTa=Co^Hr5>BXJP&nUSa4u&@^-5)e=9p0yMP{
zUSnuJq?K;FUTClIn<dB~B;w{YJ_=EJg>SRsmZ0uL+}n(}eU7l=-e$zz4R#{#ZARSj
z2p4g0GubT#E!p2Aw6x#wV<zk>go)^ni|8^X3_oGSYBd9zJ<^C3Y5Z=0=kbax@TFz9
z{s&4VEqj5_rd@L%SVcxj1lC<mQ-sf$ouYe!e)ymiy%qHLY-mSIF>1~Sy)W&Hp<{1@
z-%Qr^Li0WCpFq!LTd?#Yh(DL%i%j@p(C0JU(tAK3&hW)1Jb~F>bA}r_p4JEA(mhs~
z`Nw{UC;j0xla8zIq(hu;=*vKJ@U&eZE~-CPswS@4Q%pRs@VOK5Cfk!*4K+5|47-FY
z($!d*A~9T?CBjGA`eWcLZM~<VKLjm(qnFTLtFph~Ho{MtnguWlydoQHjeG%ZOO0$W
zHS!#_&l=evlGkhlEj424wV<U&EIkXf)W{X4M*4%68nJXC=(}sc?+Vk9I4_CZY_!s3
z4klh0s2trL^gXyDH<|Ehz??Qjwi<d3Xt7?K3@@(-!mcrm@&<%Sjl5#Qq&8kQ>0U#a
zX!$ime@B|F$k6Gv8jH=%s3|Y&Zzti~A*M!D<6G#Vyz={+QM(Ib%Pn1B8MQwIDYrO%
z<(BS7kaA1cS8nMFkF>XReZ_D;fl#@n6SAInY16X6x_=1=s8FN1O{;toBMGlyjLgpb
z<}x)K!>L&*3mJ@IOAuonG|;M7v1q|~@%{6;Th~G)<}XhJ<Ut!pb_i6I&0r!td~Y7p
zk(X)_%wxM1+$xyIIS7UK+XnME1_^E#c;zghJfUq7c!?cX;4D&H;mzhwq*N@?W~!)E
zjLc^8D;0CNnJG(UZnK%(O7qYl!ka05sn|P-+kCb7egx^NrSDuVQ&X8CUC(6IG99{(
zrq}DrN5TB%?E!hi8t4>fhcg)^z{A;O>GCR)g)8(D-$G<w;XdhN_Ytu@G~;j|zK=3u
z_YtwBFny#jJ&$7q!m0xX0`_GIszvO66uU~wb%4~0ly*49u96~-kYt=;hU;a983r@I
zKqBzdui=FPcMbqNopDWRk7jABL<fr*A>FEYiMM;>i7BpdkMz>?kkY(}X;HXGsx&=P
zrRk9>jX<yXs!g89EBvy%v6Sk3+1yx4SzeaDUm`_(Sw`IwDcH->7u$*!UiPU5ulV9d
zJSV^v{w#ytXNH|<^fO6TBJJZd8DmN$o6pj+`7A9P6W?U>nPd~^96h{8jB|V@>-0y7
zAHNZ%2u~oB_rc+EGe48@tSUr3c$IH-#tjj!$PO8`{N`dHcW}g#<{8<MY@U%F)R#2R
z$PN}T-I&DFOn%ionC8eXssCx{ITqg0HVI{pvrC$SnDFlf?q;$dCE25#)*1L6lNtCK
zdVAz2X&~RF;5{k076L|okvGThr{E>mIbYFFq{8Ux3Fgt#=;}vi-NN8vG{Z=x!9Otb
zDuX|ue;cWnxS0Je2Fs8z#Ndw@XP{u5rq4!zU-7#AacV!V$TVN>C46Z<pjcLEKEPCg
z)GM%PSB4@JCoaR3#WEyWEQ&N~y~?M+fmfs?y)H{qbt&)E#nePfn4MTC1NT~&l0(Z>
zRdo<}1bSPftJK8TRDU;tbr>!p-9-J(sq=0Umu)gKh;!>IQSD%fu#4IsB2cFE^02Q;
zrsP#j<`w@1Gi6?p`i#4^deM|udET|2$15@^y|j~3rJa;&xs%Azlvdz>F6|K_wlvJe
z0;ROarAm83s<bCabCuGbAaSL%@({z6_DqQ&rClXZN_)0&kkZa%GOx{x=*7H(e&%76
zc|-|{*1tp^xb!n6Z&Q077VP5+re{Q*ZlcOKINe5Fin}FV!9f{O4@!%Akd1l|ZnSv?
zn7}emE5L%Zs0$=&+EWs*&1x{`6&#n5>bSI2=03_iiu;Rjh;wEXoFwKhja&LNm&C6l
z@kR_+DBpgCoM}S&Vzm-Gm*bWNSN_U0gP*@r48A=1UP-IxC7wbYUiq&F^zch1@O5JO
z5PSZcoV--sj@$5j^Nb)d?<&vZmA@{X^|}=6b%ymy#Nn0yKzh6fB%aKR9w2KkamyK4
zg^4SFTY9{0sd(E=ydsSHyz+Fw)hvFgJP6XnrSbqtOY@RvGZjXJhtaWk<yD!d877J8
zJ&Chtc^<F4e(8bzq_KGudUA5``^7OlZIQnRVt5<;&e_;)b`%6zt4h~p2QOg#=sFd=
zVVw8GVHDl<9M3xxi9)%)B5wEm)yPyu`GNG);lI}x#EdLIvl04I;N)BGelOeHL(6<c
zY(A>?qTlcG1MI4m7kx!+zP|R7-|x;k8}O2^h-Wp!-Nct*>aY8g6|Q`-i`{Zv+61^g
zZ;8gpuN4j&hOZU+W0EVvYST9*?qzRg`ewy0F{HIy1@HzP+`6p9EG)@?J$=rHk6l}g
zckl3#b?f-X7GEvG;mgxMP!xA>VO&p>3gi3Qy-{3WlM3UaoD{{SGbt)FEHekL21>=u
zlq@s%%ygMlW@$6IWXi%dIjQ`(-X}$6rpwGBGb~eTzRCZeammy~rqr1{Gqsy3OJ-Om
z&&<+h#>|w{HVx}!Y9f<MX6~6(W*IW6%o1g$%akm$44L)*pJHaF%Pd1?X)|-rtj$a=
znN((pGO0{CGxf<Av8gtZnR{lsOe!-6ldkp!JodBeN^8%FByB+LD;QYaLff6d^=-xW
z)Q*Fx{MukywUFA!!sZW(WrSlX)^>_wt%d#CLEz!?Tu`6N=QLnzaoqR(_}Uxa^BXfX
zmEuTXe$S7qV*dq+?H=>m4^fg$cuYk9(HNg>4qbjKN#+m^=I;;7)&U%nwr&G`t}ICN
z@rJ{??q$<dvzCR(1-XhHz8Y!s5BqN|4gMBvlS_j+%H()m_JyeYWSnGoBC@O9%cj;Y
zA1q5N!i6Y8m#^Vt*D~W3K7H!qSYNW$a_ho^Pl2KezPCP2$$u|LCNz5y1JLDJHs;$y
zQSc-FTLu3DY%>bp#OpGy!IN+3Nx>gMcC`n<$F-V|ij#${{o$Y#{w+6!Yw^<8?TyJB
zjhjGD{?Im-V@~B-c5XO@=K(iA(!^PfIQ;rA<M&4UaVxTi?VFUUwl}boXD3SFc)FEV
zOzT!!5xbRE#BQY(v0G_H>{eP47iFiGtG{so9=h#g<aq?x<+~^?-?{L2G8_l&4jovJ
zIBpy2Igr`u;rNvNvRWu|N;pvUSm;3u7FiJvenFFwrIcJ<<B!1NAg)h}JOrxkA1GOO
z8o53kEJctZZZ?Fh{PO+Y?8^Q(K{&X8iD{br??AO9C1EFnv4l|oe+{Td5GH#?{W10%
zw^;Z^!{r|yl9N;X8KK@ZG5!e5in@^#4YhwHsC|>UEC*Fbie}s21nLk{lIJy`9wH@q
zUJr_S_U0m5e<LI~A{iE7h1B1Z>2g3xI*C~VN@5CCo<UWBqE1YH?}O*$WDYmF93<V=
z3~E~jbz27Y*9_`TP^lccBfqK4fyUPF3F>fCQoaG8Qsw(LgUk1pi=0s7<I~3+9R0IG
zCgo*FxsrTn-u;cBR+ADP?s0W0`uz#ix@3;qT#l0NV^A9y#`VH}9%61v#w-LSvWcYa
zK&7<Z9h7LBLzv$Q)ZNM4>s*+mo9xmFH5F8f=gBTiq&_1f-BOgEF&nr;{pqjpY~E~E
z|Nq@)-shsJ%{JV$YmN8bw%FEki|rZ4z^CtsZQyAEQciPlKynAH{nlsg2V+tjWS$1L
z7N`4_U2ymFS93Jd4Zb<A>Q=um*E@&iD&sCy^5N>xV(YF{CjO`PlhHdvhW^&NyUn+a
zLwy2sJQ7^aaYFr7UoHg?-KhF<d3WeZ%LgtyOz34*I~_Mr&gk8jW(;2gc2kyP5yu)&
zbJWv=R*v7hk6Qo7|LD@Jgq{kS1)NV?xu3D|;Icu7p0)IIHvAP!za28?i@jrA@NxVk
zT^e6D@DTX3iPEL93-wL8G@GIRHXPp_XD1B}37Jz(?f1q*eXKuRuF@wh>EMdq&I{!G
z=An&2!%J70o6+npiqOav4Vij?E9s94OnuF<<(g;nUtry%%?HXuSamCMFS71pW28e%
zEPaf1ms))tYr~JX`j~6O6Sll?g<p%kxUH@KpSYrz_JPqKT#j6!Gp+n^x&0w@R;VvG
zA%xtg%vYO5v7ymcf1lX&aE0HOmWIns5}|(wMxXh%J(k<{dAs%hYhccK!=NSkU!QU%
z|1IYG@}WCJeRdUs-x7O97w3LGz1lkxskXg#YziOIJcTa-c9Wb<h~p+Ld)pfqElo{k
z&RCh8Th=ZHwq1Pa)|0Uk2qNHxSJ2oQk9BzYvxA2*!5?-AW<`7&=+7pZ-3jE?m{|F<
z`JBibI`9;{NHA$bjT7)di<f`2NqfFad$goo43f{v{G;Vr+0fUJ_EeYlaXg9Q<u5U5
zw<0nZl=({}?K2?x@XB8z52c1qM8c%ZGtn7&`SVQL!g*Had6M=sq~+5of1W&@YV`@y
zLj9gw`Ehw0%ye-@w)?@cDCB%7!fWK~8TinnL>`B3H!nx{0to(wRXa%h3#tt%!i{(I
z_B>vZ&kdi}d^Rd<J{LAMXMvViqM!SG?Nf6k=snElb9wk!GZOU8P!MRAvW7PTd>3QG
zV^5=ATF(IewTKcs2X96HJ`VJ6@?1aXM$p?ySMnil>~WAHZJxYdiG2h5;aLdQAy!`O
z6x93VTF~VoiN67KF4{TP1quBMXg=$UR7&~-j%?<8$HUGd`(|Svfo#j+QMZzR7w~Tb
z|E|Md{f2Vi+lH7;dX|j&kc9$Wx1E0v<8O?f?|ILWdJ}(R4+r%j!KDDZ2zCMdM8Ge_
zg~4!adw@cMnE>SkeHTGN1mgj^5@f^l^(UAGH4O)-|5usseL^v=C>oQ8w|TokkLk+S
zdSG6c$G=kkRq?MQ|9azZ>~h2yLNF6|1@!=<CgQKY7OAnV&uel`lQEMS1$13K{>EMh
zY9hh=07nqyBjwQmqn6>%tMAm(_nI>4wK;WzfXB2)_(%ZnsEPPL`T`t~hz8ljtD6V1
z?l}A%a610FAWhCJKUQ}!y*J^{8+i-<pFsl53%s1UezfjEhCPeFQEy6wf8l=zB8+B)
z*?wN#5AYa!Dsn8S0=N~RoZz1TZ3un>s0G09z~8E{5|!N$M3aFn$GnKDD6D2kGyFe`
zkbH&=F01P(zPCfqU%{5lL4qbTqhl^W{X7c4x)=HPPyCG;y#OZ}k@_BgUVW&-_eM|`
zbE0ETL{JInx)%KFz`x%38`FLvObfvdG{4dGJ`8_jZ-n<8g4Y3#A^0BP6oLx0f;9wd
zQTgiuMh--Y_(8uWl(#xmRCkaRvHltaE@b}4#p><^9`gc{K1gsIz%u}Kuj6m*FQ7gk
z(CABF5;VmFho1mOg)8w_h`+Ht;Z;s>5<m^X27s;v9{}_xC|ic+NH7*)EWz0TlL;OI
zm_zUrz!HK4%;!l2wE(LK>H#h!SO&0>U_HQ11a|^#C-?y15dsgTe}SM9;BA5t0G|LH
zSPhHw<Z93R`M2MG%loW#U3bu4eUs+CcRsX{x2t7cGvK<m{OgXtu|rYrK?G|6MiRUY
zFaf}uI;e&3ZC`7YoA-U(t6v1~>#5ZXV|6Ql$4o<SJcnREfb{@%oAEbx4XCXITLA7M
zcnsh%0<NWck)RT${B45%03Q=f0{DhtCBVN4ZUe}M5M$o~C?@y?ppu|$DW3HMOdW(0
ze!m751O?5jDmjosmz@Jlx<jIFENG};Dx5bc`ubSiLg2dP_!~16Tvn300DohrgW5oF
zGQjl&8vy=F@C3m91m6KXMG%8Yf0dvMz<UIT0enty7Qk+TzXJH|moEY25qt$u3UJ_5
zRt$dKF}~%^EU8;WT7;iY9}szqo$w%ru4qK}RWb%e8Xq1F8;>jUkPKzRcAR2|poch+
zW&Z|~E{k~{T1oOzgz^<m<RQL&$({#t^*WNY|Jm1pl;P+hjz-zTLCSFQ5XZipRUr2T
zh&;^5IsU0;dq(70vdZZQQiiVAg**nNj8tz+<h3AE169rwAZ4KWLL#4d8itlm;QTFx
zj9m{>(hiVOu8K>2B2UQlqt%_8@pRI+Q<v2nAwI6i{dWBQ0x4zuz2A(#kAdby01;S(
zxNv$@#?l3c!aD3hD~LSlH#^`o5QRA)9`sv{ZE`wh1MnEz7T^XNk^Sz(|NB>aUV9I5
z9`~!U)nE&HGANlteS{j}6`5%TS%#D%$V?;1A)rN&nRXuW6Ex5<uyy!N4O%-ctcR0I
zY+VDhE6Ep`<oCJcizIo?deAaOStMnt2_e4JlnIZ0i0~p<N-UtGf@4Dw&aE_&6NMgl
z5@^xIh5j?tcuyE~PShfo%8St00?<-Fmq~oD)!Qg-Axi6JP-nNnD?MD1+l|C&GpO4|
zWZC+FP^!H|L^IeM+GYdJt#dW_F&ZB)yg6rc9d<u5mV!@`)_W;PDd!~Cew7qK7Npl-
z-x^C4SYcCJj{PTMJqCKzOZXf6GpKh6+MMZmpAj4ku$$myfKUyJfz|lerAcu$ED5j3
zd?Uq+h$m9a7b$K8DU~;$r7==0qF(Fw1+x*9Vo|%XyAW$K=uva=H#Yw)yzM6F18^$A
zOn`F;E&#X`0Q*(8T!WDkx^QYe8A9-i47Ckm2jYq(Lrp{YJ7^JQsAx9kuR^`dK!W|H
zqRfKl;ewC)@M;{1h7499g9rv=kfU-zk4o^bCH}_Vj^rHx4xEU;FLA{t{q|eYMY?V&
zL;E506oQEWs|k(+xR~G~fU5uw+>XE6YmLb*dboyb=&~B0gr^Bw>Vlq=pzO4uRmq@X
zzfbj{3wrYpsrDp;BvnotL!RFdM#e>N9+Acn9z*#B+7nEZ3pI9zHQ^N*WGZ_XiXti=
zB$fRlNYUsZF-`erdw7P9*u#YE1M;cK)VGkIf?SB9I5LViIMvdnhO$Rhw_y%r39F<d
z9nAO#=3y}U7{Wv$RirMft^zb=&1q~4RM!oEV;aG8Ai!Mz0Q`@g3Gxtt1E=BdYot|3
z8|#)+w+OUJdm_-7rxEW=0Q`!l9fC!Txcuh=v)G^{(nlyUf|SR9RbIu%Z@^sLf8AiN
zc>|`sj<cs(f3MY-TX4d-QJ-oY3BJ7i4}<@Yz4rjKsz~0(&$(eTL(UA6ku*dR133so
zkRgc#VP+U$aF~G!3M#>bdCl4NV#b_vTy<TuYs9?j8ZcmXO{@Ojx4Qe>(|zxZvitqM
z|MPv%*E}^;byZhaS67GAC*0`2`{MHC6l^i%0`YyJdsTy;gph;)+uW-MXsP~vv87iA
zXfZ+aCxSkEd?25FE$AaLCHTjRCHM6L`f<p@kCladP(tTt_rjWg0INKXMfRP&8y2c-
z5WDaNM7s5V94gC^S-2K|Mt%Zn1CcBgI{^p=;se(ro=t?@f|-!uZ}3$U$3ak<xWQ+W
zdz}E9>m&rYP-ZU$&CiDWC$avj^|ijYG8^RaeqXQ0@JI0oIrwIbZ^Pgq;JX~6T}_>$
z{?AJNKcS9Sjga7a*y_68f>U>ktH2vS7xcyI3h=L*&gew8*LiKJ=MgeCN_6|XNoa3m
zXv=e}85>1z@Frw1<sA>CY#4U=i(>hV-$y{ly!^=%u%!X&#|r3a_9VU%$^~A~R{76B
zb|S7F{C3`8hB?z@&eCm*q4jO#On{0e*?s{}_E@R!6&z(yzhLD^of|2rGHA4bO%vHz
z!5#=^LE{D7IS86jaAQKFnFY5SG)p}Q8#^B+Oz?Wtz~SS78i)5>jwl8AXXx%63C-f~
zGnBt~11<hOLwwrH2QA%uhIDVg8EDLA_UGAt%l-?&T!M@NtEADrpWK8Q0gy3EP1*kL
z;_+E(6_mwmmMqe0Zl0^=X_;Z>D4hPySRlC9yXSr|7LakUrS9O6x`RcX*W(Vf^U$bl
zAu<!E!`TG?7v0E@O(TC%jlAD9@)xybSZ^Bni#mEZ7xejcq98d-=r>MfxHgkB0eN1^
z&y+_t72Ztne)-+8>!*|2NAmk;{>k&YAfw-dh>*vTn^EaE8}K}c{yo8Z3&_avKt3i?
z1>`#-Cj-IO%A4{E#{8Eowa70heiykPA!AnbRJBW*{tKzDpt3M9rnkhOS<^vvCUPv0
zKFl75KTJIaK8_1TASN6(qBOyOMSH5{X*wKUQJ&ff6%r1w_*E+~+Mff>LmL#33GHUk
z5+1LJ=UNO#`C5dq|Arcp`-5gkXLMxDdOhxk0cV5^cwz*u%K-kP+JKjg0goyJ?f@+Y
zJgQEO&I2t5JgN*h473>Vs2G5TV@4xn92Xw+$H}0V&A)o`Pqyc$unlStbGo3iJe?<~
zY`X8I)!mYtb+!FIUbf%854zOz2pP{=;rW~jPuW5~ryfz|*<Hp9VxZb~zoNpncRvhM
zLdKhxiZ??l-VCXDE2QFG9r?viV2OxH<i`@P&GbBie}#7EG>j)1-d8Ah7J?RcULk6G
zH3Q9y9u#0xdwp%(d4*KfZ+uVe0CK>;55v6^dTtIf`u~bjOMr~r8#$|p8~~)A$k9MH
z6Ny6WNkqB=IS0tpd5FRmPh)R2^tazKE^bw{Qlhfo_23O+6?gef`kw>M4<cj0Q!Kg)
z)OH|Vzc2B3GKKE(^ZUPpY;Ii#<m1oC+dy>yGVN_#m&Bez$fH2UKmFcCKOw`LmeC!z
z(@pjVewU(d$Uy4x(la=L0*XCHJaN=?Yz_f_&xl&*UWD1=xt<YO=PE!yhb=Dzt{e+b
zO$9B1*HhjlZ}Amq#+TnKvPTuF<tM8$pT%2ssLJmhX<2+W1ezmrYG=f|;l!?JSA07d
zgOE3?<5^g+flT`Xf7+oe?TpWjv?}tkWkHhFbSd31G}6cGG5$GBQ^+=>`Q2L2BltUX
z?{9!YX~PcH`v-uQ-ru1vo%RAPZP=j(Pmi~uu{<I!i6jo6gey^izgoNGLZfcAa>?DM
z_-f^X?Vx4jv_T!Aeq-n@if(!~Uadr9p^(AWT4ZYlAJ~V!-w+uy92?RtjNmPiDZpEc
zx#vdsMXZ4upN0IY&DdA0qbF)3Erd9Y#CegJ*Q4Zmbfs!UEb;AHy#EF8uhxy&3r2`f
zu2zjW0Q8qi;5Jm!YXfNU$<^u`0bIfSN7Q_;@k9qq3R30>7U?Eov58U9T1!atG=7-x
z2l+hsHZpf!mBcx>n*8lulQ=)YWAgc(af9>mQ-kvfZi92HVQ@afZE$X#49@5@xU6p4
zPEKkjKin2J(QEk=CI*5(*N>9xx02qN>yv0Di=tl6`JReDPx8IqLyyIF8Q|Bdko0#K
z-`7e!DiyU#ba1>MLmd01d>{+wV!w2n+J$jPg~wItaM}{fE1<(!Z>&{5-_YRxE!L%g
z8)Z7)KcaveU_mz&w1j&E-B`eFsi2z*ibrd7bHM_j4`Zmsj`4bYa3fA!TS41Sd~PXo
zJ%$#*|5b-h({ps_{Hj9d!n5_1@T-~<_zP+hI=@Qj^m-BW%hjSlmXu_iw3rH2;<Wu_
zH{aqA(EJ#^KT|FYT3iZx8R&RTjD6JN;d3#Ya!a#H9#@wAlV7LGzIC3~b+n?hFeixa
zlNH?)hYUrSmi<A|^`+=z;SE;2lfio&9q$j8UJXUH3WaRRZY`D{sPGt<_m$BmbD)YZ
zg8Ao3{*=uawc9udtD>!oN5H0wkx|?M$TdJ_RRg&L$n=N#=UHZ*i>%j)+z#YJW`B)8
zGIL&V7cM0b46$~RrbWT58RTBku81>cwM>@~lQNIr<av96@Ux@4CCivx%(PNw)&RIR
zm}S3586Ra*X4!|>lHSptGUdKXVnVd%w3)E)#9Oi1Vm13k3yMmS;Z1u6lhJ3$-p=fq
z(ax(k7vnv9ozV);2U&D6{-EXy`r;nuZD=oL=SJHPxC<F#|H9kxNEUMs@S7BW1}lSh
z8xB{CXTgxwA`c-Ev|}~Oy6y1xeIBYu-GRd)YP~GlY`{N}Auakc2RZAp!IYZcflLd^
zoEPm<JQ;d}nhl3F_XR_0Ua4!wrNv8V`Ehq*y=Cc&Xp?DgAmbEdaMD0VtJPfX&O}CQ
zWVG^%x1g*j;ZGLQeBF2=FGCD>G4qq1XL3#FnGT=UbQZ2#5hHA~zdG8k_}@_11(~XO
zS-HsGfDYp-yyG5BDwNw8ZIV=Na$VKpo-QoEPWS!@5{sg}raZhHvjd4i(e|^3VwAm&
zj9E*7d`#pKAm0*Mi_78Pi2QgV4%RUpPNi2O52&+_HpAMBQw)vx2*>h_{%FM-)Y4{T
z$D&cdXHA5<A|m$!nFmB#H6H5FiC*mOXl}AqL9R1Grm!21ht}9Xqq`UPh9c>NKLZJ3
zXd5&}p)oWTs$Rar^R}|sN73%y)G}1w@<GHD+}>tX)1rD>)e?<7lE`Qvrx1Aq$oW8~
zU5P&(Adjf?VohRQia$bqcOlc8_SRVJ<H3?9G>i2tJ{W~QN9NQMGzWEfv41o#J_U>m
zkcUF=!J0iEQn3_k7He1ZEi#I{E7jpoB#{TK_(sUL1A-&TzoM$U=*rOrMcY~JjDO?r
ztIQeGy(oV+a;C0Wghl^hOhhAp`>oBSCR6i5bo;+&74-!@s~FSda3Isik*WeU0|-;g
zUrxYH8Gyee{5ljUPWfJsi7$BG(P#=*lxQNe1}h4{-xiI&G87lL-$0Yhq1%M+^)hHV
zFWRQ2=W9Su$6AI0RM(>WpK+Xq6%RBQvKC`O^PafjZvfql^iA@%N{g!veTTf@rgl>|
z$b2n9#1^!B5%M=gha`i@<eH%|YYEh-vD)v}!RR+Q(0?eJKj5z*P+|9L?R{t`SU~V`
z2Y{<rujV+a<4G+tgyt)*YX=F<X7zd*^qkWIy2YN5m(#d%@nVa)prx6bt_9sjRX{iF
zOQY&wL?*29SNX=U&X1mmJA(lK64}%HyUFI`67J{ae9~Vphmza@_@{CY5L*92yE?B;
z(?f9o7~t<zXNYa(5N{_NBQHbyJK3GxMg8Yg-%XnPB?Y`bo3X&+dy{<irav}c4ZeD_
zcq}%-1pi!oc~_L3C(5{o@lRk=yCsj-x^WNVpTb;k!If8IM+ETCjQXALACG%RfQ;ec
zOW@(W1n$nWtc?CV&GI@wgGeG|>>ZZdn{vC!@$KF`08=NqeTjO#JHiPB{}*-QsrPfg
zh=0||>M!CV`H~l;=$F>gx4%jVx0dk!P2tb>f+jB}4GSG}$_6DGlRZ=ND6@4@C8Xn$
ztxj9o#dy-(jpt<Q$S-`Qo;-Ev#^be&4pIvb(lQDJ4fQ%t&oX*QF3;35x(h02QH5d!
zkL@zrNiL7=GTI9&X9xo+&|0>An_@fxZ7s(Wo0Of>l*<$@R}7cMWIx@z6yZzozp@<p
zm2#x0`$|4q=Jjra9wzwTTcY2GM88*}^7BhW5kP{RioJ;-+=zJ>`iwmH7Z&?GiIK^#
zulgJ3e$X2?zTi-QV~l9-*b+n|N=AnJL?{1(xb6WYHwS+fkg=CfR2W|_g(7**Ym0o@
zGIGo?d8+Y6_1(zl)w5?~eD#du!+!g+L$R_@30@2%o`>l5Ce6dPA8)BWwF-x?pfObV
z2@nQ7epn$7hX)OP<NHHO;~U>!;Q#P9zJFyt9!kjcfgt5I0}}qmw-WeIzwzDB3kvEH
zI6NXKkHXy?37$CBzdac|iWpOmB6>f=w$$#q0o@~?rS!+eqi^zw-KnSQP8t^@D&K?j
zC*WE3DPZ1*j+7pp5F;v|g!CuHqXWs@tGi}SiV;;Mr^TbQ$=qkHW=@L{9iB5BaWE4f
zQzY}fqcn47jHrBe(w`NNUQg!6Gc<EnjOY+L`IfHeS3K0;6nI5H!3TYd|Bw7kaD3Hy
zI?iOaB8N}mLDJjYJZOICv*4qiqBgAIEfIC^Z&2F(elenh_fb4A4>Owg%@GKkPO<!q
z0ob5}M&O)<QLh50;BbTDYYPT#RxsgGEzqi<FHl}D$J(h8GoldD%&$R5+Q@ggqa7rg
zqutbZkMa2QYiN7$nb{cHYF>T-E<g4c?;xM8=J!gsPQ~kl)E4h;=kfc@@nLoz$54E%
zoyX}XKEuwVzKjmR_dv6XP{&M+#*E#A@0gBZ9-nE=*dzE<=$asJoOCkZcG$)|)|;`v
zoyX^OGZv-EtB}uYv+O%48z}eKP(Cc0*=G3uSd%j$FoJn}AUCsz{QOwv5P6p}bCi5`
zni6X$!AEto+DH?#kS8wVW5d~P<a68E$h(VjeA6nYjl5-%+gttDN8ZuQ?Wg`zKM9sQ
zP(DVRJ6IIw`oXx#Q{yHWDtT(C1fwHQjgDYI<f#D>jDb8g27<89Q(-Tk4$oa1kG={c
z=W@E-YXM#wQZwhUKVgy0_eI7>Lv}(&z79^J*)$OB%(R@&Um&0f{*Wl++TV>4?hhf}
zy~{?R{W#*fOKvyjdh?%n5r=p{u;ug<(>CFAbbv@Jo)cxAhMg1FCq>F}cBGvgXU`w_
z67Hs<m^n?Hhv57T5N*ei(Uw1Tr_scrM7i#TOjz<Bu5l(q2i9~i+NqB>zYYWkFzkpV
z1|1FUfM^$L%enz}biklfWZUDYu?scMd>Wkj&=Kvie-m{74<LC?7?tHYRNw56QC~A$
z*G2nu^X89v8Lt+bHgCh?^bjB}mS?qr<sRx%WcDzS)EJk$gdvUHS#7-2L`+5A{Ogkn
zqlux|hTjf|_Y~u28HGZ&&BrD$-jl|+9R|P0dvbG-y~b42hh$1MeN;6aUJ2}uBzkSe
z5eXnZM5_6dsYb}%1{_Py3|N<aozXo!t?uDU_i;(x(L^VhU(P0s7Tr%8-9oA+j7~OT
zv@~Idsb+lIYR0Q-zD-sWNkn1(LN;NVRFkpQQ?3_MHDQ`Gp$9n93p3N|o~d+~ZpQ<2
zP=OGNCQcZGr!xT=s$0iF1G`m`ZTA^VG-!g_tz|ET5UWx9L$?<)Ivs-;oBbssX?H|Y
zMz^ls{1&f<s_fMhY(PdYY0gGdrI2mAB5E^wC9CWuUc1Ot**9IwGWtrD-=oSgta4yy
zZ~nu{DkF(YM&n5pfcjuZ);*?5`F=;+K4ZvXmD#VFdiG3P&z@4xuc&7}>)E%P*ZI>a
zcn}YeyEJ-aCg+k|EQYyDiF=dTz!sp}oU$J-;{okj>ua6Q){@|*Ot)1dfVNljMa^qC
zl80*Pn@eHW8uq{#an!$HoAiy4s&C{O5*Z;GW5iLdF427>-xx{hn+a^dj5vPYcnupc
zrQ4c2*Wxit;7z?5U90ifBG6X-+7};o8P1qNPZ@TAk6i#xubz#xD!vf86OmDTACQ?q
zrZ2>w8K2HWUqhz#S6M~>20nw=ne&-(dtUMItMTv@=vlLXJP!m0T!>P~lmB`1>Dz$M
z`W5<aCDP$?&wGH#a3D_rnff7$?0m!X{(*w6&uc#WWn^we*=8;Cy%{~P#H>U`=d~(+
z2Rep>_NL~{_q{LP<WE|Ib5UMVN6<yR@Mrp9{F(Y5G?3i_?6&*n7kvYo#YTde_m<~<
zmw{qm<Q44?x_B1sSOH|#AwX)0w7vqT<3x@EauShyfSgN&PeWZwWE1ST0m$^bNnHf$
zuS6aP@;s4WfV@d$=vC-1A~S(}4P^Q+qz(g>bs(sg_%rJ^P@Rdq1Edd;JOt}7B9nlO
zCUQQIA|gA1%q5Zwf0qCm$M!ypcD15ATE|*S#;@;6w|cEFiM5=z1!7tM)DkDeniidh
zjH1i&$D4LD{`Lp29ZR1SYgY6KdC!rDOPLchaq92^77P&0pNmZNrp`yy^n4w%$Z6HP
zRq>EZa61!u-i$jLU+An>eReM%j!EVT(8ce8{W6d#hvLtd;5I+mZ&myP*e8&EF_5!~
zTmZRCfb?628nf~tHz&H=fO-&9OK|V;PSm&_HRi6}yQl{Aj6(eB0<jj|TNI53Ui>*U
z6#<#m4skLU$kdJaa}Ub(MY$Fon--l48fohJb8#t#i0dZ$S{6@0foqVb)BMZO-e3aV
zw<o$BkTG4&W^lR;QX$oBHa$6;O;@uSgk%COPCLsK%Pf<JK{^5r$e6dAH-GkrL6woj
zy_m`N7z54%sgmD>k}8E%vzdJPC;L@X&p~PHIY{bhiF#(Tp0e)V{OCtmYTyOTKk-D%
zBQY5PGFGVh2imy3&}7v$c-bpS&IGy7SaR9gtRWy}DpzDHkbP*fkTXvPc?UM483)UL
z<SvlnkArFF%vV4@c>%a<4&cJfdvrft0<xZFWOo56!ke5%d7by_i!CAm2g^g?6Mr{3
zFj_>sEj{EfqK39?ghIR12!An+=tiCXV(L_Asi^1n#a~WGd4oBlG3Av2IeP=f53Z^!
z`rw8xXj~j!G!D#qp!(+uxAw;pz>|s7U{mM)KoR`C!^Z8MG;VJiC;KITA8PdGFWrGF
z_K5UGB=O8fJW>nDlrLLlErJ`^CQXh4$#y9+H1F^CC1&)M=-<o^eFx-0?SQuUGxAEv
zcO&vBkO4&A12O{0j1CBh^H9KF-ec`<HNN){a9(uocM7=gP*eNv1Fi<Xq$?z!gpGTF
z>+jQZ>Nw15JwC=%PkPkQir8#qRKyPAU#~*`*5Plp$LX<p+KKo(>o8P%HV~xwLq7Ao
z7l0u8u*pVG90<tlCei0z2L>A`WOiqe?6FL>KiJohX*Y(My}0uc*Jk#Spx+&q|G=j7
zYm23PC!UWm)xNd`ANn~CoIz6U0#mJ!GuMG+NMsI^z`fj5JIsm2B?D2x$<W&ydNYS(
zGyM#RCBAOkiX-riNI>SkQpv-n5+SqSF<QquTD|#&Utro)rbZH9W7^4tF<B}iI$W<j
zq{z1O;4FpC903lk&T1!CF9S*6Wy#@NC{|_<ht<u{*IAuAc=LZu*5xPuz6y6{0P45O
zvW|iZhMOX1Zq*fJs|udh6=bJWFcKB)jta61T6ySOmCVJ_4_9N4y9k$}ttRyR6jQnK
zRwVH<h7ZA?EF(va>d8Y;I4kQ0{DmF9Y_+mJ(Pk-fW-oAMgin!nPXH;Sd<y-VU24b~
z$&o&bfiimmtQ-R?{aM}B0PfdMZ|1Hz2J^sD$S~zq09kjq%mW1nAB;OztI@w+K@JRJ
zzhWNn{>nzAoDgoq3L-DY`a{$Uvi@xS|J=wB^YgGg>@hzNOZ?d@l7~R%#~hKb^!zIl
z9Gp<r9Gs9Z*TJ7hhQzK+mTw09`>t|KBro#%&7(>#J1Q@>`U5oGQ@w!dzaQCqG_G5H
zFRK3U7!9ueqw4Cv&5Z-_^)EoIeYDGBA7Axi$i><d_gYTH^)bPJCZcx0>RkI7`DA0O
z)5a@K6}AoB8T-#lzSr_55Cs2dQ%u-LD|YXZSn>(}>}d2XRO9dd5jqGIiB@tCezsKC
zN^Z6*Ty4w0fMCnVW?^p%@J~`VReV+EB)Oxa$|xKgy-2!_y!Jz!pREInXKp?m-wX~g
zIAi1%IGOo~CONeO-f1ah5a!IsZ*bwLqRH-m;5#UzaOSifi%Bf2Ao!WcJo&k5gq!C#
z^E&b&ml%Q?i(STn35<@+L4Sv7e2HDET8XL#{kuPWJWuCLM$V9rkYh~#3;bqqbCgK)
z%|RpZK?Px*9u6G`9gpELzEJCYlRB%BWAx;Qbe;n@>HI-EfcL;0BevZ|J$&Uau=W_{
z^c;(Q@*FL*ln0#o$k7_)_unGD@oREm$Pe#D`oyEZl8~3+LCDugcoZM$7msG)(<BRS
zgXam6EZo$Y1Z9LsuV@Rj%HNG48|g*7?EuV1kzTTO>v<JX&Jx|e+7D<So(Fq_J3@>p
zuLqF6P}9Wo^Lt^U8cJQ5F?hJY6RqsL7JmqlPSIuL$vv}3C*ra(iFD$8;SFAm45qw8
zfSdv!QsWTx&#^3}HU5ZvZvis&yb?Ow{TkuOv<_SS+E&+MTkhBWG*}%$$t5LE?CbX$
zj^i&Nk|R=U_-N1$siUZpJKfdy?eBTVL+(2e*zP|I(p%kZCSC#9Q{AUPW;c*fcNnf;
ze+80Mw|Y{k=ke!8|Bh^Iy@&L`{R3nbw*pd1<RBocfv`As51#-rtAH|SJDIqsK<T?6
zyMu);0P+oyBY^xWrFA0@IqMpT9(q3d6<!WhF}MCvWa86vA@kPVv>eYIE!Gc)c<ZXs
zj%PqNLs1B7o&UT4TOZ$v<u7EtI6_;oejyHRQkd&Me<fY+k!f>VrOmzS<un?+VK5_g
z)hb0dwduSK@eJ_WM`vYlmfynR*`7GkuU(rKE-NpsU$JCOeQDkLHRZLuY>eO)W<1pe
zY#%^<MO7VQ18FKC;tj=MnifHifU2*mEm>Y(II|iu<u%@s$f~KYs;gLCUbsZEmY0;3
zd!vwDy1uU5TL+}PrluMr6N%f<h_|W0^X`SK5WL><%IcE3;lsT7G0eWKbqNsGKX|y8
zsZp?*C?4_l?v6X(U|=DFEfr<e%gP7V*DW7WSW;G2zNT(gN!5yS?|w9O;bJj>B{zeN
zc!yx8_dZ7EuWev*`SQy0vbw_Bx|;g3x;b!zw-K>yvP(;r&0b$sSF+AqisB}>rsPnO
z>;rW)ap(|lY+s8#ThvXeD6d@R-HED9$>sG`Ws}QGmce0nBm7NvZDmDSxy~O1|C{`I
zC6)E%-bZ1{x|)ir6<U-RD@Ih+IHzQVcRJ=LlRLGdYMECR$`Fkcr5`r5NXk`}tS(<B
zZQ2)YGX1EWqFS-6ZBja%e^AKWLul@#%90he-ov3fsaI9WK2W{4V7BKiMkL)Da;wze
z8<`R(wT1E@+Jy$Qpw|@;@$ST=_iP3~)PV6{T~k*$h4ClBMxkXQbS!3)uX3=>1C&*-
zUQ=1VZt##1-UT3yYo?d1nZm&R1p$aYEU&35sT{a`b)D#(4aMclAmVjFRSOrJLaIYp
z&pfH;5Los#uvLISNnJ_p!G&}12hUZy*(=H>l+=}Yuct6->q;<6nDPM;Z{<qtNDzrk
zlK~O0LnWq582d4LXyIb1jjcX>gLejUDyj<)sHtFst^-xOzN!pEv%1pb%EuU8Q>R9r
z(%uytHEcU19W2@(LJrOYy;DJ@X$eP}ojtp*r0ih%lqoA4SW;KLx}vO5If(sL%GxIY
z5nHC$*YSf2NXmdV*dqN&Xp?g}a;953Um>SN=d_0_BHpYz&pTu&b`@xpZH>75jv>j|
zT~@xlyk=4j;@T?@WiLVOGM;#SXTp5Rl0!>sE0$DLA5vbnq|TeeAki~f*~*eCG!#Aa
zLz5tPpj2H`zoxEG@fK&YN3`aHU>^i9ZJm)76e;AqSmWJ^))>_*OKMlHMu0tq>JVU|
z3aiR1$5mFB9bCR_T19Q0mw<M|)~1#pQeIUDQy025%)l(@eILqQWBR^t>!g+yW&4+|
z!mKyDtfZ<6W_5tcrUq>mhX%T|#v2DmQHM7qq?N6iTUAl#m7}B{UznULLwb}qpxj4a
z8Rgpi+WOMkvYLuDbrscBOUl?(wB;vGyV?sY%ESTQ!<bwaE_PO$FS3(@>>s#G9=tV$
zrO(PatE=95JGHAV1L{%vIVk~ETwji<_fD)(Mz8kFxO((Vo%h9{BuBM1aM?ca6g&op
z+=Mpiu(<bktf=#rJ8|cP!P^)(#*|X}Otp^VLk+3NuTlpN%y|tE@lM}{S+F_wv#NDi
zroI8TaIq}XhgDaVd&k1SfSOZNQdR3c25mBA_pieGo!8VIX{Z+C{(LBsg43$YO4yIy
z1(000xUZerGpyg64JuT-s*mdd<LhHnubL_bq*N?JoQ+e>J?b9pO0Whn@!KL1@0kbS
z0IZc8Krw1$Pf#cu0W`fJH5X&_(%pmIL*er3%4IW4Dr&qNA?g<2-_1keFHp55H>ac&
z&+GhCmW;k>IDJC}X0ItPt0<`)Us7A{Vcdi)W|rE%oEef|=Akzk0p;Er7@cfjU^bTz
zQ)yBMGPTFf*?|{Buz)bB0BQF*?wGW|ZAJ8Eb#39K3RwS^!j}{0@7_y?&cT59-ovgN
zJ*8GkS>#kKd?zy)%CD}*_>~QzSCkuQtX*GQhcEX;5r}qa>CoK~6DYc@qGn3f@@lV*
zB5BFwlB#8}p|{c$(mhdGIJ;s6mTd1qSmi7+PoaU>UE&I%pgS&S&}4WEb+gMbqhLgq
zRaYH?-EUdN>XORY+<eKce_2)K&~D*k*^eS@_zQ+Iw@Z=A^5u2oSC*I5d0SA2mcl^)
z8I&o(pLTJo@HRq=$xG_s&t59aP!WGJ#fXS1@dxyJX9FVMMY!d$2!n-B6fRs`QnlV2
z0}30K!b#ONt4r#*^z+pq=FFBw4jFu@gc)nrcvCcQzv_Uy5Q-NrUO2=!=jE<S8YR>&
zj&GK*IKX>a<E8b>v9i)G?>s=n`vLct5*Qu4U`^A(A415^R#7t+`Q=sEwqrRSSXxn4
zQnS9WvZAi8vV3CIvWk)_Zz}{;$6}RSkVd++VucocBoKAB8Ry~-$!}mXU5~Jdc;_tg
zy<-rHJhop^QMa<bv=9r}z`F7}tas&=C8f0k*VI(6TR#AMg4F|7R1c_KcCgA}#=tsW
zC>74EtY1-4HNF~yVO^caW9t7{)#SRmHAc~iu<}1vG;g|5!z;J{K#l1nTnll-!=uyx
zM$1YztfaEC6wAffIs{}X`o`nU_WwpJVyCXYR_<8;H)_^|JCHidJwBH4AE?v;QC?mn
zmoGe&{*SfHDGNe@0Xq+XZGV;TJ%ORcbJG7nbI_}}m=O!9`AyOMPu!zD6@!8&R{w!!
z)$$4D%S-Aj>+BK1Q?>tAV|ZZjux)ioMOC5IZ*pxT*^D)HO<c?7>GiG#cf<}t$z;yo
z>u{r1W#E|jtw@eO0l{{Px!5A(EM+Gyjk*Erp{R)b2()^K13W*0Q#CoifFyW4$r!C9
zc_$3m3`K!Q3`Z`a(>Iq}pu;r@i9h%-mrPXXWu9!Y3^e@T&CSwnP2b+ex%ABcX}-cv
z=6}fM|3>qFQ?~J5_}|xq5o@GiJ(h&E<`0acs8yB)|9D*e&y~&i|H&%ble^{(yX>y@
zf?d|FH~wFEBRTV?n`2}Dg=X94U2CsBx8sU&7oyHC>-x&(Hg47b!m*z`P?WU{*W%$8
zVQr+HOzZ{hX&T`^!vToI@f-D;x3r4>teITcxkyG5#Mn$O-I;-G9&&JoATr6yacw4_
zq+m%u(FqjpCP~TUQ0|GG-YOT`i5Zz>u<VZ9ep)7}9S4p2hRn`LG{L(SresnEmtnF8
zQ5JAFVq}sQa0fpLpk#nZ8iT*%0L+afh?$bfKxC=;fea8y2jVYI#2tO?h)WQ8X1dG5
zPigU4^)qoLsuCs6W^5uEf6KL=lz|<1ELm|?w}!Qmo3x9X9@m<1)tknWZ&K=EjkxPT
zSue|~=MhAPu{yP$KhDjAW)JP<w$5(#qgcDbH6(kUEg_d_UqB1!U}@z!dc@W=2FI02
zO=rez?pYjxNZdxUCHCO`6hWLU>vD%7=o{uzYl!P?Cf{nbY%d(Kg~~csHLm#zlx3O<
zNNo{M`ItDgQ@K6|EK)Mo6s@A`5Qpo_$mfVo)pRRl!!1aTKlb0@ynl?8zMkh>y4<iP
zdnp=PV99#9R-C@U2?oj3qbz3SwAj|PiB}&;wrm^ZDA{^oJP(Xvl;R&So(qA8d5qXL
zMM3KhV4nm$V!s5uVl-toK<S(V><FQ#lh{VZgHB>UC<;1(h(A^BASBV3|A5_wi^*C!
z+BCwGE`o$qm}fcXF=iui+|!&U3HrS-pnynXCF?j3AaUG9-~dyhGADf1<;zvq$&gb`
zWb;1@sD3Co0HEAPY`mh-#8P0(0v@r$0^a$+E)00YZVq^V2lhh1Beo;pWx^5J097Bc
z-4uoTMgbcW@QBR|c=f;z4S2*(33&GddobV;dm-Sp!0~A-fU1vJ4@IHAWx$pPJYq)#
zyr+RZ8}NvI81TLamX9St`Fa$vF+wr$h%HtWYTzm7=72}+ynuH#u!n?VsC^0SYsG^W
zVok9ss2)RSNn*cGYNv1rkQ=dw%p)BY7pK%xwwV=Q^?L9bZWD|99420LlMZTkYNg%~
z*O@%WVOnPD1)$CLq|NtQn9wO=vl{ffE6S0jT*LJ|kI5y(-KDatx-?ey!A80FgUgg`
z!GCJSu&zqeLHLiJvZvvrHCJ!b9Iji|-b_$$$SS9YuF#s(x4@2~mr`U|%1pc&iE2=5
z0gOLCLF^PoVYB%pu%|W8OAvcQ^X$3qE2pLQcBWG|6hboAs#!A!IrN#WX?1rIl_#Lc
zwHKVjHCJnLHemIrC*(7y>{e}s-kzaeV#W$TK@7VF@q-=lTS9u(CbEgM2|6((L96Yn
z+pl!Z5v^T~7!IRU*~ef)xDB=?KRF}Dj<;r=p%O{g<9Mg1<{kqH*6SyTU8*Q2zTSnO
zjTIS?<t7q>k~nXL`P5}wNikCzTt|0y52c5<Jh-_`Zct^5$%2wt&nzvAQ)jVxSL&e>
zV+Gb!F0GQNmq<grJ$fp+@%WEz=jN9<FFW#sO9<HrTehy#<+$vdazG`q&M;s3Kg>0?
z>WdrC-jGw$*qiFn?{v-Fds4G~(c*I&M@k<RBOR_CQIl*g=7*3Kp^H)1r?et@sY>o#
zN0WV-WzQGq*s@L>->ta}NY-P|o2gumGwm7JPmKGp)RNn^Uha5PxnJ@+8EG8g_o8+P
z7ege@`{_ncn9rK*sODqGOuE0E(X&Z&an%J0JF2tsZ~)T;!0*{OUCTCPW0;?6W0@|U
z-o_g=m%eswY}c0-sw09lmzLIunyF>8A)jtUh55A6j@?pSI=zjw!Njs_<HL4IXFNS^
za}iUlVH6<MhJU1$?Wbk!$X&^7q;UY#TH?ik#^#-CbUD+L?xlX1pK770m9>z&EA!6F
zx@O~Hdv>rj_37WRzek36v?1Ht$-=Opr&8@-jj~L7Hb8GET3u4F)!d|o#OSG1O(&(5
zH5c->-mkRmRA^E=0@v%K1}Hns%4L^dpt)MRGsd6QT&@Mso~70r6RkYdNgl|kT2yO$
z6(&8EEEkp-3JInrfYeJ}a!f7ok7LzAx-1t`cf?eO^hUfv32xKqB6`{03!Seeb&oh>
z>ln<kAq$)l?Q*>YmGOQh>#=9iuq-X=5|XsXoh!LVNYY+OT}cQ^;`;WwULW+@;`nZd
zZZ&nA6@fTsYBjcl9%b_-QES0Kg`2VM?!&_TR3ETx$eWH$VXoVs7wdZWhLD+yco_J5
zbJ6R%Ttj=HFrW6?qath(xQ@N~gUAooawl@gX}GOpb=h>WTkPny<F#?UJqDAnjyH{;
zc+@!=pymblxOuTIVS3b^H^Tf~_0VXZ&m(a}m?$Iudr@|XF2`BHlmjY>Q5fd`uZ*(T
zP*sO(FTK~;sMtrB<J_9g-Y|bx?XA|jx#w_4#d^(47eyyD!aHB{a?<F$ypeKE)cYVQ
z{rP+TnV`!x<exBqSN&73b*J+Wniq^g*LRKauGKoz`L!jdNhD67_U#Pj==B#XB*vLF
zb1v28MnKApOyc_i(vQsZbcu#WW|+ULBeM^yM#=@Sti1xcTzggwbEPHS{X{G1(I+^V
zB}4O`Gb@J6s#d!z$P=(ET;8tR<$4L;x;sF(!d`J*S-XvVw=P^y<6PScx2#?7lrb;|
z$?Wme4O5OadfMKF&KpBX{l(f8?sa2?`G+)7GTa{f%<V(1iJJo4G_VbBl=-<XX<DPs
z%65Yuw#L4u_QxU{iL!`{2!1M5u0`?`?PY-`pNaE$SRUFCIV?$O>b9@JSti^*+m9~S
zF1t|Ml@Bq@12IZ7(S}mZ%LJ|ZhqGBxKmn0N*)v1!qpZC$f2z4^FYBIqgt;j_5N1-b
z9gHs54#qGy{g7JDT@#WyK;j+KO`y*QsAVmN9Nr(Zr>t9bIj+WLStC9T@Ozi@H|nzV
zHA8{hiWa~*Nf??NxCxr(G(en=C*QrRYiwcN>08;6GXYXEP!+AZd439)a-3S}Z~FqT
z)R9#e)I6M}Y>pMe>m6AY!s+!M?Z`H!_eU+uC6l$<$Iel@4#@<qePlgBb2%xivg|c(
z1KmY1RT4sy815xnPtv2rl67_k#S1I+M-~U~nOUTEH#xA`J`ValeJCjDkJKHOJ*rVV
zZO`qB?3HQtn!dH?(3>1tyKn8wws&pW#wR-GqT@5Wte!H{+w?C-wlSM(Mk<fC$A65O
zd@IV2)?7OhxILn*J=x016FBKLHRrh$(jU<@%9eHOffio_tZ@9a-7c&B#Mvm-;zvg#
z8_C$D7VM75p{(7{<&&&hotfI@+B3DwwKbm#%}i$buot+qG&chhsjWR<bLkIq?Ru}(
zTyu-9ajw1gysyieXDA{G&d{?1D~K&rlymXy)@rwQ!hR@(#BIC1jh1Zu;Vdv;OVKBP
zOe$q*<);NhVd8Y>`MLtr_4eM?PjLEe2~bWA>#^Nb7;UVU1HfhCf2rNGvQcimquK7f
zFqfxFm%zkp0L1Uc|Mvn^xBwA9fO7Vrt`1)P76T&Q5Ni_P(+f=LeT6ScqKeB@eO}bM
z2C(;{zo+LT=+IAeIDvdK#&4({ddRCQzd@F*36Aunt<Fwur)~*#rS?ajF3Wz8dV{(o
z<^tg*2AzukBr!TWXhCXARWnX=(~sE6wt;$nGINf-tv=Y6#XgN|Y=2cNC@~0sXw%_Z
zR_|6E2X5Bf^cK^-Ova(S3LXw%$k<!m2-PE{ci?2rWuR~`=ivg8IOh=1UK}(~NwhgE
zPd}<Xl$mkt_HAyo<|9KjCpDQ13cC%vB6}UL36PSZuW04-8#LE=)t>1d)?9j(o{S`j
z^-+}5KTkQDY(H&xH2I=Q@AC9upk4H-ku`fjThm8c6FZ!KvL~|=%}pP<D;yi`)*jB~
z0V#diBQ-baM`CRO$}=p<#1>rT$f_9X2`**rS|5dMcw$idEfbw~>u%F}({pc6TdT3q
zuJv&(YrJUt*l<l$*xaKU_3`nVYx}8#Zo94ND=o`uJJmBirXX85a^dfu)No5+CLP;N
z({w>oX*5v-**a0>ZnlcFtZi;5CF|Ln-^I3rowewVw3@QhYWgXytU1w&Cb%iqmrocR
z#L`<dC}fe$_mGstDEvo=$&q4T-`OskZTFfJqxqVf3EipDo@bZU^_Yg+_4G?CYZ`9L
z?wwZF>@jWG@6p!KD01u{IaPVZbg~+cJfmc5>`t!Gvf6%UZn_EFhU<Aom(5k0QI_4-
zC7^&vV(+}FWz86~$LB56l_W2NXrn!DT&`XAOO$QcMwe@AUNS?~n`{ABQ67k>2;zQu
zSwI1i#P+PxCDXU(P|ZzlNW*21&|K3$_OWAJ9w*a}k~s5y`jY0c6MOyLqH8g8o*h9W
z_g5Af8|)kKc8pAKRMx)wDb=#ZFLtdDIhyQEyuIpwo+3+I&6u=nT{P2e4P|*j#Avc*
z*QJ&1t7Yvg<nOfX9B^^HvdP*E#kloGnh0RH*iAKDZLq`5)n)V3mNne;Wn(y53kSU2
zSuWSH$|-9P2e+&}&<3C^lL;BS-XWS>28q-m>~d|*S38>3fG|tB-F>?vd%dGqO@w+-
zVmtmJY~7*k#rBREwku-2J(TWr^r)r9O!>Bb$Lpy~d&vpDFC0zEB6GQK2j4`kDg96?
zv+IHVtkFybwoQjSn(SV`r3nfmu{{l6x}S^*JREg)T)AAk2A6C1{&jk3NFP_5Irfki
z0T@?y)VW;SDwk_p<#KJSKGF3imj*Ede>nYrtGV<D$G)w3G_OOEOwZxjK?w5qrIakO
zYZc|Rr&^ah2BqDL*xD4WQVIUhqRpCXyr|-#7Ti>?oug%2DXz2VU#+<?FiqQT&|E$1
zIrhJk)(SJ??7sUvtt_t#X|a7_J!T%Vkxc7sO<4!nT-Ej-$fTwmdEJl;yYfCU7Era|
zL$4k_sj7Lz@Y4ml9E2p%zb&0Q>^UGR7kK6%)jr7Xq)VF1WSiSXbMsJ>+vEQeyeacl
zo3tmL{yWcUrSjxT6rs25_e5?>E6WLvvi7m`KDyTQn~`<4O-?)>p}DKHW_z2^IQM=>
zvuaNtt;xQbv_;D%M=iu8vH!QF)x@)F6-QcB#^NhlHhpV<YP6n=1C^%qWm`7N{l_d-
z76DAFoIS@Kn%hrv?fLF+nyX{jnbC}9;~RUPovy9YM+vwbA(o}<@e{=KP6s?<dMuz8
zVrKpG62#g8XuY2x)>%=`CC*e`qnQs>zv_~ZC8n>3p@&$Pw0c%+J>2K9AMJU?<=U-w
zx%L|1a&2$Fp4R^E+6sH_`$o$e-`n-<wg82Yc-74L<1YMvFF<*a^BG@kRMbJhN&*T(
zk{I24YAv=u&5UK+bE1|_Z_gzT*Y?>DDfPe{*;ml}c0DtB^@U{H)D1bQviCT$c0b;y
zxyE9<FXrgIc)ix#IM>#Ehc0W|Xx6)o#NVLv38fctNbFf%i#?0EHrQTsxpoB9=#i^!
zaANr1X)PS6t*~dnwzei%Or3g{;M`7Mre)L5Q>SXK@wnZd&a;zy$%c2F2k1SPX_wvV
z;Wig*2IaczcG>&i<=i|XX-&Fa#s{|SKXj~^qX;`1PSu*sOlL>Kbh{pB&Z@P!+KO(l
zi}7q<adaCe2Fu+Y9>nvZi&A7&0UCS0u~wJkY`}7SID<H^3-}-iX<iVgdx+!`T{Z$)
z&KGve&l`_yB#u{ktONGj&*vODK?H)^$+mCuxnV?V4`6$3?wvWwh#=P<9WK}QmCKDK
z4niGERXu10u@#C!%MS*&T2bH;s|k2@z}9QZ9vN;OjazR=yIa<d<Gp!-fn>a{#vI%s
zUb3y2u4U7Yxf0Fgf2sYqveB~7>E1EdkG732*KU27n{rckJ=$facn<Ys0J70cTz*`s
z;E{H=R1&4$rjL+pR}~_MA!A=Wzn50lobuQUO^mY?lG(7>fqxUPNRSvpY(aY4KG#yl
zHZ>iYjiw#2yCU0~v5Yhcpq{3p2aQKL#NEfl!zFU@2;CsaH=E!TVk0hq%8LMu6+c1j
z21TKXO;CgS8UWu(CpHkEB#Bij3X;UC0v<8m&1Q%AiF<&3DU`g~4(uDnLw!K>x=$Vm
zN$h4ez;L5pvu-j-X_^q!8HJaHu*9?q38=6R?uv|{dxaI2qs{hOkiR5sN!kxMn8neK
zsDJ5RGs{Gde88bUEMz72b7@sela;vU{S7=O1}L3xM`pNWs_`z@o>IfyG%wS|PDPEU
z>stK;F>Ym4Eul>f#&di4wj+SNXksZael9{$p$84n<$UD81V=RSDyY|$BzVMBs8CB&
zbZ~P3w17v9AHP>RCjpxr@QCqChKjcV*rtF-?CgMd8?ZY99<iqb-lxFeU0olsC|s^|
z4goeyQLu&BmVig>_<%=@-?e7BSb`WoQx6K|h&`rx(L@^rd^>>R5gVi^w0$hFO+s;C
z5Ia)wpoQ4Qih|?=z#a;C#I^^#9l&~GPExOG5$i1!Z6P*JQP6^JmBgWUONqi!SZuTB
zt)G@DZVSbAwk%uA71vxe*hA?}aM8tj$nSKvMnjjYvT(fAt7cC<A3HX#X;ju;dY{_`
z*&<HxNa<~`_10=xbK#oGHEnHpdwYb|(FAoeV(cY1%uQKT6KPG&)Qap*+YVV{46CuH
zkP}z3$;n2m-A6WZC~Hq@t|r^yAGA#)Q8ow54i=rQ8CYegor&R<t83#jtQIpo$ZSc3
zwMeroA-VxTbL?2%sFk$_m-FVm`2T(-iFq>IWIGbCa+++*+H>>GkZoAg&sviiEw)2)
zDqswfi6`Y+TASLIF)6YQ*E$)pVXocX|8lstO)l3ChGDCcnuD0j)&@u9jmbd)1w<12
z^&ja9>ULu$<ix<}V7u+U*e6ubtbL|jG|>fR`si}e#67^0{re!OzXZGp93sE8ml7p&
zQ3De_hWau435h>6yiRk|_u$<j>u9?@%BjcnL*OlDQgOk-#Da4!XLH(HbFm(zG3qRI
zA(NS0>`t1m%kpF&)!OkIX3}CiHe9aV7q@H0s@mp%@e<?Eya@pM%}Wp~Qk2&`@i$;k
z1UzETX`X%X>(*)SLc-j1yAbgM{?MgwYWupXhTFz}qM2r}sRhKG!`SE6KWbUs>CQ>@
zFwQtgMw1%09g#za+KqcJt!#moZEA(uUaP4!tQY<=VF`x{6Mxv$2U28djj_Sj`&o)?
zSg&pG7#<%W9Rlc#)&%DOI1}Jp%^9D6vz%EuT&^j~@#<kPKrSmpBmU5EBgkPzcjY9A
z(Mu|Zh_Q0=>`pNy4L3W{7wu4&AUh*ji4~w$0jS5m(sN7NtAxw7$MEE87=uKYQL{Ze
z^weAv3ie82+g}62sYPq@Y%5%D#9E&km$hyBhz>$ZZ<8(ixg#6C=yH!(c18AIjq0^G
z4Z9-ymhD65YA1fEYI(A+6lP*eaa9}+OOXw8mx3GaD|>=<xwcPl*P7Gsa$RmTcp{k*
zZ}+n+Ye%Nb^%FzUggpR^Q!hbmoT4yj%Ybo}RlIQ98n@nVITToau~&~C>yq4Hy)%2x
zjKr_HG#i?c!1v|7qX3E`i-}Xj4(-5X026BppsXD{U#68cb=pnq$b&ni<bFlbs@5_X
z&y){fJ$BjZP}AIPh<bE4SCxa~iFMFgYzH-_B~#wJHRbG94$_vV-woUdZn#73Aac2l
zO)Rdg?Smg}|2g*#GY><Pk&KOY;55}-)2H@CV|%G^O=Il|b5mBDEimAC06GveHL<f4
zh3>o&*vCTg(u3HiiU&zzSvnYTGZL6O%%UW*!HNe-Ai)goCzgS%5FRB@1a`7etex1!
zibCx-0oyJVC5gSJc#tIat)d|LJ+PkelfEtorcX8?NvuM6{InghgB9gimY3**e&`2a
zC`S^f0Xrk0E(G?lP_zXNlEk4GcCISf7}q{}cFWpp@b*xr;$Uu2;yg6-BGqUZAFifs
zZL<F{jrfUy;0^-_!ESsIK=bTZC67WmCU`^wz+Q}P*=0P^N76F|UQs1B2SB}kg4jGo
zVMN2sP^W{CM2CHiO?H@TkG(KAC037t62>bkgae43rYJ@Wu)he!9(n`VTZ#usV*gSU
zB;%-^`ydr9#QF<Goy7K26eNp)tr3bkiE#>6wG%r=QII?bn0ncWlEnB^ph}XM*~eq!
z3ty|~q$IIEK|B(hswn830gNAJP5m%X*hzH0y~?><JF2d$gCmfjSnN}qdNcjoUH<p_
zWLHT9N=f`-KbB#BLdzQH<&zw)Jv*P_aBUM^&35x#t{p#DJDTlFxmz5rJse%l_8jYS
zV{(9djdG)N3GT|;GyC0+751}BkAcgS?4Yoh?G7qF+?G|>Rh^K@u=vkqztMUz<LMwi
z8Q7@-1w<0#;QJ#Ko|M&0iISf**R)1i*cl?U(C)hq8|;Y6kT0CRre*D(bY<~9WylfC
zUIVCD;7Z04+-YwH&;t94*OhJDK07Ymvi1z^a_xvX&}n(De6g!LY;;>Q3X)95pKAE#
zA&0H8>zwGwD&NPotR4HuYguy)ZI9OvHMfZ_o0HfC?AU+;B8l<PYoo%`$3w2>=0GUb
z;+q;Rd#~mepsaNhZVWOG0`SfqFQbVs1)u`V>BO#76u88;DGEGdZ);v8LG0at2SgGZ
zWvc!PIhYB1TdQxF>Gqf5oq>XEZzMtNJViz9=rgjcgtB(@-2j)HnV{iYreP`Su;Xmh
z=A;gC?RasycG*`@mgz`9s%DpKYd#Q#e&6=6RB8=<5N<{Xxwh|IuI)RQYmZ!)YuoN}
zZLfSCvWnrC<DBwr3-KAV!3mFPO1eU;INKuGgWMdgWhb7?^1SB(bVGLHQ(!v-N|jVo
zU$}AxW;-x@09Y<F(HGc|fC3_k(e9S(42~(6Wo_;3h5J6v2uN%j>Tu2)I%30ST1^Y=
zBey*ru6=m77+j{LN5Yz#SvJ{cNQXNm)g+h!U9`cr|I3gKR%h)E@qJYhOd7-{YXv!p
z1A(0=6gPCl*n4a~E@*(=r6_z3gxEa+FWi7!*_37?OO+#LZvW;cW`dd(@QAHcl=E4X
z$Bu(?r1Va*n|k2!N_IE=XEk*@^F=+ILyY$Ulv%{`6@@_W4NN`wNJ(O4iid^+F;M^`
zj|a)CIkl4|c8gGS5wRx~1xa4leIOKdwn9tV095V7_)CAFAXyG<MZhC=big|U*u_Fo
z%QL{9Q#{m1j6X}PwO~c#s~XBOVz&uJ%ZR<BDAY&ny?_T3gZ4E`Y{v=6YXGH_4rJm;
zI#0XV9H3++mVt9HfU;SM$D#2_t<}D0vNwftVUAKTTuNppxCpZIpa<iO*d)zsnjoeF
z6g*=3!VIH6Y<Xtl4Ujv<-<%OHg!=2XZ|n`g?YbShejH>F8v{sf^K)8Ok1==>Vv^{Q
zAsit{+_LavRCnY5ziJ%+NunGPV{33S#!NEzKPk+_HwwsLB6D?!$yskECeB#^dAW51
z5Z?Y5Vl$9C0hBrkU33LN7~cY!oTC^@u~L0MR5Qf^Y`Fak5btZQagv&9%;}iz(Cb37
zDa}h^?gx9O0@&HMJ3FRbDsr`bd5LoL!U}*26XQ_YZeJaQ^<YT~zFkI5T%z*u?J}dw
z@QpUZho~fWLN{#}yepo{w*t?;gTm#`=%QsR^o<wQ4%g_hcde{0T+&|G|CZvLu&mv8
zuY_b%`lC^1<dk$aAb6zRwne)`mdUg&D#NHba@cNXhPGur`)A3<I<?x1-V}%1B5?rf
zSf%S}Z4H+pc0HIdXq`C_u<bw6kyX=x*+keLy->@V>i~P-v{iG>-9)==n9ITW0y^#`
z0KL@0vL2>d5n$^n_!Ifc-zmM?D05GgOpO*ZmhD>Bgld6>I2oe{)A#Bnwye{d6P#LY
z@1O2)^JMQ)iMr?)dpmWQU60eNw*8MgvZ`10Z4u{|;s;tbeXo9^xu#d`IWNp*ud-*D
zIA84K;R4d00Bb)Yx%fk&<)<sk3?F-Huvg4~X@!L-LigCN{8n>~CN)(LN-H~`hm1&i
zJ;U@g7!>auv9r}Zr0I&%Qx^!acdRaH*V0zY+7s|)wyd+XJPvL+9CH)Aam_sd+m@S{
z2yDNA0wRe%>!^LkJ-qAmPecARle!6APU^YN2P?k|$+PYDRAC2Ik291FP4ORwp1o=f
z)J#3AJ8K#Xh8t@~_IbLjajLy-%90-^I~N-0n5@Jnz`hPBAd={qzd=v97CU^xT)M3%
z%B=)YYnuc&+K&WOOPJCXK$qC<bhS(fX=$6dBBZ6QH5%M<3qs}ESu1J#M$0ikjMdq4
zW@D_j*HO1VUg4N>EfRkY*=f(dZn=_Bxh4tLW$Lrnr)P8@awxb#X?VjM;F&&i%YAkx
z3P>5%6ZTy@d-%^j%kF!7C@yfgcKo#mx8Zth*-lzEiUO(8K`o{=j4RtmVJq0yxsX0U
z>2W5r_jN61G}$L36=$=a<eo!Kb<>c;I_;=`K+CoV7sp&P6GZeZgU}ueiZe}WQ(okV
zLsHuYUUhW>)g7R&tVRIiMYO7NA7JAG-h5z-18Oa>bpf>=*yez`2H1T8^$f6=0_r$;
z@?3zbk54|o7f`(Ck}U(2mhqm;z<`<s?7)Dk0(MkDL4kCT(zzA+j|Dtpj|;^?PwaI?
z!KI%AQ$LF*SFz~*HUQ-{VuKY0$)Uie3q?s{`zs!F5-U>_BzXsNt5B4@2H4F3wH?^I
z0rfesZvyJyz&ar^R2v2W+cTihJV~4m4>?ca>~Z#zJzzFyZVPbTf%m@VbpTH`S<TS=
zF4`Hkn%?KDO2E|aAl6k;IMLezj9Un0>^5NRa^*N;w<`*gF9Lf*D7xbZU_U7y97l{d
z`PhtD;vc~H=)2MhmLxWLfVPH9soN-**BM&6D4nQ**zSt*?A>&@oGg30qw2m=y?eQM
z6sB(I5TL1kVk^iiwOT*%F0hXRiubqsX+8EL6V{UhJ$(FktaA(*mSJ7?@#t%M5y^)&
z<l2jaTh^XlTyDf#kX){P5zuTaDnvrFq?6TtB1=(@jU%=uy(Lk`J!b2mV0b%}mspDY
z<%;KA=ay_mHWH^NHr1YUS8gRwee;qL5vl`{=nLsAH&&vTNFk>g<_ZcgAAmg`fcmgy
zA~so3XyQ@8jtO|gP6&990ed{)5#yAnx-T5@o<#g_0dFh}9S_j;0ppEqRqjw=hXuSp
z0Xr?Ah^Z-*0rF>13`nJg$8@&^6ft$Xo02brdO6?`)32a_$9I#y3wXqSQWX4|gMQCb
zAq~F})32wXTrsHG0S`rjVPbt-6XpIm4@x9)?7w-5!cm2^P+jvhQIvBfUUOM8^yo$V
z^x_V1nMwf--<P3O*iw5S9DljZwNC<$0GG+ws#fqga%hcxja7TKh<bzZU&GcIsg+uX
zZOu<dDjnP-P)GXL3ysv=Mr)dMl+uO6E3wv|Ji<B}n!3U=Y_DzW2Cd)t#*T;V@THow
z*C{<(S!PNqujXkxa}ra5tr3bV46z!;!~9Q-2Y9q6Cqe8Up(sgAZBn=~AZA8wj-2x6
zAPm%6R0>RuK9(bPhVWR9*ma6R4NxM9k$a@Jo0f7W+7nWH>2i?-u~T$8JBq^PWCGm~
z618Xi-WMgqvEd*JOQm+qqr7Sm6P26nXVkAk4I!>`C25EB18HTmP&_sKUv*^dI}x@c
zzjkER>cdMC>a{&`)>VJRBVnmjj||pBQwN;$I(DmV;*emF+t=2%NBX6eP4AJ3j%;Hd
zS>nhx=8>y$^@;!zV2tpMSv6Itc6f3E5|*Mz?48RCyaGmw32?K<us=(MFJgk&`HBKh
zMDd4%fH)We)N6<OPg*Y}z=bBtGqLQ%D;2J5b-07k(@c7Lb+|>LIAFc@BSM)M+g91F
zb-A`x=b$W;nU3s<%pN@#HY#h!%14f@TIh066YY=5cM<iz&v`sGeMz%NwEN>LU5oLl
zy$k$Jb9plXmz7<t?)Y2}i|*PaduwXA9l*`R?V@IVoSm%^U~$=So3Ic9nUdJ=VM(^#
zw$bI<eMcop#m)_<FjKvOm+ct&CtkcDMFFV+xkYo+hwIOp%Ybxuo)27`G>c8LLn?k<
zk}J2hxG`J+_&qgt+xL5vrZ@B>J>(eAsEA??6Ma5hm*o{dxwhsS&26r^c8|E+#>?7G
zXZ>NTY|VG*dXLog+OZtwa%SW8lzNqiTAA3gu+;CpWfhi9?WWd`E3Fy$4_s%)naryI
zB#xcbOW4_(OAo56BDA_SfYsQO#zHNcJ_a{yE~89F&fY-wl{)ExB4FGOQf)lJ;k-4V
z9su@GKmn0NAKeV4rWe$}$a4lpSc1CkgSgkUQD#n5TQsxI*{gY27F)@Pzh{SLzxf^H
zRt!sUdzqv2w29J>JDoc0HP7Da4@6Iy_Rv~8Zd|TCk%hT>Po;h)jmAl$$HG#q!H(*B
z)Xy{$K(5`vXK3zj;L30((j~3v{aUn>=GvyZTzl}iTzgo$T)P3qPoP31o))qJcD*jw
zuGi(-^}1ZU-dmoOYR!8rk+^(WPz|Y_&Qo~LI<mH=cO9<1owD1*I>X^&ch`$gE1S%A
z&~DEb&20uDddd#=6;G+MYyn2A9fw;q(~KH>Ct*AFXGd0zFfO*NG&?-*aZ$n<V1Lbv
zI`2o7BY&0VWh8iRd$^)7pAp-vC}&^2k=I5@JpioHcJ{HF%flV6S^U2st>jBua*XEM
z9x>dZ;HH_Y*+-H%0yCdgcoY1`dtiK?ROP67Kg_4acDI?D#-K=Qd%|Ve9?q}kNWan0
zan^+K&nb(#=vwTuVQ#}$Z(*raOW)QtOxHEo{o-<MAJ8@v_U=xjF<$=j<a*v(fXrXK
zNt6vuLXgA6J}S9BSwpJr<T7yuYq<Tc4%>$x+$bvKsbZ{LfA}Y#S<bYbmf6<_F4vAy
zmuvg{hnti|$x*Fn<&m|wChL`b0B>R(1E3N1+|lbcTag;_mm-t0_GRy`$Tr8}e7NcM
zC0UruVdcIJU4_z2>6>@M9g1rfK3jK~n@%^&hAeXi)2VkV-A(ZyJz(o@yzH;KthO2_
zOuWsM3!tXl1fMp$4v@NW^Y04V#Pc6zh3d`=EUw!tVXk!cN|ap<5aLxJzZnAmOX8@B
z+^ukPA<+lq2!K0AM`$_ID0{`I(cIp;q;agPrO&;pHoZi7^0v&G$V>I{bFSzq5IZ%k
zXh&`~k+f~-N@A>oYVE`P!H%p7bZ&}N=NQXX=e!9;{1zH`Sm}uIj+>Hv02qHXDYY9%
zrmcgw4OlWS@e1^;4@wd{TqxE->{LZTlHW2)-ot|eN$j`zx{hq*P^&$h=cTp4c*K^i
zNh@nSZ4dpcwJgkHt*}>FqyqHbw3;Sq3+*RCIy|UK!WCLm((~^6xu{WDyES(-Dr-mW
zzqBk{Bl9^T$NsfXN*KG+OYHejW9_hS15VMh>Am;*Uu;b(iYFj5wSRX-cG$y8ZwCIu
zT+k|^NY!QYHIow!tFiC=cYH+2n*FA|93J~((m5=voZDShV@Jls7t)DRIb)ezro8|e
z`gI87^>n+f?x>iFGK@mIR}DvVom(MobXgO3_If%kg-bbeL1ZriYtzcMR5m#aM)zxJ
z75ACS&Gs7aa&0$<xef1J&et{Qc6qjrKWT0gUBA5pIYV<fm!xc~o<K8AXRw!Tht=U(
zi-x&x@ktD%q_c@}si7v@2`_3{GdS#e#=P8EJ*R=ol)misjh6kT(Xt(0X{_E=;5J<E
zagCPU-e}ox8!bCwdt>#Mg4=MP+|y{;7T72>Ty_<=5lHF%{BWaXJG|Cd*&1*guJ@Nl
z%l3R-Y32mS>7xi2XT);^xJaoy(wxbR4DnWu4C%!o8K9ClO^wm@aIVC(BzlSW2gu<P
z>KO(gJx=HGE-CXsO8PxLw9V)kgc8(ibdaWABO?m&hdL)XJ{XQVT^}%yKIo=(kR~3s
zpLwK5g=BzAYOEg08y`@IE@Ih68Ta=yZ-U*X-?2F51UK%52y2PIp{NM{<D_q&vDmZ4
zG%cG4SuP;_))Miy08XLlzrC~*rHn0U?<(w)0Kd$~_xcE^RuVl(#MHue*p|QfrjneF
z|J==UV?6&YRc`k*<+3!dD|iiA6_$bP`y_ZBFbp6BM?{4oxG#U$5FY{g+z=J$n?C`h
z%tt`@NShG+Io0C~aW4=)oF<$D;hfU}LOcuPWkW!#Bs$G8&r8gK_Iau*Kf!MrvtBML
z`SLE;i-z@tu1m3u-%%O9Rf6%c6CgxGm9Y=jhSX;!_`wfaPmT6XwKm$%+yc0L7v`Zt
zPi#J1*^Ce%wpmeFV7~>{T~}eB(|J<;ql$-e#Mnd{<4Tspkw*g*?=D~u29$Ax;)NSu
zq#MDZlCl?Q_qGy+eN+nrh?$#zwl_wGWJM9zJ4QcUvl@GVa{#WJigY0~Nh<IY4BGCx
zRA<!I4d9kq;8q2BNerFEn#tK-?BInsAN@;d-RD}e2PEm3?8K#T*yYM;m~V*Pt0?D0
zr0YLaeI0|6=R)q5w6c$CSvr`tWXd;E4p0<oQJU1O{*;!5wb~uT*b-&mBw$qm1w;~C
z-Q-<smO(8X%)<e6-VykJBY=JACy1S_D10670$`T`Qry!DDw&eTgrg{1-ZmTvzJxce
zIu@YpBzBQu;eSaq^Un7a&dFIhL(!`Fmx62RkWp#~r8O-2^ZSaTSNQ^Am^bMIMI{X<
zHWENR_NM+a$cAgNXXl@_CKH}EclL*kmAw{Rru1c_m`EG0*X7zfXP0Yl{avnovE*{?
z_&b`@JCgC78t-xB&~tX{*K67I?Yp^AP4>)jzvBzLhkkCfo~1i%KichaxpoVBeJqU)
zTC0wRw&~W|_i29BvOP4{?vbxGH@z<kK2i0g=MMSIZh>v%>EJS@FMCI$+&pv{Qwboo
z|LQb1eP7!#wL;6Lx8fOa8;<2tZWoY}Wha7~41i5oQBDMQN<aaT#L1%Yi^lYx3ocW7
z`|bWYMaw2_P-WG$^JAm+lzypX)7NABX}*?CUr*0Z?e^HQ>T>Nk_%q5f^#-sn?Xst9
zZu)v3Y>?}H-ls|7vhvdU6-#PLs#cWO((S(jSQQtLFg@6z_oI+bEc5^1f8Gbi-~69L
zj*0&p-%AGmyqtvxrLyrhAm9{U1M2k8rg*#>`-w*Z&jVfsd;nlF`iSq_8li@@btqsT
zz!89lcr2#VfnBlJ1TeAOrQJO57l27Qz()WM>W*)W1Hy^&-ytu`xm2f)z-Iv-0lXE;
ze{TT3-(Ltj09OL;0z3vV$?)C$TLz+SfQf@VZwlZkz$*ZgW@2Y_IN-fKF@f;*hfas#
zNOHm6_(@E_GJr{^0{=JQv(fl11%OG#`{G9p0VRMsfJuh{-vBrY@aIte43s?xPz^XF
zq=&y~z~3-nqJMS(&x_%>0<aoz8sH_stALLH;Y4{R{_pbB>A56S{%*{}PXe9-d<rnB
zcnUU}fFl4;15C=@AN>j#2iT_=uM_}g0ZcOd3E&q24g@R)lmjXNwSe`2Qvjy}&H-Ei
z*b2BDa24QMKu_rG4;Td4^Zz3K^jkXL82|Bq_G8#L36u%@=7E{1e*XY@I{-TY{AK0e
z0PW$o4uGy9|NS>|&3{Kv&Mxq0PQw*EfIm5W`SfJ#ubSg|F9LoBJT)(w{}pKdFf8Fa
zfJyw}#is!L5yf`_Ce<&%D>Q(ufGYqdh4anN>5=yqWZnmS3NSyU$NV7+@e&Q72w;9R
zkNMw&&R;}K_1A&G&(<{any<uFEP%<3PvRptq5lC>0n-2`l^%;R4!9BUA%Gv0+P(#L
z0a~7bgDk*HXJcLmY(LkO!s{lG`)|s9eJWlAIwMtI=4qaHE5Ib;4*;G7bU5AQ;^6||
z4*(tqJQ2!Yczn|CX(!>=VPLnh|DKTj)I|S02$^0dd)_A4^8Hy!{ojZ3%`4yJ-UHc3
z0sOeftAMWoUtt$H3hk)_JOua*5Kg8a_<uck4~F<JT!vqbxg7KO6}U78n6v<SF9Mn)
zuT?02zl$(01C9e6_Gf%^6!0p*q}#5->ra4h0UvGiyuz!o76D9p_c|P-0loqJ8(`9@
zk7B(5Bmma{OnM1;zrP}89>XiyfAhQ_0lxq;AIA|NfKQKh1eo-D@~+&i&^tS%*YK;J
zKsx}-p28sk;4gq{o-tfp<UffQTL64q?lpi(Zv+1x@GD>m%9wP-v+ytAbif4wlji;%
z>n?!F^b_$9koQ@d{MI+&r-cE02;$wlDXG!}w|L&)0j~hw0hl!LRy<<`SPWPJFlo#k
zc=Hx88?Xpq(rx!(JqA1tcm-h6;rC(f0-OoB0$|dF`*A!8SOi!OFe&l?_AL*?hmYX7
z0zd@)xJRg8$Aj-bn3}%``6YmD0CSg}I*$Uq1@I7n<-&=6yW=7B1>hCH+W?bV{smwB
z2kZmbA21tm48WvQU&QAK0ha<U1DN#FOL%MfWz1!O-T;%H+K#ved<*zDz@)=*OXys{
z<$&t|CiTM&o&5lF0E+-7C4k=yxEHWp=lfu`eI4JUegktV;OGzV{s-U^fJtsS-V!>(
zk-w-Bd7kVWy}u{7R@dK{+>rM%w*#1H{}I4h&Lr2~m%x7o@G0O60FSf6^0Y7SExc@o
z{KEkzt$h>wM!;c!69In$TnGp!*6)_vJLI3YpxdN|^6zXwp7~z^egF&#>B;*LuR;U%
z0E`5fbRY0n0UrQ%hVl>Jf$;;l0dO1OKET6(=RU@G{{*E!#q&G>lNypA4cVh9uTw*E
zh99o$S=43H<DX&u2Ydqf8er0GUtm4~yajj{VA5e<!ta1>fa?Gzy$hRv0knaR4k0}l
zuJXfv{1LxHBSspwXJAgv#B~qg;Vi6afZKDD{IhZ~zXCqZ!#HUII{=sE!*_t2n_`Uy
z{Jj8vgUrW}c^>$WfK^?vcj=02c))$#F_)p-8-Sm{>)sjrYrsm#ybE4t4?JKA7}^v4
z2ROPnu5kdFeUJ}m(-&(aV0k~30esOPF#vda0OlINhlQ9+Apa2HFM!VhJCJwLKzx4>
z&}}fD>;?P?7(E1Y-B2810CI<UUK2ozJ+M~*90XVj*mHQY{e4E@I}m`#81&6p_yN#m
zT#~<hZ{Xk+PQn@mFsU5))qraO<M)I88E7})ezf;-zy#zS0GJOr7O(|yGT;=z4}iib
z_F{4DX(0O&;IheRH{d|Pp@6kTm@fh61D*z~L*Au;uK;U6KLhv<@FR51N8b0qPnwGF
z9|EG&aI0WC`~>(Cuww?=2H<s647@>rA%L5~yQK-fiw8Iv<!%Jj&cQ)GU^8If1EFsg
zu3-TqfgcRuPh-Ee5c4c_-H8160X2~2Pw$?$2z>$HJv$M5hJ)a9z{_acJAgZLu%_iA
zj=&oLpYaY`|0wjs2W{aullY^Kl}mAL2zb5R^Z46yH7j5j;AH@R$n4Atd}kdn?_j*e
zhyT9?@Yje&RiUc@{nwz(A=nojiv9-N3gB;YT)!SR14<5q{~_~bEyf~X4P^N#?PrdF
z?SOV0Ftz}9Z^XI*xGuDhz5)2Yn^70wCBQ3y1CB($0X_ok0Q>;p=UjVUg!MFm`R6jM
zn}DmXKs&C+I05i=<KB>Y6ZmI<-jI!7jP_gw+d=b<#xsCtB5yNv@V&9F*J3XWSaLmX
zygZ5+0r2gm+W>s`XTan5;t1eg0AG;U{|WqnIN*h6U@KtkbBI;In*csrJ^lsw0=oWr
zBj!&4_YHh<>hTv5%c$o*fJuC4r|>1{2h;%gn9k^z;cvi|06r4a@)h_Euo=KdRdxdS
z*vW$JxQ+lc!+OofK^_9|(T+8*K^K7QE^m_*e~5hp!2bv_3^-^9`VY|kQ^f0Mh~1r7
zvj9&4cqH8a3)lqs9>62khxI(^!)P9M4ni4|e!|=^atNLX8;*5k1lBjey1no}fafsh
zFG6|1qk!y#&==6316T;VmjXUVJH7!N3D^Q?1!xbr3hllQ5Tqsf`n<D59e8#E2eFP6
zlfR7hY{Ar@{`fEAq4k>21JPli_&;ox|M$cHL3*^MIZ-VsEv+d(#Bc65Yuns!;YYJN
zX7$W!8Hc_cFPgP?#y%O%=?W2;+qMyQ&-|A0XnwP{9rK|F21eR=Q(8vz_s-oXS5DEQ
z`J-}kfySC5AHL}Ytr>;T+ahC3yK~32SE9Y!PiZ;2Jwi6_McS$?N@oqT$n0TWl9$s<
z6w<`74RhNzVnc)V#!+v(r0xv6URagnWw}b?#`x?&Nu0*#1WJU=)k=iOOQU3T`{R7L
zpowx+e&9!RO4F8pG(R^NP6g4d39OmYlEer&wz={{i?$&V*D2C5Zk4&c+v_T$f#JC{
zJk|phs9tjwiFXU}z=G9#=;%=1V5%t89%CI{U}e1F+B57v&n)l;w`2wLa}Uft07bLX
zn{(T^_RW2<XBYy3@fK+ZLwsMF&=q-mvfgCj45GQYqmY|vtf|UZ9oxJ8@Z2fQP*=zn
zkO;US96{zJLrrR@Td`4KZ;WnF3y$}jR^?-&QGJKLZ0YAR6X!9i(}1(jnl?qDp(x$V
zF$A%s3~3&8Nt|}I2n-RjWudPv*9GX}RzZNFKx;izM7&KPjy|V;ink4d8shD&mSK7d
zwJNS#)xr3gAAa^}Ri}^?o5>C+kcKwX4ejjI+>$l#7SxPL>5`&@9_%XphhXof+abNv
zJs?o9M_Si`fgioqohC!ASBQkoy#tGs>%^kn1J|K^A2ry}0=!U+!Ptx))vv%G+;VPP
z#AKW?*`G=o=mX-2RxBmM<iCO1K&g0;w5(YW8T8Iz4sPlj;xMtpm7HWCVSfyVH)B{~
zd2Q+GKpJi`scui*C2<lXG)IWN3<ob6nS5MfhiWz5x-VO%$D6cmBx8+@8WjpUkfVor
zotiR#OsIs6(6ON*D=Nkzqghzzc!o2}PH=in1tb^~gKm;JXp)g*q5T5qOLdbmyqZN3
zB~y^!EZHeV=nM4lROW^!kZGX|F>gA03xYF(;-Yr{LeH8GBr;|OJ`l5trQcC@mN*H>
zY&KPF5G8X0C83cyH{^CRN6d5bBJCLW2ZVCjK`M8?aYoWU4!;A<q?^nhj#ya`m>|yO
zh+7!yATe{1Q&fz_2~;pRf}#fnSt3JiOG3RX+Lor;M?*^3>B)t&G_K>PEL9vEDL7Oj
zq&!p#ja)7s(Zd4gV<8gL!%7OXFDpbjkX4v+={a0-BxfQ>Rt9QiaIOx;1Wc_8dQk$T
zT0$M#)+9p&d*(n0C2AZG!eQ8<bJ^n*OE=XS35IaJX|v+vphSsM@K7U29=4WY_u^_N
z%%xkg*?c*gt9Oc(6;<V{kQI|}tNXtHGgcb>C!06y-v-v#)(otyE-R@VSXWWCens`b
z+M2R~HT6|>6|2k9MYXG!sQg2L7S5LQAuk@ugvuyB@gK)_5LkqmRPFooq_&y(`$uc5
zsH!WksiFlXwFkp5_`9T}c70V@#q#w_LiJt_qhs<wNUG-A^|dwC)pY|as>&+smz57J
zt*EQ@Dl1CM2Gmur8L+aXa{0j3^|h7Ky4t#$imDZ8TxDh5`ZeXXg)7-C<W`nf6_%+T
zbv)994a<p1(>fE6$J^k;NAbvRAmWh>qTPu0A=aB1zNZ(D6cXz~Y$&ld#JK5>i>5t^
zNr`=lNr~~qq{L)mQep}*DS?Y=T>_WIy2N~9QerVNDS-<MU801T)UlkH)UleFl&A+5
z^>qU_GP^+9ax77)@p#Fk-IoS=*8z)0<Jls5i)0IWFY_aDUx@oapw~~p-<Wr_;BLG%
z+)t&|b#>LNRaezk*VmMl*Ltorf}z6gw<Qdb3U>99n(~rL)qy2zD$uJ@n7}}cc{ssH
z6OIxe;d;v|tLv9BSK>q=b<Dt|HgR1=9h7t6>@PZTW!I3-)R-$rY1~Op>VS9Yu4w<b
zp93|;65FHGstk=$JwAgGQ&Crq-sa!J71d%J^x`txi)P0&BwD{G;m5Ptoj)lYAJ>RS
zej~myF8#*Y0G)`R>xf5Uz~ikYy9H7FSVlZjAeqE^1bKS^i$*eFJF*`m(OOseI0-};
z8E-3GOyRFIpc>K5Pv}KA#q%h`5eNCs#C_np`WR8M2_l{<)`_C=xFY&9yQ!!fKolR$
zj7J7h!bdg?<HurR-gLAyb;3w>>gtlZm1^GbID2S^5?xYWQ&U}Ia!^yG54LF0cQGEM
zVS`BN29G3uXk79q6W>UyrVxw8@mu8a$P6Wo>*si6F7YFj^gJaaJ#`@PcoS*bLClWC
zbA%`pd6ry8EJO8cMN)bdvp2<aMfy+@8<qBT#3OpxA5OxLw-Ko$K*U=Jx*;rdBnUWe
zm^iTzfB&cxu?m;0UTq?B)gbN3Rf9EB8D_7kK6J2=sI92dB6TGpY^BMpslcON<;&{J
z%5~1Niq%W1s<|?$=-+q0>MoqpN5OIowlza6E;1~7d1ZBVjg_-<{hI1JE2px0#gf{(
z`chrN>gr|7Ek1cBFzTynOO_kcymxUX6O&g{{)pe|t18N>v2NAZEgym10RHM48EvPr
zTb{xomZ&<Ll&^-)H42xN_#Wc1czZ_2gDSrj@xKz^r1GCu`MsF`4DfhI>GyY;9nn$q
zo+3miUpwHmPx%5Y`p}<6ya#bV-c3sP0TIs^v_H{yf({_siNgC(IHK2%{Yhvo^N9QL
zJw<*Y<+}@d5YYjGmJyXXXgRTV)VG2drlfdeB{BR=YdmrYu%M0;NyOq)MZ>9-=|-6|
zi1jCSF0m%WE+E#H*oDNz-mS!xQI`=ND|#*`Ds^4)|Iv1yVOCYy)~>2^4n+n*Tf~4U
zB8Uizf}$uYASN(lrVA*778FuN4rRjB3MvLLVnPv&U<AxrQB)LLF(+Cu2UHB-c;}pZ
zpTli#U+?pLmmky^W6izNUU{vvHmIkngPvL{oOw%$vsbeWR-98Cnk)GfEC=u!*DdRQ
zblv*wUxcHY{|dARGqv?#O*Dd~B4JS*Xcld;NIK(AMhInJP^rJ5gTPrI8T1hjKl%dA
zk7F^I9HE?;w>T-a7>q?pSPVnn%rauQ857`$)OIYkNt`DjH#gfUsclVadjYoNa<$E1
z1|;M0ywZ$Ko|#(TfWefA#VvV@IjO~6SQLlFy~rNV`^}hmK47-~!Z=)*`9r;sy)cd$
zW+vnsVO1Ag>_u!N;ap>j3a1b=wWIVN<~HrIKMI@e%;sdEmB;}gd$)r@jWN7KNFMvx
z=>bRv`B_7`<G?Rse7O1b2GIQaC&>Kz7_>izpMeeleF54F#HW687NxbIUC`EnT7&)s
zSv+>pSY27UzXj7-B)6x*?m!E%2gpL~12R7k2U)p48f1PR2WqSg{Z?CY*`k&IQx97>
zwJ0B4Q9iJ`sG$EXbWJ86>$T)#$|^=D?JCWC(ioSWT0VI6h=D;hfFD>nVobuumW>=)
zJ}TIlVO7HhRFn@MR$ehEX|9KsRSg|pHWCYs83qpZE=SNtSA)yEml0Q5OK#NcCi8AK
z*EE~4g0m2=VFo$;Ft{ey6#R(mHuhof(+l0ls2}E^ZeL&g&ndZ9JhCg~tm0e?NLNV4
z+oA5l(P583{#6gy3mXOdIo|3Okd6Ee%?6iv37GHLVs)=@Zex4)C17oj*6)}ssFfya
zKh1eEw@mTUa-c|5szcCM7DpR@1gtox(P6G+6h>Z?Cn0BYyICk_qWc`_AHc2{-)bU=
z-C&QxGNH`dnOs}tt1DllEXhY|S1o&Fu8v6UDH4&|8~w8+QaxbB{tgbp$WuEAXw5FG
zC(4@67QJd@kKSb9o<wSvi6AzqJu(joWuD1Lrbz1snX4xIi|YqDFXP#Dl1Oe-^L;R|
zEgqc$Y7QESZArvx406V7&qpuLbuw~`8(DnWAon<M>^ZZvG<{1OY26|7#3b((TSL}m
za_tCYdyxpDBhX6W-X`L_Kep#i%9UDRebIfKcnl62QJ6jf(#KPHE;uP@H$wK!*|_yK
z;b`JHjh)#i8p{{aefID&`cEZMXgI5_{>XaYFTpQO%Go?*lZ`|)^dN#Qg=0Y93ON^E
z?T5aF#qI#0J=n)Y9vhBrNv^3GTn^dJTk-qA{k=h3gn0`yc?)P`icd_$kJYJ`ZDPLp
ztE?-M+uEMm9%%KwlZialHPwz3QXIVJIS$#wItge)vf&^Lb$qIwk!qKKw#CmYQ|<ax
zTLiK;_;HZcruRTr%05Z8uT!nI)|3<<ABr^;$+fgp><F}1xVwpj*ge$_16iYVOsbun
zYLh_LyPOHKN;4a@1HQ~jwR=;IU#x3H;&ZgRBDsw$7ERGrTa6ryo;7$l&|0i=6Y+O+
zs!bNsQ$8&^9}<o3CE<Yi4Ve4H=2oDM^6oPc=cOR4ET4jGytg{l)}~tNCUUibQUj3L
zZI){M!XUG7a;|ySXQKP!;_>PYY)McDng}`)^Gp<uevrvtH~YJTm5Lh7y-k`5H1To_
zl8M?~$X>!0p=YAyUFt@y3F>2TiBArGaNYX;CVw-J?9De5jzZl6XvMA-$fn@?2;tQM
zDE9CWA;rSq-Ed^D64gL^dOXOUzD$UxXQSBDD}+>)J>u^m`&^+|JF)WB3r8uW#uMEr
z9Pnl{;m8$!(vexD1|{oFCqM7VJUuzrC~Fgce(4d;Ja{k<`rA1iXxVv^i8%9{kjzVy
zbG70P&V;M};&u&I9<7DQ#S!<#kQ#3TUN8r&-!c`nD%I+0yCt)8&ZbZ;!8vc>+JO7I
z51qj^KKJMij?u(av&X-igrb|63$(^(G0t90-p;#!kh*`Lci%{h#qs>6Kzn`%p?JP`
z-n~!iUY2*S$-7TY-Dl?A@6Wq0PTgP0yMLK?|2}oE+g#yiVmV_|NU;}_-5gs9-A6dr
z+M0y@fL5{w2$3zPpjgSeKuC{!xx5V7pP2=;XBG<a%wiOKW+lif_D89<#pd!S8*yq4
zspZB!grjNd12i8_#vlo`0@>TK@veJ2I|Y3QOTk${8{AD3A~si`SVHdyS@C^LNX5Zx
z$&(NTf$>}5@gDR~n0r%Mw1uF>r?F5PpRJHRKJ8rh_;f_~`0NI>_;eQ{h~6j`*iewg
zXOvJHpV5$r&kS%6pHbg}xzE`j7R0Z|aelQVmx)@s2Cgv&ZtK9su}-I%gJyv??dS@=
zGUG$a6Gft78;rhG0|m>+OJVJEoB62dZP*8yT&oz6zXz}F)$9x5sK8$WZ3Ols$c7o5
zF?3HFXkkC|M=6oDQT@j7thddaG<2&js6Wcbuxhxq_#WOTG!>54@NYotC|ZFmKX**E
zPN{aFQ04%|&wZZ){Wd>0cmQ7P9xdS^uk7z34~}8hr|6z5tI#)(k>^*C7zO`;jgNvG
zwiL8cWiuf)bM9qJ<c^lNZGbjh+(pPE#?Rz3=cx^iWM2wD%*)&?>^%b4ATLiE_3L4o
z+#bB{TQKsV9z<5xjr;<*cJ3Gp_(g2G8(ii#KI>kN?$3ULo{K{LsT)}jzU?-0xG&a{
z+CXCV-bpyR<2{g<PK>yAhfVPj#{OU}ZxE#la58tP63KN(z5=;dbXWXJP&T%tHWxev
zliNXBd;s4KuIt&j)OG81UImxrI$`scaE!|SKyDX_JaSv<yIDT)v%}22*$B2j4n7zi
z3e4ckI82Jo`gGt!6aDp0gG}=DU52&4|2u*9{vX7kNv@qe%Gp|f)%J_Vg39y@X34mp
zn{6ZiIBm<wy(F6~{PWw#%$3C|B(<#uodwr?u9<I~O@rP)(F@HbkOzx>J$jar8a-$$
zWb>huyo-7ed|6GdvHP*8@G*X4nR$@MEIn^RH3T42z5su&H{_445sen_XJAKc{s6TB
z<+c;D-Gz-nF(d9HoH<>sf40PuGZ&uq;nd?`%{O`a8F0>9ua^q+kHK11!)6tD`UD??
zd=2?FmpclVA0aufB<qA@9p(?9wN=^HGN==+;1-Yww<S29Y$F`&Pwm{qhrQh)S?~XP
zVdKN4gWblbQO84aZu56+eDFFJIU7yq1W2jdoDMGWe7+Do$#ZdraE!L+AgckkqIEAM
zmi3l^bGhwE`P0~Yjx0s4A9Y~`q{Q>{U2J?V`bo&<=P!_`fa|c?(d5$Y1#MQ+0JH<a
zYz(rOyEVv)$__%A1vRk@*BNF@82f>SdI>!c{A7$B`a+auuOgSg-m9e{zn6?F#B*&e
z2G;|vUf$)8c>jApq{bbVfHU4SaMaxWd<pgQTDflF=Q8og&DVk5NXuI$f<D5$IM#qZ
zM)uLd8la{7OOQ3=oMZPuO4{hDxf*0eAcw*qD52xT(_zrJC+A|P`z+{}vDz{X@{ee?
z=R@jw`*){sWdFlJ%l^ke7L8{?mi@1TqHb;3RvtW`kH`S{m1#uEp-G!_8RXYVxjJ5#
zuNIAA-fg&KqP*S@c`ai5IOOhPkKvO%v8%nFSAaHUegkB2T?w)nt^!#B`A$e9lE%?5
z@34dDmAN$E%HYpy3C{CvJoMQ~Nh380nzU_aLl$NH)z5*HdeNQ_j;g#E98JZe!qE#p
z?dD#xUPW(Xsdx)$)BX2N<lU_X*<1WB)qY8}TssAzEdYDG5hN<lM#9krYzf>MzqSRL
z|2u#zZ#skG?VTZ<xi_C355ecucxF6?p$`Y1M1M!a0d*1h`wU#eG;nT5nYmmWXkt?#
z8F-y(2GR1GJ-W3BkG0ib6FTC$iBHnHf>%!P>1Q{{oM?{^gp~RU&_Hlg?{Nl$vtB%g
zgH@IA{xsoeBPSv!t8`~TYWoE3AMRk~<Vx`38uw_HNYsQ|fL6NZfvhIn3$na?1QdCh
zYcC&u$)qEzz2Q+Tjsp+&m<<3YRbmokZjB$}I31Gnayu9Nd1<bR*Ofb<Q@j=6S1#TP
zaMyr3{#x0(bxAYV5@fbW3U7DV?OA`92Z+SGJP7@)Nx4nqT^<Ur<+(Wk+{>HI!Qj1e
zt?{`+INC)WVIsqQi}6fIaZDDbVdQUoI?&s(D}ejq$+Z}lL`QKeWLS(}z>m`XTQZ)7
zs=d~Dgva<Xk0<vh9BwN~EANgS#P2Tg6m}Ac6m~{`ZE~(OQrHdt`(#g6cgWOOo9qKA
z@nQL~;HXT;3rA%d47AEr0kX<e1+oHA1BwE0uW;tNI%)K3brk=2f{z>Oi^OW@7U(N9
z&x^^_wm5k`YmJkNLyL%cTe#-c<O3H+WNw<|b%PruG9P8!@4h18cYpL(@_rA-$^9ON
z(>-~=E8wL%qAkD2Vdia0jUdwfI43puLEL?O`7HY6Fy<1A%*9b;-+_D)>3x?ce7E--
z^l=f3@ACSe=&{F<+gaw8xAj3bUTOxiDJH+y%2ej+croY<Td5WL==;uq*YXA7b9lzn
zdp^*%y{4H+qAtU<ZmbE+g{WP?VIC$sS$p&Va96}7AY0si3S=*Q87N+O-(BRvgZYSD
z2mg8!kKO>(<kyxx=ZM5vj62YMu73|OmXKZrmwHrQ$J$3h?*pyz`4nW0&l-?L<!6vJ
zUUn$WcCI(>B#*wzSCK0CLz9WpWI;>d8EBf!`{|I2V0T63xCF97PCRfeWNx_JCSp(D
zhx)JN>BnI?kNA_qQAl0^TBUgdWG{9l$RfT96nVJiuJYi~e1yltS6PJ560{)CLA$Xe
z#tPG5F~z$?IA+hYkXKH&2d)9Dq1cFI-0b#N5^l}g--Z09+b;$$4EyIGk)#)}_XU<W
zfi~S(32KAaAA>AOUxOk^+wCR~p3D!4_JtRF6MryRlOUe%>$){^{L;`%_bAlw@`dVF
z_-94l$lWOt#rq!gYiiO)ZXrCHiYFc0g7sTG;%l=X15NzGL?Th#Sz0RveXJsoEjq%Y
z@n6sP6>RIqSv5a9rC+ucp3NCM$~Rt%i;C7iTQ#W!zsvuk-&K{Ps{f16NXZs(dD*Ce
z$>E_1IIOp`tFV=zlD&3UZq!we;$2EN(U>;(!X;Vg>xb@ZX+vF)DH9|{_Wan>U(H6{
zrT(r{2H|US@tApRiBl~rd|iNbyzKP`$FAyuSiASfATucC4IB@NJ&*p__`1La$Q$`d
zlS{zv`&Gd3eI7V`pD!G~FG3z0J@I4c?&D|Z4MYDjuYZM}i4DX*AX9uvt=Yc9^}P+<
zQaJVocR*IK7W*C1Jt2ppm&RQ21V|H){s3?dX+0B^^A)2D!EvnS3UG<*Hx=l2f#ZbT
zbKoKP^153`ckl=71?`T+TWPVM`DNA0ewbTaye3Qed$EZ3_#eu4;gN-ZKhW@BPiYPw
zUTr0{pmG#?@V`0pkQ8rKll2O7#;ZZ9Z9TladT8aKy_FFC%aw2klm>j-?ywQU4bWom
zJm(5W%XJrUZ!&HHXdloba|S&vq~hnL>r+UvcQjuM+bdp+t@X(3gm|X;o-%vVmTAr6
zF!&EzqRM7*K2|h#N(bPQoO2vv1dG!^wY=LHkG0pqvkI-xORX<;Yiq&p!FoFj^?5-&
zTW*HYslRIk`D;)uZ|{B)&ULV-GJ8q>JlP~~1{>?ev<29TO<T~7v5nJ1B)7di%iUU;
zPm^cM#7rKFEKiJ7Ld+L#+@d}Z8E)M&=jnyESERPrf$ohE=ZHjzcbi3|?Y`9fQBW<P
zGkpTK`QjR(7^VMYrcoEy86g_EZnFJTCsBN8-2key0~`5!YYdGeyIqB&sn{22r-mvq
zs7cPNxV4RNE(F)|u5c#izI$`En`~t%e-_=R2d@Cl$KSEgnA9vdSE=yL$L8Qj;l5y<
zCLslVg~R+fpov33J#nr~wX;Bd&@KVl*2tBh9%xsmu5&@Q)Ob&-Jq@xa-bh{F5lZJh
zxqW2dX>0(r(Lfgy@tynB6k#uLgOI&^bH5tycOu!yZ84SyMA!73h-Jib+^wU26ZfS4
zaMfF8HuI#McSs$2Nm!yS#%TIZ7H6Sjh+2niQJMb#tL>dNG5KF>oHn{VJ)5;&7jHk~
z7*RPQIjv=Pa%YPM{x5>!Hz2weV03l)xaiW?3t?>8u<9YBDo5K9u44Tdr?Rpl?21mb
zbRF|Q1(vkbm1<5aHx$OmVfo``qbsV1CH^07{vZ4o{U;$E%JlPwVM<ToX}0y!Q`Fx)
zJ?<}hntu`HRn<DDtf3S?FYuGl;u}hi{SYEs)Z>2}L}ir?)Bfvd?JwqXL1&jndcgQ<
z{aQnj4zR)4_O=XBFa4iOXS~IcI>4{uQdXS~`cRTL)<#Q_*`itMDF13nPksgUAG_@i
zV=61ks)tpS7j+m~IlMgi6_uhi^3)+6bY8r}kYUwBb%1<e<?s&G<<+Cgs>>_N22^zz
zIjVBp`1bs~sr``3_Em#U?LMaCPP^>9Q%85fLBD45Uq%(4mW;&O@3T5!^?wj>VR!{E
zud?dDaTpb2ApN9jNaZM{H#v~c0KD)AWL`M`i`sv<eu-6?9OKlf{IaAJ#~b)}9})-B
zZ@>T9Q1MBQbgF5n8aPzH8>mRngO;b~M8l_ezI+@R9%RVC{sR=RQ#Wv6R9@P<NluB<
z`jqJie>^#|vLb1TM(Vd_Npffg!h+WqkY=oZW%bZBa>L7qb2hbqMfn&VS51C;kd!l?
z(&$f-tEw&=cxwNVn%9)+Y-{)?eMm*+fU=4t))I6qR`qv`is_idtg2#I`YVbt!{t-8
zxu|xeS*71Oq>XnHU5$<{%gY80>OZu+Y>>w}r*>gP^(g&#BGOt*zv3$&K60?C1<@)M
zjbppD?T2>y`CUXeZ4Bk0o~&fLl9uVLersDBr>=m;f(;)uQ=e}g@JGV2X8R*@nV#^S
zr(z``(^8v&+tPhzVf}H0HGnnCZmSkRtT*gxZH8wXSXf7j$9B{)KpUA2z{q!6D}g#v
z$Frj_@J^erMQD}Fm$mskS~8G39UOay^TDItORh_0jj>kNes{1C+AOzi);xY#EH=OR
zTteo=T)nKXj&j3lX1Ya}7`z0X7r&-@5AsGFD&yMJ%xfjS`uC+s3@N@rPtM8L)|=G0
z!&Yy&t2J|bJk6!8{Gh>x=N%zB{Yrpcz)L3iDsL~5I7@o~&^GsaW0Cx_@MvUT$3GEh
zxj7VzmojmLWfW{?ggXwhv5!-0c)+(k&P3K}2pjD1fryw)o`at3kzWIOsKm#KeE1-9
zf^Uo52aaX_hlO+7m_JKhwq4p~;94;s=9b#bixDHPqs`o@{V7uakw~oieS`ju7Q4)^
z5*7YTgLq}lAsa>VT0ycN5nTfi^V*$UwWY+a;K*wI0-mT^kvIe#rT%2sZHPBeIOjv;
zQ(X2_Y7-&nPVsf4Nf`OQ|5Wsc7zKLWm<HF5+s0Wth;c3S1b;I(fa@ijoln7@)^F~j
z8h!!K`PTPW;G>c%^)qaHuWY}8OWi-acgd>RW@-#F(^=zcY}KqKJbo<4tyW$cm)4ca
zD$M3)v<_O!Cq&tLN{}zqZY-z_^QpmBka2ztwKZ57&#P(&p6EHbGq}{(CAe54wzj(h
zZ6eeIgKSI_4u!BSW39yz&Nj)~vfXh!;zynS4zw3o2HKZEhhj{f_M9FL9h}|V6Sts&
zSjSw0$bm)BI0o^!<2v~9B)F;k$icWdi+pk~9@$pxvV1N+1CLzfPB6E60d;EL>a_wZ
zZUS?wH&JiMTfJ9c#eG_C)pI{tZLQcevNuu%&H7r^Z17?x_1h5BH=(cV@J80!=J!Nn
z{pT~FwJ~e3(b}!mnIDk7O8*A5_N8Qhv+$`>U6Cm1O@Nl$&D_G@ekWwF&IbT(%HP{W
z;?y_QjuBGGz6LcKd25TrC4yMa#Qj9A3Hi&t6&h#y9|lK{^SE#<e7yy<BJv>y+vGOO
zdOci?gHKSu1=@zmI*=U;Yt%#5$(iiUMPgpKHF|Nh(g&e?i+?!K=Dt&~sEI5)!_7A%
z^4EixXEjT=R_a#hy%RM{w>L50Ev@Z%Q#ky67ij+0>uLV_l(Qj3XI=5P4Y*d$UhfgY
zv59v)(6%|wG!fHTnCh5>W$I0k0lsKG4-<dO3xM{PAI6|kYe-(meuK8tX0dnonO?H<
zpC@bsv`pS!NOd^bm#=_!Ri4+gaybDSCr8cz+v?$khWzZxba4Cv`ZB{7Z9^W5h2ZwN
z4q5+!|9zrSfS<)BN!*L}h#w_bhK(Pr`KQU2{P*0#BKCgXVimGZi<?c|14NV@BC(Nh
zG;K|Q)+9B<Kqb(uTjVXaPAys&TC_LWjCV!%!O9*6eX*}=-l99QR;$gNy9J}JBWoYE
zVYE<(!sEA#M+?&?*&|##sJu*0f1L_#ptB=QEXim4W7gGkF`;{YKI#qfEv)_lkEV-j
z3*G8E)a^OU?Z3>sLEJNGZrED{?t;V_?8k&nd=fEPmR{!OmcQ>L79YCkjq@r<?5unR
z)@fDV#&?b_`agij`CyYf6+M!<-cr|OG$!*QV-vWxkF7i19&%eO%<Ui&!=HBO-)Ew-
zcZS7kRadauVFK^L1KzY9fSipX$zhOlYkZBTpSxHLxtY;pbv&y2hSm|Qa`70P4F=la
zYzRg=9Ag<a0@-W*Xy5_FU<}B-=8{PFdZJL~mb};JVAI+BI2UMMpNA2J0$(mi_R}lZ
z0L{Z2u<&}#MU(FLe8gpHB4Ts)Zg~8z`95%*8G8tPx_$)Vqn0IZW`nmUz%}0X^Cf`H
z={317zF_$x^nAt2pL!WO)-6|n>-s?cpWrdBzYDJCE4&}Lz9mWe9Q>^AO3+BehBS>1
zl<*S+1uq7h!b@TU8XSE_N7M15i(6PR+siF%$FZldWm_M_?<Pgx#1{-QoB6TBQ{CJi
zoe7@e0bK{qdhfbGI8Ki)33K!HX-G|OH=^(yHoKd=9Qm9~3|c>g&5uI-6C^3bzwn5U
z;eSQHU(3PfLGB>2y57Il0ms3JrozzyHb<@#_FKD+74)`Xy<5u`uzp($?k;SeAB?Eo
z9wWy?4)?jtK=3Zfh^QKNO}=Q>h)2;p9cV@K42+VZIStu|3^RaMG_S<M!{Sa<f5F!v
ze#dI5zu;Tp89&3dKsbI9z7V-MO8b52UI!jV*LcWM@CYQHeF~h-ZBKfi#okY-J%^mc
z@<m8PEV!H1<MSHYI_=s;eBSd1tW2x|*LV}OS~xn6?~!Xqgt*PseX4h`<OV9ae&Bsq
zsG1sr>n0rb2O>|3ot`QYOUb!mY=jG8-OEdn7iQFXG_+peGI;EeUm+ZG>YISu63}fR
zD+}{6O@4TIrxSZCTo>!UKY`jTjqux|7XEtzc(xXI{pj69Zm0Ff8VY6FQe`bpn?kSR
zShD48E72Itw*^{c+GE3y(%gr`pi9}p^<-TRKQm64&*mu~F!B`$8fdR4ci`Zq;C>uF
zo*c=43^qIF>u*ECt9QX~PVsHGPegLPEG_>6+KG;@+}gKhzlPi%o1s6ri?xN^a}oo*
zoS@!-Um4O2-8+^ofi@i9!!5iw=<dV@em%j@+C+xj?G2q)oa^rSc93YUpGB`Pune0M
zK)pdHf_4R+1UeWrKuAgT5$!<8{5a`W0nzWbV!Cx2ba6?pwg)vqGz#EEpzVQ7#b$I|
zSaczzu@5U}VB*8EtC6c?ygwVF;ikXR$6&3}va}o;*WRoUj?VENWVQB|%=g{K3MF?Q
zyGOP9$Yh7qqmIz{(OnmC+^e%ExVG1>9>P&DjzS(60aS=sNavtVi236M5LHrg@T$b(
zEkt=|<|`qk-gI&avqy|i*yx96wX$1SvFB?y8jiQ}_H8e*SXSu<v_$bym&^i{#jN|=
z1HPKh&gLw92PZRAODNur9tw>)!VzGVd*aBaax$yZr}%0PPc`?a20%Z+)duu@PbX8`
z{pY(nI__8}Ydvihta%bP-`dHH%0*AWS9f$KA>ze1X6UOuWqgT8<s#hpCQsgtuk+;H
zZg$qdpS#s9<2k<FBg;~EyAziD1`8aU&>srh8~8-P2af-8Q?H=kA^Rzsb*V+^Vdj}1
z8>=r8`>mU!tLZckw?g+q+!|<2Ra+Cu;}fwhj_FYqq?Xr;YVbs#BaZ{eDZ8_UBlB)X
zo)WF(Jc#ZH!qW%9agETU;1m2!d<uS^fxktK&+}v+(BXM^<x4%87u0ULD<AF2+@HGg
z{hrK=YH8e+PwQxc-N2VM_z+L#Ds@a*`+;6FX#9SLZ~kN+(eAhh!l!>MaK5LcpExzj
z`rw04D`m<PD?YO1jwGkcdTxB=NvSUJcpL<4p4-W5%1GEv`R4sjcwH~e_X|f|eH8h^
zDba{O4_m8WyAamrkZ8oe0P8{rJ3H~MNHpR<0j&{V=hj|EeuJD5jd(^UsWMY*qFt>m
z=Iv@DP;U#WG0?{f8v(6l{hN@&_m*{2h(-vu0=9*_Shvs`d$(zaoOBC&qkFfoKhU~`
z6WqdQ27@4<rR{SibcSZy-ae0k*7w$TvTzjK3y}3=HjDOj$g0$b%b^!(DaL)c13Dqc
zb%e^zdtmc)_AR<wK8~cyZz)|Q9LawMXy;P+a*`sjwS}|{Qk?66Pj7?cob)>d`by!L
z^zg+c{if2dKluRNPi^oOrgYH6)$|^>ACPaRtoS^4t0Tp=5>IIDg)Isl5p|x{>++sv
zg2B-s{nFTurydW9rN5IMn?3>D$Is|a6b@fzAnUZDk8T#g;>6|47`eRCWzX_o^Lp`7
zGEaWhnt{AO+1r#l5S4xFBbq>(cuUd(9M?Uy0^6(E4OHTDq@JdFmv$65=S|?r;6d(V
zncG|TaDTsNVm0ao`BleBa1DCNBfbjYR=1*_ldqPq!ym5kq4yUeekkKx<ldfNKY)w9
zIpfn?nLp(tzW#x^&pLBQ3z}FPWO?2w)izGG{Zj4ZR4Y%l3L%B$%}J#bTO6*!#N{!_
z$zkXkbYHMP-AstqR4gv8iR-B@K=-PBInc`X^_YB<JUSaz>_=wif=hfg;CAf&wcm@Z
z38|IDCm@r(DOes31iS(qr<mUpjunXyfcD_07$mn1tU-3)ze+7ib)rJy_{g%kNQ|>u
z0BuIw3X9~DhPIGcyVw<z_7=__sde{4>s}Bo;}F+FG4XNq5kM1<GZE(#Q*B_X4NkS;
zsWvjz#-`e&R68rx&P%oFsWvOsW~bUMsm2H1^!t~XL%)yiqv=n9w$}Lt$jZmJpw>kE
zr_{BmpFGIMw4t_0B)19rcS(=46YTQnadwA{_j0@!xYXZUIau$F0L~JQ-s&9WvfSR5
z=NF;-%;Hj@bxK!ap-m^Vm<eg&#b!2mNOVcJU~fbH`5^C-?f`nZy%T5+^#URJ=iSXh
z$Y$=}!|q@`(hHco$@|EqQAdA3_kEsqW<qj`j+I5yXKgGJMY1{2`m9~t!uzZ}A&;jc
z&0f%ZijzL;Q0T_~a*h&?K5GcF+L(ha8!B+{gpCDSg&c>;%H$PKg4ObrO~u9w>N!B`
zfX~NZLdds5^pjQF+Pe+%lAa)OcS00!cgP}<$lJx}Nj5HlJQGhm37MUyZz=TSG<|PE
zuT5RwhJHeeYa_`Ip@Y2#_y(+fSOWe<IHLM1(8S*{&;dWol3F^Fl({$cw=VP*-TvqP
zHih1kx^4<x#==`eZ_>LXG|jcJ-li|4u1{MI6OMrUAtzU)9h=wt7wUh{>jTlNEpkK6
zgoN-784vOTv~Tmh$P##rmY)}nHImnnldYk*(Y*ov6g~N^(iiBS58nc93FA8x3G{oA
zMdT-;OpU=mfH_ZPz2jxz#k!#&ve|3_iD5wta2#iBjlFLbbOBn+*Bb++$DTYIV)Nla
zpz$#uJ{4;#WPB(xGiyqe;z{UUw)v`LW=+zAU4Vo4j~C%k6O+T)kjtld$>&3p%DO#C
z>&-miBPG5|nfWxCjogld*O_~O7Uu^sN&2Kmk$p?!O?2&gTUu6_xj{Z-nYl@0Xk&cP
zGV@_^ZYKif%a)nzr{sD;zT=Ty%xEoo(th#jOP;WD_B-Ulbm&=nf~YQ|s^dkrp=kUr
zsX5SkuGZLOA`jXlcd|hEj3#xiyRmLKcoVocupd$4E1Q`Ql54#9-X;%NlX);ko;8O6
zt)1+PMN+}}G$#+&!>6Mm=cMr-2wkV8Wsi4-Xk^@QpyhKFHr@hF%DYca-A~6oIVv#&
z*?+z@6KE~+4IrC<-wA3%L>8p34+|->8(Z=p5i#%->ftJpUgP+tD09AKh|KpzHGH>y
z+m_%ap2>TF?G5cK6a$Ha5R;?5heHN?1Id?3)pXeUa5*@RQ&fWER)H#TZ10@`j-8#e
z!LcZFA$W3bQ;%!Clf}BG2NE`d#z2(MO37%L{{P<|Rjtw;>J>%&oMl9El2q4MBlhPa
z>HqeWTG7@zJeDoesd)wbAAWMM-nqXG-r63)6%`Gx9Hmo`al$G&x+VW7=s?%75rdQH
zC6s%!2ZeR2=|b8K9=dhE`;Qttuv4c_d&E;!73Jm0DO|;(f5F4m!v>xjR%zCh=n&Y3
zvPOCuzRnTqKKFRC=yQ7^AKJ_LpYv!~WrxA*9aW6HOO8`^NRG1>oa_t}J45>K@~}$f
zYI34(Y*|G?lHy`$#XUWFnkg#c3|>Tjy)(XK^`K$NwUmD5IIHYPZx}B6yCqf4*Iz0Q
zac^)@(ZI5*ayti@#Bx0{M8CHhnjTLqy2--0_AiFv_vLReLzOMz8i^e+dRRrA3RHnx
zFX^6G<r8_39(Ej6KC&XN+SCJ8g+JLU`c_J|Xtn<TD>dWa-uhoTxti3O4ZiY!7wyz-
zz9i&-yQXBVm)P=g<#yCl`UZ=-iU=k;y;<e;OoqvE$$<UKMvSktw<)3UIHhP5A)z?Q
z3X*@L?XCCM+2Vm-T&1UlEUkYEoUqbrDkHces$h7L5|X3SK=~HxsPf^JV{~r2B7b02
z1{@zP^eky|a`HEAic(V8c1ToG(za2475%UkFMXT8_|oIj*TQqjQIqr6x&QlXT>rLh
z9n2pb#aA#n;y<W-;4mFb4u|q#Rpn~P%ZCpel^mfRoWFG+IBNXpupL%ac<5JNZm=bg
zo*V`qnD?pRD*w|)SNfq`Wkqr!y)r1d8(c3@9cW2Mdate2@A^*V5NO7Sfg`{gl+c}5
zg0-Uut^(_p7w{zEm<FBWviI}nqx%Nt#Xy@uT!%%naWMx{+a2!0#D^gFrPfbkkgO)W
zfvlIBD|sK})4$bNB)1s;?&htrX`)|3Bz<>la2%58?N~i#uH<mx*n&F-Xv@hbfowPL
z6ij_IJ`QLrS?3yZ(~B|nExgNt_WU&<dwwpa{`><#d;WD${NVRZOntHMD>H};SPO}p
z40C_yNgvB>2G$`U;@$^b9if*)CMvVl%E|2vsLtXfZ}dvIxm*ph<4v!FbfF~nD}>`s
zePyPRxj&h;zvWC>;zwhU`LR{1^#a8;S_cZp9{G`G5L1y8(0%-V0eZ5+br~cs2D%X(
z^W25tI0o@8*!KGy4UjLs!?6j_ieMX|7{B()yC0Ie_s_de&byzLx?hoZUzm4)ICWo|
zcVC@%|2B2c4ot(}Mlj;n259lyGw*&}-o1b7J_h$>P3$a4l-AjfZE`Um^VU}V?gCnA
zTMV+&_5!9}+TH@%`~JX?uN!@62L9Nmsl}JBnioH~wT1SpaJ;S3L8;H10L|yEgkm1i
z3TPgjh;y=DJQxzUAfBDKo|al)he7h===sRLR=CJ@UygYU-G3DSG_VB)b}7iB`6b8-
z##$j29d8zXg~ZNVqjKT6{cuO&h;?V6#kwa3Nj#23_IM0%-QzI?-Q%Gj>O?%MK^Bi0
zAdAPfLTNl^L*%vB%dcS9W;GS_mbTtt@wk+s1-RVT(A$7xi@Sqxtg?0l+QesfH}Hvf
zFA*yheQ~!bU^(t>;<3?gY_t7InE27EGlAQao97GhcP56(1>v(GC0<%)W7^fim;>A$
z>pO(_yBNddsU?sS-@|$etTSsEEeFTJtapUt%88Z8HOV5f+t}IAFTfLgD{VEnmfwc3
z7M$}*YsnD#)5c<z1GXlhh9H}VZVK81ZA(xWP%9z+wnym(+Dk~0^qkxWlJ!E-7aTL{
zV=!-LA@xJn^w7u&Zqp8r%H6@1b_ToN!QcA%u%FdO#aqA3U9CI3S~!w_4ba~1^={yC
zx?98oyAOAJyGwDe6@A64kO`h6ZwPysKcY_4WwhChpN0GbA^EyOZm3AHUzxG3u=(E>
zF|p_<5>=@idR3(OAV~E4$6(`;EJL0Y?ff9Ov4w?U*!UP=B+%kN4g)oC7VIoY6W<M*
z18(GJ*5-u~c{^V?R>>bkPIj{%a~likC2aiU_fnvVE8RMl<RIhm?;B8KU#0vRV;^^{
z1KQH%pBPNC_?2oRAMVWsRruVutsv1aZwD^(lD-S}zB<wgXl1c8$WCJHgK2VHsfQD9
zgfQ_d>-r)mY3%1VmYjjucp3)*P2_V{vi4X_f>ilvVLEt{_wX}>y=2^o`m8qo;`r7=
z@i<Aa2xzN0FN3Uqc@=Zrw`zIuFNh`MD^P4-eglq+czzJ}aB`<e{a!a#L^xZ(i(|jB
z6+}k{%-5YEx~YjbvpYD>74!t_wlMVG!u&l7O}>DS7WT4oEXa#fe+))N13nlM?|B3^
z{+_FW_MR`pK*x719@jv0kOIHwV&Yp=_afJeSM!)ZVBtRp*77Cx%dz)2^9ImMpBwlp
z<!Xpt6V_`T+nUrL;8;elb*lMjHVwh2c<Q$VYZ;Vhw*gP_bhicT7ZK<?2uC4kkE~k*
z&Au~4jSn_mu<<h16=)CcTWEba<dj^gzr!go-5pgcTi+U{JK^T*-JmG_E5MDs>G~Hq
zez5kP+gO46UO4voegfL4D5JG5dE%XIJxJtFW5<?1n+iuOvpdjAWjBy*i|uR9B<>KQ
zIJw@>oGqd!r0%ETu3H04u15Bc)=dD~59clbne)}Dc73YdE|eafx*rnj#E*dECs<EA
zw%7l>a8#VnfOZ&aHOL0tUz;;A|4k@jo*5pkaa{qoYY4K+(Nah$@bc8n3@o;L18wK7
z7syKXq1Yz7AxA-?hLs81Qv<Nwl<+G+7Q#df+eXPb0}=;J?gPgm&qpx#V(=Q!PJX_P
z0mp&8<QzRh^cn7S^>Wc)JWdWz1X>K9!YDbp^gYD3v|4FJNass!XRa+c^7&A3^gR{A
zvF~{rumkBB1+tQL0jBz~nFTW)GTFPHTfrG0_AJEQO<qFIM*p<}-OI+?z_`70|B<r!
zRV6f%bd-3U1sMeNurSgYQ6n>uz4KcLw3hP;6N&CC*y^TevwhczEp~qlj$3iof|D;`
zY<ik}u{_!mWGz)EA%*B|RaZ!yC)yhm4}CncPG49^=eUhE2$wpx@^~fo-iY1=H1RGI
ziS2_RD_W1F+EO8f?alZ<k^R>ZAE76E6Q7y61)Up}_|Zs6O_VPbG=ao~XFG6AkK1GJ
zDcB8Y=^bds=G|~$)|d7x!EwB<%8bqAbmY+nrvYvJu^1Hh{5%OR_5!g~I40Du0lkr`
zG6PRo11Hv}Zz3G;zctX-NZNtyxiU<3)XBmgguIPG{Qy30_L>Mfki0z?WaHioKz97~
zB9IMQF9n&Oj|*jvi%fnRQrBP8^Wd$$XnZ5=m9S2=)O+}ifmg!K#3ROSffk=5F-l78
zG02|dV}Mp-&oq&EPQx~t-pz-^Z<!aEiTSq_XwSWEBG0YDG--_1IkDpP2PR(TwiqpF
z<*O~ox~A?zY25Zl_P7lIS{Or3B#g1xW~05GitJV5LUdILi`;ZGH+Too{8(Tjemrir
z=KK~gQum3;-p>8ty0y0Jgd_HwjS;liw+DIbg%l&N-$Nl4-p^Ek8@hiZh5c>KK)o=V
z+a&8F_N&CBv%b?G@cR1@WSsYdk746S8ec@N9d&$#+gOkD4!BPIJVls<evW2KIA4L*
zOwliBtag11jgLwG3eNgDq2GjKd{aDD(9)j;?SOwdA+GS&F-gn4+VEJqX&`LkW{8V4
zbTPJtSj2Wq93IiRJ#*L^2hX%^anKdergws5{WlrA3KQ;;Xrp{^(_h$gatP{;OtU>F
z&w|JAF|P+}3(zf}fZeK%$*_E0+yYyULox*a91@e)AHXr3`qPc9YBn1uy`hi$T7u*1
z-Zo&%=>tIVX}u%Bv9WkGIPTFpNjRE}lYw>yr~+i!JQmZWGq?bvgD>R6CGKE-_)N_G
zHCzoeakhz=-UPDY&Vp2XSV;c*T<#es_Smy#Vma~x(8O0v#IH9%=GXhF_OTF2vxmMw
z_U@r%yuY%#`s;mr10f~co1qp?tU|U1E13k*5py5$baE3f8oNO%Jwkh7<0;+;XtC^J
zB3>K-vNh9wsdl_j8umblubd5X-6B5(YxAoDWZF28`86rk&J)s^Z;#{*$WU)st^(Kf
z(m4m*D!EkjCD_-xP&LZk>*A4RpW{?73c)v!iC))##Kw=C7EO?>Z%JE}>OgEzP!}|X
zBsWd9O@yM=+#2!Sr2cJ-gZt15ha2_vIP-6N96Xad<4_zcA4fyRdTPpqy#`H0{klZ=
z`+8lw)E*%Yb5rzBP)w}e0dMZUd<@q2D6sw&9LGuPP88N@1N2RVBQv&g*<VCE5sPj&
zR2^b7vNzUVjQ0ha*vmvbI}BT0^>6ZtkXW8N$xKYHL{7eAIsx5_@>D_mn1*{&YA=IW
z?Y<#zIS**%=1!0eIqoxOo?n!@z9dApSg;>KPQ&06P<-L!JB)p({XNip{T&0HwzcOP
zO(F<`n*eP9xdq7PU9E-iv?Gd5ojM7n@jnov-=bpD9}_=hbSls~=n;k1qm5uY1p|*)
z4bb9sj@x>6or~=8ng*=TV>43Q*{OCzs@<My^HOcGklse}W8sgW`dmj++P=cj<NOOw
znkiUT{OZJNMV-mA@vfyV&<1Y}K<3;`$cu7Uq0GFDek9;Uxf?b<LhXT5((v|##2Q2&
z@D!g$m4O?3N(TwY8=8u&BhD7F8zH6M_1^(j-$TwUbZk}OWnnXZ)5YzKybY=2zJCTD
z@4kEwE_MAk;Rv<%6!Y8*S3M{8mYN7hZP^59VsjITNPCcF(Jmls+&ibPdk9f@u-p&T
z3*r7|VA1RaH1~r|#IhgA8qE_@ZGez`@?5EgXzYgZL^CnJrT|Sm%S4<n09iKuBh{u0
z>Fsy}d=sR5F7B**8McQ;z`o$V5*k_lK3Er<;Ojcqt;H#=$?J{5u@Ju%IKGX%EjT`(
z*tbCM=l1qWj|ay$lgosoO&#ne{$fTI*qj~?#OF+KeD>oUa9oM<54X2?&T@Mz#Pfw!
zh--SY@6G*3f90@)t`sfY^Da2*kle*pu<Kpmy8abj$+?)yLcc=%&pYcIc;GK@xNkUS
z8@O#PiC)}-)?owps3wuMi+~Ha-F5ORxyNh0gBj_CQ_AS%QYyjxIfY^o4o9S?FERy3
zC<+b*<YX87_Ja9uf7fz7jswUk*}E?-DoTzQNKJS5c{o1zT{}5V!$E>NBFQCP!Ugw~
ziIJrA0<yxpUe|XhtJ1w+)qAUa6(twP)-5V3`0%Z~`uB^G>*cKlDg2L6TtCy$&sGxa
zpDvah@oxyJiRHm2kXTvX)E#VrX*=PlLLHEct>W(P7FHql684t-5Y(@duqMFV{0u=K
zS6l=#kFQ9zn^SF$P#UA#ArYgy+`%4Pg1HZro<;T`mbrz+Xt}V*=rh#sG@!TCH$DS%
zZ(Mf}j??oyA?t2tOW7`v2(^nl*kWBz>^;=J$R27xK@Vvd;ulHUA25^nz2`%aB%hZ+
z!v81S!BVwMIQ)Mb+5P|6Ei6@^3wu~!qv}ffy3u2<wFkUk{W-PT{7hMWqYeJB>IE<L
zhW+otF<=`EwEkui2Fc|WXFy^fZiZu9y1ES<3qJFNqxpZ*W$%|>bbA{Ky@rk7;Ijf*
zn~0XrAENuO7d`{}k1arLX^Gcjn=Bvvf$XdN#b-%Ru0N<P64RV6uD3G3yQ2HhqX*Dt
ziUUA4&l!<wV}$fFd=PsPBs!fdF!2SF>s|Jg-Qy3~7;RzR<~5)#L#!~76nu(lviR~X
zq$JlGhaWK6#v=L$&^BtfI9tg2+?F8IItnSR9=rV^aaQ(luysHufO7ue0O1(=4FQ_L
z8D<)Jem=72`81&A`7BTyA~qY_B+qX}_B_82{nUuZVo2j$J04hqjqhr|1hnzXQjqz)
z9AtU_9mw*2olxeqSn>S>(#TC3P8C+Y@De@%rVB=zX6snZy%>ItQtE?^t3)GBvvEl_
z_8zjwCh3#Z_S9l%pIm$Y?eY@XE;>7GZcAauC2sG)+G}&p+&+iRO+)(*`ZixQGS@#u
zqjY7?kxO!dp_UU%dIPXF*vX}a1^On!ahl<8K+B!YF_;oV-ffV5vt$RLH4dFXJK)*A
z*d`(NLiTZgA7Cdejs<N8Ixf|Y2em{yNl10v>)>c77Q{qwsmJ&X%)Ru_66Co@ajqK;
z+Kae*Tet%K;!JLrSb@r&D_*Xjq+3?i5sPWx4nQjcyPJro`(m7Y=IB6VpHmD#*GV|5
zBZDFFv855%c)+8~9A8d%YaiK7E3m#U958y?u|N9)B&nLOI<Xe;4dICIk3cW7CgMr`
z^YmP@p1-k3#J4%nvUhtEvE3D9RdDxIJ3&Z!>~p1Ikhqwy!i+7smm_Nt%g8klo98YB
z#l3>}f#cxTgTi6F*o>pCeHq<XC|`GTuglBPeSY{p(Awyaut>uE77|-O-(lkY;xBIF
z^{?oB*;u@qf=2TCN%W?$za<rAGgvfEyMm+Z-Ca0x`8c5E@(>g8WF)4^_qfO9ZO;bo
zip4aLt=mrrwMM%fWbfcAkoB0430b_B3n+p1I#z-seV;nEcmFTph*g~n1T9ugK~_n(
z71Co~aoQt$#p~?4ui<n-_mfbE0&T)H9AurtShKYlO#sHv9cF-IMdT_o@&5Qa;fT>A
zK#S3HCX(WnW@^5DZP3qXeS?9=q1HbHEe@?g7KbiEF}Uaoj5r(x)<uBk-FS$O2@=W_
z$F|)04{*%DZv%g=J}YZW439$NXH!oJ`_ACApdHQ6=P~$(pPKn)70ck4s^RwM--5;$
z_r3zhy6;-BKHzHav-m=J=e4I6&^n=dpq+{8Mxa)p=0d7yUjADkcd|&FgsvYW=_YmK
zRq(pLmOC08zt+5xN4!C~-DO`)eHe0PjRszp=*OY<R+fRHsDBLpo0rA!z?HF(2-XK~
zlmo=^SLg?m^#NP+tM)~r@ny0)!cnQ4Bj1s%>u!sKw~?)JSUEYqlF$ZL>S1;U$H?tO
z*X<XhWx{cqY!J|LZwdxF>|xn)1|$mNdEi)KIUgL?0$u8Q3zBfP>$ctT5Lj!Y=uZeo
zv++E#B4hrqanc%_pTPPx<;LDqluR=_KY9Q@FezEP!s2_E`?{44zj`{h>^}_L#1APC
z0I!JRbE-&W*a-9+r$mO0gq8XeQ^1j7x4CW^HcvPfVV_1$vgtXuw`swP;K-WSz>#II
z7w9Wpw=DbAb<48Mbo11*tbuT3Srg<W%Q`u+G4bBub837M_aKNR{uq#XI1IE|{Nizh
zNOT6H(KWgu-_LOy+vT5*iT^(GGUQs(+S~$}<ja$Dz*_m^*;}#qRopv}leM1(=-#zH
zhOS@Cy45o{cw6)u4)W6q!s`%S-HNBnv2pXakrPipKzC2SLw{LSKdS8y@Hhoida>|)
z&EB$Bb~-|9do$J@9Q*mbz{P}jfKXJfgG`LV-v`~t+DE${i)0YpGR(7++`-at9=O{3
zl=H#$eS76{;qYgsn|o|#qq~>4q9^IR%Z<#>1>m=0l>dTR5$x+`0(#qxEixZCwpRUf
zv-Q=;A6&QW_}ws1W-pP~F}tbj*q+=393SO582t4V-9c)jx5M4Zn%;iGF&(HxzD?ag
z)*Ho9IQdv@9MFo^*%*zCb;?=D-t5moPd4}-fM^e#_$|R^Tg!##T=oIWOOQ>y?^+Iy
zCi-J=T_3-EAsku0+D*Ke{o=&Redbbo*3z66j-I@M%l_UsgVgr0T7qkQX4ML;_eDH+
z5{_co0chf`7(6^h`%2!g^oCFISydmb{5P*hA?u@NmdXL>UcQF{Z6sEM#r3*0JL{v1
zvvKjh>sp+qCAStl2z%d#=1Z_~Kc7Ior6%SNOJTMBYU$T8+TH?w6Sy^LS%ZNuG<=tL
z|1ov1Hv{)Ly0DQ*9Q)lEXk)F8SY%=ctB;xEafKld<Z`gyIQsQq%|5_SfYnEXpA?QF
z^b)dHlNAPW{}(8Zw66ijZQEai<7VTZ!1~}N_G=6D-@rCjZG4%~WN&pg1MBi#takv%
z=0H2)Xb|>89vg-JbjZeDwlBcOTdYfwleYRsNbH}@!^VFKelK#Ls0xoj_V%Xr6JdKJ
zs}Pf)c7G!h<>Gsw6|h#9%i?~`5u<?ZC?30rd*PIP_;f#XANKS%6Vi9ATX-K|25I4w
z$x2MT<V*tE40EQ5Ja<2)XC+t8z5rV@Q5UFMgRmU>u}%E2eFM5nGV)&mi?3|HBOGI?
z-;tAf*PoDBNXlFxJl+R+8-cBav@jLlJEU4)Q2qE>F?gKk<p{8DQ^2}PI124lpiPS}
z0NF_XF*o%l;zcL++;U8|u{ZKQ&<2&OK?mdQTF`Ew-$8qTO0E<#U%LwFHTb!sZphx4
z^#=CF_E69vpu<3ifd+sEfJT5U#8II3Xrn=$LE}Ic;$)D8xI&1J+18G!_t)?k_Y}{J
zqSZt|(en1~Z;;sUX(b$OU^}1<_Pc<r2JH=MMbN#4<gNQ~7$kmgG{PNhelfwZEnuAu
zjvI(C6pogEI?#5bt^&2j@7b6p%hB^hEb|wj>SA9bi!k=Zx98p3yVExz@r#6JvxIAT
z@!1X>$1}DE$EWjpgL9s9#|uZjE_V|j>)!#1M&UkeeBJUDpe5~%LhD~4aXV<qRWk93
zatokEeLEoq?=8gv5c6aJsGiTu$}#rUo)JJB5sk$_KM^xeCL+gL4A7c`>rEsF@5VMc
zLh=Z*C*^7M<S5|tW^Uen4m3Z$H477e0LDbH*3}lcm9VXa<2AGfn%D({lcJy>A!1$}
zkJ>s8l?=t$XUZdhHX@h+va#-DY#YQ-@B$I@;bPpa-d~OTn0V<oBKv!|9k>mtz6;bE
zv=G~*bS^^no#V%WR+66qS?PYoZN0&J6WO!)pFoS_J8t1+{Uc<5r#}i3+Bzi5g`#T|
zF28^D^~wXF(>e0zUrHDbe{r&}ii{SC)Jz82c;{R!9^{j#{&KH?N3EF$j(PS1aC}Vh
z$pZbA&@Jy)K=i{!BX7BtW#xx%Wi!k#gw5b*w~jS}Yb`7reY6C}EoJQr^c{sGC%Ood
z6Me$eJUp(z_V~Q*z_6{sdEw-=p_&S><u&R;%)N$O0<^wm76!>8=Z%nwgn66GR*CMy
z*q>VnwC5hj;3c&jk*BZ22f5o@;ODrV!=n5?G<MWK6Ar&t1LN|W?XHu_KI!(!Y0&uD
zK{Z&r5X5StaBM<cft-Bf;%dkg@2PGC$MO7m;Q0RDeBoG1UI4Ul{bG>K>>hVhFCfpE
zfkpmX^b?d6FP%R@+az}-{t1hpZ)|pbyz<rpikXj2_i<wR*h@HS;=w>$A{&gsDasNr
z+&4oX=SpQipz#<yzVPv`u*K;E#N-EE--yI`?iX~O0ym?Q*&;cwYo)?5LaGn6H`oYd
zjl?FHsyDOennB`Z+E$qOOWYY*Tl8kr-5;=G-^;PRpX0!>s8Q~^*$;JW1;0`_8kw<S
zVm4<&;sn+C*!XeQOWelecB2zJdoUjxpHM&OvPbki$aX#kUI(7w<)Y*U;W+A_acuE#
zBpe-7GoXnr!q{TA7bHGuxqmoN8hbdl2M!YsUycKs`1de2UnWDsm$SnGU#2>?2QCqg
z%6~1;#GAv|e0dx)##8iMIN;0k;J91;9dP`#`a`#|Dac2{F_8TfXaj`LKo-ugm^O<y
zybcm|w*HMW@fl(}LCHQw*d3zr4&m<)jy1&|Ze;q=;FyJs2RHH_ae~`ez-I}Y@!102
zeVh+6$BW(2-|Zz%%;9?QDEDo4fj(E*d|T+EKY3q)#pB>OhxejzwB>KONep?M*i7mx
zu)c9lI)8NCnv9<uTVVBXl8w&#VAH^{>AQeqxU@gmERF<CbnBxEtWN>!^FsJC#&sJ%
zT<F-l`OCt={J$EaACr0O@fu7Ywn@H5)9hyPhqa61nXn5qUh2WZF>W{>`N}C;^6^G~
z2u{9)aEd?C%EFrD#PZ}kVH2-%(ObKloY->6y<oF_7^E(VRJ{(?Woz|3MsNEA_Ch}d
zzdV`G#9+BrGzw$p7C~ExtS^*Vpc!tA!#9G@nBq@t0$HUWTSaPl%GXM|0Bu~-!$kZ)
z0b~tfnGiQ@C*P+Ti;FjOX8|qb3o&{kAMz#eamg91`(aP%=SR_OKgDzYx?aR7IkfjC
z<VBrN&DwV5SI}52{1Y7Q?#6QrTaIli93^xc<m5-CZPD9!Aw%CGdYsPa-i_^vew_cR
zxI41H)ct{eEVc*GCg#1dO=@;Oh<SZH20qp)cMJEr0^LI&jou<cACK-Pr=yqU4lsYt
z4<mB^qP)#z$b(|Z=1O$`3HCKW>!Gg)SuZskWRu4ih13^$EA%q5$M7BW;)vEKkd3|8
zuENG+^)+%u#Omh)o8R&_nOn_fu*JMSB>ZVC9R6&AT$vk3f|?`m0@@PP6|@b=Qm`G!
zQqUS?DQE{e#{Az2c(TC`z<qhTBWMt)rx2GPdU+fOyH~xK7xAIcSi&6P*n%7bp6H{#
z31AIsy@gl^(^m+R!Smbj2V?O3kx1m~7eE_4|A2+Q2A&L_Gq;IHn9UqpIo%o@gXfL~
z`d*=13VT43!E;ZyvdZ7bt!xz0PuQ%>-P#AwRc>u#h-u&$JkKo9X9-9Dd9xt-w<t`_
z!)FR?pUvAY3)?j~-;^Ibe+Q4j^DmhDbmkABjX`S7l|eFiZUnKx^Cm9apl=J|c&;VT
zp4$n7ck_eip75*F0rMfyXs3_lArJRh;Ku$Qr(*I+{=m`A{)iQ`XB}HfcmX`cdz6>K
zu`~OQu>15m>Vo_Mr`7OS@L!W!HN0KwCpxoWz2IhIu@Kn~xGg!o3ns}&3-^Hx^&<|4
zgJYCj4vvMB3gM_t6J7S5-K!v3@7Zt0#>XCaBTtEG@1v0VK8JtB?QORD5m?g#BJ`7E
z>p|Cn)irpUcbF&ksZPLKYW9W2H8JObWA<>qaK!Hl<Vm?6F-m^}`kNYSdwvxxMwY9=
z$+b4~g(EJFz$z)kYcs>3&E3NK%bkUzf!@oFceXOSKf14P9SLmBgU5qx1*^X~qm`%H
zB#;%fGldka&*{&0Vv9&uV&dJwJePfg;YoDw8(wm~rN!cPbni^R0`5SFzkw{Ak~<2*
z$r{0+o>0v88Ut<OzrBe#?}lNroZ7>Q<xnrjHbFWPT;rwT7;u!${=)t?C!pS@;~n-k
zromzZ;c~F8N6!Hj6X>m=Dc<wXEwG(mpnnXGTZ2CljyB~RH}`C-f2VBf_`X9^;aCdZ
z0@#LtTAB#jKGpUBS-a3R)%FEhWj#Ph1<^-geUQCE{2ge6qS09BS`2(015Rdb=R)dw
zH#5!5?X}H8t{*S-_PqYAn|rtUFGy@lmEI+MqR%gygSYd*T7pk-y=Q@b3^=wdM+nE-
z<rzR*5;_lq<a(<c+}e_ID_B2#BPk0UZwG!@IOgd~fsOqoZ*sTHuh7LM@n!Zt@P9Fo
zw6}U9G=5<=MmU;@u|S*WOg51KE=jdnLVCzs*EtXk;4rxdY~|)bGeKJmdV8`y@nP@p
zSLn}*9&WAg5z*H{Hu1>p4%KglaoQ6cmrnNv$M)v2!cnXS0Ilac1q1!i$ll!qWZz#n
z2WYuA%`JQ^a~-l**4tByd)>lc?GwnJzL$Yk%-$@t_$+VneQL4JEj*NZ_v%6KgSQ7-
zJUR#|rf#uM-r|JRVxU=AN~#b&QI`R2)IHnWW6@y_BywpPCfnJA9{{b#|Hut|Nd0Gl
z^+pTyWSpP*8(4dO<oovEO*~uMgTwcJ!r}W6pcz+Uklb)Q&aJHrxd8k!KOMDlaT!#@
zuZ{dY-vNzV<n9MY*bljGnf;h>yv0|LYe!?e91=G+tpVS`mZlZ02@CazkN0K*Es8e^
z>0w`mx*6FQU!OyNNqclz-&|Y{k1vI+0B5}XuLYkmDUM0qC-M(IS7QN=geGNqtVk4@
z3Fv?56Tad1WSo3^^#Yudk<SuHtf#&UUKhVa{RT41w=aJNAMEeG<bL5xqC4Ch@`eqZ
z4h8B)X<p!o!bt^j*@pqALUh5D^*a+W@_nFl+{jDh73f|wR-->oB7A1w^Z__u_qB$j
zB{X8PJvg>Ly9h^1T#0-@tUF!@`PRH6mbYN$73?-#F6L)~{wC(ZV>9+O@K-un8IgDc
zeyPr~gza1Kcx#g%6h2ee_IjB+9eR3Bvr~)j#iFt7brmkF^C?>h-&ZTLR#xxF(5K}~
zfVS}Pgo#A_`BZx;)m~4vw^FU-A$gjd4=si0GJZU0ARH%lHUrxHr<EIcHEjo(g6%$_
zZG2R=FUIYxdiMp|DCTHTTTD*`S&KasWRrtYLYWbfn9Cr_WsI)|$7RRYx^55L435J)
z^Ms=xeH8hmXtX|rtSHHC@A=yBVbPp#qc<0hYT6k&X_0%O`;ucd(Aw;=pw`6ZtW>)~
zC_dzP4KUiCXE5-V?M<Ln?6=&&vuqXQowRg)YgU$5Kj3l;(=abxYjJ92PNj<k?S$DT
zLIh^=_K;{9JG+C`nZq#m_WTH-4a&+eNYXjTi8)l~t!D#meD(kalcM5135l<tF9qA^
zWF;tmhW3+ig!nViJkBh}H0n+*C+6@s;jrEhXdxblK@ws)Btkp|JlMxnRl=6^iv;{!
z_AMamvF2e|7X8g4WFHl8zC?PR7-4TA66K>cx_*FY9_|Q<gAm7H)7s?0KpVjfH3Jhz
z11%5E1Rd_Bx#SVyxl?F{C@T#_BkhfGd1s>f7=Ld~;gPy+!P>OtksXCCfSm<=RMy3v
zeZaUsL=9tva1d7BG98M`RIRPYvcX~Stp9M}7_bh(5W+}s9IzW@I_jCASH|Tw&sv>3
z2YOGbmLRN|x!UYJ|8E2TIx*>1=0Sgm^`%9S8T|6p9(xSBbeuL)%+umWMeAr)!ZNcd
z?3GeA(PrBm+EmMWmUC@jaky$H;pi!QAXlVGJP{Xf@J9h{$Z;t)$r+oOCR>KyZ^oqc
z`PBBG*y?+oX7B;BSKQBlmRmn#F>_oLmvyiQ<E(S$F_F7#`Q0YXMRGmOpDyUvO;kF4
zG}H|qmE>SyGdcwELmeH6w{-%%!jE25`U6&=Cxc_j{Q_`YDRVFQk#V^eo|!L;MooQB
zkW_w!WPUVwT*!Kcrb3w)^ds8{wK*<6#Ml~WZC!he?$`Hzqp0o~55<e>3w>Z*ZaWY8
zNa*wFYaAjPFKal^8l%xB5~<0lcD4}SY#X7>#Kk-R`+*kU#U}FL%a|v>6nNW-tw?<c
zj$gn23XW~wx=)yHv&Gin=`8EoV%Lt)xTa?>aNNaoG&nY=hPjQ6?yDSI=A7^LRyHm!
z(C2`cWpZ12NAsSjz2{W|zC8Im$U3g3Px>2bqrZxW&&j(&qQ~3cvGp9iz%kM~&L6Nr
z>j{o6L6ySs_QwKkx-!K?^6o;=HlRyW?W)x7Ss{85i|(rsYt~Ah64JrBc<WiwTnDph
z0^AMnnt|GbT7WhOwFB9k*-gl&b^8cquGN;Iy^TX*@s^GT#|K;cgJZp~qQGXPV~f>k
z!tUpJsF$fan4g!zG)ijdOQzRCXX(dJ{x+_M{wsC89eQQzIv*Mr(JcVSj|mqFdsxd+
zuVBZ;4<j7<wD`YthTOeB5*p*Wzk^jy$%;|n=$kKc8`I}HwumouZ0+L`aBL1Nb8N5r
zL&Ny^n_HVN&7QGP&6gIAt-y2yTW0NV$OmMHfS2fV$(}*|`~iD-kYnqCPxD8t*pG4D
zx~0>>aa+v!!d4Kj67VMDHaGQ!j0F%2%F5vrP;1oR1(kXm_Z~R5GCu{!OnTF2h2uQb
zcHq#v6zDw*^#0&E=~{Uubct3~{mqONjctQ7aM9k4#r({?KHYV11aC)olX*aEz3v5B
zE<B9w$uY@&AJWQ)$)923ss9D}C;jdtj!gUxzkn{$M)sRLC;F1T2QOR05#H9(K6@AA
zVR69fEXP)>&K8bQ%5-GS!z>|}x{bx|TE`aWI~?14ya%l7n<zjFz){v821i+6B<%6|
z4fUC%Ue$VD;d-lFTTqKnK4onPncxG0P4hOJAtx8Qwt!4>o3?qIcF4(XQk@|YpKjoY
z&;DR-yb<R^gd+}pkdqHN_Z9Itk3c>rf1aZ53*tAV^>Zs|jIY{&W74n-I1W{IcWeP3
zBpmJGvB*iO8IadUq9>PhO~~u#7202#*RMfu$#oz0+HQfy?VxvoCy~&HKye^u5jd9I
zo)V6I#-+$*6mRqAWoQe$<@q=AcJJY!6D6jvf`q@{fa9W+wcz8Dy7C9CP0~PQUlh|f
z61VhS*Jh&e>RSPAf2%z<`u$C^PrD0Td%N*WulzGdq|cmy4PSALoEQYxZcIHAa4Mvh
zcamdx#7~Dz0a}PtG0?4tmaKn3Vwd3x$2I`G26NAmJCNsDL9j<2hiiE+Hm2W%#z*!(
z=czr+>I>kmMCexxlFL2TIWZIc(8e4vY68~XTXnM5-nD>QW!nd2gWH~<<x`R^`lCc+
zVsa8LNeCx9u@I`lfe@+-^jpBu65j!ivl$D8qtHG9G*6bff$#FJgs5WU<F}aj)M%rn
zCVNq74+$T;gX1Syy-erH13)(4KPuJ681lj9nc&zbnd;aEJ=YZIH-XE%le`P8PpL+W
zy-+lg@fa=*qtv}7;+1_B^36IGZVhI$m&J5uHx{|JfF_Gvdq56L)__LBYI}b*0UX~L
zyU=l45_gqwOsB3f*>Z6nF#7Zd9a~TPDAv9N`wFs#=4Ss+fz2n_v^4n(pe=f=23cAC
z7SrStvA-gFFH-c1ppET{K{oVkE<`lUvzEv{C2WsATAAkgGZgxTN{Ho8C3b$UYBUa-
zQ`z%VAdS3JI2~N&5jr2-!1d|iF<xLU7LE?+O5~&?xE2x(^>x^|_j8exhWai@bOd)}
z<J0X2kduz!2}pDV&x4~Qcm*6C%`)Ne{~hF{qgg59X<v)HCMg@+EE9`%Z%?rHKY7dh
zgX??t9u6MkX+K`rGUp7$<Os%eC)UMY4zBGva*c2_P`A45Rp<`4H;)$PZPp-f6m_o2
zt0KpEsM~<s`zB{w;W)zA5&6hS?hzv9;nAo&MX*&^`%-8Pdi|&?S3t)4CdVz{z8=zj
z;7%UW65$BxY2-sAq|Zexq%Tl+jU}3TucaYvDwyVc2S~5vd}n{yt=dtuTs{+~rk5O_
z3Xb*HnZgnB0_5b!E{~&oO?eJzC%4}OS>Nz(s(q4bTfDC4^%)V1@IjC`kA4U^!aGhl
zDov%Ec$UqDjPiE!4)B&<>Yo!<X*xsyXNx8p{-3|HRX$>1<)C3BhIAM(Y=pjkvw<6d
z_-fXevQfIICccd0mO<9LmM8r<RMCYNiE}m_iJ_Il%R9t%M!NcE<f%hC46hv2VaTxR
zq56W>z{=qrs>`cKl~tEllntorpbr;~8{d9xS=I3NLn_->4LY^^n2tN`vhz+I-35mZ
z+yPYOR{<qo&RQ>GMT47@DKj%<(7$EM|Nr<T-zY2U@c-X$Piw*TOL2SBe|VDxS4UNi
zA2IO%AXXbFH~;<BQ~trNq7J;e4LtZCZp9is!oS@$W;kD~O1|M#HegtPKG8RzY~ZQ=
z^*8+_(|QgAD@P0-He|HQ)v(G9UMjVob;Yhxz}Hv1Y)~CGxP0LFffXB!&uOE}M{m%9
zl#EJB>w2M#k)DquPURy;4^K?({S%FnBHc<wrG=<u%R^P<{*{B1?_jNejnwe+>Y<f`
z_EwcF8d+IspTx=*6%DPdswVI7Bd0sE;xepSMSKG>zKT~`RK%<5uaDmKADVvlt+xD0
zT7^1#lKZ^|$4B7m78TsZCC4O`{-dial5`YYU?p=kbtUi8m^IY|w8YxsKcR8sdF|yG
zSaaDxP)($F#ZB^hYjmy1n9&YqL<_!?koU2>qHV6Btbe-lG|}*KRBCe`HZ2qdx49IW
z^{t<)!Er6ZBL(_%1^OGp7XG`4bs{o9io^>3rf*2s5iT>@5fUe!_7V1I_Ceh|*E+6@
z?gx!vrwWs%OZC@$xE#kiu?##D630)j0#EYgtU1E&^&-?Zsn<`rk@@tUFkb(uzb2Ht
zX<qy8We$@3%o-eCHx+iT+o0~2dcCt7nNR(N@w!5PO{m1NPOL_Zf`r%A;PCo%VfXrS
z)F-s55jk?5TbWlc3FG%a_1A=zIM#_DQoRoezdr<r-(L#5-z6)gzLNL59z1e;4`KZ7
zrN8F)fjHKQVfG=A@VgH<{61dT{T_w7xpwe;STWI!%%@wxS-<oAt^$3ruo<jE)VGd}
z{O;B^HEaA<;{7&4`cgpReLHBx{Ah4^-@ibw5H=rYA|~G70f}Pxn6StGHPp_j_wPW%
z``kZ;!}~_y(6<ma?|UOA-k$^s??(!|_t&HTO}jz9FnJHOJ)x1~i(p6M2wMSbt2$|J
z@53VSFToM`pTcIa-P;nM($pmD%Rf7dn?n}?{OgLrtNQY_sXbuDxr1;SkeCidtO<(|
ziTWz)=i{}~;1keK;bp$o_AR)U56yoDPjEf=j&Phutp|>aJvxGy>q->Ak?MHpq1u4A
zb<-2YV&r!|4z<%&hj*dnxdXDcSoS6C?^+bFe5$ijPkGGh3o2Bfaczw5TkWlYwgu1@
zWScDA%+~UvCouMG4mH`0j|Ru}2`7N#%Au2mW9nE2v>E#FFg71ggPf<SOx7lzW1v6F
zCy()j^<B>qjScJz@`mQmw6NUR{ka-?x(+hBKQBS`!-8;K0gajb2Vko?t3WpY{~B~%
zP3-NxD`IOM^+C@>O!t6jKbvCF9UKQ<k8$1CnT2CUQzMA!R3yvb+cESadyk-{Vo6v%
zf|X^+vsmdqF>`(ya?d#Jtl6si_s|ct?Cfd&9U3>fZ~R{P*i}H4%O`N%A-XP!h#V*!
zh2apOO-1^dfrV8Dw5_V4AUjPqD%B={`uh}PKDdqVmfS5Ir{5j{+S=AjCKBk%RQm~J
znbh=sJzg3Oa&yRJ&!FwV(Y@~kwxz_~K^CuWhH@?OxTkQW=1`!$mi`#ji@oj{Zf*NF
zS7G8?m^TUH!CWL;ke-iWNqo%vMP%QFUIw&r$H!PCciw*riF4y$gG)Upntgz|Wo1jC
zz0ICN+LZTp=LCoj@e=$1a9jdcj=8_EbCDaw3h9OD?&A!gy~b;V@Zd%i%k8^`6gxkV
zu@Is|BABcMM@#cD=Dr5GMiA%kkgR0>h+#>ti$#9p4<&nSS^%x&Z7-zg`upz)iOrxc
z;FuckZAN%~EGU+I%N%z^KVLZB!!)2}#kCkD*EZe^v9k9NsMJ&Pwwu_yd>0&BRI9-8
z+qpl$S8A=m>q@<kL|4~NT7Ye#vD>{LI2OTrf^&YT=Sbn$HSY(slRgtbwo7$7rfO0w
zm;T|z+RN*~M@A(VHiLz3;2HUplQ!hRQsLNsTn04pV+@j?wXcC>e4plfa4hfD{#bam
zHCT0lu`1BavGo%z!P?%lc<l)JYKrfg?Nso@UIkC|1J8)t5r&E6cCh#l2ig+fSdf*p
zb5reNkl9_4YS*UP?LvBWUfk}1=*LQ=eK9x&ZBK)(hQ9)`8ou1!E!dU9u_W{f&=whg
z#9&AaZ~ugJ^wT*dp9nv$!wm$}NF+wu8v{+;+(evPfvgAEMJV%-b}uX`-C+6*o2`!>
z8cx2#aso`R#Oy{v?$A9(er(`e=&S1Myj8vg8eg)xRXDQYc4S>?VLm(niQl`t1dfl5
zEeC(b!Agtro6xJ+5wynSW2g=Sl7`jbPg2XTq1U9A>(+Oz`>CSgCquRX+Oeg!AoF+6
zRO^;%`=(kikadR#r>=cd*P~L`eyQsTsq5cU*Hcs1YN5;nxpXvkHvHEK{6yIYf(sCI
zzh^RzT?~&g-Dlt!>wQz8|1NAf+x9aVBm>R8Au-TAT-f~|i282c{|b2ce+4-FpIxBe
zA#DEt6EX4sD@gcX{CVR4W<nX=s;uFu^&VZ|S^ot>cW{I?us}bxK%XdVVV#ATOc|$(
zM4x#X`q((Rem|t4*N!D%E7(tA?K8FK5l4pgKOxP$!}<t3)NApV!W66D_1D5KS|!KL
zBETF(X9lonCLF8vTLP_GcEmu-+-9*K<P@K29s#yN;K@Rs{}a(R*ZEN2C%#kEo?D3C
zLW3LM5L^r`!;D~`NF8BMi$yn|{g=$tK$;f~Ao}f@MbsTSftx$Fa^DKvAZzVWYvG7>
z2jpDz)H_3BOTQa7zLn9_ZM;kF3yF=-;~ZPVQ4ZFRQwevd>$YoD>Dcr!;1Rh_zL7q;
zz~v(FWIscAH8_5cb3ItMZ{h20;CkLE-2)!&`lAK<lLh)K;B9>s`YmvbJKhKD6C?Qf
zd4c|euw~~Th_#{|m3|>I!9!{YmIF^VDbQO8+mqWM){TYut|HN|o&~hmGaZZMdnq#^
zr@7yAz>Pe0w-@LOz>WR7#Kqu|ZvSe5{zifRAvksyzXWS*t!>s`#ShRp>0Gp0_?aSq
z6ZIjoE6K*!77s>vPVe7d+elbs-dJ#C-dP3u3}MTHYY}TjvpWY8nRiDxka_nM=#LBA
zlTRTgnYU6T&dvUTK0cNJ>aG#VdX3r-+)@orsYUZJbMiH+<G|72Oe)aNDbQyKTfkQ$
zmgaUgG8;19EB&qEK$Pbd=no2;@u!G718U@ZNX}n#_RFN&Z!MJRkVbL`Xg0SaUUmXU
zB#$Z3Pb|=f37hZLi28-Pkq06AD1+z2`>;LJAWFXyjkUVQ;0U5qf!?J+-y59s5$6G5
z9egBueG2rW3iLt3W-ufSj0}h9rwTkd5**)*7#l|D6T#v8RB&l-C-iCH$n#mkXmj<~
zJf0thM(%|a`<dbUz~elwi^GT~9|MPPFM#XhY!v=FSp5e!?+NqwEB!U$+b}e;77}0L
z`xQLKpDO-3?^_NWzBK~Z_ojbyaBO|<C>%u<l@(pz(>(+lujpuSyrOXh`k4j#bYY9x
zm5AOD-z69w)vIpmi)5ccq8P3f_6RiiMk*2T%fmN?Mg+D7M+EjS&<`!pj~BKG3_$c*
z`Zd6~FW??<oKSi~Sb_ej|FcEE82-QCY5G6d%1JiUk~RC-@mOy^t#A*bd_?uA@gpnq
z`-4UMTNZTNa2D96kA3<APxhA4hBg<9C0As~$yYY)&FHF89kkI?R?#8Z{<7_g!tJDj
zU9Sy%P9+{ocIwj4lKl5y<;ZV{D0ctN7f6y1bSUcU@4gg##DhNZu+AztPiuA@dmZP&
zU#q8eGMgFA618&oJi4w3GO|o0F4_MEJ-K6UEqWU>*}RKjcdB?Nkj-g#PqqD1?Qqck
z*d3E<C#BlCLYc*rb34Up>zTOtMDZq|wO+TIh!+onb^|R*wWm_;b&w4L-b%HPgficZ
z(daMvuGFQwOKHw8kgQXCUNpCtCFvvJKKTBn5P!3KNa+Qt2kHT80y3-3K?kC32ignN
zA=P#U?SZy?s`W~>gH!DY)4UNmS2(kU=4BqYOL6k~)hu9Ze7jwUzYm!s=uwajK;B5L
z-c7YnKsLVnNl35QmkNJH_J!%<u7Z}+O@#2VCCWCS?LoG@)-AQ_nQDiCY_9kJ*n1Pe
zxRT<2xH0z;2#^rMIlC;2ZFXf__8Nn@Bw4n_%92(id%?@{7|lG5W;L3boi`&(OT-P~
z`nbXsl7GS#APGmpeIz6#Tp<CHKsb{?4g%pyAbbfq`TwfAtGoKWC$HD*P4a!of;_LQ
z@9OI6>gww1$KnejjO?{ucQu0FgH5(O-ueWEpN8kyZb72OJZ9Q0%%iSvzUgUY&tvzj
zciT8sZKs$P?#nR^V?O!W9k&~4q)WqQf&*ci@|E5A7}f_**y5*qDn4}8)&2}o;&unf
zbauGa-?^)@gtN=B%JFVv5$C4}(=qA@eKU|Ct?r)XY~%>qgH!;|);J;R!SU!=rP{iV
zQ*{Oh4<NLeAq$=fa;^DKuTZdYw$=}MtA~-p>2ht@9vmACdXrro!fp&=#Ge0x&sUS@
z+rwt7bCWc>tmyOA?32fDk|yVimF6xDmn$%d7{Tvy+8?Xb`c0zOu?jCi6}PmFoUFBn
zAa<nW)c74kT({py`)R|?nr64#81FY{hieYdt94rSRZI&P<|Qr!PxouRseV6mu@vm3
z4TkV!jS20)e?tYOz1jfA3LRoS%o3Jrjmec-zq;D$RjwMn>>x3su?k_U3Z%C-Yy?5$
z9^dG4q(K<UR-;;5PaUQ^?dfc)Bg00aY7eFrE*2Cp16z*)JsvhzX@}3X+QyZw27%*t
z-c-d)^E=?M9+?^VD>Z?*E6lp^o#V#<62I1*JKM}E_+vwqDlB`FTnBEt3Zx6PGQkoK
ztCLKqe(m%kfHKeA+i>$F=+ZP?Zr7TbpM5+Rj}R!v{P`|cnv02=Rj#_4=WASJNsMG#
z%bI?aN|L#S_<B-FVJM(dUVQ|X<hfF#H02dXNu-#$p6|h2yWziQ)6@QYs=Q(6kW(r>
zGVIiS@x(lZZ){W5S*Mo@AcPR<UthV`mrRONU7fEDR<5tuvrR6=!}PAc3Vzw@RN_ey
z6XNwHlj3F}u~e*}*THsfP|H?F7V*zmWq#1l)i72$TpQFXL&sj4bq?~3^m#3C484Yh
zATc6vdMTG-C?v&7dZbTW>r6fPZ`d+H+Ub4^{UR0so7*cn5MzJ)1ilC`=JKqC2+7i?
zm<6@~9IKozBy;oldQvHw{zRvb!WM=d63CgEjByPB*jiklco509@Cj#|Lt5<H8)GLA
zmgLkNkJhLO(zk6BND-~hGG6ucOWrhsxw^MaAVu_QeJEA@w2c-&EGVjUyTQ5MD$iem
z(nNY(mAa<dQtauO6G>60iSx;fCSKqsH?%vI-MqV-fu4tqc4Iu=;CxcyO0Cmqr<JbV
zBOc?>SS7-8qXoebz1xjM_@=Hw@P_c)X%Na;4vSlJehZbRo?b~if{#|Gk!~=e4q=vL
z*+9g@RyG{eOPX|UnSIr*#(Y1`h!E|TyVp<aF$CtuL)jbj+Ws?xDBW|JG9|WNm-f3-
z7E+&-B$V6+Vw9f#uWNxIAtDMGR%fXbx?9=d>LPa_Zu8k^kSYe<UfJpw7klPJQdB?f
zwZSCUFlJa8XdiRc)k~WLh_Hk1f{nw1VTG5t{By`Dl|pdmT~u6P4l0S4Nzix9u{u`4
z)GEz=eaU=rG$;D3P{KYg8?h}p!cdXh%UZX5L-R?6Gqug`FmPtxb9+8*Bd6MF5D+;*
z1Ua5&S*<C%r5I^9QR&k7<9q?26yar2YMq9h+a=vwgv+ofmqtsi5K?Hh#gbmdW8NLw
zI^`7w^)B>?#OA<b2UBxL9AhA*2avU%##lOk1xgbyPd70yWZ%bQHde7?n*+x!xxx9Q
zLPEf9t<#}z{P6}7l9k=Vk5!1}TD$-`l<BI2hj>QE?Koe>N%Q*MuF!Zkg2|oEV$A~+
zsV%ir(w^ETtzkVRRS`29Vl#20Zd@VKl-j<WgborJEr3WU%J19b*4*fFq(N3fWRiAr
zFptXt$7o4HAfzxcQ(%HdEySj)G!rU#2R@H3F6}&)D-DiTr0cq<{Hm*2s-kZU>V^(4
z_G_JNtO6+vP4|qgUaPO9)j_TAWiy6MAqo0PdL9m+qQb4jMrFqX@L$~wK?g~6B$vjm
z%RwdaI_XqB8gSdGi=Eb{8(i><)`pMl@GjOe$ik!nim6CmqhvnC4fs!}N%3=%XTi>Q
z#@m!j>=ta-SS3DdnT^j+NGXQQAumb9t~VeDdkO3bH(3=jHhj`LE%n9NERB<l(ONfF
zxg4^9SL0D2F6t~(OW|v&Q%@X<iz&b*!{Kz@Z+@mbUH?7XZgp0Dh&LUyN7_F+Ryl#?
zLB5Zw@A+CIsW-dH-oS7c8mf3<-85k*+N+|cr6MP=*;>UyZD;d1_=8u+lBza?ZWPCB
z<>1M3@D&jK`(QTvNo{`cK#Y$6VZD~YuG;0CFg}~v?>uJClthYI(96WE9km$0XGkH1
zoUXNSlH0VpBOZFCCj+yuLjmW~SVhP-X{?&f(qr6+o3IAyL_(e4KN{B?0~OnwNjt>2
zNY0#r7{0Sb-<MRbp&vO|uAZ*-;s{qb(m2+3ql!_@Vbt%$i4)5XV8^`GXD;kGaiQw7
z&Z4TJ(Ys-_oNW$O$z;2m(W<Z$T0Fmua5+n7=-*g{l8g^_N}@|DVUvCEKp9GKVxOj~
zJ9V;4Dx~Sa=@<{=&Q5wdj@3=7;`)2OnHH(igz`!`%?)a3VeI}FMRvM{;czHYWHbkn
zd8ZN;F&IJ45c#Bl*&C8eRW`W-{lm_ngMi?3G=<>1zH=2DLMyKU#-)?U7(if;gPj^w
zXwrEtJG;)Dvk?dH&8fY^Y-+7H*t9k`yDe6UcOP!`r^tfOMr;S)O$QBRRud;Lhq}_^
zq`B<%S|4>L3Csao3C_`1l770@T~8B?M_M0rbCLCaiqjkwIfUT?<j#>J-F9OVQBBH$
zZ54!(bR=uH>gi;+7a(itS{=cwu7>4=LxKOIkH&CqZPScbC#R>oo%W__!qj1<RiC5p
zo%yZht`QK3$=clkGyo<gv{qd}THu@;2sjjRyw;n>Lb7XwvIej_Y_?$bc#?EGKnc7@
zWP@a>+t`G&1^7X+(5%<(WT^$817+}1hBL7dE^@B3V5^y+TFy&xwtZZlZ#DbDK#ywY
zr;;nktp=?go2HKc4>o`w+K?IS@1U2)KDKdu2xBNi4o^nx=T6qS^m@BU*D~2%>$MTT
zGt&F)8WH#k;z+AOs=^J!+j{y~8rE0S!88MF%NR-fnJ>jc>nNV<M15Rob!o#$ec*#w
zjRrL|anOfzlJybHRR<xnfuPZVd5VTh0Rb$NA;EDkn$$^La)IZ-FcZnQD-W31Fl`_g
z0^;5cax8*5HE7^7N8d;L-P7<Ua@xZ?_|7?^8NsaXFSk`9u$}tqoIqC)!!^v}Lt301
zOPBg-2)m$k9q0W9_#^)$^a+EQb%U*r@RJO?8IW3iJ(M?tQxYGF0?FaldYUEUtHXXs
zp<!zQoXifhl@N?W$zlqFwh-%rjiFiY*XjYDz<6gV1mh5faF|TCI?1tGNKyt{2IHFv
zNfPyqPtX%t0%Dlga85sh)0tptw~KJ5%mp1kJcpT2WQrxBV1Q^#Jf8*b+<gwEc|J$$
zT)Jz-E+V?;=TNBavo7R3wr#O4Hk{|eh;7qU8J3L{DZq};cJOmSbwmk~@#XoUg}BJ`
zi1E1KbEb#57=`!sHD@fUaGrzRXncFi(es1rP}~hi$4E6D+?f1({G7e91zCy=Z6O7%
zU#6URMg~3}W(9r*?UZG%S!c}{)^3OaHp&ZwUXo*Yn@<LLA;SqFNg>rigTDNVwpi;l
zRoDf0?#@U+nTJ*Tu911fvtT?I67CremJgx+e#WIjMwsmmrZ!p#T9G<}kdlI|ov<6H
z<&i`RpB!yMFqhQ@OY+$m9Dq5Yx(*YEPTFRKqzx>g1Cy<E`vVB5UV`aw4v)ZtSXJN+
z#KFR<)$G6qnNxdo*Orjiu%@;JVYW{O9#sMf1;~w@5r#@DIF?L-7P0n>XOuBW#_Mai
zWPoD|Ur8?5Y<HJx?W`K5SxIX>3kl~Oz5vqOHehmQ6JW`OK3D<#;LZ(J(ta|1II#%@
zo&(?T`4r}ZlhscicTLGgrfJan!(N~<+6-0e{gwhHm#?%2HAsYOFtbT=k!5jiOU5Ep
ztzJ)279HgUjMVz83k0D3PoVC}O*$S4015Niu3;SG_;->{dL@&k>;)W!IWWf7v@+1^
zJdR3GW4heNR&b=1*|3Po(=L3~)g<dviENZ>FsTox^%gp6!!iiTY_|jAg$xFKC6m}S
zCUJu6i%;w@IyonqZg#qTItwi;>nxJm)qxG@EyGryyT$z6#W-X1!Y<_mA&4~i$LPbB
z=)dU0&pHYOOB&iGi4~8_1|$Mg8`!PGZp6Z3khLB=cYy><r`reBLIp7aZC}4RBnuU@
zR>MCsrboK{wHmfnL;&<JZwNr$Gj<a~pyC!wI_^%-ZQCUP+a=tJ@noB|)3mpU%MRIs
zjaWvcs2}>>dXjFm007gIQic51TbaOOklNa{I!GccirRjH0L-)-EzEjTcR#dN9A-#X
zI}N%cn<yLh)XGW-?0+_}F`=vyu^qf5X)$wLRK1p^bNwY0o~^W&!zlDy&6Pnl0=3g+
z2a(RN!8Uii)3C{~e7VhQ!%n?jBR0aSU`0tX$EH(QutqSZE-(X|zK;6_!69NcZ34EQ
zIv_C^w!&~>K}2#GW@-I2U`E1rZ|=vzE%MX6x`2YZ*!E2D_T98=*}#3usJYY*>g!sp
zwUU!9Rhb7k;#qDam{S?ZJ82@BkQ8aONJE&9K=SRtSS;g0u&vE>p&X`3A3>q8Z1tfm
zDn!)jP!HSS($uQ0q$}yJ>56PlqGN{UQN&J1A)n<jO&~0o@G@EwIl;N0V9n<uP$UHr
zK=3~g)BEDoCmvz-gxFfA>Ey6aylZah8Y~wk-2kIEODrw538f^Ak(2^u2G~rUwMO7}
zGaP4GCsNR;R4Fw>G(gRBFqb3kE)qqmBny&>FwSP8E}2XkrsG{B7P`#L4$4T$LX&I~
zYh=I;V$fV{9bow?G?fjPGG5#vDJ4Vv&&LP>5=aJ1*6}!#&qBw`yfzoJr0YOtv2dT&
z({F%S(iP4b-{i3f&B0vjnBiohF0Q(Nn(x*G=yEp5LE7E!>adps_PaSiJ`4mhW#^J*
ztsJ1A2V{+0ie(R=gU{Ze9~vuT0s0I;no1zIwO#;$-*vhOo@u<!9P4JOkOvP7m_w+7
zI6?^7VFmvo9qehkG7#b-(kf5F*=cTsTvTHWL8t2&nwCn`>X5+YNrjeKQrriKJ-iEH
z=<%Sv58+xP4s*9#jgSEC^~Kj)&^Fc)&Y@Mn!nD!yM%o_KLe3%96q57-p)oz=e)k=8
z9|sS(kNu<c;f^0z3m1aPO!&s9G{XJP({0Of+PAG|kbFoWIv1%5t>aA|c9>kmc&FRh
zgdCii`95$*A8eUzda$xK*b+cFk(rfnKR7c3uV>0ARnQG)zGrr;koi8WIk_JtI;lIv
z1>tITikJrqMN1kazEDT4b{l&`mO=u=@<9hAaS#$o2L9dSU&w<imSG+|kOS-=Wq@7p
zCv+vYNCv@WHvh_yW8t-IDoY26Wjs!spBYNal0j%3@no32)zBh{EmO3Qp6_>?SWb}!
zTlPJ*L3gcHw>$GH4y<q=!Y3#y5a2tTvkFOA22W-PSW9F?qb+aRfQDh$2q&?t6p6M-
z&jI%>H*}4<n`;@u8oNYK8fclz!Y2_fg9lPM3g(Y%<md^0_%T;dgo<&;Pd@5AY-`;S
z6zmUeZ5R;$eO`*UZT4lV-q<5Hj5OW+De0!foR?;BWyf4yc2rpnOS3Zq7ofn1BydW7
zm1oz;T!&QB3ozB9qd`e|UfLWN2{l4BrG5Ea4}6B^Xj1QD2I(b42u@j=0`naQE{6ug
zQI(Xpfn-c-VOX=)X!hBQ!lYJ$HYegxN3Dj3Cp6o%(bo~kh}Oc*bW-sBh6~7C9MHDV
zGD!4}UJ<~Y51cTWYHs!hEhtfrwXj`lwl{k#A@+=s$#@5BqP<<-Gsh;!Q5%f3>ZSFT
zMoN#mS>iqu+B6W$j>3|TBY~lDmxzDCw=*-fG3eJ8QhZ@eXX(euykHnONx|WugIXcW
zIElzWR!eO1Qod`WmNS<IXa5$`mk%sg4itDEsysqhs{`kYAzmfRR<tUqNZ$(HPI=F1
zI&`*6yq6fDI})B?P{;lViY%i(((kTWIBhuWS6(3z=fj2G`VekWXfF1~E%!%-Owq#*
z*|;>0v^LTPSxsjm!?7WRm#=A|V#!gW_2w}|a*?cDJzU!)V_jEEyW45T5KeR)M}sT5
zWC|vd4LD?vw6Z8oK=VbAGrdr$tX9uz4i}*Ej`Cxn%fXUK=pu5k63|g=kKq!^*fi@j
zwOw~{_h~@OKOwZ*9b%)$>pB#+*pTXxwpaB8F5(HEo$0|~U;_F?q+V{NZTt}PuwS9d
z<KPk9dSE*)xYVizOeLqnxB5)x16X|~lL3s+c)vN3nL66&xg6B2oq^kR1fT%yq=`Zj
zkREUW*s|P6(UbP4MDe(!&9W>{3JQ?GNk4o7f?W=92~}w$wR_iY-;+~v60ZvJ#m>a8
zC@QWbO4{!fHDo_9)2%g*V7HHqxmc)r$jk=Jw-8l;+Zpb`LhaDzSCd6_6ECbJFaooM
zN$eRTIjdE8l;_OH0a?J5Gt)R$%c?1quH1O3F99#czQ5K^Nc91&fI?PDl%)gbAj0y^
zD6kvVp#)B5KZy_09Dq&C6vxrpj#r@unK$6D@W7Y7+!z>h0NohT!)|OAyShSdWj1mR
z{BJ05Ih2_?gan<E`j-QF-R10XO_eDe!9yu4-GNnU=)y?V${`9`3Z$en(6+?s6ojm6
zFrF=yz**3NAXXIAp7-T|R&Js>R>gK-rRHU!1nyT$)=8-hvRdZhwubpyKPwcU2l}!X
zp(rRRI)DRpHCpSfhE7ZfI}8ySDynp9qs|hWDr?)=U`-c#u#0wXAoLLDn-HQ>O2RXc
z&MAnoNnDU&NNEB|2ueGdk+k)nuK{F-g?t1ZMkv(eZTjFVqeD?bSg?gk0~?%)Ln&Es
zx!05U3&eMX6^0V(q^J2n49SZ7%pT?kCCm#a9<Bu*J_d`6u}V~TRdd%!2j>+yZ*zqT
zg`j7^6MVSw;z+WQPvH)W9h0WxjuV}%ww!L00Jiky@pRf;h|G5?&Pqc=RpBt*;=ppM
zGGGptFE=g#+y6BjCAHWF-0{pZ7_k%3j$A|5$+wU3nXGq#Dp{_U<=iHk?Q)$L4`K6Y
zn=S#oBnpS145zbXu=y!@r`ww(gZ|Lj02xBP9f<b?hlsCs0F_0!S&zsl6uc0w0b3v{
z(=aK3cvq+dXV^MuLw0c4c%n}`J!xzNk-5sJvc7qCG?0N9`_V2)8N=p+KENbIrWAB^
z(C#)z@JESa>1-O4EkNBqLV$u_I^@GGQTUv3nBWCP0aO?W0motk3S1qfEP@kAr*w+#
zpsxE7#o3GRwvL$MT#TRt$DDM*6NL-J18liy1(Q4(*h;I*V0NM9M(Cu}AKL&8CCW;>
z%NkUKP@+NV+`o7l$w4R)dq7JYxzb9Yc8ch9WVP<x*th}7g+ow=(DufvRn9?h9>E5%
zsGso`4s5UP3YQv}aq{Ir@mMcG=(beqd^$L)k`do7-gBA^)J|tzMD^uGY@fmxLba4<
zF2?vw%@kasRWHw%kJM`~_F+q)L#yzGTt<Pgb%z$i!HDo6IcF&p84e^A?t&|gz9C(#
zpH|ViFYVI{OXp;*!*H31OT=zy(POBTpB%5P*0NfdQu%Ole6!Yp7TwP|2}`+df+OA;
zOwn{VS$ZuIDXGOxeb~c^J=~=@vgPi&fP8m*zH2yQsIM*p&{43{u!As-o>}SvgPzGD
zH=AOSt(8+e(@i*El*5t_H(~fqiVY7S3y2tyK_y8k>iA<>6qp)dsgWt?PBDr)Z<}EI
zra6;-l$7=BllbvNa4LM`vrk+36G-I_AfWviwi^o$T4K2%QP&Q;X3+Ir!`%_$;Iy$l
zMZdnf<0?SkUW^F(rd=Z{4Q#qQ!%jDpAYllg9aIUK8NN)Mb`z_Bz+%u^7jT@anNE!o
z(Cz^P-5<<SaM<n|s3!~#$wE74S3^L5Cs)>B7!~4j!DOP_>#lW|Ljn(gBuxI1Z0)3<
z<&YqHnU2U09w@^0j}~FmTn={~l06CzfP5HipROQ9X-YsY*%54sLRmJQhxswAb~n3g
zOQDPTaB{p=3$alknNczH4W-H=$i|ti^{f;Mh+k8^6lLWziNbPIj8QH0BUueCfeD)j
zt54Xvd9eCSW&#+Wi>=P)(Ex!Ro6m$#$9UNS5Vsv*#(KH~ULm9F4SjgJ9HvO&VE8qp
z!Xyy}re02;feRsQq2lYHofEFvfRH^1O^CuSC<TWD#;USs2)SpvP3T10$sD=6g>*w^
zi_n(%1lz?+`HuC@cVX&9`TX$^_F6dJfN)!9_>EC&aG7%*Xr^G+AqDzTUQGKqv_%)#
z;$_HcG2i^sNNIa3BMWo5;<9;|A%LOGIHzgYvDyv12Uv3CbTKRjVfJAd=c!#8JxA>J
zxjC3{ab<9<vPc`3hOKtvB+l2UoEweA@rh|E3+K#r*ypLC#;gP~JnC%7o>M`r@o*fj
zG;nXF)c_;&Kn+9pVZn_^K8d4$NX_XSUzSY=7$f6A$}ETJ;HYYrW;^6<nOHPK5-8WH
zz&_3+*d8FE527}Xr2r;L2w?lbDSG{cjt=-6hbL^XK#6gF;=gInPDT~JTgfq;SgCL>
z2+5_7lkSjS!ePb_=vcNfPnwEsZg~-D(bO6I;6$B%a3Hvr(T5DUlNU6|?dUBQDPmA-
z(hs^uKW-)jqhJC82lRt=o__rL%K9BT8YjLa{MM^m2<+$8;bE`ch2Z5O1wb;6>t8UD
z_9^n=q*{a6Mpo25NfDAPww7QT9+Kq4$rMf&GnF78hID`<w@^SXm{eD4>o`aZZODa_
zIS>ryUZxY3!8qZuVW&yz_fQ@sEkbcV6Q#-plkq-`d37-b07@9b;1p?+aiAbde1@oG
z5|;?@>bNeu1eD<Ds>vs;9x+7-bmrc2j#w<Dr4?Q7^+YE};YYoxGZX;H%w|I;aKZdl
z$fZ^jUXv(cK4xOum^PS4JKZMRjE?j~PeWPlHlr4m!3v4;nb56z+^r~>%&&AY`Vp)I
z!~};UIk3HP7|!bgZL7*+IMXb)BjuUm7~xb{4sZu}8muVG7NJ1|d!T(0{`mUs1eExx
zBKc&twgi(e4Jtyw9?`{>C{+oFgnLhd`kSPk;~^?h-}uaiYp^xw;9uUr(cYB;ekdnu
zYbt0%cE3w3*lu%8@ayk7Oo}L64|dVMut})jT69M0%P&HzBy1Sk-ugtz_=*Z~U=6YY
zZe8OathQ@@iv^tmI)b$VTNc=AILQ}FDVnfB!ncMO!GNela0pPw-f68VECo{xEUpC%
z_x&Glv}>VTaR|eVJ6!k+35t+puDPNT#G$0xYBY3oKAe#4ILI>8Pym4Isb~&BQ8%|-
z9rRNbf$Kbebkt`u6Ts?|NV7R?`y9Do@+j<7Ab`UQL^mWV1tt@%MyrrC0*VB{$INtU
z=7=DC@)!0zOK?`YdJHp?F2C7LJ%0to4yFW6*}`ZuP)4=7iTzvKOCDTrr)}2SbOe2Q
ztKAm4i|j;G1j%u*r`QbFh1%)}XB;6Z8RNCq3PBqpQHW#~3|+Bd)7dPbf&!9waAVFi
z+I#~X5l{^HSf~}?cL4x6lbGTU$p>x*)m#j7QjR^@ic+(pgl@#y40YIF_ED<uL=^yX
zkAv&!c8lSowvWM@-NEgDTC#CX4|bf`nfPpFaX@vI&9QP?3=I@DhJy*ucKb;`BG!b{
z-Q=<w2HK{C`jZ7TO#>vn1nig^{o^}-DtxQYWHx}+CmZvIm}Dk=<CE^agv*KSrk-{M
z<f>kF__7)DKJ0CTS7ik_8&DmmtPs}wHU26d<_$?-xaui})jSZ+0|eJnTiFVOe3!2n
zc3~HcEfLA}s~#2GfD_mZlb_18LDL#`1t~1n3YpI;k*%(~YTEeg&;<jTdAz5|HrEO;
zFf}^njT17!cjtHtpFAz}Wit((iGV>-oWV7e?=X$#QJ4n>ND>Eah|S3j>vTP$fe$tj
zBwY?}8e#HC*d1@Wd%;0ZKqiDYeq%e=p&M$x8EY87D(yK-=}X1L1ZE>JLD-bh<0F}X
zs1uM8hmvZD!RIw3T(m;g`K;C+K(jJmTWMn#;v=?$7X<D&TVCFdW3e>{Jtmj8R%@%n
zP*)748(bj{noMk+nsA(<fMu}c=<ph{tO;2Q0C4@)eu$4l@T`JcX)OqjO_in;h%^xO
zJ2l#7d4!e0aGz}*>^4eQ0!ohK5E`PWFDoC$99gMd6Q#%ll8Jt8Wi1qu3nmjOc7<&f
zp9?1wc=ls88?LG(1qhC7yVs}`xgZ34NI5N)AOKcExyj{lP^iMWAS$W#yV**VB!Jo~
zC&s+LHe6K@52!03c9M-yeG~v@ak5ieOOAFiq+tL`p{TBN4dlpN;&N#6nDjb`RKCbu
z5WO5WYNxT@`4mM6iIgEe3c$oJ#OUwjF#)bVllcHvpBRhH+6w&EgjNXPSPPDKdV>|e
zd|N{WT5WJRi~Yux7{$^^j%b6x5RVJW__w#(q?N*}!MqBLV&*Ak-u?R3!CtpMPH_TL
zAh^vZMO1Lng~KogK;$|`5h8Ipb(OsXLdSZrxG773{0x@5lEYMrgrY!lqSJyEX(O3#
zq_{Q$cVa%>_A$^RVM(twLs}0w2dyb7dRd7p*RNq%d%OjS7ls7BF<2JhWF3SOKml^Y
zD;<HV{V+ZEXz=0_Ic8EjQWnjzC*`d!)+|0ljZ(0xxznUHf>f|$u%vDPNZ9M>De{Il
zbdM~W;sp&250zq}tDRm+j^T_VKudwi>}IRB3NnV~9)7ZiX)e>Y(WEVgR}8Y!=6_JR
z0+sE2ah#d<+nd-Mz|7uVVM<yZc%EQauA%iLVUyCCQVJe5Ovs)G#O^lyRG?=%DW5$h
zkmn+7Fb=t6eH-O+MSHiZE(u2xIU_rpu>|g#98|&VA7Z-W%8R10Prz+LVl+P9wgFo-
z$ZorExe2#MTu!A8g83RtyQ+=FL_IiOvwg^`o&{XgI7p1BrOBl<F2&noxU+;^=r*u-
zpfCRfqv7j;^cW*xur<W5YA<&K9-bL4V+#FUzlML-Ai=AVE(5}T7@|Q)<bt&}YFlmM
zl1CG4mui%Ddv!WaHKD2Z$C~H~4F50*X)gpMv-7otKI9@geY>l91f`>a34C<uAIRkN
z1BE{QkjksdM7XTjL<1M?Q1-GXNlwvH0GuM9!;B}^G)c1pqVY0pDF)r;Wxqq|!aEAi
zu?gg{J0HH)XEGVU_zb%b)_Y;=mC)4;x_j$UV?&v<L+Ijca*d*)0f5&^GTS8`0RNJw
zNB$tRVdHLrE%(b;6d5ElI9j-D#ttR~hzF+IWVuduSQsykS|Lw2RGYu@x!h_FNg9Uh
z9fGrCsvL|O!jS`PE8G0Vn<e`-Tz0?Y6%j+qA!s><Y>jNMQ7{aC0j%E~s)sb9I$T0^
zoJo2KM3HY$qEIvzAAX4ZEhzW^$aG90!tyhsIDS*aGM^CiC0g+To_yS?YN)Ij!yRQG
z7f?D3(;#QqpfukNQdRs}C|YOIwyB{)agHmo+vaP$7QR;N*^e8(#*Khqz~aVchfxN0
z`Sx2TIl(N1nUDPx&M%1+H1`~eMWSaJDq);g-<P$C!iYQL(_QufTR-Q4JN6jr0hlvs
zpS^y15L*RU5N(yy2I*pKSQhs^ta7n1Kg6>*W+lz*42DdA8s-oX9#FFVR4*#Ij$6;&
zE|$G`ON4u;#YIIS>*9y3<XkM(6N0<lYauSuJ{{tU4XOBxug*<SK_yEb!?BR??+quN
zARf^*(@CdH7$0CATf#LdFVRC8H~|d>Or`*oQMV!Cch(^W?+6sP?D2|*dxOCrfr_<}
zCEbFm)*HxPNlQBcu&hpZ*69sh3-Y2N?)XD{<OxQ&C3D8ZrEv~=V-V&HJ<dZ(Q23$s
zmK<Y>RxxD}MOC8Bz&3t;(hm|dg%Lk}+^D{4=K(jqxVrV^VhbwiL^`lh!dXefZtsqj
zz`1jh(ymz%Xan*n`8qmyAkHlC{i6}w&It0i#*P=Tii$(#x^=diSpT9o4xd!!oV<xX
z3H_)d-zFqo?5s}oVCtc&w_-$sDM}_kshUL|bfbpYHt9GEE8|j$5=}*vc7$qa4DLd3
zlxaZ`#A9vP1B1Y!ma?x(po~Q(pM)&Wwo4S`E}Q8*bn%315mtU@pEb$tIS)mXnVjuO
zzHr}J;<MIg0~|&0E&lUCNn~|S+*>>YXzGAt6<}LdKqvyBd53E)4=DhW333$@CCLMl
zN7bOr)JY0}q>7DfoTdnIKKJ-?6s$)=qpTEGgu4uUA*CckfQPL!>~TW5RlIT2s<oja
z39xb4{k9@VvN-Io;>aZeYS=l@3h{TRrkQppNJntEIP9yL02ae?`Hke(p1ZihNT?cV
z)Hbt;6vu9%<H;!~q?c;f)%r;lhm9(x5aE{}$kIH~=@KdBC`7PXFbq4(V>_+3#B~TG
zq~f3*6@O!Uv`8=t1i$ERi)x`FdkB#I6>%oFmEvzng}F$(SSnL1AQ*7YLpYzNeJ%ka
z`?;1RSQ~*{%w<?c+k-*Ju(JyH>K%qspZJ3>s`Hn0ja>^cWQqT+MX_`n{7?kpfR(D4
z-8JT0zzWvQAmk|tZh_z>av8%NE3t~3DcXp#W=0r_g$IpI47ZgO%fW`B#hPR<b6OSi
z6mFgMtd7|Wp2e5}Qw;6%=&X@TXHXG>dqO-N$ei7hQ~?ltl-L9zz31W$%I%-SBNK!v
z7}3JPBrK8+Q(WI2A!abSYz*OAhoR>{bDmPT?zs+^<C*z<t-ZF1qsuU-14NoY7YL{e
zp-to@lQ&CH0jG-;W%0)yRbi65Dmh>oEF^&od{q%lZ`}jz23}R=(=F+IT8ySshOo-R
zv@3)7Mo)mS2`q?EDBi28ILj>M6Fe-oU_0kSbo>Q_kN}Xdu6f8u*UWod?=gtPiEJne
z&{bu!Sn^RE0CMoabjXaxu<_F|1xLm*uoRd}O2s-*r?mvvv(|Ak5aPcftI~H~Q3)!m
zuhNMI=#LY?99)pY-ZU0VvsGDNc~Psg-d$CNYGtNG3N^XS6|OyD0<aS}*T~H^C}Wyn
z=$M3qZg&QU0)7N6OHkfI{3OS;;r6*ga2d%4^Bn}Av=QNEHZ9H;245)j+HN3#xhQBu
zLPpp?4%2B`fytWY1m7k0Q={Elswd?8MJaDMNWIE3@<U=R_<H<V+`Ev5f};fcI0VIQ
zqE+M*hzBU)8pWTmzUG*oh^6{A(d>d-GC=GsEqP_q#%vqmZ{}gR`IT3j9;+iXh~XJa
zSAMudL+=q<U=C&(Fh_&Jv9$7re0(t7vFx2=CMh>j7=EnxKevg$lHc*NHa`U)Idd?>
zh%X!k2<?2@9OUc2{AK+HLOX{W)vg09pJ0UfmbL3DEKEl{2&9?WNT2{R*ZPRFPEt8`
zb18O$C~!H{CT6#v*k*>NaOw!0r)!&-sf*rFr+L9+Qp@VCR+T|QH~!g|E8*)qP2xzL
zn}VV{Nm*Peuq>f1Qf4~NoZKWKy|te)uw%U(YHWBWNgLx?082I!46(fn5teFYQ0%me
zM@7TJWktD>ohzy3&9AUh;82i;)fJFOZiopu4D)b4e8LvRPfzt})rTR9wTTdUGrW>x
zPIvnazGFJKd?kI_ZbHIpv>>twK!x#n*hS%PeXH9bzeCnP5x7l`5_gU8y{mKC8&X4}
z^I*7IKSI|b4Nje;ox%-?)!U{=kUS<iS;<n&aM-rNl*c2`ZPD156HYhWEp#7kcXs($
zw=~<^XjGbzQ%1ANaup9-hE-4>tE>k&kN;B&M5iDWhW?B0r|Kvi+z3csIQFgMd3OXS
z7b26e0GDi%dnkL(Q6`Z<G+`eZyf(n+vJD7E(O7Y!;aeQR+*Lx9QdLPo9k!hOV9ff6
zqHGl6q;}TC!zVHKpkxSb1WYsFPPE}9S*K=o2D4bBJwPU(x(Ft5evVBHS5T4!Z3x2v
z$DC~Hfgg#(q2}@+Iot*B3P24bu7RjL23pzFM$blJ{XzS%jKgDvg`9(st)|S0PK&%F
z(Wx9NwxweNO)H?Zo=gv??YX>aK8)h{s9u4J5Ez3&(j`4!=(hsdYVAHP41$D9#=u1_
z4VO=3D6)^6EHEO#S1Tin0DNFwS%WjWGU~-+3=pOpcv*o2+J?1~#4qeD1p|3UJ;eB&
zh=jFk7jEPG2?JF>x)y~whzW_Jhs&6HG@!AGrG0vZqj)m`kpeeM1D(u=Z}pkX2C(|1
zUc-w99Y6c|#)2Igfp>E-w5<q)n4uHKA-Z@s&hfBH%j{R^&LW+k#z4AOP6wS0my5J9
zEXvHFG2C6WmcGL_h;I3jjH5stWF@Rws|U>B{X-me`*1FZ#|3I|CazNyA;}3cO4Mlz
zfaEAVGvfZ0PE-PNtbe=>`zzd&Q|+=`za%1=0v5YHm9zjz7HG!#F4~Y_9G534Qi9fH
zI3II*7<5k9J``Xvz!eY!dGU!sFyDdmAr{+ggm44C$;6jpLsRGMT|GDu_N`AQH~ZL}
zDo6pqB~62jR3a)V2jXO`lnkX)vK$BoiokG4k_!gIHI>F2vjK*cibdpB=Dah8uJARl
zP;xGatB{*8e+lvVZ~~?ZK?qm%kTXiTZ3Ij-p;T67N*E%29o}ivx?#rZq%paRu!t!~
zubVru)A?TTP$3?7lXrUVB$77je4V3i_F!7>fsxf_vnxN~CVS{f(@Tl1m<B!k7qC*r
z0IP5=h{t(+QhdgHz$-#rG9SLxXL3A%)n_sp!1%nrChwtkUkba)OIKhdvuACXwfBHq
z?jg7B{LjeQma&AjySrwKskggB*!eHjxh(rJAiy4eaOJGaEVc_YNVYEcfhFl#m!sR3
zSy!Qi7>paWjSi&SC<`Z8OKuoQ{fhf^xOKi{Iyi4zGW8`-|9Jlrx)=6^Z2cuR(uw}C
zbxr5sfpYl%QGt&j@4meh3d{obnVrp=2h8Qd@Nv-6(NTzQdclG;S?I0+Eh^b|aI&t%
zo!rx*z5*bDX+(&Q0x(zY!$Cxdl`ziT0mTV8{w2#FyO@!+$>Mb|-s+O&=i+s=mKpK8
zA5Q)J!63&g&8i%s@l|)ceq?{$)psuFFqL=?VxDXr#THaf0?$`@;rNeB<fR?-WCN_B
zmKIopm1aFemB(070q#$M$tn0lYQVN<@f7Fc8%3UeaC;plUNDsJhhZuKLDq(mvd?8h
zzUmepbsITB|9YyQra+v4L9!~~sxv(W=hHj)P7L$JemPx9!BLa1w*Y|e>pl#CRgwaL
z?B8{QT#&9*uC9eDazWhM?10yW_<R_*hVV4ON=T3oCo^de%5UF?T#zpA_hI|y<MUxy
z*TWyQN{|oZnl-#%L(Aif@BpiCOCSx7FD#5dCaF%Jno1TQGe4Ci{!oO3>?-rgQ@(&C
ze4g?{1cCk0%*IBNcC)s2B|ji>(t4aasUr0E2?bw-czw9Km|ME4DusNb^lE5J)h)`{
z+(5g3#0BG!bLs;x^Ac}0j|w1ue_Vd2nGE$v<<z%@TqCb=jl=~T`9v!B3E+xA@jdU-
zB7ys)1oNRk^X5^*wO%zq=EFn*j#=SFTdUcSC47c2+C?4@Ny2CNq9ijRN%)-cgK9M-
zY<;!Z<u}C2q84zhC(&+pI@LVCW<=3=tt`%tt{fr7E$_17o(w*6(#F)Bh2cjy0n$y;
z3*FO)<ym6-s^J`_4`T>=rWj#wlIp_n>I`$v5YHR0A*F=OY11rr=^a8quBErY@f(Xw
zlL0T2cKtcAILRY3Kk0V>5b%zMgp<0>6CwW$j2>_l9v~iI9m^0!jTe#!h)X_h9_r3;
zAMPuH_uI8@V_*7UY0{o%eZ)Q{`jGtxFCE=W|LuEFS@eSrT#C4ZrBM&scj>;-0}uZH
z^#27TSd_8O@WHiX6zbc4@-SSxuX@N%&7S|dcCUx|uWR=$_;m7h?Oyrn(U-{m(Ej7B
z;>6;SLm)f$jlFO55cvQ`gZ3T7$5o^9Ez}+!utb6YoTol0$WjK1s;_V%vK;c66(9>L
z9eGF2S~%I8*kt!Rm)RboukH(d71&<+>iIA9)u)p$^i^Q~Yi+)DK)QJFfRcJKdG~Gr
zA{g;w0hm>66D}m6zjt4?|7sN#he(+(nbarF;GOe0TX-(GJBpM54Zan;7wLExf-kx0
z%TRoXflr_)jJuNv%ka2oYxzBfC>ah;DcOFrwBO_1eF5(R+bdtdyTJA>_;m6GybFxJ
zu)dMg#QW_xr$^2DsL4iglWwCoO1B0Oa+_<oVV&5-#f5!)@z1D9N6pfxZ;JauQv|kG
zzR(nb?OX8a<O@v^7=1N{`$vl-449>Ke1xHv01b6MmjgMi^>7`^BTgip33CHE1CZxN
zC~MDp7f(6h#2XhjYK;@N2-^Vl?do#c!eFzBHZx(U8vM&sfJG#MaHAb69-$*_mCwyl
zK*HHF&ry{|lMcX*I{sm9#5+5jcVTlEfpCYxf))VY+-ElSnbZ5s`aYBGgTzK}$?Y@k
zeP(4J(ZN2m1gPz!S{M!-y7a)_vWU@x`w(;E{@cfA6-1gB?K7Ku&Bk7HdM`+1ZxCYS
z0Io+Gwz&>Hn!49ydtLkYnjX@(_nH;_;Qw_1*i;s-e-bhaCHDe*lhFiu9F<$X!6@@E
zH@!=M`$uCS=Ewki8E+NL({|dIKyZFLtN`XIHOkY<>^$17fSBw_VFi~V@#@JgIMBpx
zsfufDW#45Zdq?(Gc9M-|_K-b$)D{!!BeJb%E$?Z!*VisZPw5rP%F@!I%W4PG`k}^U
zhxWn5<>0||baeE=myM?Ny`z`yJv6%a!1B`Q{&ZKae(aX<T*)ps;m8T_P8V?B=G9NV
z`JHeq4MX6hH(Vl<mu$iqv%@s*Va%uSHH|-W5`Ww)a$(KeH{P8+tpK*WI?D15{OvIN
z?`h1;4rBiQW=2hxJZJq)qzzNaa??wYE5IzrU5V1+4i8=p>Yj$g2%r2HMscDvvC5G*
z$8qY3fLBNDvJ84AP93RVek9*2Ogs9oc5~|OlkRQI`)_H?URUY}FODCP5HGG@SE2pp
zjuJx3L+14oLdrwt$tZ~@{}HG<z#ZxJ46_NKx!@MY4Jk+-E0p;rs^_G<^8UVr>`vlK
zI(UUymdq|M#@Xggcnfk^2d^+6mmnmW{pRr!qO?_0m-a$1+HanrLZjxVBq@tP_f>I+
z%o|nQW#(HdG-}3G%FE0zO4}3OD!pF^uP`t0L3%Xo-$OaoQS&7g+HVp!ZX*z3_M7*r
zxXaALRNQ6e6)NtKxu=RdWR6OG%rQJWeu_#oYF;ZL-u8~0f0hpQXzBc%3hg&9mb8$-
zM$Nla+-0Vx;`W<a6}rs4Or<<zo+Qn}&A^V4iG!|!i0Tr@P4>&h10yi041Y^1;AStF
zPetLX`EnFqH2)ffPng?FiJbqWxn~r<()^!@n%yIe1L+5g5Vw;eSp->7ar-eS##{l&
z4)c)v8S_xk@G}v*zRl%@$Q7mGN3_kokUat~U`GlTW9HC;C?c4P9>`axEK*;TuO?Wf
z`g_Db4}3&Lhct#bP86q1*fMj=d`@a@e2Mw*@{P0mbV_JC`9AsVsMVPNxGf=d{Q<`O
z^#hGr{!xIsD2*i~IolU2=#yxP6`dUKID*uYh*n)|3%miSO(t>n)$<qqqzOmtWYXbp
zGJktFV!V|BPSNQ7q+KKQ;D<37Zz+eoCXIL8YvHflsWUA?@yRQJyteWjEIs)HeYPWc
zTO|}2+$t|g-(1%=@2pGrMxpNh^4;zl%CK59Z9x1&j{tj&=id;yE0}G*P3rmSNgznN
zs`YH2ze|AI+i*Yq69Ez=;|}^D`Ej&e-Rul%8@w{w;ou=MSKhza2wq}L_kxhW)PC{X
z7>j)S3pSze@Vy5rVUh9#(%DzI?k)47l2Mt4CxQ+0NYH6aH9~f`i>Sj7g|#U8#zn;@
zk?B8Po-)q_MVF8jo2r<PqqF(GOpD}Z-h>H}kClg9_D03}_P|`tyhi$-8~9DktI!gk
zWeOG`=FKGyQI;pCFhLnF4x84Lt76G?%gjZM@l%Hy^XZF=eLxS*N2HM@<MVV7c1c64
zR?cWkTZGE|tTXfAsoYG7!ij_<z%SB76|l1t@&-iry>))rIfWJKzECm>t|_0A`AQ~j
zL}gp%oj+dMcCkCTQ+YI9elSlLlt^i{eU*3!$11ha0tg*0Tp-ypFSt{fMr4!$YZO?e
zn>Uuz0Q01$moNrekeVfM$Fs~`?^fDf7*U$<LlDhl{6zF}(vgUH29yi;e9e7}CD;k~
zS+JfG3IR>q_&bzLNV+zhnRn4V&e4H4xPCX}1EwDtfr!q>DukwrWTwEDdH=0)Bp142
zQpKQK8S4bhIuIr$pt&F<v6rKBFPYtcA%x}W>Yp|JQq{6<iP8EonHHsO-!eZXtj!g9
zV~Fb&<?9lAIQXj6BfYfi?&mye1<o}0vn9hJuan#dD^AHE<Ft$49{Y4TDHFv`m*?cm
z6n7>8z%TQj3o1`E5A~RorUnl4XO%E~I5;-HD+A?A3@qn%yNaY{ZJ-}eGBu{z(Pmn*
zxUp~08KE;beAiEz@48R1dgk@dzcBP6xJ&qQ$%=de;*>ccY{{<Ne<cGc$l-CkxSS$9
zhkb)ya@Xlv0zYcYkBOjs^A`~Jc9>IDW3C4Md<P-(NvW3znl_jtfb#5=cOUO203mtE
z8(GE0ZW-EC+S!b5SY^l)n5FOB<yWr1ku(minU7hQ!ci!>`3cW7(r%l}<rwpWC>TAu
zXD*aNpa!<7KjR^Va(_b#lJ11YJOW5@>51xI?o--AUyHDd<{zS0bGv*^996Zr{GycL
zaC@<Yw@1}AQl3K<ic`qG8Ctm0zQGxxKzKRIH}}9~*<s#&0%HqmzAZxL^~lD!bh<IK
z6Hq&7u4T`c6iSo+326%6y#j@PK#~;iAS_6~ayI!F3f$w`-I}m;vSl9P69kNawSaUG
z9;=W$?wu|AzNB&u{p_lc6X3B5y)hI=Y?%}2E!XdEH+@-}FO9NXf%FsHbq2#@3g0*X
zWr5NGgE=7RaoBmAbUmCa+)I)GVJ;QTS=#`A>1YU1$%5oE)13w4yeS+J44_^&d(IUB
z@0Ow*=}5l?*+1%=%rRA_QHzvUN(cQ($@>K%gpZd?0G*}qBc&wY_ow;-xNP2J$i<Zr
zX_vj!GA$i7za}H*?x6iLiskGr*xlg?X?Pa`y_o0v+Bp*WZKEF?!(}LEq;Z^D_Y&<e
zw*mflm}flJnD5@sn4iaxna2Xe6d}CUEm!6lXdk+ZTQJat#s~1fEc{v6<_kTbkb^qG
zZ)2ISN=<$p3ryOyrG&h*oDGR^;|hTv>{lAglF(R%fAZih^DuO>v_a;bs#N0pPnU3M
za@+m|Aml6_|GHzLo7_6{CJ&DVZu4D<kWMMI+(Y7ohtN>b>1sh7AFFV-g6PifZoEJl
zirzAZeA#x@eNEYbGtZPO=9l;!ZZPzY_f<Yp`XQ9`@v?&HWSB0zKVC2|xh%HcBc<h#
z6{b^;2+XV$<l1%~G4(*uQC^_8Q%fY{52Erj(*|*K^L>bY1qxGl_zO$M4WahK9%ZQF
zP}r!Jj1}>MIs8E()->jO`1%Hcycj0)`V@e^z3dc<9Pp9DDDy}}*_Fhu_6VBaMGJPA
zl@(*&1~xQ?Kl7`?rd%sX)m2fK(oob0l{Z$IAM^{vOO|=8Q8{>EtYXdkDsg)(a10_9
zE`Q|W7&cZ3ccpXXZ<!0E6Vl;FY5?uFPs5)s7zAI)ge($Q4$fUi%UzlUSd3vgEl*?H
zM-y%T=$3hnEEpDGE)y)tG~Y6J5Jrx-?K<@ld9AfCIZJS8CXfeL-zYu339xHqemG#I
zD-TpI2RGh)NID$%%$ZWYNn)j4=!SdDsesF8`Lxt27yw)<01Q3x*j>Jpab1iW)05P=
zXdS&r{1)l4qoA8+MCdq1$k}RH-skJp`2R71#(m%^@tpEFi|9xD{<(g@EW2zXY?=2+
zN|*2qIB!T&8K3`N)9WSDJVy~v%+u%5bYPAP=3|Uns(6{8bhn!+blk?{l%tX-O2X^I
z?yIDL+;nghk67~`VCFl_J=(_H8ecyIQ!@{i;&(5R=eR%gK}+gh@gaQV=g=t_`NfZQ
zyej1KFX?_=V6NQ@6=buVWUMkvyyW14E%Q3G!Oh|Ljo~TD&dsVz2$CuTo+SX3PE&B;
z%h9j-ZlQx^7KvWf2^-Oo@CNaUFT}N(RQSaBRGC}mC4qlgy`}HhmU+C712DW&{7?Y{
zY8kG1h13NQ878zWYRsFYV|EnD^}rJ-YG)6vpsw$#?CcQsE~#J-Nq^n`u867HM)fti
zPgB5Fyk++K#)!oJ1dh6%8jNHkoW<`dUm<OFgX1M{qzu@lWf_2}_&MuEDHc%yVegR=
zdFq@k5<Vt4<?(WeJ|-2&m~M-h@B2#g9ekFQL47a2&3Olz=)$bF%x9!2uGZ7!n@}i8
zM#A`fC{}KR-(A<``tV_kIt=#Q@-l8En_XzC#ihN_$v%4i)VH5ksf$8EH)x>0B~7Q!
zGHJS2e8`tC6WP2;>L|s_-KBpH30r2_(E!YW5BWa1d%;|bA<k-hHVePMxP(B`<wa5u
zVgyf50SrO8DZg8{+7FTW4G-2dL90LV0-w&s#09=qernw|<tvgGNi`l`B6yJDE@y2|
zmh6gqm|qj1<UL(R7|)YbLbGLj=v9Jymk6!2JY>rpl>C4NT%eEUG5FhIF1Xg1U&PmQ
z2}FIjEEok5FNGeFpI_Qj!;P(09nNn085}LbkHd7w4@q7IqLO|JL$bsCHVQw9uUp~I
zJPiME;XILP!!5>Q(?XQyM<k7`G5Z7%X8+_0t^(}DpHngJ8mnN5g^TH(I4udVIe5O_
zNzQo!2tvvr0&SU}l=5ANrzNab&VtW~KSys0oq$`3CJu&3Sz3sTtl{n-SHT?Zy!Ht#
zFz>+M4s*B6nCIhboj@1h&$q1PE<Vpf8VMR270>rm?K`i$h?XRASIL>Jmqfz~FdNtj
zUlNO(@-_iAl6Gf1%<ItZ<M<+E7B_5<1ds{IjTt4{jlUh{yU16=7m+sSBZpD6%uIwQ
zhbij!?m(#*2EfdIV_u03t9iyADD%Yu7ZX2j7~rzKc`AlWBHU$9c(bN6z!&cgF}5je
z<M2fsN=OFh`A8mz_}U$5kDb59j(hRU+FpW#28k^5M|%-EDe-J<jnRb3+FfoFz{>CO
zTYe;fkqdVjChim<xT#2|ndZ*74=`6J9sFF0hDuc#zY9N}ubgDnLuMAb3ZGE9-T3Xh
z1~@Kg)Q7O!P051>%<`zSI6-{h-9wU$vf>{4rg;#KkflKKxnpjnYH$(u67^$29g?z(
zM-MDo6V7xG9Fs^KJmZ-?;DQov*715D?$T%GY5M}ybsnbzWUc~s*EhsfB~$cF@e5QN
z!~4?<X$IlV?8nKp&xLB>+Nrxny*A@y5#k2l-zG&0b4L|{fnkT{FS<A+Rwm3xz-*-q
zr%Ym9l6~Rr@*)KV*Wxt4C99Mu4sKtE2_bRrmytX^Fo}xNH|0kZeK9rSWxXHds0q|r
z10fVi9)b%o<J25eje@s_9-z<%-(QiRddO@?dH0|{GGCzMV24}sr$zUF%v}|->;$!F
zx>QjPSu+z|nw^E&OanK;hu!zb%qez4&hB5XFjT{%cmwmy{A7Wpk@-87j1lJ8*Wcbh
zG+m}WyYnZak=JG}ES==u7vEniQtd$dWW7dQrKp}}yK*RTNs+7hC(daN6kJBv+dqrL
zNr`|$&rZXR8bRk%#}48JYL>WS{Cn4Xi#*af#a>o(GWUM@E%R8VlOppyRZW<Tvs3Hv
z#*&#Q7F$PdeMS{iv72l@aIigksiN%g(Aw`*Lg(Eu9qog)wDPSY#z^Bmp@xjE^*R^z
zBWjM2emL@b^~+=iA}DrG$tgc4uUBo*9x8q_-v)XT<EWNRNtk=*C7}mQfKJ`;MAag&
zpOoK_Tvlu>qe*!jv&wv5%^bMuSk27$6ip~6NmZ%b5&4r8vuEDNxAyAhHTMc_65?kc
z?4&iBR$Ls9&k$$0ps-A{&iQ7FVbG8rZFiSy?aUlj2#boZqWHHc7VF(Zz4ymLgId{K
zhk3&@(Hj{R{PL|r^CPNt-e2YiAWKL}-2CleF+CC4>fB3BE_$rwLPem$mBqdIi3>tu
zuJv;`%%r<7M{o-gOVqQ9DeOyCY(g@Dz7(m6@Wbu~Kdq-431%dUF5>J3@73dQjwMIw
z3$R~bg&1Ql%Mau-`8T|^DoWjq`=nw^bd1t~s@pP$7nL>*yuQIQ)T0$vXjz~+d%2pH
zj-QzC-!5Rtq1*gY5hr+65FMKC47ym~ErQIe&ct?ErSJPrzE2m4+N;AQ|5~`|z&J*d
zG{Fg&Ql6lgJPS3JrTo3Zj~hw$hIw<vp;LKU@>L+_;;^|FKVMiZi7=KUGMIHq(`dM9
zHO$PnVw}${(RGw+onE4aeJ(8<)0r4fy?SRT!8Mp><l}A`z)TWEk2pR%ZLU$mC5u<)
z{vd5>ge!t(-B(oGm=ib;OBKahkj>nsTyS8ip<TwwppE}Yh0bPOxmEfFMNdxnn~KuX
zgviVb6}`qT^}nxph3gCx>Z{d!cksfL-=P+Q*thRV#d)!6*coVLl)r+_o?y@UD;iS-
z2R>bgv`qiezdOvw-hgclzCK8x7vs<Fkeu5ZY=JsmbDe-$(M)U9GX)}x79mPJ;Lw|6
z#6)R@=hATM0yl;2HtncT9Q`+gzU?qCdLs_o?+ir({>&n=esV&gyodh-=BX_L-NZnh
z1Rc2|t)k(jFhb)@WJp!wxq?;V*0V*YdAPPo-p4X?9QAQAoRv2F#P`rTu*O-i3tNS|
z9(5g60q$0bd+~ZIgG!zS72iby)Qo~dk}vsQ5W3KfF^r$B17XvV3Iv%;(o44pei+!{
zs<IVGiM|)7q@}K*)1XXF*2AWW-aI}9@6c82jK=(yuaasxWS)b0$B7GGQOz4}=A!5!
zx#PGSzhbfW=b&=V0{>xn5&6Rsq)YIBux)YdIrVFT0f&GuNENAdzV<n39eT_si*VaY
z8frS)1aD6_tm!xc<PX!C`mpCU{@yZQ1^)~qx`=VH=4UiO$gy|BoX%B2#)wYEGgiSP
zT@XU3Myld)b<q{OAvDQS#B2@J`@yItLIs(lm`O>AI~<UCdgf_TAES(2fPYG`;5B!c
z6#fX84u4&jvAL^Q&)`!2mN_X@lABF;kWmLJCAC@diG`-T{U<kPzJ{kXEWLkE4aE$U
zgpl~AL6qN-(M4NoZ4_({N<yYWMHi0}a+Pk))Hb`rfk!THG=0cMk|CrA*`26{9LH84
zUY1>oE%OFJX7HDe`-2^r6JyQe9&t07*6t71VkZ}^>=lk(B!YN>6r#PbKU#*<QC>tA
zG-^0A;UegJtTNcpVQ#}%1tW(=*ms8=eX_VB<0-B`qcF`*H_BA@mia=iDfFuR*;2<3
zg|wK0%<oFj;)}aqmG1B6{m<Kd@LcEIo_q-r?zWp!9ibLi?fEB`PY534DP$fga6g`w
zhVJM4;Umn?d6*i0oBY{+rdv;n6T*gb<o55v5@~eFMHN%$xAIVPRI0+znO(OM;^nre
zd74Tx9=&l{!E7JnCG59lra~Rnva|g6CAa1NGlGgj?|woO;+Qm`<Mtl<Uq4MQ5{4)4
zu1KEv0r0lNJoSCXT#o3w;?I1Mu)yoKT~p?IeumP^zdis2*)z~B^J2*&#|ZE801S>5
zvkE56r%;#m41|)LMthdHC)KT83jK;NEM-aKHz{L@Vp}QBe?hVU?X(pSRutVm%k0}|
z8iZvQC0S@C!C@@B)A=ldh(i!Q@x^KHSY<jpjMEUYnxzHaTV;<`7SVLFwB<_Zr2ulW
zj-xlCeD0M;MqCV%ErQb`E0Yd=k5wpdp)j1^$5oO5Myc$YU){_QfY&-}2<*{o75;g9
z2BLoIooX-zxA?*=HyG!TgfHp}#hAbG2xB<WgPkWA6LBe`X_XcGa7pBfg>WzcHm5p+
z{-$}T6zw8?1l?7&jd646EC}+?wjmLJ_VHmE5_Q(kCs>LXM^qpbuw~x7P1)jO`H!UN
zKvZX0vbV#^Vcj3~3f|cD)~I09rjC$FMq7F~mLY@7C|AcS;V=(&6M|k_j7K}&!?$Rs
zLsX&yA9YZA=-Pwgm^!|_4QAZrrnA421EOQTqJS_e4upJOXW^;P>i@)PIN@t`)VuAZ
zE12b$&LI{%X`(sYhbj18Uy~!Bs%Z;q3q$ycZHCG+ir<lZVMKVEV@NDR-Qoj4TMuFs
z=OyDR9DS4Xv1_Rgrkv_(s|V^aZ}v?TWNc5De<o>tZ$2rlvdh4ueDP?3pV-i9xJm()
zDfui9q?U}g+Xx%;(OtCmec}Vy$m8p+_%l~S%5ay-N0PbbN^Q-2<3a_RK3q)}v7+EP
z-vpD|o?E>Oi@eVS_nziQAVqq>Bo*=@h}#|lA02SW&@z9cfwOqzYfwv(`<u5_X(wyL
zI-H@_I>~q&-a+wUZVws6mvt;%>f>U~IJzw`@-K|t>tKak_AXJ5&!T4%n@pM~>w1s3
zYF+a#XoV%gVhdiOk?DER2MH`ZLw|3Kia?VYLzfhM@VNPi4$hhnLfG=L?qP=8firp7
zyt(uu6|9m&cf2i<ET(-tz>B@|M^v=(z5ZfdNY&h14}f<~{U=d3H)|be=FG1{-jV97
zn`=ur(D=H>=jAInI4}>4vZi<=sn%*>*v;2;#iz`-aF8ga5!#*i=ikz(TdB2Hv*BvX
z)HIT7Ypu5Vq8hdNm2L_bJ~UkK1|>?V^vppO-obkVb45f|)}{C}R0-mq_E&MHA=#mb
z<;>V=!-eyFZKYjXZ<*_$n3NR$rJHA}zRa$6&GYr(IS0uv)lE2zrv>3A$^6p&LTS#q
z_;JVuW=nO0ydxfk%5T;D#u-}IhZAh{{}OBrq<P5<)C3*#72RTS&iyZX*pJl)*w~sM
zLfa{MXEqyDTsI!fewRF?!<i`#=$h@#-b!XZ6_t*o8k}XmR8RZhkNsg$+pM?I|9C*C
z6Gl2<3xgJvWp~hcc~rO6;diY2pt#rGKV&F>YGVgZgQOdWQ#|7c$E*F8S;t|3fREQQ
zI5S;?>+nvaWgY-srNm(R;4Ro8UsV@act7!*ie%=qS{vfICyaq+JrmttcdZMd@7>X;
z!xv<hjIR#+L-PZT40!o&VJAl%>|Qu+l!~uJBRkDx5=b}qxH!PEZlUJ*F`P$5B-icN
zz{lWz9P<0VogpXuIthxOQb45gUjGV>tP~bYEqEs11PLCG2?A=e<nq>PZFSf(_f^QD
z35|t~n6DYr>%#0XTN#?iYqpV}XO5CD)%<X#Z5|$l*R;!&kz}T8zNZ<7dmwE?O&ITR
z_itm;?+iQLuK5|oEZIM3axC4z>jH3*WgZ{ZJTTWr;i0)eBMXjzL0e|-Og*%m<iYWX
zHF?6lRny{?wN8DdYaR$;RY+p8&OT^-aM?UnwLE$W>1T8^kJruXqHt=C>teg+2^xR3
zwc(n1oKBFLFROWVba)MD6J$x6YiUdZ^V+4Md1q8l$2>`oKM}^UVTWcUNaMB<HIXMt
z*z;5rz4|xMGE>tmp?v0lPS-r!Fpp7P8pqV5rTMR+rSuIJAIAT#_&2q17Ao%`0+30#
z&obLK^U-3o3f}V1QHrjqs`8+~g?`iWpf^HI=t~-Jv?1NR{z3(sVx=Ay(G!XlU%t}4
z220?@x-%VUS=zv0#ES0_waYm~e>YBkrOIk|vx{Zhd`#DQ3~U@&zmsb6aTr@YBVuR$
z+R9qXJR+)~m7Hv03A<8}#T4YM3`kzmm9`oU663y_Cxckd%5<9!!-Jvu7ggKITFd;0
zo@O{DU<8=Y7T8#LRQDp)H0uid^SQYnd6^&86~LGFCjQpgpOhew9xb>;i!t*J^ROtK
z8dAfA^vh-|n&z8ryj7XZ)|#N2k7yooIoxY^;op3vWs<0bmbqs%#~^ZkxX|b6!wD;Y
z4LL~gwJQhdy{OEtc}f({%$+sCq30`@%;vojxvq5AOkMMM_SygW`>6`c7N&1Sh4k_8
z5Y7B+b>IEl%8yfv+(O#4lGilm4-PzVOg7N9^Am^<(cOiJRy)0t99si%m_Jvn|8m?J
z173RyZEypP1sCsH&=O8B`6YasY~G`)n6C}7_F|6JhGt$9j(cL{5fLmrAhR<Xap#x)
zUp0N}_eWlR%YeX1^YI8<rPKW1^vuK#iM+y-3Ri}G9^MuQ<~53W&zRe&N{*W+snD$X
zy9iU(hx<cxdFFRisA}G=dlFX3ESmGp4jH49`tWbnH1_ZAyh@dL%8Y0l+HPciT@UpF
zb=KTRSBV!^P$Nj|$6;h8xUdhWuIa4a>HHt-VWJ%tJnpZV`)hd?vLmg^$v7<KAPUf~
z>H|6+Zq8bC=xIKtTjJjZ|ETKvB3KPpffe&(ssQ_T*dOUN|1s%xEy$z~y*PA&yq@!c
zA7n7tHQh}oUxa{&JB6>+)45tVcTr<XyXtpD@vG)-d1ee@jb8Dg^HsrJQe88jjlx~C
zqByENck{RRQ+ek5DTGeE;y?mBW-Z>orK3vQ@;N2j7GB_ffg%a}P~)MfqxN-#PpSsk
zP0=HC^@V4c7W8D9fH;g-hs^CXL%n=u*r=VxIGfw<3LUXt>p#3RhRm3j8a>udB)Tl`
zA-z`uoiNW+l<6KDVn@80c|k;>xt+zI>UD`!4nI(g%=S3E3%_48ay+C7>aCL13f|@6
zo$!0rI&YOUUBxM^!26Cu`B-1biG8axOwFtFv=d89ue&JVYyzb0cWzf`zLA%)_vn4n
zBuox!*&3}AbaE#I3CA)^kd6LHwU;Nv*EF)_!6Y(Wl#IzyycgG`;uaKpCqd7>C3TNj
z4%M5(o2vnz7=j02=WgDvX6Ffdss{A#dAd0q4FTyy{zf$!TbZ}(;F|eSJ-%4Ot|0~2
zhjf}Q8=y;fj$`-D`|!yjc3A7FY3kW-m0BOw-3JF~4%_BpMSe2_b4&+^W^WEP)vn!<
zT%+X93CtcwKus4fFNw?-XCkh8*PyXWrkfoMDg3|dwe||lG*_Tp!2op?W~-#iGMA|t
ze|XqyccG0kH&Z=6I_$3vSFyg|TeDm6^O@A#{vt&M3z+0&MDml0rm!!1x~5B|DBG=*
zrRIfsvUdurdqq_gg_bucyoSfipQUKTs%a`}Vv3e?OgEup$nsr?0MD(sM`xZG@s6Mh
zBLgR&8t)<1aO=msQXwup+t`WwhPP%~*m1mBk-mF(@Aou2h0m_S^7ueCerH?@_Ue*?
zj`T&*OzeUye?wD=eR`~+Pz57N`;09((?g@oT5Um>+5{Ka817RA9CzBy8HH<X^6F9h
zydv@`n%B(08pvF&^L5Qhg<z*wqw5h;xqkffr=s=Ey+L)AT7*b}If*s2*~J;(ONz5A
z>~wxx7p2ukkBs<g7xy(f=DTWKMG^T$-Q7vMJO5ctqgGw_yD^~zCC}@1Jxc5La)oKD
z``J|U+3TBMrD=E}1qW=Jr|IczwQ{dfm?Y*v5?R9X?vTX{Goh>VrvfjI25plS#b1g9
zZBq8v&A3Lw1kEq=mm0B;X_@=zetP}yyVM~8FDcmyX)equom&nEJ{Qg6k|p{lHIhN!
zHS;z_W7vZJt`0WLXLK+%U)8~7vrD5^^xXfb)3nUfqh5)Q_-RFo^ZU$S(X_#8pF1g8
zDN%ZxTi+^B|9scnUdez?zjb$=A~Qd@dB~8QYMa}txtpBo89M8e>6Dzx%-<`5Iy&rJ
zgI&8*>`p~<(JK1>N%IJ;n>np}1R?7dYTdJ{ns+Kr&l-w9R7t$Xm;4a==3z_GGB4E}
z%&n?fjB%?s{|BA5ARvG3{-Izi_3=@`=X9(5YpDIwvGX$AEp<(ce4z5vS_)CeHuuux
z>XoRePVE$TuZ^b}>ob2`p=g{m2#-{&trbZ#zDFl0V@cNhi*9~y|8qNq2dBLH3suX6
z)m1%GBi%h+Hm6YK&&eYGak(NzY@^7YQW}<co#*3qF((S*-^(H{;xy5TnjJWlOy~OW
zs&784ptR$FZ1`B+f>rZjjZ>K6vvPS&r&%-4R%BjyS@elIZP(oP;?N_});Mpui_wt!
z1BtKY+c+>k$b*LFU3$Rsdy>cLIaiQgAFCOZ*13FL;n{0O@1fR5-lTQRT@?d3td3Y-
z6IJUqhQF4Ri|oUZiJ~gJs6m1v-l&8d4ZQ7HPw@sZ7S7!fW5zk(XXDWkmEo)^D>}UT
z_uB;QC!&%53Edug%~~`kf2AWxLBaagH>ut_MHJoc5i+%!k$dam*seQ|R&s#TBVDDd
z6m{{RD4Mwv>s6ZA{rT%vweTtzPMkiZGMpq?f>i)jI6UTyK=)MWA)|l^EaTcH;J(oW
z;-iQOMRDN?`+wC;RCLd`in`#G&o5S0TIxLG&g7pp&vW|sr|aH2rQSQEbfPvT=X)|7
zT$wqh_|v$kKtG|Tt=E7aQKLK6+yvd_l>C>f_0#E!epydkQoi^jxxN;mtfpv5@n2wG
z?a#lj5w}>QbB*88Q?u$dY|qcl!LX5N>oTfd5w@fUYSL@XUZR_4^*ilc(eQLfBI}bC
zMHMX_E>ugm(xd-BdXe+0$2V#bakEuhg;EG>K&`$qOr7rdODYLz3BrNZQ9Wgf<|TVH
zjf4kFe@|}#<q^z3gGG)|2|aH-qLCrm$Zto9md&c}l2<8yOrzHxbo@+AnO3X&?@?)8
z^A<&xq8p=!W<s+v^UsP22W9V5<KkJp{&R|S)!XTx(M*%DDT;+#YvQuc0Y6+5cgy_A
zEkav(uVcQgNu73wpT1Q{G7l@0fm5ixJ>va1&-%xFGo0$@?oliFP~j5AEJ}@*zMzL$
zpXki!N@mN6>-~yYy}s}diogl;XAuxv&0o-?Pe)?+Q!K<Oc^;-4-$>~>+#WrTeg`ee
zi0bw+N(BT-`x+hWncGCYQTyyC=yaL+h9<vKru7BQbjn!%i}XmRWZht1rYDU)*;!U-
z3Ci0^O&RVH^*gE}i1M70`%+E31%c_|ir_)3%LBYAj0QE#Z)*C6VFo>>`wF$7yPZ0j
zue>K(!G<d>+z8cl7W6>R(S?eZa;W$Z@BgmVZ7Nw&k1O^lTCO+5ZE%{)muNDGcT4Yx
zg&C)Ze0YSc&I%s1CuIDqngXI*x?@zMs0#m&W-`2|#;61qqqoaHueqyb{J*b<RrH?P
z{^$#u_`H7bm*Q?Z1z|sevPsoJU8Plf9Ec}XbVU4bilUsF!f0|7o!oa6aK<VeKCk(^
zQ}%pZ4fI^wsofr=5H@ZV6Cc&$Tuy9%uI@olod1%pj&`B{uO>hkKCrqKBVoP`8s1@E
z_H|>P3c=+%{F$G}B4F*8*=yY>K;DX+&h+NRniRINxIjWj-tPXVdfx9r|G#*>^$Wi5
zSB+kFkh}Y3bXN?-fsJg0kW}T%5(_ErLDs>&Ug$B%*%*y)6c~rT>I)_mK2+l5K3gBx
zpq;^RHiEM8aB+j~f{_xP?k&)*g|W&S-T*=qD!!5}^KdEGS{s{}OKZgkA-&q=N0Tl-
z;>eB~jg$ESd<If4twTK2)^#1i1vD{UKBimB-Ivxy9&S0tzEH&OD%dw!-@M;fE+z8w
zY1|%<VA8xZ1jf)V-*>P;_(pTtwmmL-Z=q3mk*o<!#iR0RsU4Ybc+ZJ%*;=y^-h|j~
z5S_i+_FEs1hh=g&_v9Z9@iw=)kMEy1rssZKk1NCX`GTbt_V)<gR_&Xo3l1dKk4sx(
zuDaS?G72PRCZsWv&Hg&X9#pY>NftLD+?Z^cKb8jhtYt`ltM7jxE%OJ`B+1%LakIZw
z_Y>$7LdG&7de-RCU!lTHENoi)WRz}+mM28B+ig_g@~X9ABWS{InUz9AnJygS-cq2g
zBHi9f@PMlWLX&)XoUaq06NH>~dgH=3kaT)jEH~{;#q*kIl#e7229?5KxcQCQR*2d%
zcL`0nL1gn-)p=^=jX~rr+EC>5=jXlF21eZ7e)wR1@L@Xv5)TNoRAa|a9IaazF69Vm
zVg41+X#PbHc7dY(-5;Nkc(o@=zM8FWYTdL0{_74Q&hseGNb?TqooD&xxiZ0aE9Py!
zD>$U(Ww%eV-F*9PDc8~RIj=t-$&uR)8M^mjaEj#RUx+^_y^u~sgYz&wvb;o4bTwW9
zfE05J2zWcp-M?c@6C0`>_%pu=$<Qt@z!sb(Y)M%T8)tEC?pLu}vdh2$yAFIx0IrN`
zS|?Vpe-!r+Gy6@hg#SU3`KQJ2DV3}Hb-0kzrK^*+=XiY$`(E2%Jitv?46*%dv{Um|
zNO^$ZWDGl$#_{0*uhG2{9rV|Y+<mgwL+IoDv4e?J25&bCIgFe6bly)2P#g#}xDDn>
z*jd|}onHmM`D<@gfzn<n1&b4a+d@FM>D^@{ceT^JS4I;^ao1dLimPjnLhsQTG@iGA
z);T0G7z>0mnqjZUZ(^8J8d3H(*Ry3TY~vw&yGxtT6*M?3kjH71n8G(J?U2R?)1C1i
znL^Q3RP!@3$i!EO>)?pgU$dX?bp7`%5Wea|l$QfUG$&dO|9w<_&(|7Bz1dCnR<5#?
zH&$6_sNzLhB)=9D?bXZ)k5uFYJQ%F9gM5k{#|2vNaD?vBW_a2HcWKMPljYzmGI~X#
zBE-C9e$jW`HP2is6p<r{=lDVKH`1>1WFClwDVQ!e0@u!wG<r<FrkAjA(ws+J!Pm4+
zGCuH$E>R9R4jw4aQpK&Cox!QV!2_36PQzHb&eAt!Nl(YIx=A=z!K>GCGp(3+=5{*z
zxd9E`GFJ+cF(~xlJS^|%z~ZAa8HMZ=AA>@~OCwM+_-{-UxtcxzGqFs<60N%5iw7PY
z9TDZM5uL`P$v`3^eJz`AEDFPcz49P|Z1z5(1~)T^d^)oA8LLEfqA`VPN^g2T-*;Tt
zP!q}t%Z4yZq2Sz5Oq0%pZ5*SId?#493r`jVAP?O=r8b+F3QH*5BBd9Yk+M2~!M~|N
zNydc&LUoxhOD)>T!R0b=uJ=)QsUh0+$4%=B<f|A6v~{fu*OZz0Jy{X$g7{HC5!n^Q
z9|`X+T#h{<-F6+Kg@jPIWt!4|<salSi?L~10s2E+)O&y+H_UesWVG~sA8djV>uShd
z*H>IVlSaECaBJi@&_pL_?icju2L7#aTWKK79}A&UmxzLJD;Jb%eqAsnlPns;^EFMr
z>06}8$5QFLJ!zlMDfH8V8t?nZ&RFv`A0bTMd{ZHs2Adx&2bM4saG93fW5`sfTDM$0
zsOEVxzl2J7f~^QNW)<cGLRyrXr_>5ikMD8vy-T}u%Ysn0TwdPomlT0K1C)y_<jxy1
zB3zc%A>P*-7|WTAX7@h{WxE}Kd7RCFu7E_%(1!5o)NsdYSv3XE;tL8FdA5Tpgvp>6
z1HAO=9}T6}%dP(}2`;6p#4%~vHQ&_jAc?^tu8dEATy}=G<Rf@AT^a%i4jEQ0x?fvH
zL#8Q%7pC0*F0mx3$4^zfR?y@oSz?9xEpsPfS@tDF^E}Jb+DuO5G*Orp=*`>~yA6y9
zdGfvAe)biD(B-Xm+dNmwC#fIKh@S;f9B~*q+>5QlH`QTcLZ9~p4H*e%7jR%j7rz_k
zt&$yigu1Sj%8BG0{a8xKgk>N?=+tq?*9e;n<Z#nFT)C6X1NQcJ$Xw&QX~pnsJu>o}
z660T^Kv(jSwzIGHQ_1oN%=IaDn{utkj~i1Z9+9M9HrL1kk_S|{{WjaW2S_?sG|7!b
zF=y>v?g>%=FHOW3%yVRDoa8|~khV-_T60Ebz(4Mjk^ls9`l!r(*PdvR3PNn`itZWU
zuf_fNfkT%b*t^gCBG@!=?zWmR_FZpvhZ*}-Gfxs~6fF7K@>JnWep$gF!NuKMq`^Uq
z<gR^0;Eqx;c(mwd(jBSbhBz)`FM_mV&C$b4J)soDng``OBrDdI`Lr~}%Mj)QX|zNB
z*Fnw^(QKJ7OMz}YR(StjK`&`k?Oe=BznIo6?5YI>kAwS7rgI<oX5R@lfo}qrFfWrn
zDlNrL&nSK<v%;b6f6hMo(=u^f&lRsai>=(Rc!uf}K=1IH9uYmr^bEHnx;YHrkcoA3
z$?Iq34dr@!rI&8H(_}ycS%8vxCWW6B3wwm{c!#z#h*5RldY;LC7yWrbRSr}8rRbDh
ztNno_!@Og=6rS<CU3#}KS&ATj&T`(%g%4OZoq9FWY}&*oem$MDPbYm-5JR&+h;-Ls
zT)oum)h3ftsG#b+ahDH>sOgvxWX*d@=ZM)IGLMj8VW0ByGY;T??q(NgGmpfoxx+jO
z0tA^$eh~c3EMEY3)`YZrx3fM1@8B)mo!d3CfIV^JM9-ueuO!Z041*;}-QOG@8FXv>
z5)*b8<^WFMB@WN^PMBx=+<`N*grfAie~Jc3CaXUr>*v(a5xl^A-P1S*Hop(k5doq6
zBjzfYY6t+{vB?_B+$&BrW%iz-hljhTJ7&wb(vtPH5=PO~<y)#2!Yk{r-4N`&9o7sb
z$b*M=a2CGKA+1AmA8lH&Hxa;6mXZ<qzJq2T2uz?vPzMj7yZiQ<XTr=u;Pk51!2>X$
zp695CVjfCVJ6#^Yi$o0?jJtr`G`PCbS{|5h!f-{P7Qy^Fv^lEkZCT`@H4nNlpPGkb
zvCH=t&08y_J+?KyS~aTyw@~0@4Kx^DQRbEx;c<a1f}|yMiMTeHXrbA=Fn<J$OUEk%
zTiTyS?ZZsx@r7Xb7#Sa#>ql_^yMhuhSU71I2A8*>HPP(t$52TnR)XMuH5Oo-c_pm*
z%va#jTM{_JKGNDq8#o*Ju&$8j2`XVaHuqM@bqBgMCCqd06H23ZBycP-K~pL-zon=N
zuGw*neNWX<e(d<*0g`&mmlV0!!_?`F-c!I8i;nqAHBQr1W1;|R9#Q{f@G3V8jY9LC
z75sbDMC0oBk6HqJHB5R0BaPNNRG$0N2b(twG7v?(^s_<!Fkgkx_#s&Ss47}n3&tK3
zn@lv9nIEbyWpt(2yjN8o55yf5D{ylQq_PYhiIl(8YVy#$RLa<%Cw;M;%6ZzG@2R2H
zgo5gRS~WN~24)FoaMBcH<9o-M`6PI-Ks8x1Nq$bvCpR)o7>~y$CC)Sj&+omIiP?Nt
z4V$kBjk~3qeV8k2?59JDvD48t>Sq-}I?jOnuNJ&nE{U%CMv!~4HE74pEffN9S#ko;
zQe11fIkW&$7csMaqlY{<d#lO>^%U5`H2C;!V`611SMy9oFRsaU#WLTH+U)L{o4dx<
zPHf_4z`nisXViR9&3CkjqeeN}JUc2&I1iX3{r6F<FFVZ7-|uGTu>gDxNHzZLd3iuw
zo*kcraX8CFau9S!EW0~*V=)-PAD)iEBAJ<GL9Fnz)2#+Jml<|_&IdbYe?5j^4?4^w
zw(UPN*oX8S7{^jLwjpV3tU~V#snjPW2_?6IE%P`pZ(*QlX5*~C)u`6irI1d0I-BZ<
zUw8_!Igl$0FMIK0qqOB8tF%E6&eQu^ZR1KD-T}O2KI`k)e)7EnGudt(qphK-V=QyH
z+c2*_Ai!R4*GK~|QKH~wGqp>Ddjy2a)O_PI4Te1pfMDgpT4pz#;hIH19&VtHz|%=)
z9u9)E0xk~R%$>ag0%e=GVxVo?miYC#T_dOIOmu=$zH&FDER1+F9UN(;Z9H$pQiCg-
ziC`KEEq<O*s$deaMVY?>g%wp2`ww0^x|jaj_n-%xuYh1J%ItGVczYYI!qRdp(RxvB
zr(qavS1teI{cfRHtHijEBo|6t%bFEX123$Y_VmCm&;BiTdT6V3)B?DywF`cfsap7$
z$Bq4woq{16D8Q>$xZ3bdcjeGaG<@oNXv^Hj<HJP)B^4^uq6WHvev|wci$P4(n=wks
zsqs5j>BH6-3hh+rm+YqO@XN#?mvpP>sta>RL(pMQCLIOAai=U&fNeY_>$@WD5I*oA
z;RCyc5&RZ-o+4&UIQAW4uJvSP4Nd<D#ADMD+J>D~yqDKmgeHey?&JXo_%Kg?pia$X
zZwK~U(zG0X?7vuNKuJQ0zXZ8PwGT1X4Ze+U$DFClzKz+&6IuB~-~Zuf(-WS7D6&;k
znkkd!05g`c3i!R{n#AYr7Z6Oee$~N4e7?VB?kgk|P|sLC^J~*jmvJwdTy&{3kQQ2l
zn@7;DZ<yC$WegFRV$Kc8u0WfvS;6*&dxr;rZ{@o#a{#NzFtr@?kHN`M&j_tam^kon
z<#nU3ec&)SrzDxxy?iuQ$xrz@oz_|;)dp}J>}D&K%bW&>qr!dys!nwJIP#)$L8?5l
zq4u>E5f;<_miZUSC8&y7pYXQ(`Yk=zi1(RnPyQ8xK*SHJLKyH-E&OGB;tf{FP==Tb
z+BjCBzyuAqn6va?hC!{ZfG^-6`H|QOaN%x6G>--V-}c;n?E!kc&@AEp?{)a54G0F-
zHgv;}5G!g9NYSp_LCbqh4k0&zIPi-7mLRIks+P^GT!XWWpFm55;0V?DGk1};mk^gX
zfZ%b-%!YJ~!@StofiQD2m4xWd<4FCbAT7`yqg^RHenaG&SiD(5d)*oRH_N37A_((C
zhcX!A%#&DyMgCo*7K=EOh0F+X=D}Xdq(uY$CpjcDbk)_b7(||2;JpM-XbvBw?9L<E
zE+IWM+maj|a6d?<fx{u@l+2L32?|7rI4_g>85K?B5Zz9u{U!6`5WxehTEn|Vm{VBQ
z&AK$gQUggKN4%&A*shU!8w!|Zmh5H(1w{O$e>G3usmryx#N+8;rHc*xs257e^2+=h
zlwNA3l$E?{#hbTDI|vzQn>i>VmXoB+mJqpJ@NX@HL}u5HU~i$@Cr6zJWte0;VX|_v
zF|!v$EhKsX118tIzb2#@sP%sj!igov2jSlmG&y4TM|;O*>|6w`RX1{-UysSDS8F&*
zdiy>*%Lm==4A$h-T<A&5tz>S=WRHq=DZ;G8B73nXSZge3J|H<AO@1YsTcD4<8_;^a
zPzcO*?!RVN`WeB!GZJWvL?hgVdRixIJinK5QnzdhVv!fJ7tMKW2bSq_{zwo{w#*Nt
zF0cWaW;^xVWBxb?4jgz6Kd_lVgGs!*-#>wC4rmYT6X;EYN#T;rg}khA*D%M4fwLS<
zQ~i2w!~9SNgi6Do6{?QNVCJacQ8Mao(02>t!6gAp7v!E!b;Pm-Q-$<L74T|eH%R1z
zZu0(;7?HfFoWOPocsCPLu%nah_lzUbRCR!Q7LwV=WLRX#{rvk!sP`1_Ma!y78|E+a
zg00neKN$R<I!2Z#7wt2T5?O=PB<9KaI)WT@7wI3*?68UcQK1ai@AG!z^mHlM3e{S4
zd2?YDCQZ{*6ZOuo>!-?_ow4(Gi!`vSWqMqcbrn^+K0Q!M3(L=#a5>qHn2`eBuQ2Z}
zz^dl&3(dWvZf@tPfZE&ZnYR=aJ9fb8P_(Mi<yOM<o5W^wolrL^Y`!BUTDrcsv=@xr
zJY6OYOS`jz6sp<}WoG`^F<0c^2jL+>d_^b%FlayTBjvc!K96kYc~X<m_j#ivf9F9;
z&dp5`*}w?wobR#R{R2Uu8=y`sIne|%e;+Fduuhq0OE!n1{LT%l)_)&m4SH<;0Dn8o
z4<2(f^NS#-b^Mtp;veGVVBR1J1Iu^#T<A3SEV0KH977KV?G#E-^4xe*Xpq>Mc|l2X
ziwL@o!0aYp+C;1Ain^dAb5|bkU6OjJn&-O)=9d~2VE%9i_2=bR-OT(Dp<gA?XYj|e
zfE$x7^F4v=hNu6P;nE0phkFJo-oqHA?b=ed2QMaUY+iaA?np0fb}!8us}@3lJyaAK
zow1M0dAu9Z>X3&mT<tT5QSLdHh?TS3CsWvAHo;oiAsPAo-`1|?wW%eFpQQNlP;jA$
z=%%>vHJ03__ZdkaJi%72BB5$)U5NVfF{#nyCNH_SkVQcrf*^{nL=eG0K?FB0L|1-*
zAmT<>g1B+zAE4mx%-p%Tx9Y+>vuJ4VZO)vpIdkTG%+Q~fU?PNnh_i3<!g(7=;<UGN
z6DcWVUa4XU$%E~#KcEkQCIyxn&7Vr=jxmx)*i}Kf%ps(8gPtHx8>Yrl${P+uteo??
zCS2R96+9q%j9eFb_0iIK87tF<5j;AIj}#+g_DBL8so-;7S+sG=B(8Vj-Vs3$0a-Gh
z$LA&HD$JS5F!K@&Z@rJ<E@y7UHh~r*joH>{E;0Y-;Rss*c(My}MWuZJ2RYCKLy|)z
zPoU7JgG=3U=Q=`QeR_o0*jO5K6N!u~iv{-Vz|<EDwXQZgE|yLUOgQZO-5KPUHRALY
ztGxxdC&YgN3S-c;fS>{x(S?Cd0ajVvU)ad&@D?pHH)+(L>PZpK39f)mK|mx&sUZ8O
zk05x{=XNcwRWpV+=b@Vm8sTBz#X#>Hb2(|5PQe6OKvFB$bf-R`n|282`lZ<XeS>|d
z1x$|zB9J{I19}Bsu6A1zPSAa9aV-pq#5;Y#WVWcua#DxR$xi6836`~>$3@uep$OV)
z)i`J)$>sAVD2BFI_DtL}o&l>@dp?5R3U*pwhx1iN9BH2o%QELJAcaf++gWQD%aC`^
zr@G;)sQlW6jx^wO&61pPwj^}%Ut>ut>>>~OrX_%J5BZWMn94(bWY_Uot%%zUm1kb~
zi)HPfJi+2@VcLY?W~BQgt7<I(4V@FY9KE!=#6=Dd%&xq~E=$|J486eKm2<#!6+g<?
zhG&3KGndx<K1JyIUOFJE!IEsAO8D;4kx*Pvi|Eaw9#9q7(r5ggV!(uK*QG{!2DL$a
z+-^e_IV;3NL^&!sd;r$m(hn4;-lsx5+_%R($Y{PVYxtpucQ+kX`|EXHZ?%u37BxDP
z4j5v5<w{qj9f6*_5+zF?I~lqGOA^Tz7;~8#8tO63@bs578x3apFX9?+0eozCyVCTW
z^Pn(Xu5-?u_ani5d8%3X-`#k4B<H|Kje8_DfR%y{srY?uOa^0Ouvh4v7OKK~xvlLH
zGR4D9u3}!a@3n+TWc*fS%uCW}N?Zh!o`G#r7W_dwG!x~c1jA`cztiyqQzQ}`4m9-D
ziXpqQ)eN@J(7Ya1$u&tZ7tGq!sKicig?2@%W6H>(G{0$>rXUlz(m~A$V^a{5IbDgM
z{vh*bnhyD9INgrxub9#o$K#V8%$8y&n5Uv{(-<R5y<UdS!s5>2XKc2^iE)*!97T~P
zY9Vs81q3GFRQkB*+0WtoM2>{=+Rso4zac*q)v+#jT4?oZ@xd*X`bo7$<2BLk%pcgu
z)B~I-+0U+T@d@6QC6O7KnVO=Fc*AYsqMok~vTJJm_Vi@YDL94EvGcIa{l6zBVw^@4
zs)v7XHYQrF<#rz5zJLh9Xti1@R`!Tmsa`BiiiX&`SGcY_RdhwI;1&xdx3H&Cb^j8%
zwF^yeFxy#MaNLqJN&jrZZU9BR=Nbq?Ap+MQ8Q<(-f60ZQh!^G?U7xFN$2U}i*2R2V
OMi<A|b0<(9@$v7+D4Vzd

diff --git a/test/integration/consul-container/test/envoy_extensions/wasm_test.go b/test/integration/consul-container/test/envoy_extensions/wasm_test.go
deleted file mode 100644
index ae5cf3b3d5b7..000000000000
--- a/test/integration/consul-container/test/envoy_extensions/wasm_test.go
+++ /dev/null
@@ -1,464 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package envoyextensions
-
-import (
-	"context"
-	"crypto/sha256"
-	"fmt"
-	"io"
-	"net/http"
-	"os"
-	"testing"
-	"time"
-
-	"github.com/hashicorp/go-cleanhttp"
-	"github.com/stretchr/testify/require"
-	"github.com/testcontainers/testcontainers-go"
-	"github.com/testcontainers/testcontainers-go/wait"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/sdk/testutil/retry"
-	libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert"
-	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
-	libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service"
-	"github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
-)
-
-// TestWASMRemote Summary
-// This test ensures that a WASM extension can be loaded from a remote file server then executed.
-// It uses the same basic WASM extension as the TestWASMLocal test which adds the header
-// "x-test:true" to the response.
-// This test configures a static server and proxy, a client proxy, as well as an Nginx file server to
-// serve the compiled wasm extension. The static proxy is configured to apply the wasm filter
-// and pointed at the remote file server. When the filter is added with the remote wasm file configured
-// envoy calls out to the nginx file server to download it.
-func TestWASMRemote(t *testing.T) {
-	t.Parallel()
-
-	// build all the file paths we will need for the test
-	cwd, err := os.Getwd()
-	require.NoError(t, err, "could not get current working directory")
-	hostWASMDir := fmt.Sprintf("%s/testdata/wasm_test_files", cwd)
-
-	cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{
-		NumServers:                1,
-		NumClients:                1,
-		ApplyDefaultProxySettings: true,
-		BuildOpts: &libcluster.BuildOptions{
-			Datacenter:             "dc1",
-			InjectAutoEncryption:   true,
-			InjectGossipEncryption: true,
-		},
-	})
-
-	clientService, staticProxy := createTestServices(t, cluster)
-	_, port := clientService.GetAddr()
-	_, adminPort := clientService.GetAdminAddr()
-
-	libassert.AssertUpstreamEndpointStatus(t, adminPort, "static-server.default", "HEALTHY", 1)
-	libassert.GetEnvoyListenerTCPFilters(t, adminPort)
-
-	libassert.AssertContainerState(t, clientService, "running")
-	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", port), "static-server", "")
-
-	// Check header not present
-	c1 := cleanhttp.DefaultClient()
-	res, err := c1.Get(fmt.Sprintf("http://localhost:%d", port))
-	require.NoError(t, err)
-
-	// check that header DOES NOT exist before wasm applied
-	if value := res.Header.Get(http.CanonicalHeaderKey("x-test")); value != "" {
-		t.Fatal("unexpected test header present before WASM applied")
-	}
-
-	// Create Nginx file server
-	uri, nginxService, nginxProxy := createNginxFileServer(t, cluster,
-		// conf file
-		testcontainers.ContainerFile{
-			HostFilePath:      fmt.Sprintf("%s/nginx.conf", hostWASMDir),
-			ContainerFilePath: "/etc/nginx/conf.d/wasm.conf",
-			FileMode:          777,
-		},
-		// extra files loaded after startup
-		testcontainers.ContainerFile{
-			HostFilePath:      fmt.Sprintf("%s/wasm_add_header.wasm", hostWASMDir),
-			ContainerFilePath: "/usr/share/nginx/html/wasm_add_header.wasm",
-			FileMode:          777,
-		})
-
-	defer nginxService.Terminate()
-	defer nginxProxy.Terminate()
-
-	// wire up the wasm filter
-	node := cluster.Agents[0]
-	client := node.GetClient()
-
-	agentService, _, err := client.Agent().Service(libservice.StaticServerServiceName, nil)
-	require.NoError(t, err)
-
-	agentService.Connect = &api.AgentServiceConnect{
-		SidecarService: &api.AgentServiceRegistration{
-			Kind: api.ServiceKindConnectProxy,
-			Proxy: &api.AgentServiceConnectProxyConfig{
-				Upstreams: []api.Upstream{
-					{
-						DestinationName:  "nginx-fileserver",
-						DestinationPeer:  "",
-						LocalBindAddress: "0.0.0.0",
-						LocalBindPort:    9595,
-					},
-				},
-			},
-		},
-	}
-
-	// Upsert the service registration to add the nginx file server as an
-	// upstream so that the static server proxy can retrieve the wasm plugin.
-	err = client.Agent().ServiceRegister(&api.AgentServiceRegistration{
-		Kind:              agentService.Kind,
-		ID:                agentService.ID,
-		Name:              agentService.Service,
-		Tags:              agentService.Tags,
-		Port:              agentService.Port,
-		Address:           agentService.Address,
-		SocketPath:        agentService.SocketPath,
-		TaggedAddresses:   agentService.TaggedAddresses,
-		EnableTagOverride: agentService.EnableTagOverride,
-		Meta:              agentService.Meta,
-		Weights:           &agentService.Weights,
-		Check:             nil,
-		Checks:            nil,
-		Proxy:             agentService.Proxy,
-		Connect:           agentService.Connect,
-		Namespace:         agentService.Namespace,
-		Partition:         agentService.Partition,
-		Locality:          agentService.Locality,
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// wait until the nginx-fileserver is reachable from the static proxy
-	t.Log("Attempting wait until nginx-fileserver-sidecar-proxy is available")
-	bashScript := "for i in {1..10}; do echo Attempt $1: contacting nginx; if curl -I localhost:9595; then break; fi;" +
-		"if [[ $i -ge 10 ]]; then echo Unable to connect to nginx; exit 1; fi; sleep 3; done; echo nginx available"
-	_, err = staticProxy.Exec(context.Background(), []string{"/bin/bash", "-c", bashScript})
-	require.NoError(t, err)
-
-	consul := cluster.APIClient(0)
-	defaults := api.ServiceConfigEntry{
-		Kind:     api.ServiceDefaults,
-		Name:     "static-server",
-		Protocol: "http",
-		EnvoyExtensions: []api.EnvoyExtension{{
-			Name: "builtin/wasm",
-			Arguments: map[string]any{
-				"Protocol":     "http",
-				"ListenerType": "inbound",
-				"PluginConfig": map[string]any{
-					"VmConfig": map[string]any{
-						"Code": map[string]any{
-							"Remote": map[string]any{
-								"HttpURI": map[string]any{
-									"Service": map[string]any{
-										"Name": "nginx-fileserver",
-									},
-									"URI": fmt.Sprintf("%s/wasm_add_header.wasm", uri),
-								},
-								"SHA256": sha256FromFile(t, fmt.Sprintf("%s/wasm_add_header.wasm", hostWASMDir)),
-							},
-						},
-					},
-				},
-			},
-		}},
-	}
-
-	_, _, err = consul.ConfigEntries().Set(&defaults, nil)
-	require.NoError(t, err, "could not set config entries")
-
-	// Check that header is present after wasm applied
-	c2 := cleanhttp.DefaultClient()
-
-	// The wasm plugin is not always applied on the first call. Retry and see if it is loaded.
-	retryStrategy := func() *retry.Timer {
-		return &retry.Timer{Timeout: 5 * time.Second, Wait: time.Second}
-	}
-	retry.RunWith(retryStrategy(), t, func(r *retry.R) {
-		res2, err := c2.Get(fmt.Sprintf("http://localhost:%d", port))
-		require.NoError(r, err)
-
-		if value := res2.Header.Get(http.CanonicalHeaderKey("x-test")); value == "" {
-			r.Fatal("test header missing after WASM applied")
-		}
-	})
-}
-
-// TestWASMLocal Summary
-// This test ensures that a WASM extension with basic functionality is executed correctly.
-// The extension takes an incoming request and adds the header "x-test:true"
-func TestWASMLocal(t *testing.T) {
-	t.Parallel()
-
-	cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{
-		NumServers:                1,
-		NumClients:                1,
-		ApplyDefaultProxySettings: true,
-		BuildOpts: &libcluster.BuildOptions{
-			Datacenter:             "dc1",
-			InjectAutoEncryption:   true,
-			InjectGossipEncryption: true,
-		},
-	})
-
-	clientService, _ := createTestServices(t, cluster)
-	_, port := clientService.GetAddr()
-	_, adminPort := clientService.GetAdminAddr()
-
-	libassert.AssertUpstreamEndpointStatus(t, adminPort, "static-server.default", "HEALTHY", 1)
-	libassert.GetEnvoyListenerTCPFilters(t, adminPort)
-
-	libassert.AssertContainerState(t, clientService, "running")
-	libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", port), "static-server", "")
-
-	// Check header not present
-	c1 := cleanhttp.DefaultClient()
-	res, err := c1.Get(fmt.Sprintf("http://localhost:%d", port))
-	require.NoError(t, err)
-
-	// check that header DOES NOT exist before wasm applied
-	if value := res.Header.Get(http.CanonicalHeaderKey("x-test")); value != "" {
-		t.Fatal("unexpected test header present before WASM applied")
-	}
-
-	// wire up the wasm filter
-	consul := cluster.APIClient(0)
-	defaults := api.ServiceConfigEntry{
-		Kind:     api.ServiceDefaults,
-		Name:     "static-server",
-		Protocol: "http",
-		EnvoyExtensions: []api.EnvoyExtension{{
-			Name: "builtin/wasm",
-			Arguments: map[string]any{
-				"Protocol":     "http",
-				"ListenerType": "inbound",
-				"PluginConfig": map[string]any{
-					"VmConfig": map[string]any{
-						"Code": map[string]any{
-							"Local": map[string]any{
-								"Filename": "/wasm_add_header.wasm",
-							},
-						},
-					},
-				},
-			},
-		}},
-	}
-
-	_, _, err = consul.ConfigEntries().Set(&defaults, nil)
-	require.NoError(t, err, "could not set config entries")
-
-	// Check that header is present after wasm applied
-	c2 := cleanhttp.DefaultClient()
-
-	// The wasm plugin is not always applied on the first call. Retry and see if it is loaded.
-	retryStrategy := func() *retry.Timer {
-		return &retry.Timer{Timeout: 5 * time.Second, Wait: time.Second}
-	}
-	retry.RunWith(retryStrategy(), t, func(r *retry.R) {
-		res2, err := c2.Get(fmt.Sprintf("http://localhost:%d", port))
-		require.NoError(r, err)
-
-		if value := res2.Header.Get(http.CanonicalHeaderKey("x-test")); value == "" {
-			r.Fatal("test header missing after WASM applied")
-		}
-	})
-}
-
-func createTestServices(t *testing.T, cluster *libcluster.Cluster) (libservice.Service, libservice.Service) {
-	node := cluster.Agents[0]
-	client := node.GetClient()
-	// Create a service and proxy instance
-	serviceOpts := &libservice.ServiceOpts{
-		Name:     libservice.StaticServerServiceName,
-		ID:       libservice.StaticServerServiceName,
-		HTTPPort: 8080,
-		GRPCPort: 8079,
-	}
-	cwd, err := os.Getwd()
-	require.NoError(t, err, "could not get current working directory")
-	hostWASMDir := fmt.Sprintf("%s/testdata/wasm_test_files", cwd)
-
-	wasmFile := testcontainers.ContainerFile{
-		HostFilePath:      fmt.Sprintf("%s/wasm_add_header.wasm", hostWASMDir),
-		ContainerFilePath: "/wasm_add_header.wasm",
-		FileMode:          777,
-	}
-
-	customFn := chain(
-		copyFilesToContainer([]testcontainers.ContainerFile{wasmFile}),
-		chownFiles([]testcontainers.ContainerFile{wasmFile}, "envoy", true),
-	)
-
-	// Create a service and proxy instance
-	_, staticProxy, err := libservice.CreateAndRegisterStaticServerAndSidecarWithCustomContainerConfig(node, serviceOpts, customFn)
-	require.NoError(t, err)
-
-	libassert.CatalogServiceExists(t, client, "static-server-sidecar-proxy", nil)
-	libassert.CatalogServiceExists(t, client, libservice.StaticServerServiceName, nil)
-
-	// Create a client proxy instance with the server as an upstream
-
-	clientConnectProxy, err := libservice.CreateAndRegisterStaticClientSidecar(node, "", false, false, nil)
-	require.NoError(t, err)
-
-	libassert.CatalogServiceExists(t, client, "static-client-sidecar-proxy", nil)
-
-	return clientConnectProxy, staticProxy
-}
-
-// createNginxFileServer creates an nginx container configured to serve a wasm file for download, as well as a sidecar
-// registered for the service.
-func createNginxFileServer(t *testing.T,
-	cluster *libcluster.Cluster,
-	conf testcontainers.ContainerFile,
-	files ...testcontainers.ContainerFile) (string, libservice.Service, libservice.Service) {
-
-	nginxName := "nginx-fileserver"
-	nginxPort := 80
-	svc := &libservice.ServiceOpts{
-		Name:     nginxName,
-		ID:       nginxName,
-		HTTPPort: nginxPort,
-		GRPCPort: 9999,
-	}
-
-	node := cluster.Agents[0]
-
-	req := testcontainers.ContainerRequest{
-		// nginx:stable
-		Image:      "nginx@sha256:b07a5ab5292bd90c4271a55a44761899cc1b14814172cf7f186e3afb8bdbec28",
-		Name:       nginxName,
-		WaitingFor: wait.ForLog("").WithStartupTimeout(time.Second * 30),
-		LifecycleHooks: []testcontainers.ContainerLifecycleHooks{
-			{
-				PostStarts: []testcontainers.ContainerHook{
-					func(ctx context.Context, c testcontainers.Container) error {
-						_, _, err := c.Exec(ctx, []string{"mkdir", "-p", "/www/downloads"})
-						if err != nil {
-							return err
-						}
-
-						for _, f := range files {
-							fBytes, err := os.ReadFile(f.HostFilePath)
-							if err != nil {
-								return err
-							}
-							err = c.CopyToContainer(ctx, fBytes, f.ContainerFilePath, f.FileMode)
-							if err != nil {
-								return err
-							}
-
-							_, _, err = c.Exec(ctx, []string{"chmod", "+r", f.ContainerFilePath})
-							if err != nil {
-								return err
-							}
-						}
-
-						return err
-					},
-				},
-			},
-		},
-		Files: []testcontainers.ContainerFile{conf},
-	}
-
-	nginxService, nginxProxy, err := libservice.CreateAndRegisterCustomServiceAndSidecar(node, svc, req, nil)
-	require.NoError(t, err, "could not create custom server and sidecar")
-
-	_, port := nginxService.GetAddr()
-
-	client := node.GetClient()
-	libassert.CatalogServiceExists(t, client, nginxName, nil)
-	libassert.CatalogServiceExists(t, client, fmt.Sprintf("%s-sidecar-proxy", nginxName), nil)
-
-	return fmt.Sprintf("http://nginx-fileserver:%d", port), nginxService, nginxProxy
-}
-
-// chain takes multiple setup functions for testcontainers.ContainerRequest and chains them together into a single function
-// of testcontainers.ContainerRequest to testcontainers.ContainerRequest.
-func chain(fns ...func(testcontainers.ContainerRequest) testcontainers.ContainerRequest) func(testcontainers.ContainerRequest) testcontainers.ContainerRequest {
-	return func(req testcontainers.ContainerRequest) testcontainers.ContainerRequest {
-		for _, fn := range fns {
-			req = fn(req)
-		}
-
-		return req
-	}
-}
-
-// copyFilesToContainer is a convenience function to build custom testcontainers.ContainerRequest. It takes a list of files
-// which need to be copied to the container. It returns a function which updates a given testcontainers.ContainerRequest
-// to include the files which need to be copied to the container on startup.
-func copyFilesToContainer(files []testcontainers.ContainerFile) func(testcontainers.ContainerRequest) testcontainers.ContainerRequest {
-	return func(req testcontainers.ContainerRequest) testcontainers.ContainerRequest {
-		req.Files = files
-		return req
-	}
-}
-
-// chownFiles is a convenience function to build custom testcontainers.ContainerRequest. It takes a list of files,
-// a user to make the owner, and whether the command requires sudo. It then returns a function which updates
-// a testcontainers.ContainerRequest with a lifecycle hook which will chown the files to the user after container startup.
-func chownFiles(files []testcontainers.ContainerFile, user string, sudo bool) func(request testcontainers.ContainerRequest) testcontainers.ContainerRequest {
-	return func(req testcontainers.ContainerRequest) testcontainers.ContainerRequest {
-		req.LifecycleHooks = append(req.LifecycleHooks, testcontainers.ContainerLifecycleHooks{
-			PostStarts: []testcontainers.ContainerHook{
-				func(ctx context.Context, c testcontainers.Container) error {
-					cmd := []string{}
-					if sudo {
-						cmd = append(cmd, "sudo")
-					}
-
-					cmd = append(cmd, "chown", user)
-
-					for _, f := range files {
-						cmd = append(cmd, f.ContainerFilePath)
-					}
-
-					_, _, err := c.Exec(ctx, cmd)
-					return err
-				},
-			},
-		})
-
-		return req
-	}
-}
-
-// sha256FromFile reads in the file from filepath and computes a sha256 of its contents.
-func sha256FromFile(t *testing.T, filepath string) string {
-	f, err := os.Open(filepath)
-	require.NoError(t, err, "could not open file for sha")
-	defer f.Close()
-
-	h := sha256.New()
-	_, err = io.Copy(h, f)
-	require.NoError(t, err, "could not copy file to sha")
-
-	return fmt.Sprintf("%x", h.Sum(nil))
-}
-
-// safeDelete removes a given file if it exists.
-func safeDelete(t *testing.T, filePath string) {
-	t.Logf("cleaning up stale build file: %s", filePath)
-	if _, err := os.Stat(filePath); err != nil {
-		return
-	}
-
-	// build is out of date, wipe compiled wasm
-	err := os.Remove(filePath)
-	require.NoError(t, err, "could not remove file")
-}
diff --git a/test/integration/consul-container/test/gateways/gateway_endpoint_test.go b/test/integration/consul-container/test/gateways/gateway_endpoint_test.go
index 42cccef121a2..659fc4e3fdfe 100644
--- a/test/integration/consul-container/test/gateways/gateway_endpoint_test.go
+++ b/test/integration/consul-container/test/gateways/gateway_endpoint_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package gateways
 
diff --git a/test/integration/consul-container/test/gateways/http_route_test.go b/test/integration/consul-container/test/gateways/http_route_test.go
index e3a975c15042..fcdbb7ce1c96 100644
--- a/test/integration/consul-container/test/gateways/http_route_test.go
+++ b/test/integration/consul-container/test/gateways/http_route_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package gateways
 
diff --git a/test/integration/consul-container/test/gateways/ingress_gateway_test.go b/test/integration/consul-container/test/gateways/ingress_gateway_test.go
index fb616232995f..fcadd3a0fae6 100644
--- a/test/integration/consul-container/test/gateways/ingress_gateway_test.go
+++ b/test/integration/consul-container/test/gateways/ingress_gateway_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package gateways
 
@@ -51,7 +51,7 @@ func TestIngressGateway(t *testing.T) {
 	clientNode := cluster.Clients()[0]
 
 	// Set up the "static-server" backend
-	serverService, _ := topology.CreateServices(t, cluster, "http")
+	serverService, _ := topology.CreateServices(t, cluster)
 
 	// Create the ingress gateway service
 	// We expose this on the client node, which already has port 9999 exposed as part of it's pause "pod"
diff --git a/test/integration/consul-container/test/gateways/tenancy_ce.go b/test/integration/consul-container/test/gateways/tenancy_ce.go
index ebf59c40d961..19d82d39db17 100644
--- a/test/integration/consul-container/test/gateways/tenancy_ce.go
+++ b/test/integration/consul-container/test/gateways/tenancy_ce.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 //go:build !consulent
 // +build !consulent
 
diff --git a/test/integration/consul-container/test/jwtauth/jwt_auth_test.go b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
index 939dec13882b..b75e608de6de 100644
--- a/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
+++ b/test/integration/consul-container/test/jwtauth/jwt_auth_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package jwtauth
 
diff --git a/test/integration/consul-container/test/observability/access_logs_test.go b/test/integration/consul-container/test/observability/access_logs_test.go
index e48b05a1254d..43931cf4ea2a 100644
--- a/test/integration/consul-container/test/observability/access_logs_test.go
+++ b/test/integration/consul-container/test/observability/access_logs_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package observability
 
@@ -72,7 +72,7 @@ func TestAccessLogs(t *testing.T) {
 	require.NoError(t, err)
 	require.True(t, set)
 
-	serverService, clientService := topology.CreateServices(t, cluster, "http")
+	serverService, clientService := topology.CreateServices(t, cluster)
 	_, port := clientService.GetAddr()
 
 	// Validate Custom JSON
diff --git a/test/integration/consul-container/test/observability/metrics_leader_test.go b/test/integration/consul-container/test/observability/metrics_leader_test.go
index 781e657a9f35..4d3a024e9b60 100644
--- a/test/integration/consul-container/test/observability/metrics_leader_test.go
+++ b/test/integration/consul-container/test/observability/metrics_leader_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package observability
 
diff --git a/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go b/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go
index 77639b78d1a7..86285f2c605a 100644
--- a/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go
+++ b/test/integration/consul-container/test/peering/rotate_server_and_ca_then_fail_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package peering
 
diff --git a/test/integration/consul-container/test/ratelimit/ratelimit_test.go b/test/integration/consul-container/test/ratelimit/ratelimit_test.go
index ed35bcf64646..18258c2ab8db 100644
--- a/test/integration/consul-container/test/ratelimit/ratelimit_test.go
+++ b/test/integration/consul-container/test/ratelimit/ratelimit_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package ratelimit
 
@@ -32,6 +32,8 @@ const (
 //     - logs for exceeding
 
 func TestServerRequestRateLimit(t *testing.T) {
+	t.Parallel()
+
 	type action struct {
 		function           func(client *api.Client) error
 		rateLimitOperation string
@@ -50,7 +52,6 @@ func TestServerRequestRateLimit(t *testing.T) {
 		mode        string
 	}
 
-	// getKV and putKV are net/RPC calls
 	getKV := action{
 		function: func(client *api.Client) error {
 			_, _, err := client.KV().Get("foo", &api.QueryOptions{})
@@ -98,13 +99,13 @@ func TestServerRequestRateLimit(t *testing.T) {
 					action:            putKV,
 					expectedErrorMsg:  "",
 					expectExceededLog: true,
-					expectMetric:      true,
+					expectMetric:      false,
 				},
 				{
 					action:            getKV,
 					expectedErrorMsg:  "",
 					expectExceededLog: true,
-					expectMetric:      true,
+					expectMetric:      false,
 				},
 			},
 		},
@@ -126,13 +127,10 @@ func TestServerRequestRateLimit(t *testing.T) {
 					expectMetric:      true,
 				},
 			},
-		},
-	}
+		}}
 
 	for _, tc := range testCases {
-		tc := tc
 		t.Run(tc.description, func(t *testing.T) {
-			t.Parallel()
 			clusterConfig := &libtopology.ClusterConfig{
 				NumServers:  1,
 				NumClients:  0,
@@ -146,9 +144,12 @@ func TestServerRequestRateLimit(t *testing.T) {
 				ApplyDefaultProxySettings: false,
 			}
 
-			cluster, client := setupClusterAndClient(t, clusterConfig, true)
+			cluster, _, _ := libtopology.NewCluster(t, clusterConfig)
 			defer terminate(t, cluster)
 
+			client, err := cluster.GetClient(nil, true)
+			require.NoError(t, err)
+
 			// perform actions and validate returned errors to client
 			for _, op := range tc.operations {
 				err := op.action.function(client)
@@ -164,14 +165,22 @@ func TestServerRequestRateLimit(t *testing.T) {
 			// doing this in a separate loop so we can perform actions, allow metrics
 			// and logs to collect and then assert on each.
 			for _, op := range tc.operations {
-				timer := &retry.Timer{Timeout: 15 * time.Second, Wait: 500 * time.Millisecond}
+				timer := &retry.Timer{Timeout: 10 * time.Second, Wait: 500 * time.Millisecond}
 				retry.RunWith(timer, t, func(r *retry.R) {
-					checkForMetric(t, cluster, op.action.rateLimitOperation, op.action.rateLimitType, tc.mode, op.expectMetric)
+					// validate metrics
+					metricsInfo, err := client.Agent().Metrics()
+					// TODO(NET-1978): currently returns NaN error
+					//			require.NoError(t, err)
+					if metricsInfo != nil && err == nil {
+						if op.expectMetric {
+							checkForMetric(r, metricsInfo, op.action.rateLimitOperation, op.action.rateLimitType, tc.mode)
+						}
+					}
 
 					// validate logs
 					// putting this last as there are cases where logs
 					// were not present in consumer when assertion was made.
-					checkLogsForMessage(t, clusterConfig.LogConsumer.Msgs,
+					checkLogsForMessage(r, clusterConfig.LogConsumer.Msgs,
 						fmt.Sprintf("[DEBUG] agent.server.rpc-rate-limit: RPC exceeded allowed rate limit: rpc=%s", op.action.rateLimitOperation),
 						op.action.rateLimitOperation, "exceeded", op.expectExceededLog)
 
@@ -181,65 +190,43 @@ func TestServerRequestRateLimit(t *testing.T) {
 	}
 }
 
-func setupClusterAndClient(t *testing.T, config *libtopology.ClusterConfig, isServer bool) (*libcluster.Cluster, *api.Client) {
-	cluster, _, _ := libtopology.NewCluster(t, config)
-
-	client, err := cluster.GetClient(nil, isServer)
-	require.NoError(t, err)
-
-	return cluster, client
-}
+func checkForMetric(t *retry.R, metricsInfo *api.MetricsInfo, operationName string, expectedLimitType string, expectedMode string) {
+	const counterName = "consul.rpc.rate_limit.exceeded"
 
-func checkForMetric(t *testing.T, cluster *libcluster.Cluster, operationName string, expectedLimitType string, expectedMode string, expectMetric bool) {
-	// validate metrics
-	server, err := cluster.GetClient(nil, true)
-	require.NoError(t, err)
-	metricsInfo, err := server.Agent().Metrics()
-	// TODO(NET-1978): currently returns NaN error
-	//			require.NoError(t, err)
-	if metricsInfo != nil && err == nil {
-		if expectMetric {
-			const counterName = "consul.rpc.rate_limit.exceeded"
-
-			var counter api.SampledValue
-			for _, c := range metricsInfo.Counters {
-				if c.Name == counterName {
-					counter = c
-					break
-				}
-			}
-			require.NotEmptyf(t, counter.Name, "counter not found: %s", counterName)
+	var counter api.SampledValue
+	for _, c := range metricsInfo.Counters {
+		if c.Name == counterName {
+			counter = c
+			break
+		}
+	}
+	require.NotEmptyf(t, counter.Name, "counter not found: %s", counterName)
 
-			operation, ok := counter.Labels["op"]
-			require.True(t, ok)
+	operation, ok := counter.Labels["op"]
+	require.True(t, ok)
 
-			limitType, ok := counter.Labels["limit_type"]
-			require.True(t, ok)
+	limitType, ok := counter.Labels["limit_type"]
+	require.True(t, ok)
 
-			mode, ok := counter.Labels["mode"]
-			require.True(t, ok)
+	mode, ok := counter.Labels["mode"]
+	require.True(t, ok)
 
-			if operation == operationName {
-				require.GreaterOrEqual(t, counter.Count, 1)
-				require.Equal(t, expectedLimitType, limitType)
-				require.Equal(t, expectedMode, mode)
-			}
-		}
+	if operation == operationName {
+		require.GreaterOrEqual(t, counter.Count, 1)
+		require.Equal(t, expectedLimitType, limitType)
+		require.Equal(t, expectedMode, mode)
 	}
 }
 
-func checkLogsForMessage(t *testing.T, logs []string, msg string, operationName string, logType string, logShouldExist bool) {
-	if logShouldExist {
-		found := false
-		for _, log := range logs {
-			if strings.Contains(log, msg) {
-				found = true
-				break
-			}
+func checkLogsForMessage(t *retry.R, logs []string, msg string, operationName string, logType string, logShouldExist bool) {
+	found := false
+	for _, log := range logs {
+		if strings.Contains(log, msg) {
+			found = true
+			break
 		}
-		expectedLog := fmt.Sprintf("%s log check failed for: %s. Log expected: %t", logType, operationName, logShouldExist)
-		require.Equal(t, logShouldExist, found, expectedLog)
 	}
+	require.Equal(t, logShouldExist, found, fmt.Sprintf("%s log check failed for: %s. Log expected: %t", logType, operationName, logShouldExist))
 }
 
 func terminate(t *testing.T, cluster *libcluster.Cluster) {
diff --git a/test/integration/consul-container/test/snapshot/snapshot_restore_test.go b/test/integration/consul-container/test/snapshot/snapshot_restore_test.go
index 91fcec05bb02..70fa0d2d4143 100644
--- a/test/integration/consul-container/test/snapshot/snapshot_restore_test.go
+++ b/test/integration/consul-container/test/snapshot/snapshot_restore_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package snapshot
 
diff --git a/test/integration/consul-container/test/tproxy/tproxy_test.go b/test/integration/consul-container/test/tproxy/tproxy_test.go
index 15eae0c21090..cbeaff398f86 100644
--- a/test/integration/consul-container/test/tproxy/tproxy_test.go
+++ b/test/integration/consul-container/test/tproxy/tproxy_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tproxy
 
diff --git a/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go b/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go
index 538f4f2c2779..d0152611c878 100644
--- a/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go
+++ b/test/integration/consul-container/test/troubleshoot/troubleshoot_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
@@ -31,7 +31,7 @@ func TestTroubleshootProxy(t *testing.T) {
 		ApplyDefaultProxySettings: true,
 	})
 
-	serverService, clientService := topology.CreateServices(t, cluster, "http")
+	serverService, clientService := topology.CreateServices(t, cluster)
 
 	clientSidecar, ok := clientService.(*libservice.ConnectContainer)
 	require.True(t, ok)
diff --git a/test/integration/consul-container/test/upgrade/acl_node_test.go b/test/integration/consul-container/test/upgrade/acl_node_test.go
index 67b5fa12ad17..94886a4e27a4 100644
--- a/test/integration/consul-container/test/upgrade/acl_node_test.go
+++ b/test/integration/consul-container/test/upgrade/acl_node_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/basic/basic_test.go b/test/integration/consul-container/test/upgrade/basic/basic_test.go
index fe9f28fa2240..40406caebeef 100644
--- a/test/integration/consul-container/test/upgrade/basic/basic_test.go
+++ b/test/integration/consul-container/test/upgrade/basic/basic_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go b/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go
index 75ae754fd5b9..6b4a047952bc 100644
--- a/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go
+++ b/test/integration/consul-container/test/upgrade/basic/fullstopupgrade_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/basic/healthcheck_test.go b/test/integration/consul-container/test/upgrade/basic/healthcheck_test.go
index b0988cd280c2..fde78c182ea3 100644
--- a/test/integration/consul-container/test/upgrade/basic/healthcheck_test.go
+++ b/test/integration/consul-container/test/upgrade/basic/healthcheck_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/catalog/catalog_test.go b/test/integration/consul-container/test/upgrade/catalog/catalog_test.go
deleted file mode 100644
index 73f94d4687bc..000000000000
--- a/test/integration/consul-container/test/upgrade/catalog/catalog_test.go
+++ /dev/null
@@ -1,87 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package catalog
-
-import (
-	"context"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/internal/catalog/catalogtest"
-	"github.com/hashicorp/consul/proto-public/pbresource"
-	libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster"
-	"github.com/hashicorp/consul/test/integration/consul-container/libs/topology"
-	"github.com/hashicorp/consul/test/integration/consul-container/libs/utils"
-	"github.com/hashicorp/go-version"
-)
-
-var minCatalogResourceVersion = version.Must(version.NewVersion("v1.16.0"))
-
-const (
-	versionUndetermined = `
-Cannot determine the actual version the starting image represents.
-Scrutinze test failures to ensure that the starting version should
-actually be able to be used for creating the initial data set.
-	`
-)
-
-func maybeSkipUpgradeTest(t *testing.T, minVersion *version.Version) {
-	t.Helper()
-
-	image := utils.DockerImage(utils.GetLatestImageName(), utils.LatestVersion)
-	latestVersion, err := utils.DockerImageVersion(image)
-
-	if latestVersion != nil && latestVersion.LessThan(minVersion) {
-		t.Skipf("Upgrade test isn't applicable with version %q as the starting version", latestVersion.String())
-	}
-
-	if err != nil || latestVersion == nil {
-		t.Log(versionUndetermined)
-	}
-}
-
-// Test upgrade a cluster of latest version to the target version and ensure that the catalog still
-// functions properly. Note
-func TestCatalogUpgrade(t *testing.T) {
-	maybeSkipUpgradeTest(t, minCatalogResourceVersion)
-	t.Parallel()
-
-	const numServers = 1
-	buildOpts := &libcluster.BuildOptions{
-		ConsulImageName:      utils.GetLatestImageName(),
-		ConsulVersion:        utils.LatestVersion,
-		Datacenter:           "dc1",
-		InjectAutoEncryption: true,
-	}
-
-	cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{
-		NumServers:                1,
-		BuildOpts:                 buildOpts,
-		ApplyDefaultProxySettings: true,
-		Cmd:                       `-hcl=experiments=["resource-apis"]`,
-	})
-
-	client := cluster.APIClient(0)
-
-	libcluster.WaitForLeader(t, cluster, client)
-	libcluster.WaitForMembers(t, client, numServers)
-
-	leader, err := cluster.Leader()
-	require.NoError(t, err)
-	rscClient := pbresource.NewResourceServiceClient(leader.GetGRPCConn())
-
-	// Initialize some data
-	catalogtest.PublishCatalogV1Alpha1IntegrationTestData(t, rscClient)
-
-	// upgrade the cluster to the Target version
-	t.Logf("initiating standard upgrade to version=%q", utils.TargetVersion)
-	err = cluster.StandardUpgrade(t, context.Background(), utils.GetTargetImageName(), utils.TargetVersion)
-
-	require.NoError(t, err)
-	libcluster.WaitForLeader(t, cluster, client)
-	libcluster.WaitForMembers(t, client, numServers)
-
-	catalogtest.VerifyCatalogV1Alpha1IntegrationTestResults(t, rscClient)
-}
diff --git a/test/integration/consul-container/test/upgrade/common.go b/test/integration/consul-container/test/upgrade/common.go
index cbbf9aea35af..44bdcca25180 100644
--- a/test/integration/consul-container/test/upgrade/common.go
+++ b/test/integration/consul-container/test/upgrade/common.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 package upgrade
 
 import (
@@ -69,7 +66,7 @@ func CreateAndRegisterStaticClientSidecarWith2Upstreams(c *cluster.Cluster, dest
 		ServiceID: libservice.StaticClientServiceName,
 	}
 
-	clientConnectProxy, err := libservice.NewConnectService(context.Background(), sidecarCfg, []int{cluster.ServiceUpstreamLocalBindPort, cluster.ServiceUpstreamLocalBindPort2}, node, nil)
+	clientConnectProxy, err := libservice.NewConnectService(context.Background(), sidecarCfg, []int{cluster.ServiceUpstreamLocalBindPort, cluster.ServiceUpstreamLocalBindPort2}, node)
 	if err != nil {
 		return nil, err
 	}
diff --git a/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go b/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go
index 174769d53170..36a807a7ce13 100644
--- a/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go
+++ b/test/integration/consul-container/test/upgrade/ingress_gateway_grpc_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/ingress_gateway_sds_test.go b/test/integration/consul-container/test/upgrade/ingress_gateway_sds_test.go
index a237bd98b230..c31f8007b2e3 100644
--- a/test/integration/consul-container/test/upgrade/ingress_gateway_sds_test.go
+++ b/test/integration/consul-container/test/upgrade/ingress_gateway_sds_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/ingress_gateway_test.go b/test/integration/consul-container/test/upgrade/ingress_gateway_test.go
index e4bc12629fe5..c0acfeb775b5 100644
--- a/test/integration/consul-container/test/upgrade/ingress_gateway_test.go
+++ b/test/integration/consul-container/test/upgrade/ingress_gateway_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go b/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
index 9feb9d82092a..b8282bcb0c3e 100644
--- a/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
+++ b/test/integration/consul-container/test/upgrade/l7_traffic_management/resolver_default_subset_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package upgrade
 
@@ -73,8 +73,8 @@ func TestTrafficManagement_ResolverDefaultSubset(t *testing.T) {
 	assertionFn := func() {
 		_, serverAdminPortV1 := serverConnectProxyV1.GetAdminAddr()
 		_, serverAdminPortV2 := serverConnectProxyV2.GetAdminAddr()
-		_, adminPort := staticClientProxy.GetAdminAddr() // httpPort
-		_, port := staticClientProxy.GetAddr()           // EnvoyAdminPort
+		_, adminPort := staticClientProxy.GetAdminAddr()
+		_, port := staticClientProxy.GetAddr()
 
 		libassert.AssertEnvoyRunning(t, serverAdminPortV1)
 		libassert.AssertEnvoyRunning(t, serverAdminPortV2)
diff --git a/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go b/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go
index b88781bd790a..6bd4c13aabaf 100644
--- a/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go
+++ b/test/integration/consul-container/test/upgrade/peering/peering_control_plane_mgw_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/upgrade/peering/peering_http_test.go b/test/integration/consul-container/test/upgrade/peering/peering_http_test.go
index 9c48727d83a6..037d1606064b 100644
--- a/test/integration/consul-container/test/upgrade/peering/peering_http_test.go
+++ b/test/integration/consul-container/test/upgrade/peering/peering_http_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package upgrade
 
diff --git a/test/integration/consul-container/test/util/test_debug_breakpoint_hit.png b/test/integration/consul-container/test/util/test_debug_breakpoint_hit.png
deleted file mode 100644
index 2eae03da3b9054fcdb47666519eb01dff236f07b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 654866
zcmbTd1ymi)mNpCof=hs)!9$P$2X`m9yF-8++}&M*ySrO(hl4u=cXxMp_)p&V-kDkR
z-}%<u>9xA6TB^Ehm+WUhdv~y$j3_b!9s&de1hTl;Hw6d?cxMO*I9|B-;44M_6#@_t
z2n8lWLUQ6lLd0^mR)!|#KnMu2;P^yXx!46P@3Xf;HVr{a1wkucdnhq@p6k_b<ey3W
z(G7^1TdEs<%>;y@F@;rOFty@I&4e)#L-o7ch(o=r>9EX;KtwpcEmo^;SEIj^uSOom
zc=j^5?ncvyAVQ!-X=H*vLJXh*#k)LsaH?!Bkd}!%pcp&eA@XloGxh!&ALsWT2zzM(
zwZmqKyDhmh&b52JRpbn88QDU53x1H<1lls8@docBmaE0UK$rqH=Y|K-Wo@~-nBl7h
z{Lf^ozo&?P;V=oA_)h(WaT!Ao55k!-i0lIdzag=w2&=01Hc1PaIn^e-FkI*d$B_ZG
zE}?szu0AoOO)}YCqc0wbqUQ~1;?-%NBKZ5JTBYDuC6lOR_O@R#`!Cwb$+S5YyV2xr
zLwW$8sw4)IS7bHOi4EixtOt+~T@)`A(@1YZQ}iqgjGmFM*mWSQ>kc}7n9^vj^@cBh
zRFN4aWgZYPbjOfyRBM1gc^1j;bB#m3i9DkhLMH8SW+pl=Q};sG{yOfcR480h_(j|U
z`K0y2>jSB7<U%uV^(qr%`;qEELfME!@OA9XXz~i5ZcoZcGVa$U{K&H%9()Y)P;4WY
z0n^|qA>hTcy>2oe6PI8;D`HbrjhPV8C~4>dHC+!4&K>gIJtP1vLQT`#KC^dhB*nbP
zE|^`G6f^G!gW3S%7SlXwd9PMrU49)hMC_TvBPS?dwpHk-r^RgIoS)VfJv6$ZM>Hyg
zvG8FGwV_AffOgJjsByjic!}yl4@E2ZcR%?F$G!2!p<Fv~lHQqpM@{qLI)DF44E@cQ
zy%Nq^0AT<EJ?dS8A4?V*rXTHhSV~ys?|ke?5x!elxM}aPJAl>%%g|1pWaEhMJ0$55
zR{d<?e67)7as*AISbsny3(TTn*am>I`6)kz_@R?Pe)i29w>2hELW<|#8Rso}{|Lhg
zqwQTTxHA5(2o*1Il|NGtQ!3D;@{2j#m|rqIB8oTJMnENm4#HkH%=wo_r1HSX4(W54
zdro)k(*WHr14?hw?0rgtIF69u%WnZ$oAQH{@TTM?aLOSiA~U%f@&rXoMLN@PhZuOF
z1v$9JcC}24s00DKIf*%{Iczz@6G0Qw`;ONZ_C&6jFUUfj#@~O_%iyqn!6NI}{*J(q
zpX8S$@|*m(_HT$?9<0!OgYZfeH9qrCtRGvDT0XSkFM0Dsp7h-s^jov1;f*5g`671O
zSgSV*F4HZ4Sms!!U4}R%%kZD;)7<hnzi|HGN!y008_E~j9zfI+iGd0C9-2ZB&PQ~B
z%>2tI;#zb|wD)jZ--L5MOa$PFOOcn8Bz!muPW%}eY$g6VhHfw#Qv^LmC3Z-xUrbfZ
zBTx1Rc{SBSY#M(;3|lm6^jIuW)S3b%rcekMc}9%z!nfjVtvv30_qg04^?|A#XWP<k
z>g|+m%fZ$diUItAnr-aCz2U^6%&2w}z8rozdZlxvb;@5#MRM%<<GJ(&V#>7&Nb<ks
zmW$L%ot16G;0u2gZI|^ZQp+t?*vl7ZhU6T|^Au|xavnk+k{?1KOETqDnH1ORFUo6R
zTPUfEFQ{;6aHuv3K7`o<2!z@4Y7P#rN3OT7-LA)|Q>bY^whg_Hca7JiCQ{lfYA(H0
z4pqWeIxF#1F(`5=%`di4HdArSiBMrvMpYb>U(59r_xOQg5pnhDG%bgte~)|Gn?;JH
zizUJ2cy50hXKH%#dIr<%bP`m=ks~~3J0~%-Sni-=rj}ZAQbIeuTJ9n91S6E(sh`I*
zgmV%mPk>CoM^HS<n@*Q*qfNF#xl-4R+$?+j(^abVN9&2Jg=_BP;-kRh@XgUR5gr;+
z(tE1+T*#bAyf}EceK_T8=B%F>6<GA~ckpL$c~}c@T5tg@<*aQ6zASnvdCAADO(qDb
zi^&B^DoLyKej~>t{)R0h&3pR0oTDE{$}*M=WLS-ojZ){5@6^X>p=f6{m^DEug?s?d
z)mayUt2XsT^#V=8O7|c6KX$C@W=m!c!|RG!=9;@6BanOh`VHfyLr2UsnKau@2$!B5
zm0E~fZX7Kfbx#P6$!~9NyHOrdf>Gj8c%<-{;+mpedOvLKZ!`{F)NWBwxE0bAZpnCY
zq;eH<%yFWQu%(P;dVTk74=qRR2WCoEeC=kLaHue=NR7bnFIzlGZpq*pd&znt9`=tP
z;_PzW(K{fyFuuNDKiF>Sx&mPj4bPPhln!eSat*aCKNUxoM|KpB8colQIwhaE@P+Am
zuc@>X)_+MIF4v2E<hrjow?ZX`{RSNe%Z<p490y(hzEj{;V9A#d79Tp)H&uuqj_Zf!
zK&)Kucz$+!pkB9NH+5G=kY)e?_3USs2u(y$xHHkghbE3o`8b<6<`P;BUQUwcFONcD
zs#4-oR>z?Ek5zM9(_8*Fv=@!{`}ckq28bZ+V>SAy?}>6r)>hdQUCRNg*u?+|U3<f-
zXZ_JljNqi6q@KkdKpL71ixEw5x>7Rp(9QPgcH4H-RsB`q1Kl(F>-TC&Tk*@N4&h2^
z`n1gig%n28Ys>^h-NMIwm3&VzL~*V-)@Z`m)hM4avES_E3h4R4i;2dxgW8j{tQgoK
zZi$?<D^>PN=)@dJ@IboX=7TvTe)5IWYL9-kfF+g|(kBBM`_W*nUM+b`qYRVPKv1W9
z=5uCZcA`yU9qpWYo1x1Z!fc4g*X(%luS+TiWz=dcm5WX{8!SC6CT5<RW=-`!PFfro
zjx-RN5mm6S-`1amw6nFc^D2#6uO3T?CioD%ju*ez=*<OM34?OXdJ}r{dv#fD*>s);
z4-2a^zp#>99WI);yNqESV@)KuX|B{0(#g{d0uI)&YRgQx4BRGeow%^h8Z}HcHR@s;
z6`N}sXexgJ6JN_|TiW6Z<JQW~i;Rn=i<adc^w_NK%6LxQ4ojI!LrQtiKAyI=k2&co
z*6BGMcpkqVzl@=NBig@Dey|%6xbf?SZ6`!0IOO@{+1T2bT~MHs>u5)yMNx*&8)Ln_
zD_@aId$W7<gtw2}+uy-(P=($8`PKH!x#OZ9<2S|)1+t6^s{(##N>%}=U}86JcQv6g
z;Z*Upa8V;&6W^=u{$|`Hed?o8+?YA9B)6uu<EGYYQ`Obx6&W@(_Tv&(15Y!K+l7pq
zn%i8yx1=iFlUCb&=OMdO@6OOcsf?<uwt<dWo26H4@l<)u1zXD+UdwSyiY5E9anpfw
zO`V(P-GZiN1Ksj%v&RF<)96i0r&G(B@Jh>C?D&*hrjyscz@y(BY7J2YpT-N$RpWke
zSL|dVo@}WX+e2&iT-%*grmF5<%}=Aq$EFv++rabIFn_1r(AA{CNoNYlQT9|fZ#SDR
zjWff!!n3V=-nncq-&bAScFu>yC*Abis@!)K<P{XF=I*7px8qz(P8J5)2C{2LAfh+9
zYx$F{4cXta1epfBs1bYaogP$Ark8a$njH=O7`PZ1`Vsz2EC^X>0kN@=&USFg7@H7T
ztI*z!-(52@(2XC7zK3*pZ5|}MNgP8KiAwFeK)8S4sm6oI9kjvP7>uTzB<NseWlT@@
zDBQgkpAdY-u&snRY<W@p4)IDg#q{j-^jZj0{mZN74Qd7*YFm*l3k**oLV#-GhSJgy
z)ZjcE1T-Wb1PnL_3Ep`j@&6+)0!az+?yu`m5D-Bo5YYd4Mh2Yz*`mPvpE7@^?_vTW
zV8LhT;N3Y3>Yq=;J7>N7XC96hd=ElEQAk`IoGKdF0)dux##Z)^{`?`}3-H!r>UIzi
zSmb|pNO6VF=ivJ1O_bE^)ug334XiBa^nO_B1L>SCtpC&l!R^cm&RPKN^@yD<%q{IW
zoq0(AdV&+2|8p5YO8nO&_GUb!YSMDVLRPjwVpckOI(kxG1Y%-hZrdM*oC@DW{!tu!
z#zSgsZ*R>B05~~0(K#{ES=kx^7&tgM0Q8IiMn+oj6SQ_NmiBtiw3c>ce^>I)dcFbe
z3~WuT?M<vKiT~8Ar*Gw8&qGT3=SBaq{r#OlXOsVYlcn81ngwnk;LjZZ106l!Kk5b-
z<^FS(Q_jR0Xs-Uv!~!fc@H==J85rof|0?kRyY-*1{4Yh-{!3A2M&|!o^uOHt??sjE
zfVM(b7T}lK^ZsXt{iE=Iz4?!V+<-rA|1YxmThM=91xuP2fgA82y~c|$7!sHd?#NFj
z-(;1*DR`Lu*`SHQ2g<)wa2`hACaxdA4*|gsA^uH3$r<uE9rin>@?7BB^{Tj^zdzQ2
zupB=$X51HIIMUn4+${I3pFck$>Sq^c=>ygZ=PSw7<mA8QBf?Fhi+Mwfp&opG<8X3h
zZP9b8X<6|9oL2h7@O0Vsw5EoO$!V3N-(n(1I6iKDclSL{Q%j5Ao6T#nVxjf@xn5p=
zzFvO>fhi9!FJV<x6&yUgFuxqJyNCP6!2vwL%Bpd~>y(htnypq<JRDE6fLmwJQCg8)
z>XEIqBVP%*L`m7tVuy1%Y{I-w=7BnP2yf_0@R6+&<JI>0LRF~ED-hscAGJpG@WPVu
z_FD$W-F@IeG+hdLPf_^WXuItT$(*k3i+DS{?Ms=q(D_SXGa&j2b&D!?FezPT=T+#G
z?>;H&3AH;iupXQ=z5U74q%XkxwG-LCk>Bas%bnZki7~!?y;@^@1B~%amnFPf2YC{0
zze;9!4PNoRl8y&YTDNTnynfsm#H*7$ZNHX;uZw#EG`+<<0lF*v7f|1O@gVVi30%X7
zCmZwH-%~Dc-+m0O;FzKMmTr~a`pR6(f0gqwuOY{42S`arC1NQ<r!b{p^Zm`!{&@bw
zyZ0#H8Z1{P>ddg6V`nAO`wnDbUJP2XQaAgW%MeWcUR|tLug3Uv2Lr33LK7d`5vVJz
z)_9LsTCkVuEreR~K7X#06m<T^1pFr4OJ$8~`4dn={dJn8LVC3%V@4M8h2a4>E}HXZ
zj8p$m?PsPc+vmQRzm7X(eI-))B|dB?+$E5RVynJQKf}wFr!0*@_YwQmzT=?3=#$sw
zOY9oaOGB-x$#W~SVe;E3Ud_&3rkqmxnao~6G~@2@gXk!q?Q8T^h1OdMkx0{P%n_jJ
zwWK*^axQER(N(1Gh{nLN?s@9SggpG=Pd^d;<B;u%v-2oa&bR%TduS@C%cKL?$DJu>
z3R{@Dl&vU?XWkvY3DWW!_{ZT<FYXAn={4#ovZNH=W5l^N%SfqZl-^Kvn6EWMWikoy
zAN9(s&JkIj9>R*6R4gB;21T%78CB)d=(vto`$OwKiAUDC-O*`r{-AWdJC%NW>=+)F
zoB<*y6c)k`4a-s?V{t7joK$s$N+z`_yFK6Am@ibrEHzk(!YV{K98M=oG|E%tQ&Q0i
zSXvUk3=7N4e;67bl9So2RNUE-5bw(Y@IEM2u7_59`wS0BLJaNijfMs#$PWkiZ=9qM
zLy~upR>igb0BF(dZhFxyUtZnhQwEd3!6Ro=2J=!!UZE0j{!GV|zStD-W7w=7M#IJ)
zgQ7$CkM5_N$@qd}@WT=SI)^%_WM;quIGwGA^SIp-Gch4zYjcY!v#UF!_eUC$QgGpe
zbhNZcH_N^_cML}TUp^FE#+nuq%fp7fucL#X{5B*c<ePUUA9pLyMgQa4M7=cE^}!PM
z3oMdS7kxy}00|z?fL~(BP^0sO{*GZNkCnwLNIl?3SV)M7Cc>avl&*K~!NI`jsDOZg
zPYJP3lhzZYgxS9-yMH!=*#qi0Ih4l@1_p+dh8bysVFC^XMX+zee#idE*YkzmeqZkL
za%W@|gj9@fNpr40G20i8ADxyK=HK%Tyix0^%E-{UTn^<mM(k`>Ng92T{6BW4zjrLO
z+WwCCY7;3bDVjt!zJY;(oQ_IhSQt{8m#0-2E>}YRu=2JrmVXniMs3mMn%7%zy~R@0
ze91?_?k=i613X(>+o;UU3Xmg*NvIOWzdM-zDG)eFL}<0`k2pB|q!n^K{r$PVf=q^n
z86D(_S|Og;x2jNph@t)4j(4a^<(dsBkeFKxZ9vk=NtCUgi!DlOIxL$+n93OP|I>K>
zGfZG0!Fb{R>4~gbovEj{H(Ifr#@Wrypvynlc%hn{TMT-aRln!w(Dby@^${PMNwLYm
zmoaS@7nkohiJ$*X$x8=#>m~tm7TJWv+|k^jKpUq!t3`n-@+v+tvH1hiBmGq?6moIe
zT3??GJV4e0#%P>TcS-aB*?ZT<nUdDWaxM1~^aac=bJb4q=Zx6MTyo%zh3_@RpQc;G
zL!xx!h>bRNb$7>6R9I-T=Jq%7*etzC`vwJZEf2J+?))4UiE*niCqL!1*@PY%9@d_0
zVkZ6f#I`PlVQuFmB)G=@%^^%~qkOcMr+mM?x*EOzb+D)N#-!+1k$sUkDjQo^XaxV;
z`FFIGFVQ%i73wbc%w!maKg0hL7{38o2WiE?fSA90W8eHP!@cK?>F*>LBG=nvm<AG|
zKoybR9#XEa_(74M1k{r$HSm{UX>Ji9{~cKap=eGyjhylQYvHQ3vZD8P2}k?e*G?NW
zw|B%h%Li!<#(Bppq9d29A6gJY&M&j=<3b098Hoo!LJ4LGV4PoG3SRAw#8Xt{#KOQK
zMs^Uy7IvJ>zNIQ9r^W_dhuMd0Bq6FiNT5UgTT8$=Cfw)SP*M9rLuoxqmHw!zD`<t;
ze2o>WW&=SfCZsSp))7<NqxK)W8@bmQ(w16`#NZ~U@ItboZv@7`RwV5kGlzzC3{|xE
zF^!D|Eh%GEl+jR9@-J?5qo-6I5WzAE{u?6dP#5X|{KnSqYp`O}!!7f$J{|x*QMAa%
zX`7e*9E!ZT=z3?dnJT3wV&=DF9WHw!+dF|C{M|4-dK(dvWZW9w+0~V_To@7hJq#%u
z1^!;f5{9L!j)TKal|g@Wax&Fw3*M;_MZ&+QX#AkjANxoOB=h|0@Qg05Px@`FJyN8%
z`h|lG<Z9$nfhj|yEEKlqCL$_|xDjDOaBw~~KOx*MLVm)DDk)(K`ubHmoe?&Mx7+Fi
zhdTWzsi`?b<p$&e{vAD+RgAIk3WTl1uBaiYx+`zzTLsz`p~l>m@3!f%4l~E6i-ru-
zCxV>C|LS{Y5hzbjPcbPm?}|)7n{F$DC7DP>xs<fDkg%|@!KcW1ntyM4b&&d8S)RUk
z0yu>}rDzxmtHZE@>PB`ev1(=gEBY5YbMKX443A~128A5|nh$u?f7Y&Ab6iv}FRwg8
zDW9cv$spx|!a_DBw_dt`V>J8`k<5pEp5h?I8$7doKHU}lsq6f7jiu$aX~)&3D}F`%
zm@v`51kNud#SC6!<W&@q8eZSgmH!?Z<qZu42!W^0{~k;D)cAPAfqwG=KR72}MbZBG
zQhuQ?XjoW*yH!=zPVbf<wZ_{S`S{vNmcG{iZw8T(H$Q(KANpf22{!}gs=z8Gx4i$a
zcj{sfJjnSEK%)-Q1BHJA9Rp~*l#WtmCCxCdJBd%jT!E;s?%2RWEjQkes5-m-LC)ul
zdnB6R#xT=Cf%W~*$Vk7$M2cnC^tFcSqM{<3aQ<Kao3<Xt@tfaK))GyiSQ1`0JJ%_x
zC<V6jJ;OE?UqZRCFjrIkJv5NR_=PZ>!?~<TIr|({;$ENnm&ADM$MSo=tpg(zp>=k-
ze@KGm-Y48KHilZJSvLu-!{eHvtFEE3*eF6g`@dNhM=`ALAh@|ljxwoXsbz{mQ3;*w
zcaL<|TWZ8A=%Jujt$KBC7xfLYg+CqWQ^4;n+(!G<M{<}3*XY)~)srFh>3NHOD0Dw<
zLQFv$9t7eBjdNBL#ON=PePMs^(<T6S4KFAo&x#O&XwA;`u_f}=ulAQvQPD5@$>zi7
zqbSTN9Sg7XJ-7M9iwc{}uPTQ^>pO&>LMlHbc2`)SbNl*g>(y6<D?YeTE;hg}d~N3!
z)`?(PTZj*&Jl~8mORKJ_Nhe5{E+vPQm6b)pV}|p1()rogh*eToTidPH{>t`Cz2^PS
zPWT>Mc>-l#GYpiw`?BK^*yfNGbXN1Hj*d?cZgsocyqVJxR!=tL0cg;7CheS@ggaU+
zbxlpZvs`h#E{XG-8W2(W3y;WP?5}QVArY}6m1#D}TYO@#Bw8!i2q@EJ<yt9F!u)>>
z@^VtSgWdORR(#IRPcikwh#9<|hSG_Nm>WtixH9orx&8k2aFV|sd@K$#gR1UYe$+Vr
z054&X;IW?q2RV7~*iwQ)x@e-0>7fJ+0M5T%34B^eLs2?xLUuYZ^+_yjp>VA`^h1n&
z-!(S;tYsQ3=&1L_bMb}DvEZf5k<HNuJG3QbjR&9b^)(^zs2Zdg5Wrq-tWzeegDk!7
zuou@t@7`nGd$1J0rhgzQsnsWiR~^Z(rp9jgJ1N-TA3F3S3L*DT7{m-RNS%b<mzafX
zcr8}_&tG&r!h3x@pD%*$FNXm%r=_7%SgGXXb!0x+0mjFZC(A=2A=JIr+V({a3mo%A
zJVH?83<IcT&mJF6j`AJzr!;w~dVB9FD&SIWW%WgMvUT!x616cv6E*1o&WUR2T8f;m
z{geD5i67fa>--{Ajs<agTd(@&vK&l=W6v57q{M@$p76Zq!8d_UMHJL4K9|32F^On}
z<t5+|?y$1yn;LbR#Erni7D6>5(|aN@vg+sNFo3teKhyn(P3DjP$K>#7CYBSoTZ+Gi
zNa3-iqR^6<-|@>Dz}of^PEBoCtk8r(2O#;U?omODy5vw6#-$YddnK_g^B5~Ee*Or=
zHh75%|H4sC{r41>4&YbQhjWc$6E!O)-uis&?gYU>)ifKz{L@_(0h9tGvQe@+N6O8A
zwZAz4p~x6}F&Mamv*KZ%d%OOT;X(xZc7JDJJe^Ln5=h3F*uG`&Q9d69t&`5>)Hfx|
zXTX~Abe0)Fz~z{<Gbpn1;d}J&G!9ux8&#EEc=yWZcgKq_k%yHAK{83~7pDF}qTa$f
zcDvlmc|0yI&dyn?V>;}2%NfSfggJsjf|x;R%UYl28&Ff(th)N7@of&{b~hSMdE*0T
zY|&iE)7rm7KEFVnZ-$0m%;|bjy-S{{J-Ev%Dnes28s(?6DT&-ZJ&m|M8S|m=(D{6R
zC;(N_9IxU;AwM_1FQ>Ig1MPFn8YZG{a*wFdOl88hVm`Sf^Z+b8-@4HH#hKt&_W8CX
zayqvTHSq4TKg#YM+V=3RTn?X9Z&{407=&p3g{goZjEWUUuoc@!z2VoGM|xC93y%-B
zo@l;q?>na=Ei)ea($;E85x*`_vb~dLYy>qzJ)|N;J*h&<oPI6Ae#*ljv98DXKBmod
z+N7GkuKMd9+RW=km;`s+i@3Z|AEYovr^c?!?UH^18xp4bPj&F$jo=$G?`yT6;)fxM
z!2AKu6oj=bG<0L(1)z^rCEF<OEFMKoWNs}z(FTJJX2}Er#Z^o(vYjk>{7(G6$tq{d
zV!YtrYH+*}&f2)IKJhbkZlvXK)_ItE?FxdYUYp@Nj`}0$+qWnw-}OfqN7LCR0{n7x
z=eiKnQ25p_T}w5l&&e<pm1Gw9x1W~$d~>)l<F?6qGP|(f`;$>MzvJw85b<`3nvl5N
zRhGzZ%@NX9(lJ1qz`0wGJ%^k1Cl*bl`DS8TZR1|9b`fC}FyC@2FP%O#EWEfJWIAIm
zgzkKE1SZmr_`b7dxLjp)H9OeS0^jGOumvLF`W{uZ!_%C)o@c|#$;o}6)%^aQcy~0t
z@SDzA+Y?ILn`hm^YeDry&74c4;U>$^kcfJYJOf-@XRn8+`C1#l5nE}KJ!!TT-%dY3
z=WJQ(VC<56O}2FV6X7*?1GeX*3-YS_mP3t)LtQo^XnAFMW46f*)ipXOU&<l2uUBNf
z1nYy?c`gP)>y41tJ`sE@5(0I#&y9ozZ&{S3c)ni%`ThAhyt`|y<;tpbRzp-d9-6<(
zc9o=}z5Lw|)YLrqF*W}D1!H<?_*N9dIK78ODEI5s2W*|1RR^zbSbyTpO*CiG34CRm
zLxs)qlG}wZWRi8+!R-=LlF<)#bk(!7k*1YHr0N(@MnsTpXh-u^OuWz59Br?Ul1va}
zq7i+{s?t4tZ^sb2S${*n|A95R5%Au7X@wF}!V$?3LJ1EMPHJZZaWBg$xgsoJ>Xbgl
zLT2crT-^y;{{$>X7z+U<qV0|;WuvFu#(Uw6cO6q;D<+>6p6k`zN?UpR$UXjk3;)Xp
zV-{k<viDz#P-49}es0$lTjySh4fE1Q%>xJtc?m@fsE58rJ@)J6{gTX;Yeybl3jGSL
z6D=^&SoikX+2yf_Au$1at0ld(iq?UNdO)+FZu?}z4>9I_mToHI#;H!PBw!5(MhAWj
zRFoR&S5tsDr`@zU#ETcx@s*eu0?>NRNJ`3#YMq>%oWuxZl*#x-)X!G_9ENA630`X=
zSS=Ry4<@lM`iYKcQF5);5clnx5T6D@XAB~F^sA%{Mt)R{L%TYTkic=|7vygyW_oqq
zo_LXcm7Lo34+_eaOf1K7p6LA<8LGO|rvAXfn`5+b^N~Q#L8ITx7s?L}yCPinjGF4;
zlkGaAjKye%2T{Z)j+`@v;rS%B-)@iUF{h0iS7WN*?@m_?pQa`!!Hk4ag6b0TX{k`q
zZ3%9JjCQkXdr+yxQ{N+7pXg@2Kc#c*upyRBbS@Qn#N;>e6z>o#8keR0_>i(}B%Qcu
zqpCSn!}av(Ev>Gdg9J%mdJ{EDkT_R<@$WeD5+XkX8tMJs+sYSEYXA4jJkTe#dTMN|
z*Y!ozfpKoqpg>aFAJ9$11-$XBGT6>0j;3DfG^+7&!9PIwo#lCE!C@6lHu?@S%8=lZ
zCfKn9t>bayaR2bI#iw}o%~7Ua{Yfud&v~Oae@J;NPrM=d#9&OfI|y0mXx2jM)#u&Q
z#Yu@W-QBgrLB7zwe_F6~Dr@qM?i{|nyuAH|T_I;@>(%HIyY)K1wiDF}*iHk(>VIYY
zB%!UZ6A(gn{**Betsj9}FV<%<g}Ia*icV8ER=_hR*ofpON{K3%j)2z5fYf2Pe*Vme
zaw_`$8#ze)S(zu_iZ9TMcTJH;vmT$=r_&F1>Rq9`K~i!vV^!N@arjGkXWwGj*lKgQ
z3yLbQkQ?95Vtmc#^GVHXluN-Sf#9D9f~&f<K?$a+@bF%D72=SYM86634?m7|RM$fR
ztk4}+JTJ82ZV(k`jj#>%9*Ew0gQ4(p(~B+axx&skCMeOSN`pHjDfHUROP~ORKxb#1
zKxF*#_aM`mhHIp;=Y<>&_yt=Q$d{(m>0-sGSOaxYy`zWn(v#w|+dpUq-6=kHe#h(0
z1J%s)aiYXHwD-Fo9buSRMT?H`Fa7AbOVrg0tJtHw_M&}C?$`NPI5@c4`B&KCx1jhn
zcLSTX@$7CJ0*0zM1VmZ=(cH*&<41YPmh@5Zg5js2GLzh4re)4v&|rZAxaAZ!JS6?>
z;8_?h@lhpe*=d5XZcOc`ikh@=iyE4Wgi}`N9TB;#PO=Q@tb*|EGK+x}PWrdHR*CU^
zmAY4H7#(xs(3Wd%>0*%_7A0>|3H=Qt4!XPTkG%BIRa>bOD{Q#=k9%m*wffe+eM<3r
zEY*?$(c2zrqHpq8s`A0YItN6VXtFx*35~Awr;Frq7&aMi-g)e$D~=js(h;?IlC1yi
zI2yXZpntq%z_NI_3>~|;pdeCT-ZS3yxLXN=eD}U&%;R*K;$kn;i*wO`YNtOOKPc6z
z4ThYYyz!zBU&hYn(7szi{(n-Vf*rh2tDbN_%_HnKbFA5ceC$0EPbdUv(tuqX&N%I#
zX{4^P$qGf8*cy0U0K-pQf!AH#`wlL$Jzr`&Uu%&tcZh_He>G5-z7^-OM|rij!B9jd
zBlcdu)F((L&;$haA7n_G&#1TDV!NMr!q$hRMSJM!>0u7-QQhPiIJ}dY=&q5v42+UN
zbx8o|MjRhAU7_8bww$SC8{Ri{)r|4_>3Y4?H5bz@lvj9~8kieY$`h^KU#L#*u_oyd
z({=IOEteU!n46fO%w0R{RO!P66g-XsUz$p?`>t`DO@AAe5NJXHRtna4eZ=r4@j5R$
zT@y5R2}b)@XP%<n8ZC24k{wKex%E&Lkb6j7{Ez*`{@hNjRkt6ljYZ6Yg*YO>rsus2
ztlC%o-`GBh9|9I66tSF>k(F2v)4gA{?#wZrZPfY>rcU37wq&@S;)d|oP0_uAF<{s4
z<eInvvx}=xJdZ{Zta6_Fbs;ec(+Y0;om~~}%)LGAb=Bs*`DTk!X;$qP$6jwAY%=yD
z31X~IpF*%`H7LidBKdfOuDNMWZKMyUt8xoqN)S<XR)nDFTeJ}ohWB&fbK`D*`in|%
z_39MGQ4bOePC|=IObD}KDGPqZD_V5y&+gLauDheJ-)-(=(Tkkrb#~UrLC<L&z|uwl
zqNSP?;8IStmEgo^WZ?OIxmS3XbrKh5%YC7TRe$Uxt##mC-)8J-f$2_3V~{UET-Z5z
zUr91ureJg7xq`CWd%6&Z78caIJLL!;V8(s<%8<6K`n&FPdOmb{>n*32$IXlc4!ddG
zuI&Yl@W!Pc7hX;@kJCuwo{qz%R@ElPua_Ha;FS04yTP3;X9ruYO6xXBZWkUlFJ8{t
zv#iCp^KR6ORkyQd_vcwW_xp{Yi54d!2lP~4kCZz7a8@rI7u}<U8VUqN#46*7946j~
zK*KRySkm|ZgQoY^MeEvHBxdNrXn(F1`2Y_O-|7AOGV^%hi~eb3YPZfn$Q=zgD<EB?
z#gW$b>T>*f*;wnsYs-eR0cjx!m6*FtVqIArV089s2#Bz(TXPFO5WU<<)Rixy&PZ(F
zE7N*F4q$N|d_|z6R-XbPx(T>mjWn1Z)AH~T3@5buBIC18tIf{9?DD)YH`|})q`Vy0
ze01IlXVY2<Fs=Br4qw!p|2n8Cmu?@OPG>%F3?t;h>+S8u;nP9H-j?E;Jyc8SX5q=;
zVC?QE@-i=b#2s$9!OdXEO)>7jg#%q@i#i2=Yv~L=N0}TYr_Rh!F0dNwXk&rxB=Hzi
zDhclx9$O-sqD$7h2Hh+aL{@E`v!)8+3T>9t*{ql+OgM%7wL)Y1ByylG*b?~EuzVwH
zSGxeu!Vez_ka^qR&ixFaP9^DZ1yOh`6#!w&Y)3k2oWdD_cqWHV0({F14>CW1867V*
zMpPuNUjsMy_JRs`dBP1pL_5cqKX|=ZlzmN6wy1;!$T)0v9(kfWg_EP|{9@22iD}!W
zy>;y!ruIR{&Z2dq?uDT`aHypnE$Z15t-fFm25ChTCZPphU>i$tl2euvw=92U-oSO@
ze_wezYz%udmcv~3ORv2xHsP52D0U6;d|Fg_sBLk6;W<UjUmHhInjWp}-3*^qDa~nG
ztX{ib@t*0^b!&=j#j&oP&9+}NyhHIF#c-fBKeUd+-2*%IysZ+N3jXlZ%~248K_4j_
zTcW-=pm>fA+C?Fh;+=~8{2;kx$!67@Avba{SY5q!j%N$SYd)1$WH|Rpn;GAx*%0gh
zD+LZ7k`QC-*3hC2-|!Jy@8=%Z;(~5w%QXGgAolD(H{ejnn4&I|y=(n|e_VR$bh;e;
zZg3C|38^P4n9Q1Sk*GJ|xKr{(WVBQ3`0at%7Inu2SLQjLaYx2g%@VFkuV^j$*z^N-
z(B!1T^X1i8VO{gdS^EXp!<(L<JBQ0M(vpOr?|8BrP%Bg{66<~-AS)$>v{-LZ+8QOj
zdTKNZ!iGipM4wO`8Nb@<X0Y6Nafsu5GXva~r)iaGF8j0Gf@ty09)FolRWLamX{-bP
zT4XJYpa7bg*-UBq5e`rhaG=JIr~s$W*P%kgZ8p|-ztAsK;*^OW8kF*0qXR>1J=@gV
zi&>#6PA_;EO8V7+)~=@?K(E8Y*FR=&aeDkzPxy2{IL~Bc*M3j#h$0cPez{?zvKjM3
z<+0X)CT)8K+t!2ulVKe#XKg|mG^(1GMbSIAyzOkKDV)f~CdJPCoeL`6j2ie@?MWA(
zZGt01`(v;(`!l^}bf+oJSUF<HP-1pR+*Di^U4aY3YIms?74`1iJ^c+z+W7^9oF~r3
zmO^W7*x!fZTCA`4KP-dM28vzzYDSy35g~{Z_Q^ngPX+Gw2ScKOZJt{K<Mn8h1Pze=
z?m}<}H&HA0$SnA7N0FxIfJ?EGY|KV=EYNT|M>2;kVVN+P-^+>o_ofsuRAb_}NG`$5
zmyWfI9)UVry*SNqB8mCyph5$}HkOM1VfEI0h62}3lh;?>S`gFwjMt3mHWB_CEBfk?
zc)d)>JejZnlOItzM!%$!Kla9psoO#e4{r8`@*UPN%;a~JS}ZwkACD5a-8~<nEjo(t
zWmV_+a&w<J6zK@j9E%MIuiO-pkr3c-CRr>@XMh61>e9}1^02sYck^z|t3eqge`;nN
z%Y!^Z_#za)2Al3r^DjyGX+Fq`aWQD&dbtg3O=!1Ric3;x+^(N-v9RSl{RnbViGG_P
z8s<>5@Vp{^=Vmje%}*IUYip=MgWcFcHZ(($L7FafLm@+QDn$Vf_BTII+r3!nK<9!x
z3?5znU$s|2QztXbXZqAXAHdvICsfIy$?y59#+_ZwxVh@b+gjZftc7}+tb(yc*OBH0
z#Y8B8nO$Q+zn#!W=NV)RlNoeKQ5YRpe9vrNW9d~;4wuNGx~Y1aVpuER=dJs4sha2J
z)uQl@qmru%VTG_=4&cmfMHR_IWHW2S?8)21Ay%pd&B^rQ?rVx;vw}OY44`^zvp4$q
zQCSl|cAE_eD&yL>6U^iglaL4mgLu_mAstU%MRDh<geauaoa@k?2)Lc2hIoFFGO{2I
zn;G@~aBbT3ZF@Oidut1wDOKf|nFk|L>lFvK^}Cy+^Giv|bki*<)yu0Zipb`Q;v%D|
zLTO>g2q1-wfR8}q?IZqpgRE}u+y=rV%k#q?5w*UGXWI_8_PpjLB7jEO;frjBQZDgt
z9m3<zP-T9)yLAVHVKFJ0Fp?Qe@d$PhiOaG6#RrN6bLAM~U>JpCU5Q}|+!zvB_!zac
zydK5oN{JZ-hlDSMTPs3!SAq^#>))jaq*tqyh|GT~d@H`ClEe^IKi0*zH&I4%{c0(K
zk6H%0S0-G2oVbJ)uRE3)2@E9Jy@c~qRti|0`^^~bhRdluTbjOHTd$uboccRcVq77>
zChw)cZJ_63hQo1TVj7{&_(PCRt80$K5$pNIg@CCkwd3isPnl*}zf5>!r0T|;MxAMZ
zw>QKkI9z)bWvgM1CLjEG@g)$rvmNn-%xty#>DRdVTseUU60>@>QDlg+uH1K?S@yN<
zhCI)Q(9F!t$d{+Pt<s7%#v_@tAk=q~7%*UfnMAMWTXOYsw}!t4T`K7_=Z89$9h^<<
zE>PY&H-*~FQw&Jwrz3I;z}s7<*qv9*?@ZK_)#;`(U*kBbV<Udc5B0Gcbeox_O&u|>
zko8Hd+Y%m|i=4~L`+S{^q2%uVNkIWcf2DcNI63Fo5NO-(iS4_Vb$xdy%Glca(2csb
zHP3K#dS}&qU}%fWOX#va^p;{)&Wg`xh4jh!L$lLSVAeWuTwGj9J*)YBs6LMwwp^hy
z{SWplZO4L$x>t@&3S2IS!*5pF^+G`?1k?EWj{)Noxd(r!U71o#Qz3qDzUu1g{k!cw
zyneGWE8pDP`Keu#cSXX1&%D!68A|`s?I9-#rIRiH`P{Tz1ODz#u!f(=*{w0Rvi4KZ
zpj)D-Itk<LnV^aeZ?io+EKq>qC-Q|~djo}ptg^QdyCHT$@#8~(WEM^Tqq`ifwDL^)
z2WJ+47i>j=Fcu$dRO`W*d@(7hp0(}ZV;@+<%)s9Z987MzZr2a|W>-VzVN{ZCdlRLo
zT^f9@ZM;MWzn@)h+N2s>+Q4A~r+<9+;P96yK~x~$!?uAdUDn7_Cbvrrq4BG#^2C*t
zIy+~-;bOzrS(no~H>Y|&frU&dyP8bTNBCo~Ps-CW;x~^*>K}x(mW?K}=J`Y`5{@Tq
z*MD(-d)v9u9YkdX4A)st<H$JSNJwtTAFF)a`##jWu+`+6YP3~f0|iJ|789h8p|c3j
zQlqVo$;gb23FTQM;1}o<=P8v*toz_BO=L^t>+TotA?c~*eH@$63*o>C0gG>i00n>z
zGOuZb1DS7fe02&82r%diOP1IM!b60%V9_{7TtliSII<0aj55<B=jV5~l}!sc6S<gv
zg7N+OL1CuiYBAW*(J@LfMsqM+wgcQZy)M?Zuh-4Vcro~8hS$K+r*x?&BqoxDgEDMF
z$j*Q?XxyGO?;=NC;_Oih&HOBzZdkS4Cy1L@*F;9;GHe!{k7&MaF%e)`%hwRcU_>|m
ze4B$2!+amjb}ijzt@1>b$`tNqydoVxb$En8Z5tDi$#g}3l<8OJOaGQ&h%-GSyU>YT
z^*%(ph#sfsD1~Ja1xu<J9W*XsDoIy_DyV)InE6WA(`q#<V?+4n#Q=Bk;d^bQ+fE+4
z!drZ8*ARDnC+op3E~b(4tsVJdPD3SgHg;4?9Yk@(O!yM8zAC%GW~*<br1T55UPy8H
zugYgI4R!H+6)Igb^9VNRsG~7M)uk}{V^-=d@L#gVR7uXH?hc?zHaGRj&mY_0QlS9=
zz!d4>@LLxmAnnWH{#rZVy<v#g=MoBDAMWdMzrJx-S3Vj%d=}FmH=Cxu-V_Mzt*?DY
z_s=zB)2`AtN+c9-*9UfxeOe4MGxeg|`JpY1U3*`7dx^Z5Y0qTNTJPHQZC-BXihwtK
zH@G<yi+kmJR~L_+uxF)7gU1?*vOs3|%SlN<F~;>T^*g@+zXB>UvUj1_fIcuqmTHJU
zw<qtuL8skZ1jfRu(kc!oi^vUYo-MtI1(%nMEb5i!3kMVmmh;JH)l3dyewEdXz#+^q
z9Gm3c)~DN(?(2i8-?!Q}y&ok`bYJeisk)4%bItwYwqn0b{a(QnQR|W-P&W{@7NpS;
zTk<z;{ofcPQ}GU^bzpI^_YkSSs_k@`L|l{0W|AgcYjxQOqbgtx4MqnUxZ10PW+1s<
zXMZ4Rs$-7by3KyomMqdUI-1PExRyHxtC6beIK!P%=XvdJv^y4__3PKNO+Nt+t9hgA
zx}nB481rreH)OS3cH-AP`y=OeD;+eY)aSXt)3dE~)}_t<{`^DX!Wdxv5^*n4+c7!$
zrQn70ieUUm^RM~I_qZ?Qs_sP0(?Z;j@+G*t$n$Ds?vEuTWm~6g6k#M90X*%UG%_~*
zSsGz9#X2^7vxopn!sjatJNXd6icQfK+SBJ+l4q3E(zfV#-EOwGEMzq{JE`uI$i=~w
z%wvn<tS+za<DxqzFRAIl;_pFv&iIB2_8<>;cfZ@aJuVJg2AN>oKh)$sQgjHW3;4Z{
z?oL1yZ=4dujY@D#N=tqYWHFm%#vRk<R9}G{1e1C>MMYv`j>ZR~+5Ng6H^?QrVx-qg
zpGuaZ5JZJVHx69JeA+{0qsZ_)+ssnFtTDh~M_pmGCAeP%^oos*GqY-09ZnyBLk>QB
zbi2}MKjxUQ)SAwu`0GWMR)(Se&Irgo5FNRlGt3?3cJ`S53Qzmu4l&|_onEWntb7s}
zB`on-Od*9TR$eJS$K$h(o=1#MAdC!^aDJodR{Iy0PrBL{{7C3IJj!q8SZ1{)kNLOG
zLJI}z7RS24()9Nh@%7~vm8y&gK1ntRs@%#gsKqO}v>O;FWk-uhc#ONkhE-<fKmY?!
z0Gnb}K;-LaT))x`FEB$72`NUwM1<;=*HNr2lh(_!X$LEe93bz0G2k1YD;nv$HXR%q
zsz_Lv)D7lk0>BpO@1NVVnpV9@3<k;sSZS4_88I>F3blRIvN~Glf8x;mP<gW~ORhs6
zkzq3ZA9e$KwTrLw0d%zTRmSQEgTYn<h9k|g6$O_2nXaZ8my5mqJZ{39Ugo)UCF<?3
zP9Zm?!Ti^rQdYd-;S&=2`Z=x`VONKe>%AVyA@%0Lpkvy83)Wes*pASToxhL_d(T2X
zW_~}ZXfMh}+2=!3)nd?D833rUzcG*Lj-FRKg7zQWL6=T`?PTsTAz@+PjE##9Ls~~J
zdPHjsN5s;S3T7XW*{!Us>b$^{GKuHOGt|)I{1tXP{i|9l`Q7c3RVg?goFPvs!-~87
z!Ohlx_4e}O2IkBFpPlFJ`D$n>eUbjzX1C>7ieQSjtSpkygTsaSsIYN=$l_Icy=N6N
zk*1h4c}>dl&Lt+GzaX+9&iM*I<Pq%R3&%hB@m5sD<p_T?VCBnm%f47JfrDK(|J2&h
zkQVwo#_(U#!^|#FEbt&4{v$XqXy+yaFO?52x7DxSRo>jr@vOwCe`b6DZVH0_FL=;A
zn22;*E8BflDc2GQsG0%}IJt~=_uV6TiHuEj7UHjrXCEi72-5kC+Uh66aPKxZLjfwn
z)6YxMWY<}swB0ogZz93n?d_t6(G+N%+uv0S)!hpoPHP^h?@<ZOXFMaWJ13Z=PUfC$
zce%3WcJlK%v_{!@G9FwIMA<i*^gY|UGAi%Y;rZUy4Gu!Vj$g0~Yjj4*cGubQT5UJt
zdaJlR(#S%|=uTG^4rK3}(MBkCOcZ&4rP(ophLR+#bChV#Z(~`k^GhaS6an-Mda*gH
zgpHFH&Zl7TngMAn?42Bh&X21(yFIQO-|B%qadRa+X7R%7K$!v(c#xXh<@MB95gdd0
zPPul=K<*^X2bW~8AJxjR(BR+=l$)Wi6yLA+8LkPI#m9i9X*TB$W0C+`#W{|<u@n<b
zr-M56?VI0ISITgGEvIQ=&%PyV7wVXnZFYrppMBpDhN-R#zbdA?oIgHv$(-lMR^wBF
zsApPuQ=%k!>Qza}@!q>^O=fJFZ34)37~$fbqd<|e`-ggb6<_5s<fQ1bVau1)zoH!N
z_IJ+t!N@O%eTkTyt##nZe6lxciW7g+aG{nCxX+Pa5Z#%kq^u~)Lw`Ay+}cf(A;50%
zZ9%Ov5V<Bo+)>gsM||lw#D6P69>KEU=YCI1Rh$T=s+^mX2lcj`{tMgWQqmEd+v^p|
z;R+n~6`ZK+85|d<p=I7C;IbVp8l99>)I)o>$|V#aw2dEZl<6Tevw>y`jsWIXbMFl9
z{!+b{Kbp=}da^T|7%RDVH_iDrVMXbjZsnLjr|k<~3gX$~k2YZmo#kjBuF^Q{zBrz(
z=HF`Djj&*LoodvznJ;`bB*86|ZO2d4vJK`ezCuN8x5&FQIOq$&-(Z+&fCT`#Uy8-k
z<flAa)BD<fiLdu=wb*i}Gt&_n*c9nbN?-gPDUh2y8-dM}xip+T--U=x*RwmKK{?oR
znj&EZLS}NTv)y4EO2sxhM}G9Pr)e-<(SV=s3u{_dlhJKj_eC7&efB$S2yNGFzBfVW
zbtGia_ouG+d~qfB9~v1^Uh;UnmUoyBRdd)#Vp;<l9q!*QwWM+0@ZoUU7a=gY-ppXg
zmiEzgB!AU~t6aLwmrSH~O4Evh(RqF`oI5%mG+PA~?uUEdlpu?GVO&R8ENq#lx-ONg
z&0fD$n6!U2k7E6ob2!Zc8jNFIF5TNw@rO(zd<)~s@&myjUF?eP_plOLjq8o+FP+w*
zpV4<<ND&Vr*8Y)Jn!#q3VdFUu#@M2JV2s^ycr{d>AzCvVnKAbLQ!*c$Z*66l-AyFl
ztG_D=3z&xt#iCULsM*P9P_*BzCYuf}6+ls~BplK-rj>E9uAU7|w|T(2X5GhC^Z9WL
z(P-4daXB8#Y0p<@BC<abjGr{H1`R(+M;fiJ3Xd^nxZSGX=yO_KX`QA!t>)`&)6&rN
zc)c>s;FM1!Z!Jt1BwJM8;x=D8TQ1cT1V=4bIYk;oP%M(C3ys}Vga5wOVXd2>07qNc
z<GgNo?lYf$g6=hr`0%RTgdM~N+;2Jhaqz1nl*fsO{*b|ycX)5mcBgY#{T)}`e&BF(
zxG!ojh+SDJt?TT`s~gbbW#6Pq4>kh4B#_0|9abOqw&Yz!EK&%`L_gyXkOY4wkxPXB
z{4JM5+w+5WfEG<N=;d}POlM@V!Ads5lTbiHf|1bkUf@b1u#6*;$A`6SY5Z!X3A0Ih
z3IL88jy0NUn6_J^QnZBCC2L}wNrtV+d~yh^ph({p%gPImoj2G1(c=_Eqr@m)yV2Kz
z3{>mMQ&NuWe~{SkbuezdS0bm=DAZm~sa+pGJR6Jd2u&Z8^GjjrD@Q)T`DO&_eW{5G
zRh@25D1<fvnGWOzR9EEHqGSL5)!H#UGAwjc2(rcX*WvaY`Cc7lQD_k!saKp_u;SgK
zh>H?zf)-TVS7ZyMf(I2)C=S+;9ay!U8?k%6+TDYR>EG{185Y$Cx_o26;Q%thb*D{6
zfwsK^4jG=Vgkb8?NF|7E)$@s9r)dwa6`t8-@(uUyhz&EXO1~H3W5GmYtO{MLJzRnG
zlwd<LLQ{ckrVMGhWV~9SP)mMZ9!}{)j8QH)bd-7{oGxbKsmlIp@FNDsSXxKuQ^S|Z
z%7ih86pd=p^<D!*usJO*HdB@R1@Cz;li=QQhC0#tbTV0kOXu31?(X&JE!Rs!O?-71
z|2|R271#awqNkt0X*mLeLgt(<9;^@}!9FbYGQQ_?q4{cHs9t3KIE?<Mz6&teU|8z+
z?fu-`IkP6myz;P#2%z4;3C*@__lU7c{A=doaMjx77Yq_=XAL4P2qp4z<g$&CR=^-)
zm9U*l@xXIFre-x54HFtIO)ojlOfH^z*SV|Sd_DP>{sVSR_<6GP>O^U9NCr!u3-+$6
zHkv^=Rgjm<Nu6pq>F3roCOgB3(YyUCpP9XQZJtQOG9sSL{^Nn?rqO}P7~KIw*{9==
zVS8&OV~X`=b0}lnSHIBZSibqp{V^kiFfI|ZB6(P0Qz@kqO(Y~F6mG%4nJPXth1IM<
zwt8s(;klUH&YQ1BsSK~Wm;1mJsrdX2(afhHQ}>6R#G8T{$)kwhkX)`bcA}3LN{Rhf
zV4_3buA!bZ0SDGXZDNmO;c5}ga44;<P&OP%tvkTLgY;Q^=1$|EtbfE}y_S>{b9_D5
zcQZsvNA}8u04~N5VG}?7sP8uH6aBp2hiI8=)N=h?ukpB%IiuDtYlkCmkvNqKM%JPf
zPyjnZqbDr0cg>DR5vSJ`%B8c{%Y0Csog@g7jxt!)HMZ8oE`0S9S7YrBZ)KxX(mo46
zY<p}3);#lqo#&2$(4u{;_WSf&PAkaw9xt3A^K+3Sv6nz46=<D6*{$x3lPI(-sz`Og
z-VLaDH1QLoV$8j0h+swspN{}_{@%mS<OP$gjd}Imm1lB#RA0=OyYtg!GUb2vCCFpu
zR1Hx|(+Ja2w<xWZ2-Uo<46w3J(nDEf>X~Z=I1zEGL{!lsObnRP^$IU^ch5A;vv%vy
zO3qo~S}1lDgCJ9V_yS;uDRa@nVU=HMHpZS|5XWEBZrQEBw_k|l7T6p)#KguPNT;{Z
zV6|^WaM9atQ#yc_t-EgqMrY}^ukjJeug8T@^^a!D3~xA=H@VJ0rO-eyVL`R(dL&(!
zxdOP7W-bJiR<XlvR$|um8Wx(5xp#^$eZqj$BxgggKRL(~qx;DHs{6neA%1W$I+a8@
z`@?IM>Uuuv$i$^9k6XguN^qU+7s@C0@3YIpfc6~j(TgQ@rnA;L^UPOAY@^XkJ|e!i
z=h%hU-q1|ZrFx6Otz{z2hI{xLj|A5HmWft3RH-!f=v8jB>^4Pk3|V?r(QB(c7`lq3
zAC<SDfCDiZZZ$oC-GRu?cPma|3-!>-T0eQ<s)yXTw4X;Zc$U=0?187th2v$KY`vL$
zurd*^U-nNHs{0pMZ|b$1xR<<$v<4Lx|7GC)_fUv2BG>l;WS?0(RTx_CcJhh7sp}-L
zHds2*_9Lvy>Pi10hj03x{NYtK%9f*cwdcjaM3ZtZGM96?@#%8YP-uKvHOojc2j?HF
zRV7o^(eQL6VdW2kZ7L_b+N*z@+#`9|*~ew7<+wfE`OC7%GNg{0v?w0+Jz7jLC|z~5
zXuzh`K*GvCS!qek_#o9VzYHqO6iFP_mcel50Bb$2i3Rn)9B*KsK>8(P!5ouz+wI~J
zwbmB+&zga$0IaT2`}Tw8vcFW`Qr%xF?{sPpDy&IA4KI*qj74gXhfnu{N;vLe1ydkb
z+bO?eSmCFLt#-a3GZxD@TKIFPw!>?kSja&ZZ?{#whtCKs8~d}1&eWbrZLnz}w?o<D
zD~n75=6AKdVYF>*-^ojT?xz#2o8^g(z%nH?u){713=?9|!gn*JJ*;jx&)hkKv_ip-
zH%Eu`co(Rt0yAI37Ha18|Btk{4y)>I*F_Zp2^B;_q+43LL+O^7G?VV`20;Po?vn0q
zn1moXVbUPo-Q92oe&1SquYG=NZ_hs0HUIH)GRGM2c<Ozg`@Y{#&4UM_O}Vl{X6iJA
zZZ@?Y?QGaxd|b|i%PY$jtDPH18`|FNi^CHZN#9IZKe**8N@-%g&Ri9j)G_!hK&^`t
zSjZ_S71L4p9@L|BDAG;|`hH*jB?uZJMiU`cn9gi(`ydc-ikPC#P+x<~u)i$k*zjhJ
zP%5yhkZ$x^g;I$IM^*j7Ah<GEnk1_bVsa$zN@Vx|X+~$6@5yG{P=rb_A#Kaj*su$R
zrpNUezP%Xq9A;0<!R_ee{947fm6(y)H*W9pWma>4B3j(D#0u-MF9Gp*qoi(L)W9Gc
z#hu-GKiWwR1ln+RjJ7O@DxhMpQb8-qUHEL18cD`jrG%C4dEO8tqkZ?1;yiAw(ojl2
zH6;Z<J2y8<s@3}tXb<Dg;n_cJCX(VvhqRI)L4Lm)O~##HHyD(OP_DFna1<`b!hYwE
z1J*1=^Z=Se^&X3W>zQ9QK5cB<IcR;z9SU4uCU^RI2l#tY<~RZvzwdN_W5G8(JRF0m
zGNHol9hV)s+Zi|7@bGY7C`Z5tR!?(3k?35wvciKkw`(x>wN`B_4A_{-EEh@@CY#T$
zM-%}GqT03z$X@Gh(ImHsy7Kao6=_>2MIBdqX&pWDE-Np)w8CyFH)G8zyAvOst(i9&
zaJB)3>3`&P=>$F*B)E2M$a2)AV{UGjN0gK5+=ZQd;!27&)YaaW$Bb7=7+Cu~_niP?
z56gwE`mv|`q7?#VJlduvCXNv1wPez1ds1yWs%-dhcfp=y&w}%dliRrKCD1a`x8xs6
zY~b*;h>QE<dtq588*$f5yj~gHq@-}Icjw7LJ-P)c`x(U~D3DVV5_|~*ph%`mMC053
zUT~*b&c5K2v~D94zA?Cou+K5?(vfM2Z&nS!%s5>Re;gkhs`m`9OhxJ^-VBH5Z4XLl
zdh#a2^rzigbgj7*MMDkeu;3We9>V|K9fB?tnQfBqPv6nI9!zW2E#WqFOuHOz$Nt9a
zXbMwsBI@M|;h0c%EiQT&vRBg-0Q>Yq4n1s*Kt$b%W_FJE^`gv1Kms|)wl_(nharEC
z#Yhn~$rmWax^Z-~x_(lTye545(IzjS1q+jDP05Q8<zdcmHa0!+)zrEhP#IKY+-h#l
zrt!rNB=@?L35Z20)xrP9TVL%}w3&Bp28nH9zPl<Dxc{vCo#lPMy%m_Dudh%1a{R@B
zxb{$~R+QToF?%f+U)5OJ0{`tHS>gU0IbLvG*M$6z$1LAXzlZSf$&~ZFD;`h{r3&$B
z+4Z8k#ksx-lZVf{F`Apn51)C&K=B=LooRXa@>*5KYmKsAg;Cf4Sn%U?*hB|==rUcp
zEd4sml}!y3zSg>42|rV9JQW!=(+Rf$aDk=2?Ej~J)K?)^JG-5+oTgm#LK$;PM{5(@
zKx*WQ7@>j655XXL$zlTq@sjN*^66eUavJD-i<0hF;=rA)t_szyoR}<^jiICMmt57J
zz-VcfEl6wE^bRkS>?mfwl_6;aPg&@5tvqhu*m)D}PpkkbgCbg!!KgC(qX{%uH@3XE
z0sn6#*T*(y(dwX;NhFiz%{#@>F>4B@m3uDG9@7V7saW)o3o}DzV7wGKo>WH-v)tb5
zKofvN6$60pVnJH1L#0dGj$W5b&*{LB9zB9rdz{8FeX|8A#^!Iav^B|&<{X&0p{j3O
z5D*a+-a>lGgSLylG37ei*;Q^C?a2WA1X07uF*%{vE)^9rSGirMEQKxm-`mVrdxq<`
z3j@j5XLQdfTikBKEHrq)#cMm3JhX?6yOog+KCFqK!s6tSMkP3%b`$2wImt<yWUR*v
zW0}HLE-85#8RcYNAU=PdzW!6{0n80dd9q<2P~xW=qOlo9`vp6?!cuw4gFcyT7f^nT
zwW<TpPgMT+@r5@*%aCpvXa|7{DBV*`6|I{X;*56=gtW?I*#B`#t3<UZW8bm&MkD_!
zE~Y>F@Vj(A_*cf>@yhdI8dAZ5m0ek`kP(!C!WpgKU>_BsWM?L<UyoJf<Io?wyV%`+
zqoHcXs!7JL+1|-hVRh+0v;bfsJT?X`-P0aFU?Y*PtifMd4AghJ)muz8Ce{aKpb4dn
z+V>fHI?!{V(n0MAK;t<1VhD{(TK_G5Q?}O#yMK;1NOq}vY8bC&WF&A=G+EQ_zil60
zyKd9KH@f0_b&U2tX4ISB>0~p@e)Hp%YtN78&2{r`!89woN4q^0{RC<^FB}<a!;pi&
zRz#|e@*2t9ShCK&cN$k-#EL=>$(GW<>tNdc3X|yVOgnh>gLox74U`9+MuK=WdobON
zBpx20%CmblZVBDmyEKWoHy6A>ZMO@yI~t5^9e0gJl_j!E$8bq(*)8R0(^XG@xL3oB
zP+^p%Po@~*s$;9ou@r&z(lsXtLAw|ZkN19Kz1A=NW-OjRZi|zH-*&{IEovxHG0uD)
z=1+MzvKM7|hpuBg$;YyvWBf&{=c^fis!;q2&}?D%60lSoK4`xOKnU2M#v?acYo~dm
zZ``7ug#qZX+>QD*7hs>Zd37q=)UR7Hx);6wIkFF1pcN^ZoqNA`s5ET5U?{|WU*v*t
zLvL?d`@P5Y*5sat7PB$zO`jTal_Xi2amsR!dtzQ5RTvSpEen&7Hyu82e3ZU!-anY}
z9lTe@SKKBVfRfH8#DL@C`0Bhn6BdYce){2iMvp-b*9ZcL7e0zCQa!oZev1TuOEx<F
z*xax8gG~7^L$$P3e@LZby}L1r(<+u(qU`-%)M6+_bTY}%;MY^*Sn~emiH0{q4~=zn
zhRqD2%#j|ryAw^u!LHU|d5YW?JNy~6xb3DC_3OH05h#!T($e5I9ldE-Qx89QxM7%~
zHpTDt^b?mlWl^eu7vsO*w-(pq7f6lBCup8X$R5;HFfO>P$eiV@)Srd(7gC#<zl#QM
zl(pWsuY?O2RdBYtw(HT!RvFC&r1I1d@&9q~F^8{xRzZ(g9{cyz<N;2>p@tRYF{<kT
zKu=zG_SB1WVI*1hw(CVJSI5>F2e^A9-4w;C8GOc}uJn`pwu6HsWkQi|zKUYX-WLt|
zB>)zC1`K9a#shVJwqN~jG^~QYR=b%kS=&M6q&-Yx+wnR*SXfxr&?vSznA1?~ItjFy
z6lf|B<^8rdb;1ZBpncsBQUik-8aG*e;{RP^6L{{PGngms4)4vk=<~E>2J&eXWM{)$
zn4cK{(_C;KrTeK}Sarc<LDAaO<;`amx*V;4gb3%t!$J6lC>aoYw-OJ(n;|$e?qyV)
z;)+ek#YT09=szFgX2-bc4W8_+Y?ODIqCGS-Ibq24eX9Xi1~l`c^QiYe4g!r>|3QHV
zd|(Ka=;d|Zf1#R;Hm25SMmV4@FmWu?EkAnOV5$b56oR*!hv0_uW{TkFgV!?x2tTFs
zdk(-W)LK+Hhn2Vqz$~hai#IplTKq153T$Y*_1@gJ(+RNT?*k!kHYL%$nk@h-ngEc6
ze0f?ot*Ez_&}D?AC(d1JH&l%@iaq_gaa0Hfuj@+!>w&;}mel?@*U`>LQ%92(cIXyo
zdC|$$`TItQIqbkLwT`ChRk6jG=wheLt9@2Xoa(JIbw(Q6_MO#EXw>C)=6U=N?-7wg
zO;IcEmW3LW60#YEIaE+ujR19Guj<*w<l9+Wq-l}#tRRYX&My!5_qjDR>?e3tk8P*U
z+YNpf4i*8Y9*S3790hJ(uqQ$12b~ov+U32z09dX_R9L35jcrm>O78#~ks6(oVu_z)
z90enHPkZ1Vwep-ybU9<IxA-MaaeTetz0i@A?p6J+G_r&FRin#?($*zWiv2#akE3_l
z;pOBOg$K5rGXQ`=AdcQ$X3HX1E?KhM&+xg#e*i(^OUV+S<)K^?EFVq)^T|>W;x6@>
zA5L5$cQln;AroCw^NNlS4plrVq<;8jrl#%pZyPX3;>|~p<@>4Efw8I{*~kqsFC@0&
zIisQW3O6s?iw3tuPq+ABo>SEmh4=g)NM5WkA}JBPy_s}WNRs!5O(Dq$uXQccyjiKH
zFU`ii?L9zn*(QS$d4UGcOW0buF?8>QUaaJC_pzUejke(?4NH$dR1&bhQ#Z*qyRu*j
zXS$i>#lQODG(Wgo)v^?$UT^a{Dk>`Gd4`5n!&IiOhtL2Gw7Q!0tTqPReHt3QjRj!P
z(4IYi#k=R<H~rGj)Kkp*vvu>CatMLDpV>0t;L7`e%tR{&$DBiS-%7G_iz}PV8%j+-
zJgfSThHUUY@dcK~&_*xcI%kNs*AW;0{VJJzFpm;!+SZg_+j>^bXR^|;EK?*Hd)0Pd
zj84;JpG&T_fxUTY@@8cX_;nxqLB5MWPHAAR6Xq39P@r!X%(ufPbH3@6mz}*>+O%Jt
z*ZU5tdMz_VJ8lpTF1;R6P9BH$)&8$kq<=Gs#F3Paiv}>^-gCnJWI|?O;^uK=<dYc4
zn=(rKwmzYizWW~qb_hMd0#xBFCKe#qv&9L9q@=P`i7bqGgx6dNrsfo_4;P>5(=RyS
zhXLF8i(UK8p$alS9cXt9b@VtS)6~5M6Sfnp5|^P?Wn^@6Rcm4E6gE(;?LLV^rz+0q
zp02<Cw8(8PM@swCr%%3#cbcOA>428W|8_ty-%*E@5gsO{FiFsTTeKX1Mo|5=ORWRY
zMw;LkN)3LTz}l+d*dMh(Uk+MZ_*t`BW-*oW&>SBBIBY|{TOO*k#-HUY`o)Pw{zCSi
z9;?7RJ0mkC&2_@Qu%rz-Gm2NI&5M=crQ3I$l4)`4e5Zk_JUrW>yivdZ)_vb4I7?sm
z_cp<T&fxGICrCc5{(Icp30HE`ubE1&PD47|OXm80>6hmRWpuS5MI(J|7rz%oUx$Jb
z@d8w%oRHMCO97UaAJVQT30#v?fY|5qu8>c7gkJl|DSfr{Z!rOw_J&$r`%(pwt3epX
zI`8@KEO7}5rzD^ITNSjaO$Q<4dQ$BG*&mw<bjQmvNpV5iUiZi|bq}G%bbB21yu6xz
zx`dB37pgK)is~$u^a3A)z(GNSGJ<TO&9nQC)~b_rzM?ea*2-POtN?a%$|{bs%gZ=3
zXS3~$cL*8)=~Zwt$9ZXUn5_Qc{-!u+qxj62zEu|C4|qFS7>s;>tBjtWy#+7J5rg?z
zb!Mz2Q|sFEhn;X|Qv>G$(L1x_<HcS8x_y9DyPh^?K4CVM6^cgKLh~X}9%P#as&ji7
z<DSW}$aKUO$G!C^7=B-&l0%sJTAWMSpNhY~EAEb>rc$a5e`o?{pe)qaxjKGZ<z&QA
z4}C`LfjW6BJZL1}`g2Phr;t<*?i%ND>x-0G=W~~X<;Vqx(E$K--1OZI*ykMq{aF_D
zVQdvmTZBLnD-a%$=jrQt&kKSo?t`K8?ilMN^*SpV?aMsSX7@HJ)??Z|qo4aRFU3F-
zy-B%$xYUu?oYTRPX5DfX*SIvPg>tbq`W%ffyE#-zOSnVe1L``XU~oO>cnK0jdTVmw
z(TB(NZEat>8q9=SQ?F`k0j=VjS|?3)=;RI;+2L}aKaRF$W|+#W;J)r+Q$3aWj11k&
zy}E@>nNHW-rU+nq)uO>m5|NrJb5vZ$vR}66JT-sNS|P-v0_=H$GK2yO5@z+g!?;S~
zwpKeT4WWnQD(hg#Z>=j}Je^Hx44|-3q4A6=mYhIq*xBM=t>L(w|HjQZkzEk|8e|t8
zH?>i|Dk<d=Kl(M$8b$;Vj1?4zjd$lfAI!$ycOG7Cq;~@_%e?jlE|x#TR=~ZD*XJz=
z;3uvt;;g6Ra<1%0@5U$p&DanzEYof!wBO)2RW_LR&RrTI5mHJkcuuEL`#VX06mMg&
z2|$Bk&TrxHLF-o|{D2w7CGhK^u8?-$d_qi=&2WK<qANid3m+lS-?#KQ?(I&ol#T~;
z!;j|5D9+@b+xu7j*>E>lj;>r`22ycOOPp;!i>90l8_p85x8?R<V1Ze3vpnD3tmyYt
zzj>kM$!o8j+pDyiv%z6#ixWQl+DFA9Uc4GF1?hm;i{C>0w4T}19r3(`>-)&<w8+Pi
zWCtTP4Ii8f+&9y39A`~fV8Z#nZ&Am39(8vbC^_|sY1Arw@iHb8C_>yX#iYgUvkD*&
zb7$6zLxGt3gk|uT@VdvH&OZlv+7i;WQv%YRAHKIL*8T8JFXM@PSJg&)yxx0gy&xZY
zt)xp5)^b>!_=Wa|vo~v#o^Pb&#CB|t_DPBD%t#OtgifA|=h$e-{&IhAurppeswy;m
zApM3%QqcQ;<~IWPx}HmOh3!q*M<s{qG(%h0kWWmlt+$@L8Rp4TXuSFG+H}WmZu6Rs
z1Ns#T&jxq@E6zP5zlZID6A+Vd392R^ASFH8u2ebPu{PHd%>;bhVy*r+((D{1Hkf={
zVVbOOG+wk9Gqs;nDT`^i@R+~T@Fi6{bK&W&PuAt?cgwYsikCbpl$vk9yLWw4fEYwc
z;!1x$KO%~)#-i9`{@wYBk%BMFvNn9&Gsj@DebD}J*jioFKxj>!u^k{v8hOCa^3KZa
zj$Rwvvkl`qXSr@Fm{-r}Wb|!7B<<cfpGHd?+(ki?jX`=9Z(0M}Ib_$?49QC`QM5gd
z5H9@<hJO59Om1CV)S-YS0MrT;>TW}Aw=F|ZUU6|qpLbX+tqKjJ&R4{jq=Tv)g>|04
z@8($sc|#p{CU6tgn=(FN|G<*s$Pec|eh(9P@Nks&6kWnpDY;hmD{A_VSwZHHCe|&R
zs`RD|a?A{nGtCY00C09UlQx&=hk%%nkPs!k=t~zF5ooONV$RU`O}f8>Z`~h%*9H8&
z@p`*xJk*gy%SJB2CTBjzmdklxadV;sPd1G=@Zs*jd;9kQFtTOnvL?ofZ~Rcv*arO<
zu*!eBf!S=#B<Wj&R_y)Rq&6tUh!Ci5Z?ldsFTQadAH2|h>j9vSPVo+L>-+t1z~W0>
z-PDX<HC@iOLF8fX^5gcW93MfM0=2ugwKC0?YX1!}Jv8Qv+>`c|nGx1XT?`0z2WN#f
z&n&Inc&1-c(KJwI1H)Th8pV(O(>3OxO>EEV`FVa!e@2v4le9X;JlOVHPk+DkVG8Tu
zSFV47Fo3wAGMJ_IxT%H(#>WA>>I)5ZZBcOcscR?T^STG~e5=$M7=eL-CX=P9$4PBz
zG|~u<r8ir5*PZ=X1XX$pDj+OkF<bu{=;xTRnqQwbF}WP-jBhBePAvlqpmcM2sakDP
zku<YV<BnrA?_Soofdh%BQ!8A*mXeZsoc*x{^bAs}&UT)Z%%V{#-nh<89SF+U*U#2&
z9re%9sk(2ZI*;KS0Sp3$)>}IOxrWQj%R5#TA`yKb9$c{6fAknN9=Ga1)G*ItelVvw
zHrrliAZ*}+EBjCKRgwxts_Oib$F5d0QA2>%%?ptALSzoWfSuLe$*)Zq+A(u$(WKCu
zu`_wrGJoxt$hDiFrKrgfvhRh!yUFpMo(IeNuCc#3q{Y^BV`+1=F@5@0|KWgq|C-P+
zukUnDmL9LBZ6}U;6<*{`N=#Jw>SZ!xBGaMSFvh?G%V<J;t1e$9zw1K1rKt!!I4+;{
z4)Xmw68A&Pmyr<+3~4#gAeA}Gw*TpE9sA0M66nS;n9p7QTTYtETrK^lttrYpe4y*5
zv%nujUW<&!VX1VD0z)H312^{2?%BL^J$9><4}x4yN2J=2Q`D$TGB-4UBCn56P!D&e
zwaXo6lnE=x$7;+~Uc7Z-a%Icv@$tvR$1mjlx<}^phw4QH3v@U;myS>EF)tZGa@-zC
zW&7wDWfc<s>w!YJBbv{-AX_3j21;$Wz1Bs_px^+CLZt!uvd41J2u<0&J2ZdJatO;<
z@xLzBnzfVoK=~5QzwY@N3=v)1u0MyOR$|I%gvzq1YJ=fEye~dZdAVlX)#W6BH~Lel
zMkqeEe-E@>Vztw<(g#sauknNIQBmIpT2x&<eta=qS=*5{z*Bb|e_G&_F5;~k!{&O7
zS*{-SCb&s8Wetca*@wMU>5D)%X0`%C3$b)V^!BBCX~%L4k@xLW03pdfvGk`x@S~gi
zar~0R9pU6?m;rH0v?X!Wa{ao=X;@}KdJjND9n`P93c)XE-s+smH3cS5i*?^P1KXf6
z(sv~s*>4~<D<kSHvc0%IlK@>gERD~--686eb$C2L`u=5EHz%qqUvoetr*tUb8Rbib
zqWS`)wb<#Hdd0w_7;sa`Q6c4t{jGA6iSH=cmBnZ_%eoLbm1jS};+9|I+AA-z?+)0~
zD(LDpWU{m(YYxWo!D@T={yW{McT7)FsMp?%ym-2#eo194rjTHd@7F!@UOa&P*`5Ut
z+jy1AV&`6YL@r5xQ#t)O0#k}H{Sh?smiZuw&0OiV@kT#>>Oln?(Pp13tNEQOlw-}n
z^nTW%HRlXqXn(#;p86gd%4f;ZYSKqq?DOn-5^}c1l%9E5C{O)<<IV@$<?+I@?aU$-
zZO@mxHR*5MFWi9E(fGAtd}#ItX7o6>K)TLHB{#Rm>2;jpvZj5v6&6&lg5>DDygc<|
zP4j?rg8p3<p3QKU|11U)(`Cx*m}LRNXdi>u+x~*@nM#oR=^e?-9A@Ba-BnrL%om0`
zEDmc&#o<NQQ6k`!iLx>~xX;bfic_@|hsXcP7uLg%9)0G%JzYoX$Lmb6A{O_Ov_W#Q
z^J^eVSXb<ZcCgKZ4O?yNXzgO~K)O2q#@8&uJo`MJTKs8Y((*yNxUEPVLQ$tC%{_O^
zJ*fB~mqkSiSz@T#B50ITNK8&py!F0IPi?`=?>4=a#Y#in)C8{V@bJS6Ja)~*zAyk0
z51Ti>isNTgS$j#qt(mGnS@w{cwn1OfG!;PPC5-I7TPlcfu{#w?mF6-VNfTOYq4?TW
zWEk~rxWGBNh*c4WNut+#BDx16Wv`P^(>Pl#f!YvUN?JcZDyEHLF&oyqd<m;Pm7UqI
z@m8en$Bl&|oa)y%W*bg90QFM5?*bD!*MTIqk%Kiq=2aTqPqEdSo#?F6v)P=P9LA~W
z$zM-Dihn;I1M4xLmTB9VMA7VR3k42VgYdJ<L!gt`^|SWzR`D$ca$tbZ)kZZvqZ4KH
zrBQZS083cDflog&r7IRSj*wAgU9Q16XM-U%wFUo!&J)p5JPL`usIeJ&H~v<NNBGkv
zz@0p!TdDMZxUcu<e_O>(x4X=p?pgcE6^;d)y%?DJ%BPZFB3hoBK$nZ;1hg`~Y3`a`
z0lv%5K3r$5?Y3k1f;;Ls3M<P^uS@{H^}hLH9t8e%>H&Uq+$$8Mq1oCrPFr8z=X**k
zYK=;YRmmuj-HO3#Pc`Q>L49<WEo-xi#m!?Vo62-9nbDF0G>*Q)a)w>ugMdz>RA9Xe
z>6bSF>Z=jKDZple&qmtll}HZ>GCf6F|Dt{*mE`HKXl##^s`5x+-=NyEm5X;a*Ol`h
zkPdyn&Y0a-&8{cd+fC5<27qb$t}5y7`mE#awO1V(QyxE42Z9Tn2{dlNWe)(+-+1wy
zB)3^kKaQjuv?Tr!HT_MHjB*k0%g}G(dOUEWy#qNu1u4rFQN4;u`x~(x9)<gsoBfV2
zPoL=y2zi{<zUu?%oqBFJd(MT)d9|+Kh95r!T^;3QWph6}5#^g;<oczive+B6<mCeC
zeBd#ir(KzvpKRn7)0I?B<}$IS56)9vA}FLeOXUTa?aHL{ZB?l-C^E&d;hoi54pdZJ
znl81A^nJy4-*h|fr8+gMUyIXVa@tj08}ROp!s%UkP_G%BoK$h$);my{akl8*y*c0j
zV(YoTBbOhK#e60LU*3okGq1`uKmlC3JX(?LH!y28H56-ocHX~~L^ue*`FxYm_DA!=
zkAHW1p0Gp!&3XWT4OW5UR&;ln1K?Ya!?ye_7Kibpe$Ujs-l#TcD86y^?kHT~-SW~>
z7V>?9A_7;M_}$6}KoD<9$#l-m!{OB4HV1(JoI6|yr`O_SS|@vP#<-#r-JdOtN(Z3^
zcMsfA$+zGkL)fF*c1}k7Y(y{Onm-iYysbH)LK(Q6NlT}T1CAFdK!Na*Wxe*CNj-cq
zp2n0)O41p*kuD-48z;jHpu0K;9j|cl-Q$;k4W{KuCu*7>D6l_G$>GVnGv;<nb>;`F
zoik6|ofpkv3NM0K3Uf)1QBYodN|A72C3IC7;i5r#Q#P39nSOlOx#JcT8rTU8`#}Iy
z!n*~o$@yTyxxi3e{oV12)&X%40=O8-u1E?Ed@bG>0Iy@B^qwK~g~$&o<VKT#b&o#c
z)65t1M!E`517EfXqy>+6+m*9jWX}tyGPqYC{X9&&e>>7a^z)uPTJJzhlnbk*>WgGS
z)0f*!$>MoCj3Ra{y_5SW?iwj;-XA55pJ1q;Yz75gE?rH|-=n^Ciu6nhwBiJ*hCyVg
zBAZBvs4lQ}WO|~Is`KhJfl^Y6gDBSFS*kBUFCXji+d0G&+~v340EA!WTqb{i`HJvc
z##v8~7LdgJ+I(%X(4sZxGHsR%NVl>s$qO4k)PkhX$H{yE&_LsoKi+%IWst)Ql@Z~t
z9`3B6EHN~NT!DgVZ-8tqUSHj5q)lhE%F%jR!svx+@o;~~4o%*7IB(kByjZ9nOq$TB
z{w@SSO2({(B_)G8mv1%fU|bvdbw{ip*9H1C5<A=drH#Gb)ECmbr&x~0rB=%Qv-W^V
z54;InnlPAziGFEmZ7(8&Zof}zCir+cnw3%OOs`NVbWCW;pZP#xCgTyT+;>F?Y@W?{
z_8W`Kf)UjWIBb_euN)06!$J`ZcbO~>=9}|s;(<;8yeIF2agyq4C*#=uR8=?Yj74e|
z*{@L{(R1FeK|}{eZ6m*8i{B>%HV&^Qt7&V4!&%VK<SeGEhZ$x7nvj+&UDch;o(ub(
z^tL%)hBp3mL_CA6SgjGUy*2hUc;rzUh(_+g-eMAY_kjdggzM~NSLtAKKBoxaAhyz-
z2E8=*QNnQDqVC~%`;{9U1n{h{<RN{sz0zIoJM%-q3G|HHHq_U3cqaW)1Ki(0JS_!)
zd}SlHODEqYIj^r!%)q~ufrjrJ)oo9XL{14t7e{$vzeV;NwIff~#JViaX&)V;eRis9
zfPl6?`2usI#Qd7@X^AJlW9%Tw<#gSFiSx;%w)K8nhFj-jIooJytT&^yIzGmmFy}Bz
zze;_EVKLW;i;CUP(ZO@K?>=-g3%=aiU~`H7wSN}7O(Cp*_R|3v5jA8y-F&+lpnUK3
z{rpTp_g#2w%(9>^wbOdENszD>&oN4oN=f`4L*V?Th+d&Aee*DP7wWKX(l#$y6aI7N
zzKRnaYW98lE+_T0z}1C5oTqypOUdF7dY+58T^wUp@2PGi!(uWwKO@WTQ-9K}L~4Tl
z+92~pd73IH#Qn3XFGb|bF2haV(Td|6t(Fvk8Go$Fku=+51XypWv+K>skAH5@JQ8D~
z;WyXDza=2y_tAfK7DT@lB3m-T5NT5{5@|?0q=S9@<br<B=knIjKmJEaY`h1F4JFbn
z(Ei#KY0viy#$Imod1gdej&44j*(n(kD}9rDZ(KNaUu7w@ZZlXbH_NsXYJwMJrQ%#W
ztqRb@cCYrI*eTeR#F--TYy(;Wo))%C^tM{*cuQ+r`n5&7O1N=%$E200{d_VNf)*np
z&LpJeiE6H1rrwW4RHik#Di3##ZT0_<7&9#6VvFP9ELvaK$bU#iX|0v$sttOz+g)K8
z96D303`qSH*>Auw2{v$9?2QMKM8ZVPoTT-XCD_f#hbr``W&vm?rl<HxoU$SUz^oSD
zJiVhkPGYxAI&NvQS@Io4WgWpMoCF|kiw8JgfTmhVE1;YdnhofWC9vNS9#5!$Ph>HE
zkJfy~_KSt|u(0f>gur9!^kI?s0pMdAo%TeJngW(?PX?d25_Iho12y|OcZVGydGJ15
zv$yy8AwW@_R1+8}|L<RpKD@{K80DK^*o7luLfxNb(W3bv9!m8!+u#P8&8H5orc5-@
zzAwiZ4$>B{tQi@zjZy@SydqIVmQ@cF)RD#rd?LxjMp8Bm#-F-3sRN216UA5ZBAtuz
z;4+9Eoa??x**PE}aiI$N%}*jYr{-a#5yv&l0&T50hv^D6X^y`hm^LLjI<<|#iqm}<
zd~R!C-xxHMy}>bN=!pzLOk+WMwn>z?TuHhsyWqEfv{AShGV9<0Opgt)@l|G8z+P|1
z^<PYPJ1ERN5YGAaEQ)`7ZlYKAtovfcduKu62LDcR5{~g=@iS|yJ3H^~9Rb^b-W9-@
z81K}|!4-=<TBl_LSmHe9;&6<$TQF*8-OKMweGqFEuizX;`eB(^!)KI3=xGn^I=nKl
zYN%+)uU|#<?v6K?D`-amw0CSLL1YnBR-eNHj00hmaJy{5qX1OItIOYWkdNhqNrcmz
zpVn>w%vs~|bX0CIfp4VZzkLsFi6o0YlD|a!NLtGigw_3C`Kg~$*s6Xy5zjU>ST@)y
zU}1T(1w#5wY_p+t8sU*}9+489%Izq5cXD2eB9;`D5^`g_Q1*#x+C<U`5dPHh`w|e(
zvkbHL>9KEL65a57^I$~k*dZT-6RS~h^zi32fliz*?agMX`1#<>{4Wl8-@hQZi&Qwv
z!&hXySNP?xqk>NRn@2B$I^R1<b(0`_a!Badd*K_`IfJ{UeY|Fr_0a76e)ZiRY<{<&
z<A7p*zZk>iC*O+NKvQpNbCW?=6m{jpB7Z~nI7p#Yp>eH1siv^ObP|y(-*=lPhvtUP
z({iCn2AqB!h0pErS+;Oaa$6~%Y82;z&b+Sd2%cpgj!_APw5)Ot#-?0zTvU_X|Lrqe
zSrEq@y~xhknV~nJazAxDK^s-cruBY<2VIYB7#^H&mdL!7*-OAv8<5Y1MuG7Z1%k0<
z_N$cv0R=N+=Vtc(%Xe%Mc7~%RZI&}F<Mo?fcQq<&=-9subWKLGD{OC)$Esa}tLf<C
zMIxUdM?66`c<KWHFtirC-FM>XnXdwfDm6t?5b}CRAJ0_yrw=K4MDCkDBp>Xic8c!y
zj~}PAJ*wxiUSWqD<N45*K@_+hHs6Dal+TJffPt^!M6nt(peXI*$B2kQ>;sV^E`kSJ
zeM2p1>N=5wh`&>kt$Y9W?Q`EUWN!%V%*8L+&1fvRvbK}&XBXM+BC82IR*{)C+n1I6
z^@h<Fgg1rR`8~8r5#Qm;OtuH>13!L&EBjUd%C!a?(`9X(cJPGqDF*TX{^O%5`a`cX
zNFh(Q5nbnOd%V)??po8ypO*mm!!r0v#YMv%O>G2lH^`a<)ThMcyJOj_v9@sL4TX$X
zA;dN7;o3E}p)QvOO)gN1n2jCla%E#Tv4^_LD2(yxSNj0>70A?r=OcW$xT?&!55<Gu
z%w)3GG)|*<T<X91tg68U5+C+SUUI1|#wrzOD{b3XVU~hB0(OUL>1p=ev=rEjPxgY1
zz5<srVPZgz5G2L;g1`vhXd?ZqsDt}o@APjjWRUa(0ep`n#=*CJKJ*}d?#+{XF`!Uv
ztJoTpO~6m*`=Hf+e`antDmB=M&(#<VSC&OrF9Js%!Gb*Gs{(^q6|?=-^E}>);5T^L
zmUEY0l@HqAD(s!A$Ak)wyERUP(th=b)?|y{|5}wligV94Dd|Bld9Jirvvj5VanSi;
zNvXkksqaU(>mMt$g99wxt{tRDAn{LD`H!Z``-XErvrD1c;`QK`y+XU^%mp<4&BIHz
zwdXs8w4h+j7r0bSuaqHb2;drhszdeGhX~#V3mK=>S5OMTihL5#e*||W=onCv3&Q>7
zCs6W-QS!Dz!xdAYdUL{rd57;nrP=y)gzI^slB{geXG(*VS-ZnLdY;vl&>1`E)*&x&
z<HzrTM?2p1+c1s(J0pn@1d}}3(Hda1AeWGkXt<66l<f?DilHJXLq7S@_@VX*)-1;|
zI<G{Gu||@ZHSe@O3;49O$n@wN;x2HQE)=&EdI*2NjLcF$lxOsF6h=`J2PiW}t#93f
zi*G5IoxkCzloAs_<0UswdM(y+t>!4+uv_$6uuIE5F4vSS;GGt&@Wp@mOpk^FK_)L~
zDD*d;j2#)5>}txl==I)coU7cNF^od20=@nQXEv}K_bxU^J}~q3FPN)5HswKdys~u!
zW{p|bpLfKS`UD;<aXDG-ipoE3cRg-!_xF$Ki}9tW=<)4UNL*>Il)kpY<+!T?DGzAk
zRn$Y_`pQVlz_EQ&H+DI8p-rNjGr86?6hzjuGy&B6mGMdGz!P(&2#!+9kjp&CFUEE-
zk{A71hQBf#bX=cI!(j1FQLOCK3W^+?qfb#~IxRgIl;XvJv)Jhjew=DBs<Tk97df|F
zNH0hNQEPsdrB_sV7yq8Y5EVOu^eUP;R$G~B-kVdVmPj(vJNlxhjK>M;{rr`oBbF-R
zqpSXkeWJzMg~iB1^}mmh|NOrP@FqW@JUqGN|NP(o+pz0X4}_>P@>}z1h@V@g;r}5*
z|2G#9$AohjPI#~4d-i|x_dZYHsu!`IeAE7WbNC+-g;*X5h<TZs$P-`xIVJv&ul`eL
zf_wbyC+J>}G3Ed3$48h%(C7cpr7tyEC-T*(=ojC%M*Y1b{!iaDAoE!tNKPDyet+24
zRn(UGf3tvXeu5`PG>4KS4@vCSkyP|9d-F9=9cs107*xW2(m!kRo#W{ZewZ^?fBIi9
zF|qNRo}z2Q^k7jG2yk;#G6^++Y4;Ss1OF&c2|N2g7X$x#8$QJpf<8F(E{1yq-6Q{c
zl`nvR>_YZ8Y4l&;5&rZAju8by+93Bf;LrUNcL8@1#Pr!n>~AwiLyRC8nCV-N2#=g<
zV`#CCi0Cs|&hXL$c?g~gumN9fV&(9^T^o#Ve}2q#<hLg9B$7ZpBDRbi2duA0|8aHn
zaZ>W6{`STQkyj0URH8No)DJV;p!zeq%#UW=g9-dFvtM}N-`WH5AbL*`9Al%&Yz=gF
z)%6UqhlM_cN)o6j%7I&w{4LcH^tZ)};HTHXi%*kAh6G_!ljcBUq5;5_WQ)fYIW;x4
z6oZ+%dJ;gl=xg!3G1v&R1p3lmgKO%#AHmH}dB5s^dc6DZuOF>V-l^aJZ&y^DI3DBC
z+T`HM+WmsX0S(q{ou9tQwmkUU4&v-qmvXQ0zk@do{SbgB6aS9dBMBJBswvz#S4tkq
z;p*Qm(iiyl$E&1K%Dj`pxM#DRC#9#O2>o2@fk3TMt4S_j#S1&%n=zP~pqGy||8uSH
zDA;6=Rf8Zt((er${7R#^ze+fNl4ZkpLGbv6FvVe^W<wz+qdaK_<4xMC!Bn}f=P$?V
zc3+6wGvOCOuODxoSQdWQo>O*;1vt|AFJqXG<|pE^ZFf?q;e?*JCb)y2CUmZ9f8GMz
z)Dh2PMlxUn-U4jfPVG;A`YUe}gpo$5obi<}`k@030<^BPuPfN>#;~-SjA{TmegTWr
zl5*m*`6s$hnc)5;y~Hn`ueuxF8vT7Pj_5#M1$oK|V?)fwis=CcXTN;>C7?r6={6oz
z?pXV0S-v6sLV8?hbYtKR<8SCC@cn%;{EF)F33L&_e!=-?rQ2LkxA<n9$x;w4_(n+M
zsPfP6t190<CR(3eQl0dUDG>jkdi3wsy$2WmxUhw)IJiqPwn#D%gTk&0^djF7;2T)X
zmh<bBJ*d#q^%QY@5qRlE_IQb6D&P`o+RReG1$$n>U7_N{-gZh|VR^a?T5);klr8Xk
zk^H%G4;an^Y|Q8#CkvNI(srJV>n5E%iHu37{OLHJ<{*H?aD!c9s&2-bsP+H-CJl&u
zgeNYP7}bT{luO>rNX5rg`l0lA-@NL%C1_d;KEpHY&WMrzh)R1{2x=-_9ZVNc^fORd
z24)4&J}l@bY->M+K#ynNc%KsfSr&ZRHvRznOVjde;3beCkz>6l7NMDp%gljFk)(d0
zmamP{-sPL&==EuCGJJrQR9bhSNJ#Z+KA&W?|M$auPk53(`8rEa7(<*B&Y~6BSwb}f
zUzoVy^G9lMRbov3XHZZa9c>OR(T>VZD&AyYi`I<6;KT#D>l&N{k4w)1=RZ9py^rwt
zg#&MHil%m6<Eorw-xCA5K3&`jn+7`BbE`w*;<h5$x$CG^1sDHm^2IO!ma5ibA<>fr
zctz&?6B63Nua7nrf%@pl44hbLfCYcS5SNmQh3k}*=<~UYib*2%qaBaYGo+Oqh$G0c
z`Lb3jsPlX*YO-)j(SQ+N8&5^jti@MBaL%uzT}5^;95Ico^-plfL|;7NmM?|h`3N`s
zM&~9p4OcPZ3q?dy5)Fdml0@IUfdtT>2pYGbp`cNY&ou_qiAcrP3~LHp>`jw+%iVvD
z;wXvbqkX`p{w%)W83ZM%IgDl0=AUGpmH1z?2v=ZRAiYK(z?Rc3<TdJlpUC3w^hsHu
z=!}m(%$kI%&Wz%0XFUEGiw01d0ZwbzFxaZhIleh)g+dzavvmWPk8MU9qZq%n0BsSk
z6CAhNRV?L2P#yT|H;7K8vf0!~CrK6%%9R&@<?8&`as@mt7a_M{8V&NQ8Jy`Aig+GB
zTE0lBR;A7~Ikievi;|_CozezmKV86JW}Cv!quWYBkV+;O!lrpFWv1l%f%%W`3Yq}s
z9kAY!MIO-u|J&=$)pog6pe!+HL50EV*m9}}yTQnVSGkatUw*rG3j<UW4@)7(!ybrz
zg>xS1>xTjr3qM`DkyL`mP5iGZg;*XLa^Iz)kkQVR>!wj_5w~-rnH&Kcpz)NeF&kf9
zPqvCxuQ7kVW-|_oPu34-FQ9rUg@yKRknr-nm7dvaoco5YP!0(aby#M4f?dc2eVYli
zSW7_~vI2Jw1)2?&vRzm`35oj>va)eRfU>~)K>CIo?*tF^VGx`A`k(5f0w`}(EL@p6
zFnX-u%73V5+}kP?dr)u{kK%{Q?h_9b#YJI=p!E5t-mD%xI7#W`z413oR;H$omBNXg
zyFu&K-f`}27sy4PXrr>$q@Pi_6+#71dFrb116ik(tZl=wv?-f6gID;=9tWD1MVeVZ
z@{c<uzKrIWLItT;5>HLX&)`fo@*pwP%Ab`j=E$m)EmVqr-CNU@Q_ki(sTF`)>Ma)B
z#f|7@XuLfxDjH|ery8!cr^<D(>0LT+C7Fc&YsT@}B^LCVl;4&~VvTh_*rW18!HTk+
zsqI_sjW)bbKQRD69F!Oi^4)AavMu-PwA5(=tq?ammRPVKTJkwjOw-049)G4(NUluM
zCccLHIs%x@Y%IduT^nzB6%QQMntWPvdp>i(01Db;01CPd*WHS4$#6oxY^8#c<54+*
zcZznAc}CKY_jD)<6n)mS2|@4}iGpSd{M1@aiPd|yiJDFdj?@YtTFV+~>-J*hHcBo6
zAwyHmi{A<rsw|kaQ#=D+L2n*3$XdOwe0J3<1ZC!~<;pKf?SK=mzO(`2S5)rjyO98!
zi9*m)6#?UW7!aw3k3Lz{UTr2aiFhED-*pAh+7IBt4|&nBTGR4bzazdIEN1LPA@J1x
z=^HaV8duOmn~K0|K091d%37*9^4xgvX9x4?P3Q4=QHKH47dL89^t^Ks5gCZerCNh=
zfEF}xZrFX2XRJ<dLz-ZgXz1!CHhs2IZ&aoJhHRpMcMBc3`u$`&hg`(JP5T(`DbR0f
z?E}%MM1BnCW9SURiZ>n2>#MJ@?gcd8zs|#r2V+Mrb#uIMn{_3oV3R4mzmwZ2{a&ZP
zo>_6h)|{hUqRtFZlnnY}sH39ndTKDJ(mkRacy92?;J>!-#cO-phT;^Z1_E=#+hf{n
z&ztkoJSX6!)~O2p01M#oMSyzu{0d-^Xs&eHZ~XWe-YY?sY7iu-RSG!{a>4F~JXS1i
z=shxUk4SvUR<AqFPFR3~LI@TV3mOjvh@}R3ue>;g@~dGkzvt^sqan8=Qa(+0Ep?nr
z@LYAqa#hx~*WLHqMP;{PJgwhoZX)i}tQT53ZW-<l!UYT#T0CLdEtbZFH)!|~d14{x
zx3wY|3=OLoKikmT<pdt+Mq|TY!aVj`bkZYjkmK0rZ)Th~iSr!y>D*%%zAtsGXld4N
zXje;G77QP=HZ+>kUR{k|7_Rpx+5v-cNr1vHGuLu${*`V%#-bKanTC3UwZx#-7?wm`
z)_k3m;<jBdvNS8TmMT$YFut2^_~1=jd6%O46vKwhW-BMYFVQ&Fu$VW*<J$D<Lfg8?
zYW8@YAEO5aF7OoMbieL>--*L)y+2zlhz`QFIFVn{TjhKso_+2vS)^>|G+8Rz_Hd~m
z-g(t8V&Pg)P{8bRxL6<G4QEH>v)uSL=O{70uS3N-8d={z@nQ{tI7<RYzxMaGoI@oO
ztBeAs_zR5GwnlSvr|z$J%GP|I6MjH7aG&#N<-IyrIUYoNV{i}zoDMPIsY0=lHoT^y
zNrDdAn`u(9YTW9w;EQ~Y_=?r>C)`ap;>)OX?|W*Eo#=c&mHf~0PDM!jZ9kvA233?d
z>d_YjFV|U2Vangm5^l8zGeiLbc$aDnw})TRR)IV+xR*zGetSH9sjW&J@~6rLa;hyk
zx;0Md#d))wdWubE|A=c5lRmg#XN&7_tPh)xI7@^5<?P<IXZKIc21nRJX?OcxNFqYn
zbHo=BK&{^sk(Z{hroI_=6v(|bn<Xa4@-!@P)^s%2zbJ2G<<Uk@U_5KZRgK^HaK5kP
z$|N%k^0F{n%&LmI9CZ$hW(V+Q@b8XpaHozf5JE{wVLOdGrO`B?!h}on$<k;*pind=
z?y<(U!}c)&hBoTw=K>AYN@^SzT9MTupE5lVP^4m47*E2}-Bee?FBUc~l`ACVs8y>|
zcBiU8I~6Ccabipv9br(c0@zX{ysIxLKloi9JjqTgBgtffFF)K}{dhI)hf+81lw55w
zH6lD!Z=3aE?Bk{m$w=kJ!Gg8$>>DcSo(PZ*;YxRSJoPmm5d$#+;z%$Stx=}e{gm;s
zpX~NDdP3RU!8tB6PMw2VMOj|Z9*pmR_i4wBRWloHQ2zvT(4-m70IX3MR;Ddo+QdC~
z;c|EVa&=rqo9*m+VVi*2atpg^t^$l;s+JWp)w0xuXRsATVRRE(w-7xTw;S8q^6>e*
z_;g~J4fjY+8d>K|Hh3jGzM0$g$miAK`WY|{a_&9qd$trEE`Tk4O<^Zqy%TS8Cb4Rc
zQ`Sf^ax#6DEMT>(+UlhMfeB1|R8<X7DY#2yHwwGIv{$?pHfzmGxAoWbx>_?TKe^`j
zTn^(Zf(G9pSA3zP`rK%WXX-xgX?GKtldaa#n0pJ%w&cq>QFM>nWsU>Y2}J7;znR&&
zb?EoAFZc723f|if+u^c^m5_%Lk?`DydEK@dB#7Og4qYrM%9`dJpu4XYkO<k$sV&%U
zXxT0K;Urz$F&L*NmTX+yqGo0Lse?W}!lexQH-{4o<*Xo16l2R{iCT?`H@4F;=^-B&
zF|#wd!Q&Y#rV7O_wu!u3coOr?JW8k11X8EAaw(c~jgE$2!kE^f@p3p$xqSdagS@qo
ztlc*c2;zp@xAsEI5cd0cyi(jjpFgphcmv~mUR#m!fI9PKAc<MEZusnEUD>W|STWk=
z=}~C5*>JmV2JAOPtBX#9fIUqEUiDD2y)}101D}a^kEq0|8S$RS*8}f#li1#1NPjE+
zW9F3;QCX=pY%~x?&K5`@A+Bsft6Ut>D{zYr5@Vu5fzX8$c_q*RET@#acNc^Eb4^f?
zik2n!s$!mOtbA5`Fy=Cd8i{;+OoB*9t=6JoHYeKn1>m9$(SodSWw|(zxTo#giCKmh
z-Y3kvjEYqy@UKF$a|oln`B5243*4tW6tbmXPPN<`s|g%5zi{=RSxQN`1^nJ{FNtkS
zVk}Qcf<UlPwIUN2Nn+&SExfB~zsbU)%}_Oi-~PzY?1PrOi8b+ShVME4MF{k&?d3}i
z#_6%Z9`ARVSNhLBhR;8~C~>a8RRlEsXtxf8uC3V-o3#})U_hwzxZ*r%g8>p;qO3OV
zVfW{nHa`(sJU$^qZWFE*@aK@a*G&407y8Vf@vbG;M7rgr(c{$Q)1l4TCj(kqk^mJ`
zui@-_{oY1rvf=);1FaKPL4DEJAPBmsdGe*nvT%WXRqhMIt4t48?<~5zHI1q3i~izP
z6T0EpC(7Gtp6r@lyHW1@Ei-Jg;AyooFyGJY=ZIG%E;9t(Kkrp-Wd1lrAi_#YoERxz
zS*mBCFqVs<ak5<Yd6c+guc;+N+?h=FdGfe#Q85E!++?UL1)@)(rMq}AVRMdkp880Y
zJ)T;<O~&c?$D2s9QJfjsgeuuXn6Hg!R?tY12&gKQb8x%KaiuGCZIsA6awE4iszDn<
z@o@KUR<Bkfq5I*q>A`DjzB#}(U~~8`MN^C{5*`dxWzkS2n<n7cYTTTaot?=%RIKJt
zgQ1fQ+AZX!WxgeLYqUK8rq;ke2y(tZvlEnWQjs~*(qZcBwOw1HVR$`8L;;%H`bA5A
zT~7sTn&H|IF9SEffOEmQ6e_u6!Ka9r?0N`G<Es02`;~YH`Iq9N<4=U<)!P$yT+|#O
zpoLzpPRB9Q){U3FX1>?0spUBw?5s3exQ{sUB?w6j?lM6D=YIycDmgb?a}IEgF6GyT
zzr$hYfVvHSMGtKx0$ASxgN0(PywpjYIeKFti9MRK?-!!#aN|LXyJ17)NnhdTZ1LBM
zm~<fq#y{F<dA6!7FnZMC60uw;it5c{gCKB1d*^rAznShy*NQP+5Kv+*?qs>I3>pAL
z3H)*ag;{|~zIuzWjjS1>l=%tLg=<%$ai3v)jt1k`n(}r()FR|zHPM*0IQFQ@<f0EZ
zD2_ZfAt){Ai$=K0Jr*|WKAtwuKdkmrb=>>&-CwRKl(;!2hr*{du`IOdw+M6Tkd?hW
zRN~FZ8soom@VV(^*^Z3_2x5cA6b=g+9n4M>W@=5R+EdlH)~2o#2zD|%>I&65UiK6!
zrJAP2F0$atxq4g8`|j{cSF79N=JhW#R2hXm5_jJk@#R%0hfB3H$EnPIG!TD$G`ZHR
zK$^oom{gkh9!2DKRO%#o6IAv;O|Geo4GQR;y-Q_`GSXtes@H}<L`16c>m{NobAPNp
zqh{Vr_Nz3QKd5y2Db2N4$TNQQ&F(+601St?WU^f{PA_7;@2|wnCQIoL`ln20IT;d8
zeTuJK^>%3!gYEi5Nl7-=B*=Z@tH2e%VI`BLf<C?@wL)UlDy0x|Dk^A5fmyHl0>6NP
zD(jT2pAH4_{&X$KOP-PS5P~tdNO>rk4aC=`z2|!On=qdJA%tSwW}08o@|hc{fR$m~
zxs`i8Zq9)~l`P1M07m0GEoZg(tqKU7CG@8Y2+%}KjulgC6=vhHAxS3`+UJ!qYSSvR
zTch$~9$i>eEn?Ze3>T&YRmL<r?ven<tf`=qd-nnQf*A7Hfpmx4b2snKX43Z4deZv8
zJVg_4a@yNfx!SFgTLbtc@m6z<y%pVr=I3SF59xq-0?tT<z8Ke4c66xg;^0`$c)IuX
zf+pMeb>~rc-4OD4l7gh?uY=hJAwcuFSh7Q+<u(-$#;oJH*nGjPUiLBV!%2uw2nL0u
zSsITaEM*D+&$Mz@^_7P<rvKoVl*du6_$hn<(AD7M+EbollbDU=lK_WZ9t9#TQrdNe
zY*9`Fy1@v~sQ<+506{=H%4V>BbLNJ^@Ijts5g`~9fv6SmKAT+NGcd;f<Yxsr5;Yxf
ztP%8Z+@Y^a;O3@cW1%(JF0+cpV>Kb(nJA5AyY@DxM}4MzG3Q>EK2DEHHB$Nd;3-?j
zE1X7~lEa~|Xo(9?S6BKw)`J)PITl<xyao=DhkwsK#r^^}IG1R>Sn&c^v^+~Tm3ySv
z)t(?mD$;r^Ry{{Dw*LT7c^@|z-yUa{o3peS2PGl_aXx1KUERkH|1Q5(8Z5$r>phOC
zEV{3Lg`gryGOYnEA@2*FC5xK%z=cu>dz<3XFPOqjHVjd5l!jt$HOVmBAkz1E0d{vB
zUHXl&(*0|H!eQlYvq8?R>!@R8o|F65(2q<ddMzcVJ%RVFC9@<CR^lA4P0QW_&|I#i
zIZwnUO4uEcK(M7}$BIExe&K#&v2EOHl`a(xvM?9e9<w2I6U9>|>n?hEJ4*K^jNmvK
zg>te)V<TjJ<`tw{GM2_r^YUjXpl4sW^>BNCbAUUYIqA^i>)7Gy)j1xuz`iGxQM#mT
z$uo+uGLkP(Hj1s&j2O&Xj=nTQ76;E!fT#LhoaK!y-<cBGIb8{42u&+vZ_nA%`loLd
zYzf8|L4Tb@mG4eaJqfUvk%j#RlGs>8?&MU6p07Brs~O`$zdvlzxHL&lt(O!k3tUvz
z&coag_03nf1yZ-#Q`1?r$}Jfu2h9mc8{)v*Z+2%7Z$-Ua7CsDW)ueHGPP5h^rrbjU
zc!r6TVs^1JEf=g@S5H0vwJ8x=WV2tFHeG0GUVMk6P;u?%xerTVA}h|}<;^-2nCC&;
ztTF?R+^$?46!=<eso5dEukowu0#wc(&Izl1Bhw_NUbmRj%(;U;z(S7yoYB#ihpK7N
z{KjxbhAKgPkK?nA-+6$SgVr8Lo8_ovO%EDvTLzt$sQm(BobdtmjHsnHQLrLlEQZ)1
zJ#?(r8y4@oaZ%^HkX%BaHH32}uj?bRR_68^rq-U<9=dozPZT2Fv&l9IYxQYcgw>X6
z$u_bUyk85#idxe+?+dV>kgTwzU9F0|fcCq3L-TdzdSFHy5@m60*|Jy5m5zf?ulCbJ
zuVIyQ*$+E6$d%W5XkTM6=k{4(oQjKxIG%bTIDnkNM{hLmmu8_e>t28wwv?2NN|6)&
zC{erK(#5>zWC%h^rsb2Br&b5+-Fh!-LFNT{D|-~DTE@XGs1F~m+$WDelzxE>Ex4KX
zzbz<5t(kV-)VbC*H5=Ys@OwydwlL;77;C7)&pWsS4hmwvvxErgNaN|=HJ%+0izUA4
z>TJ5t%?uN8DXrn%B4=TE_3G`6mv;ByS7gZlL)KRZRlSDYDqRxN(x4z+(kUsebf<K8
zgLH#{bP3YkvDv_;g^eJ&>F(~1`{SJNd~@gC8Hay#bOwCaexCKLfJ@{0>zK|tvP%sZ
z^^!mM^4#xLA#xaXAxNVV^RN@dZ4qS`y^9pLsQ<&%jGl>HO>dia`&$KFe<WkU&A?4x
zpz6w^e#@Ru;xvLir}02QX2xkF8k$9{;-}7&u|r)&EvY&`SyK0d>5FnB<C#IB(xms3
z;oBKAhS&@U<Ci|6mApn!yK_qnDx~Y`M-FG~oX1WIGKofAM@#PFQRcC&&m7(IbxtB?
z)ARcOe6w)J24>&AH1lk=3fXr%-XnUop3u$WfX)Qi%_M`&q;ZI^<<mkE6D}YikR0&#
zxdYpLEkmrbVAPeR+qhlyjbmpQJWVsFmdzeV(2sfZ5%s$MXrAqxkju8p>9k2)2B9md
zW`k8ynraW^`>Se?4LmzN-wQ4?jv4Ls+LPl5)TgV-kRd!@OGhMgV(jdX-!?IFPlNA<
z2n|S0k)WBD)vuc3wz9n|n<o)j!1{kv6s!yON2QSm2CNonHHpgLAJRN;sx+$F-<J4a
zzl$P7WbAVFe?WTmC+cdfKu$N#nGRrw-Qm&*JS;~^o^C%iG6^&23l%zIl}tCAhswT-
zgg|$a9YmiV%~nVGO45j_aFNg`C<LeF^8q&^PpxW2@PcR0pMz${wXfRWstLa5(UWut
z`Bru;R%e|rxVLwHGAAcd+Ybo9O$8lQRT9Bze4Isho;zqlM+#?~#;{HXIG?yyL{<Uf
z;G|HZ@U}vCd*-|1RtpS|F6C{4ER1%!Uh@r?pCiO<kjI4dpI0qFw7`BzhwD~xiI=9i
zGtzzE!!H(r*0RrJ8;fo|3b~w$c5`luyr3+dh6&~|Cfka)1qHHB?W-J&20}9N=lCZ9
zCnoQX1HV14%CWFhGn*4Tq@XoT;|dS)(g&eNMNPb;3f3F`hF|Keh7m6FS{}?BbVlyI
z_lIZ0t6@4Uz{LF9F_xWTmKb%_j!nDm#XSqElV6>S^0q=nluq~$=*_My{vmjw%NT#)
z6$$^u!RKjT2Ycs@Bn??p{8%I;d8A(kq}Lb`m%3RtCq8ZKV{*QdA4LNPU;$Xd#g%J`
z9GZ0XIP9M1+rQ${c}4ah7XoYj8RFdbn#|yKB?^)SAF079)_A{&%X_%-R^PbGTh9{l
z4=|3|+vY6X%Pj9jPctg{WoN=XAryMn_UqN3BYLa{0-8cjr;id|`T}>aDR%FykoEo|
zd}-laPP@C%Fc^R_jA3F}6tz{gNYOP}Ba?F^j&2kBp4@Et_2;$N$Fr$s^gC7^kXr_Y
zSj@=@&e_+yqPi(gA2mGG9*`HLe>#B8aA*5JdbUUs)<7bwIYn(E9)BC-YaxbO9O;;Q
z4lfzBQurRi47?R8$Cu2StK5;8s7ddpbQsF7p)GSZ-WAA$&U+?5F;PZ^t>yFB{HH^^
zUZ6Qo(;quUX&)W)^KsdhtdAp_&Yh(sRGl^ay~2OG63k#BfMW#{E_uQhq<FucHRO0m
zKdeTLY#`d|*u6Ze5c1B>SP=rA3lj(=b~oEB-J0oIXmASTXvtSjEh#j)ljVC~=ORC>
z8o29GoIOT^`=ZG!@(Kkw+qbq;F97$y4_uA+?IPorrT-u1Wi5y9S34%?cKzK4(8ybX
zy>E_5K=KAF{MH7;>8(o0`c{^|AJVX*8PQWaV4c^^k@;od^JPiA-JQU^kyV3nS3}=3
z3CblqiU@OFM<u(P$wmL3*_j-1m8eK2kSY$KnI3><#VKd*wc%e|4RgiD6eaad2a}V&
z>REhHSm2^|+0IXHRV@d@qmL9R#fvj24n;0A9FGO!8qMRHkl4=FJNABC@`$#dT`n+)
zt<UY7tR_M?;ct$kA=YrdMCE-nufh=dUl_xAhOrCS(u89SwG$8tXqE~e8ETvsh?rl@
z;xp&_UNXVt>&=IL&Ewjid9H|Q09xTQs!zPEYTDl!wD0(n(0N<CiDz&yp7d7oJhbcW
zk5`HT8c&b#L$c=HLkGBwWKwZ{qa%UIb<qH^{=oln>Ej=QFtloq(;nQQ7$`dlYl4dh
z4w<k|bB!p0{d27i76)UC$kREl-pi|~3bWrMfP-+bWy`=&Jzbd3<MZ!k!B4<tROn?D
zTvd12rR-ziPS6Fi+Y_A}ok)UyvoOhC&P6^RL-wI8+XjS%{&VvWzU22nztS)%b-aM;
zdhmekR=$}Tf_@td_^-TMxAI>aED;+fTFh~C8-VLyx5p<I;&l2N8ii*&6O`l8rP<z@
z|GQ2a0X8hyJ{F<Dh>%uX_N7CGO4IP0!|ni;c>Z_H!p^QqRJu&Vp+)3>SEB$=snZ3_
z<8MOhSmN`DR4@Gep}XJ6;nYb@ASjHFR6U(;%njGUAZiGy_44v<!S3rbdDobTZ+obF
zitpjecG*jUC!?#^@peRi47^8vLgiTrSJ|7)i&SOR`b;~t^!Dih?eLA)20+gKddx|C
z!B{|ezH54`m`d4s5%2<sz~4a+8*U+0tUN5j=Dg`Ul6uDFUPCWeLn0-xn^jrDH&1c%
z9<k4(H`@a=c?k>%*H=c1B0xbWVEVq5?K?$#7J>9#<HOGPmrOtN4t`Z`KB_>!BD=b>
z?^;2FrZ@2MS^333=vMExHeha&{~CE6UQ>-muoYJ=#Z2paKPo+3PBYu*yxbW^o&fZL
z5H(ejsEM{Xj?+5pl{cRf>g_M%6?yV$cq<(1A{c}RP)aP+(P@ns<@%H+2T(1R=9aBd
zt@=1DLohD-MV(Su^yGzdCd?@bcqpgA@QC`O)vg4a8~2$zLAKJ)58w%^S!-ei-@q(f
zTA$~8mGksLOBAY)AZ#JKRe#RC8nnLt@b3t?MjT_#?3YLt%A6+_UwSJaWJqvu0GwO6
z#8{!^BcLz}Pl>@4R{!(tzvf2q)FB0t+Iw|J!@#M6V~QV#e)f*QGO)pu^lbJpo?A7%
zu&t-{K}sd%^Va$^;N7YK)Q9yPl2y2$y<-DMo%WrGx63|iGVlJ;t+t-Sb#bGb`LWZ|
z>?xeT|AF860wuPz2v*|oHH9mL8cz_*!6sUpvWpsnghM6nvo8kg$Qzv^!yFs&&fgO4
zBAF0$zJ-~R*bnbDK4oWvq}1&ea6g=N&?)^;6Y;}7_h^Q<pka+AU%Mg+Z43;l<u&u~
z4#gr#|G0er6ZDEtu40HfzXQ2E3Gd*j3q-Iep7lTlJoU{CdmM20>=p8luq%`Nx+AP=
z1fQpe2cO9%>fG)ymHP6aO(Eo?v2E+l!2|_ls4~%(X!CJbRK7`3?5&;NXn5lZ=E;c2
z&Vk+Jpc*LEB$)Ndg1ff#u~88V!{;+#r?6@VIl8qU3GnHdJ&xon)LM?4Ik#nv<m2$$
zodFp|)6^SNb9UpsXep`I!ROmp0bG^wz7!!TQSDdr2ThcH$vd>igR$0I7vvXSkHX)+
z*x)g!YR<ZDzb&|En~42lT<cIYtTmL%Ejia0@ZJfkt6BtM9PJZ2DYwj1cUtH}XtZCV
zUF(bGq&otzFL<SIva$4I;3+@(%BA0y)WRhy8xrJ1ghy=tKj~B_Dx~!I`JhZ4P0T5~
zSuA-dfpLQ85kv8m&9_lj37Q`-p=pEFub|lg0{7dhF@J@OrccgMx=s4<O$)@Al8oTN
z?;nE&@|fw0P{GHmZWogpcNRX6H|D45mDkRZRr?>C`FeUdky_{!GmCLU{AB^3*~La{
zN6mbo2ewmZ+e$LCPE1B5@SRzt<w<-TPEsD`$b@4pANscUDRojB0-63nui_H&*UiM~
z>4%E;O?i%C2uwxk75j<d2BI-%1|}<{qm=%BeSN_yxwU1f^h4^guh;rG1NGid*3$m;
zfj8iFYQwyPqMR{}k)iAd5e-HoT4Mx%?IvNh;ntri5yTO{p^>fMm+O>-rv{b`Xx@i>
z0mj=rDnn!?YMC|C?N5uxMR?2_(x-$BMhTUf{Hm8WdbGWa6Ditchdg(fhcj=(5_n`z
zWd96ZNnm@dq&;l^{AlKYJEE=GECvuyW>UYu_G&obKl4ZmiyC^aNf0hLBt+!WD9O}w
z_fQLH-=NxkHiUYeMw-?l(-Xq+g^=t%IO_GiqEO)$2@z#u=UXyb@#@|BDo`9#E(<06
zziT-}kmkk?*#n!9v|5=UXbeT2)VzJ00%el&UKH|TlFWUP%5|@_fS&9}yUc>k?2A3>
zRMpTVxO?sn40MA*q?fpVstrHu=!H;8@MD`&Z!L?&%kvVj{#eqqn{%d=RMzv(-Fd;m
zcpOMVckbxm-^oFuYry&i>W0$Xu}q6scsD9cu3i(L^@8+#+Qe*`6wXao#o87Rc4O97
z=)e_t+<A9IQl_*S_2{^0f=w%`Y8vvn7z%U?n9_=}EytcZj8J+gAoGY-&xV}^{oQ@l
zz|bf)M+QgBW#ou;h&(#QX8FQe2SvY`G7G=h`1M-$3&Jv9as^(6UOtWDPsl4t8u};B
z11O9-M529$`^QGz2<irH+18Xgng^*sje>!i_xb)#9SfU06uq9sIH$q^Xro$-yBnJY
zXW<U%&v*eL&ZgAUDDDs7DF8q%%idH9bL%hD(Kb?I27h~<sAutO%9bI!)#8^03?*Ph
zPrlyUb}8WE_p2q`9nXXNKgc>L<0m%NmGOIJcf}<3pn>oYlrMsa#z6rfQN)(&?~&i!
z$K01Z`{iBM1ja5nkAC0WOU&vY>NIi3aey1W^J6{)TeE7-_;pXdo8a@b?XYPjE}>Pv
zYp{iHkhtr)d(pFx0x$$g8FuY6(G)9p77h0%$YE`ZO^t$EN35rfcQr94OQjp_Ko<m&
zfdcPA{dn{R7C4bvxB2gRj00ueg($fPdCLVmSkU^rK{bRMFIwK^jt0l0v)8Bd{^sje
zdyo@v54s${EO`)yn!XR-87~?br;)lY=V-8oEt=<gFM?Z~Qndfnt^ikRRZ6Zg7=@QC
z;b*NTUk9wG?~xt5+jMZZ;_4m<P=3~q`^ck*6=Jfu5U%$K^9JzbL>9A*ixkxs7_MT~
zT~sz}eiS9iZvKyazF-2ls?MOC@97{mG~1)bIlH6|GWFBjoo4B)L!syw_0m_)-$S;(
zPhQxU9x0Cq-(?>8QmieW#ewCBhOtCeVMq0uj)971%Wzjemd(TgW9WwLg^y9T49H`%
zFk`Hr*s6?cY}7>mv@K3-J`7O?MUyn>s$(tA-l!eOEavqTUvjjqHq8TzqU(nzCc%dH
zgwoT_nn?2=m{c{HJzclUJCIG~$Fc;d4sW$EOH<hy#q;9410|dNex~?&3ieHA`ohIN
znQrI})&5I{JHZFQmOSKQq)1H^O`||`;P#OQR8Q>)mSebjk8m(R&HaSzg<l|v(<u5M
zPNW>y4ezc($yl)2TkPS>vveJA@K?da(%W(mKu<ac3fSyVddXC6cD0Oejz^9CL~;C0
zEGm0>aG)t3$+1(MS`#<;bP#&$bW?B>IWUr3`dh*Q4J?I0K^2qnf&H%Lw9KI6E_!=#
z|F4L9394h!WWrw6k%@YE4ADtFyLg-j5gt*Ax`_h|ceIz$5Bsh;E%MlIYOO5(ogi$$
z%Rk9+SUbS+u!CnC^4e4K4eL0*G1A-b{iq)J9tZj&8p@YtuCe?@#DN0pf4;lc^~*FQ
z!#<^@9}KlCJo&Kn4#MJJC#7c`X)zot6N)-eeT6SqoR|nu#W*%O#x)wtml1Aq7?x4M
z=vg5qXM#-jQ&^=7vMt}l1*jm%fAw+h@x?(RTk*r_RCv3=G<VP}vwiJcfY!%fW{8o<
z<GvVQx$3?dfJ&Cy6lN`efMIBCTEZz<a5!(s1qHcz>*w69An5D2@IqZNkHL3`t$kb>
zLb1-@s^Jqq6TLVBnvA60+r~B7FX?+3WGu$}>h_8_q(#4IA|RWL!SmarEUioSwc$re
zrlS3ZP4(HraBaPD<P$9^jnGz7T~RS&)p<nFr*Yo38MU9y{@GumoE7C>g(KsjAi!5|
za^Kt?#c1vU<Sq|x@TZ{mY3i&O7#Nr2ZfImU{ho1rbGZsjVil7Mj`<6`k_!6cT2y$4
z%<{XMj=9WO)K&ee--DHkk~mm(zneFA>gw3N&2gajOxErVw0OO$624;tfqPlcC@4UA
zDShl!sn~c_Vm(FS&kN#MOh#UT0QYi^L`Ib&`FNm>ZjL;`>tc5RUb@`Nw@^LEW{DWb
zX0chLJnDUwO<Q(ORUVE_aI2sG9`->)z1k}c3KG_1+!15J#1kFVD630Po3)jz4R%3y
zweQ5&^MB;;8gI4=NB&)k9hUAP-(LE4bT4B@<up-vh8icF*C~md>0ySCjBeemhx5+4
zi}D}|^ZpI5KZ&lN3IfkJ+1ZkBc-USI^M}r1!t`rvA41FIik(kp{bt-amH%f-j6i&?
z`F;gs8>`!kwH%SpU+zC>8?3vlAsg~ypP&4=9a6t7U}Pk3wij?3`2RzhWV#6eU+=eU
z8h%IBXz)bM*%ucfpG(7bjbj-rc|l%44<T}yYq?^fh>L%R-)YCwO&ktzP57igfvC_Z
z@-;*n+aXu*Jl-%D8kw|zBes5#fCf2!{1yVj!uaIgY8E0Meg%{SLglOwM~JJx?fL0#
zM;!z9*a13BM^h$5eJwqIFx36fC*5<2;_s8+MdL}vS^b~sEA(GK&f>3pp~Uf-LxwLO
z8g=YX<f2%y%0%}u8jxbm#~{c^M4MQ`*WW#rx`fYlGS_yvgCZz=ZTeLIHnpstLig<q
z(mw40!{6ZZ@b_ov=1x?iB_1&2NswM4Ontfy7`=q9u~%;H<2u~44kC4K|9dg<%m$oh
z)YXuXWwoD4Gv~Q>Vrbxr+ZTZ<s`zM{X0eE9;N>?+tU5%?fu`80!)~F7{>*Gav(sC6
z1_k+~3D&O4@Wy43<Jd}778Tls-iZ!=s;LnpSrSJQZkysmZ0YNAtB?0w@)|Fxc%cqx
zm3?vk{acN@<_+~1y@WX#*OypBVj?FJpd_MwZy@1f;$cPJaSAcfS+Q<092wm}-6k|b
zC>&%1tk~$L!MOGz0(N@?N`NkQ2={k1#QH4HK3{RmWkq>*<)PMNEND0T1a&~;XR$hy
z8iD`SH&vmP!S8TYPOkiev6GzdxHf)H2pt&FD;I{^7(CXM=Uinwo@wU0aLqLM=}XY<
zW~O4KyihmHR%U-$jzlGqNKnSf{`U<L5c<h)Iais*E+qWZ-+!jXxrh~wX;^hUV0My0
zwkyAhlNTB*vFw@_X)w&YhOvgU?B+`HZFvYDt_p}5Qwc5AMC-u8{?!SJd{va`6sgr4
zcLd}PCILbmnYVDP8N$=%Y%Igq!!OA-m7LKka7I9u&KcNNKRa?Ck{IE1RgAw8toSX2
zEj`oz#B$<h<`4?&3#QK&*x1Y(J_>;P^i)Ax?%{GLS(U?E8EWS9F5~I(&v^=X-L(qs
zB7OTSDwC+uYt{tAabD&X#6p29@L7J5wy&50Cd;SgUF1&BxK6KyU7D$S8!r?TgU^IU
z*gt&p2{eIEy*c@UI@b`%(l4>?KbWy{u*F63R=ygJ^Ih?cBh1BqW#iGDg*;RTy1{T5
z4XaDJWfochLn#ki`cZ3zbN$vXm=@a(Nt?YMaeln1s>TfohULI%*PX<VGp|J#xH7f!
zGRtMA#y3o8y>+n}s~iHI;?!>B)~nyzDw9VbS*gr{@k@9!+p2X>_V=OR?^ku@Aia7+
zwC7Rnv_f$Bx0j1~qE>R*8J7Jk<?=vXQE@TFV#M0qz&NzMsJ&q7a=y#3LHp&3U^XG^
z?%4-b2q$6UYBP+@=oJ+`Z6^+ZG?$*MHfO(~iyEW<O;nATqr&1~2NaEe_tM!jlR1T=
z42uI;<Ex3`il?B5=b9c+2Lp5UvasL1$Np(U7C^@7=o{+P-^KGR%9Qt#_%yw=o2J^8
zGS~+)B-!Bnz5P8akWVqE`j5x@Z1fg{XF}(TC7Q6%ol6^bXz4Qj#a&Q?da|E(%4*Fv
zn>Mr2UiXgMX}+_aIeptAMTn=S0Xw~Z)w+Ct=HuB0^o#_$t42R9`kX1WKMcogW&7(d
z!7F}vpkfq!b2bL;gTnhsAGPllOR|~sYnBJ<Bm<YMPZVV4q7IQsw~NkkL+Y&P!{2WG
z&QIt<yYE27s~ahCu`hd+my;$h{5K|HL&jE`53M^=SKgbRdObFGS;@|noZvFw^HB*p
zj=C6O=0OOjC76Z76Ck+O-?d3OgoFY8$7EVx2~x3-z7Q6tpa~*->p8UB*F?7gOy>WE
zLdZ^$>)v@Fi{O9O%+7IZ5jNEhLGm@LVd0nkPt=yE(c=H3QkF*jD`~Qd4&KiDas=DQ
z_8_yRC2m@_`q~q|B1|Zzc!ICLUDdK#Od_2D3cRKCSJ7}?3Bg_w$a?F2(i;uG2)rtl
zIxl>AQh7xz-rCnttx$ZABsFxVwZ66k==fW-GxPc88mqiJ^9~S1_D}H_X+&M4+VC<&
zRvkAs9F6J+Zn9@i&sdI<6Rv8quJ2PDCwXF5L20_|fj*Cpth!v2M6>yLN3ByIr*hpv
z)<;Brwb)k8!ASv?OB=1XW&XY&t=zYda6N3bIJB%9I+V}|n3=7gJjC59FAQGoNp<qE
z@3_q$c1K>aPIRS=%cgKL>!SZbr*hIPS*;cgfGb~!{w$~Ez*_4w<COJ*&&n5RBfB!W
zd$yzj7vr>Z@P{i;n8|Q0Fo-V{8Ye%ipr)#HipmryqzL>xrw4xQ-JY{o2Cd`~268sL
zh*wjip(GutxZ|P3qkzE<>}djz(=W3j1C%5i@zNAr1XJ_0?#ru|-?WLvfKjmg9bI_g
zN^&o=W*KgP7<^MRpC<(^Nm&XjeM**d`VjM&d_p2+<2ku(;Xx9C_fvv<$CuHK#;;1$
ztn$m9RtSeVJd?ggZ#z@W`Y;Ygz&q(ZmJ!ye+WB>rSO-F(5^fxC*@99gY-!Xz1ekq1
z6_Blofcq5p2yXMH8@i^%H*<tr_bKM`Bhp{Xf#5dGP0%Fz-SQ@WrLGOc`DGq&b3<kU
zI#T%^7wMH(WwLFxn?2O72yVtYPTo-HY2I0?IMM{W%$S3yvhcZw4j}VE8wW`hu(PwW
z&#9~{l?G<J*nb-8Co%q+U7S-vB)xY-^_D88neB7Uh}K`|k6ZRyg~?}|bolsO4XA~y
zvL0|WAFgl1-;Ig(se_xGdeK~wxu%cUB-ZIHC<<zYub`!-!kWmvfea)7%dj7H+3sq6
z_PgKRK=MXja`uyW^JPNP0gtYpSXLtJa?d2Qe~x9E*7$inyFj0Ms_7_FluOfp299O>
z)`d7P!F+<~3Pu|r_fYfmE7BtckzzF^lrP45Sms*Ov6ou7sf#yRw!dX)Zf(O`->5P(
zUR||F6#lSa6iASj$cdnloT*<JvxH%I?#7_jx^%}D_bHLhr2aXZTyV&kvdwo&V(25Q
znX^w-S-v=-%SnI4mPm{fzWrqAws{8+Pw@ljzPv>R3um&O{Js;9)E<;K$bX&M4Cu3N
zA3sCDBBFx9h9Tn9hts)2!W_YXh|FTq8LmR2_aD?~O0GTL_garXKZ%3jHW3v4J;I<p
z2B}rJ^DU_Jp8>_>Rrx=J6KNH0hofQgsn_wIVOfPyE98FfeZTzT6mHBS7(WJQkT1*P
zj!5$aXsG{le>58w`L5D@gm}>g*1J>eL-VZ#k!NwgTk!G-Q!J7})%)HdzNBO>pF<ty
zQlq4fP!uJF0)A~fkBdQlfGjo68rR>Pet?T`iNEi<ex38K6Brc!^~SUytQH(u&NoM3
zkY0b^pRUnstH~#62~P&@@V{cd6jF(2|82qa$C4i1#3#xj0N0KN0&#s1IZE37n!sIv
z+xoz|#2uS)JxE@cqe;JBpN|N`vu{sxq&@?<gd{7_DzVYcsVN-P7{$&MVbhX2^d`t@
zYbfnNBSlH%L1Ho7K^cFhe=aaZC`6Q<@G{5y5pmPu{Z$ON&@<q0C{fnIRiV9Vl`SZ2
zi&cHACNeHrDfOelOx+<MMe$P2*0JSB#lk>-$nP@I6=mh-ulO>H&7vY@GM&a7=bEME
z8nC!I4b%Em)7SiuymYkY+w0@=e9k`7O2Ri^Ef)%7ZVp}KjA?ksrKoFbclPPZsV`d|
zz3#Zy=_HzuNVT})!bg)Is?j*CN+`SO-5fRn=aYjkGVFV*X2{P2=LZTgyyhrIKzQdE
zas|*b86YX@<I}Ep*b;(B9ySXd8drW4rT8zJ93F4B<gUntI5ZO+qcRe&$W&^p=jY3!
z6m5#{vTpYBe@6&S;9QSJToey0Am?9=+$awVw1Y^eB2rUC(%<SNU`Zq)QqS#idY*o*
zxzcHtw@LpD!@If)!V>yg>m|cH@o*GAH{oza^g8&p2O^0NM)L5~r0UxtitvI%;nmC8
z!l+R6+Bg?B9(gsNFo21FPgqvg2efj@8o3s2VQdq2tF6K{poAOl?MLI<%z0ME>*B7%
z<IIomD$j#{1*ky^K~C*QI8+QhejVF&3&iuMjTh0$6$)EJBGZj$_kq2Ra}<ZSriGZJ
zx^g;A4i_~ia3V%Aa0K7Q+1r0=uyUT@zdx?s+Ai=#o}!`iSL)ensAD~8zr^zUyVa=E
ze9}i!ptd*F=erjqJztc!(4|eK`+*-myQJD8Qq8uS6c4bX{(~a#M;0}54`s~Tz&2sl
ztc{rQ>tw)HGg-VD6kHkvyR;r*t!mP%R_M7TDYxZ4LgWcZX{#Le=xofovaLSd_gi-a
zG(0E->CK1&@%Lqs9PH}&dtM01#I_{p@<;c>-0S%`4{jH=y{6ZC8Zv%*qylEM%Jgox
zF@9pp7EV3(L)jDtNpk{IDdO~D8;@H{$*uzPgu20lgaot{8l6rHpo{yw8^7*zU$np;
zfCn+~eTdn?G730S5zjuCv+kJpKJpzqn|FRd&^PcutH2SR<INQwJp|>9|B<MHW1WDa
zg~5%Rg+Lg~_UxfS8ymSwEjq#NTiNYS+3jaxuRXHn>cSMU$r=#$znV*atv0;<2}+91
zm-px;D%9u4&h|CS_qm)gH=8@)Z#m$MC-Yx*JmBz-3pFO+zb7lgbHg3kY-Bj>%KNr3
z&}!QEBj@5xVH9~39zDYWziV>BJJ~@uU)BfHTh#^#AdpM}6btcvLNB>=MgGcl%s*m=
z?QTg5RGQr(c$jHf&kbjEML`(JFI=V~=KkH0fUl!C;VBU7pDaHB7%2fl6F&;g6<pQ*
zDoZQAN;zB4i(*lCge`Hr{e7oh?>T#o=VAH_Vtu^a?_1e&xj$o~D=>qOd%Z*3jusu1
zr1xAcZ{IKtP;l=7u1enUgKO4xB?A&P_2KDm=?REomj2VILmc4w2&jmx$i1{e1+xTx
ziUs4No9k7l@9)Gb3H%C~A7%(3WLUxToRR%9Zz^+~h_Lz(kibboKXuoISxSzF=oLF!
z4GL>rU-%}tT^l+C5K`}omZ+?U=si+7ITDWX(b2;9ege*-@%<DOHo62|36nHdH)ufx
z+`+QeYr(g{o_@_w;cpQX?W9!P0Bvc^^vfygEHQR-a`oj9kl;_;Du<Z*m5wKupQj&d
z4#`&12{D!{i8?V85S*MhNj!$$MxQDHD3Sd+%0kU0>B7F_fwrpsG}1c8t4t^4(&{7g
zXN%=Ge8@-TDkagnj&8_lytb8id<7}mu%J(4-qRh{8T&b0A6X7v60}d!8K695t^#i?
zE0uOHIvK7-HF9&u<~}&=1>Mas^XkQ{>gyK~9AI}Xn1tiX1*A0avim>!n6%;FAfs!#
zg2k8@DW{#IL(#`VNQNXySzjK$N$0U=xtLJa2X0h8Q8>$e1dL-wzC(L0QcemsS$D-7
zohoWJjn4gwJ9Ag$CZp)dZO8MWy&sD<B=a4ibBsDwTjqP@1Ln<pgi-twPRzD?|L!UE
zEVsujXJe`C0bzgKy_w;2S}$)sESD+~H~wZtTt7QJx@UKaKn}l|H8rdhVZUKZ4ngg(
z0`wh?ZnU4EvRmn=e(u>L{9UVy53UVwrjcuJq`j6v4W8>pM`ac{C5`u=gu5G3%56GU
zc3<!MfEx{<y#FsG!0xy;J>5hGdxh!*e_u~V{gOtXZS$S#0g(@%x!FnImOB=r&YO{-
zy?woKwaFD1k6d~1Zp4>EGSan8B{HcDPY>y3&6UjprFVy?`mMf8A%>@O9uv@YPAPR=
zC7%7pia>yJb62hGYk-#y#F#z03K${OE6hZw%`-jCkOE-dNB)MlLquf<?gk*!eaKk0
zk5hQf`T-uf7P@A&_QQ!Z1tRUqo!>IV?<_kiYv$eS)3Wb=1G~5W$14bD?O1zV4|hux
znq+5WCPHKau4wefZ+=>uTanwXw8|`Hn7@|L#<rf}@PD|_@LUexih;OPU%Oo`T%|6!
z7bjhaJZ0K9E>tGYwL|V#sg6&*;><Sh;YS#!uiy{??NaV9Z73t_z`y{9$*xkZeNKm@
zfMDI6tE!wn|5mN-ocfJq1#(e7DO$3r{ADXD__ZZqy&$fn*e)<2k8|XjqYE#128HN>
zm~Q$1B+YTJ!^0p@?IYPK#23DIi&?pGMD$kY?{Yjh`3~fgRRLdLg$Lm7kAbUNY^!2V
zREwWSv0G(qayjDd(b;psUM|eAKaH9KGTL@vRXO%cJWD>zCb9C72#jk$10W}3@AvJd
zB{Nfppn!)z85Bi_ZwWI9wS1%<rV!0e?3+86YKMRXFe)JY@q^>&XrCO1x&{p|qP`-d
z$)+LcBd?@Bo_p_0wz{_g*a*NaMr^8Kc7djsk^3a6)?~v)i-&GO(&#;54DH9y@ft3x
zEbAMYsV=xQTGrIzcZrb>OTJfnHtE<b6){_v5tEMH6Cs*Z4St-`$bob|*SR_$EPtuD
z4^K|EqL{cSn*b1JCXilxhebsB>dgl>IMe2WI%6DjazM#IN45^$-7Qn#`_&-d%n*EM
zP;|jcIy3-Rb$9NL-_-<Y+`=2)8Y@npAXhS3PgZ8_A?n{utm>`6-Q;TqsVi44@L|F&
z@(}u*HRjuDG9W9DeYo1L2<Rk3K@i8r#S~mM=B(z{<iZ-ImXL68wipiv6>8|aCb=BW
z^L2B*;t3D0HK9MQb=9l!Y0*~lr9Per^lRG5TL~QMdbNqf%r*$`z!zvv+ZBw8`!zwE
zw%RrJQkSNMw$aN1YB7$&T4vfP$I><-SQprG?E;<qkE8hS?Z@#q>&fZB{v8M^$_!B4
z|5n1&nHa{rO1yBWApZY{0-R~3>T;tUENYyh0wL16Rg9u-Xkq6TP|3wWm*t}TIUt3T
zr7>vXnFu{O@Wr=nmHua=Fy6z4ntx)$e17$rz^nK6^K3f^w54ubGPLdXWNk(T@4Loa
zw!c!(UWjwbs;thsu$U@Ob0m)Qby$j7y4HksYv~ss7}_$azG=+;?9xR6t+L0HMB7MI
zrpsog%iI!CBo=P)j^42sq$(-f9BdCNNxvHnF+Z%~JZuOokVGd0nkpB+Q+0(GNuv>@
zAZQ=I5%P-uFpl_o8|$Kd)5>{1jR+TQZOK#mP8?ss|2GIT*gQ;Xc1y4F2n)75?UGN`
zDj^nd0o}drI6q|sNPXP1cK?B1LPYg`9}0m(+Y;Y(-zBHMmr#tk06WGStd$|ok%TZ8
z@C&1%)X_eMYp7SuK9P7e2ZiVQm%8a5`bBZ_M){%wt|s5`J&Y4<56?DfPUpvAXSBvw
zQELZk&1yg(LucL{@ouu?k+A!ox8$Ur<sD{G+DW^uPSfCdiHNL~m3DPGXWNp(a)>;x
z={&A0Dh%s<?0@zLfE2-x^9rPg|1UJ)8xI`tuk?0#r3htsXq{M<9?@CevX%gb-%6oz
z(8Zf+{@{DkXAh3gvj>NY#(dSVeuGH|#QW7!T@yQwgtFSOSxj)RoTYsM_<K6}Wiz;o
zZU?UcN_f2irq8)lre4ADtXQ8Y{?hHEq~<OSm}I$vw5D<7mqQ4pFy2xcCJh3M3c^&U
zO|#M;U-vOo#q}m>4RG{Cl9Z+bg(hLD8oAJ|Wa2&`drShnFgL*_L?}mqr!AvEo7`J*
zw+s;(L4I1-+t$7=y^oLzlLXt7YAEwYj?~HgIgX<9*`Zy%HvG_u#6L(nr(K#g-%se;
zJCR%KZVhVatcGLFAEZ2u)SnNr$;3^xgJYGKHEz)0<9fn$rvieqQ;FY3zhz!UKwnTr
z8QlxVh6_Z{jB`MD*!vcdBo=~3>_{k~kFv5G!<+gx>;heL`eQ1GX=Jnp%#xe;3?Lua
z284ZjP)zt<uco2lGo-$)ZVp^RBLU!BEX!)Doc`(lp^3R~ayItpr=17;DCQ{Xygp?#
znSeUbjb+w&kV8P1`O^<{#AW~=g2b(8cgF-<$17Q?^p;oL8)02c@Fh|A7%tnJF)yQ^
zKM%ORQdQmA@1`7Yw9486?Ty_5S`x+d4>FmSK)X2Ic%kA2BgGZ_VbW@E6bX8HcZ1#x
zwjDOki7_CYQ^aU5o$B*bDKi;<fzzW0{MX6>!AWNXsi`4s@ktFL?(7?~Fj+77BtD73
zk;c*L0{w7f)kfkbX)j#eLxDs);uX4J_o<CEm~+f}IxjTzb7kaZh7tSARgqwv?l7oW
zmJ2$Dou{|y-o-uK9^S5Z^WIhi=BU1$PQSy2qjxL~b9t$rcm4t>;)tdF+IVNIp^Tmu
zpf13|qmA}DNAu@tpPu<oxT(`@<@jv;1f5MG@5>*~BLX8nWL1ZS2b{J&<4PHilOGz&
z+3fat0h%P4)nHLRbJcUZetBc#nZtPB<7psyCVx?80q`cXa_Wss4z8UgJ)j4E;<|&v
zC8mf8zo3R!Teb(Zz$fbx6646BbPJKWm#QB0*T^b{LmLL+5b|U#eXRX#{eaR0v4a0#
zGNH{W(T11j6eZal_WK@IRV&xVdO;CxxGGCl5rzTAr&HY-C6T-N`_L7hgHdUU6DV?J
z*z<NwV}pt3q31TU;Zz5rmVB-vsqxyA_wj#vxw+UUT!gX>2w)QBSXw3|d_OMe``_1e
z;Ip3l=X{155XEJc5aciV2|T!SsZi(oT|F<Q^4@}L=i`}^(Ov>&d;Tyz_d9~@=Zk3I
zlBYSu8KWF0GxKDDqq~v#uKiG3MDB1}#A`?nZiPNurfIK1tKK4)Wx8F9uwO5ryD#rt
z;3%4B?oz4E>tX|uEQjal*UK(Z9kU?>eH`6Z*(64}y23x_dUwb=l4m>r9%0lde-mo1
z^VjY1ftmr<O2rW-thbKOfH&zrj>&++Sa|f5Nass4fN6c7JLbukyuFsqOE-rV+<Z=c
zL5ocUK8JD&RBi%!9)~>XYyJTmu}l9654Ui_8`|mAr&^f?0949DWIYI{?zu&(CLF#=
z1A1`5*qG$^!H_WUtFlREMEO@5fX$GuxQiX-1-ZA)_ZR}zWmiDGUZzviUjWdLKx5!s
z4ab`-kM#(`r?>dhl)TKYEt94|n0g-v6777JD~1c5Ctw@=y;GE9blOAF%pN59>iYew
zE$Xq9a1sDT_yR?l5cF@*@Dil9qJQMyORhr>U)8!e-R?@i2>-Mk5-uFCfvhFsooQom
z!FVZ!|1Xq$ohpzcY`IR5lW%t@I39$uX4sm~mN3vdM&`&P^yfVA|Bak%<Q4?l)0JBl
z$({}7^K(sA3kSEBbRXC>=Z@O%hJIGm*`PF)n^qZvR+~zNw-_}_-zvDg&i^`)Ks)j$
zg9n<(@C{|tc#Qs7ED);J<9NGMbho=^wm|(lK;wfhgJl+lDhtu^y`COjyHk&=F|e^v
zN)Vq;sDxr6nTp(8o20RughuA6M2p^zL0OW3r<`$yh4<$A=Xz~SUO)GDGjl!K8`b5M
zlAi>^{{H5{`3G{BnXhh1Qa=ZKTge~$-T)D&ZSRr5Mt=}1nJN8x*frs18*MX0qa&=X
z#(ge#ia7MD=!5tFOyV=p?oxUQ`tYhrm7-gfH#Skt3x#^r;CbX$DwXJ@jG4-2w2#4d
zr!WpxsHj6WYRMTwA#`v(mlO(_7L9EVAG_2mbjnNvNEFB|5*^e6{b+AJMng$H<V>Yg
zRQA&CM%wnB?-cq+2)~{GtND>WJJCbmO9=L<GNSGfkaB(ox$bSwHRvzcccJCzIQ+Zf
zY^hfn-gW7TRJn#<YR}$=lqywkH7f{wk{r|g5LoTBA*+?gvZ`{S5BPJEaWIWfP!R$F
zy-VgV*rhFWSRv<GI(R7!A*xhn&qdwK-wtw7CyZKXbteq(H>$YB!8e<BXhkbg`uveA
zTl%QuDtjnP049h`vU_$^3uQT5U{nl9Nx7S<`11=>f3B^<|7}k0Ec%$a>D?=h6pwm?
z#)W8i8R~}T2}sKtphEuLdpeliXKD*L{O$#6rTTjr%3i#j`Us?YSYn!d>C@E948Y#=
zN|lehKRGQoB5`^hJ>nLD#9Xkz^}zYi9_Y94uCz#LIWQ-rffuE#G;#O3!^pnvrtto_
z`|Ft<7Apo%G5V@W9Mi-r;AbN0p;X<kQObB3!hk78QEZn53S1I3_y4V(+$AtPH_LL2
z8C;_d-tz&PhYRJImfQBnpwS_$>ray@27}=^-8DP7jC>*Do8Q)y*cd;zdFj1(-_64f
z27L80e)lWV%=WD{`v;%MN6pk>6i2@HB_5={IN+o1*MzA?BvA)m2F?{|{*h@QfH$G)
z0{jN1=TX1pmypyuZ*~2HJn4FC=v7pg-Sh2(oJp@PJ(ljaB^oU5(^ys)i`BbZU3M6F
z<~@RHhC<nIpUwOwDn*p&xW>%KXzmAwmNx60Bk47S&0h}v{Y7-}pHU3Z5&DIMT`T8`
zNzSxc7m@M;FQoie7#bl%`I&UV<nC4BFM+jceEH?1_W*cpIKZ*8KAa9kmm%K$srQ8w
ztgAe7cKK4>W}}awpH@=DobnvT`0uY88f<Id5l8@5>AQu(=OEe}Kyq%ZJnEr&5(r^L
zeX{5*Q<Y~?E|#wqTMjuL5qR?PZ2?OmYDr7#2V8W0yRKg8zDI!TWb&Y5W->73;8e|K
zv&2vtOWm)dN&uB>H^?5gHC3hg)a+C<Jhk85-bk3bJvBR;G<+#glArZ`4srTDg8(G9
z^ghU|t*e#W*v_;b6nikFb7bKrb|UEi9?=f#G$dtuGW<T022_e*n;V(Z!67+QsL6?8
z&x)xAzg+p8t5Wof1$W8+$@j+SbUhr}x6D=!-}cmrEVaGL)UWjfWY;l$GNvZStwk~L
zy9vPzzjcqL#_`~TI?uT|1@I!^f>4GZPKcI25??O_LWSjzsYT~Q40}iY%kbGX(NOT-
zq<(5SR?4l#FUZqADV_ST09OoCxwl`j(c-&s{(^;;hK6nW@kekcFG9W0J(jf__fP+m
zEVQ3C-<nYv!)gZMUY?91?Q``}uB;z*zy`4WQ;Js(+1K&q0tin96i2WU!-mg-AW%PP
zQj|xd5VS;IZjTi>a_oM{>)2P%dS}6k<lDSgMB%+Zt>URA<(1hm%XwypIccPCYcHLi
zc~pa!pa9h6eq^jmp}O{)TkEyW0pfl;Wau2a&ic;Ay^S9AP4qh8s0d22j<^l|2SS9D
z<QrEW(8Sgu->zPV!!67gQ&+++$ut%1uCxCcW4a#g0@<_CuZ0>OQ0^<cE8YYfa6?wl
zUHKhNaz;~KLL3Oi?1Qre+|wg$iXc#^FG=~IUl`AR3L4bh*(ik^wdVuO>Lef=IY?4`
zlFz>+DYc!}26lRfq31s=*h+E3V$i6&J5dp&F#hCt8MVCYoUi>DRJ|0cIn})xp#-Ri
z8>#3zuWbk`UCJi_cj9hVy4}gRH9gcngUR3jK4E>N2OXUtbKY(40Oui8&%qCbFQ>Bv
zoT#^3FW1aoRxX%}i~@!*jQS|il`pVLbEuw`XMbZ9AP+vjy8L-0aH?6c)&MXDG@8pH
z%e15%$fW*(s9-|{Tsw@1MJm8Y3#j)pB$vx8MVP)^0DS!t7n;w~6OgGAjbAA`oJ@>u
z)XBkAOSPOeRNL<^n22=Vu{7dD5B_EtK<?*^GruT(@(2Vyt86wum_S|7PUbIXt}n;;
z8pNOW(yhHRZ2n5`&2BJd6x^J9#d!(&cXZvnqY03Y^``Fr=kYqNli2D0d8|Z^{r3$A
zY64k1B}Kk*sO5BH9RHIaCaOsF4e@=`V)|i{*$|Q5PqybIDWPPzDovfETFBoV|IM_m
ze2ItztKZwGH&;vk`&1)2KtyN=0eCqZwamsQyials2#2{*KVR;>owfF!v(Xh%(vYKH
z0A-oXlNxV;USTWW=N@`e_K4Aq69Z0u?4#$suyS`dU%$<(z0-BSU+zHUR{0T_NSZ;2
z=<0;v^M~6#R#3VVxYBPXu>2lwuvL~0x-vL~B%d$*)OB{r_<V11dKmy55lj>4khZ1T
zQV$~u82LLUCM)e$CRCKTf`WLt0p>732f<vs>BF$^@JBd->cBN@O;HOR21D1|afW13
zPjz0LavO|5LovLOZH3*{uZLjIj{;7^f`-iK>UEi&+L+yM58&aEQhl=eD<F*DGdK;*
zeVT0P2<2ak6y|Z1`(%{_&Dw(>K{8J1+E3rgWH4eEi_3E1ySqWgjmg^n0UL3IlN$k?
z6P0>%%^qFCJnpu1Sw6KjOsn-a5vZFvez!7>4B|ib%71Yl%{S|nOVL>VZ4bj^$+o*;
zo^=-V+5S0{#w)9w=q{Bp!6mHzDW^g`?G3k0{zK|7Uz+))C7{cwGBrDaicFoxM2(xt
zaOM$j7I93pC&HVN&2UoSmK8f_;b-CtJEMBg`;cN(#+r`1Ljl}gYyJ!o_3iFmyj`o1
z5Z=&70)2?^M6F=}6Pw41vNRp7L+oU!8V{3^5H^ds67NY5WM8kNsGwkQf_?`bj%_(^
z53Wovnf<lV7`zXli#fx%0H~Jk2Ja@>#ifpp8n_ViUh!Qxvcrsdv0`vrwIp$THbps$
zhtZ+i16+lOlr}OQE-UQyPS7OXwDY_cZI2*84{{`Duo-!XF4-G?Av!26(B2Lzi!*$7
zXU%E3+082c*lIZAq3G!BZ?d4;=F~DG%r3K@Dvx(Re;BnKn9z?(yl^K{SI#<$^Uw(K
zroSgQNdRQ~@b$iP*ayBOrGIEfKFzkl8l&!m8VE`2sLE#Ti$OhgfMa2nG3zny{Q*yc
z-%#SN8$PwwdCZdU7Fh>w#6KL2GY4U^*2*y9!90>6aEsEUbU53YVvTGhU&%&ooVUo~
zvJp?#^%0Td7L-xkb&bMfR_jywNN)uQ-Z|Z6W@BAm{wR`<eamk^xTjx1od#K|Cgv=J
ze#F<$DoBQ$khmFDp>yEDLzM|jymx_66Vsld?K=n@GeMrq?!1g)0P0;iB5TG=rr^#B
zR~p|fR3HCuurR{OF+3)z8HbBWSgIq&J-Peg#OUGWUFP}2*RyPRo=^w#Z4AKmG%Axf
zm!Iwx2(cGfq_XRH;Qmuq$Ep4IK-D))lmZf3Uisv?OMTmg&YG}m^>NCp7Q%^WGRYu1
zoc3Q9KnAz%#Fj!1MrKx5X@<+kVP7lBwg6CZ(@Ve+eWpZQ8C9KCesD6JrF5o8b65G}
zQ5d8pe7`Jiq6O(|$Z7Mw;&$!y9<ua$zyYp1!v{0n>#we&fx5_2V();xb7W*;!%KlD
zk2dMH%#J!;yZ*3m4IVKkUG2Lez082wlqTo%nw1AEsO%DQ)oR$0w&M4T?{Uj*qxrvF
z*0KMMdfNnqs~MATHXBeQXaU5Uv+sCz7?Y{&=@FzitX=?tB?HA@(qJt;00T2H3#1IC
z;y)nMe6Y1vVi+3{vqB?;|A36SpHdWx8S@^PH>1S+>be3ofsjD-q1B+&{JvdE`E6FM
z+Maugax}wPu$Hqk?~m~ESkO!H?9|jAge@^wxq4r350&*#VNZ@^>}(x|ojIMQt4$Q9
zD}w5kx-wVMeqXOc5S);o6FAAtyX!u^g-g9=1t!_gMpEEiG%C#v2DPs_XsXq+u$@5;
zeN$TFb{UzQ0?n9E<qka_d{455OFS7p6&1|E)uTS>Wdl_0JW(X!Elz()9t<h@Xw1bJ
zPV75i!2h5t`Ud5SEfw=i!1%0qbG?=?sd`K~<G$^zNcW(3IJgUuRhLp3g7Au#W*JDk
zdO`iFY0)XFX3%7fMyULuvvk%!eTm`V%1D`76_A?do<{exv)X)#bJ#+bqe(M51p8H6
ztrK)jb~48RAOAk{yNPLAyb|HqFP4dYu5eOB?JoYv9L!Zb)=Z}qk635wq}7_9lhsyg
zOAVMW3eemr^wuF9Wu<=5%RMYTwj*KjXtNL6ASqoiZ#>A8Z@PS~nNn`m(YgEj=n~qP
z;n$1X@_@9M81HlCw8Ver3g}t{XzP#O%wBb$nT+O1_JMLZW9Hn<_EwVVE+x-^1prNo
z-R&+h0qxU(6m!9bCroa1Oqwu7N?B|$7oNj>-*Be+nl%TTFTrJH6{2j!NtUrtWwPX7
zrdHg$8_3W3a>@y~?qfJVxr-EKSgT`G8aMFYu4qmi!wk^hYA*fd3VQFps#pH;0f~RO
zRg939=R1&~70rtr9!ZJe47??Ofc6`@Bha-P9+z~;)twYT)X(B~W1AE{Y+m~#_Byk_
zT#J+D4XZ_Il+l}ss;a2)F;#5trIE3eL`iT{77Wvbj9V0<)?mfu+s9JhO8pqUPOk9d
zEbcm=XjB>^*FhS=UKz?xbniCj*Z`!sfY89$BAgv*pN_a3?nfB;3ZK(OfxLMaIL|N3
zuJ%iJ`Ms#|%!XH951YeT6;og-FNH%nLe2mUdp%PGoM8;Tl9%Wx^z>mqAw9<Ml`jQ$
zcK6+E=icOwXu3`k%KYAgtNKJlr3j>>Z5*~9eK~V@C!eqZO(9O9i!U@6{3ni27Kr1k
zT2GBdc%32onE#<=J6ip8GT|$|UO}O%?Y#0S{(HQ}v5e%Q6k{C%*{e0H!Ll61<O6S$
zxgrdmmr}<PFBnJdzl^Hqza(%m9F6M~2mlX*0b)-MimUTx4_nh^6@zHmUxJyV%Xh8T
zRL=BwqIhOl3z_J*k-Zm`j*scEIhNzvhrUBvle-IZz#?@T7cbCW^Qw1~pWu^hl6NJq
zw0=gN0>gwIgR6E96(Sk|X2#7f-+2DSt;qWAWsE6g+x_c!<^JAySAn2<8kXm&j26fx
z!eD_4<O#^<qN^Qt#tO!^Ks`FHOS$6GJMK>peixV*8>Ng@zbTK=@I_kVT2R5Yt%_QD
zeu^E^b?JmqbVbS^5JnFM@_z$dpCb#!D1ij#azC3_Ef0+XLwAXUW-DXmTCIH^(>kqY
zuFb_paXgk|n*WAPTH4j@O$k^H&L1={giSiYF59Qf^QI5uF6fx(z+9KiT5bHbiGa83
z9^b?G7`OD3U?=M;5DsEGUH!W}|K{B~;qy-=JOL2@et`pGbbeDIFr?5k@aX;Rowy9C
zG9P$^dsk2m5~0^D4o7Q4yUps&^&O~npQGig_6}QLYSOdoD31EUqA%Zm=UO>*>ux%K
zm*SVS0{pE3!E_FT^hGGNQP_rDFDnJNhSN;S+dH!ab=@Iq<Xu;Zw8Vsxo9Iu?ub0ne
z@zLG;B3{hd+jQ1G+@1}g10^_APuAIK_6@Q0@4An`gI^u*te1Xgi<#zY&O|CVYdQ{4
zRI_b}p1RGnIacg1wac8ovrpJMY}byZSCQ@WyZPnAwMQYMv6fb%^1*VXV;QbalhE=n
z#qDv>m1)AIw_#h8EwFg?0^V^TS4bh*K}H0alSjXfG_zBFhau{NrA-`g+0iM0_-vo|
z%^&~EPjv_eu<9@2AzVN3i4bT7E3GigQA!!y^=<>Wvz5WvT@Rr5%;vK@v&iH1ukz2h
z!|_OH;I70se5b@FZ)W@EYfM_tk3>YLD$tK=e;2L*;Q%jCJ%HfP6b&bNX}Ac5pAswg
zV{HqlwZ;o(HwOj>t?xFXn!D7X1S#l>_RLGesmxGr$SW7+9!uhQAUeSwdwa4h#YJF?
zbZMZgV9UtYoJsY%cq3*5nhXWJ*3?e@8_@SycE_Gs$gE!6IUIBL`z$Z!szjiGwWN!<
z?$wQfd)3k)-XB(;Z2!>v2A2k(vpIv?L7W!rYhaOqW~F4&*!u`;ZB|YHutirsY&#O(
znK{#?2z<6TinvTyi6C5=xi5H1OH{t_C3d8tMK}d&SFk<f`qtHrX`dhZBGUiv_yIuR
zF@({K<qdoQ?VvmGT``ED5)UmlIODIihOub1`?UD{WNZh#wD`hQCeOQtC<e;sWqkPX
zp+JP!$q*wMA*KXY|MkRoyh-)-svjfq8dx(}4c5D=gL@&*ndCho5MuLeda~K36syUy
zyNwQ$e#|sJ=R*10Ljgsz+j!KAkdeL5E*?ymKyIwbz>fpi*#6(#AYGS}-o8BG&bnag
zzBQ=Sm^-aIm0#bTkdRJ$b0*#NnU9N04Xsq}HmD@e@|QO(Lg7!`rjuTdFlhM}qvUXm
zBAwj?1il*<=<9-w;>`~-z-j0@7U+6Ts%@rCJY?Ewso8WTb$fqUVUdX~|C~~(SKxhh
z_?&gVQ?#lMbnX0uzQEVtRsk9SWt{)?EueC_=C?;@;7w(}aT_iH7&{Pv0+lAe#tN~)
z{eiBmwNq0$F*B18L@i(V;Bq{y=e__@^5+C<&+Q+crT_c=W`Fw`EP-00T@X0{q!-4R
zt;k~3nX3c8?f4dQNg~}m#IJ;HNHU0<!k3p=o=?uT3oEl<tyDcCw1$mwic2gL(L+&=
z$^ZNx#@+%bt}crj4FrNE!68V{;L^c^2TyPbZowUbyF-vhg1fuBYj6$j?$Wr^*t>i)
z^Ur+m&0lY-x+tov``+8<>~qfEd#$}T^CW%Xzol}|;Jgn;uX*lI$j8$K$oX3(;uxP<
zBiTPuCUpgH{K^3}?y1tGL%N7&8?U6W7`j-0NlSnDIcwla-~IDRNuQr|)6O~Z|2*mc
z?>|IH`T?zZ8Vxo!kdnHuoj>=Ks&PPC)LFeDu>g|i!UNuo^2c^kEYwgG-wobPeis=P
zWw7z{lC<dmdhaKrW1iJ4>SeyiY~?Rjzx@1UF$7<jAP2G*D18e?q{WeiD-I0A63AAU
zg}HoCe_=9CZ-*`iBO>ea22Bv-iy*A`1?=$<p>0FcBE?Lk#w`P}P1D2<cU4^-cbhvA
z+6$Qf@kNd_ncLdi+Z%BE<-<Tjte!q3bVMl!EXv{Nh>RM}+WJ#%C?PUZQe=qA(I5#6
zXL1`Zzt}zS<@4p$sYu!aELzflVok3X|J%#U1nxj_MFD8ZsTXRFCdJ6en2TPzwg@!$
zjdojei>VRU@otg!qJ<%adA{B^7MNRJjp3<ur~mQC03V~H`d$VlY5{sjSq=p&``N3W
ziZ}EXJ7OzZwtz=eY3R#mkiKv2FeIYFl6-#&w|QOu#tvTde;zHgd{Nk|!s9WC)$WEn
z1h~kwG*7m--nYT6E^JAaRi(R%=~y_k5V%nk3=D5zNItV+{95UpQh^VC^}o&sS~<+~
z9oAq$2#+AXjH!~s9wydmB4=k;<(OinjdL5@y|XRWmIV@j_$w}$i&y@BBrjk|WTk+g
z@`DXKTvy-)+~@!8W$x$IvhTW{#FnLgkfsF-;+u{&?;k`P)U;XtYZ_kk!=(LnZT07C
zTTF$!{O{K;_I<wgg~M1rSBRzM5f%o%C@|NBziVo><>dwU;y`k8av8rZes#dQro4Fd
zQs~w51b=*<Zu4zjIl}+Vn1BKH3Pmqhb`SrJ)BLS>X=y3N&F!JTv(uOG{rmpkzXjMD
z=dY}m8bvs)ma~0)U;*=%^7sFV(xktUUEZ!m<+bT0^L*cY2G}##`r3W5mgk@QzrCgf
z+O;lu7k%PhKH;W~?#J4{j&W9}`D;#wBrtQHC*N!B*}T>`BVPWu8EH>N5*B7phpt6z
z9vtY8yc=}{9tDL`R!vQ`fTrJ$>DC9n4nyj%b@u#>FJK^K&xW0)!KyYhs<f>3mnF+`
zzVGsRwzEsjXFJozH2trZT#gM3)K}*G8vUrg_ZA8RSpEjwI7mB_B~NC~2{gw0j~hJy
z&BuE-K5zIk$V~U^su?6%mONZjnCIIs!I7Md55Hpiuj4b11VsG)goK3EVq{p)zm`6v
z9ngX^z9w#>FIF^u`|tTwp@MOpx^DNuh0~gL?#Y}2F2^qP0w_Mh6Ssr=FXLny0<>vj
z`-zVYjA*<!@V}u~AlbhSe3c!>6~~Da?e4Eh;QjLo5#_*oa?A*LV2Ka1{5<0rN&f85
zlkxv~sgS@NbJ<f<Q}@BD|D^nDv5LSZBqT(;Zisdx`u*n@cBM$zC{(lk+X0ubh3XB)
z^N0galLkD^wox#~e_0jnu}Dr%PLbhdpoWHq$gHd^21jgnU@prAVV`X=GgEh<!66hG
z`K+WI!I=5qPp5(dgV?;@<u%&^4{}w!QJvlkoCa<+OAezVU)?KLcFTtV2M-pnVrDUI
zwLvLFC!{z2IEwY}>HFL4dz(^`%sibCHqOgs!T$3z`Ao29P%S-dwJ##WfVKq1&kkT2
z_zwxO0yf$nhP2u<ABNEOs_Csx6fFCv$<=Hj#s50rz?(JFpG%+CIPFSM;qm{qWDLnk
z%8m``M#YiW|JuHm|7fz#L*U9Ior4X5L7V*uv#7FgvZ^LKLt-xf`qd|u(QILbe^2J$
zx2?hyFO8>8+g($!P~?ApCcOu-58@iCXiSRz+h^tyqDy^X53AD0Bg_JP;2{2mW$~fY
ziCH-Wjh*JZuh1K5u5a-Fm-Q?Qf!l-<rwYwLWz%8)`4hjh17l-Z3tN&+f(SULm5~K%
z%R>%_^9oM^#2JBoeP^FTTkd^$<{J%A0NYj~e-!|HF;?^i$8;<^S?wGVViMK{^4nU@
zwlTW@%Z$Jr!fnESOcgTQ@s<7ON6JN?ZyIXBku!|uB(Q2Qa9?oRjD*CnH_Xus(L5gE
zfBFIh=abyL&sI0d0}S8{kF9GldIx29zOOIuACC(>xX)ggC#R<w$;pK6FJO|$R`<3<
zh>nP&W9++gq5gmV(~`ZsIFb6`zw-pJQz=IOYiw#HK5MO*)nT(~ySh~w+JPTz17(cu
zi?)l(9`LtNxquD2h9CB4&G+%_{>kjG^cHiK2@VId87#IM8ic%;lM|bpn_b0DB^iKN
z<(?!s5D>Y?P#Z1R>Fk@BP*4%L1B5B*C<PG_<Ac2JiP#masb9fWV|bN+^@b;`mPUp9
z%PzdRkDI|RiwjYU8k!~p(O=mY73_wIkWTJune?=CySjwutBg1vZhMcf0%6?$c9eRH
zBlTVK^8}P)VUqoGA+{F+R??)%Hvc-*A0DJ~!raMP*g)2Lf9ARQXIVD&)2Rh5BV%dx
zI-q(v3Uq4$4vGk+;+rr)n@GjPMK~7I>FzLS5)jTr|8caaiqGv}?)>5EbNdk74?PRR
zbZTij7+|7R+65pNpGkmC{td?N?4ITRQWJ-WF!f?%UT*Gawj<^IcbPE?SITyHt+Lju
zMvUJTSz>!lTZ6l2IT8aO5B@$SEttPh+MV879J9bYApGSflv6w#g@pTf9!O(#tNrP>
zkFut_)0}<c+DI6QBL|1t+2KrdT%0-`eJrCU<NkY&qc<)4Ruj2z0LEi{P&46$xaZ-#
zA{PK+mS{92S5{SB4(Ne{00q)dyjQb&nPv#6MA?qz?+n46=1lG#p*7vF{iQhI0FyfL
z@s*OX_2tGTBorJ@qS_sDyx2t_==(B*7mkRQj|9ti^mdYZRO(wyw5Fiyt%0J_LXk2t
z{wHHJPA;zC>h5leiv=rg6AIV8mq|V^{&+6LBW395T-=|NQ*$+DR0;u2msrmquJeJ`
z^msqt|80?!8^PMZyc@|lbjC?P{>Or>6$R|lqC{Kq5`ht4=XX&dXJ&|}_2j$Y;IQ0_
z!MNS?Zm_Ayra^u?m;-3wbak=ni~1`mDWDRhc(}Q}{9UPoa<-&zaA`>su{k+8+2roZ
zB04r!37fgg*J}*!V7(_1ENL~DL#3a!<KMs{IGas^{B}E4by{;-2=zKIfCvzuqrw5H
zeYv}OC}Gi3@7fSbO$Q3p6--QM0CgmU`ACx2aIeWm0Yb|1E<XJk{j#gSL&|U&t0$FV
z17vS)1X20Wz`&pyh_j%3y~MM}bCcrdbLt;}QNceAd(SPm;_;C0@$h4;qV4H1X{icS
zT_T;y@z1U39~<iT4=@cc%yCCDLiPR3|Fub3z-?YG&Cgqyx{{vwv`ZXwZf<Q!k!w3e
z2nu$ZN^Kg10Pnr6^yA~>6P(2&AP@s$y$pX8ezp(X<G@mTC(w>>S^V(Qw||6RcCKmj
zJm{Oed_$6oNa_n4+iNTw;b1Uw!pEyuIojem<B=E!s)gK(^XX}xXwFlolvY;6Hg-0d
zZiY-upldG8rbMackV1ANBO}w%awduG&z#CtyW*6^$3F~#4cPGQC+bhDWj>!3VZ%iv
zS1-eXmZx=8(wU;6_!Y-}^7x$Vs_Cy_qLAJJMLZX0nSip;ueP?d{J6IKa$U}12NMFg
z<fr+37039xIu5Bs9)BMnET29_I_2@{lBAL*1!LZSpPImOiud-?cv1UvXVh?)G5BAn
zU=s;&965}s#z+gU!h6RJ*yX#_)rx3MF`TT!xw*OTr34+1PMOWIIt=X=X5?q@&K&b?
z?^CBT(841MAUNJSovf11SDR#s7X~+Zcz8_am?@j~X_)y<p<pV30Qbpox~g`fLa&!r
zALy5hbb0&~h`3T~LASNNJ-+1Vm^(YGa&~cn6^kq=BqVZQpg?5;a4E3|R$(+o*=;sa
zI{Xb>T)5oNhiAxAOm6`iIqu>7WfG$DL)Nt6HvR_?D7>EgmoLH-=4Dat)S~iWk(ejj
zImC4cvNv5qAR;27@Xk!nM3u(CP`}bYj6tozG}i3E$u!n?V*p9zEVL#o3)7z?&~OFi
z(KO|g?HM&Tj&U7Hhltu(s9yhIQJ5N$^N({wyc8LpVLx>a{a-hmw`5raa+<{5nbm3^
zxT*EduNM=dxF9im5HVqN+_)uOoK9(Ce#!1`5$1tXep2B0=KnN%X(F3(t^tRJRg4DP
z_r(%E7pQw(M}q}@g-@&b+K%Qu<K^v}Z?)o)+0fsQYYeS6S%<179o9`YT0g4q_r*__
z0(wbfyG%eLp=mu+H<8tZ%)rnvUWwYq_dne=ubAfzGWMQuegHk|_MhuOb^}-kEj@Il
zTgXXlU_DB{*|r-$C5Jt3@yB$)Z~Z=WUnCWwEQQ$oDXPJC2Z<FJ`!N(b;O`#LYaq*b
zyF-4#VY3fC@#7kUh1_JVg}RHks%VrC{gm*tgSO&v7s_|@z18%i{oZ)YGb6KOx>!{R
zfQ53o><79(KxWFa5Qv<9)l;N>qin>#?f6o2fA$>^nYaLuTW}`;Dn<c9C^T1!g8*^i
zcn<(|(AUmn0I_DjkCN(15)u;e=@u;Rr`<cu4fA<S4~lf3M|^=JFe=s4!%wMnQFFxm
zC4w;^x%^E<WsEG6W~0F9{FkIZaDFNwRR(IJqJo0WX9G1fmxNu#<7Ef7t~?B2%YKzZ
zu?W?)H`j2gnOPVoq}X?wA(J_yP;|-ry${05M$&|&9$|x_;HK<f2V9r|h6V<KZui_A
zpXfCLMQ<0Sc<d$fC_s*=GNyzJ8dwPtsiJ!(G?h+GPk!ZJnc&-hAIbRB!o2plN7@I{
zeP0l~m1F9ErN2T1mTw}v`z!x|05AkHbZs;`R~5uID!5PpyVGV7vURdHBERE$gr1_>
zX8Hc%Vgj{xjOhaQZ+?Er2f$0EzvQfrSQ2Famse!=d;nUZk(~IzgR-{WEP|Tp6<06!
zsM6#oEv%K1Y+HIn6rFExC({L9ZW|7(e_Srt;eA+ndPu`R21@@Y0HtcdqoX6TdtmC;
z-<ZkBfRGJw*np@|<c8SuUZBcoM1ETl`@6L_#>fa{_|G3*6GG$R#N&eAmTP(Q2^F1g
zqqEJg7XXun=6o<kwaSnMtcT3h2c)cbkK3Mb<O;XUkegW-l1HHZC7})VjR0%vGRETZ
z;aXGjGn<$a1s~h_{(^Rm;Kiri@f?8BvA<6%kBfy<&YsHx7T3ah_l}xA_B2o^;O$sf
zkd-p^*z9SsEE?<u+4lmD=~IS<;M*Yvotzwvbf0@3(@9pXivngKGlx@>Fa>ASm}(ot
zn9QBklP;~P9UN>z*5O1b)5$?a*<&6%s&-(c-Jd=Q{;I3}c=~+>sq$#h1eb>8Au>e%
zF2oXx&QE_4ezRaBU=mK>6zTBf1#sf0`}$t>uQb{dH14D_lGza0?rrzc?=M-4nVAmJ
z8#dP0mz&vAKDd78$J9KY)M`H*Jvl)%?etralN&ooR0&6p&uIhq<L)gsR9yg2rLxJ_
zeAOx^!?CKQAE2E>%>d1^FDiXQe_F*oA5XcPEZ<M6Jxz3`k!llbH`;6=GpN^Q3*sNS
zG|Hs4lDY9i5I_<$hWYIqr=&8nUw#Bu)*Bm!R!c8&t>5iXW7eBl(i9X_Z{H~<{${s6
z*xLWRq#OTfcEz9U0jo`5yew`!=t2;>B}o($YvwWqz5C1p2rz93Dx(Y<5C4W>5pRo^
zKwM?3WKjnUbiOKs_ww`_>}t{_8Pa$@vbE9o&U8i`<sVB+`7Y+`q$lOyUBr-arN{|C
z<zQE=L^J0=cRGh5vc~U?1_nSm#9`a=gD#fEgs7$%2ck1)2~z_Hy3n;*`vHb=x%R{L
z#43-KiBT|_o8}znm*_+V@g!-Dyv8GG*3zPm@x}EPW#bvuLmbx5j{PxLmSx<w^BYd?
z$6=01g2D~N9Z$}8t~^gA?)QUYWo~8eciemaxMD$GQB*SH$#cPRP6G<xQUA7p4#3Z6
z-{j8d6&wC8!#|J3_yDiw)}%aE2n{?VKIsXwOYQW}zCjFlt;2=7y#A;>#IQW+6b!-Q
zkk|eMuUqT6-Jz~n7#JP&S6EecQM<ciS>oHop3Ppmy1KJIR(OZArzi|6<)86pvcypF
z`P@F;LZL`;p+Kh&og-9il%_&h`qZ_PHK8HhY24`O=<Ff>Uk&-rfQU*r6X>oJmH%7M
z>3c>J^=e}#ARd;ZRX2anY2(MNRpTb*J>vtPhF15ZyAIe~NAGXXW0cB|bgY8I-``cD
zC0nn}%~t49GcZW0mR39{;-v3{6@E6mK3Zb6-M$-0e$Qo>9;byrTn`N{2Sg@D3l+Ce
zhI2#mDlrb;3Af8z6(`l1iY=PX_@4)LFk}|?iO01MCLjr{C$5k}J^4;QY%SMod5f5z
zD@lG_7vGDMr{1Vszn8`Kc+Y=driA`Q|J&=^8~Ac&+jwxV0``C+13Bj&y){H<b^z(~
zZ1#7Uw_CP?_Tk{PS8ws@eSnZi0BEg(eN^&o;^YDFN5|Gh(o9}~pZolbgR^>MH7PB}
zYpvx@^U~-?T|CY&nje>2?x;oj<_B)vXBfAoZ;O!Ss&<Abjw~7I=#qL`PEGxtjvP)o
z4W}Zl)Y+|ar;3!7zL39sjqN0v%B+Yuum4!cCzHk}Rb}`mpEg0@bdjQ}RUQ3~H+E!E
zJjoUO#vvz;3tl!o4m_O+TB6QKXw#Q9)Dnr9&Q2AWr0?=AWnr3$7=)js5kIx@G8N#l
zd@PmZN>MGwr@xXK9zj7W+7Pz7ex31IW(Rre+)LBQYIMg_bBgvXahfU~AE8l!9n<L{
zC0Wc}&z&~fx}-eXu;Nj>UP+BK41p(7Hh{=%jY>GQ5NRO3&>YeanFLA883Jb%5Mzx?
zWc3CfEOy`CJMV+=^J9w|!_V82f3l@MZIy6Xj?DLJtC!t6t~cKj2SdKPKn)U4rkyPM
z(O&&6karOJ%=kim-`2PZ577<_juo-1mpV0zNN*&i9Nizm75Oy{-n_OY964~D*aIg?
zDUs=&*rE^a%4%kXrRD<hq3N!U6u6mQZk5e^Hj34FltjQ0P^kvgtOqB7wuRSAlK^h2
z!w{@q6UhkEfYKd7E*4z9Scu?=o8NHizdV*D1`as)e0spe1WVz5{RXe1k$ibJs28&}
zz+Aso{`7E6r&ANmKkErp2^&P;0DWJn-w@r`&#u&;8c|-UWrrv;XalDi5U-2{q6fpT
zlZ(A&sf)slcHaDRZVq#s5kQ0y0CarHDQi=r7fu@2R;}erd${AzJb;i=1}5G7=|Y}U
ztFx3+nDwcSio(pv*3f5U)|Sm>a^Q)9|K9r@Hr7S&Jq}U724OBU9cys6lRKOi(U6F4
z)&e6&1ANJPW+pOEc1+0u-QJM=3_LoqJSf>mXdk_<*?xW36Z`DMEB)6;<Pu!c;&npq
zYHfzlmn`QK9~iwgmKGCg(g^I1E|6-R2+;&)v*Y1c(;v)bHCJ~sA(fR$cF@VMI-xA|
z^wDJG1k@~ys%H!jwdcxPOe;Y_Cc>b$GyJOgJ&KM7^?ER_f?r@GaIS7{WTEB#h?wam
zc2AF0-cCEY63)RMBH*y0;k<=i(zVp+jJF^1df{o1DuTkF<@q?5$Ft2{LvynJupK+N
z*`q1i#9Wl>w&BAvd^p*UIh47FoA{gZJxJ@G;_lIQs_3<4$;Ej$%B6UbRc7PS+Y6JY
zA2!yyhIzBGon0zaEXW06N#xzHnoz($c<!-KTpe9S;Ul84j89qJ2KyK?I^&T0g52xs
zkbt<T*vaXvhAgq1DaF$CT?aFpXL%i_)Zu$U4<cmincvlJTv4jRM5SSNMt)TA&U8Id
z;AWiTmVu<q+OOWYsPr^V-NNQMb|FYppTcX4AC@hp$sQ8u{8<gmx*vPt0JTFt9dYZK
zxdSpKPg3V9=z^F_L{U^$W$OT(7VpvFR~a6rZ`n(ygP;SBTX}=l0f!%taT846Rt=DL
zJe?t-3sqOAGgFXTVmC<-kJjj<Br(0-knxz;Ykv<Wae>@Zc@AGdEm+_)mB44;7uV@0
zM~MDkbOvy#X3rTz5w!64EFON9o$`z`$lKX2{n1}b>7Tv}dGz)wc#b(IZHgKA=>b$Q
z?yD`J&z%Wm#*iw|5c<0XQE(YCaB2!+xjpXHyEJiZW`cpVRq~IbY=)6I?MGsNe}5#1
zMwVFHhsb>7at|F86=L^`jN0Ok%6D~Ny6f;*mi2Jzu4pHQ)1F|g&B$|daxUi0%9yX^
zcA~8dw~COPmtD+Yt$)u;)voeb%r{kgwl($%<Ba+>RIjT8A=K99W}v$Qln#0HJlvez
zv8ea%en#8VWSG--n_m3O7c}eSqG}IAAT}z2^L9Zmk0me@g4d!7e~*FF&PpoG0k9UR
zp}zoF_~WPOj(ssxY^(lzolA1+kDo$RU(#nP6q`>mkWl;W`_sWuHx`2na_f5Cfdo+2
z+qd&ZZQHO<gxff`LkSZDUB0hSb*5`vz<P|$iChMi%wfl`@tC8J4(Am7fc{3IN~Jf_
zcq0r2Ap{($f^#*=+DScaoMD>hEHS5UJAj)1sQdK_sH48-4?J;^_Dq_q#|Qg^S-CE&
zrAmL*R1MOrt+aV8r+)Unk$(lzD;znjHhzuu8o5l@MiwZ|_23SH5-g=I2db^{JkMB^
z1vj8?+||QnUqA!i=E6<dM7*rTQgBS+X9zW>!|;l|KQhogv}V7ab97S+(DchfD<7Uq
zkbcT31P1^IfF{pdlM*y^4@Z(D559;ZLNZ4qgv3d@czkG65Q4=>nRLcI#wCJfA#B-8
z8t03#V^wj-=;kLDsJ~ph#o%|VibpfGQ~U`|FD`c3KypvM2%(ktviA;~p@A3nIQRO#
zw3tpyj!!QSG+ZP<Xg1iuTP!q+7#3Y%0^Sc1Fg;tG*se9!k7l*MNA=8zJvARvSWS>c
zSc(R_MY<0RVt4E*gg*T({-1?^PL(hK`6FG~(XUNZqZR)Ap$Ej|pWIp>=?^(I9(jg|
z)>wn{C6?xY2A3W$dM03ilrG-tDQghE&(|5D7Jr}%4Yrv~^Pk5?u&b2^&I~ORGJ+7l
z=ahd|p1l;f$w`P|%m>$M2C%J84RZKXP14aXl9Ku;oksCfrM}fhBSh$>w?+W}77Lev
zN`u1&Ow`EE*ikr0KLmIMG4)dntp&*C)5W)`4Q5bLKeI<5jOT6vx*w9MOo^)q3&Xhs
z-V%TW2~x?VW^*jdW=GsA4k}|i0aZh3x_Wy4#*iSYpM9Gy?up~tEwuG1UuxxI;%e_Z
z1Nb{}V2H8hG)Q{=ZERQ!c?`7N@TJ?;EQ>?2ou)2N$#IpH8)H)_G^$K6ot#~q6(pk!
zVYSBRChRt#Y;3>Yz73nq#;Y3L+85=Vsie7e%VbVf&oskd5m(8kqoqevYG34SpwUJc
z&|@Sk+tJ7=np2M6JG4gtB8NU8a$xyv@2#EWPeny#l*r=PTK+RKE>1>Iv@Kt0)UR$O
z1Bkw=Y_DHo+O|-Z9u^`sI=03Ad`m#-Q*XAK(sm>pYB+OERlsdKJXH73#Lm>Z=A7e~
zrAB1B?;Mtk>6w{=HBPR$PL~IBVAT^F1-(oN$!!Pxy3&{7h8pmXJVb3=odmPN0u9<x
zw9mX_Jpo5;hq^!3jwGQQZr*B_g|G}3u=#J_ESi|_e2*}~!~AaX4gLG+XNB{&F*Yw%
z<nv7WZC&dFXf-lU$Gl(D1c4^@<;Vkr@1vAlnkQh{%AQ|x205@|K?YRE;Pc!J3oO`5
zna81Q-mm))Y0lb+BDW24TGn_i_3SaKFj1V?X`S!*-8EPXk(-r@Riqc{EEGXsdeQ$p
z*?hbL2wy$NPiJEaE3QW4`lhoVU%`Ux=|92#2P#~y0AxUC)l!8P_C97TI0&~VsJf@|
zQhLL>V~w1beuNphkqMKfsd{ZyI^5mu4-{?*Nr#0EDRhX4w>rsT4R<coS@kN(6fS=|
zS4;s^KcppxSbqg2H1lc-lQ!H^RJ*uh#F!+Wa<n3!>6?iHkym>8sBG<@O>yPQ(vKkY
zyE&IKc;x<f;j>~%^56CNX`7Y4h_!NCM)%Q?ktNro{cQ6}iHQ+ux;`)<`f)~^^NvU>
z4M^BXlKv)*PD_(9O0bU35(`&MM2M&ndxjIr;A<3EG*|^!4JL<*-dN*W<>w$b1Hb^H
zBN%{wv7HQ!j4<oAE6nHQYd#(EF@5+T%urnU(sHlJ^C>_CLlc(X;<gRCZ-)H#Ee>v3
zUaE`y2j}esqrC_*BJ?|nSo#dW8!j-IQfxIp7r7GJ?ZzEk!Y?$KwkA2>4=hD1o?k(Z
zh=J>K0azF&lhl{+PE+RBED|)J=JdcFC8AgcI>!=|A*aIFQ1?zmmBG*&CRosO8WV`M
zU-bVONT1yNFiv@5qtAh7ja1_AS{oUu+xX+?HTEW*hcOoym)t`i_1Pr~+EzAYTHZmi
z4TN7{2&zn7^_bJRq_1@4lwc##7A=SuH?f(a=>a5`-#Ppk<$F+sC*ps&AurKxs}<}x
zwUW}01!3dR_J%nJHMG#y*<AGJf#W6gWw=HxZ*pZk>jam74h0Wz4<#b6Jl=1hLidZF
z6eK2^9JTRToyrj<^h$MRN>zoP9<IyO5(nNMXs#;a5l94@5p9cOx>7H<t5@=a+0(vx
z{vv@_>mFj;ouE^ot^e^F@al<qzG>STKne(<+i5l^$~>c!_h8~85PgVs-7gl$Xl?Be
zO`kzj(CoI%$2VeSV}-u^s2<tvMd_QAyj8R!h6*0Fg*&1fO>`dTrjVznH^nkqrP5uR
zpQM)~GXRbVmze8lzO=x)tTu{P4|4O5M}7eyIf7A)%b@n<>EKTNt*=(vwB_$X{9f&u
z_Rp(1;MX1hiJu-sJjb%JKrH)7bhpYKeRqM$@747;?Fp3z-URmJuN)|W_4O+FXE!8;
z%4Mn4RukI{)eeU)6(cheMy>psWiEhZya1hY$uwOFO_170(utH|?2%S|PEX?D>`tT7
z0ih^9*X0FY=*6K_D_<~fpn(qHom4~b*s9HDh?(=R_!YY}E17^cgKlp7m6vO{`ErsW
z^nz|@mr#3%=lA7OS{IM?jy3_`SF$@z+)NwPe@t)xB!A78;aAVDB}$Kdfl%`dT9}o<
z)O=%t(?WB?<GD1ISnMV+Er10fo%U0uWp58-QuFX=s4PXU-AA>d^SMJ=4MuUb-Do^C
zevn2Lx(XY>hNe_jGP^`I*smus!o-T=SU)S6$&M^oW^Iq8$#6S9ilgATbu8~%Qb!Lw
zi}v_~BTLT=k|riV6ICO8MI~G*I?QEE4^yi7v52ZNYHIkQ?=lwNBh@W;mpGjs0+l<u
z{71Bm+XT$1YKcB1yh#6C0gqX-YTN5d)$)wV6SODm`OoRY{P^51_mcCHauRKodz<SM
zjOhlaca8-vXS)KmH=a?%!POPR>PTj88k6=k6sjta_0uDwR4gJqspciO2}3+d;n{v-
zz*~Cx=IuOHb74E=ZmP)Sd^;2y<1OK*c-?r2K&yM@DtV3B&U&{tGm3m^hY!%0Uc?&(
z*Hqj(o*jkB+gpIud7x?Yu;i1r^ZU6uWf~TiC}!sIJ?g4Ymm~alPUX{YU_m7+rmVkO
zoW3}+pP<Dy-}9yf@`7b8?UzytMB)QJO;i4ege`&i8?f3)6*8wS77Q*DdOWK5eOmN@
za=F*YEDdB8+_vFkNfR-Kb@<FA3<Xn;q{M60Yx?P0TJj|bNn9173}v^|C8@q}HPIAd
zvaXU<PP8kt^iC>%l2zjyhSp?ue^o@$1#pFqTdNhIK?$MfEpNsxl6M>>I^ln&vS(TT
z<)t_mk2(TPsJ7OGZR0N)tx)}IXy-N-eK1_2R8I%!Mn4`hV(y;y&*%}k9-!~fZxOLY
zgcY_AuB@bK>8_^@)V_K{);&K6sEV0P?X$&DuyOtg<&7ekqzhium;$hY?wo2<bqwqZ
zTw1BQM!P-9&Yygw(9Rj7sCY-;WHU}I%n4bQ+I2H&ZO;dWhs(MnqmkT6D_Jdub;bm3
z?Fd}rl{jr8skKW8=J9bin5JXl)iEfI*zL~p78wdOm+5M~KkxeWd$Prq!`f+0u+oW<
z7<<YK_T@{F*}1A6<3|KyrV)JXw3Gqn6V>zQEd91w=@O8G@@XGT$5TmKXIz$*z;!C<
zFkfn9JB8l>eg(2^9FHX+d?H@=*>-0r=aV6Rr1}dy9;aWX)3n$2NafWAA>rY92`olP
zW_+FxHF2sCH7VPjKbSrd&v}+=lVhd6+@gEV;^ASHB$Rl9dYEutB~onznB0rHN*lHf
zeS(IBVPMUgiqeIPh2o1mK$ob(sH9v1RK;&)@bWD33Qs3v5p<w`1qXU?S`^(Po5b(v
zH3AHnB3{+~$r<*E`_R3_2~e%j9p|VyjvU5@HA!FBCp$ziPk{QV&(2DP-VpQ#Z2*ba
zXm^pNvmi{@iFA`HoC7yU9BZD?7E1sQ6D1<7PJ@9WHdpU_^Aq=0HZajoX7|Po2jYC*
zs&zKM`-ca8`I-?F+(=_cEJIh>Rw4nMR-&-!)u(}xgdV%MnJ)HI#F8dv{uC(9)iug2
zLuznZi(C+(`zdQu+2uRHZ^m(T9LtwjRg}(O*Rt?@QZ|nu)5oa7#~aq#rD3EsR05~X
z{P&o!hUYmZ6rehcZC_2jEU*&uH(-!LOuEh<8#pXT{Ov*<PH>Ii&2B+EPRwT$P1XTH
zL60hIFDmS)C)w}U5t<vk<}kTBXy_2pR&<sOYO8W4sWCn%s|oBhs@yxy!q)ydnW!SR
znml)`@cHwL6dwCv90sW1?KrdJ+|7IuNWsnyD}~EGaeFAGEXxlcxm0+uTRpw39b#R(
z>~Y+(<nJ8?YQ0YzZ^<kx1BK%82G<+YQBcI>N-}Wtb+lMWrLo79WO0rwQSPgkknJ}`
zHJrO`C*=8mKRF+1%XS|sp<o{*1z^Cbxy*NlNTqUFJ?2NkEa4^so4vw*_OtWFcZc>1
zg0(+g$**6rv_=eTO^;+}XP-yMJN^8V%ByZM?DG%SkFv#IA%Nm4Haa?KvBTk#y7d?!
z8!a~Geof;i%>Qsf?hfb<`rIa2wSK)`oDew}N#Tx5Xup>_FnctaDSe;v$y(5PZ0ocU
zP9@QK>(mDxCBD1#-L?d0z~lWn>U8Rz$YitgIiRuRFrYsmqq!AMz#%<3jOlT`#H?1K
z>(3m%XfmE1RCy0LS>soS3&PPf4>1Oi^Md&vt2j3aw+zt*N(OgqTwE5%n1`vzcPy!<
z@T=`4u+uhr7RBunn4$)-poHnM{-BnMwLi<RsM7=U->r9)$zRp}2JnDD^?hK$VTMnE
z19fp)EXOK@?z;0rqS7wO@MS-L4=hJ?*xr=GGj~h_4EZNO@{)14MdGQSDjA@+IGvYC
z;rfbTU$1>}b(LEyxr+^8&KVh`2X8XIpIv-I<Z)h(jFeC0Hj1qmSnai`a`c|5-eZZ6
zZ#A{X-m%{uB~`1q=MMU_DWh!IX!hr22G)8>{?l0~#(Z3|*bK^GTaj;bO1`6lKa!mU
zj+3UY#fmjlG)Gc88+WYX0HcOAR`++2*^K4ICIGwD9?n+ywyM_(m!vel1yUqY-t7`i
z@Vz#I*w=vnQrr4OSNjE>`N=nYPRLx_;mI*Y%iSQPR3GsloQwYejd8t7wm7RbUn6sw
z#KFP3YnV*$!r53mWalkEh=u;HQ<#_gx+moVnIN~L$WvjEUh%!orQ`WvK6^s`Pz!Nf
z@72-C&<|{fwCpLUrhbGTuaZJ9Cj6mF7T>t6WQ_2gtXMH|I7j0kGDSe>|3oRN?*LYM
zvPrc`m~zvr9UYZTJWcKB>kYX!VzQFonF`*UEFkA)xu>C}rcMX?Ldbzxdc6q<tkS57
z2R=osI$IlJIC56lvoRWP=$2ZwX^OW!o#v^v46m>6PAT^y`%)9T-y^Z~WvYN6i?^08
z&;lL16cbS`cd50n5^NiEWg$6!+o!tH44S5`I|GIGyHzVW;Es;jQcdic%gcVNKde%E
zdU#?~T-NvT0^L1qU?a0+1H1jrufAt{;`C+5jq9Oru1_yB_*(Ad0YqW;yyit#aDxjQ
z*x`6tO1;(+N9jC-R#=RZ@x*5JX&qB-X*{AQ*LMrGaX;}zE!=UpoE|kTSK>1naRe8n
zyFastf1FBz+-x}Hl!k$U;RmU{UP%+UyDlnnY)ESJeu<6KI9;MHrtN;o|NAhE`zXCY
zVFf$3T3$iH|4xLlU4Dtk<3=a<wTDuC#OBtY<lEN3X^M9F;iAT}`B#>61A~L$f-fv8
zbDfG&G}rbqE14n^+lDrc#^-<xu-_#}>N;}V2M1){A4ws(*DM}wChi&YW<pP_CUkFa
zuY<u*UOrOoPu}eMiWkgF;aLHI=kea~w}fR+Sl&>$Oea#`u}-J$wE0^gfsq&XUN={p
zF41gCY?Z=wTeDY8<$k@F2KNsOd_5F(tsIJu^^TB|-q(62be`Q3oxWPj?+3)`A{}}i
zReMp3|4JuHSO2%b-D?iT)e7U&xXm67*0Z`4!;!>{77TL1hRc?w<JKgXtNrdpt{Gek
zpv5aA^k)N((vo3CUB8d7@815D*#*=LR3sYo(8Rq$?jdvH%aFuTWp+M*Y@+YQ1|)#n
z1+OwHWi)XnX$KWlH2^g0Lg^YUVw1#{>61Db{JT&COB@&M+--2NxIc+Jb;~qyi9)Ox
z;%UH$A36-u{P1YY6wWsrqnPnn2s=b^!sSxnWq2Ul_UE+mIK(bb`3MPTIDbe)Z=*-b
zxMKlRq!C~SjNLoic6lgz0!tIKvgf?5`LgFw_3p+DQj?ZOJe>5D@uRJM1wZ-f=-YqG
z_m@7Y4nF7m-`PzbA%-}83g)VLjqxx|d9se)l<;mB{N^iJXoe?|%PtIM{;Y)CL!{MD
z<YquhL{KR09a*vCa3XJ>56Qsj)wh^dGeFdyu)vAtTT(lChd(M=sO|livO?;t^<zWW
zvNb?EB2D|VUQZ&RyW6daB-0huRK`tV$t@Fitv$Ug$`aHB6d9L0T<$C4KTQj>hd~?e
z%;zfMYg)6gHTwrL(>&%?GE&Og9+9oBXZeR*W^@g^i`dy2kMM79(Bv-nu?G{z;^(oQ
zTligxZf|aWky=E!uc`&s^|tBYgaDv-Y=<RoN9g%$f~)LtL1oJGWV?$#bS_W6AVy8`
zEc&a54h9Eo9GqZ60N(D%RDNN*gNLIOo|%=E&p8naR}pu8+r!|-pxNkm(-_uJ>$Gig
zh;s*k^-GQ0x~5fIuRR^$8k!o$BCXm=v8{0t%z|Lcs8ZjF1M;8s@2;z>S#{9OMpAi)
zG_=W0$1>sVcV{Db;uH8R?Tz*)X)XZln|22g7qbS4+6j#e4VkfTDY=H|CE(!UE1DS!
z)axua*D}f%D;y5hwh>e-(u*X#a_Cj`0zgnkjru@$yaqZwAUu->5cr5Q75lu(vlUmX
zS3u>b_=ge0?N=NY^Is4WB3n!*C?|8J)YnU2-}Y$A08K7Y%qwmSKW%%49F|qS;C1}A
z(C67_VZi7DFe^yZ2~jZ_%WrfWe0_aSVtB0Ag}I#1{3`VodK6R<9bS`tXW*CyoGuNG
zC2DppYw0vzcb~I!S~WqF4h_o2h6V*_4%R?@a&8oMT2`nYX1uGYW6E@$+rvwmOaURe
zSGWLqT+xzA6i0)fIr#pi4^8;P>L<rsx6(l;*V|`a#Q18udrwkh`_pnr!U4WQ_&5-P
z`PKE9m38@zDwQ0iSAgg&E5ljV26*1A4RkqD%1KI+J4~pFgF;;*f+VI^Y#>j4Sr_du
zQG;=c^`|-NEG7;cr4?6CJ+(aqT(1t;^S7*Il0SI7v^LWt7vnLL)zZTRxFugsH49`O
zF{#2P!nA84QQyi~QM+d{emhbxntIf7M?Lar%aUpbygFj7ty=$C%8a7Lvte5VlGmz$
zx^h(fE@jP8&Zl-fj3}z!{spZOLGB6}=5Mh=WJCUub*>EFJq-QH|B+d7wPtngBeE{e
zX#HiCvS<AVXaRJm^^+C;yr@oLE3<c8Q4yVc?T-p4bnmB9qNiLBRODw=qSo*HDU4f<
z?pXEap(}zsV30uNjq5bu<NU8h=N(PfGk;tWthVd>i>UA#3ZZv@PvO4#S8!zbeN?WA
zY?NfuH#aPhO04$iH-{!{S<;Yt|0F1E%zqF&tpX2uNY;BM<T@9r4B3tMbYcVtPc21Y
z@1@&fzGvN+3Z;IQeGDh-V+M#LrGk>Qh#u@K#r%kP^(OogVRoiB1k6_GMkd?z4_eWa
z)S{4#!g>kHQQ9-+ta|XwIiOr8yTaEp$93;nZ8zs=XLNUkH9`H;E&kPqy$*OThlBcY
zgDi7p#k9qkt>%WR?!hJgr{;)h7RV2_majU|rY%1ai@u#Fn6<HB3cMj={)Uw&qyFu#
z+~$@U+9|0^<?PO(+{R^pAPj20iKISifArkVOY>x%pCWTSylH<xl~1ZY6m|yVx{Efw
z(J&jE0@WMqZ(rRQ9wDWpeCm)QKcP5}8+1>UPQG#Q@0OSlXB-*E4X8&8qN7do)N1nw
zczsVk`!mWaO4OjQ?p8n*>_tBn$|P*ViRpTm<7_6-qOg7&rcUsq!GL}ael;^ptf7{3
zF|EtGZdKhZ?8WIuuR-;^k--)MGyHyZzXEll=7qfl0LcttZ|Tkt75n8|_FO5~ymr63
zG$Gf%-_GPbGL^Swao}Ma{9WMzSG?7uM(mAyZ0$B!+tFpFv~3_R@m0xp^=PeMSbbPz
zwt<BzVOQMxjl6{29m!v)3J03l4yKI!QE0G<W<q-Lo`t|%&ZK^0WX2<o9~ew$Es&6v
zMUEMj!z`yNGWc<Rzqb41Gx~xIpf7a=DEH)|tzR6M?Bjk!LHm8e6HadVYl45ib&ssa
z_7gTc_?H#{L#u_3?$H~9>4I(<r@Qy34!sNx?ttGdasYLcWYC&|or&lS*y}{yDe4}C
zI<Ep<MAM1ci<Nt9>AoLJCo#eq^ZcN!Vt3gNY3#Q$(5<yyaYr4^3g@Ntad^6=dN}s{
z*%EWnQ-3-c(jw4Nhq^tY$1yC{)mj4N`1_(n7qO`uuMhcEtGB*s`IojXQ+UmbIt85+
z!f6$uYUNytO~Gq`>`t;6ne2r<EXbG@z2lf}18Pn)JgoV;h|^oD_AoGA3X<GC>z&`b
zd|VcrY&-bO{*V}7HZ7(AuZ8JSj!V#i1!8T!9yH)`XwXRSOFbXGyY`oTsm&p01bF?a
zUi=}*NJ!`)rJ*ElF{!SyY2%oe$xmA!P4Dh^K(%fcr+J&}>-6}FnA3U1{~(<lb5gn-
z_GvM%FXV<2m<;0|GC~Gz|6imN^CW<sUj-!UYI*T@Q(7?IaTGJLS?v}bv@&|*%KW%k
zWJ_$i2w^U%;Qoo&>|%E;D)jR;&UBOEpG1b@%XjK!e78`CLYcMS!8`suEx=d8CHnia
zhMT0c7uI460mfwC%19a>-q-I$q&|M6A>ngX@d|nN{Ge@%QO60&qe$l|VJ$-($5XCU
z1Fa%1hi35A<0XfPUx0#>Q@8z{#e!#sVo__HRN<NJ&BQ^&<5CJ-o+G6ch2>2)C5NI8
z7Owp1uspr9Nv%|zB9r?BUZ<kgN@#x(!$`9;aj?<girYChKzRYzes~pdxoZvLeYjv5
z`t+Hr<+P{h)y_;T3=U8qFwPF5X9pTd{vT3&iVAmOP71Hf1<7Oj)5Ts?M@t%C%#Wh?
zFA?5mzkSbzd>v5eTo3OJNH2*L{R+(6U}XJ?O3X;FeG8?f|J-*!Q>v+lo7r+PmzOp`
zatieJG0H9WkT@vQXz+<;D592^A8daMy@ZHmiPC(_Ga5<F0g^OD3Bt}Ainkj1mmgSU
zW&x%N^7@yfw-G3L4oCNjs;T>7qz@LO=`g3YyG_`*anzcEXY9a}d{a3nR1mA69vEC(
zXR$P~=#RA8100rdwQ7KASo0Z9N&J~R(~u5UAB#*Pz>NDTCJOEZk{ca`u_1JQBbXg;
zJqZ8Mo8B@Fs<~}s7SS8FMuFLRcw1=53P~H7A)5Ck;Ee#(KzQQ_*^Th3Di%z`8Z4zR
zmKtrMUybaa>bHHE7zsBFY>K`sSCz`*o$CxkHl~~EYd#V=UR_wPA6C!2`4_y@J_+w(
zS$hqzsRKK#G};7`>dbXLHf3bLe@A1p9QRY*JYf7|#8{rnZG>aH<s@E03JN8nD=pyp
z^<;SyuByT5ctjs`?2{|yuPCFf-Tm?xAXpOtG%G2JO;f+Y=QS)wvps_>0<zJw1YgDa
z7Z#F$mZ#!x2x$E_X=rdwDudN^YXmKcyLx)Y>N$GB$NZM)Ax$ZgQc`jfE{RJg=Nu~4
z7D55MBF{o{a`%oyYn=gIZ^|WIeS!wr;D0dx!RIHq;hHGEg9PR7u;79rVVk3mVEE`%
zb<s=r<h?N*zR3)M+s;H_Cotf!8Vm2W-F-pltL@X+<s=v0V;`g)iY#F@ZZ_00H3e&b
zzFr6m(mSim-x0@bq@(vU*oqrJ^DG-L2+=*ew#lp~QN|w~2v439ieq+Qz`NGN*KEwt
zYAXQLo~2rL_Z(n+bS&lYO7zL<x`uSm>}<0ihux{yYHz?)`QocNw6cv|9>-EiSBy!X
z{+Z^Q&n|jY!QuH6qXURdx9f|6uTnXJ@-v`Cq}&@;6W&G{1)%>Z5KWE6Gyw36T2A<U
z-}H{)@5lLHxz2)TM!)%}BOq@&qNU+xYh0{mM2G2g>Sr69lC5VnrS0>L?sND{Avmq$
zk@!D;?|)x_s+KQR+0>7bQLnOFQ#z(xWE0xKREy2r{zxs8+Kta2_f^)$lNe6wrBkrM
zwOw&*`c_Z$?Nws^#>{BI`m3&pEQQ<oMAHbM8JZPWH{X0TEJ0CO(4d|F4Dw!|V{bv<
z=OTl|hbAW`|F;!!IaaYt*?xZ89ri?Jdgt3E)rKWdl-WwlsgdOt*YS3kVB8Fj`;#oC
z>(Iiz;g&LqcR6&6i<b}uEk%n0TCFrLS_$&9<Cq+#57I7?8-nzVeayW*+M?SXOs#;L
zbQhsWCGNq-tP9L@d7AhVZlG##-M!!@DwnOyi^1at``VAB85Ax3IPcALlUR({ZINvH
z(w{fKIgw2G+q*j^Tz}^d^R&XdwnAjcd`(i{Ag-5!f`aOUShP}8;ea~9soPpTz#{z?
zmryq}GLnZ$C5?vbwAZ9KwF1aeP0Us_`Wq)+Vqs&CWrg!);tatXxUD6HBV9x804E_(
zrbd|St>k-|_uXVFz5um&8nN`UbGu}|0I8YQY&3}c3Hg*nrn6*=HAsTQ2p87?hp{|T
zm+43}0;RTEbu$ugU+iODaNPq-8lSaaaJ-0sCIPOOFh`gI)OR|T@z#xOOQUFx1Esnq
zi@g)5_8LV%IIJ24mb2D=ySHzF%u4G#UHy9~07i^g=By}v>0F{~J==#!emGJkm1ZL$
zC-*gM=18$LuGr<cPuQWw7Qw~Eo)80QLUAHlxMHD(uqOU{->0Bke7JL-b>=}l-|k)`
zBj*Bpd<K_&^Hj&yZyduV+spl!vr$SuvBfR1CHxq0zjNN~Oe>o4>4ST}^CX`<=~<!V
zs(nj&Nbu~-0FtsZ2*L=cPEqovTA;HLH#`bhZ|CRC&>oku@>&?dFFoNk7W2ivr*^r>
z&G8N)h8HLq)cpQ2jKhtNR9o_S)ZK1{;;Y?dzmG?fDHc=CZ9I&&TiY5A*EOm%oI}pF
zBW2yDw{J&Q44d*KaL3RXV}Yuj8q=zIdRGgS4bWYOfBU_KyvIssU5R>ad7Zp+pRpTI
zukr6nA+IHjUl7k&DB-*%!mIanD6oqZ8%^Zv)XdfQ@L!fsflZ`8?%WvQ^7wT->j~`9
zo$NbXq2lv6kyI@!QWkfn@u%sV$0%-ZK!n3T&V)P;iDd07#Q>m2P|7rua;RHL|Lh@C
zt;c-1PPLQeATOzPxRRTN<Ly~Y$9_!3mg)AnUPnp2SmHjG^A>YPA_r!J$wCOW<7p*j
z>qG1=@yZjB<x;EOwPnh^kGBG~eu|v0HIZ^I9?|P<Ekv9=t-E|*GAj`{!bEq@Xt%k`
zbOmtNh2p}@4N*$P-zh3K&*5i^2{g`U(rJW~T}qRc9lIFilVt#%E0{aqYXiLQF}W*@
z78>>Qo9&As+Y!0Z!%Hn&<YuQPk`rB6Z1ZUWueO-Qr!_HZGUiG(d^aY}gxgWgUcb+G
zg*k3mh5Rr;LIz$Ej%Br0o#w$zU|^o|nP@#el?imJXJdTa(6)5*<}CJryJeQplArDN
zPr7yHh%f45-A<IdPNG^|$8jv`s{`nA(JrSx^h!H<n3&G~KmDVWQyM#Tab=tU$Y%Xg
z-@p*94%YCPz)va|@5S5s5kJ@CLlL1=CqZG4HWxNmuu;~PpQ0b%&1mOjtGnw}t#W?(
zEJc(yAl%}i7s~*&_N4Tsbz=_=#XdscSYMw!JM&wl#jSI>d@dR(HYvdA@<(=uF8BJ)
zZ0V9eE=9%119gFnM!DT1MU*oQBW;~TM=RQa&G+}P(MRL@KP`q1FT|BnOBuMh5*wTe
zzo4T>VEbtSu_I=QdXuQKQqgNi1FP(%m7ye}@0PEZQr^e7uj14>P%fvhV4NFYS<q=~
z9}WVYrl(41#J#6$I^<ofTwk?}GI`;{NAqveP&d#Nn?Bfx@}?E{P2N`~molYJW_^8c
zy1FCIs9|sK%AKSs%uh6|Bgl3bTV9Ca#HORvzI<3xj+R^U)Qm5Ki-5np9LM#MG;YEI
zk`QMVJ=zLBfcF{nXKi&2G!A9Qjj2m2xL+;p31F6}l9rZU&zK3qq%xVvP1~yvBd|$+
z61UUMV;^~PTuCWy?p<iGrDD)L3w7BjT<gQ>Nefp!=5vp)=_A5ITLn>THbj1%SWX$x
z;u<J<WlD|lH|lipzo^sGBA6xcFrA2Y=4&$KcXZ7t`P;?7YM$`;i#}w24~76)gq!oM
z>t)wCA77tcpfn(B1cy<{B6seZKx8t<(gJ&={~Jo#^LLK^Vi##C4;x<aUHh<Zo(gnS
zVtab<80@odKkP=1ZJ8Jri*M#6q!K5Q9j)I!GXUxd27vnXQ`qEO5!**y!n(=r?QL;l
zw;QH&FY9EZqH;Eic|XxM)?nxU({unLGFiSy^+zie>@Y<hReqOa)o5y(t5%U{u@=F$
zCN8hFGKH_#@q0XH-;C(%*Bz6U);9mRNHEZU@M7RY(I(C%IT@LsSnSo|adv*bF&+iq
zFwIG!9E#TB_!q}**fPBUY2C4a>+SV!{rM_Kj)#F_m=pNo#KpgkEw99bm;10V>J+O-
zN7CaIF?{ZuE5ypB8e>#6<0@#+<@*9s%w`H2nsa2l>cv3GzkIwMli40N%EpYUSna5?
z!lk0Qx4}<<KK%~&M}ER>KZ6Fl$@sT#v5Bz&0UHF-WWsemOL}4HeMad@4nek^i;s-#
z5YC1^iIyst@lBO!YuAfP@+9?j<;?pFxNsmNU6Qpkgd@0eM}!ApVq>jfS>mHe6nPX$
zBUjhMmqwV$i)c0{lUzNSdL;Y^Qkffc&fT6lNCsodWtVjXtGHOwY~d&_Aq+Ez@H*(B
zHJC{-hDkJOF($KDH<u1E>;sM5Gq9-6>IfRljzDes%RnQ5luu7@-ZO|mxg@h6e+LjF
zOXO>?^4kw=io=)mOvyhqn7Z6I{BjtYRgRbV?w_QvEaWk)TE42+Xh%~5<qpCBTd{LH
zG9pmBs_yyL0$#|Qavl%H=qlOhDjp7bvRo+#^pkGLbn2P&W0GJ!l6!&fbh+;g0t!4o
zH@81M4$Tco$W4J3AqyVEcG3s_1Kzw@eG3Xrmmb3xiM{{g`z*1B1sFQJy>WoD`cs_P
zL)b@qq>|X8;_b`>`v$)Oq@3MRDk39Lo4o;ulL{zBFf_HeyD(A62fT-i^B$>cj|Wuj
zabe~S=CWp<p8z95p6fgp=w>4p9TTHSs%Z~z*P4g&SBj&}rQ2q{#>^;3u>cv^mb67Z
zKLVM(nu1!9T7fjazUm&g0Z0>*bIn!+Y?;Ae?D)g=$_OhmGTkkYh4oh^Yg9T_$$($B
zykZPZGMdE5-<3}5e~eFcE8;l<WvtNKoivl(Q5~`&pvj%q_fVCSGd;BBcO0oV{TUV#
zhOtrG!zohAszzp}QT)3@yfCJP5BUhstGqY`@M>zWJklRxrJhS&ZoGUAMii?5@F5vv
z8siCeOy2*TG>|fBm|Dr`OqExQkdTtf_<Af^oy$0@sD7-2TAoVu7_xf~RQMS`Hgh^m
zdFpW|{TlVrazC_>NNKZn1yZ6=Xwg$eoECE^1IF#&r*`{!Y5`!iAwwj9KKb)X7%6Lg
zo`aNEtCaRXm@G3K4Qh?RslDhj6M{Dpe^>pPtG(Efq1X_j$q*0e;7&p)s2LmeZ3{OX
zUt@vpQ9q}6`7l|m<NTf;9A(WE0o6|0?(Xh!{yWrBfIML=r6-=wM+UMDY;q#FyEqbg
z`HDw84wN?mWF5^cuI_Jb`(}CrluERO7HTb&B`~{+>jCy5oi3lgk#-I$KXkTOX?T)$
z!usU#z*$mbTj(cZR(3fp6;;48(bLbcNHa>6TK^ftFT^1hDb1|}N!l!FSWecYIF2K8
zl_C<2SyBY1SQ9FUFWDx{xTPf|vbw5_cH3Se?2fJp0R^Ulg<GbBdd4bMhSuN6ahgB*
z0Xokp*2)gk*g)MP#e05h$?7^)4W2hdtnv3RVS~WUxzZ^gxXg@=LcW4LM-yCO-%a3b
z{-r|U`T>xfIjlI|wH-zWYRG@%6PjB7$)H3Vjq@siWl%VWEJ&M4_A;#7AI^s!H9{EI
zk3y(q0OEms@9Er*s4Rd`37-Q+z0^Z#>Za-p1)9T&-4nY^AQX;PZjU)>ql78Ze-+yP
zOVi;0q3kPwvV6C11?iCP?w0QO=<bvj1nKT>=`Jbh7Laa`lJ0Jl?(VuT>N)3k?)>ka
zduNz|0rdNLpJ(sAcC5Ac{s;w>I&`4Gs8WG3e*EeErg~-bFnd`mQQ$4E+r2%!^p4!e
z9=eL}wlc?Ruq}DSMG2ay06RdllR)2z+0MZ(PpCDgZ+KeM0^_d1bOR?mOvY@wj+~aZ
zvA7n0`n&hz9Z*cVz|tdJNo9&H*Kg0p9o9j1pQv%6f>%II<FLsFw%M2Vr0r+1#3na(
z>$a2u1<Z+?)AhbsP3d*R+DGUowSD335tqqH1sZyq;S}D?R&p0D9Q}H00?H%z#Lg5A
zgb}k2s!TYU_X7~@HIr-{Nwuq?^7tC2rWa)#QT#+rZq*U;8GOYyN#-)WVtSsX19zXf
zae=1!7Ik>CQVQ~5SC`7WT{t8EF&@1YbG4PeK@7ql4NevQ{+_iBB?DzK@1lKi(E$In
zoc0OPD-7V9oBryC1qRVeXZVf=-b1k_Zyys0$|QTqEY?}8g;$inz6}^zLd$Ae2)BP3
z{`x)x1GLVx_p$CiXhHzFLIgC|yO|bI3qaR^NiECR+}i^O^63iCCmu1)81?hh3c{8a
zNBZAVyY@#ih8nd8&9JR=40tQr)PIQ@{F!~P75*zyu_lr4EdAbg^lqyD1Aj*AEYRD5
zpKGCtRJT@`)=Vl782}8CX*l9~CEwTg70>rTL3k{$@>1;Tz}0!a7%jG|S<R$2!25jv
z$vS^=Jx<3n7>A-0a`qIl3y2?3cS|qUKMO-65n%dP^o76x1A4E3aftz)_etZ>Ll{4c
zCpZ16G(R;8)P}YU(HzAc;&Y$5nXi_YA)5j8{II8$>*$cCdw?Alqj`OHc9sK7woD>W
z?!>31rQx++?F|CESP(W@Ele_*Wvqee;JERdn)fgC$Z|?)zu7#Om4ZBYsgE=qB|_+O
zKF3~4Nz;v{={!!jJ>6`ETZo{1fLCP-IROw_aM{gkT=yOKR1XWzYd*4(C_ZJeUPCZt
zOZCCMkZYX91ig_K)e6Vwaj9Mb`XAg}Q#Vs0LBxs_enMq?%7GQ|o7J4hm`5|C-A(4%
z1zQ>n@b|=u+7Q5hD+@HEgachp4ehPiUtj)L+5)J45Q8;71#gdWa5e12iJ`(=*yU^H
zqV@I6E1BFQptvR`tmM@T@C$3$hdCt`GUNbM$JI8kol1#&c)Q66oa(?}W-H^*WJ8OS
zDNrkT!-48=c*0pl*VNSicFoUaoRX->j@m1T_%Fs@578zV(!+&^75RpKz6p<EIVjBJ
znD|8GouFBAr~>G!69CgkCowU|xX)YrIX(|u0L|J5#sKSi1H2qE(^K4JBtct{=wvQ;
zs!)NEkfE-M<#1-aTz@p1^G7R1{Le}77iEdYR8mO2#zs!lp0mvwkI_uk9}qD=ESDfH
z3!_{n*F`?X)VmNU1@^$SP|Bss%B6PiEmu^2(90>Etzp!;xxEXGmtO6Z&lHfFEL51}
zY@BgCgU)EA@|_t#hWX8LQuG7DRynfYD`Y0J7pV!Rj*f_UII;gx#0E$Y-|_u<yqF+W
z)2v8j>{DBGCvzNCGaKO9p87iz4dgL$kgI7GeB7vUDP*$vd1<;{FkEB33{|_M$!emg
zs7QRc>f?*a?BYG$=wyW^97*OyTh@u}hsC%fYyalanYeX=#hBbh&ebOR2%S(*A8H&B
zKcQwgM71)se7f_<WLa9`B_XtCt1?3$7KoD+lcnww(;Mf<9jnBkDxxk7VOwY4zjk)c
zx$hJ)9S)LF{ju<MbnEz7K>-0r7O3IGS66pZe3X)crTD@xF_>I|{HV^b9ZE%5c(mM9
z0%f*5+TSQ&(JCNsfe&u+o6=b7Omh;qsoR<)2Yq#1_(Gj}t!7es@unjvo|&0B0SM3w
zHC8g-ZF}nXL%^~e;wwNzE798|=wSR%0j7n`cMbV>1^~>)G*oiHV4>nk0oVYN%a+L=
zoaDbNSpUeq)lmOPbR>2Kiv!ybp|T0toJ9G!d3Ng5jb)RqS?ostbfzGG7**8rfeBbo
zwQG}ee@=nMGA&z8k=2wX&p-aLtn?`;2rgU{;KC;YZJA*kQ=YdYsjF?=jm$FQIFMp&
zKfl`rNe;#iN2b+Fnminaxjx(k{y_hED7C1}VtRXv9+3Kd*_Ok4N^*lc{<EacM$mBG
z@B8RZ0jUQ}go-{Ac?Xh`l1+!brS2=F)6@i{jGD9>Tr!%_`$ia%kQ8c9!u$Jcyt{aC
zd9N@~tmT0-9y9ez)}o{1_6`3by+#c8@@W3Qb#z`7ZGP+MI19dC`u1b0CEKR<;$o-K
zg3V<&#hj+O3GQ&QSOB2qsmYwu;JDSextP}`Sea*+{Q6p@&Dr1I5&JaUB%YbU#VD%x
zsat=5F-vm@{GB{AgjPXRc-dz1tc$~?3|vbdG96D7Nv-vADlWUVEKpt}SBM@M-2@bQ
zcwCO~DZX%v09<><43LjJn_RVy%HrZz&2;LV1xNtQUKbdMWab<k(5G_Qfdl#sCAG^y
zvG?Q9XQ`(rFrdj-Ut_heUVF306Z0EEmXx+qW4$~I%g7f5S?iq*N)mfPkgfoN9G0np
z`hA1`Tdn8?{bjlT)uPcGp(c3w9WF4nQ%o!q2B{WF#vXQZ8!Qu&v%4gMb`&BqdWT&!
zBs;9F#J4Z}M7ou+laj!9dU|@@3_so6+)6Prl9OdLhpII6^uA~{@D-Klq{y$10zuY}
z)fHgf7D|2`py%C(E7Pfsi^}ApT$rbS`vnRKSM~|aFJVYFQ7(h0_{Y#jKau0smsfXh
zUQN7s4_`oNX0_{T1njXw4;+}}y73pe9AQm(^Iy!$|8U0MYyLq#+A|GV?7+9{Bm`BK
zD0(ze^awkbNwM58l9J+@t67V+wn}JMt|YT1wqE2mULXTW5P<ZCvp)2q^H8b`MggOn
zfHXgKSZq><?AvNh)~22(wPr}h6-AIf$o<2TE6Lf!jP2W_R8AKT-BxEcZO7WcKW}_`
z;vM?$(8MA65}Mx6j#0pq0-?!}>3fGiB}FRu|KXi00y0Z4;!Ya8=BfaUd%q2_V!0BM
zdONL#W+O$e)6ISvRnV#X!CMMe?&dl#b+M=9mofJZ1eg>sy1iLhoT<E~*15GE4YJMx
z$kMwt18QozOA8vKUs`uMpou80VZv>;P+g}#Lo&`wnH2OLtmHyF9gKyNl9Gy@^n~}<
zm>gT*IrYAwH7*(c@2nYMqgqe`__eGN$+USB4ZyF=;%o139WWRm{=ozJ*C5)96ao{`
zALqXHAuR6Yh6&<<y`6BcQiAYu|J9P}DpO!Zv?DXh7Mh0xJvt_~)u!Z7N~_1pA9a}a
z!u}5T2N+{#VKQO6eX(7R2RqC>@vbkURt5h4VdqJO*C!`gF=LA6OGU6foY94WftVY6
zzi7izGq=$Ht*EAj=xk5?8-mZl3OJ&@Tx!{uKSAy-45Y6h#S2>d4i+p;37hls_Wq|2
z%c$QnUZ!byT8=Qke+AGPdx@gRl76#O#qqm8g9!_g%8rPkp`mMkou8jmM?Y#TxA3+0
z#RH$M0rkG%H%}6H-gAP$y+>05o_x=2Uby(QyyigLgOJG)?0cF=5#E=V{yy<CfhA)@
zwO|5>)d4V)i0j=opZNYi`33)ciwI=D<<S<HtR)fu-lQa1;0g>+ivuA>m|kCBzbRME
z!h9-^nLWZ>(oe{5<LD^6wyCodyeZBtXoMmow|mlLXEgwtdRr?>vQ)Et1{?t<@caIq
zli%PH+IL@OLFJc2{AK}!n!5d;6_q0*b9sV@Z`e6D6;b|C+WoIGFC;Qh<^|NCzykaz
z|3)C+lovOj5=Q0~_-<uoWh0y9jQ0Jn@}(u6jN!3Dos5)PQNb61n<O(o;+GdJ;s#!@
zoO|X<2Mwr3jzdFx2*CfA7kv5Q|Mu|>^jCMu=3xB8pC2w#yx8&H&-BJ~8hW+}%(o8-
zS4Ybqk_>qrcO-!&wFNTCjN@tRdYm#TK>8H>R{&8{x~A%HYlE)Kck2ZN3YMV&4yShJ
zm8vDy%Yh)Ua?SNPN>Kfu4#XPm_n#g~11J>!PQU6zeji8f(Xz)Fpd>N@Adj7TU0$>G
zQIL|mdy`U6a9|+7n*<5!Han65_vh|z|9QNk{fMcAepnV*Z|I-AmHwUi<w;LbzbL0s
zTQ`>>0DgQdAYl0m_|AV*2>%`K=O}<dl!)yyXYPj`w%^C(8;KeNL?P!2{q}p)@4i9+
zPmexKj>qRq6d|v0C?F<smoJl$m>~uU32Cn8?&_-O>+>ooFi0u)GqyQlrl8XJIH}x=
zY}E53?Tet07NN?UwHy?1MwKn3vzG_u+y5di#v+WK1^t5fV!jJS_xqFo#})r87ya`c
zju-O#I(N-50u9f<Tp&4cV&WakY*&Y~(G4DAE-pxAJy=*+;kFtY8fB+JL6Dup>sxYZ
zfga*zp%Dlhm@PL@SdmWqxS`1Ne@sG_#23#(Wrw7q?d7Cmz@fcN5PnCEe_qaieLV;M
z=Lyv@rS81`dy%PuJL=(dYHMeg-O#{gzSIB<5D}ClZK)w4pyCRO!oypu%5}0YA_f6{
z2vL)f^a7w;r6?sORm+Bm+48=lREtvG33H)b*JJPbgbW=8r?@)xA7XnZxT3)Myn_Nx
zQTqqioIBl%eKT>*-N{Nk|I?=b`L*gFsXO(2f3Lr{{+sm+u@kS=)=uf&5iO0<yR(vh
zju+F>kQ?EQ-<Os&m9lB$);qTM2G-sHTNv_Jc4Gm!n6(86BQ|ZNEPjZ5ndB$HKd`&X
z9sQq==Y9JhiND2Te8JH_7u_-%aK?*zqqN5;FN8R?TZGDQb5ik?D)E$+HO7M<7l2iA
zBQtgmZVLRDY~0-3%yfDdrjK_{Jd>n3cd!sF4nc>Dt2DGc9vrdq89Zu_i8)ZEFQ-+C
zLtAQ14OsZk*U;+)%<W1$^UW1~=_#>7J_ieCib4fjoJB0;|D~4q5A#?218K`d{r@Gz
z_RakztGpy&{`UH}6yaJz@$v>RtpKujxy}kjTctc2t*I&#3&&)0+)=c*wavqzYs-~O
z<4{k+x0{yCl1VOSvtHs->H-$*C;$RVa_lpoa>^nBQN}W>?yuFYz@z(th#!&GUUp<E
zGOS&Lo^lOPIpi~W4F2<0(O|iFc~x9R$pNOS(peDsK&xF>H)<JObL;hLlQ=w3q8}vn
zJw_VDMH0~tIAu-1o(S;0g?V>>YjSwVxhk1Mj{HsMk3VB@i5O$~d+baJzyaW;jxJ1!
zytv5~2iKcwvcBcv$Ry8u_RY=By^PUx*knLSFAVQRNiWRm|Ei=HAgYE|WaXy;{DYk!
zEIst|wfkd@Nuc^!YR#rRh5h1Zu+5vxVE{jK5)kmS5bPQ8^n~nn-{4}}z<{*b;a;Lz
z*pQk9Gkd$aX6n6;@A@$jwZDoA<3w2+XHOd-89H6OPIkr0I$2!wP4U2^^1{1*QeRpI
z<MAg7fL3LPa(9T3dOxm0EG*CarT+K<3j=ta8t-A+CN~f3`PVoe$L$Oe%+D*A<to8m
zNHY`?5>&Ns^DB>~JyJ&r34xvnHa)h^a9iim`uUXW+V>WSlSc!+FYLOwKSo=+OYiTg
zn5aWqU+qcNTQBELC4_HT@ky83fzNn9X?olv64-)3KF&Tm!H)&BxiwP>aP$0p{4~VG
zl7S}Gt3<c7?I2H0J)5N27zW<(#Mp`(#1H1)dKE3t)0VHF1^S0ug=Xj7V_WKHWCK3z
zQxIeMp5iaK_aZa=YXV>H1q<U?@Atmkzx-?b|5@$NrTiaie=A;_oDP61@$HkbF-)ZT
z3LH$PfS2jT4s%W{uvz5;cpF9{Cw3*f^!K;cUmN=_X3B6k!v>~a1YFj@-t3(VXXbu$
zzbuv*T_H7_xOKSLK5pNQmrMCE^)TRHbI?sylf|o5kHL&L<5f{pGnK7k5@t5_F7UZ>
zpR*|jD7^QwTgY22)MDM2CNbv6#i3TNHm^RSqoWTIrfyF*9czR!Jyhz0x87IXB7a2=
zw1opbev7g%*R94QzFP57fojq`$F%Gi$_$mTnOIqFPg719cY6&Uuv7kqAmuZ=pasrq
z#Y0qBSXj-EdBgXvqObQBT7!2MR+fDx=DR2B=H$Y6(b_=tAE_hELul4bU{`&_otki2
z)vm7<>IwOay<G!c4Gem!D5mGo&~?!uWVxSZtunbsRu?SWiyt{DeMVOvsma-ZQw$fi
zP^Z!Rq0Ue!q{`-WG$99Z__XfA<MUPt$IGUo4ILM=fN#bmcs1bM!>%nQH8Yvy*ypyb
zF0viLmSmTYV6HtHZXTX7sU_vZQ|d(fLiuV;-5})qW&p;(VCO;p^*VHv0IpD9g3L`F
zfz*5RpzkS6*R11~1lj>aT(Ma!T0R>G#}2_MOPanb3vG!&amAUCAR;1iKd9`bPSRwU
zYj#0m(77olnU7TmqGXGsuh2JQ0Esf-1cRzQiOW__oGCLEj5<RGmb+=sAY$-5O6SJM
zWB;jVxR?VsEZ`81=KUnJq1Kz$I=&+kB`<#<*Q+xy*eX9;{xO_I^}GR?3U&?nR3emk
zL`7BUtnqWDZUX!(7b;-RYkmPg<8O{UnppgrfAQU4CR=H(Dwcm$RXNvCcXsT;-kWL+
zm#nfHq#TfJr@vAoa)0(%BjWMC2!XL#uH$D9w;5@Z2{UC!<L;9aSo`!{2DS2dv}gz0
z+(!f29tfKWK<;3%{iYe*@c5C__*?VkP7mf{S8+{Eg1WcHdHCVm^74!CB9Hx(lQJfp
zfHK;5ne7cG5r{U>(5p(!a3<pi^ZWY>%*x%bxZsQ#rpVbrzBJpJNxu-_SbA@@(+)X{
zsy|9w?t?RihH7`Nw472IOv`-ITqxw;s-W>IIlMzOYX&Cz013rU7w~3(AsQf34Is}}
z<`A2i2<u88WY_633!4u%sy-Il8*0nojBkRP+1*Wk@j6~=aYPcZE)dHD+&T%MtOKty
zsx#K1D?rHS8uB8nnw<_5!xW#NqC-vqF$`s8Wz=Oa7n88?@La_!Omt3Yue~WLt#<EL
zSF#deu=>})!Z<--mwe9m@2~8goN@tW+kv5>Jbj<#j<ZbV!2(Sx7YT0LHNmit@UuEg
zKd_vU2>B#|jYJ<gD;mw+*pU!+OAEg5_Y(OaTSbLO<^u*^<U5__di8ZJAvQK!Gx2P0
zbTk^^28b&i$bDl1dhs+4iHRw(QosazHb7LMnd~PxN<DpBC%C)6F9JI>0J{p*>*N3q
zh~YCZIg<s<dxd*F6!U{8d43pPz6<=Tv*<gL&Nr~~Yfu9|9$F_4W0@<drKKh<eVg)N
zlyx8WR`wvj>C`iJJhG@fI@A1{eP;6~UYD&rtyV(9FH_WYjVy9%yrEy0A$b;b)$}Z)
zgMsYOf9?I8th2G9p9B;FB|uO&XmspaI8I>}cw7x-V)s!iLwp09ujh3aYE)vw4w`yq
zj^pH{Qot{KynjM9%bPo(MT@Y0unVYig=tBk{^pSOs{IMT7qn$9^LW@moTyyaU4-XD
ziA5}u;S8!Rp*!&2>H8TVOJ3ov5FhU_oONvXLGzt-+aBh-chVq+VuG8eZ+YWPEet=R
z^Z|k)&dTK8sM7K(=-Zmw<A-;X?ARVpDGTxr8SS;x-YWMtvfe5{QJtTxy<L4dwcb>!
zgi)=y$#G-%44AUNt;#9Bb#ps=O4fE-uG*y{B<C=pGP#<_2eB)d_J0|^4f!TxW>)jz
zK53DL{<ur$e0J{3wDaSq8f^ix%8i#R3jMDu`U*m_5z5ep9styDaS^|q*V3Go!1`f9
zv$!1bbpRV?NS;SmoW4saSsjZYBBM@7`l5rwLV)|lyaM+pZRJFv&r*22x18(w1V@`>
z;x>Av+I^O=;!!c-Q6U9Gkxd>We0&Dle&dp|oH2YfazNSK-}unC)cELqJ(4lsxa!$U
z;%PoxjtDFUqeaa(H!D~LNU<%CSK1%#%qM^WtPfdU_iy}bjFMm!LT)aHIrT-%%}X>@
z5y{2*pO?<ZxR}T3b-u*R=hLVZe7`w$LFburQoiB8UV=xtNo>t0i<<+88Lxmvag`C^
zxn3CpUOa483+OpHIbR1T?PnECpB#Y2G3s`}05lfg<rE0=c9`XCYdGzj)4n>e(%mN|
z_U9MZU$B6#srTSU!Fhi?RY#@|W?PeQG1vhLjO!lKei()qNs04UVtHke3jJod%@|Rs
za$<jtcbB#>WteX#GKL3*P=C?f;BA{4gM5lG2}8~GjMs3J5}SNDV-A`fMUUb{s~jZX
z4EOhA-kJ_0mJyPuem5;IBv`UgK2t_(kvGXew@TRT&-D=`o+)ej%+p|#Oj8lTNFzbX
zK|?mo#l^Y4-#s1BtW|@Wa&@!<2}~H;mAuNmJyhG;--q|QM?&wfvz|w|zdnK@4HvlS
z%N3>>D-?$0az3E`+En(PT)&%WbSMyG5Hl?-nXy5$V-Nz?0~<_S5E@*pwF7OH7%VQ8
z1C4=dvk^h(S-Q!Avm+;Oeelr)f*knyQ@^w8#Q5?)5?TwNSxsv*gXbd;$otGCpAaol
ztCnI}J++`gbF#4W_I$f0ZXUsbqrG*tJ<n*V+67b;*k0d1oDxd8e@X_X;3&rL6W-))
z@*@ydZzQY73<pfy7v((!HrTPC;L2)iZf&^*1)VE%hs>-cEp1$KA!<w8^O48Hgd~Xz
zN@W;_JYx>6+HflS_>h*d-|0{a>sqqDH}lUjN^RX1SCnaQ&meQmVi~oQQ<MSqJaBPq
zpnZD+Fke#6;<i_xpO9imvA9V?jSMp`x>7?_Fl<FMK1Ji-#)dNGm$Nc5B1xiz!;t0O
zh`Du@1PS%PVTkE1Y&>2q+I*GN6Tg?<U@pc?a@s>r=%}bOpDK#dw@F01M9sG9i`fp+
ze<GnMPu6qC3FX)n8{4Ey9+x#u`c4lBby$8>=>|kL4d%YN7;)?@)Y3WbP2mjJsQRDS
z2H84*x3`eC^fPEyiK^%htG@Dpg9KBcaAh}LQjIB*EZY{{Qc_KAhN-kegrI~(Y59dm
zk-aCS$>qX<6jhLh#`^g1nwUqt(V8Y|A|`jASb#+8#$nW`>okI_lkr(qR7IrfNQH{U
zw@+td3W8C4Psd5|XDK+Xm(qPGzPd62T3SM^34VGr_(r(?0K3NzHq}|aeN`~=^TpDL
zJ{=@PciFFMz-96))8+_G9(#<r5Yxxi5UCwpO2=oTW7bBWE<Ju+JJyF(R(aF;<I)A4
z-k5iHMS*dutBY)GNQ+z*u`F!wOEL*3Cv?b~GltwS=7y;pTy(dmS{E^PqS$Wu4y)vf
zfEVs;?GQp*2{$4hg+D0n{qEoaf3x#md3#nJH>w0}xzqYy08w4Op_pfquxEu%n?D}H
zHVGmII_#i-`pQ#qpen|t^89^Fp2VfNxVR7^esGoXU>2#R06us6Tc(<?Am(BkRpBL@
z9G;B=#C=OcoicYs^4;FBgW_W7SkJFTDawMExIb@Vg(Hl|f2B{YTpcgw;+Wt_Zk_JU
z+7P$77ZS~0cuHU2SbEmUNpZibKWQN@#A^2+a3mj5d*tNt!8a>a$JNjUv3c8ZJ-<G=
z2Gf0gk@g8aNa0IgjZ{LI%^VDP3B>1AF^e}=f#Y*TQVN_wGDu|<&{xgJn&fRHs4a0A
z{<Ard=R;eKmH}nCU!GJnBh$zO7zGM5x+44di?BcLmJkadB2(E1BM}MnMW<2NP2Y_3
zl@p+a5A=XF1SVjn#oS*XVzk3A*6kDT>9ji|;tOMFD%hIq)Y&XXz*Q%URTm*mmrNr+
zW$@O)Udr-hUo!DD)ybu|dOgC3h>d*aaq78=4RzMymGX<9lHU8-B>fg+R;ekoB%^dI
zdgaz;<0=0rm@_Jqs>~;EgE0K~6Zq?ZZe01fiE0^+HXAAKhSh^yQud?rRFGKh6PNHw
z&NfeK;YJj`)GS-Awd2$7u);Nz7QB>!2Xwj1^r>d#m-a5j@ywy(?X9iO75?VHU#;#-
zI)}59Pr!6l$afPpd!t4{zIH9Ph?P~8-2%3i_??V_ExG+5Sd)~m)S2x%c8|DL?WN_Q
z)@vm0H}26r8Eaw<W7rfNN-L9PPZp5){Pyn{bvVv<Zy(pfZt3vywx526-9-w32CsO-
zGnZanO<j*w>3bRh9_O#)=|zdTcIkCMk50&2Qww`ymy~o|T9G~7Y2FC}_FEOBeeYAm
zgzO(ggVh7nr6kU#ZNVr~L?33`1zwwdj8Ux<xHBaW3<}CN9Ay`pSg4kmCs&Ctqh_U1
ze7tU7O*?ZwT7twV{esH485(#A4DhC?wm>0Z!$b?*6&1zH(!_Pn0xX3d?$|mY_DC5F
z#DH_ytRN71G6{EU&PXvDdIM|7-_=`Zgix_8jAh#h+S^xgQ8|37XuAtLnIzJ<ObmH9
zr9rA4YXR^N<C^r48Ebaa??g7}cBk@KSc-3e4ZD5R#Au15AW(OL%g|?#!9<=^f$N#$
z?u1x^!V@s8)7c%0);BmJ0@P8z1+(=|MSKb!4kVo!?=tJ8&q*~h4qsElY(Fbq{T52S
zZo2^1kaaq3(E2G<v0TTkk0&LRaXHaKQ0`%&-U1Jm(dP343BS@fvmyl(_8?z4B_YOn
z=>>~=s_7J|Yw@Dz!yF1Z)n^;H{wkTy*ig9vYSuSVqs|Mqy8wryFDBCHbB`pZ?GK#c
zV^dwPW1?4WuFsU<W2tI%b}B_Yjt5H^oEL9irO<T|V0`8<&Y`wm>k6=Yq=DwGvtcD8
zErQkSjUwzA-f%75GduUXo#=@PhCpPH=&rnyEGgI)VQ`^lK;-zUT_z=HFZQVA#Dk^|
zYRgu9BAG~MsQ1`@L)__?#5&=_A|brR+J87#hk={TLs!hN#Z%iThvT9#*qklD%w^YP
z*-uJ$79uP0alhO1yYH=oNlNT=(Q*H9>R{f-URD$Nu1+_Xp`_1ZCGwq0*;PHuF7Ur9
zY3DZb8CNvkYMY;1c#_?u(2nogi9JV-5M{_=%>&mN*{#61bVd;c6gFmmaXPRt?E?#`
z?Bp3NuL~KgN}wK-iC!zIIjA<$Tj+nYCX$2|J}a!Nsz+XLJ#5}5;h&RFHj$HGtlRon
zSmklCM+bwkZ5uTz?gTBPfjGPIrhzhkvC54MUvMIEq0#UGmx59VJe8wLr@bh%#(FAR
z14j6Z=n3h$wAYc3pkTIM^Mcb(gwfm0u5>lJq+Ga7l-L5ZbIe~WdB&9ei?c|ilpI1;
z<uf<=>#eK>@&tYz3)7`*w(hAXgP`)yAn~pC*!$#zfchwXr3xQZ5UERzxmUC+W`e=q
zy4wSn!F*iL4f9Vor*9|ChEM35cORnH#0rLXQ$Ck7+-1cM#iON2A4ZIT$Zn@0QdFoE
zeAyHVt%+*Wj?&Bx+jv%r^lk3x)W5<kpFUB6-s(1)f~E81dj?W2I%*8g+(c+;q!Y@6
z$iI*o;S+?P-40^RR*YXY|GHzfe^!hRB5ZemlFwjUDG5m(ugw~6y$-c4yH7TTB7OaX
z)0EnuU#KG-S2)i>OTXW0wMh*5ZBJ<U)6V0I2a(Yo^LVxudlb*iEPix9iNE*xaz~hY
z*Aw*{wET7<=^_Af$r#*xES?u7^Tv@X&y#<ZtJ3gIO7Dy02`=A_5;m72b2OVlCj>U9
z^;ev)KwVxORhcgPEkNegr$qBNufjm-)bl)r%wEeMdDtth5C){r#gI`dw?;KMl0&=2
zAim{M%Drc9`>NgKSj>Z0A|RS`H{)W6rcoA>UmmY_gQg@M*E|L3c|Kf^jD|+W0h%(?
z8P`yT_qg3mJ}I?#z(@!t^2P?Z{wU)SfQ)D-pjRB!4hYSkY{V<TJ&zFZzMpIEnv%nK
z%F83i7Vv~9p-dE_s77!FB*ca$m^ua#-bC}BP7%#aljRV@t6@HgtD)PQS0ym`C#Tvv
z*{;f;ZkAE3)f(=@Iz%>_R4EqAFcYAwlYs*p7GUDd@2@TEhe$_CKdA+qvy=8<&3U-c
ze*7i5Sz$;KBx`p&0a;p6-Ibd|Ld~Tbc)Z%WJcTt37v@F`fD^Ef`1qMSdEg?9!~Ir*
zwWVyTt@eN1Lq_wJV1AjRY8@Y>4CZj~=Q*CSvm=hqbR$(co!9>U2Ay-DK;^aX!BC-w
zvt^o)yTM16sDp@5VdTo(G>I8}-uRMY<hc4H8sFvc?M+Sy+e|xj=<G#}L7<(b{N_-6
zd+>8q<|6zOG;ug~6;N!Zq~88)IjZ+1(cm2;sapm|=uVsb-YZ~d1ZiX0-L&!Usmi^_
z^`Xsz4i!c9!B>@>%#MzZwP+*IZjGv6#Fc)lko+~iGH8IyS(Z8r5(+Xj`MBx{V=(D6
zjhmD(Q4f){jF_j!U|s=P?A;xbr(}@~>UfxJL=nMo3RL}e69QFrr(?8T;F?&N9KZXO
z-&uWcsBFpDJCwJ1sU%YH+$JL-w<3=!yty~UgA?nV3qHB$5(;V4ZV`H*i-U<=7yU^m
z@mYQO5gZ|LBt&?O^G|z|P2SooUP!c8L7!7a9E3{FP=EGM0GkoM*OjF)1UO~Z3o2{T
zmk@HV7s%pMl{2LDN<J4O<l?D{_ePg9(~5Xyj9+f6bU;gGC>5OM*14m0gfE=0kp=X4
z&es^UD&pjPTY0>LhvYs(`{^`#l(7LR^-x9L<bHoAWOQ=WdKYq;bSE{tl45yyI=Mg$
zK&XfjAF^x4y$a6g7q<~e#Gi>Wp7|xYPgjUVz$-y;V^;B@Pq7>xz0T;TXX!R)?s;L+
zY^FbqUY_)9tAq`6FAN?-b*uPx=J-P#vB)8r3z*uhJn48idPOH0Sqxu3pU-yg9War~
zTJ}SsKmQr<3Z<}o7mI!{ju*WC_%yxFJ5ypejM>7+I-b2R1GIK;pV2qZlj+L!a}PP)
zA8}fJ`s~I$63&w)LwXX|#2{wGBhes5%hgYE_7#A^9E~A;vTG!bDVvL1O-66~=TVha
zk^NReZX&YpFihYPugDbR0DN&B_X+GJs~H?iH}S_31p56DjUm3|_TxyP2bkuumKgp*
zO6@YeRxN5D&8?S}6@1rA=cKN87rQ6GHUuroaXu>WIY3MEbq$Rh6zAmAX>_kBk5h(O
zL%*~r9m8z338U-XZsBiHoVAxij<?2z6ObjH%$sCtsmTPgkS4{d6uJSs82u#eMJ4ZV
z)?<N<Lr|qH=qCU|5EAyULQ$Y344tDSKx-jK{o;0!L^Lyk+VbXLnFjqky;21RUNB>7
zsc-5U2C5cfNw7qyoR`!})sP0kw34uJX*gCcbfu+7R0vKUr8wS&8+Ree`J91=W|$Kn
zV8uU;@$u8PYDi|VhVkP<SMfN@yK4H;f*M(R?c;;^Kim?O1y778kJogNPJh@4H&s5*
zu~oLpsmL14Dh9d7N=I?rR>gcL&u|a$Lw8oshJ`beAB7$kaM@oO%tK(d8KI}cU}RyQ
zByTLHj_Sj^zsgGKSd8iu%hN-{$0t476fGxKQ>j&%%}lXFP%qOlAkB*t7S#Bf8A7&E
zv!{`q-%F&yNSL}jEo?MRDn(J;M!nkP7N6KJocmb6M4TD$u{D&OLiZ60HfE_Ng)84K
z_cT6g3%7V}jFmg(JcY;2zahELm1jnHGQy=^sZC%th}NjtvM8qbT+*0J0!DB6$Q;)0
zaxeTKkSOIjfxKMWw5goTJ7Fyt&SnFc`-VyZ5@XU=&)7W*N$Uf-tS<>gMBU=f<p%+8
zv-)0z`78=!q=l@+*;SpTmTBdlIIo5ZFDf=h3=&x;IsEHF1n0#{<5CVvCo&1TN^)16
z!}f7R+T3-jW3VY7vl0zM6yL1{cVah59tAR2r~P^Dm>A>c(7dxXvgokOfCo`gz2HD2
z`-$$8AD8=q#lrJcHu|8{`UX6;?O&oUl5P&?KQ1Xzp(FKOx+UWr4^UbzmOznzY_+C7
zIx{`kk^bN^dQUYCDPFo9U0$A=p5#_5?jqDv1n!gh_Tj#Q5Co(0GRY-@eNsU`1=PPS
zl-ucyT!4&$IfW^2`&d4s87zf}%tY!0%Ma=q+X|%S<C5la%FQZX6FAgpvsx#H91g%5
zEB7lh$ThTHRswS?C4QgAy*sCZNAU_!?ln>{RGzP>{S#`j&G<v3I!)+Cvg7@A_{`%V
zOTgWA5*4-UIIi@lt0P0)<Rs;wK*^}??Y+?G1H1dP;<cE<OIW}BMaAjcy2)RIYjVZ<
zVzIvs*B4lC_Eb)w?J1(!5e}=@Wa45F-&~aarD#p;@b2;Y`RDAuT0fnhB$^v7J3EG2
zv$H9!krEI4`~ap~DL}npGVF#<z~355d7Uf%NdB+~f`yIDQpyz<+#(L}2ls3Hl~Xqs
ztz-|>7f%2M1-SO6kwiN6@5%aJG@T63F~vVl*QsC(`=B0j+&B7S3&@Z5=+u}1h31E_
zW_rt|1~55oZ}PndK<6+EnAZ~AB8Ns)PLPm|RB|Kqd4O#ICcDJ?X7!(YWv3%x^=PyB
z#`YONUoTNx9!dd$CZY7`kHdWzIhY-#sMbThQ);p~1l$SW+oLI^dI_BsuKNlM(JcSc
z0{B5CczY&b%K^fQ%AS|>cuP%=-u@7Y+5d)M2|5|5CXn+2wW-`uE-q(`Knc-b;<^&C
z?*{WiT9qTV>NVPU1aSH#F2~a$V+$x1u*3Isud~85zPgSRM&i8{Z6T?q5xujV&5rNm
z`LJiy;CecenzizN%-yYwLrA!rc|laQx$ck$CcjJui?K7pEM6{cl0{C`NY2zlJJxaY
zEMM}3n=-e1{Oc2riXCE$h;<HxxqrO+<Hw*~E~WN0y~kN;F8A&hpPEK_QFi-Tn<b{$
zRU<X=`-&Cfdey>go}wo`uOqCmuDlT;^0&1z*3QZO5NS!mK?{8A2Pu;=2(IcGx|7F4
zP-@9X{6WfC!yUUSl&Kt4#vPY?oW2Fa$EbxKCuAW6i}eH4c5Gppng(xq><XU6x1+}?
z@mjr&p7z<iRj4#$HTw??;MpLhM+k)^N1>u)pP<(y7}^riDO6~wz+uZK@X=$LYq#$D
z<MT%D>Wj5<A32+ZDE14Xh9@eYP{62>6LCY=q_$l1-NO#D+`YbWdb21P5cIP#l=)0J
znh>L;#>6=DvAz!Vj}?Zs{rSMH2nSMkg$dQa828T)%c-v*nixWf#G}d5Y4=`6@V>k;
zvx>pX0I{^M?62-T4led8@V^UceNtLhDw>hq&oYd1s<?b;e2kDZ3#Bhsx5;PXe%iSH
zaoLO6A;ZrorD-nUoo@R&bCo`0{MLl6oxD%6xkli<;`N6`%m-h?;|wHf`um*iCDZ$2
zd3TVIs3EEUWNYG(`{Xf_nK|R;n$TR0L0Q)@UCB11hHm>v&Fapj$;H#pldL((qA%?n
zai9HbkMs-r7Qf_>x{e=Xkt#|{9Os3;Cs@t$>%ZW8bk1M>R_<8-@R()tgxl&<R5_;7
zKE7?zdee{ie()M`@9A6Se^7Y~JeZr$b-6m84a1*$B0VjfJr?_v3ap-J6=_fD&W<S^
zpM!&g!RfCaCg%g}YA*J9^MM4KlU|}{*6_mkjSZt4VCR5X14YMv+x>#j^V8#LzFxv^
zsa`2K(|61c3t-`pBsN}tqFA8ZXC{>44>uituc6m~{e7(Y4jTFZzrueOkO}xy5Zbwh
zol5I|)Mz4i_zjr!9DgmxN_z@4VFg=yQ{w=54G|>a-m)27OX!c)iXRqfL2NrZ-2Z94
zH_8;X#k8x$TR3j6p~?FZ7hg^xXwY=PS7&#^*jJVT3IZzpe7&eUF+5D?N+-h|@ihEU
z+7$DOCGW`PaPYl{lZW9;{8cgl;%|nzSVDd{)-R1qD*QoL-o){T5mj|Y!hTlC6B3Cq
zZmUHn(Q4{xB_~U8)Yd&=L**)_MG4Vy%(5fQG)AMUSdQ2E@puR|m3(F`x94#Auo93R
z_dL{r^?*oLr=ORHvAW#>XpJNr+3u_x_FbJ(wkCeY4XIr^2VdV|N5#F%+U%pbNsYIY
zruzeXu0<}YmUe8SY?{?d4VeANoW6;%?u$`=uU0LLbt;n5V)Hgfm0(IW-47$DvrmE}
zG(V3py0hq5ny=~uj~=m9M07PpwmwPZjAf>WFW?yaNW|T=t*xgZep>x?6k~hjVs+<%
zc|k9CcJwup0R52L_!1RMWIov$a%@Q7;c_)zoz1dkO1ERVNkDJHJR~7YsmzvLzb2}m
zC5BDSvp8o_MAWJ;G!e>{l0xRljOrLMB%X2=$+j5;V=<RhiE!Rq@>yYJ+^^x?!lcfz
zzi?^#WBswXn<R>*6j$23CF2uB#mT|T^HriVXP_F#Z$CIb4Kn9C?>G9m-QN`VmKM!|
zoV4@W-6L&HS1YTzrro_+d3?g$AIC{uZ%N0C?yaiFMY*(E-hW}@WMEbziW~vu-cksC
z`m(!&qxWbje|S;hZ=p|Qe8}tizFqM~rGB+&)%4!@k-d{l&|B1=5Z0+J@v++jQ8_oi
zRySOS>RgL3eD8KpZMK5-FP430czn>9-X66v*#sa>I$Hl^V_y2ve#cv3RqAHX+c@Kd
zYzK`eZ`<hyHJ84XN0AKm|ECz4vepB^SZLy+6#Eh*rBC9B1@3lo$B;QONypei+uPd_
zFnc5MICE$dg=cbJkwH|{Sse!e%j5-v7L~_U^_-pSZZgAZg>Z0i#^5;ZET&70<JW56
zcYxm<`?ME+O|{;eGRt|$;C1QzW^nv2-_Gfed5waiG53t9Y$tCrpFIak2v~flnqLB-
z-5s!8siVfsMK6Z6Lndb<MZ)IRpe%SzENwwKg^uwW!H7_9mfUr`Pxb0Ncn5oFh*nJ+
zVG6_3Pc%#)gZ3^bC4hxALNAJNuKKn9(~8m;WE4yv+U!&@+4LM3XVP=(jr5T!Nu@LS
zl)1bJ?)CRRNB1{3g6+_R=(Ec~=i3Hb7c^I_#md;j6|@5+j9y+INO5ib<6E}8Y_Z~7
zuBN$?sauPUUTN>NaVa>!+@<7bwauwGv4N5XIr`@*yNwF<vL>c#N$)bmPCq0hOgN3a
zH8JwnG7{wKEErPqGT8&Bk4cx@9`YM`Us~^l#Mt_22&@!0x3_c64F&K)UtkNXttxVV
zhdKS~Jw|dfg1BKOg3vw<0=bMB?OOXroR09$yjvC)8Xl(!h{=zssrcWl_A%Kq8^hxk
zodEmlf6C<Y#!q6@HLAB9ga9JN?FY>-bR!wN?ZADmX%(*^3T-bt%^kL9(Ug(jzf-H%
z2f`XpyHY!$fAaVf-g1`x^-VDbI)CIE1?RTuaw?ZKf@J5cIUAbnUVOH}bfBRDOx!yu
zGx7Z=ir!J}StOQ9ZJd5&Zj%^a-qBRwQbJG}qP@!~k;iQN_<b?}G~I`3OD>~BV%RNa
zP^I;Zv~-@5^6J!z6j4fYCwRHbwmE@czI<@%y(0rWdqhq&Lf^PV*cl{<|M_U8RwU5k
zk(uW?Vk;RUg-)X!1`;&LF>%fp`>l_=G|*TxX{Hg#2L~-zaxhZU%1q#Lm^J<3I_GKQ
zPYU|L`NS?CHcR$rQ?Bq@pCVR3aM)16IU5fYkY8(W?t3PJ0zU~0=l&plxBq0EvN8#y
zcagpE^TN?!K~Ijp-m-q>#g4{!eIl1YQ;#$M3RL$2^)12b>qFjui_gHPF>#=LRQn;^
zhC0pE$Uj-7x|zCPcWR9J!;kQ*Hw1T0Du>P-r&#*b1@O>F-gEO`3od{;z_EN84Pw^t
zi>`nrAVEZIR%-N5NAaJ%KSl}$TAJbZ9F}u{*xiU90q>B$4zM=yr7-j%el4FPfErHu
z5g-)4dDsT&hsOZ)((LEel6Mvrba&GE<|r)!&kyh+(a{nr%2)<#f?|(dO_08OdZR+X
zfRosi$8jq>Ae_%h@xebC7B2e2br8vd9|G8ZT@IciO&=W?i%$+6!;_p8D$dPhG*W5)
z&WX*=ws&bv&9ibNfN{G&gC`cOuv&g#gCiP6sg{_jq2vb6_4(+~pZX)K9c<`(!+4gl
zh=4~}A`K8>D!UB{>XA4`EYP=@AI+0CU~4a-4sPk_AQ`KbV2pL1j}tT1s(P&>h&p?K
zGpPtxjq7+Yfe7@X!ftqqLgFGVP>OMiGR6_18in%SPA2Jx6C2ieYddkH>9MmRXe}?}
zazd7xejMa+l5SZWotP_PS@4nI=wrvrhqGKFpRWncp$wHe=dBs%KnwM{;M)vw_!uC4
zwTda!r{~4e-s*^6!R~|Kzio+Ya;IR7mjW888)j)8-<SAhWASi+!Z&p|Ufq#9Vly=g
z!D!*1-wcZ>{v$$ma2$%L5rC0G%99_3dn`u2?%v!pf*GE0(xhO&>Au%t`C(QpI&ix$
z$;)T=$kZgHKlN`TSi$JI!wQ58H`+@`_;S$rOZH@9kC*>CW`45Nv~4Dd_3s_ep>&<^
zlpwISc~p%br_Kbfv{Q=KQ;z$S{q*I&?0sbUs`xRH)(tP(N1Laai1Hw~{_9Xu{**N_
z(em~rMpmbcnW*!d*jZp-fULpMS;O9Sz?WN#i>K@#qCgyg)l+RJeAs~c_J6s<Xf2=D
zHct-Tn*YUGv9YnjwHA+em+Gzp_XiGRt<A!G%4uS3!Y8==cUY=+MN!J<CTm2`u0tjA
za6o;OPqhQft4@~fix?}i0_ahp64p}ly9{G10s${=!RH^*L`dts(X149e-Re2kr)yu
z>eutlInrmAc^#*~&VH$U#yj_~`XJ+6!B8;r1t+1NYOL;JV;>`20Zan$m9s7_#*RVM
zd7y&CVr8a!a7LpKrcbN;sc#3{(~Jm)bIfs}!;3e_jXgzvU(#Iv5-oLYb}^rXNUe)S
zkv)Ro6#%I;zjMvC<2E@TLw1mm_!Dzm{7@yvU^GbwP}P)}nU^Q+tCV-7^#pQ698%_C
zlqd3?6Fu;<1t@0mK?%>DWTa)XH%bDzcnJ0Z;i?tDa8HqB+S~gnDNhdW512MJ-qoE5
z>0@`Ah-y`R<YMm?kp(0mKNsi6g^{MDlEkwDKng%9eZ>rF;NXF9IJc}(1VO;!s{s2O
zKQJ1QV!Nb}!D;6$`eDrP`>KEZ@yk$!%M;fW2^AXmq>pCJ$}QRXK0j`&H~CZDk7!su
zNV?BBzg@N)OGo$=0g>m1lEFZDhz`&dn3#o7Jue|zMIN@|2$I8_`S1>zwyQhaZOyAl
zxTfPkIre;3dp26&QLzIaBlzt6?ETRJ&PT6Yv|@X4Ab9=LhZ9AHJGyf;80+!(vKS8t
zN3VD(R!S>H6|PS8o;)cSk?hjuhFU6jk!hp@F1(M+edF5>RqS#|gWy{Rc1WOWL-wEr
zlnDVWbckX!l}F=3>)L4e*ive2QKV8|4*L-o&Had85^Of%-6qX{Qj0q);NJS{CeN-s
zTw?ksGeBDCX6^KCgsmctjOc3sURl?v&U?TDsN2mP(|g;$p3`0t8T3Aj{Z9&ENk)8p
zT&IFQip??J2f-L@a#cOr>Z?CB<4?cz8Sip3y6BZ{$Iq5>>77uB3SjmGSmlixNRzH0
zaEo1MId3?l%VNy+-q&!(=x-e_%#{p)kt2!0jQ+q*X(M%_3}6mLWeiXMDz;keB&Puq
zeq46_dJFh_(9nLC)vt)Fpd|i0+Z;Rr`i33A8Z{d3hUyB{HXw0Fk#_gF7?&_~V4<Uv
z`P|57zX3zR+1N{X56yS-{q-+TXj+%na5z147oya1_ruy*(XluRnYA<<bSD-k+$*f#
zX0V{?KikpD`xBSeRg(uOR<S4;x6=xrhL5mD6Mkx0nq(Q+V#dbkG8YvOzqy!tG#&ZD
zZ67x5-^%9?^zL4<yn$5M5L^;HT9Ik=i8Gvx6N^GKEHcWyg}2T)e78W%s9pD!_$r2`
zTco)7oA<IgaWy;=k~@MN;#Nml`|~GaRiXKM6Hd#;runZ-fGxZx!X@t$jeBRL-td}A
zeBUJtPFJdLNGTE*C1#8ZMYu#A!}wsO7R}ju)m;6{3(6o)j@+FAL>OOmz$s<Z_`pKu
z#!H;=P+HyAp}1V%XUdvi?+igDF0CbW3pWR8lQV^7irKy8b}D$TqjhwAnj1JaZTRc1
zL-@v;^?k<i8T=!gGTb>_r*0$foM>E^_1Z74GLLX-uFy^$W-f}=b%{Go@1rur8hBwb
z>lTQD3KoydN~uj7x<pgef-?|yrnkMb1#0Xbd4x_#Rl@TC?Q<N8A(l9EgjlQop`}lk
z79@vtr1@XPNAz2-i8Q0=qDQ_Gy>v1l!xU9-Ti?V}MPO{$J87fhQV6e8N|E+4KrjZJ
z|0_#Z2eR~Om}p;T0-jLHIntd4)=I0JC%Z*a7o{@Lgy=fZn|=?pJs^Rd)O(==z5*Du
zAr8v*{BFM*+>2zrbI(Ujy`^HZqtSQo>KzklZ*%5dH+6HgVf3IfSB*V3-Q~6~3}h+T
z4rL)$9BzL0K5$pde(W;7^N$+&nprn6e*RxT$nxj5X+wH@9r_O7>#5_mcHureHT`<Z
zwyyoM-@9{O-Q-=nO8D2JO7DOCk67n-HT>uN<4yc?Ae`yPgHez-BkD`c0Q&6Fd@L}4
zG%<<aI-q0oescihoAokJNMvLXunk*iP`xaRG*#msk5gSD0{hKk9ZkWP2;>$$*PmiL
zOPcf4z~n3A*Iuk&swRgEwb{DOS7SM1@TbB-xN689;lF5(Q`s$)5D(bMDJXJNx~y+7
ziipHIe)WW}0Wb=~`)+-tP5D*}f)S30`|JbpFC1=V24D{-N$UG0zqIn{Y|ZMeu_h-A
zRXSRVjq6}UJSgZl2UupCM5LvUr@fg)_P@wv(aLn2q3rsD5O2h8vPFW8SOhRpUZTzd
zioZtVnSf%2&<DSb?1V?#-5mDD5^GPg?1p$J7PKmbjBlYl!@E3}sNI9RbjgfDdw%>J
zlO<$(GlhH@KXIi8h?WXJ2decZtAc<K1Pt!LwSmW_EeDm5Ad2Q(T4;1-*G&1dzU#&v
zwoyv&Dzp!HAWi*v(c`gFPOxY&J90=0vO-7{OAN-7yen2MMm0t8im+yK++9Hv7A_IC
zwvL+XvupTSkA_>eI)9fgr_kMCT|fMukURa2g?bqqU8m`Dq;<^T4>nm-gwPv$34m9s
z=1+{G#;U~^AfL%HE;}u<Rq5pTF`&fc*jrfW030>UL_W<>jogZ<{&-3(aFX4)xWE7%
zR0^kyye9j6sAgjGG&g9&xUzFO3G}F7U|>Ym^bb!}Y{0FSt8lK4m#wO$08_NYEFcp`
z>KHVAUUb?)VDIc2$G?*M%ypzd=P#ep;BKoCuAakL`mAN3oD#dt%HusDipH-Hzn7OE
zZWBWsqJn+|(?N$lYfp+0-~6dy`0UI+XjRuI4`=>D#7vQwQk@#POsf)Mc$2j9n~jgb
z)?j-W$lG%RI(%z1XtJ<+IQ7@zzC`KFb%?i0A^q{_=0IY=7q7dYt&18L^8^r#x&Jm!
z9C(k%>Xz+EcB9=XINKxQ&rR-+m6q+T4h;TSo7uI2<qY<sT%=BX$_BNL|E`0lve>03
za!Z++XZ*VS99ifI$(?&xSQRQc`#N+4gH9cFG!5P^BPz7`wcRDgW<x>%v|^~8uFx=3
z_&>^LkAQpVLU1LZvVUUfkb!o6V`R5=9Z-Efi*b$Qgq2>Fd4}udtv*|^Ss(N=`;v4$
zrscKH^q<^=Ndm|{hDE}kaem`AwQA3c9sO}tc`<B`0|M0_jax}|$r276d8$sE1IDVI
z?i1NO;*obaou@tCLe}FsVkf}r_C95C7(IYs9LTxq3Ez&1H1##E?G<GZ`@+{su@fHG
z6XNddVtDPS5QUdLhQzAHlMSU6s=*BY8ZfB?xKB^EML`f8+EH6wHD;4zZ26bT(FxnY
z4qRdIw6n`<`VTCr9uH{40#$Tc5HB?{Ab<*239T3SzfW<vLr?GH`v_$X>3OPIs3(Gw
z^u_(vbnQq=PpN``=_jGckW|tgU}VLU+lserNTa`=rF$w8tB@+1D1ddo&`32D#8N4h
z0v-`?DC0L(es@U}f`^U~6bD5^Y-R;DPupSYt-Z;Ex{|G;!N%}zIYCuUK0b|;#U3a;
z$D|mvao{Y!kLl)M>8*Odg5Oum)G>#QA&JW-i!3+y2_kkX;dK@FFVhz==a@bQMUrx!
zeZ{EV1T(U=otBuRzLt%sN~%zt@h6a3k=PSi(Z`ahh)r3$m)GVWker(lWXxwZ6<YBU
zlj1Z2qZnjD>mk69Mcj9xZ9KbpMhwpTsS#@Ly(*nemp>(E4xr>bwO$X%ChHKPZ|cpz
zy}ZH53l!d6T=F1FO(><P8WD3SxV5H)?&lcD{hg=}-pW{gQ~gX@B@l^(^1eT|GdVw0
zBX@na?E_Y}wb&-3ZVR&9#mcR#?;e#gNEw^V1en$cqkBz=Yeecgue^y8)VQOdY|oly
z*X+5Asw#?lMyM*a<VPDi<*Zzox4I!}n{zI;-WzgX-DDoxzH%SkM6Yq1p$Y1vw+&u|
zc(*4)OPi3v?S-qxJP543I`!Y7T-<yE6cBE0E}k|I*Qt6xMFA17XC^e@r3xuGS7k<q
zKi96YjQ_L!y6sAEpnPLV=)`{WjtqBqgGd{Kkyae_O`n3auQo?YnoB;Q&HX3f)g3Ig
zAvzx~2<gRJxLxxj2M|TY<(eokpk~rkzKI^cQb`14qGoMK3*&f@P#pRh^qa6V#aM$@
zSBOkz6f^{Uiti0JZhKxT0MB@>K67~R9;Yv+Hb|(va4N>_qiYAWk)%g2$!3XYB}UJy
z_5NS7Bem-L*6WpEV4}W5n2n*qa-OBWrWGLRyyWzf9m5i&T-?9Rv-(58UPB2ECY621
z+U%P?Vr$FN1*ShRPKy8znSY*`8K7+vD4GkJo(}|ZbK?ly2%2@Jb344BD$0~K1D4Js
z0Sdx?eSMM!ZHnUQ{2rL0@+#SKX&zYsCoU!<15ttRv>~L9JQ3LBfXU;uM~}{L^dxg*
z?=|@&@?=v(e}K3;xA{&wQ8rUR#8R|eyB<^Eb_1>2U1Z#`Crc<G&@fpQI~StnR(`-t
zbZX&S$6bB~eIB^CCKteUGY!Fmv5%mB?29GpC-<Z$h2XmkW=Cl<WtHMl?g<M~=3t06
z!3R^GjypQb52x(;6p~s?!bB}9iqcQJEnCMFsa~vX91>BExamb3QgiQYg`wX#z%nJF
zEMJ7T`c7wYdvvoaR)l8HG|gL+(+Zhju6p@@vG$g6Rkh!`upkZ6h%^Es4bsvb(k%_r
z-Q6wS-5|A)l13Wo?(Xhx7MzJbK70Sq+3)`JevzLFYclV9^ti?~D1o?CAXFR*@QXhB
z_~tUkb1!nk8En5X3XxI%$;u3pYp^U|Og1+`2-!%yrbQ*M?)5^sqTIXMB1|6^91F-J
z2?Z(z)$J(B(<B&C1*f-ul2!hJ0sQN~$cWcolt|ebN@J6&7t)U5lxQd9Ue7dkF3MiB
z?xqi@<`?9x!noBK+r6=Do(3u5Q7tR8O_EUj?#0?VwB*&lc1Yru7j3$Gm1UpIxJNU>
zkR9zz4lG50#IGXO-^`Xzom-FtM))khIbz=K)|)RcaYqG^0lf88zBj`8lRKWDY?vPt
z441;!jHav!-izE@*+1?W|4@CMI~|$QDyCQEwXEgt_>ne)|I3$s1P3b6$-=CAQc!+^
zSW#bsLTW7OWL!s~vnWx9nCJ$n1Y}{DU8me{hbsOy3o)k7IGmJ8_ovel=Cr7bA~N|U
zP0AC1($%QaDOF+%kI>ctI~z|m22fm6fohNVVqT#6e_aqqc=f~cla3WFoM3fRMEcK^
zxjKaSqR8xEYbTBrJ=$YS3(%Lty_Oa0hMaPm$vldfsT`bf^3*Z$NT3@v5&3g|A(V)*
zvxhF3U|e2-xJFtNZR@Y%E8%y^Ab-{^^YRgsJdS{pw!NspOO6`ia#V~GD~5vN%k7eq
z^jH714tziLG?8g;Wkd$|4vvsTj$8u&v3o;qk%$`N?yVh=0M{WK^%~nS|EY@Lm?BX=
z#^N}fqQUSmb^e<2;c$pYVYFJPi$Dk;heDhB{t`wetVX*ePGorae0!kFlVTWduX+=`
znL3%%jC^Rk*pT+>+crJ-Go%bK1Q<yoM?{8x+3P|>+T_l=FHkD$&i-|}W$AyM?$lqf
zsj0^7@E;_|b6+{)Es#=1<k9gI;r{CGpnXsQ@e8b#tc}xlyO9v>eA<Ju#-|(>OZKKO
zT6SI^6fhas&U``ymc#5SYEFWb{Gb+45fMn3-eU*c@=DnGNMr5reIemtv0B1!i72M&
z(MV;rXm6l5-l`&V1_IKjlh89%<B_bl{;M!F7VYLsjjBv#20C&V@pF72gWzB(s4gMH
z+^exsoarA15*4FjTeRte`;y#gQy-u<I1WDVwM$GgR3ziH6=$VfA1@h_D8%zC80(W)
z(0JBU5i}_#=vS!M0?hLzzL@pxq`7Y?$Q1QuW?S$|b6kD6MK7mhj7j!Bre-2`Bde$G
zmaB-^L>K`Tz6QYKs+KB${Op^`r>Z(cxq>rj_0!-=50_0m&|f6P<?|=0)Rih6=~7C|
zhiO4bZ+kTaiqaXKLhR)iDLKIa>^p%2BF{+}3_WQ^AJL;O6h?Ac<BN~B{(2~tniZXP
z90w>=zXI|o<H{nFbIx_X)C`69QVgWCh2yba0A|!@;x)cQ5hZ0g03@#5aH=*B$BRaQ
zZ=(@#5Xi>~{+_iNwo;&!!K5p4e;jhVF6l-)-mrEjXBG1~L1tU%L9JOI?Qx1>8NXIi
zolr^%gEDBK&GaL!ua7cElddbAmLgCBf4_#iAX^QiUXv+ii72;tLKCwA^h-~3w<Q?g
zN~AidMGW+f;R+5BwuSc8!G~iAtC8%FHTh@gF75((uCT9$i~`nqw2;`AXK&GQF*GHb
z>-pVVPHBBU65CNXN?ZkbX41*GjOm~H-aNa&9NX{#FO`Lskd7O)2;qvyYV%2$FDJP?
z)e28XT!H@d;%C!pUfd>Nx$8DLF94B2C1^pCIHj$oO(Wh1grd<8PH>Egt6Slz?E?+U
z%fWR&y9E{{sM9kTnhtBpM$mkcdpb=EGBVZ3hq!ldC5A7}s-AHd!PQImK?7yi&PI<~
zZOgdpB_VHxr+tsK6L5eT645V>IgVv{&ZfyrXA83rS0}YJ%ahxG+P0uFnOQcYBO*o=
zg3Ae++b}NP{Z5&qCzm}p<Msf8znH03ICg-&sD(4J|6ZZe7n|DIWs$~m>ifrw!*P_n
zt=xsNt1!K89T*TIAkw|Go7e`~YEWf4<|xyHaHx<OcO7aeYWDhZV&M|tA4xsRlO3dQ
zU&J?(RfIP8HQAqX>1T5I{0cp14ZY+KC~G(k7ji#JreU|#rRr7g%36_yiwt=^8Z?fa
zBQCoAHL|9UmTpzjTwWx`W+Y?u+u6*qk56H%yhx$MU{~2jx{b&=r$VCg97mz0D>mqB
zOm4LykcCU8o|(3HR2Qr0p8c{>7M^iy(*%mn@Un}-%|IPZu&)iQY#{r>LOQlLC~Jk-
zCr>iYZVTyPu@W&}C!z;%y~TTM)DyiJPgF`#WQi0LbYj7xhhNDY00?uuOHIdSe+_)C
z>pf9`*){idHHK2D>LoV*$M1#Hh4U+gnPR43Lgx|t<LtpjAaKM=0{g%cK@ch8*-j8}
zl@qaAX;{Ul#o>P?7RV==jKEB-u~__K$RSNY4|Y9`y}cyV9Q9HeAZj{vn!Lo&q=xA(
z3zjX89j0Tx?v(^EOh1@ujf<O_o8#XWnJ{HJbj0i^joj%La~ZWy?h~MahO*F;bBBzd
zf_KKq>M5z9my@5W2!Wv^)EiZ*>0U<wfGn1sKdVU#9W4<-z^!exa+wLt(=1G9=N1A9
zrLUB`!`|2{CG6thDo!VJY_kmWf}asWba_&?wpA7Ex(Au$&`IRtQrQrmT*47?n>Ch8
z6hL9H(FH7f9i-^qyK(NIs83>K<+p%!9<(>g`K0OaL`Ao*GP6$v-uh-n*3AEsxx_W7
zQ0kioi6T+^lRi~s+SJ`Xpyi-TQRcB;Uimy_i8hJXd8~TPdh^ONxu<9aqqhZY0L)>e
zaucZGdc$E0xyDCK`5ev|st+$RrjO=k0BFLxZ(JgKO$iZOfdY3|SaJ#ZxZH=g{j>Yi
z#`l^w;Gz#sSC834#ohGVWwg-r)eV<>Ey{4`r_htJU$5QeQOVi#_Q(_;nm)_g7PA|j
z&vz_?Alab)@hCuchmLHtpLl!8!>i!Q{S0)F@j#)qStb2%suJ<6DjB)X-^hGbDDS!v
zv>rS4gzB-w_#ogI+KOLTvx9n2DUNu*@0zhLn5ami*Qr8h_rQ!IQW*l)SS-x%O1}gs
z^2S8-Ne?CT#W_m9n=pR#?Yru#V>CXZXJ8Ox26LsDkXGt0tr_bzF`_e55zB@2!00On
z#wqq37oKlDa?W-8j-koT4lm1)z0Fe;SEQhb<QPglwd;J4)04yWoFo3OF)M>QEzaGO
zT(6CJ=-`kpaxY^Rl$qHg%gvdZX+=U^-;l1hDK}rN2rs)gC5t%TN7`YWYt<?k2{)dm
z|HZ6pq8A!n&45RS6EKF^0eN?~?GzB7i{1MffF%3}m(g(O{LROCucqDIrS+hF*67Bv
z>@O<-JYQ;W%(dU1H8c9Md$wUAere|cm`r=kAE;=uLnt|%v2Bfycusg=e!s|q?Ak|*
zJgn_{rzxA!-t2`r@j8O~jZaQmONR9mu{~g?IQ@VOn(pX08!^KMzyGgC$E1ha05>^b
z_IX;(2$51d&t|?$%b6i=g(~~P6xRtNeduWT{HmbaF%YPkjxZq4DF76BOYMzV7C8fC
z=Yi6mAIzCs9E;iG{uZ4n@S#loMfrXrrwbXV<yRpTU}=Qn0_uxxG2M&-73BXFc&kx&
zgNQH9^63#^0Iar>4rh$k*jV{~!Bj@j`<N($m1KcXhM&*!#krfY3=Wzl>|aUI!3O{_
zY+5l+@vTtw<jyYBVVhI90^aaifh+3+mIB^hpMS!Crkg^701#c)49JG#0%?k%4aD>Y
zM~p|N0+|kA5~BnI3-t@L7lg1K=HE}1rGR4=w}g3xOa8UtHGLB7?5t{lJiST|v9<Pn
z1hJx*)l2yXNt0}UN-3D}<Gk6*{0>^?``%~td<ZP0<Ovnw`sazJm3vXS$QRScQgA)5
zbUaZGrE<G04E{{$oV<p5e6#djHuY`>HYC~E#fyHTk2{Nz{25I9GXE`Gb~!3sH+?10
zm81vFH#i_3EdH!52W`2&fk=frK`~1mvGzwq0~(8v<m)T#;+?`D{v!N3p?roGUHK+K
z*-@#fFM+U+ioEG8!;*`6=YuYxLUCszy>=jAK-+f5XVpgWyMPPV3VDIi*l54P^?la;
z>7*QDb<3F<()MN2vY^`qgU$Ls14WIP5aiBSN3EUR(?RkVWzXSVd&wM=X)KEU8N@J?
zT4%}gw4+GY1~KvUYRtIak%=5}>o0O>hpuc2L!#;4zmnz53hC+jD4TDtTIYI+pwVpK
zTZyNRr0yg$??^n^pnqMeQ4eW!e*Tu07P?gXC%NBk5Ac(~Oa1zmkBW-=V!BK_sJi$G
zc&Rl@OjbzuCkpdl^*mN0d`C~GZpK!G!j_zWuF$)H1d!Ht0vvMZ3SX7gA@<Vn-@=Fp
zbrVz#P3*q+8Y*e#TWcSCoq?-O_Fs79KPbun_(J%6K3w)Xb*le-S107}qhR<EEb@FL
zVe50h&#0Ua5W3giCq?S0&lf|zzLK!p8Nm4WV*ZCmI8y+kayH_#YWVN<!Jq<DTQ7y3
z4V2|iNV>^!!Qdv_7xkmRf7qGx`P;A1E+Vd&D#UT#ceQbDQP;-&)v@2_|7Ym*ZzZgi
z<sZqz<*LX0_a8BypCMx`p<CmF)%dxsm|+`ly7T#dys;o3I_412k*!}s0<i&~0saC*
zeVy3fAN<eH{`0p;;Xf)FNkC%x=CAUsFasddBYP40;Xf*Qi@CK0Kv2DFNn3fpH+euc
z<${5a?+Ug#iMZ`6`EN68|Id@GU;UB9pD;3X0e@fg1PU-tix_kANftU7;efIY+;%zq
zK0%#;7f<CizWy&4yn%)$rYsIDn<O3G|9V1tXi<2r4}^1iL0|Enwc+<kvxh(Xp7hav
zCWdE}tQJo|{VnhxD~HdzXGO$+Z2VlTw)ukJsMl;u{qL;r|MTnXKxz1SFTB{g9w}{$
zmC*e=oW}+6jN$XI!8F860uV-J?P*pT*uM`?`S}6VV(hK2;20{zA>wVUJ2uux{<jBk
zy@sfV7&y-6cKlkW`&Y)i$KiVJe~#lcalQOq0NqqbN`21OmLh=jx%&TAg5b3BcC`Kc
zf2o%i0wtdxBW2oN#sG5;6cm&iR&r)0Y_UpN;4Uyh4Zx(nuOV{s@r=Yzz{}1!+j;!{
zWj~V;PwVzu^B6&C1V3LHGY+iE5EWhM-@E>wgnAq;>fQ^uvT@On`R;$O?B8&~9F+*A
z_9U|(PU|Hs4;-+G=|||$LVYDLA{gvAUeD?CXZmsR#`gJ2Tj6E|`AR#k#%#Dqb)cSo
z#Lfp~5ks`?f9&-C@O*Ey6IQ5=N1~RXtD5NbtA7=|=6T?9o-)KJtY3=R^M3If^$jW%
zktaJOu$T0^Y_UQCUE|XuTu=XS0Jip<FId_$5NAHXOqF+gSL(jrvuL!UL)0Uy2cCZ<
zUHSBEoU(e^>ui;6{+gY?m-`>aDI>yr;c5MPB!fqOf#<LMwc0!@$SHm&X<k28V^<gs
zeH0GYjczL3$CxfdLu}C=*oGJm2o0q7*uRhOSy~)scEi$q(5wN|#!9L40a;oSSGw=-
z+5V#y|NYC#C0q}f7w~D9g1rR)9+Kp<*imNrJBzgyV}i}1qMZA&JRJQSH^p#Osyd??
zH(qLrr@x5M`DOCkVp_k4v?XvfBG6zZ1zd#zG6S+Z?SFsBKcgo9eu*RdbMAEFxkDcR
zToA<(@Ju(G;{t;x4a=NSw6g?K6B@j|QoCC|75VqxKdm=yf2)r*CUCf%DH-D*AYGsB
zvoG#?meG|p;omd+pNyN8@IP*afZvksuW{3Pwhijtn8&EfCmc@FVb;JKEwMMHvX~)z
z++X<h6jG!Pw%Fg2(5Tg+=F4OnGQAQ7-pSjD7_fcZdiWu3)WFq-F|5lj7;#)j{x5RQ
z7yjpJO%-SUt+Y6^JzLhrChO+Q@6Xu8Z6hhPEio};B&)_#AOuO`bYhiEVIEz*NQ(kK
z8G#7mQCIUODe)KXGp3JYT^8Ml_d5Ci^O-&|p?|E^J11o8;eV`72odl|tp`_S>qw2#
zmCHk?WkDT2RQH=zI58=y3Q&`DdILa3KuS!{i>>9Z`&G$Z7xs^QA>di%UIG>2d)Zn`
z?$34B5H#vF1BN!2`_n<s9sM{;1sJ8q{C0r%-Xeb!4!8#jHK07BQB|@s7YcYfAU932
zp*UhnzyDXq86Y7bAV!)*=?j&paUoB@iuJaeI(>2C<%XA3FhT$ET3Jve#Me(Z-1hMJ
z?njJ&?#_E2?MBa;sdhTMbfp4?HB`aHOQky=s-++PkEJ*fPT}6B?ECavEnm2;Z<w6s
ziasG=Q7QWCb}ab-OWLt!8i8JI8&E3FQY;!{&~0Z=;`P$<+5PzJVnSd53B#5;)G!n0
z_Xgr(F<=gO@aEHIzd(Nj3vr>X@aIfhd`3HZc3^1fUw<FQ7fr%PgoW&~`tIbs*nBGD
zgWe;+Wntk(W|)v9^IJ>))vgdMNZY5#WkKv>-OZtY^u!tNIoe$Cv91s90w@9mT0Fr(
zJ)HF>Pd`h^>g@bn=W=gSKxwxt98dW)fPk22XXB-o?)32G$Dr1v59`8#*@D_m6neI{
zjHtWiibe9sc?GxiUQeD$>^58*TU#7)LFkJBI__kEX*k3+Uosg9pc=7bFXO~;HT}6T
zYeYAH|2$xQU7e<WAoc9AaA>>QDpc>yyU9mNb)}+j7V?Tu4(LNy<_22``rSE|Ox&-&
z!d?08K{U&jnwwNMrpn83XlAHFXgQ)25<=M6TnZJBkE65!J42hk!)7cl%+xW!wbwg>
z=U&Y;Z+<mmo03q&#!-B^=ikXUxFS~Pat@Qml?wec^4L$oNXAVZrLip8se1`JPlDQP
zGq^F<dglVIQd+TC9;=&7**`Dslizo{43^h}rYt@Pn^Z~Fvs2=ao$hHe_ZGs~{U?Ph
za5mg>+sJ8>KI7YV3sb|o$IY-GKJ;nSdx8V&w)G7R+CVMJ0%~fY`Mpiw|8&Y+*bwzk
z-GCc*3ac~t$5Jna0)Zof(}9LGa6?;oWl}sNy|7&C?`+|Zgj!X7v8(f3&bLO2Rb)<1
zi*~HX=``3QsdTM4CC~Q8@(_`5&U`7n4rVIEP*Yc|HIF2BiVkg!GV9HcpZ(R+wC#H}
zNwRVE+O!@W8p>!jE37XbU25v=^?;(U46w7aF7tTYXnlS4^E|sfbzND&)v;MG`Gb<X
zGsA=SeHSXuL0R&4ksKm1QLx^-PGGeF1k5W!ng&k0E~F%GH$(AV*X)b)LA0i~j8srV
znLm-NTE4p@W!J7{fMc>ngoqdFY%n~*x&h;zZw8O;1L%fO2|p8LSlqJ<!3ckjci+6j
zN~*A+qgkk2pc-Oa8C3>0x<7KJ#6nP`lvam1-n+<6ADhDpKKQN_Ly$_%))36YFVo-{
zaJ-kv{AM{)D~^J8mD$PL8WF~Acv{Le>bE=``3URYcgsEzMk`v=;nXj}8CL@=qwQWq
z>F~Hz3q5jgUcsAjTg#enV7*J!&X!F6aRTrUc6?nu7Bn;roZnmfzizAXC2(6RBuj#B
z-BH$m<F^pB->TGR52#YRMf2(0#>;f~RwgZy#1(0%3)IFm6Pb7_r7W+fN7*thkIyZh
z1P>=2*T@FfiX`y`HT`d8KgtF319y|Lu$mPm3x|a8f#q~&mATHdNr$Q8Q-;n-k*qj{
zyv9#gXgVz}6xH{U9pU@aQU*obLIVg$AcSUP`Fz_=U<scjPM!TJq(-AP^4YnqPv3}r
z5<S%X=h+qn#j}#I%Xl9EL=oI*^g||Fd_G2yZ1flGOW@9lJJ@GZ-fpcPVwkq)UXx|v
zO5n`6FeCCLSF~~QLl^;bxg9Eg^Zedr7Vog1lgwgo$_@KCYIrUB=FwMsQ^j->ty(Ty
zC<XIhm|MoN8W;rS2SrZwQ~70Qw<A<*i>J#3Zhve_nYIdLJes#n7xL+=LsKwP;EP-l
zkgL^v@SuJuUsJ)Z8S|7A)@%X4Rx1z-u|%S;_L{?tcA&#sN@8rcm(DPXa-L?)Plj`|
zc~G~$I{R4ZtdhRdRwlyt#@+SFIw+OFYMLae(Iuf{H&n2l?PoL8Da%?pb?wUR2f@`b
zV3KKn%BqFhOhrTl2FdG5vv#rr`oHGdo`WK16u>?X;{msd0$Py&>)5l5p9fWQEQD95
zk8Gjoxyf-aH*ByJ|1t9HU0qW?^2Su8ES>fA=KB-je(E=!-;1S)>rz*QofYBXyq$uY
z5M6HTPu36x5&XYO64w}yq7OzZ`}q5dkXU^Bgb)P}XA6)s1y-94w#=a*A^E$_*96Q}
zn+jgyPRhMqh0#yvfR;$0@c}k4gt$Y4fhkx{W&p+P>+1_`;y>`|Xr=;VYdF)WFTX%D
zf8anD3IXTYjo4NrD~Spf0Zl|}O*lr0Ojn&qV%cQqC7!o2$|W3^t<%#o)VPySmhG!m
zm}J`NY@r42a@AkjTKWhki5(yr(c&{)TR~ckMwnOxh@MK26TMQNeNG#)ASI7{sCU0Q
zfM_cV2e$itqs%O$*a5|>?J{EwMvM4~d{3yxnY^N}JpLf<O4b6tE7kMx1JZ)w_Q4iJ
znaN>gbwuhktj2{<W{gG+zvIN0Jl-HrC1Krul<$EhqK>VE%(*IgIlNp;ce=*td0hKe
zyfui;T4%9?pVT{9g9?tpL0>bQ^dKbXIl2wioP;nPz^-=_xi&`5SteErQ$W)taJ#z+
z9=lA7IiP9!+~Mo1l5n##mp8sPN4BmfKdJL6xu&n+N56HtC3fU@%p;f+CchtOv9D=m
z?xZ~{_95aI+tlg#8HYkI<J?`ccz;?jTDYW1$QVK3x7x96XQrva{x^vGGYjcN48#ar
zx7<}u#J&HOhH}9^XJ=`zv7{vc%Z<x^!VeG&BrZ-3r*q-~{B;y#yS;j~kgynkqMU;^
z=7T1*mF;cVN<&FeVQRaan36_X^`%!$_g8-B+ru5*MB(M}k}A%+sEviX+U}=$#>*>h
zDA+SY?=zes?=F8X8>al><a#s-v6`!*<T@Xylr2$XQAoOof)557+3hV);CLiP&Z$yO
zJS~?^r9!3R1l2mO*?&mJ)+S~hdl_$f;4q<qXqqmh0TERBMOgbQhyZc3pL)x&G#5d+
ze*O`_1?x_Bysc8JqqsBILQWHbE@`n^^6vv`F|=Irg=Wz?%6pHC?e<~jFQb2wMIYd!
zv)S4H5a!WV+&};rz2MT>D$=U_+y>(sO@$_e96$_m0|9nM0b|%jp|_-~)Gvaw#)Jl&
z7w4f)m8Vq3BA&yyG#l%uf#YQoWSE-o^i+3_tFJ#d@s5MzU7cS^p4cA007_l#%}$fj
zf!jxJ@|Z&3O6gyF8YvfQ2lSm}!ioyiGj6_pNBxQ?<KC*$`BMBTzbVUTosMLuAikyJ
zPB3+H)bbh|5Fm~luWO`0RtL2d1F&mvWI1@oQenmk#S7+9tVV*@;|)&|IDm3tl92o6
zQtAlV1N~=czI&xPra9-2@yWrny)&w;-992%FCb=!uW<v{<>YF6Ub1*1VSODQt7o{l
zRMC(lOKkg(OlW2EIrjky)`y!Xw&(xE0iW0*&2uWO-+Kem<g({AH&o78ZxB(0_rwHd
z@zO+*0``)Zmwz%xOa_-S^gdG5bJa}7=tC!~dg$wttYHhtSW+^2@govGL+MNyJl5}a
zl&l#dCwu?!YEdbHpjKBAveyAt8{<H!+qpEw`fop!fwt&MUZPeY0v2Yhl#n;42M6By
zoq(}%A+Z(e=jX)R3%t)nz0llkMt#Rxzt554#F>!{k4>-X3!nvaDA_vW2L7QMgD{#i
zP(p)cfD8!p)(AqZSNl2nOxC55s2{Nlkag9$?~?rLVnMw{AaU+w`-J`tWM_1~V(bc1
z<@S7pKqXL6@t4ETd#eIe^}fo8p+7D#&02H)hW23Dq(?bq{xcszQ8>+j))!BWQZEL_
z={Z0`6f^N<pVERS%@LI@jb7ChjXY`uFip^}y7;-Nk8V=Cm4lRR`aB+_3)lMD?U3^=
zsyy?nCEpJd@%c`B&jZ-x{IUQ|QJH><S|UF`!7R5(LRo^~{I)h9zHcK73tVEn_HbK6
z=`U3*l3kh>8T*z2AWETf69-iG+71x%tVl{D<Fl6&CD3YqsRaY<B|ck&$G)Jo`g}~D
z?TywDtp3*JWg-|9PsNSQk9sfz86_4uA4o{hW1^9W2s9A^sx*ki(Fyae3M4TZUZ`T_
zlJ>`i^7+7+BtEH=yOl%As3iRG>o~ZtARNf;A??7}WS4TCA;+F!7L^#%@2*!8BJ#Fa
z80OV_9Z}{Q@bEpgI@>j*`PRE1Gold@w-2HU0?!rrf4tfr)(qT@W#!NPMPWQbfnG=p
zTwj1f_qon!W4iOPU8FdVX$Lhyrq8c=1kDa34+PO6ecAHl`|@G+m3;+xdFi~4!j?y)
zkp0PT)IzYLDMO^brhG}-h3vf6jL>vyNjaPuUg-H2qso`2Z?uT!rhejqZi56m&#+c5
zZZ(KmDq?R7vaDhRh)F6VFSI#SCV0zTh~PRnhPCTow3Ok{hq4lMyacs@#WYB3q2mXq
z@+=rTi@5c-emJDRMm@lT^TY!CoAe_l(zo_j&N6sif05Fld@3g_6Id+&OgtW@1Qvio
zGv11DVbCkikv-6ELuq!~(9Qw9+D%>U#%d`pX1S%*tQ8^f8K6<VMD%Sr#W}jTWhy@w
zLZF#xnuwD=w1M^<Ub<$lDqNJryx;q#8)e7u(yTDO{#9G%zDNUrebLv$3PDYIQ%{$+
zX70b|AKxJ#$r9oI3LhRwJzds%+Ni*Q*u6e6>w9cevt_l^$>m(zy$|WjQiP{-0pcX$
z`{)~5X~J`3O(rBFvc|oE!1c5+K4iFk@t?JrPE;VA+%7uK4t=|^@a|9G;e+n~JNhrj
z`xg+ABXRIc3{slEPc*@VX1JQznk-zI$4&RlN1A74Rze$neezq0ub5UuK9g^D8mwRt
z75&%nI3-yvQLILN8~`Qd^Hxv`wE&<d4FK@NJrv`osaDMaNl9-iW*f|B<!=B&KPekv
zS49xOlz}hB4TBIHPAY;VS{drZI-J6074fTQl?2@82MY~B!^x?hHV(5RN)+y2Ud~W~
zb`Nj~wq<a;38j%9GP3w`hw-7k1<Lp&pe4iVR~V@fMUDjAY2*VWAaUgyI4y(zc)z<>
zsb3jU3JCZF;x7%W$n*`;2mB8d-V3R*oSH3{TBMK#0-Uym=x=Dm)P$x;M1RpyMJ@pF
zChJFy=9A(lRGTn3{k^-1(|4W2Kqvw%t~kU2LOO@lHs#Zl=%C8scD!|E<1RU!tTGh;
zyZe;2`S(H{9<OqK-O~3vwWAGK?T-C81Ij(8OK$V+U@$E4?!C17#N`&T-2S#4uZgEO
z|L#%S0~oO<Ga&&c*NgC7&+eXW-qUC|AuJ=B)Ry67N(su<UoL<M%uj5<W=--E^{+bW
zP-Osbz4KK)b`(;+#ggOpQ2GhjY1y<ia_{cqrq{hD_lPQHiEfente;Edyx;bMa1yGF
zo0BQa053r7JKb^nE%iyiSE7Jg$QKcft|pG}uoDq-io^z=`MY1<M|50k(=osMkdleu
zdbpS&TkJ>yMETHT<3EVsR^%7C?`GHWdfg&k9oa^bWRSg)^Ee)SfQr~;*BX8g4&-;v
zV&zw?(e_wyTYCZIJ444WaIVEdA4fhk(`pIk8H^mR(|(TsL3mU&|0zvoi3?-vP|f_)
zddOXi=MDzkcT8{n!ts+k{Y|!@BFGEbMVT5LGG9aUOhl&IK^0L%fhk0S4Bu~sU52ZB
zv3O!54=5npXn~Zx`(Z&MLD@XM8K*O1s9PA~Hd>^AvbA?HtRcoP${akkZYF=xJAAZQ
zKMI6RxeV;%=?kLYV?QI}ibv3<19n&~Hd?;kM0g0i#zm+uo<b*omx;$Y@!efi=AtIE
zkB!4K6XnfYv0x+m%z&5g$GtHRX%+*DvHgFfzrKwg<KXZruuO-xbENq}vy``O)y#sl
zwif3A@V{i#0L%s^n;QT29R5UfqR&+yu1oGJQQxlcFMsRp_(DKu1{rcQN1smRBnAqf
z+_~P^pX=Kjw+&ji)6%`bH0>q8*UnaAbAhYQE*U6g-5=}Epc`-#hth+|ScS~PECFr`
zado2P9P!I9E3H0j?(P2Y43-O@74TiuYAs*Us@FiyJ!n+#(bw5-hI}>hO~jFOU(5bY
zuDXXN7v-?V4oX_U?D;5g0{UEmPG!h~xr=f%ADoX_rk1TmU6a8uo#aN27~c>Pa#N0r
zhKj5F(lU!<`H_3R<V==tvV2drMC2R8ex1|yYXw~KH~k+y5aPQclG}R~Am$ae9o;^+
zNysVm@^Ai%IY?T`<G$0x1wbp}9}J_FqN|kh?J3JePh7Jl7#9?tB3vU?-?B<);8wpl
zlS}SVDm5H5c0Mn0l6^NJikY0482Kp^2lXpC$aDgZExJ@Xr*8*<JLZ6T4Jtw6ANLQP
zmI6Ysu;NE6jfUHRpmjvZ;^Ws45WGP&*{6sMrsmtZIc80Hc}A{CAt&)84wo}BeSLjz
zdaAUp$zr2E83UlB`{m1*)x1P)mgsS0f=?X}$t&yYFHdh+KE+dow8xd)6={$j6=aGC
zx@4XqV^!F!i@doUM=>-B-(sVd><%V#mYc$3vlJNGJ&$r-A&a9`f$5c(TTxfVnGVx4
zS_wrlLUf>09gH1bgpHPadxrV&k}AZez?*4yifr?xTV%(t5Brk4;adg1WB?o@CD9En
z*!aENt4iiylV!T5UROnxC#P=X(Hqybl6ybab4y?Z?(eQc&ZctON9c>YbM9jGF5M@#
zEebajMkf-Y`Vcavt+f0q6H7iUSQ{fs&N9x&WpEwt)%tX+aqA;U401pf$PQA~*`oeZ
ziDU|h-A>KpZL7)sDXA;6e|>oxKm_9vu^A7kzEKG=c*l1wk}j0~q<KnhE>HPYj+j!+
zK|*$Ix1N&p7z)3C5Q@<PM}Y-562XQEe1XPXCg!kc6W^!Oe%FG!4@>EHOYFj3Z<r%{
z?yA=Z7hP^9;O1O@3vPev=v&qy{Zi-{9Q|sw6Zz>Ei@IuY#FjoEYs{n=8g;1}4Y|_S
zf>>55(RUy0-qGjY$Z<A{I(*n$k7g3py`kA(cG;^jy$uKGEN<e32RuCwmLWM)&h<q;
z&~g$)ko1n0`IZqM#?$7mm`ZRDnm!t?KL}5<mfYSS{>ap&2DR3Yhd<n4*c|6_WZbp9
zUlc%cG`g=h|C^Toskcv)0v*C>y}oz<c2UrQ-l{km!nPPxnfyg0R^tOAtPOo>=j-5p
z<vPxWy%MOhXFPt75NWcq`(DwLACu9LaXXXi1--Fy5eNQ9Tc}>GK9#+=a)1zy!Tkm<
z`aK4lx!29A=uEX)0XzK;K=g|s5VX$qn~zp?ZJnlVzjY~H0Ak=rnp%a8*a-;I)K^8!
zn5B@A&_H-ee!GN_5dLlUq+HQ475=Xu04X7Mbc?ZI{6rUBn!<#ym=p~a$7{AO@UO0^
z$HjS{0jUJVZor{!0J(LUx15YaU{)X2A$p_MK?;(^9u{re{_J+(S0m^>0!r_Q$J_T9
z!J%+!^vxFtP;X~L7iK=_>D=1d`TBA2Mi+`i5*o-Ckr<S0%c}Mt*Zi1jX}Lp>7jO#w
zv5`3))J*yHvwgEC*j272%xs1M;&~md3rPIL^=6fSBwJ53+VGkF!={~G!BxH+H)Jz*
zR!ps9$z6|vM>L(a^JlwWT$TZI%P0@PFL{4$*j{LrNTU1s?R!|5`*ySA3x97u;n~Ce
z;Vrcy=c0YD({M}KS}li0uSIW_j9Wp1%_wadPnI@nu<YxHi_0%*UeiJz6OY*1$AQ-$
zH*4pJc+30;@sK}Gyf#9AH))PU?;y+5mF518jK%EUU6JXNL;f4GDya4rSWlX>1NIt3
ztYXg}shMy<#qxnN#Y?ekC(;2!=k{?j-`ykjr(ou<qx^Ff^5&QI*d<t;ls*}Ey_m~*
zn%bC~Wqfu~PwJd)iisCd94g}}QonZ96-41;Lm49?o?K9|>PBeRY02O`YF6-=79gpV
zd}NNjP`>sEQ^^iTdI+XtNkMe!g6V_HXE|TPebLM$Uldjyj&xHf`~qG-3R-P;EfG#}
z%J+cl9@WpY7ZSU>_9G2|#3@1ZUk-U`reB5Qa>Rf>Ao3Y?KoWj57nXN#nGMB*D&*~W
zGA}X25RMUmC+sd$o=joLnNH0oAD;U_ly8-8#$kmsj+9|?U&qetK!>=LcIHDF!Ig0C
zgp}f}(Qr(!kisLrm}M19n14P^-hyZ}a#8qGLth`W@qWo#v7Q!D$kFpq$-uI{n1?R$
zKiVCwoTxg!iB4e{{{;uIh5^bLPUJE+V*TW}!<5=ei4*WE2V^y5c5;tP9{0gt5Ez$t
z%(-jE+^F03L+M-m?=JTcF+!?rO#4U4K`kx38{6B@osNMR@Z<ecmgyvjBy4~ny6D@)
zgreg348;D_qMW>}(HGxD+*em_RFD8;?WXoS)V_Fnl-v4`zQ%dNC!mc`1Z)Sab8EHy
z*S#7Fi#Je;N~b=RxAoRY!5U-nbeb?EW>W%_@x*9xiFUY34|IaY)z*r<l%$Gn5#I`0
zHzlwQ63|`r0XWw|nBV&NvYfAq`DbGPn`OCU6I=y?qo$G_7TrT0_GqUz(3r(;!H8s%
z-X5QFG7F@L=L01ueu9rlaeC#jHgL_(|Ksht55&uCvuR6`ZD5XI^?KR!1NCNZG?AdQ
zvwzRi(7e@3zH^4EJFqoA+v%8x#JuZbm%(U=rt(IH_g*6@q#3BqHh#EJs<Uou9DZ`Y
zn}w8Oj&c2*&fzdJaNt5_*F=?(IDu95PbJ;AE9@3SnMON5g7x4SsPIua-?A$XRpg55
zULSGpiO2OCdj?U_5l5%2T+V*QiE<f8;~H&}!PuFj7LQ{%9cC#v+~iNq+kI<Xgg73n
zEp;+Rl2vVq2aCc3igJ5BG>dF!WUipHi_RNuu61~UPbNfh{Y7;r8PQ1Re3hV`Z0(kM
z>s&2gj%ZS-Lf9>#?IwJDVl?G3zdEHA@h}732B*;V@+eGZU`&Zd1>!LjLB-(2vrITj
z{{57KR{@O0XyeigxdABiV*&Hpyn9roK2sRc_V|63m0ezKmQdvLGK5UttSC=07xRsU
zvVpbTZ;Ub1V$dN2%vyD(k6dGvg!@)S6Hn*bUafg%i7T5C!y$~#BC!$kk%xh7(Jx*{
z3NZlmk{(*=4TPSmEL|YaqVl|eGLDJ{8qw~^iCV3;dcmW;%VO)(yLS%JhL7CI_p2(3
zK?<A>>8^8D_74+VY<6^8?doDHKbZBz5zK`6xEzi!(HnUb*@zAXwKIQg%4Hu)e0apR
zIk-$IXD+_D5(nR%8mH8?P=>_W3krY`Y^MP*g3cKkSt@Ol-q1u`6!(9obMKI!(>dDX
zY>9;zHbMXPc?h1H+Y#Tj(gWbNfcljyWU;swqn&Ql&q6w@ch2CueXB3)3Tp<(VxP1<
z?y2yK7%c<@NOiY9aB!%>BuCWO*Yky7>vgAC89#F)p}BFrfq15G5p4?{Na+M>D?8g;
z0L8hUC?7yg++c4~m>C6S-}r|fi3RP)*H$b-tnfYRww$!}Ze&5am^vDQJa`0T7R2V@
zRCUUGr`+DseZ$pvr~W|au@LAy4tt8iYbCtn83D>~Rp04-c~hESI}%hkYtf#+;eJ}}
z&J1wr0w@PM+>V>|l<<pms+-Ev;fDMAd>zb=3+H85yu9AL8(_-dtE@Ukt{hq}l+$y*
z#R{0Ha6DAIxlGI)+^bXYBA?<Npox%fxZZ)kUM@3lH%m5tIJzflo32I2mzEL5nB3Z9
zh-+~?oD+x+crc5~x=MxS4{w+F5eroYRHr)3h96C!h0iprS5FI$F;>qFE&ZS?Yt{3j
zAzb0q80iTvHxi-f8R>7SK!IRzZT+0SqCH&Wsi&3PU{`e!!`8IY9+l=+nd}hkk<1ai
z#a@kn$mUTLYY`+#{)5vky>a^p>&J+(OXCF`LSs<XWn}fbZv7|mkhSVGwe-EjNj)8h
zKG$OX7T!k!9@4l9Ge}t(u<3c6HthqUBf+wf(o>{g3nqd_vP-w_jJ<HSBss9kpoi=o
z<>!yN?)jxpP05*jLjhbj^eJ3qw)X=B=Q>?eE+><%C_a+frjt)V>x7T&oh^_7Av+Q+
z)2AA8eDYNxN8brlMct7M9?6AmDTOB(ao6W{_`nL5xGMFoz{^kS#ItC@<>g*4U@iOT
za*jmCMEAjrC_T*eVp$d<I8g1TXq!HIS~>5tm-7YQkTwYg;owJ@<Kc$^kb4sZ(De1&
z&LGN3_E@N^C^s*1&}PQ4BmR$iH(!M)0M>HrciZ{GOT57UHxg@weim%RkTVboQ18A2
zDBRzoDhcsCSVMsj^FI5?6-aA3KY`Jrf)L2)o3k3j#$&rdI_ZDFD=*T^eNr}*K5x*O
z7T2OTdOo^T$xackDRWqA&DpU5^<}mZsOSVYV5Z+^fIwJC2(FsmAqCLBwXU7?GEnkL
zo=6ZlBLpZpa#wr&&;$kzHb*3L6u0{NxnCxWj<W#F9HPL^iLVjC9j^xEbNYbR7kp<K
z0+vSrIyQ6+ZkrD`r~fQT^v)F#@6(H~VG(G%VynmG=nZ|@bHGA`g!CSED#_GEX)O{I
zpdKBVZe#6!=Z4WHkpd?vBYKHHY3H5WRGrAn(eS#F*WI5YB7;Q)eBq}$dUaNeRaXU2
z2k=rl8xRgNQ>RLQok7P|QSmpMw2II6hZgglzO_qSJxuIYzihUNO*xrBBoL~5kI_h{
zRR?L+%svDHx4n&D^&5r_IT_p^Ux^&`Qq8k5cu^!(U6_s}HDa#ke%bKlQSNrTEG?)u
z-_tmcFR%3eX%6W%)CUB-kJl1ngFl`Yo*Zivvk9lp*;3ftVJ0g|m+JEA&`JE-b@jCa
z*z0#sl*v+NSs@Aw9<wzA`8uqH>&<)W*vd1vJ{c&1eOLP-h=N%yL@Q&p)sxZzPlWHz
zv+`1xM2<BrE<<{Yw1WGI>|kg?g?LqB$_u>3a<ffThJerGr32-E8`NH-$GO_Q*#hs2
zR`OEqvgJ=NhIXP&O!J^?nN6SRS9Dh_=19+>pzl)4i2pa*0@#*rbzVrI2=H1sMpe51
zRAIWB&I040XC@aJGWRg?MlRd6>lnyE{5Mj9bEL{-JW-@Ghd-EU7ka_DpL(C&%l97?
zGMzh}M_ZhL8SS9OEBn&8id30!2?a1(YKhXL3pLOL1UqC;YtozpGq}xa;@7^#Dp}k9
zmEqsngwGdW05Nk8Oapg9IUd3MmHidvXEanvytB^g>FH(mZ(Ne`V^P&m7c%}0F+g0`
zZ+TR2XVmdc97C9c+vPxcMF;W^c*u{zgq$=6yB>h7n0Ean9Z`qZ(sqA@o`{UZCJ!Za
zmz~YBh35H(wa6G~-8A>m(TBL-AJ$6c`vDXJ2yyjDPQZFmU8iZiD)&ExLISd4g$&^M
z*z|W3^;MXS`tv<$dO(8DM~;{GGi2+v2NlI9k^*V{*4^*1jGyrR{>=NfXJ$IVM35%$
zTag9BKn3tQ>sQG_lb(m|7TwEXbvlr*4&bgrzXwDdCKwR$AB=7L$jSl2Ck+a@7DO10
z-z#)|6IsYh5lqnIUwkXyP-&CF{HVLG$gEqpV0e0L?*+XEnye6?8tc26Y>kvnr+U-F
zwN#9;T>WW`s^%k?$1$(aO<Fpl?q0&IvWdQT#vQMh4tq>d`wBkDs)^x|RyA%n2|pc<
zzUHZbUAxYRQgViU5%WE_I13*C(}os+3=o7#CJ5eOG3cjJwC-a-EWl8G>a8q*@`-5I
z+Ph&U6J`ngZZ~_f-nXnPRK`a6rlPj=DK&^E!26RD@xD82;|CXiv4Y2OhDIKw!!utv
zH5cnw56xXEP?Y2QZO61^JCpR@S?~L69GK@kgEN;-@n)|H$k0UK#*>C4ToysegCqVs
zQS;<N)dR{LOkUe-59#u)57i(IQND28RR;H8LG6<39~I5KZr>RkIAC_F{$H3IwCA2O
zK%s(7x>Ha6H%{=Le}>T3Dy?Kg|4dsE-YNu^9iUjuRrz>(^A%fe1A((Ca|xrzonp3-
z0Q|*91=VLG@87UPzW3(B34?fWT7c^fI$a-}gk5r8e^s}g;RbC9^ai0HE~h_9Apux2
znEUHvY$1kzsDFrtT+J$Jhk5St?T?o<^>4kdj$ZPFFnX-q2ucVbHev6+LtRn4nU|>u
z)kNVIu1M3Yz)tzZiFNtisAH)W(l*Bz!C5(_fOyR97+wtJ@TvLuj_zl#<&1gy>@963
zQzerXxVbX<V8HH}({P~R?5v+Y^|19tnd~8z2JA7KSb#T}J1wL^Lf)tfLMvdOg08hc
zpH?$JOy5wy_h^xGa6p6O#H=g@!g}cdho4^!7^xTAcO)46t_=`q#W<KL&yoxbhYd)Y
zOxE~)B&1@ep|DA5d0XDg*2*sAnS-(7FhT_YfLvT|87<}}{IG&%fMRv2<kMv$s%XwK
zi}eU9)4BxNyMd$+f`Qm~ob*!<(G%(#xR8w@<H6vW<ofr;?{4TAp$Vw?c8Vl|#4bZ7
z_19~pY_DO#D5@@ovq&!Dv|cJ|w4&@*hmg11+cH?acB^Pc{VwT4jQ84)S5l*ud;xCp
zRi2v1<ry;Ksw{}pIhPXpD{q!1ReUxx$9L_q8aLG)&%%k8VxNW(pS+Gn`_;E5%t|1;
zOpA2NTn$xu)f149T&*uiuS#xJYwT5-I8|mD4K{1zTl!<Q?+jrlBn&d<cO{whc2jwg
zvAHD@Jh4h!a#GUw0|*5tqvcI+2kIH^4=TwuSG=UnoN_cg6`d;0eoaI(I&S&5cJR-?
zyBtrp@K*SyNBCLy`(b4FO_Tj*tfBbWrm6cKHZIZPl--kUzJ~qH$Nbp<u!QR)^8Jy;
zt!~=}pRd0;3hsl9$w-zD<$V`kX{@jBis~u4JY@ih_X|ik;^#lu)mnL;?D{>7MfJwm
zp-}l=KtSP>=#(8Jn@EqPpk2Sijh#AUSJHpVI^Tmwec$yBYklHHS*-LPmD93Et<4R<
z;Io-*l!456+pqmdg2KzyN|RY*I!RUeu$Dlp?mL#|^>}ML$TAJW@x1B*wx-cUa-GRM
zoxT-(qyz$Da*DIeC;TrF_b8xOP3C&nN6pD?0KV=Wu)J5jVN>=HfyU1QO8%XW7fJ!>
zQEZ>q#CsYT^_+N_w<sJEN!HqL2vV#MQ5}<O(XKZS-q^M%4;mOYWib`+=#m<|N=t45
zEu*>lM(nc%v6xYE@JSA@Ra-B8C+Tkb;nzyOEVhn%i*wxdqAX8B$-B!ti1c_PlTzE=
zBuU@Uu;)jfgh8u!P{_u##P{o?@#%w1MuQ(}Ij5aj%#OjG)|Z*CbGv8PE!u`>{%Sd+
zQ@mD7?k)$TZ}|=0uZIKJJ%@l4ewsgmnqm)sGFM&6cT~TbPNG?&SsTK2GaNej=uAI4
z1Cq8Y$}#jBD>IQ0fJG)OO)zZ)$Kgq)tU)&RCHBW)mpP9?DGh7oCO|%rJji?JGhAlA
zu1*ELyL0dV;nkuO(|D&j`Zz!P-9E!J6Db<YrLAqD=DYEpRiSTrpvDfOP->%dO5@ES
zUJW~7!Wte08<@El8i~F^w!Q}Om5XU%F;ewVeth2(5R_RW`6-pAw$aUM1U*s8lr;fj
z`_}Lk9`8M#i_w@Uxn|a_A`9K>o|R^8z{M^=D11J+K(sMP6go8IFj?W17(0h=HO6(j
z*`h?Oy3-PnbJ|apXwsztt2U_0q)iAWx#7$zs!DqLHTU?ryUa3P?QEv=r6l50t$70%
z=VLrcNz-E)_vXy&C!;HD!l#&w7O?1(LV^`l1CmwrC%pxmr<We!{<|gn^;dgO3>DN}
z=)Dnt#g}-+5#s(~nD#n*@kr_(?OA+L#R9#Xn&0Qry`RiBIvFdgqaEG(HY7au`W`l2
zMaEk!EG@392to^ha>djxxvF#H55@savwnc*ia3>Zvv;F6Rv%yh36zC3aX6S6HMg26
z=Wl*<AMlWG=<|%cu-_SxljhhZqtsriMVjx4Cfy8Y)4Cql_H;qH)VVm`0t3Z`O#rbW
z;(53G-efc<pl_Z(f@kXuWm$stcz+r9!-*hZUz=eSqpSM0;ql<UiM2iwO3PiMso;rw
ztJH@{n&cWzjFkzWZ}&tTs)xocQx*8#X-4N6&Z|)Z_LR<c;fO*B6jx;)Tby7t5TnWI
z)Z<&<GB5a;S-n4%$Z?6=$5TzVez5$wy-ZXmSD^K>NVC=l9yOhb>7rx5^<uX{N+;Gz
z-{$KBl9Ph>^ho#9JAi-^m4M50o1iJg{wzr^BHpYN95h>Il;wIfyF%=r9m$)0HjR*~
zJuKilIXRv504xK}b7vr7|GHLGkO>?kNX+xmu>QVuK6JusH!rc*q#)DsDhL5s5wd|+
zq}>9n_o!8N<y}z^DG_@MzhJZIz?QUJ9j*AmXvjR7;c-9fTg4U%6-@}+F8WH|&!y|5
z)gSM?M56>O3%YCt%M=Eit(qS-MUXSm?Hf<<z}FXYq6D=2Q)P*>l_6T3FUNr*b@*73
z4Q%E9UF}iSqFd<Dg`M&drLA}(qEw0#xd-vOkr&=)e=l|V@q)ztaeD6l_>99H*)qq=
z`5q6WJDy7I!4!&PsYiAS2|tj7L6n+6Sy;+0h_CvPW3tP-%y^IYy9g<cv!|89#;^M2
zes$BD@2!c*FL2%Yc_|AFZ|2G!{1(o2M_-JzUS!u0)fZ+?l&LM_Hyk$IZ$@guKCyCS
zPku0jm-IME&lKso`M8{HA3rgmF|5rq0o8Azw0nu3e1CNui?`e?fpA5DWH?<Ju;`U=
z>@+l!tlj^$C^PB7=gDOw=MnViY6#yxzvRYub+nA<JkvrDuC3!eRckt+9jP+_#sY<Z
zo+sMBaZvVgs|CH_0pESuQaNjz7&YWP;RO#htE++ddSoBpee}9MppM#KZs@1c#{KL`
zQUi;O``xhFl8n>oC`R4#3fhP~hp<oRS&e?{l69oF$K!Uw{m4;tUfv&%@lCo_Ygu91
zcVc1yNz3a&ccaM_^4nHbX!DeAhgK{NR?kGORi-~}byRfpTaGsXXgb|?(P3I-VFsX)
z?p+PKe_TFf9S0V-P*}Bq6I|4PI$BH~d5$%@*txN93<FjBUO^P@!abBnFWi=gGwR1Y
zasfj{&P%~*AVy-{Imw>Gic4aH`^MKwtNoo6{$$Mkkb{siPa-h^m_Y8^i|_Xns_avd
z<ySu(Z0<zd>btUNHj|aj;a#36R1)1|;~HpG|6yHfKCi}Xv4W%>iaj8=N#Je_V%j6F
zcn#tKyV><`aj7=zuV&`C9mD!aHGk-SduF#R1)+7lIITWcWueD${pfbwdvmG{?Qr3<
z1pWq?1j9_NzS~$iQojh;EwAfzC;hcwr$E2=d|y?->t+etUl-%@_$i9nVrrn#<8o5>
zEEd7OmLBXBuhlO5MDR^J8?v#qWtAK&$}UbV;?Ns`$4w+(=4sN9jo0m>PCkP35vr0~
z8oDQvkeh0!ZhH9_Q|o@$yiEKR0Uq9%7dNBGYx>XHBumC;%ZtbO4v#lOk*9iIv7<y%
zh@kViRGF9-{9Vo#9{1z-x0dZ`S?fMlKqZ$Jg@>7sO8L8vqfBbPVV>*iZ7Ui7e64+x
z@*uK<|7?Mg*H|SVbn}J0ABV97{m;Ue;lL10wr{IFVH4LXZ$wMGer6$L{E|F`M3Ae4
z@r?8l5BPPgd1(s7UbFxcpQcxPysdeE?!YOF`c%(LA`}F5edbFx&=McC^{wHy`VZYA
zu7@J6qmvbhYth7FZ9T)V*hsI(ixvLr$&wC}v+1ek^;|Ckb^Tj0%}2rQB_qgRXHMn`
zoPpQyeO}^;=bPUb#s`{3C(h#RCK=<eE`_ck<cn=-?^*S|Rdu{44kk^fsw&zl^V4I_
zRqEGvBqVWo>A^}FsSE?!TC3s44-GZkTCRla_q?m_?1vb)54B~8*y;!OzZEFGAVItF
zWOx%>`~Fe$*78wCc<z2+nJ5}$n($K=!t))c*EHzdNhkUYqhdYyeP#k+?Tel|Cduos
zGk&7WK^y#6WK}2mPh^#NI;QbQo#dY*E6O6SfOzy3VQ&=#nU)xp#g-=k4sU>m1ME<e
zOk&91fEJ2c2NoD5Fb%OQ0KiacKNw+83=WCGA9lx0*PrgM>i4qcg%!pDKV@(N5V?N=
zDHW5eXnRz{Llvu4tI3)Hi`HmjC&IL!Jb5kzDYz?zua6ctcXA_76Ri+On0&*Dc(s<?
zjx~SwKQYBP-eOex@F75@-F2$L+V8%gyzf)wmv{X53z!g1QLR4s(DaavEICpZ7{n55
zI%$@2$WolppC7)z>7AlkCJ^vxtWcb(SGLk=x5~APmU~~TP-XUqL7tMdXyy0)DPGq8
zG2wH;cT5t5oA&GrP=K5LsiItbS7X`Bwz-#8+VBcD7#VWBOjd#`kcL^x34LY*?=!wY
z<_fmG38jIOj^WDwL5I3nz<_N`twljtW<B#s6wUlikfdfExpAh)d2Ozm#C5KR!Ui(#
zW$r_bxgU32dFFdiUQSu#j{-`s;fyBJgkd86rG<KVpoC?TIj;qv-Yh*ccl9E97(XY_
zsG?6KtSg;NOqwPegU3wBW$wfi=+vn;`x0V@G&zb_E?#dXWu)7;c7P3lb(>pF;Nebe
zr^Lzz2PUh_FiMVA^U?Nzt>btFX>O$y)=TK^9VkGPA&ubX@4A(7IFAq~A3qu@S0t3E
z6{$-9Oj!=PbJ|)LB#H+x|FfXmBB(W-6^F-Vj($p`JHx8J`6?;TdxIjirGu3)(ethE
zF}HS8few-6UOL{>k6_r1d#kOUf!+RzkJMwENeN@O6w9|NvgM+LF2+^npH-MwW?6T9
z5$R&=hPbDjm7ap4xNV<2oKk0ZA2?sK4jnnCJRJ6%4-#?<PC1=>#kuUiPE`#|0d2mN
zk!_QjRh`|sNo<jcx-Ni%6@|fk2b5CdmKKkgf7To?(ecu!Tl%(}r^Mfy>5t`@069+4
z|Do<ZqoT}$u2G_Z0Tcv8q6Cqw<RD3c1PKxaq%n}A<eWrB6eI~qMsfzpLX*Zo4w9pw
zB+1ZZ8oKX!x^-rpnfLv3?_KNr{xGvv&vZY}IaPJ4_TE*;qSb5m528U=c&KNI1*%U~
zVTld>%G&LTbd4(Gk=@)nVm6NNjmujUh1zkvnZWGk8h)0FrwL;YH_E{8?o|cfuk8tD
z=fbVsG7l!-+4S%(BHQkb)(G+CE;&miU!tb}w)M3_vZwQ|utOIfMeks-tc}<W9tQ*V
zx>s!ivV`^Z##eq64RZ_^2qq6qDIn)QyRXF>d%Gb!8n-GEGqp4BqLBs#3+=t{dJd<S
z!)%4hhkMt^R1cgQ3?lpuMRolQP>JGBGA<jDFvHT&vcXmVTXV*Rk4OHfPv5LN%6&Ok
z;byEBso{T|epKsYUh`dUExhvh-7Ax6#7i>&!#CWcrQEs6UY9HV_j+ahvshpIU+<Yp
zd-2fcVcfBCgHQbRLR7dm9D8_TPS8@afMhSmgmX8rXKG;7sgY&xHs@LiB2_{1>A8FX
zQIYD533n5x*fkpQ?Q8L3&WbuxHyM2^JTIhM%=C4zJ@rZkS18V-4GJ0ciVZ7O28GI7
z3yt3*28)dJot!1!z=3g!sLFKflF71oD)bdAwO=}ew|V~267}+KvUp;TBdhPAD&v|i
zuHIo5<BKZmL@uD;+OinLH5R^eOZwvguF+fb*)p1og4WD~HizZ{@zNIAD|!MapLy$c
z7juRs3hznNk;d>!I|LOPHViO6q2g4lU1tI1`yZlDr23~C=4?4qZwqfXpY?7`F29k&
zNbO}XphMuXc=@Z>_^N_AInTuQmkjAh4Yalk32*XRtdV!yxtsgu{G3S|jl+Q^CH03d
zZY3MKcwU!O9S#T#(v^wli^zE7cf6+wu8Zqj)5L`Vb;Md+JB>w(fv8O{5@_Gr>(=+p
z70-xIZ;EW5-pJRggkRs-Ak-2Yr@pHFW_RmLW9x`Ukj0%-w<y&7Xs0WE$9Y{-R-^L=
zIZse6PBBQkJxiEewm>5_X%|xc-zIr~^+d^uH!TMu*UugMXA<vl7Q{-?`P^sB)6cTc
z{a~Kj@XTM#=JDxNeootq-f0_!+HQ>~8fy~ydUQ&^L(If8F|YDgo7$6lWvWVklFPK7
z?ueTTeFSUIvr$b3Nq8M)<6iSc)R!ABZw(*BCRZbOG$cR7r@SplKS{v3R%zRR@{54W
zs!pI@U`ey}L7U<r?F&-UIve@MCON0g$c1(>`ksyTQw!7=Oy@M{O5es&4XCoCO7A%}
zeeF$T+o@9}eCv87K)m|uTRljdf2{kywb@z?111}4(&#*Zcv-oFc<J4R2zeS;Vmp;q
zG~xZ(F8l4bBNj>jmL8Pi*La<y1EVBu<yZB)hl%s+Yd~+_8gv}gQxNr9&hTdvD1#HY
zeGY5K;=Y-SBv|O6jiPjTZ+7rUXaeyDb5jS6#RC$<FYleH-^)nCtp-M_eQuGIDZY03
zgqTBw7#>=TRpgz^Vn2sR{PFVi0N;>X-X|rm9E+JTkSt2)ks|VQ%zN_l%@JjR#^P_B
zTXu`e{8pEkRXGj?^22Tkeb6sRA~o0l`q{P2T4BTXWT4e*Rf=&T>{wCj?E^NB40CiJ
z-?5C>a5sHaYV~a%>i6B3cUCm;5`E;t<$i=WC5pIf<DMi6;+M-2uW|pr-ZA^BM2_e^
z!3ht^qc3FqHglhYz@W&%)fMO20d0-wm6esW1faHON%h~2KiZ!mlSQ6t6x-^wcY4uo
zQfW<zUgxEU=UW^d?q`shH9zhxCs}f`9x7zh--W9<IXQI}KK3#JB~iS9cWm46R(`<_
zFU`Sb3*unmVW-<SG_bdWzARO0fvr37{0%f=F5pxeYV~i7zhdG~58pQZb_DbF&&4Tm
zqrcd$=ALBlAw_>s?z7{$i6(mHwNudUX??lmL&6Xz`Hz_AN5V}u<3q-XzH*bcEPV#9
zGqi&nWD9G?g#2seG>9E)FZ1m0CW8gT5mLT~%Ag;m%QjZ}csm-7GTb*iaIx~D%34eA
ziOWb}v@%aA6I$UO;V2L;i7YWk>t}OwN|kobTN&iUa}?aKJk+|B@p#hCk2DqWE)?ne
zpjYZR+ewe@{pQDlEZ-pEC1Va}pUI&e1hQSM%)Z0x{Yq|QyzhGMXvyaSgVGn?3fhgl
z>!G{GbMVF_%7OVV&O26%*>ecgY`EDZBkdo0<8NhO{m7!C&6g?qgHO_VD4er&NxHwK
zEjHQzycBnj3F^&~zgeYVhG7a~D<|j`<Co0nZSeyybi*S*@xT=2l|s^-LkmP7a<`zV
zSj@Vug)Ap5Hj6fH**MrIW}xRpuHAUOn!V><gIp{luPngO+>TP<rV#^$I&#|wZd1Wz
z)K;)*^4H&vW;{_;Rx+<8QoK<L<+ln@Mjq1v!DjIZkx|q?@iL}>fNH`O{ChcHgLij-
z^m=1mBpvdFA5L{5)VMGLkN0~kS#!ip5mb1Ks88Z7EZUMKJXx_JS{<Z$L~0>^F<f!?
zA9K0*9yU|)rQ!stiFz!SYu@bI9W4#y8+owUmsMt^-S)UMU$2OBM;9eYNLc2v`GB&i
zR^&kgRBUTkvd$JKOR)9PD4wE*<!P~1vbx)pdk-$@mf73wv*Dgvn5#z;*apO<G%urI
z>+z(5mO5(IL+!C$2jga+%G5aT<d_Z%NRHdVU?~Y~?q(mEybL~`7+g{=Y8PU4s54{`
z`y(ywIhUyXjrv>P?+abbGe|=KDb$i&rh4bMXW3{WU72AogZlTT&EG1^ZB#y3pONRI
zy;JHCep21YqJ5;qoL6l~wYsq?L3brQ*~si5J0_dHEnk9R2ZDb-^9}7vd^@W2tw9Gi
z^wqj@ZRrtlEN5LDE;8biMs3u0>dChJ?ev7R-($qdLHb&*hjB|PLMP}(831>@y8>|d
z@ZfN_?tT-3vya~3m=w|rGg*z%;lX|IU&<w<OuL-Ir9SoK<c5=@yQMfDapoOxN!e$o
z;mJK9G;A(6XxQo=M|6E8;jpJ4Wcd>d&Aibhg)=YZ!nvJCfhm9kKN5q(`hkkOeV%wz
z!E4koZ?$$C%Hd1*s&<H>IR+EeWacJ^zJcUyX=5;jrl11zG&NIc+s(ir^y_>05SS_x
z5GQxyu{l$OB3=xag=)3EMF9<4VxC!Wfr_HyGoPyuYHp=m=Lqvs*8eMOV5ThXLD!Jc
z=UrI*S%)`(*Oq9^+O)f0mqaI)hB`MLLw|%`3*{5Yx&*zz6N>4VuA(%%E!qK1ms2m3
zZeB0AatfE=`z4tG{p;sBz?1y-?Pq0}k^+2jI(>gUy0LN-lb1C4;_V);HN>_IJ&3h5
z4f#CM&Ey2V*0qxxpTreq%5JjC+=~t;34X3lO@1jrhMch0#IIr?&qUX4l{4ag&pRJO
z^2NN9zx~L@6U=W|YMd5H#sCT%&!Mf$tV7xJ2LV4pMF*Y%55+`@=kreeY3<$;E66G4
zMLpIha$2xR0|ub}`6nO_^13xS?*s0%b<D?$mq9VLI8-9HbF*h!R|RboH@?{PmON+1
z5exLW&}kn&!NFT22OBdvXl=MGj0+9~mS;iZ-FL@c{s|!dx%*6KUjnS7#rMaZ^KICV
z1Ih_jb|wvqRD5jiq({=g$^Bz*<AXS$843*UW%D=92?AnU#O?2AtF>P|{`>O&f=});
z0rPcc93u=;pul32&ou#f!g4D`xb02zOPrDlvG_$|JmMPd0KTC$I+1E1(78PI{M&Su
zK-}(MmE>RR@R1qwh2m5S2<*qx+_>Jp?s^5}Qy0y_Da^HLK_dkH=bwl-KGj~JBmJZX
z%z=@O)KMbq3h{5-gGo+hnh5cBaj)*ZHNJXB@Eq3Wi3wMBB>$MTiVmfL6K|*_M#sMb
zK~I8k|G{dvqq9)~i7g`R0;#=(vlZW;G4Zd}l;OsH;ltakKR@m!FCBKbsN~!%y3_<-
z`D3ct0JP>{(h~LZgGZw0MWAhYE&6fwbvn~;M*4FVsfkC3nkItXn(uv)$9~Ry9z<K>
z=o~fvSWDI>E<1H|@yB4J&riRslxXR)E4mB}=>g1r!wWsR`#!7w-^L_U`12uSSf#P=
z(0vX(<U++2F&@lA&L&w6fUhKeat?Uag$r&ix&ciLj5)*f@UQ3^zuYUQ|Gkut0<q>!
zeVR%Qi=Q#w0DBXD)pLyXVTd9gyl>t#n}wKZS{=9HPM!0_#E><fw-3v_D^bbblwGRP
zf0^V*PV9E;DI>5^YMKt(ZuOT@{p6VK7PGim32pa%g8c{dC!S3@QZkjcv@Am3DP7FS
zc~b6|CH`fd|C>!hiQIoJXUqRt%V`rA%|bNLsI}@OL9dhui%DbIB@-`6!C^~d<^bCn
zaTXWpEqdvx_7yz;lV?X}f;MV{hLJsd1pl_KCL6rn1IE3#^}>j4YG_ZHk|FC)MqbEw
z=$!s^8uqsP)GicXm7(z3mn&&}E>N=J+aC0V>x(9ME)4%NgzFqwpO5~ak%RI1J{{ol
z{T1H#>$33SDvSP|AaYZM;1kO;_d?n7^wFuT+cTf<N3V~(H*TO4Q3nJVjqn+wvl|H@
z%G3*g&s*dRl$3HWk?^QT=N)X{=K8nSMTp}fao!+%^Jwv{F{h*q(^nAB8P=VWVGOE*
z{6TU3J-78M_%M~`)bY9Mo$?;37&55~=N!GrnIpQP2)yvcReg$hWi#w4Waa(~KFn4>
z6aByYPXrzIm)bV7sj$l#bqR#ww%iV7*RufAii_^PIb4<Hk0#2}EfD4hEfVop@81~l
ztFRl_^8)EHxQH;reDm;*)PbqaNX4dTZ>5cXTRSJ;!GR~gRbM7KWqjheY;n!^lX;qN
zAICe|e*YN4)~@k@fSD4kf2LOEO9kMFsVNvoydxzytMG3FpSXhEfUu04iP)e^%mW_r
zZFu%N3=fKEQ{@sNlC;7rLKI4a)eejtSFT*CnkS_fR{{uYCK&6%@3ZfX_(YvbohTI>
zwB9Ivx2(L}Y`4(BY3g_{CN~$P((Tt;=pG`tVQ?j{oh9A$BUVKwE#TERITdQ}5P&sY
z^qg#7J`SG~kca(;&4pou&!nhV1r0Xj_ClL=XnDBS)n>(&wcY6UKAAMrLFB_;CrWl<
zkb(&w>iz1j@9IueOgx7}<IXeNsRkalGyV(7dum|5inoUR4x{78b53n+arsOoTIaH+
z;9@4=j#d^HML3_Qr{}r3FCh;|Hfoph3+BGR<P&yPOO-MPiUnH7dRF-~R=nN4N6Lr@
zs=z47TPU_5<2LE*3DfQqvFz0Z{Vfj@GJ?9}c#Xfm&i?X>mG~-3Stk4BZ!g9aM!2#i
zy(X8l$<!}|`J{(rWVvowTs?qVz~enCsc~_BJX5(pyUc#|qUS*twKn;zZXXU`*jG>p
ziS11|vkH{^e0*36tYmS#+Wn&}>>YuJnVDHUP6@bJrybl7%?1R6uWFJp&zrLUpeRU;
z%!B_`Eo;t=8~x-XGc!BTQ>XTl8Q`5-AKN*<_%=3dsN_qk4|A%YxOiaY?TUVa3;sD_
z#H+HuS<D0*Fc$CcQWbU2o(*A-)U%Z!O}S|tpej%%&w>l%m2@Q&u6yuF#py$sh;nl6
zjuzD{rCPvnGXtGh0mvpVkL0T*RsrMHK>Ts4hfzFQ<(z7OzC2|FaiA!1&9|4XI|-Fp
zhC2zUue>H@n!76;eqwqiDHo&Sb!AoJczFox-1Be-ipuP}I7jO&!W#>l&PW!RR4!F!
zKA2O{%G09c078ouO#uq~soh}P?j8X%g6!(?FZ1OG^&8Pm3{zLUAyac-wn)ZdtbTRZ
zXRK?#r6p49uXqprTggdqgxc4TtqxvGpTfHHYbYwICiJW>?wp1lej*PW9kpjv)u@&p
zl!b+mZuA8iWm)Sk4p*nnI&??FswXdg@t`K%5MQn6SKuQv$WS~p+UStVt<^yX#C+<2
z>etJJ>lGQc5mMi^+|@_{6w2{#qq)Q*G(e{FVwDX!Tj<^4P!L!eD&q3bO=|-vXgj<0
zvoPa2H%g8;dgAj`j}X+$eOVn!A3h}H_n7RYne)9t)~$@aX8~AmMo>{gl`RXnKBB7b
zvESNMqed)uQVCvl)rr;NgNq_|mqvB-30JEfc2~!_0H?#F<xp{8`yO_nd@tM~vwm%Q
z2UWMTr5+G&bdy(V)%<8?Mv3F^Q7s@qAIdJ-r-FBvMtU8vrkzd+vJA_uIw3{@k8443
zU@$84s=8T(K0hAZC72Oh$JoElRa{f3gqB++KE2W2(G&MDTvE^Fs?xMgc!IKJ=NpYV
zaA_*p1P^G!4sin5eS$BzDIyZSGn5D|Ox=0|3wx^1i-7`tzAGhu8TgGUo}k<=y(b&_
za7BhmvnkJ{up_SIN?2lLL}=)({s~FKx~z%R@lS*vgL%U;*28x95Vmboth7TVLbx$8
zoEEB+C&C77VP=^!F_rhaZ;dwkH>Tboavzl`lNMg+$W~iclRB;|a;tx4PF3p5dDZzF
z+(1^qQz5a(<lRkS5VX!zU;=-&-vr5q<8te#oXJpsA36@g-%hxVe30d=3?O@9^wfu8
zn6wYd_zoFVY3w^y13+4Df8F6jm6)z9Or30FtiiV~K`l4kal8=kCIW#N;D!k)@Ezxx
z5RuYFppPsn;D<{E^Yti=drbN@IDAHHRd(a1leMl;oZDF%774sk8w%KF1qPqe#;>za
zW$xhS_`S0q-c)ktUG8ZCWS{B6tJS`ASBd^`AenFyr{gtie;p%THQQ14sTucGOnHGy
z^nB4Rn!`8h875}!u`x*#AG+MWe%>jw{-jlIht_Vmq2NDhqhAtnW_jq19Pp|+uSIrn
z!hhL?!ij%w4;(d~Ha==m(6oADY5j?HdXUN%0%5k9u7DV|cxYN}XkAqk*X{qA#zMuI
za^JY#P>8bAkcn2rF6zDWLhF-F6Y97@x_*JjZi@(itpYc@9c1-u+mTY`h6D4*rUmhC
zB{knwqRlH3E^YT~+zjR}xc@=X>0{(gmFUZASq+EYra1{#j-VI2>`vF6!%6q4Jk-jW
zcs^sd`Pqu-#uSezof4QD&z6w^;m%9Liyn0}9~c|Z>gJtqV7B@+=m(yn&;QEHp?{m!
z0*CiV9?16FRmy*ACGtS9%c(fWk(<PJkz_-q*(z>?Q~TWP+%^s$PlNk9j7G>h6Mnoq
zj>7FFQ{}7u!OT(cSk-N9g2R2nF}TpMvX2f3aa7rlrqC#MG-_|F4D=*LuW$GFL@XEA
zsh5?Nbq0O&UVEQt01rKlCSix5zf}oWDoLB+GPYA)WzPd;^}YeMODq?=-8lM_i)-5-
z@5}6#85L?Lvwhh)^m*lmiVPs#gK!Hzexo^hSGASt$!E0$)fj6bop_@G^6;$(?fRLw
z8AfD*t4Cm5oqF%~@bK|V-nC-9ARpXsPy6k)0u4*xM^UxeJ$yc`aB11O#+o-rr>J>f
z-!Fj|KCbfd=R40k+n%CdFpX%Winr3~aS?T0(h*zA&A1i&2p0xM1H>lUH>eQ?J%us2
zgK>I@Bj=uHN5_UWJZ!!uYJ}wqhhs&Lzq;k76?in(nmFbCXly>&GjQ=vkNcD#mqP>1
z^@jzL-TOu)e*dWHG82D#)8f3EKQ?6lC0>z*yh&Z0ab_sil*se_rKaVAl7`n7slHXu
zH`PQYxq+VuAo2U<fodYC)@!F$ZTmDVu%vFSR<+hma&*P(+f(Y<mwZxW*E@yrWbxFG
z9~hV1e`rwc6=SIAm}=#~iVK_T(2t<98%x~YGVjq;<ya$KD)8&CP@w(NAvAAyH^+R*
z(EQbK-jt^Ga2}ucU{s#7AG%VBp*}+|*-NY1kEOhDrjSOu<u#uvp;ZHP7U5vdBC@?}
z(krExoq%db=TVh|^4QT)SDE$P$-Hdy$N46Wfzp<iT}y-f9vd<g=NazAric}|r}}9%
z_{5IZn{_ajnRi)NezX&_n%KWep;S!vgQ>tG1*LyauiO_j@wM_)e|0NO5wbD;^nz0B
z-3>yk$?P!cMs+&QrUK6`Dkmhp`$14Y6^~&qqU7~0p>j)g^;iC%`yTC3TWONG!?*jc
zwzYOXzcLJF&&|%o!Jc2S%M5Wrd+#kSr^>o6580LZ9Po>!J)T+0+bp=9QQMeHZL(i|
zD^Yk54Rg4PlBI+Ho;{pZ68Py+{h^6#*fKrhJSfpLRLn^8pFkKDos0PA5)J~71MVq*
z{~CiK%j%Q-i-QGm{%*xGi(}R_ncyOXY8_3o+dKGQz*Sw7bgx*Omccc@aV-qqf~BJ6
zzC#8UZCxT$52|irgmEatNWm4Erjs>uFI|=K;q%=I_swz2k1M1Tt1OG~;Q0jLcqla1
zUlOvUI}bPOA5Y!6C>WJcxtzz=<JNIqx5^I${Mf~;RD#`o#qniQ*t&mB&ykwQ6eqZa
z7)<EVNG&!W^J-)Kn1x^AHR+dQu&crD@k`R6KsY}vtMlPm{Yq+<N>8C{d4fR!B2~cV
zc)5*zc5lk!#9ZUTSEL$K>{l_XK345UwcZBb;tAJ1$z8ivoRSXS<x4q9Uir#fgZd_I
zU^Lf3|MF<%n(o}P8Ou&o-QJXYiS0y9v;TDl+C0*Y+8^nS@mWHyCfoax$WCq9$-@>`
zkya@0-t`r;Px9Gl-T+#LnU;N`FB>O*JECNm&JcjZym}&79p9-If*P0tWd4B4x^I+X
zg?La2;55QP<Lw+pKapj$vP~l=V`%+r766pQu!&4O^1U;$km9SJAZ(M(;9>u|pm@ou
zPl0@zlGkIol_mUjFeAggb{YZmP<Uai%lD@;qPW#Q?_LQvan-2^al}PlO575T&uYFw
z=%Jf?M>(Oo{hGWgbyr-Gzb)x^0O3|tw72P&e=`M;tY_I>9@;#UFY~83Cs-W*JcZGZ
z826gx7;X!=4#rK^oyy$9-)o=mYHkcd4IPsMCZhb78~w!b=jD<UltPvpXMw`=ZQE4N
zo^MoYDx=F0e2Xt)t6O4f1u0MH7f!R4nl=-DU0i2rAddx5YO%<*`hwQZwBe~o+V4~a
zmqtGrR@vtHx!dbD-*wNE8F`$BsB@E4@Ve{xbaby<!l6Tif}Maqe5WffCnei_1JUK@
zmRlCfXLMP>0_B!#$|n9bqa~(q$8@SQk1_PZB@;g};Vb^nYEPJ1=wCxt*-z$ww$kr)
z{4D)ENaVMi3kT2YGDyDb=A>K_Hv8$ZNf$Y!kRaihXnwkcQ=)ZfQa7PaL^sj>M5qf}
z3EeN{;1s27Hm)rI>4jnGy}$|21^W9p&7ON*9e=0IzSHDTeb?p7)62#ny#30y6xt=f
zKW8y*3J5fp#)T<(jNFDKcf1wjjt&_l8=T-m#|q2I?rk=QelLScpFG3#cRx<UAVpEt
z`{2a6N|3Tgn7yQK?WP}BYk(5epwDWV)|D6MkMrkLSskJscH=F##7IR*&M=p@1g~JQ
zmx-IJPpM6=bqFj4Y@m)0&nstJG>dO$7Mr8N?MSmZjQ+$bTkF&?;SPafy^gWnWg|iV
zU{d<IR}$;|o_<H0H$7Je^&cY`3;nb58y$MD9cPb^F61_9@Cqa4c)sjUZ1Jgp_-ESo
z{S&`s1Ygtj(g<_T=k+G&;Lc)3oq)0Br+5Q+{k4ura16gz<*gqOG!AcW4VR8J@jqt!
zUQD-bam1p?a_M&*A;5+JlyJan+|F>H!IsrbPeEpv^2g=O%q2H5F(;X0mL@I<2{wG0
ztW63f-A8e2f&KV!ssf^vdap?;DkQimFajiS2{Zz{_1ompuW(9A@6tUl4=@6iF~ziQ
z@m(===iLKOTC=&bPnYoFf>v4WqkWm4HXK0Cc<yVZb8!47SAmZLhjw=8Xf;SZ;*m&~
z%FYqLEf|`8%m;;cy$m|z(=cazFtTQx?F2O+j5Ubp0I%Xh)|pDQ=0T#M6(^b0c4?cq
zS^IgY%zXSpOb69OQv*D4^vLT(Nlby>iI}3PA2OpuMMm+*Z<qL@n$08tcbDZuq?DyX
zdCb$((GdqOeQO2f@vOVh!;uOr?c<h{4tJzKH<q4W$0ki!=oHkEeX@WsaO?2>;c_*H
z3~Su1hM=yZFb?l;w+K;;wR9O1qtW%&qM68|UD?Jd0Zm%UJt_LnD(Qt+bo2B}QVQ?B
zzhMvG1l^IpuU2Kwy=t8jgK_T3N@YpY;d1Av3C$f*OLKHKgLxLQFmQj=`WQ#N!Ccok
zxQ(OrnXAppC3KJF*1@TbrV}84mBr+*jB6Pwytq=|4ykLT>G9z%XmR(obo0&HTlxAW
zR3padU2r?jT!-U~DPmR`<?9x-SxtWQm-G+wmP$9F0}jY*`yEgJpuk$pCKV`*JmQwO
z5fFyWmy?<iY-^GqROf=9%rKobz7NDp?IKgR1`=gUpo)mWBdt1K=tuRGU$m63SK<tT
z2jR8N%Yk_I2M_4&0`%|Kg4Er1tk3#$ac3xZrR|cs)j;O^A2`MJ-n*^vQ2|plDyZCj
zbbHqVlyoQ;6jai={Ir449MypEl*;^?_<R@iLRTVJziO$^ebMr!V|=1Bk)feZfpve_
z_dtyUjcC}&%saYVoxCWzJiPj`3M(#f-bW^IHUZl(2`J@t2XZ0Ae(z1QZ+{TV4*t()
zJ+u^|slU$pv(Q<u^o^8P=T8bEAZR?kG<#I~2iyyf^|WvZ;grjkU0<e^wn4R9m?2_8
zVYI>5h}>pRckUTZiNZ^&wji?II50qD-#1?;4^q&}fN*TJTaP-l;kO>RQmz&dml_gA
zaB5`g14;4a`R}S1r-dAbPIG7qcu@L*Bgt$_C;#rJ&i$;ZlDk#%h%Mm}xlgE2VUu@H
zYmb<KDd28Hr3~ZRLtA{GSYBghe4^`gyapr3d<}xP_yq(^NBgq)?={IO^i|r9s(9@!
z+U#n?^N$|YQ@#12`IpSS>^GTvpaMIPL`g@rM~MXi65DL9X69A2wuXe-(y+t5ggsEH
zv?n^i83uI5{XpD*`meapd@mLK9*X;={SXBNJc*nWiu*+$1D}@5vj}*IZB%d@L>D*g
zdbPE8zOJ6~VqpU@ztWy~qi^+YJ_FqEU@nf|dzZVdt1Bj2LrNhbe_HeytXuqqQ%9G%
z5jq%$PnwXHgz8ZT^|BHuFU(9;65Z&-M$!+QO@X#RVcT%dMKkcM0f1dp3>w{BBWK)h
z=4oYRnkC+?y#6p2pbm0WoyU_5oRHPM;1N7S3NR*Gc?<^oO{!gv5gnJXn)i$ZuW{=Y
zOd*Qix$~V<S0(x?a_6*8k0jDXGvSwN8vTR<#i?)X8`hSACOx?K5h;6+>UC)FMRwuf
zAaQQ3&Yny>d+Kg}EW`EH?fxzlP`d;LUr)z-v(y3ZW6c8RK6P8_5Bgza_n-q~dSyxH
z`Oa99nZ{SFRug?LOWV|ou1NZ9_$W}#QfQn$!<o2A_I>)y?}1$=fdoQ--jgMpAGr`=
z0mmm0uX*F7`=hs=5NI2up|K}uH&Qyx%2fd0ULC*LHKH96@yx>1v^C-q`Zd64+Fgf@
zX>Zg2LPJqU2YtD>SvX8k)BKWwgg*@GVW4^G;9D@`Q60$!Lc28b9ws9KrJ;7^vPb4?
zUSmUHyE|M3`n+U)9h@ezgm#r8NN}$P*Ld~uIhX4jYGH=1nSLKWbQZInT4=8-`quxM
z#pE8%VvQPbcb%W^Zad{};$YQZ6()A{OM}bio8~TUHP|jPzVPN+YCC&|;t6`PPV}0@
zdh5rK8Ay-|1l1@o!b!FTx#zD0@;UR}`opEG2a7F1{^36w{kO@VgHdq8Epmh&#{M7F
zoCa>+Yy(1NosCfe(7#n8JGb}4F^kUqh{SxV=AB9Fk1q|QDnaD$_tn;=jx%BPhfXp)
z-;hAipCE&3TKmyp;vBZ_&=PMgww9CP#lKNX@QQJUQT_uh*2;gOa)E+pft+U2iBbGa
z>mnX@yGW=(RDGg9TY3@`RfChG)@;?$D6)K_R6A49(#wDUk0(!DzW-8&654dd$OfHI
z)M)`g61#4JUQDV#%Ai4?Oq;K6#VJoa=auyO*LrWz%J2!`l4w0?>Vv)Iu$gda*jghR
zx7^|5^KXc?y7h$Brej9G{XnS1H}{|Re<k{zxKcj4B<$hm(A#9RCMW-_9*gj6w{7q2
z#^gN~r4`=o@~8$7ia<fEWR-J^8^xWpDUs`i@j3;temcW)>-V-}HD9m0lxV(<6148S
z#XqoOEKYoX*8v@Uyma5^Pmw5e(%T+CEax^Bl-4O@My7Y^XQl~GK&QOs&n>r1_0R&>
z3%94tZ-DV+b2+Jg5uVNq`HeJ7D#(f5zCr`%Eu<!+_jY7+nQ2>8TKX$}TzP#ojZ9|$
zt(5I(ZsRJQ_81=a<T{tw`7Wb3+fai?KrphS%C5P?%EZUfU97-JB-(tT+xRj@&Z+h8
zfr8lFfcBtmM#D5;GLue#{`BelM(7dFhb_Ku$D~_2Ifu%0xx|!rG|*Cmjn0gWhq;}J
zB0U2!yda<r!P3#YeI-!(P||qB{F0iF+*!?X(oo#xhb4+(0NB`%Ybe8Ke@RKOwMi|6
z&Z^gwB^R%41Iiv4Nuc~m;GfLPj~<L-{F9<bb-0oPur~?EOk%2dXXp>#bS8<hSZA<=
zU+?4Yc$1pS2j+4MbZ{sbU!XbnJSafB@ea72SnNtuK}~UY{J~3bd(1E^hqfZ2MP*k^
z*<AZU`HuizT5h-LCO?W&-HFh<XD$jwE(!UT4|b*sXuB1}Bbfm*$QM;Mneq%2_QYNg
z$jrCq?6YiF-2uEDc9&deYmgnW=&u-ji{gUmdCox6BQKD&nl24+D3C52)Sfs^M|b`S
z!yC(3L%mWEK+N@Xark`Gy!TY+LIrwGcj}pX18xVgCgDIiy1q*<9<T<IUp-t$$``Bc
zAontBot7;V`WPA!>i^D#?jK3Xqjx`H6W;8sMQqxYc?+an+Cu^7b#Fni35WPjU&&Z^
za$PIog2|Pziz4bu3t$=tZ)z^v(`>cGga`!3`9K{K(Vdr-#@5%!sU>NL8+?&R%B~Um
z^(VqI^Ap-SPPi?`KXkL5;soH6o~nTTP7V(|GS7V9I;OvQrF*<aU9aelo~Ux`9;n?6
z?p$1BEo~9W#gNWqJ73n^cEy~Q@^a$mlJWbCjq4Pp&?^E5*X}KTY?^UHb_&$x(NwEz
zmn-OQqSyMHOT0dpgi9Z4QgIVY)86k&sD!X6WdL0m%<IL)r#2eQccz#jcHm3a+Fei@
z-y_ZVu;BEe=bGn&DxhULJ0E&|=0zHon};3kC59k&hMQG2#%2~b%3TwM`-;ZJ`l{@V
z1dI&srEXvNVaA0P@Tvg79sh=AukZ}x$L4><re9J&wKt0=u(3%Qg2FTPmIB(pH^_te
zgY<I=HmLixyP*58J(T9H#l;uywU#`qj4m)q+;mqKM(}@~<%39A*qm5V5<stSN0Mr3
zmKqI=g{s@6Sd7U556{JT_|3z>67A|@LEGM5Ruga!tnFCEwZ6j3fVQk{Xm89(li{JP
zxkK1=Xf7I>8SyvulUcE$`LzW7ER~pnzR@DJA>9J~w%SUY435t+o-U;h8H!<<hLzT3
zCdSUf`E0cM#di(TuiZN`7TXrQ_z$ok6o@|J*7n|ha7mr~X-ioUCTh0uVo_%TAD-fQ
zXpjfX$j;-}kUU*`{0erdAl$t+B1XQnA6t^*F-Jkj4+$kC05T+b>J0-F<rK#>hS=X~
zB*yu(T=*6KaRE8D;6D+(JJH*JALH+WP)aSh_Mo-+lW)jp4<dU7Ls;uqh5x^P;zWrD
zU;PCu&r9Ca&FWaS4DoX%Nbta_19hWWvYlV^#0Bz%oB#|b(1T{i`HeQiyvcQTkj6PO
zjycO|1Y?=*I}p=d^YT(1)gDesM5U-l&T&w80ee7D@U!eo0RcA&R@U!_yTsXND?xG!
zIEKYN?|YO>_4}ScKLzdz#fWiUpTVWXY9G$JLvjl5W>UTgoDyl&Rk_(gil%Q1>|H?Q
zKnCP4WB5TU0lZM2Mu5rFNcXSw{RidGl!vAKqubTZewJ(y6-Hqgf`7{4Z^D8{_mJdY
zS+R@r1Ya8$*z_Y}VAK0&+eAZUZs7p{Z66LXOD)@%m<6zYg8e=$4mf=SG$w{4dwJ=u
zCxl`H{RQv>WX_^??gBx870p_0Q)@XZ(?k#0cefVN_w_LlCf5sLa*gBCEftLaUX&|&
zAn*a%R#bcBPvOA=I4J6zjo!S8U4-xwKvkKsE56afY{v_TGk<rTE;Jek2ndugi{f}F
zdi(T$JnTg*tzS&TfAIz8VVf=i#OyeNq@NoX5)kMoB=<qd<HY4AYMbh?HxlEjz=tO=
z3sAS!uUhbr${0Gteqa?_HyxDJvFT3|q}Woo(N7<jgMxI3RLd3UC9miK_0uQBqpRxB
zqB3FPLd)We{I$O?Cl<$pKnh3&R%hO7c?J6#!H^h8?((g20s;>piZjm<oCF|kH3={X
zJC^zGUC1CrFz>#0wB2X@dm;ucF_Rbe-M`RAVO4*)IS_Z<KNj<2cXqZS<|hh8ZX8e1
zQSIOBxkK>i`<vd&K#CX(`r=oLVEyB!ry$}SqY6n~>7n1jDDtpofPHQpygVw5qAz(V
zGR+VB4By$oYHV_Sp=Ub>DNWWywXN8IQn3iAKKk7(=?AX?|NHO_6Gd(_s$2}hY|C$d
zSRwcU=oQIJ^YAdn637ak+&e1Y`IZp(7o~u>hw6$KfmeTplu;rrlB4yPOIz62FbLIX
zs>ITNsDre4FyaaEK^EC#?DBuq0Nyd9pDv-&C*ZM2ttx14QTOnpC3sY(2y;j{QjY6t
z=?)>6p_o_^?04OY>faU?aTUADBrMtYu<swm3*KM3MD!CSkOKmD*gv1?1s1gyQoZ<{
zV9h}TV@Sdn1N%b1BF}#qgEQ6`BrI-O{*<b`gYu@rxf&h-^Z_02Y7(UW`v2-NF>(M7
zDZ)J9dvIRh2PLVvZHv;tw=6LB)pk&E`_#YR9B8&M;+$?83PUKw0yG-P&kh-E#OymX
zFpQ~$1tg`*jE8pKR)&6z9_&2+3})xwGHN6|{cY1RX2lA6%b=bA<2lC#?9OLGZ6$qN
z>W)t_Ztz|Es&D@K#QT?bAEBQ1<vPxkCXc;yuJZxVdFVwUe%p(rOw&R@vf^#`QM=y+
z{N5TSb<y5h%+UJ}7jeZ(R<uP<4E&5`a0pQUIwxL#9RsKziY>j^ott-ija;jf{$Ay`
zJDP)NCSqY$*SJB@X8`<r@p^6dA}zop-eJ^O>q#1{JpUk5pmQ>c1#5p|UorYSuvYv)
zgDFYlDwan||4Zc=5PdPWuxbPgv2=({E-y}@WvvGD!$N6A^e*3ebGE9^ZoDccMY1Fc
zs7G=Q;8L*~QZ$spJU~?S0`l1yRA0{kG4NSutj{KBFjoG9nuC@(j{@tnwb#<jfBGz>
zB--R1UYx7!Xp6*OV#I}wj;b?qjV;^@gt}h~3lV+4Bt=>D;w}*kl3q#xSTNh)*n`M8
zK4D3sb4u=D;d7A05*hx$#6N>!Eg<3xNQG5kofxy9zy2ttU?cu)y!KD@Ed)vx<cDV}
z5C-XyY!{Q=)MINT^-a9%P0h^P#~tb~fh!}q98n&o9*{if8b%)UiT;0=2VFXcXAhK)
zl}3u~ldDi7>xWfO9&=>x{M+wj+OUB=ZsHXk_ES2Q>7rn9Mo#6s;d^vfyIxzAtUK~d
z5I(&I>3n%b)m}P$2NV;yJ3%<c)n>T0gRlNg6jMpm36Dhv*Tp`CZpl5mwoYynA0qr$
z_TyE$UF1WFOeHuJ!jpWEM)b2LQ6R(f2ZVE$Ta^9hs~G{zF7g=jfYF;`D5P1O>ha+j
zQ&8<9I{VQoiZQaTnYF02&l{H)@$wkZI>V_hk2rs?ApWI+yvq(`(oVs*exZ0AFW6h#
z>};8>%l&&tr8mfL6PaDsOZ%4yNMBh80_~_xeBM=9_3K?$J5+{wd^?CTW#_?rMFsM~
z<cZcLAsf}oC81-ryA7sqS4OpuoC?Jq1rK~Yt(DC62sw;vE6%Tc&BD{KZm$(8FkMfP
zL<yh&`drxLn^WJ8B=DC=tg<Pz$33;-I12!VOYXC<_umd}qHmjN(&rUR=U#&=*UIF#
zNDuC?(<hz${U8S7*#&<{`GcpPfK>y?MBw1UWa&u!Kaht3DdI*nHw|T`cq`WzT-aEt
z%3yw9iGy_8R1$l=eO;w|A-J3!QW~TS+Kk--t*$wb6{<SG0DrT?ZIe0BJjGj8m=P{z
z_)2X4PM$&eGcfJ99cY0}KRi3b@A#b{Uc>?R&Qt8U3@e^G>H!#FPGjY9M|<a>fMFnp
z(Ahr@%q}2UJ>^58CRJ~0(;sV>`QTG~pu$1*-ue`~DphwJJ?9A52Blp?6F<BZ!hv36
zPlK8AlqH-vu&<{dE)nxZENyDI9)B|v#m3fOvC=~yv<R%fl9a^g+m+zpr9(tW3j-ld
z^U3Rsck7eenMzDSn_9Ey(I$K61!KogpeIom%=?~uMr;2X&@@zS<?ibY2j5@5L$q`8
zQH$v{`uV<}n>WgQn4_-nYLVW1;MNTc#e_zAUkWd$2vj0Wx;U-d;G<wQQTUX^cEER3
zyVR&XkLl(yCvOwi7`OylC}PZ&_6?$X)*<T5@^CxK7n!LwXPY;k7Majh5PCjWnEQ=@
z_U`(WL*F7=9td*+{wB;poBB*>(@#e&9Y){3MgNUZOA-Y(AAb7gpH&4WM6I7ZJ3Tk~
zE@uJbnTuQ?UM-G)=#_kU0+7)+QfYW66Z4t)a!z>A`yXvOAy?g%^z>qBzR*j!<(hF1
z=QG7PX*K%cmmeicZ9p(??_0Sb#bXn+mkKDS%yt*=kxR}DgMv2Gapp4$v5f-b<lDgI
z7C{KaiNGjgQK6;+;}(`Ki`k|?{4%dO{?Ydj>mYK?rKkp{#BvL?0pA4*P%eMlwm3kk
z5uDQl9foQNNU3n3(0K@0P@rl<KuQ87jFLclU_p{SCplqri!~2cp8$N#VBq6p^PwI%
z+~?pMa^3WE=%T`leJBDXkGUQp6Z1!Ja9QXJ2j({RBrQ%kh=6`cHb(#LKwsMJa=oH4
zCj>{1im%YP<*ImP*EQq4D7Ke#<p4G8PL>GjTNc^OMdufkMCR+}w}b1_=D_RoY6ZiX
zk)Z<Jf=GYVRL|#hCFV+&i;bFdHLfOw$Dld)`sXPxXOzJ|g&m8Ks!(D_%Eim7|7Up(
z4mKc@&Fd1Yyb1-yZZX=KfhZjUPcfmU<xz{&X!EWFno;FwzbK#y>m#sQq-Rfh^mu#8
zwT@({FVF}OY?pxmQrN1_y-~gxj!-GDw;LDsoR7~j>&sN0uZOK|CfF3mM5~Lp!Bd6p
z5>8*(C>@=bCYERUDYy|XcjGZC>*a2_({SU{b3Ax@n|{?@F{^PD-!q3_lA9~z73-{E
zcvEYw5SQ7p;gp5Yn2*BAy(UtS9t2@{&BmH=uRT@Xn0^guIYQUG+~TVx>kY?xUwyWA
z(lQ|8P0*@O(9*=w0rai&fhOxrrKpTo;)cA(NVBNqWaHU4U*F=_g9s^R0Jpr|yXi52
z9_ejSAlkDXd(FQ0)!9Px;4lo9f5<p&?64b7E1?Hw5XwgiemSJ%xblMj(4kz(r0&$o
z0j<Vy7BvRP+B--_JCsLg;~MLN$wxW08^7f(O;E~Gs=Y2(NBa82Pw_kssK4B0w4=rd
zFgoBRlDNY5DEisCk2odHJ(3#5jbHb!I?Z=ZWxB6_RoE}lCgbXnSifHGKie9K_)Oan
zTy-e>*00rjA51zj@jZ?SWt5h>0znP(MBy>ovK#=5i7|4hXZs=QaP~?FguxBljNBP2
zf@PV%9kr;XunN!@JZO(AVd5F95ZUQWl$1N^w$6KF1SoFG?>@xzHh$taNlfq5&wNC-
z0)+e`t(a5pgYQ71h{L6N<n~U_%6r#kVFS=-Os6T}I;1V&H<WvOGIi$@HHxP{n?C9N
z)~>`_)Uz|R2jLLr!DDCC4IjqUermEc-yI30m~58SDY`CAO@ZcAa=!PFyYyubJ~`!S
zHoyh71cJxX%7MVLRfbZh!C?yKkMbB`v<cAX_Cvk;Si0G#`hk^2fF+$ATms0<*SLK{
z-ik%-ybbzc8)Nw9!qH2YOy%HTu@{q~)@VcA=#sCcd;YJgOACrdd3Fj28^Dd?!K3_#
z*xrJF%0mnx9nh1Rhhzfi9U2owr}dThLyi5UI2b3O+A8?eeF>)&V84oz8%6hH1%Qw_
z<!ST=L*R453B)JyJ{)k(b2uv)hcY~2Akf))|7nNSSbF8jjeKSxEmMgqc{B?1(D?KG
z2u2o~xO|z)1hT%w5B)hBaTckboL3g5i|b^&9=L{%?#<OWg5323AP*WA`>Pu(EWg~?
zT^Z#Px$AE?{kC*m((5jVv4+$rU8;~x?Dd0>&1M<2f|ggvw%548@?C97Jsgfs#~=Ps
zpPnZ@gj3>i_;gv{5eY&!C0MO4MoWsWeP<Nm$ug{Z^4FSWrb3t|7__n|g13$B)Ct^&
za{41xH@6Tdr=MF95PUJjCQ+j*@+CyTLvr(DbYHd_Ek%VZAj1?cEp|i!={$g%nZUHd
zIB-@ggV8*L{EC&C@C04CMq#@#R!Q%}Sm*7z=|<w$x3J?=22KucDIuPo+-NV>QUfem
z>pWb|yedHnAI{uHou9ne5DuZgKV@BFWTzhi28;Lr(eX}JSzus2ePxByd<rn>W_xSK
zVBpD=JjFfdc8(n7;}biBq4$Yqw|b<tJFeNE<kl*#Ln(?K{>bQRh-85POj-(v^by=?
zxj0R!(b&`=U+W9t(mWbCKZ{C(&uG~L{8?tsOwDxQ<2I<Kd3ga;l7HZ1TdX7hs;L*D
z?m$RC0+gtd*#3GZ6jWNFqmqr8G41s$0u@h+R23e@*{4(B!(ra5t`Ie1_}%j9giC)I
z+w1dUi<!kvo1dsvX9BV!Z&2O{(7!^t8zcYc@~kT%C`tbmiJXtCwyFnh@H)&S8!rS+
za^13#QXo3A{8W7`9Q{&U(7}pgv+1F(-{q3VC#tX&lqH_+3m#4S>uWVL06j(Dj|%%4
z;6}K=U>xoG@gHuT%|s7Y{R<E9t<q`GO-FC5#LzeLO38jz0~jO`8p(sPl>cEQ4}nM4
ze5a~RQQpb5K4ZrR0mED+rv=LGfrwGBxL&x7Eo!AS2@Di)S}v+q0cZat+wyRU2)e)A
z`bXNkhp)u+5`^vAPs98!38zzH>C?&^H1fcSz;G(3xlGRjI_<lDUlk4B+d9hQ!XoES
z4R*Us-2~qC1e2WwBa?;;4OAI?ECaxK{Uw!^kIzKdb|kI%80aY~S-)fS6fee~3pZUB
z5P+1522fgQeyWH$OC@esUmMc&jTOdwu7jZLad;rHnjVI+0U6G2=~Tsv)F~O&s^3!F
zKo<zFhPX82iA5r8`5gjbLh?i3K9-R{t?3~PW+CIR+oyRa@35cn0PIQ4?Cfl7x3R>W
zgZ1U&C^&=9#wE~p`?8JS6JdIAi|47J@8NbDGtgrjSbc?yfpnP@9-{cCNuV(%F$R*m
z{NX~o*om>s$6P=p^!!Q_SD(+@vG_G4KtsYxG3e%ZsRbacyIt;KY##fNG{%0kEDHhR
z3;3Z-&ER8XI!Wnb@4Jk<o}YBJ>J?r6#l8tAT>u)2i+qibj@=GX(5w3`e>l+Z(jqtx
z-QJ>o9r8PwE|UOt$3f)o<rNoflV{))2n4yo<#_KKCTukImzk=mxB?d_0xqytzXv;5
zHqj7#0~G1Srx~RtY>7}gfIkF8!KnH0dLx<_sDxrh8Gt}VAm}rc2;~=eoiN{YXaqO;
znm;=eYq=d=dM*p2>LJgie8Cju1IC`5jH7HL4+BlI8(caKe^|jcQb6Fq_9jRVSk!A}
zsW@ex+_vt|E*dB@x@ny+(|?k(9a+9QTCUFkI5h6NHBF5r8;Z*Kww(IivB5;AqrjA+
zgmlD~NXN=(xhWWNfl3DnP%&Pvc;cS=nT@`%m%*ux{cIx_L@l42n!bK{r6rU`z;qwE
zuJF1lGX&#AuHItk2gsvXmrmvIUttz|H2swASc<&qQ^aNs0QUk%ll{%IWrv*0`=Gxz
z#u~Jf%9L@r-|)pYm#JR}x-<T$zpGlAqEcrXa1D@v6pXYXlR6t(xuUcsajmI9F8CF{
zWiJ!NYyOZag3hw<pI!#lnpzz6Nlf`6?G83RkaaprNa*|dHQaSn2v56y*ae7n_Jw5k
zhEa_G{c{X%uQefU+Wo3b_Hb5BE}aYzhc93SAJ4C9f+FG{_7&yV-2oD6&|Q&~<TYkx
zJ-Tq>G7^kt1ghgruaR_>i}#!#pHyrFoj+=xFR6H5UkW0k<S^npbsWB2EP|vsH@)-Y
zVYuq*Sfv6{+@$aDs=|`=+CIf>f{jmyF=IZesq@P|;e5CYGAr&`9u1=avx*c@R_*K|
zPMymN6S@uMz|sp-&9`5EUcYBw^;;zZjg06)PXNF4o&7a3A_Qua|2R0^85Q6Bk_MjS
zX&#%V`#0<&G79*p4)D=Mw=)da<;7i>GDX<<_%s^!zdKhBd_Qe9SsO#=_%YIH|66e4
zL$BD-MEly?k|UiW>kf5AaY<m}p1Jo>p#i2D2jr;A<>p<PHp9_#xf!pbz{mwidqi^r
zMG^F;@m`AZnd9frQmcD)8Tm^a@&Yh?vit(&rjrRVU<ie^^YwqG!O~;lUODRik+ABi
z`(-_P{?ykuKlYX?#0WOcBRWbVqBX=my%s^tgwJjDw4CRFRCqcaH(}PhjGRsRnLEoj
zkh{wzvB~zAkh`lfM)nQLgrighmERtp;sfJ*#D-UB-<r!GFBLe-wvg>)vx0j9xCS<X
zm|m8@yzB-&XPHBH(kTD^qhW<zcBh+#$9&4Ds8`YpCd@Ze%6<!sxE4P{!|G`v!$6D!
z1e62RZgR9J)PLC}K%e6{oCaPtQ=%G@a_$0XhlBd?e382x2+gZ7Vj3D6e$!TIGcdl*
z`UKAuH+e8;9jH+dy+LHk+LUi7*D8TR&l6-Grr?TV6f2mZ7>8W<m*I)i>1yPA^spyI
z^75Nv>p^R9pr)N3|3VDum01G~-ySkrHMr4-3kF6f3Kzx<a>Wr*#^^RYuCVR@x?%*s
zS8NN~oX{Q>2S<b+ra>Tv$oxz`9M>mvQVkQ{H_(kVnjEWbq#H0_y9!3Q=?VBF)l$5c
z+Mr3PdlTM`v$-6PcR+xXy3~l468PcqO$2yXV3K=-gI@2uhm8^8s3bMPtCRTk$QLj@
z!$wldY2Cg<*La|YjV6H&kE0KIEDw5qXl!SDE*eAt7CY1YYJtO7X++PZvU|-((&2}G
zAN%=o@5RAGD$!tYp(*Dgl+G=^`$syL^DCVbJGqVRix1p~;<AsbtDhD3m)6s;ZfRBH
z-ak;sj5=ft<E=H056!@(QY2QJZS1Ms7D<lTovG6LJoTbizl(22$?3x!vl8Ad6LTEB
zv<F8OztgPJ!F*zfLc0wJsS{qyMUWh)yfZ_s)U1OlX5pb2j7NU}<jw|-e)Wb`t<@D#
zY9BNRRG6W1Q2c5Exak{JY?{y1{VXgoVXr`sI|g7e`{An-?~F<5Hi}&6>>7TJ{Nf)j
zG~`VbE*5E~0vDl2DXJyp%~hA(qA&MHrmpDAUf89ylS-W8k|qIX9;Sl`{U~+M$bQuf
zrQX{jVmrdrh(f$H9P*5O4VuIZEA4r_Mi;=yvV@g~pM5w}Lod=4Us-fi&=4B8(0BIP
zn(so4I|!J9k!7fDXY(Gt@(|RLe@REfOm|%;5-6c(F_Se9rg|<v=LFC|(%>o`<<+5~
zR7g0*R%Ak5Xz{#Ow+ohU!9Ezc4nl5GXTnY$NJNy?uW!l=1z9<3qXB$1+l)FsvU^9n
zxm|8nyJ!Kzn2>*(u5wH27N2Ig-EVaylO*Aa^Eoi>LtVqw3yZ|dJb<w8ca@?gE*R|l
ztHI(QRKKuq4j#szQ=CGU`^Y%Lr4B9Iy1QcmzS5c`<}6R-LBEuR|FPC(@d1O=(!FAk
zjlO{OMN;E!lK&joL`3L8IXopM;D1dPS6r>)V4M3|(b&AosMFk$?qb?CT2n~0VNh$?
zU_0*hXqPwnDv-vi{6iYMJV&x#vt^%m=iQAOR`W)b#63t(QQ5oxw&_--^<b>uF=G^1
z2Ew&nhv1XFORmUd6kC?vA5ByK&I{c!pj3Dx_ZBgJ{m?>iXW2*JWQ&Xv?g#&R`hZij
z*+N75m@i(!T|IJUbDK-6=9JsVG4!1+B65ZQIYoz%ki(FE7R<u(k-&E}7c$+d7XqxZ
zrGR|WdX6+V6w@m4=wkLw3ZPMCrcUyID`-6-dWqifozHt8ey`V{2Se!69O&rIgVxEW
zZu>qfua{mC2v_l$U*`McT}$=;CfpdU{hM&(%xIG3)>Ce7Xu#YI?HvqN^T`)(RDhFj
z4~BUH#qx=+iM*{J21VP2MrayIL(l?XaQE8$9U!ThOMh8cU?4+FO|pHsQhtqJrHkO=
ze*RrCBi@<~X0iD<57}5|?nNv^(j?HM8p-It4_kvT+efnj)p6OjoAPq?!OpEbi=<IC
z!VmgYb)BIhP}dO|Xv+mRLT|3~!Ov+l{$W=4%@=EexBuG&k0G85GC^raFEG&pG;*=w
zg7R5n%<EG$mYr;<%!)GdZ@0n1)mmSfE<!bu$1RXc?B1y+8=ZtS7`I_snrX4ZNauqV
zIdd(N^e$@UQG0bri?NO2ac?4Mx^+65m*(ONz(_&l;Cf1!b=zk!5GtQ(s6Ns(oFlBb
zPC5F6&LkKkl+h8#M^WGTu*_s<StR1bnTv0-*r<68b06DQ-<)`&bEq)UN^m(8ijd)1
zHc9^Penev0>;DuHJSxV}`<4r@&hcPq$VVjrp>3m=z=OYO=6Y{IR|#>bPr+CNW8x>(
zB<G;921^*?@)9HO$^Yp3rsD>4R)UCvfzANDc?~Q8r(~A&5>x}mObEOhgZSthcmy7l
zc;D=9KrPzuFp?&X*5H>nem^xaMoM%Fps3T$Z>_NWhCBzz4sV;g+X+hs#reIHf9O_a
zLlpT8sz&Xpn3_7eG8R&*D1dcwVTtC0k9}IdMG?$<Gf81tw3!*@pWUaTvVdDn?u|9A
z0=P7I@Aw5;SLpc_p!a_Agr4Lqc<*5Bd*d?ly!f5Pz@%GrSi*Mf%Ln-xZ2om663AEL
zu4rFmy$sFU5EKoAB!)E*31`nBxmS@4PSrb@26guy_So3};Jr4Xit0TXJ)?#SmZEDS
z0af+dlPcEoGZ3$=&)*}m1l8LwpeZB7BogFIGWWvC1~KhKcv6PvLonIKZ-1aU<AAZO
z$OsPkjM*Y4O=bYc@!ifARKiHMtR7wLCj`TM$^i>HdEINxN&+Ga5s-L!Jw=0?=RfxR
z`%kh^D&;j6{12dj2DXscDVx(`Mp^t{u%5r>3iSt?>aD!4UBPImlK4q0KrsjB0+Y|Z
z^#fAa<)EntWtfW6)MqI7AJcpw>v|N0btv|*lXlomV-kk+GDYY2=Ik-D7HK?qS^1=h
zR|UivE8#;NWHVE3+9|+6o@m2xkf)^be-4594RCl~faM@-%Cs(E>uU~35B6G^nJ@;Z
zwN(YPrz<j4fW1$rfxRO$ER7L`v_n;*tZQ@`rvLT>9NYy+kqkObzK--VV?Y0Uvo(Oa
zhMeQvSOP$C3#JdLo#^{E2}UZ3$cTy_$!B?DT@q8s{rSg{5^J&gdOt^=Fl9llD}9QY
zX-<+sAk!@|w$H)m$d#Vc9mCMZnLap{P=tg*5%M|#4ha~X($?})?uLfIN$f<VKSLE3
zba{ha-rzH*yM8Y3321rW66>3rg(#YDIL(EqW}K5@@&&G&EcI}4HsvfBXG%|(<P+N`
z{2yx&=y3|O2Cu5Q=dk_&hIoL}(D;;=wtxVnWJwSRHw2+6P#R3$>B@^Z4UNfZ7iFEX
z%^>}c@59acIVPw5dGF89A3%!Y5mhIB5{!tnuKSK5m}_Lk4mi~cTCJOI&%vyr(&_2e
z{%A$)6F`yk&m|>hRl;fv9tUt>^;v=EA=UWFe08fB=nM5#G-NoTwE~YP_W$bfFfc{2
zKr9%*ATtJpJL0R)1|sR1!IpE2iXyf%Z~yJ7{(L?Xa?F+|Gu?afvs(#_GCE9ooUd)j
zh6($96jzfuf0IB={%;b9M4vU$%=x4Ll0V=C4qz8oJxuziP9TC9+AR4|b>3(wbxHE^
ztIf81|DJxX0l5}lQ=jU)n+IAHpFi)9J{#yl1$0>A;l<8}ieU6Q_oGMMV#=z&)yhBJ
zjhqiFe%KtsOh^LahcZa~V6Y>W#Q;q@>fl&NFBty<1_t-#>;4)Te96{itjdl{(i_GG
zn%@D^<jbAv1141(l4iovK*a_+*3j|KxD6{b=erW)4i&TRp8^*8ENH2T_Z+a$^I+g^
zQuUN$9K`Tet&dy=Z3*Ce+7Oe~=rhT0{$qF&4qh?#d{|Aml<^k3HFR3wAR~*v+C`3G
zx2)V$a<U~rqv&M=gSjk+DJd;YO-)-C2%MJm+Kxb5tV>R3=9cZE@$ow&Xq>uFe;~N<
z2U8mB?Z;P?JFNyAt*9sWs=1yG3avM+UvwLEb^YQ>$x1?gzK!X*JjvtPqz|1<IDd5F
z$n8%#Cywjwx#Sivt>rKI@iJx?6xfUIc{}Lq4*MP^0o1Ag3CWD*P+>go)=Zi!f!FSe
z0?Yry+FL+X**0y%iXtT?3eqJZDcvCm2uL?bN+aF5ML-%vT1rAG>4r^%C?PG~-J5Rq
ze{RL+eZS{_?)84_UEf+PmvVdKzRqiA&SQ=_W=1L^<_?&+mM9r{HOc?VsM-W{Zq7AV
zD2-6OcEG&Ddy*Q{3ty7}^iym{GoaE3&v!0cUy)D0xq<p0zj#C6Xy5qeXl@ox{1y2o
z&JFP8D|&nAP)IRVQ}B*2!EL>Wv=MCK3wjzF+JS`rG^MA_TC!*R?F0)Zb<|SA1^Jf|
zqyht^u9J_S>3w!u5^-LCWDRHzT6q$M)6>)1P6`zRBq7hEtPXOBSVS|J`fLs=s5I!J
zvua4v&s>0IJuA*oW<|o`u6gsuZ=|jItP%phIRyHREXT_UhjUdrQY<d2?aK|C1&=*n
z|Hmf)-~7LN2!)FyY0L4igi9m>GMQJGQ8ZLVipY9*>p{-IY2L>ilc1@0{4iO_Q_>C1
zlZ=XWs_nvTbEZ)w{NZj^_Y;>*P0G|HMJkTldNl8!8KX34qBM0<^)YH788=bZ-v(zN
zg%mi;vD|PD5wG_=jw6g`)|E-~Ig^HoeZPrBapOOI8OS18-h9}bZp|n71pT(?4aC=7
zT*VPr@c`17^g_(xg+Y+d0~}@Z4#-+leeD~!?O>D6NqQwlG#)S9jPg{fQcb8>sgYP+
zQJh|@7HG%5!zP!{&9ydf4_P_@BKKAL0485l(b)$<@=lSt`*uz`m<2$|VWr}5_;Fhd
z<!C!&e!gi=ldmkwp^%-6o-G#%Y_$Byk}N{!pKnILvT9hX`Es+edE{Nxk=HO@=s9@C
za0cGnX;T(!ga-$Mg)ry_<Scj^0-u@<cz^5q^Z$8@|N6Bl?)K1G8eXdS#65~Iq(Am`
zllUHZNaBz9O3|~;7-Uc?{^ks|nqjJ<=NQn0SHqUWtL+4OS<%^hYq@k%{{Gy2e2E@M
z>k>UlT-jh=5n9Rfn?RZr^s5LS49GIP;zCf*SFW-dQSSN3mGiRZ8Nc@#=hD(rzv~Qh
z7T|SIn20wGWMt4WN%>!xf<k2BU2%7?;!1_XkS=r_9RnjEe8U1zQcg#&XJJVmTZ?^R
zK<V)r_>Z!wsm|CDux@%fIw>1g-LqSu&FzJarzh-eIjM*ylsh+9waCYt;oi~KczqHG
zRnlN3OzGV#fBB}L`d?+^<v+cX`xxA-?;IJiHCY+_^T7j;&A|pX<p}XgZmU=sP;C39
zzBJw7b$V}Ws=^OFV6;ns(4x04LKA{*7;WX>OnLIcjO~!4SD22Y@MX<gVY0)W|KXsK
zic`|SL6iK~LE|9~I_V+qpysSv2)x-(BR1%U<mY~BgU{a?iI7-nPk-sy%6<YJZ&fzM
zV`F0nqpu=Wz+eX1m>Rbd&7f%0!4C3B2K%oKI8QFOs~R(1w6tg<b|Z}Dq|Nshe{lL-
z@TPSfZVsX6RHp)^m@?4K$lf<m8Uy2>pUX<*FzwvWOTiX8z`-PT$#>=2K8~jKmIjSE
zQ9Bh!aw+_=fFFGZ#_zbSs1Y-5pH-n^pMn0KJY6?T-#5CAn(?gqQA9kpj|0LdQ|2*N
za=+s6IiNp+v1=E~*WXdCv$>@OUyG)rXFYzX+u#(;pjIg6Ow4(28hUT_ZL#6XuW+Z+
zJ(I*p_(SVn-KWW~MMoEj%<WKx=RgO!WTYTyK&dvk^0H4MCWhiT{8LyN{QzQP<%XlV
zj+md)wGSIOBCVg<IC8Ywkcn}&_-TyN#l}9+rr9gaZ_4*P-aa^=fn(Fq(EKnojMU`o
zh(L>y(Lzj(xC{S=6329!3bY1tk?H5)Z#~^K48;qT9$gp#vsSX2q=!4sXWSN?TU%%g
z-mHT-*_Qf^1??$@C+b4w`cQ%RQgo**@#xX<45Y~aJEN)q%H4;efIi4Xf54#VcZY?o
zCyH7sOCy+rndt8<01g}T2F-4>$d}3GM<w51xIcLH4$Y(!_1$64i^Nj)9ndgh-WD|T
z!}<a(9C6;+RU3~)s6p91ojULcBhngqsMNW3^Cg9Ee7}Q*wSc0S7~$E{f%JHzSvE>r
zr&^xUAbw#lHTi-d1EIA-Y-GF!YSK$;Osr-zFZfNK{;jGRN)GuH{(y#*UAg}$296ej
zAc%%3>HFu7deeiJvr*U6bGObN$L;CtgCl7Z=K%E}=q3XgiFgT71}xjs`>&cM$<v^D
z{&Dg=DY%qBWv8Ci--nbWfHG|ABYb}Q`G74jhC<)Q(Yy_42;<eiYEsUWp>CuHl6?Vv
zWnIUh8uJAx3M6a-&!iYX&6j4&r(|J^T)dBC)n~~Es<?aMB&T=51|6k_6~z$9Nh>^h
z;-Vug<?{TP;O$pB6J5|o@)?ZsuHH~1o<0J-hrU;bMc9+cfElCO$f0d9b1;%;!VyRR
zeY9rACbC7k=f~S0<{oxw<mAZCnq<99EH%lMlk`Nh*(tPkI_hSnq4;8ItTa}-1VS%m
zr_l1*R|i_^t=JqvEEk0F8Uy1Uv&9=}x+%8UZqdEkYq2{o(TqWf@}IBuH*c8Ha*z$`
zgaa#SI3FTkUq9S*p9*)lc{nzgpUxutB5aqGA*}LyR|HZKXvP}^S~!NlR}0_L)=pQ_
zSlKwivMYK}$k5yd+oRCEkH#QN+@aN=yGem`yeiv$f2IE|GKOF$x8=}tx52Y)oTL~U
zj@0~eB!;682aWJ^jjC$diCNE`dIe_fa*7>6)6KhTv+a8AS1S-7h0PzbN!tzQHnr#5
zo{NP=jj8f!UVFhuPb!^piZ=*0JTQq>enz#n_)XD_VbmkBQZE7Fi72xQhq1s!)$30f
zE4}d)BVSGO?v5lt1Ou_iCwGKxvV>gcc*oxq|KJ*(#qk=zCifAT;<WqJebO_cKX|aF
z;zuBc^&8(@-$MWW_d53!F`8Vwv8-jy|8*6=mKW8Xv9>WC?U9wW690Un?_v5Yws>Uw
z4f-&qE>!*o%H1eRJW3dq$9B!iTJ1(*^xOk|&n-1XACp2H!`)Z%^73fAA9|6D=rHo9
zy^n?Rlrry-iufe^>?fgIm|#}xGlIohR`K^0PZ{jGnEh5uI>@2}O@Ag!165vn(QBF`
z<Wde*-w{ywS%Y8gKxE6CTR8AP+3&??Kcn1)QGEK@N+w`^B3abbHQ^+*RE|_+oy7CJ
z*Kqof(`rl`6`J><s;NsLE%gZ6)z<0>oHO$-aL#k*DbME$vB{2IaRmpFjg8DLDEfEx
zaQOb~#{LaM{`JS#QlbTLz9qi$ts5;A*C$p?dDGduD%}E?3k`|Y4HmL`yDVeRJhZMl
z(&b?G@MvO3(b6*SzV(!2@6@|MDvmPd3hRlu^^qcl;e0xk;k@A-z)-3-c)4q>00&z2
zMR_?#B5wVR5vC0_$F0BoIU$@ss~En}q3{Vj`XJzWSHpRx>7!Ux1;ih?A?}T<^BD!%
z@-6|eW#%IQlj8a61zCW;oH8TZJWyzQtp7C}J^LVLp9W0U=Sl>lnWVD!6rS6o-PXHW
zd7nxRkS4vaU+S3H!Ng4XCong$bK_^C{?EQ2DyL4n8M2G9X=w`NA$Il8|1)U2fpkRo
z3I9#X9?AICGegR2@6%KOwo*{_s1~2%8TD<w{uFy$n;vv~0@okFwGfmuK(c{YWP;BX
z1b5xOFM1v~q$1E7xc$BWlz+-h&f+@~MmW=#qXagAa2U2c%X?YF4n*MLsXk|s+g_4e
zz;(Dlb)QJ+%+a-O91|5<&M7wI(n(+?B*v^?KcezeXSV%qb6mloiSsF)!y3%j`?ha9
zYwg+b)6qpEWURC07l-RytFF|NilC?{d;fb+PdXS7^QFya6M^{u(^oP1&59eFF)MvX
z)Tp7?_R!=5GJ`3fIEi0WN3-o{ltlTe!AurIWcEnv!FAQIT<*Jh12yWvhPwPuHV;tb
z6rZ2T*RUm`#IKD0@L_Vv!O<}ozJg&Z#zeI7YfHNXHWk)F1N$iC$$iQAMk=PL;Um@7
zSh3-)dRR+Zmagfhe^ZxGd7LfpQfLKPdK_zlN2famn6<?$%d9+L>`b>GIhcOwNdenK
z=JEFiuhqa;93~z8Uhy45CzD4fsNsNsf+>QD3hnJI*m`sdsaX)nLDB4ke-4^Uw}+65
zRZ_)uu<qWuMg?zfp@Q4!)(g!1VAw1&ww_^%qPm*t=jzb&*HXSCNwy6V78Vw&PK7}>
zc&XK5(ya9d?9SVhTKHNu4m959TX(fV2}|k$P%8*mnD<k?Mk*4W!_=v;lz^Xf)RkTa
zU=W0CHFjBZxQNXzu_ebf*k8X>io=+Fe76Vsyb8lszrHvG2Rn(mVKA^X+yJk&nsU>x
z_y;lu$y<ewdM$oSm&YO$96*~9d$oI9Ws)#7OB3~vc--dt2`9qIH*a3QcL4+*7Z}Hv
zPNIOlZDRbe&&c4c!@NB&Kdv;(1xj`6V`cFqen2ui;E#s4Sb3y?fYT&yWs?;agR~z-
zAgPmAi_vh!dXK}^lih`bq?u~`nu;Yi&&ldtRZy=fMuU!ucY;|OGG@K0hc+QT@N;-N
zu`N_-n_R?45G?eOw@E5dVT29*%C$~DWs{Oe?a!gXo3_sOD)~h{v?n2{z^9MIx>Jjj
z(Vz6(e24P2!!F3R_DxT$UHiZ!u}2&}`-dYy^D^{5!ej7eC+<=G3mzvSlC7k~2lkFQ
z8MsJAK?<eMd0=g}X<1*WR1Ltkd(QP4a;2wFrF|8%tcx?7@~tOa4nWVSikR5j`<C@b
z<N4)gy=2(;JG%&WNH|RI%6&ZeELaG2w11cf+DJw+?>4$GMoF2&W+@#Y)nc3uCS@x@
zPr}K)C^pm}V6xn5%}Q!En82x|q=YMUc|dLfzq;HjCKT|*z-ESAERdTB?XUD^16`>*
zs>;?L<83`{qNs_#E+2CcGl&kYw4D|u@JC_Y0nW}7)i*6Zx;T%F)x6SUT{ZLc)}89x
zdaooQ@}Q9$T@Ur2L%g&o^9=zI;+ZL1=>LXzLPUs9)WYRKL1IOPQVIW{nriaH7Lk#r
z3L66~fELyE{MDG!Y`aVS?l=7)WaZ?&{e25SR8S4g-?5zH58!v%e1>Qs=@_;8g{L4W
z&$K#!0DAwG8htJoj{uWn0g}{muTuw0AW+hUc$2RWe8vFjr#2aOc2g+hVkH>$LHo?Y
zy`>>yAXH|lGuA{0puW!l{p#E7lXJL~8oWMOWs9L-mVf&6CP>Rv-Ke{=L8+&2d#cWa
z7{{$fNy@1e+ysZH6<)prDuu6Wp2^7B(uM9!m&BrD{EW$ApeZOwD3XqGJiu8Z6HuP7
z9#78}isebw1J)JJ4YJ(B%X92c6Fb!^rpf%y=-vVgN&kE6`t4Qo(M)7Sh~YAi!3Hfv
zg!5lX!N6T}0IIZAR>&!1ih#x=L35$6`Qc!p#sKIsdC}wlq)WfnZI>#X=+G8K$w~oP
zNy$4x=bMf($;q43*;Di^EOAD)mct)f@iXj!8bi$Om-a+h2X|<p9^{g1E&K)P6RQ=g
zqWW$8np}Q5xsQ*aiQ#d!lrUvgs`K?2)?bnVDjr>*0qzforrV3?j}k`_{6rU9BwC=%
zvDhFaP^Hv7rY{&_HM451phHVmi8vZ|a5P(>A3jrx%=?Au%VGoJa00`KsDI&wfBQ}H
zU)$n%+-iAkTR|+qwjyove^vdamwxrOJS?8=h4=(3D=S+>pt4ol&9wv_<S3*Gx9Lf^
zY>v_f$a@gy>eg{jL1r#nUTH|}3HO7%J`yN-#X|ADH8N_4hPXM6+E6Wra-#0;=ddRW
zduzv>hSa+5JT1_!$e5gb>2Wx$(RRMgAlo+r;;jkqbK9G0K$@FlJL998E{5z%8W0e0
zu#l&Aa3o+`cWl8UR<aKgg(3V08PG>Wd=8IHjE$AS#HytdU}EUKW<_1r+jtmLy!IzD
zSg+O?0VWC8d{YHx@11Sv!`B%xj*uw~Mp%C_#ek0Qn2Eh-l=H7gs}sE-C$qx*8mg<p
z>Z+QeAkm8236HZH&ElicD0;lX>v3`;g*R1JgGC=dEl_4C$HI|;4(e)8tmC668{h5|
z8&;X!+0n)5FIO0K2QW>kMU1^Kg^u^R<`$I5ky-so{t2#BKKk@aV)Kk-Jg(2+{xw_~
zO@33`FfrL(oYa9-q<q0D#L-p3PI^SUsheJ#9y)?%u+wiJ;hdPbwF;KwhKDrUHk|T|
zSKEt!x3+)Yf}mS~HaAE@MW@P!2Hy=?mI-HLvWCOn9pCZtWFfMRlC&aNLQ6sDFvdlr
zX$u6g!GbC*YFpot)&4X*Pf}Th-cKO)?*nO=`QiHT%?)Lg!_nNmGY=DPrscW!F-%6{
zA!Ik5$s+VZ&$K(gcOK!mAv07sFYp`Lx+RCj$v&qSe{9X3`(mtg`-^7Z=VzwiD8G2u
zx%Q25q)yj`Rj$}PlIKQ{p`5^0VQVd+OXP4~Wz$InusGhH`5)4N4ah&I0SdC2jPvBT
z^~4U|-bOM-H8ykok}m!ZY~~2>QC+CoY`%qJK7NoZ20O@{5mYBdRhw0N)be7Q+pAi^
zH(t$KwC)!!$Zf11uq$B`9_4|~F`C3-b3T@Csv-|eA|<Z5AF^n5qdFRf&4isoF3<c;
z1yx!|I6wx-^v)HL0lowo;1BYX9>2Y_HolPpU0HH3n9u({wMOj^!U;D_Q_XpDg=&}6
z3J9;YZC+1)en9Hn)~gL}caiieITC7E>ZJLg=-wZIu_E1OdXR$V>5K<btN?TpFNMUX
ze(w}pB{6d?2EVjK8#B9p0eHR-TH`pmQ}R!o=Pc77&NGF}rWpU4GeiQ{@Uf`7(e6V*
zM7kfkPvq@@dQ+d0h}4L``!4lOuM#Zk7phC~H~i&TIA>=)Lj>X31i3)-NrnQ!pCg=+
zaFfKQb-VSSDApTD^3(vW?~;sLP@{N0{gc}?iGTofoJP$ZS&Z_>`WacK{BnqE-BNCp
z@D=nkX5+j8#R}>NS^~rFyrl)7j@;;O07~x88^0Ze7F!6<TkXmh>2KebIf21r+7%AS
z-~t+QHQl_X&;Ng5+V1YnimSktz6e70hv?Uz@+qJ=Jp01f;%-tB%{4QA`@&hf@CXT$
zh%*b!XMY|IdX&TgSLyQMw3zF~ZBSBrL7^lkieSlMZ^WA{-unHMx3fut%Y1>)DGZaT
z_Ropnj3C(jX^JL4z~%39uk`DKIGltF`hSx!pND<C1s=?xnNpIDxAref@b5o+Hu_JA
zAkD29@A{RINP~Qb)B=i@IoFJV#ELhFB7r#ECPDDBxO;K9ZX*sX6c;!k<3G~hI068Q
zK1mht_?eJFcl~bydSX`+i3~~s3#sCZyn1^Bbu{cogXY9*QKKOeki*`>z+&TX?q~kb
zDa(zUX@7p?d7EF#^-r9A4*0t5=L>QVF%iWK+Ar84;HSQM<BoJ<WSvTBi7J1ig_eLC
z_?E^$lGqe3sDMim42(!&lTf(6;lT4Rgx?n96q|iu>qvG9-hDA4c=*b(H*Gn5;62^J
zCoyt*o2m2fhxxY>AdH}A1OtzPQ3U>)WfUU0iu#uH1TeFx&=)Vr@Bg-_eenLr1;vMO
zk`WFd3Al|yihp8#L^p8&k>Q3#D)1^K^=|@G+t5Lb=5Oxb#5lbyc!q&QVZecS__CY9
zN{)y)$;8{XdRwaM->&X|{m~1-jksZL;bFTVP7ZN+)Chu(I-JLl6XCHYMrWVs5&t29
z4u~|C2{Yc!A_^jG0Hix2|0C=)3jA$VtD}S}2e+@y3Sp?vMG@2#w8#B`02q`h;^9qi
z-OF4?gg{NZpnkLnn`@r%&xiSMzn(n$<Lh)}o42pMPzsUSND<k#n4<!tVrTPKypQ;|
zy77Sh@84Atw?p{ULy$Puy#2=;v_$-mPi=-h_CUJ!-}N&x+eZU~1FIn?8Vo`l8!}Mm
z)bo6s)p=*6wuOYuUhvwFr~pNCREqwqjp!zV8%4(|;V$bZ{|D1W6y46qQ^ip-{9pYw
zT_%L-GUfN^U|{RPW=(wX)9)bu?<Y@zPC>3oTxkk%%;`udQz~}|uZ`&cWN*Ne8ol{*
z%nu*FaJqSY%!S}kj@@pxAntx_GH71g#As$C;vY4@Ko~}-VURmD!Z6r)+b&e4Q2yyh
zbN+EQt4{|13JVCzjC4BueUDU-q#F#~ec;pY*W(`zoH#I=c70C@;cbL=Fdp$@^6O9Y
zFGIWj4F&!m*NABEmq`2bz4=&xS2}dyl!)~7|Gg34*28g2Oc1939h{fZKqtBTyBtbh
z#9Iq%qC9!|^q+V`-%-ln7RT@M?Y_|8Y#M-Do_iJ+);ag#vc284_iR&EuJV3gF1x(T
zQR|K_E@njh#t*qHCr54Z0wj<*U4N2%<aZ945#+srv@0o^61V_HeA+sp0gIo<#OhCR
zHOKsiqiWJdvb@CZO)nrtDaX3D%(+J(h|YZ-L~{llFSee1LUv^p8%G(b5E#2#yLE9i
zVY}MJO1J(qGK>PJ3vso?NsS1513rNZf7T$44^8&p-^X8*qEh(d28&vm$k#?3gpYvo
z>YgqZD3nB$u+pxVPUWPKt9{v+4<BT}tiLaS-Z<NmP2#o&G@p++8X8(l=!gcV^|)%I
zdx0RJqU6>mPl+sAz}^FMpqX_L0AwNPTlGeO^0k0XFdD9G;6*tpHR5AR-Wgb)La@7{
zvj(p-_6P!q&oSQz>^nHF1?~_8s78(LQF6WO{-<zj^9OcJJum)?Od=3mc*M^0AW{Qt
zy=0sWC8kMA-#1D~fQNoeLlc`#pm&0&TWv>azy)|XuuZ!@9^~qBc(h@eV9EELZrk=|
zAe-#}9z|_37)__}1?&iopMabVVt@t_o|<~IUK<Zkidf{ndh>=5;Z*O)I@f6sm*Rci
z)fBeW)6#L*tgy<h#h>IFg`Y?#sys|l_kO-Ur5Ij#at+e|hVOve2$B<%nClDr1I7X0
z%k$OEL=JpyJcyhh<RYBU<1SMAp9oFLz_*BU9rw-=aqnFFAz{~_5-UephUUia1U@*J
z)AYbhRnd++gc&|QM4%rQZz~z$bvBZ6vl3+O&p{(&HjaBN`umL$aYRuBG+qsWS%i;8
zMBpR0aL4!PU}rtHWLa~qfnDk&MfwV?4JTs$Onv&+Kr_FFn4!xAh_+`cUtaX<kEZjz
zD(D4^xB7xtpOk_05%VF~xoUr^Eo3}uty-c?gQ%9sC33RmB<M_pjO~rrLaW?w=6W1{
zbU2=CMOo`y>T;;FtguwAaZsyCiH{dw=}n2Acp!1Ln132c#>aF{joo&d_OZeeE!_vX
z)?taARM_dswmDcUAkHLNyUf#z@d&5*<Bc>PMzunwpRd$%oYrn*J4OUKPA%oH@JHTK
z@`<Kzfc(nS9kI=KujyF5INkS&Ok&=tG9vj+iKg71zr2#7qn#QnEn1T)P|<D7U}0d$
zu+aCm2;GR?#^M#EJ`wP`VJM9H%=b@}rEikNyEZ`_8W6q7J}<u>yo-o0W2WpxT#Lao
z!qRd{T$#zQq%4LSMM|G7KFDhdJs+=eG$Z0%#g}=(R8+SCSTbC_mek1V?_Ft4jE^5n
zqeJiA>+A!cZWWkYt#zd8x2wzZ!600P&UG-%jPaQr9@TJ+^?G=P@It8bo80z)(<PwP
zb1aW|9j^0y66QII7C73P5|@o<x;p$6!Cba<iz|vnjIL^@Puet5*tv8<MRdffP9-$1
zVDXB)LI1`1@mAD?^#FU$D;Kkx%cT?6oa$;#n~60AZAl$U?R=Itvv`a4QW_<;0@pO+
z+^4OQ$}n!j&4iqC!d%HP*oNz1k7~ZUH3Jh<R&F$%WGCkkF*1_mHxYExfT3sMA1iWX
zM{LBxv|G(;e&BT=-<LmSy6>C9tfGw}P;{uX560&{=Hcnsu`gS?RDV5pGk+y*cuOaU
zOwR8OB~pnK{1vKb0>&XR#dfykh|387!bYys+0f(Tb5Y`5pDT1Jcn=JllbiPr62(75
zO+?soxJWLd7sL{z733Yx)#+uAipTZUpq~Y01%?2%-1(6=jOt9;pf*SmGf%m4NC!i&
z$)LX<#8nbaW?b^ijLxg1P_L|VVgoa>-?zTb{|S{Huli53tmOO`m@@aLjlq^2If9>Q
zcrC*mfNgrBdqDloK!JcOfFL+;I4{&;>9bVb{z{1d=mJ5f&^J8~mJ&Yu6vX8#!s~y<
zR$VB?O8Ll^1;eLGG$;w196k3Q;+6gS>W)!c>8X%tGM%gyljQiqW~R^e#&Cg#f=!W5
z-N(w;<MdSmPU|m#Qez(KkV=ad<xi@zBkUb8nn$S%b&H~n2#pwJh{NX%hxs*iMWo$+
z#Z5>EdBrU8MHLA3SL2$+bHxHee2DErnyd<O+?EnS3eLDg@IC<LYbr#&%9hfD6BFqj
zYTLkNB;^f5mZ5SjjP=RSjIqo*aag2+qBE@8IduVUB9MSgxar9T8ND%pV|JW~dV)Vl
zgYIB1Ttf<q5JYYgA~&A#7y-{p+n;e-`Ckh`umg2Gb^{337IVEodkiimrL4UC7ci<@
z$+1LKSAppS|Neb2-67EY@+{39C_iY{L1dDVmQDxX`*FdjQJA$8pn<cq*sp%+;o!@?
zGRii$Yb9(w4IL8@u-HiEv1LJUNQHHU0)WJR2iE$?HU{;sA}%5@T-j;cGU#!kf9ri0
zT<l)Z?IDxc;)j+EnjjSABR1mqWaF<yyW*Im&%>{FS3|LE#$5zEiDvDNHno0Ga&f6K
zIjDUqYB-Zoh0rVt&o~W=c7A_OFs*3$yaXrk{3RGq0Y0vZRpI9emn)+lLti3p3)%n`
z?dJkj))|fx0pq%46Ox@J&-1nNRr54UN~LtydzQN5&36h(Rq5OG#@omawX?F&3^hKu
zRC%6%z>(gZE|GAnvkNeHBo8XXL?lUASm|;X4q~sLY*q^7zDQ&r5MMob937w{bg6gP
z9fxgdy~XdGYYR^@=00NjM)r*tlZ-!kC_c$rr>gHGxkl%u%xjlDW8t0))7nY1Dv>$O
zS+oj;lJX`Cf53gD|9p79%)@@=vM!hTO)kf5M|dD>!QH)lcjZu(Vmr8E4OChwQvxeY
zT5EI*UuHn1Mt+UGbdxv6WzIH00`aC|YusdF{nX6)+=UQj^d^!A8p4XEg{An(MNpnU
zrzb6qpF~(rK3wut%0usy4}cn;IEuZ`H!n!W$+8TPuWv`*KmZ8^I_6=T=!m>-E>W60
zr(GsWgY&jt*hxXvbX?X>-Hy#vTUlAz8mO$s8$I3;BVfhHNbh}pcCw&E7I=XMz1Y$S
z5C9^SNDNy`rtUp?AUXNc9!f9>mcc}HP+F(F>hO8$eKtuUVNRCVMvU(RmX+0&JFdvP
zuL5>3!?4xn@aM9Rh{ZrWr)ijdFS%rO?zbKX12zpna_2ZK=?4hIPkZUujbo>Ud2FYX
zuV&!qx47`;WW7Iwy59h3E??PD96BC540S%;dys3tAJ>LqmmI>HoL#C>bqfs|7MHJ5
zbaS|HLbTHPY!PklaPFZlernZUr3+I1?OKZ0qczUdyDQS4L0^*!5O*z2T;SC>F~I#_
zo_tki*76UsbB8@<VEUvhw)miTjtpGEJrC^^(@4CF3beBaxO8iOfbp+aFGLC$ABSM6
zMvv|Jt}nj=%A~CH)}8lbzY4YFba-rI$S$^_D?V$xkpXEaSew~28bYX(qdT;7yX7pT
z_*6R*7%Ry6(;pV*v}e)UPc*e>Ia{!iiWE&l>-UKWAp(c=%tF!pPMvYIB`eW>^A}55
zF>#ceJFBH42~AxZjoop_YG$0rT0-!zHX<Lt_T!`a`-w75!TtRLW1ZX1PZ_7rZI>p+
zCn#_fK)z9|n<m~dsQIbr?=8!MxMd50SP~m?%kr5Nu9prnM8)eO>rK_UW`j2gp<l~0
zOKWKn!~M3GfRh{Z`RtJRd8GVZmmeQ?*1%>GCyrksg|rH(FEXVdERm-Zy(sk){Eo|a
zfrP9RhY<`{cBwjS#TMzCxjKTB3SVUwL<@!P8gY3R87aJ!4h}|0z+A_`F!p{~)=RB8
z(kBKt4!0&0t{fVk-ioJR1{d~#0HK*dq@iTJs{647E04`c-B(<!&D^k#ubTb~T?9s?
z8OkkwBgTb#u4y7CD=1W139^&zhcF`_--mE8b4n2m2{qOQgB~*B7b_wT6P+S1mqsbm
zh0)2Ln*}T1(=XeoazWjfCQlTJHFIfT+y$rch*`WbSy=k~xY|F=@+E^tuB4n!*7qu}
zuzfoj9KC=6c7g9(3+^4OtLe8KbS`t%vdM-EW}Y`-8kcpFcNKwzSdxH5ENMyRq~&u%
zBDaKFtRSf}vS}BJRhSTb%6aG3-pdN-eOm3hWvM)h!pv6x)s38LT8D&h7kG5$N8Pr@
zYJTsgWz_OiKc@&(4(2_esecJnHNHfgmd`*nFrA3Y3bhxqvgT$}2u&pih>c3mae#eX
zxgu|PQr9G@2Aj!vs;Xlts@q%fHO$$5;@1bVr+nBL4m#+znLmCE=YE9gbp{u;*33_v
zfm!He^P29kb#ft$<i`aQieUJxaWIfYo!lK>Q}wY--MjobqSBZF8hk>YBpQ(o6-opI
zNPOVKAn|j58|DJf4{?uXS;o#z`&IBIBZI1D3MwJH`^xXk!L#+udElI^F_-mhxZJ|=
zOv0aa`jMcxI~^AGs5Te?oYE=wvgcS~Q~GE%O8jPkq#&!CkKH)cvp6vm>2M;hxUJa7
z(V_r7f0#Zz;kZv<Ql(cIIKiT?=eBhJFqx5`ZUt7DGO=hjR_DblA~Nk9cs5NhVlAMK
zo*b4c(qhpVds*diML0(uaXM4zEtN+v_V!GG)x4Jj2+Z(T{94B;U2TcyR#=$0yHiDa
zDvK)GL#)e=0v9guWEv~>sYpi1%NEE(w#K0@HE_0ZNCV1j3H`m)ijmL_Z&0IMy2OAd
z__ju^tgH+!%ZY^U>|P1kTDkkz>M97TSkbnypUG@8yKcnEHDLYlp5uk&c82d^fQ3|Q
zE4CaLiMo;#OnFq>HRx@Qsd6H=PrTqdQf{g?{R|S%2y!Gp<J}8Nvn@ecn#UlZujm<G
zkrJr<v7=(y4FkEg0VY5IuSZt;eknf9zxLnR*9eYdQ_tT<2m>m!+j!8;bh&FPX4_Fo
zGxS?!Gl3O`*7_C4eM}9^Dm{lkI$CT))D91R3hY$3k{qq}`+@G+W98><Z!^Hi@(-F6
z?b3|31B@^aP;t)%<Hnq%-AJ^n?QYh?ug*(Zu7Dqrd%&7e+HXY~6PE7AYUtr(&%VU4
z8n5Kt0cxBzefZfMhxWJZ**=$NgJ3*0)z)Gyknu*^u<Ch1A@D0uXNrbOUyHxKTXR6d
z92U4++vm)7->d=kVq9t$^!(n}UNAHPU#vRbqy&Hr*{3P<TKcHVpeBcz2c~zx?l?b1
zU*@*ngU|NYZ9Ru-tjs+hvi|Zj?Ca~b3M=@uE<4F9_mY!LssE-Dv)G>2oml;<>2)NZ
zOQ@w<`I@hj&*OQ}gO_P)N87_d2-RKtO7=&)Yr&1p*@h`68Miy3BewywyV(2`PWOf&
z%!ZKt1wKOb;a+C8&dTKQk-4a<B)w`{{y~6Ud@Bd=U4G|{{_x8?s80vE=k3fkYiv6g
zgG*}#wi^_Zr8)=B(tgF_R2ReYBXQ*Sy<>{XJx5ryYc2wdL!maS0;1^sUKMLrV2-(A
zukds*fkv(Fh<GVX_}fk|s{M4!>Aru^Bu6(hIYwpEkMt*rk1^IyQiEG{_KY&P`4ZFA
zXPph;!X*!5zifS+G~FF?#aQl_ek{mpuZfP5DFgvEv=`zw^>RdIc2_T}VDo3hXK41Z
zvKNiU{jM#cQ^JYaDl06dwoE=Rc_9%}beb2#6%)>?dj9Q4v6}Ran}Iu@>Ew16<Rnm?
zuppflm$el`+>Ek8EO?8aTjbW&s#`wOHqmjELK?dy`|;d1nhH#yanjD)r`(xnjJuPS
zjZONhTD)S6{c{CQP0hAd9P8!N$*RSC@ofz~PHY<0!a9RDm>etE))l76+NNDr)@Z-c
zO$>y08Q$afPDW{kmFi%HXD~aiNnPWmiY?9xMBYlhD8pJu20bi%PbECD-Y3CYf6Q<=
zU+X+P71DjclZ<d*+b`rU)o`{!$Wmh5PEQ1>5S7pDvd7V9la`K?1~!Gsu0Vm^$*qK`
zF|&$}$d&%&L=G>qg%see_Cls70Si~{o%>aUSKTZm$BkZ7HZ$qb7ZFX)d2Pp!J=<Kf
z@xi7`-7X(ZG0)>o<-lEpYvO_ug&A;7e8Z<@e_hiY;hL-R51$DC(W2wHspT5oAP*Uh
z6)l(017aUgu1FyBK2YL&MjS8_0Osj6wAl&meb3}{gBjF70BdnDW(JR)(C&{V^BrNX
zx_i%%f;`$Jo=J-e>U&x6OowTRh|S2~3szz|EJMleQ4hW&W|U6o2^;t#axsVPbb08#
zSO^lYzE%#6CneF9WI_|B)d8WcfO`m7smPu*611)JJ3IwFE7=0ub^)6opBN$mX!R>I
z1k4+Vs0B)2V(!=PrzcL*vtxf0>VMtfdi{cLUgHelybo>%=+Lm31^ubY7d`K{UeA<1
zy_z5Oe4+Wh{cYg|D4?8tVl-Cbn_DUrlhB}7z}i@?pUr*XMmpZ8!PLFtu0hO$(4k;*
z@vf%rk(h>pDbm`Hp}Jf5^oqo!O}jR%^Jm^91!R979}r);s42^l=u#g#9N%V7HeR5W
zlW?0M;xybeU)$Y@sN0SmX3?+pKia%<j!IWv>KrP9i&j-H1yy71wy0{&(G*7=T&(i<
z7Js(_X|{*lU~JJwg^+*86O9BdmZs@CaL9~ZdvEJp`JG@C1v+)(uUwT+_u9m&Ztv#1
z%dhx943=<bBFkmI-6O-<dcNG7s5bwS(A+n={_S0;doeG(_TdRS@rsj=rEln1NkXd7
zFzExwH}yDxq6<r4%?7}p)Agu|=0s}@F0fOh@G~B;Rqyr2M}IcAzLRCug!a76mm}tZ
z(LSDwuj&gaYUaTvV^|JleB|g`jV)w9UwvO~q)<i2V`OpfYPr$HH)e-$^n4Q3NwZL(
zi|fMyIaecnOQHBb3G~#k9h|q@F79BHZl`8%N;C7UBrLuJYg+TD+P*Nj2VP=ytVj)8
z9}M4ZWD!#xQFg0GrIAbJl`qBo{NfYTw3mFmwg<huJ8on=!xfQTyaWE%sO1|^=p!g;
z+M8xNF(RNq72Esu()6c@>G}PLjmWWGo(Yuv9Z2_)J{t6XU|EaRh7#oggKl0q?D>S^
z#q&OAxWoFQ^hdr|9>M1XYCl&QXB@NjFAG1d&+cp>wrd^t`+~HC7m~PSc68Ogj&L_Y
zy=mZXa95xjKK0H>hqdKxV_Z(b_afczU=dMuByB8sb}ZDm$0Wqi`xp<7dc(hWP{54P
zpHmnJ{k<9S-Xi~XKS6~133l~ph2ey^IJ0Mi>g4j5NN-v3S&4&5$6h=PcekjuiV?lf
zTvoqMNQ&>{b_U@EJ`?mFf8fCYbfaaUaX=i;fj&u!>=fSC`gK8g;tZ&?P(e#~mPQ^f
zwGZ9C`NSU9Ob$cM+Lxr&sz&FfG=67>%j3qhJaNP0S(A4<)x1oa#czOim3&*+!}d0w
zn~9m(U>9p6RVeAb&>*mP1Ghx#NgXXhr^N`{TmG7ztUg;|y?<woue&bQlvyWK;!_?O
zP;LoM@8qlJ%Y#+0F?E;28@jaWGeD_Cq-EE~)2fBTsp`-7l>&PD5~}$^g;p+RZu}s2
z`Mc$E=Z1CQzVpsl(nnO>h&|x}?)+O7*6}p;?z=um^X-Pm_nzhO>V02sqsk_sq)-YL
zpDf=Qm2NQE9g35q>Yf~KBWoP>M1ZlSmWQE?qqmH+lmP=G;g<4lU}2@r{*@C~E2TPM
zVc)yQ(s8I2LviRZp(a5(S#8r*qqp93BWuqZ7a5T3MMgLF#mTQ^>&_ZsTgW!(KhtQt
zq|SbZ%YOF7*Kabl-}L86tv>-P<2huI+3$0ZQUJY4)J)3pB<l{uJt-iJ$$T+OET-_D
zp0#U;A|Hc^{$Q+jc4d^UR$Kd=Y;1Ls(5uP5s>b_d4)1K+FLsX@mg+_M#r>OvGk4p@
zXhGWK(iwNSzY-w=86V>33I{YKmFw1Yg-Q@Tq>l_gwVq!^yH@sggUey$O>tqu(+f9F
z)7fxBAKf}<SI?@x38!jgJ>VSLb^qNt2;{FMe>;bk&;RHej4*ze1A68wn+7Pvn8gb|
zP&FghHYdV&dQY?Kmf=;V;KrSOFt77#)P6kpX*>E~g(03Ci^u7(k!d&?zuTKQCcVW5
z_`(kMt+q>6ILtq~=zQj<Zs7wxDV?r`O+NR-yazV8hFrKTKA)<k)I`{Qn`Dhz$Z?93
z-)O@fI~~ote4B4v*Bb0@fLep=n_Td>5%pp84gXSclYV?x`?Rgq<_*wqkUlh|`gpu{
zCAChRh^SyyCK9EnYT74hJSc!o4`x!Nc%^K$3(E|F#ksBzN!K3h#S`FK>rBrxt0@4W
zz6y|FtgTsh!qZI2OC3`5x~8tXRd)6#>-j$pfEd2+e6=3;#ccbj2vA?m;eL)|>ZEGa
zHEMPM16Pf_ehuy|b=BvWAJnTfXl~$Io+9ODC$su$#OD2IOMN9DY^Mp<T-;B8D30g0
z+uDZz*rJ76L1J!gp2Qxt!%ZHMZ;_K6c%u_>zJAntWWQbS>C)Br`b?(QA(5F}Mu#-u
zBr_Zb0^@QU@Goic)WDu=&!_20Ib`Oto)$yb!0%3Bu4mJQi0f+|mKV{2{=A}Tc28Z%
ztzFh(3=DMh@fhjtb~F>IR!O;>5jBO6p^ZACP}F<5#>T$+_6uLw+weWvCM%sC(b!Ur
z+PKR`r8errj!$)FhgiHyH1f5?CY?Z|0n2<;@=t}jrgkII0^VSOJWStKLs6|~*>dVf
zY2ws-yt#cTKcJszp^u9Ju}o4r62Mnxs`z+LZh?jJ!l;O7TCZ3Y9@=hZzOJDkmmosI
zT`W6dWfHH!q{ATSzSZZVU)k$ow|9i~?fk?;(ENMB9*V@K?smR(>Rej|MwW<IW5UtS
z{$kgXmidod&2ABzhG+rk)k9$JYPfqk92a>sbSmxWv6I%^_umewYe2kOj4JgDuTI)h
zp1vj#>YP^7MS8a7lR1I7CtUvbuCPbb)IZ%(phNA`RD3!@{v^R<rO1mOiQ1Y}@~6J(
zsm1BT8c506MZr>brTARYPx6;X8y53d$LnWr@?;tNj-BE8Ew4+DCyE+K^yjZiULA4G
zlkw}Sqxi;WglOOt$AJpM(G^t3>Vfv(A`Z?IaZpd~83KdgHk<SRloRLMuo5c%v;#ir
z>a|%az;R`}C4deUzC388dh~*npI(d*%vM~W#EeyU`YbgIAjkx&=NS>`nCspyVz$-=
zEM^vHe39D@DQ}WJY)9o$Q@8T`w57<GQ+t34W#^daEKUS_{?ythi$DV>r|q;Lk-!ng
zu`nagko%|%@j-ckRL)X9na~mxS<mE|W_etJF7~Z`g~frnTjyf<ZuU9fKUTanOvl=u
zU>1x>hMDM1BE-sEL$jZ3I~j{KlRcZEd`>U?J<(`>TX(L}+^1+w(b+b#A`e{%_3(pf
z_H0yK>Cm{xF~jMZ2dJtt{`qSITiTDqX5WX8zb|aHZItz>=J!}cWlk2!ezyOBQSC!x
z(8{f(XQL}%+KVSLvr=CZ7B$Ap=8w4=jW-W#O47P3O%EByD^1FzaP={gAGEU`jqMWz
zw$wAVJp!A9W9D20(e=C+eq*2=S@3f9rawKsMd=2elWe^By4kp=*`YT!Dv+f8^+F4E
zT*d!MXn^kKZm^Jj2@0$Hq||o4Ox2Wo)!micHUrB>4>^28`7w-J**z_FQwmlZ`Qm$O
z6+djD^?tcwLY~J_(+4L)kSjMf#m}^INf-)V^@}={hKG@iYi+xN&b(P8&%J!!5*oy%
zRr)aAmLEUzwnh<vn0F;q%)E9lVD_lm5{8S-*&1IZJ#a(djth%Q@A~~m%BS7q<UjWn
za=h<$9CmD;1X`B4`uxQ<Cm%bHo5nqLwyk3G=EqrY|4Od3onR1R`oV*Hffv&B-0I!m
z;9Y)nJ|1y!I-!x24&(8J=Zn29dw7|&rXrKjO7><9?+G0$RA#mr3#ZusIy%czq$~Z6
z&JPjMIbrNej|8If&n^_asqCvZ&$8V}imZp&Ha}dXum8^AcT)fnEhK{xa;~NW)vPp&
z%pSR^kGX%V+ANjuG4^S`iVn+1B-UX9taLmE9yM-dlKXf<NUX8PSLZv~U<!;SeT!}h
zSoQ|SIX|ess+Hx<o+97+s}ygSSKzbtCGcD~*wIOrUnb8MKR@<=1RHo~D(KCShP64h
z)Ky+Rjso)HYS3L-u5kZts$tcXG|BW9sHk#!uP@F9aPk2VsruO}8X`24d3?yu%F6PR
zRg8o-xR?ssH~iII7L;AE$6<r~YZ5uu>Yfa|p6VWJ1L{5<Q^(TSPdA$xSy?qapWBp;
zP-7i_|1rXPvE=*YlC89<U9RkXwsf@VKr}(%FXJL921JS3V?H%Vg~FGB^=|3+a223(
zo}!#gocWeE(skKz#ha3*J$qd^i(56Csy#GLkQbf}O^dzMn7@JbncserAPavIf@4U_
zw`l|z{m&g=fpQpacLDR}3OuScaIFs6QT8CM-G`(!HoEAvNS8vlcF}Wg?zL+$zh;nD
zQK}Udi`GR-U{iiF?3a7jtYOQ7DY9z~N6V{8FxF|c`~-3WqwMVJu_wnUH$2$K%lT>0
zF?2$_lwB}`?u%DtyL^Ewe_pWKNV=?FeL|cFHw9SZG`Bahf1_yZsA7Kv!AUXt%<;ng
z$KiH*kgy0y4!7ru1`=!jHe~38aI5j28=y(#Jrwu0$!D<3P(ubIwkFm(V!NPa{+Hf}
zxVrE=t|rz)49^P$Ay%ikTZ$)1^>9*$4Qns~%!IO2M83?-C-a3}qoojq`0UcRx0pD^
zF(8h*0O%lVm~Q{qI8hPC8B}A)f%h9aOc<AzQZcscPVTTaJY=mCaabJ0ZHIwY*se2B
zG}!*M1wCEXiHVDolvoK_t(<H1TOKim(beu%!I}HjiTi(Pm6&_2q!c1QvG(?@yd2JD
z#*+i7hE3G+rv!g0n6k-9g?JzqRo2pt`S<Y`Pf`W})vrJtz=O{ieT@(1bF!1Gn(|Lt
z-19)`@PNcojA<R8K);U}mZzB;(%m)xE+YeJyzG^gra0m0dM4fx=;9%w0U9+Oohs?f
z&7Zo)-@;ok`raLGyd@Y|e4?YL5?k0q#AP|~CJE&S6m-Wun7d>9egv=xa=5928w25&
zwi$qn?OG`Cm&$x;FK=k8I-Z3eRDOP8eSWX{q|3^<F$%eGy`}YDpp20MX7dMD-w)ce
z2WoKyLVTN@r~513q;coTKYKTk;$tsYa3D;5vz*R*@k8k<l?U@&pzb;^%p0v;ZYe>M
z!KvjX&mZ!t0Xp>fJRJS@0n>Y#TemK9)#|XE>yG#-84iR39V19H)7oo-Aa8K!0cO3O
zr_jq*c2RDvNomLKd4-yNseX{QRpoFM5ZxGcYO6kL5|?&%VZIX8Xbk~l?!wa=U8w74
z!Y)J7`uD368v^#vGCQy!3q{#q8wJ&8;5obdW@#>sMOVNe&V1j+MK@aOUvy75YI<KC
z4Qrr6y_A}Tfn7*kH$9XR|1BllK)OQ6+TbK5?za(U;&9PjsXf_#V~ZY!(14e?g$#lz
zcNSpEorBIf9Su#u9W1EUHmDZj^`wa?*qr0(o=(8KIeHZ%$%IVCs-`_c8{j@AlSfz4
zDJgP5Djkc_yPnX<KWy)_HL9c^^lf*cV-U2<luL+DbGI@Nkf@rKBe6ofZGejXV7$Vp
z9bK*a@~jQ7@xg+yVnZ6+0x@{OG3N;nh~-a>5O;8BTB<|CZM|t{E~~MRpeiJD+Tpkg
zYrdQgTsq%dVpQIb;clCDVL^==-6qvp&7i#-+bd>Yiq}FrBI+j&LlZHWrN~n%`*L@G
z58%cuf}+{aK0St&7e!oa6EZJeP+=*xt<mA~mv{%tQ)MkG;c7c@=k|p_VeVkWx@BK+
z6pW=jFpfowX+K}Y(l@;R&emv&_}0<sN6$_A6khwul@hznyUxDCl<9Y;1l@vQ)k}NI
zKSpA1p&a3PIx6OVKxO+eoy?1T&#ffE3f@r9P9ECsHWxBjm?B`lwD;LzVuYM-f8oj>
zw92+$%xz2|GO8j^rbQzVEo&8UrlI3mCW=6i>E99Yz)0U&#$rm_e`S(txk)C{P<6pf
zmBPTqSCz0;@74x7t3Js9eT|26o^}Nh=*-S-MF3jDcYEE5`jh8S9<j>{w|JhtX(kct
zq<(zffCWTY%bbD~Y^irQ+U@hO!&@m~MiG*T&^ET8-G5Z!*wksA2|}A>?~Lgg$<N<h
z!Z<b!taSZKDm<+pVR-l42$#&3uiCLzZ1wkr^N@-RTm0f-C!T;&I6F$Rpy^i9yE?fc
z=oZ`LM@nIUcHL<gCn}ctH~W8r$o`*{0g!-=P^YCnQ`bPWCf#owvX$gBYPJXJkqjU~
zR^mZ)7=j^i!7$IFuE3s-fG*gGo@d3glV?i>A->^+9Phwd59QK*MEGh1m5~Dg!a6Il
zLM4o`8r{wgEF$e6vKylc9rU%f-~kl}*n)9&41p6BGh5GzA{9+jF%6T$PoxsP!OGNw
zY0n+Y(05SlcRE>oIX`c2?CW3cX>@jX$6)wEE;sZa*{a3q^Sxf!s;Uz#_}i#i5t!Mq
z1$s?9{Iwfq*B)m-aI>C)J`E{@ZlKe`80emnF-vH6__Ld|jS>uQZ|QjbTF|wHLIVL}
z9GJy%`$mU>`@QL@xH0Wf0taOKYZEdw;v@5pTFQ16lig!#;d7LL;$ZQ|+tW4C>P+yb
z@8oLEr%|5eR7E>2?V04UKp$F<l}G(5(A`oxCUu>XH3=}2Vu4>~1dw%PT+$99pPgY6
z4IJ_u#G0Pz%wpmjDKgvX)jCDdhLKWl%oht+q4p{UYanxPl5VX=wF=wwCX%~;FK_Ca
zKji>P%7EuY-h-~sO`+mKB`8Jj!il<y!!|44wkwl-aa;;9Dc{JG65vX(yoh<CyrogZ
zL`EXmy@WXuFWTLWlxx{K!st2wRlkwaq_QgmD42dQ5ksaa#0m=!V|BMN4)+(TGH|dG
zma?rG#*wn^l0i`jQhr`kG36;hw9h(u5#9}HSl+Kl3W(NMxa=hMyZ`bC0Nu$QS&Ek#
zO~a%fz*rT|A2xIRodr-`)aWsBY}Pn@emGuqLMQ}D+A^yy6qzG~)L)jK{V`ic-w`0!
zGY3f~O|5Ram;|oN)ZrvGtvKgLD4g99ZWOrh8hn#LAmcG?ooCi`?q*q~*S8=0kpUmZ
zW5&2c$18RyT%XQ<rt!1JDUP_lgEyY1oBX|lu@HA~MEhLHeT2HXg(I5j>r!(d`RA;*
zXG9!l9I|b?lg=QI87<_QKEW_CG1;YE0tKqCS{xQ&J<d?Aa|kSCSo+=O!YdN(-C#Ph
z?CAM;v*Zi3nv1O!b|wbPkwQ{iWj#Hzo{vJIKGVg%mchu6@#PM;r;<8D+m+>k9xc6B
z_`GNmOEtTj;_5btI~o!FnH`E53Ad1qp4x)J)-7evg$wRa6S?e67v!O?4b$`3Jo-SQ
zO855gG}UwabKQ2WtSNvBsLXoMAW+Yg2de-3ulnO^T{a}aaE7j8?;_|Pdw~vt_6eJb
zRJC5pUb}XrViy6P&{AidY}Sy|$ckANYObcH-Ir%-k1ed*1r;)qGXv?5M{y$;OgiHp
z%ojR6?yGiMySFt~6N{J@vKV~K1IPi>8@#u#9yxV4NV;80$0w>Yo%@3A>4ep9MwH5y
z>hlIK)tR5*2W{|qZk@SbD$EmIL^Jhb=$QD&=ZDTuDgq^?cD*Hy^-N`Z=JwSs+jM{t
zgFOTAIIX^o{PlvcZWlzd#p!rDKvQmZTzHSx3i5Qv%6EDMiB4kx)I`@^bg{K&#yHFt
zi}uGtKe#%ui)@DidUg16$N3Udxx4*U@2hWQlX0l&RFGzJK_}i4Sdq*y0|KOd6xh(Q
zPy4vR<`1}Gnc+N|(DONfwL6U?UtLJn1=YCpSdQ1agLX0wj4ZMTr|zvS-ARS-3=fxl
z6+nHUH?s0;zcl~{Tar4n_apWLMb5`EC)svyWhs8BgiCe?4#Z7Eqmm(W%OEMzhlq>p
z655J-!3FIn6YgOgTx%SpUjhc<`_>ZM%L^*+tGgx_)e2l~^*1oS@#*5E2P>p@$4{tV
zqM1T?dqpJA%#Y6S)^@Rf(f!Szs?(zBA{cSybpjYx79?8=9cvW998YTNsXyQpr2MU?
zI$a9Zfh{wem#h$}*>idM>6xO=kQI)qyM(k2o@y~2l&}vEVJNqm{&tQ#7(Dr_swELc
zNTv-eHRYZKNdmv%PoJ+SRS-T^^;dkXzzT)Y&9SYBJ$n+vs39K`_%nquLyF8@Q-hdG
zA}BXr-y`uOm+dx>2&-zu-xk40k^b1m%a_HKCrjfPtkCCR_JZBWg4HX~K6wE4JlBZR
zA?K;YVn2e-3l`NM)#`lx()r>er?eXlal!Pv1Irj<o_o?*<MJT5=O~e@+$zz;rSC}*
zh`&1RJ-%fU+{t#`l#Berw&uVk#W*Mz4+sgqr{5w|qxrYa!B!4?H-CI8rdJufDE6q_
z!g}VubmG{4)+cuW1o`yF5B@_-#@~aO`vU8+q^WH*pnl({;#|hV1dS@8X4dKTb?G}d
zaK{T$>)xv;f5C?gHMh?&e-cL#>SdEj_|_<xCggZ$$uq#98>dlJq4#@?+E+ZJcmQ&9
z*ITZ}>&<K}2g(z_9#7bQ2`#4cC5YFlw3O4W)n(i-I<<dbJyBcZFNes-Q+rNC>5*7}
z7U562B?&z(IPK?vlJB^(i&V}4unX+Fk1a{_p^B>J^QC|w`)HU$g`QiD5%!bKsfe8v
zci-?C2;UXPnuYIqfpVnYhzh9gEKPvVc|Q%i_sMt5n`s;;dyA%~zA+n%$SznYooS5$
z7|R1|D%oyT0`}h}m!1Ymyk;^!hzB6#B%dzk60k@U1L(=iKU1aMYxu@n4QH@APQ|Ta
z)bH22FZ8m%E<AE8wk})p8{XNdj=jDJoUe?yr^&8PlABkg@I@Vsu=S@Ym3#J7wutMm
zK3eO$Y_5}I@wuJr9@ir4T|td3x)P?it^OFh(b3r}my7Vxugt9%d|p+*{Brrp!q3Ue
zE=SOz+!y5$+*eS&L{|Mey$L_<Ao3dfy<_Sd?oYxXVz>`2lDHhN*gdYE{Jt5g;?l;k
z0vgB8^|A83#b>TcEy(;*TEsW)cVCTwea*_2mLD(DeM>>BkOWc@g#q(5;Q2Kmw(%G6
z+(iJMyH>4cGzcM2fGu~sz1;sPC8x$4M|6b_HNtO<Q{t<EIsaT!<yv-5aPMPKi<+jZ
z1@K1NRvYw$t|;jPIr$o5G0{2iYwAGT#jGh2u+fW1;MX9gkAnld(8;Wy^6U0gobt68
z&9B;&P|Hi8jxMhgS|6(X+;jiMZ0w^Jx^NP{5A1F8dhH>F`riv))+oEF6H{-D{CZ%1
z-V$Ksnjk|xsXArKcVd*ku3mI?cJYn4sEg@P;$g;wZDR_kJ}#SPbe0BIAY<V7Roka7
zWJgGy4}&VCRzf?507J=}Ji}M<tFy3XZ!)sd5Oj>m#uFaxLc{3gn3wfmUT?3?-Ex|D
zE4-Vlo-RgXIaJPPk1FY7SG}}SF>wB|G~Yd+yXBRF$tgGM3jL+S_)@R}sYVe&fWcBr
z!2Y`RWW5+j82>-o-ZHAnsO#TV1SzFMK~lN}q(do@?hXL~rMpu=Vhf0Lmmsj|?gj+}
z6zT3wcWv^&w(-2@yk|V)d^u+fKQLf$yIJ>KYt8yy)4^^}^q9Yr3e%sj48}(EGUyX%
z{>x$AZJg;u(l~@-YI#{T?>*|sgz_Kbcw4ZX=MKqHB^{i6%RE-<T-fFdG%>JYQ^y$_
zo^;+&YAD1~@#}?UJpA=#h`q(_y^)4<@RB;|Kwy*E_DsW9@sEyMYq;3Ab;@zN?=_m1
zS|v%IJZj(hxHsPk*;9wAXIF1eHlUcKFsk_z&uQKx$RyEzGkBHGYp#L*Gc+3h1iu1P
zPvf*jvX5ZHW7~O}Ffs0GPk4J~>0q&-v0=|2X<@+z<gtt8l3H|b6W;6@ZN~L4lBCd!
zM>@`I%>@5q|DyO)Zebxp`07n`B8p1!7sq%@#vEr$ZQ5YfnF`BzEz0k)>2(6e`=#0y
zt7`e>n*uEsD-M%&GcB#0h&zTts;2+oS2d}%zb4-Rh0X;(0mC4Fv+uHdyYVDGy~3Lc
zC7XdK{LSQoCCyKCXEjsXPPF-N+WY6eU7BMnUj>Cgy5w0LCK!a29QkG)+6A3-JaX@C
z_uhji@gb_Gc1eFzb=JXv<n)5~gmiwkO2W-wq|~?M!kdQYck(VW>N>IMI)TjhF^^>*
za8D$cuD@E{R3Vl0Q4{b7Q^kuK<G|*LSap@51Y=dli(SU&9+L!&$YUpSTP_yKPE4sE
z=auE9%yiucznwmsYAPP15Bj3#yU-k-((?U)>(3_DzBU6@sri!a*=TTYEIdISP6pg`
zr9KVD16E{%Fbsp|2tkQ{C%`ck<phlWZPIN`MCj5IM@ef)5Z%(8BA!Y^@|3E9s2;0{
z<}<sG>-JZZeX~K`J#ZR1_;_=&idh|Z!2%;FH~>fo@Gu*xV*#~|wGo#_ma5kXm&AOj
zJKUy3KguF{b4BDJ3&RtmVKs^EXjoNo-Dal|P27I7s6*%=d4=dc)}%<f$adYDL5+=m
zF9G&Lcb0)P){jQaHP%xbKVLxS#zE(#lty)MD>KfQBGR!s;j0I%U(;$;CST(P>#Buz
zA<Mk(o~=9Co_%f}^yYaoXnRv?A5mhOyqcXt$(l~nza|c9I{Z3`VB-LB*0p){Xx}d{
zs>L2$$X+H*#ftdbKA;9aA!Aex6xRrqWN9qz%m=L|F_U!iWC!bQA=tUOIjZ!yS)57-
zD`ZqkK99flhJLJK`8aR)sTm|tG{$UZ@+E;tb)pKUh&Ay=!lt<wRcC%#ri!Xw0W%6a
zxa^1s&X;J&M^sz5<tvYi)p#RcQ~NdjYj8)n!;lXfzuJ;(yLep5XTpbP0t4+OyQ_ma
zdKBb2-&sC7=(5Zrd~jC=N5kzy5hAmJM0gQF=2@S~^5IfRvC>KM!WV1$NhEfgsV#7O
zh}xR}DLd}ZZu_+O%;-!K%r~S=9PGSzve6R0Y44d^yBx$D`*E-T=`bmo=W)v8M%@GW
zoM2Eudg7ru-=wCu@e^0G1{Qc+*Q^(N+t`qFuH86A@nK|?&-<lw6SLnJh)M7T1=khG
z?wt&~uP@R*%+;F`tpdZ+PA8XFW@O2@4n07M6gPPBSF+2__;Y~lKTe!kgZJGNtvF@Z
zNN?#s!2Wv0j!g&g*Z$UpDSNr~Ubwe>%n<9UKW&2V`8@5Dd2BQ-1(36u0w>yv->ZMB
zKfaHMHsBvls&pL)eQPcq4#tfPrC<ZseKJnDz*`oVn*$s+WI}d+x#%Sip_(@jx^+w%
z3IO{oh-Qxo5BshysfbW@=6I<qXsRp{quY4iZBR9A-15_58Vl06@$`+vNFY5s?bf2<
zV`8F|%xRMsfv=Y2&>boFnEX3oSio|$TH9bpI7V^NZ^o@%(Xh$UhXhA>7d5Z{T9D?f
zMmuEfX}if|dJ%KE2ZEDL3{XNjJsh#sm-t`d1!6l(UFcYKh~YUsVx~g&mweW<M-_X^
zWs2KjYnEMMv3cTOtP0c{6wourBHKyVBDT}SOhsICF`qc<c+{h@f@vJ25Qnp|!-lRK
z|A6<>$=;xjIp7t<ph7nCzU_$qhaFSPD@;8htgE~Cj`|dzlo#AI*7icYQnWsB7;Qb+
z=eKj8umIgbDWqN>gdL0Yo5Fa#b94K3&}^NzbLM6A1Kbtt5;(DL*2$9O)rV^BRTmg{
zJ>V|upLXBQ8N{D*IO`39vVwY$G?%PLvWcSDWGBxSkwFuW%~@zzSXgDS7r?8*_q9X)
zQ>EZ<lZVnuw3Hn6+*BY=Aknv19SKvA+2k4Klw>*4C|<;J{c>QRFvXh8TTnx5&>zRH
zoEbr;F@VUy2;69|{b)9!Ux3$sN`7Fdh)p5DAbNv>!uGTBBE#(Qqs#9pq8&d)T)%*(
z_Q0`$`f_v9(HojU{v;bIE3QX~&PbEb0Sool2@icAyFfYrv_;bHEm|(UbFavG6))+^
zM2I<9EQ+pNbn2ZgU~_U@Ex4O0v9PUZJIUtrrp99gqh%sIt>wc3m*<V~F?@>U#%|`O
z;5O@HA16(j>5l!zrA{gs0BbmbKF1SEpb6Xtzy<P{|LInTAk4JS;&4<9s9WRV+JPj`
zT62-z+M1Hk20!!ei|yH$g@hC61Ett@GVe{8W?rM75#i&@P4_vX&QSwkXG`c<%`oTW
z%6l6Ofs-j8-10efXKU0)x8-pb%sxd!W$z4xaD>7J(<=rNaCBBBV|%GzTf+}l*5B>b
zI!Fb6TDJ78j8=sQL85<M3}QOPb_y9U@OT=ARHBlyx~6r+2DZ|?{BC4ZqZH_8rik;i
z^0{SXlr=N_VVP!ZSsz?{!lVltdpO8;39tCtF4XLjBI4Z3N;JYnzA$gTdigfjo5*6?
zXH1xrn-%l*7w@Mp<1^H-iJRQNkC#l^ZNOhl*qU9clW8<3Rf!HC$jk#i694%|-+uY#
z7GXrmg4g!)$3=yDpCqydC3qr$3D)$%btg>XHMdX2vqf)}${M~xMeD=>KH~@2k221z
zwSVg8k4K+LBOm>ytB}Kl&+magw#NvqU3OcDkt#w%!v=7;%Xe%a%Jqy`ev`~te>AHU
zNQd#K@c0b~q5p}o7ig4Po{QICzi%$@_4YjdF+>aL&=%f6@(;n;qumRW7SAI<7Nhyd
z;A7?Co!+dLZ6>enFj_<Hb%w5awub{1a{<s?4m`hB<_{dogntDJ<ALCnPj#l`B}S#i
zNojVrsH`VyYi5lWgp;VWzXQ!YJR}$iKu(PF1$o$=PoW{w=0zw%;QeD>$)R06Pbumg
ztM(;1Us^ozL00a>0WE7g`QKCu(58iu`=5|iFbY3b<>9kEk?Za64>eeNgN}R;e26|u
zJ_1Z;|5<Mvnsx6hi=rHS8Ck_|Ov^l?yXUJwA|)AkB?(BZh=TJ?hvOT|ueXZ={v4;z
z_z+YAzD*}F{okl7pdBs6MSe#49!O%H?_n2**WU%TGmh3asc5|1zw$)zn|}AvjvCg@
zfKG-74Asrh=4!6?m*lvO{0<+i2;bx75F!7D9q(uFYmP@$0PBcVyYl0~frB?$H^{^L
zGvNObteft=!TPImrIrRE@#FD8R;Zc3CgU|Kwt>18|Fb__KI2rNB>sAiHkIuQQX}2B
zA8kFMF#4wn0Uv2R=-EoIIzy)1Ljm9GM}&k#lU*!8WpW$+wey+;m<F7^xM-|%(s6qG
zaFG&CBJ3Fm+M*9eb0+y*cOIpRIET4xPd@J=X3Lv#Ln!(aKpqRQks+u^{r{He0b+?B
zK%FGi(SD*~8$=}Jao~X^azQN7Rzy*%2V#l1TiX;W@T&i3iT+(zf4(D;^!vGM($P{^
ze{B#)7=%CMO+?#2@qViXP3YP&!0Ob}0!6*O;E^(L$K~0k=W#~f26z8Afi4T(ANl*D
z|Fgq?kCj3^wwsAeneewf!Z@p48a#F!@z^rKYL|_NfG6|w7OG&s%=kZP`+s)Dzh}Jt
zqn&*$PjdWk6^;NC&GSg7@`ddG2%U|wqq8i7e)D5+^e6vlmSymiU<;pKl%gWH|5kp>
z+M&&*h{^x&|Ki_11Zcg{n>|3*GeN=p>wP|B2YJJ>WKoTS-*V<M&iJ3$U>^kI0Rew7
z7C>pg2dUy$^Yf*ln2!HVs4j>5+s3Rh9%KCd1N@2*P`9EFVeg)R*XXZFkoz#{x8(B%
z!5a`IeS}VdP=B+uQF%FHJpFIHf${V|_HhwO$np<3&;*=iecNlTp0DJMd{h!9u}o#0
zxqnV9zA#|Bf)=%pELp&+XWl{ms$lfspKSYoFUhMvy8SnI_LTn75v*juzOc41==}Z;
z6~SE`Ul!{^{8~mZc<yFqppY3tGER+#WoC}o`}Yt1zZ)JfKfcgEpP4?K#Og1w#J?4x
z!m}$L7yK=yD&vLzd<>TO1%eUs;(okIco0}(r}_DD#(N$AZHe#w;Z9iJA`km(^?ve*
zYMOjMBtiT45_i%OGu=g~lZC+&>tNF^KaoYS0G``%2u3TB|2KjA%Rh_(!MDS&nExKE
z$aFxs?eEw%tBlYLhBax2lY<xZ|KZ}cVgeSNJewN0Pi`T3paC2Jxy(0{IK<)nZvK@E
zU8d0APx8O_w_o%hPKe7;UYo|>!x~KvytF&8u%_(aEL+bC5@B%o+7SR&h|91Y|ELx)
zGjUX`h}3qDNB?aRZvDCX?#^eT{kvRZ5SPnvV@P7xUx3r5Os7tneb>f&HUoOU@Zh_-
zU`;yF5g4WDovdUcT%epsA%Db@<oD(ucIST|BdvIUU;?adky3wOGbJ^`GN@yxYKM+0
zx$CK~pU<o3goOvABcAT}Yzu6{&2cha!Q*=%rT4}!Ak~c4>K_K-@8AD>S0TO*LFhlh
z1s+8ge*W+A9*D<#uuf*v2EGC5PtWh24@#;3IPV`wp4x2H@cuvf2!MUDWZhY`&JJG3
z&it$XOYwhNl7FYjf40)-U!%P5TlpL90Dcff35+KyZ)(7~9T6|Mq@_ocvHpjSaP|Ka
z9U)lQEq2itasO`_t8s5D@jC4b+|KF|h?_b;OgGGmiBU`9GUs8{tNmfCIaT>q99w9Q
zR7P4F$Dpw}3&54m`yqEIGtfSN`Jx()NH78bLBY(E!-9d1C%>qiI^z%+ko%Z?50cZo
z(%np2ZkOAE%+1x_Rn|u)PF<1D-5($RH_MU-bk_y`N>X&5zt+&Y4_?X4J{fx1o!|Ex
zmBPc<r;_v0iXu6mKOY>mWBO)+5m0Bni?d_Z*1Giot(>oxKg4a+&KD-x7ST{Kj)v)P
zp6(q1;A?D~_3%}Hqx@eAv0w|ON<DV5_6G+^HNZDSm{;veKeV3eX%{WldoEaQdq1BV
z1l$()5)pFM;ZkLj0;Mu)vhkM4fi(U*OyIp?QTYv)h~LF9oBZTAl1>4gs#(cs{YNXj
zbzArEn}#g-;r@O7I7Eo6FRu5I8ae_}vy!pCF*S@z;S=)-4<Er#&dZoD+?B(fy+DjI
z!2CVRAm{&Wl))ANLovH_;|Z5VAWnmmd7Se{%a+F<jcSy;WMbFA3|4N_q0S6r8*65u
z1=(z`7D1XAbIJi+%h#(wUzT(-5|6-=dj~BEX>LzC=UF&#su$}8A=3JW3hBAiDJJzW
zuVa#@4E%L>)o~4W!`KZz|5_wJaWi1s=UYPv3*O#w-;%$TKDYNl5kb;*h%G2D2fvzS
z=)+G|X<U(h1G25SW6D5tZ-324KS)NexcV!W*?yfxgke|ub?Nz`iSva=B3&5lMU}<a
zak4PLr>Bbg&hFYbJes$39<k_o-oJ1$mi+<?^}G4<xh^Q+6vXKXziRR-tvy2mlM_g|
zDLDTgd(UVPoE89weEHD%pI_jF@Q$2xtD2v>0aQ!hx%Qi(cl16NG*7KZ<wQ70j&~zj
zaNUEL_7>S(ccv5X-meeB!|&Uq1Jdb-3$$DAA&pM>knj&UZe87cBpWD@XJrg#XsNDL
z;Ea@LZSyok_BAZ=xwGMDBARGFH!ED})U)`nWh+QN75V&rtv1W_s0%D@|5%NRTVTZ}
zGW-*AK`6@NfPTHowg4@0;~={IC>VbFW^gB!7Smv+V|J)q&^1#kJUQl@s-B)4>1avz
zwr<TCp+^F%VV3fi9m{PmpMGpIPvv^kJq|`WGy4%BwOIo^3?F8m3%Gfi+-cgFYAPV+
zU;2eM>Do@7aam6sRm`2(Q+gqP_wqsL8Uf=jDB+5;NUOT@qq5l~?{G$&7(g7T#utyB
zvkL$5-uFGH*-(c#IrGK8Ze^?zqzKFY%9T4v9Q=N)$-H)`4IfFp4Cu0LNh4ywjQHz~
zJnQ_s{1GJg|Gkl6gj+UDQu$IG`0xJl^0`^|Tud5;5|P5!fo>Uk|Ih})#X40?_bEhD
zRDyWJ2$|!41ylIo$k;DC1LRF(Aw}!oArUs>pk<EMH*{-u!MsD7Uo(*;CPB^rfAb6o
zAj`A)2I9Ey3&m)6XUKO42?>W50xpD3x~53MdwUGT=!2J=9!Gd$2dm}t2yqwaO%p5V
zw1R&m5jT68@wS3Ur4T6Ew1I-<mUqh=s&B}YO3hv<_3nE(``H0BuEmFold3>U9;{^o
z>XTy2Reh;1tZ8UsGW`SYVwUK$**<4sSm=7anx1fEnM&%T^McgZpd_r$us_aKGcY`X
z5*!?GqpctLTsb-B-@>Xf*?&NN^%iPWD$;#L6pz-YA}xl`jztnB^;tNVF0^7Vy{|{?
z8{Y@}B@QYA!2n=dymwM|Gfd&L`9Kx$z0x-Cc|g!R^u|>Tf6cTz$Oh|)*7=}C<~idT
zz8gs30vs5D@ZTLW9s*pg_pN<W0Z6L<j#nDs&GKr8FNKLCUeFR<5qm%pk-MbMe3y5z
zP7z7dSv$n(KutvWcp1&`!R3xDQKrl9*%w_%&Oo{usP)+o5UV9N$8IDnM+^6LBe3lz
z07p^vS8o672}paBuYnCYDAxt^*v{%@S^b@Qv6BvH2MF?baTDmkQjjIY3|e{fHDVjV
zU)`@4Uw!){gUWfENsJLpw<Nl2@$J$IKmJ%Ds!+G8tJ-PPg>|G*Tb#`*jVLqp;NW1b
zVV7tKU=q}MPN6mO06LnzS-h!WJz1Gqzo@y@65{y%FGGP-EwmwHObSfxMGm%k=ZN3d
zC}7VQ4T|PJhVxYcIGkNe*-N+H3F)cTket`GkhtO&7?PpIy~6&G@vG5vQk6^&FwKj?
zlY<r6O4l(gCIVx2Ym3RODnaB(mll^~Yt!T<eneZGw;kHHYU@}L=;UN1F5tg+1W*T8
z9+U^_6%z-|8=WFxqLom}M<tyQdsz&V;}IOuI*+6JG!ovoOoCo}tv-n2I3W=cnh$y>
zx&CBz-zPD4EY0Ko$`YBtqQx##gV(E_3y<Q_sUEP?If9a6-QK66a6YFgpa6Qa`eB`O
zD_h9zI1+)bDJ3IC-h)3Ci2%8VAAbHd()Q{`MpR{}9mZ6(2l3y1u1i`nDMoC6JkuCV
zzfot7myHY+dcS4bpnCFDO~LJK@u=ez@&<H5Igt8Nzi3^9(LX|B---Qs0>(PL?q`uJ
zRLXq!)qj;$w=O730oTp6vOlZvgzU8_5o^kB^NEL(T;l@ANOOB-Qqy($vl!ts_b)?>
z*HH5kks$~r#Z<XFev$5BwkuEL-`;ZnJOncc$4!z@kmSxEW{`gf0t*(xW8Be;3vkHn
zqzbYoblQvuVeeZZ`Hjb;Q+Na3r!z&QDlRTO!YAWPDpt$-YoHJT8VYy-_M2f>{NU>8
zn4UP88jv?w-Y8w;vaREB*x%xg7XNQ>(aP6I3dO7QefD}ww_!sXu`4_NYv;XhQG;la
z*y=(N6|i8?fil#vd);B;OS4&QcmqZ)3C(9SRg3zpk%_TWIY~eE<G#&^#H5aksf9B|
zfobgC9DM&XnuzCfZzf}6<mdGm(yE^Wq<2%5@O0M5u3_If`(|budTe%1uI^KmpDLv9
zexI3m?c=F{;!$v_s#aql9L#eZ{s<?MlsCfX(mp0arKDQ~Onv}LBhP5OcK+9kq_{r!
zNl&P(C(66{LlJx=Y@r{~VFdPsCm|s_Yd^DDNGywcK|-r1$E)^5;0F6B3I;)z%!ma;
zW;#c+-Ss01rKxMb)WlZi2G9l)nZvnah5Gty1i2a2%I*5^gW3z!lKFa8DFQ6~gWlui
zM&aj=o6=6HB~4=7ROU9v#DXA7WsBA3yJuzDm6i>glfT@v7YN(wrdR?3T%k>7UP$_L
zpA(rXZTc<F%_Uc}-oPe{;#`ZdPbuduk@&~k2ZT?BGdlIYMwtF6Q3Y+nPljfXx4H|=
zirhwyra@=T?yNA@%$k?3X4nEda>z&tV>I25x(ai$A<Hg$CWr-Io!2_vWNq6%CXz;<
zAouDQQe2kdW%kF*^S%RDr>fC;M97VFl!ipLIo|XQ5FL9)mg1lp6zE`!5b@0JX6CG@
z!Xr_smc5JM%ZNAk$_SV8oTrl2hpUTpE4I%E!N8F*Hy`20tIYoK=0!mUY}pMRcDQai
z!%Y!4KK7~a_!CjaXRi&mBd;`PgF8K}SD4h*TfkgYDNOA%R$oAn`D?YW@P44S&hEsw
zZE;QhjxQ0x#<vu|**UI3LihaNQI|4QKnqNJB6I@?_IGLCC;Yv>Bf=405W(%%+eG=x
znHYq|BfJf!x4$Q!(qk6Sx@chnaIlJL*Lg@Fm-(RG1a~!?T1b&@Y<a_$HfTIQ-aHL!
zDpcO15i3SQ!C>$o0)o_htBG<K+-R*6yc#lEnUJc2?3k#i=Vh1Mwlis7eMhOTv$-wT
z=ggGOEjQPwG^4dN(o@C@TPzex8U<=S1B#2mSY%?d@dg(s`Sy**59QBNUPB21SUv`n
zMs(7GOeTeUz;XDd)lYMKDGD+*p7S$1QltP&YT2MS_sbXNpUG%T%h;b6S0x;Qgo*)$
zj%Lg{Z&l&?K@+<(ajKCe-P6Tr^`%7g#&TV@d<Aa<)VhiCQ0N0$2|e|KsnIWJRWyob
z&!?@_BNbJSLywECb$J-dw9HJYh3^Any9bPoxk>-)fLguNL-jYko%^|?*qqRx7Vz&I
zJh`+Lu{p+F#%uRPcL8<hRi-_PO9jE#9cW)!@|dI3@;6+a8keUnk##jf49B685RyjX
zFxr>6The@>9-nh)9^9XN<{fz2_Whj}Dd7`ET%ueehSp-Z8@8b5YGHxNW?Z;apeW{R
zqH^74A>Z8mUYm#g@3cCnOGO+p-y7e~W;lftv<#Mj!i8w0n%bpIJY#=c;Q&WV2Mv-a
zE{7=*m=^E?0Q9pStbU9xGVGy<;I+{zDTL9`7|e+B*uL(|Shs;jdAGR8=!Ze|5?OiD
zR93LJ=3qQ6BY}9A+Sw*Bwt}Q8q3&2ZYN>^(lT{a{!LXM2Umgas0^iJ2Ja>HkPW$v^
zq^aNG!6=JK8Y)8M+KH;?>tFx$@+5+;Y!kxQ#W2M`MXTmf`gTXd^_rc^6m_D_HPZCa
zZwj@#2X`Mj>lb<4zjlyBac&ArH!mY+$OIK%CM(?Sv(TkR1$}*evr{;$dO@X!O-}gn
z=4c*_hpqUN1-t8x-Ue5FNZ?7X0LBGP3o>*NJI#>vh2bT4SlH?A)Qbvpg~3W4uoD|$
zGt<r47AEV9k{0P4mZc`JsXU1umCH1@4|InHBzg0Lurc?0#yK2Ob1=x^ZuP-e$q9B-
zY-!jWI`84dH6icCml4=t@8M%25|cA;>0k$|b=_Im=Uu^?28=tV>`p|rI&TeYm`f&B
zzHENmxkzVYFVR3T@SknT8Fbzl(bV8s@fZrUclsn+;ZAZ{b;D!haA%j1NBOL|$#XrD
zpR3~Xa_wz;6!zcvv=9gEWgIu{%#iYbQJfC)(KWeF(}Az;d{)%W8Xc7mvENO+*1Rs-
zdoTtGXiL10o&XfEynK6>B<4CG^i=3hSxl7EB5;Q?jWlAp=4tLpC;QL+u+qIQ(L;6b
zqhk`WWPl#S5(O1D!gP;<NP*UvZ$QfmCT*<K$J!7Gz3gmsKU~X>e4p>q2f%w^phLO7
zH0?U|JYJv15b8@`0RMS;PG^MPfJVakI;1|1;<}(gw`OO!!d!7A0<G|~C~$dHP8YKd
zqF#`z+c41@1JXE9#8bx7iKbl8X!Kv7wkXC(%MMLdSq^Ia@L(J`2tNU6mpLqr#^%cd
zW>YG835g1`fzL+YWrB5Wn_@4HGw^!W`Oq4<(QjHti^rt3w<oJipblTPGG0+dA{$IF
z#wTO9;9E{LdpDVEN?k8CTHA6)aAvv)_eRsR=WHvQmUUH`k0iV(ri~0~SXO88v7V|-
zD_YUF8z6E%#o?LAee_7k@SM82_V`3l&Hw0#``ml7B#n4AMWfI2*LeT70MnEBtsLsR
z1?_B!sR5s__+5E)QRN&JR8Ad~=71!oL68h4=fENAxw^|D!6PapCs!bUOv+P^*_ztd
zca@~h{1TbjtWCz9aVkUEq{3q2`0#ns^`_b{ZnFF!H|oH-CQEu+8oG6w3uuV#>i6^1
zh=bcT+8+aq?44;)8@nklE?la0RGZA?37h6i+$&8kG)#zsEz8_~W~p0xrtGB&Ett1x
zH{;xP*URZGXcFK0q*Lg|9~@>MyWY)XtzM~BhF_M9bwK;Bp?->`&&+IPr+DY|z&sO)
zhK<scY~xi`WAWFql7V&{{T4yo6ou2(Dh}Pr#;bt_^(fHr_~Y8!bEN9$$_&6-14Lyi
zQ?t<$orQH0x@)0O%YhHos0K};-aaqp-3`XJv@niKJ9?Xn^UHbo(`VIojD`huRefZ=
zWLcL3`+YH?+B%0o9te51Uw`+$dWm^|f)t=B@sjx$vNy4ZlL^asi#+XL%l`IEsHMBO
zyF6!xj(57XrGk)KYN}+#8#tL2T3cJ^@Y#(+^A&jAdK?x_7Mo(g;YCeM#Za@&7=~zm
zNAE@YPC%m$p&N?FO`OPBL-B2h)n+fP{3V>82svG4EbVgd>$Pq?iaF!fsP;Rr+=Sx`
zZqurn=xa*szlp`OWIvG`z=WIotStI3-x>k#(mP|uZz_>75uI7xGDr68NUR4KlK$~p
z?>)B4z7kA4^};y?-GvQGJ6$`(4Nhg+)(^mF5AVbNF($>aVpj&JibI9Pip<7XOS<d?
zm>~75)juF+C134Y>IO`Q$UJy}qS)=G4??Z`AQ)-e&?xi}zCJT?`I$Jt<+8=cq*a=M
zCk8sq2iM=AK8a=DB*KkHE88%1CA%639s>hy%4-;j?d|PZR4x)wxZK|WQSR`ULDdtd
zCAY4FIJ6ZB8nb(YqBlZSbsik&>tE8#b>)(!=Rr4n&c*I-W;vU7d0>}S$wNr~CKw;V
zd>Srr8;M=M{ibAvStE;E#Hz__V%4Hs)nC)4x5r;8JaE!NDS5O+g~&DKg;tf+JBKm1
zWhIjBnTkGs?HLG4=|<Hj1`3K=2<EVL@+kZYr@!(s)dO^+Xls?$w!<#%mgkS1$LVQ_
z*ma%(w$?!-2dq+OHn|&!G2?MDu`aaNV!2)@goQ)%0-t`0Ya`<FO%>>oWQj=+x~;#v
zWmZGy9@iyDZGms;XF7hKOT_we`uloIT@3qow)YKAO?_#Kfhy~7QPo7sq_l@$QFVUb
zjv6@_u^fIaE6wO}wxK>f73Pd#iws7o2jYHlqae-{W2<ggk79keVggCQTP}6zt~Au^
zW;bqDsF^9AjP?q~rpOXsM};@>Q9!;hF<OS<u~PwuZQoD(0P<`LR+g<lO)jI8A(p+F
ztl}k>WwBF}9~~>nHB-Isr&X9<bP2OfUEcFBuknmIYtyC#n@#+&NUc5nJ>0&hmYOAI
zx971aDjkY2%6#GkUCB9hL^mA1>i1%#E#tL~Og@FG-DbUXAkxwH_6bMAhkt)O>Upv?
z+fTGPz-TE!o%X|M$I9jB`s*H9%tjhTmoy5YmZajUF;bn%tb!4%xO<uv2`*KnPl{@a
zUY}f!y@CYECq30vAGk0no`Pj>_ix9lo4~Eke?^McHU@i4(YwO$TwThDb}p*JbZs@;
z1?q@#<F^RQOG2I5ntaJcoTRrY2I4r1M0_>U(sOw$Uo+?Ae4b+ZrnP(}-ENOxX1kFl
zT)DVw%A|i&I@COD6q`PBDk_ZS{&c6sEM5JBdw+5G3av2CMGabCw5nAcrQ|(>I26wu
z+1SjiCtWdwN@X$4Z#x9)?b?p}M4D%P!-<f)Jhozb@Xusbc=}?@8gWqn)~o&LGO+!q
z_At2JEB}4#`f<jo>rE9-(o;lQLGw+q9Hi-8D<meT5R6)ZiYJX3kjjCH_q;g;Gk9UL
zZ2(`CFJx>g+uKV)Yv}9Ez-nN%6SfMbY<-R)nDQ?ONt3vIO(4{tCY&sCHt!wp0)Vbr
zSn_~L-*@Hplh*qT)-mx^MbcCmY<-W3Usu{SO}NpRxPIPe3ml)sE$mt0Kg6*o9UorM
zjDDN-*p&B7YF-;JdwjfOjUObRz~SEv{NUK(5<_3p`|{U6=30Dxb^1}W%@zReSJPUS
z1lhnW5D6ca-`ZEln-;?bI#G*tb6A4;$5gANgeZszAG;#4^FPD0kFTURf>rlh)wPY_
zK^&WYI)Jg6*12tM6@=`As$&iH%w=U-t)!wZAJ!KV8YT-tHmIb*ExUEI_4=xpEaK5;
zS)4W)tJQ++G=&TY{+kd;mB-kK=K5k-|C*U%VY|~}hb6y6?A~U~%Pk#vNd2hjBL1hm
zpU3jU+aQ1eVML45Cy%1J(kHaEQxb)~?7AC^oIfqxgS(4oLtYgrEwme8HmaO%(cv<U
zcQpy^V5Qoq2LDhwE@82As9rR6dQs{AOG>Bub(DT9PR9<L;LK!~&$sm0R#`p>Avr74
zRGBv^r2U$k)cD!rYu}AdLlT@#-Ni-6%i1Sc+eu_N5Xxqi6{cQwH4@A#8n?%L2f2;n
z<}A~-`0qoWDFy21+XRjfC8<dY9!xSQXVF+|)x=#JG^=@wG{dgbHVzxm?$y{%$pD?8
zs=Mu`2YtgHTQ?gUaXGXv{3N$Xq-6jpIzM{+03V{}B>nm{=Ki=qI&z{St~*J9@_cM6
z?5kFMbN3<irP~RU%|RvU$dZ-yetb{#)~->PyZ6e9`N1PyXTqowUMeVT?oIwstwy-@
zH_u5hk|=+=AM)+(WQppB9+5h%(L?4`UX1zIH@fZb>{u6>zNPoruCn72F2FR}DICoj
z8smXvPpwNqw9(z?gQRXvljIc^TRKJehx6Hl<&i4hZQT{~<EueFj_ha5f=DH=w&uDA
zHL2OywGWbBDMrdm-1vS^T{*baooR8tI<HdStagE9;L)e2cS&Y@(G9VMI2$zn<=H>u
zKwG;5GTHB*Q&|5)-20-fUCoGA1=|$;jv(uyT*<<im9?_<55tHW5##(oeMTv(=wi2~
zZeX7vpDj7cKE~syR6Bu_`C_jl@&^d`@;`}O?%gqk_cFMh!(sMEfKgFTkjnj*(^rs>
zw@9n(-Q9a`BeYk)6h*UTtoFt9r0VhA;Po~$p#;}=tx^S?^TdKMyyi9Z>c*M$>nmsE
zv$V)O_ns#UzF;(YRHEFNvl*?KJyH&|x<h*l>ColVxtnKo&=}iMkv%`p0Wh+KXr$O$
z@Ii2EpEOVDSQ=W@caP<l{9OK;KaIN>u^R?@UqPt=m*R6FvVj9mirN={abi$yk<V{%
z-OFr*?Fc+#3dsN&T&rkwtTfh*@i6=0`t5!uM;Bxs;1`beS=N0(V&}U3Y5$gc*MVuJ
z&rFhK5WGMohl!xW*bLXjmb>iehaZX#&`;@5^F#%BnQ)MoULV6KDlK6yCgpg%p>JNa
zqloY|x3`;_l<Ld^n>tzbn_y5%6xuf@t}&DHhlI>YAe-Nt?2pxAKZk#z(C_rSPoh6)
zQ}{_e3Vh~IFFP?-;Evz&Rq6GyUWad=U+4se8N0t|*wZ;4#L%hm$PuqFL+#|Pu6wC1
z68%9(X)V09FZlo~wP!UP?OqpBiq@x}3zWL1gpk(&tM^mc$9<%Dv(mI;ks9r_rJXUY
z?Cgt9ydOt%xhh!IQm*WnEuBoM6??54hn8NxcGXyP0ddZhNM!JUP%RT&h(q_QWB8NN
zoRa-Z3q0+XUYMvh7xi`YE2mS&(`^B#+#%E61PpH48U4Lwczn6*oMU?V3B%YS?5bxs
za%x!x#eI&r&)67U`Q6013ObPw@*zCdre@a(T0ZQ2ed(UmiloI_JSr|DEtmT~yhO9c
zOalwtL-k}!P~O4FGCdAt0}Z&g_YGIXTtTbs2FB5~^`#fpb{`C9qGkCoMd<W^ml)k_
zQ4e}iQ!u{Qp*^1yJ&-2c(LVn+mo3AY{6E`(^3OIvdQNKnucGh@Yy)AAq96t4o|iA3
zf^Jr%74ltao$3i|)7G$^e%9YYdLh8UiXuKu`xsNwe+&VZFr6qGB6rEz1Ea3op5CtC
zvT+$4YB-Iy>2m=kAAPRLp|2kv%7ZcHPB=oKX*dGVyL96ZnsI>X?~E2r{m^%v$q6)d
z$XH-|O}FPT_64vTf6TY>oI<4h$H0_Fanm#G5^Z~*l~|u)APyU$MQfby|8TP;jBAm2
z+#c;PfW!_r@d|fKelY)S!D+I=(>xAb7e__7hRN9ejts6@{NqoPk>Pi4B8rm7SH_=O
zJ~F%daKs1foa-J|TG0_;qp2cNO{>~1ieK(*?fggvP7AN~O9R%uPXWSZ^;CmRPY75w
z<j}ckY<_j$?@fC5L>OwB?VPaE7x$z4c=J)1TCqyFPG!AvS16_F#88)00xN|(NnsqX
z<=5mpHmpjx#8QhQ-}yVc%jb9LlII7lE+=zl?W+R?Oo!ZHi)tVpU@_X56Lu;wzoPQ|
zBlU*<n4iU1K2(R8IOvy8>IU@ymmuY+(B}-7Cw~mO`Pr|lX4K(kM&}$dz6?F;9dqJ-
ze>4z$e*s88MyQ)HnIc5Ev&*1JXJ2Ogsm*r=+F4vo1H9MaNp({WV{?URhBLV_uGLt%
zo808nk>v1HJlr*I=wM{=*RwF#nDpaA%cl1<@f9dip%s{oT1V`o48r%*gl<#--DX6)
zb7aUS$4=Du`HMoKust~zPGUAaiKmPgLouOCWQ85>lkwjVP=GP}I5*S;mn-CUB@B2I
zM(M^{@QfuM)X>8Q@io##VJFM8$>3HIc>ve|mmjWp8wNJ62DQ40k=RYV{cCN;Ytcb`
zn4i1M6;c~TbXt$MY@5PcCaqhTD02oP)!wV>`UMJ&Q(OH=A3{jU;-YGrH+-7W@E(JH
z{RbJM&GHJL^xTR?!oN9&cVf@dZ`Kc6Gn|mZ{~q?Y(9U8&jN`5I_JP`6OoP&S!n=LL
z6>N89r)irIRt*^WN*Z~~Q%R8`=XvHhC96ZGsjP4KHK|7%I>X`v!BLyk9Z5kEhg3pp
zYbEb}ex&TXJZvHdvu*D6<^MqtrB`9bs|1?Qdg75v7CKro#>cfL2YvUpMmBGpezBEM
zW8p_7Afq+v?IE+Y<7dWcn+q|*SoS`3P}<ipEC9f0OueNiuwqy>W(94qOe|EDjR*qJ
z331g{T1(XDc5L`Ph%nxa_))pR$|4DX%Izwnsx6M1fy|3GG3PQkU6o?L#_P;G146aw
z^WM6Q+WYm;sU{|m!(91Fr+p+Ci;T1iVC<XrKwq`JJL&M~Vc3CpX2l?L`KuaK^Dx+;
zVA}DMDU>Fce)w=tp!?=@N8S{I_g0{1WyHcg9)rLAw_)@5v!Qh%K^z%0i-l%}ivz-V
zNN=`XXNx56?Mz3ie}KyIR=<Vz218n*QvGfg?dje$AtSl#EmvZ|y;M5wrT~ZazSlU*
zB2F1Ozxj#WO2JQ3Fx7A++`DI|iYO!mGv5?KT(;+9?gBliPa)zBV}?G-_Mv1Qg>Mel
z5u|^V1{z9Lq6#piq2F?ij>t0obLi67`pU;d&E*%DBq($PL<vsf=vMy4UhY$#t&O6q
z2^fvwCu=+(O5A+Hxu*>wBWz`}wC^y=D4#kHA-e>*OlCfFK{iMexv8hprno<$Vr14P
z=M|^zqxkC`{8EO(`C>85W}xt4n#)w$APCA!zS%AGADS?9$I0H=&HBkCy516dD!O#m
zp*&BERE=?I*bX`-^a_1OUuD`w=T<j)^%%SC_St-PF0J?7^q6kyjb9aTYL>5~iW8#t
zBgQ2``WJsg{6s(*ky(q&&*g99OzSDgitSt^i8n~$x~+WlEuB~At~AGJ>Wg{C(WO6B
zrbOV@baf&a(@A$eQ2O$+VS+Q3_j$aq^9F(Q?rgvHPejS^YecHrIke>Di|;j@o(09=
z&fR;TyTeJL_ACaC2|jRBrXs!dwRdmEOC$4uenW&1JaKd?CMHGBff5|kGdBF#q&y#{
ziZh1*Kp)bxi;i$G1QuTMn*$l~AuLZKpED*th%Q*0z<#0Ky#&QzC_Vu%hoRWv=}1xk
zrY3V{yf#HP71r-shWIE{zmqn6ocdkhQ!7dHkzT_8i`jy7BCSjejXfbf5pg+&84^9C
zYQ3Dcg^Rdj^#db=U@a+~eilhL8zSJ~7ykl=h}QUMJ+u!>#Nrd*p>5Ag$2K>Oe)JtH
zB!{Pr$$erz?ALFrBJ)gZ5@h}HE2r!H$K(j~?P)QY53v-)a(JM|SzTW7!72WT?YOk|
zev*JYl5d1!CMbyy6+Zlx=hmY#?DwlvU}!7xm$T*wbObhr?;k22punq<PVr@9m^ICi
zi>cUNeS$Nl_F2r{;9TF^naL5h#706l_rpt4Qf9S0987;^6@b|vu3&#Rrh|@7fN$b>
z!%Vcn$r(WcIa?M;7%aKhTJWp~nAF{$zt6=-C<Xv*@nH%3g@1h6joDZi{80akZbRN@
zXUnm@i%w2Y9&ocaWy!HwbkVB-38Fd{F6!=V6<74MH0U+^T`0LhR7t=c8_#9&uLAfC
z@5hBF<<z~P>iH~OqDC<zGMx?aQeZxCU_O9htr=SM**9A%{PWN37kxS6dFoIi=Z#_Q
zt|I-0IJ1FEeSOkCpVKQ>Zks}A&aIw2R_`9(ZouSq;Ts9l=YHvqzSQ0+xfFtHSg!u=
zz$pZqn%raU`G_lw0sz*eyUymP;)xm!+!iD)CWcnad&ppCXKo&wMKv)Ech>Qd4F<UI
zYdsYMb<CRfKc^&uP_Ve*>0-WJl(EylT+76fh+<k}j8a3I%v6;(rmyAXDXL}e{oq$L
zf%4TaZwD6=n+Ge@DEFx3#FUyGbf(81XBNup_Zd}PRwW6wlvD44$<n;eI}U<`jK&w`
z0heWtr#t#IqpeO1-*>z_lRhGYF!LooGv~^9Z=_ZXgFzPZZt@eX(I=8DG{Kkj3JDD#
zs&ov_GXi)~r!`QRYUbLA8p8;b<G6ehIh9@8t_zB|UrOZZ?%`RQ7TMNI_UE8gE<fXO
z9<;g8N@1TS!x4lXYRs>^b%%LP)DhQw+ed%7rNE@E4gKXD@<1}spuxrFH2H^Ypxx>8
zoGSXF#5Y<bc3kgpGfRWemsR;b0q?EsZE?TGX6Rfd+AW<QU*2OI)n9fmzrNHVOwjW7
z*$Q}~2a=Gj-<F3M_V9?`;NK2t{l@|@Ug+mnD^QWFqa^Gz(5`!PbOLv^>2otI@{o6t
zpAwU_o@fl6@vYa1;9ecvapp)jT<1bIDCUCoA6f>bv(MgqXo{5Zk4Ix~m>to-@3?e#
zR&+e58Vhm%Dw>sGv2n(iLw4^+ur+frL%9Do0q#A$?S1Q>e|$+#7J|Kk_=iS*yQu}W
z1hwt$Lj(`tUB!Xd_(pV7`l@ZcW=`dui??U6^q={v#lGVwMvl4aL0PR(h17cP*WYlQ
zpV7DHATk<LHMXv6E!D%cQFFdG!r^2W(K5Vo^0Kl^9tPRqdMx0+T53b3$ZFWF)=t&w
ziEB8oKw(E;U;uN5>mta7Wk4ZU9Q)_>Bvg}qqdj;I&x>&n4{CIE(NchQj8$qH-4=k#
z==$;GJ-mG_O?eRr--gh)s_4a7E6Ckd1{n4xD{TlHCir10v5Bp+h0t#crGc{XY;`eF
zmCN<_)i2Xhr?kB6#%UERC7zAHPJV0m&8v&p95<-8;S(j%7qfvg)<YzPd{9<ZhwT>;
zxrNSqY^_DHtzZzbblT8cqk0XnkuY~^eCA<Ui<%$kQqy3=&?jjmq1sg@9M6)Knek97
zaC%GF0KjG-+L_x4<LlIA-0i<zq3$16{n2ru9i{6A*f-XabiQijhJmJGS5SE?6j?X4
z9v*iR6RdC3`+$h`3<5}C8yrM1Qu~)4r^2Vuwfmc+Lvwxc0_Mu6GdtVQ7sFIL0}fXQ
zs$pe1vj$PvY}4qH5oCQC&XyVoR?{W*QT_IbVC-=tErf{4f9!2_1~XA3Q@1*`eIG;c
z0d*V!Z$3nurXseBQ{Ze79_|9vm7*<D{_zI*I|dbaZl*A}>sVYZNlWZlRqaLWX%{0)
z91(He^}RL^pQ>jskzIh}wt9>MA|12)9u+qa`%r(q({wq5FM^=|TAIKu)UBnDjK^{Z
zxctzI60|AHazS%2L6dU~G#Gv08+nRsz$T6JXWSEx1k(Af2S9qPfRyyFNKAqM<DwxF
zdLO>=TS2l+{8od^>+I)O22lz&@0%Ik=eVvfZ^XdmeMKU0<XoURXx0P+IR7J{?k(SJ
zQzxJ>gpia<`kfzJ2Zz(cr)Gg@A33!3C8~)wZb*N^lT>|<;^lzJgW)`76ENkt&SAz8
z$X+(aN+_(SYo8O|2gAcb<S!0tIjUENH8y0di+8F)_k#*R<mbsJR}X)FiQf>?9goER
zb`RtdayliF)d_Ha$(s*QCqTQ|G<9lh<iT(PjjJJ1%Do{Pq??UUrM^PVw3xnVUJ6>8
zG4-w*>)B^t6jSZ;3p7;7dgIweK`AKb=+1?jhur=r0?nNIdV`vC+xjh<gWkU5Zo?wi
zucPu-p=$}UO+WE&|4yY*9TLuE{5-aLO0R8-XWs|%UYzXnF&0&gs?Owd7XI-B4|vT8
z8cduCLgQF<BW!Hult*A&F6E$@TA<nDFQd!no0gyP^^HFh7p6f0UNi;uqqT83Pi(p4
zSC=HwUF>MRo$PYeS#W1VkxI<^bycdM#WC@$+H%P}#WmR7bWXJaL0Ca*dU+U)Vda+n
zx^Cgi>`Kp$9qWkWcq-j2Z7rDkQ>`oRTB5cRqi8ML!)8wN@<z5!)byN50!9wH>%Hu^
z6&M^Y&z^jO&$QT<uqTy`QBkwuI))}Fj7AZ)^-wU>J2lCovqOlOWx&d3J_NofDt7Kv
z-}xfEiirc%YQ|AbYFiI2{i1quLTpQHCt0E&NuW%;i_{Y6m76zRf%95k*53_hsB;OE
z`ImIi=4t6fIfpla!jBpY-Ft;Jq36-vk&X|ezboq!4aj^PB!CbPxPCJ^hCAkMZG<D@
zcP~Wz{>Q9+vRh?Yn8@eZao&625Qk6?e;V{o=AF1EH`%ICepU5uhO5||H@y3m=?!7u
zr_>T3M&sjN-#5nvz8}<~mSqtWYaYo{hrc7&3+tAS`qvW3|C~s_KThPW(x3nNRtTc5
zGpzTGJ31ytnt$2QK}Ps%Nm8&J@zoUWl|LIOwEC_~DQ-WO^2*VxKiWLS(4FPqjrWI)
z1dJKpus6sFh&Oo%Zzz-IjCT#U-oBI1gc&=HVjs`#bq3?MPFmuP5N2dH0exqU4!83+
z5xz@Eo`KgsEz<y-{r7iXhk7g>U7ZA{`6%pfWv5?<LAxDRdJ~_@bBdDk+EijTfoY9h
z1RtdlJ^<N%Ws24$9z-`7n>@oiKVql!fS5u0DZZ6)%eF44Gm<BJa+Q^T`e=o3zXJw*
zN0>gcUlZ#YGR+t3>SeN-VIuO=cd0s9QKEcjOKDXu&&F44xXgbBZwQzfCwS!#Y21yZ
z5Y%ZxZD3zWFs^Dev7ViI2v~N(>+-g5UV_?*Qmg=^)}r({h_2s8>Fth$aFI?;POVJ!
zDIQ3sZC3NDhT_r2I%iK*nC*Egzwfy90rdm5ag@k|-$r;;^~XV2j62AMqMjMUWu~LZ
z1l&Hd8m(j^i%fH0r$vFR@2GOX`*6kx6wxn=>2zgbRi38`!YnO~VP|rk`o`hn?<&wZ
zpi)z=jq2KOqRSL7oC_d?k=^o1Wu9%w>fsZ&OGXZ~kJ*6+OAOZ>lVPH0N~>4|VkDtu
z_a3I(X=gdnJ0nx=Ku@&Q>7DI$63_qXBHicmd6Ve+L9?4r5r$l$h^Plkx28~w6v=3D
zRS+led_e1f<L>fR@u9VTEa6-D)!W`qbSu-7EJvP}In)ifwYv#vfm&S{$snkU>dlr^
z`KfZUXg7WYlc(|yHYh+)uOGQTf^c4oC848gbu#LN$CwSO1AH52o<UD+&BkUcZT~nE
zOE~^TXw|eKBi+6lEWC8)?qnaXbUQDo7vo=5xA54yKkgxk<}e@KWqF{WK6V~Fa&@}1
zbE@2Y36J&EDidP#ZTLZDKA>ksSOY14#u%5|)n1s`^){8_AJlE$7U}%d!JB+-_eAMm
zLDSFg1|1}KZ&-sgFmc@4-f6xm`o^){4=urZm8pOvpDq$^HrTxC(jDLNcB-1S%685l
zv{UBk(Rt{&CUTnQ!R`o87;D}Mz9Yrh5<SBf_RNwEOxa+Oo*)<YV1VdL7L%X96oGfl
z0Fm){(UNPW+rDvd7QnD588e1H;xgj~ScxGjeH%KtguLk^7Q^Ngkl|YUbPei~%3#zB
z!&7H$z;DGraq=Ba{rFKDWD^$djPN;AW|9iKY(3yQPt>V=)5C^lq2l2o0ATwa0*Ol{
z;hK7SVNh8Z<yO~7Rv^d-Gd)jzq6mPJ+LfmdD3It&l{i|283VAt(aSwhEGsLsGAa~?
zII{h+u9>k=jEsROU3KXMYC9wph&NxN<QdaWWqzF%7F-80jzB23sp7;8k7<owSMNxk
zTc}FGz?G-#uLbdSryyA4tG0Hl94N_(>88GeTeAU+vwb6$ai%Pbv;HDX<=lC(7LD0K
z>B+T5RY-#bw@VWCc(rx2nX*)Tc&;YMxK-T8+R<!6OOW_R^Ssb11clx9-N?ag<x0vJ
z!``P;)UqER>&<yv2$x?OY04L9_pOS-7P~OH-51?xX?{8rm>X#zf*@U78wh5XnoG9p
zVyC@n>}Q3U%`MdCPd#$;BegyES?0^CqCjfC+IFTF>5J3xwQ5|KqB`7884~;*tF|ak
z5u{X8>KxXo^2a6_orlfCRp}Ln=)T-J1}*S{T1E#zPWYavNK46ZCKLPI3}7dK_><K+
zIkvUWt(65uV)?24rB)Ti+PT+NK~c4I6E&UA;Hcb8kfZtF!C~11Rh>l@iPIflg->=n
z)7m<9#wa;C+nSe_2QU-u0H*Lhg){d;$asf^yLugk?}H#}LD#K}6<IRT3mxlvk8qvg
zqxY*P7DSiFUmQ>waZ?+d)D1a4T59)|6MbkS9xPG!4;_J_4wl$UdHbe<PqcBkJ8hDk
z@pi$>{%|9eRt|PvID2sc4=;M~f?6exvgL7!xv~w3E+bRB2Cn28ZL#{wDf-J~fw%7<
zUG~ty^by$CZ)0l;XUn1Zl_p<ZP@m^(89KOhm{)l-UwZ9dn?Gu)ZI3<GOJv8T?tw9s
z&060Bh2~)xsYyyRR`<1a<wx2b@2=QVE%N9m(!QWlvU(WLh);&BHDn9Cv;B%luWNjx
zluH}KJUb(q)j=cb>-hPB_AfG>2sz*HhyVu!36BbVgRyY#a^Lw|?8KFPw!4e_lmYwh
z9pZ2tH}_JxkF?B4j9atPg&Zi<jaMhSm1g}+CCN<ReP3HnRx%Q<*s3!_a7cL={Nw2f
zLrtL`$HhycKM3h@g+S}ET$6_i&-6h^UXlG$_txDnrFf34`t>pTHYxYMadcWt-shcu
z=73Y?djr~nJ)B!7vA*4!;l?Xy(HaA7H&^!4@-<{xyoK6EHv#T0eW4dAI-!g)f{Nsx
zGt_IJM1RQEf)SM4)76PHER%(<>vC{yH;pQ@EFE5ffisWmOa94b(>wZm(az6JbThr~
z0}sokwe5=OsZM?p{}nG$-Xpv837Reo_h=^Jh#?T|!Sw3gUXm3i5*qXrmyagZ_F7C9
zqNtnWRy=ty=i6zjmm|jlTwqxVWaBHA3cHvhf4Q4uVq*Wuk%O6CPrpvWtS?4=tNoRT
zUNjdd5~04bibEKlLl1l0!7M9LV&`IX?G9ca1710vTaS@@NB7t!Q*4H2VGn=9Or`l=
zTM&5*y*im-T&4uZfO~kHVal)NYZgd@*<i|Z>S8WTjlSfO^-Vsw7u{$?r+PNKc>Yk%
z%fh_1y{X|Ir)4JkrHfwB;x&QPcQ3X7+Ts}DPyO6{;nR}9Ve_HM@LWu97?C2Ze~KTn
z2p{=;d6)z)!NGL;q6W`v=Lw85!u)>un!KrwVC?;iE42$^N~g3}P3N2N*nPdZN`B0I
zYia}6CH%1u)F;kZ;IaYf>N3%TAY5EN!q>9z%-SdhODau*5CwRcJx_fzW7i>Z%XCmI
z^L1{O%{37|xM4&rLkPL8O-Bmns4vq6J#zy}XA%Z`ubBr&!mVv`9aj2Cp-#0T-wZ$E
zpY~suJMI2>VDq<ypAsL05`1bmSg9|^qLBY-$mib!XKIG#g;k~2-lto{;a)faw~#c@
zxGjbg>SujWZ|sXc#ac|q%~W{u$}ihqv4M&4*5ovP&-n1rMhpw9`Xm$+!qi!}9jF^t
zK9k|P$3}){Kd4^L3DQ4!0sr+yLFwGz+p1|P@U81XnRAJQUa`^wbpck7Q<VPq)YqC3
z#`oolvxPyNse60=)iq7Xai`$U&H&LD2gdzwf@+5qd5{85uKs>t;XjthWj-!B$o=V#
zB5wE^CDNepnUcd{?tOvY1@&3a&LJ@s2Tq7&33^WFV#p(D+ohXSn+E+@?RvMUx5APT
z!pCLTR6D7i4jE5EJd3TZMlAaae5KFd5EaI>T%=tv8a8{GjU;tjPuBX!v1-3o{Dp+-
ziWCcqU*&#9(Y?DimnXevVpu|5>d{1_82E}P1`e&WWrx<ii-{pyJQc~Srm`i+BjXVz
z#m8sD`Gcvg;wOb9R*c08Gaf8Q4RlyIMq>-&sIgG!hwK+KJVsTGQ(+yH&pSh@hdxp|
zig+xay2SU6jo9X;$-kT`^&z`zvI^A`0KJj6IWp>brkgwk1MtJ^&wvreKb$@iZXi10
z?X!1jCONL-L5X5;Fsq*Rxu0YkWcgxfsVtkY(}#>%^KF{W*^of9S=Hk13e9NA_jjNh
za^rAm`U|Mds$RVhmp&0T&y1hAhCxp%`UW>H(htu}*$W8Mzg=jvGO2vd>mz=n!D860
zF*(Xdta{ou-jcJRXVu1?*0s>nQx)4FF~dKhIP~k+8~CR#8YEBGwvB7%?J@JQp_K_^
zs8`&t1!PDj_9MQG6IQrT=s$g98=?V3{CM|A+iJkcKPlxS;L->`y0FO^ES*QeG|(8u
z?nP8L{7jL~x+WiGKEf;Qg|uvYDJXdLb0v1l)G=QwVq(gbOPCUXblF=})WenZ1hr(6
zQYGDXrfP?(?#|v=_m{ebBL|5i+b@&;4{dK9ROQ;X4=W)cN(!hn(kU(7-Q6H4A>AD!
zASKc*-MOT@l#-B6C8SHb^Sc(v-p_va`^@*(Z^mI5b=JD?E6zNQ;{*kYxTWP3Pi2u-
zYE^w~k030nk{6^19vblIWLUqL3<B4=k%bnmzyA>8$jf+6h_<}Unb|wE@kRA?R^n`s
zuVAt4>8t01A?sh2?uJw+V+5Ojq5t`=r=c*zuHFmZxEnHkuVAskf<bZj4Aco8VK?H5
zmGd+;zQzf0_!dha^oTC~J$(#h$K_|8N|=sk+WsX@;f0p3rh#E8&^NUAhF9sBn9II|
ziO4B?>2THCp%+KlwJEW<2m1UXH@@YLw>$}0v>m4v`2?(e_*=LsI;a3tXnui!p^*UC
zHj^(B3YL>3=#FQ}$K2Hi6D`on%~R{=dg)1)zXffHC`d9T<~s&KeAUBT8(5(^EmJ`t
zmWWi(P5<G8CmE4{lEvh-AlbyjGT#|b{UbO3-l<2Y70+@3ueaF@#@Vw$^!=^5xY<gy
z2)O;b&o5E%BZhorZ)shX(2lE?-`8q1Z5F^LYVXF;0To+B^1Fs1er;&Gp(^N=#oO%u
ziz({K5mxAK7~8=W6j5Ov)PS#U4%gD+Ko(fxqs3{jjO33(kO|Jab#Ii!2e6IGzioiD
z071sCS^KDk6}h3ujwua?-D2iko7A|DYL_Rw;VxY5mtrS$VCMvb?<CLkC!p@%`v-B<
zU4ozR&iqz?V`fn8tu?HM;&XrM!ZkWT+1U5b^M!%|bXQ-7-&aSic>7m5wnGhW2!_jI
zkK&4-Ug6YT;d%zZQh%KR<V>_x(v$!PH;obJ=+HR~WPgT}z&d^JudgXvoo%rnvKIy?
z7%mn(%IvP#txnv{%FW6_>p5QjhZKgx4{vc%WT{6-&6Q8jN3ZKS#|3CS&^jY749Uh|
zj2M{IA>(%+D;)+NS&^VI#`@Qs2&dg?xviCBID~AWlZpiLX>D=?!Lx)d<J}8AOhA_w
zeT3)UP%4<w=z4&wC@uW}3<LKDv6!)mJ@tLJf!%gCM>8GQV=$~a>(!Gd<qqpcwbqyQ
zAKL*<oj(A*c@NhB^WEm3Hu?<<|1ByKfSH`*Px{OMr4j-c5B!GD&yct5sL(N{clGQ|
z(14r-H<F1>Y_%?}YGK@I%7i%JrHbzA(Rvz^?|xwzjaLv(fFOcJd<GU#Qy~}OADi@N
zV}QOS5gxRke~!<IXN2r=t547e#kG|E43Ct8)4k658)(9rY5T;|`T9lHVYWX#vIUDS
z%zSq-W@ndd(Xs?+cq)e#Il5rTma#&Btho-B%OaD*SniBJPadiZKT#bZAD4#1`fn5y
zMg1WX{b@P;3G1MHAO>@KjtT<1jtQZZ+ZGm-q0y`KjGc{xDzJE)53xQ7JLIQEdnfey
zn@PO8X*Ug`V{Gq|kJi;A8MM*(OevMr2J5IT+ENAS73zc$eL;nOvj98-A1%Ey(myZO
zt)(PFEB$lBN|k(XiIZ=~pv^Ofmgfw>Pg@T>UXpq|1#Z|j`(29$8bC{Zgo~S4v~;*R
zC56MF`&uoeShapT*r75kJuDXbjdx)Y7;sQZ|ChdkFSOMCp-IU9fF=D_g=3Z<1hFXL
z3f8bt0If(1QwJJYg+jDy+Y=_-ty*b=8X9tPaxIlWc!rXN=x1WG*e;9qxv)*@T(iv~
zDbSsUMMm+|d<pnAfA8+CfGG5Dh)8cv7AI*ALeig>kGDCnZf=$L{cVU#W}}5J$#RD4
zFxuxk9mft3YE5+ROx*K-2X3l@5PzL9ty&}ZVs|3D);zD%B{$$*&kW0CcoKeBZKH&P
zA;18a;of~bZtdrtV3zh@Yx|$SprOO<pAZ5|hCUQ1@aNFKB?0%*<m+9W5YSM!Fe8`;
zaueGT&5KevDuF>ZHc{Q*PGfRZbPQ--=D8i_ZU9^4Ncmo`5Z`*XT@Jd?-e7C#o-6-{
zOwT{Q`~Syy(gM!+U&a&eE>PCjt|`r00{SjlT|%>lNYCyYM*<EvoAqp1FTAh8KR)_D
z-b^2A@`Prw07q8#Ry%|WbS@IfMXgD%zoVraR|p*ZZFs<)br(Q)fJ+1)TlwUU|4WE)
zIqLsfFY%jtG{2&l)}ODQ)q`>MI<lfkQ{%e+T-O2&s8R$X6%24q!}h7n6Qp<aBOl_u
zcx`t#?eU+o-aqUMRFXmcrqAcMxSuxk=YwBLg435Bh>nK@wJ_-Q^^DNAj2@t}cjG)#
z5c>=@$BB2X5f3GW&;Hjkc$3~>PDvfg;s3nSB`~*6SCts96<<Z30V`fb4OI>C4kNka
zttKvmz!@n613(GQ-a>3RXhDCR+l?LkkDtC|*Nq`Hby-5rTRWZ&uBT<f<CgGi;NAa&
z<-PW+{|}b;`f_jYw)cZ8=`L^whCxqW7{7%a?3%^BX5w)g^xyx>Xuw6>RA<A6!T95w
zJw1*E_VMC}<jM#Nblbr4ek~UR)6BAqt7ZgjqN!`}TUMEKOxpKXf%t-Rl}p$im^9Hl
zVC-@t`aT60^!_LSqg+T3^}qBu5Y=vupmmbKKJFj8q7AK!v67X(y7r)@YR+#(V<Qw}
zp>5hwt+T~gs{J9kSKQx2KM<iwgJTIF$vb(71r0n%TUyj;?jQX3alGAWU)Y;%e$j({
ziumXJBtwHQ<C<p_YPO0PI={R)B9zv20zc`y@M7E)pO-Vkn3-W9jht`6c*xY%p`3w@
ziLxmp8ENTE1VZ-!5HGZ;)_Z0LVp3H1nz5z<M>Sl%bC924@uPAuTPCqkHE>r!608Vi
z(lH_~8@Q85@cxKe<Bw55R6K*&+S)3g^Sw#|z;Y<bv*8xMMf$ggoCPjjvG!S6q#OM0
zy#54`cV{sBm%UE8`;X{SMQ{Jrn;-O$+){r$bacCpx?6O8&<8F-&s*UV)Y0^s)K<<<
z_ToS0$tH0QXNaM8g+HSRA>aw}Jo`N+y=Tl`qEdjHXEoE9e_U-d4~W%`y_PDJIE!#V
z)n*qSjrc22!DkDfot=0`AIHwlTBPDF`G}rBm~AU-_!$KcO@KDIt>^-&M!lND%d5tD
z;^ALV=1+e4Z@t;XJJMUS?)-pz`<#DyWbZJdn~NN{%1`mfmo!sA{b6L+mt2g$z$72C
zAL_7TI77Q(UXAYi7fv(%c}guDZ!doN6RO0X9$ti&m{~$_Sxoq+>Sn%@K=3U09%BLk
z!{GaexF$VugsY%Y)=pYA2D+`LBl%dMpcxs|4V|8Ge!OGZ;qTjw4umwU3kM>upx*5j
zGC<yyP*^p7oE$DLWFqAA_?UcddoQWUexmG)n%&|8Pou#%5@p_Ow8d{pLung>bY~4f
zqx9YLy1<Yk@tqx{{4vlAhW31YClLE}XyCrsT%H|xMdzzQ(%yUg`XW+cG&DG9GM(bp
zKU$<!ILoi`?}fR8c@2<&f6Se58^-VffJ7Z(BI39FU)KN$TYcA|JPJ2H8I^q1+ZHvv
z$iiY#vsC*Sc)8l&m0BPLh9N*bTKI-(PPSnfDy$1#ftg00gVnwAIY!$BaqRMt!?=e`
zr=fS?bT3~e8upUFG+;y%M3o88TigRTskOPKEPAiqqbOH&V(zeq;p3@KWsdRqR#~lh
z5S_%;SS5X1G|Lr?0OZ#YrH|jM0gTD=nm||X?YB=iGXpW-bVW%FFxh{IMDm?K4?W(c
zam-6jq}OYd_PK|WIy}r1C-v_)e@=FDB!-ZLt8RlcUtoM>B1kyzUu*SydgD+l#}OD8
z$QgD=qb76$xHW@SGY*aFht1k`dH{sZ6bZ&2%t`T#FtkCeFBSHE0AhybU?>Jixn7ux
zt7M9+a?lSszV20Y&jgh*jZ(z!B7-=G-BRY>^7m5f1Guc;Ga%T~{(MAS7X0qKQJuFk
zqRaNV1s^`2BTLzaLO9S=vq%8Q{>5pwET#kVc)^psg>;p=!IdUV95>Z4J1n}e*lD-a
zhi#9#wkjV$lerolJoGp;Fd75WbRyf^n#|*7GW+%t{RPcqjQ@6>!l*aKX}^a<^hPEK
z?F5?CoIG>DBfeHmD-L+xfLz(xJp;oKA7jACINYS?#hGB^o9t367sI?ryPd#f$i!;q
z2unszDt~exYo%v(sNCTP+v)ErJt`iaDGQIbV4NIq^pv8hRr1_VcI|ftML6R;!;E_3
zWY<TF?6hPl>^H^(O~+)jF~}sTOM<EswQFpnP1Tms$3Dm;uw=!>8AL@WiiucF*T=VF
zee^xqyGjST(z)wk4weESSmmzIc%`(^+c_%kEzwajGKPcZzgWjf{B-%7XELvmi9wd4
za?;}o#=0u+P^#pUF7_sdLX!#vRDw(nJ0rUj8G4aVKX~j{(59?~?69ZEtWWC8UBHa@
zYHQ*qOI5=*{P1#gLP9w*sTk64O+Ysyg0~L&OYKMqJ9KQj^T)V@wqROKZhnxy?FUrU
zxfZpHl{M3V#*A`_t%~QR<cpU-OKs?qc<d&LzdJ`J+0K<#nD)X^E9VB3P@f$vcE_4@
zjP}|mwCTpf=j9j)T3`oY$&-{rabn1%@zH_rS)knlfX{^-y4Tn#=sFfT&lMVfk<_sZ
zZVlR(K6}6Bh^uvxP;bthMQG>VH14wfSf>_`XY}NY!feJeCS(+P9lQ=t5GzX)V*!Oo
z1{R^w6d%U)*0%qBDG;CD9ESevI}dN;y*{W{T*mTu_LGnZjJl4bgOh>aY~~FD`T^ya
zOQtvy2tQ)|>vz*G%Q~!bsNB|iF?)uOoS}4=r)=ip(bN;Pr;m|?tJm!uEo$sn6<?Lt
z0vgPEo*JYh%DRhVXD~}@|7gZ*2!IO=sWbCci=IO1Zb~YSDQ~bxf&K<V(|LrX>q5BL
z%15qEmhSAi_Kz2VjaQd$4i<Q0o#A})KPuU&e#P7A|1DQQoCg#9BYExO(MXY6AF=L?
z_Df_5puL<y=!KV+F<ekG1;(<4gPG?!zFO_l#@|0Fa0|zcRBa(Em*-}f71L~(S{-go
z>;r@UI5^KNK80c&BPn3`lTS6mDHwFVa&a_cCwsrsqx^pT{YR9-01PY-!++P~*EvVm
zR|9^eYpQv%`H4EU620n(*T#xIwjx1l_xUF*dc~-&w)PT!CY+>YUh|31<Vr27tEG#1
z+I}xo`o8~8Ty16So9fCFL_dWE;K0^*K36!$Ix=&4ZbQN&{bED0LwdN17c(XSRp53L
z8fU^IW2Jw@=R_|FI9#^j<Di)5#e@Mf$F>@eh`l({Uf}b(`<`Ad>&1USk@$CTn<mSD
zjRlt9VmQ6!QW1r*g81GziMiC4A6iL6uSoYH+r94q$c{M}?4damrm^b2UC~_ZDld^0
zYV4L3_81Iuc|DSC)sYQU)`8@_(r6y(ubv5JZMKji@NkM*k~=3xDA8UZ(in!!(4ZJD
zE=7j&rBSQ3>5wE$CMHPcR9}GWs`TrNpUR~~B>7;ho~Hypr+uoH<r^_@$uq~*6PpcZ
z8a*~*Hlw;IunSuU<KQy-B?q(k0CHA&v~hR2JEt%*P>TzRMzt{YE-YRVef=MifdFgj
z=rgjIM&a`qzNX%!m{wGL&Q^haBXc!hZ6H*Unjsdt+cKk1tyM`2U~px%q%pOb7r+GN
z?gOMRD|yLo)(<f0tZEg~bg6i>n*q#xP=)1HYaph%3~iFjqjV<2uG~}7lqi?=BKAe5
zRANnd-ER)K)Q2QJKVoZxi>8y(pYD7M@-TvdY{W?AE2V&-t>`D!=Hw=&G_4}b`+Vi9
zA}tBKWm|>9fe}f`U(3unZ+PzNydWNZ42{?BBJBB1RExTpVq5+2`ee7kVgIR}p+v*j
zUY5D8DG^?Gs`!5Wduet40w;Wy?xoo32r?;!obO2*$9UZ&3v;9f8-Qgn=vX;^(#@c>
zidW~}ODleI_?t_fqjFs1U6EumpI0)<4sVss{JjJoGb1Arl?3%+^Pk7A)J2EIc=fUP
z*)?{?G%b6usQbz;<RyN+R7yQMEUJZ%#U83}YlE8d<)<&Bq7#a9$y077XNMNhS(yZV
zZM0{z>kl-?N76;4s1?f*=>WU*z1L+PBvIi2jGrna>l>9+SFW~3ABf276J+w=yGjr%
zP%Y{y*Xi-fcCMGiJD-#f3J#uUb&hFzyj`tk82)edHlp$yriP%IZvSnN_gN66d8%uO
z9i`S#Mavh(Kcvs_9)zpqBG<#kA(lW{=i<If7zr$IzN8oDOwbv8sKqf;Bgq_Wq3p*v
z3b3l*(M!tIM&&(FCUl$l!-r2`4F-_lvd^ZeT@0HjB2k%B{9WF^!-$2VDJ4-pioC4=
z5--tJVC+J^oGmj5Zk{q5l?Sn3KEGc?s#_TFt=j$qz?+N<UNuCiOQBR=?WK7AC~|gK
zA5C&SEXRKyOex)7Z!$ol(oikt4oq7#mt>%NrTLSG1l;0T-%ytw7gJ9F4WG&;F5t7S
z>#AX$we)WAW2rTqow!UsFtBR4)KE%d?(46%o|jM>{@3>&!XpK0Y6v@J#(i_He5E-R
z7C&MLJdgE_bhK;C@mNfV>Z*Ir-;U{yi{T7VZ|Cbk!b^eu>rh?%SaJt>lN+e&<Y;el
zyHJ)KI+(UQnoo&S$l*D~H~3B-P(q=mm3+~IsN>16mZeqlJId~)#bGd5PJd1~^P1+6
z8lDycS+uM5b1%5f`bO-jA=+;&He#oYuKL5;Lo9)`x|D>`RGOX1Ab`1FAzP`@b8h>c
zdh*+1($~@Q3|^-J%Cq4lCx=()2NjKve_#ph;(X;><{8i~9F6FniIzA4O8SEV4DV^~
zmX_#xOzpM!yFknhao(;wqss(G%b)xtZb@pE(tgS}arOq=C%!H(x{nda9Vj#l>wf=2
z&y##o-{f_15PLdm44JB(`8q1_qi&m-?fF(8-zso8Y@!no#w*81yfw}{S)Ln4KgbI`
zcLO`h9*Lc1Dk%S37IqfrI&)-bnia|VV^h%{f#L<K<h+2nGOe@3+h9=&HB*64m@L0x
zVZ5<j{A!!mXIp%rQ_CaNcbVRwZPtZu)@^xWvAXP%K4moUt=*hFKylq45F0t5#>PBY
zpXpPV))|B7rQAcoYsL1rEx{_}+0flaaw8}i9B6QJa^Q2_Hv!}DGI?a^6WFc3lav@q
z+5?bAiX%?w^!<9_;e#G#IT~c$_It@*moBD5*+oI8Aa(sc+9cdc=AUx_sr%@ea>CV{
zz}l@2u;j-;?Lk90(*ILY0s#JepO2PoZJSFK@KN!w4Y)j>51r`9!hOQ!_^DKp-16Dg
z0c2Tuzo=@u-Nhn?SeS*Jo*~I+zXl8@S?eFuz+3t>MtB5H7qwmqM%M2i-3ED5_X~1>
z{fnZJPbC@=&n=pqDEGul;&b|LNL?^0F2DIS6i+e(%zUoN#0jPnh|V9C-$6LsRHY}-
zVG^-{19tEm=+5}3dQ9aH=XpB#w+_-yc11HI7?N$f)_TC2#y?(`XDdk5{hFiD{$^~M
zyTEpH5D2jdGBobr4^G_6qZJD^`n=e~qx?yyM<o}{4Cmo*<M5;YG)Rd`Ix~t&;9_B{
z-fG_{l|>9~C_b0$+0oW3nq-&pFNTJd$MIT=IN>9oQD>YeY1j|e*;8}WS&EC?HfNer
zKx`o7H_l}2F8HpYet{L!Sp}l&lkBnSQuhKR;6>WJ(Yqyv-!n5w4gHk6YR&Wp-LZZm
z)wRN`eF8!XOIytDBT)?mPp-Nl`(;`i+%|Khzo#35i$A|8=I+z`76G&X`OfyeXa$|@
z3qnq+=65FA`p2#clJWCCk6rOReXgI@ckgY`zl)(8&~h)3^(3wS6WV!yrT|sQ&x8T7
zuy5fR)VFtSzxj$e0*(NkESTDuGVQ+iF!mc}fr0^#<U7Vt^$ZO3nCfh|i-R;MY$vu9
zW2YV0N>NfWND>n#lq4vkKUd)y*=2+ox{$}|s&TpN0d-9;i!;r(?Q-d7z^WduJ5tIo
zLc%2foD~9LvQVQ4y0h^W)qh98R02aS7?o!~Ro3?NEUVk0`ROd|80_Y^$Q;U+M0HZP
z)hwLfh6ioief~=3Z9!c@ldnP#6bBd@k0WdcC@pE-4o>+-ioaXA<1@}lIo7D?GCDfu
zyy;mET{ppU<|x}&2DDsTz>jNpD2Q5ozU-Pm8er_L#>j-}yx0>TJQukZrVhi^v8mkV
zm&x6PICh<L-$fZ41w#eDx>aOg_#wZh+IGzrf;A0C)Ak;VY&gqpP-`buB@lDpsR7gs
zm?Goki&)z;iq&Uc$KFdlHjiH5b_WNTwg&vNKg~~kT~aubNC(D>2_kJZ9not|YiAT6
zgkJ4?C?J(A=+eHDJmVZLP7>_9I^#PXRi1U2@!(m>PP9^W@w~clddln?#nZIW>rvxr
zgG;q##?aUwdn7qi*I-Yvfzh2~=RD(NWVDrvO21jZXSt}Ulpk?&W-^X|QgNvV>Bs|8
zsMMCA2xiXeP%cz!bNT!V#iY~$6GtuZw23ne{;FnT%JJR>P--kwLB0R)Dx~kdn{eNx
z2f_6QDSQW}kq8tv^@g!z9YFjC9BGkS=;>3?j<Kg6rgJtVw*?-ww6sva{J{aRVG1x>
zKRY{LNb<PuTX#dNBWYY)^-5V@$G;FzuuB@j99bxLR}%9`dTvsJRt?BXMPSown`q`#
z!7w<@GieSba5_*wG>%pNPE3}CGLom{U&O2|??2rZ)RudRO)1ZBh(!aO^7xQ$k4ek=
za!N-@aHiGoH>ZMS+9d{lwmf<B2L*^z)GGN4MBA>*Q%+Qj#Nn+vS$O$%$hOV8QFITD
zSSdEUv;qMOSd^h329n+uq?BCmLN(v1Z^%Ik@Qd)3Y^tU993ul3iR_=B&->PXk8Qf6
zwNI6*&6fNkS>N!9uZIRmzLXGAk{Jv^$DXwdJ4aE(!p(np`m?Kxsl!P6*b4mmo0)+~
z`jFyr&$r+8YBw-arUKG{+}&ZB-SYRLZia)!hA%rVO^G^>oL2f3R2b$~tUhT!KzVY?
z+19T5n%#bRH9A)Br9!uYf3bZ{1C7I~ZCy}e=a*GL?d8gB+FAP1b+9{8w!Grk*jJ}M
z>b|i<!R#<VIr`Ofv`~WLW6Dd$u{~2c7PkKEUYX%}Zv^G2YQJPI<4VSf-3r7)%}U@Y
zOC<dA^72^RMx{@|FkafR6cu=|W0`Cl5gK3QUbXjscrt_+w6NHaN?A7(Z9UhDgyZBL
z=Y^oHJ4H%PUSc*>w_zx3t&^|(hHSIed50v#5NDyx=)zL2<3FV5{}ey@kI}CyNq#dw
z(>ngR$62U^%2bw^Dfe~lS;36!@f`i#$7?VUfI}K^n(;8>9Mg<?{m9wlU}S79)e#J@
zGOw7I7_!Bf03oPjuZa}lHE__S7b^oXxAov9s3T~15pvl2whDHD?C(XU3$Q`##W!48
zNM3Ccye<eC(&~<h<a|{pqoaf<il?vXw8ciNA<a@{Z0kN6pVUv+CPy4QEn_xAfx3{n
zGAtlKIGI3|!oG^3<P1$uaeYf_?jDC^_@gSWZQ>sq%2&G6MpNNP;n07|2{BWfoX^;S
z0XbTskI!<!jFNY(U5FEVV2-5>rpkU860*qw{ft(kt>xZOU!(ly6Yx$_kVCIFj`-I5
zqapQI65>))8DJV3*TTt6&ev$Sc97pxdhw0z0+LbI^5sE2b=k`n7%(P+0k2EXj4%3!
zlf(MYyuBh?#Hv7(9&HxS^KZt=x$**&B_3Q4pBUIVnVYAAYDialL~F0H_vDx?4C|}u
z4Q;?~L+naqfKb<(jmcs=_8N3&dl}~Bn@7JHD~5GwS|(6YU3z)m$2Y`xRk&SUY<A9g
zMIcm{P@?};boeZfH@mI1tvcWw?cc8E3sA~|((>w;(Hs6ys_s4mnIrCe`md+ZvKfg{
z5&~e5-gzc7d(ejSEQ$=xMk-SWDS_@0pc$&xlez<S9Pk#-vF1E(hom-r%HcYgLGaYC
z)JtC@5iU&ns$*<fd5?v#S7!5ioNg04d%Cd$q=>{Np+1cS&_U715x*vtQpv+G^lJKQ
z{Wy8aRbah3NapH2r3BB!KWms_@klWcxfN)Exv@M<j<Rzci1XK>Q-wrluJO4ppk-}N
zTGDTKh5Puul%VaQ%q(=b(5%vISo;X3cuJsYy`agkL?M)J!hYhXHamNg=^xoFg$!_%
zGonHd&+>CJdh^}EDSXr1ERfGRQRfdb9H9}7Xm-t6;B{7a4O(a%tn!7XY%_lLw~s0A
z82zq$w9O<~<+V2aCV~5nK{Fj&U|TNer9#u*4IVI8lM<iXIgBqOa{%bRyaD4l4_TIx
zr@VTanBxnf!g7K~rNQ#kvMOj&#fDu`SwNyI_rm^u-Hc<UdaOfH=dJPnJI6<pyom+U
zSZG#||J3}{p*ksM6~20JuE7dTDrST8FN5kbxx&e}UC(|yQBqL_f?B=ERGkwuv1Rbu
zR2{p+#<;{({i&%}CEHHukNODtCQlD+8wVnrG|J8Qr1j^!-R195>B)|@W?5f0^PB#x
zE-^LRnQPkzDd(F-NwEUaKWPbST=P1<QBr52Tr#)B(a#~B1G-^Put|yNP=veP@_!O1
z%@xQA@t3}Olr$R}wa{ccO9T}t>afzp)V02gW#pfA2)PFum)Nt`7Ba6L;JwFK1-&tx
zb<74XqWR!-3Ehv;v1p9!yea8|b4@ot)zI!ItP&+S%+Rb;f%cIRjqVXu)qqh&pkWD^
z<u)|e7OWldOk{SE>3Jj~SZzCIEb7+5W&sEldq~HLQ`>T~$0P^x=AXLofApNc1l%0|
z59AMZZs!QlLZK_c=IF5xpe-x?rd%JoO^ml-ZP$KOF;tj3WN6~fcwFI!;Bu+za9#C}
z=6nZ(vz>kpj1Y6s)5~i7)-3NlAlm&#;ii-$%cegLbYe}8w}0gqD$E{$lG9))-$&bA
zCCf~`K|Z8SZL(Usffoj?vC56^E}Won2}T(E<fB~E3v*FiU=3T={cv<s0Wl@dvVQM7
z*Zy*f*9#|!DR$H005<dSRNt4`PtG4BdB;91hH|>zY~Rof>48hUWe%*LvTl4|4|<iy
zwAiHte*8)gF9F>OE!^4J;}5SL5x~lGf|U;($?u_6kqBk8m=vdJu-0?7c(e&IFfdU6
zJguRzL)%$Q;(&&%3B*XcEwhZ_gjZCmt@TYi1tGq^!qjTTw9y7>RxR(~?VXMr&Pf{f
z4if>C1l#SCwr~)j{O)bt*<0%kOS{SfoN<Sv*7*i;-gT0Hx7mCtZsHi{?}V<meN-c8
zA2kO1n+>2k5?_Jt8V5eI*zRXYh>TZi@F=`>i14v44@ek+tlPmL%7$^QKuXC-UgTXu
z=}e^hwc)((VoZPeV(l7AIy#veg`YKcIk02U#@lA&nI%?L1fA1?F|saa{pG0_6&Qw2
zuUjvEb+NS$6%|g()NQkPRb|O$rh-W>oeGLal5JI%Q|~V?w!8|~0mf(WvpykbR3t79
z41-0|I#5yFZ-(X3UfUcgz`1t*s8P-9wd=(h0zUU>Mu9qq$|erTO_utrK(?Ah;Ig2=
zJKm70-ni55g+F-V0qY$b@)^2`HDD7JW-H!IQS*xPE-R|2!Z5_byhkj#Q)yF_QNbx>
ztE?>uvUDTsZTA}gjApat@A&(ZvjWMeyQbg!cnJl-yre9h`Y}`j?*1(I-h_&kMYYqs
zV=^i1f<90p)qJ^7e35ANMhuAFr%)R#r7Ki5y%{ocUGE(WQ9;<BOzM~7#SG{-Tk3go
z7wdGPD>@ORrn2law#aqgD+5E8de0&o4Xei6!?3(w>6V%G@=Y$!bS|~Uo+_NHRHe%C
z?z{jEtkJj+W`9?sZ<CnkB&mH@`z|jZJK*15HZVg%2o!uQBc8Ew#`E}q1}d5}7Twd5
zNW4{8w`&$#9pl+$oz**%O^ilx1tS<A;-7MY`iLBTbX&m_=Ik=$_GtHJ_2kx&FuWH_
zo#8&H_1_hmJTFY<+aFRx&a1C33EacnAhk19R)iNj9oo=Vz(}rw4>%b@GKs7iFek|U
zpm4A8lO;^G@MX6UUaM^zh-CWwdrqR<I^mI*$_iSab>R<y+2qOuG%yg*9(oV0Hm_+w
z$!>rSaZmu<^>DU~mg!(763A1OvJfO^$wC5&iY=#V^L0wFcYl=60B(~CkR5%qq!J5d
zyusfer*-~7$d}w`!#S=3e{l>8bc(g17IbJ<qK4aLPeHKM;-UGEdT-ej&R>cuMVXxE
z<_kIH7kN>hFH<DhHMec4UIx5vM#iq+w|(0z71?>p`Uy_gs%ei`%Z*xs1nqLnuCMw*
zu|^s0O1RjSTpMKWVsSnc4}KW@7y4L+-<9?13GOSu#FS5-FdOyDz4Ej-5vqH^?aJbF
zd2wEb^2XK<wT_^EaqZHKeEaF?Den16I!tgEYJWFF!-^trKl-Mxu7SSkZYI+HnBE@D
zWEOy@XBa1Y$X3)O^EK6<ZT>*{{pu3m`gmcff>>w*!vZgf!!8CC@vG(5gvtJPZnp@P
z7UG-U9m?MmE-s<zi`OuIm%|s4XWA_9cTXQAHikUj!CEwKQEc*r9QT$AP1n0bqpfUA
zFb@}uWoVS{2qTh3gDJrAP>`HKxKN?vs(ijO)zcR*iBt@CBI}4YO@*xilvzBM_N%{_
zzLUj#gfpukN+93m@iYGgK*be2SRZo=!0o0dX);y|$KZYv%Y_pH*ooOVdhUTiI1HQe
zO^xWt8U}ai$+KS|ccTpXpdJoO5L6Us1iiF?YTAO_7n~1K5KxeyH}D*)GvLbrFaN7z
zC<XLzEkl{>&=e+{y<x#4H*1Ci;0hZqRBm9YcgPl6Zub85%Ll<kZ_Uy_|ArW5T2Kv$
zVS{;*9U~61m8G$XboJH9hFvPDb7WEgtpfY*^S4UL=9a0Uxu=A(Fc2JF=XeYZ%wZx=
zJk}ti-qR_4eujphDWG$mH`mI#+ln-gKNzwocDW7P8_(QLJf*H%X!+d<<3+>iT16i+
z7`^ZgyOduG;pBXGGHh%_m%;|ryE_QH6axz(+BIM1%Jj=^7x`+dU4IW`P_SAJDC)==
zqwkYqYrvDlAvMI%YJ9=&;XQb>$IvvGq9d-BN<-^T$a~JL+2oldbiw3UvOuNZyEd}l
zg0RJriMx!txAm6%2RpRE5lyLo#yx(-*JoTu@aPuc_qX*x<h^kU+siOeB;@rUJt*n|
zvW6V%`mzO#xv|zLAfD<|)5C8@$U$Q9IAuxTajVojodil1plc0lF<q}vBi)l9j!maY
z$r!nS%XLVBE$(5Z`TC1*AgMnDi~@P-6!fw9O4u2SZ!jz=5DzCg+?{h(5SApV)vR|e
z;hA<Oj(Jh*ur4Z-$d&;>(@!GB3zeaTH|57Md|sZ=$Y7*6$$){v;sL%XW{L|FJz$@$
z3JVI79IOuc&&|z6X$em;mbfx`p7#yELsc*XIp6B)s(ak&XW6A=GwvHPq1vEH7AYGE
zs+ez|e6XFfvNzKxlAXU0YX}>o@|}Ois0wWEdCbJbWHK-(vfm`f%P5Ml!3la5Bs~~3
z4x9_G(2d(9RYrdQ#d-SviC2U~IxK9;7K=tLV~$KRkMnSAO2!{GtKjS9J9uOz?P$}e
z*diwh+;z39qQaTH4;tr`TD&n`QNe!A!9bS&wH7S^;`iHIXh+)WRm|qv*%#~i++XSz
z5|d3%(=c;fGdZYT@3+ycb!Za$)L2s|!R=s{kZb9G)65u_@N{bk*TFm5I7!XF`r;Q{
zpVOBkgUhZsQM#DxC}{!OgSD=Fk>%_&k0rSrH>_8JH#|`Fu+Suu+suF2E*B?7Q8*Ep
z4p*ZihneM`8>rZAr>d<kNQgO&J57y*Fbzze-f97GI<95z2DCjxj{_sIResO2Pq{Oz
z03iTcOY&_dO++r6b2ypAOWY$bpHgboGF7_D*At?@Ck#&ZlB#Ah!H#n5&&;rkri~?3
zn7Pw$yXN;Xlcwm9b{c1TsZ#>}8yi_O1d9+-=pso-8i%z1{OW#)oR>*ebe+>yx&SP~
zak-`PzY&FK>NmioW?M0{+x%G$ij6bIO;fK@{}aqi$Yu+b#CmQ-Uh?A<AvcGbWaO_!
zMb&}{HQqK<`(TdGKmuz4OqW`#*c^d4?UMjBAPQ`_HWDcdCaHf^R9wp~1<f-On+g;A
z<v0y|@G2?@g9bH{lLv-qJDQ+P8m%Rc4kZT-FE&rc{&rD<CSt1f3q)>P(+%7+W-yi&
z-QzQ$`ZiKL)+sP+_<GL0LBIDt#;*+DjhODXm}*n9Y<bX2*cb^;l?v_wVU#pil|^<W
zh52aRMm$r^+vfGBc%ZIA+x%-X;kmBIm9jB)7<&~X_0T#W`$n2v_LW5f1<*rU6;H`Y
zaVUAa`m+Vv8jSiD`6*+hLE-i57y(~BJ&zOktyn4T2oXx&<BBv|N}BZua`e(r3JQt>
z7H02QQu}pB)QYWsfkm66SKmKzu<RlvipV*+oIhb8p?Q)4fj1&ab=%atG7`{kk*;G%
zQPVYUIYWx{xU-i+#R<V|Iz82@xC)~5YA(2Fpbz~&pp0okH~rK8)hDih^$Egsz-IMX
zo><c%Tth#L&Da-CrvM9n&GiibQ3w6;IXbijk2yg$02(+K3Os9YcdOviRc5nv$ZO$W
ziK7*00$Dmm#tAwKKam9$Ubc@0;}Nmgj)DDK`+1naj}z7zaqF9~u1nbrs8_m+IO4l~
zWGg~0e9p2y4bO%EQlshFmyMf^zo!E4msHTpef?BXw^A1W(Gt!<0|b5j)hFfj2Vt_i
zXJ!EZHQ38OBM91>4kqi(-WU7p3{CwoKI_8%57ewcQX$N4a{{0jhet%{kf1h5N=HZ*
zofcanmXZx%YGx;+@(N2xNOVmV3KQ@o2;h!SrAE1J6DO+l?C@PlH(hd$lqdhF{aM^P
zX5d1LQ<plTe|34W-|>@!#V$KzT_TA939^HPG@Lh76crb@^4#%BVvl!q(I@UV7|2aZ
zQz$rlTi79ENQ7Ry@fbe?`%f!cd`xh(%7t!C`F|MtYcxCzWcw4}{?k8Dz8)yfo0cwO
z{@Tuq>&`sJ1-Lg<MB#$wZiE$Dm2h?|UIRZr4C4|jQ7MPC=h`f5tarR)$<Zeuh7+zv
zZR0_vVO&m|nP2@IFyjNW^6zV3emU9Optj~hR=2>u&y%KFsLq(*MNiz9%rRfmCcEqk
zoIy`9WL{-|+QW?s2<tD?qPwMpPVEHYz9~s|jh{I~E$MC_9#)1d-PyD9aH&65<O>Rg
zWKm;yCsmtDOG)Lx15nEWt)}q*@q&amCSg0CdH>O$7c7Osiwk!}G&!%~vTw|u&I739
zHX{^<`{2<CydM<ZyD^IvwdfBWXZGa-zqU4+>*b6`o;stLnKR${HcxL7GgptO&*on;
zV7Dba`x`Kr$Ps7r%1!D^5)3MM&&-rHLhoS%o<o;wG!d9W%C8I^ahadPXK)WHK1$s}
zY!Jh858Q-VV;GU3M}}4LNfRVGtd3ewg<STQvQpYVWCJA7NsXcMzk$KCQa4>SJw*|n
zKV}b28`@Q~WPq9BgyN9kJx9_+0L1n)6k@9`gTuN09{P^YXJ?JPiEj7(zYA4FBv5EL
zs7BekGTzL~@}`6mB}{O6uWONi0kZ)fO&3P!Fbs+^w$N-QCXJ=wyv6$dci=foar3Nv
zcSS31pA`=Jtb#)V78uuhF12?CUVsH!fiBSgG9ph;0`yr$XTuIO1yKGzy8qZ~@6MZW
zHs}*aoA{p>0XfcqC=5LqJRVfZ8oC3v%2@(HYZ<(W-Nd25bT+zKw1{rZTh#ksNXOe>
zwlS}RpxBf<8Jd5-77+%N=@8OZQ`wN9kX?9(yXiJyS^Fu#vaa-@yT-9XA*~;piPtOM
z;r;ik-$vfyLN~y04!fZ6KgR}~kc<#G=uV0JNa%0|2dADCT&dXRFdoutkTte7;<v@X
zTc*z~IQFk>{y6Zuq|z<-R)OwM!3xeBe5g;qy?mlCbShygJwFQ=7>RZYAfop#I0RA4
zpy=Wd^cSxiRKsBZT#SF60NWd|0Ew|IBgUU40I1dSaB*45beeMpF<Z$7ngKTFCy;Ab
zO7wIY?-kHU+5QMl#Pp8fX8-kx&}}AW8KZFhpC<y`&~v#Igwq_X;oDhzL}=pBGx0hx
ztsk2f%Cn~|6xzQF*b2T#{IghJB7KToq`?SCTx#oW=Wj&M{u`Hfdl}(wh60E*zcxVp
zvm4gY(6xRTfLL$a$)~<e{nWzl`e?j;D+X3(7ZH=m4~()(G{=1O8!z4CocJ;>-R=M0
z$XUCalbn(v;&*$JS)fm?iSTY17{xE|)WTv25<rCu5eEvy@0LzWi3h_JJ47iaIfT!S
zncYOg{vE<xAChqKn-daP7R-3lc@m}p2T$zBF)^5pMl(6e-43`7vt+<v)x*8tAeOlE
zh2TfIFqgjxp_e%Cr<F(l_ktXU-<*=rFa_4zQxXT31NNtRf1=OzDPa(_hmu0dq02nE
z=QHgh3O*V)$7C7p_x#bu8v*+N`~C&s-B{Vqc%=`wGe-dq(t<Q10)xu`TneiEIeCv^
zeuQu(-QlkA{HIqvV9BNdl((Bpw-Y}Bj%cH#SE}4D;Bd!(X(&+l-|aT&mcG40T-oCT
ziVRIL^31od$e#)=9m@aqljOQqWXLTP*$3yDNErGG>6kv2E+WuZD86}xwKM^v|M3cU
zZe9T~PWk~jY1j42VyMnp`Cac|QN;Rmi{4lD;GuN^KDArwWhX%d^r2<`JoLiX|8+Uv
z65d$RbHpbqe_(<9Z=sCK=H7b^93@~A>7NE;KRkV%3JX0&XhF~m+NL3pQcreAKQu)B
zdQsfYeiHqqLGjPq@5^<Qs#W)qo?g3#tG;QMW-%3ei*tEJ6K{T#wD%Z_h$Lu_c*C*>
zm4hhj8;M|G?xWKXH8fGayo-g5&7a9Gk`)Lq!ml9U+mA$yM9L5I9!;F+#Au1Bd#ZQS
zNUC&V%7wm(!ELMOQ#{92d~e7W_Y4PkRwu;Hqq8Io)=jh)Wc2#s@m2b5CeB*2gSCl7
zQ=lJgQ*IUy$Zg%&&}_7gE%(k{r)R*X)fFKw%_H7LbYn5ix09dp5^Lo8{6B~Wa^yr%
zx$@lwmDZm(zLdW??yY+hZmjDS5PAcg{wsPXZ+`^^r-3-eR~7`T>yV~&FwtZ3C&5F3
zR7!9FRHF779R<Lp6ML4&i7;}(kh_I>`oF%7_~zT9u)cEt`8FainB9wHFR3k4??+Gx
zfw7PDBv#}y3DRk4`sIe*Mw2D4{M$5q{r$mE0yzbs<)Z!wQc<q|)iu~6sVE@GR1hd5
zrUHCsaDYD08EYuh`7(_HGu=uE!@z}2ATtH#!tzWG=6)A&xSBdd4hsCgPdz^|dKgrI
z4-4a^{Vk(OgrC20CivwF3I4Uq46=uH?Vb(B_7J?h%rg1nyAu^1Z8%Z{o>U&hjd|)N
zbL9qYI8YU7b&D;N#p4~!TmYr|az30F32HNxVs-D5VBzWmK@R}M{7zgoKG>adGKD0c
zwadCG98AnxCBT1P9B;v!?V*0%zj8Z-S6duBm(Gh!tq1VXI=*EII*$iNidUm{^>f#K
z8n&9jdKWv8w-aKzV3p-vEOx&Ej5#S9HToP7+$EYPyPBeb)LpE6s>zE_=F^K7^1Ab<
zpceEo*=0$C@rV^@hk<gyF7r;UtJdR3*jMRqk-XIu<U8WvWxy2=$z8)!K59yBQY&7A
zh=wEp^{lwZAA?8d=Va?lO+L)ugZq4G`57_pRvhy$=jr_Xt_xIR4uOFr`*x->Io!h8
zROa|PA=Kb@ud~<C;FYV*wk<<}V*pF*|E&)a)vHwR%9<pCglilL0Nyiti1m_DloC)n
z0l=;#c9e{M2C8n4F!w&0l$uX4k#lP47uBeZPJBuIe2fDx4_J%uPJc7jAhNJmAyUlp
z2nmg66lFnQVMeKG0H14G?m}boji<%W&)$uvrWrZ4?_9X}@2qd#VTt?e$^ZK0F=8hy
zh}0g4Ti>c*5Xga@;F(6}!k>kK7@X_9R#qaD3tJ?#&$qn8b%dOtMKl}G+%2eP6b#h;
z8Co^<^?#MS9YM;if7KcNs7dd~wuz)!Qiyt$+YUme^dJEh%FhO2`ajxIcm*aVMu$pv
z+dq!KVT<nUYhuA-(EU_ush#uTgS{kgtT=mF*+aW9_UHoDoVUB)y8{~(DKsf%T{z&Z
zuN6SgI?sXA9XQ_PT3dK#t3t09Yhebc;rq`&snmB}E-Ct8RTl3w-Cq1eU~THyPhJNz
zgrlQJb%S}rSZFVi8Om)iVIDqZ$uy8Ywmu(Ms52UVUXH%Fw9p@j+3~xy8)Bo6Tz`DL
zNTZw@h)J$Exv2c~KwH{VDZRg6er=?n%B0G;j{pqzAZ%-BbO+!g+Fk{`iZ??sU%r0L
z12yJ-hG0{t{T1}dW|G(1O`cQFQRJkYw;GCozWVMXtP$ZTLN3P-5s{H?7XW1~UFZ0l
zsXUh5+uM7%*uyO!M=>-XK`ked-AZxyWREs~+!5r3Vdh4MWu6zO!}%&^`C3&d@b^?R
z%UP21cR!0GPXN?{=>Uo5c*EtX**!O<t76>->T_gd<P2a#hCl`UA#Em@&sqd7?^Q->
zs^r4@x|mwAb{a^Z`j2L|Uea!EFuFZnSx#GK=vYYkBm)M6#d#4cH*mhPTPN2Mui@9K
zvSjQQoyp-b%OM;JcZ-JCZ3~V~O>ht#KZ2yA*UpPwrme@1edyXp{W!i8RYd&oYp!&>
z?P>9YBMy$LmHoh1_91}{`)VPR4tWMy)Tim(M;aRJD=TTRE?p|rz{qM@jBw;`HsyFO
z6L0SfN7KZ)yt+Vs|IGDY7FPx7`n)Pn-QB(+kTv5XLAUqRsFxzsL^w#)?Ch(>I=OU$
zBv2yCU|=saMlae83hI%mS1Gv4AdudUN=}w7Gm>T<YyHKfhFA}Z-rtibmR`JU#yt66
zp;LFr0#JSfmY`Tz{`#AN4TM3ja>H(Ic-51bp6PcOa??_uSK>#)u~uszpxQRwK*(xg
z<gDA^iUqCOZ1-3Jog{%i?!7{^k55!S`{R+9pY3!Iu7Z63c@ak6RINkKU0QrhJ>wyo
zLvh-qkkA|i!VTJd0@vKSw7_XT`lYp>HDwBfgkJRlY?i}{T<{18L!Ic)R*SP`9v+@1
znq$)imT5JfBP*Dr!d`IipBr8s{j@`Uh|k$Wn+SGj0D$WS?3U^+NlNR=vJVTB@P-ED
zRN!?%-5_o9;3?t&p>b@lup+PYolXWb7zVN5`Kk~BmHZL33q6Ut)>hADD*xYprHe4R
znjxCB32I1lf<^Ns2yI7VEU)=YM^Vz6C8JmGVZPR_wbsSP^)O=AUu=@b%io3953M}C
z_Q-M<_;<WRbBeWFdT`hEp5qPN_Q3x#H@TAh1c2I_wTAL`=H}u~Lk)k!0J|A4@jGDn
zM-Tmfj83^(nXS2KnZFM1lnSb=7Q!8aWbn9o(#g+otIS4+hqt7|M-vk)28qq>9__tS
zsC*})`2uAHOxwx)7D<7ms#E8P^^TeVzCiS$jBi9#RI6f#VSp<^_&Vt1p&y-#{iw89
zJz3Tx^78UhX!mo#q0jtGscD!CRGi;4dS0Fw4~ossg#fgJ1lVK7@?U#W5)x^5u-`xc
zs=oCZzM+wkVxD4_@JtMxE;q~*!W85RMJ0xk$~JX42rJ;P80jA^C0YfF8=re4f5*VU
z@J-DJ1mO2Bd%K_s*>BZ!A$s`yGx_#hc=HQfJv}|f(4O^p+I)>t_2AT0qF;oN7uK_P
z0EI)h{1@N8$7Gq~dlbBS1(jJW7d7M(1UoxBDym-(40XFx?}d=Si(GFbNdij-z|Rjh
zsSU35P|Z{NEW%LBPo1V2nCo`@=qyl8a#i-u3YES(Vrom`CJ)|uBM6+{!+>j#v0xUy
zT%wpow07AqBz>&o(_jS~i2PAWX=r8mTjc)1SmMe(sV8Q?=MHsh?Xyg2sSQQ2vzTaT
zg6VZ@g~j5YyLCAID2fl_Bv1fRjazQ%F<08-v$|gx7u#P^b}k8@&q@p!Jqvz*I--^!
z|D*gX7~82}M^3*S&R7$`6)B?0jq4Qyun!WT==1vWCkyLN{&GNoI5ukqtV-cyal`JI
zS6*^q$6O(hUkrR(uf5bZs=%<z8EOLM|E`{Z44v}E7yHu_W&hQUhFbo3Y6$%tdVSE2
zSGa<VUBjdj^7n6iE6P)Mus=Hsm*|!o$}AX~aT$L)RQAR>iWduV-D+_1dmF?DSowY;
zF;A)CWY1q7MXTwu3Gd7ufK^C~i(5XX1Hw)pRExEVH)XtfQkvd62Z>B~e8is_0EPMo
zGMpv*K|c2$8mtn)igdLD>5l%(i^;TSIIronj~mgvZS;G=yxI@uga!zGun4?{Xiht_
zbV&8iQ!`$KsX*>sJTrZvZ`bvFr*VHFa#EiWCv3;W5R|X6N4OnGaN>6M1J6$Z73R%k
zdEQ*|)n`9%-4BLOTh^z5VrMNeaXMe}sO{m#)sxeuRT8m}AN0+s14{e&^dy1($2dCW
zb@2wX&p2&n{qtcU?J^l6!^O-wasl=qvf^G0V0*_tb0qU{r>x(ZGH{Shc_FAabk$p?
zs2`FT5gN)smLioJwI}iZRMTNy$*)<`$WQ;hXf-j2`D9X|L2}h$!P}-+1i$xQVBU*n
z{IP+7Y3i~63t__wW>0YNEY5?F=8!`6Q>qA|2W9K@(miL}St9b+md0ot-E7(>y&|Ka
z$qk__CEYe1&PC_pn&Tk9*NuA;iEBHsU$;d|`6wLcs;*^p{T^n6P95FHs*&~>$IzqS
z6qoPkNt~s|zNdJmw*~XDYK0uI2gBbc*8dS4=<@R?Uwzx-XRt=1|6`Ee?t*AdhZRkG
zwhe%%)L#>6CyNpB?WlSlz%Q2M+^=_5E>y@!#ze2*rv+pHvbFJ&NJ`L?PE&YIuhl98
z+B}G0qP6z;UceLXk<`^Tzt@b6jB`XzV8kiQtM&&2nO;|yfPUlEdXdair?FocpPjuw
z{wfqHJht#N>9(Y_^y~0a(I;6PQEcbWWBSr2rksY@$VmWFed~4faUsyY#*AtB3dhPT
zh=+~IJScC44BPNnieY=LZO|9x36t=?!`r|~a_LVmSJb9i%tk+COUHMmb40&XX!~Bu
z65AI*?UC}aFll3E8tMeVK+5ceOkwP)-!c3~pdO1}2h5q0&*yf7PXKEtKN^DT5<`_K
z5GOts=gJt5(U;6PJO)~dyJ*f&oYiZ+K^~NGy~X<%xk@?oAs!Cgm`-MIOoj&Ol}OyK
z;7Y~iTUuBjq!-xH+AjCR4~aaI@zCS89j)HMj6c>4o^)C4YO>$d#t2qk6#{{I8lcSt
zEor}Iz5305kUiI^QMSYq5!jLSVijOM?7_$Y>aXeV+3q7VkMFfF!RbO_;LCcTU?a=r
zvI|!xN5qF6&q6}-4k*krw3o0n=GxD7AP~}$=<(4}8+%S|Ox4Bmp1;)h?A^#;z6{0X
zYe73<;klr0>qtq{CjVIQ9ZXWo3VMGzt#?d-S$t*Wyu_~V^$gGXABDl|V%|0r%r4OI
zWnj=!uf7S8Q(5kwc&a^wA#o-a$>`W}ks_g&TJ-z%8Jw1$EU^W5Xxs6bsL8u*(4HOw
z{bhq@qu}Z{8{=vsL88e|ZC3hoRssI$p4&xlx(Hzzi~L9koH8bbEQSK7^8#dNzGEOw
z$bX;w{TYa_(BzCe8Khts=qCYAtm*;V;ZN(k<3FtWaHxn+&Qn}XQ(Jyw-*aV*(Vab5
zE0_lYzHF@-ksxx3%tD@ewW8+5>~?7O2n&lWsJfb#p8h+fNX9d>oUNH;H*g%XKbQj)
zw?Ph$Gd_nszc32(Z;DKTXXM+|axQSX#1C`b{etWlZSw;*u;d$Iq>eN`+S=L)FO*2(
zD6Np6(dT;#jA#75a~-o~&A|433`kp9F;VD!W=em$0_zhHj9f0tbCoWB)`3fVc5Zii
z>Gn#Yd^$Ne7n|<1A1y0LZ1iahiCJ_VzQ%el`_cg46&_1M7fnXTePV2eg#nh6<6YCA
zFM@PkPq0o*RA&!bF)vmx5eU#M0IoxnM$KK{q;F<9L*t6ug4FBiBR+G&g^q2DydE06
z2;DYdbaV)t%4{O*HNo$NTphZ&u2`E+)mB(LtjEyNGOgTyR&}uMf50y2gYeI+6uRFG
zL^qlIyEb3sKY4|9BB&b_+=D|075LpC9xLjlIoX4k;StA%bRHQd@^|<^NMcAm9YF~V
z{Q!mxGc=LSA{|vjlH6s2#4>@)ionm`PYGK}s1?<fPUpOz{jEq}ojXT}^8&qR0~l~U
z{8?XUE-&>S%CI73LRreiQ%wF6Aw5qG3}>Ku|2~UElXg=53>|C4_nJf%1s4pvu`5la
zRAXx>^i+JPX8cQYM6=m+Jv-$Gk!J&E=9ZSg@nnk;dMGQ~gg?b8SUt0U{ktdRmDCeB
z-KS(~$n`K?2oa$W1|8W3QpF(fEhBkjVa`7i*~>(Rs|?zLaOu{IwAiUO7Z}Mat4)=Q
zCt*SM6?C0_(Rpkce@~#B_GY(yJy5MCR^~Kpn2{Y?Qr->%E=)u1m**2Xgt#MpaU8+G
zfJ^-J1cSq(Vq%PxXEKZ#)&??iD1S8j&L^^Yyiw*mtKd+sFjc{}*}E6=<U%pIGyUs(
zJ~LL4XQ2e`SB~OW>`8$&x)@$wD+nv&JDzKNFW*wm<%N13d-^v{uAU(fIERUB52mLq
zj%l37Guv;^&YZB86*PKXQRF?7^6G`C(5MZL7A1ykcudrh67dHc#3UzwA6>0g;2E7k
zL?HO@YBeaDe|XCcfVJJ-*w~vlzJXE(#HA`eZxNx@qTb}O;QCCZV&JJuz<y_i(vrpR
z^np2dL*;LVM8coJK!6apGT!joS-E51GmnF{Ec|oN!wCc8V$QE9{9+&R^asp=3IXlY
zwyQu_aHFLzzsYjhuRw)X^;a`YaR&vzab6e;+^;811S1Ks2NpCgo{Js<?gpAvZ|(>H
zbi4zYLL<`c(uKr|3g)NH9}&Q0R`udX&O7!-51)zzc`Gqw$s4%iEmCaHg}5x#(Zn*8
zbn3*@s%UWBe;M9z>~P^qj?cG?TC&YLr_n};c4$&id}Gb0^o}pZNO+#fS#ZCZJLc|n
zepGn4k@O9+u<-iSVT?i4Vp{7sO}sCzb#PMlQ`lIeL}cBHAC4Xd8%SBx<#;bUJ1@T<
zBblGq=LOgC?LWulIYMV!Qe<h|+dQMS)qlh3vGz#nq!4NN0Cu=QEtFg~fh5RNAErW1
z2F~=fGTC{i#!hYR2P7qqQ_si2Y-~`^>*7rrjnna~3yb&f-~S`EzxLz=Lf84jBBRv%
zz&|k{e<SeWJTvcgM?t*-l(kKz)<txSF`R7P0@q~)CRS^bl6YJH8l`d^Pnc;Fp?am>
zMe5lAxT?wps&qDQxnFm_49;dY?#aw{nxR|6M|Xyb?*b_0xOZif{)ecjM{`%PT_og5
zJZ`Fpoq~dbyTX`u<nLl%0|9GcFguj>gN5tY45uAR-Sg9pGPyS($wPCF7qs0eqk-4u
z<>gi8V-a+Yi*XId`2MMsayws(FDi?-fJiYkiQ6%b31axT6K*VDDEeJ~kg;x#?IQ*d
zOj)Es_lEu4_IXV>)jc^7A2S=9z*t3+s}k;&LA2O?$>rjyPsi(=7(9+!1T!vo%f`fJ
znJBg+4!Pf{2^zdpm^n{#-oXH6tXxWVc25FWR2szl`8~(7uf9w(y^qhy&K>~L<Kr`|
z-}X_1A0M7=H9c9Awj$*#Y@&L?{cpJ#XV{y_n!S+R{nkT<K#gKMEEQ;x?bh=2iRhkB
zHn_!hyMrmNj}Lxw*imtl2xh7S;dzLSA+H?M0g2q!aS!uXzuB%&-@f>51$S!Ie@FKo
zTll7w3!?n=b$~|iAJel+zc@R>eaPx{36rna<mr9Ce(5<I`Ue?N(R&BK&#DKUPyNxK
ziOK_5r^o=1s@EX>*aURwVX5D_se!pVWtQ@7snjHkV`PpmQj(Gk6=qf5iJVbuq?0Z#
zECe{ZvH)~fhHKid^c7mnKpi6kMiuB{N2@`rm0G|>1vhs@c%9l>J#x0WO3%<LrPP%R
zP#$viTD*v7wt<$TC(DehXqns%E*?_;RW1Abh|c=KEkJo-y4BUzNY`xuehp9rE`E9k
ziu+cy=)(zW%D-P9!=NYI9qSeDzX~ePD~)H9fxCdvJt)U_5ts9jA>iZ3Y=F8YhKqcd
z>}L7M0Vw!#TTYk8PrDuIXc!(Z3{>fYF*!n-B4Tj5plT}(u$4K%I1GbIat~Sdi<(a6
zf)}CK<N{z~9)PlsT!xsL!Z#?FUn+(cTW60+w*x{Z72BUMQqb10iuz<V7<tO|Xp=0T
z?%@Ap?k%9IT)Tf!MHB=jq(f4X4y9XC>68vZO1ir&P)d|e=~B8Iq$H&~q(P)R&-1PY
ze&62i{lE8~anBfMj6EEv+qK^Jd1lYw{LPFK5TNh{yr^<4s%^8|4O3u^Dt_R?_{5(g
zn$@V=^j+^ka)BNBL5zHn1Uh6tzQFBA>>jQ+dXTySg96Up*<v?k;bh?U>#&HWwzRGY
z(dugcLkhn=BsAhrIEJSV`Nq29q5u(-aTUwu_3PJ)zyZ+sUVja0od%2KJV#U=v0H?(
zoYrG<O_sT*Vw~&$6}z7w^OV8)85ieT!5QcTO<-q?m~8y2R<ejshx#=0&ieBAgd_|V
z>-V6dns%@?+4*(bB8=M_OaUk*id+X_H}(=9u&H`|*?^(~Y{|yJwWf{+85!7MekR*D
z2<D+CoMxnhxi`QZGAMtes8=`y)P?!gi}~X}4y99J58<L%|Il651L$39y-wd$&vtxI
z5Y7+}ikpTg6<DpNKIXqOd#Vc<5R<=YL5V;e6&F|JxNKT!DW~w{vEfv0+G1Wa36{Z;
z+HCe)`WJXL^gA@PmS+GPDx0Lcrge9n+hy^RK_0SpYPc{0)4*eqkA`M7p|5JQY;e4{
zdtPHJ7E17CF<L2%drC%Yp}0*?%k*xWC^E1WsGgo8`L%R)g?Hxe4HudyZWfvjF^4n-
z#FMpxQJAm5E?f3d)ohSD<vuuB5RgSCvZW!M+ZPWaNgC9NHs~v%BbhxmCuj@BY}j8r
z1=#ZMSJ3%e6pRKjdPmE)?y0vc2>fK?^88#Ahw=~T{L0sGAFA;L+vB3(6AYON1Socb
zD*!D>bM1TqqeuQrO@UxTtHEp?)mK?c!J7-S-#%We2J=lp5WUNW8`vgt=&)6?&EcnB
z_gYPJwl6^#iB?&{k2cR@ocmD9aVR}#Iy5>Olx7}>M7g{bO`w)$Gab04Z}i}4L{Jbe
z!&gl2a1VdL9hesqSJMNb!FQJXlK}llH(1wBmq=obBz0B07!+cfqPT2v*#JjL?hnj{
zVvF&51?E*FpPYWtcXvJTHT*@jrx8lPaOL-4%DlucMf{>yb^-kNapIH!s^Zk#%un&B
z!6SQfvw5oJVZm|D-rs$x%+`(+H_H$uxZ<CsGksHF&A%xO3|69MSgO3|!T!F2s=j&7
z-PnL6NxXg>4k(Pi0Slu~_g<cQbdGVT6#{zd#v!I^W(l3Us~RPz0))J?Ce~e)a#aPj
zs$+actGtFf!-;%B%Ljd*>gqiJl}q9CIh!Pw2^Uvy--yUChe&OYCFdmW)9*nkByQ^t
zcCxkzIgtg11&+qdckjigS?2_H=<5t!1!r?lz|%AO&D#JzDW2+43&qhF&-)6O##xsS
z@I)Mah9`Nq<~vxH34dC?x`O^6J9nX#+G225Y=DaD2oI=2sK_SQG9Ln@GXhipu3N%>
zg>m;i`e`K^swRRiinV7rt@zc|)eWMGgE>Y$KxH;>fBk^pqEJ@-^;krxH?0e>N<}S6
z8?#BWm4>7cho}H#E`HEkB{2M=_H6f~Ulz!3+mFjFl+LF8nBF~7<1LC=3Vm-C25M{(
z$XTK3HX?w1-CCcJXIB~J#tqhA+Pt=x)x?^VGv&ycgKGUaT7taUIv+lK$ZD{Ojq+6Q
zz9inHxaR(DBVOAL>CZbfL~|t$`LTTQTqPFo=6TDb9ze9kubi!M<wZQ5TRm0rQfvLT
zd@HkFW8i=aXxxWe(>uN`HA*JW@ds2xV!1tD-OoOyTP?$QFTO~tU5TjmxI$#Z+EFB|
z@?lD=GEHe}v4soI)6YZbz~@{&_c<d$1P=o1>%WTZY%*1UTB{y4?Az|Q#-d>@OrRbu
zT%sGv^@x?Pn(!E2i0=hNEk;T?C1+ryd@(%Uk+5Gj%5EWcf1}xNQH6>m9PjMNCrxnH
zQ)Rs^rq*<5-RL!Qv|s(C8gu;a+L>gOU)SkLd@{TF8rGgh#FX1i(~j6q+$pogu}GK$
zx2mrjKqk3!yY0UZmK<{=VGGqkIy;R9Ym{#$xttt6Jqh?eb<x=VPv~5W3bl@84<-|;
zE^%p|2L|3k_kaw%=6@f3^AfC&SA3Vxmir@>v>{UbMdMREffFoQy0_euLU)_TK_q#n
z&GJ1+>`*RaS(ez$p{N&2VWBLwspM!kil|9$*@ebGYKa%kz~^&eWwRg_1x_4u7Zhg`
z!0q7gG&U-NeCL)PGh;}PPB@cJ>bR>zuj^WM7885<0>%B+2SKfM=uSDz(fZ9n1%&}^
zCbKR0)79&sh|+VEwl|tSGl~xSSJ+rs!e9l?EgCEXB9gjiAY1%=c9j0~>zj}dAL`M>
zkiI?Nh$MY^JYR>N2}aeKC>($n=={Fd5zQgmaGx=3MrtR#T2_2eW-|WE9&qucpZrkM
zXXlzlV%SW5e485ztnK)=qCO|Kn-Vm<zItramu(p9g00H(Xxo~RMO$Qa8na9yoKdo9
zd4N&}x5_WbdVfuTS{yGU>&f_`5_#^2T%N9#(<&P^WNFFprw*TGNq5J~8h87Hzamll
zh#n~Hya4?ZXLv5Y=II*daq#UP(!1rAm1z3JIVQX97R*fbB0{#n=k19a19&y)&f}&9
zMm>PrE}(pRt?gmSRguaL5?q`It5U=VA=?RyVck+I<AQ|?m;!0iu_E9e*z(tU7p#{D
zsw$}4+AA3m4e!auV0h|}oz-5!zGWkhVJ-tQB8;$8OK$UtO@?UC&%U$+%&bbtP0l06
zrxmuVF@uX>+(vB1_3&#;ggnKIdwVa%rB8kWA_&k%ZlL6S!~XmZMcNZES6ONz^T}st
zZ~L~_!Jl!cDkUsA&lkIHe-RF-LCw|z!(Yc{l#~?I;U{#s1pP`pkq*_eLCX(MAEqr|
zTTgGanfWFrIxec;R7!RCdkj}jFIciQ_C^epLmLv9f*KlM%ZFt{3@wfCyr-?$0FTvy
z6|-y~qh#@Xs{zU*M&IS(0-rJ}_HgSw<+d<}w`tn5dfAg6M+{v*3W_?-40N;68DGp~
zeB>nRTmwp4(%P*_`dTYBvo_1R*O<~foUJnt>FiE5-oaeD)^*%rdRE?d5)(3ftw+-@
z7-{aeb#x?@er#TRUJh=4aLcd6awt77IQEI{!o8rCMoPB~H{c?^RKsfZBWqp}3vpdo
zvAu;SAT(LbV&aIx^)sq!Y0<pGczifJ6Ewu*U>WzEaXOCOoeC>NxkIrTb$=2+I5;@5
zGp5#0h4<7+V7aF#%UFM@89b_N8^4ZT#)y7fnb#`F=?q_#_B?T)@|<bc(>u2NxQEP9
zf2bkqBk^aM1f7bk>ulEf6H>*CjNkV(2DAQ`A0je|z?^+lO?Nj#hDz6jQkKInA%Yn*
zH(qmHn%7|bzC>tgGM3xCJMrqyQJ1GGO8QQr>0mam;!I-tRn!U0C7doWq9-d5>)G1M
z8~dr&5CQ1avsMue!Hsk<k0ah}(-#=@RTNY-`w~&;KZIjDZ1_GHyx&7J=XOi7Bf`Rg
zn^!`mXqoMGZ1v@!`(YtgO^LD9UrHvSHhC^|kODPp&U-#2sZbdK0Rh233Xt*yRv#Ri
z?#fhu<nB(d`{k3ZRndFWUJaVHZzi8=9=B3@e9<b13M3UU?34<*dQ~~~9umJO=E~WT
zNUD*HWQ9~7{Ww_((S8W-W83kOqU{cj==R;MM?rByxgC^28@^hb+>WcnC;MOb3f(KL
zmmjOG-HZ>YuTOW~^P%D89cyu1CDOSPSG?I4Kt#jBQkPhv>gi`J_vd`+R2@A2C8_j{
z;6BGOMPR&NbNr~6<2ehp>q#k`2uPnfpR|5`h+(CO!24lfC@<$jd_1WibFd7^6jH&6
zHol<-@Tq_ztd#siGt@IwOqF8qn@OFzo(?!foIdRCEQ0>96nR|_!^BiVrP=-YL}pUM
zW-LiVBO`(oo5GAMOcscs=~oJC`f1cmD`zPuMX^19H*aliZMW1Tsv#}P6NkneF>GXH
zkf-FG7IEo`pOvxXJuteJh7opa)5VbL_EQtw+htB7o!`HU)w8nD1b>Lc*9>h7O4*vr
zNGrqV_o?Dx%nu2;e*L<`m&*e>q2mYw=l%TO^Pqw^;k8+|0U~X9Eg=0NsM++d?*@iH
z>h?v}c67M1Dp)IxTnQKvR&?3>fJX$W5_pK$i+*XA(-|@Qjf#Xa(d?mtw+o0d8@^w+
zAf^I1qpyp)i(&wx)r~7`kCu6~CZ_XP>Vm!fKkg6q7@9)x80gj*{snjq{1E`M+>ao-
zi2!qeg|}I7Fuo(NFWv^dfregfFnZHNALbO64```y3T+o;3U;XJIRVTMhgfo3$qxG7
zAy~Q1Z<WY5`0wuwfB8?waMZ@THv(c8bFlSfkmKzx;n{;x?ygn}uy8b9U$^rIJ~sK&
zr&gs@JCoMd&eXy}C2p5(e888YY|Wi*3lK$vc}<UAi$ge=FOYWBtXDr>{FD9(_RV7-
z;UPZXAX32vwnrRlvQZYtnPFjK$~5lRw4|q&#jW@z*@k<5&nUl4Ja>%;SP*+;!Ksu^
zb=QJ4D0$3+lE=OIHBPq+-pjuk8C%5JgLqza*1>BAza!5$QE;++rURW_xCp?;*m&S2
zKqcH9=+0D_a_)BmOUY0Ky@F086EE@k!CYW+F9MWNxCRZ~y6_=<kPmU?&F{d1a>%yg
z*cVU0U$p|Tp5$=K9&I!EN_UtdOc0cHo^xKHWPU#t{0DXn7}9F^5~}pMh|~&0=i(z(
zQk(jX(rE*ghVTjk$_-j>*s)mxG<7(~m(=oVL12`sV9z{0d1)Q6_Wu^|-#-W{!{uDr
z@zODTkKno(NP1TTs@1lxV^(6+wT+w#-iE9J2BP*5;)Ec$N^>0Lg-_*Y6YE-U{vmXS
zo>><iUe)32`;L45tz%HByJC+X)x!azK~`R`K;eV1&wy<gl-0OG?XQ6kUV?pa>nVcQ
z%-_xc{@d1Du#=#vxH<)}*bw#-?-npnOm-cal8*pMSa|=<7ciFs(gfF9B0vk1^d%8G
zfJvh2w)H>5OxQ83z!7%&K7=FZRX;CREbys&aRzl=Xi(V?#X}`Q9Fhj;WK|f_@;ku?
zGr&)FSm%<}Kc6fp&_LZCgOW?ca5{x`A?RdZXRFy?hd%YQ1qQs;3=a0n|HTKZIi>7>
z=I8%B%CsmY{7EaUy{%pT*$Nd=@Y5v-&FID4tsD%Y8HIBo)nm$MBD)5crHhK*g#vn0
zP{5qKE~fOAujhw-2^pIVbiJ5r8Tk^kT6~dP4bA}66nWkE>eoAvg{tib&{G>WYkw7d
z$bO|~LSQY_nTpr^|7^c%W8o;CG3QWbj`J_h4FbY9YBYE7B{&h2hLFz_@9Px+kQcfO
z0P+dbq6>@^0MvR-9j1thIYe*%KnB4-rvxr3Hqm$ML@qQDDiN*PiIWUmrT}6+_f!M7
z7Z?XCfVi*JlqR0RxdvfMGa+YoR=;nNAbW8Xe>ELeMsQ(q)V|w(^IT(AD1p)4Rde<*
zC8^88Kf@#FXC2%c&zrn*fE1faRO_La3yxPV0D#&vzmz&2q5`Lx4Re}n#|~fV{`q@y
zrQmJqHU|0M#%78JGE$238gg3z;v}+8n_l(G1H4{k2sA-ap8Kv00^v--KDx1b*9z~S
z?8qg=M-cYrb;m^pKOqbZYE?7kC@%=w02#|DjqzL_A}D<-<iu5FJoz<(>s}fb`B0<8
zECDn#)y!U^*aKMt6dtZ07a%JR1IF&9uCcoP%VlW5-IQ6vYxZ+nF+~8q$OA(Ss{#?|
zJ5ek+67H2yV&K^01rR(Kn0IzR*-<G3+}qKkNeP5Nsuc8NtHvck&W!T}s?)k2?Gc~;
zGuqXQ25!*)Q^WRJfGkhfPHkQ!C4?;s{6(zljOYz!+7ykA@y&<xBOO+To?3VQ`0)c2
z?G&NnAa0{6gZWVIgr0^{x;W@3><o+%@x1~0l`<^9;_xW>fpvi&|0|mMf6Pu`SkMEl
zS0rO$wTYtf?`u41qL`oZ8W<R;#TtR^I2`~5ls>CktLIIl9)dZ-&&A>?+|b(_eW@B&
z1aIH3414=6N8;*#d3!FnblTd<U5p0AJ%;?H?QUQfAylWgaoelyq4j<!{3f_2o|Hjr
zlfdAaX3<D-F0H_sTiK$^_M(azVImkA>MOAnpxUH0R6J@6@1<sE4+A(C8Ng)3KKv>8
zCo%}tVW`@?I4~8P3c$cztegP-`}AdSG-O{iFklB2?ash*`=8~T+79-lIYQzAmoGFF
zly#5B4X%`b6NDVk9F<1*QR>Eu??Sr8BjmgB0^+0|>mI?rl`A+-8_LGR`FEimgtH4O
zt@EN~a3C#GaCk?9X72@V7T*k%nWcP7>Jz-diz92);ale!SXk6;r#LYI$t4nmnUQxo
zSI(TLYp{tmUs_C5KHi%2=*1Bx43O`eA(Fm^&UjC*@25`ROa(FLwLj*Z(a#&jUXAtG
z=Qgeua>^F^wmBwmV36+)LkAA=)({%WuWH-Lnf;k~ku7bYD9J|*V6(EI@t2UBYc*1J
zq@rHBuI1X^UHl%h(^g(|*OU`#-#vVTHX|GVX~pcPiLA4}_zG*Z#O#7j6c}rlQRB#d
z;BCweusF%l!^3a5RLg19^6x-xTxGl@I+O6l>DSLBr9)|bz-3s#E`zRmd*+^0A|PtY
zoebtM+0P}<#_uuqPb8T%zVBqk<(;T~27aEaWg+{!Xaht99N<ikn|i^a&kiXSQM9Y{
z0}%+}Y|381!>!OqkyDTBWIg{^xU9cc8wNi9qhBK>X)feD=`K6VQVky-f|$P0^Gv7E
za*{vG-Fg)5Hn-e(IeGo={Fi7u@;L<a@$%Q;&qA8nSy@BCKVfJsF&~uxnFU1KfP#*m
z21ew&YgQcVz>0Wd(15c$IkcyAH8R_|O>jV@sU^bknBOxFPzG5zbh>DGSU$6SjVIgj
z-_Tn-+m#^}37LUc{58j$4**$cTcN987p?d@RJQB?j8(tuEK14W9CR!^_#lTMbcvKW
zZze-tnDC8!<o&sAErL~B8;kBGtmZ{RELXLP=Y5%UuMEoQHwW{+dMZ8{xM|uEn(-2x
z{qys)Ul(PtqFLV1s>9b;rGkr;2GvW#zbl7aI4rc59Ot{#1(&Ew$RoPO8x8QifGVm#
zc@T?au&5=1!|4#UiNBAPZ6T&zz7m%ksbXixdXx0jA44UQaJ({7deWmJlK*f~xR-Xr
zt&4B(`}c&e?IRQA_I`j?5<Tj{f<0xz6VSai*<S3f_ZZIa0{FC}*Uas9ml%(u1kTL4
zLEk>1l|W<ou^%qOA^~o9fZsQ%oR}Em!{1QW`@ExHP1mRD0QF$fHI3eA(1q#-oeyb0
z2L3FNK`Lk7029hyZtf?D(PmU3n`Q2n(o>-N(Z9@=E>T3NM^EDXQ>fLs_32TWS=pt`
zCrP+|^U6ZLMS;yEcdCurwN3#r>1%FNBJEwSw;w*<YG+f-zX2l8VOZpuy}yZ9RGX6C
z?08k*|7oP4e2%AlkY(hJ=YNl!1-0N7(SGj|?|E>?4+R45acX<Wu;6YDqYoF^JMort
zSypWpNQkzNx0v47)YMG5{u*HmYue<+>e`pHvbq@@7O1i^c7TQTyn{vk3Q6p{(Zj>T
zcbfpW+0Gs*%10{<ipmX1WE)_b_X@Na!@A3J5nvk?@GU)emX$I4TPM2!o*Rj%=>+h=
znQYEJzN**8!?MG{#}~_}`6!_$rA-c$x^K*!9&dGRAO6fCXbR;>-96Y?9x0;Z+t)Q3
z@HEMk7sk2)n0((Nn^ek@u&e+iYw-BOQATDh-DWnfp1ISV&&jVIgg7(2BxHSuUHSQX
zC2^6TagRSVS8%5NIO##!D)Nm3um1*yMpOt9zPkPpUv|!Ed;PMX5VLLZg!VNMM%2S1
zq2uZWOw3^Vd_$y6RhIXyVGPX^8FwabXJnXcw{`IhSJ->TF`jNUcxF5g&3v<ofg4(&
zDaf^Pv=ILi>E_%f6*)`rK(^Xl(g1#lM=N&K)9Zy=NGq*!mM=HrK<&^47Xbe*s6#IP
zl-7|qG)$FuJ(a_l5nwZBR;JeRhRA)|!sc)Ux0Lz->=H+R?MOdfH`s{cb1kOF{NYC5
zeWMe{hHA0_oz14xk9XGpSjRLW3Qx|pexg{yg`*EvqLTOZ_x+@~o1^+nsaLZ<X5kbb
zFVki_%O7ZBQ!qK=I5DWMqd~Ma^o^_IH9bU@l}~+(0fXdTce;ER>IR-{DChG&+lI!+
zn=X5?ju{q@e4S=Zt{HWm#(z$H@<qM7C76Yt?detd-Gc>5lYZJ?7-~%G)1kbrgRW~;
zk~B0liRKHPTB=I933{3&S6ATJQk$kQM}BzYn}5T@ab-UcmtK{uX;y&Sepv(pliH$T
z(-5V}#MUb)5t4r5Y0WyH5y3YFz7CLmpnNUe9RmfN=VPo<PX7UQl6CzB)T#Cx)G6{8
zP^V)xR(^suA}*=p2PbT1O-Cp%%aenGj>!YD*(%pcOM&S%A)1iR(HGZqJP+UEGM)CN
zKi>?=P%6pZ)n?DkU9VNVR>SW4Bu+g}y>!wu?vt077q5M#7itwQqnnRREU$@@4#rFk
zzY(LgbytdH2J2xcUcli3`WKBeQoarfpG{L}aj46Vgmuo@4{8B-(!hx=?9O6sj{JPp
z%*h)X(W7IXYG=2Ln0$8@Wc1F4EBlNuJkswxltdgJItSTa!up-vv_MhrmXeb*i2li6
zgoj&N@7Z+qgKNfi;@f<LPRK6BbBE7q-I9>QLNiX3uoX?-b$gM#b?}RZc)WY+ZK}QH
z{^&P12q;?7nKAoby~WxbVu!GnxnJi2=2}juUM&oFgP>cCsb@Nok&$=?U_}QdnW{uU
z+2xifn6F?JDYI$X1tgtMGpK$1_yMYzMnQbJd3NtukdKN=j5u>`yut_UWO!;keFFr<
zH}G$lXJ{9&OIk;?Bz_;ewOfo*Nt{R5s6fYF8mk^GKG9lkP1zM=V3*zJ_btR}*I%9w
z@7b$2;=wub0)E9GWzqs03HxWfk%7I$gUyFAoG^l=FqZ=$5TyM53lL-&S~0iZXSECk
z(U(g{sFO)x$gE@i_!yN*9#Bx-=mN77`tt1V4G-|7BDKYX8hSvP@R?G3lA}yCzm^Eg
zEDiy|AmGJuqSea8?$6X3CFACC-KCd~XAixeYDu_)s^?||IE~jIa85UL09>YC&6&IT
z@>9TK0nosx=Fd${DS_@b0o^4%>KX_Yg9=1{`EOkcZo9iQ1=<PEbD4Hb5O>(xPiQuQ
z;gfv<k@fqe47JgCq}63{APEuyJ9`30z~%`B4rrM+=;j+akP8V5i#prb+}A3z5gn7%
zh`Vn&@Hw&&%<U8u7Z}xu$;-<pGEy1dX>4pHNHH!9LCFI{6s&p;kDiuzoVY;b%?(xB
zQwBM|Kne97cEB*b!Nm6jS-)-Bd8#Vo?q;Rfl;mmKIoq)CZ7!eN`J-*XNk7ih<u}K1
ziVQULi`Aa8pZ$IrldHWj{{6K8)x*ZkXEIaD88*r&*=phus*<E8BWV&{|Ba>a1lYy&
zBVqKn&q+jW>W)kNqxkvkIQ{hc)kDn3^IwZL7ZPLI9KU+p_vzu4*3Rn3Uwupx&5}CX
zdAHZj?$|%WWH_*2{7&woKM}j#&i1@7S*2N8HzQQi@33UT?PaOpSkGL`eka(S@FD(g
z&F4_yM%&cRVv7a~te>6aooypp|3MHiAr3d8?xv_ga1;72uJ!{>H)Cu=tx1jF28h~I
zURKoU!pf}{xi|YGUSu_D#bok`tw(XJ-9$k}#Y+5gcDi@H0#|25yE;Y;;Co7pd5pj7
zLd4smC%}z~0<#($Tr0^m(c{>YD2fWWX``sYMPj)FI@@V&ruF<mht*1FY!X}<HTt_f
z-dB*ezY;)<dXJL9S{CWUc2SGnO%R77=k=l&1AeBPdVaB7-YS9zf}0yVDQy|yB87yK
z2uvhjvgMyCViv77?MRh>Yj|~<QihR;Z;-1L1i8n;KEL_YR3!p{b+kFhIxg)XgkQi2
zqYm>YMK52T6IBEI&&Nxx$J4dXz!2R0=@Du26k#2`o+_g|Al9V6on-xPIN@s?rb)yB
zCuq#4SXNIYllCl51aHLRIN{t8pfoabbDHu-QbS}Ch*oco=h9auGg7=q6%eyCspfiO
zN37<#BEa`>>~~Y;97o}`2cP70o*bzM3(tVEcqanpfN;}680Jm0Vg~#67wQHr;vycD
zO8$dcMbPo1m8`N0i*tV>8E^cv_<ixl#s+=QKml$CiJttUIA^geoidxNV2Yvr(NvLP
z2cdfYGi#Eg3q)htUGMO!Vw+CqYXx$(5T3EWSB~!2?H^aY!!PT5j}1}u-RF4E;E;-t
z19035FU5irEBYj9Lhwn&!B9+SmQvDlw&z4QW4}^VgAu<mxiB|IZ-vf#1aZoh07$N3
z4~vXb);xe0%&@HSNaTK-lB!kWz;LoN7#|j;!Qd#Ot6wDiWEcee5cr|n?A$f@Q3d+1
zeXh+SJ5aN051@k`8XuwffR3f*D#=k7F;2+elVh(1Xyu&k0LlY+Ie48HRNBiNI-p%+
zZACmXb=~hI#v0`-l4^e@1>wqDS-~I@<ici><9A8|3Z*3^5<wfdb(%Mx*99+Vx-qAV
z|0qQCNLA$-0uz@J;}~$xN^xaTxMLu^Zt^EErw-c<gg)9UPtd{)^LZpu3oZ{JsSOH3
z??(^77~fdbxNam931k86F{&rzNcnKrU1X%!_WA~ex{8Gb+CexifU)>skjCp+-wTpI
ztO;+ddM5x%YEQJFjMZ|ff)raR62Sk&4BDR8FgaE9^|6*){Xj@bzSAo}e|LJV=FITh
zSo)Z}cR+l+07N62Ob0eG@#6HpRcgyke?`8t{MLF50OQ^t`|G;2yev57G0kayb&}R?
zwSAOj^w#w+Rv5_HIxaXb=QfG@^M&b-5V?e@%3TVIm^mxGGm50B`Em#2J$&gm&q6(?
z%9=kjqgs;7g-kPce!qQH+jhP^#TS$dpJmLF{OoPcP6;a}ARy=~S)0K%7x%}12(XfP
zJD~jWO#aa+?S1b-&3Q}CE#Pmn`f_x1{A`Pr$lV=Yfx=B#I`<O`Ke;x|uHvD{|3dl=
z+@;EH>Fm5uw@#~AOx$mZ&-g}~mq<JVPtiYB?u96VDR%d(6ia%VWhbKl#`+zdii?*#
zldp{X^bY4r2Rn}~Rba8jun+(huxl`(-o_kaE&IvnVpFTAl&2s%9MC8WLWPZQxYz=I
zffdfLp)+IJ&^_bYI|(J;_%rGhfyW@0n>VX3v^Nu!H?-K!$k&As0WhYr?U>=YHJ)Q1
zI3chL1y_%bzlNz=RSYarnJN)eF*c^QUpswI4MJ&8Xv4>}wq?b$rCaI+E=9qyZtvxD
z^7Hf49oMuIOTn~a!><Da%P3JJGeAiuyf;25;}1ruG~r{ZOF;mW|1KZ^M~K-ycEZTj
zdFiS)s6C|3wbgugG~aUX{1TmL9?NZSR?ITE-X8fNv6K^wXo*So0NoVqId-X;tzvKh
zvll(u9#N9rs&C)czA)`i85`5&w$qK@5BW7`Wc7txi6)&^tE*BBWXqI(p+~QPcH2PO
z?dhR&oNv&kfJ(IuoB))vD_|VmRxG!pd8y{GD;>qNz{YJoU7FCo-K6a;U1oEc)qdm#
z%8k!t<r1Kq>Vr;t--Q&A{RCf6PZX`HKmlW#C@<ozdOAsajoK-6bV#E=qY-lo(h(oK
zlGR*>*#Ulm6@i87nu9Ma%YQFA*J45CW(cXm7tAt$<9uQ`8%hSUNlMb2h2H^|hIcOL
zF2DA>0-XYv-@KCBJg^0!%9<j84}~8sgOy%X(yNJpeKFTp=<Xtz-vG3Ag}fQ427R<>
zW=lOOAa13tld+7BiD^HKlmWGhM43~3&UG4>mAvML84uhtQwl#YVq_$u-Z?bkzBkTl
zzs&l>Qco}OQH>L51G3yZNV<R`rqKL`B0dR*ZVkBfU<mZtJqUstlhfmpn<pc-fPPf0
z4L2c-E4z3IT&p<x?N9W$b#2=K1)Qm!gnLyvgOS4R_JL7N##^Us%_44P)a=Fv9j@)J
zQ+LDBbU9>@=C#7A#jZ6!c@K5K$ikvG66v$0P*dcsSRT*BM*5Syls0Ye4tFW9lRm|l
zB94H$?33C9quC`e;BuCf=7WYc_nLg&<=0M`Qi=r5^mKl>jthU+KG;TmZ=$!7qGn^K
zDR8}abkyan4#`ioL0l&~3Pif$CtBs-Q;R#<Z3aBWSMttQKSxm>ud2?V{k>pa=>zXH
zx(;B+U8oVj5{kVLU!TTPV7-QzUc9?r^8We_!u$TmC&$K1AG+R&j5UtiihJY554J}Z
zq?`1n9)~F?Dni>v5>AfL<&wk_`YN4K0fBpD`i#lVc=ufbhp8y4xC8Vm20UJ<?3AKA
z)`b?A<+uIln5<kiPtOj}l7c!d!fmcwbY`)bCS3Y$NbzhxJ?-!$1sWkD!tW)~H7PY}
zhyh@i66$3YFgBg8M8hD|3eITp!N-@jRb9Ja(32VTd?h^0NH+_^DjZIP!WmQEZL5Rx
z#NNuALxRRKfV#~)jp!}F;e;ey&h%l~2FVLcv>_?#+gn>{v$oemZ1^AdsifnJ6fO5*
z?P*pvifX1p<J4*+1+*d7Y_T%82dmLj&6S*>VzmLx!6r@aq)M-)%6HX}wWE`AivToV
z-cV>2LiE|G<0bp@Gmq}c@*>lvXiN6Fr3%}HY<l-+0`hV3wXG8y&S_XwGKq&fMBf>3
z^K52)jUrpv+l<kwTm&S*(3>x{#y5%}i_zl7bp9G7*ZsM{@UlZNw)8Q+rlu^D*B~#?
z#{|rUZiV0(dKa9I>RYZI>Yw4vw<cNs-Mv_$!{hutRrGd*a}hv!0m@!@B06z>NU((M
z-Y=E*ei?*wj*5uyCT?+GC3q_GhsFj6RgfdHb-I$lcdMGE<shS=B+`6LlY7J`9g&#x
zagW1tA{jic7g*9l@7IvVP<*T#hMM9eA?(aW*#q+Jpsu7BQW4C-w@C)Wds&X0eQ!s}
zM&6Ii)~T^jvh?c;a{`&fSF(tYvDt<h4B`3M;l*GU#3UK=>-x{Lv}Uy!(w#P@?Uw4D
zB_w<~mRtWD4EVO_6lbqm3V&d+n0ZB0k5@~I%ktU6%#5Tae$$aOSA0vu)3;(fw0uze
zvl!O?>~ZuM+kdN6<-!a|2yz|QjwnPEtH1ES=&!3eOD&mj5!NxcJ8NCc!^XrUZ=G<{
zCjr%@he<BIJ|uiD^60qVKIlY8UUKR9l^%QOkP{d!$m{-~W)sV4n1_GO7T^JwCS2F%
zO19_1iIxD$q=E0OE{RN9f30U~N>`r!$g^N^e?$L`i-#hJ47hjSBZ2&EKs)H$#7^^R
zZ|_&WKMKS5;DuqwY^F*$5J2uDxVEf$K8Rf<qj({7)3GP{+lnBof3exH6d;VG#-8K>
zl?-T%7%VOE4S8FPRxc_mi{|t}bmh5BYK@okh$!RtL$FG;!=c&yzhHK6{9-<Q`0&cf
zq$`f^jg3bypb3Q_p7KqK{F{A2sd({i&<xH7*uMIz)?a{ApRO7C#*Jja;(R?%`8A4n
zzN(vcwOgda+OYIm)ls&5*=e1;_9=a0Gk~OJSkF+?DyI4`ekh1Ep}HF8!Fy7b3FhtE
zr@N;Bey`!fANW0bmnYdy4t?2FehoM+6gC@venpI0QkZ&vpopjNrF=*AkinCs=||1k
zCt|Al_jq_7)|c@~<Hh$RD(r$S=Ef*2n!%_@x=!WlY~EMBxE`4zS*W#j4hNkG@+Y`E
z(OelP9(4@RacYONAC>Z-Jw`F_dn6M5Sq|(TojeDHrevp|d3pEc>5I#EO<H=MxeJQ)
zhg{3^K`%&;_53E@y@$$FeJ9RxtR)e^d%RDN_2V(*MMXpuN><Sy)J5RhL~yjqP8qE2
zgIXdv?R=TM(2cgUu>Ga9_{HxDp1$JsW?*}0e^%P{LabYzJ+q@3@nx}4*0|F9kv|s7
zRQTvz2jkP~n@)SN8vc|GQoz9h!o<BV47}&E5e~_Qm|$EunJA?KYi99Y=sE}OG9y^s
z^;yy_7L=s9oz}g^^*6rug7TUCr6V+L0J+!G*MEyzX;xNh{EoC0Y(RSiF;;*=g_hfh
zo<@lINXZ)6e7h+3+qZB1N9%ayE9g7A2()7!;L&e9dKwe{B^*BA8~`{4oEk}vKbBH^
z=>(2!P_rcbkXPzyZf3^DGkhFOAX|g)xQVYNJ(%eDO-$1Zvxiwz<mX3&)cB1w+3%rk
z8L5pDd;mGdPy$!d@VK;lZa*5sBQZ(~Q>YSo0Smbyi?>zzw>9!A`MFkQ<LP7?rEE<#
z_q-nyF@mOjTTFxs9Bpq7Cq2Ow7-;!0%NulRkF3jzH!V24ye7baIDR}a7TVZg1c(7r
z$#)8>r5|qg?){|M>pWchTow0`@@LRV+CASt19MQzhM)^;8X8WBu!!apBQ%%_^_qRB
zQbyubIwuzw!}_v}EHjlW91`|D*!knw%{03jlxuJ#&K3(7A+Xm68Z2|Q%OuJmSJg<&
zNOBm9@T<%mOc%vby~9MaGA&eVO0Y!VsCN#lyBpDxrM?rTl&b0FJJd)tmrJc(d6I%k
z6LPv{P~bp|BlO#rjW||gV#(PXb>{;*l;O3+TVm2>UZLXShc+`}R8lg`nGg0bZru_J
z+I5Zrp<%4};tpUMFg__S5;L3|S_9-Iq$vYm&Vt<B*L*b#3M`?qu*Vf12a(!tO9oH%
zJ15c~?CP%V_r!_c`PEazgB3gZ7OmA2DW22%#gi|ZGHJ5$VbWV}xOZxJV_gM-3j#@w
z_%p}}EiL`HARPMLE&y#7*y!KU04@nUeN2}G6+>l87=StRm-9a0PSU-184S%j=+Umv
zS66#9C~1d;+P_o{6pcOtn>gM*NQkI%U`L-yxCy{QxH7O*t!*$o&Hf9R;ohK*<XUm;
z5)I2|At(2Kt6D_;x_J8sph9#2>Cey*j;K=C{{Dl8Uf%LU6twJzpl*YaaaT5mw@##(
zfL%6$`e2y%n~>S!=d;cco*Ba3_y^m%7i3Pq3!kf!@H$Pk>8r@|6xgc@>Zxk;$XcR9
zIJCHG9~MstPXW+UD&$wh_87?lp5l!ftP%QwiRjwDwD377V4z!@B+)vh^CPQ$47E|7
zagZ2wLX|iO@Kx-Cw86>2Agc<)+~!JMV}l;;6JTjW<*ECBkMV(lO8JV7f4|>U9P|==
zMk-DP?_foHbc7r)ulgkaI4H)ieF<8ob9H_`8L+QNfR(F>sxeCc<y}PKa0F~Mt5SH{
z_6ZSEnR>O@kD!2s9Z>$uO9P5fS|l$a<Wx$@O*=zqmH{c)897gCw&VXjN`;?D3>=tj
z6G-{_q8A(sfxmb<zTw!ypcR^VUCh@26bcD2Q?|XtLs#U$fUr35IX^e@f0!nNVKm;s
zQDrpwQ&w28uNJ%xjz0TU0rx#;L^wB7uclVn{gO>|Ze<Ry`=~d?!2|qnfEZ!C2;n#0
zJ^ZZ|D4|dkwoGO*#HGMW@gkhaLQ)D$wbjM~9N(NwmUkJa1cVrjfmy}wHT0F=|MD+C
z)GES}KD_o<SuUc#7D&Ce2AmwP!{9jMJj4?~W;vxnDJu;#@d^hS5X@p^Sa!m(PpgOW
zTgw0P!;}Kt0EX)|>z@CGTsn}JDmf(Uubr5HXq<^-EGz<SUiRXF*aBmpT(Pwd0laC1
zT<6g->CoS+MQ}uiR~j6`=DdueH*x;a?;#Ji@MUB57Od%A;mBDDkc(DPz}m`CiXd6Q
zFn5?r5a!NeUAY1KFNXkwut9%Pn*s+PGByU*o&O)7<N$q<YXaKzn^<A6`Ro78IV-RV
zP0jtwIZsVpi^f#^TmAj_Z><R6abDYdeX{f59l~#%XfIwV8@>bsYZz+W>IDjC#Q{~;
zM&If32LjoCoOBH>aD`;(JazjkR0jN^6X5BBnA6g-$>uNETAZPim>^tZd<f;^m99Qt
zp}s&Gq~okYc2n07$;^6iFB6aHKKM78xP-uXu8IUUH{f3J62fa4Aa1DcWE@17pgA;~
z0*1Fs;0a2J0Q_srT$Gtq9Q3-9<*y)#JD{8W^Sxa{<PC*82}Ko*t@F;3cO{TEKFa{d
zaA;*)xZ|3Y6Ikav#R@()M$8v&%nNYOj!<~LBr+3|`WINEVD0%lBcpJjH~g!yDRQ4l
z6iQaz=KSTz5(nUzc2*qtH=uU)m@X0Qy;r4xqBv^bZtr-4fWdB(Tw6DA`=!HQbmIcx
z1^#eC5bhanW?d(Rf5R9QB4ld?!*P7?M8()T?0<b<Wr;d|DRb(*KvGao5B-m|?vSSQ
zn|eob$^gRDfZLp$)jqm^l)KKqcgh(K*xlwuXVyO#6e}HAt<@Yx@(4=Q%!EJ}n;~7C
z3A=&CE(|{PCJJZ7FfsK7l=%D~{+7OVb*TFItEZj?{x`rhfa)WjH!8&D<2!{jrM`)O
z6H!xy?7zt)8~#cjDHjf2cR9O?!x`=A$Kt4|Dd`Hri^AL=VmS*iUpdFf2^T>EFARb)
z(H<Mk0<(g)JjeqU(q!kMYlrPI=++zeXNIzuhzqkp2<Ikl*NSj(D|9!|CaQaXkp4Yy
zx+rDD0dW!o^R_q_rG76X2+!KJTYowXvjZm;*KkRMbwLh=O-LxFQEZk98j7khj!sUT
zH;MPLL#gFoh;FD$60v_S8N$WMCda_W7GcnspuEQ8vW*<e>)gY3C7R$W0@DLIxmjyS
zbHZ*Aw_A<_5|y{hulthxO;u<Ze%=2CdXEmL+ersa)c*{Z1{Gj@xSb7ByDxP?gS~kd
zl+F&=xAU*TEP#Oq;p*abdiCw=2S?$F*Rh%upF9bxrtNb72V~o3;X`j2h%8Plh=k#q
zW`W^Nu&j8<{$;d3qIdXp3|^NzfJC>@;0n^#s3XXSA$p9YR?s%;eQ{t(5c=a^HK_pZ
z+<8sMnPE;G2vM#W(EKk&8%^cDU?+9c86@gEVn|zCk6~d-OAz`pUv%w4JQE(8Kgr2E
z=|HedIp%QpSF?zAquF!M0~^A|rly|O&^8)2wtgxi)_h2Fimip{FmgkIaud>6G1usq
z+bv1hFAt=Y+Y6_ISoV!rTh0Cpu&pTi2LTXQSY-akuK>vo^SE76e1^Yc9o<0SVxqIQ
z=I<jznC|GklFjO2y7lQ=uuSlA5bq}Q!9i$#<Ya%=61~I_r*EYhRhXwRa^<E`vIr_;
zal5jDr`A*(>eG*Ju!%P()vv_4y#u6yWQ41Sb9f+;6g?nH_;YXIxx>?dJG`>FO<jcx
zg~kA(kz>oy%YgTZm<UYh6V(we9*D%4PIH54)zxkXn|*1rq)=&hyuvf(HR@!)%FM)d
zpsie&b1<YXFl=%E1BOjeOzb}xwsj%_0nbdev^e?5BA<Ou_BFSjBK3m3S#BT-{a1XB
z9j!&4>ATF~Fo>?6)|@7SDWT3uWQKn;)?**w#+o4<>EnfI@qq#|;U*HZh6^x0uM+`_
zy(9VePY;D@n-B?_gKig@O57AClDCjSgQn0K0fi`DajjpFPPNe0D9)!8DOxfq@?DLy
z9CworYr)#JL69S(W{3lvh!I8D4T(pOKAjw$C4$A&1VwD_Q^maXD6(md=9UxXkMR^3
zzk>`5B-g^J9W?(FtW9dg86u6$eR@T!#)B`Yihgn63lA83d<+^!x2B2WQf<youRwIH
zEmUu0Pa>c>$as&#Zn=AwQS9atV3!kS5JV#?aCWRXh6nge<R`fN8EU}#Buf6<C)Qv~
z)Km3Jk;h4lV+R7C!7xl6q7u1Tyb5d7)&}L-_nmfAF@r-S@fD}%eed5qRZ5lOa#wkC
z6ceLici6yE-qfJI39wzPY{;hcq+2Jvb@Q<%1``JkQ*}2X&x{Vlu0gYq*Kj2(@dx0$
zT1r9}X!(D-C5MHx+anBhPk)PD6BO_Vq^VLX3PXcrv>^d0&p|O#It7f&bcYiS6!<==
zFsuKb*?%UFPQ@!BE1RbFAa&%Kz9}U{=BNpgIi|7#GRI<>fW)LEll^t0SEa3ei}M|3
zR1qUmr0&}ZCZSH%3vsT-i{GCbnp=*Si+Ub!Aaz7;l?Tg7GDWCg&^_LGaNFyG?vVp`
z6x?!<w%f*Cl<U`7*f6`0&`FZ5XILM4nSCO)JtvC<{0wgUKYXqtY3G7Hz7T0ZdO_pB
z_qR7WI@g~lPbp_A5rFmImk$mPuh$Q&akMP#R<U`9Cpjo*4Su5Sf9{)?ovfwzqH!za
z>#psv&1I!8VhmK&^bgg{(3<tp70|F=ZGy4Y^7n3mq6_8Ztvdn;w21lqt$v9~K4-X?
zb=y0cW5PqpUsyS3Yi2Zxo=Xe++{C+CGg=)B7$?GNFxCGp6f3<855+VX(Wx$&*3lrW
zg^xeq5DX~C>vU8;*|%0z!nU(=k{%JkK*2<_I(_XoD`VQ2@>D-4%ekB$;I#lc+kFT>
zCjn5HZ;jljIZNO8`Zv-!tRBC;UNn!-0#;zg=I-q5;LJr1K8Q5G@8_cQ=EaK_zTyw3
z2SIZm;vfd3cHdD`osyX+PC+j)Bqm1c)WbuGk8_BbF(?sQ-~E!I#u)-$t(se_uuFan
zZvo3ubHQ@PCxA-?$DG4rOc0d4^6F#+4CPTOV}5kRUhpU0v-t~uV&kDYmJ`==yzXRz
zP~Gm1)2a_*MluAbH`=Z$eJbA(ZXBu%Ecp=*ARsi{D#Exw+TukIr?&*GSuO2&x`Pn}
zAgLz+Qoo{A?vT_>x<*HsZL~I@!{HwKzkS>=LY1jsKjRb!{fa-otu!-V@DE?5U02VY
zx;>4Vw_gO9cDI{|Eb$Y~$HC$=z`?vFblj+TH;{0L7{CJwm=|9|*v`b^f-|FZ)Ba4H
z0Ad1R9MzFW9`2_H3V@e3v~<w#i__(x%^gq=hL%jHFPPi{eGA&AIr&;`=Q#sm>>R)~
zbiZy8yL%N{k_X`tS6)Oin>G1I!YG@xXe5!po*pcac0ai|-`n7P`%6s<eSPicx332W
z<|!@RX9p0(Ji4VB;U58OxJUEbZz=8APILgc3v-~92I4`0aU|rp-vc%3rG*#(9mohT
zJjq^D33UZVKlB<f`p5cGWBs9TEBA{+0Kp7EpKfvpq5eHaya*Oc?!XHbZF6<WaL2$K
z1B0sU=uQ<*HadZlMNi$hE;B^NV)N2`(Ot1cwlY-5{UN5cxc4As(Do<L=)aDKPI4Tb
z!bTk4Jf1**q8CKMCvpHaa|*inarUZIY1_z!-}oL~0pZAhkYIpykAgh()2mkn+wBj!
zeA!*{aPaJ{f8YmArPTa4YaqEK)<Hli#EH2)s^T}F512&`r%`9@w9H2e$>Vzb#Ba{X
zH<vO8=p3^6NleY%u>65|lmNzvT{=cWVnSMa$R}=5Z|l*RVuFM1MJ);>;jitXo|i7d
z?;(>)HkGQ1ka}y><;w+;Docb8P_!6mS3G|-PCb|{_NyFpvT@`|T-TXiGUaQh$U<%v
zI$`&C{vgGY)p60UIn~D>*ex{U|369Y)DLLx=NEzylmMAJ#t0>;-Lh7rWxBz-O1<u~
z({J5yRi2BB3)=BDQeqjeHYf}LSzNLSP|wqv$=tcM60FkB4+(Q^AL)!cAruuAeOn$8
z5sZz8XLP6d@L(Zc6q`|T25jc*_Qj+W-8kI&xzsBwfVtP*-7Uo0L|STW_M?7pX{`p`
zm)leTMR=+)DWu5EIjHFAk`Ji|bGz()+gByTBFf(3+d3X2pxXIsE{(y##d|PV7)fN7
z*@Q_zn2=Qua2zJ%Iep`{jc<%>2^POPLy=o3iAPO-T3BY-8uD-`nSl+M)Va~Zs-SD=
z0}Ty6=*>MEmYqoeD>iTGi~Daeo&_{MQlfE73K>?psr7@>sgXu#r3TaBDrckE0~}lH
zJ=a`nrQ`gtYI#;_FH&%5e?v`Gh7^N_y*!{|XBa^vWQ`zk-<Fp@gBDEz<u|&s-s4xY
z9b0JJ{UTK+mg*fKY!M;#*!NC2Ea<{j1Q@=?2Y8Yolo3j{;<eHhI035s#^Er!9>dAH
z=4j_A$RmPx4}eHh`m>7qLOu}SeH(7mZ~#fUSUu=0KTAC;Yy?x|bf4VF4)zaw=K3Us
zH1%?7v-IR}GUc<fBU-;D`79Cot)~D2;E%<JQ@W!ix`>i{qo37m$=^!>2Dcu@w4RRW
zs1`alwou%B?3&Vljo0EqT)kQ&7C{b6m%!K#$PtT7n=h)1W!bk!_{2VvtId%*t+LRy
z*GD5SifZ>TsrXjxtAaxV;jL^2h`k}+NS9qT2KU6-50hzy0YO1V!NqY!L&pg|BzhSH
zMTda4;X6Pj_ya^q&t1?Ji~&s}#zQt7Cs9$hgdbmh6hTFH%fAi%2uvI_H64tlX9GT`
zAiiCEzSGh$#vWtl@hh_AW!5ud@)VI=^%@Rflk0z-mC}?l=+->{POV_~(S_#qt(ln?
zZEqC-WS`Z^WR)a{dJNq7a$52%AE*oDzkF#vTBFw}!Fr$SjgZjt9LuA}k5g5e1HUN-
zBK(_)+oOb!-5+&eJh+H!F>;~G)Trsg(l0m#!pmAZvfAFkTU(C$2rj|lSpXE~1A)R0
zjWGe8w4%+XGvR#^NpFLnJ&#8L+dP;8PZxbaQspPUF+FG$?=Asa0k-N>cadDdPF$!z
zmZ?@ibv5F60-_u1h)B5J;B*88=$rG<Aq{i}ftUYw26Hnr!aKs0A{-_ecr-uSX(|x4
zQzXMv4g*+^07BhvNhse#LSh0$Dhxb8txhCEsJ|&7cYRu3(Q0HOxy-`A5Sm|5gsg31
zVzOO#v^F>S?|}<87c6j531+%Vb&+CSg;GA$&%)?S$TWn(iQU4*nG3QX{eTN`-D3>r
zngK`-F57tpM8z<}{B)t9oh5xdRFml7;D_!<{1)8~4ZfItUo;%$1x$KGfVR|_-O^C=
zn=-J-1<W+^U_sd1G>2`2jO~3ki!n~nva+<E%+}%|<Wu+C+ysqPlkP;(M9njO*knXW
zn2gQ04~-2;ej9DL))CdDl6xN_DJu=)K@0f~Xdyo~Je1W~0VG5q6!c9~-QL+slB8Fc
zb8raLLdc0K5~j{oFlg=QNEv$R`4&6qkSoIpY<ntRo_c?_YB`xe$#*a-*uB2~Llvxo
zb>2st3%dC)=};}h`K+alGc(P(WLfzFnc;c1QYYpMS#Bgt9VtEm1fWTTd@h9;OdDle
zN-qE!sbxkCfRRoFT=y>D6Ado0K9*JA%%3gIoh|jcbNLFzwf8(aJJ>gTm*gI9Z)3}0
z%Cn?Bh<z6!_`ym~?7puAGucBMG)Yz6@LWmN`f6pi0nP$z2Zzn$sIH3MUM*#<lV5Kp
zT#xcH9oK3ie}Nd>r#+6Z?Q_MzZ61ryQnB~%YG_r}1*!wK?}U0qmFW9%h^d<>PL0jY
z(ef3zz{UNFxPpYHaAJ?xT77y*M*tq2CaG(tU*$}HAe>%}LRNr}R%1L(oR7i0i>uje
zPrSCR|MRDb;sV4<;#+ZuMV}*orrq1IL2)W8P8j5iP0Ryuj~?C)Vj6|ybYg`h&tFPO
zo_W3)W;SD2IcLvGevJG)%zVF&lRBlM<B^eC85`z#SAxvz5(4tyetDJb<$hVJmhKJ{
zdaTf;%ZM0)wRD${-1ahU@Kt&!op8E6)v1a*Zp>`0m;c<wD>tsXT=^zRPZjx<UTv2B
zPxj}8U*!{psR3h}T(2%4jYe@PlH5wVBBAqGsr7w>*0iS4qE)ctu-(oVkeEL>S_#sy
zC{xa^SmoZbFC#4b$-?#`TpI;z-DN(~=q?M3yi7bl13)bLLv^ZD=_6s;(V;Y1oh^HS
zuiXTY^dYV1E-fYs3IX-W;@=4m_Gj_|5_F-OF6UU_U_s!F2JEO~8$HGZqrG(LCBLXI
zGx@x__mIJK{&49r-=NpvVL#m+;ee@7`wiA9Wwn4~Wjg*krOABjFUe`QJ4Te0Jnjw6
zmacHldLHSdo${^qw_&amrine#%+>Wc4W;(}^YF+pJ|OI##JiK?e~3+1JU?1FGH`xO
zaw*8v?breSQ#hAPSkm4{3sPUJw9^5(FM$bIzOdu~B3Y^U(=YTOSqGUg#jjCE48ENN
zZNSm?Y^t{6E-2u*4GL)fT(0c_NVh(0|F)DTU!r>Q^zU(<9dGrwh>Fev0<!yV`&M96
z@RtmY2(LkDj-8K07NvEC1+IG*Tlt<qxqH&(DFMM_k=@dWvP3v71Hf#B-iyPh0kkj=
z40eLTwO!P}`elo1Qa%?Yz;yc<jIo(5$0doa=Ko;SswKV5G@hNM_OQy{9YI_DVZ+By
zVM)nHva-vezBDu)>cuQL9G0qd%{>J^`B8<&U+Q0^Je!Qu`cUaua`aHMn$0AR`fmS8
zg!SgD&pI;^jC}@<ec89nY&2bnH_zxkrA_?m-E&d28Y%3WC1SfziTa0Rl6eU_p$y^G
zB39OK9d?@n$pqqQb1S!NFJ@PClU;0`VhZQmo?~D9Xao!CBO07-eEws3HVU~nI=p}l
zQzXdBUMN70O}F+o$?YUSmH(VID_EiC;Y-c7pWXRlK^`jAN2@#~_v8Bd7Y>Jw;v;Fu
z%;)M6EA5Dq#B1&W#^>UWxqV=IrJT1qIL3DE0ZYgmwA)m7B|@x5vuhS@`zXI^+I&kf
zoCK2w^k+wtN(HNrJ*6L_dpPNZMVDB_d4*pY{`l#MO!(Jc7lu(gX78GpM|-WST0CP>
zw94iFtQG^UW~2Gmv4o*NeMdcxQly4$dU7A5ZrRKBpmDvg99(^ODEmS>P~(!%@fj`P
zC{eyP<{VDLY1C;JnVyPe_z<S5fBgkn_VN)zgqMnwwt!0jOjreF5OxpZdaEBzG$Csv
zR#F_C1|HfHu}oW=^dv{NM{LBl$MOs^0X)t&2H(iHH#dK_hrEp=Nd{?G&)NLx^M>r*
z4?Co~e7_RWj6325n40J9#=%05NX!brW4%V7BrM_b>WlSEQ!4;f$Bgc@Ud7WS`}&5@
ztayorbf+&!4R1XBUc6hY*(uOw>Du<N4CSn_s5f~*i+E=s@hyt(SU5d7G5|X_Exhj!
zB7j&1iw{K=6el_s^<3gfLSaK=l;VM{pB}!HvL5sbzjtEKC+6|<^+w=;S2&vCQuowK
zqIhGbVoCKuRH1Ej45vr?>W7);p1TivS$gwIc9#20$#CeDS<IKM2I{VS`;Z~_nocn_
zrr{pzdwe#RaQ>#K(3;5Z=@=wOwLJ4ho1drq<FAml9K-=OlB#*Gnf$Eg8hD!U1W$gZ
z?Sk2=?zLH+x3~UoKp}fdPNO?1fU%D9txY%$CZ-tc61Du3Rhh(1q4;%vUMl#L)pmRW
z-VF`xhTG}Ktp|E%eoWP5fYFKC3W|Fb6EYZY5fRY=M*fdL^xmO4Ip>4%YI*4$r$D7l
zC3!SbetIzb>36W5oLyo7$co9|zWvg{(%aKx06=n`CS+Tt1>hbOa=@<o0;8bM+Ev^&
z(;mZX0gi>&D%FdAE#j`X{(SLStEinIb+cGIPp?r_Hb-^LppfHsUp{$3dwW5?`PQ|^
zJW*SVTIC*F4YpDTUwsswH4jKT+jA}NVgjwTA>ORn(I|d?7oDH80b4Uq?{($rNY;T$
zBH}+O?jyM33T<wFr-3VOB~V<)99kdiy9huM>-Tq4e#Rl&0l;^5^)lhx9F4(`(^nY_
zY@5*zj{Qt%HFs>ie=3mkA||p;8Kg;V&(bc*7Xd-hf9Ikht1>|TC8}uVu1vtJ!AmWp
zeroOJo*;?MiSg&po07^L(iG;ND^ys#7_PDJb-_X8i7_2E9($Pk&AQ*Z<!rTPZeUbI
z_G4DKLCp!3Wz`)2PWEseI{X>oR|lCH@RN5gMlO@rb*I;jbBQ0}m+o{&H-3!-C-9Sy
zRQID=x)&BkGFLAn9+P8yxy<CLiksXK5%D2WLHk3nwL;&R|J4kMVPZsNb}l)qmLKzS
z(b<)ov>8}B;(-1ySt2yEQ|RM8*$)7r%2`wJ;-6fLHp1>z=F2(j<rdqx@F%K7T-oBw
zxgT5_<b`)R=TT)2*F8jx^#nizPO8_V^d0)HMeCLWT(?<3DK4Azv;4DC?}O^5ZU5{$
zpDF+J{ZH@d>RiHFN2!n$_rZj{b&E2PT3ZH;1fGb*U@w(d6C*LW2*~>qUS8ojcTDa@
zARtB)A9BvR;h~iq<$_v{NKbF?9X2-QFh(_cfs<|h&ey~5{^?cN;jfZg_RJ0&{wi))
z!K+NZz<lC`S&8f<I>gYiMCRp{a~0X?Ks{vl1-W4Ew}e1p=2iZ{xBv8k^l(d;n|-NS
z6n0&;d%)7I9)$^4h(huubcB}Th)jlIcNszZVGW{PEfVzTzMT70hKbkz@v<@Dm)&tU
zDG7ervvlCH4{-f+5fJ}>e!|8u2K7g&hl<GtdZX>%S2I0bj64(k28e0}G7G`+1>XT7
z*oSPx?Ko6mhKicWUCz*~=KnN1f~+V*d!D=Qx~zm&o$$XFiSlx<76-cv9QpmH8j-aR
z#wl0CFL_hrkxk*uaR|PO;Rm1ix`ABC!dT`C>>~d9OD!erT*JjRvEi{G89gL&^xQwc
z$}D@SV4nD3R_eL8NI;>E;4Cu6`nwoYf(|1gpj<oFzVkI#V|f0w1{m(}+h45MjbVZQ
zT5uL+Xu)+h?rEn{6BHqZZpGF;0hcl*3vO!+C729czBP`u@2iSP+jC|7%VVx9)mC4k
znwrbNpMz^GvO9>l&`;tHi+!NGI@k?NWJAR8<pdvx>G(Kl^A%7GMjkYI=Of#me>lfJ
zxUovy#hq$^=>dftPy@>KzD-`3vD&PBI0Q){#`-jgFXCn3m9u<>?~HZCT>0~5y}Z(3
zZ_6axNbLiYT){<D@V1M4eI<Nm-HBz`@PK;Ty!S_U)X8f`bxW`HQi<(bml0pkfP0TP
zBpy`(vg&sCG0&fm3O?{vkeB<J(InCv*{&s;^Y5Rf0-{>>E2!@mVkLeZox+-VC+cNH
zHy}rC;_q3plprOTTbTOC&qEZ29VQO82O3;;y>!5pk23}MSS7)%+$&4j@;8_M7i(`F
z73JEtjc*YJQNco_Q3M181O%iJX#^xkYDOiL?rsH9x`#%(8R-~cFzAx*5E*KSp{0M<
zIPT|p_VfC^zqP*g{jv92=-xN?edT!`$8jDfK`H}yyK6-R9(M|WY0+mAHTr+d$=`=2
z_9}iKO_irN<A2}3U(S_~tL~n(fw_4G)ByK_m+nM?M@g=$3Q7?YJNvcxeW3pHD?Y)$
zqJ%xE->)I{P64OKM7RIB>N(0!ftPC~SF<u6f!(eHwyGq?^&9mXc%I9=496dK`YFQC
z+W5zHLBi|tr{Xjx7{66r#uMsOTm;Z?FSy-XVumMoz_9tvq}#p&6HgL;{-MA>u7|(B
zp7;YkfAU_SA;JHdIGAr_3fWcLPF`uoQ;0Am>*6IaZ!zFoztzxfH3@^~PFAbp2H=0J
zZXfIG`0?A+%vi$@MiuUH2ZJpqG7TV*n4Ll=-XtKt299J%>dzdSTewf2mHc+`4-Y#<
zNN@*#!ZQf@|IY2YamVER7hk<i+)nWuSCaQnd-TDeS=n}5b4bp8qNX|-Tl`~@$FAu@
z9REtGUi-%{C*W5cT6J7L<O1vIq>1L#A7A{*?};CcP8G+$xHA_R)yc|B$$aOWFJno%
zh2c>Da)}o&s40c)W1Hu(odU4d>=fmlDv>iD?BLOr$z|7Rz}S4Una}z2I#9<?Tt|LG
zG5)^77J~Ecpkm;gl@d{Hz=Al()iL9@o=zT9j}Ff3mredvPmw82xIuB_pAoOX5D9QX
zh2t{O0CM&$nf3h?_v5`Xz4nqXUbt_4so3swm0>!%avQaJQh7gTN}@M3Q{Hsxrgn{e
zFyi#bzr6t7-#zqvI2k=0_-j%A*S{p*oyVWf@0{SPH}RLRHxX|1ANIUs>n)K!->Tt7
z?A+KS)9;5iyhLo|!)+iI23p*-W50(g$jHbf>w^l9@-57eO29Q%HlR!hTkJ!1mWl{_
z;O1dBtL%m|7%Z0r@r?z8USK0!DG6$&-~!N-&@uk{|4Q=lKVAaa04}1it})#r|22s|
zwYY0|O)b0<&Po-R#=Ws>+I2_8XKb}fT_O4|>yIYS+lz}PE-~9fT`FR6uj1)=W^aa)
z_SAd0EspKFl5eohsO~-TS2F^hBs?w~xIXXeIm%_%mOv|uagSXI13`zSYkSM3-5a6~
z1kk-Jstgyv#zcFByY4JAZC|-^`(|pr1_C;v?L6aqj^}09-FYXi|G6i?n-a6&@B0V(
zeEaxQN@5b1**N94jJ5yDY}ShAf;O(*c(4GK&w;^qRwfwJr#x8h+(f)STf246VX0pp
zgkNiFC5DS4-Q5l^bw*YB6owgnYxSOhcVT@)G-Xy1L@y5Yn`W+F?sSRvhIDbB8p(SU
z9Cs$=p|<}`-ntx$Fgudohu~Zx^|CwB&2-yc&HAh&etd`C{a({%TNG%>{y(=MgD>Io
z`DX;soA#;;B>2PH?;1#8CHb#94r~)crMFUI-dmhMJ}bDaEa2w9!e!s%dfJfUxnjoo
zC=OlaRW-&3ng~_iS2ww=2%u-GImy{H!psnLTA(c%Ct$-PDyKa283q_@?w;aW<Fv|T
z8^{373cK2bD=Z__vp15V8WcNO$?3{QtlD`&*En=Ec$AZ$JnTp>u~Lah6mw`BA*v)N
zU&u?_f67_$I!e{685pQAvxLw`8kk1apKf&<(8yt#2$20jK>$sLZC~fmZGA*`k()f`
z<QQ4I-ei^x$-4cA8xW*Jx1UX&jO_Z{?B}cbJG6y@J0A%j_)<ZoexK(xWO%aHe%#IH
znSbpeEw+~j)ML#Se-D*kO1)OSHu>qyXJED*Xusl`Owyqd1EOl%pV;RkC@)k;f&gR?
z0ZVzQ3(@P*1$infFe2gqP9v&6yMbmm+~2aYE1XxNop{<9K%O}!O(Fkg|6+!5VZ81B
zmI?Xj7<=i<?ij#~BWYDsI)|(6DBcI=GvHFG`is>3EjXNNKUDmf0fe%Vy0iyO@v_+7
zhq*$aS<yjm1o~bI_0Z9C0u4)Q{d#A0mCzbZlnpOHylNE{y$X{>-DD~(M?XmF%ASno
z4B8VHSV}Uo!ftk1AdhV4I!s0?Tns8)9lgrjuV6P06)@Jz-=32tkbo`+F}pG-jEj-N
zt^XOIgDXuEzhy7g+_49#2G|@vlDOdMX2Ln-QqZ(?1N*Y2j?gl-&$G9+1edYB3S4zt
zC7){c=BPy_^Fg*f&bvTo0xD2K&?>n-k$`kz1Ff4{DgX>}cBA3+NzA_KetTjJXe8Xq
z82W(Vsv}Ck!F&RsKrIudw=1alOox@ay1|&Wfi7{g0}z;vCGu!z3>|NF{QWT50XSQ$
z7y+D5TOeVrhYHK4UsKR;@vX)8@cvg;J`$~S<Ujiqp{Ka4Fq#N$-MoPui&61J*C#vq
z;gwy<f{f_4W`*F<bz==q(JMnu<@r)D17v@mx(XYl(6T;@R`9OBntI2=i()n`dG_nK
zU_J%VLj^j_ah%)cN3Zs7PowvuS9>$_FH~)Esy`1Q2~tjcF!_JA4?zgw4H=#&vmbUM
z_(bC3XWD=Ps4SyW{C(~QA&FA6Ax=S?8D9XiLja0|9zWjdOP>X$u8zn{R&{$Zw+|^-
zdmnzhttoIc%$*BCBu4?O?Wm)fz-}~XdFM2^nH5sx{^<-w3+mVbRjLA77icmDF)7CJ
z7-fRxYb?d0zY4g&Fbb$M6rq5C*3Fi*b3%;TfCp8`rJmIZ<UqgIqA`kYo4r!C2_(Y<
zB}zmFadC01NGA(8fI2c&`(m2d5#I31ZJjd9m!F@?l4iH<a8P&JEQf9s+eCc(W@EMF
zQ4^#eUvA3Ir0`X)?USMWXmO_{e~OU#U`||mx2`}Tye!>+Vn?>`*FIlKt}6-?^Vp9k
z>C5t9o^n5mo{whzQxfJaL458PJSVx3_Kh5W_>r)JJKxWoc{z{wHAqoEB25-QTAg`)
zd4r@8AU3>PYg1FxS(%xwfT~~y2N?g<w#GYfi22*EO-{I<py9CDR+f}|n0;B`8#BA!
zEE~V(N+L^}r=YA1{?nXi=`x}mVEe*@f-Y!U`r;UN=m7V{JbKVB;q86%;U`@=JxM@O
z!)R5z{&s>1z*=ErmPjR~#-}}xM}B_2$~bT>yglgvh>(7r`1PUS#AjAXo*mDIY*iax
zL`a)8<ZF(F821;g=nBLw-cZc{D~Sax;3aY{Rmu2Dp=Q0n!i2$GhQZ5~m^9Qd0}xap
zZ@a8nmcodTTaI<+W3>-M=mZT1^}WjEG(Hv2G&YteV~$^Gv)~qMz4DRUu%ch>7LVm}
zv#C_W-v4%d{>sZ!10^B&>+lW$>FX&<;y&gp<AT6ni*=X4ht$RIMT4S$6(_1TyG(eV
zCXUZ72B5{w7lp*cpl5O?H5i$q!+=jzZdku)*O9=~IBb8%A;^)}r1y5*y-yxOrNG_^
zwiWdfP$yx2=TQRbuU*t->9K2GD7Dp^c5a8!&wl68jTA8Joi9ZTn>R$9KVD;1lZxTg
zPa`l+U*>G(n$A4fZe>|j=aT^=XPi`1V&xPOKZy-m-@HGKR;mLvW;x*%I&nV=V5O4a
z?y-mRBGpi;yuA7bZ9X0mWp>Dk<qMv)<0we*{faNu`iLmC75?K=eHm<?u{mj8&+5~S
z>s33WVz$z2lUd&Yk--Xc=jK==S;pu5|8?UsNS(o7wyr)40JXryJWyhA=}>5XsUcCn
ze+5f|p^oi3kO7hNafr}gJELX@MS#7bfeDr^rm*q>JFp*6l?ieG>^@a)mR)<aBMdB$
zN#>6ewQ6(I$0+%ipYuwmC!e)#@b-$YpY1=6<z7<+@L;K5&&GM@MbE{{ZF=xm7oDrA
z793PgLnr&~E;<+L)_o45i78Lo5020ChMZ}o!se;6LqQu`lh?0Y%ZkewLriXfb?tDK
zN`Ax^J@CpZ+h`?kN?JvLvhX~kvx_IX8#OJ-YnobAY}~1{*PYLm;MTHv{m!4a<11qP
zcKqS`?L2-vy59ubvHlf%;wS^|u1H*k>@N}dNcbbSSbb-Rp+#lj?#l$0h-ul70*%}>
zjhss?;4X*;)@TVYfMP64*V5+k{40zHuzAS}I`#x~HE7ZjX+B=18a!IAcb!AWFtFOg
zRee4a4vU%Vj89mk+kW?~ngcZUiv~@B1nuu=0tv+Y-53}!Zuw^92QYEQZ>JE$B;=V=
zkAr9w1YdpTt3Fd30HTid?IlHXJ*K{%{x=5$cWjz7b%ICL3Z8Nc7Jl{~t1u4(N1c9=
z=~m$tEZZ<2y?ysHAj_)5g)~Y>E*ffNnXx7?2X^38wXx$h#rE_~l+1rEj$c1A5aVxC
zhG{!F`~V%|5Is**F~bC-02vUcx!Lt{pPVOT9M9}#(>M*CK*H`0LEQ?$;Xm})Dt3&#
zg>^df(R0_OufD#%<^%ROUVv6bJf4RvmIt-Do1cj2aZOt$Mq4p~bc>j!e1z@wo73ow
zJ6HvV)1dz}1zbi+H(o4@=5b60?bz)~Z@6gqsKeC^HKXSHzK&yYec47|Mm5=D?b<8@
zMpZz-hui|uO^jQ=1_JbxY|-KtbV(5rF@IID0%ZSxiZ=W4(PpZn(E=HM15DzQ$6XHJ
zmrB3rl4K{&I?ghQkDv8xex%;O)-0s0@;vpU#NBIUO3KRDkGxn-2{VBzQ(>rRKKJ7z
zk5<-cBlhjJDVR>VLKN^0iM?F5?08gdzo<sZx5PT6WL(GKFzIF$M5+Cls1g*;Midqn
zPy?Kn5j1PDu>=^+?~iBd-wL>xP<GGbv63JIvcjsBcUn`7UwP&#Rs3b-7P0M1jSu-!
zkLA^2L|+}(#_0z7cuk23pmUDc1z7-A1BZ1Pc_qGpR45Jz&&_4E1+9@bMFH?Q=`oKo
zPNM%~y69Vi&&;C`S3Dm58m|w}K+*vHsPi2bj{{J#s6fFt1m_8P$1{bg15P2D>FHU4
zy#!ATh|0pP>i2Yj5OLM`U>{>82W%TRFF03gy#ivut>qC#oKl(FG*7fnWTS<#1lYe0
zy|BdW4Y({e!ZTa~uSdkhFb~0|h6;;VU?5{ii?WN8I9sc1lo+L;nJ53aHNy5uaE$$u
zhD^~ZM4M*5VxiFX<7~1_y0F{ib3*yAJ#3=$<W_zX@-`+XC)>0)l^gGWOYG*{sKmvN
zRIm&g-sP#2>*~*e_0>iS1jgUz>pDrmgine8Yh@5$#Ai;g^vGQC1g19^4&R}$@KdM$
z1p)LODZo4!E-hQb#r&RJa1N&2tnV+-RtI(!43(2h#QcWn<a^J-(eUJEvp2-uy_T}v
zY<;FtJHNHT=S>Fa9BX_q1oL77z99UV$$pU9=jb^<7f?URghM0NP_So%rN;}y#pwn5
z$U(wSdb`zUYnhc3?|>-OdLrq^{s?b~s@u|lo$ou_yR)B~R>mq5)T9R%B#IQP4#_YQ
zM74UsTdvCL_har{W>nIx;8qV{UQ>$jaElnvTl9V!IadfYkVvPtV-L6Sf5k6m2n;(!
z&&DqoI{=5ZQNSK=*7E!x2InRioCkWxC*N*L$^O1-iM4T9;t1(}t^vn@#J#vBm2i-v
z@gCU+g;@?BOHvdHNXWrxgyt!HeBP`^6Y_OV*Vnljf_}epuCDR0kVr^6*jOd$c8j^q
zmi5)JidC{3_au(jPKtQON|k#+Pq}UdV55;J=An}e{2cbShhP&+7}gsHTQ)%zpsUmU
zJ?s~<uL(jmJ$7A!vdPXf^1S3QHMNL1PgRwaxf(r(0ZrS36{j546y>;jk=^mqu8E0(
z77;SBpC9(b+;+@efF)7l!B)WP5P%VCEEuQJ)5IDLW=Bip5velRwwl>%*u1CJdHuP%
zQ`hv7OHK}C$!$7HOMI{H7L&6D&^4O%?GKFX$hM!wrF@H+eiWq6RgeG*kbt}AuXpVJ
zZzFl!T~Br)wW#NJD0m60hNHj==qd&P1$Ma>_@!n7$^E!vbCQ}u@Di`(vh2fiPK!|g
z7Y!I7?Tl>aLXCd_m9#oQEO8qoq7lIUwWX0_H>@j3I3ah{-lyOcBEfQrMPS_eO)e5p
z+*jXzbD-uky$u>ffRF^Ku&9>Vx#g@P!mS4Mpv;r~+(b{r?TPcjWi*Gu@r?UUeMaa2
zay8J!&7qdRx6aLpRllZe<OGnvt)Tztt9*rOTeRWwu#KA9#OcMw#SI|c%iEL>XHvWl
z?3@ymP|S~StldRGh@Ax=98zN0E~~4>=Z05pmAHJ-5sdNdw|N3jQPL^X8Y+yU$~1%D
zUYoGk(a2X-%o{35&*~OtG}AhsQ`<)XQ&BU;a;kErzid|WjJ#IfmGI%l+FG>SJf(gp
z0UveegcE8183~d7jf6l&_k(^xP7+->BxG~4Wg_o102JtDumQp2`5kdLFTEfzXmV%B
z)R>kJy#{0{-{F&uU%$pO^uNE_Y}DW_ydjEfDPuVN(LWRPQ5B3CNPoWA(={{0W(>j^
zlHV+NS8>tAgWoLpG6b=-&^C~#sqPpm4^G4+3v^l98&gJEF;37W+j<Q6uB2yx)~c3c
zpz+nMA5FmyW5%dUSX;TDyrAFCH;}npy(LoRg;<^}|FV(Lt(Ms?_rtibV?QPsb6a%f
zoi-Pw{&if9s@DimWQ?xTU0_$scz0iIduyulHyN1)y?@LAVrk8_e<glhi6cDRiVJ<4
zG5?34$QmCMeySs-p~c^sFdP!WHFm+j0+3u_U49qK486>J@5R?2y&3Ynaoj(I<Aj}x
zU|mHZS4)#k9r^e?DTr!2O1AmcU_tc-I+3R{KYnyxdsh*WOt4<seau3kXPtWAa{OsT
zWaPlLca<X(bEUu(z?7;<EbYx@z;io{Wy_Al^S%r*q@`?65UO}iD}`LC7<>Fg(Z5R%
z4lc^p7ksydyrx{+9ZK!$G;-B=3|lS%7tWrMA<%cOrB5Z)HpWK(J&y9WU-XXBSI7&C
zN+RVpndcX@IgFh!$`bGBu<x*6wx|=@rjlz^(0rWW7U9@}BfMR93Zhumao4O|5LKNb
z{iD!+2Q7;s#qe9wnbH_X<{OSON|$SN2ZUW83@i_&7EzV|koIrbDlt3Il2;nB8cbg&
zI>ptEs5!2*&LOE?l0F&3PA)i!ARf!(!>9jRqLOlWfL4;iuLuu0K9R#|VGMbnLy~Ye
zE-oLm{(1g3b456?Kshrj1u7KIXqTHx`-Ei5wt%XS$hfX2{?(qxdoSe`6*qH&0R$oU
z;)Pi*2u|}NEwe=RDlILN9qMv_j802aI0!WNrKSK)phJCrN$@CIXVRe#$U~XGX2>4&
zKCDQL0nvE5=~xfPbaZ6!L{_$#NFjli>-sPLJ5zpBiWQpXYcWVzW8QL?ce4POz4e9&
z$*h(5wKX@%PwZdRY{`$Eh+0u6LPj{6^R5_;Q8H13+uSo%H}CRAdUxx0xgRB!PWJcB
z5U$X;h(E_5VfYxtmy<*vFWLAIhKoU3j6W9%;mC&PPJO-KTP}esGE&cDfbR;dvIwU9
zYCeQ^V~?V577p{=Q9S7Be+6j#WgyMaGZW1l1bxIFt6E_e+k|E{)q`uuvt>3)K5^2H
z3&(hBMC`71@t;XwNubj&FfMdvRj)|A#tt1fA58aHRBcjICvEw3bYR|-bA-cBGI3mZ
zhHhoxV?R6@zCF}ml3XeI=gED|h368E%Rdm|zx5|h<KQs>tt#tFleS|`J1Ki?j)~P}
z({o)-_Z)>Sq-~$YUS{kBgdgE~DYFLlVfcOKtc>J0sysZ(0aUK-KUSmeTsFuu@84c7
z3#WsGOur_q-KejEKwYBy-y;}-?KXhJHD7*jjbv#ph~rJ1(*Bd`MS>xbaQQ&|K<r-P
zzB2505XA5jth;U(t657X91j}q=459~%rJcwAm(DvGr}3pU&6K>5QzK>I%gl)3PNy;
zrYD?({nwiQ_2Xwn{KAF~1yAB}I#6HjQ9rNAd}Ws#NAmoEi+4sVi7zC70urpN@+vBk
z{rwu+HHO89TYaG}kQZEk#!Wf#L%e=odKdp1cf4_l{|5!BYXgkVi+-$B1_q2XuWfN6
zl>a2l8`y6w(OmsQO7NG@G@jgi?MC}R2>(m#0Rrs=tDq#c;C@ZP=<N5!LxKLX1j9Q(
zeY}3xo$A31=!KV2_kI71(7<0d!}uKY^ISxaD*g=EAP0c9`+1qCU~GZJXgOxi9%u-M
zz|-706x=>t0@U*bhd;9T-V*;mhqE{2!Fcx8Wk8MI0p#PmpERQ{agUXe2V~zL&{E%E
z{AM%fq@=|o1Pn0TGN^p!Oa3eW{cLHXOazEg4)BFTX=M}_aBS0)`Pe@`jSzyL^Knc=
z&u_LV6UR1{bXva(#2seVRVs^&1jK}@08qHJE?CwLxQ)G_h_`=QK$nQA@%Q$y9*@v(
z2BRK#Z(DsL2HY3GbbKdz6G?&ALI<a{kT&7Eft!xhF77`^^+otEts3%4|4m^kf-l`Q
zO8EXQhV);eO@GpZnozuG(|twW4Zz7R;HkIP;$?nNUd9GA<#!4GK^8(Rg~U_LGDxEN
zQ2eyt20)72?L@_gU8zPOy~#ZW)PFF?J8C2FdOkUq!5s6!h0;`_ydhFBs50pvS0WAm
zCKlZI2xb%vlFvsR74mV}{iaaowcy7+Pv4FC=Ye;;2;MR6JDcpW;1z7Zp;-szACd7e
z&0o_Kt@-vhPwI;Rv*W);={#hI%XQHcNsj>k`;H3Cv8r7z<G$26XX!08diIag)1r!h
z8Y3Ase!z)w<4M-uMUmF$N{G0%uhRatBF^s>i+Mi&U?UzoFWU@u%`@<_1TvjIhhT-a
zhgRLk>+b$*>qxx&t<-qu7-{*N3zRqo(y+R}G;gKd`9+9GjkhEMDb-IEF#jj!CW6+u
z2fyqL|KsZtljB!Yj^5>cd{!s%9WZ%ySPnnP`Cqg^?dnrkz)POODL<@jNf(H~FnCI2
z{`qK^)Wa|J8H#}4ROOSuz~^&GM8CV!_KRMdk(s*<cJ+VKqvQ|FLjHV4<ow2=&;j3m
z3#&+QRIr~FYpu>RLU8GQcK{VBfYqx4l(=`KorE}G*f&nIDgAMxFU|a>Ku}NY$?yw@
z0Jj=X<w;4Y{yK90-@P0T1H!%B*t^UBaU)w6&D$?K*K{OuKLVQMyF)z7SQOA)olx5m
zo`8#F1H~=-Us*T)M~43mkNKs7+w965dd?9RJ1hgVrE}|o?wg&Ejm7LpQBIYIQzYQg
zg)D_<WWo7jJub)wPVZ@U9};r57Et-&F`(B{rk-W4&8nYQMkC_PV7M<O`;WEaBX{MO
zlt8*y6Rr2_Z_@O^eVyLv!%79V!kB3H-dpd6cb7vIBbhr5n}XI1SI4WXcXB{O729@>
zN(F$s^xuJ=M0Sg(#F&kIUd>U<46t9aFETL({VPgbHjPV@V~2Gt>-UUVfg>5Ey!m9U
zOV=ZP_w`0Kg}N|BC8cnHcnMd^j*@`u5t-KGA_lhgW{uq-*y6_o^T}h{u6nk)Q9<v+
z!x?3LPtF+$o<2g()$JZBg0dix03O{IKmK@6@%^-WaA08Mq!&_cX-Flks!Bl(w7rQF
z+U^Tmgjs7mzzxg4?gHO*{JBVjp!2{Zfd38zjBqROS0Hec{ho0L5%Uc`_n+wzpx5L}
zaZnn?akRf3c}qH=4fJWp@ravu*H*eLCpaTO0bT5pdbV<Ov4J>0CR9vFuf}o3bg<HV
z<nHc-6Q~gr2Y|-y;^N{G<84z)A@dwNw~Rt?JeILjCCxu-$bU9e_xQ2RVsA!_1{*}@
zx|LjnKC8(YGjE_ox>P}ssSp#!&#|PSx5rcRqSJB2ZCdV0S0=_~z8#Puoa^f$i?xvv
zj;-&S-x6hV9gF0UI*Vf0h?4xD9yQbRJfCqMLB0&N)BOMeX7IP(tR2ClxL{o?-%{Lp
zl;^tJkHovI**hrk_w?_@!65aUlD2)ga27vyVwXTbK!2ZHOX(6$Q>`U%H;JRR!NO^r
z6}(-Pje&T?*4A|G$CKH}_j6KjFSxX%Up1YouiIL2t0QqCU(Y!N&BRL_S9Ib;T+%W!
zGMqJ7D!qpaD<_$8(5Z>R-UfOjwmlH&^5}Ym&Ra~?PZUsaXpL7ZA+X{F6AymQuz<7a
z%o|$gML}DeeAlera03>j=>uM-9~~nEd}<m;3HsT#F1eHtErn}bOIo}0!EPku$-1ZA
z&r$lgma{9O!J!p)C{!uB_<`o}#jZ7mz3t9~qiu{vbbyUfiDsur0xOYPXj}5^7h55J
zlz1^(K|bAgX=G{SVnW4AB%=w-@{qR&^kmmAb5k(5W4*UmrR6HZ>n1SeIybz&?Zb&I
z$lh8Ug9Kc6I2;QPw^6u$H<l|>b6C7LhKkRu&HI#7UU&)B0~L#*BK?i=QkC}gAI(W)
z1l2r;#g}_Orv9LN;ILF?K31U#+)!E0qhKFosK#!z6j|T>$FzL-hCAg>ycQ(Ydw<^^
zHyOd9d9yF|F9%;-xbfG7DGjp*;aSoe$d#obxQE+r%YxI?Ifa(|52v^+KofYD>Wwy(
zVrxXEXx3vzVYV;+;xno(?3Lb-T(!){4f(MoOr6Q1ijHfOD<Wd2xLEvT*$Hb!Uf6PF
z0F^`B>e$b@XmA|AE*5n%5HQiGODpaDc<#KR;>OMS-9s&%oNwLYZe`&=+lmFR)85+`
z7R-2U0I-kcm^<Yl8T}fRu%muEIc-dE!U>bv`@xd0(qhjeZfpCB_Wr@#VZa$9l)%v1
zC$F8TpE}WYD{FD3FO3Fjk~Yu<MiH*Fv8CgF^Ze0foNLpE$qwj=^-aTxn1;}qtu<j+
z1^sQOVNOI)9H;PZ#wfz`L_{Tc+yP@znZR1p4RB`E@qWJh(ExnO>Emq_y>Kki!sxch
zqC+FO8q$%rFBnvE<xLGtkt)EOYEOJNxHw-9)E#_nX*L2l?!!eQqJI)efG)uiZySEh
z7Wgye5*3Ki=&0(>>2c{)yt?@t3{2m+Sb|sXHGnx`)gT1TMp&FCM4tdBI?A#zxBwW&
zpPD&OKKYjXhfsrkY6);18+kxD%$2l!@L3R8>nrf(KFtl-%y2ZHxSg$x7Ol(STvig5
zO=?ps(V*nDm2Yaj%J$AhV`oJ^qAy!n@L;+oO|~-sX>MMWraCJq4tyAJot?S4pV(v3
zM0WOxX}|)1n#av)&5yz#WM7CbdOc5zVpDyrWj@8y?OFfz$JrN(%`NN#u)8)!ifA2{
zh||zF``cm67ft1wa(Q{Ss#~k6q}oE{&O5u<9RW&f#LQ#a`EBhn;7)hvqx|>I)J{^0
zLk6uz%<_qrOE(2CqVw8E73KLfF{4Uuvvu;DryZAhjN04ORYV!1*#rr)g!IHsUd#rM
zMpM7SA!}cMFlL%+%D&p@YmGFT>sYg8U#(oB_q;z?RtLI@QttgU@DwJ!_|JgU=hDZu
zljVa337SZQ-^aYS7f$?#l08>9h!_8@6=leJQV=_~v`?Mly7=@ar!pP&acl;iLioWd
zZ6d<N5_H^Dif;k(1%o9n?GmYah<e{JlUV}>FzpngNrpHMuz<?u#b!(=k3rLg;!n)F
zT$p)s$W{!1aq{4C(Mlg=Rk*9&_ekQzj>Zb4-)tN$$MwxsZ7&ICnQc~F9lV*C_3Exp
zS!{nU1U8`(J+AEbqegu8>pDv2xy@KEPAlSHwj^N546vZ?(ZoGKqfw63n7kpeq;(iW
zU<L}O<X*5J@{LBA`S337TZ~k3b|2To0Hg+-il`E%K#Is4eC0DeR|SdA+nKGuo^zP3
zPYzLi&!4Y~sy{S(bDQ4r<e<dj<hfva79#L#V}kdS2f`YNEBUV_n8uaAM{MfIVdfk<
zE6B3%Mm^$8*IEoFBFp{D^j*mGT<3P_DZ~#Jp4raOmx3HG6r#d(_+~O>;n&rwBYsTn
zbdE)$JBv$|;x^a_wTmUSU%J%w7AtvFe=txl<#>9E%L99bZCqROi2B1L6Cb@IOdrH`
zyXG^EZF9&9&r)u-lz4NR2{1J-yimU@#`{{ksr3RS_lv6KsT7(gubn1o(`7n?!;^#^
zTUx>y30%!dfynefuJWHczhY9fnf552ykT(0?ZsL;!ub}VX-%n<=Y)vF>`NqFM&EOY
zf5I4IZz3cJYs;oVD-&}DK;AUDKeRjVjIPiZSfIix$SXx}b_uK44>vgoX3FU8gMyUV
zFJ$8O6Xt`|_g^uPiD0dA5m_A_CIF0z2As|p!4;B)3V<I)bLwj?@xQvw&CL|Nn;R6V
zHq*Ub3-p_V`Owk|fbNdbV62xOj-=EM5uRy}4vhu~n$oMgkG7xx7}YdxyX|&$!5V(?
z1Fh=!hBri!N}@+jwK|<b%=dG$t47N_9W+8`r5oBOxsOk3E9`*rb7r;RH)>wbX!^m`
zjgyCu7KkSaeI;`a#1`Ai>x5eNyxvA7d(E4TAWz<@j9!#toYWJi#tOwd>dDj!ap(%P
z=cumG)gvpv#&8+z)E!RRkCY3{vyyQ^80WWZa>`jLI=mqjk;LELX3K~&0!bWqclCU-
zhYYAIzV?C9fAF~_a)q>d`ty0EY_Sx6r6bNgBMIT38|;WU)qYaC$Kf~0L@#|au)Ft<
zdkZA`I87lJti6{GKYgFBf~;<Oo8f`1ae#~rmZU4GS@n@5!_%7xaI$1(XXmTJX&9{+
zdMee_)Ifl#DWyW53-9Q7ytmQLHH(wXAXooGR|D|m{&&pHQlU|q*$X}G6fpPX!em{>
zQ$Md1o<hV}2*p}Q)qDPj7Dh(oZ!Ju=4CW5!Z#B$Bk@?>61Nm3OU(Ndt>?!L2CZ?xz
zyMh<PN)*8afYee;uP9FS!IAmjWYTg`&cW^J=v}6@{+uj(izVV4#vIk^N-Vo0y%)6w
z=J$_;$gxYCFB{DI%Tf%{J4e+q+XEpo+j*@nv{VUmb6n8u&lR@{<C_$D`83n$-pi@H
z-#u7bDRJ)%5h2rNEh@-^$X+ppgbVSpwQ=*^>f6b9Q(`gXsp*uxw<}_HS`^6yn3y)s
zix@55hsmX;z9r;lm1CV<-TH21t>Y<L!YEAi39>BdYhz5z5vvK0$1zEz$G#%1C`rFd
zh?iH)QL(;Op%Ymr`OYC?VNxbfi!EDbREU$e9%gbu=YAg3cGMeE4yF~wXl?O=7)H~H
z$i^{mxWMts)vFnrSDWkd-x%^z6txXD+8Qae4ZtfQCs`D#pHd&k2^~=g+H6Fz&Ie-P
zum(kXIck{WLw384_b|?w6o@%DM%(Ke^K_;xA!f9`xIa(pp{a($A*n6)NsakPG3@$X
zeHIW?wYomotaB(8vQ=(RlwBN8a(`-kf|U)~UY3DPi1V2ZMr5bB4EmyX*QU6>ycIJf
z3!i@p{6Wy4&m-e_O8cWiqzA<RnosOgrpi}+s+gnNZ?D_#d7uemvXqy=uKBCt0Vyp`
zR@$GZsTh(U4!W2Rv+DN0D*)c-9Zt84i}brAyONM{1EvE~L?r?RQw;4fM_Hf0GtJJd
zigpxl_kUM}&xxZgvX$rCCQcK@34!YJND7!UXLtR9>wKh&C<kau(l+f2bak9C0TlqL
z{44hWFsB3_;W%Y9{|x^ZKXLUmN3LO)%oA}T+@)HMMKuPT94es98(t5^`M#R;iA93a
zEkUlSPJvyx*WnL(H9bFT(72rwG`vUMW)g(9IRW)5otJwCD-v}1ary2y&m=g)eH7xE
z3z~ZMsnxkUY`?zuD4P1F*J1c>yXO4EqmQ`Fp=BW)Kv!;dFsNkg`e^8*22P2$L=NHl
zkbo01)d3-s{AkZ|`ow*+0j;{6kZ=z-M|n^~l~rJdHS26M60CPGO8EAKO{1V-RHPuw
zS#Ql>__jzqZdW+$H&-jo?iX>`-YwHSBl1?cMf8ShvAKNibqsO!(plG>2BqDYkj1^p
zluF5p+<k4h65GAmc2=rxi!lkys**s#j=SVCi>Y0iPm9yE$=Czo7EvmwJ;5=@x>T+0
z2i2ISRkiQksxc+kb#|Kh_hvVxM<k)U6Rx@UpQLiCz{?XH+ZW!iCWn&lCuroWJtWPb
ziO!zdXVX>ZpdN}iC15WwhKj4yn>$>fyTrb{hddi)@BG-`w}jJVk!AKs1qFFtd0N}a
z=wMZ;p<VYRfV{2c(dnYF61K0IaPG*t_NCwuFGh>zef<Gxp)$*7^+iuh^~Lt5LLK2h
zXZEZ2(f41&#hwoB1ZSwM*>&2ybVs!jE+!^fYp?T957a(asy<$uS2zPl1#)&OC@iT`
zikkSG6Rxow!oc&UwXMh{+D+s~BX4m9?{Q}9cUct8!(tDzJq}21yQkfhkogcq3<T=g
z;}TS>g_B5o>_e>rK#3-Vvu5EIZ{71jA>fl$T6@stRcgsU1$rQ`ohF)KFD@2TiL3?Y
zEH0Q%0bBR3rL&f`xhY!<Hu4qWdccF+OcF{fWPiVTZ)UR_osX!$hjBT|0YhJV*yi=v
z?O<mmT9%G324a)4M!kczHW}@|e3#yNSKoGH_FM}6o3sA_Ablk8l0O2bE*pG8iACW+
z(G$5;2f|;4SD26tfrpog?OWKdoQ9SfcSZ?JIx~)KQ|HLQ7ABCDBda<x{wUyCXI7yS
ze_tL)scP+lHiE#bpeDdGwaWVYuI-Ez7FvMQ;{8^XQLQv`&%DpZtzU2*%TV#z1ud6&
zc9QT#&&Y#PW3Sw)oVbNWDs|Fjbw&q4nKOCN{1A<NsG@TI<>|rWb+-y3*GGVL&6Fv0
z=A9T=B1g?VWv1f40vG_cU2}DqYo*zOR!$yCz%_M7Iy42grZSsKG~1<CcjB=A!i}RO
z8ljjYv2Fy^@<9Kz^2@G7&F{sfC5{FW8T8%vJ{9^3X(nklAFmPZiMGo@`TB|VcDGPc
zZE$vrHjD8Zh~u(ycm#K2=fV>ka+*{8v>TwHoXJjqA7+=_U#K}!&067Z@}5<7+<nNW
zu%Mla92=jNRb;R4PKn)^JG79H-CZo(5O#l{&%YuUbEPp*VN<3&(?0h`--Ny!X&d`m
zcgJ;GJ5h={=r?c3^TX|Rp}d3LtP@Ng1pR@8rw+Sn-}=B|)ZJ>Ns)D3h-*7OLMwFSW
zZa0ZW^En?9tY>Z1c-E`_=9-NNyV)7>M^W{lEA$I<N=nbQ6Zv)VN5P9rYcZrV(VFUy
z2J_V$DTPME?In&kzZaMfsf2nC)s-6PXkye@ixMf<3m8su=~v#{RS8w(j84#aqQGT0
z-=T`4_INS4dGMVI+pB&BgE~z;h~Q061DdHvphRHa{Ka@xamlk|k$I=O-jB~2_lAy6
zw9>PMj*~GaH$mSyCP05i0g>4QS;GNTWF06swRG5qgFk3P(Yv<<?dPJ_CQ4-;m&bD@
z{f#nAN{yKp5S5t5K5sbZL0djTu`$2~2yr-fCxqp!NQTp7)$%plxp^kNy(YuWK5{&x
zosszG@qH7IjQB}p{05b7;_9ky4sxKJvZVv()TB;K;)ePA)@09rIz9Z0-Xi{_C<%WJ
zDx(x}G@4;c*i9KPz+&<^E;k#CR<5|te|;a>FGp5vs_`b$7W54hl%3}xKRHxYQtI0r
z)IEvjSz=1@eEt*Rb=1DR2vjmbG<&|<|5hIw?U+;_n=|Lo19f#<z^X|@dx9%a3_0XO
zV#B|bRH&m=)yc7W)7P<iYK3q63-krLv09y@>uQ-gO1%30t^<x`oP?m!JX)5lN{=nK
zLEZBd;=r{Wem>q$s{w=N?lTH)Z+Y%&Dk2)32;H&|MC67AVtPw;&3e?g7tzQw>=Rjg
z?CGDC-dI&jooQr?f7bC1A{JRD^4a89-e_vt5~TjpaKSE8pDYqngE$R6BkD!{q?cB&
z(k0aW9@<SXb00w=Dmi$%5@wl|)IS9~ur{twcP0ng(DNr_MWV3LGHXJYdPv`8Pq9sb
ztKX;{hsf1((+o7SLbEtE`iximv%@hnAW88AiF4WaFkv@EO7g1S_RTeS4p*Vp#Oqcv
zSlgsy8#F)?zDN0WWtE0l?~D>H?dN`gc(zCG!i;22v%hM{2di=ob)+Bc?pnAw3S1Km
z2RkVD9Qu~Ksj#l9!2vZkKVW@rJ9Wo0)rTAHN+Yzw7426U>7C4Wo2U<3ncz^<3Lx`T
zWLAlv9!JRbQt=qZ_UCB#9Ujs1+rOiE@NuddhPXiIo>FEuHEDhT1U)!4kkDz>LLH{I
zBeKIW%40UU2D7j4aP9-A$@ja$kZW|)j*q=O--jaDLvsz_PaY2R_dnX0M$w{>`<t<4
z|Kt#Uf~u#J(zVk^E_X+Ns~UY8Z~*wTkn2LSH*xf4s+~Y@<OgCxq47)=o?aQOf`UQ>
za<ztc2(vp!Z52;p59~R@bgk+dwO7+a#bWX_Y17*lSlt26ngNxw)JS*afCJ|Y!S*w5
zK%)7BgivUjTsJi>>fQVBN32AhfisB&P@}e($hS%~eM=U2k@Ku05@>-n;>+ZsewAlD
z30Qv8rzC@sY{;L6O!j$07|Gr9u3&ELDbQ!WiDxSsOJQ_X+BXSaR#s|v#2V@DD7>XI
zYK8=2h@pX=V|Uc+9a7#F%Z1<KnVDpl4pqpI6`(raI2kAP*j1uX<Q=dQ{oEIc@Cvus
zZ*eSKl0Px)5^!kp*h#;uyK+OiyD(fF<$U$hh7s5xo0X@SJV?0e4}zB+&owVv6rHM;
zhjE2xqO1lJ?DR>f0J`I~SCXmmE)RY#ElD(i)yh*uca&u?a#NU}@95B_(KzlWIzsQj
z+{xMQs9@@SWVV!l%d(oJQcpp4a_z@Rl7+nEMQNfBlS$KJucJ5+;&tbo%T*qS=?u(B
zB~^65YGp!l!!derGdBkfQl*Y8)+x?tX%zb8E|z~<GxngFZ<-Hy^~4p*$Zi|jTy*Bp
zuhBSDFzJ{Nnn&5VtY<<xUOio0Y@VI`bb4av@6xXA3!-_S^-lQv43O8We$FUnfLJj>
z2@monU}|(_#MU$V^Wo2u2fn-|jlQ-$?x??7Yxco@b$rAetUXLI0Qo^j)*~vc>13_n
z;SU|z9A&2`L|yqBxu&1>UH8{nQ#{%1=BkKZ=ywM@{3E|(pur!C->u6R0NIHPcazTn
z{mjcu#_Vf2QFTBfGLDz^qr^R+DUA%jj_pk?Afl@hhn&1j_LLbdvoMp{-)|N#vWZcA
zY+m^Kxs$x4<ZHVGeNZZPSv275&-G*_6+_J4k4SI$BfhXxh#9tP-*QY8?WUvNv__N}
zB*dq2AAmZkz`Vu2D`Rot50#VJ!d7(o+tv*hv!Fd`jTw#;gzxhgVud(OnziHw7sQs{
ziLb(+SVVe5J|Tj#Paz68U_;fpTZ=QXs}@o5UDjyFlPM=~h<3j`VxHpChL`Kw4h2sP
z*uN?7*h%g7SW5h?V&y!SYBpeR%4F2H<FPR~EI6{Hm9Gb-tD9FS_4pJ~zR_4<G}1PF
z5hUk--_whRO(v8(huJ$Ci76JE&(;PpocE{jVQAH8HCJ{tC_{5cPw52Tc5<Va6<6=q
z2qy3Ek8kWpMdteV&Nl95wXa{zwp}V3<F_hG*|syg<Im+ElF?4h<{V?&vc6_dDqTzB
zjP4J?RA?zJwTL6ujQL$`kL({>fg061FZavX{r!BzEYS1YiF%ZZEr0*sTb9c>>o`@n
zn`1(DLXup+Hz=%DVGe*Nqd=f$GOVb%*ndaIRf@gt@aGpY;H|TUj4oDZ1={3re>&F&
zi<ILTS7_>W?9#W?^b0jFtt-SZ7hU(U)po}7RiVNEyf+`<W5Umic|8#P;@P+kFo0S`
z=}D+4@b`&LQ&lQ$dM$DP93lI7W-ueibh&ihrP{T6H@i9yU^r-GGFe;g66buh?NJ(y
znL?q!*#vG;gDiJ@jt{bFH-0INPr*PH1p}F3L%!7eD_!B$I4uh()3CkZyqFx#PS1Ys
zVnP62svH+6U*k=G7sXci`eI{1oQ3PP5C^ZjkUqsEzA2oV3Go`XZGF*MNsI9@N9%Ln
zT*WRc)?kdLz$N+|)@2^$B*(N`tTl``DTVHnS@Y_(c}JvLK`e>-F(qlciSJ!qWiQu%
zpEH@`SvSl_s$wowr6L8DR0t%`Ty);+J$cJ6++J-#EyN`cT0{pWKbQ(iM32Wd2M7#x
z@1q9`==d!6;#W3SYRPSveGe9Nv@y=Sui=*IRW-80Wkp<kd0Jsr8%7y&s?EF)*ZRIU
z%6Ls4B<qRmHz$A)Z;gJ4A*zzmSt*G}8u-`fdXQKuricwGevt|8s1TTP?&O%>UPT(*
z&N2+5{A32{<*anw4<vm&X8lx|(f4S+TtFlC<Ll*-QrWlS`_>ivMU38lIt_}UB93q3
z(>A(cH~Wd9nV>Fd$#k~+%AC`CV6vzH+^X8m=f9r)=dl1ZH@L#a@Ad-=?D%8B1y|-i
znR&~Ki_w|;HDq>TAW^lR;L`=C#V%=`2F&!QH-J_=vU8y4o%6`mF3nmVEmvO!-=NpN
zNDJymuZj*l0k)p~?d3Prcfw`q!a*UzoOXAL@HuBe`_q(Ip=cX5HqG2D=mR)78V;mF
zyQ2Gup*uC0MVfpq1gmSC3^Gx~Mo%Gz&7yvFqE3BhZOp()8qI>6@g0CXp_!hYmT`$L
zKKKkAMGjK>vM=5t=l@_Zw!=Sdgqh!tOYv$P=Hb~m&QDS@2XXuH!TW<K*RCYN0vx3A
zM$cg2TC!tL9~TR~2%Btg$e7Zer|VU09xOX=3z-+FQKTU@wey8(8fW$z$7d%~Kc9ZS
zO1URiw}Bn;)*Sqc#}Ni<02upoo^KB<Jf~#g?OzK$ZBB7`tevlA!M8H2ZXDmlxa7q?
zb%Gc_VLXd+dVBgmp@qK)07-{)BiZ{ak{O?P5nskB6v9^t3x4Ui&nz4NkVw6W({XFP
z1L%TSHqcQ?&vmC{LndNy*e9Lm&&#|uz#W_&-6KnHvl<#2DgbVNXzg%yXVC?k2Xd~v
zs}}X1N81n{*R5Ab_URPhJT~h?>TFc^&E-t3`A8b@1B&3z?6?2W%p{hYx-dPosGe<j
z6i=S^=4?;xB`n*|fzT#zc=DiC>jsC*3yaC*y9rLW=XII@BFzA_$K_v4WpjXh=R4w!
zGOdn)b@J*+Y23!DuS?0pGj$@`wbh<`doH$mx>+AiAwbH6{*H80Y<wWwARw(IyVv|y
zKO)Anm!CCyrcGhqjwT)AXWM{D3#?H*(Y53|N(PF}$2Y{gTu5CCf3i(SM?|mzzZ^TL
zf5bLssC8p%BKy_$5HZwosrie4Xv^tcB7Q@@rNx(-jw_>0Gpoq6axyZLjNRz>P0IgV
z<}JSqMqtFGcqNQC8IFDMS9&Y0{>vTVuBC?1qVO**xbOb9(bS|U&;EqdZBfxqr(m~X
zwcBTF0la!QR9s9FlrAi5eCyj5S^pY|tJf}F0RVIuz{lgZUnaX~UAcNyS|w>06ic^&
zYPO{UP?A;_?6LnK%dX$Se&QJin2Ze{66Zo#on)Qd5vH-WZZ(+@%!)0VJ@ztcYgd1)
zQo*#%6UlBWe$JWvuvb>S0kikqBSWM0N{M5iC2tb!Q~7b;cO{91a38P8B~#Nn4e~CR
zjo{_JR3`pHMyIV6W6}t9iTUx0i?eUpk+DbBN<BXzWTgl+#gmQQYr*v!;@L*})o6N(
z*sCJ;5A<IQX!uEke~2`#*D`nOBd@Zk7>V!Q)%`V%MuJkwu=60?=o5ijB3C8*j4jin
z$+z|wn_hEE8~kWenhlrrPq5Rjb1kpk*a$QhMbZ0RbgoMWJW6iXD?OCwn_BE4?;b7Z
zm?t$BII$u`Hn1Pf54h@<ZL7b(rS5c8$$nMv8^Y-DV)$q=rscBK%2HB}>Av`dj&3zE
z#&&wbDR=tkIWM}9ihm#&r%-r7++o|}ANXsGPy>K;r(M5YdT;}$$h>Jy-Rmbog43xl
zF*(Xp3hbnR@I`J_%Yah5l%WcXF~hlzIN&>HdNpun)AVmIfXStvA6Ie_pY2^o>OGL-
zcHIo6MPB3f>f+laYiBn-c2_4#o_%uHE_)RYY;)vvfZhOjFh}>Ax{8V}^<Gs8iZW^+
zmkqS$zvfL&03|i_I$NvoH7d%OV=VTx#pFk=kWBhcN23JbvIdoagZhVGP~FJR*hT4p
zYvE0uSAcvm6EIE&B{mcEjt~tmP$u;g9h&7m6n3gE!?9DLL|`vW<Ycw-OtWn+ZVe<S
zxXJz4=bPP%E9F_PZnc#O7DCtP^;gH~IcU3;ntX-_&cexc^_>)}h`@%0rMjC?+Rl@!
z6`8YcFLy*$Hg&~>SWwBq9YezNV>qYoM%L@h%*FIkfY=2^05xFlgbz^Lo$Nw)QA5&&
z(*B>fc+g{+B@2~G#uMAJEaZRHu6O_SO!?Hqp%O<?FzBLu+g?+ikbvBtJAdQ8$jJGZ
z&rd^D#5WUhP_FIyS7;aO@=c)Chf|rdt^R0MX%T(1+NK4J0<EIjIZ@;0yZ5IZR;!cH
zMM$D}p?#+Y&_Y~P7kNC6?a#>`xKp}bog671sx<bG&;@8He_dnsF`1(HjsKbjr2L;S
z53NHU<5YRpt0Ey(1HX0j&cK~r_J|)H=qaBg+lp%kd*Oz)Z2ja!jsERNZ!d78arM;(
z&7S6ic4I|OpdMKsbc8bkLix08-MgUFAUAT`pKbt?<TM!r?7n*}h8B9(1hY{#W8XKV
ziJB(eH!s3Dd|*t|=zF^_0lc1Slt5~l5tn9beF7b+GxHzw;{?WWBo^g7pde0<1yH`@
zJ4nx5z497RHr;JLT4R!wLEBkZU{)swVkJ#1JB`vQ1g2==&b-5`TcBikW3IW>s9kwi
zb*%`n0yRlv9Sq7TD7|`EjTq#KXm1RijUv~{-m|ynDnhYl+Q=_-Fs~H;O^EhFZ#}7n
z*j9Hkvv<}m3cD&$!m@|xxwTzkP3AnZ$rW@W9_^MdK0$F;n;q7n!)&C`*zyfo6jnuI
z#24xQz$mpqud=UTe&<U9X1?7U@*6r;+6BK?SuABw*HWKvjBB}Hs%UYfr@)KXsk&p&
z#GzutX<}GEULX&BhgT(fkJ~M-Ao?|^Z})Is-J{5K-CkmzJ_hdcpl_*JsUyeO?&q_$
ze`h@FyC=azMtk7Q59vX`yaZ1On(vtK)+cbn+`r!l9=PuMs^uOqKK0uZdVa{l<FrbH
zRNPuiR|$5N$<xd?u5h8k?$3K8GxA9eFh={8Q*9^50*wVkOU><wT4qp=7xjjStS!v{
zm^SB&EzLhJiv}({6^6q0-ob}N4=;l-_ydi|J0d1r`Q^JxdjAkDpUaGNa6m}622oDs
z!k^h4eg2j%OV-16$Z!6X1r#_(uW@r$O%veiP1P-bSJ)d*I2_=Bi^HGmT@_8CDGZ=v
zud!<*z30<A0A7uBVKq4qDvA`qRdWlp<%4Zkk61c-F7@2n-&$k@4J@NejA*%1R+L3;
z8xsZX3_ts#LSF8k+2_?c4Hf#9`G(w)HCOVz!;+AUq2g$DXHbaIF0FWsCG-Mj4e*@m
z2p^3CjmG=cEGGUmB4KyqObIK2v!}ef<mvaS=}wE-FE|%Him9F9q7+<>BQwWnY>x`4
zgT4)N8S4q!0Sr#neF$+fz1yhS@XcW_fod-&D8Awz(@Ir`c6p}*++5sR%5$=;*&^Y{
zR)0RLH(Swe)8QAh=D7PYietXL`}5gE9f3gj*uet=8rcxKNGpnhs6ycgCeDh2`vnjs
zPC-=WHFYsp!yI_?WB9}YDSGs1lA<zPvD=A|N1ZIYb%ReBZP)};KW#Z&BB1MC@X%e8
z(!D*?Sm={_c6ZBRqnXjsoTyrsebBiWK7}01kjh7XjZn?h;sV9z-Qp;3wTIb1krfak
zL6m`dU+4VPp3cr{x9}^Sr(Q!(G&X#`Z1l#i&GzT=&iyP*7*HJ=<gUxCuW-$4N?)v2
z5t#4XZtv#8Y`0<DlBjGproGuaHf2K>va&BKjV8=!8Ex(uj#OEsjKn<24jA`B8ra_v
zJ%g^5HZvU9Phuv#0V_?Tn#eEb{h7r+d;j$i(|mc<Oyk7KF|5D3I<8_18*Z<Ch&))k
zhuqD~`!LS=GG#;f<n_3Co!g22vCT?(){3a9Z(nw@E6>#8sq@s>8ti9FTbz8xfKJp_
zqdtLKe=z@<Hdxo0Hj&J|bq9@e)p@d-9*d3h0~#T#r@AM-)IE;<)4M@|j|K|W83C%P
z6tuV9z5-Y*PsYw-x@;fkbdb-5vi9sY0gY0Xjkh>y_mx$|nHlNaq)2Joj;0b5NAE22
z3tON=Xvfg+!$T=51egA)@_0!8E4Dqe&0}qi-%{>u;20LOxPO7F@6>Pg?W)};--q)a
zJ<`9eeePvkBqU+`t)0~RW(tk=T5qH<1T6%h1KU|@AeZPU3(C#S1++5i9bFweDpMwy
z%2c6w&^W`ltjzxE*-gW*0f(d81IPa^6M@f<YPQdAE%s%-tK1GCSN~ox_g<}5>fC&)
z{fG9q9X!0<@eNu~M%#f9l`sWOnsi_Dr$`0myvxf^X@FdJqyB2s#HIi%t-8pXB&Qn+
zhE$)758rH&{C)%5o1OJY&kI>q*sg61OFH^N4-&xI6jt=WH6PdhoDH-s-2ivCcd%Hm
zCcOMAZC<N|V4RIkFeksd<4Pyp7V$0!=wDhL<!iCMBv8%NxS>jf1!9~bO3#uQ0oa7*
zD2ot54g1h)7+Lo5Gr(<a&4DI5)@_bq?)-Ycg>AMRd>DUm!~H|l>Z75}(rCRDdNY1z
z`M{>~&Z5Ls6b0QXJJWgW?#WQJuHhj?;7aOk)Fzi)gQEEP6pvMxT%Gbf6R+=|*U&#g
z#q8<Wv!lU@YoFk;ug4|ow%wNNGG767qpd$xnuJhe<P-BODO5&TE@fkS;&3h)r^T4i
zu|=yDA=eQ-sR;kfxlQ3zOM|%}N}SYHFX4R4J`ugAx#!6+D7zOCn<@6DiG1_V<mdRx
zFBy=87p=eJ?`V#}8Yc&-Vtm^au9G)%n`eNY0BRb~cOA%z6TRt@rkC=I!hhB{9NB)u
zNlfNVNs?fmdm~&cvg+voO)pVrcC{_s&e3_<^*|<Yy&_pG#8Y0c)Uoz!Zg{QvN5#+^
zws((mKnY)Ama#~@nUg}^<$B<8Yq66}Gt43{Tsg19PvwNGA<6R+$*GLeJVmJjckwcZ
zI~gNY42&@~XKRyV_tOg|9U4|Q#$FzLC9K|C+I)NviGtozED3rryXeF9q;Dc=EGxCY
z;ClA4*fC#P&uU#RkBZX4E~c%Jj!(1D)@AR2Y2|jRBij5Sg6kz0FQYxWKaA9Lagl*N
zitERC;Uh&%<+7^!_7Phvk=?PthmZ3qFo|rFH&i?yVPt*Twfk1WD^yx;bA?<+UJCIO
z(ev2?$4-;q^!?y8ePo=6E_II+*3BvmqS)1YeOF(c*dM)GlGIL>45;QfQwLHpv}59U
z1;*<HnXiiNvQUSyHAcg)Fa=bTA1Mdl6R`WvHqTGnRkQqBs>hR?>6paSI7hX^Q@30?
z=D1#Z74?O?4Wc}>R-HN|Z^D<9ncW^SCD1yHfC~lAI~|{?^V-@PKC)c3lIiSySPmRd
zTelXcTH*)19)vE|*aFPGHCSN6kpFL#V`zd70o(I}$OBi9{#ONj9mN)nqHa4aulF_$
zfhU2ZdPR3zbbbp5keqVpR@l3Fa_R0Q6lj;q?C+u)`&&7tGgD6ByUV#U=P@^dYL3T<
zjAociMRd<MBhzJPmqj<5r1*Ph<)mtQdki<D|B@K!CR})_P!;cy^>-};@&8hDaUDqb
zr49a7tOEQ%5eyLtkD9+mUE7X%iYs?={X(_8>U*>f{6vqKE-ai|2zxxC6B6b}s!6Nb
zr*YOc_l7PIYJ@}wsb@3EEBU|7roLcE|JtSC*#Xh!_<6hK8MdgWg$e~4Ptu!dA$@$S
z>V2AY;x>8rl+G5eN}K9@1;)?veq%H~e6(9SC5G>VT-NkaySaMRwx(?BS#uBMk&%W|
zlXZ0TrILOmy*V~lS@V*oK;tF&?5v0FdLuliVYD+V7~uTt>kjD2gH?#Sq?RL{Ed6G%
z02D6j<|tfw#@1-~%a=@(KIXYFS6?+z%^&q1ts8xz;^2Q>l5q4h_+8iVTg2su_pu|7
zk2w1quAs!h6>+3zau|OVC`eRN`9J*2#~M`TkQYHhJdr@|ZaeS{SEC8+97RXXPzhGy
z8|e19E@q~ch|8fD|3A*&Iw;QW*%l5kxJw|o6Wm>bTY%s}g9LXE4#C|mxC9Ns-Q6L$
zyE_aH!R|xyzNgNq`@83>`u>`#k!QB{?%loCYShO_lYM<J;I<%l1NH1RHZ}463sCu7
z=iP5G)Ht~dw8eOKmA4?b7_Eve@%HaH`QCvCR|mgohDd-0@!y<&7s|gF&(Ns%f8Tu(
zKyM8)+<lm%5%2{hE(-uv&O!pB?mt}buf(SeDH5-I;9e*$q&TdD@_t{{;#Xg#y#o~e
z^1fzx-M)k%c7LVksh@3}-v;+1y40ACE5WSZGikIwI4AR&)B?D88j4cYyYq^PrkmAV
zFFzOz9Gtf-EG*~yThitfH9e%`g1mo89RD`dh4!z0R>sVCf`8iX53Ih{AZygeNw$1b
zLlD#RlE#ZxC^|VnjQY%Iq>>2-QC8Uckj4)QC-(Jg#uK2l-=*(Nbr-RgCod(Bn4Fl1
z{bg6;ADP#G*a|+j|0vvcP3J`Y9SoP3jAuqdWSY{SNwPmN{sjUQZpi?03)4?_JUsxZ
z4FR)j`{&CNSx%{(<`h5MQk?`^0I;&%zX;8Ly5aNBsXmkb{qNcU^gRKN(k_cgh1DN5
ziqIQMPmxzXXc)lQis1N_y1ekREO=@EGYzEnZz!g`#ov+OFAc=<g+OH`>2LFgRD$jm
z=HLd%HooxC0$%5OQNPGG1{4bs{{wvgpNbi9KmRfX%1;Q8|L$<_7h14j6ndx?<_ik`
z|5xLlO-^aozH>L;c0o!9llg!UGlXoJPLy&bkZG%{$0nk%oeKg)v~nTyQ1XPrnwpxR
zXZ7I4NFYJ?E2&0|P0sEOTPLwH_BOXMgqd8==`Hi=ccbpf*VvV7;jhTs;g})AzrsV>
zdvQtkZ=hS|#K7xlcmzA#yn&Et{|Nd92zB^szauAU2bG1};;6$&d_~s-0iXTH7ZOkO
zX#93r@O#~*29AHfLc)L^ec`TI8-spm?2Cih%(_u;m<&9D1d0@RD3T+aI#w~do^R6h
zn4R#yzxmHkpClvU`kK6!U}i&#`0J(JFU|i(LbB@|=TA@6L4^l=))U0-90fGdQv55t
zPAysgHX9_QEO-#k*~jSr-R_sao4|o+fEWgqUG}7F8T{MB2@D9HwgMx3+zRWNwH{yy
zxEVF5fJXKU!7+ExK`kR;_n5zo5r?C8^#3w0zz?e7`jPdhT#Od9`hD5{wwxJ~3a<Zd
znSwM-lDQ-7|26DP+l<U8xccmsNdL~(Ka=)9UiJgNF1<4LRdXZ#b^Oo3FhiO}eN9`P
zY|RUwhQw_Cww6#KK_Sxxj2kWr1kjRttxiY{pI4ZvSYvNs>0nTC^#ASkf0*9?kM^s;
zp#+-TGHC@w(~efU=sGpM)!j>TdbQ`<8S|&rg=oM8BOqNHYl6Pb<u38|l1`%NW2gNu
zL)MM}+Iq@dLaok0VC?*Nu7Rc_0TW`vTrr_d089v8^MpsV9Te~v(G9>7Qrl_urf=~D
zy7UIt3;RFx;=fiv8tR|PW&%`fmJI$bI-j3mz-U!jqh7g7fXXZ{qc~h#56HVK{<NQ)
z2UtY*=Md52jiVr@Z3$Ks4MQOZuK(>Xl>GnBNa)&z?7uT7lrJRo>oi$JoeyDv3Qxl?
zi7*ILtq16x2Kvj4^fVoKcz*sIXFrMyyNiGSZ_EDEW=q5U+W`|I=q2ZWI}rHN0nIl0
zs~~tCS#Tx01a~?x!f6D+vw7}b^^+}|0M91J4WehwYQX=uP5)yV{qrV`h>-OwwhlUR
zTf3Ll{%6=ol!1+QBTM>|Fu?F-8y|6})ziLgh0vF+K)0g0dx(jd8t?v#n|pO`m*~IN
z`2Y1kYr}uH0?!5YTI)YwGvokmJ!DM(HYyVA=n#&Mcv6KcIv-Zr`T33U&q6ZnaUb*?
zB!B}XWDs=@E?Kb{J`VqEhrij>KThE&HyszLa^)sHepvzw2Ez=w0+6znO3cOt6J9^<
z5dW_R{4sfdyNwGA(eV8C28u1xkRJZ8EqwVv{bebXFl1^Bv2=uSxERe;4B4A}28oE!
zc726_QeN_VO_$j5aCf1UmdUn&0}Ssxj(q6|3mkKWbVs_K?eOj9N8JB3YyYel0>3{?
zBgp`~`(NMlseV}+W{S=drEzlXtQ~aZQSyllVPwo6w{X;2wfunJiN|TZWLldfEG!H@
zX*v~-B;Zj9oAm~YERt2Z@{k?_TTE?1e~6=i_@(#dK<{ma?PUIY@3|o%Y;0^yZ$87q
zA<;vuth7ecsWIN(tlpIy+;d6>cUiIiYnXsvt=WRMV3;wR3B2gkUrCU3k*z6`FtP8i
zsP{YXno}I5RPl8U9)$Z|JvF1oBhka3!P}t`5<&s`r9M_#b=>4wOD3;@Lq$!TCm@O4
zCB^_VA|vC2T~|X~xR8X9-po&3Qh6e^H@uE;6jW4HbO0kiAqx;$h-T3Ga=V+^rVkVo
z9@yCxyC-i4G2I&sa^wsCnNkyi3GXAjus@wLqylMcf66x9##;*n#S}}Tb}pxKvBurf
z(~+-T!T|ym*lwOP`276m=H=f6?wRJA2OidG<&07O%RB;4iS9xBb6^dA=1Oepf}2D4
ziT+56wxmKTN1*Kn_v@6`rf-2wN0mq0UML0uV(nlXM!&C%<Q?m~P57c%Q*gAtLcT1n
zDpEVZHPl;}I%T&buw?{R@`-i}j2^Pi&yJz_Uj7>{C=zD(Yi&|-pnjPWg&d&ewSG0b
zDio_$i?tmU5)ufo06Usp9Y|?uX~m7GmA^|wWJyM4<fMB)e|iM~jAiZStB3bY8vp~I
z=$v%;f$7DBl8kWY&IWIO0ajEyI@}f$5nQWyn4ctspv&)DmZgY#=sKnhzqv*9NHodn
z{gYH;gf)0k`xt#S5>7JhTdT)S#VnF7x{o3%4p)1m<GKi2borN=59m0*gdtmT;x4H7
zVDHfI?PukQ{3KC{;M&eI7i^jl^US9)$5A&7^!LAYfValUH!Z&);!tZKEP0-XaCSx#
zesF53Y_{t#k<S#?HUx>S)?2staz~MOm1gLyspY3>pm&a@``q80q{xlZ!zcE(nPhja
z;VZC<FO%}a;d~h&XLg*krB?k>-G8|^Zcy)Whv6R-6c#tKJDSO+#Z67E9#5xGPQvg0
z8>{oI?qF%YDq0)2D#1?V2YR7G1sN!j8Xg+`xlf*`3sCM^8{VI^-5%UlnKdedgn$sw
z(r!4<X#}JpgDVWn8XJg);0&D}=u}IQ?k-+4Ly)nYk@^P)ZfNS{O5;fa>qBTpltf@x
z@WmfsI_y*I2_?NP-AMX@u=nZwV4ALowktVKl0<%GDZ0$%T@1}TT8Piqy>M;b<$@;`
z5d6{}kafT2O_oVrr7P8GKhJvU@!4M3^<9O$Ew_ANm1?%htchN-W{ehOZqsN#(Qbr7
z#f(++*RL%{hM(qB^_y@?u<3)XxY55;qg&sPE8v_mZ75{etOKedDF87eYDF@%hlg0N
zu$`wzF3Y*{U-p}6<T7M{X{MiVFy!q4F;Tftvhj0=piAL{lw`nUG(bf-XhPoVprwXS
z%JeGQ+Vtk|_-UVG)c_27wp!V!*rUVFu(0o(AdNL00~@a<Bb7_u_Ojgf#(fJQlgj>s
z-{Ip>H`R743kt6HL+i%^f_UmZ=qRwC+u$G+uI?H=)q1K;3-Z$w1o+K>uyTP%>Pd@(
z<Nf}MJ|D;4&L-kCZ!1g>ttwklOuw{At(CulMG~L?o^p;GL*dOetVpR}*lt(yajL9g
zHC2vMYNSGixR#>hcJ4TgoEB5_Bw?sp5$VRwuV+NYqh*?h*IKoH?@RdLo;%k)*Y!Qp
z!1&K*S3PJ@=;0GHAMP;7l<P@|eXs6saeUrJ5qJD*Gsaab!M9#Ep}xhYfw?g_?c9ig
za=f6xp&3dYy0{#`q^Kqg5S4lMyWI<~($H>IbYL+a8EA2xVXt>R$Zgn?#k4VdD25M6
z<aN4`rMArAnO5Qi!1Y%{Wzpo4A6!ByN)*W@+iNWJ2R?786`~R4yJ6Cj&v)JmO=Eg^
zp%BcWUYs>?Q%THov#KS3-(`}lvq8a;ISW9%@4~lfh9@m-Seio@wz;n@G1YN^;P)t$
zALL*(7`2_uAIX-PEzKDONLpQ$Mlwel0<%UCK0hO$=j=9pq%7Scz1pl-TN&6{hx`0e
zkKXufq1j%ZwtZieM@bD&+X=ptw|=!4x0Wz}>TSMF%wiu;@-f%gl0luBc;=^0LJC>h
zEF@&WAhxdrF*{ZR<53G7EH;frP?_f)t>I`4;YQAe-nQ7#H&_lv)Rm`|`VZ$=*Nk%}
z+0)@kmNs|O^*RE0FipD)qx=Q~3zXSALxa2#M6viLmVtap)`ygNX4+NqDI!lB(%n@Y
ztEE0o>o*hCavZ;E!&ggBn_&U<TlC74r3xsoM-C$k1+xX7(k0RtCzv#XuUwIHydT5_
ziy~;fpn+Z<xR!wTv$?r>4Pe*>oNxQ--JE;^Z$_;a6xM$aQQ7f#tk#wVLxM+i(L5BO
zf*jSD(t{+U=reyvjoQE0x+8HW;_A;3;G@`}65=;sfopRmBr3?>K@O3YXk)FAZV(L@
zl^`y9MXpl>OWK3b+0`eXHFUZCcRfdEcVz>mk#6yy-@JR0BHhk4!697sa=V_^u`=r7
zDcgRA!K>C#Y!N%ixjo{sf0M$~;sh1z@x<XjIb;yB_PK;0?~v19v#f<7)Fy+2a6ss-
ze_M|Ul!Ade&AMQ#H8g?l_lL+Sk1Gah<uY{hlSb5Ml)EL%D&R+7%?Wh^2pAiD;5f9r
zGK@LP>_n>Me}C28w-5Fv8zwF!NMZhEK#&M3sU~w7xW+i`>uTJOTU#kfWgW~`3j>v9
z7IcnGW}_sG6Gdp@Jp&#f?BD{g*ZreBIyyEs47nuIBo$sjFdV1j9P^08a#v7@@80%C
z>`?Um-1v9q9!MZlc9Habk?U&$0_wWp=WZ!#&7a@0v0A(hM>CM6-J~yOIVoHp&+csk
z`S-U64nW^8JI5EkRPsIzpf^u_J6>qO^t#(Nal*RCg+PXke0p?tyvJi^m2OwO$Xt3=
z`?iCwYV~<)a1^*jokh=wkxZ6rK~Za$GV_1%Ktc>+8hn#36M%J{*mjcYl%@W9yTxPi
zbP??S@R2rG`dzWO@2q_4+OKWC0kv3|qMl;xE<clL615C%TY*a$qA6t*xO`#dK-yyt
zFF!gJf1sLFm|GOVJEX~cIhN`UqFoWdxB4}0@rufY<>gFnR=%!t+-Ln9cepe^m0V2?
z=ovAO>e*BwnaP23QjfNekpaY`-`+Rs+f|d6*p^d6$chi?jcdop(4?e;1M^j;k-oAT
z(Tf!Zd`I2llr<M;XFd`U_@dJ64a#%Gy8eojlH4hZ>Okf4G=8(YYR|>m<1Bzkv38g$
zA8ptFa|`emUL2f2<DW4@3UiS}CV=lh8u_Jvd?_xet_)_}p+LUf?;bvd+lfSAXk7Zf
zoprlod0CXfx8wP8AG6-^iJpRFekhp`aJQRAxeXr*fU9m~i)7KKwd%U+NbA*=N9m~F
zgIty{)4WdDay{b99h1e+?Ga;`(E=tP^v%m@V-xJjG(y;UN>Vu?aym=%gVX~#>Cv^3
zaFzFI2vpEh9Mz;$+;N6|5Z!CT@OV*(qo`0{EAg70k}>FP;W-|{i_?AdaYyIU@9|e8
z`?Zuwz{nWQmK3JJpu0236T5b`Ck$zMyN>T?It8oyoTJcchuD9=1e&s<*ejEaRg<ta
z%o#^+dppHgE+IgDFG7x9GY=21lUhC+73<nYRh4tod0f|D+WU^~&O3z#u|}s!Xl}Zg
z*?tRb*fdl6$=wASRU#%VG&Jz;;@Ri%{yNlllS*!VT1^Lv%b5!usK}gL4vQ+E>=2pJ
zMzGw<qa7P|I(J67H&+zbFLL{QbLufyWx}=6#y|Gc)nRX}mArnfg+k7JRW<_z*!K6O
zyiEm0PQEeA5LFHV8id}`;70Ff9|?=npr9b`pYvJz<k4c2c`}LZfRg-iII~)k>OaPJ
zH2h}#&q@bw;S+_@$F~d`Kd`n2zSopaz{ust6v^3(Nws0(CQrTkZQ4e`%K8{Wheuke
zo~3{*XnL7_zU<<41I=B(m9@8Sv8m&8)L<`UX-NO`w_8n*&SENwQH3y{NqNBoV`)Ry
zV>C+rmv|_Q&lq}l{;y35d%Pf<vO*-(<d3T`)mymZEegMhuI`ce;#@Ji|2m2$H$mY?
zy6yKO{E$!O9-*sr!lJiEG7gBBKJq(Au$I^>eUt!phekt`o2S9c#qP2fy3dFO6o^6$
zT`g7Vct$p5nny{Sd}zMh$RyO4q!S2e@V*iJ65n9?v8MpGBMg+vZdMsxW-(hAn@|Nv
zUVzVs%D#<={_ubPEi+H>U6#Xq>MKwSPK1=*ME^)C;Q^3QTwAn><NP+|`aY2!Ue{wB
z77_|-dK~5%kT}o>>uvW?)Y#+FR#f$A!0VKjo+$h@G}BfYW<c|dzeTebxOpoHet&B3
z6#$i`m;H)#^Ao#(Bi}~iT=%cTb@%|tP%<B8Sc;sZ-4BE~`I<-k{H$_Lz;(#_^=9;0
z5Iu06agS1JYB#enBV2B6xsM~d;yAj7$0}0SV6R#4vmt?$9x+#|*bXyIDQ^kpZT28d
zTWJ1}p0@J@m|Rz^OTTNsUbwq~hpmtrx^ADy*|)NiBk8Ce(5nX4B&420qm$wpi7l|%
z2aiH<g5EHkPq$Vnmy0nVCI`HB`=;H1TBtz3;-I>{i-ps%EyKA4_Wib!gupd!<c_oV
zzi{DoWF%1i{hL^7JNGWP-+Hq_qoUufNoZnSp5BO8x?DarM=_5`CAW5+&TjTanVr{J
zPh#^rdwuE#3TMOb41cWlGh-D%<#v0rcf5D|rXG5@X!8mXSQR#Wp>z@Oct|Px%bL`h
zFKc!)=(ZwZGieq|%O47TeETMk!>e{CbNVa^R5mxqz4zEAFSlkM3@W=>Ii=c=&*Vkc
z^?po{CW_Pp!9hqqKk+p_4s#<Aa6AvZM6@U)@Z7^!PnHD(8?O#R-nS75q8yb_lSpe`
zOM^VZev5?ZjEI9TXC`eO6V6dq&0Jvn)45Q^R)YhblxK&IjLWVmq>`;DkTH*Fyo(z1
zvLp%)L>82_K6F$}_f0C;=N+7zl2zH`i_iO$!|Rv<$rP9)4llrUg<Tf>tv=NXkzfrl
z+4>48QFsx7>!x$!)1VjYOEArz9?XGAu2AqnVDB=mJsu-AiNYD3LdF)|Zj|Waty75)
z!*}#%p#CQmklKOd;^KmXQwV0|vR)Fp_;Qxxo|_<JK4U(X1#x-u$ddt-F_;K`<$V7I
zl;{)$)GR=-(vC0py#Mlz+s?QD`_ska<!N@egZ(TyJF(;A0!OgC)YpxkFi}9cMtla4
z`TUOXTbG2xzG$($ZWUP4uW4t|ZZ3d=dbXPjuj@0>Q1gap5W&D1I?<$Un`ds?N&a@J
z2_IRFF=KMc3sv5RTJguv;P32%n?EB%<Ob7C2re_fB8Z=hh7D4RZJa~xlJc4N7Hj-K
z^T%R>YdFK2yxQZQbK1c>dgm_M=DS+~4QBs1qV%LNvkLnj3+&6y|LC~>kv**e7uvo2
zNclm4<xAN#4J^bRKhk&y#9e#e^6LzKPZ;-Kx?J5dquaqv<%Vt78r}t@=Khzq0pM>g
zw<ZNeUxI|<^9)K@b3)VSq8@i`1`fKXXP(;bM9^+sn?zOUQ@j=(B=pqs{E6dfwxC$x
zQP&5Lo62oZaf2hh3(aO%eAd<w3O`ka%+38uorRK<_4zg=P1hTFytuYEPEI8Upvo85
zg2Zt5Ar;vQf(n92x-*0(YATw(JT{J%>l4VYLqa3u^hRK>>DDu2UD8okDl7s-KmXVD
zEbh-wo^hYAO*1*$np>LJ0gYE?lMfiApExB77Bn}DH0@zgh|tvg*{`PY9;UVlx4rGa
zreJynxM6e;56DoV)YedJ{2B>51J{eSZ!|#*?ac^xethQYp5a@2^?Y^fGxN%}`|U)V
zM^x)M2|t8F4xHLC`!JJ(!h3GI*cLfOGMY0K%7$Rco;!Lj)`zd<sElaHY+4_rREi<*
zqW!nSSOsP4qZWD@yN+dW)(*z~M2brrNs==?JU4Da6IVVh>OFgV`@u$bT>JHjbO$&n
zph+K$o94S-ZB^u`2kCE;l-WSkJKCZiJ>5Hts*2O825hKW;B}hI50Bv6LXPmKIFOd`
zeNEDx@CkyXlz}IkX5$B=eR(LCuGl-&x3%vwmup@S+YBv}fJ1sv<kM*V+;f)ED>58m
zVQc?LTh&eMbk{=;YkH9ALwl^_yJlP>Zi{Np-V~fN5>99~Mf<6Y)P>wm=bDBQA>;yw
zseQlXFkoJOlXY6rA&u^x`xXkrJt{`d_wcG<=7<QOVeroZEquc%I@JLH6#BL%|M}pT
zCg0OE6<!Ic%UuG^TiK{s`hwb@nEB9QDnAhd24RFFwQs!$&>_^Kj)LfdPz!rFZmk%Y
z=qj<j-D{Y(vkv!IHnU8}bGUc;zsd_LVmD9kn?HZ6*vyiO$q_Qfb-&&#{ea<>G7E!5
zK>yHZi;`YK<}z>a6pPGz_`q{^D7~@VLC}#$Z>~bj?h^dfY_-*sd9#3+!Z5|+U7Db2
z29y6OacdziGf*zrbd)4Q7oSUgWvN)V4FUiP;v)oKg<ICQqQj?h*?{Eb<pDVu!tt5d
zo-qCSO3IWkMqhgsocKX%IbtNY_xGD~GD67q`nKraf<OWFK)imUp`XTOmjd_Lt#Lr@
z@h*Xf<JDRxM03Seea<!kOt`i$Os#MMXE%bn?})QmB34!zb?RTyeWdT(-4w1IF@k=G
zJJ!Ra)Fg9JtkT`g9(lM!6w=n_H{W>{Q^U~e%j9SiG#9q?^sfE#;JAN|@;Q$9bM%`Q
zaNBd%mt$VEaDSj+Z<w(5kw6y5h|y3I!U&JK>(xV~$J5V_sNKxmCR1cD={&++hpC6R
zTwnRV>=|BN7>u5o9G@mJjJ64ECy`Tg04G6{C!Ef$m$3EIgR3oO8`l*<OX^f%w#WCA
zrJBhs{lxRutB*Jpu%f4k-lNG8ZQeDCe(G>U`Aj|*H#h54=15v07tY_HN0w(c<XNS5
z3s>c%AYFosbhSu(&z#<pI2sg!>+t8W+wLwl@H(yL*bS<%CT)>LL}E;Yp}j-t)qjxG
zyEb)Hy&YW}M4uE@5X0hY5^Z{-rgOL&h6?a|$QC+#SX1tXon^uxJs2dc_oT$IPV2lk
zZ+w6k7l9-pp%zlH<9cB9GD+3MCzI1mSXAv0NVXJmXN657@_id3FNW(r$aGIyHX>*h
zXn}U;zf|1zDPT3mj#b(L+1&RHHn_Vc^xoFv7@ovRC1B`Yv||FA6n&Q8z`DDghGKcS
z&7$$Cpa>4C7Oh!|Tzx>3vZE;)$K~}khH9U9?|Mrc)UI=SU)QsIL@K5}Yn1v!1Md4x
zB$m394ZOsC0mWTJYdjFqod5|@O<MYb2g1D$+(X6lUFfbK?9GYjrPGlh#uicU+aF<O
z4>OUva+Gfrh$S@r-RG)L27mDYnYE^>s|+}u`8{1A_rfdKph1i>Fy}l25q)*ae4{{?
zMP)@PdH&w)okkhQY`6qC*3&eiz`*_Lw=8IPI2r0<=aD=P2~c?|5T;R)lr_cxLd;)l
z(+hAX0Er=()3)b#DQ=hORQQq+cp=6(ah!1$Kro41A{^`PMI{MN550b0C=y$wZv(O^
zGc!{?nvmr)cN({yNN%1OV+>2g6E_{e{7py^(rhZt;vr`3+Y6;=jYn&qsM7wW-9Q4z
zRnh;6*ISc*3m4Vzyj~*>afCi#wHXGz?ou!<V#u(E`Q?T)$h{YJlK(nPcochDj0`=7
zcZM1YfE#iRG_T(peQO}ycm9-~?cyc>=3MC$c%)dhf#Kqa-yJ!>gx6H$9Pi!@iuyDv
z435T8vedupR=kO$p`dvY3DQGg?V~J#$Mrpo93J$KgiF5;!o$$p20l^!v(~B<{@QEr
zPOXUS_)M<uZo#jQIM%{p?<v`@l-GzbTBsNo5lv!_60u7!4sC=0vFo0l)`s78R?7%L
z`Sw&Q*Y1AB&!S40$+BN%x#e%oo25}$uO50+Z9+yA;>5zUB07n^(-=7sr}wW-bs3{m
zCufw(RuIAZH&J3$79Yz3p%HhA#L>Jg&e)3jA<)w$yr8XhTBVE|VT#|<7*ZLqAS5z|
z{kZ;Q+p*6m_6d>gL*QpsprTmPDw-iZ@OY9EwWgg1gqw=y405(;;RrB@p#niQGWdfS
zE#0R&pI{D2Fd2rX0ejtEXt$++^L9VP_`B(XFX<9;uejui;rQ%8wa?d>AQd<t3F1o;
zkp*jQ%aY)*xKX|F;HMm^UHD1=qQS8Ui?#m2o<Q>{ykAH$qXOenrLiEEO?HI3Tgz8i
zaP)aex%ke1BW9{``BbK#1YHT<&lZ(Q7qmmMv&lV@SEg1dCvgESsS4uIah1UmsPLl9
z=$&SKxPw*m*GzAMqmMW&U`~EoIv={RJ)M!0vma4gm9SS7MRz6$vF)3spUoW-x{$x$
z*l^WA*XFyT3vRa8pfW3+!DzN5Y@4~(MX(vVtxH%_Md*_`{`Dz<T8s$Ed;%l*!SrZ2
zhR=#Y{&>!}O<;lR<gi^>G+Ud;sQK#X%&u|^i_9j0NmoaO#c9yFQOtDnx6vHY1<v&L
z@WrmPa=uSe63$YiD`p^)VzrBm$9B#8Y4hl}&ep+^9Z*mO@<XOwHTvIs!3V|ZXXW3T
zNIx9&ct7zEi(I5QQp=6DT%6pG0d>>kZr)DFe#or^s$K+t-htBrWTN~sGCcxM1*L;t
zPaP8oxM8(sz8fJMC^j0Jxh1;F&j$1joU?UT-(e5oBB<}1`QNt0B6$J&f}Kl44Gs&=
zCiB`KJ9Mw#3Y5{1x&X@7Frn-EQudy$d&mG71P|Sc(0k?yh+@4Q5JnG$XNbrGG;k<N
zjII$;^6k6cFa&&GR3!Fw2(KPA!iYx&2d%2H1($`Rf5k+mJa0X%0_m=^ug>Vzni#M}
zo?b^BPnLI&mD_i9Ne>64ad^IJH&Jdv%Z-BzQ;klCdMkq7#l@_*LCC}qlxJYHh5^%j
z-pkxdNfCV>E(((5FqBDYtHO9H!o0`3-BY~J-(<fRGu##*+D)CBWHdKqZ-OI5;=AY~
z+vkr5-QO3FYHj#X+VCqlLe)N6zmK<hP$UP_B{;S#F5?J1UyU7>Z^}=0DP}-lY&41*
z2%}8WIp3`r&E22A1H$P<6ah6S%SxuW<dAcTy0vSXVb_E;J9Hc%yO4tx`&)#g<ht20
z|CTK-mD{Dw?OphidurHDYu#3;)G_TGp4qL<UYBpBB>ds-uhwzMvedUfQ)$px^&Ne(
zg*|-#OG5@st6ura3u+dUi}>-zn{~Y5YSs#k7}sXPqakoR>wVK8)fpB#E;clNE7vFG
zk0yy?++^he>Gd#1y42r4U_Zf1c`aTqqGU_|qChAAN!Zrw)DoDIznIl)X7BxY2WvTB
zInRw4lnw$?-F(u{$jd*!27S+17o>6#Fp0#E)<-3ehDI+JTd9n<W|CqBEG(e(0S1az
zA->t8IGELyXZP{vOme?Epv0B}2qJ#DB^81Ej=!$}3OUZY_tPEh)02B7X#_t&Vd{%Y
zbE_}+!jf;a4gd=C1Upi>nCZQ*6Iv(hA$jO^n%X!Qt4>w|Pz8w&PELLk+jdYm%gJNk
zqi@04;NoXcA|t9{Da*kJZtc-5s*tJk{DjO9IfTk^zb80l%rv4+nu5MUfy4f7Ej0IM
zbgZs8jctT`JOr;gd*UP3i7i!-e1C*n$vc;ZZS=bj{>y=g>*LX|(%(3uwG&3W<hn5j
zEC%0~V8@IuPJdN`j*}u>DQuyWXEbt1fz#?e>EDLCb-G}Ys}_LQnYq-(XqGCJ4AwPV
z^5k}6z_8yQMp0FaOL9Na7Fj_=XJIxx`G^^tn$PwT1Qew~_6tJdFdfegSOAn!;36ag
z9;NX`Cm!$j`-t_Py|hi;PWt&@r!U1v%4#;%Q=en#56-0vTfG68UsY5K#EWkPjKjzB
zrQoZRMGC~1Uowytp9AG4%gdSHu(`z>S4|KdFTMv?LJK0Jp&;b?uO+0J=JFKFt!78l
zMV+TnWz`OuracePJG6eLR6vYoB?>mIxhT`1QjLMhFcxTKj&2Gz#SYjU?O7&#P`oIh
zmxsQB)6ofd%+?rXLfWbXUzo)Be-V$afTUHy+Tx%so^7SzT5j+_pOH(2Gdko#7puW6
zJfqF}Ovyij`w9`p6Q;p_*9QQw=bNv!cQ)95+5Na)AgGe>@jX9~*%e6LA&%%J!s)!^
zTF$fc;r4^G5}~BGw>HSg4XfAPHXW&J%LIf-?}d^x-g$)^(oUs(IYHX$PnP+%LV+2!
zm7{QvldQ&0)i7|r!(OjAZw|;1uGT}lcBuO$HOar5a^r-l+#RNwAnxt!NH0zz<-)k%
ze=>3Zus~iFd6@rUteUC1>k60Z#FPHo`R;Z-2jwcWxzN>L)-3iT*Fjf`O>a>ghnEGM
zPHm*F)^GVv0PuS(4R#BKwar*}zmJ%Fd)95+Jk~2=ES<N=bC0t`F~{V$@q<cTLwV)n
zgO!!;Wb&?$-DX>Nm+0WY?Fq40R<c9*MI20UzKc}IQo>NuIv|FGc~M~ZuBBXHhsh*U
za2w`Ej=}|*LlivGrPDipKeR^L)jqB2`rPb(lQHHme9F?JfcW{>Zkt7QE3?yJUFElR
z%@R$gTP)Q2fmNPZzZKObMIaeZ@icI*A{4bIeu~PDLeX&48E~QggtsLjf@iitc8<s6
za2(dX>%HP~VKwz*Wdcnc4<8WfrSG>1l;U#_#bJVgf<+cSK57sj86RgU)E7YV80)5q
zkb`0@gg0BNXQ4__ufllx638h&T?CKdMuoQw7BJuF9#}g$$uEu>n>jNXIz@FFo4GO3
z>Wk`*G9+bibv8KZ5U1$e?Y=3n-yX#G!YTcJy$&R=DEM%=H}0yS1v9)YiM`pa3HJYn
zb)>;$NJ{q)a|RFdzweEPE^JWmBKkg<!|CLvJFaDQe2%2VaC-Lg3@^q^fs>5HW0-Na
zUUR-H&lY8OrRb26=<QzW@pCK;Ax3qLXHdpovRxsO+`3-x3JmqTWM%qf)ua0<iQG%D
z=<&#f<f?{A_jS&ZuFEUNlP2m1IX8A6Ums`%D3>=!8BJQ<MbBt7{dMXSzrUpx;BO6=
zc)+eUdCI4&-rD%DFn{xo4>`G8vU~haL-auzrEZ1S9kVU-yX^?+Tdy{pjv7#aBZZU>
zV(iR{;ayHbs8CDYVTj&Qy1F`>5h1^4?orEa0uaz6=IlJR5JFamCu2b8@RK${y)*iB
zV6k1BU@Irab6M$)zR{r8p`0%Ho3cYDaC3a4tE39uMZPkdv$(Uq^x~m~fFr)7r&XZq
z%E;jta3m5%@z=M4$x3ypgJOxh-+kpP<cVN+d)@BNw5kiOXw^%F8T&~u0z<^%n<f=1
zKXV%Lwmfo2*r1^21J=e^tQaWv(msnHq60z%<$YK)9z4F+lIg^|JPkgtqMr-nq)D~M
z3n7I@GD)4Wlwnf?N6us~cmuId*q@9rBP?^qf#k;I%`8F4khX{Bt3)8&1O<!Y3)H-M
zmHhE&<xx~0K^iqvqsmM8>M3BIl`;0_;Hrr9rQV!Ag*gJLGcpbe;KRNRd%I7~gxL%S
z-PaV4(Hu@GH)L<_JG&nz8PLnJc?~6#B<h<4M2g3{ks74f3T7khhJNT%x$LiM82HY%
zw{dl;@}E%v?2@65!z*90=wSww)H*q;5R2W$?e!Yo!O!i!%LV?)BFUsov8fVHrKmj@
z?(m<LZ<34GR~~br5t8L~B%75`MMBrj%3tzwj-FP`tYys$scQ)fPsQ*$l8Rk(xkmT?
z4-~py?1XpQsmKBI(g>*HM@J<+hY4yrnE6hHUK43NRtL^o9QCM8-bhymG>B3bvp<EE
zUp>E>2p13yL<s__(QRtKWcc==HVv1{-TWQ^DinBRs|@*W&k&r|A=<NpCGK@|%w_v<
z%OcuX(U)><Md>n+DY*HRD>?VkHz`F=gyM(5#giE3t3fteb_-Aclp204jGaa^Ofc3C
zrCc4J7nlaCNI|+g-QAj2(YQZq=ZEGKlQdlzAcv%silR^vP)Tj{6FO8%LQe1)>Rmt>
z+yy9168S5v=@&`fdCr)kMA8N+Qza3y$rWe^FohWhwKn6Mk00<D`pp^K>Fh1<jChye
z<ai+%4wZECjG1LXOisAxT=%)Cx9jeGagrg--dQ=XXSt*7)G?~5GlF>*z3vs!TBwf#
zHSM&#-i>8xSUg^q$yK`mwi{08q*ZJUACj?jP=syWPR$5G%&PTl0iNH`=U7J4NXwh$
z4aI=v@@0rEtb9oErwg4&FvtcMJuiqMxdO?oXla$44qJFHzvf^AuZ;u5q}5ke@|a{0
z&HH)eR&7Xr^ST08+4PJhhH6eZwHH*xu^J&+^=6hvx<0f-$NzoF0^)NzT@pz8)HSw#
zPE&`WjiZgYwzlj9@os>9wtSsj(cR_)N#*<1cP$ZBrk#er!)1Bj`;GyOx%F4ES*V1(
z!591bayl{)7JqEG)$-cOoitMx2aLT~4sea7q9AFAAu!9o1#wu!%$wP-da>bh_!HxJ
z-4*CQ`}hWnuLBM?qMRUW30Vs7!DL+~(g8+uznIbmHiGMnI${uNO6XD4RouK3nFTVz
z81byUHU0tHHQK!KUO74-E@NET_V|&M3V*joO+A9RMKCs>-0VXtoc;6RV*vBL-0?`V
z06wSHggLuH(&*9cBI4xK6#0wQem}4^9kkqpSmmd(+u*RfR?JibG6TXnC2fMWt%8fZ
zUKCy!nMJpc<eA>TpWZO*MX%pwo-fx8lnU?y7W=i}mHOsgU+t+bN8<jr^Pk|&G>GZ9
zXT|nih4CM&J-WM!2Uu-sz-p^};chL4Nu;Owap$^&G*=}lBSyv+%b-b}Yr~q*Y`X59
zLNyI48@jc6XLW$(7bxj=x;I%Mn6ftfcJSe9HnZG_Emm9Q*T)A{Rd^8>x3;$aYprW*
zABs!@Tf;kaiZ{y`;{b9c2r>_$y=HTE4U}SCy@mJ1;;RKrz`EUrfjT$8(bgMQMfIYZ
z$|pO=D;DmS?doh?vM`RvdiYz=ZSYMS<@Y2ZGNLq&FHS3k$Ut@%XS`rMZFPLQ?<`9l
z#q>&C2HYQXTG}7707&;uiRE7o)i)z)k+;#)mCcV~QK08*w`iYfU9!;M+w<_d>CsjV
zmr=O{=)&RP{VF7ASSr+r_{}t;XZ>uzmr~qJ6PBV4gdk%=x&f?LPHC}Z8Ci@?RJP7U
z^vr=bgO8NnR<ItngL3iXRJ6vnnP6f17)+w3FHZ8t5|2p|iJPL+lvkL1Dn5HtNowQD
zPi!V2`|%qYPo&Ozu+hqNk4D=jJ&iv5)3njGG0O|6v8U0fg74=`N&*`e-lX3R?oC`n
zVGyCNn}#Dh&qc(w2w4?IGnHHhlJK@)_W-J9JKL@)%QR*UWN#L303csyTKV{NPppt7
z1c5GTjM{Gq=_w0j(?Ed4K;8fylq@(_iu*bxQH-G_BQI9~&_yXoLbcv%6p~fRbty9P
zP4Z=YLBqD}%Jvq)>l{XX3e4mpijm$(A>^o+J)I#yaBC#zIVAO9HmITUoEvh=wzm@u
zj%-5}@YaBp5C32~%|!gFWsw@+R{7&`P`XJhXC}vM{q}JXlf`dfh_BLH;7eDe$+8rl
zr$7z3ho~LBm}(JCR?6xv!ff6v{OU~~-MzKJT;r3<<7DXg_^Ce|Xf3e0fgmdU6U5Vo
z;R+xdF-BmJn=fe2212y6v!`TKN^zK}wxR17%D7EFRMYGQT<KU4DOn;tAs>i{iaK>u
zY3JP3twOVJRt&th;c9DqZ=6g~dJGc@ViNS$1~sFGNuqX(3zu+?XqGui&xjdJ5@m{J
zR|?w-a>67=;zH(%OC7&gDGPY3oghxfis^c%FhQekMiy<T%UsVDEm5+eYTllotZds+
zjUE3(6%}4aaIMpZvGDnqWX{5COv%m`@D|Q{LUFJrhiiCXnkZzkoD>GcUT4O!xyx95
zrvg~Kq}adXTF?Y<qMxDw2V--vb?lA&I4vkh%S65-A6FUBxyMxh9yxX?2J%-<oz31U
z;FfFb{zfK!KR2JQ#lBBzG2_Q;(@M7i0P1{?&xQ)K|J4HUrWg>4VM4(RKx__(xx9u;
zjKt3&-7}-@{0dlHr{@yfw%Y5}nX@t~DcsF$6v<Cb2o|k`Wsw+O9Kr_=8HD9F9hP!L
z6KOO0d+ON<ktfFhhKggqHnHxtx7GqG0)oV(eHq?w(N$=%IWqf~1fxEHa4pyG;uUS=
zK}|k8{{73n&}l$CE<iS$kh`4tW0_`%VTGw&icWjV-O&85ycSpeHq0piDq%JRzlyt`
zs+g1+t1x(L*90UQK|@JQ(@TwIR36A)US5Sf52Q$YtFRjz)otFyo=a>Rm=U=GKV_3y
z(cGD^2edt9*$vsP76=+0k7*au{y;b3<<H)3N*O4Zq|~f&Vsw1SC~u}omQ|&BkH_^y
zxAg6*@1|4i4S!*qzJogU$5c;1EP?OgX_1K)Am8CVrToeh721$&Q}Zu#w6-o)AQ)lA
zrd3fF8-I|+bJ@R<I<_SAu6=r%`~5_JZ*zP>H-t%r+4>vfSBAj%Kv*5`O$K(|)%V^1
z;HUDWxlnR%E==gW%<o*EDvs~fB8=Sb2>&EQIXZ@BcKcG!Ob$<z1TwuXwz!Di7EuD!
zop}U+hR>ilVn^YKNh5kpCHsJffPIM>bRyMN#3HOM2c94=ueDx=>G!8;aI%=~1kj+<
z(}>3f$#;+9leqX$GibSZ&1%FCeh;LiR1hC!was#}X|sF<O9iHIVvlbfV6`O~^m-$!
z<!VHfBdk}f!AApZ>QTlJVQLI8hVP=6?gVfY?(c**KU3)gjVkRHEM#VPDf0>D<b*d%
zOX@WDO(OCsa!JUkf2W{^CD3?4owo8LJ#*SgQxr^#f${ZFenraHJ<tMkSGM0&Rp%$t
zHXb$i$)|E0M&jliYo%Emh7ODAEmbskt@}rXRz;q|rP@kUlhI~@LgB^M!?s?++pS3*
zA<dAgO=m&RII%vl5F7nLoY$|R1)snzcIYT3!Y_srx+&2zNy<-+^S2slF2ece^wA#H
zj-fki-Wzq2EGk!NsR_R&ajTJxl4f;4&Ox3tooZG(E*{mt^ix6<j7)?&nbISm+VB}-
zN=bk<o!ztLGPW{{b`!vC!?Q(E0wUy!fpjg7V*|514%PUWiCe5H(GnR2g(v9*43+a6
zrP_)*)K!~ivNdsST?h5yd-Cw>@8wUb=}lz8WNdhO;{;d@)Kfclj|WBolfho?+gcAd
zHQe5_DrWQ3oEyPMqDH+~yM7s`u_ZlH^wq2TZSYzHf?eosjU+zUaRfPg*1D_T+c_ov
z>Sh2@dDVh(Lyd?R)!UMz&1~D$H;LmBNWI^?9Gs>TfBbgY_5s&>@BT9bx}dWOHT{b7
z3`G<JdWmLDha8d-M3l-c)5EDCx5sU?s_KG)&t(1j?<;(vI@EVq<NrjDaZOnKOUzaQ
z7ggYl&5?popcbQ9hwz!u+}WPZ;$4}L9*ybQ{HyWrReZJWKH|@&ZZ``_%45yn=~7gu
z-e#e76!y~DgtEHfHS6HsM~tDpwmT!Rywz!{mkZ#3MCb^Ek_<aHskOl{CK7-3tYSKj
zO<T85?fZ=UNPy?`jD!$R9UzvIt<d<vvv8~#d5}+@{)_72lty&l4(d@rSh>8>>qa$6
zv}U5W@5CHppV?vx)DsS1>=(wTW!5QDGFAAb%N6_f?*=ZZ*70#%C7I?ewa4G9+IG|x
zNX=Sg%JO|7c%n3Sy<jD^drci;P>{s>CA`LOpTiUx*n4NiZ-aP$DLq>eK3`L~5b9hL
zr!7?KFtmcX?&|Btj3s@b{hkX*^?$&BoQeNq_R18$Q;qr7X58PO@|4^8(O|o|(lBz@
zLspwDqWJpyBJD&Pt+>}4Uw7S1o+&7uJJfMpBw2PXaTJec)>_*>gEwWf&)$!EpzCWE
zDH+{9guR1Y0jeB#mPt_Mdq3=(=x2a`Us-he$DDZrpnG?h?F2RP>Wq-y{ncj*_IRB}
z7xdmp)g2lqLP|wGShINYIw*MlHeB@FDObXE`GaStqh~ZsbSXp)0N*6;;o`!5w9p_L
z7j!n;9&_+DB}=c=mMr!ZP(3ZNuzy?9mzlRpthJhHMJR|N*jXqUbwY*4X+HI4#q-n?
z-Ddy3E7z7+Y%VlYQw+H3-#@7uB<pxdj(FQcsbe%Bojs_tJy||JR_<QdL_G9vQq+LT
zmKrYFXX9ESP@|fuC`#WaoGn9-2*$C^L^3WWfSAbOZjR0>LVAf<*#vCY^kO^#Y`YZ3
zlMeQ4HLbH*mBfJ;o5hQANWv}_kl6&S<uz~Y`?aYIzf`xGdPCmo9dzG}DM$YxWWdmC
z-@sEYterOo<G#L4bxq96I5@B0vdc@CsI#`MOamV5VbN?JBNj3ZZBE@&<!kG7M6O>s
z@G^iymhj+wD}ssXp8+kP;OBy`xU*DxVQX4+S0fEXjPUdw0g&shFgdG3$Vq=Fxr-3X
zoelS(32@b}PGi7p_!eqGkX&SW+bZ%+#_T=?K?xUpH4;R%>n^OPCmk1yj=s)pnpH_;
z5ZjNgf$+jPD*BL@#rB6DNArd%jj|X>t-0pmG=!B8{{)bi-Wil1Trlho$rwLt+RH0I
zb-iL2&)Qva-6bTcf(6uc&=*>#T(3`-!w_=~kQ8OXtU~Jw@|qYmm%NFw*WvIwKqU)b
zB_ls^r*TE+wS|N*S+E-lBW5!e3E;aGAPdQXQ!3V(E%{5)l%^YWf2d;9VvjK8P%$hP
zlLGp7G(RrB2s=m>b{vYhgg1Tz?+PWX#uDTgkji}e>#8xq>#&@mX5EikOf927nNvRM
z+4ePdW@3YwCe&F!Z<+R|&MuFAQBh%EYW2k5^Lqj$f69sFKIC<4G_^~I#RKXLm{ch(
z&COq{d!=?yc8r;Y_00Tw{=E>-?_M@9yaylf>*H-X4j=<8g3dtVRu=SSD0$R6;@sw>
zeKWX96`c|vnW#0&p*Wbb!gA)g>#E&;eUgGVb@B^I2d!5g7blB$V_91A{hKEtJLvAh
z$!^F#)$%dY?UscB%!Sf2B(amR<9@OW%#pUBj-j-W9<tYT!d=#x2<TUEAAtZSD&_{s
z(VjkcqkTol7tVPbGP8uA8aM!c<GUG*O*h^C-ADwUQ7*hh%XJY7*=T~zoNSEUGzNEr
z@Hm-zv4fg$^>_bc@8PfI20`LP4&FaWT?Wn!j&CV7Ece^;t{Eb{IXWyJQRCLKV_--_
zrj?i4$H{k#;Fa#5(t+&mTQi>+qYyahe9?gz_zyLS0$M{_2W@$)s9Fn5I?bTw5UO+V
z8TPN~X;o7`Te|^D&c;NBPsTYF(gS8sOvzV2J~g3$)}<9RDGK7owoX=B=-`-p@iL}3
zG}ycqT}?6sfg5cGivf0h)=mvTVQA-`{_WGuMEM@HaX(Itp34!K%;ps@y<uL|tO=Dw
z)FG2tFnK;3O<{agX)@}QPc{^4+HxInQQ)jTXoDgsbFNN1diypii-KB#kxV0cD1)4D
zEStk#j6dycQhtM$Ec{98!3x*A_Ti61w9Uo!L?1yMl9>@A;~QGd<~8?7?vs*tib`%e
zNofi=L8Puvieu&1|J@Ce23Pi77>wM;jkeXa>0Wz0mBg&Nq~#{AiEpoZKSP<0p$!P^
z0Yy-tpC9>jZv{`rC-pLJ>Q=qPeQ!C@%boz77d-q;_H2Q`lys-Ou}NRVv(hap5g>Q-
zI^XPkF0?JbQkJMZkmTxoFA4lri!r-{j+K4_1d%cX<qIXoZ}yG1dH8|L_A2Se=8Zj#
zC}D1m!^JRz?frz6sJ1<k#g^J^5<W+W)0+vR%I~iIw|m^`EW+;JWYg7v_}-!Z5|ldY
zm*j9x?E!wWn6-Y52{B`aj<DhP*u~md9ImcDsY&>)LITeu-JBQoO<#3!w{7j;1Lp}^
z^T}!p)38Qp<d3J@1V*@sCN69i8Y^8@epMaTeF5WPb?R_D*MV^^3rELzl1Qa*)e57x
z`>^MgLmL46T_DVPGS~gjC6UU{mply-g3L8$v1L(ZQ%aLG1_<KCwPyH-Eq8P}b^y!)
zYc3Z+QwS#aT|FQ@vbM27c0kDQ!c5SIY-TSD#$e`tkbe)S<|dMF!~=xm$fvy4Q`<-w
zFLwi_C^-1t;`>2myIcW4o(3)4Z$&wU)i=pYn(`w?bL<fLB#=y!87y;lV($nu{1HOs
z*^d=cRu+{J3{Yu|)SHZv0f|Q~u1^x0RqfIRva9>QiEei;5~jbkXfEhg<a=tt>rnh`
z0kbWhvCH<;g398B3}t~#StC9Bvlt6c-D6bdT0ki=X$T!cVgx?SQ^)J<v!KlE_fIW3
z2N=^9qK0#?)$h|Q=hC&^lVjGz#Y)qw;)YFP5-Zg`aNgHjyl+&!Nw2n?_Pp@yPc8e(
zt2t{ExhAeTvv5UB6P)hcWz#+w^4%_u7uFGvNAX(_#b?4~`RZJr5p*CNb#D{07LVsU
zi@|PZzVC&*`Yj$UH+-nD3%LDEdAp-EPn~O?PX^BPD;oGGOH4Fhxt@;Fzh+6*A>{CH
z2>`JY6SG73GBW&$E)mvrFxWIMt+7ioOVf17%p@%(0JucSav2oo<V5tdS#s*=nFI(Z
z82Hb>mz!=B4n@4H@~5|N6Fg;4e$0Bi1H0<{iGG{w<^cd1<1902ft6QnELt;<?4I+G
zW~xt*R&8DquQ0X}fCXZSUs652kvY9l{v>G*moXEr>!h_+7r6HN%^Nt;pa`@ecqy5k
zHDRdkjQ%Z~{9r$KcG%0q`+$%yjOL>{Af_Kfv6Ee^O3B0V*2u!|F`AVo<bfC=2X5#=
zlhZYo<>T~adt^iH&lufLYV*I1vdr&)kR5FGDsWev`15Mao&tVpR2%A)YZHpg&dpeY
zJRy(?R5hk_iOFAfUU5}(<YB*zXTJHp)j&zcfpRqZ`(+&;-l!~!zA&Ykj)T|G$fHr<
z3}Jj{ml_=OPnOy^Op)F&zry2GQAzud!VV8ycygqZe1HgDCxAZzq09CTSO8e1fSJ<e
zCONKe?$-~Xg&K>um5cyb)%aH$%>!^v$<VGmscx(ck$|4BrZC@MZi=rikOZ@qhRLzh
z1~XTL*fD!?POZnAf|Yi;u4R1Hx|dz%JkEdERZ@AJFA#D&Enmi`4#z8UxJch!mg4%X
ziQ8|Fq~e&9j2C;{kx;Ajqn?wmPmhdDlbnB-jMAT&#aw&1a|q-%kT=KS7U1XCpW3Sk
zL<aBey@5j(C~}1bUtRSeho|HeRnL*s^}#^Eo1i{~pUFnqek672$=(?WyO&!<oqiLW
zm>+y0O?$npu!t2C+@CHq8Sq+BdHh&rSO4)+8fG$beRuR#x<7+TK7VevEXi~NF1*eT
z`&UKp;RbEjbD_m2^7iGonf(~Vp0K5v{15;I4_TbLM5V-y%o5lFA#&~>C;)se!~@^N
zBj~M(K(uYaH)DYoD{=zON}*iJo3}0SI@fz`l)jjl&9SquOzApgZTKSyZzw?^>Vh42
zk0nA3%-18_ZmtYH0sbn!OuwlqlpH8P8nC08Mc&W0Q!sVSCW&xVG{Dr)ypc&!0-!(0
zl0Vrq8MbR~rj?!<YD|inDSadJ&H=c*11Lb)FGzU4(g^h6ma@6!8FQ<__H=ajWPN;J
z6~DS<Q=E5ZfFc+oZw^OP8BSh0vr&+ku$wtGDro*du>LoW$%fD|l(Ndy_;Pe8-#_d{
z-~j%d$|#VE%aX<2zR4K&nS6{fj5uDb?Enx;KW5XG;dEv;%IH+6BB}#PDB*PsKb~!@
zY%wf}Y1bnw&gKl~C|@MtDO7%x7X4jSFse5>JYu_hPWbO>FnjLJ(Ehev@@LY|v}%M6
z^3CaiMlVT>X8WxCiWyH$VV%`xk=nU_?s~5cJpOQR)9C5tKEn623=Ewb>1$U97G<J~
zwN~P~NerKUSWGOwLUONU2aw346X{d?1Qy`WzDd8z*Qg~(tkC-lL1k3^zfTs`G}?6l
za)@j?uQ-$#Q273g{4@JjJLcVNnJ&%_j`UT*0#HT?zR~Ia6~|ivUm$_guBJ<ACjBPr
zz(-U><f~=3_uaNjOev#`F+QL3M|M93&1yKQ*DO3T_C<$Mh=PFIsG=-VKhY(~Fa!ks
zOg<3xAgATxxX~a2pHRHqT>DK#PR*HoXV-`7)`oiAFH@xK(g2j->53JMH~@^gZUNnH
z%{oz8P1ApZgQ+ef-?);cSXg)t7Xh=La2Fi{`Y7+JP3JM>=;>0IfzAgAdOeSD7Xw&%
z=wE>mcwO$NG*st|+T5s{eGwc}lmbQbdeT<+Q@#Enabxsq!YYD9P@eafi6eNWSNQB$
zr&L(_A$rEt{zMjF<s^BgHVPN%5$WDzjF3E~)DL95za`!<ikR2Te0egb-4er0tz**t
zdNtX~$%wMT{bk`ApL8RF!&EVsqJF8>f4d+xkx8S9Xv$TYN43x*=gjq<Yt%o7$G3>;
zSS!@UbHlMeW(c~_W8J>Pb{p)KJrFv4((+E9w|fOXsGx9Uuu0)n+HwOl3IHHgO85Xo
zKR)L1PI>Q=`$%$Q>;iE92zbs!S+POLp5hsHv_?k4IjDv)ZJii|1PHY-{p~Fl+nXKa
z<msbnTHhq(%~_(yI;V$XId<ds$U2;B@=&A<a6mc^nd4i};rymS)q+hZ77Z=jI7MHc
z435tZvjCUTfg`vZnQH-bID6yJLQlq6bMb$ed+VsGyXJ40?oJ6w2}wm#x=TXoRtf2n
zICO)6bV+x2cZswh(ji>}(%tVqUS9X_et-AxdY)&!>-pndi=_vJbM|-dnb|X+nfVOy
zw{#eLKOOV3CrAl0jOBs`lnqX-7?Y(FNu7773Y;5K_+c7s27%wRrAdi<6~?L>T%N0b
z*`IGlR^YtL>8C}d2TWPMPqU@XMj1!4jF}<FL-i6Z6yK%lyf(gSed2x7B76Cf;!WXw
z{93~8yBk*O+;r>k3{W<&ck$D(drjTQD0XBeH$O~t#b)TD`g}j4Dd@3>SNxF<zvtIw
z24mTw^B|TO+_J~rO03M^gk?=N{S01hogDL--^Gx1gwsR%Hy5F*EdRGE<5{5UoA2@)
z$$ckmp98I0I7Z3kwu@hWbP5!9?sWPE9mp!J>nO5nfHAR$I13MObKhlsSHGFCGIj!a
zrN^Kdhr;!t(@mkCjw~j{UFY4%QtB0qsb1t)+9sDK@jCJu+glo<Nku(mCA@Ual3~(I
z<J^US*35}bR>>zTZ~dQOJ|2s1mh;tExs}iqFb|eh*Rav}`J|!sLw$X4&*yb?(XMl{
zkftFs{^}lyw<Z%yl8drdvy2FUI`;;?&T_`mUYPeY9}XzGe1F1SnD7E<x5lXHYf9Qk
zMHC}dU*c5q>*H_jwo#lsUwV7HK=rvdQEXqzSO7XP!gGnyqK|o>`sP7|rCzF!*c(m}
z0Ls`!K;wJV#|Z>oJMo|&p99bjYh*|1kLGNgI}t~DBxl3OKox#(nO<`SXh_to!y7Nv
zz!o;q?WX?$O39W-GR0|Z<ks*=#(rW0)qXt|U6AX%^J-L|E#Zf98aMWLJzh67JXKN#
zqf}!*=H*Yr@XI{qqF-1ClS8X?)tfmw<r}j>u})uI+|tSEoB~xv2C;5f3$n-kY|f$#
znjuJ%gt?z07HHPM2)G^*G<mj@r!5uo)Vfu=K8Do4`S9WD&93M)9%-H;lFoJdOH}=;
z7_}nRfcsN*?p$%DH2?k>1zBDW8*p_l0s>)9iv?W*gNsG43j1|?t+?e`P*%-Jc^QbJ
zL!+5n=TYSFvtn7fNY(63+tQelYm%vj%htL^1}JUHx^=m~f!~=l<M|*d#^LqKk5Wyg
z)|{))FSL4XWn~3}K3`IT^ak1o+^12)E8uwnLxjOi*FY#@sqH>%P*WmpYc6br0a-i8
z&%;dkNMT9yrgC5+<F1)9^a3;^cY#hGXwkyQ8e!Il#g;k6&-`o5v8hY-30{H;-Q2f<
zei2@{Po$MqrgAs;pE#sEVgF>yPD(84u{6HnXbZU%i#pByZXmAs$V*TvW~hup-_~gT
zEy}#<<sE-0Qu%-tzi7aQ6@of4(Xb@k4|V(x@)Mr0=IwXkACwgRH0plMWUf{mE^X|h
z8?kXn59>zaFOKc$HX?x9m?woA>|zQBvuAVI1$GKgr^*sEdS*C0cfWh-^m>^vKxTY}
z=eugCAYml@SX@%X0oUi09r@{u?Rxet1?49?w=?&#i!ZL|Z;dBkI97GC^SsGEXl^iQ
zXU90~NgE$F5b%QgNbw9yrt2I)_9NBO&W18}^O<NTce<VKQ^TnTgY3c<NA7}V9Olfd
zFb+R|g?_uwm(7MTqx9OpwWjd|)ap;X7IYOTTx^DLzbuN3O|k0K;u)Wy=&$y81t7S3
zp<uTM<i#PGZx3VmlrwmQUaUV0rNlLA^2jiKD-dEKG?uUM-GRAyIelT@rXQD}XSpd^
zAm!=roRL#4k{jAI$K9{nYeO1xDNR?eI>(zwL6rS5AQHlpm%r$DcUZra4hvjS!t_+7
zX-)U~4P;G&tdx#t`%llA<4dL8WAR-weqd}QWKuXUbq>zXKA-+VxUn7zFd=>4Il-)P
z;C+j-YJ%}b_8{wnC_J)=ghT_Vi8IeSs4InZ>__CZlE?vwu!y#p*8=6$kQ-O;DY3za
zMiO|7{7)256i~Svk2eA*TXn=Jlr$h`Yb2HzcC@ht`fvl|Dx6AMG*bQCz^{%kooz#l
zEj3U_IKOSiW_#Gc5)<7j=Sys?&EbmbdCg#c1lVn1lH7kte9_{#)@-wLDfp2W-Pde9
zNrWOynOQi<i!;uN!c_Ze(&?OS8a)A9|LHJXHxqF{lg$L-p_ZN>=;61@INll1-pP_g
ze}kwk@pdx>+D$#<`VC5kv~FpbcAX51^NDLm<HyDOfK2hAPnKe{@&d%f#8e!Upuqe)
z(GBwBGN-SfDwRvMxfJdY(TO@hv)AJl8S$Qx%r0Bn+F1GsyQN3gR1xHSaC2T6vPpc$
z@BI2P6nvRPLd(bUl~lT6G^6EXW`+R^%46?5f7@JS5AB3v<whi<UWM+yx%#CZu2QoG
zfii35Ja<Xz$?o_0)Ixh{X&)4EdjYKg_cN@ku6cD|m2;E0OygV;NJx^l)NOOu7lhSh
zb_CJ6q5-k)7QM`hqewB*$ruxnpjqW=)i+U`Yw4x7d+Ig%+zKg{=`>!8_T=gh6^n%3
z>MTVNSZFe$cCM$S9%a!bQfBk&T!T=CxbTc!cbYOSGd?TvnHL^CUZKHgA(!SuVJ8eQ
zEPyQ0$bNUqiwXf5IrPG&JrRRJk({SLJNzfKarDD1e}Ade=y^N(MsZAl*T_<)skxLE
zZ<WM>9B^tnq$$t8NPc~uRSJdzcZ|}72BhDOWNn$c*JomC+B@K#{b;QI%zi(OFHF;@
zlz1h$HV~(xYNN>f!E%mb%2iLu8*joqxCo0a4f$Q2h0<=}*!lfAPs&`a!kA_DUMm%q
zjMk&M)ARBMnL4GIGVWFoMU&t-{i>jEbt(5$t}r6Ot>3Mu3?Pw61Z`j*R&!pw5F*ty
zGe9|4I@Oecc8j!<!(kQ~(qOAdL_7s;>#4$wMf_}N5#PDRO2)axDntf@2p6*;kIj;V
z{LY#2fy~h-mI@23v;D|AFAfEd+W4i313#sg7I9S~jn=aWoTaw1dZlIUj_H|8IynzM
zJ*za8^^4CvY6=sIU|FmnQ3Xi9e|VWT8Us%WNB_dw>VnuaQo2Xd2U!kH8l6MhF;hz?
zJvr3h`&7;Xq?A|V>Lpm_#hVi1Q&|6aOYfX~6Id_CS{2ZJr$9{WU0#k&p&H_UcYF2e
zp_ujFUO^=(7tG2&fmM-582!g`{RwNl0@Q(C+q;y{$N5M~I-B40(@(ie1X-jo7obVU
z@p8rc{dTW66LPGbkPh!oWubx=#%J%&ET?N^`GpG<=A)br9?sPsFCHw@QdbzszPw8?
zFzI9ySfYPen*Wi6U*8lZmltH!-S4TMbpV?cKr3ByY?#2d57X)wrQ^3RBOlL#=h-Uk
zKo#6)3Yd9pv8T+;#GSeV9bL6{iSm1F_7=U8Yrx-p)(=>F!f0z%pj9CJE4QqCzP_$q
zY&S%BD9FipC;)LggLu`SUILF1n7XjBahw+N!<(6q^ee3wyXP^2d+n^dDq4J={revm
zZMH92f76p#D*0-d_oiRn>F|5a9$(f=d2aj7g7W07=Rfr_!Q`^-ZQC|34~AFol<`}@
zSSEz`Cd_W!97_A&t{-4+?mYY)^DVvhV$kX5_J>6!$LqSQoi;t<5H%*IBI+uls5%xt
z*^e|g-0tn)zaSVsiH`IoMGiI(FL{neeD<hRX`pGxu@GHSJl08^C)Ib=A|hM;G-c!}
zR9%D~3HDow^|c3?`QvuF(4YFHQRz$r@q%Oy4~}To4s8PfrA+7O;oz&BrymE3Q1yGK
zQaj)sG6}3~Yx$?}jJQIcNPmt_lvicP0^bvLj_D{ayNVy}M9^6z_$RSX;ap;u^TNHW
zx0pI(%)D!67ZIs=+euZ7-vVa8fu_(`Se#bV6%-qHg3_<Mya3M^sG-*RmI#F;-jN;u
zSj6z|07q?`UHvzs(kFU6uC54pZGz`+XPh4&^3!))MfL>W-Cm0W+Lxv9(1o?LUo-Hl
zs`Lr&?(R!qk}Pp(<-&qcQj_7^x3783Z?2ZF_qh%^M94}&>IcacHtKYca}=fSO&8LI
z&ZhArI{SXtUmlL?zQnlIRn$+#ntsU0vAkkYMko)`3q(H0H^Td&^nsYHnjmUnJ%oTA
zRjBPUfQ6^rAfS&Q*LQ7cBc3<}Fx#*-Xev_bW%gpB?b;$`rhe@LrZW(jPI!>zQ`sF2
z$TV<U&lY%oC-imE5lyUITFeuh2L-DSnSFu@na>v12jw;VhGihL^Vb;GV2m@44F+j?
z;`5YdtaE%yG6Z2<r(S;%B7duo?zL^Ew1<Z(nw|&b<gIwHE_&}pn~QQY#G>G`ZY~c@
z9|$-XXR>Wo*4_ix-eY#hOBsv_{r)gX9y=T9D}bg&6ggjN)amkNz8RaF)5+Pf8j&Uc
zIh(uFJW^w(f-Cv{s?t#UWp$6Zc)UtxW)kL$(S^%P;sK=RW=m9YOF^JD^HCA#3>~S{
zb9?mhaj1@JFddNZx%}r_{!ZoJ?il*ojF4QJtwYiTT;OEjO;>xuGL2*dZp1fIr7$R^
zBsquEE+#t9lOxjDE0k&PZ=MlPmg^LoeOvJPEJ~Q!AJl3ahn4>H*Zrm7-120jikROk
z;0R`#=9*{q2OZi~xE^VakLT*uuxJ-Df$Vrt-!X!MW%^tzW>%R#5{KOb&1|fTIQ6vN
zhCUQcE*ElhG<i~NRmKJ_vPWl(kJ=^Nd3YP&aN#Ahd84;UBk))StQC)DSzl#KAH1?a
z0nVnO^(k6|#};|R<%L*h2S*kbO$e@!-H`Jt_0<)ZxW`)I{hl;LPKD&2VBu;9+xB+t
z>5&*<MTWoMl(0c7PZq-6%XrLPTRhTI`m^|XnR{1WB>JM84D)n=VDq>vj-Lrzn5;F2
zU(yl*B|hpKY3wdqLj7fk!ADffcoc0jP|y389CxiR3aMd)b!U0@uxq+^ClXu1P1W*}
zhAo`QpKAb6m#l~H8}1@Uz&07IQDkpfa`1nG+_$0VT&?QVJgB*I|L}%oQKUNg`&1Wa
zx3z%)di}w*)N`Gla=|N`oeK^878$@;=Z-Yg$m`xqcbs7Uj#+eI@~Cb}>9(TQgNtaC
zeP|d*%YuM{S8mwjP|^TJRAChAzrVRYE495GrF*os;fqGdBvv|Gi}3Q(=>5g2^P_o7
z>hd!A-J9-X29e!aNB_squQndxJGeRR`vBJi^`=<87>k-3?UI)Q6#}FIiKeMQ5B`x-
z>*6jv?&(k5xJAT-a@|1P0?`VS(j>8F2D)hVqwm>)=%q>9N9Ap^B#SDu!HlC9QvOBg
zo8LkmLpE5oMP6r!-DP38BCyv6R!qB9R=5r^@%kObs8@2xSlW!{6jI?tCoaj#Pzk)>
z_}JtU);=G)y9|m>xxRGw^mKaPc?=~z;4-S|%;v_FyZ~M@{JJoxc?rmPD<gS$CvhG)
zO7G5vrI2VYJE(=~CEe0aC#_87y9|(#0CnP~ZiglN!3~9^W~;%A>fZf`(*19B;puA!
zv>C6&5A44{t4_8%JB}l)7Td!icYhU~xB+07|IYN+?9sL4`tIe84y|y1h7;&Tgo6t~
zc^~4i<gH6nR)|49tz<f-TAz7VjH-VUUWs3uLLnK=XQo;fYT{WeXh0_S!W{v?H9i#;
z#oH^~tL0^1aof|k&#X?7dC&tR;|Dqq8VYzD>@S$`Qllp+WwTYsYZ(=u1q@~;c37kN
z2!pbe@KQdcdiF(F9(Eqx>ppBk9e_hD|7!3&#F%1N?`r+PtKh;_xMh8zr^#a_Shgxa
z=z<o<iV#*{{Uf~5iwAa+YK!H&jCgz#hs9d{5iB8mhUXNqgjxcYuCK@ao`yzpiGjia
z&8}g7U0NVnCJ#&%Jc2s5|Et=ATatCJn}eq%S0-F%T{qg^??kap=ksf)y=XAXGG_)q
z?R-x<qh*^9>|>6i8SY&~);_bQzA>UX8sAW{-CcA1(2S3)@0q5YDTxSg7tXPT+cLn-
z7`ng7STYbr|CCsRSmr}`?<prMHT#tmMw##<4?oWP8j`ZOHT+xcvvqql){rSu{3!ak
zoF`cTLw@kYHnLCQx?XtI$G~Yg7|;l&mY)C48V_@CG`5q#_(Vnyh)}9*Ew|md(j*~0
zH&;_}+?ga~*USkE{Yvq(u_r9~1ODiVsNL<AqvcLR@FZKSeE=HaXT&+VEEd+h7*rYU
zuL{BP!McwN8FF1xK#yCcoPyoGitkwAYLGYgM1QU`-{|lwBCd!?CX1~PBXs>{U|4U!
zAn~x6Zi$OnFiS#QIpD+CV_VGt&0ci8FH6B4fo{`=^J4MPWIoH|-BNmL|NW#}<9cAf
zUXpjc8^yfq#vVpM_w@@Uv(~u+nifsgV41hNpJd+B5?cnz*DGv3`^&>lWVj*cDV(35
z|JYoLDlH+g1h=U9L1E*(Ld3`S2?m!o1hO^}8wV@sJ9+Qw<@2bRi6gY3$SX)`)#T0P
z(Yj=dzKf%%#ccl3zVkH>DW_>hncQlA!02O@wh51^3I@;p)+tO<Kny&aH?#n5=bXek
zbw^|i$33*%opB9mvl|EDv#;0qY`cr4!3jQ1Hm&S^x*V47bSqPJ!k)g#`HG|rs2obk
zo?W)0LyM2XXv$J~(IlDFiOhhe%N2}du@-IYGah}q7SAK>|B_Wni>aCuEZg+E;?LF?
zHv9#8bg<|a5mxVz{iCKrJ!l`~V^K$4d(TlAsicmRl;V8inmvBiPk!U_Q?xRG1V@si
zZRAv(QNK1%U6-8wf`)FzIz{LWRsU9hIV(!W<WC3Cc{zPK#j?uMA2{L9(E3q=N}$O+
zn7%*$(8A(A_^SzMU>rAal(wN+wmSY=xXqZ1`s$2Ia|YVCI0fVDW8ify?vDJ4_O$5u
z`f9_kQ#??t&HZxxJN+G~X6`CUfA{H2F>Og=JLC@GqCr|o^yHOc;n~;?S47|F&QxJG
zrYD!|XPm+#9KNk71J6K@>$9S_gzQnKeJ|ocBd;u}<j8XwAa)W-6rG`XfMf(-yWWfz
zY)^K+UKj7aMXEs%@Fz*L%sh<ymPF}I5->=9t-Z8}daALGH~z5+gDYpdvBbBXc43hP
zm!NMA>*4Gp;@=chpD12c7(>gG4I@B%N>2pc%^%B#eY5tg|2RV8^GQ<lzJavB{i8zK
z4Zy$$T-*e%)rc#b!M|$i*7JpA-l2DfZYx`G3fQlqyhy%EEzv$_Le<alIm0dMc5`vr
z-k9^3L)`d!DbF)RbTdKteC1qazOB@gn1@*4^*EYttFB}5C@sp%9(x(QqEW1=j%Y2I
zi81T-ja8)55l-5u;14i$hxrOPE^5^5vasf@>iAP8aFPexQN<P4>4F^nYv!dl=BygY
z@2mqqgw`u;a}!ge>SM1^bc{(W9lTC!wpJgNlbY>kY1~dN%9L_GwrK1*EjWyFES{n)
zPi+a*o(TQ$sP+0Bn!bKwFiH_!()HtXr7g6=YZ+GDUWx{yR-lOsMp?5P(Z1hSu^Wm>
zeGlmUoZs!V3Mi+Qipdb_b~^|W4<Z2a+N~d}7(OCHpeQm|kzM@z+wM_`w2ESlH&2sb
zrrQ^*NC4X!6}sAX2?D#>)f2jUF!@r@<w(LvVc&k7F{%X(nE=sdoSZsX53~p1P@?13
zTW6T{OvgIVg2WVHighDFzJ0UsqyWWzvMEp|<#z#!r=)Opz%;j-oY*Q_cZQ~rQeWY7
zTt^aFHD=}F$w?LMA^wdb=8xzIdSt5p90BexKInT{@%xZA4et=qWliol`gQQwjIMme
z*X87+AcAeT5<=oR<cv?NuDu5}9C0DU-plOFk7Cx=reaug?bahjCa`Laqs%B>u2kab
z;Mfu|wVRAkqbpe#{W>~CAc(cv1d>+IdnC#MA8S`uz<qyF_e570zP{@vq1~&6ZaT9}
ze{MBwN+AS(XUib=s}n+((*X;nE)ny&gmp9g631kxrL8UMZ2yg(<AN~5yOu`!BnFJc
z5kvMHsR#-SNc~)k%d@X{JJ^oT%(lTCYHD*`^H2t9kLcOXu)_kfsilKaL>$kB*awNR
zxc-S>(1vvUntAXZrp35@n06$qwR`yaC}*NSWzf$sW24vx{n+2Z{*$iz$-@Q;S2!;9
z)PSpf_eU#OEGg*koUI8xSB2Lja|ku7*&xJ6Jf_}R0^fPcQL8_0^qGl<>41$0nT*N5
zV5@pP@=ip<p1O2yHTVZ{z&&mf>%DW|=I8Re<JpA8WjKSQH5tb{^lPV1{YQg|@6!q{
za|S}oQ7|<DG?`>6t<LgUQn6HuM;@X4^SWPVzjUjl;AHF+N(O#kz^t3B3UQ+J*Qmkn
z$kqOA3C?$olx)A|U|EI9OzS+veKymi=7q&$(g`I^k4wy&azs`+wx5KhXV9}|8Vx-+
zO`{PWh&@Rby9_Va^SMtb4n+}8ysR;~na#eh`*;uH*|H#tpwf2t@-2R|8CqY$Mvwbp
zpX26wi&0iYOIG%s`oDQTPWHX<{NHK+q<rQ|peq`t*w4q#&i>PTBXB392VO&iwK3(Z
zK(tvaz{VeG1W>d7&XJ%wSk2b?0ct4=ZpN*<`4$)Wz8aiX`A3_xOFtG{B;_-AWjxVG
zo3YJOuJ#uZ>GKjN9HZ(=ofkZmKIISJx!;9^hx@2xGDtQ$FRG-m3*t*xrC~kf7X?+9
z{u|7v{L@3pJOPt*@7FlB(#mQ&U(nCBw6^-6ZQWj<cYRFvRDLJ>OxSGE)aSy*)tu*p
z&3qFovqp)?5EXy46+iRR{)cn0;fSLt!gqtgkqk=KKKGm)@I}Wgn*4Xa4u6|Mi(X&~
z%_oa61>HPpDymOzmkTz(QC#!~#cWbaUPpbQ<@)XN<)&;2-UHetaD3we!s7|!;leXs
z7GCYYE^p>&+J8y&2w1A$U%q+fdfwu$Rebnr<C*irCpZd<!ooN_fb7Ikc5Ax|+)bp4
zURQ^1ke%K7&PCyl$N<jb7@|YT(3&0YK#XsKAeUO!`?5XVoW$}Jf2+uTZa_H$;)$O%
z)tMW#bi;Og+8bR^7;<+_a3&SDBuko^^%7o<(JcPCbrV2Y`Pr9}g6+!{vp0&fiwTBS
zw}l!q=-@aeeuj{C_MxhT<;THWZo7}BYhNC(4TWjf&!Hz8?tl4QBwK8(_PB`@MISJq
z4wjTEAJ=L}mKT&~vLw0-)NSy3CTy>o^f3y~zzmEt`)MMH=^J1RxaZ#r3Wu1mDcLBD
z`X<wAU{QtXtdqs!o3I*lMI0*c=iVkP(cIaby2#^}I^XM)&Y;!~F_gOX9c`42NBGG{
zw@I?#wj3q&VGp@-bIr9iI+X<H@5h3on$Ro|jQa1lr<*8n>C&S^iLY5k;#3`dpuF00
z6W+^Tp#;h9D1hFAxq88jm{=F4J8VmW6WzafHL;e=DIpou*W`Tkn-7Y&4sbc}YmQA9
z<7mWvi2nWXLLe`DaB~^$PRM1MI*q>BcdaTYg0M>ZdB{>lo_)5~EMRMavqFoK{mO4z
zbqER|KA*hQMwhfoV0=kFcNXC9k3e;-X|(aQ^&zV@5&{CsSo9`)igZ=EP^FR*o6bRY
zSd~rtwPIv=@X3q3&R1duV=-OvygckS2O`n9RdZCN{d&O=_E)RAKYnz;^CSiTa3tn&
z?&o|fml|5k453|4`g$u#lISaA_K@%Wrj)%ZYLp;1&5tiRMshpL?uFvsFYH~H8|=Cd
zk5Lqu7BJfrw=2aB%ezJnKd%|<u32evdund`SBP6%^g^S;h(jA>6mso=+KV}rpFVzp
zVvY93l5sVi^6y_lApTTjK{RFze8f1)2xx?CEN#>u$O#B@1z)D?YUzxoc-+NKUuMSd
z(?GC)W(<P_smd*u=tjY9<xTb%2~IVSr)v8`5+~>^T4)qY`v!7cq4JIEaWBLZSalQ;
z%4r|ZPUqx&1+_UZHYKH{lRv4*m3?d-eRQX~xIUQhy=FaCRV`KP@Eha4O(C2PLv`)y
zHww^p)gnAtHqGH_^so-fhcE*#Y;kQJacyHYw{1UscT4Z(HRcLUYrb0cyQ1J7wE+}4
zw8nKBa}N8xVPx!+I9Ve(4(*->nkCwJEqHi);^j(iA8v98Bez37ccFq|9`Y0Xk%9-#
z<NNuN6{FPRPP+FekJnhWLqbC&!<K`$Mv6`qVl6bWY9rK$2vanj;S{Yg6x56XpCS$y
zgq5WEMXckuO)M8X%(J^zga&6a?3w&7rxzfF)Ir<Mzt#!g7C|8pINhiDhKNHgwckIH
z-{B{MWC&4b?G)Z;mX=?jso=h&sn)_MvRn~L6rWl$2a#cxaY*EXkfe^=*ZFkZ8bb#F
zbdUq8dyXKC-gorBx%ydqsGo&t$H(FJ>7sC2PNOWiwI|~weSPln>~iPp1Z;dfZUwFn
z+R*oLlezFLqWAP%R+he@&)|q~sdi&LMpOeT8<S?L?|p}oxwTookw8D75ohU~XR~SX
zhmMp;n0K|{y*)fHAY&Up|1xu9jvv&YsH(b}1z?l>>U3NgEZ9-&^)T&T8J)e5U}kFS
z=Z?s5pdr4$w%6=T(wp-x{;`Ub%GOiPZ@d9R&&;3L)%^~+772a*qLi*MK(PZ9_q+aK
z0GR4!sKJxTQ7fmgiqm!g0PPISRdD@OW&2SiPin~zTiBOaU-^Yy-j^D&yge55Zzw;h
zMw~iOI4eo0YT8)SpTMo`{g~|Ue)&;kmR5w+WwzE0my07#BF1?E)ZqE%x!(JLi8lEj
zt3TiXgS-(F!o@AC$~+qp*dJ!N;j^1TC|TZ&<AWL1nFIp`Z!j<ieK*%=A&T>xHYnSx
z^2f<f7VnstBTPC~{)#N6ALcv%Ugh5E3*Zj?nWuEakbdSnntT6k!KFj`WzCx#I-f{5
zRMb{PF;qH)NP4PPS|-Nskkf2GM!EeVBt}Wt<}8|w6Png@8Y&#~pRBQuM8r@~4~D)z
z?bT;@>z~(8TbH&TjCH<yR{x&=_!oavY)Z<bmb<;T-|Fk)RlboAMuzgE_T9~=ayQW0
zKn_0Rh3%O-_u(Umh=?Ol9gHd)cdCXWP+5*<!Xk$%AP|edAgJO!7>rk68g%RK*30em
zLn?ZK`CU{*2jNIMHgCfN2_<_~F*U<+jKQoJrh*6o{DKITJYL6sJ&V>ZBPR+9oYw9&
zJA*g%!O=%{7=y_JKkRE%!?%V?-!JS8cR4WN*qfhFD<k20cQE^P&}iW(i;A4>GewUW
zsj?jm^xR8IY7F_uy%CIvx)DuKBlF&zKw*J{#W~=F!-2SHhjmcALlK$I$wtB&uA%q>
z3yV_`B$CKs+`qV(Zav>5Nz9f~&w%#X+j|O!QR~)>Nv*hy@mt|;^3R)2uhu+EMidlp
z7!+^sbFf^V{ZgG+3<OKuKJ!H|0+L}9-s-UP^dlXBH=h-qI#@;Z*Ols+9&ac(8DH!*
z-)H*<puOB~bvs#4z~2q=6QNpSf{W9URFTQVk!wzn;@|vbuT~|447L>!cBZ{pMl9xK
zr39@2#H?!hvndXY&sSO)AB~MlDMb=#n9uYNb!__@xC3KF!RGx>Ujks-2TWkc;PEyR
zkq=lgbkWraM)!M`?xj6`9q4fErFDAKm~d2)vfvO09*y+Ti=%>l=|aaMnf)5c`};Tk
z`n`Yu(>n+^62Aj%q-J*qISvdg^y|O&AEgDzgHcz&cPbdTL}?hf@~?(rDIDQ2{tD0Q
zmLlz}FdqB;`<wmSYX}7_A1sDX!sY}f^ss)v@jIx{&0J`Qf%*@`zYf+TXF{x?Qs*vX
zun1EGlm81MEKVOObp52Kzjkx|D`YjgmX>x|AFjjyd5=F!{A;1mwc<q{d)W&qyI@{}
zHU9NA`-tk=*-CrAWdaA%>6dU^iu@GpY83)3N=ualmzxJQwdJVVQ(lONiZtv$Z8rhJ
z8p0C<eKf{tu%zFg7KR^r+uRenTyd$Hg$u_XM1~1Q4xt#a0x2{uy*is56`Rf}*0MdA
zBnr3xb3p&LAJFrHLHR^W1yutMY2?j6hb)o|&ag~jC$&Dw?O=s0-V_7NDUIf>FZgk9
zVtnt8!BA!%bVAI}^m@jA;zZ^rj7<M<kTCtIuTfe?9{hRV4mT9A*=}-12C_??=oBr#
zEFPmE0^u-56<LZiE?y``!+H~=p~ip)|7X+wwR``1;q;ee%mkqO{JmIw=weX~^-Lcj
z=;J^dEBL4%gUzvd1mlyyGig4_jE|tNRX+Uk?SDU|e;wCvS<7VoYd3(_;eb6okL_!V
zejO}@@;@!oC*l7`ixgQx^hxkwMa%^IQN;okC(8*pwN7Byinb-*{Mn@cRNf9YID5DU
zz{=TD<NP^2Q(y02i(GF?(8K(ps!Pnx@CcmFQWy~ZqaN)cS7YA}=A8*XIgEcio!{?R
zgZO8s4=CWOyw20`W;F2rwwWGA1_b+PbY3II6G%&XwZWrMX@%+lhcDCUS4*haa@(yT
z|KkVjF;H#ZueoPjv-%?bOD4>L3hP-t*AAsrtE3Tpdrx(MhBc`@->DB>M;`(7P0>t@
zqC24~{JKMi;(xYfV5bBk|1xLr%*gbAo3j|GIWuw?lIp?>)69BV9Y!4JCnAMYpjA!O
zI=x57L_uNw^s@PJe~tONoOZ?Qw(chj4zO_SHbp}vIz-?wtmm`W{<YHo_ChP+_vbP1
z)WOD*|6WzcHB>{c<xE;Zt1&p&QzGADs>lEo32BW?P~knRw_-dPKLU!Ie_@qRc;i6K
zYByfjN5dfK%aKka|ARGx@hK4%QG^j+isRZQ%SHJ8Q^1}X-KTNMUFXF90PT-=>`YDD
z*$nyB!)d>-Gm*(cvseNIOZ*2y?g)}n@%eGg_n81Q*7~TNDTe5}Q(E6YHI?9Uc$G}V
zru+J72{Rj~*{J``Ej%MNb(+(!>E)0|59P$sT0#if72AY_u)5=XC<WYQh}m^<f`r;;
z*3Awd?{^_F*ulWD(E~Mg%<vHYDV<9r_ws1|kyE*Bj$X6V=!ODWsq|;Hf7IFoTR8hW
z?9~wp{g+R${~Ref6)>{MSrAEOmhULo`ug7^U!vgHBKm-u-IpkZfbd2Pv~kua836{g
ztuUU249gk!pWlS<GXR#OgIT_@@@vNHm96cQZgM^`cqA<4m{=7%N+EZVlb^VROuC=!
zuP*uGq?lF#qC@z$qp!DjiV9OelWeI&6zV1nKA#4N=u1$Bj0yLU*Va2v@p52^9P1wy
zP(&VT&3iIyRV^wA|E#|RYR*rU7n}(xz$JIorXGf87Tv+W??`u_!e=&FF05j2AFVTR
zFlSRO*>-#FWvOvDQLK@lVBi^G7GE_(DD?EHPdJ6392l>WcX0t}UO5oiBZ3INU8o2B
z`!dwj)Ugao6wSNpNH1Qz$N{|BsG_>uwCt}T73$HSJ*9p>#0=<?Q3;NwD>UjyVbZL~
z5IXoJe3wycp|KND`Ojuqn+Dt=Pq9jKwf#!}2>I(&U`<Mcj@pWUOY(WGd8|wfg6qjI
zaXMNW#=ULAE2j;N`VTGSgb=%tTJwo4Vtq)O{RT!wvfHcChosLPD&}d}>(N_2otH^}
z4b=b{@j}4F>Xe{DasYT#V!>#inNR0zhN9#YC2=_w=`VqHSEXBS@+{`{gpq}!%+*=v
zg4yH?cYP?R|7cDqB!FTVlF#}vA?E#U{^fwt(n$Qck=5l#jG&)nQS)S)9~A*{J<EFD
zO}SGnV4nWSUTSGw#>y63^Wk%cjH7kt5ik$f?CPX^H)PM+hnVLT+gP6<<j|hC%I=%q
z55I)QbrP57+K>vYK@D%QuA{9`kGrpr<>af|J~CjJ#6hlnT@JAj^v^V`y9?w_4tsAU
z{o$|A$Hog|b|XGU{x_5HU*9f)4rYW3qMl4a6tWk<!~A`nMbHBUh~Vac{|NQI$}vpU
zW$+MEXqT*`G^Eg5c;j&BBT2a(9?(7N8N2pyokJYZT$;#|lwTPX-xx|xpb&zHROTC+
z0rha$`@vVdg+Zxn{5KcCM4?L1_M}H3m}DvM>B-j}9Smy6^8usVcfg@u+T(FD9ZG!O
z2Dl7`&@eD+NcHsre-+z&gPkAi;YDA`IUB`r3}uPOr{2o9bTpc+0sS<=-(q^P##&>W
zkv3zIwS)6(X6DYR531S&8&MoPIz(wcgJRa7%{K35DM_gR$s-c!@I&cCeXT?hbVjB7
z1o4j=aYB9dq$iUBQg5L*xbAdHBmqhR!;)f@h6zdwZzd`}J(_YVf4d3sliUtwA!?sA
zmkp8_W2~{!QPZtax|1;_;lv!R92wm0iE3iCLhXq)QsK_kJHTeg>2^kGQa%_HK_O@)
z&m~0Q@}6D4PQV46^G&<rkM*vV%f1{8A;Htm=TuZ5KFi19zU8&HoxN2Z==8U9uckj3
zl@oXw$#Q}W$9~P+4CXtG=UVXKLI;ZdS~zIFjl#wI^928CH3U9@yW(uz&J<e=QRUBn
zi#&t6J|up6MvT8*pMuBKBsjJYVV#3p1oQw2T*?bj9t7v`_AOj@Z|^g9{mT<EX0{yd
z76|U`K^Hbs+~InH!Am2f9NzOt)EYMZ7ASXL_Q8Se(fRpQIwg-a%kDz!997w&4}r@e
zls%mI4B?55KHs#^;^^qu;{cc4mAbrYk2d4uN|wEqDd<xd$zdM7se50Rz@BEfE|<r#
zp4HH=j;OC4%zzdha3`{4>}6bUe#_#xeNy$I;&rFHcF&jW>HmD#zn?D@D&qO!;ucYl
zEs_3+xHHs7Ht+WRx&eU;f_~!sMkFQ5v}DIa8g?aOh@Gu2XE!2owaL)v`(HmU!H|Wv
zRvg{joSYG4N_P=J*-bFjD6=}mvq*3)D=W)sJYY0iX&A(dg^8K#yyy`@3LZNA{MU>)
z=*7Xip1iZ|#3y#G6rS{bYOKM%TpP;1V`_Cg4j38LEYQmJHiuL22A?7!AkEN0Pu9Y5
zC2R^<p>}ots%t3=`lFS(5(BSH02)vKABgZnAi}EuCBouR5q>%?8Tc7$hS<#IWRMVa
zm8hyE^|f&zrTVQQd5Wp#aLr(9*La=+nVmjKU}%GOou%YNnrn!9xt4;(R2kO?ofe2)
z`~v4d6fJV9pj*7_`JS=u{46Z7t6dcFeLk_9-Am%@e0*muFbb;%9AA@drEN&FdoYEN
zJJpL?jiuZ;NVJ#wrGLlZUDDo2CcfbHg=dw~;alw*Q=k7!!YT-SKZh6ZzTL(6`uRQP
z;)+}Fy7y>xW}`a<mFgo?243PmmW^Mgr&Y%5Z4B0pL$7sVxLuA2>c$QAo9tGRT5r#E
zh`LP15laO$=a>&THge)1Jx*?OPk}w1GHt!W^mi7fprzkn^f+CYa6J&IUn{yTq<ZvE
z;R;GaI?%Go0p6PH;7+)|-B@?18|yBwXF>g2%jzVlxo~W8eZCSo+f@tB`%Qr=%mSVI
zG9pwZ!?Xq(xwtCE@sRMc7hpbf9*ty(vZf|ufd5)1nBAu$BH}G`3@q)*q)yX1Ijc!D
zEOE`z>r%qZ_-ZE;kqKATXdDQi`a>{?JP(Y}iiwE8o^SLB!oyqb#;X*F12=lo-OyAx
z-G`C?x(5D^FaP|@5)yFhHJMjOtVR4;{#Z?s_fRvz*QG{Et_E1$^_X>39n|W2)F<cG
zu$xL|VXE}QvcG6kEn(RaZ?0^?mB%nBjRsMAzOF>;jUZD}D^e#+Yn!e2lBF!OTcsb*
z6h}tG#(u}lpsmjhLQX-BYW`ug{2IJ(mYJ<TK?oMEW}>O7zdg~+BPkKf5e(VYCdVY@
z?N}2~{By(pM*!;WoexN*LBKpR_RCN3Uyl|JRrJ-TwGZJbT9!KH=U5+1x<PGQGp`I#
z^i&~_B-ZcKy>C;MK0S$IQY{bx`g}6L%pPhB7-{nsUgRwA@0Uk7@6K|q+^??MjDn7c
z0x*~B(+65#fFICuG-v<b_9WIC;#8=F51gD1DH`^C%>Ddzj&c!-(x9Rq#>VIA<UOUP
z_Awd0=($7qU)bj#P**~HX*~~3r0&lnM8ZOyY*<-0hiKiUxUhRa<nq@MWsDDy!3<Py
z{%*aL@_h6bOVo<C`#WSN-G(Q6EfAk3=Y6)MuODz}3xOZ@)(b$mHI_54p4%>Y^TvDS
zy-1V;!WP&e4_A4xRbng0e8@sDXQ3z#?5Y~~Tm5?|<qIzLe~CN8UX?JR|6eZuzrx*r
zdvT8cJN9jCXL}9%M<*IWfZL`Qm!>}2i5GSNOh6qPe`|_&bGIHjbh!;-G4u*qm}Ha3
zdVaf!@6s|w{g6WG9^7B=3zKpfRWz_k8i0uw8TE^ksN5JdRer*EpA>-Ki31_=d-{Ab
zM0rq)KP+U&F$f1TW03psdE1L`Lf0i9D*lg+3ILn_M`ukO8ZB**vSOSm!U?*bWky>j
zb~F@g{G3aC#>mI_cnrM=(MQA5k|pfHQ(cxsdRRNV$%2>Jg@E^VWn4-4RtBBuCj!YR
zKe559()XJ@Mg+I-z+F*bHRrT49Ut_>;}P+`>3Zj^)^e=+N@IhzAR8Y52FjzuQ}y#E
zOC90Lwc78*$at(PggL~ZD9Qi$<&6x*F0@I2op<<`ofn7)+buZRfdNGvK^R<MMy-Wo
z`|;m>{$|M^-K7)09iekBU_`ujtvO-$7xK)XKTXYNYe*!Y*pV*+M@hQX^_1ZHMk!rr
zUu7_!wfhhZd@}6~->m^NLzvWx2)N8fW6h_^6oiC?R-Pm1!})a!YvY>pS>$*7y7ePM
zAEpoL_=8Xa4DMq2q%;`MR{6hw7y!{J=XMbMF_g-(P>3|<yY5K{A+z#dK_%^w);^ry
z`fod<>y0A|g*-0+xmf?Au=k&M>|3P$<>lq~i^KGhR=3CFxr1&_>rdUz(h11PUoa@9
zWPrIQP{TO`sR!M=B+v53CQEfrr<m1>BtV;D*2swRE#JDLwssQE_<BEn2pwtM>#x7~
znNz@p{7mw!NChfssi3(rmrbuZ7zJF5nKNED)?P;c3$?%o#Sc)F0XY%rZ&wQjAq5KH
zF=ShClOpH?y_o4i?-K2pKnTR96pe~n2R^fx>3ox8nWBEq6sSC1S+G+~;gvG%4X<R5
z02Bm%M{E7!U{Yx=s}A>=MR}_tXnPp%RZvpOo}M1#^tj^r^-SGMe=nBZzz5vYtY6-=
zwY449Xl~fu-Lw~a-Xgtq=><#w-n`$I-JYh!pLX?nC_oFunq!82{a?JgKRc$4vgz^4
zpTFAMF3<g;kS87C@Z7BQ%NSX@q!ZL7$+{FYguxFyvH}+6WWN5{um62$0sJmE9Hvij
zf1;-(YViC+4}Q^z|Mt87@<?iwsGc{WVLo{BL<Q}rn>c+8+zzS3#UP*gR;vdj4ri<1
zMc`P>$d!orz^N9ivjXxpV!NkPd-KhYA3yF_ufb^FE5x3RD*~;J5G{DSlaY21*s=MV
z(xufNK~}k-ayh}cak-xzaTSUJ=%RBT$F$e{@8vS>Io7Ud!E3ZXnrIpb1-1+;LNV4U
zS}p?VNN0}T{q{ODOop^i-Zm!`Kp>F7jt1L10ao1_@8Bw@cQRMnFUD0UOR|f`sVFHa
zn<IN}>Ory#LiO34E=>>dI7<X7SBW;Qw^&@3(=rkl&Wl1<S38Ag(o!;i)ZyRk?BAXQ
z6}X(IReC|lM)<FgZ3qfCnqW9ZWr8>v`;Vsw9N-jMZ)A(j2I_c2Xk<IQ6F@xsvT~)n
zz^FeONQtM%65so~oQY!f?f=hlISxd0Y2Blgln!9wBLuJlnifS(oE9ty`jf@hV9u;+
zou!ta$bIEH34@`F6g)lee?HJ(|1v@ZVD*o7rdAVVC4U3c7U1f$X8p*c4`4H3B@COT
z62UWZO2A-Gk`}RGCZhptYhY)lm?!QrzHEQLY;0ttNVC&khSgl1c7%WNznp;o{$gqQ
zFVsY^CF?cCpX22f0d@yV;xHuR_Y)Cfk_3Q-jj%zVsD7`;hz~(uyNGof?H^%)GV0&x
z#V%=@%-<oTfDhCzcgBCM0bm}m%hj#a?9fwuLJdv@{}FE#EEG+IDFEU1KZP#>DZrQP
z;jIbMAo%)srT`fV@A)w5;}SsMwIz!>8wWh$EFE~$-O1E=mY@!K`C3Gse-3xS&}t}X
zq}PRC_%~p|02LsH>F7jmTc5w7ysuxURgR*Ce^!~pAH=$PKLj5Fz{VErcY1J)E+#l2
zsr8JJ7W<zCmE|vNElrKR0_o2Kjzd2tiL>SbPtjXR*DrUXON8Vl-B*4?&?CxlfrC^`
zx)Yjb!2nP)E9v$B!o`mLYg^<iX`cRBfGsn~MKw>L@EC>Dkyc7%lO;U_i4l;EVn8@}
zed~{S2C_Q{`Xs$X|CreUE+ihfTpt9Tjg$K7{SlfaUhua36e@F1LAC*o-KzezCiefm
zr49>1j92fovWkW5#qX@Yz51Ol>ewZOfd>LnB>?L}IebI~Lk03(OL3WysDH|J!Jt4M
z!SdY)*_lR^P&@#5`)`L{5f^N>N)#74syydszl6YK_7?!&JwO7xd={vEa>F6Aw0`M`
zfd0>dGVw=H6o|I|hO&QS%N|4x4DTQZz8!;ttk{iEXQjgsysMN-9|jaCM>1Z6{YO1X
zll%)VtKLSO{9F1+p>SDDAkpgYI91!SzJdfnq$3n%sdF}zY0NJa&L;s`1M9`#3h*By
z=Y#PVbeJmY9mVoTp&OveHy>H6Q|*ro)a1u3OcWpVzm_^lt*D-%fDI*yjY9tO!~f}Q
zLH^jIZ$-qKe?yk$K=JexNVPwr`+#uz|MoJ!K#g2uEiBD@=<{{>am|YSpD7vKgVmA$
zQOSs*_Mv9l`pq+F&JDN2ua;OX51AMdjvc#<{1ehY9udi3h~{%Y7+S5rwF@4qUDOu!
zCc$*1)Ccw!@DdwPDFZgA#^);)$oHBkOHusMng13}f^V0!{#e{%{nwa(_PhY<3vij4
zK4lXCcSvrx6M8a`#Fh^*6eX<%9D)suz~tMmcX0m4Y5&1+aQdJ(A$WEYga`e99A<Aa
zsBOg5YUYxMW_bTv=8_qL`DBSCd!1WwNKlXt=dQIJN2zvWG;mREo?@^~D}nputXd2V
zi2({B!2ji+L!HvU?8Brv=4b0a%X&fwo??u7!2{{HF>VgXcA#2<@%j0aiSu=bNV6e}
zPM!b8aH^p*1c4L!K^u)rB^J;R(oU1X{7182Bl25Gw9#u3$^NKkhY(PbdiI)g|Bxch
zD2ht28K~JfN_#tFfOqM~R?H1^Eld3f1tRRT+$F7SWaOgVctojPZ=Ko=r%|Bnv*5a8
zb#!`atlx5%2clR_j8ODC)V}MA-AEKzxM65M*2U?=zk%G^G@#&*!u<FLIsxv>=%Y2%
zY;r#P5d*KG+)^EGi^2#0N;g1nt`12+gh>f*6a<2Pph^&OpC6a+U#_x+`RnlvFXrsF
z?;r4z)mkbqVqd*1{O~H)ohKL%56^6>EVagEOp2AbpV>0uwpoLq$49Kgk5~Z0H=>I}
zfY6fMalUvj14eXnI{d@|<4oHoKC74MCN4l$F$dy@g6?jPv9&ATHclKgm?i?LVXf{Y
zoPy>b99g39ph5<D2HWlp!=#^!gvjC3cj<Tib24slL02~x6QLzsWTq-=yjjU$AeBEs
zbjI`AipWaS=8}%WujBvaqZ}~(C1m<)rHmit;MzRfR9T7`5&aQH1H_3LFHNcj2x<xE
z=LRU}Ig*&T3#pjiEUtKMji0GFsmTme2{WlT@){f7L-=JB<Z7Aq)zLX2eNUKl>Pkc_
zvB`Nwz}#_TTP);6dEk5`CKq47Uxj18OASCSUwVB$g~S5m!}4M&^}H$CYdD2-XDa<M
zA74M~Be2%GzIw0wh~0s9*VFA2Ft_wclm>V6X9jxu5kRP6Hk>j;KuKw%ky3(#f<38~
z89#3T5bPfY$Q3XMx(XSfuR*o&RZX`Ms4$k8D(lv2*$X2+iu;gJu|mh_eCK=eL@?D_
zuUT$NDLsdOs=TqZLG;Zfqp(|7m<<nmN;W@RQOu7^bmfJEXqx$B<a@&Pb!3+=$MwzY
zskcg_dS}<6HjP?t{e#m7yQ5L}jJpehl{Pn<TN(>lqqW;1W9QNPBP&n+wnVj)?4Be%
z++<fv@)bJ{5n#KiUtD%Dc3=GvK_QftlRU+^d_*Tmw)$jG01E{x)7N-Vi<5e9%}%b-
zV{pZ>RJUT{&JUe1uOh2^mkDdLv+;Gc;%h*~pxWd>g3HLtnhI!e#qI3uR)%I(@)fl|
z>Sl^b;<9`Bz@7YD77sBzFN$GMjI8A)!tX*1LX`k<ATFK!OV}RaThZrwt*&w5l>Aa4
z%5mgn)sSS=u6Y1(IQ>V?R}Lkn@?~;lThsJQyEn`lg<_XS8$7Uf_nu7MU%pg4%}%DD
zvV{ZsaE$_ad%x)s>qr-k-(lX9d3ga(8Dwj;+D`W^U3gQ5z`s_sLs&y`K!>IrC63%H
z0k8Z~$Sn<FXoU-D7V<ge$VAKn7g6l9k%%M7wQ8A-o<y=(*Qus1xc5=T^~F-g+dtD%
z_vU3YbJN-KgRm)*(6{3@TZ(Q<c7=s2FcAZhDi3p!Ym9F2n$q7cYO1g9g%yhU?>TSP
zj!l_%)swYWwYg-D{}2W!fC8Odd`>hSZNckK29M4^Njf*yXG-j!faf}|s4*8rN4nfO
zIAMjh<>RgLKWE+!eJ6|5LiHibE(3|rI`-@t=;q((e?}5tJN@)23E84KllFBy1IW-i
zC5iOTt``{j;K&)mqs1ibPlPX5aE_tYSe?_<TFni=ZF~0aMLuW)(Q2{Y`&<m-TR=dW
z>p&l##BnMAUR2;n_qFK*HH*2Z&&(RnDkDN;!fo`W?@P6}i87V?w`&XbcJ@)5&sbCB
zd+SShD!(V<$LZAP$_=FxzD!VhP<mc-`ZZavKw^S)<)*B$n$c;ByV9UglC0>*He#i)
z*M)Sf`Er17JSEn5^iIf<T8waJvJ+OHboGgNC_y&zmRXI}<T(wyj+gc+ncSQ1&yUxK
zS+#lXy-Szqr;OcW&?A%t+z-4_XR$`xL+|s}5WXd{uq{?3npVeytjw)yll{qu+`%M1
zo8nt$#DF?9$8`t>nQ7`<X3hBayIXAG=yDq;*FFjDY^m@J(2%NW{Hj8k`fPN#ST!J+
z^`pTLmyR}J5cy{|f_UwV#Qc}2+%G@oy&Cwv<aI4m*>xLGT8{=m*|LBUnT>8nz40-9
zUCV}moB|j709W|x03c#b`c9V0ANq)xRTtX&ZEt)eGl&FhvnlNK1F}NH{hqAdORwEC
zwL#ju@fV_~CDrRN@8<pcz2QYtGNrbS{@ZlgA2q7?02SuL+AX-Hl?unhzYc$r#ACx&
zdh;%T_9f0Fl8;zaK*6#brbNNCUcT8r-2C*LUZv-e5#`u)-3;H4zO{zB6z0pn97=Fl
zCEqwGNpAG9PHD8>i=KF|;KrTlPM3z#tM1ttZQVUzN7}2xrf#a5c0|zM)ze5ZTISN6
z${|0v&cjx5<YsrbggE<j?hZ`7C!YwvfxD52PT4dNzvot5un3P!0fPO!{gRu@`iG|N
zOr0b1?M1eSp|?K#s2>{5wKF!yW0e;^(6r_YGt)i<P!flNHXu3Qbe`e+i`5C_yi#x>
zGfW9bt}-$xjz33y1`^6e_?;~Cx5nDl^@ppj2aqk40&wEXVFEa?AKCMJZ4l(<&UiA@
zSFarQ7q}y$y_89NGSDASvff*G{)%yH*s96t6z{OVu%r#RIH^QWvOM%cu-HWkx3GVP
znaS50^0Ev$z||q>Kl{{S5#a|{PAwj!0&4uG1%*<Z94CUKIa*(1nS2`R4bpBAR^A^9
zk>1Q=^IYhi(nz1JRIo_w+ho7BGufTSYv8qzPJE78px!$rd4jp9WcW6t>utMBI_y_N
zO|wcb(^HP;HLsj03ul(Om~`r?kAK98d0}35ysb0d9?v&tcc3z8Px*q#Mb@5d{<P#U
zAW!i6WhcivfMhwHUsJ9QnndJ^FlQs^bBtYsDizmRgr*_=yaWHCypEmb#}4b79~nLs
z4It_4Qo^yTL58I6wl)pAFVTtFM*48Oz6M4yG~!tPtayWj?^sxP-fd$h+)mE%;MVzo
zN}-PW%F+3LdGF@5f_!@UM*8Ce+3v2c(@Mzw&T33p@JZT<L2_c>PC~lZXi$I2LmT1;
z#zfNZjt`ygCPBT5$y~ivHl^o<q6^wJ)oYQC`ExJlO&b_-TI95adp_Tn@~5CUGj4Sx
zd=}d$fwq)(^>dS4MwA^<laO&TTsg_kR?iF>);rymLff+yHLii>bU(IkT@&`AE&a&%
zywp4rrU%v@OuA)Hau=2IFT03&jeX(=ZFHBOmrv#$6g6!Y4GG(rtUlHV^V1XvH>Z#!
zB;)wjZK=3*F}ZrOC>+ERIB|ujF)z#{rIr;TyvJ@!KHZ)UGHxY~oJq9?AT!769TWH)
zbB<9!{w~sSitvN=Xu#Bmn1Lvo0UML-`A3kn*}4^KedzmulvECrj4SJvWnwm9TYAR+
zuK!oqN$9WA;oDzB_VdY1@px-?jae<A-U2s)-OcWH))82Dx`%u#`uiwAX64VCcUmH_
zb%N4Zox1~626opfyByfp%Z_3@JxzL6;l*=lnK|AhwEJKlEx{g(;k(iFu-dfBlL;*2
z!?7zBAYNMnw@OG6MKU&>^?Pr^=qqc-9U*aO189C#NJp`|U!H2I9>dFxoC~sFyA#4&
z_Fvx|^$%Ym*Nrc!yeNrH4UTJI$e&OV&b~n3jO*iYUySeQ)`CaVD3Azi{wbl_ym6~o
z$zT5=XBLa{TfD${a8=_u+g^95&FSK<Xg9N3?%Y(_NYyu~;P>%&7gv`r&&WNATHUom
zHWhs|W?P$U&XQ$a#~>u1LkRMZ!je?VdgVp*-oc%6y;xgEB{Rr+8hI<EW{u0W{c7zQ
zW_KZ`mhw_<S{&cdz`lH2$<JNhYh<%H%j(g)kBN)V_6Iy2mTz20`Rp4evg*x_1!~{1
zFCDN73HfXc->R@<SdTZLI+`v<!TG^;pYFF^$2(OeIIviSE8=L&_0Ajvi%HTvS7)5Y
zJ6DVUlJCC#K1rV6dGGb<rjkN3S2l5)jl5?G+vOlr4839o0Cu0pgpJv?=)GR!{PZH^
z=k5(CC7@eR^O>3k<yoN#a63GvGOtXVAm3>~!u<_>lr*<C?b6<Ld-L&>wuhaYVC(&R
z|HAlf14S6--pq%!?W$X&Yv1%s)T~QqqV?Ph7251Xufmc8^<!42tHyY27L=tr+vEVh
zG*M3A{g@z6+AOa8HPJ5qV<+;dG<W-p(bQyT({AGXg0J1xS=W_xr0~9&bNUjec&cTv
z`0Eu`sWEWu6jKb%*q0{f#_V0WhvGw)WjK(-&*rr^10hG~eWKs6U3|iBFGuIUG}oL|
z8%spQQd{m{S2eh=%BQ#<Zxmf4JFh%_y+q{`BHRUr6uq$N+4yc8bK5LUmI&LUR-)-s
zb?Ei-yV}E>rgz?4)-rzp5zM|QIuuR1KeZQ-Wri1@7#}$7-6W|I4TN%8Oy+=0n+kQE
z|A)i);dof>$`#6$7_5!D{B+NxCWkF^ZZ=Am#d;e`kHhXwhX@7IM#Gr%H_mHTtlzx7
zsnFQf0x^p=2s%gi@?VAbUIV+5_^=!j{3>>{(z)^i_@Phl=mlL*KKLH{b1aL$dE+)P
zZ}hxdLjRX<EsfhLfR}4jS^-{_UncN<R72n6|6%N{!<vlWw|@%*L=*&66i|_dk%FWJ
zN+T&P-JPQ*DgshU_asJl$6!dq=<Xpf8U`cAVDY>Ce7@h`b3Fe&|8u}G?tAa|bzSG{
zJg;;>*nX^x<i1pP6?2kf7GD@DRF*CiR+=thsxBI@FV&sE?r)qnhwzYjv`{{~<SWl&
z5!cG&9rWdh@LRCWzlE^+R~z|lsxnbFResa9pugGwwvpABok)}lovHrOqmBgTPskvs
zgz9##bw4(B@2-y?_Ci7|xHrJ7)rGPr{hiClV|oKOY+FM_saM`;wAC(f*yy%c$^}hj
zja=T`D|wqY{dkn_5*>$1Zh5)-^Ir^VL|~mkFNLrlz|V0cSgj_uoVn3Hk~o6C%GW7@
z!c^0Z8P+GuOw<tM+{0T|w>J)gvgy99jjFp3F5o52&)>1o{LatkyaT8sTppjuh^xK(
zFkypQyJv%ZMvdPX_>-Jnq_b&&S3GWnFrJI~_lj>1rn7CG2ZHDfsgqi_cfA+s*P|av
zcXc_)h~D^0$J%<M{+xu_Bh*Y&O8xH(K1k;3&NMQGB=Rrh53VHk%iNcZQcaiGy#D%|
z=a-is4+QKMo03Dp4r786^{;VEEerdMoYwph#rm|DMR~=pPb?kfxP}rqi%0eA`Wqeu
zCDtkuJM?vLz%z347n(;s6*VKhCgd(gIZ16zFxQVy#uV+b{Eyso!+o+;?@g68xpY#b
z!#f5TDy2u1&e;41z_wxn-NYGR+M@-73tNi<iD%<=m}@)KkJCePo4hfVmb_&`6(4SK
zYvgbmw6(nxx!U5<$!OwlIxO(uxdZ3&nIPzvzmh4Ew$msw`}c3wzC;l8W8gQaY)`_Y
z`w|}4Q3FRR_)qDZ$p*aw02A{kAsohUBK6LYO*=Qu=~7z?Fn?Xa3t@Qavx~ws=IaCF
zOAV!*)w2i`RGN?1n!h?vIy?_ug<S(gk+SK0GkiWcKIX~rXmegqNP|VGUgK@KM9!Bl
zW(*7yX=7~855lWgIxLHBpsk%_f%wdCPr|=x^b#J&bu5y8Gy{cuS;v?v11|IaFVlZD
zyv^eLnFkNUfKukGi$_a;pU#4}Vo31$7k;}8e6!}_pH8g4a#A86y>t!hJz9URiMe&B
zKcTj!?+06Lh1<>x%Z-b2j(C%R+)MQRbZ-y5r$?P7qp7^Kl^Aj=gI{wUIB};p1%|I-
zBvfzo7F6EjCl>3JNE|4zwv-rG>5ro{)wHuKfBlMk`tDX^AW?$Y<P370um5A$()oiv
zZ%fqfx^pzpIAq>kQ&?-mQ+b>L$MYgQ89e;H?g7HAlXK0svLfl@P&|(qZif%9;#T(1
zpw7W6VBlia0e)3G<ENCzN*DDR5vRv)dTQ{YWZIy@e-7FAXRNaN1^2%1am`c#D;;Go
z-xqLi|D&{20CRaCLX+IchVa>p*%x@y?$@^N{`H-v3+c6m!V(?OI@XZhuXoCCj`U4?
zL3FIqNn+(cU(0cF@`Bvmp^6G(rDGFx?>74v)4TqtM1|{?Dn2Wk%Kg+83!(w9pNUGe
zfFI%4DRUd0;T&xk1M$QtXFX@yL}*XE7z<sYHVm%(jlRo4wK=s79+?i?wl>=&{0TS;
zod|PVL8`S7@KaC9V&}xhGJvh>^ZiA0hhMu#Yo=qhK8ID)l^SM2*rVu2jPE^<atlW1
z37>n7M#%<Fa%jV`np(>RDQD(r)#Z4kM-tzmjcvHo@ulFq{!dzlObV-SYq%PK9?m+`
z^8Fp9kf@y8S207=Mj~Y%J-&C>bg>uvJ@J#LZwM{OB<HEU&d0kX&K1zZ7p-h+fmwE`
zj0I+z>F>=r4sE<rz|Vyj>)(|Kc`~VIw8<S?Dw<^-Z0`U_>ez#dojljHt$ugI3+H>-
zUDPwk*upoT71rgXx=32J3EK0DrdoYN-w%<kN{;8AxrDwpi8)fdl8D4pAi29X?W1qp
zoSVmr-N9VTM_69Ix&;Mx;8!}hxJiDUW+&7A9LGH{fhmdv(YYlcim-`Z`$Hq<T^|mX
zJM~z+qJ59Ysq4ARcyQejkKVyCD@dV}jYT=I!j8MzFM#M}I44)g?1%-oBIAkIhVpEy
z*0jEXZTZ#9KleoA(ya&6axImo<6>gW%u;!<-rD4C2QnGYNcT-lRq0Y<Pmi03P5It^
zPk@pWaqkjie|Q=OFD5S`=qLpPP5XtH0B3G6?&jWs{eu2nEU*lBB2T|2gTeR}9{Y2u
z43z^w6CVJ$*mIAN+v7gc7F=!7`=knAL?m|5p^cMG%n=IQI>qnnW||>~xslb5b2?S{
zhBLPHskMgnq&!Skgk}DIQr8@6bNVB|c@?Or4KKE$CX{y-h7wxC^A0HdUI>`95aQzE
z`lVWNBB{l*C+q#hcebHbC`j`6s@-*fcfM<`AEtay8b~MG+|0Arlw-fgXDpQ#vp1g$
z<d%)az`{GHllzgQd6Edo;J$k&(WKHPmt^z{(R9wD7w8?(*hJPmB)ZBGmG%Y~5otA0
zwF`(N4L?dtP)FYY{SZ0oI(!j~gWPS~S(*cCpbbjDMUlD#6uYS1M#hIaM^r9O0NLJh
zGRvg(87#DpU?iOq#k|OVDd5}TxuKyk4m%RTrR6WaqKnBbpW5B)st66#Zthb=Veh~b
z+Oh5-O5s~2GRlJ6(@Fyl_QLymC;iay$j63x$HFDi5ZCCBFuRJxT&iI8_kVBSk=?YS
z4fp%1>L}YO^_wY5HuS=dT5uP7=2S_*Pe(2DP0=kn+*Pf5|2y33xfd3!%>%;{={7m(
z(qZ#LMB?C>I+MxlAKCOfJ_qPcMJeMhwPXgA8r(NL^6x`28OM_(zX<MgWwv03fj13U
zbnd%|sdOgqjoHoZ{w7~uCIr~xd4|;HO){nOFoWSs9P#hwT~4FVmkzH~!dXTdF6V+O
zTr*K&CEr)NOL-xi5|(ezd*j6zVR^YDyW0vL$E(_n9@8GY1_@1Ov6OMC2Z~m}E?Ot?
zzFF1B+-<XJi?ra)#ofD#^&PV`bT%+{RN{x7Gl$6{E~YnqJa8}KA)4~}t)CXpjbRM&
zoS}kMwMJ6@A9$y1`IO)P`NVD1bdyKvHooe>XYFmMMy!S&)BCKkCbcRzwvXY1#y$P7
z_LkRwoL>W_VJ*ukcI4Pd^HBrRS1Jozsgy)sFQGG>AG%RoWV$l{7>m^kni?+{%LnF>
zU#4%>^7iB?#2ziy0x>EtF$k1yD5CyaDGr5sdbN^mu`Dk@1)#n={?<CqZ2)xbuf%+y
z0vIpSb?$3Vh+Lg>MhuwIB)T6@3EOvTQWyg~0NY;8_CtfgP*C^1+xILI|J|49zDLS;
zEc?O>CGH$TdzYFtE_nTQ;C;qE-(PHZT<;Hv<i^ibxPvvL*CZ-f8K2aYd`PG~KTCS6
z@3+Al&@>5upZB)q(*vy8BTA&@hL9n9<!*;uN~0MxtjB%_d0gOs=j68Cy4RB7!$_0z
zcGjcSx)hC(@_7$Y!LTy|d~)f5Y`#t*E47osyEJGs-*<*R8PnVHj(AzWk~{JINg=ec
zn30U>qH(yJ!q+4GA4m41Gyh(Gi9a1qrHiLIR{y}7-cp0Qs0X5U9qg2zr8V(jz0`+%
zx}^_~H)cXqtYq%Yajm#L-k%!F)dz4}f<dhVjPVxFN*@uhv5tTc1U8yusN3hcm^%8F
zon>+ohhj?!VVwmS<3!1n9z<ndD!cRa-HlhNt`Z4RYH8xHpaBw#qn34P&SF?i%A0_*
zF*p2Z=t_E0@AS`0mQRw4ykwt$@(5oB84I*1|J5$ij7&7XW5ydBzH<fVTSLULa0PdY
z)g4%}@`zYC54&kY%~oD>@N@HM=Cz31D=c-&*+fpeg<t&Bh+_M}*0I-c*-wtt^`y)z
zTPC}8NxjkK^nxSa_9}hkkKFH=W2-OKk2(@vRx@}QBQ`*z8%Hx*6<U`4jqx6z@UH_H
z6ltu_Vxzrjlj;>IJ0i*sRsi>=Iw^E?jXzo18yL1Zo_hWGBMN)DJ^Jg7R<4)y*KNX*
zG4|018GbL}#kd2$8}QT05Ybr#dls{CRa*0at@yrHj@h%qiB0N1qv8R9{fVUc)AlKk
z^DX+XNKr}nV22!aN5dQC>)tkKjj!9--+E=y(@XX_;)bGV%|`HEG28;6>;7{))e=U1
zM0ZU}T8l*NL2BMxyvl!<|4>F6+-8)0;GEErZntviKfdn`e0Ix6;x?S|JbCuc(v9B2
z_<-V@L!Aa_<aVHvS~4MC?s271)I4ybd}#7|<cpq|`j+%Qw}i0zI(2g_??y!=77pAu
za^#|1GT9ERMS0^!W|3~`@XyCz<2uJMx|Ux&0sjZr<6q4JE;~s;v1U75eg_zFg}I?A
zWAbjwr~#?&C}Fj!spO66`I9vR%xwr4cj^anXYeAyTN6kGlM_+81gb$mb5wxbcC+0j
zZSeblFjchdmi2*mqRj8U^zRWSemn%HML1Ui(+lwEeqB}nq`@f?Yq6FmeF@lE)urwe
zM%z{#$Z`Vf=y-dXZlYG!8Y4S;T@(e$_?~i-y~;@E{`UIA93!mo3q1chX()$GlH^oN
zCVEWahV%kU>&fo72PYB0r}QS9*FLsbR`A9_>{?_?^C40C14N|WIsVFiHw%vOwYp!?
zT*f+?|CZ1G)@V)Bz36p(nQ?Q<8UY`or}>?l<<HtBkD+9`8KDWmcel3Ndt3hU)43lc
zUd$2G3b;_)UIuJr8@k#ifc6w6#BbJblQy9|95s&?b&@I}GZ!T)<ZzNO^fkU|DkbnV
zm0Y6j;ZQ;_mO>G2J)~a4DKJjJyld%L$z>7K#12?kx^@PxI7Ln)Ehv(b(9E5k#@YMa
ze}USvrUc=b$7JoCWT?qxlKflvQkffdUj<`pA!qCe1_i&ZW{-IONOR(v4_vd}-?VU|
z<tm<u?><-iLQ7z3Euk{LS-{5FVwIOHZ^WeWXH?C2I1aCO2EXebR!eFeSgN$|GYPe;
zEwin($nD?gJK(8yALMU@;98_$<ha+o{1@P@-?V-W#Z8#RO5&1yTn^O?f;l9>gR>lr
z1~prGewi2vd-v@bxAcTs9io0E<JoIoBZl?(ECu(ANYT(7?japPaNuZ&<!sB-ZS!el
zjM|>TnY}|u`0RYI+Ai@;0_^GG(LxHCu=WpMe{2BKM*5t3NCy>j?=SxspJL%zH$qka
zeDWW+uaLniI_y#zqp^*WQPUQC4L;`a*K6C0thz$GqcENt$0EP{WLby|kx=D?B>+8C
z7H-i`?TWO|(go^A&$aHW?C2KhM9Nq8I`Uts?_u``nlC3>_G~pDpey?y93AWmX1zVl
zv)|Y66X;O+RNy^FSAA!P!Tem3n<gckKST1(jf1K9#Hw+bf9R3{my4pcvk|OHtmIZ&
zv!b`gC}&!8vQDW>l1xxp0w#A?J_G)vLTpvuv-sWPAkvfhzf?PsCG}UZ){EJInO}Qx
zzOn9WeUClX?G5M&OLf637?so=&sEdKCW8A0dtSpQq>rS_$pd2jU)ir?rFVT^Xa;ia
zFU!LO1I1!BHa0p_<DNFrNOwwsDbW3ocOsh;-oLSO7P`}L|87^<Wms!CsQLW!jLY(=
zprREs3ovJW`?sI&=e*UxS^RS+0sm=`QRB@6%fi)F8;2dPliGE;zTQ2-`PeH^e>AY1
zP9>QDQ&uGRuFx<GX<<IZ_$`Y=NNM}^T1nuP{#2a8d9omp34reEWcX38ofi<w!ykee
zL1GYhZ6{#iua(l_)>b&xU_{+YKT{8ltiQGYY)SXYb$Idp9%<_uk_{(%e=0x?v#9v#
zvO;1<We2!jNeJ{(g4xib29QwL6<legRGJ|9jNY!9dQwFY*)_iE>xceaD~F+LSBxJA
zhpUe<vut%*x;ljQ`mDVWmNZ~!u+e(<*m%Wt01fI?5gW|N1ty7kJ-(5_>bnAmKHAk9
zmM70GKctA|)1Z4c)j*NSJ+Yb1ht^|Zj;S3o<o1;~=jpeQe(x`@lM^-9g8LI%x0A)1
z)Q#7;UOO57UQ2CPd&pj485>!L>^A#If;>n|uw3F`$;}fMq(4mY!iwXqh8`y@t}5|j
z`7*%dWhBpo@OcY=CFXgbc{}CLx-B2vTa>z(;ed)MRAz1769POm13Nd`1#w7%n~<qw
z8HCGs2`N#UflYozYLhfXm}c!^%CY>9WDRpN39;c|=D$j|ZW-{KJRFgl#?Pm{<(FW!
z#6m7vF=NMbZ(v&TxQQ%lhA;rJNVaVW>iL+jAY=L*=bU8))QtUBGf%ZBi_^l&5)iWl
zYRbdYPxGg0-xAFOr_m6M9(|7s&25#G=k$U@>C!wI**;{;p|u~RuYTst(pC}siyeon
zW>@wc9}BR42FQqQ1cZ^_@Hen@;eK2vJ-%ocGI2t7`*Kc6=R;isR7N_Ca5A%$#XX8E
z8-b9;Mo$Buwk4uCc{i4L5HK)`Vcfe|ql=O89h|>4D8VW4vrq6ZG-Ak6fMZ|d{9Hlr
zIU2(lm?1kw{Yc_tC@Su+VS`E5TZISWHrM_1c=O&rfBg6te}!O>dTj@nb1Ieu2?oCg
zj5HBp950-gF^Z)pxv;yONe2IBxlw0?!?6By-`{%C-|Xg~Dd#kx>{$$A_T(wv)u2A{
zuR&PdrU+e|wKW0?prU06kYS@on0(|zQy228Yh0>i3&ifUVVP9+zio*nvB?~@K!m1X
zqItGVcK>^ixahK%1BQU|mRX|%0w%OI+>ZmeoXa=N8$uh&-Nd8Xo=1COF01(?X8vd)
zKYkXg>gDfueR}u9!s@2OFZ9#NGR;NvGWB+ac@7;L&da0?P`C``_NnkeEcN&5Ay`7d
zG*!VP*-cjE8DU7-{=E*G2j0%g6i=|iG)s&&-8+w#8xL5>^S}n0qZcQHBEN#;#dJT9
zm3iuAW*D}r9*c{<-PdnnZvFkuE*piu(1Jzn@}CL1sU($|Bo~+f)07XPNo0?qBn6%#
z4ZY9)`*}-$A_VA-f8>AA=+MlKO>GuPjhu0gZsieByHK+;r?J0m%ht(J!C3Dk6ur|B
z3JT!BcbY`xd5%q``n=X`hlXR@+Mp4jt5>gSoTN3n-sI;NUgYmKoCKk`$_n@(FUw_X
z&dTFk2;OutGve>Qls|>^5*(!7i)93Oq4Z`&o$LB_$Xpc0gpT&3khl(=ta`7l2TbIH
z%q;rwt+8e>iM=GfWiW@hNvE-+1+Eoh8si2H?&!6)&@`#?ls?#-gq+|1>pHN{TR{kz
z5l>Rxw^3Q5j}r@>6~KUJlBUdCTr+2ntES{6Y4{iv|LmZh_Xfh9*Al3YuLRodu{6eP
zlCX&p8IEJ}4|(<ANeq1Yzu^%?WwxK%6aa<|0JF)bqHlCqm+k>ZqR^`qAuRw_5eCcZ
ziny=hhkHQzlx^gF?M+4$kowv&*Wz!|h5p(OEE>)Rf|Idh>~p}FS$<?>WZ56H*u24;
zI^WYj0Q4VSH+SfL8YDA>$Umh_?=pXoPm}Ok{k{J_7oHJ+0$3D{=ejPH1wkBsAMQko
zHhB6pK5RDB#pzryadMqb8^Fe#?r7ync@~%WC8gD^<bTXnzuME;p^_~zkxh$#{jIzJ
zSw|k;z1x0~{eA)@%Elxyt9@q9<v+6GTJs;y_QL>OD)>V_gvOHRPw>6ea*Mih=v+c{
zLm_E(;;Pw<LZDP!g?kMn$UJC@5eku4RHFhRun!JPCt|EY-*o+B-ZZ!}k_S?@J6O7$
ze|@inMV;YTI1{9oiM_2Ci8C5MzMGAl>`MNC1^A>~OZx4z6;~G5D~vH%0PHc1%kzct
zJjr!EveczTkCt@Vb02<66Ett^6w`@!jXQty{Z^ikWuLmfzJ%v?A)NwGncs4Yeo&&u
zr#3k)$#sGv4KvLpsv&)&Wb2Z7i92gs1<;B*^`U#8Z1#;o+zi@!X|YPr`YzxV<<-M+
zP#;S{j{U;<Gm64-LorUX9f}{}5h+Jo?=pkK!+Q6Ev#$<I*X~5kTPzwX*L({L|Hko*
z-C|Z0<9)*JC<;h>Pk?|N{m=>hqluY{gAiMf7hQzZZ$d_!_kmkN>3bqn#qT8hi)CL0
z`X**<J}6+-wg{^6yYsTE>EIePmnxG{_Lc=Qr26#J@5QRg6kC(fXFPb(hThYJE5@%(
z4O_*&HMCAqPr5SK-Bk+WOmv3(oc``H$sJg!J#!II_%*X-3mv0ANvL<TpFB4|x$3Ux
z+V{|)CBo8!%81DPvG%jsWSNG%*#F)Ld<ciHaMr<U2#g3{$jw_6{`7<<hR!*qe0?f{
zLW2kKU?_p2fi3$3EMe#aI$<b$g-Lm5NY1xU#nB%|9GsUOUn}FKLao!8wSSMcK+;)r
z@ay37O-xo;uXg)y3b*8B-@U%jl&I*Jd>xO1;3`NCh*uvCt_>csC<e{^bApU^fR1MF
zT4qpRqh{vrctlv$HBo&+YKw*qBoii15O(K~8oGJFH<Ozp>WO4@y)%VFL6p3c>wh`V
z3(KjkCC7o9`s+X(Dmm>TG+_bwb@P++?^HARTJ!E(e>dM57j+~^Y~e<_vBN;yw2R>g
zSO&^TzVEk~GM&TylQ%$!@f)%6z_n4f+6_Uts=af2q0ax)4}l3Wn{muo#~_IE+fz)w
z9_n3F5)fUt8ZkaDb%DCKTqf8ph*4vx<u$M`hgwFCnyld6_eG8nJB+Lyf^0Vzy~=@C
zHXUNYo)2N5m#^L&g^)QQ$1rV>@!lz^0G;PxJvdLEm;`Rug#`d+^6qYFI+xWAgrwO5
zzrtj2_P+x2;I#9+)k9#^Q{O)0JQ3Q><LM8GThEQ1Io~cLKRtI|d~MO5sAw!ecK*s6
zf2pi$XU2akuGg0)+P`57kPWJyIUN2FUo+m<M4H$}NbW&}$P59g!oLzgk3RZ-zENEI
zV{BqhJC6W69P50;$mdJ5th6duH$Lz+P1Yyl#-EJ-#8cq|RV2=!{MkA|&e!mFyiez_
zU#`Y)dPXJ=skgvXD184#vULUf!h`L^JM&m1L!<xE4-q~8!pJh^{`*0RLM`)<Ky{|S
z1O3cFy2oA<Ng-YfhV9AC);5?+wHlZGdgGigDibE^?Vt9g>*CJ+wu?(VHhV0SBTu!E
zCdnVadT&<=Lfhg3Wz*Mayp0W4-s6jEO1j`l+kHcFhKA~$!TSDG{6E9Nan5YOsHS^u
zHX1mW@Eex1C+A)P{)?m(oLz1-!nf~1sxiEN_y-lk<=2;{KfadW!&`8{7L-<IB&&nz
zsmz(TQp3anfzI;dOp)+a|CM9Jd6~4C38`Q<S18_I-S{E%$G~BWUNyD9>pMUX5(}9u
zLVaEg&=qrfNar3WU8Yuj_Bu$2|HSAYZ&#`^aj5y9e4!y{Sh;`_ZI6R1W5`YzGn`#D
zjV*!tuaXFybY_36hT^{1FFxyoE+*%X5$A)F7>)Cj-Ol4)2iuq$d+KXWeDWS66zH!t
z;W7O`Evnh~m!13LqKY{a5|k}tgZ*!G7sFpISvH>lk6o0U4#P}75(r&tpB=0APW=$H
z#L7OX2*X*C%v}Pel|1tm!@k7*OnWUI_)&!>Vo|+Fw}tcAu_X0#D%_05QIceVond|K
zwd53(D2&#ngv*>cN~a?Z-hOUF=H2ZXFgyg6Ncu0<PZvf3e+-Df7^xG^W6J5~2y00a
z2z&kJ@H&Pyz!xV_KiF&%$7hhRH{a6UVMtV7+;<qwx!*j}P!-yqc(_oW(JYrc9Y=S?
zeZ4<ZyXfXz2o%a<;H$V!u>*L-*pZe6z?q)ZmLTQ}NS(vf-(N4m*v!Eul;7$B2j2AK
zIA2|{7yRaN)=D59`?(Jf_YA~CqMT<~L19DBFUuUt*!^!7z&jyEjNCM<1|{D^>7Ufx
zum^@^69?2qN+QoUNf+sV6u;#1rnNmtdhFn`AM}b4GhzQ>VaoF>yMJ;|6<G#MrNMuv
z#}O)44|0vxe^xm8`xvE~3n&BsAVZ-)qhbzAV%H}8s*2uw&#XV)^h$HOFwOe3GpOl`
zF%Nr`;O%vn*f^#4ZWq;e2KgwJ!Wx!Y6ixfLIjzglQ_jazr!i@dmG3d)m7kt4R5*PG
zih=Cvz%`42do6SyvTOH`Iw;cKi4`+2!{aWpnFmJsu}D@pW@Clo3-uE15N8SE-hUAg
zTO>%$VTl9EB=UpWgTX4RPDEeIDKzNi(7z`b(W;~uXgymti!E{_D+a|0(x6>|wD@W)
z@}N)C%!KQwM2$PoZU!#()xEtJyTO^}!MYNA>5ioR=$oZQkwCGZLg3NL?@34)Yi<~#
zqQ8B+hrJ3*<*MuJD=}cMGz2{S+28QBTc<*;=_vnHaLJKyeShNXxh8KKVwKqoI>2mc
zDD1t|f5o)QiZB2D$dl#Bbs%8ygFiv#Yfe1!wBI_`4>`jI{l89jw=ZI%$1>FSrCM_`
zW^4U^fg7DTe)1WXe@@^xa`=oH8*2Ieg@THf@r3#l0umDwbF<WYcd~tpHqs6vd*7n#
zR(*G_zNr0(Cwq>p+jQgY8Szr#ZeZzB-#1ISX-wt0h>tpixLU5P)UeY7<e_e?Lj!*%
zcI4F^h;bUSKYSlZ2<*i7@d*fgRxG!?4-2`!DC<sBPYBGJAFq|I!Lih!Ai#eVfe@0h
z#?ItHhr{T)<9*)azaZgY_ZcA!&&^UM7K;;{8lUXHyYT<@M5p%=bsmW^wnVxg?%t;J
zaR2bx?R@7Dln)@Z%P`@+zvHJAlCV}}+Gp(-GS$8l+$qA=wL;*(M6H3-=vQVttW_9j
z7hclWkhhVO3DMKO0IRf~i)A-UDjd?zbUQ|dS$Gf3$ywv>`{J}ItNU-bC~ENyW<+m?
zo?g>^m}8!L^PHpRARg@*(psd4vFZ;8-&?Q-?eP;ml5f*<IsPbSQBafC)lU1N2Z_5?
zB9Q}Ew!`z#xdZ+m%If;iAK?W#^=h-)TbmkMhp-3BE;y9mMn7{qBb%i^^QX=ZdXM$S
zzlZPe-_ae|5W?Bu3(4ebPTMQpa@==w&zz^$|L9G-o7uj1U0P!CqcBzsV#dXEH>0`4
z_{EV2(?$9Z=+f@{mB*rScLNpY(q}M$4a>D`SjJ&KIJ$s?t&5KAI8^sPX7fR|aPeET
zfEnfMhzQHWe;NP`FCTHqhvlMoXp?v+DsW7C{|G~N{r);#;1zCZvZ2cH&t$YLiS24S
zUgM6muZMRJ|9u?bec#!&Z145Ad_5$MduWjI!8>3uO?DHgGIWgx_XE&hJ-=J$KDk^1
zjB+)8;jxUg&stobC(zE&M(KgSwjzCZc_@q#4iayX<Vevlfz{4ghlW>1sau3&jmE^2
zx8DxTag%o+{){!_H_rP7aTE?SU=v|f0UO}hhp`Z~5m4%_)Nj8y=K1#BatRts@okF_
z{0>tsD>=`GW-Y^q-wjRBc30JP4!13E98DQkWIt>*05YHX48>7wGeCx@kTb)tWde|w
za$ng@_1yRS{%yClBijd(UeyZo8aulhdv}7J4Q8&4tI5;(^BL4y#d4N~Zu{Q|!b8X^
z=QuJ?)Gj{T>$6GnwJXNv@!~tP7y%N`+5*?`G8T+~s#qn4zZzPt>aftWI4pA1I(ZP=
z>j3V)P+Ob@zDUV<Z^DLL80tLuRrkCi_FG84eV*FrY#H^nI&jX?m*9<tphhpSKhn3N
zKl^<IG0cv{t8KfW^N=KcblGkiMuP_FrQ8Vnu8}-@%vq>sZ-sd%IIRKDUXPhmCCkN_
zEJmA6xyA%Z9wDtf#6WHXRcwH{CMVp^vsrw1Nj7}*x<Q~ugF;XwHmxC`<%oSf)#LDc
z1Cn8gzRWP5`rcL`M+y=O+MV_~<>*HmgocIkK)5Eoe79$#D!c{U?*l!n#$4dQOs14|
z5y5T_0X)L<M1smYvC<DIpc5wVZ65f{!B_BCl-O-kZVH{j4qc>)3Q5#%oK5DpozwYB
zG|F~CUz1_24eL(NBmZIBdQKgPhd)A6Bg^Y%l19W#)P(mVxXQR>jRariD@S9digcli
z0T{^gQ6Geq2|irAcWs14G8QpQ(sd-4d3`xg-9%AF>#ik$mOpXpmcC~3pH>r?t#xD~
z+EjO7kM5(w&^LhT8)t&RXuCgr43J%C!qp#j{AzgiV1g7VGzhAShQ^U;dC0e8cN!R{
z<bkaThx3}JCyoZxZJ!YrZ-vmrU7}F>g%Lhj=!+*O8DXDg&p}JhqyKllArIiug0H5_
zO`rM#;7kYbcB;kpB)hx@j<qo0Sc^Xx*qtkcSU$A=HzUukMm;*;+anv|iLSY%iGOnI
ze@U_Q3RL}oIQM>E@|X$ybE2d-KiwT&H1|#&@>(N`ziZLRvPA=sXRiEHAr9`fCnhtC
zyOdvVu^wV(rzPpj(?jj>Ol)hx*ZvEV*>fs-eVVy=@+I}}Y5H9oX$$i#2(`7jbM(!}
zR~UN+q-^RKfb3{lIWqtAhfM!w-KmmSj6qR$-Cfay_q>l!2P9xG%%Gs;k6HRRDxe)5
zO0Id!%55JdO~VmFrNEEw%2!*i=)U0Nx4y6c4Qy(?h(7fKK%dxWPvS4-Q9Nbj4u5)r
z7lKkR7JyC$YGhZgd!q8+bY_Q#kEI4qztvTf=rYK)E^Fn1E4mgQ>OZ;@>F2+)E13~6
z+XQ|f>$h8bm!FpxbiB2Y`s9gX@|6ZJzNo9z<B=iBh8;H&|D9S&bQ3Sl{<%V7K~|J>
zRkZ(!k1$ue>l1)mz%7@|im%x&H{%xF^SOHJfvu&vrA8{(;1*`{evG)~&N?WB6t*@b
zMt`-Z{Qg0KfB9hOkx_gu&>;4~?mJhAT^oeHKy%+rQ32w7wzc!_`V1I0K_?#x`M-(m
z4y@2&)8@`lV-qp$<-Z&>Rcze<sG7y#Rv38yN2HQSZ+~L*pQoLsYf=_mPwNeq(8_oK
z9~8thd*Yp7mEvXy{emwd^(A{3#j`1lAp@!J$b_o-j_&}_l{xCL`Km=FRbuAllBoL{
zZnaw~albB-zfwVUWuUuT7j#Q_{c(h!@_j)!5p*BS;8Ij~bhO&<?Wr<4$Zu)?4cXcD
z1bAijzd|sVDkyQ~Qkg1L1-29TVpD(ThW_~g+cVV)Xlk=G0YKW!P-!8o1_$xX_5C;C
z7XEvGcrtFxMvAeRm^6!bibM7S3I^??IWR2`-~EF<Nw5AmfIAlZ9Rn{fFXo-be4a0|
z4DR9!4Nqf;WVT2P?yUe`h=hcXygCI!qCRzr<s)gWeF?2R$4<0H;`Pv5{3bTb=_(9q
z;nj*0#cv)5{}7lWf$xD>z+u$JS2q(si6qL>^mMwTnMCMaZ<T(0`)+azemb!=u6KR+
zG?)+3pF>67Wi;g_y2>v-n~Sd6O`OZhCDdZ;CP@G4ca-vPt*11vV<z4_4>DIx%e(u2
zm$dCIQDYt+kwsp8{l3M66Lm`aTM^`Ew=&0#C^-*FAt=RhDwI_|`#v*e;BfKc#kRR1
zsL3tCks6BwTDoYJ#-9mfU>v2)8>W+KMj`kfiRwTz;d1*a1iF|r;<#Q&zUtw?r-;}p
z2G7Ju02vq^&85A3oC4~IZ_#`~Uxfc>NNdMYkH#d90jXQ_AB|+6%^VB?o{niu?1$yJ
z1{A1vnMXP)h0dq<bdVHC`@P{Hx*A0*YmhthgN8JDLow(QO{biq|KY)L=1#HN8WSV)
zV4C0?{~vVn5H^VDuG#?c-7d~#*13Q<V<#H}ZFt82f_pFh0BEWy?P~X+@;1U~b>R5<
z1sp$Mf6?Qz=MZn4tm64X1!j*l6pv!Do`n)fl73{j$-oyEiyww~bp@_GU&(I`?}n_W
z<MIQ)UVTzP&!aPpf(+1~FHBQStH~M}?2wPfqIW2o2Fy(G?<nDWiz=Cm&B`WM*OBZ|
zOysc8N@tYJNmiSdrH2L*#VQ!d>;igYm`|%A@a@u@OM2G`r$JxhyJdT#DHHhE6s=T0
zJ*ChuP{7%YOh044a*B;|3~6Q^gwEba8mrG)0}8yqrP<zXpJtIWxsxv@w<>toa#>X7
z@<wHp&h1Wl#(=90se`}#<}#31Hm|z(*ojQrE_j=3U$G(niPUE<WIK*3f$L>tqX=yt
zaQ?XdJ%FYK1s=8iT<_%w0X^ej8>t++X>wKTdrggVSt}C6dhPHD>c^!omyZ+{8^9sp
zUW7_r>0&NVciC`cRe}lk5nJHdCGm!KUF1DsD_(jl=3n@(?who<%fT**EbgEsVQc?(
z?+Qx+z>#U~@|-zQ>R+M|*f9IsE5M%pFA}DagA(3yYIeyl8~y}VZW%4Xoxoa=7vEFg
z+uIAc#nO4@H)pCiq>+ms*XQ>CwkJ)|x3gq0JZ;?gg8efqr(pG7NdJxx1)4JV`tz`E
zjw(%!m`xFbsLf1jwP*J)^|#Xk=#y{o^wa&ygf9SoO7*nNR(t8$t{AQWh);RZgnsd&
zl_R<&ASIO*{nx(oS@5X_r>SYCRW?-8J3*(!Pyyhf1sY2K6*H_?jA!Y6xVA?|TPj+M
zUM9b{o7AjZolh{a8Wv7(61t-+#dlvU;)ho8+ep$>2wy?D5}R)2+1L&r(!F|%XW>&F
zOzITOM+vY0X+P(zmN2wz+_xtXgkCVn%`&i@X-F)QC~E=enl;^w=S|K4aL`;_vni`_
zUDK)4C>ITlwu&8Z8FyM;Hv_-tFJ3`%%wp5lZUrUIV&`bZUp(2@??@1@(KhL#H;;bV
zCmx0U=;&{N_6}}UvMnnKkjWHv8^2ef{1gX2eua{$&H4y8P6uE2i@ecuitX~RdUo5z
z>dQ|*Tc4`Kxw{Es{aKH&ujN-UKS;VNWX#?TC;WMLOlya6P-5{@duT$StX_ER$dp4o
zN{3XtJV(1R{R1Fn2X5T0pNa<}JHxE;26awVb)@rDUPu0IIc#kAqzv$?>CQvO{mC$5
zLJOpJHu^=N;?)fP{pH%izj?eoXDr=N*?7YI|MfMTYhRrIr*ELIl)F8gy?-9L>m|QL
zf9KAtHzAR?Gt3(j`+*GXpFqE_k|v@D7w<m*94&h`+#$(0G^c$DwBnW|`MeutD9)F@
z!kl1-Fi!n)h_1D*eGwF?ACxeAs+e8FxvzmV(IXY}@Bb*)O~~*iaRsgRG~SbdpOw=_
zzd1jlg!^RS71y%$)9p0&;A@CCQ>rHB8SBx*fHzIWVV^yS5$8czOLYzt>gsq%kKC2<
z`E8IflCvak`toH<PWL(}p2;L7!#P?uF0ptINm{UD1;MZXb7LD%7k^;mqjjmP4;Mas
z8>CAn5yP4i)|pJ~R)=J%6XllIpFVwBppv?N%Ku2lKWVa9kMAVj6_S3;<66eQ_Iz`5
z8(7YCG^zwjp^C{|kE5BqpYp4(1CYHauV2s7_|*ur+^d3Rn5lKB`|79k#rVDR02I%u
z?4m2iQ%=vuzCT?rvGQ77rk3#C%<UA&*!qLa`m^(;?mE1FiqAfyR{SfV7mQq_LW0)%
z;=}C(GIjA-`h4}wFF*>%MarB0SRGwp9IkS@EG*%<m2**5S6Kjg<?;S#X)6yG>1z6-
zIroJ)Po!)^Vy=B&2Jf%iJ#ZD*J9kjGs$f(+f@*S8$y0rzW9%D=UJ;U>Y1Fr*vR+#v
zW2KQ-u+`O^`<1H~BNDqu6WUSGj9u9;|J;_Wy*I=*Mt=bw5PXyjB|@iB$H>(I_=14`
zGkY;ZygIFQTGQPbSf5vR!O6P%I~+=!dH=$rGM}`r$R-0VkR0CeMjD_A?p;(bX;q#H
zTqRArLe)pI<T_1pPDY`!E8<OZ?{sr%&NtuYB)q*Y<oJ%`y8HUA+z;8^TND;IZiL;X
zbMI(X`uOqVJ-Q3ycl7|JKAdUY;XhxE7k?ZIoObE&6%dJRbLv)*S#AWMpF?Nev*8MQ
z)EwS`mh<KVsffsfIQr88a8&H^6a0%Yk|CJvdU6ihtve!CO$72D#QImW0$&9Qq#7^=
z%p$uI@S43t|9>@HO>|wvo@4rn;oaW<=UQ_5>gF!L)cH>rkLXL7Sis=jmgZ%+7^W-1
z!UmQr?<}961pv%=8oEsE?N`Z`{;>~5fqY!LANfs*>8T1HoBMK#DykES?3^N@ed8lw
z1ki{_%OT8_erMCzSas7A;(M(;gLK1jshTz;>Vk_k{%w?sEy=|lE5j{MFM%=ya1V4s
z!Av|I@P**Jy>A}l-8BadNoP`Hn7pw<t|HFO@0lvKvuakpFUOd+S5-rzK*D+Vhki^e
zF@T;o<ut}B_&JJ{t_v}E>T&b3bl2!^JUjPRvITF0|2H^URG)9!Al%_2|9}1BZytzW
zx`?~8F;YbnZ{b|lVbuH@HJJ7a2vSLQiU6*VfBg+$QF&&vM)4PjL+#&Pw~+`qtG>vz
zSr86Q6SZdmmdofG>UN=>FGpG;b<(8$bPQu5|BU8a(-qm`Qms<n)aJ}^A-`DM-~Pd=
z5dx4WiSADD=AzU4<v$a1Yje}~uAkI*6&q>rOV4WfA_Fr}0*h{O2ThTxbT?yzB}=TW
zRtf<wrfktpv9rx>?0C+*U_DymSCLR^iY4X9=XFn~y#c;o`LzUnMxTLCN+N3(N+Qg_
z+B6xm1DrO!Fkr8=(YV=n94<#yJ74Zp82}{QA5j_H`q&U~g1=H*taEX#MdFvt)|4&)
z_fGw1REz`6%JyF*d8pty>ulzq4LdX%JSANv{$eR4n(b3x{Zxgj0#y=CL*Vm-No8Ui
z0QB{=Z|%)QzY9I=Vy-?_;BsjQ{N4$*dVtUxXw*8_UNCU9O0@A$Bhybh|3lDvx_`-n
zATp8u?x%vf`+{a%-2jYyT}{V-rum=Y!`rFjhFSuclHQUZD+X*C%{2qB5CDf25718+
z;&PqvS>o(z24Vp*f|QjtZ*wBl0ZiNX)l_n`B-b?q{<4o+^aooD*f8^dMt7n7PPM!%
z#@w@IJbh)gM4m*O@tkWQdII=O&-I|G)>m(ik(9WN#epnbs#)g`s#ih)(2+cLm&xx3
zCdDB(PdWS3^S@mje`H7-mt(iF-vHAG^|X?dGlCcuI(Wz|JE--0JM`tB5dyfYbO-Y6
z8p+m~4C1JVty5Y)@P~%0OL+O}rM37RTq-fH8D$M65Z$7rSAbmMQQ&{ZY4AKoCF2(T
zI*_c#)pb8EX!Xj!Xi%H}jSqcFfNe26;b^O<EG)qNHB&MIKtz)7#k}J9cRAKp5|*69
z<M7)FS14=jr!q?yJd~Uk;P*jrpX9@<tawS_AP69TNElwkAgWO_C+1<$>ds&1c@Zl&
zpeI<(*{uyCYT_7ULz?&cSEL5+O#^N6dLJfQ_!xvB56&Ze0$$i7(#V=oZzRnTuBom%
zORytSTcXCzPeZ%(*;(H{u8gU5rNZxV90L7-A5Npdnr5LY4c;Z&-mX-hc-=!uH`O5P
z1EBI7>(7A<TYwEHc|ii_TVXuao85fua^*E|Gmct4WzjNx4{LhZ0$*la@HO2(T!z;?
zdypPk)<2xi3|}@|v03p>ja!?Z_ojeYvI7<$BXczBQ!WAEgv}NQJhPy525Q43*tIzJ
z*rEiReob+j8p7}3_o;sUv-`X9U;Q6SyJ#(0#>mj^-R0L!%1V*@u(&LN8DE3{PzXwF
z!Y5B-I&P5CW*citORb4#RR7EqVOo`{cVYG6AO)7YcRNVegfQDLu6z?&%X#vT#Dn&)
zJ@?EQ-k}HglBBnX$KyqQln^>CT!5^XiK{;+9!T|VH(Xf+m+|1&`xUAJi8Fl5{Hk4a
z6vp#F+GCgIM4>jGKlNj19uSc|7IgVqXNTPJmS{fUP+Zp6(4alu7%?iw@T!)}_SGA*
z*8ZUWfk8n&t5h>G>@DFtBz0Bta&t$AGv90ir;3nWZU8q+u`r(|hY;2xNZ0G+O}?_l
zUG%3tIE$3e%RDt^m>-vSIwuS#9|TmX3x)LJ0SCV3KR9o{UUy#1jkYSO%Seta8oUmd
z_wxD9O+Tb&OT(<OUY0oeH6;3`8@SZh*0<<YwK#5|FrZp+?aLp}8uV0St35!~=pod<
zEiac=!Y*EYQ106KYNAkW<UGJLc3JRU)Nn`G_b0zI+rMjWj#_qLFE{(12prU6mz8!m
z@#`kHbNfv*cy-I3r!8sE=HK-p?i0PM1DZ0E6z)&XxA0u`f%+Ccz*qgzYdL7a4`-75
zEzy<ke6kPQuBt1l`)*06h)rv;CPFJ57mE-*Lusv>_{Zj)-Ys9uY}@6succ1Y8^az<
z_!Xs!lTn2*51$F4uL8UBfr>$oO*@)p`Iw7R-|Jotb;3&lk|FqkD964X5puG3S>}gO
zz|tw5{&l_^(nrGz*IBRs$PfK^L7Hcah*9UYzSi{niEr&#Rd@!vJc~8s3pI>WCxrs`
z{@0U7Io~fl{&@upLEWh8XK$J@wpthS?-?9~9}b=eqGr+;lC4p=sF9e(oMay=^{O?r
zEh+5-4O2VS9x9ecbSnp0S!SIdZW9}kvn~rzXCMBUbjk(CXh>=^_@89*rf(8Y1rNOy
zKkH7tS}&k-xg2Rnma_dq`I!e2R6F1ruv)LgFFdL>{#924rs%fU9Q{7Bx-lyxyx0&{
zs8x`_D>+&6>;90m)u_&?4fX!n-Z43!dCDK*_4-9%`v<amG^FX8Pw;XX&G+|Le56l@
z+q1sbQBvOOi4==#@diumANd{crz)a^*ZY&7mPG}0Y6=NDx9w>JF?i3r7IlmGn*Lso
zMv#dbn~+&s`M_A2)0Z;mJ7aEOD0uCqDB-{)65Vns?eYR*P$X>~<rb_<<)2Pw@!2=E
zU4%EB@#}L=nRt6P@HTqwvWuZK>|}tA?%?AIaw7~(2;<Op&ZK4ofz+Iu(d>1eXT7}~
zxOik){pd%TfHM!U^YWEC5vw_0DgpAg37OqG4V+sMnRlV=JtWYL$Kgtb6scpZuPj4X
z_7ST)S{o)U$ZuG$p22chY`{f3AUg|1aZ{@Moc@9|1U@`i><HVE7}OH;BeKP<faWo>
zXv#c>Q(t0;FF|WH4{1Ji0W>z62u)U%y?RDs**l@}AUF0`$dEULKIYjVNag_~s`YJ-
zq!Su6QK`<L94&?+>y^E^rWv?hk-h$vdVlm{x|$TeItK>p3-r`9FqtdSDJd*AsZ*tH
z|9Ez}sPcStXy5`!8Zy;$rxGx!NN=YU2eqLBiUL33*0xJMec81jb^Q(}Ib#LsIml$#
z)K$nSil)+w)aWK^Gg8xVL^5zT2g^zOY+hlJ-v4#Bx4mfK(mqL@gQ_7$>`GJACtWoA
z<K%4NzZxytx}92q>Y3D@D=s2tkda2#3e*$sGlSGkt4PL{Vwa|%I+~vn)Z6*nvUnkM
z#ZVt?;-XtX*_J)8i7=#uaP&v5ROIizw`H!C*_|cPmlLuzU(T#O)L(tm&2YHu{&$_q
z5?_Zf2!B|6q0F2#sxk|mUhFyV#zEplWy?J0)PAeIzO^q=`Nm#mo6+fK1KnC9{WD|2
zJSF{VEYR2Wbtc9I>O!T!G0OO(SXOsM!a)BLKm9e%0$bZHcw+9_k+7O(*v?|J0d^b`
z;N1;n1sxLhxa!^-cioP>Ig-@VE#~=#l{Kis+(c8%LR0Jam^9jn|61G!im;-B3u*7h
zI~y-wqa0^!E#iI;_RuDt9ivI-dx`y%CDHu6!g<*#CSbH>vcv?j4JtdgWvT?kL|ELs
zsK-8+FI5v*5!H9=>%0Q|s?R3XCCBlf?|ZkV`M6#be`!i6qPjeSxd?hcneQn7S+{dM
z^QySf0-`8w<eBEJq84{Do>c7iMu21jRTbJu8s#747}Vp25-VrzgXGiP(~cZsO^Xrh
z3(l5kXoK-s3Qs?Ad)?W;>Z1(#*oG88UU&V`XV~T8Baid?WbWI$8~f(Idilq7exIjA
zr;I_}ED-nsY!fdyRKU7yA{uW0KxkEHq}gWEc6NLS=_y$f!qC%W^W<3wO_BSEQrB(G
z(#VO3nro$<;S9aPLsFJTCB9so3kc)WgKn1IZkB)z{W8=Fv(NtHrx#Q};|L3*2Df1Q
zfSKf~!Lx8fai8)EpOa!e?5w>xlD%Lb|HwNkj`x`Ap0qS^Jl1YwrIS7v)FdQ#tberQ
z4$3!S)fUtNZ`0@Ocx6h-n)Yaq7W#pnhT~aO<4_21@<fs+QH>=cG2Xq!ea;9~6rwPu
z3S)e+9syA?S|yA)HhXR~V^IEj&w1TsWmK8GLPQ)E2B+7WfXMjouSA6Nb9`AJd92%b
zUMxQn-Q{X6nv#1ne)~Gd{ch;qE4#U^__ehz^SY|R#1oEqV^$-PT{=Bd<T*w6SV;8G
ztI3Xra|9`HR&kQH-KVS3$vo@u>@8flAF<zavis9zxN6Im{Di$W<I|%1=FG8=3U%+9
zjD4PyS6Hy(>zKP8-r_rqtqG7j$N0EGHUk$s<zs@O5MHGg0^ATAIJM|-6p^c|b$1Ci
zwO!k{CHr!ykzK7j$KEnI`6S>BfZ7vI60+yi>tJPEaVugEk7<rifyb%KNosU_dS~f)
zRdYyjp>ea)eO<NTFlr9Y{91GzBoEbWcHhj1IaaCZp19ox%%0tqoT<z8a|TU@5?(;`
z=&t#a#BuY7==sAz;mV}K!4eG1X7EhPx{-IZ#+#aW<9ZzZ68#40IPkSJ`MWQP<vGD>
zDmq>!O-fIOcw}yW+}TL_O0$?a1n9^D%!12Ko6`l^6$6sa2tJblbYNilEl=Fpc3E#R
zW?=}D{f>ngMcgVfw*;ufQsOpdmqz9&bfi7sc!R4Ic{IkD{uNJHolQ<r(2=&?`cw@V
zlX{sw(=|{(iCE<QNj6hx-I>Zg*_L@yaUisiiGih%iE*;Gv3Y@Let<8@x<Ii_om~Pc
zWcf62M7nk_^C9G~5BbLNG0WD0<}av>>g5~zKRUNTTC&^rg2OnnOErY^d}=PGyDWod
z?c7A1Xm)T`mw_^K{m-d9yfQRP`ja91l@9^FJnj2PA_==K@i7m0#vaUP`p5#}xj~iY
z`WzM-R(zxQqOnQ9aXkF+#9(rQTb%TKbGD|aqJJ#<djFJ3IcYMzbD22SNPf9)z%r%p
zYwS{7F;k|=(DMU>G%=8HwPCSMnHYb+!qaMh5P=$}=}Bm$U#SoGQz&9CiLlK0(gXbZ
zKMu|ddPU59==$(zVFo_3Rq|O2^Yk%~aM{aCaMk*wE4GUb$rYPB-d4!2&eVQ~i0)W^
z%u^MK_%kA5#9vPuw{bk<a%$i`d5&p@$tA9JWo-@({#-EdGSEGjW^o`|N2WeYO>pp<
zi>@J|T29gl4a;hE$A35e@Dymoq`42xXf%8Mxci7RCYlBR_7**}+rKlpI7lxeN=X<I
zTPFVD7+dx|SWC8;w0DddrxC>^6-9J+?J^ZzK#Xp8ZwKme94?;!acn+54U2~w1ikhd
zZNlAfI~Ik>a-L(6Ad9wB@7Fziu3|M;y(gT9hc_CK(AljFxR(QJP4{OaI1tBydaL+`
z#`ucQv(W=(qubXNJ{@hGk5e2)2|3PcCBJaDdJhKA)g#VEb3v0OA1mhX35^&uRw9pw
zwG)kelaDq=-t=XZAC-qoyxiU{LvS}G9~e4ITJ+q`?k)wkY&MN<{4NLj@FLSks2D)5
zY)E+L*LBt@F?(KW1CjWRlwhyE_1kXp$=I~T*!LPIX$$(DAu%WA?f8+!QqLw;jVc}6
zCMQ&*+{r51w^*lQYi+#u&2!o%^g+1`-%Zih&HCE=Zrvt|Anw&Q#vVWSgx*mVNm$_S
zgP4ixj5JiyS1lcrm!21<L%mxPJSFE57aA$EtULs!DY%<6j(&z8>Nv%GX){}CARW$q
ze}ul&BT*1AFMImdoF%w31U-i5vHaWUsKEm(O!HJ`>UElIoerFsG;Hu|t1E@~C#!Ee
z<1T>gX&C)*JMjf$GKnbd=%_~B2(PU!H$-6G1F=?`q6?)Q<J9{oh&P#HHnQDGXi#m|
z9l*1&+aN^#-*39%du~AX{jIE!oBTx2sQlDAwDavPlYAPcz*sE}=?k0gV|81(YcbCd
z3c$wP)i_PnUy~(DU%ij^m2vociuLB*s&4C{zq-!rm<Q!)&dY7b<f{rIy8*SLhX9Qx
z{TOa^>w&#Nk87%lGHjaM1bk7$8|YExDu>Ncw~H=o5=0;P*%!#bFAxw~(u7g{39?e2
zs=AXZB;lD5NWPaFNXRiZ?{l7jW6)|7vDtgC3go7kN8w7|=BR7h`<QVK77c0729qPZ
zMfANFo7n9Lk&y8QGxR*hV(P3WD@43s>cq!(y!Pn0-g*5wp3objt!8>{VJl_=@|$vp
zi&}$ItN9&2-mQ?*L7#7894xXuF08$;ZJ_I`cF}l}xsCFK`>;UM;yfjOi!sL&W@;t*
zl;#m<?&a%w(ubj|3ARIYA;#w8WAnXrWyE(z76ukl(&&`GqdDf*?(zLTBvj=a>Q1Zl
zN;M{n@rlObmEJr>ZO_H2<}W1~V%?33UPY$-$g2&>z!{^8Z}RT@9*j`@)oEX3msokx
zq2*Hbllx1s%PStA(=t40T$B*_*G9jI+7qs^<C<^$JY-fJJYAbaKB?p#&@X9MIR)U6
z3p78RK+^O@nOVo>{~vd69aZJl_KlK)D1ss&-J+z@4T>NkA)N~p5NYWy1C)^NE@>7a
zwP=xCAkrPu-64JETKMe!oV|I!@r`esG0quh|KZqz_kGVfulij%-+jQuY_`?&T;{Q&
zLAR`Iv1hSTYqXrV9GNN`-WOHN@=u5B!v6yNW?oV2?(&|H9iFw(BDqrz&<*UGg{qWd
zN#$2pV4QV)U}$thFzsFGne(}OVrWI=I7qFB_GawfnJj1519SDYHLG3)K71zT;9$ID
zufuLo@u;RD&Z;)$t!1sXg|@@ppF6%Hyc0Gn7Lq(LEN0>KM)n;~p108@#l=R!I2t^j
zA=w0nIGZ?j=K@`dU3Dpm=Rtz&P6qb`P7`F4N)|d3jCb$l`<n25am8zEyN@d}AkHmx
zvWcFGuAA2@&Gh@kj~U8AL`b-_w$M6aZ<diGaK5+N-@8bm0_|%Y69%2@lF-<JH7vYZ
z4gMq}mLB2SC9fPX(wT%fK|%1;uC2p-O=kUmJ#$}|LP1A=ho*5Z%HB0u^uE3A8rOri
zkAhYQ0^hUjNA(x-#l=nPfIiCZ@`PuAX1yN%OfV5awmcAWFqDRuoAPY@T_i!9C=t?;
z_=)Nhbb2hErcOLwdlcKrYgBOX-sa@P%qe5vpl4Q#f`rEiOE3ylqx$UeUavh@rr6|p
zWB1v7?Vdq0uw37dPSW7|@<mRkEk`HBKL!;ZtWmWeM_HEZ!>u3+<q+Q+Ury$W3`Bfx
zP4$B-Dh>D~PT!#m6XtZir+Yf_Vz<C#UT?pfbSeYd-Jw<!&!!^U(<{t$pw@Wepnh;;
zS4Beuc&MI=Jmwl3krG*F10657&P>KVlXsSw9?S*ADe&_2iqo?lyTq956ie@~4KZd1
zE=%n%4fhCTa_LJkZUdIH$$Ap$UZumsuKGwM;t7YVp-dcPdB-61%tMzYNt9a^XM3#f
znl^g%+u;eV1p!<$xYy{FJA-vMa?Mi6qAWwl<Hk0wnQNEmIuwj9jpUt5uk|00scOK}
zUD0wQmE`twA(gv@p#%3FcPz`PGwvpE^zEgE1<*G!Wi1|TMCO{2FCUq`8(D6#l#{^v
zz1S7xGTxV&nIm*iRea62j+v7?tY1{t=EuF7i4v<p5zT`Y7s5rm-J_!QZu7xr-2u72
zAT06Rx|{Xsu8TbudCL_q2R4dj_uSO7Wf<&FS$gk$QQUabwJ*$ZTFE~9rkkex)R(S4
z*JR;~&2)x)fZO0nwWNpJ<j$U4ImNNlw3U~7(2lFr=*;My$~lWpWl?-xX2F3Cr52S?
zuGiy=T9mzyP5bkW^4Q6yGKrhtB|WcraMC@P^faIv-YPw*eF{Bl;8b?@mRa@)PTY0(
z{`z%y`zn)0v8!W2cU+XbO-09R)`8BBohthng899@RQgkP!A$K>1WY<*pXadzGAU7v
zgq=Qng<;y*z}m6xmH9|}XM)bPafiP?n9^N}8wXq*36dtQAbn#5X4$8rSD(c6^!5h&
z-#a2+bGhT6<Z+b!jXmIOmgF<n{P7#UZ5(6DgsMHR+Th<|3&l-!70o`M_Z>9($NS|@
zm_+<z>Kubkik25~pC^&gYoMW3Gg<yrM31*yUpO#@zAY)<b<~0O&Qf_sIU2L?z#vem
z{16s}8%vBP+_|pLcwg)*9d5R4*A<hEl$XShpT4G+9uBk*9y&cgh76c@F;}&32|Jkt
z`?H_rUcaLuprXy6Om|J_R6qsV)5tuLY8g71r`b6ArFk2SFwedgfR`N?Ifs5yP_a#A
z(<7Zh{7J|tmE8^zaPYuoa683qR8h25P#C@gx5Gd9?bz(BGbwf&y9nt|d%8A~K}_F%
zcia9Q0HDzDu;YDhp56u<#|dZc?=G07k@<s7Q91rBj9SE%ohy0^KjMBz<{g?8jN0r-
zZ`A3&z_5+!f{QHILpLVeq{~>el^h~&c5rTfcJ0UPzB@Otgh}S9eXmm>>g?^1vR9OR
znEMg+lE9{p@QQtpIP)?M5nLXI#WYS3#xHkxa9V6^W`gfUsilbb@U?uHWNzG?kxOOu
z@1lpzif><$>IK2D9*h%2XWq|{&$(XV9{!L#J##M+E&U}h5b&Xe9?vZQH%1WlWvAy<
zZv&XjA!l*SQa_Xr;RC%RX}vH^QTVDg(l@K*o@!HmOd(dWxf3*|_QB@FN6V9<gQ$IL
zBe!<I&+<8{m0sO;y#4c5RHa|og*Z*3<j0Qa&p{8}soV@_wdkV;FwQKjYJ-FU4BcRk
z3mn}6&5rFu=e4V4d8=XiKd5-e-ExmS20B?mnOnY<-=aw+P8lL3`EX<9grMWhzBwh{
zv(fsjZXdQHF}b+UV-oa9K;y`tgfdLy9la34&jx8|&5_>W*3$#Mpp~xzA0_d^`m>(X
zDa7UI?=XZWBv|C_00&C_{q|uStk<8d_Q{nS<g;4oRznlE2fA}Ux;6~hy#b}fBvzUp
z=`L!gPxcCzO=NDLYq)vr5GE)4x^;`*=<D^tB~yW}A4HnHRs3A1IO+Lq>j-b|_tqS-
zl$SaS#PioCC*DW>iF0uaPut0(hta1iYcJi;x{ZD+vp~*W>WYNUKkV!gm>>IYpAniL
zb{=~Uto&?<)GJTn|8Q$6W2bQcb%lNd8p+NW=c@rqDiFdMN4E$$@>VxBr3hN8RT>nY
z*s>X?yY0F1<3i;=*r{P#Ho=(IC@=Lmo2W2M!%;DPl~-`Dex<$^U2^j?<;c(8uTDoV
zHIGyeSCU?NsTYn$jRSQ9%cbnD(YwZ~{rMUtpWbP7zUi=ewaEEQi|A~ov}jfShV!qY
z9xbe5)dx!!yJbe1il_O9s=3eQPQ_NANlVKWu{m_Qn%2GPn<SkDUYU_3mWO+;OZiC3
z+m&|tU)Y<)`y2;*%zE%L(e{nZRS$RJ@+(fKUtGTQHu}57nu0MHnYx}i-LBD@d-KKB
zqC2zKxW^V!I8ZHJ-1AO5IDC$x$16+5JdP72d0hC87y7u(?mD8nYl`cQ{uD*A8hBO*
zRkIsxbsz09W+=9vk({Z`^++0sViJ~{KOFCcJ%PMBqYg%4CuC`OkAjB1yE-iULv#bp
zWFl4K$pfA|J$5P&E=^4JLrThfw3r_opXKZ2&15?b>jrVVgl%O$lO^s{uM=QDm5}^e
zPFD|4BDzIWpZhX1OprV57rIQ<ea}O<p3(fYJ)zZ<(OSJ_{#^JfQBNv_BKzf`#E=%D
z3b({w&fZ#aAf(JrFFu7WSjR=l*kq8eMkjf&V#7mO*e>5@a;lY+BFjN~Ltd$Tpqu@`
zw~t+j$ZF^=)U!saEK4uVIredW9h9;f_SKv^jr|@jM|RdpV*7koaj(3f_}TtJ9hvmx
z`Q&-uo0_D<63t4kg?QJ*-Q|AxVr9b#X14rSBREmoAc_^Qx_#`8<ttw)DWBu98jh<$
zduwc#UQmgiEvDJjm@Mthr(3<mz2g*#^HOAFG`+T=QfBW9h+JNsbNT$BocTD**IsDj
zWG9dsy1VOA@atBm9p@K?s839yR?4qleIcFSdTCPNLcm0}$Zgb~$>H3CHNg{sMd{SK
zM=}i@smSt{nk8<F3iYpR?#0X2Cc%ADr6;s9?#JV$&S@t{Tjz!=IosYL100JlZj~sI
zQFHgIBsYdkp-~K#>h3k~`Hw&jmS-(;AXT4t$xj>&oF1RTUkJ}FtOv`<dMek=>(DSl
z90H407o-Ucn^vs?4~snovZ(Vr5^EUptqIie6b0ngBLkZY118?~3MAOT$Zh3Kpp3r#
zmA^e5afwf}GUHJ_pVuu4jYhL8H5$};cCj{B?{!I>yGZIz<?-=#$9n7q+0J4SvMgBS
zq`8PJIqZLs#M8K6syrUb8qJ}pJ8Qqu-Kp-SF4@Ae<k;CMDbirRp@xE|kfR2*-0jQo
zeVV6J8q3_2lKPlCeomqIs72GJd9#N~%xR>~>>VAaJCw4(=VaAf=-6fTPS7K7qw*q=
z!4`!~4`Zp7#1`4k-J_gm>%>XK3Q4s7nVzQO-=p#Nf8#zq73V(#v5Jwec13Q-%hxRJ
z2WwWBP?&{Jf1e2!o30;NuDA<dwRhz_*FSA6^(-Mj+BzhLaG-tO!>q@m`kk4lT|NMV
zjk%ec=ESG@$O=LBoPtBADRl~bo%_TIy5bLwD%XTqv3F0NYu7j?dNzEJRN(B-p%5Oh
zSL}h-oza#UyR(;1I8+re>n%_v-1~VNXOBI1LiTy*y#A4K8;SAtH&u_aN3GzIovFS=
zJw$|Z=>5jNz4D@si)*ddKldgH+XX38RiD@4_&N;KL_m0UZ48`VjfZ6=+Soe6i!)>c
z)_fq4qoZxE?;)CB6h%a1oEOPDTw061epN{`etl|?7o~R;R4I@e1Um@qjYvAX8DoF6
z)5W?y9DYB?I9PL_X>OjN0Rf=hFz+o=EedZ#J!SWn+k6i12nWD?2Ok%<=<!W>e%n66
z+umD&Lye&`vqvjd4_4i3Je!yIh;NAQV3I5zd-9D;j+J{{w>zINLxkjQzEAI24T!2O
z)V-<ou+x2OajrjE_ZAWSsaUmN1c<t9CStk8l#%kVDE4f%(qWC%HbO6mPBMokGYDh1
z?xe?`@?B3pNen6k=Gz+uacig`>PweaR=+jQnYS+Cwr#jE$Z9vOf2u2}#98EW{xy>3
z=V7}lv;TTg&Wtogx{M9s;CvHkxHR+7qVvo;H=eNZDRMh&scX&QUmv8>Mb&b>HVZ=V
zGF|>I(lzt;x`&H2J4ABYd9_iMR>pU+0Xt9)8iYz!5sYMe<v#1TRkGNdDeak<>e#y`
zs&@}wCp>cP{O}+t(?whKsAlrn!rJpegR`e|qW&wtXl&&-@?0Q}cyHk2@yz}rdg(3^
zlgkg`il^{bT68r&b`*W8q+j#&*nYy5k3Zy|!7_8qRnN8TgFd6Ay^AT!pJ1wUgViq*
z7MN@9+3KM}_O$z>&X~Mp6cXF@YSfCCxlh?8gI>5gu10hvMVqGM?kV)<-L;wiNf2n>
zPRVJsGa%ezv^Q8Y&aFJSE>kBOWAe2j_Rvh#Yv>k#;euCX#h5|fNjo9^d(0!(my@-b
zclb{@JZq~rzeVHQ$acs9^XcBnpc~kO-w_^H1z${mj{@Cx*_~>_51a#qi_~5yXwPro
zJ8ly2t9qq=;}&&2Gb~V7SNDNQZx&apq3t@Pt<#aJhqWgoTU}5hHhnPk-Ln6j0HKaU
zVFlL^UC*&x_=&w$$l9pmgPam+%)M}mTiK~DcNx{yy`OjX6PMc=Nd2HNZIwJVBNN^Y
ztqZH=8wPhy8NB|knycP+=GNuyd^S&<Z+9fw*4rgyaD5@;oyXo!{kZn)jCTTy`=sQ;
zMwnWq_VidQnJRJ>_kNSKs^m-JX6IXStxOdN+1sk)1ukx=urf&W#Paa^9FMBLx`*w#
zlNB1D_cl$7r0u|RRLfFI+H;3SS0Bwq>W7N`SbEk>rW9^=bf%B{joqQ{mI?ke%7;GH
zW97D0ZriOj-h{N*v)>6LvUqRE&tFh~G$Cp@@-6vEw?WE4A@G&AxbKmOOICBfb~#Cd
zlC0`ad5JK}yP4LKK8r~{%Tvj^RiAGdD|I`h6!b3q0N0d}5)0e2cfvYcqNiRfTtGLg
zzKS9)WsBr@RfBnlbo%JRtKtNu?$2MOkTM+wd5O3#`u~W@A8ke5J1f`0Ri@~;-M+wR
z>*=!ib!=?RrtyBv3f<xBqZRi&-6}O)i%PoW@!@_^h)5mg`!yQtKeBxR$LeqPrE1ii
zefveM@}Xby*Xwir1B-DswS^=n=hL{2x+1=F%~2Y)orYRZOf85ND#Ux9;Kwd(4NN+|
zIYau5jXQmp!f|Yw)0MN{?EDOk#9_u>(q)`E`G;B5k@Yt)^8o$m`t2L%8a19r-*c!R
zg_82*Ih@8S>7I&xT@))?9j_d`qgM1*E<p8_*TAFxcY{yy++VWv){yoq4N_m*UsV_1
zSyP>4s9w0Wygy<4xifY)wm)61riaR8UA6HR5z*~K)nNV8({>@hPj<oja)h%EQo4>4
z<+gesET}%ewCAgQXD67O8=@*9Y=H@5H&b{sS$mW}h$3uO3&S-V$bV7oW49^yXu`w(
zw1ArW-RombI9109|3W-tXDqMs<hb^yvy@<dx%l4&9nm74ZtXKSQEi=??=F+da@%*(
zMQ3kLp$_MHI2ABjHFCu+9O!SC@9^wSNq9vi1nISZMnStuE#{?;#+8bjBjy!_OZthH
zR^Qe;OktflO3ymu`8DCZUS$Ol%N^3^ZWw3;ts-)`rTmLJ26R^9rdJ~AvTtI8X=}Ak
zaimNst8cii>V)NM&rDxUkrZR1Vbgy_Nt(O`bIvA5BgEM}f(A4GQj6vFnpqO~YX7m(
z&qw7ek548F`-;mv9rM(EG3H=lADBD!F|Eb))y0Xq9*&*>O3%!bW6t3uvLQSH_$Tru
z)b;3+s!unDm_#&Kl0=TOC%s+fwq-XlVJ&kGYa^BYHX)>mTbe$`cAO8BqER8N{jW8p
zBS2#TSMP5Z7XCbsYN%vW4*@D<T?=^v$2S`|G4REx+tIdmn*`cbjUAug25Q4^XcY(5
z7e{9=$ShqUsV9Z+ltil`<(Z10H|CYV3I*Jv;l9PawceI><;Gj)3R5FWrA|aYg>B;P
z2ZnQ=ei<-rt>OYVNyd^cALz#LT3HGa#}(6fiCxF|eL{q8=kQ4^9((gBD9q=h(!=S8
z^(%ToB6kDHjPKM$E&rmhXD_I|i&pJ+Rl>nN3snom+=fR&T!pTsr)Nl=ugLgXja7O?
zbtK>qIgSQ=4rEveAXg{c+w_ASJX}%C5cTBJQ|r=QlW7d7s>kKM5e6o|$$FfLqz%qd
z_3dHmH4axTOywB^w;@+8hDLRa{3sfQ-BA*)8hg`5l-9`ypz9}^UMSFe?*#1}F`W3n
z{>tV7D%D8}H$U0;U<9_OP<dPs@_dZ5>M`{`8ZO6Z>r&&>JD9^T(+?ePTiHXzezy=x
z7@K-Z+^fq<#7iSk4DH(Hk-}8-o?@xfwauPJQe@aqS{({u2ogF8_En0~d*Y?;9QK;+
zDz_MO-&&fc`hJ848f#T~@C-Zugh7T~m#%D`78ATybKP3_+D&Xpusr>~lSv;M(yN=>
z=dWoPz~}H$QPHYty<{TiFt9h7o_<5az{f5T8!cN)2XiSxqoNqec)}g1DCTv8DbTE$
zf9AAU_rM0PN*=0p9;ywnpD<X$Wg76sP*5@OA7K7Ic_p*?(Q608=~OVcbB47(*YmtL
zeb73ifd~PYCfyJ6^>A(GBF=*)1IgeG=vcE$nMu25WVb#jB*VSPr7hx_B(VGpC%#jm
z{ow0cL!Y1_qki)w83I2F?T4l{r9Ii-U<<Ah+;4AYh<i-6-W|$Wg8dq?d{=UOAe8Ec
zK@V)6f~B}&<4?_@f9!v86EGx8fZ<!jxgrnuzy9#b$CzdXwf0W8iNNB;P`ptvu{Uw>
zS?Xu6cLN93%lCTQP4H9jqbWj&g3S&KkZ@z-NZS8;#b2)tZbbt*7n>C&UgVpcz+7SG
zV%EoqOpL@nHk~8*X}vEBDg=;~f(R`5+c&AZ|6UPz-H?nI3cEHp@dpXSi56CZXF@DM
z@(O#?Z}q0+I(Wtl4?ORNQY63vKKbE8$g_*XM^fPLKMEtjlVzrCIR1z=>f0g?Y19kD
z>E;ySFkQeH*cd7mc>WOOrM(8AJI*z_n13A*@=0d!q<O#2#TnJlgJ&elP)kaR)1REm
zw*OdCyEUxaWW4@L-}?}iT|`zo8*z}|2_H=Q5|sP&u~33{`}wLRU%zy-Pt@zH&s*#l
z7hxsHb3-*oob|9nCKkKPfA6<e<M{t<o%UYpp=VF=AojG(a)`4-L8AmT-fsQ&?ZGwh
zrB{l@;)rAZ``9l2ul@?y=5TVzJz50Yh<yXxL^%A#@T27aZB_rTQ{n0+E#R`JcPi<?
z#zeqLZ=-%+E<`MrNRs2xr5jU2Y%Hhp9t&b)UY+1D{LIl`8QF(k1VW_^9SM^v<GeBF
zv8sQwFl0OiFS(^&??xp*Mygcegb%oyQp=m;Qcl6wMcp~08ca!B`7wb!(fIqoG#ZX3
zp!`2XOp??P6lg2ui&<cHv44ZLz_IXi8)?BuH14!vTtY?^RPC$yQ%1S-sfE}NC_hsD
zXBGfr`8>o33B}EF-RvO{=NiZ+&@@464*bn~K+K;K5&0l=`Ga?%6qjfY@Hpc0R|22h
zL<kbbEreoi<zWzZ>V9{jgX&+Q3A^rx?sQd&#g@PRRXTfoZQJPRs|knmHa*lt<5wM!
z&NJ;04ksX8Z_5p2|ILHowW~~EDZ1L9Z4mUu9(s=WNEs>WUpmE{J~*sbRWjhtlH;e$
zXNONFT&+?km!ucL%GtZvSa6}>Bfs|OFGTB~UswgeC5l4p69-bC(ffga8)6~t^P2t-
zOX<^jcc*QHfw4R70H_<ycf>$sC$g0pNd$InvUMtpmz!454>udzAic%k%E806fl@bN
zUQiThoK>ZqmT_6+$>}jYuVeYiW~0#I`l!|8$%p)x@{N~R2SQ1Z2n$LgSoTdaawT?u
ztGpp8{nepCV2y5*a4%EdXJN@JoYjTdh0uumNGT~XI3J8}Z67WqsYWM8OdzD&vN3k^
z>TjG)*m0t31{h3XDX3GZ?;YU0PEu|pbg5XNpdJIMF-j^+O-Cw;eI#>ONO=*1LlOSg
zN`WehSx~V|nw=QWGBe>KzP)pBSgGn12JUjlplcM|sBVM?xb7~}MCoj+6V67=svnJ4
z*&^}-9M;nq!=+|XdZT<aH&G$-ujhsayVbo0y-?9JjB?d_a#X)?nfA4+PF<a8fk)~6
zcq43l<x)n*SfvBxav$*vMUrbs56KHOfAhl0?TRy>Up-8m%4KJj5)kLZjA#sJOpvw8
z9mrK@2Y9zm%ErboiJNe^+zPtPuxk0X`t!$|Q*#F?;@|Kw+%TOqOKNwE;Td{$9?hx4
zC9m4dpn;_YuP85HjX99IC^=HUmlw?Q9!WAuim8b7bE5@2=1;2y)0~c+h4m+1#7P<H
zD%kY3Vx6(2vm+}7QIdh2FNtOe!6-Xw*09)ErgvC)k)J69+raqcSukr6+i>T-oLMbi
zi!J8LfYrSv`;{uc3Xe{v`%F1bcN7x%NJovh%xFN%wM|54Z-@8W(_)iGErne25<~(p
zZ}o>w3xy*o&oz%z)#d=_frs)cw=dg)_mf)>HqM8C3E0tADib3`<B#d-`q3VGYcB`|
zD)7f<Oes?jJc5MW*z7?8b#gWvS*{F@2W*ulzaJ#s9l)>{`5H1&qo63>S{lB)3k!|Q
z^>xz$*KNp!f(#M7sAZok^!#`-NR!vL6U^Y&mgh?e>I1hM<fzI<R#yuR*Sc4^?e#x9
zJUy7yT}l-u=+esrw?wmaYQ4&F$X#hJwmGy)efOnWu6wLNHSUH|m3&Tl>K(YfrhQC;
z5GII`zk7g4d`*Fox&<c(5m5=xo{l3G(myR)VLqTxnS}rjLUmH>izCs%>+9XE_<>0N
z2GHjv$t+<Y3VY|)cLD`crYOh}Z=L-WTmf0Onq8%AAVrlHk*s=m$p)ZNoIm(_H5~Vc
zjVm)udeT3QIW-3Mlxp*q&&`LWrqVi}pB@-}d%rcGnkCX~=A|wpBWKbL%fER&^N}A8
zo{TEtoy<%>wCdCv-8BJ|oPhoS8_n~+JXLL_-W3vmP#Dq<6IIhv7qk=sL2C*r=RNL0
zQb|3Jtq(31)iZqTOaX`uAk^W1{~<;T#5V#vUy1^`@l}LPFx2*={0lW<(BS7%L!EFp
z1vaX8X4{#ep)wInB(b1&BMjueq$&D$^ucZ9^!M*e<KW=XGcYu1=<(FA0Bjnvzcxy?
za)U~Q1>BV$4sP$3@+V?N0ONu=JkgWjlixEz%{#BpJ`JKkR|{H5=NT9nik)W!?hhrg
zTL>D0zF$ly30FY{i->p~-4VOi(DsPjJHmnakjiH_s03#3XB$KUGIE0}N-BR(%U+Lb
z3u9~xR}i%hARt8IzkdP~>JXqRWzq-I*^v9+Vnc3J>fnDAJU#_#qDPReJD~cZ5aPDQ
zU@}ygvM83uUK>qg&>Ub*fp47TUUr?rrINWq7Fr03FR3HoY*ignQ1r$`*LBSpLC1nE
zAz|ThY;sT%m$Y?~ndA|QMfp4PAyua+$Zv8TEOpfiIIfuNj+9z<GSNvfWk|}^A*nkI
zQ_0ur#9r?S`j9hN)L+LQF+H7H+(v#N1O(N;Z{<}o&UR04MfpUyRqf%3HALmk<${V2
z1hr|!e(}kJFE=iT9t|)|%&idT3p~~lB2j?-{t@*Ea+}<sR_PEFEO-5k2QmRF8ye>f
z*<p*cbggim7obx3k&ba9zZi_lHlRbX;f0>ZVMa`clR2oC#<}AP$x+K^0#}wtylAwv
z)20e!+ybRdX`0uDVa{RXB03{G5p}4L?uj2GlCYKnp0yHsP0TAq#KgH%1q_nGQQU#b
z3m_UzD)jp$iJjV#VrG)tNs-%bw_#@SbE|(EUnHBFvjQcW9~boP!n{92Vu(A!e?fHY
zN5GDUxNcCeBC1fyl^R#ZZM(*c4cl%7rGhhy1d3!*!x(pSJ9?;C5z9;Xc-6L9F-Xv1
zH5krLWvWS*Fbo);N!!&Ez4~Qo0%eXemgADmvdP*qVX<S^dU2EW>JFkRPH4$6%~3G0
z)NYBxd47qp->h(`$U%ktGHRe!0eo&W7@0PPq=W;)-7n6U{M*ZUd;6oqn<%zdLi<yD
z9h_Y<RSs*0;9|p^sDhppBH<8`qalOPUj7!1Io5h+#!P>^r5*{;Zcb~z@<rCvG?wf2
z&wB3aG^o4Nh!tNXFix5ee|i;z2$QT@6s2Vh#l0bRvO#Fb+tWi!c*1Xbpdi+48v`5D
zT@NUgvXvMJ@0F|DIBsybNc66Ncm@Oe*#f389Fg_<Z(Z@{uhzhuQzz%WA%S!Nr1+2;
zF&z=txBzg}*xni#j!Q3_4ZH@)tg1~gUVu=ayk+&)6=>|im~Bw}o5xfJ?!zchk5l=G
zhId%9KrcKw*q*hZt%t`wTiO;wFX$LcEls%b#B?;JgkDvK!)NT7Opf90l=So`19?Zf
z+Xrh8{byTS#L%mk2l5$tZ;;)MiOGjM1AU~rPRgG;W<zwzvcXow+yJO0)LVOGg5;uG
z+DItC{x=jryZuoWNrWp-HM>3V9>h!{n0>B}eSZXmo62MH#gaqE!)6yVufhA7yJ0Vw
zq%sit%%a?4^zPAlfv%uYqYtj6z6MBZbwR%Aki2*Hp{y2qcZKZEt9i9t`JAt>hb5WR
zvuUyLD1#&5ME*DSZI*8Xe|fH5b+!SED)f5)XhP!l_BH^2QMU;rZuCaS#WAzj?NVhb
zDg6(EfWS5uv3_qa(1aHfO+5J<isE~TvAnCYdpPs39!~C31TGRPs9M*edjKa`@@KC#
z-2Is`sEJ;^UbW$|)Snww)K=}hW7r<9VASvy(^6CDVC;@b?-yKDh$Yip5(e2D!nL(L
z28CR0z1VV=HE+|V9tp|hDEpeQc_6(45_>L=!$#t`i5ap{ZJY|C_kC|fTyf-Y3xFZl
z_D_oFI|9C0op>8gg%Fo|d8Bt-iv5>gHkB!s_h;p1zc=G%flP4S&XkX1I(Po{!6p?J
zRRAs$80S7o<*qkd9a3kYqZ4;n9ioZSgOC;~@x0rbVU#j8WkQ7*y=WH-a!6JyJT4)s
zGVM3*DYE4?=mwUuJ+WG6#q?<>7O*0}Q)LZ*CO`7&Vx;n9p>pRMey*l+5!v{MEPFpe
zghiffg}Na3GX(Sua4c?#bKUwA9N1KzIwJFtW#)c1H6U8v3aCeaczAp=#^KfmVs5!c
z@W^dYg-9mOLMh~=IN^SvdpPy(KsRE2xFmDz4L}3QkI)A>Kq1_)U=*d&dXKDcMNc%R
zx}JM!yz9Dib1#@=+Ws>oDke8|9{`ZV?9;28GBPqqlT1P`V3(yM>7wf}Xb?C@Hc${b
zUMUFAux@_~R23WS_bn2>LN3rCrES&DJL$G|`|k3m%j8?^F_4i6#ZGA>q>M~In>wmJ
z9hdoPdaO3%42@^AgrmD}&rC}+-?bp)vKigYurem?>fEUsmBA89!D2_NCVvyHEFp-k
zW8KfKB+RebT(c+n>}}Q8=R&|l+Gx6NG2Oo(0t#W_KwL5;14(=GG;O8TEF~l)luAui
z6UHn)O0JZFn=eB^RYz+)zim3G_OMybKAi)2!4VVt=9JN<^XZI2eMDv;U8Sy;i?GQ=
zPGHd}ga17I7sn$=e-4AJ?`lEw5qGXfl)LMW5MlRCI2tf65A>6D+}iYTqy7UF-rtOP
zg7BLD1r)k5I>_oB4pXdC50$A9zxV!51c(k>lSMc+-NMsDWN6kb4;)s_ax(M&<5&eq
zN$0BO-VGAkX6JvCELKo^#8h`+y^>!p11ex)Z;SHCEXOJy@mP*!y)AVi^UoJ{vR@z5
zl>A&R3u>V9<0|Iu^`qBW!G8%fq`FLr#<V0^b0$G&tI!;QM1faPHyRK~zHPJy&YJ7O
zlv5*J64_kLa7`6u=+}0QTct&Cy#m<e^7t`E<x#8|ZXmcq;_=-8PeyN}EYeGr_$Owd
z#HY(xxsgizV+~Lo-4^Ib&vE@`%LM*MgMaw2J?j*Wx?=#E`>#{HZt|Pk{wa=kCEOiA
z^FWI@V2A`1S*#8$HH&OANXx9>jycUd;9p7)3pfF#<t~p}J|`H0Sx5+dig19<lAN8L
zIZS%6Osm2WZf3E?C{N{fJG0J88aDy7F1`m<%?103t&CcOXQ!4SsRFNs1~V4Ueq3(4
zzGv;?ME~yXwKY3DU07y;cvDj<ywtJFQq_-MS`KOk?9L0)gIwy`e&$HhIostV!27#q
zuioPX^z{PWHd_a+o>k#l4!n%>z4CzzTx`Gd+zCl^K7=O=!wpY}U|?9*Q*w|m?-A_n
z9{21xcy)y+nribUgc=8+>4yZZZA(mak^uqjXH=dilf~ecy}~uw1Dt_UGxhswk3<#{
z91B|9$iPKn04IlnUP_V%9nrJjX{)2<T?Qks*|;Ws(<&7__xmfg70OYder1|vzlj?m
znV<F@V1tz%4hiW1a8vqgXgDdJX;eP*qwQl(Xh~@P^$l#TShdTse9|NHxj(onyxq1-
zgu<6QRq8UM4PxW6AYw=i9ZYeLNZPyjCqvT7N*O&rIJHWd*0|_~iorO-=Aqrq7hNx&
z%^wO6ovgtq5OJ9(-5}leK(QwnF8iwt3rUXNTvpw*w1-w2br6x0*TpAb0*uFk=W0<)
zyWaW6`D|lbn9=^~@LXAMBl~BPo$80zXTWTw`{%!X&&5R};Vf6KP4D^J11%+d<I~co
z*Gs8~Hj9c&o4(x>@==WZl`t;L5gpTkoO~A(X53vSwMMJ;(ekHd=34A76HCg}s1R}X
zy2nTR!cEl2MrUro7(A3;NISc9&qGS})u`lP%NCzxQZBr^O@#YR9Q}ZG02LyAL?!Ih
zf0f|=FhZICBKRq68K@%O#K6c1pQv%2>*Spb2N!l!I{f@1M^-r>YsMfbII6*;hnY6!
zdG21Y=MeqN-`+`E8gDSGYTnKzNY_Z!9n&en_J?y%o-?OOe@;Xnbh5tm@cXBY_Umx7
zAEj?e{;h2g8t9`dFon~#pYBm3L{$t80aAvW|2t-iUtA9^(xF=$Eq9zN0b_WFYh253
z?jowv5c!@WHqeVm=`@v8{IUs0T}!Y7AWdJjVowsVoN@QAnjWBP%l+7t8aYMan*o-0
zFOTFPP4IAb={;t|D!j&#0nTf;{(^NV-ocnk%F0GSj#GVu@{}^{e%BPo6sU`fE+_ib
z9<Nsw=T4vTqe84FpIm(|29or=V|>rR#5Hzc|LA#n)jgtl)p0)wFw-o{GyF^GBEwfX
zKnclPIA2I7{xt-y%$5H;kc9E=ZnCd|&|aT%;IA3efh?L25)w@KMo}kc$2c($4P1uy
z3DyEYIIOIK^I(Cw9v;KgM|z2V|D(=}Mx#b(0NJs>M<GE|P+p#V=>HId0YsU`iQZ`Z
zq%Cerga?pHlQ^^Dl}m}4$_%RZW(4f)#)rv}=g5gX$0~v;3A{f6F%0}ontEb0DzUs9
z{@~LuUeFU<`YLk<gp(8N{|$+shIEil4)xzq0~oIVvpfXI!@-GI>9dvQl1-Iueh24i
z*G&xV1F=WH3G%eb4*D~Jc6bn%mmix2?9ImlZc~6$EJQ>^_bmhkBjQom1xtyHE_bqp
z(B^UV3&ed}!gMZZoF!F%ebY2Fgr+|<S3SIM1@`S7mf=n$YqJYl^;pbegFj{USP*t1
zf)dY(ru^;08z^9c07Q&zs*qhmy!vi%`uwoNY$2qmgky$=s%$7ND}YL*^vpqA(~Zi?
zDnw^407ZSCU7FDgj$LL1j`tA=pJBaQt`i_lBJhUc)EIL;DUh9+e6MmD20-!l!UP~d
z$M;6`XWWa8U~7Pl<S1qMahVM~vw+gpqQ%M>&NK%q>F7N3io)VWU~YKhiw0UiOKKN1
zx1!I9rC|q8yrROilVC_U^&beBPZjv6nPozI$k^@22rvF;23lINpcNNOB>)iw1*Wx`
zXTrz0kGXTlRV;>4>?OiH%Xl?LGXeQbKo~1<@k{0^*iL5tz59p*`IlMyb?bo@iY<kJ
zPU`GC<S)gV&|a}aU>gNTxTG?jvE0lPQ>`N>CvL+<?s1FHNtj6!pEL4yZ9L_%??6YK
z8vne0W-7>ZCLwmz<ski4>E=|#YgQTeOGS8-Reu6yUf`=0v(m+4@Yzt!g4J`n!_;Hj
zM@HWSGDt#oopTo0Jl|H?k$`Pgw3|h_AwWNzt%Ygs35qucAz*^HJm&GL{wPpBGkm{`
zW&dMiVz&_(O~>~$8c)>)eygX|zv8?kp_-%e&}BPEv&094Q2M1*Ra6l0yZ_wnJ{ucP
z<l%B9Tq^wxaK%ogG9@y@6_wB{ht<e$$sziae-Gu2&O7B7Kp_jF?zr=<<4Ahn0y#zK
zdsBI)OPArLhc<sIS|EPhB!M71;G}O%`ncQM5k++kx&l<71(><(iFQ&#M1~7LGfh1_
z8%r#e;%6Tg$WJf=4RBl<Lm>;8heA7$<1!AR#*g)KJ`Y;?nZjSpeL>z7>_stlVTKsa
z3<U`+`=zDU#*mC!Do~Wa5&kLSEe$D2>cgVXuT8;f%Lu0YOV?sMA~EmQgF-sVKlbk*
zXct==SjZ0h#o#-`7eOTNidzr5Hmp^%?%f8yE6}FjUNo~IwzdHnU>}(u0M<!F)&`N^
z`WFw>vt7vlXhzdL#)}o#V*Xj(<G(^}YsV}_%L^qu7hMA)-cks@eWC$!WuG@KTPJ=Y
zMEnFL`RFo+{(Kt*wX7*dLOK;PE)qy8^+I)wulK6e{Aoy+8sIAp4LAr9Bt<Z+563Ze
zy}!X_OGQClxEjstRe58rx-7F9`KeFL`iYYu_nK&ijLSHSaA^2>iDUj3>iL#ifA-cb
zM#LiaS)x#z8L8TDc0kATd?}J@pdK4Wix5=-|CT}rLZlRq6tGHFUciuh?BG*ysPrlW
zGH&vc>Q~<lZxjqf>%_;Kbf*(9ffGJkb8z=4A@O}8=I@tl!yht!5duJ3oj8jqm-yF5
zyeKXtqD<WEx#R_5P6z-c&oboWRgmA9ChzRS@W#iK460QaDc`u)`$aAyhSS)kGhaDV
zp2Kc&PN~wysNa7OYx|dPSk0F}U&72pmmC#nA}!FVhU;UMTZ;7M9Gguef$tb^B8uD|
z7aAfn<p12S82L5i!BVsYKIy(-5o|?3B&>><wJ=}@y`t9eUNU)!RbVuKcJIV~Px>b{
z^<b1u7uFg~BTj!mJGA<E-RbaTr;F(s6+D9AZZ$Kw<u@clHnR0&2;ED~+d;?k{-ysL
zsm6<QzY-{Mk!{4^R0az<juCnh`tS)ID&(r|1Ld2p*Z#{_^_gAR@Rv54@Nj)wG>J@4
zogRSJPPWQfC{rtQ8+5nIaiP7~2yQt2{c5q<AX{D8)u*(eC?Q3P(g8RO@O4(H!%OoB
z*g8PcK<Z}7!QA^o6IbIzFB~|r>ZP|!AVH2mSu3%(7e+zdi;A!99pU+&mLcj8kNbBY
zLA-(MjI+PoFZ+Xkfju-ne%jIfU~QB+O>&%~lp46)CzhnQ?iK<LygF8)f_sTvqM))P
z1QV^g8l~t@u$T;d-I0t)IGvUgaS}8XV&(yWB&Gv-41*BI8ZOiLn<dmx@CaJAC$O&9
zDTOoy99HRV7k-3*tC4AfJKxF6da3`kE5Q9vvMCX&S0dx*$3)qz%m_MlUZI+04Ju3a
z5;ga(X_vQxXp3!x0oBz_8}nXe>wl{b6jUq(+koG1J`(G{5N&ycXzMh&seDAJqHXJs
zg{0n#SHBCiGWVcDv^cm~<<=?ep|k4~47|8hMEI62F0kE|K?SYS_V9p!>-R-eSVqe&
zq5y_(3uTb4o>v8li2%+Yw}q<>fh#t<nIc|%6x0ved$}~rEfWTXXe((G>onAJR5W8t
zJ5<)x1_SlywkK!B8a&F41{gv38fGPI_`2$I0z;*X-_7@BFPCWf-F_Exf1+Ce%Qh@g
zHo0tDzKCtj9147GjQhBJq2}=my_`MpoW$d-#1NF{5q*E(BlYTcj#g%nqK4HZI!#Nb
z4TJ2Fl?U&nbqfU}i2np~f%w4~kFQGb0GO{mx7BjaigknhUik#+R4FsB`qAzZod9;L
z03jh^8%Q+Jf+}m6y|v2x4Dhu6q>)r|BhC446H<ofJe_C8+4S3YFe1x-ly==@EWNVG
zX^o26&}w46SepD00KBI>f)Pkq@(*+Irozh^oeu&P7p!*961h-AkFEkXPUb1wl0=lq
z7|k?Br84G-<-M(*=C04Rnyj_i=`7C@OEZ-WBPPG6*r;I{5zB2R14dlvHfVtx(ZZjn
zt>1Ul07Y|$hlkBP0uAfqAV4t4*6*+G-Yx!gIU59hMb3WHf$1yifeYP71W>)ak}68(
z2qsky9UdzkM$F@#3=3cLcNwWD(AQSR7K{`D10u{%DF`A0UXTo)7WKeJx<OUdU!d_H
z+7l>v0426uC`M8`AD3Q;F0hJ1b-v-BaCv_qbDHe;5uI+ha4MUSPCPq#VU)*L=+QA~
z>GA!MnK74Nhs5csufEWLx&?FR-EPmyKG%bFR^AD|XFYvCgIrvW*Q~cETsJBQR!BJO
zWxI%piQ%(tVTNNB)<@Y7bzPQ>Y<_(p2422udUCQD8|-yqB@<H+$PuYH5Y@|r9MOH)
zV1d1v8cE~BFMU}{pj+T;d5K!~pS0#f`WZhXf0e^)`MDIr3SLoZaY^l$p$R^fKmI?(
z2+JRA?H!EK0Xha_hTa&sY^GwdlTnu49=?y(ePi3N1qHg(RVP*eTV_gYBWBZ}PFtr?
zEdc$&8*B%Y=L(1@jyVWufoQToIoALRl!WsOJo=%**uV<opq}SDP?D(Gyj{}8=FSpz
z?=jNhmn<Oy!Iis&EcUHgl^5wC^T@uhupZiy{H@(CxfP@1GSN;|AtvDW@m>EHv_RPK
zH;MmYKd403!wdFHxdzzpr){zN4S{-Q>GL!!sKCA{zl^^ZI>`6ks$40kngeNBE}yGz
zvmw4l6V=X?+GpKQslwvp$qmK}U+}hr=6v0y4iqTJrnk%Sj?>5SSlH!r8Y6CgXRqF*
z%6^{a1N`Zn3eh97skzz+DXy|ymF!}>)@54N9JPpdrq~L?@6#!5!j`gt0)EOGeR)~b
z{R{mY-!t7ufKbr&SJ6O|(N+7>fe<8YaS?hDBsPZqM6g0uU5L_k(`CCYGaU@|L$qIB
zC*k;RcC2IF6w&;^U!b9+ON0)Qeq+ujnJP8uy<53IVx|L!{}2+LcWyHuk41qNKX{t>
zlui*2TM^qIe6q)*27P2;umeJ3ZD%Jn&2Bb(x3de*s6^Z}_Sc6kIw!0V;!)6+{ooQ@
zfr9pO0_ASK|2tHqS@HgU6M%|O%5>+Zj}fZtjN*R!V`@LNB9N`@_XkWf2yxW~x8Bl&
zoM#l7WyORUbG-Zhu<7gOo;?D_T4s<#{)}9=&74f--hei8-P@aVh%7i-b^AARXG*F1
z2yTBVE8|X4#|4Ms3XedugFud0nZ{<hjI1oh$n&!L(y>pRV8uoK*_@ZG*sB*I(BSu{
zQpp!#p-=P(T$e3>*7pGgVJ-RPrQV74VZ0<9%V53}gbF!7-Oxa!<3Tc0v!HU`6uR~X
z$fMtSldOVO^%m?|ELU5^!1c|enIO?V{J=(C#942B59<LXJr`@X#7*xJr>49&w84;Z
zJpIu!Dx4mqu%&_G<+sby@X#x6b>fl*&is9v9N!Y3=CFj(aths6@=F#EloS0|z~s@u
z>#%&q<cm;NQx8yqCsAlBtER>%-E&@S3ya{(--gv*z-M`L+hy`Pw4&?lJxm~3z4v=Y
zA&YmJrLC(gN|vp1$ZTf(O(QPH>z|s<N1!MvLeKNGAF-K{O5043ypAz*9*zN1i6Vf#
z{B!=@Vyt+_yT+cNu`As<m#29Ew!k+2F3O&^ekJS5|C+;3MRz=sm6zp&FVv`%Ay{}~
ztNpGDpzUG<yw|#c10$6Ue`ShI_m|W4P1w#4!3?WO<$!%Bke1j!J3lk-h&nac-&NJn
zxJRt>rgqd6s7rRY<?PH^&<SRv4Nclz>V3KnTd|Z@5`LWE?qHIvQTgPimVOlbz!`>)
zGp*mO!yYMD=-o~&(kflpZ{iS+lo4DqW2sXglIz`B?*WFevn#%S89)Ltet;E6=LGCt
zmR~8okYQ>N%{UYmsvKq{Mtb)mPnj9yUVE=t-C@h;;51rE(w>co(o+&vTl05u2N||p
z*{A|USX_FpJ;G>ZAm8-tk!F=ceq1NW*uW)-bq!gxlU>$f>U&d02_P(<s}7AkUMFJ(
zvG4-=?Ck9AE>96^aDOi+B7d7|9rwvFIdb&#XQ3@)&jA#61?OnEpC69Vq1CmH%+GEh
z*bvewf8hfCLsycs0Vf<deZR2K`Vkeq_)_-}bWn`gPUC=Ku?s(ZVvr!<@g@Y+{n0YK
zX;K}O+M6{bIT#>&cy+yJ4`_aN-2z`Kk0&sYTQ)Xo`Aos#e#FI%F@t8(LobeSh8Po_
zQoDBsK<d`0FY9@++aU*C{$UF!n2K6LDFSE<-jg9q&&c@n=s;ACL-kEU;y}JOBkzRM
zyN6Wyq7H{I*Fg4$u|&%9saF)Ebr&2^W%ZlVWzY%ZmL>qr=20s@KaCOfT>x9}Hwe7(
zX3jXu4H-RJwaHVG$Dn0H<YSa-T>NlCVNZ7zeM6#i{+W((cwXn>UU^=7%ur%)23@ju
zW|WJipJ}O6W(x$06ogI@qu<ig)5B%ch!-I>5SJy17;dx3mc0<I*MPx7uJ>&lu5_I-
zWhaj3s1!__*cxa8r9@u?LHBvBLW<$!Ec{I40^0urVu*di0T6J_hC<*4*;_wk(2*Kn
z63~RQnZ+W65D{h>o)*gp#(pA>m^qW~e*D+WnI{gzb)KFiAbFLC7&&9vJ(<8|KBVY#
zo#f^2kZP5K#o()^rlw-&omV8h>#U&YKhdnxem=pmSr&wnPJsWk4eF!XCeQXAP5QDz
zn5C_)L-HV}zSX~{J^N-%2e)5$eqSLrqtK5C51)N0h0M2v@7tAu!Z3ct!pYJCkZ%bO
z55LouR+Es6Px*?}h%3S;Fb<SYnFFf5@hZf=RF*J^fh@Iv$`g!*OqUB^^~n<esh-mB
z@cjr!RM7j)G=`<p;OlzF#}{zC{N9?ix{H9c{>1Fpo%EKLmP{*}4bm;g?b2HE!CZhg
zr|Vp420_9DcOoBxNb=iGx}WYYvQz*G3OcSV5lzkIpST=?5dj}>l=UiqE$4Jtp2Gv0
z>IL?ufN8_!YF7T{#S&j<ensEA$OBTxBg8%4d4vWS2@qUsw3Z>c`7u_kE3szwWQQ$y
zo>l9KVG^Q@3r{pQ?`@7pfYg~o2N$GH!`M++jY&0UmKYRe?971)n35x}t<;~R?%@Xl
z)0Iv06t8_l77g!S-aV_Te9#LFt|D{3+)32^lduqn()=m;oDxE4|F5w~$GP{j^D^+c
zt?$+ouke`#W3b);KHo^8%C$?$fO8QNC_wq7dO?JtXMhN!c|$bBQ3yl$Sma|XLO)<j
zc(D(pEEeV0fym1tvxLCqviS5ORP^0M+4Q0*05~y@vF~qe%3NxcK)Kl#gFYxnRL{OA
zmx@R#|1ZOaAZY$~*ifGsY}ztv+b1`ESW{Ce_3Y-9YNmX}vo;Vq1F;<x)LIQJFNvOH
z5Cg@D{fv9*Sr+Ca?C8qRGK<F-wR>J-{NSw+ONqDa`X42IUO(Fuk6#A;G1b>Ln*=7b
z?>%gP>ZShjD_!Y7oSuunf@Y7MD-Q-!(4W(>UKs8zRsbtzs=|M<gDe?n4meBmBL^!1
zVVvJDDNu-{-yyQbuLXE6%`(@Q{fU&7UA@nD@xD0(7_TI}S}XQfq)d7f=8~6q==~!b
z%j@ZFB19tK`EAf3kX9k<Fee6pGWpP=3dtqJuiv_eObVVUq9CJR)ZU1<qp7w*a~?dQ
z6LvbZPYy;1@5gWyy*xSw*;+O5wmi~~%RC3_sp}VePw1ZLyM_2#JqZH6l9UQ-$-02x
z?aE?zJwnXz(E(vvP{zHhfO+x`l#jTKFy!nPG2$6KOcbQ$x+R5h^A#gba&QpmI5+71
z7#T!YLPYSwSq`-jk#5rmLI2RI$iI4VUhuesq^t5pCAcv*h-(=4?Z0MSY5*bRw5RB{
zfcX(kP%kOa?XcEEQP{C~1XM5eZmTai=CkN+6eQ85r~$(yim7hrG9i51|HoE_EXV)<
z|H_c9ZhBZap8%P?rLF=gQ!1V{15r$PP6IN3^Dm12z`qFCk*vwFB6%mC2FO^#^U<_Y
z`uhK`QuDt$dTi{9Z09?WA%ghco<2}OJ*|oeYY%QeFZhmV0eLtQqV=!XE#esPKVF3T
zy|Y68v{d~j0-n~EZu@4`XG(ycnNOY)@*@-gDmFMs6qe8{pav4e-^@S$>l6XMds$rM
zugWY4l-^vZ^L7MovSGgE=8e?Yiw(K*;G)2O0Che8JF)-GZ2J`Rki&h1D+Y`^9puW}
z)C1Pxf1}~zLaKGOgD-k6s1+eVtfTb8hGg%ghEP`DI>yd)z{a5dPv6A>k@6Qe+Kn3C
z?u}jgT^0~V|GV$vI!}3DpGq4Xe$BzQOdQ3V?{?Pnk}v5h3L&8W>HCYNd$*7pGpUa6
z${*}ozw}3)9!nL%_pn4fN00f^cCqPGy>ur;(Mv%_%iGfUU>6yoIxvXdro-p?M}12S
zWM{1}I}B0Kt5Tq&xi`J%?e_bZA=E_kmo_*6WRC`L@KeZqLK{I$j{Q_YP&YJJHSBnU
zib6)s9BGxo-Xwe`?Mm{rN@YOT2Wv^~Iol5zDQm<cjd3;);W2CS`G0g`@*ib0XR-Q~
zegZ1Gc{nQnRCzj_o0V1Whrls8m<PsSVq%|R+Mlz1cDxZ$CE~clS}wiPF%VkknKV1U
z9!cd9%{b|PEH^Et7>0v6y?5F>IWwp|2huI&d!Jw+iicKxYj5Za1RDcctfZv7C-%^^
zPgn`u<?w6&f9wJQxrT8c?q39eS=}PNXYC#*5zK+wyYTr=S>KxRuO?{$wT>#(n!$ie
zr**{is4Mo$Ms+iEwnwcvJiZBTFGR8y7<EwNvwG*;FU@!{$jQK8nqscK`(bsom_w`T
zmFQLK;Cn52Np-iT^wV(w->Z6?-oM{dy;7tkK2EI*MkCBx43qbtmVo})kAIFRr2O+N
z<@DZ>cwthVnMy8g%_wgOtW?Qx-A}IAdazb%JH!zU=d0Nu#0R%d({!+4POYkZl9Ex+
zb8g~O)A+#{GjOVGWy}8z#Ib}sg+`-o{XQdU-CD_4{c~JG%(-FoOP<60<1)8OLkaug
zCt?eI=*hHX12p(@-pmCs$s9&TIH<V}J~<h33wA$VyDAw0q8T^pawgKA;#JOu*5yz`
z>FatnCK8z8k*r~#2pC%nbgNEAny-H9IC#O>7a`CrPYwKfndQ>)Jcvb`RPKG%TooJU
zlOX1Dsb49LU|rK}Z<<NaXQyS^LS!Oj)^M)*&w}}Nk)N3E@pOMVS{_s=T^@*PY-(Ee
zsb`<dQP1^2&z|Jy)u^>S)f%pHk7JfQRf|!|g`f}GdcJbV)22IiFy{^Rfz|v-f3(7*
z#90HW)Quu%3vm}LmtLQjlN@hn;47vMKXQe0CPogbSd5C579~1ZYB0K%TX4@SFQ?0-
zIZy;RD|nU_oao~0)1L*W2Xb=Ef{Fjn>u$4f_Yffp`=6fg72dvm+bQ+aVzFe)b(Ial
zh(Pz%$<pWB11ujG&sGziwN}<c!HjVoZog}I_o@z+D%i`%U`~)=`!@8RisNC)oBrF5
z@YSbSZNF0AZRyNb+}BPZO30A+C(nKk{SZzrLVxU-7glY5&1iC-&|0}!ikSZ9XDUYb
zGr!%fDdzJs3Q}p^J>8V7LJf~o=X~gF9y{IC+Rg%)m@-`E5<wo&ZJ)x?G;0!#Y0CTh
z-k#Q14x9eTxZMLr;eNAjCGa!D4lC^%rTyF$W0#!q!jL|*iJs`muZAJFDfsj|e2=@V
zJt>$hToUvRU8y~xZYNXYHd$Hs#;RyUF}~5(A2RYu?wsk_+q*aS?&19qZK#xV&2_3e
zOJ1RBU)Wet5S5f)({V{0EjdrtIbXIb;Kg!M<Uc(+&2oJz3j&R}rKzbeL5v{Kd>q!l
z7-QDYbU;;&d*^|oR+%Y7eqZULWT1?w;}R}o02RBQ2S1&dbLglXHRYrzI=@GabKHWX
z)e3<<sJYplipXl=*(;8z-{ZX=r4|!Yya&daw8Pn(=v$e8qOi-2{Z}W`<TPmBP_21C
zE*Cs_^C5_biP%Zqc`KHT3el8XX%jtijF{hBb{bphhdzrKU-st>GxiqAStvjZIKR`r
z54@Z0oi0&0DAH$%Q%zQ+l{X%9i@I5F|HiZS8SJ3UM%CP1hl>9!6do`q>iz(t_T%tJ
z#Qg3rI+aaDG6Z9K{GJpnc9}Sk>`^QqjJaN65#DE^HUf{$Jf%{zs4!`Jd^k6QM=$DV
zTuGnOSEuvJx*}OM2x9YX63QXNbKZC`d$3W*F)z3;EC)++4H>-UDeMqnu37ed<>-mF
z^|!0;hEvIpdcZKkG*i)&&38x74qmF{YBHxK?81yv&5~SsSVEHY?zyj365ZW=w!&!@
zu0>*zkzS!lRL9u^joq(yuI{t!={C@!m{l$`s4>?TQa+2`3T@%qDl1%&+mKrOlAzOc
zbSNrr)O9qe(?!Qm5a3A<pRt-~GYL!|*DRNAj6X~DsGKg-Y)g4LybU)lKH4$PczsS;
zZvW{wePoLQpHRa7Av5`_l-Y;dNeePNM0-XXiD;F_kv&xYm~oSOY>PB<u^F<~TQtsV
zO;Ge7cM-kZFYfSUE$$e%{c0>WK29pOY;ZfYI0}ET8ptv&kqoc5&DdFb7clL%{~f&`
zvG_>Gq4evjLtfE|??H3hGSw@xorEqvS=e>Hmgpp|qy3MVX9><L!UbX+H6=@3XR;0j
zdd91RgGuD7;M&j5Sw-uR4ocnub(;Y?{9=@aq$%u9vU>Nkhhr;91|PmsrFw58Y3t4D
zqd~#GuF0UYeCSt;@O4^p{xh;egHg-D9jPBWc5YZE{SQ?A`tYKYPFEMC)|p;9+nz!U
zS977+D;uh_g-0hRUB?^Bq7`FPQ3n}Ox@;gJ#M$#Bky{qx8rb!~qk%yz)yet1FT8=W
zZr~L_LIXzf(Z(Oa%z*ee@ybuhu>0~fWeaN7T}=A;=w3a7G+;PkK92jJn&Ny>ps+nM
z8Q5||Q~Ur_lR;uRs;TzNYxBY6=RSSX!bcK6m1FGw(;BAAm=P;vzmy%SRsvJ!06Ehh
zslZt7IZ&V<0<)J5f+ISBHsqzMAys*3DHwboNRtVd_hFQT<N757C56;_uY}IuuRd=W
z8n_>Rq`mWL@Gu#@`s_H~T(g!7l1mt318&)nm7H{}<5H~QTwJR8L|}BZn|*UQD)X6k
zV(R}z)>{X)-G0%7!QI`VP~5FpaVb_xfda)Hid%7ll;RErin}`$*Wy~-A-KCkWb=Oa
zx3fF5GnxFCnI!Xho_p^(=bqzhLhhYxuQQteCgc7eJP^2UshKm;rrqS$MA?2$?q1JR
zy1T6<-bAOGwRik?Ux^Rh$R(ZRHzVS-TXjDZCPy^fw6TTHmP=!FR(<yG6sxoPo|LLx
zjK8N8`F5NJZs;jHt}LYP{Oj{4In>c-*Aagawe7&XF#u1Y>;9I{j@-W{swgLt0)~Af
zJ$cyf><gTWkeTha_&GzhT)osq;xZ$<Aqk@SX@&%p0@kEMV!;x}8@y+UoI5gkj+e>B
zOA5euQ8)L?hYRrxfdU8BTXv+=>2TwzfNz|aqEF7V7eBh;7YU*dEXUx@m#{xw8c7$2
z*k5w#lB~urRrfPtao2t(5a(8P%I5PtUod;hqayC3pE%(g{Hp(+!#y~x4_^w?cRv7I
zEJRHBmtE%8cSG^xrneyOU&pLi4nN#iq{5Agt8Z%Y4i!+><Z2#`yhHYyY+2D3@UVYM
znD}nqCvZBExk9>|?2LhhcOCF;4XQo3(f)l$S3`sNINYnnuE^x-w3gp`qA}1}RrVEY
z-~}>AjQ#K=)Up&0pLp9RFmC@3gi160-a}-YJ}(Y^AR4}@(D{Z2RGh6fH@ml~`KWSn
zVdOS<WhQyN*5b@_m<tR}bQ+2|9>R}@Q|I-3*h#qLYdyf8BiDvf^-Om7ZCuIQb9d))
z>^H_X`xPfYWrj%(BG#&hG6!KZ@xKn^)F<qqRooHnRmHoWSHr3N_4~`x<oEwCHN9R_
zPPv)q)HO?WyvVP2h=m0QoGKn^STur>y|d@bGu8z`dZG5sFAMX-Qq>8LJ{RX*-~Dpn
zdr?b#sbsB3JF1qT-dPi?THPMsz@t92{e%;Qfse@-!DUVxvrCXDn9Zdas6eFsDH{EQ
zQUbfFj0^$E;HKXau_~d3TJsRO#ifyjs^GVRNM%Wb`SfMK%PtPg??vogWCq=j))^L$
zPVsJj#D8O@oNY?GeZ<curoe}=i;d8Ui7fSCRs<1!#<~@9b>ir3jkPJz#p!U!$J%F<
z&#n{r9rMe2Bhtbj+*EG0DEvdu6%;9{p~rrh=2IgB$Y+Kd`Cls^*aebi&`IC_py#RA
znhkUn9bBlz0Vyz3PP#gfbg10_4$__b#d)NMf$XjM*M8|C)XW6W20L(CAop(yTQdDu
z%U{}6JOQuv0qw|RI?mi|!lr+bBic3j%MLsd$X$b$IFS2{jD+Ni#VxR?SWoro)-(O{
z5MS1}8j)o+YP5>kYG@I?C>TV_>n2rC3Sb3``3A|4eW#8Ht*HcL2wq+j;mdh*YMiBF
zM!g-wwycg$e=nSCC@}cEJ`y*Nz{6fO@9BzhUU?>ZQcm*fZmEQqQ|;jP|8vNAFj3ud
z)P=8qP#7(UzKkxMXEGe^5m=E>x{+bwv}!+wEg~V~r=+JoowK?Bv;6H+7Ps6HF&J%l
zI~`tkSx{8=VfnqY7#2qv-OB@8Yyfx9flMkQF=oa4pKe>!ID1}@K3?e2gTpf_FPe9G
zEs%VOZsV?kDNS-SSD_7>SNq&zXUE9PW`vm}V9cs%(|y~04B+|u(secB9~|5M|9AoD
zRvCsZhN;mDG9j0!XC@s6N;45#49D6WPv=UZ^*|f=r+siRU{sW>V~;FLc{Px<!%_~q
ztwFQ5ea@y={Jh?&KLVX>cd3ek3y^(CP<x|k2m8aKmx-RAcDvgoGvLwked&CNNr6cG
zpeEZH!u56JIi;P6$jHb#^TBBs%46+)L%52=l$XCqR9xI%o+#k-dUtp`oUY;By$~UZ
zskAGKcSeSOkkUT8X$XtRXqR+Cit8^amLOfTL-*S<WUF%;dI3fx^O=~iEWcpWZYH6i
z2*Y-mn_eKmxGSOH1u}$)7<ddFcVXu}>#3sbYH>WM5<PpbaQW-<U@ABqZ%g8#by^Ze
z`1>81^c%RLVJM46i2HnUH^N77k(ds<uu)PWe!&R%;E>AUcr>!k@ps(}4?C`!Yhm^H
zGMlNj)p!UVr(*Kkd<|{oyNy7dzQKV)9MD@9<H?U3`PSi1oE1fgon_a#0S_o}wSCC3
z+1g@to&6H-0nbtHffin9y@I}_Q+p7o$XEJIew*x1??$ydR{M#$W;Zv05%<bBkr1sk
z;aqJ)bnybv9e{FBv)o~`Jw%6Ujp<2q?Pqj1eM`E~Y~Aw=`qW5M2^|~bp})TNjAY%X
zx<|b9VyUZRVOiwUicLcPnQ2}a4C@D1F0%^6hmZ>|-<Gj*jk;w5edlYiCM78b+``c|
zLx?JW*|Uw}gPHAm$7V3v<8w#lyM0W_1p1!8lz+a0c3NHCC@`mk#MF>!%fz9l{J(wz
zZ6y3$$l}0Yxq62RNdV?xgBfZ*raIEI5s)`Vs{K7>H^Kyh@#>-!_HMk>%fj2VZuqm=
z481Cu?%DDPN;88PKUEssK?toC7=?v#hhm_@)4-@$s&~N%NMUUcW=uhFnR-CZEhQn;
zOYoESrACd6(JRlihOT6H^k0>bEx;8&pi@Ow>Rr<{&YZMnaA%ZwFNdTgZA94VLZ$A=
z4+0zt^dncd?}&~3)@K+*nM<?9Qs06)(TlDo-!bN?QS?oyxViCL%<{f#0VpXcv4%z4
z?ZLAoP;L*WEuj5iwi-Y!W%DWD2Ke=|2cO^pd3Nq|ev}tZ$?q(Haai_rm#kHt!foQH
zG6p{Q%GgY@{ar;37|`hpcX!qx?X_QA6mYp!_NZ|@-zq>|*3al`{Gq+<&HRZm;4K=J
zcZZA)Y2bkqxuGvT%5K1NlbFcLS7}53-#H>cvJ*eCP!k1~vJ*p6!dd=p4E~>vZ7yUx
zS^`32q-gl>J-uM;pZfYJvm7`<ZyRD1-j>LkdUKw2J)j$R`*MA(@#=|==9tJ4AX69b
z8r;;{9g3UMrTId;&|B<^$J^+RYQYgqacuRCuxR*wSSi_q^iE;sGrPvpz_XF*J{4ZZ
zQ_eEKPmyACDwS}U;^m{wb{h1V=py%hd7>h9f=SRX5uWGUOsN(eVfMM&(+<$wA0nS^
ziJUUv50=xmIo;Ptf=ZQSQq$AVv<_Lw(rzk-obpn>=rSz0`71=vb1_VrR-$MhR3pL-
zS~d56p4rrl;F?})BFwr@s79cNu7y9yel<rV(|<TI9>-&Ud537f?p+XDVriM(9_>J2
z#aW%N+{2@n!?6Yp=_rjGJ1CWY3*b?GbyNH9XBpQdN7^>g<Pm{|^YdsJk6~|!<cUls
z*=?%4;+=qzoNMqfUPF)6yDc%$nGQ_`kBZ!9ZQ>t>J;)k0M!&{uFc|}M>}D}JUDenu
ztVYL1)zrgMmdU+cwu$8rk*ZemWaP*tELl0kSy|CZC&&P@6=Rsa7FzYBPk7IC9M3bs
zxxExC;S)3*GAerkt*v{ZhW4C?bBKoEj?geU6z}m7<Sp@S{6MI);AQ%NUR7C8gz8$b
z^hdX;iA@@6e}m9iKb$&`YxC!%zlaQcd!!N_-E_HI9BmGum3=C>|0-UF^32r{2org&
z3B|8=$aMbziRZJqCKT=J>Bu=D<4TPYxF2W2=i~E3T|tVszQM+Ga9wgLR7ZDqaF?-C
z`*Cj+UQg{P<5zI4_t&=-zDZ>LW(x{tH9Yfhl;V-og@`YH!~6JTGF2?$ha8Vrof18Z
z-uQ48b`$Fxs;{rhTVHg2$mN~*3vhg$__W?4)Bl%)(&sK8Xk1qF(pb5QKlbiyGzvpB
z468u|DmHIBxx5q;qt3v^jGVI}fjnI^nyFGP<^NtUwHDX%*Y&_WsUh{k!u%@23GQ?D
zh7uZe7~04V^I?>1U~S8AFx$i9l5N!e)WNYdv;ICcL|t_0Vx-^=_oX&pie^yvOMGN1
zjkfJGo1TcSS-{cO63;aaAwr}^joirS{nd-rRLO?t0-bYh&24SFCu9ZT4f`Se?|JSp
zNa@Gy_D>}GMX|B5D~1;*spH<{N946C4<`o)xKQuBGV?(d(8&qr@rVaCB_U?K3s}<U
z#<E7OMp9BJ!LD6sExoR(slW-lTm(8WIQaKii)DKVhwUl>Yo^6n>fwFn4+}`{>5>e*
z8_oaetZvy+6S3uVj34Q+;P?G9<ljI19EDolYt+{m3}9$3P~ocl7?qY}OonjknDOt9
z*;b8x0zQisA~QpK&mmsi6rwoohHlNykE)r2E6T%*cQvS52?Jr_Lw!)A72i+4b1@IC
zm{^McF7|NCa!KKpX^v-)CPi)0Y5d*Y?#-dXhj1#tiSBl~;fI|`x-#pfx|>fl8<dU#
zb&te=JLmsAp<0#hcv%8sa$+?cCTsV2tqWx++za+07FHVGaS$E`erhK=nUeeTte&^y
zrn!$!Go%h#Mt%KLw8lGq{A0Iw#`F^1{yEX*t_w?G-K7Wj;G0U=XGO&;D0ttYMtw{E
z&e1Zgq^m<C9YquGvJhG!Epg(sRiIxLMVoB1yFQOVYa)tw2qix7A<p-Jo*Gx;YL{u{
zzLRrPkBA8Z2ojY~E}YHF-B-)nQD0@u$&ml94Bu=oN#v50Aa<hrMHhZsDP`O``*7<P
zb@J74D3@9NO1w+c!lk!a)4aRK>yZ}TQlQ{@QOad5I%fDzWsAcFincI=`EcCZ4yY+P
z&|^+)3or#g55;6dPrC;OSnLbV{fl(QZ*GOU9{*m^e8%kA?#jf1Ty76GvTOb6T=3kw
zz&ZG1wW8-5FfB}5)xO&17o<UDc78D0tcvfeb=xH$=@|gKit?b4x_gH1x&3QqU8M8K
z2EHrXK~(P?j~>*0ma|B5Ie&N99PsvZxM|a9b5lhpSHs7T)!uA~Q#%WYUxRs=11ghW
z4m_6ZNj0RYnshl|CFwLAmsK#l{V4NLAFi>x?PN)v)kB6*>nf!%wcx^mc5bh0soB9T
zWx7SzglgOv!ib-&@9mG7HRyTkuBYhqG40;ZxFoiX&7(|*Kw?ZkG_y+xtK|MRFG6qG
zeV;*M+6rQL{L)eLvU?L<D_}i^>gDAHMja2T{fQaG<=QC>WNGT2L92F2SZnvhI@@g4
zGMF_dbF%+}d6L3|w252tsV$4`p-0z+2X*+mOs$nP5#wt+o%br0oF9+sV$OzFQaude
zsUsuU#7Dq##t*BXFz0WEX;V5ecMq&UP)fI`?b<*M_pxCJWNC$+!DB2ZKa15$l7WyW
zE8xu^TiJa=MrKHSso@G~e=u>S@b@PRPetzOlP^R7=@7oO<;Obbp++I@>8!(XGjbxA
z+ZXtN_OsC@Y*L{iRl<5g@9Oc<Mk7NlGM1W6;RN=y`}ykb&a$_TQ3;n3-J!ffsmXDT
zR9{#U$pFmDlpH&kSpHK@lC*@Q2Eb#|^Agj1it(F~(LKf*Jz^ZIx3ccGP4^CYt>Gad
zg&a?Vb`<DAa&XI8<GGJ~#cpqg8MjEvKC`x1g<fs%UH7^bw+VR3)A7Q~8B|ph<bE#V
zN@-~fDaByBx`*LbvV^y%W}Eh}#p*x(6!0=#Q#eL@?d-1Zof{=3{OtM$cE#2-9Ixh?
z_JfM+*2_4^@2Q^ikW$ApjAv~gk?NM;Z3aKGfvX?PP(Rvm{eph?Sc_(YL$qu(a(DU|
zO}f{%jCuYlHy8(Tb^i*;{$>p(lhptt#ec8)7c=WVQkol3vwD>!?5R>i6$%f%zqZ~Z
z%NxACwhz2Lv<i)#z+F6DNz);4vBg_oPlIgN#y@ntJjsSiLVDM~0v@jaT-mD_VpGE$
zMVa2m?#WbC>Ors8TJls1tt&(>Mn9<k)B;wSnzGR{cP}2#U{$opgD}t8qp9Ixb{XmH
zu_%fyA&B0o3evh9g1Q#gjvN*5*IxHttVBAXUit}XEPq<ea^v;QS0ySo+mZeqWV91y
zc4)@mp8q5H_Wf*1+UUd;EO|6w*4n=79GJPA3OJ7LHklandpKiLBbVYHzI%zNnh(U+
z{`M|`#M5f<5c_V&u!RFjJUe3zC5L6$wz|Y^IR8`rLg~|s<{VWGrox8UgfxB1GwttM
zEb$KgLTW^dg%?Y{^si}i5rsjvoQ$S_<(Z>>5&3%AnU9ED=lu-cV<1)%f)?9n60Y>x
zMJ}c8@aoDx88CMJ0hkMSKr;cIyLJQj<9yzl?Y<_}sP^%{ImgQ>stKN$HqLZs1KG7B
zp&ZS0G1CEnWOWG3+Z)=DS4nNW#a5eu((^RYc&XBNeGsE)CZGF!Ap56C=-9iHNNfY5
z3`32$T7>w60D?SQ&ctM=Hw4SXPmkEKSF5=^XnxLSfo}Ip!41;Fv1;EC6y5@3@oYkq
zO>CIedvkXgFoPZ3rY^^GgM(c5=GV&Np}Tua7@hx8-qxdywcRcAqU%ZFCNYNW6_C6K
z8t1|5CA{~Q%YBqG9i$d@Lx%4-4^EukxIN$R3`W<v4QhbDxZOWI{A7^pLA5_Un|$LM
z0%s0-Z>&_CLpsZ#a0{z_5onf#E8>@0sGK3^twydSQJ*#mJx-rsJe^bsTuy3Rl;0|3
z4@FDkHvSi(MM=MDiq}ej8Jp>6N1TzAh0p`>Ag5hV4)IX>c!HYxK3j0s9t*vl2zQ+9
zTvvf(QUfLS_c{%`&i5blDcIh3Ad30B$~^X5KUSx6XBN=IBrk1IOQkoId6-_6<XV*Z
z8I}R&LM$yZ6@7cl!mc$64j)%UlPI8jFP+eR;H~Crvjjs;l<_JP!#UhO#Jk^o4WeQG
z7cl@ZuP%5t@l85-EYkzFPXSY#a`zT=V3%sS!w2Aegrya5r+@74e>c%)=(ghF^r9wt
zMs3wvD9o>tx4&fVEI;?STS`R)W2+qYbdR(eU}bpi8%ogPZUY3`o*qo%QNmSn+%y}^
z61^^a>rDdZBj$8~+6l7{_UKw82!m$e<5x{7+qFO0Lr-#Qd&oBxx*7n0)7BrH?-%RF
zd6Z+9FQI1OnRC}G98f2q^GQ7C8+*ic>6gQne8r9_N=W=79j!?lAoUdM*1hdM+=<9K
zs5w-Cb|5Mw+r7k=H8jYAOA;0pwzb?6O7mSyqi7EzXLT$VcytOWpUHWn2ZZ+p8;$v7
z{{IG)x-ib5d^J+>5P`!`5|zbxo31VDini79MJ_UL$f!Vi<9(K*HVU$Wx_=Abvi@(o
z0nOeFKeIZIOA`GAT`Chi^4V_gaV4~jtr}et6)L+LB)V=A>>lc07n;WwkR0}h%A*MW
z`5AU8gsuZ8DYR`@Hnop%4CVAv<*t+)Ya^aY3Zt_t>@tBN6ivq3`llg(EN^|}Otbx$
zL*Fu`!k{;pF7^B&k>}ZYSw4397#}6news`TkB4+p>arsJ%@l9&&#W1gn_m56s>aGA
z)WX9`uxPxP1%y9C3-jNF!en9z4DFbCV9i&8PseJUMUqR%$|r?^%_aP@iT%bsB;$GZ
zFp{*sVJ}xb<tr+HF=~*m^3mZ>;qH7&R)+*#S2S;e<aw{HNuA)1f%w$W*7-S)%S|Ly
z9KwWG4`1KDkmntT2@R|hcqeE<m+HapxLBo6X@|+5*NWI_xGn+Gmlw$?2ps&K3ts^+
zJG_M}ienK#srF=(7@&Jk7E7M8iyV839b}}ymErVe@APhfvGyjG#9QLbB-~)LdQ(G6
zjUxKww6O9z{a0Rg1ZF3Z{OiOs2MgR=sc$$3`o{&yvml0$f7JM`Ush%mn{DsNGkTew
zB@$1SnKo;{#%q7<@#wZ?+1ePx@&4ulYsR$*4!BeEHb+c!Kv9RI*9mt__+*bJ!EMnj
z>1pnLZa?s9sCweUesrYWYC9Pd&J=KGpNYC3G@UR$b>(#B8MItHJ;Eq|;!^x5^~r54
zSifen++|h=VgLS%gEzf-v=a@4S)tapqX$(iR=l4J?WXADyrNkQ=vQOa`TEp4siq#B
zo?yzWU|QX!q@V+P+n9g`%qm52+o3XKTDM2$C}jW%z3}BAb2?(zEco}f#)u}1<7!MN
z`zU)dbBZBseZOj19{eFmN=Jd}%AnCZ(2r=C*fxW%uhyDuV7l+>u@Kfbj+$|~iu?Sf
zx$W_+?|p>a!H3lec9Xwk6OLzkB*-^njo(vS#SX}vuR0ZfX_!Yvp||4<bSpU6?k5n$
zbO@XV$}!iff`1v6L%9n}KwG(WWr`*2=DEnbTZ8tjr(bC`9x$WnQl5@#rTVqFGE<Ud
zuMb}70tdnn4L&F<hi#jv$|#)J-MgCD^s2BL6iarhY5Yu{Ghm?7`eP@G_y@mNVT!;#
z83x)SAZEPlnJ>koXOqB>nXKxYsw8+|)Y1_a4N5Ck)hWB($K<uH(m)@A_a3)sGIn$P
z=vj8CCBh+4^gT~38QPOLq$<`d@(6ySLi+7d9OUDSp!Xr4V<wRQ$-500wRWCaV0?&~
zIMsjiO6XPc>*3RwJm8rSDWg5Q!wdJq>GdPw#OacC!OX}2_V1XjP!I`~cUb%T;C2%6
z;&a^!;G=awUv)X))3#e`y{GlAvN6Dz2?*H+Rt(Y2%9+~&{4_pgWn^=ZW(q;UeAE={
zQ&-=l>0Wdzr1*NHU#5GWa3i{av@l%4zW!07stwmdiSdn1L6nTnhZ}?MZ&BMYxd;qn
zx!LxZE&5fW1N$#-Z?sZw(r)b{d&lU~(>31_$Um1JY^BwQaS3L(ra@?k{++BNvITv%
zgYkJ)q2Kp>MN+il%%G;g&|si|LB~@(Q8~z*7g}Y{eA0j~$i{`weDzutQpUe(Zh5Xz
z#p~sJ`bCerI%E=}=qbs_Y_6oOl`a-*jF5)oY4%&rPLB0ax+(YwIk~u&-)HRO;@}`@
zX=z<uUn5XaQIUS6ucb>vpH?vh?C0{jCPitAiHf4gx`2yaS5b!P{QS(og%TWrPz?AM
zB<oaMcrtPj8J^mQ4?mPxk%F_jDtv?6!g!%djEsjVqsiL0qB+LLsm^s;qC6%$TgD#z
z>v&N=W``8ff87AERJQ}*gD4V~&4uNeVdoUj&p)VM@eZHrnz?c)m4?XO_%xLzGEOKx
z#Hod=#Vgx&;ZxxbfXCPt?!SmQ^M+tg7qhdHF;n{&SW|<@Y$~O?3V7A@(t7ipDNLlV
z$jp2-m2wHUcPFE;yLyz*s*KE<eNLWz#><7dC(aV?fGGICrODQ{HhOtx4P#!06&;n<
zdG)DTQV}nbc>9`vJeK&D^eso_cFEfi$UF2*Hwk<OYpsFfPvghtte}-m5S6=Wt9Xn+
zWVEy?v|8(Giho=H3a@cS-oC{)2?tu35c#g*NmoX6`WUzK3gB@n3v`kU$nwa5ea?pC
z<(jEVw9yUw%l;zo;K)A|sh73~tE~`;QgMj+>=%ISgd6d2Dy_vK1({=pj-<!~%0p0s
z?iA$<W;hs0EL5x<$}LSy#3!W0Bt19)8C6rJOucZwT{xlw702JB{e3DlDBY*(ZA0k9
z{O=Q$xPON$yL;fHVIDjX>JCz93H~?ys<k%9b9RrGeYn-kA+yx}If1u&gOXu{NeaL-
zD;KyFujEmUmJ_!Uj_H`#Rf#=iFgg=#<>~ca1T#?TyB6V@wGGCc-#aZDZd~+O>(gl~
zmyIe~TBkoPga=#5H(whL8<==DA`px%twK084Dp7X%kIcP!HcY&Mh%Cs=tsjJjc=HF
z0;;yw3h!gBa+}e1IX~%t_GMmII^Y}UXP$^c<)ch4tQ*bzcoG1CUrgyP-=r*+|C01%
zkKjDrU{#~p&o{`_8VBU5F4b^)AI8zt1-yQ_XBxcNoS8*0@$&c_Tv(%2)CW0I;}u{-
z!P%JX>-+qa^Cn?w%>A13CK};0Pu*o#KP*jl#!cqHzD#csxkB73l$4Cx4|Qoiy))&2
z<)A)n!?1T&`>7-PV*o<Dd2T4h1x(wWA0@deQ2*17Ju4GOUfou%xv0l^&kq076E`jg
zMj%q}IN*vM1G4^a=$$qaY7m+9_^;}Od{vRQCr}>}Io}S|N+}zv+xbc(+Lx-QjAD3u
zDUlF4L}t7Atv85=ftguR7*?Uvv;C$U3mFZKaamPlpE0uzfEdlutJ+oWgW^r{T{2!p
z=U-Mh4bx7D+x#4Q-Jg0CEG!N%z-Kaj*xaH3R7~1vebN9;yL3nN#<@Jho2(?E3tGaF
zU}$zZR2UhEedD%&wd;Nn&PDDhyrI#Lr{+n@Bjz(dq`Uk>JXU*=1J_U|xHStOEYxhH
z<szRPyBE0bh4B&1&I#Q3Axz4MfOvtZPjgS$aTOg6&r$$qPrJ!4v-?xqX&R^U{JjN!
ztJ5zgpVUW1>F1L7dds^=l?;2JugaZCnPJhSjW`2M^MbA4&)LsbIx-zGXW724vQj^v
zyIB9pckK9XdsE79fGp{KMenfsR9f-1yH75YL+Q&mCsQ%qdztS=PMnZT+kzQH^#@N{
zAp*6DACgTr+t?rE=iaWfIrc1rE%bVEM4rQWe`-E!dzCt~)J?u`muhv89FPc<H%{Hn
zlqZ(9#`$Op)z#0F7~9&;<ePB79HjgDM>=${5^hV&*C<9jtv;BLYuFZ*y1Y~Ag7yg?
zz{7vNyJoDX-4=FW>U6#}SZP7uB5V@-qk-EAz4e9ck2)O|#prCT$vsXEB>FH<f9$Ns
z)#S{tIUzgRa3Xmao2j${@LtkUEX1VcQ7>Vg`3+wSK`2#QCab|mW_!JYs$4d$5(a?}
zR^D+3%&2&@^l`Htx#ZDb)!t7?lV%l<O>E*&#uv{$ILqv%Zs522{C4P)q?=H5kIU9y
z*Fx?=cFL(i)LhZ7!tq3_{u~V40~n`@<Ag?4OIbXJ#zS%AaV;NB5Yy&qp0EVgeuniQ
zi)IU@4~X<eVMYL5Fq~?hNnf4CIO119QhRvT-xCpQYQUdE2czFkyp)Sy>DJxfDd8)l
zQs=H~Qx`8xpQa&s6BK4V`X%=^cLSo7y}c<Y5>S=LKCcEAzoeljd(L^x23l&lOW*!#
z6Y$n?xE1A(z;HJaO-Ok3Bhq2Ur=v4YEgV%cx~tU&o&ajc$E8wv6?86mk=Y5wDcYHk
zYmAJc%D;a7h>p||wG}*}W6efk@=r}fOw@gp)$S#*yqz^nNV6QuEJ(?Hu}Q}8qj0Ak
z4fysQ4F`~FkSr-(LOmLmvsu>HKlElk@MaF^znP0L<r#LJ{W6_Bsini8Uf8DF!xJc5
zM;1Ik^MkuP^vH<myUP9W_^c<ixVx|06e`gQgwgVlZo=|-8tgqSACWtMOFCAt$4OYe
zsW*Ck;8Y86l2?m^d#WPYfQO2%?bnz2p13HvMz<PmoR3!3|IyWd;DNZ-GeO4@Lh~>X
zPe*B%d+4Aqs+bA*@LbPOIt%Dq5ieEK<MPc!#$o9;H$>H7YU$Xw+E<M5F|m^dwTJV4
z%$89<xT~rQCFb`sO~$XVwz(vq4k5kH0UbQLHI&YZHu}&z)u-=Ql&;!2;PyQ-q)yuR
z{-_*j)IXZEw?83`O8I+`xwte~-`76hix`T*cr_aKga~qbMiDyEJ&b#nl-R#4mOh4p
zjxg<DpTvNl#bDdFCf|56<|MCQ-AMkDXH0z)zca8lPTJWAJm5$@Axlu9LoyFc4&PO4
zPMT0Oj!9d7S7-$8;c{oA@huMz#+}CZ!z&uQV-F$Zw(Xrwu9;f9cfwx(!955L+qHVX
z0s@@zmt*hLE}opn>32Q?Zs+1>pKB}V6T=0f_ffA1t;{z6$SH+rkvI#oz^I{=kIlYK
zXI+F4&0v(7Kz$i3*1EFcT(iGF<u*7~(bITLLQKBYXgfx{7L;!hY{h8@_uRo9Ux)uU
zG*(;O;DG+4t@xmV&?AAey{!nLkaVnR=da_v=fu*dc<14<I>9}Ai*zZ7ohjYGlsLMb
z($eu)tt^u>o{4+33f-mW7Cq|=n3c5B5Ob<YP#X8?aOcPNkLN4M-+V<H?hgaU8<z41
z?B*c>l)9mtu@&{8$wS2L%UdrUWzOq=*LRYWd9tEZs4)e9XOxfo*OOR2qj|^54e{3(
zM;haFZ9|y*8HD*CKhSer+|>taFmrF&gC?UopLj#6dv0&+AOTRN>fY6f6cqJUZ^R3R
zf2wCGH9Z^)xq75Gb259Qtq;~QB}TiuM5gm2&hyE(UCxW0DE`oAGEV4JwzMAj@0$g^
zG9fJjC6CAYAKjiP_@G?f9aAq;VcvS|-+EcIeFW@l8JG}fck-gHC*3#oV$${#Q|R8m
z-uU-u_SY<M<>&T%3IsKJr2Bk$fm8^>O79)>3R`fJBc%;{j3Sg03hCeQC9BI?^S^Rh
zH@J2%(lc!r<7eDgHU%o16=e1Y0&gl(?@WwQjh_GiweS;C7|z8T5)v=e+TG!}{I)`c
z290DjA*bcKL@wzpDIl)(bk5`~mthk+TrE2Fkz;Pu&M{8SUeCZlfG7d-f^jCkI(s6%
z4!BBMvNcAqB4O86_(Ybm?BAzW(OGQ0c>(tX#gAc$oJ$}mW$J)G13Fn_vZAMFM3nau
zMtN57a6m=DQgVXY@{Y>*oC<(;k!}FLckEX$Vp;Pd0PZ!~#h9G#_6O;RJy&k&hZ>cU
z`P848vT{IiKzRla)Aglr8D>D{qN!O&tz?i8O9R>PTMUxT2r?14OClf~mv%%el7wJg
z2SLVo?*a;WFY&%dDJeePQza9NQ<!H?3uJP3`QjpEzZl}I6qiJN4}QiH2{>VDa+*WU
zp^u({uaf1%wbMz0+uPeC$b6b4%$p!hlyBF>HbG0OMc0ze2V|*x#fhSQsKE-x>IMuQ
zDS5zEX|Z;<NOl~bls`S6yA)&WqJ)Ex;%Vd$*p9cT9j|m8XG0d0OSdkwMW?`ErOv+Q
z%U6AT9&_D7LGvIYN9y+yz$hE5rJCK6;Mio2&XEt{jsin{;}dGi{-K)?%z1f>%s$56
zl}fQ97M9+)3?d<NS~yP`#7u_~&23r2@>G%1C*Rq33j*7<w)$kt2YxNO;IkvOcuT+G
zl=0^L);wq<tY?uwIb{bi0%H()Wq#znQt}|O<wSI*gcZAX&6z$c+?uO)2)#&eYJf1*
zg))8v0Xa!UNwL5^8W}&c{p`N`h3+?9)!=gD)Pw@yOOyvf?blj1bQj-nt7If^*Mqvl
z(R!ByaY2koP8IXRoh_V-$Be#^3$PGQj`0Rp94c;IL9eRnE5oZs9+NTlKZb|ut6SKI
zoxykQfEaH`t%-HP^JtIGAOUEYbY*fP5hY3#{MvafWnMRCosjSHziCiL<k&e7AZCtQ
z*<o-f{S;Q6)Q>J<>%h&~+oh(_59Kk+BV}1sfT`TGpn5A9Zw6bF+e9gtgXCYt=@Vw6
z=jBC&8e^Gqoc^Od@g6i8wYD#_SVq*mQ8jAMLld-4(=$HNa(9z9gBN^1qAsCc@+YEa
zQTQmd^Dzidf57%uHuD<T8GpH*15(B;qyOSIzG5euteZS7G3!p57)rwU<Yu{<y2)T(
zstxSqG&(fd!FhlaKp<2vVd>N{;r{2PkgzQQ;UR70e&Blt^x7mN7PYL2gAb$1qv!{e
z<$VbYCF<fwkJrPT=k1>M+siYINnp6FF<jVjt)Z?**f9hN?Lm1*-G$cNkqZog+YDBw
zfAM+4*K0qzLkBugKYpxf4M4-A?)?iV`M-1-4pN=nmN<vjC5R}u8Eus#W&6!rnPo2K
z{G1!URQcb(-js3xFI9U0+sUs!f6*YB_1_*Y+fh4Oj7W6Lm!}V%Yp-}`yXKU1_9=FQ
z5m!OXq$~$6U^DCjuj1Xp|IKXi-cSy&AZZDy4o?6A7_I1%Wi#+M@G@P9AOb`0tRnyT
zs@?g~T1NMe<A0oaWMS}OskG5SkIGuDJj~xo!*NSun~GjB4Kwf_bi|{YC!39m{q+4N
zK9`)zxe<z_-{Cc#i>hq<kSSgt=$Qe#aT{3bNA_l$p&K>CKPNja$b;-Wx@*Qr&6P|C
zVUn;n#KIGThh+^7tBOXE&~W<Xj1d7!x$yA4YALuvX>@n&7H11^0H`gX1d3tPh3^_#
zJs7E<;+>q*wN*>8qIk0fz*uRd2JqB!0k!>xz&zn2F&Jq}?yDz?_i;nu#A#6_H=uU(
zQt0O@Nfy1N5Y12U_XIxr$Z>}+)e`=5ZIW1D8y*R>+A;&45)cOgwQ}!5x0e`~23LZ~
zn|=js;!-Cr#4I;=>t#R!^5XAbNf$PHH#UFMNUwPABQV)~SaR-m(4rE1Gfvs2qvX`v
zm-#uUYxdsj?MtQc2Ac1~N%3r2MusS@wW}$pCav{j%X4iH=xRH(;;Ga7XP^-F$>P0@
zU(}sCSv)eLHfdXHtH{$ci&-`oj}?jH@0seezO6|_^Eu=GD@OwKy`;sH%P**kEpC><
zSn*1I3w7Aah<ws2Q`n5(rJnM`u|y0g<jjXS$ieYVF!o8Q#$-lqE?v}Flf1zMuI+^D
z&#OU;IumB5g>GsGsWye%1BD)4V?1nX9$Ms=(;-Jaof!W9hmUXfRRFauM<%hq17~xz
zWd(bKQQkHqr6deH*d9=o1Q!6j5~JX<8My6x_SHDg3f1LFyyxzax~Y{Fij0g5uWwVG
z&+F?YFeo`W+4pnx<G|hhMMpn#$)db(9O%;QJz3@B&JAYk=i1i1Th}161=SKALL&3T
zHVzu~V!dD?e!s+V>3{u@JU|mf`%SoSNhrMja0VZhdNDd5&FP773EH1hv_3O^CFZzX
zAnWCzLHG&*u2yR*7gp5pRu~|Wb|c8xtZ{E97wHQ$aR^L*V5T01`4|!^z4M5wNUcS~
zikI(QO;wr}oIPTcUP8e=R5a@AXt~-{!2kmAzC*Di@rvl4UlKHGV&G1BvT|UPg>kB_
z{9kU$dgK}QG4gXb2rW*1@MU*Pb-{0woKdV(aKriZ24j92ckkynA0lHD2cqA#G7<2<
z^Resk6@L60_z$dQru973P2)l}*%Cps1@e8CAewB$CR5_;3D1?fnq+7LcO7!e+=^J+
zlJX%xz<8Ayr4ZIn?!gIR<Joy6Hvb0YEvEIi1b#M@DLrNc4(=yzt&UQ(#}WZ#y)<a7
zIL&ticW`p-#bLp{yWs;f6I;Ij-o@YqI|*x$b0gII2s>cnY+X*zCQ^*siwh%VL~5U4
zS_B7;AFWs+|IQ$iM%D$=L`=x(>S@Q~9R?+vu-w70Yz}*HDEO_hGS!xmENA0)rlv0Y
zqP2}i!MVEed}qeEpauUEP3vx6z9%t5{p&Dxx<@@RKiN>{cZ~+3L1<`tUA{S}EG2@6
zE84nAxvMf4*ZC%(>unPq*ArSJfMRFheZ#;b6BWXt?8hn+G=ZMk2abiFpVH(BbU`1V
ze_rza;%8@hyF&|CTastY7tyP<iS6}!%=CPQL?RgDJ#vMy3@_P6Fr$iQr>|1?eXygn
z8_~8N6gJ7zpDAG<63bx~V54+`I{)}V5i?BE47REilup>jWd5iIVry;lMJB^h`{%%Z
z&%@uSQliVl8E8V1mdqjrDcz4DiV;mvD>HtnuT`uc*cnDBu;XLEr%Avu&mVwKHXQSw
z(6^hWTg~n)4r_nH$jaN}{>M6WEkmwqdt@6s*eY7B#&zl4>qI32@6fF$35VEpn0(n8
zqZzYVS-f86+2B^zTj{wlkF#Y8{eDT)7J?Cpw*6cnc_w@O^!XTqaT5lg<rRG_(V?Za
z{dy}#Rk~^#cYen3ej7<ft#@}{P9z$KBF>Dz)XTdn>|C60lVj_R5cab*A9ed@1$eU6
zZ4zUm&{^{;Zluzn8}Ij%HMIjc6!^D&OXFLrNgBE&aGZ^2^4#fS3qxiY&z?z30{B_v
zzkvm@8y0qeyr3Sm*4D;|ZqJ|m3YRgsAW*aq)GTEUj>OsH3O=sFx?H3+s4qW_60HK?
z|3cXi51{6DPUT;Ag&d2)bi`m<1u)9<4(anL*{v6wS#(=bkiARU5r(+6hIy5v(5mOq
zgOhn?tmoG8UtB4$kW;$+Fr4u+H*yD>!Ka6#_&u(O2lw~HL(OHwbWTyM+`_m^8pQ`D
z<&Yg$9e62VH=sMk`*|HMm;oGqgo*TWloDdPfqneO3?=-n;!oLU>fGaaKSo%MIznXF
zdR4DqmA0SQoGKAOZ*Aqsg3@YEhs`0Uh*vKGE;d6ho-CY{C6E9`L+aa(U(G-0q#TFA
zepf-)-<pwz%!8Irh+0gi7s4s6)cjir=F5*J`lXD!vG^Ov-4=*W8UkyLf4&5~*RUa9
zk^?-E4!m>_Lg3OtI`o9MhfuKlduq|DHd5BKFVxmHHh3mDR70F!BL0rjk=$bs#S<MA
zoVY4@_B81F)UjD0zhj)+?qK}=DzwiTW4hAO&yaYIfN{0td5qx8Cw<z2#pklueXu$*
z0>|FBj6}eTKnwKWvXf5Lv*1eKG@Anox&iC{lz`uU0wfNqe><IOs`|5Ah)j2dAY-{3
zgyproi_TaDu$wPe*V$WXDfT#YbcW~9B{-f|PLo&U;UOmumjn}&v_=bR!xa&5F?wjO
zoAe~?cAAt`s{|WgYpF<?XhjZozocUuN~N!i-+GTuw(0JUj87STAb>eX0WiK<o#NoF
zDkvqJO;~M6X2HAM2=<s6HPL;<G&T7Mc+xafw!Ze&0vKbIQ}BY8Ae7k!PF5`GSKlp2
zxgUeu9x9z|ox26shw#ph`RSG^QAj@pc{2z~VH*#9vC7{p+nT}7s8(r+X)R44C5eK`
z(F-3TGOc%2MRBldEL0eSH1iQX&ZC$;9Z-fM;7vcjVnklAbZl~$Aub%~D*ZRjh?LaM
z5l%(A@D&}K#0NoS0bVXBD!(?E&rdQ`q;YxWZh`$nKh$tyj;pB#|D#$04dpmeo*@#$
zH4JI&MwIMJ&e+0JHKspHtOp%_l#r5wA{@f@_5fcE14W6XQidm6NSmI(95-VJmjcdg
zDT+kAnj_!6pGq(F#jfMiWh&_b#+`xYS5a6vB)XH}fjothZzH38#1ZejxuIROv{~YV
zvr#}>##puC1V*BC^Ir}8Ul#vaO%Pk!HGZ*Dj*Jf8J7Tp|iTL4yj4p-KUKllAS;|X_
z-pUD;g8?!zo40j*`LnWCNZ$d%NYZa&{X!qbcl8@O)(&N!+IoE88sFoA0Ml=~Wh8(%
z)}SOL@8&E|%ow$anLBgN24|G=v3*)|`lia&gpDyiPS>E+tVsDW`7;$EDdT|~GER6#
zXsX>vi%P2Erx=V%0ns<;h>P)|aQ^>$Ewm60)Zf=~<82(G<;gK)QpGJJ522&(a5G90
zqQ@lvoN%s}DNSrvbKm}5N@C)P;LWy>3y;#Njwg!NUKxX`%~M$-YNLV%*JNV6;+j`O
zyL5@@iHa>z6Ai7+iL+qcrHY$7^uT1-j=Y#`j?Taw1e=5JA!JXq^oNUk0fN)4oFCBW
zAV`y?(1CvU*HI1F_PK_)e{9C5$!dpt?;Mk*M>HOdrROy7P{`$ErrB2a`_2yw%^JCQ
zy^Sg)-+LU62{C%@;jtU0=HC!KR>jp~-zW2@^h5vlnYm%ZL$v)*nkc+^74)P_C0t#v
z@o8u#g^3ZJHh!q4H6d|}_HuA>(fkY$N^eljs<ih>e{aK$)#0{}32yQ)XEHv<*)rAm
zs1lCBC~Qlt+wl>F{K|6?RhJLdyST)%w{;u%ZN%ARiqM)9KPWM6iUH}Wf{4;C1^Mck
zDpiK+c&`kezmq_XaH&xZh3`Ood~=vGm76jJd;+JXxBO9~EoXS+xH-ox**2Uu{kIJV
zmRz)bW1k89Dk>)PcrBn$+xASilv{IaQha`RbIK2V`>;6_AZ6jW2K(z^3w_3CwJ?i4
zzzOGDG&X-~cfSJ!;&q}d7<d81EE@uT^5*WUXp6!2_akb<Fs?oqNF}w=uktJ^$h=1T
zg7rHs*_M}=>yQkSnN?m%n~f%<%bkPL^jg|${_D=`NpCL>UxDU9y6}GfQtcHN&XLkf
z@?$@6Wfji^t^a?)Ayhaq9wO|4;C<X4$O+dW0(iQiYS_kjxo;z)EdmQaJD2zByI~u_
zZ{V@NOQ4Zz7D}tmwO%a$jq&=cFmawE8j#Lv8FAB{E1H)$N1a?_jNle%sy&A9sa3RY
zEkqBfTOehg1FmzHO3_VNoS49-cI~z`H=n?5KU=RSf~VW`WhR}bF8{Wf%0l68_4>fg
z$44+JF~p}z>On_GhsUA2cTV+tmh9*2ZooTU0q#Na&I={1ExaAy>zRuG^Tie$=4M=k
zMU1ktpT%_>0Vaq16Fqy{RbSxH)^i*9-J4m{P0dMXYCm^IJ!lT#69@XU5M?IGC-T#l
zmy4dAKUddA)L#g}s6?^w*W3JDs@12Twt1|5MnwfXxL55ia7}c~BKV4NWz>IpXHazn
zODT?828K7$<I*Qv7Wcte%ns6r*1y9U&8jGc8k7e9I|6q*M<?r5-TjfZ9A@0<&CNE^
z-;c>&xWeO>uR$vl@@vplxde6u7Ypc!;C<=rYqgtG6!A6%=5YMEuR+`FQruy#Zgj{Q
z0IlJ>S-v0GXrrg9jhB9Dg&brOfD9U$14o#7ljSWNTsKx1Tn;Aes&)4M^l4FOhzO6F
ze_)4qzKCww`e~CjGHS@9-sT)!n(i}-RoKPnUeW@Au~J}c&hsz@V%L=uD2yM@w^X}5
zx>5Q2tbh_ZRH+XPC($TD*1wCh>mr!r7=db6jOZerXm2i%%arW8azm=PQWLuNeGc5o
zCA@<cJyaOsmsbMHA$khGumb*P)*o4hwd}J41)SO^^bRjd8zSfkRLIO^I*50yDDd^2
zpRH<+&>ie6LZpeR4gb7NUgXN1F*9p(!7PJ+a+P+n|HC9ijsCmBo+F#bUN<l%V)6}r
zlo?v+pO)$H-4BZlo7mMbdR28k;L^51lgWZ~aTN~86-qQlk>BvGCnh72vj;$561FOb
z^<3=P{SPB#oCeMmuuTR`{h;BS=;XjG3qK#rz!yB{p3gyKwc@3f>$iu;p4q^CtI+Hv
z2CsbpPn*a+uV@fiak)tkLWB1`ig<@ZLb1qYGE1L}DJ)O~2+a~nf5rjSI;0-;1BTQE
zNrie<u|Jtt>27^A-^B~|jaZS-w6pD&$*x8@mu!0`D*nO`8+C*lz>E3+=JYt7&b*CJ
z!ClYuCnW#wc7va~2++iB3RjHiOl<G>m+<`+o(?LHw(!m6a(jaZ5%uDvtO6#0KKkIV
z#Bfg7>!WTP)Byi{S{XH9nB@LR%Mf7v--(C6-+%buj)sB|lo<ZM7&oy#Li7DqhBREe
zUXZ;>7GIFkOqQPCP4jejM*?{2!K>hQ#LlMFQra4<(6p9l8tl_EyeZ)oG`0Eh{YMmx
zs~yihkJPzbUth6*{Ejbb)+Kxx^|*}P&tKn1F1~)LUXzAFbL*bOy%5c=@uCIE6PvBM
z3(#>B##Hay5sTc|#d!erSvT&_@Wg^tEy(H)<||}$|I;kchr(ljw?m|g=?Mq>|JCCl
zP_lk=AuBIyMe0OXkh1+JJz8!DwZ%yI*B#*Zy~FG;>T;coNH9DQOwV>k)-+hZ)rBET
z#5Kz%(GYHIh!;Hakx{sfLHSeAJNWtQbi2j8N}A3liK1#0`iAj+K3DOFtRR1Vina~F
zn`A24d7(n+4z{QDg(6rTW*83$_7`E)5~#bi!~UZK>6>jsOiy)JnzQ**L1_FQh`aO)
zH*9`nodQEA<7S&e&>J1@_Z6{E&m7IHo+<l$v(G?;z&`MTkME-Tr)gc-dy_aQ%{y4@
zPyScL)TS-+43>_Vj4?IhPuJzweE5Ol0RGSLq&3V!9R6uk^%0Ko-r|(LAm>kZ7N17W
zk-3OCPnF1sV&VPCq_2mvJCcE+<S2QuwWOvAl|-?+dVZ${my4n)FJHO7s7Oe;&qD!x
z9gg7A<c5YxQ87Yc_T;ccgODg0v_{}#VmbRY?-x4Smhgy6^Cwk@@4WT=+1X26;`HN7
z9y`XCS8gF5miA&TNAF|3>oIz=$UDoxrMf~Z&I2ezQtdGZFz(3EyjEUs_+ZDBhe;g@
zeeD1S{nPq=#+?#}Wa!}tpZSupPq?K3G&xHn^VDO{O^6-r_kI24{ON0c(ss8FUpkg}
z_(3<*xqJd~67erO@H49mIYy!{-o(A`QhzITMF$qgQt^+m{-7Jk5cdTPzGsliNUM5W
zpk&rvhhVutTJlHGzoDrQCHp86eZcHMN=pmiOcXE81mDqZ!cq}CJp!PeH0@J8cg=kt
zs|-Z>922v=E>ZjL?RDEmk}8Xf-_FbB={A2`=v!IA7)y0Wc6S%h`Ax=S+~1FK3+fAf
zt>C?ZADWeur&>T~nSvu~ys10E&EY^+g$GoAKY7j*n!E;nR0nvo*}*xVOh$uC@wo#5
z2wL8;r-|k7*g!A<m&>4xUmbeZXEgNr!mye02g<rBb`z)EVtn@joGFh+1nJD*0$pFR
z=1k^yHC+EIuTWEf_wk~^Gin`mZ?p<$)pcnr0RBT@F6XCWfj3}}1s1qKd6BLa4F6p|
zf!Fuy@Pz8OCH?hl3_I4gPtM_k(x%>3OcFfU#!1+s>w9D%g<m|~uvQ!qz0AhXg-M^c
z$NrWkq~rvc=IpFKeKEa;pW;~^pxa5hkRP`}M@eg6C~B{}q4;$4>B4Kk(QGl6YP<U|
z?s9j4y>SDH9VKo;lv*Hy(uGwm)i?&p6DJYvU{``X8;UL4<n%s|6CA_~1V+(C)j)I&
zQUCA7K@DtU=b0W#AqbQU1Lun~BN}PSJZ@eM-rp`6B!%K&xWM#hR4RL4V`<{m_!vpT
z@86$~3W&Xe$k;5m0tM$<{oCZ<1qKH427-|V9nCP{K6AXjcdXtw@_8+A6Lef||7ifD
z;3Y9F?bHMh;U~4TO`k)WC-5y#It4spmgle6ma>Lo)Ew!L+@5f(0*8QK<s6`jy4&)W
zmC`Rp{?Ot+z?GY2MWjNqMOzy<kp8nzw3Ho|(}#2F>=aZvpj4Tr0)%~v_fH3aI_Xt9
zYpI3ATWlqyhIlP&N0jvqX$ja<r4ZVWNl%1C#Jp4P=h5Q4_4AU9>y!4qL9t43KsD*7
ze07sLPLr@y65ks-@1|WFh5a$Bi+}Y*{4{|h1?J}FW;aFG|KQdKPa>y+S`H4>6FEZJ
znqMjpryWCw0avqArU!7r>f{TaC40cn-eN{6U~SE&p*rUY7KjA$#Nfnf_pmZ{pDA64
z7pCPX>L{255<}?hekFKEHZHxlA?|XPMklnIYalJ-;G&s*_jm~3zIbXn$Ns**kwFgM
z()znV13Y9VY}iT-Q`q9M)_&~ki#I!nIc__c5ei;f+x<suK=%uBuUcfQ`&#jq$la1T
zaeZ(wfPVj2?%+`Beugtu=lPrMCKt^|HD?@HcM>;1=U5C;;ww4`Uq5JRBH7gP8v?an
z|M=u-Gh7b|zXF23=5kt3eu&2kzs1_p$>=6-sV;^?Nb@~<q!-h8(&2}iJ)e6Rw8BWf
z1|t5dG3FFIn_zBj(GpMp#1fPy3t>a}kg?Jc>bT!t<v5BSq7s=BV$=GuRTASz5pI(9
z3pjOTdcV-VP!kr^X7P4N(CfRgmrK<KZD)JDwK6Tu6Gccol>1{&VQ$MixFp-q@XZ8P
zlNAV1JHYY|G&Y@UuUaBxSPu2>gP*Mwr@C5cqSzAKg6oS7KVIM_HFw+&M?eQWN(6h=
z>j>ack+u$xB{RK;K@(CY5sWD)GI%{Ac+>D%uCB@eb2bx}GVo5(d=foy3X~e0`L(d;
zYiVNd%nEAB)cIgP)~tNt3j)#<NS>s0K(VjpvSj<|_N!dCB<7(8C5ko5o+tG0A&iHA
zcKb4tQ821eo~Y<O^OW^=12bjgUOev5^Wo>o=Tfc*2zOy=1K16l9S+D)BHEzrHNz)7
z7!+(}YU$8_&|?_|hA*weD5tA=bW1r?FbzvsaPI$^+TY&H*mdz4SBxA%;e&B$2c`A@
z*Ds{8wgx%FbyeGdTAS${c&P2J;McWoIi;tozulajd1`{}`oRCLLQFsK_A77|PA>~V
zUEqmijp)k)z@Lh+aYso0+S9S=`B6ytuDRK8RV3x}F;(|-DPnXpHB$TRV~b*#K7tP%
z?ti{VxnhU&%-lUSx6U~x{sBY?#!Df&{p*g0gOel4J*)`EIF;?aM@~2ySqS+vyt}yq
zl>AH8XUIgGP80q6i<hZ2J-6WY6Ad|2Z1Q)3gx-Ew_M~#Cc>Qu?6mFw}{l1SrbYfl?
z{ryWd`Z&Y!baNlH))7UdPd?kSgI#1XX(ytqR1m(Z+`2zIOR0yigcl0Qe{T>Bd3%Yz
z)#DdRXtrT>ELk)ABE&urRNxJa+W*%Kiy8<0pO%D~65f^k-y;C3EvS(PRhHuaV(cxW
z;%c^bQCxyckf1?=ySqd10Kq*#Ah^4`ThQPTTpADVL4t=s<23H>ei!e~zUS<F_IJh|
zWBusSW3BG0xvHi<^C{C<t=26+DHx!x+l~yyl6bz@TxWlGK^Ptp5el@W5&mBO^(!(T
z0^pviop)7%odYnAg#aYhbqhN?7PGB(EQ@Upu*Af~xf+%86F?n`JY#92(RvQ%SxuMM
z91H%&1j>Dgfd|x8{ksWD?p=~WyJum|iA^+0(X{uY7Ccs7HzpAdwV^gL5|af2=u7*z
zKu{~}yqO;w8OsVh$Uq(oVd+6=^(!7%dXXQ$J$&p6a<YX!U6<8v@nKhC1$E!M;%>+a
zC-mow0RE~lC{_UyT!i5(!-PK|5D^Xz&du(2GU`XU;|vFrkWux*%?0-vgw8ye3G#Ok
z#>J-<(?Th^v({Fxt{dd9C;D2UAt3EXk=N^Qi|LAxY%+qpgJ?LIUIS4u9bJYkDsYA=
z6lh+5IpED9KS!4SaxFBEy^_VwIF6zo_XxWK-4D@H=b$K-YHY9BSnaQzd!V@*fj<Yd
ztRkC;5Er0G74HBklJ?kx&XQ3MsI9WiwF%G^YQOUlvpeDS)Ch4kMD`mt{*fTIdc6pp
z(ibd4^Lt3Y-Sc${%dm*OVtdy75ua!zln#w~{Uj^3R)>S#iLbff@RQN_rwC-3R~5IX
z6!s@JqibX&H^>3xb5Jli!?hDeeTIVwrsDtz!~jj&8crUc<@3|w!*!1|uYBeJ8FMFp
z5Z<^_Z9??MhQh|Fv-32(QIgstT1R)ISwO~-Z5He*KBqE(3J08_sD<&zTj-q=!TGAj
z?8^_J&gz}CE;W0nhOKwP<K<CL$$QGkqLCx`*lI-0Cn&m*qnYM5x<m$^g7g5<&N_he
zeJxVew}w1Bt26XfrLdV8Tu<G#ZRj%*$A`6McstmDsk1!*>jPAf(czMY6`}(<oI+|8
z^e`SD?|eCP;H6gh^NruVHiiBAZ!Q20K-1~}OVf>KpOe5;>xnHO@TDq)%X17#2x1kc
zH;y3P0aBKTh`e1<YXfmaC@K~jItM^&2P!NgGEpXtGP$U=%hkPprjq8f9}pYOi+uSb
z{XSaxYe{}l4kGHC<?Ij=0bD3uZiD!~@|B5iFuM=hA9002P?r`l_nBLES<;Fc0mCd0
z4S1vm6N~<8{C>YN-!qZ_c!8y=HQG!Kh<heF!%Cy##={P}<?!NE{NiJq3SKZ*_)t#L
zRp6>`aWzDa=X>78jKo{5oA{3AQAM0*MQ38|9Ha&0RO-I7re`e9gFZeBy&L_!H8+*G
z*1g!m2uCV_1a`GCPHYn}fllggh)x|OwfbxZ3%<4v5|Fu)|IQeGYxk1Z-cw#V1gRA>
zCy9MFbL>0t+t)Z+VNFC#9M8xn_1hZDLL6gec7M+e+wq3}AuA%|q#MyEPhudJu>{B-
z%7Mv%9{8It(7ID&!#BM={teJ=C4YJd{P^R#kNxm@+!GQ)p;qk*W4c>`G|PN`gf0!I
zi~PH29%TY_kb@9V#{F>w<<fF(Dh8m90%Y*VBMZcK?`2feMigz=!+4{BE`gBdr>;$~
z%hTw26vz&{%c@(ZGB2?JEx7MpcS(cHzqKeCXDNaZk%oz56~7}1`ZDTFe6tH02ElwD
zGYSA<qto{TK-*{mY(`rZbC9jADi?*X!xF}8HSYT}Ox0dsB^%j>Q2eV0V-0hfl23N8
z;?_Bg*GPAN<Y>H=!jgkll{;tIIYK?+eutTL1`}!r)+;F4w1mN#=jDh18%6{P1<+CK
zLMP3z&@t{8(Judg@u5Mf|8DL>K--XoE!TLAMS1g?^~>)*LACU)QX>_LZx1*SdRS!-
zbb^x*TIuD5S~CU$j?bu3ZC=;R`KRrhIG=WU!!V3zD$<c2A``wlI6L=oD<UW>E6X<B
zq17BJWN^PW8~zYSKj8)2C2!E~0qx!%(#8B~hdzW6C&Jy40Z#cjGOIlZr>RBVNG$FM
zQOr^<k+((i7Ud0uE7!(m=R-O6)b4ZaN?<#<Hb;uiTL})5k749kFhkmnVN4fOt?CcH
zaeEW!M~$!XRQs5^YHCDqex4(H%!SbTO6kCLbV#@QUarwwFs7qwWmFeRNlEFT?=n9G
zg`Ad_6`XH{t`iIu@yjA~oeS2EIt)(sEUA2&*wULK(>l7t1N*2VojF3&a~;5^BcKu^
z#l|XG2=BasF-t9ptO!0xH0f6|LVXP+!~#To4GSaJNjtg$E3rui(WsQtExC{F>TotW
zMsM<QXVEO*n+M8@qBQqILpC4imLQfq)||W=Rlk0T+zyP7prW>R=co?)&%xsx?FKV8
zFG3jr*c$Qn?4B>jUd3_Uo0S<_9htswE{+h@-|(1!wg~TL+*|dLb?mG<4%Bpl_IGxA
zRzl+U)xrij2NjRT+jY<UOn!XCa%bS)i1_Y(iVTU*&|JN+gg&5<{qB0c=`S_`R44FS
z+{Q_7wsS@;=`NhCtc_7d-;o%h>PK{22-}8iE&i&=MC2r`i%}<V+J;-y<4{#?mKbgP
zP`3hucXhn4d2(>)`~DS%qy`s?edRNH5*>q}mmE3bN!g6mEBUbZ*i9{#NK}GtjC3n?
z!#t2!at_Bh^ygP^X}%X(Il*YDWCOenmOfXMN#!%qwRz0KVSNyyk(?=IrOT*piPCY>
z?hvwI*YIJr7c?jSaL<d@#&jR<8TxwpoM9y+t{RS;B+6*eK{je41+=pV>F!IPTXI&l
z>=>3l^^NZwU3p;oGP{KeF*hYd5Z0&pW<EZ)Daf0?qn(=gSUMY_m?Vuz{PPNBg<4Qi
z<=41bZh2uH4d=}j%SAhUjhJ~?<0l(ddK2W9G^G*c=hDYpcDO|3<CZSJ&*B?}B%f-i
zij>HXbP<3?!IVA#5!b}3zh$^4<-@MnZnr|}kkEXGi2f$fKU>=RL8tLTrpfp58<ldW
z?_-|!IUb|62r0WN&pn&*nyG!>DdJqZ@2wg9VzZNOV$K=%6lb$8k6q8&&lUMK07_9H
z6W4R+Vnubj5=~Ibzf%tsJB`M(^%LC-dF~dC$R5x-tSr4)6MS!M@daCQI)nIHHnvd>
zKJKpi@EG5(q*Bq}ezLGCQ3J7~EIe#$^Lj|$XD&mJ@+)U?!!k0CXx{<#(eB8cRQX?O
zokL%q-eoUP38ICyqrko6b|947R+ifq@qSWf$GQm@eg6qu{|r?E(Tsy1BKc&&XGD+$
zVkU;-zu!K_^xn+pZSDIwTRP3~_M+(Gm;tZ?VgT4bsS$V?3w}a)#Pnt$mC4NXt+5S$
za}r-8o*O4up}p<0k0NWrj;F_$Cy+(DY`yJrfc*o{&>P;C%d*B3;|0<=XpoTsw2}BU
z=5(dY`|6?h_q)4e>WkGKtCC0wJw=mppnH3JzsJ3CdgSMIq`JS4oUt(<`xayc8_U@7
zZxevw#d$y@vW@{Xpd&-5pBCs#PGug(c<;B#Zl1;wK5Uyk26T$NhwiIVB>!|2E)~^}
z$S*2wdz_yhkBK!_Fqgdje7)jF806^-CIcXvpN#uj2KNDwX3jl|)nfp70Ms(l>0xl%
zPy%IO;>8(!m)+wz&=*4kd75&s(W>?BczS$uKYr1vY?Ws8Q2oVaN45CXaO>^?$*hxl
z%adLb6o}b{zSq1m_|&sEeWCg=-}x{m7!Q;)42bU^wB@3NHbB=>UB`e@Q&YqGx!$>5
zo>>UvrMz7QD6wro_jZShfX_<=^`kyLoz!%qIhWeP{&{|P93z<vmXD}7zR?kjd&A8b
z4W%kW_8y~}7XCfm=(8e<m&Jy0_lB;s;H#=&*=u8&hT1SsTk(fQO666J4JX<Azb2z(
zIY$rgKPX_jAZAei;vgyzgZ22`l|-l3JzW0gK!zh6$hQxvWk0;LTxev{9c*%A2@j}o
z9A-gqe+1a{t-A|hRYNi|P*94KM3|V+m<^izi{jy25u4c~EYE?%StR;FEk;(l8i`bI
z-$IXNi4+^(sU(&_*+nt{6vi5Gxocy%-F~*D$+I@@7ObY<&6P2y5*osUqlbVdgzLy`
zBV7$6JdZb|FtQQIsJRxl#>hvn>4VsqmD+pM^u^q4Ei(5$!KB9L1R}Vrv)Exwd2+!5
zHIwf1RFE+^`QCnA7FX*Vp#+#e`$O+&z?Zx3I`_2d)!@(>AcytMy}9RyK2fz}PNz5g
zJxC-__dU;HWQD<{U{*K&e(@8)P6Q?k8NB(3MtJdhqQS~-XRaKdftj5G=JQx)0)tTf
zbr?=pvw>F%4HG|Zeicc`M!aa_uJ!sZB085Y`JlL#kx$b-K9YcRM$?_k79QTo)xt59
zjcEUXJU$oD6g>J=HI^+zsY|y4VS{Qr!#K&0A(@A~y~h61cT6k-XZ)k8M(Vv6XXVC1
z9#PUY7M>BUq8L=$AY7gy*sa9fJ@)u&A?$j!e?)?{+o7viQD)H_8?TsFm<KpPv9{ag
z4O;>m!|#ZBB+ga>GEzBhb>_QCA@|60sG~kqwA~?Od#4rKa9?k-k>U9Olfp6u1f88i
zv=gAaz{tZ`kfAjaKhI?jV!3$DQSuRl#lXOKM`xR>ADR{~6CE)=IYqQ+1%^h^HO_qd
z8UB;j;LtQ^#lOZax##ERpFf;w>>e-^dIjW}PD{3s^Cwgd=fNSD6C-7AUNt?#uMPrv
z(fS_l*~BQt=5ClWY<{CpD?t)58gEu{F<sWlzj@)D4MMlkj{P`xV`NEwCJ@s@jsuAk
z>f%>de#9RYxH36rhl$gF0?s~GbN`fz(-rv}2w*l}P&>E}X|HqAPf+vi$a*`=In`Yp
zFqkc%CLGJ2nJ7&x*liKh=8>RQ7cz>v>a4ufHxp#O+?S$K-+}(vlJ9}jB31a@IOk*`
z*(2XA!rK_(o#W@)OESVfe(@1bLmPA9ue-lU!*mZF7og+x7pkjG-Z$>FKr3n#zu$!7
zFAJO~_*azC6=jOgQPTcCBCOgeqXtN$;<6XddT~LgdM?#n+_S&|R6Z(TjPQ(#n_Grt
zLq>(i)&0puOBV;s#g#{);Ou#FWSkY+LlGsH7SR}t&ovZ=or9)~Zl@S5f!fWlARpTK
zybv*`n1AZ)%wQnV(z(jzbT%;pR!WX%R=3^)Imh>k4~LSEj_~Sm1;q_()(~BBO8xRo
zyl98pn$aU>9Sme&Cz96nYX(oIt5+e%$KyTWx0i3&g@rvYFvIg^Q82i%7V0Z2nW9!g
zXny@z9dfL}fo&^6hgn+@jVH9R<(7U|+M;bH;`aozHIj{-m-lw<Ao3BgS$@TCJ{Dl@
zwBx>?MO~xi-MoHd%hgRp1nAc=IhM)VsSiN;(#n)f*o6_(R^LxtAMXuk>8nd3<a4s$
zD{fPb5*HkYVIj*tKWLnfCnc!KHVJuLlPbPAWz*95V~=`;uMREF#8QjY9r1kbiQ6tL
z|96MoS4K`5N_%X!tlvDEg?BM|iJh!JJVO{idf|-)<C+@b3$Xb=O-JF|KQGFLqaY)&
ztGqvFFQ)HV6=qj!cAK;&9_RQuH;2%Xm4R52(X<ia2>9(U;Uv$!DY>x3>T!-K(6FG4
z>3jbUr*pas)ZOrn#qJfc9yi%1Qu&n}ATI;}c#K;#)C03Endbf3s_rq%XM4}hf2!Qr
zV3$GHt|RZThAJ;89dL8K#S^#F3&PLezC7^F?T1D$yaPNSW&wSoRfOZN3N(Y3l_nrd
zA-)d<zYAoEcIVN+jGnKo@JzR^0Zilxq}!*u>$ubPa6zI_4yGyD8E8Y}o^3X1U7pS}
zeIc(i6^VU_7V(DVec^M976F{h)x2s9ZOXwBmP!#xL=h+)j`Yj0!;IA<*<Dh2Hq!<Y
z_QX*)iwAOl&5d>eqsT{atA}o`yJJnBGNfy*d4%Oj<?cy^-#6TBa`TaHO!*1GkA48@
zrrut+qLqn%$t;i5|Iwn}wfKi%P4)NcNu`kku3&_0U=#+0y0IKMP8~iktV`>d3v-KT
zQud4elP~Xgk@0Llgy4P)sHQg>VjN*hM75vR)TUNJbpiG?f_T5Q(}OUoVmhNXC+B&g
z?fa`l`Zw^w+DT9>EcgOx=K=ONRA>v$`)59XY~Tcf_2(w>JbA7{J(Kl6uKoJAMU~@C
zF#q{W{osQm66s84>;{^L3qUOzR<qt;x3N8*6J~hYrRb}tGD6mes#)`e#khCcy@}|O
z_<%7ww<QSq;))^4&(LBQ;eI783kx&-LGCwIArxKVtyObc*G=P?J0lu7&UM@s9CdeZ
z+O|<NC|Dyq1)^y%dyb~;iH>t6C?(H^eR??tQBOKnUS|KlnO4!!Zw<x=vko3|<(!j&
z@aG9<f^Hh{F8<(eT;&ekZNz^{R)+~3N!Kaxvtmc%D05-*?!I6N3JMZ$HmUDa=zsD6
z+VqCOAYt9i*TZF_WbXU)ZGAD`jv-l~`Wm*6mse6a2){=aYbyS!yi(7-=In}czL%9Z
z%#Cxji4{&Pwh@MpE5PAO+*yb9(W3FQ&|cCnuy*Jo8?fyWhVy&<or9eo&8ahEV5Cb`
zh(<YIHd9Zb^IPl3!1*9QC>;6Kq!{j7)dF$IU7W-!wdx!`%>a)(Dir7ewrz)x`|(D;
z<U?`CMFO@(iYvjS6dZgBx5q0Oh*VS)kXJ$=qR}ix)pj$6=81>T<8B=WsDmQj_?{rU
zb6X@P>z<3FH1S-?@gQ5)AHy^VbXKNo;Zh8si%rV$xLd~yg(y%a)l_3o7wsxWMh3&m
zZ{^WNppFh!V9tl<2%7O{n17fEc)VW)b#hxOf;jU%k4uq6u`Z;G&Ig0DGby3)py>wn
z4S;qntv^#hKUgrd4}l3-x6r?fc{R0BLRydD<33*qH4wV1zy(OsH;{!3=Z)9)S&Aqt
zRRo0r8r*^px}qc;2yYZBNpib+h`MG~XE8N##Af<TY%et}MZz26eo@%Z7n+fk<Cm8_
zwz2A8t~k!nv9b>d-*gR6xyH0OK#gv^MdBFNZuuycQkX1iZO_N|sWHFfoSjn2ie3Lg
zIfQOk1c?1jL;v{gSaNdg6gBAMVmUZ4z}cizW)#tG;-gRvvb}$OacA}}^RbFSaG=x7
zM(N9Qo}<tG*w1Tu85{L#d%p8(!659%Q}&&*;RpF$1cB*=;&H@@(mJTb?_PW~165MH
z;oYWvKMFopC_8%4F}_lK8ci2MN&H&)LX;>c!Fr1FfLB*jlftw{OS-Jn>04=?nJDUG
zTfH#*t@~#8cx|mdz2d!BqhW}T0BERRC71aYKmc)3!x})20&KKb>zh2O!>*S^U4c^~
z3q8NNEqh>iwlPHy;L1ROPS>Tkkxl@AUCQjnb>~$BKXNXcO~xO&t(TBw?)(`y7tPg)
zXjhEi5|+>AoF@{;E^(^8rNB|S$^becK-E=1E;ZxnA0;g^lq>n%2a#9kSUk)YK}*a=
zCYNR(ReCqyyufaTYg!~XU|4v*@(+~=j+%i~mF6c*%6Dvh=AUhXJ}<pvb4qkPbzEUd
zQi^y2q8Y|*;EYgoCY?r8F}N8Lj?bn6+FX!JyvrL2ldb6Vy0mm-=C3!Nk9RI7=jSG3
z@ZAvVDtY`)<A<Rc9p8Sk4(LoApq$9Ob1IW%#?Z<Ycns79$}X{N_A#Dr&@b`YC8men
zZ;1n<M3@43nINvz$7DXyWO@erD>;IG#=uDjp110NVx0%I1f<J;F_5eR;{@bYdq2Nc
z=l7`~JMXa`Q8ZTRoH4Re2}P8xa)hFhJF$gjfeX6@Sfin<FW2;6s1Q|2mvE`OqV~v^
z=g7Wkeyz%y%JYHQ`3kTO(fz617<rhV2RT3LM?9q&S&DQ%*L)iy!^3-}R;-{AHSMe0
z3&xj@dDDvx9KZ?dt9KT3)yK{z#pXxO#;;lDAGbfZJ^RdU7#C&(J@iJE;iVj@4CAxh
zg*Wdt<o82W5W2HN;LT5eD`ythyONw#%|FM=%whjQZwloOpd$at>I2AvY%bA~O*aRJ
z-%Gue;~r;USpmM(Mw^w$+=?iVU+)l4eyR2I(5e7zrPC$)7>Z<a%6}}>_OmiHApn|`
zv8DQ4rLgb!=D`|5qw6LW1@^F(<SY*7XbE3lG8H2<4*;nMx4m=KQpo0#Br7}SsX}*6
znakh+ok%`ZPSBFuCv$IAEDBFpsoVS09V16AS}7xtOU%M*rw=Naj)xi~-qF3yx}mT<
z7{+MGc}QjYFd*vbc6r|fAjWbrHoLmWXItHP7Mn?O8zfPFlzpgK8Zg?PLK<C@#TVGw
z@Vbau$MiPhGVOn@L{$HZ9w(u_n-asm48W3n^S<C4_ILs{ob2=vrmNNlJ*@bUDH}8z
zL$_`zhHR9W&n0-AZ1VWo5=l0zm)1Y_oBd)fVrI9q2(DmToOHtI@I)px5JV&Cz=N6v
zyV->Z$Y7jM9em4pV4n8Qz3j5n(rJFcRq6lrX7BngJY6#nUeoa(yaNrC^5RO+=SSqW
zAV@9~5o9?XX9RQ@cBW~!1PuT=;qc6cjWfPOE$Sk=_Ey5Sa@J14FtG{G^0%^2#S4mg
zn-Xvg-`xD>Bc*D_9)`8SOq>eojyjubZeD+fQ&Tvd^heR5zL~&roqch!lSp-aV<oJ<
zdag!|#?<Ny%GDK26D>kI{pYbXbl^Y>G(LJY!z$sx^a{Q91QHrpr7??MEys;tu2y%@
z?w6Q&RY#P=nzXe(U!3|sYn*6&F)_W5G?CRK>Oh%Z#=#q^2Lgh(Y%YA@-N>ycdNVds
zWUlYRK2UkZJfgwhcDdi;DHHph(=_J2f%&xt`BQNvsO8ci^EIkr@`9pS=H4$5V&Ye_
zwjqe8l$;>DM^x=_J_+SHv^ies3nR=$*c!z4NyP`Offjm$_$>?tKv#GY0W^FmQ*l99
z!gXye#hMO`cUIr1nz{DMJ}t0J{xMMVcKv-CCMvG-BbL=(&(k`MDrZsA_i}uALfwz~
zawT-HJy@;fmTPiw|6P`*#W{7-K<ytFSsQfWGa^ZYNpJJh2WKX^+h$@oRVz+UhFU^`
zn%r5hZAkxduY3K0I@x2`t0Fgr5RDv|fQLTj!#N3e_Z|H3e&M9A0L#&y*_PYWbd^5h
z&i$lJ1%bW-=h>YXIjm(60@?{wB1gvk>B->WdtToIT4Mh1S+|p|I$Y#eL3`8X@@J}q
z&i<hz!bh_mBpC0$JUs$!CN)xte4>_70BqAhh}}rYoRL%a$5X+psbZQRXjg9<7L5jx
zpdWrX4V&>c(QLySFjqC6aI<@;mu%!hU(km?5JQpyzA1)O(qN1`9(W!%ujEK}j_ls2
zB_7CxL4dmK>$mGQb#-A87LHTs+fdH&2M2R?wVy|SYCC0gV&TZf4LK1MU~dX2e6Ao{
z#KG?dfEPKmb%`%UiqGHQ^+u=<=la?`#M0%o8^0f^|ABrqlzf{s;taL`%Nog#&g*?|
z*5oAp-O^%G7y5;%%75`9HT4#hc;&?BJneU>ahRtRXHby_Zc3^3cmUJ)pMJ|~kx(=}
zrItD1_ERSAepn*|Y{aq?zRAij0nvvSaKG`?n;InSPOgsUhn7pYPvqQnwF!M+?w@ic
zfr99l`=2mlX>9Th2%ZPCY+65D8+cnp9{{qcnjb8PIo@}Kq`8%O^Rva*U_ez(n4XaA
ztUTk)T=4*>Koj_B3|;90mV&6OoV7oPJw=1p_QC{lh_^a;mYl4hxqmQs;Q*7EOPmNO
z2O;ffqpYNUo|!{bFNuC>qyBZ(`7u{pj$s?Xs(jGCBM@m)XlWCPvV05}X6yh~L%Sz!
z6(PB<roqyrKTY-82kt>bL!hVF7a#7%Z*dX7j6Zc6%5$^+X>kt3USGBfO?ox+VV>6O
znTh~|>sY!Rj|PTo`{<*2)Sm5$OR;CgU2+(xJ3&{uiT1YR%60?I#~v+P&j5UktS7U-
zMPlV8PH3{)ns8>G|1(MrsYoF7F8e$W%5$vrQ4YKU5QYww9i=cCcB79>+zC{63wdBy
zWJ_LU_lxdzZd4gG!vM$;v!}Kv+@B8t!!y68i03_5`K7gSOglZJ5PN%@6lMwIk?<up
zFp6f}SYRo2`D-tRm1KJ7AkON`ZSF~1+b*1?76|QD3xQt?*~Y|zC$>Qb5~8O3744Z&
z<EjRy-xJG)_gIvUl`S&?piBk9UxH(!{K>zJ8PY)r%UWm?R8}Jd#uAANoY+BNztPv4
z{@{!fa~)jPezg)#7Vm&AB%MrlUNP8P05>FIex>nwMDWwQ>`=czvL6?DT4_}kA#_di
z$VAI|NJnyVeg<jNbuBu1+SwQ)58>%4g-~}BRKK>>JF7-i@L)931e$_sxB?}ge9+QQ
zRpPOTx)pLZ(k3x)`>p&He$PU-!qa1z+TJUN^_eG}5RYQw7jdw0!0Ik$7AW%B6zikt
zWdANIYU2Btpe_OF;N)!A)r!pyNDiX(Lf{Q2A7nyT{bb_!aPK5jmt=@R7JynXm(eqx
zEgVuP?-x8c7~X^3-nECtp|uGwYGP`M&P~ddE?7F*En0*vpE%`qe_rlK-NLLs4+jwL
z29_qn#%hD!QohChZ6aRtjK54!W%szLNd}k5UgtJo{VXomw?sS#+W5t6dAn&!Kf=ns
z{bf}vLS1%Cl<xy4h<!%_V0!C3qc>671vr1Yhlew$k>ijM-=LiBDJTy6x3&r-F-0j%
z@tQ}AeT^|THg*r+Dx9GJ+ExGn`P2Bahrf(V*8bhsV9#T0aepY}w{N?QB2f?&tnC*`
zXq225v2!vBw!hB}MI83IVs9_^$sXW_^$o@7>IKRZ^H`%+Ijboi!~F3&{{0AEp8uUa
z8U1VI{Zz-#pwHvX<!x4n>0;++&*euqMXuSAuTs9HgzlBm6AO7dPwXFR9MB-5cFRkh
z+^zn2E{)-*<RFzDVk=2@J~Dq*zEL1L9&Uk)J0kAl(xCX(PVzOMeJw{$4)N`S36jAU
zQU`sRtn;T@Z`X3*0G)D{`7m8^3X1x1Be|n81}4IbI<Wmd@sUSt^h%4Z`He1kGj4q8
zCyUP0*I_%qYXPQL-|v*8=o`K=<;_fO_oZLw%+6{l43CNBJ_uJ<SAWQtPFY=x5}|xH
zK9shZ&8BttxbsGx7IABTCNP9*y}O<mTkPDs#z0R0O8(qS;Bq!sTG)a9b(<;vncO`i
z)Pc2o7(z^#6Tb83qqD5#>|Q>{jwRXL@pI;GC&RKxv;*q(B#z%RWNdt;cavLZn@-l!
zvW)a+eNz!Mm!eI<bdvnOx~h(}H||<N&jjO_$*3}-i9a)JYurHHrIq34@kHj@=<b5J
z@_0{Vu;gQmnc3#-&8Z9p<M9uIDRoVK%I7>2n0LzAjGevv&*QS=BG1Ij9$u9{n}dW-
zlg2TAO=b`jqkJ`s$+EB}n(Nd@AX?WVMj^uYr;=rvo16|hD`LJC`m@ux7Xiwl)b706
zAviw1ioM_SePw{#=IvtRq(=q8funW5?c;RBBo#HPfM>xVsFiURlahMai{W|8&o8$h
zcV~9$bG^Kd<zqtg-XBg+LewYye(Bi9uv{VHXBY-qzsS?dN*;x~hZk~`{8YZVRFUFT
zXze-ZN5Pf5pC_ChSx)hF&V!Io=&Xn`HH0On(;C?zo1Z3omPOaF+Ut{uP=j(K9E<WH
z!@U&D6_TDaz|8L*Mf%0_`RVayw70X?t<3PS7{b*uby#&xwvJ+?iDFPy#HHFjJbmcp
z>63kTj|lKR9q#V;lHC`7&pMVZliGK_R2F%}U0$eOh8cPWcHF^%b(D`6wa_{xrNa2&
zI0hb4`&I-^hi|Ou<2<ZQTjzqnQTcs(enMa>sLCcb3eGza3Z5k=O&Yxi7U{!@;|f(t
zI4V#P>dlvm!larE@O31EXSp6l(0vCD#u*$Q9w-xdmXR-Lcv^Dd^<8v*r49aZF#l$I
z`6;!7Gq~(?GCj9A#VNt=vW}Hp_2%mS#1dcaGuGj}!JVzm#&N6Da6)sKKTuD~hiop+
zJA&~K#xCcbs)`_+d`{ijyh@Np&`K-{bCYPf(Pa)<Z=;Pa31}p&>N_Bkue<*e$t!~b
zfzAT`R+{IhZZcuNxT}X+-vOkOaGg{`U-;T01u;E6VsUZtlR(MM`C79&sgRWxlh;Lx
z!(wV`l$Ms3)#|Z!i#Iht`FcHi#xZ*HHaxc7_x88#!62dh{`=PU^^TSttTtek?9FdA
zz3-wyGBs7`I@=s>s5zKDMgH?#a^A4E`&@m+wfw|S`pO`i?VSEmOkY3C+&Q$J92(o6
z5IPyJu%>3x?6SEa-weY>Of;T!eyQa#wn&HAeO34)$+D?W__)5L|ARhU;&i+}8cfIC
zZB$@t%n)fevzt%1a3HhiMJaBZpr_|-voZF~+_)d~rPn}ht?I*ZoG<T4x%V^YiwFje
zJfGP*psp@fBsc=W6Z_*tzR!?y09%<&lD&!ncXQkAWj;q_AR;3NcK0LOby@ZmhG%(Y
zu-p+k=Z8%W%|ZitnT2E9fiDa6D+9e(RH87z6@-=MvrpDgqQB+D|IKpZqe^%_)3dmj
zM8hrS4}Aq-%&1Az3I1e28`}(sl8Xt=rn2(p(2ndX2&>gK-0<d?$9od8u$dWG!6(Gw
z3#KZYAs(v?w?njWMMW7IT?XO10m~I)Dw)l5;LM9*X)Ud^tDNewOuobOb&?|}^U-Xk
zgb!7Jlr(oMD=2eOe~@OIXZW`+`$e<(3q4*>45=06LsWepN$yVcami-QiKwm<p^)SK
zGmuWsgEG46v@_tMuiY{becWkYW-8p)#>WZF)Q<e0nIeQ9tWN;DA8j<;JRW%Lzh3?z
zEY=RFt>Zi&o6mftz{9}h_s*!T^PVW^p-u2&FvtHPkWc7|+nvi`9X1Q-zVXX+icN=m
z-&Kc10P4-2X1MAH1H0&~fpF6u&>#Q(GO~c_zxI0&x|pbNNBBDucNFOL$0gmn{W4$n
zKzvH~W=p1;e+FP54h1N4Ol|{CaTwe-X{6}lum5%EFOtB({5yIhc0Ra&jUIc4`k&!r
zQoF;Kh(tqPuiH6|pZ+5^8BB;sh0v!r-W@oAe)Nsx6aD+hKhyq?&jg}fH!x|PVWj?{
z0)OY!WrYmrR|5ekM1e8fm}tl*<oBxC%OZljfq4jPu;Q&v=|=u=@+K1_?&aV9>*dda
z{dd3)u6*zQ^^bo4jCbLN&Ryl?><8CBV|6Ehe(Ig?eb*<`D$zYGLzB`=@$zQ=+Z7;&
z1X#NB>xm%IwYPt7IAMnYc6O@E!tRmk37~i`C_cgeGg8!-pC$Bcb8UKA7^%49l>hZN
zU%p&<Yvc_*vLbOmmgz|Kuf0O`k6<I(+6a+8_?@9_UEC}{rrl#OoS#~t9vsH_J_C=9
zQy8_OhlR*^Xbj8}<xpS}zRrs&<~TnW=3+(<{U4SGuxz@71CC6Ttq@_0mn@#CNZ<Z@
zSSPPwTm+uKUrrf50=fqf`fDC~0a-xituJ=%XwmccAYk%;TUWFE9pXQm`aeFias#)<
zpqV#{zwCG5G7;-qfoCbQ0CX(gHQ~ZPVtx6!IjLS)W-8I{;Sg5s*Z;!{ghF;l2DFC(
zyUM}4zqg<U`FEli&<Cc{D@+pLa71tRsQqij=qdUKrj|$43hTc7cz%!1e+=t?A1Gwu
zWj0q2j?VwO<w@#ggwiLU;8>np*7<Y*xyDff16wcZqY;qo9;PWy4*I_=h?iA}i-GZX
z75Zyp<wBCfNN;<QUIeJl!z>^V2vFeVFURye&)x$9JUghi`yWTg$`9NcgRVIv_g8>N
z<dEY)d^Jw?z*K=FfkxnUh{E^)_gv;d`f0IqAzYF6+Fbv$0BHdMlJc`1;QhUYSJXcc
zj2iQX(w!|Z74`=P%Rg^_8<>S-_FF50Z&2`{Ji=4dzia#d+yy6GfS&NSk^W!$OSBuX
zFO5$Hbndt3`%nW)!05Kd4gIY^&FJYkG*^dp%NDj@dKRp}Yn!QtwZeVd=$N^XO(;$S
z_D?S=CpsGczi;0cl>^2BZoLFpl>go$N(M{^x2^uCXm|N>HUt6rhAAL0aIWe8hz#B9
z0o3_K)^^f!-Yc9#Gye{Fh1~c@E=<4^RhvWe|6N(W>;|G2l^Ux3iA?riD%Hpx5bvm{
z|J_$Z)?#z_LGOJ=2}WQXy63+p<NYb&j#`gt28V`z&NtW@0~9i@<!Njt2(~S|pW)!)
zWpP3Hr@t6j7KBm}Ljl$PvOCdy*vIX|MKv_=G%B<Lek^;UgoK2kPp=;013Ku6(DeE5
z|Nfr}-Du-wF=P^g{{0>RuMfat`5KUVZeYCZs*68fNskl(Y?LQA>wYp?TD(Wi+XEJM
zc4YNS+I62-%MBmtVPIfR7oDE_fWu1Jc5VeNasYqq-nt@AGV&v@2p#(Qnh7f%Jq+^O
zb<8)o;k7BQnO|(XtG;<!GlIm_G&NTW2?+_^AptoQ^z;Y-b7LRb(@9u|$y2>p_i)bV
z3=`@X-EobDgpMqJ_gyPk3a;RLH9A^D<<WjLS>u82)6;SX88aU`V8j03*>$13$U9K>
z6aK&Dod)-yfAVYCBvRU@lr<2{dQ6Zl4O1WqNm;O!(Xyb;20AJ%EG>x(H4s2oyTv)v
zN=^G!WT?KMjwe0Nw^l=mI%pF$yQ;@Pm6hGyL5Qah=i~V;EuLE7=%2FkDU97bowqCV
zyfYQI_y(T4g*6t9AhcHoKC}n6!Egv`XQx9=?>H0%wtx0~IsjQoO4?&G%PIBM)(3Z3
z#ZB|9XSd5tEKLRV^}z|=Kw!_(qGMyxAI|c^>_umCMetr3Jn`-mb0EieY2kz`BFT6=
z!ci1ROinEY74>s})Z{G4>-VE7p4(RJ3NF37cl6Swnd$UKTGC%K5qjNg%ObYLAV}Z0
z_Q1SrXJf{plOe!#6*rA@Imge>{83jXKrAJvPF@L&@oQ@7;j#U(Mu*Zm?0*xaKb*8U
zu$kXmoa+7Et|!(oPt3r^*7Rv_6sL3dxQh9;d@CIA{4|r5#`tC9mz?}b>a?G0)CS=5
z%a8sFgh#QTR@bE9<n*5X`e$~QT&3p;Y(fP}X3+dJT_(`*Byv8&L6IxOb5PT?Ci%)B
zNKF9=t$&H5mX(Vio8&BHf2kFH)mlE|r_``2&gtlZ!p9$OYs*VvD$~mWgM&zme$TLj
zBO{V-Zahyn10tWMiWKp{w^KNP&^Q-}%Xx5`OpOIpzk24vU<v=={*w{5_F<*n<$+#j
zI=Xq609c#V7Y>}0`v(pQi*Cue1??g|-zEIpAo(aP!_wBDp0|5q>`0_+)T0Kj9(u;*
z{G>+e)V~oesOT>TKQ2T~%&~DN>U^@K`plf>U!t{e{d|{-fl8m<oYBc~xILmIrJ$GQ
zZM)w+7N@lEE%EI&-_%ol^7+5rnt$!L6IDP#wK=cN+WeJo^*_e!bvJ|P;}A>Qlu1zB
z_%VAQ4B!olOcUpZ;e<y=_xQ=;mj0=C{vm4+i)29A{f3ArY9G`|+T6@h?Q#B2@M@M!
z#__f!OTOFc&ji1IO=2tQHzAUUvyxvKQm=0YBI=M5>!VZst{ib+;~NjeX3f`_l_K-b
zOfZ(d(Z#~X4)pSUFi{vEosJc{-N13*uWXoa?0f>06NqEn!HXzhp~|K=DVo&zJtX&D
zGt5KxI_n6;6Kg1?%YXd4RA+-3R#dZiP?W;6^qQd{33rB{v68^Wy?6cl0o=wI5h$j;
z_B-?fcjm>8Eyg={LK4l%w#H7kSM(Hf7AX_e4qDz)=zj{@*^?lfwohaAojV+A@o9L}
zfmS>-!av4I1I4Zdrk-+NpOgQGIdW%vvEhOq2mF7()&flAPu!UK#9WA(i}?v1a#MhR
zD>Y~muMPM2Y!mOI*LZtLX=VS9V?8da&CE<<J+DKTc@N+`XKp~44yz$iQrN>%l9F%+
z-ltODC*AjWmzh9ekN5cjB|a&MHeZ=`Z*T8|ib?<)(aieEYOl|B*`MerysWUMCM_Uu
z^81PmI0j+me%bAQj4%pKq8<$;4q(e@D?&?7IqlY-svp#sE+!Ljd~=+vZv51|y>>5h
z6M&b#&r+_r9)uynsU()GSG;wy=(KHhZ{Tye;tr_X``G(^1b7y|ERWcQ1tj+Z$c9}1
zGVjw6AM#*oxO`bjxbl5twv<#vwyl7PV}&atFV%a2j>q<|v@DhrjXt+B6HTIuCvR-t
z{(6my)-8YOGPN+!Krdn1@d>*po{LiIH`U%QQMnvZ_2$xK^7K1}h~9&98cUy&a@+2R
z$4!d_E;Hta#3QxBXX1*cjLw3?R`C;6Jz^U_)*?aazh1<@{EcM=z)9j6C%sqt`*jLn
zUjRR#k%HD;dzrvn8fa{RC=FRL!m<3k1b6ys^?I$x7?NV2CsNBhfc4$JY}2J%{fvAa
z9vgeqdSvJ4Mg079-Py3cJ`guRveE)uw>`2eV7t7tv(xpB%j)Ey?)i`Fisyc1(^1QK
zy7FWrsA=sC`d-=z5uRni8I%<t$zmS!gZBp1gI&R=ADNa$Ab2ssBDp3%Lj_uSep0cX
zt5p}czFM#w0H|s!Y&u!aR`x_djU~N?Ie-NLr*Aj4$N2NSQmQgNh*{5Rb*K2PZYfQd
z0Vb7bko00tjliBPGs<K3C&4$~o~TkiH@0m}7tMi8&quhhkXG-+V4vd|X2+ZiVlvr4
zTDb0IxYP^eRMPb0%Px(_i>7$J@@MizI-dH}fmDXm+RgtmV1Okv`u<{=lL*FX{`$`2
z)PNg=)mA?(+db@Lr+PK=jMOB5cIMn&-q7$GNG^WJ*Kl!31^|)~kOpbh<Mu+P#FeKj
zw+~pIA9s(A`seD*^QzK$9r9hXYM!@6o(UUm7D9)aTTxRDTEwH^QW6sK^fmSLq8IF*
zLmP!OM1XjLii8k1cmQuiGFTFdEp@LE-P?Qsy8iuMcKx4^i_cxk)G)d*`~m`}8DV77
zu1c;s^*@}zN`j2+c{(U_Dp<Tzze8uLn4MgF8x*^TpPW}%8xU&VE`1=J&K6AcuOb~P
z|6DMlWZmDBgm*YNP>99*0Y?~8krvO)C~MajJg5|%+FACo5pLB&A8F>bR6)Ul>k?m0
zr51mOtiW?t-Q?NcOpsHePCWifXnYrG5+|aGmlUsXY52q#VI`StO`et@!)v<J)%TH8
zQ?N7K^{dX>lrui6fitcP*B`o*+!=o<&$L{2XRE@={c1_qc1U9vMp&nk(pT4K5Ee3s
zQM_kBIJ{fTl*|+m!iuOdo_FCwtDL0(bN+By4GhFRoVP)wuaViSRR>N1v^Vg5wMM<B
zB&o&voyY>~OMx^6#9HV>0Bo_eW=dMxe8??_02UdnWXL|2>$e5}Z+B1!yqLi_Qm|81
z`nA<0vZs%e?(Yh($@x{=<1Qgx$irY!uC3Z%P}Vn+akQqaX(@9Nx3_nT){8<)H?Ymx
z`f2=mMBTqlrEH+C$WZ!@C_P(r*ZJ2^&wkp3CvdBafNg6lbh9|#7NSIL@9lf6)R237
zT0?mMc&K14X?ZIls^WOXlcR1FzTrZH=G7<mk8?vTsI!9Hx&6FRUnt}4G3@-^oP%$W
z5;NOpUs4}!l|z=M!OZDRJZ8wIX!X6m8XeIsdDfa$e8y%zSgVgZgi`0ITd8?vuk4$O
z+GOxrkLSh31qjCpUbZwLjrKa0p2jSzJR~QDFsko@mMKz0&4(e<>=0jmVTSs7@$|!^
z+P=;BR-G%QMBz|7mv1d|O%|WV5`Lb-bSk$>?By%lnM<BO4XZoL?E6dHIpy`iYM-en
z-wC6x_J}WcP<yHql?`V&oPB_AX|;}9DH&1m4MH|3J1RY!Pw`S}nHh=2P|CYdXrKK4
zv!LKGgMkgjU|}Yw8e%Ox-ge0NyvX<EgO8ofQC~uPVXf<@ct+5YgDjSX)vlz3B1-HL
zL+U!o*5~`itS^Q!JoNACK~=#?v^GLzNM?oR2vy*_c@5(G`nF^5hE;|8t;j!j8JQWu
z79M1%aj&M2wm*A3mnRL{1Vy-xopD?TEc{0}#;WtOx$(4TfXMA%F|4xxOVZ>^d2Aqf
zcE#H|0S<u@f<81n1<&%+>Ude`X5a8RQmt4?8*<-+Z`%d#xZ<+Okz2pnDTp&V-x{4i
zzqxT=^xU`6YP3$j@&;I(0Eha%!RFFr^H;J~!=BRNEyuWE5OC5})$y#BH4sm}_xNH-
zaWt6Dd*XjEr>!4mNX8qXber!L815m`{#=Yb%_RM`tv_a}FbDweuWgIm6VA^sumR_&
ziR1{8C=-iBVK7+BzvU)6tI5J`J5b)KoGQ2X)hT!F$+;RZ(JZuy*c0GjVC7IzPQLVW
zrC!zYc~1Skx0Zg&)bz!ZX-(p%T(t_lPSD9tF*2<UDeZ(_{7krR(Z1p5P6L9FWE>(k
z+gy|&jL6>8i%B>l02(Dfqz-;hmA`|ufc>HJy{dAX3vNhZOZaD7hdI74O?%>x*^lqx
zK<Csjit)A46~C$|r``7sO*FhNi@|aWQJce0P-bT7k&ZgRnYk=IY4jjF!Jtb4c?I*G
z3{Cy`h(ZcuEqz;u<<AK}pBh%b{}k2~(iZN79maD;n|~@=f_7gw8Fo201V@Euaz7Xl
z3&1|CtLt}gROzIx1eB-j27<!`U>v&n^to@31qu99XLK7udpAd#I#TSgWj}RqN7YhX
z%GYnz_)j;-_X5G8m10_*K9D!*SxZ36+Mf7^=&_1=fThEJwk}chnw*e&UZa|C)2D|r
zW|>=}NBb>@?%JXEW0(bszf#;{3(CA9Lir@b8)1px@bogN9fw65_i7V+bPn!rq7{d%
z);J?D8!ZAg?j5ikYR?j>^=meLzN6E#Sska;&3p96@ok$^NWdwoyL!`}{r<9W_FH^c
z_qV%HVA&->oz$z*gw95}_U||kJ28}v=-LPJIk-{jDD0Tnmb#?YmKNYUF!|*i{n!bS
z+=<*!c>jZ$woctZ@bT&rEM+y{yl-0Dvb5yYxW{K#igy=d15bxiC8?Y-GlfNEKgIi;
zQaU{z%*^)_==O(NN-mNGmPJDLUJdU!?+KdEYp$7i*B)N$?F*M|CsU)%wk)4<Ev8?^
zaMxe*7|!IpH)xbo|3c|%BUp)SH#3m6X|7L}^B-x%E(;*!=X&!|o93?z*c1jtp|1?)
ze-%JBvx(v>6T6Jy`gQ)Xmn9`g&*vg5Gx?6%PHNcT$kz;P*O^WyV=ZncK;W&DnV6m)
z0XPR3Na*M@8`bLNM>_&a-Q^e|1J(~l{kV(@kqrwuOs^Z<H%??D>fuZk(*y61+GQwe
zWN!%Re%2}hH0e3w5x%Ey*H5D6n%}3q7uIFiKRM~faoxYTgavlX_{m5xo_Dcm>T_dC
z$m*$tCl&GeYpnH_(~NUDOh)MBUsM!ep#{d6%-{(n!TMZO>51mhSkcUiRF<QlRyOJu
ziKvqAdjfNq(S}EI0dO=mw4b}n)nZ*_zk__H^DGXKx`IoT6k>McGHdTd+lDDU3aNwF
z5e>i1(ZF-b|0(|@%Yn~a`_nyQ?bCZT>SU&yQIz}dekri5C<c3JkqFLhCD2S1@Ff;T
zghebT;5N5c8Ip;tsRziDH(S%qKB{uf?}?>;`$}417De)MFqar=)KI&d70RrQjc>||
zT%Nz7-cv}B6jF86DvMT>x?unH)sCds7E51G`!{y0!vOxm{Z_LIaX5z=c9`P4vi$D?
zZNfvLOC45p{404SL!G(MQ@TgNf}buQRDOI^=}C6sbLGbbb*zYxx-2rf?>@lVUpV_q
zvcRfhd&Ym!sj^x|euFtQtliDPS49Lcxe4@mF4fE<craBViRyjC_)T4%QR6Ge5HQUW
znqN@oC#=ur3)CdfT{fB{AsjA6q{da!a0JOZ%E+?4Oq1A5%7sN78;O<?X__?H%JFTv
z-xb0G68%4_B!Yn;4x?m-(Y@45S?aDV{vISj;a}RKPW7(f;He2ys`!qQGJTW!^`;eg
z0CpcE;oiP^(NOM<+PdfSw1l+F{JLpGODc83j}dCUJ7V%}44IS2BqSw#18%hSz{~sm
z!cvJSJv`Fafm$Aq@$sQLDlRrjxM@rDoSCJ(!{fmD<;4~sN2!V=KTQ^@HQ*_SQ(2M(
zjHX|WW3jn-r!dc^hjQ+00l}xmWMlN#%uTy!!|CFgxX3^1Oo{p5>>7llJxX!rtP9$F
zbz~BqihPonIk{{6e99~w#jr0`l0PRzRz~T7?<KuC@PVCpS+ZjmC6ckkGd7cg&N-+R
zWGYnVH4smIxa0>|vbd1{AC?S^ismWm+nxDjr_t|Ax;T@M#TOcwx=`eg_SIh>2zdRe
z<x|$GT91Ac(0$oYknuH71sfqIL0t_}#!&!tT*=AFO}ASacS^;O>98IXZeI}=j9o0)
zf{`?V8!>IJC+F`Uu;-wsoQl_FMA~$}SG^Ooe}*loC<~N3zkwVOD@6Y(n9TfQ`SaS9
zlv8t6bK%86{qPQpF=S#C%amNU#5&#Z%9uj@uG;qgH?uF3Oe)1pc0^wk&4q=kbR}4+
z>gVRyixMFL2JzF`0IGFNY^kRfHv{;5sVmjZw-HY+J@j{}4UkJnEG{n3rHo7Sr%ysv
zL)cc*zZ|dzlBl+Roi$T`wKukd%kC}SufCh^^_eb~-)mL}kH#m3wYXfQJ`?x9E&pgY
z69_f|5%)!`^>^@BHM8Q#d#Yu=j(|F^R)5o~yD@yJt>!Xh95<+`-09P%Ofj51DEz}P
zeTv3z4!f<2*A6BnN5H_!?s-V(;m~C`T+Fc9^wn7MAKkJxn#s;5N|i1>?UXUA0qX7D
z^ZVTzD8bH|v&;Rx!b2@qHIWWuUGf>bI^6mZpXS4PZiS&8EaX>BewSSqI$KULHdftM
zm!0B_6lP3@6R}bFJBK+55Q%cb`U<di_x{~@{c5J(V~(oj14}#6ZyE>cpRVg$<qHk<
z$z`3uH^Et9ci=`gg!RdU)7He!$+!f;vOl)+RoTqg&CIkeuFk6mr*9%c)p;r`45p+o
zGiDgVNgnG_Wv(uYIX^m1=gSva=BHpIfIFR`Y$%MrMFE1Yk(}p{X<?V)Eqm>tDyu53
zqPlUm@7OSCT(+`rAjm74`z`4!`DDX8i_{X_ctmT-364DuQjzm!LY=H$thUd?j{?SJ
zq+D{cpXt@Vzjcs`^sf7`@#EzEWA+@AN>bzoDG$E+En%QitG$cliDS{D6V+K>!rgDd
zqVC2@coyC5*x*h!U-h`i_{$;05FJnPOF?lef!Aj85t?PzDM-<c`R-p36-A_fckHq&
zIx8qdiKo8zw#r#B7v{`AOsKar@RM6p-B&KuRhNnz;V!g$$k<peP4F7jlMc#h_O<;F
zBj(TWQox3nni2c!7G{e9ZXrC24YlgYSu{~1P@fIz(i+w;(^rmzT&_h~o%G=-6NDcK
z<Kd3<RA|=$%r@>+RDCZ;q7MxXAz`G_Vyc!&J~i(afiCrx|7F4ieU=%6W2QQ3$tu+B
z@HN-$23%AmM(xba5&8Qfk&sdQggA;RSh&lM&r-&iy=~5yJGP%1#k#Fd2%mq|zhNAn
z=&bj7Fd}YD*~eOqE+5$?B%4i$=0LDwg@Sr3CMzlSks~H0aI7ckokIA*L~!qqap{86
zUdP98`+j%tQH5zI)v^dLGXS}MAxI9sng~>-3ULvWLcBjJa$Z+W6*Qo7OpSD=uJNn(
zl|i<w$j9(e&j+|)Xobq!ns-rWhWNHV;kCJvlqPaU4~&L23>sZ8bIMTg!%IjZwr-zh
z;SF^9^(rX5kC^ygWhmHSE_%-+ckkr2@Ppbt9lqiDeQ?2bg=z`BJk|HKW!m>K*ja^@
z63=JL`8Y~~+8(|Fc;nOi-YycDjU?5$X&*(uh1);6%UeP5x86}|Y4hxdLrj4`Cr0WT
zCSru=Xz=ZLZqVo(s<ldqw(GoUwSot!8(K@X+&I}_+i!!FL*zDChfnnxcNtPy{;0jT
zog?xG3)dgyqz6#0yHWc&8A{h?(W~r?HQOiRxeR+}MTR<GNunu{R)~6KjCFbI*|6v_
z?_x|9G+fy2OT``}(8_HkzTK7G)?-y!Fq5}uM=@yp%}O6(HODo@B`bGny!7pHYfq(`
z6&8n@E0?};kLRv9*6(6VCF2Y1G@BD)gi+ni8L{H`UEI>oy~BtNgC<)oMX$db-B}Bv
zE|p3o&pyl6+*VILpo$Hs03e#FcL}gE{C=m{Z|O&p^4ZiW8qF@GFZgSJpvJghhmMye
zW!dcDKq}BLg-DS7Odj?=B`c}PdH`<+PGrdwuQ(2!1lob>Fk?YA;h<mVguNg1y$a3o
zS$m~ejf#IM+T+ga2wK~V#tiLSltcUcHofoGU9;kUB$BGgf$GX@Ty4a^{+v4kkmFOB
zEU5&t#MurKwfI!INKFz)s)wE}kcQ8rZv=s4Wm!4*aIG2s`rSTgpf3XFo}zu0AApH4
z(PuZ<H3g>bUA83333{wC&U<!ZV&H#W6KK{>%fK{YE78Dev;7VU85<ebwO_@_5>>Kh
zILcNl6q-{fj1)Np7YLP-By{V$yQ`F@WS?43@h(2gmibNsd_1z&{blJ~^RGdf(fvfl
zOyFYe6VFvG&Y9QRq?-8OsOtoTm1J~Nv->UKmh5l-z+*q|$z#LIzt+X79ti{sEJU8n
z%;ZDcl+qfhQ7@&^Uq?cwO(VsfpP9DFH8xnNQ-p5%j-bH?6oyrPR}Ts{olM<U>5`%?
za;iS1sv1j?U@7qhH`VRRL*h*`lrw(&%bzW6Y80i&U|ZCln!0umJek=>%D}I{n7mBL
zg%{1}$jg`)z110NT_oL4KzS4<m-1R;{|{qt0aewvwGS(T5-JVS9nwfQ(%neO0YSQ?
zn<F67AdPf496ArFgmfRek?xKI-{$J?{onhJ`;PIAaRxXJ+r9T%Yp%KGeC9LflsarY
zIDhv=HpX%n?DZi7ii^46f5mainH^W-I|c3#CX((tkh`NwVF?{urJhL*`58xPA*tyh
z=4gRk@oDF43|>@C*lL28Fd2hdf?R0bRqATjeoJ@3lnPUWL*w~e{KKYsDd$v*jb+l;
z$OP4<2HFq9FKTmi_BdrDf(xVlRI<Jls`=EuoLywyZ4#6it!7Cuf6t((FK)vqTpbbt
zbIqFQl0i(z<yo`ZI?_OGi<Bg<VhIVyTrMtbd0}G4?3lpcH-zCtj0;TxIub0TOc(aB
z3@;kjmWud>L`$74f3S;uP~kMZr8OaC1%wI-^dXM;%A+&FmH9Z*A~gyXR>kU67K>iZ
z0*DZK6L{gK=XurujZDb$33bSKhJZju8p)hoLtet$euet~A2J#Sl)3#M8C_y&kdL}B
zZMWJQHPNoI#O>&~&W?^vNDzmYmX&pU=P>&ObebV&WCVac=n^-PQi#+EThT24r<@j)
zx5wTdAnR&mzW9-t@dla!o6GZvC%^k{Et4^!U(@ytSePU$C3-AlHsux<Q@&1ud@W@?
zp4j$}1o&wwOD@-RXeY;oqwTi4WBsy%N*srvZ{dwp-&fN|{mkp$^6OLagT(|IAE{b^
zPx-Rr`)Cx6mEI?xpH{$wS@5A^{!i?EgOC9D3~SFaC4jzoltT#zMItT}5dx!zFFz%E
zJy+I9jvYgD7S8|%uNDL>owb#2kV|Dv#mcWG8VGZ+jV=UWwQo4e(^<i0u%KARVn_N{
z(ZZEH;W_*jwG||q&Nc<H$h-`>Yqqj*UR@ggN+O^Pw6ul<7>%p)BLhv$drg~15jYV)
zmOFeQ@^G^YJ3dO@??@2X0(wWhcRc1#jlDjakjb3qLLpNki_h%~m(IrSEhU3E-79$?
zfj!+bmL^0RGwX;6S{bj<=YM1lsaWjA;>1vjX?i()OyAATa`!%*`GD3SH&J^W%2Cr}
zz<{8kUt@C3<1DBGQh3hS_wEZz)l!WzB@^yUP<br##W$=54b|6|{eB5Eb-PLLnMu;+
z!t3sG@91@7XoQS?>^!7)PNTN@Jx!?nBH8b@E2XSKt{tE_mkT18K=1z(PBvFm(0Lam
zYb>>iQ+_88@K3vLr}e;5$9I*d4Ep8O&i5~Be2ACLK-hD%|4=6W6)4hr2xy~*l=%M*
z&I$Ve@owdEmVn$*YR~0G#JSh5ua6g)+~8|;BAr0ots1G?qz?~zcWpJ*Jo^T<KRfb{
z6hM%2m)4Q$rqN9m+B>LcvBI<G7j<<41JNUHLye_pPpWqS+*gRoAW_X<p2NAJgGtA`
zE(75TWl#6I)3Y`=18R~X$ibEOqHcYXoCYAzaXaorpn`t$zi&?E;d==S6~!eJVmpp;
z)&stsJWEU$V00^N{H-A0Hi6a2sI*3?w{Gpuu`sLYml`eRz}b5$t6%RB+~fVkA7U|(
z`Wi|2@+0xfv`VsOxzx>|B~IdYt8#V$qV~RdzXZbM;!E_dUs1-glw5=Stm>mw+Yq8!
zL;`U(0ws7YV$3o!NPHqy#7>ZQXqXC6z3f!*43EcN25X$SZ>@McN&H}+u1!K0Rs58U
zLL_)&I4g=$rVM=jkNJ&Q1_#p{SWrR6=~*L*BEV?kdj5&V{cG+G9;g~H)7aHNES5tv
zz=NT8v)D=ZOAu*&{%JQ&v~AuY!Dwl~54IY4{{kp0SWr^(bAV^@qodsY)sPt`5s^T_
z(%Ej+(8{#gy~WA($jr0~MEWTz8riD~v+9}CQ;&o^+Lefuh4)4*+q>xzDP1=v*;Fp|
z1)<rxF95Q{ky40dxA)2Exam!i*kMo0$ATWc)_uhxw=CgT=zDSmDyrrxJfysJ#Ijg$
z`MBOm^4-Gc;^NX^)XtyfN=!<2BN3iSOSrhgFGVhmeB&uqoq_I#Po#&&GaED`dGpRY
zr2>qUT>NI7c>NMwDpJWV<Pjm-n1&2AE0e5gGaO4yj;K<4n9wjZ4MfN^rH5h+j{EDQ
z4>I3+7?-0L2Ixtm{dOzBWF4=cjinKsO?d*@_U&Q6QWKM=!`CiJsk_d|DN96R^`z;_
zJrt4Uimzc`o%L~`Gi)^3&q5~P#W&dwx{j4+bGWxQ6Fa*tU#Mk|YSomFOc`HfQzTY%
z)~xm)wX26RpyU>n{K}Fq!+>gd{6b^to7^sCvS^z;qr+sl80(DI)yy?3DYb0xs(YHJ
zT)i2z6)b?rDt*-;cj!><jm@nBu%=8v=>L0D0a3zrhUk)iBHnY#08Ix1(B!V}dxVgC
zSQDx4S*PzqDDZ$#P;0|RkWgqF7`&sT5P#}xl1p>hw=I%gSZLobusPtDfSFpHm-m!s
z;d0{fZp%@)-O_e3WaL~+Q*${lxn<II@WCv(S-fvK_nL2Xb~_!BzK#g*{CdQ%&|aMG
z@=*nYRF4fCb9Gl918#=iJi(;aU01s&t_~X>iTheMATR`ATTpk;r8%{a5-yq9MD?EX
zguiKcR*R<_zg(>Zo0kZ2unCSqb4+htTUbnpOI~!@oj;FlGo|5NokhClOQUsT?v?L)
z(RX&L7myq7_Hn@Xart0s+84-se#u!8LQLrXox|f%Nj8fF&$ESY*N{0XY(oYZYidqz
zq(;+IY^XwldGcGzJf?3267s)usJPxH1k}nPrr~p^R0}(6q{*MqCr<iyIyOb6mE5Zv
zkEK0=9!0@9zwTo|TTbHMVU9}dTRrlDuZb2G8S2ut)T@Otz9y=D`T_3JNADtq2pPl5
z-DPEc3H71=L_*Nod`+@!2VwENp`zZ_7pqK5t}1K91qdJ9%3NRQXdc_Rt$*v}`?{p5
z!(<fq#A*x|FzkjUwUnfttmzw@Jj<8Y{dJRm-Chys8lWGrbXIt;<H1RHgV`56WSg!>
zh@_ti)UZmLC`xj0H+x$TJKB&q#RFO)L9UL^^@zIELXY^til9XW?PEiCOIyvO0$3Xb
zrIYhGqVJp_Id8cVGAGg1Ig>2xlmCq;(WVdJ`3<3hv;QKi0HJ&s_MvM#BWolOuhW!l
z?>pncx1#oq!l+-boyEi>49QQs4b)p>nb5MsgYH95X0<Df0={|y9O@~kJ2ub+^b63x
za%m+r!FVJ~63bUCA)o{aQcyq-*tqJ*xOa+*iuKE1S;IbVrwAwbCD?p{DamvuRCUb?
z^L8{3r7?9en)OM!#o47QwOhHJxSy@@zvq+1w@w$v@}Ca2Nu&Wcc_18Sm%c8rAW8%c
zT_>T-Wj*6`d8<oh`yG_Ocfr}d(-=x?bhOJ^YG-H7@9*lWokynrtRJ&lO8l@9-b)<p
zg`0o&0Z!NH=IwZozsX>;c43={f@`4=7ljO(K{}=~*uHD5&g_jEbG|$&4y@U$xMt_d
z#;yYuqp1ZdAuVmegyaveuWM|2q6>8N^@ZG)SeG{|Pj|{c+6u4;87yA)UXyz{467Yp
zFKFq}=n|;V)eS<@UeUX)D`URhedB$56M?i8P^T|&m-*YC`c_l_1I63KgqWa^>vuY=
zjY}4g@Shs8i>|?GEfAmr^#1I-k0;~nSSXB4l&=QD_uQ1TdcOA=MM)b;P+ELLb|I4^
z{27I(g#sGe$oVj%pszCD+Kl{qH9LxF<j_On(&J!4+}vV2a+^nkOq$Y-xtSk7$|1du
z+tsi+$YfFy<;_X_CYI%|Lc-k{x2_c&v#S?0n`;A#((ys%Mb>zaOLZkU9qntq9RZ!!
z1v=FAICIhgXS%=)t|c&USw@jssXY5WY1}3Csq6&$C49%L`*)_+oFouTZ|bSi|4R<}
zBn0?C92gmQ0EMY72&c@zwj>H*m&Kq6-d!$Y;^9Sj?q9Lb%+5;Z7E@4ATz0aOidk8q
z0qSV>tF`g3=v;u*)Kq-}bd{%~oW$maeCKnd^||~(Mj;Fm`!+>SLPC<ni;s^lLN1xj
z50sb(e{FEwu+#$Ccdm0=zG?;rU|sbBli~niFaYeF(Q}j^bDq#l6p?Aq=X>+-x;oe(
z7ja{N`CvyoMmcj-b%lF8f)Q=Xj>BiahfD_Z7svX(^MNR;L8G*fWBVxA0_$3)w-0N5
zN0CUirG=vkfdd=pF`|qOeaG@D5*Llm9KKkd{R(2Uolsnzdc3L>rJnb3b7jUH8Fb<p
zbGR;liu^%HNN9@DVmm}43;D&%pU}CFKPAu5Bx?~Nc3|75YFHf<2`d(uY!N9Hu?~20
zI1pAJDaid&q3-QjO*<7T!7AzgYALK*_6r*dD$}0GjVYT_!dZTRhI1m7;hqTTXS2mh
zR^E9xNg@Y2c}X==@N4Z+S>4H8lJe^cw$>+F%wtqIE$2QMwYxhTCeB3z`7jo%9}QO?
z$yOpSA85YUgX*f~EzaVMqcNxYU=QI}opJHrja$9%))Yn~TW@VKT!<^J@8gU0*qPNu
z?gsNjy~?Xv?^?ck@chearIST0KJcM1P_x<=Tec0JI$6`bQO)(E9$iD_6A=}4u6DJs
zc%DqiBqIJDspKL2bGupHS&oKhYG~w=RqIn*CJ<5N(1#P&KnYTe=PK!q5;Ebn7geUQ
z(l9Cmr%T{7#0m?jWqsV0rw&PASeHDLkqQ1;zeHY8{Vf@m`bss93KNRQlw1=0vB*~_
zS!s1QSU0p5k7Y<qt?};K@sruF&qo4%c5H8@CC&86AtZ0#`T~rM4guEPy3J&d73-Vd
zsBrzmq*kXlYP6fJ2~*S;`ii-^3TCEUQ?=PUb{Ab^^!yfJ_}=9qj$CQZQ2S)$HWd=2
z-87{8-#HLnApljhf^xv+@0W(BD3?tSyq>dbe8aFMu4^75J@UuObe|TzMcyhYu}qeE
zqXG5V$>R1|3|fd8wLo8~q+c$ZiFkhM;l^VHl?3Z;{{%vyFNXwA!se|U9L)@Yf*AmP
zES7cUy49<!xcG-WYjaR%D65!@3wLi{pZ!j0o%T339$sGXM-DSQHopWUf(v0;fS@K`
zl~1KgO7dFMhUD@n?MFepG?*0!`n45d|GQp9iFqH_$xt@C8^q1<Ba7zFcp~@h0biW%
zlT!W1+MfKV0>vGwb2wqLs(V<NC8UngGuQk}7JjfWS^Ii8gHWSp@><?pCFHrM^7xX3
zJrzJOIQ;Iu8pRwbMF22&Cg28Iiqd5{VpW>wvS3rC5hReFAB;JDpsS?t`e^%_+sgw=
z7+|7^jHT*S6lB4`uWg-k$6u*L$<*9X)ANqw<-yG@jZGqlK7I~E=Zh&<PK<o{C+tcK
zA+%;r6n1hzpNoVc6~D3Gli8Zsh$0RKlNDd=$CUbv>nf~tgHKo7qFBfXZc=ce8efW&
zA^YEC5*}~jC|i&1ixLZ9(??^Mo4>=Sjf8c-qb9f}y@9nM>pME|A705jx0i?`INQwP
ze~vNp|Aqq#-_jA9IeYvD(RsH5UrYsrZSLgVmi+*X-S<h<HahvH#j7|g<-UMl#dr>r
zkL2#gxnlu1Xx10Dn9+rq;Fv&0RXQU%LzT}G?IG=7EKmsboV_-r1L$9mXI~X=6eUt2
z*3>wy^em`pgs$PTV76kZWwU8!Nx$}0K>0$}>W;{;m)TG+cc|tJa?{~9qR}sEApTb1
zL5IEtvHuP4I<NMNZ8;*isg#(}aM0G1f2KrMg)_KqrOQP9J?vLSqGP5la?$CxfYEok
zGA2>%nUvi>$=PX8dmA;oH5$96f}KoRfKUlysuE^>gild^=JR-ZTh-=0#`B^SoQnO=
z$flE>)8_+ce3Wi{eT%PJb(;Vj+i*XkRwy=O4cI$R9fxFpjC%=%q=and?Z+vdWdXRp
z9N{zMZ-cez-0V+JSdvO=GA5_CerOhy#@}fD77|}@#abuTkd$0h-+`#Ff8xe9yZT<V
z@(-o`54Aar5I8-uzsBSK#hlv`0qS$yv#W#iuqDZMtNsHaZW#np>5L3R?){dVK;uz}
z0et&@WlZ@ZOiu6h>(|=lhL1J2C21UOW@}%Bhez}Dilb4vy%1)XJ8txpnhc_HFYM88
z<#&sA&|(DvR89!T$;goD<Z9z<4+)kU1Mh?ze`X8w?M-~?fsNulyR~;8J{09TWyZb|
z@4KpIz(I=MR>cMMzeakCkL1haDj=;*NK5h;wOp_2`qZ?C!cKV68(qHy%Z(&74t6Wu
zEQwvzkr`X8Wy8Q8(uuRZdMRo`O(0oKXDjN>*DY_=glcS?+X5W+wGpnH5qhj}MtNN$
z9^2+TlBjr4|7ThT%g+;5)VPVVQ<cK6|A8OAoMFPR{uQ2|SMzXwcc{i?;I5k7^WJh|
zhGlPs2M&)jOku9`Ci7Yz<?bJ>05=z%4Mh5t+eex#mg+fvye(U^V|H_<Z{H~tDj=g4
z`XIB(o6_o#6mL50A^3YEpC({6-$jkrG?Y4SESX`#E8P9&^3H*HM$>X3*QQDBP_44x
zNnIrNu<|a~-`uVWJXCVKqEH}X`h!`L&Z>NtVPGW%?M+lvu6)w@HXk|WQ)SX><|Mu!
z0KBkUQ+z%f(-dZvVzF2tF2w&=u(JIUs`iq*$ruXVSfgWeDVi})`@6@_ql9w3vC{1O
zarcJ!3?>aA64v8ZK0v+phzsRRX#IVaul<~kkCc!X^}j<9z9T>?g%#&krR`s1<dxnZ
zKbY}>va;Z29gZj%*9LUq{j|pgqj1c+lWZ)$asPd40X;rQr~v9WX=&}%oT(lXdTeVn
zcJ+1BttRzzN<2TJaj5blxIf^?b<3{rI2e1A^h@pV&Dbk10rqO_*7w>GZIATdsX9z%
z-*}viO*e3I77%GEm2_7=mt}l4&e~8NN?hB(Nles7d9=DfZ(tSCy|h;qKhlPm$GJ?z
zaaygSOd8QCo$K)vLtvo6%Qe=k&}TYJp?^qGqI`=~-JwrdHlcP;B>?Y(JlF01xe>IY
z^G*1wWR;rzUbL)kD+t@(*gu?}hic2IT7m^Nep7m)xo|&TE~K#-e-<CAF%LkVA>4Uc
z5rsXBzelGh{Na>wP-X{3S<TR^Z+*2K(M{z}K6H7?`|&*=CimnuAjXfiTe-A9)?`X1
z#$MW%)Mq@wR`Ylo1gfR{JkYn-=A1r~J;xiJHS#$_qQV5N(Qq)V_~%z_Nq~Uzqn*mG
zkbjVIvrTftg`$h0%2o%r{KG8ou7E9pdq2R;u+Lf5f;EMJy_}HuZ{L%S8`o(^q!X8P
zIPNHGyV|!o;vQKfNsuNb#$-sAy-Ckd<0g$Oct2UV*uPP*$0YlM_k$dQMv=q`VHw1x
zv+&6}uW?-CaJ^4QEN{QCL90lL>`1|OC`N<B7Qg{;Fq5<ws<q)Y;WRn1?|gCfq|5r`
z=R&F(O~*poKs<zEdw6XtIFXwJDRVg<%g{f}AXq5(U7=R#?5Egtip|6w^&OBTYH_ip
zRGb7hk>&n)O+>AoEewdQJEg{91%E17VFDrw=ZKKCQ+g(CVac7YOnn;Omc=)c1yy@`
zk;<j_1RFV2EU%3|Z*nE=DfcS1Y3P8LF{8z5FKFJE`X?Pr?JlbNJuU8Wmudx=BI7@#
z|4Qs1%JnNnKyIaCSa$v*Y`zu$%6I@RJij_iy?r2E-`mVh4f+C2vLATYwy96K0WRxO
zH)0rUx%{vKmmiAho|ChXl8zJTe#9Pq%>raLG%~5oF9dgVneG-8cDwwFoE)D>AM7UT
z<|FjZdtjwJo8)6De`c|q8ickbA+JRqlI%Y+%2z$iQBHfYi}K<nP9eS8D8bi^+)^~j
zI7NRc7Q$i>h-Sn)en1hHL?lP9ZY+b(POj8NzBrJbmx<dM$GoYg+?5fA-Ol>D>{*2>
z7PWSb0omuGM$uAM<6)?LQc&c+l$;p)jDUxV1}1f6e8-GR_)n={XOxA7YHGMaUB4@u
zp1toh$VDrSiM5VE_LYlP18b^o;XDiV$xZ!uW}H&8T#qP3{64$q1A}I&NE{ocpr(g}
zX6)PqZPcxl+T6g<{9fc2+#wPfQTd_QerEa6x0bVO&R*6F0#DDsc>cQ;C)4Kq;2cNL
zSpAdY<O-ZSlI`+({y5M%Z^lY*V0pj*xwX&0%*VQ0vE9nry^0HlDHDwT!zQ{?Ua08!
z(n|W%QY`6SzjJB%-z>ZTSW;kN4<A<5%MrxK@aHf0)c;CjAywzJWCVaZaLc1l;{ere
zpAL8q+;ItA2!MXjt9Idlplz6vGgXU(r^`7f;?QkvBb*|u)r6B=iVW?()e9sg>AjKe
z$Nca4Lv5Q6*-?#NIs$)#RADra!GK-}k<v`eVy87_f|1Pr8T94@c~|}e6A<4eMC-Nw
zp@V?F$WA5)5J;0~6lYtxQ##UCCu(0hlKs8W|9&2jWed1pqRT9Q#|`8S{7)K&6G3~Q
z{DGkh07$g$09jVY*RM}Q9s|EaERJuK7VK^IAGH_D{wxcbdFKVKdp_}E&u1v;(SIz_
z|76Y>QUhxRRBj#m2gn!#lAJ<c6V~9$wf9xoX`Dv@4{?2X$b7?DP85(`lrwE;@ZazC
zKw`Fj7%<VGb--V+q|5IixlUoE2N`5+pI-6eVL0XTfS0S!DY*2IANn3SMl<Ta=2|`^
zYb89u;568swtsWs+Sq{mCuORl0$|-3$8(UdD}dGkcKVPa^D_xx)6)FewDhc7>`hzY
zz|h=RODcx`gNpedd3(fwg*14yI`Q|4C0XFVs2+|^QX#P_H!@G-1Fs9F1SBZkbk^G#
zK+=WJt^Ymm=zpg1U;p^8-aC+4_CJ6SaJ>31KhV~Q<pjHRfWfEG^z8h*|NkHJ+I9ns
z^|*!4IP&i$ZKVI80g}dH&0HPuKX08a17z&bcbH84P2u||LHB=))FYJ37r+gCI3|ec
z|0Q)mR`dgC1(0oojsyL)o+Gh})GzW$0Aogf$fA5g*ZHgoNLGAC7bpJDPW~&6e-!J(
zPhX0M1xLU@|7&A@#>e~vgaIP7-is3sa)MPB1Mev;*@gl2vQ!}s>&BE(P#U?`&{W;G
z_cjjvk0Jl(d`bm=K7x~h(S`WEbQu5clY0NpM|XhbJU>lK<u(Dcx`jJGu6I1D_!oe$
zf_RB;Rpws-M3SwT=&SxEZ2#|7|IN5LWcriOTx~Xh<|+O+3_Xa!wy>C5_=5<di3vp*
zPk+dpUf_LXc4O_8aRNhHViEx<KU_M9#RdvYEe(Xl01QI_{*Vg%4=46N2Gqub@@nz^
z=wi5qua)>uPU>ec7VsRn&8bvK*FE~9NB8$%Kjpgr(^z3Q^_ds0=FELMh8Pwg^B8id
z&D0d1omAdRzRoHr3E63cA2eQXzw6T-)}No4cfRm;y_na6ITHopSTHodrfil)Z^kC~
z9abZ+zIRvRO=w`gSoq%HXtob05nfZ`TjyJJ+)w$=*Lssu@7J*pqksD2%5mdk=@=nr
zQ2R`FFZm+`atwEbZGK{RdBeAy*yeMb>hBITEMz&gu$`Yg#(4C9e1<VpPQY&HrM`ZO
zf3Nw(`<Sam07^)aoSvR8ZGVf7z={kN+ZU1np702P7NgC-1_dKZQWOEh4N2k)^23Aw
z>j%RbaU79tL0npYEKBUqCF}~K;Rh98KO=#N$q)UWL9};n3Rsape^x|ZYM-Hffw^uf
zx`ey_B5d3D5%TB%`uU8GV2SVw$eC|zr}*c6=^x&A+-u(Shd+M2`S`s1Hw;A4M~MC8
zpPyNA&{IZ=B9b4XN+55%ef044fBBGKBNw0;LIWdOY9+(}{GC$SaM!AtnQLXXRhO|(
zeYGh!U^asd8A^Uw`IhGk3NV}sg-7U<6?4~<6C?<%JKEXQ|K}8!qdn$&9Ck76Vu3mJ
z_+OKSp$NQEWi3~Q1QjA^@|-vJDFQd$aFZ*U$I_i@Y)tYFY_zusHA%#dR54u`Xiu4f
zoc4&c#NR9+@ft;RDL0)&&F{a?4)En?b>NEi@p%9FKU1zm{>V3>rWDZ^|9_rDtD-#>
zo(8@P$Y4(4+EGsubXOZb!W`jwj0~L0?W&Hz4NO>+*Pi|#>-q@cU-!h;MdAMQ7QAtf
zfP2>x$D4m?>zg4B92ITrLhK52kK=dQRR9?8xt*c-H#MBBtdTA7y#p05FX-V4SDa~o
z;yw?H5+dy*UoAtapbsg)O}btkhn6>eeVOn*Ha>PZ!N7}D?W@#SpvEgo|Nm>eZO(uk
zW-|Vj7SU5ol~vEviIQ`|c7I^RH5V8uNWQNq5ASa7b8>P%dR(n16f`zAPA0kT&BT#<
z?y`r37K>xk`N#mRdCItim9FW4=>l`}8j}LE5mvG5qprL?T9e%WaiA!!+R98-hJa9!
zOzi`$M44V4i^;~C8ax(<-|6sCT)K#zSXmFkzlm2{8RDmVGg!Q@emjQf{fn>B-m4k#
z-C6E(CXc`3mc}iq_*Wbs_JtI}!%j0Q9m;Oura7EHxc?lDg>5l61y+}obeAZ(UGhh%
zoZCqA<Ssb&Jl~bgmKLFu0NKCo1lkI5;^N|t0R0t!XeLtuX9WfdAezIyQ4m19u4g|(
z>@Olcg4ER1w|e9HIQOz;A4`_cjE3dGey`g#$&TfTW#}y~TGXv3uxO42uXfKxxbL6t
z&!+P`55@!*7ZsUzjsJ2w+twU1pW+D?m69^1$SdA5=njcYie;<}#zO%3Yvc8@c_o8e
zl`$*A6_mO~cp5@R6?cNRIeEFNy1Gw_)ae$&)sIGg<mpEe<(jEjS|;h;`MUHfrRMbZ
zCJCE!HZw3*={Oc?v8qN?)IVilX!mv?vzVe6D(I1pB+jyel_BBcM|H@Ps|sH53|Q~i
zeH)Elbvjy+Y~A?b+!1yoQe0-RY-DKCqSSh?K12p9)6dP8eyJBcXr{B-DqO+)JA+^^
zztlSCfQ(ANB_65vtth4nb{nAdf`A%5e-<D`8CZcqh^#r+=QcD1$gszABY)9EWWlR(
zj`2oCBEGG=g~f&NpdLmIU;OONv3&G!Vs};=TH0rddC*(vA=Wvt6tLjscK*#W|DdPH
zz$PUFg~sb}UY2FP@qco2F;bZ;FV@>{er<@_<b9|g8<&c$puz9m7-kB-wlB30eAz0k
zAUKIE$Gg(6oHsVjVP>i5AH#)s+~kxS7WSM%qh1c6roBMz8*V~6$onqFsVX~`uYk%B
zu1~d9*s8x{gx^%@s5@fg`aJ%3$@`YD^ZjWP{4u5qs>$uedRg^t82C{x+HyXG&15t%
z4@G33_)SVuo%wR{tJZF}=W7+;{6|iUzI~wD&!x>;z+GSGG@g;(W)t=&|CX>A;Bmf>
zEuoNwLKcR*(#H6<a{?O$24M3w2UD_MLw4uMhV66H8fp$52Unj`**xye*3TH<KQHNr
zZC!x3uYkI|9QL=oj3ZY}XmA)EUN<r4j87VF_$k~tr|)9T*Bis|k3t_I`@0j!f!%Q=
z<Y9^PUJ>>9WGm?sUrS|5h!)&iV7qBl^8^v5h=GRKp-e96w(qtQsH|4?o0*dKc$Df8
zH9+CVS0JGMj4WrcgR#Fij&U>9^^Q>PxFEc^?1u}`7yOVoI&I{q$x0^NGpP9y66&&2
zLSmxCbm`2~H$R;3h97@${k$%%AC+zW1c4R)!lSQk_RFKXymaqc^Tz;J0!z(QYV4VM
zVv->Wtt}e@1W2k<P4|Jnrl9bRAQqM|@M_^rEWwn<sP{g^ps4N31FFf5<)Hf~?>bx~
zrq?c?jT<DB&MqJtdHd1FZ>Ot3NasBlpJ=rDgt!9jIuH?9Tg{D*B{rZ4+Y|YAD$eM2
zZD_FjjHI_xsMLo^tcajoObj=IhWo1PYg|E_n=Yqoc)G`3d1xCjtu5X{ulmBO(;>H1
z-uJJzj=kC2*&mK|B{%f&NrZn6e&mSHgp2;6BtjKS?P#RXtbCqq+6X!fizuynB+#7b
z3nH#8Es#%uQu^y`GNBVE85@_2d8z{W1cYUR+zRcoyq8DOkwDIW7N4W3=lWQMv9!mM
zuj=t7P$hb+&G(5@A9I}=2t>+dw~#UzY_&L;Dq!9fM&PvEfdn~yM_PX3&&7%sJ6{xT
zUiX}by2;f#7fmzHw!2#3U9P-Rnev{1>j<9y&N=A^S50OYSklxo9mU}&?DN^rk2eK@
zq?wJ*J90xIWXj1{qsLOfGFa6l85ZL8T`?u{<WGLoDtn)KvN1G47^r-F!7JPnf#C>3
zeT9!{i!sd6zITe!LR15z`!tr<UCZOEolYK-d%dw%oAtI1=4K_JqbsM!Z5InFt!`e~
zo#vnj7oVw4n}rHeMcT~_=UVabs5<6$M`z#~xl7T+^CW@d(9l645}WBqN6wvUX*}`M
zyEAawUYiMB)9SS<Ne!PnD5JWM3#!>L$6de}sldj7eDoybprzVn_MC*iHRE>!tr`NW
zY2L-%(DqJ3>MW1;Y>Ll)ewxTG<)PU9i`tE8p0tIXNC=_i^&R`@`i+sFF?j~<=e=7}
z!cxS4PGk&1z~l*x@4c$fS;FnUUurM*J<-GFdgMz_jv*VBfQ!Itn^m`X=WktT=W{ZW
zp<4pLz^7yBcVRO@G)&$B%zCxMp{#cud*c~z>qZ=hgy<r}$?hM&AoZfFIjlf@f!2C=
zyCE{NKi@Pzs@Gr)d$zN-hSO^^o92e#_ak>ZH1?Bs6Sr?d+*UOLWE8tQCp^stmZ8d@
zo5vL!=xV#DFo93SxOq}NROF2eJ&oEQF621d;}NA@s5Rm6uKA!ZLqMQNX8pm^F94}n
zolY5<n_wlt_j4MGZNBoM1^aekE4NT>Gs@3vL{+8<k=BfF9;e&P0*^hF1idyhTmz9$
zqDY&s>m_K@719Y~$+fMb(@rtmfUv^s{(QcOGnR<?vf<frZ~YySRnslY%FSZc?;A2%
z--HF-spacj*ttxu<Dab)(<X1Hmvz5QW47oN)dCK4x;nQZ(8iMm^wCt=K_=C&rzU@`
z4#1`=IGQg!->D&z=j`xLSZMKgBFErHh{AH8)?7M+-NTCysa2@<jg;R2=T&A%ubkyX
z5pHf?Ua!mL<to8xB>48n1g);GR=}a)x9DiG_4Re9m7gebatb+k%zARHhAD=C<~rRj
zHhynWx=_C3@BFq76g^U71uMAhd0T`<N;Koj@XgH<+fC=Y664|VMryJD;b9!Lpmzn_
z)5W%`(cMO!6gcUV#1x^Qww28kuovzJzs5$5oVMfT(Q2QfLUpVAu_$L;ghN+pNJ4Av
z&fFu=fB&w{+f8}zp4RMdy;$4H$m02CRra3W-Z^LEdyUn*UYh5cKW%x=a&RiBr}>t3
ztcwq|R|yEYttF838+(7;TpZ*YcS_G^9r8u|Aid_cog+tVX6}3w%x5&c`de(=J*v02
z*L-$zV1<8a@gzg<E5+_wXeCi_rKUN{&!1<ViH?9l!C!8d&cA!j#3&#s5HbgmEK1iv
zz0p>Qii>03vrC$eWne7+0?!XZ`ilPqS>q}xF)l`2F_}BNOOY`25`XKXEJ|E_d{D(n
zxdjOPJ`R&eYG+Zux>+~E_Qy4sPqU@v&F22Rz<hk!n_@UsyK-Oj&Qz_wrzJHswJZ1l
z)zgw;rX@T&I(oBKU_Vw>i^V|7^I~_D*3pKjCOrYxi{00pYxWVNm3T?G|AL-oWx)bg
zM&hKn3&Z2}&R23Drx((9!?7f9zOU#W2PVP~i$SvSu4aNc(NSt=$Ykp6Ql@l9?s_&|
zGYKNdV-_MClQ*t<>iN>)HZ(Mwn4Pv32X@rxyc*EG%;98sFYNwe(g79bQh)$q(Qi_J
za^!6?WDRs>LbbSM_khFR412=gbhLU#f;0@mlC{b}nOw#1E=j18Lp?)kSEN~q1-r>K
zpWVGx@LYb&FC-)mdUAE?zARL_c4<FTQzZjZ)_f06kGj0G>VBu(gfM>(<Q9H`_deyg
zEQX$XZIg)XIo#*Ne9mrFliNZek+(wYpO)HMz9lq5N`+Duz~Kw6gbjBV4ci3w{q;Uc
z6F$IZ;nZ!ZWiEe#uuS`)o32Uu=gy?>{<?t};fUjxq~XrRrAioXZ<jRn?%Vh<f?oN`
z1VMM{54XqiBQXq`X=gud45pqoEyCmFetzT%j2Fu}>mq8+GaX1$1xi`sSlG<#Qi%<t
zLV5SE&vv%%?+zek)#8CKv%AT_@0F5{9ZZIVZ%%^Tk1B!PlCa;LD_!D$bJ4T@Dkk8P
z^3{WGa(g4gJhCajlv{JPnfXM+r6}*<Q+iMh;B9O&5Bg<#9zb-qYjV~QnG*#BaumYy
z&~w?i+OxEl;{KRCt5rQQbn+GpyWfR}j@sAOJ`%DYKXw;dhfAJpj2^9ayN%&qpSK3^
z2L&s?yt&xRT{rMq=I<uD2s&j#<)cGnPWKU<-y=TYv|I4oC+2@oYEb9GwTF>~Z&Poz
zIj`2=c_!jhGF1aj<bIiM9LbxT#XRub^(BE4(>5x1xio35I8imWSKv$1j6wISnK6f^
zqM{ICz3R_OXcY;N;f%N9gn}OnFgRhz=|Zc!^HqWGN-swb5NpkD4KKncTk|pQ*7Xgd
zEq`3sRC^cKiGH(bSRKq1V~e60NILuVyg{L=awP0L5=TTcux#E_B~zP_RVhfk+E;Q?
zAf#3u<P+XDlit=>0N2ss8$bA++<7tW{fo^6Ep#BB3A6@F#tzlFMz0Tu7K$fU-_l7L
zTD-Abele~U<OKJg#_45mK2uguh!zo3F?lc%g97;b=5hO4ayY~ccL=nd+ToP%-$shc
zTZN{bM&Y?_*@%?6?r_^|#rxLDA`<bG<d@Ai_0jCFJsu#tBZcTy$vILBCTF5T!@@)W
zN=V4(sGS7NJMWuCrhP?zSq?nblmi-4t@ESGLg+1dAYYX*<`DM&>ZdBx0gE=~C$HD9
z(IYkZ&)h+`yoN^|NGsh^Jn?-R8`bGi7%~sWRNq-2)7?xhvdL`ErN!D!zBT7Dd|5DT
z3X&#rivoSq>AK2de?NG^?L{VhGZwiX$sW5WC6fBjo_Kxk(JjJJmM%4;JWU2PYRq0Q
z_5eJJ63RcDVus-*{j<ORMOH9id}S9ZwT~k`IC*|sbU{xLFewacdio*|AiycD$LVou
z{tLYFGx&5laCLrWC0@@q^A7%OI8QOzd~1~TeVRx$0xRAZ_@?xb3_57$r^wCp&}M|d
z(>`&a7Rt+k@7PIh;>ih7Hci6Xbv=W**d6kNnn%ShFLf(4Y)GLc3R?L}Bp<ZG6Elk{
z=XPL6IvrIiQmYE?Q1d>mvc^{ytoeBXZH%Y!t0oR^mEk{%;`%Ix%2Fvzj5xjN0}4^_
znh_u_djiPlI$X}0>v^b=q_-q!)Q2mVrMh*Qde7!rVk#3j(%L>8F+Dr?vfudj!J$db
z4f*@ouWk?}dKDt565}ZUz1sjU?HAB4I};<FUeHkVdLc)?^4RWovSfycP4J26GJA0_
zgRaLxksi<6{VKx&4q`s9MD3oO7nXjJk?cICZo8YRMc8D@rAV{X6j`gEDyw6E52db~
zfGu?iUyyKj(3HK#vuK#d+MdiM-r9Skm}eFR>s^;$uhjvEO{SBHNiW=U@m+OOW_=e%
z^kE_-JX<m+2qfrFUS;9c!2VdIlvxX=zN#45_4U2^jOCij@2*zsY^0WjfxD*W<)yF5
zHR7{C3JseXBHh?;xbP{W6HIa7Wfk0FHycc_8Jp>ZM+$jbJPGaCZ#Z}?2Tf}cb5js<
z-lnFZ9?$MK{mya&KWmkN8R+2)%}Q-ADhI91xE5fxKGi#ql_irq@M`Zu=Sm~>jjw$!
zv_<v$@Xe^td%HbEfklp!i`BzS@yhTiBGOQ0jZ3eij&jfAQN}|fBKO<n1J=;$)y~Tw
z3w#q7Gq6kJ)9WD<!e$?W<wb>{ZXK_V4+m-UE7#Y#bCY+nGBO#@q`~^2Zm)1vL1B@@
znm`&>CD*q>6<5-anS6S2M8wo!%EGmu7KkB7dV24u5kXS>_q(6qZ(>?&nf>Ou`F*6W
z?}iHC+gCpl+CrPf!s|DLuSm?&mbG1`w&1W$cyZJYSzU0{(NNe<e$=_~4d9HJS9_H`
zK|t146jgjQdnQypA*e$77ul0|0@$$9;`(BR;yym4oky(zs=0haU`>ywL##DF+-do&
z{1s2g6W?!uGc7sZ<Z9=!S7RV&3p9Mo1M2%EaEGpoBOsNw?ewv>#-_Cjj?H;r%%6^{
z-_xKgrwgavok74JQWYN!^aGh+_lr`rqe2Bk%lT6o(gQHv^=+dO;>Pmjwt6z*+ZqZ!
zVoSKXRVQEOo`|Wa86e98j3kLM;Uww=A~bIN>@9z0=}vWQCJ!VK1KA#(vUVj;h#?{<
zW&gL{Gu7l;u0FwI2R{QFZ8|!M0|NJS?fufs{v;t4z+uc{ma<KLeaP>#`-=I>I@1cJ
zN1_5ckFmU5oT+^tAzn{6Wk)6`!30TU?n^&i=G8IH5Sc*{K0mBE4IR?&Tdsh+Mgq><
z^EaNq=|CW;TW~_M$9Z(8n@9V~FN<@Z$$EQizKZ@8jB^iyvW)yY{{uqW1SQjCH-y`t
z!K=2vkARx_WiUGcw{mD;v_afM{GN6m$ti*-T`3bSK2lp+?K4lPbw(Jx-m*{N-fFd&
z@SyRVZ_e|TQcpe-Fga*5BbLhj?CdjJpn;|p9UMjv;f+Q8c&2}T_|@}T2sQ>o7M!j^
zMiX?$`u>B7;_mcR4tMKX{>SrMcD4JvC$_mRB>Z1A_z^)A%c!rWWp3<$r(y4MbXFcQ
zMQcz%0HgkVo7wehrVCd8=_wTggenkyWRxbo$p@pIls_=^NZK3h9WFA{xY=+=^dQee
z7nT>`J&LWX=mf{K>k$c9jq*fsxOUPJunN8N1IgT@rWMbtxeu`t=IypA(2vwo`r=va
zQ{zdM0^HsOSL@skl3v~h$N&iEG}bOWoutgb^!TEaa+v*MM|yMBEa%`pYz9#JUMSG1
zViHz?fe&?;QO_6kv@ui0{~AE{di8Z+^9wuE_afeBfrhh@W59M8F~4frjx;96utl)E
z8+v_^`D5V8)nBhcloJEMB00xtV);dvkkCPyr}#gS9`_+@Gw-j2Opo~E&z>EC@1@<O
zEqarWb8kqOeLr68&v#hCq;vs_vEcrdG+^q}EdcEi@ZrY^t<kbT*H_tt<_n%7Yo=+}
zUjLd2G3Ms=La9FU=+}Z5)$vW9uD1Dd%gc=MPY^+wH9qfLULNHjJu{F;ecC%<el2?C
znWlx!1hvNZTr6N_de6pVNUTKGi{=tx00Cv;WF1Pdg^IiBbWe&M#(}-Bn)Qvo&vO-f
zDeot~K0M}nT$=i58pu$1Qa^C<=JR{>?6*URbuNAfF<a{MKOb91x}adE3I3M-Xj8uz
zA&{FN*BgSG#J)$xicT@jSGrldL&})oRV#z+^wJ_Gxv@0=t^w$H-ZpC~*miZ@5{`k8
z??mC$=yml*G5yUi`HZ|&^0BeIsNXy*3peya+3Xc<hDinK$3FRld1ePKH7q0M<38&`
z!2#g@1U@VAKadGTuv#-{m&d0D<f-dHW;Mg9&a}fcs+_t@^L5?i*-dcnFz+Q+0brxs
z#*I{Dx3qd}56O?^y}yv?l{5=ASsHh!-GP;1_D!apRc=nPpO<a#OAatb`#$jy{A3Y2
z76UqaOWJx#XllYX>SLYn;&oK>oJ!fRDnZO=xoaU+TLNd$P+|$Nt=RA0gGF+z$5F?<
z!bKQJ!P|f2cOBB)a(&E}qn~y(7MbtvP3IU;XLv^nW6EzD*tyQv|LWFRnOkjlK+624
z&L$rP`bX{R86!4im+4D&E3>d*U4W(bw1&vi5LovvqMJttF-4RPp>@bu_B|th-aZxL
z_go(LMe8MIx9t3P1kFCzmUI6_MiHh?d|2n!DZ&2)D|`<h0P{<^a<f70EKCGe&vONB
z+%ZH-ihZLc7hE@7JeOR$G&eupI@`So)(4la-4BV==k}TH2H^Vx%=h7`ihFy3Aps%J
z^BjPJ=Il<4z{)BJdUlFhR-%;u{9w2t^s>{-yTaNGcaH@%JyAT)>_Qm`Cs|SKu{z*0
zCrWpBI)F0~v$w=whprZ(#2b!YC5ax#vBcu<GI;luSU0W?QaD^d6NhDG6=OiBQ^_cv
zWrsWs#_?^T0qnb6p>(=6nQwo5b?{4#+?!LCu+oBzr*S*$0m5nJw?0afB-rjPXuMik
z`DN*Fkg$EZv8LFf`y6N%C~|oS%MJWy+}T;}wk%lZ2>p>ZRWHP6jk_?xje20YjOwvX
zMi-A@a$_m@yCJmx&6mS1TZ+#sOIsw86K@s2ZQ0z*oOoVF+4Zbr%FD}}-=*jj>6R&<
ze{N4>1LRDGpyqxVB0`IpbhcI*meyzB@O>94qBDuu?M>T>$K^0pWbb;97jybA3vFmu
z43MF1GcRUP>S~b1IeM1xmEh92`fes`kNj|$YIt<=t+EHrn;;;xVt!*mH>Cx6Pa!z5
zJG}C3RyS(+=aF%<L<$JyIq@*#VPlTt?MPD5#<d;Lg)0_pT=9JG5c8tf(k+60W}U!&
zdb*)Xc;X#T!5$uSmHDB*xXF8i)jDo$0k8XMQlSfQ${@>m6*I$^4uf2j^|8%Mf~^~o
z?DOIc^wKs)$=hM$pJyiNI$==5ee10kyf|f2EBuA`gw0?s4>$+^UBK!!f!qy%SpgbR
z>Y8uV?=$ED*F|7$MvQv-*9P8|1~B&XDkdmi#WU8I+F7c%SvZdoMahp5DQWgsl4doR
za&_1B7O(M~x71{&jkb!PlEO-WekEf>cH==cyuyf}kR<o?cW5=I@!ecytk4hDJF%>c
z23~9AsSH9NNRb17Bl>C`z5p;?nQT%I2`1K8%Ih0LW8Gu<i0RrtIg^BQI?ANqVKXsV
z&s2G8mFieyEx5Y9?iQs0glz_TeM%%sBH-*oVw8+Gm@ZFaWWfM#XYx&GrD1S)r%sdj
zt&&W~4n7ZXcn=6y(o%6rNi1osV4u|jG~m5yROC$(IVpUTCl@(T$gM)AhhrQQp@?{y
zAjltLaOv5_Qwhnxdk?Bh_E7r(6#d$Cw)zrOS|Igvve;E*JH^0J$N>6Dn1oSy+axWC
zd~6obefhnt!XB~0dYp^JKDy}EEr=k7=7n>uEqL64$+vD_(JlANgaqjNQt>^K9NGT0
zrv}~Hyy*F}qSjhb0c7e^<mzhY;TYj)1lH`m{8U4O+EX+NiTUDAiaLP}e3ei<=Jj*n
zxSdv8%5}XRdG~JU%-{$HfDHckJ<nQb)0l}+F|TQo_}#PQ!^&`Bw%V-#?Q6cIw9G15
zvbXdLo!mL{Pcf78nLIHywMr`#BS4Nqy3<`Q@2W^V4(=&UT6Jz4_A{RXoo*u1qgw7c
zEL+ckNWjN73T9?S52m#}MFX1*=477ZJd<|We_4(rI|do&=)dneH_yhZjK7Tf`0k=#
zz_Uk=g?1vmG0OcuCq4Sw)`vPn|KzVMl~81Kxmw9pDZf5^I9t!R!po_Dqe!UDbsp}q
z9FDqtBNg%(F8}Z&I6>zl1e^GwIOGhaV9ck_ZSqEJXOW=xxQVU$(dh;o`eu9et<HSF
z3o@b{@NNJ)3-eNQ01ld6fs*^xc$2cocf(L^RF|=?7wvR-?BRLnh2=X@6NsVb_@^Gn
zBY7z6NKM?S?-V+_{lB03we65r;MnJB%S|S>$<MyLtMx{)zU`cF1Vlz8;m3vOg9*dO
z?$fx7bEFn3C@Z|3ITFhRWv?_N!_)KdFk7vbqU#w)e6fK`|HVI@VR6xwW(uW9wD!c^
z;QSebh)Rp^=(8m9=dr?bXXqNOq8m@9$qMdfZmDR#4bNmqXP9t$SEE6zy*ippVE{;Z
zB&|m#1OuPJM}Du`&BD$YU-|mC-j3UswrMkts`p7B*Pm2q^H+-n6$m}?{0=o)viX@N
z_5=wTihzj<hkm~mXHAtkGXSr;W(W>oxgjwG4&7Yey{a(~0$(zuxAFkUZAPfkl?9{!
z!bXBjSgX{5K{)6hp$5!$!75dj-f}HTzlYy*_i0gtka<xHZvPyy<G~9MU&6H=?IHVT
z8L5C}+>xu6mVJPVOd`{e8I96Jb2|0s9s#G%`r4WdM4wU1gSGH%Ek=1H2$SmL{dc|-
zbq~M{TH{6pVfhz=OYkhWm?N86)^Qi8zdUx{RG60K_xhAxNSu;HfCy@@n>)m$DzuNG
zRg*dX6;?PJs&!Z>%XDVU<V|l<Sa0dq`4R!r0=LV2Ng}{7M%|5c@>|6s7_97p;r5;C
zaK(h(b+2gNU+>qE@lSch0LIPlOIo!Bznm5}auKkxW7dwdp{*t-w96<)LUtZV+1MW~
z{b<#0HLmVxgZxu7My<dZ$IYKTiIHQ4hY>$yoGzEON;``!y!Z&txVAzI`-xap>$Ly~
zcB)LqIR}6HJ}Bu(C?6Gi3To|NS}a$kYP@Js#kyM-f3_7mgs<**`54plZfyhgT(tLs
zJ&i)Rg=OAx5#C{}8qVXD#w0{NYSo;R7eW&);9RD|{Rn|o*{|z-;5Vc@NfdT3>YhY%
zIC=wTw`}#eGh~OgKe;h+*4gdp5O}$(={6B!;xJnzl8OAKnp@K77BD3&Pp|O{;7`KA
z{mKVt>V2Rl61f|sN|CvXNU1*9B+)FnAuhmbc<!5^`BU}fUzhGnIskI~Fo<rJYr_i1
zaGNfc?np|cIb2g8QUM^I%`b^=-UoIEAqL0^dV?JR?6G+JTakf@DOTPDdiC4R9LTn`
zeeX8i6-ZX5b8dEhx^)Tx!`0IQ+xlL_ycY04(t4L~HAfwz`@1^cd7-XJ#?710P7a=$
zh5{^ejiHCf)9_dBtzlj(m-ZFa85dtbHhct%26_uMsetzeKutij9xK#|_wYFWtaH>F
zD!9Z)A(%uZ_(s2FcQ%=n!^{Qf#G0*~r+ijq`8RTVTn|A}<9e&6udhg^NPH02;seLo
zLJ3ipSjP%C04pd-6$e|eKEfkqqde^G9kfSjtWVvZkjJ=?vdNV>93vR}cz>vgo4qH(
z-*G#RIC5m%Z9d}H0MhKol?T6o?zy<nZD55z-9y)CNq9^83`YcfUUj+LqKe+DAy8|F
z-xpTq&_|(i1;|V?JHJcVq=DW?YTCq_^%IwV6lfV3e0pw>jlG+88@?}~v}AI4ZGv~-
zbkM9EqE`04K@9L;Wtg77`qWoi$v0UBk`!>YzOYP+*O_+eP8DCX2P4dj$}?GU)cm+e
z-$Ri!#FV`O1f^8IeAc%MB6{@-&yC;~*z1e1lV_gC&8}-tViRMjix2GF_e8Bv(_H25
z*RKiw9Q`|Yl0!g?fSa#?&c3#*KOhT_KZtxB;V;UI0&r@Op&haW?*D{QY5-u^)}}Cu
z^~D1QM!AUg;W08Y!Xo?*o&Gg@R986MRpO`q9I^|JoA)YF<Or<w&UsooBsA3GSM-nt
zP-u3%#oKdxriSs1jO}xDO!OAu8lCnTv`7(gk2B>y^-Yj4-6ksr>i+cYBx=!v=;_qY
zI?<{fJqMyw^ZY)Un*w|#*e4;+i(Kd}0)hMbF{=fDj<nN2N&C#NzoCvvoCEkTU#S%b
zU=F;0q`Wpq^+gw&LTV7RG4Ne-Z^juz{@tWo*;I|=vr?U!j(ld<Ilfq3Q<LCz4ajf~
zdbd0C4_KzU+4ij6XN8+}{PZR$VnP2nBFcgC_tQ+61KU6nSANsidFJdL9T)XD?EZXG
z-<S~;;TovUckP*P0ZviRJ+>jc>of!ho=b1#6y>o=Rf@iB#5Tr$`$qorpeB?#ycV2u
zbu=1VSZMK+b!OTs!>osu9w#e#;kcaDH$nAg+VO>_Aw9m|W@NtN5mTCW2Af+Cn|lf*
zIBfwa1b^_@a-4o108yxKubr(5&1doI-cag;d5oQQUzN7j$_O9}8YwQBRKvrR%B^M>
z!ydelFhCEjEasLIIUkIubGL_>$O8~zf`eX7`~?R<KX5qd&7JwhG0@WNIsO`ERy=95
zHTkygm$w0evzA0fCj5>yNhBd6l*~tx@{7lPzV-Nw2zY;2SE#OtQ%d+jFX3hX^}G)b
zuCi^K&c(?2R4CWUy!x-5zAlovZ!UxM2=h-3%KS%ew6b9$*{kW6&xQ_+*kH<WlP4Up
z=b@*6OoTy^kQGnUJD|CX<ID-?`P(*}Keng(Cra$Uj!roefHuu`yh00q;CHa1H4%j%
zJodzPyN83-qA|Llx5x57K`I@X+rjHBQ;hh^bHaC*7yb+@%@=n{Iz}t4wQS%!uj|Eo
zcqk((B8UYi&t?<%z0UVCA327aokZ3huiZ@wejSIo>T3ZZD&PpMGfZ(S<lk-|5zB~G
zNMO;ACMCXgPdScD9yx6}etw?V3b;CBHzD|d|E&bx$(SwF+~IyxTx!JE9B#xXgtt-d
z%7O>^bZI?;z#!})VQY179$;VmjwN5H$)!=LYBP|oEs4{DA+jQn_53vV#SBU`U{Yc9
zUD=GM<=ye1=eUTy>i4Cy^;Ya?q+u)1UT51Gi`?qps{GtQkh-LP>lU2SP-Uj}y&Ee`
zztJV%k0oF<;)R%Dl_xCXGxt_FfF{jUPEGFfoDGvw8f4MhAZG88S@-}5lN8X2Hda%&
z+K`k)<lSx&=>_;atc`S^_tNOY_?>UvJVn6sl>5;k5p4M|k|jm0VV2Ye-5^d^w2C}#
z^D)*dYjzSoFBQN+KU@7J{IW&RT>|jOySAs;b-^}K@6f2LO^WxlvE2x4L;%ee(xj6f
zh2ysMFAw^Ar-&p|ZqJ1fv0EYEIdSh$>7AgXJ@lM}U$yly&k1d*UR9C{j!n$$jEKK2
znF3!!=~|{J0&6L~>1_PK>BLjlp@|u<9}Ohi@bt<~An-nYt0^RQH4YLv4f|uEf^CM#
z<PL`fU2#wjQmy8iUB7nl#nvlrwZ5mzzJN$Uz%%DC$NRh)K-;P3p4~prg;V|u-n5zD
znUK%%JRqZ46hAyl6$mlk+m4%|pL+UO{ek6$3{_|kR`^S8X~TO^fd3zBZylBO)<umf
zf*?ppDjm`wN=tW2cZVX4f^;L@0@5Yj-3>~Iba!`m-~A|_^WOIz-aqd5jd8{qoWXM*
z_TIm>*Is+hHRliEEe+$ZPA{4*GYWX<EeY-JD5b2oZ9f55q^??PYpxuC$6@;t5r;X>
z+P7nwWyY2>lU~(NwAY)!IqKq+fQM4Iiq4dRmNre$AG6<^pqj433aB3k5a_P>gs#_8
zIvCBSSWW4xrc3mtE`|$?Orn5xxbAdjwst|;yfGhngr<AJR}W*1TG84p&~|Zc{()su
zwrqTIb|-vf8(z*}RR9VO=!ucF7eX`a3d++`IT6>%L$sduYNY<ywFiwW)oiX!$F$W%
z{Z$)q1A2C?d8VIR81f6Qf7-#wlXJ~%%SV3Cx3DNlu8p&{hhvjOkdgttV$}=A<fP|V
zZJ*vdQ`Ks!hpd)$Q7ifxx8zE3VG=L+=a<%o^jAJYL?eE2vrJFNP^C9W7VW}0KOS0#
zMY%6-DEg=;k-dwScGrMhWXxggBu~wweF??aKMKX#>KmxtIv6AAv{3Ow(|wIc0yiU-
z-akY}hj){$*n}dzfjPOkzD(7Y*6Uiple!-Pl5U=NDgdY^3Z3)z;$(;;+q+Fh0;;Wc
ziN=fXnXI%8E{8^U;+JrPjveC%2s8w?dpbHFBwQW~nHZK{lk^nGX>uL!3`*%%Qq)SB
zp%b@+E!=puz-(dg9=in1iO=Z`Id2a{(HKqFn^MQ4Tr=kJ@>5<d9GpA5_L|@Bs|%@L
z;;pg@PFD11g{6IepjLZ!WA%0BeC*_tes7=2yiO43u_1rzW<i-?Z+ZWPaaXA-VG^yH
zsj%!^3-`-$Di7K+&rr0smeZ8fatfk&h6!gO@-cq;5#gm)-7AxkWFf-NjFOTPN;%uS
zrN-H11gsbBrZ+!k4sCJ!9;Pe?Gt+@9LCPo{!#OgZGcr?8_mE=8DwC3+NUy;g5|4Y4
z4^F3P`KFwg`gke%^b346YNnS^>p#WuKoxi);yiH}n%|_=B0uL^8OoB28^Y+`xfR;I
zRrm5m%qh@%e>gfqI%b-(n9;wR*uNVrb7|~wGk3~N(kvV3NcUqj9@N%RJHtI4*O8Y|
z|77$N2h@$@ut99o1`)_jL9464-4=OLsdiVMC~B1e11pgb1s)WdCZnf)NkcH^|Mc)0
zLAu07YzrHygKja<t!-QeF-V>dA!_7WyFN91FOLTOnOK^F>`5Y|&2<4g@CX=s1eKeN
zqsub)#Ij`Y5wW(n&*`~R8SKu~mGWN|_pI}3cyB8PznFHYc~omuQee>aFfyuh!?N>*
zW+!#Q9+~0cID?+0LBlCMC6yTsgfgfcF4M%s^b_?#(?xy#-+Q4y*jdhg^1$lnXwh_y
zb^k_q*Aiv#BV0`FB33~hz@COrSgjEv<Dq=c&=Zd|km}k7$u<>m|8{svuxEm&9P{xT
zxhTH251Dws&kz-;*YjP8TWGm?GN^IZI-L9IFFn15iX}Gy3hG@394)k3A@Z}zZ$Hmr
zhQw)JsjBTQPv@4O+5ZHsf%>migQ1#yXnPE9MGnF=t9PDJLU#so%CtM({M>tv532=5
z$7MEj18zW1_}YWw!e<-B8Ft3&x>nD*uFcYe;*C7M))N=*ZI*Z*W~DB9j2f~J&30v?
zAV1A&D5uDQL7gZbwtfzy+37XG#bTyRC!n3g$v+f9kjO9qiOUD$m}`!j&R84cHB#RU
z4z4_qTdSK#sob6|26u|@9?!NPcfGlxVO|?vZDsBJe3%tRUhP||pfQ|rawCNI_7#HG
zC@U`N=YlChPFwS<8K+CRjGs*6YKQguFKcdbs%{TUX;DY%O3ocdD5IQ67BimBa+Ayw
z<R?D4e8A~q5UIR+X`?ALCAWn4_^pfi?@opo^J@nB8^cLR(Q5DuuL?N8;Fog4x~1@K
zBdB)~x_6)9QRX>!O}#gBNq#%R-91&;6WnaxrqyRBz?`33N?f@&=I}mffldT153k;Q
ztB4}B<*9tw+mWXt)@Fk4jf|K4?EB@9i8ABvpA$vr<Ht?a-_+>V_eq}?PO=o()a913
z#TV11n3L%(mq*lGo^GWc9O@5KI>JMt*bdJif~FLMA^w!K(Qltte-31P?~<cvGPscL
zJixH|w#U(m=EL#qwRvqt8=sb8X&ZR=56)MLT0Iz?(k>wbPt&c}{&m834{wg01J|-z
z5mFk`u<eo;(i7@DDq3-%XiwU$j@osqu0k?a2^E532(z-YlLZl0P^He83{^`~N!qHO
za~M043f!-;RwaRdf9U{vuQ=Qo4^izw(L2x;#DnG-*V{Kw^3KXBO$m3xW{n~;pwl33
z{=l_mRWhDKbh6wmogWrCGgIgKaoJ5ms{xEA!phGRO89~FSD+22Be;Qtqo{ZGKI!AR
zOZOjqxF5l7t@`?B&AV`=q2lIDP{pDVI5-@lixjt2A#RRV(c)z-7nG}27?Kan3S=1?
z=CkcFt)CUWJ-FPgD$N!Hpi^eU2tI^TE$AGCf3DnTe~?<Etk{CEs(*@K=doIuU+nWt
zjvOJ_6oUvOgZvuB+^GwFv`QO_j-f`wHkqD%&9p(?eE0R<347}6t_Wvd*ppqR$x_wB
z%^?-rds}LY_X|gS7E<xulnNJvsnm9lwRRyfyTxlU#2;LluSN4y^}=pjGw&Rh3})dn
zR7;x2YLkrOv4v~`Op!y2i)MBVzv*IySo`R0Q2aq=9m-UC8WW1$h(g9v#`yJY`*mWh
zjxPD1ARcq7Tg=edxjmX7=spDZG%vYBOxovSB`|)HyAXV(r}}0c@3wRnnR8T%VS;Yp
zH2D43UR*R(RD(00kfCon{6x+5R2*hzfn)S_6V@%(pcx*m(b@?a&#764<gO5g<A$^j
zHavF-cO}Ix5=g1Df1Z2)K8nw4DBHrIDzab^PolkSyqb{*UifsvLW84b8e8!asA0Jr
zMI8;QTn;M%k!??;h>bpbL?#1#@H0mbaoErhV-+rm{|QHA+Ceu-%!!?0?a|R=m9#_M
zXc5hmUP_`@MM5SWR;)IPKD69OH06vnkU$_mw2OW*e(GeKgOH9FIMHkRWrR=y(@L@Q
zKEiYUN9wRQJ4KN}2M32lPN!Sax6&IM)cGM7mz~IMxumWqB@q?+hC&5e3Fj(h0H=?V
zL>uMAd@YX<oU+>D1j|vNEU1;+Zi;pTsFRfD0B09s(}w;FcG|jeP|9uYF74l~-F92=
zhpmtpmr{>=Q1g&B%YA${T+0yhKNPhW*!3iG_Df=(u#gMu=%qA0<X3QDt%O(#KLf==
znH;|Pu9JlwBj$Z4j_s5$oDokYv}&waaeQ109)<E4ew;~wE)}nZu1O`Em`yN!lyg@K
z{?eg1qBUOUe0aeM52QO>kShz|58Ix;{&QU(hE$7IRUt2eIc<OQ<D<l;Z=QE5u~-&O
z+$V0r)r06STq9hok&J_NaG<+^lp@k4`FJy<@5{VR7aX~`xZ(H!=?%#x>s!XUU>b7@
z0jMa#M^B;xQ)ZodMLG?p1niw+ULBKU=RU6Gz@3<FMT8&xcYKZSpb%RIM)ckHUSen2
zHpye17Boro;et5&l_6`rnZu|K?z)TJ+ED?G^e(Tk-jb#t4q0>Ll<g}Vq+1mmEY(P3
z<NGnd;$twEwvRo8e#xurF7&d=<0zoDd1j9loq$s;kv4`vKHuQ>+e;$UyR`?)%$mS6
zO7?6>h^D1pi-x~``Q5Ygi!$rDOg){b1*hWMZ<LSCZ;jxE-a&!ogZeG8A>!ee|8wJe
z4Y~16y&3FrhdjJDyYlV7WI=pHuCSZZ21NOqAlt5!dRs~o_SFf~84YDV(Wticjc_^l
zM0?{E$OX3qT7<#<qLYCg+zCQPpAZz)A}3wfMbE+gJ468zH;2ikfu_UdAu8H%Nv+Iu
zE7CN}`A!Tag|LOiET#8yVp7>y5w@|OncV@dmr6j6gp6{}P5QS01j!S7;ZDfoS_f${
zol%VW0BV1LggO`S1ws1hz{EI|z3(B&SfK&vnuYB-^q+R_e*|5H_uY<~1=yVSiTCw)
z-%F$l8cW5MZbc!YG(tm`qE8T@u8W+dFC0bw^beOm2dJwWHkMEd=mdu<cxg@d4iWOO
z+#by}vArZ|eklpS!^OuT5B{C#oxaAE6V78&Es~o~=OmLe7cvC5zPq^u;^_Vf+<3@b
zelmOgV1@{$;DsCb5`N8v5zGZP5dH}wifd!nJ&xxv|2r2vH&z`Pov_D7VG%-?y@?sL
zx{q3nxpEoV6M~69!a+`B69|e7=93rusP#@J#v=lD3chSIg--w}HqoBnXR`n*Nc=<t
z(Nz4D{m&wx&{{3Up!wgw2baL}!~S^9#LB7>`h6RMG9fW!qCk)KOAl5q>fZSHE}UMv
zfm|Tb-YKI3$b7fR6gHXw@O3_1khEFPT=q5)2)f?pG?LwY{GX@u&kt~Pze99>IbiCp
zift5wGIFdae#8FN6Ef~%er^v$uu!ic%Cc8eXPAm$+z2`;6o38B!biWqli3g@>bJ5C
zBG8jwta+sJnhL>o?{j093?61Hh%o^Iu=c`Qu@gl?0GKUO&_?^8XZuHC<q-+kmR5(g
zJqw{7$YTTlXp@4yq^6RN*ZCQOp0FSBk3nMd2lSpc-jBc!I>TV_D9iv+`P)ciQGN+-
zOv4_!J^S;WV9VCWehE)0{)Na0TPZ(90N?2Z`A#QOqc&`?3)&RjB<?=`dm#V$Z<JpQ
zBS@KD&#L}JUN|IW>P1^q<PdTv=KH#s!+1^?j5iVHm`eXjnz<{12apWc7zUE21AZG9
zT$Ct?bp}IXy1xw_<>SNqOt;?PZRQ4a%8%|k@S7m59WTvOD3Lg9o7|NckM)OOz_+@A
z!EZMTefrjcV*9$VU;Ec-akq8;Ebs6CeER&?X){46@*MVV)o=h4UlaJIxEUQ2q<e1L
zJtOT$AJIW_1CySU1R=4*QHX^Pk`}PJwfNsq{u5~IXup?wRq?aw-P-*t7XX4o4%^oa
zSSb&|uY$;cKvI|`@ofNr*k4J&@c(nU`u7m{t(R<M{Czq}@cRYa{f=+}vggeCX&^)c
zTrJIx1;sC(cM9Z?iFnwP@BH_m3idt<=KuBiY3u*~((Ng+Ld3f|n-B0or+u=oxdFKY
zmhk`XKnc0IgBQ-Ucy&&VF(Xa=7k=Fq@2N3D1>C!j^JHzh2AT8YEk$QX&#|$Bo&roy
zB1>?(RN@K?k|eYgkA}Cqlv@-b3LDS`^67h_|8-h(mY@{~c{eG3CbaMm&1D9{<uZ_@
zs0hXli^H}>NJ^NNmk<uh({p<5d{qmM_`Sqel@hMBjxcf<Jc1`qXh32M$^xSo;BR#=
z`%eA$<M{nhAYuIIx5Sn`sZ5*XZbL&uSoWrtpaf+|Lr1~ddQavfxTnuwzVFT%DtfCQ
z!}8$;t!C}m2Qxc6yQA$7F5U}^i=J2oS&VO6EgQ_uiC;pJ^m~t|tq>V#9FfJJxccAy
zk?~taw_O_HUiW)BBne-hl+8rMoNsI8g)e9APY--Im4525w*YEQ9L7T4Pmm+YO$7B9
z>?$iuUk6}Uc?}JX97>HE>$Em}hk%8JjlO1If`Pc#CB}ilVK<Oy;>L-46%1;vl_CMj
zzc2eQ%oi;CfNtS$QD39zFOhB8FSS$dwmAhN^cBk4&Z!HJsIM=h*;YeVa`Kc^?jHUP
zL|EziOIZ2Y{{K^0iE9XYuaABZa8Y(e(=U_6Fq^9O8OEbLK^~DbAYGk=bBjEjL}B{t
zin&RHHN~KM)qJ<*-R2<w%|Xqe%Lh4Ao?XM)xw`5=NpT%NE;AeSlEmc}+P&VM_VKCZ
z!>~0^yF6OwClQ_z_x0`IWuTzrrmOX+ds^CVJXWZ4bTru8e$^ICKnJah=KiAV(G#LQ
z`i5|2OWW-Urb7nnk3nEJRqkuE{Wa^aJqN|3<VTS|s$X7kMpMIykO?(GsJ!U0_%9f6
zYve$^A|?e#r_d8q;S<#^9^6R%6`RFm><hl*9`DA~>tMxvbzabpJo+sZ@Vw~hg+iSM
zp`z>0B-HhACmOt8Xk<G*lL|6XVIx{IA~tzr+V^F{e^)l1Z66?zp;VqMwPB=fEukq`
z8s%*p51}=SCJr)L{xV`78c+~XN2n24{a#ETMR1k|k6fJR0NF2!?fE7SD-u)$nonsv
z^%NA{!wJBq+Al9FtsO<vU-UCbjdn&wzTX-x;AS!!`T~zo(^*+#y`79kF4?}V2b$HF
zyCUV<g7DVeV1+u~B4Bn$cJXjs?fn=^mr&D{QPI;QHJz#qS?P%tUtXT+(y~v#1s1ZL
z2rpg#cmWudb!~-NpUk!JWo;>%3e@OTDma`5<;n6aTT7R`)vIQ++K@KeJo!3O7}EL~
z2S_^9(;qkhn0)jc2lnkpP?J41v6O#ymlXed`xCA}s5SNm@1S!bsC#$&5-tSPC;V?#
z&ekAI`tq4%0K5Q}n}}a+E{d(WaozO^!MhZv!`R@F30v^C%Tt4)%!2d4!+zl~!>LMh
zMuR@nqp4559kys>jv^0Wk&?HzObRUZdlS-ZW}UnvXw_D%C1ag8hO&+lZ?7h|9V>0N
zF0|w0;`pjeC*|tweNmf8=V7SlFRV?W=yC?jy3GUwW0}L4!HZAC^(7-kcXbgx=5l0&
z-ueX>h$|InrfsV+_c851%efC#ploV4g!8wVMnGl?u$Z9ba^C5?<B10pQuUh>yF-@0
zW;#@lP?HkHlPaKTjb@8Tz!m59_?g)8=4b|xLXR)Bw6w^}$PiUvy-<fpyunA}xtwAK
z1_yx@np$2}RSf(BrAw1JWhwPtv{#+o^)j7{HJY6va45KKg1z?d{NBF}rmE4G7pc5a
zhy>D9pkFX<D!|H(X0v#RGXZ60RsB<=T8@v8lZst|PZ$~RqcJgNY}u~*+rt}9_N=Qb
zm5Rfn(g$uzG-b>i;HLMVCCq>P%mgxdp~ftKO8h^Mn~xlF7|OA+!ywe&om)Ti{kS%V
zAt>iPClI#~9V{v_9Y8G6mvw%4^$$vMlh}YPAQeU?ArBx1#cwUJfEAN~C<OA9i}(_x
zBqT8K>k~2(I2}5jG*|ZZxi7P(R=5+^cdPV0HsdgGHrPxARg%8;r#XDkEzp2H-3{q_
zMK+41n?(q%shIv&2MeK=6?d%0|7RlmqC(5ncYJiMiWl*$)*fO(SPt>Q;SW%3Tg1du
ze%1T`F}r_f{n6bu=C)+hVGSoj_Yb<pL#PZkFEX=pX)|?uZ-(&#0kkF}wt#qSGCm;+
z6Lc=7ouE7DIG3n99*KQn9$C(Cb>0h%S+^%dgXJe!RozDWQ-s%j$(_GRV4nP=e`pbI
zIq*_??ye1^shA;$Un?1okCo7hR8^)VYvHs3`Vu)FB5Ov6{>U0YWf2+!5Xj%swhyGv
zgeU@2A~}ryq{n$kp|TgQ-5Uo=stAKp{az0RLPBuKRTxC%+n+1b@5R69ka7m^Je_jb
z6(O3j=Szs?bYQN#++nv+qux_3HF$EpE_J)e;8cmkw%o*~>=sF$@iD`AhTc1d*_g=F
zV9PZ3O1+0ZzzPkOqQc5SOjH6*+*&g|nN~~GJTb$ms2CYpvuI!-^AA?>zg6ZG1ki{-
zz`yWX9{W?7U!py|RQ(_xcy&@R(s=-CWy5)9ipTi>*jmg<G#Z&>si7d^*G4$ryuO|f
zcG-JK6|^TCh(`7%6=bcxYz69dK+Kl~WMJ4z#It$c946kLy&=eVm$WNHs*vsq`%t(%
zoP{R!I&VVSUFaFTKcvt8yC+qrNrK@1{=Vh;04b3DVJRpm+G0MDy9D7P|0$*T-}v~i
zpdo}LfQ(vip_041o@*FbWIa>kBG>}f8=wrojwutIOkuR*&oJBD(!t2R=Qc)$^2i(u
zE%>3^Xm@ntfWvOxYQ+PII9A_*fdK=M)Q`4GxFh%fZC~Aw<-#Q&vSP)xi;dPV{7l_T
zpC=X>J{d!gJxar$X;Nu%PQOhx!3X#yS#RAFG^m0oQ+s*bzhx{h2zm?#95kQKH~c$e
z;R5FrI%6EfU)s?!PNXz9o_jz$YEz`rPq-JuZu8<A@XEt<%UN<6GP1I$rW2*Un$G8>
z&w%ktL*<mDGU<@4r<bgzs=LtF!Rq*<F)JXQtR{xmcyx@ar>K`9mU*_<6s4IE!V6pn
z>@m6iTE!DuLqHgI)4-VDpo6j$WL(j}HRX>rNEwPxYNdaVA6PojTd@|%GP5UI1ypxO
z+_#71c4qqvExMNt%b+&rGPlEfEch`^0(Zv}Wcrkd@w|5-`jUyMDSX{l$DJ5PU;90Z
zEmXTmU)$NWI@S35v}hG!6Ylv9M+n#bZG5`XpvD7+Dw*uRj(na{2&7ax(yLVmK`H25
zoF26CHp)VUVA`1L#e;==sRJbuwU?weX#k@NIjP7K&hCdtM%J{<#}nM1kz0Z{6n896
zIF_yhloN}2)a@fenL3QdEL?i6hll-8);An*Hpq1Br+_zl%T$<bkdn!^)#e{u?JxY0
zw_k{wJXfA@0|kaEj@4i9T5i~o8;m$(vhdyR<2i!d3y+2<Dq|WUtJ-vo-VEjT63zA?
zOFz>pmf3RQ?3F!efsz&Utl**SCL2?nv%1{2>Fag5`J{5~iGVebc&onXDZbwaUwSq+
zWv3h6+E7h5I9BIibJ0SlnL0EipA7(e{lx3n049=tpCp0o7MZ+p{VZUvlO02bbuf*^
zObj$NzAF+`t55FIH5BUY%Ql5I>U$YK=0BPcKgl80)(!e-UkwgrQv9W`x(8SJo48gN
zDg1*e1c8&trcLR2Gdu+RQ1a1u*w0JI0bPH2O&}e*#|$Z^Nr-nARDrD`mVa?;5T3B_
zXDLBJ7+S6R0Lgf&6onkcftfl7QR+U~yb_CLc-3-~*YO-GVx0CzsWrRxv0!H|t-~O!
z3~JpRU||f?a)K5M8cm#ebR#<qG9+j@&G&~9L%D*?8c)RO&1P$7l$aMBG4+^xQ5Ooj
z<V*G3ds&M<qJUDuKyT>DUpD4F=&9cgNmEtY$akNKgV+&C=DXuhf+P-Px)+E8t~~Pp
zeLKO6U>nI%3U)q>Wq~9z`>Xw3SdCWj7Iz{KRnDme7x01rz_=^3xQzhM1F(lB&Gt*#
zY2d)SvPV7lHd8kX6$wFa5`zDz(96%%1p*5^;4!5$r7~|DPdLo(5NA_x@4knkn;xtG
zgf(8!n?RYue|cINADo5<ykN4*WR(7TFl7>f1W&Zb7kqbexvhbw*weKvnU73v5EGL*
zdw5+pp2sLp8CDcF#)=qv(8O_HXx6gQFya5{FW8<S@>FcX4E_35pqKL$7t(kQ++*p-
zvlVjIz#G4RNX)fB<#~8iGrnt=&em$Er@rj$6jLp+XM&szAMxaHDrW4d>-N6WE$smJ
z8N;iy{f)1riPlbq?{zQ{QsqU^7r4uC7y5s|uJI|Pv5`h{*IIAKOjXcpsH@|3?oPOa
zijrT+!#jT=#e3~)d=TO?L%Cs;5YA5nwfJ#q&Y4X^k*ebDJ~BuQV;h+ae+gNhTnOd?
zAv!j<-7o%NLHMAi7!4cgFf4>TT*;k=LOkd<q<7v&Fmi`Sk>fyr!#+{07uGOXhQB-8
z(14B)j1mHWCU9<&?qRc^a1Vh=QBkb%f!?i@YhdC67(L@2hEVeD3+-u8A+fkAnFiRd
z^J_wdxDT%nU^6C9F>iacQ_mFm(rmHWuic}35;N-~;|K*+Kw+jX{|Dswr@;H?hbss?
z2FAbLW`g_hPbHEG;T(;9QNuGJ`L7^zYb+BTZjJOmY@%{l{8b0>xGa6%J922i<&O+u
z(|rvK(bRo~uIAKI_S;5afFXh|mNVFNwl)Fu1rj5x#Rnni?dsC1u1H^hmG>)9Q<`Yf
zeQ`o>UA^@jw9yj<w;T|Fz^gizvH45jxha!^xPyqk6(?bi{|uJ|g1kLPCI>1~kgUm1
z)W#k|5q={Am&%6^nOjifk5gafRbS}7ao9T8f=98nLv7;v%hLp4CE%z)YpK#v1(VS)
z7J*Qk)2*oBxV*IQ!)^BaVJZMds#YSxyF>mIjwOE-C>pdq!092hMr4``xwtB-Vjur6
zQvPS3;6P9lXib(V?LQT0H!&Ef%5(RwjQ_w5VIrSb>t^AwS-E3rl<}K_r={x#IimVH
zGgD*$4)=`I=jgA6%Nz%Qfuwq1*$N&OKE2B~TjG!dck&^A?OfAuqpW+-Z^*xd0~=9T
z<cRZpEzo9fI{DuI*?cz&^2mIue=P<;fY2W~-jM|VZwL``=J0GmW@|lx&Gh?_Dog+a
z9HG~DQ^LJ<hb?$G5-M!?dx)Xn7i(~e5ab=c^Pe{Qe<JXoAGQR+7#+%BA*A51^<n^x
z7SjQ>abID9zZWbW`LWU%gs<`h;ELaOp)#Ft0DSADH2&TG436P9NUifQaO>{uZ{!1e
zv!YN$4IKbt(3<6IJ}-fD7NIqSf3TjM>5So@16S;?Fn_%*o%|;2Ch)iKQ~w@%vj06$
zhL>{^K|t?cCS(wN%pEWQoUYm|G!P3o1jToMzkiiO$g{jy*gH;v6=Fv=!mRy|G<7tW
zb^<?*Qpc^jsl;2M@R!k-t~WrD+av>J21Ou`0d+`*?C&uh0q#9N9M;;)ABf!{7Lp)_
zR3`IL0D>I(t1JW$)D;%MZw~jG%#<Ou8fI=g`d`m86AAF7)L4)Me!Ket+djD3TvHyv
zzX8KHNR|2f>)>iR{{Jk1tLqC${tO>$@*Q)>f~Dyn`{w2z`y?HbU0op-am!QXpF)=b
ztdv!zP5swtNAdq=YhH7NAl!Xu48o*rYx{>YgBpp$R%Luv8WZv>+b00_#6rb|djKZ#
z{T_zOU!&f&2Xd6xdY9YrH*wr$DLBZt@{6Ei$Uq{1nu?8{3REw1>VTiIHk*9iVF6bg
zH>6sK@z>?-hMcDR_!GDZ?EuRE1+i}Nfcn6?utf~#*Ab$4!ty&LH6bv+Cp7GLP{$X%
z<PnVcYZlP{^c&+gosoX|r|RG%1gA7gsDPk6gdOwq3knbevuBNjkX4h`lEpwlM_z_$
z^4F^K{-@vU6tg$E#h*>e4k3N;Oo|2`{<0`6Zb+hmtjiuTK=|pNv!Xl%q2_s?s`#%t
z@qX+bZE)!I+3s#S5K^_?`^$5xWC%Q|Byagn9)x{k6=e4R=MVo+=T^gey(Vi)@!yJX
zarQ<efDn(7e#`$+Bz}*n0>ZH?N(=oVjsEL)2+8|&zv1@n;TMGu@19!#WHmxK;-bob
zXLA%=CWE==6Zam-#O7=vA>oL|mJHV9b#k=!^S=kL*ze%YQVw}`_aT9=Ak0XN1fb#D
zPy>~dUqMYH34V5UdUUii?TugQg1)@8a=}zwoc(#FH&%EsL+TI*mi#k0V4UYvh|-<G
zUtHJs{`%K&nUnt=F7Xqe3;$qZwGcA(@{J{d8-&JAuJKN>2CT5#_wQy$SBG@a@wy|q
zQicahqP%Uw0<(}u6N?ZO1373u*%7n+dxRJI@j%?sw#G{oF}yAAa%LP4urCyo6iWwH
ztB{?93@7;f9bHWPS?cb8{>TNwfW3h%Y1s9jJ_J5-Y`mghIF##}f#47nbT`re5De*m
zB^a#mkZ{pn@$hhijeb<ZFZS;!eW2ayoi6+5*mskg0WVuN+A8oJ`s;7j4IDWDs2yP7
zzIe4g4lGY{l_k6C)v-Ox1j2b5RiLq%j08w_o{56%bGlF<Jq563OMeq>GI1)`b34yj
zT5<uCd$*<BCcu$aSI*jRiv+onD>0rJ4?TjmeDb>){0wFmSPBRX4-c2E01GB1`>moj
ziWm7v5^-llJ<$v`BWJAZiD0i@moz;)gd}O~u8ZRh+1nsmN)o1M#T_;=;m%I}u6spy
zXB{CFG_Y~ZRC9j8B$gu;TTYO=NZu>h2#;>~wb3>9LsAmIx2&XOe)q;&KMCVXcx2#v
z|6f%F@R!;$EWCA%^#pC6Bl#*44yQYh)KuEXSnp%nULWam+vt^=ZYo}U{B8>z2BJ2f
zGV?T2LZdD&X6j3#>OF58jQOD;FYDYwnO?KC)t5xVdEFgMNlQCy6~MxErj6@#6Majd
zQzM8}nDVRb<sL=cpHdDMLPWa1VQ!KC#UOtT@_573Na42Yd<*;aYm~@h>rE^b6*0;4
zGYD^j4ekvl(!=ZHCFFtl*FGqAEif3j-O+>c^6~-zh5S}rT>Nd|V=Axv!+vC!vs4=W
z&ac4+6Qzc{8CHA(9LnrT;c*{8d7e}@A7(QxU}I@WiWZ+!D<XCCmP<ja3R{-Us=4e{
zjX8Fi!B@UVR-2V+8YP#??dMf`u6Q79CQ%GVQt#_ANg;P8d|J&h=xqx9wxIeX%ghmv
zYAbHLI&zZQgq_-C$jiDadZ>`Mm_uGgL4y56XtX)8+*#e`{WrwpuuYj&Yucrxg~bdB
zv^PwmQfX7Ut@N`!g5K)~$FImT1lgEOr+Dy3%Y_F6<U0*j&|G3s@U?R5bD0LquG{OJ
zvSuZ=mz}}1FP0Ozf$3izc@=glnat%#kNP?X%Ly(k?`kKVEk2SRcb$%tQP`k-I=i}~
zpV-?sFM$l6-|KOTw{UPeo0ZWHUUm*$e<*3<;Pd?yY>zz@?citE7snat(LI?7dlBYf
zi%(R2g54gIK~I1R$$8#auEB0Joh>2Fc&72)3vtuk&tD{j2#Bqu<UmiW-aH0I_|erT
z?v!k*QwP6x<rNJhU0qbfr!RSKv_pE$=q6T3O*Wk6kUK?szxbZxO#{5Amce2#WQA6>
z54;+Y#}?jbGrJ{(M0hQa#l>{e`qMK%L^>#qYINE3r$1Oh8i_^1V_U-@k3n|Ku;Is^
z$V$pxh(?H9k6v%F9B<o<{c3MM^qQfc&JT|iD=V3e-v6rhs`IJQX#NWR%|Ke0<y@mP
zoB0AX?X|A2iClw__eVZRSBE8BAIhI2+C&nZzRWCxmWPo058WU;20iqBPUr;3jb}#F
z>4@>H&H*!*lQmDC*m+XzE!dx|4|)p))kdPC8I#?7&T_Cjx0@&3YWXIp3G!Y_MxwLO
zdrt7qZ6cJ|r*B>b`MSdzw=ssNAOb~8>59W<KkrceIAT*P0>O(UCsO^-Kc8#8nYe9e
znx<I2cwVRfy=^vDT;Jp4W1v@VJclm*9K%yaIU)CESK^FAnsIv78<8qCVqv1?bAtI`
zBy6|0Ckyw@4vJDOjFws2>%<Qh+lQ?=y#eTGafSzD{fl}>C$p>7@hqRn<u7|EF4Ho0
zlDf&5(D+una@K}#qj^X3r=!L?Fp{$quN!oVGgT5zQw6)qqh)9i8}g_T@sueJFSgkk
zG`<&o2*l>$tR8~HCv&V09Wj|AU!1ZM$HF!jW~sU!n3VHrv9AB#ThHB1io1B|;^=~e
z$7MZ1z0p`7Z!pxSso6H{))06bV7<lgVr7%4d0-aX%D>xsVyf(Dc|s%GC+ZAzaIzru
zYRsPRoKkRcLGF)yn<IHC(TUD{EiJ-tKPx?_vYQ0()dOV5p02m8K&qYgZ4JP|uo|@n
z>RV5JtH<l!<PlPQ$%Alfv-QWZJpGo5w-+h1-y&#Bn$PT_Z>}<KN8+Vu$Q`c(wdAa=
zgAkesW^Oo5XU%>_t#=Nk2AWM*4+gs&$SIj6(rUh0YzzJbR+8Z6jJ&fw(+;0QQJrR1
zr%LdpIeF;y2iLu7=Bu3=N@{Ag5rgB6;f44mcCry96&2pOGOZgw)iNVm{{@29pMgaR
zn9i@Chq39ARY`NRmqZ069N)ZZ-rn9EM804$Z#kSgTmHOQTGD*VS+1{Mayon4#@%wQ
zrLk}stW|$Ph4<QGY>QarR}a#<K?u>G!XN-r7`*54fcN^<D>!s4O#@enCL$`DM(z=r
z{k}&{;LTE+@Z7Sd|HSE--mN<_mq<MOYX6;0sj9>0O?{$0cz8Kw5<SL_)T00#I$osh
zS^mfuFwW~b3T!9DkqP}@Wj&}5hlaf5h2Quo_-TzReoaha$mq(%4x<OscLS}ECQn^H
z)i<@|q|Jlr?&NDd&zf#^Yuxru4%$A<@CM47)oLHnfTkiT;xX9!tEh!xjhk6*59Qj*
zd$KMDFzj#gMDHir!`J#r#ih?Su(XBehoj`&$isQb!&Nj=%U_0T2yvA`(fwRa3~TsC
z%N|@={5Y~P$0gXB@gl*wIIh8oqFH{FGv#`X-9|=jo+<Fh6ltvC%>b>%Wz&4!TEt9z
z<^~^A-PtAOK~w?vwV9FdDe}6guWr_SGH2V`E}9bp{DVieGk6VA);sJwIX+*4JgGjy
zQ+|RKKuWtgmXlpO9(7qnMW<1(bS0B?9nJs9{3+vS{CWnrQv{G*erefDr9yZ&%tfGH
zeS~n)+i;5^$)L;pf&EdfroG+cvJbPG9E+Oi<j#B7QKo1l7zA97(1EqP&ga)UyfeGb
zm+2u}-(yDP=32T?>yLonmR>PSYU1^k%BVB2M-AC=$;!%NTp1qCG#re%4DJXc>%Tgm
zM?0!%)cwH-RrF#HyN@lpewLiSwjqmuGe~~m*3rC^d=ls;Mpp<jG}7E=tuDH!=9*lt
z9df(p_vU{bP2?0j?e4L$_$8wKzy)an{Z-vcLYni)C(N4PLrQu20hceB0JgfbX?+Z=
zgKieWBejwS^*ezR7>5Qmw`NR8WGCQriGW#0xcRvtQBCGbp~-k;spGi?fc;X=hL0)i
zOqxEQ%WG;%R!mvspoChb15>?0py60Ym>*EZfzY8RlOHlh@+PGb=3{OS!n@>EWvMiE
zds0j%bFag*;t6s$hkP?kicExl2r-GHQFz@MxEhUa4t847>~xwACSWtx&YOxF_hIyx
zUs~^G4r`iT89+osM-dXaI8w*W1AeP?>hP5Nd3NJRDLQrUV(Pwcj*@>@6YWqr-R*K4
zD6w4LKtz5;gyGr_R-&Bv8-{J&VUuq4$NpQU#qTXfRIjbLOisM1z8s+27U?uNDcOcm
zagv+X+I+OZcKqblHKUAT>r}RVFEGA*N@4ZmqgvbXHUj5GB$c1d(K!akN)F2>Io#F3
z^w?>g+u=CYgG(yLODCuJ)#24E%L9*IIoBTV(Aag)CPEWQN}{}t;-=Gzdm-WTWe_L5
zQm?;84X0Ycr=1ntd%c8CB`Kf^yz%iRet6H)b}giZ&)8mD&9`(-UV50l{nF=u&p{lA
z_2U-~AXg1R84AoO0m`0x^P;9lYr;zhWi)4Y8y)0*n3_ic1i;{M#%c97GkM_JSw)Rc
zK@Vnown59GeP~+*!Q@Te8)$~NNk*Z{H-)*~6_v!F)2lGHDfbq_KHRK~=Iiy<A8+sW
znO02ih@ovm(dAPx*j+>uh$4p$FF0FuM@43p4mph*VWF6e1@Yt})K>B~=irF>1gB(+
z-^`Zmp$4vZ?3-<~6l%av$7(J1u!KSt*xa7fE90f$Loh{62h)Jq!1vp~TMd|V^4tG-
z+5Ibq_+=S0jJ5X&s{D`ftk>1aq|2AwhVvd_W4)WYU8i87z>An!Rstu+=+;0SVfTmA
zLZD=f3ux2L2c@qcDYH=o>Vo_2S=;5&ej7o}!TMwc9p}v%a;DwkO8#3T_ej2~-TDxt
z(NHPiY)4L>A#FB!vVc|T8~Ptkw8QJlQ)$o!t3TtwO-5`j+d%l{g<g3(D62NwNzG2S
zrZ5K+AROn?CJlmJp%yvzG`E!5t=<gVMe&*!`P0o@9#If-ici4f(7fJVx0Iwg#LChZ
zn6p|jfnh@ZOmOnFB_V~icCUGQh>zynHhYVM>8D5vh_@o1;K?FYA2wDG@ws6}l5kDu
z3oez1bp9P(Z;K7Cw<GbBHa5ECwQSv|>Mt|*8p{M)&wZ7}O3IXFKSl0k9|!H_V+1vd
z3mpuE;DWvG{Sm~~=<Hdb@(hjIi=M-g*oLG!htsIH&=&jRb69lsG%hsFPdFmO9P~gl
zSGg&B^vO1mHTn6KU-rO~AN?A><37xM$5iDgk5dE+?_64B9K#@JW&qYv;oMZ}r3OS2
zXCG^G`(i&_E7sB(@#<xCQlywaZ28>iPkl4J>zrtY$0|)9^~#B@C+^&Ls+9l`#tbV=
zMuX*fjFtnbzNI`@wiraLP^U|211$C<SD8$}VWf;^i_(1BZf6`vy#1k)|D0~tubvI0
zd`zEz5WH`sAggT`DUW$Um<i>z)y$M1Z~|gWdMs|EAR8LCe@PlZP*PNkFlkv>(9O=w
z{4xooYpK9%8Z<Y&P_N_>6&2Mr^b{X;VZtWou$4%v`eZ!SRiab~q5Akr<)v0+tdhiP
zMYxEXc_<;U{p%v@UQQC4?N@+|c(FDj?gxyNYJ^&Zkx*}qs+}^h>F~=Q0arvU(7v#Y
zb@F9f!MfNZ2%l?i#Jb~HPMw*6j_XYtc~I4F9>(ayHrKXVpQ|L(=(FA^Z>fY7!yFqs
z{F9p7FDSO0jv8~vtw+nH=h|7bmG2YVfBsBLsIwQ{^#DH0sZ{fZyL(ALO2P3{)Z8cA
zFhg#Cw6=brUBpB4NI}@=u~~H%tQ87ADo}AW7gUHF{<yFzeb=$dCBYmsqo2-(+}bvp
zCQNYsaCvogu<CHtFl%qF5*TI0SE<C(&{i;%t#OBjGQ`O7sRk;2@4{Hk%-&+f)8dT%
zxs&r`I?8mokXIv1C5(~iO*Ib#mXqK)UUBnn#E>KnS{uHrpSa{;vfkv{P;|`xsMh(`
z69b-Jq#^neBBl?jhtvj=CA-p;v?_J{FC3PsO)nLrEk6|?9Sp5f+xQekWr}CuZqP(v
zzmpOmZ?@UXF@-f;JmIeotqEE#6~Q{UOl|#sDWhtH>T8l&TdX?fl%QxfCVq)LdZW>8
z@Rhi;Cw)Xkf}+NbO~Eg14+)=B5H{$mUokRTuy_4u8Mo2t3L6s4%edD{f`|2EG^Xtz
zW<ymUvHwIU8j~q9S@=v>agH8@h$Bxik?+<;V^;Fe@Ys`Q3EPy4ZH+CTIS7}V-#>D8
zPd@v2u1tYOy!}{-IKR8q@Myp#@ayqR@nYc-e%jBhtI|aKvu9;mYV|WW84(8WdX;<f
zPbYm7^HYa$PCK^TF>KR@q*C3S*kt^>g_4oeMM4zU*AFeCe;lhJ8Ayar?prB$A6uCh
zU<h}4WVB^{8kG$@lDA)uzBK4{LmQHGq_geluDI3wgv`DY9Wunq88~7xA&kbQvff!>
zylPUN^)1|3t42oMA_5bBUb(Qzr!hyo&17S`tn6L;TR4a8OFqZlDvkQ%GPTr4g93OB
z=vK!VQL}iuTPBpyp561E;W?HEmQ|I`U;74_*gY$zbLvB@g4Ru4O7gjZ4|1}g_{H&u
znXkRX94qyESKzJO!{s_7XE~=gyyMK;jXeX07K7by`cLTw^5bg^es~=(v=KeBY}<C%
zD-EYs>I0WSc~mt=u464JxdP3)G};EIO$k7LWpw2$=Bdi1XCixpyfm^A;uFb)<G89Z
zBx~#S(?l^WJ$I{gkF_lLeb1HrRPZ_G4R8zII<D5bz5jhCU0#WUV1Mc5?5(`dDoaaZ
zomPQb#fSp;wve;)eMHn5KYIFs7K>9u3)~fbv-}^$bddw;5;$f35|hkSdjN#_(4l|E
z@O^WFai6~cU_>&`y!U}WjO_XOr{-NGE(|CPt?xwz{thkgqkGh?3<uL`)0jlUpt|zZ
zj3QdC;?Z%0gYeU`<j9PXtICg^T>{E)Q-Zn3E-7Yromp=l$lTV;6GmW~45pXaS{Ee0
z<$KBEF!F}YaqRRutpDIcofYBn)_7M7Z;kmI8ar0I1A%R#hDo8zMEo1z>MbMl1UPzE
z38<TTimYG|Ma*B;Z-1|G;EjBd|EZoTDZ`QBG7)0wUVXGa80mbrBzG_rgvY*i+ThTo
z#8~haygp;$eDl>tTqNDhXgpSLfVe@&YNA~WLfd`Lt8t{1>sbT)5*3cy@BS7T4}L~Q
zVyrBCZsYFkh6?ozHrp!LMRSd-N=~bi4M?bT4839q`6;iNbgegh)KUIP-nswuP-ztN
z*nnpfJyC(fvN~pEEAzTaA-3-YRDo9AjqxkzWgiDGgd;5}&LpP(Qq$i`+jIr=XLtQJ
zJdYs;agP;L6fwjZf$G)R3IEs%?w6S}*`BNflgZdi`-^q`rJb|=MPHY|bVOBTO-IMW
z6^WzMhTC`~T-I-aWEHm;4K8WmeF^QRnlt-(x4koVjia`8=2t|aJ~Y1JQM}Ke3w5gs
znwE+ABdNONY2ck?O5|j}hgHbyPgbZoF%u7*c#it0xE;S3_GUG1bE<Z?Za02cVrn0k
zpla9Q<UHYU#^!qG@C)oYN2%f9!`3kGD}L|#A1Pu>gX$l0aUPaI8<kNXIJ18GK!Gl9
zh-Mr9?zK|I!JOP^aF5(xAa&?Mcnp_S({u`yU3((Z=?{O+iLdQTF)}0+djnk03L2JR
zKa?YW>9$O)B}}}?DJ}HH-1}(l(P<`#j8(&U;HCs+TwLwUVTXtR<sh3VuC|n=%wNdG
z#pNlx8B}FRq@3(LD7N={VunN8M0*qJv|pMF3jFXzBli&xmF(v9HsZvh)AT5tb;-d-
zwCKuFpdd+hI8E4FQTsq?EFvZ44XzquL9zPDW)8=QcIW3`uGI~4KRk0f7~VK}adu>j
z^-bOoaXgXtD4Kh2rhb<x6^EdQ_JN+>DlhaCImUb~{yh4aa=TIPH@V3XBE;AzHlO6z
zmR_)8dYsGp^yy8P55CDI4ak_JgBf<KxG2-<AM%sIvY?q5&-#Q?og<f*qIT)Ew?Q2k
z&C16VxSPm<_4v}qRf0-BPZnRO;TpaY&HSr;rN!oblW`|W*(Fk?Ii_{@1nCqb7_yaW
zQ2|By=NZ`aB^L8-vp-RaR6;4%Q|70?Aw98L$Km@<@Vz=ua8{qs4GZJ+czfcj!f}hu
zWd~d4qdImLw>9sMFQG!3wa`Pdehu=I3=xS_H;2ycDlY1Cg0yd|YS>=64aEBh7oI4!
z_=`G0Yf4}bxw6=oJ^#)}K1141p6AfDQ}Ts(Mds;>%K<j~dovG#CMouthg4fQf+O>u
z#!pa0JR**k4@`6=0=(!lknan7({~SGm7TTlS486QeIQ2t3SSf~JC}0|?-nIrZ4_4o
zT%t5$_*Tmihl04N7*pG5F*FChiOyjNoYzgjtNT2CL-jn3!wa$D7AE-l&kV+fxO0}4
z)8MK7!B^5D&1b8p>_Zw?qg@dL2Jubkt6Hx|kxSh_G%%o7Tdq^Rx|ND<_eaP)*_uJT
zJi$;=7<pZZ+TK?%YrHq%dOtUfL0|GmdLTE>6cvV2-TBDm(nXGl33aZAUuylO8R8TP
z@vC8NzjKGfJezOeRXJPUufJccpTgFiAi%@x_8$pL!6IK#c7HElKh_Gy=Nw*<irOz=
z(AQpUP4ti<8;=0Zh?NGf<Z~49=;`T+SkIWzShK8YsHt&AZVMwgNl?;zqS=G53HhF8
zn6lH*JdSWIQl|BfTNK{8>W!_qXEc%xGcM3A*y7<PFqMvNFp)07{UgmEOFrzKRs-_0
z1I#1BUZYefj8P|MV=wto3dx-dhKL5~Ijg<K`?h5^A4Up*iN(u)^7z=OsHY;pV#_NK
z+YsIM*<^jzNMhVBLB9aUY|^PfSG{IaJu*-#Xty32%8m~$*dK2ox<5o#Y}F52H0%88
zi`|mf89>hxuq+iD?r_yXOZREbsD=Cd9WkR>awY!N&g2J1cze4hET`L=Z~A(fN+Fe>
zNTCW4WK{Zc>e+W=4j5=FP$F=pT-zBv6*Tmq#%;^$86F$U@IFnOLX!IFKJL8`ep$`j
zEjY(ydO@>ys-(^kjK_d|aL{~;SlyZ=#pZI~B)>Q5_}POMUMP`!j|lHScZF_-K0DXI
zHNJK*XhML|9BJq@_rMhYmMW+@0%$+dhTQA3#b8&}16jle4<CD+&blNDYBg9RzIS34
zXF@o~&|)|sUhq?OG#8563@o!bjzPJ78FA%z{s^bO9;zUeMk&q6>VWz@TUvys+;b|_
z*-$IXkHuCYugN*k>GHy*<#qUb4Ho#?QYookva%!_22ULPgc8&z+0qEq)zF$~_Nbdm
zOUtE1I!o33OOaW2Ug-TX6=oV*XHgtOR^~ErJ(+45YimzGT3Wt~$eo(TKz_6CU#~zN
znKMl4$RnXKEZaq?lVszw>}|4la`HKb$(XXsWTsYh8*AL6i<+9H>7i5qIA~kblQ@D|
zr8)Ra8KjKbhdz?8fs7P{6cZ}A5BjcMt&AJcS~{jFS2b`{-(0yF)NCm$oIlIjW2J|l
z8%Lv9)xhdhI3n9mQ=T{`Nas_{G;HXqZ1fLyuiii)!Sq<WDA1~)lI~(-eEvM`N2D=w
zrY{=jRA&>7u2p9DCmBo(cNwBk2J=@+Io03U$Y=>LVxg&>*|Nz(QQ>LUCL9iqC_PX{
zEmfNBpJE`L%NGdvmlUoCH_T`Ik<!uWHW_V1ado4j_6X!@PLpqQlN`$*9(edQmk}b*
zn!diTbK3Iao5A`1uC;>Sr=8HFOmE6JZwC7cus^AZbjgK`zSj+xVu})*6WmNw^c#3|
z`;oY`gia0{`%LjcMzLSnvqOq!^*8%IKC?9sCSPHF20kJJ-<Gtsytc`nRQP2RMZwit
zKN&6JfP>NeYC8LZcTO}{;M(p0yXe~rVm+5aRE-b;eK4ZWnMmj7NL*)&OQ|*@n`?8o
zQK#=$X78XZ$v;z8Bdr!p^yE&gquR=J>B$MzWyfWdwyAi?VXJXlUQb5K;Eu{}di!5y
zT2(1<6X->3J$#acW)(K>qb!#)(wOeJkCS7(zr-?DdhI+16<4FaR2{6^;E-nZfGcfl
zFig29C89};52Rx4{zdQV$kcfqbt(Z=8A8q*9F!1j0&a;g@OO<h!h}v_4}g{CcM92r
zprq=GjAG5|leJS}ouq~8uOq_lQ|FPF*CaMqelqt;ZjO+ii1kDK0M3p_X*onUGo}s;
zrZ!=X?DQ8>JH*VNaE=NI3WpsEz1}O(N>mA3c<@r#EixwuM|w1BXUD8L+<}Wm<>2*s
zNT1V;UVI{GIdnfqz(kQLUT}!?^UW+vwP=o!2#jG0-(-n-sq)e#A!bZ{=ZcAN#Dc<w
zoxSBWfcXZzn1}6_;r&n9p9C0Uf`Wp@hZ!u-)I8zgBNfn_PiLJFfRWQsNAs7*>8Q5-
z%!wS79!I5ZA9tOhRcua{NbQ_HTFCkctuuVK`?TtFHn{oT=-eAtNl8g}c`{*J7QrB!
z=tvUo>TD4?*`TT|c<Ou=if#sUyY1mu!BR+!xNC88Q>^Bq<dKt+HJTi3ktAM;@IGBC
zpUwEdtt)Yjp%XqgFO!f*4h}nu(L~%EaBkLBtPf@olxW*TDLbE%Kp|`-9Iy4K@X(&i
zG<kmY7ka%Nt9#vXee*;jPJ4B8IcJRH{rmS#!f36JWEnpo-Oj?LF&QKn-_%y2JUe&Y
zjk%ITa+!EmwW(!hC->kPgEdE~(XgLFjmfxD^TiZxo<!~1rPhnR<aip}gU6^P@blK{
zNMn=XpD~BK-277(YOPr)u~zU!2~W8f<}EW9p|7$11a&lDoNV0;%fe_5g;I0o8$La6
zx=j8QVSCiNyN}hla)CQ>7NR2xQstL>s60^R;;xCarh)h1Yo+J(jE(WzjCrA@=hC8R
z_-SnM$ms-txQOU=*I-7k>&f<H308_f7Tss?)+g~5>U9zEs-h94xwOs#)-HwIEtr{M
zBO{Ctc1k(-F{m9FY+fZ*_|s@+o(xW$%FOAVJubi*f573(gsA~l5Nyxn9Z5=qZ)n^<
z1Vy)jnqpjGmMeNeuX|ap72Y$bwJI4+k67z7Nl0ZK!)yiroRpMmaNTR;!A6?a3%42@
z|0x4RyF*jm=_FWceyywi$amifD{2d0R81Zwt>yNvP-tz)u&_g31*W>~@7$=7ayTiS
zaSEFo{Ag5?w>`o$`Q`%Y3Oc)Nvu$CAU>r_Hn8kl!c?azKA-su;?F=IF3ReYjT5Kng
zW}I-U$|5I9Hw>#+B7(0NrwH?}oQWf>ZTCLX!G;OfXQTV(O?`yMM@fo&nF&u5k;hF@
zJjB15ZraB)O`89l7+L3=+4O~#T;*n+#U|Giop>~|ADeZmja{_YDpU7$&qapy@T_D+
zHDCrlt{owg<?FC7Nxde{zu2qG?>5CPNk2N4TsV=T`H2o+TfWUL^^*nOx)$jsIwm5I
z**d0GkjpYwHE3e*^4WrsDv@r|6&GH=dzD7&I<*V&m3*#kzb$?%;x?3XbD16&CHJxa
zHiznBhV)!ncqM7BB((WZ51|I^Q1(-dRcT{QcZY^%^@n1QYL^bstbg|13>I6A5@6X1
zqUJa3aKbXQ9_u9s)V1X|X1VZ3xtb9d6$?GUsF$%x`%W0=LbZ@=?Al9!K@miRS(Q2Y
z23ygDwR_6>;9wVdz1>4yKA>VP)=5Bn6ur6>LE8$NDYHYsO1yqnO2FZy@v<;T854nM
zQ$TI*S8{7<<GK8yA#qSYoUM4D%So##s8#e)ZS&R6j}a%Vuf+NA0#{7V2Kr=dsmoay
zP1F^{>*@6E@h(-f+!k%Uumd$xS^yRH^a)m_=CWUUDK&6Gd3r^CdNKb4nfvqmp4bvD
z*;ALzk$i>vFD4@DElvmP0%^AGxG<Wfi`SRPt~UjBt*tx-=9s8Wm>3A_Xqo<vKxR~!
zn;kKlsh73R@ZRn4Q%H~Bveu8DSY4$qi`5St^RwzwAcqx<Y7s!!T^{LNHwZc3E3*$j
z<GOGUNl5~&tu)u|^FQosrUt$7dPvZ1uWv3td?DW_p^c%Vq!bOr3tYvlT|1esvC+X;
z=dLIgJC}-Qi~sc$m1vYo76cdVqFx&_pIuyp?(XtE<=k+>&pVde*(b5N@r0tIdZS)v
zM4FnGR>U>9dE<+gfr1r*F;>sT-S_h7LJR(9r-E@56Z^l}YxKip1w(~_>15ekC@HF|
zlzho7COWFxv>o;|kl`kj^z^$g!Y;2<CSdEiV=FUqC8p$M`!}Ork=T`vNKvg_9}RYh
zg*@j3uI!E>BlH$%%LkFa3O}2x>}BDAvwIT_SM>fP!s@5VyDpwk1zoRH3J(h2Q8;El
z4R;uqEj&~BkSQ%ml#p<<$}dW-nf-X=@t&98&l7E5kOfqus=dm{xran0B-};OxE1jd
zL{H8Uw8ia^Ohb9!lKv_1a^voCH>jPz9QN{tqC>aMqJ<COfm-4D2K;L+yGOK}{JAP;
zD$P@t&|j#XFb$C-Ckzb8`r-(+&@GWNM0`w5n^MNgkQRrp;@S@XWbIb%d_VWh-REVy
zZLaONo=s{&_4sobMq*@aybii*Il>KRR;l7DDNq}8EnmRbI_B8&2v!hRsMGr7R0s9a
z+MBZDJVusd7{+eko3dI)LwJ=A&+y*)As|9Y+ISv*@=m%yxc(Vm^Sw{!hw>-2auY9L
z;Oi5E$@MLwSXz))j^=v9_{7-EC|>uw_ge{7P5J0Y)}61}`Ew%j2t(k;&1MH~HuWad
zE6k>SVdy-=sWf_o1%<@w-wi29s#PODu^A>Nro-m5aYQs<MfNF<B);nUDyN)8)!pHt
z?>PWPEJO6b+5?J?@_vZ)y(B8v<Q~QkOAi!$(})%V1L1T(6U8depg!EF&UX^$#!NGE
z@)3gH<hD6~apgRhT*!(x*`2^cLyh9kHN-ZStLNe~;0c9HC0lK~oj?(<O1!98XmJQ1
z6;7k$^=j9WETXe^-du>eXrffOhfk%%t88xCZCfRzhuybvsa#o`7(EkiQ(-ziAF1I+
zM&tjX?JdKq?7FpK>5@+AMmhuu=@1bRq`N`7V+qm?Qqmw2iXhz`i$)qGq;ye&<N~DY
zo#^ee-}l(}-haO1`^m8ub6wYrF~&T{d5%#-M+D(CykHU4aFJmlYIwds7FvuCG)^bj
z#7{6#j2__{2Zit3@GOai>Lh7BE#>9BTFOxiVP=BA8C02lS!HT{W24)+6^GT5XO?Ix
zjBoN>imJ9n4#k)~BIj8u3b(kwy8|cf7Rw{;mg`3?tGGx$H6~q`D`Rr>K}~~oKWY5z
z$Ev=xUuKn5dybXl;;JgTxi8i_ZenfKXVG(K?7;kkMJimg{hM(K-b|HNv$8W$FtNfj
z#Opwy&!!@qd&c9{<4Dg%gk_G}I;U0~-OJkTtu0{oDVi@w>q|pJQe1&uv*d;h$Kbg0
z`788oVee3uN|nY#?vo4o-P1FZ5X5p|6gn&4%R}Bwt2C}VHO}C=tq;E-aV(^@otyjw
z)V>^>dxhiXxgJ~793#LsAw?FJ+0E>#*4d8>K!Mi5Wbj8!o{RNdu4S=S@ly^Xv0$X`
ztK7{~`B-u!K*Tcb@!Gva!ntfT)<|AB%Y2jyKiM}8;y1hmM_f7(ow$)wnBMc}CJZLo
zEwWoOdhgynW-n4EB1j~(aJ##=mj_FOZJa)E<_))actwTkbCM-oqQZb}cy4f>`%)|~
zBE|18iWIZu1G0VRc^tJc;(WamF^=vpBwX{d8@Xh$@4T`wCa<f{OW<?@&KO1B`#h6Q
zdAXn{`EK&1lJqahc1llSOa;E0p1ma!z;GA&!Y;Ch-*s`M-J^%+S&E6VOGc+~F1dJ%
zobj%;w=|huBn=uvUXfK_ucZhIkZp1`+G+O)T&^k*PL0SH?X-djDHpo+rL__-bzgR}
z=Nq<xiM3lO@n?Y>#?D4G;XL<GREqeJ=UbWO?YVeIUtENQlNrnwo+>S9>gb@i-yBm=
zO89BmMpUhw{x&w8K2RM55E%WoHx#tc(Y=Q}8sm6KNQkg|XWDEP&*P&iwV#U@FD{X~
z*EQWK@icQWAyJ0OMKs^9;M6C=y#xd}gOba(bK85x{$F`|2JH=F?wNJi0TEn<&6mfY
z*#zxRF^V)kNiRH;?Pzc@a|yBtB#2u5-o-Tec6@k)q2WzYi_l;)m-2$PfNd`a5)sj=
z%xY_Md}3Bl)ANi5kz%bcXahd?{c0&GJZRM3^k_wYIJYZxxew=iWpzXh`7|wBSSxXt
znIzO&=gC6jVg$#vNBxh?z4XwCi<8}s&d@{6W?AZq8Pj(3e2kmRE5XZOU*hsaJJBXV
zL$zSwhN32Zj@10DPKzdJx*8AJk55lm5Y&y=e>Y=ZoNZL<6MU1SV1JrkxrEoY_vi_3
zyOx;{xE?l%zu$!w=Chd=J}$vizPFeum(@;=Gk;=?$Go-RxS>rY4yk4sWU)k0xL@(r
z_ZQz=VSoA3k@0R!0uTHrT^bYexe*^URjDA&*~=*2L+^=lJY?~-ea=xg&tsc%@5a3j
zcX~*r&92oL#6Cn>UXjDh#KW5mW#`UDXH2>LIPHgr{~E`iYd2w;g~Oy!^67o}oc}WU
zTOl8cAHJ6v6P#<~?M@w1W=Hm@`1=}k^wg|@sRn+o=iD5{Hu^K?>LBGU-PV3V814K^
zC}(<bfZ(Kb!8?WMX0+fg{q9%FfU;K0t)6A{IhM_D2ZZ$G@0ZG>y&|HA2JJJif6l#&
zNEKo4R@8tAoR>aRZML#xcF$WbqoyM7hz%x9Z%z*s)8{+MPb78He)Kq*Sp55ag}@n7
zbu?atd}ajm`5$dVh?F}SNhsw^Ur-5qk3)?4mI}B6K4|^g;C&`Tk6*XQysM9m(e%T3
z_ZHVWtW1-JSq`1)?;as}ttCqv%qhRSWTlBcP#5BIBZQn?TqN3MrVq5KkxorcEvYYm
zI|=u&TUwUuX)JrT*u-N!hL;kj$26gRDTh_#bi?-=Vr-h5*yML{<yC1Z*EpjR22Uk`
zfa?ra7^n??SlQD#B5@s1tldNZG(|_rUkTJQXO#W<wUV$!@Y28JMC~%Pi|?@s!^vsF
zqZ<Gbq9B;}z1FH0l`mye&U_e*eK?V?*ggD1u#+wtbQyo;AHn9+W*z}m+&xe1GQJNN
zfxu}mD^~<{+ROx!xXbbQ--)^)`kh%m;5c(-)hIKNn+QsMd#pKoulibJOLcMP=<0n&
z_8tX0e0fcAQ=QAdu`he!;Ny>O&gJo~nG^ZDf(9a5oPTQpcpNd80|()X`K~kKyV>L>
zZqX+C7ZGjK{mdK1Fc~kR(X&ZDOnMGE*c8axkO^MPNR386^uIbHT`s!Nc^(p3e|jNt
z8+j}*nS1;v@_2I_d91-|?qYI6a#6TB2ayuvB|j5Fo-cEWsM(Q1uHaqXg?hDYV`zu(
zAIET<eV!W2`x|e>wCyxDGzF>{`dcl9PA6t24pTd(dbnC~+gMZjZuqWG3miyKx|1YY
zx26z*o7kzn?i*-yvrZ04i&;c6(v&1h-1Rjk)>E~1RS-RV+rQXz-iZGiL{#bohY99#
zxfsfHWlXUPfR=r%qinTH631oKV`dYm&d!|WAL26!&}K2lSN(|?zc=2o$-QCyqSV@f
zVx%@*X{}G~xMs4;f}~STS}qTrZe5>hQtd6{udz1B)H!eoKj@}1WHl3rMq_(-P?`^s
z<YtP;$K<FZ#L`@6;?Q_br_{RcVNc6N3qny+wVN8=){f)`jWs$Z0i@+fGDdM$s-Qjb
zkctZzQH7nu!JjhF@!Y%BFybQ~InKq{*D=w9A2?nEhhOX`{<P%vTG5mg17_q@TN3|K
zD&Yd6#$zj-A)_|MQhSruBA$a%ZJib(2~z}N#BwB-$cq7gN2&EX1eo!Bv}W`ASIZw<
ziP1S9KoEQO`KJUo`-`jnN*636M=nd#-9Ds#0a=^gl^<DTrJ(ZWH5^Trwn5jBR_F5<
z6f57a*&do6SE^g;U8ptYHpZoopds;GYi}dQTp!ig{J@eqZ;?HBrr21T4ArT6>hl)m
zP-}OoYx-0d<lqfgNcErqbot3v?h+q_Ed1NYYu|XpWaG-*58;~*O66TQ2JW3*s|?l4
z%L_K`cnUc!7z-+F#ApfGZ9U#y1U}Q;^jBKtb~wY&pK(ivJy>+Sya>$7?=S-c1MQ!H
z9?3y~C4R6}sUqK3HP+}x3TNipzaOo(igsUAD3!g>AZr}lP7@ZkxMfZiF<J_H;)T00
z)1spv?D18ezj@l5g^q!-?;PEb)Z(sSuc@9sj!YpPI8&6&PRp=TX;C_P<f5chqet#F
zo|ce+LF3PF#MugHr|^#c=Nv{+?G*uk-TgXZ`Sv#Dsq-b-lJi&4>Zi?mf8GA#U~Le-
zBUmi=a<z`TX!|Ud4w1WYO9jUtxMR2}ecPqOqe>tjyu7@eeRBPE|B;*a&Dw;e>L)cO
z&>8rjlWk4q+UBou0X^ZAgE6JHFC1~#i>^Bqjecv5EPi1|{4^0ZrLmJ%M9l?%`k5<a
zznQv7lLEGOr@EPKSH46UrdgbV+j4ZQdT>{r*Pexig_+UAx#Gnr-^tD*8t9g*X>JyU
zevSB5?VU`f*^my}U$<_@0^Itv__L|~=YiU+=eV4Z#!popz5o+>ng)#~@*2<8YlhnW
zoG7OaNOKq(7zm=1K~05k+d7V@IhGs|8+?kbVH{{|^pVVG`zC4l@E|@l6Dih`nEPUd
z`mv1JCBr+5#Ozy#JjeMQmOpwwh8SW~te=gxFgIXMF8T6?1a{Ladw=T_B))Wj@v6fi
zLS!H712Q{DRN=?L*;ICTkzp&rUEfk{4Y>Q%EH-Q48*xM|L*fg3sfkQqy}*KScbZ*!
zmd^2ZN9iXa=Zyha{O+|<Uo=rf_@CW}XUHJy#YL(P#+x`Ia(`-b!%qTDqcw!5gjoGL
zMZ+*Bt#2dexEQP!>#T(x3q*W$$8SftO4RukCM>mnXXm_+VVbErTNykCOV8H(c3wnK
z^rogq*ezxFjs-MeQz<Wm8#VcX#$$R9KOsG@ROpUb#jh*hiQ@#o!ASeU9*yCl(`%^R
z#j%4ksCeq2UZRxfbG^phpG<5!8{g!|BWq&eh*++hJsj5L;X6Ax8JX=j&@Cqu-YVa%
zmvt``2E(KOA%d`ytv}n~#f?b9X+TRq*`PoO@%rivFUfIcV0x-Cn?OMJIZNXAezzvo
zCrF*1OwKJR2!9$!+?<er3j>$!o@G~MFcZAy<lTKXB<6}9BL>JuYQE|*i6VZhBmN5L
zEgF5fcHi*=NlO(+&Jz!>n84M7JX0J@m}`-X+9CIl`D@^&PU0$jmyWk*-O_oc7DA<6
ze`LpM@9wkIx5PKH)-}8T#N4|}^?1Z`B1l`k#&kf$UKhsHlYr^EKB5m@;1_4^B@;h`
z1Zg~+b-6^T$QKPy5i=?ICrJ?>fQ<)R_o5&xvX0ou!{>xVk|6KW29nCb<f5B58aM%Y
z)?-WSYtxbTIREn*EcK5{rY>^^{1c-5+}N4@<>f!i7l!F{24XxE&}%~uO_hA|BlU^p
z!>i&`Q;`H-Z6Xr;5t9%}TEjhlILhg?mpZ(M4#Mx%%LbCxHsuUXNLz1EHGEw5lix+M
zZCu07ruveiQ{l`zW<0b>2;`7B^BN;E=Sg2!;<DZoLQrc04~{Z|qqRAmi*%5-v!am|
zRSpi9HaA`3kDkz-jukxfJ?IDF^`Q2b$Rm!p1I$2&r+Ul_n9+elC8CyJ-mPT?Hf6q-
zdP>WnZPG#ETEUGpIhSlq#SJerpk{m7#5)r$D%K9e;JDeR?PiMN3~>%btv&a+&hV_8
zJTjL}`g+BH*+N7z_Ij;vJ=~9+4bInd4lFLl3?qoz9#x2KeVjaB+v)?&hbbyW>P?m<
zwNCKqB|mW8`$?`}{gcdjCdVuCsIfpLJ5U1u)nWr7wgf(wXH!rqs7=Xx)7dy}A*D*;
zWO!I!4lPzM(1tCZgjIihhBsr<PB3F~j@-Czd>yp#bqh@f`SA~Cc*X-S>eJK7u(xjw
z$Rr&3yBuC<hc(o^!=7wH#eVtntXn!3sX0!k(M))u$s@7ni$qy>6ujjOtD{TC)c1ja
z0CrHYQ#8k0Z*Ok`1Vu%yk3z^s3;C3_{0|+9mi=^QrK;%M0}B*ja)-?g4U$;&zkv1|
z0rFBaFp8L6M%YX_K0GK$`qcI(0XlB`;CrP58%{)S^EjHuzH$NdmJMk>&#TX8*L?ZV
z!LMhe)UsiiElT@W4EDwi!-nl@iecG)YNGUnrarxngX#Wr9~V|s9ABFEm42eE*GW?{
zU{*<RPA}2hmHU2^2UYZVe20YVoD%5KdkK19Q)8U1e)~Qd*nX!jX?^S?wZwGzAL#fA
zlpF(o*enpMJfEft10jIJ7Sfk^$w>U$B>d@QnX+H)Ir?<z)jOT^0gg(b8~gz{C2Pqe
zJT?=I)5GR{u^r&f|1x#90HoG>V=|$gp;+njZKtP@s@6L|EKggsC3awD`Q>9wUc>UY
z$|MRqb7bu#Lxt4$4owYBG7iT6O&GihCv*Z#2@dlIG`ASdMG7PQ+;7MG7?F>k|8AQ>
z)mK=@fUhKHeM<+`Ll=bWAjxc7k1IsuY>{8XGK->`)(Z%>9)1)CMXbnb<Nj9&C&zvT
zPQ>18D~RO_Er@B?`Aw&dLE%_K?{b`Z3pVpA6@tmTH&xN5aftI?HLr!}Wi}by9U#^z
z6gU;lBii>F|KR7bG1o??aiXQ8EqvsJzAfe{r(yBArbBglocd4ly+GFHeEVw?RFO-9
z&Rhn?=%bE5$bhg>X59Rgtm7(M@V+xleqP}Skl54HJ;J5$MKOILU8eKjk{2Vf#>MUR
z2ZClN?l}bow^Hf*PZDpeWuBN0?z%}X;!M<Zul6Y!EF1P9T{n?oHsjnBOo!QaN8>>j
z8CHxrdHpt<JT~kcbV+L)ttT~%JnTDt)rW3PHt5_n>2J8Q4l1XP;#v*8?eTQ_-iB?=
ztv`@h<2N97GtdgMQRSznLV%%|p$F>h?jbm}9zBe%M-C+2xlin+ob?dt?b`viKDW?@
z`isXst%hg^UAaqLH+=`PvLRi|a#+b{XQ=*5&rYIcU~<M|pcGYB3o=(g9P?{+pL?RO
zbr^lt8s+#v5vy;;*9xJIJM;D7j*HDmwQSN|#{OA>F%mc3)oH6=CQyuAZ?`))DP--(
zkB){)Ozou3$WOY}B=~e}B_sE?@}BEti_eGY!QT|Ae?MXgZ)g3DX;RhaB66$0x+y#k
z-1UJ#pjGACcrz~f{nb?$6(-lBpX{yhSwQ4*dmz+hO0-HvY8+;8_##otK@FCTlIuT5
z!Z+%payH8KwI7G+cG|eC#k=Bn3RZVP0-AL+*Aj;`n&CG03=%387>Jjbj)cL)cL`98
z?!yT<&=zD7xnrR>-)Q8F=!H9fC`+{CxsXydHe$AHaEk~!%qewa#SXPD&sN{uxze0F
zJG_yWl|`-|$d5ze7U>0fdKpz!yv2|Y9~gzC7qSgny<<chj;(ePHiEa?e2KZ2bUqTC
znzIT{GjUGx)rp<+R2f}8?iMrG?H~RO_~MSqP>u|L!rNFRmO}wnYrRjp>QlmI?cGsi
z_sf+=b&#{X*uN)B+;!FZI4f7>5glEJ^KwH|giLl-?+=&qdE}tpQj?xU$E@Ia3IC6^
zY#_t}9iy<jSr{eZ4vXId!L5%ytNIm-3-5iuv?0Tu@n4DSL8jmLi`^4Ljk3re6wA1;
zpCFM&V0Agm1;Lz(b41{t?GHH~|8@s-)=yolpT#_dkKZ&^*JO4hPM{KFJyCyr9Aqnd
zha@!~RdIULk1lU6q7>^kEpfoF0ke!cVqt>k`I29I`=Dc%$d!z*1w~g&Z_w5Hy@=Vv
z0@)fVJ#UgB{aSe;%DTk{KWs8y9l9V<$fgM8mHsQGk?RT?H>ZqiA*_YPw@cl#^A$JU
z0$QFO1xRVdDV?1xu%{)y<K}VH!A(J6?*Ke7Xx@uv(-srJ2;@m#UZ}RMP92-Awr8I-
z`9xIspJ24O@4rVJKM8j?TPt5^!foF^15K$VKBoQ6N36hLcfR}8r(EGN@$x3<m}d<A
z=SZDi9x}n!b~vkon6}}W-ABeJ)M7eG;)vy-^|+L-E4GS^l@;?s%gbN~(moo;4#fd%
z-BF|RPFROb((p*OAZcN-v?*jg%XBQ?PMf6mFirvn4ZP~KsN<~3(WFEySCPm<jv;4{
zEl2Xd#(3nlt9sn=r5e%gWOcKsqQWKu8m&!0G)W|Weo9zJp%fB6=#Gwy-FjW&9+<iS
zSSI^}C`Rr<A5}6j!S&(Q=2w<h5=sH@yYtsuckwqIh_HTvfZrAb{9uw=j0|r>es%Pg
z)tb@1ehF-1Nc!?ccs=LktDpJPJl;b(Bpz!6#HUunY^GJyJJ2xfju@SX9|HBLn_lVG
z(;C`^iV%P-LNfsOW_Vl7Q~-Id9ry`7h$v3bijtGCVm5|hg)=_B!^{{&IbVgU=>Sd&
zO*x>{n}P69{h@q-V@EsPvq&@ptLvqw%|S@YyFsKt5v#84__BY1C8BS5r%q^H$ciy1
z5_*0_(U0W8k|tpHajx87Aeoo{U0aJz%c)!c@Ni%P!}poy(;yVAT-|D`yvue%(&)^{
zVmV(<$ap6)yH-e}+Yjj-5f51p3@^|pjdOwX*x_2tU>p0hJyfSdQz5lj^%JH>sZn&y
zvEM1x0akAxpS&Yg&u#8gRPPPcZgQhicI*o|r~-#-r&S(gHxq>{<h}|xb67jZTIhFi
zXhhI`j<*RA5-tMt9A7?vVX-SDk`lUfLxF%z&L7aX8h-az==A=IyydiBOAkei5h~X=
zkN!(B%jMG7g^%)3*&q7dL;RjOx=i47iPDkzBXT12Q8Jrmn6TS=aJ8E-iSN$|rqk<Y
zrx4xAI*^(%zgY-EVkwV4Xn9nTH4&6h6j3b0E<yISnrZNc1wWsXWtnJ-=X^&yK#w`^
zPxQunoHe3a`}Aeq^^B7Q_IR9{oT2rqaTdC)NL7PfJ%j1Wh`;R5U?T^N9lcZ5SQ@jy
z4WpW`n=8fT{DHCDQ!gxW-Zi1V;0lQv$V`Mr$0o+6h7nWX$XM7{6_yu0s*OC|Sy^8e
z6xnmX&PODb>gmmgYD-WOSSAdr=%nXf3HF??m`Br>q!3z(qKE2=KC``weN|0}e9p?T
zpz0N??I?G!z3p~aH~T2kM~?jAr6;OmSZ{^H_4+OM?b-0aD^gF&7W5Z4&4b5{kXRN+
zX1fzi-L9q}KryQu_BD0hOVv4g!L<;$D9^QJiz)u9oc(mVsPmxoyJtp3r&+S)_S4j$
zPw#zXlArE!JOl9cYQ5!&u35)+V3p`1-od;ZfHcL8e_dHe{X?$k?C`6!VAc4f7OHEn
ze>|nu;Km}G#?i?6I~!?wkYt00hX*}B-s0AWfyUtjeiIkswx&g{mObawz`iZ#Bp0`t
z<~`O^aM6!T=YPqDjEY)yecf=4CgiotG5>Ko7(fKl3&d<~CpI6Fjz+Gp&?IkWjLa=@
z66}hp+HZR6Lj6CErlI)xVcJpl(7}NMRIKHu<H__YP{#ur^B^Aay&hRthq*fSrnnFH
z0Bmxbwfgo=bLk#yv*Y5)P|t@7&=A3;8@)&DVwghEq$jF8^mCqrd6~qJ0*uLEaIoEo
z*|m?AywC&~3jhETW41hdCyLQ-Kg+m51?|gL3Sm~xs1Rbs&s#W_i}|mVfD`6FH~*$<
z5S@ZFW77@7*|_3-orCT~2NGKUNm!Gm@h4Y)$JrV7jxS$=nbcEj6Pf)=Sc?^w|FIH+
z7|2pg8k6%OmuUj&m+?ov*!!(-X)|Z-GZLZ2z78y8-^&Qht4}=1?c2}I-q9VH-xn56
zZ<u|n!{OHR{YH1dZNn@uAesKJzvjF3*Opxq!jwd}m>#&_JfKC;r{nQCraZXQBu***
zDnj(FwpXPECJv}nk8n=Q$gz#%mQd)F^(%E@@~L)LSWLg7-3zVl%d^97`Wb1+*;=aU
zT+L4oM{o&-15vwmX-b;~nTY%S>aS~?n?*zVAnSljBOc<iLe#FK!Ax`**7!|F-ISy@
ztS6WO|3<T1H*=@=v4qKVB}DI;Cy5X5vlGQ8$~~kj4)u?BPf_?yr*ZkH3pzl~(zHt1
z={;2O;uo&9Chh>97o>BnAe}pj!Es)V&kfcvfVJNLq0gE3GJ&Vr)koFNpKReH!n|?A
z7RN#aQM6prJ>`b+Tp4+0+dNGx(UAa|a9rv8FL@0r&6o=1jX2b_>peX^xAXV46;max
z3w3hnPY`Ms4wz*TK$bgn#@Js**Amr5o!4XFgPDs<j=k)Uup9jc&|*13Ek#c=entZ^
zjC;@NRHIrfJj*GNlgT{-s;Hw#SMmMJg45JDxf5QJqTYp2ffLZ@l|KK`Mx8~<+q;SH
znTO1MxcB+5doD;`XpZ>!m||!(_G)N)2{-(!q(q&m-)}HJ+vpCky(-cUQF(m7q*|3U
zZn9}?c+47-6ptg&A{OCM-a7_wghi0NA?WWX)@fO67x-yzI9(9(!M#BV`C$UDg2iwu
zqA?9OI%XjP^)4nBa}grG-jn;QFW)9$qdoh6XVbA<wDO}yy_V(jGB4hC{|S<1wf&V8
zge<#vZrLBCQ*C`e1?cEc5D}>JO(Jt7if>>D6ln$AJurOW)2Q=GVQYMCS?#OV-iUGz
zg^PlMjIB4b0ak37=yFqZc!iG(JwoPfSbDbKHm)Lb;S_ard*ka-m{ew{|0Z_<Fc=C#
z!5juucH|Hg6ct$ZO(*TSDc{#*R_s#pnLzK_R_o_a=-t}g7o|KYD<jtZzxlLM@nipb
z{`g9AAq17sE0_PZcQGOIq<Tc(#`OTUJWR@-U{NEiYzOi4QQYa})F%(5A4YHVP%chv
zL-@EC!CPSp?ncO2iOP7CAMn_$7H@y$esz%481o@d+%zIWDWDm5Ir+Ka9IE8^GUZu6
z&u8M5s-A?@@hjy9x}d(;`Qtb`YG6K;k!(ACoLYveRQ>#oF;O;mYt>M+>9tCvVwc!T
zB=~oVX>cT^T~W(%z^&W0-G4RKSeUG8yjf7#zcp9LUyS~Q5!CygdAa+>=Q`QvidJ-8
zP0&R{m5SPr^zCO~*%`;h93W<<nF0!UisPL{2FfbyW{=D|9@|N4%Y`}z{iUzt3<JLE
zPUxI4MrLNbt+DmlxVMG1>i}e$%9xk-({bONRIq%t(yI(hR3YXzIXpO6`t?)YIaH^l
z(MRxg#5cqxO}^}3feg67Smt@CycN1f{?N8N6W`aU*_${hgDqBtHE`w>a7aM;;cC7~
z*9A?p%Jpxpz&s|mON{ZRa2vnN2er&_J@@8Vi;Nr0hmOKkVRC20L_}HTAs%0Lkj;`c
zrh+!5&9X9^nBLEL-$Jdm==eo73_;0%pjN2r@<`R8n^%gBjg1m*LTYLOAVN}>93x@g
z=37^^@5A#D+kvLB)8l{vcXPQJyYk!A_Su3O>APrB&VY@L`)iPmu!UnZe0Hy2*ZO2e
zevJ(HWFl2Gx&{r-Mrp{r<Ku9^c4b{zEt3$wRHlQ!`O-$vd5A4Dlg)Yyz>ZZ}vRkzl
z^Xp3J>dx|9RNs?~L-7rYQ*k&zN_;s`0+N@Z4*LF@yQF<#2G_1L?I81Fp_VHxr_-?E
z=D9uY?Sv<_`;;@tK)uev-q01rNbD-B<K4m*hRjXaE^ONbO+gpMnZIVkJK;y9(r`FM
z+(GDU^1SBawu$a{+f{GE9N6av4Md69xNoA{ZfttvLqyS4CSJv=X)&7zH&ew#MTG!*
zUw@&3+jD^C8f44Z?FxUS{l|n$B4(fi7~-S5U5q?w%zb#(bZyLvG$JY?kmq73Wr+;K
zTziRhntmxRyLL4gC)e7132WVGR9=v^_AxCjHm0Vg?lv@6KW3NF!>x6tFAz7}v3V*u
zL$MVm#d+_A@)b#MIKTolXys)TQVEaW>tWNtO9~+gWF)SH2NC%~cQFxxVxf)TVcZ_l
zGn{2oqPeGUF(Sj9aEw!i4(O4MY8Zmi+A+j@j^1n&#wDG50G8(O`0ks8`m2dl<<<y0
zCh85W^7IEEiyKRqe*S>#jx;~yzgJC3X+Wgq$bZDjPKQ}mN{$xVIGa%gwJXOC@w>WU
z|MF9@_2(C6J71|T6eHc)m$Gj)`a_flFp()HYbiZ=3&_K;t+9qFSdpQkF?xwB^h+jY
z<KfX7ACUQ6QAmu47bA#s9qH+C_QK&0#CfxHtp^6R-<F5iXmn2%xW)54b<iJZx;M-S
z*fqpzk?3@tSst=bhPxk$AdLjtLF)4D0}E#u^RW4%+l`dxF}T!s@mK<TM}m{V>&gbO
zG@HVI*`PRNOuf(KC_Gr%mrkIIBlJ^qA*lW4vHq@!r@_D83O?ZWoQL!9to|a2o_Xr{
zg<maFVZ>9iwzuNQl-NT4S6(ac`iFBXxSC4s#ESiJRp}Ops(!SvvC7gG9WBy2KL3Os
zkIEWI8bfogM`111?L5~x(v=F^i{9+?{Y|y#BLaZN$CUTtH)a?bMIS2Yf!MA)e{R$)
z)mD`IhQH@bd*ldd=kS%8O?p#g3g%3iA;XD&)Si|hNlO?m4FZ)2TlX7{5^>9cZnJ7O
z<%_4r5u@)O;4Umg`N0_|Wt5cox4+lN>DE-%b0f{p3d7gljLOlc$BAES2#XtOL9UzK
z)?+6K(vqP4M2GV8`DHx%HP#r^-QGB2C%1IaGyhR3g38qcpf{;31N^qa_?<)*7S>X~
z1KvU~QB!6IT}5{}QxaktukkQjH0CuHaj~$1nT$C|<TBL&0XW|Gp%0gHYD!*Mf9&Mt
zxTtF^P2=GxiqWj>Ynk%z3yX^y&BMnkZ)o<e4hF4i`5Sl24V$ScDXAtmr-*Vl4@QZ$
zMs=<~;z7n;$miSG7|f@$0S;tJQy70(J$sl$(hy52ez*OqPB~3(%kz8Nl_?Y&$f1I8
zCe^<^YL(L8no9Y{1n32lr=9Xu)}6MmPm|b;zp2QvG9jI+8YG5X@qZ8znoZRz)>iM1
zY`zCy3Dr>k%+r$p=oftE6?fZ}E!%c0CrOM=$xwd?wuFPly0iBc?~CIXkEiom$^Ov#
zYfq@v6K)x*ztgX*AWY**wi<T1MDy6l8-MKUu6MZHTS<ptjy`6*gH6jFZZ}zCqvVoh
zc}q7DbiwxgIU$$z(t#-$L|14JZ4iFVWS)n>C{mX`6NdJ@dBfFrA-`A!s9sjhtP1;h
z6jYxR;fZ*XfvLxq6)px&&dk$Izpz;%Lv!}x43merh#<rB`?w3tDN0Y-er?^5-?DTY
zAO~h7&5&lG?+E(Ry@`A!P^+;qSNo{tYUB}z4VsI;&&C+SCwuah)sz{XN_>o8C>S1R
zYHcl#syUwYG~2b`Oh;rqt&4Cw@`io!AOk>q*u-jRBabL+e|Yy+!BR&;OnfQ<i;~*>
z$6aBoH~T(Xa0`-oQ0){=!a=7zMTHDxaMN`gWna0!iO|!N@o-YHB(Y83>Ngf#nrxrg
z?JR8ga4{GIvs^A44{SkRr^}Ae<NDr$Mq2hQSmm3x&e@#Lc9fpjFvS^O!m~$O_7~TO
z&PF}Uc;zbdF9eqJDt*F%I*hEgj_K}X-gL4)E)1Sd(Or~m<wCi0qu5Q5=CyXPddga~
z0yyYzMQIRk78|%rv>Hnl@!k(Td01#!LlZeBPv(x%a=8WR_?l~|gAejgO&gw;W@m*?
zGgdJ5(x8kn#o87C{o0s&Kj2d1B7b?&d$6*0RzP=EU<tew7raTuz^&|D_mb+TVu{N0
zeOlb2ONi)|{bCK5Fb+9^or@fa>d(1mc@Co;Vb65kTEZXe^HlmX;RuVwB<}C<q&6o<
z>$?ceIAg=8EtF3-KQz>R{yZFhPtgl*HZaQl5eJdQj8pNu^R=yz{da#Ub5Ay$+@R{z
zj7ikdgR*YJcUkxM=**U4{b<mG6@}%=CYy<?8#FV}+pM1`42I~NR$5%{^Sn|;BPrNi
zPL>nDky(^EroCK<ToW~g$a2I|(RQlorE0`Ky7_o|&D(Q&_O)>9EVt{M<+?K)5hg|>
z5*qF`Mn}EVK1ZI4dX|4ot6xr5uJosqu$#EXN2{GiyIeeJI%3`@izhnS9vCe@MvV(w
z(8N48iR@=v5|Y_RB(TYmp*bDF9eo8)J}C9@<(lRy8OWn3OE0NeTa)3xB#wM-V7M4j
zxa48QI?$23A@T;3vdpLz@x{#<g?N@wB=*v%#7S3KmVZQ;dC}QQa#M3NVf54E__rku
zKoRwx1>fI>1TyY=-A&9?OD%7xuWnb~Dd`WDS@hdmtVT04HxE&;o$od9C!>c0j0nLt
zRO@!J_3FGaKq2D3s3-fR({lAd7^PgYfgJ{_gcV`5)+7ra|HBk1<$Uh7@Jp}FcFK0Z
z^!cFcB<8m=!)1@Y2mKB=^Lx{QiR!vWStBZ}^-BOA?}g83!;X4LjirgXxpTCLUkqo^
z2|qTUOD*ajJ7PJx2tN*ta`*YQtxzK7MfZIz%I@aF2U#5+e`@?FtEV37e7oxOL=KZW
zF0HOt=N>w>u8kIL%Mtu3zjMtkthz}IMmRt4I{1#XBuCp>RNe)YwqKhKFe@3Qas{Ru
zGoht@moY^-DTw~;%u&)G#J@9iE;R-1dH!l-V)`>f?$3&SwWeN<)dSL|DYvi@KQ7ps
z8E!1ww2Ob^TSPSJUlPpx4?i%O4hw#N&>_%z{l3q{Vik$AF-CEjJ7D-oxW?sur`lhB
ziG3#Em&}u+)WAYXTI?N$S0KRt@jO6;m^)Yzn&mG_1*RrHD+x1gY-qp(fEkCtu_*^g
zaFU|f6!zx5|Frc6RH{zM$5td$Wj!#fGsq`5*?VkMCF+Cu@)JgU=4HISxIp1W47os9
zQW8-Xw}nmqt*j3+toIRu@ubvD6Yd=P>orG2jEZ*C($sV$pDdAPdXk%$OAsYJW;Dw#
zftxE<4KeRa@*NpD6;fw6*1q$%8Si=wo=%{xoujg;73*s5zlm-N_E9omF&oQ<MlZj>
z*@{zhWwXOg7F|peNN(uv^QL-q{zYK#t!1QYlO8edG6_G8+43*9tq&sff(KX6Ltn*>
z!FlMgH%{J&cToQLPP9^BzVqwp3&>WfS46`zy0rZ7#*@CVbDHVRU}-ICpy$&tSk)iJ
zeVSPRAt51Q$XjuJ#4ystfov=BArLsSaTr$yMPhHnJubAPHw>cJMbcz7Xmll}-~5Eo
z__ERYBBdtnS$>3d>h)N6UjYdO0wGW|o|Rl=|G71%q>&Kmg^EizZRo>R(!5Ck2a-b6
z$$=yFsvmD6277^S?tp>Xqd0Z0$)^7(yw010S9xULd<fDAjn+%O06YmTl-ejc6b07L
zpSuk=41?E4)BMu%Ub9XcD;#Q5okZJy|GG!RX7Lt2&Z1grhO(x*A+`bp;IQ%c;R8ax
z54B1R-q+B|4;nKd&b-0lj`CNCQ`h(TbvimUQ1jWx-@$-`$zkr7E^KeFuSpSQ`j;NP
zxOiY>PjIkPrUlt03XgdBLyTu7$p7G@0lK%@=IRY43{S+{tOQ%fT9`83ZTLKi0gI^>
zA$-j%hCl>Kf5$o<fm{+AkOUpn>kV7^?Rs_S5o|SIZd9BkX@wMiwK;xK&Ea?-P@zTK
zH_*Fo1cPGsfGz}nRFzL6sO7d*ky<aPlm_R8B&v{Wl^P(-lp8;&cQo_2z>6n<d@jU^
zo+CqG>s=*5{WMiDHl})dR)F1IYnLa*xQTDN_c}f5P~G01!)?@B6(#K+c=*QwQCuv~
zGV+KNT{(WUr@PrQSrPpaUXSJ~OA&7U6B{s^Py^B5qNumJYpdk#4S=n2Dva~@`!S+}
z_d_On%_n^Oew3_Q;QhjY)}_RX&4m`6I~{xk+vI$Z`ON`jTNCY%cZbp)S`o`nB*;*9
z=4#EW>yIz?V9RpDj<TiJQOXaAHZ$fve^$^n28xSH*JL);^Txqt(1|lm*qnS7AIp-g
zB>Z;p7hJ~OPY@9imt^P>^Br|mC?!zw@s}QZ1UG#G$t@c8X1n!gr-!4ykEen|0eF3f
ze%p(|G4VnYfXg|r&JJK8YtZiS{V_-5wH<-z|JT*LeIQF_7tjv@Lx&w<^O{FYY;ifP
zpd6(<6eO2wZKopH^M0rHdSVXcydYO`6lp$+pZqK=EpPR&9sW0lfJY>R#T)?I;=L1n
z@KeOYE-gKswOBBbStS$-mF#E!E}&kZ%$%)Twb|7Peuanz;Tn-FTZWXzyySKf!8VJR
zR3L<{pS*EAk*ojB+Hc(uh}Z!+Gm{l$c<)><sU!wA4T=#HGI^#HBFPh2?d~wNSnZ|R
zECY?-^$HCZC4%QaBMl`;t}rV{Fh#YM*iE*^Gh-38wH@Wy&sHgQlTcAv#>((+iGze>
zFnY_jtnY`sn2=M55GX9e$ifmi;oK*J{+etbL1X_QsAa)Gr|ng`$6ZW$Qy1h{uWXTs
zqb%1gx>_U9qqihH$uPbW{CSJ{iINqaKXE8@?l#?B8>jB^>ONdLFm*EndP^As8E*n8
z#TG%2Lv>6pbkM4R8ZGvp1o>aO$A7|DMw2dNKr?=Y<Ioj-C;XqUX~_c#R;i<j2&ycK
zQT|3d^s&^a`)cigg`d=mVk{^d3o%+Ka(sXsKJ0rJ$&}4@Ne?~<RC|=~fyewaz5g}-
zKdLUU4E@Z|?>9?s*0c935pSRJ_B&QG;FpF!$}mkPKm+bT9$$m!9WD)tH-7;B0SraU
z7$7(;P2ON=05o8l1{Re@fB*B(=l?Z2__9gcKd;i}79u9|CroEFxsTxICs^|~e;wS#
zL7+Y{!*fgnhQ?w6Ba?^+l1%s#L3I0NO$Glew*POx5rBaKl02uBb0MmgY=1xHP6OVt
z9p;z>Is7f{Wop}~kh=XaApXub9V{D|rwf=CZI^@|@BeM+GXfZQz`k(J*$Dpe-G8Pp
zAotdOjJc+~%hrRl$=#ql#PqiM8O;0f<}zqRi!^|DsN(MJMFg6Je0oyBy4BqjAHW6-
z$|r)~oUz|i`)?C;g$!7vV6Cs*Vi;uqOwc?XV4l@IFzb0TF2|q;uc{S@Tag1J58WE7
zbmfR-Pc+avN2F4S<L`U_%fLCIcYfQzTFFkvzh5JH43?I&WWK67ngmGsn0)X}QGWlc
zFgRg)IAR>d+~A2>pU|QCYTy0wce(zb1^xX;1uEiii&Gai+s#Y+55%H+>p%2Y0&hqD
zEfS0d)1HnGrLcRDiO0T!gPBQ07)@E?9=KBRKTSpeGUJ~`)g!=t{2%oF$u0Vxkd-=a
z1A-nz?t6o1(Z4@iB?M!i-K|7jL{|O!!6byzy_|R`@XsdxmkBWu`)4bPxkWMj)q>wn
z^yA<D?%!rPR5>bA4o9mA>Z0>61O78FZ~hF+8HvX5cTedsf(>5ZKQg$%-()QtnEHAx
zSnl^{2e+>DRhUk&BjSB~H6Cf4rWwp1e?8Q{%ro^r^ZZV@C*kir-_9~a;H|7_b}plD
zA54Xb)vbXXV(xz09Nfv=(@l@YZV3C|HiyEWVN<$;6aKyz$8X-U#k!?CxgkHG_w*ig
z<o*8a>~?F2%alk7A`m@fC8I-Iv_o<G`z-(c(RFbDm_+^2x64odt~0QRr3sQ)AgcKP
zX_jw=sZ8c)CeIm7e33y96BHyP3UmS6=}Do6?YA64uBSZPbG7Q`)JkL7zz%GUV!Dy5
z+zD02^z83A6$oMayKevewK(GboFY!A-HN`ybH$Gj)<F5^G<n?ZD(G&_^}5g@1Y_{q
zP9lGNmi5uAQQ~F+4L~D?dzWd?Gr$ijx^?J$A&@jp3}SKR*=g#W`#UlJ{Rf9K|NP*v
z&$|k*zdv~Q)*yr>Rfe?$A|SwDU$PT_y}ywzaJPSq7ydhU9d^)p`2?DQG4xIh?ecQ7
zYpE+7qznnk!{>6OkRW@lOC~Q~$d^E_5SqRACela=-3fu4XmT^dVKfoFUDmI3Xe%>#
zDgW3X#(&v~qKKDQG~(fPEsb5&e|aopvcQ}O<m=ms>cOS4jHa9FTnwH-O%S(coC2yW
zvrMK-(&MwU%WDCq9%H&OmaAH%Ve_?aM_UL251778D@+GdV`ml2`jH`^lNm*E)uc%v
zR6v&-LB3gStmUyT+`TF|dR#a@{;b;@Et=t9&5_C4KZkmaFsAFDZ)DPg*?K5o&8Ne5
zYp6lOPEbG7hmspuXEx+I``H0ApuQ=2L*F{z^3sirZ&jK8fQ>0jis>OIC$Y4&w8_PB
zDbQEty|Ha>2DhqaH{&-9@?hy6y59e+8SbFV7P!Q@m>b^yXv<H}kxuFB5gulCQC#nA
zF41K9HYf-z`s0~2wZ+=}hXjilB_4!-^S-x{&aH!SS4iwT{<9aLB<S`T^Hs9pXWuRr
zOT_&AxW{{kb9mjyBS>0?OzxSH#s|E_<I#Z0`78oL+{R2fw~&a)PqB!hp}S^G_NY-U
z?+Cjn>{?S}ukU@@fZvP441ofpm=j1DQrsz8k5+q(mOZem3SVU{5rt>J^qd&*5h(Yu
zgqIs=2@ia}ppmxs&UMXpYFXCDd0bo8?=>a9P8Ab8hP*=}HHB%4{1;*Se|Lt7+8;ae
zkX5VXubaHX5CCdm7^2?>KiZ$mgzT{~(s&Wfk&VLc_AM?_eS@rE7Xr%S<;9-x>29;r
zT~^21mz+zzbJb>+a5#r|B#nmzB_^hOdyQZXWi6_9Wff^d>It&^GFQ^>`q~dkt6uXb
z5z(P6D*VkD>NT2yN$hC(im73jEe8Dq0|BS<m8v?bCbe7g-ve_i6r?bPH=50i4BCXt
z>q8$4u*(=N5t21o-9&FiVAn59_hEc<TEnp1QS9>Povm0_s$#?jvhzmyWm=BsCymlo
zuCM=x^PnVs2gQiFBO>|l@r`E$fv*Bb4+)T{5<!UPmph{pK$nKwsFMg}x3RINk~Ncz
zMn`GhiTPqKEqTf9yLv_G!{jd3joL(CJ=}WmL|HK~j`>w#^`M`hACC!CGGz~>ik*K9
z+0^n$NlA^pmscV2-~Rf%0kmkECrJU_nb6&Eg&}a0Lc?Yp)k<AY&xZ!hp4d1v;>hXg
z>9$8H8X>}1El*SHf;VezA9N(g_booErxj$;Cu5p>`0;I);l08wQb}YzIW6;$WN}uG
zkcbMCeuhp?(;WJWxuebC>gr-1y~e9wKM5OXs8MHSw=D+|fHRzx$NAw;lmi_U{ZXi7
zbH}GyEnYommYm*Wd}GOiWz#vlX=F@La_JjBiV;13L-4=3Vpu2uP-n0@Vq^aJ_kbAi
zxAx~}?vj#7_kTxK6PL$%78e?Mr7orj?NIjd-b&uvD}dGTJG8R0vI?&gF0=8?5+i<4
zsvPYq62{8FfJDOmwm|!y?}OwJX!P+~ad}E57dFLl-AI|o_E!vW*gFq)zE&bVbeJpD
z`UrT7Jl?;^NZMUi9)mJ3RQCEho?Fw#pyFk$YOA+L?ZMBVKjBv=-#a93F5jnU5#V3?
zG%(KbeZXd6c~Pj_M@mUasaqLzDO%y*RtkDd+BcHdZc3i5Yjvu<A*AJGN{8saLUmjd
z%Tcp*nht-v&4JEB&z*bG!}e_|r%GEO<=wlCyO9_!@FbmcR~HYYa$A820q#frEWYg&
zu7vLhOh1&O0()#lEu40P4>r|dHiLuM_7^D1H=EthRXI>a3Rb0mHH4~sw{fJKFODG}
zQ3dheb2=?|duy=MXp#>`<gS6``y`v-Fsdpc>(x7Am1DoknktLykB)A(4iszl>^wVM
zSDJfZM*_+J_%SFv9L;S%H7yOjv9VFLrx;TRUoe0l)Bq^fF88LR=XPtY#Ic_UY83fE
zUmVVxAlakYb{+US703v9*R}_e0s|fo>ntiny1?%<M>!lyBo{$~wWrA6IH2)6qE4RA
zto+i5Xkn?dUEkEAezkdC>B=ATqjCy(fu11-w4V&L72a|i)7{}ryEojFPYDMhoLk;f
z@AZ;9DqmA|f3)gs93wjw+|G4J88v5b6i#r}>?kinJJoOvA6h_+h)@h2lV^2)m*o4j
zO+}+CXZl*TR5}5rEx?u-+BJ*uPSh85y~|v)x+^%u{i~b8tCIG4Iy_OsELw3+thy}h
z=j`g4zw-Tyy*aKq?)Bxvg`QJ4uJ{)lA{DBAyQjwIYSMS6+RN2nfH`@15Kyx%8lj{V
zo<%B6C%~>US@y}($ZiAEsLYa9xEb&G+dv4jCRMJD01Lc$`^g-O)?M`j)4iR(`1FF2
z?Bm?ZdZd~omz3>i8n)t;puuiBGqKHQ#PZE4JIO;5PH11jLyb~BV%LcLfsI1zTdBkK
z`4+b;_VfD!7S_`x!h{K5y5D!dxi97ix*ek)MG&j``1s_^P-%1BpaCvBTgt(kWHZKp
zv)qB}w@wr6l^8;BXS}`hfk1=o8Q3b=+%~gJV{(8_&*6h&zQ_44K(!`cc{SfjTv)P1
z7be#Tst9y~#<OVaBdj4VTwGk;B40JEzqJT=k&uv}60-QQq2)fe96su8GF4T~(Q2mO
z3xDAC`q|psBLc`h^;o_6q8)u>Ufd4B$ps!v6q9jWdfFJB&Ai;ZFI~Rnn5x(LN?hVt
zSczKAcS;;lpeB%R<KW%gM<rOUiB=C;D{-IzHt3!l&IEh2TUQ28U8b~!Lg<q#{mEcH
z&u;nbr$T;*2qlmFl$o?D^^5Z;hA78SMGc8Mb*GeGbeWkPbqw0lmxsz2g`I1%7h26U
z_;d16lkA;qC$$~4a;Xk~Azq%~GwmGhle2Lz(9L4wdGAj_(tc#mv)x9<JOFCpD1O^T
z_9#vYuPHHTAi_smB)^E*EO-<bIkq+EOG^7XVo`~T<X6evBes-KB6@feUNTDSCc6P6
z=DflnX9!atAuXS>;fG(gzAwn8rM+=F6Aw*}b0Mahdi9)|u(iECT=PEVJA(D}mATG2
z01^v#nl4EpdI_o<Vxi)`Oth2$HTeNUArd{Vr;OcZxhI;`bm!zdX0he`ZEd;;{J*i{
z-}U_Mn~?umXwD5b$G`U}Nkne~5Wk95>nlIB?TAKoAK&<4C6E|}B!!srSTYr&sNM9b
z*KQbaSVA|Wxy7}knnQ*_ZAokZep&9`5m>|jA$U{=5@tTy<rw?8=8^hcEcX2X?0e0+
z4%<LqdrQnc^(j+M#JH1|2+||_EqpRbRxbPPK%moAnEfOEQ<2s6Px^hioxE(ciV9KT
zUpJnZ);_F_0Y~2*9DPe}A|Yb&mzbg5-qW>cF7XNKcLdlQ1KaC6*QhyLm!Wb(1!kX%
zn+mXoC?=^F29qtZ7owhpM4W2eSCmcTjA$qdvJ)mzkuze)z3i(y%U1EO4`@mrJT$zo
zQsR|ds~urpXrd@!;1hp`;@KkJZJyL}=oG-Qo<#w0#gU=F_%w?OPz@@BK+$L<_PC@S
zAH#;nZR?&uLZ&s(<89|aQcgYi>ODp);?A80%8Gh+6wablBvN^l(Po84o|7j*V}qP_
zr7~138#AgLn1`;FXw4J(P!eP#kFE1gKzKtYB@HF6j)-uMh>b;%cXh->N5A9cg+jr0
zpa)V8b9XUN^i(3EVJsHdA)(&_In1ag=jX9(r%UoVs$U*53;Aw-aLsn?=j1NB>-GOE
z^WQ%T@jzI4n=yFm<wE+Oz;i4ZfFfH7Q$<xdD8LC=YGRS2nKvTyM>g>HkoG+()rApL
zQ{!a6I;do<1NA#QK&2wxxj-Z|*u`FZ;*hpMLW-+-X*pCeIk9pr<OqagAsMy4x|3P+
zGwGJRO)HFe5R8>jOS_A6!obu=m@RCYRyuD82}2<Ejua?H6Y6Db@QmXv)`+Jgs#bn0
zO#WmOTKmQ5n~wX{JN~R+HhN(Xk4#nVLW$eH-(Z_MV!lKrrFYB_Y!I6)+87B@W|*N0
z>JvT_)!lI$*>cEzK0FYweTp1bHd~&;MQmytn3}r+$_$hdVwoH7H20sYT<9e<#9m&O
z;tcIDE@sPpO`nTO1x4+InX$C4la*w>YXt6`ROOrO7k^XDHMmzNaWxwLMyo|94>p>C
z@J)4m_8T*@kyE=EQIqFZ?_>X88_&PC?PxP$Y<_z=kYoe6*u&j@Up_ty{J<F6pY}qH
z*qZao6=R`Q--5}pKhsGDq<M9Y3k#p533}mh4~Va&kZOiK`qz`Gf&LFgIsc*o044tz
z;U~8kN+e@(ET|y`AX)Fg6&Oc!Kv7!saobHmpgrE)f?$Si(liHL#CMa3<H9?gk!`cc
zWoz0&waMK^$p6|{r^Y$~q^_cBZj~^hdc7$tEsDu(C_v8=FrAp1ie=gz%76>BB!XVJ
z6<*E(HAxmfo`Mp1n0oi^rExAB63#&tq1Z*p9f`Mi&88g6v0VZTP12TvFX%@Gf=_0s
z2{aF9p%2GCXc0dd9tf<Ipbll}Moi<WDL2Lz-<^6RS1Jm@7zyjeOq84F*1J7hfJCgI
z|4dqA!hAd}1hKIeR0oRGf1c;w_y|Z$3w+G!xMWOUCd|w?2V&iI*!}D|bD4;~PQ40e
zjLEKJ1nRuQ2Zh?@)E1&6v}R?I@!8xYw4S>Q#9=rTy*duFRrj7{iP9}I6ImNJI3rA#
z5@Yr3Y!5&u%G*$J;|@UgK5Rm9O1p`Jya8vl|D1;Z3$h5n1X#tb?z7mP#_PW@fLnD2
zSAxaVbD+8dI9n^!#W_V@^8UecD>rCg>@b*tVgzKP!N4B6e6Y<1wA9;DVhwKVI7;tC
z6*yak7&z8?=X7#YD%XVEHV*(*lDm%LiWYGq0!yA+1I5U4APK?vMl$8?o40o=pW}k7
z1eksJe`f#TyG9JOGTB1QOyL{>7r{ayl5pQ@8dt0+Sy_tSUx<P%^60S&A&rklijqq=
zmk^7?ye#+8%0jw&AJk7Cz#~XG;e1w?2C(ErV|36vfrTdOpxOgSqd%#z*Zpy3Iu?rx
z=?cB5Kp{gU8j9cEQ#eJWF@^upqpWjT@Fw+c_^!pLwdXMvOo1~QPHku})?J-%zKQ8H
zIJdE37OEHEyaKe6=$rMu_9f7|g=h^Qv*mbi9t{8sMEPH`Y`(k*Y;UKDzOn9v^bc{k
zO0d<p=$VuKD=H@`8SqCg7F4#v{GT`_ClFXGyC-#X)_`jZ9keAC#2IqMK$kOOV%p8C
z0YQkz#u(ixXo|qk6(w=~6~l5cC3I`1ysJd_fxr*;SY%Ld?4eenrM>Wg-bMzm7$-{J
zZg})ZNlloglhY_rZYX_XRlp;BiHl-1%JG@M=Wi{5$Xuu*0-~^}F&-NY*qU=I+DqNT
zPm(F`AnBb+b&(V6UTR-(MIakx_MITGfRdy^+On@Q^mKuJPg>?-#nSCW{IlU3q3oRO
zq>rzib#BEaCC`Y{#@n&yxt;}TKlP-0{ryO_^y&^bTH2x}-H1$JDmk@Iv!|GlkO&W!
z5pU%tV&g>qPSP?5E0&>j;B@SF|8O8LDiq*@z%x~6W>R~~bz9YdOf&7kHs*i0lOz1I
zqp_M|Gyh|E0svflSw=T&`~LYYfLd(0AjC7sEGcKie|b^f#FVs5p8gUf>j=CQ)Mw*Q
zfZ!a=r#8iP1U`ca3_7EG393Dt0&<^yvw7dM58Fg_zDu1i&63S?^>oRl7WqK?`ZxJm
zLM}n}+^PR~3x^Wb!LP0(T#ia_<qY|MtXg!mR^UO-e|@qh2L}M<>?KUMlJDj7J@n5Q
z`>Lw(afs#X-2kn)6G$l=9`7no6PU_Z-3>OV0^=t+-6E)>18opGxL0><$Sg>;9WGF<
zE-<*@rQG-Q(n<RAs;&X5m`#0;9X_E|FOJCTu*Qr1uZR6104r`Kw$l$u{;w+((JiV!
z4atE5D_B?e!=>ekBm;sQ5#;Rbtm9yfT_<}qTLL$l<WqDF5E>&(DQ8xRW*{4ZJ0iG5
z-cRVci?h5EClLs`;Z!b`>eqKpm$n~#AUOMLev{l>UBg8DuyfphPQ<Io>f@Vs0DvOr
zAq_CWQ%W0o&!vz<mHVZRzT)j>K7}R6ze6c-l*cI6ns1{@M5e2hE7Q_^kXDSsJ>`c9
z>f>q3cD+F{VrBj0{Bxowuj7e*XxO(vJMHoawN=cT)f7?>)c++c;9LV?!O8y>7R29{
ztszj*qLTYhLaD_21379R_lCU(f;BW~{0Wp9Bkesj`dRl#Rx>m~$70~~a3B!4NIE-L
zxcY(G$+$GH;0T0><4=?kxidUBcwD}m#(Y&a2Vyj(Y;hz51A~a<LdrDJmjtqpi<+6=
zuSK)N_m-B6zH1zjGfd_=Q0R?xRC1i2qXZbH^Qr3S+`-T7P+DaYz{v%@Nsc`}gAAHl
zyi6deYrIGp<n1S9BW;@Qj`ilz|HIl_$3?kq@xy?WC?x_4Qc9<iN+SYNf*=k^iF8YM
zD=0{JBS=V%(j5ZQ-HpNkLpyZ8d%$y!*W<mvxBk%2fa8AFUcJ6+?fq<;1Riip&J=$K
zY5Qb9@f9k=hB92K!7+3AGKTVDiNOyg_A9U;&?}T^0cY#Cg{*oPA8K&>`uf&K%aV}d
zN_MlAqp_94wpZv4{!~ko(}AWKI0Ilro=AU#_b<ofgPb1~d!0*d^IQ}~@Ybo~3~b&2
zqyMcq2q>a>s5ZooZrg*LMm;I0<j*7}F%twFNWjap>xYL)<F2%84zv;BkD+UEgO}eV
z`FNb%yCg0BwkKE3#&LTPQa?BtNh|^&om{QzIEc!NWRP!}XDJ3;;QpX--NohR8V<S(
z7M3Go?&3rxIa>L>(JJO*1s5!-EUJ-LO;QA;L8EHdO`ML<$ihi?^=VEXU#4vodLmmI
z2~38`fb8BwsAD-=X8L*+S}{wd_!ER~Ows-a+gr|G$!=}L9ZCuqsis}ID(HmMP&10J
zkmT=C+MDU5=?E3SHRNL%tl`^V-<vwsLLmZPKJ*d?L+es-v)IdoZ|r38py&j?S3eTW
zDt_sV=kq6H^v#n9sPzOVg73S!-sp%C?wlbxQ%t_H233?l*rb_1z`Bu#Bh5{$Uw-<_
zUA?0PdMQa#I`RU<Urp|3E8m-fZlNj@sn)t*aC*OlUTDxs8x?ZdgC<A8<HnnphCjY{
z(?qMzlHEhNx%rC%vYsyu7(Z8N6v=-7=@Y@DWMK@=N@fjKi-|JAlRaIm_My+Z3^APg
zIOBM@xESCz@WJnG$8X+Xg8+w0=uXEpD`V0CE^xplG`TnmSMTb|zdS%^ah;--%ynml
ziO^w^#yd|=M<s0BOa9sIP;KiMHw51iR{F9mKfzlXv}|eXJt*L$k{!~y6bc$V9h}x7
zTC3I=k8V|Rd#weUHuM{IKc5Qn7|^&~GnkKBH8v2<Q**3w`$pLnnn}Vd0>#s^Jq7uE
zvdQJEmnQ;c2V<fcHg@1A-I<nO>T@KvquEt(vQPqWdW?Vw(Fs%EHl<iMgC2x$)UmPl
z_{FcKIgKT|Q;&RBA-IQAcGlM3;D8X#!Vza~5ElMggZKXCh`rVEbslHdB8$nm1ec`x
zI512yR-BWX;fv=+I#xU3)db!zLjZ0wpp%Ja=?PQU8n{03SEuYhdIBl;e}-=6$!5*J
zz@~?y-XL_#(yG~A1^oc8Xcdl^H*Q?H{i+V!j!@SP6}~~Ae;G{8>pXm1y$L2SF%|<l
zK7A69Q%tw42e<Bj5m>*BVQFc}2yS8S4~dJz!NNPb7))hYS7tS<nn3S048Akc{(WuI
zMYP-+rmA(oARs`_u2qHtZlKP1#{$O%kW|JO)~-0t_g`|BcuctjKlkE4h$^-&C>#l}
ziZe1R=iestEDZP(_Y7RV;h4bAw#3NFNKpPFS1Sk4(ebI?vGY}Oj8^H38!K>S&Te+a
zhD<!g=-{n%w~fH|jflo^6VShTF(2x)MMw>q*$RX5$*mn;$r0pX!EzTMMXUeZs@Pk6
z1N})3GGp-3ge%FR@NP#d6U2T{+Y)bjenHxuEUUd~(?OSpp*Cc-U!*iOd;nb!_aV8>
zv{Cn13x_MtA;<LV<<N^W-}UgT<A+|?E#cHZc64R#7;%<VBb^QraF-=@+}?7)bP;GO
zkK}?+_fRBItWY!Mpal8)V_1cL+<!S6T0~Hl9Z$i!tR9#k;;H(?1vC0Z!8b8$N@$du
zFYTO|qmmb6(0Y+YKZ#@@S*L@}cuC&Ncd8?-T|MBC&$W|U!rZr)t>vv2H^i{3iO|4#
zMsH_#_l-7|#QLtTphWSSXBDr?tS=MWN#%>mB99;bue=&e;OE$q{*qS<Aw4LiS|0PI
z;u#hHlS^h-X?I{RR2l{ZubmAsh;m(*6GJPJN_m_{-=XwW`kgDhkK=87`Z6Y;3RFud
zOC^Uy5O_(8>6*Oasvd7rV#mk3fygtLb#=aq=`zG+9;cKV6}Hl*6m+32wSKaxY~o`^
z*9MemL1w@^H&2{0G+=bQL_;*q;5kH6=d*;my4v;NZ(4g4U?z6I9V&J!WsSlq#hab|
z5x8iX^1&-HdM3laVDCODFAXoEJUdYq5yu=&l=9r68}^!)Uz;0>a~o1Kt-)^SjP^iM
zstUhIB%93V8Tx>0sBaG%IYM>C7yCOPY)Mjzp(7L1r@n`8;es;zOb$m;>>CHh5A9wS
za9BI!qNnN1HcnpN`{7-L9Zhn5s*l2XkA*cuTIKU!L(o558~lPj@g5AwUm#YOkLCP4
zlIxG)g)hw1Ti);1s($s@WE_kozS1r+QwlgY-8}LCo^_vc4KMU~=YRht>t+BQ>tU|S
zK|OKOKqG*Zk#OOmUySh<ZI8-(UT1pYy<}%xM%JUepv5f45qS-AaLny7Tju~F$YYdC
zb^H%Hw!g+z3J(~*8{i)bXHZams@o1SveZDO&}fHZGQ}iS#P=`kCV4CZEElePr@S)!
zuJ1mY+gAfNCy@5VNY7DMrwVXq;So8PJb!B%to@pZ?^Zh3(wkM{Cs_O#L$Bh9CsN*N
zhCW|JB~&?<&NWHA__p`4&&|>ChU>o769h|6PT<`Hyr*^ns*5<$xqdjszD33;N$ii>
zwipzW>pK_G_uvD#juCO`??^3LC~DcgAhXXRpYPP!=SrI&lkT*JtYQeUh*$gT)6i8C
zd|h|WdO83NyU?-zt?9c*Ma<>qFO4^b@Ut=5gX~RU+!8k~%KHUI54^S(6e*q>%uC|3
z-LXOCh(0ZJAbsh4b$7P8mZ5y^yD$3vceEh_Xky-`R*d;g=|x59R~eO<YfDb~l^7*t
z-@pF;dS-2{$*0MxwQ1YB)uYBH)~|ela@24))GcYD&<RF4o|x#=ohw*5ZI}^Yn|GSQ
zwkSAUJ$7@qCf*r)YWify;jK+bGnI$NiOp)QW&wuBgiErUe!n~)kJwDkIA!Go4o}w6
z+h(e8KPvZ@>cMYTnThtH4R|6GHM`U57NG##DQ#F7)q0>QtbX7cgo1`m?fLg#ij!z-
zm@hS;;t+>bMQ3yZQ5014FBi*ZUCPqi9hjUqZr0_vs&m|vLh*WshVH08_i+TDoUFn>
z2)D%c<Mk^YTXRhV?4r+!@R}w_D(pUn7ekf}A^Y%LCr(qbW|{+>#AwuNGW|ezA$@7n
zcsag$ec7mDtP~RG>JL=%DG=xsV)zpKC$UO0?xT3^Qvgg!e@dw{GF>aP?M@Qv3>jQ)
zc;$|OGa#B4k{uGfAiolh+(JaCXC<nfC*-;cnVJM3oIsR1z*C^cFgEYIa0V6!S`~Bt
zV`XY|0wYrDx_~IpIzF(4V)dB~`S_XZXjVic_T#H_F}lHpqkTFt-6HD=W%{8<zwqXa
zON#b@LAO!0^dWY7*N~4u@hU=F+e@<d#X0t*tis;N?#Yn<Od#rs!ZC(|HjPa%GGO7=
zz-R7lh}|eZv$yW9P%@V7#@OD@QTas68Q%2&_!%h3eH0lhv!WBI+H}?z%mxWOdjrvS
zlPKZ~x%<fVbC7P{6Rjj{GZU!t4Q8mha%vml-sJizwe!l!_keELN^+vgJ&ZKkfALPS
zZW3jl-}WMlm&&cPorV~qI=FV*6ns_)q5)UA_`BVr^TDQ897S{eoWF7qC<{kE<Km6)
zeK%XN&=N5ugKp4Gf}3sb+03^{QFSf~UReK~cb=kMNahW{x5>~wV;w5`3znIn_0OHp
zy*MR3Nl~>hOrFsO07;?~%>>xpW|;S<7k#c=Nrl%tMksqu)jz6wCh=$>@eaF1L^hu_
z^8ZnLiqa#g=2oC{|4I;u?x^yjGD8kfEeWV*PiteI&Al=*pyhNo!s-_N^6xxA(tGbx
z8F`(CUsr4p#+mXHyvYM9)XeLH(RNM9k#I&OB}1YB`JCIRHL6%PFY=Ah(0PjwzY*k7
zeCGZSQ#z+q)al~cg6vS|Tczg@)VuPsc~@@p$#+9^<brQk<2Y$NMXz7nXsUR}ob#?w
z=DD&9?3?1(z?j@W?Rk!M#sbBLg5Qvz1ZkZ>$xDC&QjT9HVbnca@c&N=JLTmIz8vKk
zQwmr}(2?9$kDa)vS<LHcCVb{Nu0E?<^}AF}*$1^iMT;L>rt({w!ebQrHyaeq(bi6=
zhTrGp%`<VFiHYtKa4K}scT`3f>jNmOl!`A+iG$tv)7O!Lt6Cu2{z&a|zme_Cm9p_~
zIf)LQb2YyrJG1WWpNUz4A`xpeMo9FdK*^4!@U^Oy(SFdMJxd2;?}etSwvr_&^{2N{
z|EWPgbyRfw=YlmAnT=-)Mj|ycQvJ&So$eb+=M9-jPDfI}ZN@MZ?c4x#O;`?1T}~T0
zN|V%?4F2=4EE!aX3o*+*Dr(19$&eySxsNgNqxyb8bcrfbM3E&{8>oOZ#mhj6NX29A
z2xcV6&xQG)3yG#2pikgF&liViPb$AS^EPe7KzrKQbe6&hXCyo!OHuWefL_s1bg)O-
zMP_YWR4tV$6h`5H3&B%V1?Nl`^V^m(d(OGWjO5z0s-h+n6S7-82T-S#GGgO}>>2!X
zIpgF%^Y=wT)4w^h)1V)wS)i5yTxO(kQ>ZzTmY+8K&!?N%WrrRbenFlssb|Y$H_Fvf
zOzTGFc^mqna5!%;JKoa8KvGK&_HEert<d!%!AvBFbf4J2*8)s)J>Pq@LSm@$`SS{p
zp{Qh^dDX_(h_)`LZ;TrzhT_GE^cJxys<8&qC{WJ4y9I%N$FpCAEsB0F6hZ>Et7nvZ
z#UNMfC{Wp0F~Zm4zw<zMeF~%507)PUaA<okCP!a6AUH%lAt&<Eg#X$s*tS>Mxwi;%
zkq;F)r_dXz*Bf-qx{sVUQn8?IMy(NOUO1%JMBJ4}EvJw5^Jv8TqHMpVVjyNN;J3WG
zSel;55Ja`n#2-|w<m3dxD`F|)3e7KM|GkwE`Ew7=%OrfRb4dRDsCKnZNKUwdR0a2E
zS3UyX)}wz7niTC4+{~?mPup~BT5oppVI<WKa3Pv126z-HmKo}D_?KdpZvN>ZGv^!H
zQE@y^3`Cuf`*DiCxjVu2;1;S@c_~>G*mo+<(Guj8Ax#R(f-m^8R`6gk&3IVIpyS%T
zgGJpB`T1R2-|ccH+z($BZGMGcs8MbH$ji*f0TPD%@#F;SxOdlt?~|}5aDa+Fid5TG
zEXf)1w&T(dra$N`3fdjgmwcY(codudH(k!PYK|Ic?LAf{!ostCOK|Jqc!|<o(r|*Q
z^yR6i9epPii3Y<#2CPd5%TNxf8&<Cd1_s&!`LsB8Cmk%m?$2(}Xy?u<UW!b{LaX8&
z{xK?Yn*NTAC%ZuoT6<EVu~mABzpDAtA2qy9`dkS22FaX$rWl3D6eB4IAxu{nfC6nZ
z9gM*C!Xeu0_OSRw$3Oe7|3akMY#?8hINrShbf-b|IFFqbHN;xwdYe4oBsCiwn^#op
zf}HE;u1tF4bRz0HmPEP3!^+i?%F7hIa=y6a>^XTQ&tA-v=htdcI?cUrG)?+fSVgLc
z;-mA>+Wv8<h2@-&vB2jDZE8gBGNEdLNT`*Q@c{ctjA%Zp*0Uq<>?b=@E*$W&;ya(d
zf{`OR4jn^Mp_TxSA+MY_*Kc7H%n;vLZ%GRZrLZ5VXWv-i>TXeiXkK^KnSbynTcwsf
zf4uG!COwRE>w1HXN_S!l)HN<tnQUoqj##m@vF|#yd=hw{GlUs}bw3O!656F#7dP7I
zWZe$7LNDM8Dh_Enyc0Y<vayDzlP(lE&N)rG-?hGvA(wJmr;@IH>h+eVBZgo4nK~DK
z^hd6RiiDjC-j{=e=?c>)eS??VKSHBfwP-gNIwLtmP9Kboja_kixJ^5}oi3B6G<~a%
z#j%r@2g(4t7rx;Apu<|>0qhmG_r7$z{oBTVF$vLk=o81a)@67Uw|EP@&%Pm=i{$7~
zEUV~zTzs6~>wPIt2yhuQbkZO$NP!!Iq@?A|^IZ4p5AW%F3@qB|H6dV}#(jSG*rLtn
z?_)W_4-U6hS!$1(IP`~BNbc=7Gw8P~X^8}Hk}i*p@n09TEyFECTsr>dV%ZMvMLRC#
z7sM~r(A2EX6{=`Ox3^mkiE`;JF^iQud7jFuRxnZ>>3F%Yrtymk;uQ*XhB&W2$uMb~
ztFrDA2ROuB_8l>EiHqUS7Ig(!)T}E7zof=r!YUvDQKg{8jFPLBAn<Z;O!NE$CG01@
zbsX;7<nY0q=n1Do^!~KLLNA=+CKB~l;lovq&H2u7k)t&}uc(Xs%6HJJxH%S*T#`Eb
zLZv84xJ{j6Ir6o0$;n+>LI`iAzki>@X1Lr(*QXELltb0hiB>mV#D-TEM1P8k)oxpf
ziY<82gae-}P0lS?qK@~IxJ24QOEjl1{BXoiQ~RbDv(tS~$cF#aivTv*t97?&_KlVX
z{B~SE4buOqkH|Wv`Hg?>xxpy%0)^D#z22oP39kp1D#$|@CYEB2&O7ZYJL+(H!OY7W
z-Kl(rU2`VrVreU2Vl?D3S{0)0`rXg-xV)jy`orTf)!Yt#*!Iq3hc0uE!?-XUU#sQk
z*J#Ckwb1K7ImqdT6$TsHwk$B`;D!wjtFpi<8gilH-&GLaNcmKcuer3;V^O^zjd{Lf
zygT6r*?1jG^vAGr4VjFfJ2qu0wcwmfkPxYPFF5r}%XVf|(oW-=gAOwULJC+U_byiw
zRhXEge1oZ8@oFR4@G0TMaKcFB@Fzjldc5_8qjIY3M{2dbd@_G4Uh~LEwNwfU^mhC9
z%AmS$u*R^#j?Y_5dotf%e3V0@F}+wJQ-jp!Iz!Q_W&TOP15_2@bJlBC##3`7=2y>8
zBN~Z<v9x3E5&j|c6TAV%*XhC<)>lT;pGt*_ejf(}kCvu(`#ZiyAF!YW=2dz(yzXDp
zyEN6d<5YtH=2Js!BWu_*LxX6_Om0EI%<bz_fO<rkE{>^G>@MmLb2Xz|8bftX=CB;y
z1l_VbO!k?7SjBA9k>sZ`pgUqfSAf${-5Ie_sI1d;m|}96xI^>53>x=2TGfj`xTpkV
z<;GkoDeFtfm?2t0oo~BNdeai!k@!B(F1HV+BVFbV`+FjZ!fuD{A>VGTs;^gX`mU;V
zoKAQo1#j=eRoZOOs=SBihQ`fUnkgKrG@pNObbxu+CNY?sw|g_xC7j2t-yC=20}xB-
z>saWC@AIDLP%S<nmMqYGERgX&BPa(`)_{=lwW#&&=y{#w<DF8qR&H0_8iWjzacSv9
zyf2wotl3L>cz6nS7U_F!qgd5g`CsW~FfAQ$rfYU3gG^I>^>{;yp;eOHoVB>PnA37i
zFqWrMB8trvA7Nr_94gCEezz1omi&)ucm?}R4I@#KRnC(IMQTu7aVR1_%SR#U^EaQR
z)x~a<uER%I?=wrjjLr{0;b71jYyRY=tP^dMK1g#7E5D$^ZNImum2>>^w-{spiW)iN
z=uJ@gz@EB*cj|;tCEA8vrV>u=_ttjbe|@x)%Oz0VP5x(gA@d)=E(;!U_j7h(bAUYH
zn=)fJ-9;oYA*jw?E}4Rk<{kq1>|I$D12WZ=0_9vzvzaF&Fz!nyJ@0Jf@MX9%9?66j
z23bm|X*WkOFB79`)h`$3=WCrzpB^S&ex{3C*^_Y3MsFyW#Ms<?z20;vSIv4~KN?*j
z<j;D~_!D$^%j`M$lS?Q_E{XPieiU|AINM#IvjN4ws85xx^U1zpKok#JmA_=7m4wcP
z%rET2X@-{9g{>)iX~@8k5w)_gBLsP2%$?u^osn&Q`LYf}kP|p!SkyL@&Sj+qm0Xfb
z*vr@07~cGlmnT%l;>i48!WSF^6b@)rGTNkb=K<Tx6`AhV^sz+SVk6n5F~+?AAjJd&
z$Wdz04>tj)P(xQ2|N0&0cLPI1ZQyo(Jp>k!zM82i^_$zvmm*%qc0T}47)Nj;MO-gf
zXy?<V3A=?v>t+ffZ;p=tqTmnDB_<hp|LM8J-Y^1*5r#8WHeF8*MS&KW7U^B{GC^iN
zlsuF`n}=a!753qwY4IO`TLnrQ*}AS!B&H=sY^|x?W83Z~j5M<uF)XT^mFrWKGj^*y
zr%?<^j)MOmZ9a<^6|L&~<5?gOYqk6uSyG~jK~_yNvW^f(b52+T7_>-zeGhf6peEr8
z`)2IL4IC{mWQKObwdK9N*F_?WaF?|jmj72YAkmz*{N6Af^lbT=HWp}@#UvSww05r?
z-fC<t=0E)$&HrS>Poxcu{ms213gT$t@1uLhuASR}`3OT3Ohs!A@iuVU^Vn6tXtE}n
z*iK^AxGh4VKDO(V&tZ;6e1HnHo5enWtt5h|X4kE<?pClME1!mk=Kqd7Fl&$+*#4Co
zj3Ax38JB9xyR(ARD~_b~rl)8Py8Cv{X?Snia3mIGnKq@{R<A4FI87pj!^GpF;Us)v
zM+NuY%G2R*h4*XUER&kzMr42dD1BA?0u&Sfx`nm}qPGZ7$dv6_Ssl85-lyc(nih>&
zcly!{IpV)Uv|Z_K7CK~d$2|&ii;EjV0(FKLGSzUqk&JI&&KHpE5?nU4_afDD6g#nM
z(yu2qc=X3){RJ&RN}9L%ZQo`66-V`N0R_|#|0bwkRQ^%=X^aOCxN5j~I<`ys3oPv2
zS!SxpzWqR$Fw4N}vo2o<SGQmeBl<$ZCaKeM9-n^!d+C)@DtqWG0=!1*2L-4eV9S%G
zCk*XTY=wodH1myDB$XiA$;Lc8g&3RjZ4uJzbn}-gYaXEe%+V&RrkoM|$w@k-j-V!(
zvm`y?`Cn>tTwA8)7eq*`c3vN+m>~;3GtPv}cYQvjLXNPHOre+2u&*jTKiZSmuXWpv
zF8005)M6qWcSqc!R@b}g2qB9hEux%ib^Kzos-9j+T|J&@`E56S&3<-Kaq;M|PV^=6
z8De|4w;hmHB4ApOt={GvEaT>-)tWON&>Ch?n?3&Ds$x|Q@?++|^5ao#pemz!cNMM=
z{sqEpK9J!&bLZvQpvWa<o5y7V1+_tW_3jh|6Uw6sDjfO?SovWw`x)^T5q^}e)IZ`F
z{^<WB!q2fj>uer`|9L)cfW-O)AuzW#g21gA6{oy7P&$jMA(6D)>>M*LSx?A(w!q;+
zZN%d=NxK-hJeT0?>&x9E^{+_(^avQ;8M0PUwG=pU?#e@?0e->Nsr(j%Qcz*jm6*1@
z0&oZ|0I4{$b2+=1QMF=O*8N2Ir2+iO25u>f2A6}j27m;-Tli3J{`KBD((qe!^@{lk
z8#qaX3Y}}NH8TIcLGtkpARhSUn`E4?L3M;62EfMtkmfyD0t(bRo9*Yme=Ao+-Oq87
zh34=lKiw=ck7%ahXzCDG?!Wf2*8?bd9^<_KYyrE&eMlZIHT$-xFaTJbF(%y0oH4+~
ze&`_m@#S3pQ(`Adt#uCG&8l$BVV>7^jL6!KF3?&d>I~LtwwFyJ6ix9)Vo+j{*Jo2f
z?l{{<WBMm1V_!u^1%Nbrc}kO<uLkmrS(l4XHTzUJkr)G=xo7ST@Gmm~Jmx9a0N_Ln
z5VGHLr}G~PIL;xRAK9eVKIbZN6{tjTnB+b793e+|BSB!bOSJBBs3G8T$_f$&+)+^_
z!Jw|oVa<Lk_eTUI1aiKnlRn*@bJ@rsK{C3|2N$0{!q)<7=55f-3{qe(OR(MJK#Xo2
z2B6X3%%rdXCg$_am7Qa5L8iE&9LV*&tVzn|hi3!gj?+923pA4jYDn#1cT}$<YxJg+
z>tPt^1X%_E9)sAdl0sL&=DXu~{)h(=ke(B2^^p+ah1|TNG?G`Pyw_8$^gSWFD&+pm
z+S<d^LS)X;rR;%95M>S?o?;125f&uS+IP|QWIq!w%-nJaka295xAaIT4*iSl`JT`9
z=x=q%7WG7dGH2=ezd3slCkU7RvI?G%UQpV9P}n``D}1kDWg1tEBoq~76gb#TX8Lr1
zEov&HvFA9+Z>Rw^2Ot*qI`qN$lO8gGFUv%ES4(?B9)m^oo_7zXo4V=NGe^8a@;VEA
zTY^|`|1J(tt>$Mm3V&9ur+~~a2Vwl@MN>M`sFZRmBbEVH_y$$WtpYz~Az!J)eh2`B
zUO?q>8XM*G>A{m@Rj!TxnM{0uYiv|S?q1jop_TrrgraYeXl~;u<G~V7U5?}_PcTJk
z>Y{0IJ<jAsO~7}YxcGw#Otrk>8Si|bMkM*J08fd;m*{&FkAkXYl|zU)*Vf++`5Q84
za}fEoVXBAwbAyUT$YgTM`FoVRjdFPI?NeZ=FFhg2lKn1_VPUHrkF%w0uK<-Mx@h^t
z6Rc0H`1UI5A9eA@c}{5kO4t5e%rB6r`JJv8Vg;aEB0-jFr2>{E?GGR&0vsf8KxRc+
z;&UADz^Xa}s^`Z4+sa-D5`ZRL++bdJrrkX!dJlMqwOR;nH@rUQA*z<o!R7F=xG@tW
z<p_YHwrKzvaY984l9j-R2-d1Uqc0Lj7YR@+TOQ@RXJ*4p1cb@VQUajbpE&j4Q%5$a
z!24yb85*+T6@gSTCnhe?1bh#O)mJsvyO#q#sJ)H(Gb{Xw0M(Pnb^a{W828U~GX)1J
z)iM7rz=<U!KwvUn#K?gLV*&cHKSXg)0f_`VlMDYDt5!N^EpxFi6Dd;rM0t>DQ*mVC
zSx>NpSHX!8bR&@zdG3|50uy0wH@VgSQ^>!-PCz9dAmJI%aBFP&a{lj)GDs9X^5acC
z-?OstK9?@>8R7>j9A)#+;S^vT7?Cf8|7g0*QfEncj`dPR*tz}!kq^>~;Uh6Y_4v#x
zZ0ZmRAPH7cSB)sJP^5lwsPP|Hx_ORDNW9R~`Kdj0V5!e-PY5~1k<B{^BZFKtAYf^*
z8Zuas0d0h)D0TS#rsiiqio(u|OO;27N>|R8Lvo+?8nP}hG2M&+&6WbB)nL2{ZbxcL
zK`t-npK*O!q#s0qK77ae?tEz(FH?6RVc6ko=gr0G8nbZw=H2^w4EgXgv{+-De*Zp-
z*A?LIRBk#xRaXQ`j?*Ul{g0w(R64I<q6Wn?&K%X5_I`g#EzW&qMrDGec?`7Qb^zDx
z@>5SPKqB3bvFL?k?%0JDm9WcKJ=&!mhMAa{=*?v3$R^hur<;~a_72OEaD?rH<S;tf
z<EFW}ITM7~zC7Zs%3?f_hf$Lf=<ELNcK`XriDU(;U-0>F-Y^1Hd{B3TG!xm?wl?GJ
z0BC(AyQt?dACHE*I)jfNUMVVMx{3wye;Z5Gr)ppyrU_+s6!U}-KjD=4Gs=q;EiHl8
z&*Vr7unzI&IyDm-00VG(<YEBwn~nU+&X|SS3XQnry9i(3{GGs|blDH>Z40qzRbSXk
zhk6M69P~MK*tlvVM%lRZoBWCUDlJ9S^asUw!MrVdh%|jmyK9J1m`=1Tts<QQ=%|PJ
zXT<zbJdS|#PS*s_J$K4|WOjVtpQ!8_vd2bT_WAZLH0&pSz~)xBC(hGfQ=eSnW5)`k
zmxC>KajSkvidZ2KZ4P-|z5-*9<G}^QXfqc-cZteVa@ri|=ck!=ewz6|5j^IPM*e^F
zRh|qWZR}Qe66ra7llhZQ#SA3am@$f<xH_LfucmV{$Q?|vEAK%4KAfc%<F7EW&vO{W
zXmmh}?6u6v0>;_5Zhs9VT`e{}7?8HV`}OOZ5ZW2YXb7F+be*fPZ=#ZOE!@2QP77s3
zs-M1nMU88<N+-G<qRy0Q+lS$Zs~taUb8qn0&(_3mA@}bevmSYU49^_#hM0PSDx%j1
zVrQ`*0s54EAh-@b;xgJG*#F+Iptq0UJ(TQ0!i7AxtIU%wTLsIpy56O>Mv@)~m!$*8
zgD0_rh{)r+E7tB~g9wnJntU{F`y+?`b^wZRfy4qs&-$|<lX^>jS0C8o1aOBk<|N#8
zEKcxG?fdX8__((3Wh&!o=k-KBv+frs3-BaAO?FLZ*pV=*7EHrsj^ei<^q)VbjA3L8
z)dkRyf%r4FiyA?NiXH}{y$qV#KBrmA(-D{kJJKpwd*xH%07zH0#crln9)Wp(&<xrH
zULmMh5@fS~bL&r^kP{?1$ntS(rkGjC@v}1WOGtM&uuA>&3AQcGUOBlI+V0%u1s%NN
zcQIqXu#?iRS|>1=ctX_2IgL$C!(ry_5WM%JR@XYMxoNt8SMet`p4V#{j~w$$@}Dj(
zEp?n8v~h6K{bHD)tBgc)+Id&kfbUqOe+1@Es3E{8l>%Pl4&YQK%zvSJVb!%l5_`u^
zX{m#*n%utpgC6se{s;;O?vjaS#Q?e;8<Y_r=l5&`1TWArlZp1lBwtYpgk^U8LRv(j
zXfc)}4^JTBCK1WmKu`joE&^!q{#5|u6dR0)=6!14UK~Z@%grZkw!NtsoG>2;{e8rW
zm?W@i&80RcJ}{(Xx~!x&G-g5w&M$>bRXa=XCJ8-A9v&Qeiibz{dx!-a9qTB*dhA~N
z@&qkbz%t1#Um|b4ugSd@+VcWA3G=s%m_eujF43%k9u!ffmN>6b&}fjN4<zALWa+RD
z3>4C9T)d-X>is5)UGrwR2sr1=Et6Qe<Iun!&D1Hg&pM34K{}x?X%%vE0aK>d{a9X5
z5Sa`8XM~Q(sly5Xp;q|pgZ}(*My7>#Ra-G-E8pMW6Wzvn;^GOhArj{v8v<$a_8L0l
zJv3}vz@eNpKNn(pMcL?1yK>+BNxiv6`j0u#X#MtQ`iMg!^N{Fvsfy-L?dh`6zNv1y
zI$1w`jS9Wbt3u}6Vm==XgOeh^iaGtW-Sbab&%E|8&9^TkyBT;_J$<94@G&PR=h-D3
zq+9tbWxaP1P!x^Vo24udI&lXVqO#-XI}=UYfg}c1gfJvgytsjBru(+?D7L4EwOjKG
z*0uC@_NBiU<8Co(^ILBN9VtyEV-O{xdFyeGs6nT_DS#w4psHQp6JDO<ae6|WB^LTG
z$}GI1qDW$moe=>2iL?j|91IkL|6*H=L|!KNpihoO!Ss~r;z3r!iqv1(g)3RGOaj~T
ziVA17@yqQa#p-Fe>~SER74#gXa*toNFE@if9a|8)P&GCd6+2ZK^)Q+pm(zCSwy%C}
zk+0~#Sacihz;qYhpCJv@u0H?*0e^(p|6&f3O$0XJxz|#Ac^^A(`0q!_?0|w1jP^Jd
zE1N!lDlaepMf2atmHjf5%J(1O>f|SIRnQ%N%4%x9dRtF-1Qynxw>1pNM5>#4dsM6E
z$%PN6o~V&s_xJzBtY=<Pv0VBF?Q%$s0FhH=S+xFFW|1P9^#VDK!W?ZL=?YM|P@vl;
zep;3jdw2ke*qe4+_9*B;$AAO=WPBzcz2qM|l$OjE!w1QbbLP0CJ_5UP@kwiV3aXZc
z<5z$cg<5D<s=UQ(`o*W5xjis-Lc*cOO4S)te>-pxvK?_g>4x;ODRRK)km;J{XE?3g
zU5zYT%5Va{M>A3RIXXcLD@aQ!6*e*BAA-cjAU87kk?W=kaCC)G;QN39u2_5FJQd@@
zz}<LO^zuE^HqQ0WJ7Y=^b%+?+)$^|Lua4Z+s|04wsgKaxd>RN3t*$&J?EZxtqSU@X
zJcKj)@pR(cUtccM$^zxN0)!~@rAy`#k`ga3Y06*M1N;V~BESSYnBT4ZQ~N)u1{ngn
z<7gmo-`UfoD8STNz#dbXo}`NQpm6va<u;CGf*G>^bOE*`&)<CQqObbJb&4jOvF3n^
z_w-uo=l3bAwu;F*O6o*rSx|3-S7&t~D<D}P_4{nWRcx}EVq5qXWAzd_%q=SFW30=J
z?FC`~PP|*#dpK<}I?Q63?6$Z2dU|*c(K^nm{lCbeBhK1Efu1KBgfqn^Iv1**uJWi>
z3=rE>&`pM^0>ASFS-%l0M_z3t0*@UWDv^s~SG%cM!QIlM(;#>G4-W20Tpf;b%1?VS
z2F*ASe^~O~L}2~HPcMHW<byNleT|9&D|*DacZ_dP3svrXEW>?+22eN{GQoDTlX?5V
z8`JS)BzcBaou^k{t%t|n?|Ltq@&*0bvuAqq9nkcz?<#upK7alqBW3l=*Rtf!-2}AU
z#=M=~))P_<uQuiRcbO{6j;aMTFM|}?G=I}FFjv?pWNW3DtAknX-=*sd#@inCuKP!Y
z-FhGe&DhPi0Dmg3&4;o6infRrAfuh}&zke6!b{+6D2)hD%5!MpZhcp=3w(!mOVI#G
zHd5_%=%grGIl7~<H~)i%f}y8Gb98;vTXTa@Z4Y15%e0;UQlmy?QA^K`xWSuj84K)0
z<8<4a6-ZC^ql2~lyed6UL%be=<?lR5Gr#(Jtv;t3HrP^^lp{OrT;aM_M2Emc!)}xW
z+B@<D<9cfva=@d)gmf;wd)wP`U90+oOE=|?lcsrIO((!Ef79bTBu45r6YjOzcRjp1
z68XA?hgYsl5YNio`W3tTKnUh#DXYx-86SB@=VyNf8%j>9>N5+e0tHz*G8Njg6U9St
z5YX4j+PrVzDPh+%aUZP|JdM36@k?wz7bs)4sJwiht+CN_)vu}9g`B^90dY$dnUIb~
zJ*fgUgs=L4fLE5jo~aBWM`nE=z%a&RU}^r$EeNZt*x-e)ZGA%}9hfd`mg*MX)wYU$
z**8YVtTxV|s=urRY+E!IdmzSiokvL>V(L=?6uO;uTJJyl?_o%@$Kn{L_otYNoFH&Q
zmYa<dDHc|xsRsH}6Xg<`R4h4<ys}WW20u!E{M8rzAz6HbEIfc)iF)V>5#)Vn4UF~|
zRsr|)--gP5F|ilGhMEWhOY*>&Xs&$FHrNC*SN3<o4XwQmG~)GR-Rr;b?-z^tJ0bc`
z19*z6RYG@VhBz2EOam+d2TL%!QH1y$T>?d=hqBV|?*F&lq^SN>K2rcMnuhBNA)z5J
zB@D-Ml!UUwke`EZe|q>|zw`Qz({Z#UTlqz++J)4i>5iJZG7*q-Hb@xh*}}{KO|3|p
zoQOmI+5CV1q;Q_%*-+QDk25=hR)7kdVm9#Il9_*)6#bXRt6?nGn}R7vwMgcdzTmwP
zV@iOzUXijOccG2|B6~lgiv8c8{TH`W>d*#(E1ejiW$CDmGXN06MB_tbv|+>tA*d}a
zsfF%$Q~S;GK(sPHTVnvA)FpZSK9FK_1QPY=Ljtjne0Tp3`h}FR43lCfsus_S6Hvp6
zGmTR%OM+j%09FJs%l3ZvTg3X)kB&$RfQA7!7>MF)O%2t7LCY)?u!Zc3117=$;}!_i
z!B@WqsS}QmF+Kk}4>&2R83uAmYh<Q-!!%IvPXo;VNk}As)qsLVPPZ}9AoDO$;K)!O
zcAQUK{Y!ekGEvdi%LI4h=iq8A3N)3E|0&Yw8y|xu?hfHN{pvygi%5ZEL*XbvI}<C?
z`*i-M`+xe8I_MwSi#TsQE2arr4HHC04GE+#T%5}#_%BcU+bV&sd5RWeI>HG8`Oi8_
zo}I7MKypO}^0{o^XBqF#_jy$^#p4uJNm=<8vb6+mejzoW`*7a-0{e_mO>tNk290{s
zSP_pJR<*Ec8_KRs{-+k;ummW#U<EI~eF>s^QkPRv!Ed}Wr8(anZz$V8DF|(}{+gbR
zQ$G1M{oUM!zevp@L2?s}tb!OzzW&G)Qf#&y0o-E&_7iK*VNcWxVEpccGbdfbpzDY~
zt+D5Q!v|S$A68CM0+Ic>*>{^ueis1Rf3UM^x)3ky7FWcs8K-J6^68tBCHv7lKOCc`
zTjW$Ol^wcl2a}G(Vw=rXE9{VH#P}#&vR)3`{1$3YcV|CEyVjla`3y5JU%2oQbtsED
z{!&W#P(US$>2y||NDfr^q4Um?zU<BqDK6}RjinKD{3-RfnE@nhVWS2veKS#aA2}Bq
zEoj;kRa<S0q~QmwL7APFhVtTb?>VwvH!6XHx9i1{zuf$guAd>7$f*{^rvB7E`|-j3
zzwQE%2zEIR)H2lE@6wTaHf(z07AY6cpT6?$QmD@9-jBg(?G`W^g7Y~}HC?UiuvJy;
zt033OKGb3zzLTR_X&(+U>d)!DHgj^#l&69#;lUzTgz_<Czt?zNR`NATVp!be-pQm;
zm!9Yr5STAPXi<24dCNJHVCcSa;$l6Ed)lgw+MlSPGVY#VQu4H9{6xK=S2CWqCYoLK
zljw=vph$sMcdNSoRmS%R2hO7g<E#2UxV#a-qqc4t_s@-)=10xXf3}{f_lwh=zQ4Z}
zt}yq_k1~X#X0J-LJgZCZQt{-|O!{=Bhd6V~GAsZt1T&d3>KN&2hk_t)zR>*)VALgO
zkvC?F7qkvr=;O_pp;d^m376f(>&r6($w^EH?ZUWb<x9yBy#$EJg!!&zyFt9A&O+tf
z_uAHBZMRs}`FC6%>;NiyScP{mw^}+CF>X<<hLpMuthLC3ZFw15OAjSWo@-@G#t)t=
zn%!}Zp4<sxD;a4sST3zSk+|t%n#c1X=x}X!b=gJkP#P8yQ;wE&wAh?El5&l$?H0ZW
zW4G|;6O0IE5s8=M;u!<Nhg(EW?Pd+&g#~gMqy8tOYc4Bv@fIcJn(G4}!(n3{+L~K}
zS9M?G;%e%*=arP`o13jn8ApQQMV|4EcElV}u-yS`mt|x5$rk;@TalyBxi8R?ruq2z
zE!$=TyY3E4hg7MI{}7jNa}v4!;Zba+W}S#(#kUGmSOfmFf;5-Kgk(XtJJv||Gxg}U
za*zGAqLPw~1c!CEop9XFPS?cz3NRWqg6@P7`@PEJa@eU!^0^v(RF~1{7EoR&v7Vw3
z8bdFknxY(WpWQwU1%neD*55eK^q`9a>XXQ2Sfa5vY%|$j;5KpU>7&1LKu(K*iU{|j
zK(~j~wejvQhBO|^MzMy<c5bJa+pwHAqrSaQx+hIjGLB{#JNHi%>BD{k@IEAP9cd6g
z0|xlBo_fh#+5oR#NNnuP&~zAA=AC{a>-24ZVXhu)typEnV{N#+@=k29XGXugCnOjf
z3=~EWTbCpD^yPMs!1!#Wz<Ny2H{DWKVL^V{8x5rSiAF=&Jawj7aJ#h_-P-u9L<RXz
zeUT82I7iKo3YhWKHDCt1<FXdJ^{Lx#OQXZoBef@`LLZK9!#j7UU4}7DGAct8xn1hD
zEjZn|MmNV@#<#1s=gB$0m8jo@a%HK{5o5@S`rW&S$kLS<{~Z4`S5?Qa3qF+BTdhx}
zeK^fxJ)BtT;K<R%f%Dj7pLu<r{<b}Yh&pHJwCw20c)w0fAN#H?f-r=@R^Sr9_Ivqu
zClNKHco`XwxvXC6JwmDRn?i<Yaa6z>BbvsC(H+d6gL}Yj`*DY3MSC13+wp=$1mO(4
zicef*gifnO9QIiI1LO{y%gjh)5!!*t`_l~*`wk`R#w!Y3r4eO`4hCK3RU)_*({~R>
zX61v&Z_QomZ`g!IYu+eVjP1(gTwO@bziZ@_md~(=7;6|*Gdz{qdhC-h<-Cl$ztqlQ
z4h^!b-goZNdvPy$$9><2Dv7qZ*sjEZ{rJvcX2!51MbzWkW~1(gS>A~et;#;Ms=Y6p
zh`Qt5#sXGY+(%c-QrMDc&0n(jvPK?wqpWJH#truX)(?8GkymHZNt<>?9Xw(=^}{X>
zl?~f_)Nb>Rw{a<m&{<afh+C;?PU3vg_^^C)XI!pZ<#c&w!9s5SR*JNrlF{vkLpp`#
z<PA5Q`hox>4t{*0o_*gKyz=+8ih&hX`NNS5h26rDl~pr&{5JKro~_Av@o8Gls45H;
zI5Xvj$tB&}!Ro?Ply4vC9yCrq?^{tZ^^Bf&@y*F#>A<~25mykFNoX2e<R$j(>o~&%
zvt``zgX~sw{KOIl8!;_EFHK!=>g~tZS)%b{Wd&jOV3D1N*&qB*l6G)X#JvXMs%kcO
z;+?KL1BLmFvwS*s%F-X7dSDu?#LpUoH=1==kykP`ba`~7-vCZS6hcs%G}Na?oO;ri
z$1=QI>+xN>;2=e82Xip;w2XDQiN*QE6`dA+vdg;*VzgmBr9d*45!N?M-fNh!ZPQD0
zjVtk1k}cw6s`y5EEB<$@b+~S_u-hC%W)cmU$>g;9K8~1<x7-rx+7s+Qxx+p#@fGdK
zsGm-4=4X-Pd8xY<$4$pog$eO?J;%OOw&~y<4-SWn${Cv<<qpdkmk0EHqWG4az1eGr
zLf%_X{Fp8*j2_45EQqvP8Nt;%y?|d*c-)`B<?+J1Qb~TyrEG08BaS8n$|Ii41yi7&
z9ydR+mX!G?Un&P3Brw9lzWN$;B2mC=<Fh`Xa8U3*_Pg01|3J1g@EF|h(Nd@K^iBhV
zJ6&}rE-h|FUy`Jj^N-h$YTwxM(Q{4aBFM!uXvmKDj}}BuVU{0cquC7@{dQqrm!aDt
zI9r0zFrNs+82IXZOImPoEp4KZOVrV-_vV#->;l&p2Aj0+{Ayj9k|6+w#N1DG9*ebC
zeQb{9cDPeG7`kR)#<a{ly^QCqd#h#V)4`HYM@Z5%*SMq4KF<!?z0(Pib_A?_GZCix
zfpj2GHC6~##3dIZsvXN?8l`dE-L8Lfw4eA?$S9BpHZogdx@<UB#AMxBTV~vMk;#wm
zDE?)z(7`9c;{l?3teX3UPi;i+XKZGfj43>|W)V4RNz<Qe=`AoD<rLWZ4$>+9tEJkt
zC)Nlik=2c)ohM<;1h%(`Zd4CX9gaDzSMFLk?WdFSvy$#eOav+Gv_F<^e|?<v^<>LG
zqSN!(SSISBCFZ0hH!trPl{oyK$H0`8tdlTtQB|m-jp|5u@J>mNm{uew9ADmk%n9NW
zxTN5*XFm3#{JrTm77M@JE#(t*MET@A2js&)#d-*`lMSXN#tdRWD}x~Gp_dHKMjs9t
zr(TR%X#-wKX8s&be^Pal>ycIL9o=ULDGB&z=4h0>N7uP6=L%dyJg;gtqhe9sTn^Nn
z&R<Kt)Xj%_g>A>F2e#TVuK*f6Vm?D58S|g}pxPn;>!IH4=xGJ#QV=EAy>)^vwrplj
zRUfvHs9Ts%J8wruo2?r(NaeEe(|)Z}!Su(2ak-6g3%H7xh{h#VJHN%dRQQ$5bVQV3
zmC1Z5f~lnR4I`=+*{9Ny^49YCIMX)foP2uod4o)?5VwXcg3NmQj~R2;aDuDLLB?U<
z8l)cT?n*kXg!;kKf(>j{pZGoKE7;|#hmh6X9WHa*`*z3)Z@}m8Af0a-*=}w<!MdSG
zI+zsrHE>+<siwJIESF1(hGTuXSC|~!)ZHmpoO0=t({lc}UcZ%iIz2-izEoa+%Br{@
ztugQFr)Xo+&gH=3(Z}7f+TBIncGn0fGWz7jO0lY?^Z0V?`T`JRBu7kg_l{u=cMn(1
zzYAE}nW)FP_v}RG#J9V|SRd{Wt%^+Af5*C_N8a^dS!#S%sj&0-RujR8*KL_QU1dM$
z<DUh=`!m~I)*sn&Q&94ZAk+ocUX=cb<*JQ>Xt_Uj^|Rd`rkOUtzJ`1I=z9Q1hp<I~
z>pqN>V(44#;wO!|<7jpFV4>ZpAMq9j+6T>eyXDF2a@z~@!_AEQy)d5=-9+$yOg1(y
za|KHuEPRs5E)tGsW`5!Q6(**p{Swx3VHd6xIfx3`<5KW;tY||D8*tsYb$#JH8+JB@
zP~DeuJ*%vXu5mx^M?;1QqmT7Ij(L@63w2-9>*9KPXZ(E$xjE$2WgAwvaH0H0^T0&1
zHB)J=M$D?kvUy23g~M1Az0IaPUyR$BfP2_{Gl_bPmJN6*Nxuz^(1LRCX7_Qp`Qb^&
zVeDq`cBj*u6BKa|qZG{6Ri4R{>E!NJDw|REBiC0}8^ct#A`4Ki#m(Ex7nLbRM3}ny
zo+j~O-GgrSBa;30fmLzac}7=6%~f&93T%w$jI$r}rgRrOh^)#>WkNcI5z8Mo^$)%F
ziHa$(COLdZEpJ%O-I*7dVeIExyGgznw_2ISqKwdGUr?^eTu)fuox2SiboKifJm;D*
zmdt0rZc&2;P26!Ajc5&D*`3m>)W~PqYqw{V3hjz7MdshfcmiX~q_Ms?r;HaS<)97Y
zBb&Yfpqy!Ta6j4HuJRGDTSpaJQikfHCw6lL%rh)GJ;~mIX+v6v?Uxtg7yfa+O~hIA
zU?TF)X<UwAUCuLdQ7b;KA#kt~+m@uqGwHqpxa}+act_;n!PaWLY9waPgz&doPPc=i
zMwgTD6h8V%PO%Gd6GsOzvYt`3;Qp3&gjoCR^oPp&E#{r~a80?)l=jLh{mmYozAdz!
zk!`-00k)22=9<jAlQs^1@41f2`AesFv`1ar^B!=_(JPSMwi@@a40YO6DrH;Mf3fbi
z%S9UK!ob12{>Zf%Gs?WCDQc%s!`Db-Py>6AJpAC&!JIK@26N59xDboC@aa7C{4{&M
zk=j=5CROT<ua>Nbl*U_D2os{Dinmd`?4jYkouYhyKF~p~t}Cx}B4R16ZryERBTa8>
z(auca2I<MR26@qY()V^1KMqb~C>N&MW1^-6M-7vY%@rRY-to&#8PY4ta2PGm9acDP
zev2_ZyjBaJ&k$OJ74*P=tW~ak;)6|MiIw`Xm5xc;PwDejj>v<vee1Qm^3)0=))j)U
z>~>1iz(}_87JW#(wYheA1>E^d)Ofc;#_9u0YA`@VwwEQwU8+zvNX(Jhe1Bfqg}aZY
zh1*lsPp|jAnv(o-UTMwb)HWAs?z{l)aB^2>eazvi$Md#h@E+7W#7J83hZ{khW=?jA
z{AVSc<Hj@IkuC4d)4r38-C^*Q1Dk*ctqS?8s>ASwbv!P!&AlJ-ZE+cbt>KvQiy>BU
z-#+Q2>FS;S+S3{rJt3lp+10kR3S{WcKq$PZPRR_yI2DN)i3&tJo62txOZ+m`$*lSU
zJ)53xy8@z5Wvzr$yyW>=_uS?klW(BR49n&>-{Bc%k}DsNzFg~})w$yE=;&LpIp-M5
z+VSq>YFJS)7R3<-QAceOs7?GagVy&~t5*++EUKF@VTW9&dkmSQ?^}7UZ5PP07f|i9
z$L>&_xLTaXwA+6}5Za&4LPeB?C!N0t&sQXUf?4gi+fU^-IIM5vC9bS|>{`~~hf~@d
zC(TDE9~(;zdM7y;?4LyBQ|xWSO4@_UNj9r>K{5SJYOK`qcwOEA`$uV*;YGKTtc$P;
z?aPJJJ=Bn6%DjG+)2c6cYNpzAdkoQ=Ow;`iUE6zv8C5#FEbhYns|<d46zpr2j?6WN
z$xhEGo%XyMrF8OH%3jObP2DI(f!-g=Jh^-GVfCSiV{5b1lZqV}ltFtu&s0J1pB~Ru
z?UZM;F8>_b>*8|?n7*tA=0m6z-OyfN-gwq<xjvn=TQc@JarJ1jpz%5iS=|=0I9yDW
zTDat_+m{~8meSg}AToa?1;(+Ev{2yMgD|UH-6?1Y5*Sy}I9$)sUm9pd235_e0;e19
zuda7Bqoct;@ZA;J-@Bz&rT4jfkMGIWP4mM;b3|}Ehy29i4##D7jZbxWG+E+MH+>5<
zUfWd@pK9Q~R}02;qo#@;B@L+=zPn-D;($C+>#i5g$2U;CK!3blRzgJ4rR=vp&|3Q#
z2A!@=$=@`l_B=rwfNA=)*PI-%z^6tgx8{noDRz_=WO+K?C$E9?1LkC8GZ{j$#yM__
z@3Hg{AMow0?#+*^k5T$<l}|Aa(gcyPYZzU?*qVR+2!Fx@dJ)s9OBiJ88Q;(pim-CX
z^DBp@jD+BG%6XmRmeow9lg>6{dc_N$eei_2A5T500Vqs_<ZNpAdJc3G25h!Rd&2T_
z)6<ORqO}YNIHJUY02c0_k=B3dYyUb0+u}|NpJ3^v1y=mm!Fhw=!={%J)+R3=CmioY
zO$6B>ZB~M*G<n@@y!EZf-B!$}M%1sPet@F0*p6UJ;SK_h#<YF+Lv<zm<faq<UPyzU
zoN}Stp?^C&Nww1wFj{Tvn&O3g4*71)?RnCTvHZ!CALR>4p?>lquj9j_+x1V=jTcY0
zatl3-{VEf<;TOtJM25>g5Cyx}6b@<+9L<dd@r1jd98vlfkrEzn*X|Syf`i3u!4*q2
zccQ5|MBG*r3xcoHj|~PN7;`9WZ)=(zaLLW=*XGys2@i{il@_LK8ppZ2<2=^Vl=`?E
zo^FCQM${H6MWNeutAg2QwNv84PKCod4RY}PE|t8U;Px`z@NA4`>^@P(M1|SF>KZ5^
zEc|STrr4o!ON70}uR$x$AJa17puceC<e>{!KZ*(8_PU5DcbzQ5>SsmEuBEw3y)loy
z&GKVi_VL&GEdD;VCvy7(+Ye%`)f6HSMwC7YeBeUEZuFk50tp#mX#10{Pt*NJh(eK7
zMvbh^F2>b5C`YNLeTN<B>1D0n9X@`Me~8N#oCJkC#XrK2U$^KMIxKQaYERba&U96n
zzBfE8l@AM4qB^tCZ7EeU?Bq3<QGxZUNu9E<w}**~w8GlIb+zNTP30~RQ3=59m{+|7
zAL46)msA&2KU*r;PYR>3-lrt^AiT{l*|T3{w$C3dGh8!aN301EE>V~FyZ9F{DVkz?
zj+1kLO(jB>Fz^!LAu#C&Q2!Pbj@2f;V_e>%hAJZk_Dh|gRLL5D9Bp>T)x}F5s#R!d
zO>{D@8cTS*jyG>3>4`Ae*FY;uWv40<bnmIZ=W$Y9ey4mSpMMd-o*XNPJT<=~vhiFX
zXX<JnIgCs$E!@7TcGZ5Gv(|HJsAk9VWS<msTO9X$#rl-Xl?JuIYj^rEEsaAWG3^(7
zgj=h@+x_ryvwP}<kJo{X?$u;;a>tc?qd%35taU&2uIO?Z=xrYThGJK(AhP|y&(>~{
zY_&BFdi{}A?Dc{l2-#D1{)xEwBin7EYIu&=GXVHH6pl#M`d!AAs~X%weD_84aZ<TV
zTrAn8bX!Nray+^W9i<6n<v7wlnRaS^_27AjRkKGoW+>YoF-H%f^@K*}<2i1}xkLI-
zk{+lDZIBCWcJa3LniaW71BGA9aC@if@}c~WN3KEB&e4a%z$eNft71Zr_D=B46=cSI
z#*<I?1jr*Y;Sx-SPYi3T_gC-A9O5jIq))il4Bno!Pfa$r*x9UHEAbO94#$+NK4@z%
z@vE6zZR?yBA-R=&;=b{bfhxM0%B8W}8yD~1>Q>>0oQqn6qFpSI9Ry5ZZ#(l6m0iaV
zdn1V33D`~Caf{GfO79|vyoO-GF-#`7`>`cyLi|Xr6caRG*7CC3@YYOv_*BmTd3<Yl
zvgI+W^07p#!iarBf=G3!eE|HUtjmo7Y0HYG9tion@s=8U)K5DSo+7Pq)BW}8g{}t_
z$X@Ub>&0(7ci*>aZm#F(#a$m7O7^xe6q}drQmARq*=L8j7euViT;m`BxYNSYV;71+
zXM3TxN4Kj(mk8=CWb&gmf^~J;^Ol1PCgBJRBMG6YM29XuaSoI5lasd$aMqoPMR4m<
zakC`uS})}?cio`;iDJ-+VsI-v92rwv51XmSU(eqHrs*!vqA9#x$f(S|{8ovwQ#WFB
z-c0}Up%9zO{%Ep4ZX9c)li`5<%rFFD4<CD2LRpnsG|PC{lmaYL3fwde+v4gjk#KHs
z^(edb0KcF-Nnt;!rqJN#@T?y@QBl?7rCaxsV|T*E5VOe&3)Y%q?dsW^2AaD78P)gY
zn3~Ya*;{t<=q*)xB(PeQ15OL5le3;giyRBX1RqbcO1jM}tvAp85M)+9R4R2fD}8*d
z_RkmvbsVy7(d#qZ_P##581=!pnJV&vlQ-<Z7NPFP2kj>YEmaK3jv7Uf&_st(&5{Wd
zQ-LQ_4fvCmE+J!GTlr~xBL<x&aK&p5x=JoKedNib^woC<(xmVO#_7h$1Impf&HdE@
zFumQZ#?e_S!W~r8mFb6R6=?iS;cLuPQc>nd;|wV*k0lG|$NT^UF#i;dSGu>Jb80LC
z!l}v0iPb(GZ%DiL4k)&6j+>1O3x3@m*6e>joQ^B^DH-!6{6j+@T;j)ED_>9d5elux
z@d?Iu?{bWe1fD6?)4BbHBpyI&bV9Dt#wcNi6h1DaYg6u_mgS^-#n@((3ItrN)V4u1
zW|Stc2X)&iwA`<USS0Zb-!StPB{Lnb*a-_2+zOB9=ug8mUhKrcMcL1}Zjd)v<dIl1
zVr@FAKRmf=Q@gSg80o<~@luy-3wE*-IlbvC5-c*8P_uqG|9?^T)p1St>)#frARr<l
zC0KNb!~~>7LQ<q-AksPM7;FL}D$<=px{(+?!l1hbi~&lF8Z{V>e7@ZGIlptx{rt}J
zob%sad%-uZU7su8*ZUe4QaczpyigaFL8!yu2A|0%lIO__msUC-2y%019zQQ_AkNh1
zKjr`PM0zmh_>;MW8ad0%BvsReIv(3bCX5BFB2{M4PEVjiNfK5SjZW`QTv{ca8U6Y6
zq(xsUL(2!}-Yq^mFLTschEuu)d!FvU$bC@0F^fhJOI?=CmBxMCZSUgmbNXzbpIHZL
z9ds9nPv(Ib^w2}*cZ+{+-dCF#eeBPKgQOL~Lio7nT7&(YLh_Lud$x5BgIpg8`sv1>
zc_+L2W}Wm2W{&4!M?Rw7YC!=WDhoF)C5NqodT=;SZNsne`UI`6KXT3)y6?u2Ci6Z)
zh}K8yVW9kkloPI}`3>x6SreM+1%lheIfHRmCG5J$$y|?ki!^Wl*{VEER6$|PbmAEE
zhy+jpo3V{3X-GU{a?~1JEyYUVyFMjOB%G&_&`DM=<DU#&uH#VdNelY@XJC7LtVKst
z0e<SSiAHcEs=v@4UjS>4Y(JHP^yz*7n@4ogzxBL@(3cOm#Ikw(5Hbp2EYQNZj2~q#
z@^`?##mTYtAO9$G5**l<PX%Z>#!k2f2!Hd6JzMg^H?teHR=@SzR3BMJ9==7D&Kffu
zG#Zw87+6qA>jcf43hugrNEie$vIt$ZElyt~9W(}&?$4?~3gT{hG<Yok6L8@<Q-FQg
z#^9~L^Jl2Yn@u9?TLLqvWCfoj^G11^sQOzLJ~`{=W_ps;u=C-zSmE=4J9i^NXKUE{
zi~||3xi-i8E&pJcKR#IRdw>H0RlL5~#cz)QDvAd$Bc!)q-@$o!AU!WhQ&GFNa_#?A
z2bpkgG@m%XlJ?3H+ft;~4D_wNxBH}ocp(SGE7F{Bc=Y5T3U2;j^m&NHa7R>@lc4DS
zA#m-e1XDj##H8Kd>lJ~IC)FZo89bI0x_h%CWTZ(V%Q7$D_;=IDZlgEMp3ivHNU1;Q
zjIZ{}b?YZt{Cby-$dx{s{vcEFO?h9=VZRCCT$t|Xek)B+lpz5AQh<Cl8x*{o@Drx_
zk{EOeerQ&^8fFORQlxtM7%%}nS6}T~kN0uAmMnugd?tauK{v-7s8Y@gc-(VzB1sYt
zwv}Y0e^6`ZbRRU4+^-Bvi^#}1-&^u?h7P0*____Mi{_#QSl6{fez|`8Y9E<T9$K5x
zpTF>FWvvF(%&KH(CO4J&XZHAgG+5gH%P)?UPc>(ACh6j3mc@@QE|RBG>n=f*e)QxK
zFChop=A5cUUXJcs=0jLKziU0TACVBdqzuI*%QT~uWM*2+WD+1$uZDlJ>@J!X761)g
zq7&;oMd)?+?&ZibbD~-D_#?W+s{XE)dssocetN*$0c9TsQ5kbgIYLH;UAT_rIP8JU
zrhre=JQ}v&iIS-EfhPO6Yigb(`6t=4-2l#6@aZ|ry9(4gVqIkn3q5Bi%ht_+N!k0`
zBpU>`Lf*2haI8z^<&Lpu&<0m2%KhEwLaL?1q&_zwNnVibg30#NRiWjm3U|*>&`3_L
zbt{(L^=&E(n3Gt3{ZgVBsc{Tb>lfbNS$2Sy4V$h_{Vnt)E!#`TRfpzNAMXn<49D@V
zSq$tx<<}e`EShvP>_C&vV8py&nT=1A)Q9^j(*j`T&g--ENY)Unp#5~<8pwokXG?^x
zwhSE~6JkWfb?!Vy|B(w)yB!Yrk#R#t_BRPhPBM)5WRf25R=T6<O~gO?Oc$ekB0wll
zDmLk_rgQ^`c936_l~(ngC)B0#?=<~z{7H}Pq8lx45ro7;zO<iY>@vDbCm{S%m8=}h
z`UF=zSBHN7gV-rU<ec0bR3)b2Yf0Q~rt`$v95Vr+$>bc=K%vi?ZQ^-OtfNTGg|238
zTk{?5`v6&?^Nm#unYp>vNsqQzeU9sF9>z~&6Gu{JPb(1_+V#QYR7TqFH<{7`$wlIT
z#=1MnYh(3lki_>fiwGFqg<J%ER~FFTe`vY%!0^Y8?O>iJ+p?3uM;a5WxbF{OOx`YA
z3Jl|GK+qWzRAX}N;oZV^xMX?oBINRLMQtaUnk~eM0qorbZ5W<w4Pmi9_aqsA06P<X
z8f@-=2C!@%YJ#Rr9R#8=#9gHyB{X!w!Io5|^oUh@NF7$cH|>^SyP?0F%a*=F=a7SN
z$e09*U`{l)+G-I`3w%?aC1@1xc}<M&<d-k#5wlX98>g!dKCoK5!F+EYZom&5^3w4;
z)+N(bPD$e0$FM;&Nxs$QM@zFCiRo=)fM5LEL6et*+^fa63hEc)05GWlP4byL`10@S
zTHTDJ6A%bYa_lhJ>F>v@8vos}p}iE`&}mEe@(ZyeDi_!0aSg@4f~%LZ->?_xC`u%;
z03~l0=;39t6xarQGW2tG`ToAZcI&}LXBg<PojyliHs1{RK7*XCH%YjC=e?W8t7Ava
z%y|9by%62uTf9}ckMrENM+<jl%qM~4gy&ZessWlOtI@X_oUVpW=sOr+c}QB$!^qf4
zH2)rjII)+ovCj?BRHQ98$}JL3%Q5!SDs_mF-GofmTKogjqcYM~9#EkbfUeag_^&3z
zkA`ox?*^Lzyh_h<2`uV&)#?c4*yVZ;??<e@gBx+1pDJPIf$0q?rgZAFwTwnaoLE@j
zqg9+|hXHyx$xHw>fv5S52U59{0|Mzl32YOIzf<^UDtGuaDX^5&-e=0kZ2a^{-8?-~
z$L^R9r71^tP^#E^py(3U2(A~4=5FD&KlWfXCx+IWL>|5C!*SHyq8dlH9GT?(%}rrF
ze{R^sG;=zb2E~Hx{eP2ssu5SB*=8OktWvCdgL?>zKktrJe>>xlzRNVOn#+l`Nrw#y
zKIy`(d;xld6D<$Y%zu5aS!lMtx#g$!qp&|?cYWnP8%}FtGJz0UkF9t2{s*LtD@;}t
zKv3E|-I=v=uFXvm`Qi{<msAi#H2ExFAd(y!3+{1)k0-cy6JQIMmelcj!<g30V9H*>
z5)4#&V8||l6_{F$(|)cJC`(KBk#ROowR|e9(_Q|{{X8UQeI~wFZ02hd*cs?DaEU;P
zj>E=d=<OYC&G+%*K3z2-<YH^J!+jM%2aPeva+u7U#87qAXrGa2nmx=-`idlnEeAVM
z)z|G8!heT)c(40j9RMAjxp(q4yBUVpRfV(Oavw75INsW8e%6yNfc<`Dnhy0Ewbyje
z3E*E)UKm7mRgVb62Shabcuys-Kd^BtMq88N$f{fe*cBs$it|i$$1=Um)86jY_wNU@
zq?!Aj(0{GD8J;v55`TLs>_UwcpHbC-f%>QdT?~1hsEEk;=RASYpGM8cxgmmS-1g#G
z5;pb_bBzAgn*4>n*o_OYH=Mo#%}tD@x=<pM<vCjSA>z7kD7U9H*nj^(;)HzWtuZ93
zrm<zvo!a^2#!liw{;Bd$I1>1+YOs4%&vGfKM`?x@Faq;Ool3B;RTeUEnxu>#HM!Zz
z?s#H#9E%^0K5JN8#{cAZ)ME?obJu_p2ERV{UQGS*i>mWAtT4;ItkPo~eR5cA4AC}6
z%6Qow%}O_q1PU|#K~*u1?d1;^`r1A7$X?3}u6Qj{szJb$bgM$`$cyFE{%F?iW_`2j
zg%O!j8$mpt0Cb{OA6&0u?i%c6`L2NL6)_WM%`>SRma^u_YgQZaRj<ND;(B4G+oZ>~
zKw?x~lu*xlp`h$E93zxb{6oKUV>F~k*Z01Xdn<?|D1N2lf771EV0V?J(`+ISml{v2
zg-6Ch{VBi(jw4zUK%P3^hv7_Qv+40v&>)?*Y9`HbV90mUl}#Q!fASJ9eZk<z5h{w|
z^;nL)c89-X{>}g}Mjf{|2`Y56aU3n(WM0b;Bz?7qvEzKs1WP9u`T;ZOGW^I@BU0bQ
z;e+1~FaT2=mJeOV&nphEJ}cE0ka|<cTr$}`?8Nc11+kNvNj(~8=h}S{bt##9Rz0Ym
zTJlgC;}&F$(>L?y-Zwkn+jMy7##l3`_|S3u5~fI_@K)mxmc8Ho=l<J`BiS(nw=b*@
zmp^t3dKRtk)b=+Wbk|aWsy8lP-gE^-|JuK^RXXh&2x2Q}2byvB|CN=&@R*J=kyD}=
zldqMf?lUHW3PfH6*Y%tEFWi@$kAkw!yJSCG-Mkx4{jexaDFoiI79A?l13$dX+4WNR
zo@rtKA>*FpEW086$c4y1^QR75b1j9vRl|JiYgiXBcCJJ6&wTgl5iEu*|E63$4WL-E
zQ45nzfwc<!UXgyrJ8$431FQKK;WcN^cE=;T#Nl>qrpR&96fA_*ssZ0@<#tq7R2s`D
zoIBySyvZ-&h#|uvEcO^n4VGD&Y<&9$--tHjSZdUA+w&Jjt304%cq2|3gC9-h+nV)$
z2ZSYp-+X&clBy(;kSAqe|HZ9-8L01Bg_~j3BEnchD%3&EO&fWL_1`&!xI65hf$*pT
z2#*R@y|jfe0T}8^>=fFR4+&CD+qwC<ogyvpRGWoTB1ti-bp#}q^i65n=fG*G3=W_0
zY+zN3$l{po-r;)$pMIQxqCN}W|MniBJ~13)9ll3cO!~~y@4)s?YJDrugcQRj95;*r
z*`pMtAVflRKTfW@|F{Z_0!GG^{jDfAKPJPQ@e37ZBMU$@bhx7_LvSPn&8CaJ#wEl3
zg?ox+G;?uUeR+Y8Y$Rb9PUE3V(V8~b@5z{#@z&0H0NRaI`gwa%;yt-f#EiSJu^PV4
z7@DjCvfG>#YWGJUvuhCcrz-n9@)mvj(2MoYq;p@5+6?%5?Y`(B<XhI{W1L)l8~+C#
zc9pC2)NBt1CD=I>Fuh@oAKbCeYz3dcNL?jQdA-K4qT2PUfvqoL$P_Xe)VT7H_*9#E
z;daEO>&5`~@)x-`8P$M_^Tj0R5sv<%GJq(}AG+ahWkHvb9b-D;2SALjeao5v^&+yu
zr8Rc+OJQYVaspSZ>tFkKd=9~+gw)SS?+L<R7p?4g&kweD0sCl9Lz@@%yKLKOcP+6V
z?HvGP;liQY$p|;f5db29Fs|!_fLwIN)*MJ!&W<@bJ*$4Q#^aI#evo&m>g4RjZlEdl
zrBX9}=QD~i#eM>q?HV`B1yBN#ACBwC)SZ`p0CbTzLz)wB^Cr|rNIbr^huy%WeA&<4
zFuu~RhL<PM%_|1>CD=i29UWt1V19+}AgQL6y4KTrFOey)d-*ytRV&TS2_iT7hoz=Y
z-Uv9a9|gb-jaKc3C5WZgGdstQb)#ZLhOPZE08#XrOvX>f_2@!xUbiAJWHz52qp5m@
zv<LXDuFkwe9d|BSJYErs+RAfZZaBi6lK%+8_fgHtZ8)t}1-iZSPh+4O?!1}_ki9x+
zj}pwp=-8s#a}6gry7^w9#1!S*ZI_3zGPA#Gu>HEtxoKWW=BSp;n?AGA==jAtXUq|H
z^+^q2%mqZGq!7?PHmtp*)XH;J$@QvG|C8uuv&5xkA!W%<PnOlHhXloHSDZt`@X^?^
z&B{P1cHU!{H;G6g(Q~0Fw_d9V1+^<<l#l{y0~MoVm_&asLFTo1mYb~K6^1)S%u>U(
zlhFX8#dUvKu>}1TO6@bfhP#jG4~lQT4nTfuWx^(@0TP&};UL_x#B%lVS3<w1J@xSy
zq(p2H_3}z?K7KqW<}lHzIiGNG0`hygUTkj~y3y4OGR48KFZsk03fM6U)pJUb+lnO-
z>?C&sxotXPeV_w6=MiLVo7H7RsDe0|HBac5iQyGcJ^5A%V1M)g+y%NyN?x+)OT^zo
zmz+qPR;Qj;4Q77F`yV6b&rJe!wxoXa%Gr&Ljff~-JY}%cp^^<LemIla6WrOfGo_nM
zG!%0fHEpayGtyzLoCikZ)SEiF&beF#V8Hw58m9ymj%G{dtG&DIY!WRXGmYfl_=?qA
zx$W;u)(V{)MyDP>K$YFooYc;neqCI)@k(a<eB=-~aR=(CLJiOaq0L!rU`M(k)80D-
z_vQWWdK|X*>flNyNHvDj>#V^{zu0_yvm=9W>a3lN)G#qWzCgpB5f7FZY+Q-;qf>=0
zkN-55oai6gy_D5lAx*5MyVg3;1QB9!t1JJEifBCEKXLSlKCz@Q8Sptu*^@YYcfxyo
zYPC}fP(W0EOqJ;Ftks>yJp(&hvpT1Y3?WZ58HhirJMjb3e2v3EQ%LEOdi<+};r@25
z_QW@1KOHcp=4P;EGU#0;8T4mM4`oBR3hoO*py2~~@v?jSTjK?Qf|bBf*^jJgR&RsY
zBQ(<<Dgb-aS?U^-6RG`+<O`Q}fKqUm|DNai2X=51{>d~V|2SDE5zuVS{?(J?8iFLg
zNYtsh9qH}_#;K+s?hpWmJ3FjgwUUfXFjrZ8bL_!0Fr0fbpqVvSvVWkl?iLR)cgF+Y
z{|4FRmn7{*m!?@th6i(dNmoniljEs$g0AoQJvo2JqvI9TJbW_%isk#D1UJYA05M-S
z95gwY4mULAOx%yv2xJoinG%*p&1UKO{XwT;cxF0CiQlGvAt-(ZTLu5I;|SfrdU+}f
zC_@Lx0#DQLYkPTGn1FQX(w1zVJBpr!I^ekIt>DyNKmFi90W6?=wCX28k}E1pK63<(
zKDUFxbsd7bNU<~2-)_kSo<`*tI)S*6;MO2s<1hT9&S`v=;&`im9M@|kjmwuZPKQq;
zz)_M?>s172u`@={U7+MY1y>&9Zp{XnNblgEn6_Us+JK?1uRQMJ>}dB~&1-l2r$B}>
z`{M>TOyFa)BGu;5hucgs?`+*sUVztiNd6g-c(sFLvy&4se!I_J?M(u4zYV}5wVp!L
zo6ZQLCDFx({H}w+I4^sy6i9j8T0Q0#(O+hkt0TBo4J55Ed{)nwwibXeH$4boL7TcE
zZ6T(|RU5F29prOjDvb*l*>jAWi8tMU(ZC&{Q-inZj;#V8Mu#+xv~b~lo`tyh9U;;4
z0S6n;itmE!KQQV^i_f;mKMnC1swxA(w362|Wg^Itwy#4q_GY{y8h3sXK17V>_@K(S
zx7yh{vuR|M8_P7sCT-~^91urqPyj7l^>};pJgfAcSw6NPFO6FYy8BQnzPIvQ`|^OQ
zgvZ9TJnS%L*s-4#0MS-U(V&2g`NI#<7JN$(HEnNbir>tuN7nXi$(*d@bK`TGUnZd2
zAKK@ELcfP0elwB(wOl_N+<S;S6D7Rt-rWo8XrP-Z@6U=CE_ACW-uSaXyY5b^&Yxz(
zlQj2)B<x;~c%0O6SV3GTi+a4MC5On_fE?g?AIS|`2K&*Kmte&lxmb-Q%f%sXN%>~8
zu85=sO=k?S^Wx=j4s^=Cz0JpVQ2HJ89E`qfL;ZpLZqx1<b8f;f+XKObV@8{!srB>L
zY6xp+iQ7g)yF1Af(a@exx{L`wI<zx=K~_*$P92klx?-17_dAoaSI9D;+qVsH5AGmS
z(Ezoxm*uL3)$exr!C>x54;FgeO$J3&>kxdplAAT(1bd&WpiK#ak|Tw_wRUsrVsVfS
zWQ0FyF{P{<Uvq@^j}?;b?2TQ1bfbDot41;b<i8Wti#<S_d8y~Q(H!;Abc~{XsTP5@
zjzbW57nyQMOtw1!oWyC0E1$dDP%%FzwB(x^51?q=q`Q)N!ZH?Y;K>L=pI=oF;^^=s
z+W}pgiMkJVnYh2$9#wfwx1mqMVt!VhrgEl#r+5C3w&fa3i*U`d`7>czq|XmN)$SKD
z!aWS@>WloTIsS*U$ejzZ=2rH}8dHk&lSpR=Xl=@Pf48r`NCmBKuI*<9WSlhxNU0y9
z)%)B;e4u=PWCP8n6dt!0<`x_pc8BMIamv5VugJOpGfPYWFTP9XT)7y7LFCjKy~LC_
zUOm1VDKB7RQ0<Z>-N3EJ9flMjfqh}&{6-j<ihKZ6W~s%zwidfQEgp(<CcV3-mX1ap
zlLX;_vg?=uIN0-1<ftX8KJFM!)swSFR^O;VLQ*}SG<V)5_MZ{-kQup>R~yc#p_M1t
zeE7uueF@MQp2)}w>-9}Z9;-yu$pB$eE@g}_;U%hk74xHMe?`@2rL*1X^#}5Ewk@6U
z#!mcUVOTtF4-2hXURWfn`6vr=_gHjccIG=+YiI^*KsN!zCk{_FtgC1E<M69r?D7X&
zZ46}sxe3^Fd1k>Oh9<4v6VH*C>RErJ21!3|pL#u(4xO5(dFC^5pTUEI#f?y>gc2$N
z<$Kic#;44uc{N@BwY{o`-c7pfJxn<ihGkZ7IW!_JhLhKMEDya**z?~Fdm?GwQ2x19
z$k#%lS7bnO^;rZyhQt4*U<*bqMMjQD18YgE7Dak!0}ufwt<+)U+!wqmfo_CfrEYk^
z7!ANRGR#ko&#z(3;Jb0QniLYLOVK|<dtugZSYLRc%9+QH%KBnidi0C^>it#+3MX^j
z4TM4Wah)hcXDge%hn{LE)$>&6bESG9sku*#!W^`X67XX`XiPp5Im*GD(<orJPHtTP
z+4<oDCg<m^ta(mHAjiOMe?~>2tim;!dJ3hAolZ(vog$v@*O9~RS;^84cZ9LOd$0e2
zHGhaeu<5@u=}N)ZX4=IA1=%joSxAWQ@NY)pwL)r!BJ_12Y2Zt7Y6?CQ8i>BHy5?fu
z$1+U0)74p);EumH?84_*=dr6*EtvrKA9=aXmYCrM;ukx>5_(?80kf`NJK1)q-LZu8
zYO^&dJJzM?&G$}yR?;6nOC*eoI%%xT?qGPI*^#SZtv<znbuff28r>5aFPCRBMwjzA
z8Nr3?mFtdK^*hZ+MBunIz-=`*l2<i4`YsQ*-<A)Vy#4FQbTbC1cKScHYu6%%%Iz^H
zw`2FlRmHH5ZvH&S0}aG5mgBcl2#N}@r3B3O1^`@EIrU$26xU`K;GA6x^?{||WK4lR
zh&TdB-orUpo`2f!$(cU#<^Jvy8$Y2=nsf&H{tI4*UA!spw>VcX6VRVrH{nH0otfJF
zR7Asc58V6Z-09IWc=c}lH!!_>GgpZDI^u5RJz(l>m&|*26>SzSBDGdK9TuJZ7Qdhp
z<N(YhC7^FJc}Pj9b(n{+aTk?HbNL{NNMiVI>&1=x=TL`dveg(kL}lj&Hdvg4>Rxa(
zZmXj<{Z`?SYv|RurZjHse3i!UX&TEg(TkkT*q^&|5mK+t_e`ZQy<GGa8QMEMBh0$K
zHLtBvdDa5~+b%aDMRZTSvSR~)OV+;Sb{h*TC@)SRY6Z`jo3iF=g>a2bH$~?~$Q*aD
z@XCnF`K3%m_?h`<4TMiPJKElghPn*zMMJ7CUN#w6&^T;;_Mv*QL5Vvrw@BLnr-tWO
zJFxFpe^A2()Po=i7x(hzr`F)Jt(hnd%am#O2DomyZB?R2uh?&&cNb#4v=`ZYf)AvY
zGO6_u7GHW@6q01xS>;vX9<x4I)fmI+pO|=G#Rq(6^42a#iiZ9XfdZIT86j!s0txjp
z0dO3{faCZBc?<M0Iww>b(}Awyl<gJc-a7a|r>2Y#{8wHSH@h5;vI0&4XgcB#ui>)5
zy$h?*!LxUG)&fKB!^4ZHT&4bSIVl(_+ktZ;+`_!8#N&oXgWGOt1Si7P_ZN#MCV@I3
z#ePV(b-4dA=1M3SA`>q0-9fCG9iw?Y#Bp_x>d=2N41Lm`4&6uC_@;OJX2vQJuFf|a
zLc2%&12sBv9>m_qCzp+YCd15OM)n9^Hss~#Emthf<3o<mxcfjD5Niu8wA`2K+yFx7
z(BzXZKosV6S|0T}Epg1YI&`uSzV%b8YrZw-gwI5FlXL*b1Wf)ASb$p6%4sbL9C@bf
z3!2`YRW2MIECJED;GM(<PKB={Oitsl#_n}u$g3pZ&25ZYX*(U*Txdl&!I$QRpjKa&
z-@Knw4J`TbKX!!x>9wn$rVHA%9trH7s6SIyZB?yDUWSYx$*Gkytmm=lb)mNvmdf=z
z98?m6B0ca71#`*z+rhG_7k)9#dUO@oD6<V?0;j8LC$H2cIJq*+xJ%=u%>=(%rF@(S
z(l1?j)(0)^wjm6(WFApJ8Zf!Uc4yzg9Au|?gGTCgvt#X6+e6oR+rjBC0;t~*;+$x&
z0%0RL6eoc_Ez-#h^J;EipZ|)acBuhK%e(RiSKXI{ltL(dez#t<%vh#X6^ymNItFYR
zF8a<>QDO$Qz*u8gdjtp3HLZ3Z$a?8e<7KEzb`j=4^J*RJrPeVX8bsX8k~gq_qXWPf
zB<|%%(Muhy4W~KZbZ82fI)-L~^sAJriqtoQnUh_CDJ=jxU^o%<{Vq)>Fpe^DyVqS%
zLxQ9;c>8*M@|h5~<HG|DDYq*k-yVd6d`z5nN3&aZ#zfmwA?hHhMB4}h0M(Gf{ViT>
zSqF5E@bhMlzwOJ(b?Ewi_1wI;b>1*DAt|aUXg~OJcm^hjy0_rlujN=jb7@C$x}*o1
zUmu;;TPG8`HLrpI?x8y21<XP#d?e+3LkiyS`}?S&22F&<H=EU_1-s$Oa3TOH;?a`^
z)*ivVen%-`5}0J&OBkPsjmGxML53U~u*8bv{keN2%JrRP?S*osTTwu9%R@!N(Fgp*
zHwX`8{pGEhlMNX%S4#R~_-6!I_io+?IukD2VVqQt2Hzmpu^1>&FIk2WkSC~D@5=oL
ztb{kSfU5rir~2BO+2Q1rt-}NPwWgQn-mI_3!T?A&#!sueXg6lP_SZx3%8?~ECcrs_
zX{qt&JLZYoVQC+xxyI7@H-tSL;5X-`4M;b$fqba{vbJ+V7#Ai@Ri14Rdm=m0vhzG=
z_#2HBdw-H!jQemo$4kHWms!xy&bNuae(bXiewfB-l_H4o{5i%vb{n$~-rrve^hMeT
zv)(a)=v_>6HH^q*tbQyYGtrlVW_l<x=aZ(&X%+zkD!86H{PU;CmIvM?w<|)#n@zEY
z9l5!=ZPtEce8ZR}i-@i#!fRVUm8uZubASnlq^v(+FYE_Ycu~D(X1ls{_^}}YOl%6L
zkNH;g1*Z+P8y(wedaWb3SNzORd+xbMb*1u9O{tZ{xt#(4M6KsT2t%(C=4DPxz#=Lh
z(~T30#*?eGzNVWYGe?tFdBa)6=@Qg{Kfudv?L8bS>0b(YDxO|@ff9_U8);bN{-dd(
zFI{7d>o^6A{z)ewyG0gV24|4Dm}3agl>)pExeL0pMwd4WTU2tC6=>f(034PS{VHoe
z8a{t}_spV3QTY0_<KV6I7gTfFmv{hF$jMq7St`BmK|6x%hC%&(wMe6<-g0Y1<a53&
zYkC(N8YF4YQfi$vy|VBE<>%kbVE>%03|gx=km)z<w_3;62~~Q{tsmWzUQ3g7+lIbc
z>^ofa(K*zrw5H;1(n8BF^BA*vii)f=hJI?mDYWS(*Q@Rr;dvaOBP$A+YW!NzoM@50
zam`0lkS2^&^rK4WZ3xV6xURo0K-p8?xSJ0W-Z`0*`G`=Z2+S<qKsGG^eabYsNA1<T
zJ-@dXqj+kzZEI?7IU6fT?7x%)=L(osJwFz6^G7Cu3f_Gzv?<(uc0ZlM201<H=|PtF
zDmso=KRa4vr%`hKZA^BM3qui&V+eH}XHLb757*=2kuEH}-b^Q0&{&1Mg9VvJ$+Kgp
zu`^OiIysRmj|rg(r9{1XpZj#}0n!hgh86oqsVw8l)e6y%7JLM@!u#3hW>Wf`LKg5t
z`n#IVK0ozw+rM6~*x7ufFkNIS%8hs|GF7(ZI-ws=tX;LH|6GXS^TIX)si;mqKo{SV
zEphAcm({Ru;aax@HIta5rRg<0XZT+55%`)XOM(Y@XBBSst5~Q2>gzA`45wuH#0RWN
zR-)ZVY+IzOmU%_sUiG3U3r3YaA4K<p2@Rd60MC>|porD+-3-n>>PL@B^Y0@YsxlNN
z%|&#ccBSG!W=RhDOBe7Q6*%$sujae=8<z;4J$LoZnG5V^&R&wu_;s0mb7i`+_E)(+
z?1P5ERmn522MtL6F?OOY3KqG$H+M^TE=)<7=&s01v7ZUpyf7j<Z3^AsMZgX}_Xz2!
zyb7AmmU7svYxB?+CSe*s96nD4MOh4QNhP02&GOkSvA?=BRabQ7(c&ZHq*F9C?4+dX
zetMzS@DOqnDr+X8w>uHzgjYx6W}|tyf5pYMC@`2gE9~=d=z66lu@nXYyt#*lAeAMn
z)kn{1!;h=&1~YS9koygf302Lilk66JF=csyRl+HAV`VcfMolFSrmn`7)?wvp$7wx@
zLh8ARLfL{h=Djc~Iu~-CWkmCL4Lqz?7z&3;-^=_L%F7-vI{A#mJidJ@iZg#mC7SO2
z=-xd|EvZ-T-Teu#2!eUc=gRVL@ryYpeFVs)+S+nd>E<#+&jeUrh`+gK42-0SzLU0B
z4zKH!2W0x<?wb}~QH}3`vbvmKqRQQ~1R7RG3hs6%2*&8QHQpP}J)$k}40=bE1DSyl
zt&!`gn{#{HUEP8T;gwNLXCLLYeK3fVpG}<8hy-@f+N8b_#@rgPF@|cVQN4Z^cYUkt
zi7fw3u=kdgSST)?)oJR*u~GaQkCan21(d~mEbQ8~2?^@z8FS7FujZyPiMcGAh%b6^
z*m16In_N@PxSZaJcs;QAMjd*344GGrt+So6FDl77p;c0NoxkuiD&p~y!`Z6(G|f9<
z0=Tg4<eCK&r;3ojDGDH+&D)VB=LAhe+FS<nbCIE;W2z-a$ZTK^U0VJf`09I(2S7LU
zAV@M#vA2U}XX&P2(3uN|m)JMAv%X4SvgA0s_u%WODL9r-_?L|bZrDC6tXNe;DmQRR
z>n>Y7u->^o-;bRA4DQUA_eP&DjMPtQDY5bHTOT@<H94~B>DrP#xe@O~vs77vDxjvU
z%~tv7ZFM^m(HzI(GBP-(yD8;`jThUSwJOjy9I`I@(k^6y<+>eJGB^8{PP1HK2Sy^<
zkT!$7uwS?cf5@Wlr(t~S4ZNiC#<c%h_X6RQ$0}&XTV29&LW?+UBXc0>GuD%|J(_?x
z_}Fk=*FzGaqqCQQZY;^)*QWmS<eaKY3;DSTzRfOL0u7~UnAoRx@S4;VMdWNweB-67
z@0DcPbby8GS!)kzs_ffB+hCVuTL5NKK{l?nK-qWKo|_*^AH4Lq0RKA|05R@lXT?cj
z8`hghLL;`P8z9}qhQdeGm4amFUTd7arp12sjcm14Mt?OiSK|7g=Oy@!bR+uWK4Gyh
z3gG|F<}=j&P&L7`=CTQ#8D-0ZN3Z7sG%xAg3s~`#E>QN2CHo&WXMZkr$+D=0k|E56
z&wKfcr(UD$C)+%Q&>JtxOi?RBlXeP5my3;%DmVBHUba(?H4J@>@2LQaa%FtWw#iAl
z7e-jK>Jw~-vJ2)%yJNlvo^wDtEcP@%Y|GT-aKD)<{5c`tg5zpOcX!O8GuBBrPd)8U
zD1%_%Tl<hwi)tiD_xT^{%>E@nw!xEGbydvC%HRC+q3smJ#`q<cYkA9&?c#*kx}D%Z
zM187;0foREss3L258cmqdFrVFYXv!Toq>T-KTKh4A>C-}YqY+?-t$obO@6OsIQ{v>
zoBAT+;-ZC~!3C@r3fa%rQ0uoAYTf_)N&mzC{dwsBmyh{RF8o@C7Cxu%&fziGRC(Fj
zP3v_>@TgS4Wd&UZDb^Z^F{uQ9d+&Q`LO!G8{Sie^N<mTBXer=(R6b9Py{YAeww>Wu
zmpOaEblFBF{D182zr7z|JPPjyIMRDB;Jo5kj?h$;rkC519%$QQA4YBU%X2Odx-Z?_
zOS4C+V!f{cqIiAbs(0|5BF}&HHWL6t3d6aw*tSLrl+Jw4$yI31+v0tN7g`A<8y)ba
zhC;KAp-dI_H!VfiGPLjgtI+?UGXF4=!2Pe>`_mZY&SnaoZx_~m2mC;h0Drl+m72bm
z)_?R=aVqS_WTq>bTIU6rm_-Xm&MN;rl~Y9=pk|JEpGm6!{nr2bE&I(=p_#W*Qku3}
zQ<R@t^6Vtw0wU+{Oa4bsF&Yc}^}1AOk=+c3V?5mr%hfZ=mqLP0pM>Yl8{-h(46cvB
z=l?}T{`zge6^_V~{aYp?#}2K$LG1#%|71J=`nUi35~o@ri{u1+M>oH>?g6dF`G4|A
z|NlEjww}tpu7%h5qAYp8VIlSZef59)0+D1F;!jpT3mWfA)!O!KpN%AQOXYa-|5DSx
zJdfoAK*z!Nl}<dq1?rR2So~LaKNGO>j2%N}irpsUj33I+j^=Caviz)~_(y>9A3O=8
z+UX@~ZNDp6kZYR#SNDI8y=)2WFQYWQ)L3}HlIQ;)ozuSw;LqFIxAFq7zB*m`DCj`Q
zeYDd5%v*A$C;yS={rzS-X9672d$XCel&16#db!U1S1<n)@UUM46IjKmm_;c-fy)16
z;{W-){yU9`1r{-xg87Y2MDA?z)I3vc`};%vEgbsGkNuZ#FR21{<woP$cx#~kIQLVD
z|LV0*S#klnuPr^9)rG};O8u`?{%SnnNlip1%Y#~Y*RJ1T{ZG#4|Hz;#0{G_(rk?J%
zH+h<$Dfa#M?<~NCAD06bnNUQP7SeW<n5i;Bh77ioN1~FE4l1oH=L}KaVSGmpb;V{i
zO@+D%`+t#JzUzgRnqtlrd{wy!5HycC8yM^H8}Ntb@<%h8^+tPiQx=-|7hL@}FI6ZB
z2+m-$!h$70-vhBSG1x@TJeqJLE&1d8e60OzE%T_JlU+8$N_TL9#oAvDPr$WvPQKOA
z0{)UJ8ofi!MLT54i1ZXLRU3he4FBeS?9T%L`*M4;;u}?fK3Si{M+$`u#S#<lLS0D-
zrvO@q5<wqmqx0P4P<^}NV7o<AL5Bm;i|}Qh{#$U_zlc`W^J+(dp|-32XqdgDR;y7|
z=97l9t=zC|^cMDho}!&gf@=1iG8Y<n#C^ewZ#DmoHt7I_LZ^E3Kz>&DY-QM;K)QS_
z`D|0V&Rz$uI*%2Vw0B{d+XfA<>aG_XI!!$gNYG<-%}J;Axlh?`EtsI7op3L-&E+rG
z9u0c)5y?~?-58&uj9PTcewL!1HHqBWFszte)yFqYb2{_$Y^&U`4o~6No=!>UV`~3*
z+8Q82+u<3YUvuckEq3Bs@3CQ+%8|<$r(R9-=F>{Cz3IfSSHkoTiz-|DPs-C}S488D
z6vsy^<UzdaDkF!xi(v%h>hU#hQ~q7%>m4f#WY$LL*v5VF7g@QqAAFwtOn#EI+iTK)
zOYASV*P%JLiY`m|RZo>|+so4_Didr!0^#$(ctkrN+`8)%_DS;K(NBW0rkLQ^NHkbr
za=NxLg08a?y8BCXd-u!6W9azX|J6g}uV3)pS-PDEtWb4Y%-6bW_4V!LQB<dHq5nkb
zMrVIJV0a=8HVa=69`f>P8|d(XJy$u&9Q3=*=-{#Y{1}zWFihU}%v>MW!7u9ah9U<v
zhRE0Hjzc+lw4S5UhB4Cd`(atwi1)P7y}$kRR7lq@|Eukj<)Afim>Obp@4Z`LKXHe&
z{UfSEE5XUKJB_G0eu3W0E`O#X-4XOf|7-2~OBeHUKR-;uIxpg1l<t4t%TRXq__lnG
zA>l@K&MECXp-%=xX$1C2e&145<O3Q#1pJpP!xded@fR^G%Ch|4qoV6i>_N7Ct2yr+
z8?6{7vhAcgyGyu3^%**fe-wp@@lFnyYG{Oih~eyI8i}6@Tj@3n)$2?xpu<z*f{PNA
z@e;hMhMPvs&Zr(1$vlZW+3NrDV6yRaTt;U1)Ft+!52a}0?3xd`0C=gHr~Qmc@<?~w
zGNpdk_;RQ}T;Jcb``L>I^U^iHV^3~clN!G?KcV@Q*k6B@*5BSV!}qG}tZv;=BL37u
z3K&}}vEOLq@w)TE_j16lVoMyR3hBO%s$84;TsQAK#d}=&s^n8jITyt!F$ENJgKA~m
zpK5X}A(Kgbd!Z_L`@qXg1v}ZD?P=<)<9Af?>X^rH6Z7@O!Gsp+0&&to(6Gs`&X1r@
zlIAMRckOy2LbqZNPqZ?g)GIOS%#aIGP$<xpCcRZl5i2pe+fluh;&fze8dM|U`U#!u
zm~wYP)cV(gF+Hh`nR08g1$HSmPPTRbRl$t8!?M?6oa@9iYmO;CIf@US)?o4uE~ZPx
zjCm=bIiHG^=%77Vvu}pL^&kc4JA&6_rrR13xbE-z9PN@lK&Hj6dP(O8!8tx7FX>-|
z4g__<X9Spd$)MTKFPM^EI3Am~7HN@;Hzn3<=dAM5JU?EM-e{}$aIjkFihF3)#kNhv
zKsp<J2#q1b75+U!?Og&5Yp)1ATn3!D^w7GNsyFI39J|TNq12>`)v>gBG^81TwR3jE
zPY%qM$IG+$7Y>p_t@?&UJsX^2>W3WWay_A4v7Ot?Xhav>bA=mRGx4k`@qyuu-hD8W
zsKBSvG@p+`2M5hLFRkQuU<k;!cT@?<qM*l@wm!VDN82F$dHNp{)C!K`P+4}vxvt&(
zHAXJa9KmA@H@dzmg!ZJS@B(>YF`sGUBQcd=zvkIMO3O0Tu|vt_DIXl`HVKDFP_3ia
z)iC5Si<cm-qBZx4QY|;&V}|FuUxdXD`L>TG3R%n_?aioigR2!*W}2H*{kFL)Jn=^2
zTi@wUd23$``qRhyjPJ);9g>$==ziEhH|yp&>*m~YeoRkK-#ObF<X5E2D!z~8X2!jT
zgd`026?UN^e6e)rDuUnKkJN51a9{DNH*tGn<^%iAy4}VM>A=^_IG55LOwL8X#O0e1
zb>E#Km4@2l9wEJJL_OmZB_l5gHz~xudS>p3TkKo~MDduNx3^okGjPvWNX*$>E`ZOp
z;wfx@nUl2njb`ZB_`9(uhgp#?M(g8el2pyB1&SmwkHW^?G0a0Kv3Q)zkLDRW?cO*a
zt{)+Y275WJt-F$7zkezv&h$Y$S4N8#zETQuB|Lo5TUD6urClPk^?%1eNq^*1f|Ay}
zK<GtLNSv^l$##3n_T~hb1a>_+k{|L7LL0*Z>Z1IXK8M^Zp`_)Bm(`fltLPk)?5K8H
z>3DB0@AT6NQxzrL_h{Hz6a3`~N3XGS4FMw(P3&F8;6vD8%8N`|FQw*6x2AXn<2M$I
z;|yis++oSZmF-wWa12A|whu2B{T5M%BG!)phS@xIJP3l?&HZ#!=#HmX9ef7Te3b3A
zF<oIl%2T(|bf6NKr*~H|%(rpmc$}4|SSNl4cHp%3+4TgL;xjwqU$kDGnqYS8F0f|N
zpf1)>Yaupg`@>3NaT)N%BVfgLR>|{Hv*y1mNxV_6@6TX{7b*!(QKfZ@OcTxx_ywT5
z7zyCs`o)?v4|uo;Uv^bRU_oQIwSOJ#LUKn?nJY<M-XGhAChGOIoCaJ2$9|NlFQ?y?
zTh)mI*h`Bo@#+9-7}*Np%jSh_2fSemU@EDOOw(x4>sudHu3njHRXp7a{E1Cw+PV1z
z<Hty__<-5}b~3C%T$vhL*AGZ|r*YtXn;C-Xb8bK87T}4WnNGdq22W*!cI-9m`3{1<
zHcReGw*ae{@5qP5A5yDb2aQ@xR|u1gMls<}o%G+G?oUIaI5a(}mA`ZJl<U+vOv6u(
zYEpeyxXnLaPF389U~wOitFZ265<lEL4j9f8maFe?pvSf^TgsXK#l`^n@kjPZ{JFBj
z!_w%i6Ces8l?4TUY%%rd%I`QkOK*_#WENnjypEjDLM&gJ-lp}=39{WM<YVoH?XY!u
zYhQfmd=@*~En5T0D(0vqpS}%f?la~XW{AC1B~eu@2nO+#Ki&g2dUv2L+Eu!5@GtzX
z?2BbfD2^u$!=inC?n83Q46F6x)y(cV#4A!ZT|>%Z3l_!->FMvw$e2w!HI^3}*Jwx|
z&Bx?h>{|u;5DsGiUNdBKqgSe1UtI;DE=GIrl-Q&)bX=yHhhtzV_bQK*89!))1T~Fn
zocRIZbq;bfhlWg`ZvGdA*X<gtC+6A7aforZV#MR^*L4P4!;1Pk;<PQd#jcGC8JgwY
z$-JbMQ~RvZf;WaO`G?cXWa|8u7ltT8pCo`ZKQD&<xL%Z@e%ZMB=^V(G_2K;{vlD9-
zEN@|Y!KXZLmY5PK{U|v<r!Dw!GIm}3T9pQUXVK#>m9c4eg1SEQVcV1XZ4Lz0g=7&Y
z4&JahHRM>TN=I)A5I~7U-Ve>fw&X=u7q%D7_((2~!ZS>24;EbqZb^0k=fj%s$b@Te
z$}OT~pD@!OAHjKIQFDUHiQCzj7;}~kNPuannx<@2eHd{t?7uZEqk3$@qb)<yjz327
zRR~VJ1C;8(I6IeAGFqXlYBySuQ{_0pv+deTBXh{^HRaN91dim}uxv+J*=!>VYgkR+
zEnZ9&aU35owQ(;0af7&*YShgl=9t*HH{H;=X*soJiF@M?;u7#e1jY*(b7($}I?Ulg
zWCwWZ-Vf0KQ`5>f#Us97`ziU?I9*5d9DTt?fxQ!YpMCQo=(C8<J2F8Js~XsmZ-JHb
znse2lA`y=3OUs)2rJf=t>Qs82)_bC~bO^pujeTL{vBa?gb6FjuDkcM=Cd$mQ`*%o|
zT{0D~ryUK6dwdhGR-LT&G)l5Pd#~{tpBxICjRb$ybkjEgg`cP)xPn7-Rkh@zia{sC
zv;xhC6cawUw33`+VDIN0R>R!;5tbl16e!mWiWk*7tLyk^en5WV`rH$Zl6WaV^4lZY
zCk)KN8@g{~E1EPEo<{Xqd$;Rx$cU(N#*8=CyD#&2VLcN3XFUOeoDN`0!759~-R#F0
z@5ElAX|v^SS^nJCeobaqf2?bCSl-h=RHc($8GH@No#sLPBF{bE*wDx76_nSWPe%`-
z6X&`*S|ljB-dI#@T4~e<m(&|87I0a;RR;4QtaOQC90m6)z5y#0tV=hvE4P^in+vO(
zpY==SKxgI@u!6USE92A<(%7lPj+#-E^6KZM@KsRK_8h2fWeZ(_+roA2UYu7wn!LZh
zjJhMJ{u~I{Mhd~I6nYHGt%YA()OSq<+Yb0EfR*K4mpN0p_>HQ*kl??6hO|B0LIrex
zRG;OSj49Ja;orAE$5tU++8Bw)T{?jMZzS}E{fOF{;oWD6q}c0vV-yFJ6rJG;d*wC9
zsY;C^<ENFke@^uS3RV6nsq{$oz51gtt-^OZ4hL)qDXvP5(U2H4vfYlaJ6MM%9&su-
zudN6nJu~$*UwyMqapI7I60iGfBjtkLRk$y|ARQlUZ7(F4wJ9QJPz#cjroJ&yz+s9m
zAg?1$cCcPEo$YLJ9UlLgCV#6Kb+PgTWGWD#i1CCkR(1<CjQcCJS^X#~Yq~?gDK!+2
zJJnzT%)7uMem=g!yYm&vdg{?C1*GN8*`Zn&ixkhUSnlmXrJU{vo?<3=0j4^O);sR8
z_xSf(<F$c`fcb^7*dM&;PC>VXXY0xLw-59;x_f*GIRG(6S8_Z!+X2%yRBY;Gh;&9B
znwvc8Gisc?mMr6uS)3$%zohExrN&7lX8iHv6@EO%D{_B#wKG#8^iy1!rsc2iA1<%v
z1{SIJCJvXE`;lA+Q+CRlk9~ER=u<pa$9fHBR=9u;2QvQ0NOID<IyYRWLmA4xMjIt0
z<v9L&!jI6qz-jSe4Opc6#SR5`zp}SB`0dgY=44VuU-%YaV>tMoCIHD6r*yuuP#x5K
zle@cFQLLR8-jgb>4LjOpAORRs)Tml5YZ*&Tb4JEMZKa>uWVI8o<l2`k_qFlCddbws
zJ{658$I#FGmu+Qsmj<=Pu<qL2A_A{$Zg#%~$aVu6neXFG>s)hyDan&c53hqpz8Cma
z1KMCC8_cvp>*`2(41Is0Epb>=hTrOTZ<(5)GQH+4pZO?H^ub0mTlwZ9tMUH88W4oV
z19S=#yFjof0R&2pl^Z257JLXARjk$h9w@z<9A8+zS#uL@s6hGHF7W8+7eDH%8=6i@
zZylSDsB@{9yFW3)lij))7Tw;dqgxC}<92yz`13=)yDJkRIc$ELu!7xb<Bn&XX^tj&
zECSu1GWHWK!oyi8F#1tfdK44Ile#7|t=^U(=9XETrzKWB6Jh+Sh!x~lAOeRhdPrKd
zT1I~Yz#I?vOq#ux2IPq27Mgd(AoqQ5Aw=vl8@Ic7%XI~JrA$xi-<wYs+I0_2KUmc-
zoV#Oq(q_#2sy$|IPWtFkZvA@Q<DKDd$u!*51CK3-n6bf#&lp^r1&{yDTn%&51@RCc
z%+ll>=%Q#kWkIo3K{dMkQw=#;lChCY0>VL+$A4~eL3%EX%xelGC|3#zth&#Nf4y5$
zh!Ag!9u)JhPH0n4?f|05PaUhwb4|tbUUH6Ut0THDXwPVyz6I3;zNn2)?8OEb)kP`P
zeewL*J;}Ce+XMdO&L&dH8YI__Qm@l(ra#(uQ6W)(y-ug;cuU`BHax{@SuaHSWI9FV
zU~$*#XBTq2?|ZY=)TbZYq!P}Aq>n%(oc`z;<)Am<i&MlIYN`cCOkTH=EgHG%6>Ov2
zI3|oX_$8N+g(;w|u^4aMV@PmNDPp>6+6f|gO{j6bel<rEAx)fC1iZLU<$K4AKXEr}
zMIT_%odu;91?lJSgo!ZAO)jhBuo`g<pfF6h6~p4;=e?vImipz~l!=+h;a*5|f~oJ|
zCDI{Sq%EFtabIjy`h!!RSNiv{yK&Va%NF_}?*6W~o-sTFR)_w@UTxn4LM1_<ZFV+5
zpPm+&++3^1IJ*uiFesUb90KRV^_YZP{;WJu1ErBzVlQxT?rSIamo!u`Zw8LV$Y+B9
zG%#Q`KOdtRKZ$fu`k_780oW!hGST%GD$tbek8}HAEP3IhUgjOA3ArG01y8I8I!*8C
zXGxuxpCPx255C@nJYTf}(5)3~wR7QmYMJd#z;)|@<hF6J!XCrBx$WRh__a{svUO)p
z7pXj^%$j796*kee70RP4H|sHO9@6>dtWqe2T%#P;`V%uq&$({l#)fl4$rCw$fbtms
zDyW_pwZBqSYz4rpEHv8F%{Kc|bRcRpY|>A39*K9p?-!`siB_&QhG6CUfaDI!S3#Hw
z`}*}9?~2dwpF?`BfR0UkJ2^f&=+;uA+O#Tw{GNfIM2;7dU=jM^m}Vd%<=vDx+7Z47
z0)coUfPKJS1E1w%C?+$nB?$uaQ?W-x%uJK|h7=KP22XN%pb`G)*CoOk*D%_%yEP$T
z@Q$2CGwkA|e*qB*Dlw9Jbg<^8QsPqouHb#2VKhMWyKItFJqtg{-_#^~!=xxJ_QF)i
zA%T2j+!y#+*7i$i78>Qi$xWn1=IwEd2p=y_EHwrPBrtF3vwrkRg55aP5?`9oVV%fY
zOV5?!ColFt7B<p&yp`QSQku(W_x}E#R#8M;3COBl9k>T_M*D#u)%e{N#yc`6hcRAW
zmIr_?B&=f_Fmw7Q<#LafyGCKuL;A@siQ<fw()Ntzt2lKWDE{k?gW<kTaH-NQpIEU@
z@-#OP*4-l8e{ur|NZ+RdxnZ<Tajo~aYlH##d`FZX%Mx}28;)*f;#4yh1shHlof~Ce
z)i-PlHaoQy(P5M_;RU78E;V_dbhn@}h1EGU2X>?VE1uGon!+gWfnQaVT)+9Wm_77Y
zuUr^|CBG^X6`r%lQfOs&Nuow1tXoid##RFI9&|%QgQJ*kx>{$~33=rRG40<&c}=}o
z*7mSw?$f~i$!PsF36C5v1b$6)0ic1M580YgF*ko*q@$Y_tUtS;kLE}B$Fqi>L^AzY
zwQ}iI+_nx&f5A1lz6`E6oAyz>0Y6DUVER1_MI|byW-}Je{;ty2th8!8nTEQa3>;*2
zQP#)%bW{75tSmOq_-4j^^y+h?r>=z6SCu2CJ@38pp0vyBydA<~9|N?h{hxI(2X4Dv
zai>z-^Kgw66(4nb<KQshS?^wsC~%EX&znK51)3u4e2<P$C&&J(NAE@$G<S01&Qm{P
zUjbP<CYhH)f_6T{=d~h-B{ip-*l~Rs{w6Pc_fLRRFQe`H*ZN|>&NZM;3N#OR1{Jap
zWP+f^joLX4ha~0ZqLi?^pLXdO1W-FKEIb@Qd!u`9KfeaM5_&-&jJ~_J@@~Ee=mjin
zi4}v_)By>|qdI~aOs~=o#VX9^1YSi>&ok&e%E&y=sUts&Yz<6c6U5dWEvo1EnDUeC
z+pZZpPQCq3d7_rWRb&HMI`Q5LT%&o_x@tMM{v5)$YMjCII>~~Mu|)W&1X5N=&rW48
zw7$Pu7OErnL$_wyHw8JF15zHPNIjkb7OLOPj0S=Qo;z10mokFFL_en$|B$4AyZnut
z(^2PhCIzc#wyT9viOrJnwy!*)q-OeIVEi?q2#V_)^{ea3q*8u+l5B+Cfyfk)XpVi2
zJ9>3|!6~%i@)}BLZChd?RvQSGRSi~BlO(-L^MCLz41F<|XU3;MnxdE?jji`T954bw
zgBdQXTI&Z`IP8o=Z#}Z2vn}Q6z8WOg%yS~gg%BZ?@oH3xIR0(DdTp^s$gOF>=-LaR
z4;0GDH&y9;36fDQyrWH?_<?hy+bKq6FK$m1>K3UbIjI?{JAp?k#*%E(&1-feRB`QQ
z5$(`73#`VIoJP|h>3JR53h1N7oF)z8lgo_6bjsCuZaX3nzAFX9&+*}^^lXLqC6Rsk
zy94!h1LCfuy81?o`&cCSz_dLfSJ&F!N$Wr{sQTG~GM2nIS+v`^NK}mTDqu_y3m<s}
zYFsQ%9t-a?u96$_S4#m!r>JkGCRp0+vadaz83e7>>(wxUv>5}6;WDdbZ7H-v^GbcL
z!!nPsA}1rIDbKju?ubjpWbM`v^68I=eKUU7rSY-y3^e<<Ti)z<CiTRoua?2TRp}D=
zRiQzpW>$<0u%n{gnaANbN4CNf`XVd}SJUH-r*Tv49)tU~n+`GSdlo;5WXs>!Jt)2@
ztuigLEIL_air;kq<H%dB8Bhw>G&)@#0wwn`{|XCMGvI8*cf>k@3DDhXJtjupTHY|s
zkByQJhmw*e)0CZuze@Mp(&io_j~#!2x8RzVDk(=RNoun>c70eB%H3Yic>UNtx5uD%
zNRYW<Bf$$1^J7l6_(FSF?CcxB#Ya8rv=VZiw;*~cuBmdGk3ED;$d&yc%HBFE>a}Yh
zR}54{1Ox;G6hx$zZjhD+X@)_hTe?9+1VKPrT2Z=Vh+*h%sUZdiq`QZX-;L*e-uLKP
z-}76~TCAmiz|1G^z4v`z*R`*$HVr1tCT(`Rx(TctE^dXK?3B{rH`sUcO6`t23%j4#
z*I#dusv5ZcKH1=l#Y?{Y2;aOmP|_oHK07sUIZeEnU7K<j2C;owjR0t&5df5mMh-x9
zPuy}_T{^+d4AcD;+PfbtvKjl`(T+!N6Zn013K=UALcF1oBwAa3zt!_BoQs_1_U-hv
ztP8<poPA^(87x*E@0<WhDe;XW9XI>a71rDzlf^yJC&5kRB;7*p1q<<k{C71B7>Y8r
ziqizYi{>bPtgNJMp8cvVJ>rB~rH<AZP@4v)hoz$1`L!LZ1OEGmFQHV&*`%&?h~8;n
z9S;}S`60$-uIUqV!$X00R#hW`C?w;y(dLvyUxhu1G6^;s5bG7S*$TO2X`%LpR?ouj
zkoHO=lwz@19kFfKtM*21Q$^!`Hu#g5`4d{IsZBZp<2_9ho5RT$EeoJ#T7^>BcRp?Q
zLlrt5{q&~_v}?;SJ3X2>8;!?+j1U9^=8bv8Q{ZXqF%kf*?4q^vOuxIqA=rcv%{MF4
zEEIysABDU1yMCFHb_`Cj?&P>h#xbmUec7T6mc&5zf;*LLV0I)*18Ou6$*H9^)ftn2
zxgM;~ET$_y=D8;ror+wo!<K3tE;PV=$~^+k2PRjp9M=8>7S0TqXn63#0pWQb_?GqA
zWPd~d9OFerYGYfadzqgAfF}GJl_D~gt8CPqk%q6bE%41;SG-9s2QP`wp~wRGh(gDq
zcj)--JeEQx4ro!elNo28P-7owXGNk~Z#$9kNhkLjHK)t?1l+;P$Q+Vu!-fMTQ*2^)
z9(OfqH2NA6R_EJO`j(U^Hqm{J_xU*I`&E0QY=AZEI^|?A4t#B%@(p~<nUUSkm{+b+
zqR5dEKYn(yPG7k?ny0q|NwL=$dWCC#(W>TTw-|Le51v!W)ctXF+j=!)h-Ghe6_Ey|
zU27ejpCQ9fl7hcottFlCrTIgfif4xmoe4Mjs5(@Hhw_FC@1*JV_onkDQ?aYh55O|G
z%iWfQa+mp=t5!Gk8>p2-gbqzD4rH5>mQvItCJG-w&)%D5&n4#Vrop|Uj3AA>`38hG
zxvvo?eNEE~TXLmqYBRjtTDp)#LRed<A1Zy(H_11Ake(^IVE&1fn58@AcC0T5zAk<(
zcij<mA+eM70gQI=Ak~bsksK$sNFlO>dixZ~X5nl@v(-0I&aigU9f07l{1#o=iCHT$
zItv8<8aU!+UPF)}yQ0S8I1Lw<9E;H9bRi^Oo@cIFJFBS8TXf^=C(Pl}2{UZ)RVRZJ
zhwL@B7Q|fu3#6mQ^@l*@$0>iZP^-Z-4k`;zCvLYFdAV)xS-Yd~L%*Use#BT0#O0k@
z^MU+Ht@Unp{;sLyB3yx`BQ9a(-tE#ve5I%4nXf~i6C5lVk<5&tQ)M-_`-XCNxo0N4
zmu*^)W@7Zb3J;b(2knuo(71HmwDZ)77P2*R>#4L(M$${8IK7I5kUT{AJfW(WjoN>w
znAxIgPsHBK6wfhRVn~=F_vaJ6t)nd3Ifoz?4tI6iVbBP=Gh@N#NQ(zTu_i!!K@zMs
z@OB7aijtm=jQb-?#u29{k9&-(%LJ$J#2OUgQi!h&xkpRPvyRv{0<l`!GH4E(%@fHA
z>xmdQ;<&8hTsOS@s(yaI?zXpPMb)?*KTd|=mT0(vcz?^YR&(9lX8Q#wxwnM&Codi8
zo@MNR)5wR0tzScg;~=OD!Yx(PYCAp@s+N2shL7QDX&4c?j@$QC?dIy_&t?KRdm^BG
zxAYahqij}+B*{QK>T9#nhY<XHY4K3H%Iiy2Pgl3Lk5tP-LWK?k91kW1^XiKf68WTZ
z++0HiUpANDfV^TBz4AXbJ!iJOEXJ`0u5hx`uUOTjqn{S|+I%46!8$27i$Vz@QQI~x
zl-IgOl7ij%qhtTVb7N$b=L}+72GZ0VxQ^IFpco#j;8+~a6@~axdF|J^Yw|g*JT}i&
z$`y(7uU(GP7<h&Jrfigzq1uw9{YWK9J5)&9ZVV<IT_byM{bIDUWu~;*#^f_3R=8|>
z^3h6hKGE<}Dcsy+qYm4V-TE48o&@R=wgNnB)pP8RR?9vFdKfeiDhin8zILU$3oo@8
z>;0C@btWYhZgwR3(dCD>)_@Qh&qim)E@s`k+!2#~9WVh)DxNEsUoACn4!ltOFq2J=
zw)5SIO2g%&^X+aa8t8#BIx+bz4ms>BviAtkC<>nlTdAnN#tbAL7VL!wv4-%0q;PQ*
z;M&$Lk#NTW%qaO3#^!UWdG(^H%_mGY(=>IdH${w#h2QjQ3=5@Hj7gC_L?X#PVz6nD
zS2_Mzv)nUINSez0*wFDt2i*#<-13Z-B7!$#^KG6{+@t>uRx?)?;qhCe+;NZ4nyrzJ
zqNq=q54g)pcSh4fE6~;t8H0y4#5`%<^pf8<ugL!LQa6o@In^zldP9cx8?1w*W1t5b
z=0_+bOAEKTw~l!wU>nZ;lQsroKJK*)n^l&gFvIiH?LZh|SE)O0PgEwkER(J$XhdWB
z<7=Ezs1Q(2<dZzM+FJEb5|M?|(Ywyy1En|@stEIOjtY+NUFu@j9cnYuiik+ORA2f6
zycEQk<GqD-xXUwdjYS&@62!{e1mOW%1pEi`NQ!&xb=5f|Vq_+a*-JQmKM->pQS$)v
zrL6P*P?^ypp+=f>Qn{yg`hBaR{kB8RX;szM-EC<J+q8SX$sg`-0}T<wBKu`%6uT3?
zi<+{}&;!X<yU|SAv=awYz$lHugWZ=h&m<sCp5Q#bHENMB8GH{W;;`LSCcZmv*U^Q)
zEM17j>UrsGwd~u3xVnW13LJms^SK8?gim=aav$f^E-$7_>2y4e`x<D+0$-??9(VZW
zzL%R@DM*xV+G^|*gT9^9Z}-A%+|hTkOZ57|{Q5+74CnS)VEOHvvGS@#s=6FmO_?mZ
z@Vm>eg-NrYX^7AMtR4fMJ1LKt)J!wfgE=zDuX;|V>jSm*+||u^$&#JClcWX3qWCX>
z!T7M%YoI+3XbW0ukB=mJxz8{w2UMg_UcM=@80x-3?^s=ayM%e|QNdnw!JOls;QQ1<
zCvL0JfdJ{&DEvA0^Prq_#SCh+0gCHxR8{F-8{JvYjW(#;BCYH3rm}L&N%c)qyBf=i
z+30Hfi6)Jh1oLNI?)K<G+GxMD=g1+J+-8i0{~DDQ<SG{%F|*Lo$_s<dC53S!*SnJ%
zX_TRR7drS$&l_itN-LT}aYKdp`rywKp6I`I487|<b|h$-T<OrCuE?Fxy=zQ5Ldo;`
z%RQHu!i>YpWt<FmcG>zXGJvfqrN_nti>j{m2Oo+%Q#JvGV{M?kWniOXYw&Wcyil^q
z`^CW1Uxkx_uqQ^`o^8Qnz_J0^lNv-Jo9F$u(<mm5$uldZ0i3$~#j*_h2Vc|(Zne^+
z=FvHLgRa7lgYO<Vp@shkvQMw10Ywz<hHaK@ywn$!TIFRxk3Lk3w#7%)+>$}S>Nj^~
zNkYGMumiF$Y<|qp(biF6;E^z~b#fYBpFf$fR$~2@t<^@Q*PtEeeqw_|O_|{4+?VEU
zoDWF0;N+aDJj-=W9R9KrftX}#>{W94X`bdJY)E3(A>UW4)|pQ_I?S$Cbhu>E<vURQ
zvAAF=VTBt=HN6hqQ9TAxv&b6Xoh5Jeg*8S^n4GZ(pX8kU6Jo2b^{JxEAY2)+@^M%Z
zKLU35imby!d5&M}I1Ix&b)0@!sBxcFEq{m+L)a(9@985IZBEb8F~reH>7dL(Y7CSB
z<Ich)+#=HPe8{m#=j<(X-IOBySCnq=;yf!4<v=p%xgN|)b3vV+byK;mX0l?*$Fenz
zk@E<LCp$N2RcwO*okp|yLMEb96(O-`*Qs4IVEUswO}A_i{37guP7e)H+vlR+vHVV&
zH$lzqtL#iJjxdT({kiTv`$E?l%0k;=JAwBu6k=rqME_|!L15WelO)%)on>bw!x*&O
z0QRQBOMKo>hSR`Q;S)&gb<JDR>qIuL#XNPIxcq&Zc=kW%;%$o7CIK`K(2?|vL%@Lh
zBPHTHP@a5+eqKH5AS7>Es+PT9`SC5jGo$!JPT1%z#f%;SExP#p6WQux+Y}}}ok*@Q
zjV!Eu<!_W_YnL!T+rg>a6ZI)3#zZ&Rjk(E897bFM@IlEwF!NsAxI2NKkWPWa=2Z=e
zQDL`)j1%F2yMgu<1BQF{U%gJQ?gp>xI*$(qkd~HIdb6!P1cTsYNSeGTT_$~+wbiMn
zw+v_)i&UScYWvtdn@`u6Og-`~X&S%0i@u8#paiZ_W+O$ZMCMs9i*p|QidgSSAMAbN
z?X8adVeZruwCJwvmt{3Dg>5#7wfZ*f@hnNg6}<H>SB)4=;y58Ky~+|YZYX~O5u@WX
z*A|L0i-FdL3pH#Q7X-E@x)8I~VepX=(Zb=D`NdjT?MId<x#w{5<9DmuxQo?A)Dksp
zi0I*j3&T%?hMed&`Z#rSh1`7MUl4~&7Atw+TmttSfQjUaX5HVQrMbCtRU>Z=r%!_=
z^ou=PtH%Ia{dpM9R($oY<~oTOg`ht@s`4a5RR;xQSmvXVn~upncb|QS?*kSdFZW2H
zOj!BMI>UL%YS4rGJI)Zaiw3P3SmxzNK~i{<ZDbKprrt<S@_{FM=Cj9mcB{R05vS&I
zLXNx_)0mJvRS90ie>Sqd7K#Yl6kEtOcr>j=zTSvF_^#gBbkwt>N4=WEO6gfO3Z^J_
zPQz(m*OQaN=Mj8%z0aju>2RGQX?bz6oG1EXBWBBDq*~!bwALe+Om0Wi0vsx^R#tC#
zX{0#4Gm&3ILHL9tUg!V9YdY5m98-<7gbjX3RJ)<@M;42}t~E*plNsqzZc^UrU?uf^
zGSo(nta&-aKbi#S(1O*SqAhFp3U9zR;P0)Yd8~EvX{%U?c%0k>S`Qjd)L&RM0>C@F
zLujdAYitX|*R_9%FY@#FiupahfF$%jk5Ayh-sODVgY??B8bq+kS=jek2>XIOG~Y2#
z^}WAFz)vC<B4XlpfRsTPaPlje1$h8#z17XXez$+0Tbm>VZUcDwlqn9I1=QXJQVvsJ
z)1P^jYbB!h9R23rqAe+&zIt~=cHqFh;UHCd1F>aJwycJ7iXj7Y<+_rCzB?VE@rCrc
zkn-fLC~I^l!V=0v<+WX$6SDsNfzoc~4MdXrnyd0fRR(=OTT=FywaQ@`xF454`&{Y?
zr*ImsyCFu6-Ps&Y8?=gh1a_gVmHdnHO6$Rk;&^HaYJ~tro<{F*@FNEkzr#sKUIj6y
zv=5M%cXS?prOua>Jf5W6xY0-KOgQXrpo!zaG=2TyH-@PC7?;^b)Or_Nl1M#yOXbN*
zanA=fY1KV&)QbkvAmLSF#4BF6<ymBc0}dj|bC-0QdfOYFLX86CVAalIztk~=NRs-b
z62G)Z7moLleC&bPT2L3#YXT5qA1gb_S4#6*;4E~@M^EtbO5OkfQK_46nQ7V%CeqC_
zee-;@DD%+CbM?ID?d9x(Um;S|fMkX84GDjk^Nn7{W$D5;TYJIWFj#DObk`!cU#Ar1
z<oU#DWoVAf(Dw<m@?VuHdcH48%6&RlZ;_H@lhTPFU1;%wIwTJ-TyVjD400@<Y$Q1U
zC_5-R@jNz;cbiISpj3}Q$GebzkG}T0>L{TTvn&!?Q$*p5hm}X0SxO6?cu0nmrx079
z&=}GrcaW5u2a6kQ3qxI{V&)9?Tfk2~d4SpFqghJ*Xn2x7m8X|nC524y^)t$<k${XR
z?7K|m*R-d`=$boM@=i}ZJlx5{po@H=*@wAwXuH3k;5G+=n|0ZQ7a=dA;TFGS&L?->
z0x9ax!3D?RPp{c0t}GE4%PTnDdhP0tqO?KrD@-+Q+9~evkFt8QImI=vAO9Tv6wsq(
zg3C5Ujx7#=oMT8VEh<xQB26W2V*RmAEZRaq18-d@cp2BrYG}Ica5!Gd)y8Dm^*f>>
zT=;it=Hj(TU{95Qu3;$v+I&kIdcOgvPn2Y+NnN&VOdj$uP+PF~i3L)Q#)Z_>kHCDj
zy@LH16qX!vescQm<mVBOw0k2dLzpLej5-(7lOJGHA)f8eqTP0GAb?Ghxpe{sq1qIF
z^U~0V=EE2qhK)mTGNR#Laj2=@B(;Ejw;qS5Sl`ptDOQ^t<j9X+87R*F7|$VQZdH*u
zGne`(#13H~jH90ash-}z=;(NNt0^?XaC51C`0>~3bcPMLl|p4?A0QNtneuCPwd;$J
zdAb&mrjM*dQo46mOZpZ1M#||_okOigOA2jOnNqA}5!N%|<Co<z%{%HkRz^(n<N6(>
zyj#kyvr!r|aTa+|tEH&!wf+hov#E!%FPTW?la4DpW7(xxs`m*-Jom;uuR!yZGfQaE
z@-JIdNI@}!v2^@M-faI+Hld@0i2s4+L0ip7Kj}q)y<WD_(W-L*oHsdxrR|VUSzCjf
zPIHsc#q3^9S<c{LwD!-wNk`!+3Y|^yoVezS6X_Xq@o6(~NMlJ%BDY2qiZ`l-Prt7*
zr<c4ENyfsCchj2_?^eW9obAc1hi4r|F}hA4EMQDp6><K0dQpxFX>3%ml>$sqOgBdH
zQ^iW(_e#a8)&5m->vFWf;}dmmSpcAWC~qyzX+8a-@!fO8X!B@jkY8E{_A(|<U^L$H
z<OUxL;5?9lF4NTbQp{pvMUFkT*#V%qz)d|P&QX#Hp{@>aTGKD$^P45yy_e>wkSeG@
zRAjh{VMILzq=<@@ETZ~32Qeg(%`9;vq$R6bmr+BP-P(frNuG9vO7)RbLhcrzPb1vs
zXg`8(!1lfAnyC7>OY>QUV%q{0JB?zq)iFRWe3VRwiL;8dbI#=?uJpR=3cHh|jsLt~
z{|x(KzS>@^^Lq2rfpEt_S<mL$*7z=z^$}s)0<8c1eCEBqyl!@)n_Jfv`^BQFY~{;P
zmbGB-mT$s2c4DsORfh`Ed>?OF^ud<ME7Y^jw8B;_%lZVMWh7DZnqDE#1imVKUN+Q-
zd17H#WdEjve}U)2+u4KgfJ(Z!bz=~Dt?S2MiNm-@GhkI*gBGeaUszu*R=pJ`M!bbg
z@LB60Hs&XK9lb*R9C8Yd$O$#rrq5p=@t~w<O`E~_-^PUh+50U%IM<F@ADqimA8fD@
zyR`E+-pDz=3|$?yvTR~Z<aZ8Hoxd{uN?DiLT<K{foWJ*p^_XS_*lMkm?uFjKPm_za
zv~hCXYl+UEA|fhuX#iQ9%JxNief;SOUa|k+l^FPx-Fb~-!^%?})2LX=%Kq4tN<lM`
zSlc0(Fm%a$bs?wts-)I+TkdK|y}0OYl5}k^;#_WIWnij$_HG}%!@IAqF;>`%g|}l)
zR@oN!sp7T1a1*c-bYHJh<a1nl$Zp*EsknzSA-YIW5TnYw^CNt7A(1f76`aR1fsa1+
zaW`&OJk^@9jevf4FgN;Pl^aIp@kZd4$suBHl2=reJkjPS3z07rLb}?$H1xGWpXtZD
z4(gDyd=`C#-PEe{;to4n-V_|bcXgf7w7Ol-C8<hok~u^h%?RdU_4re|X=<04;yc<4
zDeHz~98*g2EX!D2uRzafN&N97!*39vN5a?7k+q)*lWGHUoR>Atgf5wyG7>KepAA`B
znE=^sZikMeXFS;B*~hSiMHR?)UTPS3LNObmwR=F_;uvqh6Q*7rg)z>KDu#l{)L2Z4
z@Y*h9!UPSmfPp-7MY0iVLYPv;vMQtyrV^)ez1knY5NcVo)WGGqIwP8L>WI13r`|P`
z${4zPRkvm;IH<rv0%02#@Xa96a@>B5VJaa$hednd&}z%zXIT$y!n1j~;eUaRcp3Nl
zJfpVJWsOpU+YZ*LqtPy&5vEM#d`4S*Kbwu!js`61p^{^Rtq|`V2u!7#dy3^mH~pDj
z)}oO(6thek7UOEx5{T&RARJ`)ygP%`WUWYajz&veJ^~i6QP@UxjkwWYBW0<5VkpmM
z+r}|8`qG%P0An`8){~;yXdP{wj6)qgiBDu>3D@CB_j8VsZ1)$+!G)X;Eu#QnK=4`)
z*77bLmA54{uUv<l<^hv%4JT)K=E!d)44Z-u&E;AaVY}BHJg(5JFnyFLJa7Yn#*=LX
zU^adc(9TGlr1gRl2B(-gMB2)#&e00hd_x$ydAC%$x$K!iY&I+^DHV||Xn}SM{^cH;
z*(=c=e>6vk+-JUAq&w*s)GXuB>oON>(jG|EAt6C)o@xp>#R!n7nW-oH@K5KHz2oAe
ze5rlMm*L9Hq=Fl@myjp1L9c-;dIuO~q7T_7YLl5hTuX9a4+976ZpsiMm(0nf(<A@8
zUp3pv$LW$i0`EBu>*JFUqvPK$c`1)Sfo}kbQ~=!NGobJ|gKNNFJqMK6xc*UEVYThb
z<!5Ve0u908#n!;nEDLP2gzN^CFQq^ZjB;z2^+YO|xudui30yqSGVkO=rhcT)_G9J&
zLpRe(6B-bozE`&o)*z^DlvYi$;{>{ngM+*8SIU~Jn!yKIZ1-)V+QvG;Ow>}?<7s9Q
z36XD-g4Pqpp^o!_8=4OYslzhxoBSb$xA~|T1!7WYyVK`<9%sB{QwW&IkmOh~^!@pZ
z1Hce`bj&BfQOLXCC~JqZD%1I?kQ3DW#p;7I;r{msg=laIW5m2}JEo+9hh`dxlL21$
zcKY<uRq!yOr|V})ANeSc0Is>Y>)zi|d3`l_dVCG2$`{}%bv<t<T<4SM+~XZZe8KQ-
zaYq1^eCQi}+esx1m>f;D)~ui3LWMZ+db!GD)JUxN?q*+D<w6frhSGta3a=_y!YpOu
zNb6h=sYwDoHig5dlf#-bK_b$1xLAwvP@ZmXlNfp3@paTZ+CeeScH=E69{NYMr#nA%
z&@)S;;PXeV&)6D=wX;6h??(>YCOr2f6VoAy;ZfO}U|7KT%d3eI&*r~HQ<Qpb_PHL>
z4OXnkM|A&+XSJ8MYZddKEy8h$WgX6RohO)egVlP0R!nO%C4?Ne?QlqET@{se;MSj7
zS>?5?@!1yNDR+aMq>YDx5Vs9k6(|6<ow5wS!aDyuhWzvpqwl(P-ThWSUus{{6ALW{
zP&4^g#$;g3UY-$_OfJi+QA5{_CY|$;CuCC;L1i@$)ecSu{kP5*$6Jn*EUDe9gwTPN
zNO2;~bOqhT+-StoAUi9XDU50$TtnY2=R}f7wM}n}ZztR;M8;aTL(LvDRbzB4rXgc%
z8-`L_DmG4R?(?cS`mPYM8)g8On<LOxb#n}TJQ#<MAcT)r*ekZX2|DWGG%MQq2Fl)I
zX4n2V+SLcnqumQYe_vniZ~WXPQ@#?c0d@5QBRbZ@66&|MbzacK#sz~@9U8;hiV2C1
zUlF)hn)r{9N7S?>yG&ho-E1OBDFTM8=eT!w@eu$s9sL<!l>G-Xfj*6y5Xz0<-iPUi
z0?@>Ua<;I`^}9euINhJy*6$G_r8tO!Nwp7H`G%LYY}9c{?UIS2%gcetrs3K(>k_1!
zLo)jNAbAV}Qbm@Yocy9F=;R5`o5}_<xh`7f*%W2G1u+z_q#O`E_rM42%`n3S`gpBi
z+}OAHX1<|YDaIR#?$YDw+y$!Ab3{&yUbx+FHCjR_ay$6v-xki8KG(L<vi1ho@ckM4
z$oKi~Fd+v>y@$ftmVBmGB-)=7oa=V3R-#v|4Vk8af37y#V>>F8apFH-0J!$syG9mO
zR`ZF@T%z@-$oiPlWxyvEib{+-VM$Wxkewwuqf4!C4+hFjoa}`PY`B0Cd%*1!{o^4Q
z0D(Sbyj1bkHac7>R<zOrpi9XSf;$bP|3SOP{wt988LyOuThHmslv(SHJgt8HQ<N7p
zF61<20)$lUyxog2*gYNy<wv#i05`crF!gR)F(AO})fMP76v6tVg212wtoLkc%Ja+l
zH7xnnhgpe7?rRk>g+)UXcIvkANG*x4A4Jc~^xhoN`lAwVg_YfgX1gdtNpOtUL&9Gw
zD;MIIShK)|7RXYT1NY`UQs57lm&MI=$B)Iu+BJ9?Z9H2KG7FV5SopL{EzO#Imkyi!
zT(DRL^DH)jP~EHr1Y0gB&qOUte3>kQJv`G6F~NzKxF<Y<JZrN=$G~NEQ{tfJN8jVq
zP?i`-v@`$}>Z`FOFty$KoZx828u@_Kj$^Bt4nfU!u-25!(i#xY)eZJaQCU$HJS6aa
z#HhhIKct~QXZYhF!^l5Z58<GH2tynWpoGSePdrCCTpebl!PJK9Nb~y577A9uvlp+F
z+0-ZFa?Z5{%SuVB7@eB>kD#LaO_WPFE618jm#&#5GAx~!^vsg;?Q(TE(q?~o$bYs?
zYWtS`t$v5h61q<9G*`OiOEpCe-MOl$sUhyRX3?}9Lh~@>IwaTfJoNSYBTarxsH1j9
zpk&-;ukvct#xTJZ)!M5%h7<-8j`3hrt^koMv(_sJPYA4L)q}=lsXNWesHHzYCJtuz
z!n`gyIXJAQ+C|VBl3#AI8g7OkrlI5$vsV@nxP~Dsc3kFC-^kw<ZFqYHr!z<;MxuiB
zW+l?y8`}*1EKjW=X}ct$U^zVvgM)V3zmDJthAyA$NVzKZMzx&*$yk;)igkKIILBAP
zbiPLx8Fq3*&5ZBb4NZ&~w0Nxw-h<`V#Ef_Nx!ot_51w{D{XtUs9+%wOJ7)2O0oIth
zN4T>W99X$?oPwo>i=Oy&I3AUWB2%fV1}e~Uwtm_T8DtABGh=d1f>gUdW5u66>LPCE
zt=zKAF0%_Y*5mHP=_FRhGwNZN?jzr-Q;RZ;l5s9QRp!1?_%nbe<Oz3P2q$&^K6f@|
zZZrVD;ag6<ONT~pSG^z3$NQGPrgb_Y+FvTx;1*StD-FTGRa<h^UT;Sd1Gdad)smN?
zaD#Kkn)v;ge7W?);-_ubUdM4+7+af{l~xu*C)LuEI80H{IIFR`Ao`8naNd5S%}A<L
z<2VRA{07A9fG7nkS3Cum#2IKU!q0IW0UFAIFR#R_o-J1|R|EYXS@v@csj(YNm!84`
zW-t4AnLUz^dl&;znPQXM{_#b9Lv=WXWdrhq*8ylGNAm%}vF3tMw2HscDs;F&Lq1!3
z2`{o=fuEUeVyC(2)OlKqDm>#8v-%`a39}dXdtC~(1bd{GFZD`fP@sdIJ$KGUpdwDe
zZ-_)BuJ;{yHZ#(py=*AGxF@Sx0QODh6A}-UK9PJYlvtN-NkL1{3p4*@Q)x!-*OMZ=
z8?^*D)`d|(VQ6!%Aa!yU@QDeLhc%}@W5!-U^(b7Z92Iy;aj+oGcwB_vnLHiBuW<Dy
z&!|_hCl5e}_JD$y)G$YAZgBj`I>JDLO2A|PC$^-3K%*MX*8RpKC2G4LmhW6&I|5Hq
znRRrPQJ;-*_383dPkg$y|7!M=a~6Y1_Jjb&C|46LmF$K}N3o|V#&nepi*n~a9;#Hx
z#`uCWu8@pCoXk1rAFT)dD>89%4L-x_Z6M$4l{;iXXeI>m{a;a5M9t!Qd1kak3_hQJ
z_w(CgeL@3=F2m~e;%GB;+bDVd$`gCW!P0$<JcGdlLgWYW`6ZW@sa1`nS<;<Rhn7TV
z!m7EuHkWlQ)TMOR0+}nVlL8T?WvquDm?o3CLoXxC$d9K<FIo__CF4GQw)55WFoXIR
zW$i_=w9yO(gpGlfX;t<<4ip<%!NjVQMDb;NmC)i$M+4ZKocW32+s4e>r?+mn<z~(L
z^Uj;W{}Yal06Kt&(NGod5%28v0UZTFp?Y3R{YFq(nz<KQJ%r8zUhwPOI!BR~7}w3}
zQgKAFx7H7v5AbGITs}2i;Ru;H5Zhapm1~KO!5v%IH8E21)-(Gtao604YnMBc@x}Dz
zs%l&mU7p;!4SkKLHl0nt(5@=LjuiRIctgKOJaT>Zn^VJJ>>IMHyt9!6H2mKrgCnmK
zK2n{ZQ?Dph`(B;i&WTpNMiNY9T4%8_V$yMXw7SlJE1Ff$`mzSjY_j($e%0n7Xrw!6
zw&&mDvSG=3Z4TNTKVG}G^BKLbk}bhnBhWl{?-VIfmfSs1>D9Ys4PTTbH58{=`<jP3
z1BA!t_;$Pz4z#diS3H_T*CFh9UbsrU409C;WV6h|r~BV*Yj&etFL)R{gcncFIytOY
z!;bfA++(@N`B5e3R!yKcPB+QbxMa)<B4Sm7kHy*|L&g=urCSyTnHHjzd&~e~Wv_PC
zFwbSZ79pS?C(Bwj0LPaH>O<1ZsBE!YLgIX6Kcg#2vyU*6D|o^ltN@oa&GaWRXI^_5
z@km%$xcyZ^AOYAcFoMIecWR$$5<|6e%pEIKY4PGfJF>8a@|%CoAT<$Y{|ZIRQncK(
zA~!X*qac~Zm1TgIa)>5e-2Ix>AvPa}l#;MGe4{c^BE0yW5F9E<zcY9D`3ZgG*`FkE
z_Cj~6in#u$!<J1CNlYnUfNvsoY})O6Xrb&7=w^HG?xMVdX8~wwJEcyKfsz?CIWIk$
z{y>-XTI<n?s>Nmhdv*akOM|GupCxDWUGWyVC7CakCRBFO385NN8cHeE3aJ!JX_8dx
z3);?m<IWY9tMghWiL~ZV6_^=Je|RPGY-)5kgCm?%GN5W~K35iUIxHwLnyWZ-DGa9y
z49)`Yz2J{--*nmg_{PA751H}?-d+W)oh?t-6o-W-0E9L3vH``f?vSvo*=z5s{bu{U
zAwo^y9OM|q8OY9q_r(vC4&|OK)vGcKn(fz|xy!_nZsx&F2K^(wzA||d87o|k4b`3i
zeTdEMay4m{iZD+!wj$udd~C5jORLg;7?3$w#hZ%HiBa9vHt&*8_2vwHVm0XS3>7b<
z*Q8VPHUuX(`TZ9QKRt>Uvl+9r+Iu_Y@6Yo@*7@c=p2o{VMjQ6i1|c+X_rubR-L(d(
z{;PuiW@I&7OQ+{?+Alx=<5nJdHXj{LRBEF_iWBFprbkDRm_2=7$Wc1zuh099i~1l#
z#CLLJGc(4<MpY&t>C9S)$Eo|V#PsP0kNTD~w!cFo=ALH@SueO2SvM7_Y#ul2E)TIp
z<tiLEHiH#6TLs-A{xW28SQJq0lKPef<~74)>OSpS=9_2q3tfiW`6g{c;7^v*Wyy~g
zt^Bn!2PeY3etr_ei|SWkuBbcQW)<!LqZ28Km><`OTVxsEo8uc%d)yh9V@8;G34(rx
zTI_4`a;s>e3_4jm5lnBXPZEYyn_oG2IXzdMTd0~JoyxI*Sp-L4%k}t0n5AW`QAIUq
zrQi85ahKi#^<vQ=*T(g7H_hy`sK2|cfd<JX$^UJ~*9z+NOa$%tWpK_ynKJBOmLeCd
zOqn(eUztu+S9$WQU(sL?-v=!!IkaEzTP?mqdst3*;l%RVM;{+=D?X1{lCK8ZfZ=#^
zb6WbSFPMJ+lcf|UE`hzVZTzQApl{3!T~fu#B@^wL|DZ1;wq$Wk*6s{eAHnd3n&ws<
z_fK}MGLJ(1i-U5US`{t*+~xevYnBtW%=n#ha(oJdMpFRMegLx=Dvhr80=A9rm$<cz
zP@tbE;0~W=7!vq5hfCl&KqO4ezdp}p&%A99Gzj#mcqrnUPRDAemGV^lS48n#-JkTl
z4w_iCn^){po)L}U-hHk5#Vy7}&jt`!&EZW;k;ukjne1$e)$KS=i?;pE35klK55d`Z
z)dTR6NcvM^8V;{vp&<vpy}+QL9L`qFpRX)+`!FZM&AAiu+~bzTm2+{~!JoJN9gK7t
zl0jum+%8o0!&<r4pTD^BV*OHq*U7CCP7N-GdwOt(Sl8C$T%ww0E_%6NWih^cx4D#N
z*M0c>sCunIc{!mSbm`8I4a47Ay|C1aoOQQMJl?v|(85YJt`TkjnY-tSMQoa4Y8BdU
z%*nMU_ldz*hJ3;g-GiGUO{n$5H$8#WpJ+I_M<H&zREFYETJG_wsN*JzblJ^A)4koz
zM%_56+ddiywvM72CJQYfW3!<En@fai`Km*1GE2>uWTT%XB{_zh4M3@ya4AcLKf*S^
z8Ip^&{8??e$4&7i8sWN`B3V^?d*+aftD(S?AYM_cCcUr4h}n1N&raOi34p+u?Cguh
z^3l);A|weWW!R9JH+&q57?60LEQE@~R$9&BnFp_!i@M}_SPE!Oc&Ho`!Sa#vqy%&u
zje2%<_oQI@(wB+1#>doD^352{M)Rr$GGZY)Fb8z9ipj{mMVJ=O!G5Klk(F|rPTt7%
zFm(+gEV@L8B1;47_6hfiDmFkdWSB2D^c<~`zq+E(-&JVeEl9V-qsJCe3(yO*oLY*9
zV48V2p#qN(J9*d@*e;<<YM<pHH<3)+w5n9dV4-|MLwKlB&D}v;rhQn1r&_Ye=AonA
z=}-5Ld3zi~1#2C%ng$`2V&qklc{K4ya<}TjNf<{FV_3N?jpOjyMRMmQ6r@J-iz}C=
zu;7#7oF`cN`8JF>Z|_|G6M7zed+v@<Mvf0GwK_s-<zT=`qMy!n@#Kh#1q8X>!xU{H
zut1~F8GX<($-d0jL!nyc4Pq=xE=gcywY|OPu!6T}sC3*4HF4mTm6NNiW4BEvojV3;
z`%u^ptA3e#CkOJ#&qDoqup^_<x>Z@Yo8xlpy9txlkKWOe5K=>0X)@i#%eMqJL`Zoy
zm~`+w``v((Bj^pJ(k@KbzQ8jTK$FWU5)5Q(>m8pSh%r=ktA1IztRQr7$70d?aK~(G
z(ibmUP|WTz36?(9o8Fqm#gL`eLOAS$z2<%)bi7&Ah2VRRB^LQ$K5f}8zESn*BL9}w
zw`9Q&^Ia`6)$$7utkn3k+!)hO9xq3CmK}wEs7xW)O1*Ot*`p#oto-b9J#<1{3G?{s
z?@lG>8fYI5V7%d1+i{ELGSuv|ylqiAaKV-6TB5tL9Bfesc4tvQ{UxYelEV`n|Kg!w
z*_i4aEA$cj94ia$lFa3=&sOh^l<G(w{M<7ua#1S@3KL)Cx$3h;{bYZo*y!wJH`FlS
zUiU0}S)K%pTVRRNv#rSI=OOV2HaYjJF1uWah9=FZ3toSHD?8~#CcDUA1R5;Lo4L-y
zW;-f(u#j%n>^Ag%xkvoY0G|dld#%W+jU#rq`%015>eUYDhdx`&OW+Q1nTE4?upkra
z_bg=I{wC`_XC_pMf$>hcX^8=zkH&#Qo$oC^&09Q^7t98;qGrfsRatVhikr(VkGrl_
zLL+Ran=8h(&OoyT2Qm2#&R0xMw3l8$ELF@#6UZJ}1snGA-txKe;7gu1Xz=AWLzP;o
zx`O7=s6vC5b{tj#R`Z`h=U;g5qGPBBfataAW<iUU8l*1rvd>MLT3)6GzK=_y_utnZ
z*27d(Av8<ergD)gdfXGsPMKPj)t&nb=8d|k3*W1KG3<`&jdFMw^KAMX!XUqCYkn<#
zHQ*I@ZUyB*y^&RJ2FD-;zw0+#J@0>veQF@tL?rhdIJ2b^DEXKi?XFr;oE|Q-#<H6z
zq$2(6{|9BxB$&Jx4ZKUw_rC#;Y7a@fd~N<rLVvaA{sdO5=PG!?YlwP9YL!0^u>W}8
ze>aW#g7_bwFP&?Mc8kEUKb#T&4C6m8pq}v8!VICj4E;%mPyZ)A{@c#|k3YSy1pUkW
z$pFVk!&Uz2A9DYHKGEO)Uc?1!gk@tXI+?X;PEVl>*z7eJbdE)i2wh++o6q3=6Sn*N
z9shArB3!pyojeu2gn-=`Ps>{kE;;AXYyUsD{r8LeWCm`-5jZRQU&)t@<#NjW@19_m
zppPYq%g+?s5jOtT!b!E&c|P1fTblmuYFb6Gt|7L7#~m;kqG56|nmkTz|LsZr>)XG8
zH3-Vs`8o|SsLPJ)afrkIw=er$kbVDC*g5?Xl{}$lx1)Fd4%myZJ2V$9sV*2bO4<D;
z1wDW0A`mQ?_D=ZdYG@=`Fu$|{OLXz{+o`{<PujMQjb58i4Jq#qy+PuEhyTyNzH@G7
zcYi~>wDZ<ACKrh=oa%qR)pqeOyUp&hiMgySFDM`WYGC(Sd04QUUTHL*vsYZaSwi+_
zdi6L*cd~Vafb&|d$mA@)@bLA2Jc4TyU+UIEWfiJQzxIV+`}GM$@gkd9yhT$H5yj+K
zxqlim`aC{go+_ZF;dSruH4S`ac3;+iycHj|b3di4E)UNeT|Uj8TP+@3_;T>a?|EGN
z%SiAHZn{HCzVgrPDRTdz&!Nt}`@v<Ee1_)XzmCfyT!fl@YsOl<Cta43BB(#(^8PI!
zOUw`dS`c{&^mW$%eAXk^2F!{RIacg)2FypFn-5q+N;{?hvdtWf6X}Jgs+7AFF`ccN
zY4JNlVAhPmz>@dxL2+*AT%>l+jCo&yj__TmS0w!})6y|`EkOVg16j#CS{dv2PyfdY
z`h8)F5{OI=4u*FuBCAYnrQee#GNG_VB%LXv{(MdU_Bk25U~y0QUSVYd#+lFmJL62Y
znEw;EJhqp5%K6`X@f#6N+P~BE=I?5=<GO9*{u={EVBGnOn3RNY7;o&PF8#5letT7a
zK7_%<zbFpB+H81_?dX4%5Pp4aDly_e`JkLiOhXVneACwt|C^-tM&!zQQpRH;0~zsR
z|3~V7z2HA@?sf=BX-qC7Vf_Wl-(J%MsQ&p2e>b)G^X@^Ks=z;AK1EFuG+6m|@rH&s
z|M@$AtoFbCf=>a6<MS;p1(S<kqUiTuf#KtD+jJbB+hvSK@GiE72!Jge)5BW6aKA)_
zh(BZVxALSVdhV|a236s^7`1);%W^F1@x^zfY9$64#FyCuE-Xu5btG2%y;bhdr*;4K
zU;C>|SA8_TxQZG6ig#&t@G)jrWq@^}C{_-Q*6<<+>7Tjr?;rGu_OEg+M&Y9o-RTl{
zo+ZBo5{P_Omf(MH{_MW*wSo{sB@<<}e`J&29u^jOxPC#B{4a02T#4fr|0_jv5Q=;b
zGyY<T{ogzmP_LDwCZlNClZ?-IJQ*pMZyT%jhJ4k&-FhF~5b1!HD$&2)&;=inzwYSo
zkA<GFd@jzyYAoIw{&bdO<SxFxB-bvV)q6k!s75({SB!XHWU$@b#|I3HkhwH4J3GTR
zI96=+D?g7i)7X!?MGzzjNqX7l%+<dwiGTiA1or3+NWL)?lfWJpBam(jRvj&Y%Ti`<
z>CSYha2kPyGA1aGq5fl*Vj!713D%(evFot@iPg|Y(ruMgM`fdY8We~1;}&bAI#-qk
z_XFQ67RYvXcH@pA$py7UQEO`}v!T-5&V74HM{{DUKYbB?yB^i+e{7_Rw>S?$1y_4T
zta2T^;dVk(B%)$xX++j-XXQaIswC=BFuAO<GOz-jr_wS#RZQ5)_5k!M@B_<IvC5S5
z(I_6Ru<J~-qODQBWTsN7o(aD)QfR3ARSr@rDtX2!MNBHov3P5d*mxjIP4*W5%IgsT
z$$ftwkyZ)^W9y<p*EOX1qpR`_9Gq`)O5Y@Ld1pR}83DR7`W(JE_o)NKpiHKV@&|@Z
z*^t6(18(2c`%0c0v~@8rqTaq0)j}9%b{@G`-)YgrzCl()5FgDcp)oi5$-0$cjc?}%
zfzJ>i<_zaFX9Ey@RUzNo>087FimYT8%bt^G>d(z3L}eR|9baK<>uiy*7#cYk&QY*h
zw47U3AcsYAVYV%i>)oe1NpZZ2fhx=yH(D%)3&J3_vufw<(XF5pjh5Y5F5eEe+WXBv
z!LHq`6#5^Gx`I#T!M_AXM%-m^dyg(%y+;E~VS)wRZ|c18H0Cwyd+545(pzNOn-W>v
z_MctqOJIuIZvQ?2EE-~bQ}cJv{4v51U_QaEd{HT-An#@3$CE<~*R={0!;vDRu#70$
zDJ9z>3LWR@LzubbQg}#kl;84fQL>j}Wh>)&{l{-1WcRTtT|U`FfX;Kye#IV1ie;O_
zgHK|&f=0R9uI;VWcn9P_D%i}u)%N?+92tQlm7k5;+*z^6Tz5Q`Ba`WIMxzHk304%0
z>wD!>sBKI~Wsx{^5h?|75BH=*S<~>oj6kZCS4%@r?4v!n0L&kVuLT!SwX7({H`%qR
z$sFK7F>JZ@1t79yOqGh$EG-~%yVgkQ(ZOt!#=449W(L)G8>UdtO4Cdam`iL9C$$L)
zVk$2d*im4HbZG!(Yww@kIsaF0Ano!T7`YBu{+?Vm$8XgClKGV!uV<7mN9$NeT*W0z
zgN1`>cQF9{r8Wu!hUWhxOnsbtDXjB62^#YGfLXL{wLZQNS@V-%QygB$&RY$8)3c$O
z-mSo4ftD`)J%>%ND3|q+g43ui-D0&Pp20z88gHpMU@{*7N;jG5Z99Q&Le;EskwMTS
zHmfEESCei5E&Uw+C|Zsu>M6SxDD6@13_3k#P3nfz{bHt(D4BR`{pKIo?@5={yJnin
z^JC~=JVI@O=DdePQ1_}rJD7C0;QUGk-_56Zr}6RFXJY=h3bCr{e6eNw)4Gh-5_s)~
z#+}=R&%|-kQV2BaV~+C@9}a2K$Fn)Y3-6VUBELYZ1Qv(&ap<2Q+a4(}m=$Mh|JY~I
zRXb3<_*}X7kb%Awrz4{X`Mv;yk)3bUHShiL;pMoK(XYVShw(b;<x65_>+>i&_nD%l
zyyK|}fla-tXnJ$7p;B45`V6Mlrk`P4*T9N~i$BBBei4-i8<4+$Q$3<ZQSL+*eP&W<
zWt>yK4D3n5W;?h85?<&lE8E_7QM+T-{{PNcN>$f@9ItexpdqB0y)hIxgU}dlzVgo2
z$rL&=8!d?iu6kyD-=q`|fVF~QV}L&W#SUNw!9sQhWAnX|A328;c3yiQ6aZ7c*20#g
zmsfBmJdc6}w#Q6kZN|{FH@bq!r3CSTzhMJ>+70wzosZ&_$)ej5clGDxLO64qnTu=T
zDI`7W=y<$lH_Od&kT{rG#l&@hOL>-!N{sGtz+s=V4J`v~(V5B7Q6ph!@ftU#ehH|Z
zq5zsYaIHGJy=o6l^CGxBKkFUk__meWqho=mSu%^GR8eNM-nLi-Fb{`$in5j}(_MAY
zF6sOU%ix(Q0^dk|@U{(;`ru(RvV(DrY;*E8uloisS9`%vyw)$pS5aW56m`BsK24$3
z?h(2%C#WMhqi><|`}@r!XoKcjmQ?}^lIv|_qZ5^clU2WV$dhOU@!bwh61ja{WJ}@U
ztcEq;9w#@82kTmipQZ6-1eup!5u{qLK<QKyE*E__2C>vrZI;N_S66<dtCc`Q#ma<V
zSW%H_O*&|&p+@X%R{6R&<Ic5ziMHF3Z`he^(FgObAUvlZ;ccy?$GVn!oPEOfz<trk
z2&OModm8(I6EqP}fCB^4W{>gQ=0kafOj|8YrI%MX2rLfffFkS(o~>-orO3d$cK&56
zPYs$|fzuQT8(p}X2A1dHP8d+Kh>enF%aOy(X&sl4Fk~F@@ph=kX%oqLZ=w27T8oti
z7*hS+X5v!Lf)Qw1wVhUrxny3kjM!!=>2gJvZ@O>ia$|AIYf*Ua6h;q?H*fWW4lV0`
zD(~Z`K3nt_Grg$20<EzFixS%OqB(c7G6k+6gJy-t7V652{mh*K&KHSnymM-08DnB%
z=s>Z`v$V=7&a5oNrXqX5u%CV7fv#wt%YmvNmpKIji{PYs<7|W<Z$BfeB)CT8zQZ-<
zuY1wA`EI;ws>a!UYedxaHc(eJNAq@6NT7w-Fy>o8AazFNQeIBVeXxc^acQq#mfr8S
zuP0rTTa!y0i<M*R*)%bpL%%o!?R0brbUoSiSyh<b_)#s~<W+)%o#x>9`z=MG?I(NV
z7BRF8A+GU3%Doj>d_U>e;`rzBxSuYM$h_3JOU;@-6o&O=UnsXxdo$fGHDN}Yp0%FY
zgM@N8FL)qNNdc`>{M<PEhkuyDZRe^iB<9_IU(vj2shmpQo7=!0<RgJ?xGo#(N<Ie7
zbYqI8a&zPE^-mZ6?Pp)Cc0!QCdpnlvQkS9+$rY&Ens{Gbb~HiPNAkVQ*kY(&adEK`
zGDlCfJm)EN`?6d8=<d7g(?);~@lmfkZu(pc2G-L9s2JAB7<0qs`Yj<E$&a6ybrNtD
z=X0w}dAxwUkg=|hc{D0ZBR{G4M`{7)!B_LQ1fe$v^-1Xz<L(xecR1u|<Y&*M#k<KO
zd*$f$^4<!``NVuRI9n=t(tskNwrN?t3|*kF@5U_J$3Pr<o3u-~joKd`tX0PD`UXrY
z+tf3qhe*AC42|Eq^XXn!dn7Tl_Tq+3gFoK(QieKQj+At-&1H4c(Ro4$y3D#lh@N|;
zznA@GcePRX@icEz{cTs?st^|gWtr>6d~~W|3fH4jwNh`4GUL1cv@SoDPGeFM%{^H3
zFQFkhP5An1?K=IpMyS&w*6fs{uia)`C9AGv{)Bl9t!2yY=*_4|<IxI>hMzYNl>D5!
zRICl1K1{LjGYCjxJrwzW|J=s8EU+hn2p*a6Nb~q|U;u!fgfVTI$(qQ4U4{agmDKvr
z7u3TBvj(#bkC0Ym9+~AlnOfOt16f)x%#k^%+=I5SdQ&8}qHnZChK1p8T`4M+_t9wO
z2~xY#BgC)NEw~2}OiM_(rv((2E5n7lU6pcmi0AV1Q8$RT-tn24nQZ}|EmM>HS6Avf
zUcP!hIasz{HCks?ckIe$z9Y>lK89DbKP9W}Fy+N@MhBXm*b6CbwLkw{#R)5$Mqh@e
zg?gV@u+olJY6-`KzQc*FQ14^050tA{$kXI_^b!f|T(jvCJonPA6>UjGYbf}g<ao0L
znZUo{D=P+|<?5SS&i1i_9WW9^-h$FaGA@8rvZ!e97v6$`FhzFnk7RJ$k_4iH>H5yY
z1D~Jiw$nKBOUT1$Mg!+jN6Wq5=`C*^XY;Ql;?P-pMVXNoym{Mm^5J$jJgN<{R=W8f
zg|g}z+>)BXydUM9fxmZz*$-``GCp1lyynOy`u~0@;C(3#TpM2X84j)k@5S=V0gl*&
z!66xL{v8*JZk#$5&0A2=!5edK4LSi?0Nc)5`Ao@Rvcoa3k7lBg3TcgD{c-7z%M}?W
zt}UQ|H~_|&mr7nwf4PCrr(gfh<0pSac=*g_OY*14$UC?o#I)EP7En(wK32aB9n4aD
zvD|rgwQr}hSg|c>-2E6{eaGd%FSAxo0f!yo`C!Wlao>mJ>g!!ClMc@l%1>;m9j#MM
zII|!*4W@j<!X|lt6a7w0fdWq~<|MCAVa#zx8od`qKr7QO=(!%Y&04NBkxk{b<I{P%
zs!;}?j(mCCuXy(0j!T99^@9dA4P9n#v`g`v(C*3JWqs1zHdGbxP>@gLqs{pmk_eT`
znP$u!%X1r23{P?d6j&u&X#2{zyHQu2nBD!Oav^o*>W?Kk+7fU&<bXbj?d#@lK{i*N
zIH$T2`>jA$BDw~+Q{+kn*diUz!jq(rGcrVDLl%E%w>L+H_jYLb-;3Vti@UzHd@5$g
zRJQRhKWws@OZv^_fBAV8`ld|qwj#ml9Q!O*7u7PDievcRbikf&6eNy2jhbTbZ-zBC
zK5T1mSDA`yfqe^)U73SfkGlaY89FmC@5oM*fff7Ky>m8KLOl;+R#XlZyaENvk}9B<
zkOi}WSdH2nvk#qH_a?mQUYl;ofo_dx;0ck5%U4L0O8fBPW9OK7heA-Pl)0?O7PS0`
zu>rLVCF3x?PZw3(YD_e@9>kiKbvi$o7#mBU?76E|ZO3y#U-^mArJn|ewxWJ_$+*`D
z%>XU#usW&+QY&M26l%2b1EJNC`T$<_c6a5upC+%@aXDhAFQ~|);^e9Yu<bV5FZiia
z1{D;f12$VW2aOb;Wk1tp;DzWdE@BUQ9Ovg~7S<C-&~1a}4e2uLd1=rni!t5+etNLs
z&KTcu&LJoxu4<)Pma6jCj*yH3Bk~!PO%2Qn5Bt)p!85FUk-5)93KDf6WLYZY))2*^
zp#4({?KxEOqri`|<by71F>L}`i0ow%NbD0Ga$Zh2?tcE2W9C0O`vkC!9$oQepIQdC
zGwf0s%yB1}Xx`&S?f5Q!y(yScq;S0gF-WMIe(&*&?3ht5r6|p{5QR+ttr>d4*~(ax
zdgEx7`l!w6GkQ9;jEc%Nc!M@m7TO(@&B5ogCg7ARC1^s>s4(VdS>0?P4)wp4+5zlo
zEi(s4$`tZxkm&KzFQvrJvl+a5v(33%@dOtQPDfG+WNtcHzhbU{`a#8cqyi9+tjAO3
zd?m8xC}YB-?Ib6oQZGaI#FZuozqzSZq`QjID)BR|=V@AT-`wP8nwA*M&VZA(wJevm
zdhbz{<OX3s|JPM1{Uw871BU&IBBJI%E>>i_1zwAD3o3oHSF@rhR!rX;7MO$Jb%|9F
zDaT5`^_}YM#D-MRxP&)VFTZk)Z*lyHm|m|Mf!c)3QeFsa1|IC=Av&nj<86Aox+^56
z7h^dI#f8{Sx<3Ic{zf;=8w3>`<^$3nMA7|5LZ>qZ2X3PrWm_kQn22+io=K)x@;YVK
zYMzPNkf+uIufCpliMeUl;FVf_@#wsZf7Rk}$Hsw&t)Fyf6L=AEQU!G}&H)=&#buzJ
zU(V;dmyusbD%rYyZch#J-DJBLQ16+CCC__^w@SUkCl~V2tS$&i6MEvGu?D2xgzrd-
z(^gSsZNPYb>jQBQ|GL0p|2zw)KVj|&=7?EFV80%xhtVgta^qp7&?}lsursi>y295o
zc0+0eySyC4&NDRCQPS~g%gW<r-O2H<wTz0NmPpC^Q6#hg)Gj9|pHK2wGRsU<)w#7Y
zL1%;KDU0*&QjJVq%*LZmyCs(mL7eLEHB&78^+qvzEM?<|+^g05<Ie0xTQeWDUmJiy
zEAB@-2k~u`n?r{(ow(2NlD3`NP!JB+2Uq<)Oygs=9_f9Dl5<&RG`|qVAzvM3G8G6W
z<5HRCrF9YVWAu}q^egzNSYr8*w<6terJb{AS1IWm<k_^Ta%z#l=P?zTD5eKANK52T
zvT1w!?^Br(c`1$q&ci+wqpi^&nMlh$5|>@dCvKYdD)FgiGejV5q9?5GF`f`P>kGsT
zW<4t7uy`1B>t5tniw0-UhOT#*h=1L|eR@OT^LAH6j?{bmO1v=g3e;gEu<v%TvFJ3I
zFfEM#u0<#HUd2@b!CJ>9Aax}Ukev*_po~<Qt#*V|ysEo+T|riQd%h>;nJ?5Ss_+J4
zGWv=?Ee{Rof|8w@o=$aI9o2?hde8xc*tw&p!)nNDwkzT+tuwNd7_ez*lOWOkzTD?I
zUh%@tPQlzH$8NU$dOa4H6EO&+sg@%z_dh=sz3(4v8_>JEGD4#jILI(N$?3GBNfJ7>
zbu~o(_RvrG?)sV15Aq(*qunTrybAT6mIyk<4Bn_mBO@bj3i?S8a<z&j!N^u#?jhEO
zdx)pp_t)x;PYb6<RBE7}Ly-5EhS_^&uJ<aDaE(s57z8-2icZ)jZg>mMvRvin{SK6Y
z<MK0i&8Y<Ey`I?1IWx(4BTjaoI94tFf1JH_RFzxTHm(R#3L6j*X_1x?>2B$UO^4D*
zhcs>k0cin|mX_{rL{dQM?(W)jd~18o^ZmyAJ?A;+d4FU0hXWY*zW064wbq>1yykUv
z4&F(Q*0ZQfE04W?6O2@}hhA@oznAE?Rnn1Z(lb)}X4eMbI53-&${Q#{b>bh}m2QzQ
z3;x&Yp7NmzE3TTGYt*B|jg#@FE>!Ysy%b+V?EX?POfYR6db+vxYxk>}hp!8ABG+!e
z=k~?<$Jxvtt&O;&z;o{i=5WDBf*pCDNf`5Qi}wALtc4}MQSSNP87;0Xcv7NE6qlP=
zcb%QQ3(GjPqU{Rp?y^E8IYR@(G9c+ex7+8{>ymJ`>~Rj=?3rq~Fgbd^4O1gknTfR4
zk$HJmdN9#yQo6dPTvdyN^F}0JL)I(Ss{~|1YDSDH+AH~189E)Jmp=>j_<&$^y$}fz
z*Ul@ZM(h$90@~ZS6#w~O;BBPq9oT12*yDZn{5_3iBo@RGOZ7;MJzkn`sh5koB6NaX
zCGG3QP92n7QmPt<O41xg(8|zwGUHL|WT9WpidJ8|o}9m6`_l1EX9QRD&t+`AK8C&4
z+kv0nH(pf|w9h?n#SuJG@?nY)(UkJTVVi#x3h7W?@^z2`Stg*{M1nFy-v8~>^vy>+
z4t|Wf<lW62Xhl+X_NBb8C_0>)f~FyBn0~e?bhK=K2~Ydhfz%;Bw-IIeJX6&XmgQH7
zPQ%r)k^ni*W2X>@_;=M1bR#@eEKdbHrbrsa<os5<Yt^O>Y{eBINLAP@eGfhLK?<1C
zzxv?DW!QX+lmTzmrU9-2zp-{@1iHs>sv<%@-^A)V1QDz^?6(_kLsrGf3mk>Uc(V9N
zGKB;$_g>LM3+uJb&byVvdw1xzOZ#n<=kWDmgmYpMXB&(~vI5RUVI(|q1kAc?hw<EQ
z0|~4>Ig1L%6<=z7@!!O`PiB-yz993Gn{5Knti~+*jB;wU5WN#@6ikxmC9iXBc-QB(
zHoAj(zgW+HmTk!?^-^PL()P0i+bL3!-s<%2;YruW<NbDM^?e%5&~S#TJUy9ucH=IG
zA|s-PP&}VN)?z*49KF=U5RDxT$Cw^<6zUHQd5J~&tM7{@C@`^1T=UxZ7gJnpsP^qM
zmvVS8sdcV?!K7gy>XZuQx>VTeb!d6ATIFU)TUevA`mY<q$T%c()r(TgzIpBc>LA;%
zqC1TI+kLBz^|sH6uw0|CvfB>68zactKtMf3!qP`e31D@%o2muG(IZ_>Bm%Uwxt|q4
z#k-0JD{^#io+?8nQ|17SqA|dR8PDrMr}Lc5eNAM%$~Hx39B7p5qSqa8dO~vd!GP@O
zDu^HkhY|umsUBu=sy2b?x;LXQiI1E?xis=}px(_9pJ30L>DD1g)Bg;hIe>>R-CXZJ
zuWBUdzy`Qp)JTC&Po?$b5)Abmg`<r&*;NJ1)1-2F&3ZZp{zy&|s-HdG$IAejzm2E_
zyQ#@FctPu|p(6^q?&~Jq4a>@2oeWE0ZoMNqa8rfH?H~h}U63Jx%hm;-QKvFrH?K88
z^fl5b>l4~@^Q4QGzGqO{^u16#q#`!_#SHJ!S{3@7k7V<a<y58CVGe{pxXawga#B_2
z@V#NsAY5uN#jYO%z=h7Qk>5;OT2Ufv>ldOUdUOOLA4z=$2VlQsC~?m%e9kh5Wrk9t
z#k&?085XIS^*_1L>M4$V=cZJbOd6MTn#y&)>p@(+_P?t=Z~N*~L9Cd;M~Vd-73+N@
zbMi=i8FP7tgHiZ|`S~?wbnxi??(bH|jqeU-&Y4us)e6=61Skn}7e~KMGj4w7FL4UR
z>ayteyKqj#b&XL+Dx$sq%tAYKDUKmI<?pbcxnQh08uqaOS^tgl9Lf{9zpILck-i7M
zZStT1S-m+D04JbUp@rfymKUmbUp{RhXh$yoke{WPQmD%*xEFK@NX|+Naly-LCFu@}
z_qo>U5hgnbzoJqT*%-b7;mLz{s7;h;-%ITmCAZuB<wh!fZoDcn>`&fXj{_>VX26I}
zsc{fiPJo<b;4AzZO-v6wSD<yN4O#<P{+tNAql&;y0nzOW>q*X(chF*!cgwHZ1H(iv
zD@}R`pya`u#NS*8v*Zu<zFob0v{F28DOmZMx^ZJ|v?%3hYg{(C8CVh7eoRg-oGfMY
znfG4>N|xVkyo9U2qvKsu+BuvZ^sp=sDt4?N5*m1x@L#*mcuo`>y+bI<UtjI|)WlSH
z+ogq%)R1qHlpWJg%mh42!&xXC+Ki%RZj7G%sbIR=S;_*H)LoK*L0wVwAu5mk^y^%<
zogX&bW+<l>uZ@)XT@Hp1aqD~TQv<{0nAeky^6%+7TBu%Np-wxgy!^-y)TUL+G|~#w
zi@}x-bH#IW^R{5=USJLxcH}p`jP$%8&}=1Mr}0sZS^sXH(t8V$T0WW_$ou|0$a{+y
zWy?X-dDIFu4la4R3Om-rx&pJZonMC&jIUFvBE_k{spv?NE;E>lvfpLg5zUqlltddQ
zgNjy|%isI;umJl0>hXU*cqm|NG;_OTflX&W%<uFXJUk~G95n~#Do`A|J@+ek%K(@F
z9j~y81(b6E_Zb9iMPRkOwB&j}Q$xWzD~3T`=6H9O<;{#+0J9mst9-(742H;Q&^A8_
zn{i-9R^>1fEm~4U$RGQ}G0mPYcQ#PBKLDi=`c%>ut{*RC%k|Im1ts)X;jYBh*cXu^
zDPX-(F}GpsQz!6s-t&Cj6(MwrfpT7VkBon;5-SgHbgreSuJ!$+6}q9aRRilDg@oe@
zER@ytJ&^uf415u}1C4u!ifu_-3fyILf5zXq_!COp{l9yFS^D1n*38QPn+U(~Cam<W
zojUsXUL{?cLwYuunRw;((0GE2^<#86uJLU9oznU2P7E6QJ&crQM#|K9{<Ec9B5Q*H
z1j~tN`GzdoBSn+#r#rI|G^A-aJMSg{L<*6<>jCEkrPdMJin-yGYop%U#jtv%%IhU;
zGcvx&Sh%c*GT|Fok~9Cj@p|44I7mVUW6bEp46gS0%}5I6(7t_S_;$*igA2{gkejWP
zrP&=@)Oxa&g8H>Mid5~iOL~*5r|E<w;x)c0PFHN6emw@Gma>2Bk=!(%mGrJ@sBt8Q
z5RaOFs`1~wdJq+`1#tjTLVOO1IAJT<&B0gzqEyS(9siM9+@vj`an0>YgwxZF&$zU1
zmOOHmz_#p|qm=4v;MLpN88OpfJK|Pgt(eR&EqL)m5P80b1^Xjlm3IR1abVY7=d4B5
zR`NkNpLCCAFP`7+13-M05p-}OkY9lHekFztk7X>XX9Lf4thD8T-aMobi!hxFts|&7
z5dtRWCJTJeaLw83eSlFFwaP;a9g@dvfn5>pU<_o|i%YfXB%p>1M!2Hh<c$p~@aZRl
zg8HLo-X#2=3tI)kqHe$t%X!407dt%e*t0=<SH$29<6;WvT4c3-@iN|-;^B?f{&HpE
z<B{7I8y=N^l&(_ynn>@mtz=O}Fg4NGEGhbX3KM2|cf<iW56ECpFX~)RnV>o_P0n2B
zvJ;*9EuecwpiZn-qvgTz@4AT93*${3C%yI3K5g;<W$2Z4&!g*~vuyL-tMmu%OOYK;
zs;}BZ25ju?ET38e*e4(9in>jEB<DmzVop6v9G&QmMy_X*SC!mU313<&(f!TfTxg6(
zJXdu1sP(6t9ia?tRH_}(mTUTg43pvR+(M><lq*zuJWuMsS=)#g{8Hr47fgqE!Fd(Y
z%|2jPNJ1(CW<rX0@40H%Isb^~kOkVGI{k1(K_c3qprF#%XKZI0{%%Jxr2wA>T1~vc
z>T@Wt`+l4*U4CVt)=hH2?3#SbAxg4T<*4nuNSN3Z@vpl0YR1n)x7sch0j8XPUJVEH
zBO<jf+n*GFmn>(WpSk0exE<GVdo}_Sg{7Uki;Yx7o1M-3GFvdfxr;is6F$1?kCDV?
z^5OEJ$0r6)cg7RUHVG{cLl4DulViY!uNqupcS%I8rkjc!EOpI#LbEr3|CJnVaje1P
zjYUqY_+uvvP+`GyK&^u&n)p~Q2N4A*?%45yFBYvTEQh1f97C2?R=S_}3sQTyT)3!N
zOqbO}Gw7*sURBB~7?Z^wS5-vfS`N-I&nIhN`t)SV`MX*;*$D91Z)N143D$=xK5*q>
z*%PJH^D}u0^3Z(!1{F-+=g*&SGrNt2^H47xXef@MLelSRO6WtJD2;mQH^4?u_0vF9
zseSzc77WTQ%C4b?RmQ{+9pfK>X?At%q}1{{3EJ@CvYLy<*r|A-&{UnFC*4{beX5I0
zt6YXH+Aulj?=U(5-+jPCWPF#sW@E_lh(eXVt7{{CMG>UM1z3n~{U_7jcyvDoFhLnF
z`<3Hmn-n;w{9n)1Ygtzc8L#-jiZoz^$efS~*DMD0+|JpXYZ!*Is`Sc_I4U669^dCH
zKQ8EXzIFn!6e%_V9Y3cs43ro`i~)wdN9V^%76mjDkyJ01T2RS<rrs)8?*7D-H<_oL
zE-486eVQ+Zk9AI*EbNh83SI6|Ew`)6W0CScL1@5kO;+`9{(N75mX%Q{Jv@pr>e!zw
zz`(CF<5|wz=%#TibpeG?H)8kE#W#S-#+vE;u4IcE6v&f#opa?rv(D@b#y>-K$96yF
zm=HYK_9)VIotG#zyyhq3n3xIeJ>pr8|D;l);Rb_u@2AsdhB)kY_wiHetlCDtt2>-h
z%B9hWyqiQU<LN)(pj+b_!%UbhZumIhjcI2t(Wacbky~bSj}{CXPDaQWP*qnBF+1KZ
zTV4zoRO-*VOzm!UcxKH2N38y8`6&J+$Ze{FQVnQyQr!=3#OjWAJm4TfDhi0_h~DAI
z?It9y>dx1*5OF^7osf1AivpzSSrIqet507x(9BW|zw0e8E-ZCb(yQd@)_Yc%1bCM8
zT%2Uv9j7?|14bdtjec5(x?n3fIQkn1W8{gWd<35g;)Fp#*0g+mu@k!#{b0HY2ub@O
z+!^EC3R`KCaf%U2wg=l)JIwmd8$*#G=@$vMSn0h`MHFm3+9>*HU8q&mi#sL^O^OvB
zK$Lzx9H6U;(D6dOI>0$!;<3A06%t}>`4MLqj26S?IcArmQ<RKI1N4CYoWrP|n-ST~
z=^{1}|Ecp}w71t$<csBj9_GQ_a8f=Rgc9qfCnD2B#Kv&V%cGU+iwo%@{f47JjUp|k
z-4G%woyw)zx8J9P1*_Sa!1P3K$*NPFpx2JdC{zEiRjUw9=TN`UoAkj9X}sl~Ai9Ro
ze`x_6XJIi~I{S;!_<Wv3uTOSApttx{nhBaSV)||-5jq|a%rHbAllJ-N7lo5&V>~M(
zzvwO_lsH6YRMO<Q+2xbjl})|5zFD!zMl;aE`Dmq8CdHX1e5<XxLcTk&P3j%t5t7qx
zyH^4mO_L>R3)we4m1h<X478(G(+Y`SntO;~ggbB0Ts@9|crbfj!J!CCC~o^8(cEwJ
zl(ALrq8lWbgi_562MkyX%=fs#wt(UHK>R(Tm@L##C$s*g<YGb=Ln-?SlZ5Dww5HhI
zN-L@g#^|VDR#lx-cYfiwvOcgM^(xSj8tle5k(K;ZU;na!1Uo{Wf+Q~XA2tb$;6HQz
zMKpGwe9Zc_Ip@>jWIliDJzqO3a3<Db<1?rs?4D#*RIDwgYb%7={gJscLBm&aV4$y>
zrrBik>g0wQWL2NiUxar9EidDEj36}BEXRHUC;-6RxA*)HZq7%s5n_LH1)3=Or=FUj
zKEMN)S5ZafqplZx_#n3FQe7tJCl8nziw1B8;kc7%0;u^@cL;TLOnc8IARmjsR^@QE
z3|(tXs0X`JnAaDQmXK2`K!_=|nbyYtxE_r_W8=AOcQE>wKvGuuy4dp)hdAyTK{nKn
zn}mH0A65)mpKEc716nS%3Y$ll-}b=`D%N!wr4t-(g>v1kYklf_GFGySsjryGO*!j%
zSm6mqGAE|<UWAi%k8dl$)-a3!hPx@RS2e$i?Z^ik1tY6Z&61oy&6u}O-OLB<!V~>3
zh71bp2dKj?FJ@<BiJqITHS&yi7_NRMdc)r2vNfj6QzMXCcX}4xB`BfaIkYnINhQ_P
zO^eH_VQac{)Ww{GcqDp-kUi>0gI1~M#G^@m1@eq$Mkg3_oy{bAtU4vp%LNLfb4|o(
zx@a;m<MGPz&F%jUV~99^@JD)lE0S=4&_M3~SKV?`GWIp~X<$O8&rr_%9+*7K2%H2|
zSW^crcXz5SFTk5_>DBi^cYq1vN#XR1@E%oJsI0<+pf3Olp?tc?Bu{L$T6naDcQEjw
zqV%S^uDa$Y&23_uzt1af2cVxawjFS#tn2^osiL43;hwTkS9lrvgxLlX?vH}5YVu=7
zTQth|unPi`TFBl0=X&6vA1Io=(`}KRDCpmNve*$`C%8CwygeDcIf7Xj;W1JPEzr*N
zH|~s0N@B8S_;JrqPwGWDsrr1C;7BWr*W6J!Fx;XijOEX!-L$Vy;j&G3S|5-gKYrjU
zLUFWJb_W5dCVzkO{JH8%e~K+}BX-<7CgOYKK5dd`ca`L@gx{k4dN5V#nHdst&kelq
zC7>DT*yHj`LSU&SfGpa<r2of@AM=3qwCQPgc?xU+jDb<8&GMy@4eg$2ph~sx_l}Ou
z^Q{%3l~aJ;*GxFphPV891~p5&>^13D->sb7`N?d4ILym#(Jek+#&^T(XXI2<mlPes
zNPj3~K+zFST1BcAS89@RD4+D?Btv_&ovEaE@u=m5H&aS<o!iZ4Taw42H7@i-Cbtn)
zn?2G=eO3%pgL}dx+n;Er5#q)tXw+(U?hZtNwzWgFa$W*4<sjM^v?_mN6O(SxBQ;)@
zG3y|~5dK|@pl8}Xl|}NGXkK@23rTkr#dk|Hq3TjzxGZ5D?VJ#E^Pw>6^YE}v^;5#8
zsft#imhBAWNHFns*FV*_J)?4)iml#E+fdIC4N@(gw|k$Fx7&GYl4BV+fMf*icr=`8
zGAvV@XSegH(nU2A=M88oDC{&|kWHW1FA9#><VPC!RsKy&5s|LYz@F{aGoq{Kb)|<3
zJVia;J>f;Oy@+r@0XP?P`ilmtbyVz5D(sW0o{zhlMr$4i&S?;AR`FMq+^!;0&%H1G
zJYz|b9&%f5&o(Jy)>62i1EYz9<ubChnT9%DM>xlTZjc_uPd0P~O)w}JjS%{jCo#45
z2*LO^nxjf9vL->b<x7D|xhts5%w#^xjL@z^ihaTzM%iL?FX37>OD^(chBz<W4Wr%;
z5@tNA>lg~$<)rz-Q^PGR>dFrv>UOxpYh?nW%K=au<FCZ2Bv>`&5R65HR`PQgy6R8$
z+$+$3wA7>raQS8_z}eb3RG>3z-3f6qQjm*hm+p<+wpslVfJnj%HAbubas8s7YN?R7
z*UuCYoLLMus`Tm4e$Fo(ooVps*{-^g$CN3o?bhc%1xJYmC84f<dpP+n!(@RDmvd5K
z<kFHc)PoxxTF2wK^3_i3#xCK8d)0~jPSUG2F=c7HgN;$epkuXa$?9V!O;!T};4!et
zl|RaCQymc5*I4w<`|66^XANpA)K`<9Ajom@O=6~$+r8eW?7f3RXl|*pb@NT}b9pw=
z2X5+W3x$juPo$$hEH9sUp)OCu&%S+r&vpw0=t}TNUJ=$nVbB_Jn>I@Wd*^ZRK;3RV
zt-4xZAEnq`*-yAL$3CaZ(sFXqUKc0bd#Pe3b+H$M(a!=@IJNvG84Hp<HaTCbAeE=r
z<{m8fNINd)I*Rs=#^jCEs*{_0SG8UWBT4wZ9o!6b9;@Q~$|SHkG=QaRz(89x8@)EF
z1HPPBa)PF8A+%4=?p8vHW4PQ@ZI8BIYU2s@PHnlV?~%oXuyk#GcKU|f!ByWhn}D@X
zBt{Rn`_RK2jfVGRW4GZK?I02tydwC;{+72OjFgSee`@HnKC(>$5BL^b@#%@c)mtWF
z&^tp%9|jaGj|{!K<AV<JraW__-HDM^w+JK_Ue|RVoGwUca@5bDe!Ch=AieA&+l{AN
z5Pfvy)RZd;boHYjP#=64M8dM7lQO_h^g14QSM>sa)>wMxyaQ;K8fj^m$dA)N(S4j3
z(zT>Gu5|j@<>fX$meze@&Y^`Sumro?Ly4~>f99%NZP&YOs1;%@R+|Kui9YNPGrZ=s
z9MbImYUf~Api}uejsVkrrOex<HvGGD7&To>zq9ty8(2ah)>9y4MpkjxSb9}(J3}q*
z<H70@ii1iG+C(O|vvuFbw6sImYWL-Sr2SrQ)|AGKWnSxx_GKQt2{_~DS8=qCOL3W2
zOU?UuEe}q#+bxXRd$~?D!h(-Qhl!qNF)HsES2YTo1I2G>E$L*rMfyGRXKFwwootkJ
zuw_EJB15B>Kh>AVRR3ganzn9WigXpJ*LGup5&Z!*5~Ax|600U!FawV&@5JnQ0}`b1
zx|8ll6@nz4eL5F;-(!_`G}JRZUdrd_QTG4BTPW<B9C*SdBl>)yuJsF4Kk6L5(ZdN(
zG77}t@mlI6dQs|1tt3R7`q3#zL)|halrRMSmC)CbOVW+Fs<~#Pv%@)@E+wCPN<+9P
z`V!k8N}B!-ONEdk16Y6tAWq6zf^Im>i5u#Y?Kp1NXE2Akw+)6r%1ANlwXL4~?oF>w
z&6%O19|5wJlZK5Em1I~a?E~Mk(ay+pr_*+M8S$e%D(t!n5*e+k52r9>DGGC>;?AwH
z#`JQlS%r_5qmj9wI0JG`43OPS-9Z(G5e613A1&I8%AGRnbjf#*1{PXZK9<nRYIruZ
zb1HIUi7q)?z2p6;Ta$)S<lMf@`neK|3|gqfpgY=Dz(-2>CRGSfUgkDj0m<5Yv^H1f
zYk<?9VJ)I9eE^Vlb10|R-VyfFF6fu@DDs?Al8onTHKFMqLRz^V;gR@$j22V!#f^&A
z*s+wNjm}f3#ZAZ<=f*^d7kbq3LoiZU1UXUv#nyyab^GK{ZM<e-$h5_12_gfz$$_)Q
zx3Z-<Lj0PJCk%D$WAhHbAKe#YCm6)+G5WjKhA=Xk@X~PINx=ZHoPXvK-ohCy(4(HG
z(Y4ftcSZ0fl?ekRwVA8B%5U~Cj@yI8Yk(F}E~_o}TGkxaF+wNU=lZbBMbj5^456Y4
zWHJX<0lxHth{G~EPbW3nS-q7DylNwAr6R|VL))4<VWfSZGG|$0qQ+^bCxU~+qbi}5
zF{Lq!CKtZ!<0TaCtxh%0<q<;SqMwyJ#f%R*k^g{zAMX;GJMw0TS&bHIh<<{K<x>4@
zB?-T2Yqj@!ToFdG1rX#UTn5=P8T=>n<(+JLK~G1?yP{Fn11gFcX=QZl_={xH--jA^
z^d-qWu-xTck4s7U2R_7GWQ>$sDEbdv*R`YoOl{j9aDD>dHEz6f#uxq-EjMUUuLf4+
z6PCtd{Tr;ID-ZR>=&cF@cEME>sg=^yq;rbe^rWrvB(~w3$dRL;P;{0Iwe_W%a;4QX
zjI!TrPh~z&#2v4BB9GqS(vy>@YsRP6W)&RGnjZLy!DTv|qWebn5tfLWNC9ER<~Qez
zFO1!Xf45|Q^YtWRzzyH~^>vjQMSs4@ADF+o09`fA3_$*|2_@xql0u*ls@dMmcBiGX
zsnHdA;T<4z5T*TDYv!1vo1GSjYrU=A_#$^G=gD$jY*_)f)r~Sw`C;IYjjF8LQBz=m
zW%;&RG-(DaRW~zQofwit#I4cD$F9G|O#ZGF`@2iqgr+nn0gFwh1H>@rChm_ppxZG3
z3QfIH(6BPe#)w?B#mLNWvSuYmk9g~YtgSz;CKDSPCEsL?$mdnk)X;N=YiozhHT1e^
zqlaURGs&a8Hcxtz)h}XRjnd~RmDRHgRy8gqcE+ebA2}OU3Ry~HrIKW350FMOdeZFt
zB*adO<L{WI2;Ql1D(;u&U{L8JXEf(2?TT?KAkM94if>y(KBpid3nNkD&GF*0iE8`}
zIr5KRK{Ao)_R`+PCdWT;l~^b3wn3~w;Sk7||DX2+l;>{K?=cKrM1&%s3*jGl;7Tjm
zw{AxWcOqAZ`GrK_|2=UQ{8pU)Hby<&-hgTpQW0H)*f<m7odx0`Juq$S^j~3>rU*e?
z35PlFp9&RRIyIyc<~<o{g-@y*O}O+q+lu%bF?1R2ue^{R;JR?i{=;ei?_unX6X@)v
z=)gu=e<YszF4o`#^ZDOxS%2B66&6PaR471072<VO4_j+{_3Gb0=O2H9f*0rvBNSsN
z6U;Y5C#}b5)cXAH9}s|l&&nUmzXg(yJek+&@1Q2Ut`g@fuRQ+olmFj8P=fsNwjBMi
z^iif6_!a-x4>gh&0;q*cOCu^sH<=lgLilc%{<AOhK{PiZZQcH-weWAx*cDvvoD8EL
zi+rT)9hUx#Ep9U9KUB2;wkg0`A0zJR54vNK!mbd86;`Pp?w-tC=bKm$feyU?_bL4S
zLIXtPmwIz3s4N+uv44R*`svh;gl)(JSNsO6cCvqf`2Oej<CdlPO-14*O^ZZgF|&O-
zvT_fW6jjHgievS^`<AfB3SU%~yCpo4TbxsnSTO2+6L_BDgH`4#f&85Ke|0T7B;=Rs
zbKfDM*(mzXn;djVgVB0Ven0ZPC&jNWG`s>gt7(b6|8cqg$&!IBh%|3us?NnsT&wL@
zXTU;R+txBzDOhcO$RlFwmuNG8XHD3P9(*IAe~;<E{z<bIlBvOG#J5aL(#jA0y;3M1
zBma1ph*T6fXG-<ozD|h!zpnFG@NA6YcWer;{c)Y2TBUdYEs*|0-~~#8>u`TU(We%_
ziWP-H+4~fa|A6_w+(KFrQGh{je{qffZx{3jy4z(eBzYiSmwvD2<~;p(k9qyat$%Nv
z)_+{^b^o2P<p1u9UrupZFIr20_>Y1OkR3pz7WlJuiBwd#ap^|>__8m(;&{0KyKf77
zNMm^H|4MyM0=4K{0Q@MMmEt}0HdYd{)E6l{R&0mDMTv8^(tpkw{(MJsF>l8S!_;Af
zB=vtV`LpX)7}{yWl;+e!ikJhyL;zTAzhA6o^#lpkf46-IKmGlUpYF9fgH|ZzqgVUa
ztDixF^x^jHLkiG4d#Edi1#<Gg=cWGZx3AGYd(CSSxc+L9mA{8^=k*R28KM^pdo27r
za0y|--<d!D&t?4|&qQGe@{dNlr<nC`L$Lq@5o6)l2nX@l={)~<tMdk!$N&1=f4sd`
z#JcJzMf7?tO_d))!X|^A5jP@yivAguXLNtB%oOv#T?tAL!Huz^=p)Y5b`-iT&TtaJ
z{5oMHVIu?d%HL-|3(oJC+p_<P{=W+paLBv-xh$$B@BQk8g#Pj_D)m9!k)bSjbo6_r
z-@m>4uWxV({j--5q9#yZqJ56~dxI{K`hA%X-}CyPfo=D}UD!uzSs5Ff!bSO5I%QF%
zH$d2U(YZ_%alf}<b_E9h^0Av{Mh3V4_(p&6(Gc|ixsac%Bv4s96?*F8b}w~@Uv%@T
zkTZh4bT3@^WM?|V<HYf@hs3aOyv!$dyzB<8_(9pbw{8)tbKlQ?-`_m7Qi%$6j%s#c
z^iy>ejUwH3*H_EkF|pA@YCNC4g^#ypr~<Ib9qR9ENP#d<KyGdD#^+QoO!4<Z858^u
zkuLn?&v1l22L<gDz}C`>9pO)9cYAz@9W(H_NHwxrb?h$4WoaN-k%Zs%QstQuA<xJj
z_7rTl5h=G4^>b;SNX4=3fAltNGBz_??SF9R#a^%q@FDnq+3K{^X{1&0(tnXEK$x;Z
zj}O`a#D8K661aN0qG<IxPTwO|4H6|J2hJEF=ugEm+Ha?1lJpl(^7jMyB?%%l;p&6=
zra|>Z6d2aw5`jT+Ag)^9^-Nzr<yTX=t|&_Mdwh_qQ&m`QoxlL!9E}B7a!+4UoiPxL
z2cR3l;5`FrVLT}Xg-^iwS-Crwg%%hrL>u^AanN*e(;uW&Gak_!lPxKr*LSyd$euYY
zUv7*A;n4!<c(AB`zE6#TS%E=4f2|^piiqf=Sfn3RkY5DJ1^E%D<&z+3&|1dZ;2T(w
zz+4{6QEGG^ufUz|z|B>UGVRqtYxSX|^jrwro}{)ORp{U&%N{Ao>W!C;$yL{L7L&VM
zRjj$Vg9MSVm5F6$0?n460^Qx+15I4W0}V<&r~?FtlF7nn2g@-JD?>15-5D&WPDHhu
zidQ&nf2kZZrmh1|dn#=9W`Y{;yJ#Wfe_awbQzC^DkJy80LxR<t?WqFT!yB;m((k<t
zZ2#JbztyIf^$p^7^+jACmIa)>Gz%Ng8FKU+YOMzQv^xNTv>ZTwO%2p~6X2|~9jq`Q
z$1hjww4R3kS|jXHzrcy-j{!T;B?<f3=Yt*mok_T^97?`n8H2uIzV2u*Qk<<u38I-E
zuUd`d(}yN-9!`vOFZWPWEe4Jr{&Ibs<3dVJLs!HZ>}V3@PV+2MI0L<0K{`?<hM_KA
zuhzJPgwK5lUQ^xF!Xj0mO}n`p1kv19kX7|TD;85=u(#rla+y;0aWx#v-kzY=sd|lN
z7L`AVjies4S16HJ--I<$ZPc(eSvMN4Vpi&>eJv;N35CE~UA^PsxIV1quJgXWwGWRE
zQwt436WC+oD=gP{DXcV#K7!R0(9o~I-V7f^|B(M566i}>VOZ=<eqyJ^vH$+AVaaEe
zXv%(iI5}y3+E`0ZY&9kg?(8lTQ*d}Ry7~3-=9{KOpz!VcQ>+nJ_mOGer2^=wZZYbV
z@W1Kfna%*hzwWAs3AR~`9l1o`9TH*pHa_XN%Yx>oQ{=MD(}Q+mF(mrF`X>;AKlXRv
zb5mhHE)&qvqu!r(c6fcS=h7(i$y_iHRPnW)styACgv`JocIP=Aj??)@nd<7Ce$+%|
zQnbLfd9^xE-TQA9Jvu(Wyk#tN9q#u!hG;jrgpzREHS4&Lh2MfHp=hUm3U7u4%j5a)
zUxv`YpkFtkNwx5dWZXE>pTtFpdXCXQJ%>LmJCp~adDeInB<RH5`OC}@WPreuWJ`kW
zciI5LZO|uZGn%z|eSK4QD#jz%&$EhF;gcyc&5rx&{Ph3;uc1(AZZQ|5Mt(GaaAej8
zOfrC&v&`kNp5<sCrZjTLdwNyD*!98ey6(2t1Tq2lPJxr7VX-7$IA$EDwf56{ldBI)
zTI`3_8#1CN)~*3I{)EZ8s{fK-8Yz;(5G?P4MGe%Vn4Z{mJL8%5+c-}X8PX`{8^z6^
zSmhS#Hh@{6JZyZBkhG3{sXSQpz`b?*b+i~H{6gT9%FCA@*<Vj-VxR5Ji}A|6%;><j
zhsq>ysw}YkR3m+#a1La5G}!iM_=!<bU(~pt$cKnC$*5+=Xn5ZH^PM4ao-|W4ay-vB
zxhk0-*p*XX^_uyuGGhd7nkiSyZ2e_EB5Y3~41*dMrGdo81O`P{zR3jb4r8-q@&f!P
zJMlSfdOb)F-ei7N5>pfs5Js<&u~J5ws>xDFvYbrlAoEZ|Sb}*mQ&EZOd%Hz!sZct+
zqz2><Mkw#8z2MbRR12X7^{lsttJJa<cQ`n10>tJj?5_C%XVy4UA`~Kj{}JcV6-aVA
z^(9>rkum(=;#di<H974+rnc#1j`kiZfEsL!<YiCJRC^}@(ngWed5ffkD89MBcJgSm
z52C`xaJkCOZ_{N`e>gBTMMAx!ok~(y%I;K#Ws*A^1TD}_{l<Cj!-2t)z0T#{3@_U&
zyrc7%#Q@#R?=XUM{40#;oc9={rZ`@`vCvA^;+?Bo_9sk^HO7y{TQ|5lkCpqphn?bl
z&-=>RV(LkMgHd}(9Gm?@o99`H)}4-`^ZSpaUKVIiXc^63UmeWeT)xmK(vM;h!eY0c
zP`f@KZCY~#v<Q}uadDJpDbwnpsaz<!A01_z?Za5+b2DA=`pdTFq$aD6NaMMZ8}Ty6
zuk;Ry+9U(-IBKB2hwo>)HC0olreUvhKM%n0ouFIe+z6U5-6=kjG-?mqJ%MqE)Hlid
z)b!7kG360c8fB)vr6yLSWn6^;;Utm4%(Y74CReragXxpm&68vy)@v~1AjTJKxD`bs
z?^0(o^I7{M<SZg4h8ncXas8ZhfxWZYbDNX`lPjVkoq5qy5Hgg)RTcyMo#`TT{-NyE
z=1IIUj0s%UrR&x+l%DHfmD97Xi=oqlL_{wRmi?)qz1l(U^6Zq|VSt43V#v{|KY2R$
zK7M-D+Xo@dJt4QPw<l_-3^0MARLn%SUJE#LP!heiR9LTG`1B-Up$72I$16+npuWt%
zP$+5{sbqWp+@ybpeUoz311+v3OD$hbnn5i;W27JNqx};xK*4_+fJNrCj5(TMI8hWI
zK><1>PO-%~iKbM!cSpgy*{IM`3)yB$;HtA`Cw_1DaJ<AT!LTrOraLCj{H|7<)_JYF
zBL#wTIHb}iFXc9WDkCLYVX2a7iNE|(T_!A-!|UeS3x(~T>1FM&K_Li1@hA5kqsA7!
zazEZM!B_eV$zUw8+_e8haO_}g3hb|vjpuf^`pc#*uF<FMlbUg6Ef$6!IygEwn->8#
zdUwl_)8x55<b<I8o|*8J&zhodt@q~++OQO**;qFCz8$9G;=)44t5xROl!qq=nX>iA
zJP~+c<qS9uM8g7K4u8O3N#C}TaK53*+qIHH9XjcOZ;ni?I35@lkM`$W&<>R#mtAX5
zwz(^(o8G6-CK-x`B_-EshRfu+{Spl_h~Tu*w5?-a)cp#4k?H7%_E9G)!FlL4snMX3
z8n(e<X-?o84j<$8*2qy&hg=U&I&yx#PN*Qaru09!6u$tONv5a&fu#ULc1jCS%O0K;
zD!z8VxHb}3e@H8yDq(%a0Bx*)k|*@OwajKae)ufeQGR$g$5qhqeutY?tELshDhs~{
z)|Swholt>7H^T$<+>FMH;aqzBAuoTsvd&j4eqD>36<_mH8rz#4|2lh9A_2G-{&=1x
zBI8JV2L=0A_y`8>8+p)|W4z<EBkBmeDAdD5Y}e(DF4GTyt#uw3hL@8>pU{nG%}wKl
znt38_smr!D5nyptZ6)zKM>kz<+p5T-yYb_Rt|3HJXWUk&Jqxj?W6al6ud&x31MTqw
zToSz}_>3A(>igqDLXLQ3D1%`Y_x)lM0qZo+`)~#Dzf~V+@xePlHk!v8J=+cR-Wdcu
zu7{1gPR>DpwiEPclXt5JQ75WwS-j4tEP6P(xS*ILU{0=4r)=bz$6~Fh|B~l+1r#Nr
z%Ffv1peuW7gO$9nc7p+o5}IDw?@ZOOxgR|&8L{ms2XUnRz?6%;nCJ>vqx1+}8?i9l
zGp)}m@`ua7phl5zY)AiCtaheon11E%!!kUco%)wU`4X4_Wv=b3(nXgQ_|5=vWLKYm
z3n3V0CgpQi3*v`%?IV#m`{KA(SWIdJsW6z2elW4Te<F9<I>gH(LH@qFQ(+JH^^H!Y
zO#x?So;&9{-0>WCRjMG6z>kN_0n#at<tixp5~np7q5V<P-%^RKtd>x@UEV{(dnXox
zcAlRT8UIT1t$*))sLb2f@(;N<<0;?s=C_FtD`KJ-xY^lE$8%J+wpz;k7|xfFP4b!?
zDNs@5p{3+cHuD{OwfU(xIRL(D*kQ}?uJ~4;BU<Ph)Am@S9wyCJUw{gk2{EUoF|=R>
zg|^-ocg5}%weiWlILmGkl421a<#GQ<<rq&WOl5dUnJ1&aZ=zEtH(z0w=vAxuW8hO$
zbErd`d}j5BXW?P&!)fY_di^4Bf%4Zi2ik31H~lq&o06_S`pl9F4u$6`UyiG!oQVk#
zb;BJOuF)%QS_+%8rg@z=r5n!Sy)Q-?#RaN&twwXw!`<*){k3O?4I^wtNqty*MFXcA
z#a`$+Rh%bV`}Ma=VA4{cu`MW|IosKay{?y>?iqRT`X<TUn}Gd>Qc%Cn-MMjgoArHK
zy?2bp!ew+cr?wgvtTD-z#0n?5q*}5rrrNW|g0jiEfqfMB<qSt&pYG)8Y3YE%RkE@C
z>78u+o=;lXXPyQRMif)-%t`-sT}+qt`xNvCr{DuuaFAEVjizf?=J$p~ZI5SSyiTXE
zALZ(<u~LWh>6wFxPZk813VJdRh?`Zw;XJkZ`n3C2cHTwwY0qoJg`%JH%qT{}@Qq<z
z;xfkQ=ila9Y^&8x@G&Ttu*L6<*(oRreN955C_e|J7w0&`$&yMVT1nAm7o;LYg}|p9
z10@cZu28J|oRMj<iWLp>7y-`SepN=YK-4J)NR{+cD+mY5`8{DMx-PAM?{KI2?wx@|
z9!KLJpWo<S6^D%zj)Lhj3B<U^4bn|7*X&0V&IC-BhNHA{-Ub{#&r>_CV#8EL!0${6
zXSj{Aat9exT3WhL@CJy~XdkU^l)Eo#jm++AZ_<UF06@xes5&zGsj>>^UAhP`VIH((
zX_nU;rVlFC@VhX=DWc+*pe1>6zYD@XZrAUUIoW{>3e(TW=r~W#g77*jI%$~;%Uv3u
zr4gd}P~19*!4R9nm$@O%<M9nujp~jLBIFLDh+~yrA<-Yi&cK{f$w%*x8X3z_PpFVW
z#m=%?Wgb$M7f2}X`mnTpz7|D!iB{oNZNeeMRO}mJ8|R?FW<#%GKfS*=?!M#t!4I6N
z_b7D)60mbaS3b%-RadWhXCyD_`xUYv+HZ{iHBsf|f-d#O+lZZ|E|TpPBr~!o3b{Qe
zF-+%6y4gxE)X_I+)d?iZ%=U&#BIqqWIc8<jjIk`LX?gb!m7CsclZEj)M^nti&l$eE
zz*6u)L9cJ-s?hUbN|PiVAMZe>Y><ihFnCf_Q`FEaL=_>d6<D+XG(ZV^88@2l!NTi|
zd&})L4iYUdpC|DIlG}N`<3>Rj72@L(G8m3`?*5?{MTq48BjgAF8=eY%(P)*3W=xZ3
zv>|2V3;vjL&S6dO-LFI&d_+l==r&m<-rv!ZvDATb+4&e1evb(oOf!D&6WO9Lhi~Zy
z{U*|g?tCf2nHTK5;qb{D3>$vc^%*`fc=FtKf5x4hXg)Sui8K0|Z~xM-lU_Y2q?h;I
z>^58UCbf9osrM_~5mD}4x0%`GO~Pa&)R@5ghgt5S8xx^8&f=5j{=2A<!dU1bIr`>d
zVG>`(w|GIjb5wCRS1jUec}Mxsy+{3G+`61L18PFgi#3P>3f<wvYi5|b;wM`(Orejs
zejTFh1lmcLXQkD8Yj-rC{PmdzkwyMc*UYGWg1|2k;vo_ZAUOxe+$ZOi(nlQ`jxi)W
z$&74nW?Ctai+tPk46<WB4Qs&yOxW*~@v4eUp+rLI)_b`Er0(E<!a=9R1P0FAxrMT^
zeFIgt2Ba$xRB-m?0;1?>;h_d4E|w_rvEuSXg}U`)_bkLx#0hNfDW6S$feoCP8qXJp
zatu1lEe3z&6a&-Oc0-E{67gdD8$j+=1ZFm`pb3bxY|5dBiT4PjuL(Xf$$Lr3rr8nF
zKU1ym)jRBPD9=S1TzIqVb0gfuB}DNUF^NqerK#7L5BFdrWm~#$@s$J`0bD$3U&Yit
z<jjh!b$<77PoGKiTM6tAs*Lu8jTe@XFKJO8QezMu>;;*JF5k}8=EZLGUVl^QF=*X(
zEkmy*f}gdAJX$yR`9=?D@~n!tL)S0&w-zhY(p_W{Q6kZGHwl<Nr`X;puf^yYDtE)w
z>pixfG+qtc&XT$M0I^1M3tn1Jyt99sq!Ln!g}%VbHy<UK<Ne@$b5GZGg8ZIt#Yk_;
zs)4!g=I1J#aR=TXhGaOe*<Rrhic-FoV@VY1--L7AyW{1Yc16>Dl_S~9ZwBNQT+DHZ
z&u1jjSs>Tw=zSD+X!~-2T-x_72UC>t$?J(%muO=C#<V{V9(;YOS2|YlDLrI(9)p>~
zF0Uj@sUy5NWb9P36i;MW75Lr_Qi^VqEQvDNk_Nlk?pXLB>)#(L<CCs=OPP9O=lkq2
zTHq6H#uLKoD~j>yCJmT)twT-gBjfJHYekDF_pEx{yM8_2F-5tm(H<A*)JX<iVy&HA
zUpDK0Z@}Eo%)Z5<34_Yw6BK{IsQCbQg{4@*guLKC@HXI>@az38#V;vhdOr5O_S=yZ
zcH@=K!FiYvXjY}w>iKJ6O<hr+cR(@g$9qkYF#LVa6_u9u+x^F+-2L;{-vvsbJj^z{
z+tp(lLBb`UY*mby<<VT#7L0G+xp}uXK&<#buAckDQTwqE?`h{DH$rT+qMWaIzxcHf
z10}iw1J`R|{=nTAQV^CGJ?AL<_{eio_A()usnfj6)t`276h=d^=NX(;B1`9gyx)Bd
zncGn_a<0moHNjCKNHr-av|e$ai@S9qA9zC{e&UHmxD0=ejp6gx2)OV*)g1jChO=Kn
z<<`B54}qV;M-U(`-JZjdBweay-BEdUkJ^^(l6pk7RlLKFHeQBfti=rwypJsF@58h|
z9FS${Ift}vU&4!gA}4L?<e?3oXBgB!-M+Cex?AUoqusg7pLxUUmOb&reIw^~p`%8s
z(nKLU(dm?<4RI&UD>_i~?LDB1JKrX$|54M5>#FB{w#@s3^4w_E#eY%2T{i>8X^h{u
z*%a8daBtD<9el^f!UTlqfiOdl<E<D_jmyPy3E9-|->o^Gu!6tHn@r%!g6i7)PuX|O
zI$g(DmfgTdQ4?}?i@3u*rDnbP#DHH_#%utazTRyg@kC*eyDxueTJnDef3alJrnk0+
zJ=+`Yk4eZov1*4=@9F%2`JP?zo*bN*-O0bW)Mh8nvsc|!@-^~fCcS#P6fxvP$2q@1
zzrBEDq~}&wXor;sH5YEO8YTA=11OZ}>HHt1{Q}GA{x4x<eY+-KOoCP@vwpNsp}P9x
zNCKIszQ$D|dXN;~KE7XqQ{r=J0Jd$rjV2wS6imZDVYAFoV{%9{SqP}zF2rjZw=qPY
zwu-dJ=dTJ(o5(d*GWfCT7R)hMb&4$!ZJZV$1;AxA{UQdEyQ*tNs!iJzX%xRM%L|N*
zf{&KG6%lm@wu%&6-8Td+GnL10EQ!0WR-SIMTP>$iCF}U~R6C=Qn6xa}1#e8`(w{YK
zUaAG7K7{+W5m<a9zWA=Gy2H8XMue_J*Dd-@O1mjaMJ8W2S&+F;!`9@#y!N^tL$4QQ
zG8kLL&b-R%CL-Kq_mkgLUo)f%lvNb^LYfj{6@%kFKYU1r4nNnrApdbVh!*8Qp#<Gg
zl_Yt+A%SM;mnK<?8D+IYo@kJk+_Zu%ut(Iz010b{V|uaACe)+XQ%uEky}>H2{W$D~
z7p4a(Gh%9c&c;QnXm}sSf=iNTkJbNd35E8MgmGgt8xw8zuiHDq&!`YhX7g!8I}0k~
zP@1T6^Q$FKKUwF4>SpgUN4Ru$H_usa8J^o2?wk2pzorRNmd(-w(SxNt*0*<n8d74$
z*PlkG9p{s_{dkM61U^fV0hy8Ko7Qzsdvla-@L?#No{Hd`kW@GckIG7a)th~{`R{~J
zwESm9+>gg$%mK`KN@$eWLZ@?LNganT5TQ>egT$hH$M0#|%EYT~`Yszs;zY?X63U?N
zb>u=b!(e05GM2*5i)h?g=dGW&ZQ&e=T(*tg;p8-aROfp@5U`72+4r4s!EE=CbCQE%
z*H5Ew#$X<ow`nyzt2^c{x(!Nzx+_nHQhOdFT^o4`n6>RJNMka1%;IzC??99;Kj#k-
zveOnlaGGm<uOFb01YaR*tt`-Nd^(p(C9cm1-;*qLWG&S&=VY*ds)EE~b>XsmXWfUD
zc!)GwhlHdL!hqiQFd03JXq(SvAYhyGtH2@Z`FPGTWduwU6Wyq=nCG6zEm2d-jHuQ2
zy7g=v*ZF$AH9o(ZcaCT(@wgD1>3S`2F6JZQTYY`zNLJJvEmbmM5&4+2ws(cS&!5-Z
z>H;GET0^ul|A(B~HWX~QdQ>p9dR~{Ee9jYDkNYBbPuK%bB0~5QD&(mm_Eyx?GiB6C
zM<6B`wKoOuyXS%rVX^9oZ;v5l_%H8T<>sD;@AdLk+743AUf%!pkRE`qqy4-$zBNAi
z`K|knU*LrE?<f`aX$&j-F!{hQm%lwTwMs$>osH-Ec><IGquk+}b*;1UHMg?++A_o|
zykmz7BQ<*_ll0%sORmx{91q)2Tw$-ASrn$=q`MuXoK)Mpek(&uO)JQuD>4AyMINdY
zNG$vb^ViS@_xoNqpKCoEOmkN!n3v})z55xlHnWTN4@myHsr0}Ef%>&p9KLB9o%Kxp
zf%?1s%;IM*p4QxB1cP44bS!tr(+&x(tfnMuM8+!G$6{RUscREa?_dZ%O|O6lkna?U
zEzgfdP}+8vnw<HgASTV&Ej|)H>e43I#Rd~%*!+861TVW8-(|QRuGn<&A1*!@ML*sc
zR!tFoDC|cp?m&p)#R$gyMmhw1{0722hzHe)Rr&K`&7JnxUbP!IQ?;d44axDKsO744
zZ9l3GALoM(0pXF=?swRNU-GJW{f7&5puOQ-M|Z#T;%hH2$D*$DpU&&w5M^ccL#*MO
zvC!;1rQ5c0<A&`z!ox;Fq&-M1%}i^QdOzK=nIqgHMxD(`tKP3^H#+6u>eOOBkZYo}
z+<(CG*^%ZFm(vC(>sO$Ce!^n%{2h6%`j=&pFo@l)pzs&m?a#6C{G>&{vSs)plbNRD
zx>3>ZIpp57yjFU%;h>TH{Jp~-@5@Ea_l@d&ObQ1pN+|j*G_;dd?|VdjSXVUwlKNe2
z=G+Wf|8v4;k7V@JY+i;)%8yBSpK++?>bU~&tBchNRfx38RYTS1@Hb8?JmN46?ouX8
zL#j<kdsXJ^!x-lE-5ZO2Xvp=&m~0Dr>aoS=Oxm&S2Z1uJJbocGulc9VH4zLsIVd>h
zU6@%b%Tu(d_i8_{cC|Po`bR3dQy`&|iML>k2UHIVs{D%0Ach*bYFfd=TYiDbCREgW
z81Qp{_Z!zRzR&%s`Ar~LH{O~fauZM1Mfg*^?o)wHjHR-gW64AdWP@sQNG1Nsj%WqV
zH_H2zFXnAfPH6g<)NaJwyxn!0_%AljYQ7d4jM#tPl?TgA&Mp5Pn$bA$S#Hs;mcN4i
zpv3Qfm}B%!(jAK;1USt(_zU-CER=f3@9)L@b))_RF(4`(6q<`%G@>NEvD8O2>G466
ze)GtHjF0+WvBD1*{O}$FOE*F{CLUcGUTAO0>&X=Qq;!zhGuV&12ej#ZJ*%9wiD|m#
zV97_wh?xMu+3XSjRiR=EUnYXO*g^TkcM+9yiOl_LlVHG}H`?>^R~J}Bdq;ydX9eWU
zbz5vANm5`iFDgg1>E~_(y8n@MPq@;=es-w&1J}4`I;^Ljn6U+XJDsn#`ac)Mgc3d1
z1_R}(H-M3U69A{*<c~WzTRrF<ovr@hnm2po)`7)Ae%CbxyYRzPTRE*B$`spzMR?pZ
zBw8SKh|)GgHZl_yuvq#TwMKQbTKzZZznw*B-n2QA$Kt#>Jor8TF%e!P7A?ih+rV$n
zW1v_<@(EQ+3xy8J*#}<CQgcR}49cuvqoutd@4o9SsL6@Ch0Mu0j>Kz>jCK8h;j35P
zLrnNt**Y0IEVihG=h^iKd`1~O{B{WOvdelgZlWy|OUW*-L^k!)Nj~86aeTDFV;JlP
z2|-H?WXJD11Ed0wHsLYLw&&MF<Z@)seHx~%P|%M;I#I24Mz0OeapmHaMrVE7$+wY;
zlsd@oIjY|6-%_JiknpXp6#4d^*LZP&Iv6qegV0wXSbL28ysgfKIZEMJD0(%!>ddx%
zW19o8rQQe68{QwZE(}OwEv?Q^F}?f`lhZIwkbB;mEH^PLk(jf-8J*m>dkc6l4_q@V
zp&!%6WNFI%R9kN;`dU|XZe~P3ofn!(RHa@D*2^^crfim22aJXqj#O$k3kA;?i<+)z
zcEi196A#YLfy*LYs)*KjxkVH|;JEVc0u$9?gLK-QJq3${Hatalrr9zx#TxjC&JjQ<
zXz7*5?_JF#D0P;l{eO}1&Fj0L<k8a0tHksL*T#cx#@qHB%e!^E`Zas4nDCAgOTo*m
z6_lyEN4fGj`T0-Xj(!0QKwR#iedx%oKe>S+f9VxXok3C7Yp@RUV63KT&5YQEt7612
zSeg!4&NGVkLftaOZY+NH%@lx!i5x7LPz8X9-M>r=TnO0aiT1Z(cu{7)!D7VtjrY^E
zGhTIsb;GVurxIJcKZQc)lPxz7f6?qY)ZUniu|s)Md!ecMm(r47ZjELGX_$+rzO2SD
zznep?@%1Q$%Gs~>uX18OFIj5vxfW>d47M<6BkQLg1O(r2ReSuz=nP}IB7t;jQ?4~p
zGfPyx6{Uk20Cw7DPciB#vV6Z{SR`PeG|1NUoyt^eR2vL}=4U&6Gv<y?ebLsrE|Blb
zD8W5ATLfBSX_|y(W#ROr=@KX-q_6Kf-nipci<dR`1i`Dm?7u+#XCIZ%Rtd{WVYRGp
zq{y|A%lxMj#aL?@X8&unMo!x)isk5LMw}+GZO~GydhNoo?(}<eO1LTPb9Z~?C-1*4
z{BZ5ugftAN9d&WeWaAmhCB7?uEPOB|rRYE430BBJ2-M$-nCV{~E>>RGxbJ!L-|+@i
zdECyZ4tV48+Vm_kP13(DFdw1#2wb-lzf-R+a^=b8Y{YT51>}mXgvuf?mRX5=#-G-I
z1z<Zi%OUeCL<{uOCng<poSy<GQ&u_zsJo39%r#3NWslsfG^K1sDf>T&TC65I)=J-8
zyM?_%s4!k0rlh!O6t$UE$@C|?6`G>Wb9<dTL6iU0ZcUlzzl&Nbl>x>JKM^o#n;Q)S
z9ZW){sA~s~m`clG6@Axvl$NZ4%d^8}(9y=6coCTAZ+XXg?57b;o;O^hsYU^f%i(0&
z?Z*_x`6;B^)l02M6^F*q>vKXD73Geo&M&$>(Iyp@$qgkrw0<<M@LY8CfpRU!#E-o)
ztaWB@;=OIJZa<Ul8F5R)uqDnvZC$Vp<SbJT;zV-ZYrU#>viGKxSngKOP<JTZsmyNv
zv3`wOB{D5hU}WDNXV-*9ZoW($bdprdJ=o~{j#o!7m~CVH{_Wd-sy(qx&i+?NBvCl7
zE!%df4qp!CAkre{fe&5>O7`;>q$E9Rs!%v2JH+gB#aDNInL)b2_XBHrY1tN|($f&B
zsD2YWwq!U@V`cME<GWPBCyFrCFe1Qv!hDi{HPvKW^jayc!1p5#z46zdUo~kjr8UVh
zab4&6F#MiN1z?dzbL459sX8mU{kXh;e2$;>E*5XI2*=fJG2~~9U7C2Q<704IDiLlw
zQPQ@P%UsZ5qOx$iSx*!L)l18#9Wl4?Mb)T6z6pdMYR*QQ0iWMOnxq{cyZ-)qNXJZJ
zQ(l?=%!6fk&%G{BTMV^1|A-K~szS|@k1i=~yDAWh6g8jXcgQeHAau*5^4&i01bb_C
z)gg!pBzs1k(7#5b138dNX!cs+q3{1-Q{j(PWXYpYAIKar9e}~;T--O-81Jfk?qR)T
z3atE%9s!M3w(QpipgY5q^M?1w7yy8&4LtWV`$n5?#2i3hbnX8z_SR8xF3b9GLLgXz
z1`F;E!Civ8y9Rf655b+_L4!L4hhgyG?(XjH_Pu1E`>l1)-RJx^YyO#8OwZfhRn;X=
zKXnaUvKwtDXoM>{l5$y^?T+sR>|OloMT*=Uz<6E=zM3lr<w3!t_W-n1fKT_5eKI%4
z_F716-3MA7#L%}4V0$!6;P9RRv_QE4DFtZiddW-H`1z^P3LdyU5M9%U)`K5JI}ay=
z@4r+29S+SwEd+NPxKaR99CESbVPFK*WAhz0n_L^Mr}q6hzBR1<u;rm^VwOFqbHDs}
z3#gJ~f?U`B>{~tzy4U+1+zJ4R13PdnzGi<S9w=SzgjMQ2a*E4Al$%dlz-T2A+<bf0
z&E%Fa+hUVpf?fd!!wsd9{$o&tG_phfcfHEXg)8gPqWHORnGpygu2tbdjhY<0*gQ}V
zsOBhhKK1A&gz2@K+j*~25<wk@L^akMa<x7|_9=B?1>OI)Qh%1QFq1VhHck%P%w>+Q
zt)@;=WF^1>9xzVb2I-%1;!|U;7phRj)VEbX5pJbowk*~UF!-}sjMtVv?UbMN#C2MH
z+I$0qJD|3j?v(KltfzJn(FaG%rpRJHeY96Za(*k@UTBpGQ9Y4_BM#{z5eo#ze^=+P
z7h!2Zb{<u&98!ldAdG&m`j>O(&qzl;wd}mtXyoaseu&rLc)I4f*!FSaryjA_!b{rs
z*7N;a+g8A~j-*<tpa!}vFY%ZUmgPcnOPGSKOO4@Jk*oz*pt{mmr2xtOG(4<S;~jrq
z;k}A4HE>tsGJNEDtuL?JVk<v*od-AwU*0<VlGO*7Y1nlQ))bUy_(o>j{yq5VXFXDI
zpkdM4|8M~a`(l)7>m36?Vt~A9W;)sst?aZ&<7)LIV0+qMr2xGtUdj+(&N0nSvpUZz
z;M!bQT3<iTK8Q(3#Bm+fE6&vo-*=n)H@L3`U})=S0k`yk#uX;j<ET$}IBSKaRQ^#c
zmq%VzT27P7cOwAuOnIk;uxxzEU!d$={<8nv(9LPa-g|rYQSjxKW~B&hmK10$lzIao
zVHiJBX5XSb;RGnnH(zKoW(h^^PCBBb<m;vZUq*bo%%uMXj0M22?75(WN?tCCIv*`i
zGMRX9JC}*acG&~1%qg#St&hGG78agejK5)?uhuqW6bsPxzv)YUvfqri-?ysU`(*_%
z+}Uvy-}X;xOar_fB*0D98eV^CEla6m#jF@nJhzEt>6UAimP^h<)f9Dr*lQR=XRO{c
zGmA3Ahi=*PF`|qq?sN|hZddd#>>~GfgJ0T7Johf7S@*;<Yx3#{hz=ydRK)RF$}2|i
zH*0hom|N4{Sd_Dw(4Bk>&JTf853Cjr!E~Ol_heB;@PVBy+TN5W!VmTW=K=-odaVxU
zqZz{ax`y&`=gqz1UkZSBjplRXir9|8xSn|TW(CY;LL7fjJ>tU|{`5A-$h?%xomsNw
z`m*C<878~3a>)OOFo$K<bfKoIYK7A|85=a3?&Y1wP{>sZtLnOnK0gU@`?oOpBKIYJ
z%&(9x6!q`i$ckJ0>8f?s$)t0PONF%GwF}B3>lHx6%XKe<jU+ccRpsL<r2&*kE^dE`
zK{aR3XQ2waj<@?}ur*-d>JJ|z(TRCp8Loe-n1%8)A|AIZC;^N?{HiT~l6sPb`@s8s
zwm5;F7K|M|t!AZKh<9W|MCUy8x=@uyhy)WO9FnVB@o#%@I!fP^{55S1+qIzNRrJ!o
zYAL&5)P4HjZnlX6m8ejHTCm?qV$xcvC(b}?1U~ExKu*^gtyooeQ2El+_YHpYo1{x@
ztQCPE+YNSv*Cdb=w!fHqfz$8&!7=68LZu(TGK}*)nrpYP7TU&oTp!qR>EcY4e}U8?
zt7e1LY@9gud_Rdlw4&bRHP2e}7H>3sZ?d?2k=zasAPJle*}hXKDee0)o&yv)lNtU~
zG^HQ$3Q{Ks(WHpabtndPFY3s_LALYVxAp~$yw)%PRKH+a8Xr47i6^6j<RU$*tWk?Y
zjr*Nf3!n$l81WlH7DICRoLcR5k8t=wq0u>pr1(TLep1(rxJ_N}VCH%=if<u+Vwi_b
zZjK`V14*#^)BUop;SYN(aS4eS1l&1`{7;r&zQh`wtgsm_f}A+%y<Jh^8W`1<fJ^}F
zbI{(e-r!HMNRlkp3qo8jtN2sWXCGXZ<uX~9ysmLC5id^Xn)HFXeM}iE=hm<;K}vi9
zL}7w`rQ7)+A?LwcR(?L9n&ON34t7%{3U705NBz0yJ243ZgH7yX<8gB$!2OOY0K{P#
zsKI&B0D}QN-}6H(zzMBjb)%}<9UK2^M{Dy{bY1WBVI7kpaC3~)hCs{d^<{P-itIbw
zyV|32jzESP*g4Nhn<kl=ktd+gX>@yrCZRN=MDWeRW6ln$j1x#wAJ*>T9=J;T5I^qu
z*Y{sEumg;gGenmkWqdJMw@a{pr5gZUQ%sxR%UR%6&6@Gl%7>T}WK~P5V8F1`6NVqP
zUA%E;`c-28$nVNY{P5Y03!1>92?llos4RNHtc$7cH%(q5lK&$7VTP>t<(yX-R=UDF
z`yFcmav7ye0FVDkzvYt$r|eI<{CgWGX5V^9eUjpNL`a!*2s+Eik3j(Y?HtG{%n*ko
zi*1rxxrhcS?2DyZRYgVUNsvsQ+<aZ=838B&9_uc2L*?2I?M^aesf0Vao9aY>1Lpoy
z(8SN0SM&@Fu(OUF{ww|~t;qra`RgSE%+q^pmIR?o9tha=pkV5Cu|WG6s?3fjU&JjI
zKpO}q&Q{(`Q(1ib@@7rSvX8hVmqqVMJ-~VDbp5H#*gJ1-MKp~iJ{wV>hUjxiz31)^
z3yVEw3lY5_Qz4%c2V^2B_Q9kE)4TmcGy(3CC`?g`LjBHADoZ15ui<odJFO52j9aZ(
zK{I$G!6xs_CBDpyWgt*UNPY&2g;R^{ZfE}dB%#N{YR`7~NtgIo2SCV@K!0!=G{)Pv
z#^n?{o|$wyyZ6m>VbvDL0v2*?YUB51)fC3SIqEb95f4d;uB$h{e<({`GD<?qCH(fu
z!wI-0tm6(1C==J`uHKIg;m+rJb<2FS?U@>xk&cUH&{{l^`Z|NRJb2Q$rh!eUEw9a2
zdLH$1Yx8e#{sajyag>T0kD5R3btGvb_{I!gAapb*RD^piAK<`5tk)V;-=}Nxg@Hx@
z^%iGkjFpFK>DekdoG%E<jX-Q`TMjoj3yc&_fcd)meOs_}$?G@iF@byZ(M_Ze9nV1D
zZmmpQX<l6c!q{$b;FwGzU0SZs^V1#vthCn_TFTlBXjsd(4eD-Wqc_$FAiW+mdxT45
zB$i?%Z@x7K5zvs10hGoR0A+1CM{XCVBAHBT0bj=t^OaT;?QMYbh4h66<|&+^>3j&Y
zNiXD0Iw48L=L?|Mj3n_T#!54a0B$o7AG>G6+(N9Hmrhd+wdW05ls9i}IUAqd6)k7%
zLvF2i%gTML$&ik}W0^SxDWhZ}%7ivbB~qR-l6>=EK|BMHcI||3Rr`M^bcL)AARix(
zAs!?;p_}jzry_+hb2q6+I@GryrH?Ac8PJ+Isa4{!9V4F=CZl)|p^=;j;IWI7kZlHB
zb(jnrZl5Wsa!B(_ZP8{vBjL?*+_BI4z<gJnubEz>X>4}I=IaWxyO(fYzl!IJb^y>e
zCK$o52*|!gzfI}*fk${$;(2{IPmMiY?y{eZ?E1MrJ|!iaHTwLwob`_hXq)wJjincq
z%_5b|3C;1o!>@JGw3!nTnBK9_fO1GZw40Um$~?J#AX}K=JW@TiyWgbU!(ZGpP)2k2
z?wW4>Kz|Tb8UpsBpGu+vgsgs#Q+AECS|@HrjZ{bE*0`Kz%@?=7{reHM&$VRVPn+k7
zn=jlUMcd6^xKt-QkJpI&q&-Bgf4*k_n1Q_O*hbU&c7+$lw^|&=3NDjMp$eV0S`6;E
ziNlR^_W4Uj2GY&vf^BNI#;Z=fM@9&GnE5D^MtG&uMfm+OaD&6b$qJ%vGOJBy)apI*
zj39TjP{@kZw=fGJo?GLHg(m6~?mL~*T`ei>&zNr4;CtM~KK~DO5<3zk3{{CDQl*5-
zQ#TLn?uiy!TroZxa@no=_dx#HI^d=);;&0Vs-cYLoWOm?)_y|0uk#0Ir<uY5v13&#
zwNi^{_;z-QyXgLs04<%bb7+xLVGKvf^LH#dRqVLp>70;Q!yuq^VguWr3fvp`%;D^W
zR8N!S?^C}7P+)oj$k4XaJ|-uijX=OFPc{5>R;y&Gw7UQk^f~}f<tH)3k)MKI)kX_n
zMl05(2M19LFzZX=SE0J<W!D3#yPTRkXg7a4p~}#TqM{Z@(H_bAgf>_!fUSAa^@Zh_
zc8oJ?!2mdIh^Z$7%f#uyH{VE#-78Mdd&$?&IC3(NG_7|_p^TN|h$C25?*>xXWD~3K
z5aWs|J$gwo`hmV4rF_;ZM}`1KAI!0Nr6KoNF9Q&Z$2uQW4nZq@LrO<#{j6k?_zkOE
zn`f099RXMedSRVFp_THj&pMb8^!_>vU+l;)4tQ{IRyMv&;aQdmGOttXDI#Ep+x9cc
zg!N<;PfhYr;h+c*5h~%28KV)wcEd@`lmx63_@fjoC)Zlf(wLbyT}dHPP1po~5<D$a
zobmU^{@{<EK7>maJN_871FQFZBK-ciw0HUj`KTxXP8fzwq?j0W>QTE-?@eU*s#IIG
z4caSL_`)A`X3H`aJ&kl0Dy3rx7REGmzKJMm<r*~#Kz*R7L*U0b2M4*)egf^SfW?n<
zTT@?bScP8@^l|TvA1Hz#>ykK~;x*IU^O8KskEPPZ?2pqI=hVB#y#_X5b3MC<o`;v*
zTBnt#o}W`j57L;WlPABkN{_`IX=^0(yoFMdyHfd#jI@c!_W??XKc`0tSxzpRHbr1}
z$s@N>eB7ADgV}8EsbzWls)6TvYiT1gc4KR4cpQUc|Htt;_qKn!EZ?&DV(79HS7kg>
zVI|%{EX-@hs!CTHbh{WW486qQw-W3v>^JNZi?Ag6`ufUAN|f`H4=ze|<l91VpX?_n
z_PwG_mR>s-nz8tQIL}!+>I?p&|0zt0n3%T3qxV=sgst(Y&%<MJ{N7~h?zH;ZnA>L)
zi<pRQ{SK9_Hd&BmqNl~j{Cj9NQu&yTO}_`HGo?w_O_P<b0E0x#b*{hO#2PMcvwT@d
zm?CAP<Q#d`{qgR-;!)GZ^vzRZbLf12y?!6JZQR4^Eh(KbvFO(9!_pU=;@~p2DuWt^
zUN7uE1nrOzadQNT9$~xPm}fR-vfkJM8PhhRR~B3)>AA|v%3U;h2iKS9<8hyVq9DC`
z{Wq^2QAnZc`0wd`K5T}ggga%D1znYX@j!{F_}0<Q5*Kx3IpB@*in837+n^jI*UQRQ
z$vgws6FYMQ=<;Tnv&3r@0a@OyI)@%|WWxAF)%r<V<ZZEfk=f82pc$!?`MwG%o#9np
znqEhs0$Jmj(piw6U9&x#bTaezFi3ejJG=afh>!8x)kEA*8228x2B7Sy2H;O3m2dzg
z0bCPWiFyl5bFyM9i-RX|^ga6yRFutD9`aLv?RN-C`{!F2npF<rl}+<Kn{_8At)6Kn
z$cwNA8ei4ni?K%y;Te>!VH4z#5L1-}f`i4-h4RTql*|Qh$m?~AFvX4R+$Xg~ZRzGQ
zpWPtzoj!*uKSA9q<GsVHQV4qI6O=l3@w4>A21kEk-AJuz_n08IbybI8VXw-!Bx1S2
za7ORS$ZYx>=VVlGH#%BQ5^MJRj}Obb2)+d&AIK1AL5iQfLy|8b_LWe*thbjwsu|FO
zRn3oup%UtunYU1#J1)PL9rQ|fSpxGJ9uUEy+f|SczqjcJusgj|;in#BW$H$rxzB54
zh1vwd8{{ov7j+XU!}P19N3o^kTJty+D6ex$s0~alMQ^z|wk?KbWxKvI61;-=o7V_F
zYz~4{&Q5`txfzdCkon#uQcUa`CDoXnKbq)mvZh91Wsyk)>>aVDsMpk=y$0yRP}@KH
zpuS~KK46D_8S_buzoq9C=eoNwjG;lY^?PgoB4;!{<N<6jbw2xm*>-(b*V{ReTa_1U
zc~obGB-e+~=#s#Wl_Mk3*(VB`(~obd0MYvtz;DCTBDGtB5x;V~3&s5b>hHwy)oXef
zLz6r^L%%Oni@Kk2$)CO(QalT`lni`EuyBeyrbq$D9niZZ;gegz?i{!KQk|ecmlND7
zsxhk!AVbjYBB3I^g<L4@{`&b9<b(fL@9*mzN91fDI!;1?=tyT(aFq@wxLA%T=p-(>
z{Iey?A}R#ET`eUAPN_h!ib~wI=5!U^r!^Fqul)E(I}zKe`0x7j#JTybY*$`E^8ek-
zJ%V2qf<D`}f6}vQ>ePEK`iTyw2ZFxA3DA|#!Cl@U;}NSDtvjKFxD!V3O_W_kcg%}|
z0h<4cuDmHxhi#cwBs35XUNxtfdDRiQ`t21=68}%~3|%tE;bN+jhYL7-IKNjgU;ppx
zt0*K0Zq)Q$(~dcB6elu&z=g{yKe}sMTNpXF|LfP)dkjjz@3s*A)ZK86yq~n{{K8EV
z{r!iqyu3WlSec*m@!X~!Eydfv6PbULqY+%+krAXmG1=TNk)C=|03aqGun-fYc1mf^
zEEyFD2QFkkTi~Gq%TUnT1~h(2Q-vOSd0>7%0^rAib?{3GpaUlMH<S3c55M9gBb}-!
z=;H|c2NlZWT3h5N&%G_KmqeVL^yK8LP5ZOsG$-HuFoxk_-f+?*q`n4Z$oGl=k9Zy<
zy1;uu{=HEBU&D9(G8mF8S_ID#Z}XFGRz>FL_Ym!0pM2;UAb>GjN&YMx^wwi{0U%0$
zyZ8V0;X}sPe{Ft0%xExD#8b;0gTTukybOipdb@ep`Saht@*m%Ry>QWk0k5nCZ2q+w
zBZ#m&7#xr~k0)E1{ePq7|F&g+y<LHL{iw|z4W;w>w+|fQiM<|(0RGP|d@V;Fp|^(t
zdmaw`<ol<ieL?uwXaXpJgJQ~TBAki-vaCBse<WL#-cQuwpN=&m3Hh%HPD&~w4E`k<
zN#ejZ5}q)|Qtd(f(_LI91Vj%=Uiu~;4@g`<{@JJ2zaA*Dzb6{`A8j143wLNQlLLzT
z0Z>qmsQ@gFSb+JeI3R53MQ*>6{n<b>qM3gr#V_CRLH?g}GrHWG0;sCG-U5_hrob;j
z1Oi40fH{Av!+G-`Ea1NjE6gW|yGC0Ac<{I2=MO|e24AJU-eJ7V?7{EPSey9QsM&ve
zxc}XU9xsFagaaeJi2NWd%$tM6w~;R*{?i8ukP7bZ`|d{p`hO_%{H@x+aGxM`ULUP&
z9{v98{qN8IcTe!Y|HpTU80bF^snf(ZKLQxue=`aH&$nMSAt7G;lW5t`XZfF6p>%vX
zUoU8o_Pl$sY`kJWPlXD!xx2kiwth<fQ|bHy;miL__s$o?|1}v6vC`|8k-S6+Mszp4
zMDb|<-W>nm=j1;|g1I<u|4X1++o<WvT#RuvUJMp+7RK}cZ0V5>2<iKe7U17(PAfDl
z<eiJ2-AN4O%VP1?bB~g~jI@*fGEyVCKh8g$-AK!yk=R`cg$$l`+IDyVOWi^WkZjr!
zJ;^@xsO0`6h~XpAd>W4butRUJib;t0PdDYl1j6@88wg)uz<1|&!pndR-4VV<cE;uN
zKFBHPpT&&pp|01=R0SS5ZMDPge~ZC?*7y^QKf@A!Bs@7wtO>URMC9TP1knMfcX+3E
zs(_#%B`0SxQFfN;t7A#dvC+?^w6qfo3sSgXdP)j4A)Pk!<<Tg9pYL4y-~O?ET9Ji>
zczh9SKySz0yVQVP@=W@Q?jpX^d2{1>sjIqJT3$|mD~r<tLUDt-3j<RJ*8h{E^p9PB
z;wKn+F<MRnEAi}WI6g_km~UQ|_=3YXGPE=8?q@qA9#>I2ZC*}}+=oWzh8T^R!D0~T
z&cBEHw_bf0FqOu3WVe4RI6wJNU&Ii}^)t}>V4D680fJz~4-y9!99dBxrmPVc9X(R&
zkoXw=yR*2gEYg7Gt-P&m@S_pj1%?|r0s9}>|0j~=E%Gv{uvTiZrw{1BnQC%9mAkqF
z`wE&q(UuVPWqOX1tvV~Yi;XWEMogSNe-_CY7auP#DheHBesHjso3UPDXBQc|hVxIw
z4RA2Xk#?2?;NjtR*q?n{;R!$9-ztb)17hbHz)$WwU14Ck<Rr!665^LgE{+5K-AheD
zktD3s#;Oc?7q;;BEy6!t!&byUDg&VDf<^eWrZ8XpLtT_#7_Pe~;byzLAMnt(<frH6
z<_jNIJ_qT2eDf%Lge>>rpB`eq-a;>H*U<(KQSM!>HLCo_rTH1#x^Eh^=WMKk9x&5j
z)4-XYeE?D0Qmtf!hyYtdi4N!{HYWT3+r0iuulPt_ma4PufA%Nnx^A9u7d9I3Qx+=)
z-oEIfZNOJ1UsZr`gSs<q>!r&O=&f&}qEP+6oCy=iHB=Nz%hp%srUm)6wXA&DxPfo}
zAMRrr>d0OCOg;NF{H?r<zp1}pBEGcAJ19v0Rt&%e-h_8~?e*6TPM{$a^M`YilGNsY
zdDAMZ#NBs9fBN%O|7C_J!GKS1d!hg|x6;8Y#s9P5zA}&mCwu<CO=Jzpg%sr7Y2M3*
zWaSjR{(!Fs>!a>d?`N(NIa0QVKIi)DyTqP`m-D+F%ol;XVR{V%ez-l-xBTzYeuVV3
zm0EXIAXvoT)X`*-fd1vn?4+-Nm15>~(DM|*(Prn2S1@ST-cvME#P<4C7&8^eQXhx^
z<1b+wAO!xE14sTZN9_Ne8h?Gl|4a^?i8$a1nm|9*XWaqJ*MLu91N?M9+mT<k4oQ{d
zbd6%AshUC#NXzF2#)`f?UmGn#X>mbB+DdfdHtFPb915;X2XyCHPqnM_)yJPh$7N=@
zK)>iQLg#CNzXWr~4Fd4ZxecoS)_45>KOEr$b_(#Xk_!P_IP{ISuRm{Pg`kLgf*+dN
z!Ykik2Nvc6*%w)GjFO5mysvn_FsrC6%6-+n3dyx$sEEyB%O0}}JKsprQVoWs@|T6T
z9Y-m3VdnaxBT;a9)Syfjhnv}leu46?tL%%hF_gL9RqQt$P*70vVq!2(j*gIwZ^Ll`
z*CYrQh?qLQ%6qjC5gac9@cye}-t4OXvQ=BiUtbKuq~*8Pez5SSwDfic!*}cYHO->X
z2A^mAK}~R*o|A#drkscdV|+Y**8BM@jsaqF*%TEa<O8AckqL<~RV$}tSzSz3_PDXP
zWJMil`z|Ayb0Rf9T^9@=(9w&k8o=>q3Q;6Xd(rL}Nrub3z3h^RO7gwF=J%3Q2HH!S
zWK+Op+Wap<WSfRLMN3|cJ`pvEy&)CMw{ggOuJ=cbbIJ;OO<ToW!w*MfeNwWShmCzZ
z=|Q>-r77*7UBxu&jH1lGNdP#@M&UeVlC`pVllPf&=)>rVY$J^p*YY0S40U^m@bB{^
zyEf%?G;o}7xMXDM7qD%K=#ia_j1V&iN@zlZgL4EYm8-oMd$+@oO<i5<`y6g;scUL#
zu;}%cB_S9XDkQXAa@JvLnAu!3HC=@upXrb?&sdmQM@|hA8t}2PyT6^SSohDHnA+In
zPpO2pj)rsQc=M3m*KVkF%{tdd2)`fd^ap|Kq;P7EEw<a++bI|sC7g<zpK^9Mf{%@G
zmKDVZ2c^A<o0%n7(6F$?VMD~h&H{zaWeLg2A9rs~k4T!~@(cNZFWx?>Ymsod%CNDq
zIBB+Ed0porxLtL3b;iP^YpWY9Zn|7I5FR7BB_{n)!gp&D67G%$m*+%~dGq#xZOPp_
zl;`a7Jr(TXA~HUO%+1dil+`9UTP}AE>pL{mGdXYk7f*Y~3($klE4jwFfDhVobD;Tw
zaB3mQI?K2BR0-_B_jvYQ^{`4U>iB*)m)Yz<Oryb?>(Tqjr*!+!MaOH;<e`E-R9JTM
zV*FmWx@BSaCS9{daGX3+VcX|?1H0P!9Ixj2j;ZAfbnc1FZ6jBO-M$X!`E**kSdePW
zV6Vsu>o~Ng^J0!`*|9IL-=jZAv6I(%?I?vl6DyV$u|BNaXJ)QZG5^C@8k=@b<nog#
zEK{=0i_mPR@qV`kj}du#?&@ZYi|Up#<`(-ruFF!8_MS03#Fnd!!$02*#JL0U6jZiZ
zyqH>-#}H;&YNN_QVcsw+{>e>tvnLX7qwObYyyUD@FkVU>_0M*e$Ugki-`aNoQeK4}
z&2=-fC!0_(XcXwJW40ZsuMMe*3Nw(zq6zD1ZjLaTtV|6mwVOFXX0~)K>#MVEo2E(N
zEV(in<kg1729>tb3C=z#%z=zz&78!9-KCtRXL0&muM-pGjD#Bo-8e=zn~cT^_3^nG
z9M$OF57)rdv^+eZS|DZ{=$p=6sPDP1-#IDC+l{!F@*TTUpM=Va{TvlGD9xf8%<>EH
z<8rZ7b&$x|k2uWf9T&SJDXgsx1lXC5s@0k9j;wIyM@N<9)P!JR6MS9~wF4KG6FCm6
zsBag&u96<{u;N&grse2_g@s){iqi6#uv%-$9xlSfHf`>S-x{L3Mi}@e$}k3D&_4u5
z;(VSl9fZ{UkFM&83m`m%LfOgd0GOb8LN-l{pY8F)Qn_s&pFY=x&*^D2yI7^{`RRva
zn|f^g$qF*MmDx76_SV8U*+{o;xk}LWf<3HsMx3mqigj*xx{qoalg_l!01DHi#ZlS^
zT(rz$CpQZKi7X$)T++QEK|W=<Al%}$$H%Jf<ko`WdW!R-%|S@P2g9`&Gu{2f{bLME
za9^?cZh}WftfEftcs|DH;k53T(slk$LeSwfy;@Y$tZ!@B&fLC@e)msX_sjUi_}FkZ
z?j~A~X|s-(^Thth-C<HEs#6<;Pjm+ITtnL2sA<fL$9r}MC{m|2?R=9N9BS=7QKo+$
z&eu}qqZ$-Y+<wv4HL?3JmX)>G=sb3$jZQAQ?$i=EIk=KF%V50VACgKPTx&VUPb6Va
z{)5ywndP1t-L>J_x(?0NO*bf9JE|8Af%N`r>}stPnAR;nl52>X>{KEN4A?U7bH3k3
zoG<fMoL%3k3|*+f^yzx{4F|gZV57x0!d#U{{$)M63uBeNsgk#EO-LD}j`77}3g?D)
zVj7cB2y6s66&AeEdwf*YE#*5Mo!LR@@>^`5hrKH@kSH1jgFfwdr^RI-nrE|iM&+z~
zhceY!HTYBHii_Rdid3=b^i5>VF3Ep$5+7m!2L%05P)=`jW+`fP^^Ky0>?;^BcMFzD
z24|#o(;bd-8}_l6;Pb6*g=jp_b5ChpLUKVn-O~-PW@axM#$Z-IeX4Ndb^N%6jgPbg
z`^DOUS@v#9Zi?yCSj0v4ak@x{{n!rQF?|jjubQdVG7W>Gybi0dNb18$CU*UHtt16A
zbKF&2+&K1enx(3)jj4I26^@E*43?7^kGm9bKJRS$496-`1-ysJZ8H;(<047xio%k~
zBut2M!5`KXr*D1=7&4|s^u>_(0V2y3m&@GzQPOQG#p}}_iF{e~7yvheA^>%2S+`IA
z)U{@s-Ou-Mp_%3%f0xXq2?GwcZaU0oHr$abqTmyw=YH182myDQ{2qO;SXHoU3(a#s
zsbbEzr=uofa?L|Sl4Q-rld(o5uv^|QVJ5BaS5@Nepu;N`g-xGDl0_PZ;RyGh{gV??
z8ly9JNbz*7l_o_5u7XJTz&esbr;?8MSCI%Rg5E0c!;eKpMJL#F>F-D)1=FO{IknNW
z>zn~%0%eeLgt~s-Cv;|iOn*8M>RQr=_Tv$%qePh714U8MAmy7cBDe}Ic#60|L-XKM
zL)Se5gyN5#t1zV1I?ghY%1Kp5=OUbPwaarX+ISH3?5?}w3}5&$2a|b32eFWy(ayE#
z_*}mNR4o!A;=M}jpx}-uP4Bu(L)<-Qt;J9=6`ZM!YvVLP;0AUY*_?vmRrOXei^r2n
z+>kMP9ok-U<_|;Z*vVm*!tWB941+n1T9zio5xsjH4BLPAn$w`f$oprl!BCtV0PU!0
z9{RGw2WXTXZrl8-&DKFOrLKT<p4WnpqW#U|q9e{yb%u|TN&cf*0`ivxKQDPI>=G!H
zeHr#*vuP;4wn~nEZQb9<v2_`K=R18snZ3Ksrd^Qy<oWc`{i;UR3PhNRnlIg>h)*(i
ztNVkExz^US!L_KYP?Zp~<0jkRGgS=)O2YFv!nIJR4cwz-7}um<5PWkZIO&XTw|IU+
zJ>|SOYgdP$+T{p1NEhoC!^$#DPVc212Zu9ioqOZYrUt<4G?uvxQS?X4hb9O*Sbi}(
zh09vyyscI<l|gu}Ywx2fx*cZ5w$<b)^+b)lNq%=0fWjkP@l=PP2v3Mmg0fO<8sgvP
z=3W=}?6*}pP_mGv@@nZySV)?4E>0D8K#%o&KCO23;HbgjkjRge$}ZV3g)@1r>LyrB
zMZCFjYo5_%L_P|YZzvD=<vcg)$Mr2U*O_clOpKKjEw;?PK~J~3X&(mnc!RS?fO~S2
z9ujBOwY74VmN+b|tOd5;h|G~9J)Dm#Io)?FeQPh#d=r_D^3zUfNjE4=e7Ex6r$HeM
z^<fP+Y6ek5(EgB(&683*zDh_i)~Gb~tr1u4(_}i2bWVzO==v4k#oY`-gr=W93Lh;r
z1L!)GYFmEi{VeH#jm;})@Gby_PL(l`KU7H*2l_G4e3dr(Ud%31Q&(4ks+cnlG`xN>
zac3fE3M$UEdtQT?=5y_Y>cT73$IhY<^e*Svzt|VvBOs_`$=YGYxrCHBi5}|(1vIk%
z=oVNnIlxh#J~Ij{EUc(dv_}3K@=ES#^xLhj6X@u@YT>~A8Ay=xUFCyOWH=P;e@>ke
zeEL^Nuxktt&Wr3<{FbxvTMZ5oKGz+cL>bro=dC2G!fE;&?Xt4fSwGXg8}7bdsodW;
zrbVSTd8J&}#Unu|D$<Qd52r$=0{4A61BHrkW|%<^sG=nZ&X$EMzpU48s*JkD>!7u*
zA-Q<99}WxmPQsup%yiY!29uIxv+bG8<Rl<M;3p#&p?8{w6USF;i9wj+rd^Z^vdCfK
zc=6dolFfaBm*zeUL9$wv?kOxjs$4C1r!LCcG26|2V3Cx%MCU$UlRZ<=iDqoPV&bE)
z-PPU7IU2LiELn;q53RAiYO2wA11j{<)aqUm9%vtqst-R)gMrbh27FXZ4J`9^W4?pT
zwYUv#Sv+p;#gR#WFSc)DqlMU=0bgF;RtJ@k;nIl|x<bGxR|ZWsR6pB(**J$om*Q%V
zrG!Ly<`?IH0t?f;OU<h>avEF5g!KAnjgLe7m$sT*VOLL<Rd{Lfc8*V#=XvAt%RjQ|
z9*_Iu0pAm*W@^6yQPrWTj3nqlmOG!|q!Q`C;=8J|0Lh|9*QX*rPyh5MeR!t?Q{*&0
zve>R|5^BQfqyZskCb+ER1mX{<cmiu<q-GsY8tyiwrJwkRpih13GL-pGk>Bi$x-}N&
zlqt(JrW$XVjND{Cq)UWvvG6OYFH2B6<K+lz(v}6$sZK~@RaJ7(Y!-NOde+ASyaC6*
zCV`k8ZAdZ|bP&t#Ax^;z>$OQCEFxTSLl}{jl{LFc=0DFNMYM+Of(DzhNfTmA6T;Wk
z-AVo{nkJ_6RVm3gNIUz`kO<{(aFo<~B{-yZx#D6{Ira6Bq++Np_`BKckJWW92*adw
z^h8L}O0_;MD6fAz%mcUjLqZ7c0>0PcHrV$jW5y+PWwsK{l9DM-64JQ<5r?@hj)CF8
zVs1J*Qv>yo{e-T|zO9o~Hk^p!7HkkMvTiVpU`+9*ldd+JYXcK~(+_NruKWBX_)27D
z^UyOfx@2uDF*QcuEDGNFfFf^;tp8!sEAf(GNZ|VcnC!5ZNpQ-~-}#axBs-N`leGkB
zQw?1<L3k)3HVflT)^n!;s;}xVnTXYuGt>?vB4RA#LtcYC?@;do+Z^Ks4H}<2FvQ^+
z3cmrn4AbQkksv#Vv`WTsL&wI%OfYqP_e%tVpIQWD%Undf5**B$Pu6qc>e_HGehgCH
zYL0&(&JUB@j0=F!Q(j$t`<XuG;HX5lSND_qJHGw(xHq{2<f4>ZCKPo%655p+s7v;j
zwcv^t4T`DB2iC1_-j{U6-@m^4Ai)3~uk=2@_BrQ~ff)r-lZwWUobW}~kE0ySd0&D%
z?ly=Ix$x<$V2Mo!D6*ocTbNSxvxp<|C%qZM$bX0I4JdXOtpg!Ty<$47aK~;Jb&Igs
z8&odsSRaNK+gang@nzoX1~UC$Ts9!FG>^wco1JPb;kfi<!&p&-tE2K9lcy)Xxn6xL
z@o6n*kTPbT%*^A>@iY23Ujwh|7*k7Q2;;b7T+%@iSGv8%1~bB->)>X-qNi3hOH{DJ
z)9IG#1q;w+K$eHln6Y-XjJ;n?<rpx=#Rj0wAd~Sr*_5BjZa}OwDypmAo>;G;b6rmD
zo0xyTIL?uOPcm<lp+;SSFx7{S4l^~$HhLkR5M|I+qi;DcA1op}6@AgIcHEdjqr5*c
zQ`ho*FL}2ThQ`cH9e-5+1o5#QLQ2%k;glD2T;an365`vouTtNj-0j6!%7&t@WgnPc
z?CtjUVu`>>Z(AGAcAU0(D)W!cALbTD^8g;`Tx)l(GrMtng5KM?N*W^)_fW2z14m~d
zrP^khSDBlA!_bwS1L)^^*8IUOEipr48|_^VK;XC=D;+7UsIfwd<D$Ym=COYzFL^J|
zq10Y(6NM+0c|daZ1VYi!)hHgq_DN;p^doyOof%cDG%Bj84PV9fi7w`-#q%SY(R*eU
zqeWeCY53DJc34SwbLDzytK=P(KsbXzH)UqRQDZO}Yl-H*+ydGFA;hMjw{Zd~O#)qZ
zov7QR<=n3}JvC9}m=9@;Djcgj5AM|Zl*n<x6w+gf89rI`>UC>B6`74oSl<1(ggEXw
zen<3srp~4Alv%hcShBrDT%$XZPjIG&hA{K|7-tQp+OEUhnVXAJCiYi+cDGtO3u}Bj
zyRCBTn4&(}BDqVaIw;j{-x{|pl9HGyMVKR?s4$*7L7pebF>b@$E&hj(Bl*dhp^iHf
zn`4V%@fORlBr^GI{u}7Noljwy!W*Q$?Bx-MHd-x_R8$CaAFiF7Z4BA!ka60FX38h2
z6R9z%%*2GuvcqID<9rKQ5BK~S5eggP1uZ}++{mt-m0Z(tsCsh33k@FA2tk8n5<R@m
zr!l}yQdVq2)z?83IH}(=%dF<=bwYS2+d}XQ{l-iODAy;xSJ`^o%hyY7nutIKnSMCk
zIWv+p<!;mqp_l;N!SH4eO;P(Ze$sGMyL1_CAW#`B-*>EzuOZ*(NEPhibT~dU^x`z{
zA8lA|Adbh*)w<u>r?-Oa`j<u{xnh}p!T*nkG(^x>dLN9Vh{mr-5jazyW7H9JqMlnU
zC|q{FC~q@7Z6DmLM^AQ@sm@|iK44txC7eHuUVLw`8Si^vi?2z?ZBdCrFRq3lE=?O$
zSOiMPWg(*EAXI61RgGtz-vcAbBQhGgk<nYG$=7tmZNU{Wc!1ezt??Zvkd}ob{TZz}
zSI2IO5#)mvKuKF_MP->%t*x%y?ezXjg=$vK!JKsCE}PF?9kb|iI#1+~euX+oBkFs+
zxRN2<k^;g)!Lda6X_sA*9LCeAqyiZC+un?#5eKf>#e=ftM?u|6>wH;EVT=r(0Figt
zCG2YSsWabyk@gvdr=^6K=^2OqIGB$!0K~<30yw#?8~5ffN@vmQ{7rP8#5n53@5>UV
zy$&T-Hg`R*9fx*#wQaXZKwBOrzviRQYlt$rJGBL4>`F1`YcX8iK!G{$4VtVDev$5L
zL#DAf9f))s2_1Wb<9Hv9X?ZSJ-qRdadOq;9>n-#lXiP~tZ}Hcl=aeD3;yphOx>Z`l
z(mhRmV6o=7Jq5>KtnKU0Xt`|iLmK-SlK&csMyfGBdV1t5prB9j_PCBWx3XFQB_8=a
zIOQuhoTYL;Kb%|ky&x+1FXDUlBh@+L5<d!-(=SVNQDa*jh479*lm|{BxL@s;P7Fmx
zbvbJ2a1MU_Az|c1dr=oqdrZ@tnDS9lRSHX_GhX^)I{^K4dIdQ9v4Ji1b9R-&L~d<l
zcJ=xfT9(?{@q%~Gjv<k9+qyUUJdYmVEfAt3=XOFI)|8lHIu(Y1qKTWN5Yw6*DIMvR
z_>v;p=B9+Ho?|bizVB}WbP2H-?wSK{(qRO<S16(+;zYF?AXi`eZ3Xh1AQ+}D=_Erh
zzOeN~IOyIiT4azI{_jOf8X7G$1~|P9Atgru>&HDf7Z_~(QQZ?69X&4<d;!>qcMO2o
z2s5uukrF{pIt%h}-M*94r{{SZi}6wdALbw_Yjp*_!z#KXDbtJDQ~NnFbSZ|CNT8|}
zIe^Yo*!7-o0nG#}RKsPlv}2ON$ar(4-~nPX(w}tvnRwmYZL#eLQYU>t(q=30NEKpu
z|8#M{0@fGcp%w3Pv$9;)0dC%VCOT1CC<rA=OG`hPBW77~w_wY#J46_bD!?^*h@(tX
zBh!b#r?Ve~)QgYhMPRE@Y^vE7GqT^T0%y1uq%6m3QjPwtf(1UVl5BpO9eR-2yId4>
zc^i7(1|6dkBJ&s%G0k~B1k`%D2<<&2-_dF;rg+I&WW4nlQh4#&NCh3<Ag+Nvm0>pI
z-@VDxdarQ*gp*iKGf}y~Y2~HE;mp=j*0J-m1|WXnl$)Au>W{rF+&?y_zV_^^#*$#B
zIW8m(L!U9cPAIP1j7S@WC{HjxB5%R}{$EO65Pkq|1*Lx!4uS!gM6+ybTR$W;y}?Ws
z8M-RZ`B`_hrBy|;D$3bma{tiJ*>RELb>)4RvEy{_an5ZbHL=SJLAFXH>d#)Uesr%D
znCRTjxIco&$wv@dJd%|cNHM~*&^Wx$eD{@Z+Or=BZ}x?;E&C)*yNl_#B2d=!<1B^+
zX~r~KCeIj_D5So-3;n*Nsnb?AKyLA}m{J2hL7Pyug-$&7FF$tdt&!di^E%-yx?gfs
zO4@+0-#>15beb<u;u94$>`zH5Ion}+tmR&Fp?RGQ;g8I;XNC@f20hsQrLYH+Qf0$b
zEsYZ6Y@MWeDf(-mGdw#qmZTVBYZN*n>EXfElCdyvt?w_-9e<6jo#~;Y+H5t}IUL=J
z+9=aGG1iu|U+gUSU{3b|q$dukWoQQTR}l2F)6r6}22J)f0);J2r%;ER(fORxADO-#
zHLf!{)f>2A@mwu5PC1bY^g;WazCoj^XnG7rQJ4#&!i`~wPQN>hD0%=5HoBE*{!RdS
ztJbn<+o7j<bdkhg4kDtD?H_Blv+@jH8aq5%J@{UcUpJW^CRWI(W+*0Vo2w6lEPuj-
z{RMS{!Fb$Ui9oqYy<S;rQab4J@Yk%l@3g)1?cIQHzp8{3<f5}iI^6Ni$usMSypBUx
zPPr;;&8S}n2f}O90eYgcZEH@+G>w|#RPXyO6!Q(Fm>86-_MO80p`WR~b`x_;pX-`W
zpbm>`!9hxablyO>#E?AMlqF$=c}Z+GtDN%YyS^(!Hqp6BA%D3r^r7Rpc?$g*U5zY%
z+ztm(3Je-#X`{;4&r6EAo~5q)#>zSZO%Vq2!6eAyr8+gK8k!mt6&vx0kHjKdh3j4(
z*OeVZDmC<cWK~?UIE@!Q4z?brtW>nK7ES2GksA5G!jjNkdZDtBL?VSB2=V8IxoZtP
zDx}?D57~|1HAYv!NC~jg>D)xXHBoGa6Mf`BM^0pa7UPM@ktO0r&HS1g`{|nqkn<D0
zqc>Zen?&f~C<>GDPNFrgwCU2eOYm~za0ap$-OR~prDJ1blU~p6OBj1kVjg7)iQpIz
zimMwZ{a_OIOIVMf6S-Bx-YK5Mr!LEhwOv!;<>8yCe%@s1Q<!{A#K=Sj8^vibh2tdA
z9%;Q)-3B5PddKozyK-%9eNqD{GY+BDtfXVMnH+*1HanTEj|ft$e#OFkeLJj*IZcp5
z#4cD37TN;8c6bL==Ykj(z(JBrvi@MVag;j`B*9lIWR-`TA9Hi7t@g>B3IU^l<;9kb
z!1K1rN%hyJwYM3$f9G{&!saaPF$6MQuf``b+3EZWgeLl9EODZV`0GIS_1<IZ7{I9$
zjK|TKNdj-~S-BbL2EM};X*eh#Z*RBRa(NO(?gGz1{})6CK7=nF(1uk66&DOBEUk0(
zM@{zdX02c8TeP!ZsuU{6Vt0F?%ky6!a1yK{_+0t;)abOVttsxF!5bH?qgm9AcMLyF
zyGtK?UZ<K}WJ}792eCqwpARRAv1y&sI$0qHS$U*()XkD3n};AtJ~8@if(|e48xmN<
z+vEBKogBCQd{mG0y3Y94M{FHr`~y8!f&5i!0~pOU1bh6F4``<S94$EW7$G=2o8SIj
z-4Q;h`N4FF>dx`$<6WmT#&`)ORJH9by8Bw^wU|IxTK~IrpF>o}Q2pv8aV-pU4#0n)
z<YfGoH7hSQW}`+?n*e2?O{$CLiq)xVFKYwZR^R_LpuaZgd2Kx8l`-9W?bh^C6@ngK
zuPZSa=juA`=g7t!o2ivw*&O^B!y0~xSHLdhV!zYTaj;|}rK-c2LdWG3$Z7OJb(fn-
z?SS3M6VK|4-Ap@L3Rirhrwxx!9g0jaKX4tmB`XXB_S(8;Q#96K3}czwt-aUzDOiJU
zl8^2BK7H6iKIVH^g+5>so^QL?yYwM_6QM+H!ocYO?--GQ-|lD>o3s7a7@HV8n0ML!
zYr-KXrO3oIDffE$aFsul*TcB<g#AWAb55-uVVmP|gRo=$I_Bc-llbX(X|j$sQbqgS
zD+lrdCZD@ys=F_nbREiB46~HXCXVQ(GwL$bw=LP-mVB1;hO9VR-nZ8~Ma5-|sk`pi
zRl~fw4G!DRX}w29=;;%aQ)5N({Rd?+cLemS&@P8FWm*N*jXg5FON}OpD5XH($(Rn>
zvbs>N4KEt}edzZRCfBJveZKu_6`lutP6&-?XDR}CWt-8#G2wI+BBKEnmiG3cC>pyC
zB81^EMr1PSMRekrT|A90dzMqBFg1n)W1<GwBFNHj8l6iGT?jm03k*f;sputZ)wyiO
zfChouLQmIDpz$GiF)|pVy@U4n>gYF}!USLdv>o<F7CE($O|b%S+r6QJK;z<xY<?m6
z=VS8?gqiQVBdfUauPRgKWzZ4k$cf)H7^hBmT}439S8X*`)zCkRNpIQ)&=kd0rw1@7
zJGWyZOG=~*1{KXZmFjFdTm}K!j@%slN@NU7&wE%c5@FR}#g92TJvrKkCK-`9(Htxn
z&<MktSfM!0;7u3iDxNMmsT?nnGh2w15$(oowD%6Bt$_V2z$q6EWsOT^0bq`q?yN;{
zuMF(}Qv2bXgN620ZbVx(+53&%yXtb$NK&C=0`%~YvGqf}9+{RtA*a=If4K#?jJ)(X
zO(x-P6^Q>Czp=sx04b=x7(}kyo-k4i8K_DMLNY`-m{xE6W-ltU`iXty-j)0~&DRh|
z7KPo5Ulld_81)!id$99>aTjx29`)?6P!A@_Hr+hZqyvhXXW|0Qi}uG3Dx-mYrZ=Yx
z#C5hkog~=4Kjf42@tfr_9$DcFtZzr_CRgt>=&}=+Id?tRN?Z4#F@~~^wV5R+ACIrm
zM_Tx_a#EZ?P1m)@V-v7$)s{{SJa-54GUsLtvE%QwwN9LTRav-7LI`BYVH*;YQDg-f
z6)EZ26f;!l6!5(p#@rXir5pvd2VHEo7RtRJw3FM3C~ik?R#0t50<G>HV_D~0_)Zli
z)<*JT!Yw)h4er_aOM^p;XU1{R$9bh``f{JItNJH*AEAqPJAJ&js-LfnE>A6dp0GN*
zghrbyB|z)GEqmj1RuKsLSDBcdxCf`tjWPk&3yKP#`JM-tIVX4b9E!5_E2Pz7z%=Zh
z>MJ$haKXGzD=YChxH5daULQh+_Ew{&ic3$oK-4FF*r`Ip%a+I&*4rcDQO#AUS4tpq
z=TEie*YwRd`gcp$&E<%Vi{1~X-4}Bf<<2QKU)gPpjH~Jig<%PDT7ilhP1oGKmHOdL
zjmb6LlUj4r{6i!og)d}Ke`rWZZeEv&M(xCz_XK|LCP#hnqT7ZaIGfpNPKvZF+5%9p
z`s&~}QU2dko-Y#}Q}^xSs!uv7=$JxH4?5WPIM+BnWCwSUaM)inNUr40JDBY611DM)
zrGr%d&!1m5%Sa$nt1sH_n8V(2OyCB+nh=L4ic~E4A1(m!MFp3pY7*wY11o(~8n*jj
z4_F6m+dRoKG*f$E(H47v{c^4X*Tzb2>15o9emlky&9qr;m2m9E_^Zde(GyAyin)W=
z%1G%n%W~wQvTtYObEj^m&v}n4gVAkS*w`qM6TFP=$Wu5MiFS(gKPN8W!%|c0ml{c;
z7yhcbGTKlJ(=u9aJ_h1$pk4zM%vvIPwc8RJZ)uN!9vgybOxJV<KB<RXni-L2Tqv%+
z;P_wQNJyPO!MEKzlsu=YgYozgIW408zP>mlP@r&}*ndHzJW0NKK}Aj+uxhR-$0bS&
zXWLVF$uWkEkkYY+z9s9{?C8SP_np3c>pP7~^YD?EB+Y#9<1R>--39ITk%uowpiDDH
zzWOXkS36gT=kP$OMlZ~uEi4X;!}C*T1$$0eW=PrX?YMoPNRmGNk^<IEw|~~E<MVKH
zJ_28QU5t+BBfMAdK2pTAjx(qBg;iK=kL2@RIPaZ#O^vk)*BYy%M4OyOixJ{ue8&oh
zq{hI+*qn%_OB`pvF;7O@kcb%$m26BoJh&vyxsn+F2*b9gpYQq6hn2(qTS(*iB1NFR
z%h2O#vxVvJUu{a7%R<vjW<NSu-*DTVoY4D-K@oG60}iu@Zz7w8STgg}{ZO~$&Sc$o
z#!krLR&KX<Njj9h3UAEOlBx{X6^>Gww&b*$0RC*kFP^bYM3sq=QXKd3G{@;djPZfq
zglK7>ZKreJ&o|_krnO_`_fIFXbD(h*)4e?hIEeBgm)yEe?Xfp50?e$nP9wToR)-rG
zP9ol%gFVu@k2SOx*TP(!?*|r<A{5$+>oO$Od(lsG*&R!lRmHKdR7Ur-(W(n4>Uamb
zD#s_{P%|MlIheEA)j95V7Gd9IU~;p^j=e?9J9`7Y)B1Y8W`n{f$-hTmFK!^dr-$N+
zULd5(F{v|;4BfRNNnk8Vu}hu`o+f-7XHp$NBKR@UeACTFGIm4`x|Nhwg@~wp9J){7
zq)@)h&23N*fQw}XJXX;)+Fn%THvL4!?H)P~`%FNuCWi$4{csS<8{=BFNR?7aRDVky
zfowR;mw}TC&9wJi9n$Z9X0<QL(XHx7J&?#w!`84|lQPZe)|6up+;$4&WFE3GxCho=
z{oHFk(1~OfBaPIqI5eW_f%sj6EKwjzMF>o@hK#?ClS*yzc{&WZT1{r}aj$>)_WHf%
zwXlK5T-vV$D8FKL_8kiG`kC);*_L!x^PqsMM9wE41lU`O$Apu(HDj_e<F1MLmz-9L
zd{9M8<#E{;pxi0)IW>Db&&y|HChc;!06Z{V&|`|i;Gm>b?M}agRA6*~R~yj*iw)KK
zN2?w&H?$e!p!(m;KFW^0Mt8HCwcP({rTez~zv$It3O^7B!NHwT{(+qu`9!u#x<e$9
zo+L9lF>Bi&DfQuT%LS0xiA(^{Q(<gUBW1_?H}o9TBG*e-xXxvjo?jT?z&bY_R?HNg
zXQyLkdL2-9cc6o<?g^~yPn{I542Joq*+JuP_>QrBr=1crK4YZw2(xU9IqDw-HQs9s
zD7pVk_I7^`TSRZ!o;n`62tjXtlwTpm|FF;g!RRvc?HzuY3%YH+%)KEQs_b?no5N9O
zw{`Z!2IQW1shZZ3;X_x=T8Wj-RCM)fiB5yD6j5MfdPiaCc(NCY?>0DKe^>XwaGT~a
zLi^!2)X5i8c(C_odh0&E4=4=?os}j%B&pdAW38ygLl{2bW0%SdY1T(>J*^w0yes2<
zsSdT}L2|Jz+ZV(6k*s~iNcV{pY8@Hh{om;%T-JO+=DyBF<%o+_kitt1>6@S03>Qg2
zv+}1Tft!^y7Sig%l3GRFhQbQR&Nw|Ktyv)-ot+!O7OzagH|slPVPx`pDxr_0ROJAp
zJk65Gap}zLu7+;vCpa+4J3W>l@r6n=VqA{38HWB?-cYV-7<3sDQc{;&4?p>V+yD}k
zBdf!`ScHhHLu|f0?0`?P`BM4yH?H>wGEu^xO0>VGhM0y25EBuptvDrfZi*FrNoXw&
z3}CWQNpq}ZzG|zdw>DZ^BPryA18*$SMe;__oXvL(aYm-&YpfWdqsngO);S2aJNGRh
z$xnPl+^VU%@^Ek72dWS$0_e&T?1J|b3llm1Zt>2U*oWsFoL53C@ohtXw@?8^oOXh!
zzC~5ceresmbBj}#WmD9CZ&8F$$6W|Q7Q}={ev3Sd0>EZ5>{2D2n-+wPp18HWQ~#p_
z(m}Vaz;VKL+ZkcrH83k-N~+(Q3t$|uRK{a3&G_&{yT_v1vlL6dQF?5%*fh9nE;SDm
zInq(!NM~lgnIMG$AHc3+{>S9*L)6!)>m484Lm%P;cOfKK7G??oV;HcpES7Yg&ZAW*
z3}Tf+Ij53r{N$yQ=Clw>jC4C3Lhr}lgdePM!Rfb)(s4i1+uine@^pDEXl+`~SJL=?
zRs;x6ngQ-wLlDQs+E0?F9Z&zO1eH0AeMirW9R|?#==6k}sy`(U<q7EF0n4$Iv`Sfb
zY2zfk+=bA3mpR&6CW+G6eq!P;P=G<tm9~-Na7Q_N-`F9C%l?P~XDfotaLZkY^y9r6
zf!gwnzQfQHf8w>u#nzuV>T&a$Etb7BUUh1Ww#9wO+jVLkddAM0n`>B{u?)?`%A*QM
z#+qFAv54*lac_%O%~*Vj62^H7H`@f^0+FE&maO{qGt0G1Xk_S$lg?*8k6#X$!WJTp
zX%6fIdxPZdC3D*Lt~)#G8-LD;Sh4%|2FW^a9dD{M)lbnX_BWlfIR3hEo*FAPcK;t|
zZvhnN(sc_*Ah=s_cMI+wg1dWgcN=6NxJ!`W?(PtrpuvN?yA#~`A9Bun>yvxVt@^7{
zMP?{qx}Wadz1LoAZEyN5q{xC_tDh~5fEG~d!Se~c2a*=MewUH>$fMY4La~AQzr?hP
zcXP^?+C6gl(-@MNee=V`a~5kqN=8OZ7EE1D)OqY8oj5ZtR#8vBh59ih;w2<4A(5BW
zMK_9O|9ieM$D@Hyt%;Oyk5W2W`t7^aht{mDtn?l<8M>dJg^+>{Vn0|?AIch_gCa6G
zHDEf)PC|{PQrX#P+M}6k=wt(dXpYzlx-f$RI4@lE6^wX>1$DzI(<LINBsghm^~fL;
zxBXQWH7x+4DP>z%Cgv3VJgdU21Yq7R7cMr^iL3#rXt9ND<&mo8>ibULNzY-acqqkm
zI7Tc@kFGB~8%_#?W#1v<eS`^t8F)Pk0yFYd94)pDgNhfxauB*_L+^QPe2YCUi?<F*
zT$ob}s)XEnhq)f<T;^d_%k6klFX(Bwlk*+EtJ`nJkO3qF^thckuq0usP(V&!;RF<7
zoPvgV2pAKmXT4^2mNVuV1uKC{f<zl#DDe-HaWC6UIvZ1cyh+GSmk_uUDK8Tm{GE12
z41h5nL8<s*Kcyg=sxgB4%Cy)uYupE?7S5(4Pb2LTI~^6fgDx+DBQAO?ZO(*}g7w>v
zf2no?3~S`wHx-?4{LPeWW&uJBSfDkWBBJhL>mjsmVUHBi_`6q0Sx$c}lC~H?!s3Q$
zaoX*<x+1;U0CMnRoUqd&uaIHz?xz6**AEh(#s+fmvh9^^DA?-o@(G_VB<>A#2%1Tx
z_auB06hLRcTU79#exEbkAB>3BbW4xSJE^5^6%qh7X;<kh>n5$`q>?0#^Q9E7>z}Ox
z*$*fhWcnNxH~nZ=T{Q#;brh69GNQ4tTuN--rP1n8*323ynqoRiFzQ>YkB(_#PyGG4
z%6q(beS}c-`F@>|nw8AI-u|ZBgV3$6xwve``#y~D*Ly@u8uOWDKN{ZL%WQp0Y9>`K
z|NbIMJ<kkGx&}{Bydi)hAcJ7&5smv~DZy)t#^z~MJj5}_e1?e*o9=gE^qb-Y*^s)=
z3zZoI7AfY_!9sCK=py>WLdsL1#OXM^?905gwC3ChqNkIq8dxfRgI9dqwjA-3T&}@m
zV2Ao)8L7-Lik)$6Q7$?LI2CZ~agv;wZTyC77ML$V*Bx8OZ7cq&AdSHLchAnnVa-U-
zWF%}PHcz^u5|lG7zrFJGTq6ppn8FD1U=#Y9x_Q5@#YUxHuM=zoPxJyC?8~Exj3ll7
z{G=v3Q{yuB^)6iay}g-)9AT-pGba7b{H%7v{m4hwUSEKu$#Cj0<umwG>uMPN1=0g<
zOaVD=x(@0SS6A$86-RxAQJ2Zlh8ry|(_V6;u1kz!3wACwgGL->rH57}gTH)j+el#Y
z_AJgmu9B}~QBxMx8WCdHF05BJPENAou(+f)QMi#+<mBQvgwLdMLGMQ=_O_HC9v~+I
ztetS~!~4U?&r$<T$$E{h!^vI3E3feeYLb?kF<thSxAyMh_(P)QVxT`YqejRk^U4I&
zu?6nLJN&sFT?iF~htmxJSsZp>Hsty3lKBB@!MQ%%za;Q_5N~u=$q{v9khAT(xpYSl
zcL?;c$|iGV*Xa#=DtMiPV0}zZRxdY7Mzd;U>pVZ-{>=o7=$UNeq<B2+g)1da4bP5m
zwrNT<k)@WuJru?64W+=`8n4&6k4Kiya1~8lFYY+_o1a)%;$qI@qx0?9w1He=a0Y#X
z)Z1+#&!OCiS!!srlpZL_MeYOqFxNh#mHg(dG?<o_q?6^L#%7!CM*cbGndjT9nTwSu
zo@UQY1bpfC_UoVluwbvPHtop#l?j3b?#O<;Wp7-3`VgWKHBgZ-h008+;7tKKIIe&H
zjS@8Lxfj70E^0nhh<A6igoz@h#-PU@a6^<Ns<rM(aqN3FN^swTmClw_e*cuTe=*>^
zFeh=?K1~PQleWR9zIEY;c!mi?5?qvcYLh-t0#`>ho*={*oy}1gP<Y35H5WumPm?NQ
zTDu_Tu`4sCWVkm%2bIma{(N#s=-a4{-St(fF03w!Ab1$Mj1HAxLWxU9mPxsGwK>`6
z3UC@W&rxaiPHFIYYW!@O0RDx=*#6+*G^L`p*Jaa?0luOhPUC4<@a%=3*WWr_Q@v!G
z0}W4rkLV^<zSr#G)zi|@418LRj~`y+5YtHaTlcD2@ezsi6rVY!7#9HG@F>v{MxE+t
zGSAc;^dI^Q-3UEY5Ox&VOy69^R_p#EOn$&TaajS%9XY*=&MVA0|9J|{uv&Y6PKEb7
zTY%y8?yszoV+Rsn6xS?dOl~RWmlFZ^;3(v_`~)yY?qrqZl(~=lA?tYy`OP#Xr!w#A
zHlh#68FC*c%~_}^*i}RN$ykf*@el6$Qkf&W?WH@vFlchFWSv@lfHNn9PtT13d#Ee}
zjPfEwF&m|2*p^&_KOmMxG^N*fn%Qw<?P1&0jFh?7gH@l$CfFb?xfxTkb}=&e+}!aP
zRLsXT^wR|nGE3?7jk-FvTK6r7l)*oH<9O(AYA^Yr=1qi$u(1wQ{l6s*QC}Fnu#ROy
z0bq;iV~z_vKugQEJn?Lr0Jo%zqG45ngkxHNl6cs`KK_2z5m}?_FtfBR;1E!kw)J*U
z{7%wYn&R!mjvyV`Fl~um7Eb?O`1<+b9=-FK`5vHI-%XKLIKxg+c1Bn-2&6^Y-Ndrt
zx=awJdx%YKg?<34cr&R*B)rY?Q*5?t+{yP*QDxvs9!0P1T!mW0QK373NUN*8OH(f)
zg|BP16{Ru9pw)`21U`QDmreBcIJ5?DYQqNqII_P@#&wVf4dlkM(wgKL+Z&##x8y|)
z=_vl~tXT8zF=Hin+^=5v>+=S{AFAEj$O&Khu9{kR^a5w4PSMUdx$l<K7Djh5OPb|~
zJ)a?#Eq|BNQ`CZ408t0g#a}!X4DN0<v?<=-^&v5&imo)9edG4L&-o)%*p;$4uu9YE
zztnZfUWOcGpNM5_wN)AcA*1krdAjS%ke7BMV`FO=M{pGo30jCOeA#2=t#`17@vniq
z<7IuucyyLXQT78->*<3d%|#qSoG$nK3=}aA>EZ0aF8qr_HLaqwu5+B&f;SbF(Vqe2
z-!n7}I<K99HjmA?oXh%g+k?fdw-BDY^YQzJ?YY^#ke2HQ;Dg^cZm3{oJbU6ln%bKZ
z=T<$tdrua6Ci8=v_zzvQv|A!D8Fd$}`3(b04~glD2TW&Z&mnZ@L&Sw+LoCC<%z@l2
z+@OHUpZ42Dn0;6<!*nAYY(d3kJ)()u1JoNTAPMj|l|KwplzgPz`ZfviYjXdT)*BJw
zEeR@dm?VmF{$|%Bc@-|Sv0WFVg|v>r-SujqRUnQ24)Z;kbMWcM&P$0KdP8QVA)`{Y
z6R4(+!3np$qs8D&H(K9M_zu>?#TfhGq7#4|JWKUPEG_(eUgMsRZzYd0N4+Kf>sNCG
z9jZ|n!<a@ofE|^>US4qK2Nj;sym+nrlCJ3A;=w8?0%{Ayx`zJzv|1;aJoQ{q0wM3u
zM@>^l9YjD~6OR@TeSlaqtJEwdlftAFkP){N6}%lDY4o<UbJl!PHP~A3x0wq{xSY5=
z@g;j{jXxR24*Tt+c+8(WnPIyQhSeT(`KIektJMCL6IgO?k44V-2f&&IYt<Pfb*;#B
zt0-!Bl5xRG9MY@V4wgjzMxsA;xO$qrt^611%_-yG>WMKEz)+xR!D>!da&R`nVsGD?
zm5wJuHbwViY+poWU@suGl%NdX+7dbN3B@TcvsCOX2)`hM-9e%_!#X?rDhhyOBz+_V
z)B}Vh&C1S&>HLPoQ=bq~k~*_1nR2T4Ce20Bu~G8N+XvUH)SfJFXGY4Qm4K37&qvW;
zE9o~O`+6)v!P-q0xKopC;|_>QjU~Ch?+~Oj1)jIxZ4r=d+`++hv}xDsUWz>bGRW$(
zKDu~ZAebp=T}~!9ahOK=-$z^c`P9<w@lopi+aR*xjp*DMnv#RvbKB{0pdLM`nZjpX
zi>iR#XRS@EQ+Kq76I0(*taiNxi)pGeLP9SA<p%byu|lKQ(vj|R9Ctg~{smy&7HN1J
z&S$?eo@6ZDq<fuCtXEXrHW&TmT4WFE59@S~Ez<Tb$&(1(_XX1Yji)7L58rp$whfTf
zxT;&_$Np~P@sLgPesbe(o`09^H&ZvW(tXXGstevS4kDDdesy{JL#F^CM_=Nrvi7o|
zZTY+<>E`d33r^S|W%VpIeWc4w?f8b?iHjQqmMo5}fPi=QKzm7c<g#8>>^B<$K@p`5
z^YK$wZqo<((6#HhQlFHJ=Tw((3$PyAHib~kSN_0$=yqNe#KxyvsOXj^5yu`fK)L-@
zE@FWVsmsi3sG$+&>|8fFzL?$FLP0@ZWM?Nf$0yhQIR?1LabXHcQZ&O##OMXO9?!}m
zAUKn)hj(`y;iRXObmKb!sMaN&YAv)PfD@2q$S%RO7$K%{@4#Q)hx<>>H=9PGj!aGC
zDf%*FpVPTSe{K6Yt4gPreOGu8)FBni*~k_fVs8U5K!M6G$%DkkX;usl&c69fB))}A
zaF~vXDq=-gc&y(x-$u)E@nd@G$v81g4oxSnL^Y=9d!@c(v9Dhh;^F`eI*9(@mQGe<
zJ$%RFOnH?&(tw%qV=lSGNA0ba$f&Ad8Yb!_Nan7%?^4r=!QjJyIK_OkA$6R%Zw$?~
z`j48$rBrJ7)YNay4?%-9Exx1Ho0i99_-A8ZMdBt6KdlTGc5zauL1-Osb8rKlWNUqv
zng_yFI2W&hjcD8zxO3)Bs@y6TSzAN8!0$3pl8^ZGEM<R#`ZYTkg}m-ufK#)|D#V?=
z1dY-Q^pY<%F(QM^QUBS?Lhv&RKm^4SW=-B*RpDd~J8s%Sl?;!v{~r1=b!u_`6O27m
z8eWT&4^KHyhDptP>BW%4i6_4)r_7eX00Yt~@*Fc!S$OHt9KFX)MVxPjw_$GgXLst|
zoPcg=MOBRe01*JtJy+MGkBqATKX4?O?VFe9aHE4{-nBa284{0a_Cf_;lx&7uXw%as
z+{u_PhL-H+m5t%I#C{D%fZoGZ+_%KNh#w11IsWDf^m{UC^WfR}1TRsbx9Gr>hag=`
zn9hB?8kNw)GgvCjxS_dMYz;6qSm#w*du1gHyTfaZHi~5L_2|^4yxq29Wp^_E!b5~F
z5r&;EN1v@6m*%)}*?9d3+OEYU$rM$+g1tO5tZzQ1NXp`+_8R=+vH32DZ@r)(dCh;9
zEK`4+uGFvys*`yVL<h~i+THNmEPU-Wirq!cPUru(*sc=At#N`6Wjj@eGm!#GChJA(
zI@_Y-RM@kAx^2P7xa`gzAuhGceBX{~mDN77Fl(H?+y+uybxssv)r1&dz7q1sLZgtO
zfZ5xl3K1+hvcnY>6<hE(n{=yj>^3JK#c9&WNGJ==+dnvn4;G1xc-b^4@xdG)6US9h
zeMT`c33eyrgFo%;$*z*$9;PL3rea2S_x4Q06;a~Pu~&6S`%`l#QJaiA<23jHHXeH|
ztcEr}1q_ha<ULz9OuMTL#WV_)Z7|%icbwIZt~Whr98EiOsp%r6$Ab_XdKT)b#CU_S
z(o!#gg+J9_V+<(14vVq&DqUcPzlY$zqNU{tl90hplr-$q==`LnrZV1CS7N>YYYl&E
z^UfL1VoC^~9TFZ2*tujS9N-xlK<idMXyv13R_KqLR@VKUet38QMyA_ki5!3c%3Y0g
zUmLrkF>5XJq4GBbu8>B?G-$WdGlBt~?^xOou78xooO%Oi%~nYYp0YY?{e8Q_Ro87M
z<ri#3U0<<o^agEbMB_Zl5^r$%*C`J62@im@57aEF0k-5;rSk@#_gI2;{RV8%_*_k&
z(tPGeSX^XDgb4at$I;h!*HB@*s^wby(MITHyRfJmIeYt3as^d6K{Uik{ES*C0d%Hn
zRi=9Plb~c1*`b1Fo7RtM_kU>3D|HC>6j)7YAPMyby+tP!I17ikjl?*OABeh00_S>|
zEus@$?GGq<NRo=3^-vk093^o+6gWPo>-c@Yb5xgC9)}-q#Ebe;E(S7=GjG0|(NLFU
zFA#!?7K**>Cwf>dC4C0255)BH=y|SOHC{L_IRlGjT}w=J4SP1X<%uBfmElB3REE<)
z!c<YWmTj`yB3VGNgSTwQg|L0=GJR-IM#$LixRG<`&~UyK%SIND+jp@Y6t;VLjj6uC
zdYoH8F>bsgQ$W3OPL;fL5?<7lpWdcf>!a)4?pRn)f_QYJrAtau33S_`ef%BZ8X=li
zUXxPJ88*Ua7&CA`H&e3L=<Q{qG&1*Nh2R;6oU&Je2TrM?*^z;*iYJ4~`7*V5fn_w2
zjYx!b{?)0E-(nn96L=aK76DOFR`;ZQN$d!}ehsJjz(n2bgAOx;7?<nc5@;!&60IiM
z={<L0<@aFQPyFDNr6$yDx)EmXi6@bWi|KKL7diuYz_gxQI~!WM?e5HR;*JfFdPOkc
z<ls5iY9%NykB<v4aOP^7sMb3uqi~SgD^<y@;SGF<6{+g!>7i~YS4BinbKC_?b_dLM
zE7w#TFo85|hIkYWaGSFX3;r2il$V#Zq;oa?G>*Dq9&dXWt~A9(|FgQk1F9Uzm!yw_
zc~Q&P4qYfEg5Jh@g{V^y6Dz<hs50nTAS_YbIwdl}NHv;VN^(sZj|;!*2Y?OUE$Imr
zpEf{K&qHzl)U4IULjmv@lSE905bV>?*0MRp%x5&QD~9^5wb;+`!m|`^t%QaQ65aGt
zAJXcZuUgYimO>JJ{X{^mCe%B8_G>KpfMpw^W77mZN*u#UM2FOVw5dNdjWJ(96>T~h
zOu%eMmYnO!a$a}le(n+yeQsRK;5WMLY1M_D)=3`gJ336Nfa24Lu(_lm44)WQ7Mo5o
zNfXnW<LSx*Fb84}AQI;Xu7BIyCRP*i59^r}qk_P#)kc2Q%6YXDNp8BJYX0I!Qe4l;
zHvsA1Fn5vX?X-!&;8kl-($Y#9X1jm;f{1$=>GHR?2Nr&4qgA7;J0bYvQS?7tasKo2
zAr1h<yU$#!1f_wbZtTY(r%yMG+1V_LWQT%tp^s|$${1h-K6J9*hDc0_D4MW*5yTKS
zoX(sKu-*2kyo0fJDr6R}HFTPr=ytbyiZ;4s{MGSPBroY?CyG9QG)eF+qC9T@7Fffg
zWDQ2s@z|MYdSCzeMNn?oRV^?*^}Q4eMR<1fFJzjE(!7X;tEB4b+@o}D5md#hV92i|
zRF*d8IZNbQwblvezjy^2@3gtkC#&{1_H5HVyC`^bzACvM3?()cT=CFgE+`{FG2-HZ
zU5H330M`Us%8K4DF|)r-6OJdB)+xEzc|x`~^AxPQUu`X30+tC;-8#KL`a}a2yi}R<
zx<4v*t+~t(ue~3%NDkNVw9pey4mk+VWh+tTbY}luJ3(@cx>Nj`vKti;$uNYGr`8p9
zjW?1=hJ}QvtRtbA1&bfrS(emT$OtfI{V+<eb4dB*6CA8SCjDM<1!XtHZExSq7bFuL
zoA7;}V4KTaKtQ{!PoWLC7<Ec7c6XagK(L^4t8}ipB?DY6>;(*z)QgJ7{`;M<s^#Tb
zj+_&d$uV3*=Q;%2nF464o+Wxtvc!zrAdN|5+HKc5LLiyXZNXfWn3YGtCH46yoysd{
zh<AWj$10%MZvt5D%XBF(ViOOnq1<bJEm<j5+XLlzXrc6n_5&5@pFlF)w6(m$y|p(=
z$-wD|sxulX9rN_mi*@lMVX4{SV&`}E3DGLeYx|!bfg(Kll{wQcm_9FR#&S$Hz6{#Y
zqT-|a<4?$-Brjava`{d+T^{nVKyuMy?tP8jy4IF-7Zp}TXGdJNI*m^H-qTd65X6Et
zKLc|kP2QfGN~!VVWL0-Jx1t4oY?U>yClPIn?y*m)N@Sa7ZLJ>SsoMJo7WYO*XA1lY
zI*~3Xi&?1=hdjhKq9pKN<<&0_CrKI9Uq}UyQD2hYR6KD2P0b->QQvoDuK?{g6x`jL
z99rXOwdVG!t-Sa8rDxy%3t!Lj<?O35fAb7j5<1>FWy=9H)h;sKk82NDGZDjO7xP+r
z6FYD-8uzTc9>`%CZK9BP1M=hlA?jZ?wI4qGZYweGu7p1md!5q0NE)7V4YPRq$g=lP
zLlMh)&BuJ*Uh8hS;$Pu-$>ltn)-WpwoX78i<nY2rgLB}-3KT8E$ys$>(~7Mua*)_n
z#*?c9kE`!4FX0gbsIt~R@{$)7SNoD#Y1tP1{3)KyZ2d0i6K-Z|eRu0eVa|OrgW9in
zG1eb~1mcu6tD{02tj7|nfV2{@E(N?^#5mw|juhUYPAheK?31l;snC9#;}qDp{O1cU
z;Pyi4BZvjUz(lum$_JGDx4wQegeT2`Ju-e}v}H~CJ~%ijbM!{95F|r(<QXxc;@$bL
zn+uk6@jZ|<&+i5!zrTIFNp|G&ltz9$NQ1lx5Zc^kH0<VlF+-E%x5FnV@BMW*?6D{3
z{n)Xzp1<w7#pV2TyE9h{bmc-o%;5eh8=RYcp^h`Mh8sJ(M9WX2d|B~i2Q^iTm!&gB
zU;FzrY5e4+?sxu-H=CI(sGpc(19ZPC;AvL3rMnzcxkQ)j$YDfaOZknDmm$1JQ;}Ur
zjzc%TZ;(92OwNxB(|%)AC^wuQngy)Jb~#>Vh@$}(|49FhJzh1Nt#TVG`^@xowWAtL
zw+`PB-qb(ZnE@t&FM2Sc*TSsDTzh~w(akJX(^0XbStoTPIu7c(U0Gb5%9s`*Lw*45
zTK5_<vMk_^cR}@9Egh&NT<+2fZV_cd2Zzm8u8~slm_i3|-lk=3%d_#gTIX$VQ^*6$
zb+_Q<(-m+aF1`EbwF~(Fd`Nq#@~^H=eTL!Kf_uZr*G!JLk-8@u7xNxSz}6<m#)Rse
zWop5rLY$iB;xEtrg4(A%T`A+?nvoss=LbwW-j^>$5ZzUlpZAHLz{H_x{9U_LK@Qf|
z*5oicQ)bW$W)?Yx@PN<E%!@OpW#Jg|KZxZ13QAw1(158)-~>VTXLM#)^?@IBFU7Af
zAWq4B)S}?g<6mq71sPFx3)QVAP$6{LIqm*qr^A4TjACkM2mS09Me1}o%akxkO!}{X
z3RtVSuggwCBErravKm<l{LL<e08g!BJm!}G`6UV!@B|XGg>QoV=R&}L{`Oyx=wsYp
zrb$Xzh`NtXkU0y$+x%hxJt?D^eD~jn{a+&T#h-{$avy{oK{~QGgNB{<hc2x5;%-#2
z2y^lFA8XhDLx}L;_t(c^0dC??Rhdk%fcaG$V1A^wvhw!gKgaw3_?iFx@*xEHEy$pv
zTX>%Y0eZ`Dz+ozr@x?MI;bM&a|1rP+M-6#H2plWO*$Tt^fMeBj%F=t3m!G_O<zpzu
zqs-{w;Lx%^+y=f^zFm!$PjP?qC~EWeE!4l@%>V6Mt3fZ0a&|(mA#^P?MOL?hN^nI0
zAEr|nATr-}TMJVD??L_F-^pA79{G#2(PltL$x6At6CU8E)d!4qYl8!N>0b_k|8As3
z__x6ndO*iupBhaQ;Pd;-_GQLwZSlDQkGTK7X#VLXztCU2wvPb9Lpe>#4cNs210^~=
z>q-eF{+AQ{|IGQze*_s{M)Zb}Z3&15Jt{%@z`)<U*!8}4Ze~*d$As>`kLT|o0sF@b
z4u*yf$79i{=`piYFyqzZDrQy~FoMTa;CDVgyvx4-YdBsKMEt~GJKw=)1_ruYSX!PB
zG8xGK(@6h%|4D@C*Cih$Bw#vL^Ri%T3YlJPwO2@hWpBHLbn))*W$)iHxd&84D82#W
zV5xYFtuJr>A2Z4?^Xg57Cv1#>-D&9gUP$Q3%j5}qzxaxsEH@tdi_=I(<*iXG#G$i&
zStk`%F+D(Xm6sVrnO9j7#zkURl+Y<TL43pa*W>@=i$<U?Lj13D=fh6|RKNizS1U7l
zB_u>$aP6BhIv}L1paCJ}+UEC7IA@cc6HQ*PfAeJHKtB83XC?A7>Y5f79U6b>zoz5m
zQ!{3?@$LS*XWtimU}OF9=<`#<!)rO5euwyCFWP|)to<b4u{g<?xx9mUY7JI8YQ-tF
z|KEOQD=(+X$~98!zbF@8`3U~yHfk}_^<&WWo0r1adsrBl{DA>UZoAblCr<EuuYrmA
z;IJtk8XB5?cII%YN9f$OVFGwhzE3NHbmW5Hh?uB;0e5gTX4%@mr%uODR`xa@pm!(q
znNW_Uwy=g8XQ>(9E4Z7R!yIj%Mu@k`5K&PDuM`ji=hWH)zUT?Cyzl&hr3m)Lk9avL
z{`|Ya227UaxxF4Z@%h{*55D$4w<jq?&EN|`{?8S;n)6cE{oC-g(#*<r1q8mpbe|~$
zmiqD-OZx>RmbN(1Y@nw2X4Km&wC!dcE+`@#+Y#2-#AN*G@!q^E@DlO-Xa9tpKpF`N
zNfAIj0a^)evSze>@Ol7AN=c~&(W=rF?C)FDd2c6~Dyk=1W(_&%RP#9%CVykpv(dy?
z{7Mj8Jb4@xUQ=5e2lU%9b=}&`VmP6Xjb*#r*45W1-r9s$NV~t;h$>A3h%Z_Fu?2-2
z>+9CFmNN_oY<f#>z-7p-&2+5ZdSSP`*=x;(Bf=19>OhHsh1IMR!~qG!kHB;;W6?$D
z`%+?b9K4S`TL>4&^We#4`=PRdE<oB4V-F}IF~#uvA}1!`u7x+ZFn=uf(`A<frJcB>
z_`GHBpyCp<$0jy(bUbPMD$Is)z=wm|q1#($7I68GuN+4CO^Pp8*jk2=%^_yz`JfFr
zpNaa573vP0d^kfHR)F1ZB=9gOAMC5j&;KMgH`!QO`5`nsT=70;G%d<pe{GG`pquLH
z(eBmJtnQ*Qk1WrxKCHWxj*^1J`}6ZL&c1_#11pnM`$Ztf;(ykTLt3t~|Glr1Kh1vK
zm^5Q87o6x}QQnWx!82fjb2sI~*jnK3fS6)G;qIpb4QJEhCWo8x)#ULQ507rNiZgWM
zd2=RF^(n2Ts3>H99+9WV;!w;Rq{@T;GX(Aqn`+bsTh6ur#zV)_5)SYPaaHTCJt!~D
zIZVxpON-5UYL~+K=Fw;{hq_$vHW`(>iH;+nj~Z1Iv2S5{>pEmTIX}OzphE@mKf}|L
z<V&D?VU`s(A^=YRdg~|;YsYh@899@a%JWUuv`gR_9a$dd=f~>_pwEp4Z(TTn`z~?8
zt*-YY!exRfiF*^!9wv2r0_(W-T8-6lTiW@i<L&iCGMnY(llRj(g{YX=ffa+TsOQyz
z-t&AdcP<HEemOVshE9_cb?e<eZCdr-*)sE<a#d8?%@*THo<@yHk?u<gV|sZwoiFIP
z?cT=uVOq;}jJD#T%Y9hQmErs98%%!9?GrdgUO7Uqn=CDzqXQ=3q@6xu=Bx2HZrKT6
z8)&rbNw>JOI)7cz8GMX`_50UcfS>u<FZ8X=O8}6Co|(n3)otUa@vcR6-7_hnp#>WH
zaZ?25%QWz!ag^(cVPHTxW414hB(g2g%-geb-hOsi?eKc>4AQ_%y=HnN60|jbx`<M&
z1|SxBcidW4p~uG^K7PA#_8U`cV>$S&&n1j${O6yxx6Z{HiD^#8d*F2LeibfYr}M-F
zBI1@KmK4*NKh96xDYnmDarmgoF<tNM<k&BH-riEOJJz&^^DyxHeA>dITFZYRFvy^x
z9Wdv3ej8ZcoqA>5#B*HKNO81|KZXDJ<gxU9`R<NyD%No}oM#fZbbK7j<1(H79Gf~j
z|G{?*9g9%zYLp43RP9{gXY`IbDctN)Y|>+8MKfdMCClk-m0_*Jt)hih?L%5=P20y$
zpUxZ|Bb!>%o_%!t+xSMRlfBxSosC+`ac#}bv&h5R#)52YV>MRUA|Z9Tolga1HCj$_
z+n@Tl+)Mvg685F!PxMj;Wa$>=z@=qBW-rwiX#VIlNZ(N0Ug&;M#<6$QuyUN*AHc$~
z3?kKW8td67T|Du+j-I-e#Ns<?Ip52PdMZGyLzdERBmiHaIFEpI5}2fhCRZSI-5*L+
z%d(*e9|XXK^(IVJMUzlS4-%{7pq&wLU?3uXu`uhhUDu@zN>Iljy>`A)+tppltU1M>
zN>~HL+k93Vwf?^=VFQf^!zvzWu=t0eTzqj+s0ng-fKT3k3Sr4uSndg5z7r26a;0qQ
zHH9e+x?oCKs*$kpBZ`Xkok9hL@D>uySDU|`n#9{@6;wNOqA@yyd0hJ$Z!w5OkO_1>
zaqSSZ*M1h@&JJb>B@2ak1M`ukHE|oFkMHT;w2wa0BfJW2=6kQK_BtxoqOS)GgZ+>1
z3!f)E7_(h{1f8OHho7(03?my`mzrCb&|-dhc>c0ZI@@k$sqx@gd2H)h#H3`S;xHCZ
zR`L_1r*LyRT2@l2cb}5fY&MCv?kQU^stVPqS#6xFF{ymhIkMW;IMym=o0n^Uy81eq
z*S^J#X5U3b)pOWpMImqDJ8{A{dL6tWCDdM_UrEroc@e7^Fz3+2;qEj9=Z2G#q0~Z}
z?oyIcNXVp8q(9&WsOYtf3-2|_poP#owA;u9_&2w*_btu*7IR2+`p3cLWJ?7kmuoS0
zQQR2nw>?C<*MV`9`Eg@S2&0A=BrbMChEkY2@=x0>(N4e5NOOM~EHdo~ddm6CW6U2L
ziAtP?vSX555_?h}3!HLDvb`rOjd+M5pMM)~L`CJn78jPFhsz<ccJC^s0{_$7Qnlhj
zGj|gW0^+rhATsiQ`LbFol39w@lDP^QiyT4sm0=sf2T-o11R}P|7!xoVK!DHs`_f_E
z&xacd?KgVk5)%3>L^%TD?6>08#(-|5BWo9`RqNyTte-msp9H=D-68v)`^MR3v_<wF
zHu}T}!QIaS@Y@ksNz^>ed@3d1km=NH7rmb!m8%TMHET@Rz&C6C?w7ZG9<ZFH%Zhcl
zQOxquHWS;!DSLqB+N6qoaOOZ<YN|B7R(&pmPE)lW#uQf}pU|a5$_OK@?#DdQA8<3r
za^6kffPTWL&e%Z+xV>vqVh2(<mrBsO3dErvzFL8cpN5m7g93VIf}RUz#dXtS(e?rf
zij?h6san}xsPXx?A2!_Rh?L9a(*xm$a=VK$_R98f&1`fxIVudPwZ`4WGIbx{O%}00
ztAA7~kj{O)zk-Ad>stqUXY}q*=OoZL@|R#(n@*9GG)fo_qn&_T?P@))88lnW^eb;1
z@UmI6EZFkWf0eq0t%A>#OI}0Z$3!F|clgdEJwhquNyei$+8rMz)!(w2OJq1{qKj}*
zA#K^Ln~su)$z5Tjam<_g<pwIZX}kIQzIgum_DgkgLUW_(ix}3~{owV5RW$!VIrMl#
z5Oq5y_b8gwz>3x)9YFXwuECx(s*YZ{17h2O_xRKobNh_jd7lPaXfjQ}mHlY8ijN^0
zQ&i8-&><>xaEtnDKwRy8oDv}e%ypqsKs+J*y1nfy35-n!YtZs+6I%wdMY7jcbQzna
zq7p^kjBRvo?61^07PFa=*zOC^4GLWggw-yWd~>zeBe!NF?`cXBzlj$n`H#V2b-R5L
zdE+iebh?CvN)ln*p{wrd2>A%;Id#o=14HwYT#Wy+7XMzEM3@i*+&`qyTgW~d(rxsx
zTk}HeKHei`Hp}@NJ*@Q+?oO%c!W6-U>a==XtA^PHArYDw$M8*N3cY>GGQ^!SNb-nI
zIn8+jj$_|YU8>B&erY`~E=hV;2E(G8=94B`psO@b)wi{L8Phap%q6dTy~%~+W-k9R
z6*V1fr#_jd&j!oCEX+Ag0?Sw@;<}F}WPZ?caRunE+5155-Jb7Eh#>Lp;<yll8Utx;
zV1Bco4wqU5H+Y4`ZeH%Lev4Difd$umemgwK*C?NfJ5SpB+L*OeR7rJn;)%3xcPRW*
zoMr{LivAlluOF}Dp>7W+Be>bhq;_1z^U6Gs#&QJaX!myAH_s=DqEk~PldKoU#&V#g
zI4E+*L3D_X8W8re6x~%Mvtw{#^6wo<UXzn4Z-^!>KTLx~xjlE0Wl}%XL-T$m*@zIl
zM@*wC(kBIaF}|01f9;sKE&_C<PON47kUOtay37`&(o!1eAWvY05;VCS)83!leeNak
z9?B+_F#>{-<0zC(hIhM9{eV|xPm1<O32aH`)xKkXa!yuwHJK?&EJ^)rr%B*XAXRuJ
zlff-9j8Y#W)gja<7XKwo-k%{Z@LpM>Q4E7p)#k&ghizeZyTawR8$2V#`kZIKL3$tF
z&&hsj87_ZAttl2HJi*}hkRK;{UXN6r$Hzrxd{FyCH|boiBXksX0km&PW$e*fYBQ$g
zYLMtt1!jH|7!P9&dJU?U6}g46A}(nNvgFH!kpExT(Q54{L1<mnYz602P>|W-Tn**r
zdO+9R<pI-eVJHciPdKZ~A!DuQ?OCuN4If{c`_-Z7a0-W#E!oL@UD!7Uoor!3L>yM}
zB9^Q#1sPrg^{K!Pl5c-{q>k{0He1ZCx??hz^5Um`3eV~ZlM9R*OJZSW-o0*bS3im*
zctk7HYKXkM*po_1N}4QGAoXgl`~uefq~~=@j?W8{HzoBqIULKOoGRA|%an!GsxpAI
zo<qI)4L;kH2(`l)Le}2^8t|^OLv<c6x~{BHQBqRUu_-q*H0=uKO&asT7*{Cdv?*HX
zZZ~FAu=GfdFoP!+fHhq&Bggxj%z5{hkcy$fK70GsD8dig>8InmQS*!o(;M|U383?C
z)>l%o7(!pQQbXt`^@Up36J55*`C9X?ecP$s^HG5U7_?r?nY~oUkvyR3ui{eEr7ZGq
z7bbhl*Wl+z*B`9Y5kQ~1ubOohdA-Eq9^0VWe75T{h>D8#C&^*Cq(d#BhwX01(_^j0
zrG?7%blF-cuZc#LuH`15*I^+|wnj}Xam^6(l1+tPyDmBXs6YIK<bFiUcL`k?OUhqh
zz%gj_2kFIlA~{HccWA^iLpUvEO6g<y6}5BW8(O@hMQ?u#<sw1(Jzx68?_r;Y2N4Ff
zBBK_cQs|0R>QMPE2XO|Lz(jNrmx3FB!nAtXr(w1|sV?~npIaJSqgbdE7N|^`h1$x)
z9<*HsbL0mTPpeqLE>q|n+ca4!M1s%dp2}{;m`k`_mbZ8WIZY#c1t^x3Oc|O{W(H+)
z$~+K%4XLD<pN;?eMXB08ZM`6Z<zy|9)bCuRJ6x;`T7{O;stW1d+8oy}Z_m}VP(n<b
zqln!JJhgM2?jbIOB4ZZ98K7jdWG=^(h4`3g-SWi-A=bBTF**aPSXm--GY);q6B!HW
z!B|p%uAzV`2|qS|xI!q8{#HRH=$9YKV3r6JhIxVN5jRaOwdW6EeoXhnp8;d1GjL*G
zp>?TpR6bFZw6m)9$fR>JSjmc}Se&z{7#LUwpr9usyF=>Z3$aHTLG$@@91D?&aDAtc
z=M~wNF6lu-n#?PwE-9NbQi0YU1eb2syG?x3$|!Rt<o65?Ij<{1TuHH*Ec`LE9j!Q6
ztz=nKPx_7hpry*dis6eU27|mwPOnU%j?3yC)FT=g>-`t_cZ!MT*31j2ofKJ7GI#>t
z`UF>#HJOC?3pb`p^fG81S9BU3xQ;eFT9Rzw7-!cLQ>wE2e6Gk<;fLIryiy+~w#4qj
zp?<)HR)M}rY<l^Lsv}#uRQsa#62?iysBgi)BWJS)F?7~B7y>4g`l9)Qg`_n{IF51p
z1lP<3H%WwL*5a%6<m7DYrtSMJg?d86wBNVYC;JvnlBaAdHW<g*PNhz1%Ab;w;_+Kn
zzMxl8+vdRN%(~o1rul*CgJ4o_DWOxy%PM~S1}){ttCr3{xz#qN)s#I>j`HC?^*TiP
zR!rZuMxr$wP2KE{sxvX{-^XDf6?l9}k{wOZJyz%-1_shZx>O)buB!VI{eF#NcOYkB
zaco(4<mc3F@5Cs3G58Go;jD#x@KzP5w}L?uJutRPiUeU3R$amAWTe0S?JFwkRW59H
z>qoRBn^Nl4Jh^vKfD7!`BUc{Gp|;X{dF!V(#Rgrzz7tXTuZvxb8mdK#Y#>5E65KY^
zIc!hcWs<Z$>>^VamdOv1q|!|3<^?iIMnGu|=8f+cA|hz$|MEqi0)?vRptE4#Ks>mY
zlNQ9LU)^0MVv~o6&oi$p@=zI7X=n0Yh=o|3P)!e9ry0i*W#~a2bhi+lBGvwQ^x1j8
z<$R=$LjOz+>yD+Q_e-KN8=YMQp+I`N_fuoE62+}yckuIgrjTiod<by}2&%h6ze{&B
zpe%lW(s@Ql3`_6fxwPN+KEvxy;BM6q$@l&%dms{_EHyRWr|^nC3^ncJM5ombAEzbf
z8J40_mk$W&#mjCx))b=wCAR30N!030w%tJRJKsN2AGBM@Cl(2$LPgof9wA<Dd%V(8
z$y<1sZx@GPtax0q%$VR`I|qW=TGg4@Le(1*(%`S)y9))4p(=xEYpm?C!S}-CCXGan
z2n4*G-5mZCcx)Evd3kwb_^yi*^qig<Y4n=4!N={-{LM;EJ87;cy{`@d7(l;s7Gl9^
z+ArUhs68t}Cgq(MFZ+b=Vn7?SqX}r1wqgcnD?!B<Yd(@NDom>XU~!0yo1^6Qux4|b
z*H0L7)*l>+6d-+%sc*tKY~FlF0(eA1Uv8XTnkkgOdOJN^crnn=R>JiQAG#jJ6j_Gd
zT`a{|Uo4Hw8>otRqVc4S$L!u(zAJ21^G+2@xHcDYwoHZhzMtKhFgwhSHL4Epb>3|Y
zYgP)&)zt67=Xs)yNUieKy|?$8ZG0C3b8(u-N6k|wG|PpTSWOp2a0hZYP2HP0Um40j
zZ^}j6ub;p2eY}`8oiNk4@$3}P7`$#i`L-HgWA>WOJf;*{e3~1D*#srX@~wo3R?a8s
zWOG8I;a$UR%FbqDX`NbD&AJZlLgB(bpoK22@K+6r`fHY3r>B-V;w*|X^TVslP6bw9
zwb)H`Kt)p)nm7zA*BlX$P^^MR)eIIZHs-b6Z93(xdr8#VZ6f&5A0WowK#;Ob%AS(h
zZZb*eQ^#URhhY&A#jfFe{yJiD>LzmRuGwgy@v|tp$&IPXO_N)|FyI<Y$1J=BE6J^T
zK5i1X25IQ{)s{Y}Pq)=VG??dm`uB46(|6PmGsq?kar^Lm9+%{`gkZ1ji=w+q?m)*%
zQMetJswOrS<MkN!LLdFFBi%NDL+pcZmx<R?B){qfr=Xke2k0UWU+?)9@eD5*-CfH$
zeC}cw^@G>H(fmI}%jye6JrO5DtVMEvAnuFs!K-wV_&nra`v|d3)x~>kEX#D>$1Sj*
z{myjqKVAUrag2ICU3SLI<{wlDVQ+bRjjmGz;8cQzz@4R7S&*&a0?r8EGg83H3GL=e
z>6)xi{ct9_Zx2&05BS43=0i)oRSV^P?vNfLNa7Fa>6DAf$9}dE(UAIoz#QOUfpKM8
z+4=ku*$P05Ir5PS2Y#MaBXcGKznR<QDTfC6U~h%@uRq8dSTpWVZbNQlx5*`e&@cI5
zIYB=<%AyL;X_2nYYw)X<aqZ;Zf7tEjtxwpgGFQrOtCcTvcix}6m!5h&9jf=7L#?yE
z)8|n0z}KQ$Jh(X>XH+)4iQ<Afo^4Ch`)*byYrWj<=qmg9c-s88`4w7o<-YFx$(7qM
z;(hIfYVJu%eulfp)Br}U&5=cb^@`V9jgV?zcbi(JSkZL%2Vrqa#2)CHKnyJ31Ygmo
z{~F2uj%&z)Uyxhgv^OSLrYw!gE|S7mP8<og@N}Gywr9q9enG>WU_Z--P<9c_FVw6n
z_C@L=^nR%NfZ78zfzJIY1@c392T6p?fQp88E9K31>Bokt{rfG{5LwyhcH5P<i-h(E
zHg!4TXQH-<DU#E7Zi<RA?ktFV6f()^*-yqX0-0y>Y2NC>OY-Z*nt7p$H)H&OqD3uW
zPlT)ee(3~#4&L??aFg3Wwq7SRmVXBys{eH|SefMMZ9wqzldHcw57uTC&+$zOKgPpH
z(5J%iI-4cUHDq3UgSP^ABG^ZRjADU>fjzN9MrCOCRWUW|3V{pk2>9-}#GVvZvz7Xu
ze4k3J8*Wt$p3p*8x9ZwGjvVI;;26F~m$yH;Um9XZ&P8ApmJm5n4&l+7EUEe?%rN<L
z4>>SxGc614Lj3r$;$Z?=F}fQ>=#{Ca>lLu_3qHEpjsPy<KC%0iGi^BJY@veQxRz~e
zUj4AZ`?qEshbgvgSu=WsHt8;l>|ha)l0O@y{hI+VjKuI?{_#)9+;85I?EK1V2#nvl
z)Xd4OmOd4}4-4D8OlTV}bXG*TGwa3CtgAyV_fMh#Vc>B}Rzzq?21Vf`Nw8!(8}6rk
z{pi+wJ+Tn`W>c3%XfQX~N%Wdkv(1?iA*FVi*SOglwFtP@2~U+MXN%zBIGi7Yc_o9F
zAKYHYR=m+4=VrAOl+*5qfR}x{(0KjIda)`2wM1q6LrjRIHGE%ta$TtIg9{?N-_;p{
zU!jf#xXycbmr1kH4XeZsKcBtyr%HkQs_w&GBIHH?=Bv4$3(LWD@MNW`GxvbH)uP5v
z8bh%{jmMA03Tz)T(D67wB6+hmevD~JuJ%=X7fYQ@4HBwDqG16!5^Q2FZe*ngKtjL&
z$xGC2=Ep2|zD*xTLXBSbx!LtZ@wTefYe_Q?8H+wbwSpN-N;*ETv-1u2z&VL<I#DSC
zJpV{KA1OslLZjU#dNztNhxN2C4EAf$Msp=fYDfyazBgJkHhfc#FjrYL@;}2IzZZP@
zn3)kWU8;+nE$Ls2&*Q3pIsK{%nT!<K$4<bv^Q#x)kVb8^N{4I=!-fykc2fD02gJ@9
zsWxRfy|PhOHpKW_tBqcSTC0AEc;y<KLT6$+oMZifRIFlHB9Fb6ZG#+|!)`)G>nlH|
z&ib`E7Y?*W)6ry`CRA<K#St)PP`}*cyVSe~F+#R}>-fer)3a<`t0m2JQjK`2ln|KX
z33=OBTu`GpTQ@7rx_0!R*JF}o8NWAS)4Jn<dOAuuV!WI9zVbgJw`6wuK}zruD7UXM
zrFLwJ-voQT&BMPCN|ay_*7c8dX4clT-o9j7C}$GmKL4J;)iXqR@KE?Tv~8Dxz;#Fo
zzao_>7<}-ST;PKEecM~v6lNyzOtynd<|hl5$g~{oxBie_Z}^8=-pz6xaQyCWTtCc^
zpFUpB;aIfGbI(ELexNo7BiP)vie<r90QWz`w3=bBbz{#g*@|nb_=FuanWjtTKXKCk
z_Q!Xs6Q%9TU?-#x6MMh$2l)n&-kB_Y_56rm087jGKJh5{a{0?n&oSTI^V#tpF6q;#
z(q%}x)S(NJ29bhGmU{WXgx_nXR++Mnh^ZW=n9j%JGSv5Lc)B=DA*Y;}FT42Brq37u
ziU^Uz1VfQ`WfsinJ6?fE9gc;7!){TU4o4w}SD_p>Mln%6U%!)p_NKi+Hi^|I1LX=z
z&eC_r>nXySMnE9=|8nyqf`&j2=4dadU88~3wO2lEx)>kajq-lT*?+4J;X6N7Yd$f_
zFWe^NW&!x{TX;{GYFtEl^A^|th6?klXuTp7?e5He^^=pa^+NIV!EGl^Y)1RMfT$6U
zQhFTrDhR<NqzfybcFGq>c)7>~gn4v5j_NG35Ctv-?siG>5E(Mv4Ppf3M^d>Q0XRob
zVUzg~iNKS63A7P0AV#OU48GP8!eC5=3V}8vnGHrE-HnywS6#4q{-W$>=Uxe9s5Q)E
zHToKa9*6e(lSQ$2`bNtwZlNCoJ&8(uq5~b(#XB2;Fh-RqkZzR!Iji@R1O@2vzHz4z
zfl)h0V9E1bCe#yZW+NaZ<LS6zwDod&K{5}~`aUVdze^VfvxR0S!<#><%M!0IRHGq&
zb;}t(%b`a5kkKeF7Qo{DrpvT~bc}(v&W665q!zgTAN@6^h*7el1H6_i^+iPA-Q2Gb
zBEqT6x41dF130OQSF9B_)zWRnR0AX&W+4-zFh!|Y6oCc2r7`c24w0F~xnr5aCk;x_
z>$eX#p2hJk1o(?FF&4`D>(dVNZP!GL&@3{i$v<fH1m+4orz#ZU1L4iee)7n9HAhGO
zPGphESZTUO=DVAqIgdN4m&g_Nm5^c|ml7DtJA$N~%696-s=yV*PbR0%o+?mEV7ax-
z;uqB!#~tUxa>*m3Fu>O*na<E7l(DQoRM-((zZ;clS6HY~+nEp$NRte}%STmB>DOn}
z<q!{W=e4_`S~|OXuQ{quQ08TA95Z8>Aybfw@H(%20Ap~X70bCmXii3j%W-CNLgz$I
z9(Z0(NAvOS_BX~2^;D)`%b1OGANJ^33Pm-WNXTT;S^3F|8U=mOi0(>18_WCS`>!2c
z%bGeVbYmZin7{I;oe*sC6^4bUA#l;Zf5BUPMd9)$d%9WPAMeO_j_Ko}6hqKp*bHlP
zhJHK+T<~Fah;+j5jcc3qvJt7^^nbtWQ!7^=8Bja$Rq>;nY6DZ&ox&YfBKtv_CN{o;
z%)r{AQ#M}3i^FSjIx6op5Qene2e6k1U&r4aUD}y7ZI4LIdIckt6=g*x#${S1o>@m9
zwB@2fg7QC@{Fzx*T3YJoXnRj3f_QxeOm;;t^tC<S-?=d8H8ALS6!vhGNG4zpjN$B$
zg-Q@aVMKSGK3F9ujWn(9oBRoNSWld{rg!_bM?tFrjjxWnYu=-?4cWixGz*GM^W9{a
zv?a&ly7d?R&9LN7)k*!6jHN(M34$k=W5LG2hCr-IeFxq0NqtAm|FrwPpU-X}KP2-j
z_;c)^xtdu<d;(bI+EvPFHPg5UHwW`+J0B=k=XKsjv!K+=w;z6iEt}~mUFk+M53BJ`
z9-yf)k=>D3TZ7F$9jm|))AJkkI#HnNI=KAJY?|^2;oQgF7TtHi2kTaL*~cu~Qj6u>
z*<ujhBI=e=y}tGm^fdY!Qas`aft*(%GB%3SwYc)k*QXA@Y7tj(e~c#EYlmq9$&%+G
zoW5eCYjn1QtzpCm<n<OC(a6YuFrDAo;dBmXPez~&R@ZAjsyZhkKzvqgFbuGuf%5d%
z0QWIPZ;l=c$hT(tBnX$%=nZS-+6VVe`(trXgg--SbpNkv#tVY{{xvZu#5Vy48l*H^
z;nNMttZYhw8)4!*Ju2{wr)WeIbO_qZOPC_T7AMS?905RIQSTcOBGxr0-Jc-9KTPDz
zVCVVi<QctRD&qr;E)WS`$AWBB3n*k$#YcJ1Yh^JX{B1>o5LMt1SWKi%nfnd*Qzf2W
z&23&S*ecOL{s?ce2hu|av+qLtzbq?SF|&uZ5>_GE@>6V@B;p^Z)N*!*IaXLpR2Pos
z>vFVg@dt`U^&FR0Cit!w2mO=1Xg=Z#PZ8IW2lEl-Z*8V3=l?RIC^RLCGh}_M0spK|
zH2dWvTE8UCkAvz#2BkH)HJ<W4Ad|+m`qc8__r%KMMdKi2dun;h8O>BWHj9a!z>{gE
zwR@M9KxC3(Pw4^~=oVX~u#1j^kuhrO!bUC3ld}MUn0yWQa3e|}A4vc&ORh-HKkl#}
z0vWjy7%}oU!jMmq4~q2DK141vI<A46uJcUbg?ek;$IA-uwMvQC%;6)BJs4_sph?=P
za%a4|#%U^fXx-Owa%}wvw{R>)G-$EucU}sK%xWE^1h_{^&{^-r80S7tsM$^g`DH+l
z-gGqjAiF$2F$G=K%zrbFr;RJPAL-Bc6N{Qi(}Tn;9X_A7juo$?@ope7A)d^hx@(Zh
z6JtO?4*4{!Ez#8mml5Vs-874qaIJD(3&3_+rk{otdmh?6q?#U6SthUGRz~tGOv@0d
z+rSfdlkGY*!`kt3H8%qL9FN>1Mgi?DeC*=K%q*7U8o8_{?v4v&lF5B(_1<@TV(zzF
z32Cx`yfN(2W#H5H8^~ZSXbC9AFXqs+vsFs3c%oz39YKr}i*!ccB@FN05N4XaRS_!L
zgUl5-FLkT5)#0qp_mNa731^3hL4voPV@xI7H6#-KqWwnXeQ%v*XGoYCY2`cnE@do9
zNsDg(P+6LjHw?D836?nMNYN&Jkw=omQW@uAV)&|1JbqJ1pK&=Vg=fZNM}?XqX&y*~
zPWT@ug;C=Iwucb?*Vzu<!B|X(o9jPjYn;~-aY63Xy}=l`8aEMmpCik%Ip4xngFV`@
z7@ry=nWXVrg{lzmi~lc@GV;6ztGs#EuUNgAWN!wC2J$!2{T+BEH-NUs?de3dYpEe2
zOX|Wni7#Ob#~SbE$DbS8Yev%NOUYB_3Lma_L-YGnJlGD<ePx>@EM?1q$!4w;kv?(3
z36drwi8#vBA~-ci6x-Xs#m@sKQVq7RnFS0OUiFvgclE|Kds)BdsuvD`ZTZ3@{&m{L
zN}wp(>?LBc>>N0k$~O$4dSQT)x>*jjDtt8BLrm?j<yamt#8cfDvk`t*ukTx)u8aaH
z>!UUyqhtM?TuV5kz%^CvOsT-M{d!)j7t<#%$H?$&@IW`|IA4dfX{7B9))7GftJhtU
zhASDN!e~+F0Ngth9)ng6{}Dsb6KD9gJM#om4Zc_3H{eEAptsw*FzjP8>vYZ^!Yd2G
z*nT87H`eQmc4c!$f{>1Mm&zqby}5piJvx@3^yuBcjyE5NReWKxd{8#JYQj}b|KC8i
zKdGsph6qrNNTQh!_BRWE`-66V^|i!$4^~i-UD!f{ZGph!Uh?N}K?LsVMZ2GwfV=r|
zK~ESK)Myg!N$WL#JEW=}KC=X^e1~r~hS#h1-@UldTMKhQ{?+5K9uZ$0O_7+iiDY^6
zNvD@<CsjlwaIx4$ED}!wU<uUoZ)yF2%SDZr`b^aF<py<_0JJK!KUIPylg1sN?s*2&
zx0yV&nMl+b5+i%s$wtuQ&uNW8tE{{)H>|Nm&BD^L*v(Za4t~5;<JOS>K?@=ZMBqr=
zT_?G86#yRtH3|b%Ww|`EvtJ@e{~u{@8I{MjbPFd)u;3P4f=eC<?(P!Yo#5^kAh=6#
zC%C(N@Zjzc+}#~+lk9WGk^O$}z2p1E2!wu`?p3v_X3aSlWe$yI-tFzvJwbkjzy6jA
z{XR2{mPZfL9^C+B!+AHR_K#I0AMcU(5uAnLtMEGcSA4tF822|>5iq`!m-{meyEcJE
z#kp3|<ezf$((aU1xbvU++TU))kkL#8fqyGyih^#Zex(3ZazmdX%Lpvcn)ejT`0EhN
z1y*#pZkNC=UDhg#5P2ZVo~2ZUJ4F_*pWD)$-e}I&kP<boJ-cmDqmzvlD_ga3ZJ3Lj
zsf1uujZcr(fmt!tS<1!xFF)YKeufM%{9?NCR;|e)Vp#9q1f_YaY=PgYnd298su-u6
zl?Fl!&#xyfi+C*E1W?lfqGO(UgxBE1^0SAI+c0OKj6Wr%lnYT?t6FGh1Nwk!i}52n
zgX&MP0>xD^@~-6bN2oXDRT8Kc$Pk-A#`qAIut9Yg@WhDuEzVYjkAk<JzQr2iOj@_S
z?<8C0b3u}fVgal!&KpHCUn9=0LXPt4i@1ljSmO9lBRwy%2U!^Dhu1J~pAtg=vAwTj
zdh4SiY-GMI1}(HKA>DcMg2(A-NT7;yIy=_taz~$SKB$T|Iw?wCVQRfMT-JhRzZQ-y
zs7nSKECb%3ndl;v`FBgVC&V+AfhlGC4Z+99dP|-xO!)&b#HTvc)?{5zSNb`4qMi(X
zC?@s^Ny&pr40|<()P|Md^RXT;VE1=@f1CFhda)Y|Y;`dC;=Do@XI(bpE|aBc_+0n-
zNExg~q?mI#$3Gw@-bga~sR|^nCCoXZ+Wl$XtXQryj*QRWkF#QJ;p9gH<Fe>042<y$
zlW4{9QP)m^R^o3HHxt2O^>22L)x<{kd|G>0EnD6gK9Z$%FYzqU$ujuCBqvOGV4Y{x
zh?x>>NJT;)n)8f!NhD<B_5~M}wUYz6VdL7)y?O8t-u1AUHL6whq;f2;HNTIkzX9sM
zj|mdV20;8_+~pI{JQu9V!v#atktla&8ZZvWd^_ma<!WWk5Rvg{Ie5`&9<W@oY4GJ{
z7qhX%6=AV&q(683g93T93Lj>z`7VlwiEhihBeC<X1rKZlGe%0eQ?xSMh^JZwl}(l5
z(9}^(AFlV9bAb>~)0)$Y80z;ZHw7d4^mhdAY}u@VYciwVA-*?9717!l$bZAv_)ha)
zW*SDzqN<YhY`lyFqKp-_xw2}(4m$nHx7^HOe_EDjn8kRMx5eH6b)9}Mg3>yyuU*#@
z9H?2eM6CvvBit_calassqDhlis+**Q^ZwXV-Y{9R<_Fj%0lC>yBhz!>x1Xj;P0)q9
zbkPsGq*lAOjrP0z5!`o(HTOW}GP+-eIFt7UwHc}LY%K(&v<Xk}L~sYxK0XE<7K`>1
zLsT^H`9HRv_Uuddd4DFO@L~P7H8@CFy!8qUcMv|YfEB%2vhA?;^!?b)>3V||7lEx>
z^slubvEs+2Pw8$?x0n>~-}?Y_$8IVEFK*oNAE+FkxGov_Zs85X(W@+@S2m5_W*}58
z0<~P|FSlbZT!bp8W%me75KjKON{o7qX)LTuqfYx5A(giSI&9z1-#4#Gu`C(0nYEeS
zZ87$IvzyE>n~XTf?MScbQYm9PgKH1L%qxsPKnn8<2p=zMqk)&d!;YCtaIKTf3~RcY
z;D}aMYXZN88N1nwINv!pq3-DK^2#gYj&7_mmxNNGHy=kak{iJ?fd?jl5d5Ou18F=i
z$2Tiib`&*QQi{xIjTptt;&3w-S!_jhvs8A85M`j*Jmpyy4uSlhV}fR1su+;S@`$Fu
zhzGh1e3gV-VffT%CQ6E5KX}bwuaa8nTdG`cf%(N|>yzO-Pg^On@<p>|jfkj2@UgR)
zNNOvUXq0}Lc1TDk6ne{PW}P4xm)K*e4#J&FWr)zV`8-!iD!wa5U=_dgEw%-_2r{lY
z4CivSd?edn>_JjlYST|GruK--l^W&46@9OjJ{a=e>(v42oVU9VYZ>nTda=83{mdo0
zS!B2$@_pE|1+0@CI4(m96%*?n4LxJ6`qqSsKOhB56kAL`=^+om^;ioAXfaM9A+6=w
zZc-Hv=15>rdY<MHP?LK>H`oY#0KNOL6}e8nP?aLUmXrbc?N=8>1|PEJ#4!K(Dc6^Q
zxai%?FmRrCzLPlZJRIpIy^OcLByFk_vxjxZqd`&F%zEA0WYjhkq~rs7azqMjI!d<R
zm?D(aJ8dG_`1Y#RL>J%(ht{>W&=}e#Sige4ZHXM387M(RP{Lii4<f@zQVAI=Uq~ec
zB__KLJ(-5{v`~c7#ZBZ&j!y-+8`f+dXZ7{%)n8&KTqb9GtsSKsY9}!2;zrMaL1<Lj
zG$JPTUN}}ajM6+STr=J5Y~%Yqc$6ZZ^|Av^QrE!E_>*wc2ghrQ8?)(SM()&}p!h4|
zh^q#YUwM+8!F%|dnBaBXnfNNQOA`VQbVpeE4D;^TCW8;s?ufewNAO#m>x>aZWjG9v
z<;g`Y;k1)@`(KbEDl)ctsoUX*{7yBz?@2udlIY!oU5A0RVxs*}&7;O+-GM(VG!Vi_
z=L`O(567?&Jb5qeHkpN?Vu>4<YtN(|^xYWjfsD+BRuwm~tC%X9=f7rugwQEH&@m3)
z%1Uv7`P&i)J`uL;=-1cayHOG!GIFJo3n9hwD)dR6O~!>871N;boxjEwf$<<DWXIMm
zdx#XUuuU0pA>@=TKR*#W%#r{mu$T-ZSVk#)&o?53Xj;uMS^%B~4)7L_6&<WvZ{N6I
zPAMBswbn8vnt%t;G;YT6h|uo0-XD?s_W8sLdt+imBL~}3gD5=DFK4KHb85y;ySmIg
zuP3&FiJzuN6+@7%ot>)U5r)~h_r2OCJk(&tnnGPVfMBQece73KM)I>xZ53A=)}(Sc
zjqi+QnE;bVwNH@OHNne<Psm87?v{fkR=}KGtBmP^dLN=}jnL`!b=!r7a7nc3s0hRK
zXkiJtVyLxrGQwEkBhv!xZt^Y83m2j5fs{SV#r@7g3024tn~f#j_RMkDynQ52jA=Lc
z$fWwqz7{q!<w=~wN%oMxShnkCK*L4%h4uKm$`+OjCxBIuDFt&C@cqK!N<SUy6Z3Yn
zllE-ve6D|y+s5%P5g9}rCObvCmfe|!Hkxc?)YML?@aAj&LirY|A+?soqsJAJ3UZZM
z%3nY$D#I~1Y~=vzQ$@poB^w9x+dccr*QRI{luqRxFQ!8GIJ!WHp}WdF-Vq>O#B<p(
zw%QrcfhLvl_G{g$*VIOkObZMtg8lxl5EQeiaUr3{F0jdZZDFVhuf?%AF<R&_!y4e^
ziL;JjSag(eP9rTGkh8tMHvxtxFG(^-Z=$_Q2zqa08Z=LVfM}9Ka)^Jfry^VP`;LJh
z2M-}NLmu@01g@)SGsr}Xqax)L&{a{f#exZBQgRggT>~hDUAnrXj4TO+?%DQZ7>^G+
zNCjF|c$T#-D9sn%bRA*CA*0*X{b*k*qCzB}zjsYm*kN8S!DtT~4W;BlM;T(9bJQ$x
zTF!_J*&h6fZ(b}QzVq#BOqcw%4+=0(IliN|4-{zSoo+iWiZs5FKKyX>6m-&XSPA}F
zA;0M>gig)I#w1~)Qabo962$Al8X3dts<k7tlfJ)th>Zw`Vdndw_|whWviYT~l`>V&
z;`J^Gw{N|m9*V5|BYDdc-p6m_LQNt>Z3J(Lr@|^rlyFrV+J9JZ00C^dMNf?&eJ|~C
zgQuPkn!f$<scrOd!tQ(Qir=}RD1YRQ(MZbhh%>I?gD-z+0W@aBmB>Dn^layhvCB7M
z9B3^<*Tj)mh6MBi4SSq-sMoc{wTCzN5~L2I&|277w`l*#kn^ex<pt2fAa6_%@sBk=
zK<nZ83LcML;qg@l)D(bCx)4Q7;oJn6M27MXn~r4)CCJTqJ~5=o$;;m!KGWJiUe4?u
z=%z>TT(LSFOp4*Lh*4WLpXSQJf!ml3B{AvV7DJU2x&U2Aey8P60)S|G*Gcg7!&Fb1
zTATZJL!YcJw7hZO1prpbILL$L+u>lP%bL%`1J(E0NM_Qw-1x&)oz{K>t9c_WPj@)D
zdQ^#-$SJ&{f^B{P22o(iqYv%C8XIEgc-71E^bNhIk_|!%_L=pa_~%4={Wn}!Dqm$x
zhVI**-TMoXrc3~o#D2j-pd`=Ydg*RU@Z`*{WK~8Lm=|F-zyY(+M8R!Crthk_9;Z;r
zCn2I)Fj^tZN120UHTinCX9_<d%6$9LCz;0wN0!92LFLM0cbZL~_vSOX-RnN%xYyZJ
zM~N^-i=qduTuw)}$NVa1#?yl=6KYr>jth$JO;~hY4m{~zTz0Y&T2g1qj0@YN$N^P-
zC)h5@$rBk;2#{>!PAE_Kg@;p$n|1DS|D#)>MVvIL{_}gTvo^{*>k9X{Z8LwPguBaV
zXL@?gTV0Xi;A&o7cB?wkoRKEgpVrYm7m&f?GD@}|eb<T<3Q&lO4?p4v5j1`Ih7o>2
zOnk-{1RFAyyE_^JeO&LZe$ncbg1&~aO+yzVv!D`cGWwlps#IRR;3feEc<B;FN;Giz
zXCVPftzX%xF*;J-c0~_sHWo}IG3rhq8mulB4_G9xdsSf7TDCVg#Qa#rU`Wu&g3&e%
z#Gw%76N6<A>V&B^pG(57>Nw(4YEI@fX=b;4vhjf#7ZJyNY5oc2S`0ZB&D}_yGYB$x
z(9sSu5-0N5m8Qt5Xmhfe6}MBNwV;uwQiEb;R0VD_ur$)JT7S|k794Kbfb4=3mrZbg
zAm-g7Z<I1LI<7Yq+Ky`KRMlCR!6vGysC?%~&|96?SagstLv7y=EnO;*PHn6X&^~xY
zG~D-5%}92_aA?wGpUJwgt^VGqWF8lzR-KUM0KlA09vgR-Eyj3D*0#}v%SkSnZg&5%
zH=EgU{Mnq(>;TS=;iL5Wgh|Ry?b?Ke+c#$XcbHS|{qXq40zg7KlJ%euRAA|^RkP9A
zd;?y0Sl-0qoZ9;p@-2vxHxYAd11R@%V0lh^4{ri{X9F3bI#LH|5GaS+zWqSLwmZ)a
ztA!|Y{%cEaec6)dlbEddN<Pl#Yf_}IsqzNEa{ts_LpH@4DOc(|hy1B4!}Mm=;xK8-
z*9aC*?N^f4736=ivU!mxs9&~bOtj|yRqcg?@YQ9q0bWp`5!B0UA;WSB49;jG@6)!7
z&+_QQZN|riPX89c-Q8VX2oRp@>B(y6#Wv4!v8b-&N!!)DXAJwh;l%7%qjZ-zPw2ii
z0@$l@f+y=lO{HG_KM~HponogNWD<CWm;g`U@$n%mYvRMFu8_eE1x*{2=EcG&RiMNs
z^SEnD=e{1C7&+m$P)Fa}8<%(<nQvZsD%b6FF0N6y-%_zDTo?gpG}4=I@Pf<78tjY^
z9PT*yDHJFWe*nxG54CCv4Oi{x^0*JG{MRXjCc+eIskZyc9~Q7P$3|-W!3|<p6jL@n
zto*8W1Y2UEkfOA0VKjsh(MMpBI=ORP74BcCiMXpZ6{U1Ali7sbG*(~bOG<9?!7ztb
zKH?XnITNaTCJQlDED`+lSP6LXLtzkgn6bHZk;n-VJ99ZqB}xvON;X~LWrw5(MHK1}
z2-oa(SkjuvI5LoxS9qf~IV@50j5b<8e!jcxY-YL`q;Nye7Op88>vc*g!@k&^G`L7l
z?+D@|SI22|=p%g=QPy%X*lCA$)9(q*ozZfm<qtlQKjd&U^y~Dmg?svjK`|J0fKhPa
z!UBh7IiAou`)$nL-C4fn`A5~{kvN%PiIH9mPDr)2uQf%>-9;8vakZZxnlDusaY$`#
zG4@2llz#c_$HYF~({id}&d8|o7&+A?#Wr^yn+_F#>KjS*3xsd6P%$E@!rrwhwPu@2
zlj#0)(6mT;-<r>G$pd4!#6j59j+3s3e<l&S<>yA523ei5zBlGi21gPWjs4cgH&mFw
z2qg0&u4HoHog)MfiLH-Vwf*mQe(^338+S88*&8rehUTB{I@PzBs+DorW@wbtRND4d
z?Gs{s<4uKOTw|K16xYedVQ1RpvN!-Bd`{R<C%q;fU755PR=W8Fx;*swQu{y7?ZDI0
z*M&~T*YQbSX@HYYT&^`=VzbsX)!&nEnNXB?(FM5J_HP8?mhR`vqfVWgKAZ`Z{W2=F
zKmwaCMo@&NrF4f!xN89R-t>K+2S*H(KYMk~ePO&C+83sMC+u`fXf4C0_cfTiYhE_8
zOL>bcUd)2x0OGfa=_BfpWnP311#pqA7Z94<z_)M*^`TkbCG?Wzm-|fDCg0a2RxkMV
zHPIote7}RWJL^22mGfJ82x8=3qh}@_^0Ln3_Y0o%5tAZ3URUKZS_SJr8kKc1rE>1h
zdK|m+LcOvkQ`6c!3F46v-yblo-`P(P;nV1;qPz>b>_%iDn51G*ZGmH*r9@0NF;M?E
z?Zt1tyH}+zFXt^+4l)bO*gFx(GC;8yf(eOJWX<b&H^Ef<xY~)xlc|P#*NdHbTDxGG
z*X{#V#L4q;1KwgPYuEvkzq1J7|Lx@jWG0(HL!84fa*%h%bAM2Un`G5IU;DH>Uqel+
z*{Fcre!<4FfmjDo2DI{l+;=+yn$<<0BGmxp5CPR8Fznq4BFA@%9g)g({+5`sM>PNe
z;(2Mwo34Mg*=QrutTaEj-(Sq-rTc590o%<4pqj)3<dwa_@=E~3higqWvxggV_kG^4
z)v`w25{rL3&8?LEVTeV0V!x~nKPub(9^qmm`ct7kgVAs{P>#@9@}tZh)L#w(GwyA*
z&eTfL6DmvF_@g%w2$o`EOogK?#Xp!LV(W_y0T`|n5z*_jl+}@wsapK-aiqBVHGZau
zr<y^U?ILrK0#MY~rB5V&Z-s0+f3#t=3Tt6k0nP+7Ih<ayzu7sBWZ$387Y{R2&g;hM
zT(FmVuD!^6eW>7y7e01j=C<n5c-DQ~(J$zq>@kt{;TSd0;<2NyYIk3?NMJ9l+71{M
zA;;V=&VS;06b0OBD;GAXQkC-9og-s|$ifl(a7?^9B#mD-^kg_J8L9bNix7akWB;<V
zi*rFo8(mMkPUH?zW=XxW%DeMM$H5uH2$#&9a6~ZS^!$~gV;M$-K-h)J?>>hWqjPfA
zJY|K1S{|sM#~YK<5yGhI)oSG5a26tRj<GvgspxOZAQy;PV*kpa=v2Qq|H5!d3v*cC
zqDnjT^77}=Xi#S~i<~c(ud(2c6o($v`1Q_Qfazp$0klpHn*yo%SjTNOsb|$Z^K*SW
z#P0i?5N3pbt;6M#ZJ}3~RSRLsg$U#wz+eDGAGg!_NB!3l?Yb9(^upTICsv>e|4m%u
z2m`;_VB|3sif-}qV|1VYtbWZ$1Bpzp1p%r;WD9dcB1G0g*GDsK0V;9kfp7<Wd#VYH
z7-*=8adp}GAWSC7Odt6;X-P7{8=(X|+45{)-`@VmzWvfu&rA;7ylmTTFWWW)3P54M
z%9L(<m-SXfcJU>)8-d$*jNtd+c_&ziW3Vt+(9;k9#&TiR-inUio*}~Fz}}y@2%Lby
zw>p}@qZeZ@$l*(ZMeya**E^lDE#B<*D(o04zCd={4Qm;q36g&X^2yj>$T7-|G;$xi
z!%-%Gy*@r<A6yshY&GSByMFrPHT;sWZ%pq1mfqjA($HY9A$(UzVYLd$yWR_CDQ(Z!
zm|<$VUn=VAAN1f@WxoJ$cy%bvNj5v7Kx}AH!mb=nNANr)a6dm(>0l8W!eiM|2i%(=
zaT-P`vD?fFM`oXZOKEAP!L}L0PdSYVVU7WDKEe};n=w~qG|~2iP8eKI<S9t(4F8T!
z26<#<Hi2H>c(xqVhkFlx<9MMCRH9N5)%yIz;m&$<yPKC@AQS<B>=Pw*2r&59O+*l7
z))0UA4|yYeq{kTn_)1nBTid|c|LHUz*3-0h^6g0A`aiaGJn7A~lv?sM=cvl6DmI8Q
zSu#_ujGhecfKQP;ykK5oxNK1`yxf|SXAPU~SbJa~n7{NXarWvp>Y}6_wvpu*0XATW
z!UM2j<Al6tXay{@ws6BSH@pB%R`02Z`igwaG#lGD%bjoHkWdlhX8Q5ttNIy&6lD-)
z{pkG@kzR>0DmBC{Ozz-ALvX$v;nNtui*~=0&`zr-c*PA@rOo5qg<p4x2)6aY6K@Pz
za-cpOWpuDURT|@QJxhJfK93l1l|N?gv-e%Ni?8#{Ku;Dx|H+FB?)8@W%f*+w<(N$(
zSS{8kZG?%Na8gNqwNAB*W3xN?)IG(5lOMW`S5pMWP(>*XHO!I<!004?VFQqjd`$Xi
z5WIgOn$Yi?Kdtde7P*;s_7xFCt=^nm|Bz-Lz>x!X{SeZhW+F&ldveMM3;sgt6qAyP
zXoV}@>(JyrC!e8J_0+2U-qT=Y;1TL|Yz?M~HL=Dp7mLRhny$iFO&)J;H?UP1`F^WM
z!hk2*ql>rtsY##^Yyw^>ZW}CT%zJ~b0X4B=<wi!@4gmk(ABK`AYqdGQDjv5!PPtcn
z?PMHDWstwk1uEA(VB*Gi3GUkku|-#934+_!nm>SAM;($SAk&p5NN3VlQ}O)KpoEoJ
zTt2BmE<a<xcB4JX0Ei%ifLRZr2~Z=yfc(T$W)>3F?qv|5d@~5NI4a7wd~pj6`flay
zNQ4~rJH;Kndp=6Gve9I??9l>>o!^_8jg)RwCR{G_<QIn4MRE536bKYECdk@FpLM-3
z;A)i27D*E4Yt70KdP7!Xf4uWy^uK*;N7zw{&w=5Z4grJsnbTt0Y-RFDev0S)(7KW>
zcE@O$T0;sTMjOnH1!?mkYa}z9l_IRC(YZ}uM7lJQTr#o#)dEDsvn?Eu=krXTZUVXG
zZtyO(Cl5dgB-~{42tvPUtN%$QcmHE5fgaR<yk%(&F6@)ZR6I{0Mbl>U*fQ@tuOZ`H
zzePPyU?%5z2&V<DcfNG{LCjEl_O$9XTgMY7uFCF7zbA%XzsrN4IDmjkHj8XBTzl5X
zs~nQ%bdlSxN5Nt6D1ywHjZ1rW^PB$PB$OCPAfKQk2}dG@1qHR<Hx+c$IG^e%?IeoJ
z=Sk;OS2JR>S|eTVj0w=TW)K5FVejCBjPGo<3F_enq)78&YKK+bI@H_9suKa^7y2r}
z#y12!FrIhj3$<ab&#P`~^*Ua}etfq^0K3b#`_(L__7}e6*8A{zM}en6!IMJStT!#s
zPf-1B?)O)x-WQ)Om!$y<Y3vfMmLzN@Q$bJ_u_{;*^><Bx|Am6uE?m@jNgzeY_9G<Y
z*{P58uKal9rHsI(9Dvm_^bD(MyFauW;l8)(AABpRrCw{EL7=*8_|)veIX$k(V>R>P
zggLv_a!Vyhp$?#=x)R40J=UM~7ww!4fRvlwEwA@R$lD1H#L*T2H!~UCNAQlk*X49?
zOoSi<IAL+Gc<<Z`3jZyNAil>9QBtqPG=@n^!zuhGD{}LLhFOd{28`B>mM5y>CfmKw
z^)fB9EoOPZ5*K0E_#WBl*#p>}{Z(V6&?gWCh=xpi-Y-Zn48>$<82sYc#taO-;buQ>
z#V?b0lAVECD7H~ogvg!KgpyXJEp~54^!xB`*p42V>6B!C@o?MK1m~T(DPd?Iq$Y5-
z(0OD2dQsg$Zkb_erU^B(EI`7aj6HuWwSy~^t@((zeLptTDMAgFxQqGmssFhxy(-D0
zuP+A=5^5JPbZ*=mq$wP5=;YSZ{`J7d>08LI8tNIGwBl!0*14vutG6^?6Wj%1i}q8R
zj>TlK8wDOS2L9}vWegcXQM1WWv)_2hpBKf8*61S^f0_ySEv&9Im5r!6r?QT&AkXOg
zuw=jY(dLRWKSHP{K7A<FX@?upq>E`X-Grs0m@U~WlF!2rxG^i>KU#SpM!>1^d-NxI
zzz)QxLsB|%d^*zPxScCXf|Z|Xb_w}D5=|ba467r$kBJyF_6G^*CPT--uvSTr4Sw)9
z>dp3tk41qhh3DV%qJd(9NKkbuhTHymTr;FaFPu6*%5z6oA%&Cnjc>lPuyB<##{K(A
z7VWrq5{{&dbhf=^kC!r#b&3|YuO@&MzL`v=^#j-4<GJ;blbK33wb3Cqn5tuM*Uuta
z!xz)6(XsP7^J^s<hIt7QyaSGmzf!j~(3fazhrDp@fs!R=zdF!L58$lhTMRGciz=%$
zTXbZ9^0n$}h77@Mhcl>IkE{%1&8B&KKD!sod6amN)5?*{yxtf+#rD|S{Du{yU`c3+
zCu?Z^q>RtUKR5xqD;#~iwt^paixq!IJQne=OsRxDs%YEDcZn%hMqEwXC;i{aRGoTQ
z+M>so_<qg5;RvAe&1uO;-9lgIJ^HbnS^ue_9lS<Fe0vMu?_;wbQh{ZRnNc1#HOsqt
zi-3ui*N1`$YvHNvP{&RQZMElC4hdDKe&BnVgpL`AohM)5E7|$|%tAH-(knI{zBnIZ
zHgZ`4r4HmNphHX}`fL-u0+1i(%k~1#mdH@9Do~nF2JOg13`SSyW!o+}5W*A5AV8?_
za~S^#HooRtApvvcqQD1}CYPY)QimQ>L3o}wbn0?7OssNtd=)AFbX9ksFP+M}gGrsB
z;@p8a9Enr+-kInT5YDti#Co+0y{ZZg!(kZ(wBd;q)AD%CV$`gWF)@OO+&4%$d3nim
z9kqNtE*sz4pgb9Ee<vS)$mfS`{mBM99a(whd~|=0`-OJ<`@_2Z&SJ?6NNQBbp9Xg;
z+Rv^~sSeYsrq_TBXB8<L^@376o&N+j0Hl?0vwQ4uuOTe_rfBj}>Kjz2x@fR*x%u43
zaY2w>v0&lC{yT5PZ~aW}Umh=6R8~pt+lM$K4gnETkU&+-XD-Rk07T_%pQU1HYv5=K
z|C9*E;l+PIkDpaZoc%OX^nMj6m!K?hP^6kFmGUyoSmvc;SXGkp*4v<l5cw=HXIRqi
z$*->JUkrkZOnRT*TUHh_l6|9!^2S7&DOL-@Z^}e;Fpfj3_!3!%|K$7;kHh1Pek)A<
zjeL=C&HJr;>opYD{dgg&u-%yyrrSxj5@a6iIUG?#L=V=)D?Hm}%loJ`&kK_FeZl}^
zTueE>Y)DuJ-E1MM>?*2`mDvu+bL0KEFXmJsaX=eF<phtzG_BgnU1zbx52uRvQ^BGj
zQ6;4DdIw!Hxs!xCva`BDlXY*tg*;#g;R3blZ6r+Pf|J4qsb=mHc_6NYErx#zKPwi+
z7op0{fjEjyP-+hdp8_gG2TujB*aLj~6wG#JEky`IvL?}?x6!(E;N*pOwC{R42TW$a
zqu|`3#AF}5y}ZP+j+1Nbz7@@gTGa9WnEBFw0E@gt>t<{E0jXI=WWtbE1+S!r*imgC
z;uO`iL(RRD1hd9+A`V9HHGd{kx&uK*Xs#r}7tl*k{}XH&F!3nXXn+lf+QT>qnP&c)
z?YOf-RH)SAssW?ryqotv;LG@VLd`E=2dR+L@rc|p&;rj6n>@-qN*~*@S;B~X&zs^W
z?m)ufyz+`xvofJg-wIAlY5Wd5<=icTA4{tY@vP^s86SVD*0Jo*KLb8!t)B#DZr`A`
zpw@X|yxLA%UqY8jMB;^F^b)!ymN6DU=oT6O30=Or3ayqmldbxBJLm7(4gw=Lg1ZVC
z&W%WT0A8fRs=@DY6|>yt%?{{LVtIO;Ao1NU)h-G-W2)QXC%*I%o$VDr;df88sEVBj
z)t<@`bbQ#0|6o06%70QxOnm=0#REX?CU47Q)T4p`DH(q44p|LAk_0%5Ig^u<kp$M|
zKTf+b)9n&E7zz}Nl&T%}l@Q{cODxh~%kCXid5TCSF|O9FP*X$tqdy2=0Row>Rk(mc
znSh_hQA+lFgz=gHl{?rRk~q<X&`(ldu|!!_YJkyK8iF4FYB%qBz1)f*A#ci&(Hql4
zp#^Al5@e!>LU6q5^7B5WOTTnH#LZlf7Yv15gtc53qdvMsm%M~7XMLUp1jyu{(j<X#
ze;FM?GwwV3H3728sVzFW2Hdr?xO|~SyO9>j$=$s1$3v@Yl%Lk$idoT`^(>;No>k68
zI)G7Ogh;x8$^?#8b5JK%dH+BVi`JOZg<T{xUnVx^jrnEg93*B6fiIETl2#8AEX%;-
zMsx%)Bt&j!AA%3vmjJcI019w)T<SZ{m}`$GfSr5NdD1*LcjywzS%4u+E|nw*U;r`0
zx!kLD6RZsGcG&9_pErJjrcxLj_RtjLRlR1+!an-07!a#+F3|2PXD!?_=LK&LP?DB`
zwoCFlMIw4PBsYUMcdt{EC^t*9By(L&Py!_8TX}LnzKB%-inYw9%V`svxF)sSYe1Mh
zUIPx~=32@a1!`-nvE4fKgFImJ01uZFcwSSam^<KVG(J~6t=Oc7o+{*S`I)JFB$qbt
zh3kmV0;5HkrdX)r_2GEJ9|cu<i<Z?ouxC*FQ`v*F92-c57iMl$_eXg?&(-!Ak(QUr
zXwh}zUP5f70oeghq=3Fs@w;!Yd?G3H;r3+cC=`h{LQTGnt6)l$v&N1!I>?~IZ4%Px
zAKf_=npbI<`xpm8QgUwd!b6Ee85&n=xeqG@e}Kkf0rdN3S1a6sDilzL@b2F1yjpxe
zg>;PO0pqP0D`*E}CK}$H69z&wx9`97u`vz+#R@uqd524z^A3CY%9|*HKn6uscsZOq
z@Q%l?57sNZI|&XGAY$5-ECi5+Fn8Iz_hrn{%@v<*5G?u^zJKy_chn=6Y`KG<wDARB
z?A|kVG}Noqd0H&r&pEFb!!*JDjthEMU!Z*d?r;JGR1(UoM&&UvxwwTC-`egKNb*mQ
zHntxhhFpqq<E2e@OJZ=y8Yr?HFe1tf#}?(c>3`))r{&kC&L26wP26-%C7@O;91K=F
zRBb6vyW`HnsY{139f;eY@Z+L@N(%O}+zVrV`pPEiNZ4;0YcvVJ7<Zab){|kp@Y#@3
z?;51<F=<&aVtk2d@GLm@ZOdjt_JZD5)t49x4Y`Jo4Z&`n`AMtA@UlPh{;RY+kcu9H
zd%0jYog27+V(zCLIsr121OWCt6WY%cMKww3n%9cS8=~%E=iy#=PycvIvFC>NaP94-
zP9WQA((R>~eP2C?P<H)hi93Hdw{o0nQi%_i8UB3s%~OjhaAd?@9o#u?ZPx9ogL#HI
zK+%?H<8`O2v(q7T_$rBDpq-!@=*)9C<G^|ej_S7W+-dc5$?ZZ(XfU0HJfFF6p!&Xx
zp#uwd3$GR(RB>WwNHSoY+BYIGG-cHR@XAAC6o&sscp{UFgygN9+xRPU1s$->-1_N-
zB2#C%bQ4yE9X!YcIAm%0E}D^@R+k9;Btjbpbb0S8LZ4`!HR~+#F5k;)Y2gDxT#Ed8
zbo#83XfC%a1s(`*Tu8m-TEIn3m_)MWW{r+NzfrRp+6CYn?3$mc!Xi-=J{{%m0_aEH
zuNF6I{tm!iMs?RfSEC1e??XSmZ)7l`g>LB4Qqw0t2F)JbpDAytoMm=9^riu3gSDu$
zFvF*68^heo%EL`Hxb^|K@zW9TsF^UXWGd3K4j&QYhqEt9=}q!}??V-EVv5<BOC%oE
zS>y`UWR6_z)GP-#N<|&&*=E>igZ8E*WyCdIIIe7syETalH60B|0P5`Eq$^dietUao
zHJK;N=Hc5mOm!G7ZAoph7hzlI2K!{aqk~#%TR@yuCArV+l)6UmppZ{Pl~Ezxh|sPC
zSU{xkGwY9jN=MyOnL17EeZA8-+GJq-3r+n-59OzljDC<IVLQQAWVn!p3?i>)u;h;o
zbe2}#3Yfz#V*HpYq{iW0_($i}44WUB>JDTMKaBEwy&<;k-R;wyzx0e7nz?Jy)yBz2
zT_5&%O)aneAjF3NnQ;ud<Ms4~+neT|H{l)AZ}bv`g6GRC>SfaKo9l9Opsynes#3Vb
zZl8KaZWoB2SH@qVD?W!h;ES;K^h<u=_Bcpz{Ux%@9;*~}mo#Syn&~}E!8>M-?{Pyb
zzw)kd2@^l71vCXZNa@spPl)5DiXJd4@2FW1x7~biqrB7AfK9XR+$+_S)WH14q|GvZ
zq2l{Q?;T9eQh4gH%v`ZAeN$z1Azn-r-$%5+A<*$6K@$=}fQXz6(vU!qARh1{iTDo}
z0Rx~skVtqorF^b0I;3A3a2TH|rQRlhhrzRG5X9v&64bAF!|ehremN=U^C6a<qOw-1
zp&{gDNUwULuXW=Ah@PpuhU&FnuwD$|Y^d)Q&;V|pyjNutJ5uTC{82%S63h3as(>IZ
z>V)QMR|z7EWv9TaG-wVLpFXL}BIS$=e<sQ-S=z$xRTNz_NBr+jM&^N(G+7)Y!7Q<O
z?M2R9XG$C~bx2nb;vWgGinZ&M3eXPcS_ag;gklCPE9wIasnEM&@pINbrp8I%5jlH>
z&PBy$O&6;bOlB6p(#=5M^f9kD8nMi&Hj+XubH@@m<(KOZ^5<1OFf*ta0&t2H%$Ld^
zupdnw-VwiKy`a;QNo3S5rhScTY6XwYm<?3#)QU2bRWY%==gjOyldh*iXMZEVl}SPd
zf}1P^bkbHkhv!K<ggIVxOqv7EdkCkCf_#);ULN^E+q>J%i`HcvpO{E|uxH>)g<>`u
z#&rc+05=QAprLDEr<XTFn6PI@nH8tmSyKrTSpgu_OaMZSRMZJCEYGVl8u@U_os0n6
zJ|LL&+1yE5IvZ}DR8}r*6p2Xsm&KA>VC(RlxZOFJZdmGg?DTpbTszzixm`Y^?>blm
z7;xCK=L-C3)aObSTvsND2pP`L$CE@Wu`98Wk-ST8{9H9ra@9VC5d4Uy;B$;wQWybK
z5=sHg8>M+b0lYI|^BhBu2H5rRLP7NFX;X(-IMzSds=N$#yb_S}`$r^Y&IDP_d`taH
zG^>)7%G7k#F`#t_y-mQyJgx?JYd_Pa3UmM6z}E~q2F>G>&1zaKfFi@*M}1$pd^iWm
z2n!3BgUpv(Qyq_gm56G?<1i~^I9j9VB0ir+h?sQ4-V;E0L&kK#=O?^a8RdVuwY_ME
zdd?Zk@}%-BL5hd;x*?`BpOtvXHPS>FU`<bRJ6b-aeL#yL1D5Bj%3i9ZY3c6=Jxr9T
zoh;J^4rOYJ)P+%3xSZk~*8~|;3)d5wLw+$$9Io}85g%d#%>e`r?kh3pI}Bu$LQ<L6
zJPgHZ4b6fp#i^0qdSQYq@+Z*U0$0*_U|KL*Cv<?6-*h(LW^@jaw4!4mZIpI(2?{-R
z^nu@BPYhzo#}?|)*`%<1e%p;DLphA>RXID;ua}I+@ipbQK^fs22&B8p<*!xwfJ&fU
zBLD#}dsm*EgBz37wtjQk;v>43$4sea@nS6XMk%3dCDGqd?q2~?AeeTEOW!EolS0KJ
z41gsQ)985E6GH4I<hai}G&Gd+iTgGI5V{z1k^ZTpV?+ViO_3NB!fHTh-H6;Anj8C5
zN|gqog~nTi0>9E}59vhU#9LfP&6V18zS!kwN6zl!Fy4Y{gBj)FLfs4}?zIJ$fK7k`
ztUd2{nyZ@1SwkST1pI#AfiPZ;#XVDVGVAjLW7rt9NuTboFb?fxC8fpne!H^KVh|Yo
z!wcZwrA^{QVEiX2-tl|2q+TmIy@(z32)L|~doxzNQ$>ndog(3*rJ5Wjw`b^?#yNaZ
zpMa}TFhN7N7fosue%v<(U~FSvNBOCzxuRN`qpJx9Gy}1QAI>2y_&n=B9M8{(0H&Bk
zuvzz7z=|wQxkOIrR|4<&H%OoyMp08y7?`P;`I8F$-k2y%epqyDT^xtI%$pc`1+;we
zL`UeD?p7s?1#_pv&4l09A{E46Z>un<ZTb54M>7N<YUJtv!*K48$=CC5;^9Iu&0Xws
zEFjfCRerXPYengIg`#j*mgEFr2(R%MCBOIrI;!Vi(b5l?2O9yPuU9xe7k_UA0SHbi
zjv4k}%uN2W0Qk=@F?xWXSQ|Mt;3%eWO)CbgmE+7AwEw$n@+BgKD5DeI_)lAu|GdP1
zWjfxsz~iNk?q5x(a3<{;wIC_@%UDGnSU#H=lw#!ny&V6)KSU?sh14Y$*y9a01rlr@
zuyp?U=g~d92ezx{cj7RA)93xyef`U4#25g#5-Zep#v^+ojs{s)$%!nw06fa?J1_Ou
zm@YLb-2eXU{`CW7Fo0i-M`~8!!33^Gx0n+K+>s3K%Q|C~iD&<toc248|8jNv&o8X*
zNE84Kv$$B2D!|jCisQ-kPDAOMmU18O2bWxw-0wlT6>#kV9Lp$){~nwFH)G~sKaB7z
zuj=+SaAV(jFCk=4qA2-(=jTj5K!PLWQxrq>|MqrxRry{_66X!Y0)?k${8ki|{F|%g
zflEp=0ddJb6)55U|M+rJwEm*^=%8fM)1O}K&5dLK4is@{;EGg4nEZ?X`uF_j!~2_`
zeUBl25e8(gkP=}_?2e+>y}asbpwuZFx6SE#NeO@ROaJ3H#mRu%h(Zc0G!hT&iDKjJ
zrUouR@%ZwtFSG?ry#B*R=zois?w~)5TUhplYWS4g0a$swSiHc?Fjyg$K>fXPP6ByL
z<{k2FbHo*7%7J9hzEOeJNA`dBp7J<=yX{wquh#&mQf+BRm<y%u1})&Ty2QP|^JpMB
z@bh5uB)PcX_nn6c#^rjM0n9PR|6pYg6Gb+EJ^z2tyMObqKpZfG)aCcEz>`L=YbSyH
z-Qnm20J-Wwh7zmyAKPh*2UDSX3CdKVnk-xG_KNI$!!vZruhw)7ix1h0OHkteoojx;
z&7?R2k95DfDSMpo|K<&S7kvpq3g?1wMF#o`QT7D1-z%9{RRnmJq-9X{|Ez?lN>dg9
zS-5*@RqWOldc8O(==a}Z9Rl3wA~EUi-~46&wLZKm!+`(&u>ki8SocKEv4;h`Y9Qc^
z2>Aiu4u+kZ9VqFg(wuSplvCXZLv@}8G($p9_-ZXVk+sJhf^LX-vb|;s1%m%l-YQ)c
zW`~!}xqSVVTH)nb-WdO9(>Q%u3a7lX{r`0fe;4M`o-h88MHWgJkNwZTXYQni)ka2j
zd9c8&7~rOuOyo+D_JC{zktjYueEj$kFnTeKNl!0(!i*=-+DG?}SKe4lE+Y-lZLTnq
zFH~&+L;qM|_NR-BCU{M(&c?k|VWPRW+=x8&IaB!s#oembQ0rdB>6V5E+w6~Bzt@9g
zcfHstD3CElhLC>Qn%VtyBouS-UoXOi<8dhMEyymy8&4NwO%=!ogyXXDhhTy}SUTlr
z-^w3+?OOS&g9)x8l%P;5fb2~z^gktGUT9#Q0f!v};j9<{3;~JOGiM!#d7i-<Z?}>a
z9|6LjC_p@`xXb~VH8D|9{5UL@*?w@Cv$^f<z_B=TQ-v@uaYXhh?I1xqeP^+Ofys1I
z<q$Aj@Ts+0F0CD5-=`_mnA4<S(8S<&I+&GaFdPh2$D$Ce6GJz>^>MVEE%%x()3#!>
zvsK={4(aPdk=RlKgugBo*$uWw_s4B;?5b@Z?t9ZEP4n8VU$B6|AiHyEw&hy_?v#5s
zD!{Nc6!4}ljoQo2(&j(0_1%g|ebumk)jCw5cWYbC+4i+Hr7jJDfD2##F_t<mZ`sLI
zxCDoEd~CgKTq1fJrjMEoLSN#ooU-Y}R!me<;gLQ^tyLD}`Sv`9T#h(;?AA&<xc$y3
z(E{UUe|%n7((9V>$NTF7A&UjyoClpSY$kN9;ZiJ-aQuwU&<Lc>gHg&>{ZkTWQW6rG
zLw1J-M1^dwCa1AqEq)jKWn;$0rxqM(n5$3+I~7^gR>xY(=r@;3RvxTa5?D+w+>|5d
z!RnohzHI%~dsAjI-NEQX0<{ZJtOPxlB;cn7fFB=3TR1Maq@Np{sOMNj3<!T)uYIVL
zyY6;>y698t$c{K*QJT5b<TwT}R(F1Q$w(gd*Ky>wA<m}Sox6kG+GAO^$$vggHW*5-
zlTnmTVfE@Y(lPH^cZ<{HAjWgMN;IO3e(YO6j$(OcJ6U3oyHgpS%9r)IyE>ErR%0Ge
zTqiM_$W0yy?S7i<mvHf}{EDabwdroJXbO(!y@&^&es4IfjdBU2R>1gIv!JHYwaCBE
z-ZEfFqiy$biXIUZ&gf|QmMTgdyfE*4_%I8VO2l6*Kg7kwGjj&w#<`r9@i>i^oNrbG
z3f!*oCDW3mBe<>-F72(Kvm&^21(l4zcX#8|pKv*ks%@6tujSLZ-6wb3o*#9SI9SRP
zo&avQ_*9XyQ~#DT?nV_LEa6R!5P4a8eHC)tURTn|%wgO&E05)$+1s=wJ77QPLcPqG
zCf8sW*^is;e0~8)PWn;9Hh#@BF!~t-)*>dSvK$K#8(+w{-`pJo3bi~yaFUzdXu1!S
zE9Sav22jXxr@#1i#T(4F<_|9>)}+#45DD?%Ef;(nYx2utn$vC#YJAOTGO6dts#1xa
zcGrMm$(rbi>0BWblhrrj{pr#SMe6u{8lv<mm-Ysuvevy>;P82qfw&=}?N9NkzufQX
z#d6fTw!XfrFqsgZkEx^AV`p<QMGAy!FH$<3pZw6IAE}bV#nYeNsz|Lo+5_KkC-cqI
z@o+jiNVrCktI6>&o2?2=&@(Ui@$QI)=iy9F7_h#A*^sL<WZ`i*o>NDz%#5u7w1uty
zS0K<=!s%K~x58z@AQ+}i{^0p4BNkfCC;>M(IDzn9vtBq$!=;L?vR;TXX~~mu|0gbk
zafna8nvd?h@dnpeyY~>|`yUrQ^6K|Xn@oV|e_^5L<G$DnnPonF#)(8RVSuMmI<hRy
z<Bl@EA(OoG`X@jM!Zsbx4ibOMv<KK2(3|#To{^h&=kWncZ3!HaQ?$kPQcf8V4@|vG
z>Ei3Dm9fhNOn%gKX&T!A8`gi16oFFW^}o@Z^R6zhP^?c^`Bjf!oz}m7yt~ZedA`M{
z$v*?$@HoItSS^?Zfc<YDnoo#@IA3fUy!(|K%k4(EA^-)EdQDM~ip-|#UV&$U{+3HB
z`LrLD=7+O*L+^OYXTbM$7hnpEHSIBICHSJLfjLQ&dt<J+-)<`B3x!}%39bVOk2V;x
zlVbr5N^@z;6Io$D+%iG)^M}KQZRwV7EIv=8Bm78V69?27+nKzo85c4q6HxhA50m&U
z@jkP^m;x7+x1p$DiU}u+O`mvj!oj^eV9B@yf_}aofYkeuw$!8;2EfV`v@N71sx86K
zWeUB6=d3G$FGNl%V0f|`)jt-M;#Y0Aji4BD83FhSemR|Y5;z%m*tGg37}7wSr?x6K
z<H`P|XWjLl)Oo6C`RlyX4w`~x=jFrY%sQtB6$BCBYDWqH4pjBp3OJMnL-|sMO651k
z01c(}eh5*dC2p*4`4yS7B77~=ygz^^y|mRpA|0!Y0vdW34#y+@8dFGU2MXwOlF8<3
zz6z_O6jg;Eb|#!d)Ryy5pj(^gZaDg|<m`Ml0)xc!)(;Cqc~9IcWF<@2FdGvFG0fgG
zFT%0XCa~aoAX8u`inm#wluLk50oM4<K_@M<3ORNHCseSW2VZF5d-WbQGm3St^LR8R
z;x%l88hy{VNAdvad%2+I@VF~pFxZUBy>(Dy<XY(ekf_9g*5LskW{d(>t2JN`SRzsa
z0l#wlvHsy#-v8x)^DBS2y5_xnb5n1#ZoF7uVL!w)Bf}1|^t>1od3f&B`K5x1p8~BF
zd0eJMi)2Zz!us2@{NcR^X-9H3froRYR;uAh8W=)Rox)*H)?2jfg=&{`!xztf2Sr@|
z%8#Vv<nk|c6^Z!L_HM|(49kxl>3d*MHMPVZIhUZdwh%`<{o&V7a<U|-E_6L&|Ip&}
zg>o<emL@|B_XAJ2@Y!BUiYUv4XpXm!$Zk!A#O_JOY{y4`%|TQsDrJgK0&fiE^rnI@
zrZ3<bSwP?YcVo1|d;MQwJaN#Qyk>Uj7o2ai(iVLUAB8OkxXQp3Y5}*jI@%$XuPAJW
zFjJEv_B}aYDw&2q3G#evyw*ZpL8}d-tgB0HvP6WJOYf<ft=fHI8Y%rEe8HaGy_tup
z-Hat*Tm3Iz^RyRVbMa!u5J2mI+$>VMBGb~aKl5gyPuLu~3s|N^&WeQ!iFcJB$$x4P
zI?`?%eL%VnC*Tow*qhcj$UD#pJQRIou2ovddqa;(<wDl*9;JPt?AYTx3*DnXe~@Gg
z_D#?*0y@$!;PR!?w5rV%f=r04mjpLB4hS1%fR6PbSf&>!t;})ME<-;oO*#l?hNXB4
z9I>OLpmvp2U%W-ITTs}9;&be&rnGr)ch?S&a61(75vdTF2&e8;qxtLhhKiIY!O5LF
z*yZj^Hnf&I2?nxX-MdAbUOYzQQB|t!Q>K{*`gc_079M8ozWTnVn614X2zG%oz91n2
zAUcEVc$A*SCp?PVsAJF%cn=`j;Z_4q@sJ)1NmNZ*5QMzUirwo;G(}E@{)ZF@m_)p|
zoGWO@B8B}5Fz58>dQoyMxf7GDBl0})mbC(^Dgi>Q%cCXr0^e1Ub70sZ<MRgISymsX
ztwvkoTXK1MfDD1!7#w6*;|UUV;x6D1NV(}{(9HYgI*6rR0N1Gk)eOsW-hNuu$Y#gC
zEx+4usrbYe;55A9vWezNNMO<H?iy52S;)irr^C6>K-A5aW44(lK$?=NX-JF(@J3UO
zVv;fusJiTIY{i{qNE~CWqv7&_$^X^a94-9coz2l(K1wH?=bd_OY$)`bFGwR}_e9{K
zPRmg^)`&_dUkm0>;Ifu$`>|2e(8#R9ROE-6)yDPps*M#DBR7AiV|Kb4q&u*FMTF~i
zu~&j2j!3{Rh)Nz>BSj9C^<HKXqHK$HyuhI7?dHxnX-Fao8g?-9Q|eevlbrp0g*(nr
zG6#oi7H6*UNcI2;nG!yaM+yvnfQkvF7csyRd)af7up&ODtbnyc`by+~(G5>xchURV
zk}W)xG?`^YNaH%32^pNQtq`|l!|>ebU}iEEY@plMXur=_V>Tn(o3U17*LzjYsD*IT
zJ!Iu^Q!H@4)*Fg7k=M2OmSq`=*gc)s&$6Em&yLtR(PZ#YrR{y9%X^D9fa5lq5)|-q
zR!7^@CFomJBm4D;C$}&lVO27*v$NY>a$1&M?gSjp)`M5jtvof@H2G1x@0z@Ils|sR
z)(D86A)4m?@-ff+Z^mqYTJje-Dz@M|(8&h{S>A^h*#nCxTdUbwrOksY2lo{}%1=@K
z-Y5Qncu<6ju&XQk<-uHtr?Vvxrjwi98JgAhyC~>))}!C~#8Y7)IUg_NYd2SVH#{Ei
z<<$WD_0=&IS|qE!k?lIJ-qE%0kj}HupFfWtdwN!|bGu%As<vEW-<!w-0S7KsQi;B&
zTJiJQl+?KcSbe)I?LO@fk?F^P1v)5YlDOFg{x1u38Ms7FmndQlNCv@K=acq;`XMgG
z;QOO{oXw35-yDC_8DJooAJbS&o^b#)G|J*b1Du%q9RkIlbDe28yVL+fOs><e=*bL$
z06NK~tr^zFc9Q>p{^y!X@7jqeCJnbnw2|l~2mdlskXuK}=Cb2_16ONqzc(55!cf}V
zX?8h>)?YLg@P8}2fkctU38*lpCrr)LTnu>}zVw7*F#@Mr)f`S5(wHYI0r6$*X%pT2
zf*0Js$r%Hh=bapSi5=zh%#>N~GIv-9OQlc94fA=Ex=eAl)ppOwg|azdd^vEn*6Saz
znLsg&UhA7T&xdV&nE+%zCf`<^0l*5@teH%u@~I#8mxOa}4W~_kGJ)=LNIXND7F#aN
zSN!5=7B{JmOaY53!&Yc-Di@{(@IFam63u=O*e&@V`dxH3*Tgh&Robd_s!in^nJLwo
zY6L_%yX~hvGI}m4VOQyJIfz+_x_^|90f9Vln(oB9{O>pu=VJtPYWp_mJ-z~NgjVWm
zK>J16Vn7WT)l0oH0QqM7n1(S^x0~%xf5|cQ+YU`)!kT$6f`$d@!Y4E4?*Z7KL;kTp
zf2AdpJCPxBt}12w{N!HP)+7cMWokNMSa<^@d{w?pLQ*Dk!I}hLukzdzed_!25EwPb
zF8;&#i9Dqfzygl{7r<cVGsx&e?VTIWgAPziPA@<~HG|p~)q(Y+h#Y#4CF+>4jLK%O
z!Ostds)0aZ3-bU*4=G6auA|6=p#pGA(56J*wY#f=)sIPuDs((Qd&jfhAenc%&ceUM
zhYn4`8sozaUBm1P%QR%sMt9C?;ih=v?Fnt57JDk>nZj%kWr3ckI@jI`7lnLB{gx#8
zjB}ePd)bu?dQMdyKLnlHi%#st*0z^BXdlKK^R0fF<x-=#YCpgOoN;QqT{YtD=Vg<g
zu2!|{H^#fkY_PXMpuX^@vS%{>A?}+BmN1mYrpX1x7Hi<d$xxJv4M#X3wdQiBtp96#
zm+xdi51nQ94cRXhn6In|xO!OI9yaI61l*mBVl;Bgh}qT8`&aj0C$3>)_G;fA@`({T
zPnBt>f5#5HeIfX4#FJ~0ovUIkyNHBg=V&6_c1Z}aEI$}c8J)Oaw_N{H+~zwmohik8
zd^mr{|5Iev^O?iDtyhHHdG0m~mhP$Rj%(m&|8jE6b1729v4GHRlQ+)6SHJjUjf&c(
zU5;<JT;<<&KAmu=7C#Qscmjta5G_*<?c=SnQ1>6|L(Yah6f=1~aq{OYlEd|FuU)^d
zN)erDzrb1M%W~(rS`UbCwY=N*En0Y5->jnt9WuE)`V_d7eEu6P)eBn0s`(d0)`|;)
zECZZ*M*%<c%~3Hti(Y7q4}da?;farvGlk&e3RE^Q#7)9PG4tQl?$<RcXU*ut2CUmG
zRg!?CW=7Lhncj5K6zR4*KHQvMJe-gCrR?=)SiJO|4(5QjKw%_0dzWt_63-|C&J}Tq
zMuQw)>rvzW&RWQGdLqf^`-xA_A_QMf_<qvor2_L6d03E&x1?h?dOQbd768zUzo<E~
zE9cu8W%6COQ|l5rF-w0S?|1m%e3UQO`xO|QVz4#!=ST;_!|y!p{&s=&R&9?;7EMEC
zDCg;-3C@SdTK6eeFzJAH6Com&XFePq35zfEV1oSnTiqA0l+f<$WzP|sIGC7<2qH9{
zIJl29K-LxbBETv|^X{L{=4#c@1<J=XfVa7T=dU~`0dBxD>I2go>ysB&CBZehZ%W;Q
zNhb+%WNrEPdWwL7R#5c;aP*nhqN`#-GT}4Ofnf^AF!tFdfb(MbvDM6V;q3NPwZmC}
zq@!jU62<H-mB5o~9625%qoJHSBvG5K^`_#0Q=eRZh{>93K1A91lWv!nOGM$Kk6zRH
zcmxw0LZTsq>+vF?33?Oi5EuLqkX3+?MV6$%>cfH{2_Q8R^evO7Wttw8-buv&Ka72K
zRFv)Zwh~e*4GL09r-*{Ibhj|%0K(ASjg+K-w3J9nBQP{WN{52<zyJzJch`6Go^!t6
z_dDlZ>pN@BKR#;)XP)Q2_r3SEuj|^AuwxR@{6@BkmSVGlMirE|em*;jv0&&bXJ72Z
z)pzVooEi>60Vj%+&Fzu0`qjIlZ+Ui8fqR?NmwTH6_QqOq1FVZhPTbFa2P_M$&Tc2m
z%`hf1_z&4+miQu4xJ1j(Ac|UYI91T5W<<jK-e0{YZdd&NVvJl!=55~=q@<^9+G`fh
zVWj>{v0uFLRo84KY@5*1-8DVhYHpn;KH+hVG6wVyvm|uP8k#4W%P(~K&I6X`6>A>Z
z7;AyoWW-UR{dG~d=NF5IBNjd_q*OZ}Q!Xs<yt`<O_**-|)3Hf?NlEn$eZlF5Un>l1
z$$%EXCX8}eOCb8ip_kq%oM$hBGATeSf78eMM&BoU$7FXKZ>h)F9?!i3@w(JYi9zW6
z`1qYAUP}S(;#7@mWcc2+IDJSZ0rly-*+%zX$8RrdoEDMij>|48WNCv%r2UCTelbjg
z8?6+CB}8;5Rk9?OEp)QQx~1<(*hx%M!KW2#l<OyX+E!0_PlIfqka{esFJ_#P&%P69
zHZK`Ft-&OGQsO~(@wr6kAvZ+d$CV{tU+>9D6)on1@gW6d)dl+@q<rt%0Nw3gg0*y=
z*GSnd@&S!;pEV3pkNVBVnY{<EpRav)xbVqU`LvLISjO&G>i#+GG_&K%hN1F+NlP-d
z<t^&@pss#F=}ueouYA$K7NK9|_dBI3p-3lZy}76*C!8iU1C=bA1*k?YMgTd~3Q!7U
zo_G0OLX$oBmse5C67QPw3|PfIkh@=_?^I134GC^10QgC@d+;Mqx5<mMAzs^rZvz}q
zG>QT=F8@pJ_tIV&u)fCna)S5kpA~!!=^h9^4Le9>i~EYz!1!zhZ6bgTQug}T_;H%K
z+vQc6;SXhC3JbsW1Ld3LymF<*MW~dlmLr|Y=~?q3YC=PM6GIT+ttH5SCP#$tGR&oH
z=5l|DV(S9ucuqU_7ySHDM4@kHoeCQLtABqLhTp=3l6b71KH>-<x0_xl6~GX>)kzs&
zQK?b%n&oo7yAuozkpa^ybN4^S00i86m#E~FcK%*>a4-gp|8Xq|v+66n=SH{Dl4uEh
zq)3#~coPdUy{1Qpz(lFUu?mdKc|Jx)X+0cqFbK`uTj#pco@jw%_z}O;pPF5>XC;;-
zn%OT#3-T0_``F44Bwsjn+~c$O`mltUwB_Wj&GFXknUY$r1jZi7R^RYh^nBzg@aunQ
zuPz~UG{B?6)Qf){Rp<GDlCqfp#O!Ti%)P#6(-1?Yqe=?0t)Nh&H;gD=$46x^*(h9J
zQfaIVso?5k(B7rwRm_O_=!LTM%+T@0Fd<s?iE$bFC^GA1&35U)2r?{zK9p{NYvRC1
zo^==R(n;I%xt{kf_dXLgLQ6b_{)A)^kLwz(|B2)hNnRZ-=ohqa$tmHaj{uIjSaM8>
zv7cR5N90RBXdJuuC6t>Eq;Pwot}5)aRML2rq@y1hGhrcV_?;4<IrA>Zv+kZt)-yGw
z)z<FiO!u|!gx-C)$lrCJo$A#=_;x~#?e<YFCdIyOE&S+ro3bvMhw()(!=6`>rDgd0
zUY1Ynukl-mui(FfMLrr~K)aPc#UK0WFqvQT+s7T$c-p90>as|?QSmd-3@DQvPd{Ys
z{2k}LmK=W%hsktu!`3Yh<*PUEx>w%9Ad{rHm+W+}ex*kaF8@>i+%aUpphYjaRIMSl
zX|AkrC@4&VNx6S0h>0H5Nqz54?QCuD?rQj>=n-UfsSpm9S$lihhg`aJf<Aju8!tWd
zahbUvmW1U&7H@Sf^?xAMl$9s;XtPpfU>Le<+J+a%S!WsijUAiH2mOk%-H8c<t4sF-
z2em*c!nv}rW!6CjTa5gwt0OS!R2gnC)rO||@fi&MLS4IF?Cm$P1gW>$cg8c)m#fZi
z_w#7eoHSz`$F2Nyf6TsR+Hf-ao|lXZ`XH&Nzp%CV^=f5bgKGAR`qO<gZ=L?WGC!=b
z(g{^PkG2QHUr^BQ#3jxPr2sh3ej2uqEuMZ)8YDd2YOHL%H>d?`+BKgj%6Q|Y;j%r(
zo{Yx)Qa<WMB5k2joA{r&8Vk&RjT1p!Hq#UDcNJia1gx1|jeYIFXFZTk<T0rSsk&B`
zm40<9++x9pf7t{!U{`Yrzy9$iYjdWix9gs@E0Lc&uMP6`u&s7nS^@j;)&4Ml#+?B5
zjxMEYhN>3QP*1C9qjj!Mt?=YH1_jG?r~)n7>-8MB3@<TEsNMNijZhcidx4AHSLw}&
z@iHBbMt4uWZSl;Az6NrPOzmsul?ztTt5MQ_vQ~Z@p%Kj*jS$yNkZ6Ug{>mRbxFR~F
zay<D?*UU>tHdtE1zR-w)vaR67#<RT=&t3n<!B@L9s2$b14yY_?e8+smn;z>2USLcq
z28EMu=;~|vo2m0ZB=oY5d<*|59R^Ck4*72Ti#nF#71ts@`(NLlRwrLPKk!sC8sk-U
zVBNv}N%NC()s?KT0mQk||A}+IQ`tst;@n>I{V12rsl#(<%bOC!<vUsG7IYriP%h@>
zvU@*BNm$Xb?n@F<`SkNQ`<wQeP;LlKUh=m1UKr3cu7;-7+Z_)lTi5L~rF)y$by*+t
zKhQXT<oF3g_U*sF)G2S{HWmHRkSBky=I~=Of6%}QOjWhcB2aG~8N4{%Kja=L@7R02
zzdU%jyWMilS&o?2+x~@)KMV+EzDt!%(kShB56n+?7BUZjFQ!flw@s&kY=sotOKM)5
zI=7CuSPw-n4{{)<)``~L0Bn@iLG%?E@E&c=Dtug1sg^WC(TfX%=~y3tpPWo&zXP&z
z>2L($>pd&;^AhQ7Agt9Cd!LZd?&^tR%2P3sOPB09_p<;>{R)EMo%Qmni-xfE(SmZf
zPXTFLbqmpyUCdZtDKIP@N&`akW!I;wLJL+MXoN6`c|2L+Zt9h-{fGeMR}-v&llyeK
zipT-?T4%d~6#VK$fq_t(#8`*P9plU@Col^1i|ff-8SHS3|0l%VYlJ>3*RL0EW)PM)
zIvoo3I$SFZm2N(u!w7e%!X;!vn;YpC;?l3H@cR-Ss!;5!pP0m=A+0wf?x$xH{>!MX
z<^mJXuLdqymski2M=7GU$+8j*x3z=10s(9-l#g=-85=ufy*Lz(NRN6*n&%oo{(wHT
zr`Ww8mnfbmlE}_B7M*D*i&8F-(1YW(7Q*c0>z?LQbFI~%LRyXP8^?q4r!uAdf++{V
z#Qt*I57Rd2Th41*@gAC$&$4tBa3!L5D>L<q9xN=Y=eR_rYh+i+?ejA4PROfJ*FiSM
zi^`lDQzWjmR%70$v*;aB9p?J~JoRGHV2-)+7H}N$DzBXAOin1P9si)OLyVclOcLFS
zM@B@!!q=ya&b~5bJtSAZN6IQU<+KE^uo&9Vk&BoNjLQ(LS>L`}XC17`5*91Z{1xYl
zaZA;ba=i4%lC3cqwYi0)qfCUU)|pAYRX`M5P3&r;>%H_ZBV$~ZJiNW2*&I0@XXJ@z
zcYYC~dg^n2+cB`_XCAfm<1CcJx*77Nc-B{|JpX>Vt7&)Eoxrzv<Mp(hr%MGNy~<L~
zXek1*(JlRLkXa=Kb}!_no8KI+^;xB!ZQgcsHoq=HDl$gQ#unQ7YL*jyTi70zURvwt
zj6@kZ{4($C?x9f%faG4*e0w$z=-~3gZU^|{1p<9%iDZM!c(ep!Z48+>pNDFD$!#bL
zTk)JbwZ-vZw~N%`t*aYNwbO#e_=#;4OlugJv6=f5%d@IZtF~Z$Cilk*XI>4@WC*(T
zoVkW`c1hqgA&+KlJr6`FTp!#&A`@3D=@|H!c*qGaqZ4WO+PPN|eTU5wyAJUbO+%0d
z32$%yh4S}~T(?nh!&@F!<AkskCmZ8VOC5?xW`oVMN92&I_@Ruv7Ku#ayX4ZSNq_z2
zL2*cE%g|Y`q~M%DGc~r0aKO9tabtl*A`B>~j{?q04J5T#+SY&o!?c0%$n{=X4$5nt
zLxsZ4;r-Rs`ICgkMfSegKb$a@!XQY)c7R4ea{QJ4);aEvChCTSV^XxQ9rZUk*~nMH
zX2ytr1*)cw(3Vn;BxC=p3(x7tJe{K0H}k7pR`(JR$w76T2AKy)@-UaChQ&ylwxOU|
zd(&fg->4JW^Mxbo)LGFq>)d@T6Gta|_L1FezsBL0_d7`}@BU|AMjxw-qdG4YkeoU5
zqhcPDki1hBo-k>VPh@ckhJHiW@05La*uO`HPJ8wTd5WWQ21@B-_VwzqZalJqWQ6az
z*T_KhCK;Mzjm1)uo}DINs^D5l%jHp;7mxE>mgT8zdjJHE<9{aO)X(aq_jO72jmLgN
zj6CRgZz^~LF7>@Y!UfjAAKkAUSo+PFWRScqQo`-}C)Ok0XYD6TpYC@H6#JR&DpTek
z_R)Ob(&;PZ`UD^7EV4nm@k>y#K*~~R1y=iWJrWaYp;lZ>eg1d21d$7(Xc)W%KQQoE
zH0ME$>TY=)@<(uJ6}XW6ekfg?QulG&ZaLl75!Zg`*F7(kQ4Edck?z--8vEZ3IuaHg
zW#ssNnO;SaH6ww~iRaacd?iv|I%fM^>|(^{);h3Esp80Jm1xs>bW9^tYI&40FA~YH
zUeS)j*Q?yrTYZ1x?LKY?E*sf)XDzF}g2wIL(@QMu(GPAjV?d<|PQZk)UZ5)cydOg;
zsx0#9d9TKJZ_0;{XyuZo$$GzE<Z6=krgAqQT-#|9_3JOwQv^&5z#Cz0%a@GPRUzJ8
zTYL-+U%mIw$DHJKW-2AjV07!>D2sbPI<G8E6|VmyPFau6J<(0UghV1fe<U(Kw2EiW
zPObcd|M19mWP9;lU&G|OZQ5Fk<!G|)hX4(~i7}*lLAsE)f<g23Wu+*rH9-n7)~^Kb
z>vfi=H4}e{#&y1s&O&1&Xwr4O2Ru@-`s3&a!-AukAytw7hOzWi?KpKx$ct`i+tn^@
zr>WfN+N*jUyr@1%34L+m_n%>oHpZmv@*L`RzkQ_09fl$MMbiz!VLnI9?tzRiN%w;L
z%#YDGharpj+NnGDq<sk4W9%P33MKMbSP<%@m5Lx6{YFQtQ-6Uvh2hE2rkpz~s4qP3
z3UkKbPUXO@JhjzK8suehe~bA1wldCDvs57Sj|B(^2ZD^!^^aedi4bZrlbw?i3%(k7
zCxnGh{e6pJvs!g!W{A>4R6T&alY^k1_Tr%9SZ=v$mKv!W_(SbbZ|7KQf0N!<!~shC
zM=y)rH3Nc@tJuJ7BMgorcz%ZW^7@eS`FOUd_N_Eg_Zq)&G|&GVf4C`Jv#3$34T}8m
zt~ag+x=Z8EwNBfsT(6!+oSL9@YFE5YmufzEQ_@9uZ{@C5gM*(UvwrRux1b0U{eiUg
zI$(yy0*Uc2bdJ-gpXtx7vi>mfhG9>g3|+~g>YwFd+ZE!}K&K*TtjZy<o_g|gaQKZF
z4V8VgZHZdPA#qR-HE?voYuXuUpKp^maOY!R2V9=<QDN;Lmtf%?y3UI*V7#z<q;%(8
z_j1O*MeR-bu~HnWlsEuVaaC78RC!LZ<r`uF#W(0X$8DQj2$pmjTr%5GE)Rd40jk5J
zL$)p}l!DIE6Mabm@pIrp1*CUg*TAhm0T}YA&I*QKTzx2$^$ivPB_jGibEjzT$;+yG
z>1Y0T<5iElkWmx0!vQI&2nU6KFAza!Dog}5qRWpjD>a@^9axwI?0y0conoV&ki-02
zp_6&^%;g)(5>o2<cl!$W?W?#Fop=k!j`)Sep~<hm67Vtt&w9v8ThYkab=!UenSBiI
z+A+Dbp$ps$Z(xH`53xn5L<MG_<W#Q3Gs~t4c~<(IEMPJA{?Loa9Po47sxQa@tbJht
z%s_H%L-CNUS;Hjh_Y^G2{QJ3vEfeTweE8I8X4rADBbd;a-5LqBL%~rGpINP|z!DM*
zST%_f(`1843(H$FttvgKyF4DZPdc`Dz9zRpG=6mEYC%ebXHl$S`8wbP)M{OZfH~Cb
z@ORH|Qlc3?r`Zy^YU2q!M=)q=&i?8NKKu2-+8AZywAcNTBh0myq2DVei%i6aK?AmZ
zgFlH?T=wES{1ZICn~L@n8@3=SJ&q$dcY2v<id`p_w_|8Tp^Qprire_WQ)ThjFL+4S
zeX411-`bZCd00QUD&#b6Xf?Hiyhoj^32|)FR{ScOeNQs75AB{-i#_Cz?V<&d=qz@V
zNLnLQdf=eN?-QcFrn*Q^>`LG`<^t7Ph~^%B)sB@>mh2R=-;+v(mAjuJiN`n$FUrBt
zU&3tvdbB+pD@q)F#>V<d$T!|;BIOU+i$?+E`fb4DY1VK3fE-6{@A`^w&M*%02uYO0
ztR|29rDd0ZhSmmIp<H7>Q*<2U`ykTL-)^d;#KZO=ZH!E-t&|ptclIvoA&-0&+4YYf
z2+wp}Pw}Oy^98oD%5xLEr{kptrN}8p*Ily}zH{k$Oo(@P%;kD2$(!_&sY<J2@kyDN
z?px`t!oLj3OZ92*Yo!@A<B)}zUGC-RS4c9*^0i^VyH7pI)t|&U{$p9_RoFB4BX+KS
zX#S%b>F>dp{|G3>PVN)AmOL&p^$mhw^tsEhC*3o8&#+w)r6srB@8N5Y2ZnGIe0I{;
zgqz8)Ib*Wfw4q755;%(eMyE@nGHNRk%aIf#*H8O((bkT?+#TrYTwVNHuw{y`UH;Me
zk#It5zb$GuN#;|I8rIrZ2>>0L>4s4cc#-#!Kv3=kf~Kl1hVI*QEHVjts>Bsnzlyac
z%1jAY*lO4f@=M69QZEQP%QdrqO1fKwC*Ar={r(ogssp;^cvafrVp7`7p4q?&!p=(x
zk3&+Zpk#ePOcW7wpM@?z-l*)u<L1m)l==71Yhe{N@p|)^crCWm)j!^-YUg(K6S=)j
zG|=7>^SC@jP%9u`zI)2f%d6$j1rBbWN?1RcB-Y(!cRpxJ>$bT+-E04gL~h5nvMMAJ
z61IH!J+G;pAi{utLf@`y>mU_-g)7d}Y{K5KC0oQK;E{hL7^bATG%c{phcmKqi<_(+
zq!J0V2VZKks8=taXxM+*H#!#le)yGg%Wheq%jkG`nWFcCTTvVY_y2zg2^Sz}u!stb
zl=lAcx>(Dg2vS})TedX(Nkwmz`Sq9BZd)X9AWQ83Cg~o{d_1lvk@x0XM4v#Qdy@gv
z5$X@hut-y>I{!_i)}7|l{MUv0Qjt%ME}2wY->)LAN-D;K_^1hQ!pS0shDwHjYp(k?
z<ZuDFj{zkuA!9GR6|am9l$34;s4&9qeqe?6t5EQ}GGGJ4^`z@e!AMTiESpR${EGWT
zvd_)QIn}a*NjP+0%kUHOFce^NHKMML4m(zLs(vCV787l#yCmb~>h@;`(<z_*=D4ic
zF@{YoBhHCdDkg4mQ6FrJzS8sS_}r|uQL{-|Z#PabU9o-$$9?NUEOKU1GT(UXHs2zj
z?R2g|W|{U^eLONH#49}wkxBF?{;<Igi~&6D)u2~*%QPK{Dad$QN9w}A1>LT5lseg{
zlABI#19B-${OXN)mjM!wJRkD+-PZz4+gH_`;d$lO#UzPcq;E`D7Bu!2(sKi8`8X+1
zmwq38xKS++EL(jc3eC7uOVyPRc)e|nj8!(BLh@df*~B><<RV|t@7j0IW0if-U5e;I
zJYibesztjNUY#f_d|vWeQDxNu1A0Uew(Q3V>&?HCA`jD!ueb}hUU8FAB4N`Kk6`92
z_Z|x}#b&s`)YB#%SkjMNzbc;Hn@TEF{iH#s^2NtZl=t$hSj?!QKV7?(qd`BtR^`PK
z{8v<KfAoGWK4ItCp*1Gw<4sk#t`cmv_={gyi*<p2QV)&BOX)_qq-R~0#22mR{MO1?
zQNj;H4!ch{p_d};P<<LHg&TC{4>r5n$7HIVS{!kvr-AeRpF-e~5{^P#ihlkxvY1e5
z)ldQdE64n^v^87f?{@v#-vmn}B^CS(Etpm>)${sUC$bWo7bnW~*aY2e_9J+(09H96
zE?id;{EbIjq)LK0AbAGS$Pt5(&bjYBFj*^Q-&W#&nzZkJxAtoaCBb{KtQRY_hC)+)
zNyS-bhH5k>i1x<|;l$Ut0!m%1@)+9s;kO8lemHE;&3d5*y&U@oZ9RqGM$()hIEp0;
zLlO?9f@kG_!`%j3wxYPq_8Yk;(EW%@dtOZt_q<uFQ^$Y;(wfG^%8NK{KHd)7xu%fH
z=ow9#X|k^htZc}NPMl(g^@(!wunuudCbV+ZOK#g>?~J8og!uFFP|hV^Os0*27sM|G
z>X)5(+zKWn|0vM!50s%0ep0^n2!3r=NLh)L-sbdd5VK6%pobFrXHc|kznbW_J6kX-
zGr8+_?Nk3w@Fq<_<Kp{uxamxrpU;JiyM+_`Z?9KY46g#nF`-^|X`#AyAWN8R%g`xQ
z&pVLleRX(>TR(6wS5?ci!F{`o9r9v)Y&ts;*mS7s+2j7qv=?IcopsZ*rlQ*DN@9UD
zy4eDS?Zkm`H6|2fFkh<eeACLj5B{h<b6tBqTC#3ihfh5~Sz&P^PvWt#{6b%i@e5Yf
zDB?=DvEm@)ffD0~A$LCKEl^gdmu0^(JwMv)D?<K4bnHK(WU~*en2^t^xjEShzd&=R
zZsS|dE5oBItCuN3PD2kI1QT$GuU682^Ydz59BoYHlpcB#iEm792}XJM7<ar=INe)<
z&7QfAY}T)IYRgE7-i+-%9rnM<(N_{Fwax@oM{pia7n2s4D6gZH1DspFyPJBVJq8$H
z_sBAs!VRQ6#ojNrX(%Zu*eEKWnl6w{CBz=I@ufcFr1;tbyLS9o;}iNwc)vCmawpm<
znT7fKJsac0pKZVMW?+Y99X-pW{|m^qxfaK6e7l*wo3W~})Q>4AWzr*Bvwu&$LDjC&
z;=8Z*Sp#C2Twu74$v##c)49LF04r~l*&fpC#$aGy`h;(Svph#VwH40}2cKDi-5OG^
zp2R;qJsa(TBGW2W4;%s6+DU0Kz%R!FBl_ufa2ak{I=S*J6>+3(XrkPUAsojuhA7!5
zJAu~nhSvGq+#zG=XHnB${plzp<Mk+e$3lo<{rmp?@|imNhdz&K{hp5JMD_Dy=Ol5;
zxjbBpH=vnDi}~vur_AUp(T8+(Lq@gAe9nE;>o?!QUTW*_-}{W=i#WZck^%S!<`-7S
z-3EDW#h|CpR4q!_6WY`#podgVUa*mR3^BU1fNkqw;_jIKz*A>5O(wY2MB)V|F0^{@
zg<!bC5?H;pzV3R|=#kP?ytE~yT}owy+E0R+3AP}<v#ryo85`YN(eZJ4^6Mo89uFtR
z!Xzl#IhW9!GMq41xs0HOr6u}w8>%god?hN?u^VR1bxX@NO~OMDV3wSmh@x&PSTzPz
zxs2(1j6*p~+)UsEXnkix8~UE$k#nkY&Ye#(3!g6wbRe{94W%nfkzTl`Q;v^!aK}E$
zmfsxAb&n<_e$;`3nMzr%?w?0<k7A<3icZCuQcDIdhZ2n<zw;w2Yn13SPl=3Bqf1`b
zx*G^I`Y7m-3wdhNMJzwRWY+Zg%;v0><3G0MEu368G!hTB`Med6=NM36#SI~I6ete;
zpd-A_NJl5u!f-d4u5R^?qt;X<EM9xf>-v%~ur|o}+4Tn*>Z63?+0~hX@}Es>tW>s<
zS|Ir@Ee%=d(qm30WRAj$8x}<=O%Q{PJCr4o?f7K;=Tc+y`Br1%i?8P{2L+#$UoR%%
zAaov!+&^yXNTdgkvA})KvpaH-cc~ALlRPlQg4>Y?H9JuM;fai#BkYtup%o`kazGE@
zk{DJqgB0SF0c%pJEe-&%Wy3QWOYklvnl8%BFkfg7S!>hC&KimCMtuEp2!^Tk#jCg-
zDc$$D%O^|oo{DWMLHo_Oy`{b7c|J_O6rN(NuNwJ2d7XMDzX2dJw#f4uE#Mb?0$SYd
z3dO-PF1@AIbaSR!>dYtVFLI_Aq!o4cC^?4wc3<*yY@j)g>@mTB7Q0a=v3}c=?K)Up
zsw47%^{0z%KN;TJ4E?=MdR1yMs|v6C$)Tr;FlaPH7$m>l5DU@>m`G9P$n#lf+DopS
zhg+RrWw}1yrFkJ^nEq66h4Rotp-`K?+(xbJA&uwp`CFLxg&}%<jaRk<EdzGb2;0#K
zhkAukR02mbv(P@N4(6k%px^}Notw$km9f>rM%(3<ei^2H3383q2Ia`-0yxt1At(a{
za;`nrH+q*-rIK_6DW`XSc@c6_<8R;#9}lrXvaGerzmNSa(=*&#0<6Bo?`NQ}_ANeo
z1c`VbubxM|0tGAC?rd{4WjeqpSM_sy9G@Z7_Va-9Ov9ndRJCI>RbmNQ6E179)QfWY
z3&9rCU2&N0h9SAX8`IaCc`uR~TdTYNCsDUOt5$mGz$DS}@pXqNRIkIZ$JqhPBd?I`
zZxPnV0b$5y@8pd=o=`Tn1)Vbe`oy&FCV`&Ow~V=vB9H5CTDCv_1W|__8kcj0X`t&6
zS4RXRIf_b%y9}%Ko3wSHJa&&FNmv*)6B!tTU9BfD;BFqSRb<mIift_iZ%)`bTTgTj
z^C5k8!$F-e;uvb-#|}TdFHX3*lB*cYTT1Jx!w$UATqzv8{SFOI!GNhV>n^r3^WjYO
z7C&^VP*nX%GbOuZhdSs;i3Qz3bGO5$@jdwL1Ln3d_F6}hQ|<(!gHk?dDcR63X`us^
z<h0aR_`*lsu;7zw_Jk^3LMz*Af26*7eSNtDe_1GU4ubt{=otC3`JYE{zWu^bmC<3E
z-?j#4G>zwP!cobdQWo;w%O|h5ehXo&*RE!z`PF?~w?N5Vrw`HaWd3#bx=x#qlH1As
zM|VS(7EUA!4x5v@m-Sg!Kcq}Z^q*6ZTWGW6k+G|m-6`mGV#uus`kG?WLK@}r%WD_V
z*7qh&sNl>4oaRRh;`hee2yA}zWd#H!kOsY6%KROS1S3)z8*@tIDfR5^JMXObyyu(C
zW#@Js(P;(r6vDR3&_pw8=u6+6LwO<(eyVt`ihu3l0Q5Vo)|k7~0+MOG?q~OhorP>B
zpTaVV0!3>6dF(zX`T|u64cz!yq^VFZ-y}AVOB%=)3_KC!fD&ZQ%)Bq5a2jo}0dAc)
zBlW>7wx~JoZllRsz<%y9Q*RC!?^SBuw9~#{sWpaGe8(e4D6-Nc0PZoS39nAMZ`UVK
zw9SCJ*~FUjiRoYy7pr?#^+rx4jgr;ByROi>EL5QY&8@UVLD<AX{7Cg1W0nu11*Su>
z%11P!PZVlt5=aH(bhpHn`g)RGPF2!>_om97T~|xh(BRkzcUNz`o*%oOE6(%#mhE)%
z`(eGWk%tx)O0|rfl6fMsTlt!y^h||YiD~M-Z(aRQ=8Qk%td9aF0I0|U1`Q~v8)k*k
z_@xvgKOxAOr|f+WQ{f3<9y48txE~%?m|{3uxe*#~UAxuzqJS_3wiE4uBT*nu)BIZL
zhsvkH+b^}rbYJ@05!Kr5j#)872EWDC1v`(p`Dkit)%OJ-R-nu-A63ZSbM?b3+>e}R
z*ij$Pq2RSE`ZZAkW${k%=;51ePlENyPl~}f?zSnl_|81-*7=Et$B>X%61V2gG=$Y|
z-*Uxnetp(&DyJ1dj=@>c5K>`s&I`-1EG;lRQdU$XEQIpxE@A%`gQASs?WT5(@VXFf
zb;tYf@m-tbb?yg|%3$1_uObw_-_h$&K9{<`u+7K(SfHHodc4srw0aJ+jS6l24XuJ9
zgM3n4pC(ahwU~oB^6BDsu@2i!69Yk0qrVY;d}onKn?X|VgrmyNHv7xyKesYZ`{FkR
zc~V$2-UgZu{d3Pt+m2@H9Z0C>Dq5hdw%@(OxZayKJkldcQ@p!ntY7$eZC%U%FtyGC
zw<*&jy9(*haj#($BzPE2<I#|b2lh=r42M5r;w|^*%Eg<0&*Fo_`hj4h7Yx<3Y9M!^
zl%FRp61DrQWWG6>?Y7y1-;i%~Vl@8m{fqzlIAHOoZ`P=}a(_l&T+`^hS(8OauP64n
z{iq7xr325z4@CUcN540eHdiS=pFvpdisWtItXd_n{X4)v6+7280HXhh<A#lK4-c9n
z6QhQY8EKXL3M9&JQLb<1T#iURgilS$EvG8;IC(D5SNF<dV2t$hN^@lfjb8eqAg2cB
zAhZl|Mq%Iwn6-T`Q0&dy=W4Zf20FEN858$hnfSufgWneX`j;2LTo~}GQb}lxj`2;q
z=XF<2VS6r|uYYCu6IXf59G}IN15t;shgbkay&>Qq_&oAv+Wqp`SVPXQu9*1Yu^@63
z0VO3H`klKwLb3na<kd7^peRI}I!%e2aoPF1Zkla+zFC*}=uF;C>xcYKxsar_K3%C6
zze^YWm-rtQ89dPImC__{|Do}}pd)3|Qhf8mp(nOB7pO=ofrA(a<2Q*Pz(P-M&dWNi
zu&c^dV7Z!kN8ZjcnP0A1Pb)ShUB@)FvK6kVv$%J!rqz12CJ50h7E{ieXlPfcrcR`M
z!O(1OgPS@*FF@+yTK_c(snwFrd9+byXgWo9J>K>vaw!==V?9&OD@w$BKb7FQuFaj5
z=mqR?tNn4fK@m&CbTq<_L8e0~V##<i^C2&S;lG~`r0g~~T^`LSSFQVW5e+>&thkTA
zl|z`#vZMRerf>uG>8AnBnPua~e)8~Ex8+ioE%X+jU7md62l+%||J<`;CW3e)G_HiN
zvpH0%TT#hedW)Kg#xXsBtbm6kKEu;VY;0*6O5Y{QpM)iI=#+Fq<T&28J=TdYPP6`c
zYYmPGl?@tu7W`_FFU)|}ORNGD>Nc}*MCmGaamU^5B@^Pa2Mz;$cyUpV@2u530TjaZ
zR51Fd)RQ%<?-k*{2ND$`hs@Z>{jP$=$E@}9IO5wVmeQxHnlP-s<fIVwwGL9XyTNcs
zPx}%$3SusGvLoKL;w3iz^HhG9E3$D~E3LCVUFBUMx7P??@uDrZVm{ff4`TaC(=^1T
z&-G@An%_s8>>AN(F9_yR$ECv8{#4)VqdJV<)H_7XqGZP-^^WZNO$cCpNy)gRY?hF!
zD*sEV7`AkfK7Y6vo2}hmSFbWt$~f4pMfII;W0CRjS&m5R1a0OUs!uk$mkXU)SSU#R
zAn^e6wN)=0-GO>kJ|*tt&4(6lIy=y(?|TFB<j_vzF|RqZ^{W~>TTZj@E72L!1`Ujm
zwV1SZcD`d$&hEq5nRDFFlOOjfwq7Ks-8A{0`F8N8dy<u00s8Ffy6Vr<-ELyj#m?}_
zL)^L=o_&wQwXwitd}I`Pq98wh+nKGvpL`ksgiYg*w>YfCJdEMk*>kra81#@hoH_{5
zBci?i?=RU+4CbAp>?nsX{veV=WjC2-P$${^x1(IkI@ZKGe2-_-a_f&aXTZ#rQrD*P
z*5YcXF&>W{g3Y;IF4)7{e9MTFMQ0T%0yEdOgJ7pLjUHn2NUbt;J4(8^cJu~=MmNjj
zNQ6Du@UyzWvX(I5;T0J5SzH@W9P+r$&gNrR;B43pfIyZ>w~a4)K?`(3FTM%sCD>0_
z7dq`8h58)N)@FKC@mP+m#0h)5IXaEbCOB5!J6@2Y<<`im$=;o(LkhH0#oMDgIB3Gc
z(@wX{hJf5srBORz2OB>O>I<)R^S6o_bsG-z_+R-u4hSbIz$Yc&;Q8VDaRW4z@t&UE
z+ZUdDrZA;-bU~dPl>f{>COSweU{`+LEL3&<E{ey2Cukdo7+7kp6TYV_GwJS5DDKiz
ztend(2TYCqh>n1G?k9%2Bp$+Zt8%t^Xydxl(H@44%V?4PR92+J95KAiEZsxtfEEP>
zw5U@Eb_ha}b*C?#uGz&(P0Go9klBQ6BQ~!wnx7(7BY+&q6aD9eruWPARP}L~5dX3a
ze-84+^k*r!`pD(co$2?#RElf*VlBhPGy1;m_cv~q#~<`L^^af5<gHKYIQ{8-*!bn3
zF6Xm;abFribZc=X5fxAo^pM=EpRF)%9>@^nGZhh(kYlim(A><W4@kCkHOnEAw`pNc
zs5pOrsd{P?K)!eGJc^B{=eo`}(h_cT&w6VEmC)ZLIpM~P4w-adz=ni5D1lppR_<a2
zeWi*)$k<M_)U{jTv|=Hi#IA$sI&XhB_=&^i3L8ZrWtXn&+UmBGcF=U?DZYVF8j)|C
z_=D+JE%T3wl595!^!Sx^I$1ZvD>0#A!DG*~`_J@rTrvtU%qCM~A#gkejW0B9WFGaa
z?l6WqR%lajHwWEv230Gl#)8L+wR+}+8-;rTLx9O7mWmIJORu8VdgVUsvn3p&AQjP`
z@#e*#&32}6(RF|G2!K?wImE;qT%>W1qLvEZy-%|sPdpjCdpp(^&K_S`{gGQjy4=eL
zzlc@A!E<kUjB{U$(=b1tJ9+bTzGmC5KS$%omnTH)1{RHWm+$(VETFL6t&$6bL#9*c
zs_?cA<lU8i8JILL3}~eT@AhApLnV6i%eX4u*+%->jpI!_-+*lgZP-ooXT<xwNP?}y
zw=HMa`=74+G*pE1;vJ}gmZr39AE6Kj*M+a`9gM2T86O%1K3z{XtS;W6f9U(Ty;*vX
zWs5&JZ4WrrthP{zUSGuDeHeF;hpA!)H@T(`)$4lH7h)|g9@r4=*E2-sBAU|LFZchZ
z|44{K`+X+HIBQNm6L&8qQ<YSQWl-4fqNxJ)^1<OO;A~eX)&pJpq*8Bdq!xmJ-|xZ$
z_Hl~`R>;41E~7jwQQ?<%zu_PCKKdb7+)cf|HkXpNduP4M^3&hO89a>a!tHt@&mU4b
zPMYrsKss?m8EidXqDJPmY^f$$@3fRF6=|IZs++R_y6JsV54s`F7%aj@_iZwv?{9Ys
zgDW%NVr6=K4-Qqu29&q%Izr7H>3bWj{S@a*jjO2MK2o-7=DU1XseJZj)LO97RYSki
zJfDLfp<bfj-*aSm>^_-%uZ^4s)&WghG<Jc*8G<tJw_}|&_zijO=h&qpNIujiN>$qE
zRIOsMd+3qczn^YHb^__(TZ7P+O9vV#1`*F`F{R@V5c}+?7NUD=w-=J|J3BMW7lr_%
z>3*3y&~;RARNA9NPN6zIItZJOelyhjO;%%)3XjY-j&yOxfz%9p6Qg+IAjhE5JI{8e
z=8RySQtK9NdXehqK(I~>C|G}BkK>et9sr(J5~qPx#G38#7MFK00}wLB!mI`uU+S3m
zoC6}SJfI*da>HyFd{05AU8uVz@u?)WfQxM7?5=5r8=x{xjb^v5f0hxD)jG@&_Cw0_
zGHyL9SgT)N%GJNJsWdKk8m#vyPS$210=;bp+coCf>K_0H?7OAsKKXX2Y`%fN9v}rL
z_#T#ZIl1cN7z{=Sb;A}nTr1z`1(FPWRI*CsdR)tfXINhe8(-ZX)MorNJoDvvmwO&j
zoCgibKJz#aFxgv8Kdjss_EoQOpsufX^Ry(<L&lQ}E?_q`0Y8x-02%-X%!VoW8DEc~
ze})=a{?$*k=V3WR8RrlmQr1u9t$5hi$Vwd?H+O4pjk%`NJarpbKnOd=%-a2Ex+be4
zb|bN-0F-=W!qd)+6d5mO5UnNy^ML-pFB@|XO$$47rxEYAtNoct&LcrL$=Z)xhPPSD
z5mj_|#kJv1Ax@3Q<?}f0nUDLvJwaQWD=A?R-vGp>ME24WDbHbH!+>N1YH>D)cXiB$
zR~PcH)kpRPi4JGbxE{$&+t)<~&&UQpk-2ZZZY*=3W(2JOz<Nb34`ISh#<%g3`V~R5
zPYGe92jUQRlH<_e>Dw?o=hY^n@uhylS4QD@zMc9yO%`HAVn*<_7kLgJI=3T$EreV<
zqPd~CW~soJ)h<yUkLf{jOekqLLkrh|-p{{Ueg)ZTGJx=vhm=a54A74}LpRb}?Qrk=
zBp>_MGg-}Gg@pCBwmgfPzz~%mF^B$BzVH{qxl?Zjh1cB2Ky*BStCt}?tJCbXPsDdt
z+IdC}1J7=#<kY^hIA~l49d)uDBI8q5ur^z81h0kU%&KR-@?$Y*h$5OE8=VO6sgf!E
zVV>zZ-Jkk=@iOGEq$uEJomsFTKZbU02yEJj4zQ~0wfqe6+7%J6xVS&MplqMs(3b#R
zK-_R+Z($Bn_Y+huTWl|lLw9Ao21!>ZGoZwu?HPl4hQ-J1^+r43l+Z7F2%nJ7F0Hs}
z_`1bJpv7@;rTiJ77vVr<B>{yA1fDN`>&kV1u=*N5t_PfvuU?4xi_cO@WXjg(*kp-3
zc^~laOiRGM9KpT4ugFYsmdW<vAtqFf#6#@$UOOI_Ji_PnVhA&=3e2+v>+1ryN%hZ1
z^Gr4I5;7?Mjv`Dj5f%tINvxl>C8%JLS_A=U!8h%B;qT1$5ht_aQKQ8ZY}4wupS`S?
zBiWE<U-Q_6i)2!UzLb7S_U`H&l{5l4<ejpI{GNNseb3ag>jor6fEBRQtZTSk_?>$c
zU-T8Ptm5=-a~RBUe}-EKd0^K@J9Ph^Id<sBBJ!vQ)T5P0NX1soCz486XaMt=C_lz-
z-hdO8Y|2g$oDq~j8)KfxM5`yMH_`0OtWJL7HhJf?%8TUFm5zGwSqe)gVJy{q+jb>!
z%QWM2D{+Qk|Gf!RR)4!L4zhRAtcB{P@7Jw6-yVWDrngW&)tl)H8U&GOT==;p6&keO
zjGkB1dvR>ecXSR`Zh!o0R-4?zmd?2t;MITfM!nodjNk8w=Hbbx8NbJxeYa-tlbycA
z7x4%61>rxLsfequPAT0LhQpnIf7-vMc+8Q?6?$Mj@w$(s?^o>xsxNM8Is;3{wLm{$
z;^9*EE_n+WQ8fbKeciA6_2#p`Y9p2>t{{=*7xmZ&aFGyP8?~syr`jToG!+i!oiFlB
znrA;%sA!exbCM^tc3@!ht?^ly-iN`7w8a2oM-0LM#k$z!aVh%aXW0I<KDcDSOOOFH
z5)S&%2u1YU+n#-Bak#n=byC%teCm3R+hk<>MXaN1?GZhk00>6XG$WKqUUC`iH9ivX
zXdR781HOBDhL?VW+lBq8Xi+w~9`X&J^Wtv4q4%wLu5A=EnrpY+v>0NK$Y}|5OPAFG
zQ&rq5I3!P<CoGZZ*#i+veH?`<o{gL+UnUSx!>hORg=?2)k8Y1Ir!tf8PG+iedA3eJ
z?4(ylUv^?)xP?pNu=RA?C}YsD^#$orJfYKRKRO}n&?gQ_DG|PP%%#~%fN11lH|@+k
z<f5I2g{a=<q6GtK#G5gGqw@0YPr<(Q=}$BHMYNgVBsP;jn87IUXPj)nh#F++c$Hw(
zbQWx*6O?&OmyXUEurtC{-w*{~;or-MKw>wuix2wFQUW&}xqN%Gb(hSLq86jJz>)Pt
zXrF;ywzsiHOY=8(+Husu>ZtIK5785=p4emdqaS3?jr(K-CIIXY(ttDKjkyPVbr0<;
zMADAx8UCZ(pbhw`{1&bJpSa)_Qtjiq!|YET9A^0>_ClK2RQUzYUBDAkwZkn>iXdgX
z<GQa}ti@3e#d!+;mCsIOI?fr!%Zf)p%;cAi5_wlFfuUFZW;&p50}S;UdBY}jP=PK<
zx1Xq4>Yn(5LoiDOdz8SajK=KTSK<rhSBK=ErFwh}UkdYQwX=lm=5B-}cyo8|KKRm&
z-VYP@YD(|Sqqci<yng)7Z}J(i>0Cu!-$QXqx(ESwp1f)@q&{xCOkZDwx-!~sHWMPA
zVeNt-hk8J1-{Fz{PbG2<Dv>C;+<jpR=lh%wr)#%q6WQ1lxU8-|zV*CMNGJK4Ll0Wc
zA&T@`Z{fs}fK&BSh|jn+fASMhV^mBrYWNNR)?hc9|NgnnWKWfr;vJ!rv)yi*rC%}e
zNg>{8ewSyK)?~mFH0d__S=t+~NWV~B^B(M40^hTPG1xfUgyXR5X3_B`0GPe3B7?#@
zg5Cm)sDEtl{MP;;_9-`3k^xSG)T9qltD}|*P(zLxM)ToIwp7QFuLBQ9`)wgC$=ZER
z6Z{PM6e8ZmHUbWPa%w7>6nS{P-$V8O{Q8XI{7@Ll>p60<Y1*HzMr{SvEDPtN<Mwp&
zfKB;tB>1#!sGRPY+b7#FY6R%(EcH@a$z|Y5(aR)B_9x3Ks4jI~)Tu8jkR@ojvi;d$
zQJUARet_)LgrE$sdxk}ao=Z5v2g~#oUs(CT%Q`+W_rIPi32}P=kvpfR2<|y5O}sg!
z_2mKEADWVg$0x)<;Gil3xG0}>1Q_y*NGR98wgy)^z-oPGv<&#7H*bBQ>y$lt@4VRQ
zxHN5xNS<kwRw~mPuXM6lAjVJ)K<iZeg4OmZlBZgu$VF$ffna09VeO~fYzyE}&-}>r
z4Xa|+iWpmbVd6>}&RpxaNzq%3C^tUDZiCE+yu=nQ>V%9v<~~5b?Rz2NYyJy%J8YD|
z2UIVS)u`1`^H`#_TI<zku(A5fV|&&$A-{_hCy9ENFRd)!Po+;)+e%yU4$akC&}pA{
zG_~5BW7J6q<(CxLs*x?)@TCi=`99#L-Q!5%lL0~SN<<<9%rzKWza99ezR&BU#_otF
ze4TY&3R7Z8;(#Fzk;W~V)08G)1n7d)#)n0T(}77M*uQduD{Zi>4YX?+=Ns``R_5=M
ztqW=QB(PM89ET))$4>gH*m~MYF<Wz}LY!zyx$4DD%CJ(;v-q;E=+gIx&nQFpj6*q=
zxaP&5oR}h1%{^he2b&kbiE@I>+E{q{I1f$m)3#sTge+oda5s$b$rv6H!$CjIuyFE$
zdwH+9Js7hq?Yemq933dNR*-pi3}X;9%<_G*Go1$=T07B}DYsERCth_;n$^xdCe3yf
zc3}aT0SxQT2dJ~uvzr)nRNsae^<2*N3wyWKvh4@^TI@!&exO%tr+J)>NC3(GR4v{a
zRH^PbCOs32>5`W!BDj$y(w5#?So`{MhUg!K3U3ox8IUxzouzB@i2hxd;*j{JOHo(H
z8h8JCv3Shos=<{tl|0!BZT=1=Qms|e8<bE$Ey`R%IUPVi>AdBEUIoy<fXdYqv%yq_
ztBcd>Rv55lt+X0rjTtM;!Zcu9To$2DdG!d>I1OiacUKHk0}LV<wfFCUwE`f;I>ON#
zlc4VP{%r5}-7cqJUGERkwd;I!>YZS($0?=}3D(%--L%u~6vB>+xo+kSP~o1tBu1F{
zS`9l6r-=|RuX^+9{$O2mx4C|}O2EX@W2z>qu%>A~_B;+xD$)Jgf$0iJlD%l|^SL(k
z-wZDlmXgiBN?~Zhjq0rrE;fxL8v|>J1mIfr4_IQ^(rSLf*XMBnvQUvcR`%+}E2L(N
zx>|1%OODNqzasAzf9^M16_mc<H{7Oq-TP#336eOWxw9{@C=8vxb&QZKcLAkYPz2Ox
z{}h~{a(5qd)jbWyWW@eB^hH1dGt6TsQ<#!f@AZiD@<5)H#K~0%n<dkwM8^Yic26-E
zC*APIyKHq;c#J#GGTv$C+Vp8MASa}rjmw_hE0%sK<KXGBg+%qSj<PVYIuA`9`=ouv
zn30y4hfUy%QFl42>lC=K_Eh#Wtsws5z<ia-iI#mJ&W`CwhqPYwrbRl3TH}Xx&La+U
zi9*EgK2#1fZJs=ATq3hO1+~5vH#0IqygE%C4NA}a8QHtspA69{5uslnFV%e9&(S+B
z+~k6J{QHFZ1{ywGZ0|8$$D@eO6-{0f=)XBFJ%vfuOec>?or=l#9`h$JK%J+2<%hn`
zTw<Hk9Di!P*JK0-P@O9pNPXu`n?4K}Guh5~rXO?+(O98Y^^YMjX{SMF8~ipX%Bq=&
zBah97`o9%HerU}bIo4+>Vcv<zj+CxtYF5q=Z~~~}-q`QnXYN}_`mqI$7SQM$w?E&U
zZG?cymLKRn%YKLH+1oNu3AlWhcp&VRpqL?WC{KO=Tp3O6$=lkuyZO&MZ30T{q)NXk
zs1jmAlW$oCYqlHwk~mb5ufGT{8;EB8JkixG1KUUZa+?2b=(JegiM7a|$XsL;&907c
z;4FMiAM;zSoimstRJmUU&pmi4iMzcFy7z`f2k-%PD>yOwpA)dOqTP7xCP)o;B&YZ1
z*|mOZU01LDII;#5Bl4D)h}W0lHQ>r&{9)WHC*rprrJ$p$UTvWkK=8nLc6#i#fi|PN
zzlQiZkS5hSS^It3k{`|#Mnlj#)}MLRpT$#bv*~lXC0ldq7jEWO@5fTCoFxkIP1^rE
zt_hINI(>|hhE_I_Xikbl{eDsg^7kK<^|j9f(<JMJ0x2T_c+wa35anIOW{7Aa5_Kif
zUJ=u-Gz~vkJB(lwhHu=Z7Lt6ESe*Zp*+_w7CG1z-1;%_tC15i5rS|b}9=Yr;eoJm4
z=G4t??Z<3VcwMcvi*&Lcdl26H@tYbR4%1a!IfSWa#Gw1pQVY?uJktR36H+cUc~(gH
zC>gh7lc@2h5^V%YBg7@ERUzS!)10iS><=-O^a{%kE;?CNz9pK&InMDX#z&f*vgBO4
z1T}CT4G|6-LDw~UU^$_#l^4?s2)^=1bcWGax#Q=!$w3B{DzR)?=q#&3x#RVIn2P9b
zAO5Boic5T@OYYGYNRDRkoUy7EkIDF-jg85%h1LLcC%{eQIAaBhDmVOKj1)Kj!?C$a
zKtk?}D*QuiZ{!9<B~GRB%3U$np9a$TpOC(fmY@sh!3G*ueO!{B@{;@P$!$TXsFFBS
zcBuf!vv&L+E`?1~xw=2})uHwF1LY;&OTDRT$uGT@(;o>O*4l_T$ZKu#bI!yByL}|j
zE+k1#2dwE^No?-aOKU|5ru~^p(S<FSX;+i6i!a~J(BU>Q@9bspka(ODEpX$UFvaTC
z`@ApJmud_TQ8+gctkpm+(P*Z|Ecu2!7sVX8du!<MxpNV}>fbDm9Rd*hxpa5r#W*SU
zfA>BCm0nVV>pBjS=M-<I);?K9G=up@p3-94^#Sn8UPU~46#$74WY~y(41muj^<UxH
zt)N^&c`5}Ya}iR<gZI1@L~AOakET&D<i~h9QJ(JnE%WbKY1P<3MnnGIi<6-i5KqNB
zs7xZsIC6oMGwzAE8~^z+%IRc>ZmPog35V`f){R8kL5d)&bv@#xl4V)^m;z}6?zg?(
zdjFyRi57ch=U*yix6ONE#c;o%_^@Su+NXiskP!ljE1liocaj}Sum9bCidX4>jWAu8
zk+)1iD^GA@oWv&rdARi3V^Z~*hf5x4g!B6NlJ9o^t_65@(*h(nc%Dy-2Q9Ssbd<b#
z6Rmgvx%utCNIkD;(JFM)M11e?yKmX^`(OEF*+en@XV(9}ugL!TtLI?;s^P@y1y}C3
z`q*)%SGqzgk9crmTbBT7Z(?a_aQr`2lYf7O7EUO;enzdklZ{#avnHRP8vHmCX;5U4
zxQS0v{mrBQ&nC!CuxP(|EO=0_zU97*bKJCs4bGb%sQ(ar)rMz7#NKj$qeJ+cJN62V
z<wl&KNlyic4^J?mEUq6a4Z-^$yg>0;wz1zmce7Ofn-_?V|3jisyZLUt&16#|U@fwO
zTLfVh{`!dQzxzwzXE35!8qAZD%Yb!P^h4?wOxMxo9fmCJAYoQ3+hB&%{gl566@PoX
zv*l?^@tQ2!)+f1zKZDb0t>F#q<~GdJy$VRi!gT-J5B=@M$F#BIn9z#(#J`fSCW6~7
zYzSH1Pq!c!IKOX!PpAulJEnfY@&@Z~a<~8FoPaB|Qs9oAQ8!rRVwRIMznbC)D}n73
zcp8u^{@>Vt`z8M7A}#-o&JC=D8|I1=r$mhs8hvakxR#hY%-Jpd-!6mX%$sHK+_b@B
zAme;wn78IHrvuAaaMf}r*SY6!*UsNuB#;6`xgUYanab7kq~A2Z72SO0*2my(V+J+;
z&HMkuP~ji%F(%HsiC4mw%saT=n-za8z?V0F<%!~e<bV5{=n39}uMdPb1$Qu^x3#cy
zZk|jl19(pQXr_+;?N<A1`)9W*aDmT_obcTay@_$XVEeiDey@D<U;h<iuron!B>aPA
zN1k{+BZ&Ssk?b9CuNcr>c>n9oS{Md?Q1yIX0T0-!=9&<o0(fRB%Y}o3Q|W!Yl`zVE
z6pRrU{tEQT>AjCOD&4oCm!cmV2py|PJfxzcG5_0@`4)o&{8;9l5xf8pfp>i!fZSQW
zJDSSX{M|iDR?&-{AXKy_=oHB(Fw+UTZzUwMK~4sPdVtG??0Cu4@5!$@0FFq1d#Wg2
zsteDR{g8d;@FP3KX}<M#v;VB?gxvCgjv{aOOb`}+4?y&Cw6Iv8ne0vAL^*^1qtbSU
z*S}X_D8ap--UywAo=!vrDxb`m<Gl|&EWErlD~!YnA>{~>InWifnQNMgPf~Zk!4Q|d
z<$&vPv(T~rL`9=z3~&`ussx1NiggE#w}5$lpq=#J#td2Te%z)5RuF4WTkckx4YF=G
zA0s+DJ9`=q*K=o_hcP!^gCsA{@A8hk5d0M|O(K4ZV)~?*fUI}6{xSM1MwIO7CpnMZ
zZ^?ii!+5p>YN0-Wt{z?iGt4-^Xil+-t|j>7x;-as<(l=FC*LUJZI3l5&z|{R)X`5V
zdj59opqKl`!oC<n4o%2cN?U`@`s^!Z&KWo>@vM%Qrioku%Oe=@#>}ivXmAFPhIzqc
z@q&uqDOfR$m!qVN@i+x!W$P~7;C%XTA~$%?Tl|1(&Yg&u$auUp!@rKXlL|TFP)lDl
z$zSw_&Vw%i;Vnj?!DaRLKH!l7*4{%kIGCxC3{cR1;FgdJ+DO#>ko-zuL92tfJfifq
z2-dFX8*90y6c|$GgJm<AHH=_D%`Sl3b`lu$^iiVuJsEMiyvDqk6_Lm7ZJ^nE0_#s2
z<D>vI!4DN-8uO%NoMw#w`xyS)bMPM*WsO1Vj9}u7CTluK0MWDuvV1sU$dw@|TF932
z)Hu-RY_&6tl~UL%>PC|SaK*e5QrDfLe>JxHGUgazj+W`q?dQZV?KxX6_9D-&tAuu1
z(bW+?n6TM3;=^kbl_`txkDvq33A7FSKds%MUaJhfDctckQ<XX*S0^YprL!M7-3fZl
zu4hkyU=lo6&<5*C;m%Rg=nDbk#h^`fufM2@0mH!JvqZImwrS!LU_8<{3OwV*788xz
z@K(0kuxR20x9TK5{U6G{IxNcVYg<qxY!DD6q#G0jq(zVx6c~maR0O2E8%0H=8w8{~
zq+@95k{mjOp@xQ`<J+U>{NDHb-t!%O|MB7yoq3+U*Is+Ad)@0^&A@P3_ELGeSgus0
z*0Isk8vM)4|3ANysmDYsv`ZU-Byj8WX``6JDv~Q+&?18_WQ89mS-OXq&ZOG{Wxjah
zODM?cOTr642-e=4ES>r^@ezo;+}lE#0!jGmw-CUbMM$cj)~Ay2xS<DcwuP~T=1dj9
z;!&f6**%Ka8gd)kqVlTN1ef}dEV2or)xfkR*Q(3n(uEY;UAVI;^*F9rm5#{?Danm1
znUTOhl5)|kXV`fil!8GxOTDxDEyFAu)}KC-{kd0CzJoE-B)?|8mYw2Hr8xP(9myq2
z`KLaw$Ch&qdweP6j@047Lc%Lh6cUeo1bPipUo=W7rzse<MRL_rh`Oo+1)gjjYS5%r
zGAc;Kdh70&+9_wi<7GnJH(^A!M}z`)Z95oT{Ay~ly8TDbHE{T2==E74S@dNS_EiB1
z0yghVCn_O8)EoSrYB25NkFEEbUcVu{3l<1!J>N;D<Wz28`u$7dTvx30^EiSRV1+R?
z)@m`sZc~o(K3p16n0v*0avO;_R1>Lg5a50=v0!EEfJv}@5tXh)FGfr-1kRYqIQz^d
zg_(~<D>cz4mMBZXG=%Ot6W~L9?;2K!1O59pfc)-IBQ3a~kkHAuq$xmeg2)R8I|rsY
zLd#9?PBtm~eTkTM1hcd&3JXsobTEMW0UDu^hO(aZ=a(JK+6)o%@bY^EZ<H%9d4v&a
zR-&4UE1M)|1^lrA)b%707m>sHl0Y{cn68Hi#6t}7%#BSmC+f4PogAOpWX_nPj7)(a
z<H)r=?PTxmv(NqLFissoS+^NUFva?bp;7`(uV5TY?9f@z?W_OP?DCI(33R{&4JBLx
zr(fR-dXFK(F{z(OIoaSzt;sx46&W(0G3EERm--;OR<$nL7S0w)nY)KzfqDS>`N*@=
zvQ*I;Aip0nm#LB-AiO&~s~Lribv!+Gism(mxJ<@9%+^NYp%AqpR<S#ZD$bV7S6DvR
zkPi-8J7CQvh61+Fi;9!ov+b^Vf%yANJY-_-@P!A%-2f|0k@OAGRIu+6F*|Qy2JSK8
z;|)4F)d)l=E=iW?@y2<E_@fabLwio2sI~!rv+^J8RXHQq%C4sCfwLY;aw9SB2Hj*N
zP(7F8Un+(#>D~p>5!)ht0)~fgR{=3NW2pVa9YFxPu%-9_M~n0;;^RcA7)bteXzss6
zT)GDZ(!kY+7ad|$(iDOLPr8k#N0<%cEZw$G)Ju%R;X8ePHNA)XBZgH3L+2X4h@TIC
zz5=bLUT$2w{mtT*9_Sznx%sC2l8t_E(qq{^S`kFX2kd<M2V~-Z9!6aR(ZG*6??Vue
zS0v9SS%Dn980aF2<7EMXj?CPZhYG>GCTb$QH>S!g66k3^{?fS`U#6+UzJ7tU0y0H#
zlljX8QM{;|Cg`tB>o@BqppD@(V+8|6i__!41XwoGclhnjPp|s=`u3`M2U&p5A=pr@
z>1GQsX$I*4ib^x}AMG&=ex)0Fhd}sLc{S}C8beCeG`)zD1Pm?du$9Sbt*5xy?C)@j
zq*8b?13wGcw1a+J@v8VYjw_%}$|oDoG0xM_u5N0YGe0d`UVeV>Q^BX*L1<`o&b!Ad
zopWQ10gc3lkCQR`Hhv)Mb)@hX7)R#zJ(YDKj(nc%z~|WcG7By#Hr+c*Lt0vGbb-RO
zWZbX5KRX>F&~`HD{;ZKcX3}In2Aw8eB7a0@UtN&ngT5-hkSKu*F&5OXN7+P+x>drr
zcZHPalgckGRSh_Nlhqf$G?ZIFay?DqKn|#oChx6Y%fb3|`^9Ln5x4amo{+$F%>;ir
zzmHbGO4bwg-HxDp$v0IZPPq*_Q#vGCM=G|7WS2kgXeZMWz(b~AUHIes{^6~kSQBU7
zM`fyCOgg+bT3K!6UHISs7Wd)1{<&^+@Ta(sc1`{N6!&=<v^VLZd+F;PHShl>?L*}_
zEgo2Y2_Hjw0ZtgYcB!KS5Ps->>iamA+q*6%z7IoYyN>GXtxr~m36&$6=NT00H-S{s
z9Ek6Fe{fTjnL1S$TTH?BZrF+KX+r~vxl$w~FWkG)@D`tFu3w31*)5&=`e0ogRYQJl
zw{nE<MFy79bS2%2<*e)rrV$)kX^&t1QuvVp(*xrae=7XA-fvQfm&=U{W8ZML*?68w
zp{2ot8vgo*WGWHW`|^iD&6qdc4$HUzzd<MNs2t^dW1yVO1JnJxs>zKUW#dUhGv~1|
z$1=Z;t&jKZyH#f^xHXc1jMq5q;a&YlKw>}aVPT}`+dDVR)%@ip)ms~Wiu^qMyxYzu
z5?ap6p_29qzTI6_3Fj!ikH#H6+%*G}DxCc#f_wqV_<Z#{e|=$B2k|dP-my0Rg3KG-
z^#4?f{QpElAKpH^j}{3oP8iq!g}#0$zw<6D^_vt=_(K%vqS_IxWsr|hP0B7SNoCb#
z69BuGKknv`WYPfm+kh0~1}?g3K++kY<qCa%32t72R9gZ8yy79Cj=lmBJ7cV&Uya?`
zxW=Xb5<B5I^&C!-k7O#r;ZhPW*<LB?VMSOXmNUR-_jGVaYI%`jv`)T@BSgUbT{02p
z;)&wPe9e+9;Y~?H{gOqK!Ci;G+_7!Br#Alf&v2o3mS*@buDvzNhUV{v@xNrmGnj6_
zr|PMG`RvA>0<RB@>N1(w`BiI`@>N`tQ&x)9?)x-7caxgFb-6n5ER2?#v4QT(?3N<S
znMb^Vy4#<+R)%M#KVzDQ&AcLGdEfG_I6GiMz9qZfp`#!JY;CzD3p^qw#jrrJ_~#)z
zB%BPl`Aq4rKL>2&eA#xo{<$_?qmEbCKiI7v=0Fb~;@VH`u1|4cCJfhwL{ef@Mk^NL
z?FHK%C@TdJ89~@wvG@1>JcelicN`9E(+Z;pp^(R1@%l0!7EQ=4LE9+%GDoo9P8;>O
z!XuztGc$Lw?vWZ`RJFzMng|>1V#FW-?&dAn{<jzeQtNLqh(Ibjz`q|<^Z9g}PwRLF
zRnt3Q1@3vdbVXnDF)(O`9juv`thHJFr6j@+^4IS;dTlVME>5248x3RxcgFH79im-C
zp4-zI5Jb_)Jdz`IoS{&9=KX+(+n_ZgSFFBWC7czaP+UrjMk7>2S|Ve7jhKfqi;oFr
z2*r5^IG=(CPUO&!=389_!u@DXiT`{3Y1SwNcQ_<nd;n%Cmk+D98}E)2DjpP7KO|sM
zIDVBhePoQGAny#fJ$qJV0m?AJrzcY~%2$WZp4VTdc^Xge!zpz^2+{h;3wp=;_lVtp
zLSoBD82IOT{Ut9>@?`c6FfFAL!(5xT=K$DW2$K?w<-hvodGkQu`~xhDYF<@VwH)S}
zO_`#`+b2izC0T>EVH}!dJM*#1sn*1+qgRGJuziMy)!TBLo#$F#cn#jY0M?vsk{dmc
zsUq#X=MJF;b5ee)6^3YEf=^ds^kooe|67|iVE6%leC7F7FdyexmHykRW}rcNv3=f3
z+7ZMGo=E~#mcE1x#pkYCvFJ?e?~P4~e)9%_yRwbR2Wa69$H)JzXFgLkGXxXRYOu(E
zZiJnOJASV{JLiSu|0zcXm|y%RcxJ<B_symSZu=E=NhW-1xBF@yq<3b3M=vz$XI$N~
zZTg7REQm_+RC>#DZSNzcVDX+T+T-;e$9Hn+HZW`zb0IaAZY*f&l`oJZSvIy(TlM}F
z?YQG*`4frdaC{74MMl{6JjYys&{`1aNHBta@M28P59;{9_ecY|G+A9$s6D6-HStpe
zgJmSls#%`8)NB^)*o~Rx+7)x07T|E%M~{}6bY$l<RyO#7S`3&N5<Zk`(ck4yB_fxm
zc!C%Wn|Lp?>mOwV(1R_&zVgZW0b*;y@-~TbLLAuj%k{+i4W}2PchQJZpVaj)$!+v~
z7~Zwp{){vs5fL4L&!K8asy)j1g<*9kiMQ2i*d?n5R}%dnqG`LXUYDtlV`a}hcn3<O
zZ9vjezv1oK0i#oZKXEO{?_Qg@#lO8Hq<BQ40IvNCsWJdpSzAZ_FA%DbUkDYG?0xO~
zd?rKMf(~o!8bt<Z1vn50tv>_bN+2n9-7uU(i_bSTZ*Pj426*!@&{vEJKvr1RtNP27
zbTgd>A%deMxu3{+HMK6iu`~fOV@*>CMPp_Ec8^2<rs6m1NableAehN!@^Wvf2IRw%
z4Cc{6DYd~;k|6fUzozTP`<Pq5ogT%X6S+`nkB($`rCn|pb+6vLUuYdZ3poQrD3FW2
z$uO%L+%&jWZ|qO%I^goifwYb@@q*%Y`j?Zm!zK(*$1rjYc&c1|$39^EkFLh8Y{mj|
z+-zri^>WL^ouyFbjN;j^U^-AJJ&5bJ{?m54>#|a8;RRZJx_Jd9y&|Xj8)W|2*s$JX
zq8UGM!~xI?&=y&6Bkv4o6+HK{=6&!af=hRem-zja+nmUbNF~}0?mSX}-mnFV3_bH}
z0OU?#M*#1X*xjW7-9O^zab?5H9|&0e_}RpF`tjl?8`{(IFzkFVEJar1<#Ngqt^u9Y
zG3xZ*^K?o^N%_v385NdI8mG(nzvyrV<;e3Iyf!}@azQhnoVF{xuIbf(YvwB%VqMhx
zo7zw3wT!l9ZdC**Sy*=e?F)HN0oyyrre>#49#rYu=~F-9nM{n9^sOez@W?VI;HA6q
z*d0~AwzbLYB_@EoD&k%HU)(zYJ%ti?vFW&$#E>@7M#^zZ+hBj95|R2y!oiArl_Ch2
z+O>`=5eP3yZq2oYN=~EaLUmF=qEXqov!32jB^nVObdF6>Cp<g@D6}rQ0%0_eX-5K`
zZmE`Q<o9JN=3`U$+{D1tF*Z<~?tgSQbYAj!Ms*t9#+1;?l;CQbWnb)*kqT5r>?RMk
z7dlY+dv>bbvS|QS!7d@rd(fdPGBb2zEy{K5a+&KLaB*YKsL0vzCF4BZ-1ofZ#}5u%
z`{<`=<Ujy_`PSWsm>9Sp5DYWSfUEPrkcB9-DHy=b)`>#Z%xty@wLRgVNJ&nAas-+h
zD3-!gozdid`MP41Wv_c_omNY}+0BNx^?3Ey-~jTX0Alef4$NJVAo(Bg^?!u!JugrY
zeMqZmu}WrPro%Wn@5ry+cKaJID%NXULO;*{-GOop1X++?xNCcJfSX#3DbZFr9Ha7U
zF+DL`O{57feKeiR155arYlx|vBv(6iobM5RIE}=`krI<g``SfRR=yo-XltV}5O4ee
zCk(DW=}7mC`G@534Tb4JxYH#LVTl%ZAooPZXPS{7Xn>211!>i7{!<z-+bh?1*OckW
zp>`n{$qa7SP^Ng9;(4U3?N=fW(2T<QmaTgWs#I?GRtU)a0uq=EXn@CvIu(Q<lBJa}
zfX)gi)&IUFg>j)fPUTT90xfvoXt=>lFP6`jWdHA&BaVG<ykGI8R=VYhazp9Q)|7{+
zPT8raN|-IS@pop~z{a`w$0yxO=C5MM+FW~_P@ljYi=ozxW|4t^;ddS-(CEShrmlsO
zaO8yp#_H>51O)p8@au+=wU#s9nEVhlFlP8DG0265v1=5*wo*$|kj*7b6#hmBfR(zu
zm8n|Yn%L909PO`<{2HDgqyq>!1i0O}Q_!Z|E=}#0u^0D23^bJjoQDPAI*1b?r>zvw
zn1UhZv#a0ze~J0{&AhJrmJAnSGspO-r5;)zb{bV|2M8$?qs)rGDR>DI{!g11(QS+a
zMB4E$;udn@tiHN1puG{gZs^L@5y_!qk_(St0QGz{c`2Zc5=d6QdkQr6MoX%oAO!YX
zadzv8LHnHsWc<y}=QB=0w1JZr{=6uXU8hoYftPxss+QefmFjK0h)XLsuK|&FE)SEN
zgvc+qyPR5g>E^9JKLNCuvL3PQdk@>*Mc6dXvo<h)gBd_>+d|YY1W<ErL?QeZqP5su
zH=XCB4Z|L$`bgs$Krw@~Mk;L52|w}<^nxVu#=U#@wzfJ%Qd|$V?7z|<U7yA989?$b
zl`e3@;{uUmVh93;qAM{T+%oP^zje6op#_QoI>JVwOdgr+L<}E06hKZWMhDao<3uU$
zzy4x<?;u;&y2L*sisdO&1F_*jHq)<;t60$gK)+!PJacyiSX>r1JFeH8U)J|6FJIEY
z$iL9-6e8pbO6hbYUh}9|%kaOLYkj5+ceJuubO0KGmz|DQXJq>@g@$pVh%i89Zmr%c
z-Ilvn+WmQ#BdD&Ut3rwi#7Ke=;r|4mzx@F(6hm%kYH4c2K?h>zGplbjjAv_Ce6$7G
z7KUIt!4PwR=im#-V?Nd@jwPx&>dy!X3B#(sy;mqikUYu+jzk>rOc|qj3?q`|I=^lP
ziiM3eD}^03bdL_w5DX^~t6+W8zb3L1M4}}wV}SeN(L7tW<~pm1roAUh5^zm1f@&3R
zw=I}ZC!i}TN25p%G`@v>NsF0l4VH-102k=aKXFbk(4QPuC;FKE9jEubm!V};*jLA2
z-f9P)FWj%AMMA9?li+38_;>F$T<W>>&9eRxK*l`me6*y?^|s7-#<%LDBn79E?=4IZ
z6}uf>HSU58<vr<oaIc4k_U(r({SFk)P=R?hnj|y_p;T}{1!$+p-6)K>FA({y?@z0K
zV>glZ<hIdpL9k(Nl&$*Y(ciSwToB}I(w)%jRN8X8?3$7RjF%;?Y|-J1ox#u8mI0Vf
zYOM|M7TIHkw?6>%<SGH&G-Uj@Jb?e~Ctl>weQN@}LGe7jmc6f)MAfl@8drRs8_hRu
zK#vFk+2ybX?I=Iz-1Ec?K*AG8ftjNfb3m%=k~SzmFo5pFE%j9b&F}gz0ZLMWhx3CO
zZ%pAsVBj^@C~}Yr)<Gr!DG3R1S>C4dYHU31tb?^zi=Y)W45(MhgTP!LgfN8w4a~^l
zEp}r;T-RoORP4j+{NtPKYPaplp&i!y%WRGXeK`E-`S8B}4v}OX<^jQ?ZK*=)wu-bm
zHo`u3i9d$_p8plfQwpUmJOYwJ2HrkJxd3DxpD4|B<#j5=^ybMvQ(q(#JvKADVFGZS
zEkMGgZ?j>L9tWcEOWzaUP&I(q@fFB%pj(#14ul`bvD8~{-+P(zu(Q;?(b*}_1d%c5
zCcp~1fUKVy-2T%tagZ}UhVH@cnA%wTlbSKvPvQ8AMIXCvlytmVzb)i37;DA}dTheU
zcxv`+;lRhp9S=Nv9*6s)Erg*DG(^Pj3>0G8Lw)`I!~X|y3cJJ2(xuXI^GC-NJ}HOt
zG!mQ2?;jX4{|IHD!<Uik-J?fje(`I*`KsRJFV<3gg(XPw1+3>jkhl?ZYO8}XX-@z2
z?#3Y0r337&h?7dk)to3hKwAQn7XCw9D!J@Gd&lbo{@=8vac<6^w59U+IaV1jsCBU6
zA6M3c1pnfVFs5H1^>^Bu3kHd}{6r<19!#uthYo||iv$>3J5YL?=Z_1<>_ku>_%Gpo
z-FQcTY%)+102pU25=jBP*d{$H`jW#Z4$a~qZ=6fA0V^ZOl_`%7VBVlg<6rzb{AD+x
z&?CUe2m_grqU=5DKL#;9#r~oikh0W!N7mxEKfuHh<$WMTuuDx4-~A^g^MAbFLL$Le
zgBcEFU@^BiB})~-OFLs26wW;y(*Mq&s7}5E|62>-zfl<?-~3AJ7C;A2q+Z3>D}dTj
z4C>1H#g0P)27emve4zSOg)ai?7K<FLLqF3>3^B)){D0-G{(6?nIItN`%K4vu&JYv{
zt($!-{&7A2@h^`tj0{j;?fg>LafbbZ9kWg4AOwii@@5B&i2wHT|MIg@?5~w3ewy|0
zU2!$x182-yd?55{^jO%)^2O%jqWE9kpT9nhMZyaj#rA##lMLNC2i6DM^Tqu?Hlv4<
zzj&9Nikul9OMqAnzkZ{h4IUJI?xv&83{%JiSTLD;V7=t-rF&D-{C{BB|6C4#{oti4
zUbpCCjqHwNZ6;c~^W(?sdU>AYI=1o5#$(I^O=E~YrxkbqoRx5g8<;yJ*mhs~5{!&C
zR-FCu&sCp(4Co5~t7Ws4#eiaqNt=KZ<@36}11b0NCmE(3Lwr!g`BUq><Mo;lP$V#`
zRy+;yB!MSY6sVH|zSk%wFdP-xqY(JhJ<uiquZB_ABIa<^`G{;11UuPB3pTRvhsHwG
zpXRvJeSlf_lOVr!wld-1db8<v%O(>I4b2V=NBk+6r1r)0&K+9T-Gn4sh+xJ|qrMd8
zF6@_ycmy&xQt+4w@JMc6zkVZVQhu?Tfxb4{*JVX#EkxehYub&I%etzlsLEzN?ycCC
zn+VaDT3WeCzb7K|#V-0L*w;7Ys(L;I(|Fe9GCZt94LQR;kzif8{_xzt{Q(|St%k`a
zg5Ah1Ba>Sc8)n!;u8s}M<gP7e#>U%EJcq?4=DO(m>UW>>@D4G~vB)&>jc!7J1LqqX
za!m=`oc`yq-NB=D<Wuoe|G}f!VR>A0Tq1xSHWB&@^rs%an!Sj3$J0{`@A}5p`}9sj
z$$xzl%zK)D_N>K)XG|j-8OUwsIvJ4bnFa>y@j7F#7D_qz%^9cagdo`vrAHDxtrbP-
z`sj9I-^mKw3Kx2%8tk;GL*CkUFc^+Vgo(qpoDE)llU2L(vi_38_UCu6JcfkI%pydp
zN`)wuRw+?rjyBX538DN5Ih5PhJQwo~eO8%MY#(}?p%v@3P9xt>!tB}Z8fo*W=weaV
zgutE{rpazBC9!N?V?^Z6k_4P;D#s$?0ouQU#B3MnU;P+}ABd}V*^5!Z?#B^`TV6j4
z7J5<e<{UP7|9|`A7#HXGWWC`6-1XK*<=&}a-x^wUzU5W@3JbSh`~KN<;HOsUgr3k&
zjl%ZC6PFa1^fX`h=75PqdE}9Cw0q-4+faXxJlUPk#orSpB5RaWoy~Z{nw5sE$@{w8
zhlY48$-~~qB?rGxk&h)6rZ};<ztA2h9q(F`sajJO@zwy(Z!fVsL5R%+dcr>2ayigp
zrFQ&zS7_L2PC#7cQ|`C=J2A@uB(++Wuj}xAL-|`1I_E`Cu<ugG_E`S@#dq@&U*HgW
zW(R%zPE{G~N7f%wI)c7Q2Yp*ZaLTTPhZ5SHdP-7jar6df)6Z{xrH9QqJD6bK+^r|{
zXSs5sn)^&Erqub#70!qAJ@Kr5^NO{iPsbw4PE6DHZTq2#HxjP05_1kEnuuj8uVUFC
zwFIW^6d(o5<7v-W@lyTe4LYM_ov$4}G_N|j+T!_APY<~q-a(ke+BKqkd+3yt?jpK?
z|0KQ44PA7&6ox~X_PN^a#>SS~NB7_C7iKpn@zf9E!HzigpNJutG_dmPf<A|wb~h7h
zXT-PDrdCxje?`zQ*X>!`jlJ@%u%>O(`^xxG6VFlP>H0mR$x^?A%SGvKj5dbuGrQZ4
zV?C>FqOW%#ufO3+$PUVn6JX`HHsb0pf4he-xcH?%t#*iEctK5cc*!5jx~H1AOZtI3
zyK)3aJXbBJu4x4Jpgf=G@U(0u3`Nrx#Zt7iebO+(?R31TbwKALVy}CW6H!_9d93~Q
zs3<eD`tI5!XHohS+fODV?N<WKs>N}*n6BFY#=l@rWeD?gqzj&7I43E}U&nGXi%_|=
z>cWL4-HTnZ+bY>graO--3SVSMK0b|4(NZV!^o-myts(Gt^k|9g-&VtObgJ5!?79KJ
z=RnD0l=rGF=1KQwQI^KZWyT}>^-m77au5@ls%|&>2M?-O#)>4IYbUv331=@QjL&iu
zKOelgfP>o+U>5u8;ok1m29;;s9Rh?K*53=f{_R-(I&?vovDl_0>N@;9p@+0r80g_$
zUHPNPCGl)y7?jV07P{BHH$Vrg;>A*?n=WyjK`3V~pD6#x!|M%y3x)$SyEvGIGE8-c
z&$a{zHYY`D=cuN>!_N$>tb!X&mALs)2swW<%|Ap-Yiy4x{V=P2$si~9rX_)Af%EKz
zm+4fc2D#{o_e~Z}ZEnLh#z;<BP%Y$fIyEFU`4VZjQ1i^Hl(CN#t6F9r>%9ps0qgk)
z;8o_vNBXTFL0%m?9qbj_jFF_zRJb>vKeET1c3Iz$8zD><Saxe<Bbk>;yJA_OoVwP6
zh#DK0uY}8FgF%mc{Nzek1duzKM1`vfwS!wxJoKqp`KBW_8HQ?5b1vuiPN%)Sz1H`)
zf{u%Kv_>kOlHG0@jG=jS9(Z)K-_X$RO1S*uMd9=A`v<G(pr=+j!OM>4NMtDQw8=^Y
zRqh_htRik3{@_IO>#JbXV;ldG(uC{<h;`R0r_&a3n4j@gD$#PK)5!ugz8o$6HRNhp
z$PN9jtxuI_F;fv8881#m;zv{WuCpY??*Wo$idI$R4|GwW{282a7ruj|{X{z<`c&9i
zbQuBm8d-Iq8*PTLh%R~+9;v%TkA>xBeZ2T0`m{+M!D;NyXePRJiQX>Wc4cVlm}1H1
z{guUe$6e>C2|v$BA>z?LFlbi}V9>_`)5Ld{*=U13BlE_IH4`mHuQ+J%Ncg}x^IbYn
za<HKb8+LW5F{l1i1s_)Bjnbr{R*H3JvI?%|8ZOk?epfNCai1o+aBr*CxSif<PTSVt
z06wq-m-T$QRoJ>7=QeuB*V@8gFr@bR3q(iz2v0h4`|En!ayZ)$O8Ja>MB)v~G^3%k
zA_5YKt;<+OMt0#eiVKNa3Z-aSO|Tk@BuZ&MkACu@y?18H|HQ?iy}VaKf3Mpt?|q8m
z$-Ax2OB@U;^ZTeG^NHigEIhkMJ~~u)7kJ$ZBl-_^kGP^l9vdi-t=qzLoOiiux3cEi
zNJ-beQh)NTNb`os&xKx_Eamq*iMh1k%EF5hUB1s(eKVQ(y4*5Pf%&W2_f=LX_iLhC
zVes+7Pyzksxv$Nz_2Hf;c}^7{A*o+0ONAmA7nwD7CxoMgXC!PaENYfKA!muy+0Ruy
zk8{0WOF)=e1oG#Ex!kC$e5(x8Jgy1vxAGX1HQph5>5|;oVg7z^QH873#$PL1FB{4k
z+1q#|gqC014-r(ta}@Ym^!t1BPLR}v9M{0wi*VY8Mg}!EhFcp1m)lrg@V2B^=#z<b
z(Nt^CHW70$%(vq!=}@fx+)8<9LSdFZrJpeSl6PO`Ib|B+9X!50(E^9a9oO87k-U@d
zddk^rbXjsLQf<&_zJ3y?ea}qO6bH48k4o~8jixd8-S57zQcjan3PPLJ7z!~e7ATi)
zgtpVR{Oi{jZK!p+Opc>o$Pzdm2;S#@KHLJ_BnwacaMUdUTg&{cN;?gLtSn6$n#44n
z_eql;M^B`gyHCl`hTrWgokQ~6!(egAx#!QH@2a?s$XAo!tA0_MYk{V6(}bChDq{Di
z@;sRz*OTt#>4>L`#J~Jlr<%4tD<sODfngews>$J$s&}nrxCh+jOkvejdO-1Fu>8kb
zCR>r)gO{EaHKzt=3eY@lz6F%!*ixu5748RoO%APN|D}Wh!{-y<+ylcdz(e%bmXq=m
zJ@|GAJ)9@CdQf`_k?m0qxSA4*J8pAKx-qO8&H+8p7gZzujEv3!)o)Pca5vZ?xxJE7
zPma{;q4IGz9zZ`Jkgt_7a{9YRs8xPkk2?-Nk-S~&SC<%2h#Xs6*|xv-czERBquQUp
zm5~6UZHw-C*vyPoMa+fsu*6i|(CINMMTtO;%|yx7Gc`^NSFzrJU%NZyxUFk~EK-^b
z2N!7916I{MMvhVYaQ2bH*b^)2tGpfPXiD@GE<Xg^jI>C|Wz>+{VV-n|CVlVQ;fMs&
zp(N#2%+8X_R?E6rEDB5ulpS?gVoU9S@*Oz~w7Odq^NvlrZtK5Jnc?ATE8;4>Up7d?
zW>#oF$Yr3*CA;Su%BP%bAX0Rep5@4AZK+hWdPrvX0aX+z{UD+y2R)s<rR;Z=kv{c}
z*hy8HUDgkMA8*^m`Sesj)mF3eioDY_HuV!Ff0p|aQOO)ESoz{~Em^7O*6$})CU_jH
z>A1X|6&$2?l!^DKD8Zl5sUqQMglw3GYI3U7YK!&H`=efc%rYp^^}*87m36x~bg=7^
zLO-3FAE~-6z8;{`@iyYF#KG)df&vbY$w4RUAaxLQw3dd3)iL9Za<#6-%znk!=Cvgq
zv4!_kZp~Kvi@_4C1^dZ4svR1YMK-p_4s;bg@(Jd914nD|(QW}}$FmOH_5(td*|XuG
zU5!l8xsZVI9e{a{Qnikn1N5Bf7-r>{g=wadl08>{7ysVzd`NzyU`ynbd_%6-8~Xe;
zXWPCf0Xfb$2&Eid569+<j8t;2<Nd;K+M@B#bxpAM1*h$P>_1!TM-mG-?0)J$NpQ{c
z6-K-A^q20(=D%t;)T3x2x@4|FNrW=I7Pok=KjVcP<qRi^{BVLGfPSE5a%!~n5nW~F
zK(q=|u0i1X3)ZJ;XG@5?C2uFCO2XpNeKeeu&8#|kA?&(^GVZY5IJ;IjDYL5j#af|y
zRj0lVj$P+mAEPpl=2_{$*4Q|$cArZNaouJo#!8qFtUv9%c_l%N`$$4PCKaiYaE`S<
z;&)+|E_1oPk(J)?!WsY3$>9kp#Mk&05Z5`}UcQq6Q?r~{)}0f9L@U&;B*@~rO|JCG
zLAa}41ys0i?~-XlAgz@SravA`{5qt@d2DIC=Doe2^g5<c`Z5U!O1(n974cjjo3yqa
zF42;!42P%6+q=r^!RZXsQ(0z*Z*M`atf|k@jFg;EYn+S`l!={Zae^IEVUDc=F6-2Z
zZRG*kcj6AgGAmdBI$El0Zu6{3BpC!g&pOiFzi^qsSSS<9w!c;CJ`&4Tqdq$N7A+Q)
z&_y}M*XFslO8H*#vA(S-%KsLz!9YG>F-PsqxsL%|Kmp#nIzjymIa9Nzhtw5B7lnQs
zSl4+xt(!XI%wcoHS<L^?hkQ99GPU!VDm3WB)wQds&RWgiW!e(<NJ~s7Vfb<$;(6Nb
zoQ6F&LnWlMI|eh@eJ9V_)2<<xC(9XDh3!fiJ@e1Q{<>OPs#aH<<XY>3XBDdQxbHjf
zqZtkffsK&L=Ol>O7P>5`Esd3w*k$!si3k^};>a_Ocrz$c>e%Oe{~%ukt;)m7|EAc7
zRZu47$~s~*7ZJ)7(3Z`Sz?(iSmW)z<Kg5d~uwZ_o<-k`p)g8;Jt9ba$w021Ei)xOt
z1deB3+xJr)$Y3gZh(&QdnXyxOuS<Uve#Oylaa1Ww)#YJQa#D)?n3Qqn+WB{MqA^(!
z!R#5V3KiFKPv9$BWJ1mv{f;X_lcI03v&hx_7EnTpB~_{P)8VSyAP1C19#LJdzL1{R
zQ2JtmwIyohc9UG#{VG8`BzZvbo=sV9BsaWvw^5lp>2u~g{q<ytPeKqpqoK$I0oJso
zS&R|5RvA9($&p{DQO@ggJG|+17ROHsS>AC6S2>u$^-kW_wm2&Vp}D&{nHk%~mO8s_
zAFsYwRO_-`Bv;qL+06F`r`s4`{ea4Y<2ZPc(EmmFWQeU(R!T%|3u?ZrLeZRUD>uvf
zCQ*J*$>P(IidhW-o0(n5mX#}rfV>btkDU_!rm<f;x%)5}^@OQQlXgiJhuj6tIKlLF
zI>IjQr{`va9^av^6&n^DT+)G(94`7D5N2di<?5h|2;z6F1lNpO2>i7x9mPw{4mwo$
zrCm<FeHfH#ybZ(>zsqD+b;vp{Z87eLakwb9h497#MNY(5)gPImEh#E~`&e8`L;7s0
z!Fg^!9x02lf9BBrL~Yi57u@a2Ig%^_Zp&|NO;3yUKIh%GxO)0<jeyG}ruvE_+GRn4
z#T_w0n96FXA<tC_gRY|<D$TQNbZtdb#)#-w4kwIx=cl)SYO@l5=&;~&blDbC6gX9N
zdK|ZQ&*fuh6u0Ok5=|J+b*ANG3SuuzSUBs?l{tShNtUcltNI#MTx_x>33oXxq;Z%$
z#)O#4-0)9UrCBXYE{jMxF=vM_bOVtg3#s`FbJ2A?*=pP3M%$X&sSjNA`Bf6vL?DTr
z%<A^05J-WucD{FNenQ`-laSI*^-jlF!eIF%?FBeH{^X6{U(m`bb?tlmHg#<E1TZoa
z#h|)RKCXwCx!+xs$=%pdX15sU)~cdS)<2lfww|%pzVS6Ddbd5!LGf9~qvmT48s~dy
z@@x6a6bnM2oj&KSUpyWUaUXKZTmN~Rcc|FWyPf&!ay;`2xJ|Ti2*ZhGJiBdbeX`<w
z7TUJWpqIvO-pH_ah~i_rZ~gj=YH2bvGu=F37aWW1<tHVbHC3LGS8Ih2Rq0q9wVoB3
zCeBJmUQznFpY6~HbGP@=*~8~y>zT+cYh)V}?%sL?Rost=4%>?G5x0^fEleh8FgE6i
zs7g=_9e3KQ0!cKV&QkWs8P)xk&kc{L8lXduLk=(JY{M(w^JC@D#kdF==4__z=)7NC
z7Tf)#ss<U{LIxg*lv?avUCNEv8ORR<(Qpl*>?OEY^V`1zqyy;6_P$S=+1yM^0)I<w
zj38{jN4a*-G(RkWD|4IvYXW5KdnY3n7xc#NpKOK1udR>=;=@VzRH_9Cuiu>KIjT(U
zmq#!a$qW@dOgD+IxJ8Ga`l!{-d7Rgyx(Lt(D+i&L0M#%N+}q_suSQ=cbG09=C+s+C
zQx`DSdGJn`m~IM3@3*;7U1?T2Q+)L3kv=BET6NbE-Yufu(0@Hw6JwX^6w66S7*lWM
zH`_vs-0!8cKAf`x0dE3<#$ZrG8L0z7vm;T?=FJUqQG>!cHp^HF5$mTM$@@vOHF>uu
zRMGj|Sp-q;PPaG6H+yeFymEphAL~HmS63~oU%^j6D@t1(jPgkpe?nX3Lrg*%&%Y<*
z?}@NPCY@JvUTW$#BiCrGc(E?HIOy^nmsQfSN|WFjM?z-vm&hK4w(Y(*d(HiaLHV|h
z5^MQHdq>Me5Xd?dqGR#BYBoitm(cndL=!cB=+sM$SoyW?Z#^S*63qSp=qjfDl|hC-
z$I0)!LUOdCv1EzR;xY*J^vHMop{?zc_c?mD0k*gMfVF;!Q?9~#J&Vd}5KdTmFxWBj
zsxhtH@>9C|0*T1nQjk&E&(%g&UQVG*UZiwr*P?5VNz-*dRuly~y(a}NX1edB1oy~k
zk?R#b<MM&%BOl!stx?PGtzVT>hT}vpIikt9<<{6CQW(@C7q&rhog!n+rK&O?v#!fW
zyRTWE6&7nh@K7AR@80<twOW?))(2y}_b@2is6&8OsqH4eZd+JSv-*3Ab^n;+h>J?!
zd<uj)dZPviU~ca|sm-S%w~+E%a>?&0_vDtEC-m9mc0X5i>4OMK$2-#HAY5_l`I~a&
zT`}sT8ukPGyp%borC0`J^aL?X)A`DA-B<eM;}MnAsWCnJyE=jg+kxTS)|UB>vr0?9
z@_{Co3-|vWDE;}{6s(_sPPVN;nJ=p@4t%HZQ_)nb5v#-F_!>sH^tj;KU8z`>r)e@l
zdO~`yQ{GB{^9dk~rT%(vX)X}GDRE<W+kDUy@tG`i4rJLY)J<Pc9#*%cIE|GXYpr3D
zfQ9b(2=i6gM<|($ZYS(n>x3NzzwHRH^jF`cRUl2--dQny_nb<QMVt;F$NmDdx(u=M
zcXbYB2AAzRn+z4nn5Htm_@ht(Lh@~~Z=^F*@4xAyu{aM~70Nb2e5l%$UcVAH<*vEx
zY*eJ1_YyL4+B2ot({ws6jFXY$$ABhNUm#|CrhM`8(YF<6f-}2yu}5p1T5UU<kh<&%
zlttEERUMnI{B)%-0Upt^cXN&iJ(rCcrp{Bb*s~B~c@lvDr_seemk(jtH%YG-Khlan
z9E}`zb&%oGs5M9>sA4#CS~{XfMlYSJHF2KUR4gN?Q`Z`;h%bt{djtWtlB9!`bE>VY
zY#h@C_~-o*@!!Jr*JbFiFTmxZnP#kfrND+zu~5@mh(->M=d3cN&-I8rQ&jmfzFMEg
z;kKc{qBVa$T`%4~Dc>LreOt&y&~(%y)e~A0b4@N5;T&sqR%{#m>Bur_tS3TU%w<th
zce-VLp~H|GmGv5-i-G4`%+C)fM@1tGvtIFjkromtun0_k1Dh<6Lu(eA9I0s>P6$g^
zO@iI}mep-{IDo%2d~B3{v=|o|Qx^H2%I}hUoS>6}V9AHEQV%Jm7tBiX_apLc^Wl>=
z1s5({Z0~KA;I@8xO~CefLVxwtqL6|d+j$hytWF*pwmf7QmDz4P_ubto+Yq<p@*)|E
zd%oJe(J=K{XenWCgw=S#ngbbcPOZ`2JdXw`21M!ZUnffAirAr{NsAfUD64EM<?s-?
zig4L6a{8*_qM|Ryf5<vb46B60do9XS<Voq70;$7;C7iPu*c}AdviWmZb)Ap0GiUWr
zb6A}F;lf=lF?Q6!5vx_vqL|C-#`&s_O+D!|5!B(>i5*o$S}rVfdS}@t`{1;_HhfHZ
z3%)ZLy47iWW~ggQb0xtjhrg@v(+e`5XrzoTw1cP8<<~A}Qf{!?j+uoho{Tdr*l{pQ
zU0s>7P`skL-FmvUch<T}VoLX~)eFp_JbR4gaaLvNxPOJf(at#N8TmxQvw#Hu;Ffn3
zN|v1A_|$YXWQvT#($vCs!rJyL{?r78365+yaPF*vmJIwN)qTc+w_-!brP^RNDGew@
z(7M>0Ik@Kh4DE(wJ&sR9b56~C@DX7w4uJ!CXK!D%e{Q0HeSPKiiJGTjnYChjK9XkL
zgE29Yj2?{MV|2Ygo*5IuB|*nAY8S3~P1Ja;8Uisp)En&CdQWaRlf(c(wQI6I?Srbr
z%y9y1*`AR#>QiN6s`4z8W_d2hi#IfOPx!a?5==Ukg9IN!xs!4P4BWQ)rc;mhDDEmZ
zbg14>kAFbIB2U^A*>xKs+pX<HpJa<up`;@Qa(96m%kKLCrA#*%11H*NNI@FSk=aux
zs8l;9cI2~dsPDfe>T(!%lLMwqtNO5OYsk%wc%u)ooXGm-@v#<}0`B1sp>OP|CR3%R
zrUr3Z5w@MPQwLRCOzV=0Rqc7g*udn$9)(hhiXD!*w*-Mp73NvVnW&r0s*<)3*dK`m
zewi*eHWlMgnQ7}qG={bTaK>HM$)M5$ph0tSy}B|V4#~=3_&x%531OcwF~%S^>>gqu
ztLkeAmxnvPY{KN>qO5bRH9Cs|XvWjusWS>#_S--5n3MHR;rVT-Z+VGe|7gm`u8!@Y
z$K(CizRk8-4?0Ss_IYN)D_<yY23&88<#@WKA9!h{d{@wVIYwAu=j~i~jkq}%-xRu_
z-`&*oi|NStBTnt^g@Lt78(<+j!#ZrzOQjYDO2N@8&8R0WY>5DYYwI?Pg?KWKTg9WA
zCw0aoxu6bP-_YOVs#!zUYG1G2kKT3C#*<w?;=Z5sMwPO1H#BF&dQrZ`<#8q}l$7f;
ze~TO0MqdY3>3Sb@YmVdkdVJ-~Xvu40!qGWAX8@+9N(kqpZ@p@GY0h<Ok$koI3Y0iK
zPrK%o=1LC-?|B$;wkm&u$b$#&-=#d(bfK<XdkFLA&2t@|(16bsDe~(Ms*d^P(j;zY
zT+MEGI!HWb7ej|#*|ics-hVb&VSAnZYvfh;r7YuJsC7bQjg)eHw4IX6cMd6>gp0KY
zSt`W5*$L?Qkj;ZF!$I=E6Sp6o)C!j7Eu~Mmzqq)xB&s|kqa1UlQ-e%>^aov?fMi!{
zI`TQdsmkVX$4J0t{!_aHPRz2)?)LGCm~|D-*dL_a&oC+XN)Z7p`qBAU?Ir^BZkC=3
zn%1!SoEr9LS+D)vd2_?XVVRK{5FOt!rNyIak${-S$Co%lw4D%@>sbvtN4uiz!Az{>
zV&*2*!C3jMgT|Q!${sd*2Stq8`tyv#Qr2$UMPz<m%2t)ueV_`ENBvZbCd*i@3gIFT
zvM>2}1?55CDhF#@T`X#s?8Fe?ee<+cx9eNz8*3rSJ3gG5`pZN4rw~zhkAi+Xv?3^Q
z%yrc#(_5TA%JLq*=ajBXn$B>!MInYxqtJk~njRLY*!3fBee`?Yb}UGYD$|^vt_Kv_
zZA+zdHm!dQnl}@QHI{eA7em?Yf&o(*4f>F5k>^?Rl+eKfm<9T?z>0rKIs<twij>v0
zN)x;A%}r=He1$mNmN(mHJ53%Gh*j;rw$MxYsKf~Cj0tvSADJ{Rz|1*PAtm<_8>0Z?
zSA~=&%yPsUohfV^xN{bzJ+ZA!cVhxhz&&p=PcykxxId#}t_}JW#{j$YMRwNEfsJ9R
z5eo4nR%BYAIwAcaE~?@xo5;}*Hs!QO`VetW^ENdbI<(o@WL%+Tw=MDAqk3cRb>A-O
z3EB58F=eYS=Vj;FM<_se9274kmc?qet52P)cPJtN5IaMD*%ffrA41aIC6KqvigT{2
z*Nmh>#=S1oFgai@dEb+q%B#I7&&aGv;_L=fadB}l;z}IR;aK9aF)i*J5TG`bXS*4n
zUwbCKMtmpkw{;aSE%jgK<OyBt^xCou)F#}qu*#EQ%4;j9?v~yCw3O1X7u|KU!jVDE
z{TLNuDs+>BbfEMk{2u+oHTLWDZwwL~?t{Y1!S>mYV(nQU8=tx9#8K;c*BjEcZ~4q$
z)v+a7(Jw^h6{j@vSN8Q+6d4M`8cGsO>P+5cou;0@>yT-zQL#N2=~m^?nqcCw=O}`z
z)0s(~_4%5km${kOD280iWOT-tqij8}>5{AXlI4)PD?c`Fqs!4dQ<yA$wLQWg<>owf
zWIP1HO8U&mY(F>cK2m7(CfOKj>{0qHPj@FkDD`RZ%Xyosi|d3!{0uE<o;>xEclb^^
zHMaGt@?*6QQ18ecdr=Z*)nWGFXbvrVUtwz*d(#uGtJK0l(<Q68{af38vkIu$em&dV
z>C`dX67Fh+<h<!rHYWyTDw_k~PArqYgd@q&cHj(erKtCj{u}q>XNq19cpHF10MdY^
z_tejr<BBbUG}=k4YId|fwOiq2VT%i0la?*(>1mzmHy^Sn?)rRej4zE4U3$}#wb2Ff
z4Iof~)Hj$`6HURx&%=B@1ouS7ap2>7Da7ELH>y3WJfSPK5V-AYUQj?FB$=OB-vZhj
z?VGbL5I*)HGc>1&v&UKB_#V(;qy25LU?h(*5Q-aAoW`r{_#c>cx+_wKYI|60-ZaU&
zzZ_h<98r4BFhpnzH`XQ@G82)Otk~M!>VYs-nEU83_k<}_5P5&FE{EYZkwDYz3v8H*
zBy{744=4nWGh;bmak;Gz58o<L)%%pGkdX~+tW6%e)_3-!LC0%Zcn@`a2(B{z<qB)+
z-==rd2Kbn}%uTbt<Mg`SU|x@qLF5k{Z~gvBW}|~mmZKTTvX-(g&Kr-t^;;5|jkpiP
z7UiC|Io;Tx1=Fsa8U^s~1i4}Xw88B$+gxhd8*lG{kQ_3GH(B$<Ii+YeRzXe9%q$&J
zPVJ!ACAqp-Uh$1Ohvndq<y~>4`Rx*(>0{!pf~x=}<<eE#C}iw3TrHB%9P`$%kMZMn
z+;z$x$=;h(G7OPk#}DN=N=`Y5O7Ur2;lDHexUNH#dRXe5*8r&u^K|OEd4!4TAbdco
z;mxxSf#ob6XN{J(u+vj&r$>Ag62A@oPcLDgo;u8^Y9#f>+zJ(Z6<I}q(*d92Y8SEz
zCD~Zslw@>*8%LRnTxWP9MnA0|?Ytdd`<y0o^PyY6U1KE#<C85EldpleVw%Y78#Zj{
ziS2j!_wb!ax|LK3on`sdO2RAl8i-90hjQTl9*y!k%kr!}(-~&M$`8TmYnu({kvS|U
zE~T(Z)pX2wb>&i+olw5ak(D9E>ZIu>Cx&d*ayrRw?N7nF{JQpn$SlnglgVZIt)4^^
z#nm<Y<FDS4Lb#Yhve#{fX|uWx=q%<r+>otyzjuPgtkdfrq`R_psKyA5)R&vr1A83T
zdtW=9PJ~hgRtep$wz<j@(!y}h099_^LcDZWbo2WyEUw$+vEaI{yK?=`wB7lj3Y_1@
zThr3mr&JpR*SPf68VSHjQp^n|J`1m?|FQ4S$zdm-9?6t#U};3mqQPAK*5^WNTJ^KO
zt=SZgq6al*_P)%7?4<eM+Qo45nyYp{PjR({_-~Hs2mxXR@e68j?qzha0EG<IG5CAv
z$%E+5H1dsSWV$R*ri6V(_S1sSqmv{!&mKJ8+<eSMI9Qe{pPW(anxt(1wNR3)MY=%%
zVtIpsSni;4@ElWX?m7G(X*`y#n>r5@1-91zmTX&2Ez?r^1G|QY#$o3JRA%hhu2+wK
za3xYgf1;bM&t3b6{JqNR561M<NZEJxm@l%s0KO=I4f^=ER(%Y?e37%S)QMa#p?^GM
zPb;GavPPMv5d9^qfmhH7QqE|nI#^3^v7?;>n$odw0WM6|9{@a13NKhOqgCI#RKNEw
zLnIq}p3p4SjrIhNr<x*B&#1DZ#IXmCKR|%a#7a5E1G3pcQ<gBgrv^2_9ad`&9@=46
z@|^86{gZJPwfMyF74n~XSti%RIyS&SJO6uIQ36?d1LTx-h@Ti<_zp*=U-QM*jvE=n
z17>sbCCkXGP8?H?8qSJn^XTR>-A>vPx%V;8qeP*#NlA|l^5J(vBXq-fNYRjL7eJEg
z_JsjU^~?urdLS2q`UBYJHHH>=VCvi4NrwGOD)MuPh{~5}4YfP+>%tx$QvG~0@3*<#
zmmU|bE@^cLzUcc=uQ0!{lfW6};PQNB;NX^%`5eB0Lt9l4DZp?0iZLl^CLMTnJM9YA
z-@khPPk=(2`uelV&tu<I=P&wI$K0;q#%*UW$w|r^N1s&6bML;tWFXtLBaXH8EZdau
z*@IziY3LUD_UeIS2k){z+1OwY{k1TB-V?r6zYu#prH;Wx^{)}GIZ&E6nRDo!?|Rlh
z;A1n*x7o1r9qE7KSedNg`5;ae4}SlA4&eD*Z*KJQq(9#+U)I4@YI^V_g@Ww-EA>zm
z4VRncQ6lq*on&rR2CQidN7fhH3hQolexr_stGlKm%<`(0Q)P{4OFv+~Fp-Ud)9N*F
z<IZ%rV4gPS`u_KWwE+btD|*?H;l8geL;k$+LDNFEVOS7KgEL(vPtsT64C(Ef7GX6I
zUgf$;JB_^bI1j_Qas*b_;lk$p`^z4Wp7UW{cG!hQE&#O{WbsR5dp8h9?i5PfL%L9>
z%An}<x?rx21iFb@T)K5&;}CXSjQsf7I&%~W20PpP`PVQn)Oz%--plTdIS0y{MKO-j
znDZ;+bq*{4=CsxC_uliNFu)5#1>_?fTaFWHXoa<34o0?kLYrfV=<n(!YW301H(*s1
zBt7=lD`Ny7dLjD32h1CCfHyQ@75sxYbfm$cz`WDMRPn9<sc$)oNAFf@3suT-p7!$B
zduaed9MoHZ0z-a<lK^MQOHBEDw|W77{lCiMhqQsRGLpDl%>A%Pwph`yY?oSD%jZKE
zz)s&G!o_@8K5(T@PaaGEZqLC#<@$>_V~dl2?u7VRrFM=`e%*KNkWDWxN$kD~q0jbX
zFZ0`csC6TvI$DS*l6kT492r`_iGz=>GXWL@Q|Z0&TibeAcL^;0Y!4P!*WA77)NAh|
z+@E+`xTsr9a_489OtmBZ*O>%iKPk^)AFpEk2^5?I_{$`s-<}viFT~J763)Z$)i(M9
zyl4a%a^@ZJ@d&m<(DOgdh7?*H7RAOyNcn*m%N*$m1$ky04_9$eLBXfO=WDhHb_aXD
z?&cPPbFI<x?NcgUwi87ru`A=HO|kvvzM_D!5&^h$(O)@F%;WVscYEMAV+JEdCRMZQ
zn&Zq*GYY~ubu|b`Ss0=Du;4eiyBKJ%t!6?<MZY|g7qRm^doYU$pivkuU!gPdqhyP2
z<+w-)lP*@j#Yv1Va?bZ{Hk!e?{`LS(ZkI^aEa0VvpOKXjVt_1e<GdvV=q)Ea76G(H
z4jTX8X7J~*+iqg)gkq!57PB0b-rH*7-wE9MPnG?RjhZ`9lOY+c0AC?;(;%8wyXsgy
zdcu*Zigw@D*aKux3ww8l-k#Mb@BikkRdW8t8|yMElT5g(b0`<ST+*d}TTG+l-n<r)
z2jRYW&uL{TlHM>+nDF}b>07lWUtL<n3LWcB5A2$*sf8*{s+i<0)w}H+2)BJ^$fg*r
zm9BI!j#+dRvPW@+uV?EYUb+4K3Eyc2W3Nr$qxZ#pdn>aCt}91{b7K|e(echTnZgI!
zDmLt_%UQPOCvYGV)@P=R4Kvqx{d?~Cb(u8J@b%3FPiPV`oPBKPF}a+KV{Gy5E#;X!
zwpg*?Y?lQsz-5|<Iag*~hdPJ^%1cT$&qYybS3FvUPO2CWE2@_)v){(S57_hE1Z`KD
zAXy^MV=PKMq1lQeDVkll40rFwp<1j*YwbBSYvTAN3>2sq2I52F24YN{72Jt7<n(Ov
z6;E0)`FvOL{>efr_xyyHd3x(@P;NA~8mez2lIqxFm0Vl{k$4<|*`I7KG1y!Hut)l#
zFFu2A5wMJjba5auBK6^bZ;J@8%IPtF;t9CV#7Pk)E-P&d44_r9&~>Sd&}sh*dQ*8v
zv5svO!eKI15eP~>Et}e9rrJ!gXQwKq$JH?JH~sRPRkRBGY`R`!3JE}lBw9fKGyDFb
ze2W0fh)ixpT8m^IYF@Ro185U|in%M__x>%Tx`^4p+kASLfboE(B4=bExAXqFmYNc)
zmblcpz$ZsJ6Sud_PpI|~XRQ`^-2A^UAebj%qV@;E@UUJbTVJUo9t?|bY2B2)-e-B@
z*cg^&3?1-VM=qDP5!xW%x<$dvw0_#L6Iwj9*Vhv|O5o@d$;qX2beUH?52*e`Eo&Fm
z9CxmUuI@CSt5}$fnI8rS%Uo{!DsrR#y!laDxD+;wpJ_TZ;Y_PhEI0`avjrpvTa!I+
z3NiZuBh9c+%xu-TZqozy0PSBIs`;uCJL$CBM8a*~x8t~)Ir993iV5i9wrk)1tqUx7
z`k5fT!hz?s5Z{W?^4?Ml{xTlUa94!}AFqujg!7Hv1G~w5oseNRCWiTAEML)5%_KUg
zY$sB$ttOHe%awAYvRWNKQ?=wB=wnbV)bC+2R7?oV)jExMY?CgJ#-$3eCeDtz=kef&
zGY-W>tucBO<`z*6un+#C^q3mJ1qr(tC}voS$UA-Peq>|>-$jbC2d!%H%QvR$2GKtD
zlLyGrTwl|rtvy}TTuak7vcYG2a}7nlp$XqGK}WAe5@yM%P9EbR`%?W19T0pPTdU)a
zUe}MBFs$VUsXciBc`~>iUI#?1;?DpR7vnmE*_)5OTwk^y$K73xXx|$QA!MMVSDM6L
zKISR3IU>=xZ;_^5;mR_3p!NpE^8oNCOpm0+-jIcaFpwAN_atV$9t<Dzn|wiG%RK*j
zj^;oXqBI6*%62a44o5tFJwF-_Yz%y5bgbAU)T7v=c)B*nKPwim?vU@t|72w!xX+kI
z3%eJuzCP~4uyr1<mv>O8-*<>nI6795PA}#|?9>6OH*(#kXUqvvj5bkDKP577SBTpW
zcIEd-)5}}*Cygl$eoyT&S-do*uTg{yiZVf@v}8Z|frDGMM@=K*yk{dQR^k9yO&8$G
zS}~~Kmq+-ef0CNc!>|t78af!rExPsOs;e}K>LRi71<};}5L0f0c0!A3q0&<hP}vCv
zWggxZa^P=!7k+WEc&%2LiW4K}Zuc$N^*8Z;;01jlj;p##3Cw$0sV7^c>=f%jmf>?m
zPfHC`HZ;#t(4cm$3}BVf1dx<zv&V6Vi*d88Iq0V0J^d5vS^>&_ngRneL3zpOkBX~9
zimC&UBHL+1Ka<9j`3d(a4PC_`@@oV9;;iY4#)bfN<Tl@VI#O*D`+rzF>$s--_uq@f
z4Jvr6h)5ZP<ZfCTQKUmUhX`Zz=pJBV5mKX3VRT827z0Hm2h!c$IgpJw?|J+Eo!{g9
z@x${t=U-!=&*z<2Jg?Wac%4q)_EsDAhqfRr^zdw%(}C)#6^+aveJ5t5NJ539exH|q
z(qWsppQ6lt^fsn=KwMowpjTJP{+0j6=fU;R{(>s!R@BVyV7;iv#1*>iUG5Pd{kxCl
zpHC+}NKuuO3rdu7QS+@HXmPyNwoou?-<1z3C<(lK{P+nNNtRKMt{^nD&ek!1{_(Eh
z*telKeqAH2RU6SO(XG{!Gt2R#`VE;DtrU49Pe)J@e^0YXaI0K~{8VA_**N9)v>-hc
zwOgG2b$DrXHMQF{3<A_BRs}LH>J(c3+RVrAX&mhrb`<_PrxfV09cyj`UmF0afQ;<F
zDL~N+S7KY=-Z8L~2v~ZV6&o$B$ba!i1<2q%xBg40etG-`a>Y{f+bPZ=WDpSKk&N%n
zQZZYt-cRqx1m9lzz~)y~z0kTo`OcNF0c(sFt9ka~yPj!hH}-oN!_1|PqLhLhCnLR@
zPz9D4_dD~tbJ^i1Pn}8-VCt(<^~LoJ3CL6n{L3Q^U48#aK)`iw465g{SaeBO4=*n-
zuWru#+SeRO<9E9yz+5{2tObMmx132uT2)_<WE|o>HQ#*icR~)V&jb<cxM)(Xm=Z&u
zP!?J1o}6+g%6Q@*L%oZg5c2#EI%Sdcvh-D<^L=#!+nckkO;oU~dK8Zrv|h-Zuo(8J
zpe4Pn)O@EYx_RcR#F!^B%~)SpPVI+d{{+I_08<d}!KkE4*V9qJdKn2QD#q!u6if(t
zLS0C|CNzOcInK+HqxBuYb>CE>>GR;lfo&SQR$b>AZa+%gW!U={8GzK6@OXHM&x@=f
zeYV;anH<F))e)sNY8UU@xX~VI`;L7-Lk{avc_&HRTPHz|L$7o55?U!QvKu7(Utna+
ziCHqql-Ie*R9xxwlykZQ1$B8=wMF4q-q7BTf06&a3+re=mq~r0x@!zTeN(kK>GTZg
zuNJiI{evEg|BW8r1cEYb%T-&^9n(As`(}3ib-(aoV#4BX!l5xw3UVX=9*c|(Q8&|6
z-8fTVUh8E*2+29qC|wI7=0C%(_bnGaB0SEEbXd+dZ^1z))_mxm<meYC_aEx$9b6SJ
z&*<+NHC@fQYnp<T`ts?lRURd4G|JfhpX*%JYNm%Pj!D_xA$wD*#Zi_+LWXI{pPlPV
zS^cNDc2lmR=n6Y2mq0E8QH5R+vzapF(q7Ui79MVs4OrZAAQUCE)eH^rnt3f7mz*{D
zP^@mZtGWoQ$#)vWx+JN^t$oOrFKb?i81qZz$U}d=7^0TaR*$@<dKs@=7^p%s@)lSO
z_Rn9^WKnw!ONyv(-6Yp%@D685()?@keNU_#s*>4>5M15rc<qJCW0P?2Pwgb2=?QJS
zi-18IOo`#wmYuD$`Wf38QBdoc?mN1eHxU!u&76y7qVi_o#~mFV{p+U^a3xG1v&Y!9
zFc>Uzv2QlvmWBuPWSdE=Td%w-6!o6x&tAp2mJHS@gx*JmeDoUP8Ya>R(Uojnu(g!+
zSL8cY-qqgBGEo>Dv9v6)By4ABu2|meQZ!KbL^U6|G@EieK$qz5qtKcpZ7Hjl{D0EN
zEoC$=^Vjs}U8AjbBNR3^i&hg`J5_0D0=%ApI;I5lWxwj4FD^p?qrds#?<S#zgdAzK
zZ(eYVxI{_WR+W$SpiDBsJ|NmFc+1nYcc73m$UR}7p>Nd@lbi9xBE-Z~5cP8(g%-4)
zl3R2Q_1gDI0BNA?l761td7ACT1!`r4r!6`=&dfD2q3?dZ(>{}`%7WZrtE0&UNp_=p
zM2~6b)6(P6%A$UNKwo4IjHSM{5J-g4dJF6f8SJP!j7aCjyhKinvOoF-v$Q1JIV6<%
z>Mcm^rS%^;-wQM%EV|CWfAT>uyI1s%zBH?s<6%A1s>qr&mxq@Rw>QJNKbj>Ka+vM!
z@$m~eI1om<Hb(GmyQBTV)kA08R%x`?YH=pSX?C7+vIeM}yCqm|JHM-Ht>iXLxt>bK
zwr1A6HsK9juUI8LN`r&RM<{6}$pnq)?a`PulH6YF=s?Uiq<vzIy}P|>P+-cR8oYzi
zaKVm3bDy1M5^r59fbOO)2-UjqemKYc#mD|@MufDYleo`BEOubSNYRUg9Om=Nl<dhG
z)rv1$acJH39C6=u?clT~m9m^bKZ?GZPTfwXdeOOr^kKpvfEc=}-QukOJtq4>Nn+`}
z$rB$>c$y7}YFo;z_$n96PNZhpQ8hlHdeH-jsl2z$(p}5D$yfbou5gXRxU<{nZmK8e
zFPA0I3}1R+A?F2gjsJM#KUx6Hu~)k!`QOj1lsf@QCH2u!YVY~wG~5!Pl3NKG74Vd{
zSNN*I*Owvz>My1W894EJKRAHRYlwk=wk_#h8AR5}+g^4nR@lDtn?s-wz)KSaM;yZ9
zgbj+U@b_zZJ}Ec29C>hpx=t!k*ZGG1Dzg0E<Zr{d2|%)Foi}hPjjzA&-4+*cRt{5v
zqwigI_hRf_U!xif>HG8eCFJsT8oyhOBRJP@v>WRrm*(95w(ddStnXpCSi}?N?Iz3Z
z&E@Ody_>%f-;PtSq%S>M)md0^y#NRqDj8UFa_31o*O{h8Lyq;XM$4vVWNmXNvROa#
zh8gMW^RxiN+a|axvI9e|wS{45!&lnY49%hVlrq{nTN3^=YlGQ1Or5-iWQ&K3MkQHQ
z)~i-xGII<PW1#MpnFH;2VnH!y{PaJP!hTIIee;#(n$ZlAlkzU1G_M@`W*<Y7H&@Tu
zPbOL5YrH9SpF)#6WmvqBOFQN5Zt7w6)ZS*l+2Y~zNdv$f;|0}l!j8$up$FiolUU6~
z(}#hpyVY?b<|H#|`bJ~;b+xk0QQ5l(`}?VNL97~k#`4{yUoI%On(bkn)vNm%SxtXZ
zH$e?TKG6~XhHxCH`4Ekrc~n|`lyuk;R>`}rGp#&i8$7w-JD<rM4Z4%@#8k4Mef(Xp
zmF&%{6DJR$zTbFvy(SFP&aQ06&y77_Z07p<A$z{%Cni3$df$)kN&Ft-uO@<j^<m@G
zZiIl&<^E3|k!R=HN8CT9AZR5kl4aL(*e_hVBs->;H}iC3PA7zHZsOt2(rp8px5lRD
zaj+%>(PsSxdopN?lra0>pskebQ-i7+_UP;p#EXZ4r;}wie`B^}_uR~YXt!NM$-FOR
z*4uvl-G5o+Tk+ew^+h%-Z@uBd4^-!;A<hXpRWymuvz=RQ=_Hn7<>uC`+eD;oc*Z<_
z^T3_6&X~?mCV{06Fg~{i5whKw;HRAA6^f?ULzjzH;cj5)D(((o2b!<6rHB~e;w3(>
z-^y)*>U$TuyrI!vZ7+YwLjj?@$oL12x(qp52g()KKX*G-s}|l%rRDKH$Gl%bhI2w$
zrEe5qLeET=CtMgNg@so&>k9@ijo<Ja1^%0gUn%eV{BSo=$-X;R{g_-(w9Oyts0lU<
zsp#9L)dc6Nc&p3s71@1B(3>L~AD9=7A${Ykww4{$`JrN7Z&tfVrf@5azo;7!KSAsD
zl+*|33fn(CCF#~?zqo{}F3<L!sd$3QAo)^z8_~TCWf9Me(e`hz^uX>oWfKh;^iF}g
zleXGUILrSAaHBy6{cBaSeO;-2uhm0fds}PvdblfDrLNRzDn;rS#6dyzF>i|hn&%Dp
zS7w%sY{-02Z*tOLnr5%QQ=9S`H+9+;0}9B@2%!Si<pVb-y0^Ynj!-?NZ{HPQ_(*Ro
z2Z8A+g7<pXGuaIlrFQwT<*Ovq^hvMRpr%{3(cRji@af(AF5NXuNjg4tqlY&&VNm`s
z5Sjg-a}7i8<jm+l6cE<aSg`F1vSE9bUN*e-Vay(qpGO%)l=Vt0hnb3l-{iJdxX!+V
zK9zCSeH$;f=@uvA_|fC`NL9x9;OgPdjaS4+z;o0Yxhl|Ox`Se^iPTiAwk%to^`kbP
z4_!G9P4YYUZewQ%o}aq9zyGCRlF#w>Z&NDeG?sXl0WHq~n*u&_$HMc|GY2cUbGkb?
zvtg5eM|tJ{z;TD!FFI_x51-U5Vs0@n3_r^x(0X!a>%t2J!J&Zr+wv#E%NnCyTzto;
z!DDU@@rY(vSK-0B1UkARopL58h~90LXsNM)?QAX$_{SoK%I~0b#j7z!8g+@^*z^W1
zYgGPn;)zHyJQ+r@8lS)i{YN#s*H=l8qJ{U+fv8jIxr#)d7kk(Y#<+&!>(KF|gBn@n
zpoYb-yg{i=ub!Rs&&;?VvH`N@GNjx5dk<5_D=W1U4E!WxcuT-Q2S|_l8hlYT_@^rH
zU_Ie2(@>|x)b_B>%es+(l_lHxo)z{A=W&0mJ+@=~Tt$tB=@k`&<y~JQTW5Vhfc6O}
zxgv%eN*DFJ<R-*RbNC<Y4pVZWh9*F2f8R4Ce4?NRE>2oxq<XcyI0`H79c8R9*vC{X
zdqOj%0txpRzUtE3-QD#o2(q|v+U%S?Nj9+FZQI=pL%;sR#ynyzY&0-}_Qf{ghfx0R
zGA)P7hc62FR#UnQiOU>pvHCOdENKPDp)J*mvXhN*UMF54c|mkVP!<)}Rh0L6{;n0F
zi50fBR$lmUXz4ZS;PcM{HpSK<?qi;{y5*gD<Puv}&6kI6aM`xrL6BdsD3GpTIchP3
z9#JRBSjYG{nhgMTQT+4?JuIyuSHeUnsAtts6N7YsP}*YMew7sf&JI|d(B>JVH3BMh
zabZofv!_5+qjV{bP!#;e-DL7IbJ|F1TWp<#ut264C#YIU>mFYIwb;#4=J?&ybJpg#
zH7hq-VR{5RxiHVrCavww$g68b*=|WP9`X{RVJ6@4GC%)|qTO|U^_}c`_xjPq1l7uk
zU-ePCPqT16m}aSX)Odsp&Y}vIY<>;??n)6I+9bu|LM(q0lX!`_-j9WAfU$Nly^H8V
z{LB@$>(Kw$Ef~tEOStLxjTf9Tl|cjTs+#&)P*qRIQEt_mgjx5#lbxrt9vVBF{^M9T
zFsl2~IgPrV*=r%=sRtxydb3G4({6y^3J$EYP<jbfRdDij{XThSm$Ai~?*SPbEkP@5
zi-=H8!O<gR7HG_TYxt(S+7bx>q7$jPd(bzvCj@8K%=22@DX+;dO*GCoJsP@E;`z@$
z$Q?s-mR7$;(MZmP_W+ZK{jTACF0I0sX|z=DZqXg1rqMtIoL(CLNcMn>MUy~;_L|!g
zywr4}zcZtyY!TCpf;5`aUF(F9kNheRT>f4O5ku#?@$&(f&I(JG*&$V9l=vHQ?4!ox
z46@eGy1OSmn3)fToiX=Phb<OoYNo<~bHloTd;TT{gl?qR=(r6cYirB3k{}?Dt%Mvs
z(BjMR#xM-8rz%?Y?~FE#2IdPi-_g(6eGg)tq}7JW5peoD&0Mux6n~iZ43%Z0A>jfP
zCis&f31az?i4_}4&$7!sQz|`eUi{<cKb~kSxc^3zc}ID!Qa@wJXR|qcM>g`ukFy_V
zTc3r!XnxK9Cbw>8KWjEYr49~tZTZ{my5ml0;MCZG^h~1vDW^znFO*Jndr`tcZ@xlv
z{VHvYUd`T|dlES|H|9^b_GrZ{#c!lVGUL?;Pxtes%?U2eB@31Yx`u@A%WYrJ{Iy^i
zCPR24)mt7tB3xhz;uy0%Ayc}#_jBf7U`b@Y=VV;M|9nf3|5of5_SkYEM25zDzG5g_
zhc*jZoSb!IS^`7M+{Y74yAt_Y&knc`&h3o*FH~*mDmP}(C{u^tDXPwH^67;GDWQtV
zR_8F(NR@p8Rx%BxBXWzhn{UBMdJgC*_m|msdjldwOlbTJ>dR;<%ygR-7AA2t-ek6)
zTvzO~aoKsO4fo-$=HOvJ08jf<?#QQz8>~oe7>C{AxMf|FyjTX<Q`SDS{LJ&o1QjsY
zDZc@5qbgto0m^lk5FYCx7i^d8)YbCoYg+dTG2mdx2t-(448piO2TVIHcl2uCRCpm*
ze1uj_XG2B~ohN!jQ-;k3F-kRJ1C@&$5>dC8>Kg6%zdzUR&Av7Z9Ar?ltN-TyAGiZk
zWSJLLgS8GwjLjBMY}r=Md}>_E>Z`Wp>H`kMsi8QXBKvy%I3Z+&u>GI{sC2A##{|Er
zBrs&hbmu&(d0X#j)}MncE{Anx>*k=p=<chJ`UuIQj5;~u9ebUFp#udoPs5a71m>vC
zYoNM{-Yyy(+GR_{MLLWw^(M*M7x{~LJXxM2;M=TuMN?ctvVVx!8Oqi_p72so+AK>#
z%YC>J`dWuL27pZ12Wp6(-f4w5sHn;8t38W($!>|WcqBpl#c-GQ8zQ0ZOaI2VpY5TW
zgcnf$P4o<NT6y*q-GvJax6_9&gM!Z8GnXQan{IG$+$STSE>fTT;LXW*ll?#?_C&>t
z-qvh*?g{=B<X--yZ_kVU%5At6bMGo~071ioo>9Ag(bq4-9Od1tYP?U_%Ql*|(0Rb?
z7L%)AoHgO0vAZ(xN#S{&%({1gae_VZ#M?OGdR-RD@<7biTvy9_oRnk9;$HfYNou~h
zRHm0AS+OIP#|;wtCBbJ_uGq2fM35{m(HM6{tjV*>XVX#7BOkzt=`KJ!W@C7-04OP3
z{1kko)pRXfo{VQa_{>Ac?aeOAnTI}bXU|G+`+7?Ef+VMSz1az<Q2JXG@WUI;vMcph
zq;_GWE6f|S1EY~{^K40}Jm%3=8S$WCzVTVbfoXBavMWNlG82_Vn5~}08FM`J+-kVf
zU*uBVwt_UrS8_*1cRu?X$}|Kq5p{IV2C4q@lO9z-s!7L?3rcBn_oZ>`C$(KaHow*(
zS6~wNZ|wM%^3L5c31cjd1NZP^25hC`^-wG_#s(|UI&|ttdu5FtWUR?i1|TVwN)3hS
zoyzA-_A}xu5WCy6x2=OsxoL*B9cysmxZ)0UQQU1e<*_n2J7@aJ_3qLNn&X}nGw}dc
z0(bwBPXd{BbMmerJIRKhbNtbMc<op7cjc${DvCi*Izyv_y5sf!)gYtelck_o!GnEk
zJ6Il2de(38T)m4q;(X<L>8;*Pwp!Cow#k&`li0n@ip{JeIf2Jr7p{%zHT}^3+^k54
z1!Y5qucKey?JgphlN7@>R6$EQc7u_<1?jIrDUyE1_s=d|uPQsV+}4?7{E*P4H66cl
zGS+@YcMlU1ggTV*lMz4KF1ZR4^?!NC`RMg2QWOBsS!J`#EX@>6V!L&#VL4G6tlpNm
z-RHT)X+=yuvRi5HyFr90rvSx_@gw;IkHjEUpfo~;@94)2{QDSjVCAAjEC{Y|yY0Ip
znJQcXF|Kxj*+WkwMdG?-+5Sx)U};vO7szG3WW5x;G?1TRHxWaqb(36N4(T4|@2(bm
z?KDz(SLl2=cl0b?s{qecQ4TtIeannrwBjXZ!{=8)>Y~1=#S(Bp<W$Hk*}X8gBd3Pq
zr0J<#e{$WgDedmJfP3EMU$a5XS;qKdJH+}N>jm&GN^)fG;Wm@}kzCq&r6RI0+Lt<j
zz^PpY8+8{Re38ueV8H7R75yM{D@WXW;cEZx^Tj12ArF9bY;wNrB>w_=hwxup`UBb}
zO^F<}t9)Ycdvp{cFmsJ$3dQ4%jNA*L6=$mfz9-&~?d)Gi4s<#C_ux3qx4j$sTzu~)
z9X3MJ>ozU;pUyl0z~MXdXY>PLU|!Q<H>UBN>hYq{5$tvBw{G214!b2GVSKO)FZP$Q
zjbM5u6_Mr^+0h?=Om|J?^;IN!?%Ke>New!mJn~KDuFV79B$yg11N|r<EUf$DtdEK7
zY-_?+#v{qezE4W?-8mViIRE~hg(`J2(6W)lWdJ7hkc|3_0-fHY9oL`6zw4;wx(uF$
zoq)E<kYsK9)~Nc6{V>@5)`u0|>yILm%?u4=x0c#XoFK-!Gi@n6pwWVm@~qz=_$olo
z(51416%bwsP@reX+pqs%ISBtNjulK%FjV2%{Nn={xZ8%O&(3jzKAcJeI=h%1X0J;q
z(3(=oT{p^obwoXsSvDqjk<C5g7ZH^9Re($c`GM6lV$y!`4~Eg@HxZOK)kzIalBnk1
z8PZV**q^4~o$3s`5J*k6Wz$)iq?-dZ>&Z1@PrZ)}mus71E+UgzQ@bvg!RL(utgcz_
z8S)P-lqew5#sYR*_84fdR}Q4W)4?1mkIePxX(Y)+N6g;rFNUEk>J*iLbPs606%Lv&
ziYxTGN&gy6Q&=AvHH+W`6rYb%BAGBhVsni_|JxMO9)~`D{8-R=>^v9fC+<(^R*RDj
z%=aU(m5Dn1d?rO&I<y+aAv-cOA)rf{@&uif7a2c;wB2VS0}~N9z*D)5w~kIqo>x-)
zUG>el%QmK0<;iT@llz=W@-o-3pF0XfI45`MAyCtg1!j@bRbKUyGg;SfBYhc&ty+yq
zk_Bpsx9`O8nJi@4M-1jsfoC?lCj#5}uW~xDaAThTi5X}`{cDi9azU5P%N%uzZ=-nQ
zikmVYtTxAs<V;FO+z)|9oj%7RusjG3YI4`P;VQ3hi?jLT$$s3b85#wR{ci9ylU{z;
z^$7*9;fNt?^<&4O%IT9Q$tx=l3<-u;_z%t{HnI)@5YM!zCAUJ1AQBiGV)zoQ8p1z2
zvDTNnTx1g#ewrwbR4KA<c8W3Hn?|L;W?JUSO%^e;eT;sD1wOQjLW9>RUj*p**GJ3l
zH%Q)65$X-Ez_bTNg7^3{nLKT>OdgpA1oaJ{7RV}yGi~N_BLRMyCr_SK0&Nh;)9%FD
z4BA4)Z-a)XN_8*7666fEw8Bj*-5-EGjd)@L6xy8Hx<f!K)R@O7f|Wpvimj!7Ga6Qz
zsZRwM%3Lr{%_agwaw3fC4EW@};MAj*Cithy7yo4m$+UQ__NBFjfzpI1J`*UIer_Nz
zzV`EEZV+hU35k{Q*_e4p5A{~&*3Y!szIpQ|YyhQWwOm=sQqZ1jbSBHJD%7E`5DLWW
zS3afuKfVsr8ufVs-Mbd{tE-{qCY3vL>|n8m=bKeERJg&VWhi=sP~8GIZpcIJhVD_*
z@mj_AWCisGvxde1r8Ir|dOy(mSGUj}l(NI3KCGU7S0lE+d^;xb9MA{?RTwwn{9J*W
zB0_J0;3udUG>H&O6AsiUH72xZCy=YWyLk-QBt|->SKdkO0{wx--aT$kO(spUkmh*)
zT8DO~vw%<(dKB+=HDcdrb*Ri}dud?BT?(Kd@G(3Ri_{n~<;mM=OsIK(FDmOA*+*zG
zDsHY2%3v4VD9k0o;u0kjehL=a?r*Yt`1eSyd(wCljq)B;;nFl&CkV@MWbxNU9B$6$
zUseif(I9dJtP9BA5?*p)fyVlUkb)8i_MP5bc5nsg0HR;)GklqA46R9h_N;Dn#X=Kk
zW55?D2#ax<tZ&lfiK(iF*1gbdC~iAwW9r@4-YDV-0(QvGh`HiG^+^3$_;0b%sIz?d
zWK#R=CL3^2ersyjew<wD%d64F6~xSoImn6i|D27#2Limz67KUn<P6|l+dV73jO)Wo
za7XDA8Fzg8$l;*Ml2<wLvmcuIMiYTRl+VU)y7umf@rC&7yd$&X1y3^ml^adNE|_EA
zWQ?D-Pfpu{dn|Q5kGS*Pt{N##oVz*VNl=zu+__BwNpW`l`^e+|8va+kPNzey{ob=r
zMUQq}F&AfQuC8T+f;(YHLOijBLNIV!*GSl_a<FaHQ5M5VdfyI2L|M<W>p|N8BO)61
z-$X>SjfY#_!2i35=s*7v5d~rw?df8ox%+0onjY`kHXm8<Zd=IExvUiHy1fn1J`=8A
z`}2r>=}ku10g!AEZ~SpROeAMIHLO09{c7rjbX^Jdo~25T#DD39w*1x${d;wD@ic-|
zA>B_I0`xV1KD?FX`^x0{7#*Pf)RJy<+@WN4AK2=xJV_dAqLi!_kXxz1r0@P!AEwX*
zQVG+&)1VCVy>H`pN=7NJZhL7q20fVEKJhm+)qhYBxY^xi2VmKXytnDgplS)Wy0R?j
zH*k+~wkVpBX%Mg$<T&x)--k{ddE1xA{es`t*0i%tqlo|7(zGA#d!4k)9DIz*9J0Xe
z^LY|xin3{m6br+yeNol^B+u@qVP%!3Msj_fYli8W6an4pKE$}@-eeTbMg4tK8#fd$
zLecT%LdeKz40d_;Z-M8O{&ZKB$N$mZ-vXmBz1-oK73y&j@t+VeIP$e$RClWb`632{
zaCCN0xMvbc$=TVr9|I5G3aEx*We&f+=sGY;y1hwBMNJd)A5E)g86UCct?e$_)S`g&
z;%$%pzd(e@1xS0lXBq|(w9!F9$L2dTP)mcDw&k0c<519?Dg4DbRus6PG8Z6sT<1F!
zfMJ01-x<CEiY-0;@|}2ry>OQ4_PwnQducyUR9!Hw&(h*Dh5hlg`?dD#UkcFL-6Zr^
zv%f#`P|deh{LAE-iU%xZTE6sc{H6k8R^cjO0u#1Dl&9fSs$$D_ws~NbNX<Um$TpAu
z$24K@J#n{{4c5yI+j$A-@lFWnsQ!)JEylrhe&W=wiJm+0fu2OA^ElR$X~Zc_-zM!*
z^g{N9&i#m+a3|2m=N_OQ_&9YH(o;}@5Fn@Qay5AoE>(!YkPnEcTMXAhTuW;<`CU?z
zb2~Q9b$Ww6!);j-L(lUe`N26Z-SSMU=42hR<2HD(Yr+>MepmbIT2qX4u&=ep^!7)u
z*x7>FZJ@)j(b<830R&*%BG$3D&3$}Ny!f7#i%6j0v*(RZ#5<=jDKYUlvd|rVX~(dN
zNMBFLog_+sR6C`^u7M~pEK&k|@qNVWeN*Xz2zw{5#>j&Arn+uxYoC!DJ1<I$fLN9r
z1W^<H_LhANylcM~Xb;>!N0RmPVu8C6>Rt9Mn`1sjDrLQ7Fk!z`q>7fV(JET4x=zBa
zl5mKAlog-q4SA(kOCPN`FBI*!ick8HMkIGyhvNK#1$GF8xsg>@+^iq2&CTgxEg-S8
zdou3>vu|@`b`4^v{CXZ^z=iz8YBS=_RinUpYM^>bQmYAL3G<b7e^`)fEHS!N6_ECq
z3Rg;xZT11{RrA)QU7Z;<)>Y$sA#Ir<oMv})>y;yW%<!v9qk}aj_KKs6mR^h$5HIe;
zqYL)VuVDZlP1W^ER{jan^ke%%IOx#z^<>%hGD*RAX9bqzNn{ZVc*3R{Z;CH*d!U`J
z!soRz^iDlNv<d6uHdRn_;L5$Y@*Z?piQqAKN%aIDFVboD?p8|i>7beuP@bCDn?B~Z
z*y2(eF6XNQmDKsk;HG@mvRM1*obE`mkvyjSM2|=FPZ$IPd)U^?5|LRA3U28Q&EHg1
z(_4)47MMm+hm~xd-)Y}DCWzf`^(mfQ{qd5fvnz8{`_vn#JLzYF*kLs6jSLF>FNyrY
zQJ2rNk!gmF8yxqhZ#g4ozaoNRUtR{dZmm)Ds%ls64Q^OO4{X@He(&77y}GX)(z(gK
zq}^efLxfUg2yV|pOm6GUv?k8EOQ$T5G#7;<&xSpJ?zcq0I#iMOM9<!8sZeIS^HG7@
z?nE2fJC0hzu~SvRnBqg`_G7{|lF(4835tg_L)x%iPM?XX5c<yOhkRHgRynh4&daN(
zH@sr%G+fEGsE@oZ#1SIgwmox~GPiP@(eex0PxpLY3N^a|{EbH7{A{245Fzg1P_AE0
zR``xS^CMF3dWKVi!T3J+#)Iz4nSnC=Xv0eiv!o^k4DtapS(Bwt9C)rrU578(fxpVB
z1;YQQA=SGj_fqq(#l>6L)Yjg)5Oo86mQ_Z#3^AInDd`x^6Ud9euBVH8jnx(iy3MGG
z`)<9|VbG+6RO@PiuFCwVf<5*;ljlvK@9t!lO;oGNiP}*Lh%_lm#H6RcGf?HpGb-I<
zTyLm-*#wtK`<R;@`9A8!<_o2mw0m)4-Ms3J)1T^7{+ZP{+^vf1S7LS05|YW&`%I5$
z23kA5{gqK!9Suo?nCYR4&W%;VVg$b>hjIj4mQQFh-hLwU-~mull@#vCJG>%tQM*qL
zn<F2{dH7QuU+G~cm}69Wfm7qrK-S#{cS-K<&nA{uGe_?X&i6-dEh&a&`jvR>{anXa
z%dQTj$E=WAmP}Zux&5!P8X#`1gW8{rmTI_WoQ!G`M-tW9;k}&~Y}!Jv=J~iO3gi`3
zl#)0cnH>*FO)&9-B@f0<bX(>C-L{&v&|t&kVYPi?-GPRfld0GakWxjTneB$?s{ODV
zUVy0Yl2^xhl8`@@w?h3;w?glSKt|tJveGMg2gHC$V+N7(;O;4<8p@FUp_T}A{ZDPW
zGLzeWDrq}?XUfZ(2M;<t`lO`^MxV5&r~8?%ThDwx7&eZJYg%gSB{BP*i=2J38Q1yL
z4}&rr6q9`YvjdkIdhs}v#`90~yC1##wey2eqt<I3NaJi>+pGtvF^PIYx}~;*_ni(%
zi1PdZZWB@EOnH%D8fI!QeCMlspeyx0aXWI0n@I??b2P&6JH$z7PN%w#Ts?LG(k7xy
z`?kSqERu#`c7ts@&YXIqly^FhO$iT8$57oQ#Z41i9usdFt?*^_U+ZGxPn0%_X-RN0
zb0vo6CQ7@1M08y*$eMi7Ks$;MCa`H9WC~L+^ZF!1Y(fdH;bt=S54Wp#*Wfl&%e1oZ
zUbFU!hW(OTwOr(I%SEN-=;q-raY0*|4l}K#7`t+k`n`~f%oFia*6%Inn=in48aPX@
zCWJ@P9Jo7n*4kc%@LWnmk@h^7sp(u9A1-vW`ku}?%o1f+j&E_{2eY31^m`8am|LvY
z@OJ`_-tY-#!X>`lcwJ&iGS%=f4yk%NbF3d?SD{v2f$JPe@oG{NN$94cJMBLFae%UC
ze;fYu!deGGp&L6pMr9ZGV=0|W*8eas?sJQ=OtDsbgmy+dJi_o4t%p|j-8aUeqaod%
znxmB|<~eI0CN}_tr}xmM+Cl%9*y<%L=Hl={2WC*3@Tp3sIBY#+(V+3?IMU-meGEVH
z^t{-k7t|aaF*=-@N{jdPn0vQEA<J(TZvWC+r8qK35hTY;)>=J@-I%Ibv`?91@b=xB
z;{!cHqd{}G#tyWqe_qGX;r8IF%D2~tk)WA6@X?p?9iahPhI)_A9Sfwyf@T3XljIjO
ziAktr|J78xjR5r3^xd4AM2HY)m@8Jr>N8)?L#yef4;PsqULC0^zBvTz{!o)QrgRUs
zG@Xa!5&j5A5f>*;Etb@;T9Kt!I{}{aY^2SOOWMAZEWO$kSrg=6Z2jE96w_2`g=1}t
z(DOZ)Y-LTBUM)jFn-eiLlfcVLvuqx4B`l0;?DW|8XuOW`#wT`Ch)JJ`A6Y^c+LOEl
z%e^SwMh+}!r{^|DPGg(0oMWL+v=E~RZJ`I}sAVrk2beQY0U3j2Q1zw!A~UXW%Q}#g
zd29ZPu>s!76L0Fazg9+jpjRATYO9TRsoH12oy2~$%ZIDw80WmQt;b1MrFmss4iyEo
z;rpJAZ^f|IEtej&QjKg@zfx26?&GgjV)hBRI}i%L?JZ?-*ENIwGT76>(ICh^I>lmV
zs|zlnCGI`Mw8{8GD5f-b70a|39Btnqd3a_qRfLB=2c{D|pN*ffCt;a6dp2(n^Ne9j
zqdGH4$AE-jn!Ovt1H!IA(Nd_w@-Se@@Q{_ZtEOQ!SfK6byMZN5?mZ9>7>%(hkq|J*
ze`q_3OEoq49MxuwiFkwJH%5IVBpKs9y8~<Giqjshj!45san<eF^_}WH$JV@R?FVNN
zR$qhi$5}{So&D(g_f#|3WT3YdbQm-DhPNE1ciBkXZ*FRCe7~bYPkK>51L5awl}8<;
zR(eV`k-Cz}@WbDzPAGFFQ0=Z#rmU@`W#Y{0OhcWSZBr>8pu_WRd%2q}{KzhL-^HMP
zt7B%Ir|I3MHnS}80h?vgQ{Uvj=^mRa+gcn@!B>_vSALuK`<ZrXp<=#890;t1n0UMc
zr*~6cf*5<r9a#5_n}&xm<q5?$?PeuweIc@@s-r1J`+L|NoQ`&9*^zZG$GR?CFAF;v
zP?Z3oD9DT#vmI8T#%XJBT}br3TsAC;kr=QV^^x$?aLatEl|QcJC+<b^<*GAKt>zcM
zyOGdexCC>5xn4+po$sfAk>z(`<S^=>V`otM=0fognrimI#|B$`f+YyWdR`A=xqVIh
zhFa*u3XjE@c;$j*CRty@6w!o&<xS5-!?xl;zfBYNF&Moix%mEwX}p#W3OF_2YwV5h
z1ff<k)729iRUvc{tD=q(pC<2<y1WRBB2l2c2Q<(#f&E-Nv@ToE(jLVBn!sk3TSd~X
zOB!Z{_b;$1%?bNO;?5g6H)nGexdLUSnRDjNu^*~)O_Feg7Wvc+2%YriKxiJL-db8@
zr-vq`zRlEttig0GE=7vYEwL?1JjcqLw^%&%mT&}*R{&M(CSWzuDoOfJw9_L><^?5U
zRIuLTxx#sLGGo(?5~F9Hr|D%BhIjQg(>HCsx~axkNnpLH32$RZ@h77=L}Z;yIz2Kh
z3oJHFon_nx27?SxxSP}cv#vSQ%81*iUYRcTJWjrJhYP5vhS*~f{DUON{*Ok2UiS^p
z{~$n-OOC8_M)>b%cMA@al0P}8w<L)Rm=b(nHEFKm<wd=|dmEL_x#@flK<MJDwwTeT
z@<2y5LO6HZsT@w+yhnT+H#PkT%?@{lUQ8^q4(n|D(HtGhGF12X!X~=L9qAeQl9;Qs
zUZh>))2HUL9XH%^*5hv1Sr4j<jUV>yF6WjV;-8=wcS?~Xp%?dgt9?i&=Xm(!Ynvm+
zjxH3FyT$=>A+(@R4{y7T2cXO6(dIQ2*7NzmifjPg&2m*A5CcHxOSCG=$yzi`)X}&Z
z#7$G(Ys8-CQH-qu>4pAx?g{BF=BdY-cR0rg(bS^&a(V~XSpm=Q+R6tu;e*bvsy2v;
zbXUoYbBV3-u#Q0eE=OKfc7K9OtR)amVGhVz3xGB5-4i7%rQSy||58fzNrBwTliU$2
z1pw#WE?1v<K`D;F#M|7C2`~6i^BcF^`f}C1xU_!i6|Xwh+OL)ON66ge@anFR&VUoM
z*K3Mq;&lug?*44bX3IuC9G=AsVS#1TJ2WU@S=!r+VE)K+*b}U+h0oqLOy^Cn1Vt&z
zl%;7IBmVOcWDO8XO&odgHic)t1Ad8gJ72pRhdt0>cS9cJzAAG6tX7Ob{u}@%P-H_u
zj($}x;y5(s<meF*7jg(+fD43Z0dWp$k|lE=eLHL%MAY!qhq6S=ApIJFnR^i(pcca$
zS7JYSC%Gv`J%-=x#^!9>n~wdF%VnqKOwW1ene0DTW03rMv;M1i4x7saThUGib4P}1
zX1(k7nS-+-SZ(avu3T2`SCMQUQWNBU9xE+e74GASiF=df)JAlXxth|8m)@>(7*2AH
zi9GB&>$9}ZIn|OS+a>s#RWf<8veOuU5N&`zo-PIsHE?|C3WdYo0p|yZqAIXBV3DM<
zEt}D=QgsPlf~UF_bxF0AZ3*zN_iF8fT-zyls<$3B6QlEHhA;@`t%V<MvDAOdpkw59
zo8j4_bJIe|dC0IgLMjiH+xb(-r*w;P#yK}$Z&gyH3flJh;#8wU|1_&er*X4y^u4xn
z>rsD4bKQC>3P_a<=?}*ClL83CpLDI|NzRnL9zf&Gt{ia>IF>i(yWfi79N>C=8Ay_+
z>ps!LJbT@{K;+njU9J5r&^AlcRK%>NEXOf*AjiDj96O16f==G%m}yf@qL6S$5fb5Z
zfHr8k>26YEjJq||@j{w11jU)sI*ti4$QY?(SIoz{E)U3RV^j>sz7v=UF0_Q9j4n6A
zjALz%Tgu-N(r}gv;tpMwIf2iu0K@u#>Wo4uZLa7getngzrArPp27%({)*37@Ggp6u
ze0|LkZ!z9y)3&d^XSR-YXYKq2OIF+uEl^HsDv(T`Ues9eho~%+%&Utq_U64VtOUMe
zbP?hiU$D62o|aLu>#Ls~=0uAJ^TohiS0b_0F{ys!H@mG`xy8T^9FK6;z&_rmzNNIi
z0p^4B-7fMV0!Z(CG<7L=?J~LNklZ=%=O-zf%?S0Y6p&#|7|dTSTd#m$-0gG%J5_4O
zC}_DFVIDZl)0wUjt&^dtFx_)2y7aW1!x?YBWJ$ft__&2_GnE)WRXfqY5*(Y&$X9jK
zv}#A?IOn+a=?=O<_$60^u)*M*NU)C2GD)lAy`zor>F)aR-T8Cd?^4tG-@T8@+Pl1F
zcWFSGnx4-wSp+e2a##BlxL4t>QxT!nFLGQG8ca7t$GS7o*;R&y!>Per;e4a{9(e;y
zvw@!qnf5%wbZYuYc%7i8Y+mxIu;ad+2s}JPw>hr8-t<Me#-xHEuE~NRgSyMidRMaF
zX1TQ|aus>62<Iq=B8JO~3To^_1BXeG4u-{FT=1P5Ho+qiHFAb>Kd2pjxb4kd-JDmq
zff%SYo#&eX;9=iGx4HY+f9Kz?8X^w+a%~d*h$U|s26RLbhL+pQthh2r_T(?g-#<wy
z_K_ujkAw6MQ)08b!rPPBN2;8PT{QN`zP<=DcsBt<2W--$SB&PHUB7sL+iP&Ep$WLT
zl}`xfe9?`TrzN}TB6d#Mc2p*?1qwemH4rlLupiV4kPT>ga36v&%(S5rcXh7GH6uKq
z#Ez`PZNA1QEp~j{>`0rT)M#s`OzCo9E2yTsyjS_}m0E@fRQy-ORK|P^X4{^R`uc{|
zoZMLHsc%_yWDTpA?>0P%q{;$&=m;#}t+(2Fk_540L7;&uUx~5jHQ+yl=~?2MYs?;S
z8`xjNbP0x5c?Ce~NM0hd)jpg#AAvXPk#dkM3@??6xcw<k-Ck~|$MxYTOZ~JfolJO`
zy|7@h+I-{zwfCu6AE?Ztpd2tLZqc_Uy}MIAn8nUZE18_*m1~6CI@mM12%CQr=iBR$
z{M~Y05TUYsKTkbQR)Z<}vGf4w;s#$CCXDvxpv_SW9to-+6}$X$)}gZ_EsnS?RK7Gf
zGQHVguRI33Z=qLh9|Kd1*?UmTWP7GmDzysVyRG1ncz(^b_spNfzr26^j*AFLJnenD
zVv0ycoD1p$NwoYgEOnfGTH^_99DART&0=;v*_%bc)fD%fdOzuLg9mhyFcjNg+s70+
zHlMzj-<WX7&ZT!?<|C{SUV*j13&!2Hd#|V40dHZe4%UcaQ;ui?c}`fz9EC<P*RGJT
zc8&!P*MqVrKHC8z_MNmQVokK!Nk$<3{D|E=lAikV1B=v?GnF;unygmj{cQ9lw*=p|
zBysjd98r6FuY8#IRMrW1U~$IT_XJ}oAZ9o-%$*B~I|^=#KBZsh2D(*Yt8J3(j+JLG
zM9iM@QRq%#vlVnh?oRXz!il$w5vyXFA4GJtkoUl;N7};d4;LIDjmmgdn^F8KWpFo@
zm(-a?BbB-2=jWH%Sr>-;2|b;cOM%{4N2PeaPUhoFq3$$#EK!Yx4W@UK>&1y>O7)X}
z5fYT6Ig+^ipwH{K48@95vwT_FHqz#t4PP#VJ$v=V+LGj%M6DV66C%X`JX+efDk<|D
z;4%-#-Aq?~L}0{}z5J3``S!Q_3L{Ye$?g3~nS8_8)vC6Q(P;uOHuBKPVIh{(efifO
zL<PWm<5IUOAoQ(KK0=%eX7!gJkk7ca$JN|&7njQ0JZ3RBDanGNAfjB)PRdmxPQ7L?
zhHaM=o{x~(hTGhu%({wMxWT1^Zr2MQbjmi$Kd2yLDpuNpP*9q}2R87=@bz`)wk}Sm
zQ5;%czUKB5=mRS6`SY5<J5e`mah%@K0F`#fL?*jJ7JFM5{A#{gfsC}g0=|k<WlO1i
zW`5_usm@@-E=#OMB=9u0BTb$212ZvuZKQZS**@t<TZ)WDY_7>Z+C$|AW7sbA7F&1M
zlBq=OmHzan=DzwOq|0C+J;0Hc3m<su1Y)x>Q04@2{738PVjR*oMK&-;-|t^H@rm32
z4>$22RbeR3;d_egap?2cQCb%0{B#`pjCCfE^{ikXjGWCERsA*}7x`jmbwZcp6Ug{m
zyaA!%oy`bgBSWP}zi;+}=86{@TP+ITnsMyPtN5#Ep33x?tijS{Nd}=3lukAAn%;tN
z$ERLr(7x_X{GFxTt>p^~CC|n)v)-`Zg4wmJPLw(t-yGV{=e%0BbPGbyW2v#T^y3}~
z>h@=Wl;(3K{AoVC16k73zG|<R-6;PH?D?B0;bPS!onnj9OwzlG-;$ohVk@KyA4R`m
zvYwDnKU}w?*og1&QK*%#)SGy-CB6!`*-%~5`zVhDgSOrmtVm<cjm-WI(>i+)md><>
z4PJ5TS0hOx1rYJPvC`nPx1WLoavxf4UT(;>Tj;9ZxMpbm3Ir4?9PrtMo#<xmYUmla
zR+hCQOk3yA&=%9+Xzl=0#SNU67XBKlL#mE=dwtNt2<IJ29gB2K5*&ROqG+ZRTo0~h
zkx4cME$(_rBf9xd#ZY{QwfS~?WqM6&r#VrkO4$mWhl_c@L5@bK78jg|VZOT<zyDI^
z<KS;&INuS-o^gK>_=8}O8feS;=rlwqe-Eg7?HubC;+tO!NuHl?ny!)3Uo~zO851$U
zlXW%QvigfU;0<i`VJs1>UjD0}WEQ`;efIeRbT#b-*7NFQcg?wP{Hv?!Lb9&NwqAWb
zuRe&~QlSF6nnD=|;YiuljYT(eF6jMJFFWGj_hrdyG~moVC9RiV&wIVeJ#c873g^|7
zaU2;G@uu&u#+mja_a2Qu;+XQ-AJ7vr8F)1sde0DznOt87O*AgVWoe^hIx{rL9Wkds
z>2g@16X{#uka=a&r)p$nNXr<SuJ0%(8bs0eKx0!L)Ca3q-%F_WMABKjr9o{EE%t#h
z_`Box0mxSCE&@3kq#7dgb1h@A)5Z>opLr^40Kw88Jt+gUGlKy*5_n6S^604u0<QuT
zyco`$#O9{_@?(M!08jJZoOC)e9B_;R4qgCwj`vSeKxSD_D*{Vh&K=YSDj0;4{$Ln}
zsLlh~O4xS=Q)+KmQ=-D_XkNsK{Z4CMQQ&IZ%6FMr@Eeb>08ufzo4LA2568(|@YOLk
z!cS%SPhpR5_qM#b86=krR1N8PDj(lJf}#QrnhO|tdLi$)&uX<it$XP{Ao=fI3&w)Q
znR3nh$icW4`tR4g5T+=&z1=(m<Qm5wgFo_pxFvPv$k58mNbn$lwmwz|&4>?hK3w40
z$H>n<CJ}bD{Ln<9+<Qu_{FA5C`NWG55Yn!4DNm8c#fuyR(p+p4$H6i<&km;Q!NkXZ
zj$RUSY-D3aK}(B`eR5`c?4k9VptNc&j}wja2sOpYl^OuWkr1sHkEBo^m-CXB`Pa_C
z*v~w7Oj%~JjNswUqkv)^7PDh{b|l(%@)`NF3_q@Kz=VFpedf6qu!>~^imR01Q+6og
z6px-#3O4WthAY{!Eo0F!4A|pyUTrxyg5=IppI>`@$29x?kr}PyT3}63K!ldS<BtXI
zV+D`@_4OqffGZYg?W32(!&ApWTVtj~)romokf0tt_w~WUb6}S~?jvD=tohex;Fn^x
z&>Bbok~0}uef|D@&^>^>?iS5^ABR$iANbgwJpYmcjD|pvO7xL#vfQyVCw*&q*kakQ
z;@3FG=xPt?$AHRaEm@{;uSpqp^bgdMe*joOXt5X@wS;S9foG4A=imVBv1wX`g(ISe
z<iRdH2}b1GS@NN=fB7eQ{PzHJ*bI5A`{c;waLrj0Oopm({D;~LA$zhE;OExDz?MI}
zt$pSXR(0&Zi|HK$_GchDVKGM5APksJ6FhqK$H193EogZSs+7Fvb;3p1@I(*;_TwlC
z)N-PJu1_|De$dlfDS`KDZmgWW@;IY-HY!ayvN5hRu*rzPYBB^kc{&U+5_7aB6-x=o
zmMQ;zY3qH$hFo&nS!e(_*wqKzH}+H&)D&4HUFB$4`*!3c2mvxBLkX*@-2>|Qo1AZ#
zIDzXozrFt1CmE#%FvyfZCKO0Ox|)0^SbbNEV`p1E6EVNe8*u|>SFzE{E}r*A&O|IP
zk_UC@%EvMr_9p5UC&+$^tX2fBI_>WN6et+&ml0K15$3$k_#Z8RrU5<GYMdAc^){n`
zI@#Q28aRC8Za>%n344gWEo3}74gC2c$Ia8TZ=6CmrUI1(rMAl}fIsZzN`@%Rb9H@u
zrrv#ZT3PeA`;4-eGJpG+=kWo(&)INo_9G|ne9p<^`(*VL5IiGn<e<?OZ#1lferM9J
z<eaXmVT?3<9zvu^;RbfT?wurQ?##}<$(zO{i(HUPyxf2niMWoG@a4^bq^YLd8OhN#
zqsE!aM`Ri$n__ATOk<dVXY}>K2~)_o`N{T9TsS$_E9ul<e*Zr0$~=LjpEV)}4V=BH
zbI_V3slEJE8#>B(@l<p6!?BE=CyzThX;1|y$m?y(E0C4>+;!KDuL8E6C6y%kvSM{(
zujnTQQUAb+UiN&lhvmadVJW4i5ge*cJPf-|&#4jjp$%c|$M+$wvfA2oM-K$gDe^#o
zP6x>cbr(XY{8`@PPGhO*dDy!bMGcl;a;nm|f@Ul;<&Kdcw>`2{ANjBIuJ>SNq&i35
zgxRWh8?RA{^4T{dM~uXK(>&<uSh%vRFBn5^o^}_SUFywajN}Z|mDpn9(3B#)^=Rrk
zTn$<LcmlQ!is@Ei58KMNbzFQ$sh8$ZT|%*?nFh*ErZqF&lC)Q(by%9CzD0$c0|BCN
z=v@w#o{VI@X5r+hA4EN@FKw^<TY7_choO1v6F@b6s09|Gw$Gnh^!M89*Oy^O-X#<#
zZ(RIqE66~}xzM;^nV+H{*Ot}4Hpi+0lV<%?OURnOHJMj+M%_y?pqg)X+gdi6N!U8Z
zxPz}a5d<BK#j+Q4Hz`4ytLiX^!#AtRM~Fk|-31t03Cz{-i-M^t1TN-KFYl(Nbkg0+
zZAqZ#x0=V$;8wBIMo05E{5rYa`|tufd(W=eG!gowV2N>6x&1<c@`j>Lte`oc`7I%i
zQ0F05lvi$TC?WLkkiT=@9`vXZx)D7iF5G1&vD`>wgAsoSZ=Z;ZZeV|*_4Cw_k(Ga-
zQmRIi-+F@#@`rYZThlU@FLJ1{)i6unIs?~qv1_QrS0#m760iL@yb)$=zVJ(b^nW~H
zSxU$WHsCpZ|Hyu|`ka%G2|q`mX~8AP&2#a=e5K_FIcPzjmWLVj^V1{lT0Bs!x9jF8
zqpK1AcC@J3Y4O07w<oh;r!PuJ^tH5<BAZW(q#791SN{&ZO%<rprv-vA4CsYiFJhk|
zH~y%j5XPw-HTO4Qz{1^a9t>7q%BaZ$0}xRkmhFXL*sa1WOK8b&&=opG_FY(O0+pok
z-|UO#>&-n6uYsCb*OK-@=I?LdT=v+XSJyVSo^fsBVxGOa(D>m*jS@yQB=NNwmZ6lL
zIms#X`<?fP3M}UYo&Mke<$f%8=w)HO_WE;B@51z(G`VpDc9Prmk8n^%y3D$(j<-Rh
z_@qGp&dFfVSDRNWGnPtpx@jLP4hltO#QkQX`bR;yt{*pTvR*dS+3(iGxax1UvOlv3
zb9Fw1`jDP-Z&;PV*@2r>vE8QEzuBo_RA60S=}SN;N`5Tr#5&UYJSa6nR7;3Png>$J
zT56J`b9;kycr~+pkHxrZeZHgu>n-Ad3m05TrdTRfh8*<~#0DDFi}WUe+}(6zMsafp
zqga|pou(;7HM`3;%7DR#dr;{6K~J8EHCHX7H$Q6MFObGyq<d*$)F4gkUBpK2LRDI0
zL}Ssn;^`)HRNB3M>Y0(dl-u#!!8uAvN*|6pkfE+Gj_cDyak3y^ygvR~p%htpoTt!I
zFCF!rX(%UYFEb{4s|40ajB;oFr}gAQu3$a|gjBWKSEgL%U)96C@RO#I^knYghmkEc
zlV9hUm_z@AiF(b4^8S-Ac0^`PWfz1GcpZGyyGOVzDJ4THR!)2;$9Uq=9E{!Gql@gE
z1fk<F>^*p{4XZu&{94CVha>HcW5;QW$(Q!lS?Ky!O1RYSs!R(r!*Cgy1yU8x-+L4~
zh5Qh16>!6(JbfNbnGwdyT@}#xC|~baEFI%o?%MMTL=77Dj3U1dx<YD<jjxu?Svi>t
z!(U@fb4x%wpYH6|b)?a$nDh|V8-t<<=fq9VjM1028{RRT)34*>ax6-{q(;(Fl)2i~
zkEsjLo>3Khy$ZYj3s*|FCJaK|d=)7}$aIzU{y^&Sd;688o|P-hcVwmyY?G|*b{p#J
zhC#KCBi%#eo0h=@mr83f6WmWXE@=7_srVZW53GBl9u)1&CV?RI?NVMddC;3|a>Hm+
zleu?Ul5V8n2CH74y@uo9UP$Lz7}3goAY--oxMarRUfr{vtqSsu^#f;t%nLKaTqPJQ
zWo=mOyAj()yOBm;@MEyR9oQLo(@@++vz&KD2plA($H}g>ElB`y_r#$kuO$(+<TI`C
zZG!-T-mRSd8GyM&U}SUcG?>Y%silq%HMudN4jD1w{`f>jk@7148keL_!b_Ut7T9}U
zxi(_t8GLPX$>k5K+Qux%`XpRW4w_x1&Mt2oFdBUncwxO(>AD+XS(aOzaTs-y>SC<3
z`j=;~)JFFY2LHD0#isW|2m>bCA6pXa(le(v`X)7F-6Y;_wpI6+ie?&R^yCxev3zja
zr8zW>PP)oXFQ?HMw^@zmn%)A{%C~VK3Ys<}?kigGDwU|nH5Dzjn=1II=|*wMNc-Iy
zmDwJGy4iLZ3L4Pea$_6h#V__1nRk+Wx3lU%GL??|QW~7Ixa^LlEb1%+tJtzx_LuwM
zK>oz<Lomx!q5{l79-Btu*C;ZiRmwYMYni~0ye~8ug?kTIU=%M*NY$w74`J-Z?~5T0
zcu@R_^mIYOkJCMJYNGh}?>82U%d3${UiR#Mo~zDX7R!BiHGgweCaA95hwb($`L)zb
zWV|V@c`cT@Fw1CM_Ym1ro(-6b&+BJNtv{$XTRLI~EZSC<waaa6YffX68{er8crt^J
z<`9}JRV01iAgx=bQ~CB(@*@=!81VV#H5@0pA`*Zk&nGcWsDTiE{@D8w92BROuE{j+
zE?xArTng&Xz%ziq3OR|r!Kh$*^i^~I<udRYVm~*(eGmw|0iNzViH&y364H|qBhXuh
z_v}P$*zaV0u`Z7PrzmBP{Y0KR<gr2VolJ4l+kQp7abm-jQ(Mdc*DzEb&AbcMsXzCQ
z6*p?L&`yze|3eac+vX|!Cn!x(Gu+}jquY%LT4pKRq3j$kG`#MrbQ-)|a=@M8TE%9K
z)e|jWQGRB99^H~Chv5>9h^*N~`}K)$7klF>WwN>rp#XA9#R+9-WUux6_UFc&llma<
z^3D;Y@C;PNX8xi01OTV(wE?+$J_S`AN3={H{5S%G7}b89+BQXBs*4^m#cw&732}y;
z-D$zd?%e}Hw85cbmwj%A)goRCkXB0@eaWz)H1XASVT#Ij_?E*qx7$<VODEFSzWzhS
zu$;+ynw)9KAw0WVD73=lbWzLVs!C}kUOjGAEHApsYbAS!cM=qu<PXUd4{4NsoeY;@
z#tS8stlT(d&Skqjj9)=Rq}Hc8JN)LXbnZh)eX_5M%f3yoPc$30zwhzBJ_dV1&-y1v
z=qKQ0nx^j<eiU##o)Y{?n$7)Sh++PcaXqhvO~KFVu<S-sv|X&ue@H6RP(ahrz0FOm
zX7)|b9p9If{9>lhOdO;Rzo+{hIx+w;7(bB(P$Y48BxR0TYq<YM6y=`Xw;Lj)K5g5+
zqEzGmMcP+KMftyNT7ZIpf{1{CN=c5A(kcqV5K8BuQqoF?fQpC$(hSl{ch|rWisTTI
zLxc1%bj(l#`x(Ff-gnRLIm>r<|MDC?&htE<xbwQMo2NL)W+?O2Gha_7%QBm%2(j@9
zZXP!r7E+xz(vIg6VNyhh$%eYEPfK=AARHAs6J@v+s1A8X%57fm%gpu(zSCOeXUjaT
zl0v%ua@2k~@}|M}_X|#y?JV-eahRvt&A+M~<T@l~t1vG|Cto=#KT_#xA1JQf?1^R7
z&cD8TP!Nl-?PzPXI@kUznCG=+QvOd6tG+@1>^`k>OR4MUoF$?~wZ<PBZ0N4_6<ZEU
zzC0ZL)j)0-T9JqUr3mCogU$_nzA~r<pos;-_GlEJh5Nzab<D3De3vp%Rdx~cUS{UL
zy+T#aw!Oc$9a5WLy+ZCtXbZ=Rz_yf~eB8hM?g-BDjoy>3!F)}i8hu!*5`!;eSB`u{
z#k}*ds?2gmb8D(&Mz#62*M$Y2u;x<8_VGfl)cPO_G}481U-_r=kYA7x#;L-XrI{5l
z(-s9)AB#(CLrdiCL%<BqecW<{xT8!o1^p;Q!6NE&TZPDp18HCMUqEkz$ZS?d2{hy$
zZM(a)Q2)o1NBp!`h%g*J0K+Nl>2BChbIkD=$WxubU1-&(laIBcU=ycv5_hXpcXnS*
zS)5x+7S}LcAGH+V_`xb_-D^aC$y<x0q&DgqLBbz0=^)=lgR{y)b67m`7Gi=E90oUn
z>ssD*aY>p__Mn+67L(z3`M4|W#v^}`M$H0EUEIjk{Xak{Gjr_{M`k##!#ZZurQ|bK
zyKUzp;p(iB>wU>B_yGy*c7{K0`KDyKox>%}uzl%*8MpmdRhs$394=5Ab}`&c^QxlZ
zElfEL^U{2Z8V`QrTaCgqp~Vx^qE(mrJm0fF3jM|Bm*uNLX^<IebRHCHS@&MQjZVW@
zjHyh{SEP{5mU|q5#GQs&fN`KAVrd-F-z|zxxZPV9s-Tgo36;z?gU0y*%A!7J@pPpq
z>@_p*Fp3cpHiW2FB`RtYOO?kJ`B)<VlibIy-A%$)fHA?Y+l&1QEMCG7gKB?G_!x&#
zF%R$Z&zSuIJZgL2R**@O7|3hvBe7OqYm)Je6!@RE>VHN|*=Pd9RMd`DdM+_6cue<m
z-8|<nY(>Lq`2DkD^Tw%1_Bq*bSUYHPFAWiV+aE(&J*v~Xz9@DaXz4qU&Wn8Kw*GM4
zs}APjur<j7!V;r&q629w>6+CpQ5btk?v0Rvk`=0-NfXA4<*(NwY{U%8U%=ZFE?)lO
zSfj&A&kfUF6kB~NFl0gQDFxNWh?s`QmML{ul^S<g^$oadvl$O(u$q&&<i0@%`UNPJ
zh)TDsM+1;FC!s$)VnDmV(tumP7%3hvVpa;+2oU+xu)TZEaiw9;c_J+)YIpabF~T09
z1kFmqx9NGM;Vp)K_4GPu&WEJ;)hto8ugr*-urx*lmQQfhqFUPLRtI&D5~UB#f^iPO
ztIZ}KUtM}r??u$Je+%^NM`gMu`wO3$xbM#DnBrGh&3aNlIdlhdd{6G_0zAzy{W2?P
z?dx4L6ud*wqZEJr+s8zcKYIq}kLPx@P<7g0;NC=kNyDxv)MImIDa@LFUbGwerWTw~
zq!}*DI3pT5gGmQ{?9dH+A5(#@cqw&lA4I*zle$Fox7-bTubU+Od`2N=ZO<2Fyfyic
z(1JF*b>FAWp?l|JklyKun4G4gw%85TlLcq@I<sGYB<D!e_?8+-->KBAPuF4Txn}zp
zs+3c?ivt&f80dqUh6ousE-0KU3GQP*`WU4&ppFtb%vVEYatCre>PU9Q{1CTP$I3Yh
za9XVOQ2%=S-J2}~+NNpQz9|qd%bO%}*te`6onBuP@{D#K8e59ds>f2(t?dnZw`LIh
z-TxTDcoCRt;vG)gSnZI$VnuAe`dSoC`qh&Kj}SLOneaGg^^)};EE;R{i>orvQ&Y9S
z2b*`qWu~onHb0_ISB%sCK*@ZazQ0{XB~BQJ63RV!LFY6KtL<}Lqls$$g~+Q;9>w@O
zp9baRSSTi{*Hjy`0TH7xjk4~Gn9Ak$M4BOf@0xsHNoEhKh;}upKggup1Jnk=uO=5_
ztT2sy=6ZLT4+3ne|H7Ou1zOeTs7`my^!M0*@odg!=&98ZO546FbuY0UZba<Pmgedx
z=4adQ&q4Q{q_v+mkL$2%0uOXp5bNHK=Dpmyb*^Ey1J46ZQ)__Fjux6Dl&^}^8-`%s
z=zP}+fHuGr+LxU6-b&mRdwrLFsLZRxy*4A{l~DAj#F*us+jIlg7cUQNYKltCvo@_y
zVRgGziB6v`;Yow^aSI97`k!|7UqF-$Dbl=sXLQTDKU?d0sSkm06*R5;-$Y~ip5Z!M
zamrK}nU_fMGD{HJh#?CI#m$7C*@>{lZT&A;?aUUF-!~0g5>_87=9xS6j5Imt+(2&j
zN~okQF+D@^sxrxH4&)l%NZ1bwT@v4H(JBkFAY|J=bgRQQW`f|9qLXde^SmRUJ;0&y
zf!bW;Pqomy-UrW0&M)?lZ(o!tQ_}%9VF@rhtOvdpCB^9tb^`bTzh+_X{+puk<)L`a
zr~P@hazr?UWnjh|o!`&XQlFqY)7uvz^QiXLl=fOeibI*lMpJcEM;4&Npo$+pt8?{?
z@n%bJoz_b%O$wg?awIMtR(BE{r3=kVC3mo0JvBzUlbvNj)zg0>Ulcq_1a{U<@5bxn
zJ@HwoTw-q|6i8950xb@e$;~S`QFc=jeZvMF4pa??2-Evm7rwuUr*f6BsFI55|H3&%
z5OGf50v6o!KeyoTU$^YfN)oRz!OAlXS43Ecy<qltS>WHLKt5k7yKj)lV>OUoed*>w
zHbSb>)l&$n$tL2d3BJAq(JklE0=Gw3)kq%&`pr%jc*ZL)nP22Duq^l$TLfjYC)m|Q
zx)Y=w-P?a97P~hvdOj&x1t*jQoKTjvo_QvJ7x?{$P>hj?dHNTInyKax$Ubf<d_3XD
zJGZ^qj5lad^iZleG;zN8iaBB~b?-&5^VgY9o%*X)6mCPOU1gUKU>(UW8ZbW1_Q)fv
zp;IxpTM6OW#LBbFScCbOUI6r~-Es*;fznn{GG*R6K%$OZd?<cwk^RKmLE_}1XiV%C
z3OBzG<ur(#AEYMotw0CzH4E7*chZ6zjVL9;9CJ{2g|$x0`!K?o$3yK-7VRFo+#{<j
zWfq~qto%?U<Wa=HSYNvu_sm|I&x5Y5EszZb3j#c8=6yMinU?PaAah9{ygAUhqle<K
zES_0RWV8AJ1|?f2)dohpYgma{*)Hx(|9rwQnDRMZ(v#CLp#bh}l#R9(_{5@UGYrd6
z8dU$}A)hgjuotISs+u76&D__D2x*#i^4YE6RhqS;>|4@4YO|wz09Xh)2s<$_!B=a2
zT7LuQuhl{D(37ue|0)s)@0D9+-szDs@}nDkMd^kCgpsF>AxU@b4m}$x7dB`WwxcPn
zwHJ&^+=1q9V8mQ5T!DtS3yU`W2MU!~7}sZkAZKl97GaDTYTHr-Wke8)bFO7X@AZ{r
zY%l%#c?Mav#mw*F{*y^8AN4iSR%>!eK_OwFb3ZB@<;kig=5H(z&%J4`S}G8;`myPm
zAq%87nC`R1XZlkxRk?uE|6;%VL2pdwJSlRjF_5dq10TgzECr<am?IAf`+HY60#GL*
zHKXHeiWHi^I6p1a|HAQ4v@}x8n>7!p1e@Wu?EgfZ;oETszxVCUM&OhVzegGVH+&Nv
zDdP*es4WH|#no>S0M(i5fL}2Jk-!^`$B*cj#9tt#cAcnb&t_}vIycwUt^_?^P2y3J
z(CBdQ*B-MI8iA8jVP=n<Cb`&G1H*4UxuG#P;>>eaY^v^>VYQtvyRH#>WET{7mlxBB
zg_v+q2R+xi`3{+U--(z`qoW~-{Eq1%Li;X401^8aLKH|Ps%P-vyOa@U)p9Rh|1C2}
z;%Wx~RSe+u2SfB&lK}VkK31o@I+#ECjn2FbTmJ?ep)!=?W2|jr?`v4=)XlejCHbAB
zgp|2${>g%Tf;>t{{9VWF-%3^cp(I^So4=M-41tXduNd9MsH=6Sc3G%s8_UQ;EE^bZ
znqO`DClCBcbP2Op)R&I$gr1d3J@pn0?K?-My=gu68NtEWn+D}t9&rub!U*kg%+N)H
zfJ<ykZ~ib`!SBmbTy@On8$1@&yv#C%=!>;QXv^gzmzg(umsdg1KEPen6_l!$uPbO^
zu0}y|U(at*)RL`H$&aL3o^nNC!rsurXai#aInq_>=uB&n4zrcmNwdHd+e<k0BW=}a
zWlEA<$0q9VTnt~$&sKjk&+UmDYaaotSdbSh&O0;S<M&?(BkwfSV8ueY8u}TD3sAQs
zHes^V33Vs>t;+bOl%vfqvXQ&h=w@aLt3#zZm9{?CAk2>d`QT4gzhC{CP}&es06tvR
z*!}7-c-{`^v4&IeTS<;hc-8CD()4oujSZ%pYCzSGv(k09Ah0LXV~{3V`=tFpcOr<+
z_66}y41ApW7jXK?XLQ6a#mkq2sj|1rAEdBcIXv&)IQK^9+YOG?S2_7}6;G2|TjC47
zloP9m`BE}06oHWlTn>2jT*O)%;7-|fR^~fsKJHC{Nz<l}l7eB;j+DHZq5OboFKGC9
z970LQNrfL(X+7d9X#N6{;jw)W6o^wz3Vst+l0|$6^)MqGnyQE1qgnAVc!3fAySaIW
zZCqX0#nV+1M)=ulpp~c&3NhzM)6Ob!cyQj?cTw$VFFVYE5Mh$I-e9k>!w{J~F84lV
zGXO<<6_1vbcvNbFZF&jS9^UUXy3m?MGjb2JVGrH*;O}5yhGVbjqh0z5cAz+E%_!nr
zbS6zX&m6ILZ_il^np9=O#tG5%iXM1BFf3BQZJ~CA(M*Q*maCVVx)aGLeVMvVm{^&c
zhPjciGk@qau%MQ1)j6#rbM+7p4r?9sYAh%mL%?iezmHA{02~S@vJd-n_P;*dhjHFX
zkG4ObXRMc>J%rhU0}6=9hYw#YY(W_a2!gIS6^Kngp12U*40UP_a4BjEgsqg?_A>5i
zzBg!qGtbUGe>Qy|QUbc2T^Hd=f~(d-5##^qI<&!%F{79}>C~VnxA6s+=6$RooV-VI
zX0MI{`$k8Kz(vGf)H=zVe&_Y^L*DRI)tvawctWrDu;Pr7CiY|2hKDu>vt3V#iV@-<
zy1BU$?nvp@ks#jv{%NAdx7;lT!PfN@|Cwgy3D4ZFsx`xxiD%_l#>j#rY`UblB+m2!
zK<<F8H^Cd^S0yvgvo*73x3VILdKsW}JW=D_#M_Aa@~byN(sibfmCJMjQq5fA;%=mP
z{&LXgWfX|>S~q5T9p?I2FXHM7_{x~d)Jqz*ZlT`bRtMTF-Q_*U!amD+4uPQP`Lu4)
z$O!(N+mOf~HKJpZTQHBL4WD|Je4{Mef8+3qadNjhC{HQ=Jg5K@e3hlj4E?B6t@1e2
z7h@t6+7==7KYyBJ3Q>_S#4PTG#OJ^B$25+efBb4K>hxmNSvL|**UjQ%Biy?|K!S!G
zUcIOm)Hyj@@G_c(@~yD1j+4R>0XR&Y^Rk$JV(UddFttb%wW{^WE&>6mKl7iepq_xk
zizKRI&-sB9v>!(bh}af9#Qu1_!clu7)Z*&ehD9Zmn(7oR?C8OYMLjQ(UF4E7Km+l9
z9V2TU4)Ebp8>H$tCP_S~7$I3bsTwH3!)qq~I4ZZ0N>UKw<Zs_x^*uHnlG1&9m)ebl
zY(Cs=PmPE>@WPP0e$R1RpHeIs_nQ60r`GaKjx5dRs1{HVM2uO$)HaHmeTKD-WbsS)
zPP{z<W~0(QW$wftFJg3?2-6`YhP3zP3_j_fQkM^5n02g#qUQx3rFSW~mXO{ZC_R^K
z@G!R;qA|y(o@?sfD^RmFc330ZTqW9b4Pa2JK{<HJZeqjy*o~|A{ihx9j^*bx>yD7z
zI}^80@@n>jSsE6tVQd*AC^D)89%&CJS5F`dXmDAT`1(aeNL((4obh;!$j@`cRl{&F
zZeM1D3d;-M2Vk_+1`%+HCw~KRsqHl!Gyn1R?dK`PwiC<Xd000ys1?x}iLVev4pso#
zq+ox#UE`Sh08ndp0cvgg4g5vW$_cjrxBn0PNHicz{>g+@qvT^n>~GL_CWVBpM{wHe
zGl)99H$*z!ixst8inh=_ea(9KjCWRu5_qw<cj>{-FR;DAAOD>Pynt4qeuiYXV#+^N
zw2lPHC~Ct8sXGW*8YiSE#|l3YfFUP!-t}emJ^}(F9LBW=#bzjT25FB}<HZV60KKVu
zseTUR_1DfIubeq{>j6-RSYY{w159BPD{PsnQy{akkiz{si?he`=x{&4Y2lZufZ>|j
zn|4MZgLNY<gLq9Qqrj62zT7+>Fm`P+4V2hGNMuqE^~8qiq$z2!gVEvPJX%(e>iX*E
z(E>)1Ui-M#c=4ot{?W7~8zLBMeEW17aot(~F6|-bPv>I|{)xAle<(3jZjH3tTtBG+
zfwR6DUOaFDth<57dlxWExdDtH#XeiTH+;MT-%kOcO-Gw~vLJNwDI(_(a0244xqMdE
zCt3&)vjGTTPjJf6v5R|`?{DNG&?`hl5;pcE-R!u3;;p~Rn>Xl&0h7|>g{41^5hKLs
zqy?zxj<aT;ng$7SY0hV_t*rsDu7}%R0Q`7ULhbv%^lQ&E&#j8;p9X_7>&&u%z~U(_
zaFxH}q*j4s<1yd#Gw7dk=_MiRkF#aP57>m<8aJ*hZGx-(3>dfV!tE=|#|zaxuK<S!
zAQ;&q8IaHM)KLT1!R`S4BkXSsum16vQmOM`2OMJTo)e+EEFadDm;hAetuAr=@qp_^
z%HyG#EIhzx5HY%ZLT=KUbq0)qz@F)XMc`Yx8vEhcMUZ+Ao)2)L&!F|#>j&FCroh-n
zfxmigR`KiRu_tx%8?bqeG@s4aWEOxrW+`T7H#*=;`Bj-honU71onMEUOREk`Ehoia
zKb?@<7q}>beDuj7oLy19;$gmFEjyRbkqVI|wCrrJHrJM5ER(Aa4d;Lgpy2IctF^mr
zBL=K);;4B*6#|r%^qXbPG9M0hJqw3t@^2q53b{IadUhU;AMP!iwnyr1NEts)e7(qk
z@Wclb1@VHJ#~~n_SsUat9=TVKV&kVj)~KF5lYIRju(Bw%#DC$y()m%BJ0lT7T=FJ&
znu86dda56=OLz>^hu^qq_Tb^n%qNp#lM&7s`i?`JzZDhtCVK^HrDnMEjn^=nsu#Og
z2k{Yr*eI-|5}0+{w2V8sX=m8tVn6ech)-<=RY}d!6KBPw-?u-}%hvX$td7_464QtR
z9lkJ1Yq+FQFIjE5?;D*v>Z<=D3EQ~_K7a_n1U9Onpk-FuxZ%2AU{pAuALZyzxAypz
znEJ&c+Q#N=#a;1x)A3@@u4BcCB^T1I7uL)k1S3o@&;$3>Qr`WGqS@FRZy|3gO`6>-
zBti03EZ}0C>#!AK<F$t_xfTO9ztmy;gb&2#hr}!nw1x~ewm19)t=q0-V2N)XP0K}g
z%q=8-lnj8&64Cna0ef`^T0FL5eJAxV@=9a+$54b>D-u&ad^ECMKI-GT<Jv`jE8%dH
znl6-KHuE4%fhDY&#piypbcEanz1z^m;_iE~7+QrpZSExzy8I`12Rx%Rna|C{mGM55
zMHw3?@9W7F-JYb2@S4l=L9XMrD^ik-DnN5UyBL|mP<L2tfICELY*i#8utW3rXJ(Vr
z*saSgn9a;p82EGGosL)che2dUrSxyKNe+m+0kH4#0ROsXU8Un!@cV-OyIXrt#^IY2
zapGuGk}q4~-k_T8TI;r&shhQ-Uj4-S6RYf7ki<V>?04(3MUcG`OegRq4PIIExZpMS
zxuT#hfhZIlm+w0hra*)0@Ud^nhRk~!vXpw%%mHzrYV!qR=wE6NlM^sPJ`MJ=B|BL_
zwjMYabL>9c9R-&eXuJj40W}QuG*vcmaKbW*rP)B@#CK#!FgOG>-=(1%IhWN@#ufTm
zm9IZw7N83<3vfdYb6bkL+8s-!Am#bJSeoQk^!SN8W>$woWq6D8;1y8I68FKC+8oUB
z0#lGwlPQ%Toq=5MRG1qTGloPEOQ-<E2nxJ%>~c-b5B={^v5s=_)_&m<%Qtqc(qXNv
zMg0eBRUIq-sA7M(%x4A=o=iL1I2=}%7@7$l=c-Tn1t>ml(<IV#<_<1y#{-S%7((7e
zUi7j-tycbcl%rRO?>@e5gjF+)tH1pr_dE60GN1gm#3Yxty?*Fy_F__|o%S2<<igPW
zlD{-G4X=XWj&^0GeA{Y3v*p%IO^q?)wk$R+wpq6s+E~`ls2wb_jS$b^b*Pc$@tVm?
zvRtbP$qZt}%AmmXBs$1u`i$pq4#fn{no)$K0WgU-v2}aup9@R|_=D}yw}oBj9ssZ#
zmqZ;|j!HL12#Xk~sNj6E?&4){?<1)l2VfUBuLBLo24D=rF|;2HqDQ?eFoJg-=6zZX
z<7BOq`HXJ$F8w)>b_nrL#~S-<7gUJR>pw(Wu0LSo6w95*6Xu||M2g&~)78x$u*-gD
z6yje3^5^tigKfX|FTy>TSnIDpM1F;@`rY3Ez#}_s-?JFNd<`oCOrQQNYNxN+@&q`I
z1LWz9{^VSTkJ(UimsxjwRxlJ-&bRYATyI4MJzbTsvs|crrCTkSMP|~e)%&OoGWQ79
zk84*mb>vB*?#y~Kw6!j0hNd=XFKg>xY-L*2rqbz@D02FKo|yBv8FY>ZA0w(|tJ@-@
z(NlV^!L%cwQT2M|Y@lrPlo?M;3irFKA^lL9e4s&=HCpT^)W}GWa}Bg&b;o8f(I%{$
z)V!YseO(Xp%xIW^004ND2*j-dmF+ei6n)E*<#c@K$VAuSxc0Y&LzZ08hnE2-(_)|`
z#fpZ`e&17JwjyODeMIEx%z2{yHblPE9u~>FX!)|}aTrZcrIya7)t??@wU0T@%hEp|
z1S-#Fj@KBxTd($qBk{{;h+I~S@K}@fYWsOudddOaTF={05-P(=Q$H1zYdqkYM1T_!
z)o2nT`whMrXy55m_bM-lakSy~qoudx=(~Z|2|mUMJ}@v14j_C)wsyycPt^_ShJGOV
zbk%t=!H&?JIh6QAVs|A$(qSWHqA%9~&EYs;6D+#;X7HB`GxI%OPXnj@ZO5(i8uOh8
z+##9xHo#|_mR|aH0s9@dzpeaiz(#NQ`n?}#<__PVqm7xWJ92pd3Nn^BXblb?`M5+1
zGjGXT15CE7(0<JL#8-13gPb3)#^IoM0Z^apX4%3H^Eg}ajHN>@QjDNEh!4USvpZ~H
zphz8}-hvt_d<=+i{SM*waq|lnM0PZHrSo)?b1%Jw4QML5UyOR&^Q{^npqzLtSpR!x
zuY#S0X?p3(Xzy>ik5L054zUt9Ow90>3#jnw5oV=gM9hN32Uv0VlDdl8In?TRD-Bbi
zH|Ld}lvj}%`=D{;aQw;c@`4Ly_AWO22){r?eejgtX<t&9Z-{nTm<Pz>U<v%caLR4~
zpC1KnRP19lUsIa240?ch4HOCbXx<EUNdHk&(n9Gs75<l+l3##RW(H7G;;G;A=eDNS
ztR&SZCi-eJ2@UTfMDvZgX%#4)O0!<HqEmY^wv|COV%b3OZb$uQpuWpvU^sR@X&zLT
z51~)y0j;Xm;Jmo@BG`DodfA?Os++juK}zgH>&FEy<`d(Wz3%&0a)vN0=&BY0Nau!P
zUK3|z>S+z55#g7yji_yqe=mo&0<h)yw%@ylsoK8UG?6@I?umBMF!P?_zifLEe}G<t
zb8My?M90^%@y-uZF$=^>*nK=$Bgkv0ZOnuyrTpp)pWl5qrwbt)nk^w!?fSS-5B4<L
zJ7orlfpNC<RdsVUeJ`{1^cm+C>d&>~(wyw59YPH?`w@@=to<@Q_y=?JV8#n}AZ|7V
zzwMCB3vU+{D#V!7XyvMFjJp*Cuq%IgoS$PRDOr)91HVleGc2h~BGha*f(yG<qaAmH
z!VQ5H@~VSyhPh++mRIvaQZ`1iwk(a@HQX0FV!1o7KA0x%XfxPRQi+Oxv!j<l_6(RJ
zfI~{^FKfQW^B1#}Wj~Q<)Kjey`0}(GSqc##CSLb?-6lpz+Qw4C^Xm_m7u@(cKqFM}
zYQV?!<r@1Q#%-gr4axGIt|>u$DjY{R8IsMXd*Z;LO>6fJ`cV76+$TVcq1f*BM2JNz
zPYtP>U`Zfm_VS2Wfm!Fs2vL6nGg$0WnKr%%+{i;H(!34(D>6|JHN1pRl694r@EZsN
zB#dHU(C{+ZoU1z7&v1V=A!aLAR4&NV1I03c!-8l2gTo5;&tm4ib?FI%r@Qq;Tw$p6
zg;ainz8q7#ii+jFR@$E1rTMXX%duKz(<87>8G)twlwO6slVQ6LT@Q3WSG?X@{~&^j
zfA>i{2E?0+81#gYKThz^{esky5iaDYTqHqCZO7D3&_}c&oe4O6@S=T&B31yj@x!Ya
zF$3jcMAFAlNT)w!`InclYwO~Il;|-2%%1T~_lN1@Rl6szUp%|zL(e%m+x!O1gZ%})
zzBp6}qLoFQ#TpP}m_x#ff04@!ou<Rxg-&Z5^@Tfe%no$K(F}hrHoW80X`4Vq3PD+c
zq|#jieV>EDFBf%xEuiFN0Y_E8Jj@l&G3quft7sf64yk(lw@9tB8)e)c)|C+~vcK2h
zee@RvwQZTP{2v$;!Zr?_BY4Emj{)mFaRtB<C4*VUAqfWkj#j?TPpK*Mw4fs@+YXkJ
zynIgg{06nX5%t-f?T?~l<mBC_S}ln4LV`De+G1z{oL{&ZSN>P(Y5u0gL{W4}2*v*H
z!d95Kys0<NrE&x>?44T-@2ayZuL}NF#$4j4hu(H2VhQnuS>eK#f}qj;hWzw^Nc8fm
zg^#_l54Cn&a<2u>#dA2M<tG!-p>0?6=8s%E*SViO`sC;+3wMuOO=W8lN!*dXl&-r4
ziPHu50kH;AcQuRbI7HHgk9nuw9<KfX@$Z$j#U360M!exia$BSD5B=kxd%jeV@hrUs
z;%^Gs5{|@B_70d@sk086RRI33)Q!3zn!oN{d4ouTnw08_yPykt5r8<&qZlWU!v5qt
zV~r8;wy^``tZNRG_Ih;lp5H=C7cX5_+Vj}GA0zYXy>lx!nAPZQ<hJ-uB>dXF`x$!8
zTkatK9*-=Evm0M418N!2iOY7qP?6xoT20WXE`S$~-jv&SA=hadJIBj6vl2^)hk;kC
zur?iCs}1hOmGc`2L+3irQdEnRkB+?JsraMC)NNRlgg3qVgcYNNbRIBE5%hL)uhEn7
z_)t9XIr~F`)8>%%+Jn~EWj#8W6RY6XJn%FTaprdtKpde;(sxf&1*9SA#?F$X1Q$j>
zm+&7Cp>gK8f0}W(_Pcl2(wO&-^g8559?TbY*K!g08lqRl{za|i6Opg+^5si`PZ>w=
zXIg#m*D*qMqP;-lP&fHiOQm?YK!XWQ_lA8Uqdm3e;Awu}<_<V$5x7_JkGf0u>U=(m
za*l_nBXc#~>WTpfK2GmP_p9$_%^LNn@yq-C|B+D2xIymbUS&LS$Lx?%Xe7!@Ptj{U
z?pl!8>{7aM)`j8o24__!>?fK!b$MD@DFso(nAv6I&<%2mF%S_87+2k#?@WOATMgu|
zisd_I_l%c+43di4bQ(Vl{kZoidb3GfV!GMNch+(1S3wWL*$eAbxms>Dmvup8v#(Cf
z?opo7GnBW7hwPt|{6pk^!pGdMT+d|dsm~P|`0_+suj>6}&Hu2gOmU^Ri=Vd|=D0=H
zfnaPUg;B&>VK=6B^eMqd>fz&1NdHU7aaAM0Kqgkg{;@I)NYbE0ZUCgZ;ely{Z}Tcx
zws?|jp4W6X*K{67?iK(kw3|H=_7k=I(!*l6XJLRPZZ$w1^;0oiVnxywR~j$rs01{0
zxVVn)2#}D|{}E7nMG8^-o$~RAT;h0R_eW33mHRw<;bQl$*tZRh6xnUl3z{v3da6+!
z{RfXk1aog;Xc%kX#0hEZF7zeUp(1bl#w*3|EPpiFRmq^hQ!UwUn&t+2@XTY71ig#f
zVFL6qj!w-X{iG-&GBM2rB{6_`IRPLx!caXJVLza+U=NO1!4O{WN-qTDi9XEe+9K3`
zc`%oU#cz%8#d<m7M}Xc;wR)bNqlQhdSdQ5!(3CZhTEWh0KTLbQT^vPZNwn?uP>m^+
zEmj&+^_#H0MiSwu`z_7O$LFEB^u+Zw|0FL<ij>%9xi0Q78-_*y(J4}}TmuX2v?6rh
z&v@gb^ud&EBmW2<K5y*NcnJ+u5XxRZsWfBp{3l#u>m)-OTAV9kGWX>4cVfLW9zR^_
z9o4HIfOE*-*Vb)G5-LZ?H1t-kIgNYQ6`U+s2xiTpgok*!+yS}+o|6lD=9pg*bw>bh
zrYRIHRg(mqm{C!G`oh*95B7!1jR<e_pagt?{^A_;A%X`4PN6`a2Hk<HjLKPitC>f4
z`7D8mKG3b}OwZ-=K?jVIbU3k=z33k(dlAG!2K?IX0O;)TE5dhyxFQ2WZkW%Yug<yV
zen-@%`$<Q=MpIwOi_S}WQm*=y5=otj8g1DzE?YS4c#>&DES>p;#@FO0C{^`JT}ut~
ztx%TY*^x5yiEXyOxSpBC{yOI9+{t#oO^Y<W<$&N#T*4EL=tm%lE)tzAb6Wwb@)p@O
zt-)TNPn(Ryt1(fiXd-PW{&j8uAmb<#OF!aHIw4w}+auA1p*6Ne&qyJztIT8TCgOTB
zdu~g=V8lLo9yE9rupzW!OIOU{)MNNfRm>P74Kdf+96jNiKWL@lbQ%Uumnh76U#g~}
z)_h`=Bxh^8>03hD<8Jlz1sp$<soRkNZX_PJ-R_;BbyEb?V>)(0$GN4vgQ>mtk7FvC
zc$#6+xb=s})mz(ld{tcP#a|xR#`Jj@5nR+&bw2dWIhxqnPSS0=47irml5kTV(D-TH
zE#YkIArb0uR(l&Tx(ka0z#QnonR7G5c&Nr``X%%z%BMP6Gk@T&U6$EZ*VO}<pF~xx
zMBWfWz(@+BV&(m`b4XSOh-bn)dHHtClFV8)43_Zn!jh3dXSYhqPcz^Wgm*j6^;XEf
z%QAV)t>QXDcQ646ERB4#*FWl4kCAE;ccTINO0>6>4quQXyq8%)r1b5;`{2to!=5w+
z9shL&s+H)noZ6S5onHIiZ^_p4@yUXggJel>K6aD>D-l<*g&i2STuMKyl-1-S+lsSM
zbwn*$nwU0*Bg`ivLjH5GNs+H_e`+@XvL2pTYg|XK{d~+-M5<iZv+$eUZ0S4s%W?f*
zSZ_uPzzQb>EPK);JUWJ<FB9q8-3do<;OZpWc8FJ=$!Dkk37Rl?ZtMR}x)V&d1s8tn
zuHA_9*Y`8LPn$}qwDa^3KluVPed%{Kb#I33so4W5_;QsT@ptqWNqB~xnb^O(8w=wT
zWIgo<@?kul{Wc1gy=I{o=zh69BuNg>G#lC~{}X?E#Sazq7e*1W{!6PmC4PiL=ahr5
z=G(2Y{MDCucVm%Ys^!lRR#8Vi8*(=eAlZ99sq`+3V*G={Cqm)26C0mnpDiJm2CEc7
z4d=zUg3kl(PCKiy)aY*`>E{LFCE46J>)6xU>Ucxa&k9D1<?3;Q9IZ4U0Jf2j|J54)
zpu@@OFRaL<NyMn-&t;+JnWT#`24<M##jb8Mm$xL}#OoSE04>%#>>Braqo9@MbJgec
zxA*Y(>6b8P*&hTvx_HsXT5r3~S`U?9m1Dj7+=yb3uBf0YuqK!I2anRl3xE|q?n%M%
zo+kXrT}`S%`AbYYyK8vpevOp5xt%oLu~P--K3B1d8ARkT`||74X@}?+*@TV0A~f2e
zGw)@D%TRkbpwq)ikxC}&@fGEefmav7@QwK$0&7=9$<gail(CERpUrb2u(h0A!*bn?
zjyrZeTNm~{AIW{LS`fmGPUBl48eGF&dnu*MgUAe*Nkg;srd6L7)Q>OL$EQ`Z+>`iK
zznJ9i={M2ZO$=`HY;P^Qeo(H|cy7*orcZ*08T(uwyvqN$yYPt#;x~>g)htf#^uE7m
z%Jux_l{yud<@T~TNpqJlYdaS9EX(bNWdTp+MhK<r0xsavT2IrsM_1_GE1e>TCDaq)
z_z90zuhN2U9EGUS9sBZ9X<@dR!AWZUXN#Zw53k3G+MUf^@i|zXUDcVO**Ta9nFw=*
zLC$w!+Irsmy&KVn0qmLo3vUi)Sr3>|d{^?WW2)sQ{OyJ3zX!ZzE9_d~Xn$#jFD#EM
z9&B=BHowk0+wxe}=ah1GBLl1L$5!Ak0Ec<LROpD$B7R>-Q8j;#>fC;8iB}GiFiau1
zR}GOXSJ<Q;zpX9_@Cv-^EXT&#cfXc`rj3N&kJR?ue3G<AsS6>lr@ub*{h_1{8}%i9
z+<CZ}=AesDOqbBKYT+&m=%#0_;gt>E<23aus6DNG#k$Z4k69Dz*!m3dw^4%@K;{kI
z5T-HN8V^q!7*yDZ_UAP%i4ndgel_w}M(ni3+0@Ht1Um(Ou&TZFHf`K1q)21N_Eyw)
zJLJ;UYD8uEf@*jAi=bII>1N(lFaG{)^ewt7`4~$MGE8>8dV^+1)nb!mn#R0cxOz?@
z<FCk1CbO-Vv!<8+qXpo<O1_k0pS-LioEmPJ7rQ0<TUc>7Z#ae}$vWLEUSeIr{dX4G
zwn<C!oU8Os(AB<F1ZBOn;ES)h`bB(&U5*7_?Az+SX0scO>5L;2r?4jOv^HC<`vs^q
zR~V(IZYtp&+MfyHQT)PdM&NRX8lJm#=heK6OfQ#O=s8($`_l@a8O2`3aX{=tVya%%
zB5|u+ay%s%s>U&6#UwItJ+@-3-7J*@HU(B{jhK?9CGC>rB%R@aTd2J0nW@wA1r26G
z*@am~G@}$&YXq?9d>8*SFz5(q8=O=cKmHn=b-OmXA?=K%>+G5P&P|=E@%TGxnjH4M
zra+^ZdAvG_(tWwTBW$;>Gkg|GPqM0>j90+P!g_j`9(jA$0&J7vTzf1_<}e-RJ);EH
z<AJec-nS2kbQMM}@pKRL+rq2k*qe$<N;G+o)4xYPf_4)ENRi`0{dJ{3^vN`alzrt<
zmm#;VN1qE*rPrOf&W1Adl%I4o^U~;p?8wwG${HyTE`(~^nn7`#F}Tg0OajAe!i!bt
zhSUQ|<J=J?Ynl$p0nwku#$z5?J>_0pmakuG43$|&?}7`)o_Pf&J~ih5MhE$P>3A0n
zs?|V_gATd0vsV00r}SiVc`@x-`Zb>F97m2b2gEsgbzWTw$78BL0ril6#qcdw4Pg(l
zhbA{jdFF$RL4)+b{Oa2`^x)bcAJ1GpHU>L!O0|9!4229j&wcCYteXf>Bw-0?+fb^{
zDc)kozxoQ4cqD##1mTX)%jgV<KNNI6{Y5ETBsU{3&R0Kt;Nlw3C&uP$k3B#)H%)Bj
z{J(gg{WAwFYsv4>19>jO7uJUHk2T@0DzPHb-p%o*_7;1QNv5DP5;Z$eNqvT=6aY)e
z$E1a+j<qCrCW$}WLk?5ig9znVe?N)#WDy=D;uu(-I*@~oa6M64>&m}5#@v67asTE<
zDOo$>OL7=FjI8}>+BYE4^A!As#I3zg+Q+XJSpax-!Q4qeEwIK6<W&O%$2~@2o12zd
zSuWr^hi)*5*@Oaxv$no04b#@}Ml(_G(Gy?a>BNLNUO#goa|Y}$k2{&8=dlZVmw}@4
zH8mZQ=FUTtu0-kC+>%3fm001=S)MutFpdWQItUmi7G!zUvor&cDFr<@9r!@5SO_Fz
z&@vR`#HnS+JR%ZS4@Rh6T~ngjgb1BHSs?$J5v8SL#I`(KRw7+yIZYb#oX1HeNybR{
zXIZ1>N)JcB=0?w&4#1S8R%fkg)!mb;_Wu5kWaD7-C~_N%9_sqE^PBi44;CDNz|UF=
zz#+)uB=AAUz6iT2co87nbaicUuqeXNb!=O`!cKZ9zD800_0G2-MiC`)@{JUnIS>rN
zOw`rIznY5)Pt-Opw;kc>lG-di*u%zWHb*(7FaZdS5>Lx3@ZEPa!HYbmmiaf!Kzuq_
z2K9Styl$42*z%E;(3u%iFx0CU%t~@BcAW35^vE{vh;^8a(t+Yv{Gl*dqSW3(!?|<r
zh?7Kk+sZQwa1O5}gGYW8wmF^`cj4ySHz+VfZzJ<vv?|JNwFW=bW@PL`h(Z!@2H{Dp
zHC8&Q-Z|=N0r5VE#xp-@)rzB#q?A?7n;6D1BIYKGUYBUCeiBC}%0O^LQK4h71Rn*!
z(I?6Tf7*@4JgK+-^>shhsM@960S)GtG29;2N|C2zu)+14t<~ULz*x8+xX2I4{JKMV
zgH~&>#hg+uYJ&u&svhFC<Di?lL;PG#V6rmFl8$*YaW#~<{&{-VS1_<CQQEVu3_X4=
zPRw3dLwKAAfk0gJ%+Sgia5y4R4==k;cxCYE72lbv<>ux#4`{j`o;ZFt(F?~NbLZ9b
zpI*~rlf)zDHakdEZ$C?fr64J+|Am^05+`^EFoiU8QpB|7v1Lzc7V=;taHD~GLSZ>f
zJ5Qw^TRQ<nw!XYUPqhGYPWPLW%`F_!hCDes1>pwvHR6ki>7j)`kM0{JB8xr}F@(jG
z2LIyor|4f2$780QcS8gif=Diu$qsq%&xw{to-9aB<=N<qP*Wt3Ql?b~7(am+n*KS+
z0rhJa!E<hY1D{Lt<JFbpZZkOZx+kMo*RAV$h1lfC+w0WTx_6po6S*zoU!}j^>_Bfc
zF%|eXQo$JP>!BevYd->K-qWf^USyMr43XKpwd2I$y-NH(8d`^I;8_=dN)_*WU+QCQ
z2+{1OT>{?+i1~to5_;d&$&f3R)2!iP-FhFWyfo9*l3+F!k?fQGX;6B^?%aqeZYgGC
zt$~`(^RuqYOMsKo;nQCtLccD7z07fA!~Kiv^U>(P4OdB|hA<U_pe6v<@l=cpKGrVK
zGqRy3K5%A|Q*frJ*=&1J%K@7wM*si)Kp@&;6VUXm0Tvz^sqZjk7X8T1&aO!Marhe@
zC8dD#Ot@n4BPz#)y8rJdopp->0mkUb0`0un!+q9LX=nVHYg;%+VBoUIDOe*-(P^+j
zk5_;vX{(`lajbd0_Bab5{mdS{-PM`X5FW^UB1cMH)kT&59Y4-i?Xt|{^7QsYlcEPp
zM2`_!4UT}r>M6$K-G?U6NiZcDY`S9jA&Sq8q(E|I$KTY{3I0uvH44mP<1!6(0#n!Q
zYIj9rq&?H64%Xxn4I3y=K+<32PJI35B$-@biw=LdY5E%}o>*FxoRGTuW<n9Pzlv?G
z%ayN+We?7oIZNMXWF75W5p(VdDYl&c@H`~ztfW&*OZXiB@L>9Dd_UK974j9V-=;YV
z{E}Qb*PbudS2v&5TDH+4KcKejo=U9Z+_SMX#ojq}F%hG3+g5m)wGK+nL?L#)DlJ)T
zViSjWMT5QaaVr-miDS=#)yTImGaU|9++M{t2Cv{NjiIkRp0$V{d&}Pj@DX!GX$m*O
zdWc0EgGD^|#Ouv6<a!hK9A=XOf_$WU=l27K+f#D83n|pnh!0FBU}unfSH0p5ou|jj
zjgowJ;7I%c^v^=f?4o7Es<ze5`ZqWnMx1^4%iYoAg1R0o;`J+HGvfxPO{I#BEE*SG
zD$OUQd$5@%wi*IE({DmKqg;)vWzJe^zNf|x<cGi2iD!LgJ*ztg($n2(gilnW7wMyp
zNd5h>KAf$A*@l|QOxirlh`oUs?01u*Wm5mMquu-JR{g;-i+vhCteds4r3LR0+O>`Q
z5st@)S9EIis}mF!=5E3dO>+Jo-2NE5%5_rin=K*3BN$7JL)X{u=1J^`)!OgH?wjeE
z`&=AaVHt_9l}a6Y##|@3p>V$7DxX}Yu@jkRPZo?5f}`qSF1{kWTMb7oKC<3oOSV6&
zj0b(Cbun5me)^`fZ(Tx<N<H$}mTrPg-=%WP6Qj$utC~W-*N>WSwMOT&xyr1SUhT=Y
z{mMW>LQ?FBR?T|G(?J3u=2hRQM_G{B>UH=<Jp$e!3Ccfx6$=#NwYhQsVz}GKheZ3M
zzaz)%hEZSSX540%`*1#rQzf<y1*y9!d$3lMA5giqGNvF<z2s0Ltq6O)J|XCRQ2B9x
z@x#f}!C_DVgr+u#;VQ;G9Q(Y8e&z1Nvu@0r)x9%Qykx_3K0BSf8|(Y_?`xuT@f4ng
zWV|)xpWS{%zE7OGd)6(_s7C#8bJ6h$v+#m2Hk$hhUOZF`=8COxc#w36yDXY(%*$4H
zsOf$1+nPzVpPNbT&TNQ7-y7OAmxL;pq$98OZ^+%A60!~c=24e|#D3L;>JMNBC9bu#
z-xM>oyYXAHfOJ^I!SH!HhSKnB3lrXRw7{n&@Z}$G^nW(anNFv?k6?o(<S+?A58M(r
z8s_Pn)l~Mxu6kL!wWH(nou^g<x!`YoYS`&MN^Q3H5@V~6`{}8vEh!;XVOv|I8%rf>
ztv^4}vaK+!l8ON_&qjfHtrzS#UU*j`8Q7nJEPR_np-ukYs5L9JrcZb%yhicEsB0jf
z0rF)X1%6>nEx!t5m!+Lo#b;1_cLlk=y1%T!pu@hW=e13+XGiFZ=-sl1k9v;upZw9`
z`8=uf_RGiI<CPQBAaH!!0y2SP%-&s+%WM1iABm*M(j+p<Dz)J<Yc4Qr8J>~kt-i6D
zqSmiFI+zIpH$xx7=boDV-^EYApF-frJp&}!^Ox;Tu-};6-lk_uRai|)^YT~jR=STs
zNSb1j-8Yt_Sy3Ohv8R^%xamE&7A@p>5+qzpu=E{CY*=(&(W=khx@U~AcPY34aX9AL
z$Ro*Smi-2?B-8<-WOhraD;l0RqB!PZ8D7n%U>+NwIuWO&ATB;~dimqFO7eX+f4oGS
z=5vW*<%Xe0**XQ+N6O7n@)}{5?bJsRew%aeg$ov>^L5LKCg$$2YkOo9nTSZUU6^0f
zT3r$nQtcv7#aM3DJHGWq)^a?#EH&oDv+{FXo%_z|F)W+X+_v?+{57?hlIb)pY<c<7
z=EjEU*svC{Y-9#9zU%lD)_`%1PMobvK#Pm{L26$%N0QH0a1bjYL0Vv3<|REvZ4*GP
zo}PCc*%sL>TuIiNa$?wC_Avuy4(GL2B$2OV#j@11GihGj5cIvDH@dYQ6JZAO$)&RA
zgznoVfeDFE@JYglWbWoIlOO%5kek;nE%!Xp`9=;XEuSI#x=9zzroN#M=3GGRrDdTS
zR_2f@zAr$UYH#cGe(gdCu(Y#3parxE0WJ+y{TnMx4FN09n=D>WE2>>sy@SBPzvIMv
zO#DYZp<h?G9V`6+_LUBxs*m-%Zv4csm;c~5=F;b3@z0DRqStfxQ|-n)Hn!2m#9=5}
zQ=!oxsyk(mAP!TXxLV6?4OHBgSoByg1#LXPRe5sKxgLvB8;@$J!iSstmyQ?2NPHe;
zYDf&vk`1XC>8xIG5TB)<U#>_pSO=xDS>GchU(pJBeqnkhn`yP&Kg12Mh3Q?rW7(7I
zCuuYZ_-8imUV{;WuSPTLt8~ZRm>Iiobxh<}ww?*3qW0VcGf+|UY~%2YtF@O0Szd=U
zOnB?<F*}A+J|S`0S?<_KqnK^9V2uKVR=P3v<^-pzc;~~3v|xsuhtY@<pWAfbL}Lq4
zw_SQke6C(7hOTYP9<A}aujWPHFL%A|<?}lY4W0I-XpsKSw7H3oecE5KQINq(1>^rd
ze=wC&k#@A6@u5^D<GItxZ*KebMmKjDe-G#FC#>xY&HSh{wxD)j?RYi-lRd*~puU;!
zkB3vVBN`Ahv&&&&#$Gq<YY)^smvy~g)LX5kK)yWH3~v{{SE`_LGm9OnxCeIDh9<vj
z3txY(P8OwX^2J8ZrUK^pY;Z2YqiNTnlO%e`mbRI2txHDqj%i(ZIb@tTE98B`zX^Tm
z9{kB%&74IdI6O+6mIhmuyWRXLfgDr;nCvaEcq!<2ezwLPnEPyhxkI#ekNZ})|18>A
zF6WM)q`<hd-3d45wVp+deEosFvYa$42QAvWR(8tSL!9}#RgYFGe?Q+p9Hdo?IN5wO
zu4$RgPbMb)GvA=v!!OS!l~q0_Ky4ys5}LbD;;-s7T-8^)7hdOD0A_}3yToPPVq)og
zU^SpzgzmP2L8Qgl^FyQ2-@-iokxzN9I~Ol=-=dq)&NH;iwp)%gPtVo{$8*_(@}czh
zn$g?GhHKJ`(wPa`YCVez{T;Wh@=o3}GFMJ`k-k#hU+XIC?YbDVF<%Gc(8|^>%ULSI
zq6cN51rxtWKj4<eIr^13ZW~RVbK72&yem+H!`&UJh<iCDZ&F}uGq`ZAH~)vVm07tD
zRSi1P*yqedZ@!V_@;aj(YP|FbyQ0l6s~L3C5Mg@xv}@R;btLDc7R_d|fCrVAs8fI}
zGd{nLGiX;e(R0chJ@ed{^$0yut^^NWS5p~WX>f({<GxHX2bA*;9QHV#@swXI@or9J
zU#9AaeE05@1|8PiAd7EjZ|^XlED27<V6?Qz#j@wGoFFVv2(=uhUj>u>=$_6~{);?|
zgyv5|#{#^7kI0Pkm@|4r2^Oc)^5UmIYg^`%6y=uddy$_d9_k$(5@v&hx+0xum3!KZ
zK&`^*{tu&JRk0IDFw_xYaU`e*+eOnByKE~FZjO24qM-Rmy~VV&kuJ#L<`YSyB*Ihg
zg;F<qWAR_!2WtsBGt>BqmvQ%Dfg_MRPRV3eE!Z+2S#DXiD<)kU)h^5kk4fq9{=5uA
zZtp#+s%@ox88|EKgS@IN7UF<QI<kZ0T;~;uIq22h*ULzi#3%En+8<2}b@eJYmNc^>
z8)_jQA&gTVvwq*+W<ki}UuGZ7hFjY_Qu3AcwXYUT4Tz>7v0O0Uay=5cUeUbdzU{AF
zxEEom0Rqam&g+1+<M#SX4Efq)rfjB7LiF6I-06Ao#V@q8qZE*eZ`H(>$!%JxIJ0zA
zU)q9nN8;^=<AVLU@VHw~yE%XlXeKjG5e9j;F>;PtYCSoIv$V#xt&3KEgxuV2uN|hq
z%oYvv%IUlHU5-*|%zc{U?R-<2bWaX$^HWA5-5}DggNIi40M-<P;cFNoaXDC4QQU`8
zQ{(!&e(&+Q1%>P$@-pDs*{ZCcTE56;k=a{{<NTs4H;}6@P+{nG?`d2ux61w$aq8>+
zh27%~`?bgS&KTDEzlm->30XEy$Y0OS$q#c`9v)g5FMZ{!93$}%q`d;f$^pMY`QUa|
z7T`oGYG8WO0-aU|j26XSyg);A3-2cS93~~Ip<bvRj!^$O61Jm-sw*sRS?5CO##5^2
zSi2C9I`81^antA|uWR--8}TENp>Lu|za%m^s9hVStNh|V{f@00cW!*5#`W99Jb^N^
zP0k95DQkY(o4rR)4A0Yl#XU>!aSZ%WDI65lU*><X2ApbpOTj4T{&1-~h5Op4Xxk{R
z1iN)sF~jF*GBRt?Tmv@Ou`Sou)*%*$rCIdEbp^^h-TA$5;<WGea#T{MtL{BXbX!oZ
zmf2Bwc~b%1%(%9faLyld>3tPw+3-A(uJz&IsWGP9z?8nz;0%u9QZW-Wdbg_RE8|Lu
zY}XV-m5l@(ek`MQiQ_S?F!Fpdx%TId(-k1Jm8&Pit!*Xe+T(es$Gl9ws;sEIe2fhY
z84q)v*r^!NT*4X))arZV_k}nx71_2PcWbjqE4-I^^n{OeV(xfr4qAK_CZwUy;)41t
z7&Bi_O{@-E+~tLjIXzr(%C$(qi|y9Q(&4%*jJ-|MRlvjv+vpx*J8>$Xep%0X|4d!&
z-k}(7$nbA;_*Nwj-$#Xn1d0)Jz@yM;zuV~lbL>m}*EWqmDUhj?U_@PvPt3WqZiwLJ
zp^}Vv=Yb@fkEpyrT=wsR-whMdpJ=({M>-;G|JeW7J1b=FxT5d-Wkp(XIESNY$ndtl
z*}_mWPNiGN&`iL!cnU{BmB0tPqqBn8b#Q&rV*S!>Mv|7#o&TmTO|eNBwScg?sk1U`
zASp6H^3mz1cuGP=D%zesPBcFnd*od%&A!7DsOr4X={~BMfii~FwR#_HM7Yi_qYup{
zCSL9n9NY@LIZu@8urR+a$*L0WXQtWMYezM7I8!uyC?ZAXBiuu`7CnPzmWS9*7f5xL
zy34hQkNJP=I%-yC8*115Le8qsB(wo#z%8ZN;R!I4W#6%M#sQA`#7lQ%2J^sp0Jn~U
z8ne(Xsf{b$+;_^zN4B_SNro>Sq^s-)<5Eb!1$<!h#Z%y68G=%KgAr*a<~m@apBpRX
zZ2{ryslV;(XfnT~k3f5kJzf`Dl*%x<&CB(aHHUe8l-h1FdduUy=f0NG1s#zSdXSOK
z?1Y^KWQhAl|GmEljHnVNAc`M^KQ_ESaq1J%wAWoeY-w)^J+%q>b`pYi2TV}7UHW|;
zAoY=Yui-<uIgcwQ+?K~3T-SSZoe8`eDt-kV(96|wG>40%Z_p<TChtD!j&rl!sZcMo
za(J}OIhIj5371rRMRe3npZDZpZj1N8Hs)ww_Bi~kmKKoZA-tP$o72s~wFUQx)$j$o
zt3q&l+$J=2>=ZUm*!ucsYCCgT1&Ys3i=$eC#Z^O-8u}imv!Y|on_BO^&7u*r*N32u
zihb&N!=0m7YG&rDDdf~AUV}Vuy{Dv{5>MrRZ@6@oeJD<>t&Bd2;e|!F7-&<LI<+i3
z*8w+}ajQi(&B(vAxLLE)K?8DGy1;wjt{P~Ux$L!DAG&-P<EWgFVO?hhA=r;=Pb;TQ
zmQUwd;eJHy@5#<Evet5})@=89XP~)xAP0HmL!S0j5nT$%8sq&b5!S61$0m;6_vOX2
z*@1_J6CyQ+-3wnidom_o_1vDmg<Z;S#)vpo^~@(#%3fIHRq?^>-j_<*(wjKsYM~Rm
zq#Zz!zhutaCvC~o$DtEJ;;2HGJA&8x-m@89?o|{_TLTv;lF9M&3<OiDXpqNuZqBl+
z6Z3XPVl$~KQn8*lj9IV8v6>iX^Qt?u+s@~(zP3KaY(~4bmvm0FX4jyQJHESa{6NzR
zokcHdNMq+?G=HBh2M!4v$=|moZVourg<0dm_1;wUYdveIEQ@%q4k}CA4F2<1b!Svk
z-{`Po8>+S=4OSSQchOv3^XO5IMi;JsFLu~{jv!S1zz7B!ws|8D%lC;H;qt!jX_(r<
zKC@+CrDA2TpHW6s?IA9McBwqH@bUY#C`m=6*JN<uEMpN!R;^gDUtTTqFXwz%P?cEb
z!&qi#GmoYsq{oUIDP~lK(lP|nFc4{(%W7k4(OmvDT$D`A?BAz%4(ednxsE0fF8gFh
z?us(Zhj6b|@5pkm_27u9L@l%cUa20XxOO~C^jhene`?J+%DiqI#cWUyJFycyK;|4o
zZ!I}T9)dTzpsU^-B36BoLv_k<e=^FTO5-(Bh#VWSH7rp3{A*uk3{B<F58Kve4OJrH
zHI}})`iS=TxqFI%+ROLf-7Y#~eS-wa;<=(CUWvJ0Y}cVA^m!`jG@5^J?y?2}drN~v
zIT|dNT#^q;^P07QCvHhpW10V^M;k$Ab*x%v<*2#L#fuL=qk6%fwQ~A7LjJ}nSO^0>
zr7or~P|WC6qP1#Fjnyw~Ct0HC^&i^iJP(At(k*>elk{Q_dzzZ3FhB_1+Ab<3M6%KQ
zAUZ1>pOTf2ucw75p$3-C{Ig13dS~YYv<)d>|AVr(0BURN-iKSH0tMP)#VHiG7Ap=F
zN^!RU0g47M5VTmaTcl95I7Na>aR^Rv*WgkJ7F>&eC*1e<d;g!z<$g06CNm)?=d8W<
z+H0@p+0T-hs&@gpHWnFp%-#(A-cuv`+iJ3a(bgK!%n0I4)vgjMn_FsQ-iT}30YEj7
zovhjXVLvxu=rlFH-4Nj=zW;vwBB=0yo7a9=oI1iriW0*0!}?;5l>R7Ta>u7VP`aBx
z(2ZoL=In>r(ttvsw9OWN^~QN~qx_)zNdIvHs)8Fa$^iU;D1kWJrm(3ruobs&#m<^A
zGP-!AsKpGVU)HNL+gjD9F!zo2BJnecSvRC$CCiT6tYmCAix=|)L&^BG7qd8EXYqsl
z7yS`Q!VbuxeFc2oyfRxMXF=T|3f__|GM>G>>@4`s5NgR!6(_6ZlgGF!x~w4!IhExi
zQA~jXRa>v=D@OyF5k>Lyum^5`1anl%bLGxl6GblP#g8n#AXC>#c)31l@xN%(n2K?)
z>Qh(>CU_DLtCn1i<IpaIZ{txnQ7BE_aeRo&ae1+|(6Vz@XR9WO#uQGazMXJ|b#IJL
z;c2&Lw9mn>CSw2QB&LnlUKzkC-=tiH<+zOYsHp;x^y*@xIQG+4c~~acBHrwFQQqBI
zj=C_RJ}~N{5**bpHvn55IvP;0NBH)C&*9CRkVh|(^__`u{e|ijuRTvP@l$wORz(V&
zdRAxoN{A;z|MMA#ig#BMJ37xThs-H&QSEV^y-@kHUD5O=(;=4HiKYkxtU2Qnd;blU
zZ9l+B&;-tvfSu)WYAvP|1WpK!_KQlrzA4XLzAWY#O7L+Od#2}3bO%e%oNcJSN!3Pd
zcR<{DJ>w(ehQ{9I5bD>kSxrOUcxFFRQQVWOJ>^_VkAq9(&^v_Uu)u@n9AH8PI|GgU
zaK=_d|HWQM63}&!#O4wvVS9~TRDYou&Sq0JTww-m1ENW<1fOj<s7!k{{U8)=I=(tn
z1G_GK33o7|9@8tVLxOYkvI;kNqw}}wE?BjHT1gwwB+V8hlrfD5&#U)lG*hs~P!xdi
z3xza~mP73~Tg?J=rNqyXzw?m4hH-rL6J8d?qBvPT(R>Q~)~xgmX1+0&9yaaL?i-<&
z8I-RBm!bBWchWBZpxse!TW9u{F&Sp%FCexDsZ>sj{?af3m0DC!JGb+dSffas$<N$|
z*37zHN%dG<P08EWR2e&X-rSiw{5c&dtc(t;!-&|q3s5d1+b|Cz>NLl}ZQIw=xICBS
z20K5o)tq8gtr^Pm)_kY&vKl&I1T5<%R+GgF)LyIjJpRb$M(AN^-d^Um_@92+y|tan
zg91Ie(DuvrEAXY~A%{~+bT?`Dz?p3%9tv^cG*TZ6gca>ew+TFzf|_buo>{Jo0(%``
zmh@9ArmS6>U7b7@yvWBrC`gL=sj(^KBs4_Pdl0e^1LUjMl?h$0;+t6$5~;O73m0gK
zo&<Igj#5)z#eH{?{XILv`W#3LO=R1ZL9T{%RHt}oG(+(6-Q?)&471ADGx<4)@hgo<
z3tu3BynGd1BT&h*5rw;sRHk&x_Txd}GU>kY9d8ut==dyQ?_a(0sXae8dO8|a`yf=;
zezcc+-cNP2d?h|tUi^ypohSdM)nHBCf$;L%wb|05`xL|)n)|HtnWXTQ1+VxVBH<~N
zjaKEmcbD5dae~$nNjNH)j#NDGaqBIqe1MI1_0^pwHlzi=G7#vup;3Q!sv0M16vS&j
zuEkwi)BSDvoKMwaVpIRq!PnZewua5KdCy=XP^oY{&F+zpu!6qtwy4>eMx1eNrKxSq
z*rt#S?0&YO?F=H%J2n~Rq)NuVU)g0qzB<hE*zAH^vJ3<wC4@Qn2qn$#9iccQHhL2d
zia)e3mM+Ih=gkdl!3X`?9rLHw&6h>w6Do=D0!`vC-xq3Vg<2oHCrtk2r0-Iaagj+H
zlGX2c6#&pE==<xR^7ZflygEaLnJnJFXPkXqGuywJalq+3^o*khW*nFG`@t^dnyvpZ
z1f}Qh#F(SANRqw;YYbj8pT(eh?HcpsRYxeAA!vnD7?i<wb+#+K*N5_d`s`xE#Qd$V
z8X6=~8D2-_9P1o?XVnz8ubA2d->G#JY6L<XeJFuN%^V-Jb+*ox@fk1M!-F8E`OK%u
z6gFOs0j<r+=atdq=I%XeiIe3#h{F3@m2dCV;%`Hv>W(c&bGH#9b=x#j7m8oSj)>sB
z-QJo2ifuBV6!v`w48JHuX{;X3x$Hv7P7cj%qKRHo!yUI7NaNOZ$>rE>2Ipfn)PV(b
zQs3>X%W01ukHBh7N`oeKE$TF!)xt*n7!-fxdXisr^!MJ3U!c-pmc9D8A`dfxe>;cD
zMW4j>{4%hXJ*4{1jYd^UMgtQ9^nd^Wl^1}!xgAm&G|TvIo&XsTEY5TbS!{F`eOzCm
z+6qBtm<2q*naB#riHDAcI?H7B%{<H0Fns@^>(|e{r55MbTK&O+FB+WdUd@n*J)Kcz
zQRTuon9cex8l-;~^#j2o&-VaZ@qcK5IkXjEYBJvE#yBl2;IsGZnXq7mFV1IBuc_@n
zX>0&i!3k7oUErra!bQ<QcUHfRp~5#X-A_pQipdCtg_W2Bof0H2At!3)_=%35g>Oy(
zbkSsGy!WS;RD9ZCQiE%-hAB>mWkyoY60xqbbe^`yZYO*w1LB~nx53-l-ya*?Co)Dw
zGJH6?lZeX|%dW~%VD4g#is^;1PJO?C^**T2Qk?bD3uxH4=-~4e|21{DseSzn4ZM~1
z!L<P7RW2eTV#8EZ-SVuWU=Pu4TZa0K32xd9=B*FrK@<;7c-5=nqh^QI!ez@5cH%Ky
zdd$FtEWH2SV^L!Q@w+X3D`Vkja1o_>I~tqtakpn0`ng}1Gejb?2^>-`VgOQ9&hd;Y
zvEd7-;8w<P=(hY(-5vIAa+f#{noTKbbUwhcrOh$<4g)MH`R8UL5pDQAfUYJtXx<(T
z^e`*Bo2>yF+6mQgo2-D!{u(BoDKc+FiK<@6Vm_ymE6;xyn$Q8H%f^#S_aF7I@B^^&
zBv%Nsg5kG%i@09cDw_~?<{kV0@Dw%ENXrEQW=PsX3Di=fE0Ii9v~KI$McB*RX?OUU
zD@>90aXgl8sTP`P+XYqol{W6#ytWf<v(AI_dLP?kOyNhn3w37`;fTIzN*xaClOaiE
zMKY9&)nu)I5*-f*hu&DBHUsW*U(_g@=37zcowlH9{mH(dSutyR;#xHy>>CL_09gZg
za;(}7t=zwE7e(Oj*#Uo(gBJnd+Q$W030m3OF8{^$cMu>7ypT+%qJg4DgZUN4uk~7#
zUSXqW+Gi(RKwsykI}ss717u`mYC9#qU%X?@`iYp(U+Pk8MANQ`5`u3APLQ-{DE+>R
z^^8Rz6~IPtIjsVk;L*<ec+XvhyGwMi+>FNKaQuCVM?1L#1k9mmOg9L)F`B*KpT@u5
z2;5MvUWbdnX*Aaa=DTiYF&P)T_}-r}T8uA;y-wHj7+9naQdaX$!q9`0eGg;zlDg=g
zH4N`xSotUJp9^<GR+m<-CRtxSZ0wUuT&Sd5j8#V-&a0yLV);_He7LXgmfLsv^^Mn)
z5WJ7R9G=TWiJaO_F6qa67R7nAbAIrih{Qy8KutC#3RIpE@2a0E6a81aIt=e*`SN%P
zDZTZTDk3tH-gUW-Q+oL_GUD7&Deg4V{Z%SAa6JN7lXcmxoBi${)87>NpWku7oYR@A
zk6|#_<W)1?vxb7H5|iLnFVI9tc<h{8%9&*9hwJOMuH#)xJ^eG(>caK+07?Rqd=Rqz
z<4MRp3Vti*a=B5?7!M3#Ildx13jTAFz1%Lx&@*!vK+4X9dHz^@$>e=6THETMz0}A4
z5!y+yYSRE|F8QkNjM!%!9HCu$kEj(3en%%ISub12aSy9&gcg(Lq1BImUEla`V?m&W
z;XmItt<npu^UFHBckh^_hrHsn^>A6=#YS1P(c#_FtYZ@t)Q$&aFDpWY8Vf7zkusg#
z-8`y%Dy^tnD53aZiOh$89k|!3OjEw}xzR;wX@LdpySJtv4jB971m>byUof3XT&qQg
zYmUuTuoNAo*6LTA`*!vl2XMy{7{E;hirmgfeEiRbL3^?i+V{V+kkez;P9KEaeF>rC
z0}x{+--<LoQ^eLxiRqyQ43ck7^~U|-&KLBIJj+O^mcNOBxbxF{u7Pw6D7-wEG^%rZ
z8usdPR^+Vu<Z0l0^;{MIaiWW2gqpC<&rj8QdH@bK*!v01YJAL!9@G1+$fcX??k$1+
z5Iv@9J3(qq!QPrZVF1<ed(JpOp##z>^hIcqQ8!=2|MB0B0n{G$j)RDZ?y2&UT-9<*
z8tuN@00!mD^{o8WX>WSd^Gc+CxQCvVz^Q|WJFL%#@kxl5WGyUmGcq&PLk2;wbiO4e
z0pNhuH-P>Z@yjuWxGdJ31S47#9VOXp`|ZtczSkdUi!#m=v&@_1Iun0q1$TCK4&`g}
zB*!viuxS=X)z*p-Zsl6M21_d+855!dXx()H<?154kuT{J#PFZ_ch6<*dGD2V{JVnr
z%;;LJBhrB`Jy28kGk8YOeV3o;*<b?1T43UB_8#6m@k*}g6W0?D$20GDrg{z_z{gx}
zG0KYC)&5abY1EECQEccN*Hz-Zu18#xWlo6^4Y1Pzn>cUVJKty%@4wJa=B)`3(t6fG
z^X<2lr*APccf3^PTb|0fTOLFjU5g|2MPqB|3a3R+Jw%aM9G_;3>^2swx5USWb~Xt@
z2)c9Z4FHe?%k>mDeHTFV-3zOBeKc4gM7KlM`MrWd48RAG4a!+o@2xFTX{Bj`eIm4<
zii~BdhFNGTD12RtJFa;acg8er!tw|3Cgd};;gG-jZtezny&fDl%MCs;32K{HHqWx;
z9j%q?%$*;-^st2$j2Of!=y#&UBBQd<V;q|$ia^hwe;$yo*J!vxwTZ3GJC-7Z{9q_N
z_HtiuT=tFLa*8zc(S|+dXH9^B>U_K5>M7STe(LR;P4gMZ6zYmKc1m)Rfa+E~yFBvv
zcKG~C@G!bKcAs?q*roYP_07ResqjBRXfc0Yy)Zo*=xYpoX#-em#Fx%|{zY{t+xYqd
zI6y|kIzivNN$c%BhmL{Mwimq@H&u$gudWBUnbiflIi{x|w)PA%3@e~g4<_M=;%YdR
zfypPS{CF2PcUQuH{Q)_eyBa0oJ-5gpvH0)?i$9c@zjYm9?&r)ykF>oahOf2>3<I08
zQa-WMJn$0VsMyn5JHD+%y{t<JjNXn4a9Oa0J?D*=P5phH1N38pLDiP?@-NX8^^hko
zbOB*g6ZeZ%Pc#hO7Xh%^UC+P#AcjT60yp34{tWU6aQBBPw;I|P_dnR)_$%`g*U4S7
z;-E`A)m3;%NZ;P9`*zn#iWfOIwSwrOqu@%SgUNpgzW!EhMFgHSw~)v_C_3I0Vf_)^
zihj0ob4x>37&@{YiOlm^jmt(vsK^$=k1T-G0D>8a;o%`<oLNfb^fVPf!1W@SfJHa_
z&j9H)m=C@_*~=?>3|{Nr#-z<4{DbxyN^gvFYVljbp^P^dXg^-Z?EWlscIigc25{aY
z>uQds*=g#3$A_Ow<J9Ap%ioMppFJYLp<UM<tZ%d&?Jn9M$M<o-y9$HZ(eOL7j-^XT
zWanRxT1*bUD_0=Gwh;P#0*ma@KoDt9c@keN0|spO#p_oUIwFN@-S!M)8jCHx`4N!U
znXf2;ODn~A(94I*hu*tqw{|8Y_tAN`2}k4hZVAbX+s!k10tdZ(0S-0ku`5@t6~RJP
zM@a|V5*T#tj;SKRaDu7Vul@9&^DSoK+YMe^iE-baVlV5fm}(#}xF*UY5S>g(&!~h<
z$A|kapcS7^Mm5jm%ilM4%R>A7fl>Pdut~i-E)a{;FK&v+f8^0&j49)@<_@jfesASw
zJ1(byxC?Y%RF(G*vkQ8D(kfwG2eI2^fj33>TNrnvu2U8CDzabmIhF#u6}z@<2+^2e
z69X)%WG_Bcg;4W!QM)-dT-vvhnMvE*mxx^c8n|Hfs@{)18r{ZBE%T&ApU;S@1SVED
z{BD)lO^<*cV6=^jS;+M&i2*F>qE8H^Xn%Tj(S*ig*O+L!@3zblXs;meHW1w6;t(W7
zKNB_J*jxnA!kcy0qLR>$RQM2}E7%k)LHDGYq~E<Wn>s5s>qkd4R>Nrc^uztLTXy)@
zFxuT*;Km6?lGA5y_7f|#V^;yWw61fj%5L{2s?{>>js$Qxih++$-eR<n<5cYBOU(*n
zvu=RsQ)lip?vRm%0N9G4?$bk*F)|2gc+9fd1?XPLY)(Rr5q(J!k)?HIS-6xb@iC0@
z3Dk7J*~b`G^$262aTK?6Uw)(0tRHD3N3E=+UPAUtR@$tsb~&3eVCUQm-J9iKBxq~U
zmgwtPefIZpvR96|5!Rth#nH(zoc$taiFE_mq>1_^xNWX#bay0zNeVL56Zlo?+(N_0
zh=_<f$O&~%p?z`_aA(^Nel9Ue&$nEI;hLV8;1k28%4NQ}WQ{3hzUo{+lu&AK?<i_r
zg`C#X%Untu?iAYdU94Pf#r`fLM@Q4`NN5NPo?E5P?KN9e;@J7S(QI~u%X{jQk=R3?
zE;%L0z8|vetk`$7Sz^||^*vs#00af9>0ga)XNiU{2c2YoZSR^RjL_ZX(IM_1{zzQU
z;{_bz9ihXKVPv91A8}Ih?m{39Yvi~2!&~Mvu%t3;#B7Bgo32Shu3jhXv!>g{sZS#U
zCQo598I^*0o4v@UOuO_=hDRWNiOr@^oG2=`5yDei^FESM-elqPNr}tg=f=~BTIshE
znbvSXKsTYH#KElaeyDsTRkiT5Ijs4|k3O??ifWD++2v)65?1Sdaq*<nFW9IU$yL|+
zDza|g$=AQLBu!{+W^*9p4^(w!!l>&qO=W^YD1<>y8yzg_Ms=5>;M_L5=l}Sq*M{(3
zx%S7`a)aOFV_2n*QCz_BmzZZvOx=r$527KeSuV2^3ks{qTL4WffD(G}0yxV-#4k5m
zwfk!5q`0s`CHhX>SfL(Op>%Rl-YS6p*CV@QI;ZvHVqT2h_SVT)AvSC10#JrISJAJl
z96~1Mh4;-Bl6eR3@V9iLc%wz#4kCcv_C{H`c!I=tjhF1bzmeO!LuI~3H>TXcMui@o
zbC-XP<-DJg_F`=7>>x4>>ASGqUgMr~yl;Pt($S8vllwMj!Mk*INHYgnT%h!@X)iE`
zh`G&<9;lAy)r{om^lRizM$`!|J;Z~L%F36b9LafJBGaaFJTLCRRw9f65-88%hh%fR
zG^b6W63Z2Z!F9tehrBWCx5s+r_L=$Gr808yugik81~YSWcr_4Zl3DWIGe6%{*v!<-
zMSYdTWL3{&l#P!A@nmWQS<O|*SA4JdMLw2of<X<8T&L$I4_^0d?Sul~+E&v{WWein
zgspk)UXNq!GWc^$a|I$gS3U2omDk`tgqdq*eDxqYp<uT@heuUzYG`OUlXlL<dX^dP
zyopl-TAlK6f->0lQ==%XbA|AJWyIHyc1d9`&wWj#v?O&K+exW)Vw-e=j@P+gxywiC
z{eef#wS73a95D*6kWHaT;w*j_8jl8lCMv8gJH9*i>-xkst8Md5rw!|`kHA3c3TMN4
zW@Tmlii7n-D*}@OxX!j;Kv`Qe_~Ol9QB=#v?Mu?)orQWoqHD_(9a*)hT2A2~)|aG@
zoHZd+OXyLp@L&8FqgqRf-cp)qG_ipYkiR|*rupw7HT9#lk(>x>uDcSEuwI5z2aOT$
zSa_lPsGV9^a-H=plab@O06(gDeoIcWIBh3Hj;Tz0D8(4O#VR~canAE-|NG$Fl#=G)
z&R=Jg0?ezu9ky3ym})lBTY0LN>NzT{1tr!)EL5Z%(=Q9sg;#)0iB)Qz{FGD0hdAN)
zz9tQF2^N^9HhLKdd@3GfI0;9y4YjyU$dc6@=aw6=b1YWXv-nGa6faW#iTGH3kxo(a
zM{&9JksM2LI1Qj+93$vp8ppzhs8T=cGsAEK%2z|@;U0+o{yDZ``6<5VS+Anq4plJQ
zAyr$5iBjXyTw)*SmV9tbL8jiBlJJaI>mCvadx_z8->6lAGo)+dEW-i1(}D-ky!-T!
zd6TgFM3OqS_QRHCR-<hSEacPMlSiX@8WR>4O+T6?^j*wJx5O6L`kUR&IW`G4&EG_l
zI}JHmc=vHkFbW77ovIP?vpy(*G#qVsWXy<cN%4rL-bWDYl|9y%C;Xl$Zd;hcT`u^v
zKl|%~OLB@!yY`?vYj8jL-nyrYBB7joG$o;9(uX%-|1EOZhE20xxqS9VR162X7}>Y~
z(E{LZ4S=VG9coQ&06w5q)am(8;rBnm+2p!P*3CW-ZNgrO)hlZI$iQ{iTO(@?arMOg
zFjF?RBMp1s%B0Y|caT=5;j(>F2236Ts<hF6BAw?`EiugPQ19xnf~A0L<|oIA7cflJ
z+a81bk-_8umFInnBPsFpy~F<y79CQ?9iuTGFTRbC*m>Xbj&n6b9m=bf8J$;F6UA9L
z`Mus5F<_xFDsS+nsK^ix&z9F}Wc-fh=c$bLw;*yF$Ks3x8Cl7xtTQg|CT=|QY81qu
z8!ycKiPSbdLXAboVCyLZgQOdcYgEo;v=v(-<Ovh7vI9q-ji)kJaPZr!_aXkQ1p{Tk
z!Qly`zL|lIqS0@_A~?QS{&?~fYPor_TJ4w+kkl4RWs)njnI}VJl{K1bU$OGOU=n1~
zqo&CdtRbHuiXuG&dyVAk>9`$kS@u^BmpP>8G)7tV6(9!A96U$`XnQEQrVq-JxP@d(
zmjlPy%o}XyDu4r2ZvurlUw)TZ0Q!SqF8;EFKd&Tl_F5Ozh4VIME-GzHrdSp{&NLL#
z8;h$yH<_%5=$}ze^lRh}@BB{l-`^D53j8Wvz@6FuC4dP^>2?v)c6R<txNo{Hs@>8a
zAaPaQcZDb^rXW(}J7i<2LDk(MKvOw`7QI$1vPB3y7T7;kbDrI_uSBPWq3HC3vy_GW
z0_X_-)ZIMr0c5Zwld29R{~l8e<SLtY4_osM4)rV<>{M+Sb_TN^u_iATbZh*n0;B-&
zynw>8+-RMe1RPaz@O}L3s#Mv*a3xa>QuKLNcHQUtWptW5X~X0eeDrm*MX<@yAY?a2
z0s&-DMaZ$Ic#~TA^scaV3Orz|%y^eh`?;5m!PR__QKTn1&3=^c;3Vm%x>i`%)N8_c
zTrjBI#*$45a?fn&*Dik|vf@}Etr9O6+Z`*#cDBgDc%p>C>Da<Fw<rA+uega#?-3==
zu(ii2r3t2W)4M)}<CNX*vTzwg@@AoY*_SiV2-`xVH>WBmjwitdN97E{Q&{?pSk0<@
zeA%XjKa7k4rZ48%lrP;mb7+FbPoXr;l;VrR9};+^7V1TD4RTzGW5Z=lvhaJA&vuWp
zl9{UXn)-chhI1VYrpiVux!p!O8hH~6Y07?2|Dib+)vVE%BK%}&^Vyc%F2NMg82f$5
zle-dfc*4>tFuWhTlGadJb1cxTP@2;KcO1;oKO`s&fY&B#450yv(xPhq8?y{0lI!Y%
zckF%2)wEI5T9D%;T%!OKe8+dX#Mw64N~-}J!>Mh>HePjjI$8DeJ|=XN5i|(d_)fC{
z8yVrHXdI+f>WzwraVyK~$eYLJP-l*2oYFYd;?1A)E=W<t5BTa1FbE7}pwh8@gc5cT
zO^oN|o)<zo1=7a^;K}lBgEyvmy(50)Dh|MWmNt@y(ihk-kys-JF~62>Ch+Z(^7PKh
zRI;pFmK{~2kXz$V#pBnt7f1@8!4P8}pGirTh68nz9KSe;A->Lg+O0U;rr8uP@Pq|V
zd7YGGnhLc{*dQA7@)}7#$qDmBr+&pN$bbQ)MoG3Hh{;baQs)c1raJTEoR#gw(a{6<
z$iFVOU_K+eSxtg^X-UK73>w1j&G*EAul3IZl<4x|kWQM{Z5bLaD9g|8HRcRCR;niQ
zvE-(wl6VJ@;@zy>WioE{1;@euLQrhL5dec(Biw=Mw|_1$<<b^s?I?Jat)a)}dKe)D
z#m!O}Wnp1byzEqayKf3=o1fYT5FG>Df5E(pRz~j;33p^98f9sS3OqB^6U)d|FnJ_D
z*xQ#k?x(9ZLo%OMV%@E1OJLOl?ZV`zj+PsooKCBNdi`~h)t4VvVvn>JCjNl137pEo
z;4?;&kT!l{njg(m)Ymb|T0IEgN|e-};p30b!OM!55s{27oN*st!{@`wY=UW#kQ#g;
zQDYTq1y}7`2uNjVj96$1iKg5^l&OpY3QndLt%FAo5uQn&AKeC`JZc8j-9e>p<vocn
zIF=r7%0HJ4)2p|NyYJ9jGUb>niFc<j<t0LGX_B&}!E*qG8i{SPRxGlGU7-fMx8M_U
z{Z$`Y_nIMevd{JOAk#r8=Q^&shC27-uH(6j{tARFFg_nVe+{L$;UG8*qOzh9L7X;1
zZTheT7Ny>UOq-ADJ2Brs<_>$Tr>UAa@fc}kty5mKbV!Vf7NraVi)KU!k8>FE1P~e#
zIs7-1r5eB#p(RxDQE{W?w2$=8mJ@8JhEIVyrd@zE;|4T5XDHJ!rR=~F-rYlHx(*-B
z!+?|Gy*pfmz)0m}0jhKxAP&RPxjr<iK{%BAno8JY(qYXpNXR5r2bd+v-iR0N7kwHH
zILYq@lDMWVGc2n-N_)!u?#3A;094$x<E6qZ04w5)Au$!|EIT;m*CMTzp9=&!E()jM
zx)ktVaCaXl?mXt4hxUAAdIDdXpJ}e2tAPe@O3h^dV8Gihx0q?GM?gW?@@(%5z~x<7
z9Wkr9-($2ezzbWdieTLal*ih|TG}h70(O#u?Zxs^rms8n$(JLlZ!KeOwkJ^U0iG_a
zBqmtCrz|_p)NMppRdBogh4^aWa%o&&8AMgP`h$N@oM=m-gZSf<kQz%rcTXAazUh-L
zR5S~Dw`}siXlE3y3Y?-x<4u5aOhVd=$@Jf_Hr&GXj5EtWvc5VAawhruFhw5K=hRF9
zO|oJk9w-9}GZ+CC!jto)gEjZE0;SB+pfZbZI&|22Y1lq@DBVBjaK>0+z9)anYV*Yr
z&sn$1J7|hzjSqAd1P23K4hDLj?qra!icseK(dLw~l)_h7&e8xr6(OM0Vj%~l?_V9=
z870bEG(O<YzG4f8G``35g07F?`PG$)mzQXHdV20`8P3JF^&YzK9QZYn4!-ztwz}8S
zVQVd!XYR3}-pDq4IdUWk7%&Xb$;#E0A`lo0IAD}dG=K@se8_q->V7rxX^chMH}<Vq
z`j*f_G7X@@(<$Jv!qJUbvJm1kQq-AINO_Y)t{O`%br1n6x13_J$dXHb=E{%_B3%<h
zgJBW4s2h`apDsG|j*N$gJEQSjR;v-U1>gQ@1RTlV&I>nc>%N_;%B{hp`od;H<q0>A
zbIV<-kzX2%lhr($ZC@{+7Rv%hsxtMjjI4^y`ZnS!N|fvva;T-g2Z0$MWJEUznL%Ip
zBs3Rm+C5}e8DIcC%yv#m&rq1D;kI1nf_)z8l5nT11B_qk^?w?_e-<Vbd0%#|EC|#q
zmo?@Ptnqm$hn-NpDew4OTc2NPkVb$#BJ5B-kE+~!LIzX`u_TBSn!q~d-@@IJ6jFpt
z>o$-UJX<Nu99=96N(6uq0FZl&!UgDuyGLdpH-|RAVSsCT)i;K6UcR)QWe$wPaco+Y
zJpL$4m!j+(YS$m8x!9ve|E-ApD+<VtK`%Jk<wAv8{Qwn#NfRz@KtyEC<~6w7GA<ku
z!vUnxulg+^lgR(SJ76B}$0CwOA8LBxrEY?^bOnqqYRW5cRI4<co~zg3zZk9Ix1MBH
z^-O+J5{z4E{wL40mxyB7epsNwVn$=KTztfj!71pD{8)jWk*{PE(_ci5A77=m29tC(
zWAA?^_@+RnJ(Tb2Kp~TGF#IRnTD@l^LOT#jj7Q4>5}2zH9O9ey=}XOrnTs6#A>1qr
ziIfjF-d~n4Bs&_F&wD~S{$=da<&6wTP>xNZK)*o&rkF%&Z+&4m&?GNE6=4-!J_E;P
z`;>{WrCl>+mBt%}m=w(;{{nkF1FB)ohpIcCTXiUeKkjmZ5lPkP5#OZ8I)33?=}TLF
z;uuCh$~>Cs>T-(_HC1crSo4(-L|^jro-miQ(kiF5BlFuur!euF<5dW2@n(b-VUN}H
zAKLwpjqSDg_-wP0B=PBe)rgPFeVQ>v<Xh`be;zqK*dG7+<{)llPO~Zaa!W{;&2==_
z#A{`Be5lw0LdxY87F)q_U8wwr`Vo2qgT@UTNEKYLxwhdwQ#`<!kjL4*2i7-h%vers
zb~a5;u0+;>{2UP91eP&KI-z27^XO!Mxoe0a__YnNlsfrr3eBWyC=5Z!p*g^A@?d@D
zWwBRPkj^&@0nSh9(XC}dYIf0iljW%IEHq~m`<(jqa?3!vb1+H1HRL_=lmj%`Z}iT~
z_RaHeg$v{)oT<MnB;BBfX?9KVzYDX}VP%t18awfP4mH+!V5z(uNG4BR*jwyc3&aa2
zDUwMDv+Nr?i>zP`g5jUx#;`9B>bVeLygzG13D^zttw5ECai)gGFsnOpx7$%0ZW=AB
zSVoii5qIm@L^ihT+|>cY+IAv0bnOiPXsAh*_#F!OW!vYxzUm5iYLZ50{27Y9QfMP@
z|4X^};j_WX%&BzjTE{bGDS~1j8IPii<Hd315}ucu;#-x^*2$oxILGHv#)+f(+QWW4
zaB2H;W5Q=iME5|g@Y(XbDov^tkcm?J&pV_{it)_kYIv0+&#h5|>9HB+9o=#{xwqdO
zPy0=Y$3VfC)L}@sYt@t+hEAyhovCX558d3qGpgi}>p0I<@K%J}cjjR=s8E&kaHGfO
zbhYZ<(Z)~10H8cGdB{I)#EKxo;~Ocke68z&^G27vjTNMv2gEY@!$R_-szLEjX3hF%
zF!~WfDV&;&_*)~781H2UgH<uX=~5mv_einty74N-0OXQM62z<|F6sDA1U1bXd5wIm
z-R<aRj&EKujM*dS;W0x$RRct;-K?f6M#&-G(rlOz^&h~<9i$b2Dqlp8;<P9UCH<I$
zK<Nt9GGrC{oTkDGWt8J{W=C7po)4J-ory}IC=zMu921Op{%4kFd}^6fK{_&vuoe6*
zXDUL$DTf{b`ETo^mgBNT&wa#`j)ph}PiFxhZ|y~nb?_MH3|O~O_Du0iIkuP4<z@AI
z6H)j=B@NK*c!rNoRDAa<k6GFZ-tl=`&EKQ5FGW47Z!e#1S#sZMvj?wWTK(WpJPS}e
z;NVkLF`gbDJR;+$Q4~q3I~S$yhfdtwe@r6P3XL>ASLL;tv5<<_=-9J>*uV^|21}yx
zw#-c^Dpz^!WC6wtUf<G{Ms=sPLy^=W&#0f=>QjNJg$ff#F}ZktYtt;ck+uFHP7Y8-
z%o}0HsB+WOHnQQY04tjhUo9<j1J|mdCy-`=3Dagto54+Tx<P{|9p2(H^M%*Lvza#0
z)kSlKKTXSf{+NIa>f8xgfXNl;-n%g^8P99Yio4to5QN|4#bXzeE+<b{gUZYq3giz<
z0qSS9x|2{RP#c|O1vT9+GGD><i_$148EwR1;<44e$E-`t3gq{x?^?ud1}{fh)r8bD
z^O~0{AkZQpcuUufs8x2|*>;?Km-N~pmW=5qdnR<)(huc~$FTlK$AonNo9jz4u2_RR
zjiT533m+%RCy`PIysG-~T`I#_@{f|l%2yxj_F5g~lP%Y463s9yl`{34`&GPi_xw#}
zMozxrv83#z3(2hFm`K<Z{RJ0WY70I|U1&|*oI0l1{)RuCqhBth?er~2oqm(Xx()!$
zrAiHNE~YDyU5^%^$OarZA_&lE%vG%{<oE`Anhpg0EFH(G?nQMrNhER;FAnyiii+Gx
zn*S9GUizAv<=vq)>mqPnO#vMdB&hD~Y?y*z)@adDe3zkxrY><IsN6yps`^bH)1X?|
z>Ft9HhLYZ`>B$(2(Y!dPmC1T%RQG;){%I+293f|KwEZYnA-Klb7VJ9f^b_$Fny8+W
zMvRGjM4`D`$W`%**x)Vz*B9N=lOX(O^dI=t$L|{CV|8J8J|8{st-JG)L?fZkmZ+P|
z#VMXK^m~_evaWaJGhH+kM~L5pee(tFulXHnJ9P8vePOh*QmGr*j=9ZmKxJjBSp4P#
z18T}s^gu0uZ`f#y{jANdRRv(e5xC~u7QB7)rn?EvEdVrmF~G#<k1}2Fxo{1Xs8c|^
z%<sDYK0p5yCu$jxuU*%5hWoLN8{l`*>~X(Zrn|8?Cn0!k1DN@<dG)VhG_mheKVhk;
z4nG3~EegiV4KIWMk``M^fStPHHGhEct-{ScIn@l%Xr3I<YD*K_Qv^Z|JeyK2nwLS!
z^^5w(J8JZ~hH&H3zIh{jF0h8(03yIObLY(S)~y@ho?95v;J-;7z;9=IbyU9s7+urA
z8t?{O?H&uiS=;9A|JeAP8jb4Wo1<}4@l@fkwws~n7uV=HnuYqoMQ;3>7Fl)u(;wXf
zVs55=&Z57*@VB021i<kpae3orkkq=3Ip4U>0Rp-R-rL{;;Oh%{t!qg4A1$HAcs&Bx
zT&ynYu$4G>fOJ3uj59$s0X$LXMrKUPHJJhrIHM)b>N2`NF|gtU>=k^vo}&3D(dnes
zxHkj-CFq>VH0T|xi=?N}INE0@Z=sFhdCT#U{LNhyWv=;Gn74~aIHriAWFmZT+^qbc
zY#$Ngj;?j9{@AyT-Kv@jH#c4UZx#^+qJ6m2)w3>xU8Le*k8$I3{+DFbDC`pwq7ab*
zXpy=GcE#NoEB=rB<-+2=-eS?uBmEgy{+UhifB#g3XaLy307{Avqg8MAu>Vdy@I64o
z7FV+GUl1+-*Uz3w0NZQ~B|(N8L)HI&g?8Tm79jHa<6j7f{ns2mSb!L*%q`Zeo4w?}
zMy>@kWs&}LfbjsTShfni<euufzb+S~ou6gAj^3Dx=D+{?Pw#xXfDVCq+y`{W-VzL?
z%<mOQAOkAvyjH9%&|!wd`8Th(T)HQTBjC`;B`aMHY>JroDqwJjlh}V9=pWzR&Go)h
z8*!iykU&0T9x|H0#JHzM?E{piWM1_OMKm}Bs^!r|j8sKujM&n}F`Y}RtY=Eq4NezK
zaHA5ApE*a~cPr4LgYQe`j>&yvh1+MyMCU4pnb7~M0r~TWc7iBg@Mzp9QxVu{yY8DF
z!8G%=SQgvEqQB8g$$+uh*dwn=Dm1sbyh0SW9{b>M6|-^aD>S%&-*`@3?Mb;?Lpl93
zp={IPgYG8y`K6^ck8?bw$5^XMfg9e*#*aLP%$gjGwwu=nw2kUX-YXVyVcwmk18ATR
zP{odGDz4|d?dZLxVP$N)49uMUZ)(RQ?7ib<Sy14X%1SCpiBv=;LfY*896#Q(0u4Ux
z+80uc?6d6H*gvrEMn*(rD54x8qp1~Evp=QUIH#E->ra((8NXQRyily*xb(*XKWd%$
zuXFx?zLP)_53q`wC3zICItQsTUa<obU0>EreZ$zcya6tGN5^(Oi%li>1oiZm)|O@-
zDNr8+0Ya>dDPBh(Q$qp%SG`&e`5e16kf%jYl$y!dQD88I?6l#+(Ya|$NzHqZTMYpG
z%Q|h0KLwPnB6C!;I!a7r>2%{pJ&6Z)1zmP7_@~k0v#!T=&L&5R+A;L$s<1@&zG@W!
zEF26+%r`k}ewP8O?d+lcLe@XZZp3guB6(j>p@%%^wvC-qFy|`I-9DqiFV(P(TzSXE
z`?RQ;;`x=ZT;b-Nh7gtROFJn+_;DBgRRU8AfxDVLseJSjt7)MW2^Q;L68p=6X!TR$
zi&H3Zh9vJlw#Cb?#Td=gjI}JR8=Rfbrg_)3)EW5!IGev1By51}BHo*YU;Wom$4jaT
z(F%+s5p}MmwR>H~5)`&oyCkY_>Fc+(+e640A{iCJ=lQV|o-D{iHa)%8ucYr1?%-4s
z5iNDUoI6)E?fXt`!-M+7YS(<9smq@f3}`!8M+tA&zNxUCqoz~NQlN6(X$s5)Kz_8!
zXTpmEXvfjsX)5u5Cfh)S0CJSB5LGRaz`vQHxh)ovl9CcG&gunU;?B`d52)Qe&5MX6
z6xtDOAXE7M+y`egEEFUixOn-@S>Gk7_Ub%+?_?#Vn?6j0E-TSKsP2l?OP5YH#%$_X
z6a?#L@WAP2^xSPFwQr|#?to+^F`9ut=861iTiHV$w=h6vBK)d9{tn_A`0<8m&C`Wo
zqTC@X<jL-<YW^zQx%AC#qk`AReZsb#@uPWN<)XTj{|$xz?|0c77)^%hS{RCb^na@S
zaaX!)%D-LppG{R*N5}DaeGH62S=zyks^{LLg=Wt>t}30W2h=szX1yXF4!P4yc>9Gb
zy|(><_3&Zwz*}|!BL9y>KD%z)HFGs{>{4d64l8gTBkV`YR<!AKv>_iP!yo4!JbaDk
z7vcBJFC5$e91Ly|V_JE(lDL#eIp3g{cu@}s+gv%hmX4hryH1C&yGXYGQcB?erlzd?
z>g;&4;AP)_Gic1@snhV8fuhrN`+_vRv3Q9;aXGydzO1bA4@1L|%Ay@|B#H_87*K5d
zC?pG({~4}9Q0src#-yA|xI($jf1hNmwlt{jd@m)(VMPm6<9L4)fM4zH0Lj73lYP>G
zIG!wj;v(^Q_Qln=RpySoyCg2)Fh4M_=efsF!3?VCqF};(XXD&|$k<3@nb^&FLinL8
zAN|5ts`MNOtNe$ssKLIZsraABQ+dH*k(zghsfIjPz9a|xS$==|N=h$I4+$+!^^u2R
zOeK(+A0We?7LTdH?|+JGxbG5BM<Jw!`i6!u5iG9Axg6HTD!G<02*y`kGnl)<+{op{
z-JuTU^vu!x%Gg@Nxj??5Q(wX?C0*TG_HyJ(il6rQB;U+?zS0Tj)9E-W0d9#~SU0>H
zUt`pacRX&2v=|$6%k`9P9Rs?sG<K_9NzL#CoE}n0Ffg<p^bNJbf;xCD&kQPlyyG_Q
z^$dFbrX^z~aWuvAwYs`Gl<)KB&yY4kp3at*NPHS0iG-wI{;+ieRrZV={`}BG*OO&b
zC<&ac{7A45?0K?x3~T@rNH{)yEkx?`Ow6P<(z;phPT3cTUmS=;nouT<(~;Cp*R^E#
zdYg4HrE!(-;oI2tM7O%CMM1;4kGax=egi#xBw-MYBNCvQ@SmaWWY-uvKNV6su3-lQ
zON-y(hP;leb}aGk&J$A={6@;6X7N%D$@Dq>zXT7OvlV#PlAk*M{&nAN!Jl+>6d;Zm
zo&0WOn6xiB5_vMkmk2wAunkxDpo$te<^FO?2imp_Q8XlG`BI2yG#ecew`*gKf58>B
zPb$Z{WA@m^-`{^Y{6|Z6MwOrEi3x6WY%JgX&LlBs`Om&xw6`#Bc+uWlO(VHiyUz7x
zN`1a{i=Oo25_{p@P-uknR_YAgd5mH@qf?cIpZ{w~X{q^WSJ*nT()cxC)`>}553cE6
zjG|~ZO<6x4vp(~OnVCp(s|+$8Dx0R@R=uB*8sQ0n4eBk~tZb>n6hN0_6XNp8X24*(
zs)^E+#+Y<j1;5RA14?_0l&*H8o?pKBa2(8Y>NgC?tY^C)Z`mi~bhEA@<(XDTe$+Yc
zu5yx#Iy|a7mvG*LY%=bL(TFPy4i1*BOT;)Xx*VMKGhb=0?0iAx<Ms}sdIl*IrRPVd
zjT(km0G*p3q7QG~{>PUOJj|QZ!lyCs@_eokgNwS8r=OG7)|Te!mJA79(dOZumnQ2i
zM1;d}+}xZ4@m!bMTyqnT*~`OCEgKH&ZuyW7ZZhxKKi$<2OZKp^(!&}X2`1mA!+sm~
z<8yc5YI8lYnsOAv0P37#u>RbR^Q3a~4Wi!~7Ghn*t2HYyJUkpZSsoVQX)rT0;}5CN
z8(Kk?TP~-dkVwhRNlE3mZz=W;4pJ%n{iB@dq6_u=U)q3Y1N{P2vJ_qnP0u}DunCqw
zhi;5~nXIs8nxO;NJ4*jSiZFP<<E<o~wK;u>gkgGke9G3+a_S`7!Ur_xt(9~|rFdC&
zM>lyo7AcNmC*g|Xah`O1l3E_D5s0r3U3PszDwMzSC)DFAD@oPWG*m9jEu)e>zvAE&
z%HCP_#K6GFsnen{Tv$+3*Jg-@Lm)XBTCveF@dwfQMQn-$1gupb-xNMl?N_z_DfnI%
zarca489G((;l6NI9(-V!m{|J;-?zOD)d~K=u%aBwV&3Qx^?d7*Yr+#MxkY%OYO%AW
zP=cyl3Qg7fS=W`-Jk6^}Cn}jAtygDrj-rM*@~AnV53fHlS7wLQ3nxpu4_V5yP@gT}
z)>K^Sj5<bs$mc=rOt_~!Ic}R1_nwr3rtT!139<=CD!`Ix9Wb~S>pCsP#p>Cx?_ev-
zL(BiX;Q|Cg#31KSeBE{CNKXZArU_(cpZ0pZ8+RiC343C?RNek(-$8$R_u+sf$3vIV
zyPm?hwJ^CPMl9W*QC!m-9yRNPtZZxr6tpN&YFEcQKNXCxF6+wVT@W9S41ycG<88-J
z!3I8v9976jxur7>9&Ti!y}dp2p^Hpp-9y0$2RpmxqDSKo){tyURqADoJ2les@|pc&
zI`XcrhkS3@ILZ!8dU+C5#uhlq7iqL*x4=)MN(>)GlOjPQ$75noM~wD#)RZG+A^LKq
z+4!VE!6+G{wplh0v-RlQ*1$7B9dfWR;WL>imsmYTC^b(7n2KbjcxR=Zrk-bKstX$J
zotvK@;zB4FFCzI@!Stc&T32*8cfZ!H5yldZP>PqYg5VEW|4NXJ<s6#i63>!(s`WcH
zS(P3OT-0#%G7fg-;_i;?zy3O|?Bk-FkVme@_W>=@x=<Kc7(_|*%<su!+Z-2`>m~}C
zRJ}>WI-}oeXwCZIiGWs(xUpd(H2@gAZ&y_@->6$`#Z3*F1@8qU%j^CA4cQp~csO>i
zC=Xa}2m9aEyAyj^j<q+w`VtkzJ2YRtzI=Y-Sj{<7C;CCEKYjO!qfhKd>bZ6ey|f>E
zS)Jvupu*~t;g^LT*%1#`lt(S`eMraR(jcxIe|e-G!>+tv@mgs`5Y?=&k#d>d!?iO*
zdUDV9pU$2m+KN`2zC`+GBUFnxCDRi4JvjWE?vVY4v25dBP$JF@*Mu_!`|s)Wzt(B9
z?Rj{7L(~PrvVko|O*S@0(P^2jnGY$2LmcnP)05D!Rw1b{N*G16fULRslf(6yEY6FR
zJWXY3>5msp!rDQ67+gB_hA8)icAAECv1V^2Ev>5C{(F1&lhsBPR77o|iK4|-C@!xP
zwv*FSzMMRN|Cg%-UVn<*=!!`7&(p1rqctz5GmaASN?P=I8GB|~&pho82{l50Y=<bC
zoEXuBm1I+M{c?X7#z0C+`ZPQ@JSI*?Mka%Si=@a-!0n)z$SUW~+0mwAt)T@<4aZV{
zLM84AHMKI+vY`9X1M5E)1!X;%>p5Zj>==33%%ojyV~!_#4BD0Q2^GyH(P8Xe>ry0-
zvgeUV`Gz>bg!A)r6Zh(B!Kl~-*+<rs4|P-*>{bVSgqp(LzH&ZLvi`X70E25QF#Xr7
z0v-2(9&Lwpt=(6V9PCGSLNu>M!YIe`PeQmk6JrtUW>pUr@gCE$;+G$mWP^J2UEcZ$
zEY<mCr+c4YT%hjPj=!E<O+d+r7Nw<qrfZ%GKkju^5Oj*Fzw(T9Q%ic@AAi`S0S92X
zSFc_*?IByB(UO%L8&;F_a&nWx0v6Qrq3JJtND<n+tO372>kNx~cBURogDj!2Ntu(6
zc*spS9}TRFH!1)+_K<4W_3I?l`dUjsSZb4RV26(CS#@@{QnKta7MT4G2l3eHCl3##
ztgyb8%K^c?)bMa6*ROW7r-%AO#2*Xu21btkJ-_Ca)-m*5`%-(+pQm?jjz3b5fcR5^
zQ~PHM->drtaaVV@`Gl~noJsln`0~Z_N}!eIMp~NCW1YPZvU+Vkd{3+lo-(cEevDC_
z)nVN!Ii#ql=hxb4i;w=WK*o7y5i_D)ob`;~^p`^g6xHvz)99JClp)0Db%{aFZOlw1
z_USK;e3umRy``-6)fcE2fLfYVo&OU%M4>ULW&{wun^lDBG403ziA~S9i#lGR*YmBM
z>8Aa0OxTJdKDCCWrKL;XU7Jc$)HUo&b}U=Zy8YQ&URT?#hzM%7ot&JM8Mc7Bh?iFc
zs;a98FOC(XViNvb-ZgAReSa93lPcD?FUoaU#GjuoXZSN1^Vp;-3PR*MthX3+94o#1
za0R+O7|AGCmBO`_cW8;i68R+VsP&kE5uezGDldcO6-h$Q%8rO&9yZsO@Lj3DeDC0q
zzix?q*ReuH@>)R5U_>@r(v>IqyJTTu;gIAMLf<wV`G<-2dAMn>n+)}iroUEDK@!Vx
z0(*qJ-EX35v8sH|dxqU&4#`VUB)y)wCwxu+w|6!avx9TAO|dHMgVEwILrsnqxdK5x
z+v#LJly5f^J{e;{$S%1DkQpW}4b1=L%F9P9iv{*f-dfsPmO;pN<>XGDPmHRe15*we
zcgpgrNAv3*?b4MXaRHF5a^ZCU?*}W5XRc}E{To|RzV#_5;JJiPg^b(NPxFOmA1gX-
zC)2W@ghqP(%D`naK#dhFSoH4I5A=VmqxmXAZzYO*LLjO$7yFpj^M<?}NZcEJupE_x
z3owcTYP#>-i(&Vy`$31_Tk2E`WO01FE=ErG@7HDP98;U-WhA|i2A8Yd=AVBKU3bJG
zY<@;OUgf*h8r-mN{g50#lR*iY_@Y8>-URj1%ENl+Pk*AI<Q$IeI}rj(EwdLNhln7?
zf!GH5S%$aMO9LuNxPGKI8k}D2<7U2K&^aZeeEizB{^$2X<O;yF#<hYpKZTArDp%U*
zb^2eSCgA#b@b9J0c7Bbr+71f@t0^8wIX<Jr)cWtuv;VA$s|R@<ZOw4Bf?5J`gB5%U
zGar9E%t}$x&@dGxV&A%tkN?B!TcyQlJM`qV{UpWf@(Vs$TyF6Cz&Dtpms||OU-wNQ
z&ZAf*!o62}vwN9py1Kdu)6J!W)Q}L|W<LWTInDk-|JzXFU;d?9JHN#QWuA<P<zkkH
zT1f#(?2vK?YAsAeL76UPWlz<*e(RCO<mnLwZL34dr}H1h<3_8jQTiB)Vuw1AFY=^*
z%!5=}1)#%6dJQae$^@q05F3IHnZ&d+LW%J&In8=c=l34Eyzqzl!+@#2rezk>?~{Jq
z2^@OJ(ZBNfAg(#wr6~4HV*%BK=nqT&6meYY?u)^7xoFa&i8{#L6N3C=CTE_m-m8XN
zAf;5^j!~kQF54WQ=CRUZmc^pGPwxMVRm%)mwOTcR1&dM;dK%T4T#~xFml@2s5272K
z+?~{!H^GA&w)m|i{{r=k!p1L7QDVOZml_w1)4B2&419(zFWfVO-|;6mLon~)r%^Yr
z;#+c|GqV}ykerI7r@bmZq{pK%Kw31(%*pu}qtMwuwg$)dhx6*d7wY88Y`Lj=Yc_y$
z+D<zcXQNT5%K_(cSPo%?=2cHZRG7$fHrCf)11)f(g|dWY=3AGKKYaMG_SvrcIMc4*
zOj-%5rBuEg>=mESE%9lI=Be1xe&9)~Z5<=Kw|bX7F!%)GE=9=`FEs)=bq{QR&)a48
zCU`v)YZNFZ{wYOWpl43XnK3*o>i#xm*d#fJ=8#hFNouSEiBD|$FTK<8L(65VM}zNb
zrk1`JIP5lMG?xX^WPYU*9;|jSGry?eQZIRR-sl_2B37U0L+i)!v(@oyChx~TUg_Fc
z!)&uxjn97O)JVsMZ;(g$#=oquF!iuIi6L?+9}y{;e?j~7%c;Tz2fewyK&_`BGHc`E
z-6WmJsUeC+p<&2$jnjdctNEnk`Up$F(6GOML3uezh0P)CD5zkswY8OE!>n)cm@ycx
zwPZr+LL+hkH$$FWq!-V2{O(<L(O+GunkA4*e#D>R|8nkUMJ-q8$#3eL_UyN?HsmEp
z%g2G$1D0IZ4yX^Gx>Vlx>AQS~CA3cAT)zW8Y`WV`VKu9AJ7V^(<v4WXi9D6xZ7K&J
zKH8Q3l*oyXANBm53p@ARB8y)`>G(3id?q{I4ZUl#W9!6@5m>S(@hBUkx#B}tLFNaf
z){pLl$obFpB+?hSCOsq>=JzNaRC|>5UI*gSh-xLhVm>?VV)NpkGLxNrp)>J{%%&Nx
z{ppiP`D5yPdTz&5O6gd#N1y8H*<F4TX95c@OU8#+(G0If1)u%W6i>)W*ZKWHmJ_DC
zQ+Kp}75{0vS(58LE_WMABDMSZ%Mpz#TeTml^EGzcE|QcoYbx(E65y(Iw}7EvN2e!6
zF%PjN+Z|z5oV&kZ`xxh#9kNv>M#P0UZ5Tya$!_r&zMogUcSzyTZd3IhS`CePM_h2J
zKZQWWWgAAu(2$Dn-g>~y@K0IA3uM-EXtx$z3?wr@`gp(N(|2pN)VmjFiGh&3?dM(2
zyGY}NH%h&D<m$z~mq&x3nosGq(sW$;Jl(LS!Lzs88pc=sIz1a^CLd+y`bEe+Z0oOP
zg`ryxp;D&@+snA!pFEpA7HuZ07fB&GVRJ9!UH_j0A2RoyW9!w;)tXuKlEC+YUI#Vd
zE)rVaKi3764Cau|DEdHxAw}_v0R!Sp?T((>*BhJpKMZnibw1i?3!#z%@BrdF`h~K)
zF*%;4l_^;%$y}wLK>q{G<FBx;O2_!jPwL_Y7XbzRxYv%#%Iqr;>t|Ba?~f2M!(#(B
zSA3drF{X{b>#C|ampDJf)?eHmWp0Q++V~FaH~K~3N<m3S8xss-ZMLQ60=a!#Go4Yj
z4)9JP_ASF*j6f)A?BSUO638A<G#e%XM@9<s$n|v@cE;bnfiEMe|InUp!EINES|7ws
zk2`=s^GI{$hw!(Fyso*9E!hr>uFUMUPa||Y6e-7naWzZUmY5Y2d!29S>G6PE#4jM&
zbrAchMd)fjx3iwE+S~3Jj&Bp8y%eO}m13aR^T<`#5wbh(RRj7d?upaC>a}V%d0oR?
zCnfT;Vy!pg5w8Z9k!1$Pq`BGoX;)`Q7F}$%`5G6W@=H(U$Ynkrh$;75u5M5ZFn^1P
zct^frM(sP9@abZi;_5ldS?5c~_$gg*0Ea7#ZyR@%Kxg);ydZtN8wvlf>FGald>Hq<
zZ{6?`h`8kys9(G@w?w~v$A^@_ajVvhnU>bO5ZnukPWfa`^3sdKb1%pBb>93dmiDhh
z$8)yaIx#%##IzG#wM~H(CM6oQKy}F8!C`eVOydc1Y<90IS*Q5D8wzO1$h0XlYgm$4
z`V7>C7z2WO?fK3{B_OE(DDq8%^EB4_MCnW9l5VD=*#Fhsbwx$7HEYF)NDv8%AOezx
zB;t^R5(Okm9AFU1K^Vf25s4~;WF$w40}MG142TRlOOzajAUWsZHs|~gXWf6T>v_E0
zZ@u>F?%iEgyXyO@cHtXL?wh~VccUh(bzQG%YQFVDU2+=yrZ+4;B7z*<;{*KTQZose
zv^1lr2u70B4I1$e10OW$oa?c+Rj;mTNhl{B7j?dk@#dtR?TrfEDY?A$!%C!r3@G~Z
zn6c%A#G~g#E0E1u1PK2(FU3CoRMK@LynQ=8dqKQw^zY#GcSfz&9t}BZtFO|bC81jH
zh)2uoLa3KXVWECC=T(=*rCOMMTtXz1KW%2z<8ez83S01(YtZ(@>8&VZ_2=eRBgW0+
zighQud}RJPV25oJnzb?Xm_~Wcvt)ty;jkkA`qG=Vkhc$4Qa>ZQ8KAo<rP=)tRw^P6
z{AK3pXw%H~ybPie<gp3RZ0f8j#q*6hxD)^IF(1iFr|@dXBrBh}n7onEjMM7Uo#UC0
zc1q4#anQkQ3HqvQN|*(SSBIn&uZ{4I^{f@$m0l-24jXyA{KF@bd*9Odemyjoe*ITa
z8pPB8FC4yPK)X987&q023Sw7KCJZ*eGz~|ZzG7IE6D5lcW*@&FlHWW?3G~e*c&ryE
zuxm3XYC4}*QxlKT-??v4YbhwlBk+9bn(WPqOCR@EFc|>P)M{;hRvcAWaAC~Vro@$s
zW1qrluuV<s?#H^2O6M=RjLP8^+uY=?Zf<UBPEM@b7Hi7fpQR$LY{%c^$?X#ZfRvKg
zk`ZrFH!%o&h2TotAXXFNj?Bq<q?yfdZT3_6LGOplez&D1UgfdVFLw2<k5x)c@VV!A
zYGo13&7u3QkSa%5(tGWS<8TW!8XLdLMJCQ0q~jJ|`e-YD_Kj*~6gx{4)WAG>^IhOB
zi|F$SkH-UdU6qng$>1Stj0>1Bah)v`Mc;Dtkqo~_x9BYr68_kgj}POOlhTbdWXgLa
z3=6a^H*45ezOfIv(X2*&?)(}r=ZDhJ3PW2{x;+j~!@OR&Z!+p0dD?d#wu1ep0cG;+
ztEtwTxIGjHZ>6nM$-3G1E|_eJ-^p3xc;v3S=vY`o$A}k-2Cm0Y<MnD_akKD?VIKex
zb>T4<|MAr}6tR@Nf6!|{@dbkbP*Z4gMO@+Tb+OI>#u;{GYU*>dmA(8sfpOMj;mbC(
z3p2~1;q~?Po~r=ku(UZN6%`%F&UHyfw&HHH`gJu|=?8Hs;r2d5o?AV#Xp6s$`N&dF
zFsqrovGA&qb>Wl#h_B9)_j=efQd1xOW)H>|tv7acDOp_~nZ9Bzl_;e1AHCmnQNiOa
zX=8_Lr^Kc5=><9UJ#B59u-W!ra+8I%h^tUM{{6rOM3}C&^e`~ADtiH_Z*(@NJ8y+J
z9NbEaB1YuYwyLI@tj`p9N#?Z7SLUQYj_Jq5nxS+IgwY}<GN2n3)7Y=IyS>cZP>`CC
z(&y}5;RMVPb&{aHejy`OA?X&&*7i0PNJi>Kcme%lWQ43*O9&l1he%%X;1d@Y7bBK!
zH%pLeHTiAQ&_@+jjYd7m6OCu{JlpZ!BZEvQ&F_A)sAmbOPwxSwi{v2%7xcRJ(uC<o
z>y=WJv2(4e88a#Eh{{C|V^?x?o=Jze=h8jB%?rGZR5_8egCoY;9mgOQc!ATKL~!5i
zlW{ThD*xJ@EL5P)#P8RtpoNMAz+Ls%uT3xoD}EfTEF|C3egqQTfn2NGTd=;~W4)dL
zh}G-4&2|3ZW0iL-KEo%4s+!IPBATyztT>5R@_8i#j{rl#S!24z_0bM9$%eO31TT^4
z$tH5+U2&-!<``{{$imUthY8uH0rd}ARPOlpb~koq9~y7`ApNRnWZ_uPqak5aGHv?(
z{&(-3fKL*zLVZjIsnVfE#Tutg`ysLLhX?;BhW-~y0lReBV4#0w?mZ>J6Dmjh-jxYk
z0Kt(!)E=I|VX&K1@x;R@ocxN`(b1O`8DI?&3Zi?^76+TUqTZBwy>$xcvxK;X!{N&I
zJ9<9X`3iXy{l{?RqEO^hauUd$S6L&w8xmo%Av9ce^%J}Br1cj#k=M2T1U|zE9=w|K
z5rA*mRIGe0Gp;D{d+Hlt!Ta=S1QOKIX4+YI*Xn5i<mV)VRTF}OOf2vgH+?$MiI%F2
z8q_b;>3}ec<jP`%_n5fT*|=Hz$i9LfPAC$q?6`Oq0^n4c@GPL;vcgnaZMd;;OFvuj
zJuk1b42y+2Tt`kuhK{YPvz?A!wl7doEy?Qt{G)&edSA_Hqwa2o3@iTdyl0SuonwWH
zLr<ccqds%IkV`T(%3W0ECYi!#uIAfh39@mL`t{J*TcRGa`&*UuUSDeiM)Hx!p#6<8
z#cY+7C@(YkJCiYIxD73^f3rGlXLpl~yIb5TwhD2>{rpN~j`grD5SKo_>M%t#GojnY
zESVFmJDuHR+f2ZN>QI12dmnAfv{!|_7z7W#l`6{wY*((VKKdq+UCkr^XrxLP4vv${
z%w#SzZgHOZc=*Yar4kI#SC%t~F_p<`Kj)3fwiq}gxn9$QT4?sGTuN|B{AraAQ)XtS
zB>25S#YCb67dVuqg={n+unX8f9uzCU{A4HP98X)0Dw_m<bLSq4V>HrT1%QmVI+HP+
zjiz^~QZhZAcXYcNIr&xE7eGQwCvh8tqg}(ahv%;jms>VIVY^Sc?<GI;t%0vF>^L!4
zuH8%6@Jc&23gv6mPSghIrtn#l{j@Gj+1{HIU5l~9J@Yx5KL;(eFFw?>a_R5-%7p%^
zv?DFXeDH&Y5{GOaq>phGy`b2qrQ#CR+;ZJ*m>LazD8yKAU5amrNUcpSZk|obM09D{
zKNi_<1ixu`9u)N3;?XKHhb{YOwz66YOvO!1V#>xaiT#JVPYkfs!F{Mh6Y5UA&d*qC
zVB!WhX~g^oODCfqW5R1{YSb!voAM!h#e6fl!!ZlwW?*fRJ>ijH!gq{}Y>yvH=i@{j
z+@`;`fvKPRw_;n}<@v-__;KrWvVSpZas}+q6~_wy=G4?>wlopQA~wW?ikrK8`?lw!
zt&v?Rgi>3vyb$FtLZd+whAcI>PH`(7QjQc`I-EO6o<Oq+xuKDa#(*sDd^`|xTxkE&
zNNi7k6t=aSPss$MNl+Ny92CYxy*Rj&*RRouhXM6PTy}Kqo9aC-PPBACbs=x92a(a9
z&k!Ob{gisTbE-P7Qn!v?5!N2cG}|_hfa2|^W7HJdc_Y^a#}II^<@P|05HhJWs0RGw
zUGa8|*C}Wxqyj~1i)d+{r8G1&#6<g?5tMpQiwIx!S2LOFqY!bDj0|+M-B58_A5&?<
zR2r}a!p+Vo1l?1Ln304B6NWBYJDB+$ND{GUNXbYZgU>J)LG3T!LE=!vISn+28Be4=
zmW<87mA(jA@H8CR34Zx<Nd_PrSkYYsvjA(I8~Dih0;q4X+k}n((LuggNc}G%TpAmH
zWQP0QGMZ-r$fR2VRg22EIH7N?O;_FWQXd)8z^f*j&2t+%05`X$LD5UfRMzG&CmMFv
z(#TC><Fv3+DDZM7<`t|z<saY{JJ0Y_Qr~7NLaOv!fhnC=!~QU<zQ$|KqssO@vM6C`
z8ToIltUp5{JIa<rhZ0pJRG8nUuhQwv51M`09KGKc197_{a9GtoD++2Cei?TXqszIj
zPFw=c`u<tUUnc9G<)C8bBGC$G8`@ccg9oI9eJ7nH{Y{vY;thg(tkN!%FIy!y9nP!g
zTD^h4kvW(>Y<S{fQ1kx#I@M9{sr;w*5R3GuRQHG<iuwz;IP)$s*~MN^E|X&Dd9(g8
z8bR2TJ?dK;081K|7!#vt9uQFI<#9lU9-T`is^wfx$#;5ymzHzM>N9RufByW9!3GBh
z2Q#`oNP*^=pjxLvGOS=9YJjPkR_d+uAb@{HFd5QIe6J36a6kbd(MiT$S$N}GLh&R2
zm6Cv>rlz!h2({j}nh*AFZf=WZ%f8|5g-&w(!qAP%E{xykuLlw_C!TY%m+LA|>GnoM
z_?<roXXAe+Gw_`2Ia+tU;lO&@8l2M4t7%y%fg?>fhTzTIL~g5JuZpw6hbw?}v+>u~
z{Y#gKRpg~#XykX&gYuWQ91ZlXlu#wD5$8Mz-<9D^ORYIz1Mj>^Jxo-yitF>Lt~Ct-
zeN>MYx$f;w?}2+a^d_l27mDI^sL1NKjwMVY_eGfwLxD|J78N@DPL*ehff0ZC;iop^
zet!ze{uass@}dDrnwSdQg9=;SwGMC!5!3yoT<r}^e*$e~+x4)Lr-i+wjVpH^e248n
z`5T?jd9vzsfzBIRN#!p)s;WNeN)icmKUkMSJ2U_6&s5CMT`wwGEk?f14sl4Xu)&Ax
z1GJ>9l9uz=&B8cVt`xz1Rub1Rz#$}S^Y5_78FZAlo<1BVBqWT4kI;Ryt;RkyF!LeL
zlOLVEO%wsdd^AZPi;7^D%%CX(!>awIQoi!#4f;n0+*&t@prg9FO3swIB;B*=jF5`X
zT^6$r0nr<_l5Oq3&64@3Vn#WNOsgLi%c2lR+}s#b`BrF;^|G^pzP~H#9qnGq)6iN1
z8Y*9!gYuH}V3PNzQ%-aJLRa#<nsNDc^<zW#Q{-nS-tcA#OdWnKlg`nG?TQ1h$^8CK
zX)L10mdZAssHS0MZy3*l*wUq?p<?MiC2yw~I^-<2T3$K`sNRYdVbW>9t*vq8(?EEf
z%jP+qzHTMV`8xgC#{qH)s$LU5+k3!|_}KWv`b(F7jZ^XWjlAyWCxU{p`0bc_g&td_
z<p&-gPkzwj5!>6_@%_ODzf0^R!@}P1%FWDkm$94oB%&x?DG7Nyu!=FOAob#oPrYn6
zb>vekRnwYX))b~Z>(oAd54vqtdhc!X-O`McW&mw2ldUq7f{FUXBOT(;do3V%YwiHq
zgVflj;(_*wZ+#&qwBxexWA^)MGi-Nfw|jC^8_WBI_dzgpAzwux*4CPfm}AmVOJ&;B
za^fqS`31~$X3=Ioxo%y?JUTP_XYBW{ToNwD4>HhDF@8T_WtR2vd7%Xl{KB4@mDO*a
zQsAs$PfZ&5MY`N>N||Q23Z$RcOhgKA^c|i94-SHznE4`6L@rvZwnUe&u1gcFhC2Tq
z_=xL8nVJ9Gr>pNh+I4j3DwRPQ{fJ=8a?J0X;_BRFX0@xo%PV*m%jgN|JMZ+?-*@Z_
z+Q{jhNU0_G(I!>J@@}wQbx9MNs1l&fqvrOWyPC?ZZwkO!8VSyp=L#!(hoW}i7+*Re
zi+n!0{)#nS7jy%W^*{yO5ArYPd%@G%)Nwp{62{2rubd9I{<Yr$boe=1Y%`s24F?0X
zrJ9i%g8{}<rUqZ?V%{r$vy8$AApZJ`X5`_ag-9ehY6R&oQa=O-s`H?a_C>5eBPwbX
zsx0^kps46)i}=UF@A>`Si#uplHP(U!h{gP|x$nFtmaFAhdgacK<CG1!7{w1EjBkK!
zA9zQKTP0C#EX7a`Zsi*DpTWAn(Yyw=tK$<Bxd!Npd8Xj$akf@g2?;~@-9EWC=BH0f
zSO8jp!7Mk;y79KIvNE?mSlCKyGm(lREUXuCyt}M8(@323&~}_H^_yI1uaDuulosA}
zk9VAXSTovG!(a~N@3O8%{P~)PhORQ$cD>&uO*1;7`pJ+k-<5aG3$s7~9$S2Ht1@D6
zcfEwUYh-(EkYZ?Q4Q#l?_2&Tg!VESfDSa^D3k(cY4TFg+&y2=LxY%R^DMIR!k_6Sk
zG+-pl>niirK{P!jCH38tcuuye%PTT2`|%A+SAB*Wqms6<?d$R#?F!$oU5!t=G^AU~
zB;(ih>XLO?oKL#YzfyKU--{wXBqZb&4dHm4I4{r7%}KF_WZyK>CIu?B;-A6hfQGQX
z@n<Iok(I5tiNB=2W!SE9-vd#`L_ME3WwxQX@n-_}zh6X=5THN9V`8#<-vvZeRtiK%
zQy`GwXSU;lK|w)`06FjAwwxJb1>~+M0j=mL?z4Le9v@GY%}1*U*p8EN=lgf?UH$L7
z{);O<W=svU+<=5E`*h2FLhI+m19qN`mp2@sN~OVI@ci%J5RT2+1SYu<Rd;vca%+0#
ze7B=picn?^2m}PeshgT+=J(pvNlE=%4f|(~8Z3q!=Hika7DfgnJw2kgqkr+@6WRf#
z9{NyhDcNH^w|tyA-^D(Rs&*tw8xAk0a7z+#3GwxlV&hCF*3{M{(*A;VI&;5FNkye#
z4e;$iZOp%z@_&sfN(2N1DBzO8h>KH@-FpsAhR*+9P+*n`kW7hI@jBj3oB8qaE}}jI
z$E}uJ;8}gTtl~``UqHjYIU73xP8Rdf(x_3cbKko|{zN;jMH0w5U}V?@rI(aE)!8la
zv{fblbExvavASt)=7zTgLj`(~g@uKHBq~j=hV%^vi28?dFyq*OByQ!UGIuqgH)ZCf
zU}CsE9hF~kat96<V~CoO#>_Mf3keBbWE?6eDt_a(x2L#28WJ_Z&8^+I{ve<g5dfv6
zr0g%zj)u+YaBWw;FOVq$^(`0(bKK+qcUt;Sho*r}<pW&(H1rCh<d9x(V%EDr4~_7C
zIKMpe0t$ty4`6ZQ6MAY;Tarvdub~f@uVf6Oa&p*mzpKNm>Dbq2_eXuHwSnMw_N7_T
zOT@;gfw8RY^(0Yvkg)U8b2U2QaI|WqJ(;Gd{%h8=h)TFbVvieW;r1DXa$u~lP!j_M
zHqAigBeUC)I(Bl=YL>Kl7^HQGrs}(#*q=x7SDNi0*leBLSl#7e&z={HIflavLwKY+
zh#!?5qdAPs57MNYJDT+*i9P>Shtzq=Cg4pWMd?`5t;Cau($uBQ6P~uKGIR<#E}zYD
z<TGn?YZlcM)6~Mciy(s)=I*V~1LwvNy1_Lx=PYeMK}ZXk{L2Nj;B*GzX&FX(!3(y9
zwDvUe`vtYmW~{|>N<a&uXOL*zGZI(v{dx@5!11(B!2`;?XCcM-+f$33{(f&W--;<w
zRUQ2}qAfZvI^QjaIl8sJEMTB?Os_6MCWG?cYPPu6|6W@fM$*+K+v_Eok0<|Q^2TQu
z=Y%`;y^T9S5&e6<7KOprC(77Fl;H~Q5K>-<(iCq&CI@NKv>+us3vK{YNz69PD@km=
z+|z;|9`=RM)8@gyy^U_>9iqqM=izT?2Ow&^iz~xO(QNyMBflLvLn13LSpLwLi+c!q
z!|<EJPe`l^a$<M(tTmH=3QnJXKl)a9tz2ACYeg0d`eK|YA?WQ&ckf2ImPY5%aXF~R
zk`{)aKJEMGv%2X|QY6Y}d8lhV)hvpYlQWu{q!nJiOa(M+sM>hG`i&1Y@V98uwY&X_
z;Cx2o7t}=Ps!LPaw-EZEvu#{QR9u|=^7671kg{*o#}U!k*w{MUlOif6)}|DD#nF)x
z|FGKLvLX*tr6?Xv&xYrNQZ!rsPBtb%iXO;;es-3nwg2AJG#Cv#RC5C^&pm_p@ZK1_
zo=l3@@h<0)EN7j+en;XM+IJ9|>+mIWd9U~!hR@ma-JxFO={8KP|9zG^DMmYY=D1>~
ziIu}PCl0tF`@eMLdV~n&YzunZ<7ZE?M|s^h;O}AiDU={XY%^}aE&U%OF1`ow)&3uh
z82`K&igwCo+Yi%OKMifsfj|_nG66vQO;k70gl4vKQU(?UaNO#zUcE|EMi}rqs1BiZ
ie&D#r1spmp&*}Hm(eedE2F{m&LtaK%8YTJ0_kRE#d$u9~

diff --git a/test/integration/consul-container/test/util/test_debug_configuration.png b/test/integration/consul-container/test/util/test_debug_configuration.png
deleted file mode 100644
index 8fa19ba9399855fe8a9b76c203cb0c2ef09c3f0a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 294046
zcmbrl1yo$ivOi1+1PdA@!QCaeyF+jr+}$m>1b2eFyTjlvK?iq-1a}DT{3qwiJ304$
z@13>2S$k&p?%mzBcU5(D^{;9|<z>YY;j!T%ARrJWB}5b<AYkGlAfWSM-+*i2MR~Qs
zzlG+)!t#>B!i4e;wkGCQ#t;w^p$SPa@^OopzNarm>>5IpibA%2PLL9Cyq9YtWTZp^
zXoiF=t-vNfOF>a6bWt^EbgcwpOHp)$aD#6hgyFtGdQ7Y0HiGwlt+s0(7h@wS7o&IM
zyt|p)H)H7p5Mhwww6eh%5Q8Yjl09C$?`!OTzFi^gf@JD?jUcdT$J|#wF(KeP81dBF
z)(Mj>>9Op|G~em-Qk6TnY3lIGR|r*h!`Oitg)ejup%M@a4Pn8sF+V(nCg;H2!vY5s
z3^<ho>ZOX4bDD=u>QR$3t-RC6hHzyHCP9S|Fd_67V^j0pB5EbEqS}BHg$+mjJUR&I
z5x#xj(=YLMgG6q}l-w&x{H!ru5}1w~CD1?J{t0ePI+;p#ck3x@;AbZpi8hzgHxvbj
zuwDk-8mYmQRXI&GLPG^byTP{zZc0Cu(uuFaQ}t~MO&{N0aOk`O*6(+JVNR#L)E_=K
zsv$8=&f3Rg{1!|01E>Lh<hi$wq_xfk<_b(c@L6=jSy^Zwn7=Ld?0x?*_9+}TIr3-x
z9odxK;`1G`ZuDXcA8?JCsq;{6FtK7(D)ch$YAj`yU$-}PH01-$GEVgAHZRUQvT!U@
zw?T{0X<_4^k50NN{LI`!4QvR_Uu!LejZKq5Kan%^QD8k^y}o_LfD#4J^mWSW8y`)z
z>U9j|kRwLVH(~?~B5X1*5LfnT1=SbSBSOTTI^T1(709&<hj?4hCC&S5ZGMD8Gx3T+
zhA<O7h^031>L1k3C54>OA4re_7I`Vz!o3a=z@PBNo`7`kdY}B-QV%)(3-{TZXF@0u
zKaOfxJ3;tC2(+)S6a87UQPBPA^k67qRP^{c-bVRtW`9V3gVkkhhqnUd(oHgf@TN=p
zBmA1bJ*=M{3UscJ#aA{Xh!nv&ly?q+Z8-vzxMBWiM6XEw@+Tb3@RZ*s2y9RA6~DQM
z=7QGttrS|FcwLN)9keEprH}q8$h?}|3U=H-<s$-;FUgO<Y6u<p-EYum<V|lYgQB}+
z&Y*9(Jh4s!b$bjceTj4SDDmPs!$QwR0<$+1hA81I$Vy>V!b-(v^E4FjikFLZW?&EA
zVTTvyelT;aV_rhW3*5;~%2mr{&mEo&o|M`9d}-}O;Ew);DBNwPH}X;TJsUYDN!OMh
zJYzw!f3nyJ*@*TC#11cJc!6PLH4=c|3YQI|^=&I^E6%bnZ}f5hwc&srM>_V{+g(3|
zZhJfRCZQGj71R~Z6}lCO6Ozn;`F_n!ud|=7sNQrP=(^$j;hlj5z0vQ`Vc$Se2*G|4
zA0)9N$0e*ovq5<SyD1`?i#i$jUh)%JB~c>kVQ5lFbf~Q)X)OIv47wOvtZE!cVn9Mo
z!Yg0Shzv-z7?&=P7|R}m95WtA@O5305?wfqn=CU{bWx-vM=PJFz%xD%q&`@)?dnjr
zMZJ}}Wi!+sOEHKuSi6Nav^$&x%KF+##Gfl5|55o&`8#E~a<M!|!9?E2LJ5^R#kUG0
z@+-xFGFKIQ3AiGo;;o8aC2IMlDkp`Ktgzez1>O>^1FnNt2V@5jh|<itHRdIC21^PW
zSk}twl8dUG8k}m)LU$1k40xjK`L+A|m!p@PmmZhn)Tz|87#*ND3GNA+)C9`A#Vuv$
zD&fjF%BQ8?s)ogGWd$YHDwe7qxlyX@D#%LX3hQ~^l3qqg)=?L@C+WGI1G_vkzO0{E
zdsq|AkLLGg-cQd=UCyFgo=mkBbLNW9JIqVXE>$|KS_0Bak4x!h)+)VZAE1R(x()J~
zLGO<v6z~x7`0+}{_%i4-?6pZ&DOc-T5L@IfL)<^L8?_(1Tf67oFWn2?4__T#5@4ge
zO@2f5h8vOVE#G_W5B={e*{#@cnG{(KaJF$~Kk%{@zHj}&z*@=HVd%%IpPHX?#MW#M
zpSF}zn5>$-_R)XzXf(j2b+l#IV25iAW3(c3*-)0vG{rP+KIKMzf)0{yPJ>0WEwzZB
z!Fz4a4ez2ueM!Ag6TjNisK993wtlX3_8_vpgmu29=ROLtuYbTKK_-0EQj=M;;~0PW
z;j?lpVe8dr>(9E!ct>Q{SJ&T=?vX-~5|DU5VKc`!$GG*OZtneP0{yJpq@eI9qAl8#
z_2Eq8F5;Z$LLOyL9nbR7^X?3<L>Ms6lCGlp#yaU-Wm%OLg)>mGbez(f$vys*{XjSz
zkO1Q9ao^V8C;Dl2dHa2TtGVZ*4GT0pUp81atU1IDYF&9KiLQ+9DjGALnICgWId$WY
z(Dhwc?Zj^&PaCe(kG|)=tva(sCWH}ziihDrU_p$BYIxHv_$;{WhYy1T74DZNEC9=G
zq&XNTpEpsE(;1}yP3RkSPiC-YAOrGgNVXVlRB@y$!9Hp;=ea_>eLPDkodzElQ49IK
zaD>_?$xpUNZ3`GR^P4l90rqr1n{M}R{eK!Fv|$|qK7Q3pl25j?&6(_32~@)>VUW^w
zGO2kq7~6Okn%tY*yVT2&jv~uyN*kJ?oWcUS+B(_l*lNCLxCpwVe?)uM14=tco`3BU
zt(N(izLBVy%0zsLo`|4ZbYGxa;4Oh5$sNxYgCDo{^~<=#2nU%WT0!Vik{R8Q_7ol4
zJFGB|Brdwu8Yg8mLe6A3WBL)Rp<E(=g`ye2y?-6UGHWaGgQ2X`Sg2N?mV%9GrukY>
zTeoM{V^&g5l6_J=-Mo5-iQ78-T$mS4PJ$%Ovg&>XHGs8x$>r(?YcH$0rMISKbA!=w
zt25)F1_BF$D%R!8_XlC^9Ic%EYSZ?M`%;2Qet4gwCB0hx`5;@-wp`1;#J++)T{Z`H
zorj@=B48Fd8=39Fl2xbMIOY-NWTJ=WY6CvK0__mP{yJt|g*msO$K<sOH|A-RhJ~g^
zeO!}LOKl@<b-8iUb0uACM|@HIdc|3>S@BHqiu|2EyX{Q{?}^7j8B1AM8Q&?!NqgtG
zi>^|=zVp8K(eu&MII;-A-fhaA<EY@3e;-UIJ{sNuFRph}dw))0p=#b|M?5Wx3LL&z
zyR99Csyw=@ovR1zJ;c6&F2?;DtWMHrhf~+CpAGLu-d#~3%Br#{;)JJW7q%5n?!@n`
zB{n6VC_NV~X=G^P_|)HCO_*m)W0=N|Tk%QrXxe?=(0XpJx!AZM!GglNU&d_YZF%qU
zQ`Q6EF<;;-tw#T#)v?fhz~R!j4caf0Rg=>;)UoWa@o6uauB`pZ-nx$6deoX~!?9x4
zyzg3D@8Ny3sA<zkzjEE;b%*pYcGcSL(t0Yo+PWS$G3}A%;<G1s?>~=ROAy7c@$~+p
zX)m-VZmI}duFQx1u03bI<K|PAn(l6Gh-vhF^Ap3%;N#}7K({04VoLD1JC*1#XZjo8
zH+EfGSH?5NM+eXRGr2x~8r=__Tz5$ix*2&jd9SO;swmd1Jj<@HC%BhgtPOJv<<?Ex
z2wvnb6^=K5$c@P1Wf}4zN9}rcdr>`DoY!Azb~O&X`|$3aK~w-UD||LeU|ifQS4Y^C
zcN-AdYf!#TdhVH-XlC~WdSP8Y8~Z69Qb(_f#Xs%2L3pC_0<j_ThU_ta48>4R;dQaG
zF=eE9742L~P6|E0bEt+mXng|cK|E7UGe5dKJQqO&%YABJAZO7ax0Kkk!R{$Um@z=o
zL`DXJ8eE2jfO>@u0Szv_0)P2l;rzQS_KFhX^&j<+5D>xU5K#YYBMUzN`g{d{fA#st
z`E_g%1Pu5J4g7V@hWuA+nE341|0+Z0gYQ8IDhW$Ug3n5Z4#vhdj%Kz_^*^&)z!h+I
z66%f+5SV1YzON(|NzcIJFPJL>oB%SPxD0Kr>Gh3l4UFkst?hn|1Ht3U1uj|}JLwa;
zT3gvTa=G#n|IvaAT>e$fKuq{Y6DLbvVt|Z1p|GukF(DiMNBWP%eDH*Xggg#LCR~al
zV*l(8zTzb|b8@odVqkD_aiMo%rnhx4Wnkpw<Yf5B#K6Qv2W~;<=w{=j?@DLmNb-+C
z{xyz>v7@1bxt)`_tqtL?arF&sot=1ziGLCL_vataY3yqLKa^}7|M^<r7i9Q#hk=p)
zBg4PP26yH8Rm&xB?rLnME@EyC<{6j<A0rD33(p@N{^QpFko;3uz@NHuvV8n=*FW9*
zYgZLVV+UbdYcNqKzW))}KRf^V=07{~F#LM=Kk?!pjQ*n*%xOM&9)^EQjSn7wF(MZ%
zNL+IfIc4w}tY*JHkW=6v%72`}Wys{fcF7|p2nYcPNfAM1*H=dw(0X_(OV8^~tdT0Q
zEjZBd=rjd%K+SwtO%2Z)p~-q%jL-al^_NBjbbzP5xqYM1B)qE3Dw%n?ebUQAX0z$Z
z%FxP|Mr>NzZe6qE&dB8YNCr3ac-v_xHjgU+!CsyK?I(>y3FUKbVxqI;21`^6rdTRX
z8Ea!rPP^P{6mM2zs#Dexo?XKH>^>PqnYR=p9M@{SRlUr4Q)yx`YcVzLs1yblpwUe_
zj^~=Gg<Da~wsv>=YG`WRdhT(qsh(ak$@dx&>9eeuh2C<xv-+lDnod#y)EPU68GV21
zZc*oQ`CWy5iAvS5BIGR&E(@07=*9Fu`p%Tj8&kb{L_|srui3fVKV`G@w$!qiJp{%>
zJimb%?E_pqUb>{QcCymfA2_Q^LHPLl?--Q3dEd9noEKdl6zHj`D5pjgsA?zClKFOa
z3pz5+@$f&bnvB{;N>{jRC!%$&f6s1yZ<(3(Y*V|_*k7R9PA?7j-PUeGD}r@g&ZklR
zLUU8G?EnAcqLe&7m?F#j^Cr7=;pRm&7DcQtd-vT&8uCp=`yBb)HMDk~_NRK_J**RM
z9CJ*z8I_EGm}9|nSu&BS?XPf_Y=Nq?wX1eyQhdE^QZbC3v~<}*OXg(yZ1MJy$UPHj
zj>SU@DB65JtO%{GTBI54?8cnM8colDqtcgHAgRtKCAJ#kysGgfUwQ)LgXOW;0k#uW
zdp!9nc9G4x`JxWO%7Y-iVDoXg$#kWa`zoNp&NdYrr=+AL1{)i@xF+T$HMO{)IVCmC
zZD@Jb$DP7ny}mJD%Ee0|o!o6S`=&T0o8;sbj=DzDr1O3O{r;M{Vlb4;qN>|uhkf0L
zY}%~vRneNbJ`N#Gox=CD<(<;*`+Tk|15q(M^vl!?9X_|u>d|x;gboD4x6eNwf-j;U
zaKkPbvT$zGb9|&Pr+A!`v5p;(V)V9HH^$b<+DF@a@5Gyi>RHA*#|9$!PA;eR7Z|5j
z)>l>C?4L;NR`*8U{~GhhqyGhix6j!F&f}@AvNFpH@O>w<><!w^c+`jPQ{-QF{MQK{
zpTFNw+^!Qm)%rc~@A-6V`!tP<_t*5Ansq2M9>iN>8m<D)S&=D39fOMZ%)+9gau$-`
zhlNHKG&Q+K4U{%f8>1&oJ(@nANa9_8_s_PXE8iqWc^5u#rL3zfUSH2jOU|xfB1V37
zJRi-(%uGc`7wKLzE3T**dmo3;(3>wZYrY?gUG6lZLWVr_zAi!s+R)$k>nmw_d9BT#
zw;T4U)Z+<~oh$-Fd511VI1&?l7nmI1tB_!E!7un>7i&{1uk$^}%lF6db%IUqFYCI^
zO<xgEoBOM^ZXK{I`6CYDZk!XP^PRPIo2C&1nx1>EuqyfQhJW09f4_e>pVjoN%wK+>
zqwB+H_Y`?(tL3wKk2C&q8&OQ3Yya})fnmjG;~8h1VCGKV`~BG?^mtaXFOQrZziH0}
z1*iDIE`kkx|3#w-+jWKhs%m0AYrV3Pl5j!-hO&;TELm_^$#=b14APWAqC5HdMq%O6
zYQ(k5<}-xDbKNk4>hR5(?oFQo+S+tOy1Xxl*euE9pVB4r#3S`<IKnF8a7vmBQlNKC
z)|w4+XpOb8gdIAIEtsdA>NAm*cp5(h-YFr9RFq(FrcmlBhNAyCzR#)Dk+ON6KUo?h
z4D@LDa$SM!$g>D5JgU|=8yrLMs6BuY#qarI_uPG#1UG1l;O+Ak>7dAeJaXqWfY^Us
zSIfs$$ME|-!n|((H$|@uo7NpCZQURDO7FU^*iT;UUMzLgzCR<}=r+ADopRfOd4uc~
z{be_+>4n9I!v19x>g-W43+K|&YsF{t8RusGK(OGj+uxFi0s$`O{!!2y89)?eu&Nql
z0iY76LRAkig41lY&Otn!pYHJTpduoQ*|?KSM2lF*2yK3KM@i|3+QEdHG&eh|A|-*(
zYeFlN;m$-xP7X|P;GLbDRZ=&nN=QhmS<<#_YPYdcOdQVjlXkm{<A8+qh4_1ifEjEE
z3hpR<W#7^qdQ4wCYiny%c(`HsmdN$Tj4_{fs?fg8rT~u8%F@E^;m%yTG<F&VPEM*o
z1I{Yb@AqxvIU}XDXqoD*J3)OF^#HPPoI~buu5d-A>EhDTSa^i+;=1zqO%-J|&4IZg
zMc7wR0uX=iAk=~l*-QWWHT!bSDYK)=cAYOib}F2jdU$`;Wv#FjL`_CZK~7#%0KC-T
z(|`jlIjM*D1kw0nH%MVJx*aXpvv~Ett*nbZzd%;p&k?4kzo4LryR*yr;{A6S0|8q{
zOxObi&=(aJD!RL48=IOcQR86vTrV;$wVB5`_+-SV=Ym43kAU)XLcn|+d(;pzVOCB2
zaOuO%DE=s<&E{BS+`*!$DPd(Tt=t{ypsy<y1cZN^0X?a{u){SqHSq}v1p(WyUOUXJ
zfXY-Wa&Mblr7#s1=_rQ*00}n4IK+$Xr6mot!>!F|{xAJe1mYgoM@j|`qM`+<IGp8h
z*^Yz|kbm>AM*CQv;GrPq{ss}7Cxp#*MFLEav_?^O>n<@5TxXF?oHqNu)InJI^}|qQ
zKBJ-7v^_<-gvZTEL2j-=X=P>M&W;H)JMrHn2X3~S<QoE#3=N$rvem`rF+-`)YEEyk
zSuNcGm?X{9Qnu2@8S5{Qzf)0;S5Q<W)^?q=YWTD^oH$gF{$_aV#N&PT?%$>L{SzS<
zSE~DsY(YfCTQcg-d(g1*H~b1j!9~TOBH6;07L8IP!Mj{e$CAp1Or)A*EdT(PeI8Rb
z#P9FUBT`fp>Fo}yg7lae+0an9x~+mF5qbQ%o^ITt-aan3g^3)eEd}xE9N}QIm*>}{
z^wp?;cPc<Y5hn>~Y2hNi|0=AWqJH`9W?gYcAVqi)BX?ol*-M)@Au(ZMr5Q_!Zs6kL
zJRuM`=1=zbCO`Py1dPx^3??~vc{6|yH$}bqP~W!e`vg)-OQ|XSnQ>iuLXWOnVy}<a
z<su^^V<cbaLB2wP_<P40AqozTwEr8#e4Tc8Hx0`0)<a=3QKzYylK5`&5oj2M;->t7
za{3xxiyrvD|F|NkC^XyU<+KOuRar&ZD+>z(WPO27KaQGbW)?(RZ;lEN4pKv~dEUJK
zyIM~;!S*FTUj&=YDOp9{=Eq&!p~Q|traj19SzSdEJedNW9hPxxF#e0x;!5}>mGxF}
z1uw7mMH`>Y`Gcm-sDjHnmZds3X0Myoo0*jrD;x3NH~}Xo7MV=Xw~;v9iBd>-xhiEH
zIevbS<DUSp|H8{J__6{g89{IHtuW$4scD91w?N{bxWc5QkQBVVy(JiBjxs)p7ZpwD
zmq@atQ`ns(B@2`TlmxX&j`gJXRzTSI9d%)INov7$+PXB-5+Owa0V2=gMajv4u<-Eh
zXH?cR+$pB$x|Q<zxjFZhx(5vx%5ySgx%@3g$#@phFK95N@>XJX?ys_Q@>493XB3Vz
zxk{H5g=e`fg(q<j{v!CZIDyl(_WiJ724-m$W#tJaIex>+VBxJ?1cvPNblh4RUC%qR
z3iaAKt>|6}PfwnLq9Uc!8D%Lcsay^3lolY+54u;#!ouPJQ<(3dSdztkhVo#VB0M%u
zNja;mtZc9Qg{QoCyUfP{!`R3u+0gBxqS0(Pv0{gdI1`FIf<VqR!?`d8psXw+$9GlN
z90mIyO5`g@$jz+@wM|5u0#s)T1_FgyOh(>gvs%2x8ywCPeoVBX?8&b~PhDil@b2|#
z&oxxGr0cbn3g@h&Y^X$6FEcYMj1B|s`THqqXscp`?JQT25D|T`9gL$SBMTHUPwL`o
zoaEIscl*{_TAHf;MNJ8hKVUE7D-(6hRFq7?TAYW%r`XGJkj#w$2O6tNqx{_shH^ux
zUulCNV9u!;>QADF<%e{@^S+X+RAz8=Kh&0yLBumE>-L91o_c<I*zfwnW2^p+*lVS!
zhUM_6cC-T>6O&r7xxJ?03^6349te!h9|>BC#519Dn@vcnrCgjp+Eml^kr_^^`Z!NQ
zMGSekWf)Zm_m2Dw;hTL$kgA%RG!DCU;W+<G?ywH7%`8=L0P|R~<U3^U@>$INm)r*e
zqZ*#b%Jv=X=;On=sv=~*+X)gx8XHK{+GL(gQDaNj+Zb_49Z12yC<OS@?%h`pOU(FS
zAewnd3|XJ3)8*vAM3<ny`S@BpQFBZSB}MoS(nzlU(9abq^q07XEv11-r1}NL&ua5i
z8&71HQaUxQ19&Khvt?KXh1a=FfcbCGa~Ac<w9;@=H*C2(4M9O~O3RD$;l004#}GMc
zU>j$~iorc?B7UxXmP}Is?$Ty38=2%yU%}uM-%c}8-?f#Kv<9~b{@Lpw)Pppja-Z(O
zd7>sb+1M>98u{)~nm5V_R@ETBd)E?R*p*AU$Ms2$%eq&z=*~ok*|HMUwgQRx)S_wD
zHYI5q_aFupHFdt4u7^Kpc=$N2#Z$Yy%(nfGd>ltft!hhj7v|;SD^R{;=b#J#_^e6U
zc`?>Xn`nD*{_G+O(<?1Nt(kXNeHkZb_O6pd5Ahv&b>Ml54T7;-&U5Gs-_XrtCCsb2
zkr4mCtULn9<b-P-T9_aqqA+-bbMvLk5AiW6lH4vQinfC=-*!PnUi(YkPgL|`<rbns
ziE`uFQ=|%Tc~<o+JwnVBAQ>%^BL0>KLf-nuiCX!PIVb__&LO&~h662+t5R>N^@tNG
zf?*Jd`zS|vJ>|oUEhayTp0^EA=JL+9=KB&2cr|r3LhYj&4nVH0MNUs6vceCToEjEe
zWaNh59@Li~3KBKG;CYsI%6o*^nj=V>Aw!OH(Z*%!wEcz8df_Y1*KFF&cS-#WZA~0T
zYkB!&nS_+lxSW3U9H%^+{W5Qkg;DIU>*sZg+S(>$pSFajtxZ0#n4yfex>ky3)?3a`
zrPd$bde?oD879Snc{`W`_Ioln7SS|yP;{FeRH8G4?{?BK6%7n>hdx1V6L<rxE2T-v
z$;C!F=^VcdU8>TkR=#cZI-S%n|EnV?fQ9;XmtEoY8zja^EoA(WylJ^CNv6~JIqPLV
zhdb6Zx;R^$m~RF^#o$?-X{l&uulJZB+5ph^J7JuqQs)>~%~W;L$iko<@)lDM??JkR
zJ|<2Q5^W8pGaA9Uy=WQ>E5;VvYdL4Ndm7ZmxfP*cDd_}DuDsj{&oE<$>vTSJj7<xP
z7{v+)KY27UTxK4pvS-Siw8j)GW9}OUA4yc&1mRjud4xY1IRRKW4mgkj89>X*l?p9M
zN?lz&ijME{jD)E3jf>S_v<PakP3x6OrkJ>PZ&_?K|4&`AH{6l+IXOD&1mYJ6`R47@
zZ4L2RS#sl@X9k14-4a;w^&UUt<8>;M6BCjqpS>Out`54syym%1Fruf!pqVWa>Tgkj
zfs{z*`1z5`aOYF4k&+S#@7Z@@!PTm?1W~hIEJ048;3)ksf7RSUxIuKqpg>@boTB&I
zD=v?@=J>D40-6n01^xZ~zSs$zaX!rM*}-X+-}n}bWsMXJSIHu%zr+X18>fyamcZu3
zhQ8!-09#8FpMlmsgFDKJFmF>*K7g)LmX`pmrk+i%$^J>sa4Q5E>k=R5aBy&n^S9)G
zHRFtf(OQb$s9hYbuRFF-PTq6YCkru(BQ0&ZkI($@8l}u+QPHP5^O|2xU^ZDv{X5~G
zbs_-n6-A7S7SFEDirIBFcmu-Xe4vcYX%LV?j+!ASvSLmlS74@dP;JmBRa)xM8X6T9
zwZlW9^r@UX8ej|Z>_c;K0M6pJwzM_zKA*Innja-IvKZ~5V6)g|x3Ht-XllXQu6GEV
zUID@a_sA}G)6DDZ>z!U+BbQ!X_ot?(fBNM)ks$G>2O;8^%;k^}cwNQ-C1wxZ7prV_
zxgJBlmDpzSSx{&7_mi_$wp-=2*gU;KMrw(O%YGbXU!Te+iPoc;e{}%8+0w#AO-*fJ
zc~)Oho+sR`byFahMay*_LUQ{|8@I(*5wRHlokn%<TM%Nwk8i<;<retIS3HH+J#ZAb
za!PVsLnLXR)GyD6t0tab!;D;l*Q4n`taS0uKkklQ*37r@Ioa3}`y=pW^28#QJ!50z
ziaRPZL2ezZc-)_hAA3gdWmA~~(c)GTfn{n{3Jf&S*sNheNFREf3#hBq?s&v+OI6mB
z=lT`LlNs~OKWdJfnBLq}yC<b}5hO<k2zwITKOyrM--c3T3OL~I6RM5`28z0?(7oQ~
zHR!dA_ENB`_KmK(!gn6Fr%C+5g^r0nwd8zwNzGX!ArV4hFGH`opx~+WK<9JHX1ivP
z7?UIw;GwEYKK`&893A88e5yS-P}pWhG*0JKjh`eglbRnltGJ`b|J8J)^Lf=}{b%@V
zW6}rRUUxhrsj`GJ)qNGmMU00vt8^0KJ6x9JyUXp<7Q3&zETW=)%3Y2X!!;E4P=9rg
z_aq=4bkSMA(#0d*#oPv2@n<-m+@TX>W#h-Qu-76SK=f1rK6Mas#|6rEkSNC%(gM~Z
zV(&#@Sp#HsP;iLe;Y^k)3v<-74DyC=aOL|{Z6{2uH=Z<Fz2%{1FDS9f8Hu#0n5$(%
z3{ZlO!VWS;`jCif6oN~AyQ5T2C4~BB<W%|t#f_@<`%M>i%sxCtgH~~2CX~D^p}F_T
zH6MXB7*|*rPTvC|qZI+K{^XEAe5oXz$Q&$vAQ##kWnUef-=@FeX%p-PBJ<w^n(Hwv
zMJ!!^^d*_Sc;B@9$9IbEWY-7uNheNZ@_ML%wuS~KBKD_8D~yc`j+k5t@c8U=Q%oX5
z2(R{m<K>dne0Rxt=KT>LOzxvHxc6q&bkz<!qEtj`!s%Ol!LF~t90@9Fh^|IkFUj%y
z%(A<9B@@?tb+ul|`@W<^N}{<`8?5-iZFx*vyo&t0=S`K*uiFg=WNYE=$#7{MOGfyD
zD;6QdMcNoP_))K%7ur48>GTzv+Vu#swtQavkq0FsFcp5D57S>2D~@|qyfbdQpwIl~
zXQG=iV?o70F=$UgUtA$bJGZ&9F`BQk?kOxT!!<=BV_RNYn%^g_!$@~I&UNuN8Vk>f
z?@)2a+xxu4R5^B)`o<rb?-Iq!|A*I-d67fsD)BLx6-`wPnyo@bBgwJ@xQ-Di4PYa}
z_l%i#_!;vMV5PdwIE;8RKb$l@ughRM{L_r<^SMzf(>By+89d85{b;K-VBng^sTUcL
z%WL51&iE;keN7pEF^bCqE#vb+i3#Rn@Wx#ic8kTjG=b5H)t$EoH?m}=$@Sj#P|>i2
zj<UdCy|XV-#Dq6yHc9j4!aLi?c^3@n6+384b>@x&HXY>GvV|VxNJTRXW{o?gftohL
z>Wk+g90!<*#sT!(s_Ngd?~C`^#rUG)*;yv#=1+64wr69xzY`+IZH=z&nU$<s&6!D{
zjfffd!A`Nl(R;Ny<FBoaq`)H}EJ!u44dQ+`JwFq{c6US)rRYoc%zY2<0ilNXvCmaq
z#k%e*(X=McOm2G&d9IV8^Sk3_{^(MdISpoFq~G>%+G1Uj5L1Z**Rrb)7eWoPPMYpE
z>m3=ptzLP;P{tn1vWE=S2o`1aWm}xP>FW59d;fHS<@=sKl&#ciId5Zt=xP_))@^AG
zEKRMUx%D4ixem*jM@QF)Sy@@7_Gqc77;8D;DtE+!CA_@wcrQjAElLR%ap48k%X^G<
zzBlv=d8m1!#w#f)nRj2!yP-Ry@mGAHPvMtSH#uZE42J+R?2L4TR0PysnN&%;p$dv@
zgQOar+q6ZlG#2W+x%%bdLEYyku!4)Bftc~pd<T?VS2IfKz&fer{%Pm-G2)tOmvR*o
z*)tXS6Ob3f6W>KdiqnF=4T42c%^nM{TC2_g+F!S!LXutR@y-QqFxOK@%@;EV{gG*a
zO=qeSE`Q`<nm0EEX+fqq20%<xy6t#a&};)G`>27w-oi|(P^Cz|_8RF1@ZgnCNb*Bh
zrKh{QTuuSoOCA%ylSV2df6BI~nMw>x**%42r47eU%%>?v%}m8i>E^aJAt@N#`;n3C
z=Ut$4BkY>{nZ={QkI@(t*`xv+Eqe!-!G+uujf3xxFuJ>qkNj^VF`T<ziwOQ^7wu5(
z(0tROj9Y2Ush+<b%+@*WQxKuDA7g?#j<T<C*d`uMeZI%21bjkeaYn%!Ze1u<^{X<R
zHO}bmrO0xZYHq|Ev?<vgO*_=Dp`*{}qt>KN?{jXLP1U4jAn<sEbCe?Sfi~WcYkKRw
zv$(5#<A)KyE#?H4S%U*BT|(noTHRbn*&A&F)tcE<n@EJTJ6aUYZ($fTd&5;74di#Y
zSd4Ca6FK;I1<_2~3SwgJWt_=<GPl#?JeD2l$13uw>{$*3^ISaVdxoC6>aqg_F1V2d
z{Hl0Lb4gVB0RVF8LDTu^dyY$!99;Od3^K}L>GvDJ=hU*Q+{??itYUX4?Bi}nK#iSa
zkV%=tm2X$Q%1(TT?c{4v>D@-NBW0rY@^Zz{b^)wD^$&k!{*9LN5?+Mu%9R`7xQ&LZ
z|9~{h2CDVzESD`@W}6j2wDo68J1lJ4zoJQmq)@$fD(aMnOXYqJHkBT0Ozo>l+v^l>
zbN0Q|t1*n@UPQjCwA6)UJ9LhagP0hAXyPh?{g0iw;4Dl!%n@Q{oHV11(c)&}l9Sq8
zrhAnW{Q3SaOs2+Uo)N}-gBhZFgtyERhLzrBM(Xq3u`(3<#xl-`Lt3)k0p0VaN~e-k
zr5;RXj+I6wGr6v1HcbsQ9I;)?3E@@+y*RJs4=s4;lsj6&uK8jKKHbP;{-)MK;E8VZ
z6u;VNv(%<uACowj)*p#CoV(<@iM=)j#LV=^U@wrO5LAb1P11FfQHPQyFnPWe?;njU
zLxypsU)x=jQV-VQDHuaUsGKi5SX!}AIAT%ded9vpGIGMF*+A=dXS~$zfjr9fK#LjQ
zpOPZ_33GVC57IC!t;TR*g0t2nWtr@JN7ELZd&&g|3gjU;4Caw@w6}*F@@ytH6Bi$F
zovGP-hCz?kOBrrkP}8vw6ki1c^q>tM{ue@o(0wO*O^<L>D$6rb`9!y1aP}&$C8PUp
zhRbZcEPg0o`Jl4oyw=mZ=yVJo)AQPK-m0BKOa#>$V8e~lDFxLYDW%Wl&w)CdRriCq
z1X1P%nM;&R=|$}FZ8GhhJ6^EY%`6QLmC&`UC#Nlc+6rM8<V0`dmXaSE<`&TPs@GZ-
zAL#2VEy?elt;Nl|?}J1=Tlc)Mo+jxs%T&5+bL73LnGJ0JSW^qQAELPYhFn(Bw1ght
z>b}n1{{H9fyBF4?MeKeC&OyG(oQ@71yreJhq4&6cgDQTlDqk94n|9<?!$`LA76vdu
zSY?l2;6dRO(K$IoaHU9js@{n`mQoPga>v=~6&G(%zanC&t12@l%wsr{Rm+1uxTwre
z_O076PC-7RtLfI%*n2u!ln7wgmeZ`NUJWPMEYp*X@&J1Tf4TBAX=7qidRcid9|O?t
z2U_KuuuZ-!p#K1)oRyj`BLIz7TFwY%vZS&fvv^k76)&xtSpB~n$(DHExWNPI;NA_@
za*njLH0}{0b<Nj@&sv}N$?$EW`<4{$v;DOP(WPg>mPNz%dRfSAW-!L-`EEC5o9w(l
z&31CGLUVsk(`MsNCDMalQn%g$!>jLNOyip<);Z4zX3i8BL$$ViVsm1a`~3%MI_L2h
z%f_|%maCPSZg@~I9^04IyG;FK`f=p;<lWFU)51{Gk}NIf0<bS1+5rm^$MxoT0`&Sw
zPdqh{-hr2ts|wX!MM=!?o+&xY+w0|1Gcf2-LfV?$7P$N91%|*zkBHZFUAv)oT11X6
zcwuNLgZ*5@VL?oC4IvljLIM1O<u1muPBp4?-OmnU)qW0Yrw@EyK!EZMPv!af#ooiI
z_xHQin^G+7%Y~XhLr{Onb&RkJ6XdV%!jeDO_WB_qo0j>^W^fd-_{o?8Pb`#isT6R4
zQBxnt%MqSz1=l9&W|MgQXnHBYpf0fO!_`?DsAkcexvyK<sJ!9hboN~k6sE>r8lYd&
zzgH?AXpu&?+ClGJ+|hbI$WehT$U}W$Z`{L6LP@P7R&@;2CKYkpeJSOw9Ijs6Ax*Fe
z>9;5=6K<(PpL$F?NHgC&=Jq^-1OB$P6c|8*6#;YJw{NMTxESC}53pCFuF<3n_t2_=
zsMmPN;JG5@dcNJ1Av7qtKO>1wJ)AC*%QK{qW1F9^(3K<bJj-c5VNq>`H8I&4WE3Zm
zDN1MhmMUTpNQK$fxaLqR-oik$>~fSnuj8R@T#o<(LoNAgI$ooB*fkv(lVjL*38vK}
za@+QJqnp!$uHnN59w>+Fg8pw(hQNZAom;eRe`2#<J9-HpVlI?Z8wfh_1%RF(G9Ny<
z%yF%r9C$K^_uDp$7`A593f01nafMJ)U-)ZQbZ<AsY>Ef#L2t{Sft>}nS@!jb-7KG+
z;6)3nfyFcZZ}A8&HIPY$OpJ_z?Vt29;tH~#TG7k1S7sk{cp_Kp&cv>IKGA$kCuFEQ
zGS*jb;|!UHbZdU|ACV`nSYK&*w$zWb@w+upADXfs7iYdvep!Ey8K-TpP(T-308Qoq
zgrJ`54k84h#z>5^go-J!B+d4el*Q8)H<YB9cs6(MS@~vZ$lH)1wH{3GyPLCZo_sw3
zUJl?35m82Wx<K{y!m+a&%?9*}dZ~FSB5F34(mv))uSl0s(k*LZr&8TCWVApe{uaZT
zD1b^AnQP!uR#A}zLl&f=9%^`gV1tj}nysa(DizIl9bh9w_b=yZgrzl`$7ijN#qPU+
z;{(`CAA+}kBhE!NOQIi{nZ?IA49R79jy_tV@%~(=Q0K77wXACHCs|FxNYPcNbtYSY
z1|vkbUlP5~&C4t>*IZwdQBb7qulv04diBr``5Sv9wbtTun?$HrjUdvTcpmG|mDeT=
zJ7%1OXVX3iTnDn!>UQ|iH9chsFY-m#Pumk6F9e?QdfZHG^f8ptgGYB+_lQ1P>k^S~
z7>mKR_`_5S$$OtZ-MGo>?P4wV6<nyBW^@nehB>RbM=p0tgDu97>QnJ3+#D?rO<guS
zNWy{bVTMjAFj$nqMuPa;G6`Prg@n3Ha%kzRc1yyJ*_%5W8eGo-pWW~V&dF#hiCcgj
zRFF(HWhT6~K&c(4guaA<c<_q9M!6jcpL-j)ygGZua>H%N$GV0lkCHThU~QuIPB9d=
z+r3hs>@$uG_Lb&&3Zhgh)IK*19pC&sdv%|Hog;d5ha+sCX{(k?^Fb1u(c>GXyDdbE
zOe1qGHYoy983#~L_P*kY_G9P){K4Y3vz?<n4&C>6zdg4f#dlI*rFLuL=c9#^%JFd?
z$HHJs(;5^nKWO7JyA4vCrClX!2DxfKVAFSuA0Nrd=K>5|QjUMk(?W!S{(d0NHVq{m
zoi@eKEALuhYNAI9jx9j1@GvCgc<yWLlyt>`Q;mV=P5X^Xs<!-ElRZiM#fit<h7}`@
zOym0J@Zjz85Fqhb!+;XC1<m+OT;T*9MY>)C1@Rs44ZVf2v0LAEl0v8V(}*W{5}TWw
zJFV7d`nASEH>gvI_ulhxb1#2dYBxo0MSThKcDgrr+KLfR-Tw!4Q?X0maIsS32-ALF
zs*i||<mW)?x(vPT^>95I&OpbuD3RaJ(^37^oyisH*s}5&ZhfJ}#*S<ftylE3xF%)r
za0kIh!r-V>mQbTLGfoCqggJAFwrxSKKS6$f0BcafU3K!93M~A#{G<AU>RW>X(A%AI
z?}esor$QDaQUFkqXu}#6P6wF|sj2S(Rho(Yba_7t)k9k=t#h-yH56q#*Q%FemtV}*
z`MfBpIET=`G&>fe90G7`*~PkeH(xY(8W;+!z%d96OiWJIP0Nk1hqWa)`8p?`wV?Bw
zx)aT?@Iuodfs?IfKWG!zrZg7|Z<$T^Yr}o+4y2YIB<%bet2PDre)IRuq6IvN596sQ
zrsChpT^5UJwRJpQbDN~b+1>SF=}t*yssVz3Axqmy+NEl<Q`B7Gb#3|3#UW*N4dA>h
zGRPZD=O`)w4C1AApw~GEqPhEgez3+jNL$5T(io$%!4l{by6u$X+a}su8X&!Dd%nl1
zvwrw2Ub8^315PB#y%^)3&$A?8(3S#&P>j<-Z$Er;G#$TwU&P=CRJH?$U2;c8KGo8P
zhNNB6X*Rg$4@p^AP;2|FvU;wQvdfDt)S16)e;RAua(aB)%?ak+sd9Et(Zka$^y$Jp
zK=VXZ;9e2}dtt{0_QJyL?%mx77I!@e<3*_7#NVUbP1AEd^a#N>I^2xibb=#d7}o1G
z8Q^$c$^8=;tA5we^^!^Vv!a_%t|<hF%=;JuLZg4sxnbwy%hYw>10(00EU|P+FmK;y
zv!@IfWw|B7!^4j_i~NVT9}g9uUEZru$;x0$fB?Ek@Wn39_U!xGQD+D6N&I+xQrY|p
z)ihzkoCgbqN?BP0H5~EKSoovLy=iSoP8+=+rEL-&@)4-0=my<^_H3fng}UGZXB=N}
zX&34NVWL!9ElJrsVJI)ZW<!dBj!wz(1LxKmXUX`;+XEjy{zrL(HvCSBp2AhedE?%M
zj**R;9kYlYGf;-^8$AgSj4nfA5Au&U!@C(@BK~ab@uaeOV^nrNVbqKtAOW~8FQ>=l
z1#|3mzZ*%?IEIJamhK8<I$x`^*sO3w*90iaHy|i!Jl3-<tN{!S3@9lmf}=P*iDi;M
zc55j2Rpi!$Y!crdd`)uktq@I;S5k_TB~FnB^itrlZP|R(^#-rsv8H`t7?;~>L7HYY
z0d1GDccd3{8sGAwd1Z}_jics<pFf_iwz8kjTUMyhsI5(PxO$=?%*M&_sl(0Bed>S*
zeGb<u5f*ti&GPsHJ%m;(g&H@`>yijVu~^)9{3|?kx0_|UlO$ndQ)#|WcQ`GZDK&uS
zk}fiuJuL0VKx`q70LuC9wGm1&A*ocDY#1MM#XVCbhp7#=IQTuD*?#A4yP2Cmg+vt;
zh<NX2m`#>tA)8m1)=$ngI!X0Zdr%*4=BO!Mt~!!VZzghtM^02#RNR_iTvBOPmZjgB
zkcIpiy#7@dK!M7A^Y%ThLovLDd}0EkXCAIZ@&b3t38&}#0<i%~8g*1-L{0!P{r0Rz
z4UHs}{9<LVLef<Quo6Q*<wd0$r*3)v_!rPKH|0I>4sB!BAJy$Fzjc!c*U?8gsayzH
zkHHId7~9D1NEY}gUshQ;mb!fE`U~fAn1%?GjM_=FFC^+=dU;1GHjo?~GT3HwW>4o<
z3nG5n$O#R%QpZM~%q=cy3BBg|Dh`e?yS@HBYsrcC%e9E={*Qm*(0R3=vHCyH55}tR
zV2lnA7j4BGVKXhzjqHV$8vv>?L8e*G<lt?%j#|Zv(DLq)Gj>^1USg7>=%<tA#^~T-
zt6HWgTpri2nI6y3(|)%Lh7{A6=F{cs63ON2wTY#crRM0G5Cq(J?~(0K!AovF1`T4F
zHF%dvJv=;40?u=Z$;_d3sXz=N^jOb@8Ohg6(RKO(&Ek1$SIehM3|0=N(^>#k_*DyU
zh+ezxy7$2>O&}P#pQDa$s>l4Hb#iFbN!w;GScZiyl1^))&sDF+;Qi{m-Dc3p?AIpp
zmvP}}dFOijb!;R*pc5TnO%}2&!g;yj_@Ln6+ns30?JX4Y3V4t8+0xAI+hZ+5hdcvL
z$OJV#$dLAAyFdZ#K{C*We693vQdw_vLzuUh=RN%Tw37JCCwvarjLs`jDmpkREAR}S
zzet}x$IIw}d|@2G-CP@sz<1w5EiEs1C?b0E8`=h*r$nTBu%L30u(RZG+lKK>kD5|G
zc?4ss$Fj-S`+m6gjQt1XG+9!&%JtOd%Jl_1v^y+hejqjs#$H2p#&R3&QaW3YV*$n|
zufta=($xeXK74qD$Voa#njte(o14%eZD8q2Q<gXU-b9P2Kc6t9Qka_?+pD5Q+2ecn
zM7g=8tfsP(9Ue&vD+pJ32L5Z*mE<Ibqiu$s5$Vr0)pJo!JXb!BLz@z$-~C!4Q80E;
zk05MNK<l`%)F+tIsRBg<$87qXjFiPOS!ENbDBp3iRK~l*?R`~0Kf^OIhr}5<+p?;u
z6;Oqx>mC{w7B)&t{5e#B!$`t1XJy1FR08i;<cw7`n$+W6Je{b9DF5wuVU0%b_7r?t
z$Hl6okt}g=;LRlCSkx0Ez97?nvwy0*cHE{)D*Bk13&b;>#%9enEgtb+cDL5!#LP{9
zDOhh8o!-x(x~(tO0}M&s33O$U$qOz@wtb#Iz^%<<|Aisac?NTtcyC6sn;$k<Tf>7C
zt7&e$q@>_4I_7paZC;+AE_=cmIHRya|7=cwl~Ld!6*w^wwmm<)@uuy{W9l=3MYcZ!
z&T_b?3kM0uy#t&W)hj`1#t5iKvTn(vibOgYP6|!7jeZp(%bFox=HyRW)mD=B(PwmX
zRySK~NJ!fs8F>p%9*GOeXAXKpqY!n-*Fuu%<~o`e(MCk;$O&zkQGT!;9j_3|@*U`n
zzRs{_2ZKMFVX>oQUbAq9S_#CN$>)}m-C@~pCmJ}6zkhVcj6*24z$uTzVDbF3#R`B1
zhudc9-%5%{bDsb{(|H2Lv-(Ca9LGD0r$mlgj;8Lw34p^S(K@KodJhfq;J_zh>sddJ
zlahrSIA|6d(lqy-MfLD=Q4@f?^KNb#G+O7?I#R-AdL4K~-g>1~I@jh<1>D+B`jt(=
zyhu-(l$7KFa7_K69m8rlHz7{Ia3z71*sPqGnJH#k%k5BRX(MTCVUcg!`4qKr*Ku4d
z8AmD!?E_^@_0fJq|8kQc<0Ouf0<+Jy?G7{aqbagse?+09>F9<g-G%IArf7xF{XWzE
z$-^mcLm+swkO80A*wltOKfflVtz8k!>XPjTTqzpw*b~C$u*)`7a`3D(&EfI9{ph{F
zAvACfHYbWrG&k)dWW0v`EPO||h(Fo<Jbl*PAFQ`yaw4r3p#C~n1ySwbKtZ|Ge!!6&
zTB7%Y>LA_tIMK#PP@!w{9V3gZWCIl4mvb@HbafVM{a5M*VWq=@C-aAk+gH5Y=X)3p
z@<_%g2-^`6PK|FZoxVLqbnW>~x~P4VvTE42+<8t&Oaxk%faE_%GZhsmjHUC59EiG>
zp)dqMeeemJpv`S9zu<pYXBFq%d}^gP?_7nhFl1`n=J$K%;SXT}oy#`!ABgyVS(qN>
z?dU%*mn<vEQEe-J#E26poqQ&f(GnYf{2A?L^TQh-GGfH^aUW<*dV!=_@hQvW*-gop
z^E~9+zBvDVjC#G-nCc=S=7d2)nXtV*<I~Mhk=fQDs#Evf?xE3ky+rw!<8JfvYaTGJ
zf6yURI2H3y!|QQ<?%b)h%MDZFcwZN{xO&aut<JVa5*K3AjKe;u#=}taq_aIGz2gQu
zIn4JEQCe1Njy+FyBgqx=p3bJOQ%|jR?k?r(S}*yK%ZTbK1giw<bBdOZf-E$2ASiW-
z@1}lrwz(e3*4{qGlc)3RNB2w0=*^yyaZi_%B~b$JOGa>tRPxYu2w*hq;p*tf>VZ7g
zP!P(l47zcQl)g4DP6-^f#9KGGqk(KkB1Q`HFu^;z*w)y+pLH`bce!}H=00@=Xdbq8
zpJnoSVdM2XdTMrtBO+d1g8gTE4K!v4gt6<VZ3Ki>@sxpw%V{~1A2wIAg!IGw+Sea4
zoOeDUS3y*DKEJVE?$E|klTPt>or)2ks@4~ty%E0ufQ2JoRSokcgWIJ93u!EwbDEX}
ze;~c1RlE80;p$MlD8oH0m03F(;NM1B>pxHv;TCYP{n_&AKT=eD6MXXmfkv?X+x0fz
z|HwxndQw-8GI*`oAY`&X{gt;5J|$4T!wpMcIl%BL2R|`{#R4`Lk#>%+;g7@=3AGPX
z1tTT#V8}Nu@meIGwME~y*TWq_6Cpkgx#nowPy3XaIpaPfLvpfaL`KBmnIYWlM<I0*
z)PCJ$EMp^35D=T1mRfRlEUbJhXr^Tk!;K#g^IKFiikxu6(cPV^ufM<e@G>e>$!Tdw
zY0>YV!x4bPW|e)j_R^(w8W933W8g*YSH41}T*E=TVdm&qyFNO+(xaHw)}Ya!7~L`R
zgW&?aWw=KT51gxx-E~>3_h?KZeQG)Y(eU>6g0obpf6R|;iHm5#-W*Sh!!`C$l5=U;
zFZq1;-G^UEI>^^`AfRHvl*Zd0X{IAuO5)<?k`q50`+k}X_!^#O_j7LhvPZDEpKPFE
z<vPsFqVe&jKGJMW4Q&fLvO#CctgHhZ448Uh;X8>1)Fly)yf&VkdtdV(=s+8)nK3v5
zku*QoZ&F)up8iE0^i)5^dnYCj*AMcl-C}`~4>gY-iv<?7WMZB&<R)DRS*Fk)gQff>
zD|Knu&ZnZ4SXx?sh<;L)%uz_#@HIb2vDH;WX8}MWH)VR7(ou|y?0UB`rWx6R#F}zY
z<8xA!q?U;3TCr+gaYuG$SW-ea6DO(1tAszBd0$^<@OIO5`fK+|a|FLmOT228&Sv_D
zk}zM`IRhEXMu*iw%vs`3Al}pl>Uv^F;7PrW_(}?dE4QN{^<Ou_zP_hWw0=wq-fPca
zM{=xeb#|097a1aDPm^Rz7(v0cF`}1pN%Ca@icxATY?A|l#+QPE=7T$*8g2$U=qoq2
z^u?s4m~MiPixDH|P)w~;wh_JDHg$Iv4rm({nTi~iYD#7vl6BDItlHEopo~t^jJb?;
zEOQD|O{iZgV?nAadSgb*9p8R`tbkZw0OA@rK#A-!Eyw@#7NdIDBA@~8Q;Gwz4Cl|@
z24?k!u)}jQhEB9<=aPa_{14El_|40VX1{Hh!B{NphgX>KFjQ%3B|r6^U$vNx^_8B>
zH?=j~I2fE7agp-|lIN38p5==iWT6xt#UUJEo0-bcSr-@QoJyCOdAZfMn-!H)koGDG
z2@${a(XiW|lQ#zR2Z>p1aSk3F9Nbl@(s36EH;BasQ7D4;NTu)-1%7h=M9(7H@I+_D
zwa8y;b1z+05l_&xEH*K%s32ASErSk>JjrD1u6H=~VI-x^g3`Z*pZIi9uuq!g;A4mW
zz>1XPcy`Tnyy3V~tWtaXxbyQIgXYc_y2(9o=K0N;O%|%dZyNCjsNqThb~b6L!b?3r
zu2;(^9^nyDdYry#_-jLf8)8DoQd#ahquS{LW8=%K`QcG#ktK?WMq2`GZj-lHKkg!H
zfxv}r*3OY(owBg7@RI86uh%Eb;?U60$7%t%e5eq%Ss#hs{iiNP`YsElU~GHBg4lQf
z(0{fX|4aExrgV0F;CZ^6#fct(@@B;!lH@mo^S^X`MTC-&LE=am{_T*Gn!{`)2e<Dh
zVskU$f2{3)_3{3_tWNmDQ6g+(PR4QSAsPF>=KG6`{)!R&DF>2=HeOVoPrz|!%+zBW
z({I=k7ytj0%D>6|qcBkmS3P|A#VQN84_yNwKbE)X$e=1hNO^Pg`gPvle)k((5G@TB
z`qreVBfW{+2S>`yiC+PTzjJ)al<hLkvC;!$mbJTMN;K8-C;P!~`jP+Y68-lVnwW-L
zfHMBJ%}N{Zaj*a7=Wof2f5}_>?NTn&Y9wcba$)<b+dn9f3Cb83`@d883%~xjR9IYm
ztqG7WET+Va|8b5j4)q`E_ZzK0-SrLkMT;k+&vkf38?Ozh{#zXSgNq-vbiz|d1hsU=
zQ@FGGwlP7Yt7fDdzeBPAi-rhfi=%}cjMG;kJ{Z;fA?01v9r=@(0mwIqe~;4;koZsl
zdHgOvCb{ep!Pd4!4%+xY$lv$)f1Tcc;=-jCB)#AwL^fT#F`}QtI4|W#hrg#EuTW4R
zqv)%QUqcz^`2IIx{8zE@CP6@LXSSX){y_y60TN?-yOf}$-6L4kX9Dj3q|E-Rao93b
zvN@YD+GIRqfSFo+GH6B1g}(QnEY9|a6_7t6tS<gN)cv0V5E6j!bATnxh5v)(mo7K~
zd8BkassH0|C<5Z|?9k&26h?AZCifKh|Ii;_6yNNK%|A{0|0D*k=}GdXqHL_Ilh+sI
z8wG2M#w`KV_SvfW-iKd<h@icK1;x~{Gh+U)9QYzZk_}~y8b>A|A62&+{_~eu1#aK@
zX5&6T!1Dez%J};v-)n}-y}u#QD;^rj&L)&or$mSXTS49=c(H$^|4f)e5mLHfTd@3J
zcG3IYM`&YvM><T<FSC%)wOzkXtMHH42TL3!{<Uuq@qZQl|5Q#$f>Bgj10WO~rMSZX
zW9&PlnrxSL6+u80q^ndxq=SG;4aEkEQl$4TQbP@d01*TMQ2}Wp9i*4gJ3;A&UPBE<
zAV8>r(93zyckge%-#+U-=Z9-qmJi9?GxuEA%r*1S2}DWTkfvNe`{s*Fz=zn~<~;Z7
zpKmxaYoY?;c}Z7n-bv%UyTtna?cb=3BM5M=_R-jD<o^-b|KaO@g@ODWb?`D;t}WrA
zo&itC9ck1&fyHAYhX>=cYZRea%Jk{=SlN=>a!yv?^v#DnvO<_FYE2!TzB3WsfND&C
zu2!Bm-`nSBUuXK`IbtiYW%%C}RR8lu{}mQSs^8Vs)|6t=Ju+K$Hwg2wCjEr;^&g<%
z_wUnig(mXcs)-DAfvPb=8K<)Qo@(wXcYuTKxqVKd+Ik)Sf%R{Fo&W7#>~-W-Bvus~
zLIRyxqpsM^%P1D{AW^`%WZAu!j9$JJWr3{}yNz1KMm94F)?^I;is^oz&M(eLx5`Nw
zKpUI}TdNM@<3o*ig<kffmcVb2vy!0mI|#a!h0QH3>J3P}sIff8mbSKtx})BSiRbr#
zsZ%x0=kxRQ!z;mx=K#m0E}|9rFFoepZcx8qu4#rSXmB72sh%2A_ew>&q47htPYD)J
zC#+07CW*$1%s|JhVEEFY-_kE0&5vu7m9ZxWv2qVJDe2V=Kqq7<U_{StWKX2x#zda9
z$7(A6{WA|D^T{OOyd4`TM9%$l*pS@@emdZ=qQ*d!Rieej#B4Bi%CC?1Hlvb~X3*!9
zm8tq#KQb+~FeYbx{@g-e;{2~&05n?nB_-onefLCi0bL@KV-*H*;NO)`VpWTC1266D
zxFG{6z$sHlJ05pEdrg<0sqd@8YsN7x+Bi0NT~v&q!7yLF^sPNko(|88SK3osGoR!l
zz$ptc49`@RGs-aaLuz@sxi;gUjQBo<wX>g7kQCkFd~*IDFaE1>#1sCaVThvdPEf&z
zfho*-(uU1*a;N)<!8{#XwF`Oq`6*M!YvP&N`GI=1MNFEUvUEGcg_Ulw=wa`iocdZr
z&7H?;g$RT-dSbV@11oyy)aW~DqA)7U?hFG#ww0a%^GunUxAl{2N0Uf!lV8qkT({Nh
z{?9fJJ_DBaiO&ZcU3p47aFScWS!(Z6n9XW^XBy*|nrX9ozuwDR+H7M>e;9O`-@+s)
zE+PUD=(q~9K<94hBaiI7Hhvsx^<^dds&qMzCz4oQ57q*d<<aZNLm`vCfLqBx59w~%
zt5tpd63?efV=JA{j;N!6{)8vxysUlnMEvZm`Ov0To4J=jR>ysEhprzJalalIq}~K<
zdY4)KKlS|oeIcA9b0hZ4_C0pdRndMgN`WG=rJU!{juM|+fINa(mS0{Czo?eO>37I5
zsd{}W&TV|PQthd8u|?7jjaX^PA_m6Lm)cKLLx_pj+EJp8vbw{;cUHW#HB1x?Kjh=7
zEIPz0viW@2Ss6_~7&VdwKDXj!wr4r@F9&;bbMtZvKebpU=~U}H6Md|xnCC`@nzZUU
z99AVmA)Oxx{iD%=3-b~Y1BDd?YD5-`HY%o-O7Bu5-{0|S)Kc4t&M}gx2<t(6`FCOS
zQkY*$H=G``_%U30DrrJuRV<$*VU}-OT9@`2vgSg8)lR+c@1g`z9?>LHkhF)8ND=*`
z51u0`Ap7F)LSewmSPY!CE7moiL<nJ!x{M)DrFphW2#8Pd26{66UqpU+kLjrt7Oei-
z%1OIw>7QaR{~;_aebYiQFZw;|*;w(w)u_nG$k(?Fgqj{m5|bKS(>|{tdD-Jq&HpP6
z2@$Q}rQ(l`&ZfJG=SN+klvb40)l5cu4{8_reh8JNFZz~4e_>+I;X<cxI0AKGSSwSO
zDb4{QLu@6UDw6(0?d8j~XRlwsPRY!C1-QJ9D=*HlNNxBQhXwinXBb8WmUMRTrINYw
zC@vT;s6%O=0c2{;1)Lz`8t8k)za-uUm|L9RUT<^N-<_?Fw8%yx{oX56s)LPHXP{9)
z5{GQP54c7=uQU>R?ZQ82tZy`?6!Xk6k>x2X4S_BO{+8J(l6t6jxsEVU#C=u}QjI)g
z$ICP|pPaNZAcdJ(E@};Pmd@9YgE0S$ydT~7%SNK+%SDt{@lx-NOu_A41e>{t+uxsz
zd2XweQT&jaoXV(YB}1LixOG!0jK)#Cgk1#ge2|5lMbv*My8rx}$;h)Rm7IS`LsJFC
z=aU%4lka4nz=^zBv%KzzAoX`KJ!~@O)AYx$!{I^o%SF0!XSwJ2O@}QNGsu_3-z7{A
zSP1mbx$gtHgg%cl+|^YaqExx+Zy9vg|Cs^xMk|Yd2{+%r4#H(IF0FO#AprPxM|Bo?
z|Jl+#oYOo!fG^@H1AZH|vE@Ovpjlmgy-j&@MHr&KBz26{R$<iGM8`nr&>}S<ax(dV
z&}B<2D3CDTJg|EIf!Z3R_A<-GzoW0eWkVor6^MahdVm&YF`ST6%(qKjdcYMmhND)f
zPEGYItX{}fA$hePWK2~?8*Abl!k3Hd!}$$k!IHJ-R>06i6N<K-1Gk!P^r$i!D)B`f
ztejM#8n!CD{m-B`#hUsx7f(-;beL%>GnCX%Jhe;^;O_H<x6KiX#PclD9=&X*z16O}
zV~1uY=wk=4jj*)|7~!2=F-~G?f+O6f8^>+M^q?W$U9po5!i04+8ok20Psu>{^5n;Z
z_hDh!1_@UKy0(jy?Wq9)p3&NBx{sjyB)}b7BL{fQB%IBh_&@#QzkeU048WwAnZ^f_
zC6F5N)Vp;4c#AOE2g&eFy)2^Aur}nHo%PE63Jy6;YcC7f!p;X1U=H)a;P=Nq$?X$S
zN0)zD8SI``xWFUEY2?5ssrd}H%i@H3SLXN}IDByobn(AL9)Dv-^37*hdb4)qnrU{x
zOBe_(T;<0K-Ah%;dc7XxGl`}g?HEP-6mXAtL(Y$&56aYl(=h5rLyo$zVc8QgUlJx8
z*bHQL)w^^wHTypq!H!lh;XN(@n7H<b$^*uKE*p3WoJEx-I_McsIhvN9{;{B-V4_MN
zhU%~e!BP@iia69)E!sb#4{(R+U)!my6UxFZ1!oASxfqzcB+JI#y~AzbUQko>u3~-S
zMORlBOP|)@Xv^6hut_Pu_1~uc+u!tFJpWLQK_NWwM_S|CTdq9HZ#r=Iv)!9s><ZQ-
zi}s5xRg8mEKhMs-c@iEM{dgBs8cZ1-(_2tE!K}uT%4f;wyNW|rSODI#Tb^XPwa-t6
z+bO$qW*ZgsfO<#8qxp*Fx$QE{UCRx5S;5EZ4n{0MeLVE**RN8!@!6H30QXv(WqGsk
z&jylDxk3a?Z!$!OzP}We!u(jh?523-M{_^$GH~5*uqr<J2|%$-TGfOHcEkCZZEWxl
zlq`IkcBa>_$GLUgLj!eql{8?rMkXm+-4p_!+HEiQ3Gk!}>;L=5j!@=SuND-MEZ4bo
zh3)>Mke}uebslimd-v~uHKGgM%gwcQWr<i*J-bt;g07wa=R0MN25_tD!(j`{xVX4&
ztlVj|7vUK}Y1bnI7|!<Ht({VP8Upt(YgjFdHKAx&ou_a+1SkT{>%Jl$YsN3q8uAb#
zQ~Ky}n#hd&;GgvxFi9<o%mO{Mh;ZGPEA0I_XQ#~Pc=x{=%YQrLb40$>XWaGOCl{y>
zkehQU&*+Y?J6+scZuT^M9W=IgZ}S%~2-JkQ^dES5-9<!CN~o<5$mB;i-Xh{E?MEL?
z9`9WiSI`>?%@(+MYMQF=b@(P_<>T|YOaRhP_=HCMO+5NvXv+;wl$j#nXc-DL#S*Hw
zasp4?qf#c0Bg}}|ubvP$s;g1LZ5PdSsNbYaXwCHr{i9`p<squyuSV%Tk70M^d8p>d
zcEjb3eAQVHuffQUO98XnXZT6{KOPalcs>?r9omYJSm}+2he|#R{7WGL=w5*jQS7Z=
zt6(~pEh7IPxP0>S_Z<g=8mopro4+G8zxJEG0G~V?5?P$aOSwQqpZtbWGiNuD#Cl@;
z64T!)>h@jWet?a!wt4=|{n?Mm%3Pp={w{Q<Zv$QSRt2`n&N3lK1c1hsCh}&)ZwvDL
z^0VJtW%~0EXRPph+_^%NglhKxwL~Fhi=0QHIuNV&X|{sEjOxDvB#j2KUXC-fY(F~t
z>9fY`M<T$}uwsg#|8|-m)ZYopPDg4t{+@x^-H4e5qcXgz>L^((2mhe7=|q4AuiF=K
zxe;&3-**#G|99C}9(xsd3fAcf|G%I6=Qpdg!OP>7a^u{QHmR3m(W?(1QvNoiUoUX*
z%u+GgKc&yhgcG_i8vL8@Hbw$puhF$3MdxqN>ZK+B!hqu7V`QYi3Y3;SubFn9{d=$b
zSy-?fCJl<Rw(oqa|5*H2ZAaen>?2vOD1IRN+c)Fzlh<UcP>b1*yrNJYPBI@lR0SL$
z4Me#0H;bP+i}k(rbfv|ctnE)4jhnCi^}&F&3Oui8Z0efe-yAJK?EJudx!X$v9%W|#
z61Bg^#1>xz2ABSNXPJ@6lRfl*%0?-*XHW4Mw^$VZ+fyD10cjzk7AzuqW}Zccvo94o
zIk+kvLRvEE%V>V?FI)8fBAY(QXj^r;eC==Fsxjsq1!`1K5H(Y7mg+sMhrL=%wc?H&
z4syuq6ZvEDcFypzT93IampCsm0UwI#ek~Epzh@LTA^@X%6Ss`gMAFy{W;+9;@CxMQ
zAxOsUo7TX51Ph<!qwxxdw6U-HY|q&Luq>cR_8r=gPM+=yOfZ;|J$n4OZ`$tyPlk?Y
zOG|5R?hRni8L-D;XH8mOFdqeJOIc7GW)T+R`&QbWl%ai-$Bs|;&q=wR;mkyZYHWoc
zX$i<<%3_YamzL}@i&T`TsAx6-l<wP)^wPfjAR=}3yYuupuI8tSUDwdU$W?i2VD;3@
zEkI4NTOj|Y`o@iAoB8($c0ST}s+O}uW7i~h!cfsa9R!w_^r{md?EFkSFL}(8*V7@K
z;@`;8<}j0VZK#sXfTwoQ31}Cr)lwXv?GN#5=e$}dgir+$G@m_xJ}chFw^Z6AYscsf
zs90a)=Pb04leHc*e!jKMQsNKUsVsrEl-v6-)s5QpmX^n5F7wYCI@}@WeLhH+8yFk6
zVr+-i_4MKf7KENkA8l|h;yZ-1=H@KD2tzuHfEI44*VhdKOTG5|j?daa78OvR+RSAd
zuLP%e#ft}}Da)c$!`dDOJ$t>6pO=k&_~h+(xzkP68**kut5cO>3=>6fYP{eFr6&HX
zc6Zw9<&IY<p{s2Q9*eFL+kIY_9Wiwwz>wrxxj|x=L^zHSkr+08g_bJ$(Ws=PX7dvo
zCh>gkVje)M5Q^OldNJo}XM*bKNGIU5gG#&xNq#fKY3}n0yT`=uRsjD?e8ztJ_Pf?F
zrWYc8ePys7Sw2C2oz*OYN`~1(QecXY)?ut9@y4imb#0)wE6-V-oW-<K&2g=D?LNac
z<8OCOVWJ_^QP|(dnxtS>-WmAL0i~)iSzxB%{t~OlgtHqq5v~S}5jy^Ia=Z?&jALVx
zj+F;YY~p1jlJV`^-ee!p3+@HO4-NjZG0d*Ax;hS6fwFj}F|$tgd1q_)@X%@4pcc~)
zKOCRxi{jN7Twsx|7$~U3EDPEx^-I^*tGP*ikyTBWee1j5VUp`8pjQ%*<hA@$&Fv>v
zYJ2lb$8h=SR^I7mHM8gq;_dzAP+?>Wz^TE5Lx%&&$29gPZzb1`m#jV7?c^wH9ws-X
zhMh3K{cYe_C)2S}pD*{1HQ%c$r3lNJw4(X%vGmu~y_RwxyPS*2OYf1xjl_;gS)R+L
zJF^Ez@VV|o>M}7Ax~op?cg&l~=6&pd9WayzO>#E9-<eUfHoCy9xlLOkh?RvwK`&t5
zJW0iB>O>~YVbbhzb=?AQ<d6UgXxLEJUiLXF3;VTmTwU`o=@k+ZdX+lQsHvtlO)pDq
zg?Qa)e&(r!hZb<s-XVYd_R_%8J0{0laR{rQpIf$3{0Iq31q#nkOb#J-+K9}l;}egH
z!EU4a<=o`nmC;hI^t@`hhV|)_GgnO+)lMFl7CNHVe9)%@V>$2)NU`T0I62_WN_YlT
zr+TznN!h%^0nm}i%EeRZK2fPE?BXK9LK-1f^NA${ft3S)7?*CiIB+OmXyR{!sEq*~
zw^`>F!jEQPEK&iVUSs!ug=OXE%jQny>72@wQZm1Gy^Il9uFt5{yMF)RIr}vv%luQ$
zFS7eGP6n-?ZiE(G&-a(FC6=1?UKxDNGk*P!={ca(6md4f@Jv}*2lE}jwWVZCc7?mg
zRE0U5L6-QF?7{1=@Sj{!%@_@1{iDxPzKvNPKM1!(MAShYpY75I2Q{_yw6y4t_j};l
zTUVr^`MCE}4{$sdqcnPk8wL+A!G>^Ch%m3)l{OvscM>$flh4UFH}66^m7*a)b2K*>
zWb!UQCr7LG1#4jA>x}3?Jb)5--k&-ElRxQ>X@6zNh-WF%WT?iIcrY^c^mt0nYx2s~
zsQNVW&?|m2;nAeGfBt-0aBvzwb@a~M;+ImsWin8{)gJE{iSEjLVT4_p{~*?#0{q{{
z1ROBXl)-4?ovOvg1)L#trDn6ZjrHDE@YP9#3H*kb*WJW+h9Bhio16;yQ6}D-kHt)^
z73UTn5YGc^j1Cslsm6V#Z`hwo)z+IH^3RViyTaN65&qA34wf{7WLa<WNcY)DuV%>|
z^Cm*Zmb}yT6?KfEBwE_qI{?@y_=R+Ei6|dhk_gVHhD^Nn2Ax7JCNTT=z9f;l9Me39
z0ozP@*!C)0QaHz;_@7yWcS-u!q}S^n0)Fz=!Tkqre-izxstZ-z$M0vl2Z`eTXnHW`
zp0aAcm|a{pAaMV!JU<bOv#jF~8FxS$OC0Me4Z}HADH}d6u5w?bn!36Izb7ggwqA?Q
zp-{STo{9***Tl9oV)1cl$MS1#^68N^>v-+fd(VS-(fM0pH`_ZHVvW7XVdvd;bkXz;
zfi-V8H=Xak8YJ_5LZ2Qf6GMupd}*d$toYR!*uHJG8CC5*u9BO#OPA(8T4*eF3DwVA
zRkyZm^mgYA!KGMVT?Ax@%E}a=&1PCadWDc$yGDlkq}zB~Bnr5(V5{yxVoHA@(=#h<
zsO@JarnVN0psFZ;!z~oxShsnx?Pj}7e<j9?>G4*butB9`M)Juvq|ICDGMs3Yh0zGg
zd3$?%6PRs2wOBeiWJ@t?de>LsFuu4m4%VP|Bb;no(@o|ePCn$7Zb`9_CQb&ejU^%4
zQp8(V6HVUE(4cU!rU%q(Ru4D7PsNJ7t4SPCk^YD%n4t3CU7u2=U@)9|rBla(!1Ryj
zUuN>T-ODhwQ%C0p*uUanZtMF|=ZLz+W+~IFot=^R>(n6<M5(fDunTnd()C`1w1#5>
z_^v%5)Fp>j+!FRjDMt)%tX59-vz@+vp8o1Zo3mqv-=04S#bSbMw-)=DnD>%^eyYTi
zf&PBav4X5oPfl$gxn{eLlVj4eorcC<OI-M!!vWwt8nrHqJfUPm4a{-zQ_KOIiD*4I
zDH?+)qhCta);jWk+j*Ay91<$1-7VF=M@vgPVq5*S!eJ^SvdK2b&=|*R6N?7wdXI|!
z^v3`IHY3ENvlUjQ`x?b$jbF&F8l41oLh=g$YC!HJ&or-Jg}~wtAaSb|egx*~mm*bT
zKGzw&z5*x@Qz?Y1)VO^1W=J(PHNRnOS;QTgV?SmI8r%nV3&6WN1o?Wt`@L0KW|M{p
z)OL5g+@H^UgsPwi;L7WR57+OS?~$Rdhd%^1yt&<xOD>R?OS>YIY;!9>O*Z_BrW)nD
zvmvDywA`$%jPZKUCIkgRkIr^^6gm)2B0~3QRU{(%2L_b#^SIiJoq?f0`cnWhEaoAQ
zFP-;$iHr^WOXgsEGm23LLXsziHOtSQ+R`6M78V5hT#xMrAIs+J7W>N{+Q(rmg+SM^
za~oZX^s9hiTklvNZ?wVfY1i{rXsW=d7ScDE!#!}u1f`|pfvrpXwRIsTvQWWnXcjOo
z^>Yf#D?mpHEcbhkyeavJNqm8iaRGnM3vc<Wz%ou)htzKBE~iNt#o@=1v-_)C>({<_
zWYgNH?ckLzh<m4G^{I!g!LG6}_lvKO#H^E2wOdd}hwBaK_|9MI6eziq&F4}JUn~Zz
z^W(tn6{U)AcBkOUkadhh%%(Wa;^xhH70G!z3}X{-P*@(&O5w9aYXZZCNVMy>Xhp@O
zhL#p|dYEjcu?w~A?o@-4894-QTjA$hnNf$BS~oqkwJHdMO~UIhyG<!W;kymxawY36
z=7!zW`0>QfwH{;NeJl5q66`oI%G8x89s6zzTr8s&fdh2vrzeN&Ia1rY2{D*Y7wj<d
z*Y~7-Z3bj3<a;8KtPgkY*Rzmfx)pXTdTl77+^xtYlY&Eq*+$LoC1ik_al>A}u}2r}
z$_2Pd8_O~zU;9Z76|nJ&5m>_b5>cV=C2b6(u-tRx=c!+Zf?>kZf1-`9m)(bF5Qw%^
zn>K;fVh@3U=3w@#%Ui|bJU=Qd%B!Ma*}Ho+YXhpX>OHp2Bs-(lJ?5$pvm(fPXfR&5
z7sylJk#uQ^ZjjUV9=)WtP+hO53ePTFWp^R*3NKyT;)m;5y~4hm6hrP=vHW$%CvGj^
zR5#JL$+cIm%cym2)j@F(i25Wm%?f@+FF&c}0J@I6pxM~yRz;#nVMT_Tsfh1oJ7W*Q
zhG)?fI&xdvgyXhS`#kT>6D-_!)HbM$o2R3z@dX7qjZ;s}`4ayA_-8I<T}|g&wF={F
zpwpu*f#y!l+4tq%!2HwkFE+Ri$A&O`Uv9A01B`ohucy5~LwN}pAy|zl)VZyil)u13
zeY2DGYka)TXo=M}0)CwALtA@_4E-cAOGe}IvmYrVK#9GIA}#SFL;1O|ikJtK7+!aT
zrjMealQr(!K)TfDGV&n|d0RL~xR)w=i}WD20QF|P4G{EUawigm_2dG>=O*xD_gBym
zVi!YYNq8&QK9_C-72c>=ZiBHBxEm)@9vP(v9F`Ur`vvyyE=DNIfV(Fp_1o&otzW=n
zCf|hSnNeR~RY212Vqjq<D-~cnu+byBI5wpoCd;mdh{>Gw$<m-lPSJPlhDR4({S_&8
zqdF!&(ImK^cP-nmmO8RTFbxN>9#9qNmp|jq$tbUL9Ot}%04_{PTehbM05AC2I7TBD
zD$Dv<O~@>D{#&HVOYrg6>k=H;r_go|49C$GKUOwT_<%dwXx-B=gg+N(pQ$8Xu(PuR
z)mYB=sbj%5YQ|DE3t#Ot$Km@O$wSIdO3WSP!jG>ndKirD>>je%n-t6^eyW$>t^dFk
zehgj>3vR=YI~)sj&|Lt8tu<}3pQlc21~Lay6yAQ*3uAZ0G?T0WMe3ypN25&$^P-HO
zD4FF^e`d4-JN79&>?SN;rOj_{6GB<CgEr9n9UK`BEZc<d<>(tz28nA9*HJh|u*0JV
zUPV+#K2}#zkhzu!MOJ8(pux-Rva%=>vgbOJ;p+!eCp$U_BRr(eOL<qH`u^VI6hUOF
zXZV_qwPD=&vIaZBy-n1p1u0$fzDza<?>)f~Z#oWLtHut6`r|o9*-o6eRpZOkwOlnk
zzw$z3IE{NDYZFf^CxGE&R%R@#L=nw9;s?$j^l{-i!*i^SvAtRiffkBknla5V-EDfi
zxeEW_=BI_wnE7f23kwZ{QC?7i_!SmWB|Td(rsg3C?NBPu4R$M2i;?|4@6NqWewXx&
zC4r*kJ+4Lpb~fn+pj<;#bmmHCODJRMo!zK5Ry$R-6LiB#fdJ%NI9a**Jzho{j*-_o
zil0xi<R%?1-5aLhr2b@uWT~d+1yH*mqGA7yzJOv2m-DMkvlbqzjEj`a+4*1GVW&q}
zxkZ4BY%Fg5<W7EGISHv9Me3R|GB6a8XkF?_9akOVCHa;xbjf9TFlQTQa@v}&-25KM
zbQ6YDZAv_B?Falkq$oWJOv9q@04OHd=5W7?8ZG`Xi1OZ)x$iLn?MXS;w%94wqsfu3
z`~Bxhtkd+HDze;{&czb&-ANBkL)o%7=$OC~!$ILW#+!3{`qeHZlfYKa{~bs>q$iM8
z^HFZ?9p@u$?3?o!x-9m$dgLrN*V&!~u6lc&Wgz=`g(6+{_gtRl5By6O=#6QbiFUiC
z*I#FG^>hKV*|I<g-+Psu;YjT~Z$-T+!(JG@y)XZ)+g4F+hfr1YNtsx{;U+J$#mH*^
zxgBG6*C6Gq#YYSA;Fr$FW`f`;IjJyl5ycAJFLkl#yT#4Iyu35cyXwagcb%zsTbU4f
z7RJLq<UstG`|x0uHpy<LW>&ll%X@2^99o{XLO~9cl~aMndL>_>T)xcq$))*ygUYSL
zsZ(R<?W-Mo%0h97NDxxkZ>2}RVZ8r5ykSaP+i!bFALF}1QnPNw?6(HDgU@*w`~I3g
zGJ46eW&JpZkr!Az1Pb%H)%H%e0Hu6sw)_!_(6grcG^AAq=Au%&j)c{}M*%tKx?;*@
zB9?|S8>^Itfs+L8W6--5hq15=qe4H%CELeLz*dRZ4!wNu>F-W3mI`1U>nCl_;wtNa
zlS^=f^aSZbW+e?!0g(n7NTBTju(wQ8xTu{_Z`fu68O<=Rom=%J#5fkTvxQwyWO0w$
z$B$9T9ZfH8zMg3e^p@+7Uw8Pr2%zSya$b5yVMct(2jb!y<BAmxdN8hOZH8Tw^=m%i
z0M{aafNMtU2$NvODl$VADc~S23Bu2A?Hwo&NL}yHe*X0fs@At*h$LQbEAadb0v)aP
z@uvmb-jc%4^!((cW^XGStHH$CR2jC)duyg+aT3lP4eZ+<TJ@fn4gt5FEzgl&Ke`YS
z#OEAXU@}WNC$Wo_K}cK34bOk=`dRy_o2}D12e(nNy$j35kq>P;TF<OQM~#u7n0`2X
zH?I5&4ys$)>weL7ZFi*2A)%5;@=3vQR8`e_(j7B@9aR_(jmYxAK*yUde0HBe9x=T0
z4=JC**I_rBT63&vfkmDf7kBWBbj{I(H|IxDUq@@|%kmR;R(mvdeTUsx7%S01AKB8i
z#qB313eOdExDWTMtGx?!v7S+s{!^lxR8T`kU}Nd|6HShn(a&_lN$Wi(-5CMQ)jHwl
z0CWSf#?N&O&1CL;rg&DYZ;14+=Hq9y<zTg;c#UJ`0d9kzN5J4?9x19HNrvQDMzwsS
z<T!dZ=~de)BI+=9w|w;J<+@$W;oyr<neWCm+ZKg~vPRJ^wcC-&M*+giqEUp>&Uwy4
zajxKw_S&_Yak{#*Qi}6_#;Z}M4*__;{04uQl!St|!G*5)=xoH~^$^1Jq{r#gdR;XW
z6T~Cs>fRVrpVF<rNaYXb*w^QKo~p6Rcovo9((>z4XU~7pFI$v_3>?Ji>7=x|r~E4M
zWm};-TCW91l)R7X7Bo4z*KiIG&+RD@nmQjxs{e@PdK*xDNeh6C4r^}=C*3nbg$6EP
zpqc>Je5Hx)MjLq~+NvTA8unUxd@5eX$ja_b!v}W_0yLZ{9FC2<zupTiti$sWTte1r
zwW5l4y1KLLe>LiBFEd1FwsHw`DM`!((CR)ywv?rOcKulQE#+-_UA;qMTl^Q!al$5#
zvvcj~avs7{cd+B(F0c?ysVnCe(JDY!x?TBJBUe`6$%j$pWn00?Zc#}))-1h>Y!mB|
zDOiB?Cl=$w%hZw^+@;6fey?%28#VAde9Q(rJoyv%S@OuKAKO}EWigd(Fuyfej(G1`
z5*_43Uka1K2YXRJ9Ck0lMl$lSdT%HUpbRHQL(1P*`NpzqTsvB^mK$mTong$MbUbh6
z+k_p)+7^1CqTv?pn9O5|@Ku_+#JBm!1nmmJGdlNiI0Vr*fi}V>T6g+nRYDEk;SX92
zm?FYiJ1@ZDt!yaB37bjY2PSEi<Aq7zLx)?!QHj0>VVWL*oayFH`(}&<`Zv{c=Q{CX
zz9#NiM-wtXpW}`j<?KdW36rRit=5i$wzMoi@i&C|94v8rmFlDFBkKk^e)vwN(6Gqn
z|02r>qOz;UAhDQk>i!p5c%&Dv6Q3PI?5Zj~W_d`rT#*<KQeVQWD1#mJ2c(<C0ud`#
zm;Jnq$RW@BAt|g6zS*Z73SSjw0{}9`@37x79gDEOXa0p9s}2>xev<Z`($*-b*mq4(
zHiP$U)hOVKF)<!2KiL+YbH?!%m$zXzmVZs6I7YTyU;=@U*$+F%6tkvEO?M;Yu!8U~
z^{ivzo_j5?TMVuuLQdCDj|VnAbWvq(5AnnukCuyqW*(AmDWB$`xXP<CD}qKwfR)AO
z5~``!5CPa5z6@M9Lz4H~B^8o>IgC~esB5y`y%SX8={Wx$#Wz;$T3Np=WCEVYdv#Cj
z4>q2<00IOkw)aod->;p!*NE6^l$L@)Kn>jUbiy&!+UFeK>`KGwDnvvOn4o^HxD|iG
zRw55<AYxOde-%zDivO--$gGDeH@*h2vREUHDbtvUU_-j&&9KwF{$^X~4}aVX>KE3A
zb)F$K#FdVdsKQ7v`ll_kC@VRKTkyCoEL;{?K-9Ht-X^4E;?`$BkJk@SsqUrRJp;vn
zehyz@m6GsSo)$+>E?l=k1lpY_W&JXrX0R|qpQ<DPek>3@jeF}LI341|OO#0I;><t1
zAvISTm>b-`^Xq=^FR5N<y#}gbrYzSUP}tNg(%2m>l)EGn+%db=Ev;IB#H0APr%q*4
z#i2&O6FE@>*&seG_}-aMr)#K!UT}rT1463Gh0-?R+7;2S;yp#8M#bimFoC^D5Jgv<
zm|_UZt4Sa<I=&pN{p54y?@$)FH9u3K8>-*L6>He2UG#1!N|#&?s7wLi844Sh(lDU1
z1tJ;RQqscr4Tl%URE1-&iy3;uI?}h6ty0>8hU!<pp7vm%-xbx%;73o{w=wbkum}z%
z4Z7`he(hZR!6h=j$B$ZoN&PhT{=78P)Zn_8TK04b^70DA#I&|VN>l-?&xq#adICl}
z9URwpc7%R%?SEveo*d1Yii=-a1t(iKciep&bXoiHjbs82%~*(g*AcX|a8Dm=hHNF-
zEA`F0xJZ>V;v-Q@t)qaLLT|bqOfJ+UdN&-~@S}6EXl&9zF;?{WI=mj#_KAg7d(Gz~
zA+AGPLA4Ec$DqJ|tn8`Lec5O-o9Na787I{D<P+B>0&>4bMJn#$f)oL2`i72F+b$eq
z>;VOdEa2-45DBf_$LF%dg5)s`Upl&#uqQGbyMYf=mS;$(SIGSZ)do8_fI@kydis-}
zhmO9~fxDA#jQI<BS~9Ue7#^v}ICg#!(eSFDIZUuldRoV=<p3Z?TF~JNe2^Dd+N{5A
zljht_n(U3wnP3R0XLn!T{?KtRkG7u8Z+jy(7PkiLUM<$=-1}O41gWR1>aY_U2+6vX
z=TdE7>T#(yDO&=OWvZ3MntUUPcclc2lpxg1f|ENfrb9`&T#ZdyRpB=~<AeBBEm&62
zMCGh7Tvh|Y`(Vl11;^~$_XRW=2OogtPQ^mk+!C<|gzD}dy8Jrao|rI*5Q&gHPP*uY
z#0eZ3#e$0GWTjce>OU?tSf6}~kZh=Q?}(K|`9K)=jQ!zE2GFrzj2ioox$=AsTJmZ-
zeehNwEvu@-Inbv(t(;rJkDsv6BoRj@<v3gF6*st?FYdt)<)Ifh<P?``u7*oGAzdDP
zcx4tR7`^|Mb>tpo{{6hwAjT)+i7e=aJ{uq#Do{K}I8$87-{uZaBDP}9{TZ31mhmh^
z{7OfxFe7+DHIj4jsoKu{=A(_I4l9p}mEi(Aw2)}1uSGM%cYAVs$|>L4=kKrECmt-s
zU+9XpX>AkBE*puAD7YMryQT6?;NqU*0s!{eaW7)@9%Yj%)by?j85OmW00|rrNXjMb
zcd0StNffcS#N-{l=`$$WGL7%(C6Q6J!c*}w<hyV7YIwPK*&0i)#-8}}!X<LV^+&Ca
z0HFC0C^c%maN4(2cypmP^FBp}5IHzmcPOhZe)312i+-h}pi$sfwXo1k&}CrxmfyZ#
zlL7cjnp1IdQSBYr4zqb|2Q#bkd4*Bi(<hLo)>#Hp*BgnUva+I^t8f`mw$@g}WF293
z99=*VfxR-d<2fn5ejO?=!wlCF#;g_(?5E<3g8|yi88T^GO|jk}_th3%C@5Ua<Yde*
zxhO+a@7r;ySq_++O#Q?njS^29rAac`PzORvMw{<r)~2S-gpa;YrDQ?mdS!#d&=$^B
z^<!#exx&1==!q9>?{UJ<$VlTm1JLCqN@fXmli6MX>l+0h%>=Q{`J$F@z`eeb=CUD0
z)%Fv%lgGd9cA?$-e=>`rb9ycyGyR8de5*to8LNJ%wwH!`tYWCLD{^~)0LvB?o6TyV
zI$9Ma*93vQwxedb(0L7a+jqU{SSU{gSGZ(u@%G&HI{Y19*dey6!&&EalLql-3Ku~u
z0xh@7)imeNB%(0>S;jogJ%HUb*Q*M<^VRbJ%M}#7?vC9Q*m^fo);VzaBaj5u6l7dj
zyDo{gDu1$ZPj$b(;Jh}J;91zDqe}1P>zX{+p@j5Gn}v8@(sp0oOpv=Lqu~U?j2!-Q
zZ%LMQ9#8Nho2gT2Q-$CDu^U+D5UsB$1Ff2s8ZaOm^jayHIvGxH80mE1>=<LZf5caD
zPS@_pabx%*cq?H`+6XI&fEI3vk$Pa<6S|cPn>3sbKrce}9be7#0MS!n{u7<>DGt*r
zk2qFA3rf329j@?t@;Bv9X>aBhMt!X`^!-WGlC9gv(fFM`hU1>{tUx17x!{J@{JNV*
zS`kh9=oe0z2UTSZJ#gS9v`B&ZuE_W_)#OxK?sP3THJ=*#sOrEXHOgG)2Nu6Ow@oxk
zV1JjculF+A+x!8^_GTji<;k1BC|>%C!pdi3<RC>QQL3MyeRHPq7W{-rv+T8c6GxQb
z$6B`~fzn0sC$Df~S_|S+-uwkj`8&2+RGFRrc!|EX<;G~1T0JugojkR2Tdisj{wbwW
zf~D6LKW}ziXv&H(R<HC`$NrBAy{o2ueg$2p2X;XQ%J)^Ut4|UJoYaU|DOz6@f53V?
zE!LrIkV)OSU|eio?F38QBYJF3{`B-f6d@TK>AN&VdK^S6m!Gd)@Rcqk*=J|!=|}ul
zd#)@9^Gsm4Ky}oLtG2L=_V$af&!hQuVh+FMxqml8?kZAHmuja4@9SP7Lunt+R%G96
zTPc^vriF!Jd{wDzhrBIARdy;&=`+c}l=FeWOFHo%we&xENXco+g6*cZdORWvtEz<<
zD5JR=x;cAs;^-DX!O`WxYGqlTmEqO>=JxT^WrFl|Rjn_GDTi(>Zg+gDVtJoXoz)s{
z!oKP5paxC+(12mhE4Ehgswr<cdhm<;19s8U&&XtJ_buAoBZ)$$>%tI~$@Oe+m4hCZ
z-osb-PGt%rk=-|46Axs1{qzeIykL{_gyt_Dm0KQYZ@G<b=_W#^9xEySq^0EZWv3rg
zKxKfMI5#P*g(BIinIhS~ez4S<>Q_s5tnspfs!YTp<>aK{97MlMC(jcuLs=xw?E532
zN!UE`Yf6E})`AajrO&kc1BZwv|B^Ajx0M*1DP(=8wDlUZ{w;y672?10lU>WO?Z;^d
z47KiXr3jVRW&ll{t{G}_a=ig+z;GWwzQvuCU8R!uJ4NXy@m78OSNup4t~UDMt&bAC
z_NTr66*GR>*vG{zG+}uMMqTcBFpMD<XrL$_rG-fg-^+EtEL6+kWYDQS?)>XgC!NYe
zRC%gdQv*?7)}<)6zUBceqsG4FbH}E2=l1=JE~~rNllc3J?hx%Z4610kQcDIM`FSg*
z!+Pe+uGA~DJ@C!TTgrya__^-K^!!oj{Ef8JzB9vPMyC98hSe@FEeFkNn3?z^oh03D
zwPGK*?XCGdfv(}RteA=C%f5yE^->0&dUBMEWzD$G2_TPUIt~s*n>Ar#IG0t_e5d_l
z@Tr#!ST<hxYZcK%5ttr>5HudZnhm+b71!$1LgSb$iwaA}fdyXGr~U`}>_EwggXgd#
zu7w#AXH;ldZRy>U1mZWmfQVXyZ--(Wo3-@0rmM#v>SfG8I|_$gvE71TTcCTO5HAka
zj%~qAA$#n)SH78O%hAzUs2<<BvC`zH<)gjn)mMjI0=j_w>A?2i=wO$<4YOi7Ft}bR
z)&lZ&w9H2A`tI)_z+KVF9!`j&iRxP0H<A)k!7%N!PIB!yTjL5Kt7Bh<xut)5e`!l}
zH4z3~W8L#8Q~+|N=P<^#NKBPZ*#r$9dMDhFAZ+{$C5()02n7u(X20II$?{dn9y1kc
zTJnhR*d`pVf(;7rc_MBl_p|F%TBmYBolmH|YSxhkw~b}uQcWO|CsU`$v^wZkKd^y%
z4!LshSanOD(4=#bFFEqWb$lDCSHPV#{L};+J}Fhu%mH2nA^=yh<)I@ozs<Z|E-lh}
z+~8LScQ$$08hoYs0$lnQk$Tt(4WEI~QenZqFSukwzqzm|JuPjn;>H3*@3-@VD7`mZ
zWM+eo52PAlvXm@R&+mV%M5>RQ0q>X8sd6)7|JC;4y7Cc+P(vNc`19W5JJJg4itHfo
z#d-Y#Wo<j+%5e=}u-zLiV-N;_W@mn1%SxT#nO2gk5vD5GLnkAI8F9U#`Xdre4?p;Z
z^r&R^RQu!k8_hhr2oiHp#XzO}P?Mtv(092B3_`_>Xxyt+9uhEI8?6mO(lu~Gf(sy>
zKgMNrwmx=jqDwzVd$7P4GOFc}Nd`Wu8s<pc6bz2G;*XgC80vGd1v}bz=r%Vlrc%<@
zy0bpoYzUm^Styo)6(qJgFS+piZu$C`Dg?Pe)arBhZ+|pN8?o|UbWznk>kX$!@7LXJ
zD=JaDS4wH3fIpwFW)xX}oKDnG-F2D_V&Y`$Et1egdP5mI9;u2y$z|rcxW}i|nXn&H
z_W4!n7dBle#Zl(uoAbx@TohxtKUY07Pd9)v802K_l<i`?_wm(EulzikgCA{v7WM={
zeB3G-Dxo5>LNV#2Bwzqqu#8nTIj|!5sC`gPlzIxtf6$@3xRG4hJkNSj)dwL--QGui
zifpv&Io*!cwI1uQkoE~-%p#wc--AXa7t;c=DxmR<N%$M|p%=;*zK|$M?}N^;Qs46V
z8r!BS=f>Ixgk_g0+b!Qud>>Di+<ddWU#(Mmje1WM8cCb;TT#}D@6r@2ijzvq{Pt?0
z24E{rvrxa}A^}CV8J2h;Sz!BCHpy?#(RCEkFm+NEjVneWT6=$vrQoHm!}E5W3<xP%
zhf7(>i%nE=y~4H3!p3!v)~wrDA77+W8PgdWmr*<3i1tHaznxAv)q@Y-3e{^shM(5D
zwmT*Q#3O6R%c9dASfD8R(L8spcF*dO^v&>HVaT#F!iI?OeahhUf_e{7=v_h{u0?A3
z;D0_p0NT_>xmt%x_zOmu?%Nz3jq^1_-sSIi(Z9}}BF(51;1t`dhnF^$!9E9d99Yo0
z^U;LsX~cNRMg_3<t$kxAM0i9<w@3{cp1l(cSqcaO$cMHu>)@1-$%*gsUrsKL{@+es
zsz}T~p(3NMH<Z(s6=QvAEmnNTYii#rL+U;#&{_7kt0Mu7<aNv<NATy1ZNUYzQ0XMx
zuMd>ZZ-X2#FM2(T;<<Tpu`FD8q9|6-*V%w%XYUSVrOI;L5E_rQMUpg@ei*93t=DP#
zZ0{`LcJKCX8J%JdYlRGoEiayYIKxMU$GI<5h6TZ{gX2|O?qDlj!Z=@2$MYp<yp54D
zqoBTFUBl;V>^xH!{iy!P@-#WajY;N9tU4}vq^~RE?wq7nJPIabk#Y;4aO?ZXIr#RP
z>??F5utd|SL|iqxBVn*ajg{LsTN9z)RKe5apxSdYoXXM%SflPQwyv{_fP)^a2;Bwd
z{akc`cg#Jig{(%k0ax{q1mAhpN(puJwkjrXcdN(xDWlQBTj{JVePIK+onhfTwo6Cp
zweP-k0Ns}i%1R^t<#{O(0D$?75pAE;(z0~gP|^1cwu&g8`z|#bsTHp5k69>Kq)zw)
zv!?9vhd@ECYSOh9AQyub4$^V2x)Vm5<=$wiZK<1F7`k_?p*K+F`Zgy^qfG@Hgkt2M
zPz4>kDQX#(0IxBEY2b##P<yH7@b*>nWF<<-LP#X(Y>Cq*Ak*7T1zJRp9P2mwm4&(D
z`60{L5=|yI1<Bqihr+gj-SOlKmr?Egp=(llOq#~rzraJRj(M!xZc=d26}D0)Z%9zj
z5BmbF18cVL9!h@RwIA-7g{gcz3+tZpaNTfE+`b!BwZb5nfKW&p!+jJ%J7Cuf2M+xJ
z(C=g*W=pnx0nV@DmmLJsD++y0N!p^ExC~9mEp?h{#P5<MBWRLdXFg9%6Z)x|w{J^-
zI%*wa9FpM0+-qc-dz>`19y1ApXq=v&=+rHW27JA1!(ki+;y1qS^@-JM@g^YuLtDZc
z_7|8AfcB)}!SqsdE}IuCp;Ea)cnFbqc<VUhn)G~TM#@UFMxa*m;1}F;8J5G@5LB)T
zaOW7S;*hjGbcPj)1a!{tE4=ml__{!1n3OhjsJc>hYfsW@sUXR;mNl3#qLTcwgmvfc
z_FSau%dLf7RP1pz=*VM+eiQ$RwXVzco^?Xu7G$9&_aQho%VMi;J1XYiG@GbeDE<)P
zDRmv7*#|xqd;^BDL)Fj^n!bN-@}Y|$jKOv7<BIp#60PKIFBz8jIL~K!I|>VTBh-U<
zc2HWeb5`p-f@{0@fq#>0&(<ctt!RE2={(&<MXa!46nguEr0W7ZB&h4h<VlCuSecXx
zAc(dE)JX&V4<rLTAHGIcvJd3?W&cqSvRlw9A%MBaOLA`0_1z<Z_tyO~1;V@hOK9X}
zR`+uzc$dxJXEAZ!<4=%Lo2k2S@p3r06~9^K{Ok2(O}Y0Mfg+|<;Qm&gksNJtqoZyo
zEkOb^PcE<Qv@jOyl~caTPil1#nC->%kOwg*7K#nj$#QVy2yCmv5-RzC+!Nz_M>FST
z;E4Xa3+wCKCx_{C#RJf;xWw&_<-^_vIGoqmsoKO>GHlN*OVWvr)n{Ae`Y|AG7|7M)
z?|S+<(O}4$9>F-h<QI3AGEn?JO8_^G>5~&=WC&%uRjF%<>l4R#HaR7pez~A9I$2jV
zAnf=>-?ftn&@1k>T!(}?Qr1|NN2hc`Z$JOSzGG`>(X9fIq{y`&o?VmGu31jBU#k!n
zB?0;Y0M*8BmF=dNNX^Bb8>?`z7_<+{GGFSr;H>301|CO&Y7!5s1%@vA$Q<uGy2c@W
zf7hz4qfOWznxHR&5Qu*VlRf!&Sda<QTThiEOfSmJ`Q6+7TATyx;_*hHUs4bH#8sMr
zT%xMk`+Dg&3c4D*)N^Alryg_7brN#2HdfCzjo-f7e#lrq@d1+Xnd-=0`((IDn0+%;
z3G!Atj7xiKh|l;qvA;#jgJ1xinD&{l?n)A5^<Mba5WugESx;o^#VdaVYM$j+L*?8@
z)15|&QU?KZR#Q&U2v45uHh`}h@Qz>6KJMMhYcN6{9hYf1>R&>s$Y|*jo_>^+yGB*U
z&6g)tFiUXWDqG8QLwaUT%N!hZ2-|J!aC&XD;oi&nytJ6k3%cr9i^8q%?W0~|V^}{O
z8-=azh}>H?GuuDjRip)nL4G}vso!X%5E>`;1X4k_gb{YN(_Jg5VXL3T1CGqft&{Ka
zNPNtWwi;3)<orj>EM3bv`kfFo3F8A<m7@6v4)i_lIkJ*gvpMzifjkMqCdN{*H5nF3
zFB!dlV0ofi#-;hd&_jEd!>YX5I1y5Y&->7ea&jZwJ388jLO7BrUZc;K82OZ9h1y;Y
z{%AVLNRa>raKD?8Q8PIQS-x<wMm?T--yn2SP5oV8jqXfkZYe;tq^GtJaZS`R*a<Y&
zY^B!eU*Z*dI#KP~FPNZg?u?%e6@D+SLA%SXBB)TE<P<CIy(ira^JSKXJg+HTARY7a
z1jgjE4Jy}~#Z6WkRmejU-m#Hw$jTq?tY)#nj}&?sqT2o<(Nx%73=`KxE}B7(4@_pa
zw>x)j(P>{%qwSMw2hU_VbHikZKWC6uo;IM(4T*6OeQ?<JDW&s}zW&~#piNh|9@Inz
z!xr{-0J>Us#vINV>>68#Yn;iLC(wre43c4zzTfvgZoFW9y$!4V<2MLnmZs|5-d_F!
zVtfAOjyf`-5k_1p(Op=gIn5~Jwd))Ao<T4-&E9|q7S9MdXo=1Zs;W7cbEDMq=gVsD
zYX%RIAp0+&@hTNgvq7Axsi~sX+`we0=u1z?wPy!ko2m3YyUgugP$t7qu5Z@q{IGrD
zA|<!&eI%beiDHv-Q_|v=1IiAzo|z*z1tNpUD6HsLHZ%o%pzPiATTREKrPy|8<GA4S
z1POI5JMXcaWZJy@i@%n(YrEzp_k9lsv<nCL8f4!g3$J(?o3sJ^V?rCWxFms@RKDfj
z;yY89d_7FEHpa^Aoe9UZsr7%v9Y8()#GN+oTcqSSlv~Y3y>c|AMdA4P0m`Ox_rej8
zU*cKhNfR>AcXKwsCy(wK^t4B;Q^OIGD^m?7HR;jZnedTkaiC_WI}Lj__e=_Ahd|*P
zVHYOe6`RY=-2i@tG79%MKBia-ToY~&O20r#84ky7g*No9biLapu~L0bSRTp(G&}>v
z>54f)8&$K)Max0P?+(W2JEm0Ob=RCGlg8+SgQgFr%<2)|_VYQ706GG3e8IVUIBI2S
z)fvAVszGG+h1Ekdr_26D#B<gY5v&iYRCz^wA-XP;OT2rvtmCVBa)ga3U*jIh4d0ri
z2LKaoS+8lc`Wz;E5bV1*1LLf&gcdHu54dBx4OK&+IZ}%~yPDCd@B^_acLqPhSi;U`
zv7AL_rE|mrdHa;eO9z({M`(Qd!bz?4uJ$_zjPmz??E=thD44CLgvV9cakp)XeH^=&
z_Y;;n3ER=A^L&LBvZU|HeiqHAKoXcy!a5?lzgSG`*kY*?d(TcgSFiqkCk+yY@VxD*
z(UY{$_SC=R^(8}N>1$!VSJUcRc&z)Rd30tzYo^R43I!TUxJQ}yFlX`iovO8S%~Wi}
zjHX5?yCj@VD#~YahGR&qd`FsKUdu#bdTPT3lub=df#plLffo$XYGteW=~viu?KWz1
zDBA*jzi%&f)yQL#3p=qikhRp7?E5Xz9R6gDLhd<0`bl}LyA$wIwc86mQj!};xq*QB
zTLyf$$f&qAvQ)~gHhIOe`sDruZ|9^tYJb%Flyg^jLG%-woQfU#gai8`<5~3FiOGwv
z_oFSo53|*ou*hlt`cCy7+Zo5tw!9gJ`p6_sCVbaAu$C|t94JK}mD0IJ4&R?=q!*NP
zoku+mY-Wl8^8Zz^(e1U-PS;2_<|G;D%S>k}MB+}z02RscdBNQv6PJ<VU&6Wi<?lWB
zXB?LtW0|^!;eg!qmTz^FLD3ly74AWkzVb3o<cBwSu0Rp)tdXKtYvI38!q9-gz@PSE
zqh&z7U3g_XlwXs|dGh$X_92sNjdH9|$bL;kcXETgjP<_XdwuL)4YxuZqSUk2yyenn
zij*Nzw=Z|-txGZ#`Kkg%sJJbe$mS)>@Jl;iSIAI*{i@t0<(EzGJ_f*Q7VxX)45y@2
ztj}QqIMx3N^3pszNK=Pd|F@9-D<v|0C&e0a+&T`uZ5qjMkw;y#_=G=wpe5daM|ta%
z2CS-{Z*fU;0z7+S3Os&x{>y;*q%HeIPGu%gYCv`H>lB8=!CLy#TW<!I|D@X36W2tq
zscljt?-wL_XO-)hR#HZ9^T+IBiz^9Q<*E&Ay=X`G$w_PWb(4wcWcAr2==3_p1^DvJ
z)MYlf%tPem=BXTDQM|5pm#{l>qcId;gOqg*_!loj=QK38KaikEc!jem-xWJOe#I{h
zsM8?>JyuYPv-FztJH2kVg`P*R<`^A3bSmX0SA`Np6FqZ#w{Ug^Mqy;Xxt9$+A}oHW
zrpG1$NVVSo3hJdPX%m?Mr{p6Rxh#R|wQag1y)d7pEIGpBgB-nE_bdJ2%6D!0HJ@yS
z<^$!U`=5a%d*H3i+ar3?t(-3ANO`pXyY({#j16=wI39|<@?yGBy@PYWyPwt6x{f_O
z3S(!we+B%G-cL~pm0J8dbh~b&OKfI|-YUAhuuJww-wX34i#(LUM9zLk``IgrR>8?)
zE0e+%iX!&~b~Kfjjl_tpe04qd)ac6XPRmA`xD;gSo_eu=_Ua;E`#M4lx~a%o<Gy++
zko?#C-idu)#U(z?tr@sRw|59^T9+`r+_FW7^ky}Z7Q#IESTFBf8C()fx|xc$X!!_X
z$g>YV+jZl2S(Uw>0wp8Al7=lu8%Kg8Hmmj23V{mC)mhA~iXAsbUFP>6>jic-lwT-R
z>lT~4^ppZ`QmV0wp>FeU90yZHipw(Z!%uhboV8i1kZwyfX3^n1_n9ITAXm@OEC78Z
z#Tu`Ry?RDLr7EH42JFktRsQTT#bOqmz1-LsND=71#_VoeRd=65hPmkRC1A|vRo4y9
zXaL5NNG!!>0X#5#XVna>0p0xkPRmqz{koX!ZHSQ-x9%Bsja~YUU6=O=Xp>k5aLu{A
zemv%fVqi-c{zFPA4Q6b?#@MqXZ&`=Rxr?f5Uur#B!t}fR!xe4lUgZ9kGBxn(+wc!S
z9jzjiQ111^Z_*t9_B=r})c7LX7S&;x>{p>jl~-E1z;>Sp_RYB2YIA299rqL~S^t$#
z-Lu(RbqWosjW0<p4&7)2_+WGHl>^U%t;q#ZpX1-jv`52N+Tt~^)%+*U@d#8NG@j?5
z<Os~v%#wV`U4B`j>U%wyO{jz{!#@%F-DY*WiRFUy{sbWzH+YySw>WFZ=c&)_llU<A
zd6r$c7Hm~?;Q&;C$n`lmeuISM;nrj?Ku>22k3P^~djOs9wLOg<*B<xGtYnpKfl|n-
z{tY?b1goLCkKF)_o2TG95@inUIXd_G?Z0E}C#z<rO5$x0)23w5i`k4~phL@*6by%L
zFY;Di5ann-4;z_@eeFXI#9N0Nyw>~pu)3K_l`m;*zDwB;DCZ>|V)M=lddT6gAdbt|
zdZ$`&6zKV%wDcyGKubu!1vjr-aClVmkrwgXutI$2#M5XqOZ8y)(<$U|R^eyz=2lRK
zEU*K7B$+T0d$O+)cES|6`+q2V3#cr&b_-Myq?8U3q&pRm?(Rk!1nKS$DWySDx<R_T
zq(r*Aq`SNC`gH&2p8fB0{&VjbdkozU9em&WuJy!x=A2K@THN={O#iZYs>2EL#$-$@
zvhVmN9QMWsk!`bFlN%ZmF0n^O+V%E7`U6J~OeFf8?%W2YpO4j>?^i<->YE6&mIZR1
zNeJXI=jF6PMMRmq+GtR)!r95weaq!^a4)87LEF*%2pTK3Kq;T_LfuehW><l8%7=(@
z(Zfkl{q6+8bhH}Siv`Qqd#+${zp*FRs&kHIp}&s~QfWw}e(TmjTy?W~hwGWebW@{P
zfy5xMTD^NZ|1FNnsJd_;o#eM20^?)v_n6Te{Wl75jW7XLw{92vYYwE^K!!mS%|$s{
zXUC*jr0%dinj4NGaru-V21_)SR*iN}bdh55e1qV{d_6Y<LxrRXRtBgq<ZfeA*lD${
zt8SNC>GQ5&gV?1~@4r-{y+;k2r;L9RJU7Vu(1<~Rh+&P{IGD;S+X7$k?u4f}$tc9y
zLnU8{O84p|$($!L`NC(`uYwR5otlyfn<9ywfN6iKEYn?s-D!Ug&j7lb`a!LBfDutG
z=_7&AF>X$k={R}JU}H&9!itFZ%;R80b6r>dzQ@%<R|>oBg@`!Rc~LI?E}++(z3?U&
zbHYM4yV6x&n0+^%pKMOoo{`$%;iCNVBv;wPwQ(OxbI|JSyOiw8o@(8;-n(0C?=HR6
z7r{Wr)?6vG=4d@64Buq2Kk-cVL}1WtoS|5@h<zQl+dcG2L$p3(JK%7?yy2=4W^1r$
za6XDGbIMYadw23>vRubYOZMUZqC%<B`KUvnv!yXrRbL-NI`uw1IGdZIv;vYnlMa9k
zEWA?eU2KLXg_md;;*O1{xNnQbdfJISD^`+r*{Q>wAtLL7h6gC(MqtY8EO{n(oETGN
zT4ptCN*1lWX7e|kx@NYf>~xYsT58U%>+t%JecRf~d$6mgaJ><3N4{g}rnkApCio`1
zq#d&v{K|UJ%pLe{dhhb*?xx;u=|3+wEnx@&ch~i1?Cv9{%9$&N10JY_l?_F1PdB_<
z7`SfpjC!JhA*~*n+N;HilbHi5AUO>IRAT&i{fR=g;|r+NuaijUmrGPBC08ppd|34N
zSHFCb^S~%(Td8qwZ96iCKxhYw$xUc;?uwnHY5qyU{nk}7h`&w0%ih0ktoGRfD*>1C
z=9PoIcduT0XCMXjI8uS^?~c^AaKgijOVRnmK{y1(>A0I{acXw{J;NO&h}E=mMYu2Q
zYCauZbX^~~6L7w#CM{T9Jh+W~?)G*$&c6rlK=HQe*FpX<&)Laff$_2aBwYbObm%ox
zt!^8*hf-o{k#bKWPh1gXT5_r0ES?=SncAgI7$~P)+jBtDXA>lS8qAk7iGrlbqbMM^
zUaw%faLn@)vo{WNaMl)Ha+!^awxD?)MI_I>%Kd1>0CVk}$tq=Tgo&`>$2;$Nt%^0f
z!pm3AgvSv<NcpmYa)vb)yd~=NFb0;o&O$<RZ<$}bw3BQ!kxMi6$R93$E_~PI`;vPk
zEJ2x43dYudxD^P{?tazjlW%g>B}6lbts!jW*r_a=2<ktx&}#llJy9&n8OM+&3G4K<
zPauB&?kEv^tyd*t-#;URcr6^m$%;4osq8%@h)Vb7Pd(oNVB)jM_*i%wU}8@whz|FT
zpFKP6q<vZ>^rd)BM<b8bbh+^TSFyZncd9tLqUruO4RY%qF;06k2C9O!G`TrblA%R$
zqk?cbAdlJ_Hs7)~JMMAVy3^}~#rP!bYfp~8DDA{r3_nyoLVQMrnlxbMb!{+?eE+81
z!|;HU_Q&o*lSaL4wL~iZ%6K?2*4tFqZE;a8u`QR@{nyhOTOEPuVUvM?gP~DhXUKmI
z<OqixUVDY&G8?eLd_bxlwa9;uKW!48>3tL#SX6VB&eQVsbl$1g@9p6;2KL*AUC=UC
z<#YhlbAj!ZTQL*akHz_R!fJ$Kuy4UVe)(4`CHvsq+4L5m5D}7H9~A4Xvw5vYw3tOG
z{+RpBS6tF+|DcDT`kv$B!n<X@nXTxv&Ik^tW1+iD`^A*w`H<ywIoa9H#V2!hKWCn<
zcR6@-MXyqpuM&9iVcB>;$8`pmh2PQ)r}-3RPn#ydpmLWgzqLwk*R62I`NU0g`Lggj
zH*Q5qZv7xfQI>jPX07{ozWOtMQd9cXvgiwojLPulay?LDV|Rb*H;(y?hChCk?M$lG
zg}dwmATcc-<tI&c8$^CLtAm$U?U6e&46R$PyJio!MW4L}Pq)V<=VoIL)!#l??kzsF
zSdO|RY$UY~xSw=YJeyn^Y+Sv4*P41@lD5%s--LV$@>9#`o6*@9n^lW4iG{x*`8lr>
z7YX<ts<&2kchlwm;%0jD#$pGPN9ehmr|~bid)VmJvtGwg$Dcwq+3@3)#;xALB8@mK
zJ(u=J>kJ<0R?HnYN$`B>W4q9JwVB#3KUVD_I!##H=*UZd#EMSo)X8z`9A0DmOE88?
zr8<ihu1!`m19?&uL7x3hiL;|*N#!@OaY@pBw@$F5kJaR~$K&)aMBZLGpj)l8neqPV
zefn_TXv>-}Y=xN+7R+UTmcg?3D65Xwo|Q7s+QC>}RHfWeY#?3QJ(`<id9RYAT>x+_
zh^T|pXW?hJ3$;8v#X{EiHKH9t8-%`0Z)aM@-`>fV?7W}EjUqGD{X8#oydhqedWOhg
zFB|(56({aHV7ijf=AhFxe?odid~UyxV#Ar(>bAb68&OmI0pFQq_2KNjZpaO`+lQ@#
zCthw<D1i0k1bYWI#7kJ=I&LR%yM<xEt3tmw)4{SXqTMc9R_4Ct8xQPy9+Mi1EfVsA
zO7;S-{o_OP7fMh%-LmWdlq(|>{eaUs8{!U-oNEJ(E?3?;m*igpNv@Z_8f5@lz|*9)
z&&A+;tdO=bexrZS`3n>~O`1*?%WlFt-10U$+%QctO$@G$4b|51fOQ3loqB_39KRW6
zwU+k_>}P3UsnD%%x5d9s4wO7{usuV|oTzJ7Zz^xgQm1&8|MTZl8P2UfFx1r3fKEGr
z0|4-A&B>O@?w3TwfcxTPuw?@xrgzE#fDM|;R_{4+nCx(4a?v_R7vI>{TTaJk=7;X{
z5V&qWK$b1X#Lexco4=Jkb1rD%y=SzU)W+<Z=w!D%2rpc=MGRN$495Jjc*cE$B!+0{
z5XxJDh-|N1K-zrhKz&_VD$<;<gH?P`A}+5cT>e$FQC0rhOvU=eBU~Rw*4Mx1qL<J7
z10H-@1+K348RWxur%m>g)NHN9VcyX33ff|4QHQsP33Art_>XoC0iannQ#3pWELiL{
z^e8_<vEYo{oW0#Ihskq`Drda^OyCLBJWsp14Q9^p_zwE-QqDadsK`1vE_?@c#z64w
zWmPI#@RKW4Rn>0sY$`SWx;{K3m5tnytHrN2-r07%+8wo;SV&Dz;#DpgZrBf&JtT2B
z1P$IG;>6oLg4%*O2-<TwZ++WxCQJ-_N`uZC(}Z1`c(c2FA9oNuMaRsmDd$}zrR|#c
zx%9o%>7x@shU&TNA9rv!bcb?3SgbTr)GhLm=lZ&xe8idL?Y6n68<7h+i5ci$&05=D
zTriyfIBCYBqe{G-t<$|zKWc10OHXP-Ys~HWLPGJj<-jwj!83WHL}P_pFe2yI=X{5q
zoTjeO${#Bw*iU5lYId@}&o4g4O4)VJKU8XIFq7dTt)rpHUb#JzYPC4&ND+>#JjPfb
z6AW11)4#nn$lFGm7(A`tuYkpHwCSG>P3CeDa2}l@X>5OW249iuG60i3!EvCk?Yi>~
z)WvD*Zl=Y(9EdtUq!vq@kCugx<Gr<GJ$DCRTvb4TCRbd=n<)bF=E^Fmtw<$R=Z}q~
zbK0V>uDi(0>dKwu?%iFe)_2)CTzCC?-<|}bMX~c3!>l2_;_P;W^-Y^AxS&xgc6Z?*
z!<xb&@WQ~zur)3_9^3WT9n1CP$ya`RBn`E&5(fCvs#O#TvHNWF;j@!8(na~?^*2k*
zJwER@w96i5s}U=YqMWuSwtN|jqP$LPc>Ax^_*gV(>|Rzs+Mhgdusg<JccP#?xp%@7
z5Ui-RAZTFT9WO9qoD`=T`OZv#+Rq9rf3n^m`Yz-Zr%2Gf2s9EOVH9x1O%i{~5!wKZ
zN=&#OeOqAh4n(JrkD*o$Io&n+biriwCH?|q{Vtllbau^Y0SD=T{wWpSN4{&~U;Ez5
z*V~WP6JJ7GKj?+q7R@;133W%dan72|yt=O`g|0JX$m~}F0BYKH+bfSR#BK9wQ$0%u
zTAb$VLX0S-<R4p}Oqg54KsTa(uRjPyDF#z%{E0PuZdW+pP73{tOBj2s7*wC|N4Q?^
zO5Vkn!yR;deqfi_=tNw?Qx!AhkDpgRn8p_06_}&m)MLzrSLctXi)M%R?cJHHJCO@d
z(M$D4Bl8te8qhk!&tEL2IBRIZ<38d;pQ$hkM=`z`_Jc<!t?{1?8)mpcyNl;lEqYN^
zpds<YE<rqsTpr+}TRY>pCdc*dryI-Rn?22R$Mq!-r6|)a50C1+5_;UOPff1DNZz<B
zY|sAo(&lPiYe$qI+f=zAkM!8CJCcmqY+{4nhRQ|{D_W&Qo9=~FwDOS#{dm4|Ca@b7
zr$Jn>*7P4UP0eR0;sG5Orpp+vIWUcZoej|MJOAZv{sV6^WQxYocS3YmajI08WaJ?H
zwD}$gu{!80r*57B-)O#T(g=Kf)oj^voPzOMuQJw@UDLyqAN`cHv`5)AZguXmm;?l(
ziC&9hlYTS;&?tv-kM5B!B~h-Jm>w72#Jij-79X@W(pTiFpGVwGeF&FSnU>PMJghO<
znJA)yg(kZZ{yxgnO(7$qc)G<DyOs!0(idaEps}{mP_C7n8vEO9q-l+3*i`aa%MMm1
zC=V1uU%su)v%k82{_=hWf2QRF;;Z>H+$#5ChUZ?DPuH5825p6epkuJHCQqu9BQ49E
z?k{1qrk47YM}Xsm*ji6a)Y&m_qx@~H&4)E@SCQ2{u<bcX#-NwHeqo(*Au(N}W~0A*
z6@cl+6NPnBItq<TiG(bEh6P`fIUk4@cDmwziOWs&ZcQFMC!(!k&Hx-Es(D{r)EeYk
z3)(EZ7Ri9PXHy7?bP22$Gh!|G*9GkCM~3@O^U9L}8{9DE`rXu;ev1@-cP~ehuZvqA
zu<ow;_nG?P>yXZy2HU(^ef)*4j7$L5SLwLNAi}<n<i2zcX0kopn$$|)__8JASb~7V
zPGV_Wc=qL`a{}9&BN&*K47S6n2Ul%8U%uB6x2wL)D4Us2u;n;Lv`mt+Q%!Fd3CiAL
z9JHcS>?2<`>mMw50RNewKA*>T(B97^)9kkxA)~VC7T$+BiKV3_oa&OzuXa%2T@QwJ
z`b)&*%kwX3N6-a5!I@gVO0t%8{`DO{pxYZdvAY++aEUky`FVY+4BY#9S&AnyVF@^W
zJGNfBs#6)lh`xqON~90~imi+P5ETv{KAlq{E@RHcR({IjLyxoW7d%`y|1dmmdIwgg
zB1Z~xyZT?~(f-yi(Cs+Boy)!B^A%U3mwO<}zbo<T&3Q|&6M$bVAA+#fBO-59Jmg~`
zN;Ns{d)n{!_;fbRI)TNIRO{OrfaI(xlqr)E_4G<cj{_7duZGy;y(W*Z>^*0x$E9ae
z8=Vh{GXyj>lTh9-MrV`<jq>6$8}or<^+uEQxXSwpEUBAuD>5BeI!lbNi8Wk-+XcAz
znGDTeX`m;bizMYfY4EXK`4Jj8?^N*p9cz=@g+lIe)a*pIqzbiWZK-4<$C9x9az~*3
z<`5C4FhnBjEOwG+!(-TIta}7JCd7$qP`hB`7<6)g=v(wyw?MZ#W#UQjHUM(7fR1*1
z_(xgE+*4$H+H(gJ(^Xc2(zLmpent9Wnd<|EM>2eb0T5^M<<@RK>Gmhn&zQe%BK+kK
zrH=+)SU2gDP)kDzs8(7{{hr7Cxxj&fk=y&db{s5{yW-2%Bf_%#H+Jh%CXc>u!P5CY
zE=7x~OKhc}3>N833XFx+5-&8h?KqX-u;kUSqm^e*2PIg;<wyOVU?f;a4H$Hb^7>6=
z<3_IzsL9@396t=#S<swOYIM;SI&KcNiZ$4*h`2u7$^WQpc(M>Ii~RvmAgxr_Y_G#!
zrRD(7orzBW>IT~>AIF~P?lx-YsD@s88%G#}g>T6)R+xQ0j2CCT4=w{{vs1^eV5txW
zCMH=hFyD1gE^?oTsb(G|EA(=<5^(YsHgGhvtX6Vt>sR5QHhGvodtyU~5(0^7E8p}R
zS(ZRd!&Uq*7c@qW$8#<Er>G(ij7*Q6^MCebhBpI3J~RpBsZ5)h<tb$Q@1w%APPVeS
zKn;=0>M>#yxcihFruRL6#=;*zi}5U@oE7{!eQ}SVlr6{dvSlCcRZ!p>WzEt7CgSE?
zYVW-E2}WMam$t3j`H#uM6CkRiA57;$9kk-1qSBueB4lzn?4#|cBIZku6rF>rnsuNE
zX&0dfP!6(g_8SH%4ZF_wnDvb_zV}UxL{Z45L%|@tm~>g(o^K%W6Si?IYk4n-{pITg
z8W^&MNSR?pvq#Q5Rs8C+tU$!1){o9ZQhjZ7v7~tbETQ;!6Zri1GPDG(YJyjiY*+4(
zK*$gSBh(oBA>}K;^+~TV8XN)26kuXu*kkN<UDDG@0SC<qe6?D61aLAvKt1;62Wrz_
z?xfy*LXR#O;!P@tRen>D{-~M2jucBMBH<t`Svl!vfMq@YqY^6y@ZenR{Nz<*<?5~9
zhFLB!9_G`(NL?zx8ky$xWE|MT55bNtAJ2cs6dC^Fh~8qMahh$zccyAbE}l{R=A>Q|
zgW}7VFO^n{JUGCNhPO;qXZc<W4;4rP%(r<o_htJw%;#?>G<>x*bt^Rd4SJi`dShE@
zDNlI1AOnA?!HMsUUe+LFe$#Gp#d!JBG#Zd^pb|Kpin+Y@swTHuVWZ~W0gnM{qSvx4
zBjrPYo&Vwk!?M|Aap2t(Z6d6WexKubCZjAucX00Fz2<6<Y)kZ&UmSFE0TF(?RtMN9
zBR$AHsis9<u~ykKH`T<_qLl@OxI`PU)0%p}v-ax+v`;)JYTx50hm5jtMf9_M2u%6Q
zNtDl!=;KXXALGa-#ovtFpm`rl%VD`urlPu0Iyrw5dtvZ2)1Prg3fZSTS+~V=3s1QC
z;gjCIEhfs|YVw;8IYeo;*Pvt>D*GU+RUSsbAhcmBo>9>&Y*X%hq^CR0B`G4Cc<!xB
z)mxk_8t$1o6<UqoXIWiiF)PykiEPiUFju+DkYBCS?V8JB8^hsXp<j&AVw;&-C*6n3
zXh*L)#Bf*@d2iM!4Gex>$}8qbrGsNbjvn1|V~NxM^-a6jWRA3kyh>#D8PU>t{UD7;
z$c}rd^AQ@Ts6U5%;I9Xwl^+gXb<?QPcUvvPa-eXFfFz>TC(--~pFtwhCmeqM*CF~T
z1nRiRz^Axcf7|xrO-K<zN@+%4BIuWahmVSCFD+~K<_f4!qf124L0uL1f#pbrek9#N
za%)wm1r0t}m7>)=oy&4g6{t~?CFR$d>9IQl=_$cL(Y<}%K}zbG!&anzOu=#4&KjWW
z<I<<O3@)iiEf+`>@OS_nK_38C0@~W!l~J>5=y-Uv>t|W$7kGZg(k1pTbRlBXV_*%~
zMZ)*cl2?2y6u7%S+nRS0{idjgxc%mX2=0daYpVsWB}>lX`5G{Fon7}!e8sO;(mr|L
zU=K|}h|&QGM@PT(({eyKdiqkz9_B9>K1O&*IEwTZVg0+k<0}*~v}oZEzF>Lt>ws=2
zjGr=A_IrG0C(PL=L@w_53y7lU!zm@XigRm-JR9Ror5fu$LK9!epKN%EpKJ`W4qScI
zQc@}WYCPS$QD?iJ(Rg)yl>RI!<s{yJ87TMVQ+XH)^yyQ<*CKXQ?r)Xg8)v#Crc9g{
zw_{(g-ZF6G&~CamDx)~f(*I-n1?*B^m$MiTeOz$a&|1-4^imTB2F2^u>`Uv?ax9bS
zGpl=wXNwvfny}vQA(rZ@BE%nRo*?TponK}+{bfNIfeQcYo{S`n`ugwQ-CI$7k!kL;
z0(F92GSP(hh~#mTCUoQ{Ls&id0tYQ~f#m^Bp1CEwe0Azg`l>rKIAC*OdrJZz>&nV5
z>BZL^P~-yIRXC0baBQH0Ugd{mn+j)k+f}%0K%vU!+<-yEQUI8}el;*`PzX=qp2Osq
zjPsN>f8MtQptVy#VX2kQB?ebMM>;WtJGwW9Mik7CSzeT%vDR#XLm@XERTVmKlgjNj
zQETb&{jBfnkxdXn&+gM%9n1AMZw}JUi@|%=IO6AmgT{q~P8MRE3T{Z~?80n<`b+W|
zA_YPxj*I;;>)%4Bm<}{JQ+u32+|j~tSp4iSI`r4&%dBNy4rM==RzF5u^ITQ#QU1mz
zI*TyrFMND1`&sTbrdQ-TC|oKtsnZm9<GOWxQw!s2l*To>*QWi`bCb;>T@30D3#1yq
z9rJ~Yul`C-M6xMd%*wmMnuV%wT-fR9!yvRS((xke4<A0P;s1zZps0#LpD0iX2hfYj
z>h#$K{maw!#NUrGt<m+&RF|D=Sd0UNNC=<XrrGVnavPv%KiCO2EjV3I;m&raN7w3e
zqkzLvvU-*4kQka6q5-{<RU*3O0<?kMtLF2?O*YW+{e%=M$B%mm`xU{t5OW&(*ZqIw
zEhR*F{JmLfOvC=)tVs!9z>^~Mv>itYO7)rOfn#+phlKS;t*s7KRyUoMs?gNVbf~pS
z(l~ygpSPjqDquj!+@@|>TyEXZYp`yStm#UBZpucfN#r>R2M34xK5wHzuo-vK$9Wx4
zijRqzVUbhFrU-zRld;(AZ2Tch)l?|Jm*00G1A<Y=Lu`Tr(W5$aS9~0QNy{0=jnak~
z^(QE=>mkm8MXp2OafB%3NX1iYI;li&uy(u%!DElCwwyQB+<3CD(cXYN0@iJ8o^Bb}
z!Jd2}5mguyh~GJjOH`9f;kgrBio6k}pMkqSU8IDDB}7?;#D}X#1`+H0asz}<0xkcQ
zEyzj1Z9+%lsDJi1!+m}c!f$lZZfBnUJuwWjxiTqfpuHC=D=U6iVbaQI)Ol@xF*-5P
zzRse>?G$u>dr2oDR%_6#pJddXl1hDRhGxJJQMpmZ%75hztF8e2DWAm+YfgbeAiLLi
zVen$P6H%$&-o$jO6cs$2o^QcL@w~T(g6crEggRMmp|L$t)L`Rzwyg{yp@uR8Mtlxv
zdT=evR#sO0tBxBgEoNCr!W*7g`7mzau<Tlxj(z(A1b%V0pTl0|Np8^pI9uro9~C8#
z&IMxT-dfY~{Lu&^-#k8VACZ^UK89wS(baP2akId?N(7nvG-7!FRfeo$u5`@Ct<NJ^
zuWJUx@4SQ&NMMtX46Lso`5!mXzaH2>?1c5zp#Ys`iWR5@tko!a7w^b=zHoE)Co|Dd
zcIdN9BE)9oFd*g9s<oR-C$#Uxjqu_&S4b5EcTWzA;{2}k5P<{}7kGN&wx3lQkj=n2
z26LN^xv5JnFLe<NrZF1y)OG-_r?xtBMXxz`p+-$Cke%g<)^S&pP^uKED_3rK^w9rM
z^Jlj+9L*389-{(0_gtlNeesnf7z-@T>GC?`;SBmaquy2RCbW6I+{(1R=f|IMTQGnM
z$Lhu1@{{Tj9+%^+-up3`n*)W{|8K?5Kl+!!?Ehkc59)kUel<9?*7akK7orrTZZg!K
zgCCUYT+B53Z+3#^?T>zX)|m9`*^V7g<^i@-Po*QYfy`9Z&WV7MXOA`RUNteQ%gMU*
z?<lIVYuEO+lD$;J#4%K>v38>=ousYZ<ks&<Vd!m~E>8^!rCkbG9IqIRb%8q#EHdeY
zmq0bu&4!f>R;F)OSr`qbWFM_`jSeJxb-U*g0d>$G;F9CGY0x}kwVX@aNIj4+O-ee~
ziTNyx0_O-UaD6@ehW@_0{@*O}A9?pl5z5Q0b4Lpb`1#vb&I!hQ3kmHG^l5UPb7vjC
zQhL}@p;GZ~!yi5B>{ryuuI<H+%C@5*Uu^XBHg!;=8J)q5X194>76&Zkxn&wDZ1(5s
z3_Q;U*Lve16PHT;ZauJd#y80EMy=XhZEGe$OK#^~_bz#2r}_e`3;4^HC-uQVf1JBj
zx50rM_pV4&T(JYcdtI*H9;c3=V&NR5ogr);(sAWtP4?}f^e5v5Dyhe7y&DQ0<7O%*
z4c0A9`rT;2ShvKce^<d3D5*gUj<Dhi?5H|Z`ot$@AbuldAG%&lUcFyvbos=&$7D1B
z_n5c)u3BOfnRWlBz~e>%lPF=wO*|ZzHMW+Unr*A4C;0!*<9meF6DGpzSB}9T>M(nT
zm0^n-PG<h%gqUouaVheLgw(o_475ShAt=k?CdaeaJiCBICFkc)vAgo34_HwkJW|ma
ztt>BhdUnp5tC7x9&kYKJv>VapveYKL+B^o4tTXTmMU)$!S2(wn-?Y<t-QOzZ%Dj4G
zskQ~CP8{x+rL)!0b`SF`FTN1I_XQr&xDgT1f3qk4=Mf(X0M!ER%kNk{uQ(jh8mK6~
z3rx3vB%KS%oSfkmYDo#mUD3_{CJ^;dF{kKqGB)Ywe+-k!4B9w~{L7!r@hr!=Dj{5K
zki+B+a<Y%D2)@>z<xv0pQGfjjVH3I-V3xc3a7XVwH#(YAGf_H_VLbYdBe^AI%+sS*
z3vJLJlUn}Cz>bQP#T2$PIXu>8p+i3|gbkud@|F?+KZP8}*#1B7d?VCC6EjSoYhGb0
zCz%qQcIC4Bw2)R@bdVkJjil1hD7sX}5%WutZTXqafL_(s^%Z51`aQ={N;e#&x{8<v
z$#r0t>CxT)u@}n_1VdW^A6?MReoEVQnX+7{m8n4!prWPivlG}et$UYAC0RXZZ`_X(
z(ESn{4}?~IOK=;RE-o`K{wm{syIueD_pQ?4Yg&gRtN(Vk!hvjFddAzaN%*%W=ih@g
z9|t*#LZ$H$G-`l=0411Pw5~aD;7c>Vf*gVoB2Y|iSq}~A|E*;DM;wq6{9fd53+FEf
zM#nkcAH)9SgREEJUz-3!)Bn8R<l{$H@co)l+y1OC^2Q(o`BwNS!}>q|%*QB)!5=mF
z<0V4^ruI}?fBq{uJA#~4EeLP&zn-N(v6|2Vjubtb(|%V7ewi11N+!Z@zY8BmNck9V
z(J`#^AAh>{sSt>KGGY-HVS((@DAA*%hv`MXkHI}S1~LyH0`UL+LH|81>T5!YWA$W&
zzcI?lPV1Y09v<+swn=30&!_hJ1YTVl4g&N4brT~|L5t!a!>B=7b8s0V1sylptxELA
zGo26ylAIrZqeS~ZZZnh+p|~6tOu0V*c8HdFRViTuUI+ap<P&@3Q!dI?3-`Ce=bs19
zM1s%+c`X8^wozs@op0^;b6|&DhoqG-?f?Apvyh=I>7whltX-0Mo}v`}c0xXt0q5A2
zfWMO9KYnyV5_E7~pT$k$xYYis>EU=FY0FA#i1<IgyvHbV(2=y!=xCJW>&yVt)IWs(
z{RJbaK?#_PV5szeZB`0{BZcoFcI%5brlPbHw|3bJpkVy7QQ;Eu#KONv;Qhx>{s>y(
z3kacwYLs?&DA67S{zJR$Tki(k>2U;$H8cEbY3OZ!2d>8`V#MGs1j2;<U#EEr@`*AG
zO6ATyoYBe+$*47Bk1?o(*-x;tZprqosaD(aGVRZn)q+CV`QeR_<bQ_Z(ofp_{+{t*
zGr(FO&yyjq|M<|n-;)C@fCh05X%NL91pN85`9_y0G~3m5jmcs;)o<UG3h~xxl_E`f
z#=h9D(`?cQqdJ`}yCCRPeJoDFY_mNj3ThCJCKHuGXu_9FPge`E|C0gwM8L~7#I^a$
zW&D4sr1%KAQN=K#{lE4Rk*|Y7gI$QSX9*Q`D~}*=WMYTaau{9EXarN&rqN~#k6OM6
zU)lV)RMvsu(gG%VuEBTTY%#R0+#vTrq)Cds0-na`_bR-fS>SaWjd+XJ{H^c*$0rzp
z@g_wy7}l(9Jm)g3v0TW2Qr=NaS$0z3GRStjACLVzC5Bz1mTsURQb0i9oA{NFQn9rq
zhZ9)}i_niDg5EeeEL|AStxcYKduyZbw9%5$l>A`YlzF^H6Tm1)MNJLqT_lEwhx6I<
z&f|H#JWav0W99n(dWV6-arfKG?N4wMBRnA&oA-l%?Eg`9^MFKiY!NpJl5__2k&aNu
zexGQ&Ncf5sxm<CO!&V@^)yVhH)QZLC;`{mS|3!BwBTOe7rJ<u%I74#@jr_1;IkFjZ
zvw0K$VbgTXv4`4E$4js`mJT#uUW!M{o!JqEaZWoEbR2f;&*%Uy<#BR0d7X{HZ8=p+
z)O2@l-R001&-odPPIHruml1s4ECO&tM+a5Yv;P@I{`;TAhx0M=*LjGReJ+PXiKZhL
z9JW=eQWkwVQ}>oG2`DZe?%iH;yE0c<&Z`?<>aP&ZIIcEwH8+^^Z!csOa@_-Imhn&;
z|0(bzS8Pamve{I(IGUn^r5G?JJ8kmw3kmGm{(Pc(Wo;^G0??}GW4hXoug`Y2e35g8
zf%(oH8N6{)i_bC8*qAJ}!92EzD)DbRmeA2PnD6_^0<bzj<d3omdjcwp?_h?C_acn4
zliM5MJBr@7Fr6&ux*ghrD1UA&BmU!aG)w|)*$sxIOi648{YIn=(f|HM|N4Ez59rd*
z<>60ITt%f#&*!}IWbfRS3QUFL8$9o>Pa(th6=k;!ldZ6o<64iVk+FPJd6NF~z1g*+
zfhKuok6D<R(@wT}myRp#aluc|vO)jT%h>-=`mxWlq+fTj*<-9^ac6z=V`{|?kb8P+
zMDJW5rp#v51kZLqB(?+Ax-pn~uWu@Gd!6+2k2ShP&hCS{S4^Hq8P~gqj}RR)DTaT_
z9$K$js0!bc$e{CbJk0dZtr_uow5TE^nkp5XFaLKq^-luSSA_ym$;S9(!jj*C;6UPT
zpFvcXYse3*+9QFU@nqI*gH{`9v*_B4^T=I0@*NM7Z>Y~+eUlr{Y=Wj-qMh8V-SmaL
zgi~rZu0NyKtK^~#Ca_y=b9d3}W3a(7L^1)^5oSQP1c2Tq575cRu7^eQ)W=Qf9U#jA
z4EwL=$mpwNI2_#*IGpy)m4JR0(Ct>cf4IDU1;CJ;VLlB;Mv(FWE;L$fWgZU@8k^}y
zo;F*cPiS+c8`zVSGMSVZ`%_(@z(El$XODw(p*WDlZeTM!oclfx53ZE*$^Q`UEzv=4
z?riRUV<dy#(1?Wk;4jKnlXUjk5=b%v3E*}YYbJB`s8#YL;FrCRyr0~7^lX?d`#i_b
zQAg$#+#R@HbO;`9^@Ys?47l>Iy^~f$hXfZx_pdZIH;Wg)t=V~)TxPzdyx8-IC4n9V
zA9l3SA~#E8SBs`O<HW1@unL~>?yu1*)A9a%LmW5~k`%J!UbqkK$hnHs<$=XD?1J|8
z%nm!}jbBuFDc==-wLY2C%wbR~&zeH!@E!o<SWc&VVcz@8%#^X=GF~6XnoxiHeWyS)
zvTRE0{W<ofPp%|)*E=QnvnNW4EJ}3>WMH&`V$d6#3=Ag(AdSk^NsCnM0kAyH0{DWW
zKLX}A`>l~5XBM;7^5*8WU|;EIM_?cW$_s2jK_UDFI4A~Pn-RlLygBzNMW@S+qP%DZ
zfNRA8Di>)N+3)1!{fv)LcA-&0DXals6xdbtJmMC>{vUE9AsZwg3b2I)io5Z<91bl-
zt8l?xp6_Iz&RXGG$eWI2;c!pq&}r4%2QJ{gnR|zy8;G!Q2RDA*62|DZa_qmk^s@7t
zT(LQZ!#V=plw-7QGPl^G)C<0rJ-A$x4<aM}>ay|;Pn{I}+v=#u&pGJA*@P33lcTO4
zwCf@UEbh8Daw?671=J}DLTuWWO^4E01BDHo(gA^o+4&HKD9ezE9vP4ABS5-C?Rbo*
z%d<=I_XUK5Fl+)<DE^vkO5(DZ%gOV20ZC4s1^ArVfd1c5#6(T45YULeHIyz$KY7q_
z!1JX95tBi?jZ8Z^iQVoK;J!*X8dV^G$!QMosL3DIPo<@-F*#8xcNPM-k&WaL|1=Kk
z>akRsfbfxzx)_`mMzL&(PQyC;o8mvoL>~_7R*&%^b}3FTlUVUwc;(sSXUYFw?nCg@
zMCizKIV@zY4+BDyhz0|=sAaQ;sNT{OwKj^b`4*gN-(Jb91$HMbC1y)*UM#Z0RP*PI
z*z-@@i>JJ+cL_-#$4eXXOSGq#<hdrQq@PbK+>eY@<d63s2Zk9h3@qnrzbtrpMceG}
zrvbqhz1}VWHUc}9FjY4_fQ`16rg4GUHHF5eOgy8SDh%h!u8`b%^Zf?zpo;~rhITj}
zyH7?&hJMtvZPG>jz=pvCkWw*w-a3P!L{T3szZ!uJ7|Qp6SxC}x2-An>m^8{?=EG3E
zcBa<e{@KaRw@xUh<otFS#pS)u`sQobKjq=yyRJMw!cAIWa#1g~E3Q<XNFRX*+*>qN
z7H??eVg#m*Z|h0yDaj|wuMd@jH+Kn|8@}MP9ZJ^&1FcY7fW$}xaUSD<2lsoGktlNM
zoZG7tTs0Tu^?(3t;Aan+PG$fX{+E+ee@!Pn*bkNE3=w@HPG#OuFd?SSzh{wIJKLY0
z;|6gvq7%Hd@d4Q3=v3JU{h7F%({$1Mvw$z*H<b=M?>L<9@x}|~qo!;VizeCd*sMPS
zYQ3_{9B{^5+OH>81_)U_W!#tLR631nlm_W0&pQr?5d>zaEO^hnpo~99CoFFuOM_k;
zT{a;3T{;2eM-Y^4>o{hozn7u>?Ftf}{Vqmjs^#{F%A%&E*@^mTqm?I{0y`Iq3v8k8
zOhn}d5=lbZ%Kb+C3vBF9-uW1yCn5B#P)MZ#3JuO$*gwaS5C1ie)LGWJ0h1r}{bCIq
zabgnWp~I#2zzd4??-Tu2O>d_<G0*$rnScYiRVbGuGVsTNEOP*BYhgo|z3yFNP`*;&
zZqV9?<8%L*+PO@yHk+wApy^mXntJmgPozIVWCpODWV~*VKHKnsF=L$yh^ujdFh%fs
zI{F^S+pLRtq!;Gza8$n;w!Vb$luIFyaV&*|BtVF9n82Ta(LM#Ff3%w$Hv304?Hx@P
zv3jgNhW^Zra%a8@Efffw8>t-3MdhkBY83fheuTt-`q<-ewmIwzEY!9Y_AZYE?2BVb
zIU2w$7Mz!y=?bInO<-#On$~9e?qqZL0KH*&!gsp=9Bh{`2HI*@G>tAGA{xz+$vnoS
z{#g$64GeUdYRnUYH|MXu0WeTx4D8e~9?y?afVP@pHepx|2!K<sG)@oxX0C5*2ZF<M
z3?Xkm1W2}rl9MOpm-|8b8>Q(JhrDb&r_+C1GzLm#LIZfx3OUQgBOJ94>VQnSU#!Np
zz9U<0LKEd;``Ln?0%e2MY9Z^kYCqf6Li?GJ&FSPM)0X??Q-tUJ%Ze_Bh-<(QCFss;
zvMyRzX2n)MY18L8PG^91POGb<LoSX!xxYKx;TULgo?{OK{a%)e_Er>aat$0<klSQ&
zbaX_I)sbIpK3y&kiqUZ@I?dXM^?_u;A`M;%Km%b}zWNArGMXzp3a{JhemKN`4YW@t
zKv6_*G6oNAAPkjC7*P)C`DhpW)Hy&G#BsdI3fNVK6rk&>7<_d4&jyr`?004{R>bPj
zlrM$rnZwdjTDL<oAtGOtC**7zuHr809}OA!yee)U(C&puu9<PeV3}4{5jS)sX~PrP
zvzuRMvqCP?|9?&ikMKL|<=g>dWqWkPAf|844j_8bG%EBsMr2$K`qp;K!D;4}iHXZ|
zB1PJF6;tT0Xlp;e2<`^oa=bO0=tF7i$FZERC!6zskO4kGkF{#8Th|z&4Y2Xp9(!Ye
zJiy*LWVr1^L}|3WB)S1AImS1TbL)IK{LdZI;O|G!LmTWj(NpJEf9*TN{?|~@@6*WX
z87!qrK^(2Hgv<d|X^i>qcKlebut89ZP1M4*HBWNrNp$;}dWm+^CNSAyA_n4_|C$f7
zar|pOxLN<cRiG!5Y*^xYYB+N&(+Jr~cxWVB2VLWd9h=QEbkpTBB4CUMoeIkt@~c|m
z+Hty_7v?UnRY@nZ42R$l;BKY3AB($|j{7RDhj9W9TwlN>@|>DxV!SRgaNQ2$C$xrK
z)G#s$iT~D46EcA{c1iIfxE_C-dH)_3iqQc&MKBgNhZYn(kopb?DVEkXPVkq0>szW>
z)V#PDAI%!G>1<;+;frHocG*(zIV)+7E|7~1HlT3$@gpgVhF2!T^A&!^uwATzQlIi{
zC$srf1fXh@7bXZA;8&Ngd4#KpIbef2R8X-~yQ4D*Gb#?ixZl9gMq~sa{_-HmuepF4
z39te}>2;dTH8*@+&$fpHP)R~-wY&~8_^p~vl4iLNh2_>6&#GT>yZX7F@0!%)>u()z
z49WsBUIw*tz5)QU^YptT=}o|o766;cSeFSYaVf1IK~YJ73mvrFU+JG4n}$ccpQ>Kn
zsAH>LVOTV$&Y$w@_uhy{-poW13O=^2jAvAmsxs5L!MVhg`#tQlcPs8myl+T{;(hnM
zYNqK?;QxpAnJ@;vwn`2u9R(pgKx{1s+Qor&nTqz5+@NGUXq$Vj!JxQd!6Jb>NFaPa
zqt=fWBeJt;t+2rzkJWOQEnhqHlMOouM*>(bMlw@w5R96OG<D}Nnj<|<74JX&$E`Ca
zWJky2jF)QlCF=6~p|qN;9b-(OhBQrJv&rD7y4xy9<1*+`TB>izpndrC!WRtxMgX^3
zYkQ^nZDRvbGPje=ZaAJaAlBK-;PD>vNrKWfVv2x+AQ{Y&b_=*B$x`E&CUqFH2YGJ#
z#6Dm}=gK}rc-|g~u5ciMC=Uh6e(%{bFjSzxB&A|97<l#fP3aLcG6u!c-J~q9tZ3o-
zGW{u8fk_Z}iYNP$RBj6$*!JP(8hl`Nc*T4!=Z;fW&&65H7P{qp)>}o5sexd>|DiQR
zc?J&e4I4sTK5OPv3n)@bFAg6|5z(tDpN>`9*z=vq!Op#N2!RO9$q5%=ul{{<===Y5
za(Kmm6@Yp$0+LC{pWF%1Q86tJr#C^op0{isr^EK`k+teo+h7gG`}Vd3beRNZ`Je$H
zPxd`t@25GjZE?|A)A3Xz8Jspv?A%`NjH2!5y?p<YPA8>f4Up|KKjXWK<!pF4!tJc(
zjpp>&VI89Wew2i&Fl&Gp8)WeqjqXbyca!}V@hf&)q2ii#Gd5%-C@MP2js8T@TMP3K
z&JS`;>n+HVvF_4w^mVS+a+ArPz@EQJkH-+(Yms4ieL=<W@xQzP`V*6}&`+-}g-f44
zM=QEKKj4ipY5BnM85GCEfKq54uJ!z=P4_d>D@v8(q|>_#-XXvYH05MK^WhUAjCkpD
zeAb(5va+!k*s068l;Y(j;}WF&MVyFomS~+z+FQZl+j%C5{^Oeo>1@TDcbp8g$?MR*
z_8iv6EO7rF`GsbGTmw2Mc49rJ2v+XU1eJ2ew>w-B0#*m?yOo%`hVK2falixRrntD@
z0SJjgQ(W^ym#$~r=jYiQI`Q9bH|fWzy3;A<gh+B}oPn8mjH>&1JE+`D=4x$RqxU|5
zJV<{DmX0{s$oBiN@Rn{=W74UQWk1j!o^Ho%Vl`MTHlG5?ap^D%Rtz8^h|_+Jqt*(t
zH5K^6sj^5r({l6!SHzR&m(2=e(k{WC0*VZHCC{K*sVN6jA9#D>7*dC2oM3MwdsDqE
zF>k5|t(|aeOvDJu07X#1r&Av*W*!DBN=*rAwO5qM(4AH%65v!X&JK9LYgOS87snrR
z9NVVG8R&r5E2863MJRaMJ1KM7z68=RIs*nvwDPg!r`^1#kD(dSy~j|Z<2UwWGB=(5
zoDPI{x9dG`I^q=A37`#fB5c#G>wYL*<Q<hmHGGJ+EfP<RY$dd)&3yN_BJ1ZSgvs#-
z?gIZTIDJqjT4KUXJSO43m)N^$(^tbY$CtN1yR?+{oKZDvd*;lAh?<wIQ#qKF@fxt2
zPQjid$(pHMq#3-aB4%FeF*?V7lS|-z8imiR+qm+1RR($uFb+n5Us_Z39$2miX)0#w
zP8g<7N3wf|Aj{FnB%-Y+F-gK;wjt&g?}{~bJMw%7c~fKhu6IEPetLVNm91eBgOmy`
z`T%^E5x?4*>&5>3vB4{+odOBp!7(yOu<#GU+!SA0Png$oL%6M3(^$Iakf?1%5&~Eg
zT+mkTGcV{hndFpozzEWGJO{3NSZ1TZB5uW)3J&@sA25~J2;WcR#lAS2Sym5!mb<J>
zz&ye)$0C>Y^Kpj~@oTX!dHw=_i`j&u=n!yqoa{4jZi42YzDa_kQj2+6xg*Ygf_a!S
zB^`uoGikC{`JiyV<8AY~yZAYQ+pf(Larxu5f#lijAHX+x6etJ$vd4Z8Y=H_w9P9wf
zHroN%MV%^Hg#klwRijn83xS>;&cZ;y4`ahuLzU45fjZl@teYPou~AgKXms79w!q%6
ziKA5$00LkKDr(T*j{yp=-ei>_3+*$}fTp%Mx|?@Fd-OO~sil;6`K9*7#6lL;0qfu2
z^#Jy7Hi&_XGX4;2HZM5nhO|DjO#lt)*?;lxh}5I;Mp&a60+#B6;Dbd?zAL#`tDj&+
zTPBo-&+<#_EB>lc-MDDb056*yy&yJGi1}`}*$P#c9^0opUhD_Y1?X5(xErQsZ*1z6
zyJxD*{EcE1ad5F*VWG&O^2jJDNar$m*PSvYbBnY_jCz$L5_no7%KgYJ(wD^L22>hf
zVwMnB&;3-1EDz$E)cdeG<Nv|lc2J_;^(ZSZR|tUgxtzFMBrD;2>f|GMxdKiLf-t>f
z*>nCqBWF_;_V=5P9A!rSq8D?`69ufKqA3|lweILW8io1hgH@8l_UAuSN5<{bIbX^R
z2lX2qH<{&bPKT_}>Q4JVn(;fvE|IB2jLX$vU7<YR)#X4vLf2yV8WY>t`#8^qU2^=$
zpjXQ;NZFH*oY&2nNsIj=oQtQ<2vds<XGtNX<c{T}85Nu6+KB+OF_XujHzgeD_8dN$
zH}=xDBA@c@6`QVHmOIlMqiw~oMlvc==4j_zJtT`9CRo;d`d|MTwvs|{beorU<iO;~
zolFzX0&XAP&kwF(SwZ<*t0IHkz^(rr1)!RtdL>s6;)utEy*f3W*O&L}+Wgo2TTrO_
zYj8-&>DPsMVMiOS3PWj=cwB63hI5*Q^(o?Mt*iTvGQPgw({I00x8SKWir}`%VyzQ(
z+JhR+bOD$;*tOwIQ3D>VxjjG7b1NouI6zMp+8@5hc*WyBCBp(Suq@>#oPsf!k7=&s
zq@@HlZ-jLzI(4@G98R7C6R!I7up8bKC}RBVq@+R!-KJJLIvTw`$1jO!E57eC^T|0%
z(0i<(h|0;Na*Gr|>P`i9V3`cP$|X$G{ghz#jBZcOq6t&(%B^0(pPb=mWnAV(utzja
zgM-VfSP}+hk6$fqk##W|D6CeRnI2{oqem?*PIcO8r&?oa?VlOx^*Y_`jqY+otGD18
z@Mgum7zpS)1-KVXn)07vkreQ<@decSD@PyU*jb}%1uaOf?Yn6IC`w79q{W5r;9nrd
z%v*17r*s+)a;@Z&sdexTgVZ9d?$Nsm4FQ}x4rx7f+73?QKlZekQo{CcMesTIY6jdE
zXT+8E_ctgtQiw&88=46OhG8dOZshfMVLzSrKh)Mx9o)cXAgDzgzL^{;Ciqm_;K%m2
zs0_yM5|9ZaGW)bZokv#(Ytqv3jH?J~KuwNYjfFVVLr6ODnwf(C59A=$pA{NLwH|9f
z&(ESSrU*{kn#N5w`(W(f@Qj(^|7k@-WC*!|2M3E)3wP3(XEyjnN;UJI>T@B$iN*jQ
z)}>Da>G1w!U9QGb%k^@pgAU_ek-GS-UkwbBtF~j;;7uBfl_vuLmbL1STAYtE4u6(@
zZoa=Z>w<CwvcfHISo}2GwVqy&ZL7IP{@hI2(ICuTDot~%U-Vfb4Rhl=r1Ww=j2c<I
zM4Fl^7{$eR@L$@_&KQ@V618+W;k{9!5iuwU*X5b&R|YuqYNucmYTDV*(FI!y)dbzn
zYh5p2*L*o)!MwqZqf>dezJ^T+jC%NY6<h%5x4ufh@f>%7u7w2Pq>)&6*bG`|3~y4>
zb-d;wn^djEca+4|ia7B-DywLB;&dh?2B~*#vcYG~7<er&OL_;^RQw2bB$JHAu&7T2
z#lO(4)_YmnIphH|O!uwNb<cFJ;@N3+ngtjO6|&3cpjNlX&GfX`#0uWsNf|*)a&OY!
z&s|ek%vFkOPps6X-j+XW!Du%)ZvGY5QTsZV!1L0(Sf`~Jd&{=)B3tNaxdUIvx#bWP
zEH25S^e{`%&<X*35{Nyy=SAsrFbC0X7PnPEu~t!Suh_^8JT13w$=1+f+ic<nhw|>s
zHp5(B%_H=j%}8Yl7~pmjUuI8BwnfGk>72wAiUaoz@epjN9fAipc~zkU*8CBefy)B0
z)6nQ~P=jr3aR*)o?X+zm%R8)hxq%wAWifV_$4;S*?!PLv2Q&&t?vx77tmQp3uqo6^
zN@)k^JJ#@Edf=?^)9qJggnJT52q-8j(lpcb>FNvmoin}q0*V6LZP(-al<GvCXo+cd
z4Al<zyn^6pHXzmcYh9|OTxVsRUSiMNs*~f()V<*61sb_`6E2GZ4YacZdJk16UBa)3
z?BBQBbJ%UNs_Cd79{IP<FAMwKF8f0x)mUogO6H!+C4C*d>a5l8jkz4T^*$TjEJZnk
zl)iua?<2e)29^5U>o{FR1FUGl4zE(V>J-9GJELs*CeChX4_*zKxb|cD0jN$&x8k`r
zI$OuM5F3?&(Y4Vo%6<1|{@OgkE86=)!icMx?28WqX6?v|n|lP8^zqhzrn~`suGrDQ
zti)tj<+_`KX=~Q1B_?w+qw{VIcpthn8V?gEFc~?P%ddIJu=9QfP}AsgXYguSiqk?P
z!#Cvu*z8Rj2GfVqA<$Oo&$RGvEtNY?A4dphft^*|d-x}`jOCO(j=Nv=^{QI-TsM-P
zvTI-+Ne0&JZWO7Z1pwg38a{=P5sEPjH7tWQA4_|s4(D{<_+irltTwA~I0HLNHmVu8
z*1hh|u%!WMUW2F%=mzv|0tPHk%D-No4DQ!-P|9bpffJVuW(j#toot3S9@FIq&{1R}
zNorzu+ca*-<!A1av9y?2Ysg~hQ<SQBrEoW`umoa{D`ivTsH_$muMJH22WHj428~g&
z1##X}sHDTun|7!Ji2WAVQ1ozcOcyQr$xNBWtm8^TiW8_5vR-T-HImN*S&%{!3*!P0
zWCwupdS5&Sro)hX;3e5tK+UgBMr;&D2%aR6t}&AST4*iwk?$j1)~7W0EhT8>dRChU
z{c0udauSnQiu3Px#u`%aNMys!bts!?=G7kJ^?hsuO_3G*y`INxE&B!Uw8TEo3Kp1K
z`M#e<!@N&Fr~aUkk_z|WP5iEjA^eI!>(}Z@RD;UUf(|*{n`?wrg{ATfxgycUFKrYW
zx0VUx!=(!6x!PEH2QH3b*7901=R1e7>=;+GM&&a1xyJtMN-GZwj2-%6Oo%<tXQZ>C
z+LW1Vb`A-2YFCX^rpF1~qik0hs5IYqjm9#hVq2CX+q}{Ct-15P+p39oI&Ic5UaS`%
zsj6Kltz2IT<<~yS;LkKN>LyR+KIPoIw)y(TXv(#L|7I(?LCobSqXV<Gxxt#-Q|JIc
z>~Ga30Gp`1h4|yOUL!b#S-V(RVXZ!E;@8qxlth&mHSQmv?1_AvSQN6mU9Ob!+O=+_
z#rWLG%=lqTb@t}<O#Y)l$h9GSg(i03bG%d1LJy-O!fQFl){drzt#gMO{hLvJxSR1X
zmZum^;^tWQ+3wraM%WXLx5&7$mxSsf&R4kr+BpTArEuJMPk2sqJMaq{2i?CA3x~8w
z(!NH*zm1hNaZPo%PyvG3Y&UD=UywzYCxcP=JO!709+30eNgmuyOAX6d`n4~EF}SxG
z8WiM!xjrPx(4-&2ZiU`@wt>dbhDopa^Mzftl-EI%Jbl0ETy2^2))LvWhYP!AldJN&
zLGK<KnM45g3fjh!Rm&YYj0yJ%=)Vzq_k~z<;A_w}r;a`-lp5+P#dHy`0y^Y#ekE*f
zhc`+Llk;UM;Wu3x`boTADZmR`6nq`Bg#q6u8pIWdcGVK=JLY?XcXDp&cAUBJ!|_cB
z-+pBgP?sorx_Z@yf@SnfQ%2p9!qx0%6G8=i)y$B&gfiKdi^C^ZE{(4nJu$(TZtg(g
z%8uXZUsd*U5KxOpHirWRzEV%kVQWXJ4z1fd@5#Bu&yVGeDzUg5>Ormb#AV9qX1~P5
zTtkOh$XJgp9pSb=jF7!jS_VzsMIpXqe?47B;q(cD*)n(KT7gi_ME>(zwT+{T&incc
ziB|g)?BqP9JqkY<3tRqp;g#hW4SCcr=bK@jwhy{Zc-0)13m)+PLD+HA4rdd>O`*N@
z-*IRPBWwD+v=K^0plsywTx6-;F1+-|bQY1A3+?anYAQD+tKL1)kAG*`BB|sNaG%<A
z@-ciT|M)@vKr5D3(z1Nc%}I|ll#dX_RX_l0w`~LpI@bRYA}t+l1X-p3T}3GoJRK>D
zx&Zu^%`V%%bR=Ef&sf?5r-HbLtNGzq^DYUjYyBa#-5cvs@hX;g3pWct4=x7Sdvz|z
zoK&Rvacn-T%&%TIc~5B{wIR=4oj&b2d~0=I?J6S=`X*|xnUj>P6SbDRz`XR3+0}Vv
zFQ0R+<Hu({AFGh#62f_(3KuL01((=0ox&CWGRt{Z9Wton{OYaUGt-WCkvS`I0X{gm
z$3%qCejia#pnm^P30BW{V)_yfhA<*W#J5~%uk7*kRUaSiv@oNgcTMya!+JMsL{>ol
zs`r-kduqfUlp;^CZ=1>nw(UhB8_|2B_+>LnAI5E;&ckreQ^6WIc-H9yuZNo$<4=n*
zvL4%uP}K_eL>lP>iM#~kBjC(!;V!;FM=7aYM!5bd$|GTI5_}r0bDM<kvWi+2ifkt}
zg`A^PYJR(|(z1?~+<Y^CFa#Vcd`*cX1yG}dr<=|ar~2Otjf#<~uHOgF>!cd8PI>3Z
zL9bbPp5QWnp4TMVo38lWe9?5!kT_p!^Q7s(<3Q1e42kD@(`qZ+>o)U-YoZHG;m3J2
zMIMkfQcazHsxlB<e!q!%5%?kXW^UtKn2rpe>uBPl&_V4QR@L)iG^`TPR4U%6>KwRl
zSnPVbCC>0V9}>2Nv}Qb}P&{SslyeyA`mBaDO=$hFO2Mn_;XieC6u!8IRbzvnK|%Xv
z*ea=IuUZ3sg}<%7`JnmWn?>%5oc~oj74MES;W=>lzO!t`WhqoSiT&~=J)uqYm+i}L
zS~EuGaFWHPc2T9|83UHWdfiT>GJ=a329GUC{C7PMSE)Ki*jFcG?5eg8r@0TGO_l1m
z^Y{7=Sp>Y~&NUY6Rq6yMH`Z>BNv$U-?v<PRj#d}%^NS1kC<}F3QY@Y4L;bL^JP(@=
zo+{{TrUaryhnER&jHq~p8Pa(*nR-2BIw@%Ep*rbAju?%^UT{eb-&*mge#F0B$u(Y5
zCOD&}Y(Shg=X*4NJMfv3svy91itM!bv*tw4PfLU($KrImjsJ(Sua1kdTiX=`>5@iD
zkS;0d5)qYd5C#w!5NU*=K^jTv?(Xhx8A`fAVyGdc8_t8C_uKn@zx_M={5iw?9-eit
zd);~6*V5~Y89ghQWzjnqO%~cb^fMSsx+*J$#8$*%dXi6eH+s0EXqQda^~XQaXxW&W
zx0>1yV`AiJSzlGHS~rG$y6C=hd#K%U8rMBPmuTgoSWi@ozO{#``{Md*zHXo+`5~`m
z<k?KKSZ<_{h{*fRKz3d#56n^iN9Xj$LE~B)^4SWDlEm7>1#TDrSIPfP<EQaROww7|
zOLrCfZ2o*5faICa%qU3>fR2PzbquW~Sf>?SS5_@w<(!iRreVsAHtt=<IoIu#B=Lz}
z^eI$mFKOgU-W`eENqXGC^#;atYw^ZNSDuc32qnI{;Ba-<X#qlw{JI}yUPbx&IXG_L
zVG&PA2RQ|{rsft;A+W<sz#`w@)cQ$hZdv%Js-mCSCcLDv$D;blkZ8PpyIEi5u;?&N
z5Q}Av)6iUv3Sbg^0V5AlgOwX*AE(|4oFaN!ngEOdJ1I9RJ_4o1#V}$59d(&fw_UTX
zg?;x}sJgoP>$CYIdr;R+$kBIy0LrBB1Goa9sOBjd?dvmOG+a%`0QH+OGb^jA0gG;l
zcMxpY{q*y86_ay<L7vv+T#eQcx%W^I{A8~YwAvv<m3qC_TJLL<ym5PV7Zwo_5ycB5
zZuuo;KfT4T$WP$D?wBAjbh06KhYXf0z6#v0ZQd=uzMC6QZ@t;Ix<>rYF;Sy6Y4nlO
zKj6B4_@=Q!QQh~onCSH~&Io`)npk{@Bb;WyW4Ph>#8Q!CKz}ZgS1?raTh9$L(a#*l
zu+I_f3W(<-PP-xO?Yy{3T0wnjCl0rA-YD1%rWr`E<7>LAgUM88jQ4d3>~4o<dwVhF
zSJc|bjeDumcZbNI@?1r!B}mKT@uptzx=_+(!ITWPG2g8l3S!$Rm|<Z+Ya8Y`k>!QT
z`Pm#0EE-mys;!R?QK?MmPBnLc(5#T=_8My4V=LCpvnYuo97OmhsVe2oOPxDKcrw?>
z?57E$rpnrqJ74notUU^SYY~g9A?QhZT%(tkj5BW@JGfdW#yK%SzEdZ+NI2}_4@$mU
zEE;Nd%fCSC5br&EoqJ#)Zgzt3NysDM{m@?a>80(Nrjg`7?eo(#v|ug9Bk#fW_19n1
zi~7FT{;}M$sGfc7jGYMt>>upCv^BbPeG@fM8Q$F7+_2WT4X!TNGPU^8Fz!#6dl%od
z<R?0KEIF=**li?JDP4Isg!z3$DO3!I*SotEp|o^cAUx{fYdMeuF89qA^wF$T%PbEa
z<n*o7GoD+Xg)lSDRRebc-x)hFr>z1g1U>PK9WDXFs1NZ$aWip8`|f9rz^t!(shsO_
zkX{;CCbr<SCIhb10(b`N*u(8=&MrXj<*%43Z8IGP>tXUYUW!3x^g=?~_35{p(qcJ*
z@fo>HewT$~tSASUy<)dZHd6XFI3rC>K;K~3%&;SD$Z^SSNxd8j-`<Y;Srm44S@Q%1
z>eDeyKFm_u)KNa#+vx3E{k+I8d_dS(D>B__eu(YlWU4iARku}R;_LKa>*Yl0#0%X|
zp8aNB1Gh-p$sP7}wMfGct&=TUp8aG?C2w>^jiV{&P!jmz>iI2^QG(QM#`@^4>_JnY
zAHVUzQ0jv0!{*(BAnm0qp?5|su#}o3*18r+iX(7(l3G;^k<JCeI}?pgr5*Zt_KU|+
zEGdSbN533Bxp`~jUMwAaR?AjXgv^!@(F%PE8(Ea@)fKKhbvdX`&B~atQuCLSaO$UM
zRpfLozSuqWN4eUpr)tmz27xofP-t=lDQf-G%sZdl)Q!6$et5u1VN+1<UW^7m-MQ5p
zxybaWNr`a#H_P_hv9lW@8hUX_ierK`8EL=voB2wJ{_*wH9Z2+zX**Wuxbnaap;Jhn
z6SBYUn>hoK)pVI>%QdVtj~*cPwt*~N8CE)#&H;CFy8&}Fk3%Wu-Z{)K2j*_Ft%}_p
zxh%wlEg8mUDu~@wL5)M1l5P$s{T0K$rtQ$2N0++B6S3>O+1=eeUd9RQUZ^_sZCpvT
zboLg+<Rr={V#f$Sm!!HZtA5jV1t38)0l*jY)Gu6pJRE)ohS*|Hd^HMOhE68NyNltl
zF~FfG+T2`S3{xpDzi#SAdA;tke?#=Nr7{^{#Nb!dW4x9<m?D5EmBv@Sv3!q|2;M~k
zHwwzh>@lQXqX2Vf{RK*4$Q;9MH#Hz;CMG40`EzY62n=?9{OqR!>#2jNCNn-0<M4YM
z{2<#@CD6Em#qA2*v>V=16sorC^i6)(w%)%MKdKUa>PG>ed*mu-ZYZ|BPebA`GjUgQ
zvi<mkW1ulxV>nmfWLdwN3kFOd8KyY9;0RY>bX(_Yn0EDp+;xDzip)BNaacdVd8VSc
zcs+!|$ZPc!3+q(bCFCqNdLYnm#_RM~s+bvN#lk5=jvv>aI5JFTu$Sr~zV1i?AO2zP
zpk`Ll%HZeru96r1eKmiDY=7<fSY%sVnz<&UVIB>m!Z2E_654%eNB`vBFq|D9GZNR)
z^P$=SNC)Wlk=X5OkPk`Oq)}jLIw}+bK6r4;qIXg7>4l=i#qE{HdJSdMk-UrNFDxrZ
zZ*B4GK`Y7}z1vY3CHFVLam7Z1_)n!2AxhT(^FGk68Av<g-Pjs)Sh5H@<t=r>x)~E|
zmQKFwq`DOcZ2tZ<Go)(AiT%p-ssa+-K}Jc#`|7>L;69txIWkPFGVS_%T@C=+k?-;B
zkz6)mK-Wge?j<NnGe;jZPA=3a%^7y>;hoA!E9x~^KdHu&S$Alit4?u+MShOOK@b|5
z-g9I$qE}XY9c-jY+nc*q*R8g@N1|TMQ7N>!$Q~PuFC^i#RVdb99tYw$9<PwvtoIHZ
z?T%r_L4q%xK7=MUvln^UGVXrTn3R0Da6GE8B<pRSzRPCe+Iz=bXqLo{44Yt0+aR*a
zyxk+3J&5FUX4yWE6XWEKvO!^H)cYiQOETRqHyB^a3N>MG_B2?D5ST;Vb>D=z*Doi5
z@C4ZZEwsMhr#A2_eObkIi6GxYFwYT}>hJHKJ$*id4BOuR1Q43qZ8-8_eAWQjSJOBi
zPb*!{oAhcABGI%g+KtH_x8pQyy8{rUEr-^t;sWk(74klFfH%$sSb|sy8O|P3IkxVi
zi|eRsGSQ0sY8&1x@1<0k3*U|{5FVhSVQl>3z9DqR)UPj8s2xJVf!B1DT${fD*!&O9
zD_<Gj#9Dm(XvEi>`a|pC<zj<9%T0f4Q`qCjkLNG&YHQ2O-)enN71NUen1r){n>u_J
zVAaW*1>IBntWn9K552L!E=6mMN>48cM=Us6%ZD+IdR0(jynF!A!x70{$x2FgUUvlb
zdwUHB+a6ZX=o5x<o<Grb$TaxbPXQ_WcE5j1M4%&^gytT?rL%LDrL^wShQy2vLw?J{
z&vwTgdUg&=@`{VDSKd*AnLgbspF+cS8gLphLM+W)mJH2B5~u){$0$fpsUy|k()DnG
zgNbfSs(kC=m+F2bnV<GncUFXkWDJ0H9hsoYoG}BHw4L3Z(vmlx{i-|U|JI|!UXzr)
zoQ_bs(M)lStCD(4KSAlzL95NUimj^HGVXfK`QTe!mh3x&+8v6MUXgQsliM5z70yO|
zX~C1xyUYT&R^_?Fr~lk)m>jUxlSELyCFtEIJ_fAcMeF;f?|r6)FRjmv4)yhwVkL6(
zS5{VziavBZTaX3_Ws^{<fI-<=i;0U|v72!B%du4Fq+V=;=$4aWE0tb=ZBC*FJ)|hj
zb-($pyTpG+3f3KT9O^L7RU&rTmh7<jmT&Rgx%x^fw78J1OiFRmr>CX3Jbc%HP5UTh
z0(UxQj0CE8IU0M9(H>t|7(^_+kwF47BC)ZPsmA#T8oyJZr|~uxu-CBa%a%3(I008l
zz2v*6V3_ruMl+i-><x7q_dIV6cqk0eWC0uh5X*PTs8aFvFt+to5D}a5S?F2o5*?SL
zY|aj<=L593j0*P0@|>jh@>OX`5xlW4TH#NL!VOJ7runl8MUMZ#zD-#TNu4Y7e+%)d
zs1e<>D9ujB3BI#PX}o>GJhSKA{wxWgj4<UB6$mOh&-G^lF34S#*2`KQc1_%t7lu)?
z`1~X+y+Wrm8Mde5Mh0tkST@`sbQcxgBJJMn`kOkIEhQ5_aiW|05%{FFqt|8Y<wc~O
zmmv{K1TK{p+DuaYr(ww*+xesYQpFyMyfoMRi*v)Wm7Y?rr9!Q|{oI={*8sspd8ahr
zCp+C!Zto}xU6-%SdG{}`2vBe%g*-+I^KM>}@+Qx0DX|Mw2B1$j)E92?OdMel8o!h6
zH=Non&0QRFE?~PVbb43wd*lBt-;Sd}((&R7>U%Rd7{cslOTYrn27^_MP)FtNZNeAa
zI4Dw1MjGa#!{P-V5eO8c2JrW%hq>)!QjR@1fC(*KlnB-U)B6n@DWy(Hy+a~;jsBBG
zpu$iEpS0^O1&;)3bXt+F10#>C&CE}8m+5TrcpQKZxdmNSp+YSQ_OJ>Sg=dgpVHMHv
zX!G5`<L|U#KT>axO&pd6vBnTjMD{Nj?4hhzjY}f00}?IdfXl7ZG+JlrUQvm;d+8N9
z>Vhx!99lEy3lj~>t9O7z`c73C%&n02vY@&|9BOK|_{T2XVEF1$uSz^|mJP2_?77(u
zWGNAkJkF%L4S?*;X4e!`nO(T6D=DS>n7{>Qh!GRMFfsdU%f5bs&&HTJSZ!4wR<U8(
zlk<*PD{bzk|7;U<V!^<eI9U{utDDtu=uw8->>t5xGFC)r_4Ce3xr2onEjNw)UE^ku
zmb;NrTmu<%er{&W3jP=qn+H>O7egUQA7}a3?|UE8gWUoWE`mxr>Fp~C4@rqU=FGwv
z&z5ICPkVRIYBR>bUlustx~RHsI((X2LYe=jchb&KcSAt7X_|c`efvfv8Eag*TDzW#
z?}`F#vBASw2>;$obD#397q9=?&&%Hizw1jGhC9*{mbl{g9?P%B()*j@l&-ReMu+(D
zF9D&W_F288$2s4b41O7O=~5v~5m8%&Hu`p#g_48xW50EhQ2naE9puicjOpz^G5}Ae
zSNZ@Cu8<p(j&5&H4`4k4ZNHM><F9h}EE23Rg9s6S7iS)zsjAoM>}F>-Qj$H=WL=s0
zdCHf3wKfRjB^&<!J&mfOEFwBO`_lIA=4_1W_9s)F$m#U{#J;wI6^`4M*sV7-IJSE6
zyoay6d$U#1&aR4C4A1KjfGlj8>0Oa6pVhRqq|~;)Q&UqbaJxa^JXlWzl?dV3m~V2F
z`BuoMqeF4=YOI!qyj19JPD(vSCSI?(Wa#KBKqQ=ivf=T}u>0#lCqqM8pdRk9IWI7*
z8Bn`;iS4}lWGQcbd2__@IK;|T(jpO@n3%XVx71>l)M#ko8-y743j^Kbay3;|%ffAb
zaxzD^MG++=%%K^M?Yscj%?*_`mYCV%e_p0|F84yh3E+aWJ6lLqhv)6Rq;QL0&~mV|
zBjJ8$M?1VBWaYuo&UU)o>A&T&bk)-9G=qmok8n*%y$lYp&Xsw}xWUmBqu%7c(_J1Z
z<lf~q(@7~=i68Zpywt7Vfsr$_jka}>)Bt0_GpKmmmH$4}n{Z>9xs*t#T!!58HNmY&
z-N=`c?P231n(19{cM^%9(_!FtrxUp))$;Umt61vG4*T=(zrKNDY<go`PsKj2M@%`A
zmpbl=7KmP>(2Yw+)Xr>XudN0lT-I&XTxp%_nL`}rPe~zQ_XJP^Jc`=^zj(R2AkwrM
zv+!te|I$|!_JIPs@TPFzb+lO?m!;`C-etiF{Lk#sGhYI5NtE_ZZbxjjBdB*8>gtrs
zc(3wNPWt+o@GPYZi2o>0pR9fXI#mA>IO2(x_1%OIaS?Z~7SD8X#_vw_mT~}^x&p)G
z<m4)|Dfv*UIe9udIwToUHhS95SE$gB8!0X=^1wWKJN?s~-AIMoWYBx6m1!t)6@XR+
z$Vw8O>kCUu!$g6g9vHMS^uY0<VH{2ph`hb>7t6}(dIqDvMiDzl5IGqaQx&5*-~=Iq
z14@M)oNKWs$cIx)(~0%w(;c>!?ruI;0e5#)<9s-;-$>D5FXm(bV9Du&iF}0u{!*7y
zt+#-dXl+%qb}i?oI0u3>Vh_o5#qZ-ufchxE$vX3POJQjc-YB=*dUtd8a!S{wc-9Yg
z*wXA`igPDswWxEVjL`M0`4;H$?bwl%rS*xDxJSw<_BaAB?x8^=P?MODuoZ8Tk~2EW
z1?}rwUhV$~pR~A+$m@T6aL}8Y=1+A>Fs3LUfg6X4h=(5qB#U4-Esqsb!P8ofuqWt6
z-1yuWre&o;klUTz?YRNfid}CWht9^R#ATqYB6vj5TfvqF<8uukHD;&NjNKmZ-ScG8
zN@CZ!eFQb&EN!e0)V=Mdxa0v76{Vf*pO?>y9qiQR`xV<1qp=6_0ePnV`R~fbqFzHK
zzr_>?!AkrM>-!t^Tiv$37W^6XI*IOAeo_Y=yAH}DA6-og(}D#JRvxReu3!6>k}>3+
z*^et(Z0R-in7o)ftHCmxq1&l&>haoTR)2mNN0T#Vlh_niN$s5CtK_kz46K)$oik*;
zs4*J(j*p9Wsz2PBwTwi}<tHDx$EA(i8#lw27xUMK?*_H=ieP8JoJI|z!_6M8H-ura
zmuMNq;|{H1+Ia}%4ukKfH~CI679P-s-3e7sP}-+PV*T-k|0>+&Jo2>hI-IjwCV?i=
zFfmF?NtH`!yy)&_ki~j8D)Z;p0VJOJtc(w#cQ;EnNFT7b&RRW!-A^l1^DSK4q;?h@
zJp5KxdML5sk>1|kJCx@Fq1soU>^Ff9U)Ivi5Md@e!Ls_4)md_4V*li*UdBatH$)4y
zV+Ej=cnwq!rX@{`u(S0_od&V&ra%t$b5#|#si<Q;c7#z6+aCsrY0|)>l9LAw_H#c1
z#1fZ3>Z}GX@D+sH&3<u)efEr^AS25F#;F33draoR2Q<j@&rFPs8^YqBlo?3rm}p)q
z{I+4on#qTW!CqW@6!+D(g1RYZ*Tt3t#P-^j6SfW+rU;+5Y-(I42`8E!#KMK540~wy
zbA!PeJ$@+Sv3OTvsA}VEF>lYWd5=b2u8JqJ>dRyhhvdPS@15ggx|#E=D2CDI8dlD?
zkFhrirIH78d%8_S$Ln@44MaqhTwS^J`6jn^GK8Pf`9E?N+A=sYg@D}KXVt>oy58+s
z79Q~DI7D!x&vZK`YXluWgZM8@EpS;<+G$-7{k9$m|FdKIw)oa)P<(Pp0TB`JE-oiq
z4$Q6O`>a(z165XC;v%;7I{I<vPs;NlAu;oy)j=zF?#2@LR>7s&*>~13vm782POxkR
zc<vY(71h)D{armS`tf(TY9iq+DqucjaGme%fQe{fsMzHuEjhykSSt%V*uAae=suI3
zb-6z1-SW7b0;e0Tm(LCL_h$<2)k$hS%gxTNuasCTDK1vC(ZV~MNqD(MtmEwg*FLMD
zJ7)EY-T`WvPB8iT+1GWaxru2-t5_%<z?hB5>O7VtX4A!bEldCT__(SAFRnL-PMvsI
zMdP;HRa0Y%)Qm&ZDiJu`JVuJHPBg`Fh2t2wud*IK{siFVQdPh5_4S3SRfuA1^x>A)
zn$NuKzBYKs3fpghuWs{%F4#}?j-OJ^xV^X}e8bg$vy9`BwsZ?|EgA$=<%^zia4x{}
zHP(C<>QL>p-@F9OB+=Moxo)eZLipfD<a-@W%RZ?BlzQaHaRUN;{RylCs}TE+?Q8DT
zdTsl=K8CyY6nsi9|BSt_wF{8K3fbQN2gV&udtep-r%2_J-y_U1_j^yk5>6Q;zM08Y
z^T<{DaDP<G@HsfNM-9zvlFi}Ti!IC~yf$uh6<xOSVTVbATpp(MKVlPv1Zxa%m+a8s
zApY@Rp)P@EA2XxBi!=4R_Ll@JAX8J*x<Ut4s#lA^aDg%eLR4K_%fgAe6fPUUB80b!
zQ=3NqmL6Y=kJWGamTU?40S<*A4?9r_$O8y;J_3|jKC!sY&dyP0=4QgiR^X?3CEB&2
z%E}SZg=@gIWVkv;3e^PL{7Hw2MM=N_G?dbxYsT3&j(vP0pX9(GT3E{jez+Zr3Jp))
zuOh`Ty%`kCAgRgQ+y9hNk=r6MXrgDsmlP-HO$53s-Lbu7wl6BVe#`7;%i2>Vw92!9
zD>`Op0M`6#Wq%53Ke-s5(=&daUt7<4?bUBq=flkQ<SxdBUo$%!{Oh6A*F<vc7-j$8
zS}%xOr-KCBdaj{jiV2ixvS%V%(C<%6hqO2n>{t1*+SqLEy!6axzQ#(s+N4a;&{T5#
zSXrj}qj5fYnv}g;X|VyzZ}0^t4u7oW&jJG#!AgIZzm6_a4-y#SvM^8XBtbgaSEd~E
z4C&8XK0tb<7-Nr%hDgIG?Nu<&bpLhSHSlFhoIqe`NUoH|f)sMURn}&lV`&IPhyQi7
zkozl(YU$>b)FBk#VY?I%Y2y7F{?#w66Gj8LQo0mF0}U`>kHG1e1Yj@>?`cG;7?C6w
z4c43NKfisRjT(?9oSkC^wNpoeF>$MnD&5-$aZR*<G;;MMcNT9K_;vS`ih(miH(k!y
z4}B_ax+xW*puRzqvvW4F1#Z;TEzwRc(f=_jzu&<60yoYY0|wAKf<)~Y`rb&NgFVy3
z8N(L4%7Ts<Z}lSX-}R?5KCZ-t@^IU+xgH>Pfl@B!-%k+(gm6XsY~!C9+3)2cDcsj*
zDu7#uFJk62jmf{p`Bnfda0(HTkG}<8G5Hy+;4{*{2sOZu5H29yfx~KhuT1k=!&XcK
zy1~EOsh%>Dz;4QPx;4}?dmY-PejrV~f0;HR1iYx`&*7Q>Cc=No^X1d$>xT(u@c|@I
z8b*IE&|-gRS^uHuhZ=rL(j5L!1rc0A$u7>~QR4vvPQcD=r?*RNn-|d;*a%n}1w3+0
z&B$bmDNe{d_xSS)Z-9jhjQVg4UrH&q2ycL1v;9^B39ZTh>GS@(JUxHm15L2&Q*BGN
z;#bUmz<QTcyKX%Z01#gZYp6E+xZ=zAkFt$mk0yR}PttG0KjkKQ2@rGxqX_Y~fnh-y
z1=xM8_y559r8p9pVLU7NZxSAh{DKM{`>YFA{SQmGHbo0YgPOw%*rG=0@S-?&yO72N
zS)-&^@MoIsX|O7fwg*U&qmmyh*l;S1kBPlvTe#6J?3WMC%{nI`BU!0$omSWlA&!E>
z(-$oRDR+*{(vuPrI(i01bm6D=)@dGJoSj|V!0`kd$|?~|f_}x#%~=vPYkON;bY-cm
zOroMG>%)n1Ha6v|YHD&I;zrup>aUg@<lbo6!y_X~Q3(kJ4I^V?k`Eu64~ludE$u~c
z_e3(Y5(M5fcg$QqrTn8reSQ8{KYxD)h2AWNKkLI)x<6zDrK<m|{oTtxmI+XU+`cXx
zY^*VB9U9m$OM1k-Y9OcGVo8gH;F#-(VOF;QQ&hzBb?n5TvA!Pm0x_2egGVm)O-i29
zedWo6Po|VzU4N+$*q?-`IvoyZN=4e4tzJ$<#l`8*2?g{mEQr{()TC@bA+tD=8~^I`
z*<@@d193t}#_UOSjM}TJt-qGXbnVsNz{{e_7pjqz(bKbTZO8Oe@Yvb>Cq%*eYK-Y?
znsBo5=fmJ^$M%;e2CCB1C?|5Bv2pY`0$X42)meZ0@t54}`FWj_(Ty#YXcY(Q(a-;`
zQV4&2hzu4V4<@}R3M!AL>+QF&{6uZzB+_Th*tU19!b7()lp!U>omaC>FflbX2B2e@
zI5-q0tV^=}XI(%s(D=6pJVGpQDXj9W(hgT)QK_j4mFw(jfeDYcEnCD7%;7s6a%vI+
zbOP})9NJxGDR~u#nAJ7aE))esznW62$dfQ>oEC%0-#2~q+|~kt9;&4jR2*|PHR3Pm
z@;mPr4&P4t0=gcDux}rbwv!x0juq0jGjqf!>gh2!Em)tO?fbgxod8do^80%``y3fH
zD<@k?S^4qF*@=q1{RF{gx!pf3@E<Tm+c@>liI)O_(KVwL6#>EG28_U!<R?<SN)RQ^
zL7A{j;uIHk-iYvUiMi6*lA0%tmw6?fF#1|*k*~HYs}lzl9D8Y}kk~Zmlj<oYwcZES
z<4HL_%LuI$zE}EIF$3_)62+3T4|D)`e7(&HCN@@iqyF7V7z;_xLsQfID&q+*HEk^?
zI^NnU=VC1kXmT>h9M9RA6$fL4#6@sQMU_9&zz`I(*s@K=LOxSGpJX2DImqG9Q!5`3
zG<B~X$2*rhRv^GSV_z=9aV2Jihy}>VJgbf|-Se6C)DV^G3k!oDU0yM)Et0$+&aS%G
z260p*nFld_OiWDgWM9wt`8jXz{JI_eSY|Kd{+Ay7{p^3S;Q2iBQp;1H1xz8Sg#^p5
z<$1KK!f0rW$M*egjz}Y<0A-`QySvJ~UWUKeVjsre=k`gzJ|9i>TS{I{|GR$8V-dN0
z)=<m&ifH*-I~5lYZ}+KCSgQ*x28*Cmv^Fu}ecp9f-&>TiRO>vUB4pU<DYl^PPMzq^
zK?wgSZf>Uj@-U6%jEzn42Es@5-E(bX;KW*TNhyYs&-FL2H#Nma#iY2`8-6>$xL0I$
z7Q|%o?X>jty$Z5QO!dDz-9K9{o`vQ}7&Y=yOUvoiED;7QKtFrAi|1W`qLj4>C@!U~
z+^sSCP4MI+f9br8^dR<{S|tS&3|Ix-(Ml7KLlTU=rcKV6?+5R$8<Y)VBFQFo1`*uL
z1A6@#=C2=x(eg&KVMas~k{S^3@w`y-XtfGjKR)Jx4!p^I)+M~|e0h19mtCDKDA?13
z5ZhB<uNBqCu6T50oOi%mj*6-NCM1Myd|@oJ<^V4sE!eeCgPpF*<G_HAg5M6)zb88@
z>y;PSTv-`0XqR)o)qQ(wD?4YMsAiIqJXVhi)ksIsN=Juvkl9*m^@Gl47_SqTyt0LZ
z{ecY9_0Qtksgn-R>fnVIkjuJF9U_3F=?Tx7)DqK1tto$lgCH7()c<Q>z)qKgDJt%p
zc(d?^g#`uFSHR~sX-8J=24K`&7>sip3q}MHt4ok_$cp<6{j67zlT&9cUsU8MdRpA4
zJvS+=naF(vGOH|Ud0T9lEL|#1AxUas82t6?S7v!?UDuCmqFCi94|4mqF2x0OJbtD`
zM0BlEDZ!tVckh;fB6|UP=gbDyj?}UENZS_FHe~^B+Mtz{)$x9@mP4q(AN7n&K*H@X
z{c^W%Ze~T;zm_lHJ8JeH6gO@SsRs=x=i5FB`Q-rwaEI}gc2@jfeXB{4w?C@e3J>bD
ztU1;^-rJ+fIx<ft=l&sgk_*lEMJ|n&As!Qdk3eYjOxf0z^#lh?#n6PR`n1k~)!~J1
z+GYy242I{vAYK%{7OHMVo)2<ElnvH00^Y0k?SxsI4Qgig<+^q)Ez;GYWpOu2d^OdE
zd9@7~Y;?u9TlZ-BCvb6*<~K7)>J(xM2L{+kx6!%&@u;9?oS19Zn3^k3<C3<b@D$tQ
z1{SJ?FX#TZ5<WaC&sRrbMP4R`tJ9j_dWj8D({klg=}_A|=^IZ6R;?e3Hs*<=l}<Y2
zHIfaWpzI>sn~^r-c#<7qBTObx7j(!u9b5}+kB26^%xev_P?Y|>Fn;Y>f>Fu3jtQgA
zc&|c?aRD>Ww<O#gJZ!Kq(+U_XJV!>(G6WNjLoHYBN8xy0wp2lP_iW|4^GlMhY^lPa
zZgl~<Jws1Reh}4L){h*zP2y-*lQm@}?AF5jV<tU~EqqSbJD#b988nRAXwa5FM(5Ab
z`_Cbbj6xe7W2L@7Kx9V4sCW6+X7r(o;;FhQI4ib7n!P~fhCn7{gp_B|Z&b}T0~xlq
z_6!UwG{oz4KBLjb>h11UV%BEvyu{nmIdP(6ZFJtc)G2r61cMv8i~>w4l9QpzJdte4
zcpD^WD^xyU!lStE!MbVwnm9SN4QfQV;}Gu#T$nYX`pbrlqF*#4Yt)Ezl$Z*PDTz(H
z;+w5)g{n4g&z#l|Dspmzr(A;+E~LF@6#Oes#UF9As|k3-AttMpRdMZYkW3QKaFKfP
zX@2a%-D?;4W;B)JL_V2+U`~iyXr%eFx2q@5>Bp{wxv*0K^SAYRC+ZciuoB6MK^g$8
zzLxdOp8Rv*iT9d<BDNhUZq-W@6G8p+tNBmk4^!UY_J>8MD9&AWvRWlmB{SekXmLxC
zYSy0}pBC6;ioMZPh-Mhh<1NKT`n7E5*4E%MQIJj0uYUIC;kB)}#*|c`$!VU-FrKce
zc<O-BA>bsQ(a!zd!v8B#_*axmPwdHw0p8R2tm6GRYNUIVOF^dJ+Fn~n*FPxBMC29;
zyvDwM4rQ|8v@59hZ*Z&AO8E%Xi$|rR21{K0wNMKS3UZFB4LOH@z9f#xvnItdlSVDY
zO$w(5=$WLvu9opx$;~u6aZjm_Gp?z%5%xE1XHVE)>34~|_CmJ!9F%KcCfH8Zf&{KB
z9s;L30xb3KguSD8!!vuMaZCCQWl5eWQ(+WH3t)32i9bWNkn%<5v9b)G?TxD@%pJ3d
zzuyy`mS9qodL2LlI%x%!69pjGI0KrV1L&fpW$2!)?u(sS?yyYFU0-LS*}?^TuRHWT
z99`<Rq}GZJeMNPs*;JX7<GaAe@=B%ky42s<LCPycks~c)5~NPwu8T3?b<`0Z1=^(o
zMM~Cw-2fMQXZCpCN`btw6a0Ep*b^1{J?I4s^RT1l`0)3^94T|puxcE>ZI?4DgR?0}
zX~-rKXi0v`|6=8#Fsf>Dv5f{MB})vO`V<p(OpJ!2On+Q=b)O^>nD52Rzc%DgZuq~q
z>iHHb5S6p;w7tC8t(`9rWMVI6SkSrHQKa^=#l(;sVKsWGZ$FdeQff<s48yE>0jf6m
zx*foWVU+aTS9A=W1aUT^o36n8;vkZlvV4~G=8IxrU3VFgFNRU_z$GGH)Q1DKewk!_
zj^biHo1)623|nr@epzk_9>0LZ{u`f7QxO~`=cAr#autEu&WwqzI$6&l0#>=608@;o
zqY1dR4j=kl?ayCzn-bQ}CiFH~0jHt~z9L1W-XC>t7UTb92MBu$CH=!<Tr~X>FN)^k
z6i|EK@NRH0rq3pz3_Sg|O@JmrdXSG(p&wlRfnGDSlbIqPQN6<t!zMCFK+O0;92wl?
zs*k?a5b720q*|e$GF#oBd9-bn3#W|~d01p5WAn_4=sQ2))r<LxwDVu>ou0}I+7^-f
zt8qC6q!s1=g~|GV*{43~`#iIy{UxcFEx{cF5j4`O!u5m^I7%8$NAs`Hp`SMhMw4cI
zp%J!cDL3X$TTDN;+}krqUY2dWo32{()wK6AT<Lf`t%t6zc&b5F6k4b?&(kgG0k)>}
zIsyXwDBtHgu2lSvvV@-n*;UfGk^AdE2gV(+(z(9}nI+x?2L-7$TK8EHz8iFPo+}YK
zs#}mjw61J+&hCGw)A(%a<nl6Qm}t3d#}9n8=;lAKzA?!K1fJA&hOYyC(sV$BlXV+C
zMK<<VWeqI`M}pNZp+`x)hjBUs7bD;UihwjsmO~L?h}C3onfzkahid0#gvqut^wZd+
z5}eBUTW{%w$+O8*ect5ZgPd^P#b&)`;KG+ke^e+n%|H8H|C34lk9}!dd-j}2GQOJ)
z$Rq?9`t(YvZ?U==R9?4}duTlrTvBof&A4h<I8b=VY-H46+y4k`kHI$%V~{5^>9OkQ
zAR(%kH0Q-)k#0olAAVH>@o~gZQe{A`z|HyAhCoC1YNO^9TicUGQ-ai@!=f^tnml8H
z9AZ|y+I3lhDkW^vHSIfLXJF7&F)zDpVX-y8upo&Gv$N&;En}HM5*v@RJ+Y!h)QjIj
zP1ZCIT#qJ~tPeG0LWziBgT;-{Xc@u4Y-WLR;kZ$|J-+Vd%?92T-+7C-Z06SthH!?q
z2m;dPM@FRl!)E=TeM#IZD#C=hgIcrF;Af}1c5a)tlV+o{uNQ-L-Z$lGQuwLW){OH3
zT4$b3fAv2S`j0O0UXb)S2mru)Go`L6ML2S;kO5c8@bx28_Yb1Hy~bnWs==i@?!(<7
zm`X$X7|8;93X)3YmgVDC610-fy$)w5$Z=v<$x#yYqwCGiL>(Zg)j>o<xvY>@Gr0v3
z5%Z_cy4@NthLKqqYb*KPd{(JkWb#>=JDa&KJ*%wl@V2+?yWjSR4h^UB`EzlNx>i)7
zXUX?~(d}~d^GUDBP%g>LE6j%X>a@gkv8TVsRK00Og}(o2Wd={n%wF6;vZr}*vXh}T
z9US0W(Wk*{;QH#l;_Cscx=*z-)*x)+^)eohi|8B3%zSTh2@VLG!-`t84#Xv8JI32w
zFaJuhCX=D}Kh}Hxc1Cra5m#BGx?v~TsZnXp&&L&lHVDchZHuEUgZ|<I$S8=h4D185
zfOq)c?pQdNZIKTSzfBKc{vfCXk|tPv{LVX{okYTkx3R(x#?Bh0tvz@1;-N;bwS|Qo
zx9w-f#A071;v&64099E=Imwg+Amw>h*HiKf)XUv$$h}BcBs&wda@j+hgU%bvi2M@a
zUf054xle>q_P6@Kh4nL^w3CZ~C}a5@WOs&wZ_b{XvGjep>er*&9xwim0ES=!Gz@TL
zsQ|mV^m|21Q?SM)__U-bmQ}Y+{Z0USbCuHUU$pR~cK=?JD9BT<f8n_VnKtc|8}LjX
zmXG2?y&njED8a{z>Xi#3|Nn3lrl<fKwNi0vex8vtieYdZX)>IjEX$xqUeql;KI3Rz
zWhXD&TtB;agKUkYs}n0Xzm7Uqermk3`zVe?P_*`p7T9GOqVjWIT7Sdk(=ir=0KG-+
zW8s9h$x>W=4D>_B7d_zekcN>*%5})F%}vIRxaG@B#70ZeKK7*Wz>VSb4lV8p2v)DA
z-`q}%s0P)z#I0tFUHIb;0R5MYvvm7MX7zET8=R{Mq0Nm~(GQKIpIXdSn>fsy59Fs6
zfwXWAF;Gi)1io|D`VW3um}AlUK0NS7<0|sC;(FXrz;3Xr&0+9V+?*4+nImT}`D?F_
zm<O7<A#i}JhVHtUkiv@GraO$BWvbhv^<MKzT0Op$E_m0RtO~L+rQ{CLo>sOz8nCDF
zs$dfp_$Nf@f1lHz5%?tdQS~eV>6jScXEsj7&t)&eJ`hd5_Cqm!CJ<!EIE*dhG51N{
z1``%UKu94olIdmsoDhYUaX23I25=b#+c@NcIYkc5)yRd0s7lrc7C9t)dakZXQ;vPO
z(I4^yRr?TALPyNep|D<-{QP<VMehC)VK}vLv#w5aw!$=-Sr?=tqh?|@UPE;1iuR=e
z%Z!p?l?z!=MKOijg@~J7*^PPi;Drk*N6!PkzBkqk3w@IVw-F#0Nble!fa1g5d^%2>
zEa(Q&F*hUUo9k`CmzbGrcn;^i$iU*B(PB)5BXN+lB`hS!_J0zRAO&L|RwJ4@n7xyK
zmvI7DFX%iWk0kG?Ze6o;i-Q%p@y?CM4E%aoW_A{bVHuf=3Z>_q`Dc^qKSVF}_tA@=
zFINMj*Wp?MqenAofK1N7bKq)@iCo5*RW2bpK<m)Z4yruaI5KA%YBMusv{c_q8EPhU
zfZ36lG#{9?6O|hr&1B%K7vN?tzn+z~zQQ<beM1<Xo8OZD)`GU=V3wC%W`tX9V_J&0
z@$@vJY8nm%`f6OP?>>M-?5?|*KAC?~pPRj`%gv2FrQpv9ji<U`{mH(<NgeN1@jIAg
za-=Vtxb!<IWCZTAKsyaU5&1p|H6ESJ;a7h@6jRP-7*lR6`WbK{jjP65xn5j8r*h;j
zq?TQreyfDJGisNbdIu}*6?7QUc|~&=s*0zz?1-eqvsL&2(_P>oynde(`u@7jGjm+*
z`Ik;+@Gn8VJ~+7<dLQ%X_DR6!II1RceO<s%+r34D8JRrAh~LXD$62qhpFtv?prA<R
z&x#m3NrxWj{G9d0u<cUvgVn`bgW50<B21gZ-0nBx|JP3gosqk)mrl0w%GAx<nIzDZ
z!H&T^62dp6rB2fi>Z%KZS12^;;g?=`QA&>x3u;28TtA@pB!fT%#KgJtM4gWx&%I&L
z6gU59ht^pyF!N5l(<Z>E?9$u>KHHV`3JR6Y?dU)ZG+f5Zm|MJ&p6-~T<Ck=tt1vBo
zOt)M@4AZ}vpIlsiTJ;H`G!c1ud;2}lsyr_8vX>wqLqA0&X~uH{0yDmW99|1a!%AD5
zVE31=hKCa+q<py-R??Xmg(zZ~e#Com2{wOYt2PPkA?R@|m=+{*d;3;inI<!o53}~C
z%PGYvE;Df4&8P1z3hSP#;%f?ejR6aWu*}@r*bTwZ(Xp{8{h(MJYEfEbX2vURV$WcV
zT>uwu?`pW#nIP$E^<27@6Xm^ZkCUDk*HCRuwTk^9@=3&lu3t2|`#{dmpItN%7DK5q
zciz^Il=z~=Mh_>z$^3n~5QxfHK&R29aJZ0I^6|9U1B0Mp_Jr&n9)A8T-2#&5NOt$z
zw3i?8zZ&TOJLr!L1%SgvY*ALmu~X*M_pzvDi7VveHwLyByg|wpAj=>(<5Qc8+~W90
z@1JM}2c3rZpXKWVxD1dCacrJuN6RNaMwg70DCw99mRM%aq180-#&P`TcXix2i6y=#
zHe(GWy;W&N!&jGn_B`{?5-kIk16?Kpv!l8YYip54@V#CPC3<lk3X%fy)<On%IqB9I
zg=<?MPg0>SmvQ<2Ab;~GGBCLxEc0{}1ky792ZeCy9sQ<nUxeRyqC>yK%|J+8?BmNa
ziak1|pyqit2yLtUPmj}irv$NKSi>zzui}g1(i3N&ep}QZ)&Riw16v1_-0U60*q~5o
zvVPEwpHh(94j@#|DDMedFpLz!w&ayF-?zr(Rq-Uq{BKdhfBX<<_jfp7P$U57!`s>!
zh_9qkE>(pRg_&n3ahg$fm#LLR@^A^iv@i*)w6FNgNxJ)pg)tM8mHR_EMn9<V0fr}L
zOj0%RcK8IXL~x4Qx6&f@r#}<Wh$1(pE2f!^wuFy12GfNheTDs6tFxaF6gK!;pWe22
zRK*sj0KvvgvXzK7y-Sb7Yj;g`4qa7QQq~6<rGg)185Go*3RN|2Uk1F^(Me7UW{EEj
znJTsK9%d7Bx1Fz3VkmO?fQG?h%H2LosNSDLZJBabV*w;q^UR}g=a+<0N;s@toH66$
zMsz<;IaM^{JF5kXX7N&=^btf2wm2F3Ttna;tY&=dQLVQ9&J$GJDKA3dQ4vY9baY3I
zY`ooU0iA4u2Fy5RPpq0`zZfwvt_rr1e4t2z+Hd;sqG?P=H<c8z58AjDck~mR=D+(W
z+C>C)OmCM3GTK5N(P62U-iDVRzibgF1$s>6=oRpyitUW_{!=0LZ!WcM?dfyiu0OZO
zu~U&I21zH+0xvT(RZ|4~4PJv@p}fcGS_@4;52U0tSRR8h^Z%$=9zyBwcH9%2CzUMo
zJ>TY#827qb=O>C@)+I)a+0vcTaAMQXq~NA6F6C-Zk-Vd(ra9%%vC=bwkBHBrgLNQo
zK6R+XeVZ7sq%<qu8!pX8Co}g}Kd}!;5Yk)R$eRn-CH@%}H*D>MC1cNk28)c0P-Qi4
z5?{8GTZW-|SO|cq7;{S`S|Cq@QAVjm)}iRJE_+qSc5ZK4{(I<(>iPEN->_W_K+fKW
zi98aL-j2XLFqrmv_l6)f>2;qLH)9}(;z~wjmyKX<?)B$NmHZ07;xC56#Tqx!u}3fU
zY0$)9C5t)K*y1cKaIa5logsA4vsOPvrIr8nG}MgE)D~ziI@u0~9n1eW`LkOgt|Gx|
zmpVA31b~Lp3DN80Uk}(4Rs)}Czh8Ls(7YIEZ>P=gzm^KA*Y5f5H}lx3t~K_xrcWr@
zc5Zj&QM8)1oFupXDOMxsKwboWbahMifdP<)uuL}yzOE<d5VMI842c^qy96l;Yt(b0
zpw#(`+F$P2z2;);q4zqhihE7!^WO@EvMPv=C7sCR0GOCplHIm}!!U)2Hvt8H9sE<k
z$Y<mA9~XW^WYi{{ak+T!NTJW@%k27ILSc1dg6-9|9KDsHu<0cxYZlRlz2%PUAK}Un
zH_^OG=-D$mYOlj*$s}7b|Ly;yBG5lyCW2mEARF9}wP*A3@O*d86u_>?m8xi^$8#ZM
zugo+w@MedXS_*I=b-aDRUc52Hl+mGeQDatJ+$^a@Pb*rL)u#Y-ocqM2M<xG5(fV&e
ze4XokyOo>|=vs#VJQNJPV_{<nLXDoE7lvrC5S8J1vP7eM_6I!JqZKgEPwKKPD;E(K
zE}GYOD8n!x!#V}~7(ubsfHuC6{pkOlmi*h}|MsB{^F9nSPoKR<BM7juc>@Rz_J>tm
zul~Fwst?c>_Ed}z{_j~UJC<iT33TUmO?|$E7GoyMJ<wnaj}`4hHtS#2f(HP~fEE6~
zV?k=9zq`A(HM)Cwi-)JANc8m?WD7gR`X0;vZtvOLqapYwM}K1n{-00s)W4Ua&f|M%
zzwHxg6-odkz$Hl1J^4dRYleU-71!K@uJzB(%W?zFV1-Jw=;i<DHU3RtZB;b)7yy4>
zJkF@zO{wy1+XhYMFobZndvUda-vV3QZ#xVA@!!PtTnaU~Qqld2t+t><8ffN6V;C?q
z&}AzE!|B~!U5s$B86|+UzJH46mJIOFEumU2u0LDyZ*TKAGYUXOE&*f-EF7=am&=b=
z$?I@jnvwR;uRRq}?I3n}E2cZuFaNvbfG%qNJszZfUDBEMerxJ>fRC;-a`l*wWcY97
z-=+hq2y@D*t&L4cB+F}T)DGe2Wef3pgp!||YeI(qON8gc&&05#KOkq|X@qF!mscjt
zq0*PX5eWZUK@(m;0w=A94}N*6>B$eP43Mr1Jc=Cu&%*ot0o{uo)=?OLlX-5HPz`^P
z*J@E@fsKQu<l!M!T~nhd=|+Kd(315FH%`Qao$Y<oIIU}6cqa<shQQ~Iqk1}@Rsp@m
zYVQUPT}*{cl{}&k&wc5G8b2*c<0eSlsmm2By|JQ|pcZ0?T_5Dg@$^Ixgr3!jD;paV
z5yrBrp0#;jodKiPqif~x#)X5oV>Vj>xN+2oEw{JvY3y&f|GvZeFHs$<6+<%^nb}wp
zzhS?j{qtvQC;T5cTR^D-){NaDaJjkpv0?A>$+fxwKPu->T>tBjhlv_o=k(vAqF!lO
zHopIA-PzeWJ~{brL}|qCi*Mxe^3(S<u5^RUtjf{kLe6p9?Bkau*61m63d3onP8aWt
z1RYKX>hN^1F?+C_(W##A)8amWiE>`hk1g>M=Ti<RsJ-e}FH)Vl#26N#P~@)TE7Gl$
zM}rOvpPYSx%Erh-+-ikHwJzCie#!k*28p$}5Y|_Qla;o%deHFE<ZJ!ibI1w<pa_PP
z`YOghr}Yu=5sRdPln5~gSJhz|5rBy0J7=DAi$3*KR#ur|JHo6zuXh->tPwTGk(rA%
zqvOUf9tn&tocMLN=M+CXr!&ACmX&41tXuZ2xbtdrybqly-v1=u^au+hyIUqk$;t|+
z`FQ1MwZ~rIISJn;lWSX37@(8_45Rmp(+vV<7g@Y)v(%@%#$EDDQooWeoU7CD>UwzG
z1@C_)$NQ~A2!9<JmDn#D5~Q6>EG(%FnGq?!8^%6uQBMI65EWm*G^V72$}9wl`ebI-
zb0R`Z8#!q;|7v7}b9`D+!5@c$Bvu+5NnTtm&lh7_ob42`)a}#SIOYz}5$8nT%BI&}
zlzyc+sY*X}mff)aN)b~05D?VV39h*n`@{*pxmahknDXkxiSCfcosU^)7Uf?r_4|1D
zDd;Dqx&A?VGXR-zs_<6&y;af|#05OK;K0fnnKu*C3>tLvphHT=bg#(?X=-X%3~sBP
z5Eu7qMnIs;1Ko)*15cw`Up<}dxxsTBZ0rIH5Oz$h^#*3TAU8`8uHj=F?`6b>kkuE4
zb8iE`eog0r<R<~Z22RfM@tGM33UjB0sVNg}3TRt5EfiqsXX)2ECgsd(reiP^zsWZ>
z1%R@WWupjTf%qk{kFV;j<m5sMm_W4@8pj;8v_V%1B|1g`XkQVdk!A|^D~+h5RsOOL
z<mNe~f~Z}zv9_-C{=Hx$k7ZU)&!YvOOFv#02!#D9RnO$uf*f1%AdmiYS^2k0M>`=B
zd>g$@v=?yhLnLmKh8D$19d*cy?3|p!gLdbp%w|xr+A-ZXqg_cI9dhu&`v=3=HJ4Tv
zrVu^aIDB&H#PV{R0=DO8;9^Qtk7Mp|P>HvgGVO4>fY|oWO=;al*}#yX>>%RC9<7nY
zi!zHvX==vWUz)bll?XjwoVIs%)_AoxD(~`on;-x$FJQ*}$?B3oR7yP>=vAU?{i#}M
z1r6Uh`{ynwjpX9BW}=dk1`J7-uO^+~roC=_SDX9p*;9(or)<-vk|@8;r0TCz%P+)o
zO}G)1T%EWvDSL5Uk`9Q>&7EH#Oo9=cYrZYX^Vd*@b=l`#1?}r!Y*uIQhu`j<8EdaY
z@^<~M_C592hsgaGu}?20>c!_UW1PxbZ=5mDv5y-dT)LGMjl1G^w<9n~khJ_%siodO
z0#9*%)H)>Ch<~DE9<7%xf7v^VKgI}`5je3A>F6#H>GaVhT99Dz$i6!{PSFLY7bdC7
z9kC|}_0@yZ)0z$I4H|`=S7*%~Uhy)l<1lJhO2M+QNsH+$N=O3iX$e5q%J}gq+Dp>;
zx1FHc_+Q_yjk?hU9ZI0WMKzV5ZB4ra)pYxlO7lOA)S4&N?HXay1;zXT?i}f@4toe<
zt=o0KptF~s!jf1Z6SGraHir;4+mUmiLO0>i3A3JV<`Xq4GEAcsXn*KP!GxLG-7h6I
zdp{>ijVnj%#^4Lsb7?a&0Gy5A+n;yZ)PLAq_7R&6R5PC-x64<C>TWcC3DAppCv$^R
zBYFK%c39Mla_rnC+7obDNX+=Z#ZnE3l8d;0n*^@Z(CLE<wtre$To|94%N0h<%F5bS
z*?y97l<s|n#z7UwL~_fBf@cVaXkhNYOX;i>j-B)otOeN@Z!h&h(F+7WLle3Umzu)J
zm&*rX_SnOZj63=nd;9y%4ZW@!AS2Rs9ys*K+DpzYI1)dpNH%jp9L;$pv<sAuI^`$K
z_Qm2pVgpC|Ir?*>V7KTaNb9KC_qk>Sd*{ZOht2DXiy9uTg9rvKoxUQksJVIhcn>iU
zPFx2|NgVXJj<jlTLb#{ldQ<ymu8WQ+E*9w&jV;<?(kp^?VccCyJbGs?3x2g$3`ZID
z{Plb;aBtCdqdhyVBcV7r!}N>6@+-r=wOYNf&Z&l4-6_vtVh&-pjn+!83(Bx1|AvP5
z3sJicX&!fJUW!xUVlg$zQTTs%b<_h$J-|f>E9*Ir=om9Y0PxgvKDr4I7os_xl=<LV
zxZiX};8IoWZ%k|5I1sM2jB`J~ndS4P*7LF**{QEG+TsF#IG^XfQ$$Q~Cm{>2L-1-K
zf2A8Bi!1Ry;X|@O7Hc#<K0e{*?Cg;$WamxW4`8OQ8%IEc2@i9Hya@Bd2TZt$aFcXL
zr%J#_!FFXwfuM9p@d9WW9e0u0Q@`cq=gMvi$b!(7n)syPryL&iu%Yjnszm5d<vRjP
zOG@O`=K5peauw77BUu{_pLgmuXKK-eA@FtSKI#k}kgX|@PutrIGM9+wlCLW-R0!)$
zMD_h_EKubQ)IhCJ6GB2lSoKp?dSB?3M^~MHb+5K*U70Q*GDOnI(tzx*P0vvX6VD(W
z^gVf~c|EC`s&+A0Q=HKdDKK_|+_<ja9&pgkMR?@NX$P^dh_=sh88DGgMSruybM?H-
zL)!~$Qlw~-)9Ougb2HC(j`u%FfFjY)YE;e#pMC67d@l}1Ge13{ii^}ghkLyj_I=ZA
za>nj9eIsHrB>cXMgI#|>$U(UD5+=F@?raKc!+%gh5saLI@Z${gRP;eP-bpm2kl;`U
zUur3+sSJ_c84GJ!aLxA8-FnYFdM;y0hFBO|ARmVV+kCm+&(}!qM1ZJOX2G6)gBTs%
zxV{O!smTl_=(c(9v;6GK4-984&3;8^j}}O+ejB|po1ZXGUw}n0qW0?X{Osy2M*DL`
z;=7ift+h+(B`?_S@oWXWv37O21$%;D@>;HQwxV$<)4g%cPM0TEe}52i(`J+Vd82qp
zyp)Q;V*6f4k87z`(M}t%jhfDdj0a~=(24hsIGWFs`0OZq5pS*-#_iX_vZZs4{sC`)
z6$g~b2JU`%`2yo7^=iC8SDaQ>v|}RdS7%|~`Ln>U3Px-K05VtyC)vKz+f9V03+Ijh
zrHg4+tAB>$E#2>Fe0F5OQgR>z_l@WLcD=YxFU)5%UQMzSjY0Mgt=?jMTI|9ipTbcp
z5AhF2Io(gUgm4ETjhOO^<@p5op?GtM-mzlfEiT9xB4$!CI>2fQHNU@mc6{)w{oxLK
zt#)!ZiAJebuFkKQJc|b%mG5}`G&h+e)8;QJ=Uc<B#xkM$12VD2Mh9cCiYGCZWmRKL
zQJkA3UXTNC`vsC#B9*5knWg&ZPcMEwtx=`0rwcJ;(I{40mAotJ2&uh1=Kn>pDcsJC
z4^Y|4n$e>c;&zW%0mjX!W_!Mba!=b=kpWXNcT8XmQ&IZ4*^sMsi`B3t4)N6I^&x;K
zEtc^B21^#2hhted${16XEuI}UOm$?re~^r2;b2ko5;-k*|3DGiqJOjEi=CWw=%3eW
ze(_Fiuq0OZXDpu1RA7n2Y7WbI5PF%bSeZwusQDG(YQN?0bs#gdh-6IbQ<;4jY&d!6
z(~E(|QT_%C0j;kIqCEq<;B<GAY|Qnq!+@&?)N5)qLR#{4@(aCQP^FLawbuC%MX{<{
zNPO&d?!|cW(-SG2)SyycevYdj*}3&)qBB-Jpoqk-bD)0y4R`|g75)Hu8{O&TZXHLr
zl2EJgmn-)9cG`<Zj(ph{RFG9W=bOY;jHv&^)>}t4;kN(df+7e~N=U0nNsDwFpdj5b
zMhHmfKw_kTNT`H#=;#>DsF4EFy}?E|jL|vjH{Z|md7kg*bAJEqa5!fi&V9e`>$+aA
zt6*aeebAlR*obo}&tBrO?DGhxX?FO`j@zIKscqxJsbA~Hv=397+$sjA$jaq(yIm$>
zF2G}k*aKiC)7%wB9}b=Ns%h{h#xVs;efOVW8U)ew<3LC6<o>q`q;UEV3l--}z|W1R
z;i2nYuw|)W+`D1(B(+p#@+mi?l8DM1_3UbfFq#3%m;SjHbcxbTLsjMdlq!aXt5o(h
zos{K9PF^PSr%wgf{$a^K@8QeFbwjjgRa$96dMEd_8ab8ZWS)Oo*=SlM+D<N}?e3d#
zh8%San|G1}D4g)T;bS_P>F?XKP1d~X@p`{?h~fSpcqI>sLc|xF@sg!`c|qhN+qKTt
zFY3keTAU&SNl5u_4X0t?V+y`SDTts{*t6R}N?olMD0<nr$@~$mAh*`z=|L93@_8|v
zN0HB{JZk}<n0s!IA91tUD9%LpMT>z5vpj3p!#gWQgC#!=*Xpl!Z>NLY+izHB45rw8
zkqR;L@K~+P-CoS?2fu+&XD<aoSf50b|JXI(7EA#LVeCb2i$XiF20&G+bxmZ{#c0Q$
zg847L3xu95jenF-d+i>q2RonSS*L-Z0gwun1gJ7@FkP;2vy1pQu<p0gQ)@~B`bnLj
zmiM#D<zm1^QTt=I73wVigCD$ldMmlzlc)w`CkG2wJhLbudJBq^fA|#GBgpx1wPd0r
zXwWJkLYvL(Nt<X^YA@X)pYzV#IjPg49Q#%NETyuE`nJIbgR(~lv*yR$h1pvP4BKz(
z#DB`q@=Z~5F`sahh-1J#TQCsXIbFRhFuy6o)Wi#X;w3YU{HY^1UxvpR-Z`hk@?2|}
z`r%V3VoY;<eHFrD`}}<1#jH8{?k6AamP_?Ahv?3^k9*$6?(Ri6meB4Pg?Rk<qMFzc
zKuhp3VE-Qz^$!&OArN?(qf>J=f_!mb%FsWa{hBJORfN9u*P~i5`+7~aNIQmv^hA2y
zHGx_&O`w7F3Qhk4@z{ti&?nk5L5f9JH0~doNA(<U@j{h2i7u#w!XC;SP0704XL-KZ
zxf$`Z?F&-_Gb*&EyjE!(`*OS<PhiLUjFrDK<F~V4Egh7alg*@vkWJDaoSx=2m|<W7
zH!Ua$vtXa<!uo!cX@>MvX~-8ge-}&;KK0GEM>x3yI_VHTK4)e#E|`FhUk&92AJSbR
z=k|#FzIn9zr_q&fYxTC7mYB&_HbyIoy=U!lxqXR!ZX_2}Wd8#p$sgtjW>XE9ddsv;
zv0F!Dj$t!B&c8CAR8dM%)EiM+Ms_@7L%_RZeH#oT`kV|uJz5C6V`zj^!EZL>vyAD0
zuXhS$GI=ePj5VE+6}(?~Y~4wzU;gDdssH@5ApJaQzdkQ7HP*w_Ifs__48_l_DcsuE
z*EQ{v<|JUjyYlPT6airFCxSR?nVbn$a87A?V{Lg*Q;=pWz$YIaAF`b`R(mK#u^JF2
zcEm_}Y^-DiM5d3qwYsxH9ho*UBo$R~4#W12d*aL?m8*1HvL;DnKVY!E)5hAZ)j!)G
zCCXmP4w|2tr#A#nQXB`cLA^rj#UWX3oPi!|#d1L8*E08J)PHf(z3~xTv1{N`htMj=
zAc0vcP5)cVbX93B4tw_WeiBmsySl%mOi-lifTnY)@??XINLf&2+!Buf=NDgGL_v*T
zkfF!%8=?1uDzT8iZ5!sV8&)jkYsAgwN4NAV^P_GzN?#gt+ge*!uJ<GQ74yt$_t!TW
zU4&`hi&76|ru4j<!nK-g+U_-1RrOs`&6;FJ%Kb=4z|R|oW`8>Uh%dZK;2%ntWv0lP
za~1zFaPakG)EmIXd~Jr6ke7GkbkS|?h~+!-1pQ<PCu94kCRQBU8ZKGB1+(MR&k7Mm
zpk;hTY2=@Pf?Mw%{V@RKk(p&^$loQ`pB`S(92&bmO@j_Doudrk#zr+hRfhY2BpPl;
z*%<bp-m5BEA>^?#R^54zY?XyTgI_X)wh-4eILBjt@WObCd&ctB8?5+Ex*?^z|9H>-
zN_>H16+UU_!BpXVU}QMD7i2LLOS~Z!rmE>BWt&QXyT6qhYAwX~2^7NN$7^CL?!mml
zd2E;i5XT&N%{5SZ$<$=~H-|4hG5Mr7W<Qyh&CC~gC>+sU?KQsXbJEAB?cMOoo@70_
z8+E|kkv^kO9EV3;nS*}I;c#@4juODmfy~@>+<Cgxsq0|Q;ls@r4PNyw1CWyrt+_>x
zJ|oQ(NO4a5)<pJZKhH_?tSd_YA;u795pZtu(hK=)a~Cw{CKIbgNzuHc3Z2|RoX1HD
zU}|S1ZZ521Gg;n9I<OrElp}ut=CH952U2(6r_Y|6mv~){G5dofAb@eUE%=l{maD*I
z{efOq8K#?${#{zI5G6i2umOtMyCr4ju@&riUL?+p`Llf@`mOox|B^BY9#J{}t1<^v
zN3HP=?5f8SAE$oip<3`nJj{|DvpD#-d1i}287je*qJ6*X_oyOt{{7hNzs)n@0<~3`
ztqS5iFZQ~Pqq5xJzh5<u)pif*X5@m;;VpYEChPao>-K8OEL3yeqkrsuqx$9E*`uQi
zI_8Vf!8)lbt^V$%?fcNP__}DH3<NqH9TdjT9k-{pT*1{ikO<ySrkv1{zp5}X0BTsT
za24d{ikhma$P!R}j*QHUBkHXFIPzj;5NUktMIcAn*q7dTgigFAz8&qYF!@-~{XD8$
z!gN1uq}qI`A9KWsBVkvp;iyQatKOe*e15f#OzC2|_sdc*zrf~hl4r`7``sJUQzB+n
z9eQG>wU4pj6>C~98uZWTHsnpc#)iKX5+~h`JpE!bq(#@Jzt9B)zD(h&V>heujd8z>
zZpM6?tDj{JaQkxoD&zs90De|N`k7Tw0J>E2BD{lkt?BF_(ZNkt$)BC>8K20d(Ovek
z7C8y(gp7UVKp}w=CsT1fTlK0Bz9HJD9L2oQ>DaOAz&TcXCp&%gmE2zo=M5pF=ePcG
zP!L+$L=AcHcBrsL%$2nQ0QB9H%rffG0@~<{nee!H!ETBlNO3lvKXj3BQcXGl$);h~
zodO;HY#S^208dzE*k)qOTs$Z|C4ncyFKYRenH}-I&j4>%@8-z5oHzmm9?Ytj@i#W3
zSt!>)1>GACa!q?}rjtiQNSO_f@6O2W*%CA?KsrO(L3Xvd3`2aDUd=#qfY-#2nv$2w
z(PCu|%X{MZGWiRZ6TPzSomXYRK=6-)|II~PdH&Wa2fRW2Q`wXe*EGH&;q2ZUZB$*y
z{dLe_VZldMJ_w+4<|BYat{FELmfC6_Jrm)HU473{h{c89mNGLNq?0()6>=fa(-j}?
z<n-$3*-N<0#gCS>eV;Q{TWY}V;7Ec79g&+wY-(tVk!8r~ygsM=*x>$rNaOc$x@48z
zLDx}H;hV$!oSbC+QbVZaeH<g@C$I7XDQUUwoHBR!!FYvijIM0;(vgfvVE=&ZD@vK=
zPe<`7>X|ZX#FWG~Db_!t4r}qvuAKg76E38R*4+}}?oKgGgnVZUHuQ)*I9#?GlS?mK
zB7D@LNwaHXL^HGkZNN$C&0T@Z$|WX#)q*5}Kc2M7Da=-<ET!AL*F37P@?89wV&6R%
zA+W?Nz*`a{=8XDP<hyrfJ587HFC0E!E_KE}okX6h&<WU#RDHy|V9d*zh0Of8*Qy_8
z*HwwB*qBaTIQ+e<IK&qz98P)`?j`&U-l%$0J6uRCU)%1dCbtEOEHd2@__<It!3Z?U
zcrJHw)P|oZm(a3}c#$dJ^qjDQ=GR6@-0SBp9|?9&3X<!jvRYgY<Q50gf(6O|si^{S
zHMA^?Fuy87g!NubOWH&KQ<a~H2%p)yGg4Y{Bbe3Ni%B~ZUzYQROb~h%X7*BouD>Sw
zqIp|dy_-Ot!Cx(1*5q{}SMNxFU5-_2_)AU1bO_uQ<KDLG<?FN|Svl*l6?@aL4*HKn
z&8BR|MI1D1=b*`tcL?xQ(;>PU%9h|UYV)xF<r&u77a!JNbw$aj$CdfA!(-DA4SN4~
zE(o7O`I}B6v*hl0!SL49jQ6h28aq!+Wfa|TQ?#M)LcOhCi^%DtLp?Nrjv)pB_WTLa
zU=jTDCYyohj{SKjJx~|=rNZN%X0h{!HRI*9?2Yi_q<L+6%GJ^hQ6w-wwnOE3cwx_N
z>Gtj0-JL(G5!5}G>06Es+o)pQ`_jOGu&{74v$U}gcabO}zvEOlZU}cucV>M2%P6`;
zO@Gt$Vkp3rzMG`!eI$S07n=d??fXLq$%K)V4?X}b&Km4j+`W&h_~;-pbY5S3P`U0^
zP2c$6+Ya`7ulcxjs~5R^@Z9NBa=k?e$j`Hunoeiq<+t4y@XoE1Tk9A2wSu4dM?bkv
z@H?Q%RVXEnq&MD9EKeDTcg9b-tv;bPY0>58pEw}ut~c*`x4w~{v@aieeE9Hq9R*?<
zKYK&g%PSe~E{8Af;Ahk8=u-BVnHD<mGrzdkLqet#oG=nnpm+DqvSRtnOIJM67y-C|
z1lK;oh#Z9}ih*^r;f5A!D7}iBvhV3!m#ruol7Rqzv&wg}$rMTWp&x@y!lLJqPK{@k
zt7GTo^U4=GIgkiSEiini#o>SO$okU$Y4>Lv@69)UCr$7A3`%}2FDGQ1c0)>h*a}On
z4W_!gTD}qe^uin$PmRj;I8nz`@=8(&PUo_l30qc2q`oM18Js?={;+p%B4*QL?c-&G
zDbUYj1zTOJfT%bM2&0gM|Ik7p!CY}mK_;L&Q0;8eFjwPy@6ucC187<4Z|?g4V+n~v
zT>%ln(PK<(hiwMeuCoSTJR93)(=rA#%7k$Z0h)tv{~v#Q$|Sfi@wRz0=1|Ig6v*>W
zChotfGkh~LCpQyaZvlRcvSzuu|J3B6qsma$OR~wtBi7&1n9W~{i<We8KMDuOYfrTA
zcfVCi{m!UCv>{+Hk(-;#Cy=oac$hz`6wBb%P#=N94322#_bsZ>lI$<>yEH`3aCK>_
z4fyz;CBhYd#QGmAgh}ypi;Ibk90)cq*I2n;`p<|O)W4nv@M&tm@NKOMW#EA$n(p?q
z*7@vvPl}7XOD_BO1Pq0;5T$OipPN5cq+MNo&6nl7?r*BZrr|B(A*c*2nwyuS$pt(Z
zk~t6Yt+Ok|r=Js{E!&LE0#=1kXr|Ye|5WNq+;&v9|Jyx{zAm*#f6}t=Qj-X{#-E`W
zn3*;8qp5Cx>#u_*(sE5s941djyHowCoCNV{=isZJdOkjg^gNv>uy-smK;zh@rIn9}
z&t0|d5{&bCxL(VxfR)y|#kX%7IKowoK9~@VDX`u`%icOUQlQ297NfUXU=kx$YyA*>
zChFIz!~$pBfhWg78)}#CCGEvS{TB+=q`j}J)+)V|tvAD<Ynf*eo3OKm7=l6R43S1$
zzZiUgp0C-%b{Vffe9|>qunT7B6b6_1O*kZA))h=QaF|eh$t6#q$Fwnt-4gxWvno@4
zWaDWrkzopPYX3P&$!D!u`?oR<`qca;720|}pTm|o>Arn`XAv-$IWvw}Wgxu;eQ!_(
zP!9E<t8cZe5y&U?J0r<$&dGUVR)wDE%LIYw*C)TfoIdtVZF4ZsZpre(qJB1ms_>!-
z(k=Uhw|e97f0#-C(`8A(cIw#8^Al~d?k=%-hO)ohq=!G*uhvLF^B?G9rnl=>X=5?N
z%(g=Q!^DA?W0!}=EE`_%nKby(OEwQF?}jFr3lK@UFKs76wTkajmxe=ySp%0kWq}b@
z3Ridni_a;-V+pa4<$q;&|C5<pc>H%TLyYB5W`UCXKn>H?yDDi~Z~pdUvJO%9`;t7q
zcW;s1;JK%kfilyPSGA_ImN0*>DyZ8?iFqF14<<E4*Y6rNGv%6j8<k=51HV3b?`s`H
zz2rr<oT^b%dwVSe5;~Y!%y4pJNJS#4H0)sCrd%lV7i-93@In~b(fGIw9T%m*rzldg
zsRoJ2)d3G9oALCr6)`D25Y=00DF9l6>Tf$H(yS_DIKa=3_;P8(*6o97yD1Irpyk5X
z`tHu6v*7iw$LBcHA4^N5d%+4_xqTeveoJw2ME0=N3!e!#uzH}MkPRysd^wJq9en(n
zUH-wz)i=;(gQ%`dU}ll!wPLNaEFiZQD~E84ULoo{7~e?p!mj!}hyoP#6$JGE$t`*3
zRn>F(V3D}SFv2z732YekY;|%_SI;d|uJ&$Eo(z;-RyLy)?OPb!?aE5GNOu#a*}HkQ
z=|UO6tRa;wx~YXAJ~v13SSEKI$!MSLk=Cl$dPg?;PN=NVF;U8Afv;Z6J~@FYUlTq^
zOT^62Q_+@(`N}oUcGa_Yt0dldp0%X%SX4~30&Tc+LQ9=M`}mB6ouFh518q^9SjSIW
zij=8kHSN^@^k!|c#;&u#K_{tmLG)>@;51WKNy(GC@UW<@Gcpwt$`_z7)!EU_^TE#A
z?v)L52}vwgQCiLU`>H`k(_eG@eiTP!)zQOGFRIdQH7{?cTKB4a)wX&G_pK+UvnrQU
zQ&ZJBZ}f)$Zc(N`awYUVbv~h*#)s6;%}>7h$aZ^95Xyc^<7_rC_opHdRxUTbO<e4H
zzsJY8(vgVPEqc7U*-XlJS%|D`w@dg}iD{AmaACVlPcyu6og4!Ft&vr<JlA5p@{I9U
zhTv_44~6I8R&r67l6=!ZlGp1f;l#=b{`MU6QY-L7s5^n5v?8kS1$Wmr@7cc}a#a>y
zKedW7MfQ<MP$<&3I}7zRea&Vz{m^00#Cp?}qP+_*V@%Z61c>INPf;s|=*vs+R%Np(
zeD^1Ux~1fX_;k6s5<VJL5}mM}sGU*fK5Byy%J9ywqyVJ7HRZ2oQvL*zE#)$Pd{(&B
zk`c?oLWW+f=Eq1;EC+<`{hCH#+vYs*E=Y9kBeM+5M3RpX-)PY1ZI~y%?-FGH7078^
zZ!a1_^H%d5PYI<y99Vdl8rBo}UYhg~wWBv`tdZW0ON@#V(3cpAn=7Gmr<knmeAvz#
z7zR7LRmz4-9;+W)frHN*0=~`RJ=8NiBfM6LIMD|#bw-WVaXl`HJQM#Z?u@X)7e_=M
zN>v`eKK?%{XwF|1^g{D(r)F~sz^n@MszNjNIc^uhmXy*RQi&lj_i|@m$>Y@YfA<`8
zLOJSFs~*d+o`=&}8E;?Q=*^9?d+5Z8Z_L&DS7YvdQ%jgvV@Z`1lY?FMfS>7tf-m-!
zruy5rdHiW&`=P!`w2@O3B`;L^V#oIG)2>?7!~|YAO;xvbOjM@aAzYaS6OaF_XSVt{
z_95Cr<m>G00AhT?QLj`dJLDOkyhY*k^z<|Jf{xGz(PD!JA|n9osw=cecDm(&k1vfU
z*=@s}>hXdz^G2fV`8qS%vW?0DakBYJjPP%g-w0Wcu7hAs-1QG}xT5S<=q^PYGv!Ng
zF1`=EVPT?7+ekfA>LoEH%kdwIkw6igu)Xm6%-^P2GN4ond@13hyJ=SF9%v_iCElCz
z`I<c6*a&!9_pCf_mv!wWj{{=IGv-&U`6O|b`lIRD!*FEbnPlgSYXZ89j3-=HBK6Jf
z0t*HLz&x{eBiNQ!fgyaMX~KLAXncJ9-4ML|W!CX2o#NEZh^<e-LH}emJ}7nf{)VsN
z<^BZoPfJy#wpC#$QpZ?T+q2vs^$<aozr8z4RA&!+H<H)aF@OFDkttSeH?vqrb@<lG
zjNh?Fc%(=)D?hC7jpp7XIj{TLfuo^R8=(0UYTg(z-^^O@i@dSHVz1F_MyYq6KDy+N
zpy?yI4?XR#m+&p5G2=3ix}HyGF3pDB`Wf&UnA#R<^MoV{_2mvmiAzR8{{>AHNXo)Y
zNdAr2UDv^$^s^#L&|{x8!Hbw+iN#Z;c3jY8!Ru$t#a6=1+utrZ0>Q42xusWJj%ks7
zUa_E9NyUBIn^SzY&S@vqyFo$GxAe<}x_q8A3EhAps8R<$(TkVIJ~yCWQ#`4OZu&d`
z4(e+Mz+0Ac<i=8mo|-P<Q&~}T#Ws{I(`9DqBVgB2x?ZVz;Lr4U2ZogkfQNc_Fnxr1
zXXy^X#|6T`t4;9dT@f<UCVbQ<=+c9%S;VKjnA-O7BxLGnX1k6x5dW@Z2j5)gZ8ZCy
zdr1ji)n)U$oY=U4hr81UGX!?9=((e%oB@Td*yd0B=$*rcV^O>~dgx@Ho%QmwZ0JBx
z+~0zn`dGrv?DzNncUg<YllglI%0!PjxION!a9@>G_s@><M`Km>EFPPa_Rbc)W7zn)
zMQxZJJFK9~C;G~ISZJ1cH;&U-GyH}RcH%;5cRkd_&;WMuQqnNg+MW5sWh=Dg;#Qfe
z1~M8A0~D4B2;Vh))Bc!&GW)=$e?9^pY41su@QAPD7i~q5mWzN3`y;t$C4lcwpQ`&B
zJ|}+6{c^l1oIe3_7R=Gh`$%_U6<6op$NBVq-}@&rtr6#rzw1BY>oWvdh2+k@+7@6I
zlM@YvmfUNWdD4xEta+`X>q|>xEGI=JEfpcxZ>YBWdcR_xCTil}&_-)phv()YLk;%u
z=Hn-;#`3?zcgaSCgJ<k*%X2FNcKz};`LO7~;hAV2v-S`MeRf&L#AxAcsAHyv?CnEp
z@B~jnWdj9oi#ej8rbPa@4LW83@UFSHRuL<-Q|?R2X>^Vcm)=2>l}l`!9ulZ}JZZ`f
zO5%e~Hht&6B%Q!rW9F`ZmK>B`;)6DoSH~|oZouGWj5V6!M4YC*zN$w4l)x5?Dk(j`
z=5X_~9Gyo|y`3B!7ikMP{*A3I%^&Gh7JCmL;A^lwrU+fhO$ZmwuKRTYkrN;Nf#6bJ
z{~)~^$A6Zsxx(Nk_+h?+f^(N?pB({!48FTrnr_CWo%5CT`1vl@M1?!0>*&|Vv2GV1
z8ER@`DV?Z$A5`=9u>O8IyVq1B-P^g(NcX|D%=dVMOLh<v=-MU|5Ag3ue15A@{rG|V
z_7($(dD|AtM-ZCH<=hQrv&nzx3IUWO?+5}jN~ItrosWKl+}ON5lBq@7_B|w%Izm5Q
zToQieX`Ix1cCTx_7;C=9mv9y`aei^e(aUI5MtMkm;t^eeGfhn8Wj;u}h`AH;)N&ay
zt~=&dTP}V-pzp8JB~|UP7B%j4!LpptVkB<}38cDd(e`z&z&y@}&ByvgVC6C6cKgv>
zZe6DFnN+(fFJA31D^}XFF>O3MtMdW~azA9h6_vVaAB*vS_HeLa-+c3>JpS*JU(0c6
z68k}>4tfOuF}SWKmsMABD(R+9Vah!IDocEJI)U=o7~zC#SpC+$A@S_lv%*hh9)_Zu
z4!0cem1ZhO+IJ91GvK!;0~g2M@Y{Zun1;|5?DF3n^^Dt$xPOE%%VtCR?w)txDCivL
zHSYZBiq-X*cXL;`#}zaSpQs7{ccP|oZ!sX!mF}a_-Iic3UX9b2YjQg~J8bVgt79)N
z2IjYe{!ddv@SP`rYu#hM^kMEiVO!0+xYPRqn!LoD|NHe=;SbhYQ`SnXBE1RsiAHwV
zel0IdQ?c#ckpgzTLc6FyW@Ven^s&oSQ!txXZV_=^VBo&p=4!;mo6k&9rxkBLBb#jJ
z0tS~VcY}xsKB*c~ELjZA8I?~!6CM!)y|H>l)9SH4rY6!h6S)+z0jKv8_Vh(f4a-a`
z(%AyI3W&=;SKWmn@jVC+nC`KbcUbB~Ih`uw`?Wc$LrSH-Kh?<m^)dqRBK&V#RF<CR
zZ0!;0O6&tC7J03=%938SUgYGDPEw0uJc?A5aapIB_%EXSgBHcx0}%b0p(>CayGcrT
z+`FICo4**G+h716q9M>1drPjyJ}3()$tjkc%i_#`d0p$ozhl!^`YZJ>&fj0UulK!S
ziSFFiM}`?ttpx90xnYo0;H)XCJfL*@X-#!?(UE7c6^9k}Tvff>X5~xL4GK0%F{s*s
zl!SYAg1WA*uP0BqEKl{GD$#Wo{5&YWs%}SKE`OG66YhP7ssQq$N_a9T^!wem3Sj|>
zuH!i`)AFU?lWwZ5vGEd}Zl+dT!jre@edBN3xpnUac0A0tKE!kL^6DUCtRxeSwskp~
z@`9Z+!0Y^ur`A&TGi_ax)?gx#9MGM&B+o?&W=v%qZfd7;)(#hfFk;SKp~mOL7j>8W
ziFu<=d>iQ$UUXEK14wN$MkjRoX!!y=_OKN)?RTmwD8puaWO@{@<l|jSAkIJFI(~as
zhg@aT<8#PTs+jbIhyT+4l&$ZauB%a-dQ6kPc?C~y!IgbzmbR#bip*GTA&|C}*FnqX
z&>Fwd;0?!yht-S^|Mc8FBi@HBqSn$a?~gtk>nF4r6e*7*-L1;%3$VlVY`R?VSkVD+
z5jeB|`ILti@Os17b|0mpe|@@Ec_|gWc^_Ej$wpr^{pzUy^_=K2uIF`1Bx>~}7dOjx
z1j;CYle#(_(}N574GMVx%Juf_XODw!5RyFn`#}S14GXG-7is|jcB_JQGqWBg*1Z@T
z#7^O@1e2*WAdW3p<apJf($DbhF84_#JE$yO8g1wBzC`Iy7Z(v(S+hH|*w2+__o4Kr
zTR6*Q!Qnn{nb?Dr!tY7OB0gCFrrpw;UgWI@Cs=Lr@w1>x=To~<i!8pMOe<S#yg?@o
z83-eGr_i^GOU+(tQ;K4{O(VCXm$H!8H|9<UG1vqkKQ=X)b~P+%Qz`b9lYvkx{atQ{
z=Z8%PUFg~=p4KF!8UbsGgAn&wQAYE}^Vp2-jmZ05DQ;Gnyq6apS*+fWme93a{APD=
z7ZLA4KJQ+HI4otQ4F4_0en=?15PS(jHjKy{dw4JWYWNOptF_bJ7a8KWcV)*fP8<<y
z1=42+1}sEXjI5@l7dKeD$JkhAZGwuVims~>HEfCy@Y)v0uhs12+|k@fr~X_}WL+}r
znVrdSO>gY0fPn9SB*`|o+r$Py+;mMT5hJ?W??DFM+lDnKS8QJtd?f5W`tUJG;VsEw
z1tjkLh|L@^Y4>yKW*P2W*n0D>I7=;}0#V)c<d!z|aKVR|Sbg6Pbsm78UP`YWbLb61
zBbs?o^6UP`eP2$l9%D39@xS`ljXu<TMo3QB3q$dgB^ti0_W|6*U!{(dmfX$W`(0l}
zmawUVsZiWWp#SqjlWRt;k{c#MyG0;77YX?nMs3}>Wdh#p!AuUeMZr>Rn$CPJ9bUhY
zx1~1?*q@KRC6#EwrWQvN&M{7v97QJns^xt!Pj)*2tZ5jGAJ*%SiiHl3uaU<imh?sw
zrUS;Km71R#7S1ob1fHCSbLCcW8B)ePK)$JeWw)8o*FXFybVldv#e$ajqUdDpE1fKi
zxtdi#;^ks+93pqtIbYJCciA)}t4Ea4(WBwG&@8_Q5(kA)cSJChwr%Cpl=*da`8ZwM
zJ>Amtx>dopP`38><V8pRSOIGTfbM%wM103dV3^4K%tHF<OuPKBz}{`0$JtvCPJ<PC
zNIn>^7mnG~9U~?M$(*Lk2b<XtU`bVWLgi>?EP`i(z*l`NCZ3Aq{xCfiP0lchh??5W
zthzjuXBKGYZjpg0_n7*6gK&x(e+4YvmV;p@SC-oVRQP|dV2iNir|B)(5_7HMLHZQv
zW%&DC(THOw@q9|So=dfr6vOq@fOvxzEHxarl3T_htH&NK`uL<eL&@1BF39ov>hhhk
zw6C7xpKfe5QVxzq6;Dg``IhjkAES8UP7HKYzx4L{D)I(41>`dp91vI&MT@)4GWNHt
zm6imhZmuA=ClV%78>F;GeFvYyqB2Geu<OG=;bflnvbMSS5vXZgSpi~R_6c4@H~rg!
zD#hjOk(~Zpk@;5EIhDc|7lur`Y#0jg;U3q0XkeO(oKzQ*y_s@p$Uwmpb!Jy9nyLpe
z4s{~C9TmFfRjt!dG?efhX9USkd?snIcJ8ZOuXI_jwWR}B*XuSPrE!M)om4tRom8+N
z*09>m;L4<wj>&)!ai7uunFV0Te7+b~227|W0)!$>$^`-%O<>UNzWct+>5&SMLl<A<
z(dt^uX`*yOP$m76IAJckkn6Cyh}ZNd!_Xr$==I@A8&`|~z)qR#Tu}P#@<Qn$cXo|j
zzIqx1Iv4Yy6H}IQ(?!%&P{xajiR9roJp!``qZK|>|HmCc6g1c3-;V}w3ttPglC0Rw
zwl&nFW}#6s{^s&JGq}edDAPIurd+$y0fw=ILlc{WLHO$L6p!yAy&Ja@%HTK^*q~bx
zXyVOkMBsJz<O1oqI{f0<SiZ*2q+E;J`mTj|SS=yCEx|r}kT`*t7dzf3IIad~?pH>W
zCfLPHAB%m+ZysLnV^@ytq8K}%*GT>F{HUV2g6+rR&0Z}OE!}+MF{6W{OC_g+vLXDr
zwjq0X;&Tp|(r0D0W>(T;!Aiw}^6_F@%Er6{=9B6ye1)%5n+#1s%K~nhV5Pj(cCx-#
zKHgy*Ciw+igtQxe7+``-&r4txb^o+sq3p_QN4iB%-?CLJVrTLcyhti}{SvZw<V#|P
zdAW5YI$#ErKid$T*1DAtYU#+XDMbkPJrRBxPEi%e-hgyCtg!0tA7nxIZv&)X+6onV
z6H=-eXM1NgJHwrb;)=2TqUXn0VdX7b#e0M#%NjvQi>s0}zqd^%;wP**SN}csTyED#
z*^cxrCAI7d&sS;ycF5a{z4(s&shWB<GOI2MmidrGbkWz;AMj^Px&C?XjSL6~ge(?1
zSBp-UN|JjkMPMzTSc6d0%`UFUDNLfJiPm6TDH&-eZMVy@7s4-4o+_!<xy0dbKp-)w
za-Z3}FGJL$p-)cY$OQ%kU{Re0btC=FTcN}bTb`MstDiHxj9VfonKltd6t|}?DsUO<
zjqQZ~#(~Cdzh7aHxBFD8XU1-Omr1cr1K@enC3EG%BNpVxb~rn$>)3P&xAxi^f!1w|
zmXk86>`4>AMf}N84Ui&Pq|q6_QO=3VFN@qVqJ}^DwV|d&yhmanC$hlBgXUbfY%E)G
zvX-#VxTV3n%xraQs!B;G5)<yn>7?2zYM3<wQ9>1#aWw!m<j<Q%929|F>$XS+u59K6
zOQzsa+F@-fCp2Q9$aR1D?YZ}+<A&w1`z<Pk8w9sh6oO8!?ybL1{rq3!^qi2Muvbje
z0HCH&Uw`D-Eyh3aIT$>Uc3z~`H{0<p3IWpLR(9&1(&6f#`ci81vBk_LiY3?o&=W_!
z;z`&$mairpN=#m@vzsXt=(`nJFah;8BbL?%{oeiQENj&Aqhw#7L8b8arZzb@CNSiB
zYeu}G5I?LLJl51~naiu(CPFllAm%vjm_IP9?Q&_1&60Hp-$0hRz_rp)S=^!sX!(sS
zaXHXt0w5n(@yaM-d+e}hry3F<DtZ!mpKFG(pY)1Ll`%%vW!usFGvP4lE8a6-?mrjZ
z${pvvzdu{7R;miRt)1G{cA!=%q^{Ww2&{oS+{glX@h{+~$ih7Jld(MB4;g&qu(HTL
zF5o7GPryi2UQv-0f=dhaLnZ4L22u!{^XUL>gDNeSIAPnTjk9MI5F{nRN;VDpzrg*!
zKRxFUCUf9MQ#(%R(K>&sEHX4}hT2Uepq|hb)QoAPZH>J)EE*0696c)q=UWHWx|ro1
zyGzjNSkQN86|U@(BcB@evQeEO8Czv6tBRp1eg!!e2k&Mq$tn<~6O}#0udQTE7q_e<
zf2R&5dv_Z-PJVmyN7H`M6x>fE)T4%dBFG&r=G3nyK0Ci}2n&E1Rn-avZ7K&Mn5Eul
z`r`1+-t;;amZDzkw8x$RspjQt6%Uwx;2<-Y*s{EmYjctbC*S-fc9%)t`%+g|Hw8w)
z{F&vxsj}pQhp{YF)8$Eh=|&<m1rAt5!?1mtb~&pce?aHf3~UJd^?E`1=&9@F?#}gc
zCWV8^?zAaUf=InmsFONUE)jDW7sWLt$RF)`SMCk-^E=KOsS<6`EF!&F-;197nenZZ
zYW_sIJ3q>>QwEcQnul12>b&aa_Y1(RTM0|KAEW;R+y8{D|HQ2igA~T7%|E%1ZA3-e
zj~02HY!M}RI||iseN~2P;7vkIdDB$`tX}Jj-h@j^nAdU+;xR?uEZnc2=Nqm0bmhu`
zVXIf~N_-5$T-G*!S5F96kf9`%{2Xu?y`eJ$HAsRx;}>r%)YilnBRup*bthBrNo%Qa
zWS5L28e17cN)pYCaH&&10RuMjIKwvQ(o*KEaB>#Q@!PrP3X=AJ4F(nsgSG8RSrKi~
zev|>@JmH(C->Xq)qxYD$X8aya7E_l?0TrD&eC)<6^4?K!8gVNWc<~g<X8}K2*kjCP
zpQn0_L`5-;zl<%48pVgL3}9*no)V|+o&$MzTFt>_M)F!oz_~7TEJ|S08Cq|jdB32b
zpc;HqnK9ZB(6ZjMJ=0jPwN&cFX3sb!f3e}_t&X=Oxf-UAg4x=TIZ8zi<NIx)!~;95
zSE15hL=$crI{udv{QH3abMnKlZVB8<a0+|=!sjXkjr}ujti&z;okFFa(MdWr>h{z|
zB6~D<tRTexz<%tP7_K1<?-})K2@B*%e1@UCO*R8k;xB5Q&|=O51~L1GW4LA<%DoEQ
zt!}Uqd=r<JB9d3{RNB{Q(ZQ*sWn?V{+Wde!+;-}UX5Byt>IdN}xH7%i(?R8k_=(Sp
zVx=aHq5-0p+j!@LtxsGXFC+`rXVaAPKP?~mvt&N1iy}3rC<pC2i1Bh?;KS`1#u_QF
z@juk7qpF<sW4dcjV%Y!yz)4xxyBy21mDiz9rO)#~GZqDXPte>a*f?H_EU6sN)GO|b
z>2L7bu)IyNwUbAT^hm{>;{OeMD!y%W{#O8(Z|Vrmq{=2&sZVKZdHZ#*Z5_)($&I48
zkT7GevjP@9)^}~b+^r3W!B5$(RZ1z8>vMC_Owy>MuY|K-<<FwY0yZz+I~|;@J<Tq;
zfS5s~#3xrh{{~EDe&?cjs%wK!dyo272TTBSn`960*EifiQKNXJU%H8Np4b$1_AHlf
zyZVf()y4fzS_s4s!EbNEgnN&h7?=V#4Vy1O-XsLpf}Jk^vj6`$f&cT78rvGiQ|6R`
zX9pXe?@*$46J6C<)R<>efj27uwuXdP`6zSo<O)KPd|Sg-dM2nc<ef;qhKIu)E?#B)
zV6`NEae)w@tJY#@x|Q$o`uDBp2VK1rHt~QKiR9;T`Z|`xW4vVoBGTU5U$FZGE0eKL
zm>5~$%Za&O)z)fT+%e5f?z4_#^*Z^J&GX@e0i;b{l|#fgd!;y48smsgY3iCSR}Uw3
z$J=~Qu~l9<FeP#W^bMC^IfY+r2a_4eo^nYkoyW4sJ3ohe{1OH06h?&f;Okh08VPm2
zb2+4yDGS`}O)-TOR!jEdjgKzy!!Sk}@{LKgp&67xtTSGlJIdAOe&Hq53f0;+=4u>`
zh3ey3LE>r5f8hTAV`x4Iy*NV<!Rk>J;dqOali)B4g=`>P3hYLTK)w05C`)SEGB(Bg
z)S^6WLmJ0s)y1<*2x&Z-WbJd9>WgnU2;n=j#vM_WogbF1{YO7feP<7^_n>Vh=ZyIU
zfH}W}x4z#xduAn&A~AB8Rc2VNvG~$>Ob;Rs9@U*@#HMre+$hi*U<_^y3=ErUvUUj7
zf=g+z7w2ohrw=zL#%e~^K)<1n&T(H71qx)d1Lf&I2jHgGF2@8uq&YV>cy2gC{m`NU
zUz4z?;kKX>ucxjOzT@2Dadn|A0G4<59YvxJ7^2^yL+4n03K}Iv3A-kbiD5h$>Up6P
z*Y`rs;_cA`QTH4Mi}TWsGwJ~;{Wb1n_;draq;{a%mN`0P><e)p2^qJoyR*=B0kUBK
zvtw2}sOUlu7R9CJin-6*S~4=wmLn+j;rVH1tL|#s8l;+kJ$2oeY?W<#dur+Nd01q<
zb5fo@k_Hojm0D7{mB4aSo{HN(Slvr0tm>FduN#~6^$p2GDuGr9j_Gh)DuwI~vR(0#
zjT36oSNH(u-`IW#2qq)2mgX;K`&sgiggak#iY6AO_=HJ!8|7VYH`SnKOsg$)HVjo;
z?T>_rJ<t;;_b_I7zc=p;XiTjYb1f_^65T&puYepWad16V3AR>iED2iUk#5(+&^eS&
z>T0hIf(RUmpi4*>^_2_VSS^LUU)wWk4rsydST>Q=ZOO#SXLbgLa2m&PT$2;JS~wr8
z29Al11?os{nYI9ZxVcM3Khl!uvogA6sB2T{DE4@Xtq1In^U(LJcRtB@<_>a9aL@(y
z{Fa-*=sEzr4X#mwhRiiU(_x248O@QX+IJ;)xNU!R*OR;#7%nyO7V%%^K54GDJab5~
zeGu0%|LB;^+^Va=-OOzNm!!?Ll4w#+%Urx*TAZuhcaLMRrmB*zJ}UR&Y?1oLr7RnE
z8&#9WAZ%aFyLn_?whH-Ek~lILuu$SMca;})`EIh_1HW^*Fj3OE<&XFBI(3yFQr%-$
zVR1^gQa_l`c03)(OOyxsc<V9Q>B$T0;pr<IC1=lAbw}sG4m{lKZ<90FOM$lDqtMsg
zrG7wp=bf*5_$(<5ZC#<xk*IQVF>m|D$;DaJWy(D+w=FaxHPh>D8RS?M$%IJal1^Cr
zf2`G?!W#rD>HDja2PhAlH*>5u$^&*|c~-V#KTQO6Y(l+aa+gFW@+KlfZT{dFu!Lh9
z2R2YR2osZZ)*7|Kjo^2;Nd9wZ#olZlJ-JEs3hVfK_wPR8k0hhBgnACygob4sZH`o`
zTy`?Qv8T;CgYRr^I+Qt7TjD|x2>!GIJi}p>6+;p)7XzziVrRj))V=$hsrqkirVC3Z
zT@WQ^)-B^dW|O8W0R}7i3LzyEC(^YoDT$9$4;(mnZ@do)qW#n9z{}w1ah8_ilJwrj
zVn{T<#iFf&)BbC7a^vEWb>8ZH@GA}UNikWL(><1N>wk}DU$l52Q<nb6j7ma;;L`9<
z#)C~>)q5=Ma{mK&Jn;7)Ya)sb*rd735ixZI&?2FCJ{j~U=`^FY)+r3qo<V(n1F@tY
zd9Qh;wd+gM<Rk;e_v)+i2U2vn-j%}7tOwJdFGU=SI~l{oq)!Y|HaohR-le3)lg9Jl
zbtH2l5^fKMhj?Abf993TTyrRcoMi&bhR3MmRFm+6Hg#AciJ<Jq1Mj(6xL4ly&~0=4
zdeREW#)l-#@Ec=UeN??i#MB36YFhWz82_VU2iG3~>$nGUmN|Xc^bA?$;H8&dMxVyK
zJPnC4(`DB|lW|O<#FVMlWpHgxD?QKQ`A0VWlY6VbBbQcl>FF98Y;h3D7X4>V(rfJV
zMDBa2eIG8|jOmrlDw^ZFp4EA3-&{F0yK<UEhjQI2w_&3nQb2m?kFdD**)LYvcPCN4
zb$&dgq%F0F*3#!Xm)0r2GTAQPDJs-g6i5C=$-hlVYMeqlb+2_^KNQxZE2UNl(JoX~
z)p59eyzNZECT$Vg-aVSy(2zl{M7c57w}k>a#b%NMuf-C5UGL%#>{~1zsGijlbirF>
z&y&*Dr(AqCCG*@5U^@AOHj6o`(TEsbRJ9v?s+nJ!U0<hcBaA)Gqy?{@#0(~jqQQlG
z$$;(mM@8b6K#BcQZTV;x`H@3duyyW0npi6St?X&gFME5CY}4Ede?k36^Wj`s>FU0?
z$eaL!msPwhU`!q8bA&c+{dj!^wmIshCErAK3b44HCD?5zi^H7VfZ+$k*6smMvv~X^
zaRVeP*|+~68WTqIFx&LaC36D6As?>)h3)&ap_cQln86wh7bY+kZ+U|hn(^;wO|{{9
z--z*H1~#D@fHf{L?!G$RTgv-onZ>mCfM&!Ej63#dtiJmAtB|}A)bgj4EpXekGz046
zz3T}p)heO~jE}`+kAL{F)E$fG7P{ix#el|RC3fI*LY*-=SgpvX4>ZwAb@rd45epM%
zD!v+st8IF~a^4L&T^%drVX>o7gSebVX+AV<iABoOlU*WlE%+PAR;NBPvj|e``G*py
ze0~Y@9h1gg&O%;C{m3&p*;c|BZ65R}N)O~9`eUR};u8UP3Tx3Bn*%@=@3ZlZV_(dw
zlBHmP+xLtg^$YYz%Y}BTAg5Zpv91{B(sJ=?CX;-v#5>2Y`+k)6<5%4EKa#e@E%(G9
zr4Admcx{h%0!*YfT1{N)wT#;ChO9jC!>*^F$~mHIOE*TUV0}QOgP!$kA<QRql6v#>
z;noBiaIR|R+jhnwrHSXATjW>U$44J~YtO=74~a_f0p?C|`R?TQzpJ4mQCki$mzFE&
zER%SN2T0Nec)o{`$@gHv;g%O`;&uXP-{f6VulV*V)fbu)LpyX%zpGz!^$h}<u6C@g
z#8M8u#b(p|O-Ac)kAj^Fqdid@7@BM8E0?^hOm8e=pm|WxeWx=u<;6~JC8g>{wTK)g
ze8_uqyb~Ng{EpSP1$myOp=Ekee+6p^SiG)1T{}9_6H(;eknIVi+Z)1oTOExHTdbU3
zUg2W)8OQu=kkA?Ixh*}K-gbtM&Ny^(t#pO>dE;xVw>x7x`9q!&@XBQlkL5oLpYo$w
z#77Rd$I!=}idCC2_${dK-2;m7n6$W+0Ke7p-=|2*|4k^nL?tl^IYY(cNyNkU_laiL
z;cXJV_cdK5i1hHo?+;8&)1;g;f5!i4sWmdcV+{M%y1g-$A5Cc7z_StWj2ddPgpzO8
zK1&pnsCDmjzfNd8lMYzy%v1iFSpg1s+4h^<Yja7qQLyCenu{@SV9e(f|Fdyl;OeMk
zYVXN%WW1P!<bZnNbdT*?0Pp%mI6tuMc~*!|bMu9$$XO+ifaXRP(j^9Gdershwz%45
zJ?SK;@k>cSw|Pn%w%q+9z^BOq$)j7YDZUc=R(#K3in=%zCoz#Dr<xCpTS*%n0M0nJ
z`1g7y&4eFe7)$c~zr)ozQ5cR9P~nD{xHC!CQ)wfh<7{2q7D>s>7U2F-G2zd6!7R%R
zCk2!`&n0f(00Y?R>3w^M+OsaCL?)IA(*vJLcGV9wBgD`nsGd0JUW!4#TLj)*_cYam
zJSsb8k~pfjVR4A~afkMN?&daJzArh&1BuCKCiymclO69ca+}lEmkF3*Bv<p!#Z^IB
zqW?*;<}>V9ZlsP_uiBAR0dnsS>#L3HTT{Qih{}Sy9G`9MIKssX7dOmq7B<()s5D>?
z*E+9{Ykg<<!9Eo!&zyWiYo@<4%Q@<o`p-0Hu|~<uV!d#8X}B{b_U?^!2JG?6>7f-0
zp|2-+07<7!hZ2)ruXavw(GaahmA)i?5KzpWa_g%urf{jFckdi>MUIg-{|2x$Hw_&k
zA?3zgdW>=;HJntw9+F=wX2D56ph9>e0(hc^?=NQlS-$X;(<v|{>~%Yp`EQWOovaWV
zw0}VaLkpH5?r91bCTR-cZMUW|;jIMK;+BI6lpOdRZNA?rpy{{TZzo>4T*7jMp13`V
zs&QB=s<1j2V`^&LC6b!q%Md;wZKQBkt?GjYHwMh03_)CzY4A%NGUkQ9PfwKCq+h#i
zep<*FR#I*q(`P?ZRMRNAWqWCe>s_2YgkOah5u)+S(A+@&#SJL6#1iUG6)wjsTSr&*
zF)rR@Ulal$J^-pRu!E6nmYFo7oG=kXI&B|_0O%SQ7tf{hKi}DpIbDgxwRJ%w9(`se
z#x5)hfzJNBDrZV=<35qvhLQm-GRyg5y-WD9dCobNJ7uzdUTOH4;-2-4IWQr>?%P{)
z<p%LUyhOgCREw=)A4WpW82a9_8*xpVSK?lPbD1U?3G$f6NM(4ib1<aZ3A6OZg%Z$D
zO+zA3t<eMfM>OUG;)8QczqWR{fsPZe5Arl%;&Wq9k{W1`apnS7iECTt2D9?1UUCbr
zlnTn~>g%JJE~QN~+5-+Z#)gOpb&+91vP)+47Tug^wh1IsKEpv%gzj%JR$5c2@J*=~
zubvF)X|R)dW2d*7M=#H_@A`um&j)uj@-t_PsV-CP0t+s+p!x6mViqwOp)FOH-fw))
z9kPYf-r-EJLkK^egyuIZH7gmA>ai@QYc$%v1@X#dEU(n>S{Affowo8Si#maVRbsyR
zaD_GfnmRW_N)Na>GWVH+MXD~lLhe3WExUE&RLj_vM_87<BukR{ObEI;W-rj>Lf8WD
z=r;?S+W&&GsVn?0i?dP;>rzqC5UHrw@ACZ-zf_zGFm=q9o2Xdl4mSq;aXS%NXJmO8
zkSjQCce$*q!?~7!o)Qw|UIcG<`>%#rPgg+3jlMQA7)|iJmEfVK{x6AKk$|vQk-WC*
zQT9k_mCaBML4%ib>YAw6`{FDL!?r~?FLHgN2+&JV&m#Tw_;~X)J_t(12SfF1&-b;&
z89-Iq1TQ#<QfM8Ic_b{~h=XCyQ_F)B2UxVXD?|XaB=q3MvA8a%UsxJ`>@F=ePFz4t
z!D!hP%T$(cYHZLfMi;Fk$9Ps~7fh?^e>IhVVNsC=L;du!)AcORl(HS|Olr`Q-E$zq
z;eOAV5B?U`uV_{J3qA_HhX9E6%C8(LQ_K7p`a*ysKZ^yAV;i?6NCM<AidSe^c|5Hp
z73w)vTvlfadfB|);D{l_@%|9>P$ZKrWExxQ(x@cpZ75U{ZP0_5f=Q3V@>Wdi7mp@m
zTqe{YAiu+{6=)PamS&h#+Yf2p^3=8Tdr#>WJ?mju=!!tHf18M5Y~CA<qnf2YZSX_{
zV_O+gy{M;Uo94IAMp#&3rv6UdJO3q2)}UyzqwH7#@@JVw`Odgu3lP20q)$3hHnsKD
z6PoY%BW)0rEf=YwbuKTLHNSM~@bJ5u7*3jLM=j+r43)lBle-3~)mh_IQ8WSD7*<@=
zOh&Wfm}CRmJGZMs2gwJczrB?{nl0J5N<1{9PG9uh{bpfvm|P+70k^+MZxwjJ<l&YQ
zcCqUeeT`nEq$K0cHyQftI}(!y=Y)u&kFE-FJl~r3$)#2M&KOjyHL_d|Sql>E6^yzm
zSj5_+nMIA$wnf65hjRr(?0N{ngZ6x{W#u<*Ne8-qI(+@~UpYhJ=PiL~&00}BM{p&u
z*0XW)@%g#=s{SA7aXe8_sQ)A-t)X@#ZUNHK61S+qPvPPzkimSBbf$4}eU%?OqGlCC
zw>jPud$(4cCJ8;#G-lK9j+w!Aw>4FlipDlhDgb_IB?kZ|=RfDoljHY)v6uq&#TnN6
z8+%JnN^lO~Nn>fkZZ0(z-;|8UCL5ivhtLW>GjBG`GtZB=Me&W53mTD^$9TP;-KR%2
zYHMI)X<IVT`GS1)9kW%~ZLz=a47AQDooawlA&y79O_y6Dh4Eg6`|Z}9Vm;3}t}f=6
zJYBAQ9f&w+=Joa=#mglaZAjr_JXCf<`oU+Yw0AN~iYQ`c7h(KW`73Locaah|#`tdu
zMy(@iJ!E8d;-nbi*zEX4i4$#JNv_gpzJJEFFIQCn-tN<u<8=~}Nj%~Or{GEpH$>Za
z_@x<v?0Jx!cmAPA8Yhg7e0BF%qz;evz-zJ>0kZ1(nPKZl$0Owiq)u(GS~v1U<JX)P
zPF_nc0JzIYQq`jrXuAaGiEq~QWAbx)?UWCTzGkTgIM{YfI@orSaF+6vQkUY=sr=>Q
zy(n0pjo*&xu4kY)3@bbpjiUWiS^<1Fx<-)2=&{$$fy1I7T*ErqnCLXsVVQs9v8RF=
z$jM!5NdGQ1JHQpZ7Zqih1r``@tVxkQQK5HL$EO$$h{;(umE<tsS*{p=eN7*Hp7~g6
za;5iZsPj73Jz!TP4EJJ%Llw9G=^nw#dli|8|A6Ql<zIQ_Tv4Ar!3E%&#+xLXaL}f~
z@DGM=CDh-p<QH-q%@vcF7%I(&K`+{?huhq{P+GnCZIbrotd+4NpO<-bZ0pjxCiD`W
z$D{J9z@5;-b>+d^2P)O2O!$HX{936y&MKBfH)vn!lFn)ZPN&DnogX@oTg3cPqj`X+
zPR1KQk2CJ_f>v|?%+yh1@fS<+&NM@fo5n~1HLRhQmbh$LnZ{q#uq^da@^<ea_eh&@
zBg<F*MrL3v2s&GAP+G0?0!b-xzNCGYQ38z1U~4)vX|}1EvT_mPQk84X=INs6_eZcu
zjl^beqG4I*gux-Ak#UF!W_gQWWX$p>{qftd*n_pMvbhXy%9f$VBB1E6x5z}o#|<_#
z)kl!Vi#;4m%@EkAcL_hP$!l!IUV6f_g2iH{(K{<gEM{dT=8!1H6Z{WuqVG-HZQ*ef
z8K{Q4tbFr-U<0dg5V<<*!pUEq&M(c2QrX1ETn%>l>2QL7iisbizMuxPZC#~5q!nC)
zwrD+8>!*}M9N@O2>iiDER;!K%<X~#s;*5=DS97&f^UDh_D}k%JS1n+sC44Y%)j`<1
zfe<NSZUL@vJfrYyIoYAMP<_EIKd>)sKHpl6e;YEn2q#oBf!Cdz;EK0E?z@~ZIS6+q
zT)U3pzoeUTnfq9-?DRKb;Qu<WGnzUo&Dvc1PnCqd*2iq@2?tZ;31N8jBtY@JcochX
ziVp?35ud-lQWQx<cg@O-lgknzX_8|!th&_8#jA+By<BP`axi#3$MOHi*jvXnx&Hs-
z3L*#sq98~5h)O9aDIlSgf^<nvC8R+*H?UArWJ;HGP8vo`RHVCGfl&jd^r(HW4bM6H
zdF$`-`vV^`?%nrwy*i$+>%Iz=vlZH$?-47bDeC{&7pj?bk_`UQVQ$-hW!c0%VY<S<
zBBQIH+CKfA|H|9hB<h6I+d<;`!*O4imL#f}7rm>DOr-aZI{Nw*eVwDcisvNkHBf4`
zcdAbN{)oQGs%Uw?`CB^G!pA4=(s~4rsf905j_<01){el*<1E61s%^O8T!AWI;bz0s
z{5|jJ!d6n|x~{=sk)Yi>W8Pue@yv~%?T?x;4E9qyo>!eRG%-P!O~K@sTp)V8BJ@eH
zL9@`#9*T-Dm~)GR@Ak6)dWzfL=EJ%o>U17S&YK3-N`Fs;!jS71<x!TYGLs|h{hM`r
zL)>B}6L)bh%6gXY@?Kkh`%E`2BXjrFHvf;USh6pbS;YE3LQxhR1y$}c?cy-24Z0*@
zpZdd9YA&TFu-fMFq!;Wp!_mPVTwRV6pWk7)E+*$ycV|B!xaAcpA+<HAjM*Ev@__Mt
zBhjjK1y`sqlVFL%g>Y9T?uOZ(0u#v{vdmi1t5S`wi@i-!`SS?<>e`E6qt@TXgQ7`F
z$C1#sg)4Sj6q^?EB+cK4uPOdhJ~`0{fMg=@B~|r|>UJ?1^xuRk`U#C0rp7Y=jFA5A
zrtEW}*MRq(Wo8-9-%)UfudEG1RSP|LJx!bh%6c5Ewikm1Dtq&7Sw<0YrCh@4C80cg
z6fDQ#IOd#tVy-<k)(B_6#9=7F&fe!VTE7~-3vV77AGHy69R8BHGW&Uei#e>W=wtJ-
z5%z0hUDPvQR=<yEZl9M92O88ip+nNV|9NLz%4e}Ri_b)F+-2(7x@E(L*yEvwG7-1Z
zj3pf~klK=wF_S#9G3zi~F%G5U_+GjE{yi<0X%H>y#%lY?*@;pY79!9fqqZTr1=6m1
zh+I=Ut#l@jTti4-31W71_)9a_*ffT%UhMUDpvmK=N0OR|kMFjhEYTXC&&e!5#>QBd
zkPltAn8}g(u#kjtK81VMcisjch|b*0HYOeCFp%D_blsL5+q?h)NtgdZ6d}Iw+aGqg
zNH%iD-Hx~H1xa%)o90NiK$5jyaLUJLmFJH=TJOo@1}8W?Z&Q3b%j9w_ksUR5hdGiA
z-b3K{y`9JFx7V2Bq&9g|WgUw)W&K{LKxUeSlUeeDN%powGSkn#YJ<{U<EmhFha!`B
zKC4HYZ;#OR0=x&(j`QC(2>lI?uM`%#Pk0biU99jI1g%aaXf<ZlxO_0&aJbk<zgx3D
zCy?Y0vWw+5(pti8`*yiQ(FD6Y=fgCU0r$Did&}=g-6cK+1yQC>G%Pl1sYWghbhkZ_
z#icVc_LCL+p-EA*L+k7!T5cw|;lbFBdt#nKZpY~{q6hqx`IVop4*TwNgI%rhA`PJ$
zv|)BhqGJX1W2L!N6qpRpw`ma}+L>)m>NR&Wn>RQY_bMel?8FF_Wr@-{X>1M`{a}B$
zsA2A%TiTVjhI3o*?R%v+EflD^ZG$|>a^ZU592Yg)+5!8(y-s9F>gNzQbw^`VJDE|n
z<}Pxs?%D@m?QGbfNHp;K>k`Lv)d%<QGN0-z1{n!vpQ22>B7wlyqb;-!N=x{=Y~M!!
zXDb)5u0UBq#F+43#F#yJfs*^duo{HXZ)2{zG;ZE<g4}z3c?pUU4-M;E>xBBDKO6f(
zUqE+67b@jBpNtF+>CUuQ4JROdhqQLQGQO^y$?olmI)zU>Q6_U|Kps&D;A}|r%~v(#
zVJsq_p)*X0ef~uN3AXSC4~(Ssx7ss#K5v)gXERr0Zg`#4P&?Q1UoAP{28HlnDXs8<
zr*lV}3F)%3zQ4co{DxnFq4fN#CWmcnvNmCbd&s7V-5xJVkHvRlrI?IbHQ})$REkL<
zEQwix9?~COI5npF-S;T`RG;>Gw`)YKsFro5iJX3bWBNPh>KF-RE2+!}f_h%<JBO@e
z@s);3Dx*Hl()q@NY6z-7_0b^#0qEZwPoLg$r$$SIA9K!-UB(lWN_Wzo9Y7V-ax7Xq
zQ$5abN8uPY$9?O49rq3yg(_7J+-hNo5UT~zvQ<3N+D+l8&S2~lo=|yHJvV&9JqK0E
z&qZdqR{v5b<bQdWto_#e^jnC_7<-*4dAW;;!&zX3>z1<i*jqWFlCNz!^!E}RWW_<e
zRux%Ow&vUGzA!4!!!RO$7=3#rCX0VKbKQ3@%3lvr0x21SY%0WkHvX{E0}YMtJI<sm
zFg#?S_Sr9`K&ivja>YV>boJh0i%s({N^iZN89ZB}HIMqX2Ys|Bs3U_(iGh@`$nQp_
zxYlChwl+KNj@K<|x@SLi7(-TWviLbrs*oO~DZ>b<J6YJ+KddR|1I1j4Bp#hNunv_C
z-1UZtpIauS@1N2&yW5C|8gnGa+d8i(5ll1%<p~WCi6u}6d}(X5K-Au+VY{XwV5BPN
z-89|OdWJb<xavW<N$NYnjp}~J#CxPhmyF7UcNV#uMBGcJ&qoS~)p)Oq8V2eG@b7I{
z_cOSJDyCg998lL*;`Pt94p}{;(NC?U8pQ(p=mv`2OVkTc2Y8Q)z{L`jdX?pqu`g|(
zx^|Ah0$-mhlks$rxXzNmm=1Y_u6N9IUe({rFD>6$$70oJ3ktJYDKGGSO9p){!OhAM
zsjGOo*^ZKd$o`2i{G%J+Mql%pioJfl^Efm13k5_qJZJS(rH%QJdH#U4(h<IV?~iOo
zg#vH%d!^NN^e*;*mwYB<I>hqLmzFy$G5JjG-+o-Yv&nAtSv7i2(H}cp+LI>$nF>3`
zl#Yp0-uqZk7x4JmptW8@701Wb4ryIP?LX%GbZizOtT*0Nde>IBWE>UOD0T<xBx!>u
zUwuBIhGuHig=I2pw5JL5E}J7RNwI@hh>B?{*Y}fOdJLNovd&cO-6%;Cu%YQ6oR1&q
z%hfXoK0UKwJHEW%PnPNJ(3);~;UR6wkp@B}R}&}d@J`6mE|fK8lYIT5N7Zzo*5%}Q
z2dR%2KW;Se-V-}n^Z60>;fvbi=qObU>FlF$@{#n@ir@$SX4ry*W~4*y`>iBKfh37G
z*HX@ga29bpQ-c+)#h16+)zLx<c^p*{gm_@Lo43wo@IT)z%fU#5gn8tr<oOq!)Hano
z3MGO-rtbhl5Eh_v*=LMCLByw^s?L3(_m-r>HwnhO+WxwA6QI;kMc4Y)097!$I9w@}
zkrpA&l#+TE^QvATR+~#b)?KtQuPc(jv3lTWj6RA^61uqc!t%@e>oe0$r`&VKUvFf5
zJIvU))R~e><&9%51{m{P=h(MC3DhMCCF_o3$Wq(leny=jT4*3qh#2TMIrHM*?bY?1
z8oNs)&5mMChfJ<gNYjk(>T+B^Y;>M1KqRNktf5`>?&v`N_pCi78g@|xzsaOx`$FNX
z)sn+g8=%1R#SAyxmr-;dC8?O&AaXKad$xVK(7}*h(!FH)(~;R6$IV=tjo4*}#~+!b
z(wUo?#MeK3m^J1QZPnFIR8P9n;@5Ru+jF6X94Y<!?S|JK1O6U*Sk_|j(jrN-$}QVK
zn{6Av>o*WnVXTrvhkEXAR)+y}=zyu8xacL%3$@w3GK);TYbDz4>e{t#Ef<PCuxy*@
z)PCR3Ex7%qm-KG$`lLJ|I-EhuJhG>8m_?4t*Ve5(9sxy&Xr*0u-T~PH5G43JgJi&+
z%g25mm$lSe`9g~r9>kRNbTFlKaM=PB3-*$?`c;f2eHXHMpGp}qB+xLw`c%t|pD-AZ
zU7+7u*<GWb9S{0Tl^s;uXL~>g%?u*i{k_iL8M%JE`1lAGlR0q@QP`5H7EV?*kyB6v
zIhyB;4H!duh}G<@xh2)~*6NTp$M(sAb50XnnrkQQT!hN!q?C5naQ0izH63#7`}m{}
zB{kvdI_S~1dU2oxnf<(z{<KE_tfZfGpAK5G%u$G0tQW6!!|K_!fPXVhe_45uYNFp$
zSfCYT#ouyg5+lj9^Rlwym-uPaG-U(CRWVu2Q03T@`gO&kqR}&v8NSdlwHNvG0k0pW
zCQOpHAqypK*8cK{?@!cyuXoF~D2IhC?zQmSmBpCi<(Wh_b{XhJQRit3=43sa#b-81
zv8BgeHb$HUKEufsuSgz_%Z9t9y5ejRNbiM0t)gxDhj}ffUqNN&!v?tvMO7WkwF?zM
z>>kZFIFdW=f0kkN%}e%wluUVXAvRc@k_F<R<j<3pn`Y)3hJu#lM_3`Ruq3$_6i~yc
z2NHbR6GwR6t(^A0nirTLUEQv0l&aL3lfB;Cj@R72W?)d*oc=C_&Wk_GPHFMHis9z&
zIvRmYcKKG3bs#schhv9UM;X<9O-hcIY@huhF}22fG`SD{-WG}4qqB3_b?0xPUJXS&
zW&<&Zycf<7#2^x)jC-u;8Xg-+7Il-Uk+&(2vLvS6ZcB*Z%PjQ6pTkBNPQ+W_p>yS0
zV-H^UtdEy(4hdu*$uw81ueUh8l8X1g?*0k$=}8A~mW277#-{PVR*9VN)CN-zW5orC
zsL1Ir)QPDA9oBy6h*ZT)7L9%!lL>$Dmz^w<B@2s7qwBLRStUt0z2Oe%cb)};V8npV
zPv(N#_8L#s=hfoxy3<$w8Dap@rvU>YsT>l#A)Z@iPQ=!~d<5c7`j=PFz4BK)X8TDs
zN!l+Y<I>tKu`&0hQR{)1V=PqL^E2a%mHNoIia;Bi(K#&uk;fceUW?JM(3JabyX97D
z`^|doxuV8)TEttxvT~9xro!#!7B}tlHr_2NOTxp*hr6Rf>f74)Q4Gob5`lH|zI%~N
z!==UR)y-1I_XlSCxYf?Xv^5Xk8q;6_ug;kFgQjIB>Vr;Cx`?*|`e@{%j;P^?A&JeQ
z%p?kFbXm_sJ16J6N_VQ5`5*?Zpj_ecQR=VD)aD6JLSxWd(M`AnN>@{tB{yoCh@pp7
z8L5woz`=bFIina#)ZYjzo2Dji57Ox(3*hkZb_l9=l;zqty}5bhXIIr+N4K`^wCt-Q
z-pZI~JM=S4Nwh~9CP`1vZ+Mwm-~_ez@-bfDUZxawS?ymVdj;y~_ejY{Mr~WLwEJO`
zaq}Ws2FEW9q7GAX<Uqo#S*@ztGqvED%dJ8^gouc9U5OLM`FM}Dj5T{yasPBqo-6*e
z!aV++s5NY`G-58^Zqoz4d7+O_8M3u;&c_~S)@`3DBe3tmix5EZZ_KDNx0Q*N_qLq1
zkrc75e|L{_%*q^}m>i-$WI(efeglS`oG90Rn5|z~K~8F?;kDHm;r`;O`*O_3K-$W#
zu5H0c5~MO1Okm5@?s$h0W|%TZT)}Z;Yei4wq2-0+TJP=PY(Vxl2K76w;`XFyI4y0n
z?~41-BYqR)pn=i?$&OpcV2t46gtMPs?+W)lo@RoqF~uZaguP}Ky<vbAGc;5Xg3lQa
zRa?v55h09n{8P%1)gwS1mqPPw@>8x&sCn6A?XTPr=c_e;M7XB&Igmd^e@_WBF#1(k
zb1#e8GxmdF>NAG-E$-b}J?-xBZUg3bQZ}T%&`%G_T5iE1my;JCe_(1Ft}8RLRp9#)
zV;#4Oj?VInS>!WEoy+yW^e-gQh{oDwHkQ>*%VWp_6A&(v!|z@5_dIq7ABvrnS{%H+
z!HDb-;Z?g%N=7G4<|%>5zU`YDYn@iPkjwLJ3Ns8Z_;_Q@_U~=Ey*pXXQ;3us8?e8(
zC2RL$HWZ2m-U#GYmTO~&D2ErQoVMfN3Lr$@Xg$33CeVntF08TdL8^{6+&d%I<3a;9
zvvfB<c-`4tu#!N{H{Z0p>6FcW?G2ZnD?61u`&du27)x)c8IH@_6dTTTFaL|gv45dg
zhXRbLddc7&6FP2(EvlY5$Ly7tRbLyhh?F@X>ob2r#=|5rROdj(lgKCjFS_(8W9M4;
z-Zt%J+eK%R?*XP{x|z2VzFI!%e09z+_Q_8LY%poVSaJEr&`cYAV2J#J5&;AgFb$e^
zkvrcml4OH2gPOt%vmY^Va^*2A@c_bbkIewfwYfLgtZeZ)Hd~!<&m&S*C!l+yW|x*y
zva4?W!*K#%U-}VT&Z@R)2gIo=PCA?iQ5>!sM!bR=be+Y7!GW3cAc9uY51IPWrcSP;
zAXJM$OZ#s<lYG8>yl`Kox~}eP%XHR+`1zCU(lXHhGH3vy@C!J47;Ur!9{>P1jNEq$
z0`)k=z#d$tlnc_&ccv<-3*GCk-<YwnpDra;0f3PocwAYRlbunspv`279HMKfb6p&~
zQtZ+oO2A|>n$t)(i2f_PU?=A4{vz<=2e;ISYo`OS4JFwr`kz2U${NWE!KX9qN8Ah0
zT<VD>*QblmXURtX*Ly$Fh&lwycaCZ=h_^Tl+E0g%i~jWYe*rTG^tQTBh#cL~(>7Hz
zAsN;D#rXa=QDTKTTC7Aa-6w!cLTZ%be#%gOy+e?~mm9K`{YT-s$G90)8oFt~_W*HE
zXgKgoDM<bC!OEInJ}@;~ShzoNe#)G3@%hS%Tl(DfIO6py7eTPl@rC}s^7X&9j32@$
z%R~~Qp+*`kN4&mB09?P5G5z0&#Q$7hMnph|F{NCC)h)S;paBB<fl9P5aaXShlF|Gz
z@@I+q^#=4hUp~MG%9y}RSZ8gr6JdwvfLukHm-krx#GGGf6kvI_^X`+Cd@2VQ-3QcY
z%kIZIr-0B{%>bE+^CH*s`{Nhio(6uiAU`xzLoXQ6)D6{hmGHzS0!;-?t}FcVnE$kx
zaB~jO4LW>Gl6b`m51>lYFtLpLug?CmM_F$Y3y>FPmo`Ng32K|@-iuz5kdh4}<`s>%
zLFQlyjsO3E)$)^_4AbBjvLH01_*>5Z04&EJIt<<(`KQetJ`zi)C})g_^&STc<~|1G
z^L$sE@X25H@sorl$55UFNyQ~J8WU?BnMKqVpi&&kqw(Is$UkD<;jurU0-)d!?(dv!
zLRrE{cwPv2_=gH@-k+83XX400$-pa0LJRTpNzf{tjQZy-Azh9;5bfJ;z`igP6ch*p
z?%fyD<RWmylYnS(oah$(<8JH2>?tZYMxSyx{}n{VTW;kXfTrSv+t=sj@*2w;*xxZS
zW$UNkI50FXMF1@fQqOVz>23iRE+or3FNrhXF3Z-<)yptz2+Qybq{%29)06O<2@!`b
zMvHr|Wr>@Wziu|<&Kmt-FZPt3FexNhK-XN(U(wbV%!7!#v8h2$So{`Y@i6wD8-I9Q
zGCi5^Wdm&kkEP+hy{OidjEv87GND!u%Gc4LlVs!rq*K;l)m7+*xPiwC3xS@pWdyjU
z%Busd`kj=<2KmR$Y>yg<`MGr@N~w}d@`}H9Z4J{a0K+@%Iu1kUGElYeo)v|L2%+70
z#~QB?rF96Hpm<f)l^g$-s(%s>!e>^LB(rvxhZLWxmOG3wvBt1KAfZ~)p5Kxac95+l
zR$YSo^VKqHS8o`U-fhNIZ<3J_q~<)(j>>aY35q{k`TybwFipt!MTyI{ZTc|jQF)tL
zFpe=6+iW44oX1m46~h#wVcCqi;ZANr_;xxMxYgQr{OLd4s{W#e&vHC#yl;Ex?S2Y0
z_bpDih*o7@-cuuWab>n4iP;Yn7LwCQB=Qw7{^wPsiQDEm2CUMH7mt5ON8)F(FZ`31
zk&Y;6hJBo9gpD5nBLfiZ_=PJ=>tG_>KB!-#pTgpNMz#C#T_V963xVvjkVZ=VQT9#A
z+7qOvnwhU!y|f;BtB_XIF|65M<-Y7XTV^%Hs|8j%e?wOM@(qKSQyT53ui%J^bM6#i
z&+WjUQNO?PCpONXmYepB;JMTsfJ7Zjm;fVaWfCD8?OE#LX9#M~LC6Xytm26w+OLN9
zKs7tf$%4d^7nQg>%C$|SuH2|>G7Zonnh!ysG79}E!sLH2AKVWECXaK2zOa^?Te^{4
zWve25;7wGNr+$wwLF@y3flX}>6twu+1pF)n6w@lnS4o>^*MVh(MA4y%*Li}6nm(HN
z#gzX1rFssH>VKn=>{5Jl%K(EMtm`Q8i5K{Ru)Od%(I@vOalWaNJVy%j^&OZ+lb03G
z$2@vW^m1o`n+l_7u>Rw7Rka9f%}W_QCm_m8Y~B$Ft2Jja{3pi<50ia(6y67$&8)V3
z;yiEMT0(!IPr%6C5Fpx#->x#i?ijtJ>`+0Rv5BrVy~aV%@Sr8+hvri-a3r%R_nb?L
zzI^XdjD%axe0O?qc216HOO${Rv#8zWQ(S7oA|fJ|v+W70MdP?E`lC3FjN=6Q{0|>v
zYh}M5g_Cl^k8z9bQAIEjbhrMjM)P4bm>`PrTAhgvASI81?rq2P=NrX6CZ~<w+u4lE
zO!RKPXjGPW%Wc)f!>@7Fb1JkTvGzWGRR(V+;jwHtj%)Xb6$0}pJIhrad4{FkGA4p3
zZ0(NOdB>Nz?LgVfaiid%ks?TmRfN}Cmkc_Gdqv@Y7YAgQkE9+HPk)MJvOy$caG3Md
z!ERn11Aq_Q8zYA+SU;>i!DJuvYEO`S@P^;SrgmqHycG;Yo@9&cNQi<!D{&*Jy&UVI
zqIAA8Byt#7t`EC?5WjxkeJaT1DLW_Qc@NZ1KCVd}I$0LH)R1RT+-ebJ;sDB2mLpqJ
z-fdO*0CMFI$)>5RYj@xK2h0S@?56PLM<Wo|9%>OV&i_}nz=4cGLdh4eDss<$T}h!J
zil=9Q)^Tpwc2AP%fU!&d9>0E!<`>V+<uOa_c+CvJ3oE8xQ3_?UFf6q}XZ07D*w${<
z3w$a@?|nD%7_)GwL`xMIlWD^?t0w9foceV2<8Z69aUdy-gKcMGK?!N&QzBmm_4-KZ
zKy6#tSsAPG&05I?k$j!w3nCKgv;d@hEcX8Iq@d^mP$>(QG`i+h#!&}-?E;G@&i(vn
z1c^T3<^>I#!{`{H2eCfby;schKGThKsXVFpZ-Em7oXD+7l~yTse8ri|PRS$qFOO+s
zA-j{a>tRisr0lnKJAL+djaE&3Be^@6L4G6lg7UQWdEgkW8@ez4uRJC{Cj%7A1G85-
z1qH6!rp3>k=>V{lnxHiINzzYi>^H!6YncOlx7Vy!*AcL`ygP+w?}Z;fBlyX8HEu$9
z4C&@!%L|*6^ANdOpq;5^*$mI-M*#*#=j8CNwhDDb`|WIqT-B4jpo$#49e=ehUfS>T
z?u;013>fW+5qFvSD<AE<v3RD~d);PrGFYG=%xH~PTE6!`ygV8#P&>#X<=uO2rSaqP
zUu1ghu-)%>Y8#e%N5iifZyML!UVOa2x5KO&C*?YK*#*oQ7eAa*EOz?3>P|V|(i(lm
zY_VjVtL-E0K&bb|`tcTZueLZb^~l_4t|Z?NELWZ0Gt73ZE=7Kg7dK4xPBy4=55-Nf
z<L@90Be}|hO`ZNZ3qV~ok_%#qbYGfO477z;WSj}#j1#m764KlMe$;1k*=6aQMPQ!+
zS!NGJT4v&n&UTLJRM6b@3;@X+of_({ba*^#^J)9ty^o8feSN*XEW(%pgqX^ki^teL
z{E{dAkY!mqDtgd`^bG`KU38Gj14g_hNvGG)`?e7bsUBGWq#{sbUb~v$$hGuZ-ETpA
zX2}uN&bo>gfDHk)7j)m1oWSwBG_ZO^gWAKV4Qn~h=MbpZ3mgzkeMc1AZat)WqF`j#
zwEXC|aOhgnOe%ZLNC|Lb;}6m9K}%TjjQoCNQ%{C!u15$g`Ou=0^vc&ewE!9_A~xY0
z36t2^*~8-fy?{R050_Y<8p#ap%hivuA1R9gF96OS7w)c2yocj??=#^Caq;p4mx*-9
z;Nw9L+d9;YEYq=SX#;dq1**S2!Ue*%d^|?yx>DO3q&K4YZ{}GyJic{!HIU7_k!*Bt
zKODBp=JJtRY%6dbir^C{x4j9g)qL!_!#DUwXD7$B9uWBgAoAE_yLr=c34O$CN$hU&
znQNX-m-%+kfrcJ67`NNM3$VDM0h83+<oz0YVsD}leEZ{RPl<+vjFCIte}!DyDbvXI
zPF=dX?<89>klnO>rm;bAj<`o_nZ4t%W;NI7#?AyD>VnB%RSiCUX_TpzDaLoZm!~Jw
zk-cie+18_#4^eGb`#sdLw`GEyM?_*9E@fJ09{Rb@9R=OHJyK>r_MP&kt!qg)psc23
zj@MgOp0T#Ixvr044$}7Si-TVib8~WpVVfSXDB<XBU>ci^JxokAj1NzOW;LU6k71V~
zm!TVWsQ7^%X)~`9p2t65vzM|6Rk%XEijdg~m>;jH>f(O*Iy-G@V|mO>!hLZ%adk)7
z+ZVTjUXG4)tQ|7;TNgP-J?`t0i`(BsCG~PB!xZNE^oP#w(upLq)Q_zyR66K(IQn6X
zmfha^x-QLc_fx>|^`Q-HKCQdJpyvua`)#P8zzYI_o04xViS==M#bh{1Gi2)nW1F$$
z)3p@2z}6%@ZYknDLrHg*vFenOwze7c+hbTE=PQW2mvzu=2W+3p-Ecl-`8#SKLpuuZ
zt>s`(>op7g)Yqu58j+ut{2j8_H+vglT4UU~RZu1USDdn82bYn|;B4*}JEtc_8Qpq!
z4FeXMo0V5P@Vn}TJhcKfYg(zvCZHw@_XEUgR$tmd3*f8jga?v#r@8F?cUUDp0iW8+
zwA;8iUehAge{;SHTRURkvKBXy$Nn<>{)tjlbvAFL1ElgOeOEa5VRY8={b290aVVHf
z?DyZS6u7;+_&`PowYTJGEHGD^Gtl3gtvzOo;e+68CCPS%&o2BO`@0zMgn)+YVYF$@
z_F#aPJKYUQG^e&{gNIl+F)DJtq@jEmy@Q3l4`CJq@pbKNVz|=Vz19cPW(AcqhKwcK
zJ1BfuSMN|=T12_bRvilIU);~L4;FIDN8+!v-7zfm0dysjy&<vZ^DY@xEBWGDukytH
zMtSRGeehTrRQ_1TxDPg}6&&a=#=U@mt~;95nI~mu6!gP~nXL1>;;}vxtjj!*j;%v(
z->S{EO)(Yty$QSsYP(NhkEd|LFnDVl<M<9ULQ~4AfWIWVFv9)~f?qf50jK#Ed#zfI
z%;0A|swOm#zukxu)2N%@(5+Estb0tP-ei#X7<5J`sT9#>3%DqNUol(npX|qI_0-z-
z`V1oH6*_f=5C2cdbVBw^wQLs|+-KOo$kqttJc8Pm{lg-Mf0WFo4GE%#-|fKLJ)>oh
zxO^ujXO-05b!G61SsRF<+A^iro1SF)ExRO%>6?0`i$f<XVqlp3LbFHLn*|2lU@cSQ
zn9{Ouo3)$a%UenNYng>~Z-(j4M{fgD7kNh9Ic@0Oy~nI6xS=~zkC^wP?T*6N6)MC1
z7R?GH8tPVF*>^-=`RF?*$L`((1A5s|aAhyTJ5cG$^I=HL+RvL`88Al<EUgbf9G5F+
zPpKK(M#!w}D7C&iuM(6@ZbkCDfCdR_D?JQTo<CwQ3b>Xm4g<kUx(r!FRl4b7tBW1Z
zIh~AsqQ1A5DdW<kWoy3TQM<bIq`}G$Es3q}k;*KMEw>+;Df4?NXg7^e#O}|Cq1+nw
zcNt~GXr;E2NBYCL>w1&$yNnJ}LyV?(%=f>t@BjTq-)Rbg-{!NNX^k;pO=0P;y<6$%
zGcwXzV%@U{AMtBbV00_zL`qhPB<x)oqU2UuLfqbNE>F1wRXWD4<Q8Sni_t@{x6vfi
zEh}%|f82k3Aa=^OKTlL$8kZ*SJpJ4!jQxLuHxLD1(l~k8!tI_H4mr7e%aB+s>pXWv
znJ0O7ULE$?*k`HKL3vbWr`SVj1@^5j@OB^#tDV!ru~i^P0>@T0&hV<-!W`NWc_Va8
zOYs;tetUp67K9?PAa?F9NZRc<hFMV3e&F)NxyaucM1O5jsNDgFX;<H;^ozD2Mzx-(
zt!dH&hb6!)y7j*=*(`^r9)YJKTX+}Ta$TxCuntN*6J{B=V+^rWl->?tu#Fgxdad{A
zufP1IHvD668lOlM*fkPSU);5A@pKyeley6u1k<Q`lOV2jB0;6Kh<=>v8;9!e7gjgQ
zQDdwt#Yua;`Kay4q}^U_?i`N7NA)kd?aRk32RQes%H2Uo>em_iy#Ha$5gxEK*zOd2
z72SJ8%|<M4cwkvYM|U+8wezgfb!8f$COcw;8hpP8Zz6YVZ8HzS_HnbL?q*9p*I}z-
zFtZHxq_1K6ot}H!ZtiPyhLY5{3u2*L`n4-!irSC|e90`OC?;E#qOR$JhYD+)%Ch1)
zRfBI$%db248E|3=;qvE@GiD{vin<9W?u>cBdO<wJ;d%9^8NUDct8hUh9?U_XPa<Tj
ze<vH8>tAfU4l<9}3Rxa9xTM>H`Tmp))C%c_v7B(pUAp->oGXE30D(3H4q~}ts>4K`
z@b?L_Y<KMV5{dQ;<N&$q<5Z}d@rCQnz^IV3y~9X_v)VqcCm)Ud{Jm!n1eSdSH&xYz
zy=%gF(G%f?-<iP1zOl-GpgNmxUGut|nj62>AX9jKS=tf=I=~#^N?JI#rm*;Z_SPrI
zP8FR7$1f06_nlPzJJ$2bEPW=XnurneemoZMH*6K_cAhMc9lGVwL^CV?zY+DJ084(b
zVf1Q(mWl3Hl4kFUvg+y>4~9M>>cxtN7|X#%T{^g0fhE8qE!P+NW|H>jcPuAr{iu-(
z+DY4R)&$>#5tMn;{ndO&zZQGg)<^a$Sg6OC>kuB7gty)&<N=cUsehx^^Bv>BITo>m
z7)-!#UZrsMK=e_YHCVUncDi@F-YU%O?_dzAi<wpZt9AY>!0NZvZ1(r<yx>ZFhv_zr
z9yZdZl==3a)M2`~T}3Q;Hy5%OPIXtnu%xqp7HUDKlByIgI<fUxYz#j6LXmqX`3uPJ
z>|}SO3Rg?$ESXDDA68bM3f>q}Ik(T+XHuz9;~=v$)Dhd2+At^*S>9lZsC5U~Qh879
zfC<PXrr4Ky2k>8$CdGbd?C2;7Ie3^Bs3;jRj?N%Mc@V+h7Sah;UiK6{cd36-Mr{qY
z77+u23FLTIPL5zOBg$OVVbm(KPHIk(y(2-gA>^+sf*ZSjn|^&@?y*fuPgXb88{`yr
zY6%h+P>``iH?YH6Ra0_HBW1n?NRCMqWU42LLV&4g4PxLM_1ccO^-@q-*1%$aP6=<Z
zy^hIL6-zHsJerg%^+0hX+rRI#%WQkh=}U&aRNT3tOilUgQGH<#lKlFsH->ZhlRT=Y
zyoH>;$VMeW)0j1Y&qbMCP>nTr9oyR!z>i$p9CcAVd|x&7QW8j9s;W<s!5u5nr(Fh2
z*qu9MHb;wRz&k&LnWPG8sft5~!7Df_KP-iVBa37}BDHMzjpjRQ9UTH-P!$8Ry#p^+
zLY&7I+@vg;={;0s);i@J5>`Qk=z@N&ALB8$#V_REdPm>HukZ%s9S1QW`#;$-J%Uh%
zuuro77a<+Ic{am>Kx^%j1X?eG!?JAmHylwmM`_vOOZbFsHhm^`3cU8#2QaLe*)D|Q
z0)JK(S9`p;S$m=sM)5qR@KH&))J7I{b3Z#-3?L+!3`vESju&RcgsBJGX@J73h<pB!
z!8%E^#B!qgV8p1XXFNC9P%GK;nlbV)I?e$(bo41!FyFA$*?=$lqKv9if$Q$p!=75d
zohRC+wo3~zToikSY`Ns%{+$}jQe1b<=Ch-4H)HsIa~i^TEC}u4)QtH&OwZEARzEh&
zjz+Rdy2mrejAp1ZN43QWWiCZYt5wlqr6<G|8Lt6r2l-Bm`&~akBkkWJ2!C>(2>dlj
zpywHG7ZWOM7cOW70WTFm5?wyJ!X_rzAO2<CBvlsEovzXbqA8VBy4Dx36s5*pdsH3d
zU1I!b^>a$Gv#(#jo=FL0D@lFB?&uUttHtZTz3eeD`o$~M+Yh+1(dS>2@RPGMDdg-S
ztW%`Tjy3Dxm0Mc^_jgJkHn3ua$|s;zR5la7tE%gXJ*4>&zN>9mkeI5wa{|O?@={`r
zPpczr$4GK-lUk88_p!F=&T)F3M9BvZ7yWa)5^e1cZ9Zi*bxN&v12BovJ5s*2V&k5X
zas78}4R+EZIzgcPin_V{O0lI$1ekL*d(awvPkO7aYShX)G*1sd>NQKwByzJHB{<JF
zk#Qdf-W&?-kc@J+c)0X-7H$)UFCQ$NM>eRHFl!c!@D)^i7_~!{Ty`J5x+$@OV+ASv
zMT4SGgizTnb$Ac@OB?c^G9!H^p>Wr+`5K&-5qR6nB%bkdJ|TUJjg<wMvd4SLZsFv#
zZ1+(kx|X7LcO1b{NNm0m^BbUm(*}}j`^%dlCPH4J;N&U&?y0!pNXXuTpXEYtHvftJ
zI@<A=cixnfY|_4iVV0(G-*8!yT(_g|Ubr1?6~-cdUuH8eRFyAL8T$Arb<y%iW5{bQ
zSo-}Q`tYU=Oj;qvee%-_%dCX{T3t-P<!l)1@^GJ(CpbUu|ELpC8*2)Xx`SeJ3=cwO
z>PE(EqAJmWzK)LfS+Vu4Z-FxR`D><6y5LDS#VFvml=FlbpOE>HjS`AZ(-|kHgJfe#
zjLWSbJ-qt62S^c0zqv0&vy4qlnwXl`k#Xe2WmKLf;3~g<KqIo#fmS-`2Y?d}W0lyv
zK3xQ6Jd`3)46D4FxLMtBoLzcU3jggRN=Rn^dpMQ8fwJP4>O%vUqJA5DW{}h~Ym^Cs
zLmcMObvWXa4qDE6UaYVVsiezT&j!g+*YO-&rOWIn3@B}oNLqFEsP9**q;M%q(tsOO
zPGhH$<lMw*>0fJ&R^x=5(}ZZ~F@j3RYOO{#p@`pU4Eil%QHepOplGlv**aS3q6#L0
z2#L0_BIQMWef_xlV8%F5BIpE1)XNL_3(++O92&5v(P;WjyN#QUkm--mm_KoTVO%dv
z>{Z?%^eQzTOjqzGNVo~6DuxOYV5OiY<Dm_it+-jF#9?;0U?k*N)33`VmT|eo3HRFp
z6+1_vj1ao!^BxvGcR>J<EDLT*bws`Je`Vr_bc@q*xBC}SU*OZ#*N+9R&2p;A!ZP2a
z<44#iTL3y&vxd>T#Qg7f)xs4XVo31_@S;QIMG^55Feev-`OPv9O3umAM?i<c7ut-$
zQ8|c}Za_d#eSbl0_y9E`4<0Di6_#T7$0bJ`36dt%1%c&LLP}pHVk<aQL7(6c!b#kz
zY~*RMQ9)a7vH9SzW`ftL2aWH_XrHLE-?<=y3Z-)qqQmtm91r45im^AN$R$FvmXgrR
zdbth%ooyx-eP7xWdFvJl`i`N537?7Kl@+^@2=)WLp(e-?$361jXwkt!g-&yi`#ax#
zB6t{W>HAd6jljkj(4TU!WL0$gBO6{(0u48?<&JtiMAu9>QSS)ogq(l+<<>zMSoAmO
zPcsKi{{$WU$Gja_i%uP4ecA*ZR`%L9#GCNpc>p7<Ohd+f{!`;uL4Z&w9&!7*(a*S-
zew!4mG9UvyvC?{twDdQ9h66cjBsN4u(50$<eXkvwZTmIa+v{)e6ZsxW1vWhTobz`Q
zNBk@{oM@DHKvj6P@<cY_92Sj>K-h!Rxvc+4TYrM!vD}d}puQvk$%LFcpp7#q4vA-0
zn}_{M5h61WIQjqxm)Fru0y5xGz$7qf#-n>Gm_Mv7K<gAY(%%_j>Stpwn330d8SR#B
z(tgkpuO@WFHxG;anI?(<6ceV70as($+zNzeF+1Yafw=q)b|`mu@Q<?Bd6A$!Ee@&O
zL@KK4Ci8%ksn@GpOU~53FPW40054tc*2&IdBq2MMCFR!`pF4D4&EBswKHIzI?s_u8
zWc;t%#y*z4bp+l=M?eM0!8DYJQ~;U8oWFBifTNJTz`n7Ne%dxTw)D$%4tZ;~iTW%;
zR{3`YPJ$rQ`^gdx##7DTQ<ANWF^SP3Kn1KaNS@MgdmvXbGxFr{mN`nLbd4z4r9!Eh
z#t*bJsJqJlolEf30+VA1Zf&R_DNhF+$PG3g$roWm5LSh=K=y7*yt0H7APBGKZJ2_7
z!`l;@#CGGA93nn|7W68W&P@s*kU)!(+f^2494?-LSwp0m-V2jY{zPW;2Ktf3Z?)^B
ze)56O`M)O0_{7|3ddpLC_gqiXW_NgzBKHLHi|D}JjOu~`>^0)b8zW>>KyeghkDAX|
z9hAJCyPT>TENbG?t5u|sjH8T~)HQ2o8MLB7;9rYZdRVX8Q-~0=v!Aw2<PZlrN%|>`
zGEXJ|LI)tS1`0Hbv8p*?-iV`9mcVu0>@Bg~qYM^*RE9$&hXda2jMR(YAexOz{~}O$
zKAX%^!8Ayuc4Lg}AhSa|Wk^d!C%Qp5F!2BG_P}rea<|EIEbcoKVkD2CgBWS-c7aX~
zVKKrk0q?{{eMNFR(X+V;@c+);{!hCORLlgdr3G~NfZqk({zcQ9(+40{V~#~?F`U7W
zPgy7W0pk4h@2VLGcToRvhc|iDyuck7fp_#F1e=Lsc=?`V1@0}6D-LJFb<kG+ckMrI
z%3PnY4Ul={vum3^*gShyj40`!$v%ubG0O-^D$yf%7fT))|4v7UpRHUv;SQ?=tPh}T
z{$NRs_JugZ36&yv27!{b!jvY^+TmN`KRxo-WehP;RH2N4NyPwmE}F_8kf5`I@a?Gw
zmb1@qL?tEYy`=i1>!>CBuq?m`64h{xL|EJv3()u9BvbMN50uTOd{XmurX}_NFCWV4
z%+nVZlwB~7M(nOtw&q<D=qTW>JaCmSWeH5FOA#N^om+9~<`(>Ix0WELjg_*4duR|E
zCe4~RW8xwD^h92r;5xDKjM?K(JKJgGZoEiH$RFLBGw%<Qg0A_Ga@Ff7L<`U5m;?L=
z2T{D{0cU(mBc1=qnIb;IZ9u0#cE#|8zq7jlw=)qEaPuNqNZi)kBKDFiZpe{N{7<fq
zVp{Hpj2p;_vk%Z8fEdo5pz!&q>SU$n&H(ly9CZ87``{-m03Ze?ugRcAIN>f(drhKA
zk|om8>86?(l?hahS!w2v(jk88hjdgqIJ@blYsyx(?i(4ICJGq~9t@|vrvfbAo^{!)
z0!&8wP5*?{B|hrke_k>ZRfQPjUPz9Q3l1_SE}V%VBcj&?#e9IIIv6Sx5CmubnCo(P
zpDSi~ti+*b7!Hy}wnLW`3D$5)Dzpcjit<>5y!ES`$oYcnt3Pj_1443dGb$K#a0!F1
zQ42YgVmAyLfe%@+P(4tA^F-ncyaG~<aMz+Cc<@#dkRFI6RJroZT<8`(a^j|(Y!a52
zcO(7b(ZF9>({+R(>LBD%4ABU4Pj@;^PzqT^5}@g4EMh-5J>{1P&2i=?eoAsU^frJQ
zg!{~ZsC@<;2;&Z)<Vm#$nG(QcfB~ZeaM#X8K^FtV&Y5gui7|DRpSA){!XXGTHMfyX
zD6wW*73+M76HetmuleId9D;e#;{MOP)bn1p>eT4TuxDnJg<|r{Z(j<SzQ1HM{8Uz%
zBtgQ%{W=<q`@|$jmZ!VYkpCKfY7$i#>`U8p1bDUijA~#=vZAPGiI=7E5#-fDS~Fb0
z6{m@5BdGQv5;u~MN+Hg+7ubumM-#6-BsmSRcMlJT>MRcxXC^$!@3$K(%Kju`CH=GA
zm^S>!X4?WwSs=i7F#7hK5lD2X48MLj5XXXHg<1ktvnfLU5+4>RMdk!q7pSE7SaXqt
zQmieEjj$G4tbSGuo3{QXZr~95N4)Y<E+PR!Bj%X%kA^Z21(2`|CmTH)V2ll{kHip`
zfBxbZ(&pC;4CnK}DaEoJ+#njus{5q_J*@>63*uqpoJeAIPPXY7!J1LM{m+`w=K@cE
zf5`yQ*cC);T}xL9N!7nzvzw?qKRR3KPZtRol4m@Ko~oNynF!Z$5dBoEi`u0?AdZHY
z#3_lN5^$N($9L$sO~5_VM>b1X{<~>_FV&MV2tNq*)R{HhD*|{BEw^I~fI>RDG!u;r
z_jRIi()`aj1>6T<9pgMHm8uiZ0W?V*$@<`DsRj^Hpfbm}GiMvSh>WE;$3QSJ-dd-V
zE&_VlQ5q1W;6F6oOC7L2Ew;p;qoaU}l!Rry@GoL%X&JDHh|D{n!v8UKnmvsVx4wOy
z0Y?lGkwK|9dPxo+3DN^M>~g<EEyqy==-KER{|lPQns{q)wg5O5>HzB*tA9L@Xo=-d
z5(Ecs@FcRxV83+0)E2bh<J>Rh<mR@5>Qj$2B0HfI49u?<hVP}vNc$n@M=OhS$GcLM
z+Qd*e)nc2z<_tZPg`VfK0IS#rdO2g7MrC%Q0Ka54eLPVy`7$Aool?uD5VioEP_6XH
zV*W{*>(BqNuI_t8uO%m2S;22^NQgFs-H1%+lZ-?E({#x&aU(NA?V<%T{Y<qbuiHn9
zV1m5+a<a3pc#M9ZUElbg>_yQU=aG)vot44z?sUr0#(*x=gSOPk-lA!cy+s*Ef#jMA
zuyT}}j{IjAF8k((Rl;2}bkluG#f|w2!uN}suc!|e`;}mxzCJMDjInz&VNBY*3f|Dk
z8Qjv`+$u*aWd+?CnaBtoEw$BWcG`Vv-Iw!P+-oJxYbun%a&uW~X0D5KW&pMCHjI0C
z<0}aB8Ea{?uG;{*XuC{uA5p#qILEUtYX6fjPJTx;!D7jFN<6j)=;#%YR18wR>;~p7
zK#LBrtWAHX*kC{H7GoR@>#$hXc2w=!d1fnn`!a{I`_T1Vh=^xx#>`6t6x8JL9&Y%1
zm`C+T-^o)+uJwB>Q7B<ND6qx3cY)UBYXXLAwjD4nrV`Y_GZM(Tgf9_Tl`E5_S^;Fq
zi8=9lvJO~xlubvE!%wQYBJjh-_ut`!GZ64?f2G9ZgTqb|*GNxTW0Zn)Gi>Xt(rrwC
ze%m%RrfqhA0kP6o0&i(jlogL|AT)tvAp0vQZT=+ExD4>Lj3I&EoD^A?<J=vwB0Zo=
zn4l;mx4XXyyG+1aF^T5M`oubqQOe&aY|{XQ6Iv9``RVX<Ss`L12D1PB6gx*tkiiMn
z7-kbpQfCMu8eHv5^M$jEB#+kkcnD#e`P#nS`>2ZA-)jZ9sMdYIoz@<88GC@(ii6KR
zV;;A@pca3ZADI<s-SzgVxaT+jglFFAUW<iFX0z5gm@`6_v0!wWDYQUuxZ+{z5DJDG
zfzGEhwh>z5?t|d~yV4ZGE+Z`*E@Imst;C*B1rK498r~gB8k;QgUdZNZi{MlO9dnn~
z!9ug8#$_7NMa6|0lvv%%%L2<mip2PAEZzg!Xj{VOVquZ)wOsk2?HM)m{RUj<)-C{a
zv@+<oy5q{hNseXqj}3~<U)ZL$pSgTDS@Vq9=a4H>-fNd7OjC1p%guQbpfT6HioAA4
z5H3Uc1hCaOJLp!a&bFJhR=PZB+uNL&NVe*GxIF6RfG3okKRoRikW^f+T*%37?M(T2
z8wK5v5cm14qo)%KfKF$>x}C(*_tRz{fy-=nRfRU|dryUm8ON;iHjo}!;pk)`ZPthQ
zmEu5ga@v*6droZTYao03V;vg>VKg$mpCs(Y`@cw<jmZuy<$)T$6!?(@NFx@MxG{fg
zo6dssjaY!RC6^Exm;Nez1@tE~Z^umbi!6_nJCX*0uE|jH<c-xDtY3MZ3+M=mCE;2h
z5K6a9*D_gi^%0_w?e3c8%Bp2#%cygU&q=n-1X}4W+tpym?%6djsfXAaNYVALLn#ee
ziL}==7|&53<z~1BPU*tfag@3&j^eiw>@kFj=Nfhbk1zIMbJC(8VuuC$A89(XE`P<J
z@=?$k7wL7KyJQU4-e0_bgw#9v2pK(@km4@iQJSj?SEv*<Za=?xU6cN0#W_tn`u%mA
z`9cqOo9LK?`7_?A`i6w%f(38giG_Lhg#qkq<A*qgB1o=Y#5Mfq&!Nn1h8<?+Yjcxd
zKkluE1F`8x+$faU+uy+onm69%Yu{YxGs@9NEO)$Vn>k<QG47?bT(g;Yzo90<ydmA7
zct-D>p1`Lw6Mt=poi5y57y)X8-rr$=xl}gN&V~eVPK)j|j~crjF93#82Kb?+jc;E!
zhZ!lWNyyoK-x<4h)t|&j;4lc(^lFDp`JM?1TH_J4C0@@=4iiU9+4O2hNVtBSC;)}i
z7XQP0Xwd&Ev2dtbawott=N_V^VEev4@iHeGj~qUNUei+0P!mwMX`unXEIKvt9^p82
zm_qgt$qD~MN1D$b9@urhN@kH1DEK#`WfHBH^f&mcdAL6&fLSN_(YvI)<h;qRy80%U
zUi0b}{RPFL8K+{ZT0Ot(y#}2$qj0mfEr3=u|Mo>PI0cEX-AQjceZ}DEfC3d`GXk}D
zp=z-xc=6pwnzBXwzL+VS&*BwvG+aAxGtZkGTQL<Tik(e@y@9~?`W$k(N+wb(qf;(P
z&L()&W;HJ4$dRcE?3O~3bpo_^GVP5ki#mJXJh%pLXtYJtSUy?tk*~25$@Z-6T)W<a
z2PnVim%FBT??SidGt1)lzYicjJVZCYw&=^z)w*+so0>`Z`SXE=7kQ>5rM3fQI3S&6
zd-?*Fs)n1LDRLJfK6hJ^bQ;hRN{YkVeWxnS8eDdDl{3{6<j;8DszC%&GtVpycPO#@
zwR*E*+&Z(h8*V0gM`PS3OLsQcQOvX(=~|^Wy4m23Le%NGPeJ>U-*0<#Q4(u4-<KOT
z7A{5uP3(G9l!(B^>Ik!4b&{1A?q@u{ra&qX$}Faq=sEe&F-n~xEkV|r3=MjVH{(R@
z%>fkzyH48-TT!^ow3gn>3cpsAUoyPn-13}mv)-;M(d83eU`zW9Ti^T9)OCw6hM8KS
z`7sZRjm60>dg1tzaiMjK)1k}B*5lP)qT7!g)DyOE74F2c^`wc?NG@I;N^j!t?i}q9
zzF%Kt(Q;cSa8r4ZTVe`};)-{w4((0uI<m6T9J8Na)<re$jafob#pLUZ=;fVs=XePw
zKj1Fr99Bnvk)uOD<cL*+lb7){KbR#Fbb8pMK#;Ra`S<JZsdGZF531{FfR4=*Vf*3U
zpp)3@)iTi8J^N@12ts6mNfpz>ls63YK&ouzsBHrt(@5OhUrnkl%X{`juh4*uTy<f6
z1cg7um*+6}t`1(ME6h@Q0l(eQacwo^8h+Ph!&4A;GW(-|hRqlRCS{@+#&U-4?D`$(
zzBsU`jAJE#7xr;_G{bq^A@whT+Zg%Q?tK>+cjpoNJ-fvH7X^4=g~b-18C@}a>d7E3
zm15YE%Yj(W&C0>y_dWDa8E)Tfd!;TNW8=AAJ~B>_m0?@Nsr9X%G*dK|DWXZGd}183
zF#&@)>H`tvs@z>^IlD7F4s72D<rhfI%c1g7Z<TW$_!a+W7f@4S*CVb`NBY$>Naaza
zlLHJw;u}U&&$<~Ummm=u!%j%M0Qb&L@uw$u*@dl=eZkVo9QINt<2F<jd{j3_g<8G+
zMp*Y{IY^Hvb8_bn4ujr#BbC_xjNi^u`Nq@J)I5lJ07h7SFtS8SGYBC-$+3TT#qeIl
zP_b^tF#7FpP0_~r0lZSPb>^NB5)944@IFoQfu2{25X{>N+nXqX=hku%e_Z2}71&%|
zU{FG;<o4Mv0OPiSeCCO;rlD_*Jx|)|Qm2w#(k2NccN(MuXk%u&VbXsM3&){=ZzrAF
z1OoLnM9pqBV!oMnt{n#^N4DUkla$kA8^;qHk#ul3)kzip%1`bPGEHhmmIO74dGq<M
z)WCJwb*iKUNskDZcAgb~!b+!y9whO&=Xi$!e|AsrizgsS-pd@alXQ=Rb?MExA|!T6
z&~FujLp<y|ZZcQ%>I(PoFFE$JL09v|&`agPKAqOjt=3QGX{0=2c<ZxP@j<dQ`Vi9T
zE6FLr-R_%-4q5tlQPA=svxQRMrt^$Z@9>ksW_jhMl(zuB+--WdJ0y6*%%eN)mh<MA
zhr)v2Ow5D)xm;UgAAw_8$$5#Bu{zTZ0BAJEw!X%FrdYwMyELoHL%<N`hBT<E=(yx(
zcLvYSkOO+}4?bG&c%2iZF$_n=b8$leXw!N3dxMdXN)&(T{UUFD#Y}*78F@LdeP7Pi
zYGtlyQ7*aUh!z7}T||?qT?#we*h0&caGmonEAIWXj^o#Gdz<SQhOcXuJh!@TAmuGk
zyES<ee#lQ;0W#TTb<%C2H%$ImrwEpu=A!pkIS8f1Omu3xGMcyhou=G~o8Ofwu~WBh
zM0&IANCnc0PoMBX3<D6PeXXKIr>Kn%MX3Cjnu;rK3pzfIB~QzCD_7ek&w@1yWBkyd
zb6uV|$kZg;^XbJYRr(ii(WI~JM@|d*%5v}rT&NO_aQ-Ybj-S*VJymADaFQ)f)bSNg
zrd2)7^MxQq^ZA!f2fpVYH`I87U^_esKB!30f*O6?#6X9NC`k1b6>Jstlon206gy26
z&Ev=tCd%!%!Tcp3uIDZL+<Q6Ok>vOZeO6Oft}Mqt>lWE3^3aA@?<9vy=g%I^Or=4|
zX5T2ZO_=m7)0wW^9RI4Amu)tbHINv!yN;1)TsXs=VCp?@!S^o5V<S{-{6xZ~@N2uz
z7b|+y^gJuKCWFu7($6sFPviHoXZSQO-Ff%k`}o2Y6Z}@c5k56e&vpG1uSvP#0HR;m
z^V<m^o__K*&81Sj=d86HZ5eXh+8$7g<=@xJa|N(%Wzg)jdt=JwUGu|-Gr&dU5d}W^
zw-kidpX+^1I1*rY>ZXE*UVxt5NG^Bo1g8ns1e<Fr@%_`OB`S%;=)8s+Y?l6KfkB%s
zzZx;GY}Gi@B^CB@iKXqLpaME<y8Hl7KgA)YS4K4n>*qOP%pxovz<H%9hBAplu#BeD
zFZMPaFAYFoH6lQOCkzUQs$jx)gR&0D`3u?lh{T%mIj`c7@}j7d_Hp`&>J*<iJA101
zr>OuG+pv6>#pRQ?$XT5H<6WDxMYWoq`(STP!%teAfU9tPJ@m5^;CT5rNdXT1jk5XZ
zIkx6A$k?pY#2_R7h%v44>@n+hiVsl1M=PCG%dckIVn=R4sb4QB0{~zY!&Yzc`tE8+
zIK9tGQ)b@HWO8Bp9Li(7+p0<XuYK)4y#1^^bOP>HGYwFGym~HY8w^XVtZR%#i~;(j
zG{j1)XG3*Bu|Li9Gox|md985)f8@e|QxUo)DhjB?hi7|X@zoY`3Z5pp22!})N6yv_
z3UU#)H=P-tdT&%~L3h6^t)6}Vx?j?Gz-M_B=etAV|7?7JvA83I%T04`1sLY8f*033
zmW?YnhHcNb^<5rpixr8S`yNg|SkzT&D`q`VkT9lw7(zBJe|7%YzVj+<>+d4b@&fc|
zITj{ABL7I1{{&#}GI%#)yj#CP8E!kFr*tH>=gfn6O}jA{RPt^IEYYT4My4ZirA<sI
zv>X~iUW5vJbIB-ny%|w1P&g-r-o^y?^A8BVcwV+m66g`$(}`!2kd$Br@swUgdrM34
z{jo6*#+sXvNfX!GudUuTG9I{s$HE#;OX@<bG`oyyGG+EXmCv0kKdqc*U(ahsPV$h#
zsw5;*{SxJB;`6M<7fps}%qd7|2j*&@Wbp}jf>k334*yY5@Zav+??q57rq_p7!9Fz4
z(bA%YA?iBhL@lKuDIhOM^&F-pzbA9%Iu5*}^BsnTYglvLTpE*iwoA4{lTJ_0GFQpS
z)v(ezy&5+YccFS7&(PBREP3&%27mv{OOg#NE_u|ec^?Xb&K1zBYq<9%<s=&qKNOz|
zfem$53^NL_RF+>@%^NCCi~4?Uv1j)5saLxiT@M$!(~IMsJ{-Gn(NlBKe%;O&<c6Hw
z)f@7NN*11X7E>iXYC<U}fnpz|XjwtT5@V1_{Mr#%<)ywMT0hONO<YOv?^6vp+G6T}
zJUYN3kb2lEJmvFiGW+sAK+tC+K6(j--`{Dax>RbP2+`<&xyRd_<FP8WIcjEl<i(O#
zHYO1}R$VCt;iQ`L(9=HqHow;Q?cWFy<I-nw13q$jX<dIY30vL8=rP9{##xZ+wDzan
zFRQgnn|yedC!*}U7Oe%x7rJl3pT5hZ<y*YgKkvwEgee7H`zJOhlAj~ti1BL6S9*Ax
z{PT<tAJE;>sMM~=RddVh*Co8P7!P>FapCX)shH*0<1ELC8rB#Q9^^fpqY>Ze{h0UJ
z+VWocKwMxJa56>M+DqnKr)r0&Di_dxD@|P8DE!j6gI>Re`>_}h-iDa4Bel}sil~%E
zFqs<QjVg;Ygw5CP1+wykK*rXX)<S<To3c5bm63WAm-fA}z&N{TF1EoV#tp7ZUvQ`J
z?f+x#z2muV+yC*abtQ!)DMdvgM9Iibglw{B_NHVDkr6_&vS(EG-c+*pdfQa?&U%Zt
z@jG5`x~^RJ{kcE)_xt_**F(Hsuk$>Q`8=M-aUOflIrO5+-^)2_d}nh)zHL=Zu2b&7
z+Qv)<-8kWF9(7+J2h%$h)=o~PvLF`j^-&@w=#J33o8=Q2;(sQHgh7>tbG|Tvc)cq{
zxpIq&v|M(ElJC+3xSKZU=!r?jV!@dYaw((UboRF+tWyZxBFqWhwp^D?3swWU(LMaA
zR3+`tJsR^|8vHUbP8)`-JDNl?8kO?KA_BRqCI+<_Tdg1SB@1TVj(%nkMN^6iFL0ou
zhlHGN1pK*D6i?m-#L=7@?XCNXrdiD+XAgfT><L#a&D*rKs;TFf^1J7*jbu!JDa9Qs
zoWk+Y%4;;{mxXI*#8gE(k73ne5pi0J&G+@yu_2Bp{yEyFwW0p>^F3K3?1obx@Yw8@
zu33C_IjVf%0bSQB03Sd5P%)z9_38!&rf<@ZZ`RWhjnYwm+z6cLJ)h`l!BMUILMhqO
zJcoP<Cd7|b-DIqHA7soO@?{%nRl#lad0LD=O(e;6tvEjgU1Bw}mG-Qp7N;mw)!yr(
z%ZZ!abwlGE>#N-wO&l5PRZE+kNDE(N@zu_ExY`;{>$*4NZcFni-TT2)u;P_En97Q@
z{G}(HPwQDIsAE0sO7+S+cGfFxBVJ%(=xX<awT(wWjqZK4TD(9K<VjG`?eSG3_fY@>
zY165Hf6%RkM%lyQqtch>mNitU2-{FO((y7i2Ud0F+s78H##YJW+VGkC_$_5FJ1&i`
zi8)jY=wH2J9eUgA&`IHE&qSH6$s}V%^a&5^Qj;?Mwb96)yD$^&29ralmWuhEsC!Me
ziBC6*+>-h5eD_F#u6(us8bTiyMhR(#pwzsnn-`@&SG_gNg^XJoatPG6E)|bpWim$5
z({W*r&z3GXqv({n`(H{--&<>OK9i<>Tk~_nQZ1!_4}}w-9Wc0<>{oKylFh7!H9S4!
zP(SM1>J}EKPcdC|T)Ao3`7QwInWOkD(7imHlaTh4G!ZdZZ9MO~ZJnIjL=P6H=h?G;
zpy@Aj2soM*(q^R!EK$iYUgvURm-=8jYDj(jj=fjOW%v-%)|sNfNOxie{VrLk?hT1X
zXVa;=WgU5fnw%B}Wk%M3$F1I4!4Fy<6L;INL`Q||0gLaRZb{`u938JawBSqQ_-Buw
zhmKW$w-EoXr;h7M_k0{pLo}qwS!c}*dotq?mR_p4lUnM7xtn;L&htf4v*^jTmax!!
z>RJ6>IQ7wZzKU@(>E_pg0!mc`_=L#mhL)BBbrfW#+0l*L2aBUi)9dCXy>gp0qD^tG
z@Ly8qLOqe>7?V}GSNf=@uBSB{r@rn~0@vS)0SEGm776JlkLcprr5)pA?-KP~-nC}u
zz*m?tSp_AT?8g6t4NhBTf$&-h;NR+0DjA=B;LHKk*taSL^Q`n}h^nY;25#2s5nQ-k
zi*xb%tbGJ9`k0OFoyK|7-o&z-4cs2V!xT1kv-o6`qzj+4gPM^*+4tAtQ>TKs7qnNS
zX9m_cPc;=z#`}zF?9eLT;t=L5VjlT!r4_1X9Y9DqpQAlPhWR<-uhSYEzu2K2s%r86
zn7>1Ds41@%Jq$)3(W+6-A82vAzF<BhBdyH;CIx3sl0@}~`BZD%bMBSkMKM&KDofQV
zZ&Sg}iwf+-pCQJl2DmX-ANnGt$)Emk(b7+O*qU#uLX?D23A?@6rDZpJ=h7fz(aNMy
z8`)K>-D}y5SznC0TQ3XR4jBqXjFAMvL+BtZO5Q~Gn_GNyC#mA-A_o9B<pMNIT4Ve;
z=W`h~CnYH2O)H!n=Z;g6dVPhMINvG=E!hxqUHtZzwr<51+D9PuEP#=|ufKLh3HO&~
zKfQa2_@I+?FDGx5RyN8jb~a#)2pgUK(z9CTy%ZkkL@TQTTUcZF^%AHRhj;SUBkXzQ
zJ*Pb}qf<e(8XfVoPhj1C!}7ekockATKXyS{g>;i;D{)n|^9mgRcQF>LCsV1Z*gy-X
z{EN<27CC|2E18wEq~*mSNw~z*VM+J9*T`6=4bK}Xx%&X+v^7<-wB0Q-ngXEx9Nm00
zwVLZvumU<LP=cc_yn}^5S!}%r&DYHVhJIx96+b@VYG2ps#Mo4{3>gV`x9HmN&NF7i
z_AmXxKqM4acg(BRmL{0~xp8DXm`<VZRbBwm)AO_k^PpNnF6}=LMA<>N-0k|*PlLjJ
zx$MGzx4+|*3@t)4>Sf1`m4MzHpZJzSH!Y1W>s#vV#F3V%w6gCm75lA01(b42Dx(QA
zUoot19MQC+ZDjDRV95Sfu|4|oD^?g1R8OL28CMo+M9GZ%EZvYi3ZHlL5rPHGt_d$g
z<mpeY@Md*@ASb!>$LHfq?V^lAF=lI9>eU;sJwrF+=fFeEZj7r(ui1?SbB{v(B(H?v
zjYEx)G-HVE*ou27a5DQ&{v5iw)ydMb>U6_Yc`?+7Im5Wyx#1XfWNgIv(4vRqpFL#D
z)B*W+y6bLtJ{;bRw<xaCF(q=f_&`}{x8Hwd??o2D%^|P4ZE2_--b;~VB|?NB0GsRL
zQFW2$-L`a&i~%Hb{=knjh5(lgq`&*x2Vt$w*2Zdpg+CWlyEjh2p_{C-T!jnegjE)1
z6=fBZ$_?8q@y8N2bB`rQ3X6osmI8sb9*=E+2KL|EP@cbHdt-)UgiM9*(XKL%dy{jI
zp3aHRqatHdQ?Y{nWA*&4r;rKEHXJHmhA>TWVMOal{%mKOio(WrviX%w%T%Um$M=k6
zT$tHg0kgJuA1A)*?NKfQ5b1u2_1x^W4T{gt4jh^-9-xl4eZ4Z<drPLP@UgZp+td45
z3^LE~aDrYV##4fGPNzbpSg)wuGH&L4#paTmu&8Vzq!cOeCTfdDMw$g}6o18H^?4J>
zsuw5bOFZi&dACkqOF2)*8BM7l`PhS-RlAyvD*Ovsz*EO>{8dKcz~5$N)a4?rTV`ec
z4o<Ty)%U7Ts4y>4vvT*twd4nq?Drs%S3RGlRcyC7IppBkKg;82mamz<>hA9_UsUi#
zd4=>(OyjK`-G=gw>6CHun;bHx6sA6>^$s0;dnq<PI|*pCrKj`0@DTH{vy%AT-Iq&G
zQGX5Bz|V*^L5VY{W~s_bHQ(CNJ99cQhL&aT7vquWM7oM8AA7XAbE&u=X!YLJrhI?T
zo2Fi-oOE{K+tHUK29`zxg;`3;Y{RyBWK=N5<$6e3d`-W3g_@Y^3hrcIVKD=oY5t2y
zHoylcPodYmzie@Rb0ccvNL1)$N@odTIh^fX6>jOPd!2+1?4hdt*>7^)&rz+z>g}z=
z+BMtVZZbUW>Aa;Ty-Y+KB`Kk%{PgB&+mA=8`)_2B;;WYBCUiU};L+)3P%nJsqG~_&
zwypP?zmGzIx9k>%AhRTAqA_Hqz>RcmX>}RK7UV_u6mQj15;V9SbM{fSZ;X*0<=NR>
zP7|^KiK9@0MycdgnQoGUmKV0JwLKP2jPxi+t(LMF)|#&NbsF3J_<FheR(2NgmU+=z
ze|kvthY#mpekG5nbKf5oq1pBwGxoKlW)%o@Vp~&<R*z%MdPiMORS}ztK{}|5^v|Sa
zq!JPVbZf$|oD%8;#(ES`@%*8t4J}W>+pT#WWr=GOn1zZKL66qV-i@UfeMo*eXH!R)
z{5jLRJ6t}MhIy#dyrD7dh)l8s*^{T{?3+I*#lCopusVNsQy49ph|cMU+iGsjB*mB(
z<Y_<@60j<Z!Z~Ii?PR`MUSZdvch2Oqy)!uR{M7CHxuyX`J<smopSmN}{E08_{_lE^
zbL}s*g~`=IIK!y;2!ySdjvfQK;A3IwM-xp=v<Y3L1ep93o?O}tEp$RAyiu@7<&bSP
zXp4W#4f9epOec*PM<1syZEKTiu`srjs_JpYCUl#lLmO7|z26=svwVeDm-c-zImSu(
za|Bz5=?evC+L2Qk<?W;IU-W;FGv*xPK-#n#rh5!EWDj>3zc}n7MkFjJg|b$&pSs$P
zev$uLfgwZSmetfBTMHi#5#-vnxmti?Hu>D{_DT1j7onx9SgNO68s71{E-k<vX~llf
zxxKZQ^lrZ>ctb#D35i`t-uC89ydh!#Q^njkV*p@}tG=WxOV-*>65-NTmZyHr0${#R
z?zob5%FZh{?aTcOuxW&_X>p%oukG73_C4Q7Nfi;MJrY;iXiqcKbLRBvv>cM9$4L&@
z-+iTv1UFJm_4!+|8(w5c8mD<xij+?&?A<$ufyXr>5W1uSy)Jkg%1Gh@Zjal`914WL
zJOk{mMeb7pzbCqyvMA4S{hq&JyHtk{3F8?xjyq+3+E?)k($u$L&_O7z+=m_t(hY@5
zear*EAl^Pm_REiAG3xxG-+QuW<KX>NmRKnKUxIplMJijiLWNDXy==wWki$)Pv+IEd
z{iPc}-R`6#>&qjI<KDME#=Z5C32_BgI<R!yLcX3|3=7=X_2yrc<;_B{-Ak#5Md)a1
zM!vg8%DWUknP6y+r`<66X}l%Nw~>-jPMbB9wX74^mgH;CH&GYK{^WbK&ChS15t&OY
zx*Zx3I$6hb)gFdiYiEfax$29~gfHvQpR%7IjUKw_#5q(H9%|5^FHf+366f_Ft`@Iy
zvk=MrW#3$~#rGhHmj(7THnj^n@(+eydRp|BZ%=U}8Nx@zvhlH8>PJ7HrnW|+8n@s(
zA6zX`<kK2CD)qx&b!POv+Gu+!dx0E4bz&`++3hX`4I(u+M_8B8u}d@)lOJ2@|9&C-
z{i|ojPVAAc*&d~=?=v42;n_8j)?Y4-pE`xS@4{6GjsEN!FzF}w5YyuVQSV8t$-pcO
zE8C-I4f$0wR0<@bowx1m)&}nr3KZ)-4rNeFRLUuv&6?_{$TvPMgqwNb0L~~gfaj6q
z<fOZ3%I>kaND(6W&I73-Cd<^g3m=T%G$T9F134$MNS=L*q;<{Co*dq>MjZ5EpLDv^
zZy)HuqCgX3PE7dw8V~$3(eb7Tl4}i6vU$~yly4lK8j$@SuzwcV+gsaf8LCBh`>bx)
z_-XTfO1<Gr?TD=Ge_AbWJ#;CC0!8dTn7p?zj^O4Zy=tLUwf|0xSQyh)J)WbN|8N<&
z@(j3gBX?7NMVd$!eNqsC3Z;(MLnZEYPG4TZh*#`|>V|M0K3HZgH&&CbH~p?juRg@i
zF1G$anf8-k2538=J~*YenwPD9S}rA3Xesf2V42oaaB}@8VLMF?G7a|CIrASQuWLP4
zzdFs*WAa*9JvvpXOs1LZJfGe93Ts0iWQnHU*rF$OwkhvBC#|DMu|n}!kh~N=9m&QK
zmu#^=_=@QLc^o~F{n!)CJDErf6-N{_L(111pLaRqxOnZ%(>kovJuG^`7<-sfR9M^k
zsrL8PJd3@63V5q=QaB1keR}rx{#abt50Si1R}0N=7KSmygnaBp#_sLAPs2s_=Gq6b
z=}wb=$q!klJ+S9<>M$2y(W5Hd-dw{6UQh8sSakj2$-U>F*q``ai%bx?3O&ZB6bB6e
z`3&5%NL)ap0toFuER9aTlhoE1d}K2+PxYitk?XBSbHNmqw9PChN5zu+74RR2kBveG
zYc+!+R_mL=*bP(Jo~in4KX$h!Q4o<Pd%mLGMEx>Nvh}w|XRy0=MF>oaczQ^usD8iG
z^z{ibtiDMd<XjjKpf%HIv!@36lVKfs+vtA4g-QIOr%_j;#aMmzH-EhBho3f?np~Ut
ze^~_Vvcj+tPjalu&_Gw><qX20Th5O)4`9RCZ7NXEZ8eG<mEQcA-XUpDWL-aq-pQAF
zbY={Hw3g*pM>Lextmn?pnI8n)+-`Sn9-IzSg-R|Rm2q{puIN~3p0Rf@w4D5IE1%sd
zKDGz^#3>YNg%Jl?*#H_>942#dS1@7^0~%K#@aY5@ocIYVA0woq9(3*C>I_?u5!8d<
z^K>ZT-1#VeXJ^N(H~Z@R!O_2r-0n#U6YaU^k+-Sj^>fRd%5H9@5*@(;EZFZj8H&j1
zS|YQaUcVD*$z3_*r}fMSR%O$b5<+C(DSk?SubQOUYKIfVcd%G*sT%LR?rON4Emi2J
z#pH(Hmr{FX??wE|+(B|ku=qo&8THmv4LKEEALKQs-T$_4zoh;*1;EPQ3bxSqKnexd
zH7x;Oz?jDPu9U>Wk$a}Q-y4BEsKj!^AHH|PLBRL-Pxu{CgNL1jy+im2W7h?^33Laq
zj#`}zJ;#cbFT@vli{;N9?UJ1R$A<m>kURE!r-R`NI%XF&blj^C`{$Q<5R7zNX{rIN
z%F3!+_&<d9_eWk5My$mn+<Fnzi+XqW2B0q2rkqg0e)lEB#~b`@BmS`&f9YDg=$=Xa
zK{;w=&q!f}1*%-qh@kvg;G}0S0?KA@&v*SlZ3Z?Y-z|(GwD?#?_F2R{(nMg@)!=V+
z{p+p&SX5#tVn<3{v%h(ITKqqLL<@frzfb@dSJ3nFubGIiicQ6qa=!<dV)#~xIRC>!
zUa9Zxr=S>0R<TgEZ^DMz-Xgk@o<^8adUs<E;Cw-#hH9Gd0De%{014@9yV|r*+kd@7
zCvw*_FP({WD{cO1<-WTCFDT#<g2W9yX8CjasoF4o4{Kh27mvS=>)h4dRH+nX%yUyB
zyLXe0=1s8lM_K&cKa#?_Aj|*upzZmT_|^ZP#a<UBh5tSL^DedG|7Jt7zYm;RA|)7m
zsiAUqci9&~?7J1NBt*cjwlzz$|EFDjxhE}3Y~V^Pr1{ueHY1dzUfnGGwUa-P@I&1x
zi8sfTw__{8>3`ndleH)IYzr`pTrKn%XpP*l#^N<1yRWa_dUB;7eXE0R_ox5<oFFII
z4T7+S<)!Bm(@b3IqvN=Gy5Toh_uRl2unM^1|Gib9<KznJa5y4;9=i`$5Ne9}<S6rL
z2-=w~U1<NIKl_ZraV%a!9E7K{DmDLVxGpuR^c=w$y{hFKH&~g}8LXGj`pwJ#lGfj!
z0^%(EE7-=fGnD}ce|{;P1-|L#-ZvE@&zZl~9ua7YnVQ4PLp1*1N-)GHQhN|iffUru
zV;LBC4dXM!$*wNl+6ptpgw0?4wN?LaZFlsrMGQI`4D>K19yyZ3#2=!J_$&Bk9?*dF
z3}HbwIP8R|1PkP6x-ahJO|vBG`6|oAX&tF+XrSZgPELWtc4^Y{dpP3Zn{D4jyRJJI
z-gq`n{vXoOe;XtM>c6Z!namflYqG$)7+E@a!LNwx%`x!JQXk|p$j2Gl*>H4%pKb57
zgDcMN`}5^~&wsM^-rq6Z4My?^mY^n;O)v*lq5-VPrs1$57XO_(L>hlbHBv338>{Dg
z=3&y=eV8MpUrNjN!YmL1gHCK*15igWAoTqrP<{1IwwS)nzCSSA&7LO@j};3_<!etK
zw~L~-W6FuWl*lhyfZg9qq1XsL@8<6j`p0HYwgB&bh1`Qn@NnH*cP$h>!<}@!KH_(M
zP?EN*ym(&clk2*Y(Gk79t^al4qfpp`EweE5BS~|`s*h<9Hb}Mk+b%(nI*YO-DA8L|
zCVIW*zdBRdCl2vyDxs9*7z|+X7G%XZ4HYOEANBa>!?E1IFet3w!Nt`Z`(D^eg*`Ex
zbJ%?|18@EJz8Mr_qVtX2>Eut2bEG~OtH_p!Ro~jk$6GFsh*-^U{o@~J4V<t2A>c&&
zn6L`6LvGmUMb`hfGgmxj>$<e0+wi&X9`fNtkf3gy{Kq39L)#6yB3k9bagT={ceU_S
z4`4nHa&$)+t9e#zzi&CjzKTL2PGitRKBh{F*LQHAi5WfhE6f-@u0WsTnmyl4PgDDL
zF?QD-pOnEG|G|Cv$6mx<B=83xd#K>^{QX+JyI?4g+g?lYw7_ioSzo}hixLf`G{t6y
z-~b_P;BNjmDZu~sz*YqUUE-kSMqaL<CsP)Q*f0DnibO*nYW8L3Cxa?EvRCLraUhj#
zH)uVx??@22#8xY3NbBwF<dIm7<ud%<e>#;*G@e#EQwj_SV(_+YZ*P7Dfp-{wWvF+D
zmZeZ?ch&#pVI77$P+AG~CN7XHh8uC|Mgt{z?r)T;vc~}d&!Uy@X#aR)#99=Pzp3Mr
z@(kK!fT>0=_dzxQaKL()+7{7jH$|J<!h@-0C}Ga(5|8|8RQ%yBIi%|k58~7xI8>t=
zcI8>DDwSuH#D3Fo?BuTBK-<v}EpfP{Jg2}a6d?3)3VkO`-o{(@IYVLPtx?wpl`KUj
z7^ail(8M;Z%A|ds-J(-kNE9a0nHbl+JV%)z$Q>-zU|wG2f5Ey(Gk<n%xFs-}+kwhb
zy%=}!QKfG?)OJ(`5gwgdmka>}us1;9p1EkJivjq?5LhXZyie;~4(}ZU-N|1($-@lz
z-dI_>vw@h7shpD)NtS)X@<+xJ{5V7y%2t?iHtt13MK%5<87C`G?z;imBV*1xB`GlB
zaR`M545RKk6mLJU=ak^ohmDEOoy745+#|bOO6I-H?7LIO-P;tvKYHzcoaE0gU$@!L
zbTt+H+Yg;p(4H5^8*GLhLtE`myWTMb1SB-%(!~Cq)ZB}bOax!Q>eeiaoI)4}E(5#J
z$9K!V?vu@MU<_?5Fy`fceQ3s|X?F}Dn<2FtIeKZ0(cCFt7Gv=v0n2Yss0l_5+-l*X
z1pHc6Cg}lj5S`oyC@#$9(=ozil%!4I|J?7rZmM~Bto_vJQ=HL1U0|I+|5k*W|Cs_J
zT3Tmx@5IvQ<BVUflgN&Lqxw)u%$=S&t`0@)Cl$@U)<?RWXLXRA7u}<M4(nciIlNj^
z#8Ch(iHAU!j1<aSbH{^FSPyX=Yw5O+XgY8H+_~?LORR&A?6ugk>ORty=QgJ!DkV|q
za*p;zY~<xk+2bzHj_Jrqp^KNg6gqTkUtJzDL-7y><#?1go)?s2SPuQ;k6$m`b=ODt
z0-!?&33O|^K5An1vGy$TO6@-rXz@Qg0XhW}Hb&ni_=gNy4~mnrm|a1zYI?QoFSg6&
zS7G$;%jx@zgAXLPl4na6cw|bf$*w7+N2aQmiO8Nrs)@pUcvg<Jmpw%Q4HPI#VQGru
zR6r{D1-zR-4y{in_|ICG@_O0QXgpoK8o$++_$_VNcEqapNelN_YEE;0O_D?u?Lrw_
zui4B+=OLIQd3kxFC6v<7fDS<$q1T}v7zet3gp)P?7a3uohJPeUSsMTh>?^I60Jx~V
z-0I6V>JnLQS9O88h7u=(5)88lTucLj$E;g6VQBd$que_wX;Ky=8laD)<eCjC=l7d&
zMyyt!HxFm|E@W4gz2p@eNj!U&1wg5y6Z^Lh=L^+tgg$FWV>3zf8ZwyK2G@jLO*TU`
zxp=N{`uJxjsN}dDB{%41kzZuyK>RwDWHf!H#~@kM)sngV2-PP|dGa_2Z58In@&n~f
zFrq6>g^e9EYn|oYs|^e>SFWv<j^?L~+QzQg8ii`5wpl06wrU`}FfW^E-i0vzZAmD)
z+EV^tUJ?`JkuxCY*;HSL+AL*FsqX_xZaFYpr*0*t;VuEx$V9P9nEw;(K?i4((~x!l
z91^^=q4Cc#_2BkZ;bsDgI(ovT9k-qoRjiOPbQAMrG(e~xW<=>|G%Drj`Kns?j@@iH
zVs(;_ou<9ViweAsID$~_3j*)$g?+wnQW0D-w`IX#Wt1z-u+&C)H*!ECXYNP0OuJKf
zfjNm=53^i@Q__o-Eqyh`q0Z$)uTkEZ+M+5q-JN0Xj>o<I>FCAUub*tD^{xy$4{x=9
zvF$QMdTQvE3#FX4=Gb5`p_+~-nRRB(&RWIdQjfNO-L>RM3Z%I9zQB7HA@WOh-`ob4
z$y~nuT?}{l+^4h7o8K2;Uhm7J!w&*v;Qof}&spSBkFCFcJV5xEb;xd;%TyA$`MOZ-
zLpc<;qx;YM&s7uRgP^)Y_gI0T$#nHO{Y}wgxVLPPzVk`wbrmWEYUHq*7FJh}HtEUa
zqm@rJXjwj9Ps;={EgrDZ8L{p~P3}LNgJ7y>T*Pqe`#PYs7UGERt+6h4-Z{WzEMLd6
z(4WgL1vsg8{N2v{wcxz*a<xJ&_aaGWnqkMaC?Z8rq_G=03`-1D-ggf@ao%Yf$N&U4
z3uZI1v4-=ncmZVsuGGp3pk7f;n;5jACQhO1%4dbjGx{;Y*kA2FP24ll7zP7lm%K07
z>8K#xXnD7^zBpFR+Hr1|vzoMi6dY{DEIBNcQRnElEP5}7B_N2b<wJvAgzVQzzp~oP
znN=Qv51Z*G!$Yi!)HpW0bO9!1w(HW5Z<GT3EIY98OU<0-2&akSHc0C2DJWrvHD>5i
zk6@s5OGt*#F?oqH6`iLGU#4B97nR!G*@Kfw>&AQ|@F#8Jhd)y8K2H)$i+ehk*Ik!Y
zLvCzJe>1N5C>|-zu=7sYU^lN*+im3+Fz&Y(vEAghU!CZ1XSVNCN6|yIJAil)Zu08Z
zP-qlghrca|%VLWN9Uo%-{PPE4<tlT81n-vRRQuS$_t3y$BfROF?M(qxd0q;|;U_IO
zZs9Ko)MxJ<*ztN0hTsu@-XZIa_sN2FV2{onXwB3-G=)klQPa9)(OMA4h%Vh+I(&}P
zI(5OIEy<&!{HrSi`d-|mnA-QRa|OfK2(M}xyIQnFD}=v2fuGf7NV8C~Ku&eM$>(0U
zNC%2Y;<h@6<>X1bn|1PqWB!6Kq|O8L@FlkeFwEC;=JJOWcD5FdYoX;5%$}|+)-1I?
zCkVdnf2fEbLOz>n*N|Ulvl{~y-P=WY>_ls4@Ykbsa@G~3q?Vd61EdtnyF_?R1k(7k
ztKiZsH6;yD(#~1bT@CG-M@WUN0~XB3i61zuOlp>y@UH88AoRxcQ;-g=M?PuJ>Tls*
zi-g+tu(9hj-)d>ssvFW$vQV+3t~2*d3<qiN5*K(TEzMsw3bW;V^X;5B;~#SYjq5S-
z{mzD-nDjEVGNs~0eV7LN^*N#WGz`kC15SpyzcWz&JX+?qJ7)7OWYpD{j@R3#s+FKw
zNAqx(6NGqYh({pZspUHub|#3iG}B>p>`egW#XM1b+p{a%@r-{M_LUmu&~MlU0BQYV
zc83IK9hxfKm5Nvl8f2(Ib>D)l&~B(()KvvA!6Hi>HIweT<Dzxn0EF9{{UAv!03$Yf
zjIoL+2;tz{a~dm^Eet(rDO-ZJKfB~U2TfX2?k<6x+iRsyC>eVVI$sc1V~SylyPoNW
zGFoW`voO;n%5hJcCH~0RWchTNYD@RzSwNzFJ7MCa?D9c5lZA0%>Yf|Y!r{V2r507{
zts;kg7`(C!m#M;bDmMkZLusDJsvbOc^dF8!5t~OIuP22J$~C*{<HcQ1eFO2-m3ow2
zSYB(din(H0A4BovUCt?T!&LJTD3azF<F>FF<D|TZy<eGzp6hQhV^l4?L(V*;4lO8y
z^EH@2Gd`tCkr>PN`=~_kPrzh)_hv1#J4E2fm||R69=;mo`ci|>#yo-OU~<cK!P~r@
z-nR<|EPMh#y_1&g|Iw|ikQ<v?12+9*KHsGd*Cmi}Du|0q48A;{NiUHIp;t2cv^mr0
zT*tn?Zmn_;1r3e$xrQ;lj(7`Cf$2ptlk2=b7RqEfsYV!UuhIDyhZ#6<O+y)SFHnhV
zjA{i+M+~{GJH*-UnG_!$Yhb7l>oZd#QeP;crJ7M*RTs%i>+^ut62)%{7+$+2owf=8
zPzkO@0SrYTHPy@_lr1%A+8_0jir>`;T8hbt%U-=23%<T*^V4%rfp~pe)}QnevB`Ft
zqM@0#BY9q|_CkvTJr2K^<mjqY!nGlyl2&;?3L5hxCwq52*It@-Ckz{S0<KSWlo_Up
zg_R9W-9|#sR6=lU&yA#Zxs^j!q0Hu}0gt!xl3EH-_AQ&W|A-WnmRlH?s=KmbHf<2_
z>sq3d)E^gHCwovv@odqp_qd(*4Q{_i)3Wo;vzD~E82x0pd?x_7HPuWJk7|u86lXIg
zq2?R}%(NU&m?(G2pKB>|5D0bTNZ^EYlvN*JH)q{`VufkuJQ{H$57SqPQ{QIU<M}b4
z|5BjqQkZ`9we@u}`V*@k=6aVu;G8A)Wodi@+$^2;#5#F;U!8C~wFq_hk)^Q)6-iBV
zQ|qz`>#6qMGuLToUcp5!8<IKw;TdDh;%|O<8+0BM&pNETYRNPGF2Q6Q{vz#7D&zU}
z2Omt~I@4V~`3K058f}$BPgAzs9yu}9lSRYfac1Rs{f0$=$13XdoT({6I4=zPeyO&s
z-ksk)hQ}<%Rww=tT4+K8A+o&w3QGXD{|p3hmgpsoLOTDz=dl-#;w$~*M6lsla%?Jp
z+0{`N@_OBk;^bxIR}NBRt=ucDl>^cok#*FF045{4Q9sH`FVPlq57Szc)jxeC=oHd(
zjh%Ux8-e^Sk{mmmp?G8t`dMYF{Vz`NUg(wR<Y(u&kgwn(@p{-=Mf$ceFyp@vN%mQB
zuyoFhRU5Yio0S(yUg4s5&GtD}bNLkpsYR2VIa3ekPCjL@zSQ4K^2B<`P9J089lE&E
zu|u6vv2DY?P&o78-oSxF8=^oUxVKQjZLezRqi!W9$qvTR^o5C|*Cdp#y_MWaqLuG`
z2iij)6ZGnNM4?d(@}Dp;R+}a6mGcWFjne1o`RX=<dGTw?s|?V@7YpePwI0jbuyf2@
zvfjoKU2}1LH6rEEyHfaBuhZp*WBHzIeRfE-xIjnomBeertKKU_)Q!&7f+C1!*E{^$
z-XJWF1?h?2;OJ-KhI>cGxR%Y6>{Ox;?<xaA%sa%^VO_TIJTvBHZ0gJt7>}wbOM}n|
z%JevRtzK8yET~^yDzTi>Dm7Q>vEpJmoX2}FgD%pH&+gl2choJ(vL;KlR+t@4si)X1
zcB~%ZZS`qDoQrpUexbx!rOF`6q}wfamb#MlaQ^j!Z;68nP%33DPAhFfOFt_8Z~H)V
z>rnREP}AH-4Q=zZV}V3eae$Tk-`wj;?=PY1(@s-YLv8{ohOr5T!tP{NS*mH_k&u<i
zJEn5HHcY|&UW`r`d|LS3n>_17PK{aF>KSNGEE+@~uUFS#GwHbm>5gS|#^oxx3y?fw
z1L0;1olWtF##)Q0rJeL^S=SGbeYq`-yDzt+ao9s;9m(r)>U9@flWUND&Ax{PNVu_N
zU~&$fcg$>`-MkNNpNxO|O|w!v`l+|Ui%FOc+xNjzy!qU%^8Eg((?QASB};$@O^7#V
z|0QIV3##=-s6Wc2E!8BQ>w{vszPzAySjh25SeXG*c}^um(6n3m7A7vtF~EJA?vgkr
z4u_d8(-^xQA!h4xP%3+k^jwJDu#e${^kTMwbK{gR-TINSZ<Pyq<gG|Xu3lzeBH?8>
z0L^~KO@?xn1bNw%)g7(kcOGTU$@Xz*eZk3bvLI_CakpP9k5hEqjsiIqL1H<FT1FZN
z$JJ2Zg0$#HwPMwi88~)42N~LWtOjh1+9Po4?^BK(-j_4PzTAUE0QYG+Ed0$|7sans
zQyBYD{@gjE;$7l;FG8XIvnvU!$8ej9iXT_D!SzP)0QC+F;(lK7zY(YnUZA3^`|8r=
zrg+o)r&m`I3UvuWq1J2qMq$ob5zA%2VsMUoqj&Pb$b8Ky56Jbe(E2SHarHAd!DMys
z`fYEmsEM(fhUNN6H@nnV-L&=>>_!9fd-iD1D-vE$r%5~ErW{t|2>HyKlR=aQJ<mR}
z3dQESF2Qhhfzb0ml8+oeBk)-a<BusIKxmdfKF?=wq5FmKjeDlX8Wdinn^zdLwFv5%
zYL~qLQO(q}QIQ<iZ3v0D(W)TSEUrVTECmy^W8O+92#zO53c4vW(*7YC!&4?8_defh
zvh_0S_vapi<<qn_DyvuDp1JM~J`)jDmg#DL-fhKrwYH<%8^(b}8N+8B-)!AJ9ABk<
z-M;-=a^J1*?v;KIbQ|dpkG)a6jkD*`5cC%Qd1tqq!|LOr)Oa?QO5j3&66?}Lur5ud
z!0h_g#voO{X+abr<(b|`sOhT{lKRnhNtQFHL60hgH#X|W`DgDea--0(tuyiD>cA^H
z-Ly=N_dF`b*^iqUNYQrRy=vyrH)}4?b*tG#4I-m-1i0&8-)C4<;4g+iMUr_lB?*Q;
z*8|D!<oiCW=rb=uC*;1K3hEM_2R>ae#A{x-_ed?|sxCV(d6u9?z#^gs0qP3lTvO?o
zSJ+C<#)B;DERx8+x5cG%g;sS5=7VksIZ<^8(lKcAF`q486I!SeZwyB}@fE>sB-!2S
z4)wq#ohuuli>OW3klG%P2pd=Dt;H$3XUsISPP>U-;JqW;gHD$1pLWkiz3S@L7)}u=
zi}sD<fBB=d!_T^#k!EeCyE~nK3*Hxg6^8-sy&R^8u$ogi{s&g`vpZPk2Uypno$0uN
z%N2o2;&!*l>#H)3qOk{Zi61FQod~0oHr=H-yU?CkfCk6>G+KPIr>5~wO}Uz<yHcpH
ztISg)$%0a7PIePq;+@L1t`nd?h)|tj>}YmPm$4~uovFlTYT}I_<eT)$;B(L3cn=LS
z1~dv$qtH;wXwpk&-NPs7Yu{(zJC(Qt?KTFVOVfkiKS;ikORmqgxCVK3FkQy%HDX%X
zlWLxpqqPB4S7zu?W~IyD$9e;sE{4XYuJd~i5i7Mk;5Vz-uAW)y3e^bDyAz@8gqc?v
zy+6?f<Z&Q?(X0(RSLo*TmOe@*cSf)^g&;`)O>1xf(1M#MG}{r^r1h9N-1DMSZF=%7
z2@;Oq#lN+tEe`pQVjIcR_y@qw8*?M_EAWJCVzlQcfTFJ<1<n7VW9t(dnQLZc$qU&H
z4EbU%Ug|eLzNp_0GE!lL(Ac4+vv>%$<W%&4y=qwuW5p)Z%+)lE6W@A0okK0mO8($E
z<^ppN{2OmwlWz}wKi(Wgw{e2vt>8yS+GG_m)EVH4urfsc&ijIjLCkKkcOMPwTgAtz
z%Sb?|dKqiA%E4;U(R62MXl$$$Ri!TUGc$O=6c18@uRDs2Y#CoE{a@yOyI;1Y7-L?#
z=rLe3{6b3!$wR*zPUw~z+`Y$ZdRNf=x~cdk1PKwj#@)^G30j{J4)I3QVzW=^L>_f?
zZ0SU_L*FWo+y%ejP9GQ!();~b11t?<l-B?W3rd`4GfQ0@XCTLCdtHZ6t*j3AB5epG
z09>5sTlGG5fy0JJLxO$mv;&xYpcdO=sl``t)e_dzOXe8}@%xswP=OjZ*1m^suf0yA
z4v9@Y2MAV5(Zp*0_q=%^_4kjLuO^!H!ERd}bKl-FFNj}7Nb4gt{-L27(O>20Xb&Sd
zA*Scdl0g7S%8~$qL4Jnl8O8u7s>oFU^UC7U%d(Y|1Ix{M(rnDCYh`Qrj3F%&-w&@8
zy}Qpn-Vt>&s6#wxV_$;glDX$QhM0_iix$!l>Vzc1J=Rz#V)YUhVd`6hJgxV>Jzlah
zAir9-WlP^^m3m&hp`P3J9^ibcRIBnu98R$h@@dNS(4{J;V~g(9_a^HmQ(G=n$WRx2
zXiCU#4#S-VH|I3sO;!%z;W@%=jJ`@RD3Q?6ShvBll9!H2HQe4@k0-ZZY+jxy`}zI2
zV2@K@^vn*Cq!h|xIxYFKd<2WJ9%dpcWmERb5DeKKOAM6AC+`QQHneo~5|DEV1ikg<
zE*NM}7O0&S)&yb+l$&ZpVrSQe<QTuVB#8$~HaUxj&uT50+xxe-V!{Ehm`5gb2aqVQ
zL?<@j0S+WaBpv_WS1L~WD)W@+Z9ukIjhQm?F${c4w^qyFo6>5Om-^x$;ivvgS8020
zmvg$HY3tj=u<)yLv<d;$oU9=bcqrdgq?9&*1iW}Sxuq$dqBx0|4%at%xu5BYo(tSK
zQ*&Xs-}d%J&3H4}>~$ilQVIkT7#x>0Ly9qJi?O>@pudVS^VlO&kV2=$rB+Hw-Jr7(
zd>(>@EAANVR>yAt&g{+poSeSO4r6Mx)a$aQrCJ7{`=)Ohm4@l^NRQ^`%+fFMpl)ht
zxJ9&m>#F_MxMIG=mLh;Nro!^XN@p0=>0x3=UMje%lqUHD0_R@AHV#m|y3SVwXarTF
zvwtneVp|XdsWc$65uNX(6Wn4|ORP;PPitH}_JGVWeSU`NfFw6dy+=5DY2;YFvS29p
zZHSRf9_MkJ^l*>csJW;eywsI%q#LSk@0H6PpEerYkYk0}nLKrTV;I4D34{Q-ASj1^
z+*#%J?dA9axuA<&wwdp!nXj!O<*%VPtrYv>pG#~=-GwmdiS|>2BUn%D=7ue#uI($N
zCeqS4%$$cLzSW~v(!B-dm0TVyvB@DM0NlDnn3xo`9;~1qz>m-V#Vui|$#y*bM%+q<
z_vnlVZrVg-pgH$ztLqNVFo7hdaXq6Rtm`DN$;?devWSCNrKJD4<zcP$;*NfS2!pQT
zVD9pVpIn6xd$s4v(LKnR8u8;qrJqkzuj{KpaGq*EGW~M~8Z7q^ghsC^TyS>YU`EPi
zFeW$JusR2`Sfix;vE^!aKCH-8zyRt_za#;|j8}9>NQ{sYyNn-Fgod#M`BI;{obhCA
zDS-@$jqCA|e1hiSzTzPa8R)3vuhLYDk2UI|Wldcs(Riv^DMzivA4)B?Fa(9NI`}Sz
zVJA%5yV%J0vf=r~eWUJq@)^_3Q6+`my(6&NLM7$cBol~<=vlwzbUi1{7%i-|pdjL7
zr}l6W+>f2H3nSPW2VYS-VbFDFjoKNmo0<$w1P%zZ7NVp}9f(sF>tCI2$#={kLwKD~
z=QTQP!6zk=Hr8LQ1Z9)gIW0U5_F~9(UnNZ&s(~mdSG^Xp>_7;UlLXG;n_vJ~E!eu5
zc=T7MwW|<V$^#GuD<gK94zVw>Jf_dT@t8h~0OI$AvSepFP5j+_bo}LXt2qc2oz;gN
zZDhVY45SiIgl^jQ)LwOT&&rfWztt<sBRx29!`@iyiK}E-#_V5VAGUQ`mFlprt`g{F
zlkj`|-2_JJH3*<ewvL`3@VNBs@1^aX&Ec^|KdYVX0#R_ml!Ca&kI!w?(K2-djN#oB
z{@(a90hxVhV+0$cOo;D~lXs->TNK-g_RD%1_WVhLI7e+>H;rF(1?Csc9{sEb+1H-8
z9nQ@C=#F7ZBP??zA5=!)x)gvD29WkZphbwn#bVl|Dus{YUS8bc4P(+3X?%)r_Mi3>
z`d}kg16hdAFp$6kRHZs`u^W(u7@sWB<Q;?jx#S9=P9z$RH31ujuUE=aYSo`FBn;6L
zP&{d~7h8Zl(nUKHz-8Dz`jFHmI2AE<r1mHFS0vdb5Xq6?vuk(=EysFCbO)n=qBO!U
zu-9RD0$E|~M#$f!H0)ufQi@hsctLfL!S_#WN&atzvGCfXJuS+}6O5tP$>wgKT;d32
z5W<oME|p>*Xdn51@xZtY@_JgDi7;o||E1Dy>uT}Mn>gFBBPr85(24I-3P^5__r;O@
zf{Xt<9qJd)viVy|U=p^NNr<TRJBEF<4TQuyo-7s(D6jmsVg*m?V4}v!T2hx%i?Ku~
z!e{q3o`1@_(4U%jsB+)C{y1zAut%{AA^gD=WEJ|VyU13l9m^2;Mu`o%I{s#c0`r~o
zpA6m$sJJ8zC5lY`JR_MR3*FuyHGe8)K6DCEb^-S5zH(O4{oNz&orn{wof#;-WJrue
zc9~eUoHqZP+=WBuV$@|UytRR6vc^2R3hWl05f41K3jCR89T^{S-sxKaI0pckAe4(}
zD^k^n-Z-B42YssN%r73qi?h;2nUC0wY0Qr+P@5u(aFPPc(ok#sjio^)RpG?{UcSu!
zO^NXErB`wXH+Dq9#?%>|zp+OYM9MN)n?-_UsL;_wNM9PYVo>+aJ%$)9ES-yQmE$*Z
zO4KuZ+U`_oQCiv5huyOH4$e~-4>O71=@uI*)J#ZK&%tdO6{}3zPp*3yu~&(o1+s;-
zHr|*iy6^2b<jnG~VZS=+za^dlpR^L@H>{`&bpDCeQ56KgGuvuh34%wgthg%w?o9qx
zlifuc?3L1^JuN)_DC}%$jyitQBtRCbge3)3QU1Nq{ipnwd|krYCm3n)kMbp`v3mU8
zH=TUJ2LO(*G&7|qIB3eKc$t65%wJCfNvcJNWmwYiZD9N^&fp%x{_jZy1M;N}$r?22
zZ&9pycXrqA{$oYElE@_TueF>TbP3PiU)cSlSgaA4{BIezD@e}>$}Ki>=(zVD{g@Te
zPV1?aiwOOA?FH#RTF76{Vt12qumy=@_2T`Jg?3E@8cInJcYk^7j)&cZA4qL?OP8rA
z3g~^a=dJeJ$KN;R*&Qesj)(G7)3EVwL^d_(OPuM&(nA~7WZ`Ce<Y`wC1ASFgZ(JBC
zvq=hjW_#a5_T>AIgJD<%I4ZW(I3<B~C)*(ZTagm30zC=BPO1nyawJSoY`1Ipj{_*F
zanfIku}{}`pX_4#`c4>O(D}LSiE-bGv}@yWFJnu^)pM9hVY@%F-p7J>xBd=L{>>w>
zUq6LaiYQNuL3=z_<3i)Q21xB2Qa!Wd>4D7q|0YekRZ}YbK=6F2p|MM)b-9ief<JWs
z;>GPhw!c5}Z`yS-c|F+@XINJd+elpG(99ke{UajWR;MK~-=KxV!Smh8{~(zMFC#1n
zfZZ==h||)mn(?cT#9gRm@gT&?!VT;vef@9cGSYSFjCCq}iO-8&v3xj#JRmJ5Ecz7i
zgQL}@j_(U4_v^~xUmaNKaiyPaX=1dMNKQB6hO_SiDX}N8_WJH`VbuR%NOtMq(ECHD
za7LsAe?8>N{}!U`|Bk=xip!-v@$OFPewcHg!p<(+Vob!ayS!}7C-%Y@U5{ObLEtqC
zVAK9rEOqD+vhs~JX*(xvH#RNTp04Jw+s>01O7n|~tAzk|+NYap<G`>8C%-%WAC8X+
z8?G4f*>z2KSy-1?<J6z4D7~?}9&#`V-3=`(`k;En&YcARlQ_Y8!w@N8fa)X#(AD)A
z==aFf-;vY%{+6jA6imU)IhOxq3ZM%KOu==im@tIyma9EuBkLM`im{gHBjVHT*Tc5K
z`H8LhZy-N(i@MV>xOT#U1pL##9_8CBHx^2Y-lkqgPwlo=)u>`t#^WVSLkP$V#rlAb
zOBkfBar(k8?Ry0=S{>%stbIYNOXT)`DgdN2Y7uXXf3Y_%*`m;HWvLxwv%(_z-pS-O
zZhfdoNlt$+ss5SMLFszU*siAoI9Kjm>URaUKlQU06xfHH^n6B5qd)Dbd7(q+AFdy<
zN3TW>GjW?E8ntUQQX}aj*nB)n&0>bz@VOyL+B|;;8%X}!^iXHRQ&X|1jqzW6(H*5r
zucqt{ffoYr`lJgRn2vGP5pe}IeC~e1gQPFD*#47uA%9yB2ykjw2r4rz5;XqJ`XL8e
z{&TkrrJ7S|3HoXf@UqP5<o_>^R7pSE!mng=%uel0x!?*R2=E;=7AMG~|J#2<|74Q$
zS&!iJTUhS#KJg4Xaxg5K?Jt@ouu9!Z8IEgQ-asOJB-@5I#XN@p^Jk&xs`pxMis+v@
zOj06&;02_u<Ik=y`{K>8ZOyatW-AB*_%8>A{ioC!93A_iU3cEA%7XnYvfa-r*!?V~
z|I^O`T*Z!N=ExTqe*Vo^;3A?MIx$%IpkW_;@ZZYE*ErQP<s7@)Znj&{*4-E7itXGu
zLC3ZcOzHxt+WoE%oV9?sT=gN@iB!HCNlbcBmEaS;uF{AaYUBKDm#lT_W3u3=tfb^3
z{@7H<g?eS@Clex~=Axf@{PxZW7Qhw6X?eP?lApayLujw%h6J%cay)}I9i}@7_AC-i
zTVpZ~C?T-Xk1PQZr@FBP^$DWvdcLD%CQU7STwN9MPxJCPH{?|g2v~<*c{O#>!|5F|
zwkh&)b(qXs3tc<74p&SzIc$42%}n9F%sse8G3<JQK^uiqzR8q)%Y7Rcs3r>K4?8&^
zt%Z}^F+mqx8W>9MhO-z`aX9gN3>Zo_yFV6BB6(|SZdh@&E|;adp}LsdqO7S1#j~?o
z`0$ftwpJCcK2Zbdg5uT~W}=kqU{g;>^<|XRX`0lNXGO<(h+XIZ9CA0E!UWMoW~0mK
zjJL#BIE00YU?84or3ap=9E?7?$ML}u^^LS9bJMADrPO7&)0YsN!iGW;=o=kLed{=G
zBnip6T?uosL{6$hZU;4ezhJ8^Atn&Y0yQit@k>G19*j;U3soV!RB0iy>j>Lz9BxxZ
z$iu`zhO<}hKg$w1b+)Pjy4-hetnkB~k;`LWpZlnPT>s{|Fa{;&MSXLt5*Qn70ZhAo
z3*_p)Qp|k63ODuOk&U&BI?)fhbYQv_)M5#eN;X=%ZEDE)6GejSmw<-TaGa4#9}{tW
zB>cqB_WXj};paMi;WN70Y6L|?<Eq9QOx@Z_BV;KRPj@UvaEGwF6m<S{L6rQJCoz52
z_Q9Oj2Sdswy=3T&hfA_i!vY!4ErU2GA|)((G(CGiq!&-uTgpzQR<ihMu5Z2BwQ)#$
zUMS(^jHqGi-6>7K)liD(s3~Y1e1AfjDp8}N9Ltft1{~Qp-+r-~p=l)WrnY(zTr+#7
zp_{Dw!{Jl-ckVE4Rkr&7EF6)zL0+%l!;b)rT-!er0!*SzW(SIVdRqdI5vjk1T8Y3?
zsjuprS0@_Wp4BkdN;-1xycT81ql&Qyrflh93r*F)Z&H2eY7F_64nNbf)EWC86o%Lm
zLsUjSvWViyx8A`k)^KuopWD(kEatQ$V@RFYe&E+EfaHo8&0YyNeyW<wQ5V#@r8!K4
z+>2MjYthGDddDMc*C@JJ&FF@c1u!HF4x#t`yz&{<i)8yqGAb5L0z%Kaz`ewEah`hW
zQhsc|?UpU<*5!;{EJg!*s=uTgiR^hM5hM=0elPfbRJa)i>I=4uFditY!rcP^Vs8(N
zKF77ev5$xPg#nE*Mea95m?)2AOeJhI1?nw{#M8=wP_JaaLSsL&0-Te8i5SMEr_0^d
zitC1%crFwN!9-3@lnz?=*AWU`xVFJ=+Lyf4z-Ua_i<#>d0kt+;gIjcOE`2(>Ahd5&
zTXI^=^fhMJNBr^HlL3`^JR)e!LsHFh4j(kKbb*g)t_RgnobG8_romUh+ctBPd_iEo
zf^V(CoG}<(v=LFapg}vgvUZEU-|JEB=<US7gc%NzWZ!Hlh4{7iH*$nW9RiGY3W66N
z#Bceml{H+c5$Gq$P^F#o=^nPtuN8fHN6OWr^zn&?g&MJz^GMLbNMl@UERIv}<@o;E
zZf)o-60U@#qrS9A6gUF<pNR@plOL@*Js1vVOC82KiXd~g0MQD80oshk!m*eaK`!5|
zN%^I$<1ZgN`1lxNs#QnI8wIEyT4>&7q9;1Yv*Kc^?l5NsbuIBx%)&$+jN}%a9sgV?
zNE-ODIv+K3xHu@7B7NpEoo}y)FO@xa^+;6h7F)y%8AFZIZM_eS?{jZGFs;)o)BOI*
zcZMcHJM>z=*HAK(E-%S6UdI|m2iJ(>f<=@zcAa85498cGUZtryzt8@_HG84%7y?HG
zjd&G^jqOPz%rHPY?JIzKZyn5M)h~gI4cKa7?#P4q1{ikqPKj>p5lo);lT9rwOI6Ad
z3}MtTLk&C?f_uIn#FyH{LgB%pvrVYMtYn@FCSbe<)si~{llEZx>|293bCW?YVxKNn
zg}y+gOaXBE8fGJvDYCrJ&jT=u^{HeaRmqzT;|Ad1Hx@@9VI5e8s)~MDQCBO_h0o+n
z%$=Sw9uZsuXtcils_1B1!O&}{y4hEq+J*tdyCm~5sGs1KR2w)smCqU}qTWgK!z$SN
zcVHZ;I6#dg1w#U12JdD7RF^eErCz?SoSSRa{I5Lr6~(g6B~dh~;ZSNAv(bQ}6Wbid
zY={e3@N(c+lm^fN$DmLpyy~e5g$mtaN0nM+yifUXUL&`4-qW?g0#?~o9?Yz9x&L)~
z3g_Hs_N&uALlMkVWslIaO7Vd&5kwilrP^}LtoCyG7MfEjD}IvmC!oF!1;fpGH3`&L
zfZN31_Cu>=4kb$pRaS)I*cih*ocm4NVIiM-efvxHLPLH8=Ui^iVm!}hvl)&G-mMkw
zEQ&UwgGlwbZ@6!qe6u^LVzlOB*Y;@#UIuHe*PJj`{ZyL6MAXh@m{Fd&1@{PK**P`k
zJ6g&mPfY2Ap!r)mF!q|7aY{KqDV0ipPP|E8FPhx4NL##MZaAMT9x=}V<>JhPnI1Gy
zcrp<C5Ruha^D@{XL#-q~Z70H9ueMu5(qE~9JXPkc_ka`T&I1iQD9{!F5lWqQuF!sU
zGC98pIFvFe)?~dy0&Iv&HjT0W!l)v@qWU9rEnlTzNCP@5Br&Nd64Z)4$|}1ob3mPa
zi{8{>tF&yvrNU{jdHiPv+i=2GqYcbQUV8<aR|k|Vy^54=>lv%1<rbe&n5*~Nc~hI@
zy?k2n`u3KddTNZ}wuYhd7YtXi#*kC#%qO~pnBLLY?vkOAm7Tn4C|pp|PBxs}P=nEt
z6`M`;Sy7FvqZ8A`<lhHF<1=a$jT=gAXNtUroVTK0l9QCR&}4vX;8?h|y-YL~XoOMS
z>S8Ul#rV&xMm7FS?rUzhpr3o9h?&|b$JEfZVT_nAY?i8Zmn~hJTc!_tyt1ZLFrp^3
zo!vI_u7d2jy?SVpvzHS=UWV681;d30PDx%S=5zyr>*_x-QIl&DEsuTucWkrQSe#WX
zIm2xz*0u~VUIXT;!zHrpN$qCN!$e!riG4f@&UtuFPU#q((uJs<&Gv0)m2__NP3^?~
ztNjJ_n@*eZJiz+BLO~OX=I~<k>npe1auORakF_ofnzWh?wsB12F#r02aiefIFhM(s
z)*5pKB`_XAWAn93SnD9xx6&O2_5rdZWUQn8G_UCca;Kk{VSbnbMU#<<+b24Piq8@r
zg7_P(%wNWVj}Lbm=sODeu=WE5zS~AtlY(PweL|3uxtxkph)0H=PC4-c%k+D#b+&;=
z3Av{IDDn=ep+kSJu(|RF+>s8?H`+li-llq-LY$M#ne$RO=WBAzC=|f6?UJM9ztn5M
zrQ-y-#`rbUGfCnRI!mK<OeQ^p+Yj=K=k(*ATE#0>B~2!N--b(DXyCSWP0Nrg4T(@j
zjQ{4YIt4utuV7$MpB|>44Ja&>g%=H|KJQ3>mn9BdE#6q^kn|Y?S2id3)zFYil%(O+
z<>w>b990rJM`2FQrQnMm8wt6N82s!?e9oZBu=30t2sqh6a7~Bg6o}p9yUC(Vie|GL
z<`$u*SXcUWIUlC!d09a5s9!s4dvn2g1i6yIG-PK}K|SoD2EEKD7LKXIGf-oqgI*fP
zEc%`G=q;@yjm-y+UZ4TW)kA`mvpl->HC5g}sSl&hwk^WEr!3<F%yH9!pUIOxx6CWH
zl6D?_?uTMBTuU2ed~azo(DI<9#s=KA?bW6v{}qP4B@n(A<*AhY1Jho5mSv+?U*v_R
z6GQR#Ch&H&-L)!QhMhIc=Y0tJo<NU^%zO2+pE>$D>)e|VFV_8B)ZR+Imml0wG;!wM
zX}CCs5IuH?vBR7<_;HuLY%AA9q+bBZxzge?NirhhEEr3lZBy%ng0iw-0h535%Gd|s
zbu)y>^`SRf{H@6Jo@^qsKyPi=kVZQ@7g(M1GVI{FhTbCML|2UKrt>#iT*-=FG#(4n
z7xXG07!z4cKe`ZUVsZA?_`PMV`zjc%xNh==WufKv+MTeS48?M-A{&||rM{VKsMXlu
zni59SIs5iywbH<%9V71WaArfTdC7^YQeIOg#;&JuJI#1i_04<k3ENZ+)WPWY_Z6I3
zTB;hHxq25R-$uRt_HIkK=E?1$H8s;K4jSSf&tq&-XVf(mX+d>+A9wO#9+b}1($zTD
zQ%Y}OI)_<I9gS7KM>nqBb%>rtbk#9tvqp5;QFzs9te_$f<BR4GoN)-H7fPe+vYsg_
z+AM8H+g)qh;iYNXDH!{{Ts>3alyB74x5?1Nh~7z8FE79FK^m`1i7#-+=Dk7^bGMg*
z=S=bHk|+jqGZ^FACxPZb_swjG=?;CAQ%D`z?K1-+=iTM!cd<lH7!5+taA9vsX<{&B
zjS=#ck7-2<wgisos?jO%Uoa-+d0H5zy5rF9)RXC;BRO&{<-WW0DuX)Q`az7p+Qh$5
zh+E?HN$TD(wD9zmJErJ%M#z_0(Lwb<pqb3{g()|}1U+~2@e8xQQIczN?|@N>q#!f*
zjQEHzAH}~QCFUlUmxgf2)Qn}z-Z8%~$ncH@QcA&2$D7bleePB4?8XFyRKE=YB8n(M
zB>00&h0~U>2Jg?Whmvh_(r!=t$GF>zrX0=nK0AFbUAr|_^AM1m-ig=Se0lNhs=$~|
zSfoY$HTm1!1$V8YOvQQOMusn(((WXyw^5_!G2VUA-MN0t)_Q95)zzXUPuFqtQ|;N&
zlaJj8QM}Vxwh+<WL(9E#0@@lS#^laJm8-922`X7l@mW7Vq<#|9(`;=AQ^)4E62ga^
zUltg(ZRwY-nsgrAzBs?_b=CZ!67>N;t|j3I<=&2Q0xi;#%4I?Z?U+{+SEqTMeHXdX
zG)=bA{R`vU`sI~+YU7XuMl3wCa~P5wuZk-19Mml+<K157#=zXgbLLut4YouFjS579
z<1xM9hh7R<#1U%FgkwakRDy9+iKr!l*oNuJ13u@BY(R)pmWXjDx&L;qpx|EV_Egz@
zjl#uw%(UT;?>;R;AKJ>T7MudSYNag+IvnQV8Va%VDSZWKD^-L8$xrTJqBF`h_~VK6
zH^nj;g*0VTOk#9cbfKbRVY{C>(2z{F!&y?qBCNf8227%h2*N|%$D6O8J2JYt%qbed
zdi0$CH;qx0in(>4q^@dSHgp`-+jh>I&2(AQt0uN=<7F@NTKi?nW*L8ZL0F~E{Nr=S
zlou@rjK#a_AU@@T%Q-96g<6|V$vAUfh&MyFZ-$q5gQF4sGh=6jpg~kARaMELS_Np_
z(#o52sF?)$v~cvfiqDPDH?y`0-kWoMFWYHppF!7AUwq<S5B9)4+7y3iO=ZD+y0^S+
zoyVw?bODnbeHZeRrJVyJ4&3)N2+#+aoxy!?j(q1BuHp>Cn5RAlLYWn7xZ5_bA_y!+
z%MnMynu}4NXN0n!zBY}~uj$fgvRPcZC~3VJXsW-m8bx1Y$?ZAfI2<gOz1F33`=_0d
zMnQO}--J^3$U8@LvTb)jh!43?Uh)p_sm|s9kFv84i*jrC{}y2bB2oe>=wQ$#Qj$X>
zjRGPq(%oHxARsB-rL=%_gCd>M!VuCi49EaO4*b@D@4L@_&;Fh3od5Q<_r8YbS<k)h
zb+0=<U;fck+GC-Srgkd!zH!ybW7VguT4(h|c1p`0nT<*)kKC1-_6{GxQ8;aq%cFhf
zW^~cCO$8(g9OH(3aXHhI;fBrhT~$g}ruKX4J0~YuThU1+jDuS`1!uEyg#*c1Ga+G}
zx$K|Tw?q_5z2ku>2?tWE?W|t42OQ{w{9J8R(tYfRtq#>q0(0I8_=|zy_^4FgAa(Um
zf){DRb1udwIX{E*^g<*)riw>r*;c?gjUpqD*{VCXHmg$SB%?7b-)3m~aV2Q7>Ey&A
zH1{bbOqE>2DXg7QCFciPQ)+4hOh@fC3|$880?{yQxXI4$0Fa2exm7&9(WK}<ZDqOY
z-#|w$;5coZ$}nmm<e_`Bbd8b`?N@d>ki3#v-HI0nIw!dF#m`W2a+rw^pg`1lrFqha
zeAvlvN-j6mIZ500YjYTl@&m_JF!bRD=DK+NKfG(a<v!xm^!5WV)I$8bIz4Y?5#uE#
zgbMIc$ky<HSP!5{c313)lHDom{HD}+(_?Sl%KL!&W#QAUY!DpMJu@nhukbS*R~~c7
z0kcg+g0?<}ETb@4z2|uv<vGSMxHOKL!YxuH3U(|_7rj+$lAymI-nT%6U1fyTb@Ffo
z0tXirhs9G)v!MrWYuVfHH$i*KrDfqMj(c<#Z_fff8iL<Tj8X5TmpBzZK58KtfGJnh
zm1LULI}RSJ6HdoULvEYJNhIi3??s%QsL~l%T(c1qsUFojAYWiaxGBRq_BI6(6~jfJ
zi{>{nL@$R1)k&3;%7VeGA`QBXPAwFeSSrm5ohjr-7^Qhk*Xfw1Ny0)DdkI&4JU(un
z;$J2dIG%Fwk)Heh%k*qu#_fyDQ$xar=gQa;t(Wm-RYk9dzHILdp4*YY!RCA=f&G-j
z*AM%$tFch5%HTI!yc^12{ev{V;)VEK+LQlsFXP73CilwS7Xkv@!^51@<**%gZ%Y?-
z^%EDTamPmQt*!<d$l#L%F0&|SoL^BB@lYO0K8on3XnLrne*lQ>M;%)7C#fB4KR@s9
zp=L~C8)D;QN0U>Mks4a3J}#YN@(+HozcM5jc#~{ur=or9fa_LslpqXV2l{oB5A~4U
zVnfp|XIcOk-(hdMY-Oew&vu+(z>(=a>qXYvRAcaXe+tQGI@cm;-r`?R3b`Ll_vMT4
z<-Hd+pA7G=gZN#cm%OW?%&H_6>PG!M01j2ECm|sm2I>q{iZhV<X;ON~GcfYGPgl{`
zCU^wY15B6Y_}FvcHnmGq6GhjD!f<7@$sY%Oe<3_cyi-ZqijB5A`i6J-L%jV|?Z_py
zC_5!$J4W!1eA`jPERKQtseA)k&?lP}7&T9GZ1&l!_g}nEL)LuUPJ4D-`XCk~d*eE}
z(DjocxSyR5>7sWu)=AYsA&ZU=!p?H1Y#}?v5~yx%!}_%!FFV|c<Eh`=&lpf^rna0x
zIYpivrVRLLOPjs%cU*YVzmr0G#V0^JUBxFh#=C^yKK{<3n=p3cmiB)1ZFVa>d*~vv
zLAH2yuL00_?+$yd1b&E#m8*Z#zw)eP7A2#JzjkD?Bj>Fcw}Lu578x=*t}o*6<&D?n
zA9-OM<y5LsuB-fNqMHCIzdo^ZW5px?V~<ga>s}|%v{TGZZ3FaAFSf-;;n{upVm$Ca
z^N}X+9E#XGR5Cu{7J1fb<)A(Fk^IBoe_mj@7o%TWwDg(WUhD35L3?9&WBQnR_O#i!
zD2k?36xWhXv+%;|odjMWKB4J_Kj0LBUPJBqlnpMMnJK(*qd|w#Y~P~@AL>lZEN3+8
z4bhBxyf!kPu0Z{ZS#D}EhMw%eKqtCYyJB5#L-16{w~Qsh3ACZ6Q0g_^lRuR>Ual1X
zUUdi1tJ{e}V`#nkr6cZGQCgrt3$2+y?hL+G28aUBzKb1j_U2ENn@|n+>GIn!U&Xz8
z<0aQ%>sBvlAZ$=EtL7m%eCji*rcUSI<t(L?k(xrsK*lJb<y&T|knXWbv!DgDhJgvx
z<cB>+Ae(LOJ95yv_90?ZUtTvvW>%GMm<)fySA_dsWM9Z!)A1%S%lKm%%Jd2{`qSKJ
zN|K)$asnHP<3uzn?zQcnlxTi7$K|MG-!H%(BnE;`Yr(^{Y`srJQGQ<lu7Vj)wc#C*
z(XzGTo1<}9m0ifLtOjjNioG`Z*d<XYa20qONNu0j#bY(O;GX7D<>w|sVohg3Bll|C
zf!QIN<y!DkxZOfAhfyaaSq{m^H(Q{_%<cN?u*||g^n-K+7Zx{J>E?i%dKmXD80haU
ztvg(PCnm8y$K$yAkTVzLMGcn4=>$r2d?MjY5Y1pzIbH?8AY@;GkUSCE+mjZHC#14I
z;SH&MHIVuS@2uVhI>cqPKEkLe!qc<i;WKG&K`&rVcm#$fl>5@5?1L-XFpHIHO1#3B
zJxT(|xUK-tpn61rCBnJq#H)vummaJ)zl~jgEZwkc-WBS_{iPqJ>gq@w)&UB)_9qDs
z=hFQ5u=)BsT+2G%#H<BqV{<3E%H8&+_=14ngQRwL2zH73Zz8vIUPwGSt$DxzX-4c!
zM&&o79#^@+wndAZXPuY3InsA*>yCw19Y)!4ldHXMTb5_m_M3>7eAvA^{J5;dAafZ`
zgC=l?)D_2nMvAcwFqVYM!`8cXj+R#VsCJtibRYu4ovx*BxNe)Uy<CqO*Kr}R<Khj9
z5!c+)53JH>PbW_{RzAk-Re5g-jN3e7{I*wLR4~AcEX}KV8THVlU+d_8M>nKmvr?TB
zU8=<%Ep_^1E4wzFtV9{Qz!SgUkueaU-CjCgy=VotTbCP}x_&Hvfl-;_-cdlor>oK9
z-hbknT{Lg_U~7|EpPE0>d)5Ts$L<ErLMjpF`e~HrV|iv=$%aqsy^c}36(|eW-0k3m
zpw7?tv3jViYX%bn;`kMXYp0ZQ5*|@Rx4*jQvDnGHOEkpCC>Pacgn#b=MRXUb<=q0j
zn6?eaYU}A<J~unE%yl4o)oaJ&qiuDYXXDXAwQ_|xAcl}Ob_zj_O3CP^EP7MAWwbIj
z4jn1<hQL`~z@t{fVsyH_aAwsjFzL4+gJ1L{IRKAb;$<?^4>2o_Y{t_VG&Ut!S8|bv
z#tART5vs)&kP}LixXRgP=f?!&;i(#6O*Gtihsr!iieDMPP_@n0Rdt#-kR%0}C<W%P
z-gZjW59duX`})}-BZA=i5L;jabO?Cz1*cj=0^SAQIbse=g?6@tUSDU$J2`^e9KA_<
z&sZ5DY2lJU@$#L_1|V#=z7WV8`F@?G(F0=P=^5O$Ol93L<9QHsFHvJP&UMg}!q@#?
zx;H(!zBLk8Uiaqwu`6hk=L}TW<`B&EHFqE>`j)Rk@1a2o15>hJ@jl2^TI33B9;n}&
zfq@~RkTBRK4)wGXOQD~yFYn=MOoyqF9Db3N$Af(>hITqt_Q+PU6L0|4pWw7(UNxXG
z3)CL&%a?&Ps)gvGo3S4DTGl8lO#bdTYVr_amrxUq({NgD+-HCEwF<_1>*svcJ+;r2
zt7&e_H?1CdXa*Q2wu`I%q|rRcm*?rh{nP6>?bXr!G5l89P)a06+Q#<JSZ1wef_C7+
z=UJDI-A+-P)6&p%6j#n1d$Xr$3lPAre)FP~c;_dogUVi*0n!D}^@>sy%Q>A~__1u%
zfm?g}tUCSQJ4oj!nyn_SFsg&-d>fJO``lSB&lrDt6lq3HJE`$y#VPU>r;$i!T<(S2
z-A)HtmORIennrbrZbS;74c+oG*i!t<D@{-Ezr1stb}5D%bl~1(uN5xYI6@2BJeqd#
z=3AcJ%-9c}MY+XusrXoVqa22M*tMGXbs}f2)V!MbHfzX6z%WC>_^;FNV>l%Wg7lWc
zWl+xp@=4ag9J)zw_C6<YiW%00N3r$pOOHF;jknv_V|7dJs}r@?g?1G0Egf8m;U*tc
z-kd0mK;<+%kBwvd^(~m|cMUEDuZC_a<x1Z@hx5&qm_*ZZ)s2y){97>%doJLUH*WJW
zp5B3v&$b@86gKu>cTCh(6<+&judrfKGD=rbJ<*OA93imzLj67Cg4Nyi`2k^-qOn9K
z^5)iWfqI*}5L3!H1uZZ(`lpq<qXqgdOb=1rgG80o9hr}oic33~62x@qcodnJctwL@
z44d}F@_1o4Sh0@4eQL_`(JXQV{SOvnGnJb0bqFfoFQF;Ug0%@xM{{iA;d}lva)#U;
z-xC03x#>_jVQP}QPH#t?cMZGDjpO?8S=j-7j;$ok+LfxGLw{|dbe7&y7;*q!td6|<
ztn6*d`NkQUW5x3<;^r%<%|S{t>Iz6GGqNMA{umZmnM|8LqaLl&(W3QsV{f+1W7f!a
zWlv8iqZ0Ofk-eiUF<$JWjuef+hEdn_(Z>E+`tfW9%B_M(*X*UuLEiTGiX&b@9!ar$
z|Baz95}fRrfR&Je(<L{Oz!A%;`(qEcws=UG-LmO$c`_b3wtT<hXwpd>9R^>EDCCh#
zs3(Jdzb}2t?Hov0KXt+rc~VBR2Rh+z?q3JAa(!8ZmQ1{b2jT?vc(>R<t>Lr_O)<L+
zX!%jAvZ9~9gx>ZjN?e$g)$gJ?KV-BQKF4MkK@Hlka(f*`lOLtSF{g{p=UJQu)kDth
zIQJ7lpW}T<M&D*NC*9AsqzGoqMkg)wacLSyQR0c<m6i^h;|7%BdI|ireBq7m83QJo
za~9eXiksnqtrS46@z{7wx$pZ3U+j)lGio;k%i<2d>6zbDU@?3tjAY_ZH^qrtk<J<@
zAo6@RYR#|9^K>+^KK;05(}ib06@K(%TeMxSc)+XP8#<6Izn}VR`y0o&vz(CVCRsBg
z+L08nK$cCQ^gRyoXL}yAIET~EM^}=;c=yeC!Fh;#Yfz6R3pol*Y_n7X`IDr_$BkT&
z1&J$tj<;zQnr0y7Zfs8)MLS9t70Ampc%Q^VRZ=Xx_|mY9&`T-UTrr%41Q#G&ktTew
zBRt0!nAm6ca>*D%P`^O&a3m^QZlt0E!rKIURw*Z65A<xrllLw4<u|is@7q<0puiU8
z2^j!MzifW^Cr%xWXYDXCRRQ0M{WOow!6ac7#Ojq}(Mk6KA+p~2eNf#g?ia522|#YV
zkz;S<nj0RX0Q0An!#OZYh2{GZ8)<AZ^C^8|@}-!Wn_!170U+}m3FL9pIB4C!;w<H;
z(kc+sMX_T-wdh%oE$l8$MjGW}fB&ExWSz@x-#r-7U_7qkwOvYdHwfTNdLPPR9k&Th
zw*;l*WH}xp+Fe@)9^!PbHSNY%fgJamCOqfE7|p4IMaSu0XgMsg0qVGF)DEpYxJ^!I
z+x)eM-XS4@*%@csj<qR<wo{rLgZP=)|2ArHOCm$ie&h!0kLjAI*R!g{X9xLuL+(~j
znu_hM!NBEk&KDvMF+@}pX|U|gD4g!Hhxh3wfiSlkBO19hOC>cQ-FL0FYCLwfK3r}4
zNbU^b4A}TO1S;uerK&$5oXbqKkO<Zj)6BZPs$}Mr9<DnDj{*Tl(EO~JGU4<iDMKK4
z+6mi@Tus~lRxSR8l|yD@cw27G?62c3ixC{ktHqImco4=fO2-ZFfbHDr;9*y90HP|K
zIzCWDZ>&MW&gW_M38EwIy>DOJVD)F;QU)IBNUwS1*ezC;GYOY)?y+}zt=8$bbQ6fC
zsd$+4GM*hsAMN)ts?fn_iEI+g3pib%`vH!RI=xovgo|CblDc@NUAy+&mU6x8Sraz}
zWZ;1yUW#+~o1*uI(XTxKy9eU!y;V=s3@bSDTo58^IzbYkPop;*cU{rCb;<hH&GE|y
zDF?OTQSD@)57_4_QajT9O}If<GLvDsbtIEd&g1bTdqJFTxam)EzTwaRx{V}bZX+&2
z#Ym)1GrclJUx}7=ZMIltx=+(%edD?oeE3T+H^kfI)3y;pDRE!+lwD6Z$IwnpS6j=1
z^%b}*tfVf4(d__oSs|DvT`}6LtPIGD674nWCgRojjv46<TN?m4hv!VprdnrvC9p7d
zQ;z!S6201qHrW7p(BKED!rPVXX82Vi6YxU3cc4h8;vhT?8T_;PSIgbCs0aNMEFdRQ
zY~5Hn&n^F8L;!fHr}n8J?Jk7S+Ii-{#6Z>+Dl$Q{NQ7NRhq+Be-lZ&Htuoyl;o4)`
z8sFkFxGNTppxk#PxbIC7G_<t89#<syYn9%oF5o63OpEwHUh8Ac+@IC4SGNlHAwJqg
z>2{QIW1*r`>_8Z|w??f7**$o3*aN@8Grw2C!_2V$c+(?K*sHt9HmKINl=$vfBFYG}
zDl8+r`wwk@*5=%)R|L0(i1Z`c{PDMjzV^o`m^mdy?kZpQ^Q<4)M+@cIa`E{fIWl9a
z;Icj<6Ws1vCNj}O1L2erNaBV~nX0>Qmnoon;w(IL4jbVNJ05EFr!8Nts}DBgh&r_A
zZWU!V=oe`+P2d)!Z!5?0ebjQT)>!lq%=TcL7;mG9l=V3I73b)k);!}xB3deV_6TS2
z;B36vS|O2zO8D99bd(G~6z#Na-zHb9+v$i#S8%F_>-T@tg&HOIIE)hEQrbi)CG2SA
zz*kLx5B~IS04|T-DR$u5&xE_X8FlfjI&`z$ANF=y-dt(IbDym(j$ocyPO)xqZFnQR
zj~>~oY#Z>RH$&U@R!-|C8z%R8-CILfC=DI1{a53?Up%$watx+=4W@eW$5rPH(czzm
z>zp{woo?%ZQw+}%^7O`T?aT5`XKI)m0&O`)xZ&x&uLJMdCTFl<HBu7SpwUN8ZYkfr
z;N~xiec_&4erC+$wu7<ZYgvpe2(Ufo+9Td=VB~FN<psLtt8ceLi%)))<8&KzgmW6(
zdY>+tjH+1hnvhxEUH7Of&iwY4>ClczIFYtf>>F*owk7sM=UP$NdSV$x^e9NzOJ&<P
z@&j3KJt;Y@a4TQr<7p6cE)Ia{^E|Zmodw!~o-yP1{n`}?8x+ISq(Eul(0>h?A^(vY
zyIain58n-Z!<|>FiDjn%8xv+$3KIUgpMLofuyH|}I%WRlUlV|TeOrSa;d~0THD!g+
zyN&|M6I+veG*%Qxw&iEDXTl$Kz4l_Sm^I*BihnsIw{b`k8xh(bR^J|?ST6+sR9^Yr
znrg3yy*V$04Y_|e;`-{+F*x=2JRLI2!$B=h`?lkE(d7ouE_S_LxzDu^2tLYVp*swc
z!1Y4jG9(`X#9>zX+!JKEjZa3{5x*uQS(Jt6TBB8Sb@&r=y7>kfD2g})uHNE$0s0Zz
z8I`Mss{ki*U`}Uuez@QK4dEDXZhLs6rWa79Glq@>HlN3MDU+_xTFvz4qQ%QEpN@y~
z^zU<nx?kVZG9_#1LMD^Llj>jAoS*m0Zz_qV$)TKNntaf|;;N3^PTj|8lOqf*uN9-^
zJx{96O(-OudB)l$2M)pMc(|fpUs5Zmj<&VkMzw4Fr^%L=lvk&(30IV;H>IoSQk_^9
zV!W;7_v8L1VU*y{chwrXRP1-QG6uY$dmdKX4zn_vP-+LO>hYXKtDNIjo8t$m>EMoP
z-?-&>VqLht)0b$18iznD)f1OPMBns}ZvCN^)MNH9hx^QqZ7V`Fogn8M<LSZ84#u*?
zJYccfMju05irDWfD@uns{0^8|FyR492!4v-?A{8K@*U{utY&>-zGjtW;@ES3Mx$mx
zqq>Aps`bY4MMmBgkHHhCo$@)8*aJC?B(Gy7piMujABav5PU5vma|a{4y-lnVd%X-H
z%SCwBTJSat{H)CTVnzbkR&c(RtE!;&f>TmqoQ~c`VQ4XqENjgJxMO;GZy44R0egco
zqI{r<?ySacp@MHf!x(y~w9=nC>W4!R`jhW41^&ah6m)MpwcpIm?PZ6qpPlYEC%*!;
zG4ObY-sO;(V8be$Zs)|DpH4m-D7W!$;Vpy#a`OJysvCH~&|O<erbj_>*7P%IuXE58
z-!7F6T4Y}5?0?L;eNw77g$N+=_$qg$lrktsJ~7L9AWbcQ1K55m+gF1RQpsj|&z6L%
zv<aB2oSpc6%SJ$lT{WC2cm<}G?6rLty!hp-mlN6BBV3ZtsyX*J+~nsCK6XVzo`Yxz
zCTxYuCeo?fFhEhVYUZuP@5iRHt0gyzHL!2{3{x<@)wWHe)Dcxq@YHFLxHD{t)17u!
z2|^NW0{@b|cZHw(_UhbQjvd8L-`}sCKpau2lQN9Y8j_9vvLTF3$dJ2M^~Vekc>=~e
zBj7Jai<>`}!dSh<rNgK*TPJ1gS7*=+MT6zd!HP}s=+MA|-n-K+^^T7_UAy;c4fWy|
zkH?8@%&OB@Yyi=86tp+dc2zEKTTL2uVU?$!NV8n>+#5Z679K|9`Oy;!qE_!C`25nl
zc>Bi4wWDJ*lVa*`DS?gN-8}J_n3-(`g@%lI#;x%m-IR6~D4g8kSHZ-~`og&zcJXG-
z{0{pLdKU@M3m?6B)PPiJ9;blrr+(b~TXgJwlss_E*11(xAUqq?bE{OC;VZXZP+@pT
z1)T#x@G0>B+cUod>BJ3_V~lsEal*OX5yh+4X*^A%b}DZNE{i|#W2m^z8=m84s}o$O
zEBWWJ7}!0kBBHHz37?)?FMk44(ujhzlUfo2Y4BOmvrejP^N~D#|H1pxx=*{PcYio(
z_D1c46roBq9a`Nvj7AfC2xMNeP3NvbgvG3~C<|#j)w8RooeM##T@=Q|?gg|?o!Yf`
z!M)Mkf3_@g4u=GLf6J$8yL_W<0?UYFAMpRkb4s$TXqP`p9#{kdy_7<bb~T~640wFe
zWB!q;0~9}GJ(+y>0ld$YtER0wD*>DGtZSY~Q%spIO1<|Wh*+luv?3JtFpa<FA%UO%
zK$Mrnrb?l7u$FY3CnO2%>+%5Jbq#)KXwMUVSD6*#`G0`2h0`{zco?JBHsML<eU%YV
zcS%~U#v=`fp88)IfSexzQ3r2HMJxP4x<hm}Fcv+K+mmkUKeO$hp6}ldbh=bV3o3mF
zv6{e<7MjS#ZUa=MM?s8V0_u)JWU=OUExN?S)tA7*nv9A*DOC4otB+gj00a@E`NcOk
zOMm>taeEuWzR(szS?Dt31_Ny;tW`f+4oq0nL%MfU?8*}hHza1pcS-4YzJvPZr@qLu
zSeve>t<cXVpykn-2YpvWUFht#{``#3nU~YJ&H~vA+IBC&_`b3(kh&T*MaZekLk7~&
zS)|aQd_NEYrH{W|gs+=He9q8UKJcY$OIKS5=7DaL5eb;sib`cV9HTT@G+2Dwx^aol
zL1CleQHkT0_s3w;5c-)w!}Hj_DZD2R$X>A%Z#ehZ6-3CkK4=OZ4C5&%TshDi;U3pE
z>kXH4Z~lFd+;J4dPu9j9Bc(Xq-fnVe5C`=oS1Z54O*ip|zO%T+acBcQ{+QCA>Y@S&
zT%S(SHSL14cRW9zya5nt0tghb1Jk1fael=#!CG<i$L-;MZN9gBL>}lEtM4lXi|3(!
z)7iJAfgv5~=7mmc6EzRrT(}<FzW$8?#+&RD{+Jx->P2L<Nw40}C-|?B-YjJHSaIlR
zF2SPSp;qanf<5_k8Qw(ZJaLLSUKHSCRwEg{Z&ZW5ZOF!*s@E&4Vws;mQ76l^ne~<(
zOK*4yjv9W&vfA(uQaXvY`O%1DgYPS1YzsdYVjKFv{^Ki2Hvqx?26i`LrO3n|rSiJ*
zd8FLU6(dCSL%-*9?C<?dvUOnM3h6y8hN}CP6*UU@oO<40bp?lYSfbou0SxrFlKEk2
zWw7Yn5ptKG@5o_k4f*m5NOh@zsv@^=CI;puE+sFS?lhJdj5FjY)_wWfV-cC;#g3eV
zdrdq20;8Y-R=>L|yU1Dh@UsF1s#V$%<l#eoR7e1zC~}1PD+NQ(b^?d`dWnZiqz=Ns
zKHuH^NM+p%(NhDcKa*Q)*QCnxoDq}D4W^XS4g=H1&|ye&K>Txm1%NJjM=`?AEp}aF
zqy*e#`Ov+bN`-)O+$CrJ!fkSVLKjM+4DPaCQVI9z)FeCa`CZ;7IRaXR3H%!<BW7jm
zp^w3J8WwNHXFgYvE)Q8N)kLoTAwZn>7Q4)gqoVnFyocxsHQTsf1Ais&$mv2dm3|Q(
z*_d84GXCcpMckqrw{h<%-P!sm^yb}-cjU8$hdV2YL|)idbtgRT@jssqxi*Cv>7}h;
zU?xX%foih;b1<9PrvoJ1i!u0#*xga9I|Gy!`fHY~p(pZ{){WU?4`+H}Xjh^t?U(qR
zCXBxI;fl6w7T2FzafQ+rQCbq39X^)zOaslAoiz`EWUj%hG*F5gJrd6&k$TAHhVU$_
z5waMQM{oCt?Nv9U`wq$}&bnx6X*K`YO{VA#=Okd)P4%vEmoFz_*aA)51vaxP^4ws{
z2iC^v0+N~%I%>v39NatZM8DE7*qo}>bnr}zT0w!}HZwpwm2`X*e5e##K;BNy>3keF
zOR%%-_41??z}OV)zyByY(L^8S)+zdU(u}K!6(bblXPd&+){f}+VXwdY%z*aNZ(73g
zWDW@2I|nX89X5uF11WqeKq>UT?lU20bQo@zvKr>zLd2i;vAI?-UVDL&Y6k4oAw`Xp
z4bX<Qku)2@X(C)A3<@jgZ9}ioDg;lvs;89@<r88E40!?y4xT3!12#T74cgnf$41GU
zM?G#(M2ustZOjRZlRbUsa|{BfKHL%{UT28{9UBnG(9lDcX{TL*@Q>->pd8xa*EzGV
zCHm&7h~Hr;?zG6}wfomeX`E)=@T5*VP2GDvp1-Vi>jZO`sRftt$#?~y9j94*P`Em=
zj^0Hje0sMN)@RZcMSJvNG12_J_nFz`r^HEv2%$Y(JeVvmDKK|AL$(EhWccH5QU<xk
zi3aH8I8E~5<9It3D|zxV9o{EuQgz@`{s?QyapduD!LiOL%zeBp;Y-(!j!!Yx(zV<C
zH==n6D=2gdXvD@w3w=fi^az<u8RRAb5xQV*61UtWhhNQm`w}Cad5+Rq&sNTfvRroN
z#!`IS?uQ6Az0VY)E31Pa!v44$UnM(%L3nA_rqQLUr(3qUd^|v0zvSl+@{7jFRyl94
z-8S}=NyZL`-W$0s4D>g@w7h2_u_`|RNz#gkO*-@1$Z$M2>9AXg#MiqHwG%_B`D6)-
zdT`Eky#Rt?=+@GHl6bw>#FZE#{=8%!1@7<6&lOVnC8xcrp`sr5fFw<xAGRMTRuEf5
zteiEP@RY70H%R8RSNiLdR8S!vIRV*=C7s!?foE0?{w^k#b3*t2bb(Z`+ij4Vf>2iJ
zCt~S6A_+Q{7q90o6Ab$UpGau;B@Urw@D2sGL{Qn`vKE7q>%EnY&j4S*Z8zU2l?QL@
z!4*IsrLNyL_wC_gwPkck|0&rWD4Lbeie;@H>3k}!)$O`J?LsPZvPd>Nt|YkaN~@0h
zd*gWIEP8kUgiR=+hn|)Yc3~|UyAQ7J4i7vdycMH`EhC~)eIN3;^MqN99eB*#wyV13
z#>w<1`L-+zO6{4H_Et7^C*H*dcZ-{Mr>(0!7ir>NXp2^`w~icxib~9rc^APaZwtEb
z4!3wjZa+ZxErIZmQcIkVYG&xI{D7W}O0~64`2o{u=P-`OuNXKxL}l_W1BCIu%JB(m
zysd}arW!iDw?C{X6U{8mc>j~zi|)9{9tSm~NuBPR>v8RwL*m65_2g(ZH#NW&oKoo(
z0;^s(+8tykqpk9ar?S%%H$yT&=G5E14c5yU7Jp&!Rfga$bR<trtH6ecI}zOirKfza
ziCtd3^OC|4CBB+l6G{2cR{@{x7U-736pok&eg;5T<?-SW`_E*OdLDNz^Dm!Y-f7T1
zM$~eri^PW0G_|3Qm|8*>F#|!u(9p=K;gIM8_3t@-Ev#aEUYNaK&VUP=jDE&OUczU)
zjZ#x<;gd*T6lFX}(dGfUJgRa}-Md*r_m_Fv_CK=tbyJ4srVNb>SXJFK725VEtCT{r
z70k3#sXwlMkxWl+rE|DGc<mLIhIgI}@!Yr8U^2w8v7WqM2%|avv;NnYOp?*slT0{4
zzjndJiX%jr%JQ=>$9B0gJ5m^w$l85!D-^`aL^S3lR%fbh^i<yB{Xl#cOTOZ+V1dd(
z4p`>O%_vd)c=tsLyA(OUg`=VEtzv<#o7^66{2fl;R47@)uIY)ir<nsB=5eu;r^d5Q
z&tEY;mygfAqLM3|<-Y<N`?HE0kh0Mdt~w5VFTQD3zyPwh0AwtBR40Pph*aJq-fjCV
z84@Q&RU{MLzU)nMX&q>97l51sADTpgXh*H)^=G{)a2qs9Qy_%`+Aix4Pf=$wQF)>L
zHHQ=)@hMTD#8>p-M~k??*@p<>XKQX7<N!qHRHp!^Vl^3%u6I$aLT-=`pDHAADIB;{
zICR~cBLBM3MIS#vn2+6kUpjoO$rWA*0!gjD#GN=s=@SPxQDH&Q_B&9)UV_Wy`SAYA
z(oLt$+Ba&$IenoociNMSOAM0~hPrm(Kn<Gn7FAkRZmV1*`=m*4!uuhY^2KOAQF-$a
zo(f7sjwLFquKD-UIdm*Mt}BKX4hl{>55hWjQ(b1BlF_N2CM^3Ayj^vx4meCOo2s#R
z5aOI~`<|q(N36eS(zBWw)IA!D%OV|tg6B=<+mFH<XchoPIrpa3LQ&PEtc4nzOfP;^
zj&5U^+IX=}SpH0%(^*pC;uOHXhoKHb*!!ctNpw~=I-jaG6wdF(_xE@?jA@_=aY?k_
zLHRidHm3{i#f0x92)KkN3A#nen4E13+-VRDSp0b_Fp*;BO(=ayvuL^;%C!uZ%DM$M
zYDp@RT43Yz*>D_@GZ)0nb-OHfb`sf}#)IGx;4e)lNSDXNl*#d4XA|2z9TE$BiaBt0
zGtSCkW_HSO-JANo-*hL+2#>U58xkM?Xh6Ve+-MgKgbD0#qr*QSpHnzDT^oX$xqtu@
z<T37aSXPhPc}EHx*RelPh&=9hf=+CUc7#+guI_XfLr1;XjO02|O*`M7b`wrocP00D
zMS;DG;$8KMhi~!B{R}7&obBZAdn&!BY*qQ_P0hr13n)%hj((-@6>|FNi(3G#Y|H%m
z2G=c@43@F*AQ_&}bNqpetJ6Ugx%4QU*2f;N&N@;%9R8!SiQ2>0en8i2L=#QqTV`QO
zd@(G2_yB~MI~vk;Wmj~3>Z*cmT><ZqJ7oQypf>=vhq(<qx-~eI5jO)5ZwjTSqC(sn
zta$MW=c|5z_T;*Gw8@yJKh<<SWKPz2UXsdYSb-`5GBK}y2&jm^iefD(Q&^On_Gj>=
zcC`G(!>D+9TIe)PcggIH?u{$;*1wCZWU*al4r*3ljQ+#7h8S<5?K>xg&aZc8fQlL~
z*7H64{x8s#|FlcVBm+yu(0t_cd-G3y_j;u7WvSifssK{trnSYIm9ojXx(TI?_moj8
z=?Q%n<JMH15opkb+rDUDX0xbj6&LWH$Eu18lr;8G!#S!;i=^s4(Fzr#5hTXjj_sjq
zlVu$$wbxe!N?0Bda2`g=ypWk~<Cn>y*=ag>1#?|En%v(~l3f<t?s(p*JX-97Y+3A0
z9JtwE*2$1F8jzUatwe5rlSnO0yx^3!W9d;Ea$CDQpnA7$Yp2@l*s9NAc>p?|6v4gd
zmij3+rB^E4VebB6G%Vi2C%gBdn7x3G6ZX<7lhXVS2a(4Tu2-@9A=>`e5Ddn!Qm)-j
zGQfCTAX%+<yVk?;(KKc4jEk<&;mq=}TWpUPy;o1`Al&D>vwHR+6Koc@_QZOp=5XS9
z?4gwRaZg<|-Y#Ic7z?-T?Oc1gKe+X{%V|nBb)pF>n}+Gc=qMdwy&LNE1{u|JR(IZr
zF?L$=ASRYo4KJn#_Ya?o5s6zEN1rqq%jAfDx>sH>It;o3M(dRzdqHErJivqm6Sq>+
zP{UeIau@{?c%DMa*dsMrGARirU;7(-%5-1^3yL+-bfddxOF!^-aVu^e9z5y|%c-vC
zwz7fu3v7FJT|PQK{0>Qxms^eXc>n>Jm<BQ|k9YJ%NE`*mbmS`^u2p{v#clqGj4uA+
zN~z_O7`Wq*{viID<pM+P8MSx@G4?w|Q%G4e=H=V5cEY5y=6Sl|FG`nN?ikfuM_O56
z^3T^9N<ILfWH1Rs&)mt-kY(cg3zc@7NbXDH{>e_FmpHH2oxbiX9-EMWYsy=W4=sCo
zAI#x`3bvp7(b~;mVXNAuxXJj%n@8|og#6T0twR`OQNoYdg_t1_FFxxoF{!Vm?p4V*
zJ3ta-Y#^O*cV|VK+iXaD9lbv*S0V2?xW76mR|&*sT5C@bbdNrhX<;D;zk&*44(N%<
z_ku)(SV2Sb4Qg5BAKl5i&DhosCdPUMsb?Bh<rf$P-^E<@-N3sJ^P)8JaX6f&Q-6Qh
zE)@5nA$;?>gb!V^(;J#1Oy`<<#;3{{N%30gl9{)ZbR}=DQX$W;ks?)?cABasYz4j5
zqc>Icbt^zh1YSANQx$9-Bm>#@U=cIsU}Zh^p$*DkVJ^OrNx}B%lVn0?O2=*NZa06K
zr^G=)B30~fFaLRU$a}R~wgO0QK4Rt4)=v{iwi;_aV2g`pt~^{xwy7IT5LI|!475J;
zs<7>K5<XSk&YdI9dxf14Soi}clMj<mEuiuBJh3)t%J-wJdacmyJWT`3!I&Sj@|eGb
zxCVAN?GfZw_r$fEL+2m{5n_x1KG6_Gf)7Mv6)v6z>Q#l9_yXhu)IjE2ej*zr0>y-O
zzrQgDI7!BVK$2h)zN-Z>_`bIIhR3fMAjP0^tAc3QVe4OsI2cUfu}V5x{Xq21N-!Jz
zh4&<#9W922VcGZaS`+@*u?=Ns)4>cHMABm&9!$4;M(2i*M85)2e`gg81VgS@V%h@j
zWq=`t5E<d)#gyNE^zni~OM_YC$TGi0Mn|;hBz3OftC^$Mm#--kQt>=<f{#3HMxWLn
zogOb~29<w5;0>!Q0n!Ws{9x8cq0(Wc|0xiSiKxRL0oMsb8Jg9Q%!KM0qxgPv0G3yC
z0><QmJ|U6A525sV{`IPJT;E+FL8vT=Z`okyH3~N5a2>$-=GinI*1fBWF&52ujQ5a;
zvcoAS9<$(n#GNZ!Jj=;6>NMVNe#KM=v~!wz;khDix5*8Vbt@dpc%btt@XFdn=M^Pp
zx#J&|cWJF2m76h}oqK_dN4}r+t}>55x%v+bi_rj)AMigf)<%eMsm!QAdO$a!p_t9(
z65^Z)bs6)M1;ylbr+G&*LYPOIm!;XD{8sai(1uqu#Hc#oi#q*H4$VC6Ds9kgNu$j6
zR^S2xk#`TX(yD#T7>^X~j(P0XSdky>Z|#<(fVl482n)dc+eBzKoGybjiziOE`v?oW
zRzZ0Cq7%my^a33a3!osjAIx87!XpaOM=(%vnqur0Z;nua4){Al6|<EX{>0KRp{hAI
zR|-NSR^`pX!s?sQ1MqaPi>G4{1P+Bttp}W?s_2hEXX_6vJ6d8?h`#neGA}rY@jRx#
zfTLN@x9ko#04rl&v_9~hc9AD`{-O#j|MwS7duy*$l&PI{{Z@CIE!Chj<}m_*$}f0R
zjlaEV1NaQ62=9NQd<gg|3F{_!++~!t1-?ZwqhYpoA0u?36qX^;Xn*{Nli~jTUESa$
zJ<TL6f~UVrB`2h|3N?pCZ91BnaF^;(&hvl$GZ2U#LSvr%9oc@qp4M1+F%I>ow74l}
z>6K|QC)rv9s?xWeVi-vXm!`f%QJs@1PDmIkM5@2<9e<Eu`fu2fzrYoF=GfZsp0tfh
zu#9}%hhS)#_i()MDQB*|eV_Kw=cfymIgw6uB_62t4`b^-;O|PxUGTwviGxDqQCD&V
zS3ofo;+1jrfA}LoX|I88qOg|kG*$p5EMf*}=xW|M`-21X>Q74<{`y*&H~bH<2F5&T
znlaA_&Lj(jA-<83Tr6J9c4o@#R|&I=)dGYl+i5<eN6z=Xm1^FY3&7Yv{m>s+Pf0M}
zMkRwqbv&^_N}R9YuGIMkqdE6Rs*eA~3jg^Bh&zFh=K0>3w6ULf#1*q65XwM!{@9O5
z!22X3m*Ae6@Bwuw!+$6^|F!Pm6|-o60-sVMGBKnqyl}AjFBSmUXcce5&M8UPIWhZ!
zJX&lVq6W?XpMDD|huIHGzGYxnF%I79mJ1~^64lVGqiL34ym&I2NI#HmQFzZ4lLvlI
zHkaXlf(MDwV;(J6M8h^Kllmwl3+w#j=E;Lk{#@~<qI@QtC|5n^g0%S0Yot$xS!8gy
z1_Pb|h@UHXmnuye0)<)_E)+O{NGo`=wEx4KB{Ym>ezMHxa0??^I=MzCdokGtq&EHG
z{qJWvffY74W^(;cR`?EMg=ttzPO96P)T6($&K(Ugkd~#>-tznb1JB}o_WSYvyGz8p
zX3O2*UksVa@<dLK(qBC8*}1R(0}BXR`&-cBJAoY+ILUYAziPGr?V|&#%y&HC3rQFP
z-=_Fo927S&rP90?;H>_aum9&iPZOz!1&)lrN>8$~p!BpO5cDtOBf}V<!!o@jFg_)A
z2AqG~Nf-Moiw^TDsUo$R6bw`~ab0jywXEg%IH|srqw_zWfp`8;%KyuUGQ#dYT#~=o
zi^_}VF8Ia&b{{>(i@`B6Tk|_1&HnxQM1a&hKCk4Eau)avhSV(O|KY3RrT+FUX^lsD
zl}8Y)rSBa#$j`mVYm8I);HR>B^kJQT@BiaiFv}t0jgL8=7?sCPqiHXK`5l4C->W)=
zS=BX%r7cUas(MNc7`WnpeA0g(pIHws_Kn-^32+S$716l10@k!Ex$a_3fnF&1(6;}}
zHN`ZfR>lF0`~K=EEV6ac$s6~2_W7YBVvboKr}dK#3NW?1A4K}w2><E9Xuw)t^tP%E
zDpUB{2cHJMwZHx?l>hvZz=oER1U^%GRB8QOFH{{%%X*ZjSmz(mP=LE1{DmIE-m4-*
z9%6UlLWN`GWWj5CGRTQ!XxoX{UMPpm5rZY08+l$kA~vp9E7^L!^ddai#0)0lAr=4a
zDShW3ycXfBhU<d!#(-6UjVSGH8MQvr{q}X9^Z%Ea$ybcPkwC{M&z2E`MHC?+{)OGG
z-*|)Kl33k;$Q*#r8N}-Qd7KcO7Nz6Lz?oWZ-Q>p{2N|;GXAO7N-`-Zg`9}Lca;C0d
z{{1W9%;^alG%o4sj++;+y|H=c9O;yC1>@<Ta+m&Je~p|0{`5^3{8f$91!JlJh<VLP
zjduU#2}QK={n4*(sQ)8l>MC}NF7JhFwKQYs`J*M!o@44aNNeugyfmNxW$!`Em>6`S
zJM15Vm3O|sLr`F5dwHVZ)vPaQRT<{zuU1+1e}6TPTirq)%xZpb!9z)0#ENP(=Mj|F
z-y*30MXU%mW6SwTuNI-(SSeU5(Z|lp`qu6Of+dpi<szOvzhVC$;#o{jpwv~ml90Kv
z%m|Ee6<{1Ul^Qd!uKyN#mdw-s+HZz@)T}Vg$0Q^xUAIlz2>jCi4!e^S{VP_6%j@oM
zj7k@cp2^BlUT+i0ias}BWgzqgqWR~4kLEv7ehcH7d}385b9wK0tGRHi>6oYZU{$>p
zyP&0pf2a4f01RxbZ`N-;+iKjmZpF^~&2Ro!v@TMC-J;3+%N=twX#`zOx?m4(5aLu_
z>=_{7>`!H!>O65+e1^GFQCYu$72hju2C|uZOYwRIfNw8I(sAwlZn7vv10DvHLJQb*
zP)|WyVtL(S6v1WgGLT#x1r_%q(1cUG6Q4)U+@uclV^jgj#c2`=nzZxAz&}=)JxkTD
zwa><&5}u_N*xLbQc`D$xJnwcc(nWtrWCkVk@tBnl;Zp!&KMFk^)EUj!(Naj~&}n8K
zAe!>G>`>!Z><YsWPeubFb<nG`w%-Ux0Yv2!=yZpUew0zc=yvAe5Xg=K>59CLL#3`Z
zy9<cu`Kz9XhZN^)@$<rsw+EKFOiy6ocdtcSFASyA1x+OQD`OH&d=K;J`FEEzqLS*i
znmmSc79O0hfgv5pL@WEZ!K}u=s{R7vw)tkmcM6pg@n*nqOi6J4LO86P^xiw-UqScl
z3fn;qNp?)DM64FfmIYEAdF2@ocn>n3)UOwm7AU5UK<L#NSk_+7G`N|c90)|cDqNn+
zd#b*ESe9092fF0~HJdyG+;{rMM**v*&|fRF1#};mIK!-XRnVC1w{^|j(HDg-XKkZ-
zLtY7ChME(kzH`h3<ySPId=&vXV0yKB)Z5tp5?yrk^2uBG-NF3WeiEQ&_+QVsj5;!q
z#r#=4dvVJQ=;n_eH)S}!eedIW<mBs#angqjFr}M^#j_D26Bgqsd=4W)B;OjprBokp
z)|UViELWA033fl2lQHj(VPx#tO=dGPzK1z%R5`FjLF(q%W%YZH+M7R<6J{_3Adsqj
z?gbb-!80;R90tW>niW)elzJ)IIf@Esc?H84)eZo<kcURiDvf@6%6X_7U_cV7nD|Je
z5!u~CKEL#{o4MpE7#q#Mp3a!Xgcnmik<-XO=TGLOA{QEo5&4vx*s#RThIsz+J=$;H
zlGjkY{vK0#Ey_G0QW*tXsARLw!t<wj`EB(HTg_VgSPBNBqVH7zI8{(Sa3_Oj)-&YF
zcK)>)?_(<`u%$loOa89RT!cg*G&7f@>8umwNp-r2UD0$P7g!*Xp`CRGyiea-%8Q%*
zA6UMaX%LYBoX(i7BOzZTU?P2>Y(CSpoq73&aQD^bvUy=q)icl#@SNKsj^Gv`lH^G2
zutMfQ3Fi6bKT{0eB|Wywa$n8FRiS|M>U8%?U`!Qcd_c+Yj;)A#k*KFcKw1NkvROYp
zK2y1C{XN4$EtyBle5WU5)M*@D-cqZIn}q|+_n1~OcHM=EgOSBJ&th~^xe_SdB0w1&
zF8`9bayf$A9QlpNqL93V4%r#rOBp517xYqjnP@P|3+O0DD;0vyOv<U*9WYRsr^uI`
zZU$TIA}Wm6P14CvC7r{UHEK%XT5AsGI!b0>U7b~}G#}MO)WNN#GT7;t#PdOlnejba
zcPdcc%foQ>x=;YZqzXOx%#^!cep8)IG5;0~M9OnpQnLD%*AaED^Q@Okv^IACR>KY$
z$<)eYt)7wvrE&vv&LT<Bb}jHg_+>(-g1b`sscOM|@NaI#zYH357GZ1fcIJGzh-Fv_
zLBKh2m3-)8kF#O+I55p<-q}45(D!8FHKt*bV<`*jBBNh?-;B6VUR}owCje?){3D&J
z_ue>d-or*(&^3%H0}1L#%5VDL*wg`}>X}>|3&)uN7(W55C>N)_Q3F*C4UH_Svx5$j
z^)Hv}3ub-v47i}fhl%9r6)Wjb39HXvk8(b(4X3MuLVh|!4~!&paZq|+)nl_Zx0K=T
z@>}VMrj~dj7-)ggJ$_!C4**zsK!MD-q?4(#?|H^a^O=`f#WxivF;5wwFr+jP&ppxs
z@%d!kbl9%iRiLBIv(Qb(kh>6b?aQco1gCLv^O<+RDZ@OVGmgqy^?htMpKWTa1G{wu
z=(<|?_mI*XxNOf4fLUX`_~Ix1|B<4|dyeh*iOO(T^rAa{UR=ZHiZ00Tg1}HYJDZ?v
zPEzy2g^18#4lHH;OOKYolnIuR86fzmo9n$5NT2{}o077<F?508+ldoUqn;5`ohq;+
z$DYko*{uy_ONnd)eM;J>5PUdjrx6E-o7ZUR0*X%8pAe&SJ3$#%tgh=OY0-Bm7tiow
zi_7%82%>)0yFdZXQ(#t}BU_Q)bd1v40~Egk(0Kxr>GQ^Pg1(o&V}wd~TQ=JRlr{6B
zVm9++tE$0M5qMr#G(FXDY1bMM2eBOL!g2xS`CY$#rakZw1wg}F0#nh5UB8P3j)K?H
zG%!kWH@dxzi5^4Xw>v6O+bivLZ)yl!0S=;)ZbNUfOv|dWl7A(|mkx26XsQGVN;#EG
z%EG+Sio;21O9Oy8l$M$1zTPEkwh;sbn027#0!a+bnwg^5-C&e5b5O);rXj$5s;1N}
zoL#3*q7ihjt%H<hRdS5Ip697Gm=xlKbOtH|J;Lvr;{>5Og{h+QI-qYQ98`4o)B?dQ
zVJ-#h(F@k$tprjaQB(-jQA|-w5qhF)l9W21K-au>yh_ea=##~LXNh5F&`<b`kO!Sy
zkX_{4d2$zm6GXQiMZ2_<5kEF_gos}>8!_cX>wop7JH}|*5A8cWG8v?xBwK$J-$iW_
zXxSdCr|5h*b4sDbr7r$f+w>Y3x+LENjn{^#Xq;|RAmv3*RrCu8Z%F#Qu#1)HxKJnk
z>+WMm6N#u3t@3idxC%IaSMGNXjl8H4AVok_yPRpNC%IVf-Hf$#iass`?Qp#n+bGys
zcAD#au!IMY%*pBB^r@N@W$(?sf`OV*xC(xfsJS~AqoVlqmGLNfYs@O>)LIcpRaXT4
zf1ygoB){ka0pUdjbZQnx;lJS6<2URij@I_?0R6uzd+VcehLoH?BZQCgIPl@w$&a_8
zQkOpioLsQuOgKvmP-`aC#4GI#c?1LbdNXX^S4>VDKP;G7$JC$nUIG+;3rx`k6j^8s
z%!Z9MAJ%o_F)StWzx+bO$~7&EKG|VEdXxT?T>h2^mJo?@_YRX<p1O?zxA`K2S{6>R
zkx>sA5f2;F>}$@IO$v%OLA$LGa@^{OGFj}L3w9_@1^u@G_4e!)^6{R-2@$J^kL0nP
z_hTa`pJUi;1?Y^pZzvxtBFt2`)8DMk<A`vN<UjfKO@)@*4!lp0`&>X`@Xnoa`J`$v
zsNaj%B6(m%z#nkP(Xp$Dw?u|h0wXE1KYaNTAmzvvjbQ9uEG@|L{&kyf63#*3nA9`n
zIR=2#YbhgNPv8qA$yn%3^1de?XeHj_kEHB6bc*D+DmF#1=fnfAaVGt`hu6H4R^OYb
zinXMA_@ADb7#C}zn92}la*+W`iUjvl5b}Dc=!U$tue$$s_agiZ0?8&q)fcbjL2yw5
zE{L~7*39q$Ipc$_r8nK+5txtFtsG5iB9*W`ZazZ~n682Lda>X?V<@2jD@iL1CE{Bo
zcKR+l9s1|zgXx%Gz@Jg+C6%!gOk^>x@TM*TPZL54iO}@|jI1|f;ksGyJc|?7cX3Jn
zfU+e6S`9{x^-h0a84a?;o!nE^XwsJNj58%%3aqqgUn3t1rceh46UI|+s%G<|FmCLv
zwXwXPTp~bcRq=3pByJ>q-k<ScCc$&l2f|S8mbosy6d;YwhM7Nh-fSpz=Ct*@v<o0S
zm=KZkcwW3puUVz92~SA!U@c%+5jt!-^{xt@!11AR^@<ippXa1mZgLGEjA=q0&W@hs
ziM4!uqr%F%)Dx(e^W2;lZ%vE`YpKc#mhYXLW}KG)Y#GeQn^pw0Y5FG|Q*aKEw)*UV
ztz(KpK!MPAlleqhY%uBE#<<>@Qu5NN#__CGCeLJEaWF<=d6aXY_u=t8m3z7uYH&Fg
zZW=akOsDAoB`wi5k-gQYgz^MWw#^g3bN0D+zG~StW&_Hr+eGE^0ZrxTbFIXM%17$n
zv<^!)1#ThB!NO;UE0Fb^Wa~%5xs9O{C^=*{83Vlog_K;JXQ7u)iOplzo$MD^61noV
z#b0#qauz>Gg(yb#le0BC=23L=KE;H_ceWy^GKH~>C|T$KmZR`}Op0lyesXqEXbkDH
zxZT|ycPo1QK>6Au!_JGOw<spcqA|khirzXxUx_I}uRuq65LJVJij5V3_WEhO*V*Vs
z_uC)1TNJr;NE`;UQjdWYZ=wMQ)T^5jJp$NNHsMBg=y%Lg30{W_<Gf|*j=%z=QTa95
z8n3;<fIzQbgZdzlb;>(JAqo{Nc^~GeNQd4ime`T;V^xk@01B&07N4gzWZpdHOHB}K
z+#AyhWmoAMFM@s5eEb3Dt|kp@$WKabTW>Kr4f%rbk)+o%_Zkn}J;5*2Qe6TTBZje<
zG@luq0?D2@DKd={iXMkC0!r<Nt$1>@)+2e$q|2zbz_Npe*p*7Wn5BiJMcbdgKI3Mm
z`dM3zE`F!P#@6;xF&&^$AU}N#H^ISW%C7!2ueyx+l7IoQ8PPX?76Q^kg2`$Kds80J
zjAFlg=nQlEzN28Xz@-0g<cRLkqo-;Xh~=MC4!Fq+pj|s3pKMds^W%f0ua|MJjX)^5
zd78373;AR#HQi0*oOtaiU2@*E^Yrv*fHtgZqG-N_m?VO-xb#$<b6K9P0~M&zqYqg=
zg+S)`#kIbMZJ#rjn$w5o5C@i>9<P0chsUDFv5FZ$33??TfHsqn7!c?Elz2BeF#(~0
zbo=i7I)%y+_U6+9sfb&N-@W%ai$8{H<8%W6P|#_{hB9Nfe@Vs9#<91RYT`w{n}^D%
z{?c=p`(GCvVri_2PgK}z&A&6c{=YJ*4f7%|QsnlS@{|K3XL7^&&E_z{Ap9wPiZUCQ
zZkb`QuH|O3X&GLaWI|mz3imK{Op}6;UjPtCv<X~n#^|1n^NLMgy4<grg1XNT*P1wV
z+xq}o5qW%7WpiVqJWOUyf)?)lF$`379~yJD<*oumNbgN8<r8pWG-F-y#m@}Yd7G+u
z<0`eQBF@+Fk3t~Y9l;ETlmUdG75T~gJ6?`N21rd$8IPQ11abo8iQfgjp1sHfSk$A2
z2Uv}Sm1THD8+Q8Z8Aw!Ri6NZ?lyS!elwb2r-QGnkfrgTigHoj&Sp9yf?8%HAnAzi)
z3`AFV$vnHW1sD>nH(2*q1fABeFBk|LwK#!LxBDCr!dbPYU2i$q9TySvQLk&V`Q9Rh
zezm_U0^C$ggQSo^L@RH3Al<}&Om_mbHA*V8=d?G{Ao6wUr)~wdf;(NcRJrp^15v{R
zDN~lo<$E_U`ra{Kilo6JM`ilo!uYlapn55`1H=`2Y`$fEZfQK1gl8UI+T<RiSbg{Q
z7r5qHC?4KakNQr=aF$c#_37Z$qvS^n42Up``TX2d%yyWrGs`TidUua*0ztF0)e=Au
zwtUb5QFmn3&o#KH82mdYF5*P@(`A~*6ml^n2d8ucLvk6hadAHA+t+ChfB%2pn6y6B
zZRb55=1#B#%3Jx;l|R1{a9fOU3Dam*nrBZ|+iXcvA#}F4S9ycJ9KNNpR-M26Z2j@!
zVl=4+C;q!e|HL63$HBJt#ma;NVMK+Bf{?DRhk*A<b0uUbha4MLmGQ!V4)7`)Q)x?W
za^-lE5w!ff-^JB@5OSJW#zjI*mUsW~HN*lbMp-ZMKwaZr^guGNQW(TX+MaAAA1<#R
zlI#bXkkt6M-hEcE0vDecRJp)(>`3b|IRlWvl_sd!A7R5CGmXC_PG+1NP0)NWFW2WV
zMNuc41R5aV-YF(gA+P{kNW*N6-jn|H^~YMi_63hNYPOp7^n2|AGRK|A`A(^|-CRKY
zYOTFW<)=^b$JKZA6>$;qav2+5PiW|>ZECiUWXB#i@C36P;1@nGQf)R@Fk&~nr5@E!
z#^B*LWYy+aoA6MHyp;<xpq*Vc?JS^HIQA!bRFJYBb`R2{bxgG+GU)Q(5)Xf1jmBK0
z7QrQL)bY!A%k%%7mvo+qDe7}Ur-|^X9Jf&~gPcK3f`xNH`0Z+5&6@cTd(a4#ceKaL
z;mvL_UTjqsvnGj*R%9A?j0=+YdsUJqzt)a{AT%p@Sat96?t#Hrw+SXI7@%zM%(xm<
zzG~Z_q+i=!ZeV4g@aZC>lh2D$y0_uTrf&zLN08Z2PdEXrGL=`?;?7e>iJ1ELvsnOs
z%Hwz0{Pet7Gn=j1(iD6f5LNNC@blRrDi=mDom7kp1wq9+M9(l%b9_b?B{{Opc3@+n
zkBPo7$H8t!kARd!Q{m&vy)mmjhlVuo@DkN;fkcIofX&v^mvaC8e8>U7b`76F)c}zo
zQ#Q8`GlhuV?y%CNmT8^1!UOvh?A-XBZf-_In+ia7^dRPLH$k?-0U_sRu`~GG3-K<q
zX;bOj+hp2`6p)6t;Kl#exXARRSsQDq{5bu?WR(S+nlf1Swm@Qgtl<uJ_k8jM=OKbY
zksw-+!%u(QEtpaPtx{=Y#c`HOZAcvo@u}a6z>V5*_>Ux71{3M;!n%O3{RgSAJ>0Iz
zz%m}zw_Wgp$0KHBAW!D&im8VDKla`-EUUC_164%9KtTnhG3agqX(W{nY3c5eMx;SN
z>F%yax<Lh`yIZ<L;GtvR3!HSm{m#3;@8>=ae=sx5a;-bAJkRrzgtJ|6{^v)awEFIv
zi{;2npkZ$sP1<T&#O!K!vX?=3k_X-MDEf~9w?q>h0XQz&!%n`s`A1T-<Lt-rmqk>h
z04n4ax_|d2`f<vrcDPDW;NnMOb`Wvihayh*^Sx;V#m~gU9acG;;!#(eqS^`Zwwk?#
z1h<OJy4y!wmZUoS4d`#<&Bn}0GF0A-_dhx5bXk|SoR_(uLmWOOpYRN*7R}5&WvyL#
z#TZFbmN2GU5H5gN{D{;P#88-_L)2=g)p2#IT?7KvAH271fKG;=z$y@ysa{1dNqR}a
zI|wRA4+sWW#;uYu48jY;ErGU@_YVguodT7I3JJI=kf}>okIB1}XCv&GW=^F4%+;cc
zE#>{J*?i=QfARgu<Q1Sy2bJ}5Gbh@fC{^tj77<hug*VXs6%pc^CHAv~{FBw9Y}7hy
z?L#iPEh?IQ_#naQBBcHa2>}_oc)~FVh_lbx>nxmSj`^V2rR`BR>jtzzCijUkEMrws
z3B0yk4z}oX;k&8b?+ih>tA{YhzJUwlr%*&}Nb(OO^DcpVVBV%{K1TK>N{qKc4q^DX
z093mOAs|Nx+wwqecCoTxHkgfoO;DEf(g^8Ctz(ZcNp!|=p_+_z+KUo#L&JOQ8KC;}
zK&=k2yu;_be#RpiYDHLD-Hs*g59LW;kGrb5ZUKc|4Mg`xq|gj$DRkL~VvHXEJzj~T
z-VSN&V=%HzG(-nyaQIPxez^?!>)Hp<#|{}yZRI?CoE?|u3o3}(j%=l-wYfG2X1=?r
z$`q1tsgwMHp48U9y^+pMP<_j-Z}EsI69eK9SOrUvaWg*!N2h3GwOh5jrWD+Y`}fnh
z55T|b2@{&=C;nuZY1x65;sMIh;QRWt?I}+|?YicOhxc!WOcvM(2&MxJnXH{m7xRT7
zvpF|pc+HR@Q$VcMjkVSp7zZ`lsq4nYKwMmf<3~Ls9Q<W+qzj;M-J`=@dh2DvGn3V)
z{m!Gt{Sb@VevdPacRcboSo_plTuY!Ymeg(sW^^Ni#?PW8=h^YiqB-v{MfL;D+*D9n
zG%nE)u!SnEv24Y~gzLK2a3=Yz(2++TnAcF)<ZlL)GJ3_qw7Nf`_trhqI|UquKI2l^
zW8~&mLsJkpce1S*Q6WwUa5c)W*r*s`e(bH;ae;t?V34}PMg1yY6D9{qE+vgQ-V9mk
z%S`_EzPtsf$Q*0}t1m?oV;i(wBuXN^08$2R#?<F-gSX>8O%MT6w9fLyYJ-kK-*e1R
zmsi^1E4o}j<>I&;IV76JRGsldYK+}B=Li4mps7b95!M7!nHSb8HlJ8&qFPOBIR;m^
z|AuSewkEj%GnJDfw$MKXjTD(ZI^Lu6^dSKoDq2f2as0t4&d#~u6xXnk5qTbMxO}EW
zO=qw>0dml!bd^!$L!2Sfsg;{wZ}vkP>;(ZhEMn12v7uQHX2h+)un~dHRiaH0=oLBl
zJe1hYC;(w*4;u1OLs$0EVzNVoZnECJJ2>_}`P1KHgV%st=*D=m%P6U_HR61Y#b`(Z
zrEjDOUOZ{neJPf93ctVF;mz7g=||y>MwfyoI}{S@{n@1;BdLBde0Df!EH+u0^yR2u
z{w%u>v-uUk(#q7;GBF}pNq>MZe5$)GkA!FS!6%YVv*PZ<a!eyvXu3xqh&ijI(Mz1K
zrut(Wr=8%d>1?%l$=%_!t*wB90p&=sSI;bFA8^Q<C=2tko_mBij=*k&-RhU4#Ny7c
zs&{%;Z#acq(XZ805PemomngEUAFHo?FsDT>bZ7}GJQR_lL}S*2wV~;F@gfP7#N!Q!
zrS8D63>Wp|ZvK5|n11dI1m*d?-EQFQ)#V6XjDB~J^ZREVT#)Y4ohXUf#h*^?i#!0W
z97gMUw7FAXP*>8Z**@OxWU-5L+EuUy^1CuEG-#1MK=D${px&F}{XmRftPksomh|`|
zWY)P5X8~k7-40x9P+Ezq_-Uz@5L+zrz!X#ip!~R;nI6Yz4ILp;F(}Zomnj|1b7MQ%
zVQ8D;*c;2u6|9<xr5|l)Hq40+$IONg!t?_c+G3OO<95`DMzZg+*^H^e*BpH9N}{~2
zUHA*-7~>csE5l}icTb9Bv)!~yqc;Bn+EIhD<h7Oy<9(n{lN~=}*vGz6WsF#?S}Dc>
zw<-pqeJ0aL>X+Qou@q2;T#cnyiWIB>;&-clME;<kLu{_f2<v>BJjUAy$mj_m1u&S7
zsh$y(AYUf{nWt`1F3|?yE+nbis;6xg1wtj>I9Q8EyUp-;1zr-9$sH!ik}g&~$lU`L
zD=(lAT=m>8(AHLLJ=W3Ws5kLTZ=f^}-m$fv3k_fEjj}v6pYxLTK*+s<Wtnu9W(p*S
zUGJu&+nx#mme$$fk`+!)ZOtKIAQyjj_NMDJL2sb`n?C|=kPG-9XqS$-6u1`@q~36~
zD6S^adkVz>24HL^Xjw-(4#sD5AH-N*GYAeIf3dgF84m+6WLY@S_QfWMM#42q7{DJH
zk2ncIYz9U7a(mEo!BX=EvoV<c1`0la+9*sPrBM8?&`Amo!@Ni_5N(Kf2KH4}Tz{=_
zZ_+{BP?3qgh8twzF0x>Vv!yCy7k}BKFM$a|rflKd<-)<l%Q|cE6}z6r{fZ|z^Po_X
zMc77*G6jYbOE5xStcXX|y8o5tz#*8O-2L^7*Q&IR3z!qow;|0T+m1cQ3nc~13mfU*
zp6uAKgzBNpSN8#OSXk3u-5oCMhm!!A9qcVyIwPMzsqMX41f(?5p4tU;#vD`~?#~4F
z6G!*S8;_c3zK|cxt4?H%2NNVZx4^8Kk(hff_4Iezdx?V^0xc?S)`|>0$BWLUQTj)?
z&SVBvTw*cgoK1RK;^D;-7HtvPaOEOb#p**6qLC2_IY$_jh2@yqUgzM+bmWGE>a|_B
z4#l?U$zk+jMTzjfv1*ND`QZXrBUbi<E%negpS$%^-vF{2j?}#!(sl>P(Rr05bPIQe
zGPT($CE%W?V=`T^Nqu|Ov57t+C%g4>-C~=KN5=To9?M;c$s>SN-OftK1%#8m>yfSz
zTa3qB&9uxsIRRu@->-U=w@lTROY1hL<TGBfjQ8>9D#G0c<Y;6cA%`2XTF$?ag{g8F
ze|038AyB>x=A!$Jh+97=_-<pj`qv&gYKF;gxCQBis`X{iR?`5t_-SoXQHB5Yk(=j<
zegB7Z`$2JTKP<d%;}sEn^8?LA6sbr101*yHI0;lF>`DmYR-lLYcmSN-fxaac#V8CK
z4b|w=^r`n;8@m$g-oxf^U<KdiU*vGypYyr81-u9nUf)X;+^4kN&>WwP$_;8vJ(5Sm
z0Po`K3B{SrO{XVF4_vb%eDK+Kv5#al)ZD*md@BRedWja({JybTy+dR{GTto$3Ce)0
z_E^RQWDy?pL3j8GK{ALJ$|$8xeK%3Ff{=F^WamXvce}}V5i=)*g-MpGzh4)rp0QFw
zbN9_$>FGHjRse#1MJ4+R_IYDZw3)jr!tP}A+nU@AAu|8q4618>fx6vI7~4~MpFs0&
znQL!cUO0PPG~Ps6yH2<Thj9@X_NvghKPz;ApG%C%WGsc(G3&~YIVw#aXG7HA^WzI}
zQvGiTV+cj$83?MhU8f~aUT?8cm)<ymiue-67jTi-jYAT#Dm9wdrW!9qcQ;(*5=@%D
z!rxxLBC|c;P7xu1Uf2u5J?5GRr4#ms#ahjGjcqDSJ=pj)jha3@6rd1szkauVVHWT%
z3&cox*J_-OurC)Qe_HzlCS}2+1{`Z-4R4I{v`MsTRJ((zF%mCho_2G_4wd%$T<<#C
z;dQVu(<c?J%q!Q)!LVXv;DxK#d1e6)G(9VOBk10LM1`F3H`}I%URi(~Q;)0$73e_r
zs~<16%A(&R1I(E7NKc)ZK=LsA!*?CphmR+~fR${BH~&%uCi!O4I=p)V-jgy4xcgxi
zT4GNj1`~D>JN8tTN=X};X*E17>Vm<f2AlYn1=3E%(Kjrzr6#fbRjc0fpjT8_%)F9w
z<HrOKXb;N7b2egGc33ZmC>4IFAQn4bQQ)$e)ywrzo@|v;r%-l&1y7!@<aGkm9hSjh
zBsoao$%F9`A;)^zOi_vPmU6iW$H6RP^7Cp?Zp{SxNHP&u+;*~!M{Sl@3y~rYL7tj*
zbi(UV(&Xp>K3V_aq1fSwiOkd(n6M<rpwlLVTt^Y3{N{s+a_UTo@<6<zrsL*!p5|`*
zTLY3D_B-_0ll1GWgkhXOLqaKejw<H*?*NI57WcHkA6ON8cW=)E<PgyvF2;}<o7S%L
z_Kqwh*z2EF4A7J+T+c-zR#QK(m;d|C{dSf~#x%~}x%|#G-~_W$_&b*r{azs=<$Wg^
z2fb3*OC4s3f>%_|p+LFc&0Ve_d+gIpLv8wwKh$DnfnZ3+6@ca4SF=n*D|v_OS!PhC
z4twtEV3w>Xlkvz4CZnM)WPYGyqF2P#aNlB5T8u6&Uq0tmrW5X&v`_ggEgvK=wcU-g
zvaqlCSPN?Fk?RwsXQ|C64CIb3R>AuLphau`5*qg*3J709BmGi1xtx<u!d6o6spmy}
z!${1GXxM$=u%I%kd=#3cOt(j6{IQ_nO-TeoIJ5SR;ehNHbE)i;0JZm686$WMJgf=;
zG+08^f>)MW=KhWo$O2gWb9_8-kf4i7^AwN*vTnZ_fxz#CHRtI82lXGA<_oBO^O(T<
z2l``of!$&Uiq+recUzehTTfQNW>p#-?vMm$PnUTk&l)Np@YsL^Qub(ft+>+rytBJP
za`Qsu^*5vfKwv2ShN>r%P-VIG3`Lt2Km?1cS$_KH3s{-Y-(h7DZMov{n*Ge9Muu&i
zpf2m*oX+YA+P#ti*&wcX?t^~6TWmL(2QPz9>u<9cC7vU@SDRem8v$e)AnVYvrWmh4
z7@LphQMq;Pe+w8pN7nJqf$#z%1N`q1{PumXw<`V*U~Ed*E%a|U6P0h3qMc8~lCV9;
zZ-xC8zxAKl7&Qpm90pzB)0BRa6BI8>VE^C937r!np$XunSbn|~I@BJ?82NAEet?Zr
zOsl}FFf7%dEN@CBP7ReA{M2zT2oI>FwC8}h!at#R{}mTQ+;yu0?f(YYSk*CWeL=Z|
z6<P7ny?=a;xV(gL^&HP@AopKF2{maXFoFl~qLO0P8DGE$?*l#puyWeK%4IoAfp`(n
zDDQ5n-kKTV`Un2XTkds4&I4QZb&nL%FXt$GdXQA!x}0?GaUp!|br#=>)PTQSHA0Di
zmC)3Gn6G+_#+?v@(;DRIj}2pbp2J}0?`dJe-HdV`0uBEpZRiU6_5ICs|Jl7u$U+eE
znao6^445nkV#(1+!xvqkYEesZ0^UWnNb~&2Qe*y0P&tSa&OtQ?crSjECrrQt24f%B
z>VlKt?7(+{?S=}cf7qbkendrw_z>r|usns|kd%fFy9J>f?43-`Pu7BO1hnEeg#XyO
zU!QXE?1OVw1fU)aB?5j2+Hd?0Kk)y<Ls{?mfVaV~00`hea0q|@QR32Xh-a+}HDAT-
zv&2N@w~~UP(69QQhnY73M*cVQ(tmuF7pf}~awUBcRo}cUoRRKbfUw^}YLeCqO&gKC
zgYlCS64-xDqW-c_{Le4w8Cz^w`w{^Lwvy19yNqlL%t788&Q)W;r>JxZ`G1?k3?S9#
zm^7mU35=A8s@uA+CCSg9Ap<dyDbj9iWB}&DAcM%y`NY3%&7U{Sl@@}z1LlEnY{5l2
zW%1mEaQ|CC`v1>7`14u&|CtB>m&}7dAJjkH9alh(`;}@CGkN*>g+cld1#ThGUOCGL
z#{7&UiT|JM)6Zvn0|wLu0f?XDB3$|(c@Y2UZ2<OObBnF^iciml6W{<&Gn!NWv;!h!
zz}<uXY_0$HEJ6{;JOMB4k%K`V9!dqMu_4LtFBl@+<-ntN{pmVRi@a{l9r;#l_z&}@
zFS$NL+n=5Bup`gZpu50DTA$I`shFewM#F%5HB*Dis(gRgIzZG!C2fSa^!&pt@l#|%
zi4K2l;W`2T!Kg=+V2OaeGkN{fH=QEiS4;o|*AvM{=;xNF4A~Z8?vv^*75LqMuw2~z
zKZ}J}D05j{%z6(mtkvTSxAd1!{1?1d5J`#imFt?Oia_C1^iNXjjq`BI_`fB!0!O77
zK?#w`mH`trj3hkcAT_mtHsG9)0kV~IUzMfsm*@bbp|p8pi<swM@n_?j@ZgWI*lygL
zOsS+EKsite{sV{fUoapjBvf^`Ds*9-2DztR+<=~O5eFq~o_{sffBV&|p!T|@h=4Gs
zQRaU^J^6ax%PY?L@5A;PhzNsqL4^6=&}tNPx3E#b3pxGd!a$r-f&Q<5iKPA&7bfSg
zQ0@OcQN;0TOPD86tI{a*`1x);=kHcQx@<ZCw6DM@Q&}KoCnM}51tI?c`ZgPA_h8Dh
z_*KL~T7Shx!!5M7%b6tiD4`m2tl8J=fEd7L0H&cBfC0HamaE_p^?O0(r+zO)s=vWo
zfXUz&O)w8mGiZ#pkwd{Y$^t@>9}BjCZn{D>!<#%nwFs1syTeZZ=PVRv29?zqL*}Nz
z=mO*;Y$?u*!+K#<+!f9M4kaOgWA|zCuugO)05idO!%z2T?#Nao$h1dr@`3tY&W(kq
zO*F24)D^F+mwFoR9|C00tE5d)8oaFCF-vjFW1z5`0p<Y{cjN<zmJ9(@a+f2xTl6cJ
z6cx|49h*r`r4lcv!B5eRnD15g+y~I`PUY-bNtE=uAZS6<s(wB`)@8aE7d_5|^ODqe
zciFRHAXZTO=A<$URLn;5yk8#xG?zS(#bhzAAS3}oR%+Jsk-Cut)}WFg{4$cBNQf?R
z&L_)>+7+PS_GCdVg!aS%{96Afbw0io!<w4`zA81NFYQo~-Jm5`FN&o93m)y<<MhXJ
z57rXoV6*5a&3B%0J0;}OwXo@CeX<@kmRV4F!(bR<YWQ;QYAQjB2!^8a1%DsJ&G6K_
zC{Q~@&$Pv`TjI9yq7?1<!Vf{wT`Y0i3GFh$Guux<wjj?($4`F+f|W&=#lb*}HMs;(
z9G1t*3!!$oFsKb;1352#CcCXVpJxX{te}$8|Mv1iL{iEzD4o#~G|cC|&lp*_OKMs+
z<q4{h$pSASq;v)VZ?Ty=-K<Q=81fju)8fU=2{jTU0-2?*{bH{OO%UzjoMO2^EPA>2
z&ID{A=YYd_uVf6=_C`${uoJf&6!SGFkT%j@#&-t)<n4oTGr@ywfEdX{3<Ip|&O{M~
z^FZiB0OWkbN#Yl_RL)99O|k_7@spW{USENOi5QuHtRn-JW<#SWzrLW$9|H~Dd9OY&
zyS{%|cTXOSr^yas*5jAOWE1G;4CiJg9nAVbLvACR2rIgb5PALqna&rp2L3{~^!@nR
zoFvAm!s*O~cz@Y>g;^<Ud~Zmp@>-kGBc&V12kG(sZ$xYQPs0~70OWElJ3z+gCuI(l
zo&#t>>W0EJec`oVK+dR*ZLI)kX(I;%be*7d!#(jA(x9eTsiKm4LdSM;d!<J_dbg}%
zCV>5}{z!>&HkkKFY6-^2z|wb$DXp!0Yeb%ShpmC{&8^4Xg76B=!zne(L*@>aCR1NM
zmI3mb;Rw_-gY1FsONh!TL+7(x49Zstph%gjSZb2I3=je?87C?A_jlf7^+L^Iy{!?K
z)noOd&OD0VQ=n*?2@OH+2W7JUgfD5!M;qaWh7_s5j%2nFN!S!m24GV6>{airCo#2_
zN?I@Xbw|wxQ>ge|L&45)+8Y%w?p}>zHq5GRQBH<{^-eG2`gL69(~X@ys$NEuAC!G}
zIXjBiISYtl&=vEja)#x`3b#xG6;r0@fvikw7YIZM=4<!&ig%ioP~E$tFMrRtN9Zfq
zT0PE~Pb)jS+PJai-y-LeuVcA@sXsHZ8aG|5pav?fDM~8gFR>W+dt@yNiLkuVz7^@%
zH{&YcvszhvCY?`YIS%S)Ts>NT7m6rxByE+Yq*D2Qq!EM)YE0k=poW0chN7ria<HY~
z0@cwk9o#+%9k(A@7L4qEDn{g8JUW!fhs0#ir>BW8uoYv~<Kxo{YHRV>^jhAm5Zt7{
zdQVI!X4~dA*Rk2-Pr)<S@14e1Gq?sMwH)q0$GCj?x$C8ml9C}*Zwc9wyd8~v-y&RR
zZ+b-9Bq$*#JcMu=0Z~g5F@)#}B9>W<se8uTw*tKPxtNFVqiMh5y&J|O^bEP95|)`%
zu_Pk@reCz^=<I3wk!-)yUiG2u+<o||(}ogpug>1uXgI{2iyYf&UtuC4BDy|x;CTkv
zay`=GOo`yQm^YL;Ub=)iEX>a%b3}Y}6O+2@-BnX*1B0wlI!y=k8Os&QKz{(Ml<thH
z&ahhQVNuABa9AH>eTd9O7Fevm9b=-&>^$R)5eP7DbMr^zZ!jybX9Pam@>b4Py!Q%z
zn}2Sk*s#cYMJ|eoqPt89X1Q#Mp<G=&C&PoooYIx_oW)t|HGISX?-@9EeYIzoV5fE}
z(WdnkOugwO5+){j1N_cM8k>PGj@-thCBcU7@u<^#t+1-q0o74&U*EfXR;K06d!0r4
z(#3p?<{G#_YQ+mUKB7jm)gii*2jqm`?_BPu@jQKhwS@2z!r%X(k|QFZg`B8M^CH?D
z!(sjz7W?B?t3!c1bC{#Y`gx;SaV)gaYMu!>Y6vpimk^;ppE)lVBIP-C4m^80>;hUA
z`iotIT8%4%E>HM}u7+JhBjEA?mX^X8>9(Us009^EihyJ%!55$?9-j(kWHjrIY;Kw@
z`3)k?H_21uGF7VA*|YFOK9>*B(*8)tz#x6&y*heb2LF${1t@|Pow4kVFJ<I7IEV8C
z18vsg(w$EZCBZdMCAzt<+YysUuierGkVr(2HCf?L(+L-*VF_)#6zL?j7IQaZIijha
z-49A~5)tv;83ZsR-vE4aW7|fcQGB(Q;oXU`Od{{qgBgU0GXR&7;Qh*&x7<)j#W0^S
zpVZ(hHP<p_KibJPNsKtSR1n*5*!m5(y-l;XgM&mq<vLsJ!+{?){$Tz&$?&Ifpa(@t
ztaD2qu2EH@a|=*6d4PN*>It=T$WxQCS77tQCse_B*D&tm<m=SI#0`@6_7ypWp8@b5
zr=WuXSGY#2+2N4+KW~)G&6c+Ol!!)y$%noc7Sz2+hJ%Ria_}nG;bV)g>n#A^?qkQD
z?`e_9>mD+AdE8GA@qD{qyS*L0GUzE<8^t#4vN7RAN>4Afd)C2z6W~@j3mC%|A9nX8
zX^ZMdM??rIl{gZg?-!54O5Y$`rNG(P{PBV14j_j1?yild`bnjV_#iKR>;sb1<?Z@~
zYA)kM5!<(+YZ4rLxDOOB_q2AX&eU{*QCk*}yOk(#tH-kk{bZ8dMei@1oZe^|)7hBd
zcqC%`ai3_GZo-Pfa=wj7thAl?7zA_fi=6UYfY->d+?yUK#Gxve_BoDLz3RooJgl}@
z_P{K;TymD)o|1cN4pdV60Eckb&`3};F=`J5Ypb@N>qeI^%&^sFd!aquVWU!<dFuXx
zbh=n~l;6(xKtJTeFB(Q~nw(sYl<roaogN*U&lJzaPCNkD*~5Nkk!*CcyfcnN$+Qz4
zqYsnPRxpj0&3xM3yB<G*U_oZh+&tK-+YwMb-c9P9JpIobwZ$i)6J~QH$zl4Mxfa*z
zodxSd($?tF4_g%<ylaMO2JrYVUq-zI{pm++!!OG^>OW>5<`Psk$PD$mLm=jLTS194
z3Fs}+Ycm9rv9d<W<tab((!CFtK`s$Eqiibpp5fDsO>jEEFD;G(Ej>fP7o}>@N$ab2
zxMS!2SdA57pzy))7M;sgZ4BPzWUobDST|R?BN+TGpS1uwEy`)e%=imzFjEfO&DU5c
zF>y6~@6Cf4r<#^8Ur|O_sc~{x@@FyOUoqf(Dhme+H8d=Pxk`cnDbRiUBMndF;KY2B
zF||WI+YntooxM^n7$EJ0&E@>={W=ix5A-V<hv|8ZIa9v=_I6NEwMZ}jy=_O+)7-su
z)}`)bBoOAxn%FCeS7|m1MQ$B#0trpBK}l{x34|=QTUYQfM_ex<zx~@EZrXdFD0URJ
zHA@Nlx3B4Jx1xsRs;UqD{LQyl5p?b--+YNjXI|h!Wz7VO26MWUT4xN$4_UDp^*$7x
zZPwlK8C;x8QvAep2-=6<LW6izNAP3X8|eTq7`{Tb(76AsajG2e-aU%P#*uG~jB?&5
z!HcHW=30Zb4h{2;C`e65ihL#<dpWkkPRy{F3>eKv48**~YtKYOLPO`+zW*q<{ZT2C
zDMf@e^~`oNdn;pi<_f-p@)-X}xn;T_#o#<>rIJ!$VPVx9Di}6|C*%O4$L0D)@iaVk
z8@-p~HJ}YCfQE)<K@j-T?<?~Jjvd`=o~S|B`L8D_sj1CuE>DO%g2?jis1_6Xyq0UM
zugGwJeh94>9yamV-xmw49k&D;v|b+SzpdB9hosxjpP7ADlnL#>d7J&>?4fQ7d|q{3
zX_sr@Bsn5rwYYDdr9rLP_|0BLdSH~*Y~-~VL7T_m$2quG`Ge;i=xCn>&Xh`x5+i*W
zv}@xCVh-*5v$P`PY#Rd@fu3anBVCC+9cQPxtx0DTQ}ipdIe5IouGMpLhmp+^b38Sd
zt8>MMXJQ}--JTEAX^RnN${Hk8O^zIV$V^eyK?_@IBWqwa2yX?MnoPC5HQC)a8x!q0
znM=-U?+WH8htgSeoep<W1Mt{e_$XrvZQB}bjkh&kE3=F}NL5J{K?g<`ADv7p<hHNS
z3ECqKf~$x!Xc8wH83tpUH-GVYmk?ZZ5NteDvlmQ$TOb}9QbFrwky<|&aI_{`K3zG#
zpP%@^0vR@@a~a33#!KI_%u=ToP#+q!1?tFRFQb`5bu_=d?|y9TpA>iF%fRB9+SwtO
zVwqXul0<N@yfk1;J;&bQV|3i7)z>wGX*j02l{>#~4oU?BhT>gL75HuMFftJ^5PJed
z=aWEi#-d{}*+E)MbRPplX9TuzIY7%~^7LxClA*)#zB%^OO@S=^PG+6a8bs~(S{gt@
zDMHK4Q(2XRiKU@a<fJPNek(B=wg3a(akX`Id;Ms3gDOEoQxK1>>=Yx6getujrjQ&t
zgM)}ml5p72_2Y8g!(Z;%C1k|Qmn(T;vWUMMub6iQLS9Wo?CimWq)OEu>PY9S`5h4o
z0q)i0?wb{yEyNi<uICAVx;LyFtv`^XAm^Eoer;Z8@HXDaim}X1V6w=_$aV&lw&67#
z6u?R)PdE6r3XMfX&~1Inua4XVLB3Lc$0t$RIU%(Gn|@y!Ntr^1Bh@l9G!HK?pyZgY
z)uPW(>2q%;1K?e^J_Wy{hY<kz18rbE00=^7eB}sCybuAxvL8kjl}ruqte|XV>}#YS
zaM^98yvi=G%_IpBn<v$#t`cB?^|v*&6o-0F&lC@;rt7pvHMiH-^N$qFF+{Py!I#Zd
z40S%3!?a&Yb>31cY-B-x`jQ*&m)JYw!S(aXoEz<*KO<i|KSZ}yca!ZWJ{vi+KD|1(
zB2UG>^8S8^o#mP96*(9YC_0?SOoXq2jT(E4cR1YDd`cmgL+Vi!L?qe+MkDJFeH!$6
zEU`^4&NVJGgp$nbaiiPk9*O%t8#jw-Ps(-w2Xs;<XWQ`vJ<|<&#i7<$B$q}@VW^2J
zWPaf^Y66t21`XkhdiPO!d*5`W2nQFXnM{HpKY6%tGUSNabb@l3I#C(EKXz?OThsol
zRhB|_nAUivbO`3n!90K`>N?ruB4mlVAENsro`=a`AVfnyoI3X9(Vorg3Oyz1qW0$Y
z#Ed2(Q)0XIZEItuvv6vaq>fnj$iwO4N;?!&>Tir|-yGaF$ZAU4MELpf@|`WJ;_f>6
zdke(TX%eGTD@XM7_BJ@7>kiyM;`xkrZnChR#Qc-V`fzTt8h$rfUnofZNVNkb0#;`g
z>(Izx|9C6cUHUS*`#@;N>b^Ewn*s)<&$7lGY|r;r?~Rifzeh`|aszRu^}BK){?3=9
z;#l~d-L6L~Yj3lzhnR-P4lI-g-fU=(*b%L-CnmM>2MuPy5c{yj#l*g(=Qqno7X{(x
zj=@;DaD+0K9;O!a;RE5|*4(bx4M@oNzM&4w$GRvw&1)bqmmT2X!e%xSLb`)*<=2Bp
zr{Vq{L1#3SLSDkcqCgh_WLcMETS1;Hio@cZHTvMH_6$?^t@o$xL!WXnnsJ4!ss=D!
zI^)kU#(@d2c)8fuM<ax@2Qt*F;l={eeLSDd&lit?7WduXoFioKQBfg#|NQlD<_uaq
zibk{+N>a?bXQ+ura5+!B^V|Lw5Av1loG1D#R%ev2#XwN{+z%tPZXZAh^(Lyytw3H=
zs-FMg2>kQ%$3nrtQ*J)bTjqsR{?;p;2>^{OD^L(Xz!Gr#0ljyT;a-&x$#Ky8TiQzE
zJmvbmXCJ#e9gSwb`7`PUP_#spmV>XH5IcC4QXRJuw_BlFZO;foUYRTzvX<uNk1Hf+
z00VAB?bq@{-zmb03&>sG$6=R?J6q~a*PpHja#Zd(y()zSBv<FWJU(!#f91#WY3-hi
z>4@^M)3lrNz~sMg#}$d;0457DT4${wT?4szDB2WmLv(29b93{1%?!pR7}{;8K|w)!
z?NNKygEe`%-7W$Gp6~B++N?%Q#8J@H3`Hj;DSsTVe6yA`l%EfR!s;ms-bfs*$8)UY
zhoHXlc)e7OOP<YmJU{WPe$zoCCZN=F7!Q4#Fhi6@-3)xYjLCN<aK-SSj04KKaR~X7
zanM%fQ%D)%Z!yd+rTJ+WVjjKT{cPP*OT$HexG_W*WWT#gmZag=w9df5umtoq(t)G!
z@kOr;J>3egMZMVx08C+xK;1<?Qh<$#37$4(vHTslkERn$8r3HO_M9%K2pmAHv;N&Y
z5PL`}{c%4;0a3N)nedGs$}Oh@?W`sN3psxF^lm_SH49E?3+U-7kv3Qk=bdd!IfUbQ
zTQ%jv&A|+8l1Hg~%GF$X8MyIEg2XuAP8B{M?*|9^G<0XlZlnWs4Jk0SV_cDqjI?lO
zf1gYSfb@ou)D}?4aP&6fIAm%Z?KC9A8zqwXuiM28lFXA@<-Ul+6{j4sWOdlhxi1S`
z`{Q+gq=u-@K;%>S99;l5!P8CjQUap=ijuLe#rWqd;)u~Il{S9X@f4DEo`F4J_6M1C
z?)C}hy?cN#jTdtA!>bl}0it%vmIhz+UMJg1wIa6|eCN3RAG|)(M2l~JoJrKc-lGjg
z;nnbbz5%7ba^EiD{L?luoo`dspSB6u@RxoP^Dk4XO6)1>ZeOIlw;_Lr7k^qL+wUTi
zF4kAA#KO^EFdQKk_l&IPHqDa&Rk$1&dv1<)z$OxC%RF)n5+;!HV;D?~g$CFIZL%Vp
zHGig%VP<NRAnF$e#&-UrDJgR%NmEmGUa3vF!?w<am)Z@d3TX8y$s2W78*@57PPBPl
z6*2X|!eg@%!VHVW2%(V4AgmvHg{JRZTe=Q+I@;Sv|1r}j2`U6NFyIdvoyTk|U<R^I
z@wy(3wPsW7AwfaYcBGvkbCo-`%reBNU|lQ8-=`q890fjAlAqt*%5rUl$y`OC!lzH*
zj7q7*!msJ<yPI{9Rx?WexSk&y^8O<zRFFS=dix(@s6?U9d0mE~k>k!Xoj4KgG)U<Q
zM&1$v(DA1I?RXPH$NOt3Isy3+Oremt*mzWoKbkoKxW47OgSAqMkjO|PsS|t*jjg2U
zo+m4wgA_nDK5>2AK_XQoREwW%WB&dKC@k=w9dtfF59N1=Nx@N%vE>*aDSoVlt-;(k
zpt*Y=1!yGkQtn_i+8=CbAChy#>JWE?IN2UaFmakX*^RydQ|=|sPOoHu8esiGb|_G>
zy>~NoYHF%4tDm9%kuJbG7uV5`)5GlAwc*QJiuqrOvMjK5OpoB6_@M>bty1xvPAO(C
zjd<GQ0b37x`1#9p$<5onuP&)_I5az?SVhv0m>jf|WhtzVgGi$EWJEx9P_9t@3>3vb
zpfxM<KO@jgjB;uF%tiVA=u6>#>)X*%(@CC`vUL&_JXQ;L&)fdHR@tTuh3@W4j}$8k
zyrViXGFvrGMC9{uk`WL%ku#j>cDgxkyZwXV7rJ{M=<ED$_{m7OW$z_f*w_#cNR-$k
z{dRuQAhRzRqhuCDZ~_D-*6KeNp;O2`5>tbCP0gk^>ns^E<#Ms}ZS6t7WZGNa<)+|0
z%)6q>W=g6ngVGZ7A;Y-+irI3;H*VfcCUAL1{_U`M&Ljpuel7rpvo#cNJAFOUAO>q~
zypn~m<8;@s$mMV;&1xZ5JJq&*g?wYQw3CW_SkExW@`hmzr?z`W+oMy!!)&%}*G#U~
z9p4_Y$Jf1Fs#@(eH?%*pZ4Fo60L<Uo(Q$r$XE6U<n<1GyK0F>Muw1pGS(v-m$O{?X
zx~|8*4A*|9(SN?#lZb5AOVowrHStwah&0MS#tAR^J$mjdwU9Ty1PV4qI`EcD&rmbZ
z>sq%}c@&hdrBvNsRONqs@emv+BWG4V>@P|<+B5ug8^_^Z2;MrvI<NO<;QpvwHa`Rh
z^If^N^G0c#)t&ac%+0sZ%OE@@vbz2cm&C;up<U@2pSlKC#mUiLcMV775~#-q1eBXi
zeZ4PP8i(xclkgt+yWVesSGHgmVWjO<Z9aE;HME>W+%6{{fs2Zr^Ickp?}tmoueaZ=
zbA5MZ??Qc7a0Qib?0KCh%3SMLQ03<H$L4sbpOR{vzQ4bZO5)brDGr4U+uO=rnEw#z
zA1ffskP-;AH_%(gph;>Us4Rv@a~?!=Xz3vK`7hgDDLk0_jvmsW&FyZ%z4r+FBG(>*
zE_Cr!4=nBKc&(b7_0WTN1$EqfZFsQGDzm9akt0IvaHvcGoT-M>=0=gq{<X_<h%&Vg
z$hj_C{aSnkiI^0Ex`t1!{hh(|0_}|_0i-qsX7$_Umb&_Td1shtE$Ik0xxcRp6)$Vn
z&5!$Zmmh^(sbT3xy)eypprg&DJVZ~mcxsF?p`(f1!hG4&cDt#Gba}k8RO}%Ig<lx8
ziU=fYvzLf~aKHm%dUfZRD~Ep$=70ZLf{**6qGooZh4;mLP;9L5$Jh#Fj&jsBE;H`-
zP&fIXhm95$><IRY5V@NbE~z97b#}J<<9(obr4MgsVQ;V}IdUrctd3g7lOPgGUQY(|
zL#Gg+Bu-CDlQJ<`N4e6+O&AYd?6&k?ZkE3nWzSdY26D#585QF>IK0Z+VtDlpx$;Hu
zH!BSC(rDesNOv%-&ThxuP=<DgTj(yxcpn5wm;;E!FGmse3F1#P4NGw30E(>Xc{`Q+
zULk`#TjB3|p|5x4dJ3GJi8D%N!ciw|o1Y7M3Th6td)FvfV*cq2xg%V@sK<cx*|Nou
z8a0G(suOtu8T#9=ibL<H_LySvbbIAl_Z{d6B2qxE_)81Q!qs11@Df5I_a7_&ijVdF
zsg79y^bVU|Pr#{bhkXGbdte>6hy?BXyHM!by`J;jM)=hRxJnQvT%4LA#JMwsOP9{h
z^!y3te-r#&jYX<LZ|MKLFzov3N|HtruZGX~tNdgif$mq|uiI?i!})?iK~8S7TJ7ik
zN}_Mbfv@2enjI;cn@UUF-OKEgF?Ma*6Haf|cO3{E&gue79p1D=ZpRNtj<d2eSg)~L
z#U$6aM<!$Aq-Wy8tJ^v~J+IF<{gm?I4nsWMTPr0#Xb6AxNR)1(D4S|Bn(o;}bL_q=
zwacr1_voE3^%7IpFN8h+41apdy@uLkKlYiW=6HpM3#W-9w@B*I5Fj{z^r`*)?k154
ziT-TGJ01mnx2+vwH;dRT=@}gCptP6gTrmI|CcLcXh4X+e^-_OWd=T~%Nb(~==epL3
z#;d~Dl90^jU%GyTAFd!M1mf&}3*R=Bu+bsal<4?^_wEMtTl4o2YHpWG4Z})~MV5SU
zp{A1^(Fbs;RLc|p0k469ti@sS9Y?JroksyDSXL!AF7a6?5zKIEo#$NgJJ<UytS(mu
zBb%yL%Ki~Vf#X(%UMoW0Wbs#V^Ng#%y_UX27<S#QImI&5u5)SY?8o0%%qT*;4O(F#
zaZQl8>IZp*-3D6N;Xl09C4}bdFAiU8Z1IbvK<@_QQQ-T4)xxpjureO9kO4N0=#$w`
z<=GF^VCACo?z<TDhi!CXab7gXJTG0FqYXj+RW3Zk7~w%kaHxyQ(QUlqlUFo$xhk47
zjD@pI4x}V*A{X3zWbuTNYvTs3cf@@^{C(m71YhckLIxXP$pxk*IMGPoZj&&1+5fQ$
ztT&{Ht>&df=Ksf{{dM>Lct{V?#rF*l^C?JZNQjm4e!M_Vh7g1G67>>0Gbo-*hoO<3
zOS}E^Q@Dws_n;${f5%CGepnN9koVcfL@sCiaRmN{&kzcKYwF1Q=GxqC`#aieAz9hd
z{=Ml@93fYU7(#k;B~mVg!&9$=$Mq!k)+!nwEE)3q{tpj>j;O?Sgqk07V^|@hhHeFy
zmnrR3(wF=8Jv~Lt1TLEIeNWGqhO$3Qjf~^tulw`IIbXWF=})66Ar{V%c_H)be{a*e
zEcC0C@j+<Mz4Jj3{{yZJ9Er(&i<b|;XNan%D<ukDXnu=8|9>i9x=ZoMR_~zq{a+yu
zzkgW5T|~#3)^Zloy_}8Q`9+rpArzABA1)*%q1&aE_4{@B=RE<$+4G$Rw`wDvGB4je
z>T5!b$@51{=S^Tz@y~-(VS%A>reJf^uao^vnC_1?0Jn|kI&{nRCE`R&%nxNWCBou?
z;UI6uxxgGqBqKWFnWUP@C^@I@@L%YcLMQOgkGOcl6j5NCV$|FU;!-IYLLB<`=$|NT
zv5nt&ZgBp~5>eouQ{l0lWCH_KBarf|knkUm3?=+|DWyZPS~Mi`de0&fm3<66FGTO5
zO?o8#FE@!3rKP~jLM4`tv=zT)nwIo`v0Dd>q@6?tx}>e*VO4qjOnevT4Y~*)Gymm9
zh`*+->q!rtnU6ouObc{o<}_0ml)%x~=N0*fh5c>0C4`})?}!bMjLhUL%wn2%=0pbQ
zwa)kU?G{)R-haC&&L}NW1khXf{Ctad&;|S+vE&YJv{exy`Y%X=KMr9ABXst`6FP2b
zySC%EgyvZ^LF$nb(dP$6@4q-G^NqLWtSHca-acB$LE$pQqJr}gfRTdmCsgX+e+(u5
zY1BF-)`vwi*>p(dE51Iw1Nn~JyU_8Nmi+g}V<h7I`YcOMijD@aK(@rnC+H`-JOL3h
zCXe)p!?UQk?xhO-3cUKm($bSaFO|+?M=cgs)lsGT@Zy&ELZ&k5b>vA-$#L8L$Li41
zGVvy~63FGEy_CH7>rHYkLnL;hr8DU(_yJ7B0TXGb3V<a#nKB8U8R|tyV4%iboDo+>
z=*f&dw}S<W=e(L9tDhUI&*GQd3gS^Nywo2r2mLojw9g4KImCU%8(sPO)rOT`1*%($
zxYy>iUi)0oA*PUJMiam}oFYZLasFP8h&ep0*_eFs%6Weym_m28>+t$d*S>H|dso8b
zgeeXe@*+)S=N8!d59joM=+PBwAIyj1*#BzK3|zSfX0Cw?a*Q1UuW1HuCKKPjd4=u7
z)RB*ms_(HCH0R}#EBU#NZ;>mWlNS-6J@=&)t~nr4YC);~)!G+x6RwzF`Te}#YAH6m
znfMrb&HxXvuyW*Y{%|vdFvJ27(NnPO{Ef*4mc9?cHK!2;+D=Bu4q01U>XL3~FN^cl
zxhrM}E?(F|S;!+(gy#Mwg89$i3k*W)H@)O72+tJ9v8U0zqFCm35ff27Jbz;KfB8hP
zg4VeQBDY#Nc6%zxIwjjA@;pY7@gR356Mr79b^PI;{`KAx!HPj$S)f=j&|Zgh@GG8s
z0CbKOuS16=b5-_t|KeJ8x9JeXZDU<Gf4LkIHxUc)S%BMK=uLQ5`mIebMklN)EdD>e
z;1ef0W&PC9z8+DUT&Tdw<b1qerO_fo^FYU!MP@pLhx7%aFZWwE^viPf37`CtDbv4X
zA`N32QPJjI#Vdr76_dEyOFL)>d=nwUV?owfyoeY(rA+#+&4DQY7S62}9$7?}bE_%j
z23F|h<273S6e1Tl6lRH5s?sX7gC5c3exRHpEp=?sN|nw$^u6=j#?gjuwr-qVn%2|u
zviT^(tWY_{;r&27b~&fr;q>`uD_m=%rSdqYRX%78`aMX{n65iS7Hh?Wl0Y9U-e9yO
z7n^B$qM*V<<P-W;i&ilC5TAOMvXc!nWEK%2H-@_hv+g10ElI=UCGq7#aV}XeTzl{C
z5~WfTgZze(44}R!;E&J2_Th89)iGe~H@G`Yc`Wq5nRLQ@Kq7wG7fU352s9&Pqn~3+
zzZrK5w+FK`w^K~A`%=qpJqa$sFKyezl@=rsi^+hdONLD-yS^os$Py#E96TFIwqB?o
zbX;M+R=v|N&(H@(eoxysu+iu!8J{GPe|%Cayv)<*ShBm>08c1hC@r4t%yj{hHgQpm
z`avv)#h=SU0>*SF$Ul}h9)GQoscyy<yN$@N?_!Z)@&ui2`9~LgV3OM<qx!v~*_W%L
z-$LoSN+)djoWLkFqLad!2&*wdQkR+^+F(y+H-8QW;U@$a;qjA?q<V^5KqP~|crHvS
zs!G|iooRW>i-0^51}Q49<suC?G#ixxPW2)cNewyHE|^LQgxt##e^h>dx7`oKBqZpS
zM=${~8^;<<iHy_|48Y9<Dzkc|Xe9B^B&^p)`rS`9>x2zHzrCC|-G0Y)Y-?@8X@NIv
zJI9hoSd6f%<vKWtRX~gr2rR6<?}n5)7)Amfn0qN|_z?90b+#m+4c*0!(1?E|UJPK(
zQDzHq4gsJc8ICYBOU6xC$Kxg@k7HZ}P;;CjYydE}^`{LvqNnV9cy_Yk(hpE=*+8C9
z5)LHZkKS2SU%MWXB`r+*#7@We$SCSbt%<S&4b!45WdPTd?I6W~9o?wG3Z|^jlY^I1
zcar7{i@j*_ka9U{bBSCem({3fsZ$^CDZmX@&Nm|yzxY7VB4k(hw42;cEPSm?(zv!R
zAS*AAnl_)+UTOs#*R+ZFF4PCiYnOx@QQmFMfXfogQ_klVP=O1_Z>ji<lP<39X(7@6
z`9fz-iU@3tG`bXVe$nhkQE$gGfNQV>Y1xci#Z;D%TE^0i$viz?NW*Hm`yHS_<$<!x
z6{5Nci&lw#06v5RF;j8)`gqYhq2{+_YVVIeIDU6^k_p7;cwus`JKjQeMY=-)9<+@W
zvLGJ|QR=N16TKplPCq{0kOQitrtt5Nun?|ae_}^BW;1FsGGv$2`~`>$=C0mA9I$=M
z!&+u0LicR;179C?<*LD>+T9Vu<@XF?cf`C=J-K6c%Vn^HG)nNjc-XaD?t^jL;hAqH
zuyBZ<s%P;Nik)}|%c{lt28a1euSb#z!OA+*<ZOD9tHXO}Ny9auyRao3G-&}RG~k?H
z*i2pia-1Vhw2fbK8mfugH!mYaATQVFcwp7G%;^`!C0|+<gGATl>lAhD2q%7tW%rW8
z=qOnJ#L3?HEF4c(uo`=2|Hn*US-xpDK&_{0b#diYRE!A0JV`wlSl}<_uA|I|c(yKU
z1ev?h+HC;?+L17(iW7o@stbIiZ2C7AnNtc^+N*pI&W%_T=D7=}>J2)Jo;()loW)DS
z0NQ*73?on4Oo4*#JNtr=Wq`?7+BX)LQ!-|<1`WALB&tYOE1+@n3f2~AP7s8tWJISa
zp=$QUqYrd&K4wRXak_0CXKe?tuV)<Yoq1)70?{^kFgsju9)9C8YLhQ_5M~{~q$wJg
zj_)o5?KcS|+)pm*nFfZ>J}2NR8>BuEi7x|+4-rj)9J>)wY}N*5yzaD!(?y-BE!=kt
z;rl>%MFI$p^0|Im#iDjtpsGE-ArfX7o=aZejAR6~G;{4C4N}w7B2EPJWkFmjM{9C1
zMP{*b-891LY0hZHVd21CRgt;`WnbfBxL*s2uybp_TgE{|d|h}J(sm(dXq&^(p?rY3
zM6|T9ld^*3_FOMr_7SDQsq*-i1%5pt#jgI=c7HUZ_AFEGr!{d^_}-H2q#;2uP(#YD
zTrX1rlE&gSujlQ<xlSd4P`5n80IQrhzulX$QSG|)rAVzY!WWz%M0gMairYVj*bzPf
z`+!4lKmA(2rFJ$*w4VT8*9{<CIfroevW82CiiWwV{*4PPt=mBNChazBidv!Jmgd>X
zo;)1x5V=C{umcdyCTPUjH=jKzeX_zpT6&AsMftitS{zpqVK}PZqYtwUn_vup6fn^R
zhd?hMOlHSZ;5P6_dJu9`sEUNsa{}2mga|d=X*ZN7!oCW4spW+ad@>6iDlcjrJBhRz
z{B;|U>oW<==@+u4&3kU#BN2iba7B+ekfFF)kd^cg(7eDZSD!CEuCOzuT1Z{yF>F>c
z>=gWM9jUHKZp(@_Qd)UO)lzOrtTAqXPUwNBjcA9Z9fKu|qF?YT+8y5D4sIVc1xaaT
z_TpZ^OO{bys!!aTcZY+%uPPMwhh(ZPpM<N)1Bmi1qGXwbCo|Vldnjt=an$mzyA^!a
z12J=(`{d7<xerQo`mWmDeIZ>#X-6fh=2!V64X6KPZ+!3t&~`^c*D-3YX{P5B3VZj_
z7O48_7k<)3;S|j+Jv|gDN&Rs0e$oM^T}%0+wBNx73|c0)59{7qUQlzE>rE4r259mK
zRRbNz!kyX1tn9ojo5^bZZ$tOQpPA@P8|OEK8NmDHSqg)JPAfhG1z8)PMXj?}#Ia~a
zK~-^+RWAX9&I@(VU<Z|1&{kCN8DkoF#YdGM-f#e#iO{r#^!47VnzK^};ewPEAjdpn
zRG6nY8CtZe-8RvCZ>NSr!)(%|a&5=C_vMlG2#16yvDCaq>yGZ?LgF=m(I%Z^Ag!zj
z?LB}H@@$xeHieJp%HhnT86DYHa;>n0R%w?A+PPL5xX}iQXjnQ+UfxXx-42;}=fh0u
zXn-Gw)v6+si&`01Ea@0zriRG?nXQ0wPQacZ5{>o6;W%sva;Vjj9IQFn#eomjuD_lY
zIe>8O^HuwuL88=|{&-$dG_Q!_`Mf5iaNQ@F#0b~@)B!-LABAO1uO=-_p$L+xcTHi!
zPcfDV<J8D49*}9J+*Ue4sD670?Ea1uTgj(Bn}=6Ag!@Xq7>BnM!vm0e-#l**uivAy
z+Lp*Oj^T8w7;)UDdcjrH^vEy6=ia0|-~kkHiZKqa^yxnzUpGzD>c6cp&i7R`n%Ewl
zJ^lsDnEgs_x=q)SgHLcM<Ame(OUw0daJr*uzfL}QBJr1Um!uGtvE5<$Ye62Q@O@v3
zJelmA0^jBXpv|FmSW|Am$j-lZXRN8+He@N=2)9&u%wFqc?m@|m-W)?YX9g$UozXl_
z$#}2nzQCtz{)=*XVhZC*oD5E>@8X)3PmJw6`?L3lWlH>(MyxH1J)J#OoITKYxMwKg
zUs8nAsHln`@sbV8VLI&e6a6UN3t}Q|-S#t5f4tTMJ5+G)@e1DIoDIwj<UDL5mfu>`
zjF#b&k0^@#n&xygne`k)LB<KlX&8(Y=|jRO1D&HAl|0e0f|)eJTR3TyQR7MvM{dY}
zd}<sLo&L$`v-|aXJB_vQit*K)Sq1B`Jhv^eCr90_mM*Ld*+?caBJ`vKT<eulvs^|T
z7TP1bpZnE1oc6TLPb%R9i4Bs~Yp;fw8()4>P;l2<881_}t8bPsx1XI^Q4Q?5)6lGT
z*W@d$0he@+QpDZ{>6-SdYbKnI*6jW^<m*m~c@skwqdBYeCT=RKlFKRW*$%fHYRl=J
zv_n!(%(w5)S26wIoR3JZ(<*-+k#S91_%#tnKzaAK=qOoyr6-H!o5`xOt5aU5=%X39
zZ^k|c$6|y#{k5#7)OVfwynw=e4XRIEOA;ZDOgr{xnRo@{_z1zU@o+V%g&0dQhRB7u
zH*ty%xyAkBTwo}s?RVF&&UK)@CJiED`NB_ip5tjKw_6|ZP4XbYjps=K5kc#o_2!q8
z_dF#-((n6B7f*z!%f27$TvObeQ+nSBMt8d@I{s+5*{#j`f^NBdN&v));am8M$d5_#
z%w@y6pRMG4(Ye%)*;&o$xNodur$F}>liiN2VzofD-{o{WUW10=X+CJyGPS}`7<q6;
zxeoSc-kBFT>=7r|!0%X&>8Ho`fmW^>y%SwWE7Bz;qkIqHmY0+L?b>syG>s$k#&swx
zj1Jg-uGK>)-~ug|FT_b>syRyLhaXgT3*cb68D^FhjCDN@e3rGhT+;y%RHd-f4E4^S
zrKabZUQz@q;j$_YKmol-EIh*lLs7^n&3_WgASg=ACJJ@MtMC7CoiD8fsy%`=9c(M4
znQl^psi)r!g1N^q`3^qMC%E0F@9JP(Fw$%)Ld^X^Nabb$pgR3vPJ}e=kOJ#2z{Wqd
z1_GBO@gABnB@ac8?y;ybyK#D&;5!=6c%waj!8L1g<>69C9LMNb@0Mgc(9ME{z0$Z&
z(SbY1mkp`AtJp6QwdWmaRk+#=Yh(7RwiE++Y?i}1mVVWESq<}1Hmru3z*ZPh?ZIAM
zM20qIx>H!yehc?;QlI9q_y!QErX$#J%sJ`<>SHg0^ya5`keFRbokIO*!u*s1b82zx
zLi9(hU(O0psrk$---Fwcikvhp*I?k)H@`KG(WRGnQHoQCTg<e0Ie$Id19L^BJ!5J$
zUetgH5zshJOcx9+cjasfFCBWpsD+<8(D?A!c{&qAGnv|}r_&yG?%m<sr?K8{Kb7@x
z+%uFqc|t&;S9gf!MUXhqPtXx!5yaK)RPQ|+ZPy50+LdoqvKZzgH?k$hm|NO|VNP$3
zE~%FRRikWldF5_jYTSmmF6~V6D}juHn0e^&`^&B<^7_~EP9;Z)qZcyZO`!@|_(Bym
z4)iaS31&VS2lP{jDbbiGZ+S=2e4Of)Ja&9Pwj$ZWW^g)f5nScx*V|cEaj>p=6oZjo
zeXI3zyI^KTtN=TD>S~mC$B|Orgb?XSJh7bcNW5K<Tc;w<#yZ`%9{$#+*XCZcZSxj&
zk8T@P=*t(sI~}s!nmx-3S9Nrb({(Q_o4Ka`{G!-AKr=TDdSqm`TGX?Vr_Kv6geah|
z#NuC6m-4aXc&g5Hu#hXfhao_TTH6>YnHVhb^0X-RfZJ4fB$fgFBE(0$UqHbi2+$qM
z+YW6J@<m^EbKb?rG!5p1K_nq@)}Oq~IgcEwk6Xi~Wk9;sHaKK$Z9RWDl&=Yf)R075
z9?aB?HNAK}JSliBT&GR1uf|&E^$9qi#u$0~L_#{EqHNRkAKn1s3i>TOlS7kddlhXl
zp^hz>b@ZcF`Oh(#7(}(w;+{rQ*?@TiQI<!#rQ<fzPViL|9D(VUw}}t1>QNsa`d&@~
zNMT};KCka8fL%#PPF42(9kFxf4m1x1!IZ^Go+Z9x?v>wX0NCmYNe}UQI$UQlQj}>w
zV9Q>-TF{EI;|$Vn*&nMb(`EGRygE!YRZU;*U*}6dT)#>43>XH?jM|em({G#9N7^>a
zea%frAf;@7uXFIQFp<D+R^3wNR7+)$x?)j-VO!!BztlPq;F9Ah;rOUMtzB+w?uHbf
zsS0#RHOIJq)CU`(G6ak1^i7@L;W}wC)`qsBaM`=N6P0fmY)h)eS`!>o<4(%A#)jj2
z)>{PcGr&*CkA_;D>!#Oh&p4|)*Ze&k?@vyuk6tTPxnbZkJ)8Z3$7xz~asJC7^N5WS
z=a9aUkqm&mQ#$rNE)-5}55JRLe+B{zX5+B6y;;8KhkVo$J=BT|!TP|9>X<b(8ilDE
zygcMKuc7Vn^7WIpksQ^1EOhoG)OBAlw=rDBCNd6f2Ps)C5Wk&^(|43Wh||{&5iWaI
zP+3ts%0`7^fTW`u>$iIwMlZbeLN4oB-SXTwbhp@8H1f`8H<$19%5@c9!&KB$Z%(qK
zUYk5awlp~_`!UYkeAwDO$mtzl9d1<K%%q^M@$Eg<p+Zr0bD(nYLL?G?S*?N+^<eJy
zILzd9dXZ$QRnVS(MI@%^V}X=^k*tPoX=j9m3MZm9%DVZoC{zmZYfajpxG^f{-61?e
z$|7E~JHB>hEHq7Px3qq#Oj)pBCqL~CTJs)oNApbNN6W5@k|^N%mIMge$p<?M<_hMu
zP1_SL`D~8|t4|+3@G`dKcQ#jWH(nt!k-?YTB3km>ULtko6j+CoYU2^P2$u;@%<MAc
znbaH&ai%xu)6~(MZA&Vb_8O!og~ZZYtCZVIE8B$X0k3Ng_q7Ke*RQpyK&0n%i1A%O
z?#I%N$7h5p1<a&=$0hc-=6f9W%lWkm27MfFkhC*XT*l1Zf_y^DpfVU#?tc4iN!p)B
z!8u@1^x5>!8ma<RW>sh{UP`B$q?V<+!t8}-^Gcm;1*jUz)b220i8SbuFqp$C*X<d&
zslRoDlFJY!*31&V10&T-6@w+CJ=cTOaMhk~3w8{N+QVs&0~Sr+j|6=;E(QL0yr1!C
z*vSl|7UbI5x_PQ<w8*VY<|a?~E*}A_E(^4m8Psd~uGrEiZvflQSlilQ*&A#|?{ElW
za>`XYs@6b!$IUM~pG0-!0kXOgLx-&O(h$h`HE(6p3z3M1r~(xD)kpvfWhs=;rBirT
zA$Xj%1(b#98LEj+(o>9fE`6}xdX#^5igf>df5TE`MS0HH%H76B#bZz-uqaFkUxeh1
znR-pxt3%!Z@R*eywQ<;I&XXM;9aavX|A)A@4vTW@8vjiY1woM#1eBHrNu@+Vx?@N|
zLRvsXT0}uaL~0NLX{2M2E~S|vlx`FlVkj9(`n&Ie)8{<D=e+NGUB7?4JRWAa_rBNK
zd*x@bEMif4JjS0;o51JF2C8|5Kb@(jWYC&j;O?hT|Ex+)V#*)HOpW&(O*Xud<+;$9
zorQ`eZ)TOGZKkMe@s6x`Yc{!My&Qg%-YJ(ARO8&HzCHcCbAH#?zg4%shuOE3+aDmb
z!v#&bJ~Re<$ab84zv25-^<$&oHA3Vfh72*B?n!AHWfn<w-fxW@-&8S@SZA{CC9rb(
zE|?7$U$%vAVtdY&1FPB-IQFdx6(7}{YES`Jdg-q?)!*gVO<j}t@ku<*j<iO{_)_u!
z5nN-!lP?EcnS^KMO4aR(W2(7d8BkD^%rn~eufu9zt^k$2ozn!yUtH5yxHHTULX*He
z%k(TK2q^7NsaGUwI7e1c#feZq&8oMk6g`Jwa0|iSVEo>2vL}RNX)dM1EO)N~O_dTw
zts~ql8;<3$ino~*sqoqNx$xd6b>z*o-Q4ic2811@vEg|i5AK$-?Dss@-BoSc4@0%=
zp-%cj%uCNt4}fz^HhPrtwM+GOPh0%6;7nt$U85~G7as;0Lf@o)@IFkvQR?roCTX_e
z42z&gK*KWDv0NlX-#BctFIeAz+;Ql%8nYZVdP=VIbQgXz{z)BUFBcOR(oJDS?VdNO
zUm99^iK<hjz1Aehwfv+C!0nqR4Bfp3#LxVM$Hb_Z?L`{H9;wDKn2Z;%IX-@I!_frW
za{=MGzjSZXDC%Jn+~w^~1DbhLuCwF9oHj<BoXT-XA&{Nxg>OvAczK+~b+V%QcTUFD
zqhI!P<y*k*n-L*l6I_X!?qAXezV02Bt1OG9zQ!w4;)i(<`pj0<MYS>1oBMZ((Nh9X
z4**$jpqP71VE*~QG)^Dj<Z4xU2(>+|aOuyno*Yp!Zol-X|GV{cTnyZl{N7W-u%XoC
zhBt2W1x**$U)|8@P=>>hd_fD}{PsKMsjLbYxzw&{FLeq0i16*rdN2$o@`3Ka5A4y7
z+W=lLlNv!R;Jt_nrkpm**TtI+ilc6?K5@yV`>QpGVGBu_TNF@+kN8?Fvy$cgET>ef
z&u8;9%ndgetZ*4>HwgPobzK3>vD?t9au-<U5YX4ZQmSwTwX}GS5UH-MZZU2)mDT!$
z^O46wQ55X#kdbQ_ak8^WZ^b+!%gDRPD#Ma$9-bN#6h}D>s%0H4Oe^p%M8ih%j3r1t
z4G8?+K5j<LfOhOLCCUMtEf5cen-IF6gP)2_x8bXs*_w0UDeV2AxQWQ$$#2Qun}F{F
zly-VlL1nM|tnU!5MT-sZ7c%ZK-Ba~)N+d5<Oj%_VqAzo^(=;QR5IY5P*~|1qehA8o
zDVNT<HeGT}A9A2ue96bZXzufvm%iEhSSJ^Y74`6=41;Y_7GwKH6i~Oj+vfu3j9j-_
zVsbe`A8*Ynu|I0gMoXWa?MsRWGv`9xPX-iE)g^-v8B)d$Ud&!dA{qaTDt4XMd1dho
z10pOUuAaC{TtV0o4XoVc-g~nljQiucrQ@g906#Z+g>hFZtQu+lJ_Yhm<&b?nESQxy
zY^Qcv(!I^xj4QmHAftAF981`V3TEfO86t|gQz(>=zS0C@<NEt!O$K4GS}=V>`twk*
zF~<-dwupG#VTnm3N{n_Sgc|)$cmr0W`POM8E2c(xEAXrCdkP_4AFs7%dq1(DS<@QX
zJzP_>J+kyF(Fq(W_JV%b?Y-o}jD>Rb$>j!LGTKGZJFQIGjE(SM7n$i+p_D?KFpAhl
zapgIi4sm9~ryfq_p$i{q%lJmzza3i}372w2@fOeG7m3IXZVBJ0okIDa>HON%Tt)jK
zyKs`ZoN3n5V8nByp!vm+k-UMU6ydOEsmt}YM^}{x<VI0F)Pr=FuXQxo`Ans%?qv(C
zaK*25R?87prE1u@31q|yPvCJnf3F!o$nz9}%Ams{g!w$0p9kKgJLFBepGSU(D2B2p
z1BCs}>T$Wt9b60SSoaP?JuSFW*g*aGVz2+S$>0&r#q}ZCx2Y?8S(f{I($vO=EQKXz
z+{RQXZ_sH?uc#*6DcU>4be8%m*9WIcIJSjgOWbq7I+fH|-U}B*P%9ffHM6oBaDc^D
zRyH4z&+vL3G%-*WH8Ph9w}U@4C!VNVt9BSSbGT9AS<s4s!&vw{HYUSW)DiKHY(fub
zaxBUmmgi_cC){}Ojm=%K*TTX|61E2#kGaqwd+`=#R3Quu(T(R{tBhV3?WQMmHyyVZ
z2SZV1n6{M_L<Y@i><r%w{6LriH?n3?hAkEqlq|eSA_-T!K(Ts-!^CzA)+-RoKqt{W
zDm9*>JVYgc9U2uvP<(7%Key{h!pclC-Jq&Xo1T{^WS5cslAeyawEZG62!bo@!ri%)
z3H1?}r+GQNzN_(!cGCUpEXvikdy~4a6Jzj=hgh>tH)D=9Ec)W_nTx*&iymZo|M+G>
zN%`X7oF+?^Lu#wyeBaWyr!^`Tm!F6e@C#4c6ppNVncUJ2Lxle{8MGu|$u*#Q;nVFt
ze{pg+WIPNwdG@hD3l@7BzP6R~n7^|yR8X(Rg=w;@rPdfw+oH4l(OEu@Zg{ik#>gtG
zj_XSXK`9UBLBx%Bs^$4OkNuA6fZ)-Civ}cnh_~vRk1|=(p{||*5v<6~Z|0pT#H#@@
zvV$pY1;e|TsXXB&!BD5I0iNn)N>#2N{e@<2UPS6AFb3=H)5aW}Yv+QxBByUM(dcGD
zMq>ZobD@G7>KNsr6NngJxOj!m`=?1^Jc2scKrG+A-iq69SeVdYWc;I&BPNu+D+iy8
z9o#GzN@(uIc&o;Qr{sjxG1ykymeODH0zRE1QdGe{Nk7cHv8T<IPTw2-x_Z5{k-+rZ
zR9()H+@f0OLK^jldB$L;wZ^HCb=f=5JuDxfbQ&YTfS2&J=Jz!n;@h_0FXaoYtee%$
zqf`7x5rNm=%c1M3gdWu6zu&?Y4)ywVZmoEN!XdGU1{2k@*$gLel{~%|p!$RhVP_+6
zkz*Isdlz3RTu;UT>M5_kT1za)?8BiS-z{o#O4e*AG*)fzxjyO*SGn=kcGEo28JrLq
zz#to$A7VECv1I^ksJ2dzac=*6ZW&I-H|5)!3$4n&o7GrWEPa@#7P$Y#>UngxV5M03
z@^FC7M!5|~@$%#hW*3CBG3ZY*7D+}<Evc9gpPl3Z<CQ1J-@&oY69X&G9bI^<Mehh_
zMi?j~7WU*26ocN|n{MUXKg)qhxA~B($-VhGMW%qZaUF*Xdm*WpJ($_X@9zaO>VQ||
zoH1n_wT!RwQd2M@2A9SiK`$MPjQX%{0XY?mY82sP$3+giXe9>zNi&stf+Z!@rrniz
zW<no&RYm&tpzk8nvB{RDc{bu<jwLktR{9fC7eQ=m1+MR(dG?a%+ez~T8N6h4U2MU<
zF)oohHo2j1#R}-bc;QXH)2+K2Kr;f;?Iu9)-d%Vw6y|F?|1DQhgu<_Kp5R@i)Id{f
zPYZ<%HY#PF(fchhzXI8H@W$ziX!j@R_IV0vm~uUDFb`S3Q0S!VFLm6y8datrqL?<d
zM{w`Kk4T-^a(IfTp;wYPF)XgGJ0yJ}SV{ji8l&0y+vPBKk7cvO9OK>1);9vIt_I`S
zJgz|CDVg=gWXFDU)|tt<qdhxZ7X7u?pR=jA&6s94n@|LKRdz1B@b##U`^hTe-OeqB
zo>ayCdnEy(J#@pC7~wT0Iq#8Ddl;h?yX~-WM|N#12y#?CsJrnY_!x!J!^B&5-_2%i
zGPtphjv3KAXpC<UgR+O!M5D<!%v6?7wX47xdTS7yEMNPS#v=PieW0LHb9>enMMRO3
z91`jwrVO)e<CK$_z)V$ya7uW*8Z?rxqz56%;qtgiTCy_xaz~_cC##Nw?cRN#XPT?)
zO>u@}5jRmaAQad|D)+89*`}>hf9l3hd39-r{AXz-IAu5$BSbKL=nhd`mxg&GCf5vD
zX%6BV8c<wABT;!A)?8wIE$FKxd@>w{LhR=YyFH1(mz$d>RJ8d5jxmy=xm+cb(qL+V
zovz5}!>%@qyf%<h(CwHJYhAN`#N}~@&i#J)KG2{<f1A3Z?epW+!`Fh+eM-L@NPL|J
zi5|6$5g}xifw1dD+3a>M#T5+cfW!PN{&(=0M?}bV^BrJ0bQYEoyCz?|E&--)Y4zpC
z#MnUM?@+x-Ug%&+(h;sgo8GlFc*QH;zIv{WFUO}J%Tc|!&B-4P`~#s0y9s}R$7NP{
zRi_kmW4uXX7+u<?TH1MB@kPvQBr2jxuWPh7em`|o0myiwAwg3A%-t^FcjRyM6*TP?
z=1Zj7yeOP)c@oLN!m%q=5W{=V-{|HV!HDvh_7B8{@%Njb0*3^j+4(TGq;EPEs=ZF+
zCa#{dFYl$-<n%)f`IK#*4tFJp|Fcx1oF+`K{nXmnz=lQ=UVT|8+AvFOJDk4}c20Oh
zg>uS~=<Jm%%7%qorJEeCv}>cQV#F{i6O63(hD)a<!U;GPI%TEsU>dt<@{$FU@oh|4
zip>(!CP}lQwegOD>pILb%cW0WrA2WH%(tjpyXsNn-xAL_)upmiJW?Ek0i%~TzsVFk
z{}9=LDb&{ELUlnlOF6=J&x5Hy1fR#Nz7ZJjV*eJOZU?}>)<oxe#vcQ7FcUCG41itb
zA+IgvXjt}W2%`p~b@tWbJn42X^+IZ!R}U>5^K;!({fPYUey{EIxlNL>`Lp=wLsQ3f
zB#phv$^248P0DcCD!<9YLia{HZYFP%<Hq6~F&sk~PUb9b+`kC&LqCLV9rLzxlrv)C
zE2t!Kc>2*|6#ekW=0f3^Z{ythkpI@x6els9?W4xGh?C`k=)~5rKDA5&6I>-LJyh2f
zb8RGlx$w;r*Vqly`cwDvBVcc9Fh}*Mo;hvMKH6Zv0p_-~d4KlV>WYtO#akSy&^aSu
zRs)N6RK3BUCHxJHx5+S@N*5jw+Ayl}$z4LH3FlHP?*QLe1AuE-3j1aN0KSdS&!KWz
z#_^iNmc6?gK3i_tlpYhmmU-Ef-&yO<56|y<eb4@EnX$H7?KqwU&Td;QclFQOc^$j+
ztjp7ccJpwGYmW9?;v=4YLE*({Ha`+N3{$&bEXOW1hCBMMVD5ENaaIsR2j}(!!Cj8I
zcWoUY?3Y|Tlxs!209b5y#J1=8EoOhVyTe1~OLhU1O*P1?#LnO~$%`#hR@4kC%zfN;
zTUYVx+0tesIGDAqJ3lhM0gT*CkQ2~wHe5H25*tt`1DkA|ld7YktHwRRF+@<>KGHNY
z>f<=*pT7{oejQxVvGo4cH-6?0Jw)FpVqVFT5|JAS+=FZu3QfH8jTb-Ho;?dDA}d*!
zq2U_q3_^0!u{~_cK6fV?XR~U%qe}7czp_JuZRX;DM}!xULziSc_<NyF%5o`IEaYQF
z6%Ia0TDYHWD{_`9N#{N69??o`XI5XOFFIjcAj5mewlHV(d}<ABw|PpoI3skQ-{RU;
ztK*Y(C@pPRLj^`9Vk?ZXrn+=}^ktVexG)A;zXLFaIgDlsY?_vip-bxA$ovj?u>$6o
zvxtdk9y@*JPN&rsyV^$oYEQ~8T#L_E>@)+v@-}UK{}g|ETY>qx4>=`#la%m)VA2R~
z0ty*fI^!`HcH`G*q$sP8Tp2LkYiF3ZnC!UyD1Ty22FwPOBiSnw-0!W(ZZi}ymP?hf
zY5%OriFSR=IrUu8dL}MPeX}sdDd{zJM2C`sF(}ppHNQzUzm&+rU3}Sb$=^4ZA@NOY
zwve;DYz!9-r;0+P6wTXg51GSxQDc#OdbuAgd1F&8`CoW^^TmIqrZgVn;TkJCTTdE;
z*77!Z@R@`OZ#tUaGP7zu)8V@VHw{2sxf_qiwRM2e)VHB&rHOb7j8C`EU(@Dp5L4xD
zu-kZi&WCsLJpf}_ypi|TpKf#}YO0<Sd{5)WE%AtLj?QOCt)o;t<+);vzu_@0?+QHQ
zxuxqy5B5%CRBUoH0G}YWhIL`~Oxng|g`&$W7Jp(XZK<oxwMzFBiQ#*j8SI7RjO#yi
zX>z+A^eHTSB=pz1`PGw36DUmNP-*ezhJ|kMyq~~;o3F(_L3}7BM1uU((?%W^JW-kx
zo+py3DUqXVh=8j3HsBK1ge|<>?Y|{H-Vc(tr}+iE+)A-8+1u8Sgr#w~F>gG4GXxy_
zkIO$CEM#V`1aX)?jepoF2PSX3YKB1}qY0F8ndgA86rq>f55tmK<kySOlBgp}w82qV
zDTndJU(^AfqhCz62xtb(GuphX;_N+_Bi+*+%FyQa*7G?5Lm(5|^+38bFZcr~b9xh?
z)g!4}%!*%z2x){IVtg5QeZgs(H|RcRi@K%^S?ng5H%o4JkQxU4TVF4@kB(higrY>~
zRpQPpgJCzlb{h%3ixCrjOmbtR3JrxGh67ICARm?q!mCC;uQmg{?ZrNRyY#Szxd)US
z;muZ23khODgg2SieMX9DXts0_f#T}xKp0lynG4yfLXN8OFe7xNPe*I5uA^Jb$NkxI
zjqQa8GG*ZlWIB~T9;&}L&Sfy(YFkaF6y1Vk0a0UUjGFd>2g$vdjs!s#IeiE73v{UE
zd=oz`)A!n$8Fr0-7XHvl+DOmsPBMu(WTc^LRl#QRu2oX>WZY-CY}q}VDMPL?@tPEW
zBjfUhzHnrqsJ$wO#7qh3x2VB0S9->j=a+eM??Ci{!x9ivOk?a0Ybo(qL4FDcFSYUM
z*JRn4fvN_#0@N<DFOzRucNpAp$-$i^7w~(IS2jgQ5iEm(k^J3pHNpaq`GN{LmR5xq
zCpgHIUrk`2vToM~g6Uq=l|^a;E~(>zHB05xeH+-75Ff%X+aim1pNen2eNXhj95rwR
z8@UW-SlC#oDtuZTi6NY|->O~#gXN{{fJNOn)TFV_4Mwo7v>8>O|DrVZA!f<lQT(;U
z-eXQ58)r8#^aKOS*x1jSdOLjlDkG2g(~u!jpTcZ2<@#c2^6g=80%<K&I=edW0`{R6
zn2`HS#MStjIr;93b0sA&=F*n#F@yrMTxSM2>E`g`a3*cp5buIFOCZ_s#o)cGpVL`i
z3rH6RcL$K1soZp1&G-`Iw7}(Z0qHcM@Y%h7(;&{(FnCk6mru<OR)IfxbS=smW+i38
zRD(sbHyB~SEU~_|s*Di?>OQj-b#1YPBi5XsuKr6D{+LTlF3kkxCgb~$uALh%N&S#8
zOCrJPMLJi3plm{<98wv3@fVTLKF4w2ACZ53t-A|XraH-R8dhvbsTY+Z@nAw`Aq&CP
zCG5f}x9Oj;Up;+UpB$Jl-Rq5Mmoz_wiHApaN!-bEa<tn+-$#Ay{}z?PC0D*~6y{tJ
z_A<7@9(V{sba#<XU0^uwYf)hMogS644aZm#4Rn1_(ZQ#EEGd=iVX8CAD){ms*BBI&
zk^_FJmj#(j^^LNfVIFMuRS&C*4z%Drs4-22XasNL8#?->);{$xSbNMi1|vW9*qJH%
zId!{7Oupxc8l!J4j(s{9%V<~C`~nHwQAPtw;EsCs<#>v~=K>H@@RWFh<d~VLl&XlI
zQiPtHcbr0A8W@+4TN;)j&SVPN1Kayu-V=(o|3=a+{Slu`h|vjGpGx59n<-Fbc3SA8
zx7QG1OBYYsisx2uS+6xS5D&#apMXM>yp(!EvKuXkv0hMB<G@Y!8aO7o7XdOfx{Qtg
zx%t%8WJ~y&JtwD6NAa%?)ZHE)a<{;;x%(qZdAKj5Yg;Hb!unF-ddQTGW`>Y-kYz^3
zMg>vG0At27HB!6txGP1>z$k()j#6o<?1Pm|bn^v!P|WrWOn;KTOqct)<iS_xD}^Fv
zvqLAzbtMBY&wz45A=I(*&m-tuba_m*iqM#gkfDgNF?ScIhc;4i7@Xj(9F}$)*&j_@
z!E8&WZ30x74c~+z-d01IixeJ7$BmU&<R}Z{1c_sBs20Y}mh1=W^ke6#nPeV20)0q%
z?>llWyw>3Dc9W7sR{0dtx#k#rfD9lU*eklrx}!nnQC%taXMEU3WQ^eSCNs%e!xygG
zo2~pRHpeF$n7;3zxqY-iMm1$QoY>jEav9ICgVyStwnZPEOLwTd!#4WWm~)4C7FXp=
zt;P3t@ok!_sL?@pnbi(VtaH2IMgg@XT>7JjeegvA`4LcJ6A0NqDzTn&)gxNMp1AwM
z)lJt=wVMhV)>yUiS{)c*>0tw8e#+OCYPtk3gpGn}c{ca<_oLU1xMVKT03Se3NUnlw
zx$a|!2~x5XA(QWfXP)7KQ1bs+Ha?jgP}m`kiXD=W+d3{}-(4*~X$ebn#OQ@#i8KN{
zJEV&_o?>L-2WHY1{;U>Pt~rCOep&;b`Ernc6k~2x)TBXiu85L@#)NntXW3-fl$-MV
z$OgIVTnlBTJW!r~etu#cjZwl|jR!Fr-QC@#is<-UDG^*W6L(2a3t{-PB$v@GM`E^{
zh!~>ey=Jb`CADNKt4|@6-c)w9G}(;Tb|2RPzI7_K(ADEQB_MBJy2iRFHj8qgY)s=>
zjmO;+bWs75oUFzsE~~s)!xDo@-CVlUNKj03<+_{%sf<wQxss}g(($LjMgrFaSy}bN
zh7M8Vf#(@G?Fp;m@5i#b+O}1q&_mNv-CyPuN`AVli>Ngby+q^hu7d*5zJ%;R9%+$u
zJwS+riaxENl${l7IW;QMllS4v<(_g-lRer>$-2f=LFv<Q$~KPhSi}f-f3ye-@iwm1
zt#ivxtisLB?(T?gi>*lXrOSBz09Ks2F&c9>?Ci?<D@Re!=X!Hu!ngw{z^py~pji+=
z>?_=$y&B_PwyJn*w`l{*u(ue6G_~C~=$M4>euIFomOH!cl*IM@SKZD}U-WEy{zT$Y
z&2<9idAhC}4J2b_&J??~r8%QZ4|6QoN@uqpt{6JNzYNpy&EzkZ&%HB77|$_)(SD;}
zJ#qs>4UDca5(82e?;e7pcz)A5?s||DxaAx3x7LU5^?*^_nbG$5;qSup)t5lswQ3=E
z+73Jlsqb*fqCaqXJvB;Zj)}x_hRQ1M+R((1l0;BBvs;0(#Wae;yka%az-K(LY0U^3
zHAMeBd4AdL`TLwvivmISKDY?;t2i%1kQZo!9EP7?q=~5oqYRu1V6Qvzkz5rld+Hsd
zJ^JUG1H?h@rEF`#A?mB25qk`iOv4j4<zfM0fWpyh)g1&ComxwyRZ5grHNd)tL9^+y
zBzC?NZ_ygd+VvJ?WuO34I7{#jp*nEi(+H?b>`o2s)we})P;jB90#|rf(VtyM7zH;%
z1Wpm)^A29PUeN$5V?ngkV$|Ma4=S8?_LlS7T@&&zB6LDFN%xwYtHM_&;BoatUE%?3
z$K_BLKd1OS*7ljd8`pYkvA-Z06i8Ny49?YRiffV{e^>xz??ml~LCs8k8$xjc%G^<>
z?L~Reo~Ok{QuQWT+?d%v_`ESfkIPqQ7n<uK6KG1f<ObJ`5Kfc#+MDQn417NFje7EY
z1S1_|b^{w~9<K%Alx*0EO2WHxk7v@ntK(rW`x%$H;<y3lo?@RvO&fD^4F5<5es@Q<
zx&<1`xHmq`qogx=JT_`AQ<OUcFob3;7bWHv{2%eLYXtf%^V`04r(ZS@ODc{6AA-WC
zlo1oX$)y`9+%+atXQmSbWozs0<|eSG!t?S)w<tGrgKX!JYtk^MLhQ&o2eQJ4a^#kO
zjCaI(=M?t~sWQ*{D%snQ${yN{dYV%dkCp<%EO5X5E{b8MU(XF6T@m2}qC*+i6bu!v
zvS3Q3GHygvfO=G@&6qgstyqM|x_ahoDkS<UzW0HBMhn?z@1J4W%-I0g**^x&z=TiA
zqO93O<NUCt^@Za+7;DOpN|k@2Ug$Ucg73(UJ4=xkQSpy<=gV5tNhgvybj%FjMv)Lu
zU&vL7ueJ~je@1q15@s1^zP_{CuwoeXvv<?TJ9{6hZmGsA_A^;8r!kK&2Ze5$#Be(c
zF5r0x#V#4Z4Z>6NQfcHxqP2d4Vc%qgr~@}zA+-k7qFC4MvsoBdsPC=6tNd~H;=^}g
zA*9)7G$<JN!PK%G_tmemcGsM5th9bU=~uY+rYb0asG?`@TBAS5oSxK|;czgMzJst8
zsluDv;^e&UcS>m9c)#55BF|mP@15yt8<+vf6~cv+#LCuBCA%r4d0FunVz|Cdj^5au
z^lhZ1I-xF(7rNbQ$lM=%Z^P_S9$9>l<M>PVDKE)$C3Y`5_v%}s4Dk>&(#Eu4_%(Si
z{e`B4N`PIDULW?pJDJ9Amq@u%GPcJ(h5eFf{prG|UswRrXV{INwdlO%(KZ@J6fXM>
zPV<=4Tai(Jw%uxw9oXImMRQ#pSNa6!?hQXM*@{u`pbe9GTUuRx6~z~<-!~3-cq@8g
z^#<b&KPaG7)J#sX5zTRD-^u-CgB=pKNriNr3rn$EVsd*Qm1?^X;H{l2hRik}xFS_t
zR>0M|`%V)S^({XmRpzL4)g4%8r88=e-HbCbzduXv!HP4*^Z_ua_==)|F|`(#3Otco
zMw~00)6rAeq5#z-V%lBAr6~3$-(>YiQIyFz-1HlUyeWZW^R-6E_-J_bj=wp_CYerd
z+qwNxyQ=!&I_dF1_NYVg7Lv2yqV6V+M8&7Pc^1<q8|%&d%0A3H49IsLji1xz3y+YO
z!%nk<o|{N6+bV)^iNScgR>6n0!+l1B*i)j#+M`mNT<G}jFZx&8)ceA4&c{_^bnfOs
zMxfEmu`$8mprP`yrCYvJ!VjoN6f}@ALM>_GDO61MaO?<0FyO3zA?)75T5N=n`M~tn
z0Cs-kq(C3~wjD_O3h;-Shgi%_9^H2qtGn~+X@frzj8+#frhde2`jYj}A8w5n)W)w(
zYFp-QDiljvJ7+-sj>8QhF_;q!Zp8JdI*Lwc7?0XEVS{5UX24R<qQHA)t<QSgXD>PG
zGp&gQDv-u8_j6yc@uC5|PxR+EZ(Myg%4R6v*oMk9d%im(d=%v-dv6j9>^01GWsO4>
z6ce=A7KnRoQ6A4DTrX3`{&@Lb#K3z0J^_o1$^P!TP+=t)y-gsL8HNZYJ_APXMqBiu
z1LlJ`JvOq7dIz7UDl05pe`jvU-rfzN%Pptr%(#4he8#t6`##Qt)qfo4vv)F$t64Ed
zLzzm~Nyadv)Br{2o6hZTstOOeWyXf&QHIOGrBo`ii>N<Xk<X(n&`;FaRr~Y#j@MLI
z8-3_1dQbzC;FXbB>(*!!KZ5Xf9K<VWBZ6wN6vUr|?IxgjSBc!8w+sP=i;g^P7U&aQ
zU^qWdXukP&23%8|>%GVA_1U8@eFW*(m>yBaCmhGwv#dO~7xq^L2?An-!Rf15UHi<D
zpY+4L?M}kFh$7V;y}E!gqyDtoG)`Gw`i{5Dk-U$Zku;A4ld03X-D3AXrID88h5dv@
zT7{L9fAAa;jhJ*}1sP`-;~_-EJzUCJ-A+TKYPeMVQ5d&=8uwfeLA%HYt00mxd&Agr
zM$kjXxX=k&I}+AMJ>o42x6z<YY*xCE>=h-cA;pxpl5`Eo6iG{jYzW~w49GW#@;Z%q
zEQxJJyRb7UIH|;mYB{8KHo3=GW~A?GK!sQeJ${UKw}%C<vZ@@*DmB)B{QY@^=Qmb%
zW*7^d-Y%FIt#9jfdCvsntMs9h&|ueVL+49{UhE^;)nI3pEiCo(f@ZG1sTVb+!a%2j
zP}1XYl#cEtLzzXdDWeemUNn|vlY$~jUt>P4Ms1r)M@Yv~NXdh?r0U}`iuV*!_TqwO
zH{y)G!!4jtKb8oqo$}WhTMGoRXTz7qc|ZcXVRqA-C6d%-_)`?|n9D&d%b6{IvM5jV
z!6jTfB;pECpu#YnSo<P0#WV}X!3_q;L~A{KC=R=ICr}E}_ika9T%c-Gpwci*kq}d{
zu)fi6-K>)o<4|1|&B=x8s|EuRIpKN1agRZE97O-vRH75vx37j!3$<Ur*Q%rrA3LAi
zcYZLP<G3Cvvmy@&fxKEW7;oX5<vTMtLi&ZsIIz4Jgsx+x^g^kxk<gp;8aOM3TZ%OG
za2<%M_m9s$vjYr$x1TaAFz2O54H$zCw$}5@q|Dbo_LtmXm4XpStsBAxw=0$`-Z4!n
zwAFG)Di0SYYU(xg)lMl`Ots*vnr5>$eHk%UUaz8<uuF}jRGz$d*$S0vmzAcV{-|NW
zxu36DeGFI8kSP$EffAD2ET63x;m)PAzi2hqXFrH;?|KYu4;_&KlikjA1*nM+Hl-)7
zyDa9TGvOWi84!*~`#EOW8z-O&ki_@qb-hvfufqKmI<*<Cl07%M1X)qV1lZAh(D4!-
za%OLPj95vGl}y53?7khL{H(Sor@ffGyGo<E?FwC5TVPjj6I$)6G4?gZ6jf_uPCYNX
zy_B0ua{M`{fJey3gtGMef*bilgwl{$BN!R!WAJhyz9Xd4@akICI<Nkh5tpWgsXDDb
z?wl1+YOTA_<3Y!il{@S;y-*MqENV}p^#T{vL6<2Q9r7ZGh?KTDWlqXI#<gobk-Pxq
znB*_Y)oSZ|hgJ5;8&KuXrEbtwIdrpD^(`rIcEh6zP~0`Oo&>uf29~+MU6V$Y%X!Qx
zv4^x2lbIEK^#1z%fQ5r5RZ4>t{fmPeINlw@=DxI9@-(cm=7l7ntgd1xx1+Prl(bIG
zm#snlrNH;$=ufv>mih5~^UX;ZtdhD}eOX;zS|aX8GM*l~&qi9_c|x8lqHfC9odmAA
z^8j>ql0S^NC@Dd@FV0F<sEtu#8!6KkIX1L!F59E#BP`~<BP?J)KZJ=g_LkEs^=z$N
zFQ1zYDecwPSbaODp(0MszMDRQr}iA8qBy87CPr0~2S|xnM_#^xyIbm^yJaGUj77N!
z-PGdD*$_%aj!@i43gXH%vx4y|-q`zD8PLRKSbo25;<80r<^wk{5WQ8ruBiULcb^tq
zIf~--CD&m!mxb~&HCebZNCOm3yY@8uJU?~Ii#LLp;<a#+)xgAQb6z1+v$C07!wO6!
zVKrxqD*OmkjlbG^yy7j4E~%75pA%I--g%is6L0p;<w(6NB*n_hisV(=&&;XC%uO}l
zNuKxPTch9Z%skmxl)$j7xV0hA*&VZ*5o)S=4E1Oxy|_=mz9rKYRxaXxb6&&!#skbp
zwu1UwmxNwitp|t=6+b=?R@of7XSn88-v}tp9uY>Ym^O$#&VT2K%W^|hItYsuNt$l0
z&dRTokux|qy}s0D6f@4IAQ11^IBPv#ANV{!_M`nVL~B2|+Z^Ds2$47u=d@@sc@e!U
zG=8T5e}|HhZr|+$Xx4jNNS9QF{T>kB4TcoYtAMWUPoBz8ED@WPM_RmXkI4}t3!a}p
zcTC{U6Yn&<GnXQrr4lBbP+3ruZXQkPs{vXzrBt(HwK~Rastz@4Y3~zvZqKI_{?f(G
z(ZJ){Vq?MDlpB8QphKS$s;qgHVtN}uHFTqM3+^azm8D?DYH9}WCkMBUHl}v(gL<a6
z_Z8fgKW?%)<QAzP1E@Vs5XZWE*%ey=l~O0Y_t`6}1x-dIx9I06>gYFrb}-Ph%iDrX
z%2X|g?(_icUEW3#-F5CGme6vPpyibRZ1y|`*gd457_OeULXr?4cqAwR5G5FYAr9H7
z_HHu^DaWVPCm4L#4|cf!LX-Z);rzcpiC#`)C_1OYWiD;7WGP{=$S%u!XO?9pa(sJ9
zMN{R*^5Y!S=)ASPktOdB5*PZLTlpyNVFApz2aKwbFrK?L#jXN9Hqz$WzWgu<KX#vH
zf2hvKA8npHJ?6wXO>*kWCw>^o<((Co1dR`5J&%U$EW6z&g8SCQLnl_!u53vrXq`)l
zx6*2mvY>x+=C{W`;5apiJv|S39aCp;9H;320mo@wwKv8B?1Z%itHMcZ&|r6F?EnuT
znSjJmKoDBL@i(yY&|)f`r2l3F8s{O>3dl5~n-anTc=;V*0WJZLNI&BhIL;2SGyfeH
z00cE`f<etAY)pSC?M46<05(t@02{O=ali(f{{gTetZz_2P?=xBs4&2ZbND6>*O1^s
z0>UMcNW*^#k^s3WXB$Efu+p5vmEu}$GYtOyO6TVjImprzO>X{g=@xu=XuWj9Lkb1i
z0Y}UCUos;Ak?H!w8DZJ$sTj-!1*8AGynJqdw;tlZ;cbxIQNG)WPa4jme&r-EeijLl
z3q?``GfTf>p3du*9-`3zSqg9#bY4mnS)(?l2@eo!r=*YgIZ?_#gYaL#*}#?R9sIRh
z@F*d&1zB^}&x!9zJx*(V%}!+6eaR`_F<X6c06@Vx<A3}d_==t@0PK<*NQFFB1va~=
zpMe5rh*{&nWfz|Qwo!li<iYp(K7<HM(1iu0vhC~s{}w_tw;SF7<WU1+MpYd$qu^jO
ziuPc1S)39!yLS#c>;JR^hns=8{0pY0?w7iKhx^U`92tiIFdA?w^bv&3S{0!!Gid_<
zhWql%G9@h_h7|zR%z=Vn9HZ<w0K4&L=`#}Iw*D+o;kgqns~-ok{93Q;{{sz+o*yC`
z0qlr?d~_lQ9$IuagbEqm!+HMTbPWKDb9rj!4(MRfS7pcl{w?AD^$isSCjvV52j-Kd
zcF7$|+&lZ%iv!4~hWiJ|r}k|7(1S^1!r+X{C1vdDvPN}iikv@WO#DvRe*LR&D@0BM
za4m537EZcYxV(IZ+lK!MR|xjNI@t-J<knT&E3FUVLI%*wA__;lftQs*ZS|jC)}zCh
zWdrAMi!*$F#T=&{tV$3l>}=d#k2Olgm_Z$P1^+>Dep`z?2?Sp0OPFs}CI2-4KLv6D
za@0FI2>y2K5dQWVx-lNKKD-IYQKEWpPXAeRe|-QzpLqw-<Un@wIv7sLor(ceu-VfA
zH=vai$wSBcOWEI!V_Xs9UzZ|Tj@yW9tTy)$rHzeNnSiZlr;-cN5<8jX4_IYKd;y;A
zl6_!8v_WR^j$*_Wwcj5lzk49)ug$U0L&f8v%Y*^%Y{mWgk%OIu{IsB_=Iez({54)3
zy!Qhn)SnfT9#n|o#DAL0ZKSZe<X!T<z%|9@3p~GQ-!q^9ITzyo`;!LFlm|*N{}-@7
zAhH$!FV@XwhFh&9pzfV5x%EYn3vhav<wIHj!%H$#hB$EGLjM+9F)6?w!JnrO=%3IB
z{;eJZQE?xeY@F?ipp2MXtyv}_ivG-Ga_}miK-iERpWY^*gL)F3|49dJaXR=5#xhMk
z^k9<nM@H}s`u?p`@<4f#$#Cai`lVxrd->K2tU+mibIR0T;hFUdEEqp|8v<x_C2)Xi
zyl0jQsnG^dXkA};F26W;kZ(WYTMx<4_%mr{RXfm&C&z<(=pQ7X66TNA9cbPk#q;zD
z9##s~deID<vBczJW*b08(>)S+aMiUOV!2vo&Qaq|u>&X<xa)BL^?PaJ**|~42#xKa
zLORd+{@xN=S*nt1hfbeX9q8dwBYsD3{BHrC@XB5YH3-83grm)O@|y<)Pl$Mwqq+F+
znNaWb@AXTUk=tLw!MVPaL!OL08Zn4vPi1j})-@R^*$Zq1w7=0`UWcz9{hPH?--GkO
zlGr>$l8A`ZI*}G<?SZ2r8uw7e|MH=DS^I7-94w0@of2n*5`uH-U)i95tdc0*Br?dR
zrSm}-TmHXY9)M@A4<^`NeFZL%1FGx)kE?t`?ptg(l(Dv7nTRQ!cgj>65)2HB6SFCP
z$G4`i)=Qn21qO&R%PU;5#6e#n0>=^i`)}#-X%0>d=%_m=h6ONHv*#K(y?7x7c?guS
zD}O!v0crFFuiNxu1z;K&Uek*6+4+vY_CtDK-d3|62g8l^@N??e8nu4C2O<GI?kc7@
zLHPzn0>nOR)WjC=*pHNFG?1U!ARBFs=I;UXtfI=5)y^AuEVw}Z^B<s`qfBtQj@U{o
zzgiM0InXJ|9vm0f<z&lW%t*-uGSYreR89|orX-2)&ua)+w4$unvtfZwLoy*6_E6jN
zP2iJFw(M(hSN-%%TK$z*mc5}u-q$az1kPnm?!W^R=^TV3dC^jT_I>frIfg}51&)GS
z={uggAWRM7-vnfWS(3kyr5N`QU2w$t+vU(A`7T4yUFK-!zg|v~%BSYPCL0x5b!m?X
zS*N^9W%-iweX!W(!=tfeKwtHMUv%jh2@GpJ*g+LP>~PZkSn(dp2=p|-AKp57%k1Eg
zm868;mg4ZW+7wQSmr|P`gs29BBCZ#$>y;-y9p6r;6?1?46OhD;MbQzy1zlH6MNbqT
zGL|yR%S8p8CPy$JlcdCAqV6lHjKlhB*rxv#>wD+<C-Ln|_dCmWixV?aEJ@|qM-F*;
zzq2kiv^m`DvN&*O4oPzu(C;?&w3tVO*c_?NL-vm!duGEX#BTsJk2dl?b~lrP26BEp
zG+;^H5!;+3#emnJm-5&wl0F|y7|q<<-8b>{C#K6?1eG!86Cu|^_ZT4V>50(%jkS7T
zj-Ip5!4YYd8uRPHW2nw24I@OlYyp!dD2uBG_c40Nvlco7OYKzDuNGkS0W)%;Dj`m$
zFdGt91>m8;Zalu3a1z1}>YtiC_BVIw$zxVj-e(Bf#eUle95~P&b{k&Fm7BYB;J{=<
z;**UYT<wC#*C$khKwc)Of~qrH2xOtv31<OlCfkBky?em|-4JvRuvzq>1WN`O(y8JF
zAVJzEi}tqWvTF8R@K^MAK(>GHX}kvlV1_cK&x&+&q}~8fD}jeIoXAKKi&n}t&{`hN
zy6Dn^0=3|lSi}}4D+`<jfVfchfut9y3xd2o&`?@!BR8@lkU+?a_t}Ig#fU12?ftxG
zz4LQfP`B`2L2SOL!j%Tc4=VAwf@7X%nA{A^LT`812QFoSpdXBm<zjT4XimD|kS%}F
zpmkQp*xq`Hd@V?H&&jW@h<vr0vny7M)0xeN8%xctu5?%<ql_^F!zyXH;T$eivuQB^
zO{1rtQ?)M2tPtkP#_pIbTa#`CKoQREz(KrA3vKzd+&JN1F3uyqrqGrb$_pLv9w9ef
zp`{(baDnS-;Iet(AHpD?AJ%*|(qa%BP8snl2+sB_op;P2pzj2m6bp};KCC)~c+gGs
z0GK^4AcsR}tj~VHypbkmdu{5yF+ZSj>A@%8DbLlJub9e}cCFmjPzKpdP<>#%Gcsp-
zW7H(zQulZexBbp!2*>oo#ay9ZfFs{4NbWDT0Ju#OC=Vub`FwI(i2qqo2|LTn_6A4U
zSCl4LR)5pJHbBm3CX@d03pk?>xSn)9V!Nwd7=S^vdSvKr3#J-daNpydqNp(T0V82I
zhMnJS-)=A}aKV5o&B1#iV)`kT+{0cQhSvT0CR5W8imexBd5K9O>x@nYsqm@ptI&Sh
zM6$d8)fA~E`9T%2UtTw+8DM_hU+$)ge00+L$2(swOuS|V&s-RnJ%Durcx4<FlEdv%
z()zg*xVNGX#UC_CN#3Xeh%z5*N34iOkxgHFD<PaJGl;W1{r%;Nr+RmNPri~tY+ymy
zRqxAUZ4j4wR$g&A?;GSAcqdukELGaCFL@UA>e)ocA2JSlEE-kfrC=7)C?gbNdgT>W
zu&6hLB3BpNy5A-JzBOA6+nn5*eOJzNeWP%VW0Z|~9}rQ5_><7T5F=1lpUd#j>7o^m
z4G)IXl&AsB$vC62QKqNhUenW~1{PP&l$gU|jX%MFp1w>ld-D0tOUK8}Z_adsvq`tP
z5A<hPJv?94004da8eM5hJ%xos8Rk)j#j0n|PXpCruMY=}*J=;9hQ{_REZ(6AAGE{^
z4|M5ulCTseK`aL`4bL+!0IwEpgSG5VSHn!jI9%PCI&rK>2D&}<CIYMfY9q0p@bot(
zL`qP<f^hK{VmWKQL7skU@Yory?%KRC3e2GEOnP5MuQGKcHT8#r04Jtdh6C!RCIFPD
z-vQ?eTne`O237?XdIRQKrkV}t<nJzgLM+&57`?XL;X|wcHr2qmCTb8A4l9)cFpIpQ
zliUhbiRp<dkUQx~8sympvtMUZ^R}b&bC<g;RpC#TD*3ey!8S2j)*87rL|UV@w0UP+
z!dfBNp-7YjqJH(9>}nrMnA<!T6o&AC2(>HOj^U;gFC^f`kH4RE*+fT0!@eZtQ5u@V
zZ0G8Kvh!CoNOJAr)Aq~aib_EmuPGhO7#T_s9Y$w@nH2KEXF5Rsqw*V|bPQ#H4DS6n
zxS+yafVZMw1AHxtouC!6+bnX7_leP<kXr@URIj!T$W?-c*=MM}oj4{S1J3PWGGWZ0
zIq8yFSHAJHvb34$%~~9Q?xzXSWvR%pKDjKR<%9d+DljCe1>#D-cflQqkP>@8lf$C(
z(Xp*qugOr^(^3Y~DU_l3gg*nK6Aex!sJs@LqU^~TdNkDuB+Skt8yPaTGbMyci?J6h
zd<r^})h|8#BE|e_w{WR?I}?o6iirmUo!$s?8Q*I+j1~t?#|a@foFs$LnM_9qRtAt4
zvw|~^t5DtVblJDf|BPq-C84Y5=^3tc&~!ms^=dWoq=SyPX52_=!|cl=Fa#KN-@$`0
z>qSt09jW@zFtJ!6`%Wy;eDep?cKmDv2&_wgnt5Hr9Zm&#itD_K8%twjt<_wDG8LOI
zGsBw+_*fO*ifzoBz$?AM4buava8XP&C#>O+9WQW(yy36+>g7`@=07>fBelzaKX5=H
z5lEwB4_XL!JDNc?ofem~G~ZdFO7PI?h?jXpmqfccF4^T(_&2L7uql)RoRi!o@1N(G
z<(Ji)KEw&$v8!BeY+M5K+ST(au`hvKQ5Zff&;#Pp`fBjrYY{yF3=L@Ph@9nTh0^6r
z8<g-9X5{%CpE*3v1-0_tYkd1KXg}6t(ajp9R0X59HzbmHx&|WYv@C^k=lwYNU4llA
z6YroX5x`J0jO!zPS=HkLrV5JYlqSLS%8hIMg7*nnV$;o9Y+&Qtpjlp}C2Syd7{Z;c
zm%h*5;3kjDc3vUVVv%EbB{hH?2MA!+$hDx$ul~A0BtJ;+pnm9cT+VrTm^J}XZiSar
z$cCQC1Fqd00U%&8MFuh6kTK*2rZ7VHt+rxIGPuOSfZM0>HZM2?$%iBtvxo5MJXOKW
z<f2{$y9zrY7tq%KZfvo2aBO$c6$21ws%JPq=DROdZM3Qn2!^pk`WoGBy2FL$s#IMX
zsocW23$E+PTS#p~U72gygJQuO0MwCGe}}XEU~jlXHpcd!^m<&@s+|6KE_dI+YfS(H
z@sarbuy4+AYuaR2`-j1%5KDy}fxg~>Oz``O6)}0~qJbQQNbzxl07)yz0)xYmS_d}h
zA58FPPda`8ezM!xFYzBm{)1>_<mETTQbN|bI0cLM#0HAa=esFf4`_+9dGRo~!hTo+
z43Prl&h~3jFNu&&%i!?j-9C;w-+@o_<>Ln@K>o`RTko%{rxLV%Ycy51O52#*%HtM#
z!aRBbOdZVx<&L@?vEr@GtZN@UHWuA8=9u@dFI7qt(TNYAIK$BN!TD{eBOy}zgSvY}
zIWw+XuH>oCTR`s&y9GJ+PRD#zfrlSZd+Tq8v@?VM<6~3GmCN$Jlq;S;VvR2nVk1HG
zLq3X?DT74QgSDx{2_0_;d_NMEtMNw{?^shufHC8&Yf&{j4R=dtl7hNH>1#3<pk6{o
zhk)~xV%3=An8h~V_N(~nxdzX?nmxRt+SBaUV!rFs$atgX&7xB|7QwZo4U+kJBE$?$
zmYzhULa(I;FpU1D71v5zvZp&BD+AQxmp*m)uNUKqhfb;O{DUC{!ouO&4&yj0K~fVk
zj;%!<>ppPS4C0{$`V2H$yc^DN<Ubkh_(>*4y=gCC*8JRp?mLv3$F%Zy-1kRX?yMR*
zki+&t1IuNMiqBR!ul7=rj#q)}_YJ`B&E4=B9oP{ETHFmvA<WzBnwP1J>*|B=snRC7
z=t<A50;4#?sA~P{49Pkp;8uzT5(4g&9O>C(N)WR98UNo{;NFlq7{rtkY5yBloWndi
zaroEx94ps#??bysodvR4C?@52>^6G<HRm0$Wy{`&4&R2lbKOIxD0<qjy9x~&r*GhS
zFP2%xg#MtC@al`X-75j|tHOoE2!k33zL6q$H_GWzZ{EB@WfN@$#nWe@6a3Zwfz(Y2
zo}hCrE2nsHaMJOYhKR{Nu>p_}?FQ_=cWpn(_jxw4vy97zepmoc>xPb9bKr7+gM7q9
zS&pc`IaR)#=;YfWuT%WR)dIsPP+@&wL;{75;laWr$)P|IIYK@ah+FSn)lqQ8Yk7Hf
zwd%p9%E5#_YfN`Wro)&xC&^Eoh!JELwwGJ~`1aWXZ#9BVV|6py8avt2_7t*nGc7yb
zPYwQ3O7CJa`SVqt$#^3#D-g>q40P#;0_wG;g@_Grdxbr?rMqqrt0Oqp0dgSM@_D?*
zkF(+2@ycP%#Y2xY00cH$ZmESOUK11{SY5XBxUyU_?4%&zIPTL8cy_kj&d(&3&I5>e
zK67HywZFVv09B3uzL9r*N6AIE_+GkZno`_9n5F~LBDW$LPW{~#1Pnhh>YrumS7Hpq
zcc0}bSikr<%K^wE7%)0hEr_%DZB>e=zg)cH*xJpf?Jb}bGpASILCo14q~tNnO>|uf
zdNny4+D1lpAHOzQgP&Iga55b97C>?|m#Tyu$Rc>0JRAFX949CvZifQZmd&YHESCYp
z!qPHiX}xY$@juE2Jq3Q}8K6;>S%CC-Z^v9><{D~QsAe;`e682S`YWK6DFoK6cHXag
z*-BXWY!gg~#d(6crC51DoD#Ht?d=~<H4Amkw44FW=|PY>WZzDkIfzdD-kv<A@X7LL
zL&8p>RB5L?`}5l{zF}E9FSA_k{BJjzcG+DDa=ijxJHN^YB`W;VW$H7BlUHui+xgjR
zX5wz`{LPusDl20X0=h;?41X>;$~m|aDq$8~t|wi^Fc39-uH>tmY+&vM6UYT-K1x|f
zw#O}`lFPy{dW3l;W8#(3#*`xBaX_(cRLPTfKKXt~2elm6P!7u>U=m^$U}I|l<fzwY
zc1XnsZnfWV&L0F_Yx6435xe;Tv*rze9eoKZVmR%cEHjd2U+p#;KmaOE=~WrP3EX!_
zDw+Auvhq>>n7E%)XKUIo$AD+Ms$gp7hU$B9r9i1N<$Y>n(=Q@c-$@TMZmNpFP9YCK
zVO$5X0mL<ioJHO0i3oQ8QE=m?l4!$u#J@iyZCe5iRt0L}0J5EVxi^<P{f8iyBRI!Q
zyph?x3?Z?WPd=JV&LDwPc)k0_cO^W~9x0UT!G+iF1u(U(cZ?vcq>;q_PT>~t8-g!C
zY<<i7d~Uryk`%H{Vq8I^muzsk3MZoZiUkbQr9wC99_<|6vb#ODZ{!8&_ZU#>XEz1J
zLLmz(Wvp9NSKu6JT>_e>o%hP^wqdH}X^QK>6>&jWwahyW#Jd9+tDpiL<?`LN7v>i^
zIk&UI{e}ON&KLeD>K?WagqqNO8;k@cAhM7r^6vP{+TTkKF3|0J3U}HB{d(GfwBdFB
z2wrg5=pP<7+R$O6jeXe#GP2`4txGix{bi%>b6LQt(rc-%%d1*{C(^#;Zdce=EW@&S
zN^)I`R><C<5Y__2lt87vOm*ghA1k6(-htl9$%|)?6)EHVqUoT+nEdZjLB3A7r$OEM
z<?K5c%i!(+r9?q6pY5Z+zuPu7ImMNOfDUMmI0rRHq|!xz(jt5`@d4_e6<4N#?OcBT
z2O|XvTz3olek81ExX|^xdr)1zRh26@>o9h68j2;5k=Wh(@50M(@O;JGyR*RH@62tP
zV9i2{c0~rco?^r6MccGuJ)mp4JKbYZIl|)C+sehUnGpSct*VCxN~Q*4SV9kckza|@
zV9bi{(eu#TQJui)y<=tiK_|%X-yW;N-4)IfZNSEQxwTWM(({&=J8PiOB9e%1av;r4
zzi2kiu;+A~wq`iXzE0KZ_==Poa_b=W3l04GeZBzID|X}H5pF{k!0mJ9;UKw&h^{-B
zfpQFr4pP27dhAc>HSmDeZzYF{7rNU=T(yEY%I{}h@IH(Js~1`@#jM31MB|_g-0fCc
zWJa&cd0ervF9{@3FVZtkfJ!3G2>Nr7K`EdJNySB(Ak6Pqc_5>zC+gEH_u_>#FGU$D
z7g-H4Ytk4efW>C9Y1C*sR4u!k-a|AW=2yU+qrw2h5rBb8d~)#HehtQfscut#(2$U$
zr|KD?7;UA&xxbFG03$>Whl_yni(b{O$)mXNhm$mv$CUs4Tdog`G5h}>0`jlQFaC@1
z8V7WErRR=d)RBgZ_5Z;LmH&$(lXrj_^nX)t^t-G9$Uhwnhf(zca#^A-lJ(m#r~fuD
z_Ui~PgEJ+>qELw7z8EBYsZP58x)2IGe6dT|D-#T?>HrzfBGnMwESDoEGNHRg`>OsQ
z3Yg}>*uAyCsjND3B8>Dc7$rCv7;)$GpT=?tgQV20oNwoG5}Kk6z7^D*hu<widmtJP
za+9azK(OPE>WRae{oiS1HxE=sbGin)?Um*X=N_8*BcSB0gas?hafQR_cCv@l?PLR0
z|EgsBmP<z8axShkh4`pEJeL%al6dC))nGZs6w0zOh20CtTVXtD1~*fA?9~>dcq1>Q
zzIEi}y+yIXCCb)HXO-SHdz0<f{`7WiZ!zdK6tQ$&*RzQ)T(?|%SJ-D1HH|g0(Jzc&
z@_vth^aP3I5%5R){bRZ7=*OU9O(bFkYbyzxR_%TM#OZbg6C3fdQ}iS%NBfQoWe!?g
z-%rQLiJzi>as>SAU;p@gx^ysVf=YGNdU{Q@w}jB`(mc^^Yury}oHQUF?v}-`5g6LU
z2PG7@pkIso-GBPy#m!GW)ifPX5P1Q7(nhk59-;Wq?|Q=W&HbDEcAa<Iqdk+pkkxa4
z`q;1kS$pn55qA@RLbgA1x`D3lCmQ7UVU?7Z&;x%Xc_8-SQUHFn2zUmg%jf_38E!$(
zF!lstV%|J=XOWXn3VPZf1f{g4)zUW&!6PJUzpnqsN4QA}J%Uie{9IyoW@{qNVAbtf
z+$M;FZR~Tslb$uuF42t)75>{z1V1T>dmTUVB8Zs8BBU$g?@&UU_31L$0@1U?p3cQ9
z#FaN0U;O<`0Iw_XNtTyL^-=S@0H-MXD{iZ*uP3<}NOAk^DE1&ZspZk0T2Hv=-|j!O
zkx$7E_R#ieOZf$I@@5gkis;8q?>Uei#M%+v2OqlwJx!YMwFo7!m<Ukp@Q;g`!O0e0
zM2QpMq|3|(85K@)7@^&i3wXXRIJ6m{&3j(vp9JER*1^lb_Fm4bc(}l&-&(V?(~x*9
z{BZlOg6EJ)4PV$v&ScsA8==JQJQ%C`&D!|2mn1Bp5|ZqEp$i$8ApuSy2Qr~ScWI~B
zcACyJ_|Cb15KBq=(?@l-oo*aQf*0B#cAFOWwQMJVR9^`2N3elKsI#5F{f~<<Jd|oD
z`%Bn&w8+FUeKVZ?d?N+F-z(r*`MZT3=^UCshQDgn!2+H!Lkn<_9B7R(D9x0-mJn;X
z#|d5tQPi^oLHq%p#lXR*KM%Z*`K?g#e|#Up(E9+w<s}wDz#8DJ5qcH+QAs%<oF$W?
z-)(_(eD8j#`H$jVOMa+f&aBhuXj&w@9kF>sTZb`CG4Jfb<J0Hj+iP9}&yndK2Av;&
zyC%u}L%HaAO^f_IDwX07$@3fdlR4j*-j<^@5eqxV(~rsh{fEJif@tS~l1lZ`A`QzQ
z2^F$ABnCK<+lwL~#dcErwDu_&d1Yu*R!aqoQ{Z3Eh~EkRDec1-bJoocUR!(Y`lNs}
zE4~MR=tbzcpXh@xafv@S{~kz(t=%1>f0T}^hti?16)i22ITUoDTsI(vAEH~g0UBH3
zof7ho8vFWCW5;Na^6%nnglS;v2eR}DI`_8D61aeKGeA$|yezad$-D7hF=$E7j4OZH
zT(c`b8m1NaMMm6mv%I38Ai`f=I@o{P3b3&i3v7`~uWYA{tJR&!aSLRTlpF~EM)sF=
z85}ziVaPXY*O8@@w?|(1ViHXtZS*0aQ4RNPp9##aC&Vo5_=Phvfn$YU=w#&+CtYJg
zXN^d`KT9wPv2Xqmk--8=<g2uZ3f4@`+xy1i1#4euFH{quYa#t~+;7_JNOo#F$i!eI
zo#M}HE2AfQRN)J)%86^(up6hT^nAFR>6qECH<P5n$=W?rN*y80^FQsjB-g2DBlbXx
z+5?{;MkO~lgPgyMC%wik2nHPk$yc?DS3)x1Px^sR)@#wvbNf5GBpV&<-*0j_`Bbuh
z0T1X<KYql)fh2JZS@we$_f?YXxE0C6|ILa--XBGC>d%X5=<3p+h;aTsA$<vGpYKZs
z=xEcb1+u3l)&gDDFR~>2jR_|(GF875VVqbupFG^<WkObms(Yt(ay}k4_o`r(kf2y(
zz~HWmH|Ds#GBy7<dj*|1tLi|*rXMa?EYbN_wm%O!=K?7hf*bdAh=2EVM659tG9Iip
zk|G^D$pKDWp0Cmwz>9w4g?qNJfA?&bkfG9!Dm-c)Ck><cKX?f_uCMx}VPoK)`tyU`
z4&68MSYQgEae8she)yL6-X;sI*f!d&eF_CdVAC^Uv)By%lH8AW9&b4}!kFTb&=`qX
zjHK^5N&1Vv`8AX>8fTpTd<@Zh`A%Gqzfb&Ld?9jGCG&}_wHRi>sHQtiY;E$b`bJa{
z|NNul2iHzDEt1g9us5g48@k7R=^-(rUt#6U;aLG#deT&ds9g0tBQbuGJ4S(~o*+nw
z1u0a0Fd{=pejc?3@<22UAZYfH5EMMXK`wSulwb{<B>|8;T^c}8{pkSk%_fNLTe%tI
zn)bOjTkEb(<B14V^)X|wwMema<fEY|uLmz=Cwp>q#$LJFk&|k2{Xgp7JRa({{r|s2
zS}o-&r9z7(ilP*<U0Ure$WGbU!VqJvt5gbQ%P!fsVQg837F~9-4#rY4wlQQI`}iL3
zp(|JS{r!FJ`}_Ip_fHQ!3hz1J=XspR@;qM0v15kJMAqyp9LUd!jhB5z*Zs0ExND~d
z6-uJPj-%~YQg5VO6S>|Sf)vrC(YC42_KN;haC)f~q#Q5zmWFo9&O*zHadptquVzI|
z;;d>tjOhw)<`>FX1W($i?27WTSJAT-@crkJHe~4Asiso;sx=KC@Xc@hSn-&)WVT>)
ztjp^81b?>2Rcp_r#9dG9edIe?Uw{qVca^g9BJ}|y)5|yhV*$w@?r+?7ex=~f*9|Ee
z8R4U4o(^o*WBg3}#BwXFPs)sNoUu(eSM5p;VN*FPw=i4QWqQVA>7L8N@RO@1Q5w<=
zLCv>Pr#GojFJ?8-4_-!0&#S}FZm|7xIb(NjDL)xI%EF7$E9TvCgEv;!8_iELdn6tt
z*yt(FkKDg%Pd0woJY>7=(&zaCOH|hOePT+f8X1-Yid3ycl_-I46*6Ji%XkA%-2S`g
z(Z#BezZ5N>nk4qdpA#E;zDp|LlC1cUp#I5bnEhn*>BgHIRbamZFWmd(#$k2#e!DR!
z@IjSmqH4}z0TSv+tZw6m>Vde=^5SDFPhNX~t&{!4wpk*!IOFtoi4}rvv9fl)wTbV<
zhixk%h`ve7p>Fgze+R%V<daaoe*sFfape=h9^^}f?>l3Ah>7D=KwX(_$o=4rA~v0A
zSo6lXofV<^az1;cm%cj<uzM6AsV;OJzNVFZ>!B1GR2oA7g$urXC{QG5uuF-)8WdM@
z-Y*oPoJDaT(rSuOr1;oaSs*x2T3F*NPZmyFwJFt~n>tqPUNkS0PQqhCA(gEVe#TA+
z{v`;+AT%HuR#)x<{FQ&MmGhr)RxexPGY?y}rN8*(J4OEd6-kTdS~w(2Q7D9!=(80u
z6<vi6z6pZ|T8dCs!(H<Xi<CTkVhxhE#V-$9&TC|7^N<N#7Bxw@o=_pZLpf#*Vi-m8
z1k*n1`yfozFjHCCD5RDtb1<nycDkzxI@k{QiC+vCvk+jSoSN+%sKfRZkN1O4x}pn)
zCzJ&B^<3Lc`|o%`O_6gFH~+dEj77LncT6D6z~I3Ojl182fiH@_yEk2lk|^%@+7Fz>
z)IeP*6ibf25ECqf3tN0PQyePo>-U(w9=8e|@y7f97>~~1+p~I%3ictPm}Gz6nIADg
z{mjaqtDeYhEdaK*KxCi{roB~xJd5!lPn(y)3N^Ijov{T<eC+Kv<9A+y)_1J$dX#S8
ze=4heH&#{RhZewB02^LS4?AQt)$bx0^$ac5fb#BZnDa>fbRSh!G2c5o)~y4hZmd@l
zZ;=9drEWj!<<zv+;WgnOFC;R-AA`~MT4go;hHS5t5&lWo$$Vl9TeLtvAtr{=U($K(
z7*q@$`d)$Tg%b3qxh(2G02GgMEWcOs&P0;0NeAAbX2LX+T~9@vXlxfcH}&~z9rW!5
zwhv}Rx{jpSSMj)$b)qyEJIs6^$<4+{8hv2Uk!JdRG4%PqGo5I;2k*cLzSPdMoOkwR
z&H!KvQv(8%*R6|Z6JhzC^lg|J_=L-rDG?>}0}&zs=6!OSuSt-afMI%P7vK2Y+7xz%
z!<_T<i2gj3%tteAa4ZpGHUgS@Gny7n@mK7dD9axnZX*_vGLPrmwP!^nsHbU6k_&pZ
z*^kpJo})P?s;4b~aZJ?0Hi8**+88*~$)H|A^OXp2i$^eC)Z4mkn>G97Ikv0%#vFNC
zt9Slp#3yBvG!S0qo`T5?{-J`IZ$I!Z0|ZqGgB(Upu4ihJKe>F`rP=8cdfNMWgjje_
zoS-pi%mu+|>U@`H8zbXcx}DPvml;wRd9Uw@SbGZ27AGEwjOVF(#I$d;u#>H|mmnG_
zV(c__l9ylmcU|X=2G`Y{`YX}r(RCwna-Ts;<u6786h!S(uD-c=Yw_`pk3?9;obefd
znG>l}7Be@Qq%rz>=9GbscVmzgJp>a19!-zAzgVX8icXRW)6CShcu>IcrLLxijcIfY
zsJ|k~ATMlaDdj2LBtZ)^B)<EE1^Gt;>Zz|dOD^CN@tJy7m>kNjwhPJtAu_vwEIt`M
z-T-6xOvX<)41sdg38^B@@SYCIYLE<wPR2wJj-$xV&FIVH%BLGS$4{qfp20=VDn+K@
zGVF?mFGdjadwgbloy$)3a45BruwA-%CK)O}$S=JFLZT{h9!dsPAiidchvM<&LP{s8
zWTfNuV9dQft|znU<%)=FIMEa*_KRzHmvys1d$_W1)BP&#%-E4VG<Owo?lPRW%j=s>
zy^-%h46N-|2z{?wFoczr;fe6hj({@ft&6SSH#Iu$83B`f`b9LenOld+a^2_F;!Yb?
zX>pZkmw~WyDpsQ@s#pwOjD4nzT9~bDp%vbN2#;Ezj*m^GJdP4I^K-|@i(7HOy<Oo)
zSw@7r28uW>@$gz?+{+B#ySX6xBMsW_7+*%6yiG-nH}eWG%vYc>bSN%rVEkxO<RNz5
zJ4T0IrAvModYwL8A1U74FICN0lXs5e+{}jIA_Mv|ZBHgY5_OyKC=Zy(+_9I=y-|WN
zqOyS069ap}m-$-;uE)UB{bIK3Fl!Iabw*@X+eVUs0=izcCz_{5Q>tt`Z&N|*ut3g9
zO4et5tU1X)uQ_*xQjo@m3qpBH%o-8$ZIroPA9LFJ2;#l+87EMUoWmb|{IldxQ8~Kw
zZAcwu==0Yzz30yDs4X3gev$8-FZDzwn+=H@M&Bi~{xfcnO<<?Jl*iy`@y|G6ge4Nf
z>ci4M>MpW(V``=?Fmq?@rd(GY1_+7^m|eOPteiV;QHg`XJp;ZUwyeHm>og>M$`}rs
zo#URu$3|10wGc<rR>JKwdmL+0rsnk>8!u44&-30pGxz8{kBSrwLp81pc#Q>+DlGbK
zP3@ge7vy<D&z|`7$Z>;9SkS>hhrG8`S(73<6DAI;-=+d!+GS#d;W&6jPg`|;j&MmW
zNT+D$r850a3h3|YYp|Q2BqkP&dF}l8cy_2!9!|2YYM7+6-?Kd@KS)YVbS5aW@4G<}
z`*Vky3MvEjb_9leby(-&CwW43b>o%-d6o00<Vab~2%n~TUL54}Y9~V5XE~DF4z>ic
zqsY)VO!g+TTwd%xRViusj>z-KWrbw0A`m5Uz$y^Nz-;oJ@lqX>9_^TN69)j2JP)!v
zK}pdZ2I=<}!kXvP^OC5wVRk$tP@EoYKZrrqkM<v|_vLvPp&-mkVgIPWa(?440n05u
zRv)j)lTm(wmWfeg8E00mA9}UFf8(~|ZX_OG^qPd6QwQn1tav3MIG6Ulx*IY#Ws>G%
z3pRzVK=-l$AUatGH0E-fRg|?_kXbJj2Iai#J|{{C!sVPo*(2McvkJOI{uro_iWvF5
z*=l~g32UNQtV$nmkSMNdE#Y0FR2@)NsJ+)SR;1g@UV*#!BGXwA#o%vzoq{qSf-%P2
z*?72<;;z?;x`8TYHIyE0(G&Wf%P7RDDW9hX1OC)`unMKK2jY)STIeobVW^#!k^Q&j
z`XF;r0!wr_UFLRJ%=ySXX1)s}s@!)j&P2Ds^6(E!yHju3?38pDgp1{E6qnZcN#Q-?
z&WfDO1j(8BK$VvsrutTTh~r0nozz^&!Xh=Tw)k<2l);1HPDNdGKo0kpEq^Y5`ds6q
zi9`eIJpqBIvimnwU)6d<3w8a>WW&UR-W1u<!be%|D{yxxOB~BBkQ<OO|9tw1(L)ds
zW`v=6{)$11AfOezOd(*(ow{Q`7Mly-)C09JTZ^6&muwrSOHDCA(bWK@Xj5Rxda6*<
zw(0AWf?<Y9k)!gwgO&%Ey{jh~f^@)HL<7ECi5h7M(R1ohA8Abs-Q%YX3wKAZ@q2sK
zJm>`&?-ezDW-F9`4=*&|g<Pox%iRp~I=^q6|G1gIxO#SJYUL$dn)*u)yB2E_y>CV-
zN{Gk04eB{p(bciA9uUz+&liP&aBy$^E^?XbGXALe&C!H!<5J5Xwh4pU;F5H~J&D=Z
ziBk=pe%W|cJc@G&hQW3*M@e~7&xJ{$^KDJ5jF5<I;KXrtB%iWw1s|)u+qXgD*|BXJ
znU(j3hE7!Px)8qROYK!_6U;|dTDkIHy1V%DpGj#Z5znYMvjBErFSO~u;xJUy7s5?n
zvuOX$@=44p))suGfYvn42yriTr~ArW1)Gz8I}jb6(_<yM?Gw~95_WdIr56@sJY3_R
zaT&OsHC)N2&irjBBB`>(e1;%Nr_m!YgVB#Ea)3yjPt&!Q66cRp@z7VB0(C`^Da~2I
zkm!{<=-C&(w7;>(cI)BT(Mf)Y-itM;5<&TyQehy0xE&2zWQgo^ty}9E!nc}zYHeJb
zhqAiBIf4N-%Uwz_(%oH)sv+$akGfb9duq#nO>zDDK;&t?ja7|#aO-L+<=-SE2dh^T
ziob36JKZfe0Ca!SW5#DFL`%ZBzp}VlV6nfdq0<XXDJlVh&{1(1(fP`JytBV2zG{o*
zxG^~)y#`>kKb68nc;*9w#+$eBn_YXPRNuNGi7i<vv;Aa+WA4;aTk_Sz*@}ZRtt%P&
zdi*sZ$8)@Uc$LF1yKJb26O%P`u2xVZ{lt_Gdl;X{WX7{S(tl`2xJ05-w$qu6Yg@$5
zfxH_A!<(WBl&$98Q|7VVVfCo3hhj&A`{7az-JLi)%T@ciJI}IpQjCCykVo?oi||%m
zcEbCJ_HA(dPEfpVu>NEF$i_BpInj?=2tBqMx4Y3-L);EQV%ZMyoyh;>7De(LIX9YR
zBrBKl1}BoQzBx}Hj<BxV_s^Ya>`6~Jjzn2u;}i*WWx7^QZDeIZ=M0FrUS~e{UA6=C
za3j&Snr1tf7iIzjRU|sboSAZ>M*1B$RIlDCCBqB?fh1J3vV6P^A>S#dUYzC_mbgqk
zJs@V;VlL@}g2m}kYm+$T2vK*tEGoOapmgF<NL#@t`sxF<Qddu1qLfi*O3uODbRL!Q
z?&5-BqW-Br=V2hAF<?rRSB~eZ3G(wQ4wwUmV|g<qykddvU<m(pi+xQ;H3R5OJhhm`
z`&q>S;JDz^k_i!YH>w+juL7@l$tOFSeuI(c$y&NUQh%vks8ultD9RSP&Turncib@F
z;b?qs>iJ%+tIVs{0aSzPUt2$VcuY6132Ib=NQP99Jw%C?qPAB=61@rshn7yCO_#f+
zH&BbHb=oVYsJnndbpkjglvhvK_^Pj~?qbrCy7NVL-;LG-w=13pR|WDWC{>X3QswG%
z>Lo;pCsV{0=&M1@CjbdZ?%w1zsqEK1ep$l1x_^TVrTtq|tQ@^oo@KBuu+>$?<i(`u
zaKnM?Jqfx}LBeHjUXEj39f?!bX_!iS&@?~9LgsM?_&s7pNBvY+zD#Uax|V3O)iNjA
zkFf;W5A^%oJjVx;H&jC+Ld3z-Im@IFKo(*~LC>+PLfv<UUi(z{ee$*W(jmzmMGCT&
z?Lcu^>UWCjqInv^L@R0}CZLgIxxYWq*W(5fn~OP|l6l!)p<ufi*_Tk<;Q7T1GTE7Y
zna<=us!r%|v;NVG$?yBu5+*uWaUX}Zd<kRF%+6-{!uIF&`;bHLZH|;T%<b8?NO(rE
z%#VAP=^;6ZwC~U!Q$x?vW%nSGDlvSg4KiI%$a*ORh?{f@M^XjZ-WO?PFpGVhWez3h
z6Y80>)8*%3T3jggNIxLeL4YH*+e}GQZ`!_{cywz~5&g!2$?D7XPzXosrqfFc%D=Ae
zWo~3IZyTMF*3U70K0VrT*ri~4xcQQb49<M4cXC>-?cGYZvwyDCXHUR&8o7Quw`hHp
z<yM^%edh9l9xpNxuAj`pPx|ZV^+W~uo5{Dt=OX=y5w$FH9x=E2!EXR2lqh^HL17o#
z;|3j3Cj4um5Ay-j@jPNpDB){5K0_xo`9Wsn-M{w6Is8e=YUgtME*Hn=E`d+U^|F_k
z{famt$93|9>LSk6z<awjHOsEz^M0%|FWD@wUMF)ZloU75iE6oubsRREgh+Q@)kw+|
zIRMZ0vbX+{34H7=dtobol7O$ws}d(NN7zZ2U_afQm|p3#dX0k}*S$!7-36|xXvE}h
zSAH{MKJRtJpv)rgDEY{T%9R!B_&HIfnL;tyq?ym0IUt)E7WQ%0YMxwhyeZ2_ejhgh
zdIVq!y-FuSR+-jEYNdA`zSwmrL#H60aO$~5vwpC@Otjg6hOOcKP#YUnbMlt7_jS-8
zP?HpsC{t9aB1t|1aYfF1<pUb%wsdDDOn0k@^Vt4*2t9WaE919^MMkK^id?PC5TtUJ
z`|duDl`03G@i+w5!75RH!4T=3+mU`;RaPr!VleyD(jL{pw{7!bkeab@{XAwObsDD8
z#Bw7yeH7gEoAw(jF2T1{0<~jI?nGgM<A2KNgfql)vZ~8!O*O@m-*4hdPrIh3#w}bn
zi9Pm8rkAl|rh*P;XXZ}1kvyW3bOuRnJW-?@+OpzNi{DG8TrWd%!p37{c_3otq-{=y
zR+>geeD{t^mCUD|PQ+yNDjB*xc7q5B3pt`n_ry(wws_Jh*J<;qk57ihn5gBdw6Kru
z&Bb5BzF<9Wb=EUFC<P(K3tM^9uKazPz+1?H`YCwCVe%dJ-)ZG`?hVKda6jE<w-M2^
zUR*E!lK+(PBH7nfpm^ks+^3WVWo7Yr6pUw77H&J(RL*c-&zBjMK__jOY>mI0lHcn#
zb*ItAe7WX`XfEZfXnB5tF>)^|^QjF7H==DC;~wfd)a6|(cCxX%o~_9=Z41dD=A7$2
zURd6Ht?HU#zgZ>SdT${7#;#P07k<|BE&2sH5ie<ZH&H1s%oT=6+|;x>`io`O^xJP#
z>ofj)MR^<PB@Xyc*1t{<BbP3Y4P4rCrhPuaX24H|BbiI2pSL47Wr#gtI4CXG3u_u!
z?>+}USSQ!5vrkRVs78n>j}_bH>dEwMPda7z&a3<@Bn?kWh5FwA^5l7X`9)+!v%TXE
z{j#FjJ1#T#ndaQ0VsGRcVvE*%4KrC6Qq*7jt2>q|Uz`E^77zg;f$a?rqXEqOPVg4)
z5vFn=UH3%5!vD&FYxjnm67rJ<u_iS;7hh_g`iy^biG^_31vZz;Xxo=Jl(v>HnEDEx
z=!A>UIpQ1+6qq+&bLzT#DdK!;p}Xi&d6$OP*H7U_sfoYR@XFOMhh(yB(X;g1Foa4`
z4w^pOW_Qm-ix9O$873RCFo3$MI#{rdwH{Z}?PP8&T$U6Q&Ht@}z0M@+EVso43>lgn
z%w2uQkG7_&2coR-)z_N0x%ZWCv4<ev#?@89URJ9BHS}377oSl-J6e~Q{?QT0L*Gf5
zUi8W+XK~o5kA;6xN|zWRF(a<C`@l<W^a!soBpd@qA??EZ1*fz?AxD%D82ivOBPO24
zu?~c}(7Z$s2c_|uewR1PM0>p??1t*$E}xOEJS$BL{Mh4i+(@u0`bNX6lW*Gn1*R`;
zEa>&{!AUQC^WJB>$NJ*tJD&9=x%V<65qp&$DG)?U?EmzYx$8Gjxoz`F!@<OkE2?}0
zO7)Zzc#pu<Lf-@wdH%A&_+bAS988k2PF(qr<wr~0zsuhYnGeFti@X&VUz9P{o=S$y
zDT@5PWgELt*849uM++D$wF{_kT2ihP7~i052l`!X3wUt-xAO+m8PDWxN)_y;1#ML(
z%7ZvYEF=m9CE~G+{t&j|%9mP(BV(#g_Iz*Tn3nnWtU2n6g`v)%N!xr*EAG(oiv7)v
zJysIWa_iGd?tJ}l9@BrKMyt&|SzfEax}!S8W_f|h=^mx&k*my5>;r*Fn^zu%;Z9H+
zacB*8{iULLLzhnY@nTEhZLI!f%rTDhZ7N%L9etI4b~R1_M|HU^{x{l&zPl5tDyH6E
zttzrTlZ9kqd_-8oY+=gvx{~G`g(IonQ;l!Nb8zlui(``WH3mWgcen2Yt9}!SPZ)Ky
zugU*hbJ|zj4)Du$UTmn=PJ6mrsZHeJ>iwW6Td0p)Fzr_s^}!AYmj~cot+Htq%kxKR
zRk}y3RXRQgI`TyN$6K0^opT(sI`Go9Ggp&s3v`)C+k+t5W6IN3Bq5bM#l**KxRH+G
zj~z%5!2gi<>OX@3ItCHe<YY)Vs|(yL{3B5n&C{BBIsfOgWNzUn2oCI<lu)e=2%VpQ
zp?i51p{cY%jGsX8+SBauesOsG1&r|E*{K7L)jW}?z0Ww)psY0N<4xz0tgkRlDsRe|
zkJ<Epc$BlHQ%@+P){K_8KJ<H=ara3<I^xBuBZO%xghtp3%?{f|8wuf|2UDB*Hz_N)
z(%uc>PypG>Hh-#jx1e8L={p!oduVxaHWZ*=L4sY(!b&-aKI12+o7qgjq3jSo!6VDP
ziD5JU;JXWnPk*sin}e=%uloBc;FVatj468?8TzPsHLSdBfP~yK4{QBuov2~K(K$Ih
zu^)AuM_R6ov}N!~wxu7HS()?&S6@5in3e#{8mQ68u4MO){2f_&mAGpbzpnhPL#t(Q
zaS9z#NUykN_msbvy^{3N8}txhB!8iq#835q6F%N=w<0cKrfti%e}*c*dF!%n{@cF}
zlhFzV{NZ41<TfrYTD|zje&k)H?)(XT{RgFW$Tzr<4qSh0nZU$PB3ziCFTBHb^%BjQ
zJhlzVdhQbZ31svMAjzS(MOTG?{fzc<YYPeiRAMNWq9&bWbq2ixq1CT-+5fI!3~p4{
z=}vhq`f8T}E-9$A-#$;Pw2#uBE%?}f^=!ZbN%+|7N5d!GUtPqi_P?x*)9UsmoYe~<
z2QmNa2cuPsqyD$AQfqwAkJ_&8+_W0<9%DBk+}71yC)Y347x$CTtd{?k*w}0=M59qu
zk6hTg${aCm0E*--Tl=51a%?J6j<rlIEzgN6!|<mcLO7uyc`q+}@y}=B$gj)GKrphO
zjXO57V`D>_4ge_;f5P=rYQ{{gH5A`R3#_HQtv5O5M0vU@?Ej^{@{>MNYh(ZpWm+xM
zT=VH9%{<<)q-}DApWBFbQT@vwt7PLoHHs_0^DytrODse~JHA!pd<R*O%x@2RqJf9W
zWErMmWj|?=pI@Cnj1XLAvK<V8sH4Y@1vnHriB9yN(+Y~=dVZ>q_W$~Gkrmmc@DoG%
z`R(hzVogVIA*8P0^e{~WvM8k{%<w?`s}FSfIGFrIX^FWEAh6~*Ui>R0wDzMw4|Vme
z{7ic9Q1j~(JIq2`dc;zP{iHkonPyyjH{3T7?r9WGLVunRL(l`<>s3aII}bic#KO>*
z0x%z6tj_<7$^84%T;06NjG8hN`Nxh<(tgW-&lUzdkOJ`2YRt<$hv;b!9|OOiBzdHz
z6+VC^@$&v(cGKT~<vxXc05CJAJ^dflH^$Ks&rR6@qGbN|$TQk5_%Fdz8uh6pD;^oK
zM$joB#U392?PiL=fF)_HlBhqo<j=2I^H*Oguq@)j4by7+7HED!TMueq*7GY|tIzvi
z!JFw$upSiVL#L7T@XkfT#9S5TFR`#7vb!#C_<IF@buhNAZ3-qZyJJmx#bL@W+oXbW
z?liwZatZ;yv<qhUe+u`l4}rwnBc80%qg_ZYfAN{&EO1+fR`RQe@UOQjvPG_LStE*5
ztM^x5?bfHES&;mOHSM8h8NhjOpE>OQPfPLhlX>4k&O5lHivwyJO+bx)t$ay?9oOY1
z;e-5-D6Ywd>env<Par83Ss_~SPU|Od_Aj=A_Bm(<<2Jim<~n?C6Pj%mE0pa(7O}&O
z(cwI7ip1UVG&<$yR`~f9YaX&Goal%}ys_4I-R1QMuOJw%e`n+p?F8DZA<3_&{}JT~
zyYi;ls)?w)OY_4*{-e{a!VnZJBI9{CD{d9h^pf3*eD|l<udS<rgue0g{Qngd{evAr
zMWthryaklhcEADUJiK~9X>8lW{|ws&n^_x^u4rWB4XJ0!#kDQngdk8&4O?yPU=cHU
z<7s!w&!zkM6>Gu|bBSFumwI4x6VABMOm%-U&E{VEX>-f9V*g@3ZQSb~p-7g<OMtAT
zx5i9Tj9688t5rW};{+@3JF_ud?8(1adRZb3jXe`<?RwOTg$M>dN7L^hMsSu%X&3?e
zst?heaq7=yf1KvU7|0@7g1eESeY{10I$6^&Io74c5G=3Gd-vCEEf9))4&b^S+;e@f
zj6qYiGOqlZnfpSTkef4D9oY)0(mziotETtv<2p5*OdOS|>Kn258u{X+o<7jct(c<Q
zlotRs#46`r55bsYk?h8k@&9^h2H#vmW9wf>hMFPH4i-$j;6%4#Bl2Msj?g~L!}TBL
zUE=|XD|sWW#HcX4YEb`>PcePYAzAt264zmwmFd7*H_~&pN$!6MCRmf*)>z;IeJ<o;
z2kgGux%t{HSb<m(+JS53S?_S%>6+l{Os#uGRY+E^Jr$!8CGmtYv24X73h4$k37L6E
z&l2?4^N99uruA-$Z5RWC0r6n67kpv`LcUMOEn%(66lf1*ck0f=VOxbmYe?PWkcJ8o
zcNjQ-u@P$`INXtw)RL}s9V&2#>`Jaq(+4Pxr#xVmxXf|d(wZ~@$-E01Tq1w0Go9W~
zh1YI(ynGnEa%$a`EyyaJrMXM3|8SQAEMm{-g(^*joiK`PNmW-2Ij+MSs^3{qYmF&g
zuxrY`eF@!VQ_wAtV_GLL6<O^h>%&}8`Ocf(CYw(+`WU3(vPqfb;0%vKUHx&727}zo
zjC!K{B2P&eu49+>-~F==G>Vr0VBEgP5HE^LLgs>sk0igb)=rAFw>O?SczFG`N}gL=
z_!-w%vGztrbPoKQOX$Fz$cD;Zjb4q{9Sn8uW?8!;p|F8(8{0SYuLzB8oh-~>@i0Bt
zCgC{5?Y^jQX&O@<SQW@u1)a@(S5IEwHtyjs5$pE#A+8?=U1j?L$rOkr7?39u*}`8j
zFHte@C}Dm2$C!JKb2mKMk79J*p0w%}B1!(^nzx8&fwT{OQyEFKm|xf`Pr=Nl)RtDI
zsfi8N3_+e|P8;WS37#^doK}31ckWM*dlqKY&P{wH4kz*b_2yRM?w(~%lx!iSe8gfQ
zRYRz;!YGHXfZ9yksb;i5pqG6l#=+Y5rocLbEX%ldAp$So`dmCn^ey@<jhE)81+!!Z
zk#i>q^JX{QRA_9rK5dD-{>>8g?Khtun@y&#&XhddjDG5cRSY4ozw_2Ux2}ULzr#0L
z&fz@b$z4?UTYto46TN#J^+f6_wq<SHt0p}hADD2#_d&c$RCl~WumBcG9-px*ErB6?
z2^wim<j$tAuWrX%1SU2aHZWpcrcAXax}6g*4O(F<Yh84D5}-ldl-fzTRxoCJEkhfn
zRbU(S`|rP3?z1ZqQVcnE^hLU0<zT1&A@6Hqzo*@Pz=$>a$OvSV-Lr;@Nl3r`E|~-P
zp8Y_WS%;0oV0|#?3gxtWxHqq%bj5n;QbbCJ$M4Fl>kw<D4_A+hQ#Xp;q5~VOYzFx`
z?5$5*i>dXJcA>9Cbx3a<EYAR2%kgT#nu^N#J^fe!<fKvhqMo=!)fiq#*1n{W{euST
zA|goFl|%k!@oY+g#gm)n7z1f8EZ{R8-&z$Ky4yY#_u{-JCn}snWR{0j#kzYvmeos7
zOzkTJNv=uIj0wKnX)tDk<IHquE=&Smmh1Y;;b(Ubr|1>?K{VdE^jX>fDZmrA@P`gc
z*pbXC{WY;mR>l*3ZjwO@!0rj!bndrgftp9zqN-wg5_*MK1xcCw3|eST`uZ-M0SDTh
z#QGe$aFoXm{lii#(c^}TjKlre4YwVN?aH;d4waNL1t2%B?e_fo;h{ZL(Gt7xU{fXS
z#yQcWS8uI=q8u+W)au!O7w0GL2{!Ex4N^p`M`+c1-l1?ysJ9r@?tdRxccM~t7lDi%
zRCdY2pffN_CRx}1ioq52in<8TlXSD1{V?$8N_>EdM^dzFs`7PJ4yewbTO92#pC`CV
zxz3IqH;Y0!^)2-WUkQwUarfI_JYrl<?M6*W4WEvZrqZ_5!-Q8K`-%evHGt6V92|OD
zrjHE7pqr={izUgJfBWk>MR)n?`*+?C;vqRp?Z$q}Wh(*l&K~4bekbU+?Hl*Ndrgj<
zwo>9Q#zhHsdPeuKgJ`{-3#d3PMfe8mj7I>k{5t_-r;Gn+V75}2N!I_s7v=bJdeo(K
z6byb(VtE?1^49Z|k1sB9S`<XtS69JuWLVdrgvQM(YYZN|2Y^sXi~1=>D8$6T^EgKf
zo~Lk$;JV`KGD+(T`{5~EShIz7q303uu0JxfTj`v*>h3UuKJ03|0zNvtI;T?og^v1O
z!A%(2@g*WwD8e?AcI5AG=I{0FU2eK(bwcZbeT{MhfoUCBrZEgtIs<`iEV()3Co#fb
z2-BG^42HE5X$0G2O@+E}8o_3Z7AH|4Bdeo}+k^6)1Q1awPD&ot7@JFBX!|k%Vu4YW
ziUt0APU^y!xbopl?ied{U->nSm!!EjcN=@~>S^l1QnS{tlD`3$6DB)yKrF#=(qZF?
z)84S-5oVWZtQGDz4l!%<nplTrOJPgB+@!bo8eMeZ$mwRzPes;Uxs5Gm4@cjA^GoEr
z*L^;~iMli|a_{>LWzV>OnLfu^M0w5HFgGhpZ3K^r*(`0@U_$<?pX5iW*1PRmgvldL
zPPSM%L$<wr@q=P<x+c732@5S?xu&6`L`;rc1jA#C+if_qsQ9vIVJFN&4Vh&tfi0hU
zSC0h`?>HQp79j*`L@%sC=R#}-O3gKpW4F1ZhqfFf5~~2|h<wXfMc0vWL0|%V9A8)x
zbFgk2v}*!-aKZ{*gp}%WJx?iV+Kaa2IJVx<elPyv56+lYl6viaYoi_7xE)BgwknFV
z`l@&!t?e;{W^8MMEu{6mjyHSRL&BMu81bn67U@J2$6V`|P@&G6yK~=nh}}%4%Zjiq
zx+)FoiN&fb&p1wNJKoeKw=OJ@M2$hZ?uom^5nGrIQhTB{kIdRG@56lZqkMznsB?xR
z*)=oLlREEIz=%ZzHX+$~yO(sLj$^3lbvVie)S*n;vtB#tt-QVOmPvlXrl_?S(6C0%
z&?3<3)ER?%%=w0HP@U3d-2V0hW8vv9Qh;y8d3Vv?wrC;eaP8|+7D`?CX+;p;YdcRy
z-RrLrBH3kjWI7Q7Rs90ZqFs2idkuuU&w><=L)|4UmSwv40565k9rPN*bL||OxxTO4
z6YlTxb&f8x-Gu`^9Jcu8`ET9huIUtyXbF@;wm!ad-yGnuAqcZ`s@;VctXU0YdVBmb
z(eF^~(%iR|EL_>?w^AP&rY`M0Y}ZJF<_Y$8!;*sI;@l(~XIuy>N_2kvu)jQ~+xLTL
zT<(&@{^At}_v)ibm7qvDbj*`?7L!(Ly^hr3#zS03K*|ilT%GcTiuf_?r=^+(gGeiU
z<O0oKfaWm78Rq}LnAn<AvFYA#!CvBb!?AfX*>e4xuezKMvDL*euOgN5Vdjw>2<0@_
z2GoVN-#(p{EPsSgSmM&173#8$f2||^V~$g8Q_S<<xJ-(+nASlF<t7$Q&I{dgr<)Ie
z-(ZjfYKr&Nx>Y84XQ(s!Y-4tulrn;N7CV3au+g-AoTRWnMg9_~str3Wf}hkMv*LE>
zjhDR(#%FhIy6l^JQo58GD$MTw;sZPIl$JdaqGGRzaWYwNvF;3@gahtu#mjzGi__c(
zsBS}_jVSlXd2Ura?0jSF!Y{4_@<wouo+d&{U-V<T!LW_cRBLhXjBM0{4zB)bmD1@Z
z5Btfg3m-2n`cH&Pj(XWcO_T_=(e^_)P`u<d_sG#KDNpn0nU+8+ex@TTNy`Hs8UXUJ
zgt)pW$%<ziPJ9qF?aKqTII-kWoA04Afs1%W|MeJ}J+0Sq(F@D$lCh1BsJpURjfS0b
zAW>s@*YNB8!J@QAO`|Qw97D<lx-`Qn0%_ExcO0@U7asiCDS7w({dtPJg(u>@Hhzso
zJst&O?vO<7-Bco6y`hXu96_6@i4tN_HXO%_XM3(Xjp^4-0seJ4a$xKJqI^CT$8>Xl
z9j0UwYaM{1O44&*9t2%-{pf(Xnf*r_6!x#m7M9@Uw`pj|cBJ`J&f$n5JD`-^6*N;w
z&M#90l87wL)Nb`fpS|o&{R6iKsl#Nal^D-uQm@#a45<!K+2B|aDyCL`^uPR3X6Zep
zzjUronuk&>c5ikOgjJ1Q@3UN<mZorFaIxTw)9uTm_W3r{eeTh0@21-O98lvtH^(?d
z|ICRJUHJ9UzQ~vaxZ!vPVkn!8muK!~grcJK23-h>i`%>Je0**X*DK-brpz*`MB{w)
z_2akydX^_2Pm=bW7cKO>PW&jg&gFon$JWvVfXmF^Pu&LXnSB{5QAiXrN{gX_1=hz<
zKcWzDoWmG{@=8{g2KS_BVxo^1F{*-WiUZ++BX!9|1Wg$YQZJgyEbjLj*wkKVm^X{H
z>Hvu&a#yxQZwAGqD<r|BMx!ZJT~Kn`DM})*?p$GUr~OD5uE<=teVfo6E-48)2KpLW
zYcOFU)6N*@o|RzKy<46V^M#K}+Rj%yNKKbuH$2yOuP)jR%y9n4OIG24m#fBwzAe*l
zke1X!#*X{^t^*wb22Sn60E<;JztFc%a(N?j^K)Sq%KSU9hoQm-wrFX-BoeNyVOrnr
z)+7GemG*ZAV_EdoJzbw9oE;mY#}>iWFVoY`H8=7lvsAjy@RRe>Nux5(Ix_OWwPHr$
z&gGHTp`Jo5=a)rr9mwThXq2;`uL0+7@I89{LerX(VWIVj8S?tg^5U9yE+fw&6=Zyg
zW_Z>$zd{tg=G&<PAH^gw{JoWi+btnP;K4^pHFFcHy9u-Yp684PHH7lBgU)mY!eHSB
ze&XX^XB2c!)r$}A-*>OJre@LoQj>N&v~~LpGm>$ACOhA?ocg(RrPKwhVf^?tDIQ|n
zR6m8Rle+>zPq>xAsqL;3Gg~ENb=%ZB3ZA{az--&Coy#``B&P`}RHaal&I7q`Vc?Fc
z<jNhbzwib!H~r4`ZPqF6_p+|`?IYZ5L$%4*Ebg7W{~l=o3sWtQ5ytnWA<alfJ<-J{
z3zvvEPv60JlIzz;6UiMw2YuL?!aM5T=19ArPEbrtv1Uy8YG}ht3vImqU1&3ylEnLp
zv$*)OoSgUc2+Am|0~&yy+qWC}5WYF;Yew~+b`ghB=*pO?kjYJ=NA6~5=RGB>M6*!9
zk<F3vIjy$TyFx8!&ra!Cf(8!}^Uv>Y6hF0*9C+pD)I)>_{zyJXxA5AuXPPGaQ%2|0
z0j;3;v=hg#Cnt@koM-ggh4B;Aa0`8fZog}uT{ql6xYclhtuuu5dN6pG`Si$jjqxvF
zTnSy*aW+>SRm`LIX@@$F>~fOT8qcGn7b+lLnHj8?RBo83XAS_TC8E&FcYskfsVkH8
zRRW*43_fZwbXioxPP6j4ud05rTg<w>ZZb(`xoS*>xw5E!A|K8_T!>QBpFhS;1(Cj!
z+4XKXvfP_rFu1gx>tIIRxxu2h)u4-ok#TQ>!~G-Vs5Dv2WYdU4hxxXoF>rchb7}e7
zgv#{=LB#Chd79ly-UTySHprAE9SAAREg3Hx_pq?OpA~Ut<(5x$o0pD7%|W02w>AXv
zDIj%gXqusXCS?|@>=x2B#E+MJQxX62j^20Un1Z5kxBHpyQ|Cb>+=>M+?qT3Iu@Qn$
z{p{vT&pD1mE0*dI9Z^#00Lv*<*ISD>jwhuOoAr={0rcWveE>9Xr~w&WjlPy19J&TX
zz-$Wq4@h3*RgKo|+q3cro9V-;qY>Mf)&R@a-{nxe5Gb7AgE5d1huD{#50R>zG-xLm
zk8O=xP-T{kjqDQajw#4QJ2;WtzPLj-S24IjnG(hMy>}N6*ng4RROJsIImEqJg!KEC
z0l=)4D#5sqZ>{8IR?$96k}#XxJNXDp1xNjPFAv3M|CJ6xLC<I60&mo0lEX@3wU5m@
zU$Q@L)s=*#eaCiX4XAsPU#GL5gKVjgzVisJg20-M#0=^uu~D8kW{z;dA>q#45XR`*
zjH)^nv%}Q9x6RbtKo5~$b{TrTDM|}eY+p<klriNx5IknPonef;?v2r#<QK`fmxHxo
z(5h5gxORuX|HQ68S8#5!@-XF<+ylm{#!JpwB<CKNq>`Do2q&rehSxrv0>13R`QC&5
z?kPQJI=PkoZ>uU?a5;ewd}$$reNol;Cg%O-XyOP3aDHLH`jw>5ho81GbyLYE$bdKN
zLe3j@il|RW^JV-5*rF}CBTG`}0_m%Xg`DB}GM~>vgH_mxuSY#Ycq^CD?tl616Aa{2
z7Rc{Kf15FGi|vEgIc$^3DixG>0sz{Ar9m0HBh|!=T)STVOc0=M{{02tw%x}9Kvt`M
ztjX#|59w=>vo2v1Q_){;LVo%4MbA+B69l`mZa2=f&TmayDqT@6cx<KvZ_Mi&VJ_|{
zN$30y+~kPh<h$kB#hiRnCp|>>nEd*pgEXt8Xk5;?-YVT#%V_EwyYdeXWvJx+PnYBT
zj|MB#B=0ha+m!SHWZc<7a!b_IcX=2#evhSiyl!Rb(pb@AX8B#fPSe723KE73OSEip
zGrQ-%JYd<m=y<^=1KJwRhrXm-PpW29UHUk-@@DUt6L@Y&dq~wJv4(u74Q7A~I*oyP
z^g$fj;E2Sr{6sXtreHTAX5=}3@g6wvO*v-%JAHl-kU|4+tz~E*IEM7zpjv*Ltvdsq
zvL&+zbkHZQ<SL%;<3pP7YCxR)28cQqk-N{)(8u&CHk3Fyw^><jg+@LW*Kw%{jn91k
z)3HaFX?l1PCMZ|I*waoF1bNaD@!8DoRLCQ^7L!Tfiu3Cg{XUZ(W#-D;Yv{_4_7!|Q
zLdN5>pqrZ$j{L(e$L8msT#2Ob<E}DeVBTCG<5XunW<n<QSu~^c2zk!Sh^{LpgL>~a
z64JbK!t7rd;TqHK<=bS8(y>s~!ixtssJ*%PT<M)h{7}G@1WO+EabJg-=eQI`h83<h
z5pYlR;~rBd&FoircN(utws`NS6&fJ%F7$SN)yiRsUUmj~$H_?fOSkHWAjOY6nc;>1
znR6Kfg`bvUX9HDtSHI*@RPvhjge(#&{_2~*oaW4#tViOeiu6&f!Jk~W#W?G;4ENxQ
zyD<)=()j^TV;BdCaES`*K*9ik!Ri=BA5|h9r2efk9OqzY?gKJ9s%D<3sUNa&YLH+U
z$S4dnKfmN?)`M=$)b|m$5|iUp&X<5pir^B>2$QF5I&VmzBs7?1mcF0o78~`#hP3vw
zxdFt=YrgVw?|pPB^eKyqZnE9i_}UHCc(7a;my0py)@8R7GSGtw2wX}BOshKcNa<;e
z-vF2#o81%yHc*nB8+gSklF68q)s|z5yZvaRfsN~xhHSZ;bu|WDOfOX<D5-m!T%*HS
zioN%{n(H+7jCOw1eDLJKCYBIzYTe^cYO<;~&xG)As16Th{E(y^VcNNOcL&$`{piuV
z&^p;Y3t6=)lhB#w*79p`kW+K4icN<a6zOL%9JiV3&)5|CFDvDmHy*kwq&Kn2*q3~#
zWYyd@9a|nGd1_9VZIkeHft_A=nGxNwsOWj*TApPUXIofTncv9z4t4KH5ZJLpG=Aju
zBNDQ*-Z8t>?XMPhF1v1oSXV3BjkghMQ)?nOfWR>97*ej_eeCAc>+UR?K5n=#{+OUD
z)135V<wvK@1O2yg^REI67JIF}LqvUX@ywF}nS0-voTR_ql6=`?ZU_S95yqfKeg&;i
z+G<DuF;+q7cor&bwr-Sdd&ERC!RuN1Nc&)S$3mPWQeI2yDrd;m^QDYw5Wr0E+`U}v
zL{`F(t#-;4lr!hVRakwY{(vhJZwh~g1EM@S5aGjjzf0`yl-bL@ovx94`w*|<ja1Lf
zrr#uL3p|e=e>`%4-AUF3vZitJ0%(~V-zR7E^Fm9QS0H~nelKFw3gXAKdPtmvF=uDs
zJ^ZDfUfjs9!8&yjvjTeK0{Vt7I`q}y`WDD33(#y!%Pgv<+?!qb{+^IDb=?yrSO+Q&
zkVg~yk<;bs@_k)qOjc;yS{2qc0n|-G!PP~0zJKfLa&N#5w=;zKGsmRUiQ3(?@}yqC
z-8LiiyzlfCYsG?gdALzVarh~}0GJ_~-F}ecarDXC7oU8Ia}HqiK;Xp(uQ>W=gst$I
z!QzR|)~PNxmn(QMXY4$@ra?lRkr{Q_#;(!uYtYe#YH0qn@e$K6v`^T3tvIxRU@cP(
z%-{oNsSJ5FQeUU7bK=A$`oY23bG_4-sez-qX&Tw0xk>4a2G{F`39schHF8Ekv-;)Q
zGig$<VD|2XdFmo`d%VAZGl$zPOqb<A>dip~+r~JPK5gEHZ|O6`jc<I&FOUKg-^d$p
z74q}c_hwRjE)$X<5q^HJOzFLMTK+M>XCg8J2l{l;xqLqfP42=qLUZ0@X)dYOf3s8G
zFbtYdnlD?CZ0H)FVXLs~S@IozxNP78&2~F+*=&*pnL&fDZ%0OZ$I9>}=TJjK((Xbb
zkozWleS;$}guRkLJw0XJ{<&7&?LK+lv(qBUwYb^iI7uROR<vK(i&82BEf~t<Gg9Q!
zdS=z7(>V>bC)(MRSiVy!4ha=}h(YjNp3hn3GHE4j*-V;x7cee$;KE4BtjxZ~+RyOD
zA}y=GZTN~1QeOvkgXGtjgT4$gN5zNlJ+uJzzHrVwq~6CQ`sXyQ-WOr?(5!UkqM^%>
zTD9j1`KGo^T-t$=dlP+2I~}MYAz_r{7V%J0ONz~-J3WT<4%CDGijtbM2ON|xp);BN
zGo}QDb>E)I(67pLJpDbzp=pG*jN_aK<cyy(;mH!h>11tYrY^jQ9Ffa&>FRD_eQO_m
zAwiiaye9oKiT<~gHWlZpX;*VC)SP9VsEdcy@dwmBu_%&Er&Z!&FNCi_6$v^$$^KT&
ziO&xVXg`=HT%%0t`%kv0qW>%a-z2}+1C3s0KX#LKPD-~E#Y__IXL82K{Bah*((6se
zt}BU3LC@FwfnMMTf-nuUuG?yF3u_e3>)Y}VukW~aeu$Kkf0KIJR^y2{)mmMw2}^Uy
z@!g1i1wFH+(Id`GzTU9kzVU4vw5b{1kEmVzDG=+uU~8&BGnlAydg@Mtz>82StI_n(
z;wZ~bNdB#3M*j{3WMh|*M0WeeAW~~u*{5T-JhmPO=@9C^N20WFp&F4C3K7n;kpULZ
z4*f(N0S9H@39H@q;jnN2O0MfFXkCh+H&`Kt#t^#;bBvq+GNf<wW)ETjDHE|LGCO`~
z0hlp3p8qZCV@c881Ua7?{MYs*W%TK*E6@abNvL#gr#O(bqxqn^|GC~j`mEQkb&eQo
zC9Sqx>}9XVrk1Z=dJr>JzC9;6Cg$X!EvuP!HADwWr_Du<+~7o&YklB|KrFhuKgUj%
zE{cVAnhu$fukP=UlZwWt>mQEsq#k|W&uw%C5XTKW_J~h%T7bIyp$tgIJ*i(#motqj
z&>pO8yWn$$OUyd?7|7w?JtnyB?QsVbuD-s3{P@*kfb1U-#w+h<odgt%rO@@rPaO@`
z+uqREcwu37T-b-Rv#owPGBp)6P4dox6$le|Fiq{YUeD}$Z$}Um@f~U!1;C%|{eE|i
zKN&{q!oyKf^H(87ImHpM0f9@_&f&J9?`=^MDC`t&{ANz#(o&5u*0jzN1Ta#dKkqo+
zC0XY0|NPsA*9akVn~R3(Sf5<k%<to5_kxD1c&Wl?m^rX>#1cM3p8b(^XPx$o{{DkC
zd@YC(^~4H2e7NxsS@B%-(^XlqYY4G@l$puoI{c7?Ye&{y3x9t<?YUWtR(}XFBXS*N
zAtAD=_Qs7w`#k>{?Xg~Qh-dGlMEky{tJKgn#0I7KGkYL%TBR4`e`z9HT|VTgSRW$K
z0;RV%sZv3w5v4Sco_b1nc8-?kNBU)qf1b;q=Vskk-i8|ya%ek(cDlHT#il#(lVDl?
zUmpcQ_2TqdOx$Y%@K?J``)T4=|HYC307JtH9^hWA@^!I}kW4L@&bd!ORJhW%9Q_v-
z<;U9r0Gvi0YMCgj6=r35K{s$oO(l&5mPJ;={6AX>CjNagk4l&+yle0c7J+ZD4ciAE
zLk36b_~muZ_>Y9dYHEVp@@HD&DY$7@d+qyu;Nkic5d#@~@#l52w*P-T`08I*QAc={
z-)PL`p;dl~AJM=#zF2GM2YHS6E%$Hyth)a4RoohpGdcq&MEQt66nA>>tUdsZJ`G;S
z{rrDCKs22Rn^GJ2nzHr7opt4bQ;3Y&|1%IJ8e0+^cn~9BhN-0Oxu0#>U<`7ft{&fi
zuEUybNM2(ReiEA?Q^36IRXNSFv#QasuBe|$wV&ysbzlAe3EF&|BAX{Ad8L)tOd(i%
z@o~Qmd$abn<Lj>y+6UXLWLSflB+MFA3a^Zd&(C|>F@&VA+5k~I`>&}R8olhJ=L<j%
z?S#_KRc_}U4;;WEKNeRsSd${@cw|$S>&ZT-YSl4do3*?q^RK_;%9kXUf=#<`IQ@|K
z1f(urGRT;=_zH-n<YC@!0Ui=diuMuY_Ab{jtf0&)2J2CLZI+YwtTWrI*8Wey?}VZT
z<B#c7Z{t2VrqISQ?7e6^??Ie3O@4c>S>6T7C*23BI(qLTJ60b^0a1)pl;o>)hs{!1
z6oBaX!TfSbXKF#EQ>(-4)Kz7?b;gX2;REa34Bxy_r-gU?=<2U&q$(F!-^9Ic-(L-w
zXg}v6+E4dBg~Z9HRG9h$U=Lm9xy%5Ex$>ZQlxny}dcI6aS7AH4=ieNYstrbYe8@cn
zz$1cZv#6tilkV)UO)PoHS<Sh1wNU;VsY1Lq9Z@_-m|uMQVO4gLV}p@9ozh_|=3hD@
z;ks84VAVk1hqnl)Z|!PwLi+DDn^fsPA^JxGuW3$}`cD(aErk5IXTB^m>-PKVQh2{y
zdq_l}b_8%z9=j9yw9oRVAnb%k5v1`HGs%@+#Sb*;M_CElgYnt<{p*8OA6<JeuuIK~
z9U${s@CSgp)h?IRERmPwt$^&Ui|S8)9>mAKvNsKW`_?Bf^^1W5!Yy9*CV5LH1t?P<
z44uyEzw;L${?8ag!9=<BVA=Ce#5?eVxd%6XSlIAtD(kmj-vM|fS)FWfWo2*U$ERs}
z`f8n@oc!}3=JwK+*9cuJyKxsy;1C*K{uVgAz}+nDHS1T>d~JzL8T|Ig%j+}kCATzG
zT0^U8HPoNKgW+(11-yvg*SyMbFYJZyOfFG;E?9n<UXzbbs~d9zvN7pvVxRp9?_=+$
z+enL^m+VW~M1$Y9@bh_VU<-gA?AZ9`?GI0fX5nNv?x@U_daur;xhO(s61s=5YRUM0
zkk9WIUyT9}Ojz@^_!eX*8hI;~{kBsrv+E2C9kJSdnP2K3M=IdBw-SL(mk8%`@Vu<n
z)yXOLV(a!*zem;(NedY64SJylKk&`HQJR3(<(-w&+qmh7M?Nc1LcHvGiVc5f|Hu86
z%)KEjpYLtzS2#BAvTLPgkX9%<z4~)m<B=_B%$bl7OkPqH+_y-3eF|HR7d8fX*<Wd{
z&IPqulOpY)e@bj7pQZg+OXSe6r(2!6cdiz?H_O8f$8;ET!@^W@<%Y?veaHv((m`Gs
zLr`~quo1EVcY^s5@x-5wkJ<!-h>hx<)=DV8G<Z#FJp7<8Xd|oDD^%U!+>v#F_Q|~8
zA!q!Z2>;>Nu~XwMDS<7?+49x82t9dBCts-)5~x9o9W>ucEr0dph1%%8@aK-zeSu*%
z`G<3x%-}cf7FTDvkgFM2EfVCG%LxiQ29}+wQsRj%%fn-}@MeSkSM6}Kq86Gzra3R-
zv{9uMKI1)Y*R0bqjGc;E<ss8@kJ+fXfcB7xZCCp>|J!`DeRO5@)eBi@hvl=XWh!a<
zV%P6d*_#^%XG%Wv9=MTpI^8}bScr~@{qsnpc*=UU!ZPy`tH39qAb?y3;7_o&t_l`%
zA7piuJ@evDxS-r%jEZcBU?+&na08_=(Sr~|1b$F2+B8g<y;fCI^Mh{8Ke>?^^K3&Q
ztD5wkGMURY1J6f^T9cpb!$Ma~3`0|I7l&Zc-P)5=4H3jbi*d#f+Z$V;xk4d)RTy^7
z2*e)RR?ZU}X|0QMWfC8otH+Wu^Vo{-Zw)u=j1J&eYkG<pKdB%Tvq>{+MF9SaGo2mn
zcmP)|bw|G8o)x3q;P}QMr19PbhTrULO@`zHqy^L{-OdIU%>!y39*c1XLAdW9wn3GE
zh0pIc_-Re-XCXHb@3~S#-tw)&KNNaZUs0>}Ygud*S>AASuPc8H+7dnNad8v+x&A$}
z)O<y==!Rl_mhMhXjuy;el4sWuDIu=CH;b<FfIN?Y#pHVX=>7B<YlRn<*2NxvUJWAR
z#_1=!us&Fi%X=n^4y`2J$0DBU#15Lopa|{hQJMXU!sH0-S<onp+`i||Lr{vm(3Ytu
zDCHU%I(b&?keBQ*s2M8GJ|XFY&V`;9{4sx5?4KKd2SeX(H5F#whF8+ZPhJqFBR>6I
zjWVMKe9zPGF&nCpBhv3D`<brWCU~2~3g~5M|D|JFsLm`sXQ<O<g~45<p*uYw(jY!n
zn=`uLIOQ1$;IJ^LaRi;R>(RA@M!g2<#dKO}rHl%cU_Pi?UIlr`L;ptdu>5XjFcJoL
z=1G2t?5&JfzXb8<VPEz^!s`d1_;ZsGq1}K3a**$3dz(nU6<)>fY#gp7qd4M5ng(cm
z>hNvcxN-8YeV7_ZNbekW6|5S@Xy++(7RWSln5&M1)+f>xUq`xzR`~eH^90JA52U_m
zGK6szq&s~hnmr~u)sebA*vznyqt|B(9R_z7vy`~zL*ZA#S^9mcI}~*$p;+26(=YPK
zBz5+-&uzaKiOS&$52Wgr-@4?a&y7h!;Rk=M$G?iW0JJlC+2bAErb^%r4?^+;S9nP}
z7*csEFlVD*{kmf^=_8AsnMX>IZ!YxG+Ts_DK0V##w7e$n$m53(2B{J)?cB4MM_M{;
zNdDq&l^{q$gu;S=(|$XF(%<NawV6BMkEOG;Uar4gm*mYG?t&`9R^FBAX5KADeuyQ`
zEJn_RynfpKEduPjcc1XVlKc!MX(oanvGDw1371a|Ej2Uo&yw&BjBj%<BXj>s=K6f|
z9e;?Rk~q$dbrt3y@E`?8Z8XY-1cJ*V6?EtVA<LHUT~JP^qv-*nF!SF(vJm|wZH0F~
zp5jWP%a4{q?^f(3l+87N!j6(K#CxJ<PlSN0#un5tOf?C90|lj{p)<uw%wlr&H$dre
z>DB-)>KGgEId$s-ndL2Pyf^88Xb~1!ytDuEPVQQo#_<)~DNn2XN~nPeA<#oM*#vh~
zHEfx9oD^<Bm3x~;0Pz)t8-p#^Rf83Uj*je=fjP5N^nX@S_IU37C}IOCtf+>Y^zW-`
z))S%GdQ|)8Tr2TNa-QO|;}f%p-Ko##EL(7sQ26iA!=YzGK=nj&KC66jjqB`~MU)!S
zG8fWLSu`EV?k&UK`T9rUSdrCo#OOkn(HTXka-8?U;2U0qcqiQ2jNEVsF?%PAZgo`!
z{j;5jzfAV?`?kr@BRQga?~RpD4@sDIMt@07S-l7jzjolaVlmO%GubJ!rioyT#4Y{S
zY*m}0JV6pIYF6Ec)M^6rI}<kzIu?(yWLfyvLgD@~qrN6a=+xqrwb%DxP5o@CQ<%4X
z3eDdN!lmp$-6N52Xln;da#dFSQuH!3)U2Q(M#g}VrL-q=aRrg_Xeyq)ke`%ji`UN+
z)XdEF)?(@zndivu29j~qBGb#>!el?Bjv6_Wi_B#wV2X40dor}w6WVGB(znX*xIpf4
z^zK51-IriFv<hrJ1rXt3qq{>kN&EN+pK`q=N85)5?~*FTRtGua@c^iRNxpE>5+okY
zDJw~EG4GKpG~21h{Bb(@jo(fj*Nn$1^@;ne8LmIGs$2NBVOo0*UA#yJB*1Xo0LPw}
zbocp4tFrK*6x*Ps9SIP_#zarxVmrAc%`xt{fubc4`DIg<XD9C<&zvh=DP2sMXfwom
zgoH#a-udV+qX5-3<D@7jYz0E}3{-IV6Hv<zFix`?LHzE?phj*0X6t#RC+DRea=&WC
zdrj`G;NtZ;(4;idmcrwrK3VHY@(jTDYH=60q#j*yHtlfW=W4MQ7VlH7OPJ6vuHh`k
zhdht)2qE_Ft{yb-5EQPxXCSsbt@y+@c<6PB(HmWlZ*Q8GbKmrPnWAgzC0hfy+U#DA
zYh=DKGl=9-r1q{TM5gUyoRMk{vb%ItcNzE0ZK;>XuW>Tc&3a$)@`L%9Du?Et<9DCg
zo-Mq-PdrZ9A*Dd)c!zDV0M?Z3>S8r^NUO{!aKH17#?72|WyP2E-AUhW4T}2MpJe_=
zpd#zHmEnMO9pi0__r}LnKcf)O#H1g*FUU55<nvV!9<yc2r=ckfNXtB9*d+^#jmT~!
z7LS$cgpc=jQQ~p^FMVxJDAf$JWDPHF+%`~yfR}O3@iLba<rjOL2pO(#^&H<0Ab{l~
z`kvNOP`$c42`G<sx1iY2EEIz~WMe4(t%j7L#y4z>s^Y}o3%}go#`fO0`|DPIQt1to
z(asrN1Z_bTFlktgH$gv2`>ez<EMpET*;Wq*%elkk#biCaOckT3S^X*EK9dKH9FZ-u
zG3?20-%ejn8MZp1IcspwNLYMf=nX2gWN}P)ue94+Jz<inOAXuyH#ox!7<FJ2{E^sn
zlP#T&Ey;~ed+f-2R{&Fe+N~<#=!!6^%Qp$k-cpW3tfDQ`=Z;@|VwHg#;kx(5WAPhf
zH|C@B>~M2Mr$wjdBBAw(esxh<x_A(9u~zp#%TKFGmJ~7O%=oYsncGc&{dlRJ>*x|F
zX^Gt=Gf83OeL!#I`}q?fGk39*bDVOXYOII2v%7d=mkJc?11LV60dsT#n-(MH$0sjs
zlMWTzG;VeV_q`K6>7QhFub2(vvvSw7FdcsdJLPvlX6edkdlA;WN>jwGC4Q%ziE!-F
zGK-7?waLVOE{38i-MTb%EAZUOyN^nw(Q;4R{d-#tM%prY((qJn9HtagPHpy+yy5D+
zlG9D?to0{)XJdlSn#y7ViLWRb@zrfyGA^5jL@gR$ViGP)U36-8z|_9TZlG2WYz(&W
zvw!=-wBG&bPe$yW^$E`2`SU3SXm_n*r{_bFRT8y%o{h^zN--Lf=!BKGj(Ab<&57Su
zH{IpW@*OD2RiB*u7-Ij@mtHnA(R>rQTQm1s7V)>IzRv(AhUY1fMMcP<v}<}{zuNy{
z?7E|x%%1j27X(yPL_ttgf(R-oNJmhyARtO_D!oeyy%-hj2uhV+Ei~y6nvE7Z2$2#{
zAw~=d9i)Hr26k6>_jk_cA0G6OH}}1FX6}?{p1D?M8)r6`{6H*^)F_21eJiy=J$5vU
z*QIW^xOtss2iZ=xL&7tf=YEOxc5}i2aGnfzWtGVTIhC~dwGS+#1t08y#n@i6yZ19I
zaP7S~VaCq1Yob;W=f?Fq{z!`FVRHaCil3-mNVV;JC8^h6wPInSQ+@Mcy#@Z3n>7*P
zl^iU@=P?Z(iyAQnt~Gm7Y}f85IoKcPR>Vl&AZ5+RI@E5tfrRlE48MFHZ<+meUzaw0
zr;ME2MDnaMf}s7}$UijOJ8X6J%?-eOZ(Jm;Oy>k33_*o4fB=4bvc-&`siUN?Xf^NE
zVX=nJrC?`OefE%fzxF&0_|{l_pP&j{&%t~X2BbOlT@eJ?1pEkcA-&$i5Vqob*>2e5
z?Y(<fChp%X%v&r|ep#x5?k+w{-`&4h+-s=C7}i_Rr<;xad9*v%vhBqmrecP>2cqKZ
zI{`DlG;4z@bkDZYz$Z?8mW`iyl9ywmq_67S`UjOW{rN;>gU-25O7T;_9a4u==(jxb
z9XEcvW7vnHQr+As1t`kiVrix9%Au(boRT`3;%F(0m6Z{~`dIDBmD=%^f<p%`Y9$qD
z8kh@jJvW};ptC7-<2l9id$%MV3{O6&crr#ZEzCYVZSk!6y~fL1gi|fk{ZyB#5=Pyq
zv8Appjd5koeG4-3{(xF;nDuF%G;;NK?Vnv(Vv_NoBN{Cp{5|23skDayXH}@EdM?`P
z78|$k6A`uG8VinDubcQIUh<~ueM;SOYOl>u9^%F(F(%?RNh8y3SEOlf)LzDN$CA)Y
z!JNE3##LM>JCDYE%a#dk<7ChEy_=!Is0U$_8gOy&Tb$|5_ZuawiwSy-srjR88+ONS
zn~h^X2X9%7f32=uB1pi<#4zwBK8Uryac_Ei<O=f!&oe+LF5L5V5}JoXK7PDB>sUDl
zEhW9wd^AQkaRmLaQd!ROXgT=Kp~(chj81kbw@HU#$yVo(LiCH3qdqgek_YkI(t!K1
zC7`f;vAscS5?b3DMhzW@L+$)fY~{h-e&t?XC)?#?m89F#m*xqFdWePYLWGpsrWtRh
z2|oFGZCQmpe~!3A8%rpQW$)c_B@i5?Me;l_6k5rCKFJmqBjw~+rI)l|8<H*hp^#Df
zQrk9`S<W}_HljHFUdQlS-87AhIJl(0D?rSy+|_U3TfymeQp9<5mpX=yDC<<N*Au<1
zQpRtwdsf_bq|DtUfY*5GI?r{ywpJD{X-1)q)P^6@<=QU$lnX`nVNd4gKW5y1VYX8y
zPICoSnuFi!VqKj{{ahOr(dHDht(_{|r!*I;V4SL-V&)Kf{!&2bbCakqcBisP{<@Dj
zDkB;gaE@NzR#PTx0)Vl{oMZ{hZ`m&i<1IACWX|P~8t(C+Vwl@yx|O;gCdFP`PD@Yo
z>VCc26OXyO-ji@$Q0IgK<0-7akY@99gPq^R^j-_->iyvO)bHzxeF)@`x)(JR9k30K
zt#90!Q?g7d(y0WeFkp6W&+fX?W3z7&E;+;<qC|ZlU@Z#6I4;*b)reNYI_n5fwxWFa
zQp(D~R`f)~_f(Hvy`vp*E}SF$m3GEF_G6b$4Rw&E=1Ny)w^s7W_0Eqo$k~@}sqkg!
z*LJe+(-f;a!t7e^Z6E5!DWo}rwM=@(;WKYz^C>aOy11>U9d9SI{Bw}9ozU|rbg~o;
zBT}l>rK#J7UB5Mk0%3Z+ez+5x1>yS0C+C^T^vRw*uE4)k)H^a-WqJU>Htp4Fr_==c
z6#rmTNtE;cPO%*MeD2%MPYbEDH*|e5*{;G&eQm-mVmYdEzCcNYPUUg(EOt0m{@(2(
zB|aNF<TmW0Z&+qMVaR6jjEAc`x(_q4k?WiPIOUvGxF4mzw8F^S<h-n+$J^qGD!gJ{
zt^yoo=?VFv?>n?9eq&Tslc$9NmP4okKPm%G+S(HtI`UU4XT8{Gw{?7vI@AVAc3(4A
zRUQ0!?V@E#3s-q?8+p#<8WWCr>-UKs^57d6TE5X5Il~m~gn-h}Y{eWU{r8zbOjlPk
z^+=pVDYk(2vE@5YQ_8GzTE`0UHJ`eg0bg-URLbYuf%p1}X1fR64ZG$6n^yPXo<3no
zW*y+|mMm)ws6_jC@-!%FSXY)taYF^2MUL6WxSm40LkPv%TgUqY$D^sZ3D&R*9Otn`
zH~da(g)lSsJIN-s8R+VFOE4Dx2tmUN?UZeLx^+zN`IX=!moJeftwmVB-YGJ#1n&2d
zh_}3WAf3Ke^U1%_k^fv`rYT3OSZSfhA1g4w^@6xlzue?N4S6}k)ATOmyCwQoKGc9u
zgN2K2zPDF=R#5gp+VYO;F`BahgVjE11;Ym3OF<XfC*O`7I(t0aZPZ+uFqyARP!bIj
zQVe)Z*)v}}Acc#gH$}ToR>b#}WXt(_=y;4isM6o9QE|MZxOsipbXB!_G5e&b2Sh7f
zpWL5kjV>8#kn^t76USTngu@R+L^c_EoS9WfDX8Opy3n^i%(Zol>DO%GW}_QQ(pc`}
zeWdj!s-$UOX=i%kEn@(J_MPI03UKqH{7)O(@QIWVprG1WwN!K(!t`fm(JL`m=!$er
zctm@8q^i1#dt~$tg~><VN47^FF$;=Yfhnb%`QCd1Lz3meZ<*8Xfdh}<-eNj0A;FZV
z&d46tB9jrvCsC{xojERFxPeblccs|oQhKIgadS{7u-n;ZN3_4)etU=i4`<H{NxNJR
z!;#gzli!8OoAmm4{RgPd_}6Jse0JApSx$~0|3l*vOx~q&gj@E}g$D~MYP#RIis-m)
z>%~KetHs2QW6g5S{Cpv43m8fzkHp0{6kVK+5Pt&6i^F?{ea^D`$Bo|G*p-6F`5xzF
zw~?=9yXyH^$_%$Nvxdbj6$a)7wJ%@Fy;eQqS%+PW;n%584DIlZIgZIIvZc-sY^o$S
ztL1aqHVDodnGMX3X0W|y4-=B}iR2s9uYFWGz04hF>z6}y1^bYD_%|hD8QPfGK<4E=
zQL!HGJ>7jKEs<ObnpA6SdDlIqZgR@oRpmLuiWoqBRTB%E0qlBHVAYZtk?hquS|t{B
z!vSELF7MV0)iuY-5?^J=EO3AE8OYE*R66$V!N|g$T{{F|w0&Hh2R5%u?7mYOMQ7*4
zyt_-&al&bG@=Ycja2{$R?FQ#Nj>HdmSp@_5;G;ISt}Zks6|iD~`!zYHqi&U2dVl>=
zRvcdGH<}-m-}JLDMfGv>mzPeC<>RNJMKIH`x%M%?P|r03M2S9z_(#pjNghq81vRYe
z)U_(STM*7PE*Ld<|8nApLhMrwg>JV<Ka90UPujWgyo_C*pV#RZjWEwzHgaoWuCM&z
z#*E`Gl0CKKqwIkeiMXS7N!CAktXa_kLK``xG&$VVmKzpTuF_cq?Cz(9Lx0(%QyPgc
z7;un$3N1?iQm@dl@#@=J{+g{ah_o}0g0vr@x2Vyande=-Sp;x&CQ^MUU9yNm`*iId
zO=@p(4m->A-WrYVhdQ2H6w6J<MMXOs1lwNst=<~BptCev<xvOpd{zThD{mJjZknFA
zHBQPx!^DVP&e&IC)?lKiGPEkZ(e-t8Av+zvf6M5Vm#}F!mxy;sQ|3b5@os#3JK4Mc
z3zpxb&l!AOi3m-Vd0?+Bm8O)JX?tbT5uv|Hqo<&LM+W-S>#OM^vy7#|=ed#OUIcWG
z+_JK|b!Frxh!*tN!;l=8`!f}`cD@ebi`CqwKO>|ipo#R!12Noudv&a|Q_Og@sk_d&
z!Jl@imV8ujE6S<6NTqVlUpxMJ=*;BkL>sBwG~%vDqTI562N4}O@g&zPrq9=@IbLq+
zB-W%~N5&-fSRb8e*kpM@=C88|F?+Y6)G&GOomm~_rK6;hJv;U%xKh1bz9)sJ9e((Q
zmpXZySBT_2xVq)?<6vSsl)I;euWUn%k-!gR-(TqZzP@<|&;LNF)TV>$!fg4iRDfO;
z_1aQic>u&xx(<sjJ0XMqVIC=ZO!O&p)HYl*<Q_#KT)b`V@zH0N8V<CnKWlnA9ghAa
zcaq%^GWz`U7(<k7)?+EB{)2d9e5Y=(L<a;I07uVsc4KSUjzcU-(u;VH5~=|->_{|~
zWTaWl#uLQHzTCO+SlkBtNu5u|=z!FKZ@#r|u}t*=O@(^52g?XuWXmAHxUQDv&y4mg
zL1U;y)^n%Llx+);5{nQ@@O`(-?6A8RBTnX9q5t@a=W~;!7@g6U9xqZY%xKts;n~qp
z=%7@M_x$Q?Se&nJTDWthIWFHoyCqioQq4oJreXuK{A8m95nzxJkYK|X$438TyS>1C
z<tl3!emPXkLoT+g7-J`9Cm44~`u#QLk%{?$^o9|weHPQtrd?VRa~ZKH^~7?!S(DQA
z*)gL9Nhbr-`GIKk%9s-&b7z%IX7Od|%w&5)(IqTFUL3z1nc(rvjqF=wtgzBCIutlA
z&5tVo`N2UerRVC*?1@>0mV53Mlz8f}^UK)oyintli6aqLcl~;gY^*~Bz$MYl`A$7B
zsz-2=nvS*Xc3obI^pnhuW<#9#i{7hF{KJ^o=uoj8sOM1uFSD7$OwJr!?UNKRT9>oa
zv4qG}7LZDQd@3=MB<VRe*bez^pJzR+p42{0waBjXO`mX`7X<p0n~x7}=*8;M4=yh)
zG~D0X;2Kf_ydj584|I%2q3s7<h`8vkSk>NEt@l-sk?vVy?NRPF_P4ctWy6O(vrW`s
zFVMY*&QMw+fXZV2X3M+HYwE~RSr&W~Ysd3GNL~~fsZ{MSP)UgL7lW4y_n!W7kEu*O
zDs$(D1Dajfqb2e%#tN;|-q8WGL<XMnSFZH?3!kX^qb=K5R@ks8(>TY>iyYN2!)O+%
zo9J7&`%ctk>=nhF9>ztuIxP*#ot{)bs6uGg8w&C6;Rwkvc1oi1%3Gls*B2&8W>Y82
z@O-zpg$2Z*`?v6;0H>Wrm;vDnBdIm`89&F{K)!MR>v${txZpC~m*sVO+vzN<c&|EK
z^?grBaY^cLTiRn2aJnnt5;*#i@jrxBb&d^;HTNBmr~2&1FMEkzr?Vh@n_)J6qPSRd
z#hv+Gf|z>vrW7j@irTH}_@qZwmy3_HqSsi^mGND%iBGms>+<EYmMQ6k`c(adZ=Y7~
z`5O~&4+iHpeDj}pwCMEJXkgyV_Hw8YwMv~sIAMC>rc$@+`whSNh*0)d5zxFFV|HtM
z<+x(RyY2f$R1p{POhx=5A;-iK+a$Hbk?GvEs4kTj)n(Ual!H~sP$~toi1ff8O43~n
z1tw43(OF*zsb{(99bKU1BqlM(FL+~n_t@+Jz8?A)9d8ckxL-U$Ppo;g^L&;6?0F(C
zJZ_I`xvgG>D~Y3*c;V{$FctZ4SClW#*5CP&ZBby`i7WVnN@ANQ5N$<_*wtF3Ns8{{
zCC-DsqAj<iYcy*$yKqR0*<^L#I(Ieu*&}l;<VZFq4qv^Qk^1@5wufuObrUm*K)Nl^
zb|jS0akPVdk)eaHTpiqv`@qZ6Q6Yn0>??I8mXh*RDqJsksDa79<5U(cVHMTYpufAs
zX}5$k*ILx}*muhECHmv0uIr5-If;}x(>Xa#Vcpa5$H;|SUn4==IuExemoze+s>a3^
zqdbTyr@D;|$O?XrRDmpYc@ry(<>%*#;q{Z0^5yHyIR2#pEicDDpGvfh#1Mu|{CR8e
zoJIi2HF~P+9WOZ!i~dr^FBaN%35?h!Y^uCFdl}mM+DEs!9}5YT^2xz=SHm;28O^y)
zvoTdCV0M9a*K+PfT!h#@QFR4%jx5i+`7bx37En>Y*3@9&Bg@Y_CDJ-IKOZgVvD!st
z?nMH-Yt!D9u~C@3IhFpSX5ymIHn<IU|4Bqd{=TQ&TN+kFLKf9G<e;7E(Tv?v?b8~u
z$LnvW-ob$ff1$Wdp3Md2Zb-SNdrL14p}FA_V&b@kt_bpk&Zt7sCnA?$Bt95PeVbfV
z^HJ$SZBLV3y8snN+8-8;v5TT!I$z%<YB=;fAwZIFMI)luY1E-?v2%%lad}<)De;8L
zF!08I-(J)sUo2tcQ72(pZi90agl0Ho3ez)cNSSPgL);usW9(dnya`1?-!Nic0~(|i
zrN2d)si7*>p;cXSr89n1Mf%$n`M&U=uhfx&A_v3X37y&(?lmP{+1224@pTtDl+E=`
z=fz;@iQpF*U0Rw@LI|EqGRy``o{N5Soes1)Hlk=!yik&U!RNiNrBI1S{^T4Zt_NKf
zEYe@%%q47ESx%^xuPN{^g2_|%?|ybwPOI<hc{UFmsEyNUZ1R!2Rf2j}#HQFd>6xY?
z(c~`avhf{Oh!b^i1I8tX+#KoJf}7v-A--Z^h)beo9M>6eE>H!BlXg%KGdPz2&N7W-
z3(C~l|9olXB_E%C?jwDouH3#tirI@7UPTKOpCCMIuW{qalHX>1MRqDMI`3y$cxA>n
zj<6L%mFYH7{oP2w|773&hUn*U0*``oEQ$$sm0?H6hK2L4P4id!p}&oET_Da-xqBv7
zj%0-?uGp3?zV>}|`Dkr_5t{3z-(l2>t4jKm_ZX3PLB=WmXjaJ1F2x?Nm_c;3aK_p9
zJ?=ah7mgjj<;f9dG>^Mv!|l&`NP7LTlAThPE?0-Y^<3CYon-LPr+Tes6UfovariAo
z(=MC4p*QgCQl~r5my;iV@Us2cnc007x;4X3z3<s~KH?MpdV@RmNY{;d&<Xa^<Ls4&
z1=hQJ<a2{+k#^FNPq~6a6W4Oh<Q_}wd9V+njlO}PJSbWeRqN2VD$Gw%rJOUU)i!})
zi#ggZM;~7@ylz*Qy=!^!xSdoNT>XW$g=V$tz59v+bjOx!VIo9|vK2YtVf{~q)xbV8
zD<t8Fv8t|oxz?NWB`%$#l{)V*V5x^^9J%WPdSbU+53stLD3%eY<dw5NZ-o$`gbNp?
z*vAhZ(<ED1-SU^uIV_sE^SG011y!O#Q%=@9_~5+dscdvJ9i?j_bwB#TgQ1C;s@^!u
zgT$Q5g|p(44o}sYYaj2|bT9DyeH^e0>+#*xRD3PbXww~!=3MK$nU6NGnnh(EM6@{>
z(PoIULR+`t;$%FIqzLmT2Ik>~ZV_ooflXV-uwPCWJdtC4;IZVzYj9aN4w-gV$YVH@
z6%CG7egf&$d6gd*Q{wZDbygrybAg5qVowkwBlnw%&z2*Y8&ygr0e@@@Qqpf3{*>}K
z#4tx*BUplPo?F87cI(;N%gglzmrZO87)|lHamJG5Th-!@^R@2%E459!31(%L*#>D(
zwn&LSiL+6e-=_bwT0B|~YHFt{b%iwhuhRA9UQ!5SYf(5A{8GOfA6{7$6<<6i%QIP{
zTIomEWaM$muos7Y_jWuOy>n@EeU6<}-G^wlA=!>_^x;d>f(OnIKiOyA#6RplX?Ms;
zBu-3$(9DHm7OeYiyjI9VI`zATQFIm+9D&Ewy37zSC}NZK#HtZ=_i{*YY;@}-9y3ER
z&!2g{f#wPCKs;gVk6T|fdgA%NM<rLN8M4_$wnGRLLFp}i;QmO?gUVcKi?rS$t$WsF
zwK!<&+9^xTa-z3X-uy;>ucW)OKqPJFB9ywNkFa0XI80C+?ax2dvaO<d24j-(Y&;_7
z*ef&LEdAmW{wDbft(Nf(963fO)E%^17<y!h4QYyAj@;I#RJiVvJzISm#}7#m9IYJt
zcUk8rMov@RlZI!?q6z-rd>)v;d&np~vt*@0J#>Qj>4wzb$sqViX*0`~E+y%We)Bc#
z;!e~Bj83(iK62S}bp4qR+OE?5ANip1?12@}Yt#N8?ph52m&>GfWN7Hs$`d8kL5+|L
z%OB(-pQA|r1S~)(^a$y_`79C@%}ZB8`V0k*-Ro&SGFzC6@|o7SV8x=KsnTh2iEUF!
zGaFPZBvlnm3J%tGZ${C6`Ipu1efg%8WPGKi{4hhIdI<$B%o1kj)y7b`2o=%%-mM}g
zdtOjd3NM}uf7O}yOsK2|oPqZC2-OUA+@B+lH;yVv^-nJdT$8)>QfnV_nLw1Ld@hV-
z5&SOzh9H9{p(E{RjcQ~`=a={re1yb<xIZv1Bbh1s9e3|Ig^637n|p;aDUY%~Prk-n
zM(v_jjr#u7?#B8>I_-?xt=atcEp5WZ-%d9Gk>2^mf7X74pCo>8pm|REYo5~<#B;is
zDX!W!o~>B>_QRJ)?oNbCKcAOcX|KW#>8j5xEfw4Mm!H+iUOWp8Iy>(Oo(n$UtPxCZ
z)IY6?q!(?Hc;m=gty)&)?Hc#F5AC{MY+N>rV~}v1VzxYJwF0>a)7!JZY#<VGzh$|-
zAon(d1I+DuZj|mZ(XghyPoC^Sa!Af=>ndP?b+x@}sp|8@j|Rw<(`<2_A@Ysu!zO1Q
zb@p6caypE0$>r^&^cAW~TH1$7Pe#@~Q*3w5bnV}WlHFYXD}oBrk6TU(Ai+EuDG-z>
zNoz*pg`ezsX=7s|`Davd4biB(+94VzU@sEhn;k>^(HjYfhHOSHV7BEJGvH2*+;sj2
z#&7o~79?n~@su~+uQ{{Xj8<s)gKjqqWL{KI2U3l{8V8(VZc?X7Iue=*U|iak$2Ow4
zDdgI=-_sD|n`zH-_JKv-2aq4gj?aH2v#ZONeK{U?(zewfap%t@jxZa1=--Uu&Sk6l
z^81?yuD<y5FA!3Hp(m=xmDR1AeEgp|B6x0j@FO(sxuuNB)67?>&-8wwi(AX$-rKV=
z3$_w6P7(kRd*i=LT%sdTN&4b)$7iGq0h7G@Gy46b&bHdJWxY6|Y2?U}k0}1ZRefjj
z_fih>>wR=>-tnJl0YC9pb~MjUhr~>$OC9YlcKHZI7k-0<4as5|J+g8Jm7jd0M{6<I
zs3~9&@CQ@o!$8`4fBh?D<DZXornl%gr*DYz81XG!y3$HSD=*HzrOjOrG(p_Q4Eo0&
zOSv){KM<#M^C{$s`|op-XkUQfs{Tq4A=@GM7VObiCR~k<A<8ZhY7K45(zACS?W6rx
zC^vG8Ri?k$S5vn9Mzvat1{^(vv0hsDU7LT+XZ_{n6Th>aB!k?5N^S^4Zy<(k*@+@=
z$H{C$aWAbLKaLQICZZ4-GDDAmJnE3n%ER|4C9|9)bG|t_{$;h_V-0IZLlp@WD;2~G
zff%YcD$ONkbSUc&v=h-(&YkCJzqRKOaw@(TFy|k7EMXqsPopi{gl=oIk725(O-|>U
z9{hz+LKZu*?WaeMeM0Z<QHPsG<kh5%E}I3moMVFPoh9uFn>HaYo;oJLde39&1n-_0
z+Mbm#;1ZV0w`5!%D7>vt+lt@*67a+<83sheCCqa8-;pbtTD|F%qco)@B;t;QP5#t;
z%}TrGCJ?2p!*4110N32l7kacFozMF;U!C?5CS)eyZ6kiyAlj0=SVxRyPR=aNImh=h
zl(ny(+UX#%oLfttulbNuRZ2w+Oy~i{Di=^s|Jqt_WO*QpI}Sw3&A15b<Yu2aH{Q4N
z^{NE^ZA;;&>ukI~b!VImMFUpmbw0c^7wupDg6wTL);HU6uimT@fIA>biUKkk2NKro
z{A<tYuW|*`k-^r{f?E4*PSLOjU3bD#kh@~@37UMmf=~3PeExdaf1T3Z%o~Udv4_Qh
zbCoSgr~#qO;}<$d!?KQThO_Z@;2$P}2(^<`ylC6=Uw`Fp8e2Vs^-s~bMzzS`xEx6@
zm;0&dY1OBn8PLA@i2<@AkuW%jjLFnpzn$k_%YjX-WBpSG`HW3eXH-tw(7tdEQR2w~
z330;@z%CTanD&=${c}AZ;EQOA##~lT{aE^d_wWiB!rGqL`PFr3($;bR|F@2xO8R9;
zP8>D`wYn)R2SE|o%h5xTps95UoA&)~FMnCh2W4a-P?36=#QUIS3!1iKhK;bNOrMS(
zcmR@fS^d89Zxza4B_&yG)v8$#<vtPNmP=XgPNt)6TO<S(_`<W7tp?!{8o}@W_apWr
zj{qws;pk#{8f%SM9jI`gVvoGJ`kCv995>HfSHZhjC-4*hLmO6K=p=;8v`qyuWx%z~
zX<l6IQE)`Wlq#B%zqfx{m6VD49n1ZT!4l}9TQ&JzN5U>?sj(3s6$R#fO-~bjTy$jZ
zYXv}8_1fTg|1|r*?B(C5eNty_S8Y|<h;{xqQS3BLM<EN*lvTZw0tbt^l*sZw1?)Hr
zB4AME7qDYP?z5=2FwRzGX%2pwS4gV)$wiucJox{~M<XI1l9wzkv6P8tN5TXbt|lL)
zeX|p+Cwq2Rs4>^*yr7R{SkUik`}ggzQDog};K+a3VgpgnulxmV7}6WWF3ONomUfKJ
zr}+7Y{oQ8y_eW_zZRDeUekTgtMV<D70%BWe+U3=kHv;Qtgx`NL?vcmRMR{q~UwGnv
z(Ky(?yU)N1SkMt)gkD;u@)k!5KV}x2M(54Y@gILL9sPY20vq*_??$|^ECb4o=#yGn
zx5aV<7k01i0cH_#59daCqD4X0&6{s({ig{+gyfniBB)>JhzIs-7L{a+<y_i(N~@#&
znuEF@O$g4SklSbLDF~xGy|fSp!hh_->OYmt8NnEGp;Wt~+gFv{h<2C}e;=kmC?hUR
zRB-you@D@T+uPF`PEK8h+=yU|ltTn`#n#0WeD)Yf2L7vSP^oPjV&k@8@=UO>%cmAt
zU8ZQuI0b4BuE4EdT>)*S_d^{9@nR6<-~S=JyfmvY=Q2*Zjk~Cwj&!U1w)^)Z5EFcx
zGfWmu-NW3dNJmVb#t^MRK{3e(Xs*!QFFJAWKx@fa3F$nf*mEY5_)_tH5h{2nRWyF5
zr0qfNSC_-9x^g1<BSjyXkB9x6xcZddn(|mKn#a-nu2Pl&TWL2~Qz8rP%+Uvabr)C*
zY<f-3g^P(M_+gcR(t|I&;~*4EW81zR>@N1m@x_h}zW8_|>0ig8IYqmbEE9dl=FKhb
z3ov<=7cQI^@z#ALNNX-ZxgZy_Ufh|#4>aTj9VylaBVWi#s^IUuw4peDhSK|hsRNS^
z0ckxDRGUL_2BRa?nFn|Y9L#GIf?VrU$ZOWs@^c@2lcSY(zrfo0*)hWk@9<2cQt>ZK
z2%i;9s4ODQ0Tt-}#W|OozpYd0>Sp9XA+unUmMIEDL@Rqtn6c$zYW%9fNYCaOTAd)X
z`FQ_y?GL$^h*qAtjJbZR|BCUuEUSqjVJ#@k%4IA7?Ku%3u@O)jmTsYJ_9EWmoQVXa
zdhex0Vq_=Kzj|!>?$%o*e;y`L+08~P_+cOND`qP#a92NCm@YGImYY=b`3{2uFJ6>m
z4CX<M*<a#;%A*-gDNV`9bALIFrFH)9(ufo#o<Xn;X6Vhoo!IT2Q%vN|j`D9AaLu^~
zO)HI%;!k(ESAIUq#>A;4sSLpRZSkWJ>RY_Iu`JzO0n;#DdL88V?b~+>ArqFcY#cMx
zNQ|Yw{d=4Z69=}gUGl+6_R9j#8^|yG(@`|23<Nrm=6aKUQGW|qD;KRTh@Z7LRH@{I
z)9cG$x&|3=WPDDft|=cSqsYAeiB`pF_Lr{qd<fl6Dzr4X6Mzv01w&XLI+dA6Lv`&T
zdl-;2?VcpHa5)rG;+qv$e1{1ORqkyc?r~ZC_$W;6RA#d<K#_hb{f;u&csGyc&TI(d
zye1<WHZ2Ms#2nY@aoV}Vy#fA5{4b{9BI7%D?_22g#k+(wyK<lS%#@2>Dck`pwJY?=
zyC<`a%Z7j??I~0@8TuskxgngdoN)7s>%G0|vi~VeN||f2j+7N5@wxMNFLK_N;0*ke
z3ji@zH)y(*26w@q_H^$n+U|&b>EcpL%&Zl^{#mfS+{@KRkDgh<zUK0BO*2xgbpd9a
zPjl4|xEo+h=t%j3DiEI!0XDz*K>>Oc;YlMA7Mf$Ebdeqkm?WQ$G`IxATy{tR$AA(j
z_j{AG66r^v$>40W{H&beGB8aE8Dy_~gfjh0&7|a!ft8#MJ0%+f3ZXJ_uBX7pE;0b<
zk@KK7^i@G;*2`8G4{(_$Dx6t+k%Zy`OkUJLh^}Q<x~*1(klq0B2b`+pdmq;OVvpLl
zzA0iDaJV_I4W%ZZ(F&2BQjU#iwYOpbBzutRJa`%*syh!_W8M(a1hXG!i;O&YOh|+M
zHDqjQ@k_(v>~ULBppSWi3+I#|Bsqzj(rF+Xe(p5}>TKZ%BX{~kGnhK?W1^*M<;;AI
zTeR#f{n-l_(7Ls9zuyT;A#3i2&K9l%R+i}!K`tTu8zpIO?cIlnw2G&ZOwW~*TUJ=Q
zX%KyZLx^sd<J@!DisP@)6AhgzE{K&5Z8n_#-j;(jl~8;S8%vY@u~q6o-27B(AU57^
z;2xK0Brx99GTnDiBi~_a5>!<X0X%uWoz3TNVB+iv(W@0VnHd!K`n<g0YVQez-wl&3
zRRVCJ#SM2j`Nd#jyK}HZ--#DpvH{DBMwl@mWFJwG>i0}Ba;^@Sp7E%PmZY!)8@_Vz
z(lLAa>5rF)QD(u;PPU|DYW~A%EA_gje&Ke;CTu@Gz7+HrAgBh*&wRQOBWh@Qa93Rs
z3kfT|6=t&1D6(U&SKiF8n|*cSb#S3y4Ug3)3vN^1k_J16rT&y!(HS;|$~eyEMd+59
zdB6t!UF+xB7?&-^elNbB(OL5~Vni-P;_K&~N#)2j^>ft@o&0Y*#DqiW&DedXOA54e
zIyOtkUTLow1;|L6@7zS5SuIB|wpeYry@;4yl-GII@E8y~skkdt@&8%Sia^7xSmLL0
zpjCCD6dL<A0HvKE&yj1lM=P2i?pk`qUIeTpP}4MWz?VKo&rc11Wx#P8UB@_VGR`)V
zHhk`wIVeJ&`<{BWph(7jv<gkud3pKe6N-ZGd((ik<D2)To__QL@O5X)9y5Kf@ELF<
z-C7!7bZt3Lxpj2{EP-gi;&R!@(X4p8&R6^H@VeX;wd~3)Zam(d)8jQeUeZ!)oPg(E
z=N7}kCl(G(2=&~JFk|>|`L*i%2s`Nmrul^#%H*R8K9pux7XcXPBAsFgKJE=cRg#}t
zPJ|!Ow&yXx&kh6}T3S$ik+1frO<8jmPtal^a8)~%^&f3lk*?EVjiEUvxA!4INJcB&
z2=C}T+w~Xrw7?b+4t<GIN}=nx0}VAGy%jBPVV_|_3G#-zZhKbmbkX$7U7E+=ruvwQ
zo-b?j{}M>@Ggh#Z>INFyjajCK8E{R?pD5I#c93@23{+NZvw8RR3(&-Oi-z#~*oVaW
zPSm@{E$fxJXHEU+?3gtvy9qqKUy91UrvW5j9Vh#1a$oHZ)D6+P?Kp$Ppj7Yd9SY=+
zFj<~!&kEix&hLfaXu-oGr-`|?<Wp>1MVtkOS->?Jw80B!rI&J=9i~jb2Ao9`Q~3_u
z3QS$UYAluY9cZ)iv+i?70ZQ;_(p=p|K|j@(C#I(H9#3I-<$MGqYZzg7i96f!&{K_{
zMR><rr>ctLmcePf5JJ=c#jxe~qVNr+{y*>2T?LxW3o367klPkhM@tZyUi!Ql0;<m`
z*Mt#UqV$^X3sXhzE1@bS{o1z9Z51-vx#|ehei;?p;o&*Qn1xN!J+C`k*@K-9mR+_p
z+`7OjCE+(eb>z!fw|m=zLzPi>2d~T)HJ7{R`>rf;ekulKzqf&Zxgh`Ce)U*$m2-TC
zKU-Bq8o*wd(OU?8s`wH_MJ8O7E&W_SXfa=4<KFL=`GpBLJUrZ`X?URQxm|YYX@vE+
z%z9=-KRs>Ade*kZi{d{2DkIO}nntwvDR7LU%nYYnor8~kSf1(#EL!-!*sRJnhIORs
z^vl#tC7yUpe4#P$ef+z#^wWUE%t1#xHmkTwQ|#q=&hMl4KYThro7O@`xE|Um;`-bT
zb&7{8+5b^+-8i;o&1>pVE`2&|doXYtE<Ry{4$UDyc^SE5+s;j(4)#xzoUJoyd;%=W
zi7%kEcp;A|t~u5C0{K%(Pk6q&Y35V+t8$)W0=-KG`NoJ;4y-Ixt>lZ^#ks`k@;xus
z&B>%DphvzOF*9-1A<h9|I9D2619^@Fnc;2;k-Hzqz4^VrUo9ILs(<SHB`erD(~OUN
z6p;RaRtS~H1MYb@4-b!f>4F}h;uIG~B)opS6mlq~@<XxmnAxevc@N5qoSjA+0khM`
zlrwK~3(sx3n6NnZezy6?jhwl-$JC*%sM%4)Hw+)M?Cqx4(KC5=9rIsg=v^v|Ao8Q^
zKIfb$F1qf&IQ}-zbNm|NAbtv@5ICkUjJQykjLPV(ejS1WZe5+}n(zJX@p;7ePBSBA
zT!@cFvdD8Hxs0p#*Hy$(cz;mxI{`$ol^GXAvk2=L?;9lYj_oyKE42GAd};p!rYfp1
zVn=gy^?ZN4e2x=*EN7b$D`6FkOt+x^kS7(gSyNaI%5Yr~EzklRL(wuQONV}mVjKD1
zPNp1W7K$$naZC@+6iXTKG<(MPeik4=;#n!9GvT8OUDxR?a$GxcFn-dZMoVnBsekFG
zf<?Ze48^KwpkqD@<q?Wyk7#Mp-WA{iy^t}KmS^3TY*a?_P{7{OO_T$KS+emhr~dM8
znQsRcKi>rY%so)vE*f2=x1i{h10iR!Xmy!;)2@!5s?0y((qjHFX<`V<%TojYO8Kw*
zGn&|VLoA2hceCDVj!YYg`7ev0x9%F9H@@@kAWdyq=uU}hc7;qMAZO=vq_Pfkth;qm
zWoD=zmTFg5VBf@}{E!YKuc@|7v2eD{D39;gU-r2)h|XM(b4)Cp&MBfZsk~M?RWWPg
zY|!HfxVVRNK5@X$xe_WnTHZjFu<JS~p?=*xvSW_V?nI3y$Cfj)*-1<|@Q}j6YtXjE
zXH&KieL5!rFCRZlT|f`yff`Cpv4+(?<Pq8NVd1eNMP%`F<DYSY$1-NZF6UA1pbSa3
z1|W6zSS;110iiLIz7tFETEN%;%CC$Vtb=RUF#pH|_7X|V<;~*x^M=h<>uA9P<^^KT
zQcT9*vO?IM+5FTS`N+wwC|gWknVmK1Ss&cT?dcZ`7u>raHw<AGMm==qOx~~Gf2&*S
zqtaZ63P)(}V9i;;15vhDXv8>&9sBU{hA&)tYI=*W)~m^W+Nh&(ntl@89>b}qf<Wl~
z>lf@f*Bw0}+vUlOYj!pXSej1PzRrb=)=7nXu=(1;k6ok3t0vp{$^jl^>VFF97)Anu
zUGk327w;@Q^53MClb{Z}Ad>Si0%>LpHqJ7B;B(=3WG_DbpDE_+>yb>(pDDWTX`3~e
zpDhwxzR>=zd%c`IE6dwY%g}An6xc*Ze0J>dlTCuBKZzxxGkd?hzteD&F<~ggy0<86
zisF-CEa@|IkVjsoOgkt4%Ok0Nl&(=|r^7fnWhV{4|Jb7Tg2xuXH=M@?cPCt_QRxRK
zTP;T6f@9^dWp5AGv}&PoAlya^>T(kMC-sDlu?66%^CDcl4x00|qg5~po$%_^&-BIM
z!q*JAN_t5N0Py9(hy%uCLXcfZb_YGDoIpdw(v=aFD#u_l#2=}yB=w>`CB@Uhyfy~6
z@%b5x^hlpkJ<LoN09Zy?M)nV0YY!M9kz?ZWC6K#&4nVgXUx$~Inlt|nB9Wh-{2BK{
zlfwsov^v6fa5o2WgLPE5{uY!#Z;ZEt_cWHk;LY9BFa<C}T);}NZ0){|TsO3uaUAf;
z9lXU%+BNGjmiV@PB=zZtWbTHr!a_$<vu?LHTJ9?4oew~-T{<r4i<+PVC3cMgXYLR<
zt)U<a^$_RnZIP3BM<p$y&LqltO_)c^c|FO`@N04kuo~1XD_4N_Jco=SfV{jD#?AKR
zTOBI>o}8)a-W*%pbo}F?-XkF@6^^q6d`p3mlUW15;?;7s1j#1dNC{VH@^1*)t<vb(
zx{tDFMXA(jpmK(d5!;@z!I)HF-e2sLFsJp7h`o!jW&E-^0xUFL;z5bjy%o!WdgO=a
zw=U3rVb6Xf`J%@-w*`XQNohG9T5@zqFa!ng>#u&xbKI$L9nCy6^`RW|B4<TQH~ZH-
zj4lcvrOKCCe16Z_+f~)fBoi?XH2e0q42-umD3!vL7jfH<u3F`u&ZO(+ZOJXfdqVMJ
z6;;z+z4rL#N=D0X_k?yy^@_S2!WADw12rZQ+NN_C8lhSDbg*xc(t_;HJDX98%Rjl=
z0g?u`H((?ev<<KBJk!aS382o70-S%780R#$(7FxgTzS@+bW|<RH#~G+x@#RdOsyvn
z3dLqQ!(t@mFG6@?p7SVZ@fMT({vAKco;wm8L)7E)43rKX8}#5jEE*R5>o$Q5-Q-%k
z_<5wHB?OI+YN{Vu(Yk;)UvpYd8X|W;#XD|d(74K#ceQ|edq1*U@fETmQ%+wp$amO%
z3}CRzi~Kyl1^1mjj@^0MKRPq4u%Qa|-22J%dQ3QjgrF}F0e0!j0v-LzQ?OLEULrf}
zvGm^nrx-n1(OldgU7r(}8{91iSMknFJE>-fLZi(s9mTVXXc$M*&NH&pw>P6qeH?Uw
z5%htma_!zO$NFO%byr{t&$*1QEQ(&cjO3Ky;|*cZ&C%t!^9Q;kj<E2<>g%mi{<}ey
z0N4zNR<3C0*qyyHvHZ)JJTZQ`pU%LW7fskJD5&!7nRw-b<4YdHQY=z?M*yN{&z=p1
zw()b|XIoU?C#pODvwS=xxR!{A>K7f+SAj2+mIk{Ug{a`QtwWbIArd8x=^;G%0wIr;
z_AuhSU%|+;XS_gpJ(FqG9DCKEG<bYH5~UaH9D1@ZA1gJJby%XuR)@aXwR!Hbv7BSy
zaj(gyPY;taxAym!6&qct+0<pz5-;!ao}FM`8_YLTF=+<fK0q9+y)Xj}_yt)Oap-0{
ze@vd^>?gBZBPG?%3iC2eZp`v;-PrgVm$80ua@5(0hMZ613Fv;iXR;pIa<hG?fghSV
zG20T2<H*N66u2stIh((uO>?gW9?}Cqm+nig>H=$iRBhMG!K$*+3U{=;S<Qy%qc+J-
zJQDv1ZlIzgZ|Y7*OlfRATix_pBS~%L*`b3g{;!|Ex>kMuw${lHGiP6F751#7P<wp$
zbr)#%TSE?P*v7_JMEV+T3(W=iEDSn2-M9Ol2wZiyHST;xuDVn%)B()IhkH+lT2(m1
zL7JY8Kk@N4c@9%`8r_Tu@3RLW8)oETjOT^!++Ll6G<%>AcF52&e%Whd_ZiY*F?l}S
z6ar=<+A3Zc`sAD<f&VvXy@}8#ui3|!)TOK4UM@x%AGK=c<%+EwGKm{4FACXZUUR+6
zrW&`^W%RA%OM<NJY!f6-3LX^rX4M9`@B^9WCG)Qz`qo)NOm?!C$+55GUf3bi{%v0#
zictCo$VTWp(Gmksz*8aqc-Fh(xj2A-aq;~_Zh}5=%TqFXyZ6h>8!LcsdLzjmg>Mqp
zE!#5MHn`2EH4*c@RJH@K#f@H#uh-2&lfa=KajeRn^Rb=MCXWF~I^0v3;Sg$+q|7)V
z!=74LSQs>JTlbH7keY`P8@MpLVs~e!Li^&9NzdXE53T_3J2#s%O?C(}%+#AXd?_hx
zD^)=slNX`PM!YWCO&h!_z<{`5ET;ks0O7_toY+mXu5W}|(;a+-wXp@hGsAQp;_k&x
zUVE)@VZtI-1=8ndqQx+Z#y_3+KHw<LoS!B?V0uJu;*WUw^5yQxOCLQxc2)Hl=kKs5
zV2@coPZ14@Icjs@4xdhU!H0gEvR;n#jPKX8V~UOfwQNV)$$Oh;uq(hsQEGr8F(;b2
zN!htSk$0Rn$TL5yMwpOQ==!~&b?O4R;1la6(+237XU;<p$Ov~MjFes4le<ibc%r4I
zrEE{+Jy(I5spkl5GH^)hd+Ew8@oZw90gAc(8V}9A{D9OnHs#c%ya8y5v))0P9<yjA
zIzP2c9++ub&B;G=zB0>DYIQvZz}BaCtS06Q2UwS#yW2mzn~VH*0U^oWGoHu+FsrHb
z)2D~$`3skT=e=7RZZv-PyBS+LWb~`l_*#U^8th!RL`M%7HQ3c?29x$BIl_YkN|6#?
zuGZbZ3%#4Q6V<xKT?`sJno8a!q4~FFHVg!eK0U-8Am-z)D*2kD$iL`UuA)`1@tsfz
z)PSD%+VRnyH$1>?-X2j8Q1-p`n@6eH(<QEjn$%Bowmu3ElZ-+da78p-PGTK`EJR`B
z%@J<MLbznwBgAe38}*b_h%g!Sj77)N>$T#9lvB?^h@A!0g7+S@_-AP)<PSQ4)wml7
z+mWyF)x0n&bvY3?4&INNhCL5t7U<J6$UlqKyKXgegc+Nm$gFf0+E-|?)!iZ`aP+M4
zSwsXY5-Ye`Vg0Yt&`A@4DpG??a9;59%%r>`t>&Dxydt%(6^p=n%Mo)4f0wIKEMaW#
zwLfo149MPXb)!K$9iBm|m@=8-`>*3#b009@Sr{gLyVr+Lv$&}dfvf(!euqJ6YBYX$
zG+;TDkgh!eSuRRcJ@#Ol-k0@HDdU&344Q8DG28R^0ZfIm9f!TS?eBU&<_bWT<bvQk
zn_N@u|Mz#UXISvn&(~v*XnI`ESyN!%rBmONTzdGzIzv>9O8Ccuf_HAQylgaCy~)bp
z^ZrrSFzk+X95?ZQ7OGF`CMLE-ItZGwM>Z*%mSpbEo3qjyQs&+(>&<`*W>}@DbKZpd
z&Mwu?%mejIKZP)a6Y#%wT43W&jJa1O?_o`yYuNJOCgw*-`5$A>eRq}}kZVE<)1<}!
zQLlz_SIEJZNLNM#=9$}+xjyW{57o#)M8ob!D3v>vjAvI_8;b_hdU+7F`NfT+{qxPH
zGZCZ)eayt$b%_!PsHl66WfeKGkqzTHa2-PGgAZTQIDP-?;{p?O^%K6*Wr2A|8XG@Z
z(_0YLE}VZ*eqgP_|5<3`=uSt7C<Z@^{*QORp|pv%gzjH!N_(*7VtW!Ub8x|mQD5oC
zE5AUoeUJa#@&6@Q0yd0Kh;uIPK-phdqzTx@>cx~mmv;XdX=LuLK>FGvqOM({nWX<Z
z2&E4U$RlR9<AjCXy!dh-b28GjjzMJg9XPx0QU0}kf9?ruq*9)oDaR*e{X>k#CfwPa
zdsUGNFjOpPXP|g7M}+k6(&DN#?8PFVZSGW#7R%vUN@<!yzBcf@K))0~@k~pynP`vt
zZ^6l=ebh0@_wx;NTE_l$!p2oYb@%StSMRyI<==p^H96eqiU?jTA8O~<#)pq2HFX?7
z{^qQLS&<ZV>XtS6Bc39q{xA6hLk#i*hnEqUX99IthM!wpS>fqQn>Ma~nj3Te!|wm7
zMt^<$L}H-J4Gp>nv>i@9u)5`s4~PZ+ejELwKPN8;=*J(jV#cWhBtiE<D&P@p6ArS{
zE|<F9s}E?w{1ch^w+dkP2qLPJPiMikpBxq)?N|%m`8^j~1B1{~Jzf;e8nkU)dkKO_
zZRr16NxdlTIbci3NQQqYi8O+2pC`+Qg`l0I^MhB_<9=E8@8|f1ZEwRQaYSkEN+cdM
zIF$aIsX@=g*jC}Syo4{qSHJfFMVK3Vz2ont|Nc{A2rKdsBaBOJv*iX03Ba?pYwW*+
zh}+(%H6eH_CiMJ&K@#>pLWIb212J{(jB7G-c3;*`p1V2Y-Nk=iJ%6DHhJ=v!wn>T|
z5W-B;-tgkucByWSL;yCJy_;WX=04#yc$pV=P+JTBJo(-zt^F?}1n{oI?-!RVMxDCz
z(E0WQMV%D~zD^=`MOIUCaKDvh>H~MLxK$VqZ#dnmD2}aJ#|59&f=l9OI!Mu_UVfpM
z`&l-R`Cry%Z@~?P6++2)&WkuRMBO;TE*K<4pH1W~)Y!sEJ6eXdw`M+hbvNzwTj_el
z=k5x=>ZZ(&4j?l&4i6~z3(2(n!xe-LsTT^-%8UZ<)C3nHYNz2pSi^qN?qw_@UbUK%
zgm)HD&le5TmJ)UFn(%vf+zi<QOcdLyfS7TpBY;Y!o9lV~+#J9K3}X+Ga_HI1%<_b5
zgw<8%pTcu{|MfG0tdf`ei#-yc2YY{k@<g`?s6vObbOI+`25ozi*NoQVY_T-t<?bEQ
zeD3HcYdIm=5!l%;@3VR3wzSH>4ua*JlHmb}M^3@rY^t-u`%!_BfLc|u(`NwE`J=D;
zVY=^)Z8*lI53gxtnM!BYENe*Xr!_xTv$)^cT|q+dmSeWxfyUp(9bV-I>t*?`ENr>n
zof;R{okeVivB}QU;GE&C?kUsOKCxywNGIMOply@@1JG~y4b})0S#ter&1d$nqa)TC
zQH)mM2oa6jaiQzdx6nRV&iIw@JKP-QXg!*n6_Nn3Zhz&>e}Z}hyck)+1YIflfL#qJ
z0T}0l{hGlW4zJ?nhD28Z<fN?ktEG=c29~f%u4})Og(5;AqLj!RZKsjQ%cFXZ)^f#i
zQJ^0K*B@u-BLdB^aj<SgO<w%x9sI|-L+j`)4n^M-)quv>o^=xUQd7@Z)|^giAm3b<
zM*~GGdD4w@xWQ%Y={-UVc$E?xt^T}x{=SvUVQCfStVMEH*oa%shJt5vGyFr>ssP;<
zSbdK>N;P7%{}F>P<z~wNr+7ghAn*<_tJXQOgsG&PsnT}x49f@E)<<qjfGdd<x4;=Z
z`}mQc2*q@^XD^}kuRXcihPhZ#0P>n9tqZ4Z-@`=gvoJ@^!5RL?@#KAU0v?8~nnTFA
zNjOp&S?*RAAx%f%-EjNfdcyW&rtm(1<FjD>79_oZlqK)`gH!A9`5S*XbMUsTIdFdF
z*%#g@=|50EZ@4RZ2Wpim93#iDhwuBhi`s9rL$d=`aVDn>@c;lo=AEu1vlon|$2dNL
z5dK|uPgOwGdTFus1^SmGr^y~wv0mSzi-Mu{gxZ5HbnuCoqV(b;j`_{I@hJKmoy4VW
zgbh$)RAxu!9|(C6(8WA+Li<e5@a_4YRcwia>|EGrk^Nsr@h^D~RE1p>$M4ZiL?R;T
zE6bZus!UO<aIT4Mcij?WJRC~#r?LJXiRBKxlBMG{)I6(}_`a>odJ{O2lr-2vcXo`+
z9|GGD1H6s_7O*fiEC_`dXvv>D39SJlK<%Y*qy3aYq2s<tQ};mjcv55hKK{lS?(4GK
zYD_*O1cVTJck2LYRtACu%2i~s{k1b3_80Y$jsX{1DhDy@Tup^KL`upazItoot1i%v
zalBq=>9loto`A{g5_kT3G8%@ox(DuZ?a_8mP?-JM1wj4P2E&OhEXOo=0YMmF@)bbI
z<avzt%aNhR5eVR!`XHPP@0+sG)0Ss$$cb23RMI^!b`&k1tt2?k&h$FPEKqjNQQtHD
zLlo=xAqqu~BPe%=MMmegL8{9Qu4i-GM4Ea7R(d0{kE+`1bb)JOMQILi>L0q&KR$2+
zUB=C^Yq8|0T~}lAUFdXuixf3Oo-4h;Ot2j)w{D>H&i2bSc<98t;DlW|wRNL4OQZ5p
zEqF*|;DAZSJbn0p&t!U&mtzC26;w*a)$Gu3hDRV8{#Veo5HT2kg55>IeG{Zt6Q;d{
z7u!jh)~2$eK086<Dq7i4Vdhgx9sqgz!ugF5nnsX1t26-eR5}3X2@nV#grQzfdkP<i
zLv|19o6Ca3J3B0(v3l>ZW1YG|cr^kRou-}9Ww~OYRXTAMX0Pv;_;~7BBQ&L#*JvtG
zO9p)hWe=H@>%ly|kPJ`u4=u8zzGc2Jb8`X)>GsTBfyNkDTc0j{Ez&0$t%@LNp^oX1
zpsM93(EiShRxjlUVuT$!N|(zTwsq<QS4=&OB@(Q@&&Yj%tRU+_34^rzO-=nHd*ncj
zw}&A)qrbHi!>~m_Gq~|o6Wpm@J<9s@#4VGLxBY5{5#=;Cq!xx|53CQv=a@RZH_37y
z|9Z%L?DN}F5yg^J-JD(`3|uW3T?Uz!4bFp}Y#2gw_VKRbIv8;noly=$R&<eWDjpfP
zyQGpPgBC!u9ol-}a$R9nP#YADA|#rRzt1iMVou*)1};`pm->A!<gDUuKj<<Ra;lUj
zG?R))fkEs*F`-N1v-HdNHyPQ?KivINY36LX%Wvw4O;5qg7lrW>W>zxd<$FSm=paMS
zw#N_(6CD@aRUv7VG<UN}3YloO)!d_qT^W>{Wv}G#jkQk@!WMD<8zTr@_xps5czPJk
z^Va+WbA}nq_@c*g$MAfd(i{LrA_aqwzYD@ax?21MSyVEU-ObmmHux#X9u6RU#In)K
zr$C2#CQ+#rfttbG>p25)XcX%$_(~8UHbh1q(0=tPSH93Ut1MuJ*;TtU>3tfM52Vfl
zRTc${FnPdhr>y}hdY5J?y(AIEZM5v1P0LHQXz`h-j{@?3DIj?L^U_&=tc<QKYap-!
z5A_}12$rjIwg>Coxc%J@eijJ?m3EaqY<lx$nJG=4)_@z<vv^LqkR{m+fk=|(rPFp2
zI@d)zGEN?IHEr|3B?M$gB13c{#EhR=UBr&U3_3AYe%FTt-73$p&}iWV-^JWay<Bm8
zWzVhZQ`{DQZ--%48W2d3Pgd2r^*K*dM$MP_Dr`G#WrN&I2Gv(ciliuk3d}HLN*-m8
zFS$#!sQBL8q+(-!vs2~rX$8{)6kZZ4r4g`i-9(uF7sl`Z^DVUek&>^i``rt?0oQ*X
z|Czf^^bjKE!2zAT=uS)OphA>V=?Qe&j*`J{OH{;;1cW1*&t2^RQWOU0QWM$}W{2la
zjdXX20eh?l@eO7vS=5`J5!a$PTmDgDMz4$ll?BH#O*E^0=d18Oe;=o|F{S5t(*yyh
z^6{Yjo=RZCwkz8D+Wq}f((pO&p%<Z*(>>Uq^W?I#-FYy{<Ju<FV_xZVN8hxD3<3{i
z*u|97b3dR0pPvTo8Q)?L^oqUa_cBjBB-chQM35ypz1>#vJXdE{>WU9RmN-O?E>K#t
zE90>Jr;eFx@bx)#reO$#4Tw4VgG!fW$*q6DzJ#hp9ex`S?iYX)7K+&=oXu8}v)tTy
zh+p1{Dnh;TiLX^XL4n}^7Q7JKQk*HER?6Wn0><8|Z+g#Fj!%tv#qgTZjVN8}nIMXL
zYBukZ?L))hsa|okZL?2ggloSSX~!MMqB>+UVXsq5F0d!rNe%tO7guTrCrI^MJBbGU
z3&o_Z`f8t%8=OhkZbk=;1RqKf(&k>&IZ~Q^blwCgOpIfkQ&aZO&wZ`CRfxAwKeE5k
zR}~O|uv^kG;h;bo=wO^#=I3OPI?dmzsH=}u2{-Wmyz77gcotdBPoJPc4l>5Nh1%s%
zY-i`-l`L8lYh5S-VEntOuj971afBTzO}%AP8fTGw6$`EGio;QjP@gEudS12Yk}FL;
zQF$S|JTHYZ;SI1laj%KJ11^@dRO04inoyKUqY#qahTCUuQu`}<XAWG1Z0Z70;5qXh
zq%6nuo|@5*MT?XYBMg1z)d3h+OU<ZI<n{k~wQ`rJ+lyPZ`~mNZGh`DxBU%xJE)1f4
z7BAR->aogui{~Z|`xZZ5k`8cEoc{Q<@~}R=6JO0$d^W)aka6ApM+=e>mf!vAjmvSA
z?59fI9>V`XpKMl7oXIUr(>r%$k~n0_>gI^BYb>R2YJO&l-(sz3WkzSAx~CjJvJIDB
zsAXv>V}`mzs$U(`#kd9TSHm|yQoyK}#rgmIf@udFl8+t~E5ifXxaT>>0dyoqIL;Zq
zdEdFaLCLdy9jbuX-FaBEiyBuLW948B^V)AUl{7x^BbHdj`%Vbkw5Q%P{#Z6ksdNrp
zh!N8*+?rqHyX)|k8^dB#J_vo^_@K}yY7Y8D0X@-wiONlxm>;cLksMSWI0(R$%E9X`
z2!4$sV^n*l%k>(P(d?tUw*!UD7EKoQM?(_(9*{Gy_-5Uko}Cjdo_f7Ir|57OwO~bD
zMd0{T*-uL_&vU5TD&Hs7x_|NV0^>eDs?u|y2W!aG2Lfl=zD`E4ez*7*y62WM3F>wk
zR_u|5;gfGL^nO`k;CAgTh0S)5hP14>yt*7|p~8PCv~%Rhk1-CJf}8yd5iwmjnNspz
z&7!@Fzh02gTcq_lxQrU1!XbU~Tjff;FZ5HNh#Lg9vOOf@>q*~R{Ziun_P_93l-i>?
z!@Zv32Z^ki7Ft40^uAb*3cUr*|G?Z_zt=l4lXHpR_jQ#6d-{s1&F43F{FD$BV}YSn
zoQWSrJ9@gyFdj3}p}|=^co76sAM4&^YcnEJcdVmg;gJh5T(@Um%d?fI(_ilB4{8T*
zAAiV0KY3g>coL2G8qLXSa?3mym&}LaTqDL~=Pn>?=bXLe!LBeN>yfjh5AzT1iH6+8
zOh75sDQI^|vq?!o!BHN$pW{Z{7x83wnWpH;V7Otbo5|bj@FqT4aVz7s2rux+wmSEu
zxwZnEORiO=_!;Y@th=KX#W}`A4v%9e{Xb)v9oQ_a6#Y8IvZfo9WFGO!>cl#SLdAY)
z=eHBJg)mZ($9*U1PH=VR)uN*NCI#QwOpj9$fp7czdjriGxpfrd@kO>nc|zONUX0wX
z$G&F<TrCi^IGjN-;CAN{dxT{*-3v9lvRJ}g^>b;Ci~uX$y<I4gZUkux)vqGXmeG<y
zj=90d16ir=b1%(yIRT`Fo7b~Y)1Oj!q$uMeUvVBxH;>o-`t`vfNn>NHtOUTG4C}Zh
z6Wkl4a@~2G7H9BdW#Fy5Cs+f*L)t6;;Q*^cz3&`R-%M*E>no%~_vR{<(^*WCo-Qu5
z3`{(>c?l-L^TIwg?oJ3Q3Kk7+h*eO_Cpp^wn0d2IpKMyGZyO}Ta&&n6l#ET}M<~PP
zPgeRhty2IlqKRodrfORLbJ98&<@Z7E{1ir&QBLZ0U7vTYIyK83(xg~X1Rra>NG%)1
z!FXy)dGKuJ?n3n)S}+>9IjGkC#4g1?G=R0&RnsEwzg#;3(68OjCP^-@dl^+AGI*%9
z+-uH^vor)CIcLo_nyVYS^$hR;)QWW-d5HEV#Ys=JpFb3>^MMb!xZJxJy(Z0vUSv|w
zRM5e|QXbJ`wjW<}4j0B;$~kK&WG7+~R};)9C}C+{xX}l2+o@2*$@5?G?yV@mFT-5+
zsP8LRJA`{Md9La^wlM!6V{aYTbo>2}-(rh|q9D=+DWD+WXhlUN6#<bFDQP8z5l#e5
zLb^c_RAS_a5h_ZI&N0RaX~s5k2qV7NhWGmpZ+@TOKRgik+UtsQo$JK&JddQu3lF&W
zps!)hWJO5I7`XL(=;roCy8nbJWMob4^xD-hZ2TOo-Q{UC+*#$`g!-i~(GxRZ6ZAXd
zOJgRSyv@o1<uYM4#?;%;?F`hj6wmk)7f5vymXUzN$V<X+?a?4$J-DhCB^-=hK3)Kr
zjN#;EBqFlM3As~~D7!y$=l*;e8NmOn-)m=JYhQn?^|0LvP%cZo2P<i1+^P#?RZ9zW
zxhob;3w>U`!^=)*#l>;CZbz<8+7pM~yf3dzyx!SLk+T`-&uaiU5R~d2NB4;6aLc;I
zCO-JOAAxTNP?Z@kb^zTz&Bi?=JI>d+Is**DLM)@yh+cBrhwz!cV)Y`Un{eCF`tX}2
zP6|j_o7DcEB6(!1Sc(EP8j{jp_M(l|o(jmpkpUpb5+Hp&5)h891twm24wDSL+i~lb
zk7*DAuAO5*FBUZZq*mb`xy8#3n<pwj9b%0unuc$dsmTcGzJGp1L>DrYMj9+MBwL<|
zXl|@+tcFVLbQ-CCFj{YOrH*3*kZ1W+L)S~@yh+$)&q9)~VRgw)M<}su0tI+i3$q3!
zRKzq=HmpNHM~r?dJJWl!>TH+womQ3Fwg&xmoUR(V!c;CWV8SipI1(B5MRM&o-HP@7
z(xtG`L$e27S4Ib)R7vFwF(p?4ua%6prcyP?1-ZOXi_~qtZSp^81$D)xX3!+R!Pp4E
zz$UT7j!j5EJNAqbIe`7${0^Q%zz}-|%}_@pkkecsj3ht2vkqwGTAv~Te;nv|p#<)Q
z*S@6U>JUA7%X(&^8*kHbEnI^5pN+DNg<5?K(?eeZKz%{o(8YlFaZ~fRGVcOXIE}V;
z024#5=b6`74u9PZI4@Ke#+$8H=EtNTk<IF;s5IUl*!*Bd0={~AUGzA=ffB_~NdMC%
z9X9jLDnh}=JJ7Hr3iQSn1HB^B9r|O%K*+&BXH1R*LfHUJ937dh3N1g3;j)*%N}(;6
zlFxa~AL$IJl`{u%@YBF<hz`n-BOI6dgca9?G%o4YRd@ruan+SwD8&Q7T=}2aQp5X)
zXPH8mMq80Xm+Zp~JbQOvIiVx=;r0-r5Ja+<KnCR4^Y^p^-p+C@dW-jMpImQH{c&=%
zupa8I-OC~1I<7oU8oG@<Kxi92Jm`Y+Z%e&M1?pf?UckDdh8(JvWIJ=P3>_bJ_3<O`
zGpq_iLZ>uD?-YgY*vVb6WM7|Z@-`RHNE$kt;czB+I?vQ>l1)>r5S3Gd3i<vV%oBYc
z9n&i7R(cB<2i8VaP8^{0W5f}(+I>e(EIOL(VUuH0R8GSwyz2IfxUWuxS8v<_rpEq3
zyLF``n`EyHP=L`o4{+M6(UKqp-f)^3uk00So0MJsF6%t$<XDK^N$iHPuzgGgzdxz}
z2y>O?O3i5OxQyEO<IR?6Qp)w(H-~nVxQcULc#z8JzxMF0`xNQ(6OERtzLVdZWuQ#q
z4@O?&#u8my@~;3hM0cECtMLS@ATqQBh>r^yL%3ojEw^0tC4grcr*fyn=`_`-L{@BW
zQ04(T7l*{I0E}|2r*^#T5<`1Wr|fQ)t5}AWf0e`Q2=4ArD{y@relVg~1K4ZQz+U@z
z&fvPW^Hz-F2}sE(8wwQ#!V!z^{0ttz`?b*-Ix2`)T>ZneF1JgF3dm_$|LkU4*@gJS
zexM?d+Roq&;DdlRmnN@MmSc{JxC}G`;87pqSm$~%p1{<!aa<lWB`^SFPXfT#>d~ue
zP|^XF0RWO@STyMhJeVv{9;1DpvxgPkas=!U7E~OtNL#k8EH1ivk=B<-gGtpTCY5&2
za_jUE4u&R<bpbsO)7$~sLaV}NMWm>%zS|jHu98l!ChTjf7E<G*?h=}ayXQA|t(m?y
zRv#6tHa#O}IoMKxED+P%cwp-`CD<wJ6|pww*K=Xn%Or82(wSC5rU_VvgFswF5<L#C
z->A(s0TE`?{Cn@Gw7g-s+DZ~Yx$_m;*aX5ic3%*UTcVd+4Lp_fWdHqz>G^VS{g9K3
zEE~`W`Q=c6vOQZz;X&R9-95%%s<O;fBnSJcUC(r`TDcm;)XG(Aug$F)Z;5-iFH-cV
z(mxN^(?bt}QQ?dcM?o311W(l8ax;Gm0$$5d2A&A~?1+HP-ugnDR%wev)o*qR!nf$u
ztY(!V2(2VeO6lNz`~<tCb$z;8nb9NL*c=lx`(qsUSAoN+v9Izg+ZoDU(7V03fD&^i
zuKP3sc@XFM<%zb2eMxrS-Tu;t^WzC#p=sF^o`>HK@vm{;t#!=Bi;1Cq0N)<)kn$XJ
zGDTWJom1IJh@20$IT4~#`>NqUf-imCMW7>?pLwM^+}W6RYZ@z@!Fxu)i{UHl7pCIX
zJR*vnO`-=gI_h6}f!NHt0~2FhTpZ%%B(SqY>-@CTElqv~vF|Y_XJb4-3;Ol9A$y7d
zPjGWSJj7@a^glv6U<!CNNle;(D-Y<#Hr9EH%<im$qK+{DAc_LVfBb_k@=MiBfjXf8
z0NT*~nf#QVP#}2-(;ilg3IIoo_^&pU01mO%m|PS1lCLe`J^78$?kpe|z^9v?4_Ukn
zqMA2AlHt|Kt)Tu>!La-P!#fp=`r}Nr<m6fSE5w4iJYpHH79Wj6-1N`}c6FT_gE!*7
zGG6|XCmj6;Xs(m{mPThbWb__OMRH4gc?Hk5;Dl;|s>wG1oEr`>g4Y0G$tS@PQ}Dg$
zaROgo`3$xC3|Cf;?Dvp%0I*qO0JHmOT3PPMkkd%L@j%b_5b$>saMN4KxbH>vi57?O
z<#ZO=I>%Zx*+p5i#qvan7(^3s$i@bN6o(mMxtD}2ZZsPpC}h*Hw_HxA9Aua1Dtem5
zcN}r>7;t~t28aYerUm<U^x8LNLwHXBlj0ENN$7@HqLP2r+E0s5Q%B$C5-=B$Z+dJe
zT9P_SNWK|$&qP7@ng^t;>XS+<mM}ucooXGo4z=ddqE4;C>Y63>Ykj)kT9q~(mKg*9
zu4V2zppq4FfOtDoz#d#N5=Q5mV0VoQ#8UKKp@WdT&Bq7XWp4qOaW67w<I!k1tcqLS
zW2TpnO43!9=@4NNnqy(akA!~a1w^~&{*{_!ehT9J%-1eD0N507STBtcg4dhwIjf+m
zwy;gZ@ek4fv$Q``1p6>J=8WMR`?cXj=%`O-P7<K;aRc}C(`>Wq0mWW)@Xs$=0L{+E
zkm+vbsKEJgD!Z@`<JvK&=5B1o)v0Tg?WNgwSp3Zrw7Uk7_X<|f0YrLDFq6y<8$(Lq
z5iVigUbQ;@9-(;A$YP)M`5S{EDmGZWs@RsE1FL(@A<pBwcq63y%S@K}JOH^{ct^wz
zV`UPR4e8kx*K8?)C(U3xtf`HlI_2uJAU)@u{XTK2LUfppd55I<lH(@X;@#q9-9NFb
zc!eY}jXxp;{mW-$zIKO}+FG3fMC&wS&b~4C7b`LG(X4+@e1K%sXY-@9gk=?V0@QLE
z904tv<Ea$xwJ_e7%r~FY<iMPzY#4f_dd;<4FUj%cC~!ni)eYOq^pGkRav6+VvoHL-
zx=iT$_>OC2pc1~PXw@p!HX~sMUfqI;y4@Hp+WdfSv-otAgvoup^oFjfg&+t<Ndc->
zbw~SAfao3T)ib(I?Xa!-m@ohuW9w6ka;UA#;d>8eS|R*~)u07!4P1hNeVr&9`>*ud
zHAUJq7r>47cz>ki{>YOx*SDhRUqGa2ugG@~ni&G4ra=D8!H8EJyycN<RWg{|UF=_E
zB#6X=jusV(fW^$?LjVrxi52^_UU$XAnUst+KL*-rIRsm@Ii<ThSoppkPp^@r8Q5Bc
zH&CjH;#9nlRic$-F$P-cM1$L{{>4#|1#IG0N}KlTtskR8%BhJ0+HE2<$UuUCP)6YV
zRqQ3hWojzQjn84Lfw1xikWooP<?~Q?<ne*0$3ZI=29EQQj9jwU7$p5F7<Vu?9SK#2
z#E#ti7ikpmy6Q#2E3l^`PZ#MhUU}_HyHif^gDl9o>j$X8jyE@XK`N9pFP`mH_zx?_
zh%St0eN|GN7pvZ<wc(D*jvMo&WX<_Hip+SKsK`HTXR1rb>q1TT<Tq`F>B~SBg!TEc
zokc(^ivLP=o&>LFV%|z2&mVbakZSzii$}=w76*nranlevDzyTg$aq|5Sg>a9qOp*W
ze($w)0e)Hgv_-?S$JqSe6Lu%W!Pwb5XT;!|UVzbq{noF<k|_w3KN3OEl2P@d%;3g*
z6j$?p71Me>|K?E_o?DMkQ<fcLmUwVhcZ4Qz@sQ8CXK3iPe;BaLAZe@ebO9@BKtBe^
zQxFMfg9=iPY_+s|djh=psQv*eugjaOyr!@MI(vYU`^%L{UD;4bu+pxTz*IQMo4Y9U
zvHlyQ!mL0Q%U<ifsJ)Co?+DtrgSGoBu?$Wf*_?)H0tIq&2O}30C3^n-4Ud&8XnAGo
zkCAIzBFzUxI(T256HTP_A1lW({ne}cPgK&Q{mg>Uh9eGM*SkM;Gsdc&I(<b#Qu+YE
z6&(!Aq3!Bd7G533*3e4u4*(Mb7iiO~gBTDGEpUCX@i&RxN=6PH=GE~qe|nB1FA&hn
zTmu=jW8VuzwnF1yz^nF7eAA~r1lv8`mE&B+k#GV;7a}S_4fnvaEf?VL-x=mcC-nUV
zaFO*cbM$N!tWJDL^sh*9Rvk;HJF>btgWKz4)Q#JmOX0-kkMtV041_i8gZ;7Nz^PZ!
zh)Ax4r#Dg~Sp`KwdR5`QgP>ztQDBF^(RECu$^FIwXe)Ezsa*vlz54eA=IRSJCp;5H
zOd8&ZHb&>xPL$v7Fq!CIE(=-hFqq(^8xs`Vs+7By^cd}2Y8sOwYkQq4BL%v57bhRy
z>_xVbwM?u1DvLVQA#xn?S^t)w)R%O=>gw-HOK&5bFv21RV)!5JbA)7(6meCC$f$af
z*|C%(&@Jps8^aFx;DbuBY7RF}TG8m;UDq2|8$jhmP9URKrPqQr2H`GJW9I7lzwGa?
z1q*ve*C$z)p8hSU;ku4VC1`P%t^ML^u1{6Jm`?78M1h>~U}cEV@=*aASKTw_*;NKK
ze*WZzN6)FU5cc?U7+;M>o^kZ&aL(T`T$nSdDVzER2B!&!UB?#25a5>J%2nspIk^j^
zhRnQhj&>y+*&4dif&E!DZE~2oEg7{=VF-Kjl};|xg)Vc5n%@TN_O~DPbUTtHy|6uw
zHw~)!Y!xE7GK^PzAYCdLW3N<1-yYP9yw4=hGmo}X$-K67rq#pVCVm}vA+%TiDaC(Z
z3+0=;UBD1^QXM+H32E|~F1dkL_4xDwvqTyf!rjcRJ#2mbE01pSt+(axTmb+4&agPT
zviTJkK^<vAI_Su*LyqI|7PJ|Etxi20Fb$TiRg}!B{2;z1<$o97tv4tqD1%+#j90--
zSk&7S{ixH2MbbZ755l{z2<^>O{`-3TeR*Kqhw7tRW8RT<^e+Zg5W^|YB4`tJJ2AAx
zk&7Pl{90qZ?X%~PQlG`r8cCk7Jo%B8y2<Z<tzWdXNX&K+LCZ?oaHrGy`-EZ246cGU
z>p9K4srqK>^wxVb4eWJ(zfXRR9QNqX<+r3O?glWwQ$ZjCsBcbdN)03K+nP2mf8_Rd
zL*GH#wY7mW(`nf=yHEo-pU78WS4Q9bI(_Pn&BedzzhB#iITZ$uRWO}Zr}v^xONLRb
zJvDDCq4F6oV+?O>eWm|4`u83B^=$aBt@Z$onwyT!wW~npgNC*sF)q6*{A!lU*G50M
z=x;Y}m?ixvYNF8*RsdMG_V2Qr;Y2A$2#U{AA{?7mwk}9!+SyJq`sW$=+n)1EZmk}Z
zRj1ZLucSB`kzy*yP{Q!n_(u`%h}(=`S&a7jG-a=eF!a%=h4k*VpX>ClW$R^I{c4Zw
z|0QwvGLCIK1#VWF)a*vN3WJXK)_gj|VYwHbG}UzZ=$5R%dz*LoA4mA_!zWOOZ#Ax?
zMKKCLK;0t@U=E_ns*NY!Ws7?7_u(s(4^S5l?AHJ^R)m@*l>nSQwEcQ^_3fMAANaLj
zgkN&vFs{ki)$@$eiy)~)zqa8a_^Y}uHFNjYt|gO4eYX9UkF-Ok0&~d%A=h1~k7box
zKp(*HMAML5d%3qZ?{D+`bN?jNc?}fJ7@N~(7UH;3-H6}<>8Qc#vxRqF_0a^>GX0mx
zhQGf0e%o(3Mg0!4j-oaE-Dt}MDVjxCn0-E8=@05I!6N_Mwtx)Y?YE6~*d0@id$W{V
zAd3kuODfe-EEBilF_A`7Y5ng?SOm7HHGZAoIv4ZbAZ33pkg_*Tj-++OM1{j^GC74y
zl>B27&t^X1MosxT-;@J`;LZAV9J1{+#QxDo=I@%F4@Onx7e<Q_qOO7yZCowyscT~U
zOL=9gN$N0cJ0UTeM5HN~73<N#j>qXj&^K4s>5<oJe@VZa$(DeS%8#l3UHSi#jIFt(
z2T(PcMrtCXCx<(A_gp}kB~7e`GbTE=*$&t%+7a*#*vsT7_3~LOXkN_j+j!H9I&Dd+
zJh`J<H5BY<z_=~_{*QO^4izig8pfgZuGy{JfC^H+2>^*qXKiZOdY#S=fwrY-2DDI0
z&wq&1uhru{v;(d<sFj}koKqz=@!9b@+6)(CAG1taQ#hPLVGmDiw{Sal-4tY&(&?FB
z-v|`S-gAX^az{S_7dICnkKT6BVf*O_bYm}2ULAIR`ywUNRz6U>bBC<}8$NC@$oOB_
zhQB5ZPHxd|R89{0z)sk4Ku$YQJC33Xts4O8Xw~VbY5gfwe?9W&Z$<l`dJ86?VSRRh
z88c(IpFfs+jfSUI=6w!ctM+ZIYx{@Yba{^mCYYl7RJ^ptjG@=T?U->Un1-zVMg?-Q
zvB+(iQ~$X`&y~S-{v9-OWr*}059UTC7wrwCiY7z=xFoKcEn5)X{}L<9Fy;G<Rw<!;
zaLEtDAE*?2VWMELn2tBb|3V)8IZc4Il|FEpke1Dc3PWRh`;A$s5BY(IrqKLd`?gc0
zf9z0AHDR&}s_?kKW&2zU1bZkPDYR{M1c<=wx}*?kWOSPOgE`~aH%`bF#pXreS?n6V
z@Xt)r-(?SWWZzRdE8W{PbL)<nifN{D$_bhzK2?rO_*2vU?O^|U7`AwH-)>YcH|mZF
z-Poezc{?hFo@E3WrgSks`garZ*KUS6(xoY5jM)_;3v;~6s63Or>%eL0tbYB0hJ^lW
z;r{wfnRoyUF*DfZyYV3&g-F-s=pht1Pp~fF;AHkBY;no`K0>g#lP{EwQXRfpngA^#
z7hKSK3I&d1Zep<S)^WUc4LFB<(v1H$*#DX}?`gU;ZdAsFpbD+$kU*MDlma}S$uapY
z%ICj6`PXl}&ATqa=3DsSBEl1DSu1lCwhTkPkBngBslvc4Xk(G(qPeYbV@|Y*=_Kpg
zj_XL%!(0&O&!MRS`t%a8u-+w1#lKaC{V78AjyuM6S_tHcY3kfs!I~;K(+U6A0oeMR
zvc?W?!Mb$wowRWYgGuS8X|QiQtbM2WnGZxZS2V!-j<@r{eaCHJgDJi2TT=E1Ol%*s
zpy!U4CR^+Jclr8reAn{9v2&7wxqv1AzHx+Fpfp+mCe<=X_s4&oHQL|O^JxdJbx|i5
zp%7VI<+u6ue6F+}Z4v5OfoMC}s^xBbCU`k^Po^cl&Ou30wE_DnaJ(<RzM{A77+tie
zYDFE*jRN*llLIOTm?ULJFnX$9syGCqhqXyJw|$uTnJVx3(PB&jByxn$f`_W1VaY%b
z64f+YwzIW?K(rnx!qdDIQ5Yl=${Js|Wo)qllq2yg4Fvw@0{(MRJ1&B;mLT>(1?|6s
z<CEs~fx3}l>r{0#SZlofSsJHGpcD3nEA{A!fNd{)%U-rU9p{;&vkctwMcrpkD5mVP
z%L?R!7Z$xQJ41a~lX`B8%s)_Fi*4lWDz6=rRmx9G*dP=0)~D3K%(P_B?cVMQFo!%K
z6<^&rX)&%g7BC@&w0g*Y9&g%`Tnka|0wC>q3LAgs<rbRL{P?l@V`WU>7hUQuY_onE
zsV1q$Hz3+~nwelO@x@2Fsg6RyEg+rh9MO&2YJ~a&Fa$75x=l4`-mhVMuJJDF!k+`<
zWbeFn>&Sn<4lLK+-9SG#f8T4D1t_o?fga)<9eP6(r<>GJoZUmzwr5+J*AE69T5lnH
zrZGsAE1~_M7njlrD9y$^B?cZY<x-{n<3Cq5%z^sw^$u>-aY0Ixwhg!?++!UUQZ^<}
zzT8Wv=qQx(Ofi1*HdSCXfWWqV(|^~p?T(h6U<RJ-t~YZBy>c$P*xS?dxs>Dhq;IvH
zyscH@k*2thx9ua?zs$=s+lU1C=EpX4z&5gXe9J)lj+gr*n%|_Phy#kloBf%gM`9<u
zyu3UVs&AfbyVqxqB@;TjdIcF67z%Lm=<hatUnbs(-t0U;#k(r-DW~?cyhz+u1N;FS
z-3QJWr+vM>fJRSR6lDo-v#G8Xb;14w-O|$1+f7?0mrG-pcR_#^TLEHM<m<^U+n?}B
zV_p!M*cA>_*6e~r63(JU<z^nB#>U1v>K3nCt0}>*b{dr-5FR!k`d<#iJK@hi9HQHI
z87PjBCtv>wcKL@;c3h^aodZ*xz@9N=TMk2u@@q&7y<a2^rX)A$3;6omijS3-%Sw`q
zTMw!Xi1><JZ>H{55|FrlYW>?^7v(>GONRr6>#?NMGc5}%=#(>@(BOu+SgxAxm!dzA
zZCcsa@^MBIR={|pg?d+~7lKWbEn#%uRtD?csZw<6?UIg@qwTq*2qTA9OF~-Hn+-ZJ
zYN#;9$IC-;Y!QA=>hd2jV^$zWV?7gn+pcAY37E5-LZnDj7&=2Yt5XHTPW0}b9qvHp
zoyEa}SJ`2rMkUv~`-%@jn{ia-4R$*5Q1j)}+kT_VtyEDRY4ZXxnDXl+6^zZ{vE6>v
zCg=hSq%WtGchMrMv9NU|YJg5o13s@OV$gSed<msZLQx%>dM|L3Bv$YKV>@NRe9Z!;
z!(^q~a9_ogMKJRr{`-gHFqebJ0OyGE9jXyxRj4Dhy{^dy8!-SGb-ywuZ!4t){Q5G_
zeJZ9~O4#KF&^T;HN%mXD?>_`%OL^5FfqB5@6R%4K7Z@fgmvtXZ>F?`10eaR(fSzYI
zDEBcp1^o1MdR3LFPnG=KISntZL3(3(x;S32V*7J0b8Ww3da0d|NF&YGv7Try>H$2d
z8q%bf`Kp{q?L`JK&YH3PjZaZkuRh5|T><pzAQ0SADLwIG+b@(*P3`1Hc?*g1gF>`O
zM<y%6$EG(`AS`JJ6-+o~IIoe~M3XfnkhSs>=B4dr&59~(|8(n9Uv{b+LXpuiG3qIb
zzE7}^-YC+&e*OBUk&%7DroOj8rgotYDA}64{8+h+g;$#94E*QW7)qns|9qCb%nCX^
zt5fnQ*_47HRG)fWGKw2<C-QBvO~D45l|P{@qIs?13^-rP{J^-exg>IfR-g1=`W<F`
zbYF9t!;>G%fDbh-`xr1&JovRfWOKM_jlFquSV+1uioR)~LY}V4<F1-<`@OI0j@HSe
z{GB3YX=z_t;<CT5Xvi`13mi(;1p*aH&n&onK}g_V<uiYi&D6SGKZt2Fk@thE!8f~W
zSw){eeAaAV8?PZWtdKhAII5|mmUCr$bIe7Ps&hpCGIfALMm{`$yGO^+e_sqvLdYi<
zl$oCslDOz{03!rk32%@<D6>(}bw`+ZV6FgS4t`KbqM;Wa`LBHHU)pF0rhLENUiXoz
zs~}WI=EYV5W(PQFKaZ~fPKcPdZ-0D{bMC(_4tQi^R##U)V4-$aH*SO{LWy1yuHza)
zqN2r_-L`DGRjYO@0Q~Fy>6mtluBoXQg{0IOU3tGf6L6H?)Se!8Pjd=>udWnv<t3|^
z$!XNTQhtA~Tj=h-C16)W(E37soG5N|)DM~*7wCZVS9P^=BH91Cp`l?@k`bu-0f%cI
zpwv(%o;acA=H_$Dnr=1XeslDY$yD(`u3SDcsO~t75MwcG0))nX^ARb%pOj`l?{uMn
zp2a_`+>k97+!DfA{!{wG+^PQ0K{LW4fY6`PX(>mHKcQ;#B5?DDzzt>TBXKq>lQm3Z
zZ_P|cO}hybU@Ve+c-r{{%?HDol-88>;ie}U7!t;+C`3GYrBZRnMLQ$<p`oRuYb*bG
z9i&rh5m$@%OHr*Fm+RCCj{{~G06s+xZu+^-@}{&3s01C1QezQ7!S-^UqQZu-MKSXL
zE6C9gM`~NQDr)$xjqqSQD?lew7mQVm$8w~tyF7TU>rj|}$?2$n7N>0KEoENOT|U3U
zC@adcI!2;E^RW^xou*DVk$Nk_KZ4#>0EF%W!2DMgCaE0_dDez5H8eIx0A}v`&9zph
zcf^=_6x?qq%jL`N!IEG*ogA3EwCJvnjyca&q;cKGG$w_ATzk}2S2)RB99*F7Q}CHY
ziaUJa*N3?Fr9)HY&A(orvsFeuy0O=w-LLbTTEzSACi^vvje4K6#$8Q$K!-$z`>!Xw
z;)L9^v$r1u{lTBz>3F<jr)AF!2EZ0gEPp;5rt%{h8t9#-aw4Ar9mi(?ffhvH1M4U=
zHCUZ8Q#NrP=?KbWs9cDYHBdtrUdK&w?mg$dQNt*w0m@~>Yl0INNWEfG-BR;iy4nc2
zYS$rvl^uP`qE#fG;<qY9C4}bmndJlZk4L6DGehNn4h2xbuChpMU9PceFYJctH<onn
zM?)|V#;N)Fi#Kog8o6yu#>XG`+E|$Y)K%o=U`qS|z<zryq3twM6iq^8r?U`O!GMdX
zcrY@cU0k{iI+HB{9=lI~Vpv1kssBD|?bgN;+~56znMZ86?aQE`J%+`0QCtPa(0Em`
zaK_Dz<#*)x%y^GuiuazLmy$-=sK=lH6qCQZyE{C1VVk0H+5w~Ih*GBtpM)AOZs*ub
zu_}%0>gr?d{t9P6$;ut$qP^TdPeWRszDtmHe3J#QIFoB3ixnDBUWqnx3a2uvQAx_=
z1|gX^ThQgv46@w6;2_9emj8X%5U6>0YwW*HdXnI`v9Kw5as0~{bhx(LCO#J_UFtpF
z6z9?c8GP=&K`m4QoW}yy>jdY%z*HiyZq3NM5Lr~YoIsCx6_3~Gp^5iyOR`V));{_n
zwh7zIeRko>AZx$t)BQKAJvWvu#aTA48d24rcay?$KNq6xovW-Iw`<e6c^nC`bfKDn
zz-m0$c#IoW)Q1KD{8PAeqGyOJx77WO5uVMv&~!O`VjU=7X-ziTIazN-Av^LP@w>D^
zE~yT3bcvw=eP}ds&Z71y;hp$-(8t(pBc%d-nt;fskstqV6%?rR0<OE5$z}1TT#+$5
z+KKD9NnPBXj2EtjD9xR+XVa!4(!D>QWKuc>aAe-0rFATV_`I%(gdyGF3O{^~%os`p
zeo%x$r4*zWUrRf3^eATO_#<@Jtpx7Rr>(ii`N$V=v*0uJ&VCE_$X1~AtW~ZMPG>8m
zxVPusftF9d-H|W3wnVLGSfQt<Cm=G$`8yZ9k|HA`uX%Zu#hKLDp#4GVh)esG>b%w@
zGa_$cSsAA1MnK;Zey25C3d5b0M?dx>p(oJ8ku3Oj6F<vTKzmuuMmU%KGKkn$V}So~
zG0Wm39$r3;%6nW4R($E1fR4VsRF^5XPqN~Jr!&^*Hr9}h(CyQ3noTaVC^Y=)>kONG
z@+EP>Ghu*7a1VABFd9ni*mMr4E5~Om<N^C%pe4U@exW(P=Co4vXCmC3yqnEO{LvZh
zUrOs=OU)~{yKgr&901ZOzzDDjaMhz)1m*jID#<n_hLyh4fefr4whaiO8*6{3ish~}
zTS49McyymZ4oLPM$#3)O=2zC|LS^c6kwoD>-JfL>$x)!aEnn&Svy&lVg)Op;2OSkY
zGs1j<R*g3gS32nA*_!5qHt}qzT;7l@ZT6ba<k&nlQX5(#PGzzy8;>`GB)l4i%~z64
z?zRjL<{}qb<VL|wK=0(aH?DjhoJWaDn@#@Xcdm-z%0lX0A#mIna_1Nd6)~1DxR!y_
z+-X8!SgYl5?nTQcE|yfeBe({P3;=9Q4zQWWU>sLPdLRLEu>y0uQ03KomSu2@nL}qg
zWi`kE+HbMb(Xo|h^QV7}x6t5&n%AH&BC_}Gz@riO6&%TrZRV)oWLj`v8A9qH8alRD
z>1WmYo5#eN+`_7!S+mA&@k5g?pLgu-Eh|d$xW&XJoU~O?{hL7rDl$cZlTmDNY+u(t
zm<w52+JG8cOn;}$zY8_pV|cqCLnijgfsBn;tCOAGfn+V{Ix8F7UNeI@(+|hVilCD1
zi~H*3iAx(q&uV*g<=T9sNAFY~R}(#hka+139X8@ZL9nY0tf0l;2auX#b^R=#OuqE<
zx-mLs1<+FA>f)6eRD7KGO73|T=MsjcY`OA)CSVgM0IK_ads2xk?#rNexQmi!42dyP
z>b!o8FL}TyS=yCTwcIWiKJ0k$B8;ILr{H0c)M?@bZWKoGoHY2JKH`|F(rP%U#5&~B
zowB)RBL~l~x<Kw7X?id*n2(=m-Mqa4Y9m_}JvTed8$#uX7m(9w!Q5|*oY#YWiMfR>
zOzSl~ruQdac<?|`LYeiTqQ}laVRiB(wPPYuW`UO8{+IZIe->y^omS(m_^$VB5O+9(
zyd_3!V#3R{TjI2iKJs?j!|Wx6DZ(yPQj#kuxO!W2Of|?yiGpdp5`3}8JRNkw#R5B<
zW9gR6;F_nLf%E8t+N9m67URa_j{wL{&-w#N=3Vk;yuF_&z~E=%GKRA{cVf6K?e0^8
zmDUue=WvxF9|WXCXo7f~B8QiHuu;RaAsDcSp&$dmrh^KFa$Rd#1d+kKOv(N7E34>g
zr{D`{ciF)?rHzL#aWh4Mj5WTX*LowUNw7z&Zny-^^_UmAKe9LJX9P5SpVn5<=*!&J
z&@y}RhbH$3okZR(!sFj8Fy&fmBza*+9+_qenjQphm_x!%8gb9NT@pe%`n~nDx6xcS
z-V@Uu?GJiAf}Pe}=&TrCovgW&H2CP}?68FS*QZ1MrP>Nh>Fngy+Plxurk+U}NfLSp
zC!AgIIYy^vk3hwqrI3h7M0q)b3#csKUE;wiXy%C{SpteRLI{2G-HC|8meuG)x0~3+
zuH(n$6#Q@(#{q7Vw*=>5G@3?s_k^FER%^cQxsp#erm&pI-<hE)xv(!Z47PJ`>`EY|
z5flRiD16%qdz|?2Dt5N_4k!<MC7|OG{GGT;0xLu{(6D-&E3N*cz><0CODqZu`j(mO
z{elvvm4d``W*I9qP#KBGZ?=TW8hB;~=FwunzgbcHEF-C&Qg_c*;D|{fQt}hmM=FhP
zSUz1GtDs1c+%1ox2zGvZcF<(pW$ZeHRMDo>uC=oI2s9GFny0H@zkV5dz|6fnihmZ`
zNCXtVn_=KKFZU$PmXR$Lho6oFP~2Dr<tC^Eg;P>c)7jE`fx(}(G8$Z11ir0bmZwmR
z$SbLznni((O)fl&uE#%f*H9hH!Y4vpEt_J`d0d#iJ#kGxm9x<Tv~9O;85ePI?}rsw
zbhTF=#vhk;dBD?&Q!dNSb`*15hIoN;vfs^P<%|Ok{kLO2>V;+vq(LH^IbVU;S`7PE
z{%A2(nST$;dxfY2!I&3BvuUShQ<@WGS{JW7;tkjOK?_}y|Dd$n;^2lyA;B<f2Oi+0
zbCDjUpf#+D-)d*duH~sSfE=~jy7{=IKMC?><V4DSk|p7N_RAJ**241iVdt=^$cRbz
z-mh=hUg&MiV1hAT?_a)n@kDhhv37NEb!kU?8#y(g>eNVGsLaXAQy>Lmu+ysUKCb-J
zP({xdl;`}ZXq8cOfEGJZ@n7+SdMjA}zDQ3*UZ;wonZ&5O*dW<hj=F!cFb#%Cy=y8~
zCO~;hQDU3S=JrqnS=M4WBSIS*)InAmyEJ@9+(B=U@5Gg3od5}dHR$Fr3d$%8l~+o}
z*N|}wGUw0NHwYNi%2UC~&f^;jeNNRsf0&{6^7!0MspGKpSeCt~cSe6D#@OZKO!ejl
z`7D>+TJ`37s1KmtH_vQec?#-H(1Nh}Gb;_+es;^gz*GS3nsYd+mU5gMo(mutcK890
z>UmII`L|D@xY7lKY;Kg6(RnEuwZJJuT-51gmn9z@LnQL10C}5ij5F2gv#z&y=6Fg?
z_`-}?>PM9!QI1EQQ{`<tPL*w}B1{|LmE?G1*Jikblt0)rR9bLLK`Z#%9j~ePZ142_
z0YP^Js6g!-!c?l*z~;66=2<wNOrI+me2A2Pu(?jG3203kD3py^0A#Vu#yrkp7#w~d
z>#@00`YSYbspRhHm;;zU*bk`|R{{qL+T?>;2Sx=E(RTJuFmI@FZuz`$T-EY`hr2fQ
zucg4p8l~P3micep<yI%1dzYxx^zsW$on)^w!SyVlr1{0{e_GqH8Co1-{LaB$cCjiD
zC^nu3r|7szb@{BH3+PbGU)O$Y`k6yd;0?hpD^j8O4m+R;ZS&wRk1?(EZUCGRga<t!
zIBFgUYU}4R>Si!+Yt*X2puU{F<2ijsCt2E2ybRQ86IReUMmEW2d;qgcFSiMb?}d&Y
zJ?eoA&ajym*JQG?c`j2wLv+6|c15vPcyP+M0yHLptS=(czTxVUU0Wb7{SO^oHB}kC
zawrOmZ8aT8Pv`c5uQ8@B&)Ij>^2o3CT7*V8`%|z8nX=rOkIEPv>+z>%55JEQf*_vW
z=j_Y8LnkZWs-M}5Y+ri0eXzg4m>TGy2N19`&W>VCz}UE^LW@Csr?Eqbi&xBE>b(en
z%;7-0)^~kGsu>!_fg5bR)sL+E@zbXRMCej?^_xm^Ut?A7$B*H4DUXa5LFAlW{!!lj
zeO^G(sXcs{kIQxCz;o8MbQl5+VdCE1Edfx6&}Vz%X!k_Ns*0rN!UGK8vmF}>U}6RC
zHr17XDOP?>aosJ=b+t4=Lm^cTedx^DA8OgWOO(M)7^i#J4G+?8de+$CX0sT;5&*(3
zR&0>9*^{G>cQWqV^R=CB%pP9ZQq*`0x(1kYoATjmCMK1j=>Fn)&eq08`kwSmIxB@V
zr08O@7oe(a(!udG04jdV+E>0*D<^+!nt2kCJ>=fMoBRK75s}`4cqz$Xm*^7t7;5$|
z{W*v#_%ICbLe0%og6=UZltJfcpa2yemO=CJSl;CrkE+2uhC|}#FH{2bc6wPEr1W&M
zvf+etRaX;4e&A_NJ}cMsof<o?7nsU#9G27PaAl01am0yy)SyMEg2vfR*Y<(Ic2+_&
zt}V}Sb(yElsooy9`FSVP`N}W;{JVGWCNK_G`659PHoePexETUV?Y{0c`-Rw=mM!oy
zQ?zKUdSgj^{u_(-E<9@^UujK?z_yxFnHReI60D%?DnR!+tGHUxjC>H;twT#td3g4V
zQdDt<0T&7Dcgzd~)T7UYBS~dOMZph>t^~AGjd-$7H*;5ISKP?pqXmYtDQ$ljIHI+B
zZ46!?$Yy#!We`w^xR5Fd6Jy=4kCT%<`fL%ZF1EHGac2IuT<B~=iy(t46F0@-`Z3^)
z<$uY^MZ4OwbBR7TRn2xSZ}en3no9v4B=p39^~$c`UBuOag#<IQZvX;a6kjl>FpGdz
z<n*+iq~%Y;mhqtx;E;`iutK5hIeR8YlOokwi_mog;NYJEyHjN{!5AqA)G1~y{+vaS
zvERy3@|gd|0uKkH9Cq;r_D4dde<#tPyl|qt&?NXI`tD{R+t+G0X6-WXkYJvTm?NyL
zecb5kRXwacuBFWDzk`&pnZp1Zpv5%yqU^+Yp%z$E0~J@PKi3qBmMFC0u?|K#+1lnW
z2)CvvDP<eDc-m#aNQ+ZY?1KI5YKt7{+Gt`k4pL3&wKNSzax&Zp1v~yz*b+EHD7C!0
zo$uX<$$2+!IgjjY6Qq6-+oMmcIdF1h&u|+D2Zz=0*FeH}iI$#;AkEPI-71#Q{wrJ1
z^fA$X-ZJIPEJc!J_hAdmS_{C+HpUS*%(si`!#EG`ThftcYYsz0y5@~(SP*`Yk+JPy
zzV-i+juHgXzrO%_XGh(Si0acazKf;cG=)aET-xr1AOuTIS!S!4;xDE4Thu1fz$2+U
zfih!!(EB@2+@Ge-<2t&gw3&xHb*L?v!th{-Wqx}ftpEAnzu81nXOx-7+?=?ksXo`}
zV=yYl^Aa&z1qZ)<m}UxscxF=q=ZBm_T=RW4eyl&&*`YUXZ8aWq1^H#k%$yIjmM#DB
z^kZe>{-<<f`k-q%D3B+y4$+be&LFW|xs>U){Zhyt2J!a)f$q46mc?f#FCeTwDwE!T
zV}%jJ#!nY49-yYFugQP~a<e})y=|QOvGO(EF@?yzuliKIj~)rOYx`12Fp^QnO^3?%
zo?OjPTvt^~*<nGb?GrbpC*G2{`%2@&sE^R33BUT_Po%@`CBFwoVoGykOK(h=<c)$z
z9z{o@4;CE3#!J^jm(A`bm)v6=86Wa{u_GcVYiW>ky+k#pS?c9`FIUauJrbT-ms1mw
zj;&GKrYq8`sW!NKHw}}Z@w7L-h#R#xWj$|EjO%brQ}k=S`Dvx`Z^dwErdpwRWP7K`
z%%_Qs2M-=}M%HW^T-B2MQk848QdP0s#`Fa1veGbG<9F&ES@ztkyNwy{^V6aN`>oB-
zn2YD_AGwBSTURBXmK1g>a5rB2x>PX#F1WM2s!Sh3H)d@AFqiE&KmE@zZ^SO2lUG9k
zS}w=6yD!S4-kz55Pl?1&-b}5K?3%H=!k?h*bt_WYYjH8cvSVg5KhvmW(r{(;dE=8z
zqSC$i8L!1C^3snOr!e=IDfCW_;{skQffD!%fzxn<w3*(%`*0-RY?*`o00?R++CEw7
zwZ_c6MfYG7!k<egndl-Awgq5}OEXiHr^;oSS0J={nE#SC5E&L2;&7s~N`a(YMd{h=
zpYmn263`hiUWhy6Gj70Ts@53dSOA&55=^;_Jtm^lla{19<5x5~Hm2VF*2dxfG^f)2
z{v8tQKk+k-f!dqbdw%kGN?R?BJPz-)N_nA#u{Xy1Us}^P<MOEFiVGyf27-XCfJA#n
zp*`xWbx}-Ywlc&(0lKOPaJ9BKTDIlr1*nkyMIdo|0khURm6n~kOkpD%3*|~eVDq)b
zeqIw*q*BCUf9GwOi|Xl7yR)NJMC}wxPImGpDJ0g#E&<DLRAm|V8hxZy6L3z3zVW1h
z8V?)ohHa1hJ~#e6NgZiqoH<-lNJng1?)IM7N;=nrHKKoXq;*&Z)eYp$D@a-{EF1<)
zvR>O1Yp>ZO>UCpU-`_G=id%N-tk4;u7(N!JLTrz?zxr{R?7Y@2Mc=E_S>@7ep719F
z68HOI9nO=trX(LEPVKL}ahy)wYJJ|*QkQTOI&i;wv2=dU?2Ux0rnj+uqqOZOBhf6S
zmC*A&IWIh(ReDUspFil-S9*0%NSx5ltC}%yU=~*DHQpbMmSEZIi$bndTwh!d4lL=g
zU+^ZyqPcEw<aYVZ-RWK7DjZVtP<-z2a$K{!U;y#mHRBb##3MAqE1RwIXWdX*d*6xD
zhZ7NpEza8YJtRk&CUhF%e6w>0tBSuwKKyX-SY_xDvRFjxKq&^1L-Dav$*gZv3s%2@
zdC(v(7(E{J_&gdO{Yg7T+FFljGEybbzx2#10wv9WeD;h@_Ppzf<uZz?82fqCJ01>E
zK}(HSpoOYP0UUpyw9#>y`k}eKYMVDG&yus8miFF6E=p0BKk1zjoE8YEB|0NWr@vdB
zOm8SsYwj>OmA6KCCK8qhz0r!hyKz;O`0!OE16I>J=3v1|#xB2&_*?$uw;v}Ec_SkX
zkt3DbH^-)`_N|wg55@YXe{d`PIX{1SvxTm4puj(qxGpgVfw}M_j=TStuSm<2)gOhm
z0oZy9`}~~=9Yu^ORCZZMOlC)S*GWI&K;K4ev2JrmjMdBicdlxtSd=I%2P4kvnq8)k
zs+}?6W3e&mCCazFxYBASkfrGN%?mSSF*UTmfMOsP{pJf2fi1D3u&(@QHnPMZmy59a
z(w1*#$WbrT)8$bQ`8l&BV6&O6CLF8>@M`_&QU7T>_QKYN4s;iv%SW^Ie4qJIE9s{l
zjuAGSXYU^=gIAf(Z75kaG|B`f`Ond#8&RR$j93$u+>fg9h_f)$(ZfG~xMOZrUaM`E
zZ*-c@7CjNlQ_;vLLFl!gncl5!>=Z17W+U30uKgfc^;cyE<LDPQDe4@;(^b2#yq8$X
z<7sSbP@Qb_Xbd4V7ySILR3ERs!O_o3QaGd^Dk%NYsdH%eWv{~|sWK)}spTI;Rg=R@
zrcRC+F_FP)?dXct&Hmu0#m!%B{2lwo&kGTigdI`{<MgZ~rNy04ac!jy&km&9wO(>h
z53AuE(PSQD?@w<;B5y3l*;|e#3tXGZ6Edevz7!pAJiWkE4Jby$_Bpxoa1a!U)4p$n
zwJRSFj5mrw{Rk3MHdUt%JARZl3yIt86@TZ5igo|LQAnUJfn4s$G^Qu5Lw>H!`V-kB
zB4dgqGI}Xkq74h`+G7&9y;l(RIj`~W+ZSWIxL;i1FP&eRx2!|(cXAZ;I+4zNJ0qj;
zylzHUXm^H<{a{)I;aoyiOzc32J9*^=6Zb3R-n*N_(0Wq=V}X@GUqU`M9{)a#Og|Mh
zXtWyt`SwJAx7FC*<p!Ydi&~dr$R3HHn~q*vT`soDDncPQwKU}j(=kW5n#_F?URy(F
z+_e8929Y5vBuEtRIhCj3eUyA|c>denvOW&aFA)a4HL9`6Ni`awxZCJTrv`eDpZ3cu
zCj(0PSgael0qaK%qHXqU^@pZtjG<8}Ts;NkK%585G2ZrP`;AL#ImaSeP1g&%#Gp0F
zP9&Dx7+A*MY_a3FoFponi&b4Qv$z04`tYROro5_j_nCakcc`|T<;azUK2+V$qa-Ov
zu<Aggkqo-el;W*TKBq94R9&sdqsU84o^WER3|)Z6#3v8gYqX9?Wz?;e-klvRGJkLT
zNuEVIv<SPT&g&bjbzp<xzEP$B=E}_yGE3%lb8~ms^*ch-GW}0Gu!O-)vM9rN<FOG(
zFYm`21mDF;?SQlbq-pqaK5?*{a!N1xPKmFG(;L5&%N?0-&8}mLh`JcNTzJaLaz<XO
zGIFCZ#yN6~f2g%9P#L0Y6ym+Dl`;B6xr-0p3DHp;D#BvD=i>kH!N`>~cAz)89RwJ7
zJ>{m^zUZjQeB-!B{?=b0Io^Lih={{R_6cVx`E~7btY#t$f{R=mgD<t$#I43FyB1b#
zgdUK)4DV^@ItB==9<#*_<hHz3nbne86`nGYZpxika*xV3`I%k_Ib+!wrAMD4QMcI=
z*?xbS{k%s8!;sWy&n#idNF<;#(ml8(S5BWfbNFYIuBOpJ2^H6bS?3jOhUh@)_vnw+
zdq^&MQx6^c?%Bj<<9|5P;|yXR(OKc(-gET)shgD`xnU;Pm?xy#Ks2lDt?IW6D&3eI
zREl`b|Elv!u-U-a<HBa<$;@7~J)1ngUnjo1@|4}XiP-{89GZEhqR`%jobs@Pp=0nM
zU+!|#yeILXy%ATf&vdv_2`raUbe)W|i8IfO!KmPtU*_Ik`LbRx8kI0Jc(H2bNlmh<
znJwK$oQK)^d)VTSn9U>oRgJL0=ys?<AHlv!heV&UuK8fF-qrp?wprc>Gqm&|)D%u<
z1UJ_WEvTDpTjE*6`x9K3^TS~-p2P@CXmq^z(;5Hi97lBFj3#!WZw1?9+ATT0hS@VE
zhmeZ*xPU#V;`C(opfRwy^V&a1{71BtW)vy6?CS-k`Ut7-u7dXBKgM6<WuGDxG@J7p
zS|sk3z#DI|+?+nlE)Ag^Oj*@q5e^RWe=YOvmCP|0)N`M%<W4BJYq5!mqxW))f3|47
z8%f5aRzB`Q{ql@3m$lbeFcV5g(s_ZK-?GyR_jY15LO`sz6<56)UuM57H^%c8hROI8
zI8Uye*d>DuDA>~}vO<8i*va_MJPl}#%D0|0H&OInv@uu6l|wo$ui!5B*DHiZ30e0(
zG|_MM?_#WTG%NLENLaJNtlOvIpO=Ux>V5+!+O*`_Kov<&I?Rolb3M;3JGW10aEY14
zSn>XZy9Z+G9eG^w=S=Xa)<s@4-<Lt(A)n>(r!^jM?D?4!CrsUX2Fj5wstSZyGt5aT
zX4AC}hC?>z%r2izn_V1%OIE(}HTQo>q@12N?T(l{+eb+d51j0<9N+Cf5~7PO#-&Xt
zT2JT?+#SE+w`rzSK$#X_E?ZJRNWxKYcVjvG8|3!~4d?py*Oikjz_gat3KZNK=Nf`H
zznLZn;a5q?&?y`5KBlBcrE#vSqELV2gqkNQhS<74va>Sq!?w08sQ0?O3ze1r)+Kk!
z3@hA_tODV7TdpW8-;6xz2e4BL1G{vvV>xoIVL=Ry?~=z;B}oh|*yGO6*tO3dDb7n0
zNrF6=n)I$)?CrmWJU>nR{$7Q!DyqrRG+S&G;L47FNQyU)k%@-{zY~SVo1#?sTM!AR
zl`Fk>osB(pSRre9uG~qk-tZAWdowYwsnCKS0ecfQ_XlUl1~2Vn5w<s~@T#-Tuo?X{
z1i@)D%8qbLIxHVU3J)M2goFy{m~OOi5yt!6Lr60>0=~s%_B&0>T#uK|4nsRT<8x*>
z(HMncglBLh5&Gq&wEHv<A-~YR!-BuHs;vobVjgVZw*nu`Q>j;#LpSL<7cRIXYaW#}
z%zKi~*Mx3@4GH$$+)WvK7T;?6CUg^e14*E?Qjn4H$tww2Y>h_CJ|d+!Um}CZK-4nN
zhWUd8%5yp9&9$ZK1~%uxL#$VkSd_1E_5>GBpn=>4!7R(Pl;2mb{`^XZ89%6i)D7A=
zp+hVk=1d7$zW1xN`FG3uu>swCE62`iZ#}<)Mn{hMzD2E`_jZKqEP}1-YN^?-i9LQB
zcY@KG3TAk4yAunS_g5Fzj7=wI!{gEtEJQo2=0w=#hjoyU0cOeMyMp>&<$mS+9rnfz
z=}$cIU5aLr>yvUwa7|<!r1a$+HOKagU)4@I8DU+r`#z7nn|WSIj-2JogD;ataFv&0
zs>p1Tw|<(mWIWwD=Bu?<dGJ_a3c+f1)zLLz;-!xSfx{pU5$kABhh=Sn{MaAKR{f}Q
zYHB^t^;%QiVHP{Qe35Und{w1-@U<I*UpnftU4urQ`tne_P{Zi<U)y9_Vym&MFpauL
zNvn84x^C+M;_a6$nmFu*auV)r#4$(L-sKb-m`hse#G*$`{$PXuIagznIo;T4ejP=T
z(gt7RQ4-D~sAI#Gx*O!tl=Vs*LjSN9$qQU{2p68rR-|{zDXcEuZAgZMSkTA2uG7^8
zMUjA)&O~)3-jdsT)+HPt(serc*Ju`*aHd=iow%@F`~Wt3z>+e71?isG7TxhjL6K?)
zC_uVt$)rdz=a_Uf#>aRz>3laaWW2C0CTBycEl!EGXnpN9`KL?m6bkgAz_AyGsh9_!
zr#$1!U&rK{8cde%9*?i$DBPD6@u)Aq8i7^vC6-vnPWfXe=5_(vRnPFaOq}^L352ru
zmr3WIbA0GOgNXI%4Ylktb=(21a2)3Sc2qE7CBq=zE7L-BXH#Mil6#ShMTh8g)u!cT
zaRR91bA=V49gi=ZXbyTrT-d24x$Ls?GenC8kpoO?uVHP~UiZ2FP=!N+;=W6p4F#Sg
z#;jn<cfJXE;lR@Yr|t$dZO*o*c=V}2+9{_n$=;gBUGRzB>sPg0&EEPB+$y;fUG3>P
zI~d?0XIXzh;A}HlrvGxn&Xmhz7Z|s3{;%bN5<5SvQ#~FMC18ZHWb(pw59x^%Z&nyJ
z>6AuTxi;I(_uy>$ysuJ<k#Q<sv2p5#F^@nOz$a<<tsr>oct{9^G42#YaY|!?r*Eer
zZt9(@v88iU{mx)5*-PY~t79HZ0-<KYcvdAFV7d*RKB+U{OdL#i=ymE~{&{JjVqvj<
zdXE`tuDH>1a`Yqt{|NgPQi_Dl1CQKsU&<ho)S`>HZgIDaOQO_EH>xZ&`bA44&be!m
zn<28&Nw-eC&q98ArAgOGYI*)LCcn~f+Q9c1;k-Hijs_ePy0Pwx6icS$3($?Vf>@8w
zT#uvq(u3+)_l<}*X1(aOBzf@^c|Wz_U-xr4+_tM|guq63eXn+b8S0_)OR3BXXo{O(
zvWRo(bHonC=ctFA+g!?F#-LhqO&S!CXhQ|zkq~Q8X11bM$BpU?DZ9Fd<o#^&0Y-dt
zY%<pK^Q(vr!FAQvJnRU=xsm-r_gL>s&scdg#Uz-1!<IO_iP;!L%hI$%Kd_qHSL`fA
zN0yaTJRp;t$Q4nRAt&jJxngs>9yRQXOiIi4bg+*!a8@)$I6D?CJzpyZC$qRRz}@$@
z(W_W~NnvcznT?sK1P$><|Et`>7UbNp=Y?WLc-(?*oolmqTbKBz@zt3D>+;&gNzl-A
zy(7;rP9bH%zE({p7HXBUwa62FZxw1?Q{<Kg`$|nsSFri*S}d+6@{XM>AbzpKE}Xq%
zP2Kv`E|WyBM7d7}G)t%U3DN$lN?Y<~O$PVr$^)yhxI1IbSZyh@=-Y?zVMV4X)CHBM
z`@a{o=cpj1!>=B%R_Mq3ZaKF|w0fvPWQH?4yyW6T%vs3iCP;kDAlB&s{kdk&a!Fye
zjH!}8xd5CB@Fyp3Fwh4juNP;pj8=zd5@(mbsfdT2qZBoNLC#K@H5}g@A&|wzxP(tG
z%MRq4RsR4ygg>|*^049K7yrmaXSLW<erTF8CL`aaHerO=Ve?{plSM~t5Y5h%?;Iud
z6VABlBW%E=N})8B-DtYq>5+sK?fQ{g$WwrqnlZT_G#6srUzxzNKhh@IJ7JMa{>#(v
zBF$^{3n#Rl&3GK9+pt~lJNe-6`dRX4DxEq%u$8-70clP*9F+05aXfjnV)^rOlTRhj
z6$Pu0`Hr`%jX^Ae-YL}TaQ_$isplXOBkaG9h^Rq%pnAJ~=I$k~&;^Ondm@Zfm!?~M
z-#BPj20i()@pd!U(Rle|)j^|L(x&FZl?cSgow6Kz<YzvghlW$Pp<pE917{sAhW#7d
z0#M*lE0dkE&1u;Rk?v}Bd~o%>+L7y8W#3x@u{y|G1JKD!?a7rytL1lMh)QyzJCV8Y
zosQasPVsOi<N*dtbwQjxv<{&y8Xo5tY}%Hn0SnpIxcbt7|K#3+_i55Iw=*X)bB$+5
zqxhNqQB9$;`qs&QND%gDet<En-@94f##y2`Q`(*(@Z*#uTfP{cRY4?0{$ZSNZnbPV
zzfGp)E>xiJo_d(gMkk|4g@t{9&uYK>&EiS+%xmp=4@2Q5V!nGq7;;@p0&^36H#$4A
z@<IvS>n#d{(Y34HUwngSWYx(RRu7DHH0G+G((&--kwL@5(N2z(6PNP-Sg@RV<s~s3
zM#AWUY+VcS`E9ak$w$iZlPR7an&s7GKip=Q5kaBM3wOe60=AHDMd``YWr#bAW&AR5
zFX+1|a#qODa=f7Dbo6t|Q1ZUWC7<@HdL4-ei8B^g1>064N@ScPWr!E_5YkSQd8W8B
z?Kgz7Iy5{C_`Y#NK3Nrjr()1@1LrC(dyqU@<L_V~3JkRjwvC<SvW;f^*_9>h+*J_O
zcI7$YyBhjtIKyVaT2g+q{IvK}$Ib!VNe{U@@iI9tSKr6xB|&Ge<W>yxUk}oL>%zHR
z;PR9KD2K0hM5{pbR7~w3m(0K0E9dw<iYJIvh|aG*r=srPz@53UEC!v>>I|4y5n{h!
zdX?yveNcM%CG=r%ELWh(@m)NtxXt*-h2Nfbaab<Zg<gx8+Fj;{N$993tMx_2w&E1*
z67c#7rpOXZc@$%u!?gQ{g9-CTq1lY5*H&|m7Fb|eDSf_)LG6u$mFm*jtI97>K?!H4
zm^-spPI0^?ovpcE?T%*eD0=9a$H-+8QK%~clB6Zb7*NUda#FrclLLLt{6<_H-un~7
zOLy)8)0Ha-VUValN<{ScF^6?8@JJ1tDX%i5SdW`10*|x52MGyR#+X#czZX~U{+g)?
zpDoc$mA-RzW{zQD@SODd?()m@k#a}@*@EQ)%_Z-9qDdwZu8Di%R0O!3%%tN@>&;@t
z4ZGkgy?csx*3H-iorFjFbhebA@tb4%v6kdvdCyb2+FMws$2{4<f9=EiiGTs6opnuN
zbCi_RARgy<qfrCC@;+m^LX4|Bi{@G^aVL3?w$4aR4x)t@oUI83GBeelJL`xx8_jZB
z^U#<V8|#&h8;)&hv+gak;=Xv;&??jBQnknVT?)_rE{>?%3<y+ehT53)`x~tGP37dY
zDnZAztp!)1OST;`#$Gj=M-Knr1_1|+Jw(r5S0>n{qM42T(zH$klxx{YNN7-MTFC7u
z?(_d^?XAP2?6${m1Ei!=y1To(yE~*Cq@@J}1f&O$?(S|-nnAi-kxpsp-;JJlp6^l4
zd9UmBnm=#`=H9XP+Iz3~EX;DK0MqkByg+G>s>OB>DaI2Q`L-W{%ZXpE42A{}2t3iz
z22Q?}#ocD-^)4vvaNG&BS7b(2tMK-2>2`-1G>ty*z9HCPyqcM1+mi2x1)VOSww>s`
zs6HrU|2{RnZ>lmWJgZqf6Qtj?w1{!pWV4Ajo4=y)>7&*(R~UEc>w~l}Bi;L7Xws~w
zjxAoboWo4ZD7Akbvh2iX+g+Nf_+%G}LAf)8w}^^2**O3hb^9n8?$yP)*SM2cxv`J!
zMuO{<nCC=>&#f`0jP(FQb0Z1r#*h0Y8ixP0caSyT=BmTb$!??4Ztd#mYrC&mTg|A6
zhKp+X{t`w1$prX7-~i(oGQ58%SIqmm<LyTJ!Si9L@I`~X<f|pE4iEa|r41H^_VHOX
zcI<$q>gpk1>L2yE)|8iDKJon^)mVCkO4doC#1-+U1ezEcfP%7o85D^-Ulc71fGwug
zN@HTF=ho%r=Ax#TJs4+r%BsmHqP8z^Iy`ZAn79{?a<nkP8HZ3aL<y<Kto9`__hzxJ
zRu1_dg70)Vj*XEA0$zxT4o3#N`{_wso*K!Go{M2;OUXt-k$5dTM6OH9i&K+|VgU_@
zEW@mPHtoc%Zf788Z~<Vt-C}aD-t*oqal$`sa4_Sa_^Q%w=IO`1!=|~Y+uHY>>e_SG
z0-pr)oQ=-omRrlzLtTO%4-z~#?|gvjYmXSheqMcbJ^J}X5Rcd$^di3bAVV)#LnwM{
zRL^!}aZ<k+6_Lw8T&}!g11K2mVtR)>ZgRAH7Y!Jkp9Rq3WnCU~*vHwL^{uo<T!r(o
z(<<)g;O#x;@kLM8U*dl5u~kv%%IRo6kHM025Tjui6W#19^6bN-GNuaIrG{fxbEof>
z*`8S}IOTJ!nip6KfDD`ywZeMLyH^Fv^JeK$ws&8bmTG<1Y;LUPVHrIhzD;|v-I5Vm
zaw<S|n_upTX_<atek(p8i?f4?veb5-^5v{gQPUGDlFgR|QtZb6%Er1Zp*BxnM*qU;
zRVu&3G|k+y)cpy_!)g&ORC@1vm-~r`(BUIJblsZsA4lg0@K;$Ob@OfLzR_(W<a24~
z2MfM-GZT-7ke0a-PoWU+6tUS$pwsM!v&&-ud;Gi-Hb1+8SD_AzKm%Q(g5w%IhmwdF
zO5C?U-HZqu?-4kq@F2R};^3+_dG(Bi*ugx$?PuYsmcb5_NRBFd=4NH1wtUKO&(cm4
z)8+hf_tqoB^B=)CvpyQHkO?kYQmrmnT<9Ae$~IJ-9a)sM;2#MRbg|x`Q1z*C@~j+s
z!L2pF7KnowrUjYWtmYZIy-*tNQf#!Ju=xz$4RFEsB0McIohY`(JctuL2ywO>e_d|*
zv2SZV4B_cu0;_gTp-&v1_Uu+%ibb;XX+s~7J|cmb{IW?Ca8|`+jTw%;yjACz^qQI+
z587K^ydq6Z;|94TzL0LK2e?f-$K+0}>A~>61g=EufkSb)JNAVN?a^kEcSSFU9nUMf
z%{X`I%rtNN+^ZL_PEL;RwcP~#|Df%#kLF&hmjYSwvGXEaje|Y2DpZPAL3qojG8>@?
z^*RP?_8K+M3ZYV5^S2hcg|V#?z{zG28W<2L=<hHnDLm*SWElMJAEt`;KRgT;lnVHQ
zo%U*S5=Vfi)ju*nkj!xYE}E$15PQPR=UZ=AhJME~E&1|7=aWe2B|^MZ@J%E@iBxPZ
zv-+x1^`(#|VBXzdPy_I>H&e%RU2TAI>;TRvbvjU%s!RP42=|w)Df;6UzX}p8;%`62
zuC?v625K3ue9kNp;bZt-f8em~VoD{@3US8&)s1=NIoCdI_>M*&28(aiP^6AB{}BH+
zdus7%>(wxe$ZnaF>l(5jJ&@<-mPl)i&=&{XGjT}O_}!M=BTHAd^3!81)VPM8`tf&n
zGkY~8vUl*ZbJ$1M?i86GuRlYy5{~{)dkbLLTuuAgG;MYu+<79$Y7mxXwRS7h2E&6=
z=b4WSVN`+vWh}yt-}B|0otWuj#_cqmX&+)4{YI(nsn3y3sd3O<_eIspRoC|te%{w)
zi@cygsJ2805j1-`#NT=%;#*o;Dx_(3Dy6q~ID$%LdNDhL5b7q2v^8QQCaYbNDh4>I
zsJ3E3mu#%8VDoea8E_-l?*bnLtss<7FKn&K$X%)a8Vv$O8;KjsG`vBu=W{-aR#s)#
zg$)Ip^q$e>X&iAEau_<kyqN#Wa}4VT0SOy=*<aBgJfHn^U^%*{New0~q;pJ;@P21-
zQHTQ)+Oz0Z2OYfSKJfZ1VD%qgkXHBvlxQ`}2O$8C+JJ%F$!p&xhWK(2P_^AtrIAy5
zlF@xLs!q^d&m}y^x<EDqSHigJH>p)oolgocucxeycvfqNCxivON{Y0}oT%mNT!2~<
zO_r4RMW_4Vf68(Vo5~tMud#s3y=@p9YqRBxbqne*RxgKFH|qMH$=u)-RZ~;bH^vYz
zV{EMQN~ej}A-G>Yb&N~Zb-V8#KJ)K9!hil0egACsss+_{yPeF>xZpz9eBOHt50D7m
zcodXu5s(iC2zR3x(t8fM-fXh?rooL<Y5n_*vxWVe(Ih5cKHgRt_abOjIVS=<;O^Pg
z3*#E#GqlVql25;TpkN+!&i1iRIo}+-JHW!y=YUzecb_zpMg5cxt6$QQIf1v4#=?cf
zXn2&QIBeoZ=asi{^kI}F*SDQ{w#L2M>$V&A+-x|lxpQ@mMq@xzMM7_3n1xGq>T9Ko
zp}xt$$G;c*`WdK1NO3P8rPCjPPzoKG>8NS`!~Q4j%R5a<{PzPRhycBMzh>nUsR^E}
ziRw_Y^)_~z&^b7XWP4TG1mewcYs24z{5^NsXHS&vq7|;w#plU#cZfSzo0>dkt%nzF
z@c5Gs5`gSs$fxVF@NtXNvC6uzzdK8OmnBq7U-oeI<AIBq6G;@D-7(9&FN;g)2B5d#
zIYu$$e#si>`WyIjO22V$4ZKsUk4UOTgRY|Dh+#p=G3AaI7|5WkvgqIFFE@cA6NQU)
zIq!SKJ}$D>x3l%;?Qc0KTEtOB!}hJ~us}|2kVJ`gweq@Zn$6DYIm1bl9VqhNi4pbm
z*QBfD{bSPi9rhU;>s(t)^mWJr10l0IX?kJfpx|){v&9kW(XWhVrDq!~RUBz%Kg|XM
zi@;DMc!tl}!g?=pmv;1trdxq-ZJG9z+BA1_{*7_Xj?|U3iqLP&hkkZ2fKbfasZ~KC
zAP^jRls*GH4ZfLv?!Nf6F6C#c79qmD_=g7&Z_^hZ5dozp54NP?V|&B#=(s7WP|11F
zL(!=LVNffcmVSBjYy(LF-z}MW^x1N>VU;?$`lFq<U;v1TdY3Q5Tj)j{*wd6II@Hbd
zyXBBb^mCA=pyAzZt(0rc0##LqV%3jD5KYUIgO2WlofnXPYE~T<HGT+iNS&f%#15sb
ztMvQlaU6CFCcx_0+d?9@<_irA>$+Z+wqzEuzdw0Zbc?NXrgN1Q-Z(^WNF_|;=_xc#
zM0@;ZK|-ID+-uyuS#7r)n@pne!Ai9g#r-D2UqmivfQ<&IBQfcT4WMpGv{Y;!skV)7
zFP;8%p|1NHy2IZ5Vk%HyEhdJ4kxwqT7YHW5*O@!7(p7Dq!^J)|`>?~N#uVlf3?7o-
zLLuil4LSW_``D&VPoc!s_;>I!K}o{VVS5qtzW3(9x*2~g$`d(*59VI2r9V-udw%^B
z=pk7pcz=rpe<%P{<aGBq5QiiEVORI-2vNWwZ+F0+41Bt^9CRv-OdVv!tSevQE5zUB
ze1Ej|6BTGbZCcW!^95LY<nruyPC#s|6tJO6_y1y|hWuQj#OxlxCW3XuJ&Lj2_)U5+
zrT?4TP@=91P86H<w2O!1c}jmG8u?D3sm`Nh+v)MG!Cr*l%{0{&pmMi?xQx<L2(W(r
zv!8m1i!!R{Bddz#y_VhG!;6vp0QkBx-s3WTR_9d-YILPB|M{ig>}b+{=k*oEl$_kC
zAC*y9ocl+>hez(`Lf+YUAZT-f?FrevJ*ScOm#TC4hpO8r&`?*W{?_vzCH>;g=<rN-
z=!8*gl9}lZ9rd>Dd|_c>qh6<*GhcVN*qBvY%j`l+?xMp#P<($6!0glYQ}y=Qsf_|S
z4eA|diu$Hce?ejnTo!-sApk7pmx9TY{iR?gTE986$*R{zJek=qBtO_(%##KA`#;gD
z^U9sDUqDk=EZN!0H^5>PNwlA@le<o*hv5mr{M}e4(*0aD>Y?1LY=A9&Q20J$T5$iD
zMx{&orBMq!d-wQVVpcacHdKdABxr$UX`|5Fn<?^apdvHCc9K|R&0_i+kXtD@*@Ug7
zp%)vGAeQ>O{6Q47`%#8bFYiUD1`><qg1;7P7mMf**HW1G?clSli~ejP-p{8)LEza*
z-}g3nFsdeeRJczwFc8qDW~C5MaE$hnkawCL_qLpcuqmx8O2T+lBU<p?K9mSmJp<n(
z3jQP5ZI<j;Kf|Cw8d8BUART~mQ#CCo^0T{kzq(ucj|~Lqu2@i1<&ZkR#T!6?7VPxn
zAPuYZC0nNP2f7AMM}<w#Pm#zyXSqSY0m$XZ-)|9l`=MD06YRi&E43u-?4CC(k%7Ay
zTKltUQor=jmh!Iyfy)7>8}y4ESwq7kt8o^0Z?kh**D|M-w})q2F~e=I)J-RhO@N()
zbSJAdK6T?ncBp_nx9UIpD3}0we~L<=nd*dk3&64{%CxIHfU=!EPukmq!&aPs{Y4Gt
zy$(Fnz+X;My|@qO#^-C*F!ytGzYu)E<@JHiRShGspKot-@?s&=(F6}VmPG9JZ+dBx
z{_AX6wiq?-M6FQgV$^5-CpCKxs98mF+5I%zqKF6#YE<%k>2$~6NQeD>`%CLJs8(nQ
zcx!B1tW{zGe8guaCjim|<XW}bVgE!KIEwt#qqc+h?WdR%UgQ~q0r7Clke|w?{W@`u
zkFJrnlxAis@n3mqb@Wmk3%V7^en^qE9QsX9auR;_<g#e~i7BxBHUPOC$}EBVopAj9
zMv(AEP{Qvh0*|gLuSj~Tyj<qX=Ox^%W8!lvdU@%u;c{{@L&tPLD1*#oQ&Ntuz%R`3
zKj91i*h(b@elGmexcZ&U>(lJWN|z*oJJj+W@!xX`{w~+}_oOV@j9o)(Mb_UQ5dSJ8
zQR4U9HnW)>!Hgg-(0GAE0qlSMn=iTdp|-Wq6YBGVS~T~kjVk@$iTvN21x@(no@{mx
z+Tli~^ju&@`*}e5&n5Yn=Dnr`SZZ=&n?PK)_0PEM2Y;LJzB7WeTba5{8eI~IYphlz
zMStY${p*`v6OUj}CNpX!2xjyQW$v<s906y@SXiZ>)#m?0U;L$UfIjqqzK1hj0^#W%
ztgyBJXA*z&-=8qD1KgvgEXTB(B!YHdL+*)4?*BVZ|7zO5KX^_07ua2u1f6i@-x~6}
zW(p=jGX^^*u|iD#rXl}lnT^T40jQ-@#1ntW0{F|XOQQZKa)z~#_<wi^(syAX#i%|>
zkV`OQSBylF{J#oXRKyd&_w3DIIFA&CDqmD_dIBH<jlB!+*^s{(q`$r=7z)whL21wE
zcNF3TP-3~oexUt1u>GIIms9;yuyxBt^ff-SRa4c&@`1)1XA5xt>+_<#{6+vk6YaX9
zJU=JdUmNnz@BaIHiNr`#B3uCK!-;xhu4!C^OC>4F<IiNWe|EMX8Aul?E&T+*B+>jF
z9Y1pYF|OiYkBy=NG8q!blqXRC;F|uobVyddvH$)hv(yav@Zv2|xk`zG!+#%VY&d}0
zxr=(A6*As1rwadHpCU*&3$&;oWBvLMUoIFA_v1742UF9VTzktxAdf~`Utd4ofGJ@b
z-7h{KW46hq*k-9liruaRmB-3TLw;n?`}CHUe&6_(CjR>R3Cqjk@?`VX?=~nSR}KI_
zVr*i<<knjD<|fgAw0qo#wiSGi-p?>Zu3eU!4^hX_A2H{ayY+1+$Hmi0A+=U!11Md&
z^Wyq8P>(x0foJEAYm_5^_}IWu$PaDzT7b6I<FsmWuF^Po6K9J3IH=ZTp52oDj&M@|
zwkhHdY5Kr5(82He+Uo_o7wBYP@52u%PG)n6I-6N)HEWH;NA{l5Wm-=Dw>MDIe*FlV
zNSm@Rll!B#x2M9^r3*DZPLm0}5nA*~%iX9$v){{NTFerM+h0q%PWZ+j(O6<qYW%#-
z#P0i5`2-Z?*cXE0<D~%Z6N<mJjm^E;Lb`KZj_R&QN*I0pPh4ceaEKG9x#;YkXPv7(
zLC;WoY@+CNlD0--#rIZC)oMgE50=EpC-4ZprKN4uSXK2~t=z{15~i=5zI;4-`Jv?8
zG@wzU-gZ9eq^gxQfA<IE2|g7iB?!gIe%re!EC{?aJxzXtf0&ro?;Y8a&d7DUZlr+D
zn0d5rPNTA<!Ubd<as$9bvc;#SH{a-YrVXAw$D))+G{K9=03aA=+)GWSVcsk=mD$~1
z0Xcg(@~s|g$==7i0<eLtp7p0@^wh8j)|tz!vlWJ|HYEx-iZ}~@%Gm)@m`_;JC*u+E
zjf&g(6|Du#2PdpEm-;bBhEJgosOupor&MKHFJ$=>0df|Z8ReNz9rS!-iJ=p7*tdlj
z^oq)3)2>Dn12YYk`q(%)F&<*wo(7~BorrQ)FH(4UAnVG#wUYQ7xN|Wv0kSYQupm^l
zqhG_0`(B^krErR<Y}S8Zg;;8FH%@5Z%UcfJp0EELG(MzAds&L=jVf~{fO4oybM<#M
z@$VI~MW4|c8y4y@ub&P`O}?i~p#e7Za~%G$vuCz;OGchl6xGrJvad^96#y)kE48su
z2Fv4{v4AtxDgE8Y$7G2n^tlpz#A9Jxv9XpZwHr&Lq{(UA{J9C3!2ZgxESMp_t~ykU
zE}2hMUaJ8d`jAj>>%3zvieX}E%lOc*trYnzMqW}aaP{`~TzV9;wbs^du>8jE^-E6)
zI{O_q%OdTyRGXbr^Z1*bv}%S4N@g@PM83!30=uGItsJioJ>_=Ze8r=@1>|l6D_W)i
zg;#_yNYK#Go<;VOFd4B_r=Gn>pRc;<WJlox>e}h&eomPPn3}%4-uC!0YXnGeo+jRr
zHgFxfkV*h<uezt-kx2$Qggxd3UfzgHG6&_k28~VG({3HpnQiXYTB}0^56W8>D`NdY
zlSe&%a@XE^{3y1l<?_cYyN(&nJWVSdEb&Vt5gVn$Y7!yF9+Z-TkVOXSEThPff=WN^
zY^KqdUi^wA@iW926^ik7v^EE==LacnX9#X)=J8st8$-LF@6^`Y&f9L>mK&RgZx6W4
zuir{p#S=e2J2`p(=7n)+8aW{YVP6<@%-Q<B>yERs@|fx!@$-&1pGyn8^PEP5SH&Qt
zOijt`^fV@}5f|nJxX*2$gde1uZ9chz0i%d$#c)7_SLV3c=tLSDFx)1N*5a`G_hnIx
zwS4;eW|++^rJ}i;oMcbnpAbI!<BKHv4LN1A4i;{R4Ws!6#QQmpq>NoV!;uSVC1w;D
ztXg|Q%E+$8uY68t4H>(1^yS^mTzn)dFwJ|oGMP0s?@9xk;Tu(igoHpzNkW;pS0bWo
zD_O#t)HuTU0dF2b|LOIf^ocl307(eUy2q<0;(IvRZ$AZ;W3h>&JkCCYhggfQp=q%%
z(<h?zoLj4HK$9HqQ?@G;lclGkVqMS+ZCI3)8BootYG|jYr+x#(k6yLC6n~(L_@pmE
zjGLdxj4U{i7_FAE$euSnMs7MG{P`?X#3d5~tT`utM|%b}4Gj;m=WAVECZQ1_Th$2k
zSRhkJb#;uvRG!GHd^44W0#4Jfx+*Fn?w-e+#|-@0DJgsO_NbMr7=}6v1{@R9DyF85
zfUg-DLh#WaUtXzilsYoXolfdcU)0*aM|pO$cYAT^5kAL(1oHN#Xms;VLj}3(O{$?w
zE5?(pukOA&kWM|pM>bq<=-&ckH@qwL*9%X?HDVrJ3Bwqt%D?WA8jc@W_H9p8Z~yUx
zjhziaQ-KEb0sMlNI&9L}Qi`dzhSge()Bn$t@#c*IDx);kiFF@;!|Uv`aG-gJOT_K^
zF-lj@{HqM?tBDwvocybXgtgSa!U$=J&VMdp0uwhB6~%1tSm`~X-Y*2GN$N@b-a$nM
zs+yAN-nTE-HV!m8oUNp(QyJ~?!wCdFX}4W3H5X=Qcjn$28-1fBB2v<l#l+CObS@;K
z_Is#lh(DWV_|~V9^;gpjmP85kYkoEj(VqBe{5qFVBIbrA+?pna-8Zd<J&S{ktSqkt
zV~li{so9!WUx{5j`G0&_J^{+cI?UrI&yyLQx^JWo-_a{h3*7!7@mPyXu-WG1iLQI`
zBD){W%1As;bt7wJuS7r>>M_!zKfVkI?}ZAkq$23){h|S+8A?4Uh2dVn1QpK$7grkD
zu;?kBT8!%C;=7nYTC{qvh~TOp_vlcDStPT0&_Y5%A%bgbLiF^?wNF_S2cvD&TEp>u
zeq=rl+{E#{;z{DOMsRU<9f6-VkQf{+Ypj^kb#QZWQ4+dsd))hd;p|i20}@a868AB%
zq&}5U($R%S@E%EG^SGv5^4Ph%zgSye9|O>Mj34a0>g<GtpWwMn3{PCT?#)R7rGeSJ
zN`EcJuMk)$M#|hFC$m#i+mqUFH@OWBzgk`F?b%L@8(VL3r0Bli9Vqbr7U}QkDvpH5
z!UgIfg9<~FnhfWw;VKWft-kq!ABahSDgTu`t7%<d`$}&9jn2xL`&TqHi^8hroaD9{
z_wTn*yCZOL@R%S}O(2EO0t5Wm3#Wc#)gl3&OI%z`#nBPAw!U6P$*^s}c<2LDfL-I7
ztJ+<(1b&w7d>z7!>(MHe^R(W10k?v{F`D=BY0u-G9XJ+d2^Gp-)p!HJBy5}$vA%$Z
zWNR525PN6HT`7uG(J)Mg%$yw37{-vxi2*aUtFyJy%hQ9gAb5h!uxonX4w&Q3DII&Y
z9RLSbzscb1-u>#?KZlCba!eIAvf^D0B;<vvjtXDOBBHfHR)TCIx7=x?{j$DQK{>(H
zE#G9K(p677geh_WCLVzh%&1V;0ntp3oe!d+f)vHg)s^~Xuf|Z|3j6>nB{gr9bW!t`
ze{YH}gSsBFh!c5G5z`#E$5!EK_{mxQ&{b{XXJ~FFT}A$vnY&sE(}k8V(2$XZ;^NS+
zM+%)T;#1w%wQ4Lz#lS1Cx9sT!HgOn<Y(`tmP6t{HpKc!b`UWg{yQK~oi}iLX8yTV0
z*3?v>yF?G{DL$;Yq5;MA<<pE_z0HeM4{)LSfV}x>b91xhV$)qV0Da;qUOAoyRQ3TK
z0z6zcl}c49s*ROZR%>H(>BdsLUj}at&kBS8(Nj#Z@s`fc5{%BFf{=>qsf59kRnG`M
zxMpI?a$Q_G3OPg-5ocHA(u<1d+as;wY9fgfmrh92;y~v1Of@|{DNOp7cc}*FRacvM
zL4Kh6?w*L`3|)@hjruMRk0w2Q9yYQ#3<fRXW&7K-+v6=Dsp7td^&|rZP*jh-RPRb5
zVNNpl<3~d5PCI4M_e%*0o{EQaYY`9YY;nTJ_DCS#^XBDIpxC2PE^ydopQ~D<m}_#u
zxf^T@hHNTy?pSEN=Gb(Y;x3*p$#VmE3OkJgri8$7EXvEt<>#!LB*U!REQ_b&c8ueo
zLab#jqWdC&2pTz)*741dUk6SNWy#Mqwa3=2x+$7y5}KMrjF-S<f-nejUWOK2pED$F
zZJl3*fuT@A2b>%+L$~g49dqe!TFxv{`RX%GEjaqabUfu1%_x%wtiKxPWY8W)swj^a
z)YisHhr%s-c&-?IvzSyFE@0}4>y;p|#hQ3+xs`~9k1ubUONQ&)XsKwc^x}_O7O<On
zg}lj!T-)8X@%Z8wXJRxA!o$Nm0pJ58#pSo%L@NMbBYu5YKqU_F=#Bsg2btR1T7;d;
zBQa?3lBZjBzFdA()XRv}g`vt2I(knT8R>$otj{zQ@Ivku_1)8uYmF*$&UZ1I%#f%d
zwcneQwKt>PE_bXd*B>=qby#pG8PkOE?8cwzYhTL3uc^&orz4P38hAD(Vhpp<&}`x(
zoLmjx)r}BLpA%SHxP5Nc#-XRw(bGTIqGZr)csJ>3Y)sipL8?p(*UE+q_i^#?k-UI6
zKb@9iWz&w^?ExNcdE-k(9zr`+-tZM)7nfSvj~WO?bkq;34hH1!H5s%<N5~SmnNdJQ
zYeX6V^m=@_<a_s&6+p78ZA@wy<N{P1iS|pN_&F<{)8|T16w<J;3+1Gf?hF_#eYqMN
zX$jQlyxCSrVhsUC(#u6}h2;RCVn*=nzXobhQs?I6M7^7CcHPVItrT<CNj~OGb8v8Q
z?r3pmjc7H=%gd`0Qego=GNX|Kw}Jo<a+{;f^;4dnHnj_|O}J~l@CM*PH2{CJH0cyt
zXg0K?m^nIHiPfh=lr8`I`ljVBrq3oK<Lu0Jt}*-0dxD$*4Ndg$Fl4(XFHd^$ZgUgM
z4o3>*iRzh%w>KSI^_9&PE2wTPfkcRllk)=`2!c&jMTI07$+nJQ$|LOqsN|&J?2J7v
zdnZ$|6t96Q01Mpt^sL)@WwT<GsHhqqm%#lZIsB<>%jFzrQoL#5-N9gK%?jQ8<q*W0
z!61BoZu>i8AIyLohU!;0ws56h&38Touf8K|S~O(XxVR5i@S0|(B!LfOFFtMB6)(@s
zXlh@45kbR47x6q_9|P#CESq#$S}OIdPPl7hSwi&^PaoL1k-nopNkapTkBw;x`lN}V
zKXc^lwK8>}Wip47?j`W$UG%xaD*~?%CR<({J@qAtzb$J%<4zi-P@F#>pPiMmZ#~5T
z(3s`(Xj_nT)B0D%j_q{*72YVB7yT4>qMm2Fl?+*2PU|CT8hWJ=7FQi*W%3@t&0s4K
zGp(K>Yqr{a91x9f6?zH^h~Af5`6pedz7>}F>E$I7yzbbkzm5`}pBQMYpLd62=L*}}
zE!PDeAA+Kz3!9dzJt^R-BlOO<#TI#|_(XHULqoSY$dL1LTe7nkwb_9Q3TeA(^Y$$C
zGiZxC_*T=IS8S|eOk&M+bKYDt3Aedq7HB)sc4!K>w)>t?+gq=tinGjiJ5xpjh)8>S
zm5EQ7$~h=XgVC!D?b#mBeoRnMRk$aq$Zzh7wfNc<EiieeCUKlXpmy|N*`mU7qnH9X
zq2t(QrU1v8W(VlZ4*wf4T?mhzov0|pqI>TF*Rvzd?fw0{s{?~f(X~$zWMwMM7oX_c
zdC^u6aBQ3aTjK+>lumSizJi_s;C;dXiu6ErwE3Vc-#p!WN{KC@94J*!AXO4h7J@}H
z^~p#nB`&UeKbVe5aP9Ib;(`LeJt?g<XceSU?>4JW6rG`GV92i+QIs~#)D~rzTK2u;
zTXY&;oT`gKj=t)_@wLVic`H)Mh`<!6sIA>py9dBu#3T7H3u;Tfo5e8>sA*^@i92Ma
zq@<=?4ZIE^`HuQJr(7>Dgca+I4lTqPIzn+=NAbJHI6UXR()K|rqU-cw^1xsgVY-;M
zgZ1}JBWtQ6Md6}vkZ^566z2PVf}PHHt3tsdmNXwv_Sl59%B)u!R>g2JX)Lcm(TUyh
zlNd5)_F<^-LbJDa@VD11-#WLNSm+qoZGL2i$KQ3bMQhmSdQDcd;aXpOT&lzbiM?t2
z=5G-iQNe4#v2T-~tY1iQZ6aX-*Nz72eUGQGqHQS9{)rf|;j27TC6n`fsap}jH6Yl7
zNtjYTKk%hv+`(R^Y0L(s4@?Hqca8fc!_a!dtX=WaPxuZXx{Y0)?jT;U)9U_^X<Chu
zQT0R)=#F{)ttWh2S6A8qpyfEPgisV6-`7!AFKN(NTN7az0XJ&$3jla7-19nN`7NM`
zaXwI0nmSYAw#;jQj$>Yv3OEa+0o7jRCl?zIX)Xcu;Y*irKDT|{rmsObYC6bp_6=V>
zsK0(_ib?ZwL=PvhztA}amaJ&8da3gC+PBqMg**VXDI1uC#&odcnNYp6OQ6>1(}n~p
z?c+@f3BwW7%I+=TdWY^{oGs>s!(;bEOhQ7%O@pJEVL9uq(N)N{m>yN^kAbVBvl*;|
z+&t5Qgy%WBs3l|qpt`fYQ-4QN9mz-n0i_~E2PGo4*+4|}Xx)+zV)ifkLbY7J_#r}r
zMS^`c+@qb(hKW@rtod!SCJA`zD(VTgGRa0+4_*zx@fJ_9jp5wc)~b)ffoZ1MM?%Gz
zKuEU8vA&;oGOYE#<JWIZNi{QlL-(&LVW2P%#!0Z8KjrkP=zB^UsYlS4%+i?{6BD}`
zF~6^Bhc7DYbJ)GHHNeo$xk_XLOkraFXH1xfcJb@DHx!U-Jo^o?#^?n3Bg+72u*PX4
z^G;4j)EL<(a`guohkrp3D4`rZNH_TTv&pA3sx?a$T@3~u*VI~FhLO;Bv{~h?JA27?
zO(F8!TPBn1!@jpH%@sZxYs36kxJ>};OwDI!iq09}WochcGRq|BOKqe$MR4miyV3!8
zQ5okcE%WNI-QtN_plWprT>`;qkxpb)n&|+LpWNzuJUG2ud+ei@m(BoTN<$xMChCO5
zF{ww3yRrH9n<hq*#5v5M$0v0GtyW6frob+p{mso04W)}w<DNsfXO+_PBiqk&OP!1C
z?FHI*EypjeP)dya!qjT`#VRHFBf1@>ATO@8R?9{)J$Vs@+&AmLC?s@`43h^JMc8@f
zMzqb$`YLc^uk~D*X|qn3gihVo2jUyJ5x(~$r%af1RpIa)mXEC0T;ixX8L>Q{ZR&NM
zs4v$$h83E%NSNM70e$=SZPvT5755Q;+A`QOH$PopOyK5ZJnHN@#2V385#tAz7Xk4X
zDItLG4P^<y8Nqy~v*zh*>P5tycUuYyRbfl7>*`9fWEgI0U3gmstq=6Ii&=edy_({`
zvB-D;*uSmZgsFlS^3X7*3GegL48Y`DxN}C3L}TZWtvBpoMTSt*&=NoLUMAsIe6YVQ
zJOw}xTE)B`@<7%VFn|U}6uj`1>+lP;ww5|8D?Kf%SZm`sN&=ME&bAemZ~HgJ)Rjw*
zm7IR76n}rOqSC@T<hM}s>fB?IwhWZ{d3h?zj#b!zq~f@2i`rH8U=-WTp0A+jL@a>_
zDG_h%EXs;KXM#><c<7d}b+=AKV>`Au+AA8sKK3ebi+97f{#DsN{OdFQZWmI!Cbl<0
zaNv-Te)Z%p+eNTVufB>+4BWl2%-lstm?pkna+zMlJvIvUP~<!L9<VEJQr~kC75U2D
zyKi#@>CZy{u^0NavSJ%RotDxSmT3a$e4D`pK3Et{!36xNc?#)6hhgJ0np6=+Mn+Uj
zOwk>kooaUgru$^az`zJkhGAs8+sGPn=yMuh@}hjXV!~9Zj>Ns_f&tqBfd#-Rl_u4%
zGO29qe{<1`@0*e*pIAhz1jU?{#Oq$=m`H2%wHwo*<Z@yd)Botr2Y4!3S!wmkD$@$S
zW;ci3Z)V93)#8z+hivj%7-2uG2-sB_w&T$-3pwZ5@iyi2hCdY2P7Q#ix#Zmn!wGq3
z>c&caY&?aujJOoiVoJpssHpP5p^kCWVXJIxY^s_S272dt_d2K@M?n``L_(oblak?1
z2hVn9B`NTz)LdfhqE}Pb^zL-r?DDuB(Tji;&eYbmR*nzN4mN}FmI7m-n1gkUCLRA(
zbm`>rWcF8o$0u-LY*}OwCatchxDMsOQ>CSjXsBQkjpuXM&zw@&ZLt>}dJoiMr}aJK
z?rkgqmiskj{U%v}eQ0~I+~2F${*u%7{gVeIAL%>M{l-$>umZ~sT+q<vDu19exlwKb
zC^}`P#OkUl(B^tcxgUh7`I9{W*2cMi<Xt4wn$co5C<FSeo)Q=s=sd`#!Glw^>{6=N
z{)7UvE9L?qG^^zzfl>vJM%MaO@*LjVgncJh?>m!vtA%VwhK`P*=u%s1ZO~efJiMR1
z^XwG?AKTR{=0sshRL9^k_4RCfdj?9GiySExDqi9gZ5<uUbNVouODxxBzMw^WnYrZV
z;Kfdkq81KsK}Gz_#fBY!Np7bIW5d@OO9aiNK@kIWyXVaY<=K&S_()m6o?&c_$oJU+
zRLvq{aR_5J#TK$U*J?j8uF=c`h23EeZV^_*ND|iu){>dxTP}aFw9HKU?c?Lq%!Nq+
zHBKgV4YPI7v{SZqJ~fniX3H+2ENz8d%UZ8!X*rtd8sPen5r}aG1`vJz<Ii`7$Y<Ey
z-vPdU9!1*g4zjcrpCnD6f})}v0JNxHo5*n>if*sj#X~2>YjUB{S>`A9op1evu_Zuf
zrQPJJSHv&LxbA>spqAM@I$}ogTbRtLMa|@7U^vJa>?%41aDr;5gp>qm35Mt$og@}x
zt5o!n6ir=ed_1<>J7SB%uBLQXlUhlxGtXfW5UQG{@TGNLh%7HfXQV_$Np8JJwBqJ*
zTUGS*#0lx0`|tsaoqjh5k4q<2ZZaD%Cm`b8*~=s3)5zC0l-(M6;w+v`KTF{D-s|DS
zPRABb)f06(D5|i`h5_%DU<%Z>`AzwZ=Yi8(c!MI6Opr6-sGBwu6kcn{+9iuU{}y5Z
z3qHJ73<(ccLF7K17r?dbj|tm48Q&O3KoGq95<nB2Ei);B+iM*E;qwY{PLl6e!6y%$
zQGLk(z0E~N7N}n85lT!<JR|oCZqe&lPWlJlrv5wRu{aI=!XmHJNsXy?yk)0hNAB%{
z?1|Iz_S>YXasvrKgJjETDDXFi_5g>9691#@NPh9z+1ZJ?DQQf4&6g}of)tSs&4mj9
zO)~_8?s82~?J7=4aX+}r7;|ilC631>QBcpe)X{p+g4uA_PS2^aEtV}3xX@X%wHD~;
ztBV7!gDGZjaz@5?2<iMHderpPstl_4J7kXifute=0)qNsCYfkq!)#emNrq*xoCf}*
zXGz6AOKE)~iul~8RF*;~8^sb-2@|DwttazrwKZhvYAcV&vWz>og6=|AZiH0T=jAr|
zjEXU>{2irSIP|{H_*La>3VQ5sb4uf(=Xd~^E!U<shMUqGC@c?Aj2HBj^Sz1~3DYs}
zYZRwSe7g69q#V9hEO1uO%1R8Si1E1X;WC<id<hi`)xz5lJf7rH;Uwt&p!RrnuRTm}
z>X&_>@BjuYY`2ENO#<W!RH_m3jxn-PZ$x#&{QW(66F4NPo*H;Lu;l{x=00_?1pQ0v
zVDFaO%Vm)1+AD3!WsjXw(kJCP06#PwApOF}P5a6M_wp`moiU)60Z?XyqoVfE7FXaB
z!ey_r7e5;~?x?Qq2>@jiI>j}3K;KJ%nVFJ&eMU)aeO9vtHqtymnHw!3CjQLoFlM4=
z!q5dAEs>MNUb%u+zM)c)j2qFV)N>>NUPK#+ub=ATm`;p&P(Zmunst&9W??2<1}p65
z;rJv8lf0)L4NaS51W2IZ4e`xyl)lZ)sdiqLFQd-~lO>eQj4H6N*&@=f-_!e4={l2B
z%FGsy%bm2t8L9HFE$I`7v|sN+L9H;z;2Fr^BY{*t(2cL<bSuWUMEh4k7!vT<`FmWM
z-L>&<Z*9d>z1EB2c-`|JFMla*HX&i)c$IQl@*(x|B_D#9j#43wHxV#fBg4YLD7gvh
zY6_fAP#2k6D|kywN@m=j6Z5PwlDfN{C)F@yObhe12xOWKZnllQRpJbqoT*ZsBFLT{
zzJdiar(Yekr~CWQz%zx-o-fvCrNdbdhH8=DSC<(}w!aN98%mKnUuqVvrCG0i$76l<
zqj@9ElU@(FXOP-ea@fv^BJ!Ca&l6FeH@D(9BH`h6Hub$`bCq%!6@vd(^P~5yEbBC@
z%z3?UuT~RQVfA$nia=wSH_X9IrQ8+{a1}G&n&&|U85?n$G4D{vm@t6dY7_O`Hs%`l
z)zMp4pZXttUwCIs5j-N2(53XQ`_+fG<$3wY+v4b>Vw>7pWAea}Q=3Fy@_u6Sjq3Sr
zF@yzmL{iFu_vHeevY4mcDj3C^P|HR2A)k18i;vRup93aulvp||W|k3%wMP*Im3$Pv
ziqwUcxDttav8q)A0YR7CBE7CI6&60<$;ip6&Z%<A-lgwSb4)z_vpV`N_aqGi6u1qE
zN&6D{hlb6TB{B(cb>$k`#i#!Ax{8ml6|f=5OW<>b5tEQi%30Xi<pGwdx9s*yHmy{E
z*gs7LV5{3+S7&=Q4&O9L=_`9H*^U9rxU2vGNSAt^O$wi%L3_jZ{i8JZ$~zL$0Yf6|
zO~CSE>NYPh3gB`rrb=dc&q>r08|vHElZs1?F2He!WA9&JVD?n4pD+1F)?J^(I%d)e
zp91t}3zygy*F9|yppJs701^oOS)}iKe3l3izn&uZRh#9at|>oqGGcS)X7>b8vpGjt
zl^k_BrpqMcEhP=zT16_`#N?#h%Anc`R<bO)ny#wmN6!YUKHJ=<H#0*Jrj=dsGlN1x
z@duGL<HJHjt#m?)_-#B@@5PqHdXuG^ZvY<!NMlM0GHwwK9J%|vPBJYDTQ=G-{>G4i
zKuaJt00yk=Hi^!}YHn0urLH|LH{Gr&(_LHlq^@l^I)y`5(RKA`4%Oe$M3t3{BA>Dz
zN-Xd~-yIQfJQPEj01g(mN*?Hk@6zT^mIx`~?%*)#bI8Ils|#!@Rb5>b09|l@lCPNG
zM6@l!b)7K;d%NoDrVP65iPF-DeGCf^$8i<XD#=f9dTu_5UeBI)J2N>c2AoB4TY)+?
zQv-l~;^b<1Id_Fyhk?8AonV{S1>eNfRGu^uCC?j^?_`yd(?&2HhiMDVZo@+6NZ8oo
zDtTtb9&D47xC{$f*_&dEb930CVK{3w<v<NR>b_<3@JU`!9rL@kRu&<x?Obz{=v^nN
z)?F62t2(-g#l6%tE7J%hP+$i=d`0%7M;J0vqC%?Qb8*&_w>pdm(H6`LcS|;on(REj
z29SFk1V3f!ICarO29c#59Zz>DNvD`r3^wl7*qnYWt2;G*pVJ}%VfvWV44f2Lm4dT%
zq}>x+uUaJ@sb(J?7mrqrUg37Zo`3~eXt{MQu8=VJRAW5?;*UOUKx^Gfe$;_5HB3)U
zl`~IuVb?hwQeI*_J<ra}^aDzO=%8mel$6LCm<$52;JA1?9q~k5b9D#-x)7SJTI;+1
z%A}34t`OA1tSo;$DT6%pVyq#Q0j-#ZY>fJeGpY3&qi*l*qb8Rf5NAm_$;x-K_9oFm
zK5A}l1JSGVgN?)KF@O^sGU&pE{P-H6g{!E4CU)J4eHV<=z9c!!dsA~;C39SB`6UST
zr$_V4OXQHv;%*ez)vP%!-&k@5HT8|fMZOx_oyel3)&d+XBuT(lzpFiGRLKy>Jv-=P
zDyAh+KL;qSn<UvxRyNNh6H9|7eJhJsv<rYAk=1a8R88T`^!AoF?tBU{`%Df99%w=T
zR55J5uZo&_e*7wlX-f2K-XrTf8&QSH@I{c$oS5%*d(Y$25P=2?zbuj`g$+%~7`*DX
zd!78pa1r@l<_5f`RGw?G<Q_gEVcxaKzWWYB7af6^l?@Bl4H>j<@;+a>0sFdyClosR
zn$B_z7mzS#hifJ);O}}cn`@+iD@~w{gWSx*EFMcW(Us*%)*M<9-kv$x`Jlh)I^^Ep
z^zuVbSJwzo^JxamsOH|aP)QP8$_1ylFWj{VR3(yb?87+JTwxAtwj_yZSmVFk%%(~b
zTLYrRB3zn9V8CVX`RtcMSgll3Lc?hs;_89Y6SdN=xvkMIzYMM7Rn-Io`e=4vFbPG+
zkuax;h{$gdYPekT`2dU0G1ew;DBnZ`j)0IFP--hz+~-qga_lcB-kwi>FXR}qu?VHD
zDiT}m*;ud6d|}on4n1XSYuD*f68|a;Q7u{!9~I?*2tAASdswi3cZcl_5p4a~um~cb
z^w!qa#N3>4{gNxo`Pz>`EDbx8=WvTKw9a8Vv49;_1f@yu1)|FXVFZFNNs$2WB`ypt
zqr~)moCXj{pl5LLecG86wwW8OIM>7-Gy#~n{5_<Ec|S_GSU7m@4fg+Z*;a8ZpGUKE
zbV9DZ?ON4mqMz2)56hsn^pua_#=gmHjE{$sR#JMbL&I|x$3N22(b2IPh&feI|0-t*
zFs@1f4hh_Xka1=e3rZad^TM{4QS|!pknBGPJOG_oko`z$I5IdOc>WCaR|E$3`(d+&
z%y%6kmewpVP!vQ&M6|f5-Mtiw(pE)9O6uCuYiqd(R-V&j_wgX62Tcbgw(LKx160>>
z7!=cK;h81vN`S2ZZO~4ti@4!~*qR8;kk9P}+~#|hp^Wr8o3B{N3WovK-^q_rC`A0b
z2LcopL{-(}ck)Ac{}`15M63K@103f<?LoT%VH`h0MLdo$;Kk7JrRV*oX!T7HdAy!M
zK6|EJ?BeQN_0?dAXp3)3{yF$(m<*1yh_^EqZ~^aE-*~ce<ngIP4DI8cJ6Kq2znIrX
zv@b4L%TtFZ4un?JfGED?<UW#{YpQI4HSAZKBQ|s9%JE$M=#%C{2QI)M4n5W;_OZa*
z7%+|ZH?yEAy{5E<(ymT4_EY%4*sq-nxciRIH>gUxJx0S=0QWRBSic2E{Nn^KA!U9=
z#=-y!vyz&@bJMS@QbJlih_J9`N?a;hP+<kSKq<eOWE!Kyl%%B0E|ai0XQIeOvT@-D
zZ$C(zB=;@)@|PB&A|XjCDJfaO0-0<9W6VKgt{H4$pY&h9hJb{4rikg8WovDXQ_wUW
z2SmOAuF=I(0wq*teMNbrglTVfFfnCVU{y{^3LZWbMOmK8I5Vh#w!=<KtDmS_75}p^
zsaX{-t%=Qx>Y5x$Jg9M~?FU0z1nyVI2~_-Tjrgy)5rIV>U(Mp5aU%k|<maXLYqY^}
ziWb!RX{{E&T$4IKFPG+gnt6D8n>xZA@F?%+cMrNc%a*_*F}OQ8>1iwT7Sy|+9E;=s
z+1Ld5NmJjDKi?l1VB@vPEU!MD1hTQVXB<!`j(&!CF|!#~w6r+SutC<#<EDDPf3qpl
z-(P6u#pLL0?w_$M-_*8T5A1`Liu<N@ODH0<x9kI$oJ2$+kjq$V6QfI?IvmM>Xr6fu
zzMSKC&@6EMAttbFg=g@mr{Eh7BXR;1dDaJJ>^tfc;^(1)n##JOrKNN}RaUf4ln`C$
zj@lkU9*>3eMPHet7%H9wCM8*IZ(6u*C~nS6Kz{%>7%SD5e|#RAbjR;TusK9DQa_Bc
znb~tb#OUnu7+8fiX`j#fX{j~T)T#z{42oc02Mkzyq7Yw`laf=pO(;(dbyR86aImpG
zzue=vAfsSr*482mK7;9BS!pV&GMag7b#?I#_rYNe5%lP>fQ5r23t7}w*WQ(p>C|2j
zB_v}@{cOh4J87H0lI6t_ZnVYD&+m5%foct7tE!{(ZK`sl(H`kt7*037Qzs`{5f;08
zql=PKeya!?+Wr*NNMj_*rd@6i;t-p&1BOsy@C0DvdfuX>81LRcFS?SX-8KOPwmC|*
zQV|O+uE94TxT?_^ob2!87dKluB;%o>75Kc8d~f3Zl$w@S_LOW7h=rI$M0INzi@%M2
zNOOP0gz5UeY}E}dsSF>+fVAgzNRPOjw0dxvt+^UU+M{=B!?->~DsDA8iZPrY9u9xK
zA`;6JEV4|J@@5uSN=a$d3LPH))Q*GydHRJXtb8g@N1@?m8sUiAC0Ffj#n?#ZQ<PZc
zndREP{_98OMK9sj#Hibid*#U{iclG@kql>XU*xteAR{9OvvvX-rLur%5_YRcX>bka
zL(=o;F$Zc?`*>(v)jDKVAYB|_9*z^UP*8|WmXJ6n@q6<c4n1smW`;BL<$#IQinnS>
z>>{44^4Ug#l2I=17>8YQRUT$Gt6OC0v##K2)F?h;^<5)2hAY*W*VUzkg^pMFFwh9u
zeJV>P<<pt^!!W2P#83G4CQe3$xA&}AY?P1qwopN)pY_obeq6)R=RETHc(BlDJz|#w
zpWL`8c=S|C3$J>uGQ^kh?FU(EyI`|Vv>1Iy12X0kP%hsCGQ#N+yOUnDkIeXWQ9Y#n
zpT`Kkdc~NVW2Py#Cd4k`B0xfD<fvtd40zOER5^~q7#T}wiJ6K#>n0?LfAg;2#f1%A
zU5XqA9hxYJEFth%X%>2>jqzDnKOK&J*1pGiPkOxsdI5xKNajL9(M5Qe({SsXRm?Yd
zJZ{3TCO>|Ge&_&8_yzPvlR-?PSJ^}rE%EZXPl~#@-!d}Nw=x9wA68a2IYB|(^*TOt
zPvdW>#4W#m{aWJtR<qM^Zo0G47X``s6mUDUi`uC5yc5?c56gA@aiT*>X~?d`XheOr
zLC@P))T~|DY=v5D=f0pgU}CF&WE9aYtW{P~qN}GO1ymZt2s{*VIp60CY9-2%gO+&6
z2=n(CxdTGNpgwM)#sn*?;w_-IMs~rb1$c0=cnRw$qR<HAq5bXeL8{^?NW&!T{#8E$
z(>*(QvC-27fvc&;IsoB=Hhw5#@b3X%uc02pV7^2K%?h*tBj%ChzDf%QW6MDX22S)H
zK9726ng0Dma~&zDstOtsPMltzm=Q!Jm(QV6sV*!jd2eN9brT7z{`|qo{A<?)fhdkT
ze@AN>IG~RE*e;hq_I8pLM%;kkgRZ;3we%w*3=pff17UjRu{b&_|4B&5`G~4LV}0EW
z%s`p3#P2ra(+4H<?9ax6zt34aDH0ae$IO^&XMbkn&He2aPOyvfP$Q<Ipx~pu`S$d=
zxw&f;B#Z~+i2pjVx6*{XyeU2J@oi}+!`K`}yzvGTozQ?Aq_Vphmzu`(N9kDuH<+pa
z@%z5GL3I7#<mcB9ltGY`mgf30k>pfrTZ)E*Dk4GPiF<DhS8`x-sa#`5d1!6_Efo39
z0V*^CLf*-Vb0}-FEgi^oOD{EbVq!uvKiz>mFepe_%bg4G0)3L6JwJz3e|Vw(Yi_@6
zKy-0)v9rf3E5{V3c9KAmRs~kY!EAV3w8yWL19e=p6RXWsSahfoKp;g5xWNalYybMz
zpFgz85R#I<9n+$TV3Zg+Pv)3~0ekQ4Z(8I}#ba=9fmHfGn|(IQ)YZ}wTU=ahlX*t-
zfT8H`b1y)S1O)zsgoL2=Vu0mr-d^`h5TNub%CGhHL%jzDDwKCA+gavSR4|fJ*Vol3
z+v?E)AzsRW-X|dG8WZ~a8u^=y{`I4e=g<(4&y-c2L5^;C$jG0Jj-CM}gUyAw5+O}7
zqHIyp-747}b*$k`O-)BnNX&pc6pfmys$(|0CiVQs4w(OSTHotF@uMY|cpI$pM28|-
zOZIlF_n<JN;thNh2`vUVzOUaE&P1s(J3HX6c6?&jk`<_MY-Luw2EZPyY;4{Z*aXAn
z|5c11`k8SI8UhMR#Uv+jQMXs=wJ7J_;9xEu*F061NtU8Y0XZd46i7=Eqj}A>PI7;H
zTQ%$G2MlUK;G#i&ZLPA43%tRB@_wZRHri**hmJje9nkAUL0~zCe843TkPZ~a;Fxyz
zbfPl9a&5!UDnp)DqAy1;;D0<DBk)Gv#1uJ>hlj`FWOEdJQ`^u7R1Z>Oies~0^RcT&
zboRsjUx)L}8%!i5A}&hGccn2TRP5wI9kY|Q4K2W<FD@?7P*8+34Zn6NGZ)^G1yy~X
z&m{cZQAzzRa)|$Y8i=|vBRFLVjR?(4OT#Cl4Wrr3%QIUe)+r<U|Dd`NA0vm$?e=KD
zHK`P5PbQ&cB#i3B;}~&U_7MT@7vRC#kVRb?BQ7m(ZCX&=E8LHDeXT_wiAkK?4SH6t
zlM0gcbnBgD*XZlihrrmS3onC%B?`(w4GVM9Kp3-kWde`Zt9`TjnMLW>Q*X_X%kV;{
zi!i<ZrX~KqmHeNNo(H|r#M`-p3`J*duEvltiKP;S>CenGL>n~^r@ge-vBp_jwaM=A
z_gY)wW~F_<166F8%Yfmcr8d>vvQ8`^T&`PPFzkKFobCqP%qC|G7hY13QB>3HG64x(
z@{dcb5J6qE+Nk-b?v~l914=OyPR?@ZN5SgrySmL~0^9SO$I22s3E8CY5pN^T-p=7(
zXU1{yOqcCMUb0`dOpFe#QNmmyUJZ|?DJBO9)G(WG%(>hsEsLioaL+a3k{R9^-f_*L
zS~-3H&u`on*cFiQ6t+dU9Ra7LT2G%!c;k5MZ(D3Qg5KT)-)vYY6bybM&`zv&+H1Nk
zu+JWr!Q0b~h^e@%xWnCpspa}1LgVCGrZ-J+YJ1{dc;9%GGlH}9Y`#o(C|?WHp`qHH
z%j~vreg>BsCobuZ+s<338j6YaFNmd|XB%Dhd?)HhH*zCf=_RCQd}n<BfA8GzfdJDJ
zdOG^NCm7KK0|Qha7Il(^WdUh=*Q>4E*yfas1y(LhFQCQf)|OdR+79V<)X<>NA+4vO
zS^e-qGc-Irx37SbJ(j&#aFED`9S<A32+e^h6QkPl3jZ{@zfG1Shi#{%jb=I*^@=H_
zwi>}A!9jgFZU>9ty7JB@opPv+!_|Oir?C36Ot<$Oaaq9Y?)yzOzbxms-NwxF>|vhb
z1F*{$)cxGW-Q)moG*=Cuc*+_WT#hF6H?}Rb$%6M{@BcWVZMXN;)R2$v-h!65MwzkK
z_ukviV-3&vzR_7H5d(>IxBJJAA>NNY&6U*s8>Z=7=O5bIPO=$doxB^p6G8J7=BIj%
z^xm_PUrSPN8s-{*w(7^1$eZAe@-y1#?COo6wg~=%pZy`Y7YvQF*!wrY{No2q-ridh
z2IL!;j#tc7^$J7V&5nAPRRo<{JXa32PWN9NaY%RV=}8;(X|6JWPX^F@PSC~(1`9Ki
zwJx<2iUz}nF##a!oiAUI>SPhrx%d69GS+^~P*C0pJlE1s41qP)cm({D5|bA#6MpIc
F{{U`(riTCk

diff --git a/test/integration/consul-container/test/util/test_debug_info.png b/test/integration/consul-container/test/util/test_debug_info.png
deleted file mode 100644
index a177999c0d95a407064d4c3953a823fd136a3d35..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 622325
zcmbrk1z227wk{08-64cPBf;Ih8+V7G!QGwUBoKlI2~Kc#cMVQ(cM0z9G!3`&&CHqe
z|Mwo7)6cVaRoAXny4Jg-DojO58UytWDhvz^hOCT)8Vn374Gaw86fz>Tq)>Dn04*r6
z78h5M6&EL0adEV;wljx;kqJvkLQ;uaB>Z&tQpl?-MyDp`80hv&21WRKO@jIz#TQ&t
za<0~zra)U!NqBroEd=}z36!>y_-GL(Jsso`pK4eL?TXp}uLD~h*L<$VMpCXuAI63E
zG6e6&(f}~wucVojLI_|6vCU<>{e)jvJ71u$kpFze@e>YBWXp-OuWVvM<kMgzq_wRR
zDNEL8*_UI!GvK8%XK>5X1@@B|j?$*N3nw-(Y#*&c`#S=R4eRFo@Go3t7r|~Wlp4`5
zXUa83snRt3*5Q*z3^W`oc*bvFJUK$Ba9~6%$o-{wv_5T9v{Kp8Z=y&dN8osj4r+Ic
z-@oqemqFj8Qr@+s@k^3EZ%mV|NqZY5(m&m<fU+i^Os}-J4apq1=%l977f|oPR&@#Q
zWqn&MH<+@jtcOc(s;cHRh>qr^exaU5c@vRp>`-9&gnq?m09#Xk(Dj)!jp^EW_|mMJ
z$}&0gfRw%GJM~75E_BFq=&tW--Se$gIRa2KnTInoafvy57Q6R<6OSoGASZvjh<~7-
za$0<TpfrqLYysA+adLDXX$>ZpkIIEz$K8yjtbz=CQ%6&X8J9_-&vt}K@Ten*EWHM8
z!luQ|FP_{CQ$U=8VhucK%`vsM;^vmgLl;=-#@NWduyFUVtk_Z7dY{}f`^HC8?Rs6q
z_>?K}^UT<_2hp}T7bq+GK76guug8FiJ9B>&Xv<e_7Z3HfpG%q#`mn_Yk89x<iv?pP
zdH9{d!moc&Kj+=63FCnTxtc;hbw?DqP!Y0;Pj4n(dH;N!3}<VEmG)Wi9PybPULugM
z3fV~%br1$O1}-s(I|~~>h}j5<4(YuShz~s~a4U;A4Uy=lxfAIM{Kqb;2{go?@@%MU
zLC(m5PS^-JVm2{6W-uwDbJ%z;!EM<hbZ^6ha4BHl1?Ek-SdnU=Cy4A!0E-YG5d;wQ
zKUIjWPQVpmz4^K(l4*>u@YTAC#twNrD1{9T^ApuZa21RJ>Ru1RIZYFK#n<ScisuOT
z0=`72!G_(Ybe|}*_vuLE`NP95C4#dyRe#Z;*ie@szYi~wn$6W!B`sPmGMGU=#CsD_
zkV9<cTF1GBMH;-Dla!;C!<#ca88WH3?{RJK2Jps*V2F2F8I7<hz2>1Ir24sSgvy?u
z9F#0ILOr5C0<$Yj7?E%KtqM~cWcQYbpcTCpr<G*+lW_D&|E=kO6JOe!G4#Dav@T~S
zohGprmKB^8{uSmGm{Y2ZFZ2C+TYl#ko;d!@9r%V3poq?3KyNf2J~ARatr+rW=|L(x
znz!V2xDMEe$XgPUIXIKSuVodeD<~3ij>3{cqr)6!-+gEK6^k#0`&~0`NM=ArOU5rx
z*^Ih|eladhB=I|MELQAz93W<0jSgQtT#!2ByX2xoarTEip?u%?+##L8>K#v)(rt$A
z)NO}f?cZq!Nd{}TiGJ-3Ck<uBbW(tFL{!)`&NY71m1z{I@a0eBvK7d@uTw);9Z^{+
z(k}IU?<|8-XjZgc-mA`_vQ+7&TAUf4bEqm@{NYgG5cZJz5C%h@GpE|RxXxrrRhP(K
zLq~Q|lV6u#t6A(J(uI{&k~gpR;NW`ndh6QfdYmDZfr+4F2r<DsL5~5Tu~*bmdig#=
zgGA%3#9!02$g4EJ*#5n(rcX|kChvPJ^>NkpTz^?VGfexatGB0VIs5~ALNlMZ6}Y>(
z6RnTu_h(*D&rDs<;@h51wH5K_NY1;=%gruTxNF*K|0p>rVV+s5@KXXKh^KU!<Z%wY
zK8aK%#UKTd7LNhbS<;>LsaEM$>sv5dl&?d*723_(PrU8Db03!;MIVQ6j;;Z3u+ftd
z=@A7n1ki!6-w^k|uHd!fdCQ^3Z9=j`GD|GXQ}DW#n3cPNr^7Um+c-5Z<(Q}08uiCg
zN<p$_@)}#v=<(<mi`LPWJ(FF5F@n+ZjAc_L9?KNVAM+`9Iup#VnCEo4^x9GjL9G63
zb6%uZ9Xd-o1$tyvzGnGmJC5~pC9{X$>WjJOTe=^kF#7rjED{tWMs4*t^*T<-mcbqx
zt>mpY9`+uFC#1*Jw>P&vn2(rYm<gD|3U4^$n`6EDaJKe0nuadwwrFX63YiMGlmhsF
z2p00s3t)}%rjBO@82NWbRG<x*XUbPH_Ha+SSK3zoh$0y%Uph%?%@7=iWP!<tza$I^
zbbId@A5dIaUElvc*lzB=Y9ksNo-Z9N9oG9LIMliVE{?8<{#iI?IWs@@G3Cq)6lwTr
zU9*#{f#%0>g>m$w;C<z}BNjQ51bjS_5E>UoJbVLUm*}(Tav&KJ34BE04{;G>K{LI<
zIF;Oq{Or!J#yw&^4BZ(adcmw%XQ5eAOi@MOJOKwd&HR_D@y_vFCCs`&0g4uyNAXB4
z1z82h<F*BY>iMmituM~Z7ftv3_dyq?Xl+Et+H5gKNh--sj@gslE5TYs#jJ9MZWh%~
zCS#j;VadJ8y-U5UY1m5KmP}#k8Yx^uH`}M%9ox-U4Od?uSe|g7jcVjwWG`cWN>(Yd
zrEMmvrE*YS<0qmS7Cz={=KIT_$qL5v#FE9W#e5!@8R4T=!_5y{O0r`9r9Z{YgGUtZ
zlO({rTJ5HROU|E+V$L#R_bZ1YNVRZA`!T4Fb(y=B5^SpEHWv1w?}Ms?Wrp?I*S0R-
z%%{wx>?G%;dgghZ4hye!)VXj!#_R-H#%0Zeat3Ygs-=%N8{ECz*0%n7w#^M@C#~-6
zN4jWSXqrUVFTcU!`q>|{^QtV{uO3SPlOWW9<0Ye7<N2?Sl5IJ*eTjYfeTF<PyawQ3
zhlMqnG(6Ofhf8*yUgLzvgp-LrdaDg&EUHYuSP#|->&mSKO?@VBKME3_HR;;u>DI?J
zskhWNGF6qCCp}j%w|2xA#;=#37g-g}6s@Q{81p*bl?$Kx9F}sGhL-}*2u|BO$3GgX
z*BiSZ_#ZzXL&mWr0Q>hT53Zx4H$i<!on*MAhr)0Do7(%c3ko!IJzPmY(3X<`zdLR3
zs#fMQ-|XIi-|S=b4g6$3s3z)s_v~`!`SYRyZv^j#7DGvsM~x&RHLIYlU~)HpcP+6g
z@l^e}a7i~^k0hY}{$|2DeVV{Be%uZyFQn(>vH9V-x%z7Jii!xH=y92_QMl!`&xMkY
zw$FV2CwVOv@Q03tu0y_$eLF)3rAk`L`lbf99S#BQ#nTnF7rd?OZ(5IAQyutLteOuz
zYwLad?-unO8d+9uTl^j{!DBbAT_0P|Bv)J4<0htkGCv0Fi#`U;W7PtpK)R6ES55n2
z-EmWeZ<I>|cpuuc=R58cGPMl%YC|ofADbbpFN058!y;X-LswIxCtax&N7>Uoz#d*h
zCQtTrwI>(fymRF~5ThY+r@%uJ*f2e}Iv1{zx{`Ly&bRdTc0zFZqrGXisq(sI8{kFd
zTJ>aWLwQ7*G}9D_6}9Kv<wp;;xvam@``I{vM~sJO67_|X8#N0%I4%y>(-k=dZxbeK
z4gOP;k#|N0uGJ&JDEw!@=0S>&+%asCw8Fj@j4zIG%^R59U(SRZzhdd8NPqJ1aHOaB
z74BZkPKrI_xm3X%wnDUxV4mrxIiEg)p9>Lc$^vR%Ud`gZ+E(Yyf|{o=;pW=17K(~6
z4A49>3_R=`7zAhz7Wx2TN&YP_1xp75_gDEV7?==i82G=}QG%v_elgJJ56$0FxbI(K
zkf8r?p^s<QtAEr+rOAT(M;>ts`VB@@U0hZcnyQ<+n43GeS~<GuKfZ2+7N9uE=(xhb
z5K{knU}e?bokQDSu-4Fa(^gavFm<$NF*b8FF=z3#cly%~jF6`QG;43}W=!sBZ|C4D
z;3-V`R}BGZ{!cM0CHY@f+-!v@wG~y!#T{MD$$41VSlB3msO042LM~<&0%{Uce<z3j
z6Q;Csb8`}4W&QZ^Bg;ol7DpFLR(5`VepWUPRt^qkXbompF9$bcPi6;Ks=qbzk9H)?
zT}@rAo!qP)9mxN*Yi#1^?j}r0`KP0Q`~7X4=APF7?8(9P@6&=#koC_OR(2LP)_-do
zN-FfHR6xbr)7(x+!rC6XX3#!>?7Un&LVpqbU!VTj<-a4<{wFC1H$UIMC;fMy{{N)!
zUCmv@9qpl=x&i;WVSgw7_aFaGD8%|_?*DEr{<hG6l|ok<h$_VTZ@UIWZK>?0gl^<p
zYYAlyXbNSsKR-BY=!@=eDKrn?=}+v0uL}bs0wXISs^JNHtdC@bKRX9J5T-z}7LzGb
zBS0X4m1M$)B?;B8dXe$V2@K6K5miY=E-G5cP*$z}gu0-Ts;wIS$qkvh&TVQqpi_{4
z_}GGXan+9Pv#T*@W17!c^ZMAx*viB1hstKxy~J3#zP`SNn8rq4FE1}u9i5c5#Kgoy
z<|UQrFFd|6+KE@x)YQ62kIt7D7n7G|5$?;=U4B_afLdUDb`Y2XYc)nxtko+*$c&A~
zcY)>bn0n53&eRqF(Z;&$=;%nS?m`5AVICF*Tt11W*oz=FQbqULFKqg-gE2`hh$8_F
zBe&XXb^yO7yR{mYxnc7)lc#gI$84fsE14(Db165AN0wxqdpbx%X(|I-#{BnzLg3y8
zPmrls1@E%uiw?+9hu5(gYdMg`cjSal9CID#@M6O(QCj$#+&I8k$7tAZ@+&Znjqu$v
zdk&^cq@dfy$1g%hKNG<&fGcg45RUom$S?jAJ=!&xb0HkKTW~shq#r_nLYQ;Iz#Pz%
z)TY2`h``+V?F0beumzlO1b(!Jy+MMIV+r3o84mWaL}T4d^gT9#9<wlO8X&6CXE-R{
z3(~b@`+Z0q+3i(T6PNnpm|=cmWbQGhddGmr+^A}?jGb!k#%fk3(_8tE3@>odVlz94
zXv)!R#=&f?hN_-tQEIcMwKh<0hI=;aWt$}E+SqXNE61=12=^M+c3;f!-CQx+Ve}&K
z$jmT1^QOk(G}=F{3B%k$I^#qfaAdYVF?OH(jotW1kvN&&yN0gEMc_~a3M3{xJe<ip
zJLIH_#qy+9k&|$+HahCq^yxLxaE(xdj2(dEnA6Ug?1qAZ0v`uQw5zL&U@Tw)jYK+{
zY!+a&d3L5ODk`cQ;`MYac+^km&ldGz+|<~Mvm<8j48<!^6cDdN$T8T{@xV*wQq|Ky
z4hP;Jes&@`)B!Zy|0HYtVV^r{muYTyQcGHE&@jGb0#X_GY8Z#GV=nBOjROxCfMypP
z&tprx;9i~u+FIZ}>}uKs7RsJtKj37dYaxr&>ll<~`BJrWk&6L2|Ey>idk?Oj@8=<h
zGhEQR-r^ZsuEp{KdXNwBEP`gLl^UXXl&U^^_XGSz$ikMJ080}|5VH~E%#+l{LGiT=
zzr-!}8o$9Bq2&QWZ}J|0c0yQK*vBR;bo3c}A)bAs)#FA&l>lwfu#ujMO4a~^&i*dY
zigTE1eCw<KU^b?g9lx<}B;KJ{TO<lNi~~3k#B8PmXcVQr6td{=VH)RHL3&)I-M(ON
zbSBfQ>!JbMChlAq+1_GsSU@Iv!mcb<txUaY-$o;tnu4o>diiRBwSIN3!c{?JuB2cn
zzYUyNZS_L5k(S7@RvT_9Oy|&ueMkHj5#2<1mllDS`_WjJGE6~!B+v!Cu^`^Bu8*!+
z1YXxTtkozvaDsc>%Yy8Gvh+JD3Hi?r>s=eKt0MUv(;hC8xn+}@b2b#2f){FlK)?^M
zGs$&sW;5$>HYQ3#Y!;sT#DL!fBH-!i>DnFUGCMoFWdt&rv=ci3L?z{$&jMXee8YOo
zCG|HqGgDDgirPsFKSCcAL-cxgi*RcUw+>p$LKBEt2)O-xBaXEd!3+@G@2Odd5-|G8
zu@p1nwJ+9v23QUe!aa5cY>)04I#_}&bgo5(!Cnj}SNFzo17C%JLWDkB0}JQ+Y|k<5
z(ZBu-|M3%ODfaE6<qs=fa5rQDxI`X-bzFt9Z?QgdJBbNq3SkCL!13=Jr|<GK4C}3h
zXp`M801qeT?Evn(9ahpNBvzF}z#|br<T?|UenuUZpUip6g(X1Mvg5gjFV+YUHt@xp
zvtl2Kv}~Md*mTRoE_)!uZ^mZ`2!`>o5GpkVZ1vNEK$$hQweDnFp;1wDcgj{h)jeS1
z{=h51P$W(R-yTIa={j#k^KYW1m=Mf&brkHUZGFJ-UV&I?lC9{r=BPWsZ3Mfq*Ps~D
zV;9X+5c<-n{h&DFmRUeEsrk$wxnP1WirM)F$D!Rx4-YtmM``fNd2F5W@OaUZWI?RI
zY<gw4%<o#Xn=gCV_d`|&#GJpO>p3@lVC1=qX=sr1`Izzg@-9TkOdIP_1h6ccVJ}LE
zQgckZEG2xmA#`U7jzJhZCTbL4dlJr#gaosHHc;B{d4_WF;Kkinfx#=JlZFA%vL*Tg
zYpp?@DC>MR&`x#S-^q{+ZRno78hshbVIPgu$`m}9ONL^<AAJGGxUCuj&+i~j?Dec<
zzubh*e>?v~noAmXlX8=V0Z8N>b{1|B(j3elX(1ms70>7l7`(WjjOz7P88?+A1zLdV
ze&99cV*2R-+{mjjx1FE2j#wL_J?<lzAI~4K-0wvI;NHh7$-p+w+eKR7ix>cCu}%)>
zXBTm@?Eg}<w_WB(MimY4-0b0LS{3qN5E1leJ#Tl`v77;1e-<*U>O&IndK)87I>ZzK
z$qeXuyEt&qFUlJYaHn$(RGRxNaQoTbnRMub<v6gh*5LVB)ng90{Tt2q6Y$-3>_mTZ
z@?F3nl~*_L`X`xN4Rb}1|4cT9DO?6q1oP5wDj=QKSCE^F7--PN&}S<I*bprg4e(05
ztMl6r@_%P{vT-&Dd|V(45K^j3!RrrZ7Xf|u60!r_ScNd*_K!b{l7$Uaq8*NRnr99e
z+hz`+ym)?y=?l5&O9TmNl3_Iz1worLwLE6?f2X`;xvtGRbZ_($!g`)?Qrl^l>1Uc*
zy#sj*;j1QV=o4rL4A<CyJo#}4+BXB8EQVyx){k!)b$SK#HD&+6yR^e{Z)nQKY?;XP
z>$@A@3+RuB1Pc%T81J;=%zVj?!`pgA{BA)yfQ2gh3kQ%+u*UHe4jjqeP`Cti+R#Yw
zi%c2#dXa7S+>wPO;OYAs)ZepCutb4H?3<O#0gj|Ua+?F%kzZVldt`;2<fb1%SsnMu
zJQFH;UMoxkrY3qZ8@=xD7ej>Xx-gI2=R0(ee1m}>0)7(J8H2>h?4KZ6WLrN8QEp;3
z{BZ5lv}xy^4QpBEV3&&qR$eU+@aZ5m*4jg{jcFLl2PD9A4DX4gfiKP+Q8B@azD^Jn
zoqcJ+BTG<L&_EFLW7eo$kbN#$*iQEFF|Az|X4uV7)>^;q3uDj%Fd6`vuz+fp3uB!H
z(SX~CBOTs`s%Qv`eIx-m#N%3;<c@n;dJW2}%QR4pv2R37M!OvH_P8gh<T$tTp$*oH
zEcdkRxk}jQc5;{7=k}OGZ_g{{_+6x#g@u}~?i*4*r%zD;kkY}yfj0-bAPaCGj^B4u
zhOUQruAFfeP+^K~1jn(I;^Nfw?Zzm=zsRz^sJ8G2IOm)F1>Z!-iF3yA*n*|cL`1K-
zzDmG?^xQ$2-#yeE5t7=DZTjY(8%Y|q(?nXsWZK~95Q5(5oMG>ha#Q0slN;skN_I0A
zx&9tpMs&N#yZ<{V@@nA{$&Y*(Sc7>Q#6de)y>3BbB~6TS0)@pe@3C5YyI688@CwoL
z;nIBgETBOr!S5bM$Bx4GcHo$HDaJFBj%qy2J!=H=S}%Uo>okaYo@(5s?1y`eV@&Y~
zu<^%9?YdpaGI>Pr&EWEqH0k%+TVkw+t`;3uH)oQD7)xRY@f5#ZfkDxXn<|i9^iGwz
z&h}`_0_L)`ATG3}$I*MJG2_xodn`_L{ktdZsEV7m*6-9b@pI>H4Zq_Ym6xapHa0vw
z?Eg5q!(qD;O74L@MY;Sf<h-UiHX>PVAH@6H`**JUSQ@|jj&e<Z_G|MPbai!g>-7%5
z>$~*;TQQR$M2sTQp05IrI6349h=|rat(loP_Aq`4n#pYOaiZO#`Z_6LPw*8(vY2SS
z-#A>g>)Nt=oHR-`0yF~s(M2qkmlzn|b4$h9;D8^837&2`n82BD16-bCuPS#2Vgek`
zeFA&U?P9m@q%(OxCp|rH>WZD<75Ir)fVLmyGdYGnqWh%{-V}Za7=|DzeS0*czXKdf
zVl=-@&11Q|P~RE;{S{1t0=X)xOo$9Dwrd$+J8j*5mOlmUJgc8}4v*vT8N;A^JyVPa
zTvr$=DExW~dQ6XhAW8{{{o9MyubTYIk>iEtD!Lz1I|3Sd${hiDJ3Xte`WYKYt%sB_
zQ_}D5W@MF(F!d3w$P0QLXSt5?hg7s(%GoS8FxT78D@p6Z8{=$CU@r8#erPH;=g6hT
zGNDAZFs55;cBL&h?952zc2r_cZB!W!>Q#{~)>TprVSaCX6Y<`RQS9}o3vG6<Cqq6*
zKL%d7w;HUyOw|{f_Kmo&stq6BCpEe<9|<%|julkOR!%A(!`XEio-po0e${1aEQC~<
z+Wb^H_1g85y#;M0zoH?i;@q(5SGWZ&zHHxfMj=Dy-O@DpzHUEJ?HN8m*!?XOLq>kB
z>qE0FSvz-)-ObZ(1_?)4<VJ59T_E`}F!*T-VA)_l8UKKtJ1zf!Z|X<@R`21?*0zN8
zOw>KhX|KLdN@JZ(nz8GE2T1I?;q<Q=w~Qhu%-AEW=I59{FShl{!J8zpPnCjRjPscU
z{(=gf(56w~w;%N?I(MGMPdjH)em?ow2q<gvg$&&^LU;D2@nYKggGBtx&JoMn(2Z8G
zYsf*H$tRCg!vN3X*@#(C%zAtKXT(G--oz%vXzXF(y}iB3sFUUW%z)=?px@&}Fp)tK
z==u412hzqY?`n(NK7}wvi5xCtz}kMTMqF9zcfGIrcr^~P?)i!_)8bA7=}KwO%8Efn
zMZ0zx)1KmIWi_mR7co;P!ML}>+x2NX`U2sX;s02|{x5?2MjW=#(D3*oPk(akO;c<f
zzrpeO=vP6nZfu5daB%QnV~ae)K5rjw$<u>xCkhmQ6lql&JWl7y;zeNY!@ppA$MA*c
z%$MoZa<Su#Ncm1pPajMTx5PD?NM`Uk2S$+zOA)6K$H%z_qN1U3mtL$R${eG;3j9P)
zj*R@jNGx$+bZ}I0#KpynGbri$d*=#ceq+DilLl2n!cw_yrP2jI7M!lO+Tv0ohbc()
zCZdEJa9WJeiO2WaFE`LrSI@LPEXKQ1hG3G)<wv4p<GQ+;Nw|G~_rDs`UsEdNeHHoz
z`Ma@pG9}$ysWi&P1p`1z8ndv3Ao;3Ty-;bU(b2H|m~${v+nx9l>ZrGj9o;TFvMzV{
z2~yMY7VIZ$OUel4p@a=Y7g|$LyvtY<jEPkG*TD3jTU`|bgB%X^-tkFE^HIVr(-TA_
zgAw905~YYfIKk=%KyCy~C?CZVWy1}^o3-bfobgJC2o%A$`BrKs9v%$_cZ(Sm#d!Y;
zp8s<QP<8N`6A6~e+a#HiR!YUhgfbx^k<Mk)`Ea(B$o*(;R7~khn!!@@-K<s;H8pQ`
zd_2VMcwcpBcw9ZNcZw5<ow)da$udxKjc}M83PdC%b;#ol0e>}xxutnbB_$;$nNafg
z@88{eB_tGQGL5OE5>J*J4W;EqhK8nWg|$lb-yr<YRoP!tx559MH7F8puailM+e1g*
zo7o0wvz^H(Oh_V3Q0od48&ddHK&2P0YT)f(uka53UUkpgc!q)N3nj#teqx|h_fg4x
z@98^-94kWsGe7NqVWgdahKgH>KDN(a666UF8-v%=({ocZCMz3O_dM?IExVU39&%`&
zW-Nh+2VUnZVxpo7iYl=Rg9d%b*jeQM1)coYL_SFW9A1w2&f*|bU7pKb-Q$i?Ux}1>
zEmZTsccR~F$PCfh{T>8lxYT@UvTAw9kcQ7yDESJ$bgE`Qu4kZF!k9|-4-bEC`3jS0
z8x<CoJ?MQyM?n$Q0lp=91M(MgKV8v@!;_bn|5d8oX*-PhmQO}fvb(p!*0AcH@m~?j
zLabNh)ETR-^paf2f_{kRZ)A5r+dWzyC>8z+>j;nMD^nG!N5|l>=J%`7bG_V8@GI6}
z+U}j+lTV06er1XM%HQ9A=66{w9fLslrK_?^-BQ#W?r@dpqHqI!*5)!MD$cl{N=g4J
zT%4bg$E;AtZZ6Hde2mPbEDd=9O8Ly?@tNBj`T89alAgxf=@aNW3q=6sgf+ERi8`U|
z_ZwYG#Cc%WWh@pSKvbARD>cn)$eO#C8IZA5Z(FE(A#m3gWe&v?OEw7(xBrjW{kK{7
zSsy--60UglQ)1!h<!ID|#P70iXpL$H-W^mp`kC0jrK5Qih3pd@J-D=)j-FP=@C7u;
z8Pf&2We%a^%etlfeRL#`LBf?aF`+Uvq@X3wZ>Ye#>K2FjeSh{g?P`YKFo$|>tx{R&
zUqO=3)1;sCB1qJHTa%~#lD&P4NusCL>cNbpwl7U|Ep7hoa^^}&{W}93P=2#69Ck8$
z3l$J2M2g?}-853t(&~10=(7>Xh3SF~(@<4K$Ho@Zwp3@!TGq>HWf_x=`Y&iAkrVOX
zX(W0$IW!q4D3iFnzHRwa*}#Gv>I{N?t>Te`DNnY}P@3YRu<w7#Tu}rvJOYBMiwiCS
zBK*|lS!edc)t>rR|F_^|ZK6(v3!Q%j<CR$9S(=VMT;5&*+Yxt+xbh|Qub1_XNbBCr
zPV3RAXN{+PmiCvW7p`+x&i9nb{R=?r31A%^9px14WT273I*>UlM*A7C<-8jWIuN~1
zwhQ@xWgug3;aT3etfg>jb59u>fNQ5N#_Xr_rf#RpoqN|?l^Q92L7@uD!(!w>U{p>{
zPElUbC*1}+*^evEA=r51S!ae{8U7V9ug8a_pwSIr7gMO~7nl1B6K5>ob8;x@fxrx3
zzqY~k@#y|<B(%M~OHaXJj{jY=W9B`)m`NagvAlS=T!r+r@pHTnQ}mQa{$xhxt-7&?
zsy=DrJ@Y@tJM;Qg{kP-=z6RnO(2JD7clR&A`yG7-hKu8~MhS(wwS;#jIoxDwxPRa;
zSj5xwH8qby9!vm8z~x<n#aJ4BZ*R*DL3rbTdu;yjxJv_S!=*pslEM>>e}rF#TlIwe
zpy#AsZjc@NM=L*xzlqpW(cE?#Vb?2Jm3GG6`TPIy04#1yo=Jy>%{ig6PrkvTM|l+}
zvMNSSM;H2rS4p#1BH+<y8qxc1^&^xQ8au=;H2<5t@Hv1O))7DnFtnwW3lEc%chi^1
zbrJ}061=>ukdfO~BBy=ka7>p_G7~ZTJDRK5!;5@%baNID7Zyxy^J_m?XxOT|+k?|c
zEA-DjlqsP%$;pfcaEDndG2`m0`FaWkBYsu25_xUDov*Isk4Y+{oLwHmGyPoWr=hE9
zBYIST=9o)(!R-DJWcVyEi1}h_eI>E0fsNPRbELXGJFlivOSp|kc#6`<EFf1?OXoPi
zBWG9>Dp$+FbaQH9L&eU{!J&plD=fUaYAoAn^B0sQ8T#|<`#NjcEL44-YY2FO)ou0Q
zW;X0d3y(M&<F80nk@+ZyZ1mD}mq9U;V~!Rc9yy0=eK24RzCF3_KdMw!jkTm&U2^VH
z+o?nj8%^b=4j^E^xHAmM4n`w_E`MN@*<Zlmg!lP&FI~Ca=O%|nG1Ug6)#D^De>ic{
zFrdO!J=g8O1j{TB3YFa*NrPw6?JYnNUzq<k3AWjek+UdS0zQ$dtT8a1w~APjMho&A
zw37r^2l=t8>7Dm)#&=Wjr_Jt6A9a#&2Zxv<ZD~~poRcSKR?-hiavJ^h^&gL{O>!z5
zS>5ec!de>kr9}PbI#+L1WX6S+Kz5Lf=e15z-g$QuN|`WAVYUq4z@QV1c~f`l=4Lmi
z-EEsVJX;cW=ic+!8SvrSo5Fng#Hp2}Jx_E_)$O;hVq;aWC&W$Z>FIwtgtYtIO<f<T
z(+dlaI<#tJJR@H>x3FTgJP@|RLGHJ(tS>etJ(g{9rpCvkQ+XYwIu5BD0Eq$eP|s<q
zn1ZGO1FHZNCwoSKDdr6llG=wX)`SGF>DVW+rSweY0Lz`pmJz%<dd5bYe*OG0583CL
zYA^D7>%2AG(7VEWZ{TC<wv!b5i4t>xA{h1H?&P7)+0i(m#YT+0$(bC17b_=g8wOS5
z`9Z3f7w0{L5^MI8cyN4U;U|~IJ=N3Gr&Kmpfj<fm7vAA5TTDgstw1Yo1d*Q-fc0t6
z;fKb5sasU^aOfBrb2%i<MBpVzuT}7H;pmtOK8K6!Xf-bz<j1dY$G7>)(+SNbU2>o%
zq;jA}UDG-O97{XA4j$?}#?Ca|)&4EkvLZ^(!5=uLKIu)GpVmWbwanW}XR2I46|1Xy
zCTn5>nb2-I$kC%`=nc)<8G^ZcyRL{9peHh4*V&;Ytq@7(h7_DJKber-%KYPM@664&
zOVHs?dSFRH!44WhP)xaOoAo5~GJ9*kRQIby36(nphH^tO?LLx*x_}fU1z@`W)L^$-
zhSA_K`xOzRB?XG}DBHbZcmPm27475wy~+S4>A};Lph}#@Xpw=$mwpPU8Rc=ZAbK<h
z5$$}r5KM@Fjk98Vs#mO^+M|KLU_D)^?xcb|ngOANJRVgpi5j`T>?6^$vL^LM`Gs;2
zC>2sZ6oK1o$ANmQ;@*?<!-*4UtZgc_y}h?M6f>MWffeE3@>I-M<l8^16s&28{Pu5)
z{GI=tcz~;_q{{C1Q79sjbS$eAU-m*H?<y5h<qWfH=BmvI6)lkW(7w~9XG!@U4fNhz
z(}CXa%94c{OqDcu!o){#swz_}g4#(Qd8m&qw+4G?LF!1A%Esx-Oa-sTGRl}=w(d%I
z)o3SBEsh*sxQ&KOWhwM3H2!`f$n+ZPsW6izFQHV^N`a+4k7U)U2c|o?`<i(Aoy#V1
zXCX4oKj8cS=^jI&TI2$mzN3#{Lrp`*Iz)|*jY$j#%{2Xugi#YHeYF%NT?Ql<+`NcS
zu&%;<aI8pM<H1Ne7n?d1KD;0D%QkI_QS2Wbh?pZAq3l^`(b&d{A7Pc6r%h`#vm;0%
z>beWo?7TjCa%iL+%S^R=*6dHG^9=t>yI~yjg+BQyN4<ECu`ksH2-^$Rd~><1p(`Z+
zK^Zv9F+ia@Ls>ykZ@-Wz_SC~<K<RCgt^10Lh0<Vtwl6=81bEBz@P!1vK-|?r#dyeJ
z_+BXXLfK9Mg$giJB3Hv<{gQ_=tETrOG)%w6E&E~%Q2%Cp``7qnD!0pt1%ey~q4)K^
zXb{r6EIBohXG3-9*RSdt!Z&Z^;%F4-wtGLW`-OBsZf#3%r}HPWw-DThv-IeASSqF{
zNcnw}*9^~rkPEP5!ce->w~uRHy!y_43D@(6M;hBB)|%oZke@*_8&6T!J<-DlqYsYS
z^|KmXdaHN!c3urRjb4*lhD<proR)KM*{cJ@@K<NDfZV8<Rd1qcrazw-YKI$q;oTBZ
z(m=srsAX-80SY-q0{PwE)^jH!mNectbZ|v}pIP=M1P`Sa&}=G->_pS3b;D7^xKJM6
zlCcyZFxDRA&dwpV6_S2CBov)Ynx%T-yOGLisH6*XDymyyhbef1|6<^z5ZxVdiB&2a
z2;iW%-zhe3_4Z!LQN}KkNB%8V=6=+0y%B=8Kg>#`*Sywv#_cw(7-V&|tM~<tOZFc-
z{{LjDKZP>{@Yw8=tXyKO^O1%8Hzs&=91EFGzHM}sRbQrNYmyI9g5P(?g%28mP@|Fa
zEVOvva|FjbZ^vBR7jk8a9hMe~@!;U0)uLJ7L`Z31F`EAqjXp?ZUF3(&H0gamt@r6O
zSZe18ZksvN%vHjmYnG>cfPY<zE0$H)6tCtF6!DomF2ucQ)%@|DHZ+Xg*x7BIS{xdP
z`fY<xxHruk5TJOZKBrn7{`Hvd0SvFQN0_9RRG|NB8T`(G$&e^4Om=+S;?DZ4Nj0&J
zmNTPH70O3Y^Y;33xKhQf4#)ZG{$h*E_nu9_d2<H-&DHit4J~&la&d9nFGcQ-r7MD7
z+U8E#SUQ?&9}T3YFbTNNiwiTV7}d2HMO{dW_=vPiUelWgpqAfXAT2dH!{z4_%WFwX
zN~*Sc?5Q*kx2T)+NHE{cerG+P>f4}WmP~G(rV0-Js@fxA>MN8($ULSATl;vld4GX5
z-4%q?EbEB3iDz|*Pf)Fbvj%*5QeSFuFMSVwhJfh>1&2#2S`Zd&W=ryS*O(ul@KQM~
zl}54g&aCjo@3_LL0?bwL9-Tg-s-^Fa7Yj({O}`Tqri@D2FZc97q^Qz9dFyyAEOwUn
zw)`~t<hBz$<n(5WG41II-372Rg${Bj8T}%WOXaIM0>Xyjr{Cz#;qX2=V)DMy8}}Er
zqb#r#4nHBuSAe5cOyF`j-w4?#t5%h)OLE1n&%FOGFF(9LNHlP;Fi%{j)&S)z6*%O!
z+a(fwe0+r$V(!2x&Z%-HiMfcpB#ZIcZ08X4=J^tgSVEt>LrKL{uGyQvTQ;-WW__g<
zhuQwg(bIr{C*vJyMIsYZ(^<(0WQh3Pn4sfyg?_8eQr<q%e-UxQqR1lSj!~B3>!aq*
zwYU)<)T%tNqZ?<TD_9+HEob5m!z`G9A+Qt8-wjXRC)t#4jmpUC@%gA`<wpF#IF(~B
zx9a(YC!k}rL3gMg`!i!jlbCSRNCOj=7MebOl9D?7;bko%zk||=l67?QAlZG$gKF(?
z9DPT6c*FbWHd1?paPm&q2eR%nRfK-wkHEg=LtH!v0r5r0DOIt7O5UxIFz+|QrzbMf
zVO3K%4(<qBB{%`}8f=p0AJ}-rC`Ts;atgh4xjB@@T9s?wKZg^U-;bx2XNKufQBW&W
z{q+5!n)_8<>Z{+gvUwZ4GT61`=8rw3D96OYQt;A#XQ=z!bBFosD>=Kt8U(fFrlHH*
zTs{Vm$oKrY*rQqMxUau&YFb%Xo`NFV<0hc$cR<~CY2|Ul&GF(72leCy`Q~O?tIas&
ziR>Bi+tk$x+trqYQ*d9-xYfhuP6jQ_t#W9=q$1uRAWy&?wezS=@|U*f0{L=w7xHak
zUYjage=rc?FzVynSP+9tPL~U}ZpjN#EH0qUK$23!QJUNu94fY7o?KIsWjhPtB*Mv)
z3sNW+_@q+06fqM4&k2;j^W5$&lBc5E=zlzP0A$2dSyopL37F*AOcl4ae;Atys(R|m
z4jy>tLMiT!=m@?!lGZX@mCnqPj(qKpNVV~heHHwPvA3552|drYqJ6A_^Pd)1YXTPN
ziA~?znim35PQ7M=Tn@9Imbf$<zC1$?Dq2qq0s~*QY(*_Ieo1U7bo%*;<bBZwBYrk#
zG@0)?Y=n%NSsto5B#nmO|M8%Z0sV$Iv7sg2nX99P3-RLpf8r1QMi>1F3KcUM%c&*l
zpZY8;h$5d`Z#NshIfM2~20Z0TPgSYCcZBeuntN%UiUr^oD{e+A+Nvj|qbR07SqVtK
ztcg}>hYw&L4j7v8p6u+npiSp9QFPkA9cpmh9iawfhR3Ec9M!t)pg#T%!eYRC&{`UC
z&1}GoFAAv|c+ZuraZ}~g6$p*$KA*+Fl6n4yZI^iaDzfdo`>M`nmO)QzmBrAh3&AZV
z+-W*X6t3M70UlA!!h(iW&^unU+(0pch}A`}(M?DgyXvm2%XejF&JvN^YbA|ry=+ff
zm6$!YJUEj;j@g?l`@GkwVrsbzZm|w>lpgPuWuc{5$8ngYqHnU9Z)vEsI)hX!A}N>F
zdHKE@cPt7w(f2gq`5XQ=U{j`7jkQ+-4PP^5IwjePTZKN&1wJ|2i3S(1+V^T73?Pre
zEmZO|DA#ysRKIU@SpC``MG6hqv5uwc>?OG)Zd_Im(5OTZGP_Ikj*P_J!7VQG*U7DJ
zJ=H%~%2o64rMd1;IjqtP9lxt)7i!Dsc$Uf=EzHa);&aJ}U_mjVT=;0{*Bq)@dgN8f
zbF!2)4a;~lUEB{f6}dWe;N(zIRA{OsIE!4!9};34!?!KXWw<Fqa~!k+%4FPI3W-ie
znX~p909l<J!g#2+Z3VE`_lm0Vkvl&|Z)3H9P9kDGt~-v+>I<)neKks6nJ)R{C1>cz
zC>?naREg9#P>jAhDAO~Yy&Ux)0`w3HO%Ga!B<P!WISs=ovu>4r;;Pbg*ZsL47tj=n
z2{}VfUx+ni?#y#tmHIuW=a~D$u|wyq7V=0;;c#>tY7>1|!Lk!66NV+sC-ve9Wm7TT
zW}9HLk^Ce#bqWupeZas0XMq=&%jS&rbkTeHpxEb)5WrNx3;2{C?)+i^P#D2-nAal}
zP3G6B?g2&V=!)juH$&s&g|KjuRXzKmyp-#{SIp&blSH8Bd(*<}Ssn`Mtx|jcaL|8h
zOTZumt7`NV#J}B;XY|*ufDH=`&5~zrme`Bl#h=J#+Io-?lYr?fvJ{tL)T+oEDPs~i
zdg5!@ctM=#7@?E{RYm0BD&yh}YdD3M8`>9&2k-;hWf@stYCSKAY{F#gHxtmTe|@i<
zarwg9I?=<K(>`;^Pb%P+wX*UdmEY9@A%C}d9Q9j4_{@w(D(~6*$CJi&h5AAoL9Zcv
zoB4)xp4&ys%&Dh`D`AuS+vT$?+sgLDSFa-d1~R6gXGIf{#GF=VYwfqG`D2)`-k-R7
zw4_}!X!+LtQx@D;(k@v`F^S#2CJ*+6*%FD5R?5)4uuVTm3tK9$dM0}?t;+{9eBbO$
zC=pjczr-p4SNaa(9-P;LfCY+3b6NuNNBH#B`aQ0U2^&%rG#t2ddeG3-76tV<g;N1^
zKZ#-tJpJE5VH?MPuM<30pCzefuqck8)S}+0eRJN#uA!DgIX*i%lkZCOM!*g}AL?;M
zM*<4rguG1Xpf~xhSGMUjKmuP4)bC!GYF1u<(Jc?6qG5S(VK3LI?T7kA&Z8s~7$~Z#
zBuI&wNxFzBRPVZ53YI7sC_?=ZgOp|i6$ab~y^DW`(dvQJaqtT1Tykiqa^a39KaCj^
z66OStAYB4{P1G`f`9rmO`mcbm!$wFYFLh3en8J6HvQjqgPeMn#uS*IkX<W`__N4>$
zjGVhcDwyBiI7m``_gJ$*TdaGZ;&vXCs)MWdBLP%T1`XWJt!QmCOisL~%%v4No61Mi
z|G0Ydh%pVl#F{q6Ya{xucl#$ty~0fze{K4kD5^~Z{bVyIi%(JgdkTiJIRB|}phW$u
zV?!06Y(6x#ggP}qzg4#~bP9T8X*1nY@3CcM0VEYP#^yB<gV0k5sm#AX?$+yU?;KDu
zF!ITQDhlwNyW%q=Lc_k^5&Ljj??wC2yBa1g_YebpzfkJG9+s;8J~vc}h(V%eY)k<)
z38gC<?B*R8M4-|Vl<!-@kt+oW@xDDSP7>{S*cBxhN!<fB+O3L#@A9?HUd_Vw+~0fJ
z%$22hEA8ZK6%q@2pr0(&4^z4_a1iOc;oO{oM9$zU+j*2FofOI&7NyCEmGxUaX1&j=
zUQg;`zFnxaOPjbFf|95Y&k|3z8l7c_kj-4J%<}jm(iPccmSSKxZRWOHV(e}eG~nXd
zZZ;KTtn1s~b`h9R_HS(MDaz`<QOk`W`QCUYTjOJ`N`GRIE=CVJD^#nO+bC9=g+^19
zk3}G3tp=@Wsa`Q_+85y_I2u62uw-qBqjqT6?0^c_f^-)27AcqKd3tL6?ZOvn#xj-A
zqZ8RUno{b<+=JDR>#C)g{`Q8dq^0fq-4RyXMc_Ziv!bV6ThGo9QVcX!HsMkyS-WHz
zSBvo+Lw{lSQaORkU+LZ-UX(MQ0;BBi58Je?Mh}N_6HNnT6zuX8^Ye~Nt2!4Roi6&)
zt?$oc-S#I$y|-gS^!pbz0Z9-37ZH7#UWv&IJVMD94T=S9?o|8vbAoeuoi5NwVSsjE
zQ<;!NP6f-}<N;4YqY93@FfZ;-QB_(l?`giGPDRM&o~Y?E%dgB`^l#Y{<c?_dST|Lb
ztDM?l0*;>QYgqwB1btX6#NYcHe6bh3%(-mVRF|p>y&V<dc`@^(sBi~qWtfFkqSTu?
z*%S=&&ryLJmDRHq3F7ZH$y8N`6LZ7564L0h{amqBPaVQii#`j%z0AC0uhyyE-Og7!
zTyBJH;ns}mr74={=iB5Mx5`6oa;q5SIbDm)wG#a+zL|RT7bY^uZOs&`-<U1Bjw|M5
z`ak|kao7%R(juZEP9x6Bz2Kj2Y#1DLHq`4txe)&kjg-%+l0PdA(1ZK9$eE^B$X5&{
zpN4a*E_XV^-}m;|OS{m~G6r4NP8Iq0(9BTs#QU~ioPWVbVGRik3flh^UKF~MaaE)C
ztCTMe8gnk9o7a9`oL=Lc#E3;f!fczIK3tvCB7hwhx@-2lFnM(`&ZGYka^rTV|M7?}
zw$R)Bt)8KfYRC1Iy!A+OwYLy4F);%!CRv`IbT=%;)n_EKJRbWct2jo@G8NY`R?qGy
z>&n~`zX~3h-(}HJ8QjUyKbGVa$}spct$|H)3TD26hX^Wo1j6hU?&w+v_Wn{p`xggZ
z(p8t0l8yp2C>O7}ZIsVYu4&8KFZQz@G_Hc?>sn{$UWRQ0G)qh!e$XT|XwB}+PGwQ)
zWz?~6o~eT`Kj*T``kjdU)VipoQS$u?JrL&NzX(DAOeB{7sCO;btIrk<a+u4LkVwqn
zyKruIF+DkN^EN<NXQgoOXhLhhTWh_(nIB$Jo2#{CZ8>RJJ}9iW-A_o`YsueQKZW{8
zWt0V-6<X4yelK)#<5d7IRwk}U2U1@_{gnd~d5s6PzJZ6Gq|BS})WyYHLu7HTrzC^a
zQZPCRPo5lQZms9J+88-ag>L<jE6!ieV9)n0?j$AGr*pN>l+!wrZ_HRlE7T<fMsK!S
zF3X*VOP1nsV-P8>E;BT|KN{ZTJg>T&^L;xeG1fK)vuU1wG1f|OPmemWGW$lhGb@F3
zj>s*Go&Mf<Y?I0R$Omj_=5@!wd*dUewo*U2g!#qYO~SllMc7<Qm3P>2-+fI?0zO||
zGDXAxQ(BR*^pF1apKR``Z%DyQ&zQRTrtTlIM1#K0RGT8%Oyw0DppsKl2R}di;6ZMZ
zwz%i;@bGSGP`{Dz&N*)77h3K&(p@ALwnJ-6GaG7XlqII7D_f?!6MoiNY4dVz2RJS_
zD6XsQZEr6eRUEMuPsl9xea=izR}}nsn#bC4-z}GMVzgex%Z@`#Tuh^fcnDng2bb@B
z`<42R26%ff!Hq*86)`h~VLOYmn&MXd2-|%7NOH|bE6h2W!cuR57>nmqy2Cf-VBJRl
z6y5S#yCetx`DRamas36uBqta0^~kH!eliEaT@9oW7KULxp3xrO+@WiKXZ6xm2Gv=N
z8{f8m|2A4GU-NiAZFM{t#2FYaTk+b{x1ryKjn7ZCYu-uxQSKxH+p^T?sQm2>wW_l!
z&WUCN@WCv5y0<r9K1r?99}?dgwtWW3TFVm_kxybNzEsp#FiH1eIp&%2xGRdN3q}KJ
z?xAe)0i8F$wEXm{4D77XY!U#@ogF@efQ^sF9>!MI7u(+6jZsp&{KqERj6M9*VIPCZ
zrj9qZYL~wTi0jjnUmJa6RWfFgRTxmR+0Ap0P;Pjrz@vPuAg9VxE)+S(D8P_`iJqG2
zCM`oR4{Qk#mXRcm+QSq6952`_ah0YkBg2-TpI^KO3!2&;?T0gz_UGp;jJEoe9Niny
zQLbA*75ny~>o8lqxX$x}vV2XU%0)uq%kMOPS9*T_6rQ5N=xCroM<CSs)R#IL7f$N#
z?$I#o6B7;qFFSU6n=uIm9PU5Br?H!c<)<+Eka7ClzU}6GEz#(^88%=&U7$$NAA~xh
zsGP~8FWn8laecdtr0(zEC-Sypr1VnT(_v-NQsDHK6Kf<gmJ$4;+0cAJpmjXO@6v27
zZU6ziv#%5M(Bvh}e6fGZ3HLFI#Ihgd#Vhk-#<?eXaE|@eDK4Ilse~F|eNzcaF!dLg
zgf)xfUwQWH$2ri*dfB0Ei3+L7<~|vgy0%f1hyB>yG(AM(WDgmcebQSQ_pc*A%J9fY
zwb<MN8<!kmArZMWpkIkDKl`YGYkHZ_MzD2!j8kIxCa>ld%nGpt^a`WZP<*k#o8LWH
z(azG6<@;CAh%vHnd;+7^#8IV|?`M?xVe-oUV)M#~_rE(K3`6hK#0i*jd*^bcF{k73
zGBuvk!qXaB&zh533_Y4#I<+eeV7%8%w|4T=Iv-79EyKdb8yzH850mg-&`Z)DOOwOG
z8A9@20w*jfm;&99meO&)O@tO$4cZvrG>~?yQNHv{DtMb+0m}zgLDOeZ1*d!PrnCDl
z-S4=FZ@+zLW?e#vd8)Hq>WH=Us(<fK+$&36ww>rWn9uI0d8QcFOL2j}Mn=TH<kTE3
z2U4Iz8ln$z5~B{{EA|Sv5sA!YCrjkh$-L3R%x}|#R6Ty(ZMkX;czOO4xa5i*I_6I9
zS`T;;9!<T;Y1Z9CLT^%y1B-NU&@xd~`9r+j#WFRGi(zP<H!NQF_P&5SDYp0aEKe)2
zo|6o`i@V`}QYU>7Ybx%R?dI7)GVA^_z$AZGLwbw_z4cR1Fpr0uoGjvP`b={DV3~Q~
z`yNsk^CLjO{ZL_kb;9t@<7?Vro`l=|)3oybUS@hk&R&5}VcRm)d+KQ5_dI9zuzw+u
z=NEi@ZYBetAOYHxp-0$-!NOR35%@aiJ4uFfpqZ_H;T#rE%JP1<`*UOOi#{Ujt$qy6
zn-9rCUZ}>!7<JJAM`2lyb-z2+vo)<FfLP)Hp@a<fC-C(_E^QJbI@>LCT?#ER@Nr-K
zaIXA^fWzjbnQU_J<6$YQ_4Ct1qJXQ#J~V7os&$6yad)y@xJGy%?9g`6kLocBNgr+H
z1nzt6J@o*aT|2fqDjas2J`%9U{>P!TEC)&>8k!{%Q5hXF$pqv2QVxd8%X}&WoWtT6
z|3Nj;HXd9&$EFQLQuF>>FBoZ}6fSGEVCN=|LXhvhQ_JHakiaeL)iB{7XVQUl+)q<V
zAx-ek93tW!L8%z!=UFCs2KCJ4lj9`bkuGa|_>hO9ceVT8H}qgg+Y`7rd4;02OUvE}
zy{y`^^j<>6>-mAc!9g!!k%wV#Bt>ypLj}gw#oZv`ruk7}VAcP)R1i$^*b-P?3w{gU
zE-q&Te=h|Jc+VLD9ag+7evdhC4e@<uKI6>ba}c`GPe1i8kyn5R{-%AGMkKG;N*k9+
zx#P;9z7ouAXqP*KF^g8v`^d1|BCl|Lds%SdM_ckqY7KgtEEm_AR@9iVSb|{>y;kr{
zXhXt2IWQ11b~Yg@*nAodLT*EmEhK}*9%1Qxav>luEu~E3p1?d_4-i3!)>Rx%Vg=b#
zQghV2J+~f=@u6d7jV{$+LPS6){$zOd{^bL~+XI87$2ppfg(mG(4ljlcZC@#b=Wf3*
z{1_wxX#%C>>c53X{0}7MgzcPqCLCvqCgaoM%RKpQtxs1LcO4F?vuVO7?&}OX9wslg
z_EiokN^cMG`Ajyo3|Vpj{`Xx_>i~4T5coX^jw>5$^0Dfgt%3Z;+JhAN<D;podbrJd
zgiX>V?q8V4qEA|Yr@^yf=Dg1VcIqdmh01_$h1=SO`64*Cd?q<82``iWZ^){6&p*q4
zmRgJ9rld&(7e1Z{swvEawAxvVAL3-U0U;4TTttjeRk3m0)xaZ);d#g$IS839AoTg;
z--c2MAraOC>OKj*DRHMAV22h1$(^1)Dr8OQtxHM?G24Zz?5K03cm9wYEpKS7jVWuz
zbzInO)qVa5*rYQ+5`ln#5FVDEMMW!i{^t(u0GZFs;Wwd<>YveUp{nH61w}!?&MJ{g
z9jvb$xX4;t{lvV>bf({bH}BCL(S<FHWBXwO?g!sh)!PP8W;_`QMmZRLkBhq@iJR~%
z2@R_<ry<dlQgYM86gaXe2~S3*5qy1OR1)xyXv!fpnvzT6@Hz{{b=p#)6x+I5z>{yu
zv55@K9EJ0i@xD47dW+5b=FmDW^fK&M%Hz!uqsxhZx^$jsKtRB1hx3+{q=0X4g%6<Z
z<+C>@?+0lrU+_sIGl#bKRybqDg!x-mBrGxwqN+ZIDJ!_{K3K}Hl&G}F0+ckH+L+M$
zMA=`Q?Y1yf-xl)SI{7l`Uh}tK^pg<&7!<mmczw9m-YVXz%>uvGP;Z;x8y48Q<$Cu7
zm$bsa&d(k%Cz&Rkk)BXGlg#y>9X<aa&fYpIs<wRtRX{|LlJ4#f>6Gs75|A$GE~SP>
zy1PrdL6Pnnx;v!1&&D@?-#W+li?i1JF>4rR@8@~$zOVb*cQi1{BGP_JGFhLgI);;-
z@-_;^gTtT5GlD?=HIxRcI_4T5kUAL|ingf0!L<J7X{e*8F0zjR;9d=JFRl9h;cm*q
z+bQj0)vTSYEj7+huhN(ZiIND#oy3hl#gZ5hXEpL3eS>sEaP9p<wwr55BK|y%JB`aR
zX(JILf{c(cawOoG2tY;jn-_ji>ux{oy-1U*=i&#&uOENma0tWY{DhSAePMm5nL45q
z{N%=eOwZ3OjSQ<;rY>w{%qjJPJ$qFM@OUj43E0c{SUzsm+d8Ivi@(H@!(~sqX_a;6
zO(P^{7H#$Ai}8>kCexkvY3@^d3uU9fpRz>BUlrMD{$Y=viK&M_q3g^|`8Gz)<x?JA
zvNql0ohKw!rY^+wE%Zp{8Dxx7qz;{DI2Rm%mq`Q~;ZVrteKA{(>n1J@M*Zk$->p+3
zQA*pGsld-50Am4t-i7mW4A_<Y@b7JC-P`N^O3TvCcPBiaI`=*G73hk@m(ZNY*Hq&U
zK1ER^0SZn-y{A|8VqHpeZ2QW~`3$DMn#A+by|_%aoxx~nB;*g%x$rMsZz<d7dnrLl
zAM!CB>JOP*yps&_1-}m>DIGcB9E45Cz>o@bvSdBOesfLTzF<`RScZ;Zk;j%J;B8|l
z@gY}dPHneF<Gh>EdyJ2V&4UrU!lRNXmn^LIq+$atRw2IPws=EtPeZ1sA2B=7>qlee
z$X7(m$dcLbvdU?gLpW9xBy!j%rt~z_xr5oxdk-e<1b#o$^WNRA5%PH5akQND^#?z{
ztHS59R!(zSm5`K`o%~S3WQaf3Preqg>W`7P%cownk{fS~OpX`%wV9cCp~h-XH6DXj
zJtNNTzI<p6aY>yJk$7sp!QO#GF=nMdJAyB-uKpO4+lkg{q49-`x$B(P#FlDmI#ARr
z&P^7J@bY<@X}Hf0M}f;~sK9e)XO#cMl)4)Pnsq(Tr#?|o*)Pd2vneJfH}GIbkmtvq
z(lv1|2tms{So0^Cv9hll8}<5eK9U?2B?}<JGaUCqbMwW*adU~`E-DkWE7xi8c#+ZS
z^}VI{$HS6YN1^)n%9<vLyAy{}x%ckzZ>htX(kv}zDr0XlJ!DaE5NYxr1`=85q#WKq
z;;|T)EJkE@#}S&QeGs@scf^(PTzS!NH<rrfn1xIty8DWQcIP<#F|?9)FVygICqI4E
zNl8iHIe;8iNKVCxXwA~j*#pe^Sa08I@5H0htKz7w2G))BGW%!mEr4|8jQlYmVY|2o
z+htL)ByBB*zw7IsgB7rP4ef!zRjl^sBH}6B&Sko-ufsnl1YKWGmTK*76Gc<-=M#^X
zfDP>&Wz&5z-|q5HRGG-#D_#t;Bd(hFPx4$|pHJzbFkHTVUY!cek(j?o?57>(A(u<D
zbRA;!xPn28JvJ|e^ZN8NAu+MAKY^w5^c4Urtf>q;m)a}~_uq=PN|&o=;Rm6)A-N(j
z6wdt+;y&ykaNbgJrDa^{W5IL2ZD?w1_)Pah70lOdmp0wl$WS3;;^A;s@|<g+8@{iM
z=a){Kq%;q^tk!?Wq>)l*UX;Syo2$cG-|G7?Xa!VEN<Xc~6m3h*4T2rn0C)@WXCz!S
zVXK>T8U15X!X)oF%X~<0+|5nw8NkO2=X8kO^5$Mc0emGupQ#C<*6btwIcFWg3rag;
zMKiNk_to}qOQ&yIy0aMpbk>blkxWMi9DQ?Sn({oXy_@6<uN#>cKEQ;)1Sv#iOx4>)
zm?J0%;+}Q@ELTnz{Nbs6_r8Y0bU1C{>}oAS!<m{v#$y)?Xk${zr140U9+@8<0E4(e
zb;GuQaRGp-V{CSAQ&)Z*k{r?SB+eGNQyuNcc{EH{A)^2sE2_vSE7U!9N%Z;l88=vd
zLPn|!DcGf^?7LwyiLg`y!XiC_kh8JPjnRW@`jAa3(Fs@MaPXARI)t|;Q+Pi(aJ=)Z
zdOa*(N)=V~s?=@4Y+k~>IO0U)HrGFt*^e+?PhB*%8(#piPH7JVCpx|@qO(;sryG$y
zrbQ8Ryeq8Ksp~7E#%D#1#WG3JAxtF=!B<vZ@9XAT!8PHy6|XUFfaHse@#A2jVR!g0
zU9-ZC@g2~l7$yDjlE6beuvH|TN{M_Nn8O&*ad-d<@uN0u#O-sDM2{wBTR3pa9)P!Z
z<1~@V?$dTuL2P{VGL(R3d2V~QJsRxc5=-u^-x~mo=&3ipD5}FMZ+mc)K{Zswn5$^<
zU6JkWeZ*%%=HnnH;w&<0lglq<=@1UZ0Fro`RlU7Q=ov=<^-!%$$A3JP4$U+Yo$$+L
z*DiWLdhZ(23WYISZ|iwoqqTd%d|DpKyd14C>>kNcdVGMKz)5r7xm$~n%iw>!t7`6?
zW~@N&=UuWNUWj8$``E5XDaZRZ>Op>`b+Aw*1l@cl9K&J#M_&-g<<_<%XhoGzP%Z+W
z7metcUz04(!D}N{%>lo|pgA#={rz!3RcYH`GW(Ph@~g4QGS%gE0_SeE)YAy=EpCdy
zwU~tLwK;_rB}ozSf2`X9;4)Rh<=0H38e$eGOi_@K@9B|F{gc_ODzTw^K;!wtBQ#A3
zYPwIV9IGnwt&&XLmVb^e&dUA%e2SJq$DaEWZngY6ad=kG`Sg&NS*=$uF4Vy70gi#0
zog*zzy5+4$d+N1>u!|+QC^j6M({frqM6S$uK2>d_;#(Tcu*3ZR*1^LjLT#wN$}Mic
ztHIuGYX@8E@#tt3^!6X_SHN2>0>`<l_coLw9Op_~!|mrW=q5#Frq8(c-W8vKbVXuV
zy4tENdIOt;d@&;k^a`5EcJB+G!%@Tpc4xPa0db03!Ildw0?g>c;I$W5Zo0Vh%v8rV
zX=C<j%S|Wb+|ZKML(=4dx{;PnX(bX$=?cnIf^FjViXkDz-rC)~oKM}Y&g<S37BOPv
zYmP~df}1Av{%lM1WbxKH4x9CeaMk$pD*fG!<RJ`a1?@EFQr%fwBTGQYvgWLtQoS^r
z0(7Y&*bXEgXGyiDf<VnNr}26ovOqyUdke6nR9mDqF;%hy%QO^cW^n`wcB-I4hv1L-
zJ@0iTYo*V}YX~8WpxzMKx!c2S=PeaC#n^w+?Yqvw3GkG^twy6wF1csxy9&wKP<h@@
zk?mJ0czLQSERrh(KIBzg_svZ~0V@ufQ(0~^IFDhr=^y9tA8ENlc=sK@b<g9azeJNV
z6VlH-vAON=Ec$4i^8||PuhJST)8VEg%`Flg@^m^}ES=OKFjMn*N(<|3`29Vx7QAlX
zOUkj+uU~aRq>@X!gg)HtF%&<j$6cp7FM@@8<oK@r7Txw_7Q#0yZ4E)y_FJ-O#OE|O
zo5|&lGm8YZhVGC*Dj(UHkiCv%UZ2!o3pT3K6^5<%4MrZwzkKA7l3vejpdP;0p5b~5
zi5ro0K2DYCsG94!Zm8hxpx9uA<FRxVg)J!xZ&aI&Pek-0s_rwia)baDA&=PeL3)_y
zG&I+0a{%KN={I21rr6WFI(IQ8k;e$O#$v7vLU4qq_h?+s!eL#+o`0zA;ReS|W9xix
zYR_m&Vfevk{dPpCi>dphxwCTD<#akO!DY^>Zd3%r(Vzl$4ygWxEqY$!=^P$h71=+m
zw3ekDQoqhhLNmFs)swl(Y5M0WqMA3)2ZU||L==SIeG$9smt2q%(J*t8K)`3ph~deK
zBiWm+DGtA4`nVj105<3(6ULY+z+VLBg%``_b0mgG8@AGlw`7>SgV%Rc_-M+4eT>p>
z*ZIP0k6eMy6W3Te3D(3~gYfOe)+kUNEfD++edF4-{Jl=2v7QS(O|I6HZ)NC?ba+bj
zf~RZMlnkp@ClTL$*wKYne*Z6bd3-gWcv}kec%W3{leHJ(r+rxXPFf9af4R)C;^EiR
zFXya`y2H5F);+sWy2DD#Yd2(5xyBvY&!)gbJP|Czd)^N_6y_TZ>6R*!y_FOo&_$e`
zY9_?F;*e{N1C@z~8M}@PO-+zZZd+UVBtw>?ySM#yQ*-V(-UMrHLwIPt<yyQ$7Ga=U
z&AyPnAhNQ0iW~!NYEF85Q^~a8OQ4+zsRRJ80QY$AY+odW$51a{TI5OtjtIBybC^9g
zba*r+35rm{Gp`sC!O#^Z5nGU>x>Yi5H(b*p*Zwqe{WGUGW|}c-b0AHm?e0d34&Mq~
z1_tM*AT!xMp;Ac5`IZ`yb<pwjh0&Dju|9Ab!r5sT8q5{C_@f)7ho==-TMB-Kd_Mf1
zh+2?LLAIqTqit0kJ#0>!*I=RAJ!|L0>3e|eMo1o6d+W)oO}dNku*!UyB5LuEZzTh8
zvpBK_4Da-X=)+u3>*E|Q<+6!hp)T@u7)+Ij%{`xyzwhp9nr~Ie<ni^9B$PN&94c5H
zHM&m}y45Y8VP~&~tXUt{vT2cFVq$W0^_PfFbL=aQ_VgNKKfmBgBq4amz_9d<9esPe
z&W6BUX9s|+PAM!~F0~3NH;RT~YutSJ@L{_Sirr>W`bmC`s5D`|;?3b;9%$nPfsQ&o
zSbnr}+M{$-I=b$`jxtv2lD4qAm*F1((lasr6>pzCe0K(!oZNc)t03K_J}+k=nE;^k
z+99(5vf}I-aLghA9ZHfP95X#dI9G5`jygoA?rNR3)vHgN5&^@gJB~nE>7tRQCAv_j
z$^NMg&Q(P0C-6EvJUkCvthN_aaKUvlmtX5d0H8|VuDIm3&^KCxi&Us*S5Z@)e}$|m
zKburjn^L%!IB})lVh^pawPJsjQ2XaGBy%!|gwF^kr+MV?DBJaVsAy3(HFsy(21R-?
zqTGrI3SPEmVNoclWaI`9Z%)J1^~o3*h7YEZVxbV%B7gyXpyt*j(iO|;d7%8O;{;lM
z0b}ruij-8j<>x{uJupveK3knww)j=QC8^3YM&zv4W~p_eV(kSg21dRFNIef*%F_N_
z#tRlE<nyx7&QXs_?$c-#3cg&AeRW^j-d3(AUbDHHEiNAPY1@s&@TU9ug(cbW;q!*2
zq6<zFCMVUQSWl3n>V~1wFm}cdkNNtW0Uytg=T9kU^YAp^RPm5=f9u>_($)@*JN;Hk
z3NKDg%MeP3a0)ldP)KgxLUb>~^x=9W8kOyyA{w2o&LI8T>(5|N!Zg!0@vf&V|NiCo
zP)Jtq+=|BOUSH)@_lzwLSa_Ih5{*DpZ?|C0>#_KEci=+>54Z)_p_9azG$meZzZp0p
z@}yBhAZ!(O3E0a#<#rg6EmJC9S-Fu=93)=e+7biiiu2*<>&0;-c~d0Y9`0C(GDcP=
zl=}wya)5~$5%m(eb2NrL*HiSHjTAq>s)_To@7ykT#}p1rCTXsX#;K)5`_qTNKng_`
za{!DsxfO^Z;%RkUjSwB-y(#b%XaL3+Yw6TQ8^bjNv%dAh8=$r&!Xb+4Xphb2z~Oi>
z7JC8IE3<Oj#HaNl|E_K63aCrjZw;|Ik0WzX$a-i-^AX_jha=?TSDKg0`jU`)Ra~(Q
z({Ff)8N7y<3TGF$TkcD3UZTpsiap&@PA13y^sE4-HsEWSqK35~9ZV?0p=_@6B_319
z!kzmR+6rq?I;<J&tz>?lxVhHG1z6PGmutPoRtOzUmwamkvUg-fqzc1iOl!#mE7tm<
zbcy84YI&HdBs^DUCcy=~x3Y)mKB31r7Np3y-bR>{_S<4v=m(^WtO=1P9AsIbSwL=M
z0^i*cNxRG?P#TeAF&X-34l}>ibl9pi3O1hI|BPca&q&g8chX<|0mQ_)yxrAa(t*sx
z#LB8n7tJjlbxl7hOmCka8tNc&<fg<Dq@Wj@y1wr1Ol4Aan13o0=9*ILsul$Dyww$A
zUtkUT8d^p2C9TxUxi9<zN9^44hmL_kI-e)le~ht4*fmP?!~+J8)9z$`f50{%qy!i{
zR}Rt!vQhP~%aCZb*St<(^V{`k6tKwbix0Y@Zr?v4zUtOA+VTUkQ$;}UX{Psc<L0gB
zy43CF`s7{p$Cr{#6Ey>HdKZ8W^YAFpZBk{cwNtb3u+PK4e2Y+m`S;+#|7Wgr8I@$Y
zT-DG#abAGe<S2``TP{*gTCs+QlCLoyTdero>s_p_N#2(QU#m5Dah;sv5_;^-5zrE`
z?d<H7C%z}szAYQrvCl7pQ3qf>ogo<G7UhF$WvW`?t3eG@?uRY$;dtDl>P~KVS7PAL
zon5Mx-?(UKq`U)HR#u!Oe17RPv*AwP-MaU~DZ%b&cD|Q@$6jfjGS>a5`TIPGxrd?7
zEw1n`14S$LX}_lXX}KydG1t?Fu6yn8ap$Tv!xbs{wPio0EUTyqXxt~C;cc#UflZ(f
z@Y&14$4B{;QV-*f?W;@8(^`w1#N75IJsm+HWQmoD)gtmZqh!~4EO%zJr`e0GqgQ1`
zqgIYVAYU(E)|;Y=^(~7MhwEMfg0W3VoPA)b0T_uI80gO#e94Zf4N1n?*!?3ZA!zT}
zoU*2-WL2xDubncgNRH@vG}y)iMYHXZp^qcVnC3uP0~q3B1hW}r)i^5_nL!CidK_gk
z?Or=@JBG!SrtvdmpwW0$<EF>X9FCp8(X5(PH(x+od}qY<I9Q9Yo0~j($)Dl!vXj+u
z_cU1TxK8Q7C&zgyGSf|D9K&QVhu_PY*RDh<KsIVb2r)eKX*>ylY-LR8mAj<->_vl6
z(nlF6pBMktgBqKfiVw%<l$MkA_)=L#V>f%yx~048HM8M|k?vEG|0W0|9+Yqeq=9bq
z1_pCS@7*e_nEh{V7;R*6m`$B_>1(AI%-o6z7-UMuWw?ghOp-nZF0p-<%9r@mvxyo%
zvMu9os-$Y|N^!}y|K-l?;wvUBV#k|-K9MQ{OZ0=-sUHmM@bU7Xlqgn-iUIXLPKvr1
z(IIY0oJ&-@Dy_NYF5d~$4-nT-*jK)1rs_uRM7WAY{df%ds=LHphB<cpHRC-fXj`$0
zeJMgQP25XJoRAMg>5qAQ+Yj=g_Y~=@3Ck+*$+vgFQJtNQ%gvy5Co2&m6NlkkGTz_U
z*{<3<80xF81|{?`!yqo@N?~wm(Ful;k-mBJ#sP&K6M&QowrE4m34U&=yFwyE7+sBA
zOn8L$d;mI=!}pd;J!4^SuU@jVi(5>U6$;YSNY$|LA0eL;Z;weej>5CQ9^r=qs?XVN
z587&mkhW*{+(jm0^JL`VIF~RwcD-b($Z#4IS-4%DohWhqUb}@LZL6A2Qta>-b3Oi>
z63~&K1QBZEU0mT#?M9oMPa7Tgwm}r3;t{o;6w(O-sa!hR-^)t1jf{TfqllM|8y;#i
zm_>6=<oK81PU)L}rfHC$LxMTJ%*=ydGjraxJpoxsFM2^YeAnTZf;}x<@1ZyUf+WPP
zGSPt|^7e<c!!O;&VYkX*Kt=vqsVpxqkl<b=GX&^&`XBlY<k0{tg9=SMCgSTQmo>+m
zyVK!UqaW!TdxG*l2S#eK*<_xZqor8QJ!F1<i8z+PWVln=PhTY^{oyeMD<u2+L)TdB
zbuW%}y)V#az_;>RY4-<u!8R2%PIYR!u4GS;syffBmB6#L2>xxJIj8f6@a&3&usQd<
zHEaHhaqxZEZNn$Jh|D6-@C}|8M`JyMWR+|6nZL8!f&<&NpB#AmEZ}QvthT<|@Sec%
zU7B%~safDGpuun%<Z7f!+IyJAL|Z27;}?fc<D+zGAqb{M-vl$cI)n?Fvt;CU=g;1h
z@|IIZEXpgO>_<T}Sh$kujIA=$IdibYwk}kLCUvkXc{c5GiFscDV_E%d9ujKR2ZDoZ
zLz4zg5&Kz}UT)(G@sfM~38wH7Kn8rwF)mp*Z&wVPHy#K8?;Sp73+=iMrLMoW`Ht6;
z-#DC+Y?H~Sb_rhZ_!}%9@7Q%R81LNn33|yZketkzig=MEc*-y$(z&R6r3~O2c@F?5
z9c84S5Gpl#(}?02=-8rl2(78~sva+weUyuW*4yq*Sne;|4!Js>As6YnnUx)|SWY9=
z>0wsl5ul*Nd!4`VJRM{QBK7tW5&&=Lc&sp+_dQn0+Yw5D{OWj;aAb!pDlsugH=zEY
zJo~Y5-lTBn?Ct`xv8>S>9}iOkveA$FZGa~uB9M>-R2eVoHM}P6&qmCGyHq+kLbQ2B
zs~s&g?D^rbUkp)gOrx$tUU}*x*uOVu8y+?*N>&kV<rR;R0c>_36+umM<D{vKR;t8H
zevTrt;TV3P)|-P)r@1X|1<VS?FX*p9<NsW~zrEb6gKdc5>`Suht}rCXvtDRaA*APQ
ztYEyXb4IbSt{VhOK)eq3=j_|N5&RG8f%$lh%c6~^L)?ydJt~A6iR0gV*+&7>R#t2d
z$u#<NF7eA2fs09ZlgsGV*>QVB3YxRj(CEWXL0VY7lynOF;al^O4Bz0hYu>>GrqAG=
z{j(hw)awh&V$%Rsh$2SkgZ`M9808fX7CB}g)Yo=jt=bW{ipz(xzkX#z3%@dP13;|R
zJrfvtip7(qU_@&+cmh6Yx%R|cXlUqNFCarMe?LX5rn0zjtOB%vJ&_Z~W=?ff)*_w$
zIT8n0IdGq&nL@~6dbDR#@$mJMywAzEr0DBsOS4Q!hjSHf%IwfEARaE<pQ#EI4aZ$U
zM*KOrQ?>fH<`N3EoDMbJd?ykI5mGRJ@4d@no9ny)irbk0mra|ZL6!!-tGl5sYx;nC
zBQrnfdU{INJrx)Yq-0@<K4^R7zu^okCD2a$BlnjbUNG>ASKHB_E90B8Wks(IENyve
z{uuJ>EG*Th(@dXW7R_#{m*v%6T#x~*R}rzi7Cs24wrjgAka7g<;axkX>4iY>eWg-U
zLq_!OVfJJzJeKZMJ9cq)@qilW;|?c(X=Ke2#b773(fi!v%M?cqaen}&ia9y;qNdx-
zKg_p21Cx>8+}@0PE{G|#WQgxOi0X2+)Lqck+}S0831`_X<)+eYklISIm7n`{m9u+_
z%pq9iei<_`$6N>k@?t3_{R+*PhBxzvm%MEwWAJ((M{`S`DptQBAts82X5+@xJww7W
zl<vEQ6ab!R!5T5$6|T9uYA*O;Bb;ysUb$HQQ%X=wCBMIFLA)}X^}K+YSr;e#R1C~2
zc)#)>rXUN7*f$0fAH8gYf}g#Yh)E7^YL$OEM+U%7Zt6929imAION-G1Oe+QkBnv5D
zD$6CaRyr}9RqsH511Ism@ZrtaD-U;cl((v{&jf)Or}>Ee@Kx43a*(`5=6_ff=bdZx
z*b$DJ?c&Z(*l-7dlIjckOnsMox4m_%8Q9a)09KYZX1R=-*`2$*=d3Gv;*#Mi4^*Em
zmnbREcgc9sU`EA{Ugb!h)&x+yn>|-4zd4kl%Q68no`s=L=C{x<07N|1%A`7M(CO68
zN1GuinJ!t9P7bp>pLvNC1p{d~1dOrFN4!iF?x7S@5at6=wi1Da#>7xKY<uKud3<=3
zx02YbI|e`!Bv13|B{$94eFVjB_5k1v#I>BiO_pV4bA-2`o^U(Y1j5UHcT_7+S_=6R
zK{*Kj<);ZCCC;V5<dF8xmrXToha#CxrrUv|NZ1+AQ~DeLU!(DqN%1?nKKPao7<hT5
z1^YBa#}#dOTQDmU-!7XzIw%j{&l8b<lIH*bNi9nTSdKrNHXW8cg$niByc%}_bC3r>
zw%FLmRn*SqqvbF68vB6mc}&c9PhPDJH6oTBfsXy)+r~%t-7wG#IP`6gKPOWruK|`W
zpjb4#%k$Xq$bUJm!t1u3RjLzbYrJ=GHLyjiHq5`-I+S(@c)gx~&z{t(9|c(9gWJG9
z*b{S9WdQwS{ARS-^>jOgp(LB!AaSZ2KRE;RvF-k%*eGoj%;|~$vp^xcz+_lgSy?#;
z;*EAUIIcADy$Tl7D9<B@#U$-{<ROmRVasKKZi~2Pi(5@_o@q%zM{qRIQMZS0?nzBc
zlLe+TyJXgP)o}+Ynz;GR@cSpdYsY@Z>y8y4spHZPzaPS|?{lGS0suVcEj;GPOmj{~
zy5LcD+F+Hg#XlQDiQQYf^W`kJKwG(VVl0wo;K$@Okg^IeKt2rfKdRRdF@AG3$NHY`
zty>%cZ|&fyx9Syptq%U%Q$MwVO;W-y5_di7Lep8aSU96L<V+NayS8DOn96iszilH<
zy!#=o;0tECng|Ot>pp2wPS9xqzrnJ1t_2jo-PofA+QB5=y=S<484nc|7(K*^FCvSd
zO1ye0EOCyb6v5U)#kWcuQoKyj+~mZ!&t2QC7$_|+fC<0H_vO=_5bgQQwZ_@n<e`~R
zU%GNI8ta1iQ(ssH2-jUwBys~$y>mQoPtA@E(B`)dEn0(%IT&p+%TQ2U=hY{#;{@yE
zEwypgW)|@OoLaR~nqpcb@RUYD6Esd?cKy=YS}|7`r{=UX?;n7GBWTtgF-o%5t)QD`
za!~l`)2D6DPTwK|JfZSI_gG-4XNQS&wje_Rrnc_tRE}3p+AsbdC2Qv)@74NYHl-c9
zA^|f+Z(tIK2@w@F`Fqy_{?9@A!9^DOW>|x>u0iPdCzht`zB)oX-}i`n^xDp!Q8vd?
zOk+ERy@v5UnwGv+a?O4ReuIV<KNdR70t~ToHvTN+SBMvtZx1^^ubfK4?5(GQgih(w
ztIxutRat~=v*XNG>5Yp~*ljnAsU=4FVxkNofoP++LjFpM$Qyu3Rhy0yw}<rtAgauF
z5108zM<01#F}j`I-xy<5GPK<VAAIih6`}sJ@P$n3EZG^LXJ`l(c6sSb8}u=Mn4jN&
zvP8r1`^0FNzlea*&xH=Y<Bn*D6@QG~khbB8%6_0h2bQAI&P$kAyF8F7ovR+D*7ZC`
zy8(v7YHTnux&muf)Jm?Rz6uLUONXXSh)c6hFKv@{2*WQ>Ju2aNFXQc}hwoysItPK+
zmpoVmZLF>7;c;C^iYqN`Uk@g-s2%?B_xC>o+}@a)o@Zf%NaUMQehv=x{<$|$gVC>%
zdiwelZC<ts>3O$=uCA@^%vzM^7MC9g@$vE9a9}g9KhioyCFT=TG21!=w1(B5w``6)
z@c>&4^IMxmZGt(Mwf4!f*e}$u2jS&hTLjKS&ML2klKwp_6{N2ZQm~|@>cdfvTL$i2
zMO1UYWKn)j@Z!)L6efbeYdIc@Z=ZPw6b!=gM{gUQ_9fZpNA$}3pzIU8Q+VBLYkvY|
z?54T$rMG}(yWCkVQYkjw=tG;G+#F1HOm#i5-{^~V>wSB$cSs;$Yg;iP%FAFno>%Hc
zbqCDa`kCMm;>aeQ;ikGDG&rnwyt-L>e8^A7d5`-v-8~1kv*w{Nmy&jHqz&JUUPw(B
zKI;au$}E6gZa34oz-Z@a{)I0QkmBd<H958TJ+%!aK$zq9)U)u!YqoaIPi8}%q4pwe
zr+#jD;eJrZa>d)|7FQM5{bEMKjsD>Yq_XrQdOK@;dlYd5O-(y<tKat$kfE%-iin|<
z>ntzX8lydQY;I#|S473ARBiXkPCS~^iXs#E5q&;ud8ds;U+$+mx<mD_@>Wx)x{idg
z-Rh34BozG+63UNZ*j#kpBzYHudbAjgmz8F>Q`}UiJ|^k+T3EJ~%fP6a^jnaXC?xly
zv{x%dZ@l-xZCLA_MN}-sd)sO=7kZuX2j~-p;l7Lf{1L6<O^x1<D@C;}g-X%%jaR2b
z>8Mo4TGZ53tHyP;fawVM!*o#PZf~2OYu&y<Lq{(V;LAR%(Q)k3#c_oLV<FyrdO1=d
zB!&jx4Ea`JD(HOTEw5rgqwIW*VW6h%8RE@-#L`;^m~(w<1LA0uOM+>+=ydm5*)J&H
z^}k6e(P>ss@B{(#bTl`{CR-!ajyA_rH*Jg`0(VmEhccy_9Mu#^E84$Cwg1@L5f9}?
zb&})fRXC2DCyB4(J4Nph&LPvI%L8D{ZcbDtYz{z;ZXp>}%qv(Q<_l5u#z=T`7BO}Q
zzc49O69O$aYXM@9%M0`7(@Xq3XT|U$$>IE_a@c$#-XCb3$c^x~xLBh>UxL#0epujz
z$fHoK<V3-u?Htw^X`F4=X=rbZTHU8bp-!=XX+~{OTKnAgQLMp7Jmwp!#5mRWxDNtY
zJqB4Mdby*c<#Gp+q7f`x3_X58$&=!%N0fjhRN=_*@GwMsyFc6x;GZjFnw;BG0wUx+
zA%I%z91#FE#cR1*4T<CH;Q)evxS1wU=O95ABQz8y#^)pC4|Eq;_jQ&E>@J3Ki_7qM
zTroEnZ;6Kz&q*Eupfd8}2O%K33s{MHEDYm63crvOJAa+T-O-Vs=9a|euq{xFf>MH_
zh4k5`$?EHdI#e(EE2(0VOq=4kQfj0p>%c*O#73bgDCm0-0*9Q#gBEoXHnlW@6401+
zhe%$}$dniv`Mzw@ReDw*qH9rcAI-10;G?t0L7Mk+IQLc)bpX-eKcl{%!i1#i(|n(x
z8`L*Ov~%0^qzzbNRF^$oC!2vd2h>Gb=~Y0A`uy5_dqh9(+Qt3!^j5_o_7w`bdK{LM
zi7Y{_K)cX;C}H|_KT`)p-m?sPV4SI8VHBOgpCsY?$wq&TIAE}L7Tph3>~p%R5TSIx
z1?oL}sR0Kit!0o^Y*=W?H?wdp(Yy^`iJ@9jM7y!RUVyP^vR4pUYj-eEtjdNyX><5g
zV$T>)y@$V_@2su#JgA+s&IX1p0&ZYWkJJrtkcFa<WNddQFdSOt(pz^E=NMDFtJt8R
z#bso`MrxO23ljH*17apmQzAHO=~(sl^Ytu4eHU2HZCYK!v2;BkpuCdyx^Y$Vv5`~@
zh-ml+B9e5{q>uNNt4pIJ?j1jL;Pqb?h=aslx4xsp{F)yG!j!ah!Ci1!DMdxY%@wQF
ze@w47U7&ChyH;<@2iw%J-!~j0is;@AlnuB_V8}1omxHa!%RT%RSrDdU?Q<0YZ*K||
z=M0pUNzZq|THGK3DKj$@`j?$I$tRYDTaQ)F_&y3~T9|ykq<$ms4w1M>2~{G+#E^49
zSum6`^2lgNJLqolSukvo<ivzX?~tK#;LwvYh+8h-5KdG(5BX^vSUXkG;js7en_4H|
zEU>w6rQ2ikXLpS_|Ge_Q4NK=txeg@o%7L;#pjZw9(3UyKBmvyfq@7(dbgLaaJPKx4
zU!#7moJV~faZyC~;7=FvDGqIt-n*G)-e)WUkXXq92-iVFdK@;>dk;lU8_i!zz00)f
zhFIE#3yt?6I16PSaDPs63V`lbg>!mVxyY)OHes&A7#=G+snf{2KXK=l8D0)vnyt(f
zSCfM1$TYK1`axEEMw!d=v;ix@RQ(|Ba+l&DQGElCB>*xnEvpln^+Jm{dR{Th=)S|w
zU<g`pJ^eB&@_>l9tQcyCsdx5AqvVTge%mDv$2IuITC#l&NmS}C`8sPI^Ip{n$$08g
zW8_^!=H!p(yDHTmSKhVsSC=T|Bk;}@#cE(9lS(ET^~X{7hvfAjs?F9~73;n^F)T5X
z+ROS*CKX5hJgdGe6>xY|PwnZ-+&Wd%_F#Plu06skR_B9xiPOzN6;+&bFO9wk{)(am
zDy8N`%S7HQz{M0^NGG%Dh`fbG!7EH>@-AtTB_w-=avmyly?pVr>i8fcj4mG0NF*3l
zVi{j(HRwv7@3lD6CE+T$aQl42DJ1|p>pKV43sj(WRIXJ0v}+Lf{)x6a&IC)V*GS<Y
zPX=cP&@RcJ7G@3de2Rl<ykedAF$-?ucpWVb=%ju36xO3ALn)cU0n}NY1d0CB!G|`9
zB18mhIiYZOUt(uQm{By1O*P{zqWp!D%c|v=oi?tsY1aErW%E1VKnXni{mb$VOpmbO
z^=GODp_Sx87dC{BW9O#g?#Dcbier=*D`BZG3qZ{zAE+eGoNXIu1gWE0b}ns6RUkj-
zwbfkhVQ=SkcN(A4^G;p9ZKhc|Ba>sICZzX-L!~U}g6M!)?q{fr7wXfBez+)f!hGnt
z@`E`geK=n0o+&;11VtYq!b-mOjQDI!kle2y^RtID+VhxD5(nT62vns^W(^MAD~p#X
zAR!=Jm~Y`c7I&#b=(=Dfn~dIFe|iCTHFt=$MpWf!(pJpHY;0g9-3@kVtSr;E`7)_e
zTU*A7d<Jk(XlU@Gh6Is_g^#G@sOjzZ9dxBD#R-eNrbg!>>v4T!Bfi>V`sjPlYPu|-
zgsow_smV-Uts*AYg*}hQ@^Pcpwl+1b(I)hDg|+OrBu0hT&(T}~zUe7y=^d61oQ6o{
zil2DLXG2vE2DezjuFD!Bt(!H~ZLu-!!c>FosSLadm26;Ig%DXCUI{qwTQ)&5SR)2$
zo!#c4TTk_btCw&nKi+gi;l&0kXQRhz78>Hr_@CAa;gojS8&mj!HmjQ@5-8oEuvpM7
zyxs`2jAnNyTWg)N*f7=l36!U`6wa=JcS0EW^Y`a!xn93$7rre}4B=ps+N4$PSr$>z
z)NORYGTPUfd<nl>PD|a_h;V(nk<Vn<O(P?U*`&hfa+JZB6Za%gT6JF*3Dcc6Xxls9
zT1>jgCQz0Z#L%I<9YPTfvwNXn%<q&qz{N#(ghCbEv+EEP8lLGGPhz^Ci&K5sWz{m5
z-QU;AGQt9e*xBjxjUh8^rj(ZWa20VkjnbQrP<PNZI?G$P)2-udIy`#oRwovpC<!fJ
zyQ@K|6*~|^AIU8#YO2VOenuJanr%~-cHwG`ZQ<^oe1XqyIQv}EEHU0_&mvbcR@quh
zE{#X<B?9i(IVcGd^vMqG!g^>9*OQzD)&pTA_SfIPclInTrGG%*1V~lD-4PupB?{Tl
z-tQawZ6Bp+vBSwop4*_3JN=xFTA*&rNi(C<WWB@;>x-p19SDx1egp_4eE8@0E41Q*
z;5uJ4sME$+=nj9aPCn9ylAyViy*X>G4jE+TPF_?Ge=wyYXqv6{>~-nca8#Sy8anNc
z-Ae6;7k-EI?D_9rzN`X1FUi$Y66o}hB@ed_mEA>RTuuk{gIk@GyIJsM2Arv*KLpVl
zJ~!%%QP9<0g@1lmO8c5zwfae)+5kzfa9@36KCl81Yk|;K&X|~d2-A!^`a{(tx!ukR
zgk0-q(Jd02PCXTA$I$3Bm1RWv9k!A1xSa+xk=ZUAPIbV>dH5X5edpxhkFljS7P92W
zA<jg$sa9CPlxHla>cI;`B-<=ZmPmU;ntC@ntUXEyEt76+2TyIRUn)?O+L#t6r8Zn@
z#5YY&tyzo|Yl>MSpEBnjRfgXxN|sJ7idFS8VWr`07>%p(fny;|JdMe_svU1y++074
zUJ)wzx(Xv_oK|*%NJ>D}9CIv)8nx)dm}pA9Tgs+YdSP|~-Cn$fu%jfHWuMz~AGMV8
zYad-dC=Hz)-OZaccQ{D~e0^sUz5RV>E$@b+GuV5@Am(x3g{Fsz-DV_FfuKINl>HTo
zh%&$F$or}bV5&c<)<*6gU40Nc^)=3FQJv+C%Vk|S>QtuC9TbL^ZHq$P`{J_RiX}=}
zX)AORZfCF9QhR<8_sfGk5DGurkD1#AKIIz8x3l#-CN}}_JY;G}A)u@}tp?)Iu&&aJ
z5=I5~B9BRdqBk+1ca<M<R_AR8QI_*roiGl?Mk}~4w-0-os<~I$@PIKh3W-T0|M%WS
zUBur;vL2LE=ukKN>G>l)x7*J#xw_C{9=VW3ym4E^ZsmByC*5}1nbF}gq;nxDzluLI
z>N%A2;`Gp1#u6KyGT2_ce(7-8;n`?^MZds_AedzwKn8P%0o8o`f}x63xPzKLT+d_W
zMTEX9P_~{nFqL9k@(km0`ng<Tr#)D2zeTSc<{ueNE+=^;D8<(<oyH^L8N@k6(6qR7
z9bVi?hzH~I?Dwx6dI%oZHq+J=hh0(BYm>frzJd+C-OKmgs)mP)^^&cZ#093|v}cFC
zRj9e8s?(A__k_<N2){u!dzL(>=xutnPKzasHWyo`(c2SJw=*KwO}Xml?2dmH!#Mgz
zIulo9JC=egD%}RUN=Si8;cR2G(1G_PX~qkgtyTBYsxOf<e#VRGs@nKb@@B20-1ru6
z;i#IC$z)D8rory5Sn--_a}Tfg2>5WTJ~j}L0bmekc=5C=vBu<^&vVP^-c};YD&gs`
zQiP<WF^ewQ-0l>ib+Tp*&;39bFl0RRs~x&6Zd7}_0H2sNCXxR^l#?fqE%6KE0bzi&
zI}<?V$kgO$g3Tw2oe66FJOgje-Q_gi%axIvhk%MzX)l{QJJ!un`<_3kyba;9OnXN+
zez7><axwvaYZ`VqgMd2sOLm@sLaBH)u;u(3P`ClOdk=sk>8*D?-JHK*S5d4es(08?
zyt&?j@1rgZV$<`efFBm1Dh@B#YYWelPF$5_5{HC%+S1>>3d04UoqRRe>NCuze3jxU
zlSE$a+%r=aJH@FY8EW((-7n*JiijYKECEF65bK9qV)+cZnZ<Pn)C}^42uRpa5QLFA
zP|dC-L=rf`13d2pn&DMlsDPnIxAj?F*x*JK5i$1E9Q!7QgeHeGak}|o)&@V&c^_*|
z<6WDdyMpu1vcGqM;tI9-?P?fY^@pi<jo7XlRxhuNa?oS76lOd!&2N`ZALS298mPqb
zT%uMh`o+v1!Zmgis=RsVq^0BE2EjIS2aUai=F)nbzuG<DAhbmukvW}=ESp;u`cno7
zJm<7{7xPS#__B+x*LDfaX3vIci$kp#NS9?AUodn;?-osznAw}p4K<<-0(b#Mm#dQx
zR#mkLn5`aE0EJ{kuOSnYhE`DfQ{=PEPfR%ZiYye9>5jkXd$z&tnQH_#Tj(Pb5lgJ`
zaGHoz9IY!VQCMlqIh%7*a))zL?hb(K+V%E!N-z5XTI)7j&hYJ%@m~xi`@Nz73Y236
zu|pLOyU{CKH+>5RYdNRb_2PcZ>dJayH=Y=xwsY}0p*j@V>g6vNAx;jlb3dk#x%-03
zIT3gL$6+STqi*haTYCO>(`c_U<YkBiy?$1`tykkarAF5+ax3m;&;f6~6a#o$AonCr
zH7v-exHsNfH{&JGF`@UQ2YG++)S-4ZRx*EnLBdPrQgwLhv|>^#-s-3!ZT@}5HC{UD
z7)cNZll!;{m0|B#Oj>COnNd)KWAp(&r|^^-gR@o)<@pJle%1sPC8h399AsM^He|(T
z&tXuMzDY>7Q{UX&DAtvgEA3R~Qi)x-6emxW>E-?iL>vz-Z_A=g<cJFughNsDW5`x1
zRuxQ02>q#m`m|A`IKFj@Zpi?(nTT4scBbRr6h#v(-wgJyuwZ%f2`so&D*_gk@_pPc
zz}WkQNY!k1K?aG4K>f~({^44E#h_Nz69~VLy<5%3oSgd5&MKjq?(j9v6c730(;rq$
z00N?yOj=r=@$kr`ZfID=HA-?T<dW4GOUy4g#4BBH%7!9UfR57-6t{o0X$1rYZY&HF
zgIvH`OYOfet`lYWgAAB#fk7oCa&knc7>Hlmw@e3hvfe8M$e9|L({UFSV2~NoDhhD>
zC(HS-pXca9JmxYg7&3GMHUd^9>rU_*+~H>trM8o9?>)Mx)Fe(zMQ-H7IGREZM14G8
zH?W`EoSbcI!bMV(p&;pJ`Ngj2SKDn!0*7(ZE4(2150U(DBYee|&uxHpP)NX_44Mfg
zm<~Z|0mg(XLcmlUrt`Q>g(hx17>$NdTG}-q=`Hkc!<T>fP}~ZNP@0uLd;Hy6OGe_M
zOp6v0dETOZNSv>LCQ$|*c`zdrE$!>}j%vHrQQ3b!(BJ&}A=!~jd~nPVL+Yg}<0}hv
z95ku6Vc?Ot;VAvkN&+|4-`8}dX<M9+gtK@)B0Xg_&8a@<<Yl^8vcM?4KjY|}9OmxJ
z-`mXJ8dAc@n^!y+2Aq8fyoBfMF<LH{H@r9Y$NZq$^ZPgcg#tc$S+<J(-|a86OeaRi
z3v)S5U&8nZV3PrYLi6Lt6MY)6^3lC#ga6b19T7u_SfFQlpxL=Agz>1w!rd~A_u`qn
zq04Yw#GPPNlmB(m^m5^mFCkNkQuZSVNY8v(B?bIIe0Me?SIqTxve{G5lHmWBg)SRG
zb!Zy+WAuHAh=_;>)0!2dU|@*ddUF(%kdw#RKfLy0O(-SLlUm@QWD7TC)so`z=BH-D
z<$!*=h_2i>N@>4N;c|YR0>XbZga0b{f4&Fg0ZF@<aRYuZwkX;CxSYnppvllWWNy7*
z<lN3!2F$~z*CG)@uPp(#5?%w2a}4@9o%CzH)|mDmKUVrUtx}w-|2cpCjnsdedv*2I
z^&9hWOoru)Di?PZouZ|%s=DnZf(XTwgjWuPSC!{I>>=yfm5D4|NZcDDoS3fheEg2S
zSu??;5Kk-1aeyF}jzPk&MJ-EFy6F|Z|KD^D<2f<~dZ|XxiQl^PTkF(L&(qwt@-g6W
zanZ?ktCG?>L8YggIb58TdDwMBS^e{F`{Z;DF0lrLk`wvZQou2z$_i*nYXc!?9IXaK
z2#D&=BkSh(qWinR0QhEMq(Ilt=P~(~^nI!va7I1rayxfpxdp0SqMc*+bBNnrJ6aAq
z%V>@6_i0+^!|C569x!73`;3N!XMo305Vk~UU6VNjPx!QT;H6G_05!|B3D0MpUS@x3
zf~7=!(l{Q;ryHy>;JiQjfrv!z7Q@E;hhzJF2J{;x|H~ryD$5eGk_y)_dR!~2OG|HT
zVGlz7o3H=7KSiL7l%<Fy)B|KR>e6Q%wy6KGIsb7d3ln^R5*RbjYvA;cT}8)#BV+%K
z4JOopF%1FHw8xJEHE4Yx7%9j``fJ($ZXLh*j(9Fqb!P`!fBg4YdurZpQ}q8u|NbSo
z2ORQ9BvSC2_i7&&I!ZJ=H!Q^ecqe}zu<wL~K$9JUUMp&Q$AoL}DD`h{`oEC{aXyII
z*wZ4kelvi{a9t_K^tgVV2A|CLU+(!g7UiG+nnMnOMjfLzsL^I^)!ZozxXke#5v~8f
z2k83BRDX3CXL1x^k?W<XewWK?#B@A4m>ld9SE3Oe&m;M#sQM~P3$*De*`kcH{tx>A
zWG1D%W1(d!MAFsniG;r_&(mUkNC403;P+<rzh8Nd6NH&gLOnB2D1gxB2J~njgKPFL
zAJ{ASti5ABBb52S--hN?0ZlaWfB-*v+($S>Em*aoMX#tVuRk>>QV~WVAwh8nb@$bO
z?R}OdAj~upD7Do}wPgY9w|}RwobHDnoIi__W3WK@HQtvf%KhJ4+BYPTs{R1y?*?kz
zlVSka7Yvy2zXgXw_F21dH-PK-uQf$rm+a{WXJe~iPylT`*IhEj`tzSjX@J{{Mq`Kl
z?@iN@B7~Vr0wp?%=hag1M;H`<w_dpB&jTRbK=xr|+DK)Y!2EOl|M_GHcV6YF=x5db
zame=<S|_hc<*9}gnt?%&7&^+AMgs{^W4TgdKzliy+>u6CTN}5tt7~kb$$3Y#<87n!
zVOsyS*^01c%QJ20K)=5Z66X26mkcQ^!r$BWpG8ifh$2$e(QMXW_2erVtIZ-$w;u?L
z8A^W9<GL4UxY5vu78Fo6x~%Xlv>i4JD8NyS?Y>w>qd<!N!yJe^LY>{d1;2d_|G!us
z3YZ)fog{Sf00uotfE%@fL3$vH1;c1K?Z>O?UX1gba|?(4U9^1IiFQ!6+jEW=a8ZBC
z(KkVeoBQ4O4#NNa$vyK`miVQZ?ZQoEDW@AW0*TBf7rSuFP9I2h>OT&xaGC$wM_g$C
zpg;F<84B1(N8(pmf2JV+Y@hybe+7yF`E@h{;*75b*UU*kJHjdiv}j2+dSdR-WtW96
zn*)aX_64u@&xH_D!E9ezD6aeS{AXGD+c^>Dz7a2Otp3B~1F@<l916<^n2dM+Avp#1
z?we;+joy!G3tSez*7FnM-Cv2<M_(VWw#G<QiT~wVU?kvLtX514ejs2bqS~6NLVVN!
zpy`Rvl66v6Mor~%owrV{`AA%<`^@P%(O=fCUI4J1I^w~k|IsV|-xngy{}hKZ&5HR(
zMkb+WT2izzl_g}m#U}$;wMi}vw#6V#jwn@zXM?anJoU@PiAw^KkQC!e%<w;$XmK;B
zu_AgIpiuuKPSbfKg<bD?AHZcL$(>%*8Wk1gaNOP?yjSLrVs;K8j*5Wr=kfc505T5l
zTo?ZpH$UC?axT;z1dGy53Fn|WhUXf#$Wn_@Eh5hUE$JUZm1C%8jd)c`!)G<Lk%8~3
zj52>dv^qQ-c+O(jhO`gs<OCI%*2!kV07gb{x{{y-4&`%5Y{uEnc#}$xcPs}vd4Mb~
zf0F63CdbMkhCmklH^D#Ge)R51E&Nr4V*ftj6w>9jL$So*xcq?zSotp687i&Tc4N-@
zdY6EM#b(jE^0fROlv}C;!I&9a%l{MO--^0`Ci!w{W3^j@y?ouOKV?gV+^2DSZms}w
zTprOt;zLr7&20oaX>I)4jz-1`7m(t*VeUsUxGRP=;Bi)?71@C(rJvAcUG`o?nr_(s
z%J6`@Y>okB(#`B#p6>7S!+`==#CsXEWP@8#B>0#RDZiRh8VxB0y~C-=4ArQb6Gv;i
zJs5<!u~>K)-0TowoqiS4GnMWE$)bR&r7Rs!uajl=_s{>m5C5+>DP;1w<|@0RYk0Ai
zH)n;_?o;$8RpN11y`@sc$`x;Tb+e&ksWpP_Hv2^QY=zazbTdiBB1UZ5?nT`%f95eK
zvWy01l2PgqHwqwA2*&2A{KW-uG3PvD)DIHXUj^i;2Z$}m%KEb9vp(#I;ZS|t-;NRj
zO=`kXe7S`XuU6!M`P0o(r2u=7cVwLLS2hs23Dc2xn#-2GIfhs3Q*YI4*{4?q8(T0l
zO@$!lRFVt#c#zr1;6TRz`1<UJm<|<hCs*uC;?KW5w7);};e}u^9?H^guq!rIE7Q)i
z)@hoSI!VWsqu0>{qO`(W9A3(Lb*AL~pCg$qTx_H{q_Mq8y~aGA%iX7Hri;B*Za|U@
zgF@yPNSCWoW!yj^O^dD_n&xpL(HGA^aD8*5SqgA&lRiCu^x|O7;@m~?(2tR+5JU_x
z)c;b|uX2Fzz70i!{L?!&NBOwmQ_43W7!49gE38YsP2!QO3Es-d5a8$XI%nJG@k%8P
zX9|k<PwK2x`Zy%*a4(B$#qAdBrB~&r!;iGUagL}n-G+jW687yY!oQ7JB1wVJ%fpZ9
zsbcJ2PH=sDJ6>a<X137iSbaF$;;_>G0!`w~BO=y26ad>vB#!0hm*X?Yy~5+*?~^On
zX}t7tJG>XO;i{QH|5XjcVll3#m!?(BfpOfK?<A@lW)7+_-j6ujD{tde(NH56O4#P8
z0g?kHfa99dV$$;LbQmXQN48su<gc)WhxnQPDhax}RLVEQ2wu@To29&Lu?TW}WU)W|
z!j~|C5;?9ul}z*+4?{wDQ{`ZY`|;$yhrK(xq}mP25R^4%P+*|*Zfu6#b!Ecpycd#?
zp*NQ>O&hkD+J#NF16L&#w5q^2cNkW)lh+H)uAjZGH!uzhQOzMBs8R%GDvb&aawTKl
zN}&hW+kOUS`NRSr?%Dn8V8Opl_l`s%K5pQ8tDbE2%LxU-=YRVqU2U{yoW$ae&g*jY
zZIg;7hRLT(jn?qA{#d}l64&u=Uv7;)aH^)W1E_Hwyh7o2-j)9T{d=|5t<!9^8Bl^2
z(<tp&i%`qX8)j945LGa?el%(VyGYcGC;Nf+=h~zlcPA=ls}mA1g8}YopaC!*0Kd2M
z%@<O2&DCyeB=bjsW{r6fOkqDwdGpWS)kyYV0i6IfdE}%Y$Z>ZvHvk@cB(=%eto`cP
zI(-J{9zBsWDtnu`x^V0-RCVw3v@m_HwVG4R&QDj3t0VWiW4b?$uwb!juCO|oq$(_@
za^8zp9m6@~?Pn7c5sOy$=J)!EX*E;nZ+%4A#6%i5i77Y9pxY>{=kd_6VO_N^8A~%>
zMW<Ed2|OAh3n2PS!eh54Rdqsrq;K-#eRtn_wRX9*L(iXI^1=}R@?a@Hf<l_`I&4+k
zWhXaY917-**J6ECEi(aL==H8=ZCv=rirC5V+woc6#6opf>Zt-c&*=&(x+FeX9dCfA
zBNsr|QBUaE@C!D{i4~lii&QC1C5eD<o`8KL8G`2RT6+igW)t(VXO}l34qGlKkFDot
zZ+-8SUiu1tei;peVg#}OHB$&6vrAVJ`!NDr2eaN68)#jje*W<J7GWdWS7*{>MWPk3
z5q6Yb<`HM@Aq<MZ^X&#{H|Xyk+yTmubVc{^{aS|7bBdo3f`0`U|C$zx3qkSh_g%N}
zc@`>ePy;1kge1QEDyXywS_PBK(_AwZAv$NRg>V-n8D6JHqw|E8)J!5G>OLUyJR4+R
zs<&pc9r@-PLnQPp44)+cEgs}uU)=uL5<s{qf8J;QSYy<0?0)WWT@N&efM<V8$nh^s
zTWbkV07OozNvvjB3-uCMD^<gJRJMidR7EpoI(i#|1A7u0em`7W0P?*Ues3?d$AQEu
zR+Ayiz;R;YU&8avTkac{zQOmR)Il0t3@MY#0g7NL${>lYWZx4tOA~y4wt%%^mL-$v
zK9sR9cg&j^bMXj@9XqK3BocMAUpj?`Yt2P24;HfP+|E97uSqAejOV9&6`drqxYxcB
zY)CD{FdnH=V<=Lu$SRr{Ba;$`qJuex`f`(Wf?l@h)rND}(vh%Wva)yyhn}#I9G(~J
z(fQ%wmNr0w_RM9Eu1K?{DA*2ob{6)40fW}}(aH@hvgjUk2F(~kntmPt$0?S4RhQI4
zxFh@(9TT%4iyjd!`y;yY-uuMzMH{Of7z~S@FNS*NEfiK2{pgy}=8oG^Hfp_+8~riz
zqeaSv?})#|emz(w(`>v<(e%!=6LhPTwyvSKz2HF|f4n|qN@`6m9T`j(K=yXsyf23B
zB*=%UUgncJ-+jA1lsd<1d}f+Ime<vj?!gsHU7^DM3J$|dZaiP+bl2Ez?)tR$hP1P{
ze*paf`>l1+K@?rGS6-9z0cnzzsMjO7bSe^p#VE_sLQQGCR14JQyp>URnVn-rCK;3A
zJ8vQpPmd?}F(?;!bc&Lj6C7!Dr1fI+j_j$D$ZYjwx;PpIeAvIr-JkD$Nr{&w^bJ0a
zzQ<;=W5pS5kny}d%hZYr_sqVjH_)JtWcs{-Zr$XOnn%EE#GY0I^D8-Au-o8q=#l?_
z7<=ouDBJg2R1uLdfFT4Wr5PGTX^@ca29cI-5Re9C=xzq-j-eYxKxygj?(RA_zVG+D
z_xWx2`JDe|Mu+E_`?=$~uC=bUqHlid?n#>Y5u7L+RJj#?yfgDfTlh6LIl(yKx0p<w
zAIZ4=l7KY}ck5rBJFpve;54l583Jxm?i<ic<}(K#hROQiM?v487?ld1{wx9bp(J+z
zppSZ_H;433bS%(8HXFpua(Gq@Vc#4KF|pscoJPLz2^c2tyjxQ}N^{QLRr$0;_{S4k
z(i~K6{>t#4tt&=BxH#fP?t{1>A^0Fv3aVa8(e7FKaMrz7Mak0Hnv|2a$If;+d~ig`
zc9<7YT7TuvIqeGkfbo-GyKyzX-pqfAfq@I4j&zhsw~v}A6Z|QB-4xBG@x$n0iJuCK
z&-TRV#pa!0zpQvPp*UtfTvG8o@y9ze#hl$Sl^w@NN10kRcKI$V?UAt;XM0Tz!dk~i
zsygyYgD>b$+IT1q02AjGg@$Qc6B*p&+F8*J8$y-9!jbv0TradUJ+8eeMq@`@lLBMV
zR4`h@K8x?jC)dy?!G3pEaQz1f8<k8@3QyIC6ZP?rtECdxN@F~OwF-B^{G&Rk&?wS+
ztx>7VEj{)r;@G!0?VxG2^3){%@#qc#($)D%_Hwso&JG<z0_TAg87<8SI2IJ^j<;%_
z*hXgUJNetK%-^q?9!Iv~_Lx>l$#`Y8)_*2Pgh#miD?ZS2rcruAE$QP*k%Nt1+qWR4
zY|A$hPOBC9swNxDk8nCIEqHM28%QX(EXNB7DlDf!wR_`tQ(1+PuNZQ_hR3{oC*r?(
z!2cfRgPAvf&|8(Y0yit<QRzzLoX{Puur<oAlE4*bcYo-bNN~AA#^rYME^W`8Xs{?r
z6{;f&5-a;Dy|glbj>>)bK*M1*9Q9z5bu3TE`)Z$MH;}2(S}kd{ySZhJCyaoI=tr5q
z+u(cMv)}tT%~JN5`F?H}jbcAXwY6;hJU#CyN2w{EG2Qcp-B7wk{ecm-A=avKPutU4
zBB3(n4_ns{)4xq-b~^&t=<~g2xxNCXMCIi#zivyP)X66q)0Paxs#E}P3DDgYEPUt$
zlurpe@fIjwMX0RkTAeASiw+iP*E^^odg935puB8oQiP!uW;$eSqVuq90>*#VBvdJ?
z#Bz$u@JN2exa-X^Omm<wU3Bb<ffeYC(y8Ty^?Zib5FAwS7)eASsVHplnqatrE=q;7
zHVg4d_NwA2F=_0F&a0MW`|j+IwB5oU?_34<Y|aQi;y%ns?G~bm^l*uu0yJM~psbf}
z<)ovu4L>Qqg3DNGndj4N${Hc%%D;{2LcJN7uiv_K)^v+lUpzfOmoKb60z|ze90CII
ziI-(dEp<-arLpbzD%8KlsSCqKiuxUoQC<+s@etfTa|?XVo?B^~Qi_>_WT%hhVnXz%
zaD&Ay=j@7W->Q@+gMX^!|0AV{i1eiPgOPmNC5xt24B@-}_#7zW^yV5l&}oDbuJjsm
zNJB$$yI(neeyQDPbX5I<8-z!=bDgX7FB9e<8mSRugVWfQ-4AXo4A%pg`&8Zy9~*Z^
zL{IToeO1VmKxBsTo3!_54yRF$u7H^UMC|%NoYA$;V?9fnr(IWRqN6s-YS>W<)RdK~
zt#vDI05h>%PvjNQ{Rky4KCZUKhqN&cTwe}c&eLg>)6|I-v~0%*DhwBlt+oZDo}bLT
zDG1Xx>zJw5gT8^{xq()!wjZY2`#79ptiPjP+u`*bplnSy1OojHIBAj1m%#?s3)a|L
z|BCp7m0s|G#l)d(gg&3@Z-ZjqJz?pAuesHc(}1EGQ0cIt65+-8Z<w${HCx0iKl$qB
zLf<2x@#NQ3tj>Ezx+w#8&dHwzd+oGRP`R&nq7CWgL{1y1V%mV{jmW;Gt$`=4W~Dhr
zT1eXW?@_SARPBY6iDD>wsZsn-nnkQY7?7R)3WR^<KpNAYa$jPl2fpOA@G>6{1(@N;
zEYT}rDu>5&D?gG(k$=W}RSq0vXJ%sDuwIicMKNfq9Puh~kC{#mGiZ(`*nFCH8qJ(?
z!Q)UzF&<dEgl^=Wh>3{}m^$txahRzr?W=430QI*#z7~)Q8X0YMPt~erjZDNiv?p>F
zuVaX7%I=@dbTUd7m-;<N1J=_@USqM0ilQ|Yyw3B;TbD<wwcYo|E4{f#q6&E$oSQ1{
zI#|`t1fRUqBd@(BTblChA;UhD{7kf>TMWr^SiF4r^i`NdETgn>Z&K>O<qbqD2KB{x
z;|Y9dW4f=Da+=h!I1WTJOKJN)C;W0(&bg5+Pqf9>7Ce5GjhNrZ;y&J<n%FF%<kWAB
z`PqfdRqf^4FDPdzO5eXrNq1xaEV>iYYAd%8#uN48cS?wM%^M7-l+<r#KWWYNJjM|x
zObJ|;6jL-a0UD|dLala2Y57$<0|`w`{l(Np`G*hOHH5R>->n)2&qw0N%mi@2zeZeY
zlX}j4p_YX!k*GUvo&PYp-hWmJba9lt3lEKYD3H?3B;w4@F4T=lPc$7un0A_avt_e|
zp!J1{RYfjLZ3xP8kH^>P)6y|2?%LAXoza;HxA-xJO<eb;0-cjcX|r6eLY8C(#v|ZO
z{qq#gpqK@XX3~KhkY{{S4YS_fe0@Im;G`wp;++euMf<IsTv)<em(^V|jama(k)C%Z
zqUU(rw7t@F$W*CL#$rhJwe{?st4=&#lHzyT(TKg36pQ`!;Vq79ckH*>XIBm8W30G3
zE8SC6m2s!yX-DO)F9pe`=cFzQGOH$6I?n7W9)~1Js;=vgQ8iqR>f`1DIs}duRBg(M
z_4P^J*}+hq?6!#W&6o@RYgdmARw8u?AoiYo9>pv6c<J0|A}bhL8Hi7ff?Ps_aKG2l
zJkwfqz-D+c+^u!;AjDup<+;_im~yUyANrmZ1;U>Z(zir#u<&N%_k6Q6ko7|wXWU!#
zIFtF9vY^xWDgOB8EPH51j0;iNShh_vdY+s%u#p*3>|ymaw7C8KU#t1Ev`BCqDwzcK
zcn%fk+}^r|)&1yB8BRecHJ>Uo6E5nf#o@D*#PIUf!TaZ&`;`M{1dyi;R8;x&#`=`c
zwR=16ox8a-<!fz9C9$`s8qi9|sZ|!xsPVt7kQROba+FlvAD{D|RM-lj==7A5&H>f!
z6k532Q+D*nV6A2dV~-=H(UKScy0e1h7+VeF&m;6fJj9~)x9)$6-KjWf?r}V(gvWPn
zCY3ha%6kY@mL!MQ$r<PQmO^jF=@!Gt-mKYF3hC2#8QFa1zDEVf-{dLwYpc7dzDMQC
zS({ACwGUennDf8Ff51e3u>2`Mczr>h#G|t1!+&xqp!%2>dtile#Ct!=EZ)<`77e1g
zUspg-M+KobX(Qb!X&PHHvx5te;eDA|5C2_g&j7dI#eOnstQYRZ;!i)C%<Z0P)p*uc
zJt0L}9yT-P;LPfc3JVfMmd{ry%20+*vVEpbaS0eNlN3TY4i}oKE|68gK?J)*uJY2T
zCr%Lb-Uq5D8EaOM#}~XG>w!Q^AuR8K2w*|wK(u}3dfo{}uX<P3GtKPC@4EV!@;TLM
z6;zw{nT&1q!5eM0&{^?k$y`oGW+Qvs)|7Bm)s}=4T;jJ|tw@E>c|KY^#Anp{+B+7U
z+)i0C_Z4h3WQjNxrVawhnzIZib?M|>=@;`}_fT@Y?8OGgxpe`{A${(JXvxIVVY$nZ
zDOa-!f$Q;lW(4Sj`%<YUwHbb|CyJqotk!WOYhSa@=n=@l-WEPP0AMV6`<;gBlIPzn
zbr=eTbCEAs3ae(Qu*m&C2p4>NfMT>?-6}j8nb2q)E2^7T5h2mGyVF<wA}WL$TT2#*
z8)oJU_ZeKf53WT>#ElkdyRQF6q(?iMJS^0%``i{xlpn~>Fi{r$TlL-AdrE0`*^&wA
z7iaGR{r#C+W1|7#I}d)e4{}Ni!iIq|<7Ow!8!8fh_oVncJ%B5|3le+zpEAh>gB+sL
z$d|i5Ck{$wndw^7TL;7y^G@{@*8Uzpn~pUu?Y@uiwH$MN_#HOAI?XG{FVg?Z$@}EI
z-VA$p<5QAFe)!gWYaj^gA9K;SQhjoM8cf6q|Mcn8he!M)Z9&9_Tt%vj>KrD({n7Zx
z`O&Q@rNi45hO4aeqxJPw(={5+GU56;^9$&J=7i(%WsSlE<DSg2Bg8P(7`0n=3`2@E
zP>wPaYuRIJ+7DQFdg)#(?+w+eX@VH&8GlJ>;tzbkp(uB}iPH}GSXH8FjOMUWmMM%k
zAo5FiyfBd_K*XUPtG<SW^6CgQJ7~0$dcRp?S|d#x>$$AQSQhV%5j-F6zd_S!oZQEx
z9Co_)(H0HN86MtY>FoNQQbOTv@!x9e|NcT2vYWwd(-vekdZBX1VPjZ?V92_HLD0Q1
zD*R`*rHF{40k(59s^Je_n@cOhk5AozEakKri~JkAVOD(!2-R|X<d;^oGJCtV5gn&~
zRAMMg0Lsq(!>v1wUl-Hs9)qH&=iPhJ%9L(h;|fNYvWds>@vTDo1ToDm*F2=^u~VZI
zcr6;ge}%t@lH?}p4Yy~-WOu*(Xt>um(A;vu|2)q~k4dL8s!-NqWJt;$lpq;gj%!w;
zmGk6Ze5NAAfACM~Y#yzePAUji`)2J5Ntx=zDmnYb246sL*o<=~oLJ;KeqK9Fbf!tX
zk)SkBznx6VypvJ+8Ny5%jT|)!4QW0`s$ltk>Cqbm61mD%!6RQ7$Lugu{nzOUx~=%K
zLr;dhw;G7Y<buc^I;GXp57GtR`U;YN!0D7CZ-$uh-hWkydSrm94ZZdkkbl7YYdL^f
z9_3>SsE|fSS2zaXE^P8Jn~lk+4vgjHPcsE&5?}MseA-_`V?1drEhwnjnrTYOl7bf`
z7R3||w?ZL5J|h_Q&P0S^<o!{6i6vpAE244!fm&En9WK_^C3#iP@gvt#-1RK|+LO&B
z_N8*azxuizd{VbJE!kC@;;2Y7vdRtZiQE|MD?jc@=3x?k4jmTcKi_?0X!7a#Ni=Bt
z6!Acyy7afe&`PZ<H?dxbMW{W;meh|VkvU~uMnt600<lxoC8*I{8mb%A$KP5kn7FXW
z4)I*G#@2ADr#~W*MW<6g#+j=$*tH)^V*4k8S}F?LWtd4O)9!TOXQJ!?EWgrN>bk;`
zC3$kUK{MLrpquzmVWM(fn=TDE-W<PuM+{NPw4;MYUQWWk8@`+QQ_~6&cTK5C==`PQ
zKpjfD4nxulZUSdhcT1H<4ju&3eR6!yA-K~{r$4~q<<(>Cz(CuZjagGJ@tKB;M2emJ
zpmnJ?l5LXDdF8FPgR`DtjmM39?W+p=&z-<e`t8yB$byqHF(o+;y{^a2Rcyz~A}o?e
z(AHahI>g+c+K)EnQ(gguMAMs=Q+%d(vj+-;6oWI(c(K805~|~QV;y$#@H$p!A>={w
zfDn%m>5Q6#M&%W;^<9NTe29_`v=8_mNgXAlF#psUOG6+hS7kEy5mdG{Yni05G!!}*
z_oUD}SRZR~DUxVfxTH*V@?8B6s9Ja0cOdCrQ7v*^(|LB09MdeUx?`p3Aa35&<bjf>
zUBzdpZ}#<^Gvt$S<M)};N{g|Ull7~X2<kN!5FfPHJk;IzQd83u5lXGp&bAE1_2suf
zp_8yXo>#1}lWprqC?9z|l#=XvGG(c~i-3mzMEbC*Cs#3>u5*zN`vx)M)Yt(ju(KW8
zFQ|MeFSU{$yDIwuTkS7!r$7g_oL>V__T39H{RIr(O-_om-;L48qC-}?FJvle-h4S`
ztkCYSOBjCV1+e>3lC&qX!rJJ%X}oIN#5?UVcyRYx1no1kq9nuFj2D_-zja^tUgEdr
z$g}5!!nh3xF7b4|)gEEuk5rfr&3_NL+tD1*0s#$Of{nIIdA6Yn2tAQxtw*+mh2&2=
znb9GJZDrMQc=-(223ZH78ai6q;;>Xy;&Mbt)hWoD?$#C8M+aBa#|qDop(c4|SVF_P
zk5?Cx_jOV*-~UoftM(Jmo<1J`@KWe+zi1kvg7UXvUVbTKM3KlgeTLn1>0GPdQmEml
zBo!`=6#;AhujB)<DFsLSDM2BV>2Z`d%|G~_%kLg6?6$j=zc4%$+Mc)4Hh36CAGRzb
z>@U{kJEHP&?vHF0AM;kb!P3Z?<g@CRhAOiG1vOU=rI)pYRBpOK$Nz|%_*FFNJyWaF
zXCr!>^J?Bp0&&$=c%8=aV{Ypvj$e2pwbKGF1klJcF!K%PW#m!DsY`Z&Htd`AIQd^M
zxP^lbLBgG&g%qoYA5+}4_nGhze{TN5=K;M<Qp=E!c@G#T%+sqUd~!$+v8>*5i+Ius
zj*lfz&@%Q?Je^oG<!b+_qJ88Jdy&SEWwGwn{dH3iXooXV@`b&0|K$*KK>j_sHs@i%
zCCjkLq=(GKCL5(xRE~x~RwOLWY^*=iR1rmcX6@{8G>yE%qprs9MIH{;D+&G18H1Ts
zGdpdry)phW=hJUKKUQugUSkUs5kw2ga9FH2>6-=VqRC;7JRMB!0i-IP{1;(YQQVRS
zJBo299!Ai9oj{8=$=-pqH_H=*=y<g_gz`LM=Gl+xhL|~^c^-|c?(7a5s^Qx-(tta}
zOa`545SMiggj-BThRE6ShrDQRf!=jrjO8Pms=n~l8*N1t-e#OFo&)?hLfSfd$&RcT
z{Y#uhzV+t1_M34CrFvmB2am&#WpysG0l!QE8$J4tJk{@D63!Tp&MhUAmZ6gRL||r?
zQMuBSoDN0Je{`MhXIjdz^A)z)_kN-6bS7OP_EvRI9xtVnd$q92<+l!WHyUh8i08+x
z_&N#a=#i&R2sOJX(wzz~AC&x=DUE`9hYdW3E?mZl5)%Hh1Wv0|D&_JI(^5-I>nT0j
zwQ{kH#d(V<pIBSF9LfeS2;fO%LPE}}K>1R-hSM>#5Xhk)P)H(jj2`aP4@3&HGYWQ0
zlp2=pF}nt<<sgrdvu+LUg|~_%SINh%0>9YaOm&eh^HFY(qT%mjcDeZ`#e7`wrBVO@
zK|d#dSa%B1O|5e*e&@Zj@<gqi=A;67&56(twmmr$b7XBl!GBLvreMOe)DS~K+;S3A
zeqPk&+x*hv!|CZzY&@6!&r*{vu?%_|pFtA@yk)-}`Rwy6&`KTsO1^T5Q-=RYnk{*(
zg;@45xi1BC9`!H4co-LISKRBsVD3eg;F@O3pgM=G`RGRnj=E_A2fnWW=>S`$P_3w~
z&P|A3iS?O0jeKc&!26xhvY3ZkOU4`3WlI?pfiS)3#ie7W$UVIzW?dvrj>#ynjsWOT
zDf5c;F4b8Hs2!+R=%CzbS@%+7?i1wO29gpGmq^)j{Bpfk^a=~fxL3ND$aFumI4FMw
z9l2kf(;>c&fA;{UAQna<d74#4bkn|QB#Je*d-!n=)1-jkL_Z!;mOIxF#Ue90*;2Kd
zC-fc9^@~F=ud9PTo;Yw7a!aO<GPBsErSDDVV)Wncrvj#wvw6&W!!^7(ZlQ(yxK=s8
zg_9;ljh(tvy_LD;<@&}=XEK{&72o&FN4>VXU$JEZ8U>UKeilV7X;YDt*+_nPNS;B$
zWgbVU#({oJ5u)aVy+Ky0gQ8XORX!WvX1-+ZNAz2HWC%G*#Cx25e~zz$=1XE!&z}0I
zQM+CwpN{d<tN1F8mNGl2Jt=)nFBNrn4HQgh?tZ7))=x6vjBX>vL;51l&1S$1p{h-g
z*{@VqZP1wqWoBO$&FcK377LFR-3gJBvxztPV%viv9i@0d4)OdRd{_0lKC}r**)|Jp
z@@+u`xRLH|7YWJKbF>Z-%t>P=S=(BQS<Q;80X70t&vu*^8mf}CQ3(sf12X&5proe1
zR76C|$#sDTX8DIXp$bbW`jeEyRtrA@p1oBk$JZYSGDw)npP;pw=?D}0%!E2Em`YC?
zLnp><I&I(Srt06r;|eILS^44G9`}VOu*G62@QDZ?c^7u4Z5#9FspSqkLFA!%p%ch<
z(**cc9j$7N+u|=C^%ioIOWBv(JNdzUP?}_=)oAEPdQshtf$Hvb!G|-qi7Fj_I5ZZn
zQmBzD{29m;-Q}ICMo6&vwpO*xq;l=elf>khsZDn?Ras>_C89lSx^chj#^+YM7FWP-
zHXL+*fXss?$^yr$Zg)5CH@TZ~h}%Lw-`L<viJ^#TGrt1WisJL>qsySzqEJ-zGsr?G
zP%%JSU^AanhNc7m>#rhmg+BGqbo8q7^l&x!`L%BIkfgD)vCbAL?I06cy^3PvE+q&j
z=YC6D>YFcdAwa)3Q8bhwy%NMM!YK&Kmqhl{wr(b>Jw>Gs6>hbRA<(U4e$|cH&6+`n
z3RM!KUfb8e^`UZBU8jNm;^6AyC&}_o3#c6S8}kqdpKu2^3p;IFb-KK&-2yMIHpS3n
zU7LkrFCt%LSd|^l`4W$1|Cl{_kPqYCH;-AVLjJR~f43lz|4+iHSJW-wpO#S)N2BVU
z?R(pP;XI0+z@m?$_1bkmrmQ@Urs&J!LRB>_RzBB!Ufa`SlF?#c)Y4uW!l00lG)A6Z
z4CI2Hy9~YTkI@61=ue+KAwDj%K2pk(B5+LP`EJlECmgsi>f(#6Pav8)%i{>k(8jei
z==?l4*V!F_%c=H4tWDD{{9d|fumNW~_b)Yk0{;?wZc04dinj_VtinM#KA>K!@R_$S
zwPB$a{%_QyMm-zCytm(!pZn40<6Rl8E?%zkV>ibIo{0W4qs3;uwciPXN?-TsVdxM$
zoMJJoY)3is!+UgnyKm4@>4Zi?Ei&v}n-sUd-Ydn;NL=Z9a9vpCtM-Z6bMcB6&-G^+
zYPZJk;h#`H*bYLD!MF9wRo#GjXcx}5Og1lsML_)8Rv3oA6emww9y~KtX4K6}#Znmh
zK2VlCX1vTe)Fe#%NvSwVy5>kxR<(;r0ZGUT><PA!?TW1MW9*hz-L?MAXv5}E5@OW{
z4?U)JH+rK-n}ZR_MOl&N7DLKAv9I)Uw+7$PN0u@OwmeQL%@LTSyZNS)?s2&%Rx$J6
zvmUx2PSXDL^Fsn55w#4X?p8~aMoX04qZfjcO96G_XkbOt`QTjsRES%(xJ@?7zMN5L
zP7(eP!bj-Qe2*^&2ftcResQBjh3SY2qt=7{3OnGMHZV5_{YCc+DN_+jh!<YM^0d=Y
z7$p8~t}g4j*-;ncRbx|y$oj<OQa~}1-vr8kkWtJ;E&;&OH$Zn`EqHrsXxSVO&B9Q%
zFa#Ci;G!w1sTH(mBTH!V(Ma3(^uF24%#PlM7>fIwn#Z`w(|hUd9gSu2?mffUt-Pyq
zKfatb;8`X2z9Z%ema=s{N)?!7m1e43JmS$Dh&?gfSV?(-D4-F<7&2(+t=pl?zbY;A
zsTcE5D^;p6{_Zq`sQ7W}`eVpm?-6U%1oh7Tbc4&fURO*cwJe#9nC;>(-Sv)MG_=~_
z9_w)XBJ_5OLc<UJiv)x%Dv6ZOjl%a!OAL*?Ejv$(Du;em+GU5JQNdPi`GDYndTf+a
zMUo;>%l?s~EQdm`O3mj(;k&Pk4ql=|v<){*FYI}V)W`pGZf^i@1aNNeZxkDc9Y!wJ
zDW7axsS&G8C;|t7i(kr0O#?JigDXFyFD6U{9UWajp$?16MU!7bj*A?K&uE>WfGU~N
znn)N!uK`w}#IEoR!4;aB@!gC6fnwagB{jtMq&MEdr|O8V0NmrIY>&ITY1CG1lDc|&
zhA@m)G)P<icYK&J&ZCZ>H8Phh)2x6%5XkVLi}lfIfqL0z<2e3O<gW|8aNaN7amxyc
ztO9)2?=L-T5Dyuoa0G9eQPR%qJlL8&@ob6O+7|5jfohTQTu0%%%!otVt^v?y|0Cw~
z_prOT&p*K0?9;nWzOZaZnd}JJN9hmMF>;zMlcz+~(N&Z;s+g|cP*+N)rB%3$<4`So
z6g*m@8S}T)Ig6FK+NZ_M=l(_^Rd4%|=>Eu>q&q=bU;K=5e=ytfuzEp-jOKj^%Z>Rn
zr0>Vj{qXM$>F;It30qaL4-kpsh$JJEJ-Jv)2&6w-wiwxJSgV=QFwiR>3Po8j*P!|6
zUHB^Ct-Lp}ft^a+s}OB*$r}MJlAgIn?~31*+T4beW1}F=r&Lj$LV=~<e;RXimc(6j
zeSK}DvNV|+Xn5_SIns*P8>$vZGkj10lWirM5^$`e|4t)i4<hIziCjrZ-L$Hy9Z{Qi
zdO@ugPOmhT*fm7hvv5az!G>W#pY&cnJ(JtW`LWddPTzT?>(M@ao;r&n^?m9w1$~Rk
zX4;W7H7j1n&A7E{gt?e6%&Ot)<!v#!2T^wnTH@uF^t;}G{kZi=8IN-$Pg$}?4JS3D
z+AwO@GKH_>QG-;}dM9HN<tuPZ`UQ4O?mjrlxcm8mib#}Nt$^eD%n{{yR1KcUsexmD
z)TT{U&ULp1yU{W^mn~Uy?o4#;tVo~-DMF?`TKlQT?r+;1J|nZ-0dw8H%`YS^vW_J|
zX62t~&Lpm}%jKkpH--vd1S0EBoj+P9GAIvPHLdjv#N*$j7q-)xv-B=C5PSb#besM(
zuhAQCa_uG850QOa<+oHOg?_K?R^&kuWG##bUj_&WT-;3dZpWyGf13FHeW=p3QgrWY
z&p@^LND;4t$ANT(BviRr{UBZA#_K`>n3BsEdC$zPq_6-{FXhUj%3d`R*Nx+z6mAFW
zWvz9W@%+#b;~K3}`}lPy%XurYH=kQHTg!sd8B`_y*BUE*=sMv(IZ~jV-B?QgyuE0u
z%KTiNGFP*S%y1d44eL{b)kG~UjhG@-(%5Q84DGp?AB?p<mGwkqfA4_T6$pl`mr6|z
zg9m>2XCX@8_6Pmt1YIP5e+W;EGK`_e7xH=FA%KN7GPa;q&w_4zkOC~&SiL!24&T1i
z)87{C9IJ;en5p*6=}J0F<uZXbNY4n{2{^MnUuDOgOf`u(j*VxOmcN%YA&=JeU1;%w
zf?_aQDFZn0#cq9ca1Ayjuz^gMgaQ-Va7Rg(qDc9HSjSX@Ypl9<41=Zwn=zGrl>vSJ
zA|{o@SPZ%F*vY0{Z>Kl5-9Z8Q?2|tP8c%7YZEz+=n+Q3-(d6&qkBMCyti^`Fr%g2D
ze)*{1r>n@`Y+cVkC6_tu4vS_rXqOGgKRGBRJ-fd=tB<e`(H7R>C$M6W6RF%23$$=Q
zU!&GIy*g3R=RKLU8>|-zL~a&N9yTQpOs@J^Qsz|r&a@bulJCDGX*5|Ti)@~D|H02n
zFgh{t8Gm0qVZa-EW>99xB45z&e}Bb6YxqPft77-l#&CyUCP<4w?mMHRZL!5U+@8SP
zmt6bw;APQ7ejt6bu$y+Ztu(<#4E9Ljqa4?PE6e&5P)`<hb=-NW>wdZSa}AcjG2}Q}
zYIvJE46vxPWH|^w{}2<$*^=;a#BvG>cug_l0y8~{#$3zhV|u(&zQPwLJK406)cK!+
zoImL5?ajAFW0+u}`(r9jY6gyKX#Ku8KTqIgI&`oYbG!xWq#jx8-9O2IlxX>D(6~|&
z&g9?AG!85usCu6Ijao+)?^+x1Pd->#od!%7sRpE_>F3-~+pU?m5M`HXRGf=Zs)fUx
z^hNng2UFBUxq{UOiMWl*hjR29Jf6Ek!kC@=h0!rE6gP%_P1il=Wc8X`T3YOe``2m-
zORH+=-29fi6Y>_glG(H<QuBpaHKQXM-|S59C?wZ9(7yTn(5P?m;<K72@UagbFWxZ6
zYj69EC=5x0w2MNEU>~F>-*vKGUVZn8$`p297RRibB&Xs)F>~H<;p$Y$W?Qy0n;PZQ
zv?<uCa=M<(^<i6480miJX3x{P)S;ZO+{DJxwzDVJ5!1_;_)Ra(GM)aU%8(a(;`jip
zT&M(2-(=x0&2ozY(IUzEkFQ8cUknw^c$OOU2#uU^%``f&Y04efzv`Q~kZ&FU(|%hP
z@sz13DOeDmtVgRcd2WEwVPwQ2f5H+`x)XHm8_qZUF9ZL-tolDMB78hSr0VmaNp`8j
zuOHO^NAFo)I$0V|43rwu0}I%fP>IVxQSMWs=|0w=<`zEl&F0$%qF4I!*p!k$8oTHT
z5vvl>GcKsR30qp?gCvHPTh4DxjvoYGdnd?G6CENJ^wiS!%JJgZVu`%}DImK^vwz@W
z+=yp0&f00zd|xVr(EWjuz~dZY$nJ>XNr^5JG`%75xD*69ggltOC0z$qGw$iPY|&o>
z)o%vNzKjM(A{bdQt`}e=&(bMt;aY%2;wzt&Lw{dBjmqm!XM43MVB-^sTUdB@bLwM8
zJBv<I{lvhgOc`CRv$s~(2?%t4uNg;!#n1vP?c{mIC=q4<VvJQCn2CTwzDH(p<7Gcj
z{uj;UF=+#$N&_RD&2};i78{@zW?n(<E;nt8Qm+Utd~V$N1v^NH7|~T3ByuzC?TBk(
z&sO+gjG~dl%*PKM|7DFAN3HabWoo7s>AjO-A=OIwF@Gi8$UHlLjlx4)mB639Ho3B5
zMvdAGq#z)`ny9ucW-LO5Ox0usIY`1b{?O!jC9$;Sj!6mmKKa^OKx6Ll>q+{ML;J`O
z<y<m)k~Z`gqxzwgc&+wbA4J|daw$62*e<<wKZViTr+@2<`+`R$F+HE9tVRFsl?Qy<
zINx^sk-fcrxt=wk*1?v;T7@OE=u#s+tYx{-y4qK91D3M{wKWE!G81V^#AVUD!bjSl
zccsrXx_E6Dz@^;YnG2^ksY_kRYO{pSej7f)z|TF|1-t->tMg+A()-~u2c1k!zrTJV
zMuI~4PA(55<ft!N1Ezsmgra-_+7NU=1M(E)+M3mn&N@lp_*zO+wgvWz+-v{MK@0oO
zff;tUXB`BCbuZPj!375!J5Nh-qdjaMXrn)~qTw6_0VP&tttH5BRE7;jW(P|}>;T`5
z0<_=Ds(-RLn8)bwYY3s2G;^-&7#=z%*wD9{nm&^Z;Cf}t=)k)*B=)mR%e`vWl|xsh
zk>zOPnU(VhYY1O#{|>vxzky`wL(PfCMySN%2GxJ5GdD@I<5*<oTQ26W!<$;cMi5<D
zHng|8N~5Vx)$R_?I`J1<Xpp*wV?vKFfhns%?2UG*=fcWyjbWp|$>l6sH3uNWM$N*1
z^2WCjlGyQoZ8~@*_zeQOP8e7ssE3c&2Dra-LdEi_XKJaW6PjmgOG}tpObY*PWYer?
zcJF`X3k!kc;?Jw21G4dUh8D}~h-i+!uNC&9eRE@M#;d{GR&gTvs>OUjTf4VhR*PQR
zgNCm}x$W|7hBnqVVif>Z30fivtaH)mxWxKZ17D)#1a~-xmw28SG#)3^+>bln(#dk+
zu_hBlM!Sb{s9Kh8I6))DuHg`+4@VWXAs2?hNrQO6meNmn7Zetn>8p?HqG)CP(X?A&
zh4zk4^=1PtTCekwU$(+}VAzykNloLBh4#^<<|;f<ZNW9QM(7!N^S-9=0p!-0%!N%`
z2Z|>_+=M|$Wa%Po`Ys3wcE`zAhPZE0j6@7*1fh5i+mq@bGt4)dXB~dJK2$6Qgn<<5
zf|`Z55|mMpACz6p0fN(%ctD~$mc}w5X%^gOf#{=znB^5SqmTbDD{L5LFq3H77O+uy
z&B(bdIF!~e*<_It_&pj6^4>EQh8SDW4*Rt2U2XQB99dTOSA&|3Sziv7rt+tlLNW0;
z0LOw#j$|RX;<2aKy<GdXepBzkYJ`3vdRlOE3ozDI{1QT>{Cc2T%0@c{=!>zL1=`AK
zvXw3_OHC<}IbP4g%kTZ_{;@WeX6@<0)uFLOkT=<Jd6Jl~Zk7BxLQi%(weE@D>k~1^
z<LBKw7?r0?JGxlk14_Cya(+$U`!qJRm#av9E47v}@T=}3^Cgppq!5W4yKuu7sE8~$
z?qUcifLsF)Vbszw%=MV@GWc8H*NN4K`0W$QWbx@o{d+F;M|i+-NVDQKs9>&v6qZ7D
zV*S_azNMD{A_gkGSueA9g}Y^v>vD{TRh|`nD_q(F<<*JojqP9k(`N_5L<Px`+N!Qc
zeS6SYV5^wDk4r~Grm-SJ6ph;bRE*EJXJJEB%UW|f{rs}p*5g@cNd=rS`N@#(cioVr
znzvL~RzPddX<MV}I3awhU?g`!P8ze?@rcf1s@_Xaf5F^v>-f+5x(C+RQ47OD3*C!2
zPS?Y)fOis)2I1{<67^_)OSJKq8tWaTcCeh9TQW*wawfKE^I^B$X&>gCOwn}HnrGwr
z0St;mPsL$&-8<;H)cIo-^f9PR+(*ax`h@Q^EC7c#tx{iK-}#O`)MBPl+hPKns>4$n
zq~*%b<F9xf)|If$g1G#j?4Ca&-2FMCR@=?iPF?y8il{VD$G0hCvlus~Q`fB=W_R3t
z6*()9qFC$brfl3EL!2#_tB^TZiTa|}eyzYLH<A3~dyy6xw&SM%%A6N@*q?(dg8)gK
zOzI)sB{J@(`h3{fUbp^Q&(O#G21h?w1fAEbK4<wfgBRqaHZQ1kk2lB49XjzUif)wh
zwBo0AoeZ#pVvr5%08mUJM1`gUM1rqs?XopSJcNS=1E)A=3?-TOw{b9jfKv+&S`8ev
zUyoA|_nUxfu{dCJXTDrPNUA2QOsCvaSEJDdmh<Jab*D0L^FYbk6aG`rMP4Wf-wU+s
zUOG5)Tx&z!e5{Omlxz-D01PO%KqWnx^{4U@Wc~<s9K=fGl7AK*c^Bvjk?^=VibXt4
zbQlcR!lJ6RlU}n`T<;(DtgV{7#Z466Q+J7ALRDOCOEiCi17W}#ugRZT$h)DOE+Uv;
z`b@p=e6CDr5`KMsv7@4I)EOg<7IAfT1#lQJe9vh$g<JLfa*!|tDa^;qVawgg`2gr*
zd6Ld7FWkOBEhUFHQmj=Y1P(?8la|svo+|rYUuOAr181FaSH4;Jpm9rs;WS~d+|Wvd
zXk7JDAQ_JHyk{q_OS-EQUQ1&^e=nRP(5U;o4O$H1;&4=T3SfuL6R|N8Ct7LP#1aKn
z58zvxsfcGaO!Ig`oB`s8Zu`*$xo-R2ISB=HNN`%QEdQBr43woRK`lp)%zZmZ1%l$Z
zE9?vMvK)=46RR}%;-ken9;VZ2e%RFfM+QH>FxXn`-IeVMBdE!iO-Tdfl{iE4-sd*?
z&|&q8x_5upC<|WW?1dl241Z4&pEQW~n#0IQ;?E`8s)zR-qYLx5*oJ>j*ESrim=Y!N
z#@51**CRP~_~=M9;7w$OBjSUl+I7c+SKXXLwH$pPZtmVw=GP!s12?<!bL>JB_rpr4
znt=IW2Eh~%)T}I_+1n=CNE1$$Zu=%si8mgGbmm-Yxn&x_uBJF_6Jffxbwy*6&8s`_
z8_KV8mBV1JYumGVx)Q(qVwh`5BWmWY=*I8uV}OVJ_WfJY^e*Np6B<PYXq+mbG^K)<
zCgf<p{-H<iaky{)_OY%W;OmT~&Ap}M`MveJbz83GD5zQ?;=2@)!8beL!tN3|@<kC8
zgoi30as`Npp@s6Qgij4WqSn#TsbD}tiywpHMN`NU(Cq2%eL+q)6gG2s?X>;eW3nL~
z<*CT?RG-X=wOdmS(9=chrdHD)X+PgN38yzvBro{qkiIlVju48A>lsPuc$xT?Z|&ad
zbs>hm!PJ+m<5v_?QKM8gdfHr7W{<V`&jM+mh^Znum)IP}u|!cy;<<d=j)`Sd7n-QF
z&{wtSlc=7l)Ye3Q*p*SrhJI}D#Xk<92a;pnrMV|FbdH_SB1Mtk6froOCDn2<*uvj#
ze$2O;PSIdS5OI=Q(#ZR%DMY%kzdtbo3<YYehcLgzP`>lGnUVYo%hh`e$~?KCwZ$Wg
zcavDbS1Fi~Lt*DV(HM<Xl$)OJ+dw?olFZg0Aee?~ay)+gI17}%bHq`}nM-a1QFF8)
z^R1Dim`o1cv`wc>Mxf}W>@AIzbJ@mN*Ti1ES*ePzDl7*|p#5!8&&@%C*m;{E7N9}=
z+(3s+Znq>;?f@wxP1EH(20%0FoDYoH`rrZYPwhgfr~Mt+iTK`sw?@pj(vp*VPj3u}
z?Nrv{aCW7prb=W`SXvljha$|eo|{Src$wSe-8mUK*yA8>Hd#C)6NGjI>(LigYRNzI
zgJCyabu!t_T#BnJ3sT|243+h*h2y|Erg=gM;0=e~LSshlXj3ObfwfcK1sTlFQ!~*9
zQJe4)?H<vh39GRH4?v8>9$?U}^#u(i8Pnpj2Uj#m)Mv@`j6OOW!^&u9l-o%)2T~>!
z?oVaM>wXE%w*@EuHiHV|NSg0YIF9~KEq6YkQoI5YtkeUNqT4fdoy%#uD(}&LA}8QX
zYE<vK9`S^sd2XqFq{YLfEYL!DQ%OB79@d^CN7Jlw_j1|KKt+4Tc`fy9*lM=4h@L*j
zG#ld4wrlX?20^L%x>sQZcW%!9^95xvA#Wj-!-tbY#Vn~TL&?~@gE<LJqSw@IrYBny
zvPX!+#xmnx1=sCjb&P+O`AWY=gZWmO)3sKiPZ>xqnGomxnFFv$D*C&-GVmm}uQxAt
zh$7zAo8!2@vN>+qTd?1q@mX(Vl&?pQp1Vd!xer~*q|+M%{6pKywNtBR|94>`=PGE5
zI!?=5Ah=|cizyfzrSG8pGG9m74ie3NM%U(+DrX^8L-;7=46Py35S-U_(CWqO6%Yrp
zUE#5yL#Eca)A{Gthd$f?^;{O0Ce8JOiJLIUR}Dc_Aafn@tq#}`=SaV)yQ`%h>!wAG
ztk<mM*k#K=DLzqLvJJl(7HMI&ynI!5S6&mKGB@*qO#Piar15I-`FW%BLld5yGWCd@
z*|*xDC?>wsFd_zfZqJ4INa2H~@i6zK7t~wv_;D;&-TnnTK9bxu_Jt7_^9DlhmEosz
zj}XH=lNc1IC5!D>-(z0~&dPeb%U-pr91GJJ(2hpFVx_qm-zYBo$RhVL8db;_=AwDr
zPT`FPrNR;PMo#|)=x-O4$x*c4!f51gu{%GLtFfaXGHCE{3-2Sw)fQmXKr2!=O^q|+
zIsi2u>QlcW;ydIif*rGE&ymdF6<&DN#x;gbRjUx2tyV&NFBRK&ZDP}1;eo4zjYu4g
za~(J*YjsWhJQM%G4uFiH(8}TJUfD*OmbJI(efBH-h0#f2bVB?V>pNrej;E{!{t2ru
z(pJ=G;xv8OB!4|S+Tgb>tpB%U^usXl*Bkg<jK-UH>Rg=57Up$eB11!AtE&92Dg~&<
zdrEOEHE)WNy0O*9m~9cjpaNcw)N`+nb&)|z#Ed;P;wG>vYQq%kr@OY82g6xXf0>z*
zlea&b>%k(&)pigJwtT@9)8dlzc*c!$h5{$X4Roo+3IC!m0|K>IbSIv0(rn>K9@_Vt
zqb%#y*ZR^qS)pr&;DDs;rILoHzH4wztk}7}dXQxSvkUOxJXt#^!p7^YL{_c#7bzXH
zTc!&%*sH<3IyjjbY`A#lGBB5k+M5No?fb~cIqbIYpc`(p-|o8Pi`5(Qz!v{mH4<M+
z%))xJq&a!Znt#L&2v_zSF^qOh;8sR7(QlQhFlk;qf9+8;2&8Ce9i$5Qih+>;@Vi%$
z4qtJNY?IA*xXK0*{iP*A5mo)Vn+xp~XhCpPbEsmp(Q0UNxK<k{oi*Z@u&tn$!U=`i
zTC5r)q%N^_YostEtO5Q*IS4=v!={GD14R1IoR6@1H23VU{A7oie}f+!AUVw_qb`U3
zCzhPR_;9?zELQd9D_RE=aSI0ddk4Nl!ic!lA2+iduL+=30f}N~)rCH46gZu}A-(_-
zl?N0eB_)J4kj+>Tj^u5}lTLVPku^!y`OuC?m}Z~5P7883)gL{Gj72xC1(N?jdel$9
zJ%Uo2<kYaqpY3|tD+r`u8V=mX`HcIz=dn7Kk<}^XZGs&e-^ei$yBR-fQ{3kTdu0!)
zV*Xju?<BtE`@+Oqa>f@z>FNDMCBL(V9kXdt)OYOI*@T<Yjt+<f-VeL&+1&8g=%V?#
zs7;f+;Ah^x_EPgvpP(<kBL9Vyg?n2O6}?Jc1{B*wJ`9y!rp&e3>Ws*=yf$l~vvkO=
zP)&F=tc57q7f7Mea<&3f6>^(Ys_zPMG#3V8CBzshEfKJ4`MTb#`v`xi<<opy9bv6p
zb+c^xHNw&*u{kQe@DUx?MNvhlusDgp_?bqPr9vUHE@53bE}5^|_lQ~opE3t5!C_`R
zZP<M{5f3V(mVJq`nA_!>N)>`GJj&Mbz$AKo8kK@LTQTYj;g2q1Q+|X#fLzQ%Qb0{~
zccFn=rBkKEfz?b9>g(Y4(PDd|DzxP)kEO7Jz0Ix7_3e|{&b`nv!+l`Mt{;@}Ub`U8
zoyR7PPS&?GlDKHY_%n+aYO#T*&iQ!kXh*7=Y{ik!q?!kUkZ$-*u%M<Xj@RK=uY1ak
zZ42XiX}8S`ZKuP-!CK~1vDMUt;RjufP{Ta=ieW2-wgN#$T+Hs6wqfaY5gV*nZ3(M*
zP;Q_e@_p@`y?&C~628F=HII)svjt(jkHvVoJl=z&9laW+BCQ%JjIpU5Q17!>8YtEO
zDYJeZ<0R*Eek64fOmF6)kv%Oq({0SM7^{=>rYLLRY&c(aMoG1^(fcF!>1J7O$9#H7
zacq%wuDX29D$#$m0LrL5a$Ez^OHc0U(hh3?<xvJpt9!{7X`Q3hYC{jg--0IRO#F%Z
zUzYPEio;v>Lh<HgdK(06jWTjp#uMW;cE;=brm90aA4b16GLrW#0Xveyf^C@Ee)qOj
z>BxfvrxKYYwdtag=ubozDX0V5x|Um)yc3{BIYNU=<AFZ8YENcHl`@IV!X;pd<z5eg
zHt)5o@5?ccl!a>9pTc+g)`!e!SQ6?V^dS5?{V?zq-1tWH!sU+%7^oz;(26E!_GtG;
zB9S$kcD>K1UR;IpL20V+h*xHm_1wl!8)O?90_t4O+$bY47bmha15aDdd-fAWsEi3N
zuoYgOLxy|q9REdrMqr(sS$`P{1e&W%qd?{`ToI`Hl9|>IX4NzmX*&2($Zg^A6HZQw
zIm?BLp%yS^(OEJMIw{cxco0Ktx;LNiEUoW)`4q_{`OWnf$+sAe0u}QQU89J{l>9D>
za%p?z*5tHIp28SX%Ra1f@6v?PmWKCs=YCM!OrSTH3!R~_TkFmLoZmE(*~ek=e2COe
zdU3RItZgUGb*9sk?oWHXb2Ff#+;uFe-v8K!7LBvV=tIffKPq{Wpn}>^>20Yb)natE
zzmi?YGt0O`nNF|dIu^julqM2Lw>QJ#?i6tJ0*jgp+q?9^o@+U>X0k-~bVEoCJp_Fl
z5w`lU$#v=xIUY{m*QlwB)MszS_QApT!kPOS;Nb~(#etFt<*fZnS*HbX)YWLd?Dz5H
zgq#*{OHM}asrrS6G8xipM(0(o17T*~1nBZF4hWG$ieoRaApR2~W(XEn#PGYM-}_6s
zQt_-fKbybnZ(ci)U|4S57gwxRqQ$HK*>_uc+=g#uo)w1#;=YdGq8lbPRQT?7??N2<
zWelUp8cSDeO(FBF>evQ8sFr~8h}gXN>3|JZGwiGU7odXsYX<G~gfB2V)1xf5H?V;(
zB;R7lkZPnKw^D)Abqmt@d7GIN&aXKmu{rde@C}%Li~5Cp<UF9G>#MYGPR0HaA41}4
zF;X_y-T1&r`e+-uGs@nBI_DGN3>jYh5_hUUR_MWjR-*_P_98DsWa}a)?3$Nqc)kz~
zLdkzf{X8|`)n8($Fk7??5#4!Lw{wNe4rLyfeozJw0ouRzbwLzmaij55W&R({pY?iA
z1Kk15zChbL+qQ=-e%5Z4K%i5Ffl@B9o6(I34XA9bqP~C~AlKP%PF-k6DrbTo7CKen
zn=QukFEGc9{kFSVSf5*Q!X?reo|>neN4FsxGaO_nu=AqwF^wfWl$cj2T`c$|$IOs@
z*24(v*2MJ)-)<q5+nWyCME>Naw>A}<*f&yFEMKITs&om<{x!nnGv$&r-r!dXzeuhf
zq7}QB?Isy(IbD^Af_3eR1Q__~?pGJwTH%k2>&>a8>|c?QC!l6HEL+*{6d5^$5_1HE
zJZDJ}ruS}R8e2CM+;##465ra!_2jZiX=(`l&1<g~&<E<gB=>(pi?^SIV!sV6O2WWp
z6tZeM3ORRQMyt;5O;Uk>>`mfZay%BNl7cp~ZPnRt3jz5lOI13=!<Mc7g0ZsILE4{$
zPXHN!eIYdXIZH%zd2}~9a9oUT3%2W`%TyQouaFGnRuD@Y1vDX26OhJOZ%@9~X#Dhg
zYpg-DMj9tSP|u5kf<l<+#$-!lNl*5rmUK3&#617BQY?ifVd<^3la~QCW)e4j@XnZE
z^u_T={#vC6=6$2yHv~v*@-8|aW#^Nj^)gkA@Ko0kCi&W5lI)pIVjV<L(MH9i0`yMT
z7R&P^P_maG#^|T;T7i4KlMab)lWek^JHhzCaKhBuVN|G5v9_f8F7@|sxz^>ML-{5k
z9y5u65N^E!(qKf!esO=9a(9q!9(fI}w~r8aQ$VOB1Y5lW5sA^%w4f7fabv@**gQMr
zwr3D*sULuCjeXM8!`FnQQsuIy^DW{XxG^CFST@Nh51+m@?uGZ&mHdY|l?}w#R&f}M
zVUx8EW~So>@wt3Js~G2p8?#Mk&JPeZeYiZe!NEQH#Z{TVW)ByyIn1i1Fsuv1zeQgu
zIK93Gt*srcz|-!D$@H!3Ji$E6aH>Y9+&4&vZzc3~Ep2?5*^?wr`L=4^iiw3R@XZXh
zex!=2!u+h@_Bwr&J3%ZPP63J2?|5hA8C|8Z5J*TW;Eq1rM|b?oHhu^7Bd%9DR4NLB
z_&A5;!1oETGXvP*@qa)t#Yrxp#VtFw+LxZIhM2cMSe6E=<xkyu*@l4FzX?B?-oGV(
z&qqj@RO5FdksSGla<GO96~Cb4(HW>r`1_-dBlI5>YL~UG&z9t`b)k!=J+jJ^#O6R7
zyZ!1n520_=jGxo=7iipER;Y;E+S(#gWS{f;U-7#d-z90SxZ3j(g9*HSYmH6uy`tJI
zx2bj_|70jw;X`hxtA)<Rcw@&+MW)EO0@L>PHlDW_sh0rqMT%W)U6-X%<dJ#A%+ed9
z<@2ka&CSi^8Qw3|1qa@33Ir5{_wQoTa3DENxp6XC6Tdx@f^&mrD}kBdXW3A?7>x&g
z*70P_2CH&}EPBXGD=Py7P#2NEfcm%7THwX3m9AcXl*-|z9aEeh<_q>`FALbD4;&59
zT^G4~Z=Rz=64|Bc%7!1cY#nTCa|ak^`9ZE5?*we&VE>C-ehq^Bo+&o`^c1)DB2`xx
zN2jVt&wB9}R)yzx0@CdmyDUr917rmqtu5~T|0N70AVP-O30IB4jvTaB9Fy$0zS^CY
zm+#?i`)iNj9VA>o0h85!(O?&VdYkF`d|c@vI_#j=f6MN0jXK|<?)^qrFTG8=v%v43
z4S!s%u`1$ug>@P`qo*GCXW@VMO`0FbhbLwP#7MRO-x@vtdk_5`Bw`57BW(?Pdv@N_
z**AmrH6qWe-7ZwlPx(m(`U;?-KNrmJQ=&uk7v^b$7?z`2!x9rE#U7JDD>pP=$rIuW
zAc)@lBkOSoHA)xh{G#IFle^k~)wcQj1G*cE7L~=w0LnBu*zz)tAwL(aE4;D&U>x4w
zz&8=4X!sfC*~yM<y7%R!-bI=pB-8mW&V(Svzl{?D1QcJJbUNRU^cnt*)$#Yu7;~4<
zD<Dr2qN_)F&1o`!5@47aHM|w@D%|pS2@BBQ?lvpAlJ8p^$fmW}fnz83H^Ty4?na@a
z68xJ%eR~9c=TLAO%|FW4|L@`a>n;X9T>2~^GL-q6QmR1Sr;uuxNmB)KvZHSXyWgrQ
z8I`Y!K~1-QU(S;6`%~0E91j5jEHLNp4$<19{Qp)syn}ox^)+q1KMBAFHU34)iNG@U
z>XXK#+4d+R-JYF(Ah#JjGkK;v*`#EUKUcYfTK!hQqp4Qy;n-g>`oE-%0K5OHg_V<2
z%Z^1QajHB2v4X>4sX*aWR!fV=@3Y_956?+>S9d0mHs_k+WJt=%!S@{a8V2^kKcK%B
zDR^AkG~NaOw_*Cr=W^SqN=n)Z19*@lf+q%@up%{y!G*p*59Pz-(f=sMaiXp6s9Fuf
zYX5%Ef3E&N|LJSNpC1wnrCN{FNEgLyZ5zr27|&Xc!W5j(Eg|GNpYZ+rXN)Ir{yd#o
zR%V?4%wcL&a5d^ua*Th6@!xIszY1V~dl99HgsU7I6OmNVvz7sy$+tihC2jS(%gJGi
z2#YFOTQe&cX~oki=NY85QvY1(P00o-pTNz8c*%ey^YYWkeORsjKaa2buI9g!eV6L)
z)zx}8m;9fj>Hp77fd3Q4aeE)jrSvPMj(U>o#dtDGgBV{a_}>0!)jHk&IH!)ZhyVF;
zo+qe-R=>lr*Ezld<)e?q3WLD=08IN?4kTcIlX>rA;DgTiyW$~O!2cZK{|q});O*?M
zS?YLQB9m;~@XyoxDEcJx-)Z+P$@AKsLskU(-%IkNQgE2bAZ#42`f$eo8TQ?<Z{a__
zeE4~6K|Jg||CgEaXC->Qy<G$ES@uqC9C%d*F-S4_gI52U?gC@fcXai}_`f{8`{z2~
z{qJ;D5}?bYFh+tZ`seGop5M+6R!sW5opIl1JpIqs_CJPJiRX3*Q37F@R4Vnd+@cTv
z84f#e$eurEA^dlicwwUn#Ho>!8{EG4@+1S-{+5JpkNo!qT`%)B4IQEw5xK^5a{<;>
zYq^5NhT}?u45uf(uQj=+?Bm*hR8ZuW(I^JZ<d%PW-u?Hs1k@=p@rY$W5Mx+zvHC}%
zONj=FfPf&%bzazykPQXn&;9-RegFHgEhT^Rx-v2K$5oC)RqertQpKEL5H0*ilDD4}
z+^~t9SmM85u?`oownhbWRUw#gDA#tW10PcIk3z28Ix;9xiQT{N7ZsT-?d+T_(ZIj@
zw<U0Uzn)HDR7Mr<7VhFf=<`^IqC*GnJ>e4yCgjX|@#RUMaf-VTwd``O!X&*ju-bK1
z?j4ZjUy43|uDsvFy_1)rY1Pm!k7ssiR@@*{s9BW-1YLdu6jhX7wWvI+y~m<zN_0fq
zsUaYd$C=gbXeidS3HaX~9uCOnUy-<<dNp33dzj9gW`m^TaKE!SCkN=8B=cQtDpuTl
ze?X!Dz~r@2gueYoVb#;XoGaIzhS;L&d5MaY=x7l@21*>~tfa+K%#ukB<p(Ip8b7E$
zr?0?W;mys>9~F2);V$dq<8@BO630twnO=bI7oDe4C;@y_GZFef^IlGro8%wo0~ILX
zV>WlCO2fgS4E_fAyAS>!zTP@6s;+w*R}4x)YLG^dj-eYyy1QHHM!G`~X%Oi~nxVTH
zMH=ZI7!Z)|Zg>y3kN5Zaz47~e_~TIfoY`mZwb#1VTGyrTwNtzKekX<Vc&QNI<qQ0D
zYbx`e@2?hO-1Y48SKyiLr~~l&e)%A+ASf#5is?0rWP*a8h^;ZiRc;u86LeTz)I2pL
znk?HAdP@t9*O-A^cFIJ}yBnP`?<fjEroBRgj;q8sR3M3<;Glb3gO?#BPZPCPxJG+-
z8X%Ry1RNFW)il$5%EH2J3r*zD+C_fQh7g3zb^%f@D)U9ERtqx<QZxJeDPid$1i;JQ
zvQaMo&A{aQ!SQCi5KC;4^9NpkS{gB*zScVK)SC^MYWnkEa)*M%U1u@(sRO%R)I=fv
zhXRZR%^EtH5QMN>xu1SpO?}=#IY;+i<Q|#gB{&li5+c>_rm0Y;tM1`>JJ;&#a95Yc
zthfjJrPv~sg(f})&C3w%AKf#v_x9Dl8O9`JOEX$tqJ=;*ebX$GaX{9?htJ4|2D>lZ
zJ_^Y46A85XrrQ>@tR5ZTZqX%<-rg)r-^m_b)wg*2c{tuQ{(uP}{N@N?Hz&J{em5Dl
zj6SfL=!xx@3uI<$Y0*xnmkw<bQ;toSH;V&9Fm55gvdGD+MuebW-p!3_&;mlwZF#`z
zR&!O(@7Cdq=h}{sNR&0>z>y*RnncxssS~jfT~=$9F-x>IgcyqUh`uJ%oxIxfGa9Td
z%uGz{*Y|b&ZnX3yJQVK)ApBElJKBY*Dn$|=4@})@(r1fpSd*jS0K^BNrh_gbyuLtW
z%uzsM&;lrEj7v(A0^qc-c8F%x_ev}<Mj=V#u84df>?>}Oh{-B$?~o+*hyz**vNvad
zIGjnlN~?AzR~lz?!S8{-V=tA4H7!t7o`*!&{C<(5@8{1f3=+Ok0JgcHs$Zen0*Fu7
ze_%q?c6!JRqtrLKftc$WsLqg}NQ(QMoGcCOjyyo%OvT$<fAc3&B9MXs_;TXiRqFi#
zm3wL3dOKy06EZAqUqD33hARK5VKa^8NOn+Myh~gHv%W~P>(1y*1>o85Q+zn&dblFa
zvC;(n@-Z~g!1al^_>>Ab+V{fpOA}2qQpea~Sxr#Of19d5*LjlP<X$RywhH$H-{XZo
z*oEw-0}7{jNA0@@qD9}x{fGSCrXeeOVPz^sUt$uMK&27Ysi48kEz5XX%zGPX@G2`a
zu|-9j04fIbyS-(t1R6h_;q-Qz0A4DKW)!o~69cY@r(Y}i(jZd|bfvvcczASlv<^sh
zx<bzZwc12%Z0xWBep@)l<rxedb}fKK4X~VqW%!)()*a%Q!dETpgkFP~C@FKa{LKM!
zJs<}=-s0gjc8E<EAXuqDEAqy8e?lwoxnz3>yw-YbJyAl{7-YbQ<|ud#n5bif+p=7B
z%VD1u$iTHiI+eo`+vjLtipzlqI6?L?9?HG(2sYL(&f|G!Bqc@roRmxNIUPIYkComB
ziv5Y43G3j$r{`bWt7d}q;;Gv2>gdYAHyhaBZn_0;FU9#+gAmKXDj$R&WZr$_!OS?#
z_URss8-><F%`W30bb>b_1?t%X_d~e{`TH6i%9xrKV&5}*S3c7(6U&ik6&pyY%_`as
za0le0g*L7LrU45;2o(@u)}Z?7lpk|`?(RC}O#(nF=^~<{wqYg}=SHhPlf@r9wR)bY
zEQ$0ASdNN;dVGvk6)=b!9TRFmOgf{$s*?i>#x(N_sT2YlzFch-kQHf`&&S2Zbztgl
zI0Ggf%HhRoQfsAdx&P}GP@$JSx-vxP8dT*y!{&J=7|w5P-5x|@7^x1;6u2<Qez$&K
zP|9?=#U(#gq#A73xB@bLrL5~5_iRZ-mr*_J+k2pchs!hqSy))O&&8F&_r=7T)FJE=
z+G$$D3O)tA5&;^2RN5hegigXR9O{J5gRG(d%W@Qb(C$CF7^MOHeaQPehdugXFq{><
zO$v!adxms=jojt2UxP3DDLN}DiO>1i0(5h7Ri2>{e0V<;;5=P=^jhO3#DtN{ePpSO
z(1Rw})!88uGCWqbVaFGM<ZkwJqRGZ_4S<OpU`6|sos&b$eU@9rXR)U-orjj*!x+%Y
ztl#vxfdPcI1QcU6?&ytuIc@JKhuxBea<<3CY2XqO$$Cwvod5zga{X}0gf6W-Oe3oM
z5{$6Q5SBbxl?#>g)}(x+FNk}(EWss@<oA;gVR8>}l<<zWMU%8xhxjG_4|SAz>ftg`
zn$xE^(n|zpfR{91MtX7&TlkA2HQe!tsoDhijzoDZ8nM1&{f7GMi0l_lPw#F}@Ki3n
zdNH8aE3{H6O!^N)6$&o!`RSA{m&<)~U(<|v+#+iZzF*lcw;o(}<#XE=(bV_goUkAM
zw%qiSemXHh0&>Te{KUS0;7h-AS~5$e941OS;IN`-Atm{vO{*@CMF}UZtF{yp|KGhU
zz%fPo;{VU1`3nfH|0Aw+?~S~9@M3sK_Texd%vBh$2-Nb|2DS`&HFj<WJL;bymk%4W
z4IbeA<}gme2Oydd*@pn0V+cgq#W1)iKd^(^JAfUu{^Wn(clRUz^K~BU?>iLc@y<_0
z@?JLR&zET^u&wB2eNH6|7yAgx(pnuzzDBW$0E4kPW)I81phbSn@=zT^A)81P&@_5(
z@&6NNngV>r_tVYhOEKc}Zv>o)1$-tUYw|Y?pBT(ha2^57`Ssqw!-^RyiKhe4U<QnD
zDv@{HEu5rvJH#sSmmT@vC;a!~^zm`H>reFA*zc_W^BJ{J*4OgFx<nbNHJ1F|ujo~q
ziSwVmw14vY^Jk@K0B*~YXtSD-0qAE{pXB<#0w9s|zz5V>*TTH}Z~&y-A4K*16F&T%
zkALq5T(nVV8P*sZOi$%1L;l_oaBl&t-Dh=&*x_cRZa2zqp2Fz+4^##$yCi?dkbFHF
zz|}5O1V8<&+3??k{<+To^I1}tgkS$1`2osjUjwKG?ORr?_Kq;u0ptIiIlkn;=7+q&
z_(n}G_v~A20Q3J9n7e<){?VxG_&Z7Xr>qug|C})Q_fj%L1!jni{{c5Y#yg6Sp>_s*
zw0{{4qfp->^|7WNrXjsE@(^l%N%TL@^6#qobCHDek2SFwM6Udw4+BgDJs~Oz&MUbR
ziz$JwKaTw`WMC2wAN_t{gVf&fK!9!?`~NxUdD1@%<{ep}#L2&-nkL*Y$m&P$tCxX#
z#r+>02Ufatc`nUIR^<WLBbYsalTt`tK=9)afV$6qA9Svnjp)$<pmQbAdYbY#a{PA%
z{=N91LY}oyZDi1Z`zuHK-ygCGzkz_`LkB%8W9fQ(oipx2St@nX=^ww##$U|-D}+*5
zc)tr+hXg)`;vKaZkN^9$|Jwy#>YptT=0o!K_}||}0dIh+o43zAY{baus2PV`jxn=<
zAm^`S!X5Uv$8mlh$THS1sGs&Fzk&R}0@pX+{QfMPt7u-GKmQGEPkPO4>OjJg4|&K%
z<ONy8&rn2Zqwc4WS<yodV9+7+OMA1EVUGs9VS(P4f1#H1)cai^FTes1WMO3)eB}90
zy6fL3{_l(1*MD|F=J?1Tp_(_z)Zel@KvNtAaB1bZ%ydPfw%P3(9#(*$K80JB-u0Z{
zZ6_bVT<}woLvQbQ%k`|)M!gvx^)1H-IAF>zX&wvyjY<#S02Y2_k+DhWDGH9h`6ulE
zzVrX*T50mn;%445$G-XVj`z_Y2GT0muZ8hA3}-!b{&6z3k)1!ANqr~hcf&cs@jNC^
z^#0u{Y~@WsQE(UzU}S!Tinf`7ogJh6I2Hu|G0uHhfG-oD6T8u_1PHY}1XcY9#rbPC
z|7Rz>;eGYbR5YZeDLwl`Xa3FYv7A_F6RUY=D1{8J!%}Z74IL$=Dt`UUV2WTc2y9@4
z6C5~tKM6AR__y{5dbu=#3^;H)+~N3x{)0DU2>=T~%|oD=DjK!D;|swnK#=VJy!k&r
ziQ`84$7kxFP40C6vrJlKvR*1@*DRN?9Nb>rDWvne<N^$lBQ%+}Q^opXrfrnKy}hT9
zlmUO4j+Hf(kkbmF+3rwMbLO~@zLb<IthgYMXocSyS;mslDxRKC^YVAU0)lwMW%|wD
zlT5`dF-+8TUaw;4?+>DR^U^18J1-y3km0|1fI+7JcL`^{002UvBI5X`j6eeA(dl@W
z@t>Dx>i<Se>@gr3ANL_6JDmI%1nJe+ued*P3beIXi|=lxaBBYB{3;PY{KtXrR2Cup
zXAa(YyjG&j<`d@#%Q|);=)@e7%@(u#-ME&KpW7jp!t2BpnaNUl?kY=Hs|e68uK;y>
zaVnV1T(d3W=uo{zG~1b$4WnEfFQ!=4^|{9C8rv-m8pp&mabQuTjnxuk#b9wb_poe^
z<RFWSPdJwD2hDXynT`NiU5m{cy13XK1h3USuz1joI)3}4!LiMsnCP$Fc&La1*iIbJ
zgeuz{%0f3i5-U7B;So-&!k(NbPihXdFa{uL3R_X0XJ3bpNO6D{{yePk&yvZ?##)D;
zU=y;ue=$*LkS-BTsy^~5`XJy<<zt{gLo{0864RiuH5P%%lpTb=il4e*7<w;Gu@TZ=
z<ghG(OF$qGlzQfn`6j(&xjDi|uK6!b(G<Y??CyCiCQb8LP2{I<cI7|cqPy7_Mo`)O
z#kSTSi^WY}uHvGFJ<CoXI~!h%4<493&Zbo+bYDKvjOT2ThFnXH<qxpfSK}Is$GIaS
zxr<2U2=4^r>v#@M>gTDnad%}5k6)U+x<DTiTER;J{6>a&{lZ+gJ)wJ~LYs-g%p`xT
z>p79dP=*?x^E$bysTn<b=*7haR17FVtjf|VcD04-avKcT)><J_jI5@VH;j}IX6<2L
z0j$fTG!@XI!Gu(GcC5XUJ0{dp`@25ylKo*cS$#NL=by<vX&VV@-@P+(cqfRC1DS70
z$H=G>kOC!68Cn9MS2zcp4)ZbeNw8{qooJzi7>SG_B+wCahZgfk`^z`qz>oX-*9yF%
zGdN6oUO)|DAC_Eyee)$eS(1XWh*9QAlJn&9xonRnQRIkN4)h5+zg?&t-I61)(Eb=2
z4LQiIElB0E%iU`ulMKcrsp`7$qM<7y5WMbz&<Y6r%(qOgNoV&;kSE6Y*NFE)9#*#D
z;1J1v|NiPa!twLrkwW~PaB74S%;M~<<^5PLXuQO<YI9`i!fCo4GoxHy0W<s0KYPFV
zMk_Nuks5~6$|w_8Cv?012$cO~L^0MczsbP?7Y9eQ;PB95Z@#s!_2|Q+Jeu*T0HFb~
zx-t}`$d#7bh44-<?m6dh=wNc&%WjqrYhOX`(zyjd$jMnoitrk~!4$}a>ef0wxw-AO
zw`(>5;SVPsP|QW8^A%qT-TXGz=?MSWiUkOjkx@q#Xhd@cFqqrF5hwYNQC1p3J@-O_
zw(KiJl}P8n3zW2Kp<JS2y9h%PvUJESwb0oy0b#Qlj_sh39gd+6@-AS2HKAfBRza$W
z9wn$oZI%2~;vSD!konL|hx&M6h=eU&u7*$Ir_9*84+^H+E=6+W=1~@NQ6kw}cpFCV
zc3Jxbt76frqH(3se~0|uGR$wlpj5+G%>0=zZvU*nsQ~?YbOjiMw#5L=Q1$ux^~{(v
zn=z*8p0;SgsOrtA5aB_@n}MgLg=T@12}j*_uN6#p^U_+kXwQDR4$(7<=E)u%Ei=gh
z=tkaF87xCTM62xz4P9~U9_na6-)ot8yosuWR6jqK+T^OJ(%LT=qnMMC@umQM=&6Oh
z;FiXYL?m5_Mucp<$u2^)F&ST<taGAN_H6#j&7c+0p)&;Nn8%y?3uL?pN3tAtDv#G#
zW?NlyK%xr(YkMzff9>HkQ$-0PjO*eR{tI#{r96h$?1`b`gNV|3GDOkW5*C8cMgXqs
z75ciPgcKhssSvoJOP@wkvJXe>U>a{uwTI7aohVIMxw-Z>=W_W%W9gWI{SW0JPOHbt
zCe9oa5h1zl?IL}G4rx`<q<PimKHLUZZDI$!MUIPUQqA2}Y&+FFF2sWxxmM#S8Xk(j
zO;m-2d&3t6N&Lha!Ba9WZFVwfK|k+!GLf%d=<`c7QV9AqeRhl@sZ~7Psw`L=Do+<T
zCja#a$t+t85fRBVf}Gs}P;-yW+P9XaGE@!p@+xEk;Dqh$?%jn^PL|?he{7^q$84Vk
zVr>U!E<>z+1u=Ksr1Rb8yKF53@*~)tk2pYv;hc?3Wlq5ImK@>Gt#4JfRa8I<ZuH0D
zRr$gcE(OF$86r5vfb_;=c9Vb9o9_)Y?S}^+L#ZCHNrPlV_griZ#p1Lm>zFyou0GLM
z+KwNoz3-UhiwMEV)T^T=XQXMOmy=T{6hC`rA$wvy!SPDOdCy#x_A1WrqfR~vN>)!4
zrmr~G^Vz2H99sxX7&+l~U4_8U)Q;`<E41QNskI^8(N7LTd=oYW!M6n+T2X9kruieg
z$(ds@oPNB0*h&ZKWF(S{s7$3kIu{2!&H}bMC)4=+!pbgmmL0LUV^FZBVQ)SvmiVr&
zK+LJ!-N(TL58-{1hi+wl8}gAoS~5+?sL(Ob2bn^%M{XI0Lc}^ZG&`4DK72m(EFGI|
zlu~MhnPm1+1<1NGEz5(==PSy1zVBQTG+E1Y7yPc`F-QfJjM%y7o!L9PX$tYZ$Xf1(
zu#b>+KJ}OF_JE(~G~AhQ^xyqNt=WyACbK`jOCHfw3j9=CYTJ4Rw~uSu%6>7FqJ-i4
zRPgXwCx_kUs8oVHp=5IcGp$NKfB6G4E^i*H*IFPtM%}syp{rwv_~8ZR(h;~#4eU1r
zpzy{Lu=_sfBgtxuKvXda@#@cs`08l_4@vK>$P1Ro*r~d{QzS!!`OeL}ss0<enEWb}
z00euB*>;R}VgpV>M@P4q9EbQwwH!msI$)y6&tY?X8s=VX=3Q!;Ix*Yx&166hK>1-a
zO`0GA;w19*-QswgDn44d_W1Gu&=+QTvl;KaZIMtNGS`QXODtCkuPaF6bC^7wVN}zt
zdRulfJwt-kuRmHH%~yZXa&A7-GP9}Usy07%p!xey@bXwwL_^ZX<yy#~qSgUH=u=o%
zRiV7geW)$qxc;Ejpz<d*!Vozl1LAjrv*Yhyjw;3(nw2nBXY##mN1)VBGZaUY?CXF0
zWIniA>K|8G?g?*ME3)-SHm~4mwB)^{iSujyxl_Ar8xVVU<(pFDf+$?IoTur(gOC6Y
zNdiEAWFlYQkdz1em^bXq)R1^WU&T;H#!aof`d}VJ?R!-!eocoYqRp`tNiHIZB_Pvq
zq7lw-r?@q7FP};K^`FFzU}+6w{8T%tz2O7XP+{#Y>$O4sbtpr5{^fH<hOD2Le)M~<
z<x~0MsTFT~83`Qz*mxmoAV2Ce7oj`Rk9h_cc!z^UAP;21ConGpt_5ndIdAqKQoUf&
zU}U)4<ZQ9{+L>flmzmHMYnaf;yy;P@N~C%=ApD$Axf;K_FuxAQ_vvs<WuomMy1|9C
z(Xo{ks&=Z6MLqefOkocJ&!i9~DSr{fa<F8{Xy4v};dciX=i2E3Ast!nh6^%d)Fib6
z;B3?SAmmQm@~9g~>>{Y0n-j2u1x3`M$YUcU{gyk4Ag8Og&G%HUOcMv+?{ZR3R7>PT
zURGi&T4_L41_<l@Mjpd&XZa_Mx7{=S`KMrMFpM)lJ4z)X-S=N$KcGr0oA`S<1Vm<)
z(`N*GZhYUYj?dP*Q-5HhKF`xM@QBRLVZ!;sZYEc7u;91mj027!77q;#eXRlCy}Cju
zB%;SfL<_N}rPLPo56PIXA6&sO;_P@4nD)moO&G|zbAj*3$$}H!bn(FFdY+?T7Hmz>
zN+%ar85|TeQkW=F?Ul`k*4crIV*#(B^X)#IxYI5}_*|WitS1^AdtH5)eyirpWHnZo
zv#DdX$qa8cPn>F=DG^7jwVVna%!B~C8`m;MG4x6S49n%}%@}}Z6=j0tdz-fLf$byO
zL^PbWGH$f5YMmh!;Zvqtoh=ec7I?z^5bG(xsV%2Yf7UiYH0e?Q;X!$6N%Vs5js2Jb
zXo2IG`SDnd>9QwZ1BB_@P?{G4M{~jl`MFC`h1P!R?V3GvyaQ)-2o+G3ETe7X;&ri<
zjjpFxTAq8&b~n?es!8=Urp5fcCEVrvug^-w;@;Z+TyCps^o;N2EmTxy`C3Vb@ayF)
z<<+%68$G-7n0NmHpXe&YJ`*1wP49GkHRq@8UTrhtjr}1f=hwzLgQtg2E8kM_@`}Ni
zCa(e^wb_dOl=0$)H?=UQD-C$1OSOCx1Vcd3?{=LM$k6&>hZuc-*I%5<k4v+fpP603
z2MTXLy>ZlxvnY{#Y;tN;^XWO!aIB($#8(02Mu%nU%c(0e!tiq&*lS@!=?$T+B<aqm
z%O%?RT(tU}mQq<Dj*j^0e7PA8wpgYfiZHB^u@rYhIAM0~&jmfUN5jbza#&$}*e(|I
z&<`p8&DNytMzVQYHI&l$JkY05F^%VyQgEQ}J#O=+k?KWZyO@LZNR2id45f{Bi6!G>
z^|pq|l&e9y$$Rxzv38+MIt0~t%`m4eiN1b*bsN&Fj=B-7V|sL)fdF=ZB<G9*9cQZY
zO(jR5oSalopA@)~s8we&M>5z|<-#@3e5{<IPSrDtseU|yn9r+Bq%_%~hl!Cn20C7G
z^KiCek3@~XF`B;mz^g7l*=IW6dw%3b&At6VEL+|TLe@a}a};<wua?vPVD)Hm3u4^#
zHx4_&+S+LhKXXj?7T$PhU)>1MPo?508{vWCL;0-?gD+d{O|8A6i_8wANsJB_XX6?@
zgw)G)(wCa`q~+tK*gop>XMR=BoD=UpvpsZ4q_?@*)w?@sGE^KWbMJDzjUvspg|&%m
z>*7O~r%!(rU92c7PkcskX}R5^IiDM3IP<=_xHzExX<go&0lc&_sGRJqtg)d-Cl$Bh
z2XZ;waF>zoGP!nFS5#wfJC&Hu>w`}f<w=`98NW+!HOrObp_=7==*BXx(W^(o7Zo2;
z99)VB%SX9C{eJkP(6`u?-fD3wbEMa1);vB|TRSduYnsqtwr*#AQIb@BQV$Is&2qdj
zCT_8#x}Xv>W7qF+V{Lo2jBiI)HV2^n^U%?6q+Mt;*0f3)7l{-%Fd0faZJz3$D3W!v
z8h<T4(Hu}}wJVRXwH2L{>7p6eWX7$xKe=O%U|3dsyC_qiaTE9Lupo3ntJ|OC?!^mP
z(MQ1s3Y=iAhQ6glZYQ%#!(ZE(BiVR<FFt#GW=42I^SLT%SqG5YZ49GDeKmut&J6>+
z>%%%B=AznUFzzdGI}cV)sDGP4@UT*w#(B!f*Qbyzmz@z^60=;ge2!aRp=2)=8iudB
zq`EJT)lrtj*KVF(DH7|odOn}X@XieBUmsv3<^KlTdL8nu+_sz9<~xf9$sW8ivd;cs
z*C{lj9xyDET)$IfA&yC#Rq8&dy4?1;g8cQxKIV7M+wjQEif&R=Dnz#c;4Xr}5i9zl
zrl%Qi$(GKExvXPKvRBxvoks#F5+s(Fw&-NjzgQwR@fZW<%?%?JqXh;1gm#GOkw2)s
zR{Fv-Qer*-f+}UAcp1odvo&2;VO^K8MXxC_?mc!+0oM(pU8W7Jg$u!_EEn*l&w~3c
z4T09^a~0JypbWa-0?_Aqjc#Q+BJ3cXVYxX~t_Y+k^MKrh3c#3PTjiyiq!rrgelcK_
zEs%Cb#^T@Pw)OpyP1e&|dqYAdgQ^g-p_IHiteJ@MZe&1caR>cdH=?X!BAW078^|^W
z<SV4N3yqrd{vNI}m2J8?<sTP2`P~Z{9fByjCgG$0IXLHOfP=Huu-cq+5@5%O839ds
zNLG*1rRrPte0(SGdWNOi&GwKIa_v^d6N95>Eb-3hY4dMhTQ*^al^^X)0iSJCr;fzR
ztij1-3JTe;PL|}5*GgC%;I}`HM^;JlUCtRs@!l;hFk322xmg!Aoi2{Y*SwYe72b2*
zIWps_qbK-fso9{k3VioVqEB!g-jP$ib54=T-_FP+$JoOw5^hi*;u+y%?bAPtOUZ1<
zYm?0J38VDz7Tv+v%hVP&KysH2XIe4+?xAyZ@yOYxpwu*}D{!}<>(QS24>;$_LXF$*
zT_5~KznmYU@m6=?5M;QJpngy+)SBveT2f13-%jP1v#KdrzH~ZxrP1hI*XtkX|7yQ)
zdI~6^^R!Y~kDM~h(Qme4B99v%dGmsL-eXE|yjT-FF_G9Ek>Bd2D!W<7iO_8qvJUc{
zr`x(YV`m;)<-6OVmf5t^);d_@2dfT#4a~m?3vW3ZY%bEY??>Oyq*2TVYA0$Nwha`$
z&RWmnC&o%ja*jEg`{>Yx=Z-oJlY#|%jw-rmI%Det<cthGJ8KyyTN=)-yT%u2gPBG=
z*hBhxDjgGtCU?1QwXBUdgetXVt){-Bhi-Mie6L1Q2NJXri<g60D#dbz20s6sQaXI%
zP{RRW#EK4@A$>$#b~3#-a>DJ0o#+#s>XT2I7qFIe)B=)&%9grRC%X+NuMFoJ4>Wb0
zOJ9Phb$p4o&4kmm!jIQlDwOr;L9#yYYG-<?l*eA17AY-hFd2$$1Y;7!P8glHJqo7p
z4{dv2I~!2?nrl@^iYFz$sDyG7N|K|;Cp!l<ouk3m>*HQIE7f`Cw*E~>r@7CyOlp(k
zsbaU`NI#J_;aMkAe!~jrtNU)~a!nd1&eCG9(95C3hS}3q_EsNVvu?n7t>(i*Mp_B-
zXIK(5495<#WV1HS@E)a*@?PpKprcu97*aahL<HM4Y=G47at{{9fE03=Z9gqa+WrlX
z4h!rUG);7s&A;>WrL%!s-TY*pWq9avmyax^L`0U9uVJa^;)aNfx#og)a&nyUnhQk$
z{?-IkKXr4wNOYoDeM(%a1r6X=B6IF%s)zF2AEhENEx8CI6h*-sM$Y%Y0=OeJ31L@*
zy3RlQaWpl;sQCf(aTecSS~cVl>BA7@?u&^yz#R`RR3GkCpUIaey8SlSj_DY0d40aO
z4rCu0nfXWm1C-uZ7Xp+T(Z$gAaLO;bZb~O6X2kiTu6F81?xq%c-ahedfu*FYh83O`
zxYT@ApOQL2c!BP<IoO<bPCiuI1%iCaA{G@JFVpd;NqLeb&%ipCI>9gsz>78LZ|~S*
zM#1S;Fc8~1GmD!ZnDs1Ba&~7S=@pV*#<!*W0&|ditUuDp##?VO>#I{aHW~0MQcy?5
z#)OtcFh&x>h>%E6?NV-*sEotK7oRCWvjFQ_TwBg?@wryHZ#`K0bXgS@I?j?$-6`>L
zl%Q@iDZ}YY9dS=KY;qeYItn-Zpq9IAC(*zl_pD4k(@5te2gP-RNTZ%0eUM*)=G6Xc
zTFrB3lN~iazg?S3LFh~t9+jRW(-X-~)f1MB7}ZdP%)Weqx^}nsokMZ0*6J~b@}C66
zzOp_qJ-~{DE1&G^KudqhJCz=I(wq%rz}dH)fJlf66~|cTq+qhXE$47I{fcuZ<?yS#
zhmTT@*|Sih>EY@8xdI7#KJe8Gl7;3Bz!an)WE0=tB3{BcR0;;j!&dIhUY+&W!P%Ep
zt8*zFCVu1;z02gMjVrb2<K^+&eYR5hq&2P8Iv#z?$^55&ubY<@+mj<+o^-D`Py`b^
zdjDg>_{E3=R1nK0tYM5%>gvR6{^xayl9Gx3YP@7Y6-LFd122ir1we#?H|2Z|q5W8@
z3nCuMLX1I_DMob$nv~sJO?Fj5E2MB~FEhXI36SWd$wf;K{i1>?82@#v!%cr<jMMAg
z)U{R<tmSpqUX8LX3{3B$Y&NdJ{B*xId%3#ZX8zmt+_Jdg6GC-GI8vK}dzAon9+^1j
zj+{DlB1<*d(%IzZ8DCX?VdqyfO#xZX^CRC~M%~z7Tbly*0|6-E%Ww>3Y2*u?QP3-@
z>>3E93ATGUwz4%DS)gg?rQd4P)6<h>p6MY&!#g+cJ~n{s^?m7+iPc;KYS7d(&GxQH
zA}(CI`nzurFAsu4#g|$M7Q<K$s*3ql(s}xqo^Oc8c4&o#JX^fYG)KoQ5^r*OyP%wM
z*<8A>VGh+Vpsw8+{>+p=k^j-Nc3sWj;m&NVc(WVHBL4ek^>n`SnL6b$fM2GbN_+|<
zXMdmEh15}Tb!;R;Pp9QAQS<jIAG^<dEhBdr=|rktxAq_mG64y{+o~?cUP8B(+VnyY
z#OXINzqH?VRSMk2remn)q)_+=+&L}N5@QD<q3Ub+1KrMsNl}-fp<=8_|B<g{npCB?
zkjcn<vsDKj7B2?$#>1i^f82O$RHx~dMSmaVa#AnRBwB`sJ-=VV6Xigu-6()5Elvm}
zsLk}3w?H*w*H%`>L^0<zRZdkD?Z>`Sx~x7~il^6QtnR6vNAsO&^mQ3A=W^pK4sumF
zb$<6sz1SeV!)o!e_V&tFB?VyL?=C;;N8;52h#141U~)V#cLJW@Y_*^D=j_6+WC1d&
zHEm_tN$cq(!&7mcU@`){fg!U5^K_s_5acjRe`HLBnnzgCpj?ukzI=5=YEbhf+3q&A
z2VR)ywzM^|W?nJ~oy3#Hce)bK40Vp3Cx!v1i9SsfMNT%YjP^1}co4Pk*FpFjXfFBo
z7Pn0<pfkizc^lfkbm9%_Tw&=Z5s=h8p6MaFiT><Lq?fk9a>`Ca6MRa*cu6>R+?KWn
z6zS7bGR;n>WQ6ot9Ub}F&WABrU=fDqwSLii5F8Y&8Ypo%OCA8No@iI4Q5*$GiO-V{
zUQ*Rs6s7Pt_(8&_WHRi>e4NY~e55SL6z~u=zDy+iDI1#avLhRuQNsg$Y^0kt?}Tx?
z!l^n$j=wx{l8-qtcAH{T^iIP6Ria%vo+1g-=CDgCj6$F8tWG8}I5><QpL4wZtu5Tq
zE+H$K&b*;O@ig9AlCegHG)K!}zGTCj>9@`-qn%_~vx0uJt}lM&OS^;XMk<}7Gn4Dl
z#4v;TZEp?*8wsW_x<#+Gr>l)NC{E;T6YBN52h|cwKlXcMvaSGqKAM^&!5=>sx~=kh
z-%Yos?~ze|!izWwk`&wD>+RaSeRZ}pH>U^hx63h&QKSf0r%FOVfDo}u=q=gfKFWvY
z9if2q8rNHNx95c8nwbl=Ta)<TXNpuMJ%8Q8ioF80<Z#iO+tA8kC(PpeKAm{NnV`pg
z)nn*G2?CJK;x^gVCUDhW-^<r9{_nF*9014Z!>?8IKNB!#-L|DdTRy)M5}Ge!CKYi1
z?0R@~lme)<lIZHhnX4GLDyXZ7<j4Is;YxOxKWi8Jz+(1O3sAmPC&rm>-8J)l|K;->
zTaaDD?Ni?*s62%NF}qnDp$)3fnM@U+qkV<6FSDj3jfHgiX#aR@5Rt`q7`*G*R%a3)
z$}Wui4WP04ii*=#05HYzsfw)tjRTknzq?1!bRc0Q2Dv$o9W(VwW>vac>1WNc11f>P
z-50?>%Hd8h_!u;m+ZCEXHaR;3{n|P!ob%qnaFaRXZJ){$S#0X3!5>wOocjCc9$6L%
zEGF(AR`{(iqz6EC3~=H27)!mM%yPP+>pS4+Z10RT!GZRAaNSP+Oz>!t=ZXwRi?2T6
z2>A!QWG{!R{x(uSVtg982((gR7pqS?&8%52l$(j8Z%F)Dy-4!%*R;lt2L~y;ZS;6y
zepe4<LNE$`%rqYN+zpJ+l+0qt8*N-LG!-rH;oIhCCeG@-@IK0K8|UEqQl<T|!f5Ip
z;dp*bZOJ_EAW~<&udc)_W-<g>?+dQt*|EJS)+^zrkb%<|XFK}LnF%iK)bsfFc?t2y
zldGqGl_5oSmWga!KXW4&V84{orrn2q#@)XOGRi=0bPP%kc650@xL)6u$$NGq!?Hs@
z+1f6J@$)np6O`VxQ}7I5$Y4{4y)T*=u!nBX`g+7-FkT4b*V<XroS79nf@!f5IY%of
znWLue_JBl&jotU3hyz(1iSUn~s3+`pzwXpr-w^HOgcEny5y=cpo7&e7hZoOBBzO3n
zbU6%-h6d_Jj#$CE(N*u$S$w_5x~Jt^;kmM6Y82r=rvWAF13A97Or~yl5Z}%xrKA3g
zd@GsHR*5~q6fy{oce&VP@B-J{ZZ}-g1rbzA_Il>5ru4FkA(5qguOIb_%BLBe;-dmg
zU_4LHo96xnqA9=GW}$4I0j9J1iMyNTq6ZBq9L*?-U77EDIX9~*)x-Adh09Y5RpPB&
znLc9|*j+4|rk=+U8Rkv9{!p9i+RMms2C<|Bxt?7Ii#?$G?i-PJa}gut(XQAhyFOis
zBY3<|Y2^o`qmSpC?Tc@gZd*7!pUpH6(=x*vG<=UDr^5P|9N;8w^Wv=@oHZXuz>!Av
z<dzs)-bTMstVTH|-!=KPPYxij=eQNXC68pMbetD*0^<uSr6?pzv>Q`z_r@AAIzxYy
zTPXfuuGh+9VE{Wgnc3uKc7dy<PbKcatt#-{x2okr(=c%OJn>Dq5C=kte-+L5LO<1T
ze|4nG<*HD(+)Vs1RCXOKl+mjJ15!@0Ay}F&S>F@ujQg4DoG1@Ptbxqn_*W+!b-U4q
zP7c3Q&=_9}-p2EHM!4uN=Y94JtuR(mn#;Uy8_ioM1PeAjP8(x@cBT~pf%iaC!&j3>
zJv5VT!nCqCPqV6G&etGf=q3|(-O)bzC5Vj5MSTuCd|KhLfp#*1jSEc>LOfk10eywA
z8uQgQ5*rs+ROZnTom;dzR4os_ji!Dpdn*UR4PlVFs%lCbPwE3JP=&k{{YYHZQ}R%^
z8^3a<iL+l_hq?JNzC$=`h<e3zgS){oaqi<+Mllj|WbivKjs!Z(g^7d2*K!eIWu~?7
zKM&qOdY3COccVmok0h#*A6km)*=Lww^?&g3lJ6$N!s>K7sohRxc1(*+A8;y6<~k^=
zF;*S!M)pB|wz9>j5i0$gP}VBr*}LrM<izgH=9A5SktU0RVAu0szPDwybBRCE2oR1k
zO(C10!F1Dv33CStbUi0?IrTF@Yska;nqqjfW7l|P-VTI8GF?6w2lvBYZz-L1A+Kav
zrS0iIqe5RBMfIJreKx=DH}<-YWr}S^tJLN00R+F?uzJ+frf#fy@4?9pRl9Vh4NW`W
zmC`pP*$r57gUVspMAhoGfqKa)JorX{yJ)7wu(@y3Y+5L@K1#RF>IZr-qfs+(PFKZq
zV+E6*X`E0^Qi5bTfAF&B?~5F@VD~qq3a|QKVbn0@&sN%^@BF?qdpEq_KOsWyh5qp{
zqsr~>yEj5tM$t;;FBib7r1&%~k|YTL@Ei4?)jY1|N~!j@U6@xRI`|rbXRP&`0jX=l
z?^fqGfy|WsT%UKnmQ4H;s(aZ-@uRgQA*boMgZI}NhYVXQk&Gw4?6<_+@>XRSE4-eZ
zx{Cro)_y2|cA_5oaOh3juBktnWVlP@Xv^!_X4}3K8ZUQsw(1DOQ+C4v$;fEIKJAfR
zrxgYkT)PNP2fXp1QA*<((ajcn2as-&HLa|s#ucvuowCZPxREww-oJ!0g16rwV-V*i
zO3V&U5FU9L!#u)4*K#UBbvCX87P9@nacf!3iNHKeJLF4Zs8rfs#}bfM04KeqWAFcT
z=mXZkvOc<d-@LYq1000x?6H10<|#sV_?qSX#9v}{t3q)g4UVJ&CMXEc{v843n9j-F
z4DjJ13OafYAV3>PBWX2KzucC;F_z!RPMX-ij%)&CE|}dOKS`s=f;<2eZt_L}L}wUa
zIOxK$`>s&?D%s>vrA!s5!U6bF^Mb)GZwa~Wh|!6<`4I_V_NP`bZ(g%;pnUYj%lodx
zx5r(h=-PtB*o0*mj#|zZkVZ>f>fMFrV9j&0!WOn(d}5<y+5!G}>uMQww%7Y&7S5%7
z^uGO{I5&lL@SGPF9ooezZLt0NNuYIs%eMuOjqeau;l2xQ!}&pc--Y7_H2~&hTpBrV
z6AQ^rL{*zCqWP?vuJ6lN=HE>3vd3wb2217y;8l=tsCuc~&WxjxMWhw9NPlDIxc%&C
zomjEwrKp}5N~?<#1g-Hic=?<T-nrEK5~Rmfg!3+ac;-g}z9BIr8qLRscSQZ2krv{$
zmERDJhO+kQ?u7I8Hw|c?-I*2VUXhqJn*kP$-CKuLpU;QsWH*CWwvvo{E8DX@Q@?rZ
zT9U*7LGerI7y7#0Vo5sdSqf{srB7TDrL7xElqDebGCM4{RT9ChoYL8x*~H<x%!LZl
zeg)}vF{U|ehBx604K*P=%ps*GE?%27#YvmTy~I>)#UNq{&Kb{KkZ#6X;rYJkJz9#v
zW5A!gyA-s~_7t=Olx9)FB2)#^v8X?dTZ*NVU8X=EYwt>4%mi;d&V*$Z@}QOX$0iAU
zU=l8oFS|ZJrAQzH{#J+Itco&WsY&3FNgcIrP7>XbEzZB19-ZLFR()=tx^<ySR2dl)
zW1O53YdJYhdevE3PM<ndl?jxy;i*VGC&6&%V~us2k#Kf=dG-;;UFKK$a;9R)HtgV_
z=A`fNS5ZXk=5#V7BWeNQ3cF9S9-HoH$(SEH#+{6$oakydS6a5y)}@^%o;0{Rl7YnT
zR7ncT%@2;;#P`4xA~Qa7=zc|8QjhCo=j-sw5>D5;RecG&{67S)ucq272UnX70>vU%
z8bA<tyIe^#eR9;fH}t+PLZ!87<w|C*2OeyzTR)6%cs(Tq-&ub6=;<Ll4p4z~{iX8T
zVVc7Ur=Rf@d18?{S@Jrg3A!crW_9W`&~7mXlm>Y$Il;o3ufF@rs1;zGD-QI$wZ3B?
z3va8KYub1qf9_g2SXPI6lC!=@6MTTK*KdDGGK+E0-ynAzX&A|bJh_JNmVoa?p>TZ&
zakA;_`w-{ndaSOYoPlz!;#N?+ck%I~MV*rBn9eHXF2%~2b(rX8kDoT^5~IS$gG8TS
z@1z^=UAFV#&*W;GC&8HzSJK7A^!S-bJtRnh&Mxd~lx-tj(|7sE=<0g3Q2LqR?KMi>
z3o{P~pZ#yjpg_|@Cx_=UtA_ynb8Qr?1O+GW$KK7+qp+~B-xsN|$Lo}sI^DmbNh-Yw
zhZ0I(&v^|YsB{tzBr}O?N2(VdSbYz8SX~j%w9lBfoO~|sYaH3I#77mORc)1w?GY-@
zhl;*7@Ebp0JoBiAMUk<QF^xOi^Ngs(V4moTHoGz}d{ujo|4V*<?;ek>Wrehn)8_C7
zwz2Zo?e|BPHqR#<6+ic$E9iUCDra;42qN(yfVrNq!JUM+Eiw(}DruIvqeSapWjAK{
zJY|Wtk||{I8+0ZL=gx@8!3gJWcHYVp7+F6xVW9Z5v(5T;*>g7N6$Oj!SXnG<@rEy<
z?o-`1=MS6%6Rsss(x+oOKaudcsPnE3u^O)bDop8;PgU+7M2ri3OG{QQB=s}rv>rig
z7nA(<V(+tm$R}v^XG!EnW~!c6F|nD`SGM-hDiKq%^5{+%bDuh$yg>J*B>pkCy)Ll|
zYS2Z*E~J)4g3)w<y@qK?7%P&9NyyXq+Q^}T9lZ!>n=BKGMb>`p7Z9{$M5n-r)hDPF
zfWjv}ZAlhUCbmLK-OhXg4zNy6#NG<U7F%yK>J>>{0uEbjbkC*DzUyErDZjt~CfhK)
zW`xbou=0yn!@p#~n&7>mOh`9mnSlYTb=Obi=2IWEI1V4HO{>2ela+B7pTUhU1jX=i
zDFxvdUxH4F({^tCu2kL1KE?$@nP;AhUQ?Mz?fOk;zwvin;*zYp3}GHl7UG+1Rferb
z1fj)dSL9P7FyS9+HOUn$88AP1UA;F9-t5VxBZP}yQk=+N|3JUvi{ouN9#_BK8I|DG
zem1y2TT?QV^QzK=?-qzCGYXW|7|woEp}RAutZ{^+2ZCEg5R@G<jat4!T`B0=7OFve
zq6es`n;8@<+*Kzk>|3Rk-qGvB7faREjKeX9Ul|i3ORX<_a%Ssce(s*P&aJ>fDo*~E
zTH!dKR{3RE-6q0qUJZ2Ux;-bYS|CSRnMT{SRMxmkPso!6^Q1n%NHm;b+UxXyhkb(#
zcdy&(r%WnFdLBHHSy>>RM~R%KznIoE)KpJKB}G^QG7Z??yL}!%lQau0$HXp&{DiUr
zHpSG_THX5H<6nW8V`ch)di9cQzDEm55!vTfpNH<vnT10lZ~Q9mxkcL*e*V1OvG>aX
z*=!n=sWuv<qkf=&@NC?d_Xn;A0EhN*0cF!V2@+U9O8+?_4V2j)(UA|8eeXd|z@S+q
z!lYZP30{gaH66aK5wv^W$fG%EhBwdSg}QQ>d!~MNnk#c{WViftr$%ssBA26oue@Oi
zD2~I}l4{k_!`0v!qcKFonc5K)*}JYwLpy&0`v_nBeta3(LeD$SmMq}deodi)L-uk!
z<FekW@DOaGIg%--Yl}zLRb_FIXYHv(;=04Q7)Zxpu{fEH6GuNH>!*iD%|&p@!nx^I
zU?u2snpoon_bU;^QdSCv`Q^_&s-}nlwQ)tDDVpevnHDJDHB0G@%CO+zbHXm46c<kk
zvO~a=oDRXTyF`jqSCa!hp#h)DU}$wNL?_98b=(2YbNeJ-pZXwB>jgn~!sAZCnvdK1
z3^Q=J573?2O}pJU$Ck-NDP$*)QKlXp6unSE)sBK!zd6=SXFjB3-L&oQbltQ>N?Aa^
z6*-846I<?=yu=rwBp!6PDh<}|41Tqp-H1StRZCTt$t<v0a**hp1lvj23gS`Mwd|Tg
zXGcccLNGh2_Ga1z)a$jrSbKF}^$FICm0bR2?vvIp7(FJ-so0+$#H+d8>MmUg^6N%!
zt4c7u*$@;jq4w07AKO|`y-f+U0kSd0!BhFN8P_pTgBPDN28QxPi|?|JBdf<b?MoJH
z7RC-{(Q!0=or5Dy2dM+evLuY;<9|4S7|XBMU9Gvr-Y(o+z~b^WHqHVxk#)=U(~Atw
zwxslgWT)%jdt((B^JO}04Gl#XTsy<SrmPE`jGM9K;WPP)snFQ8`8F0uTq<hns>D!s
z=Y@qm*QT^)f(4H=L$zWJ4&C28;?|QT`H;KIz!WM@%F2|a^mI{0fm>RAM`>=L4mQh?
zoeA8Sub8QT)8%Il|D7}R%>0#<zV9HPX!OEettIJ|ltY1l$;TB^NW4Di?%>GEI$^ki
z@HpB$_((R%;>5`7H_q~fc=O79F8lMg8YX?;$d#3aO}yrfV#U?<*R`#Sb)@6f_UN^c
z6>d^v*0OlS229=<AH%?B?`d5fu1pykPQ5L!RHhG4p#GJ1iN$yrY5|RwGwp6ARm<Hf
z88FTBzV>9U%hn!U`fVmOkynmw>Mhf+i!cOFw^69R#2uPSC-GQ~TUgEIqE^$IV1mwM
z&Tg>9{I4kL^&_9812x5Cv5MC}z&lN|J>O)()jF(I<)V)<+3&6qLhwA}O2P>sg-m64
zbu>j5_xb&P1w$NFqK}u`SQQoi6YC};CKlX>fvyD%pq#-pX0`UG9+k|(A6Xa@^l{_X
z9VLVfpEZ-)jPr!fhQEz*w51ArA*+nt5w=i90@Us3V#!)*78f*<R7z0>ygZoCc|u&B
zfA`g37uv3Hdth?i<sjum0bQRk&+_bLM2f#~(vIt~BXuckhY2D`f*UrsyrsdM8iKcg
zjP=n?D+W3N<5@JxEH}fJNt56rf}*ijsAlHrlOR3DdRrXbBE6zfgk^XB5;jIhz_|bS
zgtZYe8lE!}3iU84%l&<Z_#~UPQzk|+{lV=1s29`;--vpta6aS19tCT6OdF}ol*l#`
zilK}G^;;(wxG@O0I)hxNLfNEsf?<hGXe|>eMZiq&u8{c4yiO&@1w@l2CHR}I)N>+j
zJ#U%$WYs$s7lzH<^V-jHn+8?yNlmLOB#<4z^hma-6b-t)%<?;;nGcN|nB@eoLS3Y>
zCf1eWnSPuSu!uEsf%<)_3;2Dp_U!IlbUhi2+PQZ4p+6?J>&{SgS)FhrK;5s0fI{jx
zeuH$wHuR6tk9j4-R|h7gCrd--YhI|7;pfa+8yn{OH+aVH=@>pmkZqLLfi{Lb7JUPg
zkr&oFpX?gdU9R=N#qDH%`=O<QG;uAOT$|DN{Ie$pR!n{fCsm1lZQ9U~Zz^-IljM-^
zqj-J`50Dm%*Hc}VLG|nkjPzz`i=#Z);G12%$8LQt`4F<vSLIEnUXkLme%cT&w6}T8
zH!ZJ07afr~tnU9Dbv>i*^Uf_=S97gS&5<wl3VJm%W-c*^ts>!7mXGqPf<#Fo+J)KQ
z73)#nAY*EtNzxhn!PuHi6P>TFf(zCZH^m-&2ow88t8iRLtL#L~<&2{5a}vLKliQL0
zYcCJrkJ~qj+@$a4I)xsd&hBk&Pd`O@XumaD<16#5Jo4_=OQ**Dt0%RCdBfq&cwnZu
zeai;*NeP9EyK2&UOlOC3jzPBB03%Mr;IrKkNz!cNYkvz+w!2GL@ZIe+V=sr@)oCff
z8qSb!IViFDPvAFLN49=}jT1W^CTj}+4pGrZl^#f8*y81PGw`N$%xlSMxeQ!kc$Zy6
zghe0?j`EHvAIoXkynQFBuY9mXuWisSCLy7;HJO07zQnf$@P*R*EVe(f(QZHOu5KXS
z9IFR&TF!mk?3z+%Xas0B<k-!Ak~^%atGpDtR<W9(7uUv*PZV16_1uBG90SDGI^j)Y
zVC#3=_dOc^`1kY_V6~M*`rpAGV`jZpE=5|8ur-GUKU!q4$Q3R~nIdX!+0%`}!*)Lg
z$HrPnwel2%8*m{G1MGjP`lu!Mt<50);_~(2^ua;*8RXTEu4f0)$jL=SX2bCrNu-<8
zQzr9-@EK{N%<KD+qw!4ZJ<r}1?<@AXj~Ok+E)3?^{0xtsQn_1b;wso`*45bY<}>CT
zfG1IpOzv~(%G&%)z*4MCTKW#oAL&J!MQti>dOad9sG@cY(b&r^U$d=AIO&W6`m|5a
ze4%<Lpp2euaT{f&k_>{tkU=qT>UT#SBhKz8WL+j~XjgUezL6M=sW!39cKXFZS|5GP
z52MB!*+J+!T*=JDe=3KnFP-PU#=}O-ipVMp4-2EJ?6zFn0@{sI5Bt$wiFo#`>3`PV
z$d4|i#NaNhSjGEY+3yYCisO`+ns%oyPvJFFlx!YOyVuFhL=1w`ay#v#vc?#PIX-ng
zx*OchW(xRu6HYU7YPi5gUCr6_MW1&Tw}OAT{msO!ZX!c{e;4EP%Q=Zqn+e7CD9C({
z4|*Fnbu2SDhC!$$s8rCdQkolWwnJz2LmmX4>-C>=v+H|<(~ay!lEw{fG9*XcO6xIE
z(_p|hrL+40u8i)!ZOl>jkvpF+z@jc>uIpQIL&CiD!*1vr+EHl~>HMAH#%0WEb}0q_
z;>aZ)4xH`J(9LawSR}XyjabKi#y7|ZdH?!zWG(<w2nWls0)nxEjn@VBx46`O_H*5t
z?xXqkK|uwUivbto<$iwfW^Q%V*Rfx|*c=k`y!SVWFVlW6IepeM_G4OIUjSw!APyE3
zjG>vb$#iLQR?MB<trWoVIl9o(X){TbAJa6L4HbW6t3G#Lj(>=5FnjU5@-+ZHp%y6M
z9ro+?XFtJvch;SLJFET`1A#}~c5(=|VLDvu_bS>RW#Fgfo~VK>rUq@_j<|ZmNouup
zy$^a(uaP(nt8{+IyB+85wx$*@SG|_=j#;Awn!z_!-x<lej=4Vv8%zk7OoYz9#i9xe
zua(B38U2|&=HmFqZnkndZ!9Qr`IJPj5zwAv>S`_Y@vUCI4g6Hy0RF^8xvM#eNu}5y
z#}zl))asdhdj*b7ir--`0KJqkaNwjt5~$p#6n;#F@H(NXY@z{g-TgX*>l8DagV$pn
zLkDzJnlbdx*}YX7KPT{zL}=jE+s%KY_{<5llg2c*eoLVhdr>=%uyOIcFw*~7RQgZc
z_VRR-Un!JIT<cW=_DO?_<Qz$``_q@68|ts8?9IBcbn4vOCZMSeBfC8sPJ|p)0+fnZ
zTbe{4qU~lI@DigbFmPSFFIoo7gbTb$TM$u|@~wMiES1)0^EN@Hl}$qVM=w`W08V|?
z&Pg1krO`&+@-}GL7seI5sVFTpTtNP~M6TeYROf`cUJ43%r%MfMh?4GODGDj9{>lT?
zlXFwo&#dSWU8Y>dIw1=(fC~ZzO<ariyBrVYL919zX98{XA<{3?aGNK)hgCk`hGnUU
znuUeriWBf!feIM)<h9tVl8|2{Puwo;H4+;pC(0Dp!h0e-_|PO4hkNx5YC4y=HVRme
z$=LMLAF%^$%&FVHiz)0lOT7)q7(`!76cS$l<fz-&ZJWD7uBKH8KzZ$^Ujf=E_jp&S
z!E14D3cU%u8q<1fkJVR<LUujE+_91-Z=Be>B-Ch(AAZ7%XlsZE$+}~U@f2q|L?Bq3
z-Y;|;c%ANhjqh%YsB}>py}{DTFsjUE|4z%pRXuEB7_229?;!QU+N&P~R@!r1nWlx-
z;19?&6)cypuLOO?=sL<@KGqPDoSnIZ`V<aKrD~<dlTQWD*>CTW=@eSqKh*5&af;LG
ziz8q2r9=M#=sg9C|EAZizCXW)ra`B|SuNNoVHnwFiBzLqd-eO-+tsg^I=UVaj^-ce
zPJ1amB+{youU}K*%tf2nN_kUsbXsZYHM{ocs^wBkj}MbnAY`+nW1V)T(RH!CljCB|
zFw6&31^O0ci0ZDJn17<``6Amvr`D0mcDf?tInr)+8gajOxI+Cx*kav1<!`BKw?aB?
zSmgQ3KyE;6w0sr>G|6&gBplX59LHZ`YbwKT1(KOi;Aq>#k#$6h?gkDM6Eg8P@M+el
zsz$tWh*ldewM_TC$C~~G?2C|v8^Q&jVWixFCqX)vdX#&?+gN_DgKQPx@bF(+3JX&-
z5&sSJscdB4acGutzmt6s4Y_@+`_;mxbf}>kkd^Yhy;xI=E52cy4E(1rd;jS}KlwKv
zIpr#n`gKp0`MVtL=M$U4^}kKG?YsOh*4{d(tuAc)tx>E+N(n6v#R=}-;zdh~2Px3t
zu0>OddvS;28l2!zD8b#G;_d{Ov->>n`<ydpzCXVihRIA|NXXvzTI;^A>-vo;y=d^l
zS|$>{ymYNH>U}CREf;D-LiVoI+1x0pR4{~sM9df;ZP)c)gsD$~-rXRRH363S1JOVI
z?)5B}Q;dEM5b3ceWWPt-zg2Gy!v8bX9b$UB@a!5a72ZUv&}U?@WJNI>yq{ezAGN&I
zjjyZPuvn>iys<WGb#;jHiD%*)Sl+&@J6NB|?tb^GA!c{B&^uVHUA$MVfd!i|_{-@>
zUtqn`W9wH3J#_duSs~TX5OPWlE@5<X^@s}QBS6qPHYFwLi+s%4AfHnby1OAFo2_e<
z6&a8ORw#Svgs;L@kF9RazzweuggN}9c?lDb-|OtlO>wPo&2XKx@FE)pymZT%+X_Y5
z20vM+Ajgk_aji$xG;0h|oXsb(+ZU?F#8Ats>f%2I?B(YPbv@eYDc5ThbEZ}r2a>$j
z%4GZZ;$*@3Lkom8AW#~Mu+)h(Y6Mw4tBG(+v|q8<o&va<Ya&f|B5O8e3<tpCvvbTt
zQf0W4>QZ@)BJX)#8y;`fdh|^D9u_gJ$vL+5Pg`=1XH8;8s3t#_I;+-pLB2^-(p`>k
zFmsc2>~2AM%x*mn&9eNI!$KQX#(>Db$g^MZI6hR;24;kCGvwX{U~FO(6A7=NQ;6|$
z*&m6mKZa>}ydo#h4fyzlxy1yROi+^K(xm`AGzw&Zan--sb>I1&ti}IIQpklg_k6Lo
zmQs0=EFDjZEwmb=cVloyA-Wlo89j!ONndwd*%KLW)?~PGUFMuYT>elbH^H6TYSEep
z#;Vv~-?c~M>ZIrop`3STeD@nm(*<u%;>WqyYIp?STj{%QxPij`%76ZO66Q5=EMn6)
z6fm!#@9w}yh-Q!(`HU@lYb=r6W7A-^3tI+AQx7-pPccXW$wpFBH(dEAGp3-ib=ZD~
z6Dy`2rWT-qjhdIwkeLH`Ak=$2jppSM4RKRb{^t#S$B8<19+CD^1us}{h95}?aL0|h
zhAvmuRpv5rq-Jl~A3suWu%Cbexf*ih`00TcHs?x^rIKvarpPxUoXJmnvhD+bny$1H
zzdtU{4MiqtUt({s8N=U@&!BSNooZ(q-?uCXk#s$t9e*X6!tXo($luquTz*5b%4<)~
z$UgFxyy=>&^hz$2-@PMU-KA{7I#2dDsX-%eN_7ImhWbGH6T3an!?#H@0qiOUzbJ4q
zU!jQ>O|6*=Ht0QHr94l(@V#pMh46kM9vs-Og12;GfXMy2`R8Ge0dt9QYw8hwwL(Ta
zP49OMeEp!>0nyWKG1;JWU|Ju%vl}Z<6wi>40LD8FqcGix+Pz<GRlw*EgprzM2D{M)
zqW$|Us`%+ZyvUJUPdtMRO%x9S4lS?E`}a5c-<ztrbR#fABsbYIN7ulDCr~_%U-Rye
zG>ICUdCS{p7Z!R`&9}OieI4=dBz2E<X_i0X`|&`tMEa+yYo6>$3*;yY(VoU0TmrML
z^&uXc!RE&?PU4qjwA7sVH}bFRa-me-l^LwC+*zmH;)+?wP*tf!yY0Li%3w*0Flytw
zl!M8vFcG(9lx#N~d@^eM{mZ|C#=(HV`xuNAo8N{<T)d**#O3*F`@PipX<SBfksGJd
z9$wmd{9@tz6xs=<bUGlu(;%W}itryh;M=ltd2?77M(=mBe^!W6S);%Q-uBXOCH+##
zcO}(|G;$kvA8Df)2m1qS%Q#^}t~>0vkI>)SI2mD)sAJ?jX2v<X4pNQB7%z(d1v;`&
zF*c?f>_$7|Dv*E79FXWqt8jDp`+N&9)T~Rn#<|20rwVhK7()qNjpO{@R$nGXN`-cm
zv9W}C-9b4;uJWOG%`{Ch<(78Wwrd_YwaY7e*gyF<p^SSk^gQj>(3VoUmL*x_VmR(N
zFX^>=aQPOVdDAJ7@>;$s8VWdE)y1Htp~=tqD=bkgO;^1(L{ouq?v57`-L6nX97*It
zkr@f2{eNQpfxZ(UR~A&~YQP48f7UFxRbn6_?r!nL5_r{*D$KWk-Q7Ay(PI$vT6T$P
zgV_STF4s)10JKC`tQVmf2L4|y^B=TFcS+xl#Wkis?n@C32sB2~SPd%W6~+?rDJDbc
z(sA||d)eGm)44e<{_ue45C-0vp7}^t(-$Q*f!}ZxNR_oJa|K?~ZC4~VM2t*m2{DM#
z>&sk1A?m(C)AT1>3-=(;t*MOnU=f(#8nQ8w{U|v=`hzX1u*wYfH0-jq4vnPw$w47|
z`QQ|qYK|KQgrLvR!bytWg84|k8_?br_8NnR+hZ*!JLx{~fbh3|z;^M1F!oiS!k!{3
z2>q-E?CfL`a{Ph}!>r~th$J5g8xR48hHA*^&)T!!L9yCBnSYY*7i`S!;P&G{yb^)L
z4z~(x43e`J$8b-j!H1Wi!xd=lDaQM%5e?`AG6|ZJaNXx=SOh54O8)H+!LZmOgRS^!
zR2Hy>cZeAIUhWg@s9*dL(Tvh1wCPwJJ+8ms*SoK8%sL`^{ec4?usxiO2VL(7T0K>P
z8_!?XTUih?f>yIfN6t&i@zLb8=3y?KHZSR{uh$d>%U02^StB*~Ld{21kfj6wQP?0;
z(iwK<vgUTHV<5`n=E(qvJ2Q?acDzIy?7XD+@&@jL=lfvAXYyAo|C~8aHG4AIRnB!0
z?|0kk9^T(Io{sd!Og;#L08z|v{g!Zq^>mx{CwaZ8rSP(YCS~iDc;4|CWc#g|)NFnq
z2p5v8=@r4IRhHU(EjCM3#`EU;)@6L@G7+qG1WH)JsazJDx^i>O9l#4$&gv(@*~~Ts
zI@62A;sCN4$Z{J#iSX3Vu1D;Vj5I|&Q#~?nYcD@o_{H|Y)zJN3#cd@gJtT%tJH?lM
z7^M8$KWxggpXKKJ&<hGu(!LYE@?GKr;udyciI&?dlH0rMQiR{5L)p3JAV}AfyBj(F
zG8Z;%LJ*UMUz%f$TJqWMc1>7?D197$*#6V&=cKth1SVx6>#ml!gRiQ7eOPY4tyG92
z@oCI&+MY>HbcZ5Fc+y9vqJBKlRl>dsg#x-A;*)JpGnsb3<zQ{_lc1lUXY^Y(S6|em
zh3j{4SX`x#H7ruDS<8csFpC}uEq#7Z#%M-5qy2{*fl=4vE!73|XH=qd`!&B+MS%Ki
zfI+{dKIC^yEg@KX-u+!DQ|E%E4A3c!%L;8PkUbI~h2_g#qw<c-i|)HjKDLu}P`0JK
z+tn84<_<lpyfE3yteg0PK>%kcTY30U1H9%s6sjB?Ok#u&59v~zn~}$>889m-u(VyS
z{d7+4(y_P|MQ#aYRj)R2d{<1(dV_yHVQ(YU#cDfQ&a7kf!(H6QZmsV?)$zx5-rR2_
zaj2#<cfIq3Yain8N0qj4i+)0##9pM?4~_^Q1$C}Y^+_QDWzccRGAfem&?nW|$buFM
zCqIWoNq|AL(AHnMC<~`i(dmv8@dE^zU_t$4v5s-|-&4ZUSI{)V%Ek<a3Wkb0_>?Sl
z1M1mqxMwih5TNfXx0s`xsjzE$k>tELEYIT4Ua6V46KR!NTW@JK%!yvGvZs5peX)#?
zE}w35waggyR-?J>3t@J#qi3BQ#Bz?dw!s|VTy{M>Wt7@~oEF}a8PB#aESD5{UkH`I
zI4|5Y6f~-zzLh9O;;bX-Ui8hm#nWVhh>n(%biYsE{vJKaW9p#5W5|0Fn%Q;&7B6l$
zZ0{rMoci{NEwq7BZY=Y6)QB>4ZP@>ScX(@VbS(ztzxK~?#_XYi(b>#Qh6K9avzYcY
z>7);`hsX_MuB*IbrIG#l2G@5NIND8aJbTlX5NKuTWN|UGofiQe4mqc<b<>(NkBW%>
z>Pe4pet8ykvD;oXUyS>VO{b^gXr3Y$-L<8@7^OR)<<km~&oIoID&x1yth^L{{r&F2
zlVGHzNE|>k`I|$QiPITIB11qor4;_Y4V}Uxzwc*{dAwGo@kjuLSANJSkaxBTL{YBB
z3#phRj}kbtrbSMW6k)pcjv4WK#PDOAS%e}c(dg*txSfZGa053i)(~L&#eSmNAdw>B
zvsN`5IPIOm{GVRd-_%+*^{wba@!#ejSK8ONp)zU09#$p<JI-ueq&zwiy6>dQ$Db$m
zO}Fj;T9pc<rxK+JT-cdOYn$Rp;ixs_7}ngMOLV9*+0v8KZH~~jKkNaEJ;5NjeK0-b
z+t4N{L5Snh?+cC6Dz4&b*>+tk880r=1S_PT5JIifY~n1#9R8`+XaX{tW9`(E4MX|&
zx?^9uB$#+T=N+9B4;vN3yXeRmE@wF8x=f=#+kd7Djka7MZm}LoZ)3tBU}@9oZ?1(;
zqe}hEyr~tq&&2Ar_+Dsqzl*eEn%TV?zvYW_sIuYp0@z34+oMPQtT6v=RGFp(cQ6Su
zDpON+l}%OqYS3a!wO;C5X0O1^)xR6(r$F<^i%Th8U6rQvL~!P6G`7-{qP;K<jIaQ}
zab!YqiYh9RHzcRrp4a{Nra;Ev*|cKBJpP%PL8h6XbEI*bWOvk@pm#}2H9B@q+n$^z
z&iSrV-WIGl>$wF>T$KWsUAE9IUlBHd6~^jKKWJ1C2$+L(i~XG^^br*Mq5175F6(ji
zi3Ww3SkPs4HfGKVP;4LvB5r?k60JseJZc<Sir1Am7S{utPh&5%=RkX75Zg5)F=BMH
zwQt5ANxV*bQ{<v?w?{`S$EB@0wzhg6Uj!n^fzMb5iDtZ$2o4Q2B+9_IycC_1K3y+l
zA0}BLa_OIeZnwE|5z22_*tL$^J$uFZ{a~^>29+vqJqQl`DXwQ6QfqSc(xKeSQs)tB
zm+LLZY^8+|T)VtIm&vBusMv8cuqYOd(I_SB*3-;ACfVGmK2R+xDX$FDCk|y9VfgOH
zJ}irMz5imf>pM-z&SezKTHUOFX;08EWpKl|&6H+PxA?U7EC54^wbccq1PJC{!xp_I
zV%U2UugL0h2zSa2c@z-F@18`=^4c&_d(;f>DBbVv;62R2@b=9E6-{q&kXwWp8N#h6
z#xmo6WlaU|(~7tkQ3H;(FGMYfG~udPk#bW37vtf@7aah=tT?O5UFV$6VAtmTb^p{O
z<56r7J5gU^Hz}C*hKJ2^vAHsHEUE(<XZ_N1reP-bgl&-ih2$$HSF$?dNhkTVJD&g!
zuHNrjT-Z*6Hg>a7?S=Kl!=9%~2ymSbi_T0yiHI9>#_?<3P)?(s1K#d`N?48e)}LQr
z!_`?#43-Tb2AQH_d6yz(7zBF~{0+-7COnwN8?}6ptXTIZ#D$r@-a4wmvGOZ%**~M_
z-Ptw{j2QYy(khvOST2gQiYz6TO5@^%Om@oyj1BqYD3(}SNs|#OIk2)uz@_G21M3wd
zi$awR4>z}})@Tfxdx!1u7glIFt(28*e*)b#?YKpHOZEz&NfsQupL1T*`S@5+SKTP|
zHCG&Q*;ZGURwB2-@{^fHXtbQtdcY(}Ny|Ht!|ZaiE)FB<BVTWr>aTxYIpi*`({VI{
zV8(d}=_&e8fRM-5uxnor2w-0N1L-cKK+22SlkOi>)YcxFw}H9{OU97ro!TdJZaY?v
zx2U-IuPdDq^mebmJQHz0%LdRAqxDWZrgt~4mR|Fm!x+G^@WtOa#GChkljo{ZQDYWs
zU5#2XsamzD3@UCrc?N(P*an`snvGUCx%0Tj0I3*fd)391cDa^zu2F9+M)J=rOXihQ
zO!Ye=nN6-e>{C1s`QbNd{T<g-0EGd)%b#wJkS;j(_wS+*rEesKxke2d70K&_9Sl2O
zvBXq>ah6Sr-Z^(jQ_oJV=wSnOzL}z!i(tC?-G<VO_?GbRY`#IUQ-q3xk)NhBjko~^
zODFAtwho3IMd4Gw^5pFx^`$s=yq)koWn)OgtCxf_c4Xi<%syXT!7RRx(w*bHGC=JS
z!ah8|qmMoMNF{+`@{{C>^VrcH+jvfFWx#wj%&n%mZ%qAsasKG99l|<aNaVD7dk}EH
zo9+?eencIbZr`QU+Le?Pr<B~B!+CF6_kX3QQz&0<*`4mqMp!r8;yCeJOn|Sf=lBG>
zx2(*t2o4(VA8rF_MB|ebbc&h#B5n+W57EHSt}n81UA^c0UvvVSLuG6NWY5wu5(z;p
zl<(nLEgD`wl5r`N{=j2CTJn%bIXth{S2j4Ppg>1*=XBK1WOIJf%S4`jeIJW9UFdca
zMN*RkkY;y&lr|n_m6Mn+Zf@6uwG=!K(kU41ER_cA+-^ATgCBP`U)7IWbljfL7lDF6
z4@oHT4ed&J*}f3=exsslRrO=(O6?OV&@nM47sxCos~=UvUq0REn<~gm{)#^tr?>-m
z4Iy~7t+4QtE;zrQq(LvV2%@Y}ilC<CM-m*pSfzzCw@KQB>hoA$ykQGMe$Tw&<-y($
zH)<!Gtia%EFYckXqjtPJsi6pN4|(A9>yLbFAm_Cvs6SCa3X?4Cb<=Qox#+YD5U9YK
zgjB1<p&r;8REJ3(mK(2qoPln1khDoEVnLKKPVsv^Z!Wvm1`i%N?`W%k56o{z6$O5#
z0qgQdv`3}SVV_I~@3qxcrnrf1Y+oQfcmFD94#ZZ;mJFN;ban7D)a}G8XPlPvdEGOy
zaB)p+7*u+0%S)8E^?}9?T6D>o{-o7hFm|KfEjX@d4{6@v;ieBEbr@@L1HZJIM>O?V
z(<u=5StqSE2uHI>lxTi*H27eo_iBi`E|#gqu$www=h2R6eTCKH<%>HnLcWP*#Dzw)
zKbWoY_TMrW(y#kEYk)aUO6nC|Yb1%TT`NmTE$!|?wGYCI^WKwYK}hmJE<9Gw3qLt%
z>a;JB%YM_bmO)*ldyS0bhNJ!=k-W#HtE<!u9(IDE6@T)44VxDGB;7oar*V4B%T7l6
zYQDEr2a&)TPKxLj_{<QZS2W4)bi(>NtWDazX2E`uf>T^_ELKa>Gf=(qa9EW4v&IM`
ze74ZkU1I^TDqbUOpZ&EeHZiD#U`cHIe%wipise62Xw@pz&cb@lLKPRIr+4w0bp6Rc
zC9eSJl!ozIRcs#gL7YW-X=(k^+^w^j{>UC~dRWD!0P%wCW|>G5g}=lFaIYYEOYfEh
zDTb5gcBMtD#9gE*8FbKm0wU`bHICbj=D+>63%G&lQ(4yJ$bxXmkk^?FS3YVJzCnYc
z*Q7zrCirteGOtKXVxn2_#>rsIPoQ*tG&g4odC3BT(HLzEq?(;>auoIfK|q^g_m`4&
zy&v(BH{R^!ulQww7_~#jzd?qh(!%*VU~w8=dG%;lAkIElca~Sk<KdSH1r`JXU%w?%
zZl=j7WLzysOHX5^-F{i3yI)~maHpQBko`!%2KT4i@KTK3%}bGs9JoBc!KeVo{{6HN
z?nQoZby&-3)DLO-M-Rm@Y4F@+vb7k319gPrcB(@r-3h@M)DuNtTPzNAy&o86_&DY;
zG(8m;XYl^<LtGZa_rYRg<$yf`YJo^Kxrh`oxw_fd-QP{wXk=5YU7$=TTMxcO&7yxS
z>cC$uVcr-sa^+@(!jo{)n*>=DQtJH+$FZnrF^*L`weY%Fp~<+l$>K%?U#ewb>F=*$
zz|52&mP%o@Bc@>yyG?3$oAGhj9^bYHi&O2MnyX$yxgWyA(oCy6joH8mYK&eIs;{;b
zT(&(1I3_NAT8fxRz0}$y5z;kFa1PL#X5+N^rV;1e>5-?S<w^vd>(d*j+m~bu?~)f<
zCTYTyw~>hGo6C!-bg@s{DFq&;&&;ho)_bP=cl0qwb=GX2P~oIB-R+D;yg^)aFP#pH
zsCo!1k|*D*OcI3PPBvNBzRo<(zjQ#|9$*?!pXZ!MI|R;q>4Vt_JR8%9o$8Zbl)&Vi
zxs1BeW9r%{OH^-5Hr2vvE-t*TR$w)1G2@#(Gvk*I@#)*74dPyB0>5){Y+g3;>^+ZN
zJuE8q4Vnx@-?DBR|8=?AE$rsC%r#cJNXUIw(g0mNIX>Q6i_euMawB}+L1?fDp$N^<
zuC~B3_ylUYpI8nqbYX%Q+QLV3WQ27^8sG4Q6|wb}Xd^<_`=(4Q$u+KQ;GBT3mcG%}
z$F_C;ttLoVd4=LyDKLmN$#JVA*?s6o1{qZ6CkDYAKcPu8o7?o4ykCsTvkTaiI9`8(
zrVF$1n#>}2ie1UQHs2W*x!k>6l~8SqQtd@p`8}wKw0)!2Z+^~-*{fM6KJ|l2*rDwD
z-Pz%i>E=QaMRlOf-Unxg*7O>`Ah~ZHsr~)kppthHve?{U8pERVy{M=HiOv!wfMU+!
zwLiGj=h!nKDlOuEzVXQ}i$7%Qc~(U|&71qHm2G~1oi|`Q>G3>;r5*vN16He8P$v<R
z=T`}RwYQ(-<5FU#MpB+1nL%sv8}j&Zytot%v*E6u9s?!XMZp1&)IKk%q<cMH+loRH
z!-8PPKW=z2sV%wdvi3PRC@lK**9Ek(-b5rmr2h-wh7PM3n?~+!`MX+vJ_i=-j~Min
zKdC+&GAe6^L-{JaUsUb;a&h5w9Xx=q2@q-wf7N*{hD|YTNQ7=N@qpQUP>=XLKuT?Q
zI|hxPRFlDEr=dUg4zlyOA$5NyD_)_3R{hgj6{s_uR8Y170TGp)EAiw+)|kHuDb{Nq
zWB94z^sLEiOusGDNL;h(om8*J?+sM7;k*tc4XBx#Sc;0At{2%Y34<TZyx|EG#hOgy
zzU;zP+i*{VaZxeTUyV#$+(8yfWDSndie;t|NcVN`^APv5CUI#EN0G8>fcvT4;{k4l
zdNZR#)WxBhv0@(ZN~BVA+Mbr_?iidN$;%NK30H-_fcA&gHmpp#Up{T~YpOVQ`@E<}
zu&^!ZuA9(uzgOqFAy~D)1=DX5*KSjHstim+PLXo@(oT4`Q5U%mdGQtNAi5+QxA$)n
zYy2GWFhGyUd@tBDrD}sVKZJ!L19b1w!1IFf=`4Bu>6Tn}gO+T%<35vr-u#@9Pa{qo
zQ7*^Xir4qb1Yn#qRo_iZ6%i$0QR9<<#XGBALX78&voa<@(|V8A^Qd&hEAZUJ+1_Zx
z@^Vu5<{O!Ig0SVSRKhmHZ<WeE`EI(NYS>?t^&ga+buRWMhTzq;@XeW)Nq>q=Hc<|f
zZz_MJm~gRPWfn8Vsv;^isQ%o_4`DdUuW<8~`Q`GQ&_UxU%`EUjXnA8udicGLcYb+4
zj-m5tvRP~nn}9=1qBK(9CgjWhAp}C0XP=Cn7uC!<WjAdba*PXRh#cX%E&TjqKqZF1
zuOKU{03z{pYJa{^xg2l<-Juv5GhnmH%eSrPtjBi>e3r+sv>-7jls8woVQOQ5-_$hw
zIcUEy@99)A-78&z7WP~Ur$7tY4dioF`9XgcwlQmA>CQy(elw>Qrz@=6Si5>75R<~i
zFX&*-fe<O_|8Zf9>vYH@jwDSN!ke2XL+l&bl0%;3LS(~hwm3=;SSQ>?Ief&8USub$
zTC{PyToVl!HsI-af{O&|Tv+xlwlR~{1eyDmgLmufjYBMM(+EHW5^V+C2N-aeQB3)*
z`tJ^v6Yuk`lUpDQO=dFZ)#%u}XuYh0JyW00`P3mnOf8p1Tq_#TRD5+*;vqr#+r7C0
z(xo1^gu=Fqp0*wwmm8V1jeQ;KrJnlETAKpBQJQ+&5?^&?Ug0$xFc^ng+bR0HKzQ#A
zd%)T4MG|k~RVdLOU)j7@meS;hfZ69z&Ul#gYk4tl#sdojAbYu`;ij4$sM^#091TM2
zKdO(=XZR*5E5;|fJLNpwc*Q~{ZcVb^S2V1g$FL8tHZipKqGt7|?#`(|oyD+~r-mvy
zS*^(j6fTzq9OEx7BF@DwWb1qT`ulV8=wC@DGR;S7=wlGL9;_#t(0@!7^iNLFhoNZU
zdQEc98g-*<(f!GM^1VTvtsN8^zMg}P{Bl_6l@WwPy@P|*DwR9Km_fs*7Z>;y-&1FC
zhdXWV%_}+ow;bOeZGJW&WYlwBiKpNVN<NK0rxD*7&)vvfkTqC(YGEFZL9l~yUen}$
zo<SfWP-RlH_MF9HWxNB0$LcnF%2RBh>$KJvCp7(?K7a*+7;-;ohFfKhMC3J}a`IRa
z(?3x#*#g8>#iwT}X5aWCW#$|!6Gkyig1brLvAq)3hSqr?`wiA({r1s<5}Fyab-<<q
zk%Z+f3uMxKnF)qshb^<&U=zfCX5Gmz%fFpv3Tbu*@ohtD-aBe0Y!)0j$iy)3gr_!q
z5^p%GuqkkN9${rx&?S?xp<1<IYJUlK(`o2A+ek)BXrZomK2T(V)Wn+Xz##9nWN;z<
z+txzr%se4qylEZ&{G3XJa-`wB@?hb4IWd-kDNl5#ASD&gQYiEZ<cgB{r6uorC(h6u
zTb4iB?6Zr5-8l)@qSfWEH1(760Xx<^Ze`*n-kMVdkA}C#9$EC3F+?C;({MaXNg0ai
zrMu1JSudophTzp1dm(S)aNy&ucJP_1EMG|<RJ@agx?D&*;#e9h#J%ahqP9jubENkr
z2-PQ1qvz@8erU=;Pn1(OqLVLrdPTBES{`y0E3XKj<h7YjifZ@4B-L~Te3xwN<B*g|
z{71INcAV$F7mCJLhrv?Dl^D(HeJo`K*ToA{M2LxIEg})One0S7I%i%Cf_^Fe!VDS%
ztCG4h!OrV`=6KdBb5~W1*l-q;3aGHN-9X&oR5UI`WcAXC#uRCcjzq<n{}z8UiOiIv
z4XspnVL8GRJ4kexqHhFZefGGz*Y___dV0))I;SCPHZwEJqQ7Is`MYpm#RdmR_QCbd
z=c_1Qem_<{`Vh%`c;z@WF0pot(;V)lTk&gEq<>;`x}FZ*;-vRP>~Pz{ud6y~%nZzR
zePio#SLKQ1z<5IN5JZHi=S}+vn=_#nR5h~vp_x7tYN|NfGR?T(t-0V+6<@O5YGI52
zVTV>ZOl~Vr)e~w+R_?HY1K^waaxgirf_5#-VQPg@ih8aQrFM?o)%fZ)vo5B}-Q8pb
zxn&RF&(mJex%J0ZB2Mlci$Ps!%@1zOLeus`)Kl`e&-@u8XFu8$za^may1OJA)2tn^
z<1Wj*>>y!VRM@b;dG~AoC#1^MKt<8ZOB6uc$24E>L!!Ac2o!Dq0A!<IA%6=qQL<w`
z<6Y!}T&<0<3YATjadwV+?XWrg<HD&KZ83{IKkJ-S>X#jCQ7i;7y5Kqnlmx`7B5S%k
zEU|k%mv>aDn@QpRBs=;gGw-o$a!I;12uU)*!l5=VSy$3-j0MOBgsc=c9s?D4FmzjL
ze%a_t>H+J5q{SIIPXTOsQ*^AZZt41NheyclZoT)Gt9vtpz{D?TuR|eoirmnXs^pd>
zT~xtuD_Oy9#QZ{xv1D-Zi%v&r`q0w&VnTN1CVRFW^X0<yQGZLpW?8{2Z#bQE?TV8Y
zoy(-$%q85aRk723G56_S$q!dP*oBK=tg9A{!ASmkHnjmY<dNJf6gSV7Q*_4de39t}
zpE9w0r>=my<s)ILL8~Afq5GA`!RDjA#^lQ3`c8eX4b<{lT9}{cctVGp+K89z3}Qc!
zXx4T-;>FntSpc-;%~74($^o<bgcDmOv3X`Ei<xgM@``9K3l$gdPhh@Z9pc{CzrU{3
z`?-?5k(_NYyNJ5wim5b8d|zMc7X%E#=vG|3TR{Gmld$R}Lm#&urb6oG-#vpVQ6(dT
z7%powKM5z+_qC}OU@O(#tNRxsv<lC{tZC;93Dhzg#}<*Fkg54eWfNP$A(l4Hu(`Fo
z)X+&in8Y3LYI4}<f`<=~|70G$M_x%3oZX_M5A;9GaO#v1kb=}_0PQpPn&Rs>VoYY-
zS%h_t%fe-Pxg^jJ4@*BRwmr~__PW1yxmrF^4l|p;A-~GIDB1k-RTkA!+D~9nPHHi&
zux#D3fwk=pg&f^F1TCZ@KGd4?>bi$rL0s(K%$M;(4o}pzo4@A0zqDHkz}%sXTz+~$
zdv$uNk5v5Z0|mzx$e)887vK0NbI<ZpWDhRrXGDSZbhlchXsO$h+u8@_wTHyWc|s#z
zTh7>i!-1w{&$MCDI=~kx$EKv*f#Xdx-=!ZBBTaS*_+%p;26X-#O~40T-t++Ewf6qq
z_Uz<gYOQVSqa?1*Q=#5Sui9vn8OS}s#0tPfW{c<$L)o|#9)Fz<*KJT4Y>~trP`?YX
zbp<N^ExN^2TSUcSC#&a)k~WN@vZ#B<?_1>j`@E1vU7%AMqg(jWAQR8uaeqR7LH5>c
z;G9mP#koDKt>5I;-gLF%4WF(<1=_cwfO$%mlSGI!cY&nC$JZ++cF5SrrMdoXQoI4r
zTS_ytWE5I<fVIJaLto^sqN~>Y(h$2Q?S`bz=KkG?&#$GvXM$e4$2KV-ah>6&c!T~l
zgbkn7qWRVJJ0HI}GZ~1oR43r7&<gGTP6DB#LlofMw_|WvbC6BhT(F8dvd=RrV*zmF
zMp2A1k|pw{=ZjJU+5(?^r}m6bF5;G#BI-Y$Cdbvw(5lT?6g{EJwuq;J-&QcFT>mV2
zF_7{?nqcaAzP*bLoU0^MOtn^LUu@G{iww4~yHMVrZH@?@X>t*x3N4@p&#ez36#WmL
z#|E)DSDQ}DrBxu2!UiY}67vv}B5=v-U^N%*vUlT}d{sAHXUXYe_V*SgL8m=d7M^29
zY*!}E#uxN++?7%?I1_VK_QKd>7nLFKO}MTZBi(@~@_`vz{0S(P>E(p&=o)dIm(SC7
zkBe*H$AeVZw9Hs@MEe8*4km*yAhKLU;_9k;77ssZeg1T=)l|-A3BL`#+ObZWFr4$g
zE%<WhwFc0&Zm&WF^5r^x17X*o-h;mUr_Xb+P15ozP2_{n!l4@jL7v9HucNLvLqEi|
zbk?J`-vl5WW<i2({GZ4hj%D0Etw9s~4!%+*R<<rTZfvDaIad30i2@dj5fgLYEan>_
z?l23fjn0bjk+Xi7X`ZrZ)tJq%&#zs?``~p*HF&kU1*$;^Mwi-(`8UITGv%8$n=6*j
zh_YfLXQK2xd$6EWv*kOT>ee)TxxU6XzJWaS?u<iE^{}lM5wTuZm-I=T&_addn7_gE
z>iGAK0B}@@0VbgS&u0FPv$<zGKs{xXMTI&->fcR#H+}j?OUq&pai%wKe(zTu5~vZ-
zB`heY`t8^6ux<}gX$hw;s%mSf9^KRf0qSmBw7&zMq)Q}py~G2YP#*8zdbV6;?gh_S
zGJ*{bI|u{j2s)8;dfwx^H(w02rUi=36q9RSCVzXrYOK3m0w=T<)Q11^iCk|3A_03%
z7kjvS=3yf~aDF{CC^i8>@>m{Ght9k4b~-1mOR1z9ElnKJ7>Nug^Pxaic)sVTe?=v_
z(#xUBQ4NUWoUVc4qOa!FB!<snQSr?qmW8-?LJ_MUi_0>nn$)<R@b*sDsq;io^H_p<
z9}I`lm8JQa6~?ryn1xbh(ETpT4*!4($?zrck8}&BV_oEy2q3Jpr*|SF&|*Z(`<iBj
zVO{_3{E_H@t@g7VRmU&!V1nriAs$PyKy#^AzKIjQb~E+b&tc-VUgXSK1B7Wm=jNFU
zZsuMa#oat6VeyTYOVDJU<EFUWtH>`gZn_em8%q?=g!CTI!4MM(H8!c`&4CxJW2lV5
zRRPE|;p5q7hDWPgMg=b?iXS6!>(aOHX=7FuCfY;x!^Q3j(Vr9%cZeRn(^*W;Vc5}8
zVI^DS9;6AIA2mmMhBZ9PJF97?Infb@DQONQ%cE_<Fqr-O3k(cl0s+g9Xq2u`=7kDY
zeYcV-y}L$__U{SY*bN@8w7CkNbt=cC-_e)nbW3+jtlrqIZOAJPQyk1m3$x99#!G9a
z%Y0^Kdr7^dUR#JqCK=K!Rkcf38INV*3A;H^H%L4>_OSo{@8Yz745U+Ct@NPMg`J7Z
z)f8|xLa;YCue6qLYmy6t>0j;8pXMa&Pu@Fu>SpS4(S01?9Zj~~4`2M$Cb<ub=xoVy
zQ+#nb^r|=r8WyztYx3`r!mN`MCF?lzzgYl=?I_351P;#ai*h4wr|l4>I`1Zj-Ffb>
zWlR3z1_o4nQ{}obEse(04JNo&1SGO)I8J_q2$J^oiDfD5f}g(}Z@FzLv9*2O_nlg1
zt(?ae-G<bDKa0~jJ_+{2VET00GN)<1xB$jpGSFDEzC6Gs>F_8#e8zGG#m+epdl!k4
z@Fm<e-SV&1t}guem49z7-Opl7*vQkv_Wbs7z6`~07fGcv#wBwO9~>+@LnoD7#Rk*u
zscJN-alXJ4ucTZ0+xo7tD_;a~f)TU)VnWqdm<yM#9hS?SaWcmuvZbv$a`|K-pe1uG
zMZpHab93u?{&KR|yKG%uZcx<j@>*GKszBbM9yX_T?AWRdc|y^9*#eux+aAmDV=_Fh
zzl?A+7$2~WUQA;LD04QMJ2K(iacs;&Y+#tE*`!}h`8R%BjfANz8D%q;NZpCpn3Rn7
zgJR5$N-xcm^G{cB#jaF??QkhXB|qsU=xpr?jK0+{P^_>}{{7tCq{nW71y-ELLc%x2
zG6DOewj6XtH<Eg=d>IGQuOd9%9o4UWVZ$i40lE=}Xn!kwW?<;!A7=LFM@EGih>{$n
zUONynNb6iVUoAsn&ItA`4_OeKD8+AUB)x=$BZKGN&S+VCTU87Up<(GP<In2O1YM23
z!6GVR-@{R&8l9~z%Klh(boV&MOWg<-lAO&*8~!p>%2~H=wv?1{nPQ*}E(Sg$I--z!
zv(NyB=@GnjUd@bF6T+!@9RRm4uN@qBu5y|da+XdoEoEIJPWGz?mjQff6HHSn=Nl~t
zRS$a8$uCGLDPF(XIrYG=o2cM-8t;jU3-<`+K|O;kPI_9U;P1w`lwi@}r+1|0FUj5@
z70;fSmxQLbG)(gdHxRD}I8N0=l+NtTa#(ac)@iEN(1R>`S#RqMQjtEt6qBndoq2jP
zvTGAG8$VHk2h<2H1f4TxB{jL!K|XsyQo37W*fmxAYjqUhm{pQ`BBZF~cG^5C^cgKO
z5BZAqzGMOmHbqPfks5u9h;c?8MjoGVLjv1ttT_omc6#s~Q!6b|W9*o|K(Pob%oWww
za1=M;`E23Zal?nyS$8W^0_J8T_g>2$tMdB6?J&<J>EZHa_qn0whD>31qqS2(ryV(s
zTCniyIl8_PeK<+G`%SYMOS_+NfQOaMg;h23Is~SC<nv&+HQ>bZ#xrb~j9ZL><8a$x
znNPyWY%RJJ7X&tc9AYLR{=7v?)#LUGwZ_xB0X|~^9bgk`*7iQqknuUY(s?syc;eE)
zTPx(%6dysThau>+#Tt2RV}j7uq!IO*Mhb~3;E!e(D6CY^99XD#@g&E!ID7G@N#zIN
z7!T1NMW7V|2hZ3^3jJh{+r$Rq4d<sp7NKGR0%Z^4D5MR%Ws5I%RasXB`e!x*8csS<
z)c*otUSZ^;qVm2n+{V1Xla`eHKvZsQojT;N9gI#$!fi=Ou2f=FE#UQG`OE(M9=x5v
zzwFyyM8Dy42f1~g(n)hPB}sD@x`~%N8BBZ8Li+ZZ9=}Zf?TJ0a?eKnB#vl3HZOMNY
z@~-LOKg}=_n~#Pcqizgr0glJlXBv|wx_%e7ubd7RbQ9c48FxI-rcH8O)kVG8hmG=8
z@B#Nz^xyMUG?EEmFWPGu_L7~62Tj#>^M9_T%Ifb`)};?7;cM)6DP&Iv0^)uuo?Vp#
z%2W|_!NyAlXt9tiQ4iP#<XU7D%c8JqHz)G*vF_wJC2JXP$w-C0o56&(V1k9Fu*C_G
zYPecYPBIhrl%~V1sG9%Ia1BSBMlvLpEQOHH9;P`*07E@q?mB$gR4q!bean)=)@b=$
zeho9s?9E)a7mW_BOg=+Vsb#m-sJn~GrPipTg4MdV!7}3!Oev2zLuJNvrJTp$C!hl3
z(h~TrvYZjCuU(73UToPPiFBg#UKC!w?W3}}ccVJwoa?HYXl_`cI2_R~RIe;~e?pkL
zYN<~>$024CC1o)_MDxzU{&Va7@Dk6WnIS6$f`m&;v%hi4-uE)Hb~@$icduh#A8}Ss
zE}=;w{~mJ)wTtIHcR91o$sY?~p3s@Pliu6Vo4)hsPY+6;i#w`b<T%!L!)mISckIjM
z`4oi%lC;?{k<t*bhS2*3`FrU&d%Bh1kiy-qp2T9d=D`2p0*lUtStrsW2*?jiCFbQ0
z+?p)bQq=dn^y8KH>$EK2zkJVz0gyBJa#S;rA)w)6Ew1r`#U_85u?&-3j2)=K1Yf%)
z=8k{ZuJ{}2*VdA=#4oY2v@}i0liH<5YV-WD`JDVo=GV8jZ`zN<-A>l@eb;`TF!d~t
z$KJJ|mUPA2)qiKQLhzG$b4N8ON;&D=#S^+>bzO`!45kZsq%g6A8snfDEA>3rzNX9E
z^IpoZ=`<08<$RSav(@MEEi#%37k#730<_N@WfHoQiw2dGsNsb60r6lx1x7}$FN;l=
z8vt1#>RAN2h<G%;$U%Ru=K=_VA{Mm|C53ILk+rQIPGDWPt8ZQD3P`T2Sbt*%HhFwn
z0eUW3cmX<hmcni{pESvJ6rcNQ=CqVa=X;^Y#iz&P#utRSHXjW<qLKl|_ab);OY085
z{$w0?aGskWE6}9*e(Z<(NcrEQ>sY<KIea|a=Pf16w2Gztz(Rv1+7L5*#{v14>e#F#
z%Bq>OMe4-s#}<%=RB6bJ38vedxA}(W`@>en^y))I>@J}+fViU~rxBF>*@6eEAkndC
zO_JiV5{09f!%dbBw)NxX@T+;##V8s$z2GDeh*2di(-(~zjc3G$$J0<aj&sEI#?@kI
zy2-?`Z3@?|$$9Q%D0|>jt8o)@8*5Z?Ls?lj>$+BZmvwGGG9A_CS2X_6|DZ3pgaXuB
zJ}wW^sE`duv$TZrZAc=9)lR((Jh^l=QI&+mST4i!ezT^87w!htc)!cLCWePTVr0zF
zA>yYeOLb}eK5UB?@tyf8&X`cCH*fuZA0GZY(Ico$jSE76Ak?(&z;%0>fbv5N@Vvt1
z_R`yZF(Dp-@$egOmE!hW7C#axoCzJ2IUH)<J1vNy+pms|U)ig}-w-YdPw%xKa=%oX
zcf*puL!3K)wL0spUj$3S`;>&lEVtrB1hudy=D3SIQX5csk7Re;XS9~NeBspgQ!N@E
zUN@+p!A!lS`vd6+R#E`#_w8F6=HFuZ>Tj{6(=Osu6`uRhsgR<{BpEalK-||W@Uhf2
zF?gUFL~u~IK@QMpzWZ@65`3_E00Yq}rHiKKD&H?WnefFV*z93O@2Ukx$I<GgdeEp6
zCAZVfckbu=)mKz_L`3v(niBmMJt$wZ=*{69Zo_sAS5cb<wo@R&w$}*GKCImmO8Dm=
z(zvj~FA|auC63d;Hec2A=!tVBsA9_p{Va%HnFVQ6a@sr2DYCyQN5rO+?b(a_!LGy#
zKcNUE1Q}2>SdN))8Q#yLC$qM;4KQ|;PnQhFY66?rQtA-w3j<<ItSV^1P#Sx=(TP8|
zS=CZ&h|R?A3(#vgw(@l9sbbR$g_(^33PCMNuF1U&#jR<a2xMv~CZDjPq90NOhh%|R
z!o(g&P?ZcK9lFmcUJDK9EB~Vr<@r{dx{6kArRR4Nok|GRJszvy^?UiCnWtJhF_jK=
zRlJ%>E~?32Q2g0;@`mTbOPNXz-i95^=Zp?H1s^)&*dyWhsVsfDTy+6{*UM}<@|qUU
z)rs~EAv!2Zo;{wV!ih!?g0tnz%8{#;az(LEH36dWQt;|Q%>7W<uNXB|czCN}QT1J7
zC)6fU+5Mv)dqi&Tt#!`&<Aca$UaRFqf~}b5U85dChYu>I)N@WXuN*1HvG@Wrzv$Vy
z)LeWe&cReMYJDhQ^lav;*5l-%3$}dnu(S&OpyzN#Y7FoFeKw(-m6wyHazYn~SqPJ8
zk+k^8rKWK^Kxk5Ia)}i-j%!j1W7Uw*5$i|4_esLAE4Zv~Kd9?lOUERdC0xvQak}Bi
z?3bjnTq`@sn`E@OwRGL>p#W)|d6~18V>{!3u@>$wjR@7(*bXQ(E)#LBe|__I+?Z+z
z1wB98SIqIlM!I{Qvz`>I53Z~r&xaC{8I?43*@+kcctgbc9eby_04yjpDC{SR?^^r%
z(Q}q3!7Vps@8|O8t*eWCO1CI=#t^v)Q?jiCpSQfZjLG`*)Z|@;uNFs&<5s$iS%`;*
zc7#-}!}}F_?6og1?Pn?&qcvY9#=9qFF+CeNyYD~We+g1ISJTYnwOgs@zB;Sq>0odN
ze7|JLBfph(m`^m?m4PR%6%E323h@kHTMM5zakc`4tr%OC^Ern>Z0u;2W8-^3(y&{9
zpuSf)Y0bAFZgoup{ygCB$(cH#`QoE%pT5?R``%Cnw`?H(b_hZsML1FZlYWY!(|vnm
zW8UDR=Yho5KoT0-T!2IXr^vkT;>4sNRivQH9^-Y*mnCIq7Upt{vw9NixbL-Z0ys@q
zuBw+sEb*8tFg5~WY~bNetDCc{k84RL;Q*SQ3!0{B_olkE)_JODXih6`O;cy8Nkhzx
zC&Vup+4eEEVzVo*svdhM(2`2d51XjR47P2}_)%ehOi}X={1Y1DrP8gg4@{liS3YZa
z%=^a5-~^ymiap^XoO_KPa`j@?C5kU~Ix`vzY}zfmNI$1@@Wb#m;XxU@imhIDdCHch
zP@#xT3!Te0(-WTVkxVi$om;ZkVO3|G>~yf2ukE|OiTo;WT`Gz}!OSpD0pptAmLiH;
zxL>HWrNlX-+q~?Tw=c9_MUQ1<p;hXX)A2JDQzkW-PT<6|P}5=By@Gt;!QJqy)?!Uh
zwEH%dRMhlG;a-5PA;_670dll*tb>a^I4zjrI;2fm<#KDQbyu=--{V;|K|QO!^i=3t
zGtQNu!vQhl;%B>~4H35el_?40G{$lscmm&<hGK8LZ*8a_-Ul|);kxy&{Zw06lT2P7
z3voTwIOZj4Yv<j2QQ&{5_wx}1%GxzZw4drC&$rB^*917YB(zUg9T1M4lm4!M0??l7
ziKq@RhG@iNV;5S!)AD;a`K;1xPj+p%S-Y~QK#@;OU0fGp-LB@P(NWrST$I*(a?PXS
zaaLY!jrdvc2&PwFo6v&Z#{w-Bo*Be#_R{>4Pe^~vQ){w;gH1G7DBN;<RVuMzZOF19
zDf*?|?#4BS1q`e3n;a15?>6X7C-LL?u#-*!RDa6{FrbU`_U*=#F}LnduNJ<Zumt1d
zmUtYty0`tD6O2%u%~RHQTaE18tSz$^HMof;FZhH>U^19QC5)j6s8HXis=Uv^Kh!W-
z{`t;ltDFA0O%E`729Q<B+OM}qa<CN>k27^Hpit<0zWzL=#9%GyFk&g#{k7*Y`WWE!
z+^n9|<FWTxi`8Hh5YW2o@<5Gi1ddjF&kHSjRJOiY`D@DzVSC0mzK4>BpojmZ@coK@
z(pdg*t@|#Mbr8>1I$<*iv@==sW}YEkh^=@P*d=ZFVnc2GyMAcDB!S{3k>O{yXO3{%
z@E$lr#?8lb4vo7j(xP;h<VO3PY^0u-T`$&$X@7vbJ<ov#RQh!moUY;<hWOo)*B<Pi
z)v0SfHmn(<6(4fBQ;7UDe-?05IlKEq`lw<NcyiaV`IFIyHMXGSYh+tab>%bjvFBO!
z&mkC-!%)?fR1ls+Dcb4)Y7oWX<*|zeW8F~tY^R@kWtWLX#Uz3#6}Rx2n6Y!Ynb>}o
z&F``?NO1Esc=1QgymLTphMI0>G;2Js<xgd?ONJjGuChz3%_s3na-S`4TN<pDu`iA}
zc}S%e>SZO_z9Uhxy!?^4u@U=WKZu&DqfS+&{HGF$mjn^9mrpA(w5O(JbSAdIxidLs
zF7g=JKUoaE#-*MDb_q{Gf5P2wFbz=q6%Upqoq3y124)>^*v?&@3lF~@j}9tiBdiF%
zG=ZOfjvt^`S{*uQf#--ATa$_`@H17(e`9%5Aseatr9xJU<RVuLf?6T@l^2Ya(_mud
z_LH=M3kQ@nRz$>l&M>`<0}=jGo|orSGjrtFqC$c3HTpqFjTXD7bR%wTZC~=<bv+9R
zT0yH#?!J}CHR1=)@?0K#byvI*K&093BpoA0U);PY;P}$oFgehP0NtYGYyb2iiij8_
zZ4xY>VrZimai%kGdfw5@4xwB<a0J=2=vTa*eO^jB`9eKF^Rq`>sR%t-(JjY8&$NC1
zD64VlN<c$fZdZDA`qzOzh^~Uf_U^`UomkZZ>UB^%!h1eGf9c@d*!2$qxK;8kJYJY5
zx78<LsOfxx{#-x<uJ<0hU1En`DaE$n3P=$j4csZo^M3sFJ^nSIcTi$h2fGxoo`}mO
z@SB_|xNYUcQz~$y`#RiH|0!*g<b_?KCKoaI9#yyd>tO=k9GjT<cx4ja;=I#SN6bj1
zU#g%}RA*gXU6t*y_)NKHgX7Y8xe@)*>OJL=#N6l0Ex@+$lZ|J;aldv&$!>I;SL<x5
z+^7mbG#mCl0dl=_!^wm`rZ;=$T&gX|rf{yI%~T){+hgC{9+$qBwgK++?|$F-cz=HP
zQ)3VNJ=@m)*)X8|-?Q>&#9QEC;J4P^5T=f+waT+~8Fcm78~-}=?U!3Tx6SlP3~bh?
z%)T})<!?3Jj>6YWWYGJmyI{Aohm;HluDi1}5zQ}gjVh3m`e-2eyX)?wm*m#l%_o1k
zl(FP9WvKC~A=ZDGq<<+sfA9kf7r(ik?XlTV&Q^ZaNX+`gHv_ceJ;uv+au`B%U2JY{
zE2@urNGZ0TKKu_E>hgDo+JG|c1sYY~@6Ku<z5y?PKR!%E#~mq|7uxzZ#F)zOm2!N1
zlCK)LRPF8b9_2@P+`+*yR<FjqO$lzT!P9f&KlG8PG|9uj6-#r!@bL>GHO}k%2~cMx
z5*W<>L@d6zI2|3#sXGoLNYARM=qZ;|{UmJFNiFX6arN%{z##!SR=}n*S@M+map6$0
zR^?{0O><mc7%@*K@C$kB%VD}IQ%&xCO^0n?hMQaAQ9aj3o#`K<=@iEb#wTgz<Axdz
znvJ52OZDjz?H>Ilh?7(Q346|f>qI#I^#{P*Blis|{9BG6JaK&YwtknGKhW)bU(vGe
z^DzwuffL7(=&RM*qu;*rTfM9sQ>hM)3fZ<q8d7I;2VXdvxb4DiUvKD7L_|l;j2f-n
zy`M!`<*c=^65ztf4<Cy3(oO5`1>#Stc=X1#`I-1S3Z-y5_<Ot^=j1c|_fP)){>$@`
zUH=Lrf)O&%Lb^QxXV&E`O4x(&4wq*Ij2CF=kB6Q0ED#yXCu%$+1$U_Xg;NO0U7zot
zZSxPm`rl9Y0Y<GHaM$Rt*c6dAIFJK~yK<8CnYN0`>Yt}-#Q_x{O^Rx-TS4tA+YHAQ
zOO}WtyS?Zr--A5)j|o#6uXKw>MC&R`ZYJ~5?4i03N|c`UXwkEqjeL=lHI)e=V#{3X
z6*1x+Ys{gN@E;n=_-%TBr)nVWSm;{Oe=^gC`gL)%QXmoVWl5S+a($Lk$FAw-SiXZ3
zAi%c8Y&U)U^$H)~EOf&Mz&L8Nfx*r93+{AB+cdnq>a`ZlT3!kHS8BwN&o`(^{jKYR
zmQN}j8ZuYVzR<^iufapShp5}_jO`DK-|ztT`CB@y`Tv1v%RgFLT5{YTV{F+a5hT2L
za(CV>vfRC8u8#iE;|lC~GR-to$<=FKU;1X6MAFW#ytKjluMYoz{_Vf=p46Xh(iYEX
z^69n4<&2)~<%Cvwitc394+eW0q$@ro{_h?*ba-Umq^dPvtdjK<hzt9e%!@geDTQr5
z$B?wmXG%$tKaS|8Mm9#%Z%HcgLXC|-YR`DhG`O&(iox`f`;9uaLxOY|fy+!HB$&zP
zt-U>c68q9tPyS5i0N=s|?%rJ8JoQ3kps44SY~`ip?a)M6j&~cAw5lr25pG9uF?e`F
z37a`+VkS5|oX#2A4h;#B&o0^=8*7@V&~6tPVG9ut{0B@;gz@=t51Q$_4^P_KDH9~0
zJ^bIdO38pJd|YbbtEL3RpB!y{?CBPjvQXd68I{V_Bl-T~(Nna)H^skS4;6kY8oFaW
zhnsMIKR$sTKMc1t5GXtCdmYVflb%nqH$`;D>ss|6A|8+7?+%9O7OwL9GviUCrkI-$
zK#^CaNxVLOba<AH?&dDycA8Bh6P8<R+|LAMkintIrGO>L!|pC+a>gR${(c^Bai5eu
z%n8s!kiPK^ic`S*|Db{Yds+WJXjOVUZ-Q*LEgR(S`0pkBVR~4tXJ75{GtP${V9>v9
zavrw%w|I%seS6LzmX;#7OAItgFo@Ltp1A*yU*FPSeBhfYXWPvq@U{MrRDbbz2zc4}
zMsNQCHbGG!tny=SZ`@MPbT7fT_5ZnwC|_ZIe$4dBWc)6HQlV-PL*W0tssFpu{(V3>
zh4Ih74+rrd1RMBSVX40>otpm7u`J)9N|XMdU0t%@**QKK<J|sxl|Oj+fA3v<dqH={
zPVWcUtFa6+<1e!W{-?%c$UU0+hSg(MEyMsgd8oyo{#X0|{|_((A8ktuo%#7#n{!b9
z_ayFL9SyD;5&L)<d*pB2%1@iE=oG%}9H0Lm-rhQ@%5IAr6+}`RLAs<tQo1As>F$#5
z?k+(<L@A}aLj|M+L=*v~ySuxayEeR_pXa>i-aqcWV=x>KW6OTloNM;{t+|X*2=Dyk
zNd8}>;zK+qol&(VZgJvgUMN$Pf27<$>K5>@b}DP&I&zVd@K;yYR{ymLm%sW)_*Qql
z^qSI3P!ET@){zFq%TRppjwD~J!Srf0?uRzWz4kxTQvQ*_$z~v>bIorQL$w2#-eXLq
zo8Qp?_rs>*6_?H&{W}?MK1{&`TuO0iY9lmFiGH9N_^qjwi7`Xm;h*nEs|DYGuhv1c
z>j#NcVF=1U_y7DCc_QINxRRvyqi?x4pN~=jEb96ImfE9+7zg>NMCQ*rxBQ%{(m!2&
zzn{=8d^tZB#pE>rz(}489lrU)zaL1@;B!w32XRmWhlGf4>?P<p7sYvYRWObO(wV?x
zdbypYSzVImM?&F?oJ*3V#`D#msSAbV!M`e*Alj9Z5d^*oBfU{F*FZ?8J@dn@d>F{M
znY*cN_q4Bs1|AC{meFswEd{`(+Vrx$u)odJKTNx}T7H6pW2Vh@wj@8XkKwQX*CY}!
z+p}R6UPF}hltS@~Z7Zl&SBrz8fwC05v(z+<iyav1e2WzKS_=L{T>M{M$qGrL)?I|_
z|J6VakrncoJ8~4jhc3Q8<lr$1UUiDuZ%JajBX=>jp07c&vIlL8PeOZXm;s;YAU%he
z2O@Wv!A<i4uJ+7qH*)d!L+Rs7BUg$n7;@u*I{AQ&>&Az#v=9C!@>zT5KI5e!1B2Xv
z$wzv1R*C@5tJ*4bQvCg8*Y8KmHN28ZI$XAVxa;5!UJY;vtMs<*`x)CgF!??#4&}u^
z8{=yQnE&AyWxOJZ)ZO`^Z-ak}$qlO-xS^af2u~XOk4UhuIdls!NW$iU9y5C5|6Z=`
zYe836P7r>#rYnuTLd#dIL7AINDtjUf^WQABZ{3yT_a8X<cHPL?ASICe3I`YyM94PZ
zPgG?WyK-ogihzb~8t;@xDEjFgof-OQwh4kII-kvcD61+Ky?eA2ghQ#`8wWD9?|kR7
z+_saqiZl;+&MKTEM2STHtD{(ab14q`UhM*6U@-fY`01qp2_EXe)#4(N0#>iG*fbpW
zk`WDzknLg2{<4zf%ha{<ql*N-QaaV9o^Em2q9m)b()dF$xbTe)#QfNMAHY$V3-9jx
z^&SHckG+pwqP<QlnNi^WlJl!yj~}F3mp#)}OWBE(|IG!6{_i`$s-nO{)To#aFXQTF
z=}jaE7sAXo-Kj{VcDe0y@WO3|Uy+e7YeZK$Zeb+Rb4oWm$jBcBg<&uG5usyiBxrmx
zwRE@-$092yzonkAv>y9O{e1vJ%+UFxfxB4=HdR6SDn+y&iYm^@Dn%L+tR|i|T{VmG
z_p2|?;i&oRvY6KvyE1l%3m6s6%<}$~2J$N!d>kUtZ)o5Y14f3RjgYr$n2Mr{V#~(4
z^)6TLWg8GNd1{C_^ir=%WpCVUgB$enN#D_HKgD#(7+S}r*Tu2Y&Qx%XA~hl5xR8^B
zFCwgj=H}*h_b<*Z!b^SzP+c%bPaCX^SWY*73oB#YgFmZvM7oES^!_blCr0sVU#yt!
z$e8gbfn)1CS;m840H(ED0y0m$och`UW-P`=)xm~Rk;bEH+bL*pKV#_p*)}UUO0BHl
zalF4K{xujihf?}ot0y?3o*5}{oZ86p<l2e<A9@LI4Go$TM8J)DP%?90f8^In26iw;
zxxT)?tx*I85^Si#V^YALLP0Gc>@Ie_u_k!*Zu%YW=%jkVl$03)gL-ZJeEZoK4VGz$
zZjzY7AMU_{))zk8i|ox1>U?nT<<?Qv$1Ek!>Ja-6A2S7;mql!=U?Zs6=o6QN0}+v)
z^(|U1;c_b~NKrX_$SYh;>@#qG0cKll4S8EnKQJGwev~AjD}%~!n=*4}?1!0bd~QC!
zqK24_PgS5yBE5n<)S0>L;K7s&xXDti;umwZ=D6`U6iOwr6DMII)8$@OYFb)_eS@J7
zS!~a$vtmRvweKP$XGy%#O$8UCw$RhCnsmRW2(vU2=lyT0F8B%)L}X`fx|~09ZhgId
zZLuyx@!5s3UDt!jRuBR3dCM=oZ=9W#VbgEyK|%F8Kh>qCFv|XV6on2^LFfqIdTT-D
z0+l2UiU$af4Xg^DfL@~0(#b(*l|#0*_Ruf0kJv?dI<A3x_BgFHtbEcTShAYZ15Y1-
z)Ak)@j6tDUCT)vjC9!xsnjgiGUqrl2CG~op>#f9xo8nFVeEiJ)Ewd~MaW7Jybkr0n
zrSM`GP4e-9Dc#H}0_GTlO?N30RZQ3UgmqmIp!uPP!{H{WyV<f5Y3oCmd>3H#vYWs2
zJ!E(on?#oZW~3=tTfbCvB4Pcn{IErX@WV-$lau-x){R;4lL8t8?RK|#m#{dIRLXI#
z`Y|pmG)R530|TAQT(`(H>O8B|m*;w#nnbEk);(sCL2YlLGg6@abD|o8cmNz~_HZMf
z+T+LkV7SV79`@@uJl&wQkq1sOcQ?+wxJQ>r8~GEw?U-`11YgeXm!^V<(rqrTBR4Lk
z_!O!!=I5d!3SY&TS?YGB5D3wxMWXZ)n+CIg<#~VozFk|nh;{EpN8ipu8?_YtJ@WMB
zu#UZDNBPPxV;>!mv@uHDk<lo*`FFt7xa5Zqvm`FcwE}vJ6yGGfnZgA170|)4ti1_x
zWUFb|dVEK&-J(P)TmLpsE71rhr3QX%&0JC6l2l^NnylB-J@er*fB|z~>r<uXJM(4z
zg}(z1HG1`4w9?HTMLH~W*SZPd_t;(s3pdPzJfso>zgSbhj<jMz$)s?ti%>okKo`%4
z>syy`G^Gm3&cDPssHqt-i+$!M*<8v=c?vbz6xxBHnrw9MW#zNxmyQcbE{FqZ%4Xlg
zH_X78)_e0VRCdR^xLB0MYkV~>J%Kq?oXUL;9nzU~UMH<AxVTHZhcl5p%0zELfVC^#
zK+KVvuUsM{(V{)ql=$;k_KY}cf|SD7@61?)_*6693NE0IODkN1l9VSF@vh0>d*Ro&
zv>J8&d6+^)Bjs_;aHy-857T7dX09y3G>VLT^cq=nk(&{NwWC{j5osf_*SIX9KUkc^
z!+=Qit2LeLqaywESg2faq7?#W)%sKbch{pco*%~97q!XfgUR|`4>UJdMv9QXu_NXz
z22Zi@m6Qgupe%IfN8~B#cz;R1D_&+j9&+qtL*AoOEPKy_G#$liCRe-7bn85yQd`_+
z%qyf~joHiQo$9>#$*}wAz5Oahep)h-@EV$O({A5)V&dJn`d_x?REUg-e%*T}K=!SB
zxK4w|Ip-`sUd{a|Ml}on1l)k;?%t@_|IU`W*rY>exASY{kJ`Mvyxs3UIu5x6EH~lf
zpKclk2Sg%c#0NnEVQgYIStMF62u5h+PBzTz^_kJJF||KCpJtDKKHw89x9Cf^sXKoy
zDfz;yyTqnG>EQ^W!1#Oonz3r93{C4Q<#9CU%&$Q~cgkEgbl!0}aL+9)@F<APgYitR
z9efAf@yyQ*`9QrVV<9DF(YEHtW#oBY33X3{F??F{)0;OReL7H(Tz+XxO-KE7)W63p
zJ8$$D+=I<!n7xtHBO0`=cJlmAq}F-URz~z2FR6sgf@koUR<htSfo!=j?5zsc_^j25
z`V<|XwR<1c4rB<?Dfid<-&qrNJ!LO*-ILL%b$>3A5n5!h*uUZ-?;4+HVHiVGKgs6B
z`z!_vH=lEFxWM6QwUr^UTeaibL%ePd2{rtp{MQjB-~tl))>DD-h2h&S!vp;@FH0j=
z?8-eYXW-p8_a9@O$0<u%r5w7p6-yoOH#<3h3oWkbuyS1KPa^WNBp~j#-r8){>=}R6
zTzncD9-av~e5uuw%o!!!!M{^R*Oz+tzuGU~OM7mo%h}MCesZINkA;B!@;Br}LA?!$
z{v8huwg$pc1z28cG&T2xuFmXki4z}-BrX;*MXB$v4!se3S(|L$mp{WaJU!jRW;gv2
zB@A;6owC1JTN4p;h;IqpZ@e_fe1>R6kW69-oG%l`W;1f`JE0~Wj?CoM85&aV+DyB?
zpHTox(<Ka-M<Ou5No2&#EUTu$Yiw-x-Z`ndH#_M|BLO`n`|F?E_735zwt6I+9aQHG
zS_^pe_V!Yr-S={hf8nt(Gj?pJ1$gCoEPd?YXU5v^)CE8c@{(ntfFQkB0af3cew0?T
z*^MGAoiQ@&x4d;|Y@LumM1Po?z+t85IXP|HFL7MY7^_j+T-Mlxg!8cb&eXoAjRtm1
zbSyg3z6P6>DZ$c!Lw~mlYg_1gg-xLr7*)JF<E}+RJVp{u^m&CgAIDtnB#ZE8_Sfd^
zJe6O|y`*UfqJj8L$@DU(#_Joy>ly?#-F5kfAk^(4bQz_Qjk`Fe^SU_uMB9=z@ag=7
zT@*~0wzEUv<6lRQTNWg}v3!3#_%%?1AnjzP&Q|Y@=*CSd2#VPnjCa~x2?*f=LxBZ%
zFFLfUd-Y1reKYNOo}FWOM^k7qJZ2IU9ud()QUA4JitgjRmBj$mafjSWo<@=9c!HFW
zmy|vxLE}hmBu~#(_q5<j?;RUi@*LutSseVvTH{{lx&=+h?dtm??C$!zf`Qz}zck9S
zUv;`WP6=_XjaBstg&P%$z`>QqFCIP+;IP9ew;p@fp2C;|M_k#l<!?P(2CnM6Tk>><
z`2J(3pw3rc!2!mM)lsr%VHzAAJPMJWI3N4(_f)Pb9-!vDsxCJiz2MgsdMlKgiwqFb
zW+@LdXSm|DQ$8Y@SqI#%d32tF#$g^%vu3ekFFx43SE=B===+k*QSig+_jF|*)0TH_
z4{KNYizOn*ykgKy#acUFN!XkTeiJ%0qpJjaVA13>&?C)(TWHXc$Q2O#P`&WAmU|N0
z(w!GJL$6!gW4eS<$2JrQsbQ`Yia#9{+8|7C#J=Dt4vOXWBHy)U38tdStz-!<mE;_Q
zQ{5n;ua5Q9h%EUQ3Q%c=l~d^GyQfVHd8tggY8h@nNyh<E7R6O6l^ZK!dn*GuVK@)v
z+{L&VbZX;K2)PaAb%lhW$6RMjaqGd@RWKVWhPVGaqc*Jw+}pQ~-|n5!Ff&J`XJq6(
zsm<A6dzwY;a~jp2%x59bNCqOT-Nz)I?5X)mc|t`PuXAO_(3Ym(YV%nL_vQCd7rXHW
zA#9O7_pjC3!c~=wNKb%QE$hoYJ#}mSIVhWDB3bs$(FLTPGm7g^^{0m%7M9wE;zWZU
z1>)ORsJR+-RAAvLXrhokI^*=(Jwtp0<@D70@%sp}#c7K4n3aQ0T>T|E{O@;H9;@y?
zc_sf5+cMKB0oC-41f7)DC$0!%hQqH9k|v(N`5uv(8zN_55ssPji&?_ulb4mzI{Zl`
zk!q`eW3!$)m6kqE62CBG-PxPc`!s^)LIWtjmWsPnf5h8(A4XKHR%oT<trnM+w3-Kn
zvKmX}7#Z*_$hdlU8=4P&xEC0@E-0e@hss>XsqnTStnf%(LxSUUb|k(|i%EO|G*aP~
z(-66~kv`e;AsW_M3rN*KdgE2g;^bKd_7C^ZxBShFy=Y{1gPEchmVa^Nw9w%5>^nct
zmZ6jS$w-~*eRhmHMxT$^j>P<{)~z1g!Q`2iKDz=YYJt0>x3*n@k=zA!boC~mgRxI+
zK>e{WG0A(%eAG%0_eU-=%F5WR*dPsEM<H;60Jhck**o?OSmX>Nmq^2G#WdSJO9nQx
ze*g4k{Ly;_yGV0$Wj-4+w2T5J>5eC$XgH&|@l-$kvko?POec>nL&mAlLSO|U#=C9-
zYeJHOlzIdFv*Qu#H`&0b5yx3)_u(r@cOT7u8G(~GSW&|jm@3Dj#l)r{MBcw~J6Wf6
zvJp|(6sQE;k2k!|3MzQEE9KAJcSkeG=eF{ZJ(hB^H0if<;Z=uKjYy@G9&951H!Yc@
z0U4DAV7G_)Y3@x;?-tA|q%!Go<j?TgO94Y0<3cT7Ek}kB6j%q1)l6o#VmP}df<h@M
zD6lXv$V!468=+e}I&f4l@zH8R=53d{DUOd8QWk-Mf3tAfjIN)a|EaPvUM7+AF(h(`
zA5_Z+sPsaUwpa!>x9tbdk~o1?>qPYv9QN(5w&kZN>?Xo4epeLau8)p2kRDU^%5`g6
zw3-AQ9Wn2Jt-iBkzc?5rT<tvblLVBGo#)gdcf`T*H=5Ck1vCb=_et%EkII8{#pFM0
zC@+sQC#T~FD~f!sR?0HJ7xO^Wr6_?Tc40p-ly$)>6<M<<!l>_yvT9ilyHDR%mF+#N
zhf<C?UVX6jU@oph`KeEGRgigK;X?*WBL3KtwU@lbl!LVL*^k0r4@0l-5`*i}Breft
z|4|!v^#}D1q9-Sf$@e*yZ)!=mpu{0P!HlB-ij;nXbhd2Ru+T3o<;R528Jj}SA4<&@
zq-m+`zT-K7I|jFjh2u02zIW-8<`@&{3qoq{?pAQ04yB@|TgjDj5sCkS%V9GvwNZaT
zG&ei@!+t=ACwjg9!aHBPhFu$NJw3&JSwc-Z+HeyNW>=I%jy+XK=qq)dlct$;MOj%O
z%l-xhHsQPH$H@4KmOb+<)uodUj1bVLMYnKq(EEJfHI={ew{)IKj57XQ>*n>v9h8A)
zSXZ9vlOdtiV;B1?Pg?L(ZLr<D7ncvPwp-Hp-ANh8a%Z{jDm~><;ChvEr+6@vp{|18
zCD2PNl5Q@BNqz)Xvw0kYvi-`CTNdD>e3N~*3vO+-L{M!<=@Pp1Y=1BcVjAFOE^Wao
z65Im4p3+U|a}G(}POBngx;ToMwk9slIp`@>U=4ehyr9RisbKw??0^97f-!k&Qs2Q$
zJpgVEf3-Et3yxT;haVo!%!Dvdn&0+`ze~g`BIdRE1+ENIlwi5kZ9x(=_SEHGgtS<M
zPz5D573Y`T2ODYjQ{&^jy}9ylhATE6d<)|mQg@tojg^Rf*QjABWFY=F*=rSkE}7H%
zb#V?RJSJg^6}S&c771!P^P=6U_9GdU=CQ|o8afs(I&Iq=4t7uRnRs61Y~uUm+z_<o
zv8;05gEFQr%r$%-S`;mG>}pLN1k4>InVw)P+~H;Vmp!O+a>x2#g^964$r_W+Q3*Ih
z)~ip5)YrD>+CbCqp+K2I5rc=F&Dnv~i}3JN#he$5y0YOP;|P~-820DG<0qitiyG)P
zMbZ@cyOs=d3zSI_eT&`8!X)Dlzpi4v<94D2jkm0@R!^~8jUu;?mwHU()YR@L@wmvq
z!xM982=~fJWr#&A0+c}xWb}>uG1T#bzy-}45NsD~*TkOhqzshzwaiR?ecnSJ$x9mv
zCgMER_1vnusu03(K>1Ag=BpR5m&-g!H*Ykstg>xMtg}IV&)KCBQaJJI9eY@ugolfD
z%+ar%M>a#i#E^#;Q4$S)8sSyvSb(IzePBxNYV>{agYz{>u7<LJq22ROZ49s@b<*@>
zJ|iT!8(<<I)$oAxAfZ0-z>MV4KuX<P^MU-w9;gHvkvS#3&dp2DfN_i{GkYW0!OtO|
zygvRpVf@{Gu%!L*BNmp|*`N1(6ylTKy1mM-<NUV7Eq7D6{quoj6H-|{uVW-Q%w&eX
zc4&TrkTlqD*hlr`S7Q_H^h9Cw(uWtcwsWhrlF>UjKu#&PE6>IZ3{+IG`3@&<v*#>=
z+r(lX9?B&1N&p1jr=JTUOkJ^yr2vS^X4D$?A=zzbzN?wo$MB=o1CY7FP(k^O`vO2s
zFd9Wg4&EaR$+(?W?;}u^O2F)*=8nZ{W{Yt<SRJ%{q&pK&*-Kp=ipCJzGoGYbINv3F
zS)%y>x*1Mju+I4BlTHNvFRmTy+Rpes+r+{&4=ebq44CZ(8(u1eH%I)`D2?j3;@9ia
z>1bzI+K=)wtj!4uO*YjX(Jw09=)t8ka~Wo~`Y`rPwKcNd=l-M6(Dc<rA@?)#gF*=q
zN8>3;Zw(!s!x77uoA*(3aKt4iZ$<+Km#dbH?@kJ%w%J2&us#^~8u`Cra4leP^q&ld
z)UN$_VO5V&^bO>rX0r#78e+n}r?edkMgQPE)sBykjTO5%9>8SJS&xa+O_NFDdD`}Z
zV~kB>-a#au(_`QA_;{s+etE6G2><ipv=T0=e)=6yy!L$vf4Bmx1Xi0DV>_W$;7kan
z4v-mTW_7>CP;}Xy$HdZLOawV<Oc%WYJq^Fr>nu<|?XA{^%V${TRgRZ^j;euJA%zID
zg#Zd+vg?X7DcPBs57Z~?ZKN}_Yn-`t)MhOQOVOphr$iAE^61*mfTP@<g4<A5d(P9?
zMCU=-xtPXhc(xN~lcDSLsqF6Y<XQmrd#6Iu4#cPhjvn66fwo%}^?_mkxG%cZ5_Vua
zELK3>;n5gxdR(~1XXY4hEdy=GLWT@J=d9C-;Dc1}G0Y~D4hr{!0;6cV2dbJB$i%&&
zu)F3|GuXwWVg(%QtP%ssAmXk#wJ5279D&b~4Uh}nWgHW!pjkd__&oB$?joS~la20M
zpDF)4Y$omW&)dkzuVd;zouA+)n%sdpq}t~C<k^E8!{Y}*SU{Iw6z_w{Y4DeogyO^!
zk<h!1AdJAp#chn);Y@JYpHJwa1~K!Cu&||mO`E7A;NC-#5Wu&fpluEy=f+xL&^#zh
zCV0FaI-}&6->_`j+L6Lh?Od#oMN8qdDhbM!SxAj!)9(wvI%-5edyE=}o{`Xm9)`n3
zz~}f1aa;PEm<m38_Y;VX9^`2rmj+e5*gJ?wNM_A1*S4Xcl)sMid6<q=6fO5o?_D2D
z`yLmQgcG}woT->2gFEvRbrhYl!gSa-`S7ItL+i(d_MR6`9;OR*<c_=xSl_;hAX>a2
z%o85T{!Ynf#e8YisZc=Srt{4KYTUz+Hb$-J^_Y(zcFNVM&*V_DjFOo`6{(7&HwGWR
zJoo<ih0wWciM33x4~5&6^Ep|gP_FWhm}B3)wY+zSiB+y!7}6(>q=Y>3x$i!@I%RoT
zQILyi$#O*Cl4k&5i<n|g9d&X2$6<QsNRQn`nj(sAlV=hwxbJpPKQ;}pK>xSx@;!(2
z*3YXM3+r*egxn;mrx74gJ<_bFtr4J?nq>k_I!~vO7>B*(KFCnB-g+OO7a<|hG3FOo
z*w~%J<rZe^qg>r%Y3#pnn$7(RfhOYoq|1=jeSzV|3!<8zZEYC<NYqAoEGuvpZeU=r
zxY$L$+bN9N;)zB%+!O=@tR@_M?uIJd2lq!$!O^08%6{5?p_V1GR?b)EKUEm%{oj52
zgfZP@{+)B@HueK!!uII?&YwNI_LpJFFKpD5lwD{r5#7AJb6Paaw7>AJN)M-fZ*CXc
zb})YU61|k?{8A1rR&W)$)NJtg@xi!iie`L(F0MFlRuSe}m1s-PWS5?O5A2#&Ud>wD
zOSAJ)cP~bWYo`3ZYr8b8U1mGy-1FquTe>-QPuH=@_IDcesBvc%Vc3PGW5u*nk|+7}
znvq_6<pV);zk*rJf4%G5?TgdRHLNK?M@OGNP7;!r51#ONip`iEUGFV7%n*L}Ml=3=
zcq|SYn0o_WQ>nLKLfsVVU<e?-x$<Srkbb15RP9`><`OvQtZDPUul{Jq2c4tDa>BA)
zxxHuWiuFCbUh*j=qM^LTJ~)*2#1rl-3>sDTcZlBwf()pOwS$*V^bU{nYU)C=hf20^
zys19|6<C7|hTKGn40gfpDhS`Io~@p9QL?`T%?`Y85%jIxn(kt161);_Rs9SF%Ezgv
zxu6%DlmLP$SN-yJ;}>BT#-wtI0zO2)&h%gYLd*d5>W$R}ntbo*vhgbGF>c7L1*`c5
z7%()W+*~Ec;+RU&XR5!-IHC=D;=>M(=}!CI;mSt=$(0>?%3BLYnx=E^iU$p2uQlQA
z^aX~*O|-cjNL@zakS)$jQ|;waM3(z#lGDkS<s<O28)rlt)2CiPs?fHq(MUepTkd^f
zfF~+fZmt}`#~rIJNXNbkE+;_2o1x{lE%#EUD%o2n@Q7O!eni7GR>Kj4{V-A1!+AqN
zonA-1(-nedH|<2rXDsGJp^}~N?#0P@(l&y92My}KrB10xkY*I50B(T6^yJ#}L)AkZ
zllNGQ<YHno17+RLx(5jSC`SFH)5^-uu(hpwDE%m9lZEaC9qk@gHq&>1CQQ4`UTc5V
zunc<~M%ncWjSdP#c_s3nFA7gd7FV*o%PVacM5D~k$q73ce}IV-3D8@Rpa1}p@ww_4
z>khTlSd-`?Nu>&HTcbcJRqwg)v3L0!2E8{Hy}2~nJivhUln06IAb=KC;*+@)Dk_)E
z(^JpZR&I@>h_gN+C(>+-UXt)e;T5?&+ZE60SsHM{Plsd8!#tIK-4fdZ?O<*;DLZ{y
zK~{OqmhUzka`uRIjc^DHvXCOSrp;ifAOG1bc^J2vAkX?1Rqo?}<L_mdLqi|{x9QoM
zX%4r8WOx7h(@6~Fl=5isAZU-{<9+69<K&xjc?NPBDcT)$GFyt<CEq^O9dn*5gwc4`
zJZ}BQkKD}?d*9aovY)xhB$J}#vf+g)x293Pm{3x`8%iAoS5&;THItIB1Zz{rCEc&v
zb@Ft??<#tYXQl;rlgHAl3wi9XX3x$V;<3!q8dyjZfMSkFB>!;;GZ^VAh6P!#tsmf_
zQyTRP7$zX=w_Ue8oyIUgcQ&Uq(e+c8IaQbz6`w$tKU|pJ#oh*$(doA^9J7f!uiY%y
z+#m)@vOkOKH_wX+zLyX=FI~9%Hw7sG7cl>9$Rlo>?K&Fs5yMpZL8ASG$WOKfcRuJa
z-m<Yn*>~nY+jYnXXLV%~4+&yoVw78L!S$LFCAHhMNqm};2NOOi!dBG!(_qqMP{I$+
ze8rrXefBvrN$IEpr@r1NYaGwG{|8mtn7PUY?8qRi0MJba?LOILLmDY5NpsoAh!ZNS
zk&2kui|X+19@NEmxUiQH<39}+<k|M^B~?>xQnr88;WPkMnGro---8J>JY?LCfTYPk
zNCMqnDFlQyQ;^q}c^+*`;;z3U6*gV$)Gzb#q5Ztut@M2OaJ^=OhK$Ug-D+6GVxTw;
zAaeu2E$^1}nmXP(qe|_msQj+Fwb}SHN2xv+=eqz0`=jzLt4XKJgcnt0`PN6{tWI#K
zi+rZs2c#!rjCH1qGqr9zi!+f7V^HQhGxtH`_YgRpfk}K^F(q`c$#m%fY-sRzA=t<!
z)FL&cw6ruOEiFq11iQaUzAQ6xQ>LzeG|*LR#(@e(xwa2-q`+3^Gby4`HcH}UY~RcR
z01;}U3cwXTc9lLceA3dAWZD>*^SOH;-{$nW^ZMwzz2;brOWb+_5+dSahrmUd+sx1$
ztQ;Do`~?FLH%mJ#zD)8dJ1>8u7H*{K>f!%Jwi*mTt@DeU(TSeYpRmHLJ@V(MJ&^*x
z?in-+&}MlnUDk+_9{}{9Z1>&7YJgx#tP+yFi3=d@@;`qd*sloZRV0rW)XP_x2}st?
z4#CD)&V1lV-j|SYlsHXDVi7hj0x;Pf3XdRKNuPzW18Nqs7XVEsWM+24@Sy@EU~i~o
z)BGDf-91O2VK0rpltVHE+!~(;1>DQ`?Lx+OEI%u|pG9^{Kb_1^^}iUDD-+X+3e3vA
zlg8t>4&hkWt8L%{OPbZnYv@?BQ*Hk=YEP%_GWMj#aK7UrNI}7P_?PMsZZEWY367xA
zj_BFdb_1+Po$el&``JspMv=32KCzok{<F#qo>O&!AE4V0+Veoxo4pa0djPbS^}^wf
zZa&Ze)e@Z~u}C7}vy+3IkdP-x29Va6^P0vx9v76DxH!#B4;~?gS9|VIt_d8&S1tQa
zIDp>GkL)stegS~iFJN^3brS>yV0yh&RzV-Oo%wekb^&5X9kQSWJ^?QTi-%Dz*uQcI
z&2%T|-2XCOhk*s(k9YqwxMENgB>1vXB78S%|N8-r^Xd(7?TKkQHy@5eQrvN?zJnr~
zuuzAEpXtCWMC6yru6wo|jBV?nUNY48;7P_m*eX7B5MsFFv3{3?(I+duNtOS@H(WXf
z$POlWgaa+TlD7tC$PTKlPqt(Qh6-F9-X61SCR|6t)V7;jmBf{m_PcTjSmM3c?Mn^l
z<r8K6=QER3xAYA*JDA08;B9~H-!16*EAkTFeBrwGL$}~B595!!0>cV0jrNPyH=&o<
z@EoVlIb-x|7R7motne{df}g3E9-N>l(DEPdOkzQ>*Gi;@D6Y@|4S9-XaO;L|e?LsJ
zT}iA=hVXA*B!M;sMbg~?&YxF0v=h&?mE<y!@gsy9lx7gKver1*Gf{@iB*0;S9J$B(
z{Gc7hjJqa@tDI6(auo<_dsAN<?0!geZDAIIqyt&a#;Aee-;226iC);1lhO=CyZ&pE
zR2PUf=Rkqv0sue?ash+sPZM~wc%Z(no>nd}@Ak8UkmeafB%R&WtM3_8UvI-c<kcQW
zuZXl@fHf&TYBK#lEXe<1P0+6ti7+jQ_hx<W4}g@p<JSN!sv%=>%nHw;l)O@v7vwiK
zhXJB15nt^#F#*v1aN$1re?<>n8VHB0cl>IZB)FEXTQGMoQFpw&>#algqSEM$cpu4M
z5u!*SkNS^Dm?8i|tO#BPqyT;VBG7!F^tY`1WsKu7K@JRtHOas(+|WUyM*<;a<_k6i
z5N$h0fSvuRs@e4)txoL*fVcea&SR%<Xq3l$yQ$aU)|-8~d61*Ivbm~=I#=cz@(MH<
zNUI(`c)Ax&kNJJ>6X>3mJCnVA{tyHT<Y$ruco8mm+8-Yt$KN-^d@=Rcihuv=d;3Zm
zcy1x7-|Up51W4a^*<C^Y;rW;KcKyqGvy8>CVBf2`e-+efH3b{|vjpH8_s%r*DIdTR
z0%sdwE%^ry`fqDq`t%CPsjc+mhVE2Fh!B37^3aNRZDaV<?KBWk)@Jt)Z0YBMByJ5d
zXZ+(!(clb07`nC_pucg_mnZatU=t#Lhcr#MZm9bEp~37*Hj>1iU;Fc0(A=b8+qiLy
z?c#}WD8UKwKkfK4;pNoQQeV(Rf9kN%p0>Sh|Nn;uLbCBIZ|au$M&MFT1*v+%^{?!@
z>st`G?%97dZEpqy?{2}Qy8X@FD@O_b-GsWbJp8_qlsE1L+8@%S7BS%)Y`HQ$0Zh#F
zKLga{@BJh1iwOWPzRPuiM!D=T&it=nZZ8OI;XPyF#>%aX8{BNEG!P`q1^9L>H7R=9
z*Q^BtNF<z$7U77Oy4WxPL5i>7Zc3j3EePh(xW>T$Ck46~mnyc}rY<=0kAU5R{-ZGf
zfpQjxuOK>Iab+<PvSv3ZFvGXQtvUCG*uO+zSNakSU0PRiJDlj+JT$O_nC?RoIVS-0
z0+cFei6wD(zIbG^<4kTBn0fT}SAR!zZ0GB5VW0{^Y&rk<vd{u^`?5f*kcIfj6ia#v
zU0w-P5~p_@OrGW)I-<`RnskA4%7rpe3t{2rPe}KKXxP{i^HmDOOeA0AWmbkDB5mib
zj;a^T?P4M5rzacZKl^u9+=gIxQVxQcRc{zUGWitZF5CDI)2*-}Q`L;Kq~d<5nx%{$
zy=LT|E@1D21UtSZm2jFh{{*9iME$2n^>UJ}QqOnDFH3tccn}|Eb5^WU#9c1=1jD~+
zSf$1}tu_(T5^*pl6UL@s53`ZhpNi^l)27Y|FH-__g74<lI%K3$y=_v@5`Qn}Mv1Q;
zE>ni(l9R?bj~C>>_jVH*FnU{hrOx7BqllW+?pPm=2!rf9wzn7<!(G$g!c330=h($#
z<Kv%z7#~#`Q>9|QJxN&LoO8ff2T~OG6(qrglnE>68EDAz{X`N{;)H{a+#EqS2r(=q
zGdRM)&~xc61~*AlDA^azJM@x<NMQso5Rs^5qd!yA(}9~D6*A(pLFrf7%xtTnZmhZ@
z5!^wt_4*6czgqgmV9@4U2b5I5g}?hd+_Zso`6ir8UvtAkKn5|6W=jRbp!k(&j^vVx
zNyRS?4jA7<sr#?^H*qq^+hE9`d`5lqRX%f5P`Jc!%FY}2Y-K!`?qs(l5bk<!$MTTD
zDX!}{twQU(g`k!DwV6UOKoFRN8zI8m_?-joWeGSW26{jV+WnnXIG9=er<?ub8Th>j
zXP;4=?*up1CSP9xNa*3S7{+nZ0726#8vjtOw2!^NN%abT)MMhdQjH43@%##7US{SX
zmG;HHW&oImF_U7Sdj_D7T@0T_X`4co30ifj3mw+RYT}IB6J?H$j!<GAUv~I5DIjzq
z7U76(6^%&HpB$`~+71-nBOz*$%4ziHefvpA4W`^Qh9nX+FUaW0V>MH)`qS?PiTCGB
z_v9>2`gvh5xrc&Wh><nI?n<?PyRMr$bb}EDnkcZ2q`OY>@;B`bF2G5)xbSUCx0S}j
zhlSQvZSxK;e~k>!z~0(&Bs<~sI_-MSk50u6CJ;>>{E3;00GO#p+L@1NRNPW`ae?*l
z6onuU%@NT(#$LH&v;cIJAx=A(Xi7<RS!i}JvY#2u?#;EMk4X`b^>DH3!)7L;vj9bP
zoy@Tj4&0eNXOPB>8xzd@yIPZ7A@Z07eyh<WDue*y<LO`gmkHf??Ko{#(SHJn{LqPr
zWS)HwPjg<wFgrVT+Wi8z!KFyx1~GdLD=^S@w`qCFUVxfvY@vdSP0o(d!mM3@SQl1L
zCa&@W?r<{<ab&!2a&M_W%0~BD0A`o4M%vv#&Hv)}B1r$ch(b;p-IF=O39lus!2_~V
z4~Ap$r{JK6p}29@ecrCdn2$a`k=&;qK<S2I(rL#3;A|u(TRaNwQ2Zx;&4CBls%~Gu
z+j&NwPhW(FqN`9m1-0UgGOH0408}+-)A2gqO#?ts`2g6xJmX&)kTZ;}V0!mGy4apN
zuVW|G<z5(o0$zM2m}(`coTm^3z{~PU)ui1JWRyx;F<OHI-t(WkXO7jmauh8Cw95Gk
zLJA+ISQR|Qi1}R`9%#!_0k39O!L0JzD&2U?s|O|sn)tSr?){ycb9A?$#~}dpaq|w{
zVLv((V7cNfy4Ji86%rSb^~r9#@BA`*-81<96VJ~A@kpZG$pBP&N5?YJx8US2Xg!l1
z&%TLd=mz(+K_+--fj*UHrd^ZURJY^)>V?S$?_@e>9q0LKDv7cj7Ci|GVmjIWIA%s3
zC3C0*TPR*c-hS?T(PwP(Z|W(Tv+vi)KMTEsv_FpjEjS%MghWLt{Ni9f@ma|iJMpTS
z@x!Q*q`HZrk+FocUmk6G0B-Bv!}S`032KB=&k9p6CjZda<4&Iw3;#OrsEBF@3l^ge
zf%%;QxMR=VMN+M5TkQ3T8oJj&ilJh>^8G%BB@EWPACYB_%T@Wt&RH$J2@0)X8}=-e
z@&#W>*#HxN3sVpJ|NKQzRItwUQ-zy8k-#7S0SgQ2s8&gCO<j^_we@XKXsrFic?ki;
zr-`O{jZN4L8V#WF3GM9c?7so#qj!!ukww#LBi7c^B1IuntPZ{>%$9na&I~)@b-;Ic
zauUXAuPcd-&C0^k(A+GpP5ezZo{0#BfHPG-*5z_V{cKQKj#G)&4by1>&)jn7@oyQb
zM+tpD^VmGJqZ}NH3&5a|45|G2Q!0et>25Obk?iWoG%+^i@O17DGwZ+5<%=-L4Rw@0
z_HI7N%IoLh;oED{{ro9NQsNLR`WkH_7$`q5z2EF;<XwNPAA-rC9M9=6k1CfThWyxd
zW1Nr4YM71mVP;4ygJxsuV`8KzQUnw@<YRaY3=ENRB0ilUozL!}YdkLN4dJ*w`Wxe)
z4N^vh4%WxuhRe*z_rVqB@XwmPDJqUoAxsy<D2+wPwMUstt4@)$b-g&(u0+GX^PsvP
zr<JEl@J@%MU~!U>>nl6r*1@5$v8F)R%4A1r%Ar{*Bup#&!K2ih_5TOGmWjTeUDgac
zjqLndo`*NP3viIHI-Uk~I;OF=U}LJstL0MZc|X$WoECYCMd`fKPsk6t+<u3%EtpK6
zhqi>H0Jj3=2qw)nG3wS4fO*Uu@1>`|g4=6_&)oM&3>0B3$7|Iy3O{|~c(wRmDNg}R
zVuHI3htm0Efe<1$zK^5?hce2);+>ZV?hQUiC2lwxWPKHCz3hPatxL$@ZMXC0<QK2a
z;(4S8YMJ)TCNJ@^9?dJ6$V-@jUNNo&Kgu7%_qV9(@j^BdZ$2nOfVREmw-Ec)l7pSx
zE*4wK&2yGR<Ne}Opz=_hP=ShCg@<!D)X9<0#+`=vmDL{15BwLgsz^wfP~hkS3b--=
zhwQE0%=boc#p5nYwBtZxbTrJ;(vtg*srYMK2-baaejb*FhGr8K%q>i&yujK3lWXfW
zXoI_rRvS75;3cE!5#GLyob>#OOJZkW?H`cwrnKUTQL$Dvyjk9WgJSKIc_V#;C;}CJ
z>i<F5D+Z{e<i75OppSg;GKRkuQ;;76Y~9gdpr{IiHrK_+ZJYZ{df?nHgMD<RVilQO
zXS&F8B87%jBDWJB3@j|-`zd^z-Jkb_jpipO(clpfpcok$ZJnH;sHjYG<<g)BM+&s!
z#w+b^k9%v*?W?Q5`~-xl)CxM57fKnU==1T>K(IpA)34y>x2eV<>K~OpjH<U)3e}i%
zaqov)C$5PMeeBAySFX!7HU@h|sLucJe~_dX4-v+eoyK5~4w@TTyoLG02YTC$=0fvB
zA$BI+Lf=K9uY88sd#0`r!OuP3XhH{(N@ntFq%+yAk4`l7^k7cU%%u5Tcvp!cfU`+K
zU@8W#r>Cbc3}-Mj5+-uglq;p)2n@XwbiPRF>&dY7gtoz<uWzU>(x{p7*2g}-S@~jL
zFo~d}od3cer$h8>(#R)!ZE<<}hQ_9J&U{a)KbG~kH6-zX-WILNYDY4e@Q^Y3V@J+0
zAv-eh+Nhj_fwEZZ{oU{3xL+GZ+VF_hrLEzyVyUB!O+y=-biLn_7ZOlXPza^)d)WtI
zXneB14YUM?rwoQt*xsI{^P;yGUubo(%#1Zx=QB5$XM`~=3)mTbNsZVq4Y~F&@{W7%
z-H$3`lCxJU+<A7o$ODR#o~ECeT%=aZrHdd`daY14B}FR7ecVF^Ht-m?p}FI?PW)vZ
z^ul0f!<?Tc;Z%HMo_c0{LlAwKucyw3LY+Aun`mrI@s|WGjZLTG?F_SUevMcZ-CJs4
zD_Wy%NU5pe*G)#Bt9EYdTQ@FtJtN`e)xsM3WJ6r2T>}dyg=EWr16LG&85oEQ3dK`$
zeGc4=M1ulVs=xn=Faj3#Jl1;pohBqx1bN-uRc&OgF+LFm%U%gr-vM<LT4+$bV)gr1
z#{>*G5k&757J{s7L=HoK8^EU!wWlxAJsKm<Vv5q{THvrM7SM&qs-TWSX~hT%1sH;0
zaGDQk9tr#BbI~yDP^&p&A0Hpr{h?yA<=#BSQZq1}JehStHCHJQBQrCz0o*lHM4vvc
zQ>sVG$;I`aNnSdT12`r*jM82NYKNduqt?N+@+LI9+&mfy+ehcGw@a<O6M{n7eGr*$
z{ktyUKOoU9(_F4CMMgm&X1Q^^dipT4JFkPB=q75&gF=DDg2Seq=drdX5rE&l*d)&l
zei-xyqvT76z^~vMmyKC*)}ekgAX%?oRWo^?x=xu#!vxQKj{v#qLsNq1W%*B{cIJNt
zWIc@waWq3_W?(=bcVCf?U@6-H(?*03);q#nL8~s{IXR$55SkatC?N+5coc`xquk#N
z{hJ2M1faz2JB<}yM4Mf|9c(bdj|GaaTrZ3zt#)^hVJ^--PTOEpV*et2cr3nWor2m>
zEQK3?u&@zCCi$Q-mRc&)TRNTzT}W8i3{yc-QGcx3r;B384jz8<IV^G`1pQ04)}F-E
zS??o2LP{1C$&UvEj*(%2aZxG3AgX9c=JQAevz|IDtawaEE15y)qm}uQNnUSK04T62
z`XmB10}1;FaJ~>9*OXuCZyNpxby7*dM(os<LL=I+{MHY_$AbKfH0hQGZvsQHR7y0U
z$i-g<8k7eJrwlel3Gh8R^0h3W@@0r{@+MkI<Z}4Z-cD36LOu!5b4T4uOWj%e(@iC$
z<TLyl^sCR5@YmPZnT&Vu=f3n85+-G3#RRuyP^r~>f98G)Xwn01w8`n|^p}d(yzaYC
zLIjhNv<E?J@vaSEZYm|oM#(b#cqsx<h_X=q`G7w>!FAAbvur$=Sr3(Doc@MJo<Gc(
z9K<>;!{ZOhRofHsxwC;CHXJ=-+KF!fvpv5|2%xcBs-Xf{SIf+>a$mW{01CIuI`sSZ
zU5n{%iCtE%uC9V5pWM@enqX7C(!#>R0_NJ{gbim^l8&KoTYLfcE`1pp(X0%J#qI9t
zdH-{wGhOs)uKGvH2UJwT8{-?ThUb?nhQAaqDqx}iABfjQ)4z+?3&*)y^Evy&?KVab
zwy-^a8%bM_00TD=1O~RuyRfF8(<s*Yy`hR+sAhnJgEQ^UM2Ke8B?9+B!^z9b3pO?-
zLL=aR{rc6f^$q+MSiE3y3fE;w@qxSnQ*Nk>rrL~NioW_;oA~#CwVMqvchO%l4!h|L
zqLIEdxiOoTNf5L72*r^3{rz*zy$*ZlIZKOxj^>0<FnH{DpW`I^px1hNZdXj_lz-E$
zyGwVW4h4rw^ds)LN&zCDf;t$J2)VVHW_(V-^|^n4;nDg(R<QlzN(<dYqgV8Amhb`(
z5}EhDq|2F!!p2n17!L&oP$aD9w>D?MZ^A^&$G^~`1j<=OI(OUP=8ykSihq&;E{sbu
zImML{f1Bb`dEl&D`cZT>q_nCH(>Qmp)B*$MS|=V6(_Ps!ECMJuABIZoDvGBhpf>UJ
z{+;#PH<s={^9^b>=xsi_4kR3U7wd={%U?<ad7Zm^A_t$5{&bP1e`ZngEjI@|JBDi!
zXF~uaQKD)NJ=0Gw3TGpx`XBH3K}It1al6(Q8*}^*!hK(Zom2Qe)X0tmVqsIH1ukOp
ze@I}0O7^AIo5b!W01=iUNhSXETmO?=QmMBPe&DR}GHUsDR?*y;oQ8aOU>OUR9f=%c
zfia0?P=CNb6!Wp6!RPl^I6!uVYq#(dJrZV-%WCDq|9DG-5{N>0I*<}1U$rscsJ<vf
z_-L1#^SnIE1N<iu&Y$TU9BmI<x~AN4k}2wztl(St_SP^UU#)PjYW_VkXn>LW$1Eaj
zR>I%#Qx6m3oumm0r%8qk$ZG6W5>aZeLv9iqK!eh_Z5f!k9dBwy{{8Ha2<bm8)jZ~v
z0(r)2{T2y1HsC|D(%l?`BVPoC(o3;<I@=;%zZ?^?%b}Bnwf6ywJa1K<{4W;4{KKMK
zkzv2{1$Kx{A8PtSi}D)s?MnaOEj}>x+vY?!1(Im?rEc7B*V$E=z5M|QuBeU3QOMQ4
zH(<d3I4Pjm4LXstg#qU^YzwO>ZiMDPQ*u3;E8|`fjXvf5o2XbZK$N;h{Wb*pXBZZG
z<n_|-?20vd0Whx6t*~%}s31qL;9B?W{dbmCNP|Rw!A*aJAN6qYx3%~R+3zU=QPv;`
z$LQaguoK_=M=@w2ilKBG)X#~8iG<9@@$-KeE5wK^V->^>Gs<+mp_F=4m$8luYe$WE
zqX=SKEImfbYODH{3%{b!mkUAyfqTDZY*1)FkMpR*|KboWhzOGwf}|;a%-yJ#U%Cun
z(7nBxUVi=xFkBWBjI<rUw%K~@fCv`+G-VZFo(c%q*V%3s_n+p82}H$^xW`z3w(*9M
zg6NbW+<dV~y3EH0z8(w#p@J2^jw6_!LljQ9!@cbTFzC%MJ=*^VkEAHB;*dO;DuSC;
z$n{=ogm>a_vnmhu6A=dO4|1L#=uE7HYJV&5>^tz9IXv|!YLLT_F^7Ai-7N1GCbccJ
zjEu~y<Yb-6HT!@+KG1`96TaN@soJTQ^4|g_8VNBZ?&7g$=y}>)jM|8k-B4=r@qCPb
zWIW*{z*mY1()z0dxrKp?K@GhzGJ4QQPg3PGzIPUT!BHz#vw;MFmRNH-|5~QvWgCWu
zaFf@Dk@HncVB6b^<?@wi)G90yR)?#;p0-xOQtHh?vXW$+ifzBybyhzi61guQ$$AkG
z?tz=Q+@N1$Vj`yDj6Q&{h~xsool~2Z4;pec_Bz!BsoQWMN-CV18o#EeR0a}vB+VFG
zmjJ{5@bSanYy)L9lFl-9hsEAJOjnPSklS_cdx+u3_L)`$yu=h&TQK`h(9FYQvlt)N
zNdCU-(V_m6dX-K8pm&eX^e4rM12QrK#4aw5Er>*{$I{W8d88V!uRMTdSVl+lPne(N
zlbWn(rxtmmp6f&C2umD2KMP(xy^NXZqandU=lY!Hr(SH#xHP6N6L=)dod`D7Yei}Z
zhByUe<ceuI_4r)hsOJepM9FeFGNoVeWRtiNT3RGvd$=y$vR)BPqE@SrAOmB-SR}a0
zb+^m|eDqkfVW9bTV(Um)((cH?)M=I>GMmxbQ{hw_3iP;F@vxyZpV+z?%$l3qkZV6{
zrTG_-^Ln2WKhW1@)RGB~F5}@Iqu<bj^X}tynl@^xs(euCL?yhwZ32a{IQX7**L6>s
zTBo+sbZ_dbc&U}<1A3jZ)LS0%rP5JBMc*S51n+nj(?#@`D<~+CP*UQ7Q<aDn<SN~G
zx)(d%siOrdaH<>mlWJcu&)a?m?#_x-dQZ`h))l+SrpB(d@%Wkix)qT0gd6|%fzA6B
zrvTq=Qc{kYIMiPY>M`Fot2eY-kO;>3Qe9hK<L!M<;Y5ri=IahoTxWA%v)V+qp-pF5
z9}iZZ2{uX4Rc9}$5clRn^z=Ftaf&1|64DwKeIhC8PdM`FOO=DkPCjlyZVr|Px3f@K
z)N$iiI9yx0v+TMDFX^U%4DO#M<IL}rEG9jfOG^Bb=IKVQ+789Cb?m;-&hVth?ludn
z(*_dnxv0(QQpj>Y>g^KRd{K*p{-Q3P{UfJYkQVxVETHRjJKUTSu5>uT9+i^*#`XN?
zskuUq4i1M4wY<=trN~<L*psf7XHtO~Z!n{2GTvQOMI21SxyrWF#Cx3f>+n<Y-+8M8
z@_Op9fiEo1&V!cBUAr0LsCMhDeR>>-3H4uI+W9|*1W0<pWbab-ncpwlg1D~BZvN|a
zcq5kzv+V($FNpeG?%B7^=U?7X1uIywBnO2av96A#_&`;=_>Ak#3H(aF1BbH85pNxe
zP;%gT8&qp&9w<`&j6YAJaE>}@f}xLXaA0I_XwkqqJ?9Os`bfr5k>b_`&XEU91rbfb
z7QEx*gO*7N;fQZXpoJ#qUqvKZmoZq_PdZ^bK8ZPmf3tU2*r2{+e1*Pyz?u&>!6m7J
z)3Kep(6dhXHhht`a*hp{4jTN!OCIh0%mc%8HTmG!2<XXgGWzza3p+VSnxw~#kCI%U
zzFZuoy<f|#JaOSh=d5Y3io9Qht04(64&#U2Suk~rZg-!f5c)qVP<<@as2pHq=wHq+
zP-fkOt>ZdHL5QSzadtpVz-51b{`|N=o-zFJn6U%qR^7SD`yXZng<*8P8|R3JfxQDQ
zl4Pavgqo90-yaDTQnSKTm@~Hi@LKEm!NoeI5j{6XS9X#&in>0EtW}%e@C=J{HJL;F
ztzp+lc6dq_(W{&kfxyqZ+?;O9x{e>V3rL3$b$GnEp-1Jk=)Qhm()}9I7B_3{=h=Sb
zRE&n)xpz{)oH5mUZ^R3QVhcX>$!-u`+|1<cd-CJg^xW-?sj-U_-~=QoS4(v=I>Vhp
z&#vT&okq`d_12Jt2~-UKJN+oI90!QpF-D{Hs8lZrgYh-Os9jH;<nD!rWHXGUPLACn
zGBj-H4{^F<FEvL%kfx)?$vK@)ux1O2xtw;hXqj2#oieRGUOZ*++Bw#IS`8}l+8feX
zY2fU+^k<t@Sg#a34jT$@i=G3MgZ(1vGEcqI%Bp6YwK-&enm`x~t%0Tmv=sBcG&SZv
zXqlmiObgYiACJde1cH9)?neqZ$O7j(SC{D&mrIBRBfB}lqR(sx3E(_9s}6!BQuV*u
zx=tP8d>IihPZ!qJT_3AQ!soE`y+_w6LIZc16roeT0@na!rxyfb<`{t)m!n<9bTj9C
zm3YKCgbe%IcFOf(1^C5kv~={fowS=Zl?o}|1ct^RKj_*Ri86sW?}#;*3k;ObVA@KJ
zLBJFbC%EJ7?JcN6dF<Uu<<nqSB$XP1ai47#cN4V`CX&dwG3V@@K3zPIyD%{*6kk5x
zHR}oMkFWqmM9jRps;3oSTjJ@hV;@S<2Zuf8cl$)HR5V@u{jot4=yp#9dh`cc&5l#6
zmD8+HxXLs(4efjq{23(Tl+<6kHI=Z|P%kFx8qzFa*ll33_(6=gEtU>$=DReEswxh8
zy_q5my+)-VxvVo!|KTYb+I{#G@8dhs549x;@Iuv}s69NOu?L4<Hk&u<ja(MVB1$gQ
zLyTn?R(!CLziJvL70;xmP0lMyCxteJVCfQk`@$k(GjUg3h2c%jD?oZ2t}VlHICuRc
z%d(SA*3DfcK_m}U{g%$i!n8JnL@8W>r@Wjzo?8<}o7AN)y<S_4Ckbzux=JLFawpb|
zsO78gYK3v#9`Sxl6NWvwU{ha^{CQ?(M*rs`BT}LEQ_EaqJ+#9kxaBpC-M5OiTUv$V
zY)>N|=s!t7(H1#)sLhLNB1814w^+lm{@SK?q|4sU;K{*~ZxM>z<jTU*z=`w2X0e*6
zm4Akg8d;yISjNx8+k-5b{%8)LW?-rzIqAsTc9$qaM~!^%NNmITM|G;#kiB`^x#PLj
zNG%i*KNI~rYfgspChli!M2Dxe?QZ!USbhRvGE0Sd*hXC|)Y<%Ky$9T@hAug#gTtcF
zwWJS&&}GBe@gG^x1Xdjn3q0>%?l5OSq_aFfK5nu54k?&?kE6!p>MKr+J4cp_2?`Z`
zrgTJ&m?&s#t9_rvFt=+B9Gb+7rGH-+2QNlUVghO$4f6=I2Qbljz6D3Hi`q~*g^_`w
zCK<9c8MZMB%(*(OXk!wb=1px$7v~=Il-e6<Pr71npOK`eetz8-`*!x*dsV^Wd%Q}P
zMqbhh>;c)*%GQNy@zi;nRG6j6&=n7)?CdMxR5^a#xfAj3NO-3|KQ5JCig`V802}nM
z3E_MmP82<~Txx8JojTt%SO`w9&old^KU5un=5&r1Eh2C5wffQI(M#l1sioJO_o*i8
zFP!+aB$TR99O+Hq9?H!1HcQ|muc$o7Mpj;z0O5vTwxF}l(iWIBwjFM|!lF@yCt$5r
zJo-#MgDI*|xWaNsl3?d8t2}j6BI?qjLII7&OE6k}plRc-M(&pWMIG0N$rS<J3x^X?
zWXmCxWq}D{teQ9Ppr5PI`@>+}jY87457k5!)uE7|-6O7ZjELvLRhVH6tDSAFDh!hp
zq#r3H>c=`w$ZMZ_f=ww&e{^iNd^l&3BUM=IuJ+8ddq-QId(WI##A@u8qYSMuo(6HI
z19OcWbWuw*y)qur=;t@u6`oHM&Uy$OBh~Px8Fho1pNY+B^7P9whl+y^T0xD*w;bAD
z!Gd@!l#K}sCu}$~e!5x-hpvkrYRTI0X%UnvazTe2qGZ}IU9&~#M?7@eRR!uC94S84
zQiTk`-%CXk_VrA3RUG-Sad<(WRmN3?^iwA39zJNt%0@X8iE_P1lt+oIFOP6;KP&%w
zB9ZX&4iySxL`QwEj-6Ja@OooMA~%$33P9KS>5jopapII*oVFdA+P6P$)}$({t478U
zq@<z{qS$>X@&(J!CqPVk6HiMbx?_poczsLL!wss%|NL-T2-Qbx^RZuG)mGf}Bz8OQ
z55e#9Ps$jC^>^aVCS`jN20t)G<$~L%p&LwckFYUU`iqc0d(=~j0W7F@&`k4Q34QB|
zXEw@bESbS&1U*`ghdB~@;1JeiB*#l+{Qj??vB`#c&jXyS^ap<+9xt!+e%eN@3ZveY
zfIil@riLf*IS0lWkIy+lQ&W?grEb+TsfKPyN}ILU_P&-?gNml8hk?aoeRi61+9oS!
zO5}%n1aEQ-ZGgCFAL`fLGJIP;E_tbV9?sb3FJeA#iCZEtPdT$MXR1YI%MS)SLo(uk
zv*8sR!RD8Q;5KO~dd~Gx49rp(h%$6F*Q_AzrR_NEiC`dM?xA-_^k7pO^SZ)h)NA^w
z9I%KQKgFTkU+=;Yg8nS3>vQ-FGqFCg(C!tXMz5dANbfzn3lV}~tCRFc-7!2#8nD7~
z{iI}|<RHm%=Odr>sYtFu)(cmi<lQ}y)QO=ggnnu%0(Q>_?KpXXc#8E&&?fDMRrO~W
z3$M+4H}ApMC2b>%h#J}Wy)3!#JnQ&%5VT#fdPb_0mr>1co%{&-bvb=}-_qbcA#MSx
ze7<U9E)h|&`<7()ckcXOT%Bc9RdN62l`iR$l<t)72I-UrFCpC}-QAMX-Q69R5|B>m
z?(V$I@p=9;Yi3^Y#<h@p?)k-c@BP`vK1jfjBaBW7>&o%vs==6A9d`wBB3rTS+Uy*>
zzPXj_O+BmnAX%iC&RhXmYl%k+?0#st;5QK!{G?ei=WP{1VzZ9<{vPRzfF=FUvN>-u
zglHvYo*FYeBxsIoZlDc2c_jX}{kwT(q!@OD*Os!$S7rZ+?f~*kw^Q0xHX2~s5D%Sp
z4~xmzWV`-_ajP`~e2XQGN?@HawEl^p{EKo#->?yrcGcK~@`rOxlhQcwCNyo4Qb*C0
z-ba3Zfj2(n%{(&hHUe13)_egoHM@eIVPokaekaF6d9r3G-@=+x0_JzTu8SA<!AIQx
zmR$k1nu5s=7k-fZ?&Y?8!(=O)G;(I}*!s^!Z7V}-jg(|lHjGYAbz<8tR)@ixU*=OH
zy9S}m07jWz=A1Wv;qivcNTT4s-&Pp%aU&RiUZ*{%N_%`>M;IhElJC0Yl$0=QUe^j<
zIn1b$xJ-U7$B;2DVH#W#e?ai*+vp9Hga^LVaQ~3Zn=T=`-=V%riL4n`<}NoN&2WE0
zkld#7ub|2jCM>L%6{aodl3Ae9p{zCLG@Kii!sJjT(ft5CE!&;d3+>0hRr<M@NCvAb
zdXs$P#xe>Dfynz4eL%93V<iE<YziAhu6^P#7`~O5h@C3zo25AC@86i?WHxs+D;|p0
zTb0T0e5EX*tZZXG*B1SQY}+r-Ko2{XdF(vGIEQ^GmUM>h-eZEh=lW1qO}4_I6ArTB
ziVY4@qft8A>2|!Of9bRiR}_#`FWvg^0SwO3X*}B4-G#ls^d$7<C1KX%iLF9+!*AeH
zC)L!Ii<HDT;H%?t?J($kQpOs9Y9P1+AVu~tv7XCKGM%T6CR1c03(r|U6yacDdn=cl
zK|^;oK#H9?Qm|*=z}j!?2aU^{<%4^kXKdZWt2@+CY=7zY?%>>m`eKdLy{F7!%<gH9
z%@CjR)aXaORpJYe1VrwicH5RGFwWO`bR#LZQ^hBJr@Hr`fuGRmm`Bi!;vG};5i|gm
z>>XxxQSYE{Y~O8x?uZfJa#2%t#cv`|Uh66Rwgb229()!LiAf<D)h_PI3c-i_GgFar
z*G5V1`?Dy~1v||-eV^TEYUQ<IgOh4Kk9VqSH@XjqHp(9eILgSbPM2}gi<!#`S=kOf
z_<np<&XkM%dLH~b#2j`Pg+txOmlDYLUL!}x)U8By3iixYAV^NrPGlwN*#1ObK*0S<
z!h5Abr7-VvgH_R1oyWC`j9fR(bUN2XVA`DeJp8;J|NCKXb=>0P`Kyr0Poynb9`N&$
z-<cefUc0^bg`&hn3tca+>;uSNvm%ING6Jcr?ybyJ&eO@|Pu6mUcv6}d4pS=B-7};W
z^{4F<n64*_-Kg-)are+{$5A&9zQO-^4&uKj0Y|4dgU;ix?b#r0?CpzZz_mwUb+mlj
z+gl)~V|(V@cb3YfW95@oysoPm;<|}|_nzyEiFS7x$)a7-<R?eFhL-aM#ETFSXFB~d
zbwnBPdGFLr$^}siW8}eWh59fuwfqagC?3}RO0Ia<WV+JFUnvu4BOb_(&wcNq$rvkg
z%^j}_s>!&xta^<Bz){b3sm96m15s+4hj_l#)e-~6<C9$*>(tlkH~rAq;42(@@aytn
zjpHA5cluIceR@rQ=ImI^=l%QhkXJcpUy9#<iV(1l-F#t3_}Y7j8(thv)|2Y!Z;Q*D
z(O?=+8Shw#1raW3V#;O`32n{8$Eq!??Co9P`K93<h~53Vh0iwHL!F-8z%GL1`y1n{
zJ%^>c%w^?J5q_t{nVX0@3(>-*%ZdbD{eqqDopsu`P0$dZa#b4al`>$=U~;#y=H0;j
z5q{ya@NsuLR5J7EPsE3bwD-#Or6VIIvrPz7=kzW|qLObq%6aNvT9PtQQeugN<fPH)
zWKC`M<{sh+ci%N+9jZ?ukF>Ul?)AYN$zvMl*Wn<92t7mbv}pQya?fn+3~~neYgY0d
z5OmOIsWoqY2jlQ`S`e?OX*mxcb?zn8?Z>*w2$tw5xxCI+eAw7)gyF%d{mQR%-leHb
zTryQdmpF8t3nSFMI=J3v=4KZddVek^66u=vr`4OEjE!2>&fRop(E+Pxd702R@OzIR
z+B1DZg-5y`!q?vGWmu-dWTyR3LHKTGEB+iEEc!9+-!6zWNt}UmLvW*jBk9M>bNbAE
zF;jz91(tbYq6==sE~P0~6&ZK)t}5zrHRYCM`?(x9R5Luyi$PENR-jFb<Duj|5c9Wx
z{>lfm{sKNSHNn7$h%89%wu`IlS7{aE7;~m%sPKY@Ro7{OVzOM6F`5=nbr`dq{jH-2
zPV7Mb2jbSO3>ZpuHtZ9XAG^oZbvwkd$!))*OQZ*6&8fzrV>_b`e4)mp^^~Tu|KOKR
zzz-yu*vS2G={+_=YBG%LMc%hOn%DF;LpxgzJf$I+6Ug@U+mE@;_Lch3M6ULFG5FBF
zB-ekk)Fhd49$`}ZxAgdW%OlbL7KupMON3v$b7CPI+zly#@9Y2Y!QsIGJJfK((BVg9
z6Y&LPn^uqb9Jt-uRWCaqFfw{jZ+#w`3e*N`v)ikzE+{3s`!Q!t<TWatihu{x-j_Y&
zjU~isrJu#J2XWd)=%gW`2PTUQi?QsgMBq44T(}KA-m!MT&zzs|H{11Q5ig^RM~~i(
z@%ohYEse^d?ydR$VN!a{X_a&|R_w)Bq1y%S7_;!Gdl)qu`UHqrbd0)90(OkldyN~D
zi%;^zK6Dv1b67p<w#n*et3srH#1Q3lKs0|))q9i6dO15c^ku?UKq1Mv?&mYLp3L!I
zGL2>PZV$&20mRLkAD3boC5oIy2>ZkSBIREza}2v7TOb<%Ok3l{YXH*-h_8))7tC0{
zVF6ukOfp_<SO-b}T|8~P(D1<T$JEbYukO0fR1N{PxLpD{z(ua%!M|9(_*BH}i>M2w
zetQ7J31&lr&G+o!a9%XdRb2y*R(M69#F_L*pr+<xbV9iIZ+)%DjA;QKxZkeG3wZ~3
zDb5An5$$#DnKX==tHKaXE`>RHtW?-DXS5gajzvBf^Ql@H58VORTGDQd{uq*LoVd8j
zMRY<!<OCXp*<liN^mnhqF9;*~B`SuWtWJd?tZL^lDB;YdZ`i-VF2I2{7{}_=127A|
z6CQ(PyK<c4kwFpjyM`<n`09I00H&>rf&J`5K|2#_k1uA{Ie1q07pCq8!4p!h!316O
z7%6NnQrWFY!iuXo35}vZKKy7kGxpm2UY#I?Q9HG;F=0qf_PXbtc{9=Ng<7_7;n(iQ
zz5#BfL_n=9O9-9bdu?0I$r;bMON#zQFVE5JZP~nCpZj1Gv}2;}PaPLa(uQzLSSArH
zw}0+WtXpqj-3@X5+(3j$i)5|kggsv+@KZyp_I9|&tY^Y-*VSyPf9?TOL$jdhcUHLq
z-AQC;9D-uZomd8bbXA<MPL0N_aTM#+=*-8bJ8M9JKeBoLUCQ%dwM!D6GD%rN2-$QZ
zf2)pc?kinnF!JotJ<a)k8)5WZoz%X0G0ao@YPn!<uG&qV5h)iyx^IK)aI;??n=K9U
z=9Q6=4WtvURvTjAmZ{MskaTQT?)bq;H@X|mj%EXFT8S^Js&;)rq?%Tmh>cbrz0cLn
z7?)PfB!Oe?ipM*LlO3o6Gt`vJ&-?R&W_~akBdiCRsLIf>V~gl6%<p{+N*HRmO<zpX
zqs6Rxj#tydR>LxjbM)18Ce`$)%Z2Yrcq8*Btqt(G5CY#r3u8ViWea_nDN<BP;cST4
zoIndXVhMY&UCj#JH~b;W(MTM8;S0HJpBlTmHN?U(eB*S-ufKmu{h~ZSj5B@VcJyR7
zbj-BnU!^IRr|FM^eNm7nNiN=t4f=&WzuFp)QchC_6F2fyK8q+?9s?~gdwE+P^jqPV
z;<5{$P-OC5*67{S$4>9hMB0t=`R1XqAtJEYhxmk5n|dNU6Q7;y5`NU*K9l+jGRw^3
zF%$E{c<xQiF|1tKtPm00{*c3_m@=;9BF^PO0?<ZeD&_`J*-GZn2%eXmHBP@VTN##>
z`0yy6d`X84`JExwlr3K`F~IZX#YzFBB(bi)TRaI}AzZp)97z_Y4x)Oz+)0{95%*Rr
zP-UT|XH+|?0!*U!dhHH$ipKFJ(|N^pwo8iQDmzc5+l~1ycZVI7Gmww8AyovNP(s~P
zi(fXkd%N*^{tEJQ)Ez8;<g=!Pfq955fV@5tG?pkE3MOM~zK2bBQHHTJtA68#3MaZd
zU;CA>yY|)mZv`U~G~L_y?~47FlNgO;viD?&2@TM<(fzpCikUocm$W};QG0W5b0d^E
zPt9+Im|#}htq4~J*S$t23nZ<`;M4|9n=`}qSEj_<CU_~85ykI+Q69|VRmJBZF?Cw7
zY~*(AWET4LN#)_U*4|38eGVsT5NFg;7xLxO;ny+l&eOyx!NaYJ`P{FbNk+<*h}+&|
zv-Al!es2~f+m{zZwNUrz(QHM<e9v;>QTxVHomv-!kH|$Q0On0TS$iF^LNxT{_=q=q
zD_yTKbNAbbDIAMV!d54CkivPtP`+Hd89RJ&n1Cj@zJ+!(!#^025|?5swMi=q#*b;)
zwg0%w(l$FNntP^hZCTAD|2vaPNtFlc^n%no=Cn_4owCPZ%C8lE<o7EGFJCqklP%>o
z>tDA2$S-zMVD6u)BMZC4>fspw=XyRou<{&Rx_dgBj02}^BK(^oy~B6LC{7NqG2108
zYyg$r_rF*4YlOuzW+u7R7IM3waQD-^zyIG35M!XIS#ChAS*IVE?VFZ)3T^3g%ij!^
zIFbgc1e}lWh^l;M-tr9%4bL~A2Y$!*X=jw6DKc*Z_8k=H>@MtI!oETgLU@O>fVfFa
zNz@Ay_0LQsg-06{Wx_VPAdFxRt4j^B=O=a2IhSB~?YTy-pzy$V+G`mvvyd%0!$Y{C
zAm^k)tQs_=56Z8NqSj7LedUSM$jI%J+CYM^lN;+SDSUFHWUgX1f2^*1GF@&Af=Ois
z5h-pFWChUyxJ#BQIAS5A0<B7Uc>Cu&;+ClLr{N=n$`LmwH3fXtr4#M9z(DwVYG7U8
z`3yRYo2KRA<J*EUp{rF8`*MnoMGV^wd5V<cXjHnDQK4z|jf(9iXGDzK<)@)Za)HLA
z83)7(DeWZ{B&@^T{_UYRQEPb)9nbdAc?O06G#yABXstsSq+1|cL$Uo(e}Jy+<9kqY
zK!qV_Ok>dg{o<4FlLcxbv)a<PHg?b(<n^K5B$<7r;#7#V>3#dzXU+f30<a@>b0OZ%
zJe^z5PTbKw`q7Hv{Y1|Qv5H;6$vz|51sxpNnoCN!yte*w#lx&B*kVfpudALZV^-cN
z^LQLU{mI0kYfADhU{x6`EL;nAs$B@;q07P5Sr<LF!~Tgi0~9RdY&}z5PZzhIG90r@
zrW)Bk&snPbDTTUeMAl+f73JNgVrPUgLyI;tls~EnHwK5VX{>(xeQ>r#ptOBE$EvUi
zlT^B)O(Lb>r5#36-M{WPYz)ag5I|Pda>LO7l--$#LOgZLrVl+dt`#oUh4TALsul)p
z2((9|G=p#1dX*UqHF!5j9nfkiXD_Q6B?4!)fsa<VRyTiLEu=dlp!a8u<qSsHN;#%=
z%*R<`y-CYYu$XOMj>A-ITJ|rrwVv$e1tpl|<t0E{EKh*XGx~eI8a`NJOB$EBuq265
z*r4Ml`B`=nLt8+*Rq~?GyrJ$V+{cm0<ALu+UOPVS*vXhmNR)}QsAkHkEk=PwyG%}l
zu}7M~GwpDXx_>RH*W5gN4HXF(veck2X}{cG=ie-OKN^0z<mSh{_CsxFwa)!Bqt-=A
zTSjhl#}6M?bvMxg{w+HgN6_hxI*G5eK+tePcSuW1q!j1Gg0F(S*XzO#=uZ|Kn9KMm
zS0ET5F^kESPvl5S)6r9m#!?!1UhN3m_pXzo+G>MOE4%;rNdyn1eeYa@=Wh5-3yp{@
zw_zmqpZ_nS*4?DzSgWXIxBi>bTwWKYb8x1|E+!K1sL1Y;OVB~W5t;w;nY&X%IZPqz
zrSQw^<xcld9J)8b@1^|DNIzGmjM7os-=1)oXh;&<w`Nu@Ddb}Hg-8(#Pevl1&T`#C
zIU4vhk)F@@)IPYE_{4rZ>c*y4-F&kj4;nG-{(%~i!U${N-_mn!(OGJaVY_{AXchK3
zz3VT0+1v!?mvGdb3$tBKaS^(>8@n|)sO+}jB+1d%mdNW~d{ADxo5lgFd5I2+EYzy{
z%c~ASFpR<b#<?LS7eWSk%F*td<xKGN`R%YPDB-usrtj}t+wHx|S)-Pl^iuQ2lVtRh
zDWVjVo4gkeB<K&pTLW?%P+7KH?hA2#vh5XYrioQZ_vdTxcXAazCLU7md;%f7(pUv@
z2usdm(G}$ERtB2;%YBsLP$dW^V*kBO1%h`sokUH!Typv{%2|sQQACgz7lcbcV>bem
zvECXDmQORg8GH=>`JkUG5+JpeN1P}oBul{%jrid05tNLzI;m57BQK4MPN8y8Y%`#u
zP1^c)^HopnU-V@~l>T~Wmn&S<F1Jzri6zjta!E|@SG)r$ImP^_`Ag*iZH0)XZpIFv
z@n-lQ^>R4|N~i;g4V>0$y%;Q8>uAQZgt1hsa91+p5!z}Nuh(J7Q~uaO;_F4x*k#*3
z+1iw~PH{W_WFp^(B$bG@SfZ8K5bCNU6RKLDf6_;X5GWT<$auaIk9xXMUyy-`^vFrA
zYG!c;0aNbh!5=M<yMvyy=)FBngQ8;ZWapm6?Gc(&?E2Cu7J}2c@LpnyZTcMa&px<t
z=Pwlu|1;G6KRX6daCqMzw_WQsR%|be|J)gJHp2J4BX{jNbqpK4_QSuQAp?1w2v#<3
z$^*&gQI>9$9V3T-u@$TN*jBo6_gnODpga;<q5+tzI3T>R2TF3+!Ku`vP$7R^%tv<<
z!u7o|RVbn(1eC9QCDI{{G_=HFqxLq#cSu;7TB%`J-Pl*ls{!WyNN+c9_MbSc7nN^b
zfIbD*{gmw4Epg0&4^Izjn<T&3|GXWuEVj+nB)u=JvAjFcw!i3s5QV2&v0WCX7+^4$
zl#(62{rR|V)$q9X?44_&mc$ttO~}>rlPZnnF7em@=yg1sS%}`k2l?{sEvxnW>62aJ
z@bM%V81EzTn3VUatXu(4cW^`!eK;PJcqob#Uire@VM8vHe8$z7$%oOz>aKaLN>Nu#
zQyKfmxzs6wUH9Sx^qiD%if*D0cX#w`#I0CwXYHkbNxp#q6e>TL`R~sgq*{pQ(!VY&
zx`i7PZqK^sim9p=tLUa>ydD<x8ax7QGw2@FodUZ8`H=1>8{Sq6IPEtp_K-b+Hy!*)
z`C#DzQ+47a^S5`Pk_hE#>mylJ{;RO>UpV;t%wh!>)@E-P$rexq>%hw0x=%L_hxHas
zo5Qzr-c(^X_$nh`@;j^98$YFx@8RPO!QqLA37ZoEh6+i+J=tcqU_6!-N$tnbl}6Vi
z0(w_X7U7_?^O(^BfyYE}zZ`9dZjEJZjgicRm?~px0&A^PIr^s*F!t};t3hI#xmS8C
zO#-;CRT5ZB=B+1w%Oyu=rHtDOj)wJm<>9`MuEbHn-3z4Hd2Peuo(K%@fI>+TydH;(
z{j1fyE)`N2Xl^`dt=3C)>vht6+rFjXaGUhm0NVr9G;q8co=Qinw6}G`rD_VR`4p>2
z|7#?31$VC2jPk?9nCnI?b0Vpb2Z}f~6IY@F#ahN?egyERsqI$;S`BM|4V5`~l232T
zQ*b;Md~HUEzS|wI*Ut`2G4RknnFjZSMYkpEn;M8`7YPXCmz96oZg&H03&L+5=0CI8
z24e}$ex?RjzqJBy!|{TzQ?Sj*`4<pCELd_4n5<%nusy(<2=1K4dP#4@Jfz{O7@lvm
zYey4?R(e^5JWPpev8$VQYPfqnHHo)52l5eT;e4T)vbp$TEgr(olQQYrW457M8qx9=
zU&0Ix`(-4DNq*(xRl?cVOCz&TvA7C7VEz+b0TArL_)J|sW8SxNX?3%-yg^v?<Sq4b
z#{|J5$)BS`0%PvLn<Gw7X`e{{$v~mg$+G~W2`fT&Z#KzoUcAobtC!ooM_1`Ssd*sI
z+P}KzrIi>Fa8VEWO!BjuJCD`W;(xE0rL^U(0p+V<dQnT=>2lIQ0OD?WS>V}t1h~i1
z8xQ7yb)7o`y^DwwPSTvpANQjV<nPc^o4JNV<x>0r4gA!8!cfdR#2}MTx#HV<Ob#GP
zL{O#mbx0%om;D62PcxCONc%?lw{4BH%qH?53m0ui2Yp?F-0R*bktic0O_&tm>Ky0F
z^l9|MG~h^bboVPUj!k}!)3h4du1ntP7Yq#2#E{Gn=d*|*S<u>?SDo5p=^Ku2gq=I3
zHLJ3brHqH(m1en_@_El!lEN97CnZ8@k1f?36OPB1bme19&tnglkq2)}qvl?yTyqD>
z{CEnziXWiz7^I2ctL=lojj%~Hm0zV6h0{LB13cVLwQPAzbc1BaM!;|NAK{tM!0EP{
zmgLG5H+fWq<MnBn*w1#!_H~qxex;Oiq%6rp_uj+yppD>cDp3?NuA*8Bj-u;ZAl<GO
zUh-1-Yd2FHiJnlLf8Qf$e#;^psOsGI*)gF;YCm9t)0Ia$H3}}yoUI*@_A;O?soNY-
zR>Kl*znJD&*<5p-2J@S@!Jn?QeZf~y)d3fJPG@BveEkS}&I?<YEQd=_YG4ct8FAu3
z4ZhxCPJ^1Gs%|$CjPE}i`SzcSf)VKKb!hgAql;twse*!GNT#*2vn8+Qk>Po8xd;oG
z5b4-(FkivEG3mCU<j^ByDF_F)nB-#8T00o|AY&m`CDecR;=PiS=}U?X6e37vSi7m~
z(m0-1&iDAxfS`^@8g~XxV$f7px5oyEX^A%a3TYgo@uHvY-Q2K>=7#510Y<(GV=b(a
zQJn#<scyKx#J?cSChQ!Hu|&VrW>p&ye^n-a{$ljU)4Vq<2o2~F4g~^@_$87!HrB$!
z!A^jE0dVsn1_X*rfE@9DB_>ifxt%T{w!4*6BQ*d?D1%Pfni3rRu;kp14WYa9mB;HE
z+tu#4jEcuAuH|t@a;%#7P=K4FAoMLK4vv5#-k%|_TCXc?-A3U){V6DXH&ZVt+$+u5
z>xBpFUl=p~8_@q7ttM+`2JZi2uHTEiDkvDV*$3A*mY!y`sOiyxq~9h$F#`0AV)?wC
zYG(48NB|1~(DaShU{jo?Wmxxv&3YxZQ786EavpAE8yOL)*=~J&zA}jp9I#2z6_mzl
zl^6EF6@e}+j$EvbwKV&Ex#@IstXaKk8uHKNw^bj(P8%Hl#JCiXGe@_s2#tql=JmA=
zp7g^>HRJfQWYoJ>Jw!Wv)CH9ukEcWsMx4M2@VQ5%=r{_uPmHE8_YNnNA@-hJ{Yv{D
z!D@P-xf(n-01tp{Z{i9MmZ;=-q+ZPzc<~Jma_cPXy{3fpqRS5>zS7BO2)Q$Ld8rEW
zj~bh=@x3!Rp3^%ya?-T6eXb*Z;*d-=w|$<@wEVtj{BU(Wz~hjadxCl6Rm{s_Q;L~<
zh(*n1v598au`HIz>qCjU_fq2SO~83c<#l+#*uP|K?`2!KzEHBhLQE&$;dKk=#q9>|
zwbYIU7+X*&)n6dZ(Y!kHC-+ji2sf25&9>{}43Td+0|H63YIo&6nPrp5l5-Cex?RXI
z8RK;%tL@Tq2#7auhej=cxbje-L=z^e3Aji1ldQPE9c6q_#?*)Q4V=f3+bHw3Dfgde
zmZzK|3BRXh)a%4UC2IdP6+VG^K(aytn}y9zA`l?oAZt#WN-ob~_EJJB3(9Nal#?wU
zcEL<)%ftE8PAf~ydutalk0=Y;0y=6zSmW<^xKgiP;+DCt_}(IE2d&q;@|TRb=14z&
zMD!hdrdUw8ycNC&OXzk((iyDPvI>C1KZ^GqEP~~NwzKiuPj?aK*d+fI@)V!8#S1b>
z7EQTNNB}U(Y<d;)kAO5zCS59MaoPrjq=PJrbpq|ppF%9-aax^X_#H*^-GPmNrAy!b
z+o2)Bp$TH$^6yKLukT26Xe}N~COD_Zh=u7G|9Hi{FCUEcgV%8)_ODzLe?6-X<3g*}
zLt*3R41QN9V5%i-BT!(`nW%}xaL<y7wts)BexF?-n(TcPkU$Phtu%C%1!_T@E3%5}
z`$>eFO4%ZtC3~Yzzo><sDCAFA5mwzbuW|MVMry@jjkVFdL%Of1A2?M6vn`OZtmcpc
zQYK~mP&in2VsKAn5@krZfqo9CbZ+V2Cgm@bc%=$D4Y=Mka^aK_GpHXXC2K=zm>|z+
zTosSfz%;$unL<8*2eW7wJJIy_9Gf=bEUL*|Tm{_E5~J%UMiA>R1zyb#QnHw%Dml?w
zb?Zgomc?0YmYNKQm>8D0=rB3;5eM`1$YUlvBHx!(k={7T3S3GZvU7UwDrC3CrBiO3
zzfv}bve_4tSd~rlb|sh#KegCt(3nh0<0S%3w5RdOqFjBWR%zZ-MrX6H^sLWO`dyZO
z6-S`8@Trmi$Zv|v<M)+eSL{2Llh9jTSLD1G!~(??mEXi6VWmcmr^A=UC$xH38Ejv7
zr2}5bW>kdrejT>tz1KC-Z|eI@@4$>$bLf$p?LRKa2Y<L$bGfbo2GW`KbB$k{lxz!!
zJ2_x6yAp83PjdwBw;cS32b|1uEy}sTI?SuhGT%y_=PL9KTC1_Wj_W5&{>UwloGTM_
zWiNG`nayt@2bWyk3~$>%Zn;Nq?U8ghrf}awjBVX9zt7m=e>@Oy5*Y<M3z5v$hxy}b
z(&8ClbNT+YgK)(9F(G4xuS}aVOsYaLW0n&WJ@pGD&THr((OBQY)KpE4bTtRlDKa8}
z$cbN@*A;Ql*F4J2?pU!)O@5Wyt@|j~8c9l4SbqL|jS+D)-^bGZQjs794u4OI>erT=
z%V&WtiuM)gatH)sf(HuR)T(qZ`5rn=*1@(UoW8TFf|MbYR?6+Jr_-fe&95f_cD3VS
zOOEgMcNmZ(>;agJ{Z)0o48SO?riRt|x<qGy_IidU9Me~fdkY@bTv3Gn`hp9qh7;-v
zVp%$*P;~YRb+mExV8m0aheSgk8Cf-r<`=ndWY2z@+;+SKme6rI4Yl>9EyzPIDNotf
zN_|MgMaIewV7*|ox?|ZYyqPQ41kI*UI6F>>1<c#1myds8?KW#Z^H##8M*$fXE9!5|
zEf`?w%ZSL4j=n(%W47pjr~$8S0I5&Lhux8+V4wpADD5_ONvl-J52^VkirB8a_?Vtt
zqedsMSMR}Dq1UQc90QEB#6<kM!$@zY{D|<R4%B-vfHV&Ru=xDC>PrWo){t@c`arTS
zhHI+w?)fS5zlA3=nA6Eqg4WE;3srQG6GM;H#`Ielie6vaC-Ni*iP^t+r7d^Wv8x4z
z?==aZEo)vDmOyvOw0|%TVb*Y!wr;k>gQ@PAlCVC;qE2SifEqL=29$J{{!pLyze$*w
zRe9V`Fkb|m>KDgHg_pqnT;{#i{5lu;`&nP==lzJ==-y5QlP-);=Z$OJQ;Jw!w(wZQ
zd7Yts&Qvj99*S+>1XhSZ{eHH2qsw=ay}}sU_aXaBbAhg70iOUxTt2PyE0g1L-7^YD
z)jq=tAzF5wd<zW8wC1g&dw=uj21y%YaxZYa-^}IAG2@<lblBCQuZZG7*`F$Gq65b1
zdA!@w-s*rO@_hMT^4Pi4Zh}jBbV9Bl?N<W~6W{lvomxqdk%-7U6yoIDKhk*!m|x<k
z@(q0;i2LYw$cmg^-kV991~|)zh=_2Kk$_{SlXYso`fU$sIni(j41lD#Ea9RJPN~{N
z&jMnrbdYuw|0aHmV7)B7oXJ6ni2ccu5j-Ybwr7%LlX72ypdVW1lhS{(f)uLBtU_(o
z;waSiWEZy7^o1hRb?N36pB@$_{GqT9UX;4cF{yXu($jtGUYP*arQf!%0kKZ!)(qC`
zaBVZ6%t+XEfs3cXD4s8xtALdat5b@Rm`jEt+SN;pP~_TxH0)vfShM#~A%toAmm}nW
zBMhSzgW8q!mNP<Vb<*YDMN9BfF7pVuWQ5eD7~ow3&#a~<<YLp$pU;%ms5juT#<c!S
z>uAinH-7q*+2wMhOE4}^no%}S#6m^ILP6!Z<^{@9RN+Ml1h{Mo&b%A1N4$+k;x6J~
z!gjLU&&O@*N*;iZeE9Z?OaN{-(lh!G?+Gm|NhsQhc%(KWZ{oX>aNEdN%Q9T*_=lhh
zFN;uI8-9dZe=?AfbX{7IQ<U4(Cur@{JToU#Wt}xXA8aP-LBp@qcuQQZo3~{rACjgb
zXu~aJUMy(iK%o-O2_7Hz<E9;mOgFBTeokWJ{~dY6Q|8CFe3-{ZZ?Yq^L-|WcHJn%2
zZu+NDqCJt#^x;WOTg!&Z_0jv447rnXwg{cj8*V&*cl8Cuq%xr&L|L@vpN#7L3O&UT
zexxnmrcy<WNgp)ttRM5>#tHG6VX;lIbw9jc71Vo24*T6%Nwzi1<OZY;wz4!23?cVb
zgwkz0<Fc5N)#C68n=o&0wh4}ksu-x$uzC<x&O}#9QAKCw|L^Gi-{d4YW&4wG;q3tb
z522sCV;N$g>xoj|3|pf2x^sm<q(%6)VGt~_J&reSnhW#)LQ4Y35$29K>O@i#Q^US?
z$>t6ejXZ3q>P79u5HEv966px?pH|)0p|v>*M9?%$Ky1)SkCcBBZdG1_5VsX@cj$tB
zEi5d|bAL-#7*Iw=%_f^kDm4&+Se`_@vw59DVtCkq^>n%r+4*D<aU_`u891Bcy3F(o
zYsVMVSj<p^-p4m3y;3+7G;GPBSWNefmjBdx6?5O-+WNN9^S)vDU)F>2+aXxuRMb&~
z!A?lSd%*4ay$%)+p^K^@SqYOoB^gDle^Fd=8k8op{x{H;8ekFiLIU>;DG85>Mp_ka
zf`hMFK`%Vetx=K8D1b*P3}5g&qhej6nj1SOr-GKMqSS&!@ub*FZy@}v#a|m>`AdBH
zZM22MWJNrS+nV|_Ps|$^BMIDZDwhI&x_vuxu9c2m=)u#MS9<{MIpb0vp>H9`eF9!q
z)1?yw^V&QhS<wMELv!54L2c!2(ijU~%dD;0xMz&y#-<4lcRM%fnG|h9PFPtX{&s?$
zRI>M}jSu29?n+;Ty4O@)g}^P3L7lb?c_^*k?04a9@u0$?jy5PgiCILoJA&_Av!ZIc
z1r+qn-K^+b7tc9xNFxJU{@gEP@;AbBuAwicb8=&?^-Vof;tu3OEN|w>Sfl)ly{WN=
zBL3<Qiw(!v8Btw7fkK*eP_@{vX{z9X{!v727Hm_}QW84ZnWhpNNq0(hirzGAdS<;w
zyfn@dI!5l8%r49__x8SJmPWrDT{qAlXN5=s;2i5L0tgfhuFlG@O;omk^Oo!o4x;oW
z^s^b(r@OqWUD{#IM~eu6=6#vp1blo0R(HK!`DwU#v`Wu=jk(`7l$L^8<=g<?L)^QA
zzt;-p>$!o8x{XJqGCc!y-p{vqPHcyV%^Szz+n2obABEnG5N4|?+k{>?&y^ZVT5c^q
zq>=tV%cxln9k{NlZ%FJB2}cD#ISO2(GIG@KisNOmRCoWbwo+;FduZ}t)<*%P6QYsw
z(Y4<7jpj>FC*(>7{b(WB@CT^nRNxub4(<F>#*|bsVPoSoSV$w(=8ymH^T)+PV@yZe
zzq1rFROz;I`ythmT69W$K+g-b$kx3L?;C@z--=YQ2zsabu(Ak?p7hJA-&9k7yt(pK
z5anaC(lh+Fcu90u;Pp-1-F3AM3g^vylZ{LPR?ISu^4{YgA5uIRJb}=ah(V!)VrIwp
z3WG+1`3h~ScGIM6P;`2360H*3IjKKxeuJb#D{o1gx!`QMBaTYY(a1PoZbb?VK4pJS
zPBlvS`jXpMrnRYkgJ1pjOv5-Xe;w;&$-*dA5XZI?OofbtBi@U;<b-4&2_l56%T)YS
zi+iEXCPR*=WGuL6LFDmuAkz1z4<yb~v*B~bP?5#U7!lZsNa**)-kO?w(*NAAJK}Ne
zn7$`NtU@UcR>!PU{nVUb!h6Ei#^#-aK1#cs^m6cuneE%;2Ki!DApm*j_4@t-e5|+X
z0ouZJ*x7)1If=7Wi#prodPX(4%0a!bHlXVfRCfI2H)-4Fu$+ggw!jHmw13`<t}7WY
z23#|fpE|;&yk-v*(A^*vQhJK~oGSQ-p-^9t+MDu&r8;5{k)6kE=F6BCw>x9cmQ6rP
zI(bQtNz7TzQWXoWsOkUGL~DR7*}A*SGesjv;q2Aaj{ZQC8<su(_J1#tIMikOy!EVX
zRsnr2Y9UVA^!{LU8l5s$hrK_feiiU4i|uY`^66X(2oUpb)6ryB^T{DG6B+Uz(Lf<6
z%mbAJ|0+t)Th&S#YP=DkL~iKHQ<5MY9%#jZwpl9qT0<o81AQ>&RkmRFE>`tH+SG1q
z1gu^Ey%(T4NNAv<q8^kvAOJ{zk&}ec-3g&*b?X^Yr>DO_QVSc?hw>;55HuMLI%M>#
zS0>Na0apE{@7uG=SSdj3$wM`Bu2=BqiLZ(OmnWX5kuP9#a&>_}FDtY9e)0>;lDh%;
zf=Rbvj?Jw?`&K0T6VeWP0F*4?sF`)cDE|kt%o6M}PcL7PZxvQ$XXsr?)6&*<Ah;-(
zvh{5{<U@^J_ED>-9d#6kbgFrYqG?AdSi+RJV+@8d=^e6Kg<7iW@aV^oSWgTZl1Nb_
zF#`Dq$6$0g#f&=wo*b%ybPG4o%?8zjqt=Y7tU*R7aOy2nYr9vF0<Co5v~NVBW#K3s
z)~C`2+YH`F>ZTrS?-t<-#=L=&YG!4sGK<Hw;VTIj0^oY*K;wBbC3;ghzjrTNc^XD|
zlxFDj8-c4ry6<hoh0X$Cnsb<qyfk`o30ri)%$po=aqT4n8M)q$aGYM||1b^;uk&)v
zmW>R*dFD6T4mqhiR`|U8C~7AOi_LpAs<Lr>Oe4XV?fq2xL-cJ=*G?R0e3e8S&j=U8
z*uurXn5EZLoCx!J1wtpbN~;+`+O4G%fVZL*(4!3{y;KMxSA-jW-3zzDi7m+Xme<{J
z_Irt4CN3GgU<nthzt#s>cONO_{}joxy1i(n@*s}zwTdk@GSonpFZoL9v8azs1`%|2
zg!jrFz?s*Ty3HF2u^QJSPggqPddGK}K{fvUp8OP?*`1Edz7}i|jCi)oCM&O*K{zJ2
zbkL&`M|9%z6~F1xgUw%j3}=m*l2+*E#r!{eA0boXNAWrllo<YnrTa;qGDo;TKr@~A
zQdh27bm%mCSmoU4zJ;$hX!VN|4m0ehDVv@1x?;e%<3Y^N{_pUUm9(vRoY<7YLT~S^
zFJG+YP(OqwGSKw*dA(Xdkz^$)n|yCyAT5OD<0Fm2Ng{0PGQm?icUp2$9rMl*CWNk4
z(Ox4z@Sv7_N({XM4E=fS4s*|z-nXh*O~mavH5Dx~)XjI!ucJ1A=>c_zfR6?_TK0Zw
zf3j{zTM*e9Xo;c=+WK{HYd`bENuba69|v_W>whkgyMB{UFdiX!-^>M)9+A_#>sUH$
zNZ#w>Q2!k0H+rx;{22`ONmriZTwrS&S1c!IARGX$oXl79dja)nMiPp7u=xO~<Tz^l
z`P}y%K(fcX98F;fUH5%cuugcWQ7ax-?luq%Tf}~!&TXZr_`}mP{}xOd^gPqTGs6T+
zAMAV6!)Y<SV5yQ<SO59@pZ;Ml!%O9&KgNo}PJn*M5R>h7RjcJtdZIg#B{+oyCM1tw
z{PgG7XX#&mmgRfCBWk4&NDu%Pds*>s#7WOjatCFHU)x4LL<)iO?s~r7Bfo=}rjb$j
zf?0mlFk@p1xXu2?I;)^lPh(7j{aLYT;o#;2BFtA8iG$lrN55<Pdjx&0?aE~TIKGMG
z{?F~>za#yXz^U#JJ{H!8p@tQCLSwcmWnbPb#3({x6)hRI5E!QK+6~GJWjSo7(ZhY<
zL@-tnB~4LZ3x@A8idy~G_ZLsgW0D<Yk>QCCQya|a%5uABcS9D(y;D;pYml5q+Gd+;
ziwDn5q1wy^-y1}%B%{xm)OQ{#b8ja>;U>Fw>$N9_X+I;ku2T}`LY3=G5Ffs4q0#y?
z^nUSMY_y^M(Zb(5IV=~H)Hz-$_HC|+0+3!1!N*SlLLfchuf&X-E|e8JO*7aq%qJ(Q
z{;Y1##G+>+r-eo;7;^5T4<Ei@H%yzU<P;QM6h-PH;$DScms&ETB8UOJGX4g3-4v=o
zI0p)OZ(=5a;h9z~i?ptq%~wr2_7Mr#U1I{mQ1CB6hErPMm{gmiD*1jD4k|w`Hpp}u
zn3xQ<l-?lxJT6BCVGH-6|FR4VZU!cJW>qx`+HN33tWq?p%R;-|9Q2X{L*xv44}W7=
zG}`={pLh6p$hN6Mh||?nwCxqOHZed#h{J#<^%cxeC!1P9m0<)jnnzD{gqS3aFO4J(
z^iR>sJG%z!E?|L93)r-i1XfkskQSO!OA;O}`X3Mt%LOlPj-Q1DydEZ%zedK;*g+F#
zpC&UP3x=SE1rZVdref1U?~I9bL(9FTHipth$Yb9*y4o;UWluXxy3g}8?Th4I5u^`j
z4}}-f<%ep8DSQ<Cs0xG=Agla4RcjL~Z7S+l`A=9=3J$LRLG(*v>17A9g0wAFv`wUv
zjHRhVOHk2*+Fg{nD8b(CP2#IhAh8SCfEoSerVXPrX}-|H9kYsH+DzFjsf$N5@BQp)
zG5ppCAy-;6WRL(v8zyl*JJ0d8bfJb#y<+E9J+WE#g?WT;t7DaXw2E>i-+t==)Oqf3
zKr-DGIbw7U+u(&Ch>Lz3Y{WB!u~yK!q{F!D9y9^F%w^{X5DmR0Q3gw4AqS`)x?H#f
zNw&WeraXQOzB1yC*Ev?x3mqI*Q!@J~NXF7Gn>0Ld{3qFV^=v%yI<#^{5a`dJG`ZwV
ztCLw2mw;?HqPF-_ibix5;#UduM;nn>+2(&Mrx986@@A~Y#ifQqA><-T<F;ca*#gX*
z$UusAnqPTZ-$_;VXUu`3-TNp?(T$tK&pl&fAAm^rMyA^uS0d-~kAGv&RwuEC;_4o!
z375bwZ;gb9H^?)~pDaN+L$1u0lc!(0pe-OO_w8!u3!lwH-nXAY3D_vRQ*`|p@;z_}
z07)#Ky1W3{)7#dRw$fEUY1!|g<@#Y;p|MVrPCkm)n}{Zh^dRaJGM0vnR%(fprMZL*
zNS~-}<0JPSLv+K+S?bn^`xW<k-ZLGVj9fcnw(ni7V#1hi1NPT=I#A!!ZH@DxQKrBX
z`2j4ypp)~#qKa00jsU-_b*OL_^N&f*L2OX3wR5ln%bBr}(PsKE)~!am4M2LSALt9`
zMUPuwC#nlK@y6wkrZcl9NeH5=UkhM&J&=WXVR~^pR4S@zc<F%_H35@iC%^Gz(lv9m
zz;u$+;A`l`fL}MqwE0ke9#$0O$rPh{A*ue?DFY$L@V}pEA7_ZY%G&z+;A6jC^gNos
zo(P+!Yy^{h$kpFR$4JR!tpynyHloM#{7qtl?R6=SKztZBd<{(4YP0>xNx<$Poy{7r
z_c`|UMzTg6Z(Uk(K=hSwPT~|$OcFxx&>!>0sd^@mDV$a#RiNAb)5|F;R(>E<l7}Fr
zOk%w?!yPSDA$1y9qI$+=z@l-}TvQ&tXJDO(d1WK8kpUTP-KMj;-*ppMG>8w0&EwMP
zDaZ#x4}FNF;cr9<VXo9L=JbT%hPB4kBkyj$wg;HO(#W*C!w-(@Q7x%J5K&8@ybUz8
zZ>ENnerdKUOcc35m*<GoqpFt{)ZJjUa?2ucCOsxD18IOU;_ePi>iLR8v_9!5>`<qt
z8;evfmx!y$s3or5$KH~NYq|s>5ILu0UO$<5Xkce&X4@`Me$p2UjDB!u<8=tVUb#h6
z&9@hPf%+RISwG+IkL4~>n_B|>{0N6v9brmxVWG&+ZpS<E7)1!9ZK%&kBcAF3?GMWy
za}OB*vIl@4-~3WhxVCyCsh%%?9<CFis7~~>&F@%Evu0|UyDwg2w88QFX&R+`1_!ic
zysJIa9*P7+fTEn8qWMZT)%@t;_Q%rOF;91`MbR1O!bhfeLe~T44jfO6LOSgXW`E!0
zGx{DqcZx68w}%KQ@Rn{R5iFO#^nYZKC;A^pCj0C2t%m2)WXU3u>+drC(I#RErHR~u
zl6s^_mDW?C)&$C9QEZe}%K57LsLak9)+GIpb>Mxq$`IN%Z#kHi&(qOtW2f=7fqL50
z^|-L!Re6$75S566C>%Q4$B%V;w8z{xr2<{R(NTN16`M$hR7ONrG{)QBTrjG<3WLTK
z+c)v$;bpXwP>D*|O5iQ=m74=%!lp6KX4sBtHyO=q=zF7^py9Q8W2>`tTMP^MTQ0gJ
z7Tnv`_RRoXACA}&C%QtMd2GMuQtt=6jZkhI=DZK#cyubm@%{U#F}so<y}vq22KWm*
zSCiKYt;RamO={suS{u-Q|4bbxXL;1k{vX1@TIzA^&y>5S*4@VA&-1~}jGButros<1
zUQkVCa>kMWC_rz^#vo4Y27uqUj>$v~7{@;_eT4ll){?_L5fC3g0lBYWI0LXvK31F7
zKc=N(PB|mR>VKG)?I~Yw8G^%?$tgfb4W%B(WTWx`91j!i`woF4I0%vN(Q$cV1qn;D
zLhF6^E0<=me#FCmwuTYx2vE=T?d6C5!Y2=82TCm3Ef_|X)Ps{PxV1Si*vA<f)MI(s
z6lQ%mD9dsKOG5#?!17-+l548?qz@brFKcXwOjqS+4~ThZE=pI8j2NEiaCk^1#{o8@
z5r*UR!Qd^U+!x6c^fA5+x^<t>dDzwd&c_)gxWm~wfc<!|x-W>KguCFA%BxQk8>Nhd
z<(qkptV6{0f~k_M(uPHJ0rDk2MrG-Ez??LChZKpI8##cmt;ah2B<=v^F*%eSw)&Zt
zCp9g4qX$^tfJLGIS_ZRi3SY>&#CrZ<q63$DzFd>^<ieCW7*KQHX_qt=eLH<+F`qy0
zUdIde)`t3dvJ@M^2d&FxH^LmLZBc}vHYo1_OaCKT+D*p|G>aGMvQ)iZ!*_GG{<Xi_
z&>I`_x*sM*LMLDFJ3gBw;D$rN&Ac~PXwoh2X!rY0ky?#ce9;`V)3T<k6d-0^_kHK_
zx%tViecsf1+RdHARAuzF^P6tx3wqazK$Y!K?-Z(3l;?Z>sU#eSzld1F(btP~)d7)K
zyv{Dk{_}dWIi5MH_LpMp^652F`eurRH@X!L+thK187O9oX6J1`kEVgU--DYnHh#ob
z55L>zp4^P1mwB2B!WSRBk|=O%zX>)Rq<{gXpsfyh+UBNqCPl*2Y}_E&5Z4BprQs(}
zfuZJR*WcBF_ZgWZy%pU}A}4_6d?a){gXl%yE)Itz9_n4M4$OtiJT?7d*H3A;+=#;b
zaR_f%M)FZ)fti}UfH&9ve$#uq#=x|L2wp7MQgIrlkRhG3CS7jSpnd)_16xL|MtD?`
zZrUfKlWc;;H&LZ$Uv@r{J!VepxglV@-nyNl3GSZ;psR1+UkmC=f=CcUP#?is5=UNu
z1EvI7c$N0|b2c`$kVJXd>r-d-RMNP9mOp?T))<O@wM5Zt!!BN1XzpEjV+4^KzD2h~
z+@73aS~igv|G<B&ac(&S7a$#2cJ%r6ZaGJ;c78x*GAuZs#c}|2)R=V$yr$yr%gORt
z-$d`s1Sv$koJ}qiZTj(pLAio-$^D949>hEHEeIL@4&U0)Fd)=U!CY9xg{d_l62a{c
zXGh#$Y>-h3i<CdI4%BB#l-UIu(+uE(=rnZRim}}@wTg9CSPT|6b`d;$n5{$`TR&rH
z^D^2d;AwQItb6_x?0xTGYqFb42JAj+u=)p0CxRmV`;?3tS;Fyv6Vu8=5ABE}hlZRR
z7c0Gc2G2|EC{ib;QvbbKldbxKR#67Dz-JSV#r%C_q(LOCq3G;)8f8DMw7?pgmXd@w
z><#Y6cX>l0K?*wtO;9@I1vSRU)PZ1;y042h4r=k|4e`w37VqtkQ8R&+s|tBogDjlb
z0%PY?_Yi!Q^*bX{SV6Z*>NvbAPolrO+ySIgv^GsiX)z@=Ahujtyat6|%II|Tpc2-d
z*ls3V#@%6oZ0}V4?n%#vz;fZ|R{8VOww?v?6cs_fAb(S?f7H-JdObM@f*rX;?oOKP
z(EJ$RK5DkFHbtpGO2y*~h5sjFpw7iRpsJ%DnKxQEyy3S8(VVowe3Mi~A8bII6jaHF
zE{N9KZRlXT+QQk7F<R6w<{$5W`*;4$6#8DQaVH8gDmiL?K0DQ&GM-n+<Qq<7(r%>c
z!;Sv|Ijny<3OsDg*6E}gO$wb{{k+-?465`OhL1KW8V+paX(J~nO<GgHk`0siHa%h#
zg$X6oe<fY)^1V+*&WmM}>8bLJ?WcNS^}KRW{v&Bl96pIx)OkYKnmZgB&G|VhFx0`p
zV!W*v$-4lc<^<k1P04SZN*4vdlL63UzH?;pM45L?DyckfXLcKhhlrP#mjLCnTQAlr
zoy%r(H^mT+l$7-LNX$EFCyCVo=;pk*o)A8^66<HuY0zph4vUEi`PZSCIWg<A_cgV}
z`Y-zf@DFBB>A8UuVnOe+yoh8Ez<DjaFg5>nsyx*@iZ>zpG^QTC31EN2%gf3mT4sh+
zTEeg_+2g1rbsAlv_1{tHwKC=p6ca0!%%i9)4C?a`MvDdN5*#))^nv?Nq&<JfZK7*2
zD4XcCe0y)bR?&*&ym-OVyWU+SQ~bO&f;0Nz>%&R?M6cYB?4laN$|rzZI`qxp*M;ah
zgx17@(N(kZ3I6MAy()D$;#=+ZAo3=uq~enYd4?cixngnjKj(?;jt(@<M_-6L7XTC0
zq0qN*xZDZHx_G^x;Q$iqhA1RRqN1YYNBnxJahc0v+KPACJ{51QPH;s0uIkj`6Wr@3
zu(R+;g!9#X!O#r-O)m*4U<piEh3rd;hzQw;qiZly(TSO;myYM#n5hJo%X!B#q2*i|
zZ1ctaM$GB5OIPe(Q+)RBv-iq-CclR;>aO$#I2r;c+`#*{1`5SAk4W}wpH)=&yNsEG
ztsWLW@o&ne7~F32xI7-TiWK^E@+%z>n3wvK94U`%v}KV_)+EV<Lgc%i7$y~hLtv6$
zQDNGyGr9d?Zge73H~-u4ONJ!MUK8n34nYTZPUgX&FRd(p!#R;&gq)~@qlNhr`#VE=
zzLNITOxAdI!8cj_HrTTAaV5f0ywkwn3TX@K(I^p_NC#bxH>tJCRT;7f?iU-Pse;GS
zlBlZ+;s6X+#O`2K++{Vf5V)Nix)+ggAYbDp6bir8A~N?Iru-eC(PprolX3CY#dAk#
zveFjts&&F|Ktc0cb~_8q4-~Xs#)Ad;0HXKf1CwLd<@WawXnRJp*a@A1Z~cj;_AKH~
zP;X=V=^|QTM=wvFukROKE-Iv+M{a<mZ$7Nl*tPDjRtsq1gG*})j7D!?4jqTthEF+v
z7@Bu4XS$jsr9I-W20Sx^?GvWEA1#>l<i0Z5=6WN&uA3tpWQ_-`XACTVg6O2tZyp*J
z4oG6!L2A8Hq}m)q89%G~AgxcVzDucEQ>H#%O@76@SHc=(sSXOCZT*r^9OfSJcA;%_
z)U5W2Pv=@E_x>GrJg{BRMnu9U!@9pgULwf=QQu|?c2^7&Q^yN3@U1pg{cZx^s{Ows
zz3MlG^%Lm1qtM8ilZ%l7^!m@LS&mz3zp@foN4vEd5IjqZY4O?_Fi|VDDpXRsGA}gO
zV7jT9Brvr<Q<jIY$IXdjcEw-Bg4;^BH@<^4elZFy-@RdH9Nxo+>nc0{*sj|%f+-vr
z7^R8nsS-w+U}!q|{H|;k72{UwpC!_KK&bfBv(mx@Q+<&rdl%!^kV!MccW<~h60_kS
z%E>%*=Py+XfSqLbA(h>ya*Y%r$qF_Sa;nXWw}ncIzI>&$?30afzu3@y9h?0L60~>D
zU<K4aiS~+&x(Q>4%5{TSNY>CwFCENbXGko$Y*2UgR;ZBj0Sjue0v__cg^<?;UUuoI
z?sAAKii;pGMz#%ScCp~3sRv*KS$RK}8GrCc`Qqx%zwH(*;mC-jI58weI8qkV+_ygS
zPab&YR{eR|9KKhtBm%^F{qw#f0mz$BIlPHTo5xT_IF0gLogeaG+0%hqbz$wGg6GrD
zcDE_01u1RyeKk63_W6+{=(Z@^siMG=W5*TPPohQaar}ohgJb>mr!IOj1rr)J%P|vS
z!FIrQLVwKuJzbAZv(f-M+i3)>kx?&Tm3Og_+GIjv_$G3JhJu+)a`^ITVGR2~vYoU@
zC41Vg2yr2CX`cD<B>|fg7;<|+;$2jMxwxbk8aw-i+o{K8JIygIXEVo;;lgYCbR%7>
zsIXtv_y^c72sY$)XmSysu)0CSZBvi2e}hv{IB<F^LkJ|GeQZ5j5sWT7&7ZR^?Tjbb
zmRFLY$Me7FdJCv7x~_d#kQ9^-B}KZsOS-$eyAhB^$sgTa(%s#i(%ndRcYed|t<U>^
zzxP>dmTOqx%$&3LKKt4|p}{NE<BtFB6UcbeA>z)uXf*!J<*O319_u`}^8t)TJ+^QX
zG2|WfxKkw1Oyd3vyvaXCfY$k4)crP|{h&DlIaP2vdq_39+U!I1{m6X|3J}NS11nWI
zTpcCJ(XVQWlw;KeIxk;_#Q(y@02-^i7y#|BfyU~YHRO}I(s-S#7g<$SOHfenu=8rb
z1ymzXg&7~EC7VBXg&IudyIk&t1JLSnhyKj-nc;!&@VGTD=qVgBKjM>cfL79kG!Vjk
z|20$(+*t%@3~^pIz?mONNiaT8-D^_*>-iuBS_f5e#t*><R}9%@2L~A(DN78REW;}!
zfblbAcUp$tjvxe_AS7jg8v(c+a^M>|NQi8asCQs|$3$R}GOr)D7Y+TEhO8W;4v5v4
z_pc3&tXfB!4~CbWx0CIgKH|8_F9#0tI^Re#AQ1)L$augA;INsDYmFgi&oxBoPTY0W
zPY`0|R+OiF5|*mzP)RJtF_cfDhVDlG)awe2eWBY;u<puuwp!9sPB>bT)}io!mLY^Y
zf;+?7jN$*fp29M1D9=C6{cJ&*!m9hItJ)nHLu#>#AEUkefN|ZkJ)FX{+Xn1|$#y8o
z+Q)K}*<5R$>S2_dl{P4JeH<Neb-jc-peuiYd;ThAqv(4!y*g1%yHij1JK4)Uzgn@<
zvh2)f$HR>E-puH!RiGn4neS%7#`bpZz#OuY<L(_h;4v21Z1#9$2c``9vs4`ynBUs(
zthNhubV9xTKu(vC)w>)F42FqgXyv!?rRRyE&`#YjgnWSl);1kCBMG8e22<WZPxR{j
z$!x7=_-VncZ_eji<B3z#c#b<MHW4UJ$DU?%H6E$H&4=34g`kj-%x}7{7kk{58kNn;
z%7#vKxbD=j50@Mw?^DymNX|yt*zI;QJg7)|(2+J7j3)d<*xlFOw2B_`GwnrZ+o8QF
zd{CxY$r_o>K3U?pmK?x>LlKO>zP{sc(sc>s@$Q-zW~+&mQ`&5GI_7p~-cxR{>sQE1
zo4*R-kk3%yzO(s?b$J^Xe&V%4%oEoKc~<@jV`uc~+=WgU$hNnZ_t;UBE1kG8*sdY<
z_-g)@)l57-p2d@T^J>1AB(q?RS{)3VTZen8#gM#*p=9Oep&Mha!7_>2C7KqG(Z;Ky
zr%*UCMFoX8kXB}q&3qa;JDx~4qulG%=z!{Oy|nqu+J)iS;9=n+4ND=$PlC?ihuixA
zVkvE@ZJPeasVJFJAvTx#n9rD>%Hd)y4Nud5fmKekfLd)CQiUY%6s08jy6Js)52Zrh
z+7Bziu^h7U3C|Vi<w$U&eo#n$*5=y`Yjue8{pL9;iO#DACkS^t=9N0K>i}}yv&YDk
ztPoCVkPw#E8ei|q&`q03Q$&b6K2Jn(8jO&|AQir%6bo0aG58#F%@_pHYEYi;yfazD
zJXK_-f)`i1oSt$oJ(gdoe9J-cI)+L$;9fiU;T*H8xV2=tze92#;X<7yUu>je-x!vT
zWzFQeo#9K|j2C)nnYo$$FB7xvkq98M1A~G(nMWGWlapOFt(mOeb9A<kuDJCXsEQPm
zOk$GPtm{DUuC-b!pj7hr^OH-U_ZyL1e;P`?WGL2d9cCTaz)pL<d5}KZ_WUIllYgr2
zenVmnWmtVOJKegwHpagZMaF<us+O|!QCZ&nfchCqi_R8aeVXC%fmzE7jFQ{z7WcT9
zt7M<EktLMPsfQI#lg-12`U5Bu*o=u~yzl@-ys}G7Bx0@Am3h^<3OV09Nzrj44Si+%
z!j`+qEb98aiG1i7mwEiqz|A-a>9fvXg}Gscu20~G<T7*~Cwu#G$}#uWy9Df29u67o
zRWL|MP)wHj)a#|^%f#wzjn)_U>&W(W7`PwQQJZi8#jQk{NkI}S_imYoRHh)=?sam6
zr)S@C+dwI|E^bb1uN;Mh#NoqxI2PaMF)A#wL_A01pV6YWR4O&!*N~hJ>EZZ$D-4H7
zT6+mUHv59whf?L;6;s?Ea`n84559A9EH%96mo?IB*gpte)X-3E?d4FQ>^kvUuEPb=
zY*rk}PZi#xS&GLO#-!Xmez}T`@Rh0*xyqFNRBckrF>q{Du0ndRk1POTd-c<_Wta~V
z4sGihdJjF$(egR2**m$Cy$8Fc#bP(#S4>)@ZsdA1cka-vN%ZNaPNl)+w!b;%z?IQr
znh$oDFcStLJGm=}RFqQj{gu$s1QeW7ZkKym9a1df$TD1Lr3tGam6GAcy}50>s!y@n
zmQkrRvIVF)SkTXDuHis6Reik~#Oe_tdG#v9`v8a8Y+4Q$&JaPSNL|xNTw5<&><VL0
zIWJ3nVP$y#f;@;Pgx_d*rf3R|d?2z=a=oc$cr!tT3!Pacttwop<i~ks{1z?)3RnjE
z23uhh=FxtVcrgW%V-j>xD~Z6O`{U+7im)n+8$E#>x>R>yPPGpA^O^N3_A&o}Q~m)(
z+?uNa653#Ev8QVE*OWA2HMpAx(UlQA^Yh5$ulgU|%mkgUs*<>b-x;RJP%;i|N4W`W
zH0aE7khiUP5)@5e#nwJmwr`wE?!_@F$7zd2jIdP;u~<$neI7J+{e-?`ymn7HSBOyv
z+M4DTgg+j<Kk4~sz1*ZwW`l%Aq~~-xkO_&j9F%0@%HO?;_{3sR*ScKi=s>`-laJHd
z7{~JbAbRvDZ8nHClKH@GHl}vPd{~Q~xcm@uA9g;8bfTo0s3H-KSgw=G&KI9YyBgMr
zBqA-FQD!HoyLNMm5>1q`@X*sk5k^Hm$59H5RLDqVdW#Thu<i!*sGxi|Ybob;wn5eu
zq1B_?(UrA`A4j1aT1+h|cUY>~7(3Fcu${k4;sYX{0Kp;Ju!1S05gV<)J&@ZZ&&Lah
zg>nZvTGntn1RSj}ph5Tfi8$9VrYCg7Rh+FWGK;<4M%Xo&j4*hVQGnz+K=1+8kW@*p
zJSh|>>b_o5JJOzu{B>+GHmbDqXoXiG+j)ZDEvI!m{9rgt8I^@=-6VLqk5v>KPsrJV
zsO%j@>~1>tJ%W?h^Y{_0A%<FflSoR-;KtwpGf+}*U4YW#EgoH9@y8^q9utR>4Gi>-
zP84<B-O(SPsx79(28~YZtd`gl8Sb|QOhbWLOUF-8OeV83)gKA^%gPXt>wBao!7u^=
zqazo6lj4BAQn7IR!pwldb|<{O$uW(Sasoy3gfL9o@x#MdkVObVWA`!$%gDCZ0$1yJ
zP6mWHv|eqFMEP{Q;9zmusbGM=n@B6Whye8a^V00SG3%BH^(>j~oJMtu?=r>6H`OlW
z=Wui{1e?<PoK;<Bbc=gu`NNb4d#t4{0v*ZdmAXi@tJiE&?c8?>LY|`FY^kNUX~i`@
zpmAe;xX{KLyxjNlGwN7k88?oHS{cli3wx&o64;zO{Kyft)#;#TO4w~J_ZH%*{41Yq
zKtD}VtaWZD`KX!mb(h{6^E{SYNoR0ws?=S3F2S!+iY9aFGo`Samo?1pSNEVQP|L)y
z_2{)(8zrbEjg#+>HV{u0KV_w<H91D#S7>`I@NrzFj%F0$a<s?<neoJ^pyr^dJYIXK
zwJd+ZK1@{36smrUWunHtzP{uNdvW<w@ynIonlouMO)WC>2RPo4L9^|+l0}&gq5MI$
zzHaJT=$6Oi3Qkk9FovxcEmEKRbWu4%=K1tcaF4}em7c&eRK|!JWJ}iUIZ7_Rf7}Y>
zL5~GQ;K?2>)>l!-V~?Ei&t|tiOIcsKsjKR?IP5cr+&{>ByuYXt<vs*Ydlmpx%JOz=
zQA#3CgWTNwWtCy{4ryB2n$T_66%}aw=O;4<x0Hd&B6HkgZM++M$U{}DJB}Qe#&-%o
zKFf23-HL)gLp`4_fGql{Pa8%$r;)oM?U~W*2+^#xT6hbI-KDPQ<f5v>Q@T;8py4Mp
zuM@W`w*pyj=C<?93P~1+2Kz7Dt0_#c@x+mdvX$aV(Q+K0g1b{d?0rZCDvPZ4<eEB8
zo?9<RJPvmnUji=N_Ro8x-Mftv%PQyLFi<3)T2mX}PqmFfnxuip1)M88TZ_RJ)Ly=t
z`KBDASqg~<+a3u;e>V?xmjoKwb!u$cNME=Zm9}sN)~@f3QAV+RRGX#pt+J6NM1riC
z{SNP;^$VqXPUq`Y*imQV3CtJ~2=a<%>d1lwDicT&G=f}*4%MGz*N~zhD&dCoB2=py
zstjbsk%O1Ms*#h}P76e=`N_wNmTj2H6V2Y{lB)N<akjt_4-D{~dwY<wex(oR=cu$^
zW-;&WsD9s};wc^8cz%a6vm`y^VyBH?Vl5~^NwAXjz4$iHHOk%9ag2>YygzoYYdegH
z-1PibzkYM0JC<7c8@U3#O8iP;u&wQ%UH~0@ZCO5f{e^QbM`9MT^@MP%#lEf&8X_8E
zz40JDK^xM2Ny<gh*^z0xk+SenR!sE=F53r8oaNRT)&#Q|^S&M$c$%qrLY4Y5LaW+H
zMM33l&oIcFmFxrilBac+%ZC9@PqE(8sr92xOZTTf)~JSOQA_8L%yL>THgx8Rq}FLq
zY<XecMr|=osv~7~R?-06Q%^)<mwX!QYxN3{Yw~i2z-|P^8<ftDjy&B?p*OQMtv_|e
zxuGu01HV4xa;jsPE!{agR0FfK)GCdt+0(cmJr4@XX*HW&Vj7%SEJiWoqRs(ZO5FKu
z!xk7|4n%@4t`?dlmZ8Sx4_2PJT(0Jfr#69rFEBY*d(zqL&J>8wl*pUQhjvJ_ig{5O
z`+|A$wpoGKFsC1s^ufM2T(6Lc(0g!HqrQa7VT@=?I<;+LqnbwCT$Brk&iAcPURfWq
z=>NoXX4TzGUU?JCEKW7G-fxRYJkQdoS9~~UoOI4_)+ywtv`5gY`wRe)D$@xbHHAoF
z)u=-)H(3zM<Ky|Bm2Wj)p>lD??fF}yv1(SfK;BZr!f9fJenToe4#!}0o2M*FCZ#-;
zh+`Zr8ETtNs?Y2AN|@cvXV$GxiG41aw%mtJsOnl)&vww{J=4lRAp_6ky4D2Ys*8ww
zfg>#+gS2Zr%NCDXqmI|JJm%w}M^6@_Hlz78FkbDbDC1K{r)hT}&(F$PcP^I;Omd~B
zx`9@YN0&q{^PD9^&5xOl*F4qmg0loA{f`f4d6Mk5zW0xl*7E9>iLo@;JHnQ8c6uPW
zTNGGSPwgsi7JNxTMYZicmXf?h80d}5sqRZyN|9i8$AnnQo48`Nc(u@p0n?7Ix>=5k
z$LOia@&yKks@bTa$;Ja0r_BnkDx><{oI)inj+`p@;wDGbxYiMFW#6T3Oo8u->JC)y
zo8!+WbCH_!*&bgM?&s_ce#K$a1EUE}+On;@&-#&xTLw$2y>T0-Q`t?c1?lpZO)H~b
zEqCD#?6crodo>`;H90d3-Pks$Qcs9W#(({;Nh|%-f086UC|e@{MwB>F;;CLKt_m?(
z5)yW49-FIXaa(Ew#`E;xt{1cU(2c3qdz4TN0=F+4+?R%K$tXZB4D{}yk^xr+eJvMs
zSbAHf!WXRa)HPmeyI`l4tM=Y(3|~OiY;t_##}u2DC#?DhRB`_+2qYqa<v_i1f#45z
zr`Nf=*K==bVCu~>cRTI#l_6Z#YS^Vquw5AFQ~TC2W{ED|HMmiodfQX!BROs^Cf{o%
zEYSuzh`z9Z(;<&21<QdUMF14b*Ph+2ZOF5&42(p@%t*mAVq{Ww{ig!|=&TYN?#u={
z&t0YYJMC!axJU=8*2=~&hdC{shEG6op9GLNmFW$AwV)_1c8r&Gc5(Ams6ZB=wLAJv
zES9mZF3MvuuvIWZm;k7l)7qd##|}a}uubzMn4^Spds;u|VM}|SCm>hP1yeMt{lRv2
zV=kMa^<(GUc(-+>V;8w`xRNBmFib2YNq+Z3bqtmUUJblH_EoW((7h5BQ>ffF!D!+5
z8RS6fg0wWspa@17Zca)ob$U{qL@{VL;fBzQDh-n7o)ZoBjjp*#PTCAX0Y|ej^r2>b
z@LFc+2aL+EsY#wZKHMv*XXrE$BI$Lmb9(G`!xfNUkd$HzWc?pz1Cwp>^r({+kCKW(
z?A`O3Ft3R$g5oo~Y|uH3KG9d7lN?of&ov}fQ1`EVL-tvUiIS}f+Fn`ot(nGA@963{
z=&80XeIj?2dm!Y88Sxac@5H^B&(|K$&WuoFPzoz`yF*hKb~{TkXIfwP$+Jw_)kdFF
zgHxStwibGN>%Lt+TKuKhIPa=(Nx{+87o_dUpxB&8vZ9R__7nhwflZ6qY6B1`)igjT
zl?Fov*UCM_-??oEElPO>29ynycM1A1SO&J*6VWK=^x+CLe4E2LO`ordzfL{rw$Oyf
z`4>Z$2Vi!sA&Y~D-8Z#Jmtmd}2Jv<22NvVsd+QkvglW=ZT?-BzF4w1AzZp>}>X3UT
zT1WHvB{|RHL|3dxu*p|ABNG>^VQF@I!1l(vd^v_mo%wQs*C+a_ZlWglD0*WIw`!r1
zCiv1A|6q7ux~ON$eAefAX<G-*7GZMRk4w+!eSP(9>j3&10m9Mx%KViosB?QHYDD^1
zVr&}ExRx1zOm0C`U2e?Dc3^gsw9ak4gxLZe4Na``U^z?1&xFbyQG%UNP-sr3Kf=jz
z^;a$}j(oXdzluJJ89h_!mW7|*oKDC=U3%SDzdE6-9H;D}j3t4#l6oUvpjMKh{jrkn
zy$m;+c`U{sl`5(auFacq+}S13!7FtLM_SAC+hNVuJo!{KlyH#fKXPxn-^02-Eqval
zYRbw+rg{*yenM~X$umG6J&KD|{dri~skgSCgk`Py%BuCd^Q-2S!$E77=nU}(TF?1w
zd6WcVsUW(B3;>Ffg}!GHvb+jvlhGi=;jy~A@-tGD#T-gx3Zg=xlBr`f51^x?o2)jE
z6M%8OIuNx~Ma6HIElJKUL8F*UIcHhv%g62N9$Rhak51}esI{K($9uObnI=!p#q?;g
zSO@zSla_a?(rD;IBByiYa*iXoZiW!JFro-Im@5lHq;{pgc%M4Zx6`lQS3td()QP3(
zM=7(Y^8|W3@2ifkjbfkgzHek@9pwpsZS+Syq?q07s-3Bcush*DzoM4Q3b2#^Lb(^;
zEs0^y)F&ifu6N)vzLJJ}*7~jRVE*=Cu5v)px0*gQ6a!;&b5L1kDwV@C^cb?3XY`A~
zLjBDUppEYWkITE5dS7pL>?bEIFbmg^I5c034=U7Hur(IOj8r>65csQ{(IOlzd!C<W
zZK)l_ZF<Zk8Wv1W9_|_1-vlPraEf6&K3Tw9#}hwl=D?zK>#e1GwC4RnBioX`J=->_
zWjg(`HOZ9ZfXN_gb>Cx%V|%o7m1cgA$~7~s^VX^TK(YzUZPtwC5!`N6IL%4MDxg#o
zlr8JsQM@Hd{*f^2jo^7seI<`4<>g25EeQoqT3#X$CJot4f9yamGquz3fkJpO;=uLD
ztvKD6g`byS&Gu^*mwBAt4WzNKEa}T0vsq~u1<Yg7m!~sm^GXe*F!&=2^)3eFn$N6L
zsnM6!4sUFUAKykjF|VxveyV9z&wM@s#I<7GJA@SyCsxO8>9Av-^<gwp8JQ)HC0#gr
z=$r1*i#LGo?A-PoXV|n#duCJViwf#?e#n-jqZDg$8mz%&HwEt(zub(=w?m^8L6|kP
zVT5zXjdvy&DPXqcNe<Gc?x#Ldt$#kH8yi?lfx(_2H_$s(SY9Jiv@fUR6dSm#X1I%<
zza8v2g7f_mfNXuj?V?s;4;3~!ty=GFj{dVoc50Ra8;9{LredCqR!juOc~|y1PzniP
z5zh&rQbuke`wIn4>#^V}ajUgp@JGGCDtJ}ZtdEB)zeWhvW2b-K8`@wc%Rh3*d8|aT
z&w4AUK_NjJ8SBOtffg29>P{pE@oAO<#Fx}hZ3_@g=W3kQ=k2FA4&d}36XYe9t0{_F
zlONVDi|cMsi`^}sHdjWd&~>seolv+vBWstjQyQh*y}LDSotqq|@Ip(LjokASJd<J?
zKl@FF0z#O3_9T4&AlCmVZ&>3<Ih{%La6Y4kuD>F36$prM{}Jt*9f+!XBCZZ`DSQbZ
z+OfkpmoOGrS>|QT#LIK(T>>#wuM$#;Xpaz_dstAJ^mooGwU!5j8iOif%XEd(r>Y|{
zdTQ!WmunAUuK1WH_xr0%VE%I-84jzB7m$Z4p$E$RvO7MRB`RN_*;wPU&OZ*+nMdDc
z6?;C-bxnULwRtX>upcQ;D$sz6qbgJ`%^;J{5n)D?n~+9gcz8Icbi56ZnUQR&ka9Rw
zW8{IK<CB$zf<r_kHp{Yw__l!}G7P0~W-bh?O!P`Oqi`7hZc_vtXaSsc#I-D=IN&~x
zfzr!S;S%I<x&PeaA#F_O?b~PFlFA3vwn{{=0e%cde1R-jF!7FPM$_51A5M+;qmD1E
zhpmUPd|aY>pWCfx)iK0s%}~UO7ZjC0i36O11&^Z%@l62<7@SC~F6E|Kn@CBpfYj-q
zT`-*WCb#!mTkg>|j?wK&J&g?b$JiSc(Z&IsZI)iEGu6GXwd|K*JJX6(I>kdpYBB!w
z6Avb0kCu;Jl0gcWD|)eZ?KI&#4E)s)h$`sAS&XZmx!(BC__q*=)h^$(l?IC_H=i0!
z_0K4HVG(Wk!9AY94yGHyTr2wXDD?sjB_NIo(wAtQXYxS*&~ah9Nxp}}{Vr_a;jB!T
zf6ir^E4M1bcPPX2tUvdQ|H{oiP-oOQ-xo)N7xIBEP^>(CR4tq(B1iH*b?JS{Xr)4l
zMgriMFDk;{jSwQylj2BSX+yb&3PmOs5)!J=8P~b&%OiVK==!eT<5sjNZXS_;xZR5v
zHrAb>mh$Uh-gcVOdjSCkg^8T?JMS5+&TI19pPWA+d_bwRL73iD;MOfuL8;C?tK(<)
z`72{Jme2F#k$V>yS|;MzgVCZ&T!XPs!!+uI9(7v)mCzv!95KOQ<l#y0{i+FU*NY%+
zw>9$0cv`DsJ_`a<7=-oxs0@_3ri*{VW1SPAQ4?6j<BiS!3fejA-e^TDt`7SIQ^x^T
zPCJ?>tABZxiJ;Dp#n$26(FI^N`|H~X0EVs52HiYd`%DGXeWmzD+`N)YX)z=P_uh>@
zQoEfOd1eE7O}}J(d_-uBfB91_NdV;Xba9&U{UI<(gwXX0$hDTIX<U%Ub>?l0f;B;y
zFQ+-^uM95#=A{o4K$7SZl4xW2eg|CrjN7iyoeF`&560}&0Q|?4d8E-VW)5|_nT{5&
z=dn3?k}7fRW*;xd)(xW0DSx2x0Q`gY&G&k8YJM9LlX33ki;Ps;j3s>6eejcDRf%WW
zU`)D5O<1L@n1jHthicnRICE8|@@8`tXgF+kDzFy^I1b;yA@kH{tQ4AE9GG{l@0hnm
z9kJ?7#t76}Jv1}+$d!r&-0v=AOZ<T8$rl%Zm%}E(SE1G8HMw#Lwq}c4f)D_+O857j
zEm9U6owVyim@%FVjpB5Ml4{ejg|r9OJaiXYpU1msh}DXi*&f~2LvV>54D?yxbaizV
z>g`}|@9qj1ZSj~K4=^35^^w2jK-k(-9hFe|b_d1fN#+5Aw#RbQJj}@8)_B|YVN6y^
zwODLu@MwKNS}m`d3~uyi2^=B_1m_HA1V7M!4POYEU%EebY~#x6M9je?wi`!Sih(l{
zpZI{`>TmRTOv7GxoSbcdrd;Fp*~R+geDA?z12U1*s(z|T<Q16pr*IN!+{i~LpxXC2
zJD8ID`R(G#ZCb^pw;cZJ8wmE$=h!Z^x@;Q~?pWrL+X!kQ+=}R6R>W7|0DP0mqpQuD
zuo{j7!TSn=w@n|`U?Wa9vDRu39r-N{(;zP%my1YmsK7YgqPNRI6A2UTp$Az$XKFl@
zE&(O6%UXlfIi0VMLiV@U6I<;UH>c|+D=l38xS4g-CGxrNHjQjE0v-W7LV!S`3Qb^E
zrP4?;@{E9QvBnY$v~RqQuh#)g!hJ7H<m_>Mq-nPDL`084{Pb`xflLwB-X4>$)BgR-
zT9@s7i@R&2gDL3hLVnPEm(*e-hgXB1{aiO7y9NmwJXPcsmP{&ZVNEZDZib~$->)YK
zp!&2owxTls-j~5xs&UC{vH95wdXb-f@rOMQIp$99^uqDjMQO@8K`ckQ%k|^dM$~S<
zxcc~Z-R#1^-me}9f6}Y16heR5LMzpRTM4!p;|Xnl(;3Gmv=l;G!tY+MVOQ^I3~5hq
ztyld<o}-KLqQSwG@kh&ywdp-}weG%<P{#s(D}i2SYnknmQRxdX2+nU_SLrzS9jUZQ
zn6F{HUcq>IeS$F<PWC1DSCUsGT5RpbC0pMmP={^q7KS(`d^zeCc0RsnEa0S@=uyuU
zl5{Cw5?3htYMWbSyLDlzcDApFzGrDK_L!f~Sl`jLa1eSI6Q^B6Dj^}sBZCf5(g8;2
z^?<_`0hKGbuAbVskUIV=@c;W-{qXxpb_}`YrFr3ke=d!%7g=@TvbPEoh$sC>!1=we
zm90Id(%w1K5%EL>T#u=5WMt&1oQRNc6lh}bQKBjdlm5HcJyIJ~^!-r6Cl{bY<|opO
zcZjdR{_o3%1|0BU9l$ltH2tXk`(>v8IDi__H8Y8p^z^#;GTO8di5q&V(gD?h13_7D
zcNH3;AC13y3sDBPd24TB>VrtEmhm0n=Ku1V6N}%kalPWy|MK@WWF){IXE#AzQ|7Bn
z1gl6WxFPz0j@UwWm|*Hiz+h08?3YK)5zG8v0luCe8_v%75*JNu-2s1h=YQX{p@SWM
z=D6~;jNoJchrTZ)u6;2dnk*mMKYups`?WSu--QT+(rgK)(}W+M3K57(21M+b6*Xt;
z?V$lgfzQ?GUGw=B1ojI*zw_A@Qv4jhBNXLZ@*Q~A|9N?N!~8yv@ze95{v{i4+d7QN
zwKy&dE!OLCO*RVMH60if%M(8OKhN;O0d~$1nh@b9U_3xek^4dX7q)l>&iwoF7Oznw
zf$#dg<fhmcwy=ElMS1vF(5xPT4``YB8I$JUr?dJ38<zZiYLmj3c5E{j1_$E5P~{bv
zKguX>mA>}uFB931f4|Ki5!f+K16D@_{@QrV_KvQ#*Sd6LR(5?be?C$t26#hJ#_0|O
z49eRHxOceCKk5D}@fm)TKIvOK(Vthmg5e~75icx6`5+KKK-L;auhV~b*o)ysX5K4k
zwo1XA!P`T;D`{04<Nt4*)r<6d0k#sdD1V;rWsLN)0CR;JVH9jsfv}ra7+~l}NwOsh
z|9=D_>4g9&5yD1Z_#?E%tE&-%Sl;0OWuMCUcwI+B-E}Fv5a0gUg4N3xOl$r6N2A?4
zZ4m|V4gu>V&tQyy36#tSu#XhbZ!Lx|+&G@V#^yFV@ZEo7A=dEU=h8c$z=FRl%^CPY
zVp;DBecA?!?SO89ZfHR6aejtF{^c<!Fbm$fR~tY25jWlwqhoV^`KGV(SGNAw4f=1;
zV1a}{@Ry5ty<S$pf7+#|2ca&34RB&D)vNz3;WMy=;q<*bhnFRMvaxxr4#fShO9=hF
zgi!s!#Q!WI=w%72nH5}#B<Ls@?RpuO8hv1YHc$uQ<@5Rb&(C;)=gZriG*yQnefvK}
z>=ld(NjjHFZ%dhjkO<fxBAr-)&p$@i%8vSi;I{IA7{k1Sb>EOgtimz?JOs;(Gnf?r
zFa+;B(rAnJM2TS4#v2IyK8BybK!px70ldGT`M++)1HG=2(e67;1+fqRN_-s_*r7-N
z(p}2@6JPw-^BldMVmSP2IGD|UH?s{HSd41M+N~`>i!DrSPS0X}pZ`UIzduUDn2e~F
z(*O+}hX3>Kws>H(46wJ~ZUYC^MZj~AS9jOqGVKcHr+?WRFd{5?vtf<m%ptyWc1C-7
z4^l~ff%(G>e@=#fAJ_)^SDO$RDEx<Ir(amM7FXa6J57fG>@T>jf=?Q36!15%|Ij4-
z1Nf|$*juh^D!9+7x<_s8?lZJ5@BaMuf2po;x8H(Il7=JpccZ>SzibqT(7i#l%_h9^
zu(Z<aKZ|Vp{Gu)J!>yFwLOA=uzJ_K|uiK&icXfXs@b3+8!S7=)nLL;j{?7-jw!bU@
z0XL)jM|%u|4+tFt>JK;LGXW2e`QUP-jt=b3;y3S2ChR)}rZ*=DG9Wr&p5=;XqXaz^
z#76e$Xs*IyzB~yT`Chze1BIqS0jhxEKy>y4<eO2z$F)1YDgNc64~gCJAdkWU#r-$8
z*?@nuAQF#~9@g+n#N*1kd3~Qe`ljIjJyx#?ezU0S5S9zvpDzw~1im=C%6yDT4LJz(
z{)VT{Za8Iu$q1tPkETSx_j*f;5Z{Fg5B8n&HKR>g)7PGmG~U~D3>i>)x$Q;!{o`)C
zHw2fx&E^234sU#eR=pmium8x*gvMr;&JVtey~0x2sRBhZem{8PC6|*`u*2E%6!f2I
z!ZW4XETWx||7@_=JxX6V8Oo+-3)g0;x;EZVV5vK+t50`KQvYE=fQQ=D|1~a(DPFBZ
z{gJdXK_DJf5i>F|u1kl6j>2UrnY-}SY%))jrp6T%h(=>ojZkaVJ5dlrVS2hIsC14G
z_QI9`+$yx<MWa?rw%h1SAY21xSB%v&kQ8sh_9=Tkygu9A&6UQ^yuUu)omqAR2l(x(
zz5T2e92l^^5l^=+e7AiZ;$ozXL40>(kfGb@FW(=TeZjrb>?#e5T4~T<)O)y8=}#<q
zC)e5o`*)2$JMJ=48stL>a$2u}w#(1;-7x=iec1fKL4H(l-x2zr$n5Vy^6FbO3ZO9L
zw7gwoeYyo+aK~nYN+~~I!Fby@?}MYM3d7ck?~o<NkbOsB`2Wb`EdFW%mJHFLLb^u%
zIpLfu5-=dIiAOdy_`Q3c2}mxwcVsnCX%OEz8y*}9V0Oh<?_!^s;^9z+fRVM-5*AB$
zkY>+kgJw2kV{~pbEMYa)_sW_qW{W;Ri0IAc$<U7y&l}wjmP-|L^e|n&&)hn+Z^=KV
z@=fkTH=>vt_pT4&jHl>ae`Nr0TV0Zf{V&G>Lb@vOBACic7>;YBvP}OGu-SjeNKpxG
z_?;H1LjXZ-c$Xy_>64J$?HQWs<^Woi<Dpt1PQF4ua`Tgm)7j~%ZXpQHv_G<2={(1n
zuf^>)&uB=k04^fJpNyPbEXChP;RjH4Sy5e%J+Qal;IKblnPh?m@Q^QT-5!)e$)ZOz
z(A`yF!_9sx185|w_%MV;_XQ|lh~k{9yq7y2H>|f%Li2oH)*N`a!S3iH$pa4OvRD2j
z<{dXbHR4I9p*p$U($?126qo@fxbi#(9Ga@^_fv7&qktt6;xA04&Lxb)-c+!*fonQ^
zkR~~9`&+lHrb37zV2aJbK@|*ZFExOuX*5N?rMQG^+n~LWR&31te}V}TL;yfE?zNPm
z_yv>yM>XQBz6h=X+L_l+L}I@99k4;xM}Jzt*AY#n?)ZV(f^?}du8L!XT(Lj~sL+}{
z)D}u)ImQ6|R$&)-UaAPdUkCsuDmgO&!FP`*=NxuC_Ai)I#p=o_cs#g*k9U{y+rLlU
zEr><a*W~8Y7796hh(SFJWP|>)!U$uX&<GNKs2Z211Mzg9fS_N%a2l6jt#!Bj+?#fC
zAhSeT=5x5Q4%j>CX`j;sVxX(yEj{4R<R$X0gfw+7=l@Qnt9OlS9j=Yb)8KMRK9s;9
z9z*veU#>?4*zPfb^X2ybprjpU%X!(|@$B8bYV$957i7S!Z0_5$AoRxTgPed9$cux@
zp?syo`RFLY0pT$0Uw6h6Kox&5kSW$1oSh*UWc$Fi_b4SD#aQ1rV#N*p?nB1fwOw;%
zF$_v}=$<rBu?8PB6x6t7O`Xfu#rsIt!VoN$ac^i?&|Yi+P!=HX4fR%Wevhe;Oy3Xw
zVp4u8PviD1n$6y*!EW=-;hOF9<;<PH=E~P~s(};^7NQg51%!zlwPtPitppbZzz|dP
znAnnR5ENN|Gm-h+a|jIyDc>m+LWbX_J%pj3esl8`nId-WgBwC+E!xI;3(#!<6%|#0
zMPJ`^-LKVTBFEDLjUO-(yyB1%b@kABJlPw+f^|RE^2?H*xzGUS!51!_*}wW4xQTr^
z7MD!5XU{|s|A(jze*{o0Tdw0wv7!$MnP3(r!3Vzm<Bzb(gt&(>tMFzAu&*7A*Iz3!
z3<ncqj2<6Qc%m6q7De}Mhf=wenckyc{m_(DF4aoWa<BdrgmNodfb;9_5|jPQ4&qQ6
zPaIx@(1I+1gK7~hN~6>9XBr+y-8$E6s}J06DtjO7cz6BYVvTbgUno(2BIqz3%Mg5*
zH&tDD(nHsH6`bxA`{M109oHbEw%?)@ize-LwSc4}Kf@;?T$G;d9{9l|Qbd@_ZYu%8
zsN6pBrKLk6s<WF8=Z(*cpye{_=+f^EC5uQ7KncTU6HD`CRx+$2l9(LOZbUDpq)MEY
zdN}K1xKJ7aX1H$#qM_n)YmbbVKHsB$_#g&o9pk}~7K=y5%G9gvM5f6)Q53^5wV)So
zgFDZq`k@?-;1?C3d7uNg^SH7j?5YI$YS0@ra+zbN`?DMS1d{xHF4wD37H#QrQYq9i
zL+BRIXngbrEG9F9apRaaAZXAmo#vqsa?C^YzzArGBuKZ|j`a4<y0A^f$ZWbC<>%^_
zfgANIlY|Yfiyk07XY1#CHKd^4ts!-}-Wjcl39H4r&v@@{+6bJuP+pW@Q!H<LoL1&e
z>&*BgMVtc^BJmzD&;E}B{|EEDAi^olD_=Ux|L}xPkXN5G{fXxpPgGk$gYcO){geX$
zM@2QYY><8m5%^&EfGj>kv~$7sbuL9_i;ZOmVVD3>stLj5cn#f*@DkNZ;%d`#aKoX*
zC94x#+j5H-+klB~(6kR|uEJ2hL!g|#(vRvgna6YasD*<<A84hRFP+v>a0iSdEc-f<
zUg4<ZS|U@*5;})gmx<8-Y4shJ%$cfEjvJ!k=17f?4+J_9uFRT%_$MljDppN)&rn=$
zMin{0m4Qt3;xPrh+k_HfiDf5~{ZU^i$paIaEeH6@pcyT85F6ZXBPD}CYPXYsBnu1A
z60C_HdBeQ7-?~stK`l2xz0Q|PX%J&1Re}Rlw{Yz&avFNWmt7&rx)Edpc%DZ_epT(s
zaZ8-RXfpA&cWUMg<a?MYZ1%Cokd@?v?m*IqtYQGG?O7HLilQ;41gaGRE@##!K%+cO
zQ;}=bA)?V}@zF4tPmf&8+&SDiSmFZWVO?nMTyHS2QF_66*tN2f2H+!+1bV{^a|>1a
zgHD7hLI;VFCvoVk$B!1x>P0hR0U;ss4|rT|BEGMKWR{!2$hDp%9*@)k2Ue1YrN{Vb
z_3&hqvpttu(XRont8O@q3)bWp)X6IcfiEEu_-_1vB8H|2z_3}ux$<qc^`JHSt2pjq
zNk0=j)6INJoWXApaBk5l<&|yJrZ4TCC<P!=N%E3M$o<_`R_&agRy&{Xgk*9&vaX(8
z+n~2uxdJKmn_3`jvEqI$X%|SsQOcyNS3x1>4Zch|e%?cu+b+k4@{V|Q4@*X`TuA^#
zKpSmCzX#L3++@W934=nF`5k|x4HBEO6hTtuE8v5=OQ6z3z~YuuZBehWAfwW%qLuUk
zA*gmSf9ca9@;SJ2K`?ZX@n8(qp%~p(bz980$1s~dP-XIhUGFXL-t)fGIolkR&g8)r
zpQ|*Mw*{uVW#dqKEL5A594<emrH;&t=1OT?SNb&obdWsXe#|gNlhsj~#V1#&E4xGD
zFwwzmENaQf9R$_W+CJ2c?Cy+xa!FO@aMUyZPBmFwSNLQyDZ(Y`Gpp^!CJLg?UU|*E
zGeVtZy}xUBrm??$>v4{TR;$~oeR2LXO=5ha@_9Vs>QMW~^axMsoq?#vt<p%Xs)d?z
zcBxu@Bs!-fY&yZuCy0u0+37UqxclqFOq$kYlUTU87qQeydF2C|p2PoZAHTp^j+b*=
z(_MR(!x%dAKX^9Ii<5u&MkQjW(+}Hj^QT}-OH1@^IZ4U=^-*Pc)z?77Og)6zlMo;O
zBAIAo$(rwgWk!*fo6R2&qnjaIw0nV0!mb`q8U?_-Fh2w=DY}`=eC-wP{zMk%*`@HM
z#~5nGM5;YhCA?_kkyJ&5F{guBptZYsM;EZy6G1dBS!dQu4KW)(s-0;~Day(!_#AiF
z1Z&Fb{D3KAI;kna`x?zIXemH&d2gyvI)+>^gU|QPnB)`7hyH1=SV~nsfJ$S7K^*Jz
z)%)RT+PH6E^E1}E!GU7lxXD|d=Lf)_WjTJHyU}Gp>1e}X)tP1ShPA7^o9x{hJ-u)!
zc9qR9zLF=|ir$As`{I1NO`SI|eT9_pAoY`_#_Q3uO;1cGjBWf?8}O1Au+8;#{?Cf=
zR+822EA{R{!>Qb#YpuD;!*j9|@IFc~lIYd>;UfUd2+v<cEWzn|1s{S<mn;;9%ikS{
zVO;nv*L1QE$rR}DcOQ6theb)nVmTko?zAgrYkTTueF==Q$n25KQ?H$ws;^T(ANyg8
zND-vj=wM9YuNs^g6SRZFQ8V%8$s+^=q7$8<_JhZf0-CMrBYmL^LgdkbE4~IK-(o!L
zy~FOjVhYd(C}_G=-8|BYQsUuy#dA*X#)){BfE%0V7u?zP^}1`b`ed!Nb<_pWzb5nO
z6X97LTjd<iMH=z0w?Dl6wIMQ_)uJ(~^G%tki_7)OtlsAL+jG;Y0yN^s!AK%FIGVRg
zB>MXLyGKhT*CE93@w7KqLx5i1X5(n+UbwTZD{|;vFTM*eMR33qD(DUI_oM)BXovvI
z(CN}$mnH=l9stO{ZS}Ty;0>e^-JmCrrwu&BHYjFF3{)IFi7$-%PB#gN+OwaeCXeDM
zXLjn#8))g0nP|X9<os5{WfthA5Y~SD4$-9N8^qY%sY*$}>1O<#@_|K}igq}h??1{f
zl+A={9zw_v+%U#PMn0<KwS;^;>12!|H17~FKUMn$#6%L8b@yXp=aJzAJs&SI)H84S
z21`PF9EN}SZxA3Oo@O~Cwyy#C3A6O0vN0DuSk|NBG}SC4IokgIH0eM$wcVM1E>T#P
z;*d!@M5GKA&Vd+;I3=RTW6udy4NRTuc=0%D$>Y{%uoyj-?br_P8hAz@Dxr^FUX?Gf
zWVnE*`ZADWv;vJ>9?D~r$bRdmo4l#bTXO5lWL9+1Q(KlO3&5c^_!VD*(FP29aKBR{
z{$^a9X5yTtDSesX-r%6uqMZ@?Ehb{ln^KMP?;SwOuR>OgbO?oUQb(6iNdCh9l44`5
z4=5556;+~G<%Whv*2KzJ5$x&HrRV+73~?-cbyaC=!oYPQ+fLW%I-}7~6Dl>H0jKK|
zq|C`n9-v1RgVBSubQFrd?%Mc@=XM-3dP3G<Hvlv8_<YaETeMf6^~Vg8Q@8VT3uIS3
z9;Yrpd#D<$b)C8-HnpAH)}0Q7RMs)zvNN7?@wr^L3I-`%nDvGhjOZ=dA+69nUawHQ
z!?V8FpWmtoU;Y0B14q2PuETqK_Z>%V$nJl=3?i=J1iU{<J#U^N;n1^^+3e@1V4dG(
z1{;&v>Wy2aRNoUdl3%4u5J;f*&i?v^Bp|r#M?2=dHBI3kskJ5mB(hJJYNy>@dxljQ
zGSp!=Iqai1Hn!yb{22(xaj1I-<YAgT+>jvThID^NLP9#QvdvMGo?aswYoaPwu-_ao
zthw42hkS!Nx^S0-R~4o|<E=(p0^|+^zSlVH<WQe3QedT(p=mUqq5ja19z$4VHWdi8
z`uR}=i%upd(4E5Lsio>24Oc!IFIVWbrC%PGRAsKkOoZJ<pY?O@@&1~O{qDm|;x{Vd
zGk->C*WQPrnH8D--VA~KZEW?v;O$!)*$kg2qPzW4ag`Gjau=D9RRkDTFRw;R-c17v
z^=|R#k97T1N;RRl^Kn`ImVln5K?c0X8g1=occVVOiQQe`kZ;CG(maIp+P^F{I1I4=
z^2cjvp_Rqb1mb`BO2zXEAWxYXy~4?P_bI?qnPs|=L6J?5zJ0pijrOIY3heHx+#WWY
z+UW%>{4cUUh=KxoI=TW*Y}CpL$}iV};F?@Qg`r}Kwsb;t9s){hd>0M-O=We@J)_C$
ztH>5HlYcG#JvX4%oYDFSg=K;~@;S@txjW{nPd4+GyGMB+d4;6=<Z%maGtu?ArMW6a
z)BMvvutW_JsJo*g&3yYm&lIN@Z<AB4yRMU7aLZq>ENd9A5VKKdg}{{<8ZVgh>&PjY
z3#OW6Oq8J~nz`c2c&RF6z=1~5kBenVAVEoo+942@VoLKt#U%hmQ!$>^aA1aT+KJF&
zt|Fo3W({r$#}2U4^6=D$kie2*0Lx@woZuizhZ4O?IiA(|43%6y2cGNe32!}AGQDA7
zf%p@n<$N^I@UYz~?lH!EJB<57_mPiN;g|IqLOr1L@8Ym_<>d9&AbGQ3Q0!!-vGkO5
z{(UC`^o|k=5&ysVmi!ptYm=u3=RHm)Pq_if`7fyc&92vFM1y$I=H}<+vmfk%G%nRP
z)3Q3$_wVz4(m#ywqPqa;UP}27-M(2cT-TlMKiKp%IJ~?#taxuBH!}5z;L{R>-yKPg
zza{kn#bUrhI73md>NvXt-WZ~p)sLNX?lx>h)c2-6VT?B6?Q&@p>Jn9q4SUiv=>X0p
zWf_RH%70EQ8<BH9uZw<zGPF<EdNj5!Suk?#g&f=+GS3+>HA{yVwsjwdvL)!CtCs-*
zhcvwB`PQ-d!K_zGOvChtD!aoTVKD$;YOI#@$llw&fR$BRKu@s46OsSVki!Y$i{Hj+
z5#uVHtc~_B3Y8P#t&AmwvH*-Y(<%4L>b={sKo{;){Ey!>+0|<k^Ok5-3w!0)0oX_6
z4+N|7Q4THF#msFpfE?|GDpT=hmrFVM)-b9*`1kaLWAr<7l^E5Q3rgKIYE=Oqccy;q
zEa-6apCsIV`7$3+-&ra;uJ?pkxZ7%E)ClOz0@bchh$FnuPmM9%w))7`L~CqFA|D!Y
zq9yR$PQZY2ONC8ftkJOq<;QvC-F&|Oo2U;~p=&lri)=Mt=A<zq5}j72<AGEdq0*MS
z0&-^SWzM_JI5uL%$wK9@y~%uWApP!Rc`R9n0tBKBBbd{o*FZ8GoMI7nflM;HN3_*)
zKzSe}pa@I=*U)c85J@{W`(~BK-bj9%T2oP1yo0;g&85+<hLb%bJe>UE3Hr6d+3C70
zqvOwBVpS&H43*nT!#NuIGulIDdwGkW11bt8;{hRXw)~H}v%E3;eG#87ZjI9bE8%vh
za-^4xW!QK)IY&0ESUyR4^UY%%H|X9cS2Z25SBc0K^6-I-J1;5|<C#X+XAf{m%x5-W
z5UfI2=Rf{O)<gh*h7t$f{Usc5vzYRa`Ec#Kl)`m~@W-eOX9r*FQ0)TgnNV1_G?5h?
z%uktrd31qy-Ow)to%Qko&PYl^=P%JPC`1AQ6viqN7d!P=1?`{X`_KcR5I!QMbGhAw
za~ln^a5x^6)j<u!(Uh)rA2)9e(*Qx}&lXD}8kj4_aqV2LErI}Sub!R0*nQ6I@P(tG
z@N&O<NE^^!jIB>HE{@zzbq!s1p9%LoUF&A_rXn|Oj}?&~G(M(dTEy=DHNx|pB^uRI
zF>k1@UjhJ%kPnv;<TOY0t@l>sAV?tyL=kcDk~%P=4wIp&0u>!5gh+J2VTI<tWq_&~
zhNQd~`x=n9dLX#73jQv3#-EsSQiDyrM5Eqr0%*V|qvU8y`TZ8?7g*2%DC)GZBwj$d
z=-A)Pn6^PbqA<yodc1a74`HE-J)U`XfAjWjb`p#Axa;HF*jNDF=J<pI5OT8gxUoPZ
z^S8dAx&>SYvPapQ875<TVlX7zBvRP9d3pMFiKG&V4@{fGDeCo@Pd06?#JloyF_pm#
z^k*<Y`3y=FqboJ`M~P@h0UwnzosWjyE<h2KLZc&&OTN47lrPVdick>x83I3CyW*Yo
zG80~!#9r$4+}02oZCQX=EC!7cx5uv@PM(q%*I^qHU_pL?5S;uQ<a!Zx(U(w6Ngd6B
zXfhr8-!r@yWpt4hgG?^E!f+%u1L|n8g&#O0CC5`L9b2O_pcd=Gt?20VKFXf9m&Nb&
z*n>)Vh{LBd1Wc#Vfc8|$H;_EMrFmU`DI88>(|5Fh1nbk;c65OhK*iGm<~m4dDsX7z
z3Ni@$f@I6t;utYQbyW6aKa@r$q<JLq+!@t0sWls-fkZ4Val1N-?MWMZRDWMen0Pk(
z9B!d=6!i{){^tp4hJQ+v@&e?;a5!=_bdKjLlK=^}&>|}N-1ZAX!}j&S2oDV!g{n}<
zW!rMf#i&GbJdwCk0ip$>U<v@^Y|B}S?7q>C(SP`(iOUEjqLYtXdA#@v6n@;?sBi2i
z@uSrcN?<d)LBx>B$KrB|q(8gX);1i|TJ3hn%}1%w#L}iwL6vGX%SlTCZM1*GEhxGy
zx3DMcJH}?K^{7%}$se4~XEGPnCU+;D*CA0R2PA3bHq_z33Pt##5a>lKw>xAzx`tC4
z<tB`V6rzIAsj^mA2li5Bk1&Mb@q{p_lWS*jly_UZhiwf^cH}2ZTR+3QoV0-@vf4IP
z7X?7Sz%&IEkq}zh7I^?VS=a>DzB;w>`o}Z$a+d#d9Z9`J76JjtHjMuG@?ZYBY^cE`
z<5emY$N*=$sI0yo>Ne1E1uziOb6@fuegeV@{Gj7Q%0dv1n<3D?9@x=^=b79-ZS!V4
zfx$S>>DVcfDX2&9v#SqCP5p|QAQnyAtvqGGs+elM0dUt!WeQ_0egsU>ybvOy#j1)P
zcj-OOdhDu(10>==4pG}u%?bn2;&_kX&`_iD9<#(wY6c|UHq{r>k=vs?PGMWvOu5~4
z(KXm|%^Tb}pJQaTWe_PWe&eFlaEqTU$WVIKArRuTiv$Fw5Nv2QG3H|cUj+aO@?FDN
zsx0<QMB``o50@>LN^8WP4{Nn|YqjHc47<#hcfxu}f29d{T<wxj_VHxo<|@U<ch1BS
zS279Qes&3hj9#BpJlUPdy|~-V`WG9MTOBVqGwv4BNQ_rM@#vvE0Z2-s(dpSZ65wAJ
z<iapyr4kjX)~5lU(ctfyJ|Mu>&H437C_fPa$ZN_Li!u5pp;WQqF`wrwcKn3!o;{h$
z8hZQ_x{Op3bIdzjPMt-rZmG)n`mkG1!=4pZ`{|;&$;3j1{K$%odfQH@yYrE$9#xxv
zBAuehBKfp*fMQ}aJ!1hp(!`3-{ZS-4>tlFCbLhzbi4eTVI}QwQ{LZ^dAMU>hOod=I
zD&mpVo>ac3DBGZMJ!4iS+6Nlp*T5X6nvG0&1H5ucvOjOU2|V=nksyAv0En+2%@@S;
zK&x3haK4oURqJ;(oX1q2Uj4P03TYmP$79imAp;$cl~!W2QYqJ#$dpWCvWH+gIC4;u
zVxRKe2b34qShiYfklh^kc<{X<uR<xmd+-!!vztw)5C2_y{cEx}kmXbdq{a6Tp(AzE
zuX+1GusdxL0uH6&^7o`+o?ggAfgIaFVlb-1Mmj7M5<wt^36;T6Y)T+HO*VCQDiF3a
z75#Fr#0fg-!+H$_vs9s>2MbpcY3bmC{75|LKz3UfQ*dg?#DRiM-0t^eaR;yu)?Z%-
z^}oZO9oe*#1J38XFQ(pt3i`@pYQFhs#9~~DhQe$Z*CU?K&7YeeV*#hXp+lKbaU!J#
zBaEcc@B@h1>PEa`uU*CKy(>ekQjvyKgg=5T5P!-CVg!?QwkSkyZhak%u#|4W!NHS*
z10aAO<Ys#Hd&sXR?Mi%!f-ok=vs+E$K%u)!&(Hf4VH>G3FEh$^S~VM^<LTvdBotDM
z?UeK7VjdnI6z+h(orvrXnyk;}DNghJHec(hDjoQ{v%}8O5{C=+i<g*}_fvSK8PfoE
zxOAgJZ&UT2oD#_OB7C@1!zj|xex~(e)z5Hn;dkGN<>~X0B$l}8BCTxgb%;Oq{y$d#
zVhjKhj@a#YSpJ6Pd_cpRuNx?gi6nd|jJL;y4y8VYr)CJej|T8tZ&(`d=OWG)_ig6p
zv$H7Z(kqGYFU)ZRyQoBDCB7)*aBx$=CAs5VG?j0>8dZf#oa2{N$z~!E`3dmW_m!(v
zn~6>0my`=a5a{-Wf3(5L5m^n(gsm%}rNe@IBOX&IKwwagdbHFi-W!ISaet7w%&PFN
zSQi+FCB?wQQ)P_-G8y=PXfA8lI&uFD!~qjsK8tq<h#s8wr~~Po?p$d=seI$L$#@pc
zE-l<su=gh)5Ez)VY2T=BG>f&?dI3s`^<0H-&hv?T##hkJ?>glHy+ri--*w8yhjKjZ
za`87}{>u3;#mEht4CW{4-%xSfCBrJeM5aDsuq+>!FIW#P)n-45E^ZFS?M9XBlQLiB
zR8tyodmwqg!=aBK)T&T}f(6dwW%2Y2uOHFPI_XQVLfsi6j#9Zz={&EGtYy6Y-YO;r
zOm=o~r@I<mr=Y_TApbw~(MSg9L(Tnp2lo$s{`KgrheIsI*t23qlY;4H@TX@)RuP2*
zm5}d?e^)|^2zVlU+#0?E5>BO4u%5|Ark&MlJ+uT5S6b7ii|FdgDv8mn(0OcDd66mD
zk%=YZ+t7ob<hHjwfhhXtHF_C{V6`%(+*oR1pajW&dpNt^-jj|x@!%ZL%*@c1v^{{^
zMxR=#D83?+bPeWwwDG!;^SD^CN(B{g+$TDtYk2b(yiipZikO-c4vkExh0T6<dI))T
z&0J$qvccwvvA^CKrsS@wV%!MVdiQR1IfXD*x0&uG^Tq*4Ik;oeT?29=OfQ6i@u!M~
zN}8(tlLT>8>SDm~(@AQ{P=ZnOxdJA2@Zs#<pt1wZq&{t0PwEs_TfVRvsYqnv<vQD_
zWzW*mfq5YNdGE@_$>C{eM&4wmBt;EvFCNH>HJi8+bR^UCuP`0~#N}|FY4f}D;XIGz
z+7Qh=Fg8yh9`I<$p(9sc0BtizwfARsul0c%Y>Vk4Hix}MRZSru|A{~}PZQC8Zor$M
zP~U=1QI7l$k6U8B*WE~&Yj^JX4I0H6*H1V?>iF*B8e2r$?7H5k!x`<}#rnz~QPA-D
zHccDB#4ih7y08kHM)!NiJCD6u(Ah`u7vlSP0Ucj5g~NXQf2_TASXNv2F1$q)1f@eo
zK)M_0l9WyfX#q)*ZbYP8>F(}UTIoi*Q@Xq3%*7VB`#rz+`@ZX(@4EQo;X$8gt-0nH
zbBuf3_ZY96{HO}oh6^%AOWtH#p8vxSfX;GTGC=>Y>UsJ*ik}h(r{hw04G7addiXTK
z)dN<hd5Vob3Xu0}QmSNQs8`y#raSY7&5hpCe+8$60gmJ<2A$?iuW}HSrv>ri#kF=7
zzrmHUgM>--4cO#XLyaGY<`NuMDNdJDdb9JuMxbErV(nB@Dl;AqoU;2ViN@LjLjFWB
zwSc*;Tw(4fuP9LGY|MVRbz7nPneosM0NDBak)Clqn~3dtj^m%l05S0~(9n{p%bibG
z$b7#jDhAF?Roqq;3oeYDWa*CFN#SV0M=>M5rG!QLI7ohigLm$#lZN>5()WrBh%8kI
z19vtoVPtXlE>;qukZ<AHWED^+J*?6Wl9se?qotaw<@Z1=!RZkZyKmSrmS}%_?jxul
zAyA%9oLD;1Ireh-iEC!)UkPc^(rF)`o%IVWx`e57CU8533(dBbC{i6c10|N#Vy9um
zn}BWrpxWJag%X4aP3NY%7^bWUWuC{+`qDp*F$o9C{z(zCyA9}}HQM0}!oMP|Z3!r$
zw$+fNAw>c)XT?|9Dkk{-e=4u?mELH262E089-f}<6jh6U=?fiKTH=h35Ugk7v2D08
zrqtK?QG07@D-*87;;rNd0~(EX?}z!IVr?O&bUeGgi`ikg70(^Y>+(L>s}>+dZ#wu#
zU!H<`_;N<Vo6Nn`RfR{#(sK2J_T-m)JtZSBuN332?8Zu0@GEU-q5%Q`)Fra7FxxoN
zLt~idB#_3Qngmo>F469f85d-&FZCp3)Lp)k2Dwgpv0lfnnnDtX^_rZGjXu>-8qaIL
zm(awt>}FKhC&J&<-F=X7=qW+bs+EZv*6bTE{O{bt5@t>>5yWT;`>wa)mi>Hwc9j5n
zF?5RE{7i%cKWEBmz0CH@&)IQ<1&ynM{pj{FG%4|KzGR#@PMIUM>q@^%stNV}-=qiI
z9*Uox!6bfYHIo&VF%E}L{rN1Qsv(jh9GEPZCa&5=XS#JQ@VJ%#V^0|!@s(f1N08Xf
z>>y__>a{N)D06&<qfZ%OYy_E$f`y#5(Lx9ssaQO)h7>>QGRE2UIkTbMgt87@T={m%
z$L6GPKcA00-YYfaC8v^W*6Zw1%6lcGSrQ`#@PfP06+a(5SaSyqPLY|JQ)5i-Utp<g
zDe3m2YRz(#e!Ohgd)@=ivGR@S(oLAL+c%N<b$p(I`hmXJ&_I^qx3dqq2Ld{^Z-8-m
z$MU7XqmKgo`0QUqhqKkur3_d*^9MQio7Lg3MG-qMQ$a}aW30?Lu5Tk<GDfZ=Ja4)6
zbHjS_iB8oxN|M@_{K?S4=X=)gL059LH4ordn6e50(H@K*(ZVF#jBDyDf&F=WvbWR=
zATNdLLy?J<gXLZUA9zRRt(#r|uovg&Wd_#Oprh4WZ7R>{_j>`N)#h={Zy)IwlSp)i
z)8Ke`ctDZg{MuTMFNgv`Kcj9rXO?`btUWLfWo<K8zFsniv+N0V(ctP(;7~Ic5K4rR
z(9?gKd}f;naH&;^(&E>>yHKjH`JN$;mj+h^#SHe=#@QgMbrRAM!C!!ul@DluL(~ok
zzcL*|A+7t4%;a*Z<m#1HpFQv6g(`L><Nn@z(2E!7Fk^dU>xdcmOqqXI(r5S}3q?uy
z$Of!sK-g3OAT1w12K)#i3YuKlT_lMZIK-bVK`B7rHL@y~Y-N6>njwV?u|EJ_>-V>O
z!Aj9!Ad}$^>@k(?caSar<k{-aBj(7F%u;HOBoMfZ*5O}fG?)$+d316DkX5pr&mtst
zGs0D0nbG6z0b`Xo)y$M3fa+z7gtW986<>G&kRpnw_Tm4Lbo{~?227#RkwzSS@xBDq
zvN`f%L>zx-e$a~<1?b)|=_von{0O1l2_KQ;+0+=rimAQfISTnCGIU7QRWq_l0;%}r
zJ?(#~2%y@u{OVDo7_j`$)Y@}zZ9*>EJLnt<5&ZAL_CZ03Vc-PGV`!&8n3+NAK#jZM
z5B_W6p|vN18M9ObYmaKi{F~SL3vNtn^3`Gh%r8I0+n=A#+=Fd=?2(X=FexDV;zc45
z#*M|{KLYtpE;<koShK{(LYzFC@83g|*qiU(Kvy^U?yuX|k^+aICE?fKrByTRYd@TR
zEfA}qx?kpY&FHlwf&8__*gZhbtafv=&3Eztw?q2vnW~`(d5UB2;Z216l^0q`POobk
z)&!>K*xxBwbujpM8tfY=q&)F9;Il0+bO!$QOnzVKOdddG_J^WczWz$yzFk08KEZw;
z2_aeJT(j|`eRk3{Z6|g-)p#)f9$6{Qo8eVlhnwZw6y-a6Z{0JMGE6}N48rvZTdLKa
zq$f8{<3A|NA2@-Yr{uNf2(CV|^Ub<!k%H*Ka!C`ggzB+7Uy8t^W8VEIz<BWhqV{^m
zpM`sX2W&etQ)~Q?`}bD*k0%Xe#_;GNJ@-j|FPWMfSc>jAxUUwTAcM%KANZTGI}--o
zce|k%)ly48l6La{$)W=eFSu@{hem&2&9)eLx(*Aa0+GjdV+0cW-3LLke?Q<q4`=8#
zkX-=Zs;ZCon?-sA1yGhtGSsARX0B%1*=<dif`vDJJ+c`g=vtH8SRPXXeE#8#Rw=pJ
zjl=oRr#iC({o7-T=D%*9r_S~B%<^awRF<&XL=gD(sT!hSa~8zfC`&kTfqmkzblQ^n
z>%ZKbgTK}g&|blg$YTmJ|8+NjFAFZe!V=!k2MQ}Zl5GCAvjR}AOIDKNboU9$z^xbD
zQoDNi2f^~sMX;lScD(f>gXu2|HFLSP45Vv8(f@841pgNosSN}m-RjzzzvN?7(9MK_
zM?Uw{(2Ks8bC_57HwXN;Rb0QA5(6vrF3#TnrYb#=aJ`iTP)WtS;Wb~(Us3B_)9NQk
z)pKkl*^(yds}#3>;N0AjG|bphj^iO-jTFT#0P@X$BS@oyU--Q-|Kr63;L<?M`b{>+
zWu{-&W5;@J-B-Uz@7~IS7$b-vuAcj6Yd}(&1>8Lo9x?D0g5SP7>HSAA^Uv1+Z6vt$
zwi3UhUqXTp`q$5KFXxxO=qXqzP_(((IGhlE^MCo#h}v^qF}{U14eM$Xzn%afl|d#s
z#n7{u0$es9?2}HVyVnTuf9$*KU%8_GUY2;Sj)yom%R+j+ECtf;KI`oj$68=t)0+OW
zYmnbU(v1JlpAN1ho~!Dgk7l|4=sH4)&Tm&9ULq)A&`vLv<-Gaod(g(!P44o%_dNa<
zJX<8qeKigbzIZPCOsPqIAU8_@Y~_gL<UsZ`T!sH)qvc>-4g660ep{Ow<kh?59?5IZ
z$^38k0_-SKe@_<3OrF9ZEmAd@;r?RoWB-rLef3uc*lHDwVU#M-2pHsi_mI(+=bHQg
zb%S2Cu1f&uQ30m~WzXQk;p)=a>SUMXVr(j8YU?oR@iU{$^_`tB23jL<R%eHA9sP*#
zukV=;;hyf#9+!mJiu-AQv-{<g(S83VMftD<im<(wi)chQS>Zb($erm=2u3PfJp6y#
zRS)w)r}%45KlTl$|CZlr>C@MBw{F)D0O~c>Na~prO`Bez2O^wYOJITQi!e%`Q!7wq
zx~MU~EhOj;ac}qc%QrMq%ioT#3@?&ROJ4+*7d17^d;a3%t~8NKJ(Pw+#`{sAellMs
z6$dI5@Q^NWUR1NvLaCP(GTI;abX!Axc6mWJmf^gD7H)^*4@gLx1^)?C{ntYnP<cRT
z%ii!h+0rn@CWut#4^3pw&uVMVc*Q(5Q9o?D;%GPsiGiXFwU?2~Uk%LLKNIN(dv8tD
z3N3ZVN`#UDy+UXKA3^(1Y(A9|J+g{g$0e4grm0lWO1<dY>homADXd!{0BHuIfOb|a
zQZZ2EeV^)bIhCnzW38PWBu)C5-6FKDCf*wrj0fZ6;o&)DV<~1cUzBFrHwJxSvH-bI
zsk7}t-m9{77HT_?voHb8vU{`hrJ+U6i!bK_UIB?9#R}ebtQwA48A4{hR+${4wf<W|
zP#W=c_s^YR#{sN^+u4(W=a&!MR=alVrq+HwsE9tk$evBt&MRK*DRC<0gC}gQo3k{k
zhnzIZGY*O$*75#ggrMRN4`A{sC8$->VL+covbHHd`km$33sQT*PYQs+iHKGb)o6^3
zJhG}Z@Y#)2v9FZ*9S0=BdJCYM)h-Vo$D{QmQQ@IoHTB4mavD`06a7M`hq$-`h(uUF
zhVoR&0iArHRE5cCk6*PN6cErTTo}w@aCw|wxS~*fJ{esoG0#*zdX%mDCEr&pi(VFC
zY5O3}Wa7Qm{<EK}>X%RI1tSs&txy2I?akNyV^yKlS!A~@TD@ti)=Uw%1e;b2h4is&
zJ;g77aedk=L2foD1K;f?YWZ><@MK5>0bx<3hmRYmivb6=nFTBC|4<Z^QE!r`Jfsr2
zG_n2DwaKuTaZP^MeZeH>$jG-~O;F&GkkZje#In^oBCfQFSc9K`1FBE}Tq>FJmeYol
zpb}5VRsi@~1Jh+s_<kJ6`vGF<BDAzNx~B=gezi7H`6ckny(uE0<2?y?L_A)eZ>a8A
z`8WB*YRL`7(1Mh?lZ8!L<6yDA5m2jTN4&P=)zo4sXIASQ!31;S6RB`|y>{KPi)mWx
z{0sYo!Qo7yj__5BmA+|1Q8cV#&f1|Uz;4OkO&5;LEZZ;z@!aIw<{z3UK$DgRcRy|Y
z&TUNh997odg)~HpLV4s}#C)Kxv!#3BkM~aw4we@<MPd4X0-YH}5ZPF5THS%WlXVv$
z)=LB+_`qg0I#Ph?&$xOqI+C{p`YfzW)i{bGm57B=4uI00&8_Iqi(O|PPnpHhu+gHv
zB|dk{0tt|B(_YV)yXYuph|o?eg_X{Y3(G=jOx}?o9zshA#7p)PHjQ!yB-+GJM%l}Q
zRM;!^qy40V^K{CQ2zRjL&0ibJu5J%O>E9xx%J~bl;yT&Yqud_(sKuuGDIA-Vcmxgf
zmE5^|vapi^a)-WH_7b#bayJTt>Hn@USZsa%KPe1GX?DR!psVl=p5o)+h+LdqXeJ+a
zL=^A=dfv+&FeNf&E8~3(c@WlTz@)u6eURyJkWoe{5r|Ezre!>_Coz|+jzROvKN~QR
z!>Cn!VQ$}EVR3mA$L{PIh#!;;a=+rH7Fa)_DnL~}*<DCkW6keR_CSP~KNyYtU9X#b
zsUi*`_+>icQaFNELqg#axX>&u*N+ZPS#oKk4sU54j<-R-l`ql&^X!i2%%GMt8g6b$
zOw=+OxlT!QPTD`YlJoGy=Lt7wvQIZy8d0?_Ig@S5qg*|#eS{;9!+I_h!*ZdM^AI`~
zt3yA)qnB)Vkn3a9C4RlKAx99>*t(;g9FY(A4@D4!2j3WhzoD^wPJLr-AJ+bkOjD~Y
z6zc`QTG-IO9oWQx;htJ=qFpcU%S~{Z^9sJ}$0=n<?jr{1r#W%}?3N%L4oL-M(*B$R
z8(nikUePilwK_ZjFo6xUv|HL07&hP(d+J99!66}U`W>6+XzLq6?<aEE<R@F8I3W8O
zj)GvewoP!MGb~0dEH85|@X18Xi(Fl5H7-j=-~5)Z5#ldHzNhcPfJz}Ba8jR`wWo`8
zTF3!WRV>zSzE$@0yrd}m1C4gF;^kPGfu3P+HKuvc`F|4-WISPa8nrNb!@be-%sA6L
zgtR@m49ied`FJpuA{4;Mm92!|k_6z4RU`wGq+iM(r7<{dVL{Z*=p7+3cb{ggM*(ZW
zmZ*1-@L3wUIC`x;5HK^3s+^--@&ygiio7O`UG@$z{N@@Nba)|DGZ>x;u+YENH@@;&
z^$w~N>UTMgKir(u31+bv5D|knM2l){LdEiWe>qC#V_`LOwglSGklG{HfWl!kyQOe)
zaWg9DSCJZ6P?IhK212><JlS?_GGB{=R0K0+un4vLkA<#k!Z$T5a+yBR%Zj+7|2jMV
z&g^7>(Kqt{&hpHZt`C$&fRY3~Fwq6!_W|XVTeKN}m9`D!Lhr-unw9Bh$(h70z(}6G
zH>&hT522F4Kmz!0D$84q#9Wn<@c<H9+VDI^Bv-ax)7SBzLCW6~De?}-<M3j&{U?^6
zie5XM?2yT*vVY{a<i^`#u?AC1)YR{LW{pvHCbW8!zM8Qh0eV|WhLnuNKITu|0uC>b
zmrerK)TnWNy*!z8Ur{Ex(O4-3;&;3sg-HU-y9?qhG^9og@<bA$@jlBN#7EEF!9>*4
z>~3FWM&C1q3@LSzG4vc)K=eydHSv)~1Px<z(UD3BB?flKIMM|pkIxa`f^L${q%Y6T
z&SabYA8nwKh66^xY2A@4&my340E}3r7P~8(8qRlF?xQz4ne=I2DsIIOcOMH{CsVaL
z(H3bz*>s7hEPfB)P;N&S(PT@Ljcw2cT2k<RU%s-@06$=!Sea*bX4rdkIeA|m)!|Dd
zr(FqnBFX;@gGGJed(a_bVqIjWh1wp&%GbktQ1#9b#E7S5Cq4`=q9Hxj6)jl36flq#
zjtGFH$&s7@`Nkxn1DzEWB>j~QwS}x*h|RyFVyzh9;maSTk$Rajn7e+T!EyJ=O7baQ
z;r}+wN>+0r^^Q_G)2z}5U7k=v0*TsQ=6tt<F61lu1fUr>A5F5hQ3O_-LI?|M0w3K*
zZO%JBpQcx+ByaRP4AG>7ag#=3hUJ-6?ayH{?Xrrq*Jp1#F7v2r?EmSu|GP$Dj>8Tx
zUBuu=HxBRyGG&QK#Bdm#9{Qbi%Vu<|XR4Iw5B^2!kKclogS_e{`c6A}3N<A}G^9>(
zh-{-MawH2qXhWr8MDdp@V0eCOOIlmoEmLN;-nS*uRePOrTtW9OwFH;LKDlK4c^K^k
zhPdx-I3&f*sI)#&P3NdqqvWZF3HNbXK7u|W;zwI#KgMgOn5BvxrfM&!22M|wUY>%w
zq#?qWcTc8PPgwjU*RnHTQYn$HjB$MO@Grh(W=Q)Qa=F{#(>yr)1UgiMAtr6G-KXD8
z3ZUrI1A+?bMO!}IWPAcp#y8>P{x4Ln1U~f(TkmMS;A}Wx^sDbb$cS9)9VmF0pqmux
z)%D=yyW@&nS{6O8S)l$JFYu{plT}wKfcizO5)t}#;%kvb9hn~b2!D52hmyfyc9_-7
zH&;PD(6mt+%n%Cp)dXaI-ho=N9xnMHp)kx*Mk%avISf&N^eGPc5{GcLLQPs!$FjbK
zo9<?x_mNQ;<Hf3c84BMQq9zB0&WN*^u*R}!05%&;R+d4mN4@@_MQ1cbiG$U_3=jp#
zCh>bLle#nu3ge{%!Q~HttnXVak^xb(tYWlSIQ8?(%Uc-e=v}60$bBGDx(5KeS6^-5
zV1N*He`hBtk#bN{X6jFJ|C`|N^&Umvc0lo)I6uCI9jX#Kn-!iH@S&4}A=;k8fe!)m
z<hou~GFaQsY&7r9j7r*mwCi|rmW>2dg@1DVeT@gc-m_jitmMFsXa?nr0l1%=_0YIQ
z`3j2#Wp~^T!bao~{&j9=6N|o7QKr?tvK-$Ss8!XHBmPe<z~w(LksjoZGe6D2<t&O>
zz@nt&a=MkLRy4sjI?qK?-w0?vvgqZ-6x!d<Pn_r~>r<sFdOG9AwGJ3qSi<L-*t0$X
z=84fzrl^wg2Yaon%hY1R2hesw1BV?0Dw^QGFdOz;8|*nbTZoP)%-YAlaVIP&o4w_G
zI|UR+mQk;;Zz*+G;Cf@eOoMaX#~@4hpqGu5iqtBc?*potD%9ajS+}Y8XSgK6Omv~2
z%o4)sG@k>0M;Di<`f&D3KZnD0y`tQ&8lb~1S%AJVfAhyGpyS(V*rb2?9`t!$y;TN}
z6wt6S{^cdRdE8?x78#XO1}SV?2jk)VG|><Vnpw7z&2QiMPU~#1g0ek5AKMD?*125q
z2nh=Qn5dA>MHEdoPgv}X>N2H>q1egL*xvDh$0C!C-v^UL?$}`{VS6H@5xEm9o7uv@
zDs4I=@<2%QK#<y**+erir<047Bff=@M$^Zy>MLM=MEb(*F8ue|x+Pks&UI6+kX)w-
zuehkSBW~M}(atYRD2@*qrMGI1@SeS!`pA}>WdC|+31q1rBRjY%1BKeR_b34@97C+N
z=JH|gN5&n5h(rtu`A>d+e%oW=au)MI;Mkpz<b|3}N81R?Y8<E*${>%WLbJbn2LU@N
zK8_s-T#I?wlwGg^QJ44f7~Saj@~lr_I<hy#9j>2wpz6yC-s}G601S*$x#7=!JOoLx
zIvAwjIn%r<5B|v!O>f@ZIXb@*<w>hv{le9i$lBzDP_x#FS$Ekis_y4jo#AZ#NhOCb
z{mx2A#z2t{r}`t!ZEo2P#XP;*XJ>{ujUtiCUre2iPDk~NaSlx@-W(VKS!QCnYAl2h
z@&!Y?r%guZ>7OS#Cjo#2;vORO|EBC0J_YaG2^Q?)BiFZ+kQjInHW5b>!Pcwj;RCAd
zX`7RdpQ@^=m?d>}Q{ind@GHJnqIebRXd`88j9;Pgf8W_vv(M6~sWj=B(r4p#IDb+4
z03ErM+k^GHKjS{(5<bXh?;_(hW-uChI8gKLZ*PC9uLS)nLjb5xS*s)M%k};gwCLKV
z_3-jS-0~SsQxe+r7NC)eq>sPELT(Pz)twF@lO{NP-|ExyCMcNtYbOa8JH<Jh%l<Oo
z*q3(+j3i(<7Pl;8g10w30wN-jEh}p~C2SDFk{cXyAN?$<SPakcjDXR2IZe?Ki`2v+
zkPyh_wtbX3Y;ML2z~BU0(ljqiRZ^`r;BjmWJtFdeR$e}PAS*2*&oU!Wv?$b`d!vlS
zeUE##i)Fsg{%w(byuc@YMou>6=}X^2nVrZ;_7ePnlT(}%PBV}I^l@q@@BqGChCVkd
zZBpz~XOu|3X?~y1Tv(10HHSnLW7xLV+e+-QDqFg)I3{r=5mZthJCx^>Ro1;>J9ivo
zFU6daJVH?G8~q<K^%l+&QM`R6&3?BI7^0Fxd968-e;_`m*x6BCg@`=W>@{uYKJ@r*
z$@Kowx8}nKbtwMM@A7K9fr{m!H<b5?LP1B0=FLLgWp4IHpK?lxSRQB3{r3%TMrs_f
zC8L=|4@{NwUOihK%B#YdEc&YeWZzbR2{HJZNxw6d%YLtY4LI&TRzlr`V73YK2-;io
zMD^m9b7n3%ih!y6YUioG$#iX8x^x0*OIIvA6KFyzgZY;QJ0kLE$kQIz4%K_ooLsC@
zpz4Q;=M1yJUiWa&HiT4CXrvj-;tAH>T_>BZDVhTIP-{S+)nha69s%R<;JMlP!*~2n
zVn_Vuzf5<B&hgWN%ZlIT7?rYkLl*)Xw+-1#0tu??{);w^vG-RStkI;(6f4fNLcR^6
z#b4z`QAjC?%}T9d4oM|+<9Sw?<hmzLh+iSKJyCxs(^I-a{?4^tj_Vv$H7o57LouF>
zSE~ER<HOpM*3W1;XG9^QR}6h{6=-yR{+xnVwbbm^!5S|gOF5~D{8)p|98T>HDrv1D
z?m-j{0=j+qg3z)a(xW(@nu5W$tFtY=v1&u~jZvM-ppsYjq99lO2_BsF60qLO*QAbL
znDDnG=)9L%Y<zw5Mi%7Eb1P<{I+%{FGUGw~z?`5e25B)_?cs)`hH>CMWJVCDlokqe
z&JHd%AoGTv7!Tzp3Hf2Q?+FL+gln81&$Z4rFx$0iMHM(xsFqVdz~|w2V1L~s0wRLY
zrdLVvESiRAL#pq3y;0M*UDt(*1iTKjmF2R~ffmV7kWB>1aiT;YnM9QgMxwJ;#i<ph
zzF4pQNBDI44<MMz4{Rd?5?_qD_D75pR9?DB@OD2*UQ}ruTD8JRW3d{^11@YPNLm@e
zMX3-v9n$TdgTaIubaf`AJt}{pJY*9amxu>4I|WaBMTDmk3NL01)?nAcRN1*XF(I+Y
z`id*ZohOrZw!@TfkddX^l`=E;Jx}*n&@0UjiMg?7r#^cFY-9t*tnkuQ#@)lWMKJ$m
zfrhhD-vCDZk(b_de?(VwM>8-&eS>%$d~HI<NB(UkGf_+#D}^eN^Ye$1nYr9=$4d9Z
zQOF^tj#EX0wB2qu^(M}=lh4o5k|k#Cb7c;f%h*0x5y*4CumZUbDTkcZpFx|}5_piM
zmbYJ@{yKqY8o?XPL&w{Y{IZCXI?BO|Ue@j@TKv6f`z73!@5Td}pFzxZD`!Zi9@}zx
z7T7==hnVW&94pXu&04<+8Z4i7VhTUMxX^p#cc5IFfw}q?l*&Q2VA5-Iahi~txC46T
zy^g=2X<zD&5+Ajk|AhAh_|c4ToY5~F-eKriw4f7o09z@eSEA`)cG@d(PO`&GHq!~^
zG6{BjZ~|sp>W4&{Z;X|d%GkNjG23mUyxt0VLg)Y}cUJq$sA)c%Uv=B$*je<!yb=L7
zL>y8rzj{HWfP8mFedP2-pAO#$2k|#vV93I(?YkHyRBf5bEWV`IjPrYYOFhf=Q6YpA
zr|5nT-O&IKZQGsEy1><vj9gv_3v8B-6f`Al+y)c1G8MAqii-e^Ys4Hq)pnuEwjs;5
zU=z!&TD~lL-=g!*;zpJAmMFxUJ)4`V6FJH+e!DTYB}Skt*eI|%R94anB!i@72BTu}
zJ+Tbxo)O{Lb9(IqEAty0l1@F$W_-LPs@%J;crZ00*^7=XIu<33qE6cM6I?{CR|h@=
z>2Oc-#o1xBlFy*En!8Vl5V`)M6Uf*ev)V}Ho(?M(V`?YcNIAt*zBID$Iph7#q*}gS
zY<G58XRxzIHxW79a$Q6th8P{_ZiJ`5b7Anpj2KFXgP#@MQ0L8P!5fc_-@&5;0jiA`
ziNKa9jo3WNSaM6F4?5XBX-1*ck?jt;I`0sY(DK<?+bk8P5D{KuTrjcC^D(O_wO_ha
z93l4uBM*lhCAfYN5Yt5G1E(jKAw`3Ch@Yz6;Q1=FC;C~81%T!A=oyO66iH{dG=o7P
zO@U{kAEFIYQ{zkyIHX2wdWX9s#c34lOkaBQm8durPJgBhiO+**&H(6NitWIZ8OGcL
zC?Zm7%wz`~`aq!IAsFY2BxjguLV_PjrtfWGy}i&GqS?o3zK`!<NGfGzZJkozB$=Ek
zzSJYrcsoQ{^?Te{laM!>Ux;50RZ-#2T!sApv23cGf67yU%^Bi+a69<o_Dq{_7&L}v
zJ@K2aLB<yj&d`56I-;iB8U>)UwDS{0@1tqU)xL@llsmj()?pFC_^jzi(^q^N`9L~Z
zZemY#U*f*@98jU9VK0D4Q7$9!T`gOZzh<_A;p$XMM)gFQC0SR(Rh*oz`2Yg?QqNf+
zVDK5rlCeB8M<opeyo&0&dx&S!@KiK)57GMVz{#hu2&f^CR);3%4bK4Ko!NZOE)D+1
z;P0VcXZ915lMAsU<2)j4e1B@7{<`G|)ro6VQTA@2<Rz%_Zc(`x)UyV7Y_y~JC&_{u
z$>3DLrdECd`lCW^C*nAw>Zx0Xo`{Wq`h+sOQXn7N1re6`*<#w2^3|RLd0GFxgO6@*
zP&*r}4RnFX$Pwq^Topf_lX-LsZ`}eT*|cSMAK9)fKtE%)NTrY{0b^gyW(ikLC`h{j
z<vksAdTFJ29{Dg#@6$VDSQFXE){pgsO_E8`0<>`%j<dE_BaFJcDJJX|9o6U}?q)j+
zI0e4zpQ-BLr`H!Zp98Ork=)piaUz3Xu09+Uq5*O$MlKND-WDX0$W_eaC_~e<`9TUK
z;)l2#vVhO7TXwKE+<R)xn=N_F&0(RCh%sfp$f_BX1W19|3qAxA_m{`wK;}$!b}nnj
zH&v)zGsc@>&~bu@QFpmplCS32oA~`~KzYK}Y^*{Djz*bYTJ_1=-dDgoc)yP7*t~CO
z1<=e%wyx;1r-vMEhW*W&h9JAF+-<}lJzN=2@WrGeJxky+Bm@j}3D)p3KUX(T89<s}
z4%=qtw%s)0u-|phj~>!lEJ_ja7~T}EwAk>7*?!;Qm~YUV+~>D=Sa*r0SvZ=U_t6sa
z^WNcnP98pZczDd#V-gnTqBLi9PA6!fDKOz!k<6dI|1X$B&?H^Zu@G(X_uE<l07Mze
zB-YR{-{D#gJI1ay@>pjUGQa98Kr3(@-x5WYB4_O^=hf+?r-W%E5t}~&rnOVGwV0)0
zJ_fpuV6x<#h>e5%=`%}cvAy15c&i3FI}O_GE;vDTzzkcY@rNiVi4J))2NPe-1up9>
zm&!406|;6(7P?|0(Bz>R!nOcXvZ(|ttTN*xOl0F{MVX(Q0%E}_<qIFh@`CT=!pK-&
zC&+vK(N5FelGU?)M((fpwCRx_tDXDBWeL43-+Z6-C?T_!?@=lww@*I^wr6d~@4s-g
zwO(j%+SBie<tSx>wNH=x3#pxx-^E`na+y-F0i8@Tt<;cv@GfWxvW`lZXw3R3_@crN
z`HG}b7igQXH~QoP9zP@3<OvZ`KuX~Pojc0tctr1O11LKz)7dMqQBzB+Ai&XPE2%$2
z`kuKDVi<*LAUFdTBG*sM_m@9o98SAbvK!Dr9Wb5G4wTO3w%Y+QwO26-c=JA9xWgR#
zC#2EbQpWOw*@I0NelZxsV5*{ss-RM1g#6{DV^wqp<_DgyS07kRPs6&sPxLz@eGsrH
z1<y$Wz*%%p_E0>U{(Ua|iIec#4l*AK36r5}640ki{16`xPf8>RFA4aX%%5=__I><p
zqa=wj4!l--i;^6~T<<ii?VdAIfCdxWcIv*MZ?G;t4$HY9Z@zlUq5k{6#3U3?7M6Pg
z73<&K;8%yge2Hw(*~|W$fh4AyO<j@NlS%YB={2UsPp%!0Fyol_Lt&G=Un4Xo`W>ef
zDHXESgq)f;6V>{BF*{bi(8LTH$Nq@{eE3j<CKF#WwmR*x5k|H6n>eAx1rDbGz0P_;
zspmQ29Ylc1b6aCQfX~7gEh-H7B0$xD%H7N5aPH0Hyz!Z=+~(yNL@opTY&5+RFs!-X
zaqHQq1p$x0W_~0I*iZn?lL;H>_5M6x2Xrpj-|N9?Y}jt7w3d!xQFjmOOvtPUy7XrG
zqPZptM#kW1<`V_h_`}y@rG|`FBumdDGfCW_%qqv_g9SDo@*cwHq>8U1+9x28dz5?<
zrQ$vE`cjV~Eb8eC!xU~FC$j|Fc;37&i)>5yU5UlJaBJf{l;F(R9Le%Kt%@wjyNAwR
zXB|_J30SU9M$fo0wZk){;;8SqjUfO>Gk?heFWpNm<4;+{S|3KuctZ1L%Q21vP6jHY
ztoi~<s~9h}YIb-}6jPAeq}t$Gq!bdu>{REYeyc%n-TteC1qB^UbtAwMY0lpJ*xMu{
zpfl;UO91GVjIN**>!+FLvop(wTX=-)U(hzkjRZcoY0^Go;*jxvuqE=+LwR1M?$XhS
z-H!q8!IP(Bo>}(S!ueYse6>?<tqpWB7LR`JoOk-{6VDe9I)G|#lF?vJ2P2lx(Z;yA
zQ`SP(U}fv?eEd4Fa3loh3AYNO<((Tc=nueEk`*V~=|OFOloX5ZqC{dI)CPizg|TG%
zqIc7^a>T8BXR}^<_2_PGG?bcDS)aB8`xBoF*xR2Un;#HVmTv^7iIcODzc5VZq>RTr
zdEVZF&l;>Zm@|xmtaRGGr^R`1f$QCr6Y67nDu~PoWEokiDHb~o$Q^Ct<D9Y{J{Rs8
zsYZhm1n4PqYRYzhfjA`=MYf_f3*^wsup+8tS~>NCi_HXFCAvKn+)pizm88~J=n3a|
z)axD-_UNTA0+H+ke*-CkR;KT_;MQUUQAsaBj`SD|P|cT9nKl1ZLqO?MM_g#rWwan?
zo2yh%i!%Hy(P~9PL!#o7haOb-dPx=055hyMgA+my?Kz;i&e9LcFMi-CYuZ~J#+AUX
z!-30n9K<zTJAkd(o++OZ|CR1V#+#C-JEsT6r2rk-5ejfKdT&K`zPAJvKdEfJ!>n$P
zhvW@Q^!DDoq8Lg^eW%|=f{bjtz}Wor^5V?!FgFV8faiFdhyvzduY-`Am=bfuZ7;#a
zM1Bh{%xU3aNK4}`CMAf<;`9!d*E9B8;xlnv`rIuRJM{=;{Ii{B356PK*3KAVnH+5g
zNDq_SX0wJ1RP|?_<y3=uR35e^B{@4)`@C(*UF^IZs(yUUzTrcAAps(t&#s|NO0=U}
z_%7$qr|H!1xBo`^pcgYJAltBlXL^l#lYWF=ryuL^5El-lANL%#1}dl)P?1?0E~}(0
zmpaqEkcon|6fRIe<L7xZ8&_A?T~{W=P2qsY6!nwp1CnYx{;g4<Ax2ta;>%*SaTaQ7
ziG3ztTFqMOj?jqkxulDXgy`yXT&#FBuWF<ygP?lBCY(8lzG}bsrX6ii2cV|Q0y`)P
z@~=HXS{?w16JZ1tSLm~NpqUFngK*AmKlHZ`^}9h*Bo4P!F7Ykg!{?RhlcAHaWBpA6
zSyi~DA~Fyx`e3p(zV9JUeFJ7DPyl%wBkcAG;*!wAL$7-)wB2tniglBoj9R{sod-o_
z9|5#+`8kvkP&f;huXWfkDox6G`&ONr9vC?p=(*k}PC#8v!q2H$VIkx>64;@35+AX3
z#V;T**LU9<g4&;Iz*blH_0ChsH|p;X%q<NfK4x%I_UB)<d*CkoujT%9AFQs#-Q|bB
zg*Z=TL5dzp{xD_Totrcr<qD;peG(^#Otz2TRT9l$vYfl3s-m}##4lJVv{eQQ#P%L@
zJKPVWRgacl0giTmt)LEGno%SZw7CII2vxz{6BQLKR8#`439C@#H+r6Sz2$n^KNq`V
z+~E=%Ks!Ih+0hJ`n!Rq$P(mRDin|ZF><S+<_TqW?sC#&&gSLk4X$frR9|3$K1Rg}P
z)5)$Z@G_t#EGEa*iV5O_)(go<dRd2ySxYQeQ?yu><tRGM_t~JoR~WhMN528kpwSnG
zj7933hPw|-VDDx+9LVByXS8fpvC(hnp$+#GaunlUm6;N?%=W~EkOs0kN!$l}@sA%-
zAuv29l`z2k7mxuEY^b>8BdIW*u*$$-@IdzTO4fJoGEH+OhwU(oFjmGi64$XzIZhT9
zv_9k8+{6QU>C?HwW?^C_C8ftqi^dM;$EZM9!lEdk+Zp*8>SJW@@r^dSQG08#J5B(!
z>K}ONBdMyf7X8dvH`5@kh#LW2<$SpA>aP`R5f!h)V+nUVJ?U5;o?0JTu<gg5^s)PG
zSL)IfIZGw*<RM^yUgW~}?8~pCBR|WASbrjD6Vk9f{L=E{hW$4}<yx*;mhol!y{eQ;
z_qs~yyJ-zab%cLT-RlLwf(>2DJ+3Oe^H}%yNj<^_9mmf;fm<h!BzJ@Zzcd9*;f8(t
zk<=haUQGz5xCxI{TIUdS<f>P(fY#^<-SONs0#q$FpE{$M<oy<D+`SqtQl01(#w_gK
zU}0VEw6Ktf+s>B*F-`~`T1|EJ03%k1dX<f&yNd=tFc;aq6X2n<<>p(KsFd;(0U>-R
zi#AXFjHu|x?l;%l%&!~G0EFE6cj8FGzv}^LT)2Z4L}y^85BVKf*w(@iV9&_4RNHRF
zYn8sr&3TMTt^5gUMhEZ`#f~z|Ihm0sXyaTAj!12th7Fz%<lwXOLO5+r30U4r3;AN8
z!YJ96c?<A^j+?@sS-Bu%y^neF9d0XU0i1`bq#t<sMvJZeV{ibvRz9OOfhW-OYxigs
zz`_U#x~-2|!b_iA^?ti`v0?ov@`hdg_kt>uByzdbPkZFeJtw`XYJPZdjcfh{X;B3n
zf20Am>HcOW?D>VbXo0P0QSHvpmfj*AkvT2}5R?GMU3;jMJ57+kf2w?j6e=RRPKcAU
zv(SrW#!#Lbx+0l(SC<#N4`a#?6}_4wfinH+ViRE_VEUtaRZ96bYEX{434?YJE1<;)
z08Dy`aX2Z4yclBr{<{2YLG4gc5p*N=fn_7-1XGr7umKM~!1P<d?mcF*HZbrG4!CKP
z{Pzv9!Gi69Tko$7`|EbtAOd>8vnr{`NPT*M)6NNR1xh3WsnWo5N)ScH_P)L#!h?HB
z_``Xa$={rXt%7*2-Iy%klSXE;ZKN}S$SEBLu4=S6lKf_cKq27IA3j2;Q48wRWW<|`
zbk&6_0!1S#k*ySLz(O}K0dnDoQ*(nHTSBBl_H~n5z-*O(n63K%o!R;sVz#ypHI3Z>
znML3YgIs4nY%1Y`#=03T0*TINAa&9)PqF>={XowQpcAjSE+xR^^Z`uHt^0r~{_l&v
z`IQagnc$9AD&H_r*&v!|Kv@AWFuOby(nB|ZaZfD&%`pB87F0n1=TTdK?<L@+5dzjG
z=k4J?z15$u10}#^iIme0-G~SRC86uw0L0mgv*1FD1{1KgZkkMYKL>wXDl9pn1hEY2
zEx5fn*MGHZy;)i)bQ2*><kD}N_P`x&|L3wH;%q?K8jdz0KRb^2<KJtIj`|HhF}8Ii
zIt^U$$6H9zlCJW9e%PO{y&wppA?6|CP2lKt4MC*qX}?C;p(6(l=jbnY3l=O^hu;_l
zR4K3=8FdOnnUC`R;C9jt*lPdU9XAUNW==qM^*PV4?1rPPb8Tp6tJgF+=KsGx)!oPb
zuE4eV{-3QexG^GCY~vf{R0~AxD>~HECd|-!)cyz$Js>Rr@R6@+ZQn#8w4K<KMU@n|
zp{Fxi<qT%`{&kA|voB_TKw*}_-s|grI8fXLy}>+Go!!#-vSWdd!uKrVz25q#^1-U>
zv+S+0P2_`LOFBY!YvCxzxf`z}kPh(9B>?ZdmJ@#C_sRGlFV;VQ*p0<>!7dkB)9(It
z1v3-Z-*yRo8`V4?u*;5r>{1>D+AH;)Sbl)L?GF2dy8JHVe|+ZeU!Oz*OF%MFqrR>x
zgSVeRYMtiCU+s!sTYPv5s($*^hQGJBlpxsNWQ^r+vcNvk`r!6Peg@+YM&RGe_-ip|
zA&cK8ZHBp7UF~a&H$-hexpWp)uF(EJ-+&;&o!hDpG||ibebph*RgYmN#a^STNxytZ
z1~E8T*waRVZYN~&`*-#uUd7)T@gKnnSk!JvN}ylHHFWd$Luts$-@*q01;yj4h97_P
z%Rk6Nx)6#kAWkqY5r|xlJ;TqriGuz#LGW51GP;sicxyL*KZDG&h{e4HwCE0))c)m+
zzEMEy6#B-Cey3~{^!)C=2zvQHd$|uK(08lQ1X<rW;EQX^!@;6c^w;ol`JSWL>MDnE
zM0e3XLhv@nR){TWf_{8xo&HAeP$&)4zNK^)%l!sd69zoMR#yQhTa>Xs`N4nM{0Pyl
z1$L@ST9crmhS-~jSaJOjFF>XVOy|#=m_e42GPJRiaC!^mOmUW1I)l(w{iFa}T~m`~
z5%#66r6uBUYg`=kE0NAlVnF&&_o56f*GuYulHJ1F*FZV3y9MY2H-hW=%SvM*;S~5L
zcy!Ge-1^3mjVnNmmunBr(p><Qlpo+s*BPewG1lu|7a<Wl7GYlnC;f7BKp}YtdQKwX
zorN+8kgD5CCvc~g=ywyh9ap+)YNm>XMei>4NUMM(VjxT1>LrMlMT79T`xZ!AJZQ#)
z?5mv)f=%5$?rD$SaR76FEuI!vF@Q!aq=)La+C$lyY8+02>l@FuCPquFF3;JkRK=ah
zK&#Tf!ss+LSX_?jgHI1O^w77y9OuLRr<Jcmij~860=YM~6AMWVnqT4J{aqjUXD5T@
zk&gy<JPfu9!{S9xa`JZp&umNq0e*wyZPsBU*9Wmq$FfAAi%d{*Y+LMTi9y1)@*69J
zC)}Pux2|m+IsRqq2S|>V&(g#}Oa3#(HDa4Lpbu@9Xnzkhg~w?4_UVy0%lA|pe&La=
zJ<#S8G*asaB^<-Cfwr;PWUip@_Y=#2<7@>Kp|8p;?ttj>S^N9gif_{JT7VfED|YX*
zDL~__$Rnp+Z=aFWZEu^YtGw21Y`Gj`CobhadPZr+ywLhte#2(YedqO6tW1IV>nE;9
zerahFE9xsJeoD;xN9sTC^4~;$e;cTlKJav<Om5nhznw27I3r(Tc*cIy0m30q6KehS
z(wj&~KVMCjmUp*T0IIL%saKJ<bC6$$Tp~{a2GN+yZXp}ZY?vZ+ek@C@{-7o|2YuS6
zQYv-^Fh4^+e<xV%ngT5V9Io7u2Yl%?xH5QZ9D4zlFu<kC?jt(Fq6&}B9-7@tL8^@t
zgulC0$LxH{TnX^jr2e)~1Vj&Tc!H~|lP~R!=;|AfN8bIINm5AUy9F3C?A8X;EQ+~0
zI=q|9vhzgI%=R$q7<d?;r%<%EVnLMy>Hw4-B^}Qd1|y_2%sRypgvZV=uS0?LlGFF6
zsMC4@E@9F}MZxI-&JQ?#`YvN$s%oJ?oU<|;_*k45iJD#h3Z#yY9nQ~5$~5eozJ31j
z@3VUZ8?4txhejmLjm>?-0j5=}t=;&@9rA8P1+n?kE?05`1)5jN1!qeMF3Eu2(Ok(x
zc}@1OK`nf#{W|{Kqm3%gwv<gJ(r$C#Ts`i%yx)2b7902x|NBS`?+$sKPh|n#XN`$X
z_v*#?m#egn5)VH>Yv}k?G*+Pi@aUIWazbyKL`Kp#sLGdo3j-R;rJ~t1SoS2=M1h1n
z3FK+Ap7$T=P60~q${K@f(FTjgfl=KV@9A#Go8k?S0~vyu^1T5utk%wPytd)-JkHr2
z;(>@n>)80(QLpO&Cc9QmU0G2f3#gK55Bl|A(4j&SUl@@92_!WZ&Nps%x8#3H^L*Z`
zvRukPrY_^hgdIjXy9#MekbB(2Tzn27_rCbas{6ot*9+n#_{XW7({}cWZCPy_JX+iB
z*rGvn;2rnxV`B(%hjEA&zue<ruqKc_H;=*B|Lx?Z`p!T`mnoBUlhGN6=Fq+>B`-4>
z^#v(7Ni}JHI=+h<j^3m@7L>+<E^Xvh6=t(sK&MNZq@K(TJ+j8=4|xdaHGL=WTm1Q0
zYugfQLQ}P*vONHSUzzq>va+5Vmm2m#SA&W&jBJh7qZvJsLWUlhf!xkTOBJCM@_iud
zGPta+U|=nGeVpKYNivuvFVan%<>7;jCn$4ds&0h=ytD^ggDenY6Y<0FX2f$>$_om*
z=S#iTa5@~tR>&|_A6-D^r4FfYY+RpSu0=DdJBIJT&`y4Kw&T#B(et!E3Xv{!rFwps
z%pYF_pkB<6Jtp_3YeeWC)kl$W>Fp9j6G==r4_50$0GTAr9%97nP1E&;ku3^A8=N<3
zqs)1hYXz)l<bEdu;muYBapwnTD9_+ocUSqRO%Zew28+I4#Q1ge)zAKwfzfm!UMJRh
z%cO?x@1yV3iGg>VnEu@qjD_t{A{ay3wEQStw=H-eSA_}HhMFW#dFS@U=^C9Ub+*I7
z<AE>lG)HaC%;;%Uibp<~|F{;2C=(@~zb{jKV{C6)KQ41w-{fw<^{nViBjS=&ZwEHr
z>)1C=<4q$)xJqCQlP;H;_j`0~I@ym7M=X;m=ev77`-&%DT6^da)$42|C&VB47w=$e
zGN*tHzW)Lac^MEA<ePjkv+VA<0M>5MeHX`zx~t`g1XdZ45)Sg9jcJS<s(HN48+Q_#
zTIp+}9Wg!xRkhN|tfj4L`LHR6oa*YS3ge7b)Ig@!Xywl5J7fdf7e{*IcYr7#AW8ET
zC*pxm*s~^7-?e@E3fi)#h|Dc%7`z}?2L%ed+zDEbfW^0+1wSj_zjZv+YQ@7Y(d!b6
zx?t=eJp9n20pl{Y9TM3?^w#>I`sEtS{Lc-6FQ${p0654#X%~gMj%w7L?(Tl$g)?ZG
z9uFh*(@|TxI>FWq)_lWTmQZcKCwgnv00YPJrWXL<ldc>W=@`{oSP0pDR>Q3ps|an0
zTyF^jcK^K0XgK@;Ds-x{ybE4BmjknYvla6ytEYCyvBaVX??BzvpyCWIEv=QjT`m{-
z&;{^PnQwFB%pRI9h6-&<Z>>@BR!vko#{l#OGws{{r0tr_y`9>H{RF!NK-`*0UV~^;
z*dNjT{55MGgv7Dv6a-4hnlJG&*`n>XERGkYaK}~rd(N^oUHW^1QbdsYk7VJ|f0kUK
z8(q1VFEuIVy$Wa#bL@CM8EbxVYQ6Hj&uDf{VoLSAschSE_8LLnD+%6z6~m-Y>uYD0
zknfXF$NN@UTD!is7t}*3<<r_<HulU(gmPFLRXU#`y}eqKc6fO5$!L&yV-lD1GW|B(
zq3TAua?zYZjj$v^;{oQJ72Qr$<nnBTSN+;g^^<sRLKAHHxwB_e#!Zd*CC5j%g761>
zsv=K)B~Q+p`s8f3SZC|Sbq^Bn8_M<jMHCpckci(pPUDm|+>7$6%-_>DOS-}oquP7V
zbHZ2c;?usco!B?Z-TKTLp%U#f)J7vPwLvLid5i)(A$&Jj=kjQVJ&*H}uT3#%v@b0g
z**E5W%X;<sr$F^Dn|VVmL}~B>8&V!j6|%MdrWiZNcj9Ue+`Fgj_`UME33i5r{#6op
zwL^z0QvK5&KWmhkZ*o!;GxF>BP6~_E0s%ooU|t^Q@9dulzSMMF!@bZVB~2X5$Ln!8
z@?HOj{nb5Nb*$X6YvW&n>^~2#0l-GKKRv+*j$zJ6kXp{}SbdgZA=C-p4zyKJE`3@o
zqWv1si?eiEq=LoG%uw=Fh~Co^fIxSI<d);f?NC3z91N1(ot1tvtJzLbhs$#n|IVM|
zw9SDV)i5CSyZupMAE(0SE1VpxZU~uVs?ppLuiuXH{If(CUIMOuFIYtf9ER5zK>QX%
zNQ5tns%l;$^FuADBi!4u9`Hygy9RXl$8&IfLcSu5kCkn`0OaRzbr4N?DEiW6D2ofY
zV{ZZ+wj&u3K7O>Jw+tFF+#6S>AE*@&QMs~3ePv&<t!ogEfK4kA$6=dhRZz1V6#<bY
z-*iWs5=iZL1PghKOvCS$!nBvoy{94G*WAlrF8ylz40)l`@_c=duJM@kR)9Sb78w8o
z-DowwYH0}mY?gkCl~9C|{VpLMYvGB;S&q$y-er0K4h6YEnh-7tQT`zgi<3Ks1?7eg
zM={xtqG|u$mws*U)l_iukB_F^A4Jp@5!C4)*EINWmja5gfP;3#qv!|#f%V3YP8(TF
z#VVp}s-4b<koKvr#7wa2Ke_7^5AWu*w-~@0HAn4u_=MT)2Z~rov%q3c!cp9|S*5%Z
zS)#EmK|D3po^md`{jOjc7sDa1ACeyi1>spNi#0-%@V9iSnFCR$BNzUSgdc}o7wM9`
z8I=dCQFNjjC7EU~n3GNOQzu<O9rjbb>0URR#Ci4B;twF2>-3v{R`+ho`AD6DXHe0O
zWWeOS1e&qT=y<TIb$SqyQ1)`3eQO$E<3eYT?9Mb@dS4S51<-;+QTqJJiCUh;))e<@
ze^o?N4^0_AjP%{%Zb52c|F;|{r=LhKtW}k2EKF@z6$gnMHSCvZpV2M|(B?`pi{nU7
zr=-DcMlGNP7%z)dI87|CUStd`Wn59W`{|jdC2hU=d?JoKksgq7Q2&Cqbv4ZQ?nO@!
zBZ6#N+5WHx9J6hYx;J{>_vgP`cY&jiFBild52++Ff6rIca=T9a$&JXDo+e$jP2t@b
z&33~eU|}L`Aq^XD#*VfTO8Mu|e`Z(6lyL<tS7!@LzYBptZ*RE15E+w3pF?tqTr#}!
zJFr$^<GSEv;P*DPSTJg=eVzb<>}Iq=I6#e?Xw%GmSW!`h$S`L~AjU<|<iqgU=N)i3
z*6tPnv`~cgTDE0Ej77krCa-y7v(opult4KJ5iu7YF>I=#Ve8(laeJ{SN=!^jW$!+_
z^v^=n*^fDN3q8nblQzQ4PaZ01s{-PG*3}1Bxlfj=b{T8q84=~2_TBLvo<R>Ogm{PZ
z)iL=~o>y|b(*A5uuAi@bP06Y8GTHNj*E8N^pmn)~X`D4<cW22!{HSiQjA>4{O3EE%
z&SoG*O&`r-UCgDVQE9VAP`wu>ORHn8`*|e*N84x;%4q;sDAo2=w=Swe=C)~6bAy}3
zVtblz7^we1{r<5CQ|2*98CefYGl=Qv=q#+QKSxl9GE3{bAALXBtLxWm(dEsbD1K>t
zvOvhgdK8(7Nm`4d;S8$&qJRp46~9VIVLU_~N~L6KN(vhJi7)r?mQzIRw(cz*#d~>G
zRoB{X)$UKUt<99LUj&AL+HtMo{braxFd;j0wmzr&0?GN{C1<|ylWYg8nHO<i85j=h
zhGORHBIx>)g%Bx-8|6@_$g~$o2+nwu4y6qoHKZDjcu^cv(oOZARK{^DGz&$x;+lOu
za-2O{nM*^g-=tOeYKCg9sfIblBXS@A&CVs&tI~%DtCJ#_4VPrq%%0vy+4|AU3d-=p
zVHXV-s_3MQSFUb%bCQLp$V}>#_&>$JJU0PMKyKDBQ1pCf2vq6qX-%?cdl87BOgUv^
zFD0BB80MVyVVgda_%M7qo+GVVH!0Enbg7-_mAMQZEg)Sb+>`cOe`{WcLNCl^FKX|k
zo|QQrQ+Ln*ipU=+%3ew$lb*qHOo2H$AOFN5a%#z|K&Y=GM!L1(8Oh7eC{M<;XBS*L
z=5w)=wp|hK|Ate&F+pyl<8d$SH=t$m2@1d;3q4qPQW_0_PJp$5%1Xe~nU$z;4tP4p
z_bSDtF>DMx^^IQ(XW*I=oOXS-(d0rw#!tf4*6Clw?(V}t$bSa_IJfVOR00C|P%(Kg
zQGjTo<w?DYgBdTEFyYQyY@HS)IWX`pgy1{D>Vu8dRWbRDE@E3-R=Mi-B32fxx8`GY
zF1%fVb37tc)L^<5nq&e?Sbc-!mMW6?c#e`LYBsamdP_7tRnmrDOMzx-eI(!@svP{t
z%<EYKvc`<+lijv;P{&FFyq&ddv#-Nf7X^WxXDaTg8dbtheEq4B?r#|Y?IHA_>gp_E
zy?4Smr2u{fa6VlgO+^UtT$~*Y+UKti)nu$bkYq|TkOrdbSK6cCxH0H!+%a;Tx_$dD
z5^2xyTpvXU8B_)twBQky(oQxdoO}K6taYe*WYt>YQ0K0jGTZSO)$Fj2a6ib;25LJ!
ze15hBq+QdwBze#H?NV~63RJe6<{00u4zPb{k6`t<r@u1`2Gvl=x&K&bjECj)qjR*c
zIZSPfmk7fDa$j~bM+u*Dc8hL&eWJ(>i#k$7Lu17~(I)hMSH~Tozz<Hc)+6Z>=Re~0
z^2K8}Dy2+xJU_mNi!xW{26vUz;Du}`T>L)z)5W_f9gsh45CN}Jn=TbYP!rVr5@e_o
z?0~xBYveNJ2*kEB8@$%-x`+in>M)f)GJOm4Kc1x9Z^p7`+Z74kb6M>ziJ;^tC6zFl
zIF>g8f<P0O<8AGoJxAZ-`}XJA>Tua|X}(<3)rRt=Nm(lMTz0MW)^w4M%LCRX--PO-
z9|^I|Gw&ath#S@HiscH^gJEwMD~~;ds%6Gm$fLuf!<c-Sq&>KkW$RYB;m8ysTW2%t
z$c<O8yj(Va^kfhY6io_|uOwMB%Gd6jGTwKrN~FR#xz7;ylJ9S#$S+jU`x&&+0}wF(
z$u#}1H~Qa2=8qqnEDO{w0Qd>;cUE6M3qSM#Ea1f6;p5M;>%&hzs1um1yxZvA2PRSU
zORqIG#DB@k+&1|9OqFFejXb#9kKVrS^3-qpO$zdG`bI3i0w5R4dlqz1;+^th<FS}d
zeT4*Hgzqz-$UAJ++*L>xG~X#?baPT}(#}H0=OJu)Ii`qB@PxfIAt;FT<SZg|lv)uU
zk;#5^wCLx%u?owKPCA85lxIf!MO@QB9SDt1XN%PWL%%5e;F;`zPvIb{ZaF{x83e|E
z>*&Gz5qZh$;!$gvSz8k!-Le71D!_!xF>q;4u08n*r6FHDY#$;~v=I6MvX}QKo2t~-
zk2rg`dGOru_usUBdd@XbCj^J|<Y~O6f{%(4wl?7Ubdi}5EAzV0HkM!Yz9S6PG*K2A
zq}zS|lpP*eIYZcXp<-_8%B`yUrJa-)m1q{C=T4>fT`~rI-f^bYq~L>Uj>^L)$x|x}
zf~||R>Jmo`uXftpeL@zt#1Cy+li7?#si;dyV|x+4l$%UZb9K`UTZjBO9P6GVk~r6l
ztK6@E*Xdk|gtz7tLSGHvYYxPbj$%3!EgGMBe%q>^k2Xkj1S^DIc1Pi4=JGZH|GM6+
zY_Vb<;QsC{a)oY}e+|7vIT943)JTTa>-;2JL3|aQHc(gtq!6J;R3HxtaVCsC1d_Ia
zb=&DYfze`pbi6)|UOK`~pvgFu$rv-MGj=E6!zSn+Aca&V_Pe22w6O)WU6K<bZ?LEC
zpVZ3jys-x`6)J*5=_@bk(lbZU&6xioi?~wvlv4{}X|D?f)yUdBSWcx<Iz$fQHPGU%
zbX3~H+-L}T-0Ow^o_PHHs}0TDkwT5(csjPwLlgpdom)g+8VNkklrM8-d?@R%LN5T%
ze}AKM1#5$iDCsQWY{v0uk>=Gsx`ceEEK)4;5@pkrV>O*x+B7--!@52%3yI7^dSKJ`
zjbK>AVNAh-K6V;DkC8{-^XEARfbLn=#O!qZ0(74U!XP@_8t$397_Su|+p*6NHqnuU
z&SWrhNzN&JB6BT)S2|66iDnOv%Z^VvUhslFkP5&$sR#>HKe|*|R{&3~vev)$MJ9dk
ztFLc%oF7G>KUZv@Ti`#!t4j>bDOe5vETjE8;qjwPH6-au+>_YK3p+`86zfSpM%z{S
z1`H#I`UKYHnXu)PHPxR8|0;$^fKaVb>Zan0QV1!d9~-j|>bx$5Ux;-?`Csh4RaBK>
z`}J#~gwi1)2uOD~C@I}tQqqldh;)N=mvnc7EI=Bh8>Abg8@_v4@B80-d?$N<V;^mY
z2WzN9m(O$Ob<O#kV4nhgTw&C=Qr5b1uxRmfAOeR3veqw&RF%05NW;Y#NLUNb+cYTI
zG_gWxm?Q%zgr#S@6;ERoLH?Y{L~#@Pbv)Y&vd#5RYarxOg86viEs~Z3u@%-rc|W7J
z^yCm2LBfSVe?C2o&%&%Ip>Nqw59oNJ*QY-KrU%bh@l7$TcI;RN4FYBkoV3^uieO?n
zob3Bp;Gb349G*5ixdyuuIv$<`Kv<-$9R%1z!L{OH%+&0or0(Yf+$u7YHI{svt%B+U
z`2J8KoqWy~kGIu}YH5+hi^z`XwE%+a+l%#7W>rTd{s;G62%%OgL^qW*D>$(TMwq(V
zT7Tq>>~Pm>-X^=-r#!*6mKYygXH<9l?lXb;hK&K{+iZVA%@?3I>xLg`-)|!pLF_&H
zSUjhgj_XIiCi87g6b18ee@f~FSMGd$6d)Z}dfa&)4kxU4cvmZbThwy}kVuO?Irg>H
z=y85mD9C(kC^HrhGMkvjSWHB{jGTJ_lx=!zW}6W|hXI3!oPRfgtl0sVsFBlV`rvGV
z^B~D-?!0iJ5$VYEHbXSATDyBk5|>R*=DV0C2AD}(m<Fq#1gI<6x~Y`;KV+%tEcvFo
zqiRD?2!8a--QD-<h}DJfp0&_y$W4#oSe{X}&GO?g)q&JCenCzwpWu?Z_DO?zpPp;r
z=?Fj$oK+@s!df<O4K4TW7#jh%U=f|&q;{)AA+H1vt^O|B9f+ExPCBqs&&5Trxl|L+
z5yTb-lG2Y}<wcRL-AezSE-W1)apwxK@?7?2Id<vz7Zr$psO$Q>H*Cg-%oNT|#Qd>m
zn<Mh(IZ4b$=e#Ty*8z=S-verlW@J8h(q1Q|V%4Suz$(mTt|`#t_X#*Uo6jg(C!!gj
zEpUEJnL4u4-Ov$;?0mW;8SM?U^sb+i8|UPQhPJ~t5{sNIgSo|o2NjqzW$ihB)Gseq
zZk3)~{a|B)VE<P!4`gBgs@=ia{5!GjK%4R3rbSQUo}&lL41CKF-WPrIvJRNgXeIP5
zKjI;B$~lVaBLR*@PPQ3@SbJ-fc9@!a2?2H^g9*ijVQ0R{@Az>SOc*{Ns(D-cLv!gx
z1Nuzl1K1iwB5U&6R{q!TQozkw)JZD{RdvVVqzA*9{M%qMSIy7IkxEM1HG3ind>*`G
zAY5n*mX6<e_zOzPV@V`I_E%GF6N{^pdM{n<SH57t+Hee#5fSk_E898PM$W&C_KO0n
zBB<S>$G)d`rCZ*=iNHp;bpeBc?zFHgL(;*)fdy(rOjeQSqD4UF;pYA#67$F02&=bF
zGE;6Sh|dQsYUN2hwLcRyG$m6s9sA(WzKtv_dA588)h|j_s^yAU<kRQT!rpPfGFNf=
zJ$fb>P3J27^;dl8rZtqLqqdkuro4B3xK8Y{$>Ff|yzDJQHu{1+!-;9hDk#iTKS7k;
z|Dn?+@|La-w6ier(;9M@Aka2Kj$}fYFMyU+T4!#aHCK}fsXWKN@PANmH;UP9i@49>
z+&6JJo3LK(T|I&LTw6zLd)z$Fq{^hcK-=RcTIos2=k*uuv1pV^g|7wy!Q`d4=S)>w
z_YrhVKy8hX5j+=(Mw>ClYa`H@Q;<z$33Hu>>u|WCmMTyzsJ@niTS(0Q4%^G!;g*KF
zHJw1;GvpHx0qI?oMQP?#fn_Xmx*35-%XAI{414TVEW&J#eq^vs;j4-U-q2|^zRr9o
zLNT?)Af3|KzAr7sFx67=)A=&yr+faZTet4T?z6qQOnp@zQvJI`hpzeV3m$m|?~h$n
zjUiNLch_}>8{u#2t8CQ`ZUV~g&?u=Tj9h$#z)B$tmpFyHs=PbhTU^w1mo1S@%O|bX
z;+{O2S>QD6tWiZOu_80u<~<?QK}B9;s6*va*a9_O1~s*4d#_ddMak$a1;1c3o>*m@
z*N<kIpj#3pDUag~le)QrN`|pm``_TxQe<_u+p?vS3*>hy@Glqm6BRkxDNrr_Psn-(
zP~GS<Tgm+A&Oh?&&d=?vv-H~W*9lJ={y{gPROJU9B3r}zi@^Jcj_+SA%4C&W^zmac
zk!yKa<NN(j)b|uVE2(s8$v2}AwnViP268;j9FA$bDN-|VE*<y)4TO2*NgBq5hZ)~t
zCsu28s`C6fyISA{Xsl5Bcy(&~Er5)Mlq9sXGP5a0luy<$sav0wUUtFAIldgvI@YeS
z;8|QPOGd{oSMKC>b1u+AOJp_{qfx62zd7(y(>en9gH;wkS&NbEqNnQp*gM9?D_tn%
z!P<SDbIooIu-a^rfjFw%?C-w5R{Ys@qAJ*RQ?U^Ne4t3L#<UPn&eP4`y?dz~X$;uI
zP+BqJfFmI{<t^=HaxpqwSa?<5hwbrCRVBym>_EAO0zb2&DOTi-hFtpQmzmT1ubH#I
zf-LOYb77fQ`~`b47ZE6is+<%UbjR?VZF{0NA>zg+DB0(%<};@aY7FLTbl`A%wsNv4
z;HU4eQuXshl;6h(&b%a9+SSKtN7T6#)~A;!zqFJdhdnLz`Vi7CDxdYvuW9vUb50(^
z%%oF-S|_7=Fn2%?HM_&`W(T8O=twDwSKu<&SMjI_E)x%2%^$Rb4r;#XDqWEV2L8%<
zufR~&BrIB{X$kBRssK2*+&_u~9r7H8C2<~xEbpDWjmtIU18vtK3FqTw=ke39^4pC|
z*&f~LJ2(tX(#j@AX%|$|!=&Dz@4a}8oNmtA25|MuEq7Yk{fVqYDLmPOhV}fo_4HzK
z&*xClwisklNQK#a<sR!~@c)+<4f&pDEm)KpirZxf{vKeyDuK$AQ6Y&Pq@COA_q9Tr
z@_{JLuR-UM0oYVrWlvDdFPDPo+65Zv490=>&1k;S>9A2YGc3=1ruy*OAG!4zKBEdS
zbOIE6j4u)ap+JpwZe8e$1xH$w`9>HPVDlVTFVlr)`!Q->Im|oxQ7RV`b$o_44}Cv{
zg8Eg5KhT?3{q!F$P^Q}q@q3cYVj8n$9?{`PtwF7x{nY%z9O35n3ir*U36K$;gUsI-
zuA|xC^wz{DU~PM~8ZXeP9adgN@HAsGUBKmorp5rp+uCe{l5jk&dc#3{#{C;mIr+fV
zWsAvWLvD1`Zi@&D8?Hs!FBG!&!TQ;QYW}Z4MN3Ottnfw9IN&Gfv~AorHIzZH7wpTn
zW(O#N!=Ldv7)!N^^X`7lmpzQ$xlZPYa5D|c4o7AOF7{DB%@WidKUQmp1vKVD4M?q@
zU{){Lcc||cn?Z!w;iaWDU8&K~11F2y&nghXQ#s5?!*V7=sgXq^NFlhyLM@WQ!A})@
z^vsrl(S2iYadHL#0ZHjx$Gr_gi6nx1^pfkE`b*43<8q%h4IJrPug-E*=*=o?ur*($
z&Irc>v7_9eR+9mS>5{lmT-<X|F@iwA$%y?`7QJ;ja`e@?qj<?4C>AJYr{PznClonJ
zC{UKKU)OlQE_)l15k(S|`m;S%)s^>9CeR@63Pi3BL+}3F>Re@pI!h-{2936-o(vK3
zV4Ql>&O2e6zd--jpo8j2KC*!Gu3F|N?tj7<Kph4O7$sdGzWR~ILKJ1|@w++`83;}Q
z&PX0mIDDC2OWD^!t;<Pu0y6U#r?;I;ZxDM~p-$K;h_gzyWiz(;?d@$jkKd>F3<PBE
zxqTTzQq)U{ET*h4c$@{bM9xr^b#xWdL#CGH)(5h`j{@Tq31YzW#CAwWo_r3p!|Y9#
zqYmj!7k%~Byb97@q+SCbCLKvruhDW#Mlq_76#nq>aSeGYmm#geV1$5kk=erhtG<l|
zk9*eS>xM+L9~$hnyRB((0)w57)_P0*);@`veu#MTp!)S!OrHR}Pg-y%UHD@CXt5Y{
zCoz49O|G7h{rQ;n19QXq7A6e<2q<R+V`kTU+Er-Zf59m!1>8yZn2t~6vLy&T!ff_7
zzDC#`ED34C2*sVBAE0f`cB9)Us1qs|&+=cthX;Xw<m>0v6QLN&Iw{rWAqiCqghYcQ
zZF9+i7<9Dz4b2zM5>cO$;=BV~ONQkfjn<C0=~}*TjlG%HF|LMP-67@YNCj!e-$Gtw
zQUz@bX-sHK_JuTw*ar4AXi22&cZMduY?2Wn(QwN#VcEP%=qx2QTX7}n_;4%6wfdYu
zM^)lf{xWncPDUp~_s*l^=CUh-bZ~9D3>1N133_=MV0xhV`uL8^NtSsewqOqX`YnLE
zd*jN!66Q5bD2~N}5cv`BQpKI^N*9HX+3W;RqpX5y7+Zpojz5?sZ8;MAG0M5;5>4-}
zv-7rx`#kRZshD<;^Az!Ic<aMxvx3gJQ*DX;7Fka{a=&xDqvK5`sP~thcPwP2(MddC
zwIHT1NGdMZ^c5}Wt<&&1+?Gha(3MU~Iu9}p!fHC8q+~MRAOQtFJ={xK3j#LyAV*=I
zam|{v#niFr$72ITN3r;|lDN`*qhqq%q<ctiZzJy*=N7gofBd&6A1K#7!Eg<@hoT7`
z<-dNuLIBm7kPfXz6$WRLTbL&ZI=aR8!DSDKWyxSXzhIIaCYa6X>Dn!U*vfHvAQcwf
z4zOHm7hPJ^MuA6a5r;-744Z+Wm<}Kmy@z0+Zg3+5oj@Fb&cEuN4C(>%E-U9Nxc`iR
zR(|0rHgt?{4?EM%0#HeRGFPWA_i4TyNJ~1nN1gbTY;AX!czt_O=Ww!B3kl>Zr-K|?
zv<saX;1(WZTou%D`uXDxc7|HFawzrpK9GDW700f#BnZ$nzCYV|5Nlp2f+*`!$DfI`
z!ij=o_!lq3N1=|<jpam7o3(B_*(CN$q$XxGvikaZ*~O(S{fn$4L-Hlh?p`z384?y-
z_2)>SGK%rF_0mGYn}OPFbDriak%sfl8P4~dRMv=)iK43rchvc$Dp3?toB5BoH$a|6
zZ_c2YuMj`&K<{KVe;bQjZ3J1h0k^mb#B7Y}e$X+ht(nTB2|Z2nVMimCika_ZFSInl
z!a^CC^5MU|QSP%=i89A<mvx%elO<Xxu}Yw9eywwx6+Wcb9C5~@qjML4JRGB)7XD1{
zB17{In2n7<MCDL5;8m?DT+KNcB(oGKj{pckX>Q3$?R!ZTcE>K6p466)Pi^P2Y{?LG
z6f(nb(OfdtD&-t^=F1HtJD!XA+TU7N5uBm?o)l}CV+`rQ^M*zWzi$`+#j4aW%mTCR
zmn$N`#YGC#&a#0+Nqw~YGYi!-9A*XI7wcD7@l4tBB#SUjARf7V4@jnr$7`5qrj41v
z41vavYc|9;<{qy5UmUHOG$;(_NF+<m&(GVfpT5`{$;n9=Bnzm!Th{Z~)dxa>O)3hX
z01!M+>Txg?Fha+7Ct*7Nh-w5mHH-1P)#A{2FI7=rP!PTB<`=t7#?hh%Q3>b6cDMu(
z5hkZ^+qnV+(k0OmVus=ZgIbLlN>l=yS@ESU_N~mviXFk9$3}PAj4ZqKUetWObXR!k
zg{xVA<^A|3<8Cgm;CU~CyL3H*EKd%gtN@LN5w&^-&VSwa{<m`Be0(&o33we{zCQ(e
z(r~CPI<g1>&Fi<#S?PdEm$Qi8y7iOK%KEwpAt52;=p9+XE_(&IbP;)1<hcTed!^Y_
zVt7CG^)hk?$Yw7y@>m~uaZu_QlzZ1yOkE6V&mC7R*5Fu#`?kW+tr6FyrS;1&jjT^+
z^xH5UQcxNU9*fS4G48&jsS4dpVS;$WWt>N5p&x-MQd2`HcWo()q##^;eN*fF#fzG!
z@z><)p|gzp?I?sAt{40%oi)kDwq$is`G=8J>Fm#)Xvb@B(P82xl0`TM8Am~8X@JAX
zh{$|k!0JMf!fpJiI8aHY)_jIl?eqp!)9DPqDOZ6avUW1zoCYXhyjYBW^0Hu_p(WYF
z4~`;W_Kje6I?flWBIGMJR2R>OL3)pTpKX6|nhx6VHV3e*i~-GhG0$aC`pXkvN1V<+
zY;^OJ;%`(Hb$*}3;D+-8FjJNN*4wq7aF|b@Qx&O`@xBy}sDw0wBPZW=DT>>9#OAF*
z<^~tLQMAw?=m}(lq1f$e3K2B8)zE1|E-J=aQY0yx3^_yeSoB77N#S<bE0i;{mdL%i
zJl>V=XlJ`-mrP-f2qoZq&*1AMY<J33V!F!-CW8CTW4VY7A^nNo<~y)YU1_rQ0aVJP
zyHAW^O(FZ|E)B&=beE^NuK|}N`eLWfbqI1n#9c!NBy@7{59&Vh%$0REY{+SxdEiJ(
zFRr@zUSG88&L0qsTE6XSsVA(2jD!C&y!GBI&AM`rNn%(2Gmn3oEs`wy0}$1k4xBlW
z0u|&ZKUzJ!<2VHaM<|t@)SrzEU=)JJiMPWqH@FcOFoR?FXsSLTsKS>HgS(Pss7S3Y
zPE2e-A3D@(1YoK%WDs{;V^r|mdA`czasKBS`Ou-ebyIZITkdZMl<W367K%*0&P?{R
zUo>M0IwpnH)15dholA0S`YtU7X)c#tzo_*Q7>kTC!69)}bk-L@Dl#_lmGZt+dQhC+
zg=?1}cxJc{5JdlkN-Qq5PX}L2XK!k63UC}^U4U+eC@pQC!8oY88G**67(?hk2_*O+
z1@$G6vGT_J)y3OGQG0sN0A%D`fR$|3cM2FD=HC9Yl(TRo{IZmHKWV_jlz`(f>$l&b
ziD)9VQG12YU#v>3QIe1asE{%NsJD#AST5Hi*+BIOuk%Utb=QS30vaHch~B?{Ki}aA
z{t?)q4(~wqgo2qlial5r9Qi5oyaV7(G4T@o3Rf=T$q@NwO0>0)%rv|{_M?;v=@1F%
z{<4<)z!JOsv6kD&hu2s-Q;4lt4MZRjZ$PFZIkOMUbGF;zplDlcY&>c<mwsSUbFz&j
zTjKN1{prFan?9_&)J_3zQ_kgU7&27U`Z|3;<Fx6IJduUGKhpzI*Ht~}cqFwGVcoYO
zyL9I4KU~BOE=biCM35P4kZ~Q*vhs7O!xkI=Vrz_Qn$qrcNA*&~F}xxMh+_%cqyULd
z43p38FzWJbAJ`E!0C*@p*W=2(!fbtU52Rz4zl}&5j%Bfo&`{k**>AmhQfWO>Vz+io
zu_;uNhWzL-maP`)J=Yu9mVqP=;?B}ja0(?tAagn1A!%?X8ovZ;rSGjCh;I+xmFaeD
z@(>;?@W$DYfQfdRi}}4O@hNU!`qw*D-7jclp$PkK#(BVe83k;3Q+Lr+>CC_z?}R@l
z&c8b$;aya8!f9si=vaF!b+OWo_MsNwEY)E7Fs@W*W=z_Qq);g(3MmD1ie@UKiMd@)
zlTLT$g<|iTBxv(Ab6tH7hjB@;<}v3Vi-bO>Y)UiE$;7Y)Z&2RXE7a8p9;;wCaiTMQ
z(sI5r-MpA9Z18r%c_+x<@vX<*4VGrJov44NMy}%lszSOh3^r!m6SYRi2;_pBJX|J*
zKl9IZ+GF}l-my)|ZjQ;=){<>VBKrD4Y+vPO;JL<8jj#sJ$ZZfs6w}$C-e1WJVIDr$
z4diHAd0{QkdA5h!5WZezkZSZmghM*QqSFdDrF_NRb~Fe}KtQ0{tkWiaysXwc7+o&Y
z$ZSOJy%-`1u^L$BnJBTeM4)RFyJ_cTMI~w`&2lrS!BcZu&w_Qn-U&fyTb>|LhrI(&
zrf)kj;lZ{c$?e0<5iC06-60n{iQwhUm`^zHt-9T2_%^(T7Tnn=>eLG^Bo%eTU)8c@
z25X2@M-IIlHv2+yqUM<}F#1=-QUg!EV7j#+LpqxIG&8r6jv>M{0;iv+n{RLru72C{
zvlm3Co!S4|YoHe(E8Yh^wo2+Z4W&n_kEs570+9V_pnW}YO81kfbw1ctGt#&~0;x(d
z+6UcWda!T-4jkxu9^O9_I4CVM9wC)Yr~)n5;}qD2F5_Isd#-P}!vkrffeF+fX&cQ?
z%^oAAmmN^MWuD#WSJGQgmM)s))`4Te_dz~OWTX(J?QCxIX}g1WtRA1?(8yrNg?u_+
zAbOrm8A^VzZH0lIWV)|@^DwFb`Cx@cWprt=8FC4gNFB^lIFmvOOyyl?jIXSGp)P!-
z$4`3a=F{~I^Hs_+sN;zF@AiU-jx9k=NWr@I+*)t55_y0EROib(D*-iVZMWzS;w5J}
zGhPItI+9zJ;{h{sdT2XRD*0h9P(rOuZJj7Fgb@_>3FM`nyz4w89?6lE4J^dR(1{p>
zOvHP@F^r=U_5@P0fO_Cqfi_>hZoFkbZkCf*Ej(JCTg@I%9+3Cc7f-q*FSP<3)QG|t
z|L)9G0G44hn_HvGSF6e|M%slz;0D6f!Wp({n_VaVomdL__c)ApwK(-kGjyryi7mP<
zE1;IrSh+;s%qmT-qCtPh6?A3@f&=oj?>yxmbwb9bDw?xAyh{}lD^Ga{xl^PVj~w%h
zde^Pz?lwmZ(|~G19$YW`8iqAN`z&$IjZGvrN8{D_ZCKb%G{;W{-re8Kx9mab>E;Yh
zL!><>LkamHy=jj!a1b_3bvyMrr&dmJ9l7c`qYV;NU2)zXr@7oY8eDY*3=KTrCXvB;
zKm-&{j;unv9iEIE^5i!&x_ppV#YsI}sC~y%<$t!4=J~KawjVOeO)Sl=DgXW4SCzsI
zC$jVPQCZBdt4*R{gP1BP?9WO^4sYhl!bLjDZz{XEf@SL2lw)%7Tn#N{p>}&@LQC`;
z*B4}4=yvC{H;&hDMll3M3zW=r)lRm`5rby0PIpO~k<(f%L#rSDk2^m*H5kn=#w%5x
z|2YD(|H4kNFd(4G`+Gpa6Tb~AYX$S)Le0^ds334)pCTpo5p53uJ!@2_@=#KVotYXs
zK<yHk*6AK5A)3_+=VtSeZ3IO{f6&JILNx#?J;$HBke>7dt7dZEn}?BU5j?tm$y~}x
zL-1&^blOs&UG;8WVIXL|lOjL7XD6ghjeH$k)`O6BRad<#fRa<~xE~vwe>8kE#3{o9
zZZ1zE@q-<A;Lu26_xU^y^MrI4+rSl!x^Y59LGUr`BrMdf6(S+R_6+fU9Epq6p~QBU
zv$8X7V~nuiY|gf_fd61o)_HZscx>hx6#GccuCn*@>yWnm>CRMuk2FvHlkb@#<83M?
zJUT_%WRR2MJK0?c6ii-pNIQt?8^+Rhr{Lx`RPLQZBXBWSYp}0M$l(z+axvF-9a!|@
zGZ}pwi00<Tl&eD%?F{s>+0j&z1m#iOyAeKGfyi{6W!b~RD3}xzuKJcCIy!6{J<(Kl
zN{;NzNP`7M1xX%17ex+(aNONhzxWA~+<_|H@jAhbH`}*3fecV410yh2M>E<zgVWgw
zPPQK?Ivh-tm9eUD_5*+pB`|!_LmpZ|;`MOS-^JOsU!kiTEm-(CoOL93^-c#`4Kj}Y
z;U?-h6eKB@do$T)zbu`A?Dz8QP^<uVc={USszW*Me6QidO3J$D`Mm4$H*Gt;Z>Jf}
z@6Pt_wqW<|=JUy;cw`uB##-Mf3A{Tap!bJID6vnnhm+1a@^KvEHULl-UqsyW^3t^`
znHkbzP}XvGaT$3+MD0kjNI2Hkra6;*Er;Uwa-m+4AVW=ARO8jR+jZV$6OSXO_Ntqj
ziZ!*usYdDD6M$@39TX*@%f3-=<`-HTG)gMm)y^VV?W%rD(`Y{5>?ZzxEKgn9A2Sok
zQL`ZYj(sU?9FHoN78N(c&R+V(uBTqD%^OB@_C)w3<KZNn(FY|u71_S`C_pFcW)MhF
zI2Pg{p#0q3&!1LnwP1d^Tc{PM!kfc&l8=8UGtiTv^5a~n?l?-8IMDUr5aUHXj%d)C
z-^lLU?F_*zw~%Y&Tzf*gp51LRT8Kc#XWCgOe!dqiB3JzQRI0LolJN9PQk_lrA)ttQ
zHEY+i_tgKkwEQWn0iYOkW4Uc8wN-so@DB>|pN-|EgdnIH?c(8@jOE!X_YmVh^}TUO
zUK@y)L=u7>_#y?S+=`6aFYJS?ib~wm8n7Z8ycmz6Q6I`lb*DUHx0^tg>}q7tYbNzT
zSqmbdce^=x&S~}IV=;}Ng9Q<{rWF{oG&CBuuTyMcTj!f3k-m6b0oEd`d4AtSbLl(A
z=D$P;A@=U~(-x~vzlji~De`h~Xuba7hQz|bQH6jpMcKx@(BL3F@W$x^*qU=gV4FG@
zQ{q?I7F>(a7hxZ;ihtF*z1N|WtR3L7hL5WE0QXm`YyVfP3l{O)j{d(kR+LvM7A>NI
z>-woVVJ;_`kF#t@%J);*6WmnSl%tIyz4raPQQbX<T<O%5gH6&m=IoDb()mftrp8Q_
zJDQF?;I`<hLsVCi$)qg~Pb8%yA|lXH59zGgS87Qyv&tu<1;|rdtWu&%A=bN{s@t}c
zvu0DaT?-!I#1eek6ge4;s&{9IWjjdJZ1pP2SWdxdePEYelBw?0BZ<^lBs!59V_wC_
zC{A7iqI!${Ra^Jy<RmK=;$9<YWQeI;@tu=4fUn|kz5e_6@LFbD|N6~Y`S8?O1Re}6
z)RK7*sX^^;=Bl)L{x%nJkCt>$1}T<AcbZfC9vpScXLl`Vf(BU{5EFKgzY3Y@llhyB
z1nstdO@X>q2FKfG|1WO7UztvmFJc}w)mY4=%+AdkZGIN&CIVPG0HTeUXh-UewsOHs
zFa<gsNMgUvVmx`l&!-BW^H6-Dfe!(IxN@stG4A)$B@V5Z2si;_Sjg@55fTU&#KIt#
z`3Tr^qR|Bkgh(h-(M>ZTeo(`4ila*amG7lSxjsc5oQuu#O#lyt_5AT-y26l6v)1a(
zxTrsUndyXuLJcsU3_^u#HLzUYj(TG02mpjh-BCMFkU~B?YE_g(Vx?83OEq7Cf@4qe
z;N70`;_m831Tj&cI%#VG`WR3#IleszU;WF#v~B$Okp`_4ODBVdsj{;Ux?1C~Kd*2p
zf<stll;fZ2G$@SQ0t_Ev3}?=4UKzv(r(*Z67PM##-R7y00U@#BSYnVRTQZp+uuH17
zu<Pt4)6}ZAM)N=5);+%E<}qG!Y|ug?Mfxw(aCj|f-brYrZ2YyVzJ9q0ZLLt7LWS>I
zRs8rUJ*v825n$UxzBW1`bZNrwg6AoSH$LgVvb9ACV-`lhmjQ@%-`EAs9=XnTLsiSq
zi$^OR_VG7KWH;IMz6CS8PFnR)3A)IVXi*`ox}WRB3q{x2wnS=~QNuH1CkpwuVG~`a
zvWDPbyao1+vG=m!u*x+G-cf7li64Y8dg=rNP)DI$jAQ|}uiFTxZ@ci>++1BF`}ByA
zfDP$=nS-y)?e#^Gq<H_bA77h~a$ske9%5M*D+CVq6&l#^BjH>bkpSbM``(XteZs$m
zJ7~6w+8#_X<@()}EngT+R$w<-=ozj=v|qmKeN=j9KE*jS7$QJUr5(4FkSCv&(dX{I
z72B{k|19Ut!z%>o?DIxc9?>gm^D9Lc=d0bC)s^+W6d`czs2cQnH~!zZU|*;=2)S_M
zpAGpX+^?sr?<fI`wt5b6k;lAt8}umfC9psU69H5zCSCcUCqUDtm(1g$=BpHH9G<UO
zAclfJfdH>Y;_W70#H!kGDxy2IT&&3@G-=@G{|>VcgcC?Ozdb%Yl$){je}C%TrP~Tl
z)wvhbkw8xzVAU^~YqLtZvbmW@Lv#v%ezo7Cj=@~t(9kQ>4?L&^yN<y_nGX#J%2bsV
zAcA{optpjKjQq0AFAE^equLiEf!IzGIPNk(!5|ESs1L#Om2t7ME{`_bUlp$StmpDN
z-HS0(XkVOwS%!7BCtBQ_5+N(}g(M+)G$&q9At)-#MRh~onlJtIZSa}svNRkReZP$N
z$SeUAs#(qP+eiVl1rD%FDmqZ14ezUVH4GPlJ)nEs+4}_hhI{RVM@si3%>DJ(7`S(L
zGvyz2Q)U`35cHpGo3aq_27e&|!8V{iS%g76cpvsrU@knKFc0+(ALxR%JS>D2|EF*Q
zAKpTPY)MHak754Kf$(4ap%_+fQb6I@LA3ome{&-)+u|;I<ahCh!tptZI%rKSmR4YM
z<O&tx{B(bTF03qGFos&SYoX<f87|6!jITcM7b=(~z{~0xVACe>z#P^F#H-k;rt`yK
z^Ck%SgRzn6@9*D^M>Ov?mMbfNxFj<HaBvu>ypQPu4zdG$yP*J@6{6I}WzYj&LIS%*
z8>@LU5udg8fuJKIIOXdmJrOm!Vn=!|<TYKjkOhxH)jgaHj5&a19hgB{{^sieEO<6G
zl2<1L<lX_6&9fZ^i-R(35J)@LpgWq@y5-c_1BNRjICOFu8NooS*wlUj0fCI7ApU>t
zFYsX<8oPBgh4=3QDDn%j5ksw27>D=LXw1e*klawuDbwKzsZ6sgjLGp(XOz5SI}?$Q
zulM(`?QwY7AH2l%B2bzB%kW(2%A$~DKY|TBEApORb7ra%|K`D8Kk*-#%}W$8E#hF2
zhhY8|XJ3~?r;ZAg3l#>y&-8yx{y(6v%TBBU4g8%AUS76)9)<s#sLNkY<pC3?!oPdW
zFE8`AY2^Q#3ID&X%R~Ra3IG3V6aN3StU`y*k3#56R_fK8`?Hq5y92+#Jns7k687{D
zcjOm#CV6-VxP@6kXyicMU75*$59j}Uwo(G~p0i-J>~CIVDKsw<$5a5U!~c8xzTo=o
zoyz}oEC1`Mu|pFmlgAEK{<3~1p-HMCRfK;Q5`q2S-(3nClbOQ|zFrByGGzQe8L)rM
zy8q{h4E(=Q&;REhW7|?k;1JaTo#Plhhs-Zb7B<%x^OIs&vMAj5GYK!={|$RR6@}tF
zQ!6?Pm&NaW;zr}J^4~|~=lai!`tQXW&}v`(X3*>oImi8_TCqbjEkmmK5YRYaiqvSs
zkV(a!I{wWKM1Bi<|N1^9;qgul4Ok&&JiTuAbozcJnEVs;{pZ8WJus|-xtJ>d{i~(V
zehrH!n&gIO*MKcn);RPxxse?P`ojO;VM|o7dN}0uez%nV9&$Or%C~`M&#FxVzA({`
zcg;*ze<2@#M*qJF@}mnnFZ8!{&Hwz)kI7&2qIrjb!RMSzfWsvQjOPEtAfbYzIC5Y9
z-^>1=_XIN4z-;n~r@;j1BRDvA6|-mmVTXPED1h=4B%eHf#+L?sw&7vY&NkN8=|6rb
zRxa=FB34OJKmM!Yx%Ws{9Bg}&pZR(IjR1A%7F32g<RpPE@CKYiE&oGzfx?S&=qoyi
zfc%#5{*$00ok(oZa#X16nc<iCA%1nXn}vWiFtftVK!IE;{FOL_D!L#%*433~^Sh@w
z;KmkLnRGq8@AvA**5Vru@g^Z-Z+hyLE<U^cOBO$koFZEIYk*j#7QC<75E-kimK@)F
z=T31`W?n#xg!P{{@q-%r4lu>_lK;K~$6xOt8<}*zg$|C2tq-c2{`-4)&_9gGl~{rb
z20Mxs{Q`EjsmI-CV0wQa1bKqAC;!$6*5~FdRVY3J`w#VV6&X;bhwrAikj@hZ*h2Y~
zP(OFQdi6<#u#BxLPcw6)MWLVwN62`0x?)U8y;4YAz2KC(N;$8ItxO0x;ti(gPmk0y
z&IyjXv-h(rpI2_R2+kT^To-KjdDzw+Qh>V96CD@VlwSY#8XvIxIJ{g*mUpI@Ko(}{
zXXdMoRYiYSH}T$6U~kL9Wh+kHDRA|HSE%$4`w<@o4k7%lt!EpcKW&G#gcsR2T=0=b
zAKYPr4g-!L!YZB4KY!eZA`NJ@8sFK$lErebsDB$V!Zy^ZxAMdH?Tn*lQ~Y^Lc9JW+
z`?;K*@{l0}zdUMbIVB-qio}(tYph>(R1}&28!qW~mV;;3c<TI-pob`$)ft5_V)5SN
zXnYZoA>xBNv?F>*THj}Emib-bj)I980q)SyFCWmFzvLVoJQi3R*cQYmaeH<c9sHv=
zmi%-`fW-K8NUOA)?721UvqsSfQCG4RDy1Ziroiybb6yGL)CHvdh0GsRvE-!OeLDx*
zAKIc0J;silqnAVQSP}xU=m`CS!=%F(rdnHDE7uq1>{feLl{qki|D7N2J;3(;Xp;&6
zNCWihp922v4_}~0FN#M7?^%AK)Q?8rF#Q?h^pf{HJ~H-`QpLUw&zaG*qIZu8!)5b?
z$D+_}lv(lh_WqtNiEDgToJ_j?#jq8)I6$bnrCY3g%T>%kDqoH?RYdjfwERr<Zq%1n
zYXJJRQ&G{7Fa^==a39?6+@|`cSxh(fTPASqx|cczk{iNPTUy>sMUq)px?L#&FpAF`
zRcAxHy+eE_XJ=V{{s)q&rvlCnsXAAt-%C-dEEih8@{a@C$_8+{9AC}W@snSwFx`FY
z@0GoB$TvM44Nx7a9<Cel+$u!x@C!AknwO^Y(Um8=lVmIQjWgpi(@;O8-I0n2)7|VH
z#7ZoTorj50^Kc$yV!3HLvBx;1ULhK|%Q?R4)66qYFy3Z;L7z11^L$#t|7o2_4x43K
zB3Wo${^#P0{^sXzEavH2q^l*a0{JcHn4f3b-H<BOnUjGLt2dE^ZFlx*alKhCWms>B
zaxCxEWzOJ4&opKztI2mk4;)vAZ(mTZXt$=#JUXbew!b3fY|*QL{>P(C=Y2J}5r#&*
z9j9yFg{scwM75|U8-D(X<0Sf*1t4s@b}PkUv-0Zpnt;vz>0ER2<=}xtxq<}Re-<t|
z(B5oE&*T^SyKs3v6$Z;wuLUgFmkL#?1@RYu-<!XrysiS3Ew_f6j%O_pQrymV;gOjB
zMB|e!MbhoGU&r9`2cE$ouT&+MeziOELtRYV+4AJ`MbsnVB{MHOe3vJb8(CL<NN~;K
zVfc^`!2YTqd4%_Lo|ciALnmX{WLJ%_N8OOTN4{rddon|a%7pllA1iAe`OB9do8u3o
zhl(T7NC!|Mg7z@U<Kap45irPlogrAdJ^YvHOG`@>h68v|{I=UXXRAf>JELxT-4!EB
z*^EbJ(YabYA9V4=Lt{}cPiZt0n$LAhxwRd6sfBfPa8miiCM(vp6VBEN#N_ZJvDVB%
z^2<yDD~0H&xk|#ceW7r*eci^=#mmdpD;iPO-dc#@(Rk{LE{(>dhmkm?VtraA?}gC*
z1tva?o?U7Zy=?qySyk`mFn(`C8I5cKt)j(9gw5pS@SOO%@tGx46opY}H$0k0qLc$&
z%0wjtSws>&L*jX`#py-t3T3eX;HLA2mIn=fpp}Ole4yG`YMF`tA`}{O_4HL3YBL0)
zk4J-h8n3GN<@d`L_PEY-*?;o*@$e)=CS!LYgXG`0cpteG+9ROp#rli31CD@DFq32S
zdU>v{E{1FmkRa`iPBeghXJ`!aWfjxX1^lucLjXft5@7Hpt=$x$2m#MN;g^~4XhE1~
zBqEFBba`JP?I3xVRM7{7;tG?9$6|a6pXHB36S==GEgm8EIixTR`4jgXsh8J5q$Ub!
z`OHe{dx^;Ca)UwP3m>lDtufPZkEwFTunv1Pvf#|Lw9%ld;4m{zwy-9isi|pD7R~Jz
z+i~aAb}vHM0=L7o>8cMFg4)saWyy~BvL$D#ZBo+Hbt>(;we5B$WtUhgO~w+yRh<?l
z5L9o{88SuSvD&hW*5ftI;1LRC<IWdF2;`fbPe{^_*6F@~?g-jQx6)R>3gJ9%xoe_o
z!BWYcS|8CmJ~sZ8@+H#NVv%2!%D?15m?D4V^?J3-IP;N@6Kgex4?QDU8P)m<WE+)K
z&E}@NXi9E%oLWM^rn}*N%lS3t1iu+fsnJ-%ie`02douEw_w9xK10g@2QgnB>77jBr
zazk2NXVe#2gW`BP$^%Xs8q8C?il*{;Y<Byrnk8@JRO&rTXD5XX>li4Hd0(g<V8J}m
zK!=FoQfijKMO)s+pp$>&3(YzKQ2)+|FlJk+K|yC&G$&q)#nhCe0VB8m1Rg&#b93^a
z<1{#2_IARF_-lU;sbKRi@d59=1cvMJzk>DKC*aJJ{jmL2{l^Xv3@WvB{90BFE*PK3
z7vM7_fr2XI1($@nKgh0l3i8;}tu7)3R3tS-L1j;B6FILK&_kS@wQC>tMUsV8ey;^x
zQiU_m$7^W!JdUQ)4aQ%F159<OQ?ieL+qZk=O<u$tb+z5D)vk_5(*|CgTfwgQFnJ$y
zYWnJ}X+9G9u)}!5g5jci5AoZ=vp{+Vq9wv-*BLEuvIhAG-mX$9gkN~jsF4@vQJb>#
zynB$><ydp%GFoXYKeeO?hX#Bh`3{TRZqs3QTce`=!B@w-BA~hx=>)!0`pwntNK}p?
z1ji?!tp$&w_)J_hIAG2_47CLY_<Lx3o3BoB>#Ycl5zLBal(W|?6+fShfON(FlxA9R
zYU5}QJ;6=%t8)VHIXD0|vkI-5`L%M6x-_LmdSKte-2{Q%vdVN(7tYhqQrN5Bu%#L!
z<K;EVAfsWTDQw>7s9L)@GrT~Vxgc+BRp2mBO?++lLXUKg*F{V|B_-e(l{9-jiBV5m
zz9m(-xR|yb3H~Yewa|Nw2W!95rGKBfHi68f-A*JB@t+e_3k5o(5pbZ_C>j@ERndLh
zwQDJRh{<?Y1Ti^awsb3kwp>cR{Vru;zJ3k~WVruZ$lWW|g;@v+vG5kng+_yY^yL{F
z`n@>NoF$RIcO7ZyjiZ|QS{Q>AC)0weFbm`C1TEtrseK%^1jNh?rtq>TDXvYy)_7)J
z_jC^)MEO6Lw2y*8c-b{#PRah9uMVup<*Rklyqko$M_%~gU8QaM(~NU)aUh6)L^6`i
zVEly>03viBGg}1})N9Lqe90?NS(S~ZRAg}yTLRt%NWuv!N&F524Wym(!<HCAgqaUR
zL+NvDR8%q0zDR3?e7d^Y_juU}4B536w=PBR@#UK@Vh-2O(z?3HalW^dWCx>}D1X1Z
zuJ8nz;^}#SPOdz}%f}NKjBbVnq7Tfn%JDAF(X%GOJagH{zp2pSfq6VXT)8Z`PP-rB
z_go#0m$$?FL{-F?;&dmTNv!(Tk&E14saPdjx`5c-{Z^snjR3`l6>^4^j$KGbW~R?r
zk5!#v08H#wwOA5gNrOMf1>DhHV+zmRUbY)1y6$1E$>MrcNek*;3mwG>G&fePI>{P9
zQeM$m*}Smzc8V^zkRdr(P^onwOS)Bcfv80AN&~ZKuz$LBTdaI$_G+$~kfrtfYPJYC
zdPu!{Za#1I86uE*Vje7ncQieeNYf+V%3r*)w?|$mz?=2`iR@AXQ=Gj8k2u^xb_-wh
zZJ(+~=KxFl!$+s+IEVh@#q9ZZS$voW);XlQT6m!Z&BA1%^Wg{WbV5Pvnf1?l!V4N6
za&S%u9MRzl3Gro@hLcaXoP92hbEUIJbKc&ijB5ERZra-+<`^Dni*J3)mm}Z#tP@T*
zX1fZalO=z4?UcvAN~BO3$K`}!lNmQjhVIA{Rjm0eThFh!n>V_COV8Lt+Bvg%pl5A>
z#?bpilbJ%g915lCw@5Ra)wHWtq>lQM5!oR>l21!LQ&IF~GE?vh`^&sG8@4lSLwO<7
zgC#xYT(bCvSb?Z98q&8F-`)il&--+j$lAtx9JQmsa~JWXHuWlJ5JlTTw%bF9_vX_p
z)Y)DQu*ORT(GNAa3Q?+Mk*;E-`t5w;U|eao(==ZXk2P@^tE=Lxevhp=UEoGudh*jc
zL-I{vi0fO^Z-^{$iPIR&M;zdol`VCFX)bv60G;aA{e$j}7@-aNek<cDc?+^&XTadT
zf5RI)i%!yR<q?@zJuH?2Qur{(Qx}4Xv!MgW8nu~7+?lI=(Gaf(0cSEVhJ#v?&->1b
zCgPId9pOzAE!r_zFOq7ptUQYecyjUO&`Kurc{pm<GvoZNI4cZzFi<f$d3vKrY9K<7
zM&1V2+9nQ|&%9;m<|c1H5g)a9jR+aeNzU|gz2ie!;FC>9+UQAddi+VY{}n0;H0=po
zCed-P;x11&qjS+k|LaU31=fDG_2%EuNN8;n16swO()5O==JclMC=Fjhe1cZR{GMVb
zWnd@+lHC3w4aqa2c7h*tpz#P?t(a__ZF0ljyw^X8w<gOn3ta%E5Rf7D1E)!pp^4(7
z4QDxrVdqpz)Hz@=CYgBE8=d3rnRRZ+5vL*(LlUkEIMLn+uYpvXL24GS$$68T<W)Oa
z9bF*ThT)R0#aEvZ^wi*&JlzB3Dum#K_zdRBGMT*%SRDA-&ks5|bvgrAdx1b_w+&>4
zUA-t%H;^9>m~1*E<8kh3WwV?X1pKQpi4~8#ZHfMbZEw1S2N7V8LJYw%HiDtH<{>dJ
zra$nqAVAR;DSa;X;{0gk=VF^e#e2zkbBVa~<x1?8l@-A=Z-1M1|HZ8}My)bAgM*hn
z_pld8s14{e*tO+F772(2sV7Rbi9I|#Bss`x&2F#xHoJ6+swx=tI%S74z6n`BPWBJ}
z`0-xC;fcOihJ$yno;^ph<IPr}%k51p$Y2*pHbAzVuH<N%sjJ|<1KcTQ$M3I05DeUO
zIE4TtTV!{-CbsE@$~*jM{l?gSa1HiIt*StfW?F%jb8YvlOah}4)gy5YU@`Lb6B>z+
zWXsbcZfRE}mxD#WyZ(@KZqZ;U^9@_k1U*wK+4Qp)G7}C0(jH$%9h1ZNU3JkrEe69I
zz2+_Q4o~iHwTo&)G=n}u&OE%PL^&se)612cmIAGcz14lCa-Y{1ip>p;$53}K_^k9z
zDV46X=qDzp$DFVRp9~GkvlUe6H(JTEZH=|$p|jwi2L_{wlnkX-IN)NCjT`?E-*=Z0
zVV$WyKxZ*glH!($m`h9ax`X+i!FP(YlEVT{{6q*7TkezUh_;R$MD;eWx%|epLjjNj
z9`^pE+oj8)k=G_VrMea@?p4pVeB!uhM0~xRs?K8g+zVWUMgFL2<1IlwA>pGw3{oYN
zk%*pAtaX))K}*bYO`ggyvC(|0P9^}FU^_MKSzZxabm-7%VM;Q+Ma{|;O?^{-bCImR
zvEn<HP)Bv0+Ab*HRYk=gr~F2K0FHL1#fWyUDYt6!a?MbHB30Vj>oS{hFVJ*RvqfqG
zJ?F_C1fxJ^tY(1((;5e%Rhc&6;*PdG7U@}FA`+fxu@Ahsj^Xz@CWVaby{5F{E{ktx
zw+uo2#oCI7+sg)t)fqPZ-n~15S2-mwiLmbGq&g?C-J5f_$q#^c^m9qcK;T{uAYp=&
zRWuRazit2ZR}*MIxk^3E=MRwfbv6`nYfuyJ6EM}@vf67`pKo@%O37QZ6OR3hN2@_^
zSU9D_8t?NOXipl8L8QBUBCBOYQPBae%eQfS3=E1wM)!Ck>x|^&WRPhn6c3DKJ-B<{
zE+x#hY^?=av|9%CD}ZJgu1vqD2qDY9Fj$R`<SBIrUnXN~<Lj3U_gAl2tlfphj@I=K
z<lObCc<InkQN76zlF-RWSwzSTl__`R`IYLh?1K3BaIq|3jfp7HdcBmcY54K(np)Z0
zI$MJS>BVVQsk4fj+TxYXIlYeP&*tpRN_aH&mN8-f2e>AecGlLIN(dD#s5-jfa*|t8
z>nkUSVwS}~PanQ>v_hy|2Dl=&TkA1V^bs>5%)nf&5^#xhu5lU>MK6o(eYTijMV7!L
zf=H=Yj=owpNE{S*Wpwa5Xd3?f-s1ZPP>0CMD`j4P3+|Wt2|gJCZCOEBAdYQ;d8#8Q
zHjU0l$a1aUlZJ1;{)4>QF6G9ikcCC@<z>bDTWCXiJO@o=6e2_Ga(i9ZDExjXJL^-X
zo)(Z0mLvPEWz~{dGaK|M+bw_lP~poY5;yTf(!=Dt3Kgjx1}4JP)_W800O?fT$i_(<
zB6SYn3gNnlIY7O#q?$mr<BDp=*CV$%Cf^YB5~)g`tuxneD*a9l-+1y-V-7Djye9Fs
zaqU!|tOzUPCWmw?uHqIvv8F~%qshtB&sfsILUC-xb2)}fvj>N$;{-k=0wjIc)=bHK
zXkT9Cxup88XijRT4s0i>d)!vYFk06-()!2H&X#nq9b7##A*2r3a=+4Sel>r`M&Q5j
zsjjOeiLI`7y7!V=>e_9MR#IIm7mOu8v%JGk&&fzBrBq7nvNL!uPR!TtsuM%;m}v)w
zmBkDMQNG2O$Emb*8m^E~PnNy4-1T03yi^Xpr}&uh+pKN2;lAnl4ox*0R}6??*yrZa
z+8V2gEB?`M58CJtE)4W6rBj-3qljboj>5@|V(7~pMNNj4&%*WOAc8RW_62^9-LvLh
zPkYd8(8U_&MeU4k6UOS!^+xaFDg?<nJhAj`p7*R%a);}OeLc)TQbY&u(t{1kUCZmr
zLkBC{9851^Ia;o{Gl{-7EBF>P!8&gY8?eKkTwA1Yi(O&%iE@+3c?W3xl+dWKy$au6
zx}q|qJ*1|=r*|H*j4M5@UF|Gcamw9m&r2h#!edrTp-UQ!p%Sp1M^5z_>=JUlW3O#;
zz1z7q=bRINwWn~F)lMdP8^|rBj>yBiX(6lA$VmEM%JT3bIPx=9rnUtiCQk7_q`wuJ
zA7fD8et9F%igf(mksCN5?W1Wr+w5jH;Q(jLUYh!T;F^P_f27JnOwehQ^WEc}r%xGw
zWWN)`4t*_r_YfVyOC>6fD@+R3N?>+2#1%c_l}Pi&_O^10O<>}nG=3+%LzrP!EpfN7
zk`nBj6pOaj*7JZ8ShOk1g;bAQS}FsqeIbX%lrj)wu_9j>*Vo{B!RU4~_R33Ym{Njy
zLq=aB@ix*f{hE@R6cL|Mq8@+E36I_C<JvW=I$u^fB<t|&8%|kxLp3#!eOHe?k|QhV
zy=PnUy7d#Y)eqz{EDIYcV7SPcYp5)KdlHEefkG@IAAm|i&dclRe6mwa%ZR=IJsk}|
z8q{JcSoX0;JVr-vzKGD}Yc^E(&6GRYelD(3eadJv`ke4{MdZm;@-Y&h#MrT6fFLL&
z=9xFxmz!cLN+r>^QZoc{K)Cg`<Bx9|R;XujbA&+zODVa<>9P4zgM=aBBuy&u3BmB^
zS#K9TL|gZHS`GAtDC^bL8|f|CkZBTw!}AE!%AaRE&Ig1I9D7`)@kaaPy;yxWv55OE
z8O$u~3BP7vVs-v&b54b^!MiY3wS$EQf=0r2k1T_W?3OUHO`L|i?=cGbc5ljVA6;hD
zj5Fr7>T2tka&5dXqUsr4J0UY_OIW_lKSiu&ey1XSi2gv7qWndzH$G4BSgh@<GGHYL
z*k+EQP_HVWE_!1#hdZ%9G8(YWkznx#lvWg*-4L|=Lw&j?TRS9cS&IoZ;I{`tTw>{l
z2UMreSfz=IfJ*_vn9TxywR@ZBkwr{RoJxs{_9k!qy0z0CK4<wM-A&YN(51}CEnU$h
z^lf3@zq`3HT!e544|r<ov+W(haMW)XI`65o$4<Ve&ih_F`1+81QCxa?*=UM>?xA1y
z7HM=U&h764_BQW=s;i^brmOQMWT`etnb73>5!0qtLgx&p9z4(6SC>i%Xj8jKEgpTN
zH8ofk@rj7fGb~$nb1a_~l3ucy2xF+X(8TIVT&q+GU{Rh3yQ#W6A6@EedbuE^ujdZw
z`IK^z`S^)^2f|x@^~Qh2>5m_)pltT(!Fz>&E!B*G^^Zo=;D8L(K}<3A@i)bi%gXWY
zx^w)H%NHhB?NR3C@c_kdg(~sl@+_YK?&ipf3M&ToK#0!=@7vT9aSJg8AagQV&^qfp
z0}<A!4N1#s1At-}RC;XV1w4h~20c;f4`ATG6Cb41+HDdQsaE*n^SN(^`p+SPtiYh8
z<m6n9y2Elh`w=WWJnH4Uo0{0u-5IjwEiCXOe<AHY#u0@u3=e`>fqv`R9voHZ%mzr8
z-pYS`0E~n3(9|HKA)=KfA`NYy3i0iuVK=asg!uTUCzu`ev&kQuqm|H6Qi>Ia(a^7=
zU<N1^YvdWGGXrr=OfAZ-ZzHxPaUp9d*H;j534l<3?+y;}#GgGp;U2w?X1M4wgT`Hs
zuM5EVynMN6{He4VlOGrtS$l-%3{6g@cu1FC{>+Efx6{!@)FJFEam9ER+F8c1M0)oj
z5QA+l1V(z1e?YR9aK%b-7Ci)ocA0&0dX<#xAXT%Bl*}UPS@}-{aAxm^p4sb&B$&1G
zdwJ|Okc%|RG-^%V-^tKaAfUCR9MU*BI{I%HkTKhJy<Rd!|FAK&J%V0mBZU+cFyemg
z3COZp_$di&mTz`U;@ie))V&pVIudL?K=5>QCyEJVh^=qF=>S^llCxoCy||9&fUv({
zvc8tSzJ9p{!x5}F2vk$d34cOpx3{AzsU7pSaW0*h#dui3b$*)~;qW;$oyiAbEz6l5
zT*kjWW&q0BUGEQe+rFnfN-Y5dAGYMg5i8tJWT(sDxVS$hSddZ^cE!UL(etH6Tky0_
zpr|sEk5H=`aVxoPSmrJ|-~O1bkxXxRV~jysy{!<PP?`HOr%eCWqjG;CcH%s#+af~s
zWfvhSX(;NFq`E6Jz{X64V?r3S$jY*M7zASA-fS~*#2m^s*~4A_Kue}KX-%55JO4Po
zl&%)%_|Ed)&B?k}RvvfxYG0ZBe8kf5Ms6o_;hp$mQg%i>959<J98o>F%N)U-7}nES
z<+JYEfwU{Nefu2gN7fPaM1DM&Kp0Ls#VAIlNq(XdJYt^?K|M&r5~RvH#9=<x7F;zS
zCQp@XG4Xv^`T#;db#y*iIW$@<!EV~C@#G9cgzQ(Vll8~TSj0DnwTi4%j0Z7T-S{FP
zUKRz3@>B02V>MPIeT&}@h3rn!PH$w(6kQHYXEl_Y%{=XzXwc}iCT&XlgZ!eG+V}5Q
z_vCsr8eHdkIlfhZ103=QB!yD)2%2I#?dsra%Y}UO<$p<@_Z}!gqhAW<-Kp{aY>SLg
zEE`RO8@0qrsqPf2lQ)%Nz<oOG<gZ;r%U=-cKA0*Y1Tp#Qvg;j{C~iM9q4IWi&9psi
zxBiwNmwZO)9l%|;-<(LfetvtU`8nAXpz4eOYO#DClmd-zubmi+2ed1V2w5y<1p}8*
z9lAbsY(hRGs?#j}Jm@4CnXz<ut09@H)$EE*qf+`hbq!XXZ)@&Kp2Bey-Tx7SBQ!C+
zaK<&Y_H8zpN<tu=yLooK9fKD3?4xIm1;FR_>&tGB7ac2(ZtJ1wR=n?Lb^|JUzwu&C
zs%;l%XSoGlw>*BK<P%gkGCHDzgM;=ROuF&8$$yj9WHk2;kMl8ekFRD0$PN!~zBx@4
zT>2jCl913O|E(S6krs((FhKYyXOOt|!biBU>g>LX{n;0*xuhd5G*P0Fu|ZyBDqLNt
z!e6_!jEs*%1QX0isKpKMEPMMv3u2>!r^)Ri*InI145qI6lPAkL9%9}BY(AzPJ`lA9
zko@(Ovm1=6_zL&PjOv$!x$l&_0|W}jEoGk&x-Y*I4GN(Ca$e~`_fXtpN6I<QDyM%D
zR3n+G;1K54V9@|C;LV+jGMQ^5v4&$Y>Vz?wRAVI$*^_}Zy5{C)X0vnHo1JsD5STqz
zo~xOXip`&k0_BBqj=9<LId|Rc>Wj=IYGBIb5NKd9h{QcVdzJFoJ-_MwI&DzwVH%xp
zO-$4N)fo{@e927+%Sr56w^Xh5`?LOqVD+2?AKIRbX0;D)21KvU(>*(cK0LG?PgT-c
z!aZ@zv#sH@!7<aZ=`R<s+q~91sg%QG0~519_{{s~P-wA6v&cyEZRa~`X*w(%2H7*2
zDSW~mjg+^Od6=Zdn$~gEmYjOuMHb%l=LNUK_7RL4dd?GNzY$_$lp~UGwOYn`p~0Gp
z53|7ZoDi&cTy89qwFm=}IyII<YXqdYg(ai7&vH%t1{fDUW1^|j*O;9fJ}wT_L~ufI
z=*(O>S4P_ZU!?s7P?lX6HVi8w3aEgTh)79ycSuWjhm>@8t8__scXzka-JR0i-T%J4
z)%$+lZ{C0An{UQ(7-lZc>)d<owO1VLII?(~@ltXQSUr5Pi0*|Lc?LTQBbnUH^pRLV
zKI(W}mSWlc@P0QlEiXzx6U1%EONoO=i?<BA@x-bnaATLrS-o5p23QF*l~OWU_JK^<
z?f0C)4(#5@+mSK{5f8+$WMExil}aqQ3i#h&86oXXHumXb(Ecagd<{uA1M9vq{7E+f
z5)`DH=SXPCnlwYDdeNSaMM`Ci6;8OJBEHO0NCZdL<Av({00kg15u+=wsby_VKLu|@
zXI$b<fjvDn4VUMY*!mUgMMn^J7LB$*k3Ep|NJk7Vc;V=<X=;D?Tw%}skqY;0_2H^m
zB`6LLe}0(ck9lBQ8vi&27x&zAjK`@viL1#q0L)5;PA}mqm=dY3xZGISxnLzO++Lq&
z<nc2xG2!BL3zU?UG`nb+PF0a;;;A^V94dW$g@#7D^$8gbSpoE-S>ZXjZVuAQak>%?
z0#^Y^lnCy}#b(db<F%U)VT68|{oW)D&q7~<k~aS*ZEbD*b!;+nGw22QNT<cUJ<5rW
z$6yX7H3VN{9$Mi%Cbl8W{pVw7bsEUo6Afs2ueeF7n$Eo186%^-S?j#mE5g*bM3?1J
zWPTk#qYmdlnZQ<nbiy5d5egcgtY|+Ej^ZUdP#|md?Dpo^S}9!2nd#W(OOv^7F9Q96
z-3{n-)0<46TW>D$+gNpj12|Q-9voN@h^VHX@d4np$J>1c0%Ii=4kclph`=FFMc6hq
zHmovlq1y(r8yqRn`eO%Qtgd5hX^G9g(Zs9Uc}r)@&cZyoeGLZ>A0?l=zkrZgrY8>n
zenrzoNx%<`bw$M1UuMP+*V-6uic2D%zC>6!U^s5^4%*1;LSD7mOa8&zwV*+yrT1l*
z5_zw<4`~f!S@Rn;&5;zj%jKn(`yM+S>&Qk|t#@#M(#o~#_!AwYIR8TE*$hDEnTqY+
zAKLZLCAntPEvE6!OyZk^O%t}gUkU==rt1NIt=m3s0-K9}e-f<lr?pxwD=_NHRT*u6
zjdo8t<h9eRm4-)3->yL+s#<A|y*rn2>%20rT%Pl;Pyw#<o7=TP9Y4sbQ`7V(ibkx%
z(32)!GzXf3Qf;<kh4RsH9L18!y>2ez!Q-v1diy@GmUfxFK)9*&?l$kCmWvm{IBJ1(
zf??ByTH$yo=r3n97>;s3R}r7AtCpG>svX$h7DO2S(&qMhREky|h{CYAe!Jw@C|IoB
z=dY}Hu)pNdtv$*H(}noh!?7i-57TOSQc72I<~v+;BWW~K6SUP0S#;>9SXRcE{NbFq
zLzecDgTC%d54M$A?=LyH#IQ=I3rTH}H$H0Jq<nP$9Iq+5C{T>@(&^{EjoZl8sh5_C
z4Ytp}QbnIDAb3(`+t=H_Dc-;23ql(9dnBM?|6NOKKFTe*oZRvxQ5||zt0leFm!u#n
z(g7SxydtG}`@2;=lAC2~a0_`7G`*FM?il|FVDRZxv7JE1nkmcmmUEdHa7zhQUydl#
z1wUTWy*j~YEsU-Ky7ZMJ0T@(fre&CGL7Z1Y)t<H?dqH4IS%gSpD?gwl*nF*5Njm*|
zWKX5ZOs>HUu%oT<UET)bkPbR9JV0wJb1`Gq^dV|2UcQ-a|0am@f?JQ_i)WBA7DN}Z
zG+K?kj5>6V-0EZA`{j<HFbmfYu#YOha6(&alG{~`-_=Fu-Q?}*gvPcho&`)@#2y(r
zEi?SY+#57XRqh@SC*l`doGb~`4a<yAe?_p2fU?U1jcKC6A0^BOsy}JG4#@_M$*I8~
zE$VV-D~5tF_mPJ$l>q>*Xg_>GH2`ZP3MiZS*wepgyi#W0f+V0X7mnYECo<zU-fQ@1
zs9Qs6E<Llfv`j6pwRBZ$=9_OfY(71@pWo#H4LmAaIj4{QF<@v64FPGhu&X?yh>F2-
zRNq2Pg~v}4#`Vy%`1_rZk5C;fjR8JO4roR{MOu2{@Vo;fvo)(5t`}*I#AHkmC@l?V
zOXfU1y~y|Nz0ljWm_9l8jq;?@a$T+8aNBRfoyB5%9d6NnYIJUpXRhh8wnCA%D*Q>=
z!&eyl16Cg@A>o*wau15XFAb7rx$W2f(%f2!CV{?eEu)0C4gg0PZ1l7mYlGHYnh5Xc
ziU4dmnPLlKqs5DScPO<G?I(6kJUU9r>7ZOYX9+(8mIUVFwt=#l`xLhI0YXYzp|W7N
zood+TEk|+3cW-U)oImgF<HMkaJp6+{2T>aYI6^jKPLBRNYAZ$j6}83Oxw=|@24zYC
z<e%MBrS(HjtjI#**3qDmEJjoYd>5SN{aq4>Bn;62lO_t2GG<SH44s}KIc_Fj`1!bs
zNj5;3m)<6FIHikd+1$U;d#KaodYi5r2uA0ITYYOW>A@sShTXzg&5xzH;V?psT1Swk
zg`p6Uy2QRDgn>0;1XM#4)x7f4#TUWrk~Pu<)1<9I!2c`wtqje~s654U4W(3{DzIsC
zWrcsH8vPQ+5DA3elj_yTV8FEQ&2l)R_BZ;a?h>GeKySOlyoq;ES<E<GSJj^zQY&F~
zCjP<?9nqd2nl_D^Mu8Ia?JHB?S%ZGJ;|aBD``nR3uwDutt?ON{Me4e;&m}y{yYrjJ
z095nw3yy@H>1X#dj@0x}WWu%1kTBN^3sx3ZR-tXH7OxjlvE4vEJVqnB6La(DPi{F+
z?h-&MBAfjANlo24I$DK>a*2PCMDl)P0uN})kMDq%M*z}<F2DcPQ~$Z395d`W2Fj$O
zG=U((%FMPe6fV<n{?W!JPSZhLgHvT*g|@o<hftbYx`uc11isqi<rK}zizbf)yR?-l
z2uZPKrdLysP~pRhl88_bEHlBVnlO5gu!FNIlvqN2;#a7aaB_ETV0y+GhX;3LFfO@t
zlp3`n57GB>%ZLfkkQts2v;2a#6u+G|-9hQz-QWx2*&FgI>M;EDKoiJGeNc)oFK^>p
z)#)W+=d-_z$b!n~4wiW+Vc8p%Wb7&Ugn&ITD6Ma#G1J>_pIC`72${$w<NV!FodSZN
zzdxN4`s3fgM9{<fNCB{k<&g>PtiNLzoNXjX3C#&kq2GMfc#3WZ^~6-zS)X*_rA&7|
zD2kYd$4CH(OO6C~0-_n{%${^$H*J?>@P#uOPnv5f^zZQ02nI=P03n;Jv#m~0X3qKe
z<Lhv23f>JS0r@acwUJR)egl}}Snc-WYkfI6fn>J@{)}3t7%Z}qF|)~Z&=q5jZ?U-r
zpww$EOmn!ycAXSkU?+GsipNtyZE<lxl_Q?OI?TVb(iP^xpX`3+Iu=sYl*j|-O~RCV
zz1l*yIQyp9Z0>#BKa)Ti=g7t<^EhR(bvriOVcctDf7<!PK!A%6hwQNDm*-fy7RziN
z<K~%5%XZK%=l2vL!lHtj#sbrZReiR%-d<ksRxZIz%;M>hb=~t9?E_aU9=@}NOX*!p
z0&cj04@5Ujx|tR}_;)WZBGK#rd_bV$mM>G4SZ?2o5yxbb3ivR#dPMm%#qNEN;CeRg
z_GVM0@ShiajxjtpT|dt@7|ATP9|y3#l>=NExzkHOvUPy89D$A?_>|EcCl)8Q-mj)Z
zOQO&Z5QitL=DZ4#a=G#&Dmyb3R$0Zh>>8WOZ&B|cxE;=<v(a#iRP#kVdei#;h)e=i
z7R+ZCc<zr~olQ<Me|E`dGw)0tQ}taR2ca{l-~WiF4$*5%ZB1!uM2W25Jqcr{oc(wo
z?}2Gtc){xFJ0ulkpm^VOax90ZK3_OIMw1n&v?HU6q*3=;luL9znVxQ2zyE5gkG?MM
z1$<yC4X^ch>zKPju5x(o`4ESqZnsuyZR5*<L=H^3+%;aaN^%L$`Z=AmJ<tnVeL1pk
zQ0C!Fw?L%A2H+!<KCYLpWwg$IK^SV$o$yk#y8x+^f{Ncbm|p;z%Hay^tw<Dw1><6G
zQb?9P>@J06&w1xs6x&q~U(+LE?6!*mK{7Ssn{UND%yQ?!aV3tv$K4EW{@n~?O6zl{
zGuE|6&7MWI2}^#=D_3&UXCqZxco<aj1&m`m`PU86;biOHKkPP=%-S)_sU&mh8MX?v
zZC%&VSZg#ZGQZ(H3v_!!HtAXjp6u?#X-LO&&aL5Py?S$M-ECkbh`V&<IP;9xwSTFs
zY4s<KrCKC7Di3z}Vc-ofXOE3$zp6IW>+ZF=RgC}`nkd82Is#B#1BlwL6VRdBq$t=X
z!-4vb=NE!_{#k2sj6a_L=`YV8Vh#~Q*BvNU7<JM@!b6ymSIk@v4v*7Q!o^aj&7-C%
z*^qoMRbeRinn~QQMF&iX16l5}h*T6M_#4wLSyKG`pT%RJ!TkB=4B@wnt1Dp|ZazL{
za8zG#-7yD3<{eW~QkqGZp7_RXjA%$8H8+&9E+&#_E`i}}2utD>V<sLrR#``@J^pcv
ziNh7iVaO^HU0HVM3HFo*NQB}ER}IC8vazE^jEqGfs)=T`-oWu!RPDkOsQ|pM4Rnkz
zj<~sTzkh9AA4vKjl^UvdLfqy%6^2UuiBB_in&7x*q+>$~^w9zXDK4)Rf_oZWS6}k;
zbB0?0XnZ290N__1(R}zMEz7&QGMd}d9|dXQOS>A&4BSxj=)T)Kr)&15l+ThtuOm4V
zzk&_$b#gKki;v#zzG#(?V<A^7^{6xzQ@;s&+uT}X<(dX^9fLJP^225Ngf?E8=59Mr
z|K-fS*sjcW58q`XQM}3xV_`)Ia&qgWpN(*a?53vqK$Ca#?)IaSf<ul{8QSSi1~Sa<
zrNYxk>$fQ=7;gjv-iQ$hha)1Sypt?SWEB~NiI9$wD$yd?;^HQ%W}$j38pAp!Ss&U>
zIZ{vyh!BzGk(|!=QZ}m`{3F35?nl-Gv6&(#32da_Q}o6ikJz%>EPaw56N`*l?v7!@
zyqe<i^Bq?{mxjLvDYKZ7!keK0wzF;V@Bw@(Ptd#G_~DhRVVg1AP$d4!erbc@%IeHi
z%*m!X{uJTWc&P9dTDpfv7X8M^<0V`|i@sDiG3D?q+l1V%__pJ-;X96pxx*`I8Qmz!
zcf877etP0_=^9x^1vz<6)Pm8>&dzKk&h-FdLl`*h*FWkK=a*GQO#@uml4h|o3OV^k
z5?56Hwle=Kz3vFBvv`)A+ex#|@%b-!*w7<aMeX{L!_@;gN5oQoi3INkkEpIORox>D
zCc{Y^GOl;6K$W}J*1jpTp#%cOJHI)E2hgr*#q-#DTWuROgtQjyr<$umVi-i-49Hp?
zpIA%MXf(CTs04!J?2u>)$jKqN(Eapl4&(fW=A;f~I#c2{&SAAQ%UJg;4JE?^-~I%1
z%jVj47Z|^W1A@vI)yC0<frU|{4Vhl|D)@xKX?0K9*ij0<cVKctOIGvf=8lNz1)iNm
zo?6@b%irYtsB5=XT*j7oHQ(^)_Q*5@*&xVg%1-907feT-?OJ8&5A4&8wFxW(g11y2
z&-y@4A<goK|IPp5AefNHaRCIsX(j<!1CswUp`ih-%<>(KGdL#&f8+>F4Nnl<LvGXx
z0xnMs>^#{Vo@EWiUQnq4qnU2O-rnA|J@1x{l}cQ$ZA<%;-1@^(zXN<BTppK;XeAJK
zf(Fd!UgS&!qVyG<86#fLF{OYOx~FGy^9R5DVVUUc;u@Rn$YSBk99mR&ZBRjL3p7)^
z1WGUZK+oW{W@=6aL4_TRJI*6$b;OVFm#h{YLwUt5w5R6h6D`-fcx(9LdF!iv-(Vv1
z4h;?QAO_<cPc{ox8c*rYPKpSi5U!OX6~^9@b#Knsx_Z79(4V8veeAO?4!gKSmmt@+
z!(u5Zt~t~r+exMRqo#V*olNiHFQ_6EfGSe>QTKyOs9??I#KP`yPF;nO(`oG)pjVX@
z6XbAmAuS-aS_Aoy!Q3>%m8B_{Yct<v@IyV<+cBM5XBG#|&>B#rEtpSzvGn?DOXK}r
z+JajW{_=+gfWeG(_CpPmTkB8Yy*|IqDl*0AOd=GGC#T@C%mgL`qGXvi;Ru~L)Sjpj
za4m1lSn(kZSlnb`jBK|0F25Oj;>o4AgMx;NPEeZ7{PXyWY|2;h_y)sOVL*&@dR6I*
z4@5BWxwyDuZd=Y}!mL&D%Wo}Pi8V=PWLy_+uC~cp-PDaxRZI?#dN)UwG$ZySGGPSK
zN?eKGE<xa+950*J6@_X5`rh4fGlE9{K=SDPJZdh-GuwIo`D=DQPV3YFn~g!-D;wM4
z)JVs`o<X+#&HmE{Hmbo={x1LG@VhZVD^K6JJI?pUa*|k%&-Hm$Nl`+S+C5y7T!+GM
zdN#@ZD6X^-ux|ECYgtY)XXAyh9lF@j7)q;$WI^>njWeIOV*9e2a)O*ol#MZI$ZkL$
z0YLZjs_dC{XJ6O4h+JdcgX;Rq<|<y}OwvfaM&(Fg9`4oI8!31?iMMs)R&G-{Bnm{1
z2=-y!^2Fq2t{09RYIV*UYR2@1y-C>6mj+t`i@BGHnd)`oasXB{=d_h%Lqxy5?6*lG
z+DkM$@ePAb-S2zNKEB|$!TcC5t5F?E4-4RZoy8P0ZtG;X0<TJ4e#Rh|pASSKR9X=F
z?<qQWd?^?zu@{G(P4v{GO!U+lZ_hy{UJ?(MHa?1etr=g7oTxYULQO~hyIbAHh9PfC
zK`m!T+zF=WrGG^Dl+#@_NoxQVcH{DPYb39Lh<~u^kLcoqz;mt?2;gn1g$!*d;*pcC
zMt4tK((@E&P68dvj^2He3%|2#k;MVj{{2Z&qI-wS+YSda=RtQr+5B!P)>=cF$2->w
z?ST!W+w)Oymr+stDte+RPn!LTSa2C`w$C>N)pe~AQ1|Y)?P@J{ia&J<G;l@jMX*@y
z*H59?UwLG*7c{pDB)Putzq!SCJucp$K8cinR#-Xduzg~2Wj0?Fdl*QN>B=R>Iojz)
z_KH^V8ppHb3QR2h1)>>23W^LnwBvtj{z?#C>Bu<+MaUFmsoo^no*IR?vm9V51i8X=
z;N5N&i}b7SUt7RLxdD7&`eX)3(Rp>c@|DUm7;tQ5CL69h1Pr%J31Q(MclSAf>JcD+
zOb2MR5CCv-4Y+RBdU}rl51;Y<J2#2*$>AYQ@q9Fzzb_o7Eyh$?*7(vlS3JDt@t0GE
zc-~x|WGw)=_CA`};3q)?EO9EIt<}!T%Da0ahIXKa<9mM`cnXRt7*f%l+gkoU#u$e=
zh>9?e=aV}Hk?<7q=h`CJ;ZZ{h6SY&*HVnUCrc>*8|1Py762g%pu55}wHy^C$KY`_c
zg$^Kkw)^A0AU$BOlcpquc6tnl7H*RSn{r~j`1W#R2>+_`ji$fjE$24XLKb=Gor2F$
zKdgwxix)3OlixoY60}gdKilPgP3IV%NkPO4n`cYjDDMp_sQyL|RY*+PtT&QteN6q0
zzJS81{!uuefhLAy=b+}%53ei<<c;Bs2XJt;1t>k*+}sbaWC~KWJM6M`^W;kdFp7is
zwj#)+pUtoIF?DrhMK?A8=K~>%6AVhU6ji@><3V)b_o3R|@mMWWu1J5(yNB~`rBU%-
z|4~&aoLgZ_!1?YB5GPFxPFk(-SS{~f`hoJo!s3wLVHnzi!dfIVu)*4;36lXZ?x6AW
z@eOW{WVPB$oXAndb4d{KFKi7~X}Db;z^{9P2_m3=)Mm3JS3{KHfx3INN)}vJR%Tr4
zdb<FmAW3bk#OmdYaG&iaBYRoC*U<?tE@tWc*cU5cAXI-oe?40L0eR}tF^By@a`~hZ
z(DEQvulIOA0FU0ArB){jKjU{%J@Qk^M15yfrj~g28s@Q~r?mpq-mqtx-HA(;zKm3H
zcZ!5nx~n!<X^#mn(&CV{ev&+K=Pef3k+eDeKLbLPGi4P&=4J-KBvBQA(o~N8oHS2#
z7Tf*Xj`kr1?Fq?Acj7+9F+;R0Qx42d_R8?fg+h1~^TWjQRK-FqO;V}c&#DMfE^Mw?
za}6yEMeXh^+j{<9w=fkb`}fA-IPH@ayYbfk#%5+Br*RiOhYsZ`OxT@=$U(COf-br8
zB2^0K`y437g+n&D;=M8WY!T#YpSu+(g$qqzlqy*^3s?4bqP=D*HrgENF!QmJIR6Q=
zu2zevgTtOrKFbegNA@_5sqwrRZ(USXjiCLXVD7BWVlq)lu(YZwGPBqWv)0<+ht~~z
zpP&#{no;HVR2ro1$1NO#+C=Dt-Bm9i60l)(OkQ+blaYu|_}vK;zDKBJ?<pVKr1H29
z>Oy9l_J<#fAsB}g9%emSUGI}Q#0>HDwQH-0G<oZER4@}=9nY)(Q*8QZSs}JE{=f|H
zjB{w+ZqqT4IO^iY-vLEj0l~1X0m%;Pd8>(V7Qp@HT(0A{u4*tE{5b5-I0n+r*}!}|
zD<0IMn@c5i6uOdC8WN54{+vA%;~BJzFmAoMea$f94_EUQ)M2CCSaJu@Zd;@4?>@WK
z`F4CfZ*Mai4MBTWvzr#|R1UBfmg@2HUz?LgdZQml7*7QiEx6>4;U$qW=*m@oy%?}V
zCf@oYZ=ZM4(&1My4L{M=rz>ymaRKfK=(ar0CU+{0<ZFeBBqD>=BDA~1D=O?sUd<}g
zPL9(YWtpbC?7{1Di>-IUl6~Gpv7kj#K#7eM)PgHb-Dq(`%u#J4R=;lPV>J*}PbQ1!
zq{pP>s&z|h@y#saFkSsqUm|a1C8M>7&zp`wtT0)*@PC!$KaW9*!G@Ku;eXF}d?Ei;
z3^vVaqPE6$W*YX>6<Oh)y6KT~Hl4zyli&9<=c)PFuUOV%+>85tiSNae7dv!WHA*Hp
zqN7^Zdo%ml0T<@JetxNT3oe_};wnA%!WKilrpX}eC-D5*ZU|TxMU+`rXn}{-ZV$)+
zz`~xw%e5mwmfH6GBrG;1Qz8l1lo4G*L363<>vNS?T0K_x*9&a1hoioLS3<HUlJ&4z
zAGeU%VhP&A*O1#M3;y9|qmts|mAKfwy}fWj#Sfw%e2~VGvDxhpc;cgZD<x*dFI~mr
z?`ucMe;$%3wR6X(_mWZW`4&4{e_3kNlN5%OaX-BOw~R{>AhVvgOddVcXo5+hR;!p$
z5af1pNF-ZT*uNFYDTAu1P&bl!%Z*ND$WNoHTZxD?`4s8BaEk?Q{PktlCSji2bQZQ;
zUS`>6-TdKiSZo_b{O~9I#;754G;yV*F5=Zx^7%&?$b^=HU4dPAU4T~%qU(0LOp4^`
zCTbl}?y<cRu0S&U#?H@yO1e))<^t~r+JpcseDJq#thfqGtpC(iD&#vAzn@>CyPwEU
zzpRoPz6tJJ`GD*>c@Pq+YpxSw02*Ycm(KG67napuoD5w&=>=wIXAMrGEqM60^~;IS
zS_<#4&8`3{3go#&ZLO`tOfrqa(zBPphEh!uUiBzu%`hgW+K_4NEuWWhBH~4>w&%X?
zV{_af?Yp+AY6QjZcDTjG5f8nUpBG1qZ(InFG=I!;8C9f8XWX=?gZ||6ga?XUBF?G}
zCy2YVj*J$S?^!Fh*I%$UD2VvcJZE(ZIb8X`-gjY(KUaVEJ=rg+3f_gWI-|>m?D^My
zfkC^lyUdP~L*d9DLtQLP&#@;G-yE+o5-&fi6zGyCLH0&7A(hIrjX>5j8g8G}xAKHI
z7^8E>3WFJWE=qW0Zv;$Ha#}{z(Pm~D8%1h6+Zh2?d{8ujmz!?jZ9ILANfzn=yY$-l
zno5SG*N6BjfrO4Y%f9$s#$x+nOS#+7K4IR3eHA8Zk@}1d3p|2^iE18|UY-vHOb{Ls
zf`m&VYcm=Od_)0GSpY0@4NeWsRNrY~4VP50Fk((X%7NQUWCG7Xhj`U+yuP7m27a-}
zAs=ZBj^E>xRHex*;l(hn!Le{$<h6ZihxznlDbb;9WAAYRgIZynyk=@xabzcD{_ako
zn-|%!gY`Y7Nem-@^{i{YP7M3qT?hLmX6I-NA|Yn#e`rHWsUNO#8VTIinWG5=W&Azc
z=^-E_GJuX2wW_xCYHQUIM?%T+_*?-bPN>vH{n77rKkIJ{rpOklyTshj*)72O3)DT|
zGKX2{Z8Bf{ib73_%848q42I(f!vOR*Rm1g8iDVdiYI-sGz59t4F*v|hYrUv@(D1?*
zW8T=dBj*L*ZcZn(3^*u3#V+&JXwkxFuV+I_UsQo`L?6)hvh8zFZP#op&TJ`s75KQV
z6c3($!L_a-Un^I_#;Mv;euSHy1!`EXq}aI=Eq78`%MeOMES#y>Gn)p8(!z+*9bqR=
zKGuIoWmalujuI(t*<C~A6PF?-6|`YGNTKQ5RsQP7#}qtwH5R9*BJar!>)+*1C|Z36
znBi-H8CFYvy8JS#G@6qACZ+tOir@LX?6e`B=Xi}G+reM{b;v9Dk;13j?mZsKhk$uc
zAnu;_SfM*%rWzas_m$bWqjkZ$v)$Fx0Du2Dl=PhIsajqCFW-mfIIvv?cX=;^c>sZ+
z?&-n7(^{O_*JazAra)@#IMg!Z2J{|sy5htbQn}G$7wR3{BdJtA$%c0&klv(uQise{
z+B)oWXf95ReCwc+@W{5B8K)?BJQa3Pmj-m@a<%ToP@5F_K?G>TM~|@c6fn+~Rch%=
zFpX`0^hV~6ektHCjcBtmns}|4Bs;Op439s>P+nFRhSGJc-j{ePvShd!ODWSXp*ZL4
z?T2<cbl!tEAo4IuKe5=fk4L!Tr+<OIE1hm>BS7n@+&Pu$I^<I3U)0pHy^80Gn@CE2
zZuD(C&gC2s(IpVAHs|wRQ;js&IGyaGYHF>dDPA2<Bxo6H?w0Vm;*O8`Vrgq94hk&t
zL{lIUqD~6q56n!psmtt|N=Bp5C$ih}hMAFuOrMh77IPQz$91o)+#G4bRnopPKYUT3
z>`eVZB+%2pR_3^hG}!I3d6+e2m<W3cZuu~cDLtE-{++a%4!!!|NX#@`k1xOT5eAr3
zP`3%Mywkq1%9k1`mAwsoDLXjAPv@OHqgk%<lojEfWk|s@^)m4fTUQnwG5>UYPlscZ
zq=_;F6%?3W<IZyxnidW_ZUMHz%^;oGA+qM`R_)^GZv}fCFTXAwvoT6_p62=H=?}LV
zji(&-ExcS})^p*6f4#5PDAX}dnI`z-{N!>=D67a7WgJOkuco$F@n&oB)>?nlS(~3W
zsK7M}lzRN+@;;nV?m@7~F3I%FWxDRbWcq2S<hCyot=)TfS@^uUl9P}1JUxFr$US~9
z5fc?orn^x4ysPK~d?0Z!SJTuLUeQ7{aTuH21s53YcU!;V8)I#dC|pvOhlQ1RI}%fH
zpWZo)UDdTM^_jGCkK5GKUw^Gxmxw7p^O&v5To!xSpR4Zp%xqXyFG2Fg>nEr}B9`1O
zZ%4*iFDArOmwYtfGMu#fyfZL)Q}ewdnCY@<Dz^Tn8wp-)?900O_NWwVgTo_!Zw$D&
zF`I}B39f-q9;f*xpf1w2|1sm4;NN5nu^7TBqrBb!m!&575`qAk;s7YCKa+;z??jC!
zi$hQzAB~$LqXmL{{!?)enBsfM)YQ>~+5i6i`(ZIU|LD;a(26@b?3nZ19<g7{JtPJk
zh6<(CLLqo3Km<kzy=Uj8c~>Ywx#cRHiwqjw+2)ACY;b?p0Kmy-EAl==K*%~@*w5V;
z@jclXatB(JL}9+3z9gC-h50&7;fTcJiKmL|wg64tAfWFG*IX@$LnMa`f3{1&iTI|e
zSEtdBW!2Jv$l|pR5kGfHWT&ZEL%lkjOsHX4b-=;``MWMc(6X|T!lEsumg11G-R{jy
zlhMYNntN*j_<@hC*}uPcQdcBxOJ%*gS=#m_Qz()QC>DrUg7W|2;)jYZKcyuG2OFm1
zU+U`WvzV*MrIIU7O5Ds>xdx#|R*EQi<%mLzGdtu3r@5l56|#}{lpOK=?2Hh=J{{Xr
z-z-jF0vu@0+oYnr3uVedA5R960(>`D1eWs-o~PD(#z&D4DHwuIHYVB`iBPFxl2Y-K
zB!7w(Z2w%jva{{OpDo&M)!kuaJ(4;?YY*L~V^}ri>D`nX^j-3RUsciCa~3t|j3M)8
z-cRtTrl~@y^zv*)5<dRR1t24IfWIlglHrnGkyxNcc|=lp&0!^>Xb|w!|ASFfj;RJ1
z>;>2m5&5U_Ti;{`zpMMyU~#Z-<XqgmKsF6e%50Vf682U4sByD3T}nPsO3(C#g`#Jn
zPqxtuqgu?KysoAcpH&BgjK02^a%nK#T9r^68<9a;Z@u6ZMyoRX*IRdK4W|VZ4eU^$
ztk9r2>+Q}X`V-W?9#7UJw5~@Xwh4H9OUY&zLsKo~z_xe=z0+8bE`_~+s}%+MN9P6$
zZcdx^_LC1D{%$Y;?wfqb1vy^5t@wvfM+d@rqil<<N%Lozt&RZ}8SBj(kJF~d%@Oeh
z)`InB3vSJ07O${?NaZYwn*px&(MnM^&*KEPJVc8!hvm#b>#I=`65^G(&gYnnDDwW+
zdjo*TmfsCdgicseMNH>#6fh{Zij_%jeyR*Ew*IbNmP|7N--8CQZe!ZT+pUkDoFS{g
zlgQ`40_knE;dnkt{`XCC&39;onI7+@@tOh9NT$sXb=7hTYcG-_&NFW<tl3cNy{1hL
zE6_z3^s86Yr?FfSYWRqo!-;B(NJ#q5T=d(61!pj85>p=DiH6(<YfKZu-vPwL(U<t<
zuK72K%AO)eTrNd(LW8kf3ux~XmZU+EtC!S-qM{2(gP6Z)$UYN1eT7V@to7z3#uCby
z!v1G6?oySkx>%YgJo;c^0vo-9(0?J-|2KdM`EN+IuwxS4x}D}CRTW}LAYvi=GI^;X
zCMKp<$-;6+$!MD3xlRW)ffijv(H=F6#SBo}%mJPAEy8lu>UZims>o!xZg)3dJBUF#
zULC4?(wX|bM7zVs#-JeI`LGS0r+!k1>V+&*BSpS&v0MU(V7iP!v;r6vGk_q4hzQ44
zV+1oic3N7Rhd(zuZvC?i(>YE_zZDu5m=6}Vc6M1M+U;;6AKK_$a*>_imV7)eYC_vA
z3)_;(37?%OIW>oV*cNE@aB+B6-nlUvInn3%WPYyhUAQmIUOdp>^44E7djy6e5Psku
zC-o><JVqq^)TY)J3$Ztd91Vt56qcvcKCp?Nh0~j4^!vU~Q^N#DDSZJf+P(jgB_#)Z
zKzuz%{C@~^9zaDx_<&X?EeHMp(}f+eIUJt>9~#SOHqXaqtGKp#0q`_3AgUq8`I%~c
zANOV&6mx_Zu_jbV@0c6)L&Se(_G<u1Uqoa|>J3sBi@1aYtmhcC9^H`?f@f!ErMIAE
z4TKeaV;d(q76h?f-th;JAILnZEVt!WRJvJRPa2zwW%kE*=u1pYJPNu&;Ew~tP{1Fz
zjRJkqr3!ONc;vBdnIe^uLw~-_Vcl$vCf8vsjc;#QPUI$`W^?7p`0r1%b-F^WfspW`
z?G?TYi(sgB@GQGx^;CtCf&nh5vr8>7)qT-|4<SF&$=pib8<}m8Irpx%LAF0@R@1{>
z6s8lzGx8=OIF?mZtH*jpoToPsA~W)=neX|Fybll-8AJ2pSQ$<k3c%ScTA>zA4l&;i
za2sU{etG)Kl>d<e;)Wpv;(ajlZ$$s4`}_b-KcO#CpC@F2qu0WoVj)J5DSYvIfpsP<
z=?s{1t=D>U6lmpzVR8Ug-kPm95<zKDkCa}2Fj!ShZ6gMe_VMG#z6|j+#i9DS1trdv
zZ@UUpl{x`~kczgPbbJTi50LI6*Xe&kS^`6xB&4LIZM!nv-xa;d=kpayLUmehz)FR_
z6V!IWL4fYXO@4~(k3ym)ZsigOnjYQEKzZw(JQl!wRNemkIA-SltnMO+>&}B64kekW
zS@;x8vGf%mx3&U91OLjQbIb3sSsYN(FNlH+_LIsgJca&d29Tr54FgdxgqeCO`sj~G
z#2EuP2vLSoS%!o2<Fxgq1(5se)cqO^l#oM+sV~(U`T%nOm7X6b8u(wpbdSunty!4e
zVl!F{|IY%I@=v>lxT<W%A$N4rkkQ=?J2tyah+a>l%k{I&cCAJXI@eIsXdsv>nB+V>
zm;8bje9utGHVivU8oq^GpR?b8)E_@7_~#Y=pa0VmfkY?Ia)H6B5UT7iGk>wbFRwkJ
z6y2$LS=x34bTwK(qXXuV3I5L%=r1rC;{m$`2`z2tT3?(X09cPpWZ54sjh5+ALAnnP
zpk<T>+{Z=_5}-~K!T@b&nReI;X+c2BhDBvAH0R(x{V!DHF9F%FA7bLbfsS#yr*`@s
z3l)F*^;OOnyD<vm0mDLy9U`^+cLc5*p$y@O;VNf93kB+xLM5r*-cP0`Cp&3vUD#c3
znBks29h~3?;*vPJkR8Av8WqNZEJyu!T$}ahhW|qM{>WJU<7;(H!P7qN-L~xf#;tsh
z{S|i2dH)W(em(wkSQzr@_C(Mmhb<_+1fH3TR9C9kTEp&6m38Q|K-zZyZ};FSGTnNk
z=D+N&eBjbNBmd|RW=XlKE&JmpO4A`+aooAE#WQO_AS0yCiL-Pd%zJ5R8StkEP^!Tt
z0|l-0S}uCPHfIl50b8TU5k<J5Ky6#`EALf;%m(Zqll)JX3o!?rWiYHmv%HV==}+As
z=VLtBgZ7$q1xj+lW-Tqp1d)v=zdntF3_v_I$R_fHv80fh5-4v`>tU_j|Jz;~KnyV!
zDfQ8xu=a}r-_Mb&Kn8rZMmLE}Bf0$iE(w#R?_JBKAG&TH(~Ifd*70UWY!is3puYPE
z2^h$j`%3tJefmo)WE(}HH&1XLyifdw$DH0V<-z&?wC8_*Lks_KRlsS*|GF?ncRrfv
zkCXa*3cmm0*dCBU1FVkIbT88WIlnqjA-nEl(rFn6$!;^o`+rPNB(2U*DkA>*=>M9@
zJ6^EDIuBA_{aI9;7H~fwj+s9G|M!>0{y+WYKh#fUmr;2as_pqJ{4^wms?;i7r6r>O
zEHD{l0y!e-0h%%=v;k}JueUHusY0*)%QN$riV*U{muDi}H3PY`c74UjZLR+<B@WUT
zz``cQ7@{!R;cdCn8Inz}+m$7eG#t1+;rrNbAQ2;Kj$}fFWSeGt^yvH;Sv8S2TEBpZ
zdz>Yr<mEq`H40XPhM`=NDFYfuXe6Z6_Qg1uAZ^r;{5w+lzgAcZ2fPrOhp&>ZV9AT$
z)>8Zy%8z=eCl7IIwUW+gF-RL*Msm;uU^oWdAsji3mdZHr|5#-n#Deqo54M%C!F%uh
zdhdJ3d6!qHf41j;pQertJdy^sQ@~$lmtaPysWMo9-)5cEvNHIZn!1=Vr44sUKcA;r
z>&=Qwbgncn!?y|W`IT7VAw(}_C$Qhz{xO|bkTtiU>=eU%_;lF%CO^TwqKM06AFuqc
zFa6&&?-k^(8G7OG8)LRlt^MasZK248bu6^L0muX3N0v^HeodIq3+N4DIK+g4Q~8i<
z`J@Y@q(|)Jv*95)J*7qV_SgUHmo((4%R=#<q9A?75%cbvW>LJpk~#VGp5XW2{-38m
zMC{~&4#(UD#-1Y9CjEQMzxzEU-iudLRqYz<V~`_5fPbELa8Ueij@in)`&2rYbpR?t
zDVo?=diY4!f7P%Qn4kV^rVg57ehC3Fdgr(!)GO`ZI+tJaCBWCoZ|W%0_C!qI%vNE0
zVx)1uZNIPi+d}`(FJ+$q9e$nP?J_aJf*$Z6V#*wXWJNI@E8n+o->&@p8JtR)nwm<?
z%p5)GO;=~ms7n#TCIc2^)B-IRS`&{Pyv+!P$UiKdLL`veMi}l?n)kt1dMpZ~^^d#T
z5`9iEHoqPE|C$0f4jH1PX*q9nG^#DK(VxZIeitm}^Rf)Ss-Ilk+QJqWT|pttG(qX}
ztG9&Y1OgsShy+Kt25g_ZPeUt)JRvL{Mr`XP>i@hPghw(SCK7n5*l)QNR>fzhDoYKX
zod1`n<0Jp`^bk8(tG~Tip>Lnn<B3VvI%C4#V7=*rU?-+lLdBMsmq=JyWAW1PHVt^b
z_Bs)s_;mTctVy+Oc!#Mp1pmiB{HBKceV>^?JlpQAi&~yLj+o&5FZ<A#xJFq1AGy-M
z-tGG~Uh=HIH}#>-?t}KfZbOI)YG*v=v7a$JP0sf-B&Fc!fD}F#bnyP1Ey8%k(NFz-
z<t=lyWB$1a48bFF4R8R~9dh=|f1UjkN3Im?|8w{MS?*5q-zFJ})x!RFnL_b#9{Z6?
zh~`V`!28}%84UEn%#lrqz&uuBe*}TN^e$yFM?U$5cKa9rxvsKts0tttMEdnWSDF2^
zBUIAhIu%Ya3svVgk5y~=&i9`f9fkaUs511<8{@75pEy-nYsF{$vw^`D5?m68Ck#U)
z)mhg2r49>^Z5?(y`)1_M&|QhXYBg(<!wnSpuuZW{cG6q~71{MKe6VE~Ddd{^A@!g9
zm-}bLKlXGXY_5&?=Y_wB3USw{cYDZ4jD+9b-soJf_Mr9PtFmOl621O2&$9;F?^<h<
zS-p%Rz>%<h+I^Gna+^6{g-j$yNL9om;Lpq3vT=2qS8o0T$}hlKr(E3elkNXOv}kLB
z>hdK?&X^7j7HU&CnL7tcw#kWOYJH4%Vq;?~jdp%B?^`&BpsgRAf2v#Kl>T_M`dy;z
zx;ty>Zit-V=JcY`r_(Uiv>lc*nKpUU9G%^lSGfa8oLQ^*@*5+Wc#*12IW!^vCHOxu
zge7L0#uat0n5Frve8|0qo2*Kun~0G$AbMIDA4NrE=@14kZ|uU2$I!IT{u|{IuA?Ah
zia~^3#_|+m^4+1pt(4FIUD?z3F+6G}yThB%*<LW~ih^R#D?^kd_`Z94CACW=-UmH$
zz*Ma%lzAq182FjWnO|lt*034&l91HIbgupb-6zqk;$lgH9=wkKon<!-p((Y@`WY2r
zhi>%fVGm+)I`zIB(Cs;9ku2!1=xh^l;((wd`_WI}{)JM;gnYJ4!)k8rt#<m$6#V&n
z9u9cT2EP*8;a83d{XL#<yYh%YGHPH&jgBZp_64xw4-TfZNYD0pJ$D-^)fJIZ#YP48
z4Q8Q@Pzli}_Cx?BTj(q^8lifly}V3Ep1G8zO-~Wz_57W9qWTkr<4xoYfGy0J{I-P?
zz{bYP>eZNZRgnK_|Dy!IA4&#5XobYZ^|!5qv<fm6BxVyvd5Jil@f`mmBM@8J{WHT$
zV##6mEjMWm%G>TQdDh0eG#LBzIgfM)BHZzK@eP)%;(B?s4K%eD;pSyecXPvgD5K(&
zmb|8GlIb!OqxFBB#yx%>_-}OZ0D3s#pVhDy^#7L!trQ3aIg<F36SegWs)(xMdiZ*J
zgN#qhGW#i1%;)bwb|hOiXSm$qm~gs8+q(+`C{TIT+FS>N_yRYdurQs$NIov#|JVM%
zhwMLCo38fu_K(QBzyo&i6Tt!Ce!QuAU4D*Cb}<3~f29!xVaw=ua)`x*`k+%vVe@;C
ze8^+x3C^6c{pItSPS+GXd_zK{=#$+v#2AQ(h+fm#Le*3=kBnr&p0uq$A_nu?GDIB6
zV6g%T|1OsKsci<+HA9F<)5ShNYsF!CKo#bkmoe53@r^jMNkU^EIejD=AtUx=Ks>uO
z!kH?IeT29%Gf6(tcskFWItdztjquZZUi?2t9};I-6aDh3G;>3#ynlZGg`5ZC67YIH
z9MaOGA^SVSYHIm)rQki)fr9$QAZJ?x(TqnyM~_+w0Q^Z3kZ}qixG)k*;5PJ&K@Qs!
zxZ9XGNcSmlH@2Vv3qlmPwDTXLxG~vNO6h=jwK<X_Dd@TC*U2QjO9YTGh5T2Ta=*&P
zgDD~$-N^u&M)(!3+Z0n9=QURP3yt^XSoJ~xX`b|&$svp#9xeUmEvrbOrsksc?G?jx
z@tv7pU?7A3L`{#=O2`6l(*ClHsA7;!y52zI&=j5C$))g$tt4c^T=awCx3z$xz3+W}
z3Cb0wVvpe+VaY-$d3-Kqs|#Ob87UMEgD&-ES6Ii^7R({QJ?03H<;s?4BLMbTzteWf
zp9S0y;yjR63Bs{Gf9)GksK$k3XJ_YU|LT37d|^7^xC%{b;&O08&&=)=v<CX8S5CLA
zaE*GzoDveQYyC~&49XTI_D@fbo2ZaDRT|6YNb8a+<)Q%mu|E$F&&EYbTDj9XrFPH6
z%Hg>hx`p_~<>gRXr_l8AzG>KcTqf>Iu*RQ|KPq%mJgExb9Wdq)S+|RiI+Slw4t39a
z<f)2~l28`rdS5!$mMZ5LD)W%2JCXyFqxRm1a`!n7o0CfJNWr(A{m$Gp>)iu}wBz!w
z1b^X1DdB2uTf!%Hg1Ds40wG}7?ydr{mK551Ac=!%`kSY(L;TTT34`F~S{Jv{dLY8Q
zPy{s%$GDlbW#{kdvR|OBPU_$HW;DeQzQ5;__7&tDx{LKJjU1w%<0bmLk)^k_E`oG2
zo*Ab2H59hZ{s-I2%JPqQNhnw*EdER%9s<po67sjSI_A=2C%Qn1IOYC!UkzYaG6zIR
zUm_uiqf@FT1GQ>@%<gd$0&)`ZqP+ayoMM(-3i*oSdGfF$)nLNwE4YSP5o;``grxAW
zr%;c_MAk`gap!-sA5tpE$9wYgYmcKmCsnb4fi|e^tAd0Dt}@sUyI_$4jU_*a(`jU1
zmDvKAe^u5QM4fP`vO@2UV=8)&p;!FfY^^sby;DL>vv<-$x-+X^g!C;UBDYLqqOoM#
z>|w;WtqC)3EY?Qe7tNj(C5W$I3pd@e#!+f8Qa(5b>OvCN&V=Lp`uQvgtTukGcLrWk
z7OAoKK)=g_y2R@}_Rc4#ezUU8lTDe}(vzjA$V(=(`LFXx6Ps@)Upl(OJWsE%>f_^I
z0-R*@PUBR*Wel5{VsZY**=3yjzj?yaW=|pzA(al~hip$&4B2W6cHAjmz&w4A>-{N-
ziNMy^`Fsg$`Z&wtJ?q4=+ep$4<~7ERydKTs>TOhxY=X3EpeQUdd?cmN7@I6XU44yi
zLn~Df&)cDShkL2fM=ecivIZKSP<M5FA-GgM(qy8d+gHc~=mvjW3B<(&{7Ne{wc2Me
zd!PQvdT_K6B@3fy+l|%d$WOpUT=b3<Ow8rs2ZfZfKWsEm9_<iRRI3qb>Q6jXZuQMU
zB|ORmt?Pv8atD87lfZ>y>PibKsgP#U<tRiDryRdN2K*1=w^uHNdc}YY0~bf_=(V1E
z3f*fEaeq)2B3JJYG6wLoS2XW^UJiV)NG)j~CHL^%*}?$hJ=W?#9WGN_^VdyAwSY7o
zt^6u#GJ<XbROw!xVjt8Pmm95%D_5I0W<HXTpnA=v`SoUJ2?}ip@It1t*H}SHVvZ%k
zA3x%Vz2Xwbr^P(D<kk{#5jMBBMls#B>eA8AUTh(VqEt_=v2v5i?a@|lUw`3;LLv;h
z7Kr2ZCc185oCd|3Em&1m&1039>h@+IuE#TsP>j0xMzP)=cFBe~wLMRv$metcZ6d#N
z_z1hMW$pV?>*k1Su*Io=bJFpo+F6T_p!M#RTz3o|`sGz*=4{Qb&MA&2h2`ud&1OGU
z!Lb5hQ|Vrj(cC2eIn3|(%@=8$2wrlrng66mt@tD7?tFzzlK2~k-*l-iXUFRUs}(m5
zb#|u?J|J38r~0zPQYw>G#M&)Bw)DfR0aMyF$=P~a76(hw`TIt)>AdM^wHf~Hx{kdh
zGe<RsaHWHBr%1I-e+Zd(V?wPN0bP)lsUc%B#+1+1o7Co1V%c)QuY_Y;lFuIf%9bs_
zws)3<+?z`#HkLh8J~}$`G%g+*?yuhfKhUCpq6v_az%W#y#`t4gU!L(n?kR2=M*^9l
zI!pDE*z5ypMNwyhQ5qjP#NsNuWc6m{1i>#~i^Ssf!RRqVTnp1@HrpMc43Vf5(0G9d
z^W9mQEL+Oaz&oJ9#CO$I*=ph~eAboH+GA(UQ`<?5nWK+`^K=mo4lBz;EcF<=b+RKa
z3Zt8vfoIAF10LrCDS*kIr#>ZvU*=YK%o!3K8~qN57W}9wX=(j>0rL*ok^oST-y29^
z6I_tEmFEhNQowzEw<>g46E3)Rd(m<Z3e5&C4ojUrA!#{4^a%w!iMzqkRzlU7K4JWj
zYj-3FkhKtAb2=QQmy2dsCw!7pyML$=oQFtasaS4~yE|K>)*cZ>sa7i;#<URL1&VFM
z!vt<5{3}aKJiK1d(x93f82op<o@4PKy!F`VVM#q$zW_Jr=KW5>6K9k*^bU>B9)rC5
zSUme;!QbE%-#;e*jPjlvnt!vw7YeTpDwUX@wNs;3I3hE7*okgb@)0hq$Af!^vi=gM
z8WBo`(7Kt01DYzf(>^=fmY+9!4J0z0SsU5JjRc^}x$ppEK6anTjgusCg0Ekp3&XW=
z+KfW<&HW}3%s{A#x|2JQqazi227j&KM;6gAo<t6f#jX?0AJDZ}Pb3zrulD>L+;XOb
z2cr8~ByzDpUTamo)>#!EQ=@>Np<9WaD1pm7@r57aK&A99laWk{Uu^Zw<bH?#er|`l
z+SCl5lbUQ7U<Fh5&y`KJg;iSZO{6Q=yVO8C)MUj~HXg0O)$J~HNS$NU!&GComa@@1
zr^^9KP@PkkGYnAw85w*4rOwZd1yb=1xgIF(zlK@w^Ld)eA>>1sR=0MLuZRb_{}<3w
zfVX+3^%{zVLj0thIs~0oMCj>r40aDwxDxTAb4Nl0lS{;!FHd<D^7UyJHwlUkZjkxG
zun?G%x=#VxRqrOzt4v0-L!OCrnk;*)$K@#$4g-h^kdZBr(bp%gFupA9y<3esh3F*b
zs#Lv=0I}-PN*6D<o-(zYw|gbHZu#u?=NahjG71{;Tbz$!<Cd2^^iOGTueOUAO~$KM
zjd-u2?Jb__y{LHgGSrh)Hk-I^F*smxaq-A;rgFgm2sRzP=IRys4#wU`b7W+u{KlRk
ze4mTfXT`Sl(n@7W@oOwLFA3!dh?etmSgU;aFz2LgxD3r7GcE0{cQu_Xb=PxfgK3_)
z1ox?Rvwa(dW@bH4UkQ%WXRAF)LCnVMpeN#ywYBY)Qfs{{0N6qz9l&U1##o;G>+Vyg
z{-@ijSZ?4ZZKl)WthJ+xgn6+cf`lYMW1lx}lI?J;ml4x+f5+y+wXM?7MQ=WcNUBtt
zju;{choptQxX3szIbVG!Gg_&}7Q<w>_h!1>!aYUxaJ^Te-9;3TNzjFFd%F0eQ>6kB
z%`3>$4y?vp8>kOKTLtm$RMT+WI}U?yNe3~LR9-@6vHPbxro>f^AChn%jpa*)6~aAS
zPjRnolN>iO2We(7EwpU)`s9Y<)j|i^=Hl%W7~b4^NtPdy{Sv3nex>jOJ|#3I<(9Lg
zes$=2`q;`;;koP@N^4m2_8u?txjqtC*(?W856N@=7v+w4fDN^kjMdC{uO!n8+5`WT
zgT6OFkGgg>G&s7M1#u8kx_9vHYfvg~_(Mxe$49?u=2H)YMW#m}+nsJ$Ja}2s5pOrY
zNyz_YJaB1gZv-?$H{;AcDWZ2>D_0mw0Uu#fxjJa;c6*8*h<%^){^MlwdtM8lIfcq3
zCNoN);v0^_tBmmdYa59Sp@;-)Zf`_oZV-eGl4<dM7=Q5iCWtCPp7d!kXN_(fug68&
z-ezmmSKajzRYYYQp3^vqPVbuy<DQrR#CkwLE9EP_N`fQz;4uu0vWM4>!FF$#Hj2%9
z<)W`-GhhG80$mkeA-sey4PLrFVK+HDiDj)5lb84#)TI|g-b%>8j=F!_(d|EWbao|o
zdE@CXp0E&EwLM;#(dLhyn`)l~%x1|(D<Wj_Lc`@Y@Y!;2N~re>44pCMYbb#hfj}UW
z8l%;5X5z&<(s-fl=)rDvMIZQ<V_34C3AEPJaCyCZZcKP4nR|pMvoAW}G<ATu;Znu=
z?Ys&WYqzt+KUQL~I>6;mHR9v;T_xl05sZKFXbNrBgwsCIB3nc2QCa*!@$`cHOJs{m
zCw1>cOW}x_#%ulw_8h!1IGKX+ij^B<2T@}do^lCvzO(794{=^_3S-Sb7HS;5n<Wf2
z^hKV&^6-TndXMpMO+Py9Gb^Ze4aIK<DgA8;y%Xo&je1$Mslo6T9vP{7s!1NL?2r_S
zgh2cRfP?{ceYV~HdE26Ov1-=FhW;iCH8ruM{cx8A`KzUJn{6~)YUekZ!N-%BI91Q#
z;FeVUka&_0dKQ<GSs$%-hVc6ML+RXs_MQI0&kpZ-M+;o1Pb*i>iak#jei)2Mt1tc#
z47@&Ha2qMs<kjW6X^E(uop)>mBAnKzTd2ZRJe_OZ5k0h&PEW360nlH3d>46ntlq)O
zaV;h@_5K8pUek4I4(wQlpm3umLLi8&E8oJL6XJig)l5CL)a#A+ghQni&lyQany=p*
z_Qijq!z?LRBy=c=v_!|ZmcZ&d`BRQY<3}^75}7JR^z`m9Abq9Z^`&8ZQZ}G*J70V!
z+sq8oYJ(9NndNq|l_)YGa){SD7SvGn3DIpI9d(IaJP~o+qNy-|%jHTGP8gF9G!9aM
z2!Ms%2jN@}CsB5{Md$j;9O;ZopCe-j6wv^;1XhXR8MWGOSB@V8a@VKLtw3>aWV+(;
z+_FHWNuZ72$5ebIQ{0PMD)c)7;(-ekRgm$AFF(G}-W*5nSGLDV-dSE|n_kz_E<}RS
z)w4rZYn(^Td{1yv;Qq7C0sm~X4t&t&-?}HWDA?vVray^Lu|eFXz4XAt@+{1zjlMpZ
zTi6G=K`xrvW{ZAv%qz+O<dr8=dPz$4nBzqnNsgym6#V{gq-zw4&VBf8NL^@l;Yp>-
zv+GyQTbKEWIU|^z7wh)VP;diyb<n&IRm$~4>c{=zS=<{)T`yPBfyN7}(tNoA-J)lS
z|C^|W6ql1BZ?q!c!t&MrEYTQYuz6AH<BY}^ftlh7q#Y~RVzKlo0Q3wO$HHg)CJ+dS
zdX&x^k*ve(IRItG0LL?Di8BVXd3F#xe@W4pjfV734=1?Zsk|UnR75^~!&R>VhayLT
zMxOa0!E3T*^Y*&^AO(X~Csiv&S7*%XJ~7h=b3&GG#08X2C~BryqFwIJ)NfinEI>gi
zMSZCUJ)Y5IRtV7dGg`})ND~+?6h6}JDReMkKvABv=TThWx)6?D&jon*Tt>47rD*+;
zk9ndhXKZ+)<y$aSAg*xb!J*Lv<sjG6!DyI&x8#EPq0JzWEDNG~*ZWs0{@~Ta3XP-5
z2kO%nHKn?nAs1yjhc8o`5eXePX@8Kr;Reqx@tL6zHeM`=j8^2W1+IPnatjD7zuWiB
z@Z0A(Y-U91+yM=Yjq82AuI)$)jm-W8ww`Slo_Z$x&Y$)sdGZCqfIKG|T)874{o~7S
zG%fw6uG*=^hsLh#U9~-u6?DSW`n>UKi_Bl)y~1?kL9;)e&MDil7YO&d5l4;$&fWP#
zKmZXw|MvbuJL;(f^R)C992LOhy|U1Bhb(*wGz^T?=23+1kESdM!0pVmtWX+(&t4Ik
zrzqyg)!=;iM(uf%PF^I*5hzthPVKzu<#cnRsv`r)iWu4v5Sx-1$?x`{Gnoktf@|QJ
zQw%8iNCm!TSUK23BdpbSwu41Bo2~v(XLoOaP}a+3yF<KtyKcst(0V}>)xoE?3w&8|
zeD%YJG7z=}*`C0zzvlk=^T12VC!qCnwezys{7-oQ5CK{8ng9V|*=DYcI%H&t;7xZ8
zHanr?9NZ6_COp6jG4%Q2qa4$@+TrcVY$<#LFoMrG!AwstyJnTWs#0azWi)m+lqLum
zI9>t8+o-<E<#rbyR8rYsT@I&45l|3f@X)SAr@aKnC*v*0e8g@f&?qna<U&*g4tjd!
z?t<IrXa7Ii-a4qtF8&v_DWyZCq`O5Lq>)Z(kOq<NRw)6cq(P7l>F%wYl$36e?(R*U
zwZV9Q=iD=M|G0O?d1sHl1N(W_`mXhjPb_%Ap)27#mNiaY71ZT%?2ssZ{LvQ`8k8KS
zhkem1x&Uz%bX+F(?E_R4^`JnwqSRCcpzapvRAWY$x|34hCk*F*9jRy5D$Ye0%_2p_
zvVSf<ELP>lPF;$!2Y<gkUItLEDeJnyl(g3kCI_!HYaEI*zQR)T8oiByd{la|A+dL$
zkm_!FQ8&>Xz5eWIsj1mO8%F!<06_?D%9s8ig`WV?kR>mOzh=X$%F23?G~fEP>XjhC
zG*a#$-C897;u|=V1vTH})SA6Xqh5St(6uzAQ=TTWwEp@$N=YPo<4XsE;rE}HY}Yx+
zCq}+Zls|v@iv?_cz%58tDf6|{Eqm5Y^F`aQJ@m}T3RPCbGOP=BgX<1b)P(TkYO%oA
zWt?s@iCjDEbUHO<*aQtHiv-UNzK#J)_H>~1GiEtnY)I|45T#~xGXEpF-x_jmf=;z6
z766mWRV!o?rVWkMpjRtM$7j#%u&8HY&9S7GNt85}ib)w6Q6H<cPWIwzbOc8<4M3wC
z@pE#R;+j%L;rRyMYpN<HdnvAOAUU+IQY2~neD>!BWH}{@i<O3kF^W#@d2}+j>xWIz
zSE***lH|hND3zIP6sP2**hAFyS<S&q-F*iZi#Q9Q5x|dcvh?!sWX)S}xeyDhrI;rC
zh%k}LTOjao%e&6nWv|O=U_K|yXtX3l8h9B+?P^}8nfEUaES3)&Mc49!KsejMqEZYY
z99<yZ_BnE2k&PK<xW7JdV(HrDo@uU3O|bd_pEm?33`oq(#F+njbK%b>VTC!jWv-w4
z^$=7TZFFg<h{x1#mk{_Q@Jmd-w5>Utbscl;P-)Z%(dO>wRRok%%DleNXKzoWXBV6N
zkgA%T7cwm19H>3;#r}4j_hMmbnfuD7i(?+Ul2WXChLkEYDrz*9E%u#|rZ;!~tSDIT
zu-!WY++TT|WnF_`-u!p^x!}PMI;O9D)*mS&*#Y2%U!H(GHX2+!nD`Z($XJk5E8K<d
z&k5lCl9;Tu(2pkaWKkI}Dq@)dSldaH9>L2x#F@M(ApidcAaG34shBiMd`)^TNOeyE
zhN!nKJk6+qU*AA!oGxMRfeEz_KRw`BLzQyJcpJe08%11u<S~35UxpzLYRjPv5;`qX
zOa@iyKmNpTYSpgxrKpp)Odb)B<drVYXg`^|s7w?c$0VjMcB3z+m}g%lujed{*kpA+
z^V2~NkU!e}&L1=6B_FE6g$i~y-LbK;C0SXWS0;(K9@c<^IeK3S#nQXTY2%S*iA#7&
zqV>J|gfi`O4hGPsP}pHs$z^qS^8TnOkIVM6x{H1M&4)nl{H;ojjQQxs8HqQx9^r|Y
zpl^})`yxnsr&jf@Da`zYO~iHBxuzdWo=<3<+kI?+7T7`y`tO4MuRQ5?U<@p$%$kug
zFrUR>&h`vO03R7T!Odya(@9zxnS`gYJnxxzfl;2n)pUcbR^{u!O5)e-n22xQIHQ{#
zJ9)P2u!TM`+3RG)_F|hbP=A(t<JH(HetQIUaAzqnl<6-(#bMBU7Hyqe`MH~<>ZN%P
z-T@Ea^ON@Z7+3cfXJT1SkB(~m+b<{6BUxC1Y26doc0BBdvErJud3d^7_QJ&fcEX!C
z7Iy}OK-Z<fR@CC}seDQK<xu*9S7e+W)Vw!mduGM<jPJV0lyxChKmPUPZ6qdT$@eK5
znX|=&I9zK^fPR(3R2w`5O0@&PcD&YdREx}Ab{?R+OU(c#m6l3I<!R}!?fsR0C(9Ri
z33V&<APuY0D(;7<k?_M+lVuiq?<PAk7XEE_QKO#sXtT4+(CSibS6<=ydkWEcqv<r^
zjocCvlPSurXaw2CSz?D(Z7aKeEH$3=!fwK{$)w~s4B8*m_uD*)`RkaIsKrGjyu5A;
z#aDd0it=&yt|*qx%}IBlBeG^(?(ltu#yN>ki6WNA@l{+aSuu%MtnsqHU+|XqPl?6J
zT0Ch0%}a$`j)_pq5#m{P^p^J2KNjdvAEN-~0ppvDuO_OB^GGl-NbA|BYMp!fF4|@q
z@69Chwpfp3vzA+5Mib6moO6LG69Eygn~H}%C0bOWLK56yh_L@2dW<KV)qUXX-C}^I
z2lzD4f>w@scAY5lbt=Wn1j*`H7SkhAQU)aVd+w7U7gk`kc#{bWkj&*qryom*Po+%N
zPnFMq4NeEX-|eBTHiKTy$XLnl7k6iL&Qv)Z4XDmxUXn+fljZX>w}9omJEHFp<8xKr
zY_bP6c#ff{XKrCuXYM|?`tK@@wiwem2TtG`S|VZXMg5>}3OF$OTs4B=@On+L#%>ka
zxHB#gIkH3ERd^5BKx<bx^=Sq*;9IVQGIOaow7kZD;M)8O=aVY~u3%9&jg{c(kw#GU
zM%*;D{6GQuh2A&Aor`yO_g04W${@-Q?#=$k6Z6^QQKW1iC-4A7{P+Hj6SgsKy@Je>
zFV=L)xX54=lX1lz+_V}0<QwuDQ}VeY8NvKVXw%Ldbz9?6Y%S}+>R>BE>eHK=#<>-W
zii!i7vKC+aS}TDZ>KD^wPdStOL_EN5YbhBUh*_ZTF_QCP+P=>j*0tChkwhpQNc=o=
zS3lJ!Ojffi58CvS^cJ0F$p_r{(U!5+mZ`LUAc^LQ;iZ$@cjunc52b}b!41m8^fqFg
zu0)V9y_mjEm>{<!S-N$(f$eljoXO>OeHR_5+@D3!Tj=Vk-o^DTiVf{oB;BRg(cF`a
zjb&jq?bd!`v~1HJ`Ge+(;`!LCt&kn}hT(+V7x}sV#V6GU&GP$umoG*bEGB{I^-x`P
z7h6=d?VNZ#r*lP3xd+|FCh#L|41HkR3}0@oax0Op1VIb^MuTpl+Xz3S=tJv^G>~n9
z=33b7oe}z3_WGpEusYJGmPq4x;(l~E5ylljzg}T3YE>oAgf(G9HM72=3-%;~p_(J~
zL#~x@GQ_j^Z9(#0XHu0&fE=(ky3NfOJOElm<Pe6)Fn*f9un>S;kR-mfnur6uyk|Zt
z{_T)?gn|y)Nzy`r1~9Wmr>Z%;lTxk&dSg;XjdhB#BbC;Aw3tSxUT3z%Kq~hQ^Mk-f
zbb+IZJ+`f1-+iE8!*EySr=1QHN69|S7>MvXrq$hVK?Wil%$1R&fUu7pfE!N@P4_o+
z%CLkByaf<GHGujeDcO8kAMhT^R`db*S|DBv^EglZ)Go~|lPKsd(3O0d)?lHXkoZOe
zxD%`sLfPam-bIocQqAZ{quj=$u8W_-AdO{4vVQMjNnfni#OI2lAX!1^KU>S%>#%bM
zA@j9QC!PMliJor$)yfIgBpFigtcNtWzko*Er08;t!{dFyM}$Xw@zm-}R_}FHcO)%)
zxyK0(zFn+{z}F_?dzU9m)?*DD&af{%0c`Grxlv^vqe`mHi>5%MWF<;XOZoddzgZ+~
z%W~)8<MsTlm8|5H&Nz00^%{>8%zWMQARv8g(pK5vx|4wmx1m`vS9Fb==K+nK)UJf5
znui~UHn6?jp-qoCEEJD6`Hk4M_9{1-bIw%UO*gz(b4-^%f)4TIHnGdb*kEo4g?CAj
z9l-WuV@8Piw@lT$bIM-AIw+2O?tx_Rhs0w^7m2*F)JHhE>S5~HZM3^Eq8giRJ{@k)
zs8#0yKC+AAV>F)AVaU@5^h)_GsxCEr89nje6}<LlWyc^Uf;s~FT8Znj(57&p*#BKP
z9?>3XkUVkjM)R-!^*^G10r4v8m8~AIu>HAx-Z;aP|E-F?^C2O)Y4d3^-98PH!`2Ql
z4hBNQ%xsur%YGrPl<z&+O>h8+qTc0l+c(31wFNT$C$9$DTu4KrVxBE>0Fy_}I+t+K
zENcQ{VkQ{A7)bl0j8|K=tR24qO#YAYdZ_X&`V4FMC;C}owXqjDN`B%W9?~wk&p_|u
zXPyk@YxPkbqyc9WP?wov)NBiYd2c|=$5VBjaIfy?3(cet1kV((Xn+<<Au#bUl7>{>
zxXF%!b?~)E|1(LT;1Dt9fn#3bD6hsBvsMY{(N=4FQOb~GryCl$fp)KMAa~fgsjXu;
znIG*}L?IF)B3XU?OUwX6xq|tE9d2L8w`X_LN9&Snz0NfwGQ)rxF7g9L%5m)~7oqiP
zX6hVIDYe6Ur>@DadyBF>&P)s$wl6)vO^tw*jw&UqVP~9DHFD~38f32*^gMy|J)21n
zg~W$Cw*&*j*WR?PLZ2e?AEC@sdtOwZ8T10_db6f&eTNz7i4g(G?f;_3DP*pi-?1#z
zk$-Ep*ccGmaUVfpiB1*25hq`9;<P>y^{ziNgS!+WkD*8=KS1CY_<A^&)sQg-5fp|(
zpy87VlqD2%lu}gkH65kj3!-{YfIa8>vVDVVWxPbe`W)s6mHw&Q9>dH$n63C}bts=+
z<Po??LxJQd1N0Gb_=YwHUQJ&#0txS-VXjI}MA;l@P68nMqcMmz$wFtGGBO&Fi2z)L
zj86-ot(>+6Nv13uL<8{;4MwX2YfoO+n1R#tGIIYJfD1eTn}r$-UZosE<v+n)G}2MF
zX3RyxGH*VG_mrj^3-N3I)c?wufZcG@ae3r<_c@Rf*&l7%$((=l{BL9K&6~>W64q@E
z`8(5}Wa(`r6-bt7EhX$id!V9n(zuLa$v45=-;1J9X7{>qiZzOp<?RB6W!kS_4#HnJ
z-*e>^Q!9lbTDC)LYn=_VrDM8LAAkr#eI)Rj3y1MVr`35?6<0i~VGW{k<&Z*acm<yt
z?y>E%Vbt}zY3+%kk5Ts_RjG5aH4f>L7tqFMsuKY3d01hyEpcN9;1bHjmUDP?7@(J3
z7%4^Jop9}R`$9;T3D}h4Lsz$$e7)ZCA5qRunJ;_eIx9b@lOqu`z0YyZPnJkbTHaRw
z=h25T6qfQ<CkEH<`wIQ5B*UPfaZT&jC3!g05yePP{t#epxa~_CTi-nXWqu22abl5f
zO7+8aj~e|S5aSmBsuR#kwCC|U%f6q#zWkVB$YQ#nemhM4W1ja-doDp-T&uCNUK8gD
zkVaSZi5O(cXd==Tw9VFmmcCT)WPwiYeap4MuM+2{Xko5|kK#o{wWuqM=i3z7+ySOS
z>ERE~f-+S@qptWU9?+W*dq+yDp;~b^za7l$hu6pqIfjN6LTsbeY;0H#HpXMxV+x;v
zR#cb{TLOr>wc6HlBskh0Dkkqw3$}>R)fN%N*X6kXN6|EsoJCVqw=EfR!!JND^X+X|
zg4IPV%bx@72BHh^O~>xr`l*$L*z12UPDxsj-9#$QWerqq$G%tSraf5KpD=o?kRnXE
zI?U{P5paIIlic_A_GttkJt`+KWVCE&X!;I_GY$ZOW1yc(9@y*!?}mY1Odse3nSl&%
zw?DjsRwGNlQM_+40F9&%aJKGL-rlLB7%T0;(e31Z{P@iXJNce48{AL6tNtP>p8t;d
zBaKpfmeVu-1Fsal-@BKE{VgV?RM30$@4M3_OWl5P_;(jk|J9GW&#xz9Q60C_{@(X>
zZ{QQLx3oWA-GUzsRBN{bzDFcK16`sV<KUQ_mnp);_-ESc56{aCs?qOWtb||m(t^sy
z6mA8NUtqF@13J1$ELYLD4nbh?{u4-7sFFVr*gcG^W>LKL2J0V~@{OCVh}q{6hUMp3
zxbR;L>*@axcMUV;0*1w+0g5RGn2689GQYFIf4Cr0;r-mdN7?oN_xrzZ^w6(cQO$M+
zaD>hEAL7R#j)|AYzSbJ)8@xF#b?NmmH+@!(97W<<-fZ<$?y3h;g-=~`y|5r>1>d1f
z_#`$CBnl`dSBXMseFe*(p!)m5u0Lo~ed*R1tp3_T^pB8m6MdT<p81;gOF8hMQ$Y<4
zQqhp;uD|6m93_5kEnBZI4o^g0Uj2N|y5OS!!ae_kCXTqCC9rbm7&82QrFvxGnHr2r
zd0$`Qgq`^$man-%-&*0zVTiIwz6fu;MqV{u1$Jwo{}-gR4Z(H4bUZBeAGS=89Q<^z
zr}?5;jaMfhGif{QK53+VYMa8JFX@pCZjT0t{}k74#J)1st497b!L;nif4dZaRsgI+
z62%u(0O;JOFy8-*$Ntp;pN_>W{ra$h3r4Wfm<wyj`l;;by?-(c5BL?;P+`!Z&kXtj
zJaO>3<Q9Q7ecs;!<IlFbelbVao2w?2*6r4xUAN5)UkJTYDUYXDzXS_s6;0n@woTy=
zm+JrHCs}BZj_Sg-r&)sDCY5oxM>h6nZx+H^r^7EgIoJIj%W6?yg{<eCrC-$Fjru=6
z{1UkC<sGq#$^ZR_3o$TTIJ0;W*wcd9u7Qk&@GLf#i*4Y~TbPEE2DS=QIJ*Hx-BPu)
z`}_LdQHwLy)Bh#}|03oM^>xX{{~X`*?~QQG25%uPaB~^fQbz908bb{MGoYJAl;HQ?
z+vbLc$3(=5?{~0$JB+TjuY6q|3+A7p=YRGth>!`%>!U_Id-*SA@>?N1;PqtN-~LeN
zqhbOs+`{L-SbJ}pWdG3_6##&L(PTa0!o(Y3<x66(Rz8ZE`orIK{qxM%UkmN`1&+>E
z^Oqp8Z4O`g{!cbgm$cR<Fx}_*jxPH<c)u;d!^B>C5$hhf5EwsQhsjO}RPt|#{f`ee
z<kw+BkdjLO_a7keAoSv(MW9kHc&*_^alsHy3?J;>H2V7-4e;lf))TQ#ya}EI7?i+w
z@W(Bx*Z-I2kpKN05p1x3&tVLIjt+a97AI+%rDo|sWYB56FH&|*Ot^6~8BR9sVT_Z1
zcpqe@GFO@DX;TL>`Cric|2VO}eY|cAS@{MP{QZZsAb71em`)h`0jzq&f~X&iJhJq5
zr^4OetLl*iLQw$XtIG|5o@K_@@lLNN_weq&TjlRI1s{li$NOU=hkx<j50CdO>KWf1
z_%s}Y7z;r-cKMFTlmCC7q!aYGI^f$%_wRCe!C4d#b@9T4J775?u9w4+nd<)kWjVkU
z13ubtd-&vUGKs#e0bh<%ESo-?U>4inTcaXZcM11sjQmq&0;5ua8v@m4ERU|<+c#qn
zEHxj{iALbOjeE^k2^vA6znbYn_osl>0oRCIP02*OmHi9SF?D0Q4*~JuStO-2ZZ6~0
zcvx6o*=dj9GEg`F_9ra<zF}IaXP--R?T4{B?)m%;-8XOWFhSwP{6rpql=zPpKvx=-
z5b##0xbu1l;ai$K9?x}FysZhoncGI+ahX0mj7_i0;g~AXzzCIW1%3Bs|1(Cdr~N(%
zw*GwblOG;(w;QO9KrZ{<V>I${M5-N(7wMA&5ApJ{mDNFdhhN{k3QKw>Td?VM6N9js
zRuw8SFgRC$JC0p86J5srx10QKz@C|7{+FU+??9n7Nl;+mb9_S<x_=4Q^{Iq-)rJt|
zL;d@pk6$K$ojJ;MFg;;s+|ftAV~WH_WpX&J+S2(al!L&|eDTa?4fhs!l80UJL$C6P
zt=xQ%hr@EHQ@5BDV%kHDO@w3Iwl~l<+;6HhRwh*9jw|BiT3edsZ>I$*gzQkkQOUEj
zvu5q{&!2Bry6j*+acNVKuC>?Kf8udG=Pvy=fJwW28ozX3xT0x{M9?cy0H5<|@hckV
zh&Q}L-UG|5Dqo%n1>Xfu_gO$WP-D|}rv8pDO+q-bDN1S;LZ}(6J7LO#hT(7S2tU5w
zQd~zn6$WAM-$jh|hu3B%&`a4!zraLX=6Gg7jCKtJ_>7w57SI_;k7m@(eCLNe`dP(6
z20LG`G6amiOe#^~kh`;BcxS{F1v_<rg`KJ@*4Z$11$11IhCq7$0Eg*?(g4yIEzZLJ
z@~<;UL!8p2AO@s<H`zU{2WuX1SYPDT8;E$>A!Ch02E#!O2iQ-dyw01c8q-}*MrJ>9
z`rJdy0Ey+#^HbY>x#4saTCEBXKV6p{v5o=tu#?^Z&t*_{NAt<+R=t9-R|tV~ile8@
zwiU){eL+}%tb~G$j7)(W;RXBAn#77*U-S7HM4UTY>SEu4bCc9j+huCwJnb)({ptn>
zIW`<t(-f(B^TWT9)&~3_8Q*ZI^h8|vpwPYPmH9In4<lP41ryL`r}cwh<ip}{88w$}
zJXJudu&r~;1TZ6Lb)|f9enk9&0<*oQULT~PA9_WI#vS3o#Qbiet-y+BWW@ddcr87V
zw52n_WIcjMx1yMoHD4t2nm+Z@t2QuqJ63=~d>C*h9l|Mt58YX-eO(LUH*$;C(n4X1
zqjn4TP0qH@833t2m=qZ37L09u&~XEH40@i=6?=P~Y6Am9QrS(rM;ImETHKi^zgS^6
z`tqynJKRZh_`dL(5m4bZD4A_}`7aPaSLgaFjs5VG75h)*yphKMA)m}P_Mn9fKJl?~
z`S8=P67wOC!$Uv+=uF48ApnIZSdZ7pl)-mf%SVj_&G8uyTiWyee!E&n#W21*fGHsa
zCjJpVz;7xNh}B2&-A;HJiHt+11l-enhwJwHq?dtIfh^0~vGNlj<E^}iKBFUvqLG^w
z0a|bE5gfIhHJ)o!=k74yh7lX0L?(WqOsKo4g9MSB!JF9-zxnR5EV=&G`Qk=`dAdGy
zuCwFpDXZ~7UmYvWn88_fgu`)6Et1vn-imn$KXay3RFKp9h|qL*qCR1ph%@}nX@EBe
zM)I_0yT+z9LIj-Xl7R=#KBLP}SwP-(z>;*h{hv$dm*e&Qrd#=h<u7FUn>0M*h>895
z+N7wp>BbI1N+P?d+|%WUh<74_zjek<E85ubJmPZ++g`*;_*H~M{{lYn3}W%hG5h|G
z#Jnqh5NSvv#S{rHAOJhuphwUsF+%D}I`=U}c%rxk(A=58(7p{nS->+0;5dv^M+K8|
zK`4eI@ij=%*FC^tR(<ilv>)AFn$K|-kspxDZSQ{lno239EIxC>uzBIh<K#lZ?{WMy
z*WcBeRI-0)>guMD@V-r<8aq;9=|0QMBsvlF#aKE<DPL1wve5f33T`TIc;yP1&Ft^B
zUykA=g8oLJaEUL4*;K>%sae1Hsh-J9%Uxvb^j81_7EUHc3)CdA$-S(TP<SQIoIz}B
z1vZjVN0ylO2=(w^@&QYjWbm18RS=zc+N#fdhw=ju2I#AIcb?<$KL5x`>s&AqeU>T~
zjI>o5H@`LQgMg~OJJ@`Jf@ii8A+|cStx@3N3fmU33@vvXq|4P!;{k)l045|a(3^TP
zFgQ))1;iE7K(A{#c-|2%IH6Ixxa-!V=WaH>rN!ttVJ^5gXS+M!B|TbV66Jno0o;86
z0Klx#8lu@!)?lL=yS%!WwQg&2UTry;JDBZtey=1!&+FVzDR5*CkP9-vcm@06LrLHs
zk^#AU1pIAsQW(J1S}&_{ae5@+9sqGzNzIV)R;;w*&(*E>?;L9|<lVT~LzCViurABc
zuD0vlXp@B5PHFF445r#G&?|tZE)5lrKNC{Q(yN`bBwjod^E9T3;tOCRkp+gKUzr{x
zgVrsk?iSv|-StVX)3Yjz^HHWL>w40u6#y2IN&@4*%#HENQTEZLJw0$0?3yB#b*6bt
zIYjb%K62aM#<1kIZ;dEq>YjL?anPDNkblOI#2=P~+C@{SMiheGBdAz@YbD$6!T~#y
z>P@#qQ{Q1}Z`sj1OSGwcI^zgK-H;DyI0)nqJojW9I&)T<?Zz&##=V{fp=y_$U!n^4
zWnk)O`{bx}m#HvFXx7*t-6VoIg@))=OI&K#QS$}1u06v4@8Lp4c2%G~=}k5KN4$Ry
z&v2i=nn#G5VFl?LNYY!d*D+#wof{Zd$B)R}Rqvk+=BlPWwbaF$6}9b~c^34(>N#*t
zPVqxo3ckHSfLitpM*=BUCl+88Z-XsY>wz1?pdka=d-m8msRuj`%aVl+u-v>#=Plhw
zfGLt{c~%UX4`aFa?%f0PA#XdbMdemhW$g*iTIp_LykKm!s0Dpf`QH2l#N_ONyP)UQ
zcoit;yx~6`mHYzJT0dl*ouDWf%@gr>9EV|xYaEf_;K;H=;^a>KzWwC!<ng)%T8$k%
z<2F6IzDr%7E!+C1Bk5FwYK~k&*-#X}<d<1b3&0G<RBC5Mr>5(6Us<f=|9o+}Cj9cK
z>%)q}Y?H0XPSFf`I(lDN+_$csxz?3WwuY8NW{ih5QqQ<nN&{8&*16R`w2<xHJU{IP
zLMfIN%4Y?75Ft-N*kfJLuS`m>taXSw`3->7T&?Q3fW4dkinPrO5aQ~W_`>N&Tntrg
zP*s2^=ph-OS%=wc>9Xtc%B>?c07;y_@!HOx=f`_Jg66Pcy;ZySf04M5vt1NMY&~d6
zls}^N9>7M%h+$F7J@%A5z#tb_Oo95*YQ9JBN#vGY$P<2RPtKIUf9me@C46tP_`-6m
zPEIy~V{UVn5|<L~`7@QTkE(XhstnJgh<f<?Kj^xjJ32}e3SXq5osOK>>*p+|;rS%Y
zQ{a;G#2+RGr}k7lJc=ntK~OGq8{69QyPQZ@qw`aE{1q#|Z!E3StUF2TMYU+MKr%q%
zr)Qv48m^=zgM^APf%?6_K$Jv9Lg^AuKL0ChaXX<YnH=+<{nfMq=&EB<T5@82A9OfL
z<;w0Nxc=LzFEM{(To|}Ak^UU}VMZV)kDT`xn7Tm>NWA+y5)T)tMIXcQ;K3ru0M~^Q
z`80nnfZBOeR0@q9otmob(Q|tCT9)ECE|-nbJ$@uhU?3rUwi=7~P=W>l0YO@y%-!Nd
z)n#I)QJb9#5sM>~zgeV1NpnZ0sks?Rah8-;uIz}f$c(p4<}NZOF>YEa*~<P7`C)GS
zQxZ^luUsXe&ii<8O2IcsuE(4Ts*=s>NlblWek%vi6(gB+iU?uvwsE-(j*DE#l5gG)
zKt%J?Y;&vs2qb+n88k}T@_c;*;r8THTSvw3k>x-0(AG76#&d5e>)VT4^=S@NrjqYN
zBP~S1V-h|`xQ{ti*WZ4cz)8LgJ+Y7E(0VcB$_iNsW?iqg>5Nr`Vi|tOKqHRf=g0-n
z1S(|YKEAMGg`Ye`SW~wl=Z6GquU!Ry<FWVcjy7v2vo-cia~#*6maMmuER7!UECay=
zqQkwjQK$0mN~_7}q{~>56k)$+`!9ih>pRXdEa5`jduP=p7krtzv2D6ffugHqYba4h
z_OjWGCwr*Tw*xNFB?r=!W7(7MlT%VMno2np1PmFxHck~uq~mH{_M|mRe2CPqXV$HI
z?Ca&D5`Lxv6^+8ju$6W>;d`E=l$H52A|+Bl#7(0q^=HbgG_#xa!KV7<lAenqA}>MC
z%!27q9_i(1LKREz;F1Iqmg`H?AwBD3i$cir9=^Q~lxyKOrL9v^%qTsf7qK;i-BOgk
z0YXtDS_U@pD!b8s?}k<i_gKq*S*KMgFw4|2^D&lGHctwFb6J`ap^M;n-#+hkW_`4i
z09_%W?+GkG#<Dk-ktL5`%*<OUn`U=s7Vi)IdPJk6K$ok^!oSd&eJ)^PJG=jxGe67s
zkKD{vyW-PzdoteWJFD!UF2Y+1Ff7ZU;N0K22iG!Mo(pB^lz;z*9opmzD`lFyZFb1l
znzH7!IU%IydEn=WGr<d_8AN-Kus&;JLM%)G=_UBSMr16L=e_C*Q+cASws8!k0^o8{
zO{@17TGAbuhG0ChbcZ0e2pw$9-rpN@&{-_jWwr?^o^8QCD5S4WvzWRW+^B8aEqoXA
zJ=CN7@n#(r?PP>jg}U{|io#$<XM8%)FW=!dq`OoS6bAJ?J&c+0(=Zx<=uNvMAsj%t
z4%Iu8h@y_e{2bvU^HE>P@cz1Ld-J)L>G|?}lK)vYbXVk#bb?YK^@nmp*sSD&YWQgJ
za!~)~WbKLt@2LjB0S~os8A6gsg3(Mt7O3HUXf!I~QZm0ilt_gnABKSTNJM*W9PE|%
zo0A_&*b>I=vR45mXfK0w#m~H(&l|S$S;N~xe-`K<vbqet-WwwrC^J_!w^tv5C?$SP
z{s!37IcCKMY{B(*n`7n5dNPDoCo5ST#e@OadJV60QnZ<6_}mZg%YJ5yBO@#Gyd5yO
z*`HO2SYCkSo$nX!AJX)Zea(6jVOl<kP1c3EiveQvDYjLV-`g~aL~U5lS`Z~10S(^-
zW7Ll85ENdkUylzQL75}UHUGEFNvYOE!8*P02#0R*6_t4w$cVqvVoazL#3U9;^Wt#x
za#W3No5`Ne&ONxC)8jN73~wdP_7S65N$HtSH5l#d6WKY1bj<Eydy=qzW(@X0`LmgB
zqO)LJH>v`0iIo58EMS73o|F=~VD^2u&WG3bL-!tRsYsgVH*=JFf$DmMk;?O#=DBc0
z66f9dK#Fqdypk+nmhBZChCZWcggE)3N~nHnEiU%Cznwsn)nh2gk2Pgncz)3Hg^Be7
z#H;z%l(!jxaQfE_aZXeyriruVkyL)fO7bbtt(ICFE=&UhBMmjYBqiY-<Bk~P3uZ`O
zR;g)^(qzp+Ho&JwQp*$9FnZw;V(F@R!B(hiESA1R69}HJ+p9EqaNF7>>A2C%*bD((
z>NG&-rsi4%<07+;=&qerl>%)I!qiv#qa*Iq)83biYc3#yQ0lmS_psy#GQ+|cR8oY+
ze!TO${a=dA4ws#a0BTAb0#r!I+*q;-(DRTL8}Ahtv>Yj3GN=~@H*`iVHGShrb`hAH
zr2#d^Ov;X0KvEB=gWHx$fqQ18fTtV4dggR3Q4_zXFaqgKtfmVWomO%D+mUOsjkrs1
z5J^MGS`3|<hX2PpXHNgw&FQR{#ZN_VV&k|bSWVYF=d{*l-#2X`fOpS1uZAYQ&eJ&h
zv($3}nR72rW$Rgj{Y*icVB3Z*;TPE6|8jmql2mxza2v7pHiy+2cDd!STnIOuDMN9A
zIt08{TakL+pDa(+t3TrUQYbc%v08?yi;{q{<(KGndF~AJ8mi2tnaV1K7Q7-e+N<4q
zbvk&kHUyGf6r*VXsEL@O7#$}HrnAh5#HFIsf4E2Rq=;m)&U|0$P$@VX)PRiXD}s!A
za`b8!JuDCES-KQnI@-@bT~~H`=(K`3HJX0>h+FCzJQzm7x;&mki)THj_X%7_azFF!
zd0&rcC%Jdz=ENB(crK&tc7DKVG<B2I_jE!E@#sg^9IaZxgwi^X%g;A1P|bRl-so*L
z>uKh-VHE4>y$5q^)`^~82cFxGN&w3yAehS^y4DG^=k=8O!|e(Bxe|a%Jb-s{Uj7v-
zsx=eed}L|X7wk$apZToD@#v<bmfQDly{h`N5)Vq1%WvT?yEzaZz*bVxA3v(WGycA>
zD8e|f@7txeytP;1*VFQ%>c2gjZO-d#!&^(E^IEG4bhp3hz}pWx=O<Evz@xfs9>N~?
z#tw&0>zr9!FD}U5DfdB%2FZ=3?35_}TRs6Hk5L(qAj#1vXzzBKl`F=85e`K?#T|RV
zy?ElZkEo@Z*e#8!Pe#D04;3{xtaTdGPbR-N3=l9=u2~7#cQuDYgKL?6z5bubKvw_A
zK-qXOQ1isZKXH``BF#s5`F$39=B6M2_hn_)8T|zxG#I>|IT($$5coyNW%FhsiFx1f
zH@Fk<o;aE7w%^Tv8wQrSKImT<XQTth+JjIpwsEFF%9<LZ=heKK2gE7?B14)Rg>Y(P
zhe;Llmb}(V19~Xy>B*jV88&qp6O7F?35z%#)V~AyTFwbQOCqGtKw4G0jl37vOx*A@
zw1Z6a@VF5otpYn7k1I21Mh2EY^1wD(841G`kd6Fe`QF^ReOt^$f-#-g9mZq7`w*Z(
zEq^7ls}Z+<f`pNV4u3jTq&@3%t+6{vt>IXp2K}p&tNzv2a>rI43+oF+Fp^%ww0?L|
zJD-nAWPDLmZehMN>$kHy(r%*?%e4_)Nb7^B=DxUZ{)persII`J@QJ8P#$1^!B8sU7
z5()$cBUs4^6OlzDGPwV#!%}@<x=7KmAyQ9rq}Vf|uHv9kLtky&$r|Zq#?zKafPilB
zbT>ZYpI(y%rE=6TAv8whL^BHnkk`rJ{T2Q07qR*k<p#}C`wb&s?Pi&6Jxp=h$AF=z
zX|f==D45T*PWF0cJ48F?wGRYgXb%~n@d535x?A<qXJTkkeVGrUq0QiUY{4RVkw-C7
zUsycH%;oviw(gb52}qAFN}eBCZ8f1p=}LLTrF&n#E%6dg;;epG+EdsZd&vZlsSXDx
zir|+GPmejVPuJ4PoE?T*l+B1b@cDW^GRk^%mqY&71|A^BwxZ(v0P(S}wx=BZYoP2>
z>Hf#@m-{Vk{_|~N@tNhF%$AzAEbnkPI5yMf@PqIFyKHXUgiu@$KlS7=KmDhNjtB3y
zpy(VM^<Ot_5ul<Nw~&zTXj5)CVL4_ud#BP#GzCgUw#^l&H^}&6kI&>H`5#Wv$>gaO
z5+7`yH*h7QMjwhxNJv}Ty%l;3{UqlV{1cppjKVL?_#PUCx=lQ#p^>ckh>_F*Wey1T
z*}V_d(nTd@!rUYiokchHY5ra!<u-$NO@aE6bPR{K)CvE}yd%C|ZZlGplACjOW-x}Q
zGB2n|7Cgy>*b|}%-Gus~D7SpTH~x%6@0Dr|@m!yj5HyiO#_|kw-dpTi!Jp~%ufMa{
zQ%Gc`Q|F@S)^F6dZmY2M*{(0WCxcUl$uRt(`-D+w3}8Z)@aZKAnsl1MK%G_{FLcMO
zo(aZbzsOx|()G^pupv^{7o{5@Jr?i{<rR{H(0%DvT8&RnCVwrhw|rbnm3o7nSAau?
z<xB-)BVWVh|0Gwv7Yj-}K9T}_5L(&zXD5j|JS0^0<N|K{Vek4gvTpeWQPEPA9gJK!
zz@bX<R|6qlm>e&?%!dzkBK7X|1lA7^3D2Bj3fQKxpn!{Rs-!UX7~@bNq8p{qZHQKt
zZbsu!P%)M<)G7BI7`B*oE-MaoeR9~!E3z2b#^@V&lIhf$Svl1SuF7-WTgq02HyMAk
ztN8V^%2-%gy?}-cWfBRs*4Y766xUcB*&0%z^m^U1IGG2pP!g#>(enbcRB-Ce3w$^I
z)OwCr03k`oB<x`y|J1QWD7MWN^dd9e4%YTEM&t`pGNf^TtT{K~Nxd3$6V~mCKlqG3
zWEC|GBaw=INJJ#UKfRI395H-m4d6<G(ZgqyIn0pQM};BnHisvw8-u3c;t1T4Uq7*R
zJdf%+rmzDHEX#4#G25q9#O;e2><TA*V~|4XORq`bbfjU4tWfh!rO$8{Wc0HiKl9*d
zhys)jPm9Hy|9#(Ijk7xzn$!Od(I%dO>FmVMD0#=5p@E1C>&j?(%n!ff5l~UcIg};Q
z+aCf;`hlGO_w}nbW7YNuo`<8RxLf`Q&HDNv&CXy6zN=a9R!?0wq+Ry%C(4~sf=(`s
zb_Gh*rH+{sVNn-zIYM!pUb2mEip*!TY_2bluQ^{0Q8SUX4l87>#)ZKop8F}y76x7M
z9DWLldpDZ&-)bmijup2y^rp2cY)(`gON!t=AwFX!jPsJQxS2?(awdry8raa1F#6;-
z<;ws_F(e@dWcg`E;$NPdF$xO+(4y{Caa$z64)_7eQ>DWhphw(cGoAQ7$wEAYkhB9+
z6VDT0O|IP@dhnZPh9?|=P^RB#{lsx~PGp5jHvawXosij+PC60ZP&m)*<}e?JMrf_~
zrN9j9K7j#RQj!!pRSPvi1S0|tL*BU+kCzJso5n8xK0do*aYTIZ3JRcje6$$bdN6o9
z7+*Rnp9ad86>hBEnui2xnuXsr&G`}NnUL?5Qhtz@dAJ}6$qiwLGNBTko-8T*#Y{XQ
zli6|{tJ>il{CphooXQQn`-Sr<?+XlXZ~2PI929R%DpbM|Juh0xuC8!-H9zx$0th*@
zscG?hQV+=HsUS2^JvoqBC7+e_H}y~jn?AlhS>u=>0NcJD{8DwA1bC!0$M_>73Vn6=
z>vd}}sXhb{eNwLiHyIUB$+ajL1F{k3@qcg&|L=e>>tgKBWgKGFt7|i70ahAM&m*wL
zX|V2ukgG_~S8zx;X=Q0b%;ofoqBiu8qDD6FxYYf5;Xr_N`4OK{QA1qaB8x|(Uu7(S
zLP}dRPu7?d%kD#&adAq1DUwWmBsf~>m+(EZAUi!-{aVP7bOOM2@|I&|;U_4#3|~mR
z6R8UaL&43ev@zzG9wUCZ+xAXM4#ui16}uc<7x$SQggD7l%dro+FLHz-XE2oW!*Rp6
zH;)vHUJ8*i#8NfxmwYQUmG7!m5nfAWmR_~rg`zMA6-{hy{{+O=7x;48Q_EgO^>6|l
z@$m&9z@e9iL}$QkxtolECo@A&ctN!mGpWpnP<9p;NjLHN2ygl1FXNR~?NX!m^Qj(p
zgC)^|0uDEdU6cln!U|vNw<nQvPJRr`#F9W;4VH0y01m;4--lq|X)eo7%f|%a?Lt@5
z3eI7}){s813!Y+w>#^T?@dHb7_b11djmo)zZ$n2N!*IS_fTx?5DHcdRk@~fDyqyuT
zTon;e9|==RM@O!mF5vaQzm!loJ+%IDI^BG+ak>ThG(02-rV^It`L6LNQ!##lF=Si)
z{&V3-Ow-}p?hde)^E+!_(EkIL_$GJ_!#KD1Wc>#&7)AnD=o<gY3$&}YfR=n7nudkE
zhZ*xUmhzss{w(0n1^Rgq>N*3#fif`QOi)I9@F41By=xwH_IEYQ7q)Z3!(pTpI*-2Q
zwVI#?mC#*{7K10a87qEzL;4P?)a$fa5@@n@6&@#cvkF#;uLiP7n?pRhQZ@il(ZV3q
zDUk9!b`z7TM6C@_(J8t1fjkYvA+1S6Qv&tUdlpt9#MCgq;7`=@DL~Z|rAKl&TLfX_
zCwGctZw%!D_sX>Q4O^O}Q?fhuF-+DStd^r(_KTH~oYuN0+GCi~CEx5y5Q~>rjKuZH
z0*qdej*ouLaGWi%i^}a-w>OnnY?4LI0G1-&Lha%7h3ez#JZ=hmcC;uCf_97D(yqHW
z*s09{4mO1w(-t+WUhYU>h0A`g@VnD^mK_U>cJ6${1&{R+TiE`m;t;uhC3&R&?j(MZ
zw2M81*R(RTexSi3_jxL_W_HV5&eqm;_Nd(Ur%KMPc|0vH=g#GD2iU&3h@ZT`=V#S+
z3nld0d0K@H`$L@{F;Ox$KAZ<#LJahH?a~*2Xj#Af5s@P7kmYF}06AkZgbl+C`U33a
zo`(i@7eH!(IUNB<1tP{MyHm}tmvmYMiD!M^t3q4*ete?7KQZtTlL{cWL){#P8;mmA
zk4qI&pid0uY2qmPt=u(eOx2P})c8$SHR8^BD18Hy`9KRbAU$K7_h{uDCuWvW$gfW5
zN%nK%I6>1MM@{!9?FtgEG83LmK~$E#hpqm|fUo)ATutZ-i1WVn4}=TcTd(0j?eUC@
zgbpYeika@Dp4dgeF|HLnsXNm@_Bsddjpm`f@h-G#@9Ea`ZNsgnsJpP0qUkKn`{hpp
zh(iAxRWLr|6#<6rC*b8^QEAy4@_9K*O*edjVcQ@jM%N}2k7$)QN4K5_aE+Br^0liY
zOgdw&XfG~KNoYWuXE#aAi&{P@G9?KZ%1HyIm!g4wz2#O1&|F+PAG0W23kY=Pzk-CT
zqv+?y7FYGhxKOLcs)GVQSG}0b)@%d7D3ziaNbTx@Z7B7LHpJ`ml$$ilY2weC<&Fqg
zqD(ATczYxhxrp1=xT#*1X08ftJ44;xa<buhm2?bK3W?V-=~PV(Z{r7OQ&`?;&dcyw
z%!QP5?_LplTLT3JO*++r2nIn=luQN=i1xzJdl-0(c2XSM^|HYbIVm`GQ?zddOCm2=
z)*ha94gB7YP_P|sfhflA*68+j2iYAfZ;34P98NDNMSD1T?Zj=bZ7*i&hMH{UrRS?~
zo?(Y~s9Y(AoW`J|_(+zoYH{&Vj&os>!&cJbjOM}U*(k`iz7Fj=H3uaxFJ0y<i0#^M
zhou0#FcSXa(IoNY!t@agnNiQnZ^WG~%MaRk2wE-ucmxHXi@nc$1K;V%)t+66S~U^J
z_5*1W^IqW%lH*suK*>^5a{+=KaKrt938^T+*V6FN#RIlXkWKen?87a{?DWk>>;ji$
zpzC(`HtZ;kUJd%dG07$MsiUXF-avz62X1jpf-%kTG*{^buu^y1jWoBDciov4d&I`o
zfaj(fDyZY>HE`;q(CwDnt&;^bvb^UARk-!sYA%0aII6pZ5Nn?6L8vJE`^U@e+K^<Y
z-25&O*)O~ZC;2#|+LEHXC+Z}8UJxXEn$iGqil}#fG_hC`tiL3YCI8I^Zro~+zrw|+
zO($cR{0Duw3Fp0SZVZBv2Md^E)nC#c*rFWFigHBF1I<-+IOT1#RwI(v*$Vi)6FP1c
z5KYlC1$yRI=<Dl4OZA;=2a~-oTvvx=>Gi5?Zh}I)2e{BvW9GfckKcZl=E_ryOI5P{
zv2h=lR*7P&iqmQWJ)j5j-gfa(`@R9YyCEQaqonG6ydB)D9@+9kcO0-66xW6<@6V}E
z+hnic(3dqjG<OcW@Y2b=rl^~$gROprO3RYs6OYFG)i{gCnpt<P^HT?vKVmPIKg=5`
zF-FnonsTEa3ZP#w!KS)*FHoUtflm6hzNuVa{(FLZzN7YwnI3nMJL*JEeQkD97F89Q
z)$1Hcfy!O=YqM6;FCrZ;BBve}YBxNaiD7!!-sJ%2)Q$b#u-#z87O(M6t^`sig(WRy
z%6=AhKe{lCeKlUO;U@uwu~`GBTLb2j356*@bEDJAEbC0ToC}=|CWkz1N4QTYoRUIm
zJk=g02-?Ll_&}+J<X}S{7&=60d=f~IL_j0{iPu_d!rVSb?Loy)mV}XnE`bvIekkYV
zci|^?17>la+rNb3_ebxD;Ba_%pCzL+UdX@4Q#B|is9a!{v@z&$2kbqy<{g1guLPaH
zEOA<IYQwWS5r~`D`hhzbB|li8Wt15h-|B?bO2@V-9BWukqzAt3k%wx*+M_Pn=U1%v
zp-sS1rmwEL^q_g*^jrXN5e^sp!Dzh?K$#vazzD$XU|Ls)S}ZnuX{&Q@PEOxotn9mz
zs1|@w)G%In-$&uj_a@2ahRrRxACxG6hT_i;zzS<5^)YM%<w~7qUaqP#$K-MTt}%L_
z!jLy|jZ;iJjKVdh*K5QR<ixdt{6uUY4a#5<+by2bH|ZXR^p;k=x>Tr&Cn{NtK&N?R
zX{9KDRj)3$<~;@4zi9>D9nUUxw((l2<WJt+y4~MKXj-4Gc@+HL;lkTU>Z<{+%t`s1
zf9gk5&p}C2*U!_VaTnhCO>(dKS?UK=fMc~&MTsW>$z$4sy?@p+3+OQ5iic=tSFGct
zTMRQfB@|VP9>%w=0L6n|kXEiEpYMMj!Ae|N1M|@&IJ_PJ3&Mz{_Km&Ib^^GThkQRK
zZoMC200Xykmk@1wll95A7#ASc0DOcn4%SD(ukdjNGj_2HX8>@a^)lX)2E3e%d5{zj
zF>sZkUYc3tb4A)fygZG=$$NtG1+;&#r?G^)7E6fYJ`zCJ=VMOfrRSrTct3Fi08SFH
zDebtHma};sR*&^>Peo*ODBINRD}`Zst?*6Od3_{CoH2my;|JCQIc45}xFsjn-j;1=
z|B$n@d!Sx;`x_w^uZByUs{TF=(>=_Dm5}<dfsoScD7#F?Ly`39(-)KN^3KRU`$VNW
zK$s<3qvDQQZow3}9%#a9)>=IP3{X+G9eVsnQfJ0*K~9aLcq9_fa)E`hdlLJKPVj)#
zVQV@R%YKS#j08td{fEc`ePotFb5I8}zRf80T+7cmcGLSC2VjfTi-D~et$~4oQ3fxE
zZtf&yw1+naJb?ZX|Cpcv064}cRHSqX7L;_#52)qNv|S)w;uUpJ)dFolw}xTqpr72>
z`?#c;V37XUxHC5V(bLy78%ti@$$}EVxKmMQ>`W&2eBwDjDQtb@`8Y3onhvk?&r$Cl
zrI+!~aurMc_ZQm^;L~YxiThEyZO6Kl^(?l4jns6C;~sdVOyG4osIb1ex3mhYRgR4n
z^uCGj6ql?fSA1lU<9!*L&MDQH?#St;PbN4wUTK}>DV#{~`0zowUu9G7EQ(y>2>H?o
zYg&`Q6Pe*Lmz7RfC8nN?)F*K)yPT=jL5s(S-_0|sLK~ge`dxP@i>4iCRp99kn4gT>
z_dp)kjYD4jm_5qZn?{>+Wi40PE)9+rZW^w!d%;bQnqPO`NmS#0S&Y)?6SLWZbx}<x
z!w}E$;G<Pij8bseK`|O}-|l(k@|%a$B4an)bP;js7p18;xSbZ5J{~Vf@y+7w-R=F>
z;%anpu*?;Ic_ho@L>XOTEGcVjcTbU?HTg;E7J>ou#L-f)18pD8>jCFu(G8y2>D?{$
z5?qE@dB{b{lwIh5hAua5PE%gP+b21E7yjNyN$^`IiKzM1%~YQ(i!vCuP2Sfo`r-EN
zI}`G6ngbKTP;c|1dt-n3nguI~#>omuLs8ofF_GzG;$mWofEAd{ueIU6zbw=fWaE+O
zALKLReR0xC8vX^;T<0#J>qsd;v4H+l2#Q6J_4YP`rm!N1+0Qosp+vnmTG|cRhYRHw
zz@7K=vM~lMw10h65Z!%cZk{P6-eA$9jtGMaZn*(BE^^%%D+j1KO<GYz_l0^Gt8u%E
zt%4q(hHoHNQ>l))i}kFHQDJ>_k(#t|GR$Gv?dt{M2^<W@#YKd}s6jO~(_ny0;4bfP
z&|po8Xux`-a_;ajf|2>d;VR4mm<Eis$6srTom=%UI=&jqi-W@q!NkZ{a*W2#DT_r?
zFjhA<Hq0z^yvz#txLQnUPxDPV3eUDAZ5>ce2~tMB_EW4V01{P9kJuczjN2o7Yb2)%
zwQ8ernRU%*-LtgNfXrTWUGl|&+Wu0qw|e_N9_XdWM}1WZ*O(JL_YFaw$q;Z{->*PN
z9O^g4FVOh)6yPmfHtt6?$trEAZA@>B2D?CBF&DqwskMd_a|?nwgsyv(_t~*6DJs!d
ztA#AyBtf;I>CaHnq_8QU$6F*>awiikdTRufGV|L#M}90E($Sqms`KY94+wnm4!ECo
zsARIQU5gccJ$Dy5`1ErLOsHh_WD*RrXWRGYLJrhgirPwmF4|x|HaprQuE)AAuchw_
z*0!NzKbuSLksj?M@XLG^Z-1zrRW9)na;bwuWjCEqZ<-msATq$RBVf2Gm`-ZJ+}k`}
zA?DX5ZTiJ&ur#=EZ$v)$XevD!ReY@Qu@pELL=T!FpSX+L>H)B2$M?7dUGQ(e3ViSg
zxmGY*iblQn7lKNG1s@k?&eWMabdm9G6)kjqsQ>;H$t8`Y*m}A_$)UA$A*>Mv*DTlU
zd|kwE`14YdyRL~XO}(D?pz!(1cy|(eLNtSJp0!E!i=?%Y{-1Ep?@0(E1QU}AmqA^@
z?fFEteU>qyV{g4Xntmab@BB|6c9YI9F}~2}pUOn!aJxU^vukn`dxYTgx7gj-MAA=9
zieugxLcs!Bd-8irmuC8zOeWoD(YuRX(g0M3g`jPn^SW^<RInQlp;aS7EOw+&Ptd?x
zDUnJh_Awu=Wi+VBL3JwxfJv+_Y<BY}Wt**o?xo0BaRlz1ou43&joV_MyBzhQ`T^Cx
zY>)(E1-x3c(4s9zrv?Sy8#beMhSOg>gqz%}auhlcw*|qi;0n!nYBX?}<o~`*S|Gcx
z=sPZ2bcv$2Kodc{OS8!xQ;uN>K2Kg{`YvD3`CV_QFblw<sMRl<V>H{C?-gZ<EZBw+
zXxBId0$_yMXyxddZ+!;;`9Av&pFF_o1->ZMq~z<hEFB&Q>md%;b1g65=P_qgC`-Cr
zW+hR+I6Lu+`Nri2ah4AXEGD|Ay7gnjn_jeP@$%g0;U{bL$HRFi_RtHNXtu*IV5<9E
zlVXH&ex<kXnKnhUmuKyw!Ftvm2$+!eHB!VBBS;WCuS7IEiAaL1r|lH`&@D$k5UHQg
z^CD5_GAqf=f68S~)*SPa;3eQ5yX{4IOcp{A8JX&$?W830a(P}rn`lU7&R}1e(-}{8
z7u1@e<9d1funLcA!z~@9;meLf6NMUw@6kJ$wIlWJm1X@kNu@oZwL{4p`udCCghb}q
zJEt;7hgS5w%`J2FrcLFO<EOH5g){6kKT<0s9xOS+4yqJm)ze<G9GHhmv)NKbmcILO
ztCcg?IE|1;ao#5&bU7KNcfWBHv4+@ED>8eGlOZW7-q$1*s^J4P)Ff3_20ps)?|s+W
zHyzQ5GCs1OZ|hYl3R`4!`ORu}TKlg_>$7i_*Q{nwi^-Rae~`A%b^+2hW1gUwSNvTo
zFzcwFd+v)vO!^BP-arH*(55wQLFg$;J226~XI{_W-ECD^1UB7#Qw$Lv`<9K3jm9JM
zVCLP<b}*M;$)f-?qvkhsXJ~EPyi@iGF}y~xs6vQNSyi(Ygot5YXFKX+rKX{e<h<-$
zmWH5v2w4E1-k+y2{lns-`1PnA=}Rf;^<tajB7FySUtE=yW<0&r%4shx|2y-1@`zXm
zogRLirN3;#;5Drt^4rEMg0pM>Wl9|>n8+#nn!f%DI_5w@Bqhez<(;yfuU!Ed9|OEF
z7Z?Y!%whWR){`}qt!jdrWoAO3MIVZzCb#wUR@sttkVz!T4+hi<bTP;bu+JBDhc=N|
zpasHsDhft@4CqK-8KDJ}`IqL?Wp)Bz2rZ{;mea<<Fv^gL=Mkgj_+hPx@-OrjfB`a^
zM8RWL0Ai-7<;qcZOFu;Jic0FpUD2iE>2?F<aWjfX!bK#L`5f7j0;J{T$tWm%cagl#
zj)uWVV&%IJmpt0a(1o(yx$8QsVM{wR^#poKp&)G8M|3IEH?X&tbzpDOs>Ew&mh$~+
zjqQ02x^L2U4#&3tQo!YB=;^U9RF}GjCHoil+s^MdBYBk{HzP9#;#svSPJpBaizf98
z9x_toN9a~l?`QXr4L|lk<|7%{nf=Kou$X@%exF1fk10`p>{s?*b_*ysf0h4+9@mPp
z-2c<zd+Y}~c}mC$;p>etSc=r#jJoOEEzf9{jP!2ZN4%9p4mOZz5+li-7XZs3cLtEw
zWhPy(Fy1+nMA6~ULHkuJeUInDswQilKOwvbifCX&*#K&B)WRHF86GFQa8|{YjF$U-
z5==B=z7b5R9*mh7e*M`5>xztFJ#U?O8&HFf)wyDAj1>C-%!d#h+dSsDs=$LW6;;3R
z;UQ}xmqWZ17L`mon{j*Fcw3ufuNAMD=tP92Mq4zUDxK;e$Tc>#dphx4O1l`GV)@-e
zupRA|tqzkMbO;FnY5x-#2sEoM*B`klf^b?mND&DTjol}*(*a=t#B(`QsFPfvP)=Zu
z^cpc(onAGU!m`HgfG%I7*8gy8oSLt39=k`1lC%oczLV+y;eHdj3K)xVUI5nIN0#0w
zKR^U~gnYH17@2)z^om+Xa2d7Q!*c6L0zcNv`yf2n=6?Gn#?aqYSMnK&)JXWx4!*lu
zP*LW@M>4l=7E*niTHtk9r?8y&hQMd2YU3z#|Gfw!#II@cPptl}=u2XNDl|&Mw_q2e
zF?Er7GR|(Dd(xeFLUb49`vefVXwtXOlUO9i#-?aiclML`#-zi;`vlBHxP6bl&8Vm#
zwyjg5KIb%Salpv5%ufj-w{$IFfX)7FrsF0%E1{N|7cl8O7I$k_JRgN=Geb$_5}pn!
zr~sDm40oa6-FvTyDfj*OByhO}4hH(!P6J51fLeM?n}x*s;8E1ia`Mi)kDNWG1KGW}
z;kohC1{gKgA&7HbIbc%^KrU~z$8&t8d+Jf52F=a}b(r>$(N1ie&r*Aobe*+GHZWDY
zr<G@Y{Mf2$8{O`x0C%(V^O_}pbiF$w)<(Ec13ldFWciwJ+0HwkQ*l7>1l!=kBzlwk
z4*TW#L+pJQ?-IL(p8ft^<7ghBo8V2ky;CJmBcD{aD=n5L9`dEA$Q$c39hkh43ExGR
zjC{6KS=;wXUVwIu8&jCS7xjO5n|%9vecaZ+(s+6Q&vE+(4^C`gW~0@R5uyRsw4WA)
z8Xwb&yj=dNPu8Ssu32ftXgN~!om~8hd7m$6P|E?4*r=2!A|l_r+8g8Lc*K}r!w;BW
zqAs;Up|S~2$JRr}0iyqfn`CDs?WYXX;I)x7Qj}q*jWOdNOThrM@En6c&)&=o72|&~
z_7zZ7Zqe3K(w!m=(jW*(ONWAVcM1y9-5>`f6r@oE1PN)8?vzFl1?leYKK%QDqW6vW
z#`y1W+yNZ;V#nGm=A7&Kd*G)mbj2$MTG>1XBDWtfZrvk!TWnD?>2umc75GEbvM&|x
z^H3}3qx8u3HRzMwrBP@gRc<Sz5<wws<_sK1T+e+|I+t~;8utf{jg6q+q9L_to{@3y
zssN}7cR7J%qXejRd<;NB@5JfM@snV@t6Qd)=jjauaq09ykQ}JA!5Fr04Ggj9?t(B;
z(Mng6yMo&dqDO!ip&ZJrz4t*87BH&1d7tfs-Q61wS{xXmmyqI}0F*}Qgr!b#!2ZO9
zTv8h2h?~OL--?`)l|K79k}0*uWZxC{7>M*o-0ymW3J;a^6V|G~5ToSJP|Z^Kt~FkF
z?}IyF`s0wt`1_e6N{6+h9`6#Tg2W}aov3dc=?9`evjZCY_<h4sS`-3Y(C(;4r9XLQ
ze>0e9LWhubC^j-oG$!*%0tG=xCRH5r=(}#pqO{xC?r%;!g$18mE4Alvt`RsUVf}}|
zz7c1YccS}zBM-D!h+)&!Frgj+n85ig+UM`{L7jmjN9jWv*>3N9##<UkOZ~K1&Ta6O
zplCk;w#7@~g$&6Zo{3Og5n4DnxTxEOrOqbP=AaU4j$%nf4U-LO`Ou&$z+?SO_5lmo
z!YTN>8FGH3?WlzBfToo2on<Oz7BE5cb1#Q&;>ZOM30@@oWPWNbk%^F9OQc!KIT8fz
zMO_9!?9OTqTk`aMA3Idlz6|0!gpQV<D*)9(d&{c#0=17TTk8=vP;G~R47^h|CNm)4
zlAy*gDy#S$hhGT0Zs;X^#&Nw462TV_6t5_<yK*6@*X&%kOMU8W&%$-0OGxubFn&;F
z@V{*Qjpe?actB9w8wi~jCpgMdN3{Wr&zeL)hnuJosI$5a;;xaaJzQ<e!TLuH<Ihz6
zt_>_+?Y;N2!5Y`k1XYC5jD0h|-il+<jiU$=fr(!r!3qOJP_FLitEzyz1}WDS!mtnY
zNmEut7}}r#BuDA*mxz4VTE*YZ{r*b_hQ%BZKLHE%#ezB$-nG94QU5s@*Pw$ZxjY=?
zh_@1!*uK%MU7}`jWMN$+>1nO;F#+Pg?AK+Y^4(Hwo7(?Qa235`)y?={{q^PlM`4I9
zmroZ9mn13ZsgvoGtG9K52}2NLqUl`{G{0RwJFx*Z_ceC%pNoKzOZiP}?U;Yje?43s
zu)2SgF=HVq{N+^TAme?#nnyZp!1a#~{xU4>54<7!%hRjpV8XQS`fva9#bpkm<;y>b
z>oQmsa9!o12Lf|B&kvXX&>q)dnkVd}1QnvN&7OR@YT0YVE&u5*^zWq~{1$wO?m|w#
z9<?ZcKsCJ6tYpB02-98g_=$jOdUYm71%pM@(L8LO4rCYdD=x48#B-DLkG#Zx2jvRY
zJfr>3Pp`*Y93}vC@nAgRN*&oxA57(l)C+jxOF;*&OW-3!6Xo&sL;ZUwi#GgbsCzpc
z8*%@!J)-w;fFo{3(wQ5?s9DA;jOQE2szbGo#;EyWhqkb|ulZ~CB>)e5RthFS5B?cE
z0+8vu`XrRR=pbf;yNuZmw}(g;u0!7IZ3p{8GzvA_QNwxT?HpF$KdbjF3C58==AL~V
z@rRj7Egu6*=UhGW8B8J<T3g4&BZ%^y`${1w>&I!Z{r~=MR2jdelb#`Qu>W~Czj9bb
z&bEAD{D3-!OPs&@G*R65>Lox^$|gxlEjmhWAf5cY|BBq-s7Xx!zrTc^+?6lNZY=p%
zXhQ^MoqdF)-l<B!&eZ1*NPf3|*|G)ma&mZ*`C|>7{Oy;Zx)ha7%D=tZ{+V3BT#dP6
z3(0>XY^b<iXA>}i>zZ)|*U>f#e1sOtK!@I>;c@GJ%HMD22Kuh!*Sb9Q8sPw_*ZHf-
z&oVS2`M34gKZ{@CYGDb$VgI4+-$0ZX1NV^U)E=k1WF$F9Ah2HzZ?`xYo-cV$JH7Y;
z+^@<nmu$!BpfUIVuy?<|m36-acDBSAqHA5>a_T+IObF)hCaG`1*6m_4``%SAN8s60
z$?uJ1Y(H%V;}dsfCsKSujD`Np+;ywF%P;t@imgkCLf7PW91bLqR=L+|<{TXe>+Lr_
z>nC^hFke7d%YIgt_cgnLRF7w$!>E$JJ9W+^*X@q~S%hGzsU%<KY&hqK;EAr+ts4VO
zwn1T4$b#^4FK;Z1fBU`oVcn?<^+{9iV}NyYe6?<t<4L~$AL|DHYTYO_NZ?-&ohsOI
zcU0vycpnncJLnW!`k!H3?lyPxD9UFqV9av5uJET<qAXf4oeMM+oAFCGB>i$CY}^z3
zQ2+OlI>G_UI-nxx-R_j|kMZgdhuKtfj=Q8E^@fZ0WY7FLI31td)gelN|4sTy1{B#e
zi{rPYu3$06UO}jbCN9R@ca(tiw+aw?F<o@2@>-56d<=IWAVwt@$Ev2A=P4_zF>=00
z>9q3WA%lk){ujK4UDLtXwwnKJ(uN0DD0**c#_Jk72QO^;ZUebYNk)q=!n+A~FJH(H
z^w*=IKv2X1eKOOZUD4=WbN~Nn^h0~PfHcXh^N|GBIBEuQ5j5l)_?#{Sz!Tp*UcE}b
z|IsrdSuI@}lV4s<jeCD}G}y$%MCiWt=b6?|veRi;`;?&C4hraZgICg2I&ow-78%T+
zged>#Rd#hxy#8nbfd0YaS78ppv+Qd&wGllm%*o{6)uWaV<mk8lCbV$%85PjTc-hu~
z4}yVH5zj?9%F;LI+sI#$UNnBqBzeI}ZY{s*uOxvgj3evtF|xWuP`pz_)DP&<$+6e!
zcV^&wVB>gf*7A-f*a&>}<7|z&@cfc2HB$Gzz;(!@8M%=A?a5DB!QA6zVSM#;M-GpR
zb$wlgn?h*stDQc(Y7vUKZHZ7XuBfXgmAllPLS;}eF>za?Np=!_&&GAt-Sfs|C{J(4
z+@(YYgroqV0M$M3U~1acOdBDD*5SOWGvCoui<GOGANWZ%tKrq{q5RjxB`;muYLJ15
zG`H(&bc9F%AhEnX6t4Y1P|VLF$iqYU;B3m<qT{GS8eXT6(%ku2*eAvr`NSonWk%_f
z8cJx|X4B#7-J2e+73cDPs2p(g4TuRh@QvW*8{|dVOTKXQhX?Xr{owM`R2r&9xg1%9
zwIYr;kdT`s3u98gbbTKmsxA$jQfHG;+LpWX4;3^uA)y<64PSN{*n(ZK1eYU+gR@Lr
zC@`4V6=nUTl&qc4rzMG=n;U~!EyrZSwak94U97#<eL%Yy-aQHFY39H)CoJjB`r5G5
zX(&Rf)e!PJxkl?^7RPo712X7kmY=Fb?YF<m+i+LpBKujG$VNEXKD}D52Bxh1(b$&)
zRHhdJp$)pWwfS#7RiMBp7E@A+tbCWNlyo#&Sf6l+z9KzTFrI2rIDvzQhe3yU_AU70
z;F+d2=%rF)Ls&3>@;Q&HzAeK1+`mR7PalK(C3^5``9?$PLk9RtmNA#>A^I~S#3R}X
z*-cG?{|q1pe&p^Q$3U_BvI$x!7mpK##P%wbR2<H$Z!T9aWhPPGcD_NftmkNW9xUqM
zAWU-Kx}pp7t)T0D`DCGv`Msn_FcXW2;mq>#**f?%k7ArqUV=6P$Oj1n1Z<>OKcD^N
z+!P$;d+A<id`lXGRhH|$^Y68Gii>+kEv;f>+(R^fq*QW8<SP`*qBohxV!ZrtLb#o5
zx%E}loyUi*AX;<(O!SQ~UrGz~lB8VvSzT@^`D8&V;lA@dP~D`+mkJUKeog+tBEkSC
zAdVI!$T3rVb~ph*Z_*L-U?8d~jPM1=n(vbZq{4C~CV(>-y=eMLb~+h7<WSHAwAgDW
z=+iY)!AQ0;i?l`LpCIsnPHp}k3l-!443ZIiFG{<!M&-r|t1zVn{Pib({V46nQT-=9
zO_F5^mL;6u&i4`EZR?JSeq<{H=w1Rgc>2=OGyvyo2Eq58ykFf3oS07lr;3-261H-M
z;epEZ2NNk2X1!mv-R_@kCo2&cUQ-eS3?p9by`xox?3Z|NEXh0Piq(cEOj>DE&D2U>
z0-H)hCLHtRK^_5pvY;bcKJ^3#W%TVkH0h~sfe(L07uyn#ar@m?8g`v$K>se!9p2lx
zbgpTD|GF&2ciONIP_f>$jM_Mnm(t=yJjK;GpR@vjJ<~&{!`#BUK=RS@PgMm@r2y(<
zozOv4t?sqA!3YVVmBt9>%2Hfqi`uoK1EbZiMQHIw%nuTBKh=%^wh902NKt<(D&mpz
z{YpE3zwY;cKY)Mhmvk4&iGiCt84?0=mmJo7==gmyQ*D&KK}AJr9M68pRxG!SKLwyp
z<EaM!C4(XkfNr8#=sA@$oKJcOR+-pT@B7gkuAAbOzqC+Fsed>k4Pe&zD5eM?&0T!4
zoA$KfV6vqW_M@@VR=1*0L#aZEEN$5<Ik!V*d(x3gKtJ*&NQ<0}Ip~AARPl}zhk0T5
zvkFC`kBJJE{rn`g7X=1K8$izq%L^Wuc&b$uBKeg2m>{iz6~b7OtHnuCT&NcWV&JAV
ze%}#7FJYdgr!QG=Ef={9x~>P#cdgZPizl+EWuv?z<qZl9>{P1rayO<vIQl$mx1=PH
zr&Ef?hBe`!CFA6T;j}tIZelu1B_Qxfi;)gJDERw;@x~axU2{;;X@48^rg>KkPrPoW
z17V5JZ8%pYs(On<8^@Y4zBg~ES!p`GPtLx{P)Y#){#0kIwcFG7`k3Gr7m$RU1~lW=
z0{{`6I^Bd?#Rk!2pM&%=;bcliT3U<V!5IX-scGi>ov`N%%F^`o^kVPI)>GA(2uji!
zll3eOYdr|_i3|dHay1))G&yL4RaUxSJAUG0`6K(Yx;ueAT74J5hFR_=gnO-h_E!Qx
zj0&%Lv~bEp<k$62BGnjfF>5L`Y}Q%Xp+SOtr;i1F&Jw!QPJXb+{}6<lo0f!&bi(v%
zDlVY+(-Ne@h{cSB?12Vt;0n((Q6L$ZB<PA&_Iw<kMT0e7Jy8T%_#B&2J1y`R1IrdD
zopMvE+LS!|NlMCVLz6aGpo{*F_c=G^VDlvYP{hPGtzg>z$@Y)qESEm7P0pGuI(quh
z?V4xvXj;`SudLJBL_Fz;f-9mL7aUewh#*T_G<K)G`dW^Bqhxn^u`DJ6AxxU{1xI<L
z<QUjL7}?7fH>v|>u~U^HX-XmmjDZA9hz!LxO(V4YMYPQ)^S3(p>}pYz7nfPejRuoh
z(#YmhcJ2hET0}h!FA#PhbV;fDBxF7DnpKBnTq#(r=lchxJM;v_g_A))c6q7x*D!zi
z?A$yrnfh~ZUG5npBY1}oKz0EA_K}nQP~zo@2K#^#2iRpwwe<n!hY7OA&n5&As~rxO
zm!~=t{SHwvPENlp6|)h1g+f`_19a{Ny454y@I5o$As2C4vSL>U^d(vnjwxKdidI4r
zVsVW@sbBTJBJyv!;fUS2^xKV-=m5Id9~5fEijoAJ(d1JejPrpqVh+lf6lWVqb^DFE
zN=pk6<z(Mub}23{_8aqwva5)M{A?9<zd=YwMk5)r=Z?=totd@vLbu$3uolsdUY?cI
z03+uoxAt@=p9^S)JLcGy!`yyD5N7kuE^WSk?T>Ln`q%E8-Y>&)sREsW6f$8GM^{yW
zL61M>#i8(;xc>+9$R?pKw|OYQycms9*0ZFmjRI|yKw{`IO^hgz2Pkq}R5)5#EnEx5
zA1!%`?tQv1BWA#<J3I}Kb_P9cK8%cu%MpMMj;8wuMivD9_@Q<L`Ut3Zh+NFDY`>QY
zIC(>Bs7W3zxUXy}y*n4i7cb9mCo26;WV7wy(6J8+q%vqOD3v}wIrU5x>9qia!x=k;
z>Syzhj@HW!yPcVN_vSQp0@dOkj?z8zHvNIpW%(1j)W0e2mGLO@1x*VO9!kttWXA9R
zJh{yqq@u(Su}Vn4LVocBD}Od(CyFHYNR=vV69{k;YK%(-&P1>&uX25RfX${;g7XQe
z<se3HnX~9lW0o)*g2n^(OZZL<1y0Ka!SxIUl(n<L0vU@Z+bzfO-Ga_5@DV~M*<*x`
z!$Z(b_3A@5NAXv;(*<H~;?Y)-mXXz?r4*=DYuYL^VFZ=1(}pILoYU;(6QeeMR475&
z#nub>tji9F+#J=O+Akw8AmLrS)1||MgOBjLAPw)xyF$E7%k}(@k$*JF3gFzvMWm%<
zMCWA8DIwIzH1wyuuV-eT#>Pk1_S^e{t<@Jek?8CGJD~eO7Nol4`hz1}IDW&ObozNY
z)n6twy7Jxe{$FE{u;Fy%6|(hi<u4}%P}W`aGR#Q2LP8`X^vDm^h7rUi^bLP>^wtGv
z+>$BcQ|3IYa$1Iefn3jM0xC1XGmqN_?FqEqzxd%+gwa3VNc-7BBNdw3cSk{W^Ijj#
zPoUzd6hmTmrx+y=S;>qu>)9(w6ijsdb6FX=U^;~o42ZImHusoW#)6JQSy5kxJU(&C
zjf}Lemq+K-<+F>zR$-k^(!ZXFy<KL#{r*M&>E=plfqH`Me6)I#oOb+l-?URr1hPcW
z+fpS-a{8Q1&)uc+$zr_Wng=tOB?lG`+J)ApZ)n8Ci)8Fy2ZjJ}$cuObpP#JE@`@ra
z2e%cb##q&~C}=+jBH=Ok9JgAS=pJXOWFV42Ph?Bpk~62>HRuiq$8V!XV?&O+OKAb6
z;D^vu9!_`?vvC@5S!8*1sH9_nyfY4-NwKKQbilqGBNOsLGiX|;NKc%ik{~+>Co_yo
zpL0)ZP3fFgy3TmP3mg;1$FE0lDGeWbrKk{jo-_E+O1~CIZ-z*9m{o57`ka2G?}cpg
z`J%r+qnpR)aNXA!ppO>3NBZ8?gUE-m+bWBhiy1UQY9lvJW2ItQ#nY)2LV>&pNR{3v
z#W7&jBcoAXcxM}4TpYT=WK5%;W`4GM%U3N+CBf}>KJ#RqH?oQ<R>RLEvJ$AaLO9$b
z8RNBIlg6z(=9%PYa)W%q^$*0u?eQkDyw}xtIV;8D6elUp6()|`ML%SBcw`B&LqZ%T
z$)U*=K6|ezYlk8T=v6LClYBc~J)m^ov+et&%HT-Q6SB;kUIcIRdVlQeE?ZhEsSZhu
zf8L!SLe6nySw_oSWyuvc@ykE8LLM2Lu<Pj1S%tk*Zb<N+#iEmhh^`kO`q288oMBj(
z7bRtDCTL~4;e>DK5v7H`l?)M7SP&hlysgCjk%K#z1S=!#-9{Uo!kN#xR2Td9gMWP<
zKQWYc$bqOEyLF^$)418SGjtXXe4b<NFEtZnWeM#d34ndCprIaxfJK8WSt88cysPy@
zJ}Fx&VF^o0hh%f8kn%^4I;<5HGN^RC5*$W%(jlTJS{hh&S^OwyQJlbtbf<twJPxnJ
zgr=Zax6(fI-q|@Efws{dWg2b4k9Kszgrni-_FR!v=`QbYip$z<H}Uh?uNA$!Ly$KI
zv%-qMt#Hmh3jV<N?^9iOMS{tk;N<;TnXqmjRN2|epBj2W6CdY>ICbBPjBTKnFu>~v
z3wiEQ*(?I~OQ$%E$+W(VZNT1#c$(rJV^H2F06@2_oJUOZpf62u(HdiGFx}eio$oA7
zwVdXphi#OMQF>{eg=4q)R~~0;<de=VOav?@pI7fhjz6z$k~BYk2&CO2L=ujp?{xUi
zbcxIvylt{b@qza|$kvxXTt6+cGk)Cm>B4aOST)F3XqT+SdRRr0O|Ph-v$S~Ptg~wF
zfY{LI)!<#Z3UkgkI~4p5B%>FQrxbpt^CqU#KQ)8Xa_ytHeySwMxW}Aj$|qv*78qt(
z=GsBe+yM$AUcE*oA=CVfWp(Htlob*}dA=wSYyJ%`LMUjELom!GdMc)+v2zP7Zwb(m
zNRmJsX}rj|c84RfdLEgABV@ik<2ZbIK&>sdNs{d>7V@;xC+2v*OmJ4F!?0^V{qU^o
z{s05&2btRKIBhfejVZvU$2Z3-w86F_ez6hRJbjWc$YJ>%HGZX-fFA3;H(syVq$h5s
z?)nTz(VK^3H5c7HZmyqCpt+g}vK!fyR+h}ZXM^$y)fdT&5Duq1=TEZkDP^cJjy0ZM
zaH%SYDzKkAxh%Ih(EJne5pV#<Vtg_MotR^7jQsioDnAgisNCQgrhWYQkvze?e4_PE
zUS~m)a6l}&F+B8f!w~4jg^nNM^N>KNmU9KusWl!|!hmdT5S3cficNQdfk;zATpZ$A
z2q3G|@W(2$4<FiV4Zgs3c_H8&WoIm`gA&`GzXuwd8Bf&IuPqEj1*6g8ir#jj)yx1s
zZ3#XLYu$T(Z&H98!vKN;>OW=JlR#e(e|AqfaR&!|`|vTcWPV3!>q6}>q=N<ext-~y
z`Z?lmZH1_^xgm7l!$Ly*x9p-zX)Rv$imi&$k)@uM<=s*7@%6ny7#PshQuRtrzt)FM
z1_ixvUaPuL^^V$FOehnAJt4j%Mx}qRSXihu7Hltg|K1D8OStqtM~(H=JnF&>%4q4b
zN2Nwkq4>8mIUH~DkU(LPd~;J%Dex#KR;uP;U9hR4jgr_Iy4|Lw^?H}y+->t5TM0*v
z!e*=jmDYgr8Bu8mH})ar4gKl|jIaV0W<7K#TF7kwlayA5W&$Hb`3Lk3ZBS!t*t1-t
zT8~42gIbTUvfd<4goW;7)t?*w2q}IC<N_}%I-=<tn;^UDZD6F8=(JQ?Kvfcn{}aU1
zV>g$%Yt&vwE0f^sFkT%q#50VDT{3qp6B(n}AcN!a*Wr`yc0OuWb{&f7GbV$sqai_P
z%=u`AJ*`gig~m_G;-<6ywv?GOAw0J4iw$8f43)@zQ&lb8_WIi-$7~3iylsFiz?KN5
zSmHf%$gen74;?hm{T<Ew(qKt<-z^`%C9-q&wARPWCr7vIIR1HD%5-a}*Z}?GX)?6z
z!;N9u^xb*YLZBc}{UoWg*+SU#gPtUZUX{=7<dnD%D`5u4Ggi;jKPW>??5G!sFcRJI
zkY47@Y-^F!3=YmcJDDZ4FdjwSKbL#|_VAxXP6HwuGhAig#^yH&I<xNv@wMfhx<H)s
z>bTHd873-bu_#Me8pdtSK*E4C48`A-NRVZinT>cHcbCF<tOR9gZLZJcxE^|ZH(Rs5
zuIFQAWhIC6idq7Pam~+dW=lBGQp*6+xkNvzk&4ugOKYG>{yj>DsIS7_)Qy78Fpfo2
zK{`=nGgYnufHzX-BNTh=!LiFNw5MdaTQ`3bmE`Mda+b9HlCEOCi9=s_&_fp2hVEgK
ztOovjZ3Q~HkiAK|N37vD@gEl~v3jm-VyCvpJ}G_ctfZxl67b?h&v~j3`GW*_%`bO#
zT{;$g_H~@8@)&h$D}6A(ALQnn4tFax&}v6M5onZNG}?n!dn8&B(oaYlj{$bGsXC~w
zKcDW%x*2kWw7b|0YU_F5e}w|MwxfOCNij~RA<v^eY7(vm^4v5_=+;dgNP5vt2&7&M
z1-<@!!?)=bSLIuu-B)ikj+Y@}W$PnhZXWg~fMB5U)GUz5IF`+LCM(4|#6&bYRzmx}
zca+jHI=btRi}M3yW8?L?hgQ7RF<Ca_9$WW%k(m0rC`5ECq5w;k1;cF)*FLE;;lXoK
zYtV;jt$Ihs)<@U5f|fP9sRGn#8_~asSj;omJjvJL@H#?K?g7oNrUlW%=9BU0pOIg9
zv;lX9&*H!uNZwZwexELk5HDZhkvxkezCaotJ~Yq(xk&t`)|W45G-jHs_U+bEs~ynx
z9Qw0Tyy(heefM@W<1*$?lo#ShH^Q&{hG)VT#XZoiPnrow17CNGxY^orSPIKRg6Ih!
z$2FuRxM4VK-cm!XZED#(Z58V%qWa~$Lh4nd_WacwQan{wl)4Rkh7oQnMI!l$=@Frk
z9DK6IYbO^ZB60c<=ftb)MToI1+sEAgTG~`pU};5N#U*BkV?kpJ9*o<)DoQ9vkCK)O
zn_9j-I3;`bgM*Des$#Px1fTJK71s9lc10uwy@FtC{ow@3uac+H&q%y>_jw~D86MHW
znciHe4b=c=Q4S*LB}x3$qUSBD$hp(ElZZGWHKo<T{OOE%gZt$nc`G2ECdwZtl#pXF
z56qB$Br_NUePOe}=(IjUDDWYJsQ4u@v4sw|fcp-ejuWSL5G_mC_nh=WmypmSMNz!S
z8Odi}K(0{9O$9@rELeiWMzviEw~2@B8@GXMr0546w9~Z^yk)mkVL#^A8aXp8>JX|m
zF6~b=Z>U2E$RS%>GfJgT(qtWWT9hm7dd>WQC?^N_go8{em-S_)G<T>H(6D1!hPS>)
z`f9673?^S}cYmRoxD5us{sLEATq3Zw1>f>#?>z!`GBYCc;bKOHT}pu%tj$;ML-(q6
zPjv#-LE{}2EpzQkwxNRFk(5ZKTN56hC5)XK7p5kUX187K3@q`ml$*M{!}x*)kwNDQ
zf8nJ%x7{cEXDS47hhQn1Ydh#3q$~v5hTjW8o9FCOWD4)<sJ!{&V!vkIc$(s{_V9vj
z2IRHTF3uNN)JZcqw!7{=2xif=Mvu3d=x*gdvR5}4dDFz5KRY>m{3WN4Mx04LNx&Sf
zJH_@nX07jqOe%8~N!HfBreStq2m!BU-{gn=^TPr9-s;81l26gC2aZR@%3q%Jv;unA
zS$NZgItT@1?)sW*>l9F$`&6#?9@&4L9KP}*PMfoU-5j#&ZLFdl%B%Wbs==A9+Pn8|
zKkO&55YUt`7e!(u)zi|Fmlt$x&e@>yQhXRn^IY4hq_Y9{Ix7duDj-Gq=~-fzEH)wS
znAv6hHL&$`AW`l!%y;*GC>wn-M}JszSQr)}d>szM2>=|6RAGC~gfO%)(XP@P`Wz$W
z8P*%DMI)tTr9cHstcDcUq6rgRCvLHoEh_@>*>rxnJW)XVPp%L+04`^F9ZmR^({$nm
zi00AagKcZ~>DR<qgmiY=(STYWOSVoavrbMWCdiTc7uHpkZ;is~BVv(qqv+q4L4_M$
z>bFg2Sth^70u+CcZesf=uSMME#Ts9G%uSh&DZH*i*dhog<0t7xr_>_ydh~T1;loH-
zA|i5#sMifbZRVTI8aXsou~oM5v9}+0K{Z|$Vkq}#K>X}4Hr6!;(^&^@8>fIp`Q^`|
z^hia+*I!OyGfw6*j$)bb<i1*Fp!rom)SEYHzo^s(BY!?bo4}!0seIh$%vw3duFf3l
zlHUYGGL5DKkcy07JjHsJC~E7|wKIkrw@mnz={jqwd%tbE&cOKX#P%W(ax+HWqSDr&
z-2bXObBCrFO<-o<7$o=MQ@l<fIC%zDPPYtB>ou)=8GsopdwhNF_8xuVP*y2DA5K#t
z!Fc-IA=X+k!BQ}bNu#h;l1bi4Em-JlljOqyk-rHfdLtoNW(g++{r0A{eZ=1n3}Kli
z!yoHi0>dUW==k3J&<Yz7>d46%NnZl`s3VYKVecyvL(nR5!v#uslFly78hJ0_8ww#^
zL$orlQ!6%;GtxlX7XBs%3DtMSBtG1)5tLb-qdDp<mi=jW*2XIFVMK;Jj%OVbkb|Xu
z{AAA!eq|`&2TY|$K+|)=T(T)aqJ^mGGr%UMayW$Zzv41Z8+1uznR?~NK$V9WC5wBJ
zC>2U4-QvraorH#W#}788WMuHAD+zj)l)^DL<L~OnjDJ4CKtl@{>A;MXF>db^!fuP8
zD1Kzxf&y~7y;Z++x~Klk@^mb|uUSu(FH}{q8nDoLTYCc^7C59kUCnQ&Ky$y&7Vo4N
zOIpnx`HxK<Q7)zgjDsK!>x^YV=j1f+OLJCsRCRE)ZEU0TMnT5TOq`9m?Xk<!<p7*8
zO_H`IN&I76+DSjqODF98h0iWe--~R3w^Ugx{91WlSP#t;l3I9Pd)9+A9Tc}JlW1sD
z&E*3y-K_F4YR`R7!Z@~n#Oi6i^=NgW-8DH(se}u@=SZG8{o=nnHyXBcTfolU4Yw=&
zyK{YM!On#avfGw3FmWndVrMGcztzJW6Qeg7@`=utm&vy)9^Wh-%kM0sr}UTwj)-1B
zgo{q^Y$oh3wSWLAh~2Oih0S$DKPG`z#Qx>GdWUaTD?v|DEC9+|E>dE1&u*A*HY6@c
za_raN<N9_cQPQd*B?3LdZ~6K)AmiotL=I)EYU@(}+3?4rKJ_Q~NX0u^B>GAq$CV!E
z|N72PE7r6K%7?*uVZ^M_35V&*vMO~Z0l!3I$|wt-2pW9kv0$CL4fDl~e*5Cx2#*tv
z$g3Q%q%?b(m_BW#U{AW1zFTloNdWy?jNLSi-A9rdUSYB|F*C`>#I3OArdLh??}R!H
z^x8AOh?qfV-mKXzGj}0)_tOuTRwl&FgL5u;v;NB?Qx+P=Y?MAZR&1vgx-n{1Qja(D
z<%YhWW5<{k6n$I+%~eQTK}VybMRfZ3>CUe$ZJGi7n>8$HNtF%<8Lg7}v)}NE@KF^;
zUDkWVC1=#QSuyaUqXPHmv7zU6`eHc-&`!ty_!|aci7;<tnN73z^~r(pVX+d^J%V1d
z#ip(=3fgxbzsB@`L*5y31hQ}qX9$|=Pd~P{^t2T=S+J~si%?H=3kDgrYbT<?4slK(
zSL6Zl{jrWIEUxPhd>)GS#-A128(0%mJ3I*sF(5P0bE3j&w^gR$+?ELo>2!=u(jx|v
zuVG=$^N`%ys5`VDfFV^X$?kaD1G?Hwbuc`(NinZ8^gVz4@xwVtbxx(th{?*yNw9<n
z8i6Xzy~Gt&x#S3uW5j3akoO=&LqiYGfhQD%rDO3d{qL}>(qNGB^?9`<a=gKN_B6f{
ze!>Xe9r0`%PR&e>TTMQjS*OBvNTb4(S^)zU74r7se#>?<vMSYS=bh@sFVgE~D3~m0
zK!h!r!0EKRQPL0TX}3Sh79Yne1Pfo-LYO$Ed|BC_$d%QPv~FiH{zU)^B9{-&4VD#7
z%Xl?AJ2<(sAR0whyf~+%NzRk^J&%1zXBmq_TY{21;eIGgh5ifBfCGt>eZS`X0`Ssi
zxx4i=Gei0M=pyHPBI<7=9zYRC4M%K%U_?Ep5Gd!ov6yaxaJYX*RQItE1QlC9>bte9
zQR}1C#1D?=Xf3qW+DhkKWwhua_G-(k&B2YJnXuYEuk8eUviF8NZuzr2Xe_>}=q%pP
zIh8k$c4Ii+1b(FS-MJ+x9T%9C%dbSoM>5Wj+zh}4#(PWUYVxsy9>*+Q-yO~wce|du
zevOz|4TglA=<#FQQX=ek1xswKS8x6JIBVB7<2;A;vw51b$E4-cxyeuMUv6tvLOnB%
z@<YW+Yyt#WhBa`s7b=FQIf3jOKph*WNhwB-T2Sz|%jQC5N!SwKt?PKH0rBiDFeHa<
zi%mY5uW$cN;F1J^Jk_ntW_NOP&0bb{?vaE=C^O2Dc#Q1N(_D_v<T@P7AUW02)+Xqr
zX(g8+Ya;FNIVmzSmCAagySqCOFi9IL?0vIeKkeAv{Z=muT9c~J^Nmn<g?gXt-Dj`|
zJl+ib1vIx8sB^emZOBTE)Jr-1pXw~9KQ|*!t7v4dcuB>xqtCOb;n{n-rrB-3E>)Kj
zATh|}Q_FwD`2Bq+-_6Bu$wZ@P!AMUXFi7+hEcT#X_ET$IeSsn09vs4R+fL|dxts#>
zi*eiQ^&ECAvLnQjXWsQMbvb+~y5I6hIC}vStWvHE8!oT$nVVLz*_)N4RoV$ZQXYAB
zo5k)#OfCy~O>)hRn)^<CbZN`JXer(&s6bOg*ZtSR!4$D!01$8wHRZ}w46byv$o<X~
zq4@4T;leqOrnBBK)ZX_D4#+7hlWUe;0G+lVP(u6kIvRcQ*RLHrVnd_j>EKPH$-3H{
z*_MsvtPA!Tm(39*z-9lmQZaFs)3oCPd<7;500pzX09Ptt-pPnJgm~=B&p?+4G8+wj
zdz8r!OF5L?p`eDQh>DMjrq8l2=%lor$ZvYHJ8?IQS)npLzP^~1Z7AYi{g{iz8RM~4
zrH>GkJO&7nXl7uAXLBzKNpYR7(>H7Byblbm$uZej2=S$`Q#|orn~yu_yfV=2jo@WQ
z#U5m5S~;E!+ATUWdR?i&&4{(>!ikE_v@@@L%Tile7&-2EbF3EKwp$PaFXjBsb11|w
z`C;Zx+w-14^U$3h!ujWYT|S0h$C!x7#JHR~`3X94U8ny!#_AYgmErBmqRnMH^uMPV
z{S9!6Nt-qj;e#&ouo8L??G%eLjrwLpQwu<hHv*u4Pu%V7_rQ-Qyx`)x+W=Ib{aKHJ
z^yDpTRD3332sm!x0h%ZXNamx2K{B-lCV^wol)y<(?Aqz(x^uSaD}rVvMaL)Pv=muP
z@@{mlzy(N<EtnRd;G3Jcj@;SZV!)3?JlhAkR7tw7m*uwO0pYVUQ=Rjy)(+H+x70!N
z=8pG{y+5sG6~`H>P4=}vs1UwnCZuiQM?SC)*3}|H#)l*N$caqTFx$Y5#d<L)gRV>$
z_~rxff-D>F8mvV*&*!>rzA+X+n{5{;zUQWrkj@%E!eiDhN7ETMC7-FTgIMEmjMi<)
zfvtkIMy!FDJCqH#7a#+mAVp;7+cK1CU5f;X>R!zHzZMoI#KXQ@aa_Q8O{bClcvye{
zq}K`W2K9Z$7IDMIqI{4COSc{!MfU+^JlxpWSR_DUmXv$R+x-wwJuL1dSr6t_7A<L_
zsPj2Z8UP5tQk7AO)({Zc%Ql>()2k2FSex+NB<FL~VH2=@)zm2F-X!*HHfVo!s=c2U
zM~{x=E%$SHP}soVH>`+6-3<3p)q>;VMd5|=xS@d7k+PDYWieKn?P!o=r4ysdN0c9;
zazmg6f&`1lo0$qW<IIUOkRGF2Q7MC|8}l7v63(zXh~#51*lkqnP#37d2Ixqqgt-#G
z^%G>v^9z!WoOQxb`8!_6>GQ*h*2-N@b9+$AFVOl-X31`Kw~q{<%UW}qJ=*GlYyHsJ
zL{ATC`rvH=F&b}w=;GFNA*xkUjslAd@T7r`Bdmxfvk42TSWYMNJ+YTY%TxGQKoy<j
z{@%qFMOqo2rNY$os|SoTtA-+vVjdO54pH<5tyUh&lWg!ik3Txf0tEv89F*{7Qgks0
zdSlP1tI^j2xuV;vOhh^;Rp~~bZQP?R{9?Wg8SkZi(GV`seSj!k!dvN47wL#jZ(WVT
zWMM1*$wW-4+6hG{{G2Jkd{TOPrf-;G`UhcYk+QbYE)m=Gutf@&%;O|JIHJ2cmJ^GZ
z*M0yfv-vmN`3<d@ikgr6>k1%2fcYkjfmV!QUzQm(+t9LDL=nB19?^wE8RflJ^UFUx
z9mt$vwf$8Dm%r5Ah_p_g^94E|Z#bRis2&Uw@i&V*CBhQGu92ozd&$Rb(t;9Pkdrij
ze3TyX;l2(EO}u7=&^=M@_j02fDEP5R0#@<&*lfArXr>CWQ=9tE9p+a`^ILB1<c-(3
zBVc8$2kW7WMG7gflUOnE;>_GCu8@r*<{zVN2;jy?zx4Gs^>J77;SeYwz4}$zwCih_
z6laPA4-M7H_djyTXcws@RFJVvpBo#aDkhe}qG`Y~?PSb-E;A#Yp)Q^q?v4v$=fGj#
z-eOm+7SIFWCSXTCfBBNphHE_Fc-Ocy=AlMgGU(n+<)2n-M=Zq?Elc-B>v@lIre-LD
zdD2caVwgxe`VvT-F{iiQM+G&6`HNJo&vv<{ohW$owHFg46+m+6o(>A-{@evn$DyYC
z!A+@7Xl-F}8;zm<_(X13nJJw1u(^_P4a7%*#|aLm!{0M3?|9|idt}W53DH1iqft>+
zRZcpoV;;nxHT-t8`;p^~KxPS*Y(0P7$&RDCFPkeYNtFd~G=e_aKEgv0488ScqBLCv
z`jj!%;_|`{Evp(E9X+T*HOj0XalC#A6Fq{wW4)<EB;wMAl;A7seKEu$|54y%=q{Z1
zN<z!GIOp%s(lNoUuV<=uJH^kHjfZqvr?$WL9|=U9bC|bDB~&hko+G-=eacD>Ivp*+
zeJVTmz-cL0L)<GEX-n+iMFv;@dyy4Q2FwO=Ui+It)WAvyE!!E$Xv0cb>95?I4~K@*
zBn9BW5<A;&OX;gMU<FNrDTw8gOZXMOMx^+K72SD`hR>pr$CyV4L=GmHH_`8&;R6{n
z`k4;+UTl#ws<P6#TlcL=B3o(DD1Fa3^Ykjkt#zS5f*o~jvVO8tCjz7ajhhf*X<BoQ
zl8HGV!#uQUlxF;`MP#M9rb0bEDMk$;_<YYqB8csW`OLMoF42O-r=tdpg!(sUX7F34
ze><F>4>50j3*a7j$}51JemFVNI$1v1%tyIovsuJ!5XSNO;lLA7M=Z3xfL2&Z$9!b;
z=};Yl5QubUw$dQz#^8AlqC$_7LAE}gzy14%k|Swkz_~+WiM#uSWhELCRa%Tpv1Deh
zeX_T#x-~RbX&GYsN`7T4I#26xeaKMjeF*`hz>4n>a<y2Ng1%al03KbkfHPh@()Pjn
zDB0j>sTJ?i%k_wGRwl`nm;_diC`j8=)htmRot*JAp8iKqK+BB4dHFkn+BYlPppJvA
z?d^QVUoeD^FHYC7l}aoVdK{ih*-X^jsyjWny-N+&W>^%##ji<dkVegHcbjeMPmyAe
z`=&wb_KUAM-YgWEIji1E0%B_97dmZ*KqX2t<<n!;EP4Oq-3yib-`3ZSoBK=oUn8SU
z`X1&#=FBZtsy&M}?=P#qgxjnRd7QhgoT&=RCOj<YUnb48O8I(nIC-vlpVRO`dh?5^
z&(d#{a-FhcMYrQ06C2s*=p_95XhKpmk{NC}`a6roT^fz}I)aB8i4#qEZe7sT*i#zo
ztc)L>eeM_0ozBh?4a{IH9-34YH59~jh~%yBT(%8s!tq7}oQoO^lkOH6YT>-v=mtQV
z`i%2{R~y6k-t{U4{stl+tXS~v8w7!jlQ-o$ltQtCcc>$n8n>%HW|cQHP8)p@#D#d@
z9|kO;n-br+rFV8deY&Y;gRq-x0akR(AP!95JZu*sUrA`Uo2w6<c!o)<$^l3@`${-C
z6l=vm59=p`*>uaYccSIypq7a*n!;~!O#v71CYw8>FX%{Pw729Mh(kq7D^c;Z&gmgr
z_{w-Suh6T4n;lXVr9crF`dC|viZ|@y(D#C&j2M)|KzdDT0(T&I(B%`_G&#K=BK$lY
zL8WtD*u|Q*>|FFR1@JNw-ELh16DHJWPk%gW`~_g8h@dyH%O_=!6AlLbX+ukHF>vMS
zQ3|qrw61heg3}*S;d7Wn=`HLP?3(GHE%tGc^E%q1ri$;|Ky;|qqZn13qzuL)4*&up
zl}YarclKyx)zk>a#EgHqJFR;GiTe1izIT)JLCkoMjP(?Hc}UI*7h7?Q;UAK5-PIEn
zd-AqxU6Ww-%VT%wC%9u_X!ZsGEEv|1y$LC(H}qU5%pyZ0^#%4#Rg0aT>Tr2)bh837
zYES$H*{K-M7?Nr&$uTC$5^^ivwlQCD!<m7kHnL6TW|+K1v8~v_t7>*a99(7i2d8I_
zoCh#qXZoa1R{_pw20TCRKT%DBpCRsV{7K=Iz3E@iQUaFfl5o=K@1Wa5d9=E%%AiQ_
z84?w>T74j?tSn1q+lgANj4Vo(B4|^6AN~at${Gj>YWg+lyC1^%MrR%PpTve_@W7=Z
zQUa}E(SeZq3*gL%#WJg>3hUrKo2cO@VAs<kD<`0buG=C^_sdWcwkaeFp#mHmv3st1
z?oII95I~X@S9YS5L!V5SsmGinRg|MphJ#XXg96}w%Lcz*dor&t#o9<Ee!g$a*OL`7
z;IQ@4C@9-|0b{bYT3FwnCrT4A=}U?Jf$wHPT9|C{BPTdwNnUF$?B(U<suA-780r}>
za<UMkSqo7MREZ`pt3=41>WW0Bo`=h{dT+mzEiUxvk?`#7dl94DM7x__J`l&zyCh$7
zV7UC~SMsV=S8-zf9oz|QNqDp4i%(*TVVMKA8;T;wj5yVe&!1f58NkRENr)DF*>N-$
z^y7Pby|*}o0M6$gDGDCFO2WP2xzAyc5b4`+V}|ro2=E|Z#1;5K$rh+2R-pI{u&|+^
zqT<5Wfw61^DW&nJ<jyNU{9$RPI4kQr^s6s43!kKS6*97fg~ULEDWS;r_J?D`!_21C
zRWh(f;oZR{b04~a{)m{1tte=H(_=n7lG>VF-jCM0zxpg*XR}W5CJ^Dt?!1Sj|NRyD
zY4yv25q5R|8dEp;vm2cW5+KcxxodM-h!8P2KP-P5cGt*>llRpa%0Lo5U5nXvC>E?`
z{FB}U8-?cE@}dv@Aoh<)Ps%RN8-tY!^zz)EE|0rPH-9#jc~8`S_MT=25l(b!^TLg2
zqk8i}zlx?_0<vg)MaX~R9yE}KeV>BPlDb9z&#EN=#mk4d<}V++%y$<gVRH6WMnk2h
zdUz+rhkQ$o8Uv1toR(DzxeI`Fe_w{2rtD+k8>U}tR#nIWlQgLD1v2`OM~Ts0gvv+B
z54=fBY`jI(K(QJqEQS?CA$K&-d;vV<rGiS463c!(zyr?|kk-Hit$*NW+agq3tvYDY
zsfJ)i3J+cakBAYWl149r2<PIohqu#m*F{T<1cO|F0K`=H%bh`g=_M7LaM|=M{e?$v
z&0B~^a50?0Hvq7BaeRp^e8Sha=A`<;FH8!biu#_+HyJHJSh=|cb@n;MqAa~Aq87<w
zqP^%~4{);7m9;!h#N0$|q3d~03!C9Ml-P*yrhO21;I;#CO73tsZ#OFL#L@PDYim<C
zfjRH}1{wGJ`tWZGTLKrhvz<u=y9$ziM~wh@-O;gc^sDGh`{mJ6`bERWxZwB-k2an4
zNXaKVPkEXa;P8pLxRlA6$FOK(MMbZQe^OCSSj@4D@B-}<gWXH#l!-vAFF|F>%Fy2S
z_6F!iS#eaheBqc)e;N`2GoX`K(V%j~irH4jm~WSDqii8C&c1hC;r!1?+~&1`2U$jI
zo00KqzsXZ=JFG>1Q1A=_(7<;Q+c)uxq^3X`0M6V#*%N`y-uGabp)ATS2^|p##h`!|
zK*UT#1=^T^HsC}}JSC^xJ$Xkdsl5;t5C+JF83IEl-vg5M?rNFC>|Y}XoVPJpV0~O!
zbh^fee7(YqFu;Ll7CtetdPiHHHSpqBtYZk?VfGdg_zeSwe~1v9u~n}r1#fa$^!Nc`
zJ@*VR_873U+hFr-`T%L45xk$pAZ(^D0zAAO>;H4-f4(t_0J){b#ij!kd!fG%;RJgK
zZY*ogH*EBz&$}IcujY`75)5Cqm)}~jdJ$ERlgcGT{jgas`d!Pvlm9PJwh#~4_%pp<
zxe1ka*A6R{AFRZB!&OXm;Ifv%gGtu==L!wDa6UKYUn(>Te+8~zB@fK?tDiEM9^<<H
z^Gg8k-<$lRzZ%Eq56HUyc?_6sLj?kZ9Q~H2$)~?RITrP!6rD#f6UhqzCMDYB(xgxt
zyd9(azpm~Udo@4?t=*8n!5f@B$m7CSpuc_F3sijRpONw<h5R<GezY)~h5J6h6IMQT
zw1VBjx3RXV(&9hn<)3eg9s?%KuA}j&7hl}9bq4riFa>yY@*g>zcO<v98JQ}f`k&1s
zMH~XGf4~_<4s`#9toeJ<Q`H;pR_YY=wq2eiaF-{^>CwHpmA_l>zpod$3DVOnBE-F}
zdwSH@(~d(0j2n~a+ttrc=<m=s>7TVVwcy<mx*3aZ^7}9`a=Ns~wEx&+&O)CJp6g5e
zofVJ_H!{02p|{-$>?Z#{iVO_@q5L+$EgTdsSr!BM3Mv(^Mq|npcKJ4j2AQ8<sCp15
zE)5l>zK<T;|9*o8L@(*9p-XuWUyyJ;c3X~M@a7hK_S|;0U|~-LHZwbn@p3r`B7XN4
zNQ?kjwB`~lYTKQg;@R`hy7_0MND{B+UYY`F%=P-`V1@D<I>cmBQJ5NoLLB-`#lnND
zh|4bm6_^*wlpB=lAa22TyNsH>osR8G|C#N-<O;A2w{Bh8NpBal3X{Kg_y+bzR0{9F
zY!9um3H2GT`3|D8%ZHD1C$7Q<VU)y-4DHh7H+;OFRXn}AFir#F+@aMCSO0ef{xBQg
zceyi%?3V3_t}psOb`2soTxD-3@V8I69cKSd&RslUqVH-<$4h<T0Gt10zF|)K>g7a@
z@TZWK{Jo(iWywfS=^ZXtnN_V1ALaiwIq<)?j=#sv%D=Q6zjD~im9K7>?_9>DzPF>t
zD6XE8@dhwoYH)lZq*bu21NY_l@#qO8LH<nM|GX94)z+Ezd+_QX2uDL0Y>9=bADQ?6
z**_fxNk})L&DZn1MBRX$y4Qz3Rs*YL30~d_;Sg=%p9IZ+=S=kW)l8Lc&+1)&BHG9R
z;%lV(tQCslR=_37rogTFlb~-vfZ1YXs+&f*uv=Wc48qp;dHTO*<oZIF`~gwot6Ml5
z&vjpaA__+jyG2FV{pzomxmHIbJGwu^APl<&g@^yUc$lfNxHL6W290A5|JSTr(q7rh
z`#wow*JH|f1cvL=)S=pV^T!rRTu!jsw!wJ)^m2>1{+&LU;e6_+aibV!`SD)C$Vqo^
z#NTrjL-q$)?gjwic8ZyLp9eul7E^jd1>@QY654&bevNB_1ig{vZ>!)zVz>Br;UUAO
zOe_lC{iQztm(~_|{-R3NtG}Mog;|C2GjDZ4u(ancZw<oPe(dka0<MI^-`)$O=W4RM
z<}%hEkLQHr>*6x1mXXo@{Dj`vC}q?i;I7f;O^!>bj#lNg3U`a)wS>+yv?PJV=~a6B
z|1uH<P`1ttk%f9Y5fl700W{dfhkcE(Mvw8&VACtzfMGD<mO^#)jbIfQC#wd#>rGpL
z19nG&60_S=m^YvGdv_GC@>(J~uMFZ3^FG(Y{={@T&iu&Mr<{4V<q7<}NteX9$G$(n
zngI3=I{IP{59MJzCLX=Z>hS1T5^XSc<HF<HQ(yO27x-wOM*=Vg;VgBH7AGHQe`5xE
z>3-aBH2gDuBvGPbr_jaYdg@?K*SDxgJXb5}{Dj;7AE$#7wz(<qH!`SyX$7a&iP@BW
z#?=@r6#>hY9pLS=zW*9*?t7PyKU)2Otd$tJP#z+C9H2)vnayM!(m<Acz&o3Yv7hfI
zl}DGf=t4(Ai6iXd<ei0fo7~$wDsw`k1v4H=Nf1Eq`fJcQ_OEZx%W2ykbU&@w5T%oG
z2fV&`sh5f-Qu|{S_7a4f)-rPEWu193O1Czw#&4n#v$JANR>h)MyKMM*d%BE1DqvAK
zNIA)C9Wl1lA}M(`PGr&*&s+Y2)sfwR4;z5iOkbma#3VgzrKO>wNkdG2L8U&R_=L>$
zS0R0mj%bfgsZ_GnP(fq&(`fQcO+pGkL60`Y8!n0Ox)BpZ{csp{N*E>EVsP_o6Wl2Z
z3`&Jvx71yapvx>f6Q9bdye~XGp_}iy8Zt;jMCF&i;}8*H!7zdvqpyCr(jKa_mz)kb
z8hiAr0PqJRAvpr?_HZNU>NN!q{npb{>Y1~|`=q0tvAS&@PSYnPKJ@D%rSf62uU=;r
z%HlRe`h<Mt5eU&^1^6(p7g(e(*aS=$&-NnT0_FuEK$y}wuv|H7siL@BS;$Hg@N(#I
z;34)kw&Aqd!FI^%xjZD<h;6Np`IfdsE#Abk4(Dr^Hszb_Ex2lEw<+j<(6i3_VwN-e
z19>IvUgS}#a`cl(rOMEII@ZxRj*AD+BOQ!VesYE`of)})PB2=fLcOh+@&Hqp*A}ly
zLH8-6g5r6cc~nNr0l6TmG7ah}j2n<VE;wBk7KR=-&p#S}{;i|K|CTBPznsmXTcyKi
zr9xv`t}cYr!$zW#Boa$%flO|0+kO=kz2~LgD<8M9kaFKw&$uz0;x#Ej`F(r+<g~TR
zLU*bwBmss7sEd=Wx*DC2sI!-TQ=M(g=&VVSmAj}Nqbm<RbUyXguh%U)<KW!gJ$v{`
z=`&u*^GPv+8lQDiAcVPc{AlOV4+kjP_wxZOBZTZJQ7E*$Wo`Yq-rT!pQx{%m!?5l-
zr)V`6wx}K?bmnll#op9=BuR8`QPoI*IUao-x~0d*%}t<F{?v9?`{sGjWSKJ;*{|}U
zC${*jbP~<dkF6<Gr44#|gAxa_7}L8)&ED5P99U4|tc&7Tu!&@JSj6&z`q#Iu3+oQP
zGaPJ9xwd_NzOcCG;#usWZgflnitF~|j}Ck(b685__A`jSLgXuf8#N*=6*uXP-iZSB
zn-7Yc!CS%FHS35Z?;O{eS@nu;z%<`^F)zudBB<?~n!Z;0)<{mHBn4#^=EGlCha9M8
zk8ryzZxGOYP34K0x$_7uSKsV?$oB=ko}gU|#dK$`Lsl1UO`Ic6*jXfTdEAxib>wf@
zS`n?X=@z3XJV~<4C8<4rufBk4OcPQm=)9bX_u>ttF*TLO&6CZ{rYUIOYTD>osJo$!
ztg+u%`M&$j))1CBwz8+kqPFLqCri-DT20%MBP|t4+tDhde7X%4`t75#wR!_%8Xi_g
zMwBX-)sQ%j$3#>bg?ex@5!q57DK`C((J`=4{V8fsrViaXt1|@f>FL!9&>p`l_nVqB
z;<G;^$<wR*VWSOoN!1TlsA$)Pv-wck|8Q1ccW!^~XqyL{?flUBUF`m8)p=ckVFwLP
zd1A`qHys}|{L-ZQ0H=$+vtjfaJcQ%Z$*8jO#f!N8?K)dj%SzwlvR3FFc??OPx(B{G
ztMRLObw2ER7`1FpZmIY&jJKX{pw&vsCL_jtqf|NA4F2ee=lw?upy%D-yMgvsALpw2
zQjJY3tqup0Io>2YI;{?Oopt-Q1joer_^RACOO5Ap-5jBI?Md<2eTP2tw;<H838NlQ
z@^p7$nrQY~bM|*hgojzc4<drdwz0^#IUoC1Na7_=J8%46_<Iw6Sia^i-qt<>qo=+c
zjI6yANO$l(@)yT?1I15chk;uuN|-bR*d;Nj?apm)_P7a{43wpB+q?q~f$CMpq?*_V
zB{Yx1;|Ld4+pD_U9i%;wHR5eLp)u^SJIXw8@AVj;>S@deg>ermHp-}kdu>hoGwM#W
zNx611`nA$*mO(@tjFFILXDiM0(=^8>B->YSOH++!>6=cdv=x#dM98fA+H%G>Dg|}6
zhOCvbP=B=FQF&kG{K0JEoPV|jRjbbF4PU`odN}}amOf(;o6YQz{Bg@ktk!JWtGqX{
zm{qgf{6d%-6h=D8)rd>PAJWJb4{|t?a$;ln3u`A?4)mJohkeCio9m;AxTn{|`Q+P9
zpuCJXHX5_FYCH45(QH;6L|rk0($Jy*yRTu{P_d0+`Q*^P?hZ<c_rl^a*H_T@lWQK2
z93SP!rmuP7jw!S-FQVLAkqW2Y_pAfZhIe+)vj+y@LH>Dlv1y-_JHX8AiI{&fuJuTT
z!r2qnAPtOJ7WE*yl9wbw6y%J3w#FVr=@{Tp4?e*p4b7gHBi22ih<VzvGXvBn=L(La
zC126me6%A<xs|8?rBhEjBapf2L`3*oh4<<GGad_~2eiuZA9(94scZhik&nn>oV)5E
z_e!y~&O}Iv0fmX45PlIojL0H}sh4C>Wb}Yl|JkI#L!dZ3-NBH8r=bsQ0to+mi`cs*
zIKh8?+_wJwNc!6uSy^FG(c8##fTQ!8NV^F#{}t%SCt3kWw{ReY5E4erWqj_j%DdW)
z>iz<iB+{>tQgm2?LYW3{iMr05F(~a_6r;@tyW{Utd>)LCV?TO99^vR$<-P3simagR
zHomwpL0~%}9T)obR1G&ZSoze&_C@v4(;vWLA4t3^)Qqpz3xw{x<>5s=IM|p#8ZCcr
zpNj%>&g9=z7|&)#CaB4@oQ3R`uxPTgyw<U0&adizcgkR9P?7rR2f?jK(Kk&|Qs`5A
zpQ3YSUk9qwy<Hnj=SBM__Y(P3mHst;N+<l@U?Hnq72L;D=$iHb^=as#)bi_-LhE;e
zqn)j!w$<O9vh;hu)6;*@Wg{q7p^^&*O?92)GDOLTii=iWZO;M->&a$r*+|aN(E6eC
zd07IY3K=+2hE0HUO`<~xQi@;U!Ua-F-o*h2SRz^pOZBrI@7SWz*MXHdGdfH@x@Ul4
zW?|^h|K$l<{7k10i=oSCiLvm<%r#Alpg9lBRD<)IG#lR%k7{Ub$+ctK8x;<dy#s>-
zZu1t*a=o}^H+$l&zCy}lg^ms-s5Bpt22F|9Rdj59)Xi)D1}H~_uoaOjJuhK;=?m-{
zC)g9pi#~=??}-BHK(|mG?PldH#OyF4yPH^KFX<1^{~v2#9Tim<^^FKhNJuInp>&IM
zm!u-yASK;hGlGmX0#ec;(%t1Kf^>IFOG`5_%zSt7(dT);^?v_-Yq?l=E#aPf&e?JH
zKEM6j-`c}gP~|)9@4YRc&r<8S-G9DNn*ey$m(CW!#IpbjG$@hdnOUGr$cSlI4Bh$#
zK=d2Bey;rGbE}`})GyO@ZvYFXf;I<wxuX0kJKGe62qz?u`==g%QCI7&zQ<N>a}*)T
zNE#&4Ts}S|%X--CMX7dNsE9u|CMN4vy`feZ?m0eiE@7IwK9_iLxv|{K@vpXeUJt8l
z&3$~b?xk6mYYx=xH=pc8P2ed9iba5xOxxC@C~4Qeh-;lxWu6|g(d^6;@o$xy@H5_-
z=RDa(7C0m06Fly&BZM>_xSro9)}VkS)yky=_<7wVLnCGTE(2@8v5tC-1=KwM=vtDo
z?q6!?ckR29?~Sj1rGlv+6a7y0OOjPM{ixmfmHUI!ED@VtOoCL%np`4_2AQzOF5_u*
zc7szw#9n0gi57LuYvW3F22+-!FNgqbX?6LNEwRMV2@VSW$JoT=14!I~bg`A1uBk(p
z7x(7{W^s<=h7kd_%H2Kg?TzReY&h-%9WV{XFAlz&fn{NB=cy2OzBmzX*V>)17~OnM
zSyp!bq=+bpbIq|-+tkC55+i4;SH>0kQ;*+ercu$-xllznH{g&C*ZSIwo_`g66!{6l
zE1zvW>>OGg3j1Xl^)uO81$=WLQw(VCwFJlNEaPQMi0-NL>Lb2NvfOq6cXuhcP|M54
ze}U07z5HgkbWyv_-1iy%_9(tCc3GjZYMsgHw{%t22~}+)+vR}Bxi7>wtLl93XBMUl
z`?M9Kn^x&+pl?4^Zt?Tn9TNrB)-1k<&j~s8)MRV{V2yGCiTRLX&C*-3-qgcK)K&J)
z;6-D9ev(@bvtA@dr!@)-#2Z{O`<Xp1AJ-6hedQ<c?GMN?c{`1z^H#UZ0f(s?)AafM
zWY@~IY^4O-oJJcPmLi|P48STQHxX)-9IxaPSQ(6iv-e*T6{d-~-BQ;e5DXAfW0SC?
zjGuKiR8M1r($q|pZy;8}j+ib>)(}QCrFoDLa$-6A*(U5VgU}$0=^h?4A&><{Yo>mg
zgz6mBq8TX0%GQsfSgyYp5TcRQ*gHL%54jidy*f9`1Kv!p@^Mk#Ju}OBwTn*hgG-y5
zhN1YnB1r#xW-p#cOpGx-+gtPV$Dh#}I^PzX9Nvowh7vPViKj&$Ro+R>v$+rM37TsK
z1EHc9#J@+FqkjJCN^z6M56*IsdS&tS7P~>!P?Z96_*3SKoDCeDO&gmE(7dfyO4A9Y
zG!Xg8QC%TCH!Nijn~u5`ACNC#{}e!^Xt8Npj^a1EKlnAZLNCt2N6KGjV*WfA@E5cw
z?ffT;1CK-1s9LVHOfg@BN4W60IA>_C2?hwsC~(Zd$nhT808s7OI|;_nqPO?~{dugE
ze6|=jZ;8@_RGQ)f$?lx(FA@NU&DVW>DmqoK0qR=~RlFe3)kWB2fG_igQwvXz;R9Ua
zer5mwsC)O<>P_b2HnDqBW->$!BTS7IDyq{V(m{q=c<zxv{2Ki+e;HjiaZ7Ob5u-pb
zZOxR&`WUu<Lvh`qWkLg*JSt`2dL6fWZ4l*m1V3n{A<`SjX|TN;UNVR6d(^CvWT{VN
z+Gx&G>9rUVXeezWd1D^l$f(oT^Eh`nMM|f}R?-xRRNBPK4;u_$*D|TF8`M#W4y{SW
zLQ0;;bt&CHp5W>YXECBMqCF#QJ|(+vp})q|*veQOMdE2c3p7lfB*!JCmp%xQ1sU)=
zyl7A6w?uX?e;fW5((jlZk6oVq(;imEApNl*vcCRV1l<))9{FpWr8F3NU+PhQ>&K#V
zCG3Q3k5tcfL0jUm`4&2*T&16w=&p?nGPM+Z{S$nXrFtAC_j=6_-?zW*IURdmax*IB
zNkWJga2U;$Is4(J>C%&)^K-eFQon`v;0~tiJOHs|u_SWWSimV-3F3l$JAXVnGtQ>f
zd9vfaGe)Wq`O}sbH_k#){r>8C_V&iq@IwFynR8e%#VD}3ns`MYjcJe#aAgf;Ygmbr
zcQ{bLJ$`fB^d{#|md06?pRYbLU8rhpIY>m&RgEc5MzmJ=ZQxHenx}46<j<6|jzv+c
zj;qpd0XLjsa)t)u?;}Jh&K8`p_rnf~Yp*hvts*`YyJY<Qt?nFq??vQ#w?p>Gk6U#_
zhL7WtfDYFgf?&j##qmlruJnn^BzDz7*d#B~W@1?!?pVr_Qt5sm-JFxkzblNU_c`aK
zO@hJT8I+k2+1{ZQ3^ZE`2|9MZpLg*nb~ijvc}JgM@|&ub+Cp^m5m@YG`#utQ_n2kr
z+5XdWgFMd+k241Yfp4G1&dp+?hCZ8Hl{|b-l}#S~^FtNWn~Ci~;xn$T+gDF*r?)`N
z+H<GyT^wHwy(aJ23RbJ)Mc?mGUQ@IC7grOF#pjN+OFvDjt-kX4>rD}V)qvMTOQ;@8
z>Gw59p53czu(}WMh(V&e-nAw6Te}c+AQGjv&)=^BfdZh~s^a7mhnLl=iwLv1(Oxqk
z|3Shv)&&~QKfE;Eh~5Pj*K^I(ePs@7Yqc>bL&)KAS+0>5wO5S{l=2eKTji0<DrxTG
zYk9~4e($1_?~#ZtC5`!CJ@!`x?h*VK<KPZAZ~-7?GW21z-I365e1m4$9V=&^T>uMz
z6ec)qWJ)h(H&erM46rSbGe$J^#gHk=M^P-r2@Yp)tHB9nP3aqLj3NnapJ%i%2?9r%
z-uxh9ikR0-G?G5JG)9wJc8{c)#kq5CYi+Xl?Q(uniU=bgNC(Jqq6<?<-r|ys+kKe(
zP}R}?IH(`9Ce32?rMqbcK&3D+#Z>HMaTWC^{1cgmj0=hZXSqK5%2%e#KENfqC5Or*
z0p(T4uplzioND+h)12=YmS+i^nF=o(tj?bMbS>q(nj-M^5p=zefRh+8*+$m|J_kil
zh5x1*TW^@FY4Txg%)<>^et^?NsZWhfvxK(YFCH0`j_9u9knj^5Q`HsEmHV=(!KnA3
zuCcsER{^^~Y}C23liDtdAGeNpnyTZ)cu}e>*fUO7PBs0BaYe%IBJJX6GC7sWlt{K{
zvZ*c#2(Kx9o(|_*qwko8`hu<LRz@G#`8;;U<VaHAkj(=Ji{3qd>51I|tBA`zd0Yt3
zI=cl&r9$k>N>$v1#HIFw6-nG*J+z$!9cs;m1o=b03QJkE3X<72_rkeY(j>g_$p$j*
z7&zG<+`R$tu<=HWbRA;3;C@ef+~vv`7R?eP=mKOk%w{#fqQl_U-F$fK#W8P0k-`rj
zATRb6VDY6;VrJLZ*FQLxy*#Nnmc4rPeRH9hV8KdSPNVFV6>h9hYm3Gw`};05IX4#s
zk(y;|=Xn>3R8+w$NhKe8Jf|t4zBBvSpt0LxQcg%Q9>j?u(gHi;f>ti<SWIq%^$9yk
zhsDAAflQ<*hstp~ta_D3;Y`)6Xam7;v@L}6U6-&_bC=0sz}dV#oHDLo%f}X;pTw>(
zB?aA8q!sLxZpl5n%>3-ueD)KM&gTruX5AS1oy#S!vXpA__{zq{=lTALd_c{eJveB{
z0J?VWwSm|UJIdccJc|er^E)Hm=$e?KEwkX+%?90+r4TO1U7rT4bsUN|RF!XB9JOCX
ztb08g$k|uMnLJ=1@x32ye8HkoSK<R#pIgQ}Dp>~uIMIiu^m=qV6Rk-Ni3JYF>Ud$*
zqNJi<RRM^eti&-6@kykFEp*~C1VG8Jx|wo7CAya%wUS6Jy||Dv_0iF<;fl(*sh@ks
zUR9(7je0ehg6|I2czX+vGS%eP$E069%MoUI<~@>OU2$!8UjRT39p*gOdrX(!EE2M~
z+I@gpOP}%XWx%Bbz3e`~tDt{4TN3&3PvVvP1{4Lc1C3_++hSd-u&PW{@c}uy#nN))
zh6$Rl<SLs>4xkt!aHT|cmJ%vdk<uTsh|!(X;IQb&z!l|PYVlX@=o$WKYj}w@uO)NZ
zb9~AIcJ!p<J(AeoIpX$yUzYynP^0NVSmh#>DSg)vD@?WEt<%!eAKyw0D!^x+#UYJV
zcOLpz0gg8Dx1&AL&%b;@V~B;@iOEwnrj)~NKv27zkS_pjbv23-0P5uDUc`;x#Q`$s
zA-VGS&B1-Hrl5h653IeyweRDy@9LZ9I^V)ntr0A^(*rRjf|MG5Zf6G|YM}HNPZ()z
zr(7*d*_9jTmjXEn4L-Nr^Lx((&la`tN+lEWJNE5jzjasxk?ajOsIkY>D%Pow^lWfq
zQK?DL)gN}2OICpG1G!#SokG^|xI``mtl?HGE(;U&_V*o9s*PF1m^0_2Wim|e-wdT%
zG<j^`x|A#>x$!F@WS_N{rdm@s>fRX-c~=;yRx_kShg?79jmx?cPiCo^t5xKU(-A>p
zYRRg6mFTt1zyK-A_ET@>r^?8aI_RrXS?iIK#-D*4E|G_z29G1gkg~79`BvtqERX({
z(?|*CSo`7xiGqK_UC8khrcaWI?h47u%a}NBYBi}4GG(#*@hfNT2j&&F9j<Oy?#S)%
z6`ctuJGgJvmHzprWp+JK{|sG#TbL%b&jXGB=5HF*+dqC77Rd@Z8(LToPz8=sm>Uk(
zLSQ9Cpf_^N4>{t8IOzjhmnm~44!QNE3OI%)(XvCp3B{V<_N_)+?8)^@=PgZZCtU9g
zeHK|nZe7ajFI)|-o+e^&5V-G|W!x;$ts?=Ny5SZdA6DB#0SDT8!qy3GJ~L5Gli&lN
zLBXq{NrEGDDeF@`l6xS^^?oOQ2VJf?3buFK^AmnoEI`%}Nv|`9;;8S?)%PVQ`>N*7
zX7W5c$+2s>;c)@1Spq?gO}u$Va#fZS^OkF4c&;r~3Rl7dIZp%jz0B1~F7N_a1;Aa4
zA2a+pOV-Y;?)nE71#~`VZsTi3Q`n{JT|Z9E(>9AETpw{Fr|`Qys$Tj$$rYq(Ov9XM
zNqaWH_RGtMESx0aYa(|nh_^#WiI6jUt+fl_tPz1FI4n8*y~Fx~MCHtowSCPTN=hoh
z&F4;At6@1g(u&<D`@Z!`NY>veRQR^Nv)y6D>++7U1u{mWPM`qv*Y^T}A7<K&cYItb
zG-?24;~Qcy$P_0CgH!U`zfNG&N$v%RJUpc*U#)tkl)RezTE9Co95oA2%>VeQcJfBi
z?S>B}0f3SLFf~Eyc{z}AGFQqf^UmkV0)t{+(TQt^;>5ogZosa#die#5QWx&2mdq+7
ztP1N#2)pcX8_L+pCuTb@(biyT-d~L5V8AzOamEKAwYMyLI>PD)ot7x8<ni-n`t0<y
zr53D!8|fX2-}FU%4|KBWhs^LWIodc|VMY%5t?oUyPb{Qfvv&#N_;Qf-K-B!o(v+8^
z10P02_--c!Xy6blQn~FET(-#??4{ToB$hM{?W<S4k|x7SkUGs=?#lVLrpy@FqN0&!
z>p`MYN7f9;+w1t7m#cIknIi$zVP-&^B=x}KR)wJN#X8lcWM)*_1xqh2G)YKsp&Otw
z^d`G_$M=dDueyVZ1U*>4_1MN*jsu`_W+w%O0>YsfwD91&s|cYRknoW_A6q3H{pDYK
zIjprZy=_IV@Tn%_gtESg68#%B-lca?p<?2u>kwqRZ&RbhxUJxyG`@vir9Czd@7P3M
zg5~D?#0cOgbvS`?%*8iAt{66Sq8tGsaUI5~CkdF@Do#9|WtF!}OT1V+@0R<z8ENyr
zRQ7n)xK*ghFz*MR>4%cc9;6#1XmPdmrOG8qe4C@eiq86(>}BmQ-dgoblW7pE6krsh
z!L6|7lb@Js=Ou4~El2a8KaSX9h<*Aj#iu`^x<m$KD+Fdm@UM#?K>z3~iZtekX6?Mf
zQtjF1_vs0^LWUpE;%X6T)O13acvsO`;$~-gO&vpTv6cung@6O2r-NSYNU!R|Ly7rx
z<aVhEAA)ZVe3Bud2Y4$lQSon$PzRB~!HNA+N9M?A>A)xHI>OKlP^I+#3DclRfNdkV
zqmv1(KUdM;<I7u1fxPBz4?At_V%HvF;M@J$WY+=$ONIu%C7H38b6ARqR+d6C7Y_34
z=Y1hz02u?yAzIa@m2a+PubnaV4{i(C+k?J7oxW9d3I)yUvq?3o<hFp-sPwc&y-rIS
zGL({7-jMA?gnq0uX02gRi5F#ge;o58ntM1Mo?{CCx4iL}0SaAFk9Vy8O#$Gz>siHK
zeh&#lzlk(O2U2HT9bqsam&<z&fXhRPVE|K*kXSaLd8f;Tl6l-b#EX&5`=2lS9JwtZ
zHC-YAUFA7Y(O?k|t5!;2{nf)(E^X;v>cF<M&`S9<(tCb_F4`O&r21u)AWL-K)OB9B
z^c6L;=2T6LVZjSiHB7Mz2CqJyY6o2V<zHVN3$5Qbn@xY3Jtq|LKsx%z*zSIo`NY$M
zV$-ymxlTvvlzZi2(s{AZbswIrC#_juS(wse6&vXXhfxmac<FE5U_0*VI0;(;>4XXN
z;hKA51lJTOMHG{;bExZSeGDC9Rna7g-A`50F-~-Jo41J+X~WQS1d>mZi2}@qUm==R
z$trF*MC);R_no+k)LWa#w09#j8w5#|yq;j^)!Q#%-9FvTE9%QOLCQnq(g9#=+eim)
z-+^nc?!j^!I_d8IbSo|pu+kIwz%{PDmbx_Q(q5FXOxXhgr<vD|qk}eEsfnj{MP1Js
zIZh<tUFL1OxncrIkAxo{+=sOKd44-BwbfbnOj&lVslLptKG^O)wOiV7mEV0dHVbZD
zF>yj5-oc+Wd<FU`u(PKLOco_6eT51Hm-gV)rb(C_>C~C@)-7BnEgY4T(As=J%H}q&
zmNDahd}(tKg~2ou#j97HBH>l196AR>>?40l`t#7q&Rse*!t(fslyOLY-tXGfVA29g
z%2c)P?KOxXCk;?x<QaUk6-?eHM3L_F9^zYj9%GCT=H74ab+y-Xoop&UyU>^@M&*l~
z>_qDPsen6}YC#J-M7|e%7U+ETjoiO!tx-OoJb<hpiQDDdSpS9$1W5OS_$G>_53IjW
z1Mnr$WZ=F}jxEX1=}fX_zlj|?S!Rq4-1QqgAi9i7<qy%XeHO8COh4BKb6dLg*+MGt
zV(P9K!H^Rz&XeeFhNe4p!C|crwr&I5wz6^5vvtc(pVEH|eib$RKg4)UsFdvBgipEF
zPLI(3GrL@Tw0%4dP9Z`RJBTh&*r+q?iY2C-EjfYD%gYP#0lTt13k-e^MhM}8E;gAe
zxsd<i1^FIE?99h>`<fW!2sAYyEdWl0S%450=m?cBG!G;jzvT-yWk-~2k_P>Xngnvk
zG88y?n=@K(0dCnBJU2$OYUO-i`%*$ezgmlhNv}hyor&i8_14wa1={#g5<mT0;>%8k
zhF*C8T#|3U3Z6surSOa=*sni9-AavAer=Q8ZENQ%)?QxrZ6XbDWg(?BFm5l`uk8E8
zJ)F^@kP;CGaD&#d6NTO6M^tcEHt61A*bXUs`>EeR8n^@M>)vbzAGE=oPa|i<vV;Od
z1ZvnzluQF#4>SPGt#hZ!v)Wp2u^*M45IM=JWQAq=UdiRYaO>{4Ad!{9Dk`1R+G7)^
zOT~EUz21noA*rbfZDS=R><z(4-p9|gFcbVDV%KH)`D<zxpYo*S){Jq%Vku#k%4GWE
zr6&k;t(bHy)hH9y8WUUzk$G348I3Cd6w-54E&vrn06L3cSGhBGng5S4GunPY4nan$
zRZW)oGmJ6P-g0KHDx)c>ZP%3=yj;vM;xy6$+?geEH_F6{v<Hr2vWDreBYn3g{gBzG
z+d|-~tJCx5!z+z)sfP+>2C7+eRoEt<C3^!&C<LU2)iOGw^CHOG3g6$SUw98bHU{_9
zSzjUOTwXEMP$?!7D`qKbXINt4vazyfjegFBWr`uHsQggme{Pn(jSy*B*<eDC;nRWL
z*_UT!)HRzYS&&So@0l6VzeT(XxwilX%E`+!aYI7L-%MEZ)VkY@_O1cJG$g?9?8liR
zwy9j~+=tPrxmxq)eiwzd`NQ)}X<y%zge0`Qj$cufzdF9f`*A&(A!3}6jWrKwp@~h(
zuv8|;O&S1ZJ>Ok!HRodd?{VuA1;x4KgX!R1-$fz#=o|T9&%cl_w@V<nKUh->AM=%;
z3P9Nz)tQ24-`yVt=m9I&#l?Wan<1cSkLe7OqG{C+wwBb9L&{(cq%2xaCT8g!aGC-x
z2f^a)0^2GP{%gY=3&}kDQb5r$gfg~%!Iv0dku>K_5=fS$B}83zazxTAcVsoMv(npb
zeKwNLV(ty&G$QNK;pS+tG7=@Y&n*2YX*Zs!%q*xPQI;SHC|~p15>`*tBa}c<E)`$n
zSDIZNMrGC*&u@uC=0&`|3{cM+cE9?aN~NY`SHaM2brouI7uz9{(;-`@CSA2Rol1b{
z8LW9pDif^6O&jS9)b;d~3!3Pwd=!7XL{Fwi7%R1HR@%3}hq`gJTItj>&0%vmu>u+`
zo+fc>km)Z>;*gI%<I2=a^jJT(F`SyawK~wRHsp$+O4!)r;W+7q*!Y<nZC`bc*ZJAP
zeRF`wp>amlZ&P#}?6=0Y;$Q?lgtLuK&w9o$J^<$eJ*9XwzRxb_i<Ws93|=Yk!zM+L
z+2U*vOC^_FcRR(lIN%-^t@X){(k}?m>C00{1c?&a!OVqAf)j&5*!$gjFQoI@Wk?3V
z*mhY#xN6kbf(Fi>eMz(-cKi#CS^o)DtEELmQoA*k&%>XMi1^*%!z&qWI)nK|GNsj4
z!E*LN*V)uI+1@7WOm9^ga>o($^wK98k)v&c#4D<*G(g~8=qR?Ldb*e(&b)5|SmDV*
z$lCrK&<XO}M1LwBaG&F*^YhHG_i``f(1md+TLijoNf*uj7BK7T;=UgujNOyIUZ3_Y
zVgI|8wcx2FM40OgoPWA=oAIS4I*j8vduUrbP`TcwV-jG=7i{dklsQytAaJ)_MJA`?
z#!VG%2gc`VSSYmon!|VzDGEjpw2Q?q9x56**`Czu^a;T}7r9{~@p`0<Nl*~OcD#_Q
z>cMYn5|UXG6W+oMZ|{Ip_giT~d7$^=7#x}71x7kl5&?&TX(Db)$|sog1SrtW@Ne77
zxn4H!EA6flsT%_Wknjg}Eo?C0>H%gc<SQP<suEfJn$t-n*>FLLT&2u;teJcN9|_xy
z=ghWN^JL`Qx-I>ymb+3fLi;Cv$=my+93`Ck+=G@8KI@SbC}S#2DN%+)+^zJ|*0$(d
zVy0LCPFLQi`k+KaFGQ<#m#KJqZK#Mv??o7^7LHP4B!<3se4w%R!=#1PnOWnZ5s;sy
zP1vM5bTwc8UQS-=<9GSr%b8}%A(=ZN6RN5wCfnyp8zxR5KX??q%2<!;c0*-f{s|)Q
z48EO?d?BIq^eIkpZOt>Xa&1nN@C;n(c4hQ2t}0!X#cyS|Ot6T>ToAQ=NZ>HrdPXD6
z<U5dQ4{f~+DLyh`G0QuRQQjLG;y&^Rot33qH#)IVAL<YJUa?TF?wzT=cyagVLUH}H
z2fJ9V$lJ+xhp@*!+l6|?bp_u6X-i@2O=?tlq!^@#14N9b-<tT$W@o{3Yx27XW9OqY
z0zjX}LdQ~+)XiTe0STWqH&Y$M+R=d5!GVv+M8OEE26L&*2H_^;6fq!Wmd-$!+NV5w
zdT8)zCE#BZ2Sr7c;M$(cQqzbq0EKax8)^5;4;?TH)}x;|fHDfrv|^wILL0zs#aOr7
zG5Qsom=Wg)dF;6nLnqTWK`8gVMFJ>i2?R*v%bk;AGeCsKzMBj#9~Iv-{yLq_?Kll1
z?p&I6g1#|2=Z?Hd%*>484@2vDAmhuH@jy_mA!-7j<0iFo(WI^{jYM3uqcCUaZo$uy
z7j&PirWT-nBKivbwS71VMVg)UL%G4q(QjB7CndGR?ht+jZrK(2ugf8)^B$l;jVC)C
zaj}rn4qPJ>g*+7?zigLT+*yl5oR>$`>uWaDp`LWRIl|h&u{Dh&@_R@2%Zgk@?gpRH
zTM9rwYkG82r9^cAzlT<O(tG+;HXe=WNKMf7oUlZ%R@z?VGS|!0_!KFuzm&mmnWN>=
z<H^FIt;?V(i*ft53{w7fO7Kbk^RIDoN2KysUZY8E?EpYAkgT31hVs<eJ^R^FNH6nL
zY6zM4M?XcUk<qFO*3NgYbUq3`SHPghq+8g@tgfm(2ER_4QFZG*Tw{}TZM`7WXsWSp
z;thP0cq(GPJmA7{q72I4onz8G%M7?2qF%k_m9qMz^p6;i;tMPOC`14l<Tco2n#3S!
zix}eIr`a*cy;dPxvdQ&y<f^l~!o_!L{Q5-eg?K1(`0|~xbe}AAC4WUU6r+^Gpq4B|
zz^UCQvyCXR&wO7af_r%3yjCY9a<W%7G1mi8UJnAqdm2=_p;`ynWF06to{KCmXEG%w
z=4Do;Vo>8WZ@!3sw&dy8_nBpY+ZUd{La@;2+?es&c@$p3wBvr#LE;Bb*sZSRFcJco
zb#WP^d42BDD|?9fo(2xJkc+geJ)Nx*+dIsKXHb9>9b7yzGwu)7s&ci!h0Ig5_<hwr
zeY=@1*TP|1sP(o5OQ$n)2im-d1Z-{6Af#BU{6@b)9g&!)1zx3je%bkmTFE({fKMCE
za>mPdsg^BUh&O`|>VEKI-IqSVJPo0NrB2Pi+smzYoPI=5D85-Q*f_^H{EL-jzBdbS
z=OGgRCN+^Lb}_`X@P4h5B@a&tD~Xa)**<mi$-?%VvbZ&j>4KY*<e~$Hv{<Y4%&}Rd
zPa?wZ-@pHB&TVjpn!p5n!lzlLj=A_*1YjyU`6vW*y+z#0J0h#-ibMh>P;?v|cmO=?
zHBe^vVH7B?!IDKkyd2M*d2pW;kCeD5oN;%)R;$5GyN>J8BTe0>9~*#j;1|x$id38$
zWuoy>rL^slm)x19FZlWKd*UOA393)`JqH<zOApcc0PN}~-fI{%w0gT906M-9;Zb~K
z0QKbiNTcGGDCc1ape#&<J?BUnJ-24?da~HYQqQG3;}us*Z2@v?QlqHay9af_*aKuw
zw<nyiJk+RU0}X3p(bTRl7;_+L^0&nU&1z`701&4eGL3~m2o9Kau1nPf6$*(7CA56Q
z<SK@pn(>Cmmc3H>oCM)AHrAL<D;MxeU9)12y>^&VvI1_wyh~ur9AbDb;A>0ci&|Tc
z0=-!a8%Dl0H2aw!S3)ho*+K|Z10W;-yfP0@9vyKx8_~;)$JU$B`dJfJ;ad-O7BpVE
zFzQZ>fK(4B)WK)Q0kn@F<5X3bXEl!%YWJ&!)6_Xm-?=>7t5eEllHNZ*u>cYuqoZCu
z#s4HJ4?EB<0u;1!IAqM!A3w35la-ylK-8<0TbcC2j`+Z0R~`)I)qiy6@&!}lgE6Nm
zg`F~kY8*(|0ig+tlt0a2vaq5h=JWN+v(0GkO8N4T;0_7DGYKM3kDp_5nsRQw%G*x9
zux@ed>%_<YdD8BrFGAD<`3dG%E`F8eEsGJIU}r5=hBbsMtZz*8KH#uDzj|9$FQoa5
zOL;wHgn%`Ics7BkNYc(<Ei;J2G<D&?2_UiY&??l&gLIsYe)1l++S~b{4RvUjB0#t#
z(P-@!9^}_j?uvMlmAzGrc?Lx)C=}lrx0?uh)o&2aEWa#b`CzTC`T%fobd!1kFvAAh
zT8g1%@%P*=c)mHpu7XC>9!IA)(`kaM)_SBI9XVA#2tMy<c-lW>ZN#V9K&kp{+G*gS
zKs*#$?=XMo^0Z(Bs_vfbvW&rQ(xmW;7fgmn5b~Kog8tNNNq?w}ddsRC2(sAzcj%uw
zHnH-VxoJ+4kK2LDm-1`U9yFX3?%4L=@|MG@dACc1-@Z)i#YqRj^ydJY$N9?7%OZll
zZ_v`weWhX&c+AUdI-DcN?KnsCI9%d`B!CTG1Mq=aT_dWckKS9aO)b4~W?|Dvc+%vq
z$83@v7dqQa42ke^jM!bi%aH9_n__nPVg}R@9#PdJNzhn4Ui7969v=R<&_4GTiiWM_
znuaa93@L4`hq|<RF{P;~3TKSq+SAn?MZv!3#MaBWW7)}K*3fb4$ZmhEMHd!FmJ2yA
z!G&g?+?L19RRfMQZj-mOfg7|mC!>(U_l(I$-FU4hy{<p2DfM@=g%#7DIvQ{p^{4|k
zdZj2YlZjK$0Jre~8)OMHH#BkQiH6jbsD!uK!?Rtc3S2Y_LUYiFnqo;q%{!x~6gJbD
zO|Xd#>S5s1ft%vtIe05hSdRkH6tM`=9~~#gynccyn}XT?7SsNvoEjk;bu2w7^GRg{
zGb;^s*pp4>9CeJ?1sPS^_}~~q+8U<?z4eynIionX?uFfIc-QXp*$>D*V@BS=&rSwK
z>RQ!VEi$^oi}Z7dgHQYhyry<({_rYSAqFPuGnH>niMGb?<jmmd%GGIuQ%#K&5(7BI
z3A8~1vM`uRt?Rg<#AmvWiFfbo7ubVsF3)x=weaeLg+@U-+k=$bJ4Dg5P}{Y~Jd4%-
z>-_?ZJ}a4Wyr=k9TTbQdR&D8xNNR@}#T$f+PA6Q&KhG;4lGXEj#cpEv%9ll(cug$c
z2a#2zH8|H^l|_Sfj_RSsZ=Au#YIXi=hk5RYvQ=T|Na~Knu_<~InhbzKZWIjZU&QF`
zCf0#M4R^sh8xlp+U)$E$adBWTlPch?z1p94^nx^C_5thi$<~Og%JoST*FLX4D3U)k
ziTE@kiKLG}2j-$z)`v7|g%+=vR65ro`(Vu%mmwRhcuqDSiyldcU8S#V9a$Mq!$IKj
z5-oY%NIRB@spH98Gu0ybR_`VpW;HZx>TbPKPPQIc{BYo;n%tG3E-fWKSX}G%e0wL>
z1msV1blNP8NGq)O1qtn6cz{O&1N@$K{MuIqiNiYR#HVuT4YZ#~7*d0`5U_M)ag?W5
z8Sci}zN)d4k8UU;StI4#z-DtWqP=%rr~ja9@u9s|{OD8_j!%+zAeVGYS7*ox9P+IX
ziKsgfcp2i?5n<Fu3lRhL2N%@T5hfj)7W?ZQ^#&dMX-z08nS?Rsub7l@^fHe<IP5DP
z(9Dk3jsy?AiT;Idj_lhXc5UqdCnAo{K>76UBG67-UCdOGftUCF18|F7v^&s|Bmcte
zVY%yC&j??QPY@m@|4>)#!@f7p_~^z`U(#`3?Abe~Pu()R`7ox;s8va^6JO)I&w}o0
zE@9>U?>Vxboyi__?}^T?w$aB1%dtAz1>#)NxP&&DEkEWfO5sG@Wy3nlW;b44IggcT
zQ%cH9e){y@>TL`geR))6+wA^NmyIZz1+?Wir9~AT?Qp8H^})ebS7kd++v?i8X6X{r
zy77$~y75a8@B#^d54jCMz=FcbaI^Glw_h;u5G=14>Qh{`Sc}gS=13gLI7Gg(vKp00
z73eNNixqgnt`gpHewq4iw{7N&Hk;i|s=ckN#ycL#1~5T3b~7%cDrWfrE&Y?tt?w<i
z5=otHu-(}@wZjARLobc~8IQuJ{V9jqeO7@L3Lcvy3?6o=nQOr(N_B}{S6}zCHyHZ5
zs}&|%t_%eu=0PbUB09JD*_LIqcmbyH6SKllD70gKD<Uaacg$I;Z}?0f8+&SbJ#6)n
zhVK!7bzWZwE_t%?OK$Q!OG_g{?I#;*o~M=?#$K82VNoZy1Oz6g(~q-dZs!f@&4<WI
zOteYyfzn7BQw-XBo16ouSb-E~{zta$!@GBv8Q2{%+9{oIHy9KqCyK=P5bmF@$|j)G
z4jdidvrpr2&X7{3n+V_@;}8}RTB0x>%$!`xePF7bY&P)a!$s<b*U8)mV2NDFM)wzL
zHNrcuI(R$CYygVWN5vk-p*7QH90sQ@8%tZ~9#&WBOB<}XI<xy*=U#l^bYGsanrR23
zn^4h;waorym=FgPJe`w7#Nmpr8WEhf32j>ke$(aTvUeQe<$*9?K==tS$glMz2@v#n
z^fg>uF3w?cgOR&LT;?A`7pwD>LKMF8zca~DcA-KdnrSD9{--uCra^eGHU{>c$XGo<
zH4*3YrTw?3rS(B3M7&O_#z2=rMBjew;yxEBEZpSN@*AZ16sK{K5a(P+l{d$uCz`q`
z(2nCay!=WA6?YG~2odA0+qWZ<{DgZKF-5_KpWQ2y4L&(*iMp;P(de|LuMB>8S}FGp
zU)sM5ym7cVI9u<S0M5j~VguPb=w2aKg<y{l&I(R|WpO*blyRtOb~BoSJMlPL86yxo
zQ=2z%xPTtVLYWzyQ0QQ$Dmj_PmF40@p@C|KTM*uMaK+qKN0G2c2YgN20nr9VQV9c`
z;vE;5;0?EcG37w`Su#g)=6KQM$HdYny;-h^Y9HRbk7+UHpA+Git%)VGmIq#bZSShx
zu$YYcxo|rP2>*2OG$ML&#9*X7@Fu~`l%B@zRewyT^BOzPkK0)1{DEyG43G6ph#51)
z{1P*KJ~huv@!E_Ckleqo*x9k}0+8zNep(5A8bzT7kaiRTLE<5S7Cxn*Gp)no=O|T|
z*RLlDoj1_qMJW5F+iYvMu#5HO9LRd5(d)v!<=E#^Xn_4wuW{xrBCG6Q856=KdLP`u
zY^=$*bwes;;s}-NIu-Fn^p~oa5T<gmurN_G4Bp+aMNnZj5yqI9(k~WmmiC7UpzTnz
zzXERADoNON^VKMGCzjSH>kMf>bT+$!k6gWZgGyH`?KH%_bDfGSGB$oXdzc&7W*V8A
z5a&EwFs$`}w;piOQOuaK^^kmr-t@_h6BvheDL>G7<<gc4f0i<Di(}Rs+fwPLH&#lE
zZxtM7l)1xLO1WMOS}!Xt6?pEm@=lI#UH*uywBRX+gBy#0&gXSln$QM0`&6wV_7b9Z
z!qm=OFN($r66T-T#FMiKVe^%jH=Yj_VSQLHXf-ov*`y98qpr$oTX4(YvLB?62;We(
z+IBL2%eFDFu;}kLJ8`8Kf7Bap>E3fQ2i+^u#A|#}4^)@D#@9!^>tzXd6Eo@_gz`?0
z3q@GiQ^V5>`Om~SRNOxykH0LE)wjHDT)FH`_^nLOw_&$&JwPOs6zts9UJZwrCJ8=v
zN3$KuPg2I6NMBubbEXmOELu^smm4j0Vm1gPz19$W_mDW@yjPt*^CwsRmLCkhxUDnr
za6Xg>5y_D7kg)m;?c2yNqB1UD-nSHw#>qCTxfv0b_C4WXUm>~6GPRlh74C6_*e}<c
ziy;J7=Pu%2(Gr|oQ2B2L6dG6Ow>+y4&KA{8`{xod!CsNT+a$)GHj7L`N}&>mhi6O%
zwhp6pt@E&upeBu-#tH`i?OH?7^K%gyJyNaBeu>5h&@z3~1L;(smd3p2N6sDtT*Oti
zE+CeHi6vW*fhGN&e_HWMX8po0fT=G{etc<1NJ%Us&@O>R4DdYb9yU;7kq`y8kukVd
z2Ruveasaw|QC+dlHR;j-Tsj|b+`QEzm+8<})t@DG^O<5!PR_@Kc2s!RHrCBn-lCKa
z^q5G(g~%m_5i=Dr`v<+&xfb_kN~(MJ9+gtv!mW=$AW|d`igf#W`$Sclg85{{>pd`V
z)XXh9m`$k*9>Eq#_z&C0^CI-j?rz>m7u#*DZ*~}$e`iYg(WVtu#P0-cwc=%FR%jsJ
zV#OSQe?kOhuFojj^3ILJ`EfnyDok@3+sQW0&o?{u+NAp+q6yz8YNuvW8w<jr${Noz
zK1NYaOwVa91&x0%fIZXg>XOc?&L14YHf{Yr(^}x8@3FUYr3E_CQ`GHsm@jLsdHMB3
z!gsZzW}<6i%$|C9SZg!7Zr387LuaDyFgc{~w7SCngo};kx%~?*!o-=W1a2C391HTM
zu-o=d;cgTQhJ~!Mr!EHvn!=Cb--K>ATMP&J>j|zziIIKy^@_YcU@=3i=Ab<7NYCdc
z0i2th@$l)~2i`<_DT8|dor8Sl7rNx#+m&8}jzSNFS{rF!PDbyJ=x2Ed+54yw<KF6J
zHrQ(^Icjk22aodEj%eyehgWzfHuOO!%5wq4ya9=mIEZMyuO@T_mvbW{dS>xK-C^;a
zo#=F<n~B(5<_A@`4Djaxw5UJ6roJj@z5c3*vuq6Nt`O?&NujT6t+iGq$f%~PHuw32
zriqz7X5CZJ06EvwZ`V?Nwz2>27M@e=;AbK}=ULSZL8%?akr~KK<L&nb!d_9o6|%8*
z)VQU2X20irqp2}26Z#OghDKIcSosaiRkbaPxLQ0NXtp?-L{z?=qHbb(2S3d;K5uSo
zr(QG}IE5A;(HwcEHm|QblWCR0JQ953s5Z*r2m!9hQu9iWmt;-JH1^rvM~kWKhViML
z#co!xMmxm*&ec30;=>!>tNioE?aNui<Ocul!3TFoi-n6-y+px9CBS+0z*nc_+>e8i
zU%Mr(_^SVl<v}k7`^RS_NSGy?I8{F~jT-5NrFIXO#;1(ie2c_~W}C)qVO|aXjF{z3
zy*(n;(|*x5z1?9FwwCX>Q+ANw)4R`v+-u2mAzr>HeuL?v*oKBa2rc2LEqVgqj6O(O
z+$X3V-W%{RwL&6R$qy;`8WUJG3uujd*c?*c7`FP#m8^VHWDAR4r?xk$jP_>X;;$3O
z3_qdr__g>2{&?UM-u9YrFit(-EmfZ_QPY2xk~yG0-&eL|R}f`GytPy%+~H|k0JPh0
zjh^bSb~|5d_e9Q*ef)?pGrC9ufMq&}#<juRl-PT1e6rolnXmHPFNhIzlJ`x*SWHXD
zgal|h$T%{Ty&v9x>`q)qSn0!OKjmEHG3wj1+P$bQEgcj|!?$%aJR;(KgcOZGcR0Vp
zh#^r?-_Am#a#Go0+>x^}7445_7;}wiYu%nl%Vf}OQwKVpdOtGaJ(=lr90T1|OcpAN
z8(1S>0<m9GS+9J#uxd@d7;CWMy}uKw#iMg%FqvOb{wBBss-CCR8&!1dwsFW1=_Wrv
z?*jI8`mTK^p41o-P$AzSc;z>0vR7bMW?4bH_;_haI^H|X^|IB#P<OKVs0@F^Bb8N9
zOZU}FT&u>$0PW3EiRp{+JZ19D975$~Zn7H-A8~Qn9#W>$%_SY&JO1=7;o>q3W};Zh
z)3-<m@2kFa1l@{!LbJNx61R*=Ll$E7>Xo<AY-=l`Ox&(468yQI4fY`*l<<2s^Y=s#
zCY{-JJebkahVA9t!If6>iC68_Ue_R(P$H|55?RMK7-l5j#U<f2h&=KGdvUv2-7oV8
zyDc6loAte(Z{kc&f+n>aI-nef)%KS&P6m)uwcrzjme5o><G7XmCHRA~Xe4|=)oIh{
zK6uYM;^I;ZflmsSFoA+N20NO};cF+CGP~95r)M@9Y)*+o2~Y_b<TK&Y!E2MJ8$t@8
z^*we%b~Sq4P?<NI;ohDD5pYq0fkC=URnd^74&le(+iPded|=Ri$noz^*uc+>hgs{&
z8O?9RmEWRza0f&K_XXw{8GcI)I7AcDpWwfYvO|d)O+PcMta?(5`zI%I7(8umfBPf?
zf3_a_z6kp+GmU&SRkm@fal!_C1)wwh1hBtK8#6I6jc$!YM*zOt!dLw%BwQs^K&5a{
zIPSJR{MKrP>HaX#VdR;Q3p)CO<QHPx7Yjp<xs#|i?ilw_0gltY-)p0dLup~I*Mq4d
zB7<bNw0z3eb=H22wqi_;7#2@BtUkp|0vNei^y|E1{hXHHj_AsMV$b<?&jR-y<-`>W
z#_6;pGqv2`Zs5Q}Ln_)ja_^z-9*$?PM5;|^9mgIU6+<8zRx(yWlxGQUYRnIeKl+4*
z!H!h`i<8T`!AXm10gd*J>e(1&pyK<_d9-v*l%n1-o%}M>T7(7+7HphizAZ6qK@(;&
zjQ}Ou<M}ipx1S+2pOZFD+k{*%j_+&gH{6)2ccQ5@cm+BdoA~Oa28OMX9|Of+y0WTi
z=X?NRY&U)1MGz!96Lb;g!CfXLd4^GemUqc{sDMeQFj|3vj?Fr4FD=(^@9%k+M+&=L
zJh`fTRa<J|`OUE3ss5#G0|d<=>!l8)HaL~B?op+E7$P`~E<3wTYd@fEeg`zuY(;K~
z!{#L@`JcY&$BJl2;Iq@-R)CtDJt`@IE9~lc#op#%s?|%<1`rGtNrxJ9qkAhi{#_G$
zV&I%STltx?r%hJk!0EJPvnm!;>4Jy1_U^?qRH?JSmvyeCFXOMhW|>0I-KH9V7+k;B
zHbK5<24KJ48p_Tk#M{e`eJH=``wrmZRYM|fS~LN)-NW%L8mo;y=K#@{_10M7r>alS
z)1PLWy-%9w2IxL1d=I<xnd#}<NWdpsq)IBH3MT#sjpr&)AjR(iA}t)Rexm}PBeD_F
z*Ek!4qtZ1Mu4_su{JV>nA39g4Fpi%~UV+B_#MC6th=7LVD>m0h3cpO&_;m-2sg5Mx
zvSFN@boP|K^4`Lr0`k2Z=zmoMr5*HNw6~`(9?^6wDjxUtSY|Yl_F&%lM*QNkM3<Z&
z{sIl{ZxA5@<P*A|*9_j0Nydr@6BlV1=Ds2djj)rvx;WvA!HIrwMF)fgwUT=s0sx<8
znEPT{V&YSPo$66tV)Cq7wlwC_g-}LMJa%qhAFg_PgVo^PTov5|4EJYfxG$Ra9=y}S
z4|;-Eipt+zJ@EVTg8RDHI@*7JN`A(YmD9;iskQAD_3QApa~(PGUz0Z@L<?*oenGjb
zOFkgN`w`>DKOYPjMn03r+Qnhl@@;MYV0Rol5a?E`wh{8+Q^8N`cVj=NhI5ZcTQKPG
z;k^&na$f*{*a^txTJpQ{@6s`!PD-x7<@1GquF-#&?B8dAfNI9Nv#CN%8teAoVTDn{
zQrsqEJmj&OxC6u186dg|`m3f5(!gxXhK?3mfa6~PD&6k{Jrn<0AoQPk{%6jD^4CH-
zB?Rii{IhRAE>RnCW?(xlt*a8;A=`U5knNv2JKwy)F4=e^hnx%*UD;emSAI*m5v*_i
z^UlBD^7^$h#@JJl35Zc!Xy4yiiK|HVC;2yo@u%L32qR>ip}L3lXH9jmUf$>-^<79M
z4|-C%kK*asJzHS9$M<*gf8x#GpR@7X?1*#{H2&2~|IF7ZTriL_hrvBc;)gc@Ks%?z
zQqOc8LD}D5Nuzy@$;^}mlO)3$sd@ecxG=0=y#2uP$$#|p@9zQ+hjQ0TBxo`fbMKEP
zf00Bjk>s<)XAm|kT@<~%yr0yyX~21nMwW$xR)z0`S|OI}725taESvD(SN{9_CHMCV
ziG|;X{9QwD9$<?Pml*}MJQ`fzat{{<zESyS`F?}~ucsP5m=^@T{WFRHtbWle)4Aqv
zl=2_@1dIaM8<gDE_216^yZ*F*yL$TY25RjA`m)^C-~WLr3CIm5nqEjfpyS&lC=!HA
zk8|rBrGNhp?T>%}4?on<ZF8x&+a7d8w*8(sFq$W43FRLyfR<!nAADSh(~5-I8Kskd
zj(w40{3ArNz);aY&mF0Nbll>#ZQgHI71Y1=pZEV~tUBy#=Q6wg2Bkp%`~%ErZfs~&
zST^PIVwxVW#pspU3dI695eA<W{}vjzx=C*7Kl73YtQSXv$ntYvS~OrsaDVT}lAbK}
zzq|0?Ma!baE(p*r!6kp>F^Btizf)1pOkjMP+T(h|-8%)P@BgzhFQtI#kO|&#Lv8r@
z_3J6u1LbA@F3bNI=Lh4B+Tmyq(>vJzP6psO>rb-pyl`YT6p~5)*_=zsar1hj%umpD
zU$Z_rhWMIejXZ&0zngqZCN%Z0sQjyIfC5U=5ngXMC&qaL!ykPI;z?k!$_q*;*|1T2
z-sB>f&HT^ULnwVqes}}WwnbEB#IC^l=sWHI_2mHF*R?5%mA^5A|7W9qgaVr^q_h&@
zLPkd1D<Oq)Wlra2GP|{k*WPT$MN06W?`V()_Q50X&gzLcI?6J=`fZuS8Vh*-eChu*
zAq`I@cdN~erud?}@cxe1j8Z!<1M6l>vbOe^3BY=M5B@6^fpEev=$asF*mHf9a{N|o
zuMF#&{~SvGyBCK~e=D|AOAOB6jrK;3V9ila$Qb_pn_15AQ?wb}e};d6vKs`FCqeYU
znL@Z51#<y$d26c4{kxNY<r8>tX8XO<^=5LWf0amF7G?Yj6agT(y~>?=Lgad13f-to
zax#;>0><BI{{K>P0K+JLZ2{?2;_v<Xo4Nl&3W${}B;#xy0_gfRzt?5!8TQlu|6OFi
z2>sUefdd)Nzf)ag0?f$gMfF~?wuB?tQCz6n?bmD0Ur7IKcL-po=DrQjDg^>V@LZdd
z*4;+Afd9u3TIjZ!q}y#}ak8MlLzpn2hL{oe+YMr~0svo8c)|aO=Ic?E8+{^NK7a-2
zT)?$nY@E<J0`L@4mSwK@nc@NAbxw<~c<o?^cQv7)w0=SSxk_`9bm0UufrW9nCoboY
z(1r$YR-H0YqgG$YL<x+eb3QjGr%=0e=CLTx0UEWC>s0((7*7bC>NfsPey;qxF7~qZ
z4e4ddCs|cXYp$A07g5{ptPBt$V&cuiHD#gYUCdPv_*CyZ=fB_o?}IbbZ&C14m(%+z
z3ZJh<q41fH4X%O8F){K-Pow*0%P(n)KYte}ijwCCw6K>%C`WZ|>?OF~c}7w2+5C#}
zdZze}T1;ub^=!YEMLJFN{Dqb8udg9}Z`cQ*7l*h2u`C{$={kAYx&T)(_h1MfrPQ!i
z(F>q$`qq50Rdmr@fa+~u_yLo}`8$b$><$U8$9eZJ7PyP_Yg0CbxtOZ026OV1$$CGc
zCjIoYL^uG&wLhDfEHlbAYW5s1`M}F8B-HIF9Njf|?xIUb-x~Mjiie?4=>uAm@9wRD
zTF!p9+1E<{mnAuW@Ov2+w+(8r{%V{UO5?=xd{kK~Q0Kk{UVSx<O!}c38{RGW&^HoN
zYKM9wJ#wz0syt;DI@7ZGC!v6H4Kdwl<&>1uj{Zc%pd=jZxoJkmKrNE?Fe)>X29m%c
z|20oZy*rLhvwbnMiqm2Q(s$&}$&pZXWV*>Jza&nC@&vKJ#b(WAZw_|12^n}>MX}td
zS!uuJiVUC$No^ZbbZl$mf^fU!;<mNV9TxkNoaUF~5|b`QNP7!8!tV()vop_#9P)y8
z5(1s~8HUOo^qTV2v76jagvA7o8qWAJ{_k_kFBU+NjLNs$#4#zOZv1g&zm(8zKd&Yv
zcx8_O3t*aq`|Y-#6rgi1E_ekdP=wDwi}f&i3ZLDpjM0a5fRSG!9@<9N9H;Oo(A*>p
zd99n=03O7Tc*3p}S*HD7DI{1gxEPm=lzI*tB3K?v07%XPig~17f@|@{e#_`PGc$9J
zI1qB)B9$|II>4pzaE)W6&U!dbzs8#Gn=3I{Q_AA<cZl~=ICrIQ6a@*1=3EZIZsq=Q
z>f*%mUbTeVX^EVFPxpKG)1CYG*KI+ZvU(~l-UmbhqNXjI#({x>B-BQbnK}n~%eLOG
zUjWnZNY~wO&umImfrTnLTAsPYmQ4P66%b1HKRnlKE+W8l`5KX*%B@=y|8WSfz3u|8
zYrm*=yB2~9ttaL0Dxn4X6M3J_XKOZl8tFH=W0&gJ_BieV-H?WP2St?;ZLE6IZSRgp
zRk1xs>CrJHB~37no6xk1+?g>kFjila8di}&f+4-Xjy7%FSAT#|%XSBQ9OL1}U><g5
z4@(p0oa3$ANgoem6ABe#>DwIz33ldftb4-%m-X%YwZ)I%A`l@*b+)T$p-{Oz-OUBI
zre{B<)^2h{;639^x9NTOIkD>Syw@VfO*djj{q?ajAjB+I0b1?QtJG-KKM*tiv@Xz*
zP7~>yiBDAlU#L&$6lI6P61aIDK74PyKib>E>|^{%rNMba%rJCAxf`&a5+8x<(lv$7
z8)eZnsSx@hJ1k%k`HUdpLI3rcud`9-;np%-$|Bw&-9J|3#=mzn7eK?_$XG}nBXp|a
zt$?Vv#5`#!BZ@7vX`4{9ix7kH*@d=#>3vaeLQ5+v5qmd(e^Ifk<I&X(onU}Z=V=5v
za)(=t9<boYQmBwn-hpb8o|`+=b}Z~J{m-0{Wz%KEyt;dVD~y~&iN_^s)pF~DhR~cS
zIoDkkzHRHo!RL%LxuYyhn%dt2fbhqo@jCoz6g#)i+uyCf?6HvG(wBXf!k--)isMc%
z^x+o4gJc8G`};)|LkaMuCCkD$75ut%kK=lRA>EBs29$HvRsyB^jr8(YK&McqQMdLq
zp=uTuMK`h8&Cizr)<^&G6&xlpoGlZw3ZpKaeUWQG0W{yT0s>@~$C2RkChpkT^W)L^
zLZi!5e<gq{C~K`ZvB&L*W+0k|v)O*S%ANCysvl@p(*!`YKaLL+6j=B4395FR!8vpV
zGpE!)o*c{_aj7e8jyz5-P0kdIwNIBdUIh8E*^YcH6h*r2W{z|;G+&s^$8fx^gC21f
zF@HCKVfDvZ+uEkwleld&+=l6Xuq>A_cD$){^$e1n{>vXlUX+uZd`~ztR>}@!@C=NA
zh3Mg&Wh~HW#IZt1cuDmosstfP%u17Gi&+x*mMLxH-PvRI`gLbPP4St0Z4tvpwaPt5
za?OtmLTS`idO8YC^Oi|ojJ=D_?ENG`U^Sfhv6l=s)?tpP)a{qi*PwLdX;JWU)T(0y
zaV%NF{}dtWA6S=JaV21EeL&xa=Rr8mLas30drN&i&#q>_&vM3V>+#il{|}D$Z25YE
z37G!+GStHlVvI5IVu4cJOAPNPfa?7|RDZEUot!5%r=F2oUSACk(iJ@>Y?Bpmk>dgW
z3LgvTWi)CD@GtEPDx5fJu6&Oww43aN2&(O5tt|;Mm3-J;Xf?3^`8<DYY)o`@D6YnF
zKE?OcUv42pU|?e)J$0icL#1HS*QctVdG-?9yBA%v((HzMd{^f5bP|ipK4+8fNx0nY
ziiD0LKHJ_3qgj63-cTKmWf*;vEuM`F5AVZteCnyxhYQR%02LQ=K%Gj#j)Q*WJo%=k
zG&C!nQF$Wm@HZWXljSD)H?A(Rr4}~l!fADaA%+drFuf-LEw|CfT6u#6QRg3M&n|rF
z)5QaNNctUPLhjsWEoTB>;$0nd?jQOC{<`pKRLY_MMU733>zb?2!cl_pScx95us3(?
z0*#RL+XI4!Si~Y8O_>jTj@72u6WFwefYuw&c6FEld31}20!Z{p+S(1YVm}Syl2^$h
z1LS7w9QYsyitmzq)sNQuEvF9GdTl;=>vc`=$m+_K8@IlVq!97EvpduHW^Np5_|u`D
zkKFuBku^Z$k&V%9GG@?0N4`5Z&oF&Y!i52e`_b}Vvq-3~sA;&8s%pO10;qQ#{w2N(
z^8V{?@7;*IN51yLo`K)5UTvnd_$1J7jVckl4#1hB9@r2nb?ByBd$3Qxf3CrwX8<7z
z@HWBtKeWAdRF_*5HVg<-f;6IZgOo@&N_TfF-Q5i;ARy98NlSN^2%>a@q?B|w65sv-
za*oe)&inlFz3*Bs7y47U@4aWw%$~WfYlL6kR_H&ra5EN^**233gmOFVMq-|hk~TK|
zMkuLIE-DnWlO^aZET>MAQ|5RY6DNo{k|mg6f{fby_Y7U22^r$jtkrQ3VA8WmZ{k8Y
zBrXt{s}ytvVKW|2UuV(H1_lLR-vF~~QieIkrrbGm@jvl}-^gles<Uo4G%^zFc<PEx
z<+Rl6>vrfR&1MY>W&H}Fxt5NiUiHHr1eQ<n8YG(@;G~Ss%7>0U!n%h=-ttN{kXpV<
zA7@r*l`Pf3P(S)3sdl|xpws428vy3T0zM!Tc3OIo$>Ojy+rT{%G;ooMy}U^Etg91o
zm>>W-{}2Wv?Q}2|UEyWep#qrfV^{$O7mby1nP_L0Ha}4gdwl#*HH@^teS220ByMkS
zx8F`jK;ThuSiuwFKu2}H3ad#8BH4S4JwxGzlwMC0tooV*quy+#-63Q@e};sN9K8sn
z)l*H`^T}vG&4Q_JCbM8dFX<f;DUYAu7qiRJym$0_3{p$yL=iEoEpSG&lDTE!?@|PN
zJrn^`3Rw5e6%;T~+^w?%zZN*Ha}9d?xP-{pkvpiUwXOZ?*3^34`Y8r?`T?6(4TY?X
zOe#q;a}C!--vt;Mo;pJ&BDVTPiy?$MoPb+`A{aLd)Vv0erP{&>($GJ@tS&##Ay^qW
zJ)S9g(A-I+$<6E9{1_+Fo$YSgyXNK;u2BsGxjxdJw}F1cZPRUx{ja-XW}n#W&tmJF
zM&#35VZnUq>=^lIrUo?>a&%~&*VmZY%dZlH38=U+jLWj0H-b`%X2%X&V&>__yib_1
z?@~Xh6p2o;qhJkrLnm`;rv1(_(&pygcvVgK0S9U=wd{Gw?$9zy=r;}u9yEU5-ev33
zkCei}B#|1NK;=vi6a(S263s>=E-v}O%YXm`bG~ql+Att{pI?-)qn=c<stg6Z&H^GW
z240NM6mE)|)+c~T`rO$z)8ZLrd!EpBPOI4fBdikaM9uX&4@=mvLsUY4ZYnV*Ces3E
zCCwK&8v=;>xpiY&8#ghr52eQ`9vmE8e}m_*rN#?9VK9(`5+`)K*mh3jg!%3+j=laM
zn8QM%{gbPv&@tihv94=5JF8_*^|ImiOu9HG&8nXfc0L&3v$v94DF3lPV?KWrV?K;v
zT)OfM@QTu3Az`=FStOQyRV{fg{%J<>xW3)*i{*GlUqJYmZ+p+$q*Is;n@v8Q9<x~M
z_<g)%_$VT9KH2jih(;^1WiTY8cC%Vk=lp06U*mL_6x(pOR5U#HqiYBb^M=3t=78_5
zUzVArxN*~`68GXFBE$<1m!s3v2;u$Jj?|xEzWSaM`EX8jGTFM$`@-u4a9*X(+735H
ztbIOSP<pWNy&P(Bp7spSQ7&XyJ=<?7G&wtQ#IbaFQpMJ=T2N~^nkxLnhf5VR#m<NO
zWO|}&AIJflPK@?t{<1%Vzk@IJ=@Z5CQPH`!J}`GkYTIL0;*1^%1DEbCK3$#<ZNx^{
z`nc)oQStCM9;Zo=pwFOI!)n*KB__Rh<&ixs#-TjWej`N_KO*JIJ@imqmYspD&^b#h
z9sMC4ePs=;)N|)SS+@T6<O63~`msdQ8s|4Q6lWWg3m@I$1!@?Cl6Z}Xvhp5oEnC0@
zVBX|gkT13{AesK=YO{_X=FsozCfb%DB-8howjU)&!0btm^?A(&g&&40baKZRB#{xi
z5u|0_y5|!i!x+QzRtS}T$CKGzC<#DR$m8NoublozLxhY($qc^2eJ3>vr|8atnI})5
zQZq2<WEvI=NJs?p7{~g9j3G-HPhVeuutxepj!r(8u*&PG;b8^P#>Z}6C$x_F=``VP
zO_ig|uVPX6QnG`2&C9JLCcn&OyC*ZRd$1!4kBV6CE9_na)WYVb?4#{adTQ;OIAJh|
z7(=C#<wIyN9lDl6@V(=)7@s}>yBi7%!W?db353g0;&NN^X*a8q1s4v6%L~VJpZ~O4
zmBq%8<oj4U&6+5qNe^y|&e3fwLP7>0MYTCHB9G48ji>*?^+Wf(YI8+LY^iB)lUG!X
zk?GLdr<Ys<{&)Gvt#=ilz|d=POgnT`PA`iV7Z;Z~Z}OdNHKxsbtaepS#lUb@5PnlR
znId2oQ~QFN+QWD8M6Gof7pAKxP;Qq|5l<q{1j)uG)mWc&_dU<?1I6`QfokP%i$uPc
zEUZ)Feg_FWZtBpXwCP|FFw%XZ*!}4X58{C07;jt$&r|W5#mpl6gEjRshi?Xsn#Zmq
zlZU;S&7sUh<AG?KWDiNEy!r8^7dk|Hfn0*=Rthu@!?(%43+E|UcI7-J`BO_fe=nTW
zfk7on)z+UI?-s#qsGcYIre0MF08}*S8uUZYY`6?B5vO3pd1Lg0AM*SFV9n7xcg=dD
z+`sTCI@ij%m!VrD!s{(nViJ<u+~PbIpg7n5$$@Q^cK?`09RZC#7}r*CPv$|_&|ch7
zmdWn6WDKIsO(Flv?WMSb+KMu;#Txh^q?-%F5gnw){QdTr>Ae6*6&~+C!T|-0|1^O}
zhD3DgF+T-@Bx?)|xBI%qR2>EH=&^qL*RLt^WG}x<{#0@iM8K>zc=p94MzY3nfK7f~
z`QUglIqM~nSBnnI_RlrYjFQ?01DHP~@#=m+YTgOox79}AR4vq@&&xDX@y?seMV5RF
z*g-g8>|z&}gwC$WW|Qx&c~`Gh!%_iQKLHZ--d`|E=p@4h>RAnFmcQhS4O#<`#kwd+
zYoGBr=rL-49n{g%^GK-B(IPu`U65cS;H;V^*P&BrNv0K6&FC$%5$6&|c%ay$p@B!6
z&OjYC4z3&e*GBpI(4o>e8x%2^zqMiVVOWJ%e%+latd{{*mA8v)FtOS*TwDq0IPYQ?
zrOtaA<EZId)N7ZO7rwNyr?9u+zr5@9VQ$>IK}CM>EPgRN)aAn*(2!(F@zw>+IWouP
zld6Qrtk|;*=Sl1PD;>=lOtp6i$#?5_4>WORAM2u1zDpV9)W`j9fwFb9{ftwgirFiQ
z>5(P^nft+7M4E*YNmoJov0BaZpty_fGO^F8eSOcq1U1q~{6r)A!j9&7@nZOJc=%2=
zn)6<xu%U(41h{Ruod@C?zOG%ho^uMkKcB<2{T{{GWavB(-_j-5k%Kj~pHAF4**2=+
z)Lbq?3md=}Oel~Lcd{(082Y_c780nUQ4X?XxmDjfzN?(W?;6|L<e?K4M!zzho8MC;
zul-p~z)K0x@V&ac-}3|IU%b>}qfjt?EcuAteb@nS1^2;7@5-cO=^&p=&gJEjZ#2W?
zEecHK<gg!M4NYA~2#0(SMs>C;qJ3a)MLC;<BcGUcb4wTjcmHHFl2i}|MF6+3<x@IN
z&Ul6i2idPGXwej(L9eq942~kvV!AC3MK{6Yc@p*Y0bO28RP2LQ{B1DscmNDmVuw%f
z;X8YsGlfN=Q*9UcHjF3>SzTQzLjqf$A}d{r-+D@R4-6xc^ID0X6G4FTeL|Vy)re!q
zy5sTdZN^jT8VQsgTn1rA-3Fmw&el{oG&yO{KlUq?ix80LVNnLQd>Y1v)Q1FH{WA<1
zQJ)>Ax;t5*9~bOqkU)woR=>@Qf3IF&soadU#%23$(b9yZSGdgyc)7l3+BIME?2URd
zDJ0L!Q!H|Mi~|CHE^tI%<Q7uO3+O=+@WhF2hU4q&B=9Uc+5S2jEz-XweY%3|+ReXF
zokiy8d1^beagMa_aV#7uXZf=euUSD)GB`LGC#C=%%n7aB=;?Lc-Wh#R*l5(=LnRUS
z6$jq9JI)Bb4R<JaBt^w}g5>kQ#iK`}t=6}nYky6(Y(Cq<CqXEy5c#-sX@z}B50`Q1
zHTpw%b>3D2qR!l_#U%GnEiT)$t$T9`>da>yvw?}4*7ed!vPq}(XWPH-yB2s=rCn6h
z;fPk4k0g<jk<pNo3uy$X9wOlEx-6KDP4256_I6|eza@LYA#HwFx3e!H%+dd&7u>pa
z0%BvbV=j}e-AKDqof^97BioDR4$h5r-2kanF-;r-`{x3`t?ar`<g<YQ`ZCs<xWfcu
zV2a-F>!mRyd+TBAmH7<Xu&qMePj7u{5NXn~SQ1N!8*wPu>U+;5U!DQ#P=mFV6^ML}
zD@wCncB^wh|MvqJEr&qzi52wMDLi++QDu^^k5}S8sOUkA?bTOEVX+u>Z{{sELJYzL
z^TA&OnMm2p>00MPEQXQ=Vm?}xJTWrS23d4;bb|pt&2;xzrwIq-*jTr3Pe7gBL8$2g
zZpxF6sElmdA&OSd+6r;sRL=f>5`85G(zm1KrCbbv7vn3~y0GwV{+R>ULO?L{JQe7M
zRbGPAtv6?k!E|cRy`Z9g4W+7TUdhJOlK!Z&=id|@K)ttpmHy(C>?ba!lx>B~rK_5g
z@=^^5D&Aim7`HZO$az`MuJnqjR$`?4S=;MO?#-I_V1Ag`wA9JF)YM!t=jMu*aEZ9M
zXvYY*!xhshd{?hSUV<ecN%CgV4a@|B0_Tb9{YuYpMPxu=XH+DWw0?z*76JbT8f8iA
z=BKAG+Hq|a6ckK;_;_KVp$UNG@r_mX_pv!{>qb+Ii5w?j6JWU6p;eDU{1$VLT5U2A
zIO!gq-UvmaX;y3&678}bGDyXs<f?fY?9U`0(M0w8T6ekOF1VmZyb-$EJSBX;9PXw@
zsshQJ^7ox9rqCeW#I;dDK1T94@0XY=U7T6JYX$}#PG3OPpYC*Ed<LnM$==dkd*W(Q
zi(oM1PE$j9yhy(u?Linz#`17Jx8wSlvQAIjBY)7VHw&JN9Jg*ve8+B0GQnk)!D{Z6
z1~8r9To5qnnP!?L5nSdj3kph=UQfm2CRvkZWlP0tUp4Z>-G)V+nH3Js(ePI*a#2<j
zn5;E_Slra|6+$uCyxv9b6yc8X<yKt#n%;7m<QS*0DX&$>RlN{%$kB)6h@8gOHvq?L
zIZ~EC7RN~4$7TBLP_f!>A+Tvn+3hGobcumPMyt%^Ls5Wg1OS!N(J>U@;@~#26qbB5
zNUcQ1Tvw+nGsz1@R&5LC4hYi9_w|1v2kN2EQTQ*`6lVjYHk#Whh#EtVw?Tsau&2wr
zYV0B-U}#qVv#5faS~guwas&v23Pwhm%WQzJ`vI&+yE#zK33JFi&wRf$-|{{%h>E$O
zH^&nXReVFHS_)pVkVDEJay9z<uQPN|x}B<G$m4&PjsANtAqCxC3SEo$X>7$z5#gMr
zET8pk7S>+j%nCHYBaC7ajUgWjMb<0FjW%9D0kQWrziQEN+`#g*$86hD@Ag6+9yuRv
z>60j|8A^P9pRqaVVC!;v^yp+Zgwb@oB0tl`oeJbEWd1h1n7wl_She~L3PMLnSn!&>
z<$N3r6@r*}9&0wFiIUvri7m4=&p)E&sFa4?;r5zG%g9Koc*Q;o2ezs3dYit3q#1YF
z=~4I(f9=Nit|77d!of%JTAv&F?W%0zJ>*`DpUk{2>aD{!-tnf<;)Dm37NF5>bY#;7
zQ|1~EX4m1Q7Jg#>8dGGmHX5E@UJJLos0c3m63$&`Ck?`uf#y11u5*CqiDA%MqLi=U
z_zsMe?Mgn3blrY|OIgF^H9;X|F;I~x{^|%wQ7dkz5C;c^V$U7lK3nvccK~zTLcA1l
z3-&HR3A4AfhmR@*0C)t_rY;U!iIlx`wB+qIj8_Xc(q8s7qfwq8HX!6++!v#XS6vEq
zrLxm|6>=v<aQ)%eEt>b;{cm}3>H4Wdf*yoxr))QJCh4j_Z-M*0V^{7LfbAiLcrDz6
z`>(R8e}Cp93&AZVTcwA7`D8#!M>%#62Vut%W|&mSYSTZFD5lG4{^xgXtvcm64x=@-
z9M#Gshw@Gply%4?#1H+=Zk^TkrhA|$uSxz33>9q6bmzqT5;KH~&mr*Za1&Prqp}yE
z-01srkP$Gk5k1^6p?Mhu0$&75BERgkU94zau8HP&L`?i<rG@QH++BiE$#}eFr-;(8
z#VV5=GhaAgF=%(Dp1C`XN}H!6K>8gJ4tVAC)Z@Yc{qNsZm-hMU?W;mIU973x)`}UJ
zfANsCYZAA(9-!LmlV}oa)gH*Yi(9_n2HGTX#Yz<xoRIn#`}9&|+64E8iF6O&Vci|w
z3Jbihcbt=?T|T}~vz^v8$~?!}f<wZyc-;?rm+oGWHLvvg`1%K+J&tJp+@T;QhTyq<
zY+PnKAQE!gFx&oJJtPQ}?xUxt&UR_nb`KdPo_z_+>g`1{s2mgy!N%N32<hu16Af^2
z$QDkH*RATmkmVf;9h-K|qO;lv=kM>~XJld2NSd~n6<q;0=$(m(Rw3in<hd7t_vG$1
zx16uHD|`;7SZXhSu(#Iv%;D?>h0j5`L~lrCOtdfNa6&4IC~L<i?a<dSbfw2UZ%{L|
zGX?pxvh}j~t*bN8;et5t5m|8B|2nXgi4A=HM@<(BW`iV!ZEU}aVJ!(K73;5KZxaeq
zziO4>!-W^ELI{}k)`O{EtVr}2WR&1=0;nT47xJ51fM1mY@exV2AlX8_*naUPU4Lt9
ztE6);Nc+nX7DEOHl{CP_Tj|6T{tyn}aBY47hr478oulSsGlZX8ZN}%e1eK92S)PKY
z!{A4&Qb79I$qKu<b(J%pHs{VyQ(y^XLa!H<qdxG1hJ4NRWqU?b7Y5vZS=>4~OwqUB
z6a{c7s0o$v0o1+e5keQn1jxipPOBabi%X3pa!tyH^PFVYo$rS8FO6GM#n0~8%}Skn
zo!wTLbaOP^R=hamKUs*4#;H_jevF#HbF6tXcgTvf&Dd~+QEu{G;ngb!xo>Yj?LpE{
z=g3C%)C#DRwOz&_Z5DeD%|g##`Rvs6^j)Nl5rIJ)_xLw3DDAR%&K#W0MjGmcFHWQ0
z2q5EjS0X%aw8^+2@+f-Dd-R4aOQ+=dqpo<~jye-pKD{4$BzF1qJwRxX)A#XyEZp=d
zI^YBdSM9G1MaJ-toE|*L*Q%c22@>tmHOH2r&w=f5-_wnf67A9M+V|?pg_TcMSum{m
zoqVx|yZTv$K3$q}BVk@z-8Wtuxuu?IvR!aHbSVY#F6UOLt9Wxs>H@yRLL&p6IjXwH
z69g>!)l<1M1<)H%IUj6PT*fWkk!G)PZ7%pk1?p9x3aIn~pU>l!$Q>f1#5*JZVL5OR
z{Nt*vc9oC(52wFA(~AU_^ZoVSOw(xGz3%|L$l{L!BE#pz&`e(+R%m-$13_>-K%JtM
z0>e?oK{a1^x&3>DyKrl~cI(0Fh^n@RhtuX%;>t*PT6^?E$<^SW5kRjH%`Xr=lNbS0
zn%ZVo7}D}<#X<khJj*&G!n!=F-_GGJBe$RSridAI2K?gkkmIAOtYfvufLKb#*dvtm
zrdPW}G83Si)JIAzHsCgKWl4Y!sM=}Uc)k-7hkT~@5Rb;W@*r>Qqm*MH++xGo2_{H}
zoz`jBCu_ssz75MYIR@ZWzLW9xl@y5|Qs*l98!3xP-hw!`3+>7pjaKvoe0Fic*z_V`
zBxVN4Jlm^EjTKFgikvgBA3O4&*Ik^$f8722F3_qW>9H{zz540n<o=gwZSUwLl5rWs
z>bFnKnI}$PUYimYrAm%c{0kH!eLLPHPtNxzhu)$Z11y`5ckNYA`1u;3>$iVumQ;1j
z>g1|kNW8z8BF_ukOpA+Ct5HR89C{F&K+Ue7`got+S~BZb0Mik=^u5lR)4GGzUrwkG
zvwylyxK4qAqctpdB85xL7x?cQ_Gdi2c*ithJF9>?lMM2CGksyx=WSx(y0lnYsGSvH
zxm>0_LB-J<zJcl2dKBDh=y{M-BLqZQ+WRJsf}vT85`V57TMR3|Yv2q$NNUey{&cQX
zs0GDKIi{!-<tdGT`-?#=6B93{S!5T++I-3n=!F<6_P)j&Fm2s2%rsB<qgM=tfQ1Tj
z#DWpWndT3EwKo+FpQc8DBv_tCdzSDi`Y|2l{b%WE(N2g(91-D;t2>J@y;i=iueMb5
zXXE;wWhcqmm(~`w5pBME8S|4~JWV7t`{~QDK~PFHWqoCjg3r-A|MpIEOP#F{ttUF9
z-!3O-3v`nSi>rEvBN9F1Q8%WgRZB`Og*%EQ<dr{4sdugPHcXB$?_`{+6O?Ec-4zl5
z9nRFt4rc}7Lacj(1Q2q{eSNah!MIe|$Tlh=;(1ahh+<tW{3Y~!tFd`<+v@!?$5yne
zyW&8m^!k@Vjq>13=|limi9fA(JN)n^^uaiNBwWa}*KT>&0jt$SfZP7LstuSW?=n{5
zm`j&?;UlP&B}3ra&5$_F?k@OrvJ(t<bbd|bjD%S&+evR?^}QsJ@A!ypNSTdad;Nm1
zuu&Z4ftgD95Q-H7`hyVrW4)0dj;m%kyr5}qcXB$Myqi5&%%J`8S)2P%Mp2PR;%yXs
zfh?Kojnq-4Z2!m~Q2h5jb;+Y?^xYXA8xE*zlq~uQBLYF5>LLadNyWvJ4>$|&bhYa2
z5?|193VvI(3_;=^M#;322L7A)ApE;#|56qK-T~&TIOAl`qz#ivjm&Qx$%3B08ic>2
z{<K6zeoFp3`?$_b#;?2EwfP^YZ|;9kunFV<B_v~XIA+ma)C7S7KG1vAXI_he4G+CZ
z@&l#0WqBZLU~hSVE(Lgx@Qtdc<FF4N8{IiO7&i-Xar{K;3tH=oMOZD{^78Wi60<dq
zt4ekQi@%v!BgnW6DS(;PZf~!jn(r2m)P#tz^vWj*H)Ry=S)hbGmR3nr(LuW9iY|7+
z$m7R713~F&EsF=J-J0B#IwDy~;^->4;iHmfUv2)X5e$Fk-#NRR4LBRkD?7^iC`Ihr
zbtam<7FI!)=XI_u-siFv!IAo>XZv!C-3kf!aB!^b%yXFObSqvPbq{vV<}&Td8t*!<
zjRtMhty&?Wpgam{E<k!%2H2CSM1j~s6$Zwudd@9#Uu56N)6K68WK|Z)<pyQxxO{*w
zuRC+XtMoc^J8_$h<qZBR9XHx=mbf=KF!{UzbjEvk3?=QO^a;04cNzQF^EJK^JKgHo
z(A%}2XZN;h77#sjYCHP2elGofQi2C};aOj5U=-7#sHk$P*IA(X=KCiCq6V7EuX4|H
zbE42%c~23_P5Kn-zA8##KTQ7Ueg0j_`+S?b{&;wtc>;5veNrv~3@uK&je4In85&2_
zYN9Hl;bg~tmz<FQF5`@>EE{S@%>s-)0v6SUV~omLDHbJLC{k*r2KQ#WI_oRAFj+Q+
zr-ofZK+SME#rti^(y!3PC5sqK`PBC5Oc6vg-C8VVMC25M<|nCK7>bMoegw;VBYl#z
zUpE%FX2@u0xir390F2aLBhB=<bO^#<nGNJ}<LgHT$$IJ-v}{;xsQ&uwt2jXK*?l>3
zLZG8;Hb}J&w<(i}h25i-vKX%*s6VTy_)u-oiga@H%yJj#GYhLRfqQqAgJx`06!|1e
zR#p}W634wy@AmCBcg<jvfGN(Vm}iUpL~*mCp(j4Gv$L<*H~EkBqF%EL2V**IP6(^%
z&5)6h_)^NAt0XO|FvcVB3kVp)))_(vPjZ2-C%(GaAfAS{Dm-XAx?iHDNA{ntd}$AS
z@j^j(ra!ik|1Kd9wYEfUu?tqlGZ=Ji+TLHA;csWpm1b&wB|1;h6^-p6!+>n;Ls1cP
zRCKhkXgJ{q`^D~s)$@%U{@OShNy#*zDe-glyx~oi!y6*uC|Z&4%@PLv$GHysZs!`x
zoypW(N|<q(&vi07J1%Ncos=+;mD;@bBJkZINHP6Ql&+aCQ}SLdHzmU>Pwo;1z@&#U
zj`}?j0^k0Y8oY<324VY?asYSE)aNY9u92w;;|5xObn0)tj`We>Zr|>Q)Bm*C!+()d
zYEbG3T18QDan!CQRYijSw|7p#F)wrZX0ZICNUPee<$WaRaAnN4hIAZN+b{MzPfN4y
ze^!*`m6qk%4yconk;xp&_09mm9fhuUtin?+W>cwf*tk|k--COv={1I9b%Pxam<c{U
zG5{$nK}8_nGz8$$w;;2_ti7T6ovH{BusERYRlhVM#Lg%ZRNZ0RYG0UnF{N|C!_sFQ
zS+sv*ob0YsVGWQ9ELLkK$(9fA|A}&*y27B2j=Q1m-&8xOsX?_vN$zl<!_(lILHY+`
zAh}EQDY{h0?e;ztG!Z3}X@4aaIjjqiS4g$cH*CWc6%c?beznz~5i*$8hV0tV`U;)w
zBbb7OvuxaxB(0cvO8mJ!mXUFVH^6K#TR-B<i649W6ebQ2gLa97D4Xr<NPl#iqucJP
zAsB9!mF#6eC{#VvLHdY6KmZ;V@M!#Hr~_z0JQKXEaW<k6@=jpDB1JX9UmP<kXQR>R
zg5vt9MS1UgRO`Y<_F^YzZC#gb3bXGe8FXxn3@wwM-cj(sv8`7nWxeDpG_j}1s~a2~
z6Wb-R0S;NU8(sEkoJkq9&w-zSKH48>FANnG9@{eO=_D{+TnsdCF1awrID&$LgFs#p
zw6((g{QV6ZfSw()vm=?bVL)JDpM4K672InuvnkVtPhZt;H6XCHhyPb6sg|}<o|=4>
z`Nos3_mxc1g|nkDb0DQO1;f>8zwX7yy2WG6!NNK~fbm>Q0Z+1FU`_8kTq0SKXZk+V
z3#K$76a{XvPkBgAF#^bFDD!(VTr~=<s))*w>A=iiLc<Zwfi4s?PxvSn$Wicnr>VvQ
zME=NRd<w7d+6U2u!rV8whY1K8d_ucms^f9BT@vrh>~@gX?oa7w6CoVI_*PZj9xT-T
zWI-N!MTZ%pu>d2^srdQ%4OU++FE6uoKt$T2X)r12zmQW<1i4%G=u`Bmd_lsdmDAFy
z>wF*YDp(UdRcc(BpU&C5qfm$+j|K$;Ck0*-?v55!r9Xh{B3z;WcQ{h-6aPSmSs$Mk
z@3N|wjyYQ-Y8-gS+UPpZmqa@_zPd@nFr{GC^{zZ%;f(mW@_X?!(fW+B>^}>7ph<8E
z90#PY(3?)E4Wx6x88MVw8b?Pdp+74Cu8=kC@~&uGq%dHneOmWjUMcy$KEjXt#c86;
zS+0m>wsX3KG(>?Q+vA`FFzhxD4^|xD_KYvl7KcNN57uG+s7l>9ZTBmJ#X9<v-%xZP
zpFT*@xQ_$;?Cy9;r4OKZCh`Evgz-AzaPb4!WgbE03quG=C*m@PJMmVKe|qyh|M<d&
z@e0*?XeSI|eO>)(cnZOJX9>HSe`{=Rflb}|MIzPtfGz#zA#MI|ksyu$sE>~FMa4@n
z%l#JA`fn#93$VjcRM{(yQXui*V}?{jbT4FS%@F=Ph`*nAg8~G+Vum%H0&0|-+PX6Y
zy0uwGZA~9^&9wM#ulMMY_1C}f^2F=_O5Ps&#`?=suvWR3Yt?Y<kfwaI5`TR0e>(RN
zLX&%#%>w>5IY{0up;E4yDa1bz!Oz%%RX&SF1h8GvOW5w}g}5-vzhKGhuXcR013Tj;
z?i`^)+MS6w3;7h3s@<i54;N`~5&ys1k&)<K3lb@OSpC$#+kepqk|6W}S-BzacnJRi
z7WITEHyhx2|D(-uo$UU)qBhlr(@5Ny%oaVQ2(FpmUe5|t8D&r3^O|$X&+np9{tUZA
zbK^ejzySK}34~)K9#~h6Mn8Y+Fzd1#dc)s|E)bv;+m-2#d!QlxWfx`*&si`iLxM_;
z(2lWv|JAH^%J^X5&%%`l(S94ue|~q*>y2o`f{;Y7-t-8<n%l`&S(v(y91=uYt!tt6
z`9ZbuZX%YMpT!{b4{qL|n5%!e6y$SqmXpQxfgy<sN-*imJ$xSiVH@~A&fecD(PwCv
zl)_=z<P^#qn>!%|mxGg>=tc8e`m=zgPy$#Ai!bkOTt^`xU|7rsg_weGvi7+-?%AKF
z4c+|LKfVC^s+ar(5dvrv_TPIZU<K}*G?fkwICu3)1A-dZGW!Uxo{j)=_)xh%pyhxE
zzfFLTq`x&2^T#**eeS?t241BARlPM(?6-gWuwG8EO#QB`lRCWro9H)h>IsiJ#r;Cw
z{$Ccy_w<^-$j?20vt&%SA@Nqk{KC@kii$!kMW=nDOUrS^Jp%vECI~n}t>(q@c#^LJ
zHK_P?P6%nU|MnU(SFy|qhOp$urvGXXgVtP?9oqv`j^F<25VAz>9B!I4X!EALw^66q
z?BsR-<?*3auTR4hbl00R?-36|$g$l6%W{-vP=T}zMGm+&GQc_n><|pT!mc}lNyCmm
zew07G2X2G^{LMimx(rX4TW{cg+i?>bgpz<3%4$vy!A878fls)uGWfVd7*o9X_4!x`
zJ7t8o;K#`h_t~dXSB7#10`sIKB)LT&u;pd3Hs)6(-uoNn?r+--)=%dtsEj?+9yPDI
zgZ+Cw(5UqwNncYX{oZ&n)79y&$qTtW9)UW!FnK=jh#xpYVG)~6T%BeJ1#wgL7Au}K
zHZ1Yiffvvmqh9#nHuVHFBuZXQlo%p=?re+V=vUor_<ww{#c*ZQQ$yC-^fxyB2|z0|
z{A$zqHemHZrGMoac`DA;mh%aN9D#2r(beh>tm}PRn<C!lkR(hwM<pXiIaeO&bkp?h
znGTpNv@iU3$>zo+F8h0c|F*fpK8W*s!Bc*KNTcv+Ql7}!?~+6RT4?YJLEMyuaL)j`
zy(fI>#fLl6i(DeW648907Ca5CarBM>JcEar=f`bCd+U{vc0B=D|7M&u<RHAE6f@*?
z5DH}6xJtlm?uy;hk#!yk2N<i)c-E(0&C#VTK1AT#h*12Ufr2YI+=^Ugv8*5=7H7_m
zLMqU-1Y2hcog-u;9-NoXyPKsb(|f$fQah=dY2k|W5L3oikRlrp2%<cXF|@1R2+~l!
zU0R8L=(LMR0prJ$pY@645S<89GkMB2t5B+HA=!H=QkHT)3GpvCe)Eu5UpR;ZlW`xY
zDPj;zRk(ReK1oQHQQ_-!A5dwF;!KQ9i0{F^7A0mVfCd>be-DaonF%zw+&u1CjzEKb
zE!3omlX4m`^jX7k75Rg{ZH*np`-Al{5rA#(=~GT9(8#aB!q=h|#fR5w^a=&IXi@bi
z=_d2Hz!M*WC(cT-nsgg1ynu?g0T-`5fYtk-OI~lNtrm+WPjhqjk|}{h=9?6I5b6)<
z8(7{!hV}J%gjn}$LoP?VmVsWoCIDbP3~`^-yX`N<8z)hCdwc7%Zi}8QXTjE*PNMe}
zXmcZBq<$<bQ_`rkO5_gSQ^T{h-5vxw*R=Af0cF(39gK}GYdX|w(~x^|j+PL)a`rt6
zeL}vfaOVD=@30Th)q~nqv&rZB2fF*gK!)X$a&x5;CDR-^8VNPoy{xshjxsPa>V31w
z`@j=DVh}^K{GM+3*8+b0;9N$mVe>UG+x~x9+yCL!LqdZhK9m|u#{!Woi(43eV2fW1
z>h-5vXF%C({SbVj7qwp0x4pd$X_-YP>!QDV^z1&p&S~lAy#gVbWIlh1SO)1@rwy#(
zjFW1GsJ30y`z&z~`p%~PmLBQ;@<1CH#)Psb4#6_Rz`%TTl1lIh`|i0L;s0yB`E`&r
zdCOPfjQ7T?4iM$6q5I{AI$`$nNMjo)9^???Bm-LwJ^5j-elSB)HJ*t?pMhSZiuh1U
z>`!9<jS&)Gf`cX>3<o+QqDB9et++z6m0gr_vy^YqyKCw~3pHo~K`K5rh%m%*Ojr6C
zNO#g{_&r2%8J^>GO6PCvG+vk@tv7g17Y7%6ey_59wlcPFOJcTDn%G3UH&M+pR`1T<
zmB5*(ps1K{u&(PC$+Z35I5|y}$Ww{Us3V4+<@r~=Unoys%VKW5fXmKdU6K3PPtxB!
z0}8WC!32VKeFm-BI%k^Cy$QIAUNS%KUR<gL(?%5lVIazGmLriXKH-uF0OAn}YIXQg
zTL5)&8XDEkqlK57ru!?p|9i{zfwe>Z-P$1}Nxo^h+}rQ8ID3+wDxD)DVCEnFz<?D<
z@j<BDSus~C*I<?4bcM*u7=Cz#x%*J+ISV+jY4C(q$uPG<7UPwSjBcY4@-X$x3Rwf~
zI5;?QeNxRB&0+(fviU$YC3+EhCJk}F0SX&K<3(!jP}H6*B|&sS{JNv?_AEuV(c}rU
z+h##N@I!WC=|g72(N>9yJ?V1&#blhbp@0ULG(7O*&97J9dwmQJ)?mobjNkFD=~P|7
z#AA~G=nVf(;Cy@-AcXAtLgZBpLfRXwp&kO*?&q(*ykqTu{s<imV0y3ri3YIM1Thg%
z8N?Y6JpxH-g>c?+^x^3ncyR;<1c>$NOxEn1OxBd|wc;i((A2UcV(tzSlQY9Y^D+tm
z8mFwI!E6vci4K^Mez5snklkvcXq@q9a|<tbB~nK)m`dUp!1O2pBrS}bNxYuz46<ZG
z0&#KfjMGyqsBWO6|GXKX8wLP0xWC+7)xPJ|zXylwVqYG&NjBQ=KnNjI9l!l>pZ>mi
zNgRjy3kxnS&IgvT;8K!81`|jxvscCxA^$SqMgN;mPpQ|nX!l+7os*U{kukvlA3_86
z{+XE>hqEzO34rPXfRYR{QG88P^Qk&cP!oOI9)ptQ<0Am+GY@3R4lp+6rPjM2a^(Rf
z5vSCX{bwJg;%#WbIQnAE6`&y2KikT$IiIUt%jURoT69OV(Tn%Gc#V#OBa%N}_5oxc
ziqD^?7rk-y4I|=bXg__)W;vGrc4i<1amf`r$6&z(iBVOsUwWeQJs?AV-EB&l#Ueik
zk~oRX-N}#pDk-Gs2rxuiVPKZDR@7-Sb5t;!g>K&#Ok%TW`m}e%!Q)!4Y7GiU#i#Xe
zZTX&_Th+NKV^U>iX7=MIFG@FUZc)Cvx!B+281Cu=bHB9!uKse11Jbowbkq-j+Jy2~
zcx!?NX{g<s7OFH*>soqo#17vqq$aiZ4LwZ6l>lf5QsD$JMQ}gwj4LkDt#Nc`mOXpM
zASER&nFe%p-X<p}3r{^%E$D3yL^j!(|AsT;0l=cdEBj`QW}t`{#)0~y&i-fT2hamp
zcm*giT=mC4HI<~RzE?N`%26Vi4Xzh#Hd%wRzdo+2V;|3dx>ZjjlgMH@7Nz4=O{JWj
zg7{g9!yB+SgkKTF_KxVvvfTYrjf(+k2yJ70QYw|nBY)>~z(T<9_Em_Tv;-r%P)?i&
z^Lv?b8;)WX7+zq~mzv3}(36y!p7s*4SqKFe*7b*;o6U|*v%#TGy?e;?qapirK1bTX
z+k2a_Wcbj3In_Ti#*<4EtpOMtgTG;H`XDCSH-@6xz1Y*i#}0H4#(YHG>-`1vgE03Q
zq@L&cefspN1oOKAiDo3yT}H_@(sy^Agt@)Xc}{-5x1KLQdE|8}+7ff;SWnW%A|8|v
zC9wzy=<`0q#WzoTdy}8-kLd1boE@zV^klC{%abDCixir=MpV+Om!wOv0Yqh{`%g+K
z3ouTi{`}-Y<}ah55`Z<widhUsgf^rwWeq{rF8#@VpVzG{=Qdyc8y^PTlz@~<qr`i(
zIy`C`oD;S7?*msy>yR)*5OI51&Dy@|h)eQ5Z41W_VA}q9FOW(87Bp(Lx9RaO+zfOw
z5ruTLp50F>9s~UfflO+padDIZN4lQJt{ZUw>a7GmK%{1Bv~U?5xUz427!(59N3e8i
zP0^1bwVz#+!dNuwJGQA)fk6|FYqQKC=t;*jw+=>5);MN~61oPA29JZ`m&>8-Qz_}`
zbIc7uz-zGH-PtuMK3<&2o5y!JUz4ivd*aS+Pon^+I!A+<L{{lDpI?5nKkox9ulrnk
zysljZNx;Aw9RUB(wM*rmXqZPbDJdy6H}@rc5J1|h5i$9X=M@bezV^t|tc(FIKPut3
z9-eIk&T`3og_3=w$W*`fTtnYRMsgy(1Xc*JX(nnM!piw1rX?9d6>%nB^U8596u+3G
zX*82yU~Vnv6|H>1!O?#tPlhN+$Pve{7}h;rW=ZA6&r24$Hdg+g4+yhAp<bhAoc-%O
z{&|VtgNUDiCcc_(y4-`CEG`WK?n)~sg79T7wNL6_2?&N@)(ZmlxMSv%`AAv2z1iO_
zw3(l#Y91~<yad^O^p(9k*d3+|?a?@{fNd}2nv9|8!|idzw7)Ugfz{*JR-j$mzKZwQ
z2;|<1(zYIUzt$@icYo5G0D@<KGf4;{fI<+t{19|o&WL@EH(qIt$&doC5!HqZ1f+!S
z@*SnzN#=HD@I2I(85!hcCIJe?dsR@_*WeM?^|1!^IJ|Np)rKeJ(ey;|xetwTC^d-C
zD9wb3rC{M#jXzKAr-eIaxNp|0iZI6UC;#k{EQ-aN`L{#KMRf&@$+LIJCcKFof{;Tg
z_|Dvn5~6!za{mqoG;}?>50m_A#PWc#+;V>g&<p5j4%Q=zWEI*yr`2uX@jUpxsFW&%
z2!LJ06BLbBgqDX1fgzZb9&}nyUJii9+|qYr)>Y+%4}dwgH|75M`4kx9(ub?-Ar2^j
z(IW?592k_S_n72@@ql{oEA-FcpGmWY$XjJ8Dk!9z%f1gn%XWux)AC`)rR0M7ii38z
zHfkWDQ0Ib}qh8riH&tt&TZDn6pNbeZgcuNXAI+xd{yjDZB1{}lZl}S3AVsgEB$dMR
zArV^Gn<~!Db?)j5ms=3m-sY%p{o^IqO+)^O4^rwmi_xe6d{2Py5rr)f5TJrZ(un%n
zHC)@;lAccPc5K)+o04yJqNK)`M>#>RiF`+S3<xs>hlf)EX|7DEdmvL#0FcORfJ0{f
z29&Or<BeG=duV$Aq>*u8ixnB^?w=?!W#)k_GX2@n;<;?A$r=TVqd`U4cRN2?*bxD;
zs9jy(px8$s=fSvulhSO%WRxQbnP?Uuu>g)Bu>_}W0`UC>$adgr{{b46lQ04wnt;n8
zok5!@b_NmA9>Un=?4QT6>7Wm#26~#59i5%z6<<PbbT$4wIsz#_Ac+!h0WvNR%ES%d
z3<}l`oSuw?M-2opmt`Z~=02`Ma=Ck{Lbo%V^+}Oorag91YCXAD&g2JE^q-olZ%2p{
zvSpZq79;P;QW|j4(q3L(nKrAKn$1Euj~f8!72wU4SLdVNy_4vOWz71hcwroDPcC(O
zF#Zh-9bFK@$Wzr>Hf{IEoF-3cgUcp8KUW%T%+~&~@K7neXv>aMi_`wa=xu4pjn&~`
zPh5h}YcTaSvA%rquyjZ;{Nd&Y<oHGU*-!^)kS~sdd@<X4st#`7W!W&^W}zLM#dB<M
z;&FV2p8Q!rIDeW!Ynk!M*345DgCnL=teb+*jq|wv0@CD4(+*#4hHHg7ylDbKL5o6a
zFY@<wUxQoHZ*`yDQ;53HR_lu~^T^9G$mpD(4H`8aOdy5C{K1NLoC~-%&9oo0)@naC
z>I4A9Lc-#qY=G{d9Vj;)h;cjIuq>f&_05t=e0!m&*dr047lK3o5dgoROU7ke4Fg9G
z=^Ozy5V}c;T$}R=0KE^z=X`RT6NA$0Y@ggT{}E{6)NeH-{}lc)0r-N`g;RrNuf9qs
zH9Vns-`vu!oTI1~UsA$J^){>@3_V$TQADbdDkKij!HF;d<t-o<^cGlpORlC)4O%%5
zWBc)hQgY1m<*W?ni=Lg_eS-)t;Ig{1r_6^^Ml@EK&0k`zkREWle0jZGW^l~>Kh`jL
z=)p)JaxnVFt=|<~Jqt)G&VocIHUA7K%<X_|E(n?*cz7g`83bcg*Si5ffPrdvMkRgn
z0>Ji{0TpGiG|MQ$W~uiuTfNi>Uz+Yz4csR!zn2K><Ps5ipCS%r%YXjBB%iU+1B9B<
zYkyeury~MIg|FGZx8Nmk-+|H3KqBSCy=}?G*^H3AxS}7gK35_F@N^WJerjV;nOdz5
zJ~q8d=b$Z}kdlg+^+c7-OUy%gqZhXM6wLR)d7FVo&1`Gg5Vtrx**h5bG&}_Xb$JeP
zZauRcdwZ?4XMiAIvm^WUF5Y0}re;)PqUA%H=6{P>JP_cS`&>=Y%f1wszs&9p#IQ^_
zezfBiB!sg4?9)laptg`Feb!gY6tT)-HNkNL@|~l>S(EQ26etjHnqFZ!F5-V1C2CtD
z&jk=J+z!4Q)9qx30QagWCiY5N-#|$zs_bo*)g)K+#NIKO&#3?`Y<?e-i_W$L&5OkW
z(L!Ck9=uG%*u=+1CYf&1aKVuP=^Dbk87au^w3dSXFy_7J+(ZZjW{y>B7xpTTu0=Z5
zbhA63)1;K+QHcUpAW}z=#2XiFHR;ZpH-cF*lmIh`$GLNl9tzyl+rUjd;-a&(C*F(7
z;{2EO$y%wbUC;9vgQKkopqoPf6d14S$#m3amx1ly>id7hGdZv<fD{Xy6gk!3^scHd
z7Yi0FR<lrAsB4*O7OalzK5Gu`1Y%YKk055_$y)}kuXJ1Q-29myJ$e)Y=n=8~0|U|?
zYDyds5me>em^*-Przs&O_GYpDzJZ3ueaF><GMaF%<-Rm{-lHE+clyUj=d$IAKvxnU
zXz)by9qD0Nj+KcUMkYf9QgOQsS*F7`SH<G)5lstJc@T=9pP#op`G!vR0<$)YjXz3R
z81+4~AyQWoZwJr)MIE805nM>MLp&QZ<CXl8%|U9?wuLgN79RQeuiG9p-MTBkklhY(
zl(d=^2{e5WrNrZsjLg*u88BQ`dXE1@?39lN2rFE|7BWDRS8e!|=XX^9TjB_bcs?&7
z1!-Mf+ygW|tl#ob#ClMWbLW$(!4g4Fc@pGpv!GQ|26s;j{0}TT-$fmlAU~K}rtNp9
zv4g22G*>~{x?mBch^Ao9Uzz!c3=O`;^tnt9rBI>=KBpakceyDi?S_x&tUf)Qun(`B
zs<x-f2U+28fwtsOu4<Ok`q+SF<)nykFjmC&aC1vmlH0o^msv!-*n|Wr0Q;le9nMpa
zoSmD45OtM!vN?)dtMorlrGaiSHx{Lx;ASI#Fo35}cSuP~XS9ZR;}m36DkO51f3%&W
z?3ZQ{H8L{le^|Ijj-xcYB?D=|b$i*D4})So?59r$V)r>rUWp48Dp+7zB~Z-|gzgeJ
zmz{$dH_$}FeS9{jzEFs;Bp(8M&3yuTKjG?NM;xAo)Ymx)!ogw}BWJT<=V4*LA*B^g
z$Mnng@k>?6CngY#pzI33ff4t)=x*WNXx6q9FIbyAi|KhkKAsq#c-;NuAki}+0=~v+
zKsbBalI%sJDNY*|3<9wa)Stik5W#lhuD?e91)VHOdi9}z076`kB(%KxU6r?ZnDLML
z{3|hqNzg`NFsZzV(M3|UFU}e7m8KZFWIUpfh(cq<oLL@N?oShSt}J-ud2)y58LTXj
zCDk76Z>Nxqad;=&l?uFtntHK8;JOFUtH{u8TqNh>8guIOqI&#T5#CQkSeRS8-L*O3
zFx_k@=RlodOjYo0ny4}3r}**LLA1{Tk+7d{rF>EtM|kZ}{t@p!mDD{(5RdGl1LmNK
zo1m1S9NyyQhzaPh(V})+7wCi^#JKIx?rjoayEHg;nW<OrG;h)^Rx|L8oqbB$+4R29
zOulD*I`!-PS2-@#EW)45ak)A^J=bgUIsuvFdQE%~A#0+t{zNqv4--*}ZckbW8UZ$>
zsma%$oS^_r&ZrXu7wn(WMviNv@?4HJUl5ol%;?NdOEgE~*w&u~1qb&_(s&<ER@(LO
z9!f|_y{5NT0b^1oj%!~N{3_V49&nnNFdZ$5*aHL{c-9=ls4i(Z=I;0Gstk>%NWA_-
zK$Rt3v$Ei)>6tnp=sm0c$(?RF?u3Ddw`{YqHS@W|VOaspM>egP1GM*Q)Bq*;!TyAS
zOl=Nh${eMSZzo0;_@2FJiFvylTlfyeZmQ082RQHeZ^w7!pl_$Zl+7WjTf*#=K-*H!
zhenAWkbGII1u&;b0GRo@+q2(6#+rpL00j+;_UCVP^m<|Yj~Ui1P1{AUKJ^vAW=f8Q
zDL;qHXZH<)rNr5rA|Zkiq<RxKs&sO&FYWXBy>$Z#X!$S}=>r{xy`3(zFCU4#js%t7
z=<B>kLa-Rf42@#Y)=)y51>BCpSgG!Z$y~bCc81TsFHtHKfbm&W((nQxQEg4kV;IPG
zE3+I|>ACF+Ziv7sgy>|B8QzwGje@!*2R)=sm`exk`aO!nWi7@|Lk`r(L-E4M_BI=M
z-JQ6lKMVfn%Rt_38ZnM>3=j7pkyG`_^$Rs&Kwc<!IIxiZ@`cVBQek2J#8Mnr+3Y&H
zDkb*sv)1+J@YXtaoX(Sz#cjD4M#+9aP!slnrq109uwE4u(5YZYZK&U@y8lm><_&js
z`YMU4xUN4}Q*H9lDX~JSSA2{emtDbGYP8ftiWt<@y;_fUtj|aMas>sAbW-Z^<&JpJ
z>79G+ZyQ!8B*P(m?bv|AKlLE9bN#26OGb*@R0l6d!;Sm&`sJW5UoN|y@T1uikGcf*
zbF?_M%-5m<G_couEp*QZsjJq<r*6%wjf7>>TO;&8+z0q$K#tFGYNG9oT>UK*_Um_;
zr_keLT!>~E?SA}>RFV^ZoLAcY(s<~=fsKOW`gB*Bn3(Ya0X+YNhZe?v85WvAlQqoG
z5T`GJXTxw>_pU#uV*uY&z3v@hAt7Wd+)gu71+HEc@|5oXf1VOEPE60BXmX$o9`duA
zU|{YDsHb3_%E5s{(Pz8$xvP!hpANt&rCx)HvDT=yc2nT>=S{OPKX>1@<}Poqd~9kV
z{gV8>G;_5igq)m>dviNitx8}Qnp4Rd3fUP&`EnOPe{}cI9E#mH2Uh^RfdvablFjZL
zxPMp@Vm-Ld!@SqX@D{iVw$~fHRpN78H^0!KR^S2y@zi$g6xf%Ri{Jq{*NtGnC=ARF
zQmP2yKUoAUjAoNZUw4&_-XU4}^$CXFggCmXT0d4vN~VY=A@iyDK_tl25U0R_WnS8N
zXtMy^9}@xIKP?Cvf*SO$F!x+D^mw2W{`E`L(Sdz)J!X!1r~^ltW7(aDM;g6>9%EOb
zg)2{T^;|HrKG4}stB+*|<C=tIsTFSj!&!lX@uj$2ZjPdp(6Q@S<+BOfxkxds-FIKr
zF78pWg*yypejoiH%;k^vZNkxmqAmJWm{Lx~RGeZre{J{I&vot1h;6RUAiNckg8lDx
zEr6`+WUgAF!%IBO(3MBeQuj|@-M<P3Xg0t+;Iv|0)0=@621Gph54U*rM+EBYl^C*A
z!nyv59@JnZj<?>%R4IY;R?xPlKCn;a8x*sIL+g8aumtpwnV_&o&s2NIFyqwZICrkY
z&!49bt?KG<+^W3$k@I?`Tp(U!XG1wpwdS)zx5z$%RGAKuJlXZ~%7EqdS!E7a0?QlD
zr0`Ec4+;kQdU;c7Lfd~Y?_D^syhJ+v7_kO4i*s#`q5&%?dO@{sBrX#P*hJuJ1xGTh
zSYI^>RmO=0{P~>Mp;Hd=(($0?SY<rAPC$MLLhrhM^B2A?B;N@+dIA&KN|$bcxCj<l
zS>E}Mk|m<lUKIJle<duCAA!bky#QG~*)-P+aHIlRfOX|FZ&o8IawecELBe_&t`NAu
zQSd8}oHRr84YGQK%_0Bss~8QQyu$hUFEQT^VzPg<wIm!S-7*l{Ox4?edrLiZ5DNS<
zcsDA@NceQRA9w>T(hsFr;$jv~Q<I&a-gJ8ipbkACzIXD5?eeMBWSdUU%<A9ClUXC7
z#l_WbV9N5*JDQC|lqphCu<mE)Y1fK0oEf=p#IJQzQnE#~5qdvyS{o$+fiVhu+SA-Q
zM*G?v{|vjQWO@z8hFYWi=UUj;hLy(%agB|cN%<s_oR6QS8gEidTs?LZ8aM(h*0*3V
z?Kck>b?*^_Mz^yVPzB?{+wayyZPW6U_YIQeJ$t>rml^tCVQzU~zDd{ndswmmKkcPY
z;dQ*yNLu}!8Kpq7MPCJ7*`dgc1h8p?^+KFi+dK;PvP3>$5Y;!R+SxfvW<;z@qdXl*
zh5`}LXOcW;bK!=|{frjV+UrVTq0xlAZW5NyhK23N0c*VOU`0+`R+jzlcF;dQhwSxp
zL?wp&eh#S13{A-}TxlP4ZNDgV%c~+ua=HgZU!P9|OJE02N-q$l92%!<Ck}lamU;z^
z)v65wJ+?jxRX(mXKeVp?IcA<=He|-t1FoHh%}2#ni&P~4Y#&%x_93p^{ySCBgG5um
zkJ1}ut!&R`*EmU8lc|{c2w3`weFV0Uz><qtRUfN-)Jc2MA(A8^8%Ys@E2+@W6Kl%h
zE0B#0+YhDm@oPVZChM=w(;0v7Z`;p4Ry*ldBSn+fXu)Z|oAh3L)7g1v{7`O+gsJar
zDqPltu7_`2)L8AXgOS;6aD2m<O(6#4P5{$F2dHNK$3|TVG?FoN?W%a>BLAJdfiQ;&
zPSJtDecS_~TAEwGouUoIk=U_&7NwWMQFb#MNwKgQN!^J_${;`>eq-(1(vsO<Y0Y1`
z>v^(F#cVz-RXGre<|~JR5Cxr0DjY0!_9B#mCp8_FVWQz!mD716VW5CkgGDN5D39JS
zt(`OB!g5uFGtsMkMlIV5@*YXnkfeA0FrmB1sLRaNy4mIM@kL~b>3~uHui`ceIyx!l
z?&n{de9sm@iR_r+<(>b&!T<xo5&?mXkb15;(Db3}@4)2i2eC}JZx6n@B1rLgX&vfj
zPXRg1T?J=Y9(pF5AH+c+=F}m$jBgD)VyfvH0RG$V;_U8{z?<~+YG!Y*w;g2(TcHBr
z_K`0AUUI(`R5xh3oj3Nn0;_{1eFgA*a_(V1jLuaWSs&g1<-}>bmOa20O@~Lrx-uAv
zLD9T_-1+*k!fCQ63?}0n^f;GKq=oh1TZo4z-CceT1PT-~Ws_r6ak3VHP#r_8u5BP6
zJ3oy$4ujSY76SO+ukd?QE*-#DjL&frtK65s`UQdN-^<|h5aLOPj`etx(1;ipL;3AN
z7?dhHc(e}8k{ymx=2U?6wfX>Hya_Th+v&!XgMnfF)%M0T3hCLMaofcn=f}oYI)Trp
z&`hS!C6))M+{Fhu?SFoaqKT}x#cS_;DL{Nj;3M(psw1JZLpA#8)5XokY76}*11bt-
zCi0x#=XGn-zp~PkB_iEWFdW>#%NAX~tjvhkL+1(GESZ=n7Fj;+BXJ$|gd|nL?|1q8
zC6mW%9CPcAznIGm*rNUMlD}P@H6#_krLQ%rc{?iPw+oo31a592hVov|$0nijt|V4%
z?~<reqaW}v2uB(z=7&ib=!6W4SyFGy$|4&Y>Kdj*i3~5Ej%M|gT4^_eUA9|HbjA~u
z7M_ss-ZRMol9j?n-3bgdG&EKVBoXc~u#`26^BqdQOi;?XR=29trPS*kb`R(qC5#xL
zzlFXpXX{Rm;J+CC5NpYxPW!e=h>9J{H%LZK3%_O(L89&pf{fC*5?P$v@lK(3dgqyq
zgG1RJqV1S-ZHKKN(5~mzUe(4w=>E}}5JG|td~;RN%l9(2H#@5d$s{#{{Hf6;IZLDL
z(I&fDDBi#kF7L+;=4fl85*|rXz9w3X{n2uIo04`Dw6MQ|b{p}`48`P6e%GCVM-S(A
zVX129W1OGBVD7T*I3nfV6^IU{rD8Q38K8qdSdaPq5_MhzOEdok{zPLBf&owN0D9a~
zLP(R)B13oBl+!qY-MZt*vSKow8u7Pp;@xkn9W7eEI)l5rgiMlDWE)XO5^rDrYw~OV
z_vbb?-GYSZ+;C*~l#f_f$qnS3iUH?BEB6zsyG5ZJmh$%2y5x|*I5Bfc8PDDp8HOU~
zu=S@PI7F#VS)wR<O%<!!bvDSQI8Ucu;!79-sC1=w3Hvm)XxW@Pw71`q6ApPH?tet7
zkmq8{Y0srSsL*K^^z+mLmXZqyt@c%il%~aMdj&eI4r?cm)wzb$vD#H7@V;N5Gfip(
zt!%pT)xn6@kMVZ4KJ)HK$-?|&u;rlvIcMcgRT0&=r26lz5%2<OQO4;{<h?z!FCfV$
zim_u*r0o6m_Jj;=3+5bEX3t44btR=lUY<GS0!p0sok6GB5Vx*pX3VOE_d>KnmJ>lx
zXeg^uv{WPjGPKt?HhvA~KaVq4r?m#GG)RQxvW`JNwL9w7S1);942Vz5sdcutwssx#
zl`C_)9>qeSnne+-?NrTTHYf(E!?%T|Y=Ay$`|0uS0$}yvF0kL#a$k4sud?+6tTCNn
z9C}(aP9UZ++_9MKZA4k@Ii_n5a5Fny>>ZYiorz#z&bJ{|=YHMB(;ehvAWpU4zz%~+
zP?y^xp`sFl&f+cr+9s0W?^vy;w9Yp#3WnF^GQWNMW@Jymr>wX7^e*pdk6k{z;m*7`
z>f%uB>A|iroXeI^G<-_Vy;7o>LN)bDr^N$$JKFVtsk`CSH0WP0fGiyqRTxp1vOh34
z9<XE1wvJ^ZY4sVxAu%V@{~v2_8CK;Qb&V>ZVgZV%h=fwoC7ntrAxL*gNlSMch=O!C
z(%oGOqO^2}bR(S$&Rhz<+xPQ2=f`*c?CTQP&wAD!GsYZq%&*vAC1yu2&yU_JOiW1l
z)@L((QG<~Fg)eAFh13Yhf4_Z_t^9Y-ej*dm;l_#2YG-0!ocw|a6YL{}kM;wba3q$+
zFl%CP>slYm;U)16LD-`x&Du8$;`1F-1jU@`usj_1o}4)|J(QQn=*?FxxHjT|Z64h*
zN>{ld1vqRn#=YjSvBm!UwN44%20$`?U}-!joMkm0c+`<Q;bO_B)p|gwu?n4H!K2Rm
zEk9)NwWhNGXH+u4YqH=RWHIU^f=;Z+T8e$c)-a|=Nn&A(FVvh$f4spfcsUTmWtZ0+
z#rbII9jBeuLspjpgYL#qtHmqHx|Gk2ch{yE%_q@4Iu;jv37K@5%_o(mG87p4_0Yn3
zHh%JBK<lVUHNv_Sx}rCF!TEm!@h9Erju^Ym^(U;uv%VvP>KPoTbO@h@?rm%Km+xcZ
z35prXrplD2Y3u5K>+xPN`Wm&=7xGb8g$sPMVxBLjkjAq^h&zmV2g-|AO?9H)GZJuE
zK8;@J-HxAV#lQ-k6??69ave_0GcxL}x(cRD*-E8P9z*3<GL4KpULfIsQVzn5uVD;+
zHFX-5#rpE6F78mVwWqmxA^|I|)w+OsF_SB0@)A)TiF(UaYVjp9sZz3S1&QL0`%A1s
zu0J9$xMAkKLsYSV=hZ#ivRtF3PpIce85yNu)LE?Fs5E&`wmKbRzgnZokWf2WS660E
zBASch940~F+n+ByGo`**t1=t@fSH2EcHOPe(wxx4`@l0SER17}wk5>|?n0vFTnC4-
z`I@8M5n|hTcQJdet)?z=gj_t*x7GtwI919|DpiV9xx9LRnbU5<yEm$bw_3OMk(ckA
z%eUsIUIk6jRUbT~>K(E}Y_fXwljAL9^S`N}Htfw}mcVrjv)f(=#7$3h<vqSA2GF(c
zZr-XBZSeQAZx}L;aJEw52&t+2Jc<i0$n@rQIWdqxd3(4mGsR)O7@Cljbki-jpNR}8
zM2$OUD`m1o$VA2u{cnr=E5xf2MVejF4;LL$Tdw_&-+TmSw^1Tm<FTm5T{q89F9<u|
z5MBHE=taCND)uAqTgKGwVcZct^WEv%uddYT(#AM`!IA%l)O>n*y*n4?Mu}~$jGC4c
zFQTH!XQ@zRS8k;(sX#4#N>U5A{hpScexcJwyG$6fVem*X=2gHRGv2M-5`70J=5dUC
z6UFvyJHNVoOW6(-ruuZBAVIz>DQpVK@Pr7A5vFxn29#S!{a+}I`1|?Ap@MeLP)g^3
zdS{HA=Sl^W2-N)y(K4cfz=JoYNPe_LfIu^7s6y@Ga{lwmg7x=w7%ag_t<j2YRfm+u
z&dtju6XK=7E0bYy0?9*r(Uk~Z8NSI9vkB56^b5nqrZEhL+7j!5hnAr3YE#vF$EUbj
z!R!<zWm$zxwyZp>YD-{>u2{h+q|m+h`gq(tm&;ZAe^5@WAP^k2(=E!AnSQnSC_2M*
z!rEgs088(1`<ao|hAtI8a?bNVN%jB21l%58glHy{jaFs0Uh>av89R*(-B1P3fVe8z
z)zF(yS*e3A)0|d6N3O&`zgmxH>L1OW|MEMF(N4F*;m+=R6L*4o#unCL%K#o8(-E$)
z`*Zx2F5nSFK(uM|(4N>f>&W%+#*{Ji8DAneh=*3bhLK7KFV|oXt6Td-oH#NmC<NVJ
zo?C-py=dfByCn%h?>HkjazoF)S~O&TvXyhCYai;tzCOIsx-m~^%NH3zJSZwUQL<(2
z`B_ES4|O+B)}a?4uWW==2Cfy4I;V$}Sf^C13ZBu~VhL8GdDdK2Y`t`g_`CUA@n`Bs
z2jQuTB)m|%;%1uq^zxh$LRYOEx@FCKRc#isK`k})N&;Ie7wPg=et3UJNCeKg*hYCT
zKgw<cgEuXBmweVg+zq1qD)L$+mwIaPn}4<`+>JJ?!6lo<!d|s>CdWJtHxhF4(irwf
zjaP_A{bpzHY4v=WSnCS#nPO{_Ke7LRB|a5YNM}A?l4GMRK6hfhTpf^cmP6`G@}LW1
zGK0_(zoF;%s!o?(t#e`G!G7)Uto}J?@S8KQPq}&C1^m7OV-hlf$lS>p(KWaw97}^G
zC2USAG=&+#sIn1Z+u()Q8mXY&I-GgWwv`a>OBo3n*?euK11}|n`;5V7tEBce=05sN
zspR!FXQLQE@k++!iHL|lChq~?O0mhX(mBpFI?6t?#XhsOh3tjR(jn)*U+a(9<0dzt
z&?`K!^dZ1(gvn-+a(3f&+oUWka>^7;h5fx?lqjpib);HYQdzpy)8(^!_UFGse`_Li
z{MrZCL%XVo^AW;kklkj#Klsxl&gm6-Le<vHroMAz)4_L`nD~oKnxoHm%9i=pcZ_V_
zBAM;1HXgp0+$m8ia!cwfGI=gHWz`j_oDN^CsY{h6Yg(I9FOTV`)j1A#F@i@57clL1
z6K^cF=KZli|Alc}w~;`m-0d4%&I_d|Cjqf<F+gsCHjQH<eprO2%{MHgYwDg>o_1fb
zPGbH<GPV#apriK%7uy4q@D9vA@A~v+d&EJas;sZs0Ydo{+-((OpsxlTAy!=WHbA0`
z6j-EI=y~~=90hbAp_Z`*Qdo2RpiU5Y9=m=}Tq69wB52a3RHw%_;&WQhCPo9NfE<vQ
zyu|#`T+GFFd5!U$AGL{+wL<n`bDImQ=cLn!J~8SvzOBr3LR@^-^GTs+6ZrP+BwP8+
za@lICLOujEU*6$_K*@1lCx2;pXi0CMtE#Vf{1oH}BP(_&*u$*LU30feCtAxb-y|g1
zt<8Ow7-};LS?drzB833zEl<3z5I)l$etG`lG5Yq$Qv3qa#+**CbEo5ceO)<fpY<DB
zgFl$0L8e4ej3rX^zmWD`{3nL)4{Hb?cwT6I=jLf(HwyarzytE(T6?_3*tBe&7iI(Y
zqQ3b}{{yPlH8mH+X8qOH{u#a2$U8uTvOpKJ#3AX+(-E};&X|=SJ1RCdcEl{HpJ8{J
zRXZsVq$c0fRncdy`_;1V*YL>qRzURPWuA{uCJ{{ym%Cl3B%t@lGuo<9U0QK<ONEvU
z+a?;;g^A^^JFHBy-#iG#{h@r^FzRwd0|lNK+G6G6W%Gs1;(0`>baEqvRvT5jwHX#_
z2&1I!?qo0t?{0|(-?&IM?H?;OMR`@V3aSa^*BbZH+&t~@!YI1@x47+f>F}#9=Rz2{
zzvgZ0mR0Z&F0T3_3&iC62l;JYE;saMf?ltm-1fiL)K&&y1CuXinm#OnpHD2d8_ESF
zY|u=Q(~k~7B7=sh8YMv_%HahOnQ*yFVvZ}7o*+em!wvzi<;n=RdX&lZaJ5VI#$tc1
zjvBLad^oeDaR8aqJ<yn^vebyT%LNTDiCe7Vfl%C>!#&$FF>kRnP{^qL*jnS`-m<tx
zOff3<6DFJ&&#P7P(qi(LU=aXe+4ApQ?&8g^se|E`QiuDaNAsfIHyIvQ9qv)#G8+^?
zApEGKqr=M~HX@SCt|N|8H)?%e&qIu7=jvP3rwqBWiBeN(;;7i&9W7As&TV-8C@|1~
z*<fL1e{0cPp^+US6P`la#cxIo5R97X^XArpUIiXCW5b>dzil!v3*L2J3J~x9s3%IT
zRFJZ2T1SD)HfE<q*8B1Q1A=*rgkV_zKrp9mkod7p=Q&Xh6sVeB3U&yyh6WbimsfFO
za8R*f(spRw*RP^`bC#uuqQSN9CS5h0@79o|moyKi%hQ!^4J>Tz0%hhK#8%^Sz8Y!|
ztl8;6;`*YbXh<4qtZ3l9I0@dPgY`Vk+HCu3r~R#tWC``kYK;eZVv%eNdRIE2&qZsi
zW>F_OSuBj&Kv%G^6#JU3q^3B=C8i2I+!4y1m8|k*OaITCcWmZ;Llj{KZ3TR0yt@~W
z0gRhJuqlH?JgsKEm<ycP%8CQ?t&aY!!WYFcOY1w&c(KmKnqL$%8p<f-*LY^~Mw#V+
zT2WE4l=S?71^BAb!t>sEcumE6=UCDcCr0fY686Kq13@)~QDf{qvX<FetiAdSf+nG=
zMk0n2Gx+CXBQ0h$77`Z#e?>kZfqQa-`P9H)NvX}bFI8L+qkeV}#%)-3E&Cdo;MJ=U
zue+}CPNSLw&h^Qfzcac9=cmonc>nxo8qZ+FljZlQw9&8ij4@2QDz`1K-nc;yp14xv
zF3_z4VSOL249-L`TD@y#a36{^p7wIU#l;o+K1#zOtod>gC}LT9!YWWj6%28l^ivaZ
z%16C(gZ4mxOe{3EGsW8L_HOWqe7?tJe2&TZ3Vx4ELAosw3lk&gVvB>t*(zp&4yuPa
znzfS=rorkm=d7T7+LNc#bls!>;zdJUwdY+alJ%E7t)}{Nwep^Qu_>y8!LKFM>W774
z&0BLOyn~E8&%YiZ=07&sO)?r#%!KwC`1_d&6&Wk7Jk<p#ibJF8N9=pL2p5EKmr;0J
z3BVZ6*`r5%@`KeYyhj@WUbsw+na!H@=9BU^^CZAg3<OH)92bm{4GvMaZ~rk$Qhb5<
z%0IV&0E>P!|1505xp0Xqf3_eRxdqYZUsAg{X*_#L(2Xv3Deo|m9UaZ9hPaX-K&jBM
z=@Y6;!>iQ^FH#Epkn~MK{*0TUeF?(STBQ?r?CUFtAAOj`T{ov?Flr4=_JZl72F-b_
zq89x#+_pbs)mZExw%v=|ojBYl^aW?8>Y}RG9LQD^${=a{`h1?lRFFI=1A}DS&25mc
zM?wcFP4`_=rlM9#h#goy15b4KXDw#4bUkB-@KpkWEWNk4xt{xiFm=E6GBT_@N9g$d
z`t51&n!0JB?-O9p6Dqft29rbd<xabA4T9vaQS(sWu);E{bnz0zTHVPPwRF|1Dt*G2
z7$M)nz~|6b$xnA;9IPrwWK=koGMt(cHC|A8UsE@<KMv0iHt0?l23^gBhp*oi)xn?`
zU%FuGA}5<d=}P;{c8jaz-W5~E!WaZ>8q~Xo9}YHqod+4LPpt1>InB?+U!`SD^)w5b
z<A4sG1ewqK&M$hFg}ZrLOpAp~qt0W8&YqWP<U8edaM5yUMEb6mYXL+iyQKFdyZgWi
zrm69JRNaMOOuF3P-~Vom%V8Ms#no=ze;WXt4Ns-JipB=JKY+Hb0G(2sHk-9P*%ypd
zo}nSBq8yO(^@MI_d#hOY>)6{3z}I<vbcoPd=%L{-)pTE6t}M<Ua@rm)i$v^iFDQbJ
znGz{dZ;tFq_~SwAr37sOVI&HE1&vL?8KBlEImFYZ>#Ts<xbT{dzsgW5l=?uxowS}7
z`=GEcx73c9UNR^Xg(`x@IE~H%6g_tx+h^9&bDIqyw(#C#W!9xwAOcoR*UU^y1UYz_
zl<kXJNf&o!9)SwEHUx`TuUygOJeUemZ{%F5Fy4>0_!{M0_2bQ=BD2NxW{=I;*a}j^
zC367SDqW&oG+jX&WAu*S-u9F+YlxY+n9*HiC8#y~@bWOEW@3!)<&ZBJot*l=T<4DH
zuhMZ&wY}@YNwKgSY3$Q`J3BX}A@Ydev`M<}5=ZOi8GSa13k?hXwwot5FTMLGkz1$j
z>28Xa>e?ob1A*wfn`yE{vZxQi@Nk*X3D>7w96w|(KQGUV)bDFkyx{xW9VG$sg|cV*
zQWN7_GIJhSW0O^oLs-ZB-eRv*yWuJ>_kh`42jJ_s@~>?LfQF5F;G;rG8l8ifqXYSv
z2*6fWn+!jU*d$loz?mI)y>Mx9)WsFLAbSPhE!M(n`$K}#09`Mer)}oHpF}@<uP@%1
z=drN9vd_nl<G3+ofw-;f(;S9e(!;&Qsr>(AN$t4@2GI*Xbe`U!eCxOr-koPY^=^o%
zKg!!j!gs`nTN5q$=x$T6GX*3MIh;+j|1>y<SAG|k2wk$?9j|!L4Ja&Ss7tr?e2-)>
zGwHabKj2d%&^9jxloGVS|AT^523l803X%|v^h*nov);Z-sjyr{yN%04QWO|jozu0}
zOquf&5F&G>$i_ja1#t6^lZL1~6a9#S=<<3aoh<GL3eJ5W(xad^RAq0|L7Y%pls}y`
z-om8xOuuZZ)E9-UT?}MusP?XpCp-N03n1xZxcP3)K!*XHLC=@IJ_YWGj~vM;wmkcb
z((KL$uQukpMahdX#hMjILC0RG_*2!;&=wOTqp_$)x@CKNJF?}B8&5|@rhvZ(h_Q_Z
z#G$jp3|hB8%w+I8w=7;P-x@IVw&qF0TpB8s2G*Y0ey8~M`uvPqC4pIZoANna*R|k`
z!X{Gs_I-qOnWa8Af7W((9nL?E$_t4aN7GLwISy(GCzZSJ*s#D4GpDA#JcZZwaNRtu
zLKzskOim3z{&EBDDt5$t{~qn_)sc~7_EOvS85zEJ;j%emVT|U-<fD`t0UH(^quvZf
z3krE!B>*VMpnK)zp(VNLgHD+&6~(TOkMrT=5=prE4od|zH=^Xj3`#*A#;{S{1wm?H
z{rSM?Xxl};X~Jg)zgaIhH8}5Z^vHy{n!{1ePUoDe3$w)!7<S_2Jg5;t+I}ZauxjUH
zOcZm}>3e#VpIp3Z>c&>Il-~YzMUQhXKJni~1a_UB4=2CZz6c?1+%#lb*%4ee(F|JS
z>&>Az4G<CzSNMoL_!eN=d2obj&^)ujB-=z-wuALb@NR>!(9^N)XbNAc$P1IK^bEra
zO8Z-bCKgK9&s`(~8s4WN6z&^to^B&Ay9ocX;>RT&FwVc&Rjt+d?8h5JbRXCoiQk_u
zy_O3XWp4}P<PV49(djqbNMr9-gY)+7Ti=wFd&PLM!G%2LlWzy-ghPvga$tvdM(Y9!
z_RCy(ee8c;qSE7!8urXTwq96eNSB>*J`_GDic>ngy2i^huIH%W#_w0nMyEeDg(KH=
zLqsEfs{HMRe`jE3zgLnVIq{fygoS<;>5d+UPgpZG<6`T<^knat6bfW07G=X}gGF+m
z(3gMnEV?^w!uek>a{U^;OSMvtflR}DC^y+(35ow_sV^r5N_|0Qn(wW#x=+e0)yO?_
z&VK7drO_J72BWM!GvwWC1PJ#n*nj&*cPU_b#4h%5;R$Lyixwa`DW&}dg%HjD<~E*F
z?d>2s{>@KcB-<r!93?6A)s8K@=>bpz47BR&T<16_f7>8eD<J>mnT*=z>%v=0hvfbH
zt&@JcYr`$f!jrc?LcaB3wx_9~Ms;9*8KawL)#i-B?@d8VMAAq4GwoR3)zoo$KK?8A
zJ@Gnx-+z<xFv_wL9~}R1><$t+<NtC-jA2WZJzWGl^d`M3Okw!-jdQZ#sXa@0rafLY
z0;cm)EdM+qJ-_SsMlFYNawku9K|b|}dDZxGD8uTG84W=itE;IgYt|d&wZWnU*3WAZ
z3C^N`8i7ZcRsUw@TtJz2kgI>qA6Kk@!YjEZfUJ2v9^q@P^#a=3*)@dd@UJ(erUWjW
zAZLA3Hx#RyYOeX5+|Iwik~6=V4$3(eDOZobiNZs8VxEAGqr!P)R<-eCsXp=7jd}>Q
z!<46U`d_WDhR)7@V*P99Pmr*O4}O!r?rpFb3;h1!UzKu5d3{&Z=YQD>4N2fkP!BMu
zWnFjkR6Cnw`_Cs*-}}YO>T{3c4?4ctHCK_K8Y$&Otq4io*CxA(HYBbl`<n+>yReUt
z`kkgYubiU%we47eDAOywu|~JO%_;aa;ze(X|92JstPEDc?*)EY^j`nw@p4>~LN2g2
z!|4!JB)<$=IQC$RT52$lU-q6C9EjKL7l$ff^-V@4Pe@*W-;WEFzrI9CtosQ~%uNI7
zcik(a*ayE#wNg(-u1Ak?{{GC@KrBo9{_3<M0D`Ccjb(2A)8IY)eR6595r-Y$7oxYw
z!Xc4Kd}mS^(hzY=gVORVT<j>uKV|SWVz8yo1@7cD0MvJe6r4~oj~DiM7a^}kvbM{q
zggB1BB|0<G5_Jt^>i$X!W9~nKHl8OM&r*g@oftV&q>;NUyAUF*5x=?r_SV0Roc?bk
z7ag1kLEEo2LcflDw8FrI2`3o2fSI;{5H&~O2HO01>~Xv^SzsT`jj@~cAQPG%Ni;sW
zy?-_ixyfudeup+g9v@GB4~FNO!BwQ+t@rZGzJxFG|N9FAQ6O+VJ-Z4Fd-;om69!-}
zT;|fE^V3XlBrH}sSpIpgBY%4l>*ZR>li$NhyTE*Yzow3L#P%fsl;x+N)BQdYBUl=z
z8u8M4=-})vY+qqMzFL1DjGE5h#5HajQM=<Mz@kPvrksMW!`2W&6q1s+1jwstQs~(X
zBNz7p<@Yixywa&@<wTe+ORH>4$^9glT8&z`o;MN#^Dz}7-?OnIg2BOkY5guUn1lzS
z9|%RQ27Xa-UW)`J8p*Jqhl1<;epu(6`C6SByQM}<B)3D4e$`VB;N9KZWHA;zF%17b
zVMIt~D8b{2&l~v1w~S~^6loqqdJ8@mULBv9s#w+gbYMq4W%L>&4g=nV_YXA)27D#Q
ze1k6DVR4CvXb**no}P`Bd7%l+AgfqSUEMcEqX+4c5CX?%UARa^W;Fqga#wCdNuO)g
z)oEy5ikNB+>lAPEXncTz&7YX8|F5P6WK;&{-;I&hF>ZSCk0q``67(D`m={#OL?Y{q
zj5-;eR9$d^4(|SMx=#i_NElBd)9aiZdaa(i6T%N4k<1wsol|Mg#4=>Eq*QG>vqp=X
zJhdK0Su1XaTal!xoN=O^TH!apKV^#Kz65%{3w{^$Y;$!(T0gHAUHrZ{8x8R_3@GMY
zs1(CHzVv^u?+c{kIoDW{qqVgA%dsGDhOIgrthK|S468Ft^sB_RN`t3P@t6w>Jdg>P
zB!OC#T<=pnG_0S6HFchZk6-0-8A1!jV<91-tPs<V1W(K5p?-zN!asbT(xe#@lsGah
zbkwJ$BCkYM9ODliGJ;JH*SAL_t)&%mpIwdVdl<uMzT<jOXj9D3u|HNnT4WN~IhTC9
z)uZDEtb1y)KGn&-|K*kYe^JJ6-biZub6Q-GEUUwkBHnEMvt(p=qU@Ls>rW{Befy{r
zl6Dz>#Xmo1TD}%u$+<B*P?;?7%A=`^B7lTuDFHzdvjj>SmQI;GPSI8i;UL}+2x)5*
zx&h_5+}_7W(opcDVYHaG6c!dXqw=Z7E;JogBXHiiGF;DYq1#kpw|<~Xnng$io<p8W
zzF2PfthsPlp8eePlCpD<*p1T-iF6dig$vAGPb5XTXH>HKd0v>cWks3a-!!FS9Za_Z
z@H4&Q+Ml5KzYfQh6j`Hiqo*|z=A(RlY{ecRS(ay<_$}@~JwtY#;jmdEoVfPQWny{;
z4@~tdd^L|yd^YUG47#&u&S4&qV%Phui@tc~jEao|5{<@_fQ<P5{ONBZ8pUPzIW%Z>
z*A-oSu`4xTV;K=@G6=H|ykZ-1O^O3v#nEVNo=(Y=oJtT{vM&q3SRADBz{G#iuSx0^
zJ16BAGQ0lOE0(|TRX#$OFtlX5jhBRZDhDy=J3vm)kWdy;|4*|Xi*y)rgg27P|7YWn
zgvrCQs_HC5!q6QuCbGSByb?%C1%!fwJ-otppHY6@qhZU1V)O1?DWG+Y&^|>5wHJSA
zr)mJCZY^M#P9MULiw;j!y8gk&S!-f{d3n9_{MLgH%B-2Jx@ufN;CT=fTvHc2FMjLa
z{8HdNy|<?Fxmezfb@k7^RzngiD`YBk-WOtuL9Z7H6PZ#`a>`AVJ49nEV*;k<$kJ%3
z@o-2{p*OVaBgNW|R^@s(lFbo>B-~{xF_UtXMJ6PrCC0HXOa(zB;XOd7dZsE@>lehE
zfHjj@0MyUar*Rd5_pZ=F_iq5y`<vv|X^?uj?30qBY)1>~#-x;K86;#Z?K6;7(*mua
zYoAKaksP!%EWcrc3dB-&h17gk7ICiZGg2z5CUiz_B6a88M4;|8+%bkyz|_&<ih<K2
zkRAN!suae7_c7O<4oNq4oWt^vB6p%`D_R=2yh^(op<20hCKCGO_dh7;t>QtptWQpA
zd*n6KQI>4Pc@Xr7DpS302p|tj-k1S&jvQ1E9z(}>B4}sC2d}6Vn^Yn>eHe2Of4oN$
zaAeZ&Oi{`84Ch$vUuO@pez@WRr2zB^7m(Nu!2aq}*8RkQV!O<2RVq&=L2X=-X7hF<
zo||Xf(0&2_-@faY83Xf(JVyjKFuJSahL2sC#$}{uxK+5SN+Y8YKQP@EK};;<MFfh(
z8!G2dqeY(IVPb2C)G)0DZcFcz6=2)wp^5vXx)#%_mfdu-?{8`tARoxHdcW9TIe2~6
z281;FV}dDV)4qMIBnV1^K_a(VtAVJ}7|Cv-y|>}h!jHuDOE-It`m1J!!nhrR#iBU6
ztxJ$)z8r=LovFtDPijTj^&c**!N81CuiNaOtrc2su^aW#<Bt_<PMifY-i*;qmpA}*
zI?bUrNR}y~e040cxZ-giSz$$TQh2snIZYQ%J>E<tTFR78{vcUhoB*~n&vZpiYpd1c
zc9xEFDG19<ffM<zE}x-r2S(O}kI3)F*w5>y8dE=7HX6+N^n7CdgRx~WZRiI@t5YIp
zuzC!AW1-)ihuXpBNK?zlGm|oiQa%WHz5QioQA@TaoVh~2TCZK)Z*MOSP(1QZjOGVO
zkRi|^ril12JN$d)f3@BWr%im08=xz|JKnAgVz5$*$wF1Bp6puB)(%P;9d}-!U^~^e
z%0d?h>uHxW<Vwt-77}5~f^w#O0e2^G5Khz7_c(s3Br#kH^{NVtWl;%<5PwopgPuq?
zPs%Y`T3YcK=?Cr(-ZkYQz#|Hy|GfHt+%@_NWVO4<!pNa>3v=%*-&d%M3Bw5A&0N4j
zMU|9bHS&qV^G~IX)j$=iL#_ve;l09cVhU3bpUQy0EwYD(IGbm@5fiV@ugvAiIxLqh
zh^uDpPQcKcV270@Bj@gXjx>FzrD9L)(GWnDBzw!Dm}ZoGp+hamuI{a02he#c6IS5A
zf-RGw77j?}4ek}Zg<2%@#vn<k&>NRq$N+&In1aGB`$B6VRaz=v_X&k+S%G*!B$xV#
z%aKzh;RRl5_ES2|CJNbZ4CR^)kJ%kqM2n2~WL?4$exo%4`=pURxcRZmhgu$rGT)rR
zwdbiy)c(u0KU6?g6C2EaU@b$3_p#6DLB=E*(!`@(b%5PHF!%S;t```MwZK8c`leh%
z_{kGWiZX65K{mYewDU|`46E*$gNM*Fu7g@}xVNx*$yxVlJclM>s4b|PGy=|?+?jrg
zk2!w~xH_9Qg&TPnY!|=By*xau#pL}aN>`b(-9i|}VdXzkN!Y2L{3L=5@M?OAex6Y~
zy}%Tmq_${oD)6aRDKSdV%7B_w@Bh8sUVr9>`fVd><4A7oVW5T(%d1)i(LQQP+Ub_R
zp)26HJ9Vc6DsF?!)_6=0x8^tBE|p&>fH5YoFzi+I(6BIWvhl@Gi8-v4Ezr&lmA<Ea
zR5+1YJOYcfltR>GHc>BXYg+<Epf-h$(qx{|q$hZ|_n+sC$csKp9}~r4OJiYnnDD*B
zPfA861l0vEOH>``5#3YCIm#J7B_m^Lm#UVYl_bwZnud$LRD6I&CKODI^yxd~^lVR@
zS%Y86xmCwiT?xH8Z*ywtU#viMLC9yyp={2d%ln+^IH-Zv49K9>S}K%30^;H1wkvF5
zc}WP#`k1M75H<`l`PF8pkvS5}g3fkfhl8yh$_P=MHY~c>70R_4iup=!F!1N!YCGnu
zt0_bkV2a6n@{m^_7FN1%N~?bJfj5$T@GU!7i~vft*XYz#fUc>7c86#F1rJno@k~nE
z(Z4%9p4r_RG@XKS%ZqQ>RVfR|(QD^kWU7|eqj%xOcOvTzYeN=o3ka|)1EIO}4xWZq
z8UqDB-Wv7y*zNCkU++pm!S2rRHgFho%Q7D{E}lbBNGE@b?9bnH)*MhSGE%gIQZ;ml
zB1v$*%fsahj4gy)POEdt7j+JHR`+B=Xtx`pY;@ap*tF^|A)7~auOm_i`iqP?6|0>q
zk+eJeA`uU?2YX+jjU{n9DElU{Y+84h>_Ej2J-^!$T*vGjJKCuXU6l;%-pA+ab+se?
zq6S$-gBhgBBGBDDht8ZNddJt{*ltAwyw&{<>{c&c!AW~x2C_LyG1p`yBcL=eAE-F#
z+JIs_F>VwB(*Aj@(0hy;HGI3h)rX0C#Ew5+&*%VMLHshgMD$%8N}2C7i>TO9WJR1Q
zD7z!h`}mb48^De6a;@H9YJE3}6WW(OY7rl74glZw>}qTZBNRCEAUq-D-FqIM!T}|B
zsQyf9Ms0S8(gi`ic@8nx$s6pjTq?f;ghW~0w&=v|QQL_p!jB(+&&S$=QvZ~d)w6O!
zyF#0vV>c3!#L=%**_R4iXj3slMY;8KbQ%LBcv4Z>yUl{srlbdfhqZAjr24Q-%>{Fc
zQ0}&C9$?{_ri@HX+6(oIVcZr;R96V@Y>tnU0;^N&`ggJZQsaCx!sv!DYVB%3xBlNv
z&KIP~x&FuGTt|jW)H0+oGGB@U*AMK3j2Z{g$o2%H-a{iwG)fhQhzw5NI0ze7ZWciS
zNFDm1Otl)O7fHjSepGJlE%^7bNyeDtgocLp354I*j}N&)3xIZGu($s^9IAJvmkRO?
zVMW=Dc3$Xr<@jM>$uOam4cxl_oCt>EwKEZ=g`I18LgSVZ{7|lmkN0p#YYiyJ^NAn3
ztvWk96GcN>ixM+j4ptvYiatm;?#bx4*R6#?l1*TFbgs|*RP^0CoZ&rUaL34R%8xlM
z)k4i~zww+xE~CV#zf5qCYd@p55Nc}~G~EvhBUb=rp9CHnldiA|lDuR77>`mtgYA@T
zUrpV!`sVn}@v8~8Ko^ZhAc|?sIS?`_mZ{21&>TiX_CL|(e@`fu%&++K!^Lwr_q`wd
zPTbsFfAusMoj#LM0uI%Djmz#mF80Ng#{e4qOmXFPzbcCg#ogy;D^gu69}zB1b?m;r
zq2_D7beP#Tb4hIR`wz;>MKkc38|IB!7bqTUj6?nP9&jDA-c`(&ge$HFE1MMISFhGb
zB*656z4FpaYn&@y{$*AR11P8Vw+S_<Uk}N_0LjU!{jzT^NBin_<DTSJ(GU{?QPs0(
ztxH^UAbl+&Ut+)k$#gfV+?2CYS`7KnbIyy95?zW$Uo~BhX5Dv5x_ci<-3d-U{ANvk
z%^JB(_o>C+y~eR<P){|-@uXF6pOb3U6sjt#Uu*esg>>p**J5qoRC!8fKsZF_^*msW
z{Dm|6CoR7J&6fD?A(0Z`H{NbUJRCgsjWrxd2++!4G9o;b2@*plvJV8z?{JR;k(waa
zYFIfZSUFG!u$9c;#OJboT4u8{{qD&d3|z{VaMs?LB~<L}ioBN$sG6ppZ{Oxjaa+#%
zrW_?E9At((l{@VXqbRI7sI=6W$f~wS1h`Q@USK;wY>yiEz9{^tD+E5rX9+mHi8>vV
z4N@KGTQF5B>JlM?icF5yc`c!`$;n-z??3j<YcI3T$MOd0e~)$R07ZU%XoKNq`T>&z
zi4A%LEU1heWZ5OSHw&uX3=lFrd*uicA<%909Oz0PfO#WD;Fwc>C^KVW0+CD%v`S@V
z$Yq8{-|09!Kz5LQ^9@<TJhSOcgu(ZvPA*6!D4pZ7ScY`9pFnVxz;^#}o0s@LUDHlE
zR--5<6tXvp#)$rzdOx56fD*IL>__bK&08n9TQD-bpq9QvC`<CYC-Hi-gul%Q;75eH
z7P!E?CL3#u6_6#QI!hKVdS6dl`x^ub38)vM`n~Zv#k;)T8suY&-479w`wE3C;uz<$
zr#-kZM<RlqKMrxpZF;u?1>2*NUF;Ta^<$Zu5mlREech(snF!Mgiq-Sy%@20W!npN{
zxcU$eU_sYAz?k$`*yZO=S}Fnq;TQK{VYI^TB1i|NEe@8;6EKP`7Jn|14@%VKbp#Sa
z0^}@j`VAn0FS>-sqVn0Re`^g}1<CK31FD>UcUllefsD=x!N-7gwwUj>Ya<Ok15fVj
zS2z~jgYo@w`s5#)Ryd2o)%lkLYU+F!%x`)9<!g@5sVlOb$V?@4`2+z(bG!roW_Mgk
zuI!C5#mugS_xZR`hISDrepM`ViqkIVNGXkA)p)l0Cd@ax<rf?@+s6ghmO~kC4Bs#a
zuF;FOt1lAEchUgmniWwaqYTJP1qf`%4&Se(p@PDl>bavSFp^GtmSH>yEf2=MttF~o
z=^YGT3w2y?G51)X4gt{~h{lv7Tkogn;#N$2Sd6WQ#(^jEz1c49m%x8jkwVi)o?$O7
zzH6%c*$^6KGSf=tj*3@@)J6_1pX<Hs<ms9m7yB3#bH_PLA$Z<Q1;vv413TV8n@QCz
zl*uQ_QmX`^jUhWEW#@2V1C)<={mx^Pg(kc2F#&z4ORAM2w|m3OV~{1&W|k0IKG;-{
zZF!`Z$^XCvC(tL-8lo#fFy%l5_R%=`JN@x*asmOx)lL=Jjb)scYK<Ww2l@@FDJ?Yp
z(4zh7R$>gs=CK{43!`_AOh}Bf^y_f&$h;Y<0HL@R`wu^RifIT^zX3-_dwGbR1r6tC
zZ+h=XP?;4RWZ16}uwbc!!G~~-^J%<GJ3l_cES*b=*p%0E^Tg*+Nqk8l>kix{DTz$O
zY1x<-@2QXKj;o~H5o1s*-C%5?3~h5R-<^&~1e#&}T1gm^t=njrU1{K=B!ky2)nFj>
z&_cP;AhBX^{<S40_eM@`!un;<*w{t#YCx3d_6MAzN?lD*H4IQTMZ_G22M3e+`T5;A
zBO0!+ZZ{>X75qh@p|O#1{@|U-M>}z+fpcnPq@=j{yv`af9M89LT`vq|wG?Wikxe(&
z3jcQ@|I{Abp?HC8!GCH^=Y3K$!$cx#1otRo-_h%dMFNsP0up^lL~YTLuQ1j(i1`<&
zc8`Rx|H{u$zTRbS($5NMHuHhP&gVsBF6Tbeh))YaWOy2QP9XCzk;YM}G#Lu5;Hr6h
zPc57c`3hUJpdqjj`xO97G3st8C%)XB?@EQZzgzNfGuvg3^t~((tS|WLU<&D^dBc=b
zl|fYUH|L}_u6_mFR;J%e$45N~#^25(kVwhQd!7*W-t68_{xHKn2<SnN8~jN(ckR}v
z8xn*G=biQmr!T#p&V^K<0cMvOIOE8EaEg5<BJ%Fa&)zTABSRE$n9V_@<ZhZc&_U=i
z8*Zpmw_iCZLOog>axm2^g_LiTwVSmm#3j>vp*vl#tK74|xK~_6C@>Hhr??LyUrs@U
z(W)r$)S1<#`mD~x^FYzlDA=kUFMi7a{4W^8EfxnTU5vE13sl8wk5755FA{_Y!Nih9
zs6|}#!o_|B9d|XGggDSSi+MpTa>tE<NmF=k^yrKhMeildV8^(7II~G8yW%n8Aq3oI
z>TG^rM_^Qv4%&{Y&c(Y05>+-U1pUy*d_}uYj<6_(0r~AaAO^jPk8d3Fr6?QaR`()s
z0o#G1Df>A@o!~BwQbEp?Bxk-}TQInmS*;*SS;pqGkKyFucT66{qYy(7uU&w!Y?WSn
zzA|F|B-wDo%u0=h(`hYXA|njwMnx@`N@36{F5~3X`^HrPhn9!x&;Z7b9lw|5exW<B
z8|a)25}c0Wp+BQxsBZTUg;qLf4)$yR_-KmjcERZX{ZU25<`s@M6~kbLMk~~`?G$Kr
zw3X2qt9fwsM(@+>bZR7E>eiq4>uLhuI#68b)X3J7a@5(Lu(?R5v@yOQ`IhNql-oY|
z+?0bZ`z;D1c4b_9&rM5#f@Q@5W&lbDwL%?(=m+U)m1VW&4F(NUaKLWuX8G=IE;NBU
zju&Z2xtitN+qdXI<MFv~5}6WmU+z56IEi7Hd2XVtn-B2AyH9&jertE;H0ZL}4DUu-
z^DPhjt#1GC{BJIGe=RZ@q-^6^_o}tq)TwcGvw!obkQe3!Dwe#68>oB^kw6QIY3Y>Q
z+z2<PttH@uYarYinoPSV<75um`QyQ&B_ko-yUgz=I}$~wCVY~^JRXh*oKEqboqm5y
zSYup}<o2Iy|6l7$G>gR4K-j}czVn1va4!~Ys!Yw|>4=s~Vk-2!4GN8Rm!Q@-7=V=3
zxIhDfI$fbS+3ImkX34IsqmKM6MhYw9QpFviO%#xQG(c84dEY0zKL?=a_+UM`2X6tV
zK?vqw<!E_slLNS>RKnvclKF&bH9~rWLGsqV=2P*T)GuK|6w^TIr#WiR);0Sz1<gSR
z=yv$Vy*-qke&1sHQWy)(O3i1O`Gl8G&C<TaYsdJc%e*&BS8+pIIaA>}>QlKzoRwbB
z8i5r&i!=W;cNxcuDF)p9PRDCdLy3$NW#=c-?T<^v2he}LHEaXWG7eWSMB#>iHP6da
zmgsGpgvCUXAmxV#r-}`_MV8C<O(qEENfZGH72NGIdJWZ`o+f5OwikQ^j^7ca@pP14
zs4Q+aqxe)nZ3^7ju$=49_khN#f!5rB|4T**vTEm)$Jc_?u}InEU4nYr`->^K82dn+
z`dnK(Rp*J#Xt$<~Y~;-BflQIveVV}k)hjfoMd-yq^3M8O^8<L1invX{)AuIL=M*lt
zKI#dR&sHPNu2>T}yl}S=L_xw?PXjF5zf$n8S~F3>?<3@~<;1se5`P!M5t`%>d=Xum
z6S&TW%W86)iR`Q%YbPc6acwt0;!%I-T2aRSaGU)u46^I~^bT?oDUell5~s;LfJC@)
zYiZC}zu!!qj|Rb|`Pl&!P|cK+3JUJyvb{K!#BycZ25P>el%Z09iHTJTEC2UQ|EYN)
z*;e4+{>iqIYHe7bX#nLK{>*)SD5Ije^MQ<0qRq-kd~g`8Tt;Xov^596jRv(%KqHF9
z+brl!-3Cp{RUytgt^5$@6o-BX33&IZBCW*|Iv`W*%Y6#;hyKF(Cj;*P3<4c~mtTk1
z@8TTC*slPJfD$x~JQK2_Lqd*BQ}COB8)S|8T@6WEJY8tCE-SA}3Lrz^H>pGtVkT)|
ziE6`TU;A=H6eao2^-K`E@Ae*R>#;v8f)iK*6Ajs&_6h_I4G{(mr*sfJYeJXdD8Hf9
z`DbB9!}xc-y=R%+;3TR)MDo!N<WY}Q`hSCl&~?C#f{p0Be60B4Hg*+cJxcaEhkKwE
zGwa&iKi3|e;P<0HbteCz5pYpK)N5BHvk;;SEFxb04`QM8Zcwqd!9A{6*X%)QT(R1x
zLXsZ^yE0BB?7#W(9}HUIw{lQU;lAg<ah=BX2r0#L)Lp|X&w`3%2>=_9SG7j=_i;q$
zIc;%@GG2Rb%<wjiIR%ztSs+h{EW#S8e(|rZI)(Cy^o7aSM`aHL7p%@_y=lL7Vo$(V
ze|2`258=}oS3$OFhB4&&Ze#bKoO&!GdWK(mC;a)N`po~xr1+j+#0tGRfROl~ivlbT
z@B6JF<*yCE7*O}CWZ6#2Q_CRTGMgpyA`xKtlD&YQ|E9fv-h1o=JYo5s-`V3(<Dn!`
z7c|cNu95@h`+NKNSLse0|5oAv9suyDl<w0v!ei<8fP(yIW&iU5W5N)|aHk3@9&Z7b
z7)l&L=uN^HZmn^0A&t9mojaqR9N)X2AK@LG>$WEn;jj_&g#26b1G?PF_RdE)9e<wd
z)ERWKW(+Zv5)J5c46asACHlQ$r|<G<Jae@S^hgJ;h{pp8jQ<rx{racdDdb|G;_#$A
zd7L`h@5j;e3iIrYIR%?<HK~3(=4GKX!nb*u!9Q#SdN3vr{Vx6UkwjPFk#9Kyl1}or
zNAQM5B!XVNU@LC9c@n~Qw3oj>?$$w<glF>SPe5x)i*s`Kzm94g4SbX5+q{`4;BYT2
zff~A)<B^lDn59$li<3<ox(*d9<Fr^2u;Wjy$WP#(zu&Tk20n23+1-<7fmgAx>iuq>
z>jBe^AejLT=4eM4-?e|ARW4d!GJO?BjpswbMvae1Avr#cwhzYqrM^tnrHau7ius{m
zQ;C(a4HXDP4+zA@Jwx{@^5ko{;=!wyxd~i7KKkg$^ME(!EWv_;4ZaWVC;yu1Y477B
zRf`e_NmaSEap~TCx=wq%AQE@8SGZ6A?(Z|^I)kRvMMoFH>g{*+%e%&$Fg$K~deS>%
zr`_H#H;HU7jBEF*lTUule5Ab;OiXYu=<bPaaeEJ2QPKB`_|N+x_sXHZ?o7k_tHj7%
z&XbEwa0Pv`rtVt~y}s%l5hbAzzwks+;nJ&LNVqamZi}_~awm68g>+5itvyXkh~hTP
zPXl<MVxvO?3Nv0ADy34;OJ~e^LxdB!IdZ1yVNpt~_vmy)Lwv0`4}*CRMJ{HXeLDE?
z{P&~R<HSrTcWAKG7Ar{VbRUPkwaA;x9yj07&h_1RKAhvO($6KACUY-!&}D4J(oSpd
zjc-A0dk@Z2H&4vrz8bkt#^pZ39mOt<ab2C@LH=C4XgJmF*zW>QzRst6aDukHJYz`O
zSarn?Tye2qu977``MnA|N<>(w*rL~HD0^j7@3G2fXOvDKma4Phb5bO}^Ju`qX%h8l
zoHFv_{1D@RSZxwwG1Ddr-Tae4(P!kL64BL70;!|)JiDgr$^%aaAob>~RAr!4xg|rl
zkoVKr;X}iZk9sQ6Hdf<@;+qMIh{gTAt~qL4MxDyY))K523zX{gx3krkuBOWFUZqfH
z8QO86UfXW(%<Bvleh%CCGS1GV@J`_VC=JooJ7W)tij0C~-Z%QM`OVbXUh*X-uhrge
zr)PJ(Yw5mjV&G3kW1vl^7-^mK)=NcBD6bXA?9TN_k3rT<YF0Hh)pyq$Ol)*}*cB^R
zeVdO=Y+kUGoXTA5Sr<K>cC|y1Qt;8^nWLVdc?Lfgk7_TX0Z9v1k7kRQ%pWHU>nab&
zXM>XN^>HN==7heo*LVg(Xv>wm>obj$!T~@Y8*>Ot`~3$RxNdwG#i(znsqC?&(OA)W
z1~%u<B&^UW>zI~l#makxuC2X5%=`QMk)rk(2UIgLk}~E6R_u(6N>$ohA$u+WQ4m57
zM+$TPX(b3B{lPYwMRsalG`)=4aef?st;v*vwym6_eS2BJ6QLJO9;B<XCI=PelJv=7
z4(FyRW|AZoVRnbD3b6yr@<FTgn>cq^Rpt1{4Fwx`b4iLSX1vh9SaC{ee|k4;&PBsH
zR&ULSZi7;K^fHI@xfBl?N0&rMD5IV?ADdrkbztkG*3YDsb)on_=Y^6J%(|%?aNUzp
zB3(vQRjP)RM8x%`xs*#5lo)K<nm&kj-}{Jq*iYstue3#YF{(z4S$bR*-%u3pwAW1a
zdfv#+@ah-L{V6_?GU4&H{MhPhmFv%cV2{{4uj&P$mL4fFrx4*Q*NaT8^)oph<{?bO
z%CwVt*-KBDuxMdmv>x=t-9Hg%;3C7Cck^6b?FUYxL^u`nl{^N+wM>2C;VC!QYcO-h
zd&qn}Q>s$va>yocP&Aq7b-G|^VWsVSf#UY`26{q`08ZeJLFZYiksX=AnSG3=gwbu0
z&|JrLE8r*WZ><ExIPWROEMQ5CTSv0#P|rCki3HxegHX49aO=KNN*j!hP`pl~l(Egf
zc@COo=XNX979|u5_|J7sZO_XWz70BJawibIMnwtTT(nyLMbpLT)rl_SMYgFp%1T|A
zWSzbuX63j)d!6zpH<j=;2omY<(9@3YJpJy=WmJp7iiH$0m09PUk70D*d0=%=Tf+D3
z<;D(0B_2n;6Vixh__W|FC>c#NB&bj6TdF*WE%kBewW5yqk@%hcQJ<WPVJyp3WEPG$
zsqKC=Rt+0UBD^d`9*0~N8nn4hOV(Mnt?HU$s%*d7E%Mr<Azw(tWrLJ-qrtQn|64D$
z=b2rEl^G4n#M|O%^@ILBzLn~4Z=bDA;-8oL6w07v9CMS&(b;&Y_D_qAD>*pOjaPSd
zj*Sr?JyJQYGH~5}R~W3}#AWda(Cu>iL$zaa{NE~Ekc>F4H$9o33%lBKh+95v`@rU>
zss3<U5ZC%*zCBsp`H8PhtfS6`WDL6BC@3X(5rH5yqC}{iL!_wNJT?kCamK}OAK7#@
zO_(25@UdJpF>bc+Yz)m6Ha>G%OvX;uRj}lWqQCuJey7W!nM7`<j~H~%mu0D14GVRT
zNO*-^>AvJ?VAxyY&y&p6#nKY`V3u5qEKXw-rSRxwrTTOAWt2m3=du$8L*FM0vJ~c1
z@8<pNmC9Rxyyf!!JKL6*N{FqJNDzI}llw*bhN2Co9{DeOHr$91l3a@wDMwL_C0Kp<
z2~Vt^_gr2|YmlW$pVivOi19DhHTBOoXcS{Dc0V{Y&wt)Tx<0-BzWNs4B}B5W_p-IB
zljPB-H+z`(-?a1*J^H}jdToVHJ?o@7-3=KbXlxVyM*<TT9bzo^NxQWl9?hY%m7L!G
z!0%c^K|O~7Nz<D=+ts^@MMhywdo0k&wOoC4T8pLdH;r)g?PAfIb+@d%uz-ND@RKJn
zvsYfZG%Yw=S(6$%sUL^XswRN4iG5K^cGX^E&j`#JejLFPGQWc4`9Otv9x=4m$Ea*c
z{uBk<H1#_1c2}!&sgYFc;W}Md{=RD<g|v{G(<TnEmEtkPZ!^#1gZ_M`cu&5bgyi<i
zfnb+>m3kk%>}`Go+@z{<)GjG^`TOY^bP6E+INIHpFHiYcgU@GSf~3lNYtaCkr=Lvu
zh-><3YI?YQFrJrAba&Bs?@LAy%)oD52NBYYJ7YdIb%WtCfdX3R^$MS;NGfd+Sg8~#
zv=G@!cP{EUR_|xNq8_%^)Ri+#k-R8zexs6H@|kzyi?%3UI<0AAq`PjCZ-;9TlzmZw
z%Pf|+8cp<Q*iP1XSN@@(Q!%wtzC4|v$*Qu){Bah+2cu>}Z=Q-0z&Q!%=^zLSXCiA2
z04y>mFkgN7AuTi|1Y?D=t)k-B^j05T1ksTFW=Q}a{XkU+I&N{8b%pm8c#aO3L<>GC
zl7i4$9BKxO=>Un-{-#y%D=m`?*Xq|^-`EocEryLC=Od?NuEU*)qVytDmqZXxdgKzr
zr1xR<qFvrd8;uW5zMu`t9eRcibXtPJq};$f<<GKaNs$eK<Sql$FfUwqD)gq^YT~D>
zII`k-d3oA(KYvK^W>pQ@FB}ydv{fHa*Lqy;b$h=l8sg7Ar#HFLpMQM`XGI=Vwzj>R
zaGQ9o@9QeRqmb`VxWK5=R$#eNhuiP;Gr@6p!kJyGSuLPf&iBTC2us?%C-Z`wG<zB%
zWsZ5~KAjfqm~yF4rNX-?$h)ZoMRbVSh!M?-{Wg<<i##u+dW?7$&8Jh23bQGu8ecW7
z7KrT{Z4&59R#((@-=mVH4D>J9pk{}r+4qE75McD@`}eEM7ZyL1dA0P^JG4WpOq&7!
zrax27Q&Ntf+Z2i=2H7-~19OJdmAHmosx25@rUze|cp)&eANEJMd|+7-2`X)hI!AWB
z0O4sBZ~WlYXa+Blpm(7r9-f=ORa&6mv-*xz7eY=NJnN)yX-_=x=QFE@x^q9MNTr1W
z8Ci{I?^&|i=e>A=dbgf>>hPBNkj`Z1KJz*j;slPd)I+*Ogz{6~;d_{fr}+ZI=7N_!
z)79j}qZ<Re-|S*4``D&fu3VQ+t7G4_iR!#6Jsl|!!l8G7k0tzs>aI)DwE*UFky|cD
zk?PfQrDFQ3Ob$XBLDi4m<}&8qPm9!~_KehNwkJ2A)Ryco$u2SC@U5&!UYDvXnO4+)
zN+F#ls3&aHZ(+_Mt!-)$x+qMOw0<jBsnjH~woN$wmLAEpf4<bJ|6*erF1iigraI!$
zEA1$0W{V-D@4t{pcVLpKc$lGb)l99}Y2EqjsRu#pHLLWyCVIkOA0F<?ec#)zSS*q8
z<{&rNotD3@Ug20^Air%*z9Gx9M7PWclC`~bVn?djE+R6Bz$JHe;=%}~$g@F=3Buir
zN0=My(JuzQd?}4ThF;QF`LcV&%VBv}tg8RV5a*251^c7$scT(r&FYCp!G{j9hsy$Q
zVtQRL#dWUv1xgD}%?$s@8!Yj$7<|?!__*33e3rCA`a_K09qFE#V3nBlx|M7$y77-_
zuMykoviU@9bd+zi#I(&Mr&|v{y4iQr`eC$a6@JdH7yD-DJ?he0R5GuVVEmA@@{&#J
z+wn5OP6<8X`G!l1hFsM~BUT&nM$wDa?uUm|&Fi&-m-lA)EG86xREckH6yrPiG?lLx
zmx(l<C>rzC7$Y;Rq`N1wo3BFoQqGZ){ca*5ZxDt)wP)KrErK;tD5~Y#NO7ky4jq4}
zD{Y7l^Xxq@t1^k<X)CirKwYg7l(=*%zL)HrNy|t1K=3382*%%lT~10$>M-|MZ;s0;
zgZ`6cbe3pri2Ti_a|E-L#lzMSWC}1S^U}@lqxC;1=^3`UmZpAq5Viw#nmu0!gwu=G
zGIFqi+9F>c81iT$Pw!Ea{+2}}18&hSW&`70>NMF*%A>XsJ3e{IM6&~ls~s2P$l@NO
zki?Oppv0ZK#+8wG&CG}Dt&Zx`PtH9kR4j5&<+<lC&{Ds;o98YQlIDs<A%Yo4;(L?m
zyf50-wGQl|m57Fl=H`fyifuCY&y_R2sl|wusLx@e`z}msF>Wvx@4WcNPhVc8<fNqW
zrQ(r?xNgmwJZiR_WEalswQA|LZkAVVE>*P;qKIWUppAcvdQ*FT-wv-9^Y$~_x!}&n
zO=$?l*+vh9A3}+^s{G)G+Gxl75K)GO_aFC$Sq7Js&T8Cs`iAi{h(B~*f-O4Q=M0|I
z<sWq+-*nzR5W4u_ZR*U07Y^FkPS)43iE=EVYe)O}57!%qU1u`GIhXl@gB9OO$VGh*
zJnEW#USNuIZz-af=L;6!cWwGU`pzR;bM4!TOW#VMbG%Ab`LX7;&F<SGrCwhmBn+*2
z8RJpQ3IpOgrbd&nEj2IFnZKdX;&31QCOrCe@1{%sdaswWRPy{>TWlzn*Ijx^;Y&?b
zVK4e#j8M+pU$f!5Z)zuq^X`0K=1Ld400wR|Uyx)Ym3i$NqN+sZxr0k-r7W({m&Omy
zoYEEFvz^#mcn8ffwC~rIk??*TKmR7<^D8w$v@^FleT2gZcJ^|37e9I8hX-kCi&3B~
zP3rNP&G|T^2^$Qy)u>0*e^{{F^FJ4SFl*X*j%mr|=ZA*^MZSYSV+aox(E5xhlks)u
zS(%(aYQ4i63`ds|X>wWn;`zSb!p@QIBFFs@)jOL`x4Wv)_~X6#D|K&_Xf4z3RuRiS
zoAC+TZ4wM`_gTlB<PiuGroUy1mpH7)mAm^2q4$IprI|1es|4mR(bNnTCVRbWUrhIz
z2}!EKE706J%)UPuv>l?4`Nh?Rt7he~V|Gt+wB(c3u^e>$?X8#nZ+HvF^u{#YZy4@p
zbMnut8;kZ{Q&*qRo8Hx%Mm*@m?LN!fsph~Y*Fj8Ped$O+id8$kkyh?C%EQxfu21>y
z5naQ&aFdd#Mu1<jPW;bL(9gU=De3-H2LoN6wi?RiYdv#+A$G0z75on`w658XH>5tt
zBlz(CM&9b~5IZZHxaD;*?L_;{`PY8LE3ZRBv}o@{etkw!SD>G*!phcuN$l$qPO8vp
zCMA0Z2T|zUDL+?aGVGp_L2dYHtEO&X4cT%Z%BYhjQxCP4^R|c%r4dujsqIr_RecO7
zl@VwAgA7f@d3ZR2Fc|Og+X|o^iqofNXJ0bZ*3lg=#ATYbFCyyeL<ObfcCSeJt*Pr{
z2yA`priy+{bo$(_D<)4g@HyA)9Q?U)6H!FZ<TdpB@M7dU#INN>-udJsNAj^?i0ADD
z+!{^p+V9Dt7Eg#@9^i?zI(=~U{1NADyBK|sN+#?9hG$qQ=}&{%HyCIKxe-^$-(b%;
z1;nR%uwJA0>rMYQ?X5{~?WtYNcc_s)YknsiZH10E$*qp<lEpoCDoW4ct9WwdQH&|E
z5{rlVi^@xd-#&OF$_stPxm{9kHWeq{VM<nr>0U1CKTQ9GvV6q6XY=M%qko>reax)~
zO}fko<y?f`B9C>$KrjKC*$2WA@d0r%ry0E2ruDZ!E@N(=ee?58|0*k|OUt|-&PM{d
zu3pR=Uy1NvmWE{Ym03}Cw?q$NN8j(o7xs`^L#O4Q_?C(h)7h7OAz)v5);>V<v!nY?
z-r8{cx9uCRSkn9>M@#76)J<cvCEF0lyfl`bjQpzkT$;{4wj}=aLv%JH92Hc&EVi+i
zTK!5hb-IT^wrp8%Bey5_IxU71_qe&8?`ULSeZaHk{03W|An!HGOUJaIVijL5@aKsR
z?^2okj2je6*D!F|TyeA=Js5VoRpM8BuQ-7Rxk&v}ew{kz@4J#^P_S7^41b8^FA?67
zb$7$pre9gqvB}_Ad{6bI+xt6fjm97-kk$LReP6Ada)_#2UDda}OgCZ|v`lykHH*+R
z<c>)q=+(--tGc2@?>9pb<|AT}MN8klc)*-aIOAgOD`-Hs-5}L-YUcUv-2u$=X%Dq{
z?GD#+1sx82gY_<rV#exyyJ;W%;#rMjcWZu!y|K&u#ICIJZtp~B|9*9u_x%1!ymvBl
zYt{UE*MjaR0p~+8{6WuUrZt4S3z1)#G>LchqM9n|!u+5N;e_7Sue+G}5hfBnGC5a$
z?s~h=!=yIO6kh70zb+zMrt2x}s9-T|tP98+`0I*}U6<r@^)xTYvoe$?*8K7CG}*}A
zbu~-rdp{$jYueff{~ylYI;^U1Ya3QXDQN@*q?GRNE~UF0>5^^`B}5vDO-pwP(i@QO
z?v(EC{wC-A^qlwkuIG>Uy)OS)ZeXpw#vC=r9OJ&fb>0?<z1=|mjH&Y&GZ~#3P_w~|
zq-XFL4y4Qhh(5XGuDzog6MgPD8t6NgJ59~$CzzJs6g~$1%v+u;3-@po&Mm>NA6&n=
zTQa_(A^Y5$<(s=fSuedfNEb_5e|Ux8+1K+V@Uu4yIfnJk3R?O4SINU0p(3fohTcRs
zEpVG~dLCqI1Lv3YT9PDgFD@d|DjLx|bE<!ML6=S6kdJ*dzlzeiEG=R9T(#i2<J@&S
zh|Z{>v)<o=Q|hjU9Pw+{+fbSHvGe?J;9Y!hIB~czef~E*Y3Tv#=-=FJD)iAwSTCpF
z|Be`GoXDE2CeQD2Uu%#x!{1`?XT6(Ay4@0So=B9(-NYf<Fnmg^as4`{<n7|OZ^+FY
zTS&|^K78s2Q(KsLro9TcT1N6tl#<WLU-m0w1QMnkzAa=`o!#TWCamm#wVIT+65xi)
zC2TkC5Tc!0nL`t}L!bQeAuJVoJM%0y`=Y`4roNo$;>O`5xLDt|aN(~T(qAH~dy(dW
zKXn?m_=8R2rtp9yuqt^nP|yvgjkAb%BRI1VZ!q9|^H*g}-3@F1R|^T=fG6v>-=B^w
zy_RC+RBXtuN<C^08%-cuWgI>GkmUcU!*claetujKE5?#UmTl67bmmD9>S$AND7<D8
zYZHu~T+Qt<#;qN{-gZK#m;7++yg$~bTEv)E>V}^~?1ew<Q{2rfZ@saEuQxA*UDZCP
z8N)gfa!aI@l;cNvq%*aurk*Cg6fh~%#dTM)uU&C&lv>V!Q}d{xYU{LNhFrIp%UN-0
zJdrH8PSf@A6%==FbZljMuooWhTT)5J!f(7jp}%|4lY<9&v>O^KlTUu&CtMX1rr`<|
zcO;DuvwVQ#LrRt@=50(W%4iti@VHm2lDMTE6#4jX3u*OO(lnsF<^22&efIvh4*JH+
zIc08}0Xqfmw?5i01)NfK+<cgi@4i>em|f1^CJ$x%6Lr%RFJ{$*L8V^CygoztV-F7@
zOCAeNA57Y+BmVb?gAY+`iplOY|Al(JYuO{rpCckx4}UhH<cp6?aW}0`YWZ?B7d=}p
zF^uLi?(k%kO12B1fFR`J!nML0KWuPN{t8zsC`pQIvfd37(2VZJW(95n#3&RLk-5xw
znA!#T&G8j1lNIKeptXG`_7|LZ$i<Ud$IX!T(8Q*`K4gLfK>YW5vUJhM`PeQI4w*3I
z%K^M!fI=b-4FWGzFw9pAd4}NS%b=l*j<>6TT~5P3V|&5pQF=y3S6)93m_2G8D|q^w
z{{y$v)|-b;hobF!MtE>2`o8PsGQdE2`&K<y;3;S!+nA{$N?^B!k&|P<!onh^pn#jH
z^pY^1fk8B>P(HWbpNC%DUB4PXn|y*9dh{HR72fNrHBBLd*l~AShWa%b+0$7G*`T00
zKs~k-A+8vpw>hx?i^=YtHiv6DoBS(t2UYsDR4$6-)#YW8<7$`}FJcZdxAisSoHwwP
zpQuHnksS`E)V3^+E3EFHl|I6>B&v-g+7a*nGEbR-+C;z{{_4rt=6pjDV`kvZqUXXP
z0quQ1zk2pv=k7+Jmy=F+EsOs2h!GDdFRdVATW=bu16mS{SJ&U^BpU7fu2dYNK`6Wt
zf>X`^)hgG(U+jCt`3<jEE7cWy24xD4U;FWsY7~@nPWpzT&|{s)p>0DWZj;UjFh_Ki
zC?QD`R`+B2zL6P(ErBBx?HEbZ@`&bqGV8jm-s(IjU!q#{N~R-yb>1C$rOvdQQ~TS6
z<)SR#Q2CdcaJ1J(u`Js<-zAKd6gO~s%ue*YD%-_>T~Zn%{6n{h<+=%ieUR_GS-8F8
zP}8PAS;jxI^4K4q%#?$9vK4OOX<GCn7AL&HVptdF=wAhV<|&ho+DNf^zbbFBirt{}
z+AJ-W1MN6(Q9^c1I6Z>L6)w`|u`4W9gPMn*Dc-)n$a|;L(ru^bG8JRH`WWVQ`A_}#
z(ml+qsJT&1ZF8IRl;gg^=Z;j(udG)+maa19Cw)|(-Lb_e+g8JnCs+%py_%{gSk4W9
zA6@wFk_`F7N)p9crbk+)Fw%Q!iiDztor}EF+k~dE4DJt3F#dKndav5u`uiVgS8JYM
zN3!UrPhDE73b5hUt(BspB%dn=h->~he*L5}Ns?x+vrJ9%=Vit-%!!@ergMpkbA!a^
z&v>-GykBBD%{j+I?+fs^y03#Z7!`IQ^<f`}ce%euzk)pRGH#kwR3w4s<joZ7x)|T|
z^56G12;|O`==#Jyx}6cec?!wJ7Ar*hkM-(HK7LG|5GD5>`@aGoxhe>Jud;@8s!U#B
zBX+bVx@HF#BRut{K%9NcdFcKzi1+zE^t^!;50m_6YEfZxu8xDy=cWW60imo*N$kTS
z==?v}t1DLkfX$!ekw<hI?4RCVot6ibDIyl+<~D&&qf-4}Fvf9CFNH{~Qa$$E{FHL7
zGoquT{nT{brq<-acnwp$He=|t=k7Gy&ScpWBF_Uk8Gg3!9cW8{qzfGlO`p&7?#7MN
z{e*J$8jX;Uu#?v(C5fFvBfLNj&=&^=VG_kUgHag6@j{ovz?SCbgVAqtB;@SlwQ|sA
z_d@kDn4Va#w0W5sJyJ$Sv<?JVCsiq@h3Xx#V2ncJ86K00`ymOUHVBhZk=rSap4X|~
zCrr#&!*5fo_^WIIosZL0LUOQ}`MQFtjNyemV9CvB8G@FLE96HvwIaYsiyCj+opL4H
zB>XUu*%LBQpZk^e)s#W%$0kl4%GvI$^mM9{d_bz~+H_LJ&WF{OhA1_t<1^{ROIMc*
zcMtiCRZ`E37&^3pVxFCb7W0KeZ5W!7Q56jlt{I25pp1qE0a5Sq8@w<vNh4A%I79dv
zB<Js0_#^81%Iey_exZ5ngKts|EAK5z^?SnOC#xBhRLbkQ{eKIiSoQ_AP}{qTkvSot
zX3I~%%Iu3Se+ntDeD)m`<)F0ybA_>=AnYPJE9~)be@NrMlv6BF%jt6Kz_Zq85;d_$
z{zZ#r($UvhyR9hf=O8^zjDo_aAD2bi^Zqh_mA_aKkN;U-SH;1rp0!ZWp7n-n;1$yO
zXni7;KWmnJjS`$zW*-z*+-B4_vfJ$}c8IR~u;~@^<i#tl@m*f)8Gf=78ht~rp8~YG
z7*A&6NU1Z2@vzm+C&m;xXs6Z-?9!FP;vY<EZoC>M{ERLt!Qto=T*Iv1aR#EE{pa@*
zVs}OD{slIWa;0mVj1!?oAW>ExpKT=pXV+QCPH0GvqYziTjS5IaZ}sTPY4#aRezjgq
zqJ<C)id#J65%np*CJ4*YQ{d=XbW&>)Egujl-$y;;rf3rN=>Bs1Ut6~7e2^*XsK~Bh
z{+Gd+r~!jvhE%7Ba8bPZegEjuqx<`Dk>ZR$O!Pa+aGqFV`0aWa!<bQm#BUs79t-b_
zx#P$yz|ww%AtHUN5UHD`Mn$S3x$zcmllZMIDb!CF1D-76S>{n+Z%v18@ru1i*Bsfv
z1q%<)Y4ZKf99`7_)V6Zin5I69Haa~cz14!xex*~mpj}a@sTQHSrbg-9)+54JR{+uH
z<_nl4l`1P^+O#=2S}kZLxV^rQE_MK?MJgc+Wy?6?eM%*|d|NZ;9`=roSi5?SZhh5$
z-x3q?FE1|SE3KwPFTt^*`NklLrctrx&jkC@^J*|dI26d?dU^CzOjK09Set)kbCc?-
z-s?IR{JwPK{asx<Zn;mgjDIi|x-kL*0@l?5Nn3-v7=R@sb#ZY~XmC3w5A}B18bxR4
z;o%9s+So92zdAvvsjXE=;dSfm@0X1x;`fAr0Ts%l8##cMnCEkUw{!zIBwMeKxn7f|
zl>e}*@V@1q2IQ17$?Tz$v6Sy-*8oT72zWNlRp&i`tqcN<1h2oghrE;lvrWos_eVXB
zh|iy6tpmLMlZc|A0ku+nAts8F->YC|Fb#lp<y})5Q0W0ejcrO!*F1M^FQ?jW(Cp`B
zF<tS}Xj2j#He(tAEa;%yRSJ*uy{uO}l_M4Ajq*VlWY3uu@gq=PZXS<Ki8+O4wqSh?
zOj6<ca-*FbLP$YM?<<^c*p&iZ`NYfD+4oDgU_V36Zgf4BMsrmotEq2Jg_f;MaHjCb
z3Tu(WaFt5u(66vPzOb~H+tE4{L=#kRooH5G9K-F`zgxEv&+Nj^JKQLK(bY2M+x&Wd
zur&rJ(=b`0>kcvzbh0r;Q^fA<JVi;I8c2E1vBE_+<0X~R*Tm4RIIm6LdX0L2TPXfY
zAWyM5u)#`GIhu&``b#CD*LT3My>V@h_TtPT$FKE09^-k4a#D5%QF)f(VG@>l(>KJ6
z+Q>Pd)EtE}1Xi~(v9Dg=a+y+wPdRcSar}ik@*y>$MY{}@?a`Yp=ZNx)_4((0Vl%d8
zQ;bX7h%38`l;eEl7rbJPl4v5V#XAyomM_pQMb-&NvRlrTP>POcqi;D*uT;9_)?t3g
zFAlCTbTRP^&6%E6toUs?#m26x^%6-G(bQw>R3^Ekm7`V&+;3rf$oM;u1+iQ9S1Wi%
zZ4rLMd3!9;*d=bjpmJ`PzUbp~vEArOIA*!l%Lg~@JS3w_cXU>$b?IrhvK=W(*x$87
zc&3A?)={-pbFSx*F2bQRuae#ArNWo+bxk&1)MN{itV?C#l$y}uec7o?{|;*fN6y!(
z&mWhi(le4&&opBS&cUp7`Gw@VTCLA)z&^fsRMobYr2cI7&S_?~Xv~lbVnZ5gH*`^E
z<F^w9_XiOHkD-l5fm=KY1(eG0aME4#d4raT%nEO%61}{}youCABj(dW9GN}Y{f0gF
zLu!1!;4;(u8HKmiPv*S$i1kwXJu%O8XO<ezr~3l;h8EUaoGMwA&B6v4M3!?Tl27ie
zx2_v!$(8o>0-UMk_)}z0NV!wQ8TcrOWLK2xd^%%Vg1pW25@wU85;uG{jiq_{!b37l
zBW(eQ#M_Mh4CyI>pwzr`xwUGah;cdr?*;ZRh-DsO7k=;YI0q^`s4iVQKmVnn6+G%&
zh54jY7WVNm4Dq8s|A=3sxt(#?#i}@&3khYlURBx5zXg+<SypJ|-Nh*Hg&x7uiZ@{_
ziCVrO@AmfvJ(5`fJG$UJ3$SIJ%(*~2d!$a~oiC4!D?s116W_pFL+%tgY3a;Rd=3C1
z*mIHh7IZqN16~$+Ffa%(q$f_maFUYQhKPb1z$75Q!KXR`pwl>{&A`sTIQaPZ;IWv{
zUS3@(dV1EQ!RyvKz8mdJ;tB>Ny_8f`K>&eYqTHkpWA#Q3G`Hr0&i7suTZ4gIh1Z+2
zTw_njYtX{0pdS`_>C{U<?#)Ac<i_%J>dpX8Foj)z2S9(Vtqn7+zOdT^vmh%gt>YMy
zb9Fu$#c}7MK|yKpET)5p%N=6Sswxhr&Ec4bVZMI3RDKzOdtS*oH3X^4>1cRNGNS|z
zTUp@Luybfs3%|2js!FLWT}+v#Dg>hBGx$0(4VxvQP*f62-{dJP<nLu*tR*1*>N1UF
zJ>9Z)KsI$)7KE6&_GH2Vg7MOl9&RN+^V;@z8YW21qBUT3?1w3wkRo&HBq8ZixKz8T
z^{EZ@#i#hMX$Lt{l;;}^(DN0zt2kqV@ja@j#Kdm-Ah^k9S443ezc8&Ab6Ep!%)0Lq
z-EXN^DXMsA*2oNE^P1_6{Hz12C6DnfUXN{JkYgW6X39~wE6P^6G&AOTbsM=OVk-4#
zZEMHf)=s}O7PBXl-##ko3=X<;9X4)M^p-pipBXD0rOAJRHc<WsC&#%ETci!r6s2{)
z{TS7qu;8`@X^5(gND3ZP3G)3|dExGb@%0JG3<Z7vXbhp~<j4X?(nh<|Sokl;pOHwI
zRg8}>gvep#ESbe7W5>CA=XBlg*-vlvY{JR>f;{gK+w6xWb|hZu?$w^3lU&d89_+v7
z?(tSPpp5_FgCQWYEa|lAbWa@0AaFNW%=+TJK<`IJ1=*)=f9bl(V2P!bg;BkL(*B$0
zo0-M8kY1Yh6;^A5kGE7JM{yt{6N}!4IzId)sc#52g=Plh;RC}%u}<CBU7mqf50OCR
zvFUDr&OOu_nbA2vpW=4sAqd8iip242AU2>jghwirXAn-vmj_^3mXzlMg0Ua)9=k!G
zvJBXYM$~>W0=U+BCViT%P&PvDld1#mi(ha=%q03Q3O*nTC-AyOi4%Db7rw+9JH?nM
z1oRxgV8e_=@oQYekq|-W`RjIRu1Dvi)n-G6i;tOkZ^{xPM~gx8{s~aA;E~;#`}d@6
zHHt6n4oOlQ72Cd6nC=r!12PAo*N9k@O}Mv`C@3hxXj26fE?e$ow5ygq@CKykel_~P
zgrOm$!IC*4bnuwl*K6tfFe>vsz5a_;XlD`Jvj<OP9Quqy|D~L2|E-*}J%g9{0VT(Y
zX-tlr{YaryMSVu;0d_l??@8pg?hFtVJX76%CZ#kNWL5ZN7cUSrw>H6W<w|TvHMh^C
z4V`Sa7es$^lP8!h<25$j({4$DW>Xa~WNRnPJ1CtkjBcw@2|$B8zkhw)yPPB9Y%S+o
zo88!4>}3R1-P$TCkjALg(1dhCdv87Ts!An(T<;z4IPSOc>^sO#EhrAuDp)MeOR=|~
z9_(P@pNHkdSu(3o=N>)Emztyq?F*OWB~LJH^tAE1ypeXDDyr;msVnA-IvW_h>?4sr
zIhW4db5drX_l!!8O|_>`TYGnq(?0ax_B@ubp)|u^A~gJs0fIq#-c6>LLxoRIy>`2j
zLaOLdU!-UaM1I`gZ95v{yqRnN3lCqY_qv8${&I(=H12#XLaQ6M=N*$ZucO||$WaHD
zftF^wTzKX1byeQ}y?r7rne+<#hwz})c)>FD27>60nRt6<xv%uH`+n84NXJQi6B~Q4
z$F@ans-iiJ@85XG*84>4#1Tn26;pagptsdCgllKM@)exN{*TV1F$O&H3u>1a#{Xjm
zzJ+feHMbI%?aox%qywDXCL=>tPjvl0V*MguA8&wPW3)RYLe<~}gw)&sf46@(fzf~z
zoC~Us+L0vBwtRn+9UN>#Vsd?=;2{!?+RFF5Kjk(N9@TSuT!tKehbA8k8B>df-}nU+
zuJ^{%)Z=zvXZNBKaDH*6G$s60qg8c31SWVC+0oaLaPDNiy}j|41Rm7;nQ1SixSWAu
zC550yLL!9|ziXRBAg&qL0W}g#NI#itu&#&Wq1R4gG9pKENS2zs16(nOBw~uqiVc+^
zXyo>vYxHCGN#u$&^Zas_-aNUR{KPmE8sxUFOe0b(jwqwpa`u(4cgJlDqm5ZEO@mDc
zINJ3rxRF_!fr_8hsO1438zpS3zZ!~%q|vkI3_n#*Nu$M$zkg?t-WZPb;#dvAhLATj
zjVIjDDS_ee_mXdFoLN9{G|-pRL=i}5C}Fecml|l2I_^vrt6kgEd@M+?=4da&c=^3F
z?yZ~l>Z$rVj1rdQwu}^|El3WsZWJLYi#buZ?b3xk%P~y1&wobxS)a$NRf%=*K4%-#
z$Wfjo@ALVLFs;fcq@}4SKhJ5QC-y@83I$0Fsw_ciL63d?BcXf56gX&^vV|G8AVl|q
zX63-L(l$9G$KdfdX@ocfeHT4SPa-kAJ&CifDPA7yKq<SIBc<PUO_@#eqoRk^s%WU-
zu0z$5Hae|w^33xk%%SE8t5#d51<|PuZ3iEggc|IWb6j~Z-SYPq!shHV=K$)3Gu76<
zEOaKfLA1_WAZpFJrno#gO;`y;k@lW1+?%%pqvt*~q1m&IZ_|=q8)2A@Vpu=cIaTC8
z(O6D5#M2=RUp?+QKBIl+!8Tr{`&8hlZ<97(R@+<B^1k-9ZFc0p)w;nag2B%tjNs7e
z>6wVo*}f;sY+QE-An5(K+ZH6=#`ws{w7titit;B<(T51C;*d+GB~_Km_y2-lwYo4A
zqJ#e^*pA+5ra-C}&*m<j#O;I^L#q*`+u-@D`N(;&?lI^kLSKZqJ)vLw=J7bX)sadB
zFNa`9ZH=t-?NGX=VLh-8#l6}5(nzqca6Dd<skK{vb{ypz21e>*?Qs*Bod7b8hNPd%
zS_;-_76zH5JeU(<9Vf@xFVbt2tv(u?XcYP!0N?`z6zI--JNXC!T1g2l>(3`($|}_R
z>fM<51Sg0S8TPB)=%`Z3EIAx*?(RW9YpZh!yZL?Yk{YfgUoa<}tNlyEG053%W+DD-
zcS5wUnniWg9u0L|dTj=i-qq5KsMl`E;##}ornKwE7jXFn1)MuvsJ(!=5K4UgYMf$@
zZ7HB$@~|^7OFwFLyzH0Kthf!Bf4qu%rnXljV_Lk8?YsTzcjMOz_>pH`8nV3AK3B|P
z?F<w5cg41{Qizy6SclogMPHFd`n5g8Y0kH>3-4#MNLN2Ne8(9&WOdKWW>na`>LZiB
z$+Qv5SK=>G?+G(Pr7ZnU@uDa7bJSEgE_q4qTkZE|R+2q;G*IuDBNk_w&9S{6^2aMH
z7yT`%paGZnOL_}V@3q@tjyKk-y<B$Z#MDOIZ9+PS4HC|om#zxgP95%+ApSs&IV4wk
z^2|EfjAYgw!&;*8*1BGe&qlPRX+oKSQFgL?_Y+HUO$o-MF68K$IAD}yXE@#Qf;tv?
zt-TccoP%LK307H7H<Of6ygKuWqE_q)Zh{Ws(Y*s5amSH?2C-}GXApY^$qRD%@3t5o
z_xc9E&pqTv6J6$)74cc<nnklFN))~Gin6}Dz&Lry{p^?^G|d?^bquzxnHWWwqhUe)
zHbqHF9o7z;b6Y+L+`HuUrD?*k&%OkcEym_Fv@=?!*S+`zq%<K^=L`!~$mzmvbMfEL
z=#W$HQSAl-jz-hn`7IRbQYoi<>(%f2>NT>-V(53o?yrgE9T5yZjnq7Y&B@+L9Uc&H
zm=oxXSEf!0=4MAl6T`7>{NDC#k8AZd0`Bo2Pybj1ICNG~IH$kqyhi*VE3uju{PpYC
z0R$4G_gtL^ULEPN)EA7)=^_P4XUmK0tE*u!7Mo`}K<HkT3m~It{mS#b`x3?~4BP4=
zdZHj<!3aJViyly;5PY7nZna#&*>b}~_SD=NyF)_MKJDrc22SzO0FK~0pT}A0WvrAK
zX)ANp)MP6kjrWb6<<M+|tK5VupcN(A+f|?^-WkrK@j43Xz5~WEMC4OAw$&{b3ff_*
zUeKz``+Xa?IMDO;)Yi@P%S!vXSump3Z*4xG6xg!YS8mvN*|04s75D60csMFA`PQeF
zZi3w%GshZ3tlw!`@4x3HsvZ_?sN>l!lDDxO+NjE+k>kzZ?(@@A!M?8_%Wm8sO2cZ-
znzxozQ1FSNsDS1On|E{pl6LlgcC)8B#rzp#*N#ZLCnyJcVw!&DuM(fhXJOPpaP-o}
zd;$hn>loMqfI~-9K~hARLQU}!<x!fnl{GL7A19+M{U~|C;<J6KEcUXPR(Tn6uR_X0
zPVV+14h(GTWDVv}qsLWzdG_LHIM504>qvo>HBzPjTa~3;$J;dwY^)Qf45H~6Y<9cH
z+P~^;R#x=ovi&Bd|FNKv$>;tQvMA1@DgH*QpZY<Gz;S69vuGltnW}gGHaLGs`4d8?
z>-0qlQZlO3FeJn1CoXlY#Oj#sxiJN|bB9=lZeD4TO1yf$CZ|yS9S)I0#`O>RKF@S<
zGF_#<bm~JA9Bjh4K0W9GzJ-D~8D!37EC^*`xFYmCZYDK>@$i^>NSV3hYul%mJuJMu
zna?CdYLb#WF8Yf;fvn+g&d!8Nmdb}<u(!_JXk;FzChcdH?o{j*W|zuz-FPA&9mc?8
zdd*_yxp=8Srnkd)^F9>6IlB|eq`9eRm0e)^V`j<u9bX3fZjLR-%sCLH?E0clyeM{{
zy=VL3Sl1M$#BN2ah6gpYJNtcsLq}W6$L6;;l3d@*Gx!eAZKx_d#a-)^uI?E0J_AD=
zUWX$x<*2KgY}<>>Y!yqt6<{bhbG_IOpmF4pX2EhGat5oP6YP4g*>FwnUpgS`7UiKm
zdV0xVYuSDG?kv&${(bQ^+$DE|m11;$^a;9{`DrCB5!`=eSrM2IdyOam^@*zlaRCx$
zO-HNMP9t3+2YiR}lw@2{Q$v0q_d7(k&0qD-B)*T})l)uZi3WMDj#El&m+Ge-tl?l|
zi!XSN$m~D+X+9EAJt3MBORFIb01@P?Vp<(}lk8IYsYw!R6=UO>{oS}}RlXV;8g7&i
zO!rtQPst{8E5tJ!Q~BK8G>@d!{{oO@=Dm=i^tV6akx&41LsDz=JPPih-U-{A)^7t8
ztJi0@DFD2NR2G0>iNm4Xh?PUuJJNfPjjXI_opz_i3MDKC!cVt3^glJ|uI$|OYYlv(
zko$5^gnpPr$m=Tj(*i01h;xR}c#j$+)$ueF8@RnzXR(d^gTUa;Yc`8f_-0WQ8M*GR
zl+JJly-)Us6vyP5>vjmND>qJG^*ahvfOGPEI!gU5aGITx7LSaaY-F=wVAF&Wsi3R*
zD3*4k4c26jG?TF8+NnjQmZ<n>KGSm4@RBdr)YAF&fFJYh=RrF5{^j+2`8>sIt({*t
z{#xk6R9^Bl0>)JnCl{(vM;j80VDA_~-kU;Re?AWxiV}VmoH70Mma|Z0!dEqr?Ir;O
zM;6)ydv{JIp)4M#+PE70{rnG#{YLBBcB^45ONbJrQ!L_VPoC&OWbYF)9E?_qTtCTK
zeR}S<R7p1hZX(oe^`wVbJ-pJ%^*4Tmr3d~=?-16UN)7d87oP@Cl+5`A%4)k+IqPNv
zlg7e+u21@006Rr9#W}_Gt%q!2S1{|5<hkDFL&DW=h?T->&^(WQkKl1Bf8$Pw?-{m)
zQK+V^+s+U+t*Q!b$DGRYJ_>t1=a!OeUrVNxSC61PNfC5go}&K6Hk~VQcGImeTU{=%
zG&HczT2F<|=OoeUWWvd`wxe0ngS*jqsZtahkwX^#ym}q#7RX1*yOsQ*<f9ttZAqmh
zC00kpHwjzrp|KBe?ik6*H+-0Rx`z`MX(S8bqkci5QuP>VE^ae%y`NWN7~#IktrVzb
zX$}0aM4*V79FVY9qY99`F7QibvYXmywU$8iicg06)Em!JW9BOU5<R<1yP`JUeTh?h
zq^`u7@93Qc0DJK4F0!4mR*#44$E)-lvz5;0=kR-Gjy;n<PP8UHwRl4>x>_ZxV7s%i
z!`J7L+hKKI62Ox`^RMK=Qing58e4uY2h`GD@2Q;p3f?gs_*%Nn(JA0t52=z$aYXPK
zLo#?-QyS)xn|#-i#R_$S99@#7HrngcZw*SXZidC#@;ipR!9S1VVDix21Qj-7P+_Z<
zXrb@jE_+qC`A*ths)ND5eBjc|-l3Ah2EWl~X%oH9HopEU-IF_Ve>R;n2I&CXZEy34
zw2q^;W3Oyy3N;$$$nA^A6S+0I_?%I1T*K}=s@ofu_1h<UM*fCed6>tskkCWVw!J`d
zCflCbL=Fu2kAF&Ulw^+#(iJ~#p#Di_BQy}+I~k;}Fxk-{t@ggM5`sW9N*oK3V68rW
zBohlF2xmjY1O+i+At52*_Y)0XJkYvH(A{n^l%ACfYU{YS*ZXy7X;BdRtn<d`&ve=s
zJeQZ3LjZ>Ya^7aEq-vR@maiOyusojw@FOEKGPcr|fB*WtxzvWl>OZCZb*fPAcP^9s
zS4<J%dMueXbAT&i-s~474R0htAxmI7kA6=~Us_RBl>-XvLmNW^mQMIghHpTYAQPR+
zY4_>w#sMEB*0LFMz47Ig#KeLnj6+zl0pr;vvU*$`<LaQ`;L2q)%XtO(cUZ?E^Au4B
z3sYhvM)K|hmRlFvNu1x6BUwFUS5h!2^q@}^mVADbNK4-$?hOCnjG@bS=PWKcr6*^c
zu@=-PKfTU(W6GE3&2h|k;_VfFY4e^0Ig52u>nx>@x9w%3qyO3U0TgERdsON#k}yWO
z2z-b{XLMImvnY`q#nwzEYfYWm*OE*wRL1a7t#JMb*|wpXmPq$11X6F-=)0P`B-Ndo
ztn#3!(?lipCb0lynnom%0e?K+dUjNyB8GUQ`xxCu$%{>`II2~uOS=J6Of_v{!tB|E
z5sDXvd7j=aOOdbQk~UX#tbOCT{H&dVq1obO$SmBREs<wBE@RD;*@n+!dU7z%-o<D?
zBkw{GY2FokYoHsKz&JEV74JS8O721t6CsT!$Gx>(((0|&@&0PTgDE-~K?pf(#O2k-
zfRqh)B4zvn0odHNi3Nm8L1!fBO_D1G;Etc=-5(p69mlQYUhk^nsV=+Tr8#rjkxeiV
zX(Kew_A0$!Pbgc-UQdV&@#z+hVc^{ovSUswP^NfQ6WBoVsz;%pfckJVs7KCxSI;GL
zOF2B-)4L1Kx}zRC{$7CkcTjM?1Os2ri)r=wd2P2WP`Th4cE4}F_HOsaRk#%>={+jT
z^yI~iWw<%6l|_veyP4haDUysRC|?Y|(0EVKr|qKgA*Nl%jn(Ns+Vd{{_>Ke)Q{TR%
zM|UsZgGA?CifSUn;cpI$#u)ohz=#s&`SX!)q4+~+B?}KqWG~A3oh3yg-D|<{s1OIX
z(EnqWSWwbuU>?`!`*PYz?Meqf^ff#DTxz3MvKaaKQ~a6k)H8zKNU!)usR@NX+gX90
z&u0MEN2C%29D42VBqGlW60s=d1zq3qdf!ynN_U@Z41LqAR7N1JvYwGVULP=>M}?E0
zt34Hc7_}H&@F9v$up|H#4@pqs8#^#Fd;2A4NW+=ga-4RJgy|#c>(`r|kuAL`s_D)E
zKIVbsTtiAl6+@rj<1FL>O0~#cx72=>`sn0jlty~RdboRdaQb9ylV<(6$3F<%)^MIc
z?Z`0M{A_0d64$x!IG&}JR)m1b1xGkuljUP$p+n42lkJEU4KrHM`hNQ6H<LB0N5X0g
zN6(NTgfb^hU;z4a%)sC?pEetxG@sjHz*#av#>hm<=00t~;?kG%g7u7}Hit5}UKGuF
zwEMerbZh=2*(8oM591{g;!v4&8&Ua#;zZ59M3qz1`KMl;fo|?A>~Di+d`=8GUkxwU
zP_Y4P{(U@l-PZcy8p7zngK35*$(w1{lW^I!&><uBJ-0-_biOb_K!tuWqwQ1h70S)=
z7nE`~T*>U>M*8D}3#Q|f&JlL<gqz?X3K<#i8g2EBZssM2#BjS~gXjZAb2DCt-NxbV
z31#nq@z`;0dfLr4(fnBvY}6vRJrh{E5xb%sr`ZrQy{zB(`8c?8TuE$C?H3iCr3crg
zCsH@C=VJ$OBvO@?-FTHT5FvraYbonTu5SwXV2_*x!YXo>dxL-1V3A~#kv~)n`N*vb
zRo|qjuh=;)rE}67@?19s)!weF*bTg(;C9y<d7WF^;uEiJ6Es>eYT3P?Tu3I*I=Y~I
zeOcj&tWBVnB@e^JQ;H-Jo6<2oB(x@WBn+{+1272d920kTJoVa9xwb84i;GdI4hkFH
zBZRyK9LP4<c|T2{p&D&d*C-XMpDG1MK+Q9uN7=jHXP)5Qz1zC9a)}OJoL(SK{CeMK
zlKx(#oE?}Lyi87egWox)NcZbx>ZgSD`&PLAvlGwJlhPBfMxzH9@*M65x+8pSVlLu*
z)`|skZ$%#E71e}GF5HuO06Qf;U54SiTZX^9#l(qSFeXf|B7oWsj<BAGOhOQ@o*=ED
zU6Y4)g=^3HT=pYP_X&#%NG^J5&dYWu*7{_7-^DNA`LdJ@?C~uaos$luvXZ7RZN~kK
z^TRPWx90rxC!~G+hyjB}PMsFm@OSSS9}ny}U%o%FhLMRAx4E^~v&_hvSicX}{bWbR
zUt?qTpd;MuuD+&M<U94OmiV+)Xmcy5jFh8w8Tr9A9UOc>r@sUUop|aES6h}A0Fj!K
zr-PRa#fT7d^&P!*z0)=}Ab-^Ua*@fd{SlCd4JZRB4uuLZg*IJnm(dxH&yms{OD7c+
z6vXO%!^!Qi7BVVB;O4pxU`K;__gk)23)K}uI-uAA0Rdkb`?Ogp<p51-HUMA7Kt1p6
zNMbao&t(T`^LgC*D*M4fpN)+TDXl{see!DGs9P8Q64=b<8g-y-*;9=G+~uo{jPWJb
zEK^Z3TI3=bz2pXa8|}}}kn{8!y_@?1o&9icJd3FAL@Ky_DO97dfO@XmN&!Oo>x0pR
zjS3M%{!a2|#F{$A{(Eg$u~v#<C`9dKAefT-c89F(2jj}y1hB6kU5T95uwgJg>dC`c
z;Pu3lLVs32m&G1SwlxP?PfNd}X6jk~GSNFTi!TK+I7-r<jhhKRG))hH3uz>={aj04
zc6z$4sifH*t=l->RH976@HHg#HDTrKcoZBa`Bim3e_*rG4zhclRQOM>A875o&spRK
z^rn<pk=8AxmxflnX1`GeDq%q1m1g9Wo$Xx6{<iAHT{APvza5^{o?YMVZcUR;HAD2t
zI+k*t+)@BJt{+k3GY4jag1}|11~06x;yIihyfxC*iZ_J9)lSKuRt^@zHC*q@Nv`<z
zvW>00tZU+aE9g*vC3^a%ta@`~T$@?)ZH_IkQcq07eIj=Wn9i?rS-S6FVhB1Xlo%=C
zT;A_WhOC<j5UCy6JG>!uzY{ybKYZEbW}@7^F(BYWgtImM1NQjnQkJuCe+t_gm4q;i
z0O3zT@eypV*rR4qhsajW|LAKd(ARyxAo$g!sbZT#I9RJMg6qW#5#`@7>5y~{(G^G~
zj6<76Z6+qmmUD&u5qYI%dlrC#s^_jbtnBYgfP^Rm;2R=^zXRQctd1M<wa&ZwW;C~v
z!JDoxaoEB6V`8y(4XtP(fW6EnmB#8G0gACvx9|Ry_x^Y_?$yTefB??Afq_Bulf^Ql
zj$DANtz4|lm9J5NUBg)?Z*R|x`8q5Ul+wReY7eS6c)CRbR$r>!$(qmfNdj^;4(lej
z-7E?^Pwed!g6!C>CIzKpb448j{9FwgU-=xZbcr~u^^%#cyBHuLBb)*r6cIrFhxuBk
z!81OLNI=|EMl2XR3-oC!fUhTNW;Wjx0Xp(?{Qs0-)}38kOdBcH#bsq>Nk`8CL>2^!
zPMXPv^S%39W23;~ZBOU>p61q&mFTIpPmE0EyOiTk{-n3x!ylcW%w&5T{G6EY=$)C*
zRKYoA13R71{>(N5!g$Ayx8861X6$tiA-KfHn3Niw-)eo-g=tUdlm_QLap{`F1;X8N
zhWU<_nh^hUl=lg&)=Qz64u7-iNz%vgm{LL3Ge6v3)9L(xCB(EoBn{{T>$^r$`eBij
z+{VFRsez<bgfvG2G{?N5pY}LjV*}trW4TnGo}OkaUm}(L5Y|t~Y#4AZinMEl3qaoR
z907rZFjfNtHruKbiU&q11N}w#(-qi!?qIs(7*fSGx-sb;0bQfUmLWYh0k<RWQ&`yC
z9!KM9#t$o<=pljKN}owcQi|^s<F)I%#G-&tc;DPZqxiGE4A7*pe)vs%bapmQ87Etf
zBe7RD($k~$U&(XL`|XV(qg((AKAgvS_p8~9!N{PIE}2-m;sizA#2X%yuH{wvUk|Jv
z@aVirt-z5mU%5HZt!6;{+lT_>LTou*`Db*vIwh*W{eCEX4=rB#G}dFnhFYnfCCAG%
zDQ^2ira3n(OQo|G^*{O6;~5gLKiS=RLHqPiX|YosMneap&Q1A6ti(-9tA^2TQxP7M
z<?N`%3dna{RR7`t9Sc`I3OLty51AOw2p*e-XkTKZ90|#UsJe*}#iDQ{K*57Y4I(7W
zFO9EfKrQR#TeKsY2Jq*OC{>1SlH@;*F-X3l67h>ZpcR56|NI$pa`Hjol;bCUEletm
zj1bzkLU#eaX_&=$AzAaA0-hhw&jYG$7x<Guy`{g|o~<cI>$i(c<%N1)Munwv$~N|;
z&@p6#K4ADEVg~JU6E-`whW1P_R1bO*7lN`qkpVX@(`3>6F2zy6t4lJvLXwl!+7^$`
zUTEq(`Xa3;6>w4r%euto$Ma>EvsSRX&4F5_@pX-KFBQW?+h>oUorOk$7%C-ID8~&q
zE{}7_w2724SRE|4o_-{QbmL1S=f5KDK|lE5^nF7OVbi4PpC+D@6Jvr<J#YTGwO>u~
z;g3*>UR{$j9n(Fhf%zl#Qfd%WHOHKraR1(ihBRW#KS)T3Iy^{=!xkfwwLFGiYq99X
zu3T**DFOwr{mR?(8pg-)A3r)_QfgK5BI7bLii7}ARt%kb$XVb!?H#o=VX^M`k;LjR
zdtk1238I=&0AL22IT~FLn>Uz_*7|yc1>!IrI$B#1(T%!Ghpu*V^%{LQI-oB>r2O$y
zPub($=mf><?wa4_nm;W_X_;|IQn;NS%2LCuKdER(SbZZy0cA3ku)708^v!gsV-&w$
zvd%1>HR9TUAb1}WVk_yVe>_7(7ChFO1BI!C$Jei+Ii;p0<)hPO|4~Hn+S?RB7f<)m
zX<`3L<vFl(mF8A!Ep`!zS-ce5gAJ%-`T}Ump^hSfG?=GI*})p9dkZ--y<)on_-@$P
z^Eo2SxG-?|mQz6?Kc4_MwHiA0&)L$S-hlu7w+Rm(bY&pdJ;ML{Sz#pbHq-`7*xBDS
z`bj04jndh4vr7Mj6KP`kpB5^Tl9GmtEr}x+hs!d!zfS1U$P@beV?Bf+W<7OqGk+b|
z-+TUZ(ZmXblF*I}{rdxEfd@yXz<#!{CbLb&`LEo`r_0Fy-;qkg_YtZRAMii+A3mV<
zSdZl!2hig;w?1#PX8Q)tIN7uwi~POQ|GXe>0dEE|$YnzRQ;hf+ivE%DFqzQ~w8Wv2
zPfwmAIsEfY1u1;x1gxb15#!HVlx9&j#P`DwLfC}I5&2IK(ckp%-xnWaz&YKJB*!xo
zQ0n}*V^&Z4x8%sznC!;7V}L&2eD!<$PtetW2J;jVi<q!`YG^1jh0jC$0c)=%w;lCy
zcu;$Jw=^Bt=}FfG{rv0W|L4U=yN45xFig$A&wI}Y#2Jf`*x<J8{;8w2(B;;s?VqPb
z(1Tx=#wk=4p!5q;Z4_ff`%gOXKP1&F3zVh&b=${({`3({yx+rn0IOrS{r>y6zN>Wa
zn+dkqKb=$94;3A;LoF+N;FSXiG5>c7wLRz-(+LFk&$FAl5d<N*N04f#9&$w8TC8SK
znnqm%!hgg!3H$gR#0;~&`E5CRXADm`?)K#fg$X|9lfN(gKScs;f#Y#F0hgceh3;hS
zIl}ng-&7C#=-Bw43yGG+Ve>mN(;?6<bAT-emc#^~k>;NVzNd$|fT4ES%_%GJWgJph
zG=uwNtAAU>{#?Wdemwd9Y5~bKg|AKWuK;_c1Z(w}_jAVuH02|xqmRkyr9~-Cw-*@I
z;s3c)rQjny!Kr5Y_yuuz%)SAv*MDQ!|9qE^KQSW+E0#SBEElLI|9%mDDwyHhsI0ZB
z(Ryu2=SZv!zWJrSt8~REzrOB2j<Qo3_TZ^<_OxsU&J%<5q1?g$eW{s|A8!irG~o2J
zYJK(p`voBJ53*V_DDvj)GFpo5!v|F{GH}X#%Jb~WKL*nD4E{F~CH`clBO`iqtK-M7
zB>%gOcO$$-oj!z?#@J%@KKbj&a361acNsoYH#2mV4*80)QNHz5KW!Uj<lpjmZ~w3o
z-)u`$R)rwBaL>Q~ueT@0#EeKOU-DR#uJ2OE`)k^y4`NCevMPO8Zug$MnQmTkdaVHY
ze)ejA#+U!-Ut##8hL1lQ_`2YOiKTntyCF~hDCYmqF%|~@d%d+L8k+F_Mx<>L;yDJ5
zaIu$0L0H`YeiXTamJ>HEiRBrO$>V>&sc)|gSa9RL+p#Kcc+AsCA+A4P@sE@EEB5!g
zFvFjnJsFbR&T(n}3QArasFWi6*WJ@tVJ_R5A3>i;q${Avet!&GKNPHXG~1r!)eNkG
z;T22!^S@^MKQHvHVKd=&fn`iPKRf&TSa2E&Rzh>9i<0NfLzSsG;{}Z>=#vrm?cn|6
zJmL|4Bjxti*Ii9KGf4Ml&;94+9$rxdmY0u@3ebQT1QjIWgJgXW6pkvk<o_7Tzi%-v
zEa*NMw(nnLETIqgM*<&zqDSn-74{XMR7yPffMapZT1P72W|0Y&|8XLMs>B}|zW->Z
zw=6+#7PTg){6C%yNa%$^@i<5*BqZ>-?5kBrK$oS$KEK!IT3@2$1Lv{*MT9Co*56ls
zxcHd$k2+?#z#RW|Rq8bV62h(&L){w#Qem$3&Pd%5Ci*{qf$KpVd#r2J8U2DZ92Uwf
z&`Mz+?`ag86rFeW^d!ora=)vxnXB-72^kTFExpHv2{-SP{66mSGY_D#D1R3eVzL2k
zo_PFLx#I-dkc*b^+tJlH2A%Yn0@cA~iSSY5&j0K0cn-lOAb1`gwD}Zo`5zx5s7m@E
ztYMo*EgG<!Qzr&q<2z{tML5GlqQ(#gT3Ls`Q7pP|pQ?Z!>)?FQx|DBZq&M{OP5@M$
zN>14ZlvlGPpDG9nGIb|Yph9J2vp=-&i@$|G&USvSR5UVZ_~Ymf=VU<a>5YTpUJ_w+
zbnDr@2G(4|y<ZCS3zJ`O{uVXti#I%VR?XR8aLODxlr_E>+RCX>D-u`X?h8#ixZ_2#
zV@qBq!c>`$tc@0Xd9?qMbqo)e`~DdYbueL!=4U|9_PWGet(OQmYEzlu^Sp>44<Sl4
zo<AQ&l6dxCw%KIy&mxZ5pg;d>Dy57Mi`Z=P{^BI-^QR5EYun@YQ;>9VdP)Crzwyz)
z;=42P6T5$aaQGB0zbK$-UC;B~-Q6W%V2Cv7zi6}A=?)3-9KAAnsB5^#vD@wuaJTUi
zX0wG7vcw*(Gko7;cj|s$Yrp#AYBqr-Th|B704QFcr7D3ef=Y`$CRa++R8bKlnad$z
zyjVkqL9ZeDE6eUs?D@i|%whMUa8aUiHewc%IdWt~geaV>b{1bCy&@?lO}43pZVBz>
zwR`#bz#GlVL$idO?(J`%pPk+a&h5{)n6i2u+ML!<#Y-9^D&)vn1Q+8wr)0O}hzzra
z4Bwe2gs^#syGh>EI^g`Msxn<tyqo3|0ZngdrKR$pMaB$u4Hs;OJ{_(0FiZowxhOD5
zVN{Ar{eO5>;tcqIIqDDM=zlH$5lrQS|M|gI7c&itv|zlYHVB;2!h{D&`lbs2YqG}7
z)%=O)HG73gEieB<R%*gR7aEo|SLZwg#+MvbGM>W<enc<LV)(8-H`~RKy2W<SdV?+|
z*1%|iDzj@k`kQ?k9Gv3MRnwZCMWnUlfqj2;M8w;<#?6GM2=8a3lrYKrjhjUYzj76A
z-kxg>2TC7oY-|XU^lJUi3|b!H_G_C?w7;F2G0jP92~b#U78`Z$Xlq0AB{e0^LRudf
z385vf{JDA?cScPoK`(mS;Gjeuy&y3c8jM~uA>`o^)4``}_xnO+`p0=;t&ID7cV{zE
zU$J9F-b9}!KQ{A}bluRX6T6Y_EpP3&Tvl7|?wE1k>7^{i^GfB-?<*#^x7Ne~J9$PD
z7gVeY6f_36RHk(?PD3~M_GDWmLNaG-j=zvwP86oi)wyh0hS~p(8xI$qj1TT!>q?ii
z<+ncRe}1G7n|Ym8_)G+Gwcg*~Ubn&OCGa`BFiq}YvF6eL+1DKC2vOGv+|No{PGsL2
zXj8YO<H0gNeXMl}^HpGjLHEaVF0ML8UqxPj?Ha)@T3Qo}u2Jv2P|Iy#4%1gCCa<n#
z&;yKLaj)r6;S3x^v>dfUy#Y^`6jnU7^h$C~Q^!<SJSk~PPhizmJ=KI>Pb`sqqMX1B
z%iu4rzxIUG3Z5pP;<IMT%~TlkYKz@|dV0LsdT69NAe84@S$m&dSZDK7@G7&0+R?2w
z*i5r(nN<gR`sD|Ug5lVaSRNbZ6&IID&KqY`mfQ2>lLNaew?1WR>7D6f`WU*){u!$E
zvWsvL$HnO<N`qhcCH?&+uXEZCDtD(xuJ^0ZboLe+C5*(wO>{9aN0?!c6EuC@PxoH)
z(zmnt9vv)-Y;KNFnBzSGV4eT%E@mGBU*!?Bv}Pjw@Nc#zNX!PZ1VxKoW-TZP-#yvL
z59Kd*oNW+f-s1Z%wn)h9>%RkKEsEWRMm^hgP>dK-)AOPugteZnP62)Vxm9%3&mXp$
z1Wr4Xk=i;s{&3xmcUL_h;6|sPKP(1yRSD7RsTv<aqX&;)`s+|I$YddqI3<XQ?9VtP
z`e7q>5mp*3M0I4mYx4mAeH56<rB=-qg_sq5k*>MB^1jc2U+kUWy^S+>JY0Gjy2@cH
zoZ~Eg(2CiZs#(UXo<T@aDf1l(^El>OuJ?R<80xs)kPTn-E}41shmc!YXP?Ji+GmR5
zteH<Sh?pH`mLhvL{f?(5xG|Jl6!rXs{9eiIJG@3e`u+%c$f&)H@#L}%)d09%2@uhw
zrCgk5`jhJvlWU#YF0(`N&1Wj<wz%K_M}$DkO&EWqONMJ8`$v&|3uS=g=(fPBe&`Aj
z*kb}!6F>WYi|g=H5Ux7mX|=1rB*jlu0Hk(#FyBxp&Z7kiep`cSPmoegB?{C^GQnVy
zC5Q04eAs~JFZ0hJj@M^&TYzmY-)pdm9e%PIM?Ne}77JHdwLZ-4V$Gw<7We7IsJA$>
z&2lKHLmVPYx7{!_YzVqR*6VUN%rt8Zxl~GYlO^M*q(E@Vo+!~B$><0-zfPUm`1Sev
znM8L?PhbLvPwLUtrGl)j?P2`&&ZPsWVp8ueRH@l6fHrughm){dLhP&IFgM;J^)ieX
zsL$WP!NIN3ZBZrPu0IESHG-BQ1C19^p2rvYJ;7L1-P&s&@CKb(!8l{9ifaaDltp?~
zs@!bXk%6nXpQga%^&3~ht83y{eD19~$C(`;J?}LuEyTRNFDcdNZPzwwg4}35g{o}l
z(gmjOI@+M`oHUjEg21p@R(DLn2EjF`LpFc@-rtSoe|Zc_kt+FUs6jjX`*J0Ejp=ab
zL}-nuT!0@(cK{f=BPkIPk$V^H4*qzF>4Xn5BDGEeXp(=+G^Bt9nsBt@87Y&XD2n6`
z+CCW_A;yN;Fd??Qrx%r4-BhCL6OW(31s?%-I%Ln+EUGk7vT{0+)pJiN5k?T*Sse59
zczp{x;Jpu>R{m+hRu+)a5th#<d<667Fw0N@@$UKN)Yqd6S4GEOOT4?_v+(qrW7px2
zwpu|i!&0H|Ebm8O5%T54;m1%#rXsE%r`@<gH^&lPYjLiU_V_&|*Nb_-SJ^IDXiU}X
zY8;(*rO~5OLIUkwtACsiR5{*l@j2B*FV5qg6G3T{EeMdV*3*gZC$yujjY)C}m~6w{
zj$IWtmf;hA5TAZ%HHJA>8ngHB;;72Gc<y?{n{dbP7Rn15EK^FHHk?J~ksDbYA;CMA
zq{u#FP^CnLs%2H<t~DK6?#xHxcEBh{`Byl9D9t%ARXEvS^$1B@91su?@WJD;sfYj7
zFHrsr<>DPPU0;XASpG;ApZizuiDI3Mu5aX-ZqFTo&;PG~4j5o}H`9FHyr#|3{<rG&
z=&=#P+jFV*$^qJ4kd4n&S{V+|$G(nsFqu*>d;)6~`cRcGmG_jbpmjxPYj0O?y;<#1
z3v#<Y=h%C!u-YAy=XE{M`kBn=xi^?;)PcIk02qKa!rv0OBV;30msi{UC!0P72m{GH
z5`cQM@5Hj78mYpc;X5K+w0`p&ITC5a8h2j|Mf5jP9;Oxoc|Iom!VpNjOPtwg?vQe+
zJc)ao=ogp0+3aEI=ose1TKzK(@2hAV1?f5W)2VB39(xxTsVS8tK=Jbp`v+r1t+1j!
zlM&BZO%LX|m3E`I*CJFMtMd-@CVyS)yOmKDW;I-)BoQ5<Wc`4FfgudYAXx^5HB?5j
z`!>Pcsv0Wbs(UAJdaY1G8OCv9LMm&dMBpLd@dDq{${}NB%;<Wez3Gn66lMfy;7}-j
zt(efTXf{0NOx1l-0-G8_LZ)5jYn-Pj`1u&C?~H510GG&jLOu_c$fUqx3vQn~-o87h
z*nTfu7H5Lhp19QX45JO;1cV`p_7RhlYCBiS5;*ip6S>SCryXK}pgS6Cxj%_1dCFbZ
z2*pS?x=^ocyF{&oUpZ)w<GAAeAt^V=R%IRFQ1B$lBw@eSMq9FW{Hp=@V5H_ZD^}Rn
zOhP^H93}0|Q<;=T5mPyOT*vpMHI(GK&ygq29_{XLi_JBf38qLZ=h7rY9phqcxwFY+
zcaEJfsk__R+3n=M9IKflwYuGt|BN^72%sJa8^PI4*Nh2PIz@aeyu!H@hm3VhExXT3
z#G3yW*|JP;++O87t)1`6VL1ongS^x31|~W6rXEyS;p(O(!El@}kU=3sQ)uV7L)OHf
zx@TAYdY!7sKJR02LF4wARuX6%kI$A#rd7$h>=eMvmQAF0^$Qfp{`L7;_WzqECyG(7
zXMtQiHnfdfuxT9rAg~q8)EelT5DwkAIna^HN*6FjvJ|Tp;dxyw!hwl2L)Ie*#B43b
zj<Gc;1X5mJ4yGOk6g=Y3Y3OMMy9r<mZ;>eFN|KaI-!eVEw%hP>zY?8ki78HI{Fz!@
z#%u(Vrg%HGg`#&D<dS3zdg9CsZX8|x^C>XFa8U(`k~_^}{w?u?yjkZ4d*)UL5e6$u
zOSA!BLPF9d!kasXhI|pRX+;710?w*70lPyx!!YYshBj^+6kxfMDRrJ&VqI^&IG&GF
z3n5|Ct)zvZ5MD@elMz0P8(<(qMMY&|5b(LvzV3jTh(B*%@X;e?<G5C!?_K`vz+ikc
z|C{OfCWoOfu_}Tfnc!5#G8)v{qvquLhA5TX6?5ec@HoxjuXmg=M4+yRQNl$0#QRC}
zy~q0eKh-zTuW5;RoLP@WFEsa~k52LNyKBbahycDZGHd(E*_ok%{%-57h(&Yj$B%|f
z+!3N>yq;TNZ#Bi2^zA@<6O1;ukGtHyYZjdc1B74%RD5Wcr)tt^yQ$TYY;3}b^0<=A
zVg(-AE`zIBV6UvqAVa*l-NR*nIEpNI^UllK)+yaLOhEF%|Epz~&|R%1?ln{2i9~C#
z<XCESim84hmwU1QMEm#jeGU=ZH07MnzZ%H#f|(XY>7+e-{eqAjkuZ^w6XV=?Z;F+S
zjy|Z}Ca$(8cQ^{reo7)JSBh`)6h7&^cCcIe5h}qJuyxYq(aQHqk}5C|2~#kCz9dyl
zRH|)j`31T3Y_*h&`kHN{)mySBHydNyu6WGGuT)BK1yg<GMNV`YHYsl%4vXCh+yXpk
zSI+)F#=bf%>UC>-t4K&H0)o=rAl)bpLxXfnr<61z0#YJ9ba!`ylyrAXcbD|{jC=3*
z?ESrGpY#61HJ9Ve{GM9RTKBrwy`)mxn7%J+Pukhqy-QbUKMoagbak-P0tEM))fVB~
zsqlz+h>G<m1v(7`95?L#Bn>{#gUi;FB7y;bfG(skHti5i?=4h?yeZTy+%uLmnr38)
zF_{YlsDF;^eqtty7ysXo7F~9jV{d+^J!ygbUGQITeHDdyn|O6oZgvvTYQtmrwOO)f
zEy8gN@^rt!Swwt@i{o*)t3<e1J1v894n5V=SGPGvn4jg*?F!4-_<3l+YTUn5ZZD>R
zQA~Y*{Q6-;LIPhTB8}LT+QvjRN73f@3Mut@FZ*WpUkAV(b^siVmAAu?F@c;*Ynuqm
z#;R1L3IjpZMF-(knOqgkp`@f95n+nhfHob(T$%Y9jwih)r_SzJh%3o<mq+@yR@&o}
zp7I>fF;65k`ZoQksB|Lh?q<C7pIQL&tt>iM1C7a``qh6;v$(xo?{fI>F<fquT5Y5q
z@xq`U>8L(Cfy`yJP9|Rbz;KK3#qGOyxaTNT{^&Ku<+2NeRFs(1N97-DmhQHT++8LN
z0+{3{bXkmUX<oxUUuF*VBe9-M_kRZ3Zt|5Iol2g5)qDzcUIia(#|H`{pl!&4e^;J3
z4$_1=Eq_Oi?P_xfQ<2=0c=zqYtF7(#-%oVP>nXYsSXM8O54)rVLJ0C2jppn9(^#@(
zho;Kz25ao@y8R|%RBAoQiv(^TM3^@9VkFYk%-wkG<TW~y8EBMSwC{z_1b~`+e(`3h
zXmMqi5YwsOcee|U-di69J^f>s)z5x!*G$)&k;|_J>&{hFjK#K2l?^D0kFn2%TC;G^
zG$+f1NFTi=4qC<xGXc@1XyJ#>d4}h~+Y3?7UGIsy@=~j^XoGjIN}esZHF22svCqvr
z)>RgX8LA<gC4MPp>f2VUHloJrjt=zLnAYSb|FwS=A7N%O%)Saq6wY0@P|rfCFiAdw
z>uS{>P^}l!q8uo<IK5Y4dYnV04l;ndQw>tu32WCtVJHWb{5&0aUGJGk+U6RIAdK)=
z&jdqG5P)@7eGAC6ssy$F!lysz!!Xq)FAIy`YM36U#9LY%>oOp|WxpSVO_^E66uKXs
z6^(<;#u=ntAEc{I?~+mL<K^Xba@djd+0pfE2RkKsrotRXq9$jscWbW~e)sNMp%za}
zR?su=<wL){Q`O0y)cm5PCPJWh^78S9!CH<D<Ds0suY&qjW_jGqn>t7Q#~%mB#v;dy
zbY!nn%IfDp{!|#ZN=UnZ!u@<tYp4n6C`WKuYX<}bq;B_0je~|{8$fBnMH(FuF*&wZ
zN_Mfu2g(r|f3oxtJ<Ht(MiU5zPNdK%E8UNgfXsdb04(fWdES1Epnb1h@<W4IC8k(-
zb+@By%E$S>-Q$#mv^4uqf~+M;&Ry!~CLnikeoIv$!vGm2uMb0xKHHg>2Fbr+(ErA<
zo%vq-*X9RpuBG+OVg&-3A^c|a0qmBupeK}Ns7kn-n-;;nnxCde5vDD!PtkKgD@63*
z+apZHPkKkUYn^qqHS!g?V;j_%-?SR-smF-pSWN+b&7Cp*g`?VYpFpeLsX4pyJ3DYY
z?;i(k$hzIZqi+>qXGq@6RGQ1~H!Zx5CjhDwK07yBxx?J*uR-0Y18BGv59Bps5D&%Z
zLlRM+vuC2=^E}ds26rRE?R1e|mHo|8i$CUfMe$CDV3!)Evk-yt;lhN=hUplWo3Y$e
z0*9Rww&SDhO|Ed{PXqB>(md}iCS0^6L}|2|h9?#{=9)6_*pyOiR0>u5TT09ysQ~pV
zn!UT~2GEKud3&NzB6FKBQv{lQ0@Fy?Cke`zqk%;5Vu^}0r6w6$84=vgoAqkuK!~?a
zBrN4CEm|LQyQ(#D$SC^ww<BLYD)Ms++ePRf(Z+rflcm?dPm~nTwb4~3jwi4#D<5?<
zkW4^NZEeNqazl|QDznfg9O{oJJzbe?#uQODd~2(>RN`qhNH`;F+B?9<g|>e~yn145
ztnIdJvN3v!cRK8^39WWHrJ3%zO-Lg{ea`<e02>vQI3Nk1{0|8Lc<xNkL9(Qd&6Clh
zvR$9(Unhpi3zjZ<tpaYtUkF*LzlgUwK*-n|;+P2FUf#PW6@bYC)}YFy`)Q<D`WO5r
zafc4ju6uwW@f>FtG$fD!JPd;rs$=uhz@Q*9f=7p)p`_{#^~oUS><tt}C*G2pB8u@L
z;c+@3Iv!=EH;m-u$S9h%VtBnmknc1Jp}x7jdOcn5%!1tY)5?8&yuhH)H9COe=m=|P
z(E&&Us6k}}a_TNS9|p3-bTI7IP#FU5G`Yju`wuSa72@*fgx9@6`IG60Q7Wi@ic-M(
zVnm`_pd(mQT`OPmB%_^1hu2dQeSbl|XcACrSG(duoaF+u%%l5rdYr$Hdf<7#^}+;n
zh;s_57GVa9{X@(5!EzODtK^bV=|DaS88J&XDYJ%}_rV>zapS=mHa2#*@TE|>E@&W_
z*m(B}tMPPWD6O1Igvzjn$!uo4021H$$~?%++qbm1)+@DMc7OjQ;7l6J*Hjwn^JuMC
zi>QV3SgyU*&vc*g?y=AfJnF+xK$qioR66HFvere?TPiAB4||Tx;jw;ZiN~^LT#!K9
zUH=8uV7|kNyX6z`ml0{n^-}o<-d@kI<`wY--qtzprGp~+eF>SaQ=F$tvGc~~oYx(A
zyg?PbhlEzw>{lwNvZ)FU!>6?FH_G{{{x0X6w7oSg9vCbRTW`Bq*GyS(q~lrDKD}F8
z?Da#zO)q4LkO%}tg0Mn|6o+SuSyE8W(gCqv<cz#G=g2DiiU;t0HoeOrZkp9h*jQ_@
ziN(*Sezf{vrEB$-P~(+cki$V6XsNxPKVGfimDAD|h1#PSK5f{>#1g%e!h^1)EzxwH
zO`%M$qZDz+Yk=AC*@av>gJ0&^V3a1*xC4RC?YMm5eNImXq@cS!TdQYlNh!MHm#5Pv
z4d9?ASrcUAI?tgGl32$$>?qLUH&VP^v_z1nP6r5oLClE4Vd1I9_IXRpQ=X{*p)BYM
z0dSK1`O7J~%qX-+sZ~1yzY?5fMD0Yt&yhq@m5evpZ4utv4G}nzm6S{cYyU{rtI^qg
zN{AcBE8bN$p3OWnin9b1?~GRMpF<!&=%z))#L8}EJ0p?G0Z%K<BfGERdB({L6EmHf
z;;*i(D|VD*WOBl7c1A+%Ad8N_`xbq7b@v1b)4;$W=Ib}<&r;Qc%`wh_M+O9O>3)Zx
zVR8mg&oS3@{DaV#J7W_P43q^PFA~_Tc8kpBA)yOwE~V-t=%vE*m&L2D;>cMn1V$q2
zU+q!ADNiu!3}U?5#G;6u9-t$$G{->1v@~xTHY*^5xSejXonG!~6zuWx9!|bn7P$az
zXj|bF%2=nxQ$AZSG>RB>1dV4eQ~Ds|q&y}S^S9L^c)Z$@?cjOc%r90MSa~F{JMAud
zk4~6Hwy8h%o?hyUFD-6nSJ6?6Ak!bQvrd3X=*vI)a-zRqo8D~90l4XH8ynBIX4ZKM
zZfD~b?`qviyGInERMNezVt{|`Em@+2XDd5B?Ed(!<Ppx7%#-v2P<Z2X17w7RK3#nY
zk=0!+y?R^~nH5E^<}?G)+Y1;%ZFXkx!aza&lmGDLX~SJQd(tS79-yo^RLq+IHLVv{
z<0~<((s|n#wC5&WF4B4j>92OXfRfF-5dZU5lJd*RnVB3Bhg#nI-8@i$+1@B)KB9^c
zbK-je8qgp<@9QX#Xa2x{mFx@E@2kYLUs}*O+7#9<y<5|w$k)uI&yR3*8zqM*P3wR=
z)7W5nIwQx4SVwO^RR9fSc`E{`{(_HSbnd`l#WxoXHb#CSr~i}42c!Uy<e>;+OA8I_
zXcMTiGLj+2ZZ$~7ozkZQHu)hO9kEQgqaH~INXH<@vKWI~4ltx00D+GH3qcMbB<;@P
z;)pjtm(fWWZ(_LYun)g}*BtC@UF(ZIm7!{B#Rc$2OnrU5h{?KqnrOh_pyXBeLqE5C
zWSstyj}MVQyK+WQI`g=L7)l#a(<6?)&F8vat!!-+5Mha(R<<uUvpmd-{59dYjQcf-
zYux~7iLBfpX3$rlUXcnqJgC!4t}MTTc2Yw*)RuANwC8KG1s8uSk=vsVb%jJwg6~zl
z>gwpHafX>xnHf;lKZ!55RMJ1m^-_aJ0&19BEY;r{1{6~8FOPt-O2mwIjimDBQXm>h
z5EtVFc~Hce?7Xaw_QYlIV~VZkvNZd%HMC<n8Y=PK?d{(1=mvW6fygP-&>?}ctM>Qv
zK^cv;U!pK5wn|A2V;DTBXVOnKqnSz^$Cg$$Q;wh}1NFx2`B-GWY-A8tqxlmI3U1EH
zk)KJ^PXzeg2}G{GXvxPd?QKB-=0MbcSL5UtWvy_-BR2QJFyaw%<Qa!3l&VTaM;l<j
zuyR`Cs>*XQcXx+KbYpGpKql*=OWvBTE$^5Ax=F$Ei!=TTp02ey8^(j){R_n>qKBnL
z%1^pbEXnnj&MY-Rr)Uv?C-_RY;|UU#VRV|jORWGUh@Dm~pAOCBQ{9rt5B0j)f!-dm
z!~VP$E9exCA)Ux8F)zJR(+O}J?UukFpkz?hsg*fZQ$nZa$5%f$ScC9`1E{U-ul3#A
zES620S5Nfx0KMtWCW}L#g$1&`-;s0fhk?}YXH)B`*KPjGtd2XA5hDt~uk+!Q&jnrs
ziC$wGo5#IK+A7A2bw)C5=T#D9`JZp>8k~<VLuCmB3gr4T&qiMGna6`lr<!xz7U7<~
z{SD@2fI2i&k@hDESeH+5rNO@qCew>6K*l5`(H;amE)<5V%TsgvJ)J(e%JDU3=GFUv
z;4LO_Jt_Nidz#er4x-frYT<cNPGxrx*ucd#0*Pn(V!L{jf`m!w&(x1jFq;)hU9TJX
z-Q`vlu(D_b_@tO>Ril~Y=VOp>Gf{3KPjR16h}M73#9X)PsWV%(o^yR&wI?t{6a5Hs
z2vx0h;@>)Rb~i<A==dDX%<3|ZUEq?@@;c)NRKn-$G~IL17x=nldUtzMZrlDcl;d=u
zT*v6qE8DkkpWYm}TPym#68PIHGXc&4aHTvLEutRkWBltaIdK@-fitMjA^H~=nbfb(
zk^lwX>lY<y7}3EE=n`DsUNv%8X)%z@f?BXX0A!Xw=d{5%wCP2n3$m@Ux=RChz~)Yq
z&Eo#b`Z^^q-q}{hBiZcqB260@T{4#0ptj%n*A3#}16}j3Fd6#ja;7u|)DA?~&fbSY
z4S@QpQkp30BC&1f*JgX5=9FN^sD%gN=jTraRIr54PqEa&!L{{DNogl1Ya6MMS|62$
z>}C-VAp`zn?`#}B66OL3E))5bh|O1N8B~igf-lvuQq@$b)@zQjfha8LoWZ=E=dE*k
zeO@OHBZ0WL9}1Q;Lj+j(Leb}Th-vBfEQbtI$>_qzbvK{{1T*OuH5_$A0wFJ1-E$qH
z4xm(8o)blWgCPH@P{C~Y0B9B*uQLh)fbt2&T#a3v)m&}NFz-7Cq|<7ry)2If^K$uG
z54(ojYQ&)lj-rE6zPATNjstJP`AtVeCu`lWlFIdNxKZm+6U4Vsk&)B%gb<#a<zkP=
z!nBi&2RTV;z<FEFVl-XS++{i|?Ek{*A*jI|#-O*<=C#{7)#X(<kCJwghxUv)?Un+d
zuNoW$!l&lhg^Qos$O;JkCZ~)^_fA8z4x219C<oHmP`-Zhsfy9H9UpGMbGS~ItRWdq
zaiEvCqKYWXfo-M;&;CQtG)Nq`nmPS<Y$sROkx|o;_K+S(Lt$_N^6uXgPtX3a6_d}d
zhW<hi7>)xDdBps&>da3~C^Yz{3SccTW(hBa`V4$C0Y+yo+)MR{PA-kQjy7)uv|>M5
zMF;ICyy?e)McMU*Z!p{yDIO+wp^sj=yu9r1Dmxqv+Ecyaf(pj@1*{PuI4caRFmP%P
z5HKC1Khu(!mq}uhXW)(qk<XCC!eiSqmM^!QVUHE?OzZ@bS>6FSj4}gB0>;{pdAjOM
zRwyCy;)XpDSb%zFmdxDa4@`w&?zh2F52Jgg2Ht?7Sn~W$i9Y$`;lu$vOiUphMs0DG
z2Y{23^mg#uy^|G*>hErvx+l`-)*@3WO?O87H-T(hl(I41aEmp7g%jrNxRoZ~A-gqR
zAg1$vkE9#)PL&23=wTBB2EC_*qu4(Fpo26erLi$8#ia~r2LJl%+%)k0Nd-ry+fjth
z<n8KkohPi;S*!L|7Nvck%OinJXulXlQ2WR@OxA;9r<H6<q1bxUlkYG)7Z#FQS_wyf
zyn29&npf5jZlzoG{W-DI<p`ieIJA$vzFq$AGDr<bDoQ*aAl(4nZ3j)#fREyG<9=Z%
zW;R+~Qf%4kd#Y4xk4sTYCjoRvSluS&fD|gE)k=u+PlSbfVsUASL^x)#m*r<<Pqe}t
z^Mt#}3S6w-bs_7eCnkgG0_9tQPdlaEc{s3E{baPVg6sNC$~PBw-MiPL!wEpc=I_qa
zEuz8SbK;>Ske&0UHKlI?IPL9}!-Le@RLs<B22rt*_p{ye@KP;W3rFmKDt#7hAnP4n
zmoHJ9D?RbJvCX~ZQM(&i+qGuU14_%JH|)j)Q!`~>$7Pd-zugls&1a#f9Lt+X-di}s
z(CSa*lLCT~F;ROa$bTab8c`DQnN)q>_vvd?MfsDC0-R<F48VbcY?zH`t+ccOO$b0^
z9jQZFenk|HQT&N2G_A~0Z>iE!Bj%^fxwnbc-PV|SXKSlB5b63(Ae#630<;N-I%gcN
zj){`*sR8{ijlfFD%Pq_onXIpMc-&WyZb6)7L{O!aSOdQPcZrvp&G`mbpjXGYs>ON)
z`dkw;r2ar^5k_S-;wt&hn7lJ7^ke62>a>tiR@?KaKT?Ahb~I09BK$#^&|BTNni_@6
zVjS-6y%pP!Xe|M@2B67`&_*Gc(^c=E3n&1;OJvITblda_1YoBR;88NeG9&{^v3jCM
zbUb%QvI$w8o;`%e#xa~l-V1H@W8LZ_4_flR9rYx7`0%0sp{HKz9Uv;1^+wK9%E<J;
z{-g$a)dNI_gkfd2%39V%HqXTE;<iA&MxjUh;`Y!LFd#WL5{e9a(6jrpk^(N%#J&us
ziXi{FPdVmX5ktCxdv2K86=T0Q+k_|deq+$zY$AuY+i`dHRUC))Xf{U{6LY~t65y}(
z#b4xMurvg?i-79?bin2}ot(&@x*EM@QKniz#$gx?+8klsiY#2vENV&>2^=n7qzTCZ
z-b4n8NWe?43e3$%0tF?%;s4L(wLJ#9d_tt6w-76<!qlIDbk6#|-@+NQz|C)*Ek@;A
zYO34Z7e)J%UesWA9S^1O+$fc?qMKtfe1W`8<uc2_+!O6c!6y>}$DB@A&5FUd^mq|j
zE@R6313YN)X-%@)6WP&8_Le#!-BF#40hx@`BImD@dh#lcX5*HjNz;fSpE>q@Ms{@j
z&OPRdqobdr?x$UHbYA40n|9T<;w_(C<}zc^reAXOwTvNb9tF!eG&E?j;|(^DU#y)y
zHLT^Opn+|A5)PY|wyvcGW6dBQKz%y1uFBi0NGCrQpm<XR5QB|UZ|7c}CT)%4*r>xn
z?7u{jzrjWP3L}@#TO=oZZ~p~_>!QJ+M6U0p8O&f?0=^;O1xv*tXuKj~c~Trf6<P*7
z_$5$qvRSooB2W%8hu#PA?F~;+@wtUH36Qbrp3Zw!|2P2csB^SmN=Qhs>I!<cy9YnU
zK9V@87*S!+`M|HY1jskpf?oG~NfkI@`VR9Vqymn;s=0C{sZ`!f@(+U5WGoJmsdSp$
zA}Fo->Gkx@1R=Z8)76!#=z99!ch!SqD>mY+Yx5{I8(gq<=gKtP6A5r@m_m_hz7X(9
zuE$i<K0hAU2zQpsZ-ZOrZSSBQtS(901XKb%qfx!oqJFK~fYMK&gt^~cKbvcKAN`_~
zM{dkanVKjWn(f+O-*CfgR()`vn(&)u3l+bS-xnQukdJLY0Bo^z5NRlCYR0?N=BX5#
zAWe)$8g&8y`jfMzQVTD?roBB1>c&FI)WLU@w5$OP7!OA#q4A0L@ePmT4x*N^fbS1I
z=bi|9A(24%&tFsPt(HEO*su5FH~1bDx7{G1Jlzcsd*bh>f`;mzJ;YB&_UV?(PF-uf
zQp>eFQA<%%J4=R-*lc-8hTv8sk$~Sx(9dw`O^sOpMz+axjX6TuUGBk>8ZXmVyyDY$
zj7Hbfi7lUiH)8&%td|<Xx_WuF=;xtS8Q)E+34zdQ%q-YPGdlvRzBWRha?$r4l|!{!
zdnC*{f{5k8197wN%f5@t=Y4z4PEKad)8+3-K^uAz?etKU+B-?08a5H)#!Lu=N%?;s
z2su3V9C*Q*oOB?X%K!<b#{D4%vZX}YEdF#)U!Eg6-JFr0c_X{#DrFK~HGKwYGMX<G
z%psrUnTyy&sZ>gTb1=<%G7p0qcM%u|@v*U|X#Ji)eA+D(Y#xo>(!8=##p<w#_6XTC
zXGq6mxKz*COrb7_%H=Vx5MUnYCSqWYO24)e7{}m$L!<SXyCR2v>ztqlGIPhBWkoxH
zvVTgv+P(Q|w(;=@M^|39d;!sAa>-WX4M<B(+x;Y&bN?Asy-_mcn$eDzj#m509}plx
z7>{Elps&{{7IMqgw|@i5=P>7=)Kp!oQoJGHw_rMUEAkv5WB*HuDPXP&y8NOHES<M(
zc0DxsAL{Cd55mA{4(l)L2C9<I)1{^lnt{mOltVryTz<qa1qFW)7+pL#XEyl0G0R6#
z3-x1KgSqN-cY&R<F}yyK%pr2TZR^HK6*z|9Z{>$4p6L-+3Bhg;+nG}&%nXb^UboY#
z1xMo)(WK70oMTW*mjNQ-06Rp?G1cCvl6J;q2-Y)zm{=4Sm=L+Qw2|DSVU&6EmIm?{
zvhKfp{J+Ndf4ugxC%0LT>h@B4gH2(SW>N0Y^NR`0OOd%f=GzQ{z>_D%<y4{1jdokw
zIy=R;=5L<UqbtmwHM%!t0cqs}IuKk3+%zeyAfP-W;$1oTy<DBTe*LrPjx6A{`TLD5
z-xsB(-ZT#?{yLCW1WHu9*gZxmAv<$*=xpZW5Z1YxK<AkFf?dN>j~jTHh}oipFUKb)
z`5!O02{oQl9Le=JdR)X*RdLpOT+|QoLUxT$;Mhko0CjPi4*KYC7yZAi+}|nCL|+R*
z35Jq0<l1iANWJte5+FLeROs1&nQ8dFEI9CK${%IHbYx>ZUh(rXMuo)y%FrofNYMg{
z(<Xz-%`1Rf2>3mjNgi8b=X-OQ_B5q(?P;Pnbgwc0DCYg~M=>v5IR*N;+gdL!P&BMx
zYW$9fd_i_Oy-6EAQy>df&6XpMW#7elJRa+}3M?EOOvG(2GLXsj?D~uCdVc`}u#v$n
z7Pw&Wv6hEwPDF^9Wd~~poBuevzYi7<uC$h^gf;M>YXsB}P{HbWgoE=QP=b%+iYD7l
zScAyHKk6Z4$!Dri#!>7~{<Hnd9U()Zq+**>WmzDP1H-5vIy*TX&`g&ZbAW11sg(?Y
z<?q2+fWjIGSYS!RUlMpWS}u-XLsbejoy`W5@6}XSf4&5X4W`IT{T$kuY1lqa5{B(#
zvsP8nB&N`+P*-UfAmiiXBM%ToTL*`X>kH(sn04dT7$eQiuTX%<<u~1N0Z@{JmDPs=
zsP26hSSWu@0sNc2`zNVK+!$6R`0S}tz(d=9ieJ%dKhASsAW&9pbsu;R`r2ojCP4L+
zF2dZc_SyEv234Df^?ZFM2-h;X{WO!`-&{J-$ftgq=LfvIRAvKFmgXgvV0P!D6+Lr2
z(R=sq;jL23GUzlyNX5P+b6C%3=RtO9t6YIM54mVm;>+aywXL0Xga9(N=SS$Fo7&_1
z*4UVGpW+DA6(;+k6Dok>)^-3AsDFNn1FCMGrAVVCD?y<V5#rzqjfjtcXevS4?!^AW
zMf&%LmWlBm1!h-N@XpSz@Cuvj)y^6|LE7*593rSc%KcTQfJA_K7z?JWa~jSUo$!^H
z7rE&~VL~}jKezW90vg3;^VjZ=kZLG|Kjlb=DI~A|_?iI7j}*Lj67D(;E+SbniRn2b
znUW&vV%FByTeCGR$Hl7t0G4Ch(rI*)=#YJpwO}*=D;|YxYGlda<8j)2eWw4rXxk%G
z&fv60$D<>GTUDu^DEg6&4p{|EiX(QnhWIK_uKP~jgiOP{Gx#}O{V~nuUY&N^`Xcau
zy_)kqK|K|%OdM{nk{$^TDFxH3pEFfm>}7AB{kIby<0DvU;kfcGF=J|G#yE;x4<B|;
zbg_Ov@UxW;nDpB9pfIFhDfiQ3@D?^P(4%+8W75_2?d5YmBCB;ebj!8NcnT;k-T-KT
zMMOuZrx`r&twsR$qlhmypA76$1Q1Omr=(OgF`+73PW6ozcAklFCU;l-Vz_BX4RO%d
zC#kTy3C-vO@{K}J=w{_;_QMzw2n48f2xF@!P$D3RbvM5rsjIE?uWvvL$r8o=DEe=Y
z^PTZN|BtlXVg4@yDWB%!?4M@9y^0_ad1#N-Ci1F8s-kEkm$r7RcB?M0P``El1006D
z<dfV0EoucNI3>AQ(1CD+-fM+#!2f+cON>NjM*sd1v)%gHaf7i{X`E-G_iul6y(hwu
z`%!(tmvVb|?1%Ou!u{%e#(Az9GF5tZmxNwTO8cwL{Ocz~P^cF3JJD`?jjuF?(lckw
zY(|Ng@!1L$X5#pM!H)%#-#)V68dZZoX;Q-DFb!iwojutu3bP=nmWrZ7+xmI?(f`%%
zv*qW2p(|fldub+-$gj0Fkd!1OlqcAD&=Qzh1faX{=T@Drs=F@`^j;O-??0c=<j^<t
z$3$d<ZhU&uXYyE~?2YAdOg^<y6w*DoUyt?g{yY*Fd_Yq7K1*V{Fu~|8X^a2EwtiC#
zK_XE&eLm<U1@WuWUIAZQ3g|OZLg!e2!9y^zXO}l%Z<pbV)@s(+mM&cTsOambx*arM
zB|c!Yp4YUh-852kC=J#E%?MsP|6KHR9cRJBzxUC9=pCJv7!o-&yOkr0kdNdYMWoZ~
zn@fcnh1I2T%|e`id`Pb+q&7c(+?%R&$U~wul5ndzLfO{T-=jl)^_y4A)6b{6`mbM~
z$@Q}+WX<frV__nfaoAdc0e=(wpqq*={?$6k{fx_WDAmV!8;BltgQ7*@)&OoeN5J3J
zs(Qb#?R+vM_7>RcM9UceFTXXnZE#{&rG0t=;kEr)d?CQ`G9xM{LKSG1FO4hx$A_f+
z8WlxR2U%^au2xWJeC_jOf*<b_*fvkg!I$o&#2fdC6GK%86GDz*O@f_~Fd)5Bop+aj
zblLU!F{!ZM8iQhH&_b{WTdSFD;`JA|!*(2xi87{_VCF(EuqGP3Q7H%nJbIO+cxeoK
zzDtc5^*w8>sh+nfeEv@}mn@95QQZHW!{TdDki8;XNqkQ1#@)FEdF~J^Jorqf82IWb
zEKJ3)tnN=pn4bdtFD9orS;0of$Q5k$4PL1~?k}qY-A0u_x)*DUSl`7Jzw%<%ZXj~H
zVp}{T0E?WDRLF5(CLG`hoxpfwjIdwKIeqlMpx0y#A+%s(=DW#$A>arx8_OqWGasXg
z4PMOscU$oHfBXE(t6Zz@t;#e5wPk>3TSs)@t9!9QVE%+<Kj<zcVPSTB!IxrUcF_tX
z{k_RDM%{flOoQWjgy#@@-*;AkY7@bz!p~k}!uID;1=Ea3^tV4Eaz8qUNK3ndc)#29
ziyW-kNFWl)?Z6>Y7$IO94?rT{Eq{Lup>yPeB8&b8o7H5*M;H*gj~p4lF;GwHE-ecA
z^^U#mlE}<8-Bidx{?X0(@c;jXzx*H^sSWROb-qU3xCI_1R`2JxkY8^uB7>Djqv(f7
zN42#HfAn8`Pktu+>(_p}2ivlwk2Q+Gz_vX`)c@(&dWBI6GL@{%DXN1F=0l0G-Q32G
zgp{c%9hFWYOA1wWn)}K^`fK2FrC@MT`B%6W<{wchUPjmzr&{>^uW9-7p#_^CF-6!l
zyV$YAVNgwh>BZbZP2{6h25mfq+S|hB=1lQ_AMZm_@cX*)fzxW>TQjo=BbPhANEF0Y
zq#G5eixl8$qW|->Fw=gmG>_hqoFUKXi3t7q)0TN#uoZO4_A)_ib75j8UK~h?4-X4N
zq!3M0e24P;4Crfp(ABp%`=IOX-w{F>ev&4ZVKL=oI-MWW)=q&_@cUZ*F@=Advt)6k
zw=sEB)q37<-=<5s)z~W3+Q*PMxND+-2b7zI*|-gqRbEm<ZXqt5s{Wo+lHX@d=^-Ko
z_83oi(*%|UlYCJNZhy_2f@uX{1+E*IzI^$|2?Xc*QF=y37oZ4{GZaQd6v+_}>`wi9
zGNSihs^}DE?QNXL)}mYXxExk5urTfR8S+Jbe{e5duu|}8N=KEzL^@sne5c5E_!-!r
zrIk;Yrx~^x-Q?(>u>WW;{%?L?4g!bvf|m#sPep?MqKfn-^*K?hwNOp2Xn*j(pK8H=
zoEr<%IFq6WoOLj|xx((q-@i`I4g4~8k}FmpEh@0i>tiWIUku+uZBoUh6}d`8gJV&)
zU-Uh1Df#EK+bJaIXFcD*BRves5Du4!cxl)pIaPY-ywh$5TMjTZ*hDKqAks14f%dcg
zv&vV047wgn^qQs8lPYj+Wy8yG%CDc^ZDgxw1SsWecJ)UyC`;n7{PUnc2tIxI#n@>2
z&hvKA%e&P2&V#4Ok22z!$XhfYFzRP8`zFL?&cqBlPXze8(flz2B3qbEeU9Bh`Uw*<
z>bO<hkGr|K#>mVPXi!#T^tTQ4w@npLA*iWIP5qp3;GnPllEL;6?4hS%0Jpf1w^Zw?
zlR`BVzkfI&1(<w&r;${fu0?pv1Vut%w|$?ogc!$uO+_O}xnurML$ZIkM8?1%BN@qH
z*!np`D%yW<kqZxYo<3j^K_{oVdx7Bqc1oT(bl^|xBg`Pk#BAHT<n&40+rPb}Pm|@J
z&)*+s{f8{kxVOLMlP3`BSh^uy5+SauZDKm1KbGYy7?m&N4T&QWRF%YvG+6L&^YFhn
zf)~~AhnKice<>fA`laKJDh-8bitIbY-zP+08+L#l!L*k+FPQ!Z1O5Bctvm((6FwxK
zkL8!?VPZDM(L?%UNS|oHSd~h`O8A=F!rl>@{y7JKH}rp6G_VVPO%4yVQ?6e*Pjo(x
z^FBBZu3mu5(evRpT5_2}`hMl=;G*|Y^VNP2fI9D6wLXH=*ZPJ;!TqX2^*s6JFJJXf
zzfnS7Y~Hb7*{rP38l5S`)e+;FLp?$UN;3oeOU7<Y>F*;}Kb)@Qliq7M=RZ%?TsQ8E
zCEjo3;hL~i^%u+sS4_|tk8B+<g8y`r|M`Xz>?&+-16@uqAu9%6zuhmPJs1?aivkiU
zU03@9ks$)NoJ7KaO=Z~mH3ir@Q$@CSxnz{G=+*SJ!e$eN^a(skrqpkWZY9PGwanLn
z6G;gKZo&evXs5TrliZFZ8tt&Ya~(Ixi=4p8FqM4PCWwX|q<<RspKl0yA<8koiv?|;
zLUr}MPS|BW{&rtP;YS}whxo-2)(YsK@%7~7M6;*_$g11UIZQ}^W8}P^P-WO3KUHHz
z*hA}jvOx_(#Bw;rOh{;Yx-ie(w+HBwAg0{8u5~b9{lc?Xe0*_{!PFm<v`gLHK><~b
z*hic2{qK(^CwIT(1w?6ibj9>_d)vn?%Xox)aJGmjb+;7MI)(8;vUrpT=mec5jYQZG
zC{tIW(MqT5M{X@YH2jrr+M<_>ZPm$@3uVSt*FTp-UV@lMLP`qREa~H9Ht3^c+e2S9
z?FflEN`%C*)8}TPK7{~1At=fV&cVd(y8Xs*&ztS$?8J$MW?LR(51yZOiD7_asxQ%4
zSC0DM78-cqs$QyS6yGJ{d&LtNfF_y}1f{aI7~H?YDnG`X<{0{9c;zdtXK0F=&dgFi
zVG5yA<O;6$C#)_7UP;v0Vts_?ve9kI>2~rAMWQ_091#-@s-Dwsit10`y+}x&dD83a
z_0b<xkW@9d4QKRp);kk+TQ}Wc_b!r5Q&iclRS5~>XrsIb6OCex7Y%d6{>vV~aDY87
z%^K|V1L@F@{_^{3FEH-GeSDIwlv6ruk$X1Alj4!$gV~Bi0Y6qPzzzzzV^NnX%*NEQ
z88nHC>W>tt>cED)!0$wU3hAwa_i_Gl?TC0>8n9~xhZ(qAu-x*0I3KB07<s>Zp*PHI
zhOuPi<c}di`bkT2z@<$U)bqnU=7DCv7|T_O_T>A?IMqNYy;tonocJ2#qrTpIz)&#*
zE90>J@$DYhc79m~z&902^hIL09dg}nFO0Q2Hm57{?6=3Yz(FEEJY0PXDC(s^QSM?T
zJjC#HYb?>yVPgsC#YuwK>6SB&ju)|P=5K*OisNlwQDX#X<K|lV-pFh;o0!k#EFxTn
zS7M7Jn-RFREPBJ1nOlpzY87UYWijh)azI|R5{P>_PcLd0TF%$lW!dk0L|NLwDh}1k
z)UoMQb+soZ?N}`)#moDEe;xs3eWrG!8MJ6>i}qLeEA9Gi@ZCcCT&;n<ohPXO!>IqK
zE%#a4OBI!Zf~=hV0au5F<dG6E)KjOxP>V<<Gqw6Zd<;?Al}}5o-0+6i3a4!38O<VY
z1Nk_qNE&6{tA^9@xUjG={RIw_K|!ml8B1IBtFy$@y_ldN6d-mT0Es=R)Z%sfX;X7D
z40Ls!`kKz?>t1?XI~5rMnp1=Z#IOfbhO^ncrm?HHH)4SQ3X<r4hFj#Y$G&j^VE^4q
z-6+{u)~-sm2Y!2-paJF4sG{t&+)8KYxg>x|=kmyDX{GpYe;PR7UaZ$gUGW%mqG=<n
z2J3*)d#I^?{y*$p1DKH*)!-vFtnEu`t1zA6r;XZcz>NPqhK3<^9$Se`=+*Lw68ltl
z31EHcZWl+X_gc%#wbp#U#{~E*zTKOxIa}ku+ObQ;y5}(b^#>4g5IHv;PWPW1P`h2Y
zyA=a8W;z^grxZ<_SJoQNC3>yCj!mE^ku(|sugQAF{iS%WvfX+QuB)B0)qT&V5xaaK
z?H?x@)D(9^D*>>w3;-=U&M-DzD<rxdc_!Xm``mLdWa?r2pqldf;Z%cb)y{N<6yWBr
zBN>^Ii|~Qlg>Cl|==y)I6w0I7N{3Gq<s*0D>tETAPvPe5SYmsBZ~e-APoo6;KW&LW
zE+elndW^gp)-3&{pwUg($@aBnn3{_pCk9^QBhq-)QE$L4ZM^fSsXzSwyi~6hz9`PQ
z9ZRJf$QAFt#NTs1*;qFO4ED1Iv<9#RPKSYR*Of<C82QmgTF9jH&2W}1AujWh<CVu!
zn?EqHJc$l_F+*uOU%?#qfNM^gttDi|2S@uLpMSsp`0Zq|o{{PXUS+@{X$UXfg8O-b
z);=RjHtk2X!WnlEFt2H*S#~Ns_<DD}ev|lHX5qw-lu8vLXsyS_pq_0%*ZKwxs3sIS
zO1iu5=--YOTpx94=H94;IKx7+na}k9+p+myGbGt4NQZ!Vx|c~I8x8uXVM6FGv=XpM
zV6(yfYc@10Ets*8_lxiGF4Sc&w$3+Pb>e0vF%b4&$?;!qkQPbfaadUZWjNp<8(L<+
zYx_LIyX}p%a=QJ#WY+Dt&yf)I(H2v8V|b!x+vmqmaB$YK5K*4OqZnO)8R;Dys&Yz@
z^b7Y`2^HIYS&-^<+{dxX<h<WNUHN2XK;Vw<{hULV@f{c#>c@8nFFwcc!u)HAHu(Q$
zzCqZ-O!SBC3^TlCj<6fcWghG^CAr@&1!B_oJ_3MYes^uBHz$nB0A85nz;dV<ouIMR
z;R{Nr;Jo|!%?R3ReyjL`(=zJWv&0A0M)PjR^gvIuQROGI+%qQVDxv3f3GexASs}~Y
zfy~VQufrKqJ>8MC(hu9OZ1aI=)kFrU-AWZwT(BPrPCWJM&v_2F{DTXF#ThtAz2Tox
z{|~F9FG%#p+rM9~pPG8)t((FVEKGysq7h-Z03X3ueowG6vQ=O`W&+44DAt_srh)eZ
zdVPh%qvDB!Ba^OPv84b|*&Ml)k8>({C}_B0d^=?fh!kHrwl=de9P-A)5)&DEq8ZVh
zP+>+lmtv#Ac)+S=uXcOK(W~V{GadTqT112rP#q2e3(0Y`?<o+m?4s?wstjxaQghpj
zmk+Ce8{DjB2f_qkal!2{Mbi#*KjgVM*+ono((i*Sr);bOv|=Ix{)PXE%}&UFuwI^s
zZMJ~#Z<I+P^`u#t9~~BrfHN79z00uG+y)*4ir}FCO=C1~qUNQ|55ec1Ba0Caq!-~Z
zJA!a&!5xKc-}$1aqIBuQy_?-5-TR;SDj!bIyFdBpZxx)%l?2>Oqdu94mqw~ba#;_q
z&U*l#Lujr*uF`tCJSHMI<lJ?y)eo%;q_bBhOAI_Fa86#MiY0iyBII$qq$C^&2mJ$A
zddMRfb+iG%X_i~cj?vW}R$k8PDgd~up^WRx$tg%1H>Q)>C8LE}Vl*m+BnW6b9Oov{
z`8rjVohM^*>Pm7q+!5xs)-$Pwv^AHpuN>tSmYz)&dnC9zjINuH<<hg6jYrI_*;ScO
z^k)+`W#boTFWd=ghkAI{-+tFf550I%q;?Zt&tm#Id8GKo|2oP4+D@;ZeqPnpk8hJW
zI-!2~Zb_Ji!gtbo5_}?+PEIvN*i!Tz8U<*6C?y*7j2I8)T_)&Ds&yiO>T5AwE&&>r
zGEgQur6N83q|JO7%rRe%^^DD?+DdDF(GMhtdK%8Zlt(|IGI_RTo27Lr$uv|T&$@oh
z0_8lKM@ZMtkR;}CTMgJZoF08IG+)HzSiMbn9=nw`c0ZAu<+vJk4aj1uM$u`L#l*zi
ztLodw!a3WeOc>bFmo4+SQO8Z<WY5hS{c4od=otwfL?TBaqy9^R;r#%hh#1b;^m7*e
zNBx_lOhLG%<sONuJ>w~Uxs=!KFV<(9Jd@}&YK8glcEVq52ONF8-kS(5*AhUey54nE
zM6D^zXTMk4^$>%oE_;D|xWvF1WWY;$6JzkYR&fH|1CMS7P??7JL+I6^-?l5Jye8hy
zClZ;DUq{Srs{S*$^xOSck6;_t-zXhYMf&OcuWMGk>`6(?uZvcW#EK-Ciut||uB1}i
z(hJD-c@rV<R(WO`i%o_|VgLo-?R@UNw!6W}22MIqt<rmlDaOYpsZL1-eWZ%8lABj}
z!fmB({Th`B9_(U*-*@r8n`d80UR?(qCN0*8u728gX_#C8_*jhi<@<iR3%xPPCSm7?
zm~%V@KRs$7NoR?!@?QP#ckDAYPbLC)xzgO}jgv+c`!|Pr(B={~(pXXW_FK<aw?&X`
zXM!AFJ%XE&1*{)>Kv53Q%nZn3F;!La`#`VL__3_B(c`L5Ax2NK94DGu;L0H#UaQtI
zdfxpqwk1XF=({=NdN$niotvI*ZW*qOjO*)TvpThXejJJD!nwCYEe}C3TDJT0+~vF^
z)xqPOIgN|3_Y`aODk)BcwNU^K*Rg@s+%e381It&(^)zEvri1&RK?@8-1)?{0rbtKy
z1sFnHDg}6NRrFW@_>1n<f<|r@7huP9*vGN(vNdiz8U~LKrU+fnr&cW_k^$eUhYiYU
zI!qSBy1Dz}YQc5C0o<W{J4b+G-nE|O8D;QXYY=qiyg2M2wEQqMMI<-KG`iY<c*54?
z?eFzscH*1c-u(+)$S5)U@(qfe+f6V>+;19cL%HsRjRG7U4?(q;>e=30xPkL42F{#|
zF80ohbx0z=a-+^|!NLenb6bIiXPGD8(o`oLUY>G+l`pFm2|kZQ6c91W12|_K$%5xT
zzUbLb_yCJ~!*2PAOtb<;dZpRwIcUWknjK#<QR7*XBD}6Ea9uo%!dR=$ep5RHUy8?S
zVM1HY#&bw!jOqOTi0opsLpkxh_Y)<Cg@A)f<V?x(`-`PxS<8n_K_~Va%~dy>_~}<_
z>(G=0+8N}F1Miwrn`V_oEv0+=kvccrczx9uQIBmuUL@YlMD-o5Juh10d|P}Dy!yh2
zF8d6do;f*T*MUg#1C>dKW&QkOjh9ErYF3FFIA;ywGTfVQC8QILZZVdgPb88IaW+ld
zOS`6kZqs(33vhffar3nIds%V6&_mYn^`8L1zl_$Oue>^8;952oCIC&Jb#s+kwatTQ
zr|?^Wk$8)d5mc|B|LD@ZsJq!4p@mOr@(OERH&qe!9mvAJG#PZ@Lb0kp6s=hayLGJD
zm+NnENua&^*&(n~3l3P<#?Zj}<lV`LY_u4Gvr;+tcoe<H4pSd!zkE7f2y&t?fj^hp
z%EzcxtCZ-p^sbJ7^f&$F-8ssh5M6yHv^{fO{`X$jC=~GA#}DpYgaPy0+&58^e!rfN
zf6&OMmKQ1*q@9cjnXTVc!95<|_9&`}$x+}i>11N5e`k8J8qIce_KB=%2CKsd<QKkb
zSl7+L$@NIoBGs5CTgKqN9$&B@pW<7oZ_?CN*`29U(RNwnx_WU`Mc?xg6R|RB-uYY{
z)2WEzvcY&qqsZB3IDuu%dQi?6wW-;SeR;QdMq>FpXPy(PQ1ZL*%$L`faXX1gZoC61
z2DfTo(%@Y0Y<D))2iIGgrWb3LmzH*nZIUh$b?RjBr)muRl-N91k{4|XCaZq}XYzJd
zt&mSjlxZmM75NWoss%z?rEJ|MgiT}iX=NL!-^iu^8P*}9gN0p{%%pZkF`m?!Cg{y=
z#kFWW#2*A%;e2CsN~0N7WWG}d(?-apR;F+wV1fu8ZF8=!ssRf$9tiU>%5Hy%j14st
zrR=I%Po&hUwP#+;P;hLpW|F5>BPS2$h@9xgz4CtPd8?9{s~=0JUM@FYcvB|XZxF&~
zMMIHb6jIU(hq>09V36BDAI(jXJy<wr3iHs1bd0uHEvH!lNS&X6{*)EPp@wggQ0Isg
z`Yhl3iW`bfC#U(*AMdS&hb^+HN$x(V)sX!{$U~uiVOf*&Tc%!KeP+0<DKTZ@sHPc|
zC;{FHcnQXS{5PxXY}$385W#Y~97K+};&F;I(+=FiTZIXAJJ*jCcMqx-DxJ=dD4^NT
z7o0{4hLiP373m%P>aX?t<=)*~qLMYoSBVDWJ<(y%K52yE?A=&B(x>A4HYMvTMii5d
zoBY6m3NM`NFRi;PHuJG~sVBM6)l(y*1tevXEfyNJ#)~v)o9-It-rLojl+vabI2UfD
z3$Zdn?+m|K&LYEWa?4G}<OXv~CtW7yGws^Rx_IC_R(g2Duf-^<*l(<ZnD3~sl>FX)
zS)CSMz^GZAOOeCpk!c6B9<Q4#!)0I8Gfi+&?~P1dh@ZbF9PD8X^4O~IWVlT^fvGEZ
z<G(lZn{HxXV03FW-P_)O|IU+V*6wmB?dbb<QMJmHbI~?(se5CiSYL@oh0Iq>>4$xf
zuxL9e3HvY$!lqLUj9tG3Kc9#*ixpVmtYV-7Zf3me{KGSrdh-bxwc3?!x6O(Eu2$2c
zGV6svhA5eYfpTjdr(4_+&yjfLC*3#4I}tsQaEiWkzl-_8$j9!K1?fL8vXZ)snye1;
zADv%^I&E}$yKDQ{y6@etdKA_~`yFc@=*Gl!uU&cZN8>@)!{FUcae?2#4ZAn5oK44Q
znyvOw5_ab~Mla+(`n&9G!=th-JeOt0vO(|3rX<Ai9H^En^4k4p+~%_(3^dwuPvRn-
zdMgefZRRKexN`hou9}w#(o;WOeJ#uncs5h3wk=4fcC0+WCqim<Cnxkg(fi_1E9jjc
zt>uw{nsYIu8;P_b?QUIaten-amA)@>!@KWpY}7AaLd<3CT-@BI0jZdBIhFZZ(E7gO
z$DdjN6r&qxZjp>S^YQ!oveg4zg~zd>p$v9LeZ9<Z=GnW$%WUi^J&PQ(7U+EDMrL2S
zeI5EvO>G8~j!O)1kGeVtol*DmCissU5iFtVLi$CG*B?=za8K;*SLmgEw`~osnpDQ4
zk!Eh~;SNu%y8F<Ro|tr%e@_J8*Rekzm+K?Pp5vz6lvb?+4ywzg44zXQ`zqfQaLguh
z!RA53mJk>-__RbQDKPdS>J4O6un<k6P$=Aw#b<`UYTv@{4mc$vaGrTC42yGJ)`4$c
z++1mqS{~R0;-3Aa7icBeM$1Z^?)OM^m`75p4IvEnDCiico;@?#r?+j`Tn~nLPGFqa
z4e)N#RTibp3KZenIggZ^vK(JDXyz&x?M<2OC-SX%$c6$h-YIGm!nq#OMmoB#Of`YC
zaa#x588+WoA<kXo(bG1mWxdW?4VRQxko~D`-nxw;KSKLAJ~wz~O!9eyW^C#S<z_`5
zQP4l{tAFE%6S@6?K2@6J7*VYw!O(4#Cgc*zKTt=``y$|md&ORWm_f{$z^as~j6nM)
z+k}R4yrPwK`$#17GP}u4S;%irmsWj~o!jlgn&QMBu$G4O-muZ7ja=Co$9)~S&r=kc
z1*Ea8Xlj&M$4c;~4K=E6Df}Rj3JKUTyR*vJ-bfT%HU$&f9BuGFqhbR*%A~0VW9)0-
zb?k>FRe*?a7^zqY6hlu@Hjd5h;=6efwA*JUevWL^ar4Vw@)zq5JrioQ<hNEd<WbC6
zC}YhzE48}KDlZ36Ci274<oViuZk-I(qrbgX(V4ukX*BUEf935rO`PK3S#X=N3xv7C
zKp52FyJdgTjkN#-EcUnZjcu!>_7&SDBX{K5c_2O=PKtVOgaZ0cuY8G5i9+{^Iu1^e
zE0QkvlA=AcZ%(2##3sLG!SkNZd!FyUY}iSrT-Zj=aJO0jxca0=ftN-BBA#*K4<SWU
zyIn?sp0NouSk_=#&riqMwEQOiO8W<viZ*Eh=JaHHQPX9Z#Z2Yc_N_>o&UQ1YY0;hz
z$R*V5-+E5zmE52%5NzFy7{JG#98aaK*VqP>j2z_br?+z6)f-i~-A+*^niZua3Mhog
zC8?xnCe?Y?>^HeOa}GRo80}7s)_E7Xe$@+#tSvIM3$iux-dJwC|2!a8^r=lXWDL?x
z^&mL0OHpJ}HsAGi`y)&EZ??>DULWq4;DN-ytqhxwA@F;2&vpOI1brfr1E>@zP^xM@
zGE3g-VdO7c#LIG*mS&Qn-BIRfWg%n{;%PeT4m5H)PUtt&NRgw(+DdPZ&rzI@JUK}_
zYk<f1Lv0#*lQUvi)Nm9wA(w|o@q*O}I`@XQ*EEC6Q_-rqEr4Qn60naoh-Dr);#Io3
zE;-4H<W*YAhD#x6>!G{;_~sGwcH9(EffE1aX*|JttfcDt<T-al$s6-g30g+q5r+42
z9r!<n4A2N%8t~Os)}!fer_s*0QIK+#7YgxN+u*uspzJR~hX#U6i|~08sBvyi_2)z=
z8u;e%W;pcR-XTQCOFH%Iv8p<)Do?o3G)r?RKXwqegl(B<)1Nl|J8Frp1+6pM9;;*Q
z7+E(aCw8)~%F;pho_xk+H=}!mzD;{L76QBaEtL&dCu3SW>0XV7Qqi3u0{LM;dWSRc
zL8Is}zm5)SwAr)C^ZLDkR-7bHnk0{-(1}w(%?PjCuaWJJDb9fpTDVTjO}+X#v@zi_
zEIyrgW&U*_2PL;P&Rn;5;pxuJaaB=SFD`-BgU^@o+;4r`$8Anqe2%3*)P2O~=98=F
z)g2)87poqiwbWty-L!0%ymn_WfnFG4Zj4EWn&mai+ziC9BIcgSP{~K*h%%KZWOUmO
zG@Q@$s9WuMN<y*Z6C4i%{t+b+%tvkmhKQEp`(JZ%x3B(8>j?`bQz2jitrT(<9hOdZ
zyTy+eM~et{wybJG#uG7;u6Xr_1)@&haq%-2$RF(RtJ_XjNooRa3|We_#!!IKbB_FT
zJQ7ae$`VW>QJC3?&>C}vYlrX@r@ksihdeX)<_cjk{aNhLk~2K5v^pFRyys9G4F7z;
z{!06~!l>S7%#KFG_o!7`z<}_48!I(5ui1*--YHQjU=`Aky|6PeuNwqwJ+s!EXxb7O
z2pQZZDXWj0Te&b6>jLn5e4mhugUYq~;f-w!|8B#JtBFEImGZ5mH>oo~%Ph$Gm~DW4
z&+*18m#pz{x`)d*g8#f8d1c40)Q`vARX<E+tVjGjq&&%YyXd#(GsU?#`->MiCx=Qv
z*%yz0tUF?Rq98JIZGKyBxlu8F*Y4`p=u6RgKT<>OK*sr5q30|m@Zm})(q9>z+h1<t
zuPoh0PmAn5O4wT#OVbgX)@~3y=ezlF!<Cu3?e<=g_ZVC=12X(9pzCCWRG-{=lIK~D
zdsKpFv(IqBm73${D`&#~3M@5{2{hzaQLJy7aDnRf6Xt-;k*8b4IC%4(5q-Vp$DXxR
zv>QD)O3nTXfx6}dmMD|_fa{$%dYoC=A^VF$;&*>!;Q#GygQx>T2W8sZaM#YaFezoo
zpimW@;SV3Et%)yXbz;D0ys{rb2SaaJOsSrK4%jN;dUpRIm0Se)%z?C@F2U*Oa#(2M
zp2}LLhE-YXX>F@(t)7;m+QGO04TTw0npUEQmgW*T%E;bGI~$oYOw3gVo3%hiwP&da
z2Ofp$Vn)Y1P`yOT4`pmIPsiiXxlXNm*A~HH_8vorTB|-cZ=tW#wKNO@40Hf-o1F91
zH`>+F%3X`j9f1)373=8aD6aL1q`7&g8$%cwZs7(#mRNZPN|YlbD{u;0swdWIdHJ63
zU#wtPZl&$<0EEMp(Ox?XxD$l}vmRSJgt<-HuEjS>Rbvvg7l2yW1+QOml<cZ-$Cg=|
zjW)J>8_zj`V|6v#cuPZETa>cUezO{cmas#D3gyNUc4%gsK#fwAF*UtPe6!1ILsU1M
z_Uqh-R;m<LxL>iXJW=dZrgYykA?NW_%swAjV0MevnygB)=PwJ~Tn>cjByHABZ@V+C
zhm4ZWu19K{{Bh!eGcjmZtd8|2FTe46$?gny&*!`&ZpNx<1dXG}8krXARE2c1btiGO
z{T=nC)lS?kL%898fU_~u1@i&tBEY|^OVJQOz|C!fHzJ-nv5}Dy&zLbVdL9cBUEXJp
zR}J`}e`3g`e-H8Ls_v3<rn<hAA{+A@+!G)LLm;>O7V}N6*=t;&094s}Qp<5Y^SMb1
zU(r%FtG9Q#)M{5<BgQ5n2V=d6JHE`C$?MtNI5_<W2Q$`D+;uZ5_?Oi(bKJxA7u1O~
z4&1y2zGZG%0PK|r&+OZ&c$4?0uQJOqfjcob5bvq$rq4QWozEZl!EkPbI+i6!D;`~!
z$vXFkPV_!(xRRW(n%gzPiyb|9%NcIx;dwsbUN4hSC%zDPIVB>oJb$DFwXf>ou;17z
zYAu;}nZZ9RK+DT(-R4$IzY?34O*r%0Dw-e!;KuY;eH5*VwtBe<b)PK%l+viVY2H)r
z?Gt{;i=+)CO3`Wls-iauBU^S}nV>$Qt9aYGJa0}}p~5BGW4t?pn%4Zy9oar4_6OIe
zKi8cx|2Rf#wWZOsVgfqDw7xhmAiI3iYrpFlMMhR0O4!RZhm7O4Y8)tl^U&_r#Oc#<
z{cs-2+U5N@&+{XjMC1unJTrd6Eb-|=t)nI6fm{DImiHG}DskO)S<@LlSP*+Rw$3~+
z?f-J50gZ(k5As4FQ8%@TA>FHuPH|T(>!o4$q)zD@rlw9h^EHsBT(!oDf{|{Bkxi8I
zP!#ER4pM|N^;H~KnfS!xo%`F`5A%_5Bk&(7!>)sh>6AA!j~s^stU~V29~bqp9lU>c
zcW=0S(_g#iR9bzS;Q}}nws4Oev|vl$k3?ZLf07sEyzQVBVK7`ghNYrq>A{d=aqHBg
z^pLgr|8e%-;c#wy|M1@FAtH$&dMZ((L?=p=5JrpMJJCB~3=u6P(R+>Fg6L(G=maBr
zC+c7@7z{>v*X*;;InO!I+4-I4y{`Nb;~I0%z1F?H?Ne^jOlUIby3Ob#V%y~smMLxb
ziRk~H01SLfxrBAJ5)XM1e{pkbILd97<9TlMDNnakywj;%yS?>q;zFH_^wMs<6}}tW
z<$ecMv#ezpp9xd-({0I?Jj$7V#wvsK$)!-;4O!cNtTs6rSnaAdH$87NTepeT$_OK%
zIJ2=vgc^MbI_QFQ7PxmcBAZr@VrrYh=uNA^oCXGFo##uU9mJ#D1N)ZRi1h)vBb_(l
zHY1B}Gcm&=CqHe|&4nqkeNJE5&ED~Qb3JQz*RybXSJNPh75U-Ft8ANUl|y%WgnB{2
zyG(?&)x*g9%jjxoG_~Gzn=)la-Gc1aa@YNJGIy5+jB1rBzK`qoIfw;0WIM*IQ4XBp
zD+Zr;H-0dwAEjOjxxzr^$A^5MEvj^#UO=47+$6Ib&^0mEmDg(yHy5i;Y;#&#QXFLn
zEq;7W%X_hM!r5G!^+EEy#U>*N&bD+AcBLx8-V2RK`T~mPHf<7xNx6otRz)-qwKV(V
zUDpqEcN@XLv=cp9`4Y#82m_Ok(qYsTDM|8%xP|)X&j>l*GdZrXN*IpEeIuGYSsZzo
z-?Fy0RVx5HY(wH}!R4Az+s`dbvPtjvg@kgPPV2<DwW1*fk*i!wLL`1V(KLS7hFIZq
zbo!2jcO`4RGf##rymL<{$_;RNllOnrUAldlxPIok4QyQ_;MtzZ{?=-ECEFc+Ecf2J
zOUmwwdyy`eZBOD3s+elsCHc+#OV@)<WQzOu>&2*bl9hwG+7}?+76C7(?zi2nRk17A
z`vpeV>t0|^`8%#HamQh#T3Twd6;sq}75+GMFKcb;d}vtS*Qx$vP(pE}6IkiJw?sY#
zcke~PMsS77pu3K)!Fo}7&VFsW5ZqyUIk=uRg7;U)ZaID~O3FBV`~6E9NTyLbykl%G
zv3KhurOX#yc;$+{9UlEE`ka9J=`abH03Ay4l{gng_Yv&W@{t2HH2xHhR@Y|$q^Owl
zm#=qnW~6i$Fg`CXw#i4jtT|_wi<~$Ig|eArp$@xcmG9D>!VJ!F)Y^d3zI1zgrw>P0
zN}3ewjs2AQP$9BWZ%SVv?pvn3K;1^VKjE_$<b?ln_s@GRORbR!m#@(aOs-n#Z4lfZ
zs@ci6%2GvL;CEd7`s}dPdpfYkMKADt!vey4EENviuO5T*U6{}*QLEDWiMp;+^0dkJ
z=m(R{r1<%yv#>l-!L_`O^P66v4+(MUB3$>t{^<9aSQ1vW{XO%K%t~N`cvydu93oPv
z3l9O-aN~~FV`0#5Rod9HrDMXQF&hRsYBrIxI<5O4|83a!^Y+YB$_V&ay<m&e?C<jr
z(5py|X4Tbd(5#dIy$lCCTi>V_yXtXPC-u5(_(yfkKgn9`2fk$0i?s8Xhi`?lHBE_N
z_xn?bmyi3mw%n%Og^Hb14T{(l&j`w=U{7j<$dm3R3=W1SphXmd8;%mo(W^DiOkWJ<
zeTjuEr3epJbLf_)-RO_tkUx&gzgTe5FnsZ49T|34b2*i4+TgKyDk8!{EQp@y;c$U^
z&a3oLB0Iow_<5n+GF^?IGf#pf_pz=$!!qQG#9e$kg~T=}*18CGSIP$-45xXW$O%kg
zijoEE@^kqoS3&=@Kux!tG8H{^^2KS94T-J%AaZO_#G<nmZBF8LmwwpqN+YMCn78uR
zCW*p<+{v}wy>x$k8+Kmhz7w$~3K}AarnM-ZbxX9LAbp&h@tlh&b2aKIET07o7SN_+
zOp#!UP}x0Ntjz!nBq}iEyQ|Cqm{x_6|H0mY@Md{z8UP1;?>H{bXtc8j>XSMkxcBm0
zK_+>FDV-^p)}4*D;M(%u#)5IM!n6HcbJNeR?mX<AH5bF~Pm2tAQ3iRlpOmLw{brdZ
zkeu{24Yq)k{d-5wO3!=mk>KK+%nic!QS7Tr#N0kpB#D!jt+HfnJD&0#3HMxh<I`NG
zl|L^8q9`q(dlSyDooQsWavptXjNvacA9J6@FYzoa{ZJVHSU*TYMptsip$MJN&OdR(
zE$!>@<w&uux@_vNFXQ{!7feK)(3Z%GwT-WHydI}_ve@4R0n8Q8^BMU19t&sFw5D*=
zG&OnexnB&BI#uy$Gk$>7{V~eqC4^e4O(G|jZ}^tWK}~?!n-}=_{F(hCpnKd0V5Ueu
zfT?9Ff?T=n;*$<gH8OVip`te92I%c}@{!04^u<C4WW2S;Wdfn6o0E1nKl?PjL8dDi
zcs2}cuRBbji5S$(DW)75_z@%TgzSlE(`PHk9A&+XG<&*!M74qI6TwLc<93bv1h5cx
z@c5f{f6rRhDnH7Q*V>k2ZsZ@n;RZMf<SE|mFb%=kwhN~oi9b{2Hw}!c@sE7J!H0m{
z^83^BBwG+lY)s)R3x(qj@|>fjhGgMAA<Yt_8eQc=E$*6)eL+0N9H-~YLD!RPvndq-
zLwoiIhm-3+6P34_M6eFv4wq5IWA4~PZ(ec1Pz6f!z;%~>&{m-l?AFKW8j-`!PTV4%
z*#w)r{Ok5uvjqo#)2?!1bskKPfoM-IDQvOoDDl#Z;s&#@y!(`Ffb|xUbBc|dW*FGN
zxL~EQcr<@%P0JO{#jKit+g^J5&p0j6d&hnDe0IX?M~5y8mneAm<;+V)t=O@BR)LQj
zuPz^ld-&n%2C^?X!F)EoKQGxfPo)rgpl#1^)31OPCBMh+dzfvpR!wsm{L=hoJ+CZS
zB_AOSpm~mYaw?;N0%aGQNU;M?_uih5w~$dvj;Sdis_h^q7o4Wm)GO`019YDLd<sv7
z8@)~uEdBi#_`m~FK+&1+8M+Oo2`o(#Ic_GVW(h_?@s+RA)gUJL$rgdKC^Nm~AH*5@
zB#nG_Hh-rFH=^*7-ts)x(7fL`K0r4d94k{5<?GZ0)67?c12j|2Ke)2c$*hlSxC<cV
zrcZaTJH9-V-GCOx<wg^5Q{$l=%0Z~x$`nOqSCdu3Aege&g5tWzg1y_xFU375SqA2U
zx$k6k4EOD`HGT;P2nWGL_W;M4<QRIuWyi9NQV^A^a5vTCn`FVhwJbKHtnMurcDPpN
zi#qofhzlgnyP-ykq7y1Czpv)FMTH~_xaSww`UcHaGFN>@WX0;<vzbiJj(t2qMr35m
z<&#gc#v3+LsNHQrf1ExD+Fy|OI~K)14HJ26vd*&3Zz!hM_9AEmO{QxrN_*o_bYVkz
z>IxI_#wek|mqOgfx!A$@DdedAjJnx@9*wJpccs;E?Wd&itO6n^osfr$9_;X<6C1>3
zLL_@?V#zvE`!~jclRfJ2UFGT7=~KmH-;Er~ulbr~F)80?=!n8BFAf07iMUg>?f^3d
z8)yQN#41mN;gs|Q`N!gvL7~+fD9WSZzA(;1y~wg>RrsUmB{Ui3_^zXdsGny2#3_Vg
zWAq=b8>_$P6g)i}HJ>MIQu~isCN0km!`;v^V1N-P^4`k2K_sdy?F~cR259$V!TH?K
z;T75sV~G1!p=>b%BWl2;T_RyypHvV?9dDy;7iz6XJGlP}`_gn3PZk*l+zrEHKsl0k
za|mz{PV<5>nlsh0;}d;<M*E>_AVEN>1vs(xBz~(Azx8;nNrLFHuFGBpk6)a23)dJg
z(1oCS>TKt>AXg>h8}MoBgJX~PQI{0Y)(SkmF;8si!cLM)18H7Ta1i2XN)Nj+X;naE
z`BNbWKg_wS+*Jf-QTz31^1^d@_Zoo4$s1M3&_=U`y6tnC!q;y;<;5Vcm90ac9O*GD
z$a|Tme*yC^>H_X(`S*T+@?=>9srNYzVKF!p2@>-fa#?nyf`W)8lQx1Unj_YIBT*Zk
zMC61|78_F@fS>}woj<%hsNnK?4zw8W?Lnfe>asy<{u*5dh5xZ`I2}Ztph~U?x{>dQ
zAE<y=l}%t0CbwH$K4sP;{8!n(QCbgLe545Wa(bJ#;#=d5;J_^4Q^U2J2+Vg2D?NPw
z4J3xt>iSMlR=&wq*fZ2RE&an3OsE`BqRe~BZ<}L`&;uto_I}+wmCz-sB)1SW4s`jq
zkEraz!JX*V!vu2liST~M+Sf__VqSgYq7i@G9R`Pph-az*HhP6#;DjFYW<M+h$X3S;
zczGEvT6Zvm^F;B+xemFdirz$?aph<x-R!&aUHmuROMlJ<1)77vm!)y!?o-l}iSe)$
zcoSv&k2O2cQi+F_nCmeYt%h|{QuogpOh>BiCyJbPQ$Oc5ry@$%d7~uqlARRCbXtNQ
zc%<LGuF07sw}^nhkg52MG?81n()&z!+??r25%2T5i-Zjk*GTkS@l5>K-(!imnj+{c
z1>(x&na_D0oa*q`i(lr)H(F|cGP8YhRhyJ?OsgzNyIMSDAjTrl%kI6pQ>gGwp+yS0
zyJC?~RY^WeSIujy!<Oo~8-9F*x&&`*WTX82tW1{I!c7ax>1X3gDr*i0_NJQ1i<rjJ
z;rq!;o9aT1m)^>YoLtM(c?7RbFH)B(RN*m4^sN7^f--QTZDTnhm3{Ozmq6Ar%dh_M
zL?!fQ5y(7LLW}R!6SCF)fiKYR;sjh0awvVF!C_XON=>uM<}NROgjC$<g+%MrLU1P)
zz5!#yD7lM>?U%+Uwh5zP#}HN3BP1=i-n7!VP2}fj74DtXlqIR^6*tX@6ep)2(2rrH
z=EGC_=0vfx_0N)!?-HvkDI#hj4{2Ya{XA~j1r*L&rI=I6NvaoS;$ktlI5fxf`tqhh
zx(5-!-RIfmBP`n{OX!n4z>EfKc!CJL1u}-*2b<O1YLUai^#C2xf#%Ts6>ztS@ZdCs
z>p<uOHU{J+ax5HzaeRi&7v2RSHXg>UNN<6Lu;g=qwNt7l)DeGt&i^Ll+R~9{mCaOU
zo(hNfIdd~pnFI<)jX?d8v^Y$Hvqmq#08V_H1j;^3*x4#5(dDGkQ%Y8jRpN2O{lU*V
z<qSj$+%_W+rns~$?x@`8YT&<|g0#4A6Wd6#vX!^?WloGnK(pW*?Xx%EX0yFwfpb~=
zHDaB~>n%y);rAx1Y>1e`7N{ZTh4xUW`h1o^NSky;C$SUK^KhHeR%F;Js8wXlD<7-o
zt1VEszgezZ3hGRLYhm&x`S5bKF((P|gzL1}pj~_eWt=#zk2j|+%&zR3?^wSANRz(v
z{x#3PB8f*I3?Nm%j*^>US|)lambFrqLQjx$)Ez&9s|AjoydXjzDa=C9WCj71@=K$5
z2p(O|T-;ye_n@8L8YTMWGD)OdTkA`^MmhHW)xB#=>wmwoX-OZNb$?Qd-Fys2A&L|2
zmH5)mkf7XpT&t*dSpa%9a@Jj2?QB=vQ13eOx{_$1s0jLaX6G=6uG=o#vH+cVZw=r%
z#LES;FMS0Frbn}KI~(<CwL?z8cti?#fBXRwnMJhu{9<(c=x?KA`FLT~+_;ssZOv?%
zS21}BDj<2&j_;@l*2HI}-!AUQ8Jc1f47C^LWnLy7W^s_5lf;t=l^Vr$=l~JO+{dbj
ziX|s$p!A!sRonQN$2!n@4~DU{xbA3X2B4(GdG^3F;fpr*19HH*`mh0pdx`SnaUI`5
zH-twmTBPh93Jqpixvfs;6c^It@cAIqw?mkG$X|ypQI<bYn}Lq<a`E&)!axP$EC9c*
z8y)Sg<2?2axOoeFaK|$O2_y}G3c!ABt3#GdqP>w$n$CF!$-B2fqa^Kh2_O{Ry^-)%
zZ5qC_W+lly)hjI*vxgc9aQ&^4mFsr~l{KBW*Q4wDj<;U|%D_;edS6{kS-~#xtM-Py
zTA&v>I?gq#f0>wq6%U|{W>)L$po4{>kqZ}ou^oc{fIZWq&}9*~NUqY?3f6HZIROx<
z&5{IGU>U5F&%0Yc^dVMl5|PqezxxebbkRciib?<u>4SM=b9{B-bBpP-_krtkbc5p&
z1<g8L)1lRJwm$FoK)N1$x_PMG`}7w@$YZlVOHKo{3g9PDh<H6~l5lHu$)~q;DFtp<
zvTebn(*^PPz_X+K6QI~iosjaJ<(@GV&GD8&hu0BT)9C?m%rc7l3VxjU`2xYp*IqCp
zmj`x?_eh!4!i*^>(!D>HS_~Ged}Hy!Cer^UN3XRK-(e=XrIqNDwD3^VH|W|@5=J~M
zI@%(@8Bs2t13J8)z6bFKX#f_~;lt03Nh4>a;z3zGPPr<=$w4jmZ@|DR_VX^i|LfcR
z53)_0!rd5<lUKcp%mKVj70B+SQ?h+}(NJ0yz|WZEYpFz)nl-2}z7zB6$1@%75t=02
zaBeR#b{tcA`RvWsXKGH2KwCWWT3Txu|9Bdn)<?EO^mF&W_+&{j{3mO103uE8L;4Wo
z$4Jro{_7~~e1?PpQy(5fe*7NP{hjk;-KASDeD3rYf)fGhao)9~TJIOj_;*&p@eKgE
zP4{@kQDQm#`6&9*ZSJJpvn!03B->wrKO6iu;AXE#<co)4cY>)V$@szjlH823fBs)w
zw*TKz>^#Q2Eh_l7a9R>!8p=WDZx<z#0xmMbO~K;kFDjNl@4n~?e#=3mU)y|e%F2X9
zZohnaZHd}r)R6ekFSrE=nJdiA(EsB5YTzNp=`-l~ysiidb`CPQu+86C%U~FBfh5E3
z`^~>T>i&Tr3r@v9gbR?~*2Pt26F`_yfv|Y##xnoyFMVDCk^(FqSU=`ppauUvN`L$Y
ze|+Zee~em<h>N=eZ)$yqc1*hY_h0|xBmd(Z?Qg&R{E!fzgD(d<vUVjWR{rJV@{hgz
zKUVK{9X`5L7#Y2K^=e%W&>ycWZqacgeiicn$GiXdi&549bG1Kysoj#bP)_Wf2>{Ry
z=G=m?jO!+k{NJv{4{V7G-Orp}lzyb*4G9jq*uTnm`TxB={yB3N?ZTJ1Mq*-CP$%VH
zMFdHEC_|ivBV6Fge?h(a=dFHx<qwj!IDZbk0(jist=K1>|358=34THTZPxt=4j=p#
zI{2R-|L6aFj>*86Nmu4@2%z}x4mQ~Z5)8b>!SnyU$^Ut+c+wCGl=?<Sj^L<Hjgnw5
zF>!O#`V}_(-<S7p*erN3%0Qg#H<&-z{{MFoqU_s!cxrR(dV@Ub7hCy%S1SafAW5()
zNJ@CB3*uc~oW^gk5as{0lmGIyC<FXzR=$)DW5L)3T*YfIT-{vZ`Y)KD|Gb*de-P*6
z!ou)cGBTy$7|t*<YH}7tfXMQ{ZWt(f|MP2#ufVa77r4mI?yPn&zDgf66e17*zuk@(
z;C8tFkAnN+;07PzxkCoUJb6iriTdy%Yc<{Zg4XV|<iJNZx(U`AUo{7?=8LmI{7?Vl
zs{X^}YJhXT@Dbuz_GJnaNR2L#9O~RvOuD#MRm@y?lycu8Yr&E0!Ge8&=h-H4soUTw
zHA>?@{FT32k$#f9aR=t?4$Xd7!HGLs!FTIiKj~xDqIV{0xoa*zs>N}Sm`}oV)e2v#
z@*68^2Qf!;My;%8&b1cnp9Opmx_+hjKi}T}a0!dP;7D0FFe=T9<6GURx=Oz+PPY(t
z#qUX&YW7Fz!t7TyuIKX<vjS8E(@I85_HAcb0<l?LO}g4kLn%vHn~cNtBRFW;D(cA&
zCJ=Q}XhiYf-$My}*<)1@2io0=92^8R!Qyx@IAGE}D)2PzdgdtoJ?2(W!6bxf=nI<-
zqEU=Vr7#?2NQ|C*P_SIjyu?HkwGYeh3^1L1cw&&0<ZSjNsQ3=L0zEe^Wilr#TOYHH
zSC08#hsJ++?X$_%B-aTG01_vvR5I>pcm$YJY??$Y^M&{D+DL!$bCozs-ec8Si!TsT
z3&k*!i|htaKP9~ZIw27xTFI=v@crv~ZH+9)qOM;~^lGtmOr{InT?y!v=t#JSx@M0+
z%%fCc4w1}-QjY)f4gmq9J1574cx@zTzXja&`z*RH;|=%cIQ=JJ#e#!4UqwD*<Nz#o
z4s@T67YAAAvlPZ*?UZ}bDDLoUj1SEBYgB4eRb=zkS(s67G*OZ$H(52c7<EE`5zj;g
zac624%9P?113W8SV_Dq26QV*$l-;-0E&9uxL10<M4K5WR$)PlXznY}|%YJ$U*mp*A
zGkt$MO1|>medM115fq=`MOP^VE$SRaM_Hy3X5VqU_bdvB5RqhRkKGUZGEu9qcWP7!
z<dWE)#!J-HOF3D<#7O&iE)Rxwp9$+cD4TinN-GtnW64{vsfp~d*4~C6hn2RwcU#@O
z#fK+a0;R>$Hylm<_noz?Z$D5R!kH;G3U5fX%~7tdHxUBg0QJ-Ts!546(YuU{N}#Pt
zevD|d@76#ymbiLj3S{Tw^h>FKq3HDUB7p3@DL5W`3a0m0uL6+{1}paPv?NT%hZFZ6
zR1wuf0Gl~;^08vYYY07iqv&;dNFFcf76M?2y%jtHWurPyg-Jlpe&2wCV%4#OCd&L%
zi1qEzS2^+J&(H+!ukH2S(a{X1pqAWeJUdZ1+TXBJ*jYX%+Ud;}a&0gkq;!OhX1jU;
zR+r=130Ahz>twN1do#MDy)UAd*{nN0c6g_@nuWwu=Xj*baSJQ1*L_m&zM2)A<-985
z8-7~3t-Iewp4u&lu3Lat|Ck-kRT8I#t~*fO-L8)VS~y)r<y@HfNhYAj8w0)x&i2(^
zG`beWN}_Z0p)mLm5SYKm>U&XCU|iRRUV7}WKLQGXQ6BUV<swh_akyLY`c#Q{!|@t(
zJjVlWOXR%h%sJT6Za4-ZqyRL4AApurq;Ym*-U+CCOo3KnspT*enkM)s{CGXF|Ftbx
zDI4SJ(cHe>1{hl@q-w@PmaE!PC;+F)4?A*>=S8>ZRD~`@$LhMqU!&sD0m`sUKu|eG
z4@kzY)DsK~M>O2FJtNwq{4lWJfW?0EIWM`oLvW&%bQ%>O&sa6RU-fp>*I1MinB4zW
z#Ca?F@e1H<(thXXcCUrRiMF+RZtPQDsQdYD#yv&cyQ|))jetVv=rA`Ra|+ql*$K$^
zM@aW4){0-xWl>gzZ~AVA-!xZ=R@UaJVh~yQ$Y}z&vaVh;3XR>nXs<HNc?G-2$ciru
z<I9tFjTM;LVm*dp&oXr~c~30_#j6(9K{m~J&7HyZR8y2&BQ$1-hts$n!l;_BVw<?A
z!D|krjF+O-9a;L&7b#Bx8^IT-Hb|#HH*2VK27`rw3V3(Pl$+0`cR(SUTeH+82%Ycg
zedc%dbEQy4p^!qU``u6qPI@LJ*p}~g9J?O9D$=QW+o28LCwJc;H#Y@xkH1$L`d5kS
z!HVjxdJ7+SK1hMC)w}J(cXyo!**eC4D{b79G}ZLl>wR5OoU5N&$ysI9Q^=+Z-EeW-
z8&;qE=Gf@v{fSKT+d_3}wAMv?0KNIW>eC)6vCwW<lDio>pvLGgA_UJ^FT#q&_Cgnr
z98ryFdQuMKGuTtISQKk6>RP49MMuz!S68&LM<_=Xwbjt;{i3}1yog_{qPRGa?A#*h
z0Nh_MR~t8W_BhOIX=&yhNoJNsVUea*gH6#UJLN1JVvAY3+^OlZc%7+&f@44ras<4*
zZqB}E#%#;=c9oquR<2`*jpg~wu@!a(NEa%i#R}VLtq746wm$C$rG{h<c>&_iaun8@
zi*!PG@-ftV+I;phMlvv$MLYZBX!cdJb!@;V%Aia6fSt%$>~dswh@I^=PlY8IyL+)!
zpX>`}0(p4XJBvV5fvID4$}o}6`$&oBthTF6?vQ|V(T_wvEE2$*)KrEHwtz;!?SrpL
z<|*#kI<DiQ{rM2Px@`}Y{OnUqDz;nGJlS;814u1VeFht>jKAZ#Qe>sgq)ZloTze3i
zo-WY2O<H=<Qk$J4SR6*uzWMq4>c|tg*e1I1j1}<y!Z#+pV_z&|oE$OB1Jy4{7>$MX
zk2F1i3c=zBwuUQjikkJp>0q1*HcV@yIX1l;lujtwrU38srByGrTaX@I)t1e*y;Gn%
zBg<B=k?tE*vo|{x9gNnR#c6wLM~JA?u9q=}8Qb>NAJ@!(lX@aEdh3A6S6{jQg&hBD
zub82=gC?My&@Kynl}-CL%MEzUseTceuPD7WxKB!A6PpJ#2;b{6?DkGKiB4+=)(w9R
z3s45)0p@2`<E2@nTQxvE=F>!2_a+8_@J~)jTWPrkc4L&G`i}%4814<!_oF?OWXoFt
z8a@vQZ9FFO_;}ig6M_-rcl$xJ(<yoN6{9e;dWp{K;JN&>ZHf4UURS{>OfWIM>`?&Q
zLy)|gPz#Vnce}l_)r#K=W@Zij&XM5|R_B$setohhj-%z$nP=am_qX3DYy*~tn8MKw
zxS}WbP;fa14{yNV?-as*EZ+dbjZmQNv2-U!^?W>FyjPW547T%ZVERO2fk*|Dd@oD6
zRc~S6s(m$h7&-g)OH0jqDcyhi;Ff?#nck?!oIm+@z<IQ;(yX>mqp&<~)I+(G2%f9i
z%Q9#Y=^t<uVFnr{YBt0974B*wrH1<*blwmkx}gZx$mfyFGNm`R%A}I(SnVRl`g<=&
z6;kg&opdHea#gF@swou;?6zLkCcA`C3p;867o&$#*P&<Y+sK%4rzPg7*bo}{`_pj5
zyW$4+=nmo|+h2AM-Yfng(gay%>^@F3WTFqD>r+JBbj_J^bGv-rr5m`AcLIiNz3bX|
zS*)h83eY9l&@766Q+_`bJydR?Y%$wVPn4lrq|>G*fLl&91w=5<S-A};_AuEXJz$3G
zn+k9z?3Zx>dpTM`<m6$;DHuRRw|}CVTmmG&Xy7yhwaMtf%TjEVLO4zAEiHpzN3&yx
zGNcqNhV!F`@|2}q(c@1(Gy?2;Jakx9{Uv}FtY-s@sWKoXguuW<l_QW=&UK3N^*;$F
zTUi-KqGqnTWSO<S(X7IR)!};0^5QD>UZvEilX+Fi=y~ommSTra9W?{#9bbVw3iVUT
z{VZ@}XD?vd^(>mMfdL+i_{5~n*VGEyr1AP5u3?e#mbUpA)hIwKS61ET?7wSj8+qws
zVw`Xe%ov}+xNc|xv!v`%RxKh$aTkVE&)`C`ykVs9!ChQgsSAn+gx6tP^!3RL1oUeG
zZ1uaPTtHU2fj63t8?r2DL1*hdVeu-<k`&|qvI^$e715?-Aqx-=8}>t*n)AGTd86}{
zLuv86HWLp49WM%ORRs3cQX9E`Y2PL8LqK1S05%58V=u^6cvKxz+>a=<uPUF<0r2|o
zH`50<b}_{*rd9{41uUC0^&M&*IzarTXg?vT(!_+iOq>+2r2^P0^f^h6!88$SEgqO<
z*y{rETDNO%B3O>87iqh^Sg)G#OM}Q=_dHT57Y`77&Iu3F;?Twe&3^q=*5gKj?_8={
z;@$Ms^)|Nm2GPWT9~chi90_X$BEiD?F0bDtHyrPDzddmU3e7<1=Hhsr`-h$sp>9vF
zj7i=Wi^Q_fMs@E|Bnx2$@sVIdqv_EU|3>-#K&wi_vzYLER1p7#Jms7>Ux0|oV*sY!
zU0>4)#bIb5`a48tuj8s^M~epLqsaC{@9c(>b18lyRe&*gBc1IsexG12>OA%0w3~UR
z{b=Om%a8$3y?4seZ}i&7(9!85_J?bnkOxAkxUrgEIL_HNl^e?;=6<^3B|n*rn*}Zj
z7|j*SiGFF|g!$S_{^)z1?bn<i<_1_mZx=b2t5K4E;`=sKI3aey{0@AZPCwu}4Ltyq
z0j1XcF78nso7fkQ#Yx6UBsNaEsBhaDtB*|B<4%I+<NO`<ldbGG^UxTZfy|fuo1mAI
z44}<Uy>zETq$lIM;1mdpin=Z2QWV*UL(SYv+7B2|6N<Hi`kn}{H6RSULL3n!D>Fw>
z`4xUoTqLdzQ76)2kOD=V9<5a(P|(lNMuQ33wTkLceHA3WUNFvKeO2h;!VfICuQIUm
zhz!!~Lu;14TRq-}<bn4=d+ENia6fNn*|_pI;mH47e%?^U_ZjFPnh-A~MLd;jPkg84
zU^7t}nl~$b+vKwS<?|KfI70fh9a<rexO=MTl4!*436PSBcu@ZI&DM>YgZU3xb%$9I
z=uFjpt{z}0X<4kgiLqjLSRX5SYCXmt6dH=1kZ%D9bD{5-nvzIEg^#>>qB7Ckki5~&
zl%xIn&I=Bw%bJ<0qg*U$k(U_DDZ4D_e=MbxYneDYmQrk%CtgLE5WhSI=k3^yXeeAG
z!R<21Nd<0kK|51>gzXg*s(PJOSJf=mlC7f^T5W3Hn0^CNw>u!a1Q`81_i};}rsJbM
zJrKNZOSa6EF+kvcx}>ugJFX=;<ThZ~d$w16S?)2bpl2RT9+%SCbyDLHXyZso54JXQ
zy3Z_~+-t|h`UgURHlv$d+SBr*hw>dErej+ORB_`boGG(%aZmQNn-vZzs@q{|jKNEk
ze55_8LmnSpqu}4s!|9!Wtss0T(kI}}iKuZ&ZoIqu%_ny9w@5T>sBa6XdiN?WC_ssR
z-=J0~xDY}k_yW+W=^3>vzl`Pqwd;p$bzAS$`B<k;lFkPX&N|O3TKld#Z5qro7uVef
zg7mJe9GRnvlMDNUikqbBI;;G%qx4sbd`f|qYO9+2pfCn#t$K_Ia!!oyIpxh=f(4+;
zrud64ksa;f3d-`3+_y!{a}+0+*OBPq***Slu?^qT5Hx%}M%y-A7{*#Y95RjaI@wdl
z=-{+i8;>2SHfi{_p7vQHJ*EPhb{}EAJQ{&0m{14S`XuE`OQY4WFm`cfbQU&vqcWhx
z#lxycJHn`e4xSo~uE!RgxM%9slS~Cxw1iq2xPVBl*X`?0BCmgS?=WL@u3Q&=CWwYa
z+!GJ*@X8+8JK_xU;;FJdk=ul$Q`6^|vE?wFD`)EwrqrknyV;g<$dGc73JixviW<*O
z*Kfd`<m)@qW(wY&(vqz0)l4o=#x~dF5KyeaT#BBf^BR$p-lrIEJuFZVm|>rV+C~v%
z-%5fG5H#D>@5K;}z+>UalWBc(7~cj_MWF|)8&v#II3E|V;}qpYi!FN@ItMvTA*p38
zK5?e<4rzLZb=FUAJ`}zwGbvsZv(C&!t6y>JY?VeJUSvJbmg%k~-?kN|gKH+51PlS$
zXatfiytAj^ZlRuV>mX`DvgEb3Hu0c>ze~3M@0<(Z9tobts@WG3oI)reLl$P1r8KLN
z21Z-1_v}`$Us^->ybG$`>|#jWxmKLt;-G8Ggy9>k$Ie*gQ}5f)9Koh5tYU%s#aRhy
zX%Z0t{TPhRwFKHMahliTTtN82r`zu548kvvaC>GB?;OifUjJbqN%Hj}=x()1c<a@!
zhomsP{E)D{vx`hLX({sc;fYkmWJ^y(@c%v<Sav@uIH;xPYv+-yDG{H=aKkJ_wc6RK
zk=rkyG~aoEAUX8e&R66st^@4Bg2EV6(2=ZTVQt<SVC{60P=kEQhvCPY?Y7uB8TDx!
ze<h-)Yiz2?qD7aixlM8+1+7UQ1MpQoP{d)S;sG{>Ay*4cF1vDR2wDyereFkZ`eit4
z<tK9nfq80ufXwxZCp9M#-UnNAPYpyXv%JhIZKs*E!sT@HRq~Ab8sBUi9X6gphY(g*
zq*|0L`HWg^(tQy2IpE3FJHpZ#Oy=E#6iVa`s{#-w+TAPn(3e>FXI}YAxunSCT2@-C
z9DTXV!;@St+o3V1vx<p%7}oUi<GrKiX$34%PUEUq+5`xm<=zbR^yA0`VOf3XhANfD
zAm*Z={~&FLLMqy_c<#c<G4)f}l9V!slCK8vK};xomEBZ;DyB<Wa6CQ53N9UE`l?`3
zB8gyBi<u(#Zi-es+4Y+%f70P!OUAe1s-IfMG9<hr@MTu>B*O<3*yAqynt&zJeiT<I
zllS{$A|X}Y=zOkc(dz6RaSe;*;tILZ#uZw5m+o>~4}5+Ob1GUFO;($(J6ukzD;ggk
z-I$;GrvI}O#7y&#DQHlc@5g5h6YV(_r<x08tGyU`tNvA)5B4Yt8LAgL=vsev1Pr0d
zYc1N$>O}-B;Jd;W{%c^;I_X~ccJ;WV9jHDop5o3ds`gHH5Sea}rK$W%88e{et-Fz=
zJnQFJOmGB+<c{V{3ff>cWap-oh4lEa!!-d@DRu~+qx!Y46wPXlB9`{*XMq2?Z?{2s
z<g_Qt*06GTp0b`EyNEtrJF=gklGonTk=GW31xRAdiR-U>_g%&A9qwP%MM6%gecd-#
zPv<;SuT*R_>3tYXncvNyJ?mTfp_!kMzi_#Ct7mr1eqL$v0xTxgP%J3A=W8DhLV9dx
z{g@+zk2}=rPvzYI-F&>FB>Le!5uKOswAK1pmGySo4dSNdn}1fh&tSncE@1{n7m^u^
zb@4?IPnE&E&4U-6{@M2<IW4NC18LSR1MG+FHC6|*HkgR&J<S5zri}w$jI0R(`OMWk
zf=qD%k?qz6#JyJRajlrQQgNf_=$6lQ<no1f=jkt+oN}L+xs#*qeS;_=RKmv|&}%2@
z&#x0HZp<Xp1L3G!G<y9)Hz7TOaT-~knvB}DQR_lUtR1~S{Cu*TuhFmlfC34;FB|HV
zaqghh@7?O`-pB$dD}*4rw8hNwn<#Fj*`IKu)~cwc{n`ij!esB0z0tY=+Y#95PHf}Y
zx8a3Qk!8}|f#4+IoLXrZhA)#Z2MJnZfC}fE0O$yj3&1*WKuo`;?0awz;aW))#?tIu
z>aTYdkZw5-poYF?TsJR@ydH@I3Y-&tNp|la4OQ~pyD+Q2gW3vJNKA{_<IEr3Un?l?
z1Xfb(hkFxeC+I*Md(jqN>=cGrdsT(`t;O(NqK*U1SHa8MlHOfsL&_QJH7-{+$@T8o
zv}D#6TrUC8SmMsSoD|E@%oeyp5?>PnoDIB`r}!_t{-fzgZ!*K|DBp&L-!Zd8VCtlK
z!)|WOlFIpeLEp4fpETZVV_FSY6Tk~35AW;4xM!~g!pB*OcOOmd9~^z+P~CEVuZPVX
zW@f8dyaksQk!n!gpYgEzNHn#E4QM>sP=hBsO}*ajwXb?a&;EBUfXQWBUvym~$|+{G
zGHv(ytTBAnO8>0!3>QjNwECk<%LPI4U8hCRqi;_&$KYL%t2pLSRl}lf;H8Uu&>dhB
zXXG~gdH7@*>2rbeOSyc*uzWHMhEALw^Xvzus8PCYj?ajag3uDhh(@Y=)ih6YKphvg
zdk0O`W$rIde5n=osUjZJ@{=xl-ogWDsUwWPyp~HTFyeF7YkV!K49Gi~_nI#EVpdxt
z<x8JqPfyB3m|d6X^vl1O3AYTXrq;;cnSmh`H&vf|hxVKKIl^k|2YKA|36LpkCC&B4
z2<{b*T~49)K1^@@Cp{F7u8xhZaW`VqC<pA03AKn}`whTPTc`WUhe{e1#qxsGc2cdL
z%uQR&JwOs=PTbKl>(mT`Z3@q=XB7KTC)+qeH~n$2`$LtNot_|g+O{h`t|Dn5d`jX&
zN0$j?<@l6xLbMqBk0CX7vvg?^7|a8bzv|D6c9H$PAwSt!t}D2NcAHUJq&x<ywmgSv
zYKI=WKv?Rb0D<~*1uza|rbkG}vuf@78yE@ii_RJt0Q^yRakW@L++0HP%Rr0aw_T4(
zZdoRW8IYswD<4SBERYh|=j*Os(i&b5pen+u2<-};0i~=Swo!Cd<Imv@LFW|%@A0B&
zF6V(8Lt*!PH$1DGT7gt!Kakn)q7`r9r?fr-N`>ptlk|I`oCv-a3~0U2G)WMv(Q^7z
zK%B+=C=vbnR?O-}yR}+G48oY6vdV;T_`qzk+l)nXAaYW)GuiEQI=~^BrXqj&?eFKU
zt6Q(W<3l;(E>_ttT&F)3fg*pORT)0r&dKt9I$284Ib-_$Mp)WA?U-v9l}sL&UNGgq
zb6+{$wA+^O=>>srd+N`Xvfp0moPiFOS}^W<r$l1?5_jq4YzO0Kw=w(l$dv6Qv{21e
zJFi2b{Lq>3L6N>h-cc5wS2h|qG#flGmVHRiM=m&*bZE9VpMw+{$Cp_t-M@fhI}|ys
z7U8y;Pzg5RYpazBFETQC&OvDNOh{-IG^)erMP1)~QOUbiVr9|?JVKRoLQinSp8-p-
zv!?OLlDcGUy!I>SUBQrKa)iS)ypc_zpkgcX{rfBN2+c_}kZ;WNIyvfMD*SEuwMYi8
z_lkB!$l^YA)dJLZFuO0&e^IAnQ@u|86lYg#(sGU$W#lZR<pn}&hFznskx=>Vi~fF)
z=pwffiw4k}l0EhbC4|p`IHn-1woq$iN2!~5t+k!5{y>Gs&B2U#B2G-L>_#k&)*<B%
z%mx6;$a?WuuIZ3*2R3fMASI=B#n-j;mPTY)OnsE@&+^faeax3eM&<T~NvJK*(JXqX
zX?U!2qB86Nltye_^}V6|S(x?lvct4#qs0od-P0DI+zQM>mTV*Gnf7;L(>ZQL0=Kq6
z!j8*Y|HAnX+?5uCYSk4k;WmLpR0)d$%!U~is9aZh^I}!4hK{Y~q)!Tka`4!XI?5@N
zD=w-WTX!lq?Iw6w@@cs2@A6hXmf=EJ&3V7sF~4C`;sX2hWpqW0pLRnlsV1;ytt`+e
z-7WP;d(JdTJ~5q*gNn_1eIO+))!ua@q&0oQWF(`iig@^ou9W8tLfp;obF8fV+*;4s
z<tu`Zgx}mq)r<|O{--zbZ~tO>_cx2uq`SWvre6idM)KB_<UEp0=G$%8$Xz3)H;kTK
zD`$XMKf0iScHz{_bJPJ!__vFMMF!^EWP2D*y#duhtBii)zO}0=m5|5B8rz<@eluPH
z)ZuvBIyfAkRxMp#Z`cQ8k1heSTMZb*<NysKmwkKEE>^~zn>MV?<ou=GSmOc_ynK&^
zyQWH8Te5!;i))v5)=i<q+Lu#VcPNB5Ly}}ma6AM}30=B_D|{1PA=!>*fsG)GA>c&_
zHLIdIH*PF<7`K0XRC&$JhXroyVE8+&_hH`>kS7$|-SNFKd6MdBiw>=4tFB2^vo^M)
z7Vh8xt^9VDv5Mi8>F<_9Zz3juStAhMjXr1KRi8V*t`&8q=}7i8DDr~r94lxPbClhY
z?lnYpHkSd`$v_YZgCCVPopx_Tp}Nx~RSuAB9QvZ^#HhDEv`W+UywIQFj)3!(6CApc
z%!vd3^{YK&Hr})fhz%>I@J{rtcqyZt0t&UH9ij3Sgk)kn>iX`{`2^|+pf8(e>25;)
zC7QYMf!XILFGe$#I^I3iW~>{(7`b3X4rwsU{|bF17+8v<Z=}~8`!4wj6<lxOY{T@T
zK10tlKV(v{?DAf_y33kN7FI8N!k)>))j*EOFnvbg%}mz)LVMb6ie&)Qz7jaN&2&3)
zRF3<{A6p-|N~V_>)4^E_ygZY5?HVAcIw;mQzFik8k1h!xO;}r4KM6#R>Uqy}9}8zZ
zValpWc_YVP?|=h0f<S$3wnF#ihA(i#BQTtNjN#u%Lg+DL?j~H$+oNq!=A%m0O5CUY
zTohV{RT%CYN97y+Jg}LbEw@=lBquI%KE*x(dPeqwMB!)=X0<OjQVUvYCUmTI^+~HZ
zQL3;cUFORfx*ultO811<^808B-p|0qs8U@Oa)mw1+mtFwu(X!Du;%d!!CN0JBjZD7
zgx8ZaVjY(dPhuUkt1Zw|HJ@l(TNpVw_0?Oi|H}9baYK~J-28P-!xL%}AZQif@887H
zzo)&v{eGlb6x!TMEPU`bf!EG(vq%3+nRxmwOq{|)%v}~1l`Hyc-_<4#E7HX`ZY2B3
zE>JZWDn<8aNOhH$yzmPGJo1wFZa~WS>0TD4HcfQyyHt1qd$?p!+cC^S6j`||Rdne#
zDqMDs!}*$Yon+t4l=OnQ`rx7VHY*8(024%~+CKdD`JLL$X?PC&l8A`N>cbqD<;8$?
z6V<vm4o<0KV;YQM6OG=D_CzOb&G%HeOR*PutNMd&G*&v_NvS$6_ecU0`7F@dC2SJY
z)U21vOg;s*iz<n`^~jfaX*az<0#c@jZA~oa%wnIa9_;0j(mU33{uvs`pAcl7yGS7I
z!$J6ohVj7*Pe$c3RNJDo_we%eRAQEf@~~B?7FPU`pPJR2Yi~k*wvDY9H3h{ZU0k`m
z;tL$bv|Z?EmE@N`j!MhlyEgcT<)Ogk1+;Kqx=nohChE>~@7{Ah8P@U}Kkn#;&YRZ<
zmUC<^@YqaTk*Y2#^$3=h>cN_^em{vAB=O$qGSKYsw*F-0m)c(u@7wSGnLIUrVHvUh
zJbA8H_4u@VegFs--4cAiM!J+AL)k2$jZz%#o%mgu<7)-o?ggm{sHusGpL8r-)Gq$%
zw9whtw{68Nw`7a%j5CMg_}tFsG$OR&x9E3}w_QU<$mG?5|2n&-=@ZD}?ftsIam|E_
z!&*uu36X*V&_W1oU|FbL+SAfzqJH<_2)x;Is;>r>Pkz2wQd@<pi0bjwEn<REiTYB=
zd-uc3FF}zSY0;oc1s%mYOaUDY2Rh`)_wCoCMph!L^`VaX>Yn>Q9jaHR8LIW#!1=Dz
z*G4O)Oo(G#SKbkx>zSYllC0?Jk-9>{i5V7Ozx%Jgb^rFGrq5eAAqg|#V5Y>jzDg@o
z+C5)(4pnTq+MQ04aT0pVWJ3Pr`9!;hdsE|<8rAm%ZhcYP%}7pdV+Y(@$WuQa|9h!P
z9L54CV1t-Q#C0;t@V8|$iJTtz9+W!AcvuQEDP2^rE@0>QG3wjCw<$XA=d}1mB=l8C
z_Vg18J2Q>z&wjE6p}!=`!crKeh;PvjAUR_PT*yr=omAqgjoRE=n}wtZ;O!N5XW2Ct
ztl>sQQlTj-jexpy%AR_I*vQy8^S#x{(cXmR9Kl$up2zB=+DAGD0?x1P970lGxA9nw
zd`SZh;)fP3q~F_sU5t;k?`aAI-DQ!(?{5VJP+5-Hk%`R?(QQHQe&0aSxYDC#4eKh_
zn7FmCbz!fOVXXqu{3C>BR%YZx$?jT_veOy;KyjcSq~E4JFH`eMm%sk(u|QP?*~V`k
z?+7wZRFWpPZG=WPd58NbDlMlL_meEmQDc=hf+gyLokCt>)itokt;qb`>LDkn)P@K3
zT!*oPmNQw;BH89k?J8SRG;>C#@_j*iM||%D;?0u!UZk>J)j^;|VNc0;QqXeLtT<WE
z)5B%NcxB@`if01Z9b0_YOKwuz4m|@~iB{Khs4-4YIgo10o)Oo50?}#kjF%>Al#nxa
zIG+D-Qw5ORO6AS1`=v1wx^B>QuHGf_VI(gDT4aj924$xbcQ9eqn+v?<ThTWG4j~6%
za1vYOZRKrq-3kYALhW_GQEhL#*H`4B7J9gsN>oJ5iwpFwJxi&~<<aRt!+33{ex&e-
zsErz;MxM-{Vl|>{(MS2!$(qF=7HG+BH$IttuwK7!Gu@)IJucq#^gg7#L+O(hT1dq~
z*=B>LaF!uS6HYm*$C58+CUigA$*kV-J=K56JN{{qewX>?TXqf&Jw%1oeSdkwo75!A
zPEO1vVF@iU>?KBRG6TsUY22%mgrG03RCq`~zW^u9FYf^9M-{}apnXt~mhY>6@X0~a
z-mypC){J+fV1@Oe#@AeG^KxMGogUk`H5}vGY`U#GSD6beuNEwTeQjm~aDaWH9Z}o!
zRWx8wsGy>@fV~7FEJAs_iMoAj`|{G88n&e?ESZXw0y8zP;hU#?{zp|%p9X>tpBF}V
zbqSMcrj!ilfwgE>+0U7?{Q<3e7s}P==jSD4YLZ_j*e5iDk&EKR@b<VtF>+QNjY`Ak
z(qJ_8<dqXWHmfwFxfS5JuP~GsFFnH``!aHKA5-#J^9=)h&B(UZ_P5jX<=WNOG{T<m
z5vd|<I`NnK%ld>1m?0`398I3cC>lNyQ)G$nC)dBGE<Pay+Gh#)k<sKAtqPg<hGgS5
zXW$VgB(JY5CCaH($&($P@+_v{A9yHSPWwLjp{DeAf8G5to4ygPa@cVFbLJGD35B-R
zbuZ<UB*TJ{u&ET~jddE4qZMPL{q61T=BBS@ni3iFj;=x>TguzlXau6b)R?WU!mfV!
zd38I{J$b|KdA$&SnlqIW?xNs93a|XoGAreh6`H;I!Gf~Qf~w1fldn??cH8!6a&D`u
z1GUIm@^S~p@aQLo_p64Tbc{P%92OvmPz-rbPHv|(;mxW-I+Cq7Op+TwbbkeOHRhS%
zlDcjWpl#zg;>!_Jd%R4L<Hbk?K$(A0D<9s~+vTvTTd?aDI#;dI{~@$*wXnDI-}f|j
zDfYo@;K(pBxZJ_qhD+CX6=BRAJvC^b*;92ej}q$n@N$!OxyPKCwyz&|p-T13-lp6>
zpQAqO{){*&DymL_uhdof;l8nw&C`Yc?nGrikw??d(ZO^z8)FS}tQoG!wNc{7Z&sFj
zsdoDi8&O-oF(z{^>`C_g+X?+|KgI{*4{TpwxxA!|jQg)0-thSa<<+<p`ulh^x28*`
zhNTyP@Ej+u$@q%HNydzoWq#qdg$^F6kn!SEL}-P#hPC}-ry-%?)zqq#R7rJ~hJhF`
znoAfQFE#igmpHP+mBYQb8;}niPM%*OK2ub%=nT8pJhy3qae4$%(RajLb&W-hmj!Bi
zwz#Z)kn`$kOZnL{bpOLCsga;vU*Mv47NgMknoul@qtlAU&NF!IJV{x&6pvl($JJbR
zhn+=66+kE!0PZMztAmq|oB%KOlb-i<IbB8ZRobZ;@+r?5CBysP;e`WP1*3sS@1|mY
zGhggfQYkZ&gEvcrJlEbGN!KGB(cfW?S??LHup-}JU+!SZ-QC%_b$_{RU@81!qZ1PG
zK%TruY#!8+-#wfz7hGOwI10{J%VR=Q)O+l4!QbZ9Y}BL^QF3WiZwMLB-7vR$GGVcI
zf%F9~k1u)JE<csidYE#3gWolh8F*UiHqwd%-y0R(2x{ownk4A#Qf_mbZy(k;nVV9P
z#+IQR{89<twW+eu&OL?hTd(#kq0z<6cdP!#zIH(U>%LaFBjUq!HPM31ZU^P3`>MiU
z-)+{DGjIplXSeO~lV^Xvq$+lOPuZyet7&C;AMWV7Ii<-%CF~h@C`FJzOJ!I0GFiYS
zLSfG@h~?=>_O9B=0q2!sWmI(@Vq72}WouH*2R)m+6R}{X631tb&|v~9J`uOSh4ggU
z>=vndG<MkQ<gc`KAa~zT)?`16SwpV741e(H7$h4GK$WMv*(3r0jeNHIvVgoQg0Wk*
z#0{o8MPW+p)PtC5*%gM~sZrRP3a;2QClfXgeUOSYLO0}Sz;|F`b{pB!>m8uBtbE{2
z|AkQ^$i4OC2r(_V8+zl>P9v&%E40ayz`+PXEtd3H_<@W=`hnXOf-7%<@$)bKiLTwS
zcQZ_vS)!(?q0CECHvb?*JFIo*0CXtd-!7<n-=?@upbor-EvF7B%C^FwDL}G+Y+R8P
zaOqt`5`|&45av7tF*SQw3TzYb*jH{&-(+-TkV}yOX5wKvg-G+XpF?@~#D2bZ{IN2S
z#auE-nUlSgej=uL_4VS_Z6ugJv|7-z=~Rmr*Y77tXW)QcS&UpVJ$M$xcwFAK>00-?
zgIdo6_(@0xukDjDdQYpx9f*kXGjV^`DuzqP@p<1Cs`J!IbL&#l?E@_50V=!lGXCs+
z!k_$3%ReS6Vv2&2Y8~+oOm$^2+^iAXlUU>J(<f{aHNc=J(pGBXs>XVm{oMW4JC?~Z
z+bzT*QP3?Pdzkylp4x=%P6-GK#KJ4jL5Cw2rjdyQ^NvoH?9<cV%N-V8%w@lJBv&S}
z4+dvtL&P~6lnMe-)HV`(479t`DsAL!0|1yK3p6KG2fH&yXtse3QO4F5yJoR&ca!*K
zi=%Rj9WSGP&1b7KC+BO-yrzNHl(tT6U$0!bQ(%yTdhm7yKsXLKo+MRjGf$OQklE-9
zJ@@bTdVx)Jg(1E!xr|LZogBd=@PkdAO|GVsSp8E4xbtD0{&^M_HkHTki*(^H&<$3%
z-fzFmz&}MiVTTxUMMcFh&-#+FU_!LR3~Iv2O6S4x$09kZ&^_b&gWa_+xYfU<K0p@u
zrfr0-X>`hY`^JWom5bXA?QQ%W5|daqsS!h2NV^FAPdZY2%|@@}8-8*zp@+mdg2`MC
zw@6|0S2c4OAd4zn>rvmYJ4`fVKLXl*XZ|BuvPAT(P7`)QCYtGGhlvf{1E}O=M?8+W
zFOiz}L38V^M>6mGbT}8GKcW~Tp9n+wpE6YS!_|^l1%+mf`B+tV=NFtjo>h#3x8zi&
za*nF9T_UX#$mcmuy66YPc|8_3pH<6Qa%curoR@r&9fUbrWHUQZ^4P_qVjf$m(SnVI
z9?-t2AQPISOGT!;5j*Xd1%~4;^w}^sEdCi*J~b%t!T$^@*3*;L!%m<jI8>eIV4^f1
zS+VxsTj7YrTW^+8GAL9x%w1l8c3tH|GKtgT4H1K&EZy}azz(3CGl2YO*W-U!Kifmk
zZL&g4IwXj<^__<-w_z5KL288|HGFanV#`X#<L3t{xe<gHUb%Adg^U~5W?!=p@b-Ag
zD@GRc?4HCW8I8{LChV*?i{oHoYGa%bn}osm$+5|r?r>~J%Adu;v10YTksL6*m`Zw)
zfI8@YMJ8%_F-WIR@+y9i%AmZEuhN@cmfbK>qf!szU7kI^<&Ra8ouT*7NU6+2JZ(l4
zR^)`Q7QLMNvh1o7*BPS4a@-loKn(KMP_KhI==MdAOlP#!*w?fh-zvjHf}d@koy_*V
zGUyJC-ild3?gQ9SBqX-yx>Rw)4#7qBqMlwq?NRF^0I*v!J{_!cCp1c9BX=djVfu(1
zi%x){g}|v}oa84RPzWom@-TtKTv)il2u+^(-Dv%LbU~*OLaZcIc#VOkAJ|{Y;&p8V
z?-R{b&3Z8>i;eq-4MN;Jaw0XyjGsW9U7u7oESmp*6Hd&bO!lBy7ao(Ik+Ede2o&F%
zhs!@L_M}5X;@f(3G`5}@wZ=C8Uh&bBmWoOoXg@^U|5%`2{QU@&!%6^yxFqB|%H_I#
zCq7uy^@jHwgl3sp_k&P68k$G1^iLmOq?1eFx@l{LmT}{2Aoc{KeMiqtE2}4#I>KvL
znLh4w*3Nz`T{_qRVeTunpli~UtS6nh+ay4~5DHUeDc=-?l*T1W`sjFpc3lFOMY?B?
z_s61+n_j>m##b07oC!L;<2t4%DQWU!l%rQfGX6b#(-290kaR9O4h?Mb29gi@GbFZK
z-bJ*c-Hx@k0Jv2q?zJ5of9Z8?qo-!Q*y|1QEPUg4bwc=Iwm#=BE}nw6PMo{DN3(=*
zmx#d?Lc&O_#Y{2YNQE`^xS=m^9q#5m`|J{Y5#W(u5a=FUz6m-FhQj8~#dm7XwlcdM
zIPXK&@nGH27<Q2wety<^tLPat2X!oy$M!aVeFX)Gdt_+Y2l!`{RsodYs&4ZK4hg*8
z!T>L*ef(SQxq8gLpvpoQ!;%Gxj_RS?pUqX#3Nmy5AcWUGyJPBCa(zeYN1odqGq6zO
z@6xIFZ14{xhH@iW`P!?6&a=vV-5lB_((9er&63C4cH3T=XLi5q&+TZ#U3GVi9gM8M
zNbl9Do=&oI&o{^YTax$hKmJ5qn9>DqWF({SRS?z_^GY?ApCsHSZdla(zU${xsZlm&
zKi7Pb?EbysN-(gSC+rRp`~OJ$3aF~Ot!+h+QfW{GDd`rG?(XiAkPzu^DdEs5Al(hp
z4T_{lcL^N2rBnFV(f8JS?|t>V{}>Jjg6y;RT651e<9VK$v{qaYMW7+f3Q%gO<D}b{
zbhx0ESAhP67ni~mQ9mGyvH5;Uag>iQ(5Fxz$)}_{emPTH=K2zs!WIEl50)CVqpaM%
zcC+S3>Vy-n*B~FTanm>W3a5P9O`&|e-f2K$ZXCwVw|8P?56!jSKla=*SQl?unqsGs
zUa|p$&S{2*k00}qxGuMnYT~vQtZF+QZ#`I8V;xB{j&JFDfhb6BG`eXw|H1q5x{Zck
zry!y%eE~|#o7;ER7*k*RLpB<V$%19oPisBDyG~{S(?0y_wws`5MK`c`UDk644|nJN
zjbY9BwJpsp2)a7_M1=_>3)f039F^5>=gDhO8b%%rmT;%Oh2=HzB1!~h>y>Hg`%G-q
z$l~Pv+J3u!)^y$0s!_&^#m&6rL=mjbvF{YZBP1)-Tg4)*Ls<R~wmS{+C#`1ssir~i
zf$K$Cpp;vvIzfjILorq2tRWb~L+AgBAe=^YY!Qi%m6u2(k3~0&QWd(N>WA*U67pb*
zV!y1(CiELidG%ufGnzw?)C}84q8%NlIXv84r8``{cn;=V70XHNJwe?sQcAQFa@(7j
zmO4JqzwrvveafASWHt6>39fLea1p5C=Y#o^`}rwMk-Jq}o?ZS*ugg*6rf5(623}k>
zo+-Wu@}qn}?EhJn)tmrtm1D?~BuIO@K=oBJED=K=8mAWqrWL&$^!A1Fn9lR3bYwhc
zqhuRvP<^n#BT6sK$jfVDZXsGi9d5EzKNaNNsU%Xhuu3VHlopjO*{yV$pms6oJBtk<
zL4F!t{h?6}%`+WcuAxP-tBU3}s$c_5&{BFPFZ`NL2^PA(Z_l2bHb$NxlbJg`#??A`
zrgg-f(`4t)TZQ8F%%gsRrR`)bS<uw^Iwe~v<EU}+yLytk+!epYK?k4zCn(`2h4Wt)
zT!{fE`8|fxcnO74g+J<Qk93g6bBzRJWV3v!o<R8+Lj$8F8Wg-7c65pysLIA{E?U$6
zK5aeAOud6t&OxK?GD_L~`G#H9wQ8kU5R_zKUzSZLV4{5Ez-@jnrEO#cU$(}tr9Abt
zWbq70lt?uBO-Ojy6mDFfE}|`zABI*Jx+m$do8P(5^g6}8oMO-Ls{9a)r8)!%@1eK!
ziOX^I1<|(B%KZS}Dca9Br_3Ix9N}R#TQ333B?Cl_L&A}&;ll~G;62KCKCe&<H~Mne
z_j3PKilXmIA}~CYF9+@M9DC29e_vSUcnX4YlI6@>!x#r5N1Ruq<v6ieK0>%vd94|-
zIt^FpVC06x36Dy@nB(dz>T`HRL@ciG{MJ^VVyzm`W?7Ipw|<B_VSV00DiZYBbL+-L
z*`iiC7wVz9b-J1}Q3X@@bSk>wZCQm9ZA6ueab0r?c((0jy!C=GJ#zxIV0w+B4-9_E
zTrGvNJ(-}e%OFI@`D$_~hC+qwKB|`%Qo7ce?J|As`v#C_U-8qbuFbKWR!!x|Xi*cW
zuDg!bHd^8;0$(kib-+_t5KZuq^`$VqRuwo->h?fUK_5}fLSNMi)r1C@soFH1F-WtC
zQxHX7tyq(~L?&;`vNHAEbeHF1v*_g1v>i7C>WF%tN}fE)!k6_=Dl4rQp~;wWfy%X)
zt^>4vC6skMS!|s#)Feae;U}{I<MPE!rV7lu2M3bLcur{Nd6}*|^{mvGooQ-?ohI#`
zYaUQF!X`gBYH;53v3GePrtSz=fxEKao<}%5rfX|NxOKY+YVNt4!fxZ^sD4%pD~6R+
zB-tjT&J`Z-&Qb0@U@_^7a*&MAYf`htx5b6p6sR3>`05R>`t|JlARH_=2{~TP5ryf4
zJa-7g3XDvJcHYUX%w0D8S&5K~A+W+N$79sxmN<9a=`lC9!NIe5dGPI9J2sW4c$woi
z{@w$#Fz(Xt(NX5HxVy~Mkp4$<WaBY)9Bw+>?P(>xs$a%it~*B>oQT#@iuw*NjsObV
zbn4Jdf>#V2Qls}p$2PY#T^Phl;=W!`oj9yiAl9rxzj*jePY3lYgmJ$qzIc?nXt3nb
z+BN0E;8r$KUo%;-y0?|Qc#yAgc?)hm?9}~aUZ7EE*xBtuUUsh;_o3Zv`mrheU$sGq
zBhHYd?<R<PpY8X2C`G+h;YoDV>mJ<Ih9MMh3i7u0*0yifpcp-^%RrwrF!2%6E=Ko^
z9q0|%TiO{D;?SyMhP}*Q`;t&m>9m_-)KG4nZqOdoMk?u;ZI@;3e(BGf>siS_tLkoo
zEB)$gqeK=zq4{iEaf+KWQrsuf<$Tq`lP*T9G$nI6XLPZKR?*>NJ4(8wsU-ZzIQR#T
zUN}8-3}=BD98)&Paa7rMM`dTFZ5COp0*qd%%+0uGOQ2+eF6j3}QQLWcNn$%6o6orH
zF;`%j+kMo)a6+z?fq2pJ3^w)_T@aPh3VT5eLMhh)3~|^zN2}9PkX$k*f;96}0NSuk
z<jPP&tKC7Bw6y!<S?ywkq`r{YcNU>rY+;>LT4KlApr4Z;W4&u2Kw9BsziX{6I{wLH
zxcvS?oW|G+l^FR~<3X#7V=K<7-kHA0CL_zOrCVQp0e8i2%|n;#X|DT<n|k#t-AcRF
zdnB!mc{~<-@gj*^6fR3$7{RWal%mIyu3x=Uu-CoBLh<S2m|soElN8OpXnGvS-H)`(
zEQ)8a^lo3fq_IR(-{4@ScS+HCcR$?Oa;BELt#W!94Wnq>bm<&lqm*|1Wz+4ZRZ)=S
zH_3gw6lJ$<S=w<E{Yn{9G^<Njy<<_m;X>!OddmH)v^@*wCKA?gP~{ajIt2(gNMkFm
z9tl{WAX(E?a5|)5>H%6uMmgwsq3$i+JP6!vo=#wAt)h{N^OOQ9sfyg}e*7s@iffgn
zpq-O$=4CdG(z<JZbX<*9IbGk@d9-cnwCpZxf$*o5lC(s$M-6u=rXSq>Sr?8X|3F=D
zjw;sFtwceIaa@k%Pe`Q^?<5%L$+vZ(U%r?wutGf0bb;9Vy$V4G<c6FMu9SB0+iw&$
zkg*6qzTVtK%3hj&ZMYvY0QZ-*=Ns@tzBd#(auJU@?F8f1C0YZ+g3_2GWw7#-h<5LC
z+upn>OER4;g?Avn^%O)t8bP6<v3(X>&3P!fh>tk!1MRVt9Cn=PVuph|jyH(ozB+yE
zx1Z)hJ3GUBJV(GG!f7PsZE!iOUhe_kpH5w}{^>YV!QFexANbJxJ+8UFm+i)gpV7|X
zDg1nDMd>sUBEh&89QPV-iwX-50OC#7T8d7`RF#`hJ+hrIm>?P}C@84NO?kWPK776X
zI?b#t08`0UnDqDE7a$3G3?G7mW#bW@_Eh<1*qit1SbtfR0reVwT*~>K*0#^2EM^&}
zR-x!%kL_^hw$`f}8CwV>s{B61H0^&|5PHYw^#}->j_I=0u&=Hr@F(k82w#M!rXRV5
zDLrE(3K&a{j~5rQby3=7)6E&E+Fb97<yu-;SdiCy3U?Ehr;4ZW@A87?Mw}iq+tLZc
zRcd(u;>BS%7UkM-Kkul_1M{6gL=Y}BP(D|VU)$$rBL3Bl|EM)xhW}AT4TG3xkWxRj
z2hD@M&*Fq|py8f1uIm<xf=eg<_3PIaiJiF?Mnx_nY@aq(fI)s{*VMr09FHy*j>$u>
z&e7_J@FWIZ4l>#3-;fbUrZaH+htYgMhJyuUtd^H|aHtjAGR8rp(G<W@Ds7jY+QNdU
z!2Oy@rGZHOu;ZbXWSKR1@pHD9;_v>#;(qS6JraMsDJDfpXc)lM;R?p*Rfx$i8^8gc
zXD*;d41#vo+ERBk!z02^-apG~{2N%$(>(w_aalN5E;R?V4sx%u;&1-ehrvFQco_XP
z)8J$25ZwGEynq0q_;@o%1~`NtyYu&&!Eb)i6#-8yT_pSn+LG6$f{lxNTi@W#Og0kA
zZ{N&6BT;_b*j^cv%^tKJox=ECaxnj2Lsot+;J^R<<T3D8GOcam3-Psw(^e$XUm_Z?
z1^!sRpNsh0e;eV$p;M?vjnmK=;Cy6e9)6_-kMftN=YMO@MkpYIjkc8z3DcC(*Vng}
z{*w0)$L4>$se9n2-huQ{SWHpfl*$j1U^q=G`HM2pf8J8>5Xld-{*YK--{ovbkhTbT
zSHaqkga+0A`?~(lcb*{Lbi$*!jhLv&Ay&?Wk)OoUnIjSd-jM&{&x5!devlmHzQIV0
zN@r#QES4Qv5u^X%I^b6le88nBI@{LrkWlXG_$l`#7>tv4JtdisZJ{`e@$}_BcuRt|
z%Wd|AlH%r{-URP2lEix-WnAqS@3#|OhhdgnMQg-){{l_L|A8F58GeQtGvajz{LU*;
zYRb3|+EyWWT{Tl5=*scwZvFWc8G6e<lLEo^Iv%e~#;*8<UGU!~{o$=YevF~I(jp_k
z`t&LCGsi6p8Na9$cv~LYEg?H>iGFk@wm*AMBTYDnQ~&TbU%k=PDF*wWfBdJ)eOAmr
zno}97O3v!{!4YXMl<qYKz+whtwPETA|9S=fbKqN;J!%bA|I!$}LxgU$3M<j9Rt-jC
zuk^LHg;bDZNQe?gRE(I%)a(p|praW4*<8J)#pXMz2klqe&=MFd;qUyyph_qrxa1zG
zp(RjvD1|{HF=)-e;OU*s_;~6PTpwvAxMu%N#hoC+ZrU_%m-8i=;X39A|N1C5kc^(e
zg+s061;6OmJABg$YIsjy;UDh&3ztN!f>c|<6zN?82}&CnkUznpsNcLT9;=3R`+xGV
zY!t7R`^1;&YWVyhmhN~ThJNw!|Ljly{`CicV2e+Yu_l?B>FDl+K^SJV?*DHt`omr1
z+6JaFTWcorpz91$Re|`mHy1=wxBv9Y{N6vUnSq=3B_9OsezU<05o>Aty{lI1|Ly&@
z6oq-Qj~`*)f;9F33d>MtUtJs4{co3Jpa8FzaO`IePFq$*js|BdefGaJ=>Ph_Y>#0V
za+E$qzZMZI&H)y|PEo&Le&c^#G7^|~rRi*A1rHfTE=4SDzwotH{(pN&OL5qmeP(8U
zVvFM+;1Ao&(wlS-{_L23$LsU|G_h>kFav!9SPT3A%f$HOPu1f=Wz_N%?nBi7V(>TM
zwWV&fwn<`|+AG8R`@d;r9;}*1&HTfuzBYvS@d@gBgU6WSRCG%d_TASwH)q6(Ue8ni
z*$4c|A^!Yl78z_8RPWu(5#F1_Cy^GWS+$=DjK}}6avz$I`Q-tZj;IjvrW*POk2V}^
z=G(t@+1fY%9>nTY6f^xTIb#>Q;X}IWoX!fObw#+^@W(HF@PErH#TjAYf*-^@Gt+c1
z!ylB>#zos2e;Un>47lh?^OZUeQmxO89kP<NK<3}uan_$sB~yfEwH+2T)EjH*WB+kK
z)?qi`Mf&yx&CzdoXTe(&NqmN9{VgMn(EYc7($zxv3+fMVKmQe;n96o{GknzdH7(LS
zFBB!{{=c20|MBLv!Fkix+1l0~j3*So_71Sue*QOXZ~aeidIA8HLRp1<1O0WHI3h{`
z_)!vRgu)J)!=>Hu@Y%j%L@E(Z*N&9#qes{euV2f~G|O<6%w-jq)vW0oWGI;n8UEHT
zbiMkyU}XM=&>^c9e<tP%i|1`Wp6o&L2LPsi5eU?GR7KHPbryT5d@}6)Uw6+2@vCCd
z*I3Sq>b3+1j;=cr4qxypa#>k!sAnMIe2$!D@GU%9G@b0Ws}w=Pu29@NK2FaN2^#2D
zqO2Gye~<e+H|7gl@yFdFB1NR^6!<g3Yqw#Gt&z<CyxCp3LR6+eH<J?qhe7bl<p2nW
zhp+9&(%Q>hT3vg4z?#za049uyy-qEC=Ws8lCI~Nmp1ZDVu9H^cRiAQO2j#$3VvX7Q
z`hmR;yH{O(t)~3a^0El1YG#9qY-Eeq>pN`Ep1lFnV;F<bt<I5=k#VI!Hz`ZCST`4R
z#S}q_<Zw0hAr&VljRaS)?D}b&5c_)s92)VPS1#St)Aklb+~R5R6A$h8hF(Zk+8Wwb
zdvG%JTI9&~yZIK9R8Z|5je|6xt7{a>`j!_etTrb`u)IWq->i^zgOyP=p1a-r;4;~*
za(iEelUO%=d=a|536PBeG=byhzJdsO*0OvYhu6ss!omI8Sz=+bG2YY5eaQj57w$+n
zZW;H1ZjYaA3U}l}MzL-ar^EJnN{IPF>sckxPq>3e2KO`H{c{-eFDHc>2GX57S;yOR
z8K6g<(89vT`OItFbN<6k&1QFMP|lcL&<6)M2Zbm&I^Mr$VyED2v>QN&xtW>Q{IAg~
zt1O4#;<I_aQLi;FZQ~2fE!L_Y2*T+B7^K9NoON<u0|n^#D2=>q>8llW?Y()~R-tpF
zev-IgEFF3(*Mr_;09i+!B?k~Xe4FIAT1n<)C3c|NO}}vu>Ek*;QP{8c5eA=!e9N+y
z7obrmZn30_E7i_M#beY;va4<qG2xcLfm?U5vOY4X%n)XEbcJB)cn~RUO6*LOnUc5`
ztD}>1y9*EI_6?=tF%FW^+Pug26=}WepI0lh4vmrFHnuT{N2fH7iK5kd<|>($QGyd6
z5VX=oBE0?8mY(i?BVE#?8od^QL_<r(B=pt73>@+l4!1X=?#v<3#l_L}J9bI<PeS1i
z5_S^DOLekgRZ6BZ67*l2yfyhvT=K97EMd0GpSM5juODw~JvHhwxfhH@0$c17NLbeU
z0eK`Wo%)B&_hFvf$N&zs-Le3SJ~CDB-uk;5P_~;o>X+qo-J+VUwejWV=BC!Wx;zvf
z%ov$pzpY%Q>99~4CzBMMU1!&l4x24Bnj3eTCpU?CXz%I8>3PBM-TjJm7T401n!3)9
zcCJUnC(piwpz`b`T`#*U4f!YX_05+8gO%$neu>YCLkT#1!U#C%Rsqq7`z{f$U@eMn
zZZpwwSs;lplIlM4$Iq2!B#P=&4Ng`lNL^xheW|&~Se?VMv~LCZg8SCLJ+4)B*~cx3
z5DQC2mrXt~0uyge73!X3uX$Vh&Uk&OG{$*Xv8~b)Vr#T8oGFIJk|jPul?mpa-49hO
zO~oWH_btM-D(qY*k+nba5Vq<ab6`DK%DRgE9QZv!{NUcB^zW_YgOQ57R*yDR>U^*%
zW%-=BXNNg2kRpwO)7%eV4ibO16dOpP!o_pldivd!T$Ev0Glt!A>pq}jm9fuZ;F^uz
zZf&b14R!gCp8KD_Ih4p>s_T*G`8`+UcD|R{N1rontjt~8wKb==H*b266i>S;H@V)O
zDu2P!`;PTfI(hw%Q1$&1Hcnko>!(j7()Om~X&66t)CP{R`IHpQ!IMC-aC~*0__kPG
zGET%*+l@R`{N#&O8|XO3nQ`IKYl?%B(P0E0WHoHnk#;QRDmgbuD3Ux**=HrwsT6us
zwL-=#+|7b87LUHx$*D9ft-Tb8q~EFD_|*EgYxDa~gH_Md*~^bF=RbT@24H;><wgM@
z3zlIh81qg+@~9vOjj7>erv|B8<p|d|=Kzb`-5|GaPtWVcfl$S>FRn)$!?zYDs+9sE
zEHBHd@K|0pj@g)rKq`#;vv`~MVq}cJB*`|p9=|Qkt;D6QKj$@QGHzPEf;Kx#1$z54
zL~>I{a{DV~gp2oWk@-~~dpJVy@$O|fwsPzhSd(5lpOCnketMx`rK>i!e6W|{y)31G
zOv1ftOLdI<-R=mVu*oLcV38<Lg<SD<DI*Ys3Ep|^I<Pw~4V5~YS~~3AiirmthDL@g
zTVoVh1?;c??C|qHI6J&p6RP*ze%DLRb&&ibZ9o{b8A{CIjm+WxwPavnfi*sc2oI0c
zFi_TN@rA7W12Wp9z`F#r$sJ?G7czlp(w1}*`1nNweS{bo0xehP!5<?B=nFCPlydL!
zTx{7XE7#8B(5OeaSD3`@IIERvr?)(_%wjdqsMr{?C@BQZwnM;Sl_*mM2&h-pJv5XP
z)Ma`tSGF8;5c?Ls%hM($DMM94PWzZf3Y6TYkG_1d-{)Lb>2o_I%oekc3VKL7b}Q`r
zq}FSFY2)IA8mk<fBm>IVcEQ#cqsdoq6#GL6l2TKN03tH30GUl%R*Lf?QKL<8G(=vT
zoWGJ)R#cs=GYyA#@4%e&`^NZUOO))}OYPG4cI&PF`u2P~k30sxdo)oz$mko>{eu3H
z9LukY%4T|u9+z~hUhw|AM?Vg-sE^ODE72dEQ}B}Vxr$G|Lb`WW@y%qkP<|oF^Xb6=
z^3-ERKoikdfQsAbp?y2b={bR#CRppg5XjK2+g=c{Nts-t-Zp1p3B)`a^X2@t)9fmM
zC-}}VH0T%<U9k=PBnb7xLeS@OTbUKMGnIL8u?<T7QSr#R#I&^uEGE7Mh!=9uPgaLL
z1AByvD+yeeeI@Nw-A!-V<geLp0pz;W8lhZeg4tq!soQ=d#(a2U>K!B5h||_-HTsl8
z1jB29fa^gb$=1Ac^XjJH;ZuPeE8XT-`NJ8)IO+#0^lPDPQ^T`vPE-MUvKoNhl#%IW
zUzOH1hDfS)1W+bnF~h?EWa*#cR+5jMSfXAQ;(57;_+2DRznESiy>MgLn)+F8IWF&P
zgImDoxKgU&HraPi2XlP0Yr@g!wb5w^u^JpVU)fzA^6Hy2<~V70_m)yhF7b|SN}$<f
z6z-B$s~chYv`*c0$yeonM3cysYoEJZy+z@6I7T={4gZGAz)~Dh`09adi5Oa!SRnS%
zXO>phvSMqQ8AsMPIgfaX#~+VwuzMWD#r8<%wi&Wn4QofjU6ojSjnJZ#Zzu>5{yJSS
zl7<_bo1F{-8&c5nV?$t3f{4878fliT>O*SQa7~+eZ(qc<t#uaL`d7NT%4yGU(x|81
zz@d_t4-z<S17N*1^T_%=fJdOdC&k6)2chmr$i97gINYBHVq#kvG$P(C5bg~DTx@%D
zgHWSYfoicNhuu4PW6<x+0-}9Vl<jl~A3F?YB;qHEr!R(>?N-CKv7a~u-6efH3c&So
z2Gl)MS^dP)(w~L37Js}P!qpoV$XF^NrA=enfiiP3yD}}`k5T;t0#M6Jng_&>BziLo
z;RCBXBzh+ZA53e;bWt1Zf_gmx9bXpUC@W~sc)a8FpaER^k-FjOX)R6)UUY^pIt|U6
zT>!Y)F{UdW_naVU<SkWX!)7sMaXX}>IeblDU%;RfDv}qG8vfPHZZ_L(?{ItlKryWg
z+C~tLN#zC=I&e867H6-xm#-1aFxw<Yw9AoIFuXKTZSDC|CnL{ZGO5ypNEl)!NErPe
zv%!D)CMeDiT<pkNsftbKH}_QsFkys2Y<HLXqQ$n;mHA$_d;g8Xl29QLP0_aFaCWd7
zw+ciw#guZSWrzAEQMPB$DLADVH><5?YMJj6u#2OF8HmvAF-4Bga`rmO%cFZ-+IWFc
zNagTl`k!vUW72mY^Uu&oXh6ccb?a8Uhw(f6_KT%qZ~L>M7k3e+(MY5#dpi<XN^r3!
z&-slCc{%h+OS5;B9P-`5Q<fIDg|4qI(0Y?Ngo2inG;#~4rZBPV3%;t@;6D(Pi*eq3
zOI=kI5J1^9zRmOU@=L{j6{pizf~m?q#$dC?HZ($9dK5||Ec*9ZrxL-q^!YjsY~&{z
z6(*RuR%5tYrS!$@Hp`!JDvf0-s}rS&8qRq$?)E9wqE<8F3ik$K$Bg3b%w)>Ml?<eV
z2%d*QcMReDTpr=NaU@OtW<p8=Z3~}Q!rRn3DxH9%BrJ~#m%%nyR%(U?5{JpXR02x+
zt0he8{#+gnNV(gK%=~LYX`AyEJQVl=y>ZKd?_%qe6SAn5@xPHCKDo7u`DNvAS^zh-
z=4LfIcTBkeQSlhSCW{CNq#@82)>h`o-f(Ujwc^OU=k=eMd7iyiB`}qW@7k&Z5#VB;
zd^$16gi6r;J?IFxib|yhGvwsAr>gSo*PpZwG9bcQlUD$D0;B0UC~@RSlJ&N>rFx!2
z0H076OfMh<;#bU991167Wn?K1U?HD@{*RP<nRLCu=hv@qEaV)$**XSb;2|L9TO1IP
zQ4J;z$%8ftwE#OuGWPmw7}^5L7U}^4cFl4li6~F)k3Q^V9?1)tP-kLA3<mAm*Dpu%
z1i;LOOaLJn5?HXTvtL)7op|E5e7Me%r<|{dO++LI8sC|q7mjy(>2qu_g-nvLNUF2o
zPB(Db5~PyQrnU>ePQ!rq_;~d)BClM4EL=AzH`dJ($0*RdHltB1Ny26(;B{9Idc4i?
zrrPzp0}TVnL)c2iZCs_Y*my+E$4f?&!)cR4nK|?`SlqrC%RiWJJLqo_hqa4gga#Jl
zS_Xf2S9%MxrVZPTy^DJdPyIf|_Vnz1oq9Kt&p?h<rzvl=c`LHmRm>04*bJigVKL};
zD!H9T=p)Z43b`bH<}zk#jr#QF5=`PL{7!j!hBYI(m^{K11Y5coDQv6HJ!*8>L|)EG
zx?G9q+Wv1Ca^NGQs-@y&rz{_AlodC{r~8b+vsg^o@9|>syJiSm8e8#5COI#P-Z|R7
zNH<m<=Y@s94`;R7QKb~1LS?I}M0_$2{hgCfQg!#xNju*7qbNR%%t#pKtzfrVUq@~0
zgIt9}yOoCJkg;}A^r3EMRMM}a`cuEsstF>|S`CGGARfIH2+OhZWYE)PR+V_?wS@iM
zlU~({PTA)-8dO<?H{IrD%`&YklQ$M$T^tT%=c}`{GP6&_eCD8e$?A_9{S-9q=L=vE
zK6!QP_C9fK&+p54?>H?A+>5R%0b^*YW|tq#zm!+mKNYX7dS7b_w4HE|rs`TQED?AP
zzOX2s=2^5sD}kV63eZ4IE6!PJ(;%06i*1mTP~Lxua6nD-WGKTc{1ML@&?O~tv>kdo
zoGTZsUW1I6;i$MYR&DWc+w5$@RL|rrkJYwb+VLs0GP}S!1Xga5tN0Rm@*z#Yci9z|
z{wF+}`3l7*vjl3b_UC7-slB}bY(v?eKXwtRBxF}V2%IH_#C1`J;R@Ytpdhl-W+q;>
zyfw-46yU}m8%%?0g2HN_PTM1fEDHvrRLqQVppS^8pOyWbhMc+lMyAVwF|Hj)Lnj@l
z$$QGJcN$IS(NEpRq^BBRDBTY3JF|wB$McJoOsCJ&mhzY)OW|8qZr>r0_V+~@J~CG`
zyYwr~em{FwXw(?+BYp@KGj7by1Uc`gV8$k4!Z}y5`dQfPUFm+NNR6%3D%^bHxN{ly
zGG(RH04jz=C%ky#(qv%HSWtaQcKdBpa@n9>l~kc21e3hYl{<@A&8lx{OsQO0;>?`b
z(@U~AO0!j1c5bFcP{Q?;D$;nHPdLCTo`5@AOYE%CB~Q&7;q%J6Kr~u%j9Ib=5l@yj
z1bL-Iq|IcaKcz@8*K#hq|BB0?L~a|=_j6nt<*n~#lY`Nf8l5B)3JRp9tL;ACBk8Xs
zrW|<QQV_^CZ6;1hGx7dLz<~qT?ctO=wr<Lm`7{30eMm@MQ3D#*j*2vos-XOCVGtTW
zfcQtx9poV<Ku5g$D67C9RZ-1A0lQ)7ef+mZYpxJH2EQ%#&OS$N$E^tg7{+%eGdXb<
zd2%o;c?~!z{^sUp<yvcfY81nps`mESy{UY2Giu0Phiw`&T`5d9A6|PO0$sH3GNYo^
z{^3sn$U~5U{{C=wkM}JtEhS8Yrg~)VBlsE<-9Gnl6?6ezatB2f(a#WCq*3vOyZrMl
z$1Xz!D!p-D57%ggkHVm=mZwrUzU(P2?o50<A`%oF9PJi#@*oa?-v=W|QnhO7XjZ-?
zp4<+`)bO+A;|&YqQTWmrH)*pMEhh~p`6w8H6bJ@KGXP;QJ<6*&tk&MhS+2TQljW0w
zNr^-Ei%*&(c_?o6q<M9Or&5)uVc>I{-q5LaCh-+rcUA{QSbzX6g=^_|KOF2-P8TGv
zw_V2cxH>bzEw$(@jVXKk(}}4oceruTN-DDe5PB-_X<Dv(%T%KoS#QEcD0jP{k|(3v
z$!v|v@KZhjD%EMMK@>+E+n&CbebUl|cIL3bP5w3dJg6U$d8AZtgX0bbG7SRG@mREv
ze)7gUK#_LjPEs!>#o0edk8P#iliR!6kv7w251c|?ZIe2In$4&93eKDc!cDO5dHHgy
zWieGTsDxDO)QKvECp#FgVOJ$97Q=xmWU}b@ia3V31{3DDEE&SM8o1c0F9Jr3Bv(aT
zH@)3-HiyhH)KOBEOLdd$9a+E6n}H(Pz8D!b0p{$li~GbvnAV34T%&!HBI*y}CpXaa
zGrB>?!XW!g8mfLqaWb^kwU~VX;9_e_n==Yj+TxN0zl=9sTs*;)CFFA1H=?FnI_v=`
zzbqa%X)_Ux_%4IU=aIRIBFI1<76-1FzC6{@vgCQ$tl!>Zc3N<%-4yg|(}lP`UT*k`
zy)R911!jasa78T<p4Jbx=0I0urf`8N5yu$djP#m$)S)$0?nR<Dte6pEg&wnh7AuZ4
z)c?2ww{Y2ImS16e1}KV<WJC@G+kku9cj;qAd=@+9B7jSS$YJ%R&;>2GuE+9$gcWMu
z{o-tY8ERai&bz`l_Qj+xNnmRRK!X{)uFlY1mOOwWC~<;fVt>=om=@HF@QkE4;UH9G
z!}#lUKNum54U}cML^*BiNkzB6vekDQeRy!#KT~(m-Om_M+i#!grb-%m2fuvwJ&471
z^hrONknD9aiVb5yt2keL7Cv81_1e<KQcI~Mr?OXRqBWGUq=Wf3%h=B<c~&jqOPfw7
zJ6`Q3KI>1Nc6{vdD5_tb)jP{sQ7*=l41LlH#u^Q9-$dJ%j9FV>mjLBMY`&QH_Rm!}
z`%J~OHYIx4m4xEe)oM|Wv37j${MIaIcCKILSXEcaUft~dTfVANi)@Ki;=|z|&)8s%
zKa!GYKYxF_5#+o~45fO?4Jc=>FEYKguG87~3?HZ@;gH+%5%s@%n(s+p&p4#uB=gCB
zgvMAbTuCTL;d%3AIY-0n@kL%~rq1BKA03&$_d);D7f*0*inTN-Z71m@9XTacp974e
zt+X~4jzD^Py7=-d^UT_EUD|v0!tw0lS(D554O`ZyD~VQJ@-g3n{N1+#Pv^X@HT*y>
z0S+joote6IfF8ze{lK{FvOUAC3+fANfGCUWq36CwP9px)L!p~G8Gumf`)O|`s3v7^
zcR>Z4l>6u;%?HxFu^~1^0Mb9?m<b{q$l=GuZ0kYIc+<*K1>TpT1oJ?3WDRJhsJFet
zNd;uiNWdKy26mF3!sB*d)8P8*Rvx$o#iDPcYKx}BIay|}g@is)d0k!N!fB;Q_i&Sv
z3g+02-QH_OWkjhd@+_C6<-Y{tMt-N?5G2LL(FJEb?EzrYt_G;x3~!R&<qXc6$c_xA
zH5l3P$aMQcV07Dk9z{Pxj)9RzwUlc4-e-C>=S?U*XN5{_-B(Y#bMeA#03<qZ6-Gmo
zJKyh#R4!09LrHi7alEQvDP~}-lYDJzo>ZwRE-3<`=>tggLE=bVF1eIO`>j)E8l`&a
zdQ>cqXSfvQ{E=Q%`t-8OMEg}lQ&qs3JT3=)66~g<EQc+i`M0H04bR%OD_7{J1-(r<
zi#d9pictcw@HdC%6qY?bSfk#Tbr*Jd#FJ(s;_=W?snIR<e3#>~l2ajXzK1rz$xQk)
zm0iCjJmlY!V-OXF%=EJ*;>i@LMMM3V%253vA@B&lwwR&V*O_y(98<FN9h1i}oLt2W
zSKYyqf*aK+NV?Miv+U~o1?r%hQoYmlqbl=h)ebfr=;H$QGScnY2C>>fkDP}G@yv!0
zrD{SxPi;;jTe9sLAisi{Z{4|ZoD9=m`Pcx{UU7|kNd41FUP;B@$9xj|`7J#yf&oy=
z8FysnTZw6er3lc!8_50OXQ4T)&lu^jxaC6t6i|T3bD~qe4T}=;T|J$2@*&9O|4E`I
z2m*<;GfO}t<n+7xexetApPk-LU7fwmZVcEf=*Ii+yAS8ctS^SkT&x2PokKuW901C(
zsUmvYSZZx~vlpT#@y~KXj@h&GlQd$~t7Mp5&VcvQ6r2&7YH;;>2dkySd=2Vrj#0~_
z4OXN2SpiZ6_TZl3f(clP$y+=IP_5Q9dd;NCps3%0954<P6Yx_w^W@R*KDtE4p;8wQ
zi~O3OG%ENCf>q2{X<`h5mr+-qm*34?r0?oOmo{*yyZYlg0%JPy?$)p0hA4Lm2^TB|
zpFs1jcYK$~wIeoH_cBjt-(v0VKEk&B2EScvLrbqP*jBKdA82i(oSzgLgvntV`#AyO
zEfK2s3sHLU<s^mDJJ4UYZLC>g9>cCOIS6Ek01oRYeFqiQ*DzyBJl|y`=oTRc1z<6~
zfu&o3^PdKIb8>I00pXJxOhfsW-WyZs36+`$K>~n1jIYf)admr6)sc~r2^T;S>ZJ(T
zED2PKHDyo^)YCdekh?0ObQUIBt-`pm%RO=7&n#!ew{mjT)Sq_<vY2-YXL^M0OIU`w
zmYE#aV~{mx!A9Yw&x5%X7N#7*xc-WOdL{h%TklijFZXAeEBgWrJ3^l2;;DV9Q>rj7
zT|W*D35lXMEGEP;>3t^yI-_hS5E!a89E?81qptO0&LvsBT@t9!a1y%1Z1?`bx0|^t
zrMllG-tm}ISbU8dIeJnT(Zj9hvmbXaE53r+{?(?<WTSM`5cW6W8#+9m$zk6eY3fL{
zT_3f!jbKsShKC<|ebYBkDQm9L#g{@ZMVt;@wg*acGo#pM=q3GS{o=`HL_~y<2!!<|
zH#Pj^tt|QJ$kWr5(fnxY<tDOirHarLc7=;{o{C`1gk(pa{O+Nz6Tl-V_xX%bhi|v*
zd&qL26exG5WC)lh7c9m0Mvo=c@%QxWRPRJ>^dmwJN92N@j`oD5Wa%;J<+4YHB?R-}
zDd|Oea>j`ZS?J(n(}-{Pyv@=fl{tcsEW!T`Kfq7yfy{nBo1D2l@-oR{7Y3gF_>t6H
zlN5APF>{R2DGEGd3dDW{CmEP}+jBMHx4oXIcT@uzlo%Eh*#KxGnDhx#LU~n~>~^;Q
zqS6TBSpWqzE&+#)k#vBYR;aPmd7(#6JRDR}d2<4jf<dp@2OJF|0C}28twdqo5KnZn
zGaH}_CR#jh{hKkYysj9yB|F`_-k`BG1!y8|7wwZ7&ezA&R)X3rA~jsWL>lnju-Pbw
zfbG%M8OBsYF1_S23ZTXXdM&(X=jWgIMu4Qy{YYF_l489UUDY~HQPz}q{a+O>@GHj|
zn)-RJFM|c!W?&gRjZz8cL%GnJ!YHeIjP(!g!W%0tx^~cZI+en1@C7v_@?SGdZf-?T
zzeLkF*g(PxMrQuTPa=8e&X=D}s%VOV*q%5=`{EG$>K~y;WV~X79EdvB7O!q~cXl40
z+Zyp&yfYG;$~AsyZeuXlOw_%eBZC^bleiU<I61^-?!s{qj&7l+#?wdFDoliirg^HY
za=yMruIaj?_%6p<wJ5b`Rc<$yR^T8!DQm8DHewX!^vmRygOoq=h2P)AE^fgs%=v)v
zYp2gooQ(9xW<N=?0MGMYxW-W?iwRo`zEij=Qt==U2ay7(q>bcZz=R0u$t)(`ds9f?
zXB5(U{~XMiR1Q48s)-vb(J*A2sjX$7s<X>|1yUb>eLD1ETAFQ`%!MCUv;=z^ywQwq
z|6~{;?xa~{&(9QFkyq6${rYT`2p>oW6jfZY*ssZh$(5d%`Wb`Gq9C=N!qn63OvXt8
z3C#}?kT}>-7yxrLa?$|dA$OITp(J%P7`t-57(VBJkYmONT>jis+bjupQyy`k=9U#0
zvB`%4H|-&4+S87)Qtbz^y|EWC%mbp%*EE6lLrKs^z(?Fy7Hqu*RbET#n;B&;*h})b
zTM*9zWoBZM4-Ci!*#GdgXgS28WvOGrA{tg&vB^fB^|lU{!+BZm(KU5{ZodiP(r@M)
zb5_@6sY%Vs<qKGc^PX^o=hO~_#{kCE#8d`YZHoLWt8u>f9?dZNcY!&zgAGghx~o5Y
zgrdhyOHOaqq%J{W2KWB%tqft^fQoCR1>O<{;02^ZmHX=aGM&znCf8FF*X^#K?@YE|
zna40P!a9z+w=*-^%3TiRTWD|~v&0uWocuNIXgu=&+*|x_Uk}CoaoQJy(;n0V@7#L^
zYkdTz{lL5wgvPuBuQ(HjzJYj`GL2R>UD*fV`4x=47nZt}@_?EfEUF^GT;H~?ovPEg
z-vP(G8O3I$d%lv$K^m)LIaTjK8~TVx@|ixf0MG|mHpIPOJ|M64)p=1S^2t!l6HQv_
zBqmQd70j_Du(=sPMfh{f$0<)R1S9TXxj&T;0?T<b-3c(d%?$fd!V|7R)bDqpK@96k
z1ImDuTB&YTU8Rklhlom{a_o3e=_)u!MDW#yJx4fSX`+3An+D@iD7sl4{akEYg*WR!
zPgb<F<*TM@sdk;>#K$-F+@e*+CVIYOWyY1Ov-M4KfZ<KBJyVt}n6uHKR}fEIQ@~$`
zvO-*4AJh`Z&)Z7Rywi7!vuP2#UH3_y+!@|ysdn=?;<==+*o@j(P2U^+oFms(&Zh0>
zFUVfzDRT(MuK@;2G=+?RrZFBh@pPpNR&OesSR)&`jM+OHJS7u(EgwO((M@Rx4IYL(
zRCwDuVUk**_|v49U!G?Pcg`E8GN(z*5#koUVouL@&$Mezsb)-25EZ6}+RcVX)!(@s
z#-uYVRzxc(7~ErI#FsCAf^&F~9jLTwI*KrznySd+8FKd*jZ0Wt^SQ)_!QCAKi(FBs
zY8ZQ6g=TfFYgBx>=$XPxB2f7Nxgi+pK7csOmo^Uuvao}sjWU$zx{Bjz@wb<KNgS1q
z#o6Wtk)$G~FkJ}vYM=`NDn+)FYFuo&J1?BLmUHrM?=q}dfUwKG-l*HaZVt452M5wA
zIzJt4jw7d!FIIj@Qgj+>lTbc{P#W<SGnL6CJ{!pnrY1ZDy);m@8+=LQvNc{q)btG+
zyuSws?)iY*uyP=Jfxo;MDBee)jqCdDBO*^8Xnop>Afgdwtq<o6<||3~-)dy5C2W9h
z11X5Dvi=vTeaQ`ho5r>ZcTmwXW9K|f1ad)VrB&vDHo;SSv$Z>vK)-}int=T|acrr)
zH<&*nrsv7gYQT$I2dX#XD0#{#Hfo)w_Td`v?{22TpCS&73rc?pbMA?w&nEJ`{AwKY
zXp%c$eVZ7iKvg{Gu0~Al#f29&NuOfT%JQbjXyRxDR9HVr9PdOsgN2Jh5&B8&S*K$=
zGJs-`NiU6aq4p=TvNSOYL-d{$={9}FiK7xRto@N$U?T+dbz=?$VO980MdEF3@d-xx
z8>I=nM8ev<eXi89PrlZg?Do|1#H;OIZ69`XfV*lF3Qpg;m=aoQhQ&CGYQbVmAZCLa
zjogd<r3|H--66b-FvZ5`S4j(j)qmaC{`u1|ELf2O^n4PMVUfV!0iU=Jw1pPp^PVZb
zgjL9J2`s0pRb=D9=})6tbRPi$CkNnuFoM6=zIU4iQkjByjJ%Hd`f8shD_YXIUG@in
zit}0kQFE?%BxeHQE>MRO2hb@Xe=u`>eYI->dSRS=kGE$oFF~DMG4iv8kB?6tAg02a
z+X~Mj4R$Zj4n{yJWJVe{#jY=@?g@iq_tg6ZH0VeZ0t$8-&{xywD47D}Y;86%b|#uZ
z==yN(dROEpQU^oQSUQcU&#|;7vWuql(od(xsffgcZC{3Jtas%{h=rU+siXIh1LPKv
z>U&%=j8S)8+pPadbf_sB;dWzxM;M`@Z0DCoSXk-q{%!uIh?v+Qpq5h2VkbT|BTafb
zM~;hXTi;jOawQp7e9F<PEf>%3eu{SpG(si3;dj5MdR<BEXgFTD9mT4B$@ps3oFD_z
z?52?3SZ4fL!<VxU&eVZ^&_dFr-ka0epk>E)$V}enO&lr{ZvuOxPYU(68$mlmC^1z0
z%PG`SP9-zh*Q99c)iw^~pvj3x;d*h36zPsupjGpzEZ$?m=j?D*@1eFw{+&=0DfzVm
zS0RD)XeD^{q^=iW&W-F*PhO~4$bD*|hs*}f_5Shrt!=NM9$p4jLCRhI0jenDZG6f0
zGOy@nFsG4g{#G?RWV!`82?6<qhh4yv>?|b%>6u&j&AUuG!8O>+xziLM+J48V?j;7X
z(>}HT;c{XPq4@f*D~-A_K}jE4Wk!Fml9e*Jc49k%5Q9Uf#KCN;lKN<EP>DV9tXqi=
zA589G<6Hd<*kFKEnZ7d8I8}#6z)p-1F~h*X5Y{Nn$%*^ew$AA~MSPe;F9`od`}Nh~
z+MrOaaYE8j<<X@xkja9{%V}89OB?A=1Je`*&Hd^fQE(=w6LLAO<(w^d0Ozs*oC`xY
zT)8*`Dx$_#=gyns&)d^AW*s5xFlb<~aX-(vpX<?%i035HuGrU4fPhs_$VFGIb@I^P
z&rki(&aV#CK$Q|IP%}$QO9|wxt`8m&JvB{p;RQ~_C_KTpdmc>}n;{2$VpK^qSDT0F
zWKg#Knc~m|I%B5n_{P%uvIJN2w8Y-YqJ!E>^lZS(7KPwP<bfAct+VwO+BzH+sxMH!
z9cN4igbx=ZmSBV|;VvH0>Af>(b8d3lu`}!Xdsme16{PVi7~)fnjj`Gno5;Jv#~;|)
zGYsTMOgBc*r&{K!%w>`J)sWFGLZhQ52JqmAf?oq1z)QlaTl<RFDCFzurwZLg-vidZ
zg(hyq%o@6o%x~godzZVo4lD^#nu&e6+ps;npT(m9wF7uk*>GV_$Af3>f&E>Vv<zNE
zRt5qFy_aWsK3<j&Xt>B_x!p;J12KU%h%D%BQyS{kS~uIb$V#omqy9Qj9SZsYaAQ;-
z_#)0d4oP%c9D7$PtDE`8H__u6iDd33$TF9W=kEr19KL&;ZwG{!03j&^uzvLQ(ZMVP
zl6?7(aPJ2O-ajU*uns1?1Jq1t`~&I6E<i^nx^h_cDF_HPt6qsL`-unp`xm@Fm@m<}
z9%ytqpc4+As>_AgH-RBgq_TrW@DRGkizBtDezds#rD|Zvp~RMC=e=<4iNVNr8XyLe
zmcU}t%?ZS?)XHxeftq2Saj)jkdZb|^jK}S26xX@ZtJO6!Jf+-c`yTty;jLW2Jwl_G
z`nYvfugoO13Jk0R48i!ue3``R5ir#j2x8^6M`=WKxfuW*6@&1kD)!uzr!PkWHG|Bx
zb&(Q)lJyJL-A!{S1<`{CBuUtrDoO`spnrLIJiRMUq8yBSo-saJNS1XYQm0DLzp9W1
zoVs}9`8WuOh>5F<c3Y$%EK*H>jaD;p?cO)a%-PV%{^pC~1V@<|8p$&pv*bx~2hez}
z+)PcjKb%llf7e~A&*0F&M;)H{sirHlm`~2BfKkpOv7tv5D{kzBTFWP;Z&$9<-+F2F
z0B_w9r5#e|N42+1Dxl1%c5lj^^{p|1%)1?Ka#ZW8G;xmsd=6Vb`~2kzbtB*;k!H~(
zS#tWb8cAbMz>}|)pog5Cy(fYt7$v$5g3%PxX%)|OPpCEQB+qXLV;6jddhB+UVF|Lk
z$lZ%23m}TcVlYN)^PKgXf8YMCuexR}gpxQy0;v}C=5>xiUsI`q6d`+Y;pIY7twP|a
zMYe;n)AEnD=0Z$YSnynGi?o!S-oU-MlJIQ^rXCeKe{v5to}%#da*8wG+4?29rrn-q
zj^rFSs}VlJN)OQ7(YbWXoD=h~V8k@}Zz1+SzE6yWwKiIaHd=aJ$@KD6?PZ#QLCI!G
zhl0KVKR>a<=J6v?fbgw;HAz<<)HgubUyu2NM3g5^B7FxffN9Xx*XZr)7L9tkAi}z=
z2`0);E*Nhf(7Jj!2!?UtLWLQrxrcH>s@eDfc{}^Q(e78C<98hPmfz+-3f?)nQ+8VH
zaluBok%`YS#76Eu!oA~YB-RR4qQnO`zz~-8)4j!eWMIZrlzlyn6h6$8%DJq0GtPmy
z(M#$rod_@KHeG`s5b0G5(k`AhOKsrnD5~#-^OG;G!Y<@BB)KwrOXU77r514}dn&n5
z=^2sSx!aknBzj4)YrB+oV(!#<M!;UUshH^$JH>4jr^3=g$kSn63QF~++K`c131{)t
zEe_%FMWXxbmKEWJ2qIR^le+9P8>mGs*Pfy1(Tp{L{s^sLj#-e%ECj35Y-kDDp6uCT
zZBqUXR79LC9|UQ*hbp;YKLNb-guKZXr5&vp@K3OA0#tOR`3W}Mr{i{?EcVDv#+f>?
zL<XI7A?TGgPoMoR+Tjs~rH@O#KsuZ<dv3Qtf(WDshKGLe*q_Bq_5R*670t0QGbb4@
zOUOg6H<q)mTQ}BeJ=OQ@`7H~u*5nW>E-*_W<Bw=}&Q{ypzV>aht?y1~*=t<}l2_os
zWCU=8{-7fK#hECI41fFfP(1UZALJc1*4sgwqKnyPkKi|V&O%D`#_>2cYXX=6a}>}G
zi=7Zt8bbI%GdQo>+9Zklg)OG{LoRCB1WeLl?o@PW4cdjLDYKR2x#k@|O7Mwqkl&Nr
z^y0JTyM}IHE7u~Ot@cWRT=p?;vZ|$uw=K>Wfq-jvK{YwO(PT2Oy-Ve*Nn87ieVr*h
z2k{!2m&)brd&N)@Dt0-B$TtUNg+-Bd28;fvsp6Y;hleh4!I&J6)KG&aL~0y1tB1%(
z^pK?M+B!N0z;sa&42;4o)SRNrIU>usW)H-dj|r4GEY{!L^+Iom>3}@Vc~JJAOe@0L
z2o;@_%4)&5d)eEXIT(X9KbTY2vah;7&|FlSID!DSdxtBFm3@Tm9##JYaVoCWGtN5f
zB_Ozt&>zWTuFnv*`=)VtQ<1}D5H<M4FW7}Qkk&At+ZX^EvjP~0DehrXGCklec~$Zq
zD00AB+yNpGZaP0m?BiJ&of7MTA`c7~vvy;bZn$lhjbBr{%eeO)#Qr_cvhr5PeE`vf
z2_T0#Zq-ke%sx~uGZ1mP0#aJp5fSKi>eTDzkKoaO3s8*xfK}z2XWH9pe{D>#eP)J6
z-bSweWfhhf=;n(~9-IzMCgZKo^o2zC4U-Podq&{`j)X30&NvCvk4o~_!$)~`oFXa#
zXhhg>MUm9_pC<d%!x!5W7tgasJ^Y4QD)`HO!u2Q-F69Ua$l5-NS<R*=GqYtA@9E#R
zk*I8@A(x8DvRmy(Wv*!MDRpq;M*J7J{(nPBk^wcRI8_ezc+7S$b3d3BhHeob+64Z=
zbSKJ1@}L@;+q-5@PN9J*@yPLADCgLzI=D+q=xwt*11jUZCLAm?ibp5EtwJj-m`REn
zj3u|tEmDRjlkfH2cV7{rNuEWe@C<$E<e-5O#T!a4>3-T(b@Rpk;E<$zOgHn3x^E;)
zc9&5(Zz34$CRwJBK6*T^qYXOvi+AcDKZ<aK$x+=Wc=e<6C6S&UJRcwLsMY`7*!5z&
zCf{b!Bu_k&6gRlVX7RSgY<;Y1$z>P-6O?9Um40>3y9G%79Nv<>pA}L_>%;@6*IT{f
zsI4MrV#rcccRo0k&SpMbwNhB1L69&)mOY5+s~33jUJ@zj$pnG`J8=Xu@;q-8G9$j=
z?{Ema%70R5#zn;dVGtD%yUV$FZqXM#|LCJ!Z*TTs5SGC-if6ByN=WF5t@3k$9qU9=
zcFw-zVses!^{{^+nbxVBED;f>C?<SAu2+l$uDnNJr(-6!P^@%t`PR6fkOAp3U4*YB
zE1f7B5qHL|IU<`^q-<sg0+ET@rgT{FijjaLm5+oc<og={o!76Uf8OukIZ~W;UIPSw
z1aaDefO!@7yp5Q6ehg5gY&Lts+kfY(MofUs1!jjh!7+|rUfWy_XLv9w3RVutNakIN
zBVTVR`zb1<dqh|6ia?Gtju>JqXR<HRJ+Vo?2MU{|Q_)Z1WqamdpIi{GI_@;F*qQ8n
znc=Wob>Mz#*MF9>dzP}wG0QdU(!Z)DBU6wd6&3wf93Xl>3J1)l-a&*-TOyW(N5U5A
z_Fs95fs}q@PE0URYWzP>Cw%?45z(jA{7id-Ow1%C-p?~qPtbaQ4kShjy5XIX#x#Ts
zr$GPVBr>o0GKu@Yjf(kksn?(2ktphYAQA-zP@l5{WD3r$D<k$FAFe>kpGGCg@H7{~
zkA!f_iz%pGFM8wOheQ3-@cIvOH+>+ZA?mhJ%yff{RJOm})j$20zr27rBR|ui3Ntgg
zOMY8>y8<)w_q(mXT8KYQ%|0djaS0m@$*8vW4ovC8)s=Mmzg&U8t?1t`w2qL$6R*xg
z(Gl^Ok{<L+oP8kcR_M*Yc=kU%*asqSQ#6W>w%Qz9*`bfZIkv~EWB=D1d4K@62K>H+
zWQ-p?4TW)|kh<@`-R)o5$!j7wcq|<pETt$c@@I|=N*ot9y93yNxrKjvj2qr}z$NnI
zO)Y~m+Jj!ya;SU%-|nCVZt#(G(IYIf)lsh=<@UByXRs6}SLr-(Bp6h#b3qY@Qn`cV
z)|ay#gAT1pzqwQM=>J$;SzVev8yo56t%!>#ec`$rAKR!}Zu;1t!(;ivOR)Xb>ipwD
zUZ=v=Nr{6|P9mz-^d7~z%iI8gcLYj|7qlnhSZ;NY<h|Ph{h&=o68Z0$(!9JkSS}8G
zqjbWzz@DjX%DyDBF}l)Hym_1O72})S>*pC>x|NPFb8kX5|M}|v>Lu~s!VFw_p7Big
zZ4y;kS=r!2>5#F9#0^(IHU$4ZGx5*c`1d_0)`XA$oRFW?+a$}xta<g>F6H-@=*MF5
zo5Cy-Oj|TC01gZXOUSKZkn8tW<fr4}m&FS_er|9Sf1jiDN=jB6II!Hgtt6uV(>2z>
zO?2E}TJDK50_YHBFjbqr69fHM%lG#c083+A&R>a$WoV$S#F3kqpM(WnM5b6-N=&vB
z`mgKuAAW$;1iMNx5L}LW`y|$G&5AAT@9z2U&g3svH)0s(X!2+&Rur$ZA2Y^+p(8XD
zD~AtL4*qYqQT*dJf*?I3%6&k&iY)&A)O6_A-!rN|R>ijdk84OsNIm9d2zzcI+p@sH
z_kXaf8{Pvb=+gEw%SlDPki9*4m~Dty?gFWuw^9ss$|$%rkI(C{-U8wA?)+%V<#4{^
zAkRLZf4qXf{EA)R^>e8Ib5bP^u7xmwW!hh5B#u+5)dt<$<qw09Bt9=)&$%ik+0?6^
z$VEf>zgYJ_Z4$Z;c=-zxP*b9ksBFs0l%+#TruhykMn^Gdbyd2{(uFtg*t6So9;bSg
zBss5VFZY%JGHP}GJjOp;)Gy2rDG0W{g`I6(E=O}uaHNfBR?}t_ISQl8X+EfBiAM&q
z=Yx^YUA#oTZ{V@Wpixi6e|zak6^W;OA<WDrzyPA69|Jd!gGIK_aBm^4w7$N4tpF1F
zK8edow)(ofH#Z%ehY*P9@2^b+0yxl1o<sLzj1st<?tN^dn-Su0jgyQm6dgJH-e?gl
zw@4nphJ_XSi|7BRmy;M3=4(H;VY9~C3A%ItaY;NM2*>%pt?lpM8af;-)_5Fu&d6Z~
z0nq}6^qr49xPv;F(jjX-o%6qM{=~2oju9RU3lkHG;?2S%`$H063~4&Gl16Q%sse47
zb{xebVH;}AtUQj@Mar<AGBUB{@j1`vUajh`6rP4#)z4{GUn6H$`v&2ZMm@C5qaW9{
z3yon=5|zYew4@6o;Gsc8BZz=;uWIH>q6xXG#fmW~!+vS+KRw8N;*F2OV4A6finKP9
z7w<>mIm^T~GaPXyW(o>X{8^iT7;3vRx#x)Yw&KG1&V&J)WlhP=DHM2VCH-VJZ%&7e
zuFUXfc!X(3F9vT;0sZc70BG?rlYRJ`_T^25O&qV@t9`W8MlRUiMs<lAF-dJg9<L6N
z)n;JSk#e5=M|&@6m89v$Wy;C=BNGnmZ)r*FHmyaBidlg%)H<4A_-qypjV^8bRla<U
z`8b0{y?s6buPuAU!i$NW%IDCoNV1_2oB0m{X3erKJiVffdRe=jQcBNU&}&bjQd$3x
zwzrOpa_!oNMMV@P1Q8V}5s;8lIu(>|2BeXcM!E(BL`0D8R3wLzZbk&@9zwcfhLRYN
zq26;)@AuyKcR#<!Ki=<;{o7mJ4%eL5I#(RWvDQ)rOTDY?O%Sua4d;p#AQC!ouezK`
zH?@fhccy}MSxPOSL(UvfCnJ-MW-}VH9V?g5lux{Kuy^vj-g%4KeHHA_;uTMNU>3tK
z$ru`2MEf6?|9|*pINN_DqW!kZ2BA|^28Q2Q3ZnouB>VBP|H98rqph~~Xba5P#{A*F
zgI+)ki-ryNdz<@JpPq{|X_dw$3GHXGYL!YkA7XNckNR!z#>MG1Y3i?7j)A6NekW8^
zFvXt5_X{p-WrOM373+(7f}ZnXcVRTEFi5UvwIapC7c}yaALYh@DvMO9V8Ha@4kGh&
zau7RS3g2@Tiw`Pzpw)GGvBReH(SHd~|90p8^{1_ASabT;WWpp(LQWye!5Ort95T_B
zYLG@qUv4p|1v&@mfNm}(BQOx`xH5-ZftB3sUDTEZu<wuvFw;>xdNX*BB}s~-kA2<B
zI!`?C2tyRs!J@;at%lommF|t%%4WVFQfXF}9UTcE?DlG>sn#8&>H?spig^xpo_!F*
z0n)dUfdc3!uyaPeIoNHaZ$`p5P()Y#)?dDwN2I?q2&4F<QVGzteu?42S~tG9q`SpD
z&~4^e_%SY&4L9SOoUgw?ir(q!5gD6QlQ{(Z-TV<53s=6#lFciBNXEAzYc1Ik+4h94
zYWrC*Skp6QDBd7VaPZ3z(3*UAB$f*6rIH!1vdpR#a*xX4x$(XAa7tToN(jIrs!T7x
zz1uTs@O86aPujCcNePJ%bg?n-n`JT||4HS*CjRD%^J-}~NJ){*#Z-S6B`&_l28h#)
zgb|4iasi7B9U*#P5FI=8fKVy=0!s&IXfp<Cw@3VWg$+$$<%+C7KABublfNyT((c~N
zDe8mypGBmZ_OqZ1(RgT8QzTh29hVd;ki)?%BlXPSX)g?NIh1bmx}KxVJ!K-V*07ny
zjkg6+d@pBzvIdaczeuUDI$4*MlT-;<ZZdaAf4=-Rp*#P>_4rROEs+JxYFMqCNjlJU
zXk2H|azKDuzT&Y$CC*M%X`Oo=4On-rMmDzF_I9QbTEG!EQnpJUcjHsL4GI|>N-4^$
znxznn$T~{At`XXx$D|xUG6%*+<R!F&>>)%Y@5M{aQrB=R(7IPLgWu337kFqhEz8lT
zO2Oz)vNDiEr(3fd2HLD(IY|etU`<P{mg{BhQ5V){pFbqDyX8f(YH9&#91UodDzjbW
z|I18M>>B?3YaK0`*e+OH97qg`iX7tG`H4I2R&!a(ftKtEYABx(s6WGj(YMt@4}5v9
z>H7xi3b@2@nXtu}bi}p+e&bN2yhdp@)dJtFZlFL{o67wMEx(-sTrOUK8&Q9W!Bl46
z<(%S2aSzG$Q9h=q>=ps%RX!#VcREvqRRJE<B;r}oGm#uQ_Qt}b@r{dAjdM>s2sjyv
zsgo%QMSp2nr`Q663TNLq>PZk;P^<QFyxFMqr>8FM(q!{sw`BSuW~K0vaA>D*pujTv
z5ZegyNz&x7DbP!CX7zqlw&Golg7N+m4;Lo&+R9pfqc@kl+yo!_22MH_mv_a!(!=m5
zT&7pgbB)Gd3yBcNBa#YD5eBXcks8S>3{6$IA^J!rnvD)DhY16b&%?5t=WhegZ8qYy
zh9;E7^~r4%+yrK5=;<j0G8?3q_iEqbR&QfyYy3%ac#)A_cvqq~KIX@R%M3hLy-JWE
z%k0d;BbiC)hA=!NRr6jSYPH^DBN{|P7_$qD$pS2T$f6=NoJ#IC;DE-qW#IN8_8>L<
zS1t9=y6<AYjYS+-#43%*?3!;R(#W=Td?}(i($fYupjOz>xlBzwBO#5IQR!FFcm7E5
zx7I{R2AozJ$aw4l>=+sZQgo)hec`=v#{1eL*jXVJa&bSZJwewA?M-*nh9)2ZXobLT
zO#rQ$2~Z}Agf<K-rLBJk!iN6hC$b|2u-<Pui34MgIr<V6hRXLzdP_zfQ3H=KXlj~R
zjY=Ko^-(7FP%8SCQ0k6RAHPZsxYrRq!=k`VUYp=NefVTnO1^`|Ak1HJ4Rp>j)p@}0
zQt%$ru)~E$v!E|t|7B(p_TU#fp_dY2%%xui8_sqTG1IfyGb8J!nD!@k$3{rw!=J+o
zO@XBAc*~~NM`JdzW~m-}@{-^m+ru}WoBI~L`MxF0B?gAE-N_kp@j)hAQB3wq@{ubY
zvx@hW_cXNRL&wTw$$wv(!4=wz4DJhU{ZGN0Qm3GN>Zo;3IdumN?v_v#oLu@wZrn2|
zEW-b6Y2K2fXgp)Vcr~{$9@%`bgIq&!7UzZ&$^(7n<ZYYoBu$Zk2PKxCw@<;he+9??
z7BEkLuhsnQOlJmvLqG5ZQI*d?_?P_Fv|4))Sal2xQW(89=B-RN^t25)A1+}}(4v~*
zv8RWP3DQz;qrrwt8U*yLd6*_gk^WSDgs3-;+kUjh{0<V%B^(9+C^7MIU7uQVuP}7Z
znl^4(p3!p5^U|`W_0H8KHKsm+xtkA6r5k+x=c|@R_jmT>Hq4R{EQP@l)ZT}EsP;Ld
z247s0=HL<7NhFG|fcQg8^GNOU+1Ju4GPs^-dnw$vAVG-fqMNq+PnZ4Q3sf=3OQ47Y
zx#lm70c?og-euQItGsfHPYo-T7d<MKhB#5sog7Tv3>D8-zyDNkbwZM@JytOyf`p#)
zWnfEr!zgj5fuZ{2K#WitQ{0WbmFt~ed9P9`+I`e1Y+ELZ7Z`7H8dg>?(2m7K8>AJy
z(8^V}evnyMuSIwHdS@hP6LY&w*B}x4(CUAD9sm4;G=*2#c$t`3|Dwq7dDVVL6w{}#
zfqwGbB^z-4!b~SG`R)|q#OJJJEPC`{$ub9IN(8ffj(fw|>J87wXW^P0eZx6PCAVY-
zmafTzuseI}!e|zmz|M8KQkb{9pgNylpeFGAiYY?&8+CgfK(o&Zgg#O5V*z?5CZ?@P
zkCPaX7YR1z00iIyiTZy(*8k6yQf9%Tx8It8Y?Ybe&77?-;X{HOd{Xbo*=hApT=L}-
zgrvcOx>$j0b<pYQ25bo2pY7;b=;F=nsB$1L&*Hh#5D7dsXw(ePReNE7?7LqK==2J@
zi+7{41@lxg-j!PQsg!SgFE|_j(kAqIe((-p@wV;yKe0DRFuot2cm{-w?3|p#ZGi7K
z2FoGW6I^vPU}{X*Bqm3@BE`JKY32G&5ziNIcEOaMsL4A0i1!rUN~$HH-Jg@m{?3-p
zob97Kb>W<x_IgLLd8W7waW|R|j^D8qD3M*olbQMY#2Ah0F>Vg#RpZ;NT~-?S&>)^J
zhYW&zKnbcU_vx0ED-j3-=g@e8AOnm~D0W`c*jo44FuC#c1GqIa(7j0(5Q(D!58d7l
zVR>-7vEJ7pO_z?Z$Kf$Yk#wYKf2sL{{U42FB-9(i<0$ETAOPI@Ij7j3qslmOfe5rl
zoO*NlqIxy?vibp4-aN_w-4&eL-dk+x$+^hPt{-z302&#FhI||Qz&XoK)gN`17EvE9
ziECCH7hSpaP^~?do!$M`I41~GpkdB<g&2e>P$lT4c(3#GJMUx%r}A;iXS5i+CUID3
zzb{<l5^MM^s3Y-#DYmq%OYyGs4SauVg7*C_?kxcxMGCMr)My`khjAM!Z1h5(gZOu?
zYS};LP*(I8F>JcW@A%`@&hiLd7xdN@$<y%LAlD}HqW8?mN0>+PUmE8{iNb#+qgi(u
zWlpPfyA#OUz#KOA9WUiA-6+KnN>PhU+sXYgTQ2(nJATj<SWd)VVvt6q^v9KtY?&0>
zOb9$^Hh8_^&iLZbEC3QGNzkMb6F}uDMR@x=yK1HaH`L>RPNzXaI5Y1xX`MfbQ|fur
zvd4BYMMf=wg#F<1szRn5sn2(z!f)}^ii2U@L+8zaPfs4S`A+nA$+Z|wz(olUj=qF;
z{wG~R?P}eGRXLV})sMicGkUkJ`Eb$Qwa6K|fc8E*$wn>#kjHUai2PU#<>q|^Y$Z!p
zk9+-hvCv*Gx-0FeQ+w#Pr3i0H1+E-9UiImc8JkwE6ezvp%&BLtFrXUtNfkO-qp}a^
z;<CwnO9paOCBd#3TEL-3#p<CxWg3f+MTK0x&YBI24~Yf?Cp+fbNC!$6E&cl0lmGe^
z6<}YH)3+ua6g+A^gM@-Y_M1f3csuV<z4EQemjO+TcU!&4)-Mmw%5o@&=0j_CRe*wH
zq<qbcNh?q4%SQ=e?sd{oQ8p}Au{v5NYuc5vK>DcCFVH=#{xvD|5<RN^B7=qh^nFmw
z!~)S`ZhOj9Yg6Fd0+^qT<CFqo8xm9tuvNED)q53fpP&1kLxm>)E#_kX2K(^&|Att`
zJ+N7sPWA_dO$5D6dr41u>|=lYL_a(gY%#E5KK=}(+qs#A$Ev2?N%R4sw|9~0NyKsk
z=g`*`cDSRK5tq!wKS@VsNwtw=U~44c3}dYL43`OCZhni+{xNNbEynYnZPv3s<6!TY
zk)V{Z`dzK@dmYAIxykixcjJW4(U0iE5}1i1GgiJPPvo%J838m)c)b)ge_I9_GXQ@l
zk!xtE(oe!YXLGxusnaIz#n`$fhjNWt?Us!BAgnCjS4%@-0KuNh?=Z?<48-iRC7JT_
z8BN&YnuKK5q@@s!84pnP4Rrsq{xvZCI*3b~;KH|_BN9qay-;g4vK1M8gHs5|{E^e6
zmbp2g=#ieRb(3Fc0z7Ry5J4<x#DV}72D(=hWdcE8Bt(@T&I;moTcJpC$!61~$aFO%
z*J4-zAywGAaJ9+O4FC1N%VLS0evu@MD+Y#G+%EfoBCPGw0jb=8F47LWGC_VpLifpf
zWHigdm@PbVd#O$_J~#L7q@DOF9-`W%pdq7E`XXHaqXg8G5tkJ0x;oRO<WB;&b}<A7
z%A#i;7cZaDM`VV|fPj?o8Ww!Bb@nyzC~!hX=ar#}aZB*tBbqW~frJzyGLZ$!^svmX
zgm~r%%qcc9tYny77|K5EXOPA&^S6MAFXJhT8lIEn=c2z5mvTtJfFd162=J;l<bxHV
zHv)_#L)%RuOtvdSsS95k{Oo6&E|t^+;$9`w(HtyCj?hs>Yhf!RO*j_Xg83TOD@<8A
zW0r`rz!&`N$fwK>6170LD~r?uJ45Nx4<I?kPdIAczpLLV?FNe#!ok%_+#ZZRKMbwu
zmUE~z>#^a7t!vj^)7UeqvR`<j7@%|TW;7=nuflqa0W=S83P4L#3y46vBily(cVSqp
z9Hex4rg>Nnkc}tiUEqlG(vw!7ViLJhh5P>oB9^tU%=w%<SeR232?w+I-L03bKau(c
zPBv4t^04e=9?-<aIko-96M1LE_1*hEe*29l*6}Q1To<0x{hb|!eLCe=bxm5jb5CM&
zu*uufvbL}#BRPPT1kwt4T;vB~_6uYhQbi=+GG2tInIbkxTNb{Df7)8Hh3C9`r!9e3
ze^xh*KJEoko%sXbK%Yr|i(6aoG;)wlmL1%~I&>KwQQ;&fYCnY1m>H>r?8JC%C-XAt
z^%(`7t$KD0bW-I4U;HJoG5_K>(a6leCaVzf{X3wWI{REat}C$J0Lb-io{ky`aWI^F
zS>EWXT<6w((jCewkw=Uf;(u4=(#-xM-#b(zOxDNw0rbC4NVxgx62qGt-+R_4{3jjB
z&yya#zM||<p!n7RdHwIg-CGWjo)j1uz60@&RwTv1@bv_omYS`hDU9^M^Niw0-U*xr
ziPW3oLt!hVTv`Hu$!p&MdA1>UTLz%*wC=oo`SQ=hVp)cH(6!Jcc}ZapyN`1XZnd3L
zBFlc?b`&({j%Dr6*v#MG$!vMb!C9;Ec7;^WJLE6XZ$9}`%E$2W<FgGCSrZ>-s1!BH
zrdd?dr78nv5SySOm-fK(%B`nb9DR&u{uVz3x8@bye`+3P3mkiC9Lt*CX+R=$s_gk+
zsND>(KR$FDDLOLigOEZsFEU`#B>omO2d}C19U!7D-rVPZ8K}g`$>O4PZ8Z|43srev
z7eWXaQA)ELHO}owg!hw%!Rc#%8#jr?z96wa7)$8K%A7K=$zF|bEIk2)Ngu1jjC+}k
z<Y@d-P(g?*YF>JOF0@WWL&ouI<;`<{cQdh<V%`dCJRmfyMBD}L!oaY*eu7`{@67pE
z`s|~086;ap?sCDj3cysrs%t<7LL2);|NbFpUWs*I$HKgF!IsQRcPX)aSrW9w!TIl8
z-tThjBRLJ2OWe*+&!kL3k{x#gBN#&WxB1oS|2O~Q*I6*N1(Hw*#^xkB>`ZjGo#NDd
z3e)|v9fCG;S1$g=rSuWQ-Cducd_jJ-PP9RSnIVCq5)`Xfp>z*iu_x=(3P_e4@x$+x
z>Hc@W<O;r(Yv-9KmTdXph?6u<?yHiK&dtTQj~q;0FaMRQ5F3LBe{><^Z{C~aMPj+&
z_1{N54^l~L@)ou3ke}LZG^eCq+EZ}v2XrhH{&(HTTW0WM&y%7F;6n7$vlkhj4o*Q8
zPMy{l9ALMUc2{ql{ojp1tQP=FByyefRd;{sCPLo@K02Xz8u07oyIuuv6*oZsFHGSo
zsItQi((2t}=^16LtgLn}kkakia-92B=h5I@)KQ<oceoDUz}&}6BFOr`XCD@SrtpM|
z)bPJ+8^YO@N}m<AiUywPp8m<{8<@b3%CaY%rZUv{eN8SZz2eP0ci!0L&$XfXdfxSj
z{5g5>%zsTKPgz!QZq}bz7@EI*dt&>o>BUJ<nEwXl>M27`{OT3D?d_TBR^^(lX2+1~
zq@*i<jxj6;`=s<~IDdZQ|9%PZUsu_Q*W6fH$cgg_2aOEpYXMjK@=`<7+mo@*OQ#kt
z5&Q~$_O9WD+p|94li&Iv|Ai{s#eomL?fmEl;eY*PTH?1uVku9|7tW>)KEfkK7kg?(
zbS4YNz6%_B-|#yT_;~HJ-mBMJH^K*aZRI5U2MzQ7yfd-sv$e;U$HS=pD{X8C#0VF*
z@>UG7A5P1Vneb6cS(Tr$sfARo)aDA+FK>A<1N-DrEpOB7-HZex3a%SH`BS~0C7(v?
zPrupu$5H(G(XW8$f;-Gim;CfphOnH4EVw(>Os*2Af1hUH?9k;fC2B?$%+h<LRFz6F
z>7NUJF$5fm@0=9-pU?UStiz{Cqjk=0h`Y!hrw{evpP~*e-V33>{?coeFYY)b?M4zR
zQ?;Cw(i%ZU|FQ_5%ReyecH-{;gtva55ODl`w^~aIf}$_KRmaOUoaN$<-UbZYMTY<P
zpN%bFPC@Dy6E}WSK*TaQE4WhkLa$0gx0@aB>fUdD_vg!>XZx}O|3ZMo`EyMFc>b)*
z5|%VQ)oki)G+LB-28P9i49)*PyvJQ^7OCxm`{$IOVNZFsQ9^DHoHA$ZJD-1@@}sN3
zIFxQ6&;QrQmHhR%_f8+zkwcjs>-qsv`b}b`xz#)ri-iFUIT4Wn2xTmizQTkVo3u2u
zI<=iv8iTqsZJ%jnG=4NYM(MdKQ2hQGY3i?ry_G$X{4f7Fgg>T=b^iBAuvf_`FkeTk
zR6s2>FdWNwFvqp3br0!=pQC0}h`XC16U%AlygZGAocxqHT(VP9H{AXGE%ptBJp$h}
z;<<QK!Ss9Ny}BPsJio82L_RRqwB3G(+5cv(%6EzLeS}s>w5wjdaQggj$!)1kaMEsE
z*k_t9CT!bL*Dw<PqXLRKLU>PPE7LJ4eK5cbF0RbAgtmc{&!i=U(xyTZ)qab+AXYtJ
zOBz7_cR63?cph%Hgu62bgYW+sdnT724PPCh2R>ll#Hjbr<A}xJx*o-v2sr<`cmH-G
z*i)l1Jb!vkX-==HI>$>lnPT8y0u0iejOI%vz5U)Cm-lp9HuzSgKPxiSOT;$Y*6%M`
zx@~vy)|CfEy$4WlnD^0&zG)@=aI3^|WwB1iBt40IPU4Ku^u=fFV!jCN`Ms|ch;VNL
z{&Rm`%NJ@Ky_5Y<PqhF1#y_6wj_T<RA1ub+a06UYRiL-Jgw1a9Dd@6<F%%DXDxju%
z_2Abc*d9*M@el!MN$uP_TbszN)Nn~^=s@rhSRfzia}H0U$qh7qi3vC^-vf1C1eg@k
z2KJ;<a@u5tbX?`Ta_0_i9y!fb{-4BG5_mJkU&+M&Iks1R;MkU?gBpAPtM9xRf%ToN
zBB#eD5EmzV6pLlaXF)X9;(e;%vBUdf+4i8bHqT%dkmbfe!I9I&UcG#WNu$122Rb;Y
z0_J11#j>Z4?53W0-UaVj(V9F^5&zmf1K&UZl|>VY9*Q|WX_b1mUbRF8_NC?CL;){k
zJoB~UHmBA9%V!74-)Y)^dhd=e5FA;j#>bM$0r)A)arJwHwF9Nx>R3hU^5@yMNX85R
zes2xydskU^wD(@(<36)I@X~)>rq@A%9E70xo$Vdae`z$T!8H0WkpaIrxRd;I0`}Mc
zoa`Tmb{ZI6NwJsG<TL~|;4?7fybHX%*uxkHTw=Y5dV$Up`-SfN+7(v2PUMIJnL*3>
z!zzbj>oIlsZij`@FYC0@0jA(Y4FI(0M9^5|$ZOncun*>3b#4Q7hYV=Y@7f0bq!k8X
z>2f%r2DdGu`TYiGuA~1~r<I}jrCq4#PXqte??vJ^HTm^mle|1z-Hr;s^J<*c<YDAp
zdU}(Kk1ts2AH<zQBE0G`ZlJ4VK1TbP9`GDYV4frwLf>|@v`-H1xs>eEF3(%V+7j$W
ze^hX@en^#mIM*d8>YlQW#X#kx)l{)b5ID*nA^kecgZ;zp9>l5!n0IR4`}t#zt7d^G
zKflLr-s)J52ITFb5}5hi^3WRL{c;Mr*Wok_iB-vvk+ng)EQ22BtqGTvg$b9F<V<t*
z<^{_sbHXO_i^e6`IGsqe^1X4hxzvcA;M~8&jgRku$PxCrpXtA57$Lvh;?+E?TU<6s
z(~BUDy+}ryU-LDz1;_7=3}{xM2bq2SA(!=w4prWYar<1MyvNRf^Ndxddjpnq51@aU
z&4>Y%fI;NM6VDB_>&v?U7(Og2>e_bgBfmFWvq9_$OF`u9>f0eL31H>@j+eW49q1-%
zkDw0%Z>4^Fk-jzAWs-iOJ^I1es`v7jS-@r*uMAy&-e<68N$o%b9c{^NbjjB$<JwDw
z)_K(<v*e4nE2id8jth%McD|h3%d(A_S;0<X1$;7BUWGcV)=qg-ON+KXtanbn|D(7h
z>AIZmeov$Wvty0@f{fb{dbr;<A{X#spu>}1L)QuN#@hWGSlp4W53kP|JG>bShh|Z|
zX1w?s>-kCEhzo9oDR>zP0D_94Qa4LMH^;t<TLq}Ij9j1L!YXVgSuKaX=q-mlnXoi7
zo%PLYe@=T^0*4WP?2txo^q8hjtRp7B6Slui+Hd==wNT&7B>1Kayq=xk`H=2uhzj*$
z{>_L@Fn&ev0>N$Ki28GDrMvHWWx!99=LM)#jMIr{m{2e1Nd9L~r4jh$#C3l;@o!B4
zsb*dwlf*{TALt^zI`1~Rlh;+Aml(AGq2p~ot3qb{^XsrU?m+j{hmY{J2NX#F5e9xL
zVfw@R#-N72e17l?qU{lJuiZHei5xIh(F`y|1q;flUivI{e5g|3>84twxR;U3N=PMi
zuT1;k<++hzkwq~~>4n`^x=<;A?5ecn_bh?V`7p3SR~mRQdW`}dd(;3E6VQu{e2X=h
zt=pTl^bH2$nurdzn$Fb<FgL7kDW6;yw-09e4DJO5z<0p4drDud5VT`Q2Pa_wsqO&P
zcZ5Iz7~~<>uVI<Q<@QePkTL2f{NzXxXi{a5)l^;d!9*bdTwF!y+uKKUCUAEM?V0Hu
z?^+Xnp}zQ98v80U8wJ-tD?p8^3t)E-IuX_jD!e|<g0qvrP1~&A-j~6>rb*nYfTLS?
z;C&)U2PX7eI#b0M(Gr)P6?mweujQ25tq-RXb^IA-bvT2!Z-vg<0ywJ3nk3!%v?pJ3
zKr-+xbvxJ!hf>BfZ+~v_?)6-vh{e}-hW71(i=I?&KXF?0l7{sXX`-1m2-|*oO_s~+
zxqg(C!Vs1sG)tCb;<?BZZLo~Z+L$oui`doBf4EDU=|={=)3nSk%2Ikag|$Mc1W_NO
zZF7UjS=gWld$Ezsp`3<4Ii{TPALYIvnAeQ@SAK<s85GFkJ0NvW^S7@nJQTVxcj0pY
zL7hJ-)S4XM<+ms8#Cp<J>-MOe%(JNlmBX3xmJhg#*2kz8O9Bp8ThR1z*<&lnk68-I
zhQ6K{OW~vKk{%Ju$IjKGkc~<9banYsYThvDnh{~TqVR<^FyGdZ^o)@AaV`E8FB;&8
z`x862zMLbvSCgeG9_XF{IMU(CJA2~}p^nH|%(b200WMEIClrWuxe!v8g(rtgpB}ah
zt4fK2iM|#x%Mqp)OJF)~Hd6xp!NCw9d~ihr;+7I2(VUc813of!Q5raXSLvS0fL7{-
z&iDrmG#Ed3(qSzw3Jn^lHV~`&tX})<b!@!EnQ!E@j>5m*6DI-*N#(Q2CtUf2n2Z}z
z?X0jkDt)L-7J^O_*QbV-KCai@%fBsDIhDtvi!rSFxJzI^tovTRQmar-g)EA6*67K}
z?GEz}^zg76#8!9ECNeV8&)FTbWC!#DQ7g3jt0jtlL$;NI)iZA>(sd8ay72B?uSdrK
zj>N0?O}eOSZ=IxK6&Q@!6+q(Hf)U5B{`&4X4EOTci?0>Fq#77vl&yZwc*GYRQ>KX?
zHu{P=U%bYyr{lioCf$7kRX94ZFmS%zUueX)hECP@%i=uy{MzRLlKkiMz~1hHLiY;m
zoE}A?-W+-O{`RcN=IoOp`qutAqfqYH7{xMmYJ3seI{jrPj{&^Nq)MPin1wu-`}Zgv
zriz<4^=M^}0gq@kb-@m37YV8PM{5JB%n_j^-8b>End8K#QyYV|G~IYNpH6QYqwX6x
zlsvO!WcsnOv;4q~51x4ND`Pv?&KmbDSN*>E$QBa>+7ul%ktsqy{z-Cgz-H~ah({}X
znU6b`MGKe)k}iwM+KP>_Tn%>ffn|jfi_uc^oM@c276RkbK&(piBPS~*f-%LlKNzA&
zDPTV@wLN~^ViYQD`ZaK<+Ta2yXji7?Hrd_ITu~G~Qfm%zk}or&lodsVNyoD3$}Kbl
zzyIlM0A1%INT)mILTg0&PGa!QJ5xn_>J!JE$E@u;?w>@UVF{gCsRa?h2e3GK0KJeH
zMnU+ZB5~_eY?a1C#f4U4ul+u(=Jx&QV1sKD{W9btqrlpGBo9mmoE7k=>ZUyjIgd>?
z+^$fdh>hl&_Y#P;up|;6rvgN=)4ZeiW8-|t)Aya`+?91+y$ZG?TP_lKjP)nS9>~!Q
zhh7YUizMAZ&(fH!t-+fjkb6NO>DIk(9_rxkQ#`aoTRXXfo!f3dKjP)HyMgQ;@8WW=
z(@60`y23=YJsk5xY15E?04^TVvD`;z0w$&j7`!$QP)d`ygw{G#uPS&-00@=15!dA}
zk4AR4)%Ul8dKO-}ukU0?v_;tOn~-&KxNMB%Ki-&Z$;%auuGvvR953m6DW~3ch6L?7
zrf8_=-TU_L8X0<@V}GWFASHp{w5~q0=;bz6aWlWU7%E_@GbEO@i|M(gq2S&5Nw4ra
zyWZojXG&_&dp}BVD@W_Do$T&99&_7PDl@B9>d4Pv%2r3}SmaCccH=Wi>widp!KX(N
zy<2RHY*{rD4&6C5Y3|CDA=hcK;Q$-SklQf}=I{LmLlt=yUcHZN=NA)m{-?6wkoYqm
ze#tF`D^IDtuJD7YL7=iXIL&jO0i5Gh{;6H@WQa=GpGY{rXH>bkJQn^)+<VN7hnXcV
zJ8OLcJ_RwC+4$6W8*De`&Uk^|X>{)!+<F>vJ3MnXRJhZOXg{9vc)u~$Agw0HAHBXe
z;gafzn#UKv%fQf{#9ty`xI1^DxDeXuvy+3zZ8uGmqfwZ$tS_{;F{S9W^CQ#L$|@<r
zG$WWl6j-djdrskUP7=Dzb9ZDHMbLh3@dolFj^80>SutV*WT*bubjx|CJWBwJI`D9!
z%rYzI@aNH9y}Ws>CI@F&Jt8!@@M<d|)-auKvm9~0gYnYV?4j;243@4bTw)YJzBd<!
zI>5co$=!ST{c}U{Biuz#O$#0GIt&%Bjw9dZLagLMrFn7yp=v{uAVA^m*_U~GT$X9T
z66%Lt@O_LWaxgcmu*TgwOPoQLG_n)wjM*{Y$G}gblTl`{g19(h>J2A-o;%YIeSk7E
ze9nUT9fJABTt|ecz84crWWjCvRqkv#`vG5uJWyE;;H6iC8&(Yop%!IeM<dtb+5^dT
z9m9n-jW4?`Hv}xCdG3!#AZ5O!dLB}v&6}U`yFdJl6d$Lekzy$X3~xN2ISjcrr+7>k
z$q>9Zx*Y_?z)&R>@jMv6iyg69u2zL7bpmEKr=nDl6k0HAyIHM<5r9E3G5eP%d3?TS
zX;q7iFNS@Lf6j+Qr$*{L=8wr`hQy$T2g8Ecs(-lXo*Ydccl2x>xlHD=O*u^YsVK?Q
zmCn|=%+IHiKd$xJx!LZ}6$l*@4+OKAqk-JOOu?ZuE_QI08Y-v68POORP9it3?4vGl
z#d+adk}KRn;olwWE3t={&y%oTF`iP2mjt-YR_SS}E5DFuMx!A0){NN<lw&9(3~}1}
z(u{Ye&kj$QgL>%Fir4Q<n-3s7rfXgYYrJkN`M4I$Ej|4Y%L4XSX+=HgfUIJ-_ak&F
z(WYA3k^WvCtA4%Cq~|ul_PE!$*lt-Uf0zjR1DNVf1A(b=4vOwL4yVM#>bpI$$mYGh
zL(*w5n>*JmU1pgZe<r8EYT3MMF~PEPCj#6y9tc&wv%_Gb8@aw`(Y^{CCoR_qC8M%3
z?9B*91p5!NHX4~WNYsg|A9UMssMCZIU;#cWzNj&AzWYhbQM{Q>gW)-<Q(>}@&sry}
zt{W3B;}|zBw+$#!HmsP^xG=#t7wjfukXX;LPS0nITb?3AAnuEfr1{TxMGmVOPL{D)
zo6w%P*Ysl6Yfcm|5Z*FY2R#W-{S)<SKZl!Lln4{Mik?ZYp_npb9)MPF8Sy)9r4RS5
zaCEK_+>)jxE5+D-tFfQ``Lb{=xl$Q#43kZhM97FTPsSryrrv#yA_^q9#U%$*&q)x7
z0TS9=ix)MJ=sJY`{(?pvbH`A#A0AOQlMi0o1~c*6fC;LUcb*Hvt&As@YJ+H>>oGif
z<onufJHw#i>!KQ04FjaGN*xkJZ8pl#)B+HPAWF#(g>y0a+A1v>ewjh!j0x{t6-A*l
zQz4+(k9nt|dtWryJILSRW%~-;?w0XV5euY%d3d<G;r3SROe4c*twqqHA?9<|G?|dm
zt76@<LLAJEi5t&ge!T)Kq^>`)u}Bod$gRC*6uFd6M30gw-=#@C9w9-_NF40{d`;5)
zbT<`=aft^vjUE&eap=aeUdJa3oJRVwECrQc)$URW?vg<QHKJ!t{<Fj33qx4+tLN&w
zMU-5|il0Eh_tE-|Wn}`%lGUmX2>0)=wtf;$dVwbGR!XDtJ9VMjOGsoNK0}ItlZ=<L
zs__UpWpPK=Bu5|oHNw^&3Oe(5yB4cXJ?IDpC^2?QH{M&^iUI1g#C0KDQopi7_N7^K
zA@^76KNVuv*2b$MlWDrP!EE9V_yBt*8f&JjBMt*mjwXoP9b@Fx#b6L$XgW`h@|^nv
zGRG&}1X`Gd-jCv24S3Y8wQiS?yn*ZuO?kV?GX{BLG!*9n<}+e<FEqeTg|CmvR&E6*
zUF{xmOf^;_sS%3c^>{oO{i;PVj<wnlk&7b8>=D&p%Q0`l+GMco?zA{j4sWvV^Cnla
z;CNxnm<Jb{?-Bn{rEyu;QPIaG0PQh!-mrG<TnOLhJk#DxldnI%%+VNy^vs<n^I-`I
zdnJ$)<*8J<Z30hS{>}F{A9R*>1JerIsPpV?QB;8^u5cW`z53~HCdSEh>VBekMErxP
zht#)<T{5!-ZGf)j;S1LQP3Uqj4sxh0C}+UJb}4G<eyW8vvnF!$3MH3R{Q=t?oE=?G
zF;H46e!Op&aIB?~?p@ub%G|pwvNH;EqA(v?<(yCxaPsWtBxCP-H9##e&1Jszu#fu6
z0YFXWR|-#9R^Ymfm#?#_mt0?s)D!l|MoQX7Pz;`c@DqvQb;ap}TvK%W>0ySZXqU_a
z1j7QqK!)v+V64ZwcdOdK*w4lbBZr8m4<1q$RLjZtc&aA5r=@yV&I*$qio`tsu70ME
zO7BW(&lSAq{*pK@pd#gihOzfI1|oY}=-!I+7}FcvkowR^o7KhfAJAK|@|V;PA4RQ8
zHm`Ml#3rBor?~0|!&%N@b{#+Hx$ljEGlcZ0#EH|gHXp8(LX~eY3lP){qZUH*1hCXh
z(gt4VqgnCj$hQ`Vgw4xW*gY?8Kau5liP_;*TZrf|0rO1y3v|b>s1Lmh2ZcmFh0Y+c
z?@hTRPNU2ycKu1Yg(MMU3(B$M?5XLMxy%GrARAv0fb<oC>NK-B4Vqe5kCCa9M&ZBH
zT7h0-(6T;S8ygLkJYTGe#gCI)99>wmUXvyR5~z^eJvUXFz+`vzX0hi8my2<H0ivPE
zc`YSUQB;?y5WWb@i$W?8nk$uAK*)}(bPLoWQ9$BveO8Qu$12SK@)Qa1^cjO9E|X5N
zYB@UJ<jA~sS2b0gRwi7gqBr0!`X(+QolJM#oV7UE>o1cvt2*()OSeg`R(T2;9uyTX
zhqWtWw5+D;h5b|jC^o;zn8LB5;a#o;WV?-5tR2tHH3U#STsb+~@b2&)F6iogTG(p0
z&dhq^C*Y#nwx8m$9_?N+@Zf-elB;R$7^&fYD-n7mh#If3J$Z5q_PNK2yC4$uj3zRv
z@LC@#PkJ3#lU?VJ9<?qp4V8JnVkrd{h(O|+(c4e}Y!tg}P$5i@T&AQ|R8%ZHjwJMn
zbe|Ui$SY@fjtGr;<bAObftEtx=+h7z`qa9yM`#bi&jBH*^<$e{jhyzt@&i3;Jq_wQ
zdE6U8%Sy8!{kHbAa_3h^PW)YsKdv1YErtdW#(Vx~IN-8IMfFm3%5KOf@I>-hr*Ph{
zKi<%S)FH|Cr{W(_?YZt0wLs{1)J<y&?pZ<N_bSEXcyyrX!7a>B>4KN_dj+-o%?~T+
z`p80@GUmW|T3V1%a9T6Sx$3HWZ555}f(9F295!9$V#&P%o3Ymp8OI|db!Li8YOPLe
z?yMMbLwA_X(YBgN_g$BDp&W4`_no)Fw>eqGiMh)j@d#nPzZKu$XX@FA;@I|lG({Y9
z8OylZdHBK*24?8$w!c1RYkbgilf_(X4361y7&)rR#drJweM3qA_`)>kYzf$4Yb9@+
zk#Jd>+v%9!i0brFz*%!7Y7Y1(h(PR#qklG_zVy;@tLFyicQ@9l(AD6WKXu$`>nv!d
z7fAtXEq4u+U7B9K8oZKVZ`QWAcWO62IkmzdEyZ*NJ*=-`dx4AxLaOhv#;sYk75Pw?
z2Vm`bo<*UWu@Mn@%x;}>CA!{y<<{Efut^<+td34zLUB8HSq%Hfr;23w;zhPJP?SSS
z<_nQelMh#WXWW34LUadprK8jwAwPJfjyA5LNu#Bnd2oO?1lzVtswk8)Q>m$`T;ps_
zis@CgSW=C?z0+T)FFNvh=3rp`@DfAjdV0#w{)#%`o~x~Fr^zs7&)CZ(Vg<)`3dGP(
zsBVqpHOkDM_O!;i$Sk?oslmi@;2j9&%rfAsqf0XZ)Zx25B8jxD1)+uFRzSNK@y4YR
zW`Zrx-aH3eOcbm4md(GeAbC+@P2M6HDX_aI-YfFEU!Z_vy0-#K=FaXDJeC+X%{z#!
zEP~i^r{M{%7e5RTj>olbTt>}_yAz$;KuagRw=Uf2K$)h=;qCQ?Csb(bZK>tP@woR-
zfG0V%5R%3X2v!U3U7>`Lr8JxB7v@q<I&9QgwD)yzIc|3Jh<1P!_)a1O_d(rqdv}cY
zn`Vn|lGI*t3<HI^-p<I;!A3M63r74*V*o)1@mYsq-W6g%;u6YFXu&^5u|i}*a+w}$
z<a*;BqGMU2v_HJUr-w}!9P>Lp^Y<4$v5LmmawF{aw@+$Vtug$TYy7pT%~SxZJGxL}
znR?KkDhlsZiS7j((`+*LK?g=ji;T~%f@JWm``iUJlX6R=)q|=)R5k^|yGM83-h}Pf
zNi0bIs6}7xv(8E4&!C=?jj3<8_58B!dhVb<)l+G-4BBjsYYaU$Y1g^aCLO3!IC-Br
z3eqi?!*ANzVcsq6{gI^|32^D_tZ|G%lX@>w1UHGG-jJXiHcr%()$nlbq}tNJoDgXE
z%F__-;k6#Wm*{n<>@{`d@jYN8YS{aEK<gWvDD`MXG}QAk<owaXQvS`5XB+zHj3msN
z*+qE@P#aV9TlGY<R0w_0V+8f4#&I2M+j%`FKaf*7oT>kD&j5D>ZHat2*PO7SyxW}O
z>$z(;d$@n8*tKtLcjETJIAWjA`OC?byz&Hp6KruB3ra+W6}3Svm!QJ6@wE<tfAU;D
z%h!Kg7uqTBVzQXIGB1qDw!EH1FRQcv(Jt;;)hj!J*K@V`Mp~dmWn_>3S;?1aUv6MO
z`sr6`y0~yZE_-inAg5&9WeTig(7l?In{cbMewi5zKNgwH(<(82AAFntYyF5&g~r9s
zwg&9BL}^f@bn(OYjy<@XWSW^-s<-+tv)6{*T5Yx9cnOdy)ccB396}HO4h?-M1Rx^u
zGg`}J*kW^8MnT}q3w=ieNe$`4tq%6J+^%h)cx?kSxNTF|_3Pyz&#Q<zittD$-pg)8
z4c2$z?4R?ox(>)7<L&3dRBYoj5?QsJbp~LCKzing)n=2Cg-qY&L6p$fsu3kA$X-8!
z0mUS(Ez~zIe|agtpS@ksY27Mw5Ag|sc(y)PF|5Wlpz4bHFddJ`qEE#yUZ#igZG;Hk
zlGZ1?$FB6@)rglIBz-6viVh$IT{DTJ8;me~2<DxiI?(Aaz{XY<!tiM*)evQRc`$~U
zd&*z)1OXW7uIdzy|3>F$6)4|LxZ}Rpx;Y>}cpWb@$)ji2#{s^d!>mNcHHJv7(L^p1
zDH@d&R&;ApJ8Yx~H*avEAE+o^Du^wERnG<0>2vgeO<!5Q575ENxabl!cCZ2^LiA*x
z|6p*mP$kQ$e!IJ7o*v?(g%`S$#?resQa2{&=g~$Vn_e%{Yn!mErV4rmh;4j=2JlpE
zRA-t<=w%anJF_gb%<9G`l^`;#T57mUgdM0Jb@%*5@^yzFOFtEU^1ocMMi1h_^|%@p
zln`Ipbx~vNCOeJ|(JT<ogM7{HCkd(1)n`AYY>nte_pBEKsE$hucR*M^+RBz<d7DSE
zA{unvCD>r<cTU@!AL@?gGViX8NkYEWJ)!cd4BYn`sdnnPvZtjADJyqc$&#n`@pPr_
zqIrDif4ncOe&ms_mcz9u1u(JPosHoZxn!zY@q_U?RY2$pP2V0>f?udUq1E{DW2MZ}
zc*z!?$*)Q&HZT=RlrwCaE3$vDi$_u4cql9D=vk_|!O-e6rW`Mx>dW+~m`Ptxb-vBd
zn46>Z6Nu`nIdWSN#2U=hFZE5ezf%y^|IZ*6c64_A>|6J1jglcTz#*#aY@A#mT4k3E
zrR+LxFtKm4!`<3BNX6{cyGu(;N7(t30^Yy!HdmDp?Ua@LLamOjAD?d^?H=J6&LP1q
z%$P_CX$LC+ee9CBOkn%|x$Bl-NT-Fs*QSRPY`O_ACJjV0n6s}a4~7G9k7#JCSDZ)|
z44PG)YVB!jkT?<tt<ZYBGyVwXyIVurwi){uVCQ@UmU9|!56vn9NK@7^8z_`vC|MB3
zK38*wx?@@aj2(Zb1+3h$$ut*nf4D}(tLr9%chAv37c_Be>3O-8j<`e>d{+7NCc$eX
zFPKWW-KxZ;Aj`m}AhR4HYiO7T@NGdS2h%zHbX#4{60ai+*s`PUwm0FOMWrg*hAMxU
z`~&x_4Yt;?;qf;iYmgxK$o36X6dHL9iMO6Xk79S0U5A<bH5S#D{jgSDkO?^1DeW+7
zsf`f0qWkj4h*_#E!6K3X+2{tw?8h*p#LrhJbR2BdF@nWm(i8fMeutg`gv>XT+dWS<
zw!!G`E?)gCn+hPP2X^woyPzw9pU%m{1Jd@R?fU(@wv)9Mn1;wLumKIm+v)vaY>gJ4
z2N3FOMMW<+?Q>u-lWtvkv=y~SWTyP!X3C!Xdd@ldy(Yx>)fF_GCFFzMc;(At+YLQL
z<2fRcY>^LrU581-DU{L4pa$pdRrTLnKT0zfl&sV1FLdi?cUWvrKqjIw5YVzT-QcH^
zI8f+aQ`=kPg0d{oEHRbwWlrq&6|2O>cHLJ@Oe($0<tPR>`-JXjIh?K-gNO!A`A9n=
zWk|{?ufjVO^z;gK%)%xgZQM`K00q#YRzUPd_{8&IVB?XdFcVAI$30Q6!|Vh?w~W=F
zP5~IP{sk3)bXTEZx$?u><%f5n`lz{b-{<O~Yc_Du$*BCXcDOV18n<v0;Mw~hmUyvI
z^V>fg6+t|OL4v}SKk14d?CdmyCWEPmYe4(K2+)L~^IvNm*TYN`N#XZkXY1JETd;kx
z?}Dgv`X*}k>hvbuxBOtQd97Nf2j02NPzg3P+3Dj9ZyKqQ4OkZBn~J>NI<D#HTH!wc
zJa{4PFbqz&4r3Y}8%Z@A%Bs8HBYb%oKij=ewY5f@>++UKIlM-sv5Ku^`_j^PF2V9+
z8nC_%`ULMWnBxx<(HVHq#a0+X!HxxxAnYw6&~Jxhbn@o{yg%j&JEH~$gY8F4+o*CM
z3miVYLG_0PJr#)&Z=OXq24Y?(QOOJ#U6G{e!T!5fw(@J>?w*hiU0{JIXjYL93^GYc
zz+u-w-zw{tBz;sme&#pqB^;^Ap}b*Bl!0WH1-XYjVlB5YMAh~N<iUz#^n0)rT?g!%
zXU5J;rHm<oT}EEO$YZ|oJ2IO=y>?-N0#ZfVkVpLpeUya)rb|?pRyyD;dcf6vlQHfY
zAPg7CZ85#kNr1pEgK0TQ4dv~tc&Q^~P)`ERfbL!M6tK)!A2d7b?t2}%lfJ1v#w6GW
zB%o9Sgm;R;nE3(Tv)bjJGAW*0(j|JKnu;Sw-^lgjEL{Q3oU1>5EQ=3gIsi!&Bj~#f
z$I1@MF`=E!(S!9)H%y9Q0y&|%_Zj6A($B_I$IY2KX`?>4`Mx5@Sy>8=Wf&=E8V8*m
zX$nAo7X`#uv=?2-d6GUhfx*^VDaz07>pTlGM^>i_ZQszAt2Df%Brd%URKfAEJA?Ti
zE+t?K(g|JT8^W@L3=!1lWI_azcU45cP7AZQ5nJ6wC3m<dxRHM8g4TO13m*FLB{Z#V
zvYBeDLx!Wsy2iObvkS4vkt=#2cj3yiEhQIP`NY!=%tBR#m#2E5WOx;Y-gnh|72?yC
zYZSWlYY?r78oYvqc!naK4p$1L?d|PRSGg`Th#WVOE}p}853p5x(xhj@d}mT8D<t^l
zgQw6|n!>|Okw?Qa@-6MYuSm~tEoelO+QP*lmQD~EVRy9v5>e&n@eiI;ryP-sRBr)h
zzQDpy^JX03yVoAfOV1l6vxm2N<Jw<^3NOM~<Dwn<4s<k&(qJ~CeV%saHTXSOD7d7K
z1lOc2TreKqi99{o8*>G7a!Eg{J-3Q-nN2M|(TMi7B;`Ebc88f#9uCdO9&C+TlBP#s
zT;}muCS%PJnQ_da0@-?U{)(bM#qvuaOM|K^Jt?G?$8|Yb;)94Z0k=LfsQ@C1=U_kC
zqb6Fv3sUu-xM~-VxgSIq9`8+9TF5**vMsP<S8zKbw+XPLf`47mXzg;c<rKHmxUX#c
z!mcG*1?G5j-)fN2-r$5fo^Uu;<iXnO3nG^!?8AB{E<MHUUt@hHHmOzFlr&05BpSAO
zE#JXoD^L>RGzssw3VO{B8p?9LGOI<-K&QWWp>5;L?mYh<{Lhg|t>I^Prywh&j`kT6
zD`$;eIQjswGUcPie`m#w?`t5a`)VjzPwYgs$Vg*z?wkcP&(4!JLLWVL^88H;kDm%`
zs%Ikz{g9yfI0qKz^0D~aeGB(|5vZOF!C3s$lf#cJtjMrLuM&NBjA?oMXHW<#$*Y35
zlHT}Epft{_53&ig6*lT1XVj6WJ$&Ov^$rRIH6rVPC4-$Y_%vXfz6%U)?ctyhYS5vs
zVH!luy$3pV%9^0o^N1~$l25%^nCXTHO1WSUHfiPz#`Qleg>Hg+v7HzaK3525JM2ey
z@tU=o#Oj(_MsFhDk+B$q^(8lXjCl(3c8<JHhMxgiF~*(s02(`Jos+zI9)}$O)Wq!a
z#U_!Ypo?1KHz?Dw1~VK6+gXkGi%m4EF9`4r6-+p6A+uN((8J9c$VOd0&Lq&*R~i24
zX%4KYA`!(0IMir{Yc|w}{Y`h#rcssxQXYJ^%b%YwE`<{|iS9SerJY+@kHNLQ|8VNW
zTbXtbtSu2J3nY^p5M>#yu#MFs-~`O4ih3Q-+hj0m1D{-F(7K|v1eUC~dKx1o-+O7=
z)U5G1tP87EZXIk4Cwd`HiX{A3fx{yy8TDF6j*Y-~AMzZyyQpffh){X`yoy9CqGtg_
z6aiLcWH=`SuL(~v&laKi(71aJ^5rGy23FZC6OGUI{aI!)VW3_H8E(Y<@TnsJMY9b~
z)&<fv`0}M@b~h?jvaj0ZR?)O)Vv{G01_SD0>UHXbw|_RCPd~@+91xQHM59I6W!)AF
zMPgi9yRS?jKN#3@J2@83ew%M05Pf?*LXOHv#vc&<Io-I(A?)E830n9$dqC@W{^KB2
zEVYGPV?ZvEcn)!eUbXWEtqV`JtURTc6vW$GfV(owZ<bQfiPPHMaRXIkA8$VWO0;y_
z+5)zI4v$c3gWNs+jRYF+yB>th9rSowWv&mYx(0Zh0_cLTSAGgOYU|7Q<z?v}L;T+j
zL+f}Nm39IsH@ve0-ST%r5-b)D-8OvG^)a1x#OlVHU+`-(h#E|)8aX!NNV{7Q{H|Km
zruL~siX44r%(wm}YCYv}XvsgH)N4_*-hh`7qCb>82s0z1SBU45HhJV8hX6|=d_g$q
znzt+#OnR|!wirP>Fg%cYoR1aG=9+)C-};TBjDSH^`ZC$(BVMYi>>z6P894~!euji2
zf6O%AWd4a2E!G9@MMbe_bk~Nb3-+%aA8okIgBc944TVfw4^ZIr9rVjWyD(2+U!T+_
zBJqV!VRJ&V<%o3mOX-RTpEV*%ssY=xG3@$!kcL*X%<8eU%wRWJd0eo-iQIv8VjN6a
z0$bMP;<l?-ETm?>`gdI&&eNo$lMIm(c5jQIhkTyDNov5VoMw!2Ka$Xp+E;-*OM)?9
z&D7s{24)wrRg7;H4%FxK2y|}sNmA!9-(_R5tV73*R2KJFh=g()HQ#Ckz;-*ByKKCq
zFr1j9Ibr%fR`Pu9C7=qeExUx~$$CwKb`w~5kJPrUlh;#IwL_9`0vnMhp#SN9e<#bP
zSuxJ4JrfSgT<(Vi_OtKW8CC+>h?Q;jm&yXEJUAYY^_CQ7CeusUd@E|eqH5P}a=;w1
zP`y&{0C55>=_Xs3nrPd-%aB<O^HtY@{1m<`PxTV_$&M*YT%{~@!+NCH-#WBZ(X1!l
zl6iGqBifw`f{<PLb{hO%HV4OBpdM3p^3!xBR5NpB3d2@%10xv{bEME3yACeHLt0Db
zR=a4Vc)(CS*i0S?s1$B}2AI-3(5>ak$15xdSz{<v>fF&+x^pNGx6{P~LQLOT9WAi1
zhsNv;TpMS-_*(T#jw=6{cN=N2{tw{fr6%Jz#pN&SK9(;L`JzTi6mW16f>ZY<p&mV-
z6WKo-xQIj0fX{N64cjL83~3_BM$oM4+-G<S3WYqRdEeM&lZLayaL%1;L+;Egs#(WT
z>WXF8j%a!7mUBW5cBx;azz4D_u!=@E5!W9|InX)zVzVA9<oB7!XoHeIAMfRDF#bI>
z*lodtY;h{d^tIC<-f)Urbw0*r!ma|R|Ka<Rnacp{?|7r?G*0_28(D8_>zWnMG!qK-
zSh$RSbiw6gqx}MllrT5<nx4~%_x^sCUQgq&NS*W7r||Q4?yssB%|aFr?Y9O7QVIgI
z&|bPfICxB%mpEn}Ui<?b0esW(-k>|FD!=|28ETos4e#N1(NOFZm2ppp<j=3MW!$fh
z?9-VJdX**)LnVQv4DmTGJDQXNu42`>@2*Z>_a5_DVYxO2hN2nPH=uX}93dhx!DojY
zJ23CdC9QD6g74QA_C+&0abI2Y+*wwxcuxU(-T|U)epU!{2-jGB|4b_%E#V@FY>(r%
z(6QYWd^xMAngis;JXMw`=j4i)CK<Mrvp*c!O`H<Pd`d`sys?GW%-NSJ_mnC47T%ld
za+;zBc;{8fUJVaAOnK~4!rA)j_JluV2CW)Q)&fS$FNbZe;2fpGK*wXUyF`0iyJ_Dt
zwKhZ6#s<|A^Mwh`np(qQ3C8D2CaAi#f9~Gd_Q44i%pCi`!ZPV(_GzFDNVT^WMcW*D
z+z35uMZA2MiAa(}pjyWp>ouLnyJ7nK4E(u&W&r?6PSADsa8Mt@n6<_h%-NSjJe#EY
zs6%>#j>fz2iM(BJC1#;_Z9wxkOLaoL9_Y@^)a#)XOqX9#-?c#q+4h&_fE6o<Jj7u7
zQfErCsh~bhSn^qS)W{f$H;M#xj*c;eI#yA`%Zkvu1~#AJ$0j*|7q0GI-Y+MZlsqSM
zBAe21?x3U3XkDM^fQ#)Yp*j>FK9%-Zgu?5m-i4}ok;zyu-@axTVfKLqqB^5x7|1GE
z6jR2FU8N&1QRY-+c3v8jo^y}=hdXx((9TECaVRa=HH%C4zdYKrN$#QzxN?($cc5Nb
z<X~0xK}HdG2v{B@>x&UfPT2*!>`Bl*<<FSZK7VMUXXSt#<U6T*Fp8p>T`)`eHQ&Z~
zT-L;^x|s@39=nAotk!&}E_AwA6b6|0<6~IX3lWc@qa&5=HxvsfnP`(n%!cvUQ0XI$
zgQ|T*7F09^kAc|yd4*<)(cs>EgoVX^(bfWasu`b~?b0W2XH;+5v7P;av!dDeVI~%#
zWWOx5!cE?}f3$6!C$_79RWqfrqD%yoRhu(Ss~6|1z+@z9;NZO}L+sL`FSionK|>U@
zVYx(zRE-mQMm8|KrZkAOb8{e1Q&nDaaMF?AteaI6jO!a-KeFB^d%$x+cRDlC2B@Pv
zRU$}8A>0MQ@XkT_a&kIM5ZMCOG9~12`iWc=01EwASfj;piujhC3>x6GX3_yk&;8Ns
z=t3O6Oye7Z7=kJ9jY!A$D}@?}VWL=|&x7I1f0}23@bi$wxNVcSF2w4y2|SyeZDSN7
z)WlnGG*AFudh!t0RvO4U=K(+gq}n{82ig?J#|O5^{t?K`v%(VJKmeLWJ6n%wb#V!4
zMc)j~?d?CeH)U3SK(b{CgRwYkARIu|B~RX&YMZhmI!n43@12KCjSl7YW_5yM7z^t}
z^mcmm>b~~~Lj@0pQ<@je>!4F&fQLqZFSCp-wc1Rt8++K3sy6eTkWv?tHx(x`p{A{X
zc*RcK%78-|Q4R4Yk&R)dZ&AD*JIErcOl`++5~BA(>`|3G^vu(fae+KozSr>xGg-Mn
z<b67aJ=qko$AQ%<hM@SBzqbiy5vH+hfi?(1?e1?AkB&D^*25KGU#s=7;}EIyT&HwP
zuB<pJ6-p@&Tb;uj#G7>dZr?X6@!-gxaC>E=L_upO0Cy+g!cKqH+_wGlk4Nabll!C(
zZ||Yvt{^7%s5zui134`4Tx7PO%lf?v7*n{unkwDO!na9blU$fW4~Y;CW8LxPNlpHm
ztRS}btjB@x2TD=jo_Mok<Zv6%0U|>8U3lwz&Nqo-rlI`nv~g>;sVO1f+)r?U58i#Y
z-2(C7QD1D-1~U&*x?8XUtMIPWRGOect9uH%zid>PsM-IYe9<&3jxD@!7vR-qS5aaq
z|A)1=fU0s`yM`4(2?YcRl~#~$=}x7)8)>AwmPiYTAe{md(%m85-7Vd@=vaLBa_{r*
zbKbMh_`d&)e+&l0!9dnp&vQRl%xhkAX33@T-5vv~2Yqb|yn7f$zno31f>Xz%86+cs
zmK;z)3&IOxBGtpoR?PYw7q6juJh&JFWOvo|-Cw}RdO1s@P~&If^$P%FPXEa4v#WhT
za2Ju__YO;koQ_Lzp;C^Px>GL6bn8S%9LXDwc76U#z|XWw&*Zcm{{92yRe$npMb8w^
z0pK1{L#7CrbrQ9w1MzZ8;V%L*+$-tT3;2wjyFRaj8Bf%<a`w?m%B$6R_vh|BE4}Ka
z86cY&*YYN^J8rSUX>d@MF4Tu^JFR{9X<}XUZoPos=8pv20%f#$4ayj8r?~6P%qgp}
zEvnL^e(wE<CSm_rIF&tu>gy|$$wtEt8H(OQ_FfmL^oen%1-0x=`D@WqFJYatYFVTw
zb9A<cC<?$eqO{9vZ*N*-n+FM#H^1_9B+MHTJ1cuzURXPf|MpsOul9_{z0xfCZ0F=-
zPWDcG&6S@{J$w|O@H^HLB7jFvE-j}OsC=4n+AjI#>6{eD>rCKClzlGDwV4|iP?n)p
z5RsPmlH<E|i0bIp8RzrnyT6UciG+qLr>x%dmJnyF0nC4UkNaLJo!cF6gqJY&DlY`*
z$_?kK+l#8^jw&iO4(8Tg#KpvEgJ(+_Y05v-4fwIi=Ez-|#j&ufXtyw%Yi#Y09*-9M
z_`<UNs<vVqb@#>SEB})SOyXCyXFDpl(SQhsQX#MCoG9hoIOjSsH(YMvJfid9DX}W4
zl{THrEzI-C^2*7W7lJ7J(+sTmIUD!yybY+a%3lzWh^bbq-@6)7%Hqw)v_C6*Lan6s
zELX1()^H7LjH!OVW}RZit#1^KM8>p}3C3;Tvib8O`4TtwJa$q=2;YnXxh00Ze!;Mb
z5w}+<Xoml@`|t;Yz{dXr1317L(i{U6k=}Iy#8zZnu`WOfAdcB6Vq-I5H@H?WZQcsw
z6}@_inu0>aPA$?&brc$MhOpcNf|Y&)gPb^`|Jg$F*^zWc_7(Z%s9fEJ8nAJXfWt-r
z;7(**dD&Utd$Z>CMuU^xTqlcCLB7R>zJ`E3c>CYQ0lxft0WX}z!)$n|B<_n<?hU6L
z>$j-nr?4%G@bVE(pKqk&9PQRvul{Pfaf^zi_biS_J-S~FY=knml69O{0H+nljOt>y
za^c<JPp`+1WeAuZvRTa?vWOab6Pbk9`g+cdbwe&+_I&SBl=7pR>nG|TX%ZmB9PI&u
zkWnK6Yp$34R@JMx7hupS^<k)?50zreF@4lwh}feDJ~5ggjn&Vw){fhrv7UGvwpTFt
z2F?r!WjBds1CCzNcW<tYCMR@u89f;f+xR?JydMy;UeRhsr)3^HNT*otuly!vJtQ#w
zoIf!$FgH(sV=sGGM0R`k>H(G%0jo<<&8vO3IoFzGw{&H7dDWV_EBc9($}sPBWM7Rx
z`7`K%KV$f@ELVA~;42XVGuX6`ysTu8Xy!_EIrtXubj-gM^Kf05S>%er=A-8wUQg)p
z55;B;sv$3#%ND7#x&2F`YzQf%^B%#~+QR|snoZ*&9Hf(h&eyv6;i^hM6&S|L2D#o1
zzxBH~-L)q^8c%Ik$dK$>lTMh0<#pNoB*`08lo|*PW=S0cOGlmi+|FHuq0fF`Sl_7L
z^gfGTMCK~uWM`X~lFo+^vAw^%-AO{Kd!qcjUALz8v3!lNgu=_0N>85PU?PeL$ko(p
zav=ptp4G?P=ie;46K;h_EA;GT<bItA=l0axRQy!^1%cNrul?Ezq`$X6*>%lxTYmU^
z*J|46ET@g@K0>d7kW%e!DMuoucH(|&cXZ*KxYBnxDrUFQ(OBw~yHs_tFJ9Fvm6W+q
ztsv~)E^-6muPuikh$zv>BC5p++_q^@m$U@RaEweS{^(t&n1a(~Y{b9Zs_y*x?-1mT
z?Xl~;63D{*N`Gk>zia3;s<8$mk}DWgWRCtA!T*HiDz)buR3{sRoiP-LzRN*HDY%L7
zv5S<F5JN7bJIdZ=gSyHN9aB;19)jSjpBTM-x7YTrsqbP^#k@tCfD?3T61VfSU9o4#
z9|T@v%dwM$&xTTtcqn-?_E{w*plt_%Pj%S26}AAu6Y}SDSej&d#`6xpo+NKu6wlV+
z;%L=u^5C(8X|t86`{@R~U+m?F4&)}H+6pB>y!B!^qvKenR$O~}U4x03_ZezBtE&UR
zv^-_H>_)1_9R}zUexmtar*k!ohh><<&b!lXsU9G|njLR2MKVCV)QvC8%#N<4m5Wxl
zZ{O<kX+k$Cx{3Ha)OI7R-*{3qFsO^PG^xkNz7R*JvV50H&;K0*C2sxKR$N=8rTQ1q
zTj~u%RWq@aJ;cDh;S;VrWNgVuN<rNa!dGD(`vy8CYS5jjQn!=glB0mo_bRU-*N5Wz
zRQX?9yevNmh+yiW1p-fapS=Z$art(Gd#?6u%FDN3hiQa5V_DUiFWsQ`YiMW#9=zBH
zW>?u>-yYT#D)N#FEOFkQr=mqAD$y_!=y`=r3utO0Pg$l5Y<1D}&v_2D+i_J-eomZC
zEV%f@v)!m^-1nkI>;s^Sm`CX17j|pDXPo9Cb>qoAu8Cm7h%zi!r-OTcJS&XPoZ@RH
zitQTiA}(7RLT#S$#F%UfU&e!GX%~e>l^I21u@HPwBvf21m8CuTh?iaO*umWpdnH2<
zmQCLg@07N6qbtR8r}}6mBdtxR1S8b1Rcx`srP}sNWk!-BLziB5DjA~l2}?b3gP?bG
zQ|m!R{^P)Y1NIlTX?)2WloBiHKf(n0Yrs|H3H%!ynGZ4oy1Azm5=yJRk@7}97f+=G
z=b=-jiUdQhUi21Ecu=r8Ax`qieI#0Tiu2hrkda7wl30T4T}6>Kli(oR*2aS(<>42W
zi9({E9&{Xwh<xr2t1!4iJh+EbA|{BiQ&F8$bRMo#WgtO8G|uOC9cvXBkn&14nYoMu
z2PxnKy|+Lf`L_m$0o|P}Z}HU!Beb2AG>D&Qdwaez5NABLp0lYU)nZHGbBzGReeTQC
z8P8$Dr&&D-FjESdM6UN-IP_YvwXzUo=XQ&UyvLdSkZ(L-pPWhj5%5v1n$3c71VaHG
zSAbk1I<ofm8Y-)SO(X+!#<N0%20Mf}E4X5nJY;RvN?e%wVwtqtFT&`hR(9=$L_j&p
zMap;`2eb@j%FQP-ft(7Io(r-^0G1t<+Q*3N_baUzGLyKS0{5GrgF_W25lu^u<VIas
z${0T4m>Wc^QSEV2QYO;-F$qt{Meq~RRL-{&u^k>K<w|H4_uaHwhx$4keX@y`=qPx#
zoLgtNikh!m8SRCM&}ungly0}$Gn8AX5{^qU<>v_eHaD{|rAa>syu*Bx!uMjX+B294
z)%j<GuLugZ{HMqtt(<OcF*})1k+HVtBlnKvzTj!!#~`B4zp-Ph(72duux=|qh;Z0V
zB)3p8xa)R#ylF&7D?z|({N#qD;p%u$D)4-J++CcacxL(0bGA1<L7T&wcncWh8yPW{
z3y)0(5>xl)xP$k5Aty_Mp^e81D9;#eis~OZZ64Y}!w5tUPLs%*mwz2*+uU5fzWgp~
zPi3iOcK-08ceckZUhHGBB#on024Dn=cQ{Sz#qBY3ThZxJIPrsK--oRLEr!8{1CLEH
z%bswuLX4y)crLLmh}Ug0FD2~RYoWTlQSJE-@dsypm-4J!6tusHd5!aWRnB(VPj>$H
zD3ji$u^3h9e&$4RCn%h%6G|cV@aI9DN~*)%@UA9{S3a?V>QY)Sc-ZN*sxS)@eL9~h
z|M@_CNcvE7xA;}-(HkjuM#8z)pdGC0+YjE6%E)pd&0k;1Zh$QhC-1aU4hF@w-sVS8
zM$&h^7D}_pr_h0bZ1+m5X4J8J?(tX@$(RMarD&wzuo$OVc!Fo^T)(!55sS}MzPF!L
z{xM9GwtsJ@S<v&<+0{0kX7=fJVb2OfW8$LTWBJwHvD!*Zz40<l6{XE<SNYiX^~yYI
zm7JGflR664$Cm#HgC#0{K~I_AVUG8RDeld(31;b3ek!H3-Hae-eNgZg2g~E*hkM@H
zRW8eeO?RvgBxMKzbBatf*fsCu+7HU=ISq)ZN4}DLPI0p<>6uFVaU4VBK5sZYFIgWE
z@(kwZK2B%$ezT1CaLteQ+Y>5<?yb+n+!6q0v(bDF!IMeg8)<;FT$Z!iuf?41c7AFN
z#*0D4rF>@%%fs9*Z5!GkFqpp4b>PG8_moYdc%=M8#m8!{=B;Mq{7&8T8F}9i;mGu#
z9QxL+HkL#hbnNwllL^AC(nR)Zy`->Sz7Yt0_Byk2dmN{cWobz8aB2LT;5`n_GPG+f
zjhPCz7!^Qd%)EDXCSJ?*t%U?wZ~yZbrZzI7!Fw)DN5lx#cc@1sQV&<cSyf|7V)38V
zM63n)3dEYCzmWLT+wKDdSZ_J3;9wI=iL=|1)xNfxDB#7xipHKQFGjWW{DNdTfTrqY
zJ^n-3(k!PtH)_o4%B03&Gy5bfMPYN;h!V(^o;rNCAq4Z3@5RmJW%kHuy256yE&JAf
z!RzleD-}xD`ly1}xUPze?)Mr*A1=2KQ!Q>yQG(^?BtEO5kAU0BX@>Fz3OoRknuUZn
zD~j6N_hLD#uqlojhJjf)z-!6#Q7NP%1Fb&srEu5^#Xd=q)UI*LpjOVYV>?og?Yww^
z{_JH>QSb(5sYy>&a)VwI!ln5*WC<@$@cQtjl!tJY;_iHUR&TeX-JF<rTN)iAoGYr>
z9m&RozHV4dQ9GOb+5#7J**)2m!=P$OejI2X%-+PuXh|4TC=WREsd>%KTP*>Q;O#SM
zDv{Y*>%yXl^ZIjiMyK1H%XXDi9mvfi{ql+rHjm$z243{E>6)&e5|+KcVk=x#=JkeI
zzVeM3%Tb9L>rdbgXl_l2OKx7F8d*IfTHl<h#Utc&n^ZhSp6b{ez@yhNw+6NEp2PJd
z)0LA$NNej=<Aw`C$YmnC?p<o7@03ZLo}bW(xlALG%;Z0Op#K<*Fvm29L@qN*6Zjb%
zoklK-xmw56Q$j9zVE(z{tm~qNPp4D&<-Ahb;h}C{GEIHC%>vx3mJUU{!}i<2znmIy
zf-nh@L-092p$6hbdO9xbSV>)8o*phQ8SN(T>5e<8ihmm>m8zqY7o!LeAe3Y|q0~3P
zN5ftp0FI&$MI!J1X#og95s2M*Lz~GLJKh!qvUYkhZw)s(52{shIj_^nbAB(6OTgyb
z{MB^N0hqxyx^)*MsAqQ~L`w=Go{h-zbE>^PR#68#l^IuSjj$RSKzy;^wi>BU2C|BZ
z{fV3+jgS`={rK76w3JJ;3pK{5y>r-vwicIv(&t}%onyIdVG-gA6cZr%gguC7okx!-
zdYGE#E}wYEH%R{aPFvBQQRkQNh^#k)s)ahKwO;cN+8Lk7yKzV$;$hF;+g@tjpq5za
zO8bm*i*7&@6vLpK`4+n)7%xvoY_obL-yV~~?S=2nzg;#C1h{3we47|LvDMVo!$Rw`
zCps;A3yreE_h&-P5DT&zCZ5E7<WZA4zTrTk$)cC?rCHaL7pwpC5B(Ck(<~xR!UWE8
z`bq+fh}V4xAZMlk7XEy%L*+ZR-s5**(cBd5HJ2H7IK{w<zFCi}mSz;~19Ql9|3`c_
zT|S7Icf4bz?<}>(dU~YyY>-HW(2JwqAbJPBU~~)Vd**s(rTwB{h@_%*Ndz76DUl6m
zn({U9D8!s;g1D%v?8ePV(El}tfYb1c;Vv?^K2!L*RMo+|C(PDFv=o=_2&DYTAAVc<
z#gg99PkT`wODp9-Kvj{3<qZffXwE%8RN*#r9#^ODH@95prpr(1fwFeYbh))GSZn)g
z2JFcR9kH$8s-lPn#CNq5@u#d942V5LI5M$*g1U~k1RoE%RR=-XA3Ys}Tz~~DrqxHa
zPP#u~vimnzNpAt{4~$GsXxL~tv~OhF8ea>=BCGa$^VP}`|M?!Pe!oY2o>-?9?|g7A
zmV4rqfL(>V57-Y+O<=crQ*5wCtG@DTAHa>74sD*-=eF)TBJlTy=bgQDO6DZrVQR>H
zclNezB|W(KKe~Z_2nENhSTnY>Adxc<1uerBy4Gxvwp)e_TL5ObilByFY1sqhczIx=
z@^OJu<Ie9#C6F0WCWY&<(IplR*T)AV@{5$M{e0hLlHzL|cEv1t!}kY5n*E^bR4-rp
zR#@G%o3g`$(;r__m_Kh)P)sQi{_UpyBM%IPfVYH6aTKZjoJb7l8GAD_ov&LHfR%4@
za_M;5bLmv1-`CTdQW6}#4q=}MBcFMSa1IeC-`j`Azos(u4~e98wF7Fpk8d1rxCptu
zLdFX<@eT=vg8w|Vm@O#3U=04mdJi%Frq}!9eIkMrL@Kp{O{!I8rvt2Re1n?msKG>u
z)ofUy**ECp)WfYm>?{NC!?O_28yCji&U>1FJz$t4@E6G>)(`p5FG3<!XaBspmE%c3
zvyiF;hNCSi4i$`*EeZcI=Us(NDJ03DVlzAaJoq2|<qfXNXPX1P>F@^?|8q43NHVeE
zhmXG*{~rhEk0bui-vwgv!)wa2ITlcHX-VD%vFR^;L_*VJVp4lR<#l}?$>-UwryS-c
z`1=l}Jq4ee5Cfk`iu>p%?w@B7{IOOCgsR)%O>z8X;05}}A^5lN@C#Okf-UUV*4h?~
zD+t8agM~gl`9Y~(@~$a|=;Y(?XHSF$SX*)tG5$W-bbtM+z)eJ(TfC7l#`XvQ@nnS4
zNC6b7hzIfBgVV4w;k)_<cf0s3Pb5CJwUWpPS44NJV8fqI_}2$`DCfZVZ!VWe0V5Oj
z0mux-OiVnMIKamKr-4Bcg;A!II;Bh^$NxVc1(QN3*0eOXih?InXsyqOkx32D57@rk
z&ov)K`~CSbAHhF?%iw?W3BV1X@eA@p#f{7oRNIh<=l^|tYbe3bX-l&4;1?+E75qMj
zJ^%0Svtcb`v7TT8&AJ>eMRSz>0X+&P#k11B6n_4C&Blh=YV%bIE&#vUwwwHbt(~bo
zb%Nh}ftOex7>6G7{dX@3j#jlDI)=718ZNjUg9Y$cOy8Z!!pM+F65FeDgx-Hd$kxlT
zT&e_ty5~LQh974VEci7<CdSAlbk#%q>rpr0g2%<<7a@oLF)scNLDRGp{sH-!@R%57
zUqp`zUh*p;%Nkk$A#fLWoOGH$U~jZ{^{f^0JBlO`6yoj5I+rH>cD<P;%(oiaD+N?q
z(nW%>o;odpnXv<4+0+34m_=CUo8A}(Vz4C<6Y=t`5Re<r1U~gh`Okr~!uMuBv>_lP
zA`3?qKshzU(0DBbn2l%}3E7j}clqdnl=3&JIA(?JNUGKAI=2(*n}e1xdGi7{;vl+!
zO3p_ht-bwko-FurL=Fx*;`$;KsQ2+Hi4<$*b|F|}xo*#&RscQzOHrHTBm7-M=Mh~G
zrg2l%NQneSeI9Z!e0-k*yE)UXafMRsE;ObzH#ctrBXujNSnFr7P%H<wm)<GjG3b16
z@(Dn!Q^&PvI8h;#Na5pc0|w@)UbvJxH4Z`G7iB;VZZ{ba`U~q#41E$0Jy?eL4k!Y(
ztWLneoeN-^asvTXJHg#3^J}ai42om?cek`yJ60`QPtc7Tmj4(RUjEUnf78YWpH}Rz
zPn(|0SPU-l@nS&e3JFkAr_4ut7CMpu#MkUWj(x`Ml$iWv@$m9wAw#3wyvr$!kXvTC
z9jSs}I-WHXu&EU4Tn>3Y@1{Utsn!h_{(x4p$VBYqM)7N#2mA(=<Nkao0KAP0zlf%V
z5%Jm;pSzwP=*M%|M)2w?g}Ee*z=NaUe|HPpo%9WwKC-Fy>+9#5dc8r`;(V~31}YsU
zb%>uoY>nM&EV|oD<?Bn^^8QmWqF1;+KMcx0%~vmN&-et!Xv0&bCfdU<s28JDby5M;
zMV5eufsqB&@t?Bg`v!rs<1tz7szx$Lvw<F$+hH4ChF`NU%KN>%mgZ*DxtbG=hQQF0
znN8s5CO=zsXnM9c*Ls7lbbh|Prqtl!>JG4vB(e$*(34PYc5|v0B(@51Iql{lu*{UK
zT9gOL@}rz{$<CCS36o1s(;Df3mda^ol4{Onp~}{0vfLhsY_Aj>-hJ@^HxvvXMhE6a
zWSp$+pMm_p3<?mC|B?R68ca!d_HGR>AGe?Xl_&qm3V(fX7D2{-UywNAAE1B?QhV)7
z&{_75>!zkQUW96%Byt(HJ5WjS0D$}vF<-O&+MCJk++UI?*g&+%d26DuQD2ruiBeWN
zfepvtXO+WZGtx6IhgkiFjl@_WMZYy$ja_^Pdbr$i4BCZ}t+7;pVe{E@VYibp)zyYt
z=l$UickgWi|15vk@Qt_+g-{1@up-GsQM+70WigyoVc)m2RBMzgODTAbXm|Tf&?l)>
zq~|?6FaMYE8U#;usfXJ2A93lmz+>J7PX(q@e|=nYmDpHnWoowzql7WuisMs}D#Qk-
zlbj-0Wq?cy-)^xyZp&(4LV!Y+44vplfT&S871nuPIk|IIY@7{CGRT8)6qwIz#{q%y
zXxBPvx5F{q=|)In2$WdYHz?5>OnD-y6e)nUQ=_ls98uy5R+V;zc?^a0Gl^Id(zyor
z02tQz?&<DTwA#;2`g3M_Wj3%$uaqwK2rvj_`G>#?PnOdZKOw$J=bJO)*(~5Y;WK%{
zQhV_l6~N{cY>#^M!GdX-%OO^}<!PCWP-`dO9;dIr|M2C>^PMXt-z(5msxNw-b9Pf+
z9<D4vUWS4H_LRuN(-Op;G(aGa0-P4nYP<EchnpkV!6XAo+zhm=R;j=vA;)+nE2;z?
zC+N`wFRy<2fD)p~D;8NGFHbYaVbAZn2d+;`b<gRp)9#EsScTXO|22{&tLt9#iQ{-6
zpqSIX9&($^L6H%ZZvtRWwVF4LV0j-f!r!vl?#-%`n%|_D_b-0+i+c3@^>>b?1)%V6
zy4tO5*EsJ#l<3bmboa$#Q`rj)%fIrJfYhrGSB<e=zD#_76;J=G6#KyVxLG7Y$3%M4
zJf7W}2%PVKyWwKL$=v2Iecu8U%I3#4=x(COYNtxqt9A@0ns$uUoJsRcxLl83{$Of6
z)A7s!u7(XWr2Pn7xWhkw<ucj=MV01qd$&uFth5nzX^X(PnF)tduU0O*W(?R;hM6t<
zOViUA-aL)T*#`87%xF6P@C2}t`$XlDYOeNCsp(MKXp#Os;dZb{6i(KkAsNFNxd<yg
zU<MVI!}6N+vq8w6xkktWX&6)tbdTA949<Mf8J;fmi?fMT@^Gnb!v}+pai@b{C<LzV
z5)TAGe16IiKd<dIt{k3aU$?n9GIAwtuvx^rqNg$1jS38$;_P-jZ<$YV?QX80uXpcS
zwm$|#6n?9^d83qN<MvGZxiYh_Pe>>vqkHGqK#2CO-TyjTX>ARF<Ax_cPj_bq8g#>e
zZ(72<=NVz#@p9OeS^L9;p9<D3rZU`U*keBG^;WHa6w&`V?EF=O2$0k~K0i4UomzcD
zr6^We@Sv;_lVbW<%x0Bf1^aHZ$TCzVXm4~L;BGnDi&>2qk7y1fHVPTT{Ve<9U&G6a
zuK4}A+E;m*+F38(M#uqN>pPOj{2?#|8jjKR+8n$DghJo3dQ0ZeHb={w{U)CW$6%=h
zjLzN~acK@|0{*pfftGq;7InAVR5NJ+jcUQ9pOa;rd}Yx_Fk|@KZpoE_(`qm7T&7eU
z^|mquK+V#$M9T-jJ<*_Y&~k_Yko`{&OAdfknVG}JAgOW)kb<LLdE2_$8~YT*0O^`p
zW87H?IyhJLPmprBrj#AQGqbu@kw0TPwA5xE^Fy}c{v@F0Y~se#=;5mRDNFIGSV~7A
zeIWo^CxT#iCdw9;9u|7lZ|{Q?!E@h<sgF$bwLcKC96mq14I<5tR3@}pTOS~Bq~8v$
zZ-hFu1}-YBbU{sl$k-F21~JE(EZKF~1s7Wq4Y4>MMBUVVJG0O6tUWZr6x34+9C0ir
zGMu*;RRq`w66=HY?(F)9tc6m^%toI$Vl3A`&ie!S|Ek_)NGKo&bay|!AN|LN?SDOc
zcf3s{KwCQF?ZbG;9~?wVN?HUOA?VX)5yKJ~>Z6-J>)D)jC5T_p&DGggdSi99a=<S{
zMTxVv{y?`pR(M-r)0h}B89(off}Ig;+%K1>#$-ORXCD_cM+&)Em7+3TLB!2*#HIHe
zL6h_c6-30UOcED4v?TT*JuJS{#l?jqU%OVOJ?Yj3i^8}oLi7{Clr&xNidt;jjj?_T
zs&(BV7kok2s$|k)z77*!TFn|)R$D#|n|o@1ezBfn28OH5R!&;UB3k$EA6IHd@c==d
zzGU7RtMDSg*j1qIY-T3v068f`?<;r9j>T9G`Bk}EAXX)+ZCcbfH2NfMjMCceuz1$g
zC(UDQ0fU2#RAtLmd~EZ4WVB55YDGW2>U3Q*BFdUO4S%_^dYs!Rs9@(uu2yiwCZ%hQ
z)4J=foB7-)mIGwbYO1Gd8(mgijaPf_251rUAE!V#<+WWxEN+utXFGxF?a$Y<n)GW0
z&=;S(bbe`4(A%<fRI+YSkL}cY4w>vsrMLX&F8KfQZvjT+mCh&@{IQyR==GGn9WgD%
z{O2(O)Iac<qA?mjdX#37%2y#{grE(;K2`<7rC!S_yjhnor1Dhq;~f}!UwhrQV6Z9%
zq9xr6?vF=qdZsxtl8-eG3jKMP<wtRzU>AozdI_Fs$R+At=I<BleGzpg@WAn)(kIj8
zy1v?PG*XAP+`LKTDE3V7(*qd|JFUC^l=XAb`IjplIjxtV7~U;OX$z$-_(aU#@WlQR
z0mqwYc5ZrSvVyI#TzTOC_HM4m!XoZqCyd?-)KV<@TGa}B7sn&xtpuFFrX>Qn7tt&m
z!$z~^edZyzyz0jQ<7p;a;)pQ^?jj<)GnLo{kma}A5#S+;aXl_Bel3kF%T*g`HMC?%
z4NA7&Mw>;l+7n3{qiSXv`%zSIv#8DveK6)@mPCwfBSzG|b>Wf^r0~mLoe_Tn^mCgM
z;UZ@61fronz#uZ<?>H8le6|L3dow=7T#b~PFnF?$<zKPY0~J!{zA5Ugd4GB-B`um@
zDB9hBij#lUY=8g5kJ5LVTlKKn3ivBDrQYe21(aI|nE@mAqF7TN>AWn^X7>*MPhGba
z#s~z$##`ytrykiC>eO$xhd%d@!XW08(hz)SVJY!bwaiqW%3v8`hs<>-t*upMrVdFL
zNmn9vBfkMSbiI`f>WQX1iyqVGN5i{1-Ig>{$ckRx8_%zuwRY0l6VZ~;>O_#N=ym}$
zeSlZ?qgA{3HbdvV+3+sy8i!N_q$A02&0LjyWfjE~H~vY-*TGVu2(>Q;fWYl+TSt6Y
zH6PoHnEAwuF;yD0%IQ#}>b``^LHLHotb}^O&u)UTjvWSY&3_PlKW|x=2i(E$lJA_X
z^B?e?S}L>B(#~4hMxJRtP3VuJO9D$&vev_-^D=?b!9mcdd&KTWoRO7R$GCg__G_59
z@+pHrR1G9n$wXS8Kdw8el+yPDl)tLzzmTkd0CWHH6HF<9<J|vRa8>g^V8B7qSeYKo
z0~vcx7RSOJbX9BXfA)}WGAH7(lOXJLN73N%dR<QnGOo@F0Z5z*^aBn6aa~NS4)#3T
z7)pl^W$Y5@T5rG>b+g|-k{S6>rx1b3vGPHNZxAhy1MW~UpsYM)9t4Zo0$|fTYIh%~
z-mDGik}UT_)J$Ul)B%douVvq3K|MWXZRC2`-j^_%Z^7=)#IkJnYDpnP-E#7WqKW(S
z1`&;ND^VlgToZJ#_MHVX&V@oRW7t*zl*yqVjC4E~`D!wyjLX?I(?&ZogV9e)L_a-A
zMJJr@`EFfdl|ddH(^(Z&qUF6+8ONE^9k0K?%@gG_3OlHyRm@~v1>5n7nw%LKLgfil
z1BskH^uLsESXkJSw!wh|zDr{{Ph$qaC`SPx+V5(to+?*9>mKI-&j8Uen}dGZ7Q1f{
z7v2AdYT~0P{2>TG(XzJ0qo7vpUrf#Y)jb7ODz3l-iO1`o5|3{X*j)H_ygA}tAUD$!
zjRUNhLV5j=AYfkn&2p+_YD8%z6Y~m;l*HA7&=lVuji@%oU{RF37F$)AOeHIB`j`tA
zl(1@ZjdC4;iU$r^yYQ)HT_aeAk9=*RvWYO=&_cCDE5*tJ4@%+9p;ng;n*>@fxPigp
zS8aw;G-GrcmAvm@siU@U`+dMxhjrtP7|_PHNvJm;qXu#5MRkhyyV59rXTuR1Dy=F;
z$DK(*ifU|%ttB?yZaX3xd!^8+5rW~X)DF+2EVrlY9B6s~C!wFUjfqTCn;*bMnZjXv
zKw}79jqMamzR`E?-)!X>UB7hSuNQx9F}<d0YD$@}+bGDebXrAI0DA3T&G-KTIsb1d
z;tMiB&|Vhl<b>`vi&Vtoi(jK*Xo`Zm#-~k$0orzKg^V3KbV0*<%-(35o2+>An1ULw
zFD!*8QxfmiesQY+sp1od-3n#Q9LR3idl0C?T5nv2ktlBqSaLQ6jq&MA5NjHcv8#uH
zvC$xKts>uEsC8!Oi(^r3?}_$|i)S?x0*Fe)%=J1jOg!QbrU3mY2DSVWxf|?aov>Bo
zw3lpYplTKcF3?LYYPOSBZ8D(acA~QkI*wEf{<0v%v)vi-Qj>v04S$v*O(QHkF{i%1
zYtC#hK#TBmJKK9P5&|nK7paKv)CcGl&=)bTM0j2AQREw>vX=d<^yz6szhaViEeG0@
zDN#1GcaD{tD(!1l4b|JirN+`ffP}5x86fkREi_o0{rmv4gDo^dbo-@Yqdv84PgIey
z9X0-L*#8?B{`YH-7z{wTCbI47`ALu$aIq)Agai$b-j{I*>cG?pKi5wGa;|yZPrrdZ
zVQjRB>B>s=TBug-Sv`o6Y28t}q_{ccQn7Nlzid-@Tou|qaXc=lrKG-6JSu+8;j{_g
zY<R}+_0cj*yLR9Q&~In%FZkAYVVoOWy9Kng;BDO;Dz?$038XHxCn->p$?N=p)bn&|
z-7QLIc?UPP&2Y!=5){~=nn5;m9a3!iM>58B%Hjp$u1{5Oez^e+kZLWqoGjaA48Nj7
z<!Z_5Fei4l-<LLL!FVm3+QPq{0a~Wl^f8h`+C0cxTgM$04AQ>?aqezf5G68!b36*u
zw+rY%jA7atfaG`-2)fq0ntb?&;A+eXmh*ha&;eH0;di{XA+;95C(oNj@ZP=o-__}V
z1n)7C5db3Wb7w4o8U%EC02e&cehU>AB9S`Q?~m<905B5UKVT&L9RB83@W?9wUg$f&
zQe#h1AitfYzY6AL89>ka&E525QpsrAVTmPhRZiYLHIal^9)`657PBz;ag?q0LAi0C
z23&$e${Dtt%g6+p{n0F0YjuxX*bS@a<-@0{;~SIadH`ui%8i);vhOb{jI(MhR|$>V
zS7lnqfNAUS63N7Kq6Yu*0_`68fS-oh3aiR-U_Z=k5y8FE69Q_dY*4M*x!=O>8F;Xz
zrt<pW>TiFceP&4Wg}}J?JOT)Zi$9&XDt2?sev;WmC<BRnT?e$f6#*Q(ssn;g@O{Zx
zQ=`vYhNm&`+oFBtq$HL2oFH;i&Lph^5c6s19PFk6rt!VU_II?|*tOR}u?4wEm>+iV
zLivX|H-F>h7R}|U=7jx%_VZ6PzCr!I#gG2q)9XWcdiBXU<N5>mHq-}7Dqx12!n|e&
zu$$h#e=cdl=^Eg1Qsen=3F-u6T)NH0@`;=g5cOVZ4+5s%B>nX^P}g%<xE|oYeUs}^
zCyTLj|00xKC+00!QA@?4QR#H4wln$xZXk0%0+=WY9UGihF*LU-{ZK$ToXr~EdVvR0
z;ypiq|8A~GWN>vgM>8Z<-Rr4=blm=kMPWS!yQ6;Elx;P(?dm{E3J70sK#!gd)Gs7!
z${QTIhTd0{2y`SZ!k`>VopCI$9JlAAuv%qFzD~Y|USFUEc4R!LAec&P>uBAz{k1#=
zM^JEO;F+Cgd}rFFJMxDE=;yDzKG#9}xsNZm%Z;Xi9cLgNg`EvMTQzhlMGpl#zgM1S
z$1^S~ids1>Q<^^l5w80P2UZ<$3hWnM+E8&eg!O}%1wSGl1McI<dP?P2^}LY27{jGm
zjGM%FJ#lX%UWVW74y9+=t5ok6JZdZ7VqwbH*MIrP-0I)s)8G6=-~&8EkbLn{xu?Gb
zX%?xnJGDPL|4ImAmBzosDlKfZL)0flK~riRm7Z7VU|52fA)TNSIC~@y=MT{6_t%2h
zt5I!7F1`t9%xU0)cAkTcec!fn>&>6uKF7^yQyClu00wBqy-w!yl)wfw6RT)Wd(hu+
z1~at3VIQFVY!K|lZap8lXT+dWN4dSsFA>{`0ARa@@+^A*8ML;hi8u)-@wnPmhi&7(
zHfPnYcT=`1)eG@6Bmkfm-KCSjX;?lA0I)v;2!vkLtxgw@BAzgY`!U|cLbbh#0knX?
zg=eSz?EDbBH5x1U36<0iMf|;5nmvGz25%IB_@Gp%qfKSC;^C197tx^gzdBpUYBo2b
zP!}(G*X2^_aCN;J!?M{K{=!c4X6UNP5jcM)sC|fKG88k&jRgh*-#KiT20_bjx-)6(
z094!5M@J@==9;i5>~4(LDPur6i~(;!23ALZyx&WVqZ(jY11*xLnQN)dqR`ScwE%!%
z*Y^g&?zHLNtSfUrr1vwp-v-tz>Mub(&gybN;;NJ5ncUixJgryop6`7|PSdOZ=W5^%
zG9r9-E-1WRYyhxijTBJ+{y{ZxOQgef0)5BBfxjM7fZVi6q<D@;gLT5aVguZ>;-6rH
zHQ>~vd$*9ciKGPBH3AS|zbJqXnVKnix>&#Ez5!kfHKl&q^y#td*`BsWg(Z*>+5<eH
z1a^kv=kIVCpZRsj5{>v=VNe=%N1`{2^jjFiyLQXIqI#RFTrJw?CjoS_^g4CE07%y_
z(^O;jNSb%c{jB}VIQH$!`C8{N6<S@vTE9E}oae(Bxa3yzb?P-qDyzJq(yJ($j6>Z7
zCq}({lUK~L;MNN5RPcCS9;5or43wJm4+n<7AUsVVOkn6}O-(g<ULywuI8Vk<ddC~~
zT`^bQ@+Pgu+r36;UpCKQga7|KC`N(_Cg~3mMQ^tQcbi*<nz45k53NHn!Gy8&7TU3n
z1)umG{ndBVNUcn()u}eZY5^!A#LGKd?HPbhz#{<GoJYSJCDQE{*BV!R?zGZB`8mEk
z$))9T{)|_>eJaABCpraLb?{<m)$4Ne)uxV`5fQ%?LB^Xnq4!)KC0|0?0(YF^=^ofU
zXSbTQ>1=rp3{lbmQZ3ozxFeyCMBgz^4CvaTV5>YWm|K%&d8tOD(uyuYt<s9n&(AM+
zZRHi(;N%u5+IeJ@c$Bv`bt(Sf6!Z7#LcS@XcVJE6dsG`3Y~{YY=;HB$U6^RpIwj4S
ze;4*Qc|IFf<G2uwixuT3I^QNWb;A-Ye4(}>NSv@ouQ{+R6Kk50r_%^WF=LJPdw5na
z)xS@Ce~aBsx~6dSq$^|Wt&Hj-s0z#M*XbA2-0LOm&RIdfkvrsJZz?e3ax&IE3e2_R
znsFsSFP^sR7~*EJeEb9ZGtxg#PX49C`@6PJkmQcO0p_<$IU{(Vv7c?xEMzuc2YT&|
zmPDo~BoOB;J+F>am41wLCIPdDZ>cT*Pfa|cx2(OwqL9o?rb-ylQVq-($zuJ?RX0|;
zzM`vOg~s=NA@zCkwB+ZfxyPly-d5jb>n_ZyKOUA;=xoD%s?LZX^0T=Nl$H|g!xM$K
zq5<fH5jV%<(NVV5xe3~cF_?zNcV~PaKqO^orH)^He-kcL<Glte_G<x^$RN-S+LOgm
z2<gU?<1_BPSx>=u5Zb6q2qi6z<Ln;OfH!S@z+1y16d-@pq?q+&pZ7U0fm(tGeiU8s
zRPn{Ez#SH$SbTxlY}CI;AO7Z4|D*$j)La_M7WzL%Ohce71t)vl(uZ*<))IDou{n2n
zvf2-1cZP$olj#C45*DhIzyF?*ufTahM`3r}{_g7k?d<{F9^asF`^ewiixxkcbtLGz
zFn}D*ko66UI@5IEz-3@Ec(Ov0J08{l!CCp|s_-C5pm5%k%6^TO9toh$f;U$uj&H?<
z^pGRzG(SIMGq+Tms>olEi*>>O@bB*lvlh8kOy8i<>t<Du2n-Uw6Ivo;qsb8*GSE7Z
z1Lg$ChIw)S;f+vy0V5}B)dqwNnIwO&a~Suc6YSy74+3SRA1<E1N5|np{j*wP`uKB$
zX_?aV(t+Nv+IE@3adWnboDjvER1OevN3WN0{iEK`mjy-BX&O{v1i>#7=2zrjXVxo3
z(g$H$FjK-mZ(Rudy#nq_F!?9&JU=B3`ofBgeTz*2P)T_A+*czNS0V@JIVtmQA^pK~
zGDb{`XFRN4FOhHXxFBx>Y@}g7v~?eeGNm8Gk>JQowU1=o4g=*zpJ^g$c5xEJb}6MQ
zo5z)YVFa8~ss-1ZPLOx|$SSupWjBcuG4yl+&LBT+&F8c5g5*;Y@cjLB$A$Hc9PnF8
z0cZeu9)?jSNT(c1Rn`kcVNfQnfdx>-Du$<tQi*>~gp&?IA%IB8YZnRny`X#dED-|)
z;+Ppm?59c|69>R2iz$$688EfVw3sNk9Mvl}XxsF|)A<euOn~>(rn5Y(^>F!kyD-L+
z+B)+laf!$E(2qc88*=cA51@Y&7JM{M^FHgACjoREjCd36paV3JK>J^T(>TWi0$Pop
zyZj4~gR?6B#oo9Phr=ZXt6;TFh*Av<7?6AcIi0%W0{m_GgY9qldFLX9+nK04`39+_
zVKWFo)!*l8oj2doA9k);mwP6kxwcv7ub1-5p0)8VUqIJ4&WqC>mfIi26xT=|IKyxu
zKR`+JbzIvKeG_y$2NxPUa)TX@$fZ2a55hfuh~v~c-}2FEn!9s+8y+<oGH9dpta)gz
z=mi!N0%d|O_Ima)bl3S+J)mokxPa!NuqHrna28ab5)Qj8_b1Ib91e>f5}pV2@bL;B
z-d^oLC<EH6o-rXNSZ6kXI1_!S>s9^hP&7-(4^0u>c5Wb+=>_lOGag7_g={j1pjN*k
zs9GK<|4`^l_G=^cAZ`N_8*W??0g~y*fg2~arVl!Qw0NK2Sgf8^Dms%Hu`pll)7<Li
zFCabR=x-Fj4s|^_+-HT=w=Zsu(HQitm^>|1$jBK)ZpE=6g^VQg)*8h_i5+h{H`%SO
zMM1o_>5O1|&qb|sO&+(l3mZx$Ve=r9D|ttyA42l_h9+70eOTr|PF^p63JIxV2p|p`
ztPn_m;M3eHr_W@2m?jEZ35#c$vMKUBtRcjCTk;IQs~iE=7nozdLCU!*S?$vCZ$9a#
zrj{8?tH}jYNJodnv%R;%bF_VN3%g?Q98PnUn-<O(N3PSZB&xr0(yol^jpYk%z{9<l
zZVrz31B|B<Q>{KmI1TtL@t=bNdWJ|@Essf!`Ys80U5|VzWbpA)!A=G-{wxDZYSR@l
zD<H9iAaMf~i?j2ed|dsyUT=mnr8V97+?_r>XD_(d*?8;q28?FEkq6^(et-U6WbK-L
zOV;5njaoLNC$LRAzJ^X|*Yqy!^d+zj*Em{eo&G??eZgir`KInpxGeb;KQT&px5}c7
z-B?bP6;h_k^aQc*)brPYTJ>&GKqtk#sKYH{?2!9RZ}1!Gk=C!{3sR`*)v0v2c*Z}p
z0N(ejBQy|pZdVrG?DOk=!_;%bi`w$hZt!^ee!5CfHo}(X24nQ3BSVn_8%)Ke@7+g#
zj3K4a?Y;rV+#|9w7<o!#;k>ucS+BpCk7lRVET2Nh^JhkX7;?AVg!e6&UunTc*xo-}
zXTH5ZUE<0@r`s@UvqL?!b4~c#EhM!_W-J#%uf~`%S#DkQ5sN|x%+wnOmnFFYxAcYA
zx%HC*-CM~(?t$Tt7tjp3LCUZ~Xi5*z5dS3h8GlW#5A+9AS7>{F<=6Ga@><rjyk$z)
z)rE64PIlP|?A>VF+bLz1<Rd@<)RY6`yvYEJ4R#HL>LWVBQU(i>xJ}zWtsdR2Y#7i^
z)aC{@FF$4htB6~|TejoI<X7CKqM_6ZvHZ3(%m!U$UVwl<w-J&LgQ4R-*WC`?fn9a;
zt8F_s*d4vrwdA_>F#7268POql?7``N7Pv574@(>3g+XJ8{ZaS~w`J_+1zr^>R~+|7
zoAi@>byWZ!osc&$cauIF#Gi?Lyfqhdw9@rrqF1w=wSvnk#{k=}*Xve24nk2AL^c%r
zJMA5iNYRos1?20z1!J~WPJsGSOHj1pBmbEye<B*BGcsAvdjJ&x`|d>Y;FgzwgLYRu
za{8cxkwY69dn(FS=~2@bWOv$nP*bQVj!_@sg2aBbb5S10Te8vZY*QR8YEyW{PSq&4
z(v|$WcIJGNi8X1Uczf4}QuNb`RgXJ1g;?c9&-f=0nRgE6ns8&5I>KJzIpPF@4T4X^
zWu)dK2P`FPjrt~OZ^?p-Ty5Dv>vc-R?{dISE)h8>__79&<un?-@_EBPf#O9WF#EnD
zuyJ`e3}^&!jz}b>KAA)WYfv`@B2#<EfcaGes^Uj-sWL7v?r$dH&t6-+4M(*G9bi0=
z-rGtf|25-X=XEu5D*zheWBxA_DFTGCATcUdAFUcWf+C%_FP3lY{qM8sIT@Ry3h8@)
zJBsey-1<8xSEx*!mYz0u??6=0)O(YZw5}Y&sFOdZM_uIdPb%fjd5W>?r#<Uv)AdSy
z`;}r?7ox5D_EZ+cSv<xUQc92f{DNXGo3(Yf6tDYGvB4z+=*y0fgH_o60)W_;ZEi~y
z1F_fplG1CI53!p?!dyO9V4tOc4ob0&DI8*nC5E(gu6}XzJaA!wPkNNZ=o9MASrnvb
zd><i{jV%e{ZH%Y6RZ8|y@ht4q81M}-J1a;s|4JfNmX0j(k{SiO@Au&l^!_A~P76w~
z7wdxnDJhM`C#v`)BqRhUypDXyCodTj0hIIK>0J+@SUOg%)cAdl<~||SyI+U57g>EL
z%3$OTxZ~a;Lq9Rzu^`9jyXkEct)}o|hHZf=;WQ<G;-yUF<bhyzKTS?sAHAj8(+B+!
znqz_<6>Nks48K927NATiv2eX_QA0+1y0O^1sR&d-UhsC26D5KD?1mfPnXOs7hcWaz
z-@)d%1X>1|Zu>#opF2|8E{WLPf|-o($q#AzWo49brd#Eip_5YgFr7$#h}V=St`)6L
znOse`bTSX;n0ppq{pD7!f?kV3o8Y~xTD5J<p)_*kY&H4l#+O>U{=Es3aR2j}%X05I
zTgYJ>{${*_iBY*HE?ef40-7XYgu|=4iw-(?_h>iKQ11@*`5BT*)#od?yz1}qtb;mR
z#*!(_H53?V1)7CupKq<^wVoKZo~Ttrpp~~f{;zG9Zd-F_y>>OqS6lEumtw9@JBl-5
z)vDBc-8|cmZZf~U=XxXWS#qRaX3Au~kedDksT3)+$>%;t$VByCXYy_6bBKs??$m5&
ziKFcLKF!zyB$<cJL7Z^vI=^C}&J``^xSPf<)}%i%HA51&YnxaTfew1q10X4*Lj-$;
zYDniV?`DKwu6`n38cB^{kd%Rlg3UGhgKepm)O@an4zLqL)EN0}ms~C{21(1gf2F9<
zQk2Bn@8G2yr9=e5N^mq_Fj+u1lrpRUBG9&*rSwvXeDA4?XH1<Jn{M3cucO*TtRP3<
zQA$h+NKtz!y@;czpd~jN;BFc&EuVo(hcHJKBN`m_1usptf<lW@t=kD*cGJ~QM#sCA
zSFQV-txEZBj&8aAGm&z2FAo6rhRkQU(HgXjzWe+=IGZBm=Vn#65BUsb=~_i##c%O(
zvX@Ox&#b?BLEPihn`ZHpFZa=I^$He{B5Xl8Md+eq8&ggd5;Z@3E6KS+47v8slujaB
zW-;lD*1@@GD6ok6?Ehx;CVjf=Y#p1`njMpZnz`vB1k9~zpbQ*J@)k<uziWf1pf&(_
zx^KWI6GSLzOx9Qd;W5gE<(Ue$PZz!;e3MSVffRGbH|P>$`=&Wmu(OWycxrt&LsMK0
ztY?&tkIT-{=_=t-JPQxqyJ3I!mEX);WAZFZI`I}Zc$8Qv=p&|-ZY&*V7LFNM%*aIX
z!0Q8(e)G$#rQM%*JvRXv7G2ouWQ_V)e#Dr0_lsKD$x0dz^ID^@N&3|NU}6f{IO+>s
zJcJ_H&E+7F#v%|qbge~K0)|X+?P)E*bA)?GbsfxKft<}7$Th6C1?D`TFKgYPE}mH|
z*^ASRQ;6zqsymheDZ$C<*RE0UMyP1}0)}3Jt}OFSq7lgp60_asNi%>sOQ8_byy@<=
zp9z?coF*ve6<hqOmM1Ve%$tdPBy?i7NHC$?we3~8B;ME#>-c<G^mTprgSQW*CR>8V
z%&O4$`nOf`XY3*?*Vae!ETkm4WVIYXP`A;yEWD2&a~Fe{DT3LgpDe%ibbn%^ZPf;J
z|C=rC(l1lM1bWzfaaadKWvx&rOg@ngGLf$-yLSnvUo@W=i%lU!8;izvlFg#;^4o7n
zQj>Ck8iX<9ts%C#^VVe3Dog;6;&f}wN3Ci{Rt~IXv0J0CyX|U!0zgmPCtMne5j;9A
zfdvmJe*n+cc^nP}P&-co1OAuW?{dHN)6ejqe<K~sQ<mJ*t#x|jSD>>x*f4b8H%LtB
zV~YRPz%Q25Q6Z4y6MW^vJ+ITQ_V-N}ZvBZBz%XKkib#2!*l^@xeRKMg=N?MY)v?nq
zcjrU*vz^q!hIp!F#mxRM(IXehk^9o2A8Q~=SCg7=DhrZ!&Z_^@QH%q#9a<ndgh-4F
z7W@WMF!T)=vq)>rL3+uzxr(8T?fYi+J6e023Xqie1_7u#0+(nKm8jOc#_fdb{mf}-
z8UE<^F7XI0wQL*l^7b)8oc(v~B-V8o6h>V~iGf++xX;d|8|_U7u=wTN&kwAHFRxp;
zjJijk5LHaWFw4aU<{#5bvCcqVQ_|~7s%`5#19i0T;VNB|8W@_{2QM)Vf|)jfOnpM7
z6;^Gn$Hi)ik{pjIn78dXob|uI1mLV`-?U93MlV>d5Q*|b4$wBBkWCg+`$1OYyq{b&
z?JQj5#Nn{<YD_s`z_^behy^H&08XvxV)F(1mCFkV48cx|;MVpw4Bd*1LmDHTYNyog
z+J(UQa=;1`tRiO^7Ii@I$Pz%Nn5^U#owSqhQpgCTTYc9TuZ--mH<A$?<9m`=3Q!-J
z$~1f$XqJ9D29;vF)Tz~KXZTlz?^2|6QAC^`lgR~SF@89F6`fd}m{aSGV;8z<B5&PR
zqq?!Wq6;hKv}~6Sg=CZKnz7_RA}(>cMWF{mjlo==elkb3P|y$fL2W_;+d48N@oHDz
zrtsZ+jnzSAHCuIDSftU~{NBmY;t81{OylXTruA4xBB#AXt}z}1Oz4_0lGaS&@~u{`
z+K1C=i`N^gz;Ezmr>v;GQjTYGqEY<#!N&GD>QKA6_>jNB_g3P5>tu1ii^5BMLjGVJ
z8nE>06rsIPZ-Lhr2aW1sr2Yh)o{48>n;~@lVW2aZf&v)ZmqI$3T3d#Q+f7MLq)ff8
z!~`>(b*a{2rwWA`Am#U1jgCaFta5i}XzV^61V0AE^2i@11IekjhK)9lwYYGY%FP_F
z-O|-d`NY8{Tx4{X`gfLZ5Mn@R&rBw#JQUDwyf+46X%;CxOHnE0?|<Nn<n58qK#99(
zwNNe0?QEIF>+ZyDVqdGhpXB^QCaH48tHBzd>s`@IU9wYb(yj63LYcaKj@E_pRFb}M
z0A`AHgTDautXw+^lyWG38O@t4#uC9LJXS=F_P-YH`rMxxh5%GD{$(ES7OC8Niq5N!
ziw47=KbwX%UhwY_usJY-9;Ay?Q=sx5ozzNy{foTQ2K5dK%aofj+88L+WOM6L^Rxa}
z19^)cz<Rn2bdb2j{1vcwDzVw!&rw)huXomJO$z4;$Yu9_8u^<*j$P|rM<`MtEgO#K
z&rR-I7SrUO-y|}9?Ze_<C`{sqd>%&;%z&a{^q<(L^hDFhf+Yo))3jFIqf1v=wdy>L
zjQHLL_cMBfU=cA=ifb6N{mp9weTu%`OJQgjf2z^|twL!A931W|GJ|Q$0a>1E>w$UR
z<Ce39>J^p|FOvP+zFuO`LpUI-Oza=mTnA~YLk4GnPB(7gGG6w{bE4qJ#>RV`w~o=q
z%dk^j>yDihZsv>a8+Lox*6KZ5nCRNc%+7g!-Yp}4?&=s5qx}u?yQ>^xW4;sjvV6_T
z;btV#lKA3fitZTmN$k!KcW)l%s+>XKWcD+@iYtm6KUQ78AmfXtPTeADar@TwPjhe9
zkBpObFUX`;7Dzx|h?(OB@PXRELaMWNdtV~N`y961p5MzK<4r;;1_$fx(BYg5Tv}86
zRf2B#$met5TYT|P{Cb>BWNPWZd4qv9h-AXC=kkhP9BS%(BqLo#Z9-nL@+yJC9Pnjf
zpEl?1Mh0!K%~j>Ze5$@{yZcGFRw7CF_z`d1dW;`PQaz@VDjS9n4bT`|pYVpH%mwzv
zUu0lXY1<O<J$lL&lI%{OP!wsWT0`QgUS(~MzC&R--uo0xg98$syLQj`O$C6~fgPup
z+ZvEL7~~-}w?jAAZ`tu-s^_CYOK{_bwdWJ@k0r;!wsGGo@os$;%>Wp#LV^`PbhStP
z{WPf2y{R5Ti!v&Kl+)8sV9=HVyLVrL^t*og{h*y3$CW_+`|iE3L{BfQ9bu*TaRdD5
z*T3SlC)$JY29N@Wg!TFMUG-_qhF>z@s+JlL>m2@)#;9rI#0~!Z{LIhOIkPv8N-^`+
zH{<eN-B_;5P@81qBs8ZpXt{$>i&HbHQKfyMLHHH5PF>X#xx@Vwz>Cbb8oq6S#pfvH
zZ~YvO(@z%*{c&kg*u^ZiqhwU0oJurTJ5|^suMf-R6YG%0EsUg7m2tZ1-5l|^B6AFW
ze2b0CGc{I<3bxWRfHZPv-&}L^0s%WN43zycZ~eFx*SEvQPL=tOLAd6_U07#JWvUf6
zIs4Xxb*@g>IB$K!1yD7+=_>vD25!?o;{%{`s$5#1TrPXafp(vq$cnw}Rq362i<o}@
zg{xDk0kUiD;Vf&&W(BMZd-2pGgp++<Wvwv|25q?jbigk8heWJj=(TJdly`V!Jh=z2
zPij1a9;Dr%V87})X#{<_Tw(HDTd>FkVf>mq8tn6G5zvd%V1y)x<nn_OBBy1e^d#&3
ziljoFb<bL#KZ7)WRA~h6L;W=R5_=eIvEjaEY&IHHl@@PeHT3g@QSMpFvR|8N#lx;>
zfA_OJv%tnG7kLWXG!a0&e#GUv<f~7_D{q1eIOJA^f-Pc4JcC!MOSE!{Z0}1vy5uu9
zQ?6_CYiu<881^^3=fa@YuNpd5ih%6Jbdgt5vS_<u_dWy5gf1RF1y*kXf0^Y8Rg}Ba
zZ52>?+H9ZCzG%3)491JK>(bUmc3$cDOk~?>TyY~XcbkyJuL8NHgvS9TUSq!eJpSy{
z-hz}rT0)DHGv{w>jY}K*S!1x=(>$%l`~%h9Tv?WFXRYy_i`?l)qZfGU6V^1#l_jv2
z>%8c7u3jB}gdx60j!g@f^Nq)Ic<l&@J`L#K-2L#G>>||`dT8@tDXEJs{v3E;XSQJB
z(C<&kAh@ppilUJ>f*y6{`Itgu(PWZ}AGDQ_T;sgcg>L9Q>t+!))}az*3s-A5(A!pf
z?OlJ2nSwH4E<kz*yRQ{H?xYm^{Kh2`Nq^%K0R@@AS1p^3^})6c)!T@7%}au07mT0t
zsmT7AAGZ=AfX91<9hd*AE=hZ|U1gqLyXGaG>S|Alt_HE(aj0()L)`&c@fSwW9Wu{^
zK4;%l)mMKJS~T0CVl#R+xi9qnwUXN0f$_zM|3lkbM^)MNYoi7Vh)M}aHz+M3(nuqv
zA}t-#9a3wFfV6;0gGdNScf(RrKtQ@#(%rdObtXQK&%5`2_x{fQ#yID%HDIi`?|IMp
z%j<VtoMB3)nIo8k6i3v8AgD69q5yy*-U(Cjoz3@{ViPr8N32EA@cc9#`tfH`O3m6d
zq9XJ8r81LvxDjsz%hj8!JNq%BI>pnOXvyOcelBN=4Rej)Ji&-x={$z|6TBD!Ks#|Z
z7qYW8Me~G!dO$1D`sj3x?+2HC^Ifi608K7mqR_n5P1xl}%(lO`!7$wfGBDLq7ognb
zf-#Ig39uIlqZf6>>p;zUdSmiq06?$dLF7uH+k?A>P!3_{KIEl3+Sv2hq=dH+0|pD`
zQK$s<H1UTg+i(g3$)qJA>9Qm#si117sr>s(xy`qG2~9k_+Ul!lB}+nXQd&@qxXgiY
z^x8%wugLI<L)MGvZTF?_^kaMNm6Eu<0$jIgO7b+rTIYc7gc1`eikD?ag{8Fy>bfna
z13bp`V(!*X#?vE)YUkW$*QU2F4>7HOV~dcQthRB0y;1m#NCy>I(=?8x2PeF?5+@S2
zRgF8`hy+avh-xC=TL`(#MY6*y1BNa0^V1^5<P;)1*<C}6sm|nV`99+QKDO|>R7aQX
z9T<K00SFl(9)0AcThdW5>jAUjW?4mV!mkG}q_L2T8(B%=s3r(*IhNa?ItOsa^f(fp
ze2c3XIQ83tjci1_O`V}}cg#)I==aP5D}3EnTpMTV+;ljeXNOK#fr*?w?Y-w&_H;vq
zeNX|k)8FNQ<A`VqDWwJ9`s<W~Lt9f`p-^FaA|`_u-{>gt1fkK+*FCRhqL+IO9)H#`
zimj?>SoC&#F%|stb5EnHeJls4a_x)Rwe6a=ygn8Q1hXs%Q7Eknx<;$?u_+*ls(2o<
zn9zN8ytZZX<rJ105Oqa1QMd6_Wq<O!#0*>E0M|>aD21cvSP0%5&XsKmAN+y?#AmX7
zBMILJ(=ZqM!dWPXDHGOlXF(w`uVa1Vh1@k#?<gSN{mrbnJz-`cVfR#w>q}`4s<D(m
zYn1S%+UwvRKf=6_OINNvUEwj@;w{~++RscmB49Q(Q$0glE}s=t2$BLL@HO7Y=MZr9
z-!pzu@3FNxc%}Nbn8_~&Z>QE1Ge7RZz_{bfE?6f^j4m48N>f-2U*qa+D=IeD(~}}-
z+pE||j;-(PNCO3qPSv=wNoaBB`q9)isL;)$FUD9uk0tvh)RO0AZ_FBcr5;^}T|rsB
z9@#U{!_Hy!xt*5Ih(nKG{796?CuKdv2XbxxipG73%kL5-*j3Z+%jRtK>jGI$t}((H
z@Atnhtz-5m$~-+43gbW_UTvBg&AffZx64Bk*qQ>=^Q#LlUdQb?Id<D(izKCXSyU}J
zBT?lh>%-MTDEXF!9$^6K35bdNZGxsLIS=|x`Nl){&bxi7vcLiKnlbrmrveu0=OT)I
zf^r3al|{><07p((o{QJksBHb)g<~+>!p?p0r5d2?m?+RA)tD^3&ufI9<0H2Xjy30H
z$(Q%$IU6XJOP#-60>V{$AxZg)*vc~#wUQo#X<O{kJ{Mhz(1uEb^BZ`O9VgdZneX$P
z3qdO1nH6aa7uN|Ia)U>{gtcg;_!PV=`sKbeJ7ffDdC9oxT%LTo-LRuff%6;|TTr9X
z7I?PbPd7}h2YdY6y5t?yh++?e9~x8KPik;`tnCc!%DT2!YLUY3RP9U~qHFt`ckH{O
zCNOO>k|9!XpjcAql@9p;2Jp-->TGCp9~u%<MSnklucN$-bZI4QvjZ*138@50Mpf+|
zLAY*Pxs<v6lxOt~TB@CBaeW?s>+WYxd5^6{dh^XmO~SK4ZiyMqX}v`24`b;FJ4;kP
z);_7mtK_3AV_Xqo>4@^j9rW2T@%*gumw}KLelw30%eH%2iUR;~Vo`HIAbc?6J6?!W
zmS+y~d7jn*!!{q^m-Lhe>4xKi_QOj0y-R)YCSMJ_JIxtCe`+0<-PzFEd|J_)%e}Qm
zQ>H(gQGUT`H`7I9Z}5_V*rH37)7WUn6=qX90<IpNJn69@f<q_R4EsR}8JmwCJVU@N
zOR-;a-ttxB@uFfhoeHNKzzcpdhBn!25I$phys$IobYY2zX8@5Z;&Yg%i>IMR8Ep3h
zB(&Fb5?6xr(ClZP@L6e(DLV;_5$y5=HuM(T)w8qKF%C#fhLNjFb<D<1af5DjZ9BWG
zaKseyWXBv9VlnXI9BR}zBj$b>n)Uha%Gqy|Gq$6l_pI$iv@d`=e%~w84STs4UT5eu
z6=0oiEIzjbB{y~XMbXeaTdr&mW8flh=DH%{XA}|=GC;KlPx!TiSb3i77-qhmI#Fpi
zroO`UaN@1K={#WPSe=7Iso#PD3Oo1H-F_bA)oWg36UHwC#;LlWGjc2u=`=p;8}(C(
z<6tf6N$r4bDO|77E1Pp51Lj4+%an=0sUSRLjpno=g8Np%R~Xdyc%6AB%x&`2#oX}i
zMT6_ydga+%Esn{s)O)QwMvF%gZ)Hphxb9NnlbR3y4rbaXH*-ghaF1sCw<>gQc=YF<
zwQgTC_APod{TzTlij1nBZoNy_o*Ls6aQkCa{A=nVxzTXd>GiX~W{9~JT6L!)X(2a3
z$Hf?m&0omvM(nSlkW=fZlh0~i-j@cT1!GQG&4_MzU18FZ80QLa4gL26UjAaZcBhji
zIs~D|4FXKlDzr2nX;LeYKD}dvdRgh&ONB&xPW4Mt&^Z|0B7YrC=_5Ap3c{HgiIC8Q
zfzuOa*pG~6&L+?e*k6#;#n*<xijIwWot6;+?51Ww<2FxeAd{p&;4*H|SXLNMUg1Zm
zPq20~_D7#olYg7J<nJ>2ZB9e!Yo=tv_pgG9u#4oR=4&{iQSa%@&#?pndD7A|ujHN?
zD@4+8&jgeQf7+fACAj#_FeJyI%5h;J?%<~>bDKehUa)+WVhfp`a6=WLR+sM%RJzIz
z#v?4DC;t?I7+Mb$YT|KnDM0HGRET3{o9ZKQBZO&^{Tdu4e2`o9{M_zGw)zeCr%hoT
z{Q$py-OJgg*QUNSj6M}~;{x7qJv6@kyxRS)!))U~b2KwPDch~l4tu9f;2JyI_rvtZ
zLyLhi?bHadv@+G?Et$t~73K#=iM5D67Iwi%kZemHerk}hBwgmx9}FBpWQ|!`n#z`R
z+KMyvLkkX!jmHIjn3K7`MbZgq>knAi@oh;uExcwABqBZ{BM9d*v5K7qIGoibe#@<R
z*fG#7*UVLQz1tb_cCFo@j^h?F(+3jPN8fwFu<&_zJ_F3L0_t?J2IuLItGD)EfT{`1
zhtCz%TGq!i(l+J)E)voN*_UX4c|`9&{A~M0!ZIMbt2ueOUdg*9L-#@_jB68J+56%H
zy9QkneD!pklO#6uBUU*$xb0iuo2UA{`9<sf02F*)h<4S~s|G=cK6lCFwGMXZ&LK(W
zYl^lOQCwy_ErpiGk4<M!XB(>*K66DT6SJKSHg6^#cj_g6_MD+u*}CO|Nh2aRzf5`Q
z9;A946k(6)8rsJ`SgIua95Z&>OXPhlhOUF))?<n9s#+KYG-90n{nQig8ontGryxoV
ze%S~YVbS=QdUaoDaiT}cEhxsmhK+?<+#;`%!<6N^XE7(y0UVAwZ!w<wo4VolqfH~M
z?P<5xU>bK*O5@`g0(##ii#>sULWl|MRnvwZBYeYmBmnkmYjFB9<4Xh9wg=6PKR;hX
zx?#TXuWQ!)@&gnLR6?$`=U|2J<ZM1v3<N_6dHj`60DHT3b|3Cl_`EE&*cg_>-cvh*
z>|f<kEi`JnYU$5YAPyfR5bo)Vf8ybl>ql2eF)t`_{WhP{tog1-mZF!A&g$7&a4g@w
z95iPC<gWmu9<!?-l?+B$nI{ebjxYH1kRZe{l150sHundMalCoNr#{|gJqKf_A3xBr
zI0R`ZT<W~Qv6m8NU<iG@)LWds=6~M}b-2&5y|DwAMq#Q&v0CZ9epfTG+9hxW^l==_
zO%G%@+I_~3Qa@LW<&0rPZ{gi%ga;M+v+GB#wn(mIjXRArXCyqB{fM3jvgQv59~5V#
z%6)%<viabrhq8+*>fLUyLBCE5^6_lBN3sA8*G4)WAp%4}o5fqENFQ^;50fl8wfvSL
zd$nGi+FUZfapDM?=JKf-dnihbdoc|pGNMtT5#aROld+ML%r1NkhuQ_Tw;>MZx<%%#
z==3lB1(F%T8NQ(;_b~Cke~x?W=JvN9YNyc*FL)7egSo}MJ=i`h99Q_Qqh~FVl)Jep
zeh46Pet*0@!M*SibBZ+C%F5{t@`%OKIZ}<F+Y@64ePRwIfgvDdi<-XfVqjnPrs%%&
zc*P6CUW{!H$amL6j+hzkQNvwS<SSo5S<QB`u<l2*&4Pk{v)>mE4k<8~%H0-m!y*+~
zdd@=fa`%-iod&h7DKmd?Sgbe7{k|3X{UfmI{VnT&%Ivdz%t4DhoM<k8Ol0v^eCgS>
z2wfUa0<T=RWxu7E_I1<%r$9rg>C)-iR>4cTk67&$So4K;C$WwAZ47lkG=6-t2KhrC
z)r&Cl{>(3AhbiM~A<+Bs^z(=9wei=3G2bp<r>J^{UKikB1}O*<WwJfO(dHHzSiuJr
zjD_<szB?0!m_6^q1|kbKr5I_v>HSH=jEV;l!En&^ia)xIz9)u_THj|asw85lvOy;O
z@Bv6z(}`_{Cd^sN{&<BL9XV6Qm0m`f=WX$A0KBD^COV0e`uw}CxAB?veU0-H+<ARr
zo-2m-f%B_~JF`lO!k*J|cjuR0gZ?D6ZS-0%9;v?#+}qwh<8GL9K^q~}M^avc#;0}V
zGw+rF(&;m&@(O>W!|@qK=$;oTc^tv5(k8WT-h@)E5rBnyRP&1$f56O?(P;TA!HO|Z
zY~@n*ylI8pc^*A^ymCexiYf3!2xJC_0o$;;uq)Je^2RUv`?rbt+qnp4RY5Uq9c@Jh
zs9b!ul;**X9l@*t;r5^_k5ff~Y&F%p{Rx#8fgBCDB-rnE%0cUDbg;?_Nk12CZ(Qq_
zn-8L#wbCDXKW_18DE&aAB(g}j{CnJv#Hr6c+eJK4-{Z)Sta*Eh9I60hOi*b83C*B(
z1eFhk7CFpKHN=lcFvwTkRdLgn2NGR;bg{*$H^e@%u8*2TL9qGAE6twnTa(J1HWBL^
z6bdbEiMz-i%b&!FCLU<UCz);g?cAO^{qbiWd!_?sW?R`=4qI)j4N)OBRsOVbNk}N?
z0Xq>4iZOukldEqWz^&2h^suB_5I+=byzoiyrIBiC3`bT#vbuM3lfbE5fz39L)Fxqk
z?S`g~rt<vc_G?@*u5e}~N??9PBl)ky0s<0?bN}xT)x~8l0lk%$Hm}()8i3u9xrzNc
zwP@lyJUawHHNRJ*o{`d9df}n^+t*`Z2V>I*oUB}naFs`ir}GgaLF@@e`*l<$3u@{2
zN9HVT(~?HO>Ty1XLw(Xh17E3w;pH@iw)Qw4hHB8mH#0lO^4XL165<DNu7sxeSmXaj
z(=psXCn+Xwm#$;_6*3_ka^2HLyJp;~vUIJeQ6*TC1)S`ncJ`t?p!ZE@N5=ulP8ahX
zWsM%e_;U73J)IDu!ex#yv^72HOKTX;Xj02&5|Bb_f}!-YY)j5M%gWNPJgsL01;kzN
z*()f_O^3ARt{rs8Nv(xCOC7fo!lzC|6o*?BEUu9<ADpg<U#jBU=x@nSmhuADspsmp
z3_u&a@ZzP4L}W$7H(TDsE#%ge%oBTK4AQV?EjbnKl0qMWGOIKoe27nZA1oyIqM(w4
zK7#L2+*!XZNrSV+i4_=VDe9iz`|IH1&VQr1Y}yRyV~@WtCpwd!1~0Syyi+lOaC(-&
zYr|#hy@Nin98D5{ec1Ly+&J;v61}EUgKu#LP^nYgGNRGnexFCS{wXH{&Tk$L+OH=b
zt)A`~--et};UBDzLDTaIIC1P}ygClQJiWb8!Z$E>+!Pg6#B-BMTu%2xA6La&Dxufv
zA0Ny;{jqt}zkWLL?&mHs^XGy`o?^gcKH+JZ0{E?`Bl*=7vg29<*<lNpN1+MfAAvp)
zU|_)>LF6j=VyA8nA1Ts@@a_RJ!Y2vEGw0M_gJvR9q4T)Ue0CKR^AZ+nOAbJpLTU>2
zt6ut>O!@cOrUt`8xpnf+v0}0o><G55R%c6&94lR!ZdhyYIFTP`c)@>t_%7pjOftV^
zAD6r^P(z9%q^xn8VhdVl%vX+1Z~h4FivwL3)N7m&P<yWRpkH~;^LQ$jTQ&88Y2)c^
zox=l~=4R1!gH$kZw764uSJS?D^5sPd^Nz@8O0^_bUVWST(cG`q68T1#kge<J+*rOR
zXpA#mXi4!Lvwq_D`BX3-^@MzH|4M}ULR*yGjt~EyiA2atk%+*79pkLMDT0X5W{4?^
zY9u}kcDSeD4ubK^CpC3MmO4I5WD_1UPhW0mOyLdq=p}92<Lk18OPzO)EtfIyZWMmo
z4*f{;#F3bgXGOa9SV`j%eCjM|)=8jK1B8(4X9zH#_XI8pxW&gbDnMBM16q={&m1^`
zF{p!3d+;(L3J@<m(Q0wgg$Mni=~6cNSgYTGJkqABaUCXxnJuQ*o;nHf;M>nfDzbuZ
z!*J`H=onrhr<r=KYxDJ<9=xiR-Tmu{g%GI07OZA}wj&qti);I0P$EeZYRT@$33iCv
zT!*_2YE@3hs39ap-i}n0dfP*3b|TW?u>KeQJdiR{!^W3S=<_82v8WlP(_ov`#7y&o
z9!tX=?6WrBy1P56@E_HKSK6#hncNJh=^il>u_Y(T+`0TW?iO=?#4!niIx=WJ*OOKw
z<MHVHmNtG%qnt*>zAp|D9l7o4&#tLc32hEfAI=>I)3)^%o|9<q7iB#!miqeZ`t8fi
z4|3Gbu@I?Vu^<XpH8r!KlcEis2-a)5`4(AGn!g<FMyoLO1e6k&PAQ{?;J6#wlOXH&
z*Bck4%6g(dTG&7E)3kM~VO)QpG(&cCYL+SX9<(S@iimLe7HM-IIj43iz|G2Qv>9|a
zKJFnD60rErFk>D~Egb)rRwA>U8lrI6Vzf0D%(o|z!sjxW9d<Y*pi*OhF{)%Gj1;@V
zv<k{zE&7W%xCJWOJ=8L#fCsUOO3?mJyQ}@hl>$BEda@2`{DWHWYW-8d`su5I0zvXn
zbJIn_Sg)X}RpH<f>zgX%y!`GV_Qz-D9w;)vbV{CH`N4mRk&6`oa5xvv=poh*T!(Ml
zT-gFp&z70bTa3XUJMFPYqKCC5V>{AE#!h1VL1EJnhGMC+2Yz82E7<ei205?M>eC<L
ze6gGdmY4=Xs;@Xs<egfYvEPiVdeg0@cGwF|D|W-V?d&HjpXiDko0i1y;3h*+WvA*D
zO~a+`T_lr0uFoIV5LyCSh>~90;w{~Z8h2frfV7`G!HRlzZUTXYczJLbpaf>9-rfKx
z0yzw1d-_Y0$~o6g^em9+NWu(#3lvmtOw7dn?KT@lJ!W&BebMZ(ns1M=tI4Ax3l6g<
z+sR_<z2i_{DN5e@k}o*y%?(jjg%P;1`b^}m8s`S#^aPEF>tld<T9RP)9a$ZzXt>o5
zz32JbZ|)s;u-De0@^j|&+i!bqk@-&rPO#b#81DQ@v@Lw|ERCvRLZe_qXZEZgUhvUq
za|G$Id<q(5)9FXlT5qI!G3NpEk)&=|${MJP);xhSzk?-170}M=0`-`J{a6o-$jJcQ
zVFYU2O&N6_H`n~9V;5||caZn{*j4)+uX7gmuEciWFZU&J?`(+7tYW%2q>9IEOZU+Z
zRoK~XU+NSRHmW6aUhXE}qe|ZkeBD`-!jmhhR_>TJ?@LGM+_A6+c&j*OnV>}9*7ZTu
zgKE!gj-|EAR-;9(+0!56?K?NHe$``jH(i)HO^;#z5d~37a2TrP#p*g)C74vwRlVMp
zEkpY^WbxN|ac(c3_c3yWkl9OWGYbq2TqAH=IMJ>FMu1$QkY_U=11jsOkHS(G!R*{)
zFhm^08W8zG(1xVSpkA4Zd3sT#fnSS&I`*z=rPrWb8#NS~FId56_Y5XQPyp&!OM~w%
zRUB6qyGT9v-q{L2J_y-};2@y3qATR2!vHK5HsJX<s?iXa<4I<aKVD<$(Ng4^(Mm7}
z5#_;H_vz(56ZNPW1n4fqNivhYEcefg2YH}b_FW{snRej7I9xBBBEb-FcCiChR}WvW
z@pszi0CvOrLwEF~&?IQ7Mu<5TENw+yxzjT0Ke0}3;B21JJ1<XQGgV#WXy?WL!;J?}
z3=P1K)28lC7C&1fW4vk0=;bh78vrJjtUmNU10fL%8&G;nzsKsX`$r<ya_SdZpNusS
z7qMWlJgWQ(mzvYgd-C3yQR+yHVm#k~cZ^lBRG-JosnOuDP21G=Cw&>8N)^73>Hr22
z#jU9-kJ&8`vBU$o-2zi!4f2JTha3*n%fYRlcT236gUrzrFvcuAWi?Qz5p}Pvd^KNi
zh26Mcs;P`l0y)m@1{AguK|xCoPRqELct<sof>$z%S}Jy2t0<Ol`Y)FyrMt=I*ZskU
z|871$sb;p)-RB{MWd;f7vkbIip2OcVUjoEudxY10&UppG(axxJ7CMg4{1!cdqlQ;}
z$`eE3#%G0lQjVVJhgI29ztTl5`S&i@0){pYuY;z&>ADIn?N*I~Ew|5B+t?x$gz%5!
zl1+rL=o><JN1@PWEQmU@GR{EInNYKTUUeEnn%>`b!d`Yk-(R<r+t)eh-#jw@KRYXW
zaf`&6hG60C^AQ|gVV|CreuxJ)kAU>(9=Cq&D@prlIc*zvtVLY9l>gC(vCWg3^KftH
zOMjz=Va<fuJQ&%uI6hn(RE{`lG(F^h_v3K${H!B#$H@MZ@7grYg`iKeFJ1<^2V$m~
zB&;1|<QPPaWo_v)Md2s+i)Db}#eOWPi2S4Y@;S?B*qgt}OQogRKRHStR+@BxqXQ`w
zdHGX1A;+lT$$P5%l}V+?7WW1Wy%VnaEAbte^oH2psCY>YGiBs<Ig8Z$aOa84*%F{}
z6SRI+-AUg2p1tIBZ&J~*R7IPdYVF&4OR-S`-3qQ5fFEU#*$y*QH@29rsLy?L*rt(4
zsmy6}>^#kQoX|&0bG)Y@&-ml?G>Na(+EkYJ*G@~0(Ww3O`rgpgjb~W2p03sbICz?Z
zwu^jCVv_BbMWC78EeasBv{(DljT)o4I8*0(yd<st<!M~9xGz!XrT1XSSc!nC(L~5%
z_ktOx!mNzN4`a>+!nQyWW;Q_9LrmBh^61`I<~bRc?=cS#3j$Ky!L*7cM(l)B)E<Cv
zNUAWEMJS#{`N{L<`q`141Q<BG83ig8%M&$D^gw>Rl@D9FCh+;_J84VQzV)2?#GOQ&
zbnaL!NL6^@_E!u&pbETM|E!3h!d*C!hf<A2mlpe{erIqDU~1$cq8^*S7*Koz4khw_
zpm~*reey8T`uJ>ttWfi+A&_C~u^duLyghLM|NQ<czI|7TS9-H+v~UD*{!6(%oh=dQ
z*(AomY3wr)p6!}fNw{Vgni5sSSl)gI^0k}XdaBxHYt%JyJp{P2?*8o*y~lk4GqE=)
z#g(?gfA*UI2=|%ukkx&c!#778?U#d=ZkpQ;9lJH`a^EH=t-I$DjrsKreyBG!dULA)
z**{g|q^Wp0f}kWEDZ~1cpQMA+G_zcA<#FBkuet}GslAWPpOLaPGrd)-c+uIB=HU#P
z`1L-%Xt6XB0xjob03xq##npN*(E!eiiv#E!0h4<{w;;1A69g*q>)QC6k`2QAhyLdp
z*y-<B)K!5j&pXFW#q0FT`!b(7R<?)W$8~h)er{QV0fK#LfZeTzth`MxSzDj<T<J4h
z|A`SuFq`c&Ztvd&k>;nrs>RSzr)QLy%6+8R&jaI~gc27hl0Fo8JUG+2$FmxPGyT^*
zvE<C@_&iheK>3@3>Jo+V`cv;nz@BoO4u~#1k1)MwanCd^IdA~|UJH^>AAmVLLQdIY
zNA?7es7LsufFS`ChbE0omR7jI$Y&Ny|8?0PNocZjmU*Jsb=bs4w2{p}H6m%%TWtHM
zx?r+c{{GcDE_Fc?w)IRoa+ZCk9+Rt|3BVvHK*W$cZ8H8nEiElae4aOseDo=uQ%@X~
zuKiH>q#|eYEePx-RL$m8bKe#h7rr#zUm#EazK>$|E`QI-ndNeZH0jN|X*^VT3_VQb
z4f1HY{`7%`AOxKO2Nc~l6NBwH4J+zPHy$T_Q*dFtZ3D2z({7uqPtN8EQi$X%w}xuc
z-N`yLgZn3|UA#**|3+#7>YU=m!{FW$tKMutTApY1`q&0Ev}p-`pHo^<`yisXR-Zw&
zO18FiJ;SRr_a(!M#xuR~(BD0!n)=c%T);ZVHQeAOwN|Z);rl2a)(sF+08Sn2_N$W~
z`pHH!_hlO487fWEp9;N;_A=_ZZMl11@P#ta{h&O8{hc4Xjscjz&D?9EEPEasaB>^m
zxx(2OdlI50oyKC{v8r(R+Om9d7RIUK^IiTyNhSGX!~w8CyvThR=&%O%b1s6hcssne
z+8E58txtb0*qj9IJh_>J=k<tU-BO>08!4Q90GufgK$@Oi=B(ekPdy^+nrmIbKwG)<
zfUU1`%cJzBxTB*pTHq|NfFb^kXyM{MBx3fAc8+6I(<DI5fKP~oO(7V8?Grm{_h6<3
zV_ebNB}Qxf9{@Me1XK#p#stUn=q<kM6!~@y>d9<eZ7*_m&`l=lc^K+8BI$sflx&zT
zI_VQDSJ&Vbx_<jXsL{(gd9zr5Uq*~Gxv_{>_t-&n&)!QgMa08(kQ1lv*cnaDSu`p#
zMoB!iZiJbv+8Ay!c#)ob=!xwCn~U8waTj`Ad}%g(9!X#SupS2|R)OdWsl5EHC*Mvv
z!!sEkd3i~Q%4cs7UwRZW$Y9CLLHj7&y#|9y7f8@s-kzaus5qHDseN&}yS=&DmbBB?
zr|!3sYAQPi8uMfj1p9Q`IqyO1FUHoknt^;Hpx6*76TD3}f1T>V1<&n6Ys1)mA?xw+
z+qn8R<(m_nH$i_2cdX1o(0(^o)e04VSCc%s#`<otu+t<CDO;q#Hsath5?c$o?BWZw
zviW?ERiRI+TI@!A2tO7**IT^j)ko74cs;*Ewjk;VjA{_{4u0qwWK}WQo}QwX11P0n
z&@~Uc%;63XPXrAi88$zj@v}g#q)@!TtAu2eyd}?@FLh~V6D8-}q!q`L@Ns`XV2^#H
zFKM}Hfhrk-OebPji{TSjhd(grVyPn&^BN#I;R}n1FKeISeJGur4C6F}SM4N>!<Y|d
zh?rT06<N4m#y%dS_n0+)Co#E`P6qL8ao;GZz{t9;=ZtMhx%cEEtT<Q(LguaQYkWq!
zA7{Ry=?qU)3R|jO<%g&&)klt;DpSB>u6W$OH-2KE0})wqu7_I6t7hkG7aa39VmhcZ
zM=dfkDL9Hs%b#T+F<(mSkI<S27E;Wgn4EJ-NWZ+rd=IlSGs{*EV@X-O(k6N@R*<cu
zv$LW@&i2;k?TZSph)r;A2RJh`;4;kdC@#Z+eBK@1yqH=+r^Z~>Bog7GGrTCXTi?PH
z$BPXW?`StBDq#_kl%=*K*X9zSqVAiQ<in@gc>pUh&cRA=Tn!2{IiY)yq8uvhzN9mx
zk$(TiXrbPcR=GYFfRI}{ZfrDdZ}4mmwk4{{U=*#4JKr8pJbNZYhrvua@!5|PmF!Cu
z!-<5==!s21|NK=jfnx!4Zu?WFU?P{dG&Vfr;IQl(pr5cWq}+E50<6ad@@_(^?Z!3e
zI#yU(uvVCq4JFdOja^c|Vb;H<`lr6~CvI8IOaf<<V$qr7tmTm$2j4p&5XYkuwcxX#
zI&Sb0Gs7q~V@aU-sqc?V8cLOysvX8Ip355<jRQta)sKP?t?SoDo7gS7KPU&i&(R!w
zN%ehVMt3(MA?>(86DoXv`G?1yr`dPrCvK`4vxR_*mKozo`!(NAuxuSahW{CDa4kXl
za@V3e0Sj)7h`j3t>|s%(W@FX<Rgxy*<hvlmE?LRuAaU*0C!iK`yhJFmcyGy?F8y(H
z{Sx$e;<igU8e}CuD-?A~+Rga`CrH)QtmKEp-I<!TR8FdHtPiJ8p5|KT2zabNlQAFu
z_3*NvAi)=^tou&0*GW5~ZyY{&UPobzrM-#BQd1oUsN*)d<c(DWX{zB>L;mR8Ey+(t
zO$(2+bR|{Hn3k5TkX}sC=#NcpVyfl3O>jUSMw(o)3SlVv<er{-69f26FPtrRM>T?3
z31WrlYY>L7n&m5?PIIu_M7^Tp62qcQ0yrif9EL?4AhZWgn{HO)hXZ;fx>a~dw0`Pm
zso|4o5*S*Y`{i~W2UGe^GxBD~91WAcx+94`@hPh7mNm*3i?;mqWFhDEFN@DbG5goq
z@5P?gh~_z9$~x&t=M8MQo`r?jX_veK7;+yiEfV@W&bz-JN?J^?sinvQW&t^>!KaND
zT}&m1>;9Z(A9WTDC}Nq|-n|K57qSg~il((%{aGf^JR~ni1FQpZDwiY+R~Rh@Gd^+~
zK;FpW63z+V6A}+^+xn5T!=G=h1r@=-NSBS(&x|kAgwV|#;a2G;Z%7_&R@f31QvjN(
z2nwIzFBFdPJO9Bpe9;x%!(E5og_*R;d7wMG&XPDP-mm25BtXOtjFa9#JXYZ9lQ8|}
zVt6si@er=fFV+t4I!o(As+2b%F!EX0(IQyi8R1-Rict;rCwKZfk=jahVjhQF%)VY!
zy8GUHZ!z=;8nV${lH*klmEMPg3WJ%ylCA0oU8PJ0L+oxVA)nRZi~ab$0wji#GNZF-
zCq0=RNqLbhKrAUy>8O&4J-@BZI)+4<r;8v|%gju9Isrw9<^I~*qpF%s{_X9#IXJfp
zp%*T>ULXm`lp_W#mu!u?MajEE%QqZ?wiUPJv)i-x-TEJXdrddUBwxzJmd~d2eRzDi
zm)cY~`8iPFrTD;M_{ci&lbTTd7|fU^`5IF511t8~m;Fl?z42N`;l@;`8ILi;mdJjN
zA^g@G8)L0NLbYjr<N0cLNwQD2DCA_z>Vfm_g>0pdm%4TC@KzGP^UKvpCvFP?4NLE^
zf`-zmT4jNkV0KmhBN%560zNW83Ny}Ixp?cLns%j#qVBs2rZ<COZD3#ESCq*$pI#Mi
zt;xzs1WawRfC}Zh16`1JO)=ejA0~kasrGO(#ix&b%fcQ}-R=?(m<Zx<D8@um{hD^I
z@7IWH4MSPHeJ4orrP!=J7e_DX`xT330}sWU^a}eE4zBt2uiS~lo*DBZuffyPWC&LL
zYZ(>UAn#dK*h0kuuO2I^dKFAiTFs{>KYc3TO97}q-Fh}D)3#Z*_{U0&g)=v&%UVMo
zSWLUGh8-hIrZ659_ea{@eV|=5D6(NXdG#%WRYXUI@;uPmI+dT??zm)`Jq7Vt-|6T`
zrMw=8=UDZ`>1~OTVivk!iCqC!fBGod@&4QiJiWnhjh{=u^6SQNL|#-3dEoc3z0Pj3
zQu7s0rF0$%@wbzM-SONTbzVyxfN!=hq&CX{QZVWOs3x9fMgk_f7Jv<zJB34Kt2Za+
zYy=Nd1$1~^`qLE@T{IV>9ns1aWW>tf0aS>#%YNh6&pFwcYlLwhI8PWpG-?U+dnmIM
z7(-|B8H=2r&S0h-5L+aq9!tW^nM2rTzW7yKjoSm|(uk+&@L~r$)Ky~v3etTKKC{e}
zEqE9zU*Rbg_GhB`$;X+PTPxR>IK{8C4y3Y!vC+PWJpr3)yhZn2=#kd&O-#6=*n_x-
zJE};}qTu_7(w6xroAGd5A*+>UkKL8)eZ<!Grzh}EhAXz$IgJ`|%pQNcZOo%z`*X!4
z+!0AD;wqTk^m#2lv~<jAnr`RI5fk>|u+egLhi=t%S~I32e@-19iiyw4X$pr^?%&^Z
z^ev)@m$l58Y<io(C_|{z(F%_3fS_IDS^yPdpW+Tfvmsz{BJO%8P4YdI-0Rw0fYjg{
zwYN%c=8q$UY+%~7vD?)5ZMl|J1)<p(U&3lE;DQU^F`jD)mUrhLnQk(mpm#_jltP96
zbX0P)Plm<D`%vX-BJZC3lI=KoFSydyesl|dzsipjnjIP@DC{sWm__+sP?7{=0Kq8J
zKscXdvJ|T{M&f=J$MsZFFNpHE<}{LjqgdzzTS@fPSr6~y;{aT_TC#h4>d8=%HK_lE
z3d&Cnm`~)2at=)SJznvGZPiY2HWTcI6+*oOE4tMgg^1ohOACjQ!nV)iL_0moAvxWf
zi-@&8=*WKB57@{duwg(7*hvQ>eC8y)=T#2LJ;0F6IyOTGR$(5$<D1j9zvCNGxgi8I
z+q<V>K*X4Ulk2Hu!QOiw2)|P<tRC)Ui10WeyhKd8Q<ux|ld%l!zwo9)Kv{&;EgSI1
zKATSS!ww&AzQB3S=$uPR`UPX<YF1&zjl;$KbJCb}+UZ;bfTIi#(90d^DH%y~k&@y^
zw?{0u0?q_I^UTQy<NbJimm)7Pf5i(TxF~V~Uk9`7XLCtq`IGDN51VGz;+iakah-@Y
z2&a_twXgQ5@;P6$oi_-gLi|uyFYKMe6f0(Gvkr#;${C7HUwq6yrtLcLdP7by<0vrL
zMr$T`#&?ICOHf;xn^${D^R`3&QP{?o?B*w5kM&Vml4tV!`l6Ezw<Z1VY|6Ae=gW0G
z)N414(tl``SovDFy@E6ci5f27?3S|n@lq*_fH0$;TZx7ivBqvR0Qak4YkXXluak&q
zNmtefkxRTRRbc(6t0Mq(TJY@++}5<GcJ1eTqFHF#aY;p~GJ($4q}MGL?a5j?iFJWf
zN?|K4cHxpc_Q+}nK2XFzs!o6d+rc{O024h*@L;~=6tS!(Z}`!_nt#~mM1uE*aa;_8
zHWE$PhL%Rd>c5|yl$q!Cej-TDMJZ+zENKW%Lhrb;E<Py7;>!b$4h`9<`*cjNsf<T%
z=f6?GlCiM9W8<x$RIe{Fkc>S}5pueC$aCffXy^in)34()@w`zZ%R2bO1<<-SoWA&^
z>XCkzB2EFAfoK5^%+AAr^G6hBO6}ZK%)}U9%A3OeWOEqF=k4CaN&2GMc~d6kBeC@m
zX=LK+d5|Jy6UVGZC?DZdnW?9>0|sK+H3v2QDx*>s*5{40I_!2I9jz-=AI`c<n?=Uq
z^Dw`gcX=uqJ0^Kn8vsWn{P-vs^S(pr;6$|sJ&C{o*2fb*&mVX0zT1F_wzWyOoC>&U
z*u0K98SyI;)P7`^N!7oZTQ-v)$7u>WD7`gp9;KM*Ni0CSaj!&wc!<7wBLFWPLt}F}
zRp`Kt#nHz=V3$JbX`38}@!N}9U{^BfzncmUp@|?n(6zu5#OCQ8&}Qg?T=xePcT#b#
z>}w$9AfsmG6wz218s@&Bo^*afukcYpr*)x^BXoprJIvIRbsDw~Pf0?Ad%Q$3UXu`u
zsj(z%Z5d?ca(>hW5zMH_?JpG|5m{eEOdv2%^t3mGpI&7@a7xm~Ogdos)2LzUiwO?8
z+;Da578`~|wsfa%<Sc9GB%#~w03D%#RrC1y<vi$!D@yse|8q@h`cAq<X#D#HC};b{
z{QHjY`r)U_xKcAd4SVR(IO7*s2BLehrQSzE;+x0iE2Y#$(4)<P8)NsI;xtzqp&S_X
zW~i;tvB0HoM4?yAm`p#tBMl2xdb_+gz`*)+;vEH1L7SYnv<sttWXgRH4sfWSl$!q)
za+u(>M7^SU71Tf@gav6Z!91=_VoYEu2q80;gSTXS0oTPa@xV%7(q#|^Xuqd|h;Avf
zeN)m5T314Lo+o)jY<6moT+NDd@D~Z?RPjIXj7#M1_xJ&l;5Srk1$gh{T{VLRbz|Oq
z7cqv+jp4YK1{)4i4FTBElOKS$$aHpEq+DsC=8ofZ%(4*w#XD6uzNfHUPU?JKYZ4HB
zEJGOru?bkdQYhOINf~KE75Y9WZ=yECYSi6Ej^EoltFEJ<L<VRF4@7Ef4^PKVb9RI;
z^`ISpddpXOXCP4)E}lzR`(a(B_iR<FbcbW<-d}a{$6j5_qYV*^%J1L3O;R{oWVqm^
zIS_T6b<MEU<l#%&s=Vc%1bE1&)e`iVwXHMKZsblS8jM?Anf;=r@(kI-+x)5oW<<r0
zGq}jaI^JkQnp{q^@;?4-xp>Csc0W^$h>C|f<1plD4SIdp*wI$k;YX~^Ogy)^Mf>Bh
zFn{Dx$n!dJs&KYQdiF|O#04rAhQTeV&<FUK>P@H&@i09IzMnJUNT3fZjM!0OF)x7z
zScYY+Qk`~R)V{LVu5XppD_?>c0=;spd*LF0@`&caF1u<vIX%Bfmy&&JmL^p1dXfd}
zB}G6Ncm0N4HtPnTtp@6<(32#glWzBVnBx)LvCEi(P*2=tBSyaDqeR;Q!8660#aw=O
zB>klBr>L9!5$Y)og4(70*jss$%f8=2!*0Qgj(46xIIv4P`K_eUI=8GwENSsB+rk8Q
zPSGcDi&D6;A*#Zn>slHSbp5jRrb<pfyBf_-jrhTh+$B<xO7i4;+@Xus%7vMYVYijp
zKEf19doas}^;=_oCsNZnzh;=&NW2dKYfzpZ7H{+6jRk;!;+NuB5WOAyEj08a5W2Wz
z!>yAhWyaLye7xzMF$aJ%CEUtKwvuw;{?+?#Zzx^r6}Qrxp@PNNM==G>x;K=3t#VXr
zR^T5n<7Kcm<UtRw!SMX0GiGJgA2Ezs<BhEEOTfey-(qH~AIm{b6!j;|f>9>%4+upt
zLA8raxWs)cmBc1r9D8ZFkTNk*iFhXnkuZeOx$t?fGwKLePn>r6o!qlQK3k7O&5k%2
zNJiXIJK5-3A*_ozTHVa%MCUCGO-w4Q2g~G7D^5>ZszRbR{jhml&<$bt{w`F?;FmsS
zq|VUBY1;RaDQH8O)W{5Q{cSy6NY0`9BaD0jHpl0|@0=vA0GJ1cl}fC0fnW5kSS)8J
z7I)y0W<T9b6AnWJzQqmYdg%rB+|#Z`56H|ZNKtm&vC_w5mHlS-m$>e&%{H;$s$HRT
zv5}9=p;m`W#eUiE+&<Az?lw|jxO1sYMwNwuMdZm9*1=>F%fHQpO}F<Ps?NS!@BTH6
z<$tvi1t^;*Fb2my;|3ogmaUiC-Z5*f4F|K_jsTtYb)2CzJcX#$eJNM1LtGaNB>p}r
zFG=|crUq5?0YsUCjGiP5j@29NT+Z-a!5b<mZdTl!0T$oiv-2+YrsyQ@&eTBDO||bo
zP7ZR{I6=ra@Kh=rXDdBn>==N(ePiLnJ;@JOUSdB!hO$c#6sv49O79rc2|D-y9wb2<
z80Y+jm^C#fOL`GM-560O?pKcJp&S+VW_qAC8Fmd)|B}@c;jy8y)+IL!W+JcL?T<oj
zF3u?+y*Q*CI99;ewsqh!2*4jeW_Pj-Tht9xJGc$cAP?M@Rlf#`s~_BqfBQZ5%9DtB
zt<=CL*cUH0>9}@+AjTx5fP($10T~l*69E9+#r|yfl5cK&;FY}tk1{v_;+4GP-8y~H
zP+jCoIy6Wwk5|9)jyS@CHH${{xo-KhyDm+B6a0x1zBw+u&*_pIX5BO{rZ!jw04<BJ
z8M3&t?<5k%otlFuSNDF>);+#?a|Zu_Hy7>1#}zm;W(fUMO-(VT7!&cm&_CrqcOcoC
zhjEQx$qyPMxeD~Tqbi*&W{p@rOR|e|PK<R#dg&H&cD0N^8<<j~RNZHdYi42AM{u0?
z>S%|rG}U=!)6m+Bwt{<Z3&<i)7>yKZ{J=Qu(dJG%wL{E-QY~H^$-UT*uOF#LlHZM8
zjA?wO%gXkyqmAX%Y3_BMwTQ(vJJoE3e`T_G!snUnHW1YLtJw8-&Fh~R27Npwv&=fb
z!C82{mYW-&aYK-Fd$@*7T0On~GWlJzOv}0C0J(C<$x0Dh;$!OpjKwM6>CsqGa-HkG
zGvlXZe!~hMA=PwAq37~0&5_ctWnWD}U;DCf5rMGt@92}^QkjBkc8L0-oGW-VcOhAO
ziu;$$;u7x&vGK@g_JNS<g_)Tk6=OozU!NfI#ru9yX>%mi?#G|6`1_lFzYuZaxvx#$
zD7Wfe)|@$5>3bMWH{;hL@|6~c&Tp6T<w?_Id{U8q-Czl&OApSIYn!2L<3riX<{v(a
z>+ye&6<}vkOMVtaTvw&pd2EgUE15V%0-qoNj1tNgKd%d@^gmvokhShr)g>txjFdhl
z`gKe%X)p5PUyJAbR+@{1G%ah%=+W;QLgsMd11N?jk&3>*P3|O_e5LKrMV~54-;_pm
z{u28gga5}{_-AR_*e)%wgTBYBB3me8pDZ+;A0IGDDi%!9#9ts{IQY!1Urq9E6AmLh
zYdccE@U#ps63BgnOQKAzyY;V2DviECO1fpftZ)rnk%!s*B_=lYwC*-JVJfnfZ-1@^
zM;2Vo>-GiY|KVz=E`dl|&diLz#MZdp9bcVB>Lv&ug1{5<o>_<p3jSKrul?p4p%hcl
zWTngHLSw923rWmpQ=FF23pH52*FAayf8`tCUSE-4QdJ#(-S1-7MPOn!Pji21vzE+7
z=FdfcWdqyNOn_4H#UIP|ryBdu&iq}Q{qO#=XZ+eGXW(2%t_QXeDC?N;Jm(`UqE|JI
z3M;PS>I?l-#KC(7;whZamYV<lSO4=)2b{#jyc-!=*I9TOw8O$!RX)7J?!uW^*vjv|
zP*e*gz4zxvkBMV06Cv-4T>002|8Jl4fAdcwQLseUX*q?>9~ns(l8~x=xWn`7d8LUY
zpioH?VymC1eZc$AdeMXRn%|KO`PT}cCwBkMxBmM-9T~uS2|un(5BXgJciC&X!UyD-
z*w`kWWKv)MS*_A&uv+69U3dRkgFnChKR$>*?+o}!Y+`1%s#`~?37$w=Vl9!Hh(?NN
zTv(XneV)FEKfkaW0)FANp?~gw-huzq{k)>a<GVL-<JQ&+qxZ!!RaMnX$|m1XB1H7(
zhYqP0s`<|c|37*j;6SZ>1%--4kaI1}H~zWPi%?*iLSaanzW?3Q|HnJ64FF#{BRv42
z18KlUTN@(p-rfPFKw_db4BzG2pT+(vd44dYSabibME>8r$SA%F3(GKHvQh<hz|xFq
zuFizcPSw4_(8cJ_g-A=|EM8zSVQK!`*8cl$`SZ?y-(J>CU>~Vnpk+${PKS++Er11#
z@jVZXj(!mpc5{lD{hvg}o)Pp@s!3cd{@m36>kj(om;<|@3Y1?HRR&mj8REmjaF#NI
z4;Ufcx7gU~hl?Lj|M^A+hI6;ZM*_F_zqcQPV7F$ny}J2c<*#EGe}^%~fDd|8HSK)M
z{{M0(=O*OQEk)TrWfMta(uofhDn;QHrhhK|H3L|$hnag0f9~#ozh2S=7uncszpXqd
z181B6UhG$c2T(fIlnyFVT45IT?|*jb_(Nd)H?!wz|L3Rs&k6c3Z+T@1OrbT!J+FDN
zT%g9JY(C#|<-nx-LzjK`M4DB5-9H};0H!eJYuPE!|JE@5>z6)-fU|M5>z1tlmq{Nl
z>u8IlOsi&8@BHT$6u>RmvoGTO>r?;R&HL)c`7K=LqR9H&(8k}nh@FGU=iPHze+C?r
z+0cC9KPMb}e!{W0{X+hjt^a%im8S9BH;1nPsOXkv*uhG_Oii)j-_eKn;**!iG%s!e
zg9a-huCKipJpb)dV|Izp`(=WTgQ|EwK-uTEcpkKcLO+(Ttf%A|>l2^e)Bdy*dAW_f
z6^xXeciE%w?@i7(>HOnNITyjjRGcxU<(A>ommsB}zKZ4l<Adhpz|yqnU0vw~i#7L<
zK{H2nchx+))zHiG4L$Uf4os3!e0=>tM}grwo-^{s<-AnZe?6j8d6QqCGGe$5w9}D*
z%_eZPC>a^#_DT%zS>Y+m@E2r;rBzP?cOZz>^=B8P|JtDeL4nehD?0-`Qgh<?@j>S+
z6|l<mIM-1kPq!?S$gJyKJD<~b>gqL%io-S@SnoPp?Wz?DI#JJ>$<Kdp;Bw7hn>9wa
z(OI%h;NHE=9R`YyzaBJE>v`}e6Tsj!+mHcf+GSEfZ-Wr`CW=yffX*jR+~P-~@`pW8
z^$G;kM?qEMebbbeL|hkxo_>CWRBLpY+Hsz5bAg>?`7=M?7q%b9=}zF~&G!PamGxLP
z86fQxnjBFRTslCOVDkVV;^xV$FRv|q_m!^qxx3xFQ%=HH?4!f#&{n<4Hy**EQn$Et
z@c{2Rp6~JI>#eEkRxob25PZ=%2shvw8Qq&kFZhi^8bGpu(}|V5dOnJmD(b<XeW~Ze
zU4kpurZ0mv3)vVeX}zZkvs+Pr;B%;?w3hb47!Us5_u8%N$ylJC_6z(ZZd5Mm!x~Ka
zCYW&eCUJ6$B%xCS6}9vAzBlJ447ABIx-}LE&)!bCAdk0#WkYVBsbw-lW!9mfQF{^e
z28fTueGd6HXPc(V`vx4b!31zz!~sR=2eliGE(@ae)3pz8?C&X3LudBC%usx*({64!
z_(nz}0BC>dOWis>ANU>@Y8axgj61+A>F?m`@xRzhNYgn5)M_%@5ltj-UNVM-jg`QO
zLVPUBdq6t0sh8fPQUXWzd<d}DtMCn;sr9~mY~o93i6OQ{=3WA7Q3M9ns7)<E!FjT9
z!V#i#+wghg%ZoQ@C4=B!VgB1+E|OpYrEm*?+YB4Dq?2|!gW!q;1K8Pc#8;nzRP0VD
z8uFG#<QF~70V>LJXSRyqjv<52c}eJO?M2ibIi3ucTOw?1RHf6gbO_8(u?m;gGqLiw
z_;pW7pcRpaO;cs&xPUln(l4T9#~Fv@03|WFfxC}Z&O_^DkM-~D>a^zilwnYo=-#g=
z!V`56<i1^KN7u%?_WDiLj#5J3m}4C9;=fAFO-eaeOdirw^1I*O&b17JVi33ho<_8<
zpQ<Uc*(Y^5j`RlNau=!HN#SmP%w1VIQ{Yx`9shE@Hma#oJ1U8i{-SoOk*fyZgZ~Z~
z+qi(=diVIk%jKl*-EH3;d>8T`>4ad&8ZW}yX6SR^3B1HSramtQi{61g-f0yzy&Eks
zBKyfFN+-kThzcS=Dd2Mp^@{2;X+A*$s>!GG+e~d4*9>TVy9AmxG^+lDIl(ju0M#ic
z`8`QWNx{tWedNx~X+nm9U%fT9KqhN6DDCFf)RpN{jmWJ8a(p18iG$c*3CUJ|?{m?6
zYtm!9bdEX^fw*4cTo7Sh4dwJEQPB;1_xV>*&FpJG#6B`qb#Zg4r}+)53OQo>{Y5#2
zLd3Dy%L|!#*ZCn%49b=_lHaFBus5NJRXw_Oga;#KxW&(Vl*e0>y3+%MgGDgC*FZxd
z!YiO9w?iWUu-7GL)k3zcu(bK8nfepyOIFTLzW{=e=ENI4&6r0wNFcO`nRTdNkn3&d
zF+;D1Cv;7WnmLhX*CkvRb4!mXHr{W8EiVKwz5-;4@b!ldR(Pd*$kn(P<j?o}UH`y0
zH@K(xd(Y9nH-X%APx&_gPa7mHpK}arnfh`8MjgoRey?<@O=V#_r)!~E#s8c->*D|F
zKDKCjZRkbJbR9k5MdS#5t?eS?fc@av|54&6%$UB!-sf=j3WDI2eRR-k!EV!O6d_{5
zzQ?Wy5Qb}U!iM5+CdW4X56ke3kB`RUw_f3W7qV-1h`}FGb(}@v-Y>*nZAR@!yrLeq
zrQ+X0xuCByg@%Q3@XsA7nxpQ*(?PZ3;el0D6-OQ?%+ZH?F6)Etypxvr5qcPEKT|)#
zdvA(^Hbg|0fw2<SCJBu`JPYuHPOrjJtCGKdVXA`A>4vwtjCCO?Hu{Z6;c!w65GlFx
z&HuPCX?M(6(LZx7Qfej@iUfQ7a!VETmsORP+NxN!QwUJlsZVOsF;WLW|D;47rn|5&
zt8(6J+1TsPo^YZFW;aB3Y3`(@oPe14;d!7BQZFSgeLg}^t7`!XhB5!Yh5GbsyGmSz
zx9&c@C3*Vk=3;l+RDqAG>fvkVhlV&QiO~vXOiBFec|6beb&B+F7(HyU0)lI83d^rB
z{-hi@lCB=>(`45uc&=9_>0!<7h8!iso&z#=_!Xji1cT$lMZOx}V;Gy@*8_=3Nez&!
z4)TELWdF=FrsFf{fIS2p;@4?Li}fxK<+M|eX@9h?f^zDSsN9Y%74uxb1mLds<(k2f
z%6=3#7{MY6kW;$#?q$S^KKvHnLs{~TVpvtIh!26E`34BZ8MV5f#jrV0QQpA6H`=dJ
zgL)ixcaDi|eH4CSH9oidfEVxGHA7%ADb9|f1QcD+lf9U!w<t%4$kp#VR@jBnK*Va+
z*||#&+k~9X;ocTF6M*R{HlSge8-{t$5hAetE^16@*gyxU8x3lY<+%u;JmI7IN*3Fd
z<0q`j@8q=U2@$8zx1w7*j;d5wuI#ehH_I&S&IrUcZ41@ls)`Pt#N6d&Z<D**`ufVt
zJg1DE49PH<CTQ7KtpY{ChjO|5)~JsF)nBsL@592bo+PduPP&^A7ItwCf2!9yQi`?g
z+YPhmVpRQF>#<2oVp*G%E^&&m!)tufjw=xzCqhJ_p2!B$<(*g~shFK;YIK6a&|Zol
z$;JwVK*K^fwGsN;pax2;7w8mc9ydPR#kGC>EUoW!s0dNRp<%WcVu$_Odj>d!$dw{Q
z!E6>=>zUIiK5Po=zMLLl5%vKUV4<XXl6sgPu>K-gij?#+BYCs$?=(s7{!-++)5Jgd
zcB~ADb(pk_N?lu;O7~F*S{b18fX{Tf%N14Id8pNwTBmDnRvJRuj;v%%p;deH<!z;}
zxTl@0cm^qH>s_fdI@L6eswIWIa2=V028ps8pCKqr$m^%pE+6GzD{`~=#EAJE-YGPy
zB2oX;absj_ssR^}6J}gRoRVrHx28XHCKvH=tvjFoWCX>+_@9p-d7OKtPx@5}i~xlM
z=m5lpn#~aW>1W-qtSg~<o@Qu=v1aC5oZ70P8f{ViFH|XVTtPX7u%!9;>NB9-Ok^Kg
zI9{PBOz)6J4>=_k$Fz|$p-lz-DWeJUfb?}ptv2%NVEh9>@o$>^wEa<yAJcs+xuH0#
z1SW6SJk1kX)2kud{tey&k@QldG-^ow8chC$;pK(-vr9HVm>aL&pb530vLkJ_6{Urp
zMc$!L+e<M-bX~VwAFk;tcm^4v$e%TeRAlP=GBle*)K$3-phb7`o$L1-Ca_9L?vNcA
z?7E=ctW3;nn~G|k{%xZpp%vP#W9)WA)m+jG2`dZbhFpX%>k|4TJtclQFDnY>i11kV
z!y`-gd-}``-t5n3w|sp78_V_+6pgNvaY|kRyxe3bz9;JeR2Q%xVnU5)j(y?&@(l9b
zAB?=a3FhTTOW=5exf-}~x3P=wO?RhCVBJ&2*mY}F7XFnO1FDCE8I9S&@y%Gh3M(>K
zl4`&%cO0w7%J!D-h%#ov8oIq6*CTnV5*79glgs=jB3n7;R^sIqMKTU?`$Ksk!h+)i
z0kkH2-9|6W6Z!Lv{vXEPGOEh<?e?}2X%G<*kX8g~kdTFhfV4=LbO}g<z*^GXNOz}n
zBTJB!ZX~6<8&>QSz5n;~Jn!D`9(xSFFm#|p*L7a!F^@TalY)DEe9!bN1gvj*&TV<z
zPG@Rfq{`v+t9->SY1E>4yFh(?D2ekHJQV=skC^5*JOct$^1LC;WQ+1rA3l0bWP<bg
zVh=)nDjj|{e5O|QHk?}Y&LdTl4(lIE3*oe18Uf};t@dNnrO3z78y==LZ~-F}W!Le|
zb5!jh%x97N?&*cg3&T*A6uDWr8VpsATG^E-c$fbepgi@lla|NQbAf00W=Gn~Z<HnA
zVG22~iDe5|qe;5Nu=);e?2c>0H4s4hegry^?iOoS?OE7}<qFQ6=fcZr>EZALB7@o}
z)UfVL<UCMGVE#V5T7TpjNiw3v#YJ@kedk2-)qjNyXM8Zdd3#FKlBg`T#%){zY8EZK
z9^uuf66atT5`dXa?9Je39>WSAq+;{viRGGtsAM)?#_IH#?p;`(<n1ukiWLEc<?~hX
zR#HiPTK$FOEz_HZXL|&B6zqJFpZi6^cC>#3B(;t*2;!LKAyF7KTdH)*d5JI`f_)mY
z?Kx&q{d$IjAGx#;qO;W3H`D;`6_gqj>L{BIRq{nYQ<d{3Sl=Tb&bK^A4Yz#SoqhRx
z*Px?u2!3)wz6Yw~gV;C%&gl~tzJLXtk<JFIS-SaXJ<fer9j#l|Q`I<Ay``nhTVNIV
zB_2^_{*AHo$<kb<4K0X|rZnm~yoEA}IU!bj5e3!Xo7@-P&w*s#W(h5P3MnuAO0-sL
zyV^A@<>ToL<#4s`V<}hC1jU+7nqR27LgaO;l$R`GTXQ8PEHsvt`%amNf3#$um<cQG
zhO@Xw(34+36*gy1ZwZ0QI$sylAsq*BkoR`{luv+Lj5sS#U!h;$pOsRp3~FHwQ!{7~
z5OGk?H)@{hg!5JS<;|3f+okS%yph?OD0_)-^D8u}wG}vmL<?hj-6E?^2k-5$D!umZ
zj}yWHPU>Z12_Z->8Ifj<83q89-gk*qk*w%CshRymo&uY{4dC4i;%u;4t&)S{=U^uG
zd2{w7gB=y!dZ+NT!z#pKd0f_7b=Dgn@(?9Y!@lpu@8FZy;JD-Iar2V?R@ts3X~qmn
z-x9U+n)coas#eigj&fcHG9JN_p6zgeYP&eZQ$aJUmy0-+XGF4lIZu1t!Tk)jh7ZGZ
zoDgP)_T2_fC`-B2xDuivRC8g;H(XXYBJi^v?bq9~_l7mXKS17v?_7jkY=IB2hOz#s
zz&Zpu`ilw$ZVY~E&Od-4^j}J>r;A-&+{4+N_PT!s(V8pyVTw9p|K+}zc>26Y<?jg6
zJYXIBF<DjU)1G!ZTgc+A#zxhv$a26f0TRa8QdO}!p3`-Q8IX#B0bxS|4hms%b6`xX
zD7q{Afy1~FOWv!WlSgsNY3;s^eumPyQT7ugR$j4RkD^IelDa89t>w$CbQ=6u{#@;b
z-7z?Q$q)>~or8HlDi6Zi!Dv=pXs!MJ4aD)dZmH>hOB%T`fb@IkhI@-Lun*_<f7U3t
z_FT7#`K|ytZ;>Bxj4_EHUu28#HgL?`2BrwlE0gC;CKi8{{4vexa6jbw@^Zhpo&MKL
zM4p`7Qi<BW6mS6gF;nyT(k1?x%{eh5S28fDKHZg6k^@wZ@ZWZTJIx<FX?OAibU7g-
z_3bD7r*=m?llW}OGQeCb$^4#x+IeahPCh?mcdKeI;`IYw?aDdW%!%&TX)obKi6xaH
zt?N?zZLYsPY(MG}jEF_k+&;-<)Wd4x1%9t%k7C<pCWVcd{1CW}s2ebcxGxNJwK?ta
z(aR>>NBL<4`Pa(kSQTq=O_s<ZK~MLc`%Ld7O}Pc^*B%e>KGB}6EG52VqDgysszvO4
z79k-9t0t-1m+c5~KNiTaN@G<I&caEm)ZmjsrR^#vj<Ezk!AwVzx6p~mgQm!Im!KGt
zgAj6_?*NzMX1;&xB+Oy+Q%_4t>#4!YDrfKuaJ>We8z_T}+|EQ31vd>Y*N&7tFx2Cc
z@@r{X{VKox8hR1Xc)Na?oHSn0o^7ESgX(@dz)^VtfXOBPb6KfJ+8blKEL?zNJW!>H
zm+q1vd1t1<!52Jt`HC$IPK9VkX=npEE&svh31kIB#9Me{Q~Ec}v`-L;&pN2z<4MRo
z|E59`Wj2jJ-Vi%i>tXf65-qm`R15yS5v4EQFWeVC-TY>q&R?^SSEWS?Zj{k^`5%ws
zY(z4dM-w-!9l7w<esvQyIc%yt^w7Xk&K-u1y7fTGoa}c8rA;jwp~yQw$FRVZ{2_E@
zqiU*EjBtm0Wb$&Tn^OO>6?3r}A>@-7cQ&yoFZ}Hj6=o7R7;rdc?3h16v)tRBvMc7C
zN-)!MS^y|A;W7pX#&eqKi_GfH<?a|CK|jUA(oIHeNdq;?B*<##`e3X4BKOci#VyP)
zD>w005K=1=l<wHJOP$cov{uqVn9ggK*nUA|k$;oT;+?bgT&iBFHix1<_&a@35Mr||
zhOC9AIt&kcxvnNV?Z>a;&q>pugn~7UrDK?IZez{fG;BI}*jE^{a6x3Yh`W;H2KQVh
z-D(Pif%%6e6Ymk%!*Ty|+WZR+E{n-dj?m$gXPmSaBuBV|7jq%x<9hu&FH4QO`}1UZ
zefCjqm)pi?sLNeL!u>)4SWNu-&s{@gcgP9jveP0j*`ZVNF>OJG=BBP(3e}gACWzxD
z>l@Z&tIJ_+2qPcO49GUXCAZebF`-tCFsqla+|5(Mo4hITp6<R94H#?=Px;xmU*`Ug
zAp8`t1fwbeG*51gYw;y=P#w<Iy^)3HS)CuN`alvr2c{R6Vw@3xVc*(CdQFaWgivgc
zNA@kg@O!G;<cV)Nydt}|h&M;B?`we~4Mh0jug#y|{2e#`4M`3=<78K~bci_oE45;7
z|7+*dUrL~i{b#d?-+d*K(Xr<tg)DJ}=y^IvYy;B75=p}z^LZx$bA}~z6RJJ2Whpj6
z=RzuRsJ6`DJ!=91x4`5r?K=Is*qmrdA|i*S+zY{gV;HS4vMYE3*tsII>|3<lOMI#T
z6+g(w!H$lDhzC0T@NBzA7r4HT6Rk(R!REYq^*ldf9CnB!^XhHXuev%mg5rR>ox`ZO
z7ZJLnk~D`Aa51LrwxRc5O$RduN)?r~==PG#xjPtTt!W_?dQx)HM3R$nl~d4qhh1v_
z@Rb9Ec2xctpbVWgY(Ej4+=W|RG7dfe23s;+tOJ6cr>W7MALdFguB1SN+~?sumShC(
zEoU~Rq$JRHx#mf<<!b}!ULjL_cFW*cvnG-@vpGul`x$h3xY7rNGCVSyY?JZ6WF0Jp
z`fb%*RBu9!cezpby&KAtmFw71Ms%CN);7OxlCs}26ijXTMg_XVr^x+m%P?8FSOjEw
zxi99u2T<9;0sFB$(o`--iqsdN+k&N6tbmMGCH;;($1$@uaQ6&M2TR<PNmH5u#Q?sQ
zrhOyR=(QNuWd#_3<3ES?zZ5gz@RM74^+SAbxERh<Gbs<q?<9N2s?wuVdWQ|b20#y=
z2_c|3cetcF6wQCTd|U9*el>y2ts|adO?BvLh-8i65zG2?b|RZ5x*uYC;ug-yIm>_L
z7k2n)mj&AFG9G;Ubn^KoMx!io;%2^1LkK*<=?RqgCl#tISKkhB31DdkevZ!JYn7^l
zT-D(iUZCj~YdA-4zaE5ozHxA9k5~^VghxMdZaY|x@nevYs$~7~O6HxE<H{}`<|8Zp
zj5j^#1FWrB_{mPJLr3Zl1p_WKUpm<z$@~tbZg-6K(_}W@<^SHQt0;9Hf8PDVJS|Y2
z&OhLtPH)W|!LA3B-x1L(n~^;EHfjmd9Mn)_F-Jmi&JTeC+QUUIrwn$6IzGE5?~<73
zikWv|%>D2TKA61$f`vOq=M^DMgj)8A!ZG#mx3jY@9rBG0_jRWOWTaU#s^ILBHl~yR
zEord^&naoxMy2l0!(@%!8)hrAo_-teBsO7Ua?t=De+-#H1^pcUGPiyaOTI1N*8LSi
z-7`0OV&a7K-zaQ=3cI{;heoTYLVt?ZAlJX9Mqw}gJqnz&979vdf$5@O*94iuHsFG?
z-{W}aglxyD_569~T`mw-PBX#SX9HWoi3lDW6+$CU$b!j{HB9{yRHJ?pRIW0&eDuqN
zWj9+(o&kShwz>}EB}RS!9P>?WkQcf!S#7~;MIq$&5HH`cEbxx($KB%T;+wTmjI!Q1
z&}g~J-2u|eP8u4#@<$m=b$2@uobSN>!x{BB;x58M2XagzfdA)Sr19^)=*@kSYf(2c
zK~j)|oxQO)#O~kCy5QAuk+qjbWDt_b#r=R@s+(NaSkg`zG@W^$Tz?ug+G6N&<MbK<
zCh)$~XC%LL#SP6c4(Z9O3#<Iy+16(uITR>bOy0~zrN9tD$FT8Jo>4qN>#AB>5e@XV
z?_~xs%t%=j;x;w{5l`?13o9CU=g}UAtIxkv!FD?ApMK;}>*<V@Bz#%#boeW)>2$V5
z4QgVb<a^gV%Y6%?^{y}E%%nF#yi*+ZI_v@))G1>uCJ5FOxpH$d64`No12*hKrEYr~
zw6y8-`TShLoV!LkhWw#CT_V&BLx&cjE3;r=WQ>ejN&4XzmbOy(PQ;GTl0Onl;xgSf
zANeL0jAUMqUNf5ZTJf5rli2i<_$H1wLF}o1TUUGHf<!(AyfV-VQ?1Wy-Ini}hxOhb
z!I0#2Fc&P+Y<LaQ8V>9UJnxn5S_`TvK9wwfI^~jdh^{rOc#xO8f4v0ZscmmMhbx!#
z!b)uTkG~jekq(<B;n9na*Cg%y+(`TfzEN@S2n8m5^skgg8i0cL;5PNqk)@vaR4mU1
zMfSGgYzy9z9%okk^GwAb7q6)j!Y3i|(^7sp`J#hc8Si@cHgb45Y=31ELVWS4?!l=Q
zh55h4)m-O(E|;=YXcMszdS)MON|gS*s0*>qt8i{Ecu+{T`c=E(`D_gw#cv+EGFhd0
z3|12y14S-a`@QKW!{0Pj#|`ZxBS1Pq_IzgIA*M2P2GtQ<%#TWQ6)Rc~#vt!m>Fr%#
zt5+`MQ7EuCv$2?|cVHt9c<2aTmQFNiKPu?0Fvz|){uiF|HyL;I$cByjQ*f?EP%i7U
zds5ZLEtK>h$zcu7b&AkrekzeR#?<@bQFTke?o8GibwEscXUH*<TJ+O?@5Xoyp7{WZ
zHZLx{S{Fw8<%#+|&`nE^dwU?g{CTo~iy6~NtQ@c4qt@1PBPx7%+OBE<sf^=cnU$6~
zzQo5>>br8Q6d$&ImK358s5~WuM?9_vletWmi>nEwRjlNm-$w!|eVSr|qpeYC(;%9`
zHGE3<A43^D%Wmg~<eM0k46j;^$Zi&d@(gNJSs6TfpWbv3o_dV+OkcmKAKtTxchs~y
z)qoe7S$!HgftU5;CiPO$7?piTe?90P{8A|~4oZ<EZfpukCNPuUuPgC?F(5K;|D+PI
z+I9TOpJ+MAHR+mvVuS|3AtAYDHgat5zrWvq^cDEjLdZu?nO@f*BXjsa!RYdN2QCe&
zP`OjE^`G+V$zNf0gQ!MI-`*f^HdyR-n3z*J3Pdf_4iS>Z6$r-*);Az3V?W+6b!YwW
zQ58PTe^$4TS{H)N9J|h}{;|}@Gi86caUBN!<6R#L7)Pr<Qop*w1QwZR!-u&THlQ&3
zG1hOCw{-G$ch?3pJt@7@j{cra<AtZ}f+uH-3u7%lSOa9g+zL%aew=ksxwaFjOrAX@
zAYjD6e&i;Nb#7)lmGi|&$2@K4>TJrFNrBYDVMKS)o~IAqQaMZ@VLPWqPOVJT@;8`)
zWh2mwYq{|wO6zKKdHcU@F0YolE!v?yaM`I7&uil2bI{A;fgZ-)FCtMdDovjzkG5ph
zmx)G^4{b4a`HB5ZZ^PqYm9e_0G%GdkWr|Op)13(jnG0sI0@<k?#)FBoeFK~Y?BrHU
z?}R;$=^=04`?4ZdQ!AD<s?V9jO<ff?M;J{DWK#m^SYCi-2ip)Hm2WF<)L84dE*hdI
zk~pL(`+RdAv%SMA`F-UOG+m%9*EZXZgFW`o8)vf`QnM7R@e!Om1sYB&MQYb8jQiNq
z(!@Qg&!CYmA8DS3SJ!|ul<c%Ca|$}r!|$+j5A>Zpxb^jd3YIq;m<Nfxy5aD$e!zJ&
zFelBqrO7?_$}*=P3*pZuv!q|4Bt`#Eu#=XQI+HE?$z>l<O0kCR%{3hK)N$~Zc!Bb=
zFllxbV>lSjanB8<xTO~<m#QjK95pg)MjPR;mo=Elk#J7SYx?`zM4g@AUR3<K<MvAp
zPyZ2iw+VcLuP8;?);m*;VXrT9Lz-*mTrl!V7$sIFflQ8bXmjIv@`#Q&12;L(ndF@y
z-I*hu_&T>&K`4s7fg5H5l^mib;ytvU^ehD_B1CIfRI~8Tr=SV#d}X76@yGfs;K}>M
z<dAaa%(o*5?CiHKYBv7lY5f@n*OPxWxeH8#)LZyXS%VY-7;e>F<Wsp?7>K%Ax`_6E
zw?c2{Ai&F|eg>_eE3SdJOifbZs|7oY%9*aG8Y8L+n4T@xG%>)I%IdFl?p#~Q4k~q@
z;(@9Af1Ekl6@xmsy~(;uwi!oZ#++@Pp$@It=Zz)bnhZHu|BdO64)7Ka#dR#!D#I?p
zy1TtD_Avc4fhX?4JX#@X=CnU4x1ft5oB_v<e`eE^hzNeB&!Yu*>@6p|n!>@0tamkq
z?sbGpb(bU)ee8Yiun3+xKgv&%N8R^d+ciMl7dtnX?K@HflH>9cNVBX-%$~%Awu^zu
zil@`&hcE8F%bl#U<z`I{-A<Xq33dbQ1DaypN@34pI&F0VA_I3+b{`ceat$$9OTU8|
zf1ytXH|mK~6eKJ>#yBrpQ*}aY(R~AkWw)VffrY5~J7tMWAl$^#6r{e+qeg*E#A}7L
zIY7Q07TA|Y6#LT~PFBrIP?08B6kp)aoD`bN0+mLs7`=X?TYs?m6_(%MBXy|+$bjAF
zCCT<y{c}c_w4{0NzqDbMku!Z49^gH@>@)<rB_K1$cEoVWQ%E_IPa8)4%VA$>b9V_j
z?2g*FD2uu}WJ;uEqK<1Wp!n5Xz8hkJL{{oX>=x`JfGoc%0p(qpTM@je4Pu%VP_vls
zE)@95yxrj(MsFT+Imf-|aa?Sd)l#*zcF7AH8a&hQ9GG7i;H7A_oGGX)b7DMnFPoG$
z#o0o)F7wV6c{ywO;jVx+f#VV*pEK&?rP+&hh;{DCndf}!L_mPHqSUJhnzo)%-0ovg
zcADn2tMhe<1sphUWavTyr1s`oZrcqW%-tW0TYFQuAoCxWhsWcqJ5jjl*O{GhSQ;C~
z8=@#jOHFEz-;t`bRO8kU2cqq?QlZY~Pw}1`&k2X%TZV}1#do2<oj-V2e34O$okc9w
zo~xT25CX`lQ0?>OmTRMMr4Gm1GUu_vi4ATYpN&xq|I+irm1dBI{<hP7bbkV_tIHZS
z1}YyDO&34>8rM}UogWGKwWVJ1{`{aM#C0h>;B|X2Ww9%`9CGnc7}CuIeCzRpCd>4I
zycq&yF<FLL&bOI+BCC5ZcN*}XXE>%+pP^=i?I;SAWYfVOQ#m|l<g$KSqPIIFpg18_
z2}XCN<&-@Cpq^}+)0XPt<@>v9xWStzE=QK^;(H{8l$dsSxX3MI4LVA8{TG5-^8`QW
zeu7>(?9`A)^HHId(nj40y?0qd=%RtwC1BGCEPWSYXv^uS6tJk6HQAS%je<K~X*<g;
zXW*1e6F<z!aOQZb0));+{|{eMpm)s2p}NzIQ7eWzGWGqhL%96~jg<n#wk!uq%bej)
znnn*J&IhcsrXXgb>!X~w<xey$vjuhCkBNa4UtJrWz}?d-Hgi;7^bs-SluH|V@7}as
zSm*2;%`e34C88bAYd_kjO49O1CgT%{KAqFD=46+ig?nlwy<WJi!QyVOU!Tr{n0)}!
zvAS?so_zdE3x*=CI-2)_HCB`B@R^vokPrfat33xk>PSxYiSBi|h3mIC3HmqAv*c4L
zKPgbzZtnHdadlNHvUiOXIwcJReh|mzSzUd7S@R6taZLUj(PDs`vP50{GK*pxjz(fQ
zt#;!*eM?88e?fZ;MljN-_v2R4@^eqgTw_>uXLD-{C7lxmoa7`i>J9Y;wpDW?;01R~
zCfBG2;3bX3Cv)KFxv3oPzizM4vh_|s`aGpE$EG8R75*7)i@F{!f|DQ~eB8f0Q}qyZ
zIrKkuf104qWAPffws<FxeQFpo;0jP}`Zom*02E&-m_2XKbgpmwetkVuPh2MW_&k;$
zMi){98d~;SRJljZt59jL$0#5IQYB3=l~ySSC}E(~r-nJ!DwG_85PfBIkbP>!RxTMN
z775xBguiN0W(Y+LcP-qGz);Sef;OCfKh6FAa-o5I3yF!ruBZx~Ic6o6X55ySwH{B!
zU)e23Mr_HAQ5A1|FhL5Rp64G3ti$c6Qg<%uNa2zv5UV2i+5(uMx-N4s5k{YY(o)}#
zu3IfgYj1tWgbhXd;Zh#)#ijp*m<`>cwPezQbp>IFg4{jkj~iXUJ+M!4D)cB*0L68$
zaoGl#HTpOQs=gvN&c2(wvqc|kK2426-ke!w?T&$OXsm<Uc3f}{$J8*xM$b=!*N5L9
zn_IV0+q30KM$ph~gBqvzr(d;W&htF@59J#U4iWP_2XYtvQ~7{&2-KLt;5f7e1H(l}
z`wm4uyA45tEhtFk2X5;do%^K!aV;|56-$VFVSe;N&-d3{yEKrMeaCfSqVL+w^$r{_
zGHY#yyK;Y4uD|xuw(SU`^6O3HxoBm_m`I)&fue5;DnniEhLfnY@hC@hP4PJ9hQH`q
z$wV5na<~{fW|jF?@`O)Sni0t)vGqL*)KaVUXl=j4V5xS0KR=fVQwe+N%3`qBMpDsf
zQM;O261dcsu#jLFCt!k$IOu+`2xSY~Y1QeS>uOCJk~loCqlPD7Tpc4&e%s1{y9bO3
zYnvfCpL)OIo40Iul9hE@wuWFi><6^iPl0!E@^C<L-(i$dAw0qj?JxzeFRgMOq+ykH
zDwkuL&r~077h19oJY9;CZ^m%g2&Bt8W&+-f7C{O#g^iiQ2E2LAm0}dXJ9<R0(>fP~
zupmo5`)}lfgggy7iHLx&{EjtZ4o%8{UVF*!>)mtTG%)nRh$JmBAC1Xidv}w&Yg^SQ
zRqpm2Q;9;$PulDGdYSDs8=({eiWM`gdkaCV0VeXs%>n*0WL&Pab^ev`Bna%fM)e;4
zi>DD*7Yc^<-~~SONuf+%JR<3CIe?j*QnzUm9QtA-#loGR&Tl9eey$|ur)Kbd+f-+j
zrTrKuAv`O@v(b5Cp({6qgG)V<hmwQdY&q!!W;Ft5F@FbaV72%`xUoeYO4|UBNCkho
z{`)!|3(%oC_$JR%*r1Q_*?(;%{j~0r(3t`!Ot@~0G~DV#@I=I1FG`|VA`dz$6RW=X
za9Pg}aIBDiOohsg7dT{?y`SxOd)7JGKE8*g^TmD*y8kL<F(mOJSwnl83$xv22oDMz
zBZ-3!gIRWUnhA4xJ41s2)w&g5YBi%ldjDu#?oydE)0#d)%WUfvvh6bp`5ujOH;*p8
z*nOwJ04yEvCr6y6Ij6y3^h}?|U6gZnXsASpjfNkOO6VO<`H{p>bVc^HH)#bpW9F!5
z9atky!1erAYJI<8lSHMpRX`85tYk)h9a9hWq|Jc?71JuVQ9{O(XKmUY?eajJb7Olj
ziNEfOiP7awyIg#0|Jgns9d<F!;H!$;wNFhPud-$T4mTwYsO*LHED+~&Kn}*iyH8f_
zk%I+&j$?TCsj0wxu)TY7QFh#X`}oq}7^OB(lF!CFrfU!G9vgq|9`&22gHW&}WeQb+
zY6#F+j)0KuNqzAY%+<)3#Ht70>vE_5Dx!%TVvf~B*6`^HjBkAU3FL5_{-=A;shfDw
zUOBx9K{SqO?FY?)?Y8AQL$L3{dhPK=r1l$2WpYF^l(~oUKgYi!nhodAMcKR?cQJlI
z%7}=*StL4t1wnu@Zic>82u4nO2k<QJb7{v!|MiGIX1@Z+L=<?vqnA(oW%Iy1S2@H|
z1ps=71oHi60($+9h1#P$!Z4Vbo_~#H>oyI|dIl>!I-OR+@8lxmD<pEU)oV_D>f1r-
z`l$EZjd@7ZvM0Q&)GCjg#{I&c1{X=KKP<)N;{uG06TT}Qe*}`0Uzq}Bs)u&`>|ra1
zcA`*jyn`wAxG&qQH0Cmb`g+f~%!UjVD)Uxb^<PYeF*QW_yn0h|h!{D@{yT%Hl2rGQ
zT^hR2f~@tlW^HLL;(ir%Le<buXR#LNwe%^CC`svdARL#@oyon%Jli}%a+;W5J;QS$
zJ~olbd+zDx%68n1UwebBba<_`!E!^z#fR{9Rt(zpP?o@9y0%Ps#ZfBg^>7Z0!m#B%
z0_gDuw<v8^9d7-)XvCmY(#EKw^hcbqnBU!bmLDfdn?Y~XGyPd|>qg8ksf9PPW}JG~
z`awzcb9VNT1FzAL%I7CrqvYIgRtXi6$q$_-(d%OniO{5h8eN!PL1fPfC_Ve`=X?qL
zbU!%zopF7EONv;Q0vGhqD4n}=)Dz>Iqqk!a1&_ev=*<LY9xp~otdMMgQX}znheSvH
z#m`*Oqh|K6E{k2b?1NfXdE0YIeSO@PkM6T7zNP!s=#m*0BdNT2w$LVtNOhWO{l?6w
zan_&+g>wBu40ceF-&%X=dh(dsm42z`3zq4ykam4#OY~uVl|@7zC2J7&nMDoqXV2RE
zTNL4sYfy>S1BQKcF3)J-gA5E%4!4I;r{`*8UoKP+8^j6d*#n#GXeFRDLy=wSfOq=4
zrm>Q3HR+bD!0;uX+ZjGp2<@K-IpYyL{uyC`*%^@Xm9pQ2%;lL-^HMfFw*5fJrTbi)
zpG#C1AI~JBA_1*2s+*Io>ws(tjB{q}fsb5F9&dhy<Snm<rY2{_?o!3SwH~VVU<%!f
zav7-=a`%}_U2#bjBft(nQ;HD7rH$oMf4eWs2%&gL$@!`BEZd?2$Xt%IRDXn3>Ax?2
z`KuRy$!1tPLc1E0yBVh95HptwM_pjyS-46ztL#6KIXz$h2}BD+@Ty-$eGCw*CEsK%
zN6C$|j(*~IK~H}|p;B~9k6nRAu?{+cl+pQPa{<7*rmInYvPZsi-7VlAPS04<lMpMk
z<@0gig5c{H9tRUmk#54WZ6VmakZ*7o=MJbbg63xDaHL?RIq5{CZ;#Vn_<YO4jb59{
z8jBE&wEiH?(Sr21k-UO$q&g?td-_c}>8`_)`yk0b`wubt7e5Zc3h+4YBjV%oXddvv
z|7K;b6A<Of8R`G;>z6FHfn+rd>D??!M@AmtFToZMe1N4k0<7^Yyvg><crii~ExuZ6
z1L_aydesdN)DsRlZ@wZs2|hOX4+}sbhE?;<)fjyqQ;0<*$G9@+24#9Ix2$^j7|@*5
ze?fa()U+Aj>1XsERuq`f&7mckKd6rmGRe${WnN|#=gDhX7v{z24VuE!nYYyM1$kI8
z2X{B-r?M#JFi*Sge%r${C#NH9{(%R%0T#q0lZ1e^c?0<Tq6S%D4kV7uoH+Pu$KrGh
zs8qkW7y7M?rN=QjnnRJ&NEhG^l0^)NEOyHKxteJY$x;b(b<}iLz5#;%1H-yRUMcB0
zHF&G@Gkr>884WBDyfp88?-ys9>z4WXTFSVB=8<$Bcfuo<o}nAXzxcM%_M7s?2|`7u
z5%{a*Bhe2bM&;^UY2s6$`4N-F6u3jb`>a+A*(CkkjT$WetZ->vv!uHG(ZGQ2-TA2P
z%o=P2A+le%i@w^`9QNm4(gBCWTjTUfSgMFN_T3yCtp~(72%}#|o0W*Kc{qvws#(;r
zmHNHOhuIM<As8DY#X)mi{pr5yoF*-S#NEM{C_%YN>-m<`R}Ci=tvL@YWgIpq+iaVb
zN@RFj04M6oWD)MDD<DUhiLkuYgt|b#0{1yWbt~jD$wLnerFXdks7jg#-w?JAo%Z9}
z8F7Y^wi)}k>bxao8sRdedB|CeaC(ae)COsgc{+wWOscced55gvPO8g0MrBx6zi7g^
zzI+)A?(!QKcxEmi{1Qr|9;e51X*-zCjY&+^wrV*czZamxU52gM^uY%{`x&GwuL32$
zo^3aTGSuLOX0pSa4w11BC)CjyT>Sm=;2At&9F_=*V_<hW*lfQDDuO*()^vxA+RM#C
zYEt0vRf)w5;lSI5NMttN7_8vfX(9HQ@kYj{aDQg+N8(s-n%gVtku~bZ|DUP77&Vn-
zoi}cuciLt?DrPT$(Y=vYjS7?(dODQvw<%!1<*9<TLxceo@eNEvZo2!chA63X{)p67
zyqZ-1DAb|j#=xG5enz0$5+ai1duuD-ho5}5y`j?je^W314p%{>w=dS@ioCL&-s0sF
zkuw^t|D<AeFZIExD@}VYQ+Rwghh4E<HdW}Qp!cmdu;>B_O}>3PTU^ORo{&ZyF+x&r
z<AalUnfML4t&kf7L?Hn#YzXCZ&-0ncxxSX7=+sKBJ3}9&$^n|U`!Q=*eeEdp31lXq
zI9lqI_m2|iWT#gsHN2t#e(X&l4XsB4#`Xh_)I?&L|Genboep=US-*K^C5(&j0iIs?
z$m*c6VQ8+7L_HFVL;6>_h&RADW#&u``@YDMDm+4-ijEci`hAqIWEyGY6~<>hbM#v8
zxyzcSxJJ!dD-VICP%1kGSiUXtI>A~6?K}a8z_FV**1$o#Y#~Y#_d;R%;$pKz;qd#1
zLeo${%0sVc<~=>S9hNijRPqfSXP=7Pw)|A3)%tK~(a@TA{_^N$Y3N*03pJdaoHqUE
zZjHY44=FU!6G)*e6MF;?j{hSgM|uTvYBSw$_UnHZ=xzdQ4lkx)11;<#rTZ0dK^hM@
zy!@$P^nsaDws?>V4LL`J03fEMGE3R%Yia39#xRq5XL$H?d>n!T7t9CKl@z{1J2kLG
z4r89jttAQw0GNKi^dCYVfXtHlz*SejcIS-qVVQrAci1DoH-h!vudj0cv<bMoIPsjW
zlF?WB60l!(HM`#*NsmRSDyY#~>>nWN7xKAb=ci!+i?RkcF`1-+KJX6^4j~4+&MxKX
z7~VE~$+~ucF;tn|0L3pt-+f&)xDB^oW_0W1(?%a;ogf^BP$Nh6DAS&~88@^Ma=QrD
z#U=OmLMfjU_JCb>VRdOd<d{SqmOCe}Y{j^ns@Xp`cZkJ<4nIDP6;eb0Ds-ay!S5UB
z^92p&w&Ot!k|LDKd7d74ED}i0XX0RqhuHQYi+#1ld(Mcg**R1-0@geD0KZ&}<Hbn;
z5ysT$B??jbdLYMAz$TIF<aBpjqDbIm6Czx+40e2X>zy_?SnK3#qs|$P^i`oL5NFZd
zEc83OySHHs3<dt;eXM^{jdYbH&*S_s_Hs+xTRXX5J`eckdKq)&Y?9P_%s5tA_N&kY
zFI7La@IbH;c_KhFZSKLP_9+!x^zKLgGE8cV)F<@^VU(PdRfO5zUKqH-{V6l<2k_k{
znt?JU69PE~^#IeX`uA8^>4Ze1f?e|D`tpMNw**zQ?}e`r+k(%sOLf=m$}h=8!gz{I
z*>sQv3Ub~^Wekr~Jbl3a!`whJWYbXpYmU>xxI5H5-m1&mL{FtUbp{9m!1eIXMg#~d
zP<zH|YRpF>S$|e+bHzTzxv9`QvxUeeVZXZ!p!6AEW7V`7^xy6Hx`YVtiT~$ednO1P
z?t{r^Z9K7sR|Y?w?yQgBPe>2~2fcDm>jJCh$@RRsw1~3@LoI8Kb#{8|Lv7dF7>B8m
z7})o1nvf@&4<S~;MhL~s4$SQcVAlkewF~ujK)x}faV;1crh&6S(6=;ePzzBtZ+b2^
z3QOMi#qJOgIc%a~)=jsS3!9!8;`+p$0l5GK2ztNyQwb3}Qa>I+2|PMzC}SrqK%mlW
z0r#f6U$^#+%n^x%uO<Oe<_s$Pg9lV9N;kJpTP*rLnW~{sM2l{W2@0nQam6<w<JKYW
zGU*ku^zSaNqK<5TF!?z9hj<9tn8eU2WQFG2*X?RujyV}`TiYwmC6xEmr)84-ppW=O
zQkuUnshm3pby>9Ufz158a<Xqo!o${@kESwNElUrPKwccERdg>oSUx+v+S6pXD3!R{
zD`Ix|R9S~$75nc;s@WsXY}O{4E9&x$MJ#PP6~bcL!Q<#gnA(d`lM({i{@uI+uPk#t
zopHJupH91Q970ZMS4-#x0#Q^c&=pcZs`w)ueMqdwpv8PYvtJQ)6dC6XwkBKTkeINU
zv+SEfFF&0Sj$?u}BPnb&=>p^>yvM`}p@2s@y8}VBqcXpFBp%(;L`NZGhmUEs&$E+O
z<`l-^BldEWseqqF6>{E?xC<|WCm*xMw<E|m4uSGfgS@Q?!#+X9ZBleu{4@P+E+OqU
z&jqyM<L)SqZ-HJA_$Y!Alx;54|1d&t+asO=+X)!|jC9fwZ_bndthRa&_}1YLsqpA@
z`*o0DD;!&hWHvnBnr|SXU(`SnVzQg`Y3%{AQyA<}KDSdHygvoT)JCpz&1}^lAlmb^
znCRREm6q|97llg<9??$*l=;v8r2X}~2<d-A5H)uL0>Jz1ZE<M#KPgUsmp|__;Z7eZ
z7*Rul>D%(3hy7SK0BdB+8PEf(`Y_ld@nKRe?^5q2fgB@Bh&#UgK<e{#IR+k;b8o_&
zXXx**yc7lW9A7;uFM!vt*SMYA#=YFMV=eP!VZJpLxBs(eA%mIlbpp3F_0AUXwB5lw
z!GC2q(x+X2PsyfoZKhUHG&LkyRo9h52YOCS@G|ZxpM$=T9^%DBqe~Ps!v{E!kcoT#
zNXYHS>wc|+f*%pJ$L*h)Qoqdgo-7*b4ZLBPDgFD*hWHd~)!B)HPCvy>QGPu~=cQcQ
z-w_g2UiXNZ?mhvf@)8e^e|4sn7Hm5mttnoanJ{Dxh@0guNAuz2Sc@tLFtuF+XT*L-
zTQR5$|9)h)uQKS?LipzLlz`a-<35YV{RA${>sMCrNDYD~2<2B+AGW4y@Z?=C6Il9V
zSs_PT%b2<~RunQJsasKBh7Uj)BTlhK4Z%66VSjL#vJiE;X`S}8&zw>z2~ctW>S=?R
z0OM3(!*XA#56A+qh>BB03HdoNq{;sPK>x0}VJ}_)>1KJAHL2aVBt3sZIP~sLR`W<;
zTpa!++M?u}2l6$4t=l<APa<zeE|a{V;$R%4NUiLKac|N*QOBb+FGzeuu5A1wqulq<
z?WrDhKYI%Eb3@zH(QzFjmjZ^$9v@)OBf59L7Q^3gu1MV=mA#&?DfvYDczd*g)x5Kl
zrg9pWoL|hem~)jhz=AIZ;;_M0X|Xv-M_M%feo>c({*6-m4?i3quml}_*8TC%XoutF
zhfOs1y6}?&U|!rKu2=2k`e(Tp>xM(d!_)4elECbG66gieS?T%X<O8M65;|t<88Y$Z
z1C8R+1Whi(3~|8pApgkj^P518rVpe&DKCc~wSC#tsG9XMd8Ycnr8k+g<KVGZ!T!L;
zd#&!6Vjp9(pN8v%)56KFQ};i`FsrA#hUqMPzBf}t!!T=h$l8EZEj{h%yYSjM`z7@W
ztlL+o(%l8F;HNG)xz$DjD>xz8EnAr0Fs;<4_Vl4&6~@g6%et46U@3Z;5ksE<(}>8)
zFMYoWt3Nc+K6k&yej6MTZ!-nV069w=#<jBRF-bMr(RazZX$|D#oc&Yst-tdlSb8Hz
z1qkQ=(T|7!=*JG@yAG+4UR9-Rx#E`J<MIYS0G<BR44w+Cr1Jp@n3nBg{-X^cQEOKt
z<J-$!g;R(<I34B}FK}#TFZ^q-dTp828zpD&t&dwU3pwFNGppY#wk9Up9Mo>G_ciE1
z-Fr$EXlR0Z%IQD@kL?kJ4e&p_&jc(u(JVaW@IPFyRzmtftnVZ&ad`H3AyQpKM(Cg|
zT7N6Eve|1HK|-;AjP}A?G>_qs2$3|4@g0Ry1!~14m&KO=^IdB;Dq%X3c^4>dpz=wi
zY@to;qTi(FGwAWX3rA!oWT^*7WuLz=ySI`g^TBg@eYfc=!W^8qIn4>&g^hu4H-S_x
zHUWy{$C2RW-u&PW$T)cd5C3<V;fceRX{xNa^5Xn19C_!5FU~%bZgM!YR_!%qqki6<
z;e4Y%d|@qkllyz%sc(0$$OX2h`D5N${N{hw(TO0VSG)iQ_~}0v>(<oDV0ZonBC2BT
z-6l=)HPT2;-yAWL-vQL4>(x};B|Mf>qL_m5VpeP6&7fX>cVpZCoc0_gjmWo^n*;}h
zrsb5w=Y_VHL?t-D!Mh|yG|;GRy!H=f__thwoYbP(<J{-LZA|QCk`WmL)!G8->?bWg
zK?7CNjJ3}DB9AA6T>)H}{099EJhLn_kELrIxsrW5E7sOrN(sEyI$q%xV;U2AHbl;A
z)L~C04$r)Q4zr*u`rCyQD$VxZH{TXCnjP)#VUKU#3dmuo08RqA$QtwYrs`M87sIFL
zN?gP7{0>a%?B;uE*GsMEbUfQW7PRL9TJaC>eS;9!`2+7sn4c(=m*=&}m$`e8WR#zz
zOjccJ)9tKg&sq9I=gEQ|VLcGeOn+VG1_aYLtADY56&X%(Nu!rDIkEyz6w9+}sU)A}
z`G1Dl?}1dI-`UC=&*Lx%>TagQZ3zD3?i^i#<<(wS-oBEB$5N4Wo(jW^&-+$2#SP&6
z6AVv6xhk?_OqOegp>xpO2ZF#u9nlL=f*6Y*aS2#fdD!<+m)*jd?Xo`kg0R-akAQ>?
zEA*ONp>o|~zn=f4UF3^%t?{urh^H2iAZ!;CZ(!h2E{Voi{*$xFqGoB6j&Zh@EI2Lp
zchT{gsaNRI0@JKY35w}miK1xq#x9$vUug1vG84^$8UfMOYUZpo#V`CEl62Gh*8%4v
ze&@UJfc$wyIxA_;!DtU<<nkF>E)Kx`{<+s{(lcmKh?vi25J%c|`=2a^A(*Tds2Jy1
z<Hy#mA0tNVmiOWNzx5?_LwtdCv(2sj$gK3!@%C|{!Wi1{{2h$(&?J6#{W2E_%0j%v
zL8e78F#{B39+H5kd5lUKku}$M5xevEJ^@U9(miXuL&z}lRxxeF$c2Cl8a(^;&@Dsc
zZ0~A`K0yIQ4e7OfwNP5!ZAVNcnWS0#LOltM+6}u1!LfhA9FBdEqIrqI0at+K&xQM?
zuI*`nj#ZKJ(##dzyQkM0e(OB011SfQW>25i`bY@TvbjbD0HQ|?@qYo+@N6f@F>Eh@
z1deqNtph!{=*!7y1-p(!*{}u&1Vos-XyN`1;|t6DQIT)Vhw#pNlN2fwwGIAH<Zu9H
zV02p`@EIh~C>bR3T6@o!+D44D#Qtx%VPi&U;X9Y><;L9`#44Z(kB)!(cBNX~PkWJ%
zAPewusZ+1yjGv_bpfHCrKXlH$ffV<V;I*fbxt|Y+e_~mB(^17QQZM|-mX2*~#i=gE
z|DacD6J@;j+Y2vHP(DQv6aL}X4X$`P7Cv!>C}PV#f|#Wu|8#qrI;mmfmJiJN`{@67
z-thilrbMIu(8@-C-t|5funm02m((f0@&wajRJrIZI&Orh?sJb*;ZEoLkJ4Avxdmk0
ztTYiDn?}0xmlaB;^No1COP#IOAnJL`#$@0-%75L8Ti}OG(y#l`!S{=hoz6#>&l6s{
zuEhMR0M32P|A8Gg`)}Cc>XA0)|3B<-SG%v(KNlNgws$nOqp!d5HGQH8IVp)reTaP9
zeZ331d_X+mJqLsB9AtNwnhxG5nPSc0Y2j6PM$N~LQmeb+xHXNtKAi2>p{S|xtK8`2
z=~pcuT+@Of8IDmFxbkMTLczPIitYJIjC!D!S~&6huW}Q=+`%5ZKCQaemoPGlHrWtJ
z{qYs|KYcz#?6IBiCR`oE50}dGopWB6RvkwAQgMAmzBG+G@?uj3$ILxy<7CdN+uF%M
zOclyW!;h4&irstPu?c4HXx8KN?aAubmZsx9ZQgDa{~$%-1rgEhkgP$g{~`|uCy)zf
zUFD3f$iv2X|0nXWrRBi{3mnh9r_X)!cRy(o?ZCv|E<EfN=syon)40K&_db}Fghgx3
zj!nD<39<@gL$gEn(qa>vyjEeSJuj#Pod+C3%FIdm!A|K?<*U~7a_K1kkhPliaGa3j
zu5;QRz{(s-a6Md+C79dj#~jHp8&jhVP(0e!sIdx>jJXvl3|N#lJ0Mj;n<-4w8}f=}
zEDNdOAXaZZkyjSSIf#h3*nK&H8qSe@)&#pUVhwh^vpcoYcB?cJLhR8ByFckIGef=B
z*f2|y+s>W#!XusQ?>@5(4cdI#WNCh`f|4X4GP9b@FnUIP!_18iQG-B4y+EjBh)HS1
zI+NnPalzeEpaV-apBnSgJL6<;qQ*NcflBz~^7~Di=_|Rt7oK#aTfd3N^!p##Pr`OU
zpc=Ev6IFjqA{oi`R4_2Xx_d^0JiVz=UW@fbumLTsuj{m1S0~*Uqb1ef0}Qu3xJa2~
zGQ7>PPZtm4fqP7OQ^x&CF?w)5#@>u&481q7K{NgEUGfe>{f`)5_59!A$~Emo;uy0U
zngzUrmk9giaZ6bJ=Bjz3;+*(BCj&&uiuFlD87d<vl_@If6mb3uEk4MN?asKNm>#5G
zc#T5Tgsv`6D96>gl_SRz2RMX(GuBu=d5bFU@S`pA!}4mHO0kpp5V(`K_{;n9b-jKR
znJF4vkO;A++#zRq=hcX)2ivrse1sru@6-LzQ|qnYe;hl5BEYdjDb7E;wyv8j=<*1P
zc268o`9wG#Ib;8qjO3FSXEZsIF9Xm;Hvfe#`V0XRR_mO5%@4EvsGe8LJ@LaFo7<)+
zRV!SOn0p#g@THl92wUrYS)P;)@F?E0AA-D-FqV^g=9wrb0gV*Z)~bjMdLYP<fmuw&
zEK_(#Q|)dwoAd5BAD?!n{N=U+w|kkgRYEr3-2Ex+OTg+_(z8HPM_M9x@5*@F5Y9%@
zlTYrhVxyX=5>Coc{8(jw%X?i2QpMbG5Jt*L`8MZGzA?c7{B}SlEd<&6tS`}e%$uY@
z<@g?_u9}%w+6!RKVey+4<>!tE-dFC4z00YGTr@BC=)6yLbCH|OA7<?2Uzv_KWj-z&
z%9&hKOl|J3WiRBfbC%JYs<HF}Cg%K_ZwNUa9{VZaxiOmY|2_qVe#Kam)MD(aS@(YF
zAFA|p{-eN9U;|M=mpqR|yKg<T7pLJS$P#rJG)1TXj8RzZLNVSymrE7Gv7B=DziaNM
zY>-Fx9H|-}Et$~RWBg*h$?9Be(t51%_CUj0Kj4JlB60P*NkH;r-hM;=AWwt7cqvo%
z{C~$5TLsrr!*40npwne%3zT)Ee_>{bgTdOZM~RF;WbYO&K$)SEJLNT&*Ro)P8I;AQ
zD#{mtNkA<G4GgQcvD4B<fEXl>PQK1eXUuFOZl1d*u9^2jQndV1RhW>~ZzmLeH$Bc$
z7W)w5<<<772@Py{FM}yK-vlmQl;E<nhqIx2rj-)jFS>K<J`4H6#Qr9v@WSjv4QOqS
z<KDCb|JWFt=saW?74MiWN-`eA9q|3r*7^sp!__$<5(_ys+&5wSwBj;Z2g?r?zW6NB
zXVBMaJ9kFN{EWcjLO+hGsO(DNlQxcskr^MRZUzp|S67>mbs$~-gDi$GopptHS^noK
z_tUqcVdn*2hz0dTw3-<$cLy-(ajfc{@;^iYiloI&R_C!hxQpqpX&4ie<u0>#OU#LX
zB=HhZEX_ZLZNm5uO_=0?i*5{Vn4DY*i60A@1KOrn75x2Xm}5JhcZ3U4`f8&l&#_(!
z;T;1;VB3ft*iwzE6H*)lBH#NGmJAY1g0SRcSKd^3pm-kY{V^Ur)y#gbhVRUIO~P2d
z?&@VGu;$TQm!6BgIDt$8ZMP>C<dhbjlRKu-1Fv!cBcwT=Gq<>asl|RZH98;^QI4l{
zd+FQ@gp>sSgp|wx;8nHcdv2{f@^Tlz3_jvB{n0S9Zl+?b^fy<1cV=MVHx*6#0|&Y?
z%9LKwjVI*tB0%@mmgm_kGKR<nDLY#r35)h(P5GR7o<j0yTW-X+qz|VU5(aaL=Y>|n
zn6=Aq$(L(dytOsZ&x~0e0rXpSoza3(g&&5*Huc(81p}?2Tw;Ca2Uu{1a4#0-@Ub}1
zRv(}bhE{A40*VkPgNxfN`f`;-U<&6`i_OxJb_%Yv+{SXNB>DN`NSf$~q!brOl5C!4
zq9I)3z3n*M6*<zhkzJx#Gu%4v#6M#@WHWly740N!OCCOpVLfelwMsm=;sX*-ZNI*t
zD-;c=WfMj?Tn2PuE7x`Nb#5}HIX)WVDiHc%AX!Sof{EfGo-u_K4BW<gAZ9mhEdq*?
z+yO2d$X~NxA?b~1xhdH4Pvzgq8dYLd+X*)!7+9a|8;=~ZU+?NRmT<Qlw|W_DLeQC%
zU0+7v|2;P*{i^+dmE=p&gZ8dUtL_Js<@$N8t^dT0#gG4@jPo6E+Njn~r~+j$`9cB8
zIAZX>p^WqLd6OfE2?(VYpPQ-Ez5V*dF4JuY7ooF__j^|4R3xTIJy^dli4P0#mN18N
z+x%qYI0&cq)<$$6hyv;OdxU@!rRWbbvo0E(S956$Ocg6S@p7kNoj%2KzPUgh#AroP
z4w^aroS_~YYcYs-zE)^aay!Gx(4LIp1^y7?_Fxoq_}Q!7+q4XC?^spAau1ZwS>bOf
zQk)wz*b1LN6Mv|1ne8I+B&f0e%%m$4*mF=L7y}crGO6+jFLVNlj>gT-#c+#{tt_AX
z<rug4KfJO<oKea$vuf8*l)KHGSgc-BSt;#V5fBA5x**OlM~Yy#PSSk$xh+)G^(8!-
zc?d_n4HtqdV+z5FZ-nh23LAU`Nyxs&vR+O`zAMS0eoJchRRJ$f@iKRpD&(106}o^`
z<>ru124Te$B*?l1oUX>|R_C?dK9Y!xi=!5O?R;D{?qmEFl<PgT9n=$wbQx~P87Nn_
zAfWt-pam$dGo-Y~gL`rTT*@i1>*izFplQV4sRhw3g{JS22h@-BBFNn|YvdpWWJ;EG
z4nnpW{@OGlXt^tD96x}|=BrlOqm|x6ZC-YonS&QdX#8QB9R)TT^o)q6Hr;HU=l<yg
z5Fqah+Zwhik#AD~7vZMHV&=_G+wH(6nEf?p40GLL?MwGS-$c(m_Q9-ut?BO&xz&D-
zZ-7ry1e4<1s)oe({d>Ud!jt!J>KRs{vJb(HA+}#O7g<*Zm9rJAN88w4oi69tYvVhY
zt7C^w^-y_^hGWE2)`sV5NYP$-C&bh4G68hVx;^Z#23u@c-2i+4#V?snV>g{oXq$B4
zlQIbMZqc0vCi3piEQEVb-^>zybra+0FwmfBAQ`rCwTItj)UQET2Ep_h89rq$&l0Q4
zX1=T#*Kx<;K8h9Hgs7(3<%a%_SrPk76^#RtKmb*=s81sL57F#573ezHr=oRpGW{Qf
z<j5;RvW=(c&UcTS?RPwsr@bHMJcC$rtTbQDHQL;iWkSzq&eJ71$bDhr#tl8Bre@<r
z;PGb5rJJcuCUIJ*W76GZ*;wsOB<aP_@pHdCB{ep>nJp!GYM-iGxhax(Bp!I5SpN}n
z(^N8NJcH#h`5jc>8tpVx@w>j2^2QNr`PFa^39GhP)JX#kuJG6Cy0#m`1S4{yS)q~w
zGZ(qCv2tz@Q$1#~v-O296U*bpkZeXGaq!8+F?AdYu`N3In28kllFH+7u-ebaV_Kr!
z;Jdhr%;P(a{1T^!^9&G@K~*c!-edXNTaRrOUyWoq6R*BMLQRr3_(|tTE<XzhFnpj+
zKR3|8X3|FzK}cJ$Jh1ZE9c?w80MTi5ZjKSOMTxd%0NMmCorpW|#msjxJ|kTom~V;9
zeiLw&3~t`~#d#%t3``%VxZe9c&5fm1XL}o$g8yOUR`Ze~cb|{#$2BnGi&voUod`}h
zu?7U#`)5ln-l1_FYI(ieOgb{~4Vbg1-1CNaW2YSKB2&SO?-<^4O6-x9SA6ul*~{}j
zx`*@2pxAF$k!WFnvMB_2+P`nXmuI{Ocj>%WbB9rD$UzX-9Wkgv2e<_tvM8D$XNy;N
zpD8bi026*h)JQ$u%x;*&S4`d`K&<jz)pdS#w-$tk=(bxKwe(o%?4-f+P3<$eNVqoe
zc|3eHGFCj57PD{b{MeRT=Cw4p)r-FbUAK|AGf?yeZlIZpHkALt_zAOJY5Zz}P5%~a
z{L4Q4^IPatZqcz1GDFOEt$~%DFRnyeBu&4KF<ov3kHs$NKKo$#$6jF?bzaNKM^$%S
zD@|d*{eu7_Tdx+Mi-^c~phJf*NpF=;&@(WcT$CgJ{bTio({#}urbbV5OG^hDRQuB&
z&=6`Q6P6>&*kGkW0GHzhe+6DKo;u$ayx*ogU`e<wk1vA#7ev-vd5wFnqP-QL3|rz~
z;N-M0h}}$g1|9xSw&B0u5z^cMRdqzh;=Sd`5GPy!yE4XIv53XLLJlZA)3EHGRw>q6
z9}liI@_cgJQH*E{<n7tt$cN@^+y3?~=8~3J8k3`#%B25n@%qsT9Td<PAI_R|wzlpq
zbpIEx!I7Xd6@IPq!>9(GKwwPS9Xv`?-k`j8dC7y01w=C@&{l6fKAdOKsKi%c0l&C(
zh&w1~KV2K}5e$TRny2ommvT3NDGxwGr5<B4Yq60mTtQ7TqF%R}{m15iy#d(#{b%eS
zrT(8`j#u150Sb?OB8D6Bo;9|ythyd&PosW=g=J-ZuU^1Iz}ECVoo5Gm$}`)Y|NM7c
zqs4!D%Nd1Fb^??fy0`ira>>+lGw1L7Q?v&foLH%Ts~KeA(M?_lz)unvW{nqAs|QK|
zCLHp_<X>K;_h*2+6ulOZ`9D8D|Mi`)49&n-cL~7gJuJ8cLd@^h{YB6^_eM{pdy_$T
zn&2*om*d&4{JcG0q79e@7;^*;ZzR9eUKvnSwwKW+yMouU80uf3*1kC@1RmYY!WzoP
z%=mmeI_I(f-FuR|-<$}pi+{VpH1zc|mH)j5fq`j9vzs<YUYXsz)}iX<4ZmUxcX3at
z;9;^1oYuzB_~afPl#4u%8L~cg?R1WpF?%JQ<)4n}Yd0RhkGlqiIQu;h_X*HYT<B6_
zG+XfAzfbPki>Wo&gv=B1c~dD@6zk;$|HyAm_iFvdjZp*r__W6XEHrMUK0ZF6;MEX6
z9sBOzTF<jL!YsmWEPjap`uX6G_`iSs#_|v*X81%%4@hK@DQ@MDza1PrdzY?HPq4xl
z>WfP%!%m{_*1XA4GIaY^0b9gN2HPjAA0IH#L|1g%coO~d!{0x>UUjW(<Vmo{wSWF9
z|MZOhU%vf()1yN>?uFagT~KfxEn2dLM<L2(As%qTcO0e`eYW3GVYb>waY2fm#iT9#
z7>kHh)9~z`MlC)i5e_!>{p;89uU&o3VdmZT-=$Z)aZC8x|La#H<2Ahu3l(<uL6P9v
zAeG|a@*bs(0$K2n3mT0niD+q6{ugU+9aiPmtq*T&Qz}X$CEbm5C{n_rLqb5hMY>rA
zAyOjU5|T=X<WfLEx;vyh79A_TxkTTy&-t!%-o1b4{Nn`z&zjGiV~lx^dz6}j0*|yv
z;q&LJ=bv(8hZ(#e+={B?+P~Y+zwCBo9Z%m1@u0V|xYrtkatcqHsaY}kon;r1_juUm
zCUo~-wzhO8`caFs{Qes`%**ucvS9s#51GD!tz|-2{s7{X`SXNIA!;`yZlGmxB123}
zuopMFJczx1ZOvx^@DjWZ*nj^0t-Aa9+Vi_4Onf9Ch2fu{`w6&jkO@_M5PR=>;W-=R
zDlQx6MG@w#SFaX{NN&AW>mI(wseAF)!HirUyx8J)J>~a7{o2T%hxXrny?6PdVM5zw
zy%aF5(XrNR4-8=w91_>!=3qIOfPwb5r?`PUeW5pBa{QLO3mD1!Oa%G&0{1Uje5Q2q
z22-uf{0Jc!0pHdnbC^KZXvzwVB{nr7Qgr+=<u5^^CQ!ozOa1ji|J|bh`u|XZXFPrB
zu7(pjwa+lymYVm9n23PjqDkg@#tZ)6OQymsxtosTpC}9e1#H69L<X7H;E-#1Zf2zL
zTdBN)2Z{bV%Db4Q{`em^_pj>&U;n42k}{RGw)FO@c|u$zw4VO?>-|5_zazOltQWxe
zU;gxe`t~Uk&@KMx00nih1H?>mIJlWubFf#$9k(HnR~LeRulE^{bZqN?a%NIEcN11r
zYl|G%f678)cYEGb-0RnaT4hG=U$Ocv;i4C9FPNsv{!0q~r=|YhEh``mqWlkD5dpQ-
zGBH(Cvk4K=2yiwcBl*+BRQjsu;Dul6XnWxz!N0Mlzcm^2Yd=)MgHNN2>?VMi<u%C=
zw~O%kib#vpQ8Ni&`t`_R%(>ZpY`XQg&E_B2ql7@n(&VM7SPk#K!zCOuGv$LDo3}XQ
z;@~`QZ3(#LnTPfB0B@IoO;&iUd3XEX-!_d1<v*HapoGKK#XmJ%i<&S?hGkhcl;mDQ
zo)qK_?*HAgV_RExb}WG1zy+IpO?>ctM{bM)v%yfp`tIoOZ!`)caxk3riHAVsNSWkH
zcz8LkHpw7OUTFO~{*t(7`p<Ojh=>1);Y<4?AmmV-U`=85;%&&IAhm9sJ1c7Vzs?Cr
zufqREdR5F@aB;7J^ZLJ*UVsg}Z=*s9nq&f;RbJivm%`n>0R-*yZ;}5yYVn^81ToW}
zS7PIyX3{mWGBA))6B^<Z|I4zkV}o1Ejl=}!@7}-Q6jCtS+{r+z5yN%6H!y^qo}NYc
zSP7eu(6l$>`mfc21;6=!UNDdYa3SF}H{JffHEASFOj+hcHygvG@872dChgvT>@eru
zyZ;1*ARb^;t>4YT;HQAefdRk)JbedhU&wz;Z3ISYt!~Es6RAxEQrit7ppyk?#xQ}5
zOPt9cIrQ)b6I08(`&7Sl3Rv~qziryzQ8N?+P%x?0+NzJhC~!c`MQ^hI;O#qL`Hz(*
zU{-2Rvh+_@8Ua@7E=;g-_b2X32z#rJv0>M)1-7<artr$cKDS}-FgEP&{kzNmz=o-S
zjfK$<e>{J3+v7~SW>x`)%S|#<>Mvw|Z|?tg$=V6JOe_jz5!l9ZCMG6egGbx$%bxG%
z1!VxkFW$N+ivPE9+z$`TT|rg)<jT*xqUGJYe!4d<e7II7bkZX05jPoLoTHa#ix^nt
z+{}ahw;%lnSji10+s6z)iU4*f<B4*T4=R2ahzDG=3&GR{=Xed<99*0PZC86ee(lfS
zP&_o|9zus5*sA>mI{-nn{X{!qYTe#1FWdZ*tjBjSXlI;j<Da0NxX<%k5K2kk%dsr#
ziW7{v$V*s<eWRsjDg6foqtuSmOC#m8%1P(1Bl5+}bg6SXjCA2QQd7bhB*t%#FaHCB
z^ymh78S2iaK;w>p>r~_8=_SX&@L&9S%CD$jp)&(oTS|BWoU1%Nzfk_V1Xc)vi9(hu
zT=@qG(GFXDt4YR=MZD~y$s9ciY7+0if@oC0wTWMQ_YV7RLY~48!oU3<pVKejhE(L@
znPf`fL#ax6qN-z~W{GgY^~lrA^=sAV@Bu60@9Qe!K2Rv1q8m)(dpjdhyMIN?S8log
zQp~$b;FmbBZM^&!%>H*@9EW0VSaVuP#qw-1{UR?fo9UInfB<kYaQBwr{gQ8ejO^Mx
zruq9@V2s%U=3iUDiqRjd?hWp5|9YYd__?d}i_3ps(4~IL1{($rAl$M8LN<7L1q6tI
zukgQndklCxI{?$%`rl^(>RH`>;|_(9go!C|#PdO03s*qZBndhca26+0y~k@KdUt)V
z{qmK*OK{_s*A_RJlE@WUes5AE=5jY~zs>#Yi2n{UIad7PM9OrXM)HMX49jBG1lIM9
ztWvYq(M9z|l{C=@gv?>pA%s+cAsmX7;^r(8CoR$0R;}H6_*myY)3-`Kwv-nyU(WLO
z1(&}3@LSn2R+UWf*^6J_{}m4ZcVGXwf*~MmuLSEmW$GlXutk#UN?4wI4+U!7QFJkT
zO(i_ogc1>C=D&>+9!9~h<UIZ-*X<($&&j|LF0rMrI1;n7pmV9kchGcvOq|g+Fw`jF
zfGzZ=_pBc19C6h+Lao~<oXq^UEBpWUaX(#rCn9F&Hp^+<u(mVQ4aPFRpDqTS4+O%5
z3Jud$p{1qWNoad{k>c0E9VdhRJFcT1#roSO1>64Ob1uk2VKFhYt^7-vOvt0)^EdH=
zgb`$<kaFr@Hpz7VVe(sp5VGKMLRirJ*4w}18axANjZEq~<<}4t5u<bXxjO?CRvg1Y
z1xbUSU4{Raz2kVyD^!!{{)1O=1xhY?>w;oR8!M2z+|g0HNEQA1T!1#XAYqS9Om!0~
zn_B9<cKZ#e#5D3X?!|y^DCt~N4L(QKGmR2NY;#KKp_0p*dd7TMr+@4O67Qbhmb&tH
zr=TCo^BnWn47Sy)<=j~1bHYx^ffwU{`zi0CXcu}GRQ8GX;18P+{5|{fnG~#ae8AL+
z&JpZ{;@QZYY~&3lu5!T`m+=Z4o2Gye&}y05i#8lZNJyxBKj><XLG=^zJF`_O1VNYA
z{&<Rq#e8lq5prN@2%RtYo71^ZgPbkf7q)GIkxRjT^eX&4*XD%qd-@B1Z%MaJz~Lm6
z)N4Cnj-^)M`eLU6a4uF;c=QsTiK$tHEhP;qZI!!{tFz7IBl}w(%(HTFbu+tw9=W++
zUIuB*(#f*0vAu}nGMv-&a^%NsU>xD@`DLxEgxSE#HG57v=U9mS(2>D%w8Di8Qa5!)
zk#06M7NMj_txKK1pvk{8_nu0BH8>6)%8O!8AJc?WiG7Q?rmg#*?^>R|GPUj+=cP<A
zT1KN?E8lv5CCc@9hxY44ZcnCcXkS}Y*6Q?BodBr&e_eB99xVLl$p_usJvV*2s+fgW
z+dJL_7Z<g#A{jU~rmI$i7ylM&n#S0B3PrfrZODFFY;H=snW>hHaA3gYXhv#6FwI65
zWEN+E2D-fn)n#wnmlJza)0--H?1nNq4N&jK%B7r>N7^1RUd7R}D7b0Ka_-nZPJ331
zPN-g(z8Da)b@Jl_6kP2qG({!9J?j72V9NbO4fK90xE8=+QggFWO!&md_u|D%m;g6~
z!%*~9&{c9dFd-oO0`jbHkv(47a2d>(>5Iu9U~w3C6)<TM9<TF=Wc7&%yyW+X@a|{c
zpZ4Z%(+#yF8tBNM827okks44;2YI)z{Vlm82nLsTNVDO&o53nA!hIEwpBVy46R&wy
zD)AhbghK(0TF%JJ!&WM?-CN?!*Df4(oom6l1uD8QNe^+O7WB_0|KPZUbN~F+C2xYY
zq~nseT{X$PV9jEh1fHLBv+3VS)vxoG1K^`W?bIBD+4K@H&V<Y{A8;n_Fhf2V!!Ee3
z4JMkJX4?FC_uTcUn<_U{{ev!Vtp^&kzVjYjO(_h}%GVrNco5C{ut>b=<2-4_lPT4r
zveOjml}n$k9{=KJALCqbLzlKBP|ySR@cBzke|q2+&Ga_${H<H}7y_1<9;K%Nyb{1C
zVB9?cE(jR@DWRMyn966>E)AwtV<gD6_O8QtMHZ=%HPZk-<)}QEZ<CoNA1S;zpp>V7
zK)yCsE@T+mpoly>c>n2>aD%;M?iHZ3<Yc(Nwn7?+J_qm8H|&6rCqI6~%wPmfsDkI}
z-x7UE45qg-k0ZihdQzq!yvPtx)EDbyVhYN_@*hN#T5nHJ0eSMA3N3&9g)~OcLA2I;
zk<a3Ll5&vwbjhrcewjJ1VS~4Jb(o-2+nWrnT32%Y@+Ij0(8JJ*+^gHbyzpGTe&yT<
zLNG_JDOb+|j-2$(o3GA5OZ6j&{``d~|L2?OGY=5gYgzo-YCn&>?GJjLgq?&0&^bIw
z*ohCcZw~{hXVT0nDZLFWc%=TE1K<T9zzV*R{syuQ`n!^yh=_?9uLK`$O$~5%gn$rW
zcBvV2FBqj{z4PO_>){4@yjO$7O&|aUDsAV4{9{gx01OwD-@$OPx4)tRlH8Xv8~pzv
zn@IZS1dNIrkw-r5IqBkFZ^0Ox1x=yOxTAbN^FRN~&HfyH1H1^~vgvu0BU+vBH2?+~
z85!TinGV-S(%a*U71oE5GGD$Jf2x10m@t}g-yo6MBW-f9%E71LQT}W3h=_<B$3`O=
zgK7sin=H-TZY`MqrSV3jBL+Qo_)e!`?_c=A$-Hps=O+U$tQM_nH#Bw&LlnG~R$RK8
zpYL7c8*|6ZcD$B5>3Vu?98r>m9tA+rR~fH@i$E808}#1aw+~N>(e~V#*<Gf=nBq{o
zXCgOtXfA{qqe}xVZv62aEqI|b{lWUFyLTPlP?4d5pzTmWYz1bX$1UrsdevB3{{N~c
zh+rU_3BshB=O?(3_0vyp@h~wR<Ff#|N=roQ@e=f3S1K(nqWK_(OE|>Ht(kMRa(jn_
z_=mjN?_K~B>OXK2E0nPbmpe}qwx%1h%0?ymE!sIQhYYa#on962>c2c*=@Y-15|w(F
z<`21qU*WQ6UKiI;X47wd@TPGI@fO<ee#Ntl{uYr|quAQ>tyXAbe$4r+vql7m&DRE`
z@%X3a`c^ZVLRIInx<-u%w)k%P3Agzr!&|4{<!ZeqDo3oLuD4}ho9}Bq=ZIl8@K#LZ
zt1%>oZireHNC3nzyMK1?LTM0}URlhC<+iA1*Nsti*s$JvMeX(!k<btGUtU6Okf(0`
zAMwA1-)u`2!;j@O=(d<OtaI-_+3Vx#VLrrxR-zlWwl#+ev@MRFOuotjmL3})B}7<P
z7paUqMkT|vST(Y<!R4qiUGMc3DHNOfr7QWX_vbE8-;`EIkU^Y3IiRW;MW-49qxjkn
zW)fH*6-~LK{hNxQ8_%SIuq?ktR!<#_Al4m_A*tN?`!MORiZK!f?jiHLi%R=PGZP!V
z=AZ(ZO)HOOAc96}N!{AGc-kdK+zU5RifKuFbF!wndm4)T;glu?MwA6Dm#*?#zMdgW
z454SfMlSw}>(MKCZSqz-bL@8UNNTBYmNpVv>+98?NKZO-v&T{paaj2EBVs$5UFXB6
zR|xGkGx_bw8f6MW#8OPLN@}f&olGtyDF6&`dyQ?`dWZF}&T@ErvE$)8F!oIo%pP7j
z+?;SdoYWhy_TWyH^lNV<=<3rnO*QzWc2oH^ic4O70#x#$9%TO&s~m@eE5`r+`f$ll
zzzhOsZx#pvv)9zr<V(ubIPji*DBmCw03*64UinXfn~Di-fp3{rxx{G&vmYA!#qwEp
z%HT<&!~BtpR)#(pfTi<Mzhf_@r;`L&jjLiY=ez)q3NXlF20KOB)lDtlvFYywmFEJL
z)nSx5+k(36_P53k^xC;wB1h)8G-eWEo+HQTr$slnwQ?`k@Q-^7udh2)9IY@;l)^mN
zVmf7uhq>?7l;;k7v^}m5cSXH*%D5g7Qmc!MYqMK9q!Lv)yE!{cJ+dH2@mBKwpWf>q
zRRq;ZCr&`VXui_2ikxz03Jp$$^$B04bzi^5wY}x8_fmnapR;RE3Xx{tBC?p%Jo|??
zK^Np+&<@a{^?_He@`QT~Xbp981D&PEPf(G6j52sxmwDq>r9bjodo(j@@v?j&7*z3;
zoy?!Il{=JS+NW4dLa*c<qAs$k2LO^BP>v@n(|xR%{Gl#AVcxj<UdS73cZBDJIkXEl
zJ)Ayz@>UVeteVIcaJz;vVsvzUaJkvYU3!|&qC*43zZXyL6h0hy%NS~y$*x~Pc8yAK
z(jB!BLMY(8kYzRzg5FUv?M_dCZD8qu+S<H<iByZZw5htlOD|Xt$;Bya*weKdVbrxh
zst0rqpc|jyE!;5p<NzoFhgAyEUS<Avv>h(EnddbBjk?YQG}$>VIl^*3*<I{V1#_h<
zl=fUp%)eJxSRSBL$`bWp<z(=1L5Ht+Zx~ZIrfdA<<x~u~#8cNA9%mB25F;LDXlZHb
z{d@r_z&iR@K1cx@13fQWEQ?}*TVTk&d+%j$FPjr}H_6avq#zj~2t;VlN_;xhz0s8J
zN|THshr;EbcG@!x<K)7U!QBYMp(vmE<W1{cdZ-yAs_iW5I)|%lP%)H1d+GhC%i@pf
zLiL>eL!+dMoZFDWeudLB99js6dM1P0#%RdyQil~5pgzSYAFO>Ic=_E+I-xBiEP8FJ
z_z<MhgeBp9v0NL>4`{8r)Q<<%u=p`rM0-D2vlMi<KAQE}e=>56bsFJ?a0=Uo-O(B|
z`|&C&i&Zm6o|{Qn|BwOVJNb<}v_KM35;@f{U*(yQ%4dPA7)3YjLcy;KdqTzeh-~du
z^OkVwH<%$k0sQl8_`Jg&@($YD0BX9d#D*NfB~1JtZ|rZfT+>NvGS|TkQ{=wm_~d?v
z^jm+wvtBUa(ZL3NklK<Wb;%FqOliQ8w+QbrP*5mQYP}q>I9OV@`(W{`a6G9uUFQG|
zV}L-ywv8tMOfhMeqvnQ51%?0{L0M|QkjEP%;p3|n3ktQ`&SaAYZCDIX<+-bC^<noC
zR^a{gm;U2oVqn8u##pd(YVkW@N^d~11OeMklaYcR-(~JfJqq#s;XGoabvve<kbvPF
zbBPCGSlJonV4l92fba>`bV0`V%Be574C@>wUp;@@qwV!}+EWts@ra*S$Ql_(=sNql
z!K39Rb8+vK5BgRKwee+;)R4um)jQMFvYhUy$Z6~!*q{A?bApu0PsM-fdo(HdxnXGl
zYs-swk80*6IP-7W4dy+#V>|dJ_<>=<O3z{W(VGgJeo%)^N}SX>$InasVeZUvs@M89
zwOTbHeu0;m->Cp{e;(h}$n$mI6VM~@otVd#b#%%hO)k8HdVExq!f_*GbHb5S3IF|M
z@N!zAYFAQ&jLkq!)G{eIDrndrCbzYYj3%2mE~W~JwH!Kz=O9rj(1v`e(mjS)6u6r`
z>}OQU1*V<-ZUWdM^z21@OzC|J0t6%S)b6oYnd*lV{@!Ko&CeZ){P8<~3Wb0P1rJ7w
zzG}=!Hn>R?*>qSRNyMtM%@{i*6FScnpzbGFZxvKJqM3#qd+*-D!Mo<9zs<USv_176
zd3IEI|0MqaWNOHwbLVlQ_^TXe(sq}^p*B0wA~XZTAE9F#35GC_EyVSq586uOVqUwK
z1930Fqv+)qN{0nQCv%mPK{fSe`B0bGMyjMs9EZD&?;AD?#Z}JO=1+T7pypS<<cDTW
zB=oNgDFG&2fzzsQ5PdEh5=?S(AKq}YGO=qGHC^Jo?Rbcx^1zK0!!?P?*3oO>jd9r$
zugQ0qIMk}qAl73N71a;e(E}*0=J3{FK4>VhTXVr-233uioiF3#R=o^BJON?ZFUK2#
z0r7(C=GU8Km>Djl_ZFBq+3J3Lvruw;hO9spN5}C$=jn6Kesb;9AR*6>2Q%vg{&-Gl
z4eqZ>K8!<6IAxT?;GsdG!;z0ic<@7FYjb2hn%gFX*8cO+Og#I7<Tiz4#rtnPQr!H0
z2SaqM5Le?lxMau0cYue)+kV9wh<(f#eoG{*$QbryB;WfWElX%-jb)$;uP?Ul#$pIB
zYV%fd8&-&f|3yEPau~{P*_hgY!=VBS!*`gWHx39Xmr7Ftso`(ZUX1NM0TVTCqHhHF
zUcaaC!nYi#a=$dFvY&0(d+)iO3WjLD<A&+Jlh|~cQ8;NiMtN^2T(sorhhh_U8NR#j
z=uX7_Se!W=k|cbuv*B>=zQ-`2f*j_mk5WX+Q_G}I%<s+iJ*`OT=t-ASefj5Mbw^eM
zl<Wjq)IL-175XiLN_M$Bt+E{5URc~0%H7B?po2HNpm9@id?1caR&i~hnkJUZP~UQ@
z(k@>2sB8a0!bbk}l)o}pJD78yb}AE%KR@@xTZaG!oL~*KghaFIm6;2G#$uwh(*YwB
zF+8P(*kVKVUU;_s3s+9$*OG<i0kiUY_`?a!RGo)vaUO(Sx8&V1ufX$BKg5qOmsUYm
zDA%614_z<Tv+9&L_&@#b&-xft`cd1;E~2UBmg;gA+dVJVhgJJ?jmoa-p6zEA6RbCf
zh3-^3=quiOb-KvoS3R3o&KtEWvlXUQYW{>RhMRw}BR1;Ebgg`DrrGLBVqt~JnGIZC
z7I{P==k6D`yWD=aRA{Sr$16GSL3oqaQa)vj`k;@**7ekyr!P^}v)HM1WVr^8!K8|s
zaS$7GAJ|P((bkXV8TNw;0rE?m+YQTL)(rAa6TiitMkSvYYwilPo#^}O?oe{sl+csu
ztlHT0H;Y1{Wd?!Q*sJvy_cQ}F4%0efkS>|q9sZ(u*WIKhu<?UM%5t&_ORHJumhWq6
zKWgrmEz^81p12}6X(;M5TU&407r%dE6JABq)bb~OU<h85N58R8W@YZwmJ8X6+z_tD
zG$lEU-I8ll-GN^%3)z;G|Cq`TkU`r9ee-0Zit5UhD}9xty5zNX^WUyLSszLhFfg*~
znD9IFd;`*EYMl>oIgP8r3bYHk8oGBbJzp;!SphlWM3sDRGkd=J5bO^Z6`ug_MY%^@
zQ`!5AQkppV*Oo`w2kTI}L*d?x=H&iIGM=AwAIh&JE%ChRGV)dbFomZUK{?iPbkIl?
zN-5%-0FWRnwdYJfXDdDvXwAYlW3FFrS=q_|wD-+rQl?uDur;E1$Nud6tE@>927;@x
z8%<wBD?qh$^+npkBB+`gc>%kOFeL%I**A#ubub+$sQyn1|1<4+&x1(Yf+?$36-Uis
z4!u>-zNErhJz+{jl100qVuN%W%_weB!uc>c3M;zE{v_$i;i;3K+_-U_J5|9W5tOWO
zt6(}Y{upTaLeXkIWp;>AuTdms1Jef<d(zX7g*LtuG6x>LX>OVyEasvqNF<kXXn6#j
zO=<(5*F;{g`7F8_Bx1M5YX;(q+*NS6eLLd3{dw|sefAPZXQ1WtFpc-^TA=a8*ifa^
zhxZGnaDXEi*^Dv+c7|gVJF|EzlzkojQC<y%5unaQb1XQ6sVC&b4?b6%x?8f$)R<e^
zwrmXdz$JN7hYK3E%#T3OpiuXLs>A^iTpUxWFz2Hdw7<Ga!}}0^X+<vlmS*MJ(4w!q
zT7ax^g>}Z1U$*ywRsMS26hpZ-`@??Fuq@@+2~e`p*{w7r+=uHE6LHL}VbCG6ti5VB
z$FI3j@T@fpeEkh4UTC9l3pe)OxB5tG3F$%|xsa32X_qRtT%>>|OwV6#+1TN%Yb$vb
z)>j+L6Clf6L*sqdh^{`OpfaJlNyedZTjygYn|9$1p9V?x;bP#U2#$+KE)uw)mcHq^
zp^rw@Q?KfD8_SKTZeTxay@sAXRqX5mejMR!bccErUEr$aq_QacmfcLqft1hvy$ZdP
zGbNnqPu<_6nS{MU_XbJm7rT6+;V6GKB#$>z>!c+KM!XE5vH+x$P!5VtTC`d~nJgYf
z7Qc*wqjg$Uw5p#-c#*e8QYZ!E)4V;KM$CuvsI&V%D)+v_saH1IU6FX;Q|r2Feb}1*
z%0Kt^;i#~~IFZ<d?;B-AT$-d=9Au`-fuif=m_AoL0taDgw%8tP!MB&d>zDL!9baBd
z_^%8Gk1Alb_O6EOV)!DE?sc;#faZ6w^ioC&vFr5*Ez->mJ{|)BIP=<NQ_H#OobUEm
z`Fe-g<5`u4?RTHI2VH}Gr%^3Jc^2Q{F>h0Y>u8g+J~qd{q+<{G!4HqIDbD%9MnXUq
z%_yDfNV7xiXDS4S3Uu$jHmT4#zISR|mlY!GQ(r^C6vvVfJMFb-)1E>rnNm3X=k~U^
z=kq1bnId)-t)`a3k?r2CX41T%8*3s@Mgl)`*$+{V`}azIpk1aIX~?;unL|kT$w0t7
zqWslIz=#ayd--~nRVGLF?YebCk1g&^yYvvnWL|cd$~?>5<lT1-dBi8;J9SUL{N$5h
z=qhsL7Ev`0GgWvhaZ`(W`V)6Zm6#49p>H~iG{4}+L(wO|I==srH&wCMd!<g(t1LHn
zat>{4b{I?jnt?vB4Q^i1a75Q#y*<j9tJYn~PV_FWhnUc`U#mT4YB@^t;fj(vv~w|e
zK_y}IlM^8=m#rClhuvp@lRpt1jPglN@)}I{r3tl;WAOuqIu8GkvSaGgO?f=YWK}VD
zdk=9&^waH_6}s6f>{)W=7Tbu4WJh>&c<rw2?M;zG-D5DGO2duz`fOJ$PZUj9{i(j)
zDyO`G(WWs`Q*@7Hsw$Q&nR;tD4IQH7&__%aABPhnFyOzXO4WxRncPSBX561U^<$G!
z?9MbVA4y+#M4nRYBleV2ifGa`!5C76G_CaD!Y5V}VCCYoa~WFqDAQ^>#0)LUreCr;
z`19jiR=WF63HczkfU!cKt~;!pFe%62)TxpX?=|bF8h}n|s|{N;*w3FZO?}u{b?9y_
zcU$J=pSNmhQ`f-GH^>M5$7!!83#g;3KdHDEza=<3b96_PgPLDxJ#v3QRjb%Y;^f^>
z>7ICGcluF?q4V>Ls=YsGn^{1MSU%+5m2@0@Gm6dKdh|VRFhTS!#H@5BjC{a;d2gYM
zy+tZA;62Aip~m|HahU0ev#3+Q*T+)FZKFE1Zp+r<MAXs70j+kP+H=4{(2<$H8_cJf
zLPHU=Sl&hceqwPESM`VnO4RAcj3wN0wTy3?R&_StC<k>r)m_aGOb{*<U7a(CAJY?E
zaFpZM<Jnrh+oy8LRlAITHdK||b=sN){Hw;(YVt(rSQ@$iqv=jW$KuEFu>G0NgJt)^
zlgJSk1OaYn=XFY9mZcM?G6VfD8Fgn;#+TCYJk4kos7lioYF>@J0Ur7dZb@PE;oC%I
zRMxnoE7H^wHJ6i|D%JH!s&I*$e?3<{>zmpa=|C2hS2y$mJ}l{NS}eL`WPGVu?2)SY
zu5zY>M6rP|!zn%)%O-}=l#3u+(u%LUoV6J43$3BD^p|?-#Xl0+!MucUutc^yEO&88
zWgX!cHbUVIxB2)`VhvNWud?iv2+iaoGtF8f*j%Wk^vHBUe}%+t;I+8JzKBExz8%Qv
z$>z}GQ^KMFUB@%_ma{fDlJsD9fl*uaN!^M3k^NQ*+~dn9NAj%^jvYSuLc0~7QMR==
z#CA^!en(I-4%yu~5WwMe`UEmXL5Th33&qg8-QQX0OhrJj@@<A%x9@6ysL*n*O0r5K
zzeNV<@7Wi}2^BT$6Lc8w!{Zi+UInpmLdQYww@^x__Pl7d$~FGMaw|u8&ayWAZc*`Z
z^J}ZfyP}pUZ!dyi%7uFu&x0v1eg;z><^+TgN*btcH=b4~$9Qf@Q-U!*N}$<HHbK+G
zZ6AEC<TRer6~e@PpTgII>f?O_4+C>sK>42=E}OQnn8kN8ZXI){xfDh;i)NK7<A*wQ
zvD$^#XhXs@!m$ohHg!i{T2Dwk)B8>zoeI0b++_R3!3aGQ)BL8fJga2I7-`SM`EUvT
zvRwHF)Y<)nW9hCYX`<7BwFpEflla}T5ix+xAH8YNFlum0j!3OxDl*_>GvY}OpGi!h
z5ZDTx*=)&}GKkIH#g~nDzxLFH$9Gyz6uKI9M0pr9w%x^6<*obpmLL4j_bQ1gX>G~h
z1^ovPJeVPal4NsCCCv7R!*gWRZQ6UCaUK>UhPB>2&0bqGFlM8&8aeq0YLYaVW(d~O
zdlt~)w@erv<u}-NQ)MpuWRFyBP2lu}QL8ulcpm@M74@jj{Lph~9*J+CDR{X14S#Rc
zMf<zP`)n*{?YpW8x_N3QrnDv?+-hFc5ntT9s>#fnyfYauB^4Sw4<p?Wv6}qEYvjeH
zpkR_Yc37UvNJ5&w?h4qQRj*W8K|u4D!Ci>u1~(44^(zwcpn3aw-$<WHM3x+tVoBe4
zqq@@*MPFCzE8w`rtOCpGlpL)lClwptR+SEP7W6@OR-t8Ya)IvQ%N3RZy26F^)YI66
zC#MH%Q>{z@OVEIZteK#Dv_elYa1ElWki7n%jHqF@9WkuY%9P)v@mn2WJE)VB<#Z7y
z1OJpa7|>+QZg0X}dbEvJ!aCe0oDP}~I2x^YzOMGHsY!Zu`Cxr812HHW=6+TFQI;j=
zTK^(dVkB&2{#!&<$eJ+x68tFiH8Fep-ZZM2j&`%zq8x*ofDNDM#!ro;5|iTySbADg
zU#h!Sa-&@0%>Ekd_~Mxvu!atEr%Rmr8Xa-m9rZK5dzD0=IxYo6gRargiu02Y8zpS3
zA016sPTh}gIu;UxCfA@1c>Ry5rMx@ISWO>qAPBDb$SZNn;H$oV#ju9zvBM=%*}3Cd
zNnQg@ShR9SxebxhugaY|E}gni3?V!o`5s*l+17vg=e3qQwW{}nug2{K0N`YFi5Scm
z_Wr)!mql^M=JaCa6J%}6kDij<0;CQ$VR+|^<+3XONYCq&j*Zg?ID|u<Fz3aB8@FjP
z7n<<&L*^K>-@WRAD~W)nUzLPk3;EVG#ZV$$BQuWeD)C%~`Ep%JyF7e+(w=7c4|D5J
z1@w(3{2fPNmQbmL2LBKVs2B=08$WuTN?e9DuzHoxqFv)pT7~(pp>5-GMCYW`hhvlt
zR<=9hX|2#a%w^dl&+?;we`f%EKA^h4ti_D(VNr_frv8V0-7^^4kGY=Icu;3?$iHEE
zZ6MjPk#Wyic!3-Yq1Eo5IH=P}IG%8Xsqe(6uaBoA;g4#V_8B09LB=q*^{PkQ=^`%r
zBTNK;jd>9SVYr6ou~L%rLJ@vFa&j)Cw*s^fbNYjIp?4~&qM=f@GNHlgmsX2*j^{oR
zb7{zk*Q?N?Uu}AJ4>=VK=F55pf1hhLpvJw9dNKU*?7Oy3`Tz+19$&qB<($>vpnbO`
z6-VY`CWAvL<RGE&US`F38a3(`(HJ&q!LFTSeSPiZTNc)`cT>v<MeMs%V7wfqkWMLa
zh+~$09=r|j>OzjDvz&NnHkF_Uz2PV44$E|p7@nx3$h2Cvuc0G>!BW$>uWt0vVE5gg
znB|o5oSLZL`!M+soj}awPMF#G8o%N4lL?PB$;eSw>J6O0?9or?ZJ5!Qr3Za9O)^9H
zo6CdKZrMi<i~~c0RgIz$b24NO(+M-dFQ7TWX&lSGXOXERE!5HpdG+^f*FCDYSs)vy
z&LRbrMB4`;UxSV1HtDpbeEK)o#BB;rt+-Lia&C?+UDfvROwBupHx?@;HwB{-vVvK2
zFJ8y7><~-XTT?rGyaWm<_xt4e9h&eC^X@$Ue4E@THoPlIr1`sDW+GOyeK{y3)cE7;
z8SqNt(#XBitIOyZ4AL8sbNDSVuun&|FjeisZ$7K108N>D5m!Y8dT~h3?ljeN>VH!E
zPzjAW+d{z)zXXX<OsDZr_&a!!L~`ox<ZqsqGUseH5mE=YE{03sY>r#d(2Z;yKo5p=
z_yPnctWf1&kNch&PJ2Ck<!9TLy*={5376CU@JnMA*XGMRjx?RN9Ta0DyFy~954PwJ
zk&<!Kx%D@hY#SOs8rH>;K=)#=UGmXf<8Dm%lJ(T`SNJ|XO(~(8NF`O(-qQUhqd8x<
z)Kug1!IP2haZQ}s^q)p)Mm<5uVwXXzr=%Fxr{l@*XS8efg(tLws#?<TRDH~O(R}yY
zHHwu`ZW1++t!9(GBlmu(`^}rjrw8%ro3CvH{oI)+DTQ$f56VvY{JZvzE7KbaKom#;
zH)GU?+b4Aa-YreyUoxp9(_=ka5@o+O$Qmt66fWVM-rR{#CakcvJz9Eyk|tNoEqHsi
zSw4(FdS+0X$6p7#Xl_r;f(Qo?P+i?KmRso8FlxMqHWBl|_rH&jnhH+4hdvG4$WU;o
z_a_(d%u{~E=km>U9L(|(-Q2e^N8Rb@*+8rh;t=AT+a^t5n|51pR)-=+dN`O28Jo6?
zbQ>YKhNp*{+&+sS>%$g)G^j_@6~&#)0>?J?X%vE2S#*%VHCiZZ91o;`nZm)CsR+Ma
z3zUElvciob5!P9hUI8kKh6T^E^aSxO>OsTdTq)3Q<-VY%YC^FCj2H&<<WNZ!)SQ&!
z$Gy2==wwX363x;9@uHtG=7iG2Xet)NKR^k6P{T#WN82;p(D~^`Dzp$awbaWNCC82L
zu|f?quyGW{tkoeZg9;|s2p!**`vyBaqJlm9-bpERNY-Z8J|+EVr9;qqhX+*Fed1`M
zMhiK*`<FiKNvmG>011YN8zR|x$I_6iNYt67&9s5Z+~<4uzjmZB+AGg(OZnKK)(Qiq
zN4?wQBB=h7B>6l5<U5!)l@1SQpQnLGhRm|ZDPjc$NigvZE_{z37%e3X7<vAp!gZD4
z_3PKYWrFp9gi``UO63lR^9vA;r)v%;6I@c`0fg73>y+oQIEEV_s1EmV0~syby{tF8
zg{Y=#>Fe!ZskJE*<*jW`W`3AZ>%J6FU7x9H`CfN+^=SzU^k^DZkcas2@C3(pAUkFf
z?R_A5YLSejAp_hXc_=Cq*}B<WRU-d|<ly!9T{}VQ_dDsE&EFG=nXdcQ-6HOcfAIQd
zaM#q`_@b#QJ6IJOQ0T%Av&ODF0TM7BI*41dZJ>F29NP8GFbc&YZr-aY!Xm%q8R?&r
zVPBe}m0`}6coaMniPIAtDNf%m1Me~R$y#07^qi&7&0qI8+w!{w#_1YHR4yNBZ04?f
z6;=H{r#?6C=DSE<Q_KumAYA1)e`ggSv_W=Lw0lIV#X#Liusax9fp5vAobrPR^xU!6
zD_bzoFF%F44^!N+<q&7eDOGZDdpdXQ#BB1p<$<QTu-YLH&pRkhtv|BX5MH$1xGWg6
z_X$oIXw`ynJp-eyuCF=zu;hnT5E!{6;cko6*X+H1x4V~HjW1YX5w?}=06Mr$qG?}Z
z^)7bAZzlCid+yuPiu=Gx8cnZ!d_->JVHCS8LqB4C_830#HFWiC`{BgcGS<gLeyb>(
z($dm7(J{QbF3Hgm9m|C;AFAr3{K`jE4RW<Nk7N_xi7S7_-DX05J=%_F?(hKDRW^uA
zwpnsLB9mLEGRou^^RGY(ojumJ>*(~C_D6R`KtJ-R_Rw<%Hz)JC)$V70pI(skL`yIW
z)HpBZm`LAfxoAnU+C_4cu0TRFHO-HOWxCdl-H*?zN>k)8BAQ=b#lX8Jw_~D7vRJP?
zDYGZFJXKQ+`ub^-qHs|^rIa5z%<{B2z-gq&Fl)L&@=cd@?>pK`yP12F!B5nB@M}8+
zJ}y&Vw`p{k&@qUXN<7Qolnr>V6xX{pG&9y+T2ejXBazK4q%v41S=DLE%=-;Cb~4e4
zoOul&C^0c>H@*$q={<Yac=jYV8ha(RXeyw!!-{cfQF`St^+tWocvvUQ@+2`8YIyKf
zp*9MYT!WgFyMs<8Fe;M2N+So7dScVK#?}|xZZ<a%FzJxcCj0Dr8oTSA?KThE@CURm
zQT7{9hpr(@^A8PZA%n>@^@%X5v&9aC&Ecudx*#7k(NM}JFvPowcN1x{c{DRH_tn@g
zd85Md@F@AvsMKXyB}v3ANt0@epfg5j7pc82lm(;dG=jCH!L-pQNnk3{^w#_9Dg!}^
zBWK9Mc8Wz{Q@%K8B}Z+ivlUAEQK1cIHks}_74B|CB{UH3A&*0t@iaiYwMEv4++XvY
zBho=%Fxo?buAU!UINPhpQ@@pjuZyKWZA_-l)%<`?xxkQu=T4?m67nC?k8mQlNB>hq
zB@TmfIt+$#&dmvl`b~Bg28I?-7ON}3gxtPG*Ay^W>!v9#yeS`FJSugpc~Xz;jJuQU
zsm7yRKb0K81R=BXIh&r?P20s}K(%1~su4ll2f-7B88S+n5h4y^Fz<;?;zb6xS9<1V
zp8Cgx=GlZd4er)>n!HPEZ6Wtt(+G0Sf7OhodKIN<ptVK%Jw5SHx7Vau4&(ko(htA-
zbf}ZZmTX4csPf~nXi%*3iz7C|lk!}t?CZ;-x8h@mq)e6zS`br{a~sylzLc7NT=;O)
z`Yb&rFr?^ss7USExDY#MUAg-nuYTj!o3*3?D?3_K`yI8GPq%%Uk(JEjtdV9-AN&u@
z$*dmE=ce2cD;s$*Ex0YL)U_5HdsY+>vb$imAL(7<ERQ`=>*mv%zv#9;oK-FA{&uxU
zd{~%xm)2yfz9&1E;*jMtbpd6yC3mAtapP$cWOy&(I1gc??*GcniMH*#9Ej0YudG;)
zSM;5T&FQvHU{MrICOf)i+YZfr#b@h+yNnM$a0LyCTg~|<{29YcdW@QbM32xmv?Oat
z6B@nkZ{ZZHc)@C)EQ`^5JwoqCW<2kYFAH)28Xbl5N!FAyWK8fYDXz3z_`(sd+PQ8e
zdsZpvIYVmF)atVIAktJmlJX|^Y`D7sqjaw%BlV4lm{kgyPvzWHO{oBhjN^t&>fUid
zRvZ)}0}!ZWDzyIW*Y-RXTzuoAT9dOuZ|BvMd-%+7A*&CXxm<1=`&Asxw5jFh-#MD*
zb8bj4vkSO)DlmVk?)qfex^kpyCcX6&cFfqBm^LggP<{z_Az}i~eVCEmP&)}<0!-d2
z@HW48fmYLmD$W;PqnNH2swDn2qWf+1)n>5p2&lYRBV}?b%rCz~)2Q%UWL27er7cJ<
zsB2?TT_>eKNXGa$Lx)2fjX<YAYIZ>t6OP;2F#)Cq28p-`8lj;6_o|@TBU9D(PTZ>}
zgs^XC*255xkwr81;Ye!5f>3d9yp6`>j`rC{kjI}0s~q_ff1+v74W5VbbspjnZco+8
zZ@c-7uxj}L&)53L=PzY;sQr}u(F0QIC8hWXbi?V_WjyOFQkamI9!fxSy6tFWV;c*Y
z;R%lhKWNX4<w!BGJPlCmMDi1q4Zw%cY6B1WM0FBJ`^6?O81+HVK#Ce5=0~|N&$rJn
zAiP{cj3IE#d6>w~47KMOJeX!>y_od7pCbzHjx1t^q)5)wpAg`W><vUpDLMv&jHxjt
zM?fMkgeF~S>3Hk5Hq59pAKp+CK`x=VHBa;3!Uir#1w%~v#ffq&?wedix118PPSU%z
zzXwUyHB6-14i_*sg(7Ih34P7mg6gCJ|2tXwMdbWpXiTyodgz9u9u8rTY<liszD6%#
zPi!>WNOEl}sqqg2LTK<kRpP87L##|U8Y)Xm0VGj}zkp{vuHKMjmS)^8E4+_GSll}G
zzL6hVD%Oe>7$DS4+f+#F=)Ks5OPIS~a9@uvC&z_!&UzuYJL5?OQnkHF<{_dWzC%7W
zDLx8;poM6S%nThn)%*9100IiCoIpn5lj?o2K`Ua1&R5T3a`Vb9gzWA=Ha6&<@FP~-
z0-0U{Pd3PMP4y!kyqjcH7gMi#NB!7*dCj80CB8_j+)~*s?@UBR+<du2B_et3(1)!j
zjae>?lCf}TuPuwZle_^X;<7|=D6a{cHQF1RnP`S#2fCqr1vUvX_^a)mNPG)BEonB`
z#Sk_ay;JI3Z#^jNvOd%HI#><mxfh<UJIf1?QTYV6LUXh!`os*8C%Bi}hgE1<lwRdu
zd5-ms**jhKM{`dHY7Z#1v;x|eHqB<Q_4ToTY;VPnD#YG4vz>qXE!|Jl*z@$vkg)~{
z34`0^pn-=@j=cw(-sT$!`p6{A+9dHbdnW?jkuaFfNlb+`d~8kjm1|W^60iy6`FLTG
z(1bw`I|<^cr(y6Xtvx$k3ka0z!^rYyIHbz=iq~?9(*Y*0GP;9iH8I_q^s+_-glG^o
zJed+*O|3A7c{&Cc710zsdZxO7T;kcqieTlGZ<(_?9}PN~YLh5F+QNvzQ910pqjdb>
zi>TsuT{yt|8uK$lr!$&$F+99nTTBfzS;?C2*Hy)yATB3vweJ;c(!RtIcdx-TpTea@
zYp?B@sHSryayl-Yt%tyJXYkY7eJ<VRU3M&oLB$Vd2&Kx8@Hvg?XQUjw=+8JPIjM-y
zLQ$YWfv{{yulI&=jYhq2dDF>P@>cJ$4pdA&f55va`sc3{NSa)VxHFv{N47Dpw2__i
zHCZC;!!0T3G&3fRa#trIZzQtM?Az;CH@p_}zeh9oqx{Y&%V){{l7{^`5|e34|41k&
z_Gh{5&jO^u`c@gsR3&lWWN|OH_e73gK=4WfrR(H!?NJ&VNR|pG!iR57HLy?5ZE!au
zYdY<BWZvQb@p4q{>Up4<0pM<4n{Q@Lg@GZ|>_p`I0fC?nK00~4?z%<yo1|`|PxrDU
z-40FjIcGy?0z&llhqsgcc+9F~)2KJZuQ#<=rRB>pD#kg7((%zf65sf=6w|7SPQ?{w
z@MPOw{gOaD0xQ5a?52g4TSbyS6%&X8NrQ5frtqVg)a8qe5S~+@CGk;M<&PwJi_?iW
zN5+5n83*9lB810##Z(HKWcWu^i_@niN3|@v1_7DxL*J>nxxb%J?DW*gpGC}nQdjk>
z{c^ZJ+Wt@Ktz(RnIm2c`CzQNAw!6r#2AVLfrg<iGOBVv~1Ct+U?zsVmD-Wbi9dcI+
zAByn?T$%inf3Mn%rjwF_TuL>bTh-BhMPbav{7AQw-6WaKI@_PiE+~EM<YDF1Yt<~I
zkY;rf8qgaK`A?G&&i8lXjeDOxe`!waJra385;T1?2)f$vbe8U;!BN&n5s>+iNowSI
zj~cyqG{Yy;u$e6@R)CZn;kI1jerUL3fpWEI26*s9DIAS{!4oB`%q?KY)Q3Fn;3gv2
zeXmN^6$jATLCeg*HkRt5#07<olZlOO8dc;`OXNvH4b=MN7RIKZnaxDE`ZtJD2v{qC
zS?+Ig4>zZn>v>cLJC^vm0PU2<6BS-I(hSIo@eK-Mrn2V`Wh#P6We2gQ8&6KzPiKQG
zooUeL`Ag^jGF-*vJ_VJVah}(p^4+_)e-}YoYMSWQBoj1QplxS6UC&5GI6KOua!b|8
z$thxEiaM9n@d-Y)KnyM^tF*fMO^okXeG;B_b^pTS7>f4uY?cIiz%?y>@Z@r+<bm&2
zPE@#Ui&PWS2s;H<(Yz|{n17(VyyDc;H=n5&84?Z3e?K&tnSxN4fc=(ST^0OZmhF|*
z${<E_QE?{GSwMeNayMTiKS&U=-0)OP6^-TBO^w-{sP2&Jwo~=;F4+^tCagrl-DWh=
z5@UN>(*rMg%kh`A&Oo-Nf_A{&Qmy>{7$HaM_C$W6_p0eCsX28X+kIL$mpXW3^2e~w
zs&HE(fK&pf`cMLX^fl+)sTuDv;+pcRTJYbPfkmR6um>E5j!n)UEPg2fE>%sJrBM0&
zjG{@X;6Ce7Xfr-k6q?rRltISu?fA|Blsz!y_489-_}8VmjQzshrxR5UbeAiZSI9y{
zP~m{Z*har5g`SG~0}2w7B^Oy4XtYo=4`O&#d)T1;vO6u})zQTQW_x~3Sk(u0e@hUI
zrs&){YfoS2_dyOJazW`FY`~aP-<mLg#SnJuj-7fu*S6<|Xk>V!pSM@%vfZCUs8;O+
zYv3|?ktf0ikI~%NgsrLx3=LIfxwAO)ttT6wKigyI2UUaw(tk(GNKBIQD7p#Z;Er6&
zN2eXLGRbYz6o^BA3*7|DZe0iYqvFjE?$r_FRQf3EJ+UpHI)4vFh--zFT!Jo0Hdxzt
zx3Y0QSVQ;qGtP)6wVv0ToY!(Zqruev%YS+TIq&2_-gDl`qw1R(9R(y=kW={vtsEGe
z+#DQKoseLCi_e^As@AQe<eJA7z+iqdd+Bl>5Jq973ROruU6#cIZyD3Qg<hml84}Dp
zWvG1eNF!%G&^e7$S|s;o#ykA9PmlqUCvI%ptoLvT9VhFR{49mh7b;f>^{hV|!13h{
z#JSi^K<l^(fv1O#DnmoQqEZbf8gC#YcoyPwsaE-Sx30P_Z~5t=LAu`fnDs<9(a=Xk
z0OTc4-}P{DH4G+TJv1j-Loa2m2dj05Zr(1y;&%_>y1p-7l)u{=LG_+DOI{?_e(>1K
zb|B{?#DlbbOxuh3r4fVY+2dwBP3m&bH5l`yy(R8<0yY{0aI@BIA&*uBh?TzkazCiu
z{QCEHY5Gme!!Ieraqd#GuVb_dbvSJYKk=3_3r-(jAe6H1e-a(Qd^%a<63sq)mlOVY
zc{3Q_eLnz4-$0J~Cp`#as}*kgL;fKCV~g0Bfj(mjCEfC!`amhQ_M9P9cV_bznx|*v
zP&Z177KXNLh3T}+vk~P9LDGDRB;7psI1^)=)tt#17U&qb@N`-u$R9i`Haf6o;{65!
zpl3=637iIkv<VdQiF_8>V%6KdqorA^6)Fj?^6ws4AYAI|Q^C}k<x$cGvxYO6V0!U9
zX1eSkD7Ua_iuLHZb;njC-lMi%9LEd26Nj<6fTwFLM$|}_j~L^e0XmI@Lpf2@u*mM%
zB5t>doypOAWP7u^PVM7(<>CpL%N*4kFy;Vm&S;Yi5vP=6YHAVZmaY1+m)U$!yR+F2
z<jlswz_1;_0|yj_utK$NOkVQV_E%_6r30I8$(w}G);0!ckTciAEt}I4RbxGTA8Z;4
z+w3ZG>Z7i>W!x}d=n%qe|LA4ndOXpRWBK~Sa>S!+R~@%$fR(`TZ>UjjkhOjTay>dn
zVhSxXps6Y$3+8gYGynef`_mOrsB?2RW&31M0AK)0QNR8L*8an#u4J1pR(o#iiDKLQ
za0K_YO+u4|+*eOKZRfGA-PR?T@v9w>p{SE(N4NIFd}1clHWZy@p#*BBzkIp=mvq%X
zFedwtG8N);lMUJiyj9G`UaaTg=oB@fGw4cY=581&&Dy~wkO6tSgI~5qL(tYBVUij&
zAIWg(+mhg~shT^10ASD)@aEDvFrc|Sh-{^)suYanfv<#=$H;nKt>*~vd+8eB_wg1<
zZqN|!_e_9g)VC#-PMj^@ttbiEwA6=>v(=A3Y?A2~|B+?9x^^JuzF5)JWQ-DhU<`%L
zY$4u7Xy+?D=a`Eu#?Kq6I9Ooeuvb4~_0Aa9EbHv2x!xNIO)FtXe_1Ea0~{Nl!@;*K
zBKV%k#K}hDK<}IGAy&;(Exv0_G8DHax{s+VS*(UDc5C4WE|a#gJ*rejVWdH*<5nlz
zsfxFq{bgT6BlKuG%*ydCr@fX973qz};g%D19{899Sa&_E?j&UpopWM^_}mY`eu6;k
zm4&78IJFOwH;EZvXH7XN@lXZXFrS+Os>M8_RuON`=EurYc7>TR%37KdWmdkK&gYi2
z0_BQF7XNZb?Z-iiz3L1XYP=}XvKW@in~E9tqtRp3u$U-O=P^)W1IK@%HJs5L6uOi9
zb)h+zdTJ(1%wuD@C*IgA*2p`*rnB)l+0lA){7ymMK<?p}jb%K^Eahb1^q$l(Zv`Hp
zy-NV(ayJDy%`@Z9TKm5yfjz*&zm?|@@$gJ1B0YQe@tt$UB{xZ{{p_{3NXV^pJvWS;
zUx7QsMKVo!DE%X?bcz&xIpSc1B<busW$e^qt~;VTStz~=v5Lri)zOqh*cfKak35R!
zDgEV~jAa3`p)WHqBWb#3y3!Q!@PqDyMwyPvM=<|X_pQm<T50ZX&m>saG`doG#|=?o
zH}d?JfIW*ch7|yu*!$s>Nido#XaAJKvCU7yB)RHYm4D$DP1-S_#40zJ{rE>_6wqBp
zPze*dqxok1GmV<u^c)JIIhOlD`zhJ%5Urzhkfp3qoVGo%IdRDCE994v80Ox*NDsQu
zu<^a{FnrRutAq<soRx2)RF{#I!<5_-clkOqBV@t->Mh}C-RY6Tf*}PDp>eg16UsT{
zIK}o>on7}vJZ1>pwBto|KIp1|WUrd<o4)P#URBl$XLg6bmHZBrES&6dT>73ui7MO`
z-Mb{XiyVj(DnkQ5KjcK@WkRlFFYe8pPNzcc!m7=qqwz{R8@Q0Mh-InR7DK>NB@J%Z
zNU<?D^<3a+>e15Y_=7rvIBHQ>1y2#Gb#v5rX1x9tUid0#8Ok3R_~*oK45vZF>Ha2j
zBow5_36q+N<+>aBeI&kPM}n@-?2$6Q3x>(4<?i78rH1d#AHXMo{Lv<=4Vt5YGzV>#
z<+h#0;UMQ>lT?OikeR^nJ@kbf27ulD<7Z}qhc*sj^`@v|;GR|7P@v3aPM28Ec!5eR
zpGfIbo`+Sge9Ec`qcyU6-Z}P0vo`Y=x(sSxR?$@84^1weyw$q@YQWRr?9563q_Cm&
z+DD$KKszO<ILlrE)Vunl%==LD_+alQX>BPhT}Jz2#AXzdi1lsX4%g88r*C^yuT4k?
ztBm__6~J93z1QFK`6i)={f@1Sucn4I%Gqe-X4@|As#ig57DP~3K*w<>RMOpJ^UP<D
z*Y~=T{Py>THLG0e2VnP!*>rdcA$SHg!QL?9?NnLSgajsKeb$TYhP48qRx14X-e{y$
zQDyn^7C<x}RfehjXOF+d8afVuM7RgC0r8ioDbY{UMcr)4+1^O3!E=})lsu1lV!;fM
zH1ug<af&DYE%7kW4uPwum<S)Q`Ro1rs>$5=g5qPluG98sm5X2?1Ev<w`r-R3w6Xum
z6^CPx{AqW1icif42`KJR#TVXK&)qX;QFgdgL5=URHF^)En~tQB;D^&l^oA2<K3AZn
zR-^E_HXAI>kuvW9Iz77X{J7vYzFMwV9=`%6VMVV}2!VX)M%^DVt!tM#L3%(>!QmMl
zL=AC*I)ZORrqugaIHGfQ6tv|{4d|t#WM2uPDw4<GS(QV@=)1VMuSuWxBuIw4Z;t0n
zq&_~wIYB-|)VP575HJfD$DyBZ&-suz!a(-t73fI~c4TrmAR9Pk=To+n6(m0L(1H3C
zM#Y$HFkDt4@+HX5@82=G&mwqui+=x8A{F{)p9-3;46S^P_S$;5w52=haFmsX?^x7d
zzrr(7zrvo??kO>oQ}2(AIh3*V5}W}dzz5P3a~shhg_6?<1QZOW70{K7;Tv@XOt!{(
zYVK6UG(GAYdc2_jud9})w0Tc<M6!-<ncWCi60cu@8OcQHP5-si(kPJf=s@N9X&&6=
zr5_T_==b8s4x)kQ%zSZss4lW=K8GD%wpQLZWBlmJ_<o|s-41GJki)Ya8*JjxVA;+t
zCf5klN6Gn1S$CY(qLhKj7&|DeLdzWkhAhvnC;e9xP0EMfqBy%=1m(Y6;g9@NO)c>l
zrV7fwLt!C^&hNDpBRzW}K1ryDh_nT4TxJ!@k*;;FzW9T)Q76K@yU#CHkvda0P`hu#
zCAISjXn5}zL(_fv(g797+_*gw5I;EE)G<$NFwl?pWof0)j8#5@vL)idsqd&#BZq0n
zv%iMgF2FElxZAJX*w51{L2DiJIanKLvq(T-`mt5UaP9#IZ!gwef;vj;pJ?Fn)t^DM
zU~prvYa8T)#O|`%<m&CdQ%>fUwpF_rT0_Nx|Btn|4vVte+lCcHQB)8FloXMU0Z~B&
zMhTG?=^Q}ml5Pf&6a<uRq()jo8b(P8=}zhH7+{#;TZry`KhL}OyYGE`?>`=MpfcCB
z*019{Vd=L>otf2VE`v%`u6WfTr9;~O#@7I;a2_dVR@U16{@kNG=|q!XRd;x8x|I1}
zPj%7K3}q-sJ04G5DBfJ}DPI0ACdne|(-GM!H~Y59g{R7GUP$IL_D#FC|Fm97uIr{|
z@9GzX*kJuD+jT5*Cyp5j7S~#$ACUHCDtcTZuzXvUAOufnWZxfCmaXjBe)m=pOc|Je
zFo&Z(Z?M8{M+xltacxE%Hi*K)MwX@%Vo5JOAMRyYi2d0-nf+ztW>?6Sk&eL+*OALs
z4w>t1FtbGyL<NzGy$Q{+-|Fd<re7}$qNBg|k-;0kac*+&^)%$(pi9SV)?38I14-3N
z*z#p6YN*RQ)n4^<TN>8e!dBb%n@b$A8x6GA1=dKNa+sve_ELzRR#QNNrlePVbRQqr
z$ZBh*olStZMGkN;ayPHMxfw$0_<dv8G<VU*;K!>xkX=jYPU=opdsK7XGwbz#dp&@h
z!}>gEvI<`F+WFx}_w3=hl?)k5BP4!#xVR%PL?bT;|B8~Lug{cC7-MiM=m8CX0UKzH
z;UbQjy%tK@LLy)VBSLSMmRdjnySJQQuX`bPxUB?6$@&((kDimUUD@a6c2|(^Gt82-
z^d9XGB!@I#U|JEAs*I_|3XZQ!M6jtuGQQN)TUa+A5iP5)>rQnI0OOO3h*qh{_$P8V
zT4<h(A15QCk3Y2f@gniL*8vKOH>xD)WJb~nQ<n3fm!5XnJY6z^EG5}<%h_fha#e2S
zhVU*x{w`K>^e8d`X=m{&S2tEU7v``v4o1thZaN1wbWzo4R3`8{z3}g#2~hZg6RJv=
zrd~Y<pF$U@I8U;3o)e^+it?d7N`Ac*F5#6~-2^L|79T0uqaIHI8@{b~+`pE-Y_jKe
z7%$Nusx%A<d);l{{Zm#Ce$pT;0s<Qi*ml8TrSVN-e0f(#Yf*Qv`cRPAj58R+eDuw}
zubgDsa7XFhOW#!3$rFo|#mZ-99cx$i4Ixoll{Kb3=pVeW9zs)ODfRMdbOLhMj6!DH
z?r5Vr9p&ft%C6MsmVY&w)iW`&{0n#y*OuQ#)f-m*jO2NEX@qLz&*VV%>YMk=`5cyM
zU=i%;p4LT@gY<CY9zzL8UQ6Eeu1lUf?o#KZjFWTqhIB=zk72iQkHL#Qs-aouDwPhJ
zmiQjTwUfCcFm#!4EBYDNpYC1N)1fjedUJ9*rLchAnW9<^y>vfQg}qM?-A8ZmJ8gNl
z(okS9eaX7?CIflZ#c060*|`#8P?00D?me{ClJR~$e~-p;=1<)6D>-Q!hxUG%mpd(0
zPQ#Y3g~Fj5v2Mqnm~c&Ry}U!|`>fl~!yN&8!U1}FNeNAE`em2bq&IrF*qkZsD!`-F
z7NtZ8=2lwTW3XNu2K%uaCg0<Z&~=2S#vS8h;oKrmvskJGl|MbF!)lJoP~0=}=#gS{
zJKRGQ>bJHCkaN}(xi|$0IRpcYWwDL`t`4WIxrlj9r&r-jn}6^VPby9xzo7{%00jF<
z1OpHunI{KzLG2FUD^PRr{fTzSt^stTz_#*xsonwR7dX?etqVw%7d5$v*|L9D@joX8
zC4~rdlQ3FiReZ|wHj8|y1Ba=XeRSt8OR73Z;S;VC=<0$N-%3m78(Qzu27Ty|i-O|(
zxEa}<de=?uZ;G*d+wEiMd-Ef3qvOri;a8PzSJkv6@D~R~0IsIEF4-Zbd^zWO?-!Hn
z>)egBwe=wv1jI8H(m$I9R=$DnHFZ|$kC>}nN7fTFT8mUvAKp`9CtZ)|=;!)zm4Hk{
zWi5k4c%jVpaCr+P8SiO{ADAC{<=%lZQ{Ht9RdD3iIPXVYG)vv)WM{PZEl4Gztht^r
zSv=$>lef2%t<5UgB)qTg3W$%%osZvW1INoSw#C||bOXApqdB|1)2u67YCf{W5+^tR
zqd1AJTWGX9JDQfyee=L@2O(>u1ZJ`8xKL!e<Vs~?)rSvPj}Eq{zHO)?E<AFTrK|}I
zq2}Ea<}vNRJj`^?Cb8tt{8CwGE4oJx+NBa$yCZv3_C()F(Zkr&LCwrBjH7FoB(+@+
zY2mM;5O&MFpCo!R?2UsjIFI}Dg@8~bmq{gW^q#cibNvt&=eSfZF-S<hvBV_W(%>lW
z+8imTruX^FRP16ouKBUND3W1TZ>?dO02H5j=?33}v3E_}C;Hs;OP~9A$u{=ZcF*$q
z0U0}~aS|n(pLXqwou|%jgZ3qusG5UQY^urp!2-zrzA`#g1eUV6Zl-9H?M%^vt(2Ed
zrJ1s06@`ps7kAbt{MJUxr%Mdj<}6D|_g{B^-<KbFu5rbMcIG~pCAwbfQo3Y=i{hRE
zcEb+)#VaZ1KxM@8BydSYxve5!I>AEvj<QixPfAhFgSE{?T20F+i_$g4T=n~Ev#!_p
zwJqK1m_Y4L21Kgi2N}|dGuG6);V``)6QguR+X!#HF6h&FFm4S}lpqp1<oc!jS89dz
z;&QK7y7>#%G-h<i40liiU>Ya$RrCJDAn3Xz0fwidm%A1rKOzSxKw0?yHrjLffenV(
z1zVzrG4V|zMG@LzKpkAsiGDh%dbkMj^gcF%V|5<vNs8?k5;0j~h6SpiX8ZUffkw{b
zOw`-k1r_jxgdV9L4WzN4?{Y){NlJZ(=)E&!TKpDAI4?oY8ZgkER|1%NE*5OD>rLK%
z@IShF3@1ZCTgqQf!Ds)1;+jHnWB+t@`2<`Ts4TqyTS)|0fzpH}3rN>{^NfvI8H5?P
z<A$rWf~#fFKJ(v1nDU>a4K}qEZuirs^u+}?ZwDV&sb=FVU2TzavQCSlA?`b{sjZvL
zACc{r)7Ys_Gxo95&E9*Sx>PImvZn1p0ga2*k?ywDp+#yn;(<QQ?Ln6E^SAUohK_gc
z9;i6#2v{#&;=nAPp?*Y?U08vc*;-i*5j@)L--z*=k<*<5eRpQ9*!@mV3(CEXnf~go
zouRi0B{}Nu&NL+1=Vm`TXmc`c=a0V*zwQ3ejBU9rbvK$1K6Lfa1!=l28>~;M0ukNC
z%g(u}Hh2>rDX2;VwRxwU12rP}xC%DW2+#A~Q|Ql8ODnDB&?xCVa!TS;p4}QWbBgjE
zi{IGM@vWw*LTOh$e)$_EgSS5@0TiX9uDid!p|Tg>Gy-->jn)&#y3t(#^{V-v!^gqF
z5nLC|@9{&}Z!_gKhKrR-+1^YMSGs+tp~?b-uZxXm20`mj3$&z2Xc#G53lO3=sf6AN
zigIdH)a&EFV#|X|&>iV?m{MJhtX?+ewZQdjdK={bdQ1D$k0zW{#uP#@-&4p?r21A+
z#<g<alu0hCMEdHZqvV{~R*009UWwU5GhG>_k}sgr5$GeB%?rBCUz!H?;CE39l2M$w
ztZSQL^Jz{t^L(?W<0<LaJwGGlSMLk3ol}P9!^ENZa<`r1NT<b3OP{^JeVfX`bc!fG
z7)K1=1_evpmbOQ{W`ohgC4s2BMYhev>eYvjIAlxFtTWVx!*>K^+&Jr7gDE?HfLXvo
zEdqzh{o>lY)fc`7mmCcKvJ?z&JAnf*sv&e~3M8#2Wt5HP1Do$Zm?{qrygIy5<L{ic
z?Bfg!j%)_MG7*r4?+w{>)P5!^waW}sZkuR{jFF?CW>Uy#+u35vfANmuK8xLwI0UcY
z2AD`K?P|P&?DBIvY%y@+f$#Gl7wWR@-vsrGs(0G(+$;2$fk>1c><6+bgqDQn%hO@f
ze8tSdos1k}>incjb<G164*4jbrtCP@>@h??$&GxG+w^s-?b*0IN5n6&bM_z_P@2d+
zyvGl}sRd=xow`CNJ!5xef?#_dqO*L}<%NEJ0h_WTc1&*ur2+_$jN1mStbf=pcIz(<
zl$PdNSlWYG`<%K3)WE{}1tnzHa@62<snW6v&rwbp{L`||4jPP<2EjR-##dn`<6b6x
zIUIEqHWZdeUT0jGXD3!cdBtDOb`t_OJW$`TRM~4ELr(b7z_N4{mavnxISPg272!yp
z9~#9(<CBzwP7C@^rocQS*lHE737>woqKkt<*2Ph0E+~kl8)`>{%)bGv9o@Gln^h>M
z)DoJQ{#mH>@HjrH`okNY@1K+_2uSEvqfhX)Q^s#S`Gb9}dIFo8Q?hI%2TDKls^Kc4
z-a<7D^&V?g1X)MUNjH6(>Zb6DniUN7@)UL$(4DQ$`cysL2pNg=OM#ubRt^ivA`6C1
zRl!XMHu}j&4|%%HCmA+B6EQT7Rm?{>Af~~77KvVSZDE`BWPw%g#;E^~`=0DK6%;%*
zZ!Wf1qiq%aiPtCKI#ELjT=M!eL`s0s!k+Sh^lTp*tdDlgO@~G@NRhGL#+JdQ1a$Tq
zA0=uh@!58h;3b9vzP3k<!Z%=@t&y*K+DeiH`DVy5NHzg|Km%9L6ryGDF-;;&8NVel
z&1|T!3pw?%7w;OyUib#tH{FQpvHi13o;Y}~@Fzt42#0E0oHc|BwqwAI`k1@>_Y=az
zp`ac^+1Agm0>&~PXB}J79(&s6es}>>`^o)sPMR)Mf@N+5ea~bDzf|~jb%_Qye0fO5
z|DJ`*WUWtqHPfSphK8;Hk|q+(%Q|?_)a`uI0VrLb!i(HGR`+P+4=r8TfE)lext)S?
zu?>qTBIhr$S)3Bv6mEZ#)SqPbHEIHuj~w?+wCon`U*?Q2YfIh^8QS7!lwpX$V16#|
zD!e<%rcDB4<bH`<v~eZta_hc|{(jg14IY6I3tliNwi6?vgajQu17FlW90_$y9Bj`c
z2A2zpVU8MmcCB%cB-hNP-sZ3q$R$`HJ@l_a(*SB*#Wy}h&4qKGsRc%Cc4apD$sd2j
zbs{g)lv_GrD`es0v#$y5Y*o-2lsaBZ98dKMnn?-_$X=j@d{ll>X$00Z!qnrsX#Th|
z&tt~3<~J6>UUtupu>zPl63e%}`15dCZ<GJpQPtCkw7W|eNx(Kf36so60jI5J>#tun
z1x3<yyJk+9Il-2Mwg3F0KWI+)cTR9V+WUS3{~w${;ZhLegaiceT$X1$-4IGX31s0Y
zN`OgMi#whpY}_MoNk8hg*xi-{js*O7l(bRNA{rs_$N-Cpa!VMIxX?9F1z^(r{txJ`
zpW-+PmA2`z_f1<U<~rh}Ky}rR*7VI{+S4-w6QiVOp*Bav*|vHB&WMct6#)rc-SK?V
zT<VQcvx9oQVCTQC7@Q2^{j|EZ0RuC!v_it7{H*#5#8iBrL%_=X%TGC_KBs6U`d(fO
zp8F6<e3EM|LnHEUTz|vV>3jenkJ0z03-|yis{h<olUu@z^?^jI9YkYgPEj@L)lnsD
zg6oc#nuJaW5yW-AU;R_L{K<>+vgsWH2QM*sVZr8}W9MUJA8wsQ*qJ<J`7)0C+&+Wy
zV*PbSM&%^=KZuh5>`{9d;v6gKP63c!m$j-mDr){>JDdI^mVe;(U*u-J9WN~G1wcuU
zLcQ>Q-_eFNkQ0IVdr`RH;N9IuR5Gp;R?}zk4EWsIJWA(NKOT^%aNLcQY(!iHcNpv8
zm-729&)`H7Gb`utrOU)c=4n?;g6*Eqy$^yI+;GaUb9vYHW2U22(<j_331*w)qAVsV
z#CQy(rE(0C{}16f<9X-lPb8=Gj*`x&bMI;*w|5Hx+83~bDo>w2f4va}pr83YLjNFi
z2A!a}((Aji;OeG8ibDrjPhio+i0%J6Jo#@we-!{7q1Bth(MBD0FmW)$e%cKJc=&Kn
zU#;IK(g|)wUJ4g|d>{O3>_8s#;U7MNf4up>_^`ouQkB9k0nV9@>Eo4z3-P_8l#LUq
zsBy7tilHKS@++#>8hlq3MCGrs@1*REXZ!nmc{n?Gc;Pr)_;j6Av_4q%jM(#Q?6<0;
zaBH0AqwOBVaWubjAl$nMwFqkt=RKB)X%lc_QrBRYmL@*F+ifUsVgf*SyKvsQ{ubTG
zC&VqXxXTDi@RD++6b+mIl#SEo^1u2szU5?kCSMSr1mh%XDn-r+_GiF~u94@{n%{4k
z3|>qg;kny$f(V7scsJ$vZ_oEHpmehOIEX;5g7yZx%&y$h7hg=~p94ECnE3&0fOqF3
zEs{~>?8!<Kc{_LHA_BVcu5&0$<1zH+6EkK2R6R@Cq^p4Vpik&3*{`nKEsJxCxOaxn
zzk1akC3dtv6w}3d>EMk=2zVf&>#Bc{t^c>x`2&di>*t<jBz)A~0mqfcXDhNd$K>@N
z^76bHkJ&9T)CWHIHek>(XpC1o7ZQ+|p#1$5Uj58DVUp)pLOToEP_i+5WDzXty#n+z
zXTVa7*+^xSy3kf=oudCgboc+jx%(eN^7Fo@0$^`RBu-jAqSDvb@1ml!*4S%qDs~yL
zkmDkS$j9g9!l}nx)-mBsax~8FZAKjeOh665gM~2%+~qM)0M{+R=xp71o8<R<;)^`K
z{}_w{jcctJDDSlW7?58~5ewQDK7Wgd#dFmK)m7g>+oO_6a$CmB@qawazkgEs+pn_-
zNL+RnB$}JaI|1s05%#ED{-bRZwL{k%!UrGko4Tjz*7-WW@a@LC1HjUswEvJs^oCyt
z0K^ZoLofbzPTq9M6t{F!bb0^ctp1hg{Z%|~T;uEW2?%49`RIj5Adj{;H=55&c*?$0
zuYjmw;f=d*D#;)fo@NE9mIgRQ$%sUgOmUm)JlnGYtkO9V@$5tTX&ouW#rN<@w2~wM
zs?_QGUd8`(-v7-V|Gx(#disBYFUBtcpsB|T`#(kQe4aBMyZZiKik2jK=%?EHnVDF<
z+w*rM0q%T;b?`#`lRLk!f{PKnapO%o-2bZx{_%#Va*6*0IBlZW#aaNun@d1dU-vd7
zX3@rINzqYy=L}2XZ{hXa0P1<U1E2fv=-lbQX*<CqzA1uFLO*@om>mES^Sr#8o>t|V
z8BdSr_eT<RgaI@GiSx5RAld&}K!8y7C`Etr_I_{uxzV&gCleOh(m?@6!oQse!<J%u
z5CIKIAgRsk;ajY~FFyL(^D9I}nxPbbnb!M@iTIbVBz$5<6GN0d@BvIaQ|ZSqAHo*B
z_jy$urKP3n6x%Hx-lqQj+xcz-dq=P7|BnFR-^=yyxBL0w>mr!3y>z)w_Y&jd%Vad1
zNF6j78U(yujPk_#ui7$-dljW;sa8av@csT0M+u;0Rc$0rr^8x*71@9L*&_njC9J5|
zMWQ!8Xhg89)FKWs;La+Z)6Y-<Ci{I7pZ}lg9V4)7^>+x<{tAlrKg`zul$n#i@_c<_
zu$cg-(+&1fsNIYPkj-B-P0>R0)Bx0yLV)q9`_e7O-!D+c1VnSq=CR~|Bbq0;74WCu
z&iQ|<#VCl^079z(z-*yz!!!3>Qt~a2u3jFFK8xHzD~sGvE3?Y`mhf=ob@?@~_dO0I
z+k;Q|tsE~<Pn5<KVlf{IOI)8c5n`4ZnPM2b<jxHI3?(|9qwx1|#@^8Ps{hY|_m68O
z^8LDaTl%tn^pDv4S4vtRXkH{TcX<04ae&t<4vrW=eHpRNYaU1`)GYmAww(19l_-Bx
z@J?nw;H9nY_HF(`3s!1q)tFUGfIAM~dEaxV-<(MFyn|Nmt_b6Q^B~?|GdZPKdJqt$
ze0TTIR2$Aaml>orOV^k{DNd)eFn$GerbK_yM)mggZqSfyM<Ttp2G*WRI9+-;Nwr(X
zRCu*>a{Xy%7e~?~RyJ@h;-86bo}LR2&eFlOn(sec(7#lY|Mf#N{1clMC-ULR$8)~l
zx)&z3ou2k?_YMHjmiGxb)u1SDLuE%@y&6^rdF+hg6d;Amf8wU)C?`;5aGQFFPlfPG
zdEx@o<7a$>r?N?OA3O*NXjS}mI_*DMaeN#^HWzn1Q^WI!^>o8}o!L{@8uO#7d~v6d
z(()YY#03)cuEyDj1!Vd9@NIUscwTdnmEIwFtXp>)(mpo3_-S6wOiJtzN5((y|KEQI
zc>2?plyPpySrME&DI+7(K)6ykONMn~Y@`81x-9~EkF>%<GB~d0;b3z^4?pdG83Pan
zLDlOp$CRWqLPWnq2!EEdyGH@WADK^wfd7-JI=O{glK`dlMiMJvR{~$0l^M^|V|XE{
zrTnW8HOqR;yD0?`PAS2PMK}JPy1~zxB$#vf1o+oZuP;UTu^>F<!^6A(jq-;9<qzt}
zO#bEhUWEimOu-Bq%_JoxF78A}XFtBl>MEk%o>V*JjP++pKtY_sgK38i#->XX7MMI}
zFPoj(tok6JeDyhxub=yqc>MdL{jC<Ep(kG~_XRW~Qhqff%Jo?10RkT0C6aBW^02J|
z6UwMz7EK)jC3a-|Te6X7PFt&px(ia>iDP{W`MCp~?^7FUhix5q9r+8bw7)w79rX5o
zlW_Xm<>`|Xq4I2JZvK6G3=fZ6pw#Lri<?gHOi?#wD>^z+D6sp50<KSh4=44r@>VUH
z?O_&}Ged&fted1HKh5*Kf*hP;UCgl&3R{G`w|KUx#Qn*Inzif;csWdm7m3cCJA3*t
z+;re!xLGdy{9F6}e`vuSb`Wt-E9?SGyii+znT#<b9h?gR3`H@^syWmH&gE7>o?N?l
zU(5Xa18fCDU}WAyVKiYvDA*q~OIzwg1T3cFiUqU~kuhP*<`zQ}NkY~qq|s1|j~@oH
zjE5I>2=F|ApA^%{NkQ=O{)>mZ_v_&>lH_M}r`XY%@qzcG5orQG0@(@Y$>&n%*I1r5
z5X^41+MqnAZI{2A-(@dvTvjamp5%^ReSpQx6CYwaMpo>bKa;3kFq%kl@miaw{(pIU
zfa@`=qb*t_lZC|-1Q6pTokg*_@>5^^q@H&-Q<bj&*z;GdFe-Vr*|Mg=V!4K^h-klY
zjef*M?^A6E73-6UTnlp6ORH|{k)3GN%6l})?m7I67apDFL@7^!_fAnhbN8>PO#i{Z
zo;``n_T$f=gnSjn>dno<XC1xf087lOV!QT55~sttAuTB>xd07&>eL#`)r@ssgJyN)
zCrO$K=Sdt5=JNhD|8`%JCYzptiM`7=$!qIF9Y3FP)ZCIi$zo(1QdR%9FZMh~cOvGj
z>cGD#MMuYLDtINuy_aQSu@voiIkieYj~FK;i}LvrTNb8_aqrD<T#ipr@ttk0^fQ6&
zq)gQ4P^yVv>M4cVUM<n^6^Xt<OlW_)SX>|AVd7Dr>3IF`2Y{isewhHV6B9r{GOusY
zNoiR{1Dg5hkxM-y17sQIF2OwsBBee#tAQV28Ao^y-a&Pb94w?Vb}82hZW8{#I|;4m
z=-<YjQ@Sl7aA9!sYl~~)6S|6-_#?#{QO>OAcO7)jUEAtte`(v{zp7X=<6vw5rM$#S
z@n--@xzTDYS@H36JknQaz=Oj<cJB9y#GIVS(B<oYpO@-&EC^P)g-COL#YfU9cUqn$
ziDhPHuK5IrUAog%9GuP!8^0rYphKGuck&OWY0c|x%7;9Yd%!MP?rp?9YORmTy(`(*
zvMwL9H8Choo>C8e@F0a_WO;afKp5<_>gbT3roT-@AP=Q_Np$&drMkajMm~;{G$6@D
zsp1SiiD4JO)EpxqX(jt1W>XRMQGh9d4*LajLq@wQN|LNyW_6vN)fDx0lB9SB{ib*=
zpM4n8znlIVdnZeqh44yZbq9G{A_<$a<{EGAHnuuqu>)z5HipjHpYl=n<l??gy>g14
z?oWQU?@WNo0W<mE4)||z|MH*CpfU&orr){$ns)T}K9y{13lkd+`HC`iA(%N0`C*-=
zgeWCeNK)&CL(fE|*__i}17j9*hI2_{bCd(&Y`dFxVK5o7_6-8#g1US_yOMZK@3*^4
zJh|DLSK)v1!rwma|KjvQpZ${c6FN<hfycNuQi+5FIPYp{2|~V@D0;VNMys4R3}8v1
zr7cZ(VD|7~X%Wqk0VaN{oF(1Oc+pK>X4Q;@Bjpyz!D_vq{q`#-IU+YFS;ODYB<|e!
zWx6MSMfml1BvaaghQecGP3E}e^M&_5L=WfPNzh<{<c>RrtIG~%u3xPbN>`G|QeuGQ
z9xpQs?sd!Rbp%?F;ggI#7oqrNb3BbsDjG&nZ;t+Vz4PA(JH&Ayo!QKU15bNmtCQkl
zWPz<7zew`12jF_9#Tw3~AHb-S>55QR&+Db~(QiAccQ17f%ZM)qL?r}J><R<iWn&%c
zQ%OdgNOHU$;mUuq!v8dpe1g9u*;(mVh}ADC8~Kw5l)u!~V*zA%cnL%1)7h%<gM+ga
ziIdXNgP673z58#4cedwJclI5DTefjZK4rS}Gy>^psL^c5pMu%Hf8~G1*T2YplC}XY
z#c%s7Jrggw$S!UBC}R5{!dhXv_0o$P0c?b$o%LB(ZD#V^(bv(#(&MX0p0@s0IWk1W
z{0w63LU0el^y)!_&<C;bgV`sCi}^3zC+#UWqK(AybWf#Y^F%r}OK@lZeh3sl{!2zN
zr&XdDSA#>USpL5Brut2ez#fMAIYRX}l%)ppVcd_r)=EdXQ*BtXUbLs!_TF|c!g759
zd-f|J#Xf%}`}6@G`T`}Hx$#B^|99f}pCgQ~#(<=;eqS;Bv=}7FXkgIxF+7}iRAzSc
zXRWJk2Pqz|$;MI3!KdfgJL=V&%wOVvn(@!E<VwECWp!Ev=4Pj7j{d9@0`49vv`@!1
zN&yII*shtK9>L5xoUF4SNX$I1{AYFjqsa)!FNG;RO^F#TXSlgl`_hX!B<{1$r?+(w
zc5Vc@eM=egbwF0)->*p_!c-kF3kr?Le3I`VsufK*-+!tV)|Y@CYi8N|`iE@uKMSj8
zPuMRlQTY{*>gCS7;-|y@Af+Mc>DH8;rOH{-b}!`X6J&zAZLHEQ@z}_HHY%BXL&N^`
z3Mc1dHeRZX2Vr$`LuPRS_}*OHH*R{Lo<V)siRJ1!AO81=wO=3p@=10lK8aOYS~ib`
z(ONbo2pEpY*d+_rc^xIx(aVO#tk{Fad8p4oT~xf2ptLbl6-VOxDCHbM>5dFwI)k`t
zPftQt23&%*i8^8S-?taCq@Zrzh{ym<lJ`CV((c*@{OQgN(mATP$p!6fbSq{*cnNPm
ztEHpw!lf_mnxk$i&-pAh`=WedHBaBwnB3LPgAxAP13ONt=3IRS46XhDv>kW6xWHQ5
zi{3N|g)FrqM!=caoqyY5by&i5ATRwU&v+X3Bm4c;z`5TgO+m(t4ky11nK*+v?gGb;
zcbtz7g>5I4d{`_KS4>{Y-wq^+!oK!*mJTuFpVuWMPhEzv-@<zr9~qUZCR(Jjf(TE)
zV1zo`e!mc}w*EUG9oa8!I>~9zKl|@<T2Mk@21GHsifPZfLX|231nyE_ws>28z^Q=e
zg_hs6VP;@xsOBm#`gSMwz|5Fc?M_sV4#S<9cZ>sMk-GUD<KhZJ0=EX<V2qs<=uE6^
zu9dqq7Gkzk$obbs9pY(R-5;$A-iYD5R$H%=cI~v7O(X{{omh_Y`Gdc23Kr#l+LAMt
zSd2yHRc)~zu2m}S44Wz#&C9~`{Q=!f3K_stTOGDrDC$t|WXlf<kw`xcBi|vcITh}a
z{~+#x6d~%x*a*AR8ql-7tp{6oy4d6*lGP1oBS>2kNnq}9*w^BA0XLgvjlj+;<fNgS
z%EwmW>T<(k;)SxIu@n`$V_w}hQ*QLw^i?!SRhvn@g#VFegCyX;&a-75bf?Oq8Woy}
z(?5wc*%!Y=+mARylq&93^X)MVmz!SrVmZ+NAb7wN+{MBPO?q@}?9w>EK5M(lP*lx;
zE#EGK2}ZESi_+7g<>J3Tf*&k1V-7>2lhoMzSZ6+Nv+5I&JH?3wXel^!1!J&Nbvg$&
zu{s0-jOXd!ygqf-j>N!WISzXi{ujyz|J8N@GwwU}BpjJwpEFT;IGB25ad!ZL9}+m>
z6q^sMbrx5Fvi02rqT{=BZFd2YQP$19_<ir_jPmCDJ}k#@3Q^=8zYyXdsx?X4<UN8#
z2vG<KBC3=91x`=2>cm-T&j%j;(@*|KU;3Eobp<{NjOtOaWCUj_ZLHz)qY_IJ8uAgB
zNLoXHnRHTMyt+M?(F2l-YYW^3&+2R?TNM1K9Sg&+kCWu*#w0B%{*aoLeC47#TCvQR
zd$`KXq2Us3uU>U0_PX=!<uj`qwsPOui9v<sujwDCu>7~_-%s0Xpb2)Ek<(%DBi30x
zzpF*%AKt%TAtSoQ$wXZ}nX6#KE?+*cHbOABO;z9C_1Iwe*eWozfdSMKh_C+6vP9p3
zLW^kbnOA?mMtugy3pkRGa=7>;BHLD#Dl)V2F+wBmtn<QASJOskIUVBQnmyDbhj`Tc
z6_(E^!@2IrM`Y4X>YR>~JnqE@#k1Z^j~oBK)4X*HKi&d#{FJf=5^tQ84DF1;3cbWp
zYg@Do%de#TPlYG<Fvz6FPbCCFPdV?yPTwWx5&HU1ZfkO`cbmxs@7BwI25$e+YZ9FV
zFe~>!4s}=ded7xnlKHop@qmDUj9I!(Dfu#K4c$9t7Kb#axgbZT;4UmfNcX15i12W#
zH(fxM^p*by*PPX|W3r^5za?+420wjs&=Yn(WS5kZxpJNH?q?iw`?M;<2Ze>LT_fVW
z)pCCBHz@lXMWJVFafDAPQawL``f<{ySHaSMUq>JRyaU3NRXIHHN4X<umUqBS(A1SG
zB4?ayfyG|Z;`RBkb$u&q^wXRTkZbDS#Y(e>k~cnlYU%y#L3B!fc#HMq$XR3P75<AO
z=aaZ4?;YTFxDz2RU<AesDhSE0>ZZ^#cJSK%s&Hi0SIy=p<JgJK&hD@zG+b}@Q@)y(
zsv)G3;di7|O9X^cuU7W-`$9mSHl%6j_M`ve>o@2_nSrMf7C}t9Z(M!=LIfaf?9wv~
zCq1f+v_ThXMOPqgfm=+_Fq?(|;c!RCAEKaQn0NQ#iX|x3>Yk<h4JfO4BIt^D#WVhe
zpoik(?<@?(0XC)^I)KOYQKn_m_}NMP4d1V%Dw-06_uc9r6fw}cJ-eyLb%x-7`nbpK
zOwX&GubA|dRNu4h$&k6{+`AEPS!^(wX@Rt7Ml^u_jb)3o*-87$?K}zlq1fHQlUhG1
zBgjiKNTwz<yU4HEvKl5pTx8o|l^Vfu{V@njp`$T>e?f+<my)2)ZT0nE*SP~^lN~pw
zY-g2J6at7D7PBG9<SUf@O#H-D{}}pteEnh&)qUTVa2D$4we1O&3q$SHIJMV)UhzEK
z%}<|`EB^e$Y|;zwp3R&_37Y6M+YPnBuSa79$7ko`V?7v74vPqe^CQVfVt08U>S<dN
zG-R$VkreiZD$+e`WPRhcjjJs_37vFMlSGyPWBZS12oTT<gKIf|BAZ)EmQS77c!Q8A
zQ7}EWFehgFYD|&e-Ldj6_Y{obvV@|(NqsWWwO^^;SA~;KhH=LEm;|e*`dRYRt}%5d
zeg6rtwQ#F+LjqD=OhXE43Qq;BruaD2w&eFk{jb^J06cXB0cRPPQ8^U5k83_w!LZ;C
zl0`Pp;V;Y2BUlX;h6?o;Hzw<LP*8Y}oasP!65OKXX@h+@ezD0|BnXd~Y$lM$XY5wH
zW5BTfjr8uRD2_GQcoA}?uyrx0B_h*y@h;#J5E{OnH$m&Z?^$Aw=1r-U&WH2Psyv#f
z;;)qK`@Baj;OHTQHWM3kWV|LF0*lZBBh38h6%%Wl)_%CrZU{6>Oa6E_1w)pJ8O8ow
z9&9dj$3S+PXer+?au+0Zpa~!q{#nYoPr>?iy4|un@rp`M!ArF#t%3c)vG>C=^%^Aa
zqM^s5qF}|b$XtF?=(s}=CBVO&!&*|Z=m}PzGG<$$U2kyur+-Woy9%vm2Rh{Puq8=c
zsOLeIPPnIkF;(tqPk4kItb`Zc4@(GKev$bhUD2Kn4o033pGq3Sxi&W@>9<nx_1mzx
z7mVhDR?eO!&2WcgX~ngKb7nu7U4Ne{Zj`_`LGN_zA5LpnWjY|MUcN<%Eaa@(xZS1A
zF;Ct|37-8U^Z|x0(ewD+N)PV!<CDRSx1>o+l{3x<mq<S;Z{b<HO*c-6xHG?4_9FO{
zRkj|*rV?COFE~#tzt;i9h{kjFg1HZ+ib>x%S9w*<S`@c7=v?YP<WT9|ts7|Dl8a1;
zY>Eyel-w*G{@zh}-?YCon7X~`bB+^0wYnYp$bp7myedkO2!#bhW`{SAhYXW^U1>v5
zXqTK;l>s@~YIsA%@#y+136Cqi$MA@i42)qn_FW?y1s4x18j$tDins?0K<Dtd6P1Gs
z3kyFPhOAvfHI%1YcEj~Jcxd)C%)gdEfh8_N(*X{n<0}8XNMgqJ*0yBcaYw<sx+!;A
zRXhvB5l6G(h!y?t>}UFtEfD@HYjVZP)NPlQTM2wsZ-UoHq}7hyCDb%(lBfM{Q{or!
zJOiAa(#5H7xPF<%lcGaMlF{t?y$MQ7v&SI-%Op%c4bd}Nep9x{pV|Fmt<PdXQ!HAP
zJAPq*bGo-sY}>z^{)O4ado^eplhOUPWFOi1jZ1DU0(rV;LF-pFXmI9ZhVU6J`ddra
zxSwI(N6T82?056f;DnrcBfAY?SI#Tw(*-?mU67}5I5TAOB_<V4YjVh?lx6F?;_YI!
z5*=DHg(W2pNlj?}!kK)5)-|+UU^~admfb?D?5A5S6mIcVh*ZZJ6BnLOn8xC=;(m-l
z!It`WA69BL>Si=q0_0bZC$@8HLw4^YV}${WX~EM?*OAsejkG<~>HrL%t1eJ-_l+BR
zHKzC{2DNjm+(HjZ_@daPPyKF31X~nr-0v!NhMdqr^tiK41<dgtFW4x3f;l8inQ91Z
zez3E@3F*qRR2e3_xxS5T79muq^Sxqj-h&G$zeN)GOM2e8E^p3RstY0D8A@y;HZc>P
zWMJ*o5-C{cP<8m$81wGN!xm*#MAXNAgscpG;xMmzATc9gJ<)O}x+d}P&3QsPnxj$;
zu;WixpFnA3q8@ww(r`mSI4we})Pnj7?Spzq92Rq-TTRJ}!1SPev!-l<{mPbS!c<3z
zy;EKoY`n@UVncgus~PcX-wQQSDoCj6F`CvaBE<bMvAHW%ZKt^~WHG^EoQxJt)$M?%
zHJ_P~<a~Iu9BjrUM+;0$reT(pCYKI}DjjI;j3yeHH5AY?J(M?T5%q78TAQxx^XMi(
zyyA7KXtkTJjoLH*HCBsV=(^+2Z;XmHRhSFBW0iJSSjzsWKnOVs;$SGVpjfa3B{Xly
zEExE)>vza>a5i>iFG&JD(281Dn7)kZXi@lh{2b+7W3X#NA?Q2<zwmQ2R^nKKOF_>V
zI`VT4OVVb~JGsdTC61$$2IYqj+x5$QlD}%~bJ+Mab@Kj)lXi3uA3_1)B^Ni-0I}Ig
zx!1EN1O&G;;q-xGO_BgXd||UGPQm9bDds8|;e=8>G@&02JU9m?wlj4KJRURShy{|7
z+<xn+n58IjbG1Hzq}T;z(UJs#lCtkih|5R`9r|a;%3O&c-E(@JET1~E$Vtc79tFv#
z@~7o?{dA$ckufl_`mnQnK2b{G#_^8Ao&pK0)a&CHciP<5>W5PeEdf}C2P73Rl*(g|
z4xW)4|46(aIPT_<2nkl_uExr=h7`XPQm+;5nO33dv#iswh`3EUj-8Ey84Y%RGg0Yv
zuQo$IESSjlyhef^(ojdpCSZp1RyH~05=X;96N7eJRS22rx@BCkm6iQ!2<$gA$i#0H
zc3fSStm-(<AcP8Ep%^v0&!+Pznu~k<NT$`$(k^$Tm|WZ7cw7Cu-kNaAYFK#q%rsFB
zjm)y##c5YOAJvC_-T_O`v4dsr8{fHf^`lkOj`$$FwW9hWzR_MrdHcf?70g%*pMVvm
zG|LHhAv*r~j@2a1@()LA&{l6gZZSs+|5xBbh$Y9Hth(KIvuq(g)ERqm8K}1s?A!83
zbrI!LJ#xk^;S!T6y2!Jhj!Ezpt8z=^S;b<b_sQbdWTS7aqfn|*`FXVXBySS$BHFI<
z4!}|dkjChaG|X}z8pUGcW#XH73FFrxG~zQD$OsX@EEa}Dwb<n!NADzg7cwaCu~CkW
z!WGpa?$cWCcbd-V-Ujn6@l4uHy1IHF_M_el1-?*Fpp)LA;MzKE5u7>u2q%D1x@tD^
zsVzznB}s?7Jy^)#vXl*gslL8U8N2vFq}K6qNlx@#Y1m+8lM>T~de8`I))Bk`6g@F5
zJHPzt+W4J}8Yxn0W+e77d$fQ3$_j@Sz-F{IsnBtv8>PfK+BNk&!ZW+DRn0=jU(UBU
z_zlw<$G<R~dm#b%$Gbda7F7@3V&hp)RxNBhs!=_=1272Q19oMqPNbzrDPhktaJpm<
z$Ve1a)T02e`txlj_3y^79VZOglsjjd^VL&tTE@{JEzZD7fwVE~MK_^Z<>|#QalgY{
zuW{xNv%}E*IEXHuh#&6gc}~i_k>r@rYH4elddxrVLu5E&f1F9=WYPyfnXDAcqlYK5
z9cZ~%$II{L%fOGoMtplHjlqGcMcL%j3e4UkpLYkdSWu)Q9$zPWMNXBDB-c`m8+KS=
z7W*ck`snpzD02D>8Rh!+@q2NabV|#X#HW$fE*7LTDJzjL)x^yaslmMPo-MG4`(!u2
zTA5}GY?B%{YV_!%{RBO=?GI)Zkyty$ve$Iw@XoK;THK$O?vB#S>s8xX3gfN^M_Y=N
zIf1T+i~XSfq&r3URNHkE?+{zL-fPhTml0qrjNU#7qj_?Pz-5Sl0|rl*ii)(qJMvNF
zJl<dqVVkVutp1d7>Kl#=ge!zU^92~K4<PR-*}@nv%IiGbbhjPSk3z4BfnbLr4+&zS
zm8j}Wt^%u<ljYbovkrievXZ8@-j)V7I;E@R$dltJ?j={QnMohii{k*yAQIQ7U2@Re
zUA74eFt_}OwTsXOXg~|a|I~nTw;UHIz+~{rNM+!9hwt)?xSpAU!PE2l1{qD=Ro<*@
z<MR_TQ@HQ^8vH1#jsWq%&g6wa++mSrxSBY4u#0MtO?P;R{=w2AP_r2pE6EjG8w>;R
zjU~s@!$|EacoH#F#=G|qtB*fR#}wXsweY$nj+bzCs3<CNb(EWx=W5Je(qMALlY&AR
zWa0-#T+XtBW_^pk0ARR-&d@`-s^C-t5@2aSb9unyJ?-yIWboRvd%7tU(Yj=Sd*B@r
zW3{aLa7k28MJ-T|n;&fIc8m{hNw<~nhKI2$3_uCnE>rX-VGq!j(CxMAb@z(t;79s5
z<N{E^(Qioz@CUDPt)3`Au*n7&8MNviR)3P3GlU3gjsO5yUEkhZzz`Rk4|p#1=d#tQ
z+8!0mW}AmCPXumZf&|OIY2))l(NujoY6`wb`_mzMo%=qYY*%8bkbQf8v=)pF%v9LL
ztyxg$3(J)km{8ucY0OyVg{%xz<6Wh`8{MCO%rL_pH`syu87#hp%|ipd4pGZ8=)Ki#
zw)Mkh%Vcp{7foL`CQ+@5{jZRe3zV+od&^J{R+aX|;XQM@51O|!<Q*#Nw~j3L7N&(C
z+rPPIwg35Juy^t1+`8C-h~E_iK#`Gzbh)8-u0~t$XT(u-)`i>)bDir*61OqvxTKMw
z-AC&pTZ3M6dF2GM4#9VBlLw#m<3zcxF%DlOc}wukX~G>B>=K%Nv<EvXIC*kzIwj&E
z7WK9IOdx1j8~zf<?_fe3TKux9-Bx~e_^#_=apumXAMJjFJc_oIh9t=?j}0(YNzFBD
z)8#6ZK*7YQZEJ363ub%nNBYjgB1}u^2pDDzmfWe69?7?0-+3{pYl1X(=53-~zc;xL
zWAhFO;e`vw9`p<+8O?mx-F$FR%mE#rhk-HJ%t?;YXEi+y7qr=>>xp9@mn}2dE-kFT
zYX}nQg1#LL|2cOkwR6a8ejHN*&o%VzL0Os}DmXo2+NB-0S$DIYPjHZkZxw@eF3T?w
zyjX{5h8iD-XroR9vFBe4qIbYz?aQgS9)w8r!hM~YQ%>(QIQHkJ7^JJ_Vh_9Pa9zGl
z8z*Bi4v#>#_HpM%Z_ZF^cW;m_H+A3W*TqkcOmZUDXljS&4Q~zocRzHC;1c#@D|B%;
zJ%%Ui{8p|;?Kfno77$OFZal1c(rYp1(x@4|(C=>dJRYk&nd^s0<y0z6JIacw-u>+N
z_BnOX3O4}HzgujI;+$IKgdmSDNs{5p7$!QAt&UXsVGoxfv5z1;D;{dr)*KbGm%X;b
z%K%OWsdkqC9sq`~N?c8wO=3@7uhB@C-bK&Kt`j#%b(WZq0F2*zNVlqQu+?p=&8=Nt
zSZmdc?~f$Mn&?VFce@)aPIDimAPjqo3SgU<?(@UPaoE8-RRd<p`mK?8r0Ko6E*Cd{
zo`nRGK~gkvjvB}Z(zmk+<nB3bzg=E{sk4-EXjO=k&Z6C>0wT8#TZqS{8LRo}7NRx)
zBl4BLY=;<W)Z$w?bHw*xKTHj-Rr!n0I!`E2-L2Lw<$%hUAjF>@*P4|jFMYo0l}n0R
zxi!N(_+o<xpZ2-3YHZvCH}94Jm$}4hmw*e25OVEc6Rp>DO1aJts0Ch!V##pF*59IO
zUEW;&vZ1p<s-n%X#p?26;fsiDbpgzAv3%3lEaXLN6kHev$0&U=qgu~~9jjN&e2_Bl
z!ElJC@EF$USIXhVjw078mMuW;8oOh%2NK$Vq$fTEq$x^M+6_3pah4X(qF`1&RY{oJ
zRhu#-uDkQ!MPz6*wq{${6wYm%C>E>AFB+qoXx%q_vLk-f65zR9zf@AcjU{c%h^Nv%
zfxhc32)k!>z?9UvoG*8g3q@h&F1RU5aI;2rly(9n1d!mxT}$<v4x-je@Ecam3{l@Z
zK@p@UdS3hjJ|~BSrg<z4Qrjq9((pN8mPnsBCR^ND9ti~1?sV~hmI{?s-ux8@el9&d
zB<If<sGNV}++bj1_<qocUWecaw~^rI<ebbh1OpRO>-<Hz>Ky?4@TReJt@F`#`Pf~s
zY-1YkUow_>Y_S4g*_^W-vm21A^u0_Y>RK&U;rIjEZLK8Gv$cIu&WD6i_5+RnLD|86
zE&=kw<r~q|H70$m6iiiQz8a(bNr@1boP_~+@=pJEg)qXK0-+Bq$J4|&UB^syZ&Nzv
zZw$LMB@EG)R6WqQ{<`~$pNmp9+A+eYvefJ#?bR-@FK-{D96ySr7_<SKev7N#F`CSB
zMg7&{a%%3M7r)NRu7<d4Lo`3%GNXJhwd5Qj*!j8Xv*Z+}T=T$8?#LB+v|0)?t|3xX
zhdO>HtA7wzoHSMgjVXp#TOieAL<@5X9yz0yCO;j2>viwhadp+MhFfV{B*Nm`Uv(Wg
zfSlw(_WRVQfkG*T!iv>N!=<L?lufG#*>|UhIQJ>0ut<9Gt34G-16?f<6Zn=DPHyW-
zNp2-xHTzRG5u#Y<KKLsWWE_?j(hh~*@TIgEhfW`0+x<+{YlP=Auzb1h7`|$FX5qoW
z&JoWl)R0oo?U;KNt{c}k<(ou4kfgG^UUIBWjU?aA-?H8^9mevQAFG?&9b(O8)@?_2
z4qkS{Ex+{rz>LKDsf;XD{5*PknbzddhzI#JAtQ$AWAJ@q^zM#DBCYl)Jp78qIIN0!
zV&_O@PrL>4yXa|jUhS~c%SSH31fr_wDg%nX$wmcw8EOe17QuwJl<&ezfUv1hcuDu(
zFK7HU^BEW*(=$e=hHU=)X=m*r4T%yY+tO(y6{f0{;?liM$Ug3HjBDKj5v*1>w3H0f
zPI!j&H-45wK$yazUEJBBAerM6z__=)smT_6j3sL7=<%0H+{q%!H2*?V18W+Ny`P=_
zxtSsWaWPK7__o_|HRhfPp}?TGMfq&M$6?R5+TLbU`0Xlrb@IM~NqZgX4v02nj<Km@
zZ{U;s8}%<1Orl<5yLFqnMTpc*$h#s^rb45z)_I=`G)_z10Pqmqokd#t<Xg$qXuivf
zGuskd{04up02-I`yO@L@o0Qrvk4p`zYOU#YXeqxpu39NA>XT4ycpFh~OEN@rOW3XN
zq5IJ});k$IGnsmRgp^Zh{{B<3n#U$OhaN<9Teq^dv{T93&@U7wK9h!93)EOp_#2}D
zKxH~pSP#=yxe7v-`lgU+|D&Dp%5BV4w8a9AU5--$bL=Cu2uBufz=g(yaU=+6?}WU=
zQ}nq+x+kO7IP3P=k$dd*^gH)~54#jgfFkcYv0tIw1o_%gzyL<7bW>4%{#!R&Ue$}(
zDr^+Y3=z;P_|)~5fX9Ynhsm#8PsM%#83M(6J0=<u{BYvGpGb309S7PoJ+Rs@s8F-r
zKC**#SzoG5Em>1S|6oHWTn&mI>`3uH&pW|BBpV|TpzI%VeuZo-TdXus%WT9mK2Nt!
zqoL?09gGa%p^^zVwwJ74g{6hD8OF=UIPb2pA>OsOw4`*Uj>=4%TVpE=kmdV)sqUD=
zE#~uA7vzw~Yfz<vUA|rO{DWmD@xnE+gO@N@3HNyG9V4>cg>fa<XT@XrMiv@bgl{6*
z)r1v#UL5Ud@JcVqbu2F$s!O~l_5&O_p$2W=*Bl3?9jj@s=%#QM774)z-FrOM`mh9G
z9*BGnxm{8QL9WAL58RHOpE#Q7cZ9AOR~dG!l_<RscV$+(1$PHsOD4=wk6ek>&f^3%
zcEEO~9p)F?vi!JIB)91CW`v6N2ik{OT$q7kjM*0URX29G0+YoPU@Mro2cQI&4tbo8
zU*wDmAQjb1k^ILxwW4-Gnos9tsd0u=8RsGMLyFS0ZHZ1{_2LnSwHP?NY}HP;^WDL`
z<BlC{!_By1pxaG>+j8@>w$-jamlSJ`;I#b(WfBF6JT4C~1;#HQM?!P8mQiO-1tunj
z_<FV;5|-{Z8SgGP86V>!<{N&QjE<7p98CV!YhWCXQ(CNBI|7$G0uOl?k%s3PcROgc
z#Ve@D6v}9c+RyJa6k`mBv3=%~yG%*0v3XTXtT(BegYf!yWJ_g|po|!lvc}jBZEQcX
z@BDb48c$4x?JA>#`Eap>YufM#CxsI?RtFRcO~Y}~O3tMngpf6;*_#m*Ii!VG@Oa3b
z>4;b?`nzU4JAj4$I4h6`CXi#eHG<O9L6~mi{p{@T$?Eot_3F{zVL@MvN7@Hinzak}
z^?e0Z`uL7r7ptYHeYBchftof6!9{}W-yx~1qve6v>xuUzFLk)B;ECJWV>v`Q-}nr?
zd!0zg7p8iNL}qm!BIdHQA_JJ(LYt5-D4Ij`Ix_A1TuxEe{(iyN?-mr$zJl6-5bD;H
zvC6&9e55(i;?~=%McZx%h0jvp$eOcndgtS9@|clPa=rC9bbCVf!nUj`*N;FUk70ER
zN}}x)Q**c^HSr+daZ@k#uI;v7UUvoNzM#A8#1rXKWsnCN<GADv6&n|A2t>e~Ij5dL
zwY~b1#tW>Z9fbt!SIRaXY>=!%Uq5yv%zf;7^%DaJM?@s&!83D7LR!F8TReJo?uy?d
zPJpcD)*U!*zqF-k2y@mBKw#W`%LY4r9wy<3m|6}xYEGLqRqwpbNqSui`qQC{yZM9^
zRtEx)G1+{6))%czcDJ*no-p_oF_+7&YrDU>MAe?~Ou#&cxM=IlHtmx&WET<RI9&$1
zY^`D?^WG4Rw&RirnFRkeMr(cq3ev~jZd`5wKgKxdbx<#<zj}f?KWT-MoRs(=Ru>QV
zySnO@P~<wcg;C)EHLKkKN;M;MEqAhUQ-pNPt1ElvP1D%)OAx>)ydkT^mt!bHI&o+k
zJ06>)GUD8X8Z3CZ;Ic`jD8-(4{Ct+}QE&d5)f!+$uALq|V|C>y)7}NU+_wp{l{Yt;
z_?TK{z<aSH2XnZ$IjYQbliwWaWQ-)orGG!1FK37D*RX6MG+W`@C4<3KvhA-H?C02J
zBXEabvjRYq$<HKAvd<xOm*)+I%hGM;=NG&PAmLq+oLZ8`!uad9+=9nrgA*wYVYa*X
z2c9W7-OBFABmZt_4Z0^r9f{TT>sQt<zRy+q+;p*OZaqATe3sX8+-nKulFJ^8kdk$p
zzMr&_Hm)B<;_`}3z1UyC(Dw@UZ2`w)ieBlSLxr160~H?pc1!FdcaG%M*0lvO0;JiF
z+Q&~tqE!*?4O`>iOE?b}=r_N(WhD(AZqrdHJaky?7jaC0!kn$vx~erin1^;SQdgw6
zU0m{S)rul<gLUX5Yem=SZ*aX%<{Q|0*1AtG;O<LGJl@+Ou*?oSK8uq0{5odD<4|wd
z{ec_&t`i&uOp{H3?U)G^whr=jIVbPZWA!Pa=c=wmje%OnZ!$3%i$k0}C`h{q2MBLi
zb4Oqe(CDTf;i&|jdjGCM8qggQHCH!8k$>8f?ttxu*R3ZlrItNkPqN3rGf)r(^uy{A
zECd8HN`w~fBVX2;4F<{v<-6C$D!Th~HC&CSKw$GUI@0n5T(hRa-7z8QitHLJzVUZp
z(@VUJ4lzC^7%{IsF;T@>8T7i$GJLAOIUE8Pvb*GcgqaG2Ec6BB?>BJ&%Hl9V*C;_r
zL1X*!7xTj-?nPwja5@Z0!dOMTBVsF<V2oLI%G{0QNJ`1ht5LTwFfi~R`rh5giG=NO
zS@2_jMol)qdxn-<>9$r)+q2OOoA)C}(T4ptR|#7qB`+yo0&s#6-xX}Ik<+Ce$>$47
zLf^iE;lX0Qb8Nf_Z?=#C8=fAP`wU=kDgFib=Tp4fpF1bB9tHd@^A)yXIP9G3MIAz6
zi3f^9<o+xY<vlMr?5V>J133b-2aA%3X$zSHA3+_Rb+t2O5+rHec05}+7xEVaWjce*
z?W2eD5r&(?pn!Jh&2z+HY&sbbf*_yO4~iz<YNEv;ZuC7;c0ZUUcb1p#%cyz#3c?3K
zD^cmRXfGmr)hfnuhl%5v>%;NLgtFZ9eXq@|Fc{ac6OzlVVA8s8YOX;u-41Q)d{i+I
z2b8ues5ApDtt+oXZsoSIGs;e^V+r8YFv}wyZ2iIS-qZV{ozA;`mQa}du|*c+i<ipI
zsYF27xOuOEy+V(!ttjEqejYXHe96c<(Kz2R6E76&m}wM_Cb&9fj4bS0%}?O+!&4s3
zER>P<#DJ<%b51IYbZ<V47X@+C391%+=VFy3r}}kXX1-mk{+?#~td*)yCe?RXytcK(
zUU7kd%yu>j)8Tp80d_<l|6Fgf{5|i0Zmw3^*@os!uC7IllwDAfVQ`{gMeA8|>|uO$
z@YZgluq>Hxfq2Myy;!LB(|1%)!0=juYJBxjkqRw8YSbqE%)%l<eX#K&>5ULHIpJlY
z-eQ)`>O}IyJo9F8+854;W=WYXE~IjqLrXDCZj)7dvEvY)5Z<yLWaYk*XLZ7`j0pMa
zGF0=RzphWPXRC%@JXjJU(}R#B#odm}?Rr;Q&5u1Hw^QO~;D_;KtK?@8Ge|yv$bEk<
z4*=wm4@{)_jdegZbj>W&Zu0%pjDdRV{Y=wRGl)JrD<!&i`>g*COIBTgA0MZSpdxMg
zhV9PF#-OX;dnmpp+9w)yy*OXwP*CIMaxfgqe#m}D=<aZ(B_tQSDQ@}#Y2LFv@ebpR
z4i~$2)K<*7Qn2%7fbqiM`hB=*`D95oa}v~5SDq#Cv*RRTB^gBhR!R1=^~Ix=`Q_LP
z(Q|K)Kav5v<+PkgCG51Nyjgwtu9RzYwbZbCQpC@U&=8=`@6-`aTv$<9h3*aR`4UBJ
zeUNgbd1+Y_1>lFPAT~Ej-vJBQmhBGszM>Yt7AJ8t@#?WiznWZq$2)dMYR-_{g;|-P
zG@t^tFiX-@%{6!6@&8fw=HXEPZU29}qN0RSD1}1C7FkE7C|kCK5V9sq_HCw;BwM2F
zMq+H)_jSsWvQ3PAo2-K|#yW%9elOMMx~}`UfA{zMz5jDChv7Z%*ZDq|=lOWbi$8%T
zfy%1^m1jL;fg$Ck8fD;XXgeccpH~qpp>Ma$I|!9lLRqY(c=*qDiE^x#pC_%D$9Wv(
zK^ap-t*<-xbHEh<{g<^YVD&ZvXHx6`dVVX<UyGSccNk#U`7tERv1JUkLMd4sB6WPe
z#*g9ou1i?6OyhJO*}JwxuH*I=awDsNPi&x**8V3h)%NYgC3%MCwuR<ajy29gb^rk)
z3k~kP4Z;)FAl`PEj)}r*QH%<q=Hy9GXxU{y!Qi59GwS=qWN9JD4VUtB77YQ?j_WL|
z)-p?|g`rPL1hv5AuCNuR$6Iwg4vbJU6Cskj9|jlV9F#<fnx}+0Y$0(deV7G|7VP}A
zci_`y%`@a4A7SJ4SXb?yNUzsXC8MI5cj7p;?aYr$9bZf%5r%7i@H=t;OG^9W;`u<%
z%*@Pd@h3^)*Zv4^cC#%%1L9bpw}z_5hfgc(X$v(rW*3;rv+Vw=jPlS?8WWy2=n4us
z%$|BoB(!Vsyp?c?n6hqU+ccb2Q9XitOi=cQ?@j%ct%2#5TWFzop86ES)`NU-G_P69
zmq~4u)oE-X>lNpK%EKB6sgT*u_Vtm%9`|1W`AS2U&5D~1e&b<c8HYy&1%}bBq}{(A
zHmO<;#44LlaMfG2l+@D+W3>aab7}ku4TISMn**I;)v4p1HS;T_mF;U?3Q;6xqM}*z
z7F<;`?jvN|AVWV3dAs{<g9UN0h?4%^g02?nXYTjW+T|=^xS}TpFw>#uv-bS@0-TcH
z%%{<UYZb+f>is+uY@1(O?$$4E8G)gK+^Q^vI_AeeRbCxmd!&8mJC~Ma`cB>yK6GSs
z9v3ne`<k|WBu&^3ak=I7Sj_?LnQScFz2<McAr6&>$a~of;ghpY_-{tr!md}~U8<sa
z1J@<05m^Sf`IbdaSso2P<>Cf-v25(~y$AF!b>`)l;OfcapFp2JHmR-j74T6=G=I+#
zVF6oOXCsR#SNayO-Q(!QL*K1tS`PE&6{!*A&n}HjwMLbu<eId&t>If%N?Tu55QalU
zQ<+k2yL>=j&HRL9s*yrU8Mdwh8}|H|5D7(X%Tqr0(KGiRy=Wrg-jhd^7emA4te-o!
z5*t2`+pHIE?&42=`xe7_N$=(Mn$q-iE3^<r=f2E%lmHn4<8Y0_60gRGJJp(bGDDj%
zFamWt;9qY^v=@p*q_x?l-t=9w_17zf^?r0BC!*S9dn_PrxV4uErHus}orIjYz`F;>
zZPBS56HI3HFXJ{AE7DU#VkmLSDVJE+qfROtpoMesE1ZI_<gaof*Fui>-*jOZlXIRl
zEZNnsRV>e*n0wN=PHXpgXfl+|_@);>n0D<(uE#9_-+B~fiTdnXuMooTmQP26USjLO
z*V;AQJo23b1!PA*)@f$Ylm7}Ei_sf#7X4cSeZbBMgp2c_ni8ys(W-qJJp`O*78>%{
zFKgrt{N6oIH%7b(XpCP}WHS25%uy1&Evk(>1-Y-74ME~uQ1nS!>77SJ1W1q*hh2sl
zpGrO4>GSg`1*P6|l9}zB@60YL^XHgW7L1w~{R$jjMME0`9RcDDb#T+ikf4v!e))WX
zI#s5P#TxqdTL{f0^&^~7NgyU}*$u;;ZMfPgQCu_#lDa<S?M_SRN8JHM-*_3_rJ?%c
za(ui+E1L%`D&q8B<qq*DjCn8=-yg>Fbr{tz{ZHmI4C|-Z5ysI?8(4fr^*mHMA6_3|
zK0vtxXXBG;V4H2aMWc;$ZU&VHjC+CVOp6G*Shx`LhW`?2-U}P`Xhm-Ol?8|9n^wM;
zk_;q|39qc+Pe{N{U&ZKU2Z<V&oG54G+YgKn)vl6^uNBrwDjRqVP<Hfa!J&@AI1f%i
zD`C3<+_B?-mcyPsI}bF`lNY0}O&bYnzQc$!`LEQ`A{APUZj;-OFUkutG#FVYtL9HV
zJj7bF(tZG9TH*AO10lxx+WLs=w$<94byQekTPYLdvu_Te`_n58;x$K8TH<iw0l}eC
zE*)Q6vq9@4{z_9b04<q0fYe+KOP9YDdC+o7iqqx(nUxxRK~^iTix@`KhY{#UA)JEE
zyHsaJvq5B{EuEScjZ5c7T#U9`4wYMOTYbV2W?PamNxg{q6_hmW#rpS^q<DUpxA8TY
z8Uyy!Y(JJLgE~>Jy-bBD<rc`B@nQ*=r3X+QJK=QYU)Tn-)6f;-PG8%LpzuBW@yph?
z-HEMiB;Kn5&FXRyQvU1<4pN4ubp*Snv3^8~IBrV<a_5*3jxxc-$L24>BBbeIsvKwO
zN6ULI!F%6vL-Ut(%9Unm*jTd%tS(@q&&bO42cyN1hj>(CW7!?;`EF$$x=oXf7w?|l
z+$ia-iFv+1hGNvrGc|xci<YP$dK?$*XWx@?FMmXR5iln>QV9*2BhIx!Z@3_W`{Y}j
z%VHeX!3b)yLHfSm@sWCeR?p)WUb!vO^=(4jsDD&$#%sGw8Fbnn)fICyh8Iaqui*-h
zzrFB9<lE`zFQl4VIS0(WQ_wL2{!<e<7YLk{0|>5GEN}xZFfK((he5@R1?v{Tz~R7(
zridmNOZVh{tK}H32B;Qj6!|>F)KryY6QhQ`dSGjfFhenhpM>~iGyPVCa~6d`hGJts
zjYe*oCKG*I4C1NRcKbI^1-E=uT&@Lzv8N+>&{3Ib8GgvUDC;w`s_}CqD(>m1m<|+U
z;&)(roqG6;+|w$T+{T5z;MNtHCxN`Rf^X)FKjU2Lw)}OKS#LqlAw3HGd)!O9-WASQ
z+BMt+ReX2QlL0M!6xxupdUY*?$aVe|>nG4cANjx$@dfZZs@$fC(pN6`d2u^~+Nk!q
zgR_1KmlwYAI<DBd^?uOa3hPUnhcAvEPxB8d_h(%Blfsn2FNZ9&S;t;s%^H#W0h8U^
zgd|#M`}*=&tgya^kdGAKy?owUTSXePHt=J^`ae<=riEE529s1!OMsSs*vU#BS38dU
z%}Oe1Sx6ifPE#ZCiOtbuy#}JJIHN2eJBi7BD`9q9Dj$xaQ+#&h2w-*e*7}#Ap(!Dd
zrfjSY<WVY9voN0Z(3$c}F)i`>b1O2K6($8r@;c%^Mxh+LzV$JVI7|PORcXpfrl)7Q
z={Gn~+ApDUaR!*baRDHl)6X?lYe(}xC$?)Jbw<QTXBZXoPBzKgHGWfX-_dk(3QFd6
ztjj%pa3QBZ*i&1TndtF4ZcgaS{N0eN2X@3=S2=b_1)rUa3Z{L<{g>08?`~P(om!N?
z*O<xrUHrwaEQriy6Xly=_T%|I8DMKJX4#b8k}QWl*e*pE+)=#34e_#=&WYrx%?Y^L
zX=r428M)^B#wfV5S;dlH=TyIukC}*GMp1YZ+(#Y-Z!xGct#tm#*RpPH5x9}*g79ov
z2bl|+5LSJgmcWb3Mb(4(oo&**y!%WWVePuL5ga_+7bI>M`~G?^=+RY;YwL{r7O??H
zkiX_|t#_i-6gRF{7N9{vTWd2q;=+~wi&A>?>mp$xUpA}Vm8PRzgndFAI^@2DV(fN2
z+rV#2Ol23U6J`3=bclWI1NsaH>LD4LQa)D0eR3*?I$Yr^c$QfQE#;$LG4Ro)Ve6GS
zXX?OuOM$g6wh#*sI>fFOX#vs5S2%TFyc+J?Em7b!Yaz>{;OAFKhA6QL;YA&{uzOj*
zUx*Q`zoR%N=HG2UQ1EHlBgyC$pQ6uqTy&@K0~sx1^F1NA)3TiAFNj^F;~nN!7Cx3`
zgwlaLJl4@PW5yI?TsefF1R}VXYV*ub<5F5p#wSSIQc85tkjDJ9Y??73QWsAuIjTNe
zCPdptbw|kB!cR8p_eJ@y?8jTyR6x&uirF1qfvqdCs65}_s4A9(AXdsaW+WXea<2E<
z%U^XcTldoeCCUS%t%*JU)RX+fRX|&@+WsR{yc_ay@bx;i66s#j$wR&p^Z3UFk$a-7
z%g1y4&md%V0yZV=yi`allZA&RE-^$UY}R6QlxEmf3Qa4u1Kt+Lw;5%tDB9lzQVhBG
zYdr!Qsv%Cf!jkD0SsP@ZHKDoT$AvMz5Xz?Yo!h=j=}+t4oN%$6470XiBXlWMgfx+j
z@Z~MX3@K3v_o-IYMGT<X0Mfa(Vml-jBPSG^ld`paMuD`oD+&h=t`|YA4_3;no}u5=
zY7!q0h3{SouL%`?lM`foCg}naVx(ayaU{@i#qA`-i-_`SE$mr!sUnp+GHL@EQVxs-
zuhkj{N?)SIh2OEDwXgtMNwkO-e`9;51=0S{jRR8s6!#A8VUA;cC8QmH7VbMz6Q7FG
zF5s)BLot*%(3qh?<#m47EFNQdWF1ci17C=0ZtWT3yLq5gD+TUM;Ulbi>NPmf5{6y;
z=sD|Ox1-i^QDYm{t&n?`=If~JDQ^n3H>$6517}EM%0s!*$P1f6nNeP}kug-?Mpo&J
zXDtaKrs;v9mw%XOp;TT$-yK1s`5@cG_krePC_|Vwyc!xzNnD%$ao$#JL@Pz1JnAA#
z%nDQO9)1F&80l$^nqRw7`L&Z4f=Q}Ffi909U17$%<`8=VG>kn-+Cdn)ET)^DVJ=`f
z@E@yW;fWWcBmRVrr>Hx~&8s2;Ge-bVh}5C_-;0*`hWjBJe9^}~sB2p|iPbJX%{8A2
z&=8|1C7hbC2+~H9z)uUTo64+%quwdmt;C`o<)Mu8LRL{cEP$K_bTJ(@VVV|B>xai0
z;*)y$;#{6mbLs0-2P>BD#h(;~a*RLlY0rTZ%Ae|U$>usl_;P1m+snk}Pbd+S`wFYv
zuoLQ-n6fUk0dZ-a$MLFV`p9bat`^As)^zmivm(g7)?Peee!70Gw&IrQKUVNIIi7vR
zrwGrFK;*x@@1)`@tZ&aukm#8`3bZF4Nr00FF^#|KJQ`NEkdb9ddiIUHwr4**X);8C
zyA>tfkH)`q@XI3II*!PaaajF%Lr>Iu{i6T8|CMa<@jSdmW&7<dznX`5GP6s!_rb#M
zx+3x9{geGIgbh1CDhQtuY#hp$I=Alo+|lIVk?9Xs&<cq<DNvtAqY&?%3m{rWTz4k0
zexG}!lCd)Y9w01RJ-nbt*?3x=(u%20cJGpl6{t%oc|E_{UYG_b>~~y3t-mSiJif=s
z7LqU@C}gm5LXfi9WX`u)q2kd}VbfIBi@i<HTzOj!byt2Bw#`~p&XA9dR~h@X@ID<9
z>0dM^ZkEhMaVJ7oUS7>AfjTCv^qZF1ckjW{)$j4=qukL-Q8iw8F{bj(rg$K;8EJsr
z)I*M31yurRuDjD~yW?)_r(yWl1AB<IM7RggOneu;7f87r!OkZ*ztdnaqpWl(oYr4C
zF7QaAI{5o-UxV_~@%>M9@x><u%?)a0l!h1GgbizAg_Y-Aq=Q4RvGjQj)-!xp=ml@Y
zpP+IBlBu&7C}U?(HFRxHFe*B14WXC?3oTwaXKxDuR8P-C%Q6KE_v=x)gu5s&T;Uk)
z2Kok^QO15RVH~ANurt-#hOb+D?$iZZ1NDB4@IH!v(Uhm2GR{(Or!|UM)5&D*ho4y5
zKJ-nTbK>`bjA}Nor9`E6{XLRU=Yf!?qG^%P``h*ds4?2eZHf+;U=4^K8?E?%a{X;;
zsA~Ml+<-uY5!ppaM+i^VWjv|Gip5;rD(ZMd{o180OA|_tGNovx^3~9sm!L=@1UZwG
z%6QPg4$Jx^u3H$CT(iS~0}CWI&s&?VTAnV*G1vZCO4Givv&5KpLn^TNXxw<GTUB7O
zoBoF!+C)zXeo&lnU$^x^hWfD@gM%l~P?Vry_T5ylR-pzakOsA(H~Bv`OZ)cc?5p=F
z)(vi6YZ)c1<ZW9+Vm>NrtV+<SYdXp+Z{=+v@-pv&Thl;i^u2LOYw|?XtGj?bY(Kbs
z>}i@01_{l!z$)jeqp-;jQHX0tWnLU||7`q{UC?AoVdx(9g{SDNc2E{Nb+AljtA<WC
zHs#dYt0NrG0sUxlgf{u#4@$nIq(}j!z|TYry$-#sNa=|foAzd|xRJowBB6Y+X`nvN
zRN*orh<voA8nC~<y%J%hiJ{ocem&q%wkb5Fw#cwN8BbP@_#nD<(Z0*vf}!2c>KI=E
z#*>eOuVx1y_5}j(xs*yfNB_=yT2Y9svy(Vh2$kcK&XiN-93cmnN;u)lJCrGL2-E&}
zDBbtxXCNm1J)_`T|I!?(uvDe-dV48G_g=w+OR6nH<Gt52-D<#Ry{g6{8d)MXTJeyW
z2P9v>f78U&J7g?!c8jmV_1L)w6uJAn#lQGII~|S62;l9V8!RsEc$GC2NZ-=kZCrwD
z{u&gb2VnG<-m&igd`i^>K2}3s^*sQ`=gT^*qzCtZPHza5XJ&WDb=|Nw_lbVPdD&{@
zn^Yj91RNBRH(7`HpmdH?v6z>kJF;W_5Z3f}0;M;BkasEl%Hw+!-&i{r&W(k>7}5wx
zOh(YTG$M%xM6Y=R?1f1c7WrE@OHyJMz1^wcak=wkOMXc0Qwx1ik#hF#&?7(kt6KO=
z_Wt;t!(w!1l*Gthr{e!4y8avVQ+Z_a!&ZDo!26JqZ5A(Dc0g0-RqMZxu|_j!TbB>j
zubYt`i6yM*L!Chb&S-=0GrbX*?M$(LP<}vTJtN&LtMIC;(V13DY+#AMA~Z@<c(9WM
zGmuaFQ}zt5uyW1L(w~?xYP4>=IvQu*Iu!l&=eeL6ryJY!hj>9?<K|mKfVw>f+HTU;
z#}VQ>eX4~Lc6%$izl@gI78Q#vW^Xlk7f-$AFN}*n^O7kTP`Uur>9K$i=Fo~u0jSeI
zd^ivl%A2hJeb4Vzo?ZJIcQ#Rrjw!uKGym-S(EZml`tIuS(Pd7*xsOQ6(Sji92iwmM
zpFikIv0}g0zgt(6fDm^pah*wxlA+TTj-31nIm=k<%F|ZzBfXoj2w0J;mv?(%aRw8~
zf$Atb!pl}WoA`Kc_SKP4rNZSBr-b-a!V$*&&|uPW9ffZ}*U?@}X)|x@{UX?G72WjW
zEoH?sgj~U3GK>6Fsb|V)gS>{u+cz(ti_}`a9{)YK<Y08x;Z87*2OV^F|I50Kue`A-
zMBHsPS;?%y!jTj6@;YPUpqxEL1G9`zKVk%j1p{pwFU%_~Wg%ecU^p=J&F!@PP6=BK
zR$lb+_lEQf@D)X0J~N&@m;CN5Y_}Aj`=DBK#o)OpsLw9=%R}C)Nl9?vj|gR11&c?&
z{9<<||G`#7;}jWRX8i+FJox=K8It!zF0fWRC2SrH^xN&ud53o;C?x@Ty19C3eI0!)
z7M=RNpq75XVXDog0cn`maHPnHi&RG*_m{@=5MPEOTNx-O-V9Jx#>lAgYbtt)hRJ&_
z{t}`dy!w!J5C0R?%_e&CSxwN_$f&}xez3Zbn(Fp5ZTGb-E9tNKEbL7))<T-$<So7~
z+i`R%)sM7r`O~Yls`S+`4!B|JhHTF&(J?@FERd`uxfOn@@$}?%f0x&b#lcMKTT|)%
z`Kg@gMA3wAdD~O-Nyc}(+JQ-yaJ_qb#7RczEAi<1{mLYtimTi8-q=jz(s7c4@IR`A
zXcm2<4@fZ5W%3au5sP{_kjCz`8F7_SvIVG#TYl@^t&gfw#LbUrx(t;B`+1=0RkzVE
z(Ji>v@b}l`wBmj8vy)nN`a548!M7N!2YFy-{H|Jt{_c<6?#o|V(T2WuCE?w)MhgAR
zqYH3<A9|w=@SAOyOn|%jK>Y`2Y{LydEdz4k7$;_pjH0wcC+Xc<Xp@2vJVT!hsidhP
zNlYgLB+vHH`IPFD)^vbKcd3t(#cuhqXibMF47B?0Oo7AvZTs}!d^8vjW%j1sk5c$B
zVt$Za3skH4+3mGl`WOkD1R7q2?guNJ$@DcWZN!X%E~7mz?+XL!%+!w+Ky_fgfh~=2
zUcw?b3I`wfOx*0vSu1@SWA~l=C)8E+PD?q(Q-S_4&M1Qh^)u0@Y}ENE_25EMyXI-F
zVPvkDRk{56t-`p%LZ&J5N=c?)S$5%#`1pwX|Ewp+_z2_vkRF&Vt$GU;PyEBhc(H?#
zV1DISe5Aj4P*wBN(DDb<3^}hx)hqGM7`W%cpz;@|r9r>+n;NIOEU5L56552%K0gS~
zn01`a1xq9;>dX}rA0bf@<Y+Mz7WmTz(9=QBI|*i+;PrXa#<o;f?cl8)RXX{zaed;g
zs4mVIIob7o<Y@gCw=D0Z{`@^Jb;+atd}F|HQqr#~XL_A$?NW?T_ZtpGuGJ*z^wK61
z>nXvPN$>63IVq7_uCM(2idUAKI_HoFjy!TJwL_<yl#8*AL(p*;71I1z7@bamnCd@$
zL#z09lPz0bX2(phVfFBtc*V7jQu{Ao7MFn*{Y@O8ecm~LQPBPb25)gB+-*0=d@?~l
zaPxg8tN4&sVRsIu6f8~&`FS_6rFGF=gj@A8@93lGdo#ZTlL0GB!O}{*8tzt)ThF`|
z!QES7rY8KL>aBF2w#u=^lXX?}u@CUC`?>URc8D0{j_z~RRBum59T6tMfg=p*yJ;s#
zCfp0CQ9K)Y`x!`}c?b9t+I)dB*y>IHV$=mqr=xK)JtR}<Me^@tHOS4rd-YPy_Cnsw
zQq;~ajF#3B&c2JuBmLwzIaW6=x4hwa&#Osz87enHMUlrTErFlJ30M?jwj+VV_2R$-
zeJq(?WZ%u7xYED=>}vlmb~=!V#PS6@4b}8*^o~S-K<gKbxfAPqsCUQZw>S7y40DsU
zM4vvvHbfLgEZwB7tQ<WfZQwI|S)hKj;fsDGOQGk=eFIackqSa@xkiQ14_B|3{%|YZ
z^u#uwMHcHhAUj!W@9}teublDX5IZnrQ2B&_UsFC!h|KdwG#KO$%k?0^Qp8VS{YYK(
zM;e~40sEJa;!}j$ckgAwB-o{1Li#CP&rkL3fn0W3USH*r_j)%WqD+egqTds2t=wsq
z#$00eRd!^l5tBbEunOqU#ua>$bG%Ii<#4IrZK+@dM)E=b<fGxkhA%J_BkdAw=Sm(v
z%DBpxQDS|vz346#+*J#dY>(OSQ)R9bl-<aLRMd^&xJ+gak#{Nfi7YIjQ#A|(i|}1+
z8Y)%b_}Bb7{sm-&Ry^3b+nC`hDDmJweAtujHUWnFZTE#{@}$4Qn)(o+h{Yis7`{bQ
zkvFTj8dddS+io@0bWN~2veWL~3cLb;zDNF58h%uUx*XI3qiBu5kpv5<b@MAOBDP=g
z#*-vvc-;cZ?(_!5J7Z_ARye4*;UTgz?iW0oEM+ItiI6oSyqOy)yu9>~`c=#wWWq?&
z$k12IiBvv6AY$Qz+KOQ<G}~}xV76x7Fjn&(ySV;EnY-4*Jos9Cyp|q_2|&?!;V*O6
z+|2wt)8A+LU#NB6$ViqBG}k0QvE!%waw^0^S;GE`s$cKaL9fQ<0yF=gTUXF=^VnqN
z6y?o_(GQH^>z5p6L*p_%R(ei2yRBKVi=iJ<v<L$joh149%G+~$QR(YbaN5Rz{gzNW
zm6YW58SG%2RuKzTg(CT~j4V>v#Iv*g6{!;x;(RbyDp|w=ey*dVBdsIc0}G=&zPV{B
zIyz-D`19O)I|Ls<$rk~eu0mtp44UL7W~O}}OnXf~`7{vvR!ZXv<G$6O{B;EnmR<yG
zzqjv^cyIU0RiFT3?&)N}KJd`R?ec1g7r`Xgq&#u`_(`WXY&Jo;D4&tSMYnAQbxnPr
zZ>Q|kcMJMAmHJ(NJO<9Lp99Ijxt|h)DOsGv4-|rNhO)S=(DnJVNXO5YkxtV#6<WBK
zJ|l}8mrZP0FY<8>i2LuQT2Jw%FR}c5f88e?Sv|GRCisd|P<bHpv;a#Sqb}SRCQaL%
zVg(5bbfpS@)6rBrqLufW0<+s?9ks5oluemf0ur<~w;(9RXl72~i^`&d=Nlx6Q?i{B
zIziGZnpcc#JRIhKRJaQf>yIR!fkF`$$1xt97vEa=J>XGt+?Q{`2;*}en_76oA!6S)
zZA2rfS)c!pctRL7EHn=Sk~U$~Ahy&FvN1mvLs}ZM=DKn={HEq&bpc>oH1qaunv_&z
z?L8iR=;T%VqUG=Ywm)-{>lJ}?2tEFCi+i?ZX^TGUZg#2q-sNg&tkK<5*QgQ`7QpLf
zVZ`N`&O;iwCfzTMzU6&BzwN0<KV@gYNi+%q%!u2tpW=^}e?4;#9!c$Nk^AZf6f<f~
zAxBn9o66|CU>$WV!2L!74u^ni$22Rb)^QdFhwf}PnN&ImWwo&g)=BWh8xo*k_>ILT
zvbd}nnR&ifb;K3l<>G~b4GifgCW(BoE6bhFf$1GHTYJUd4HisM+~n38jp@P$ExLlw
zT0qljbd%RHfIQYiddMf`LG0Fefa$Y2qhOi-uMr#X;14L0U?fW}On!t)nlc*TJMXbZ
z&s_6fqxN8GjagePh^B+9QJbzMYH4aWFl$D3%7McM+sjRi?Lz)}hW^Z2aqT=*Z+?tq
z5l>>wc_K?)*XY@}8Cx^1iVJVVyUXa;&7cpMCSJb(9Wbh4sm<H;sbKN$SOkpfTmZ#v
z4^SAR>sWtdhJ2X%zy>KLiG*;V3^-=}jT3omQBzgE^f~n4UA~aul52!8BgQ$bY;UU$
zb;YF88GT#rR9k^MY%CHwI7297G&k?e!<<nVFoz>T1ZUh$fNtUvD!iHz!MaeP_L!%!
z*{S3YJqQqM05Q5-P4WmY`zOz@=Pdqm9DV{;(Q97L&J79?{>-_S=4HH(b$nT6?!ZKS
zczwKd)t2q0w|X<6aN5X0`s5aKh<w1Ht=bGzKahX~?d|wkpSuxcut|GglY^AhrcIY|
z@)3D2rauh%Y+m2~^5@5WZgw+FA0Ydn#uec}7(dO0ebm$o3(Qqh{st5z*HA9hl-1cE
z8XIDHLiNW=0u^~!S@=kV5u9CtL+hQS3c~z54Y6onI(PuB6WZQ4TUCJN@VlN9Ki)9m
z;sqdHjd$t%xld|Iu_8udml`(jAAVJ6PCL&5hQkFYx*tLo*j`uakYfELrIMgHgoXa$
zHt(3A?8WENS!(n(bSF&0*L5SQ5Vgu8H6*SC8~Ze4e(r(~{Hy;Y)l8)RVXDx9W@k42
zoSCi^Q)V0x;)q4g+d<vy7YFb1@2P*bF6XXVZ?kX>h6iI3XcPZv6@jEM2b*{w&gIK6
zu6y18*-YyuGuOww;K~f3pL;}9aD7`7mb1Xm;rm_n7!_!jH=avya>9h`dIE%yFSU*j
zVBTBFFVzSYYNh7-e*g8n%mKr<`<~|#HMz>j{3Kh~?z{%thlK|L#iLyFUrL_by0*tx
z-mt-FPJ^~RaJ!g2%-Uz$H*l!VfjuxiG*4^E!rUVqU!la0tZ!JEE*q%zBD@=q1{Noa
zVI^LjiMuB9T(a(mw$d~p41)(o7N<%HOeDTEot8D|U<n)xOH`0;a;e-|(179WYJcwM
zdT<tOrV%VmN**0rIqRALzzhc@I^6*rV7lQUuNm#=x0YA)E6|N~sh+0OT%DLxViccC
zv~x=mTP<n=o_O=?<=VWbvGDtkHpaa39^5~r2r~Q5$G_Fs!!81!;IFM@?>>qs1iP;x
zn?+L%i>wM)le3rz!!yPcM+k3uJG*Nf^#^@5r^D-ZB37aQg&7i;e;LJh3>~XcC)EpD
zsuObZrm^1}A<ocJyVbj4hZz1#$Hu=B+ek;dY?iNJ^6{mX?Y#sy6FS>OaqZ*}R=C$|
z?|rZea3f%2WnIkA-PPheEVibEz}ea!2smkN0-tKtNxLqjG*-e!T8?I<#%;T;Y=4V5
ztwcVV7iY<@Iqi>~Y+<qS+Rt(#mi&aS{(NMqZXbIGesAgG74ls7C&`8}M1Er!vd=og
zk>NJtIo}iYNODO9a_@7zk9V$MeYD%z$|FL|ko&+3IB@e*5}12__ZEb~rzvE4H#(QF
zfqDfTpdub52<h~V7P`0~Dm71Cq(6Xdaag%7oJvp@3B#hG0?xSQEq(GkjX(m9HaVo|
zv%G7|N#7xe_6=AW5s^F!o*!(BTGeJzt4W13tu8-)l&hkeQzmc3Bq~dR1hWp4L37&v
zt^Vd2{J{Yf2uc4=u8!3NGW0fn&2D7^Rq&A(MDTN9Iz|dykNNQ7jz-)gthIqJ5?2W8
z2w<I|L+MqSuIG~I(3S3m2P-SN4e=yC(9j2(1HQ1ob=Ix;lW4NHvN>i|3l9NM2ohMW
zNlb+!X*j1(ChL!*o9gTtd36L>{Ty6kCTnEo?^Mtqg14|cHV?)Szw0Z^Jm~P(V|H{(
zaWwME0<<pYYv=lMQ<S<#-o5;EH%P;;6Q9Bhx0%<QC%*C3%|RuKcSeMKc_2s{5g}~{
zvS!@ne}_p!Y+znT#1F{J(4qJpUjTrwvnp^s9P{qo9!o3D0_78Xe#^SwF7JSR@13n$
zi^<x1(W0U5NpxPzI?B=YC$P2)T`wd#NgaEBN+u=ojCb>Q-DZnzwVEQMD<t9B87nL3
z$Vb^F!s6uatbyheCKkh*omRuePrKxBccKg(xwUFn<-(czz}C?tkwr(ksz$B_3RaZy
zl(`y=XMgHkFXD3UR*+wugk7wAp;_s(zc`G`A)c$1@nx^pT>q_z>zod_i0AA+L&aZH
z>VU{;wls)|+t)9bN1=k!xOfj#OkNc?kN0Oj_MR6IzCXJ6dhGYqfX|ra{b5Au(dliY
zz1E^_^1=&wK>J<MGUD6ReSS68SW(@q#Nf8v_m1nwIpthNDzr3@t-cNCK4Ll992#@U
zf*w$F>D+)3^TgU_ocVf-#P8|el9cM_W%rl$k%0TA%1X*-Iz33b$tD8SL-RI>H~3uo
z`Qkv(73`g<b~^Wh7dyQzdl_+)LQwF?0He{|r0L2ApvvhUQn>dZjIkZ;UvBx7>J+qO
z*xx0{c|Wsmg&VX9?YwFu8td$LB-5DZ#~_PFyEd-X!0Gg)?bobwn|mYFx$tX<U`{1}
zkGS!5{>~<Dog*^)*aiK3!F~p!zO6Xx1^1Pb`gCIgjsVtEL+3&DRu^G9mADFYIsWqn
z-y#BsRy{FhK8T0W{ujcMR*maO)B5Or;QpT}VR}kB>7azr#G`+#F~T4XX+}Z~>6)w5
z0npEGi+_k2bx(9f`zu)}M7__YWwn+T05{#QlP%KL-;(;xo+^yeqR@;VG3Mog@ae;;
zFy#9a7l&=d_H6A%opPza^fHNFdTL)7pNJ)YT;cGun#)cQc*pm4oyqg9YiM+8^f?1c
zCpe<3^o(IXQGSr58dr)<yp-?@_%BBly-o|mf9+h;D1^%5CpMwWX>&<cS883XVm2>^
zxBTdDnWoO*3YA4(U2)-*&yLy~w82OK=W~#FlMy9v3#M~-@GXU>Ez@IgvLkad6a}1}
z2^h!)*TVR#8Hveo^L2!jnmJhC(nXuoca>X*c=fzWa&}Z<h4yryo3=M5_tx*M_byf9
z;j$A#Qc7E`U@~x%mh>mnVG+U$5}+7TVV`yuD2LXaE3{If<|J$>VZz5xiT>5b3qRft
zurKp{p#>D*&t!!9zt8PgYVRbN?Js>4W~F<s(HrMSW6|@PUGOYwTdYXa&2LU%SNn81
zfZWxHAJdl$gP0fpC7G&x26iy&pWCLMf=<7P0`FkcKL4&M8z9ncTx)ckum4rtn$#{{
zo1;E+bR`5un!faPQ2%8^5jn~mhvrIcUR1i|3sxfHa9(5iwA?z-isJ%Cl5K?}eQC_7
z!Qznb#>6@v59VoC9+AZ>poQ085)ZuGx|4@W4Wb*c+*ZF{WgYu<Y1jJ@w(^)KzvkVf
zq$Ky$aphj6wnOGB-&g}Ht!zj<Q}3XDuckzr?S{vE*dybK$fa6hb;v>=JAdB0%wSxk
zB1{7CPEL9}>w=^Q9f3qL3ch(`Y#J4g_;2@~qF>&3U@`OTV48W*fg?HdO{^M^wX$AZ
zoeFPz`c}m(Nb#cV)8?Yr>eKru=Ouduk0Yc+4^{y-&&#Z?#)gxk>QsH7(MOQSd2nhs
z7jFbd<p7HNq;-_^Vstn<_|E&T<%I944}r2)-F<eSd1Zt8@ST;(mf(<#y2hpjnN!1{
zqm*+yX6_ImHO?6BusCe5%^Bj?KL~<-iyZ3#i7tJ-*FyZ5F>itOgUTw$zFaH$EvC5+
zDKs<N#RIkQh50ErMo&AmuiucSX63yzbld=2-itg{L!Y8Ba(!JN^)fZKj@q<FrmTb1
zue&TK=U7-wKq$}W_%kTsS6Pp2cB_G<wE*7!&D65nK04I<KItWX%7*ir@Onp-uMLBJ
z@_g81ZP+6TR~5K1{9|Od2&FpwW78{rF!Hf+(-+ivH{O2z{gbg)9*ko7QJt`^l#zhK
zl&cdqkEPW{CSHanCm7*Srj%-`0?|=(;DMQic3#2Jx2Kl3+KD_+V3o~$bo+4|3h)+t
z^_Ow}yD9^H7uE(WlFpPV;*VC&lvXWI0766V^)va(n!oCdPgZ;4Ik&HC7E_mM*FLvw
zRcI}MPy!v+|LQNG`DkVK!)1mYQS?{-#c^f&vpe1zm$J`tv8fh+y&ek{?$1k0JAPnn
zZ0yn=W@fI#DwD^VU+=k-@cLTNJK-Ll^oF$#o1^Ze#her+H#yWylai^_T8Fotw-Aid
zVbNGhHy^IC35%cHkYW|V-zj>oN}~c#)MNfy16+m-40%O<#C7_+guLr7h)Ic$?$0R4
z`v%`qZ>+O+R8ie&aU&dG+u#w5z6&Jtboj}p3C8A>w=aXb+$5hD3abP%_>NR1CZ(-j
zOi!udtHVaVPLokvgR^~k_w?{GPiE+M7hJUQXzdZ5T>6Ag{K-3%u^5M9D?Pa9D)o&J
zCE-TZmJu0ongGcnLTKB;wY=eQFapY9Jp0-cq|~Zp+hIR(6H7MtGJ(l;)%mU+Bd@G5
zea|Jn!NRG#mv2o3ZnSV&Ok%zx#G|AB#IjoqR^0PA*LDlXi{5l#k)p6W-b{F+4kcHY
zMDUJ8O9w_aO>gh7g<lV(C&of$x6uhV$`DXz5-NUqsxD7pl!DI36U!K>1TXxy$N_Cw
zN<TvrkGf~t^aO6&q%h{SO?NA0q&|uAVw@wBT~8xgMXOM`W+V5skG%t80t}s9c2U+B
ze%~^fLUpU99e3VtgJsPinnIcin>_^#-|21zi%W2n{*F~U9z;SyP1aThOUf7ioo4L6
zz<IVxANBHNGSq)oQ+<48(P=t|HH`T=2LueW)(<)@c15%XB1vm!tu3P&C^UjgUzo8l
zHF4pcZ&$oT4BPYx_7`79*9%X^%3nl!&3={3i+iskQ<R+x;3rnwU);+Afv>z0E=MJ+
zwNFBJ6&+Lulu;kHhRKwMw@BqMp@R-%Ffn*=OE1uJq`uW}R7-kNMcxSv$81WGg&OW#
zBC3(NqGdMVv|UlO1bqzij5>vEG<rNbc;LCuc{V%+^|Q}NLsvw{xGO!<9)jFLzq^tb
z08f!~mls6q=$nIIkD<Ezr1H;wk3O##i@Oyt(L8Z$%i9skx^Mzwu6guls*?Y`UWE5S
z^ktzY3G93K_Bhn-!>ebGZk~%0IW(l&IGKLDF>LZw_kj_9Wz9obOI_X7ZZxNkH*I19
zn$r%^o-4pGw$!#W{LPVK?UzhU)pUQl6=kJ4bjmUzW1&z~bQ|nT-#FeICuWwId#@fH
za}@sIe#Ha1>iS13R*4c*H_*lE`K}`bpujoyWI)kld);BU-rq>Qf~iz!blcs;1u78*
z&_FNDSSzE{(rGj6v>C7Q<YqfPST%#Vefo~B-$cF#(3$F;07+V3wsXB-Ppk@H{Ny<>
zqC;uU>x}GxU$Wc#CMUKNVxbLiO$s`}FI^d)ZZR34FFlX)#&1(hIJS9(Hc&sUqZm?J
zSm+Akh6@YAzu>46_51m!xK*2W`^3%HGM6tq5A(H?)iQ=56XqH*t9;DRgX~T9{7cD&
zzfsVlBFSJ!nx1(OC^ZFZ^pR};kPr6>qzRwBrqg`r4@pr%;GwMe?1yWjlJ?_unaeLe
zECfGZ&yHT7io%b*;r$O!L6wd}7cJBK*hu5p3M~!1vs0~V+MV|xt{1(kD88u?Z=X~(
zq1}r(vK#sQSF{s6^ZBCMXtQf@=rP%YhyDc@{|W58n?-f@&m3mi;dsd3P^~+sfhV<|
zMyrqPwY17OG}5~B=L0ybB+D#1^G6IgBI$t=U;lBDbd7tK`>g7;h}9pwkZaO2)4kS;
z!FHf8t~6_Q2|0W5tbB5B*|_3WY^J-~#E<pQxHF&s_3qD9OoV>s`?JdBXJ6rKjpWTV
zulKv}Z9O8er*iaZ-trq#`V%L_WixJ9ZnqH?iNVlq_rqze*WNjoqbARaxH;^38S3V1
z{P4u@U2&B?>=(_c+>T?&{0l`o9pP7;2H#5GJfA;;Kt8N}1eR^Zo*$O_yVIbjcj~rN
zDj>-Y_vV1cp)t%={xAIHDnIxzBKMqU`|~?{4^~|fmvQS+Xx29#z6?+?$mvVO9&c>m
zWABrc|3cpdMnq}!WY@R{wuAX3BdZ>k)W?A8B-ME8-+WA0xg9jPjL{#QZ8oq+lJ%AW
zMs`}qRCE8lDpXy?Q02G;@w?Q{+h+*uIl?WS{vw#UySmiQ0qhz?Y7u`Hm$C_(PjJwu
zf5fa0&}r*Kb{g|PKL(k%7X7pH`uBHf?%KdL*KLD~bv(v=`2p78<DS0HTk(o+TP5iE
zyu$titS_bh^Is4<y~7Qk)dMSOU>ZGSZ6&|rV&3MIC~3p2DEJL|lHc$TQBU<exJ02J
zT&DjQE)z97q**bS_ldvZ$GX0n$q?jI7_pvwR?}erUew=f#CCg6?w;d6q}l#A&V|5b
zBT4d)ACmzf*mkAd)Q^b)08K54e_hpEJ6H8G_WOVLZ2fOmLjUBd9y^`~X5+$Fz!Hpy
zr4{oICn#84m*X%nr~Y$mTsV}?tbPHbGWzci_@8m#|NI?GE2p++J^NMSubM_RocxCc
zz@jhLiahwQ>w976`o?=t|8XSyzmlE73(orOTwmVDN&?`|1tt+|@o|zN@3J%{*5c!V
zon@{W#aCD#c^I%gO>s_ju=TlP!(|TaS_t}X9_4_+tI8bL(z$lE?Ed>XbPJ@7L%X#&
za{d=i8Qg&5Xzkwe$MMW2=G`20#ifBwkXvh}BfS|A{q!oFhR*v5=%gxM18ap|TFLQq
z`_HCxu|)p??Qib9B~0hbf4AHFpTFb!9Dtg|R6N*%f8SIRmvX{0WS}-;S_zUv)ve8f
zT8Z6&1b7p)K~l$k?T+)vO{N;%s1WyFQtU0VJfC~_BY(bG?JLkd!vA_oIdFS@&o7OA
z{(lZc`Zbk$czQHv&;J#n{I3_NKlpumhW}vIxjHmH{)oYPifNu%`*y!AMTE87sW15`
zpZtmFyaXW^b8e-DBl1tz#mnu-JKjqluisU*=UDWgd+((dc<;ueuXp{=chP@y4P!e1
zE`QUrnaP~rF!W~M9dj`KEP3E2n?!nEC%UnqM4X&iiD)BufcM%w{_T&|^mBVQuy1Rh
z5iI?map3>__3=1x)r+f1zkArt9<h;nvt8-a(~rQ%uYWlDkMpET`mwtlZ&ll6SO4GL
zjo8e<^}7{Uc}Hu0&sojnn}Gf6ZV^9N@kAk=@%mc?Jf<sI?o*WlJ-Ai1b&l<iiQ(DE
zgWwFFN!X|VfBu{Q^QU4ret%BsJ5dg}C^1Kc^3^dKY8#t@Z@n&KcTo2IZmY6DiVU~p
zqqoI7SpLD$i|T)DfWDZ4@HFZC`Sp>%lf3`@z5mnKbs&(;b)Gl*YZGakA}Mqo7!uC3
ztC`h!WKy?SYWTGQ^U<X8K+hj@q1P978}1H$#Qpm8|KeT1>DM~-NBN5U<RJ~QkpYmM
zTD*j=nVxJ*D4U>g?&cqtJN5Q`2Kz5u#_g{7e>Xa5-hs4QyGQ(EC_%5Qj#ad|^9U4W
z&rBx)N-aT<^UtH9OdCYn9zW%W|3W7JPXYE{-&YCv{ZJg(aga2Ozb|v?_6wZ^g)rm}
zmCefO%{jflf44Na_V4VsZo&TFIp66Tz#e68^<K`U-%qrdcWtjjlQG>7e(x3;iZ1_i
zb4KqZV9{Fpi~oNviOS+ZkENanW{#TS)@PtkbvJ5hEP!MkqOfnNYDznIEx>H#`v(Xm
zSx;|vkhkeCnfvb`XV>#h{=2yb4vxd0gQXqOsY=pLb7`BB;;*kbjM2{yX}E`g$5f|)
z{-0fkEnj!s&oYN&%Ye#tqAS<up|IV}J%1yzLjuUMGG-LNc(JJ)?2&Vy%}^lLBmq&q
z78bU4g)msGq^o-t>+p70n+tcHz4$*5jvn#n=WeLoZ3yrUd<v>cUB?k*CK|Tr8lv)E
z*f0kc^r|BIvT<F!ZO7(M(#d~}$ylG?uf$rXz^D%n-Tz$&6${)&T|1wvm-$B8YNBz!
zv>oa5AomH|1@KRZm!2jAVA;tejlT{8QK4(iYVY)snqJ;uiR-_eC^k@ce4D#-Bi{Zc
z>+?S!<m5~6uQi9t0mPxMu-W!4hps}@Qd)`vJS^Lxa@-{0>GbzYm`x%I?y$9Lb4-gh
zTH*ZNG?i<@Mg?`)FDUA&6qtC!P_5R1XZ1+3&OPDa2co6k3%w2tKN}+4cw~W6F+q6=
z?mlevz)ir+d(5+ua`#-#YFl0%|ASgD&o8U-AKG2U>$b9~TC%!3;O`wYswdudc)9(+
zHV(mJez@q^sXdirUJ4wSOky|XlNEj6kr-P{H0m1KWBJ$fx5qz&CyAMRXL&3X4wLs@
zIzv0x=rUdw3T9@f^?Zcp<4%x&ln=xn<YpvDWjPRruUtb*$$gb(2ov53X!Mj1e27h=
zFt+ta_oA|I9AkJ+ZSmyN9x#59eXg>Q6$s<??JjKWl&SeGa8Zw&1$tU0ph4&M=ZDLt
zPHSiIt6<<Sdv|4WU~m{oRD{#d<eQZ1VP{HtAJdWZ?$r>1VUtlHWm*rTlST^59HtJ)
zKb?N9W8N2;Ye?MiZOyaxLiMj&tjykt74qh-)ej^+87h&Rwky{8#pZR<a<bYTH>0K`
z{5=Pg<?wBtwHG-+)Z!4n+fcVvPfB4>6rXU+D8-W0vS$$NSN+xx=9`l1jZ9|Ru@}aT
z_ScbCzJ;>4I*?PxCV4iq&=P?mlW@}FDU(v$a+rDn*9p(6lG`)W+XZF{dtq}1pyU%i
zmrB{sd?Jk{y=yH?-M@Xdvw33AWq~`fX<!oi)15g?ql&kM<z*<ZXxz-38u(_aartU{
zyJXZ#@}(B6<9QTO#(7jdgq5#^w~=I{efDxC_R|<VZ3*EM2)kL!ph}{y1eAo};fF$F
zwh^~!vd0NTjp|Thxq1X&Rl;Lf)L}jez3{A=G!`zgyK!A9*O$WF9Ybz2La%h*A9N|-
zJ+fo>v_5+*|MH(4t28pcwHXlYj?vVlovBH?nZ94I{{@PPJIuI0c~i60P9Wzx&F7QG
z-Is5qlNclEE!K%Z96yFBdDM9aQg47gzc8sv2YhG8-XfT4&y5V*eU3^i7y5EHUSib+
z!}-*(2cw>^)Tp+B-G7R%u0+x250*DVUhjT&#8IjMj#p&t;ShVE>SYzqdxbw2V5Pm8
z$eq{imlxg3a~@vv|Ej%1RXjSF)w0^2@-pJI>_@AXF#YZI`Fa&l(?{MbpuSM1{t7Il
zd7Um61$%iJ?*nh!w08sbJm}<ckR=jYhBN?YFPH^KIis&|Km2}e*V^RX*FBDLIC33Z
zjwn0kb{D6GAB8<WF$1uweUFzL%ensA<+*rvTa3RbeirMfM;s5FssBRB64dz!#?+=d
zZh<46IPYu{d2UGKpm-1<Rd;~LdJrdMTNNuXptb0Y-<q<HZQ`kZI+G4)!+PL{k9hnR
z2W9PPtavBuFwd<*Gu-}M^ZJ_nC)-^h90PS|=Z0D8#{D%}EkqM)ysG$#@vO|xER7Gq
zJsqR8Whf%5NPs>}8$LWgU_u9aBuA0YrD5S&KPPem&zFNc9LSufnUp?eU@9%(TPw+9
z)c}vpIoZV{{ba%5(upz!q25)rWu^1jouC6G@*AX4p|Sy$o6%?ja}hm`PU3(m7wJ=n
z`hmFGzoqlE_aP!a!ra$z$)e6a8vFDv0PaP_-;J6kq98xpfS*8=a^j_Cy4}VN*nqDi
z&d9>wj5h=<E(s2>HmB2bmJk3bqu0)<6|o8+ZVo=@r>sxhU#ZkcMbN0!`zTnwg=K}=
z)kXJPXL;K!Ok7ZEwG5RpsIwv}`F-M-kLi7I-oZCzZoNNfA$XnDz0z45(3tJQBm%Ka
z_d3M*RL)9}#-;ee`P84X&Vwp|>Maq~t8*B1Bw*<$Qh6c1Pon^IDkugQ1szFQjPl(6
zIC$97>SF9D^xqHW?*|y4w!o5`K{q0%z-jBv^;;+D#|s`70SpqLO6S@MK6YH(N(XHJ
z{xL9P@o+ld?Iq~9`{&(%Tom8z>!k?2xqU!Wn43ogw7HOR76m%N1r5XPJMK2F&3(6u
zUTyj85UazdJVRq?R~&mYT7w@--FTHZtup)T+TKZy=TT;6HC|a@Un$i`e68Gwkma>@
zXu9#}C__x;gl<tQl2^%JpR_ncy>(JEKEA&V;xFPjRueH$8>A#=<~zgT(ZXTmb5+!$
zA{?ouL2??&Z_cHT486NYDn3~29_Jh@=Pnra!>%hiGyIg4PpGOLI`JkSyzYy8q{)v|
zr4TmVjgN}HPutCaWS<Y%R)tI2epgQ@eRMDD(6w;dhLjexH*!lIDB9PEyFJ`8x0|Ba
zSoM}mo{Y$FUrocdoR6lst!?o{(wvU~-WhRrtu<d{y-lPLlqq8ZpD43QF7_`r4-R6F
z<5w9}7S9}$@(^kQZiomvwL9Uww6aD}%k;H3S)edjbhe8>HBhlB++?xf{L4^P$A>0v
zC6uxH$6OJoq=o^?8ieF2Pkv1UQbxw>sO{M;Sg)P1=A%M>CBOCcgWYmU1*j|?L{}bt
zEt5@1JAqmtDfA0WU3agjE<O}pKrGPRZVXz3n{e~BS^U9UpEsE_tU4F^q#b%jzG^qQ
z?cGx>29LWzQ5vQ(ftOBg+1&M@9*DTbsKz#926qdQEz&LEn4KUykWcdF7D4um?gZH%
z=}$&T&F0d+6Z1MKs#Wj<Zwdfg+&*iXZi6cM`eRKk*mFv@e?H_L6R<h?I8B!WHAZ%0
zb4G?_v%XwbMh7R~h!CKo!j9bt|63dV(g68pKvc7>PKLrgURc!urIl%Yz3*S-Mo|o%
zgzgvnS-x6ZIf?nI=d3<+f=SrKHxzkC)ruW`-C7GU>!h`Tpae<V5}t#7zAYnuqTJuA
z7-J&)S(%@=vRt40+TIXInOj4D=&@*=dez{Bt$5#sfEE&0jde6;Dj!!aSq(4XZFotG
z<62U-nsK~$<XFjA#xBreIcd`ttILZ}rrnqbbS&0^^+n!~g}?VQp%H!-OO5$hFE9m*
zj&1@v|Fl6h;6Z%?1cFy!&ZK;)$g<c9(3}G5JY}3Vna2XrN|F@+=H9p;>3abq8~%P|
zyYzXzz|qq(2HILVrIK2R;0U?q-uL}8xgv!b+ef(D99%aChp#-gpKPxDoCPS^V8!!U
zdjJZy_qEcjMB&F9uMYl!WM2i4Y;HG2!Hr5+0?r{@(x&Eu`ONxbMZGCKyE?YXGm6tn
z9Q-=@ese#sDI1C*Nwr&4U6};xxQG6J$L^B%C-$#Be1aHPs$YE^q0m2ravtNFf6k<z
z6>URI?I*u4AtPAeBid>_J9q6sA@*&qLB4Qlbs)tnkv>6L-D*u$aRIWXi7S)lZHZUH
z6oDWJGO>GEHdxi~jxI0z(5Gf0nN*dn=^9VG-pA`Xe1Y|s>g<3If_Lgw=c<n<%-)|1
zvNN@?G@E{0c;%zhP|0zYZ)#Dzx1qGnPp~(6ctKuv;|@7$y4u^%jpn55?L-EcRopq9
zKzK$E3|#DEvTcp>kMS9{hqotSvg$V1eA}$~vl!pvbtUcP&oPUh9aaO`UM<epgHFXZ
z54d0(>dm{8z<NgC@l-rQed7UqbNN`}M)zT$6)sO#N(trtd@q6*{+ZK;jqeah3ZXC1
zcZchIV~n=FPO}LP>xNPr?)O5+P5=Ot3%ByB(RbR36Yv5)eCdft=v1@by!O}LP4%ni
z)wF%h?=W{J$qodbXZv)44ZrGLU55QM1QHm4hsV&h7N_YN>v$IvhExutrkk#vmnrjZ
zipg30M;rvTjD)@}s9Crp4^WZiPcUu7@biN60Dirxp<qJ7&np1^+Jx2sNa`<=K(@{-
zKt}8SDLVT0r_*B208$A?<4{zn_K$OC{xr7~cM5o);!8b1qAuRFMFVoLVDSmFok}LT
z{}?a(ROX47wjs)wE$Ud<2~T7D36<^oS1DHA;@@a|T^!5-&V*sK{zeGj2cde%J}Xhp
zx@0ciU8k-%hA&6@WU}q%`)ICI+YOq@^(6t=Kr$u_QZGuTT~y`R{)HF_wK~r^gLS-N
zGHkojblMslOJzN@`+n4t*?dQWl)15ef1Q9KFfmxN?w;WKP*~ANL+>pGDRDZKvDqX-
z1*n!AK)@Y8+Ny5_yMUZD3_CraSG8_Iy8aXSL;-Zc!bfQUr}6r!lq5e-t>D(cli3X}
z^K7A(i**fteZqdYl+Zfv?wdpC(D;7rXpse(^J*F#I@}Ow`h}V_NF=QZrF}eiX8P$!
zsga8?K$|Q2BiS4voS5v8TGdkOfd7ikxwEwviC67^Ju7-yRy<3*wY~Si(Rb<BNXJJ$
z`O6|Mh42Lwao69iOr0)uo!FCj9$97-wj|+}Vy_Uvqi~C7mC6ZBc|L@$&tq70H!XT|
zto_l&4@DNYD4{~Bv01crjE=P9^zy@N;gLzezv|^7x!_-QYG`G!Ta|ma)-&&e^2T1k
z(RRm0HaE_=atdfF`mLWVcNl9Fvd_EsWDW_$VRSM!=@tS`PZ*E`4nZEmxC(;&T@Z+D
zk{3C8<ZUSK=)R93e7>r@7DW%0J5!`aL;`D%fcMH)g;{`ygEO;&CPDTH-<HTUjQQ)P
z5l3Tl9A5VAAyD)rygGbpuHo2g-Q%x4w=~K~wWnLe25D2bxCPx*fmKX%g%1n<U$=2S
z!=(Lg6~X24W?3DN&J>f5@`kh$X>jT|PPm(E-TCGA3j<0pyCi|pT^LxlIDqk3rFJ(Z
z6|~CJ?k<J^*W)`&h);h;6M&qC3s42!Wb<`JLHYVvfP@qXasBg*SWyL!i1a5IC9**@
zFYh1=ug+f2Uti9dG*I2=C9=)yxiaN0xwm*2tOaI$nha7ra=TNFkHcK?&FhU(fY1)R
z2^%X8@=*a~$kGbq$yZvDXR4bAez_|KWdj{oDA@4Np$Y4sp&$EA(C&&+s9eAEZQO70
z#?7<O+5E%7+2rF<@{0ATX&-Sx1-)xlVQ0OVs_2%y6U`D)56yq>F3rd&@hD`QSdNVc
z9|0HOXKSa(3+z|Oy9c`sT9@Vt3mg9*dv6{Ob=&`cpQS=V5{j52WKWcBm<mZ*vSc?x
zNJ92~<}4veQ;~fs`w~O;b;^?LG4?fN8T-D>dLP4iUcdADKCa(=U*G@le|o5g#`w(f
zIX>^>{eHckuhzt|3fGww5O(nD__#jWno7@htM%T~@-~?$CyEt5iHV29IwDvJx%%06
zsDl%+_plc~Y`?!|c0?I_eVI)$b*lL=pr-{~BSBwhrI!Y4)Vw<fZ-5MqbPJu=>U-H6
zL<aqW>o-tB;H;IlDEH;Ab~=VgEV9Fx42o2*7OJt!L>rA$GNv)Q>83AfQQmv*xXeiS
zh_}qRS*X(`ekco&2YbKa`RFlOYg}km!CVUD1$q@>dX7Y)V-1<wl&`br$gZ0{E{R4)
ztLRmehB`-f$pNv#OBjJYBymkJ>tXZz?%Y8DLU=iT!?@_-r>#lj#>2%SJULor<1Qio
zNsg>zyJM_01iYUL<hn)q^_SOX%uYGZ`A6;sj;jGe)B3qrA?quW0*v|kS@+(Vls*;{
zvnX-puOTd7Og0<gOF}VnrfD%?^hY3oj9ojM0QM1VjLcZ1p4OKpv?Yfk+(+xANJV3n
z`|e8}*M9KWd9=utsu-e)-BAG=5N19=17@%AYI?IIZMAzD@-3bJWvV8YxDd)NZuSBY
z$M_Ysi*9Gyq4M293<fFk<>#s`qGv1lDeWzdMVSDykpvyX;XUKz$VinY?S!{_5_#~N
z7T>sW#~P{R1x6}-($DE5jaDm$m0;mpp)~5Z640GMCgD$wJAV>)+F-tF?vZ4VKl>uH
zZjE&;ipNH7JOQ~-xAf;&fbI_30+aNe4juHEUNt6*0mdO=q9SFdW%!MT>{^p*hgRw~
zodRe0Ajg15D`Sd>>SK7^O=Es+L;0(>mGDM61*AlE)@EN=EK}PtR)H~(9mSrkE|F91
zR9*Or>5vhTXt^Sy6%;C5op?Edb=tm9-eZ{;TNck`##2D-YTbI@7^du0Z<Ips5OEej
zu<KGtW*;Bq2qN;)Bx<|i9-VL=1Zu=*7r#=zAufFHJf)GDpQ&|rR%l{+{TTrgnTa+j
zc@OddOdal3BxWs1m=AR2Im{N|AwbxbF|k*tNbxs!X=nJc!_R<p22n1pQ6k#>cg*hE
zX(fMxsZ`BdcTtMfyr-B-WqpuG!=wgW5|QBe<fsj~;vO@{*CL_Po0+A$Ay7IiD~1ui
zlC<=E<-#&W0dz?mN56dN%Ok+Ou{AAjl+R!cP)o*(u&I#aN|WzD%-B}IQCw4rLWI%X
za8<%+8s+82q5&m3VxbAQu%lhxDZzwh$F2kKN{6QkVb2<na0k}VtO%zOq?0)^leF{d
z8CSnWBU=aBo&?B~4kcGdw#%;imk(#GKqAO@bMv&4#`|PPh75L&HpzJZ{9}0V7^n23
zi%mP?bk6h6n5$ze8uDIY*EFVE%G9w2Xk%)VucS#Mg3PLY@tVk|0W_`KI{E3;Uh0#l
z-3S-H0PH$?k@*AUMd&LdcWR6xRW|8g`;#8v`x`4RyR>mx3wh;3t$wA*ahGajPWAD(
z^JU=9984ez9u-`5;~!Fy_#^+i%Ef~%(~=cT1qx_5k9e=~^PH<TWO|G1DrmaN(^jth
zQrUY=P~-Qr#>`|N1FgOE5W|H<P25tMz|U)v;aMINH-4rki?6Lmo^rHI2_+>Y=kQWG
zkNkjX^IZe9zZbW05)Run@_nFBb6%k@PjF4zl65@kI*hcLy7hJhv0X7lRgLbN!AQR)
zFuOPP=f--yngRD<!u^2;>aqc&8+IXc{Z|8GlrQv^8tF?`q{7`mF<>>z_^ufjruBTW
zH1kVlS)udmLN>viV^C&|U{i$e<|2R4+tSdX#oyT`w2X_+ZVh|+`<q#^YL!1_t&XO1
zXVfeCw25)(0ON5EA>BxMFWfETFAt+Kwc~cL<*{(X@F{)?)`fE~S?Zx74D7-xM;YL!
zqFiU^^2!XNnr7RQG^=(N*AsFLt~n3=?mc8<g3w$aPqA^xF)B<seb1)(eXo?w*<t)(
zce*=;hS|HY_{#4a&5xNCFBaK0X-ykba;mLEwv%R`LL-qj)+WU1Z`}&Z)p~KY0mIjZ
z?Rh;=EXnlDNzmRR6L(9^kLXGezM^g1;GWSpi?YYJFp+kqqq$!0_~iVI$yA=j-QeS2
zm1@U0m5~#6=Tc*f=OR#B^(>~Kud)<HnxJB~o$<s%c;tL9gaxA3v$kk^$hWH0@yR$L
zDMCDdwJOb_jK_5d&%n`8Jgb}tXxh5u!~qM76K_C*v+7I=fc+M`&8BC+%JV69s%jtS
zL>4&8bVIJ<8RcX*cg8ug+%lOal~a`A&90+21I`rt@43cZ^LRBY%Mfpz(B2AiC~Ai8
zRikJtLl`0IppAWAoOQI)lLgMYv+?O;s{>jlikDw$4a<M`2`r9|Q$0pd<z`G)*y86E
z$hA)Q2iIaQ1I{*5S`Qk{;RB1-Tu9~%YI?MNqB$wJ${qLcZgtA;JpsM%uTzqVbdH17
zgWKl<GCM>$>r}MRo{6*50Uw7y^%;KzlngFVZkK3NraeusN;+OeR;NlpNwQ^$<!_o>
zKN~~31R)YV+V2)ZN64>i2wma$vPy~;0}F4M(TAOTB;Jj}-@lvTH1l|ulI7o|^g4M`
z?;e3wAP4Ho>1a~6nT?8zw0N_z$1#7(Z$?v4DF@53OtE%Jd8{`C6rM^LSw%fU;x@8E
zhwKiY$Zt|6m`flhwjnMEO#-tlQ)WM^K5nSfB_;}nCA*bAi+%(Hk`xQwJkO5Ka6)JJ
z0?5wmJfV>fLwcW`cU>m>$crT~&V}voGr7Zc3+U=~&QYI!b62lRQtU?cAytleGC<iD
z56wR$e%-{II{sR^V)H&LAmq(DRoK&@mNUAjm1=9XnAhFN{8SJ_V9MK^a!;|&%%41K
zeCPW&sgOA>aSgoolkigt$|V*-UU=%pQ-2LGM$6yT+V9yB>L+L|d0E5ADWDV+*N{$X
zsZfuwb<f;={tjZbQY{tw=A7K(d~aK#0y7X~-1cl+i#D739`3<U{!d$u{E4p?udh1x
zjbH()d#qftJ}LLkxOeKN(#Mq2g%}Wn;t(42BKC?+WG1(qYveY4Cuc>_tkU-LRCxu;
zN!~m}-NLQQowVoF0h9wsvZ7N&#aj~OBHAcGyp2P_5YfExla1)L)eV{Ota+n}uN0!&
zvp3v|S{QPv@{6iF(#M=P8(Mio;fj8{Cv+{mMz?rL`AIj<vS$_U6jD?&*L$BM$EtnO
z%!ziyav2<`=+>TWyy9ZyV*3;kTycD1vwsth!^sy?x|(=6QpS3+>F%3BJ<c(|4+74F
zg??R)9niHmIO`7ziAnOX2-LzRGAY9Q=ey|Jkr1uuR<y|%K#OMyDZJNP`GjQ*CaCE<
zTsge8^k@u}UVu!ASM&G51MbXmXV!RJ4-Q-B_vFH)-Jd2Pwk?CLH9A{!FW2kV#vh-R
zxC@sZLsk|L0e*fe9_Pw^!VKyZrrP0aM~CNn3In5MzZDbXep>*@ZM&%aaD|&-;VhGf
zM8QYDkk#_mrQ7UF>l=kOt?Wr1#sN9a%rN5h<0DJ!<3Ob|5xXXDwWb#F9qp6!X-%ID
z=shCUdNz#BMPcSVn)SntxbI3eQ+_>JESnK0k7ucJ%;cTs;Sj_uEV#Vu<lgu$Yb@}&
zPK8bT<M?%)X+4f-wj)VVaHVV<Ic}%eUgB7`j>KxRWvR9rtS8ndJ@eh3TaF9Y;yu2z
zx0FG0I`R6&V*mweYB4|~S0&l|+}VJ|DO08_cxvgI<B(3p`t&sDF&q5UztBMEB`HSH
zT67**Wve74`K4t;-`+RyJ~<<A4wC6W$|GyTQn2=mAAQ0DQ-6T^Dmt3$UtNlb861#J
zAe#7~+5W>z4LsrCBM}%krlH;B;3-Bj4z>}Nk$-|1E`A>+Z8ezH?$5V%0w2WGfUEf(
z<mjrJjp(BuMYfRBp@9*+7c@Q_t=aB9dFU1;VR{Rj!S83Bfr0Q!esBwUlNi*$$Cb{p
z-jOKp+dDpR5{u8|jG6KDGlbQtpihJpuxJA8EX(FHR_)cJL1{7_YTVNJ#ayY;+GG-$
zW;x=)#FhR-TS2sv!^MuXdw&Kcf2bmDS`5&$veuAnmXN;)0ff>e_w?0mxB-;*%PZ!a
z-h~Uu%XzT)V7n^!E*@uyqOS&>QJEfIB>$tXOyqk=@hXCRso1Y99}cluLj<_2le_B`
zj17q-A80%8&=GL*i0Geai!JIYZgzk-$3#(a-8-mLTgNJqi+GAgvPH(Wn|CJ3!YLAl
z4r7_Q1uY)Gzh{k2+=Rt#Lt@NerGt-=vY>2oHX#Fn-Qcm3gR-g4Gk(==iY!$_&LHh%
z^dswDghpPlK6d}eVKM@Y^)~xnxWH#)_BEgI?=Kl;hCtaw;}{QAdU%OEPu$K5NbG!$
zp!+tViKd1KIQ7ikuUuHJn*QXoq1ym1{E}7#&v%P}t0hX7Ti?-#3!b{JzP042c?(Ga
zh}$e>1X6hkw#IQI3%vP=oe-{0NW?bi7Q{zUp6+o&{eO<zg#93od!}uBUCcSJed9i8
znM}Wp)W4PT02SKY+}xokFw-0ng5QB$I(B-o=If<j85lwBq_>G>#Kr=yyD1!h$eiJ2
zIv9+v(r4{x?_Nj@demQ=diuJ{T!};folbw@3|Ff==a!50!_1q~#tNptGx}}oO)9fb
zKb@u3mS}7B!)A1Su}RLJBa-8;Jt5wD;`X%%p$H9Y643H*<x7~5aEYhW_J%5oOYk*B
zzQqtH6;<=c3ilh%Vi}M1EK~uMHB#Pv?l(Q`aoRq{TZyzuX%;G$LsWgY;afX8WzK<l
zP`rV#94eS_@10Du%-?^W#Ye%)77gJ~Z?Xu?!@a=&(W7?mcutQ9{e+JsLltGiP7e$Z
zgY+_JlTTwYaqgW5ZYYuJ?-TmvyVM(u|CE)lwn3H=qx8MWyAVk0;}aZ^zr9fxkE?$V
zVF)%hdt&ac(>#Aaw;{xgHR#NRkc2xriV6VlFPfQwt)J&^#gnfu7+9u^R!l@%L=Z&?
zgHmc>BA52yJx0k69bq=+18Q8$#je!2m>E<w2)qMg5w2-@ZK?53);ZDV**#u!%9$<q
zQ|9y<j&W6^RQG0|eUtBmX%j!s24y;!)-JlmDR`9%avc!4cef0o1fNFfYQu-(&QCLu
zf@@ue{S=DhgFCchnhxJx)>pigah(F1ecim7AUhjpT9k`C+tJjKOfmJf_oa~RtsWrI
zTkca}0~@dL(-yvvp)%`d3nna73#9P*jPFq2#jI7{&3K~hrpVfwZE@7o<Z-8=mG56~
zXKh!Jh!b{f`!sGN#ozcU#G+8yv)$X#9PDMlu-2;=^03Q}eeGQreV2CWjhEQNVj0up
zp(I}tz;K)O7Xl1-<anq7VRXh>Q)Zx)3%3y>NF>{_uuBjv`@6L{!j>G;cHG%tuLiW!
zXlyi6o<?aUR)uE!JHNd#V6A}s%H5LU=SufmoiDPyPEN3|t|3;+?kCV1I%+C;ubu}Z
zZf&Ke$jh&4zG$+i=)$`hI;|JmcR((}hfbTZCdaC0H2Afgek&7-G<VGQm6^#~;JGVW
z9q{X0Pj=MaXd}<7-a3yI@DqI-T=>*Z>{J|EES!!CgIjpV&6EjftiI%^prm{_IUwBi
zA@Q<g*D#nRy0k`#r7$Vh@!g!Ulk6V{!~Y8sp&(75(tzk-g7iEEA4Mi8`3-YR`9`V@
zv~QQ$W8ouVK6{r31I`FAn-Ql#K^EfmC4U#VV+W@kQw`y3-uWed!C=Q4b<iy!G*Poq
z_H4jlgA$EsPl$vm`j;={khrvD%Z68Sh=q)1wRKC#;v&TaG7UIu46pp&v)SLWJP=(7
za@P86F(t@RW;%0ryqRR@OWGn^3sN^OD!1E&g56k2Bj;Mc;9jXD$8f2ir8q)U8U>6?
zBi6u+0dBW)@Cj-6f!lkM!+RUZFfbM<g>1RV=39Wl^Bu%yJ7lud5!)^0nK?<aXjf}|
z@&J(UF}qer`NI%%5AJ4>1U=VYSi?eO0+4gpWPQjnr4|}kaEnc>6K1OJV!ani)gA+P
zu|CyZ45lVu)YUhWccZV^Ma5oz=ki6iu=Grf2<U#!i87DcxLgV%X2nEVMZ`os!EZAE
zmKON*f_^#ylw_YS*U2560++!l5VB)kigNk&@q(-TJ*OD=N8`8X=(Kzjcjq0#X|$$C
zwEg`7G10OsHUO@n+Bb$3`pmnBu}e<nyh;|7q481Go!vmI*WW@3Mjqh3XEAqYnXDeH
zy)^t%lH~pVaj);q<#+`<CNZPSoeSm1I~8ad&;63(ju(G2`6jS2Olj>nTIRK_MzYr3
zDA9HK4#t{ua=JCkiLx$rQga`*t~d^4dGGeC*PAh~JRAk3mwlxTQkJ`D(QyMLUwve)
zQ@H2nLP_Mndd!6>vCS9T>!m+ZhdG%bHp>&F+qPDn@(%VW-=?Thj`oo~DUcs&B@wsC
znBi0OT`6Xrfkj8=!fne#QeLM}XQf^_VV0OWBQK4EAj29t&)3?r+u|Q2oRvDs>o;HM
zg0#Ad8t*mUAqqgjTR)zTcdp&W`Rg|IILl7=U!>$%6RF|SIW}&wP;H^@o1?z)o7YA+
zShejtuwmKL?JmwfFQ9$dr;G;(zEc_N<jIYteAKHDWU4uNkn2wJ80ivfrq^I_qZtIZ
zeMZ^-(401|7uJwwM0dYxkidA!Gw6J~+7A~=E!!}#5p2UYN<Th77<ySUax-tQ^mtLv
z8g{alTVxs2UT6I|K8$P64#n6WS4Q`U9j0fiL3tY`PLlrR<HUVpc5kV4ztXbC#CJkw
zI(If5KRBn-Owt_5J=wX8f7luo?z<-Sd$I|(@=7Syz+Ugl7H(MESGAP&nCX;TDlx=?
zl8dep&%CKyTF}q4{bm~^!RvHcHR5t|^CLruq4?1m^dj9>fB5E}VxvcA%Lfs{MZa4I
zc<*jnbKhSMXt5iMLNThwAwfF}fFQ9DLdsv@N$~lIT>W?m(dj|B4&uC?t=HGNlke44
z&edI7kSuB6dSeV}Pg4%@uhER@gK5%cd<e%=v3wvJGP6$gcq@TqE!qC1S884aT`LZ?
z9T#e!BK(>PVsO{Xw(A`G^5$D-_#1Bj%$xlLiNzP8p=0FkVbtO~kKxihxc^qR$r2v2
z8KDVWGj$6)$%#*Oos(Z&;SVTZkx-;)^|4WaTI6N+X+z(XAAoSSdd{DbO*m4x$IeB*
z)BD@xjQ~k8jG|vCVK&YoJw|4L#7b|OLIrSI$ln#5)@Ft*`yP}^!=O|enwI;Y+fE)a
zWsm5RN@<KtPC^RqB;&RWClUeX2u=abQE{k%ZI9%x`FM>(bZ5xfj4haX%$$s+%U26h
zKj-&w&~oayKAf>-SA%%a4?A;*lJ}*vdG{H33Hw}&8uTV;@?`+nR<?2}#+N_<+gR6Z
zvY!Ie1ash>55oNQAfDxI>65W1T&P;91Tw4QIdq5v21iiV9&g@gDkfRQfzuyzw8cb9
zkVgbxEt92{u+@PsCc@}4GJp3E_b+a!P!@?omOJOW7_Pr4;59j@gw9h%06*;Wxp`#B
zj&h7em|#25ac8yQSLDMMfivD|L^9xbPg-*@SGrgSMw19T*tp(Y|Bk|Cx-!d+$-5GO
z<E;lc-Y(fomddp1|B>VE_{#>s<u*Ig%4)Q9xcO#-3f4TrWJHzL#{5=Nqv81y^`h|N
zm$n@V%WUL{5Qm>`B@V3t2ORGZNS{w4>!bQ&%haZ&G|P?&YabGr0-*x?>v1sw){EXa
zmftdxsumWK_t73gLQqQ&R-Qs{WBy~}04DanUnpZ*4b`SzpHLrf22%_u;b|v~7ZVq_
zO@Vo0XWiXP2xi_`46I=aVsSECEXWO?`?+IxCHkGu2Nv|_Cdj${z~Kf0b;p$y1CERf
zJCXWvz`goyVZRCr8IeSclfJwzbTqKE3g^6vi=_}?osmd?2<gI+Si{ilxpL)jMcuW!
zNl_l}!P<cMky64`F>$z&t);f*=AS*~>Uuu&-^1fy*i}L1kQ6_CxL*=`LeP)J8%5}o
z9ECg42XdP1!&*!aIh9UxB_`?pCHp(kad;3IGw?4bmtOb)zj+idoN0H@E}6wo#GO~;
z1b=|T*nqO0tz^(e=F_KHAg20Y5Q7rDyZyahPkl&CD;eqZ8&k8I)doSV*FmEFg=!yD
zw)(jz6W@PuVozywy;<GH!0b=$wiR9;tduPo=R^%LfvqT*By3Lhuzqmy9AVU-Jhw;Z
zk+=|SruMsW-sSa95TAy-30aOiliD?Umvl%D$}k6pPZt$u*FCd!>!!T1wmc|v)`m@^
zzI84KvQt`TU>9RUWXA__Uj(q01+Cy>rIgZuC@I(c0%?AFvMBv7E|7VQf%DDy2T|AQ
zN?Mr2F=o!&3Z74xIXm)L#SJYdfl$qUsORCZeL3hndD38sOzkdRcQFV@qdDl~9=d?&
zC10@XlpcGe;Ne{0xnyzQVpXuVcYjj>T8X>$Y}=2a#gGqOTJz%o1kjoL9gUe;i^`r9
z70b|Bxs;(dI}JJtY?HNx^Y_e%!sKVKCu%Q{e~PMVSlgOwv^vY~pv)=BxQ$jo+$T#U
zW=5=MhRB$sR0-xEV3{P8rw>ym1+;j8!{3A~z6BXZmVd+`7ndOlh_0d8Ta+*%m?Bzh
z83rnmAtYphI!F$@Tu5ap&+mq+Q^caJ%aX?NiY&{OW6A3sX`xnaLaW}x?J|ZbGh!w!
z53e0ZP1j4KrlEe#AHOO8mhOPY--s4Zym>_sYz_`DCWf5x<eykC>WFSQkJbS*XPJ-&
ze#G%;i_nET^8#xA)Y7D3zcf*~`e6gwbqq8Hg<piSU^d?Vtp%o|x<ACuw0wXv+wLq3
zHwhY#TF09=-6>dAVhJwb8wu8|zlH7|^&02CJOjf0e%PPQ6O08OY^b03M0S^VA%R!h
z<MV*#biE}tLsc@dGq+l}nje3h)u*L^r_Mp8^ojAb95EzFleR%W21zPOMzCN}0fZ%)
zB<nslY;ZVFGB(&p6rIckkanxSppwWTCY<D9-5Jv0h*Ki5@#vUdY(Y6yMFdNR$W$PF
z@sAbbb^t=CKgh=b6(9`jR5Asmb+T{8Uhr!0qpdr+9o8)0^UC1saSiY*V+e=m-cJ7M
zTJ*aMo8+QfoLYNVn=xG6Q%@8&0@7|VI$WzR%}aEG(@HqWicvgWg1(?s#V9+AMe99f
zjr#EiMDDR_Hk%($Ka3z}+Kf?Zw;gyi>O-tjBitVMo`OFI(gZ-{z6o-(Z3)XItTT#$
z#iqaXX})1BK=3tE@3?gxn?P_JqM*94zi})8e;m~v^gEked&Ub-lxhdGtfTf{zuxE;
z;nW_MdNTI_GT}JtE73*6oQ62_1wrza?47us`~<Mw1yjNlZU!K#Y%or0#X+G7rKX(_
zMaZYmRR7*k>B4zhrhzFnq)yXll^4qJ=hGLV@I#HavZlv5#S<Kt%OxW84UQQX*?vGp
z-yWUXeSY-jE^M~@^p0?%(V7<@Y0|1?#t<IR%lGG4rAO|`hZ5<){KUe{`LI1sRcpH1
zYR~n8zP5q-G2-;XcU~BKX5rTwJJfOmMC_>PZap3O`g5R#*nOU%;Ui;o(hvpc+Oobq
zx7WtxoZ<x$wI(ZKN;>qZyNWWNi;vD;<4#XKeDwHBFCQPdL^pZK5~=az)LV=@YqH=x
zQ_K}(uqESg>t-US(okIk5QBw!^#r<??Cw5qEX2Kt)-HL-hW#0R5@NSz)lV*I#T;+N
z_)>xrFR!^iLgMxqy+(^EH?+a*XYpcnCB<8K%U08(zx~|;RPiz3+x@PDb#5p<ODR`g
zo4sg!?)zQ5NO!B3JbHt+p7lE_8dL4~U)}EpE6Jc3HTVCVD15wB0ksnghv^YCTa%9i
z$Lt6s`q83SDn)gA+@6x2qz!5Z)Bf@CErvcMdVNKr8cr$jL(K1aeR0|$8tf!rRjR^M
zdEL5{l8lL4gkes*kB-<KAkIqf6$jfwpSSYp4Ec2af|<|she_pa>z)jcU$N5q)%C%s
z_fq0dxiYOoN+)UNtk>_g$JGfnOJ!@RdzXeY!@Mny((iITrl78#65Ix1OzvC>P^4_N
zI-yY-Osyc|z#+LM!d~M6DhGW_fVT4)8yTF@lT%yyQW32S8Ynxrc?Ay2hNpC(fg)?E
z(Q(z$h?Zfcq4X)&HL584gK&WL*R+}Rwi0f4fc7`qeZb9?!7Y+tzn##ir<98$em*~7
z-2?`eRL7eM^E-QR9QkQq4~^>YWF&0KdYgNk2<n#1Z9!dSs#@}96Noc|Rr%lA?_GRy
ze=<1T<&>=S@_W;usSX7Zu%uNoI!nEK+5f(KTRagR24Lo#U$rb>dA{L{C~rAwTj3It
zOzbwD1QR3ssbGs9Tq#CNA>#=jgQZ<Kh2C<Kl75`E>GfHFT=A{6VSYq}c1Gg5Ps2vK
zWVge0;P7a0S3j^C$kfj@F!z^(tG${AP>q_+nrXu`&Vp@IM+O}xz%d<aAHt_`LNGx4
z@F9bwQ)4MWw2<mE@y2-hV~IF;<Yw$qF&Zx}5!viJIO_DQ)+3t@un#kFVDnDrD5jw$
zpW^OZ3g~cojL}x%@Ops<18c-6lgzPOH%lzE`@?5ZJQkN0@T8SaktD$6cBD%uhFIld
z-JbiLGhF-r9CIfgnV2zd?p<#?!Nx$h&*X;qq)g+lla4VqD2Q#P2IC-z+sTN^0k@Iy
zmOy5MRF3(+h!7d)A<^o4Oq*UgcAx|pzfPqN2AV)G_X1_i@b-Jb>qiW%#55L1D)<V$
z#({X{^}5W--Ayb-?J6Wd|5gP#1oG(h?qyXAjr|8OO3@(9b*6<sqT=Sugh;jfAWdVG
zy@W^8auSHte}-+rGoU^jS-(l-Te_ey)>*n<U5b%rt%rN0Qf}}+{;Qo}Zw?0M^#iTe
zv=j6Si6^CtqBpg;hY8+XhHYRXvzP=Cb|Nzhe3lGA#13^{i`zuHc$dfuA%#D4VG18%
zs(dIS$0jx*PtQaw*nzgfp56q&p6RtE5-R~>cpY*F@42F_m=LjVWM9F%)F{2RKJ)>J
zoCs8eZ4niW%lr@_dK7F>sMb8jAb#`_(sb%X@!vC>>AsC&PUoy)qRtBCabIL+$cCkH
zz(gMAPH)bY1hNYlZjCm4J}UErc?!Rc(}X(Qz7z&##BchuNdha(iZHDtKvv_xZfdr|
zG9gU=cB}FFY5ZnZnoS3i$~G-P?w(^)OgnOb*7-s82brAE;OhHUr_dY%9*Ysh8cWRV
zN=8k=_D!!^+<=j9&fvnm>b37zfZF258o%qI7I5^D*AP8*Ryd=1*eSN9Cp<X(&P8^{
zjR(XJj-QAJ$MP1$w(Hp+Mf}4Un^s$txB7Hb-g^C-oPCUl!U!>Zh6Ku%(Zzws2kNfo
z!1tLDghSo#$LX6#U#kA~tQ2198&`t_n7w?Q6jjxqXDX-?kUjSL^DJ(-OPm7W+=VI9
zmebJ|$F<8spj0^by3D8wKz^nw1Lcg6u>oFV){%28BId5h;%Ib@(;COHXz?D9VLk%R
z5`^`RU|Z2Ky8AI_obY|_i={wIBiwL<ar%>Ln9?VdZAXDZdzTWHxN%wqOpULozC7i_
zX;-C+Oe%F49?Cp77$iBEnc1IZ8GzAItwZeJN8`@l8x9F}CSPA0<OZKG^wHPJOAGHW
zR<nHB>5UN7)(M-@{2UVKr1phKt7(>S@-ul+;?1Mgo#<;T%=`g7J&$^G!e0X-H*jcX
zX-6)~6<S~pQRT~Y=#X!UCtZ%rD}G<l6TsXBGM=O8V`lQ6^Yd$MBoJTzvs*j*2o!dT
zRzl5klFiUeo$uD0jK#qsdWr4Yx~E{&F#5F^;piQ=3Z`Ps=4%2}W<*Gge6<9CstKn+
zU4LJ494Y_Sn(Cbd^=bHOoWtRwU^)5no%JQd`~-j=#NzdBo<Ri!9uq{8hEVerjR9=v
znmCi$?$$4(_~}a;zx{=E{y@{N7uyUWPcH7UXc$@JiC0RJ_f{v1DI!<h=Rs<fHnVdj
zPuO-<{0^oCDNC{tevSR-?L$mBxP4YON!i0ozsYXEgkOdDHUtr-kn3pu5Zk!naj64B
zcM}A;xn{z#xX1mOOlvuro}J*Klf+GVKuCaMz*N9V4_Nxr`dyOj?XFW0>-C<ba*W3^
zALzmdLfd!<KoB57;HG8b6eX+!)wo#AGJ(N)6g)p0vPlWG*qsn3zw%Cq%#eft&dmsm
zkG=!bM^K16sN<(TSZGWqyfWT5tz|(4Iym&?02bB{SQw|5m3a?3X!P3Gf%NR?&8q;}
zT?9twO3h08B+DGVS)Yn=fb2H%PNq{Hm?*Ynz1gFb88ZY!)TvB-xJ0uwR1x93vy5Y<
zFv>)xbeLDRkf8h`4B;S9*;*BK*JAciq2F=^XaK+y2R4pNK(9B`fV}6iNbey@p3_u|
z7jV~%^SwCBD1KaO@mTQYA6lF<zTSch8U5PYSTO=P$KIc|YmLg2_P&Q4O?cZkDhivp
z)~0;r=Qs7PYKmqnCiJqlnj3}0e6NPX;(e9TgF5Wx3=X{^mk=QBS5(A0%vpY3*cWek
zrCN`){8<Jd@M6cR3F?x6XrubdoSiXxpKudX>BNO==^wUUu{me-!<~7@gGMCf?Y5ub
zcc+dXYM;$EJ;unx+i6_oDW>V~_k3w@>N`fPM$KtVv>M4+x<j767_hD4xe~C`D%~GI
z;Rd+PKy7^G<%I}srBB9?3PBC&b_zw2aIQCN4QB6lsjdM@uDG6OTC#ZxvHNf!i2IWg
zhR+fSrDIK0Le{CG8CU~@N>~NHR}yK9Vo^nc7;*EeX1zckGo3ZnFwC7!JlA79s^9l{
zlJ}(gS%19y1fxr6jf~3nKpjn*=zx9q?$rzU+6S85MdrHR7K=l9A)BR*TQ9*B=?FBL
zW_`0=^wR7!;H9!{g^#%^4k5wt@1gTEiJAoAH{{<_DEq$8vGBnwfT>w`$#%(kUi!Wo
z%xy;Ws^fZ`AwGxfL)>+F-20`XUvjKmyNAJ|+DM|9^?U9!9B6*%&1z)_hWTDJV-G>y
z-s(Q%T-T5@IaKYxHnh9J)B)j=_MN^T%U`uE$h-(pUy<IN^6c<rSh75KzSTYS*j=jR
z<cB68DW{ZS^apzsw}m{3T(2>Re0$QMy0-@<QPEEe%B9yD>cooth0XPXREQ*Hx|Xg3
za5s;<yOFPEvEOoh)cD;_6s&P0HT8{FJ}tm@cS>YZvE76-{w``+Bnz;({=*%;CDU_o
zPc!sU&McA(XB6Uwoi;Hs>(~vT0R^|T!V*TNhAdp&@ol`)oG{zHF>HJwm+JkycXc3_
zG6!<0jDCy3d$mN(o=Q#Aie{;YTg%f5?CBjP1REBsZ_k6~>Vg=0(%l3n@gevE!W4?b
z*Jr(q0lmUdLQ!J|J_a5RbO<<~)>An!sU)lSN+DOpD86`nB@AKVUvU#AHo0(8AcNNc
zO!(LYgsF1Uj+E@?W^gwXJCy%+Tc4+zjf)>-1?OSjG!9waX`W|>iMAI4>BqN=N#tCQ
zTy`Z}w<gcP;PBrF^5hC*tG<EKp#~;FMy@LFn}c?bDQ`d3zwoLf>dHQhMgoX;^Lu`2
zYdkI7HWqOugZFP1fahm#RRHwXp}S>L{DdF%WTfC(Fymde=UIAHAkrlB)s)ssh9)QB
z#3B?>el`cJQLWfOP5w-oHbG7Q_`c7^dGA99(6}uuqZ?2l%G(mQAeUaG2H8^(glC6F
zm8v{sTD8j=-4y&r1~~S6Q&nAs_vhwwv+qVPPv&-hb{(1k0;*3yf)wUdwRA0X14JOC
zyEwmLd}Sbk0m+f6&X_&<M`x;7>x6)Mlez(Pkb}eF>EPQ;c}z;5oUM@&8(fx74p`GA
z2b>7o;HJv6Y}-wBz*|d8_dI+YX?%}{Yq-pr!@`H4WeWdn<T5`h=s^J(U6ss+hsjw9
z85a3wK98}biLad-UrqBa3n{t4NUvjF71_?~CqxKnrd`c7+)J?jQh$+B*;H~b!*#66
z3mubkb&HRlH9jziachs8o-lgm41F&Gc`iW-No<^ThV|zqpVDhQW@7ZKW1r%^c8{Fw
zJAZa<<i{NV^+=I(v)y|*o#dC}J;a=hzzb<oRs)jVJ}YSKZb+{~FBMVHm`9+J|Ev>I
z%>5V-ogM<=QT$UUe&+#=<(PZ>)&5gqiy(n!UQew*JZJnP%YC4hS~jWmm(z@wSA{JW
zb?hx+z5ZN%`%cZbf?Lk2eA8ss&FZvgRwWVm&$5&W`r7Zmy=OF_*zEJYdw#G0l{d^+
z)n5K`?h76Ai_o)DwkekNYAs%==Czd`D>wM>!UY{U<sV*l94hW=t?lQM+3KNLf*Nlx
zV^QEr3IMjZcDMzyQAE`FZ$<158ld3?fTU#h+yayN>5{+bItxPiPcW-D6@3d#uAc1&
zNrq2g4}U814AHZKv@;RKyKWaD5~pdhiX=3Hk_5Hk^Mko4;`JaDn6F8cZ5x(%q95#N
zo3IG1Z!Pr{(on6q@GVhaV<tOaW$hy@aQX%e$PQ0J-Ld;?h*S8zn8<Vz9#u}V7mS-}
zcn%~{rOBF0JBO?WSw2(l!W8?KFh<4WG#_BLtQ{n@Q7{(yv2K^Z=t%;Sb1^EIlDy6x
z4zNA@`v~s$zqA9%!?|arY`Q@^e7168Hd$;--U&D*@+iJ%`L2!pds&?h!zgo8F4vG-
zf(<PkM2GUcezb!HfUP^a(fjEwqGo=w$WCYQ%XGt{sZ0xbjv6=)K@xd%q5khdd96nv
zo#j|0eF|aN*_&!?vm`WL3}A9FA#ZIi_2m(587z&YIp|pR><>5)dPXs_)HYXFHT^sG
z18c?PDPXO5#4<NlBlzJY{F-+mQ?=cXw>M6hY(?{I?SeE0kb2SKZXL_DR}fRV7Jy$Y
z(w?rwr)sMgU6+oUd38&#pi#YEz$k(ICVmJVf^;5|HYr_{LZ@vK!HG|y`0+FdB+*nb
z05V2_ksXc<iuX`|*>}PT;dvfrBpD~j2_g**@xFmi$Er`qMPKQ6OTffg>CiFEdY_g3
z2m=(UUbm4--J%)m%}uG!AEUX3c`06Fv5yoRw;U6}`Q~6(VMA_T+5R5Wr39~<?+bXh
z%enr=NP|C)*DQ7cqz!jXJ?^jN<LBpZHm9Z^f&$eTcCKU#=$Kx?>^jt`yGCw6h?aha
z#@S{sz$B608&&UKus|i%2m$MzEAo=wm3eOKP+<+x`#I7jD?e`_B>jlH^z&nR3}E(W
zcICvjAiM>6Sz!t%>z8KF-*5<;$SX0yMBZk@MgqY@1K*DlU$H0M#b-x-9p?4l^x^3<
z?c&Js&RQSajIV?-GrS2yw^jLRy0u}?Z?WrX&a}rHBGkt+N(f`eG}k*<W@Q?r6R9FI
zo>Y)ItpWBbYtbatoiio2?VNGaYhqL&6*w@zdGVJhi5nI%%N!On;Kq$%7zpGXzuSi|
zHjjI@O`VN-pBAwd(fIw;DGDjLT_ht?8{$(~g&8hcxDKqgEmO~`pSQ3!Kv>Cp8yx2m
zv%=4|KoN0ws_7`@{Ppy9%tV?6aK(4k&I{IXefgMy#2}Pbg!2i#95%cF9+8$Y*p0>Z
z$5Njw=_eN~x_BNi?^b!ObZf5}qk*J<^QUs}G#Oose>KML_|izsiGkI*GW+mV`yn%}
z53}0d*7BFRZi7a28NP0q2%Pc!?}mItdxAn*l_+K!deXfN7|z|9M4)5XVrjkRF!o;f
ze$K^uK==+~r~!oUDbG46x<TA&&MN;l)g0yf9$1%OX!MRZok*1TV%yOd@_7ULVZhh+
zDL7pBXsp>xe;y&pb7e?uEHrjb>%xcuR>kdz=bqsfrS%hO`u852_L7?5ma_+CZL5Sp
zmu-`K?Ph}MGiC-fY<tqs=N=J=l5{N-$;T$qWnw!NAtkfL#f7e)#l-oxailX9NSaR0
zy@#jh;}ejAOLlByIFj8ECEY?MQB@QVv+6=H>yu+N(||CrzY}!Osp{?gXbg~7j({Xy
zP?N0e?<KyJ!U(dT3>wqH+v8D#m`x+wnNUiGaDVm0?vr=V39dj$++1^01=p`-Sv!S8
zvUYEhre}lkyP+`n!a$+<ZK=h%wW3Utla=V(Xn^*kLIrFv?=eCxTLpbvPYK#oQvh<V
zG~}PP$i({HSfsuGy)s2zY9;die&ru@tag^dv$sc|y!@N9^cft@8!BPC!=2C#Q4-o#
z^Q_`N7@TRM=4DNczTe!1!RtEqU~4`AgM*-@E_TUj-l`x8!`g(+W8VTF`#<^l6=9WA
zFs|>uUgo={cFDQ68cq;4tktCBc4hH0K-lixd<ss`-D5R=)g3Z}mrE>?=ihDY_6}Vw
zcI(%woNvj^T6g@AE_1UKl{sZOQBSpSwOw5@vLE_<bkwy~>`Dg>Ez?itg+3M;fx)|4
zLjR5hH{M`(9WwHqq6D2eF@7G}NF69sjgKfQ6+G2%9#Fxr#KUC9jBdSrF5hxPfBWkX
zEbGc}S^t6tj~NN>{imCQWDTN{TWfI^cPX}{RzKSn{iLU;{LjplzUUgi?Voov6LS1|
zpch`~hp{7hmy<QS8D<%+uD{9Lt(kl!lJ?YY?(L1|ICe$(D`GI;haQc^cFbl8+lzn<
z-CflNj1thyCqw03YO*-Fxu^Vn)aJg-(m=OD(Jpx!_e+~$MW=eMlRarZH#z40?$>7+
z;(O041(sC7_sXrNa<*XcBV`L&B}r)KrWE1=F0;{N>x1Ml0^ehAA~r@LN9hS_cM<o5
z;2{*l4IL0V&Hr1q4;F>E!zJVR@riL!*Jz!o32@%)p%Rsp6C3nD7`)52#{<H5CIEdj
zOM`*z^+lW4w9huCJGFPh?2~{N{UT~_W9||&CsDF}fAX$aT}Tg2oQSsg{BhLJQ}5QA
zj(Yl?vU`JJK2zD^#t*juLyqzD7UN^k?i=3sr!1A7lJp_>`0M)*thvvJaG#TaZ738w
zi&TF~ED>N`_XHf!c&gy2QcX9XQlM5PW?FX7x63vQh$HLVlyfe<Q|xvj#VQujnrQ68
z_R?0F$lf_#PqhM9V&8BN9n;h+6CBwjFrWqvEr_eL1&{cij;;a)>&M*u$~$!W5k~@t
zp<Atc8#8<UF)5kthn3mEg9Nyx*DmP5NCivyfx;=FR#ojX(HDwdWZi&H&IbVGm+$ww
z7ke3$97WE!ZvHEkZLwEcXRje2)_d5&iS#pD&y2U@2s`7*){P}Hk-z$piDKU+%hQ-D
zgU?0+f$6F4k$h@QU7o^1HSgB6*xNNv!aolZN@@${YF#2SzO*+isUZ-~Y|}8R<b>n}
zDw<ZTPtFX8vfA@*tp>f_hF?7kSD<C%19uhsu@yx9%4vg6!bYUG%+5l;Y3=YPC<9Uf
z_^{MIx6d(+esS&H9-2T_*jqEz)iv&tSc}=cC%hHNt<(%i)r8?<dqF&B%SKM;7tq?w
znrxS8C4umd*6e@Z50B3HJt<i|j-SFqE}7#u-7{DHO>tJ^bg)*!&VsU^%IJ^r$={@D
ziTryzw3D56UvC74_$c9H<*&vXh-wFX&)U^&MJL%If?X*P<jDK0VVacW-A5j^AW+;w
zW4JS8JANC9^KsE7Z?0x6fSx9;Fft+eL7fVgs)5>XYDz7^`deQkB-Rl!^AulVpNGtT
zO7Jzg3W^3AGuAYdMj2~gKo`+@j20hkm}i~95J73=?;(PL;1q42Y{C<m(b5IqiJ;0W
zbNH<V`?k4vS}E@!&1-6}@mIV$&Ph5+YmZNtEZ?GphLSQs3sY)B2|4l@bBU`Cz#U?#
zvdlcn8m*0!KH`FgM&suL^WUkB7uHd~h4g+&N(y^HP8~p$ZhP;~5>JloHDeE*7B%{L
zt(nmZZ*f)j5pb_u#~b>UzI&M{1PI~&%fButhhjFFJtpk621TC7hlP@!gupAxioz72
zV=Q`)0<5J<a_pO0Jo?Qg6b*zVBs_5&N<8`t<7hOhAP|MaV%ADMCeW)OqUc6^&;#*-
z6fgIIL_)>t@%7q9k(Z-B6N^$c2w#(lA(&;IO3PcxKpxevTOK!M<+sDT;ImM|6GvY#
z|3e4#F)BEp^nU}&C+q~_EhY|h<>G6Hi<X@q{B(OB_`$oJqS=B`Z|VcYn2$`{3U^sV
zm~+A*I|2a`$85J$J$N>188O70^&!l?%zhx|ci^%ZIG`E&SRZoEjcT`n^ZeyHjSfK*
zUR+;njD|-w(I`^3wAO)dHn5W6!c~SeWpgVXvT}(Syi>0;`QD;}``pPA=V)P-pPl`R
z!SjS(y#0kc54GWa_Og5B_IS}D=dLeoYc+GugWv=<x5%w3YWBLp>OHblZAaMN4#M1`
z9ZO^i*y=T@s=q}T@kUhHBg<*{oCeT;#3>=Y-<I79r)1Bi{Y<$#tEGh1^VOoW<Of0I
z?dvNIh;8Afq~mv@wYFZ_MyDgmdm-;5GIzbX%90#fD8L7s(&W&)uF|@rDL4`E9M(-|
z<MLi9tRL>P<$+m}_#p0g-VXKd*_a)^_^aobg}xcyS#|{+;mC1gahJ82m**>iHtOvK
zaz@4M<!|!@-)c`D5f95qM1F0DM^$H(csdRX`|0J^7pO=nCu;i>#D=%|)YgX<!b54Z
zNMgii<D1N|lXaRagC~fI5HU;MO!WM}DB-qi@A$NZn(ltwrqz~f<?S2+xQGI%ha&Q#
z_v)`3Ip&#fPB?=lNE3aR(AvClw>R172v%2v)!F<xeZ=O*zRW0>fP%f+Go^ELn`!$L
z|J%51<JP>Kw@YI)p_NmueE8cgjF2$L<$bZl`2lJ->m8LPo<>|J7$&pTbILGq_cYxg
z15Nf&XF?K{Z;H%@D*S6)K`Vm%woG|C&)oK7h+^Xl4pnyX8ZF6OfcH-$K~*?<q3tPQ
z^q8K6OtOb71%O;N@hhX%WcjeCeVX&gj4g}Y#EDW&-bCV)_-d*Od+7<|cd1iT0EXeQ
zRh&EyhTKyKo`sDNnEO094}#Y95Aj@A@cM!R)bZcuYdIfsmR%MPDq@=<#0#`xq=bNe
zvDNTAMDT3MQJ@g$`AfVw$%myhVD@gtyv$BW^(0)la4-c_5d@^JuHSDZED%D(2h6Ov
z#^{-95CW+04IemP!%@BI8c-qeQ(u-?BIvjHK$``$MPW+t@_YWxPAlroU@DQ6g!RbW
z&fR?6lO+VzFo?D&%e}$ov`-I*v~MaLbuD<qw#|txcVUff13jfj9gD`o>YdK^l27ZC
z`n``|pT3~N{gBJsx6MaLNNJ3rSB}`qxT&VX1B9x}gY7hr7lj@NpSf4$Te+FAPY)MN
z@_#RE$R4Otv2nbU+t4?04fmcOK|5Eib;7NF6QBLNu7m>Ae>wn{s=xXXL(ZV}ukK@Y
zk6(RLpLA=>VK?NYQDO8EWZ)~ONXY2iDgHYzaplSBR*kO+bf-xl_T{T<t`r3^3RUbj
zYjJx^_w=&<`Nu5`wxzec@i7-0TKj^M+eiI2*UiGNV~yu&xSk#H_vOsk7bWU7<y$9Y
z_BoCU-~W6j=duf!|LbS{?7iX_Ay6w;LyPlav{4+IhMkU|+&i~Lq;I^1tW!bEd^tZy
zCO}Rn`4;)6SlyUZnsAA(5&d$h-w8Mox0%dV8l!QQ@B4L<s(ql%=al?kcrFve$Ks>T
zeUWWum3_??LCk$PpvTD|n_pX5&{WUq*KEan!-7s*-=MQbI01(??Q||%bpH8~WmGTy
zRU5muO>4iz&&eoKLNE|FD`faQ=1yWyR4A*+zidg2f7ZtAD;jh89pBSjqC!bB7P+`)
z;@&xW|9A1cuwL7rtrBGl2=bm_$?ytVhyrqIbUD5yCm%A~na=JU53oxa-~3FQkkL8$
zlViU2HvbD*6Z%|PC-z(Gr#mgegrZ<%?`K!#&`WheVYlC1D^oOj*i&on09o;c9};(Z
zu|Y;{>aRM{vl>@dASnl6Z(-<b3DfOZ^S<fY2Q;C+*OMk+*F-IZow|i1cqcl_y8e#Y
zd<w9}yrw!eJi)3qi*hQIudiES7)m+(>}O*Cu7#%63V-G0uzJc`)5<z|Zz9CQ*Y!~U
zKe66YhE%Ng;{U*U4?%#L?(_;Kx8cN5TALWqn7moyK+7($9txC42m1_>o>du#eEU&?
zESU!j;Q~Txvwlm|&k^=1yH6$qtg~Qf^fN)OmLxELZfju^_}Ucq7{9~3mPdM!UmxtP
zaW=sK{@cXaO+rBobIuL`(_RvGcWEB>dNr=V$bWdJuGZow!z9-1e{0A5Xi6wemJ^i_
z*skiLe0Y2`^sH6NFy&MC^f+kk1bzUy^+?$*+KyCnN_6v<R7tYqB-p?zx{w{$fGuRo
z7HmMUjw+M78p;R=P$sMlI+f*PtbYCO|EHU_8ta(3-yT*lt>=angz+T=jEvVi`twNr
zBIkHIng+3sER67~zG^|8?m2TFd0P76>UFf+XRZvApwoc!I=Ns*aAX!WycGQuYq$;W
zpL0s*5d8Tf+3#Ps01i%e%mK*s@yv_8x^FC~XXzrQwUbC4p=U1dZ>MnlDO+*kG7S~a
zc<RlczLW;usgZ1pn<qMw72O0bu6TQ1Tki=`Riz1uPE_#nJx2GR5aFCZ>qCe4I;n{8
zNVb0<!h@&3Ra}P~e7^QH6Y-8$wPEww>?6XPr6hZsyxGQuQruRUN3Hi;aPsNyejR{W
zVX&VsF&g%lOHb}=rA)hvy^U_*`?_OcDOrLGjSy^z+>TFW`nXR3--b^l2CH&+!8JCL
z`5g@Q$g*xT?i#zX>vtBm<7blVH%{LG(jj`;r8F+wK;!=f0bU`v)b@I=c759UR3J2j
z2JwSch{niF|E9MNlyB$(k;ss_%p(+^!iGL2uwMM5ayNJ-2#9@dwZ4wYs1FPzk`<7J
zB=5<FwSq;RB?vn^)g^v`e*SK>xF*m+&Z>vN#6?Z>6Gq@)yd~RX);`S|r5Thj`7V|8
zzbtj&kq^L210J5p#o@rgRKEm<>H1HgbHLU*Ygn)_vF!qiZj@2n)d2Hbo$v>{O0uF*
zcMz5$wrH1y-H9IdaXXc)zBf(AEI40M#RZiI{6{1>VXy%qgU9GAt#Sn%UVBQ?Xn~Bw
zK+{n}Q70MJCE-#l6t_8E<v|L_J05_Fz+21}Hc?_TR+4u+Ka~Y_DjJ6HAbzt{xb1zh
zk=FEAiH~BJSwc+{_;kTCL#M0nF$V#Y_5_^8tHTgX8aM>RW1??H2x1s4QxqDH|0^cr
z0kw496+L$VzWf(pmiooB;=9-BS@Yx`tdJasi;I`Pm)<>+0|wO@G!BorOp9NHmWFaI
zKYZu0F(VelF`+Lpl&Th<20@xRpAmW9#CizKfuMuYeU9{ofQ_}mK==!#d0y-!h@X2I
zW0U<c!Sa)H^4JZ#moLkp=^lisaJ#f6kmu3;VrlB&EqAc$$$`K@wmKDp)$^KzIp_Ib
z;(&DLB4f~S?C)90KS;=H${$U4cw9|%a#jCd2;c62@cpOG*r2h-w<OSv)y^?|mA!QQ
z<ss9nV%%Y-Rqo4|Y!AyW$kB?}Cj<WMyP9Ayn~9RJqCLO^KYL1lS^~jX;)FFgHY{lS
zo%7n0+vPe9o5W%#q{c+!B^SUirGf89GRC~=)@d0rj!Z}Ze6#<aFM9sWv(SjK3rWYv
zoa8*_rTMjeqN(75s``QGU@9tlFpSpH>fs)*=YFBG|E^wo?UQDY3z>s=T-4ycg{4wj
z|7$As5x$?FtnDsnRM#yO1GzxA1yDlUC5xqlOk`i~`tQ>>KHdntrC)IGg1pzZX!se)
z#q}Th=cXqC;3dnpy(vw#H9A1cBB12jo6mtle|=8-pUOLdKmHHbU0fqU1S)`7B@+Ou
zh=X<U?=|NI;MOmz3VE;npI_(S7UIEW|Mx#v!3(FzpdL8_+$t{vYph4hId6^E2C>TW
zfBpFDIfoCQ{^wiy|M(i<z`>{dKA%#405!l};%>his|l=kfRT#H`bD?jQ2&FjTn)_G
zN5WVn|9f8bpMOdKrfop1iZu$rqrY5!C)b%Q6Ai4NV6k%sG1>ox0S9Q(Kac$NQ~vs=
zzs0Km@vkcHsf#mh0p_%?XtNqjyGSo+vn(1XPaOh~!;ZiC`-T0ey}X(;EUf>FSKmGL
z=jE<wb?NPcyzqbH+0H&XEtmE;0A2-LX!ie)i~El|^!)$4&>D7QBXZJ?oKOM0gplk(
z7{(um#lhg>BuA=>{{P~Ye<}Y_rvkaCGx+ImQqP9&%+E-n2w;QNzr+2{)B5|>^MCv|
ztn-8KIiEr$o?n7v-hn|2SZ!ySpaL^LCd%Ia`uhVa*QBnBHymsKn^mC&-frTp&Axx<
zn6FZYH~`cSZ&to@@XOOvU;Gs3;VaDlVaNN=*XN`Qbv2(WbUb`;#sOG6E8bc6$oE&`
zGXw;!h3$rQpC|tHUw>VpZm4o5DzyLg%l~m0PUVx<v6L_#_%Q0>mz~A=0q(2BHRQzs
zo%&P)SkM<`k3EF^*J$bUb=2#8`2no!;5rXlPmahzy8KpZXi=ev7JARWn8|<UQWtdZ
zZI-kDiv?{&cRl9Op;PIa2k$sFDfvnW$R7q-Z;>tB@BixLJf(u4f1P<7@Lz95&*-Q~
z>AF8jD%9u-ag7H34msCdA>IMTzpf^*wy~YuvA*>;M)05a!vF2-r=j51jy6(p1AOvR
z<}p8bSR*1LCL|@}f|%_OR@g=AQ&8RP@DI8F`Vw5123Oz=V@s|5!7be?z~6<Ov}j2%
zJ}H1_XI?zG1b;mHaT3f7e>A)?`tRY_*Ux_dZ@5s19;~(>bt(dw2V}E2sLz%EHp=0=
z%fG<ag7pA8@`-1(YHzWL$%}5pr72N=cCQk^qb;`O(qG~t3jW7t*Z_M*jq=9Yilu$>
z+g|(xj5>{&uDBo&HX|lt@7mjf+)jwqX>W2?KzzXQ18?;=s`BE%TOA{a=grUr@b47i
zGk-D5|9EzrIy1eU@vI#D{=CZP!IaQ_*4#@k->d>q7-~VJVyT+Ig@)sYS<e5t&UGm3
z<*C2d_g9I35wPDt05W2z)E-v^Q5d;!Fa6GaFsc9K_z*B|GtNpW6)Oh+b@#0)pYL1R
zG0KF%3=c<9f3xdP=zE-hz66C9Z@5wU(?jjCiXx@Qf?|D5%3y7a-$!u<WY}j5j{98H
zu4Eoqa>5$=dUBod3S2<Syv3wq^^ZMc^5{)a)@QrpxYFe?<jO#BIu=XG0E0@KmUn!a
z8dDewIeoe{T2)$6W%>1WpvuoSt5`?SP}W;JH~TFJBp%e(v)hB?<?2#7W))xB#<KM?
zvy}<g+(84u$WEp`4Mi9y>YBSWesCZ4=%-&%4w`EbL9f4hx-`^#sMXp;97EMZQgxA3
z)ED5*{_M+(x38DrnoCBCdrN-3^^k7Fb9hNV?UByp!qfHN>cG$l*#uBSEHHcDyi;&9
z=oMA&pbJ0>xRDCC%@8__4_06Zh`w%5B&J#DjtKU{^>`l<!6%dfEbd1XJAWU+5_5||
zH(k9SZmR3FOj*!&VJ4<9sS<(87@&aNNP**16QW?snhGofdyH0ANT?#RB~m>l7cDNj
zQQ<t!GxWtK%rVK@oD5oc$Am$~i|O!Y;%sMf>it}U`6~ZD>-KT!0P&r471LY*?{_!p
zIg2DL84eY@&;UwEgCN>dAtCKwjO#i7|DSRFe`8!<cvrTxYu6d8m~;F5zn1btR4A?i
z<0DjL4`TaPW6tzeoeceJ!xP;HT>rrgy%#>;mn+z=9;*;N)2SW$^8aD$Eu*4t+x1}^
z6$J?a=>|nQ1!Ry$8l<I>l928h5D<nAk(N#gk<O70LAnK`yPK*1#r@pRe)rnz{pRxH
z@Vm}9&LgaKe^}%u7#8gjxH{5fF-T5+8yyJ!2Aw+Zjemu|tqzPp>yYgb*!9!Hfc_mU
zy%}9lK&GSh>wBhT`?a<^RZk`mu3usP_enYEMYv_6$O$y{9kC4oNDDeX4`3Aa=6gny
zalS?u-gTVq5z~tm<yIhVQ!QWYc<Ot3Y)A{t_GQ_$p|7s|-X@?85jtOBBHqKj%{f0-
z*6Y^3W?vy_iG7RPOkt!$twBe=k%d&xWr_{fJP)o*Sy%l!@-_^4^98=aXbGGt(f1UU
zh9_`_Md8!MltLf;gx#zxo!fm9tT81d$GfxIbGVH#n?qtf;Cy#NJW(_20}Zx;0Ww42
zHQw5SHv`+iZO-Z-OXb+WX|^3&^A#c{^Wskoum%8J8qSrzB+2p2u1Md2ajY>m*Sq)^
zY)6<=6{r^jR*%8?YqVa|dFIIU>I28adM$NUze}1CPv_8;04{Ge{UUpO^058r%<5L*
zhW0$Al-HtF4mnqrj~@Hcs0^0RE|;fUDx&8OHI#tM7b4=`T?o@*wW<jO!ntjb2yQ+2
z6Jt1Zyg3#eYP4je^J_0cdeO6@bpXdL6f!dnu&%ON&n1op-=-n9vR-r;Df<t0oaf@D
z1`Uz2iUqQV!0*Wl+=>TfY5Ivxu@#qeh%M2oqbmV$6maP!joZR8Rl~kH8-NqB6ut|~
zlkw!Kn&)ebIpDrud_Kc8FaU)@i;WO-Wn42Hl&3Ek9^tQWmi%kkP9yl$==W=-zp6u<
z5PVzdX`#(!Oxp>|#r5Qo%Xw^t`{R8r;(4rSeFOJ30!HFnE!T+SQ6?GZg5ohU;`J2N
zvriumGd+ApM`um{>?v)bocsMlh$V+}QiHq0_U}3G`K7N5Z4DI_M3&7WA|eNA&Mut@
z<===US==VhcLk^Ty9pV48vL1ib5*!^@Tm*Z3!^Aq##MaG;mOo{@15|gP|fBcDhqCx
zDzFpYHprP->CFMm@C(l<IGlrziIY|j4p%o@<l$QpbzW6uW){APbu<jW#_;nl*Nt#L
z&RfgZ+9%K-f`iRWn2efHs=$=9`^(D)*^|V?_3N^!^>_KWX~Np2c-~QJ8x$;;y{)_7
z=pWe6C{Gv`(RUq<?9{y5xV$-9$F|&`LTbfZVRF-X#NH52dH3(x{PjoNxWkE~CEhA>
zX~OXX4{j0=E$Jhf?4;TCs}IlJqC0b?;Di#bf%j&Gij8XUEcy~xn+1-fiqI)Nghs6)
zfwScrq;g+Hlk|aEk%Rbfj=ZQ`7B1;?KTgEk-AIO)pw+x0)O>E<9c_4Pw#l26!?5wL
zd>muY^3&K~R&pWSFlhY>P6HRsGt(@4^z60Sqc;UQ^3iYBov;}6AP7q~Bkn3o+eVah
z?~QhbM52^WA<8ckFHb01k2o7?e;@&K-T2SsfR6>$#;H+LXRs=u0j3}JP&9|YV>*p$
ze1^3qK-WXL%}?mbneP%$o^`ahcW*Ay(HyN6=r=QV*5Mv5!5!MAbmOySBY%Q4JH@J~
z+cTJ_oFeT~PupUdJPI5N&oaf}2m@1k>#Ftfl7^HJ<&~lHm#;pOMI8*tFtRA4eL{)5
z_Be@%(5*y2Qewzp!t&dL@kWBa-PDSAdB2?FJTu+;!p>zq94J0?-hAgqj6Dp$74`DZ
z7S16WP;6z|q8Q|N8eu~ilxr7Ec*!V#b>1=OLYI)?4HD-|;N3?cbh27pkFQ55?ec{!
z$}M1D1TAZcZcl%{5Idj#;9%ox8fL@@-M4RPngwZ>a926JkrkiF%Fhgb>1+5iDrTmp
z>&fJ6eODjS)%WyARvb@!H&|+%)W#GPwD`<TeFt3nn`6hz@(CN?ighc>JKMX(yb!q~
zpR6qSp5zG+?;f-^Jv^vYR(z0)a`EEQ9X8LS$b4q#*uQt&E|7S6fTVfwx~0SO@jYt(
z==E2-px=J1nlJX(C~%Z?#W}@Z2S)hn0gb4GLbTiN@Z)~1wa2bPZpW;BDT3NothvIC
zs6#f@+}^F|=ep{SAUg6zfv-)jw(mP}#%aWJk!DQw`*{Muu)aqpMj&W0ko;6}CGU0o
z{W&ir6{~(V5NbWrEw_xaH=GvU8ZW`meVstE5tX^|%evMN1aZJZ-&Z-%+QESr5n<j_
z&0?2dET(4Ud<NDoa3ZFU)2^HMd4&MrH(tW!xaeWVxAT7X^4ks7l)c#o&gf3j*7t)y
z{pIqw1sA^MjU0R%2ss>jg3ygm?^9(`a7%A|y`o+E<^p3XO6d4I^@J}-E>9D55J|P5
zk@)!@jBIbt5pq;RIs@=mJ`yXYRF%JM@E)B=bkCW=0=;;kwxMfM4Aain&b|20XTNt~
zO8siG<gnSp_Y<YK?+ks^-W>h(zscqP`}q(yhIue{KrBp;!SLhfry3#1CR6W>J3l1}
z2@k&MW0s=U0@~$cJ(izxhLBEuH!+g~Li|T2J|OsQf2Iu4I}?fBv{Gc`S&Q~2f2E$)
zm=pA+84IYP#7>0OAiVD|R(Cd$N@SInwqmIH&&hl3ru_tRqC%7!LvUCQx7_`{k4M?D
zOzEy?(lz#I++!5xa;sMMw7$Jva9*naMAIO7YXG>k;Wj7Y%=^|nTpQ{6JLa_VH)3Kw
zkkLc#@9#8`kOA6Bpz4&pupm`b<dbANHu+yqWIa9lh)E7*?NhAx6qFzS$ZxoRYZjOs
zyJKD()|=mZZcsnzNhc)hFP<|qAHV~{U%T}8fh8uAVU0{h_KYeau-Sw3-{%wX3wIy8
zs?0x-4>#g~f2Aat3+Nmdr9Ny7zq6Vx3Q`GU5MJ3RO+SAo^7at<3?lYvW&`3oHbRO~
zR6GvSv1$YLcNz{?2uT$3^|FG)E6-($e)R-ubSfs%&Ne;#h+DwDu${zfN_R-g_saSF
z`<m%n))etdK|fW~U!J`Gc~<8#;!v1R*WJA|RU)F5&Ie<g;OmnyZ6&rkwC3ezHjaQV
z_>R}-7Ft{^3Udz?mmU~ED};6LIXjtB*w&#iIAL%8dh8*LsGhwkW~Kiv@ezPLH0H7t
zv~9srQad5==vzM2UM_n#v`gO}6gW-&;FRo-dJq3@6!Rw29^)z19wt`_%Lc_Dxf?%Q
z2FAP(3A^>(-aw@7WNYGO(Z2P_s%o(gH-St}o5REW>J_94MMaa>i62ZkbzctaR^|S;
zYQm7z#GLR5m#>2@jcDap<EYWF#9)yt1*>X?-`zRj_g0-^LZ>@9R)~1Ud+~nsTrOIz
z8}aVQB2m<n-cxcj2lXao_q_k!g{GZ9_^LkL#5qL*#yd*+3<ACVaFMxcX7{C6t0aD%
z;>>T^*wfd1+4f^W6=>L-3KGI@LlXMay@?6J7=ht)5jE&M6iugJy)B_&TT^QA)5__5
zO#9a>pbI5DFV-oiB*~Qb-biINT77q_kc{}I<*V=qgn`Z*pMR&b7^1`-p<_-aAR1ou
za;n)aj}~hRE13Nu?Ob-?U(Y>LZstw9_~S7P98L;6c(vG5Jell<vL1_S=7ii$=XbtS
zY=DfArJTY}jwMdkD~YhaDTwZltCS#Dss<_@9My7lCPx@heSP;Bl88F&=SWPn`t*9e
zjh-9h5<8j6hOoaJgwU-i+zrHr$tf0VHbk;|?0s$G`d|!M3;IiW`>OB{3BcU5rfz$|
zQduQgqEyS$x4KCthNnHTS?G(cNUTd2qEo=!6=SDJlU}wojA_w#&<+3|{*piIo=kkq
z3$$XF`)yP}J9|QNG8L=<t?E19tr>w`7FBSfk`mW(%LhLx7+xbHA`Sfg*%=507C@3+
z(Dsz`trI?#)N=}w=ZTzsNw?y~8PqEUuRUBBdiw8pap%S%GCL-yBnQy$3COACaH*60
z!QJFJ7__vk9$c<xC({owg$+@T@i;iYaf$1Te&e~rkIGw<f_Y_T`ghaAs73EqX1X1%
zKGdkQG6igVVbO=p-A(Z6X36~TL_|BioNUq?Y?;;6JhEwYzFwK};gu)RpYFqM(G8Qu
z-NS$Pw$|f%_n(!D0WqB0j@cWar~9)daJB%Q^21+WI3L!UXni-P^SCE3WKPJdSu|RZ
zd;jm|*td`0D?CSJ&Vea}`kN>ty<_DB0jkuN09r8Qp4G~dy4a*|O7G^U!*2BcN(ftS
ze|vVJmbTq(l-C!g+IY^J7o92|+u!Kvtho2&ro6M-f#uih!o_ib=EZpaHo#0aD)Tfo
z;Jf3JOnMGk+Ue1&6Y^+&1+5xZ!1wbXwN}Sf$`yfOXQ?<|cB$dgSerWzOJAZV?681|
zhchioU*pwpBj?9SO;znBN@GL+I+YALH1eHlKII|BxOa<I>D$|^J_DnjkXkx1_g&jE
zAs44|VX^#M_XvN&3aUavX3RIo`=qnbo1@qW!6FGDsSDJq$d-+|<{O}%CwE=sdl~%=
zy^F)gf2Y>I5}~J{qn(08f~RA9A@%;vrY~XzNM>2=3eM#YaeSkuEA1DWACpca^b<YS
zpQ`7u@;MBt%Qb`jI}vz#YO}vK!|LQm{(6og_kpbTeO-x+16d_xFE)8ioSe=|4GIVx
zGmu}8bGjTh0AaXe<#cDp<hX#~kYxSK-tX?enE?bHVWgy)IQZ0lz){Vcfa9UOt-<EF
z5j&r3Wa?m*K7OWWvYha2gX<??c~hV!vFKieb$bo{M!_I_xOEEY#E}RT-`v6_d44y6
z!-ym=0q8_+!&i^=3>5PmCHD-=#g;A`Olr_GG1w)&s)gKy-usT1$Gf+Wn{RKWc0wkd
z-igj0#%1KSmM<~ijrj4#p$IWFB${Da%m(~2skjKMNM7gbH}`dICv;NHdbi)Vix6~}
zlbAAHI6pA6P@}?iPEM5j*c74XZR9;GZJRD?O;0w@G8-`^-ri37I{uT_$tG_2c&Pzy
z#RKQ(n=m<KsDWvgqJvCdjzmwN9&luox@hk64@>E#sWK?htK(UJ5gr@#j?+Y(yv^w^
z>V<+<0yC7nj7s>JrC3}d_uywh`L)=Kx-}!e=ej)eBCL+e$LZQ?zgE~d5zn$foY+0+
z<%X=8x+7J|5oi455Qx52*ut-0vYb6W{#&GteU$D=a?r%MxK~l|u3B}0h0cBV?FaO<
ztC0Uu5vL=1gUn_LZ+Y7XabpG8>4(COER+<p@hSPpCPH`^3NN4Wy`P@si<~`W<7IeH
zdW<)8IbWhLxDe$F`+2$p$rhMx-#xPg_C@>Xv-uvzMQwM?b6zmW{Ju;e+EMA<Yj<E=
z-4ouDePfwFj@TB3JTvlz6`vY?HWZ#c&2NAzI|VjihYVmblS5@xs8kPZsu#v>Vvp&L
zvM4MmA>Ih|>D}`Q)^B4MHQY^O?`QX-eqZLQX^Eg~xbgE#SG-?cJY1ij7@ZbR6FzCj
z%-N0RiJ72u(!aR8UZBjAg2zf!0ut%ZD2UG<i3S*c)8KFxvWqcuQP?%gBjFm@5-yCH
zxu}H02ik)hVqr?3sU+%u6=nI2J4QIFGXfIS=xLBw^E*>MZKr@BhEMm=g{pn+ki0fM
zJ4s7iUdM+x&YSj^aSYCsW}V@k{mmMS!o;wwrt5(>G=9es7~dkhE<?)&iX@Rxo-?-%
zR52xh6aJ8gUwc?bF6GGp-HX6fPE&fj=UQz6cgzoe^~DI}-dpNwf$}lfxK!S&w>Wu*
zuk>_*nR&BY<;0U<O9hABXDq#woron|kgBHp-Zi`D;6knNyqJQUp4SBYZ@@ehIp(48
z7J-~Ys+OBFm96E=%$@Jla6Oh+l3^hg*tQQZypXmrEk&ZtskXbzY#3uMx{c`LhfS?%
z6KME93EKQ2CcUSgB9nV?u&&0S)B_jZ$p`1uk9V#03gl^%Y<A|$qI#&1uVSEB*BMBR
z+Xk9JmSW)DuP=|K*cj+7Qd(a)i`@e3EPvvsv0>|R%*uWxwfot^noE>1(je+;yE%<t
zU!XhrM6CQXiEO%OUSKW4YC%HCYdb`w^mu!=qRZ_1>l#qK5V}WSR4c92US+(Fq0gN$
zf6{Z=pUl61$X4cIY~3C$!1ODgle5U;Q(AF_S5c#HL-j6Hh@%qr)XWE!+dsVa6=oO$
zHO4|Ucw>q>LmX5CSdzTHM6RCuUe@#dJQo=Qu|zs@{;P@+=qUROb-a@rtrFq$m+k}+
zJ(R*pI1eAUsMKJJ{@6ecI!KQew#u5{I0X0Yy}|B$MrjGkxGYcXz{2r!C4ydi2rb@p
z=PC&Xffv2U4SSI;1CsNxKtg-3;sgMUQ%A2(`#iQPVIqeUo&7O9?|MV@+E2GldW1tq
z&MCMby6i|@0DmLG6iF<`n*!iG!8q{WUc?G!xSm{A=*tr>v&%PUzAU}&mKOVbsGJzu
zr)vAa#ZnPpi7eL2=+no<g4pfwc^X0xVJ+~8Ta9TI#!Z7<DSL^0H+!(gHA<$mwUT39
ztC5eFH;}<vn#rP&O#ItO2p@U6%O8<_rzkNfAW?3m3H!?RfV#j*4njZ-Tq2n8Ui5OE
zB&^!44BGNj&8bl((d5?=MR519>+Ik5Ia#^SAG$Algkp<5l4a?fKSVctVw9pUe+`UZ
zB=dlMsPArhX6al4RAinrX?(XV6v1hlRm>1S1gz-F4hoc!xuV}D&L7F~Iy|5*(x58A
z61-6R{j`4^>w@HbrlJjP*fLVCggoZ_hN<O(Y0spmoyg9f+-&XJJ<6`EKh&VE-%)W#
zr<&7}?qX!!(H%@xzW-DV4~+2ES)f0N@e4?3sZXh~Z{dF<kRkj}>Clc3LY-_02Cf--
zyt;*BR{k?_ZnJ9l3@pOKtl!emH)q!zKKqyA60_d5o2eqLiKG(w6#S+kQ93}yaj#^u
z>1J)ZO45TAAJ#Oh`Apu^m<uUt^A}Q@PMH-@(`UqY?yw;g2aa&yfmoxZ%fhlr%+)f@
zIVwTH;dy=Nwc_)@;Htev#5*}fm(kC>)^k9a`yxj<?GC9Ns3@^PR^uD`wcckCgbE)s
zvp=m;qd^IIj!MF-L}9wP$2o9TVvcDFaaOJs(I?ks{6ICi!9a_E_?rn61t^E}UsM))
ztHo9}4w--A(_Vos-plkA|6*Rvb+MjZ=NA$PrntvLzta)dV3`&X#|3p!m4CZCeiO+J
zZ${_|-mn(SP;8Y~9F0#`4kfH(^*l7s!jN(r5(Yny{VRVYOYJ!tL1P!4m_!hd%l7&F
zciPN{gI1>Vqrq2-31ln*Dz!&Uu~HzKv{9gt#``(vm-(rtr;@j1hsE4TN#iRRFknl3
z<TR9CZYCB0v}`TDO4PIPrsSkFcwO>bq|w<$;k)S=EI(hu{;&dvMj#I-50z|+dCMcB
zjSGHRXNTC)*U8S{4-uJM7JI*6zH&p3gLo&nH}{myU~{x^cA1O5h<sLz(pe>$uZ3*;
z+*N2EHhWseVLRIrm+!ud3Z7;@Z5?|*vHw9+U<gOfFHa@?4#jv`T*9KZL3rLnoiWPt
zBD>(Zt+^(zdU@B+wbm6R1!)J?QK%aRz;Y4~<e_Xt=FLD|H#tc=<;nE;Uih4IMX%yr
za6HOH(%Ss-rRHCFWSwx?1%zC6q?Vc*aez2Wa?9PlgIFb@bXJvj$xM71v<~um<Y4V6
zhS$71WV%rOPVSU+Ve-tkl)1E+Hfq-e@ALi4eF`W}t_IvQMRjR$O{0;YL;X)oc4vqH
z!FFqMUpf>WU)IThD018dQ1hZM61j&6AEIn<E5fL})V!6<??Bi5BIii~a8Zuzv0`EP
zhOUV_6e;H>EJoF%qX_g}QLoNIbVi=w3y}4vP>c+@0^~1aKTai7pF+UaZ$qyA`=-kb
zg6iVG*hki|j27J}t)dxFIPkWBdES5Zp%GorxZGs+E#)PL$DAy^Wd;o#pFIzx)%cPW
zzFuCK3m)W1^;r7zk>@I>z4ocNJlP2#uf)29ZAe}0_7SVJNCaiR`=zz0dX4JY)^J^1
zaGohsQTCkbBcd=8U%lf9#`R0rE#uB`Yigcv^TDc#PWC{?XOjk#u%g?W%xvm9kGM5N
z1?!ElPOfo3eWiF@@Zk~Z0weP<`Ky6RolN#nsccD)<A)0V)1PSo4eIRjdWrla$D~fb
zqHLu~t&*8q{O_tpo}*otK~K23r`L=+PjI~E@wXw@;Hop;blW)Ui~f(CEdCvn7!zJk
zXK#T?livU28lzm|qr;b9RVb}8Kd4&_RVi3TN$L`p3WK7?-$aFIpHJu<Ar@jG<1+s4
zfd>M|{Foysyoj@Bpz<12O_12ptvxiiK6YdW;j)r{>^6Z&wSrOOw=GJ)O+@@UmCc&b
zg^e0O20fvS6>3m6G->XH9jtz9jWNJwVHf5yVI*h&&m82Ej@Z3y+C8EXw5Mm3PnHt6
zjzC<wfrirvb}~fno~yW{w&)%h3UOlvRyX$a&XCy^Q0vbMzA!Mq67AF8%AN4V$UIrE
zH*C7IFHxwzI6j=Kp!#dlw8BcF%_HDW=|P|x1wv80z32K(ocR$6C<!=LGC5qJfcUjt
z`%X)*%7!QAFA5U@K{-RdbWNDy%AaQjl%7OdF)hohUg6G;tUBNQ{7j#mzSGEu?uK_t
z(KA(d-A)FeFPuontP6Ta(Ed+!BF;$)m|3kx3+@ey`zZ(FlMQk*F1K4bTzmEML1g=X
zu*JVZU_@H-=oI6z9jR`j6(8CG!q9vDK0G!id~nIIFT+XfibX{F$$z3PAo602rqt}v
zXipO-Udui|*RAH5sSDIt+T?lP<npIdl#LgClv1kDoKk9LTy2CJ5p_}*lOVB@#O|LB
zYkF-1ovA3je3^_w0ncYVmcN5D3>xrukK2Oj%G)yd%k`?TM9h^>VHG{^UW&Gyw>A-l
zTTFAhu$;arb#Y@}<tdppdJIa<+GmtHt}<7<l;##lDg0)#o2qNiYNeLJ-kfeuoho-f
zXJ-ebf$k!ghwLCW7FY7b=|1?+vG1=8PPBB;3qD|ULO7bd|LcdLPBxkMMhM&Rmay(K
zv~tCSMJO}H+fFq;VOIIdiuWPrsq~clu(|D04TWfI5$-Q)LDX9^INU<5q|zwuQsF|L
zS2jPA>Xu2Ya(aSvN!;k1HA75@NzPC<IO0l-zPgF?^Xtoop!C)Fo#}?kTLgt>0O~Lt
zQ&VccGu;>^h0Kp=!N=3{O8c)DK#?}i=2lNkUG>S<c<W*Z?yPIf^tbLDi)@w6hPIyU
zlsN|8U{0$c#7$~FTDxEii}k(`PpR)Y(qp_<H_#1x)%W1rghV&v9g0i6cv69m`J`-c
znD71ggFlH7`|wiVoj2$Pw;jB?Ax7aQUhuDvAh7urNu{#m!s6{wdKbCW4_NydEj!PE
z{+~A3og9?1ZTKxV#0VPyL^J0^mD-8hru!raV%=M!QS-G{Y5CNCR=A-nTIy2KKRBGj
zsO~|7+wO6E&|R=gyDe*X<x7QTlt&K5bgEx6ldrgw!_4aZOVe1>@xBh8rOW9ouNzM!
zkFgzGs%5@RyUTEFIC5u%2URA_(yM(G2i1&=fGCmkG;1JYn3+KgBfkBmPJ)>8>H`!8
z>0qcC-_APRd-@{wbq|wxzgbTIS(4>f0yIz1(4SJH`MKqj5A{nbvk}(#Cc6fKafx#6
zGgpwUUY-M~HS3qiPAOnR<rcRD#J-Cs59G`g4!re@x)qPk9hd$rOY0%5{BP;Y*Yhwi
z%OFt-X^`ES8vL$7$yrA8%`j`!7iJ~$1G&C&n&pZtuo_jQ9Ur2z5AkWl0`qo*8{o5y
zFi_?X4Ep41)J8s?wQxBu&C&c%*$PjT%QM&-E881?`+hulz1m3gy?Vx3mn~YQ20I*Y
z<c?PGwQ!qGPo66>`VA||arVM+%+U0R@BG@l%ud?Y8pn4@Pk)9;!zk3C0VewGJg5O1
zvjdEJaeGR`()C~>d+EDJ+7nSb#q(QYFay(MP@_r^X$NJOsP4UX)J$SN;=k(~hX@j<
zeqf$eGL})^c<`^uBG*ibK6bI*#(PB4_j6<?spKa-(%|L|T6++<JL~PvGmq8ud|2X-
zPOn9gOr+;82)oddZePN6#k7|5k40g%QCVr2BdARR=Ocj3^3jugeGk?-H`7I@w>Ocf
zqo<eP!ZrV=!m@bMO25j6322=(QmLzsgslDj??{+e?;oxx3{nYRtTU#@fsxBEPRHrL
zC$yHUk*g(tFl?#}D{g}KnVA^`fJxkFc^vhCg3oq&;<NLf7<zwH9q(;lb5LIQbUkU%
zJ7(<JuD5F4A+|jiQX<DAhTc@P9rgKmu+_^+DpP<-6RvKH=s2S8Xx2Sp_c-b=qPIQB
zlK$><p&o_gd3pN^&}_@$4=QYD))UgXIMF8FcH3;Xo%>Vw-DYfJ*Lyh=E|bj1QR1Dz
zY2@Z0+$~p6<eh|%o=!^qwy|^Wnx3wgr*WvSo5*CB5(U8sy_MM!w>v;L1g#3c$xoI@
z<2I|OWiLE)ory|LAR^M|hcsY5G-K;`j0`4uM1~Z@AUAOyULVeqpEgd0PIu#yBr~|a
zlDJQhXdUCR+`X`G+q3qESq-QhEYEF^<;q-g44whBdv~8DCQuy!#g0u*D-$0M(_w$k
za@K-rn$PrnV$YV#;!nS6!0Nc5KtX9W)L6*+RWWqze4hcIUVkdV$Um7MLUPuV^CF2f
zZnuJaX;z9lyHJY$6#6lEY8_2)dFo>>c1*E*sxqx=>V5j@L8zAg(*bQG-`n7Jz`~Jh
z@sNRAO|a=X8!_T|b|WO`qpb4^;Z%zCHy(yn*Y(NUhbzu6IqPC<gA>UVFFL&_;JSwx
zejf+fCFELV{2i7}6&!wu-Lzt;&832GZ)2Uaaewky-dP%6<uD9r4~Qrjw3gj}U^Cam
z_gs1inHKn{#kmL%`o3xaeoh9?3EdeUR`FGwV#?z<#quUE+>&mKc4ITBawY8Bp`g|I
zz2BT~SO3aW4^K-@5A9;yNvXZg3FK0RVjhi<7S3CvA`)-ayJh)YDi2LofW~RqVIbQ&
z1C&5M)ay=JK2@rk0lap{`0Ml9O;qZz95@{FOt#%cnAODP8F#OTis4ADSqs=ux2Je{
zy3yZ6Fr%}HZn#+<V6uO%U3z1=J4v!}&nPSDUAD#O<wLPo5mTiY|G5B8?dRHzxBuK+
zf7(el>QL#hW_RDf0KxU&iW4g{jz(hle`@oO*;HdPWX7o=GxBB4FpGA1S14h)yw|sR
z&MJ%>iV%CnqIue(wEJ8=M=mlsfF{Ux>aCP7eSTaAE<HX-(?h%M`R@&6*R{I~4kC%}
zn`V`w>bH!Zefdw3fpGNAze6%i?G!_j$EJEO{dbQvRsbr!Q4N_rab|!nY{OD@U_%{O
zMdVE7?BW-grS@FY0g(P!)y!1=@tt%GIK6sM^$k*C3)`jAZ!bLryaF?Fmeu)AQMAEU
zWct{F|J0>1*H(?X*gplw=nFe+tZEocQB<J%K6gmM6dmp9@>>3!uKF4(xo)i5>~kTd
zr+%l}Vb5^HXH=YRi^WFxP(MC>4gZXwas)P~vU7O5H60F@X>WCA2OFNU;@i-?RNyvJ
z3S{<kFSV>pGW!{YBP7F?Eg}^sPJY%dgFvuP6zhWhS@4mlel=Vob}Jg857*?Q=E&s~
ziS9fh+j&SUmncO3FP`3Zw|g(DZR)bmzHjng>w}6ixMlo=VX)2E9Kl9E3G-e)7FW<-
z*fU--#h!1H$sG`;ChOl-Xj7W`jlq?`U1y>25SfzFiCXvC&%j7{M<0AGMLC&8^LfYg
z@Mbea@aI(d{{f*u#)mogsMVHRyV)59pr(VLqzR0?3ZMJD{Z=hkaky1xf<e_$Z?I_<
zhc9=WNt5+_|Il*dd?jIr+7V^2uDm_gxTDzj)R!?mo#^nJXY_n;>vqAAS&&S$q*YcK
zY4Rq2y=cL`Z@4z?^fgZeIRL?OnLxS*U63@DHn}MZsq)#tUqhD7V8((<R(^f)w5o3~
zO8;&3Wwxqzq}ZB>^H8wE`=BEsLu*Hv{+@Ny>lA?q;15Rr*{j3tjNa#0<CsyyUV1Xl
z#XlnuP7{~m>ANA>Xj>Um)0JM$ziGgvx~2!>6{So|$IG3Zm3^CkSWY@}HLdc%>F-ad
zquptjJyP%&TjF;@IdPlOT6jpk_Zju5?HMj=4+eg16^j;lh$1<kH(gywCE{(P$34C3
z4+KI_W9%=D%_}ML-O{{NfsaT`>fIkNy<E=dJ5mUaK0TnKlWY9^VMlQOnl)Rcq~e1-
zAG29GNew4HI(drQFAlzU09w!TxVikaNB8HPq>35r3pH$Yfm)sT^@Jo`;kOccnpo5k
zEmT9jb);5Covi2AvelCJaQi*+cJu5CHUu|~r(G`AO#-URffg?3HkF35AZe<oTQ03_
z<;<j<WFpLnErJrQYS0=l+zi@O$Z`AqK4bn&IfDZdEb~P|>CuX0#FCPj>-%l;;MMZ*
z9l@((nV6l-#H+a99lO@h?0N;+y<?Q8vvJ#}6Q1s+3Haf=Psb&Uv1}193lL<32pURJ
z5Aiv?i@ku?iomdsiz83vh^vjgWt0k*YzI;y`1)V6qkm9dGG!g@FG!BjYQTix@VpzW
z{zU>h6&GccoT~FfAOM{y_t&>lqeO6@47^Ct&Sk&V9(0jSJn{QnpOB~!VRI}mSyQc;
zWC`WVRvxeKMxQT5$?a0GJ9NN};0TC`m0bv4GJA{Ci|i3Qgw`BQ#R+5<qo56)J>h(;
zBC?~RRJIk>jxwl*G;Bp#xK{swW*|{6D`2-en~3Vi=O~z`sW|I;fcOyfq8yV2<`wOK
z=9LKpMAY%o1QnK>yPT&H`Sm?k$`bu$x?BTYbE&Lz@@?yB9E(!>OBO8BP6cA{AX(r&
zN9a@p`7azc@?Sk(^4RM)gK{-~SPT}%{SsE9O)4%<Cp-G_48h%Wki3R3BZV@;xvCeK
z1Kcr#e*k9F2kk#&J8+GsE3LiS+hds&Bu4VsRl^2#Qz@&Dz7;ZPm;R}}J|Zg$^g<#x
z?QWerReEw=6X`qN;B75XYjZ3=#4%E150>@5`TYSI%Rl(CAHj!P*DuhHj1{yzF-6PP
zybbQ06D`;HlZwjwZB3X|z4*(F(ON75u3P+mfF^s<-|W7pWAbH)OkNu!zG3}VGH<9m
zDXlvWm(3#2hqWJ<^RtAr*u(CyX~HHr+?=PF!X^R`19C$oVIh+)<Vq%Ag<T2VvM$Pj
z6XHv;VFMjE(opIKq9Zvm2+Oke5iKG<NOua#k=@z8#Jnm&#3;AUTosgsF8DE{OO|si
zJfOmEblG-+*{X)cCt8k9vTPjzOO7@(&!f;^Y6TC63gWdo83;Rh2mVYXOX=}2htmY3
zJKcFg=dYeUw+7pec0NY=d3fA*phIqNe8kv(tpG>8=buJ*aO+7~d8|kl^BS`^>n=Td
zkEruz(hL(jIiIC+EMxgy1Qh*ApCP9luYMySW=J^|un^c=G!67V$}6mYHwjQeG+DGa
zy3cu%_Qsd_kq~gS)t0B<GY!`?HT}MVQ$%5Hu>E8Pm;bdTk(zHBS<MV~V;p!k6c5%I
z!5nqs`c5BE^Zg9-KrYDAw6T@d;(gklEWfElg?Cg`ZE(@VQ&0NH_6j{Nq6A>R`jqks
z#OCG41HdVz(W|j$5x|pMlBJ<sqJ}{G7z!VoX30u4-mOMcjOf<oMFiZqjSFW4?pUY8
zgoQSgM$MFPY}jr}ZNiGweHcqG?3R+igu~!ZB|pIDfJ8?(-T7hh>(dvLXJL|Te0Y=J
zp)U!?@_XoCLeq*MRN)yn36}++NOr|E;g0N7RU@h7L?MtdYXa{o{yK^vpJxwcfvX*-
zQM~jDlzWZ44st1594_KoQ=K0qyXBoZpYPKdlFPburCU&pIH4?xWxwYwv?(bnCi6Xk
zW*Y`=dz^plF6Xv-B47X6>XVot^>2Dh0WAMFgrWjs^9qJJc$Ek%JgM58Fo3E48o3%P
zIOicexfts>l{b!o>3!M2P)z&W*ZS+(YvRspaL8l%WiF?Cgv^iTT@FY57aYyHLXGML
zz}@Km%KsoN69!oIgUS)i=y5$p?rNZ@Xuw!$Sze$o0AP0Ty*iB8mL#ebY%XB-*ip%=
zX@KtHCVU7KDaX)nIk=<MOY+ms1`5~qwk~e#Arel`;ti=_i6`kc=$-TaONR^0lOtY=
ztMNhvj22In`w$VHmkr}+%zCjA`HE8!z+Nb}`AhN#by(E0q&%Y0^p!Rn^Rb`$-1nmw
zS{HBhJ5JZUkHE>`4As{x%21DWfBRa#d%81qs=}NQfoLhklJS<aK?Z2v%1v)T#w;H_
z0PD*e0^D??!yAc-wbv$EEY=B#aPTO@!ydjcK3s;2si1mgQ`iIviOlv0h#Kg)5277R
z>2sfk>G5p>5)+Fu>fz3GRm_wXR>u40;GJmRe@n#oAU_ml^0h5P%x=4|suu;luE5IM
zAIlZdoLC}gm|nek`9@w`DawBsM{jb_KqvEc-0E|li|73pPyA^ksJ>~H2JSV_STx=S
zy9U4H|9<Un$?jX2XjRjgQCmzn#wQjWq53whT}>qOeP&N-`dYu}QuVivD)H5;OoxK=
z>pPM$zP??gWnbTGBp`$k;V!AWZCZvAKfNFI@|5h4j9q{fy~pX)8ZCfSCG-~uGbN4B
zO4E4iH_CQfBdznGH`uWFa5#32o*Cpk-f;Uf;-Wx4SO8J^vfT`)(X*nA2;Rp?MMMv8
z<Rx4PT`1&f&SC%FeDwu+W;8r3ILE?07oI5lW3Z)dYoe^7<A;P|rFwJ2HOSW*HT~oF
z1^mgB?0v&GN`|I(U@lumMQ^MbgC<B9eZrCn^OewlSjh*o?0~&%AW7v&zRE(YvwoS7
z+saw*x}o@YbdAR0Hz%Qg&{vx}<zt8qwB>y444cCL-uQGo$*{*I1pZl<YiItOD$dOt
z)|3g-(l=nb0_bUW1e;A8^WtOcZl)3)TvDHf-(Na!R&9;8I3#bWw*7hGY<#jAzl$vD
zvcKSoYV@QDcH0pNQDUD?+#Ih8+whU^#P4tbYXMLs;0*7+?~phBTo&=uW(<R0)OecQ
z?bOAI_$eovm<3KD`BR<8TV;rQ)+4z@9gI@3aiaw`)!Ze$^k{&oifQKD9Yqz8n0F_>
zBH23<{0zqFpl5=Mn<xc>p&t|Q6CB-w-Sa7BuM13vyJ^<z2Mp{{JE}x(4+xXx6}*B^
z?V2hh6#85z@cS<DlLXOs=*QPjjp`5M!iBf44!xi|=eaHl5+1p;%){XR@h3N5XCM8i
zIrI4Dgjf?giy)MX5#5(K8qHH@8cLRHXy?rfq!*O0baz#@+^-l>cI<zta<z0=pljj}
z(qAi9@?!XVxBm~Skbmi5*4$z^k~xRfETqrUf1#sAQFW34AnO?Amv2E@8)>E9zR+Mx
ztzr2~^fO$Ica;@TiH)7^fumq#H(++{<>TR9or6Py1~~sS-G`GCSq>z>OHY)eaT)gW
z*xi1@_iplrNDUSxCjG6wJu&eXmk$|F6R*WbadHwgiEZtZorgcK;TZA!hual+4|L{x
z8jcwv<#?axlwWQu+iri(WrJlL`;!Q`kZPHyY2?1XJwW^F0M2q>90W!jFglUQ#n9I^
zK9nMS5@>OVN2Zvxsk}XVJA;Lg=t%th+u`j)5vHpi`xIhbcbq>JYd&A&P?pljxV88O
znTc{?sa9v6o&RT}pYI7OQArU923*a$1%{)xrLKsFlN{zB<*vX(k#a7MEqj#jPL*Kv
z8x5sf4)e`a^1d8)GMyfquC+4|Uy4v-_GeO)m5vNH^)I(bg88gpUW{r)6Rg!(4y3+{
zd!EwR=ed>VPP!T$T#1YwXBRG4l1iDXuxJHVJ3gzsVTqQCkDhZ6*<5rw^_Bkm>`Bn`
z%C(~eP(1H9Cqf3ECzo)|UdG*{_ri87NvqQ*ISM%2z^3zD70TSqzsRsCvX>doPK#CC
z5Be7d90*-_D1wecp!#+}G5*0NvCNvy7BYQT9=RFMrk$xf(%Ct4y-acnbCV>J;6_Bc
z?+O7P$~RtVq2;qm$}@JoO2Vn=q**%2JD%_4lZm{~c5&|!F$Wss)ptMm_|&K~cm9-0
zxPjk!Ac>b^yx1^z4lfM*ijkRFG4bvvJc{dpi!8x@I@kW;pLbMw`Mq25e0|7FO7$%R
za~`<oDFvTN{F3D$Tmi;<#%H?*)Z`uD?&H_~IDy2G*K~2vgn`bWzA|r8Jy%mB6T`<W
zvxQ>g=%?8UN6<)_(pTxr-v=m@l79Ubj{jwpcsuz&gKcYYDwu7xZ6=KVXS$v3IWroc
z@4ZY=G&{T4=mlGp`K27e2qV-Dnx+GbIjKRS->g(0VP2e|d|x8OkMMP2MjJOz(#yMJ
zqQ|-4JnusxFqhvF#_Pq=?imL(L_~WjPFnJw7UwwkD@I@dwbRTK^F`v8EJ-nL&*aw#
zO_t7`t>p866tJ6t&*YRNU<fhO*>d2qY0ADgS)M)Eq_1t%)6}|Cnyz!TB!3+Qk7$hY
zV+$C0pP4QkDHw|L5fR<nVG85pXKp^x;`c!A*c6x;KUPe)xBn>RTdW0#f3CLZkIMA9
z2>pJyzu~#zw%ww1KST!xIFiPIS^F=M{Wm@MeSWWQiU__a&x`1v{Q9zy{!5uEf!KLQ
z{arzQ+J~R#*xG1sfamqGdzvk@6lK<>Bvm3M|F?UgZLq@9y$nSI6Qyz49@Pzulh>jr
zFI09nk?vPG8Tq8MF`S#}6LeoZS-acrPsr+&SbCNW(e&r;Z8E$2RrX_lmZ%Lr%b3cf
zdAC2Ph@j*5|6eyu;eQ_D6!dfldGpS(yY&O@clQBSgkD#+z1c&)jRvnUM@casz4hqm
zji@2?;_><2HQwbA<5*@Tn@rb85+CmlH}{kY)e$muj1@xo#NE{7PsnwHe3f)+!A5Uf
zo@+_6TVvnyRWz(@E^CJ|nn{ac2&<v|%mtQ+j+$r^8B+GQca5NRf6C6yg>$fe{`9}A
z?PiP@10C}Yy28_FD`j_Q8%Xcqty_|JDPQEkx0xy%#qE&;kd{a)gvUw=VMX)hCY#QF
zkaN4#>?L--Vei#SFP4Z0M^drTc}<|wcIZ#Q`GTei&W(>d2uV8FTUzGn9aynM836fn
z`2ku~kH(2j+KppIfXu~^0)M{JZd7X!;`zWih3$nyqweD(K(S;@7a^^pE9IH^BuB1q
z74R94l;3{zk^Fp3gtXUN9Q|fRsnry?s`Bn&CM3x1fhT7wB9oRmw)$t(`?~HSBi{?A
z=Q>>T*{|y<Dq_i26wK%!Gk2~3_vH4Ovnw6sz<ea>Px1Pb9ri<rBgfU=$)eq(j@uVN
zBkPkbRduZN^GHcMlWx_7FP*hAiarGCN+sR{oe6Fqgl$#Jpf}YhDlS;;w#9&ZrMSg<
zh==dimtT~n?SHeQ#6Be$c}l+poX~7v4AV?rQMrn#EW&?ZducN=eJ3YjZ$5%Tu-w6=
zib#`L`0q%zW%1q6UwNq!=il@c0Gpeok~#SVS-*1z#U9|F((Gui2SNrf)3*`Zr8FD8
zdrbRHe#R4s(c>#D%y5DRe$f!OhbTtGpKvC1o>Ocejl>((pl|EJ9voxHwy1u;XBjtg
zInda8|4(b2F+hOp9#2zf04HJ!wFbr7IiT`IKu6sCKOGU!q;`)IctkIjH3olZzIT)-
z`QdfCKNlA3*bjvVCi1@*sPzSMzRk(&Rwz1rH`v9>eS9U1#m3lo;|bU(pWE`<ML=lA
zS5vt00U$Q8tS;2YHu_mHGk1zVcy93H5fA}c7@3)NMW$sKx3qG3>|dkJgV9<BC+gf%
zp#*7})GE5Wfgn5S&NKP~<j~x;k2l~9-2Z8fLXlu175Z8p^<brae4=#`X{G){q9c^P
z>It`+Ju|Se`@){=883l5<GMLcw7`c)_Kxe_O8m8(+lsb*hxeEjwK4tyce34D`#uVp
zYr$Mc9DpSem&2|temUr?qCC8Htf7H1zzI4;q``fs^&m0qE`2so5ojicW=rpZgRQ6C
zc4JVmf*}n3kYG0b>5I?|W#DO@dJSw^F&%;1+JL0+@x|2xp91McbdG#DsiM}++!?)=
ztKfxC>XPxr$qPPD-9y+T!Lw!4KiwWI)X*Nij8;#iqJC+^D0+s%RsCTue|<#-g1&1e
zMnUyRs|pQB4R@fZ1*D&KAH9zCzfWEfQ-4A(UZ|eiUgEkn-qQEPAHP#=89ey@P2z;M
z!?gkYbOF2TPc`x$nI;pk`t)!L3gA%+`Q<k@^?!k&_8A6w#~(MFwB1P*+i@-{-u_}#
zyB~K&z>b;!^l*!Nuh7s_+Z#v8QOhxDF_q7n-gfrK6kDXSpE6oA;(be^lNb~wlx*cn
z6+0O7LUr00xu*)QHJx(b50R}c_Shvhh|vOHHIzcB<I-8`1Ixoai}v=~K@1?8QEdyV
zw~l?&KJYuZQC9Ss!=UpeOsC0<zb}pV7h5E^I1Y@5K_!KUMJ4UyY=awl1>UCc<YCY9
zw7vs^{qQ)yB-=ac>;4s4MeY=EyAH^+DT3}-`@EJtiP#w<<u^Bfq-P)ekcz%?{K?US
zt}4o3=`Wl~rmI}7V;{V+&p6<WA<TWcw9xjc)dAsID!paj_uBL`r>W_1PLDB&U0$5A
z(kcV4`>(!=M!{|H$c3(fz=a*P6%}%R$EchAe7dLMI}btHI9IY))9nbc!o8R;9HC$j
z>DR9$UeK?x^_P!h_UPcgQ;<`j$)?>3=)U1<ly#+QOAH=WZ(qbrwBE*5#OEm>$L|k;
z1HBVTa_-YOPVK*UHd~Q-gP`}{1*Fl?o6lV4!xPUl`VoNe=s%Z!E}@vSHk0WqBILTs
z=sBxw_e-mfqMr9|c^3_)33=>F^DIr!ougRqq$+{0ey4`hMmOss|A}?-ecVb+z6fkQ
zejfLcq<F>&C%;$D8Z0IefqV}OjEFxoGPQn(7SB64p;-UVRNyi(;5#Nlxd4Xh^~L=0
zk>ALCB+B&)J%{vb$1yA9wf-GZF>3>2n}gai5zGh`*6VHn>Hpbo)scI~XAnR`_?-Ew
zO-9JUSNUyhRw;;n@6msS_6qMH<?xdTx}SYg!qV>LGQp9y&<;lg^aj&U=|ajG5W#(-
zut7Zp9tjwz@1V(r$kl+nC@E3Sk3+wn3@EN`(i4R~{55{VmU5FcQLhaSQ@-UR=N1B=
zs(2UdAMhzexxzqX;*R9ck2j=3PVYRrM%~>1AF{wB`diCqEK*b6?`EpryLYFtMBNp%
zZ)A~=y(L(3c{jq8xFtMsveZD<BkLy-JsMby|4nhw!bPC6lXG+<<8nKMtnV*_B64G8
zW2+g^1um0#Eq>O!&U+B&jsqQV&v!r#k3!btvH=z&!BTO9`Kc>Pr%Xv&b7^4@fxZL$
zi4Rzf(xQRD<d#a#bGP|?jbBpt=@u#LpuWhT7&NSQkK(0fQ6t{ioTuz9hyR@Nt-=@2
zt3pAkaDEMC!>u5M4f6=tEZ^lUF`$9!Xjqjn{?*EQI>e+v;%Qtk10C&~uC$8^hTjj(
z0L<vN-)V?%HEpW^H0M0X@13&7DnGZavYWVmpO}?)f40(^$Vcp5?BM0Zl@2dOpyV!#
zQa**+QXwRtBV3w|n;VG!2CEH3_<WP@av0P<Flcc3_$z_)BB0-wv$PUcBYyBxlH6L4
z_Jv>H)7Xmoiy7Sh&p_NgqSVcA!*2U$S;J%XNy1avrSrhv5q50FK<BGN;+_NJ7ADbm
zb7O6N+)1xC;d#uw7JaPBu{Aaujn%KxE;T4<f-HpNm=vDz$vmXyyM{+Osq(!xt%%zO
zkd3&k7d_6JR6YNhDXz|IExit((v`82fZ6j_cK*h2hRj~9qo|!$9^(6?VUt?+WLsXl
z)ax~KWDNtvx+2RxF?9+#n+HS|It9_Sdn#-NA$~BI{ejdMxPyY)gvBt_fh?JbMP;9G
zff3uvTHnQ^-(_Bsii+X1qsJSwGh6!7OJ~!Q%&d`o6)P%_*j6;eXx^0hYgs-Ed46SR
zp6KTsBKIO64!<H<kqcTsQ(U>ApIf)@yJTQi$AWdTAF<zxdqbT!BIwz{huP^WF5qj0
zf4<TwcpEt8c85Jj{wtY@`BX_<rn68-S2!ogu<A+dwkN^l92A>)zMA6DlA`%7RNa@#
zVtufjw|V43ijvpV6f}TL`<JA2N08K;4)YjZ%9l>W2zbw5PeywM-l5O_y6Ba2ECA4^
zHV})$s3CxwH^Yv7`tj)a9ft1r)Jd-k*r2&t5TPmOUBAy1fW7z@KFrnL^N>cgc5+BR
zJJTMi$^9R#iZ=}XEb#=QD>gR&8>O39gT!o<!U_kJI_L?vX#TA#N(FFu{Q#h3{zK9(
ztwww}gD5{Das?xZ!y0<T7qfX;o_6BRl8y+K{tk8Zv9$cp0J8D#05XMPjZE8%x{Nq+
z7wSuYaQIaNiNk|1h85072dA&^>mg6=KK}Tgy_$}5cCF#BA#L4D?^E&JKc4ONv7AIJ
zHhS6fo0o8d3qV1FH>P3YoW6gA5D~rP#-E5^zAeSZT|U_4+XK|p8MjwAPT_DOW<_v1
zc?v9w>OIJ}yne2M5kxNkCW~TX_=QoM(_6iy8zjWE5@4ygw!d%p50{e6{}CNnD(HIW
z*k-O^UyOEc=-vE&is`#AL#D&z!sP1?S2}J<GXo+<QC?p6=p=A1Fri6)%UHD^l>YpA
z<*UIw@>yWZDwup<gt3AM@%Y)BkKsu?UV-tfYJ_mS4L=faxJiBV2Q1K(SGaET@1Rmt
zQK4+nlKV_`>jFbConuzJYL@xE%!ue^24_(zpIWDt(BN87d6dNL?p%o@Jim(hl0&DO
zsjPV9^_&hfnc1dO8J_nf5lC)G9p)>g+^Z<h>BQ>)c`zT8Yzm<L+kl7d`u>Qvuff$d
zX_P1_3FWy6zae+uhEqUI{w6~b3udcqiJIHm`NVSc+S=z4UuY4f+cJyu=fJAX-p`)$
ziktAa;;Rjs?x;!b$((2n&4}cL7`c;^-m-o46hq|)u}BIh^F=|E*1(UoyjI4rc9-<z
zv>C<JA>z;B=I=}{B>B8gdtX*q0*%z8>38;XjZZ5+zHD&!CSaKrwDY1zUxEI!LF}&F
zVRJ@2IIxFRvN0M+60hc_A;yD^k$fL|J4-XkEB5z1JjjuO>>0ry+stt?qoznHr1r0<
zC}`n|pE<(qgxt1e55ehv(yOUcZ42+(xuS;5y($S@Za+8cx0!6RB+Yr9bpLf`b!C=x
zSp6<wcu@_$$&E2D(uV?*<jfBXty$qf>eB{*3V#8A-gmzraAqg16;J(udpGk5ho+DN
z^lv_6fkmQ?0xrJ#KoHt+J(61FzWjlze7R{y=3rBOOrZk3F8Xo{@1b>5+~(=L@-GKh
zGbwE-1HCX>C4OSxSeAdH1+O>Z(nomG8;G0CxL+CJ&@&59VRo)K_qhl7)|E47U1D;6
z&YuXG(xv+!a;Vc==VTx7T3ej0x$MKX*hld&pA<xd;$Q74BHc=EektrVt3rttaEl<D
z0w8N2BE`+xVEeT0i|z23482F(tQ*uups|i_8Hef#T$Fr)ToK$ILH-hfiNjnyWR7>$
zce$IOi@&qz-TEV<!aaSEiP_EJ`C~b2K2K7B&y9I4jH}GPFLwM742#xo7eqSWud*WN
zAD1&F_H7Wb)nSS4$mq%BvmXBY=V{cSjEuijGDWanu{^SBGsI=Sz>$dCGV6ljWFBUW
zREePv0tV(F<v@x>qaO%(4u-#6Y*!3iKgs0l%DbSjF3finu1YuUNOy!m$`)(t-1ojN
z&g6Y@Sj8vhj#<rP*Q+L^kM5Lhg@IKS-sW%{m!#DdK5>xodFv;hG<c5c9)RQYp=3e+
z5Tu(RP&cI0p?ZNS;HsE&kpRd^?&w#y-@2o0S(<#Xa(G@{)frlYM((H^+(09BRB%x}
z*;GZa`3rd*8Du6TaJT|wFFq@eZEGPYIN2odo;=G;2j61Lr;}1Knboox=$Nnu&Fd|g
zOD)s8`*9}_(aQP<_+>@P?wDdWz|Tz3BmMut86#x&<t;tPFd%pOLhBE={^2oH^%v~X
z2Z?ZFw2uTY0Z0S*4Dmhx%wuEx0wP;y%3`p`VaDkCCCKbSnVRyqBL_3DZxi+NG-)Ra
z*~M<B_~D+Db<nD}o&{=4k})n<;v}bbE|IAaNhg;OHCJGh(CV9=YZDzj4?iJlI6OkN
zEUEeZ|5VJF@#|Iw@3;wwToqsFGc&LDK5SAIA*w62vR~gfQMnPId(+r7>&Y|9&VQ#Y
z8iMGX(I0x0!_v+1Xy1<)=SlBM93h;X2LX!=KC0oJmt_2xFiu)2RK)l%ZAKiXMVQC=
zwH`sLi|}C_<>q2?(%Z_v+)tFO(8i{En(ihm<z0vOBQ({2h3Q@p%cR)&dYv88yA3u0
zB{ki>q6eNzRB5dgVm_?f(yec4^Eq4+I}F0~URgY;{FvBLL70a`js7U^h1ma*l8fbo
zCkGi}-54Vysrg$OeuF3={P<_ur+0Y`6RiU>gz9%>*@NdKfgL$;LF1p?IjiDck2G#0
zBAtV!ot9O6kH=jT-I;bLX4IN~LjmN==T8JJG+9Wap4v|QPUAA~rah?+p8wtX$^Pm>
zQA|PLq0i^=Z1ZsQ+e$`fFpa0x`LnQF<;gS?glFgz>?ZvMghlzU=nvfF{Kg&s7{ryF
z7IxSk?EM3KPiDNrazJ86fP?-cxzQL|(I*8gKO<8tGiUY_<@z#xv6#~oeuwMF9G6aA
zQ8Zm0a|`0_9jZcUmvN#+TJpRXRvOUFwYUX9tW266zwexdbyL5RzbSWfULW0oS;f^j
ztzdh$Zw+MuTN1<7r?Uhf_iz1MWK{H4)^k8AC`XBvg=W3;8lGZ`z?i~JEq5sgM)O<q
zLx;wTJP~~_2jPs<d%`&c;T8XnxVM0cvTOUkMNmMHR1oPlfT5IT6p)az2ubOX?j9OO
zN(7}rPzeEPX-1Lm?vU=zfr)pcUe|p;_Y?2^to45DTkBejg)Xl-XP<i?`-uPXJDy5L
z53dRxH!PtP-zi>iQ84<5*h)y*&G*6rLXhV*px*>upFTYR1sHfGRAveKHJw`4nO?uG
zW*B>2<Dh?J^Q_XbIWcNkIL?@j{cs4iuXpQ5vYPa5$H?BJ9jK$D-%b)UyGtP?kxz5{
zijl{V<t?Py_cIq8gq*u|qft82_(^0k0*RlH%>Ksggm~qF7Qe1)2p;h2aJOLFe)6`m
zN*`%S+feN)SoUUB6*{ZGs)wRi_8=6F{h7+FsbxD+33s0u(E+`q5rcXG?hJO*v*PZf
z*0Q^H#H4p9L`IjL#vtA>wcKk>HSlF7QhcNqwm$*-)Lj(l<}vJRR$1uQQWcb}A%-Cv
zeSw8Tiv~(2+jIb#T*|r)ZT;AfN!EmN(zKkZ9;fvt52)!;I(J;rWgy$SgK{3)O7X(n
zqEbhR{_{Z=8y5X_kOiLO&d|I<N1Y{^m%0IorlhvZXdSlv{%OeJ#?Oh$5>vIS1}b@J
z%Po*oUbTCvP|a~f(V53H_>M{v0X!Z7zUUskDmU_u`1EwX-p@CeJ}SgWMQs+%DjY43
zURH&lN>+kED#_uU{5Isbmgt_>8LpxJc@$`CCz{2#0Ff7GXKM-+hI0q9PBBI#`9)1T
z5GfEOoh8xAcFp3|BYF$$u|wk}@m8BJ3axN>gjT99LKkV`4$|xQFUMSMSaGS$k)jmq
zBdh!whLluh!q?Jd&gTP@;i(#bbysuiFoii`7n>t!`)Xu4&V33dbB{4*+KX3=<J#%d
zyD`@TQSP~IKo2+{8zh;R@AO@{Ln<^7p2#y9P0XOR{N-dw`%wm-4aKMK&_po`_Xf>c
z%eUQ^MWaHgAfR~5)%6*b7C{r0_&ug|9tY-~fbTWe`S}q=+1%^Q#|Jd2_x!I~C~TMI
zEX$le4g%}|p~N{KY6hQUa)^IM!C_Wr`D)bdEyUy@81{7`Tkk_~_E)v1Onvhg*r#44
zN^&r}k1l81Zh|>`r_YZC%yMk3j#;;JOn^c*<)r-qdr6QzfBtxJP*~nIF1{jL1m-oj
zw#(yM1xikWjr*3m0XrepXnfYEI+3iWX)lcTA1Hm4j3c-YL7;9~t}3r|y&`~rw2v$0
zqPRKSA@W$#0w0rY%I(J0ZS<Pi=%Op%QdbH!KATxrJe8nGYs!efTo$JI8h`6UyhzZ1
zU2!Kb`W;sv**>>r2EXOz+Z88R$|@q|4T6NB_=fk^>jzfd3^=3}qU_L_>~U;Q6J5er
z){^DY3KgRudn0JShm0R6JXSv4nErx#hFP<%A^fEHmfUpEB#02#5+S&C3|cmg3%m7o
zQD-TO6f)Q<uKBuRW_OlS>T-$r+~w*8N|Dm0kUPvmZ$7XWz1rn4oX>g6IpZl<gj$Ge
zk7#t)9ltr<b_5;B{F%bSLE*kP-}*HBIaV0ucfASB-)SPcO+#kR`nc(XKEJ)JR=XNd
z7g%0HDg^H>K`vb$&Q<rZe)w6VpDZU_P$L_^BO48dKsUYh8-p!i)o}XsGAK%Jpy8CT
zu%o3o{ja%=$b*oW_;^w0>uzfsmQn&5Z`k0I4!s7FZ`|7#mCw?f<P04sRxqRN7_Asi
zb*U><@aipf|D)+6Ri%%ifSmH%cmTl5_dF=U`z>@YJycs6C=jl%y_Pjk3|nZ4?&qek
znAIuqxXPt9Uu!c9`uU8GPE9(%I0hyZDEg9mpOBD+4BwcJW|jL!65~2*0~*>u?2A|0
zB!~ZcVeG0mcKO`4%|M-2$zt=B%U<M^E2)!6flusNtO&|AeV&`=xElgp(bDe}5g^RM
zw}kmk!EVptfBrCf64wPXzG=oRS%1t-{Ulbn5|a_YIH)U{yOs8|dwTOkqIF|nFYek1
zvg}vN=DJClDE4k<xu^B--Vcu4K{RfOcwS(y2WjVyMYr!zF6iMlV6T*$NETtF2)Q!P
zz(jxPy72onIl8%^%@g<+lsIhLi$(oZHTPJ6ua|PmPFLYq#YVwswvRom0cSE^N|mbi
zB|Zw|Ez@a&e<gSY8TWHjxXx#Sj&Oofkm2Q26-(Dg)ZxtGQ!;~YHQsCXbid;(oF($t
z(~L`wB+0DYt4mFtNZR27{7>}VTyp&0$7CvYEdbX)QhWael@L$xN}Fm@xJV%eJ5?3L
z@fN$EJJYao!l|4{OlU&N%FHW)3Q2lm)+5Me-G%HgHjMS7IsgKJn<T+>!fxNJ)rYP@
zzUZw<BIJj|?yl@Dv_l$>*R~M;{IygT35*|i=R8kguTw7!v!9T?KZ4*V-mUdo;7=@_
zrgb@2Y|_mmKid3Q>~ged{f5(88jH!p9dv~cT1#fTzwvfmdx19Wp(@8K&;qbEy#A4L
zA%0;-=Cu4a)OuBXx8;Xnz+qDat+0<|Xrg05Je;PlkTcEel8}2BQlf?O7EY*6EN$5h
zy=IYX2Qc-f&Ga`nb&wAYSrQ(ow+ij^fWih;$55t}ZjA2Z)^xt-UNgwcJbxqC1q;=5
zTJA}^PrkYba=(x|%^_V9dLFK46@?XgWe)6se$(s?dB%`fz1Vheqf1xd8zA5PT<&GP
z-^w7*pf;z&iyy)eh}2*^Ex6bHW99TsynKkJr1dVmCAGA$*VB&Vj?>mOV%mYx^5}HI
zX>xr&tKY{04cVGQGT~U>mT;I4Wokt1J`@ooKaM7AWaN9?_8Fueqk($~c}|MC3_Wi@
zgIp<vdVp4?Zo&ie4Osp3Y>nc;bA;<E(o^xOS7^$P{&r<EI=*T;twLW~m2lc~3pZOc
z=M8}l!iL_GGHH>9IZ|JQ9jIQ`CCq>AJch2S95x73A{-u={<W#0eCqQ>+c||6Fj4CJ
z{!01^*9w~k5dH25PDqtX)IK^I4ciB`1Uj5(0fVy!YhUuha8OIoRB0jn_1hoG%Rhej
zx%vCDaa?a?-$3VU-x0dFS0+smdvlLv;LFot!E!rtN@b#9VzxKV{h6JQ!wMC{4nt>t
zJW{A9>C_Q%*OB@b9)B%vK5VO4lbxgK=%g6+7hLO}*S+`pSU+=<o4JLBJ-5Gd-oh2R
z!r0)_el2bxDi|4{c81olsWLc_*Sl9rK}nQ;r@8vrmc~*kSyJ~$tRs)0VqdNXqj;Ii
zMKF5PkA4Z}!)Scsw2}_`t*>!jG&J)33Ey$_nQLxf^95<{52J6Dddgm!HH*%J<|&{1
zOG$s8gIOBzW2Ds2nf(oF`onAb^F!vEAIO6fmSo8C@#s~Y1F}_tUn_70f+4nikZX}R
zF7$E;&qQ`Y(Eb{(SO($Yd}~a#qEcYyM)A+!d_hII`5`c&`~$l$?WXWL9818<$5-0@
z8V*lyjB_;mz5Xxo@>sT8Sfixc)$<<|BYOCUetyTzHzn^qwpYNICqqZh3c}IuCg2?d
zS{VrF?wP(I=6Vk5N2*B|zbcFL&(R9o@usSG-~jS;ARt|wdS`S?9El5>_mIssd~1Nu
z834Y3&s-e$DgQvewtl>}<?xq?=?ZllpmHkozuIi_`#J1L&V-OWa$WG>t@md=v;VRs
z{P1xBS(^hl!C%Nxqd+eJ^!k4T6&iDwq#v_<=arO*H+}%_mHE!X#Gjtqvkra-f^8JD
z@Onc0H98fQ=HC@Cip=&no?r{WGXf&cjGIAJ+30PqQrl^gFZzhhJ$H7+cR(y^OTy=h
zBO6JFBV=<dIV#V|icfrvV5Q$I@bQP>AE5g1Q$Rmg2;c%V8^h-Q;DCe!&gx<@v`h7W
zaku{C>jb}j3kbMZeMlc2AK&vq3UGb=z@)EwApp)QF|UMA285iU5SU(mwX&l;3JWHo
zNBvaet-s^(S)M%m$$~R;<B9Xjv!LRECJRsMKQE9O*-xajoiINipKx+=Bs&nmC@HZ;
zz{9A$aRkh|2KwXWNwYkUG+UB{AXXqh8GenA7<1Z<P*}Q08mlBAXgfs#W`U9bv6^qH
zM9Q5Vav*Id!+53r{s<;PAZ=GQcUaQ-$GZL(ujhB4^S`_^9BS}l!j%+X|0+FF?6$w-
z@&}5HRZ2?mT>kUlH30zXa-LQhg=u%HMN+c-$A;BGXdrl)?*MK3dVl1yN}A+?xgz}V
z;?EoL$uxib<DRnz>LC<n`ThGJV&1>?;{`4b2glgCPCvFc)MOhCGIB~H?Mpiiloxtp
z9p&U>Z$$Sb3%jhF`6%CMcUpxcc-RbN!+T=gK+aQeVS@B<bMk|%eFGy<3XzkEQ2x0s
z+s~x`3xUc1_M-gxcW36$7odB%eHUIl`_=TsVxg3L*E+GTNd{>Znmm&C+%X+QC_#>e
zfV6OYIBq+$sf*1_F*2n1rU<FUv(?DGxYBPzmPi5SF_2R{VQIa-arvGk1oP)i5kSuH
z6;n?t1^@AZ|LIiym#@vwT-x{S*w2DR%5P|px<FK~iz+wnJ#Pkw?+dr)InFhuNln$b
zH}*@o9uiw&O~g<qYXx?*4byfzvk%Bq?^<iMq)Omlx%mX|m4q%azi|g!Jt>{=IY8QQ
zneZxUK~1FrOL&WF{f`wQU_5)$I*LlR|NWE7{Cd(=@T8p$GEzRs;>K;{Qkqy6-(&A&
zaFhc<hFIe@>7bpy4+}SsCNHDU@eB}R(-B31J$3DMGWnnW4R%nPYJS2J`QMo0|8$c7
zX}4*fJpvVu<Bh7{3GNr)&!2DoWZvf91g=14jy5w8huOGYzr(T!RKxtHZFnn>p0ZRD
zWsB?pz*r#|m41BT&MgK>FL@3^q%BBvzsBvj@aOa5&(t%SLL#sK`LzFgYh*_NcDg9u
z$40B)w!1HOudk6PMQFil=eZ1<2l$*&->#rPYBylGc(43*JO0yG`=7ox_`7>I$X^&5
z-sn9@DgX7=qXjvdej+|8Qq>RSJeAJn>pe0Gok#(%I$Ana(e%uqGgSfCGHqGb?`8LY
zYb5`h&nL6Q0~9#Rz|OrmU`^OL9!9|1dt&!M&wE0=`IM4y>|bkSM};GD&i<}OSHxd`
z^6%~Xv!k#r!=!0A3&sY`fKYUMItBX^C~;Uo>~c;1H7^dEQal-!bGKupc`!Wy_DZbx
zVM|QmnU65b^qaj1ZpEesnNi;3xW7J{fc?C~If^!ZVcUQ2wf*y>GLi8`w}hT~*2WE3
zl>b%Am~#}I3M}%kFf9Chy+M&+&Bgfa3CSt5RDr|;5f{AmN1?%cUWJ(npGjq*8To&C
zga6f9n-Uzea$rukxGT_G2$tuw4GK)ks{^lD)E+WHMXF#MZE6)x$l~p%ni&o7$)lCA
zWdJ0VlKCZj_Ei?4)u*WY^{UUzp;VABop0bRSl8d{@z3Aye>Rv*cpwU6ze%2dM>;q>
zfyw)X*jMkVTyRQv8Wex2EA@WoD@-d~Ny+K{jo<ej+dH1;c>S3wCK2#2rr%+IT~>ZQ
zEMO_pxr6@U^8D*1_20djP#3(8P`Gg&a;TG*EFiDJYP3Z9b8L>k|4Q57?QMXol~<`D
zQh385aA&QfL54c^KUhm*INYjDBzrjQFWC(5`4fT`oKPQ?WZeJ#z4en82dEJv)`p{X
zjv0+*l;Je|#@i_)^Id>V_LIv}B^<7BuJsM)(W~#^LC)?rV7C1)5D_rF<9<#In*6)2
zQ`SyhA^CgtrF_p`4AaZ5H-Bx^zyIq0x;l2OFW5K$9+0+-eJZd49`o%(r2|rMdcEu0
zPv(*?ITFT;{1;N#ES?M`#<#Fuq@>ifJ3AtjlyMN<^Jy^2AUK@CmQerijmazpvRzWK
z5@zlHTZ{0GfB-MNp#kWA>QlzcnT>+OL0(2y`$meGCskLf7|@Bb`?D#$@t8kb6gsdd
z8x0MA>@t8rx+xy}|Mlew$j?q`#=401f4vu&W(j}<@j|gl`zCvHW7tx<_Arm$4Bb!S
z^JmVk*CVuaf5%XPHj$#8fG_=jdb<tYc)JVjq@Xy+fhXazevO!60J=$(FMn-%LF4o8
zJ-3Jk8H*<5j2wfXu|mw~=edX^p`RnYA2Jt{K^Wry?3eoDTEK~L9GBiXkS{ed%*Ypt
zp#1x+Q<1;MYL+GZ#R9-33u_e?1rO1HgV&d-Ow^5dbO`_?NTHZ*3D6D3L?YkF!h8NZ
z^S2El;bdW|e>|;l0GR70&HR+ZHlJvzTi<smKT+%{!P0Edy##)U)P|^YZT-y`gKckl
zZKvq^J?UEhlp9>hLibS;eGAPgoZsL4daGp5@hpdP@J-rc$))}z7|EXdalK=hUMSbp
z-B?b?V6MaA!v(t130qRB%?ts7gcM_Muw5|MpWOlYeAdKls?qhVq#PVoKVR3J<KW=&
z1ymYdzTP?R8KS@550eZyO!A?{<;m7v$)xu&DAiCW7{;B9gi+F1g!DFHs(U6L$h4}n
zRRT(nCc-D>?L3{35`l5+o2!?oefrES#9T2XSt=>}?$ACVDR$Tg;L(8j%Q6RF0CfX2
ziu;2`1G%cIolGwu>;a=%eIWcNpU#bzcigmW4`WAIe*nzIv31l=B^tny2~)jRZ?*s=
zs!p934d&PgvOZQxv^i0^;fJFic+n4_RD+U9CGhs?z!-w_oLCVYkeL@t7I75KKL4wM
zLNbvE5G{xSrY?{&-e)USVtZJ>IpCpfmY3F}_5<@xU!*?5=Q2=;Ugu3!!J9m3F9z8<
z+)9T9@;FXabimd(75Cfo2$lV5fc}^xJ&Dw|$0u120qnqIr3_Y>&MFKDP6$RzmdFlJ
zYXwGU9!I~ZTorn$^Hdn*LOx^`=lB`(o9`_uTfUBi_8qUiV}$QNNaMLk(`U9_-^cZ0
zx~}&AQKRV!ZjgfEY-dt=LplQu_LhxLN0OMfo(Jlz1;My2ew1~62vPo%)N1Q{2h`sh
z`|Mi~(UQUGVVXpn$8KxZw&&YM)^Hvk{W?6kDEda*pHRJ{fpc(d1nscF+7S0D_e}RI
zqYB_^5@DlRL(mLPx1Lq-&Num-&DXV~Z5GGA7zOyN3lEpN7rIhtfhJeY^~%^phW!;0
zuulx!nIv}6>8_@GnGvMM^m7iM*Z@Ig#k1V=$VNDXV{_yI_4yrl48!IDE)vr)h`Bwn
zw$yu&c~0hZFYZ7{@(63UH9ycABdjML`tqhwc=_b8=v?=s4#cE?qrEBseJAJL^_BzO
zqQR#Y7C-MMj&BSUN%y?8cUkCp4&{4CLx_yvmzfpifnh=8oyG;3C}^rG(Pz+#O|}w~
zCBG6)`VS*W4chB~)}HUb+szxd3t|IEp(pYmwZUvNF72-k4h-Mf<fHl7y-@bnLOEf5
zsH17vqXL_a7jGPsd0Dqj2g`qU3gw<~IZur6ZR1)Jhv)J<+igBvy-X^xUsydBfPcB+
za<J~^TE#l@y~kyMyUx;VxW?yYuK8f$Xqu)XO*Z3u^;RwE^O8hL7g5ks?)pPg@~gfU
zo7F%z-)j*#093l2bDwKc9w}YXju-HJCs#50fNdO+Ail$%_aeQ1d&+a`JBWy9+4-YO
zH1bi`!T97wXVr^jG&^Y0&vQ7TDA3^UNu+RVttWY2N_=G_?8WD&byd-eJOd4mC;JxW
z(_bQ5>CsG+C$#L#qa|@})Hl3NN^=Sget7)hfP+DRAh9C<jaccH+HElyM*Iw|VEKA`
ztp$MH=GbF9ea~<tM+~)0)?<Q(#DEZYV`Qh@rGJ8D5;Ki`fALxNqwmk|-r1gQRO~5!
z@bpg0MwB3?YC(=4?duny1b4QvyV@O2)9<Hr8r%jpc!GdgqhIQaww1wZ(w;>`f|%za
z9l+v~nJT66g!-G>gRLEV2>1-X81#voasLN7F7e%LTSIPdp}HoFX+RXN3kB>=nRU`T
z2KW9(qHOP4J<wI-wJ@yz1BG;~oh1W_jw7gD4B;Tb89VN-HHxb4*syN;vgMu22`)B0
z+mz%D4Kh~~dQMpRFtJ<R3+)>3-Ag#Mt_}dcc<sAw@`qeILbp?g5ZTy~BBKyh!>`Xp
zNlHTQ>6pWIy#MTQ;a=G2%R88-K`+r0h$}mDUs8@BV`)I6T)^qI)J1>aE=|al1cg4*
z*Xwm^N&`guTD-71ob)lMUGdmwj(wo{{0`DUDIHU+kdy<;sPNb@yS9QWw2y6duowY8
zKK@SW--^H%$n%Ell&t;dE1&(g%YNB1;4+_mxbUN>@C}%~nyr?5*SI}(^1~RoaD7=-
zbnz17qaJ`nDu3kJE(IBo3sd*%O+h)JQFhT6<2`o^PtU=5b>iyoVkc2)!f2sirG-#|
z3<=)$>DIZ>_zM;~t3$P%fWy{i77XemJNf80Uo${kyt|i}{M?fa8A4_QpyFf)S8)i(
zxlCk3kPU#=pI*HcIn74l(yXG(1aN6K3I+NI93T?iVS@AM6rQU?IaG>8?w`Tk6rL5m
zW|sCKcLI$d6>d8$Y|3x0bb7GG^}Z%E!l0bmN#Dg&{C@+jN6BZ!(Z*1i!4NwU@i*2S
z_FKrWi8uu292UJ8hc1|e#NRN{EXE@};69KX;M^%!RASq>K3V1LO4*wuejULnPd3Mg
z84aCp$VpR;o;^mJ7-s0ZNx6W5yQ&IScK#zD&Pc_tCF03UxpqjOH4FieK;K6~zl<I4
z%Xr|FfTXi$#W3mo>6{GqQ?HX3$K~de%I^BP(aXPy+t0E0qE1fA*0LpRdn96Vj*QmA
zp(%;5={OF|u~ZrCC)@da?eYtK87elb1KkFIc@#Lk0u^23#26FCp)ke-OSQ+_Xfs1Y
zVeJNV@$YmopZTii%9|iwaAb$#-4GUqQGfel^k=?U6-C|x-D=QVkPDI?ET5v1x%g)N
zAGCUzmr=L!iY%n>2qY3erMEb8o0$rB)8XU@e&Qo45zl48-yiYlYC*+fc?oZ}Ha;L;
zlGmhR)Y#kx?q%Rtf<_vmA)k_qD(Ov^2kGy{5dN=V^*pK9^=toqSUp!mL&JOIHf>Ld
zoDjr11<1rho_taa+i&jKUl7!}hXxaK8q3CnUVm)>b8`s$V{fTfEl?KmT~7QWSk(Zh
zxDVW}AR4-=a_cqqcwze*zQn^a8?+iucIVONB(=N|!^|D?pZD1M<CC`4`d5wz&18_v
z;nR6-s-~JT?A5AzpLTC+eD;FzF~Eh*x;zr4*!n-4b*H9h*Mmj|V=SohBfVF1SbFl@
ziSA#@>>L|Oos?L8*&)`qf&D@Hvi^2KRY%Jk7uC6=hi#rqhltF@Y}N>b4Ki9ql_UNv
z6g4<JZnU8VLllXD1`>}YJPKqMeNGQFqJ&lSmH~mjvqpN;0#5<H`-V#E1Y_0_|2Wj`
z=Qo_?@vOMGid%g4>+#*b9kQnmz!!XQIXpz%Mlk~Z43i!Gqp|iH+Xd6_$j7a3x~onz
zw97F;p!2Ur$zaWj_^E+y9XxR@w@Pq0P0W>n%8QS*?$n01D=X%E?n2vlTF@$~u>Ja+
zMHh|#ba$=ikz0$c3y1&&o=GuM!FRIQ?h4;u?>!sV@L!PV?<G*{Q-sjv%zsjR_pR?!
zSPHej;}rs#DzwCny(7CXj4emaaLny11^2UuyQP^OKkk<9VIKT)B7C5rIp|UpxC^e~
znt^6a@jmGgOaq^}YE*Ns0LIA>v%#z+UPZ8g@uTE5Zi}Tk+20@q15f<HOjGGKb#5;$
zy55@rk=dXz3T8ZLAfpMQNT-1STQ<Yw90;Gznz4{3!q|kn&bKIm#U=jR;+jkUvbeR<
zwS_F4P0yy&U>F*F`ls((vpNHx%MHa})6lwa=aBt}K`;A<L0?kBYt9ZUsX$?p(hVW&
z=%ZZepjTHP%s!VVV>O%&SU1NtKHiSbrspGn<J&DAwW<5F?d@#_H6HCllWe3tH~Hc1
zH@5~lp;4i3<nTk=SY}CGN~FQSayK5vEc)C~{!249CcUHVdLVU_2Fg2`YtbZ#JIQ13
zwxHa3N2`Ol7!mt=R`mGbl;5zPr*2@hLI<ShN`aF~EM)HqOo2!ZsQuo9nN}=rpu|36
z6C7l00N??iJLU_3ivPYWGxl9)k^$(cp1+(Ev-^~}YEB3M49YGXZuHXv#qw4;2IxX2
zvBy^hLz4z<s*jclNhRj_t;HA>#%}k9SE*5V9bzAMYE`%&7Lygh5OwcDOV0*}02@p?
zz$3rsI{4WZZjL}7(h@V?WqU-Ce<})gkD-(nTe9mK1JO!<b?6wkw&2lq#_WcMNcwSH
z^0<6q1*ICh8PGyL+Hu<=j4J<U4$A|X<Gcic7aL=?;<GK7<}XbRL)K&W)1`uBQa@hp
zGcQKh9!dJXdV33g3aW<zjbT(CvH!A9<7=VnFM(Li#v^yPDd^a58%7R?mst*zXKYTE
zfcCI;YU&0bCX-O7)3C3|YRZTkJ-~p|h`I-QpmpTFR=gYPI;Gy|hCV|7>S}0x^)PW@
z)}HiFLxs;iK%KeD9*L_jO*ifDAVqmL7;6q(?zo{3gz%D+?77V!h7S1~pQigefqo)0
zMjqrKKkLSyO_}-jPi5>X*9~9&VmBP6G)cf`j<yKax%E4syjOabftvZ^3g$5c2IKen
z%bC6h$$TOZR$aXwAbFCVNoLk+C@5FfF-~`NlI_mCnx5z7VzX{IW?xDgH~Ila+>H!)
zk|ZD~;?1W}wgTdlkgV_2l|qllU6-%87-j&0%cmRO>;ps6i`fDnRUxHsqQ5fqJ(`JP
zlDTdKfW3HN?94fS*E9X%{reN<9>+6sKid`*w}JQkqj*6P*CzfdmnMOp6a`5_gVNhu
zcPw+xS9lzJW?HwJDkb+pJBM5uoQtEX?f;~V4`!74B?x4BPJAE|EmJ*UIqL6*;w&t*
zKX5q1F=wl|%tM|oKDeQWqIoK>!qjRyRU?vl6z=!2GW%Gd`yL4Tm_dSGe!KD_7;7uN
zVSsNi*AyYCz$dz~6tH@S>E*jTo5v1IU941vp=33CN7IuteU5Zx+tIRAoVp*+0IB+U
zn)dHISsikR^Mdh?XC=^1d~W|HV!rhM8Dbvkpjm3}N5gf-%>ZF=^)k^oz|2Qd{{M@a
zzX(*S|1)NOmSy5odtA`UCvNS#v>%W)>ePD{6Ft=$dEFHln~^i(Ahtr?+HK`iu~f2T
zttU>c?RU|v9n!BlG^%G7A?|?p^pm~Z5kt{yev?b6#VLQuTBH97C7%Umf#}~*yAJS@
z5MHfn7w!)Jj-qTV^Tur#IGn#0Vn~zle66P_<_7fjb60XgZ1x5ibNKdtw}G*T7$OkI
zg1FUhZ;9)<ZsM^8+P4(-7et=;zlO+H3l;;l_J4%P_x$$|`R+IG`hGFw?=9X|{aLfB
zr~_lMp72Xf+0u9~jytKbV>^`xx7Y{$d2`nvo3g3t2bn6<CN&j}`<R#-Z}?9!YhkOM
z*Emo`Tcjg(XtROLq!Bd6YW(ZfI*`#wkU_0>rJ0yk?T$akI%J>~kSWIzfa_z14qaUz
zIEhPHl3U2#iW<a(^(khJV}J-jArkZ^RINcM#7@cr(kTCkWojF~!IvO=#k;vf)5Ay7
zgAZ*>ud_5qxiqKAKF{w$M6BfNt@*&5h9D8eV=I8_A?(aOeqllAJxu@UOI+vG0m@U)
z^2bRhfjdUtT75Tz9OEh2A71MHYBhNtq`+#ml|V@2%E6KPVqPO=WfME%jdez(S<<hU
zGG^5wzIUZ{r9yLGg&VEs&L(m}mMhTat#F;)D>o&IMVxv}BsjGQ-6@DcwN9Px5*3$k
zaI(=0pv)bOEwQ3P{hh!JJgYzuTHj2q97e_8#n-3cpdJ*Hd6dx^zVw<-stbsv?^5N~
z?tS4!e#(sV>B|%}KncGNP^D2p{0lnX*^PV+8<}<zLsJB&Y+_Ydx$@x1&f&Z)tzxz7
z76s871NpXpN1$>tFNqHrWH`rdkKXj$k_Ho=YEsj#yU&$R*FR&sLz5CiMCrnzF6+Lo
zvnC0Bo=J~Xi(untL@IuKqQ!N2{;W?i;<`}dgY&~V>PB9D`*%GC<exfZsGP10)rK%h
zU2orWR?gHqJzASv1G56;5r8?ECSSdeiT)6=1X7}xGTxFCmnhEwsgi$WO4YqrS6UzJ
z1Bu-?b)DnKDWB~lTQa0WNL;4761i!OJ3Z1gABKJC7Jn)=p<impOef*eK(FC(xH&pk
zbnep`yLmd#UGauiX*ScNPv0)U*(wM*CV|Z1TYEvxtluYc>9JTYjk+3n!{C$-#lc$x
zb-LQFP&#0QV)-O7eWojp-B5@Ov=D~KNsw1FY7ol)9-}0o7$@OLA}BQ1cW!R$*%4^}
zXTCsT9RB}=AWz-{%%I81q^n%jQo60e63=Ad=*f6_?>dsn)3nBU3~-uX&MnF(@SDhR
z0|uh+j}Qsvh3jiMdSVfXL|0y)$z9fzDSdicpFa85u{XMYL*kDWZI|?Jgu-vNb{(Uc
zX{42vp23m&9nC&S?5G&&@r_rINW?RyeLV69csTdZ-!k0Ny}xcqeL5X^;cbQ?&Xq^6
zbQ{jI`9{3)efTtQ<N_B{HWNW;Y!4wB#crCAL04sMZLydqd*$>lbGfzYl$Yz*j&<AV
zq*a*iU2hB>hq!Esnf#$3sz<uks;HcrvF%xbdc<9;iF;vGJf)Lz`Z)q&LA=rJ)w6B6
z^NLR<N$zx?Z;aFTx$iTdJ+y+DuoaUI%wLRh-G~2(a-4>z@ws1zVkAzs1C9=K=e_uk
z5VNDO{aK{8I~O+<iwsrKt*!Kv`-|2fTe<I<{>4^f&t_BqR{pqt3Jk!FKC{O4qU$`*
zr^+dhL6+PH2ZwuBveL+TeH!LqTq@7JA6D-```4)BY%LMvI}pei<M@`#!$3^+6lNkE
zni$E*D^}hd)t@-l?H>OX+P~xY)h|m^AEwl-e=E<WyE|;JJ8aID-=~{cDG~~Eqgg2}
z`55>rs07EmZ;f#s(_6XcK8seOP6%%vY>GIwC2k5^E4S&!Vq9<2drsIpsIid~?U&jt
zDsKqUAWFy97SVnyJLO~F+O5at`vN39+LVD~N6nZcX;@A>$v#!<JhF$g*&;Ok9^x;Y
zvOKzGU>}i3mTEswHrX1~dJNBhOtP-AqCAa_PsW}gm-aCU1V=E_<&W6?@p^1czJnG4
zWrEZ`Czyb2YQXZ8Cs{ChcMpseKH(-|_dWM(kgzY)dxm?47XlF1s`tLw)ZJG&+-*vs
zIn)_Ec^~lc2*)IB@|!VGN`(dmg5KYlYU`20X!T3o*AIf0BoF;#Sj0njN*{)no)8t#
z&WJN^*A-pi04t~es<<LsHe%JPYTNW{f_nam+$*cYX+%zxej#thXQLk$?QIV&`kOjS
z=L;HHbc2_P8Ro%MT8b#>q4_t(RVr?+SG$adwXp_%te%XwsRP<h2{0leqse8-dhST}
z6HsOx$UxoM7+FiGT!~*>ne0enfYvGr9j4u`XHWKWcyL4NEp<rbT%2(<0VVQylC{1T
zbc^qNy5>o&Rp%A7?WLydp)wm6DgNLC+OBfKXYg6Ii*=fCIO2VoN?71g_pm;rf$j#<
zfvX$Ve^@|j^%f3MZEtfSvZW-l(6%qyW*84WzWzS5rlxm)g|h@a${_xS{FzW^TQM)a
zqphPr)o0D{>Phc{?Jl=?eV-XBkAwC5przt)!*t9?d9~nT)95v-6mH$B*b&DNQEJVe
zT1~eJ33a!6gI*qe#;wXFo9Ul<43@k3<xL8H)dhxQ9jx9AS5s-Ud%oy?a%$cvKlzdl
zAHayrt0<Evic)m*XbpOmWUhGAxQl-vf~I=A+(2^$p114^a@Qw_3S*rn-mhpmmBiM!
z7b|N9!EdEKLZr8qXZA~UZHyE>O|`|MO8Tmj%-Zz^v9F~`K2>j3YD_s+pv4c(8N02V
zVxs%k%Hs|_cMRE{oGKSU)xVzX;oBM+bpDwAaq*>_<4aM!%_%gFrR(;0hyJWIpIdde
z7%a-QTbwgDrX$collxFnOd#b)T@*`h{x(xbx0C0_pzmGVDVEdAjF+M}P7W~otB&Uj
zkRgFaCB3C6x2*D<H#%>}ztT^->boKzpMyO+Z23WobiYONuFJ_=Fc7{m&d5;^VKvTK
zVhX>%(d%QndK6+F=&;#aQobz;BP(jjaxF;p>9(~BUD?Z`;BY{oXPD|`5SQc%$rKG(
zqR7R2%M13Y8Z&p~+`LHJDW+nR))5F>ly5VeW<^K0?@0s1pn4kXyM;?tr;edFM%Amt
z$FHLyYsa{0TQJNHI7+r#){V}-5}CWkLYNmPD67QOjlKt-H8u8g9Lz7!F;DvYvfpmc
z)-#rFH!ubry3ZRRqKfA)ZbT)W#=V;u%$sHGn6r4dOi6rQP?I5KW8AeT#dTs;Bhup3
zMAg{~bK|jX_Fl6Ms(b&$#1fk2Du!7AxdO3kB-9k?*e_#@Nt>pqUMJMI`QxHa_0tp`
zgmA6JsQ^9HjCSD4+FI1gG10hn{h5{8KTe9APGZ2${Luf<VVUrmFc5_Xa-fyL8OZ6z
zhgD#!zKgBtt>h*)%k-Z{wH|+(_9G)YL7ukVhJ>KW{QHv_V7ZrTy!JZFd+eJTAwpNF
zs6x$+W7b__7@BM=Kh3%u0x{1%%JIkfL!+7b_gVN`J5qWwq>?=nFBsQe$v3O!tqeGP
zJlw-%Zo!ngVa}K$Zk4SxxE<DY4Cc=p9p$wC$1Hg&&9}VzAR8fbV`)U_ek{THvw_yH
z!|?`i<?~iC-vT5)oqN@O3baC>%p}!Z#K<W^@VN(#g?MuiBQsr>JrAGGN>eRt|HKcW
zUbIm1k?c%7h;HLqF0g3kFmJj`tF$rPU*fh7=GGk$njI@nhy`-ijCqRBT)xW83_}k>
zWxh-mA*J0?JXD-W1~sDBFJ#F@>DBFblTg-^gbg<+@>D(x?pgdi>da$HrO(SyzC<J|
zwnd#u?@6DN6j_-%)mhUuU5a)$0nO62Otml>7NvpO#g2HsfGMAsd8D|cm&9*$sgjU(
zv0OMj{Ax3)HSLnhXASi*C6$;6(fVq2^MX$K)Dv<awP}W2q-H7>92?QXgZ=k@KB)!}
z#O$q^&V4I*<b@wxJYQ9+vW*Yp^!sRSYh-~2I6D2xU|EcqQ5x(pNB@cUi&0zY&<nY|
zy*3)08^a$lZ9YC0*hgD>Pk3AP(@KUFY_?D=(Lo05y>sCLU9p*xd;3ga9Nw#fyCNN4
zQK?t;{LdiI9xfxVeOH&64S&?uM9G~lQ3n8&`PH4WR8ErN!`8g02QB`DbyYXE)aah<
z9gbs`w7Uf|SJ3=>ZhrV^4|o*S@j{{QHBm7G1|lx^N6sk(ewa=neZ{beOO!v}+U9@3
zm<Ze6zB$TXD;Pna1kvj#DBQHESyw}!?z@MRkTLfnlM|pYNpR0ZU4PXRPb*}7MK2KZ
zM!y2aTEE?B>EMAr?89hYqO7gMY?r;NW%wMWlgHo?Ko32P^_)`{YVYK-f$jH(cz3_%
zI_aQbq_G~Y3R=XTye#CJ_vk;|YVtuNV;_*C@{CeOjBZX-<{x@?PHWjznDp<?rATU`
zomB6pi(B9+Zn=2Z1i`oJPDwT<ihc~CK>D>8ba&7dDieMfxjo(zZQHVuGixM%xaiqH
zF4wZgUoc-c>6>+e|53;rleb<kBhkS$T|FXQlz5zwt+5s2JzHTQ9fC)PdpP27%uoQK
z%R~;&{P3QAz<{XGAh3G7-1ghV)M6{lds%jfB?dU97GLr~5ra8T<rpZcckrF_j)(V=
zqsku67<=Tp^$~I@^}zj#@oBXy>``)<NKL}JBykMwA<Etn+t**6pn=*5WTzWDSj3{c
zmnw%guN#i}I2S0)bTR(&eByG@nREIle2)E?{e6`sHSDm0Xu;{$XLQl!iMr%S=-B9{
zG3wj?@ycO!rBA{y7brzPuK@ZPT}cl!7*|HF9Jo4S5*T3KsFBX&+LaxltC=|`<CD;M
zZm6_GLnP&)j7gCPpJ1)eT65G=?J`VzkGRar5&=xiAdk=%sZtbTFu0>b$-{J;m(NE>
zF;ZV*pgL<q&O13W4H8W3t?skm$v8VTjb@mx7JIuTlG1&(_Z!dKur&D2Qm-MM=)}Ae
zO0K&bj!ssA!X|65z5Uf9*g<6TSK(UN=QT)HgwyT`W~&s7XJGhIu5BD0%fplq1XsGk
zKzZcURBNr*avAU5xwHS)3A6FZPV=V<=y|s-Xh>qkI3yU>dGPSG(U&S0hQ_6X9X7G^
z=VoZ^_4(p;S;VEpmuau4C+K*LE)3-Ki#YJbYOs|-v58Jr`(7*wLS_2SN);H=gU$P3
z;>z~zLw_Pj1`$uiqc2H<_AJT?PnOGdKP|n*#TQ?o?n@kAsps&qziYi3QZpvB0&$sg
zKebMj^!{v1+ifRTpptT_z*GCH)lRL`Be4XRbu~%UTBgyLELQ<r57a(?ZSi#LH!ja{
z@$GN8L0JRbQh_59-#!E|Tzab;Ut+G1rZgUv8kgjEU!qoHuSguLJdThoG&y=8K#CDZ
zcaRxE64x(hj_a1=zZg>t4P_wrze2^k$Fu{A3W{=!&fyTYHc+UPhtwW>-4i|J8Dz@x
zvqgWG3hYal#;+8&9($$*6kc`KmW!Yh^YS&XC*uPJF^4ao!0zytxbK-(9i`e7yOG><
zIk=;X4z$Wj_PDO=x#8>}79zN`ZD{GSvY_ED#qcs)hU#$2<uqj%HH+SejA{#k8BJnF
zX&+8=o;>}!IH*3l2ZlTL9Uo0ahpo120jnlhd+YXfgxB;6x6B3Qq&qRA<L<e|l#2(e
zXo50J=l4n<^w_G&Ib@&Il})J|yc^Tw>KdnRM3z5t3qNq!&A_Y|&3v(O4G|10xVcq>
zrs_-<VV(EUvvzVoACCDz^umRUrrXy@_m&(_vRR`t%4Tu#a>=?kj|V=hg)uC>Y)OrR
zO<iG5s2h;tKiC-7_jvG?@}l<MUItpM4Es*omJ%KI%5K|=)RX?jmia<;y9I*d^r@_D
zm7qX;_Vi1PI>*dA<@P97kC$jC(k@g6tmj)+UbT$1$W(p9qpL;+qOcnVDNY8l&PiH}
zOOZQUwTcfOtPR|nE?C(!Goj{4wQqV}YCGq>fW-I_lvo{vpCGhtC>cs_e<7vh2+ty&
zN}Dxm763%eK(D5sYqH%866gEY=BQoj8;rMLE9hn%Rf(0O$5;0TrOU=5pxcs`{N6q;
zF?vw!dSHwPmhH{!eU&Z!&zm-|tJuE2C*%)zi1hD1my+)*wRmbdkS&$n&6r}>Ktx5l
z8e?(ly>4%hAs}sxPKNf90Z-pn6!WRX>9--F{N<mFpZO<Wx>TCLIZv}eB(25$a!<;4
z!xj#j!*-~j`gouxlVO?7`k!3Ie87J07T@EV;VVjvWL`#1x4*mK6`wwiT}&!C?Ng_m
zgG4ljq&G9d{2}LCw-8w7E_-a0ky0Ae`@&|zP6pPxQ(&Mt2Ys^VH+lSmZLYjc^0$4t
zrHx)S`h-C35?!Vh)wC`~51vjNHP81qGoFf(%#a3XfvFJvB-aIfskn8_lcMVSKq!?O
zxs)<ydxDXJ!VJ+E9`a4B%Bd<DhnBXL)w{PmOwWVh){c%jI;bQragN0W=2%B7E&7Kz
zIArH=$mBiFui~(&GwJ!51QP$CTW?fca_s(~$g{%ISwtI;f}kJn%r2&%D|t>=pK>`>
zy+BV{zZ1g`+@woc^hqxZs`b3oFw^bIFMVpnj}!d*JYPE}<)Bv^Sv(JCUz-iVC58%z
zFQx*uyRvP~CgUXy=kSMtg*$h{gt$~3fk>w15wSSvP<rNZG+FLGB$VRq!pW>xBgIp4
z8FZdz0j=Nh*N`MW5G^6ASK=K{+!&yc_2Ipr?wq(KkecIH`vkkgZ`cP^16RvbI)ga#
z<O1cmQtPfjc=o?@>Y0uC2$SBaq`5X<%F(R)HXqxxixRTNo_rgMZH+;TPv(fO_(xS&
zPtq`97SSrAE5=orU|JK3Ll3ob8+w{ln;*du0|i?~IR3V8%Q0(*sQ$ChJ#$aUNyF0|
zK3f@CC8@=a<UBQ7by)dS_ZsHKkWb;?K}`NC5`O>?Zplnagv0b}P{<|5<cN*=ujp}8
zs_$*ALFZNu#WrI-c{I0^wylKXx<r<A+}B08go&a@15BaJJce74q`TIcr<?g?b`C84
z`{eP<9&xlbH3=%>J2DBW7m9&})AYSDr4lb>yzKa-p`8$lS!Ok~4YCP@N5|Uc(|J;7
zGfT<uhWR(m8imEENRBSGzNy`@yP;6sx^d7Qb^^U2ehUE4WD^@1;|etf0m~=M^P#e+
zQYh6p;SRqlYWDPCSeA?^CO<~|G#{C5!Z~aUS=U(DEue<TCXZ|_9LN>Oecbbi=gDp6
z>-qub?X^CQ8c?rB+thB5?5z8gPL$S}OGu#i@2!Z$X_Q*Bi$_ko$8{SG+mSQ0kNM1X
zPM?KJ!%>9Ox1Z0qbu)O?UK6xC$E}CTs#AQnl>3?2ezf>gY?_dkPFx(`wtzRLl#*jt
zqO^+vg7)y^a`HJGO+UFcj?@fx_<HA_c8+I2*&6oq(uFz~aHV)_wY_@oeHQm<UOmyr
zdFxWhLVgm}rX$on{V={|ICtE(dT@#R>B6X1;Nz{E^*MX{psSR~emczZsTArKCOv$n
zh#Aw9cdsV4L?v@$xD{z6gfa6#^OsFKp%j-^GSMq5%1d*-FpZ7wjpGlxDJkKM@eI(X
zr^@5gu({?#MxNy(#_GN1Nd3GacRq|^n`%LB(w}Ii`SdvVWQ}fP(S1F%_Hlt`(S&Wu
z%E359py=lV?0BMCwh8#(G(qxR+?~;17uSrRGpf4J9Sk>!W%X>0lZfTvI#-`EJa0HZ
zQ{+{+Sd{!Bj+k!0lz6VAmzcpLn?+Pv*fTjiO>@t|5(`^Ot3Ha#TtbLqYbszKgFeX<
zuoQ8uJ(jRu=4Dt!XK~*Jwp?C5q4EfV`DB)pdz3e9_dygIsazs`^DKNhcfM8So`i41
zs{jY~Zb%78gVH|A+brs|dBLu8;!Dh`Ia6xn*xy+m3c-ycO>o3wyiGJ^*HkhOLlmd;
zMsXU_d)<mpSyY{^{DTaIH!J2I2&ZWqdsI^k(DAQ7p1G5uo}cKzi1|^US;lf@G4W3B
ziUzsQIv`;0S(kLhyR09eCS3An-BC4#`rQFbDNe*{r=u+59A63vsS^_uW%IQ)yo#<x
z9DV@C`o-)1BsyrV*B!?8JrKyO;cBZ#d4HCS({;H}W<L6ar;e$HS*y11Gg>py9=N-o
zAJ8N^H{||kbe^M~u6iV3(+z!@sxnrffUdoE&1^iuwpk@5Z*W`tD@hg7dZOefII;^@
zTScip0k_G-VVIm%kDa8vUBB05&81-5DT#R)kZ6A_k@sog_wPrKESshg@sR2HL-MvM
zI`pJMF4J0hZk16kI<Gj;q%hYI6uM5&6x6T<@u>vCqu()pu~~QCf!Cn}<yK@JhF|E1
zSJz?^h7blnYFBb_a80t?-n`MBoeR5<Q$PN)N>45;MSaJBAf(D2Q)z%R=<*VFPu5di
z21FHYK9eNC36QZw+#1eZi)w@PO%LU3gHcrbuOTEObImccG{Yyet>Bny*?ioXPV8#s
zCyE-I|N2$|AT`_1L87agcWyon+=k7<m^al#c4oKKkeP=`nHmQ_Nm-9^2~#Dp>jKyB
ztSXn?<Us6DaY!Dm^V(03T4`(4)oFEePdz65a4dN=8`j-gD(*W~XdrD5focXjs*tCr
zAW>e2qs%xAa^TY22!yX9JGG+arGGSQ#cSqkIon5xrW}$p>K6*%Wxq3M=Ald;j5)Vs
zPo?UD)~`M}r3j<>`yhLGr*tJnLYEg3B%##`1zk{*Pd>vb<tvLV?j%uT*w(ChFW&Aw
z9JpbH)XowMa^bFOjz!LHY8N1kY;SAmMI&mgQk2FEV*bueAXbj!y84w*`}>o+nm>Tl
zMB4a{T(xK}z_?&htdc`t$S#a;G_L_K0K^*`s%N)7L%1T>kS8A|V|B{~^`syRoa@{<
z#`WVMT7<>{={r3brm)&)^}to2V3m=JTh8<Nc@3_cs<2?8tmCX;=CJL{O1*tVzI(9N
z-Lh$8RG(#>2KckOXr4W{OVG8CSy^GEqe735PNn4f9wA8>cJsn3zIi97N^DXy-m`s^
zB<f0~qEPirn0>~a);5AR_e~(mS=1+k-_ZzGv8TEK_=Y+scK>?f@5f)uyZQiD3(k89
zZ}d&oo5?aCn3ckP0;CClpL3>fzY-PZfu6ji!$l-<Q_2#_E>@AEtLBy<h5GuzRVt-o
z?-gT9SjB$P@<`zl7YQ=29{K!!VRPh4e`c@Hw3qed{K~h$@kllCs5Fv>e6$CH_|`|G
z?6Igjq}2;DS2+^tpw%AW-i>Pf_D+|6V`v4^>n7%T+oKo;t=6?3Zv23j<u5dQnWwqZ
z_^qNXsh}i;VJuav)cpRZ`f;W(f=J1eYhy19YK`62)1^at{E>*ylh&|F;_z|PD>H2>
zO9Te9pRU$7ETzFB7dLjC+Vvce9(uJWFlHaO_h2Ay>cL)>aiXM@0R2W&I!!^v?!%k!
z#>>KL_iL{|yJpMTF;_qGat2KM_FfPr=McR)t#L0jAuOnT*)eF?Jk{;RJACu}nDMnV
z3$%z*zp@ZkHE}OtJ60GJi*hX*GNSwfQls^Hz~pS!i>ZvnBhC3}9GZ>i<iM!kK6MtW
zapR-NL3>o{>A?0;ED6Ki*eKJkkM?s-cx(dX91f<@rC47n2_5pTxr$r27*J}XsFzwk
zHT~sQ?o0>Eql$F{v(!(c4&58RB0dg}t|8rs&PdP->yyK+9|IqM*8{S_)=vY-2}hH6
zdy8G4mKsBDo*18?ERGCUYW8^ER~@Xj8ukUYz|%P09?BTZGKVlc9CoQqEp{ya6p@aR
zc^ZH1vrZZJ<5PX$b|UoZH1GWKt5aYg49iB0m_ni?0y)>OFq@mIYSem2Ui)dSL;tdW
z2e*1Hq%8^dBLbVChfvxuqg8GKIlRP)Qs~>EuxYpb=~{8@Rb0+F{p6<k<AgEWG0d|Q
zH^Tlaj^H!G5!oklPwFPoPgR!|QG2V$_+maN9fr0d-_NkZ{h2Rmz_;$mJt;Z&82dVu
zH8AfAd2GEzccLC5|E^~*_Uj^z<>-J<%#LENuAVL;A1Pba!FZ6`Us*CS*&1RZG+{@X
z;?}3YpMtUXE|`i6&Ax!&2K0Rg-u}Xt@@z3lJCt3+5$KsNgxz7VBI71XV<`=T%8aAw
zDhjPD(Aa2hMGv>`F$Tg<dS7kS{5~+y<7B}diR%KU#Nr%HUy<p8XYTSjKV$Z@qJtXN
zj&yNGbZDlpIwxd2G9sy1X@fLQQk^~t_~*UkQt#b*?ptR+{!rT(*K+yh?c88e!Z4Xs
za)aHxbR}i6!@Bbg;TrU}CA#hQW{yJ?3v7?td^qW)O`x8Y#0#TuHgrnO(^YFet{)Z~
zt((4hG&-|j`zxcrweW37cXBhGgkJRc(eBUL+#mXc<2=v&-AeUiPCWT|zpUDzC5|Tc
zg0dGWDm}WAMWhBaW;$D{((35e4!e(nrN_(TIJ|a{OZENM(cQ`DBio1gj1B|~^Mda)
zoY!RJ-$BmTyC-EHU0v)YCao_T=EfK%Nk5LF6$_R`8msqA1Q71!5dyNYDEG8h<m4`#
zGgU@t!YyV((0Mhae(#%@OLe7|nHIL4hdNbCOx^7gJ-ZB?u4&Y!uON$b0;YdYtXR>g
zSOv1Rm}Encs3y36G}|cu@en^he&pxk3FR$lwRIJ5wEp!%;Wp8QOSXaQ-XMWx?c`c6
zmY4K{N3H}N!mYDTwuuzcWGMQ{m}jMDtL2l|f3$v3*e!6RZ5#0+K_D~av);3>Y7Yzy
zwX{Sp(;w0ee$iEQD<ZuToFoYg_AH83E6LoRKQ0#6gL5e5=~hP)&`(9J4i}I;wgKfK
zDz5mgrN`o8V%h{6w`xMi2`NKJJX3+R;br@~+xa1vE-&!$JwMfl55S!EP`X!x;1f1)
zZ}=`ryN~hHLkV2b1b_U+H01WY3o4hzxlvzeLsivQlraiZ9k+z|jELERylvXp5hw!=
zOV0idMdnQ(8=u;1u*V0kp4fp67e|b{Gb(@{VTUGF!@gMgp$k1d^z5Uimo_sH!uG2|
zFSz9sX~3$z_MO3{A^}M~`a6>3n2S@dp3p%kM<Hx}#He15)oX5VZ(qsbJZ&c(KiK%b
z=pO#l58tz;^Q;@=GTrt^I#)VgyVrE>+I1*fkM&;3?{Dz)z)d&Xgt1%F_qBg_b*3*w
z4ErMm2Io<78iPsQFjK^R)tmAAbUaq&iNAq&{DDa+{BgB3-|q`W;g{ohDZqnwi8{$U
z%}xCMh(Nb!(wCauTa{BbzJh=J$FD||_lIz*<HxXV+rxnx8A@7Too-6(G#KF^8Qoso
zUPbr(aF7TwHc5|`bRRA1-CLkG<V?0ZpW;6BydibO?F8jWo@)IO=63fmv%#SG_)`yh
za;vxG^&TgIK~schAdL$ocpuM3bkV~@XfLx_71DqEG=;e1^I?g3@0OtX&zLF^@=niD
zp9x}OS>umCQViWONnc?F7r&}V90;y@Y&gHULZk%7H*?o^?fBXv>Y|YKF9W4$qRui!
zkc&+lZUY7S`Ze2|kj8U#4Eg#9PXA!3{(jDfr^D8tx%NPjN49**C8UOW_uFy<A?0!a
zX=b2cnsoV@!#=SD23uqf%MzDQViz=I<+q~2Am5K!_?HVOo0XA({r@pWRYYx3XsMae
ze5$4r$9=6n4>aGuZbB@j@b;Es;`CfZoL8M9OGPLQ44*&0IqAA3;Zq;wd&#qqrEksk
z?*k>haCkz=g?O>%Y+zXEJ>Vf`U|2JbDCQo3c<y>G&&bX5%!q%<_A+eLe`|)m!wnr;
z5%CfrYI6sb3ies|Il`B34U6e68?bm1)oh+zvfmG3^tw0Kj9Al%8{evE=ky8-ZkFLu
zlK22T;DF7VId#PD;NB9LGQBe834G_dpr;LvGi9EsL>qxS4>e0Y4lGwEb7vPaQVGjH
zF-zaB5#&hZ-C?u0`ZDck<?oJ9dSn=-zrI;M?bBeetm&rv<Ow;62H*17fvD&~Y5#mi
z3NPR2ss3kckC~muU%6y<rHLXV&Pn@I?$yFmA0%#CbK3IlI7*S&lD7y3mD+6c+Wo|q
zZrh>OQZ&XDeXOAa_0TGzo|8*&#ts~`ZyZPGpm8p4fxG%RE_Lc}H*j+SS+Kfgj8gnm
zgpu_?DQyT@!)BTof22T%JenOwe<y&vK>`TO-6@|tI!gl$i{K@duVDjoVTCmV9?oc&
zQ&i6GV+3&Z)byfJw@xRgU`imUJFKkq0W~R;AK&pArH-5t`aBMSd7KQSUeuos%T7(m
zXQw=cGC%^$Bij`+yF_|maD>lTqe|I?FpKMONdcEv`QdG!?^F6?*R%7V4MWP8fY%4n
z!9EaZ6li8p*+l%x_N@LN&fWql%5Lo+wgFLzk&slBkdTs2N$HmElJ1TX1StWL?w0Ou
z>F#dn2I(5$+koes=RA78bKd`2tXXg~bKiURzVde!Ke_d;AjTJf;=7q=OA%XVJtB0u
z3Y5QKySaY@l?+*5jYh6{^FE5?PG&)O$l?eBWU&3kqYJC)DjT@4PNYSKDa!(-ZdF*7
z8iF?37tT!6{=B?);;&ZU4mi#_)MlbhDPQ8`XVjecnVjsc>~)RL!8&&GHRnRNW84q8
zsLT)94%?FN?k@HJs72#KF50U1-$R)ZQ@oEPn>?F5x^a`z`c?T6D)Uz5?!u-?%|3c(
z7_|uD!=pi##he;?*Xk2}>+kF;IaF-U<!maWz>FNZXuZkBSWcOxVsxRwS<-Dh)qXIi
zqt??!)Ngf-4P)F^^gS5$03NXa&l7Q}Pq@z8?n^6Sn*NE2e$0Xiuo;i7m4#512R<?;
zH93_#G)@<jCF=bn8$XiHA_k^?T+CQbP0Ekana_{r7QV?B==6rcdaWz&W(oxz;H$~G
z=DeRQr<)wyP)V1k6;jYAj)Q-9myYTPn48`?mAC6d81(Wv*m_Ge&Oq>3&@Pexp4LJ!
z49pGwwt2|$boX?xUyNre@zzdtk`H|2Xc@udOXlahhR*`gi1wGL!Vag#mC^A9NS4sZ
z-gzQtq2UXJjo`d8N*dmJKeE;66YzEesi}5jpIFYhc4)U?zmY)NFxBhs=6dY_h`YdV
zT+I4Zc&_n@j1?PUgGtitail;_CgfaDX*NBuKh4U!c`7Fx_H&792PUbrA3;~BcAhho
z`CNhiWh|nnwtcqAw6hoj(v#7?_Kn<l?xf*zPtw(G(N%fp$#R0#ZM8-#3MG`87^r+u
zD%TSZ7DJLV*shqfJfGr~|Axh?6;{bGHn<kR?k~B!NRcGc&C2HKd}`zp>r^u7oU+B#
z(-pV?aXOU>Bog6C9Y!rbE50~RUU26|G7>wSaEMj97+fFSJ6U^v>mV<?hgYIMMI;e4
zFK93KA#RsdoeUP`n0pXD?6y5;#G%#0hBxMfX*2C~DAe5-)e5)egOLh3cW{Y_j^_4f
zo04^os~ZO{rcBnw!rlqmCd_O{WAK-xn4cTZ&_z-x(4p%-A*!NaK`>cvf7(VHe{=}l
zc{$CW3@~+ikyv)R?^yi@r$ImS8_vX7dS7FpgD`gCg`qz526DT%DTq038jr=sOj)wy
zogIpA_^-{)!({huXq@Bv?wmffxfT}R=9X$#aeelItsAz}zqYanqh&k)b}1=hPcsJ7
zWrwNnL@(*q`*TFBl&~qComm&lQvrNSXXO_HbREkce06q$yK;)uKbK=z3Sv3DHT#%l
zjApZU?4fO1MK2RnYjn2}=F*JDtqD$s-k7tNcRxq!PnWsi2}0VM*MR{qEWLaA;4E?F
z7}&WM<`)CwVwp`_(Fd_WRUf_nX~_>VYOH~17sg?;f6Yo{KUV(b$yGYd4fs3HfNkq)
zc;ILi%kJNMvoo^YF^h7FmX@|rD1$hepKYpEG;Ac1--J1}^9{{eX`bdvqQ6dy-9A5(
z04=X&2$7elRB5Y7Gm%nEZE@sSP6~cttXP4L)4Xhu$_4NiKUTwLEowHt;YLm&u@Ouh
zZV4^m9PAIu-cli5#Y2J~AM1k33QyHzdym}Q+z<B=iH?hRW!uT`tIyzw-Hx&U3fR<U
z+ImfRscWg1P`SKiu%HI^b;@>*ZtYbJ<r++6JXZFA<w=+fY_xp@v6}<qN6}h@K{g@#
zCsq+iJP%^S$1?WtVtlq7IJ|X%va&Ms!JcOySB6!gy$sEU>>*1vv)#cUuvmpTVxP-T
zso($2cmA{yL$#-cK^0?WW3@lgpY08>M}yZ!`&X9g=JZlu;@!q3+CS7#n`lb}Dg1kC
z{&)?;*`Q!lJeD6X0p#B*+7u{@1|66fD7j{9`M*BAZ+62&YQA-)ecJgfHUTu`I=xf&
zF2~(w!VUx1jE9$me{B~bR9E3#i1J|ymONd9$KA+A*+qbZ;8<XG5c8zAMn&Nq6WSe~
zRvyy7mxLP6QF>BEU*<O9CEnwp^*o2|A~nrMTKY?<I_;xXosVTy8}&wb?VaF0JgvI&
zN3CJP*&O5=8r@colxj%mj<4inQ#RTj6lH@}fpv*;5Jh!@l->NZioDn=`E90-z{%sY
z@3+}VN{kfC*n(um%RU}y)<JWsu-Y85QRP7Y-NU`M_8AU%aqZn4f#dDB&;=RUelTI2
zFym(@!*maPuZQPwk_ycz!jbFf<JIHC%Oo9^&2=K~g}aa`;DojegVL#z<2gST(Fl{J
zJaG)Xu9G88ELx)Oob=U3h8!FaQ@D}0{>$TOdA*(t+5n!ZzFh^(Zs+X2A>Y%e)ccr7
z#k7{!veq4=P4c5tM^DCK{cMyz;b9(x2oDNF;A&BP)-pkH^4($)_7+NcsyG43=+EOS
z&8p+ExM#gD+kGJuf3dK5g0>1%*AZ38jJU#>5Fs1vT;=?ZrDmx|A3mn2&B~TZT*jy+
z^(N0h&E_0ty}KY|S6ati?(Hc&TkUA}YfS;Tya|l->o$iB`|z~Lg?zG&!+E$LbfsBD
z7sY?uA9%;yMI1Vpa)UhjGc^1fH;!F7D${7H$*VrMy#|bHt^nh;xn|?0tt!@YW}ml9
z^@AKr?BBX$hhV<~(wSrUTXT!&iPM_X4u{GS%=;h38{H=s2TwnKaUU_9U;A`&<n_E^
zZ~d5)2gQ0XGs4H_gTJSZ3+rVLjpg^7oeQOsxyTFl3Tu`9+Yrd<{_b$+DLz|O<Sxg=
z@zVVH6aUki{&R?%*U%7Nq&AQi@6<IEw^j0$U}VVnl-yyMU{aUlbr_oS!)2z6xaB3r
z34C#KKh>$9K0S?f4k!-POmiKy+Hkz18pOf_+#(xeGNhIBP69qWExgu<)0;o6`>=Tg
z1@CVcyWBqU5m$$%t<P`C>slp6-D7fI^JCp1d1jf)4@zGH77%MG*)O6%al~dxO{*&a
zRZ{u0=NMF>yh5QA$)EQUdzrudqZhyf=AG2%$qZb@{`K3rKS7;!mh)nSwc%#vnlUr%
zXT5fe!EknRnZ+Wq4biBODA`P_w`v!)P|UhpJdAe-kXeYj=BV$5?yUBa<IKx%@3Isu
z+g_#|RoYSQ@}Ek(4Frad!kCuh=(!#b1RmKI!0|m2t2AG@U&97i!RAE5_QS3|4KQDD
zjn|h<gE|yqLC8jHG)>p+rpMM$3K&Pxj}gHrbC_Dj3!nB)^i({Gqeg%-3eFqD9A}n+
zf<olJO^ls=oLc$Y?k)_XF0A{48}mt;j=t~?)?+cby4VcHK~vh+n-gjI3DfB0@W`Sk
z^yN`rhsOYB5rHe-t0iZLGT}Ia9KXguXQP?9aaFe$Diziu;(f;V=mGqB1#_3w^|=4A
zrd-WBU2ETde_?+dY^Gwzq&DtTg4S<nc7X)OXO;UBiM{$c?&$ZEZ-m#Da9)5N+7a~z
z(K%AANPj3{&b_1%KxVRrWK*J5JgI^iEdzxxVDG#I!yE&(GZjlh*pKHSv!UM~9*p^j
zqN&Fm8V|fRMqKQbFn)ccsc@laTqR;}s|jI@npui<5`<D-M5cTB3o=_WMvZNzVSAKo
z1q_ODbkgS1Q>6hY&EPb;8k4$cTCidMr2klHTfLbO4d2?d+OczM`^Q-w_Sho>Y7|Nj
z2$B8h`Q%8B!;6I_{Db!;%ZI!{q%qI@Sy$iBl*Mxem4XDfV^~KF3YQ2GjI#W#EgVNp
z9SdV<?UHae-XV*9tEMD-=##ZQ%Ic&0+LuTo*GM$s1>060+ex9}C`~t8)9P^~NXQ&x
z05cTAm3>#~=B*+*@@I5)V_Xpyt$;S|oGda3otWP2#+u>nU(MqKu=v#eN=kuN{$s&-
zW`fyAHS3xtTC92RjZ1%ObWY{$d+{EYOq->w)0$lb<V@H29K;3(6K+AlgqENRi`2zt
zJf|1m6VH12@wpuzF0f-9PLBw&air*KX^DH(`~RHeDDiRtu@|uxhe(y`Nykh#uL*{#
z!|KhxI|oNCuqD{hN7xYsLrE59D5IDoiOhEGqb)6B;rac^3XZ2uSdSJ*Kj=+OlntEc
z*3Vyhhcc^B;G={Cko~(zZ0ux`>=OQX?b3+h4BB3boyAK+x?n%F7!#KDC)hIv$AM?3
zedgPSj}6T&F7AiOCarOA>#G0w{^p|-{@MJ3?>8}yw9=+jppSD@bgMt@9N|MJBx&1q
zU}BDi%<_(v>0;l`bV0PMxn{4tR1a!z-+z299J9qrx1R%)v42iizve3RK0N-}`PGg+
zWz5AsENl1Lt}-&e&fxjn2{L#>n^kpDRvb%DJldQ0j{75k;3}c3>ev2dO1%Ry^-Q}`
zdG@o<v@5F_IROGooss<A91I;I^mPaVjr^bOXF=w^_aUGA32BWTWfK^V&fs*RX@3ro
zkGe??tFZ0T3yWjX6A(@Rhkw;k$McO%d*=lfllcpP3}&yyzxag=5?vyLjUV7Rm~aL_
zmjENhc}J9U*(w|m!89kBB>QMYq@nH78Ar6mvb>_}S+nPFIZKtYj#k^=+TdKwjjvQt
z-~-1xh5W3rx&R?de=Ki?s$)G*(9SN8EOvNXsEGLV5E0q>XE6u{%X`L&&dZN`)zmqF
zcxa(G{9>KRi4S{)69>A=n<j-y*O84St>~5Q{&o-${5g{&p;IKx=JRFO!p(FK;NrXE
zOZn~DaemRv$5{ohM(jTRZ~}=pDvx44V1rtKk@p6xkJTveIkA+63ApV}C!Iw;Fr+iE
zz5$SFMQ^#|<S{bJ8XgXBjDnM-d;WHlFjXjU>tlKuPCF}}j8GZX5beuaY2MtbI<yS5
zVmjNSU0yXPKe0Pv=7n#_uG+LOV;k64#eZ>OGf2An+--pTi=U-8KL{ch^Gu2<LkaS7
zQd2$g9OJk=<F;}f9t;j=9BVui)Dlw}qKc}VEObQQn0D%}YFN_9)ob)d)5txP*O<|G
zO%!-iz*a6Rz;b$&3`-3#>A4I~l#ITQ#sKl_4Vx2<2E<b|&i*x|n)!`^6`bJc#|o?i
z6|$VRg42&sI#NR)TE|B*m4#lW{;tdTu_YH8E6<>HW(#U-YtNFcNZg!i$~ukM0V7p>
zR$z#)ermTbiBQfsxpMS*YSB<|;H^YYT!0cvMSH8G_JBCkB7ZL`YH63+x(SO2)9zFI
zYM8{}_nTs?8E-N8j*WWIk485ESh=!M(yV825&6*OZ0_J<%u^PG(xck5N+w0g#UIdb
z!#SJO(22q`oFzWFGtTj@j^~vs+wIlj+$!?IdA<0fmH_Uy?Z@dCwa;{q2_4SXPiQDq
zw~n6IUMBsa$*R2U2k@mGx6H~VXQwR@Q?eV<{zCa-5*@Feb$}XnKh~ik4(qA6S*N9C
zQ2AZcavZ-4?NFaQ7e6%3+wG0~zT~3CqC^{^TQ&C54-BTrEyeNS?qXliu5eh`5gmYV
zSn}%nx3jcD6<AZ^1zz@<JLDasowFL>&^F~I6LXAf^_^E@f&^b%@BMxLNe7W;RpBF<
zfy&t&VCG!aB5W;e56kl~<7b}-%xj*&(n4nnFS1gsSWL_>s6mxM0RyPm!rJ1nKd>Je
zhT?6nnhwvg4uN?w%LA8QT}^dMcDi{q#vCz-Syo?AGhM=!Gn=u@BeoM4GRFazPLFhh
z#%YG-%~n!jX?zlNZ%?yhJ3Hjx5q<fKdk+u3)*&5G1&~(1UeW{UA9cHRjw@9^%GXT3
ztZ}*5&E&8#y})$v?n!}ODD&c1UQ{1_otz5%ih+w=#agm!ydk>)s<Gs4!&rr!C$m-3
zO`HALc>JJSlX1_!)LR*j7<6ouOh5CnyEuFK8Z@1kN!ltYvNfxZ8D_i_w}YHOpZ^dC
zuOK(>>34_tF%M|j$0><{c+u#w>OmNnFB@;wbCpziHsurR{EnZThwd24Jp6bsRZs`J
zQDRv7&JMz;o$PxsES*`Hl>ma0&X{sgv$vBWoycbu%(`xp`}4z+s_8Ras{x6={#54&
zvIs6{4g&B8lD$3$iP%oxZ^C(+PJ~JX5}m@qKmJ(6!Bz!E{V-ij7GKbIG5TbepXkdQ
zrNnbew;+nbf`9I9mm^au5?9k7+U=Q5=fR_ON#c*d6aMILzv6u)I;yUCtF4L>u1w4{
zs%;R?PLoKykHia59xi*NzBQ~?$INl)3wpvG_SF-Jmv60`mt&{)o1V0km{+X(Lwnkd
zt~>{&?JDT<K?V$V66_9eoAw*~0||DBZC$MgXa&w^_Y}(aD6s-Lm^IA4Qs#Yp5_poK
z!T5p<k?~+uS2Y$+_26qGo+~>fCN(q0L58_sH79#oWfYot)H3VFhA+S8G;3xD;~MNG
zJ1u)~DG<WudaQBKqZ^rEnN+agP_A%%YehzN0^J`nr#1#0q0p&gj2?vMSd#km3_<GK
z#x)aLM+>2`gR5~h-(Up=7R%3SV{>l8*4yK|ryb{t;uho?!b0%<_e3`@dLP~03Z@F+
z-~-d<e1B%vxPn&iO}d>YE%vF7?K3JbPOKl(;>>=o3Rw$8<y%>^jR7?(>VbQvY))g+
ziV{^ZpLn&`nRqU~e;((UzBnqQQ99kS6xG$(A}pu!>CaKv_h*GJc10&*V3@Oq)HRG1
zt@ZF?s1mSQXzS=4t<U-&k1URYN~KH0G21`sLZZZ2+3cbn8Rh;^>ucTU$$;!qf<meQ
zo6P%Xlnld^`>@BtVVJE)AMaEx`LFC2^zW_0=5%on;5(i2oDPlFX}#FYx}vC~i9{dZ
zFl=uW>NahhwMX~|E||hVm9v-_JKbC7%BExX3z)_0?nNc*ac8FPsHl4lnvSrW`B)XR
zr})qtm7KP!RR?2hwhZ@)gy)UGjL)bLV#sL~=0$q0E00^)h#xf7{FniNET$Wj6USTg
z$1ZE{8P2uM0m7miX-lIARrwrS@bJ=KVmjBT^Iyv*N?D4PZJypZVjJHW+?IV11^bi%
zO|lDTho+lH9n@SNf5{;}2pqCRMptv>w%4~Z<895bv)9o6*iMJrtQi(CuW`a=m=beN
zikrH*!~aGM3F}9Rzg4XztbyzllqZ$4{X?j91EI3NW5=#^nMy;JH$qOP%$a{5B15uN
zCjdciW1<&%l>Cp<B>3s4mHdqcvmSl78`_U?$4mI<al5-jA32rAF8}yhXt^Rejd-iV
z31SwVcDC-KqbhNsOh`zOw1dizS0QXCo$*c?zAXa&jhfRKg^FMnBwqb^AqtYC&YC)1
zYNm<8Zc2Psb|j`MCoeUw5j?eb)Y#Ugw(wKv1h_2ion#mCPb8L$)a=x&EN%r?ow4Ll
zOMc*-MgFmC0uVG%7+m7{<p5FB7}H})OXA@EO!OyS+`Jg!wO9}vtArX(tKeWbf2$;|
zIQzE0w1+cm2`0%ss~5GG@KeT90fX2Mc7>ur<d8tMXLBTvo0WqSJ;tJBEd0r!6&${!
zr)_Hi`@9FM1l>~sTG=|DM?RT8CPzw`9Osisadnh%$LF&7DHo;MJ_Xx11~1grdsU$n
zUT?*x%dHHUSCXV09gpYgiZ{ku7cMglShgw`#?iB$Y*x@43`y@P7o?SzhMk`~$nz9?
z6!0H1Vzhd21MfXpc$kt<c-~)bvwW9+6lVkxI~H!u-D8vE{HVV72u}CM!8uwsMUzH_
z!0EzvO$c0Zg7i$5<!HWkpVY2iO7xpy%MDTyBtl_nE7}c?NC3PZg{H$fYl=NZ@rxBW
zo!f1;ghizhuk8~bP`t|J3EXzb@q@<6<S7Du^@K%eLx`s8Vq__z)Bt4K3o=(|^6UKo
z6+RNxN1nwrA}ZrKCmbE$J5TuocWY?OK&G6*h2G58xkP_4hDo42E=dfw$TzT1Wulyb
z{b`RCpc)&6=1;WH=3Co*H~^fVi8G?9;e8}4N9Drji*?uED_#8u#;+{!1Obq!#Z&NL
z{^3>O$yM^!uhfnkx3*uzxp}?A9&xw;;jz5zrhNW8z#n~4KGPIwXyFq~)mv;@A55OV
zIkbT{!&_SCb70Z^C^6PKLN|=;D>3R#;1m#y%8nYDkqT$7@4KJ<y07>X_y?Frg`W9^
zC7*M9a<(8`pATiVsm66RwM(XD14tP)hoNJYgBRRP@DNRlAJ^HZZJM)MC~bD2v;-*L
zZ=>;#e;Lfgz+nCweR~z@x8;jlA+Yu>Nj!NspinP@&CoaJ&!MmEtL+bu114qEk&P7<
zmpQ$*AaeRy`*_^Qt1!O=zE&lX?_sRK3PGVV_jcVo_he18HSQ`0@3%Kt98cB0?La<I
zQI|I(*EKBf@NWM4GCzX8pPw=$pO#Nk24+1D$h(K+Jf??kHd&KDjxTGAhk>Vep*MYY
zuut}+j)wzBLQ%Z@gBBVQsXu7T?VD2Bdznq6AjIAD>uzx<;z&=&NIP7ws}p~Fg};?k
zb$-u`#I{0jyjTN^ZB^t11SmG>HI)g8Zm4TmBH_7t^)C2Kyt&HozXVvGs@x&i;K1!k
zD2w$%COVn%9CHQH*9xk<5AI%<Mhst8@-xk=y}XIs0}m<!jL>xc_33}!=IWO_E_iGX
zi0T><_&&h!>x&r7xCCz{C3=}_jO0?W?ig2Y>x@-MJRd95gnNj~T&gck>Y{Jf67L}i
z;8p=2_V9gbr`^tB1T9?Q>&)THY>1o4rb18qF0mqGgvey6@*D7wW(VxHvNLtuRH<ga
zfl50>JGT&Wd0{C4?%P=`h2c{BOA$NV{)tJPfBWk5o?kwcU+|Q&SYQ8nebfK;DtqUt
zu%&w^W59JR`WZU9@Z(-2KD#;U?Y>u`y~h|z?;T8uFwlD(=BA4#(fxy4r*6#F;%Hx=
z4075jlH4yj{o5h^;X3DQ1kNx_k@DKzcUR|M+}W9IzHO3^Ok|JR7S2Wp$~|t9Qcxs&
zL7MxQR2_*{Vl8J|Ew>w$N!Zw;Kfz<byk?oGN3l77O5IkxhRp!qPC^sp@9o^X+Jpc0
zb+1nt9x~T|4-|xeZ0@o$qZdc5cLU!Kqy{YFfy^LhPjid$OK~Z(Rl_m5l^Wx)d2D&S
zAlu`5x2EsIO|fGmpJA?ih7Y!8{AHKa`epsjz!~u<Q{4G4+WmLY@yCn3gvcbq<mh)p
zq;}CMNGRw!WoEQ1+TXX%HWC=!A8cvcX`j0kUFP}scOE~uL=7JahB5N;$l)>Vh*+r4
zdZOe=`C`dmCUfZ3H$C(&fMu!Xu(Ms%2^BgyP*0k-cRG)c^lPN};ilQ`qMM(6CG^o-
zE!2}Z%nVz9_<ifC+RZDW_f+R{<vMp0p8lfy|Gs%HNiWpUKu^T#=(ctnslc<tl-0rX
z3XOctrAG?qhtok{zX}c-4E$`rUDt3Q=PH2Oz=hJr#6d~PUe_R0p~MGF=XllIGKhih
z8aq|nTj{*r(7>vjwvQe^xh5zc9&nrlV^3JF!>xZHq2I~ugU~Gis|vJ=l9Ev*N3G)k
z)7C6_?IeMKR6&(TZ)GJYT)vYM2_8abN}|k3g9wpw<L`78nA6)^?p>_oNr{gdm6|=9
z#E+Bg9U&IQ5sQUxhqKZUN88dUJDOn#V))v$^wdi1MqTY)`iHw$o8=OQB7PVfhUV#d
zO@{x=>({RzWWwa$y%Qv4v61BCBcd}J5`NnpC9<G#s4W!Qm#s_~B%g(qoSb~B4P@Be
zN6CmEsLWUwmX;zBA<_3AM&EyOrjQ4R2pEu+)06!AiAu=ghxix*0e60>vHxWq1VrEr
z&AHIJn21wuYU}FqM`3J%=_mH2qzby&P2nZnVJ(k60e6hLdj+~RH<)QQM<7C;qzCqN
zJm;$vrPJ5yot)fEdWg+nYCbJpqvB+L?jHL7^gyG0Atcgittv_Yv_~ftn!kIciIACY
zT3vXt-aWYUf8fuhJL_&<04=C9n0@r@m2f=Y={h$+Oub3wvc`-1YBJtQ*x8l+43Sf|
z6%s~#3kNm}^}4n_kOWyGh;2J8RRPOEbbTQ2c@aB_Y_>w7=}nPndWxqnXx+TLF`cjF
z`d6<H_BRB+F(+pKkw^b{F^^b{SXhgU@v+59wlY`L+aL;7;-Q>a+}D}39ws1Vmn{n;
z2GyM?ppTYDi{yR97-yK=8{U;$U**HX2o$8%YwuvOf%fTmko|k1u^ghWtT*g~tH&7p
z#k<%ahy5xdA-F6e@k;-k{-1Q;?>y1q!bzo05D9u}v&IGl2w3S4f6G*$b4uWzQmM4U
zHk!)k-E2Q~M<v{`27Lf-aWO3|76;%EVTdO5Ch|3^gtf$=ZEc<32o4G9<C!Vm-lb#@
zychjfx%&VY=ZBue=6o$a;RAtp+Uaoc0e7#v1|Z&AJ)a|Z`StfT{l_bu4R^Q@AWV=)
zYn2&EJhogDxHR2CLDFq49fc34Gl|`(@?1XwU6k=E%gC5FX#p_mOG--0gE}7e2cgzw
zpSx;)a8)^-ED~R<q<snpwm=}%3}RZ4u7w&6SQ2D(Y6S8Bz!4KD@WjH>Wg)@Af&sIe
z`IB5pEwzyXZg!&a1BKEr`GkdpWGg<w+^O<z`Cl%LDu9j1oMcIWT=+9TiSD4_sKuqM
zeaTP~tyH8|oAcUgtT5G1P<nyL;kG!=PsD3JP`q5%xTFNuuK@9X+@OC7IL>?&PwB8_
zGz=iR-jZI4u5g~2B(I=Yd}4nu`^2tpd}53W>ncH2+@fPGlN%DZeLi24HWw-oPG4Bm
zpa0L#x&e=g`hlt!Ij(&kh;4w&9)!usQ3U`q`AMvJ*Xqb%j%;iUbcV1DUOgefRrOj1
zroRO?vvgy5yyzd9<&PJ=xNp=o9N{4T;#V<vf3Kw&2X<xWW3&eKD7Xi<q(l@1K*I|^
zO+>za%8kp7%e_hVzlgS9@A=Ms3s@BJ{cqk~TK#nm#bssEug*o#@gTc9vya=#jH}8m
z`@D$z8!>F+_x3EYXe_BZBUzej)h%lb@)>R%&VNC@qMq+=z@iG9M-dp4<51(%fE@hQ
zT>JmmmY%pSRtCe3*;Eo=?eSwWU0Lt4j55tH7NfXCNu|cA-CFR)!>tnUx^G)L-RgdK
zZ|caVeq(X;032hC3lHD**7?Dwp86;9yt4j8)qD5#i~sfEE~GqHdn|luIk*rZLhK?W
z8NK+Lg~CcTo2?b{wWu$Jp-v2{jD^s_y*S2SKG4(ROLJf>nJWy_sICS7e`O!k$Qy26
z+f3~LAR9)#S%=r4v-Pr_@cP((`Vr0yRWe`%_>XXr*Tk7{sp1oYswfrVAx<Pzw|{e3
z{(}J}AaM1qtbb8XtkM;E-c{Eq)sa(C5q)vK%W>X#=jv`>ZrqWS(~RY6sF{Uohk>|i
zp^>ljmFfjbrLe-Vq_k@L?BQYQdwlHqzd20E6t~cv>H*se3JF0j`V(c4ckcdCbGZn<
zxmphqSdX>3#sD{ythK)vc^?Vo^h0V5$1bU$`<H78fP9&47;wWNNr(H=Lbhn!ZCb~J
z{(O`4Wm;)-8QHD0zf<+oc!Z>+BuPG<Z;xLR6~<FN`tvy?Tplrr%frB|D=!8JBtJYh
zEIi1@7$PESyA7g5LRepaf0|Bbg!FSVADRY7ef@N0)XZOw0*cGz>`7%tVNfv!Mn7l{
zo+{n38$^)Z4cmDsK@9TSj81`ww%H(!?^CWwLU{5dTsp<ts4ZP4(3bt-Vaa=ZtlxHx
z@Rs(3*yFS4*{t#RyCD?jF+PIbEnm)}Nzi-@|LjIRRljrvV!0Eq@MOctNU}s!3}GB3
z^#o;zbOO(#hYA2<JDxV?__gS_4{m{CK7#Y^7-NWhR4N{4f(S(zm4p{6(~gz3=<Re>
zj>wPdnz#OTRxYHxaY_R^^`G`ZDP8n3F;|pa@}pOze<V6&>YMP8=X?t*e%G{okNKaW
zsnsl@PbO2!MD;H8?|VMvyM^)yU$dx}Se%@#m{N(KDsvtqHN~@f<_x$m@B1&qR7Z<n
zqgh^r{=;@De)2m{%?hf4wpe>x=`#7TVe(nbb<EBC@8eAWWRAPYU3%R^4P<RnSDw=%
z(BV(-^O7vVDp|MOy_`;1NfDQab4(olOv5C(={`(y1+~OV4rj<B#h})kHt1a5^X=<f
z>vW)Q!k6Hi#r@>_W*P}1K(rcF0Aq`#*aV}bWHRVEE1?ds2*>aI{e*AaLU^NgcCs)1
zf|d9iAkcj*I@CHM%$tAa-n^&4f+Z(`3yHsu7Q{y(5{r0>k}Pq~dleDM-4>rh?FZxu
z*5al8I`dkvd3t^ajY8833tvC0B1%6M<3Xby0g(oBGBUI&)PESv4`w1Cju5>3cfH2B
zK=55XI+Q|Lu);c6T&GCC&OpO{A^k??pE>tt=%vq#&_xyg4`u$%6Y72!0$f0eDF@-#
ztn3nEc$qhYwx%em1O`EsoW1bp@@FL17{GUnTkF&TY{dBtpMwUZyLTB{#V4V{JDxAH
zfNd|CAK2z5M@!7&k#Av6(0c3i?@FFC_*rgss;Bo5hD5{>CKGLeLU0-e>8(F+Vmv%x
z5O2}F;+I$0XmE2wD?!jM=-mBGSXxBH-ORYKn_ZfMRw}EB@@hXg2?=sR7pimRBGPB|
zOqX;xR|p_g%q61JEwRB28Gq~T-$@YF`@3H>%lqSL=<_HGE?hLsKeL7rP^f&7xlZR-
z3YBMp+N>{WJ1903PCY@NsDd|DDCWSR&#e!&qdg=arRJJ9;t_%nwo1rCC_`D2iR3(A
z0l`v!Z&5L;u3@9Gk)YpPe=5Pfv?e(m;{(p$rC=N?3dy)KpAb4FI(mw@Z)T>T7L)LQ
zIL*V$)9mhgk$fcyFY%n?V`QTAraS5h1TI&WN@^u|%L`Ykyq#iIxkvxL*+19-(^u(w
z<NQ%dp~hY*H$G&dVw7086l6pQN}IgFNBD)z+VA9-n=UPR3w{BIL>P3f5gZFsr~h}t
z{6KsMxos5kx#f@US=?6?z|!n+59%7|Q61H5dD^fqMYs$tImQe}JMgbTm+mx`Dtmpp
zUmgo7ii<A*@V<#ek`NLGOG-*X+RQJdbz&wSL`cwDQeN-ng4U9_wWw&J5C3m)#24{9
zLl|fhy(a{MLSiW$9r_5`*q{GwQ@FgpT$zFv_tIsw538-r$QX3qfCjo#p~OcO6-%nT
z%3XhzXi5Ec6d>qEh`)d`QbZRpu1Ycuc_umO8-kgJAXj)65Yt9Mzj?ikB2Cwd`Y)=!
z^-Y|Tw8dy&a-o4Ng7&)%K0UpaRtd9#YfJ3k0XWX5D_6>cDDFzUbaZC@3}Y-)L-oaD
zyAPZzozyy}f@YqBC{Khd?FmAHYGPjN)Dk49FJ<5%5F<&Xr@h7Pq{8z%(u_+Wt`Za-
zjcWw?!tw8?cLV;#9hd#JVJQIYt;p2a`(h!eLq7l6>~oPr20Mlxbi4f$*u)?beMufC
zk;umtmdb##Ko?MDNO!3>^7HpP!{Dw|)LZdejg5_k#*@smYqkXTLRyBv?Hhv!nYX|E
z-WA^bUiMS*tcaonqkB8oANtp`T}n|$%8kg*D)fWbiFMv(ys9K5nu0SlyX#i>M?y}2
z4aj`X!WMwYz^!)&awH7q2oK5X%&l}RfnTXq^kx__AYcV8D%GD{?is4j4F|#b3$%m=
z=@o?MdE}Y7d;lIFr)N<o2yKmT7qr<xb@a@4UurnnFF+Y$8iTui{PCZT%hfLpQ8)hO
z5;v9@1jPir0hR=H$?dy;_G~#>FV7VJ<VyKAJdWof340y0v$OM5xX|E}U{uTaKMWdf
zTd@x0-L$kcYk}Nr^XMtx9c#qxqwGG(u~(HZjK_<81shq#Ue2CGef?TG{Qi<hgh6Oj
zDI1k|hqWdwL#l#adocawQokuwlRWHi!iV&k3(Y36w||~@iE(15VsVRI_B|f2;Gb%B
zT7Oc^H^qRMUPj<+4ku9t!eUPE3Yx!X@P;O{;Aad8N7kca$k6rPG{k-|z1ia0@Ywop
z*!MvD8(zg;@nBW-9#&H_k_5&kvv?lY1p60iPk(xI^SO?e4uPWu8f$SX>fcH9Qp0d+
z0r~d%bKtPUrKUiH5F_||fznohi<I7Ly2Xo5yu;!7xW2c}`f~lAC^ylcn?KcfDJX3C
zCV?OUk8{Ah(77G~B2%WVoh+GDdSxD)<<g$}|F#&?=Qq#QDBLCcC6h6!DJZIF-rb`A
z+p+)Bcpr4ZlJ*`XCw{)}yYnDZ4OE^p>obmAkr&u<;Y*M`kd;6HJB^C^Yh^CdpT60@
zlhm(!b1pmw)`g?rrTPZdxY5F(xHhh`lGRrDvluN;+O_g&<-3gMR7_o}Evnzx=WkZx
zKmT-TxC|dS`dzyD;MT2TucCNBH3CS~jMed!yymR0z5qA!vaSLV3wrh6&7|wc|NiPF
za^)`IUpi&#8sig62-RwRwr$<r9zX|lA}3!n#S84q`jQQM@WlT|Ck(i|6BG0VUo7s6
zpw=}|lM7GO=<V(t;oQIWM}A+}f4?F=ih$#2$|CO$Y6AO#{qYopvEUvb{Q2bncw~RQ
z2>6^teU_hAS6pRkc^+{AN9>3M`_Ep^-#GL4Khv>pK3eFIno06P!-I_DP2j~xWsFJi
zIsN|5|LF>lBV&t;l4VB>WoiVzPo8rzfpd7iLvru`b$L&39suO;9PP1i9QCDD@~&3%
zGwJ^U+WxnF>wr%c?~=MtEWz&PMLp;De?Xr9?aRjrqKe}|h(#RzLDoE+zn9DoNuuO`
zCxXAI>VLf%`S~pnkeqk*3JL|LpvLFYM9e?R$p3yZ_3ND=ssL^#|0lHf>KaJxf+Sx4
z_YeI`AO4eruLK;Su$DiF@-@LTd;i_QagjrLoAvIa^>FH(tdih1Iw|GL14WN(Q2#GC
z`Qx2`dUFE4CB?Y7Pvqx8)k~Jz0{3^qm=%a)Ws4?Bc{!+`OF5XT9J@-dKdamIZIJB!
z>EeE2)_b(z97VyG$;r;+d4Jr|-!2l}kqc|-2Yq%(C@GQRqeRpQDE=-f8zMO6<(~x0
z=I~b7JeJ}kl@P4gkp?|e^&J+qr4vQZzAPF}R|YJ0J9-r7VBBh?6H3!!kWkpi3M#k2
zPX6}IUD(I>Uq|}e0{-<c<j)`OFDQ|4F@Y*(^tuMMxLmxye}B|~?_GV9md>##(&Vg9
zyJ8q4uy8Fgix>|K`M;eX?^~YO^s+LiwfhDI$oqa{wIUvDd8~p#{XcQU2gF;XLAzSd
zggY)}X763@-vBX}Qj`(p;>gvaP0pf&saR_XX57hb4d!aQM}zHcaW&q>y$n#JxSbty
zj#EiV$>ovTt5O9~5ry%#7*1uSp4GARE`5@o#hFLZ#jt%^R-zM>`dfeB>R&48FMQb$
z%4u)U9Bn<OXStq7+~a&o7t#bK*L|%%KM{(cGe8Hhdebnc(8@YBH7_hu3E-!9AEE<I
zl6mJ~JO^Q8qAU>fJ<yzV(*_DK2M!q^>pTHBx_U|Kc!!=Mf4b3CL-nCyQCWK-XfS~-
z8frkfYPaYT6nw0Txp<sW+#?iAi9Xxl?dV1nP#!(uI`%q!quo|f;K{?NZI&ty4P+x#
zn$SKeUg7t`Prt<7F%@~+bNhC|zlnpt*c#W@6Zqns&kV~i&f(JZ`o9%xgF#}SKRvMf
zL~kf(Qo)8t2K>;M?t#l$B~z}=4YoLL??Xo`?Sz<5!Zh{3U>Q)$sL4jT`6<#k9)t!Z
zrj`Q=jmF<~@A7{-zcbr-dNe2Yb;Gl2qjG-;^TcM5<NT9)t0$+-0(Q=Uz9m(<+U)yj
zxb&y_A4p{eEkGgt*!`#)tk0MoO+E}znZboVGS8|dr{jgCLfDozb!t`t0qQZ#XV|QO
zuvC^--|0kqU}?-^c`_8P7c{{UyAAg!$)byifAf57J^8inF&`6@r~kyVKMyT>2#NjZ
zgZ<&A$WpWop0c?jl0D6qlfqG}t)P6tKrv?K9T!{3+j#@7%F#H-KZ~JM@;ebF$XK5e
z{eu_LvlRJhb%Y=4+t+_`=nvq><$j3uI*!?D^{t6oB)xHxJ0di(%mVtr6CLvUdHW|o
z6}<w)v0VGBgQ1Eek;4FhBX?*tk-)Es-JL@!eBWz=@+2_@F;s1T6{<JXOk2N!9=K6H
z888r9)kw$k<HlINHewY=@^{_2g-})AG`$O_(yei1jYW`Mu2<`-Dp2yQVbeSiV_l($
z-SZLCk$Adn4LfiuB+SgHvy=<?3fGwS4yT3c!;wQbh#V)eGVw!soI)3hjYa#YJ(}^i
zh<Ux%e1>|*K?EFBDo_@*81;u_m%{G1b?I@Ei#o!#*%9WLB<zIA!(O{I`QhGHPYC>|
zB7a~szKP6yx-Po&iPdnqKPJ-Y6nAp|E_A;pV|j2Ur$IUj41v2jkf1FDvLc8(W6sK!
ztSr8&XBv88Y*}<yd;z^4C;}X5)}9}KS#tBAtj^QWk+o(Wa!)sTebkibH$*cxsFG#<
z;?%rw>$X=D!$8^M&``R)-=|p=fWcrjQ%Ngx8~FrNY|loAhYQ$PRfrKB{WxnyK{9mH
zSlln>VZWHQnpnq7q1O{?wsHEfxhn24R%HClW~C?o_Sw;#zq#{b9o=g)l|~Oj<wpj>
zDJ4_wCEXKc77MU$pOBt*3;JH!<8JZMoxA3^=MAx(nc3XiIeJ>?FLvl^v+sFX!%#c%
zSajsz{vBJm7Nz1v2wI@jVA#OqvFmsH`~=Vg`Wy9eq9K`6M_zM3bu$is+8csOSg{(r
zNc2gy(U>^dI6O*sD{-u#Je|RbwZojRtQW{tqFI?cjCEob`n>OqAE0MnZi?_OTL}ei
z>D^3Q(RlVau7DFuw8g7!vx!pm+f~Pl@Twt)Q-^9j2ead?G`o!$vAu`WPTb`WLzHi!
zi;P;aAKucZaPzX3vO6}8V6wP(cG50p9XVIt<(8vZzd!dibt`{js8gVvwwpCFyXt@$
zqz8NAIhQgRO|EV+W`oqYz4^e~BrGf*J3D+n^sgrc4kX595g>?&a$$`0^mPrNGpka2
zQA#8_tB?}+GS|NZlToOM0XdKig<^_Ucn^P?z`))>;8FZir;0jZKfY0DljuY;G|S_R
z%(PhwNy6L#{fS3!d-jgWjiORcfo{=X{Ma^a$5bk#*-zIYq%TMHgz4XPe15o3@=<)>
z_nxYM2Ynln%En;JGHDp&*r5v#H~OlQg@J(#8$b89=h88@uO?=Cc6@PTTZrv;_JioM
zUlcKBxbac!+rg5u*rb>q-%_l7=8=N!GpnsB<<fP00vo7Jm*C0#q4)W~6F9mgp|LHp
z;azr+!w0#|X!O3XxnO0qJEV7_^|{_!&i2`IbGBb=`Kx!s@ojYs0XYcP4<H*ygb{4k
z9lzYvzlqv7eF)=1P=9Lu4F3t~6X7u1FUZlCS<iehb+J$FA?H^`S+Ac-8ruAPHc-0l
zOyh4-bM{FGdK^w!BTh>`!L(mUyZrq&8P3k~={sKa+1W;DPsE_Xp8iRv$!LDK^Vz;`
zjn%e7&$Mh9Jj9=QRZg(LR+u%;&O-mi9(jfJMgo5I#j7~)b~l?ksM}kql4lX?BTW!d
zR)MiRKHDtNZ7()ysrjD62CoP1kc<9cI>qw@(Wsv)b#|h!XRvRu*P)%53FxTL&iNlE
zqt}hEw^P=<RfV1fQ&egCv-yE;Wv>(}kHlu^wk5`$G^!*qh?-sm(fXh&#$4P>mdTh)
z&DLgN=#LFFab@g9De{iieD>CBSZI{TJ`Gh!akg=scNa1IMMwu17HXnz>pNBVqVz&p
znb@`?Y@bt30yBXj3ks~}rz%S(1i1BbW2i_|%N^mdOxujc*6)TnV21iO2Oyppk)uET
z<@{ugvaPc-xWaf+UeF&}`sF<A5I5^+!GJkyZF0|cNhv*C9;Hj8*7dIC2Y5Sboi6<+
zo5!ImCjCwLkU1gdigKdyayb=`uf9g)tC8=UDSOww8mT#-{L3u*i^b%{9S1-gR1a6}
z8BCvs5eE$_&{io_SwJLWT?|Ao5^ScP2r2Tms5q6wyfcy+%_hr>f*4LjoTPe=eO_%6
zG;xs;bdf6_U{I)5M~O1Vb3J_r8lwcj!(8jUx9^=f@xHKz+YNiKd+;(PMiiGB=goKt
zMn5PZQ7iFLS{nEi_r!hFbi<0lyJy~^cdW?Z{lo|>DH+*raw-UpWS5td$z;5Xc8*~1
zU>E%&KF)sINQYp-An<j9%=JP3Ev=|{ebuLDue;{wSHrcE3G;#t_B@r=I-VFJ3}J5(
zk|iSI{rGaYDACA^aDFKC;&SjUyH+%<zE1x+{}hkafst6``AJv^bc%BRe8?A6)}}O_
z(gm#QR;OhtSG*&QW-x?TG4{oxYj~K6uu*06JYA&<%LrwY5`zLJGVybL@?i1xd(O@X
zx=;)sI}2zKhUd4=h~DZ``jDBx3;8n1RM6YVTPMRwzih!JYu-I2#1u`5oVD+atd4+E
zekWy&94f;^Af?Dqg(C**Il!H-M&!jYJJ<h^B8MQUaV!}!xbCQQIBvob56>>nUg)?#
z7@A+bo*rtaNL)p6HMPPA4ud^AlEEZ@bF~C#bEGt{G3Q1oV%~fw(LDpGKHD_;bE6B<
z@G>@QP$L2{N<!Ee%zYLd9MbAB#_Qv}JE*<nhwH5RL2j*%;S8Mu>G6`z?QO!kY0x)-
z(wX0<+w75hNU+RD>);SUhF+n@Q05_eGyx}>(b_JPS0k-O0t-v?rAIPdbMA5_vXhQg
zXFu4*Me9GYXU&<>#ij~BXBytS&u{<80?SHNzFVSbYF??|?o$Pad^@5|bl=*VH7LQ(
z>DO$rGOrWU{c!4V_o0FArauRI?;E%URA_MXa0gg4iboy%(#z4-<0L=sQq8ynsf{W7
z^Rx|EM#;ywIs2ETWO6aYwT4+x9%6l)A#L+rYB;U_(XxjxS;zuIGReN#EM~@K?n5PN
zzu@idS03-x#hn+XO}bmQ&YVi^Mny;$8WD>q=0;R2EA$4OSv6G@&UmENdYczcb>^Av
zbksMc($DTGtkXw7;>=MkHL%UKtR2gYG)Pe4D?NVO{U+Eyuv}qOVM`W<X4<a<*OGa0
z<RtNZw}5o_$48`O;a(d>Rp}QE#XbxA!8W-DuEx4l#iY<PS+S*gxmCO6U1PskMQj45
z5aadUwZv|g4c!&J=$L7Hg^oXh7ShhQWR;z=28>NfB!?t&m+IB(8X_-jDt@YkzOh*9
zK$)r~Exf_(a^Qh0nu4(9vB1Sa4GYFdM&_S3W`GKWwkJQ*I#{PnTJ~v<?PASHoItDN
zVbRD_OsUC9Z3B7RLe7V5lf0!XuTS(3Liaiu3T{7*h1T*8<ZEZdE%9->GUk{*7q;9{
z5ir3f7q&coMb;Je*{2(1ckF`3E$LtEc*|8=gjpv>-ZA!)U|f8AESdlUXS^Ii7HjQ9
z;(We15vsNf!G>hssifg_7O5L|yZf^@cng;&g$M-eSwLT8<Y?!na7pTP;;||R2B*`F
z;k|vlXOY!eR%`T@V=KCMl4e4c$lpgWX-32<g!hxqOm{`Ic!|00QkH({>!;l_)Ei8P
z&KKXP{dz?3gWN1pldjNeHf#^{RN+qM`q>aj>S2;;UH3IJle~Q6z}S4cHITSB77D|Y
zU@i;fhidFg9<(I-#Y4ncM~7Cm>zrsU`crNz7JUQdFl0YU%@vQ1m+W4*^J#af8t|AK
zMvWzmYcu1MO&RLu9;6Jh=v|10l`&ZxZlUnwQPevYsL95H4)yNHm|ZEfU96EKi=irx
zLnZP#?Vyzimu`&wHgX$_Da-MD9rvZUll`@RdEMAK3#83<&W@kQZAkfGj8iP)^4ryn
zwnx^^ELHSruqYgiD!kq>e{BbugE{seXHHK8!uiaz&Bjgt!e1L@i+flpp%|;ojr0yo
zjjJ%<J<RlSriJDeQ>g47sq=o<L`QgkYSmGTdwtTXlz@O2{KsvkPBi=<a>NWvQc2C6
z!O3G)`!K2TNu^L}1xl!<Rm`0Nc?_bljsAQ?LR{H%;^dIf-cN<hdvEj|NC_{NUIcfM
zsV78g&h3SJ7`-!USScDYVs32hr1R|OYinGglNd$Y9A05+IcCbr=o;E|ZX6B--Tfp!
z&CFCYscL3IR8_NUW}xP=_zea7pgNeqM#64f8A70KK+&#umbtPK5{<{fK+nh&BD#^6
z0m-rG@0PSHW2%u+fc+7j2OPqhZQ3W0^7h$GgV&aqX<OFv7w)kNbk#JNTzl=7V{o>s
zz&6V)Fy%jh&J#S-U|ObK-7b!p2abK%1B9$7$v0snc`q99ffAEJC!$#&H?9$4<Vb(X
z<E4sVHj8l+Mp>DPNM|y|WxEH9oN_qK`mo_uTnBn>b~+GN8I{_F2EVVI7z<PtaQ6a;
zQ&8P4(At3Gq^`kw*opK>H?B?5^C1sqx_6rwYs*pug3XjNVrZ*JK|znrZjTX~=!}<`
zgswU`>$UWQ!h#p>pGfQL-4bHN!n|K6_Zg8oc<7Con#9H#wSH}smZN$zMJ~g<ui<85
z3&P3pTQuQ&-5g}ey5W4j2gwn2hy-GpW6?BaoP>dPD*gM+>7emhM^5Vd=)F66Hi>)<
zc<{Ef*h#3JY3A!H-+xwnJr&ks(b$#@sd}+kY(&;TI4U{Nx*qJ&N@p<CQ!;xio9KX`
zRaNk(*#gFz!4Qm$jeL^=k1PKGC-S)FoU1<tn);QInO@Xz8|}x8Fu83(S?yS?!dB85
ze_Kaqo~EK0a>8Jun{9B4w`O&OwGVxt=~k6He==6x^LCwdsT5Ihbq!$QzvL7Z5+Y`&
zJRYl!L9V&j#NL(>r33A`_Ny(Vi(aa9b3HQFWvv1obT0jBbM~(%q<+?c{rcHAZcq~n
z@Vt>;Dv2}*Z0l|{3uxjy249~{_V(e;t-GsUU9Z1dbapazYzRb44OvKM*;r(kl{Ka9
za4DyZOuZM*V}w3u`jl>Le3a*~`!=>JY9zsMXNLj3a#W>?w)xqEFp0dM<yATx`gYw0
zB$bbL;TR@Be<aJ0Bbt3URl3P2F;PDk(&ZX!{3A2J$hEI+3|KXJ%*NKmph(?3qC!kh
zG%KH0@276No}Pp|@cAkM#N|H(y_hb@n`ECEDr2HIj<FkgG{_gF;xqYej%HHnBV#n=
zRd4B|GA6jm0hzpqRyE~2>Dh(;N0{VtsnMGLEG~X*2ex)+t&n)zqq3-!i=BfSB1UyG
z+Ogeck+Z$M+Qn#`OSWMP5nV@kM_h77-qpQvjN5^p`S$?b6_%K)bZ2!agI~Eqg|az%
z$%n+MKgEdzx3v_FXy<4zSXP;viRt0{tRA@eCI7wKUn9r;n5|dIhs}~&Wj$)Zpa2Ta
zu++B=7qU=Qi9vTS3>8Z+WW3@eUjm%15o$ZGlH7Wm8;tpD+5{6!{2zNcMh-T<e4q`u
z51Fi#on2ius$Z$dywgA^($>}WjV!y=d#q58d!Oe>n;23OIqiJvJLT+vlckD}Nx>+2
zGck}x<Uppb;m}>>6-SLXJcQ|WkJa!rxw}11es~pT{;6tAX>ERaSbasl+P3d7zvq``
z#RZ{}HIq_-bK{B9fcuEV;sNl=%~A>qSkV?;c6~y3D7%qWAW*afKDsoF=an6l=7{%+
z`)caA3B(NB-7!?SPS+9EU`=cF$t2z-3&m_<%+{<Px@l^CcVct>Lj76Jd6*Z&=6H^l
zXzZTNj_jo4WRSQXF1?g+^D-35RB6L|t|E;~tRlBf?Pzr*q*OTF5TBb}<1)@A@&wOe
z)kEt2NBI2?sUrQsm36=9Bt#`=^(G9*LD48Y>@LbEib}D<Z*o7+p$@vYbY#p9j!PJF
zBX!nvJaqVnK9HOe&7#ivc}qYhI5j>;2-9?T?26#gb~jL}>JUw1LVQutf(bo^lu+nU
z2wk84xaXSbnr|}6+5fud;iS}s{+fc*X^cg8TD4P!$tfjX`Ragmy7T_KXa|$3B?`)8
z+U;dU%wv9M4xMaG52T{p>I8oyDSR$<wt>oRS0?ku;Nj(C|5FEfVIC~@xL5XbR{Q8&
z!RF6qfAD?A%zBJZy!;a@nehSPLqpg4H(pN`o7J7|cE9=No6ck~Pr<g=a%M2uYVu~5
z^XbD+Ot*69G{zKVooVKSyKna9$G&YZORIZqzQ!=Dw3Hhz)oU@(FjuX<7_o+>JKb#%
z&84{7MyPq7u;HxfX({XMSp8AON*5Z=-4?299Ke7<G2nex+ElR7mXY0i|M)21qq}QS
zPB-*;p5`9kX5vz8d$}9?V3E)etJfw!a%01yuC~BCzH%Hk2_jum(!>l;rQvtfz1oIK
z9J_J7e0<1{3eYP;ER;VgmBxu}5An<+tk!kC8Ll2PtcsCcieXS95{*iVJTI{;(5_*g
z8nu>6nR;auZ2ns1MDgc(<=d}m<0=rP(eeYzzOWlEwsT8kpK>+zBCvAUh*S$zBe&#>
z!l!#Te$XL&x$)Z%r#>o`x7^5ZEbXbD(>jf4DPnpUe6%m<1FHXA!f33pcR?Wy!eGiZ
zn*n-EkC#B@A3n&;7m;yj%8kN2JN+6R;O#~4d-8Dn6wOze8s$Xr(sG>Ia{W5GWH8*4
zr`cR6kzLE(<<-E!0#%87-nM2l&x8Ge<#0m1Jj<W$Bv;o$=^$7<oC3S_Q9-CX>|y7d
zm)kZqr&aTd^f@y9f`WdnInXl`x*!M`bihzP1&4QJl(i}*t)3Wm6v5nPS6k3c|H#Kn
zvsvUzz;k|s_WOwFFp-0F-v{Fh8E}KavZ6z6+!;Z4Uz0rX!%iX3^u<YT@3<I`!ippy
zLAqN~S?S0WM=!jX<_nqYXoAlMHH^5&<f~y7uGy1dvNX1pwc<^)4$NdnM*Gk2^zCQ2
z`I8F^2c*-oviG+*#3OastTW}BBTq-LsRC}1ayB+Zczf~HLhircU1WRCAKaI=5f^2<
zX4F66)}5vEhIV}<PIUMoUIknBjF#aCht^mx{_*-2j-69#3)~9Cpuzt5)p)pM6~|Nx
z(sXAn)}|BC&VK-3;p{O4$R`o`8e@tG`Fg9D%cRlF)*--m9e5jQUN0gU*O!;){qWuR
z@&2&s=a}higTOSTLnM}0){$!jQ4j1EES_$AdjU$P0hIn_lg6Vn$~z{J2yg#WxIwl-
zloLmd)%}e$#L&;jKGx0H+?SL-9CZJ*T}f}nEZO!*)<}M=YqZF~rp&nw$!ehQFtlZL
zknDM@`chy!CT5v`4D{8SWYUZk=G#kB=K`d@OrtVfBqMD31beufb@^ieid%hVWA=j5
z@KcOe%TkqeD0Z&pxfVS|IrNG-OK3rZn^9(=#ce0s%^7z&=&|60=A}%^lvQ8ZndCWY
z$Q#gEjT^X<DGr~9Ti@HB^NlsYuJcRQGpIZWbL@3Cs@5IUapo`iIQ)Y1*6%-Q{Bf~;
z4yEh)WR~^Qk|C%y;^>f>IufEf?+Jfr$Bb9H=bWwERW=yyi=Ega(scOtSUp=G-aM(a
z#c!vxZsdV|()qm3bBNCeufvW${#DCzN=pfl`NKEVdD)|Ak1eJ62DAI`g(e)&?qOo8
z)$7rw{cu$f=25NNB#Zw{f&I!sJ~i=K85jt|AC3N+Zz%IvSf|ro@`-GQ-hNL`Rn}l@
ze*ZU-&}V{PR*l{ZJIjd=b@Bec=Dstkscvi6j#5RMbOq^1?^UGt-U*T3d+#a=(ggyc
zqf(@X8hStty-E!ofzX?T-tX4;zTY|HyxueJxW8^j@*`^}Ywxx8v*&tdS#x&S3lb9z
zk4R>yiG^IAw|`8rt={q}u+RbPbQIok%a5KT-$I7PLGBST+Ap<*U!8xbtn)R}cM_0u
z-QCw#AGuFqJ3kjN7oyo6wpQu8D|uUQ?8k@Octj<xqTYcF#d@%j=Gb?;9n&4NFDt6}
ziQ8H&o!i@|bY8)`vk?A0j0a|mG0YoYVKY`xFar?Wi0as0I0n^~TZHoLPQDiNnonq(
zQod9XJ0+F7jGv23-53Y?ToB|L*KVJdra-~|gtdk994!m>Yg4t^Wo<IHn1G;XrJ5fj
zzle2UnTvVOBbDeOqK+#lFp}FpxDlqBFEK5-SvT&a<|$-|v9H?|E;l6j7$0tXLcwQS
zzE8{b-6KWNY5I`^DmZ^w`z;Fv0N^GON*DY9Zob_D!Cn&&(BkIVThQmGQyM-A!#%RC
z2*EJe`Eg*G@Z=%1UVXHOf2R=YXkJgNj!-pLpDq}CE9=rk%BK9J-$kN6`c?edDu1sP
zD3Y%-_C{9*lQ-E<q*jmAqSY!|bjx<-XBw0iO1}XuB&+AiSa&6-)MiYb>xg#znAl~2
zRHa1*N=QvDlty$Cjl9hag>97fjqUh(jgBV5ZwEAyoR5@r(9e81at^%W;N*ldW&5fG
zaYzy>^8SrxSqh>@_g&6SrtW*Qt7<R8JJ3;w4twG~(Q!TJvCdd!iZ5>|{Nt?^bxp0|
z3r;~f?&0X66J|)6Q%2;z9ycKq3fLtj+fDy+j?xvI20{!nvCvo9x6snlV~i6!mv3QL
zRINH<qj+up3A~as@pi&P7QvOz=Z7H<GLNn&*pDl3F{fJYDPFJE<80GPEPH%xMoeS@
zN4bFSoj6S>jF{?`ct2s=9w3mUD>Yu~8VGSKBPP)ktR|_(^E)}gd=95cM#@K`n*(<4
z8L_XOlv^L|%yE87seAGDHGtr|IKC$*PSrOa5nm4#(q87x<2#1QlTTsho9YK-VlVh9
z>FWkUuXe6ln`RJ47g`P?^2R^wcJpbKnY?<d+}hgYN4dWTECKl~hq^tN3&e7Ni`#sv
z^RN#<3BtZ{-*nd6*&<6R!_HRoAPicOQvXSGPSuOklXoHuCxxGzXK-<N1q#?rjp+nc
zUOY-|LZAm)bBxWFe#3XhtpoSfgtLL}E3YJjegmD|%9K_9j?D)D{Y?g&qct`Ipk#wB
z%fxz$?OCYnCt@NHDt|IMYGyztERm%wjFR~43DwWw;ArY%cHB6ME#cmpgHJl<>$Np0
z{b89%Yc<(2f?smh@FoZ)<k7O~of15nl-+w0CDHmz&K9H(_-GuDO@Nm_K;ChBR%B?d
z&mjV!VxQR)rZ_eOu|@Bgy6;qSOl$#<$HZQ1HEp&BjuC$nc*YyS-bKwOKjf~OkT}<X
zNl{@pWxP5{ZRyFfuu|)e;IOdhezJF#694q2Qagq7>BHr{dy}Ltsxnzz9KBSYAQ!wT
z-+|()fo&#z6F<1~<=#La6x8Uw{?n;;u5i|RAQ4C}*tJoH&?*h6SogNtm~64fi}WCL
zIkz7U;{sR(`TwvA>p+ubA5T$V)j!DIC-04JaWtc~USVj7>o4=wgv3e?(J?qVDYo5w
zc0)SUK2vh188iCSD`GO)3Hl}`>^P*oi4VMpoefaqBt*N$=;TskbMsep(=-R^A<}M#
z!LrgCD!53F-YmA$dkj-zR((W!3psImYdIMoO`__|kn){hUd;_RV3i-%e@9-^mnIji
zrY|u!9}i+M7BD%gq<ByU6#dy)R>?H7>g<O*MHF=$TuOE4eg4cQ?H0rUBF6+=@Owc#
zEHqV`Ha;KOGa!KA%}%VIS%PoRRZ<BgO*nca4JfK`iKol$u3@PL+cG2DCLa#o8>8iH
zlfk_K$qmCLFM<b_(seIPYWi)I3R)fsrt|J@YtKbS98{1~x@fmW7x#^_nfRaA^=6!u
zMhtUVgo-S}+cuhEyIsp$3?Zhw-Yre&zi{b=5>FT|Nj>hnB3v&xa<iYUXJ%YDb}{h&
z>eg3-%y&?{C$X8YxVPL#WX(P3dbd$v)Y@b-n1MCJ(T{)n9Q~-lC11s0tl+ai6S9PV
zcbn)?_<N}_!CF!8c!02h=jrLjmdM0U#oPJ84pAFahvqvZF1#`DI}};o5@qEVf!OYn
zW&S3MiQ*xHYAxI{4Q!GSJl>V}lBUM*nc_JnnzlGSu6zMTQtRy0yPZNC=j!++V?upR
z47SIz`Ovou5g*F6q1D^Z@Q7z((OOWr%r5Qx(ne4*?9_C3^~{)I<s12^X>$2qJI>->
z?`~UMkNC<_JZ9Ji9dd5fOq|rlrpr5H<*1TsDG`pa?Ag|&L%9xjl=GyodNKD>@j2C`
z`o0Ba>HAjLw5xBE_I~7dkVtCVIhSs!!+I-P2PEB;t#O>y*-EYeD(UjF8*9TR@x(Yb
zFa0bd$f^GZF$LLg5QpeLZMI33Xz1Np_5PXm2Z^ij$m_1>)+7kl7#w+u-~lDGAYyct
zLXh4ZkrCb}vqAmIY-LSyS2Xt7CUz?kWX_wB5mLnG3*1V24G8e=<(V=%XOu0-#YwF_
zTHqN;v4%#Qa3h}CI3R-I;4xDm6~E(jd9z$1XWftI<o?@SL1`N$Og7jM7s^VUZj=|e
ziw0UAV2Bq#HGM5I;%M%Qa%LYOz@;{1uSXUQg%t0NH?HHf$t-ai9XIr*@;15|s5C8&
zi9(VCjSX8aJ^ao}Wna0b@nnZI%Uzzt)tV>28rw#9p*Hxa2C<`TT`L6SJYOF$jfEvA
zm8e#JqqA7)2jvDF(VPNOR$7@Fr_T)t6W9(tHXs%M<&O4INq=SOr)rnxJX2{Hu3GOq
z#_DO^A$b7*3)~yl@Km_}Xm~T?=Ek>g()^e&j*d+gQXhSt3N_uH(yfQqLaF@Pre^jM
zLVjs`HnC~v<`*KR;|{gRH=IpB&B@*S>(wG7mT&T`Pd56*X=%)IfQxg+aR{ij4l*IT
z>*MwFz(>YVg^%hROchQ}hGfwU4(cqPZ(n(~kae@Lb;QNVEfZ<#(akoSC0Q}{49UB>
z$I^MR8GsTnq1_{MI;51&ZNx|$E&>FB&MYL=xM3fhl@0CX&HxAH#ZDdvjA~N;8-g7W
z^*(eLr)f<21PDykQp=2pA&tLX1lq(u8;ynwDym)XehboSSdGK<u#oj!WnCmVvYj8^
zo%ul05FNupbjV9EiDsbp4zMT%$gheq5;mW2VvrhB%Q$&~ON3vEpC%B#<#4|yzjV3k
zg!@45j3`c$HIWhYWCd4T9kH+dscct#%)4S;U<<cr41zNy*(kpIZMU71(CIEua(?FS
zqy<Ly41SVjb-K#ak~8(y;lZQp|9HO|dCX<i9pj%({j|N=z8YER$t4sTbQ+39u!^po
zH8JQbGWSefb)X`esc{m$aAz}h$J;1Kd6;Z4v(%y7dvtNG|9Y4MRRm3$)8ynn6ZS~!
zYz_*rx|~}+w!(899GK<3my@y@uvgHE!`UE1$r1XIXZ1##dwuu)p=ffSja;A0lbRCH
znPG_|9wSGA`KOKM1aS^CKo;XZDSj+Pj7^l((cpx*RaME8r=Bh0Zz^5rIhLp{fZx{I
zg)-$7_un5<vaZTbB_VR|(JQSk?0jG~U((cMqC!4}t>XFh-U|2;kV?x{%Q_NHND68R
z64!BRHTfW5`J?ywaIH&7J>XOHoCZAhhKnV;KxU^-fYlZbCl;m{WT#i`3h2TR-jSX=
zgWATKfojxv$#=;d95q~;YMw027UVShc1&KA320h~x6Xi`|5nh7%bNB454Ljzd9u?E
z^e?2ws&7h2d<UHMKmq2As5Y6Z!oyMhsU-9EJ?~MGz_mPR&&yY#5Asu18-59Ad(R?L
z!UG0?G(cibsO}1=FXDNyavvBQ1GWcL1}3uBuiXfs33ZQ-s&+u>u0eg^>IoOz`0Z{2
zE5x+V!HIK7YLu5HtM9!0%Qc@_-M&xc3!oLE?sj)miysU}fC^S}HpU2(SW(QK`P{?6
zb`i}-ojd!X$=d%(gTSk$f%EX(ol}!;R^BI1>DfGW|E35~#|dgR^xquefs1POlySOi
ziSTN}>>V?Q$;povO!X(rg{K%G)j0&X#|B0Pw0VfwrdZwD-zr%R7NC-WLDi4P4AN@a
z9pbvkwouCf$>g-q6Y3d!)5L#T8?N2U#lL>O96A^Lt<Gj;U{oo({F&hXw1=0b!2la8
zd$eIpeFwgk!ZMIbFe<f!Ga)h}*fSwp!08k;RB5GLS|H-nKb(d4#bvK{jvJJzG^sOI
zrhTVp_E6A(RL8A<mbZ|tO(vs%yzywF`BY^UHLzW;ZcGWPSh#6e5tzyp754r<r0joS
zcq4mN;EB>2mxB1<k=mhGBBP<wY=A>lg!0@KRO}Qgzi!H1v4a-^E!hk-yjl;^@)kQp
z(o@JJTA%RzT$fZniFiJ-f9^Hd#Se31=c$gKf5A<tN92fF*=(N7<y?p!$_7~vQkM0!
z$AHIWN8}uN5hp-aar!}QML_Zvk?4_C2voPnWitc&S`sg?4pHSpDL|smqv<mo#P^iN
z0>ER<S*~@h)_o~_J!L&)jqCEuCIjC$QP0(a#e~9?<Ke~~-R=-^%a$RTtBu|ch*w8~
zLgTs!m;HzVIj?tymINDA@@nlXMQxR!rK#W2PUTil=_uxl4m<lbDJiGncD%}YO5S?2
zjyp;14$5#!)WWA`-+-=q{ic~V15BLfZy}v75erWh_TLvG7q>2P&WbYsbi%dY#YEec
za6~#aGa}!)SV|RmKhlnSP~H?F)Bsa8J($2dq#zSjcR~Va7Z8-ddXSTn!m9GP>MyF1
zrfs@=I32-{GWi46;|6@b7jJKJdXSLVSZ-(7*c-f;*lC(~zid@(_>mq(Dks5N-^&E$
z{+SQ}^(yq=aR|}P-h0w;Abio$?UzWDn{tf4>Aw7>X4Uvsvo|?qqe^9SoL^V+%%BWx
z-kUZwSVGDe(Aa<wqPIxExOO0L*SN8Cx$p4e>`3wKklORXtb6-Z{~(9n49pR9MmEFP
zvhlYmZSrB6xGx8~n27msd%`KwwnbpBYIFCVXiG8wYqEbD9)K1W*=tHbdc;2Qsp--H
zpS6*~Djp#Z6$x;o-pUyeWd>|4bwDqz^f+~o<4yxf{@HgBXR-KGAtGMebmiUepc`(R
zoWu{ERt`kNGsAyd*a#>cUfXs>E-5{BkyU*w_K@xy;jB<MB|g)qg<O0|vcJ*aI!`ax
zb-cR*R7-uUl@EFZ1h$k6?whT@X}`CgD<{;{iwHV{icD)<-CEkHEPEp{wfMlBv-mMj
zI^_@M6`7^Nol6@V8)fx8^?b;j<!Cnv<~uEINkCic>w8DaJv3xWyIBL49qWc#!A+e|
zX}v13HIcxy>Q&EJs+nd3@8+wQF2PTpE4obXXDa}i`>WyAdF$7KT|GuYm;M8$2&+$%
z25mR*cRQ+!NocEOFpm<jQH7f5=9?t5`>AIynF0!HW+QPYkQ%+{X^EMeulJ?N*RTjT
z;Biq&+qH1A1qF8Hy~d)B&G%Pl5pp^<M@V3k5_~tazd6pH%h^&wn&t#v7nt>1QHKjJ
z^4jzlgm17;G<a1x@BN&o&&~0-rG%=qwN8=LR;39f30GyS6=~6(M(#E(r?Fa%s!NzY
z1v7^+sb@hJ7IG+VOT3xp#;g2p(w6<+swbH><^+BtSYv^T*E*x7;9W1E3^39LAHU)t
z^LEr=HZ}HayLYS&2DHm*w%Kia_7nLAT3%FzG(zxdHThk_c9wXf<w|U(mZsrj>QPGJ
znZ_dx57=|Iiw0&!Q|}Yqp)zm?%TsZf1iGn|IH}go@7o<#31;%89|nN@yEs@dXnTA<
ziPoh(ez?NV!6;4`9Mr{@eUmOC7(W+VyR&r8#N%JY=a&JS3>|!ka3F$}okR(o#XKGY
zo$Q|A`;TT`SmCn>DUrC4ZXchrUF6Rn-67Bfzh^2KK#{vY3%bk{bn(u;@!N*|TlJKs
z$o}vws6UYcv^p-|K8u-S00mu^#vpwXeXf4;+PRCI6ZS7Rb66~%reYoKClC(P99N8)
zqugN*?{Ubg#b?vriAjORg;yt0j~urI;;8uLfB;F_2$2t_v+06Ishx1@cYiG;6I&5v
zv4X)cr@Nv6w+Y_*O31A}+VkG`F;UCMAGUZ?^}z#0>lVj5e1`~f#(&bB>kn)LZ}nEd
zOj~ZNW){WTIiu8ksN}+GT;>?3YMgWfZlw<CZ=qrza%+*t+U2Wv2AXDO*>1SDo@FAx
ztB|zGtUh;~Z0h1`3=1(~@gXH6+weW}xoXgY6%W3=C0lJjY6R2o&Id~9eCH27St2#8
zTIRKS;*kAAVLX;v6vxwIvJl}{mnrJg2~-9sMh1txX6<JP1yLSoaRuA-^!7rA7CV6L
zRRmT*+J7TdJ`iexL3~}Yy-9tniYJ2QVJ(?wHC+~RkVy(D>uG*)Y8{6ILvC6<4w3fo
zXpxSL_&&<Yyh@j(gmT_X?!&ZPuDAfp5;xoD(*0)pWJ|tMBZb%4UsAQ(Di7dxTBiP7
z8idS53k4sm`bCsi!s#d=*k%#m>wf7+PtCK_l-Ej#Z<OgNIp^c@IcYNTRu$n2tmy^U
zJx}HYQ?P_SD~XA>Cm)e5iQy8%b!l`;o86ZUuC8cmQkjty)uO`L0(=0(^)>uC^zn1I
zKHQGQVlw$eqSah48@g9+Aic{aC@452U>havFkQ!?MEU|B<yyL6LPKtYo&p&Cm|RE2
ztSg5FQSQ?Q4DrPx!wR7B3R-kY4lQzfkc*DsM7<T_z}1t>p(c(;m4R0R*#qLT5c`x5
zZAGap?<n<;H-#c8#WezB^HNq(V98hxheU8t!^ibFR9(ux&d~{#uVGD5xTwi}zq>rM
zg<ps-ex^IXJjSCw>NoWbJHYBo+@!W`=0tUo!4|fs=x@McBfVohcgYhzkcsd=7>w{0
zX5!_QW_v<+gEN@j<hV%BfG-cU3|P63yAVAMmXmX<=gCfai{BN80($e{>ywANJDrDu
zD+N2MaBWw>+6@J)-6h%44<G)11`39)@SY2kaY&8Hj8M1M_ew#V0ZLU%#(7sQU4p)H
zIq-uivvIw9eI~<$!=kCTPg%Xzz`5MlZ%DNd<l%8xL@b}eZN7i_>fUt}@*w~SgH$}}
zp${n<lSb_r7PNW=>pNWI{HK8sXrUl^<r^7s;xuVXFAHS+j@+jdp)60ap~4+%%GsBY
z02|Mkn>Nh}tDNX)s_<<cU?lY-qconssR}t#=Wmm#rtOXpI^f~tq=jZ}|D2~QC38o2
znhl6CJ}y`=sT@DpngVlNd|guNI-HuD&#|IB;|mGd6)x>DKONM#_z(y>O!{sUVDfF-
zieJXs<0doXY{-?1=P<4BkJ>EIU9C8q`6mo$7ON?IYEfH;>BYP}Ob@t#z8foeC!@Qe
zSrS4dirc812B&3B74~bc6$KeR={O2uJ(EZyH((jmxw~OYFCU{vI^=K97Rh+oIghL~
z$wW5qrdtH4ik;&Z^%fNH7+k|I=23=n#B<g<S5$4dUR~Z?!h(W6mX=@aew7?ikiQjc
z)h_(gml+0!JpL%e?~b-z8*NmF3z+ZuY)uYSvnaC*)lkBEYqA6#>&7nS12r{2`t$x!
zHbmIx{SXosGUn!1IP?5Sd~q|z-5}~^n}|WT5a0wd{1#YZ<nms?e&nGO^`Pl=#YCkU
zlC08kt>sBtRnPb>J7suS-uJeb*F*P_gxHM)7rT=5PYLM2rkFUTg}=~m_$>V_Bd7)~
z-~eksf>4QgYDk>g!fWLGFHgu;>6@-Fozk7KOnq9_hTVYuRfa^4CWTFcub<Vk$2<-_
zPwdFK-62N2k?6J0SzNMo&H5pWGoqW5I#X^Dd_rwE1MziO81KY~e~`|^Rv9EKs}JLY
z3UBhuhn620-$cUPOt+r3P^9lsN)MyT&oyF!N29E}Ls?W~{B;0O_XuKc&Pgt2X^ZaR
zG98*Ii`Ba5keo~SCLLacZ5RSt)*k16#{}pg38Qc2NK`h)_4^yQIl7#8w+Ot<M0|~c
zOpP!<Lz418D}5v0>)qfHFq7Q-u?%yla1b6ggYw_C0@bw|5v}z58A%SS1e^y3ex9k@
z#mQvYq>}kq9uy<!VgWyx+;G;In+aGYJG2%T)<*m!GRD7H_co)<5Als4+%Uaw!yCsR
zd~lFS;&fzB5d5QYY0U1l_4+x@E2wZzX3r73c6iUZfYsU`6%sy)8_VOSoKX?0Zc(I9
ztv2g+PxJiGz0Ihi3Abhu$`Z#f3O8q}rex&LAGLTqs`9%>I?t4yLN1(2h&tHXoZDH1
zTfs%TDVQR@O)Moh)fxa*3h1e`l|s_^dy;S%LAk+E8-{(y4^Lkv;<@b$sv+M{-Et#>
zIDaWOqu;kH`t1Xax2)WNoeHR|T@Vv{7Uw(SSXdj^I%<lj_Mlhe>9d@i6z)l#eCp#k
zQ#!1x+qB|;qGzl83DBQ))j=2_WFH}sdHntB%>?M2UjF53JDQns%<8lGC?0Pa;J+P~
zXC$NMz~%GPWCTlnwZ5Tp`K{XsB*H8twMaRJ^WnRWfv>{c)J~SuRL$_%<ZIiPXQRUg
zL*<GiM%-dWd<)7+`A+QNSP$#0m~oyltQS0Y4SSxN?LnUY$Z5B6#fSST4KK7}Z^4!(
znkz=kW0~G`VxfI8lq=SmL!Xq0U~`Ukoq5mq;-JB=62(~NooghPeKUf#Lgz)K=~*9q
zvUgsFNEJ;1U9B1Q2?FHu<nnL1T$Z1mnORCKRBU?ug+NqeJ8s3~w;+Zitw5M!PLkoF
zp^>Si%>Lv(SSrWF(+lvmsO`Bmj5cO%GX!eUSc^LT$Ry%2?f|WjO0^88#hGFfZRw$S
zgW)jQ<R_e?bvd5z^VSYThWM{a7GG$r@L++?)~Cuv6g<tMtXnr|*(t}u>cxW(E;30j
zVn%70X_nDwU)Hcs8Bm;4akix8T759N`X6oHCO5bwMjE`bE-#kRT}190EcHLy{3Z3%
z=Y-GKt&A{tzZ{dr?zKm-Ep>lDUEVya&XUI%X&m{ye(*GS!)bD#J?~+F45e!ES>xCh
zHQ*QD)N9<dnpoQ4Jzoi@jUOw;pjTSz^dqrxGSd>E*_^=jn+XTzDr`3%(R>zJZ@549
z<MrzsaOaiIh5=OfTe1)^N4=~0qK-<5LrO{ZErkzegbzQliyv&E)MpKj)3iv%OiSGi
z&Ydp@pH7;O0a1?Vw=3DD$^AJ0G9)SJ-bk|PMsGVXbuH48DW%ig%v&jldcs?5H@&@i
zz8_@Q8~|6Loda)&oC~vXsK*(Hk*{Z8D|u)d)aUhz@&?-*skuk^CTl+Ii$0mcEjB?N
zx3Xp!{>0$^vR)|&z53-Zm5ZaHcNhy~tg;p_j6uDvzXz%QteVat9hO1QrpFGIr}YwS
zCs}Sb+k5U;9Z>6RpUtX0YqTFWy%z=U>f8%cnEdcnIw}5(h-9CzV?Zh}@|U-65UvhZ
zK~=H>5&Z!_zg#zL*aTw^^rzsrwG4WwM7^8#H%E<u=rYo^r5@;=B53Nr7S|6SiEQWC
zwJ#U9(>-~2(hrg$mhktRdRw`6YP?pdh=$kZhHHc@!ga>ovBXOLUBM^F0q2C8Qlrkz
zw>w=42ViCYhRS9I`CoXMyZ_^eJ@UpsVle*APBN19%+xgNeA}l5Iz7D%FDl7Jr<|Xn
zt{7!yW#L7iIj}$H<rQjIV3NL;*Vu=!N*k(}Fx9H2KMwNujIVwy9j@ChI$6U((I)cC
zgZN1EmRu|qy+ub%oDNnG7ob*;RJ>88a|4vZ_hevS4p_vF!u31<Hq=){oobR#Ye530
z&EqxNv!F&*9-fwq%|(=FQ_2{NpmMM`G7r<cvD2L#+Ho69vG(h)Ul_ma7z*Hp{n2Il
zzx)0Ya}7e|0_1^Rn`>zS7`2EFgM2JiG9INs=j+>hl(|}TB8jP~EFck|WGb)dy-P$u
zE~rC|XZ~DqsLDZJky0?&d?`Lh9`044A#P*+3!b*mZr#D7U|-4L)tM}$-*)ubG^hxK
z^_N|t7vpkEHX)g<T>qNpT(MWYpVbv*ts49v)3fP-_X%4*_vG@>D~Fij>ZYUuSKiEf
z>sWk4ly_v4`CotgXSB>4#%oBjQX_Z*{??Q-U@xjfBih{eMyB$VQLv##V;jZB^X_6c
zpPgCyrKP2hY&O4<ZfkohjnD4EAeUqj1g4%TGVwjF^YB0Wex^kD<ER8e!6A_RCqKmB
zzTkxC*TQ&#t#nW7`_j4wbHW*bg0k)EO$wEe1oJo!>L**LEP{G867DkiG-Aw?_HtTj
zZR!7cs((Y<e?OE<@hUnR7f2~wTCGP)^ef#Ip!Tv#X8A`|+szriAIo{h!l+h1pWjWy
zq}FNX#pva>%UxJdpa2i9MEubx@_*ClrE)DYyf1x)HLrCnVVGTBpajfx^A7HN2SzX(
z7IvJ1zkkF2=A`COdn~2?M4`v43}*4iSddW}W)>~sidgyZ(LXNo|9zmpjy}UCe5qyb
zeP}pTqiWpM-<3?%p`2S;sRcMO&xZ1pZ6**q?{o9=bPZKD0qw*J1)Is$-3VlP`cyZW
zDDGFFlW&O!Hl9$r(w`QFKSihf$7FcPKH}xocK1kEWHV6GQHrqBVhM*lZZ$)O_mrC<
zlk!^mCVYOD*QAUilmisg`RufoU_dr9<D>04W~Qw7iA?HBW@aBVB!Y|__{MZC3_1TB
zjQ`tgJVQRYhVxEC3D{PgxLH*R&y!(hpb>L@b_bV=c||>gnZ$;*`uRe0sO;p<XlY`u
zYPvwFJD_D(+6>Ux<*2ZGuWLO@B1zIJiuIK6-!FhbAhsJ3T=jp+zyBEW|JB#;b@!e<
zCX^RkSzcyki+BpxGWQ4K=r~!D7Z%LPxn6uwN#T-O>KciRDo?SEb>E(V=j8UKaOYHh
z`t<x)MXMwtb>_FNU!}v8!iL=6@R+adY6-()eZv5$ZJ7FqlluR8nilD<-9|F1rrE!3
zweE9&!XzqhEY;iF4dEOsO#;f_bp7}$4T+t<-=#2cpP7yIW~9i#rF8gh?3h#LmF#mg
zQ<6=8#voxh0d4ZuRILL;8;!WXk`&50Avp`yAF4Kt9Z~+t7ts0+T2#7wdf*JQkhhg|
zmpNL;)v)opH!+CE|K~OI4}PG(f2`ni<NFRWq|P&s?A=v)<hv_FL&KqJJ8j{Ol6>7U
zLS3W0Q)uB(WF&r9J07Lg@jF5u`+eKBp?Y3VLI%)iQek(daFE<dYGuHVl+*nR^`rg-
zZ(zr;T)%DD^T)(^z;@^2s~sS5KQ=aY^=orAH5l`S%+`m3yWy1dj%Ol|*W<c~NT}=i
z*4hQ{4Whioz8wZ3Fm&1Av`m^z&Ql7%`TGPNXCCJ<(GS5mawD`Ye3tycPup_JwtU~P
zgg_+e>DvW)%+G+Zb(^6Wmu@-m)b3sFOXd(cxo8*5*29aT_XD|<bC8(knnl9=bIr@>
z=!bKi@3zkJ9%m~GHnUI$Id#yhoaCI7lXEx66HXl|OG_j=2WktPPR7coVB}ADdCUXp
z>1%eNVS$V@$N7%?aOya&r8ta@W$Uq=oZ}oP-ib=XuIj|9gD8zzH|^3u=eymQ=<#MS
z1t!&VF}?Elm>`nf+3|#nl;jmbEqrKRU;tMCpAG<wgh(>8KbLk!!Kf>}HuT7a-68uM
zDD~5$9Zo~lv==|Bd2%#8-)PZ!5*$%84@sBAxz{{pq#L6e#l7A3?c4LbErZ;r%yiQq
zrLnpOT<GijJd&&}Ya}Qs<Rw0{B}OkZ7TmmX+Xe?8W^pf#+9o`nwm-HCsarUDmF9Wu
z+H_U>8iyu~;9L8Io41f{Ll@Q@B%DD0676Dn1M?!>4bP@yV!mkPc#Sa|M7I7a2e_S%
zsg+2hXCt(t{rFg_f+s)HF+b;-f5C$2J(g&+gAmZJpVzJ~c(U1`K|uBEzV$$;$8LPO
z9RK$-{JQ_CFU7{qOpw5t>sa}N8@g;zZ~cG#>dH8Ovz+w)K?iW5Qp2he$N6G`LceeH
zE%aCXMT)-$unQb%<QTar4|FxbV-*g6Ss>}1L5-j0jQJ|KG>_E$1xdz71l|u(u0T6X
zDJI()GvW1-=66@gETSd1WiBcfH(kGbCK5EW5YWc{#@=<ma%5dt70|A0f9{z$0K+->
z@~f*Fl?k(_kJjUWDGbd|5B#a>ckKEbWcNBlsoVK8fc9do#n0)1-k<`kUtLvMb>ll+
z*9_Sd5~bpsL5I3@Bg22qU$n|InoTa)JkV~EL?JnYuG)Am?&`%5lB%?#t{dCFCaSBG
z5nox!!@|N6FW%_WlLfFafL-&f288ATlxDKdOinIeOQ|=Z8=HZsTZ;}tHvhtI7ue{d
oq{*#)NUakY!CI=1ip5-ACv&H;Zl@LkUjtr>vT8E0=PzFWFMqPPvH$=8

diff --git a/test/integration/consul-container/test/util/test_debug_remote_configuration.png b/test/integration/consul-container/test/util/test_debug_remote_configuration.png
deleted file mode 100644
index 01b14eada6d9a561bbb4a8b9243babd9463f136d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 285715
zcmb5V1z1$=);Ep_l7fhUG}4k%gLIcPQbS4%-8D1{(%s#i14Fk#4&Bm9H_{FN;W_8L
zkNUmO_nrS-*UY|W?|sK!Yu&4UYX>VSNIga;LPtPAcq}6=u7ZGo5{H0*oQ3)bekOX{
zM-~AAy}(>dOi4yej6%u5*2LTjgn%F&9G{4y6g!Roe*dnJTT7H)Mby^U2~iqN;CMlt
zhWf?Fr$!W<&Cmv4OA!gAXA&C7&vfD`EhU~|gc^QrqX>NuWx=;9Y9W8_+ibhwaWvSU
zd^B(|B(R>rcQ%+tju3(<#iS63htTr`B=f~f;CYq(0p=XVCq(v74>5$7?KnEihKGgU
z_k`Uvx3r^V$#~3qvQM@9+(B}BmQ5WVycfk$SOPh4JP{1uz^KrSK}N7(U7G6aeX8id
z_k|M;D)Mn(5&AAgik8PbWaJ$KE&Cj<0TF^Ldmt4Kg0KmNw<JL0{mP4GDyx@EXcDNQ
zI4%P{nqS1upMU9+#$2LOTr;KhN|gFppC$uMBZ(018f%q9TaZn9sj$9sli7XHPD7>3
z`}XS-WrvUsR+6eWJ<0Qm+D|ErlvV6{FfrWT9=uJXJPA!PuqiOT#yonh_W)YE`S}A!
z8q={s-=T38m1$DuCMnz37@8kYE%=frF&(L^o%79=*?rJ6nfo#`pAvF>o&K`%op4Yt
z6g4UQAnt-@)NcCrf>J+nx=9eaz`@?Wt<jTEKJX^^IQC>Pd0t4rBV{0&ka3nca(`8T
z7?&oLz|^hBB6v&;ba3sYpDe_|Ct3%<XpE}16a$$i!49y~4W6KSK6rTkfb~g)ruKWM
z%+8^K6sr!$;Ma<j&+?4fG<z_XIlfU=bm|1u=GQ((h~0O-<Za1UY!wUgww_F!^3z#<
zh4j?KD;gWYOkyjB!NjYpM>mHWaoC_c{tdLy>#Z%?!ysX@;rB$ti0+@BCq1-$hn@C;
z@8_di3M6sg*OjPtBIrE`Poo|t_;F=DdFIFb4uu{??VZqT%n0A*EW)%$1fM{5q;p8%
z&s4)0k3Px1LSOK+NA<OPf}A625d|<tNEVrVg6rVlk}XV665{vt#RF>JykQ43QdP`&
z;niWmqDPm=yvVxmD@5mq9~NN~1uO_>8a$H=Ft4PwLLKr;euaVcp6Z8xC4wIM`d8$i
zv<;XQ0g<2Ne<GjrdJ^pU>wht#e@~gcK~EaT6B2wV?w_@!+)IyUK~sXN7E&TPk*lRl
zS~OdvH;%f6OB7m=Lulq$!!d(R>c5tgn4^)yozpiGI3mB{a%}BH?*8oNvDjy`cm1yv
zo&#v{sXnc|LuboR@=KEJr|H-2M_3cU56w3Uuf)<6vLXTCHDfm8G!xIh7l_>LIyLIH
zd!0r!h`H{I@!8%E*dRK`GKVwAGsirKut$~gajHvu+3V+lD~>mF+cW)8q0n}J@{UN{
zXQ+>m=tNOJNcB)z(UMTqJhgf92z6OpA_r&0|GA7DO~s1@obBMmpvYib8R{68-soqN
zPh-?$Vba~w8q!{QipDh1m(#In!U-|l(b&;LvE)&UD)i69LilJhVkD-;i?em|`13vE
za$&%ps#RBq(iMi4logxa))=}T;-2aig5LGML|A52`wO8QVWn59KUKfem#G#hz0M!b
zeN`Z>R-=Nc+^;lOq*>~!W-pCaXk4^X-tm?}X$In?T$~w_v!yIhth2?t^<ax;3*oUW
zM^2S_agE`OvKE20Do|!xokxpDqfzuC%z>3uf;+EzbMtuMc=_1lc!(i|feEh-_9)&x
zUYmhjb-k#m^iVBSl~{GZ#9Q5{$gMQL*jmj}-6JPLom&n2?U3?fuD6VrF_v}25y@U!
z4o~+w|M+_@Ij%2U3FbRf8{^N%#z&7Qo>}gVwiNN?NK83Qy_uM)a8|d}OfA_hVIE(o
z@KU%!7EAtYn8yKoz8j`Y`j}LRw0KZ3oh98~mujAVzP9Oclj3oZyIiYr>#n=Cd+z1T
zrO0L9$@Vch(G$$1M=u}oJ?6y}d`?8z^}K@H3P8fH!evOjN<2X*04R9gOvuVr0cbPw
z<uXXgOWpxAnxm)ABo`#9CoR148`v56Xwp2;v~IY@JBT+>o-u2r05DB9O`S?U0}eAI
zGEZu8YPX~m3bA@GOuCUCwE<^<1=?hlp2qpctG2b1B@<iWwZ&XhO<yh}9(Q(io5ah9
z4p?e)Xt(W>&0e{vHd8d8xLCXB?~?A&oSvM1#k#}_#)`)hkR#%VYm9d5#97|>(EvNB
zS*D}&C}b*JR`B6T<tyZw;>8}|P8rJddFS08T7l6G%9MpLe&rf*hFC&UBZ#}pXLggD
zGx&yXvaTrlKE}g%zqqd&Y`!=!J3jxuxzhOMsD%L5H&xnG+Na&i2Wy_YDvqp({8Tt-
zIzBZBPTqGD3e$hTsNPOiN1NJLVGw!AcMkb!i%o$djueN&kHPsk4yo?ZXOUZxSzj^~
zVx&;tR54*xK4a~kSf$+I{OtAsgRi1r8NOr$YWuTd?+0Z`GDQ@HyOM9>H1ZrO$Jxhm
zmN07x^1f)Iy%Y=6kdu+K-D&xTS2eXfzWmXi`Jmx^<J|AS2&08yNAp$GyF{fVJKOA$
zFLVAH1jVdx^qowqt_=s5aD$UNk~(HOSks;;aG5d%r>iD&!cJE9R@zn?kLr#BE?BOg
z-oAs%I>;PGeUhk@f0eeBppwE)dHgH^L%;AcUp?Pj8bgLJ4iHTiyAbtZNV@+ujmp#f
z;F&}-=3d=VW&kchh({tX^L&+)>Qf4yBs369zg2I}3qR$;am`D=8rE5^X38rg1*gGa
zolYHP8`BK)g@BgNo|)H~iP?$viM7mAz%~=NMfAxKFUIV68OB-l&2k1!uF4tk$q%j$
zE^|w7ZOg_w<K1Rwwrwp8P7HN|<Gb%yV!GKn*?E<wtw)z7<Re1pK07n-stu+BY$aN9
zEISiA^E>qc4%~WIy<3IQOj-bq?beJ{yW0@{4*p1jhxU9O8H+MgFYD$aeoeVKpOMGN
zDVPs`zd_4FTdOv<;cZiOJyT^FDDk#}xw$Q_FmAE@XOUUac+s5Fg#owiS-HTT$5tt4
zX-KKyKHgqy`w&?FZLNXxruWY6&dm_EIQhnT@`dAo$cbMkN;}z8(k%fJ?}pZ{?1BRI
zTo*@D9lCO2!5F)hHDyRH^U2!D7174y&hAfan^gqu)VB`%uAdI-aQksj=pHMm15}7Z
zQ?d$L3P#rA))o>P687HS7S3p;YZLp_o}Ubxr;p*8#tm5s%JOU5xh(12HdY-i9Z?Y=
z5nRsV*9$Z~_c&1S(Dazfe=n=Sa;4Mu?eo@aaOWy)vs6JtQP)V%vdzY)wRo(e`hdH6
zk*Im6ImPDnoLS?hYjv%M_t~_zO+CxpX_MCl*45xi^Jj4LzQla<V(jpkM<&>3L*&wL
z3cH#-LP+c8`BB40@R!)pLL$XdAMT6R?5Vahxl9fH_39wg$jinX*1MkT<v!uhj<BOq
zk=@TJFSfJCz6yTj)@O2M`>As6;F<SRu~UdqpRk?xBJoN;J+~_NA%q4(w_xR2dU`s{
zHw(5l$~ID5G;JZjQ#w}OUH+liuSl9{B#0fc?)lm4<(0)@?TPlM`fgl8TwKG5j~ra+
zSx@|9V;{IWq9)@mA!IEey>EEuo{{m??2`Ol$S0qr&18=^I}eJa<Tl(8JaGh|L<qUP
z_V_<~qv=OUKLG&j>B(M&YsWGpqPMsXl?YqSH=6GdZeNaZT!XJ}3z4B^KGk=K6HgIW
z-g0Nb-BW}Rkfw}@ygUK}yp4*0^neHf8QyvT{|Y`J{-3tw1A2sqf1O7}KnOHPK>GJR
z3h?9oCkp<(@AI$Y!<YaB6!^cV@ULqY;(zW&iOYKUpEhz9{2GGDTQM0K`0=fg0|;c}
zXlCnFTmIlB`~;evG|&+N0iWjn`#?s8`X_w+Z|16+PMY#^yhgUxEC$B5h9DMKYrFe#
z5cpkr;Z19hlL3XRwUvz{ud4v%Uw81r+xMqgDJlNC#mQ2DQd3@uLd@0yL;+xV#qx?$
z5S@a8g5SZ|gjYpe^55Oz{{$$_oSf`<Sy{ngFbkN2#n!=;m5qmohxHXZD?2+g{0?SE
zHybAdS7sYWs(%ggpK-)Njz$jVc24HDHWc^c8W`F-I|)!y-cR&DpMR|r<ZAx+Og4`H
zek}L{vff`|Wn+28`afgCyYk<k<yA6w1z7>b&8^`ygU=zz#>x4L|E~`J$EClg{H3er
zFI{<l@A}K7Kf9_qf*izbt>Ke83I5Hnf6x2t#ea9?XT5*+Uuf|!LjQFZPH91Oe%Alt
znjre~k;`y6BT3A~6;<I!xR~945QpJE^#3}-+lbYl<oy-l!Y7O%BQB!q`d}v=#S>5M
zv|Ew>fhgLC;TPH9XU#djAn@*d?b(9!S-YA>eS^)S+7$Fu?>&--#!iUtlPJp8Gct+?
zF?RxIt$fMcZme$1EB>C4wSoS0?RJhIu~*(_X|WTnQbXuCNA1SRndm&W9fYF-^`V~p
zyKmiAXSwrC_x0G9KKbQIC}6x~WR7Llu7?FYCN{pgd<=E&!+$wjC-1WJ&A^9&fnjHa
zliIyPh#FNG0rAOu1SATC2mhC*bh@y*dcwI65tjvZI5Bqut$d2~+oQ1-35?zWYpO<T
zhkS{nwNdKk;5ZxRcr;wW_+*X(S%tpI(XP2Zo5?bVS0$Szsw9_1{Zk~dnRrj*xP+*0
z$+$M`fQ>f!OfxmAF632(H5L<Z;2+~vm>SgPhS#wT_(oPXzomsghmGa`zPkS`Kg$NK
zs3$Ew-P&m(VYJR#dvo}OzSdgNTC<Fv&#u}u6jX|npq+A6?j;K45XJ&s3<QK{>6k&(
zTo<5?;sGvX6c_V+GCzhFp!Q>uz&b1cGVOW=fX&<n@Wm7}qI=-~i%5Sh<HHte5lyug
zYdzpmhxO6SoAtr;@}BEnDe^vSp?*%X674ssb9IyGjZjj{5|TE|;QkjP(`mK<Lx)Ct
zU9T^Zk%<7^Bje3c5Ofl?w^Rd?usd77+}0FBY5M<W5`6xx#~%vhQ{Q-BoyN=pG@4v?
zDaQ)rV<GLAu%;fHu>xM@>82KzvTqhkl%>vxMSfB;2AK;`yU(J)W|#6RrG=GF@d|Fv
z=k)&%Y4|t2#h?7tW+XVKk4ok+?a|QpdRZ<n2YT#RHdw(JrfnIXN^<INy>05eHCHQo
z13KHDQaqjAM*udMMF%IgjGhlJh^85b24VkSr0zd_ML;~sd>;a1*5XXOzQ!7D_24$j
zzxMA>=9toCSx;{08wks@it&DqJvI5GmS>2awjWPxGw-cJygvp(ifivSXgT09G`FSY
z7T4g>e?>)#?>J`TMbS0pW0Hq*I;&&?O??<cLUglr)`_Q*#)B%1ptqx1F9Q{!DcrWo
z_Ao^shWva`*T4y{WqQlk4i#FF|7J_Q|5PC*%pA|>)RV|>lsq^0oLoplhkBRKDK0H7
zL0t}z0r^@18L;1|oM$-w=Ew@Hb`NLLgLV`R&AJFs_M`q6n-)$!enk0HK)j7^^BcWp
z{tKH?abSyUmA(Ibm5L02W<rH$JI!$j@(t=-%A{SVGYQc*MP&A{wnO~Cse-?m(oFGz
zDHp$Vc3XjzkC1WIM1|ia%xP<GB5nQKbb#1P*~v}Q4Baa8Wm=%|vvs%}@B7jxJ^k-Q
z3ki+Wd{n#%yiHrKRT~3ozf}Pc%{N%<H3u023)8*TI}h;~jZd~Fx_AkXR#16${wpQ+
zO#-bb-r?$WH$2`!YI(rD-1D%PZnRb#yu78g8++32nQ=Ha#<(`5PoZ6BRYmCeUk&<R
z_$$S5js(U_CZ;Fh#n(Fa(N5dS6w}iKExo3sjyq_082Bu4hldWVvAF+>q;Dm>XIXKU
zas>jDxuX=)d3)Qg_Nc5K9YL32gk7Z5+-2(mylRT~TGwO0H4&5KmGESlE~CEZL4MgQ
zy&360rCCWvcuGOQ{WwaUSsNBe-a;oIo|I-ZC;@kEsaDI#Z_ax{^7|6hCZ)el4+D6h
z8aA?ob4~uo{pKv`si0Z)L|f+AM(sM-xV-jCsxu8c=<6Eiae^!E^z`&-8IZ%=#(SLA
zHMT(BifXpry52rdcEHeUd$JrS^t8i6rcF`-vKBMe-dIC##xl@sB0JX7RZzt=UFXtl
zrK?4&y_N`DOV&0%nk(-Gi^~5-3kq{Y>zSJ9qd|f0(sui0Nw@1@y4G#E*F38$v3atI
zEDK74m*+;woSS_6?i&0fwR-TKm@mIQnbTZapO646kS7j*-=G4wY|5+!E!|{a^Ys_o
zVlo%?931+W=JN(pWmgvN=50GyLs?pc4-XGp8e5JJ``8`Vuot-KqLCh96H!Z%d&MO-
zT1+sw?HtgxSStK!Zz#mGWY-5{rdSjU6mAvNAwZ+aDcT5!p5<C&QqIHSkXn;O8{Sbn
zDoXN^;_~a)LK<4!=1h1q!Qp)*djmQqgfz`xJgsK*SoX_wSZ&KR>2RkK^K!3<W|eSw
z=;)-h>iTiiX3|Uc)G$kTQuJ-QbX8Og@%K{m$34-iI8^%DnDYh%%c;Tp>Z1+*Aw9JI
z?~`NEkNTma_7wwIC#2dgJpmBz-b+@%n_i}mpuUh_bn1sN>MWl?eWxE6qYd_ERHii|
z7N{AkT^4p1hpSN614AIx*u2J&FqYfyI|9#Xl2OY+nNH&<I*e<e_DdOuQ$;Gk`e`}G
z$(4Dn3A5Yhi*+Jps2_KiqTr1xt=xHk^Fq9W>brRlhydv4_s^388g@4M`P!hFW5UB9
zf#eg@T|d4j<>->Tt>Cab^+Yk$J6(h4y&%B;br=nSK8d~0Vcg5ZwNzV)6?<iw@6V}d
zvDtH=Li2Z@{Blx-|5xFj)NOJ~aC2PmDFasLiFFT}7&&fuPu@~tRY-S>ZpE?et{&U$
z=2Ot^C~9{CV?`gNPNdi2i0u|y^cS2-W+P&}c?0TSnqartv|!e=ELJO3A8m3j9Ztkp
z5S9bSYt`dfiY-6J{u(!1=amXHvw`ZLkI#IU`?@Q+_U1ObF=oElT$&f4&#9JFm^Z#-
zHxQ_|9goFB%@P_{P9Hn54@u-AFM|yH7y<mM<YH*E5^^;3ok5}}9J<&1JHukeLjq^V
zYj6ce?RJ%ZFv$QIX=KrC5Z3e9b*^5M-j|#Wprk+B9g~XSS=%TQg`U0tLRYF@9=D$1
zqYSY6_M}B^eab@DYo1GEo3aU}>6Clade=Nu0by<1K%`>Q(4ud@+_IEp%GAqO5bIH5
zeNZ0G)g-&T=%rDR8vgK>)3vfnNw8#86v#a;bhu%ZJuq|Yn<n<V#WMSj<m5GxD+LBN
zIR(pIo@#H-luJqHa`ugvwVnxNiGq6yV+Qv}L|8Vbl~YXo%e?0=HT;!^ppzLyY~vw0
zrvY4TYR)zNL50`@+ANW*I)qKpYl_ZNiK(+)A(b<kvIVndmd@3cVf`A6z9-w<<1>j^
z7g9Cx3f)B22a=cK$K7GW$Aon<b<3yK<AsIl3w2poldd+}2U`}vi#1+uu83b1U(a*I
zUQ`(Gd9Y-jS9efNa?+sSmE7iN<7oQvwr$Icw}sxBaam<YZxg$QBFGpw56SYa0Z1Z^
zikS-zqiA&EEZ?0DC#dmEGkty_R|_lHZWLNHg>9>!?ai--jVXrGU(JITd-L{bQ%^SB
zi4$aOU3O<APG@a}dI1OV1WY>gnLf7?e&N}k0}~oDM{5HDCJgjGSG(f-T8c#6HdaOo
z1WB6jh(a%`hlGY2Ov%~a{prh&<2<;zEzp2uKnJZlZq9SD^Q8<}ZK;7@&*lmZ;fhXA
zGKa3v#hPyFY|o;@*oedO<8TzJmQA_&K%jXAKU0ua{J0KZvMRDNm2e<Lwy$q>kVh6Y
z7jvw|PzrL;)6?dA#5kTprhE9&2+vHuAYzdQtQeWCYS1<ZOmvY2)ynNTShPvwPBk8)
zDcj%h8ZJ-_B#D*{kiOMqZey&|=z-doR;pqNF=PEg@?<fJl&rEZn_Cmv?KczoDsYpU
zi*??1MJ|1{_+6Rr4aHmJl5I$H*T)gGz+yIMa_<#o#z#`A+jZ8U$;$@iWyzRXT5c1?
zz69o2(+tvdfW4gtL0r1WK?1Y3nn9EIS9f5GSyipx?qs=TNA>8J?aAW!tz~l~T@Zqd
zF(xUmcm)3vDr7B!bapkvW53UgV1D7<_69YXNMl5RWc@Geyl-xiJ~&C6sJA75$!5^h
z)qa%l>~za$ElV(VV13VHN4LuB>NJlwpDosQXNq}eZRQQM&VX^KNjBA}%sPA{8N_7A
z7<RTD^{#|2n<KIMon!L#YG9{%XmOeTs~V2axv44XvjDdxJJ+P_IoOXayDz<Husy9v
zh87608eq*9?|2DFtS|*fnWRIlxf23He!3enMOBwkK<Y(biG2mXn;%iH1-(hMjm=kt
zP!vGLzTo`r*HKWRisJ$&I*-oA3fz{r;js)B?*_%@SaW@1AzejUNCOqNpfpi(u56~)
zX=7ZRYE!Tc+-ZI3SjlOl0+cN0=F+R84S$%&=Ax@o->vU+6OOsDsE>}0k>^owlVeGR
z*EHe(b7$I7XCx?BD=5QxEm?12vRr$0&ttE4ife!iZkL+C`?SrEiD?BqPLF5o=xp0>
z>T0E(r}n;8iJ=hI&A!@<%Cr@`uv%>UI%t_)rIgMOvOq%7pi9ZRUQN{R{W%ZjP_NLH
z5a5Z28|f0Y(lD-buv%H}*yp)$8lm>qowivU6R$}Hr}VmoN{!DN<-;DQOq_gK9*sGG
zh|^~rg(;)ASNn7*q^|G8*>tP%2qI%UWfNR4(s`X@VikEse7_tqLfW)C1sq~&<@0>n
zy<HxZdupxJL_tT{r{68@4kmMSCuo>_cKRNKGuk4NpTE-)9J}LCZ@bv0qN(&wv%XFb
zl92rT$GtaYYF)N_yuUcq@ND}<Iv+Ts(p>|hwn!wHGMVDM!QC~VRPYe%oBpwYgG_mn
zMupBQ%Pt#mq1EFo#1)@00rF~pDlVw*q*blYE>XQg^W~y^#tsV&QK-p4f8x_Fu0|~b
z)8vyqjkPnIuCQc1(s|XKx!HPK(<SfqR50~yMXN>%_${|qf7*qg#^jye9-C)FB7}~}
z&#QM->G}lj{LWaBXtG{jtCfMxW6{h{E(r7+WcM`*h8DKx(w?RG__;q9B<<gCav1gr
zRWH|KW|S*)_BuOGL;Br~&jO%*bB+e)CL}xWTSD3>TQ83}=KYU*%H{+1)vAmF50cZw
zFT-(S6?Y7ExU_M`fs+<u8S>>5l3czHRI%$r<^0&rJ9~olPT|+{L9k8fCi;nn-XD!K
zw0@#hU{V#!@}%v<<02V?78dgs^IBB}sV#RC6mzg$1*skl2i>zk@~FnrYt_3cR2cd=
zabn|m0}O6HQX(h&VoWW&og20TseUz^PhTj-_H50lWFMrILO6YVO6hWyRH}B$>ldqR
ztS5*@GBZd8B=K1*bok6}EV&+)vxYM>#2{nf&!n}UEy!XKa>1ILy>EDz*<GVCiFwES
zjxviVP8P1n&#QMX7Cd%e29h`gB?_7Dk+|(O66`p)II1b{#JyFB@g+mn<8#kJJV>gN
zz;W|P)*J{VbC(v+xD#d0l8Sr@HB1o_qNiu<6Qx>^tc?MLhOLJYZ}2#-xyu(Z{!mS}
zH2VC!P7h^Gyz@$JO-jNmacwA*RYLMv#Y^P%!qr9BBl%!j$<iX%Jswjj&dnvgX1Vlz
z!os_8)D%)3_4r&Hh2b*=U8Sp7tuk(Fq8a+K3w_Uv{2eyWvmkzrwmjq5FlM54;0C$Z
zcr*?%sSeMbvXPL`>3J-G(JcPz-jfPyEB+~X{qt*o1Ea(YoE%A2_*a3Hfn@A&PG>Ax
zS#3vhB-U<-w{=l~asb2X8`7h4U7_?>B7!$gzEvc))K@#L^<mGe+U@1%J1nVO*^SoZ
z+-^>|%X)}*!AzQZ5cpo9xiFYynl_63;c#vc=q7PYShD`mr=-*rVx)wDaB~xJvLBW3
zl6CRLe%o2wh9vSI0pEui$}G#84-Zi^AI@s%xr?};Ia@mCDr3!h4TU%?+whKX*2qW9
zvDLt{L8CogqIF*iw$d3~OSa5GN{-eYYf&47FfIwon1mX{VqKktzJlFVhp%yN_mN7F
zL$DqvM<^7Fl<ymI$yVhI#P-G_b<Ep3qm@t!yFjNA4l#Cy#LY*n9$T;=PdUZYGGmgP
z#*+}`<3)%Wy+z~Ue9cH3NWJ>R_J}k!K)Ft|g^am}>E&XR*xF*NDqv`ysQV-RuaWVG
z8M-I(2o4F|pBEslYYax|n&z849;a5g`=^~+IB|YnQqA6z4Oyq!%@)ba5qtnqgqxKy
zMbMXzLslo^YbA*1$m^M=^Xwj8ss5jIyJn_=pRvd|r6U9{>GxgA;HkSh&1}bk6fV7J
zGv87$2TTSCEatyh8H2j$nmx4UMFQ2LPc?j+2=@P+-9bfPZ!@pO(!MhqR5H?`=<}g^
zkpHWeNi+YQB!U;dkif|^BbvGC`3Sf1a8w2c+Zk1JQu1fYM(S9LKZn@TeH}_#EX9-}
zy1t;nJoc&rNnE~VkA$f9rh+<t5QIsS?1IbQ7{ua0vUC!M^t$1qC)E@6A|8KyWNqnC
zr_2RB@Qcy9_alXQ(ToX4oQAVL0Qko-hVY0*+}@8Umm|Ccih*ZyzvO+q;)6(`G&Y%<
z7NZhlzczSH{h@@b95+OaZYDck@+<iZjMb>&QtlnsnxczF@PdPz;b(Nm1W%PSV{1pT
z$@U+ODGH)S4qnrfwPNxw$g<f|Wcm8-yrt(RLX}i7Kyb}Nvq~OKm#%1LdNtxw;~}5@
z<GFXiTe=Ppzfk&oklY3Rbz*C!q<U*DV4NcJS9hVv2yp}{%gondIKBq!YBm@bbbSuq
zmQ%`LcP?o;=t{*wQtMF_8KZHo;vdqSum}NHRM>E`9aMFb*Y8<36V{KLrrD<e8U61z
zxZ}t3tF=I-{?$!`r;Bg<`U1(kJGAUAu7c5FT2i`?gf7O%+*8;c=chd{K#8jMT;<jp
zNt)8PRhAjD-c=K;$dRx$IjSdDW2Tv2wB$aA#X^jGj(D*c7#LKr?dM!8%6fXU3~Wgg
z^5?jUf~%eHB3{y?5X82Tk-7eSp<KUxwc88<R$^D~$N6yh<E!-<%lCzCo1c+&L6sCx
z_S0$Tw`nn*fj$Qk1k$s0ZY~j**)|!8M2QnbbtTnR3}<chug*9Nj(zr<x^0MrZfY{$
z;4aSyn#otBQpOb*a4)*g*3_0sVyrfKo?iA>v~7h1$#W9vdzV~*rS8I&`w;H<aB3da
z<E}pZ+nM=GE>cj75=x0@x$p?W6WVT2cz>us12BonMqlCX?CkqttVDTIeY3C*KeN0o
zwdygMApz4FXOe7D=gkKQsxdvDz{Dsj*g`3t?1QxHM|}^X47Idk3kT;H!-xbqTY^05
z!q!x=`WCS9&@)p!v}{VJZy;4^Dl!5ryOh?aR_5d%sR*ElfIK<!$)#`nuLZ!kl>z-f
zESW6>OQsUq0r@<X#I!as{@6^_>%V1wvMSKvZrCEno_66-l0jfX>a64=tmp5<Yem$f
zP9mq!hBhk`9yhg2daG74lAX2GqE51r9K@2RwnM~xG`4SOXz}+sy53CZ!!2_!UZVaQ
z%kJWqcj%ItqqAdCnW`JUQ)W3hBqS7cdyVX{!zM*6(#y2)MW)lZHcTy2Cgl<425UE|
zht;{w#?R3{R*wUdTr?P?JpW|9T-w@1=~PfxpPERsa&8xn^_=sWK!Q|BKNrjC#d<oy
z$m!Yu&E%5jG;~!`+KRE8*wQwfa9i;J6-ER;KVObG(ujrUYzMm9B6`A>Ma5`zJxBa;
zXq+D&yj2u3GJ0EzT&e{`>E6tURS%=3Z@(GjV|P1z)@!?{hs9=-gCWNR@;RKE@(e%n
zSizBUm3Sjt57Pw)8ajF;uTdvtrC}}9($KT&Hi-*f82jo<aa+%HSPd^2>k4f1Z2|C$
z-rtSNLR`rnTqY;M=t#&f!fsf0;$@;b&%ulFw(aQ~-D>4oI#WY}GhIP}<Zk1krVC?M
z4#TEPD)2;^7i%mVx}CM%$KUhuN~8}S=jIhRn1vm0a}QgzUvkNe`W}93y^<AC;865Y
zLsliml(^>N+YrFxW^zoq!UJw;@ljLE>QDu2nOr#tSjZZvfj_UQ@a&c*yL{^PE-Gc6
zpRkHGU)-vwz;MI_od<00_uyk`OjMb>>5sBHI2AfF6ff>$P&XUZCAYsQ*r{RDZ$JHV
zTJBK2Fl-DXlw@F%qK(BND}+ZiZMxp)%hx@WI=^Oyvm);O`(?rqt+^7s!hj7KwYl-z
z95mP<(YNsRwCbS{JCCx-2;N7DzM=(MC4#5txO*;N@L^t8$I-Zo{GUr9bgXU1P`Itf
zc9^f#ARZ}C2JeTmwnZt*%>jLQSB-H4r|DELml08rLE*L6a76)Ya*jXn@jC$3S`(!5
zs;!9yU;_3$BagACIs(Zom&92Q567#={Rz_a8(lcSOE__0Vt|}?&Qd#Tqx}_hi8q{f
z>#BUPHu_ZZ*`)pD7+iXo_kDhT7(hpdame>CChB>2GFB|z^wOoT=x)orT5v4!b>MZK
z3dkz6hpMGbIXh9xl!Liwo9ZjL<NZ=ORPf@qFQ?bn>$x+KC>KlNiAfl@zK`WnGiwbo
z(NhCS;BPrX1jOQ}cD{$Nsp!uhW58xi;Jm#;!HUNZ4=1uh>UTK8jS=_yQrMcS`w<CP
zikCXe5Rh`GcE>3dFLVOSt3)WrZ`2+bTu~-he7s6`F%3^`yd4WGfmRnW`!_#+EG;Yk
z5(3&O|0zIPdnX$;Jl`RRGC!hCWXky9?pprr#Vf$#K`(pqqu|EkIL2guiva3tJ4Tl$
zs~|k~-2k58$3dgNnGu@%gai?WCS0kPYgtRhmoyZIBO!yFBTMnKye-@Puz8j4GYF9%
zwMrJ?$*zTyB4sL2X6xB$1)X9trES|q0+`ggLIkIu(MsWT#!->ycv$Qjn4_L#@!4a(
zc1nDu+mX#<ki_lwg1~AdD~lhzr$cx)cZ4%gbW$GTa=TK-{}$w(lsuJT;?45X))`15
zXK^#z+FY?H`jSk9C&l@+57I)(VM5);b`hnVyVLyRQbTrncK;l*J~*?AqMJVSD(9fj
zVB|GDed%zSZ?!B#h=r$JJ6A&+_vLLvT*+U%`vtwv!D`}tny=AZooCBqveZ;@`-^V*
zr;~K6g_h)bxgP|vwT3^zFV#dED>7S~Vw*2Z7<U7b8Q#eS*q8y$K7vlxvh*;V93P|o
zVI{1e{=|TJT_!(=sV8$j1wmOLYDzX0?haIAs+x9cT$8=&09iGKeLXXG^>a=)yaJVk
zk4T$6P@qbaQDE35wX+D2uK3RK@Z<8&#x-Q-NNd8@?B4OCDKt>PVZZ5??_qjtp8Z>A
zW&+xRC+VA2E>;Zz-^|-0CMqY`S9$3iogQ+cR$H|yWq7N{?MCg}CT$1w|K{H~zoAI!
z(VBn%<_)0tYa~DI*1|--YNxz49X&lnzg>aMa|36}Utq7Xo6O;xL7=;vh{#1hheD#w
ze3RSRBD=j-dn*5Qa|B>23v~?-Kqp1!_7Rhmy(5z*lK(OZC&H!YJ~J9kKIGq}p)RW{
z5AQu|+a7<g-=>kDTw2j0>fqqeat#*|$ptQ!UO1c6>`eu-e0(6f;g3uAJpDGm8AVpH
z4C#9F`$7dDdg0%48hkPB^5r{t4*UFia%2HxmyX_(6`pPEieRo2Lq&%{T5p>??`}Bn
zewJnJL<XkXi13i!dxPFL;oNd^-}k9B8!((VJ&#AEQqG1x`h`#-`y|45F2|4Qv(2&D
zrqfefKv00_V&Brzy76w4^N39>%I{$(1v63rCYe>dY^{>I$n;k9WpY_o84CnMn-jx4
zYjWqCbh0GsW3<cykR#z!QR}*rjBG)9Af9mfYl{%G7gW(H<2_oB%-&+ihV^Yja2J6#
zsc1f$iBt0Mze>yT^-ek|oI;*9G`j6gWfyC0bo9-<Kith7-R5~_U7ix<7#Q+mc1mJ#
zu-&*<#njsJQ3#+ZGI}l!ejTLi@YxPwPd*7m&i3^b{U!aG6>)Fx+pqTc;IL+et`Ldy
zI1Wxl`h@5)4i){Cf2`S($*T+tc@Ufk6UY$sKsX$J5cEjbL@L!%3CS@&mDAjCjy{vF
zvC&#L;UczuPD{QNv=*<Sv$xuei#K~y4C+%q9bGNOTegI>8yxxi9>QV9m5C|6GYxM1
z>hP6-ZAf@!nwqkD=X8pzh1f(q&&DSl=-us=$4#-ccXv8itqRJ&Kj)Zd)E%MM=!&#D
zH>cBh93%Z%AO*Q@s)$E<`)Dwo&jWZwz!b&WcCO-mo%<DZHV-~Kgog+W;KjFGF7{FD
zX^oC6jq9S5-;*im3;n=KN_sVB(P3m9lSa98T=Bty{&lgYhGzP3m%zlHSPRE8Luj+9
zxsExGV|5yQpZ|O=IM+e9O?SC3TDF4y@JT7=#jgqwo_14tk>v|5SjriZR3bAQR1M>l
ztv5zqZO48Yr@TA+O>#bPf^)!M8!P2hU>*=xh~Ga6b}S0R6PJIX7A?<Yz!;X&hpi4t
z)K`?3f3kaz;&a*>q#k$SktNYROKr1qc<7wCHdA4)+r}5LZ#&&0p`M~?UYzIK$19sU
zudVg@8`fxQdu=IJE-Kin!&UKPJwB|$l)G|xWWe!jhdlJ>hjByxX0q46vYkQ=kt?{2
zN|J<v3hOmR4zcsWC5#c`?l$tVFH-PQQ;^%<Uw3P~I5y2=aC&c)>?Y^lx>eqou~b{8
zloF?*H+B>D>EK0On}5LJ>Bh&?&OTe`)*;tR`uGN^Jp1M(CmjV@srHHYaaA`J(){<d
znsfp^S7nod3{o{Fg^zCSZC<M%aU&w1&+sjG_rdd2EiJyjWDYaMg_8XoWFkP~hK(;6
zdAiLmdfM(eHlwD4*Doj)S+(kIm=kr~tAOi-1d2a6y)K>HRwt&YXRglR;u{&HPi)Qc
z+1M!gwxCLB>RDt^2@Aw>OccJo{R|J_saO|3zr_hS0-8zR>T!bg_8D5p;6dduOl__;
z)&Ek8+=sGyy+47=a&qPrH$3~gqUzIKm*&#d+gAz=A<(n=yZ6j7FNYSwx%v2Jt=u=L
zb$P+jf?W=cmQxjb31H8q-a_Nf5Ii`*_J?4M%1~?^@{ZSyu*BlU4Q-EzRBTP~tl01{
zK9iUR5UE?L@nX$RYxT`aN@lA~kI72j)MTW}OXe{#I1J5!4m-ZY>x~#I%+#1uS<kKo
zlr%-8FKzM7{IGaAfRUH=bEjgeT-(-&5IKa-DcMIn!$~l^wH!C4{czOawL^ApUsX;s
zp%G2#a9&xn<wN$4nU&<b#P%9^C`hRFo{p0q{Z|+y3m<iy8fww6ig$Hwn2NO=OqUUd
z$0)Y#YnD($q^;ViLGbY6n^8o<hlkE*R-iY9StQR2($2M~Q>En{t>+r5oHj=#T!;ax
zj{?Crm)lnoMtI$7Kb_4tM`^mWYNTC~o`|rRGa2Az>ZDxWr~(_=Yc9Cx=`E9o;NXSe
zE%ge%7W0cC!EL#bhT7ZX?_$_}mnYk~TC8+mbf%2qJP&R+--c;l>DO5$*D48|fA=f5
z+hu(Q$s(!gnE<G+_-t*OhEp_lS*modEJq3fd}9}!mRuGEy;eGK6@S9Ed(Req_JQu(
zCp~`HF<xi$8j7teaL|aK(!v@8w)x%b(}SzN4^)z_j^ns@`%2#49z1s~j#M8n;CmQ1
zLWspstg}RoakZ*D^Y}7?HVUQu#*YOuPx}CZ<M{Nt^#lXve6w?M)?8WniP%O)M&_f(
zPqV5oM%F1miGCpcVeQe8D4F7}h!Up^ZaB?F+{{u*8jZ{p%_qc{5iBj^6S~#6IJZjo
zZe8$ud0iNzOZqGs!z^Bw7g84W;Z8T?>Uaa(D&(dsfu+>x$FeVP4D+J9C?jIhUX!$}
z9?p+6latxFx%prCn)t^hB)HYb@bqp@=%82ZQHDGAW4VphIpf(79THnMM_W#nw9T^d
zn4E6x^KgE;hg5x=;ed6c_6;}BuZ2It={Q9)#uFcQ+wZ&`hCiT4hOupYdA&gd#IV#E
z$(K!(QRpLixuN{Bzaik-P_qOd)=lCShe^cQ!(}}$iehvsnOfSEJ1JkxKwC;j)81zV
zVRM9fUO2d2CYuUiEP0(yYfFZcY_d|qj7RhKjgJxrMyE6p_N&kIaF!Oj$$gkIy~v<5
z5w!G{MzV>_c+PZbQ-C3@y-PkNk<)hY{4yvXb{!Y17^Bzf?zY?M_!I*7y)!4?0L!QR
zWRSNdLh)rw)tU26hceV)McS5lgR-)+yN-=pu)b0&GbMY6TATvydJ7N$0dq_ubt=4x
z_HNM&yJu}6+u4#94zV?;x=G<`I#*Pi4AiBT1SW?+f!8_kW4Xta!R0Ps5_unm+{>7o
zxM;Y91?JbzC?W#nW-5x>i)m8JWHTx-H)@pQN<}>8(V(N>-Z$12yt+A?)wstrxII0_
z7k|8@U8}i`h<Jr~2S-BH+!kLo?SDWq9xI4}@elri$LB>0fAojq#Fa~$&nRjsO;+6$
z=yUTFSKG6hOinPk1aK<URz22c+IF8^nRTwWpV(QVo!zl>^B79wyP8{1tcY&EtJF+Y
z<XK%^O=f+fbuo1lZ|%N3QB`_w-9<oF$~W_+&B49ZewkKT!+uj*cW{SdSBi+y!uGa6
zO)V~cv(6Wt&IrjS#DDLlfwp8fKAFCMIUV#g_c3$@IH%8JL-OM9V!EviVa{kSdd$rL
zrSM?lXDD3WrReG@5wDl%*sV5(Khnl2h+K@yvV;VIujh`2W?v8AK9EQ)z4I<}#A}m`
zB&32Pzo#KZ-|`U+L`2lG=NMP`MgU}RKn-5a7CI14Lw{AG%Hwr3P;U&!()GMc`cE3+
zP!8c}n^zBC?35iB-2pmmrsLCxhbwShRa{V8Qm^VX{(5YzaOkJa>E67o0_R>MG1uth
zF|I<2LOGncx2xrobBX#c<^u?xG%<K_xxrIyCb=1p?&i-oiwmD)EPg2h{W}R<W`PVU
z*GwF01N9{YoYB~~gF^{e6HKKdgL(DYf1$uV@ACZKYtfgQ@KwO0^S#+cPII;1airBB
zjm)c(R19Z5=Ct8u$ks*5j4YOB3{<`*ZhJ{yW3Su*w3V!~iUd|H@$Jvq+?Fnncj_iO
zotj<TMr+L9D!P_Gd*^IbFjh%H{QS*oej~X9eLBr-oo#hhniGKsFT8AGAir-qJr797
z(PrmB1jVg&c1?lGNlJX1naK!5Hs<DC)o-#&WpZ=(kL&-!%Of7H_;<wlL5|{yyzygn
zG2TJAdhBk%7kq8lv$b}yX(~C(kJmiNb0ud!4OJ5-1ZO9F`s}g!G;V_Ew1g32r#rno
ze>P{yOmUMuvbNPuzN^C=tM7h+w{61fs&7<sdpsT+p1M;~rFsLJNU17n&`e+gZh=sc
zS057t#5En=k-yTx;jEbYMMCoEbOuLjIWZhkqq*oST}R8?d&IL8(w1OVZ8K|hZZ`mZ
zi6a7JyhlX650}Y1X<)??2cfL3Obq?VZ|`nzR?dwgAG1F512aMvJ@&mWE>mq8IQoGF
z@SR+w>Q>rk>Fh<y7@uGhUb&{At~BX<SzMULG~eVLIuqYU&IP1D+nN}&YI@CMapMZ-
z^nLQzNQT^@NBZdIqj&IAzRmr8cpPacz}~^qN%}YC{__5dae^4=OVcf(Y;p5;3cI6v
z75ihr6u=>?_jm$eV{c|$$$k<yMNFlL(3h)@naieTFRfLsi@AI*djC>-wFn>P=4M@v
z48@DAWh<O%3Me<zIq`T%w`IXrYpB=kl5Wpj+dJ{5uPVJtY0sf#x_nU_C11$om3yUO
z3lH0!Him`cQ|Qv9jo7-nKHv*<fZJd^0lz$ki@ahA@wb9kW6THh8*V3R8sezl3Ofhb
zDxG7pEN#-NEhmL2WS%`uvlINzgkBwr-iC%4;IJp}I5Q4B_S;#Bz~5{^aP(}*6|sM>
z`Ee}y-Fdg(*yp5jcQNLy35KcsiBgTe+(-cyugl|vSOxwOkTyiZ;xUQb$Qlv6Vy>g9
zLeqRntW<m99<OS@@LQd$t>dv+`P?;sDqIZ&%z|cfLu?imQ&}>T8ah7L!lq5rabAeG
z-+e}bHX2ulaawQk_R`?xPK2LIbxl+V305~}qB~9nkkyi&P)_tW$SqXb`;}={jcUC`
zG17;}^H;M$&J`>%XB@;&;a&vsfu8H?fV<6Ji`(Jk?EZ7eTjJK8@4;FFC08f#&;i9Z
zxDA8h{S|YA?hEJCwAisx-8VI7+RQ#`Szwt?5$B;Dl~;NdLX!~2-0rN@bqzf)t}in)
z@$&v>@GOQzyZFyL7ModhT5_-B;9g6E=W6JKpV#rQF}Nkemv3^(Nm*d?`{}~E3GHXM
zC=SQUQsS=2u0Q+<K$APu6-@#bm`gvJ_gMry@MjjWNlnLS<w0o&6tBR0{LMeU_fSRr
z+$!p>GHY*kzS!Y&*`W_4cPR=_u8_Ny;fD3I9l0+4l%861@wxi5p5-U*&*l~ve3-is
z2<}Vsw8PPdhQg|v$IamYEof1wi9iXxrJ8c-+LnJwew#70F4^PXg)5uQ(QRV@laUNd
zm(Eh{?Vx955&Ewu4Q8zLmGPXWAdBC<g7HQqiCB0^qUlH@*($!47m<*~nNMkfODoF|
zp%L8+=-S{^%k+qmAK~XZFZ%R>RHX}Yk&Jtsa>2B}8a1U-BvntF*}8IgS<tuJbiG+N
z2`MtqsH&`msnoIY;<u|O+zZDQ;I3eFc?+)+-!dBpX11luklfYPCVFWmb1MUD#VMlg
z@KqyzYid{vJWx0^qQbu%Tc>S1YPmRSWg_i{qfO*5XuaW~p!)d<I*nZp%SXPIb?qPO
zgj@jP%=ob-8d-jg?+2WP%cI{~R!z$Dt*u_AmEz_sn^)KMjX&DwKjJIEU)iGd97w5E
z<|fIr)Vs9Vp3#wb>%5pDXYp)dqr%elMuv7`wR-AcJ>{&zA7_{A<&iOvnghJ`M<u0_
z2(X=zo`s0H^{S}PGFCNKZbFo2Jf`Pmm&(O)#f8eS$~<>!f;BtF>)el8KgRU5&Bs}G
ztojXO3vDX8nSjj8{fgGK^B*8W)6*uNyi8-sV~OR+mBe|(?yj#upxJ(fyYMwS0h<P+
zfvWi;9dodB1?T=V=<7=L?z&1r8po%4n2aLwr)>t>bvbhC?d^J#p6@|W<gX~d;?EWz
zKA9J$Gaw6~w<IhQ3hB`*q^;;Ws>HuXpR|xCu5m~=VJew;sx@UgSTe59m*Nb$6I>rb
z`^3jf;P8j-6Q=M+#KDI#&<8q?)u6$6pM@8D8W+|b=3+IDme?;xVU=V`V%A0^hno@a
zX#i|k6T#{gvE1rqvfBMCDRxDrubqeTn<t6QJt?`Lm$C#}l)|Bn)vjX=Fw`=vJbhLD
zjS<88-k8?R&iosq^&+?WANfmQsv~6^$$SD{UdOqrX-#>bR%L)^RdiA>mw@ZuuR#t4
zGNJ{S>n@juL_@0gQZOCJ-ySGmlJO}B2c;+IAy!da)P6-13o8RzVvTb#r1+5=`u?Mf
zZ^@j$Qi=lMLk&*RQ?Y58*iER?X`~a}ho2q`>hqheiCSPzk?mfysAYm0ZUd65-AX;%
z?L$4Q+r$g3zU@Hj#s*Wl`VveAQc^Rmw%5vKjBs;%HfrESPuzT~^~4Vv`<vn!7#U~H
zjSj(aW2KEXJ5!=s$5ylhO-XEZ97`=YiS_04EZT`lRm}A9F@F`8uFSo^xLP9lEyyU!
z5bnkzU1>QQJV7__|IxhHM#sWEqL=^3ee|0Z=YmiBja>h{S9l<OwK+hYozH{L^R)5e
z0<)s(d1o~C{%Z>5KVlXHB*Ujawc+M*Y$)Na<Bu9G`tF@{;y>ctt(OnNi+K;f`?Zch
zwA=OW0e0|!%m5NEyx#l4&6R9hu<cx%mq&9n`0A7tYH?x#Y&6Vg(y5VFFVj?Z6pITA
zMQB<6BL3nJ!}<jENfBI<S`?}1QH1T$eowXilEwO^nU#$L*M904p!nGGsqGm%xB21k
z?D~I>`*&IQFAs8(eDAge>F983*}3UvW>Opd8Vmi7zx?g;Qbd^`;;=wGQlG<s*;saN
z=_bRRe<THeS>7+rtTvn=JGXLQhu1IY`JVpjMgOWQf0+p0<WxdbgJa=J0FgMHIN}YA
z&ozH;zh5T!yZIW?J8??D<E-`|?u5)2O4adOj`tT5{MHnHNb{X3F0?x$TF>iJ3mwS7
zh)oEXd(II1&+GeD^<`y0Mb)BbL_t~&xCFei{jXRchzNJ2-rsY;{gj;rQVo?uT}5Y#
z^9p<I|Bv+lg+jv=XsT680PhMl)vi@%KTp!6KlbkbE<qpOAc|msz$hZq(ce-3_gj8H
zoAu#o(6hL!=jg!fyFg50o3MD9-zfKwYaLcX6UU2tjL8&7yhZ%E<-cOyN3@3Luuh|H
z>7fO$aY3LTJr(^?z^{b<o6mooHQPW+%i@PeA<s@ZeW5t9jQu{E^xVhXeiy%L#eeGl
zIO9{)XFp~?cv@5Co2(Ii;8VEdeE$C@IRF;Ol@@x}4=#Mz<72OPGykH}hdflPxysLz
zmh%PjDksH%RBrvYo@AL%Xt2puc>m;!sONb9(!>;FXcY9Om$-(W|4j85s_z7G81AQa
zY;m<TI(l^7v0DG0{E-ZTNTZ0L3+?0Infmv<oCt_SVvS#}3-Mv7u*cs&a7g@1c!jN>
z2rE@QE~)uvO_a5VR+Lp%T-4K{1i**kt?|qHz(N0t^}ii)C8`HVt3)`;e^2)Z*WL@a
zQh(RcBOu0D6{VuLgpJ-kiQ8U1G9Lc-`gvcx&(fj$w)yNgwg0O|6E4SvYitd4m?r%c
zuPg7rFYUZRdJ+fDFYML%=l!etG{_{o3|ysDVcbFZAG61G|I`nj)c>=zj=x2;$ks8q
zB{qex`x!jFMI<~;jkNj%Mesj;g8UGC9Y~^nD=GS&{8?mh#M9y6+X!ud134o-u2>_P
zpmYG{ziuj$MMQ-;%Vf6wXS`n@_g}khob18+A+K@vTpudz1@5X=wNl%~n)Z&BP3wtb
zEjOc9MCzxW=-idcuULs>$jCACoO~7TsoaS@_uxP)xVw))-xEiJ6#XyE`cs8Gf{5Fc
zcUwQ!KM~oi0ZCO!J#+=WJ4SOWHNGv^_7bvNxk^~Sb35!cwW?mv@KCqrR7|yh+QZI=
z!qU3qz;m7zZ9f^Lw=;jRygJfN7U3PM^Osziy@E4_xIfn<=byw`_#xH3CYHy%mxw?w
zJt}(c$}@`W%{sGas;iyq$TY{n#+-HVyfaDy3=OBO@#o&xM^evHI4`b(Ebk=XFU92>
z1)h#JsWJ8r+E}z;8q2u3HCn*~di63bW@3QVF~R!14<THB&uF|dPW0b7^NXZr4WhZS
z#R-T^WA<(+!=>vYxA*!%QS**0YpYIyLOP|-)vP|d&!-c!kHM%g`4rCR7k-!BY4dY#
z7{*__<k|Ke?~7!Fc~S3i7)t9u1^;ig*~5=GC<-*9hllO*L=uD|(>dR21!rn4>EJa-
z3Gf7?^i17=teFG+b)0zfv4Y->k)fUxE=#NVv^0{&yW7A#c<rE$eJ2R5HqqjT(A~u(
zQL5{D`oST*!WRA#9WDknCH?k!GkBMB7HpLWg<7lVDZj9G)RwhL1-Mwy(4>MU)7(ze
z{(7;bRsyaq>Uu_5{<9nY4<3DJqWO-rx>RM9mqo`Gw|#0pZn)1tyXZ2jpRZOr`SJt`
zf3dD{vtZFZ$3eHVBSK1vg^@9qZ|@vpf6*eC&od>lDvrGR{rSZ1$$M|FJYcoeG`u`j
z?!sHL5_Rf+ve7pPB0S}<%`yK;6yFPXJ+Whfl>0k;z=@mSpQdJt6C-g+9xAP9lEixb
z?xS1^r!txM`3qn(z!*fbk92f6)7wd)PuaXLr~`kmMRl+B%treJp7F0^^MJpsQRbTZ
zMi!2>fp*PC!HY5@-*Re>8##z&#FcE|iT>d1G~2S6S!uXX?Hti_8M@=fLe4nV2>jek
z2SeN7-mz{Xg70C)l~wZp=#M`sHe88T<PQx_Vv>-^&Hsc7OHoyoR9fg<2)$cyu3xEz
z7ymEXm6riqd5foOEf@9nT9#RW%{JjW;9ah|a5;iF#;~h(6mm~#d?wAP@wDv{6-r-+
zeLa7;e9Q8U#|)(A*Ng}C(pET>Ch&~Hqx96sEFBHS81EOuc5u1lPBR^l`zI~(Awc3&
zV+$5M8H8Ef`{;r1A<HRQULTipWjcJ?Sg)}5tNDRmb$QuVc#5c2n2gu;{jMWiuGztQ
z`F48*DL8Rshni+^|G6jtuI;$&8j$~aBaz_-Il0YqaN-)}gk|YOl3UbdqxgR}11<Gp
z)cIwRVApo^buiMKnsUdBJiMI70@%z@JFW#Ft)`{nk9KRa7-gru_OO6&pk5qdC4~s$
z+JDyR#=H;c=m`kI+2Bs9VRqUkHq-P0vj4lO!2#|?%9|@}r$n6YWRAkV^7`ACl&s&d
zd>xQ7YINa~TL#`-ohINjr_8q1ThG$+xx~p<n@j@|pu|t`VG&4DsKQxwaEeah184r(
zJ5#Dhf;-do*I=!Ekr&^b!?Jdy#mTlq`z%SF@AZ;wVZ{H(*joTa-F^S#21u!ZNJ}Uw
zDIi^f0@5Je4bt7QiXzfTO1JbbT}vp^DIiOO(%nlh`@8r&&nLb!pa1-47={7e_wK#t
zp7T2Ayk6%5Q4%YWaD91PynXDbEkcgcb!NCt74bgPj%)Y&b?l#yK)lp_FF*2s&FJ5_
zZ$0{rRhEcH)&2WNxKZ@i6URnzV%Czip2|<SRa4nnX{AJ^7_muA%tRfN*<s-=d37^r
zauDJzwdsDjf`@M>uL7#DzBTdxK41n!1*TagH|6L*>_Zv9ZrdC<b84$#dz^+)zuTf^
zW|Di-ypP?p=bU{XgEm?acypc=ohSGHH{xBR2mRu5nS`t0(Ik^K6hoP`%t~+DRrZ^B
zZL_PI_&&XXSmz`IL71=m4WFmIyT-yu0~M(47@|B~DA0wCdlBHbq${_emT`L_@ZWCp
z|3t-TitAQc`aq|8$h>Jy*(=v3DLAzKF3>z1`8eajTkUDWI7g+sui3{WRiGAMpW=hU
zbsDhS$xp+y|J&Jx(-N3u>HioRXDRlt*z<`9a*-CvaDVpf>p!yqs_r}jjJVfW-#k2s
z@s_TfFZO+R`})+6nbUc$Ol#v={%t4kNMjixG=1|FSJ6NhfVq5PrilM!i~UE)0Y3uG
zladMtg>VDVaitm4F<bTV$n`!8lys_yxHY9J;SEw~m%VmU`YH2Q$iN#;uOdFnDGA)I
zS=o=Z=O6XK?kT*ND~3T^RtX-oV>f^Jzq2#r6#}Qgiij*bwm1Vx6%TrkPiA13N92Ng
zHw1wUk0zkS)j$Rd)0jUaIkNoyys>Y2&*;y9>|<fib=ou`kC#=+>@9xnaym7BdFEDD
zDH&f3Dc3DC^~N}WptPo6uiPb`&7h_gK8W+j>}Y}6QL0-L{cp3IAu0&JdNUd-h?8zh
zZ2*DLcEdt}llS9je0Hy&?&jbR3(Y1|;NgDdjrTk@!)gC^WE$_fm3#0xykN6!@%6&$
zP*ZVLudS_PsSaF;ghTgUDVg{G|CkcEUzg4G$3SB%KW3$JDKkaf3}Ikqnv^O_>*Z*X
zq^?6Zzetg-_fxqRSu4SGpGkLaG^{q`MK8l67A+=5&+VT>+9E4c+x!mGz<II1bYqUY
z%BZ97gA<)wruu)VQ2$}Z&pL?6xV_4#a@@UVa`FXX*gB7io(nEy7)ai{jr$Ep<B0ff
zjhQE{`sYMTru-L}Cj25yx33=Vy7jYzi(0i_h)YnsCCzPPc;c@8!7@9y@3!A#PEJ@v
z)-dDM%CmqIT1@-!{}6Wn<N04XB);k}lSbWvH}X}!iXccFgSRb|rnUi&u-^V;P3(qa
zohG8h(7>DSZKcQ7RBxK+G=uF}>8A~76XV<DHO}M$+D++S?|;A8fcrqxCWSPauGXU#
z43EGRZJ02cEzQg0wmlL7fnLV`POQgOI8wiILYO$@|J%!X;M|B0+$RIT_{mcyj3tBl
z32BA-qGIT$n|H|`f-Xv2FipTq1k`}Yx#de(W1|N+5{X^gaQwup2^Bz44gbPY?IW%#
zF@C25=X(gk6R9s;?H$he=bbr>zVbn`m6=xP(sSxJs@FKqZQm(x)s9Y#vpa$cz6DF8
zLJ1bl_8p7;f6_?)`<NE^f@6vx>zQfgigQ;7=nz#YyMcX$+G=Nxw5&&q+~u|$CaY8(
z8rEtnEEP=y-Q?1?-}gwo^|r$88v3$A8edElTMZ5Ew%4r<MT95vTkjvw3jU!~*j%L#
z_9}V*t)%|1$Ga;(Gh^2Jj1KMmz#bRjUhzejC=M{kNT$Alz}8KDI_{03t}eC^UTOX#
zQv%G(FqEW%>D6k20TPTkGUAoJA>Fu-MldX>Vnch96WEQcqsqky;><ohq`5&bo&-L-
zC!_t@|8})y2iRA6-|NjvP<T-Gh0;_rGW&`;-FSQZQFKV4%dOug%vU>WLl1VD?h)?)
zM!p4!7^%G*^W{0Lm`ju4S^AuhxmFF*0i@zUe@vnU`_Ox}59Ck!|91*sKzAcO$mJ7Z
zoZ@YZ6p%ZvTK{1G%b{nc-vbCgA0L{22d+GKiL`6GP5NKnXM7Z=FP+y_E923@yT8uE
zM-V~GO_?br>RX=-G56FpE-(EPWoR8hQs$hKZHx=vlG+;?jsFUGnVMJF09TXZ4>ovv
zn=bPzA8v7$R@t`1upo}*eaIXvu#59ILVET9yvD+t7oXyA1SFC;?OsXC-u$nl@GKNV
zJ0ll6di~FDRbbcx5+FbD<Xk1c7w7D4084-P?r#wCQxLcpAqd7D(`$YvBec{!vH!`P
ze%3_$^(@y=gz?s2kG6gUa&0}lrR@$$LA&hmAeZE8Be(xvt%o2Va==!u-(Kk=<#R{h
zCcFOEAO5yGf=6G^-t%Aovw#%$t`o;q_CeYKq}4mVv9O^F1Et64+3U-HCsQwzfCcwp
zThrdX;b%gGMIZX#CLkPiZ6h`<FiGhTj-!2!Er7RV3XZxkR~*k`;gj2c7a&CGfc*?o
zYl~8G7>)lN!RjpgPbgc4chA_r0#8i+%U>lGuB&A2dte0#2>gs34*xunAOgIVr!0$k
zDc6j~b5oeN{yXw^gBOWm6I}oE+h_jtAoG0A6&C?o7ZpFZkkKaJS=Sfdlkxns6v7$6
zI0vj|349mvQa+sgO#0Vfu6Bw$7JRNgKaOzRKg(nj{Dufr6hVamGpL4$EzUNWxAbp^
z;-Leq3BH-rUl6hvq$n+V_twq-K+kV)DZW9<z6-cepaw7W>>VB0HDMrsQ9^*=I1WlB
zw~mFLnEbs;HW<3K*0H)be|~tzi*eHWg+gHZzfZ0Q%XI{kFtO(gtA4$wiOv34R|7+=
z5hdPjP3oLi<o-!sTMI<V8W<ylP*2GL;NizLoPr;dIeJ>w6D%^xeAcEoc2ms;fEC-@
zDkYzrogL5vv&pi1pf9gF^m=V}W@Vp3qW*gGk^=c($1C~@#NNODs!12@z8X8V!+(2G
z;ZIk)k3BUOAKHDs1<8DBpS;zph+YG{wf$483|f|a8g_O`<3y$(4_lhtwuT?CizIUB
zJ!I8{hWc=h@TB!_u#oh$sSF&-be{a32msZxnt>sW$GFLGqc>jVO{ZAD-EUaDH#Wx0
zb2gif#cHN6P7llh$B!40^>u(QdXtoITeLuE7<Zz|I<_xWPz@0IHIW|4uG0b_rqB^F
zD!g>va34!e(W)Y}o34`};m~IW0`M@8ltx{8l^ItY4?Qr(;WENc{Ifyv7$Dn!YHdxg
zi5fHXt=2pbt=%*E?h)%cD5?b*y?~3^(GA~ergYTk`N#CY`qIP2tltz23oT`R{~*7@
zVPHO56whtHeqS|g-i@)^i~1=TthwSDZ6Tl76W2{NG9h9Q{xe+QZAS!UZ{}N6u5*qw
zH{{zRo!WqRY0eHQh~dhz;7uUj{W6%!J{8gK;x8|eIOcKDK_QGMQQs^o*Maw!eH94b
zNMd0YKj^C*?x_2X5Jzk`Y_#kT2=A!lS<m?&$Ll$qHnH;rTnM|IZ`Eq)rKbodKC3Vq
zuREqiyuQkdTvrC-AFF-oqI7KJkWXL>(RiBY#~-=VFCAorI@5Yw9WNU{(^y0q%MFNe
zutiXUfI-QQhhNgBugo{-)jFhs;?2aiOa220YGbbJ8y1b-xzN$LnTK2kue-}a1b_EO
zLOQ#0L08LO_b~%4HR6ADw0^w#vt(bphPjcSa_+`%TJ|q4;LjzN>ec4v^&8VQaG^3k
z1;5m>F7!LOo^t!0U)_gi_V-q2;I*sAPa6cA#J+6LG`#d(h=eSF6xM1s@Z)0;!dmxj
z7BnG4^Ld2F>)(U^KCGg+io1(Ww=FQ1&UR18{#LHi@?e`cWR}Ef!VKA4E|xg27?509
z51Bh(#1itypjsITP3*zk4VRTP&mPY?MY;3T83Bsy%uQpZ6h6hv{lqErt;uQ*+eFbw
z3SK#A-Mn07^YDqJnZ<OSv#>jK+dnLS1i3NRJ7JYUtUOc|-~B@3G!Ty?PEA>KbijGO
zEo2`)HxpNLia?%6*M$5a_{Senzcn9YGQ62eFZD}CT(Ae>yHYw9TSViS=XNwwZL2i_
z2rhYG*<(_sG!J)n0Gp==j6*RWT%aOaqTqWgdOWQ*AhN+`ZBnw@8BS$3mthd}64?3H
znRg57C>BV@r>qN^N~av){T-B%%d#xu;zma^p5l5Q9pP)-zDJvBp*bPtFEmLnE`JVt
z!PkFs%?02;@n2?JkjUzT=p|cN^}f0Ex0?kMee%p*7r%UFXLNv5w42+waKOU)&&QgA
zL$bm%QwyU)o&P=>+=<Wp3F6{s6O95MLoOC*Oaou2M20ZZInbX6MGzqpC_F9jMGrIi
z6T$4T1(#Zt2DdeqcUbr}4i3m=a5R>{j2(G6o-u!<friT6eK2{Z(2dI|^>BMs&rS8S
zJ&95>MJN*eNrw9In7(Ui+5uQz27rfb2R#wNzH@<t47%us^YawP<`9o!#6GvG3WAeM
z{i+fa(ug|JvqoyFjO{!x6@5wZ;V-=K)c8g>RGH#QMU{eRnxv!qO*t8H3e62Rx@**4
zza)mUrNUTd)+P^li0-Zppl5ZKsL2Vi@13A_(6r~9M7Se-W*xUrThQm;WiOkWn)f;=
zBWeq7(sk_ciFNMN^V<A;*x|I8Sfiw>`bp&S#EcMWd+<mYUU;}OHB~}IDYIqSJ-k%m
zGP+)HToeW?G2O?nT$Z!e$t9qw&JyY>0V%xM*Clr<5uAp<A;C|x8%QY?XhA_VkS4rH
zhg{YdR1wDIn09~eGjAz#ZcT2GZ`ki)%^r|hs5cBaT^fdazRq8rZx8E7TB!CirmS_8
z7vuJf?rBJz^0%Cp7IZawA6N?RG`dFkHXL>c$sg7K)NE=XA(%PWoN+BIt?wLhV8rd&
z3m2Z?c1MZP3p@N3Wx>)Bq&%zGh#hBlVWPgVM&RQqEq*l%ss)8~9In*jgbAaRvVYbM
zAtJ&r4@b3(x@j&6a9frJJ9{HCZmpc9wL5oGIZFIAe^OrgI&XohzrUZ?beCv2SC;7f
zoXdH>77V|+_xSMyy;(>2C++mybvYGHPIG@BV!7S~LBtIm{@3uT8SGZTW{$nnG2`xD
z=w6&KJW$uJ$!eA8cG;i8&!gE3ilUp|9Ktz~1CrkQLu6|RD!ip|AA#Gq{)%uaMt{7)
z4NV>*Gg;5O>vxUa%_#bbl^O&0uVXzh_EcI1(kIQt{*thwcvh_*_)aA048yuI>ijq{
zR!L~WvI&VusQ@F1;KJU&zP?46x-R#T@2}-&^nk%<_DMib5>_K_{PmjkTyqmUEKI&s
z&)}8qlxpw;(^3hz8z|(~IwmglCXlnjYb}aGCg7~OVE<%aXu~(4@H{QAZ|E*M{9e~V
zsX4#s+m8HqnV8XwOfp@7dTEj2TCd~Q$H%2N=e2MrNgNUo-?;>d5(8!R0>sGoVEjb7
zNP%I5#zxO;l6=5$;@TO*UYn>?+25bk85<e-;_o=aMH6uHyW)5@Yi0m~KA$TJf2jE(
zMN6?Y55kY!fk47S3NPH_8HtwGS6)rE7y*HO!EZ#bc2&w8jB3gv&siA>r0nXas9{Xx
z<v9&4V0!nInZPFm*LP|g)W#0?I%xoF-OqFoMH4bGW5hq{-3Sil4DFcr!E(0*78TpO
zTX$jrlc^VsKJ068AL(CCT`8U+Q$hOc(ak~7O{k_&24<{tP5!m~G>_!drcL|lo6D1T
zaMmMr7t(+@8uiE^spEV)?p=!`dM8QTXs+^w7yY@|3tx`Ke}Z$g4n~YYhB<<5eeU&o
zSmtJJ-OnF-u#^^~Ip1Rgc!w70c;^Gxl2r<YAS*@AmW!Ba2pUC*|6VbKP=MkhsF{^1
z<H1>gY>RLKNAA=>V0@(KVf6F6@kST(q#j*Ed|GY$^cq@$F6lZOq=&1P3nGIjCN<8g
z2I(ZzXK8u5qQ%GqfU(RY2*2>K7iOkfT(YuI*kf7{kMUX%J{KIJCSJJ8PeBT8&hZwM
zX*E_sCm?~CBrY45qUB7Zi#;;KMlrC0;|xf5Z6;>0J%?hp<<$9w2SpC5Jg3lD+dP9J
zW*9AWC2v-VpD=-0XrF+W-O<FjT;hZ<0C%}JSF>l@5k<r4IqmHGq8UC8Qfd1Va$=vr
z!p27ZSqR$ybP#e$)o1}ewXDaKJ-=#V-DFEBeNyUQF>ve0bNtv0^u-F_Y=0mo-Xh4@
zO9JV2W*r`|FvGaG-s6kxKAVbax#=H#7=}@ud(4FPz26%@0uHoQNzrqX@hH)w&-Y15
zPgA0EqQs=1Zbyg7EVc;RpFP!iy<GgL_KR7RXa@v7>B<jF2H9&$r0U2!d@))ehB18s
z?{-20uQSJ44Q)Og?k$O?;4*g2+AdHh8=IrCa`qpRB2ALIeEcnY7O72Sy9zo0yHF&3
zQoYPmf~7~ZEBEq>PU^*wKVz4}pfoxUMYT22{dETe!i%8LfIZ8-Gc~mAFU+}q{v}2K
zY2*<wMe~i*Iey68nd2JhwB`C9Z);3y9b17T(IlOTuImx)e|cDMO$C{|oa2E6WQ)Xj
z)3~wyt1-%*apeH}GIT7X%9^ozl*LiuGX#Z@<Mj`dVBm!Mbz##s?1hSBEkx|dbiM1+
zq%ACjIreTjN45mV6$N9>O9o{hPA#hI)=#Xw4;#7IsP$U^^2+jAix?ut>n)-GC`Elk
z?jz?gr&J5nfbsd!`U2fmK_&=urZn#;oMw4^=Vq}j#A?o!1T@=a0GlJI#+NuA$U=`|
zGsXW&zZg|$FqVui_euA6AZVEe_YF(gC@NvZN1-Sg6_~8b<sihNmc&k1HfR#C&vgh3
zGc&)s>g1h5E)PogLCa;l1_k+5<W%Au>n2g}gS1%#5*wzPf+d$6>4@;&l<3h_@RFO_
z2GctB$G~KQuY_oXW@13_uynTJxO=9Bw+Wo*XRoj9QVYD+DalpobL;9s58Nd-V|3?>
zq#PLYue_eRHXQ6yo^nR>(L}nBP41J=Y>rFo9jXAI>(f<N6#&%;t1Y60E9Lh7R^pxH
zLWduQetVciJEsrzq{T0GR7-+hxd-k8YhWfda4SC+E3nAlwnX&f+2FwNt{n&1Kmy(>
z!;0k{40&;S#Lp)NOP&<kqYg6A;bj#{3B?&<ln^0E%g+XNNXzuj?}Spl@Fld%`NjUh
zLDQY<S8U%DhlU|jq4k2Ck|!Clu?r~QO7oD04VLobQQNP!uqK;9B;7>4@0~V*kmLFn
z#oH_Evs(UEKYJRyD=qo>YR+q=*nd0LFD-wxj1<4bs6UwxYw~(EG+WC}MAYMqY;nA7
zM(PyBm*XC<V@i_#N)z&oA?bg<xAOD64WigspIMOF=Q@IOa(;wPKRqB?`m}mZa6Ja^
zpV9?)@|6{ar>l#S=>ymme3yy^^fc$#6_HAZV=b2qj9{YmX_F4*sQkvTMWTUCFT=tT
zqw0>xr0Nf%sLL5>ddSb5WT;hWSQs6`e(k7eF*xQUlK@0?MnKeUmEgcY&KEvA%6kMf
zPmd7#m;2=d@7V4k<L;Lj5y?}@WDoYu1<&QgK$Hr_az37Q2q!`zhj32!=cS1691I7M
z4Gr4`+i)y=>IWn6vAD--ivS6PcqyX}j;`#Tf2>(py6>@6R6xUBYCiK!)U4&?A&q&;
z-d!^GLe>qafpC~E&-q9LlF}T&dyj~XLC=--BcHC!%OjWdDso=jAJEwWAs><+O%*`f
z_>S|RY?x;e80+sc{qjQ6ib-tOEj6TW6Ej{O=8Ja&V86etm6qu@X`P=^2V0q_Xn3Mh
z+=xTOIBtttP;VD<FD>e(>Fq#cL1)i_c)RpkHmdknaW<3#SO3*-ttpRVUd_I)Pjp*b
zgW_lf(5u(f`boXhc+ldpR~XoPvbXcO2E8#O4s_p3t$3VIA*m}m8&(nBxlmKyLf=Jk
z)S9NUF#w|I&u0rw4M|=xAdL;dwdJ32i*?5<y$x--Y`{KV?cPV!ObZ<98^nkoPuF3~
zYg8|bEXAqWP16#~IM)5XMa2L56G_x#w~3VBQQCnO4Z#h^v*?Lq#daI_;4O%9r09{h
zAo>Dt(-Lbe-RPIAcX_0P;V9rXegH{qr|#+c^2Y-(@64gZ$)2&dx(3p+&ByV>_k%$u
zRtxqprwFw9jN;&Y6rr>L;&|C!+H~p#yd=YC{V}=dnT{vx{O8SSI*Je%!a>)NSN)cl
z^+m)-APd>5S63TbPc-x?oaxF&AAwkjCN;^s0KsI+s&r>cSo&GZ$j4@mHD8}u@0Cu!
zxj_F7Qpw|4U)Y^Hnf3)K{MGX+o_onZ(@sEe;_=-Ui}823Y(^QqJUOV2dg1*#&1(*e
zUH+e{NM-=ROAr57;+Bc^IVJdk70^BR=WvH<6wqxiEvG;d34Xk2nx<b!lfha<3v0ET
zAq$p|Un9YL>A~Y{H10H{G>otMZ7%Z7x(SSl>KzO?awVe3Pc+n&jb&0!n7cgU*Vs3+
zIMJbBc-(E&!k8fR!8|>w1t0Cx-v4;istSm}v|(05jdS*M&HWz_VZAr;-%nRCokccq
zokgAbe?HJ%x-wP!9V7IaRh#d6hNq%P6}W|<uKXmb3D@^?|7mHdyp6jel>%TKBs4eq
zCjIc8(Da%$ZAOp$Z1v;JMl-H1uP0S5OB2V#JvSb0DcUVXq{x{MOrL)HvT@PyN+o~<
z4^#{(ZvS1_Q&GnGNh+bUcZK*nwzl^Ysv2yYmXnJ`*TJr{P!xZxSfTdq(vyz%1-Wgb
zkI!(93_jiPjD>;5=@b(E7XErjav@o0F=ku?A?|?Q4Hlo2uhwn8*zYa*yt%#MygB{|
zF04J%bGd27?^WwYEkvWpqFy{TV?4}d<l4`B6ots7_3wF{ubVi=qcCk{@WjGL?g%gC
zMG!Aq*k#PXb3&lLhfxCnh{=Qw6J%IJa{d|+Z*rGcNp62ZSzPRVf?OvqB0dXeV9szI
z5OnDvx0;m9@aOxc{R2H=)Sr$9=e9b#0`6=_VPLqi98@_d*4Z&PdNhi<xWli%(;yd8
zoFU%;X?c27uRCFrY|dvoZEgy~8cFxvww@kCebb%4bsi=2OaYmO8`%ljn&merDe8Q;
z9@8KL*{U9Ed=vn+=?<82AJYucDuMpS7v6Nzlfg8ya`#_OvYK2e<rhO=xK`pUD;vVM
z7Y|32Yq!g0s?q)j$EAT)x~{KNPmNt9{mK+r2K(n~(Z_um8O-?n+g`I+S_%J}n1y_I
z<)qKJ;C)mUSGjTelzAcLlhNmsBg*2${6AkbPSbAyTU`LQ%3r-9ZG7i@m1Vz;D}V0?
zRUZ^`%(lNcCh{S<vXky$ONe@B<GA)v0vWz^P*9Me{yGq<inSgjBEsS?*kbnL7GXwI
z@>}8)R?9ozTMUQz)R2C}C9v7d1Wr9hMMaT0r~%x&0~;g&Z%?<^XkxmAix$EX4t;N+
zl-LqHIcK_xw_#@e!kWz+tOEI7qG$DI<&hK%UdHI=qoYm1gFfF{hV0i_A+TwLHlrgT
z<ScV))8|<#LS;9QPfe?Edu<9!jxS^l%#JsRCTY3MmhE8aEeZx1fZDabFJzYmWZ?|~
zY=@w8dsW*lFv3`m%`7qBsasH5o8mw0oC75(6E>!uim$~)akf5>SOje0>tfn7T1HOa
zPHRHZ`1;k?H06I8`+!bS32olCU%)|%5td^w>Uf58M&Y)qd&-8svGv318iaVX`<~lc
zUgCH_u{s|)zSv201Z17GAt%1~u<=i#tm{rvby=U`j?i&I=vYmabVleMKB_z!i(_%*
zj~pI;MfbyCMTcgp<2#K_H8i2IAv0OjH=#WGE)MMSn7Pi$4QYncbH%Q>(tc0P!1!lR
z^oCBVhlT;V<yh~~i8cBarisW{S<c(ZYGCk?HIP`__DBocZXL~?U(Se-_i~Tje8r-V
z(jP{hFL}rp8+%XLLrC09iP=#|7$nx@`-cg=1_>$1;L~<G+ArLmQ?k4?+rY!N!HL7`
zw^k_J5_edv!xxJc6ucD!5>NSO4u#ErL*CrM+l9}eI9l=E7Z-N|L1Jqd(+*_r!XJyD
z=49i%{R9jJ8SPL*oEM4!*!wrCo&LPwO{1^#uc4hk@vjOZ>z$k2o^hboa0SE{-xDeA
zKI7n-p9Zf<Z{xm(xINoX#<X{FXN^>o2w8OHWP>xQr$NQ!Ez5#yiXag(oWxAm(4!*#
z*Tvk->Mid(J9(7iyoK!tptm*gfoues|6yflN7qJ9f+WO84i^#C{;KoSCeOj~ZzI_2
zltM8&-e{F#M@1q=KO449^cJ~r!B`{6jAtDLRLb@FA8Z_}CC_`y*nhJTv$3H=G@32J
zp|33FCqq0ohwF3PHlrQ+3=_NTG8oD`6s}k=)e4b}xWZhzEp$m|P0rT#e5rLm;aXW$
zppB?mqR$|o7&L3;$*C5}!fd<WslsP;LhxKrjhbNL@6ORrtQ$y06>4ttkJT*dS@JVS
z7aK<C3N8Uu*gba|e^6zWX&1K}cR*BVk+N)svnEeZ*9>Pp#~KVO)}<(xH&VP5cN)c2
z2}&{c0a}{Ul!e#jFRM!$SP=sKV1Pu1<@CE-cPk#HbvQ-D-?~j^Y__x>__9=E!xlJE
zN~V%_R%RpLt!e~?fncF~E=Lb<Ue8p7+1`9R;@%7&#nJ*tW%PyxiAy;jBL-<CG(<aa
zf2(%xA?gfS=?tIoU0Xkif}m0erGr1bS8e&a!b!9>-OoBH3Yopi?Le)v@E(>3F|_*h
z9M~Ods^f0)+VL_#E)~!ocPPjp;VVs<U!=+tlr6S(TN)PA!?xL?szbhxjzM-VoIj%U
zQKsdrFqsz5AW-hp*=|9L`A+GOtwJwd2P05B5gl<O<1Wb;J1H$Y$8)~Qm!P~b!Tk;2
z-M`fJX9QkA@40$<%3o=`xGJ^7^j;%Alnu~y{t9dBSXY%%q?t#OaL?HzX4Y@=il515
zunQrT4Y?2BsOw+;4o>nYCGV$<V$~a&i!St984|mItgH)ZJQpi8URAz~NbUBLKBy%Y
zQAQA@eh7O7lSxho8eSH}+`9DXo14-f1C+B#s=o<hc4mzQkVtU8yxdpHy`8W(2CQ*P
zb}8xfd>5wm%3m57eIS=%U7wQc{^Cw}@$TGNzTF^-k{(nmnZWdckNvPUs?uSVxbWo3
zkGwnDr;}1e3fZ@L9?1upMYxx=?%t=ny<v%`SgO1HGGkWMq7ujK=$*4I6?-AEi;@yv
zlBiX)9XD4IueC7z4wZS(YT<~b&z4lNQKGk!3boc#=>`u@Y;ye1iYIL<(B6E>xxd<s
zZ+)aQn{j$V#~g!-!s^lIEg50Bu-fT;UwQH5OuyBv;O@fwbenbqD`)a8)%JUFD9G;l
z1_LWIfTnaFW2G&n>jR^Khq<vzCD51BbMpU~S}~praj#nzEN~oX(byB!z2VLn28mc%
zb4M#v=AH|Ty6j0nm}~9}ZwQJhrjb_(I2`KS{1AM4u#)n*MXP>ZBa(mCD<_=HIkW#5
z&rbvQ7WZ`H)9r&)LDxsyMbV{Pz3%0u!ryrVw4da)@=|jYUIr8r1dM8E-3s0^u)V#`
z3dNoo6X>Sk)KOCmGi8tMnXV3S?-ot;n)8L|?KzE-bwDo6y3(qRR00-1$=Ek;C)dq*
zEhsMgQ<}j4q*6u!rwnxJ!KQAfoht(w{vK7;ff-`{4G{|^r;*l*C>h@?REak1?D1Uq
zVa7%cRS?;E$J+Z3N&M}Z1nmS;7WLU+IkG|wr$<h;DHOFTBVLp8IEB}i<htgV?1+^@
zVtzk`X*NzJkpeI3PEx2R^;R$16Z!!;e5c}@dWvCupg$(e%sX&IyQPIcEBLAP>cg4$
zFp_VD^x|RWA`GV+ou-8g^8Yq32Zg0&;b@Q=MD2t8NJ^@({2MR3QS<b9dhQp`r#8>u
z_Wfg5enkp5o|m{xs9-KVe21k+A|=(aR89C7_2*yXGF0f^o-s3T<X)bQwNPkP!zWG)
z-Dg4hGU_oikcVdRk(77bcab$<S&Ql*eKjQAUI*0ZQrdx<$5>EXCY^5^Z?UL>-cz0V
zF0MD!9<A!BaJjD4a%eSLeDGJU?ph8FBuOaT_gMI0mB*27ng_WY(N4#wFgHV_J4?SF
za~IiBWs^9CfT`CVCkUxIP)4|4tan=JjK??KhCQ}OdSa@HJ?C@~%BX+!$}yklWF}%_
z^A!N@Ugp<GmJhNO(SL<P;riUdR{8~IeiBx{Lgd1$+-qyTB$Kr3GRD{2qSjvl)m4L!
z4<|LW9OLKt4&)iALok9_^wrQ4Gi07=RZUhmy7}}R;bnh3?dn;=sGv~mjMz%nrJi;h
ziKt06OYU<$INm}BGHNzMjLW_1xc@&~4<oa14467wV@rqp%;)s$8BiAI!5P+x*MP9p
zidePkOUpyGy@8yxbM!#Ol4>bm6N~q?KG{d<zpB!w1WH#}-WOq)q|`DgCNq!f_}iYo
z?jC$Zt}J_bR<3Q+QYgX$p}9oL6%BSp$nuYXS;0C(yKQ~NYg7?BL!LQb_)M?B7+)F-
z(cEr!`ux7G88hjJ@n8Ew>%x*()Sy2=iVORvmPCD7nabrp`s!XA^>&gD{OBJyvc~A$
za10vWU}A1&zN{7@Q1u~H@!=fyRV(?38}lPBGH5oAv56?p^9Bw<Of<h$tG*>aJf(le
zu0pnX@7QHUDFZ#dTX8<)I<U&sYT<tO^!odt%;o-+UISe{=E@~*c-wMYxw=+~HucIK
z)1@=!Lbf=jkNBw;?Ne_}OiXg$%hZ2WKl=_6TpU8gIKv4TlthO^E$H&z=lJqx<{FD*
z^<C8IlUrllEX%wt)-!-wq@z~rU{IbQ#*Oaf?0uoX39F(mpQy2)dIgFwOZ~@lgAA8%
zx@GGtmQPfvggu^^%6H3c1-q0ENZp}qhK>ph6!}j8KX-9qy}#JK-+M3MJbmGb{dn1|
z=`*c5p|fj+j9jeD2c$wvZ97_ZP7<RP7I?h+skYz>n6>ILQ|~*}B3)&zkvq@1@E3b#
z7ued0z7ExE^G3LC+}85Fv3}ybP?&lW6K-H%`<n24$2t|~#Wye;sKC5?T>I$k;LBi>
z>&jh1v|VoL_HcwS+;t_lbI@aH`mp|8`wl*u+POlDgOvtV*7>~JdD&aV-Wl^c!L>hM
zFUc|b0>os=;Rn+iU(~^Pte!auC%+}DbZ^aO`T=*Vwy@5b5<`*59mkhijR(7_0~cw<
z%fF5Wa^L$%^DN**j(xk~2FgAK+U2Is3GNFWcfj14v|VcC^Hd>UOd&j;^q9lTGb@~p
z)BA&MhXuJERq4I6O-S;>%NntfDaz;ZoyXxt9+A+!2$QJNCYN;it?r>lpEO>grU4<?
zJgw_#;mE`L0mtc5vDw!H;&`m?g0a(LsPj3&P=dL3r}=>P&|4}bCIv36hczW5!j|1J
zN#j&}OnQ5X$eQkWEe;sFDRWr+S4qKoC5(f>YuInV*E3xD=vSB)(*2rgTT`CV&f)^l
z$ckq*BysUw`JL6(VnrDN$(-%h22b1$v7qaYn!CfL;!FykpHcEVs65xzpP;%Qmcu5J
zzi1AEmQ@h1$J|q|T>{fuUAzANz1Y*G>+$+vOv1N?^0I~iREEv#g)@+~$&+etzVZjM
z`=`dw>^2`6Qg(h>YO|%_Wr22m(IeXkbOH01q!d;YE#^jT-?y*y)sbY_y+wlpNLxn>
zA-nrqWe>OA=UctA!Gi;7aO`hLUcpu{fT}>R7D|#+-#VJsVg%+*Cm5COnzm#di(+D7
z>XhisFo$WAY^FT*mM7NJW**D{*TkNqx(n3EwT_@2Wu6f``kTlF7puBSB9-&QHC8sx
z^w{rH3mv~PuYiSVr*E&vm0k5ac6qM;m|bo$pn*)k1C>vy38R&bp87S{4Wk<qtckJW
zXC_g>HaQU4Y?#*Q0`3jkYk$6?_pv{t{9^V!)^%8w?gUmm>S^8o%w=YwU0P7^@@zFH
z>SK$miY%Hk=J|%xM=H_6!AF+ByafK3ms7CS)5`Q;Znr>ho@Bd?755l^xwx@WtThB0
zH|=;u<t9FCEOyhYY<*sG!{-|r3?=!mMEX;cngoA-wj6wkZ1Fpd*|j;!LdH<d0{ar$
zyeQyq=GxqvG8DuwJ~B@T$#Ewo%`SsEdNep6kfe!vK2%cUgxyvzdg0s?_n7ZutVzbX
zTj%BSj?W4F-NK{hicok7{;wUakNb-QQl71?Ylle?Bui8mtAtL6$`PK|A=N7(>>f)c
zrZnufw1JIsN(Jf#6Z7{cgcg<phu8l)X>ad8r)9wFx$O<;bn3;L_IR_1z={g78jp7+
zLe;ioN{uEDC^G~KF_u_bMY%f9m&Vyw1~U@3OEemds-a*<)TU}^?x6|$ot?DlH9{~6
zB3IllPH=RqZSuekK*bZBcBzC2-Ky7*=ZX1wrz1gWC{66#E)Ek<%e&ZpH#1);Eru%y
zc`(mObRr_S{UjfZYySX-OFTNb09c-3{-!KrgD0B$4i)$NyEI~UKbycn+x_0)!?lrK
zZUYrd`3u=t#@<8*0geNJ+us-e(%!Ie=;M4)wwl6eBxWXJ@QVj`%lv2aCQeTy3>c<t
zR(kLWXw$u38}2-J2`bLPkG83|G#W2ZUz4?_>TNOF<VbD#h>e4z`n_l4e5aPHkz$i*
zFAEC?=ul4-eM!~?uWD(nkN6SEnxhA!@l6{G<2{|895rVJ+<y#qBKCWx#Ji9TsYqpU
zzmq5A_nt-cYt78?&TR~)i1Ck2_~2w$eB>H%ZmzKCWt=^0W?Eo!4R=z4rlyG1UNS^C
zxd{Hwp*iv@;2RLZFJg!OZL`;IJbw3PVvy;vnP)n@Cyti+VD8j=fAJH6U^+CX&9IPy
z&yGID@A7n|%4G>R$J<YG%8Rs#Mex8AD%`}9gv7AAR?(wgs;kjBe$Ju+Gc?eCXBk%w
zTDJK&v5xer!+nb@pDa9<-GM<8%F?^zc`EsXi>-1IZF9U&9T9y#-FJ5ue5I*80@TUp
z$c~QeVX49H@gYs_2P@N|OT7fX#=<U#7*f&`h|9*dV{CAJRjz*PD;;IKB){zosT5Q0
z+JpW5?0pL}GYuLcm+<WDY~*%#`U+VO*SvU*$`KI<Oow&_1JA-Lim~Zhf~dGfH|aB-
zgZtU3LDX2;%MT?vGjeuqNmsYy(abYxtdjbX&K~AfH~($Cd3Zgbg~|}ASBz%^OxIz_
zd-cb|$!7nQ@Lsj-7dS;)ux5f>TiNSD`0Rxk7U>(6gVH0h%3|F*4L(SgQr)J|qcE@R
zMp6<@L$BYMJuwVnC02>E4;JEyIvtZAvT0PB4?IE>qyw-_(1hp~Qbw5o_sURGK2?m|
zpn>aI$}ir)#3cYuOk<uuNJqr{?N6bkrT&Ei_W~}RRDEzm8Nmm998Uw{!T{7Q?pyq0
zl>&%7d8<)%Lk&BN=6ctaNUzJ9P;I>|^&<7hj}=(Bk~Z8Wl6H_QiQ*@_)PhHzh!UOl
zl<DiQ3YHV^Ha0EjhPyyyWVd?LGyD8cOPxu!1Sdk5>=Ldl*@b)Wdr4*=N+#kgT)T0x
zE#U?r0uXYP9*5w62zpOoq*hnpD;@C0G%Emf=G_ig2`3UDW#gx);{$p<kCZ0&4U#>_
z?{`d0nhly&GAWX0;OmY%MFT--(aAECcTJYk^=Gwj@lt=UzkD{Dp&_=z8%T+_%^(*S
zhi23$Q2F*bk>?IC>BiY~(U8a9&K97ZwUg`TfeRF5!;Uv6Dtp)6HxT#G=Xp$(D_;gn
zAvoqR{frSpe210IgUqN9kv|a-1i?2}L{H97+bTVmPK)JnK)*LmH>?fu{?zrw)}*^R
z7v!!*v2MIuR)0bw<yF{!0Q~ZX5=_og^xNL#%^NpzHMm=DJAlg;))ina)RYO#V#lLJ
zuz}X_eEO!AOC8Aw7!-QtkM%|A{1wGfhdF*Y2BlgC6Sk8ZF#fn&(35%EEFQW;u7RR5
zKyumX%uh|#g6Q9?!5E34Jb59z*BZchrmW30cVDw7@?J~k0JKD~T&wK_V?I^TukbY?
zWPXP%GEIQJ1?KuR;MG`pX5V9h*WVV%dgg&%yUq0Uo#GEOZmXQ&<DHn=CzmgGV&8F}
z$A8)9Y?0UTbJgLiX@Gm4lThg%(9N_s1yX+q9)1`6g1n8iZjG+BJ#mn{M0bG%<Jq;V
zuU8~*<2aak>^-V~g0l4~AMKnTUJu)w!>y^ovWi7MA5$(45fOzp+3xt<K$pvl)1YYH
zmu-*O3ptsT(xrB@o(Fe{8`tmWB^m<y7@Tqo_*^zNQ?qu<oFCu0EnCV|TXp@WOi0bx
z8vTJJ;}+9~n5FlDfDKh=6ip&cK>QC!Q7niT>f&HR^4XNBss`M{elM#4_V8>yUUj}y
zJ5q5vQ=$a#7qD+#?T4;Y>7u^4T(I=L`FFGE>H12y?P<a9uZ&1f4n1o2ZHyu@EVhr4
zV{=`k<N}VU#-ye7)tmH#-@Az=l8pGsSmyIdNjW3O<u{?BMu=bdvk2?9kDny3mD;F2
zpx3t=B;u&j;D&pS&dqA1g*EwXxS;ydu8eevlk!AoiB!vuA;2(-T9ie9q#d{SXj#l-
zldRm=&NqY|bt=z4!%kbv>+5jk)%1-L>8Oj+cn06ugt7k199RCB<ALY$1giot$4l=N
zv!%O~d~r~H!VXK#kmq$}C*6puP49efSNV+}Cymo}^J&3}^L=ym+lNKw2%-lqalM=t
z2P>gNIpVRi<8D=Fc>SBmuqH@*q8rIHU)B{21)pDQpl|j8H2qUE<E0(1X`7P}yQ$BH
z^#z@+7e@-eBM`c>$BpiZ=A4lo?Qavr8CaM)mg)~^c1pcSHNT|Z9S>1!oz(v59}=zY
z$6-+PKD@dQS~ZbZlh3fUKl$iGMcJzlnRW}gkFu$UDc`l^!fPFWAf$}c-g1u?{v3f#
zzP4^zZA;K_+iElPY4G;lANU-S5Vb9-!|gM%^M>LdJboQRL__6ruQTKQ*Ob_koBAL@
zm}dYpiIpFA@kVdi)fcd<ePMIon$!q=dl8&2$99dwu<>PGRDe<g>oR_*{Zs&L@kHKJ
zyrEQqS;7{3>oj0-EaJ~9<ZUi9t<x+AFZDarO^2dpOmvuPs!+e);paNF2iBwm#*oxh
zkW{YwwEi}a!?c%)wT?FKFTj<lvi?*Y6+i7=38MGPS05A`?OdI+TBxd>RJUd{P!d%-
zkgUw!cBFn$`fd=!2gSo}_>PXY^nnk!uuiekYOtcrc$8EHWL7>qO=#6D$)MX~lA9mW
zX0m6R{bfW}$~F6IFf6EL>aQ)hu5hwTwjVfOwBhXC+V?XdoY81_w&Kz7wevVKW>U+q
z#cDGEl@m4Don==a$^V`AaX^dqE@}>a$;2KLufgUR*wR=>%hsgx0AXgoQ6j)7+_Kfr
z)#T^rXC7ZlHg0(Y9W-Nw4YX^fxleo#o_8IfEO$7nQ(EaUy1z?$3-MU&db~ktt?gJk
zfPiLgUskwI=I8^mz77s5w;crpm8{fU#<WdM$v0p7jyPnQY4T0Hyq7>p#H6S$<qWkP
zP@Jp1+^IHnNWkL!F|qP+z*6Ne7!1Du`gE0H?RE9%W=iE@NF+HAq#WN|8c5TNv2ZlK
z(1{hL0Id{RPSuO!r@oYGhS>pV6o0bND7Qi+kD)`K&&uy09rRXzI@FGV#Hrs)x{^1+
z@Qd%T9O#o@DqH~GZCBO_4|$7zzu$zfR-RmZfk&FqFeN1f@oPu>XmcV**_H=ZsdDE;
z_=c4z!y1YTr$?k_g2(mg750FIG{K#<tNhO|2{}&^zSxWwQF6*19849e$(SVhs+qbh
zlWT}<8O%InKG279m)9D49OzegsqT@B7njio&<0tI^2w3qRgCU$37ZskE%W;F(d_L!
z=P(@`XDNr<*7)5e&G1xC$5m~ocCWV1x-BtrL@s*Ykz(<7iQLk9lT<$bc1|*kFE3wy
zF)LN4X{`_GH0iu-`GCkRpw5PLP^x|Z<VQdJQ`OQ>_sMEY!uS&H_#>FkOV5E#<)?TS
zHP?RebB2;~K4e!`$`E6i8z@H}#cokCI#`#RwioEv?|Wcbj6pghsp88=H~Azn|4RNs
zX@3<4R=|Iit9)~oJjJ)VL{GF_p2-I=yN&tbkSDU2o<_a8{MF_hkN-fxcx*DE6V$>)
z_ONQ>qDA)bQr_>^EccbCfv0kahoex(b8VbV0<i)E+;|?OoQ4Wj2Wm7m+RXOTCyG`H
zziarQF7BPJ+J~k3^`RH2c~`kE?>(RK)>LuI-JO&i*Q2&3cx!BFP)5L+^&0AJ#u$K#
z!WYNGh(vl3>C=7UMLaUAfz*V}G=tdUmE}zl9D5MNqklLLQU4vAp3$yhd(E%J=1%$V
z_s6}$u(&K4D^z3J<1ev?i3)wAlZpIDswzGj7VhWwmnGrYp|<Q5N-U<AG`dTe1Pmur
z1&w+V)vGN!x?MgNlJl^AUud&FEO=&R(xDbJD=sE6v6&>8{C$+i#ZvLY;2ZeYKh{T!
z*`IVAhwDDAabDn%n9yM4OR%|b(YMN88sZK{^t>|X&~H@Gf*Fi~$2K>57dT~gnv8|x
zelp?g1|cyE`!|kaULfZFP+qUrsC|W@y)JVY@i)ndf$|s9ozcqOaz6{cUt2$)CyL`;
zSm4LLYtZ<-k}vIEwu_zBo<E^`v0h9MNqEFgd){ySZ0pU2g(}m5*9}Z<=A49WQ={rI
zL(x6y0r);1iKqv4RId?ZWlEq?A{y{EIo#cgFpw*??@#QrPVRMHyO3$~F_*{mxE_M>
zPrjPVD<Qa)rn0Wh)m+8}iM+7rn3{L2%xj$)13c!1+ilrXhig2!^2eaiha*3azfdJ{
z9h)BWx{Of_ef!1doBwReHH=h-H-k(AF>=!$kEK+W4Ju!Dre~f6{dyqiLT32oK4E}_
z|JEdLm6J)yxv>V+C~eQ>dutLoOs;{6dgghQSWC}=RR{jPRdPk7yBjYkv2>cj^w@Q)
zqWALS`I&j~_1=S~-wxmRdxd-mt&PElILNp-f&`J;B%VscoNB51VyiY=o0+2OvX@Zl
z34ecff}r>ByHu1n#?aQP1N;LbInF}Xn1Jwh&;Metv!YG&wuP@9(#1DDSKlI=okuC5
zG>k_)G^&Kf|Gib|jnjjkIb=?!vK*eJM(3CUInOKOwU~<4{rKWmiqmvMcKx}z#Ow+d
zbFTVlmwtzXZ@(8Y>%i=?9?)It-EWM(xCo1mer6GvX}6+1e7cxD95Ffc3jtI8vFQx%
z+rgy}_F!uQR}WQmYUw?HJvgB~w>%oQoQ-cw8o$J<1<k!govQ(=SAlh>*x^JYv72A}
z*nJ|0S$rXMc7@*a%iy-z6apJcHa5q}su0V8)ZahkWUH0Kiz@>wlEZ?Q3f1y|DE)5c
zV5j$3`-Y%kQOpqQf6Sj!B>E@a`z4D(%j`RBojY6o3y;#(suyv%=^?82MWGGiST1aL
zIV{N#*#cq|mUZcX1>AEdVXsC5{Lkn(jQR5z`p08|^?%{RtM6Y4ultEPzv%RL9~>=}
zA#b-zVNc=vxKq#G{<$rg*L9igu+MdH<lRT?$to`B8%xXdH*c=3@g;v(2Nza;ihLl*
z(ioa1|3hWZyWV84qyo<{KGh&xxRIs&vvmj217G`6?edsIdSVh1j_)$%wtMdx^)jBH
z1YN64k4a4ve`xiklhv?_Sv#PnmOqNss%`e<MCX7wn>(1&6wikwE=?BTnSt=%P(J7r
z*{<XZ6s{`uZ^7Mxv?oGT`x#PWrcyVVgFzvLqZO7W3>nHEIFk<P*57sp_uLFFlBzt_
zR3S;ICWtFl-Wl>gyJ%lqi~67f#^I_zd~&3CBT}l<sL}asYn52HVkfYVzj$5-dGnxK
zq;>-C3G3StXEa^d!pSQ&ipUJs8tmfc5x;eZLZRAbv|=J2)7;k9!l8@gYm*PMYJ#a8
z&mO1e0cEt>*&(?dG|GRc5<lRmJ!4X>B>=USWR=cUBN%WY@c4`pv+J)K-XkFA#-!53
zHDtLutX_aQlQo<tPkFNpi!#!p_mS({8<^%I7Ep7oK0r!-H%9jEKDVsmR|Kh`Y}2hi
ztbeLh*KQ0Dd|e^3VrB?P!6jx@`z9ImUTdJ(ZSjYM$#pMrRi^H^$2{@Gzcu%li5)DZ
zx)R=D9Wkt*koEE4<h~z#NG0S(a4XF5<(rFafv}#J=`wF3#CsFG1G%wx+R&Gtkq$w#
z31Q|BlQ1njZ2b>U9-ETRAH{Gmx>70=#>Mw;w6{vuKVgg8qMBQ9$@rRIU^5c=bK}(X
zumi7pZFML|GILAniU1f9c$Aut>@-6q@iWI}Bx`c8_15<TK3f5pNm6wfRr=I@p{2@q
zXvOXL#3%|&`B`L8*KE_dwl-rWE7p-w3%He~fi`gHfKn8U^B0Q8VKd{}2bBCZz{aX(
zcI}L)&b$CEM(kU$OX?R1@=4ql1%^#$>iJ4k<Z6ng4+|0b%kofGjHSg#QQi{QFs3E0
z1y%?bm@3%bIBD%j{&;Y_X;=ypVD%hn#jqCmAtCTh;->soo1?dIFk-@<$(=l6svkEt
z{2Sh0yFT~`ILB^R>P^$5LS5z9T2JX(4qER0>s!<1@!NQ$RWA!O-Y`M#nkZLqKCCtQ
zE<LQlm(fvX^4xk1YEXzaezkg+s$I6(YYo?+-lu<iprqa0VO2J;qD<z?uT0D+_PF-5
zn10E6^+G1*G?i`T2jZ5b1*M@(a#*jz%X&n;_urSUzhLdvsi)TPD<v)$-tc5y$>*^e
zP!asipQ@();{F{y_c*1^^RNM`aV4a#d%g)QkuF2VIRT$WOrbrDG@s^JKf$5=7<Tqn
z@;J#gi3^-=7R{2+sfiG$%o7}<4m?lt#BlETBwkxSVs?rRpOjt!zUQEJR{*jdc!Jm2
znw9yv<h&w`jF2F?RO@I*CO(efpIHFtU~mtR#SmXJrA%POY^@ed`F)xGAhVE@af=(i
z!+nvS-AV12EB>Tx+AlkTEyI@Wr)q{lN2D}`2+I|+-`yiE*m=Jz`kQ<mHbe>ge2KZT
ztV_^oH*<VUj@&Ala{s}mZ$=PWzusj8NEBZ8CX`m0eD^VXpqKRC$@ie2Kj^bzf?OQ4
zL_k15hZB(IWbN)cg@%XccE_3-sXSqkV$3=pJAZ_Kb#%5FuYvgx@43W?zLN4m#j!SL
zlhNDrwOfKUgE#j)vCvJfo8!))5m358WQ;-J^yy7ThWIGV$SAVH_n1S-Z8bWKE?fAY
z-0vE8UGO!rjJn`ro}7vT{UUYp9){_j3Mpq(#u~5Y$J0aUBHs5+T}%U!yX7J}D%<S0
z@xUM(TLKaPv-|Elvom!v9S7LpCg{i;7r3#?H6@E%OAMrBkJ)0rf8QCNa3#&%wzM6s
zX)||NkqzXAS$%Ty-s03Z?4>_SwhP?<`t3V2_^gM$!wdihBgQe?4}e5Hf33eZx$Co2
zM#KXWWib8QRnz|yOY=VTL9XWB^r1`rMVzp$w2=Q62m7>ZWW}t&^Ik?|*4Fvmp>XFM
z<|;`u8{Jau_^yTLW8djs_y6v#;#vH%2{G>XYp7nS#o+vi-unf4q3*N$>n(xtxvZ*A
z{F>I?Y%!-_wBO?&jv=?Em<AGgE|yF;5a7xlvV--R2%tS&Sqr9F#(C==rn=0$0Lo7e
z@CpA~IXkM6dRHcQR#;=r@tosxP^>Ix*5bd2T3zgpef;8JX|B>rdCx-q=IDD+LS|)i
zZTJ)w6{Xri?g0}8*>87n>4ym)U1hc+AnlH{?E4HQr96G_LMh;s`B6fpbJa1;MB=ox
zmO}4-%0x^1wYop0Y<{9QnVXhh$qes-z4s#ccNF|nE)fX=Tj|v!YfMG^OX#{XNgTNT
zl_}zvS7Hgo?{q0~_}UMoff<JKBV%QSWnQ1qOnpPLv5t>u5or~uM)6%<hhg>f9G>io
zd$IN3D;UD8J0tBYVDNy|z=~2qIjM|%AuguJ{t8cL`hLl?j%a;h4)wqJtpW9o7jJbr
z-5t@sH(OaY+34+>GXoHtb>HWqj;7MvoqZ$i<3vnKWSaHU%~F7FHtV~iQ}?5W_paU#
zpsmx;#_SxN(2+>GSzY<7G^RSU&le<>y6tejnnr4Hw|bhGzwTWNc4k*mz0*lKJL_}}
z?KP*{5_%z0z^Oaf7utQ$lf<;BJg=?Bk9&JnS%YIgQ}H0x2`|1n971=1EaczF5Uf^A
zELb6WCjY)WH$vpU#)>kOk0DxvQ17>$aUGyU$K#@wPi0KGIfvCSEPBa$uA5qHUK1ua
zFywh)K<`1%B0Lq@sZer1BeU<o4bqGeKalo`(LqH1;n?>rC4Z+a$%cC0h#4PW;xo#}
z(;cJNHrXnalDOjqYSQH%ygS|f{rnM05WhyzVXhN8RbE53b`nhD&2o0+1Qs=&uWaPA
zUB41;a<nxg|L#^NZl4{ysQdcU9x&}jb<nvu>VY5|TPRP6z#Cq+7p9S?{2(AtAaqrh
zB|YZ)19{;6pgB{^^`)oGcwqax_bk9Trehc^Tf`d_7q1QUEfXj^g_%{e=`nBJk|SNU
zxd2&L7|_K@5E2qzNwj)QwT@sN?Zj7W6$6O2OSzfhg1bR?(*J2x{?)F$c3t@)h#%=L
z_q4J8O6Xn@s03C71#yS<EU{`v%7$W&r_hO&3pD%qE;Q(F196~eCBL`TOXaL%YL&z1
z=VbUOk{A4!hH1YT6z?ZgSls9(LrF(IkP!CVe!4BFR&L6$e++q$F_!&mI#tL$G?GS~
zBg_}M&S1LM-tl-LP%U36G;{m=3y~)6v1z**5#z7V@U+G^HGhv8K|Z0jP-P@>f&+UM
z7V;LZHMf>ez5xwhE{jHyiVq>bUS4Kq&{M}*5$`Eb&9V9Mt9)u5D2^1d`_wel9=icy
z#K1=>KlG(Pp?D@`IjsXbvk}}w5w{f#<c~*z1|&1MoZ=gGC>h{u-Qk{=s<NAi0qq~a
z7oT*Q)Nt4|Oqt_&6%yn`(uQ2@xkNfgV_mJB=hbO-XeG<Q0Vr1l>tBtIzkW!Uyq2LX
zvP55Y_fL3!n@bB0B<EejmqDnommB8k{1ccKhVMm(#tj9JojqNoRXi;35PCWc7b^Cy
zo{1;i$ma21={p@JP^tF^J>b=gQ&$oLCZ+q?u1THQl~Q?iI^g1%GP_G9lEKehBV}<G
zV*}t~nui`arA)T`Q&%D8;dAOvQN&bHV|8Xp50wF@QL_R~z&PSHx7q(=>?@$6-nzF9
zP!ScC5~U2JLAqPIhHj7;I;5oq0civVknZlz0i_wb8x*8Vy5T$HRo{Ex*Z*DLT6)*$
z6_`2aclO!)+0XOr<69J($)2?at2*TY`hCjMVAy2_v)T9qq&-{8jH?>1FhsNNR4JOl
zAgFJH`kwtsBL<P0>iZiNBN{cfOe<_9hJ8ASShf->UA}6`n1et^r7E_kWHrTZx=DX!
zkoWJtO^ikPK!=I~<-Gb|>q001lAKn2RGce+)rKf2qx?~E>esJR6W6~@F7hb;zP)<S
zgMM>Hm2;t(#p`ZcdkBZ=7;%W(OJU(Ki>h(?G9%J~r^3^4$;Xc(d(+&QG12^$8QRDB
z9U45hN-gJv{F8Dgl;!;%X+X}GGmgA#R#!&~20-Fej!-xo-P^XG>0(mnweI|Ct~i@x
zoRg1+4Rh!OC0pzr0`^pIVi&WJkdXeVa+xEtFgjf!|It=HKE8&AqZ3vSdjEDRiX8be
zV}*xwI;qtp<%xtW=DC(VQABR1GL;iSwg+a^WUD3&ja_(rDhW@MPAW!knE$9@x<EZt
zgZIKa5(S((LX_Y6+FvjJaO!9Z(!7d^-Umq1rU!1}^F=*gN-p*Y#n-Xo?UvXTjaevt
ztVU2BP7|Z*H!#v$(z?9VKekIuHMq=O{;*hW0X({o6m}LbUhXXRuxzk3(qxNA1eC4K
zpX90(%i3vabt9VAs}jl}`1kMg1IKEaE~<P!zRykh*=%E&ki9!-V7|kY=nm_!$v~?e
z>|!o>2DHz~Em7vjN(=_T_>sW;p=^beuZ_YF4jfOR3Wm~<a?Kb#^DW?xX`RW`Y_D(<
zTtEQSq$s?^bZEd5Od|S02jOLBZQbBoKxF^VfE|qt*i4o`tA-D;D6o!I!6&A9T5sQ1
z)ee7NO16^qZ?6rSjOy?ENV5sKc5l^wKRpaq=IYd_s-%?x=k#xX?;8KIF9c(a$+Ef@
zgpl3i)!TvlCkLCjSFGITrWIRMYw^KVvkv6<)z+GoFMR0r+K6l7c<h7NZPs3y+)ypn
zBQIilkpX5X$kx~qjhSZL%tM_A=^q{)%paRl2sC1t9~AGg6fAGnUnow^<pxe!0+_Zj
zvm)}V!$Rj#L!JkH&1bvtn7t_FR!Dg~a^G98&m*7uFTk=9HpPdntBSm?hF`w^k>LI3
zJbX|``F`}Qs!jK=4Bq`4@pom&`B71aNzvV4ONTrGZJDTn{q=|~mp$eUL}X`}*KzFy
zj-*O$ytC%n$KnN=FT3*h8lE_8j=Uq=Hvia{@hyjeO#Ixh1s-2zKYuAsbxM-9xNRg;
z=G`?6LjGm1%C6<4*Ku8z!73tU;h=jfG$2Sd3-X_i70@(-ggv*wleDFr1gR-rBP-R~
zmTHxDIE8}Yw>BA}gsayvAQ!G@0ZwXoCVWT1Jm+^K8p8t9LC8tDiB0j~KsX3LX&TPM
zw855AunyWIgMjqo?<mXyCYYxl?>%}Td4GUE>iW=#zPFmQNAVs$+Ejg!r5^Hd5Tk)R
zUFu5P#|EFITUh^DoWC&MFXSjvahx0E;-A@({}}xGWCorQli&)7-J{C}*Mt0?ZSMAc
zBRIUJU}8Q&QVLHBqB@DqCphm&9uG<Eyp7>{Q7h=Q8iO`R3K_GS510kmN84ee+ZmJ%
zgXPu1h%J!CkE^1Gfd?l=Hcbp~kLRM6*Dp=Ty=`}s=WV<zyJGL+HqXWByXVrbRCiX*
z6u7zhqBNvRUTn<IlhhQVZh$uaQpJp`oIo$240)|?gl=<-#eU9|NihU9l@OP~8w;lF
zk;F$V7X4s0f!?hJ0NYm&@kcG%hR2j8a)QC@UqhX+G0dJR?OWXPxP`oSp8=;igy<za
zIbKK$!*8Vf=W<vgk(J4iSA2ghlsWM$v!qVB)VYiB0%f+A+dFB8k4s>=Vnb@<6@=x}
zU*Iv3MhCc8$(}DH*@jytJeIpdv4y}wz;-M<=MGWkaWylA0Y*TtF0}Is<O=;z#?~FU
z3kU4<^fXf_Fj~IywYDxzxqdt#Nag``EtyGwDq5M@Ns^`8<}}wa@Q?^(1~ig%U|fV}
zUi9?oQ?Ih^8{;Jg!F{cY&%rvK+`^-W84u?g*;E9jP1XvcJJ#==2%UlU`qEC1!2l5G
zKvh6ZYy<`t1Nsq7%562i5~k7`YM93S{#Gm365tmy4#TC_jE)1Ax8t?$egT*7{H4Ro
z$csbtC2)?p@7}`r-%rfnSL{O*3e0PJ_KTPN=*&A^GEzF+lYw~(3ET18DYrDI_a_XQ
zF3eT=FU(Z(!<F@I>DXq6jRfR_q#+A3<K<@Jfsg8;m38I#WBUX(&4gUXC9L6E&UEij
z&(5e37E{$EdGE)d<?+nslf1x^q}ShcA?_aR>eZ{wjxCUMiKqa&x(int)a%zD9ca1i
zF=124w^bVO#h@ycn|4RiCN!Uq(O1c3C|8Vb;J_UC@?XzIUg19ahN-I+t4+BMU{IB&
z4CWd)e|O8P$d7A|tO~o{(*15S|HZfZ=YOAJUdDk9_+EIt6TAhjzts2z8wX)`=b1)2
zmHd}1@7*Sbf-xg)mD3)Kl;!;~%m}aGjojvM1165LV-;>8W!*OrlZBEo7@nDvqpu&G
z87{F#E-e|30|!tWe;2t*?{cX%#b^y(T(U2$%)4I&-W$%Q`pWi}5jGxA<AJ^2-I$75
z8Fraoa@|`|Aip_N@1_+|v;;EWnKvVLfV&pWYWZY+<|24463e4FXR_{WpW|tH*_FH4
z*n&jPz21XtQB(B~F_e&3q6l#4frWX{FZ{|&|Lem1@kjSm(nKm4E-D%yTVkd<Z?z4-
zj(3O2$@>r*=}QV`M|9Axs8-h$VJ40YHwlae^Hw7RafzUy8)-K;Ek2mVVZ*8{+3tx~
z0T85#&esJrvfTEbQc(pU8-Cy>NCs2DGj(D{fJcPb$nctnYK53S%NW(L)#NwOh#Olo
z$teVO9fR2lCMhcwwyTEGJ|U)Y;M71l^<CD{acNSCT;FgiA$uj@pUbC-DQxfUl|7i9
zK65Hns+`fReM1Lmj-8n$cH~@OcpS2tm(i-Sg5C=|Dk|Ft$I0;Y&=Ld>*V8TG#<+dJ
zVe))?F?v>RymXUg`lNNLM$YJQ^lDKmsl)^6TEg(oHLbn>%I<##%YWXsKmU?=8SMcM
zLKXs+i&UDJ07?c4pkP_2dO2Tv=fo6mBuFPYg=%~hGps5E<S|6GI?ZAYwq*$c_Rinh
z?g3T;Omkg6zWLkse1~|)*maC2g0-_;QYz0lm@54P=?%K6ymmMpwh@(sfMb;b@WHTR
zeLKrHk<~Q~)Zmhk&yppvG}p9Q=rlS8qtMLqo5Kz)tUr^XfL#Y}O=KBSDJ??(l_dQA
zv-Cf3Z}r%|Vw4mcbbx^lZI$Me*uA>aw<b95OczS?1~>hFnO5;5Ifunv!Uizf;z4i7
z$Id{pI(C6_uCnTwzUz2DAEoa$;1T0G^DN~4)3f!fE_xySr6}=~;pjRR-8J_PldFQ0
z5|@c+A5I++019vS{pyJ6$l`D0BAP1JA0q9A{O^3tIOuz)rlhChtWzu~Jc&e8!7tvM
ze*vmE5x*IHe-Bc>UZWAe!V`$n&_sU(RVL$j{*lB5tIT0th28m>>a6Obv{0%XD`b67
ze|3)Ph*GvGZ@|V;QhN4dyU5P~_~9Y)9=)C6!}asW{xdfGdN1l%#2}jZwI6Ptpx&TX
zVTV6gCToR4W$qJT^I_=rhgDQm2v()U=<K!1dIxZ0Z7&l0v<LAf-T86#5;xxidHrnA
zE%a-@R_ISBG~))0R!OQH{SFRI!I?iKpi);9&!brGu=mEV-0v+&3tOyzeegd<@T{=6
z#Sl%bU4|o6tne5;N+|Ho+^H?1{JCAPfnyTF{Ieh5zdS3v#A9dx-MDzl7ln(;$2Jyx
z4gKfab%%i>#0tSinTz%7E&b`F+~?;-LjbqQyT*p-KZ+Ibj$a`$TGTtg_V&+<oc;I{
z9Za{$4KdHuD!qV$KCgV|5bf7@_yQc!5K_GSnE&?ViMXRELl&^`OW%&p+Xl3iWZvS7
z$|6Q$AU}Sw3W9eb_whd~`lq)qi+>q#C%`e#01Qg<jb}x#e*Q!eA!K~L$DRJK+sJai
zupAN;M}dY4rKP1sgf_pYhaz6$(d#AJ@OKGa`Sk>dJaGT`@qu4ZP`Z!LjcR+^Sip|E
z&-~Uu?=e};jk{C-wm+W)(3WrzqHEji1V_imvctLDgnrjLetu_nnE02Csn^vmC*`A;
zgiBt#c_gm6wtT$&ZyOf+?vff=tIq`vD(y3#izoE1^aYK1bg;3TY)bi)Ffa=5+bF{V
z2sOyZz@3rr%jb7DsvUN&73~$*V4^_nF<XFT*{^N--xnV^QEu_EEg5X1lRcy)tKsl2
zF0i<x{G7DML09qTw-h2CmSr1UuklV?vupbJr%m}C%tF21S~<X#mC10WZlXhjqGDMr
z&h^Hqp8sTzyO)Z5884$W56%KVlbTy)l;P*r|KW7=suF(!6Ti2#UiV&E-i{t+S23M5
z10yR8dic1xePUv92x->t{aCk83^zRAzaNO>*eC;hnl(IwK!rbizh6(;TV5SZ2oAzO
z6g<ajq$T0>_kX<y-u}Bjetu8NW$g^Wwn$Y!c=WH^68x4>U`(qC644$<2SdjqdzPCx
zcH<%1udg8{ztPmx)H~mSJH?KT0<D;B{_?N;U<$Ij;((+zTw-U9nz4D?&mLZ3W+g_p
zvkxpY`<AKl8W@^h%CJ9v@$<Z--o6q^qw#uG2t1M4wAX%MH~+`kbJu&Chyq2A9Klzp
za&AVL%RG8aM%txP;^WNm{3*08DuI5!O_~iIyXYh9?lxPs+YY_pRJ8<KKiAtzQ@-mg
z$anqW7#W9M4EzXwpVmJtF)x7DeiZp`_a2k9f*FsZd^{lwUq(MxJk=!=*uA>F*Di)Z
zua|s%Y)5VkcP5>xt_r`~YIC2Oz1W-^daFhZFXicy;-QA$*7kF)f?Xfm^$++I$g@Ta
zMaJmjZuFerGK4?HXz9nFa1d+X*jWuPAE6fB%c<0@7%7D8!=C!N5wP%E44`v8@1L4r
zF<dOJf*tr$$QO50ZrKm2#!gm8o5xQ}OT&jEY8mvC152(!;_=x^aoYY80Ho@H$RfAB
ztiArP8|aKI;jjgwn)ReWAlj6;&&i-hCcKE2_^H~WH%j0F5~vj2J3z7x>CT<DS#V@s
zXSEK~$(<$H;Txfe_xGFMN{X?6YSfXnTI#f}Lm`uNli=Ki&f&eL4T8VQZhai|@18$0
z2}*jcy^e%9lnOM<WD+U`jR}&Hl1lA2r<({k@r310ipxB|e}7R8{HTBis9TW<F)4!7
zg-APr;%2<cI>WX|Z8PD`EE=#239~jGE&QBk&BpQO)hl9P4WSEIw&-~(B@sw}T2rM`
z@n_(JW1>Ct{z*yy6&?Sv_U?>Ayj8WDSfvnEvc`Gan=Y3cJPonKGj71A^NIFc0Duxr
z_pT^R0C%%DS2Dvh6JM=~_O{IrT1KaNDVp0|N!<~G3<a&gv;dZ#5b1?Zp}3SzFr$nN
zSOwX|yc81buPRwwI^4oU!eG@_^L|t1`SO{zv8<LJphdBXfDjHTt#|Y#(*P(CRQ#!^
z=&p8yw`_eyK1Er}3`_x_(Q$tz%{=Vec#?oqwoHn5>?+`dk+jEdN%n(QNVaNOw&^~A
zRr`Ps;M}Um@k>yYu!Xqmu>K#X>Bl07JVhZyNALinLoyw*j6v)ANSdeExf34ODqI6S
z^n+8dDHVH1i*$idM>9<A*x2O8I-8UDLJn@1Aki=l#m=9&3JyC@5U1bW<;d<o$<?TF
zjazVKi3}p-S{WQgGfEu}!9j&KFAuiMF`n%7_~w<$Ic2MqJcl1l*I32mC>2ED6o^(C
z?A5X{EXHy0LpGuYJ*=)jCR2*+*umnfQYlH_MNk&yAA+7FKWKd0T}zNN3q5goZ5%?_
zd&8snI{uZ2|GgRh_BZ4oKv=(xK9BY0&2gxO!;x&@uuGPSf>!ojWm&}{CUB+IK+h{u
zlnmSJ(CKG#{fLGzIt@x?Xp#?zI3!CBJo{&MT4cI2CyKf2h{Tk2JLVD-iBqb;Mf26F
z;>CPVLc-{o`GPP`&)2VC8Qso3UfN&I9S%`Ng__i9YEFlm@xJ9z$XAc5g~Lfs0EX2E
zpb3Lm0pl)CAeI{h?)Fu1Afxn(pw$XVRa5AR*{d2=eW|C11)A+`is2IocAM{<0N<Fa
zKVG4Pal2d_2WWe;Bc;g3;%Bq#QEgWRAX0jX5B|yq|Bu_P|Hfq#bm%m54P5BfJl6iD
z$u5n6c+<%sM=q^^={HH`rB^mcCfB5*8AUgq8TL4+x^Xf`SiYk_$}*a7D2|<wh@$sG
zL{N*1UyO>$v7C!vP@RPqPoIvEUlCKTd9(EdXt|p7iEv;u4vS_KvZ+3~2Dn{Uuiq&i
z8#YZ+6*k6(5p3nDABnE?7F~5f4~d%F0|YP&KOdhL{`7*o;^voSxGaLYN!a)tf&HTt
zVfz_prL~1G8#Bs$Q>t&#@5}iQFNoLgBJaX?xU$+8Prz&~*<kKu2wV2|6{n_++?l-C
zgzi{2fq6uD*aVutPqKDSP`|H>TVK`Hi7d^W4aT)St8Y7G-P>Oq-)Ftqn%$j?@93xA
z|2)JalkWdMjz8qCwi%%OW8J+=+<N<t=1b7@FJlAc65CQ%hB2bt^ea9#f#gWOCbnXr
znlGxZnrNN?8UmP=PyyO{ywyUdD0p0-1&vi34LoOe;~o}MBYJmm-Y-tup6qh6KUNyA
z|2a;OQp!}rsACp}YF&QwU}q-<pUruBe|^Gc`<v);P!*t*$`|Pfj=6!4vAxoXQC4v1
z*#RC_89;md_5r|SVRYent<q#laUGy7z6^fL!yTC@WRg=0efC3pMgcu~K75fvxsX^P
zOIBqt^221+nful2z9;NrwfO*$4ymsvng`6S6K%$+yBmEhX5;vawPR(L0AXw!Vc`Is
zD}?ruO1<5Bb?4@ISw|saWKm*idatg0yF1=LuWnc!h^%NU6*EH9#AE^WjU3eKfSD)&
zy4BW)I&b%Oa2`H9somNP2LoXoH^AE!tvEb&isEu&-r{d?VYm8L=wn~!yD<$nF*y=a
z;qMOQ03xe;14lL<O0=)q`wlOdLt5zX0!_QSZq2`5T_PYamm)m}#SI<o><XC%d$}|y
zp-At~JbU!Kq2P(an<Fzet-RT)<$0?ka{J)`o8xf})yhSDDBRLJLUKi5;(#C-Z%#<Y
z(5q#zRP`Q3NbCFj_rkr=jgdwMZIWXbU!qZA%ME-P!|`{u^X%4D2g}XWjy`BqzIOM%
zh4;|l4vq#ef+avi(hieUOuzN|3a+kxmKo<9+>Tn+>wrC<tB|8O^yZ_&TxKTOF_=K!
z)L18i-M$LEGzHhkU7qcLvBv2n;t|S&JCXqT`&P|b|7J@^74CT3AaM6|r)NOTg6TOC
z5mAZ+RJnBSthlX<{4t%`P#xe5&fM!<@n^C+K3eqJJ=v`9s6E#9&gq^X(TYUpJ5wRY
z%Aq@Q1Rb{H?T!MUF>oyg0faeSNlrrIR?(x4&6jJYYQA|n;HEO#sZDA2M*$ZQY>v`@
z6+B6O9klhPCS)q*R`V39)izmz@F=+2tygm`W7b7|3bj;QhYsND@U}Xxoz8mNvfFRq
zcg1l;^7GF+qQ5yms-AUl>R8ypIpMfVA!tk}=Qh1t<#x8Gq{A1Xg;FSme{htMuz-oa
zTQ1Ar6WH3jIPBK5yY0FCVuy1S%&;bZml&%k_3-3pRq*F~yNTpKP!oQvAhfbpO1;~h
zND>!jCaFkq%sJ%CCc3PfysUpsOEs#FUN9swFWts)y$7~+dO5~+*b5DN7$ER3fe~AH
zL?j@ll|9H83S1dXmwYs<oCC<@+qT+S(InzHh%nM%A9%E8#KqYGO>z0Q!s@HYp2>Jj
zwHq^FI<VC|f+Ux=q=O!Z)$L@R<=!Tn^7IadMsL3tO^SOP>wTD(bJ1lci|I*aA~n11
zY87=Ty3x6p&R2!zkYQAAmpf_>;83H?mz(i?Xm}R91scO@$|^DQ+14_v7`JbSOYGbf
zS0#xrA)((4IY8`n!g<}VfSO6DibVf>K2qy`LQK4Jr|H0gOA3L1i;@?KBarpXM{RwK
z1!2m#(j3qn^6xGrgcx*Mzn*1n0nYV#qb#PQ#2rWP$Ka2yj<&Np(Ue!Ost@fTR>3ik
z*84nL>^MAj-xUGN!f9kQgd_loopx!_Uag>z&_m0zy+z4{m>$2pfFr@%u9`%gZ+M;a
zR}O+l_JP=E)(4^A9mtZ{lXnrnJdZXX(!2Qiir&Lo_r%z17zAqnR@S<|Bz~n#CeDXP
zQ-FEdX#3VZ(C*J!Id?{*h~s!FIr%1nKmYxN#!`|kI{94HnceE1pXW^zaL91XlXBV~
z3k5tN*O1BC0%wtGj;iESneD0~xqcRV`K;-1Zq{qtHF47_gn1lj=O<@3pJ6q!Gqbac
zRYqwVXlEgY8w+Z;>7i|3NSdc)Qn*t9#@l{gotTEM(emYqt~5k{%dE-gtL%6EudpfY
zk{cPaa7S9ul##qe7u5k&s%0ghv1av*Z08|x*QCgEj?&nic1bPFX<_V8SZvTe+dG)q
zJ)7K|@3=(u-5$#_W=x|<jOsy&AT@fU`iy+6QrAN!J*FDgcsA<@V~T=WeK$9^s2R8u
zi_7^Dt`JvEnfX*UHWW8MkBwTRIzTaB-Dr^G5yQyZbfE8=UMw3fhX%E$g1PngFOQGE
zz9&k}>^Lw*>sFj_&UcPa5e|MnCFTGqA=|k}4s$bMRkITEvx}voVHIoK7Q+UJ*$dDx
zdI@^cAp(UTXTb2yWtw>O(YQl{gh0i{j+`;;fggv`DxNrrvog4(=W2yy2bzbKD!0oT
z!LJ(ePuWH%<{K(9+7CF0{%4Q}*Bbc8I0y8Wm;Z~F(D<Ncm2+3^E|l{mc*+s}B&lJX
zW3yHg_&G-kbjGkqx3tecqM2itqEdHdTNIBPaVzW{7V`-(tum&DWZS-W3Tn*uuQm<<
zerAzKb)7>_MIS1)#**yWp|LbDA3l^c9xY5VMM|fmnL1<{=ly^aPk1!5*^`Oy!A)2&
zwsPw^mKoTVy~Emv4|jEn)Jc>oSJX|>#@EC^c&_Ql8olrQ<rAN!&UyDoIt^7!wE}-#
z#R|hd_5FF=tIs8)b0bXEJ0fYN@gK1RCv!cndWI{>luj%-+N3G*EafQrGQ%<;dY2VO
zPa87!RTV?OfB*XQ7P`sMQX|HMEO51+r$(<stW?XS2<-yVXxp~i`O$m8M#`#wFal^5
z8r51#s6V909*q8nViJn$N7<flR+;}2b2_C*lEU7rmLT;+F%bpedfZ;t-Tb%f@m2gM
zUA`lOZ45G<TPS>Eydm`Tpsmoo_H28@jJ?7ITkvd^FmlAAw$Eq!%~Qp@YM}QDyoJSR
zas=Mr=?B`}+4UK>OGS^MYDT+DJ$kh&L9`sEqpwqZ?;nnu(W-G%uIhqFS2(ox{cB_D
z-a`Gwxi}!=hYtNXMUGld9#){~mI>lyf2d7^r*G4iiCG%p4T`gLt7o7)myfSNjkQ8#
zLTu)aZ>RWaJSpigvfIp47bvN0SNyd0T;<2su-@4QNpprbQ@-_r^JCPRxz^wTP*Me0
zh2t?9rv~&n9c@F&S#zw)&GR+k)d5AECc~yj9&fV;3gAv|V(#wl#XdbTJ#k?__9-%q
z^)RWsnGZ7s!M;%5Jrr?bx6wuydT~&H(M|`<>`7-`TdNH>`_mYT_L$XZq~kfgKp|t?
znPLFO9=~d;8BSnvF*ga(+AQ$j0yKumEm+lb_|M}4?l6dn9nx`NU>p1Y>$JS$i;^?F
z1+{aaHic;?nGzaW?dsjzca5KwPcsr87!aPpNHKA8&6sGl4};{y5(=Z44CAEkUo)Jl
z4#&D$6`%KXY=|xc5XWWOLrHuEWv0T*atB>uWHS8K<@!0jns9D9<3aXZFY%PmDV@DZ
z0%XL*yf=r}9!7`J7%uaVq|j{ZNJ9u24T(X?C((j^zB@4Oi0kjX$qgqjv@udiM|Z{v
zG@Z<J8OtmttA73U3Q`>+6{~|hFQW)MAf?8!-tLNJOAu$7E!R1-;;Okyt6o_cV2vaS
z(S(ZTbsXa>z^j=}h9#;g7Ed<oPNXW|Oh3<wy?1vAUq6Ao?3$XAEe-z80dTx5kA489
zYS|p$V|6X<R>1WSyz?YQ&Fx}qF`@L;`4tte*IzCz>&MO!0p@20@;wr5)rOaE)h=6a
zjuySEJ3oHp@4Dixp|wMJ)Qmc{tx3mZZGJp?ycwk#4<R&$BZbdqs&)Jjsg8_b_`Bb5
z+W)?I>+l~q{y|GnA%wYyQPipU<J!)Pfa>~#=Von+@6FRXBEB4LYTQinUv*1ga<aca
zsf1?IeG{?vB&wOdyikvCtvha%4Ty0BK(oo#(RJFsH7G7%-<TjMm!@iqG-3CN9cEWV
zC%D8y&TRR_ajOG93%0~3asrMSB94P4j>j$D`wl_6eNmhJ%AhZhyHa#?-as5|&SU@t
zQ8l2QzZ`T0O1I<ap%et%&ZEik7V2MDZsC@AY>!&%k{1*{FnH|T_94k~IPWIwwLL(6
zrnCUoA$%PXXHRyzZ}{Y|X><V<Zaj-Yf|CorL8W3Q#NBcCP}yz(b>7nBk=l4`Yo7I@
z)DuOANpR(#fU6=A029NJ`XLF-X4$14Jhm%Xfp`px!&O#)Ei&B7h3=QW{QrBI=R3l~
z;@-XU>M*%@(&TRI6-ci`79$*8$~EAnm7%>JEqhH{l+|fK6roxV-%@<bK&ef4bXvVh
zCUm1zUzXpi3?xEwb<Rg^;|;P^#rh-N1{Wn*Qf7JnsLMsVt#}H?1XR^l5~@yFZams(
z8rjdh-oN)htmo2WFhHSp^4JEpqM48+ejCZAhV_w(1h|nGldUwx!BS*bK%%L5rRhu^
z!BDP>T(^TnWo-Pb#`#i8^|-G(ijecQ5*hhKUU$}rj^RsM4)ahQN~n}S4s|k<$uOe!
zKOrWbMQw35F(%i_JBRD?9$iHa<Eu}XYUGL@bm_kC2Qg$L@DWQt2G6OXeSk`dzAR`@
zd$zt!dD61?Y;0reRH^ASn7TXfdXX(yV4z3vCF$Y<B*Cu%Du1Yhe_zDJW%ocqTtrjg
zk65=9QB)?&_z>284^s#}Z6YEUkxQDO#GRg7h0Y4!Cesc%o#{8ia=D1_BVCjeXs0wV
z?Nm+qF7te4n6A3ax>C@R-?OYGa3&R`Hi+{Kshc^iMMa9i>b-#13>bb`NJ(I|eQ;T4
z=|{5oM`b}V73MM)*Yh*N+cMGJsSw4i9m^nQr+A^io9!H~bzpD=bXX``jjKLxZ!C<`
zr2Gvb=bIZExDCa5sp>q|aWvn@jB_HhT$WcA_E6Druq=JAx3MDV=;(IA9Kzlp0uF_;
z+Uka(_)D46uM{DQt2&W=Q`NR3?@QY*Hr+OT-!$}e&<Ek=<`#m6|Buk(@1;D&%8r|p
zZfPF(6{H0l6BQU-TTPfvIIDnP<<C$~@qqKqUBFpC!Kgk*Mv;jM>6S@Fmt7N3as&DU
zU$IDVLf*${HW2M^AlTPaI{?taKK$`FLjHTv|Mo%_^RfnHAH!#e=#3iyUE9ccDsiP`
z?rHB9iZEsOuN9#i8btJ%=Qnoa7aFdJKo-15hFhwM6ysvChmjgPltLQVQ{g+HaTBo>
zrqU}bT2X$sl2c%`C?&2fUzQ`Ebw7^NLH1@(c0hqKL9BtcEf|*`TP6aiUzp~_93to&
zAnogK@-0$~tYya02h6cC8+2U_2vAr8wNFV8qHdpx+hoYmkNfnyK%<p9?xCLWb)LaG
zQ#8b+B(A!dib2hf6{Z~l^w|6<VR}2J;4-~-SpXG;bLWOA;S}Lt2mFX`p(+}(i{n+R
z<Gm5BK=yD;=%(>4r;)?%W=$R%d+@aL0n~C|zC`FYTP>G4zCo-mnUjM<`(O4d8w=O(
z;A1V?`*M^S?QnDLbTSmzcaI?NPrHo7+yW)@OFUqbDeN{@+aD16zXj`OZ{OaB0fYC;
zy_`ixZ|=BdPYycpv2E|$-c(@}H1&eVPDm}+mdJHSzatYUzm(#R$9DwYZP+jzoVD<|
zwW*p&{jO-UfOb5)>s{uK1Lz}Dk+fP7z<<OUI`q96_Ynk4_3)h|C1QQe>(`$xh34#h
z0Z`U^tyse+fS{^TS-ByFZ~sy5_4g;LHO#{<^fNv2T>kX>og#p<Q%vhWOu_V5_4Ih8
z1zMfBwy30BO{hQe$uzCj`N&EeUMplvg7Zmbcb>I_V);q}1+tJRCMDacLlzQVj)YIi
z$UXv2x52H&o4^h!k*>1sBQ~r9M*ei_?T!PIC##Bx=dhO|ijHP9;xB;jXH)5R=#@hh
zvj99Ho4R-cxDvgSRWmshb1R7HK)yA-Sq@x|DZL^F^>s9aH1|=eGu^u>5p}p@c)D}~
z->K<RmT)j(!<4N<iU_h+uX4|eBxY>^K*ZO%xu?`gtpRvXbv(5`%>9V>zSLwKJDd-A
z`(I!4uzJYtZ2GSifjaU3G+xOU7O4>u3Tg*P%8yju(ecL2atqJudihZEx23`o?@Uv`
z_xadXt?)VszYfM?p@|^z9ISQNey~%h%xS%l%lhO2%i*^$X`l$AFJ1?6)UeSzuqmR6
zswILPQv?XElEGMr4#%Lh4mw)}*((Xv29{P}(4Wn06WYyNRFZ&Tmh|?mvi2$9*)iHI
zz4+;x@%0da6ux=b^d&cYj%p0w4Xe_`g&k>D$m)*_DCMgssWt2|7lhAImO#3SlHf#f
zfi&MOf4gSPIIdFb^u>qeDR=8vjbmP#e;Mow_N>aOKokB<t$W8|$D!zTEEpg`-UON-
zlB%{P5FVp`JwV>TVhQ)vlKKcb0(u=Ak@oB3BvG4FHPXN>V?64YTZTsNW~mi}c~0<o
zE_>q;aOu!p?V(6GNDqubsSuD)6}flBAzN)@<WI5$3}GsaOAUH7k7{@D3h#E&w5Uid
zl!Cb<$LA*w*;%#GT;S?y0zx?#LMrCaYZidt@mZiX;@^70#P@C#{&1YQ3}}$dN>CX*
z4|+LKK5_~;t^<#ZzZe&RNgv)!e^35t=!Vw$h(3b}-O;dC3Yj#VtvC;We+#^-kJYeC
z9<3hj;EGVb%0sj*+-tCoq=`#=p^r7*Rw%*=X!rh>uut}2st5Tj#n-WF4mIkF-2rEE
z-W6MgZ26>pf^od$0?k&MYWuZOK4AV|N(BfzMPAtSxaDRimxuB-CSIH59T?CZ_NR3K
zZVyx?7v0&B1E4Fk!XESoj~MhB=Q|>$?|hCJF?G)iRmtB+;bo%H(zpk+1^~`1)Ski9
z)kQtrfG+A_r-Rl~Llt<7yhB8~nfi9PjM_5Scqq27O)I!Lfn;@mC9h+T0fad~VbCZo
z;jpls9=6`vLCn_Nk67<=S=hw`MD9vk`?+}PGlR~LqAV8Ej0jfU{Yj)BQx$jCFEfZ3
zMP%`|(ylx6Z^he}hkx+}RNlyWC9XXj(OY(*gkywTOu82@IGf%xwRmjcN+=*>-#9Bj
zaX(D=$tGkva<QX)*kc<86frdx`>b<?Z#xw`sDz5db;~^_fj%bIZWt9`7ui*jCEEoQ
zsLVR+lRN8UHSfWg5@CO<I+@j1N~2&hh(B<a3@QDfc-w)C>ciRLoHPzjZgzYD$Z}Fa
zS^(oGsKHuja#F5$<pO$s@sS~QeR0Tw6%Nblu#1%HsH2mUIQk+eukX#+vw;)oXFQnM
z-6aC99QSub##*>E>WPm9yvNPjH$DLzk$lymE5Ug?OHhqL-2o0dA0Os&m5V$gs85=8
zB<f`H8-O|;IaAtSjtA&?C_sr(Dgxjqkyu9@=P0(CYf6emlRknn<@yGe%E4uM7@y2r
z*wQUPTM*hFDyTT-=WeFIdCXb94XXShl}Ik<L&%L!Mfg=xi=ZP1;LY8lOZmqwq>05j
zdlA$#>7gXzcda2vAfErNmN4qgZ=^vCW?U6zZ&v5S`N{{hK2^G1)ajiAYmrRtIrXmC
zm^zCyhyISP?Jub8C!9@V5)Uarzt{WDgm2#Vg~8BWy0N1RlLCzz8cyuBWI)eFlSak<
zc5x8L<uvRoBMY2qMB*0xH2$yF^hZ*_C&lNuj{@C!8CGV%UM&>0)c!oqGc$JNtC&<L
zfds!<v7s)|7YXg7K>aV@KT223%Xn$}B~~YjibgX;%f>oD*FX+T-)f(kNid(elLm%5
zD>up8F$#f1ryck`ROZ)FXy|houbReL!8`elfV3fQeIddQspd~s-kq;dJ47gcLt~@W
z#8CUVBYw#g-hH-CB0X6HFJqVM9&P~X$5R~dBL^t%7HH&_O$@0*G>i3oOIh_z7Qn!x
z-m#KJl#?^N6E&quNAux1l3{pBkAO~Bq-=|O;#yr8g<N{Bb5h$353ghUmq<V0%t5Xd
z@U?P(En+527AOg2fh5{zB&#0;YjS{BJ@IT<ZKBn_{fJrO)aiS0wiJWX`NdLc_a}|_
zU5}}`&q^!sUFTW?k(O2Vl3rj;)}PU;`%!PrlWs+h_}*g4dS8Q!BSus!|BhMX4KHpj
zx}5Jg?O0%zv*TxFzq$kEH`dRd?{HgjW1A2-nJj)!osMYjX>G7g5xSiQC2Q3zm!hh^
zjYqHSmj>c`+WFaaWtPueH=dzgR`ak5l?V{!1nM5>0lol$4O3e$O?7y1V>;dZ@&N<<
z`Pu%Z50k!H{Mx~|fWz}ayoyGrC__3y^G*4ZApB%EshA&su~e^J=NPzyLAlG$GUYPv
zDCDV1*1g?XuZWm_@LVGH<MRj4TBDASj{G5bMUUlWcXq<@P3cH~kwX5KF@b!lGUmUz
zI6Y{QBOA{*y|);IJo|ftquWBRyVQ7?znM=BVB3*7?i}+hjP28Dk*GLN`}iHAf|Kyk
zwC^4Z4obZ9wy3t{WIQtC0d3EI0whB+kXg_VE6IM^AtoNQ=vC|hFnRC7AzLQ+){SQ*
zNCLI!#Lj|8V(g&-(h@&gtKNP0!>5KVAoff1zX0=K+P_~vwWyDbjEp@5P{m+{MM9I-
z%PYdB6Xn!QM*Z^pI&|S&*qOTx=zB;CXa7KBsgay-BXw#^)8cUAXa5Gj(};WB{Ob&P
zFCZt92%zCjO%42;Z2j*~0<k69ga1grL07cND^@;5(0eKor$;F%<w7&j<zgyXLd7{Y
zIyx^HZgox8W>lqmZ-flV?(4>U!20?UHm&C5(rdt?J%V!jcjB8w6vU2V?*Pk$C6Igw
zsp;_&lOvTDV&m~FxS*BE6$VD#BIVs_X%@=L4~jaLwA{)9n6$F`!v@o=4Ype1>ti{|
z$b1&MPPi>`LqGMwJ|dFsK^A&{l*5)$=@v-Rvvl9bSE1iP#5>R^WB+-FSp|@61}Z8T
zI;oeJmHQR1RFYr@e}NcJ%u4%%pw}A9l2P;qcGcEF*>LhWd&Qem40t-l1A~Mt-#&%`
z)GwJdA(zb4OIf_MwXBG(d|S2785L>!F|1H|-Tm29KrLv8I8D9;W!aPXO~H!%)$a8P
ztJAf*I`g<zxoZjZ(Cl6Adw6)FPlaw}0EfnLb=AIP!DTQ)AO%<ww|_(cu@kdY4bXAR
z?5!|;d&AAGvJ6%Q*}57?6OWuNo%is=rj+rzIZsYc?}tNuGre>6Vh3r{I;-5>*C%81
z<<sTy+M}Y1TN^u*);%E!2?=XzfW5k`pbK1L)k&yr!4WhIaFVWE&@5*xmtyX9#iCJH
zZZW4-%w-jP`LcIwuGOf~d#}OEM&ahITUh4sr@*pLIme((%4u#(8CZ#tY`yU-yl1im
zI$&1Mhosko@xZ7r>u<E4M*t1=yWr8t&-3w_OIOO0Rq%}XPJ)A=)vP6(3Q*h00l=eP
z=bRct<(sY0$@kF{)6ovIp0SY+rPrIIN{UC-DXJ|MAW}E%O-#`o%=hX{i@IrVTOEe>
z_NoETG$gk@W*Wue&!i0z%wG*oRbs$JEmE4S>YKNnu06Va5Nzb}f;me6MxoOxSV)<T
z$trR%WD*MxTQI31ZXt@{v1Q$;Gy|kiCin@Y@D*RSTt>P20O$cPH~C@`mT^<HxS%9A
z)e8fN)^Y|#=UeGBvXVDoSQ<~ebw>m>Bk;6(Zwhi^DO&h$u_*(<FUIRHh*HjgsaYxj
z--Dg=Jm265Randj0a^z0c(w%SWC~6$M9^RR4iI-yq}}L6eagy_qjKeFe0EjdLS;Kh
z9|mI{IN-dRC_53U#mD9_x3OV_A1yo*f+I@J&$yY)Cr7{6CLu8JN2MP>emt1j_Xx*4
zb?#9x>NK$F@6ZPD`%7T$LB5kcGgV`s#tMuRHy_X?fZp{>fC`7Li$&5%0v>nh6HE53
z>$&l)w*+6mF2tHta9HftSOR<&xeA<-r|&WRAN0fLpdWg7`VVH;R8**_u%{}YkdeY_
zf~b>vs1N36!kNvuiO(mbq))Bx@NAws1^i{3@;6q=Uum0>FOm}rlmA8S>#ov~62I;a
z|7pGo)Ukz?c8gM(HQteP=_Gu>7H^_Wxsi$nI9hp~pB-quHyx`kf+RH*ONzANX*WA*
zEr98hl0f~38!y<8+4@Sq<6GNxj7;9oS7zrqEXMR(gVq_12g&@m!bRGL`!HTQx%&F%
zS+Z$mLLLJnr!dnV4@Na%YvYl8c%gAVF;$v1;`Oab0BxU#*@8_@1NP7CSaLPCt5US}
z_>_JnU!3O=*xD-iPjv;YV+}Q(rfVHA6(9=^hi>@n9#e89ZFQRoE{rA%5{Ph0+@f&S
zo_5~}joLSSr-4zD!&&s@grHqjVY&m_7@#$_XGYIzy}&3L$3FD<D#IdlA@`e(+*b_X
zPlC5`Ga+g*Vua0c*YL=xVeWfLYY&UsH5@d&UtR!*JDU$PK%cx1nEL4v^86X(BBs9E
zt4ns`{{TT>#o$fvw%n$O_{Fsb@)Lo#d0}H>V{zovXb3QiFPtXT0-a?BfX+eWxm2n}
z3N$raw{PE01BRV9{J*VRQQ2)x*4Psv?F?!Ym`t7*i5rK*MA{Edi!Z6w75ke?Q9VRr
z%`jm3`Sm_W=y>_rr`IH1dqK0;b1YS2hp1s=;mqg*RPtJXRnhvDhxzJN^hJhBiM*Ey
zxn)qHguw>~$acS_^;Di3%j4Je4U$L&lE-HyoAXmPhn|RjWTxw&e>`Ro;ZcisO}|H+
zZoc{1Ztk~hvV9o(tOniqRVknaJph2TN1Gd+R*UXk+!bK_QPB5?-+7K2n!uzpqpev%
ztGLq|M7<i&-hQZ818P|;no*4An(K`JAiDkTqPq|B@~V&lt+ngrhLN%uAhl-Hn!$%L
zQRc$r8n1f(q^iGRcCWE-T;4Z3P$gw>2XR6A<BJeL0-~f2tFc)&UAeq8Rzf;dFvIJo
z2(m2_ySO~k^4d7i$i#|eld=T9M1jT{sp=pNyt`0Gx57GrR2pejW-Ku3cN&gY+varc
zU@+(y|8zSEQ5*!}m99yTiL54HKXTmEsB1VD42E+m7Rwt@O&mU9vvTNK$DvZ@MS3f)
z=%};dY~>WxJ)fPx!Hh^Qxt(J%^kuc6{;}PT8(_{9Ee0zT)kbT-+ONgB8qb<!04-XQ
zf2}J7VeW{tjB+stNhFCY%c^)^rCdf3PEqI4LFiOn$xscvayjcuW+CdIgRqYPAf5yE
zJX^Nakzcs(Y^hZ0l_2X#N+t8J4KIdCbf4Vz*Z%#~GF}1Hf*Y%Yk7P>+{iZ@C#XYux
zC@t%yZzyxKn88;mtl@T`#O_@l$jEX!FlVlD0fZ<=V6?gn)F^|sDhw%sG_w2mEZr~w
zVC^_N+5p09h#(-D#A$1{qv|&Seqn}8mTcM*An7&mmqc=hhbWodmxF+%1F?^hDmbux
zwjC&8`~lGSbou<G!3+IKiw%cAq5gx9T(nBv2%WyHFD(G(j^LP+?a|{;m_Rm2k)vUK
zt*N%5^;9W<r<Ue{`3dLuC;G>WPn@7CRaGTB!M!JIWong^cxrf4J8KPH9J*uhKK^Gt
z`zn$*7rJdGvsr%7NVOmZmH<!`vw-IseZFxFb5X=6oENc`M;kR&{nSiq&w(7gMIR%m
zU=k28R9cIo1^D^(G<{+FRBmIA_5hG6UO(8W%lMK=9JNRU7GSeJfpo6je7rOS%wDtz
zNHe&02md9~S6Ch$>U1)&h;*0C0tjEjyd58Cs6-Ynb<@mBJK;&*7l$xAY39d<7x~JE
z(mf@MneT4v<gPe9X`H@1+7O3XKl+KTkqs!>-(5EZty(M`oad|G|K@e|_jTyMdAS^-
zPdf6M550{x(Py+A$=KZ}g$#e)j&xNiK5VOWMyB;)t9xy~8%|BqZv`=MzC3yIWN8}y
zx}sI0TvJB%KFn!%N%ZzZ#t$@>Gmbe$OgA$&-g$U5i`%Mrv6gv*-mrEFM$cz!%URY>
z6fMP+Ptx%C9KJRXZ*OfSfuzOnuzkQRUqMBVG~KKCDIc5L`6=i%@EWn1!HIEB4lNK=
zD#Z{TG=zRnM|er`w31jo%a0G93qJTH3qZCS#H!GNfp6n1Dr$ZWFp~~IJp+yCE$ZLg
z@_&{Qsc2Ua^JRWXojUXx&oE&FC{WY;KdUTRHe{?=rSoH}qisF1g*{|)e5dKSOfsgo
zF}bOCIs|-}gOstLAs?G{)Rw{I6r3#|wf50wq>UqWa#h@qPj&>x35Vc(0#ia+ZWD2L
z4$B%1w#mp>iG`!6knw=QtDrF8VVi#T^@{V^F%Oix?#wa;?ACys^ib%!3M04Uu1_H$
z*R#nF2_MXxt^)(6wPW@o6llpJ_KYUJN?1o%S~8J7`12%Q%-Eu$aJPwm#|dft8;>hj
zulnkeSyuzg7Tcv>O;4=KEEeJ4)^mR^9)L?KH8=o{GQIpj^yEoXAV&>)xIb5*A0N2_
z1|1QBV8-U1`Oc`Ye64yKDm)Gj8}}TYDsOM^elQ}GG9eHQ1s4lh0adN+$Kt(DWPS1#
z$MbgiJ}`Zhd0$My+C_S(r?RtL3uC$6K@4aLM01^3&*sz(<4~*00*2lEuxYcSzWwyt
zaEu&3>bynWk)qEe>Jmun21^Vu*u2kmCo8w)L3ivWCafzylF}e;la%RO7qIQFVxTSQ
z$$L7C^fw>vVkgDP1x)<eOtzK3KidC!O+0iLFgh-%Q09|G@dVh0UNi~){GY^Km?GjH
z^h9>x>z4s@DSQz)0AB_)3kpD|BJZ~Dg*(}6$DI~a&6Jx_27=j}3p~e}1We}mt28Ho
zU6!ilcGjFst0n-t>q6crY_DJO>}}4>WZDa+GCn1%FddWi8?AkdY?67RMOebZYfSP-
zP?1Lc-p70X8V6vE>r3_V)_nL_+IR4&)8-it#4{652c&n>-oh>Ct`)_jae9Uz)4>!W
zm**OO6U7k4<S)Q-&?|9jaH$o~$rLOLd}}bZ5Tf|ZRIAHsu@4*vki;bSr(G57{N@%o
zqf}OXpG53N#b!~@7Le9?t*+9_WB<oI`yaU7hio*mNI=(@8fp#b`U&N{bwUFkdr=xQ
zz}Ynx6gJO4Yu4BWmYYxU1G`&X^Vb%lt8<I-P7z`eRM0^T;Qq?b&;N}JJ==6BhRewg
z_~l#%Hh4Z@fI5lBlGWNb;CS<Nu2M)ysNd&aqtWIxyqM_X^^e8ciPic`&gxUrpT?+m
zjVHiCB+ZNR)$|+?`;miG2nU!qgiu$pozriEgycLC$<heg0b}7p>+9?BgWaCVLkJo4
zsT6XRLk_D>zP1uAfq9G1aD2uBnRmzm+J-+7kvIv)MH^4-3#eQyCb;#20?9Y8^=NIa
zh{;KFza=cppU4RKxPn@7z9f-VS?g#%05Cq=XD*l2lX9km+|R855WQ&<mcM*?g|~PL
z(n&yVq=hsJ-OiGDg;%BSTI8Ws$opHt^pDiVy_EOUIDgbZr+ESB_)y1k@89^T2=aYN
zoQH-8$b0qKgHf*yf+Qac_?eb*IBY*dYMuo-?BXVp1cb>ctOVudu>^&M#dGxP3_|RN
zvcvgdWu+cAVEHJ?N``1#IrLcuhL_9l+F}r}lj(E~7u|(bX+-8XgsS<pmiL1>ZmF+Z
zZGkTZ7y~W&_+|wOkYBMe`nPumPlZ?mq7fkg8k^HQOoBAHbXz3IZ8}<JTixGX&vdJI
zwL^uP8!XhSvr(3n4_XarXtq|60z24S_DpqAi{%ng7bW(D-(}R5CU{ohSFSMmEe&A}
zaF{>9Ro7XxUaL&2<Zy@^S+@-)Xl2?EHEj(Xef8`U91?JOzzI`<Kl#Q7&xb2#HH$R%
zj5Xuob_Qh+!xy)Ax;x|4F02jU(FWaY@6w>fV3SSL)6-RJcV(!lrxj|zPyxbVo~=su
zreC(t|2gkJ0v$W&WoS|@EA(+Q$*yO|>K(UcI=-K2(f3R4-DG48LO3r9suom@@N%f$
zU~A&2A`383sFN3=mcW}7gOxNL(n<~Yw`c8-eO6Xi$yrz;Wo1LXhPE*Rv&ln3Q3rGK
zqbHU))!@%bGerEqN-wzZlef34;*pRoE-v~Xw$u-8J1n+5vPgbpUdiV-ZoQ~!WE+IR
zDzrUWrPK$M{Hah|ue)Z_@$8~N8H}@0zj#+oaaBVz=bEy7JhN@|^Do6^i<*zW<g1hj
zsXAD*!4oGZS><b#)GgC&Ogf8l6?DXxK(=sGW;y{Bl%`6Mg<_x=Pn<BX(NGmHfih_&
zs9C_%RIcS~(%R>TN6QJ16%QSPu)R5GQ+Kk#0cQQ2XNB8_*C@)YJy59t*;#tkY?>F}
zyXze%B4tXds$zf`lmQN!h-z7mv+18P$ix)PSA1jQr{bdb=wNf0qFf!GURJ{O+aHO3
zLOZ3z?%fn*tM{xX=Kzztok$MQa}z;_cSV||ibt>Q?#ckEs81CWve$z^u=nX5mD_ED
zDOBlz{2=!Dw0y$6jDr)$(%;|Ti^)2BYDb6x0J~x!&rS&qy+2+-t6)vJA>rif>+9h}
z<dDZcuxI5hsYW%>e;{hTYByS_-Jb_9NFXBMv6INxDEAirKaOU%5GW>S#c({VbZFUJ
zaKayx*_VgEJ^EGtK0>;zTrMDxKResJ;C<S|5v=JtKQF}3R`UT&&s53;giG1iPKRIL
zkADt$(bUa*X|<d|9oqSqGVY&uE^i{!4a1)r>57j|*HL6NAe9P_G@;G%S_=B%@2~!R
zK$i@`&$KV49DhM%NA1!|VBdy}M15dlnka}sp*WuhGI|ohAmND6(9my3v~|k-M9$y&
z1fXl~Z$(iG%_Xk{oBwgc*q^yy<8yE?g+zQld6l$wT9$vXN3zoI&tKCb15w5j+!ZO!
zR)@KGAbJ+$jHb!6dBQ|BpG-ggl|$Jug0?otICfcl518L74rn~XIw^xgL-#HgJL=zc
zrvXtwp8y6|=A9zc%L8byrlMWZUR?T9DdK*IKame|9((`3lW~bhhskZhMkzBh>Y?l2
zvKoSTM-G?{&AaJ|OUe%&`}VM~2!|lO-I_;Z{9+n)9}qiUg|T6x3brq~-TA(0sEAEZ
zbK4mcqyJ1@#=)dW#QLHt9>KDOtMyaK80Ns)+1Vxw+${l-XE@<t-U6VV*}_6YB?JWp
zg<^!c?tZ^<Iae+Cm0-$0?!sRnNnF5N+y7A8+_2?`2m8XMYlWc=vu~zCr88R-Wd`kM
zN%qk>+9W3mVNyhsq64nB97jjjds%vB1o+Nx4|Cnge*8<vIL-*(p4sts>CzW|0f8*H
zi}P=Da{_=)@FBlIt@JA6wJU_gZ*5mEXBz&>M*k7j5(j{D*7hvS3kx?P(}CX8t2mAX
zqNFAqa#dK)@E~4ZvX0SppNWwz3tjNqiHwjYxmhP!;_<O#PP8U}T*4@+pQAlml1H(z
zYD~Panyb15H-9B9x22CCgI&c(FDqaLZ#bAKGngSAT8htZ^(+ot^I~jlY>K+Zf$x9{
zH=5JI?`u8~!U?LVklq>*7W}cb?!zRP_^LqHo#jtE{i|d*q`o5X{#J-aTI!9+5i~B}
zAxKaPFqi&}otdAP@ulwRGJ=CJ={@a=^yl;28`*Nw*aI9U{a%@-SyZKZ)fSFg4=0~W
znB<jaM`$YB`P8{=3R3VCzjN-X3K+ckU=%nv;!M46w8#Vid^Eb)(5;$e&|<&ka@IAn
zJCCcCX&P(+Xl&xrTzjQoUAdzU(9)ifKFSaF`)kMZ#DQpgbz8{dj}O4lzwA{-T7D#d
z>mlbZid>5bG=5CRQGI2~ao`hreg>&|yg>Vfa|ke>P(u!EGz4Oo;+B(DdZUvq{wg=u
z0<z<&m*|5?6o=4dSEhQ_k8)|8gDAPa>m=gNX{}G~OHODC`HL4HHtJ5yqq$wYZ8*l{
zIjE=#R7$+3T~Da9Gcygd4gF)Sl_2rJ@}7j0)-<H(f!Q|@$8i;h!^&1b>U=Fvt6r0%
z<<5`5%X<|(X1A#d|7M!{zaNgk_pK&GiWM+6PKn7lDiPDZ0!G^w7m*tT1X7LH_QTVJ
zf(a#oU3}O{2gbMF&^Xfh^8%sf0o1ECMo_!8(Z>h&M4bE=lbSDAFHY!(2xmxl0-QO|
z4>1|F8&GN#RCxExb<doE`pEH%`$dsj1_{I1-agQakVNafJMeDO?GN^EZNC^x2c2*j
z4z*ZOm-*0~Frfo1UBc+~#2FA7iOJL{Tz3cY6oof24mf{JO3`3>|CYP|I-r05Tr~F~
z9)N$xfktC`X!FpaIdAt<z_iVLr!Nw8f85K>TTpkLZTi^33Fpk2Old=lmCQSz0FU&b
zsuRRgp?B9Y(rH~)g$oL}#W?EDeZ=<jEsKGf8I=tfPcNVt(Oy+mwcCin(+f=VkY<gH
z=98?^)?-jc!!N`+2ylm|gVBz?6a{5>z)<cH8(`0AG6j5qV>R8*Y}YHP*Lfl4;!0O_
zfs)g36@>SSJxb55|Epn&Bo4i$yMixJrFkkxQxMLUWrTwO6FNz0wVNFed-)>u2i-pL
zX5&WW8yUUV$X+!5nn@SgTPS``1pHBF0s@i(0&YFDqPc4;3cbyBc6OP))|w%1w8UNi
zY~R)KxcD)a6;1bcoy$q4bOQJ8^1kUZj#E#6PuA-RS*7>H9reIOWw6HHB5wl}rOQC1
zkvxzgZQ@`IW<j5e!W~uAEvz-Ar0z_)o|vta4lzG}E>!6d|D>a}rN!?}@1DG}vIqd&
zlYy_*barmYReLZj;1T*V=O!VSP8!sjkI((J06Yj>osrMqTMrE>$z8afk+HJ_pW~~U
zxw!%Rn={foi*Cc2(@1ErH}NwJ279@+wKaaUK2afOWJIo@q%^>DuI=E?%i&9aj5$l+
zkhkSF>f7bt5XJuzuWXdBP?1@SiE8q$ZC7iqm1LSmC!UUCO3Q&pmdjrAeK5&|AUJP~
z(Q;NV+G&qTUR_<n&1rvGzoSNuc;!^wXta5x<N5Pl-*j>BCWuWT4*{E;5PC&I;+NA~
z$J;~i4I8`V9aozdGYv<<w1|)Kut5^fZ86H_R+q6-@)F+RnHs97o8{+UwqFCX5=~y1
zLUVRD#l3{1dpa^>nhzQDZ*lF9&hd-vjYxrUn*y-t=xl<W?p&1;&%N)|gJmX4InK5p
z!ovkG&New!!Q>o-m4k^qWT9xvsv~bOO&qtzg^(?j=H;{-L|;FB=*Vaw-Pf@Ka<IXb
zyFK(7fW?OMhy)*9=A7M8-QYezR36k$p+-jl#7rT@Sr55byaqsYTg9N|()lk$sKlq3
zKwX|k1%uaiV#0vG;Y%eA>pZ=UfXv(`z5MU<q0K-c>=>*`3r{pHNO3JwVa(zVtX(z9
z`a~LAw?in(^v$Gz3=bQoq72`tUM*!F$x{<{yExeyFM`KizIsjBx9B|v(Q_O*1)Zb=
zkT{oGCFON5SC}T9v^*+6&v~UA8+Zf3ITB-jY*wPH+p&tQJAp{($@|WTIeY_lPEK_m
zFQF4tuQN~-B2DkVvE4uf-hKQ7`HDtfQYtUW{uDNThmiHqw|QR0(EHDCA~-L>MJ8dH
zYo=8Zwe($pTsU&Z5NgO<$^$PxW`!<<v#)X6I^3MMu$&4+#sq$lo(+uyhDoqdUozJE
z=n#P&$=SF`f!xcNo{HhRFE%G4#ehjKqfV0p7B+TToNfi^LY-}v>MGf(W5dQ&0S$2`
zv8_!c?@^E%-0gyUx!Q4Uw5VxL$q2Mjc0n*iG&*g-0o};u|FQPhQB`(ZA258YpaLRD
zHv%HH0V(N}P>}8xa08Ok(ukxeh|=BNv1w2Qkxe(7RBF>mH@s`3-p_NN$8)|jzV{u&
zKae4A)^*Lb)|~SfGgp9qRu<SqMPg!NnJ>OeZHXE;m|4S6c=qhs4pQ{|(RxoTmrQlt
zx*SliMzF!5SqGzlxjK(TszRak4d-X>%;dU1FKXa8!WnhxSEBxZHw^fW<KxS2So8P4
zZ|NA>C_rr1>n*Y~tAOyr=%v>ja#mhyUR_PM&7ftCA>DV2rMOWROeO9o1M_m5`T>$&
zVKPN3;(<nghr8vxQh@1Z|G>Z!fW$eE!MIS|^&<A(*BRN_ePEusJVkO0zAo?i^trI<
zJmxV_RHqj=oyq3Uu7>9OZY7_eh&qBh)uO9dt5olLXR&1)#Ifl|bBIpC?CaN<wZK?E
z<HbpT2z%eV)CZMiJwn^u)`&7GLEv%J1}&Habpn%LJ@X9hiiwiw*4K1S)AGEJ5<FPL
zzc81#0N=LhMC1QE2LA9xFW`>(+cz9kF@j=}VJBkqgR4PStJ3fTr#obV@R5<-!A36M
zvT{#yP+EKL3(JemH?CLD-UJ1W(a;)8@%27erB{nqPAU`-&<YVbJD`g_9oDtAjH+He
zJM<?$Q&^SOO}3h}vIPU+04D*%^H%nrKKQTPwpo`yMBEu?15kKWAB1dWpxDcaa?)+3
zP-hs7Jr@V^oe#7J8IQ0_-|erB%P=vuYowKFw0GY`g9<9WLr1k2ZUWB;=fAEZ{;;UO
zH$rbWhPki(7Lp)&w1bv0p7a4CD!cGSClYDk`4%!9A!s%3tTR&$gGJE>$Y&~Ro~P2s
zrRy8k%lPM7wvUguW$szAMxbWs-a2=wR40c)3lv^oX-GLim~Hd8jJUeGI(D$~juS->
zw*%kW(gj)pI=WY2-prKrd|bzKb*163!rIy~xUbgk{KkeNfI~F{BN7rGZ-ZjmVL?yY
zW!keUsz(qKgIrkXXZqeRNXPXG+#JLLFMgz`lREt+t{wjIqW+I#0Q=ijn(@NK?cXhT
zE&P`^N?Rol78G5LojG5Kt7Wd`>t9D5g-vPdsULECS=6vwd++Bp#+WAP%dvab$0!hK
z*4$w(&tJg6ziV;YoqSH(1xA_)E>JovPgWJTmPLoXdgaRm5lV1@&TQ$0nGme_&vbS^
zt_9$-8b`jhy*(x{YwHk_X)aes7ra(<9S$=oA4r%iNcPg9F_vhO2GSl{wypDCkWui^
zOu!`c^%I{HH->|}&zhN;xl90C9D#Z5=0z6t2$Wy(Ew4WOyY->I-)n<WlCnyFmU)N$
z9b2*gkGq8t<9;2M!s-n<6Jy4lVRQl?L(aT<u;*si<j?g!NPi+e=}Uc>OI_9A3470a
zx+Gld;^v)Kl$&|(ZYDCXiC}pqx=~cOp4P!urzcngkRF=bqIs0#<E4Z$$?oggW7T%)
z1p35mkAb>3B+_v>7~ioi(Ph-qHwtp-J4zNa0AQX)9PfjMNqc!{EiGgD?E-3YhmM{e
z+dNlS8<5d};X~)caFp<tt^S*Y?8C=*L`6ke4Vz4QX2zmOjTu*hji^zzT>;pru!Wa&
z|Eb7WWV}eyVar=OIB`-?1@ik^ZTmyfn}c4{Y~nk;teOKWavI7%R*#wZYCpA>g^S2-
zE2tv&i~FvO=u5JDl=+3uMG8)KqHH6A8IlMzx~9r*>LTnXOo&w0GJAWK+*Dg=LxY3E
zv-9)v7UL|7hF^OfEoBpslG2CC$;mCbG}R@_%F0%3*K+}Q+ieeltf&`u-|tNi6H22L
ztebtE(rLZi<~-A4SG(OUn7EdwTmz~qGF}@BY?6ELfTQuFQXo%&0^*S!${sK3nz;6Z
zmlqk1c@%J0HocYlPYmN<&g=@g%SR+|3^3H{u{BeGeSE5ps=U`!CBePb%VbWGD^WFj
z3#DhX$oAtFs=T~?8g}aAsPesKyQvQLhR3f0Z}cf3=jM9Bt;7!OxXYumokvf1Gah{y
zq(NYogY)<*P&O(Go*yEyGT!AwgA!$^PeqpmbmoC80{-bN^|?}@f-UOQ0=>oWwROc-
zP11U=zy%!&YDkMA>K^OWLldT^6tNbW?$p6SHD=sn;NYJIi~w&@3nXA-VM*!DyK3xO
zk$P>m;vInzR~4KvUto}Vc+(STmd9LIf3B4qRR(;#?EW7&K=^e=EGTI6i-eCAbgaNG
z3%~gBl+3{i3j==c8fD=SN)ksFl8Gbq!zXfl4GxzDUKCh%6m#WfA&ep-Nnb)KW$f(i
zbf~SmP=lI!`!hu?Tu1aAutBoBQ8Bx<Wq;J;eU=_sbGQ({G-m0YS<_lnR75lk_s#_A
zsijlGB%sJNt{<%|MaA3p#fgG0?&*r*`5+`11>=BrT8ybt7rLSQ8nue!*?!Y>W=Y9C
z?Pz3|U8MJ!Yo?HCzBN%k$h=FqffT!Hv5lI%`eaGbJ1c~(_F)t<EV0?`u&Zh+q7Cwm
z?q})n-#!s>1Tb5YQKu5{c<Lz=XCBf;4-=JdJT%%8A$AxwucN?uG2gNO&in0lQIYj=
zEnuW9<>eO*>luzGRk?K9lqP$h*}hdMJ&1ev?nz{iMnhv`W6MmwNTET)YXh%CsAtr`
zaS<kb;>YpEc^h1q2Wt$nxHSqUY@70&qlAw7F4_~uKznfNxY-(QZepT*2%zK^UspX3
z3Uu_V&ycG%N2Yye?B0hV8UZc`wRYsvGcvk7ei!Yq#V4rjz69&_(!a#}KmPiWABE>t
zC@Cy5WjvJw=27Osl8))4%H=uJ8Hi9>zR2WKS9Ivfy|9xLj|Aq8oZiB!sk@T%`5D#A
zIX93a!^8c+$|h6S%K4gg{AeL}-IrnA)v>7Wv!2a~J0P{8Mb~#n#&>YhG6ELwJ1V!u
z@1|{0$;pa9dX2d@)gX71PDJEolIsHLa$ma4htI|@j||U`h=GEkLb(R$qaKC`7b*-7
z4)$7CO)^hf<O^N&Q&Y<E&9QvTY)AU$k{yLzWp?P<n|^eAJ-X+OYc846cmx?D%v2o;
zf11ZXTbms#jZOP+FkG<|Roo|7P@}NNOzl{VBBj|e<$Mx1=Cg_$G*`vQ9M%#+3k~5Y
ze$C7>kNMe<?z!BhNcx+y)ltHdEh>#CTP)_CF&qSVc*g2A85w@SutN&vR0&$kI*H}N
zi$nR*j@H7U)Md$k3R{JiM$O(G|3U+^POmZ11-Q`T^8BR*6#(Qc)vgq!139qji|WdU
zN(Rabf_}$qts%q%poA=p15C9HU7MOn0A~*cVPky;BL*&#yw__QggulcjHe7nOG08n
zV^+7if(tLw37vA&t{RompD#IvmGPKCPx2Do88Pu?;MM!+a%7!hY94+^BIK>{zdH;P
zW5I1-Xv|n1(}_U@moLC%XE#!(;Pv^Ux9g7iI>;vN>8vWxP-MmI2V@Q(%L6TjV;;6|
zrrkj3?6<P~f^_2rnEf1)l(cRivO43o*qhqVS(TTk)50=kGfIn??~c#?c$otW32;Kf
zW*bT<6#7WH8hF&j#z|7x@-s0711uH=WtLH4t#@aj&Up@Fzi-QOq@*&7U{FlA+Jg(v
z$VG0nPNIkhW*(9TpX?F?c<*9fUdPK}7kosYZ{tu!I{5Eg#TL<k*VT$tI~FkXmQn~v
znV8EgE-p-~D~^@gu<l4N@(fVv_rq!*VNYon@Yp&C<spcw^!E~Vx+lCjB_W`@Hfcpk
z@C%@NxhDo1VD8njBy`vRe;p_C_~y6~qQt)T>@7+*WYP0h`?!W~XY1s1pH8Vy9@5h)
zm?%BHfsO_|-M<bu+pBBSM9!His~b_dMn4_s*q;!ar2V|~!PYxVJy!-Kj}0X7?l;8H
zUoFm$1E@!_Qu{bFXfw>+EzX=8P2k4MH2EIoXJ1?>O+{j^|G8FiynET`{&yo`VVC(W
zG9ozJyPI1@sk+F=nVvGC1Mo?iuWcjKxnmUWyljJE>os2YJx{u11rl_buV@IWlluSq
z@DyzPd%8*sXIG5dR7X?D+j%Yiay^!*Fw!9*yB_l(r6@1R0`sQw=F6U(t--qvS6>?Z
zvA+)fvx&RCV_@`!Kc}M4qyb%kJy&!YEbIO9a)W;8D?MFZIW<+OT@kP5I7C&f!E>_T
zUF&NvVYeB%a)-}ohD3^PO8<v07br$zb}2LfV4<M>&<;cR`&KO-<ZkD0|3aO3A8pa6
zgF;>FhHtO@D)j!GGW{U9RG##z>>^jp2qJ-R2FG19)nasCmQC0H^%ILeXq`ti=}K|H
zLiZZ%-|aKh_rEb+HWj|6jxzQ0Pe~Y+Q|RfCd)WCPFsxvI@M$00?-wW5M*CzKhg7O>
z^=yc*<Uc#f-MY8JpJSQ|K?k-ddxN`Dzx{K1Q!!$8A4rSy)OqvV{5QDNPt@h3Dq5%8
z&9U1TUJeFA;;6-O{?FoKE*5A0-!9G?1b(((OVZfRw=JDtc^PU4y<7k<<bm|tj{kN|
z|AQy2=61Ys{uM|mCV2N&0^g)Pb3V7A82yDk{W0J3$wozh8U{Q>l}JU;Bdzy+=76QI
ze_3`B_t<Zj$D0p77Ep6yW+G1W?VkK?GWvJT_rJbK0&m0t)a3zRnSS-=a}6j;GeB=%
zRg-M(*Y6>A?GEa_`S<^~Yeex$PxxCI_TCSepgdNSYWvNJe+9e1?MvleUl}7z_lv*0
zWc?i)e_HB`*FM@k;=8`~&HUoA$m{>_ekGLD60C{n?=>;pzF5=nf4L^cHl-rsb6_wS
znvA+nh;API?d|j2_hQracK+9!u9J!06)4eG+)8`WIMJY4zJF75zkzM(^)=@c%C`Ey
z+H=1ea=^cRS>k_!JLn>~wf@`SuB=pob>jGf7%Jyqb34X8JkZ(K*L|R-X_*-KyX3le
z5mOe`f4?{7X|F3jzYm^Y=jd;|Q-J5?PQ?SN*e28qB!YthPT_Kv3hBF6rt8#_B4;lp
z<o4*MeQxK!98`-^wU*}@(ok3OROfdcDz9?5^XvGzCyfeXi;BNL5Di-J8&CQNxdOC+
z&3!p_8An3ALsW=VJR}rJMPrKr5>S<1X~5p{&CS;6B?J=Mz<(J=@cs&8fv%7%7Dr94
z8iVBg%mjo6qKSuLRHLv6HxOw~)7HA@j-mXwiD&}N6IhC+^Lh6@2~yle2+AQe`|SBL
zgn~oyPsi%ZJ(-UKJyPJ<$-{uRC#!lGvxlU-A%U-1z8uE9Ro&)uOHEf_>M%Q0^@$c5
zx=d>|cW}QiMIMAHjjeR1@UpEfT%<nQBST<Kg^Te9s)J+w9t`4QKMW?eT5iGOBP1lW
zwtutcsbqTkPI=;YxV^lJ1-6(L_8$-E#J6HHguf=&@!uqZuQ_O!`<EG-`#D<bvrl0J
zy$R0DdE&jby_vR^r^C#cPb9rK9Bdty?t9AkbviK5pEl7@M@p(DdyX7^Xr5k8Rb!&S
z-(F2E12@s1r#vJV%nt!2uYSSMQ7auCy6X7o05U+CzU6pk2G4lUnjRe;y+7#tXU31y
z$<7<{na$0#VK)mak1d1StGP^VH`AmX)gmaQ?H*yMYhdP|X*{+N*1)vAT)+2DkM5q=
z#Ni+p$II@7_Vi@Ua|u&JMNR3Ab*)M5{h~JmR^lV8XZl9|Ww(3#FkT$tWQTU+Y+w0P
zbeK1x37zV-6d+R|j3H0zBHq`F)z%ZyrVSE+t241s-C2DNA5US@eK*}p|G`&HGkrZh
z?FXc;Pz^5GWxU6!mzw4GYSie+9tx_;B4h?~U=<ImyKSZ>cL}4rvOazk8}b_%f76*>
z;WU0TyCYuxdG~4v)15n`M*B`qPAa2<5m5@UGGQuoLsLfbJqaWtR@bq~_{8peE$=+j
zsk2Ep6A&1&u-qTP`(S6*dF$49$4&q8xqJ7mr)1kglg)!^_$LE&!T@%eEw2mX*T+F;
zMH}27YCOHh=rnza^VqG{UVnlzUvOnA(k>2l2mO7o`uKAW|LH{a5ku1VhND9p^FqFX
z)wA2&;^oiKrNDk1lv>c~2ygGs0t67%eUgxs6%%x*nw9|_11ag8jBvW|oR_o0P0G=x
zWWW?sC~Y|IPo3pgb6d!GlRZIki@ujzvwN=|0cP27soqtLuvI82@e~kja}L_l!g%4V
zIQEpP{cDExxXaiaY~83QDVW=9l?3t3@=Z2~1&lcPw>33R--~jP>jy(_ekrR0k6`PK
zi@vdCGd=lUsa&qEiLy#I7L#=f19sTu==$ZyE|0I8iKT4c`msZ;kQl~jda+ghHT-)G
zuD>{{2|^t}91-}EH=wb&4{919a+7?oni&OB*>^*KWDbcIM=$^)tNGYquDxhg#(Rat
z%Id|pZ?C7=&|Kp52F-Uh$Gw7yWDy4<DAAD8Sui*4_r2Ph78^BB53;&?Qx=78GZsW*
z-5$3^R&8z8&?NfGwLW@*IMc3#yXC{yqmm4YN&U&gdyziT(aDPOg%F7bMy<{UKpEkF
zA||@Ezg=EYX;9$=_tMo#Pnx(TJ&$2$*B@yc6{BixUC7{0r!l8n*%TEck8fgQqYpaO
z!B|fe$gf=6AzuF$sN&?r<GI_l->=?)7#SeMvk9vVcG`gR#j#j|yPAis{8)4LqB%+g
z*ZS9KNk5-eVl?V(03}iz1LoW7Y{ldA%=_43SwGf=bBmut8(cr@+)A(Z100i}X_9Y_
zWjVgxL455Awf;w{R@JTQP8Jr-l<i+rKx2$d(2kR`oh3VMpe+Z+XBfq^Ww$%Q@^xe+
zP$A)K8g@L4<XLmNQyl(Hb)>9PcbD*k{NVz1gobV?ov`H>Zuu5{b~KBOy+<h^3Sc?N
zyF`^#Myaa;U!SSo#bCd|G2<ULP+`;1N>~rp8L3?nT^h%_2yQl(5dx?<pdg{5fHIMK
z;g4u{uNOETE}|eZ#R@RKwWw$V>;-l6y}~C^7Xg4v51xB7v#?~Blqm6Ig@$=BX8Xx@
z6RET!JeK3$NnSCQsO0NtZKWrmppevV_Klr1CPqG0c2X`fx-5+jwY9Zf9<Ia!T#{RL
zIZ&+e@@BWA#Zr7VW#zuP7qys{-(zBIBuH>>u}i%OK8)_mRYmky7Uq3Tdo1BmU&3}X
z4a_Qmui|SnNKv=ipH~M3yTeAydPrqITFL?)GMCw7`t_!qMF^{|QRz*jhv$rCI4-qJ
zDvfVla&f%~<jCPXGLopn&eOGWqqANO@t3#v@<?&9kWhFeeOr2WZXuz`r}VP2*O;$g
zGXnCOtX$!&RlYzdEc9pqY4+6gwWTIgK}|YSmaZly4o>##Ell{WQ)nqqRnVz5_u=tz
zuqD-lK8ZmbjGI|1r3(&zST4>+RD`6D?CeU*mIghKE7^8TRNo}%6T{M|4C@vb8B0y;
z;JZ5N>QXgkTa0og#f60fM{0t5M;ge%s1eg-k%oDix&Wk8!F!!Bu)M}uW0U!~V&cvE
znvGcoh3hPOA(rmyJ&}cdyEH4oD;*Pbt+jc=#D+rKiyVRbMM>9+Kjh_ExZ=1F?{m2G
zeQj^gw6bGmLDy6Oy{JKT57CzEQy$60A;*ENo7>x1aS60x*6W1P?a_LpCe22-wi7<o
zji@?V>`W~jbx%#NhpPAJ6uR?xRr0v4)il<gJqz@A!3u9~@wAcVTnUUIb&yKF-8+17
zv%o~W-{AbpUH_5gq-^8;*m1Z8swn2@k&9#;Bpw=3#hhsK&amNAS`)t%3I-WU%2gTt
z2UosMx5dNrEEwfLpFu5J+4;x|PCT>p<I|N~fr4wT(rC&hP3-Czn<4tf#1ZNpN3Ass
zxwXAsdPZg?B)1|SNccW$t}azcDPK!h2vW^GzS;ZoRiKq(c=B^zVIy!)rpxS0Bl%vT
z7qaSBbvQIgzWHv4G`=y;Qm?F~N=>XW#LRT5m|y&`S)0r6I@Kdr*TV|?Au@G+8*LJD
z*Qw{S%LC)ghLnS#L1oI(2%%9}{=l-WvTG%kZ6a}dBpWE;+h6-X9B-L94b`t>qMOZG
zV+w3TMNu)n&Btrl%ZgT~mhoDUiE7t;Ts&6a)V0H`Q0*Xc(KFx^;$zL<7;xAuf9OgV
z(4oo{(lq#bu?_ZUrwbK1N3|YZZXvrZ>>Q(6AU7B*vEz!2h|)>yAJO#GCB(f3QRs;g
zkup6mv$>Kel2}Nnyb_K+uR_C(1Mbj9p;SU#K^~sU3ePr$O}sC5o-oy8>5*$8b+fI)
zB&-H#rScvdS(((S`tE!8-CV_bOd7uNSbcr6*(@HTj(<|tswi4~i!E=({7Xe{%QXIx
znxUbh``&u`tH7Hp<%N6vp(ho&AD&Kyb!gx=iG6-F-4wp^3`9?(enZnFWqxC0L#5fy
z*tXuz$oc261v?@%=%Y*2w|i?YLZ(}uxcrZu8}p8fWCS7}3#3==PO@8<Un@RMm$&mH
zfm^#WjZw!ND8V#oGa3`pRuE&QNqG$(Ol>T_%N6_A3M?yNDV?<aolC0ihFYWc#w*KU
zULOH)_AQ{K%h)AHZj5^?UGKmi&Pw1_uP$4o(L>l9bF4i!NUAt^yEOck?+X_L5kTHe
zS+qkl;cL!>#|eBQoVvaC0*;Jb@HB0V7xEZzNJKX-5qxSU>-&)k--kkNk-PFFGMmku
zvG^f|6B?00v+&_si$+K-tNz}H$iJ50^$=lgtf#QFa8{Ef2O}ez!|Nk+6j*U>J;DCR
zp2s*jcjG4n@N#z!t+c5~NFL5NGshmA(6H*1Xr5+Lx8q)3EV_GKD%?)HKG=?5=|nS5
zq%mwY*|9yxevgRuP{6@LLCM)!e-Ww9++s}hoj?ZGJLjzRbgsqtFs^cCzVWDcq^dzA
z?+w6Sjp0tC@I+Rp&&|z#yY4|&0V9ZEYr(lV&9(bgJhdV(6g)PzoaS5DuMrRssE9rJ
zOX@m{dLvQ7=vZ7^hN2sl6%#e?H}+P8B%JB}Ri2mlZ7-0{&8-yLH%#|Bb#~jgp*?@W
z2YecFrjVoU9@FL5&rfkWDh7_u-s&l)@88GyICMNdS-QM3UL>48l7#%Uwp=XwtET%1
zUUwiq<DYpcV!HI-mXNfjnD9<L9Y&xCTs{<qM2s)XI^HW<K!X-V-I-wtJaAQY^QtM)
zD{|_6kDCkVwdyQ7jEb?`FO5yyak28<_p<s^KNCe)2#GnT3W{r`0da;b@u(=9zBqJ#
z-hLI5qAzevThp@{$7?&8RYPWK6y|>uMo~m`c|A;`MBS!5J|vQboPZj<{8g`LeJvd7
z`)b#-E~z}6<?C481HP^JJ#STOz(iZa;b+6)5V4ySy<q{^l`Yk#y!ET0(I5I;dFaXH
zZ(X)p<!4z3)7%EAZVBqv#G8H(D>T;rW-9(;d?Q+R*#4fp2j8+{a?j8}KNlb>3XfG9
zVLc=As}XHnnD*FD-`0RjB-fh{-}r7Upn|zm=RcqC)lky06D-l9Y0SAlosiNA<>RSh
zvqHAgE`=u6@o3abyBb)Pwm)lytE=cmUYmJfIIS_L3Qf2bQ3KJ9*bc#S3pr}>dqL)Y
zX3k_$E_Qqx*3lwI)LqkbzgA?YdGYK@pt<d`2oK?sy*E7LDiuXtj0s782J(~Z3GD;s
zrq0_FDaY40FlWCcv2Spw8#F4F8P+S=uM6p#<B$qHOoHum2Igf8U4LqdX^TD%nZi6s
zus$!kh=zU3xie?80+>UkzPog>aFwO|DX&#YOZGY=Td`SJ9DU>TtCkK-sS03nlw|(_
z_)+#X>jtzAodGcdN^~zD)%FN?@hjS!lkbD-FP2DnZR%U>fr>&_(e^-ibV`dqE<{9B
zSorNtDxuM-tbolwHj20(eEjMVZW>o1U>%iG0LFvL8Zfd(ur54(?rQC1H}?4@*fPac
ztta);K`)wfdW<aO#cSeA1`|2DW@a=oWt%02@0b3?4>Geu*ee4*<4e}f2c>0vbtDTh
zu%nhJ7YeRJN9X(V#6f)d$c2f7=Q(45cBd;=CYFsyuD^^f7y7-{6UoN1`L3hPytAkp
z-~Wfl!|PwHYH}4JvW9kuOioz-RNByD{Z85k18!r>#U&)k_-hLbAy2pcwC%Px?*rqj
ztQ_Fbvh*`>azxe}&s#8^<u$(OF#h(#h=}79sotce9k9}YST7Ii@#SD}cBpp`!~J57
zhlPZ^&z-{%uTj#HEIxRqp6=S(*4m#D92NN8D!hX>Q`U{`XeGUSdstiCb!1&wL!#Cq
z-ByK~On6zybus4+b3ROZBycKnC;ZLhF_>qzh06HVkkR321N+o^VtfB;n1$0T#%!dK
zdnoyn{b3Ira0Jh0vUv5c8^tn-9Grb87T}B8I>L@ugTdxUKWXZD<({mUK#Mk}hb}IT
zm!vgKlcX&Bxy8lECp%*f@q0y0pjG=qC_$(89JmU7t=<5Vn(Vsu+JXK@_{m{HTa5Ct
z#)s#K4~in<<5j%%AA2Qv5-z{I`RL<UY6TPl{2H}~($>RAk5YjdR`q0=9XGMe;hJ+A
z3E!W3YGQPkrISLqEi!`NM0wpDlhoA6CPSO=@lTnM+kSZi3(E4?`uroQI0B(vk(DB(
zcA!U1Yb;P+w_MzKsGw6YMvg3q9mqh>HFyDy{_N1L4S;-Les=#EhE;K+NRPU>w&BQ>
zNZq0^V}aN1OlpHY%oQT5@A&EQQdTT$Ji?ltA${Ba4jDGNK+IJfGRD>(>L@m1wpWN<
z*V&dC^6b3jWoe0Lv;Cn`%%^;-HB3m@=={Os&G&yXgc`c5Ro`*B`<6uHv5s>&blaub
zv$Ra0s?Z%&${9gl4wG;r_Nn<83+((W3*@)<_tR@M_3k=YcP!Q{N(p=71GbWfXCuDG
z++IN#qHMoRjy;@RsD$U9E;?`Yn<5-f;k~~;u2-#PmNr{}Aw!|rVmtFA(~rU~)fXc_
zC1H%(Pu<sd-;Gpxv#|SVrR9Dpv2Rf`^Q6IvJzIQC%<b8LZ8;h%jGm%i_5OWZ_d>PU
ztfFjY6Wf)=sf9A>bz7IVyy9X*_an>2WtUftMYU(Bw#`UN=CSR@g_w2;Ak6RC)iN^f
z49v8K5Heedf1JJ8`Qa@ZG7feT8=F`&($@~y?5<Gd{ojr5D2sZd)tB=!lV1sp^R_90
ziBM3p;L1<-kf?(IDOE|UVj|K>#DGlhkyYcu`NWWPagw`#MJ<$fko>;&voZl)lJZuA
z%I972x#bHLg#-)`(FcB&bRim|U?MNGzT@}Dq_&Y^+E0b(B`a1F^x*AXLlbiOWfm)W
zDV@G{I%Bs${)o`$3gH%FBgBc(*C=1Ha1Wm4cWC<F+`!%QYWB0eCv*wIdM_FatJ9(V
zYduA<^lOf`;M23V`8=$uDpdX`h!?UuoNa}G6BTveft^8Fp6D9DoOWrm7|@_H+cS20
z4nu_fYZX&*N!z=6J84wOs_no8@3Dc%X}!hUyngczn<@mS!TEcMbcxy<=_?P0${QG*
z<U1w}gz^24mpSYWH?B^QQoYVh*BT$lR=69Q+f~}Dc{UM)p*vZ=E36A=CnlOd%Gj9x
zx~pbg<7Vq1thw>~r7e?@9oi^40bU;HK`!f5IG(TRD*+A5{Ym!?PrRP&WG~rd??$oI
zW+F5p1=NmQQ?`uor~2&$VC96?-={}0FKCg?IyYOF!K#P;=Kr=zQ-p8b+tO=^JgnSt
zP%=A)RVppGt?mI3s~eBIh9ab0oR-aAMFKK^D5c7CSj$5znwMHMbQs}$LZCi4NQxH;
z%)it<RL!md8&*S)-M1PEtqG;TP;`HtLnmpBUsvyOZnOV=tns6{yp)7^7QNlq2VeJ8
zo<8++ET$kJVJvj>)`Lj|O=apRi-<~S4V77H6Q<}1<^pcd!?&Fs;pUFt(Yc;Nma`U8
z$zKoDg&sLX6x+r~?ea(KOpw;mGP2OH$<%Xy<jAF@ch2szspNN+P#O-ghnXnR=468x
zxSlw~_vH=Mqeq@@a&k{#*KOEH^{Mlyn(9m4-p*QnvMV%uoXi}U>LS0<DWD8_3!G;^
z`LOz07o+2Ri9M@HAbVv^F1=xGGjNe!3FH+QrG{@@RoC=B?K-0Q{FuMe@f<gTRc{mH
zvh;P5!_T?GuM0y*`Qk#-J!IA@{5^oq;yd$`8~@rB`s?yquunLWwy3lCV&7B&s3M{4
z-3*>v^E{X)KPJoXZF?&W=2B0<!nG~io*nP50q3ca$yJQTWeTPG+L@LoFk-g+8eFT|
z<;PP4+2!$T1q#;}Aq$ARFnd!=Bcc$*k$Un?N`-X&x_t|6RwhP=^rPw;ih*d8WBb={
zf^bVi81Qwu@&QZw4n!s-N3uF`ffdW!O5TEnF@LKF_1IfBv+J%C4^VuLWtG%r=3nkn
zZfrD6_vLIGU#K2Or-(;<nNgc=#8c-lPRD>}w|JI0PhLHBEZk#wBWPIb#>UQ`ZR>Bj
zy70blH+7l6?54))9xl84<3!F!RA*(*4MES6==Kw}8Du+oXc+?o0^kQ-6S0kkh?;}v
zS>9~<Us8x8bZ4d(V2Pm40oT=RPGfC=bR)T%{^>67O5ly2a8<ee4KN*(nfbM8cfuoJ
zk&`+)s+E^pn5wtw+X?tGDi#*AF+ZYWc|5vf9Y}%6RYY2P-9wij{{H9{4oEiO;TI4s
zGb+61hk+k#=td&q;a7l?3BbEyC!#=HVrV`o(8m6fdnZ5`_uj?M>JBPgpL(F@ee{NO
zW?%Dt{WZjc&%yW%EuIyxU^dn#$11mg@gS{y9Jh9W_K$s>cTL~zTd~wxG|%odCsC-i
zRurb!j4q%?H<V3&dUaLVN{=EkI#OB3t+qbf!5(tnG)OkIR^4%FnqDAg^beTiOQO3^
z=4ygi9+)p7Q@Z!Me9NK_qTkb^x@H#A5hY5_Q7P^75+|NHwh}mSzC;-j4$rUS>>mqn
zp)d{W?pw02*QA$#JiTJfNeV$I?plxA<o22`dw!l!;^e5Wurwe3srjhVR>gMHkQy};
z3Ndki|5I)zIy5xet@61;XHoHP^9ZP(`+Uw$pC(_!$;7BaEUDd<6!DDXeCGQi1@SpG
zrGR~W;^Kg{Q&*1+Qax>Gd{nhZxr<~poQ_o%cU`S{Q9m>^M0<A~M@`q#+q3K)^*~|#
zY8fjgT(@eigxo=QgDOtSgeXisj_cU?u*@$#8b^(P_x;s2Lc_|jMrZ?bhc4=Po#h**
zNFG&Q20pZJsa%tUPA75Xatk``arnv=B4YBJig!-A=eKGNr|*#Q*!yYGMIEfdEL*{5
zX6LyI^o#xb_xA?|PuIG&YOG~;hj_TRCR3J|i!aikP*fTeMHB&YAVu$k&(y7QlERQH
z!=76LlQ3)YhMoQpXOqti^z?n_Cp}kyM2T9zFkljlfd=e45n3*rrc>wIg*Z!cg|Ss2
zkI4YuTF+_#7g!U;y0}hiC%cy%8=IT>`Q~*J`X_TZ47#PeAgzKePbInsk&_8JLniIo
z5}h|b#l>0B%$$jBH0&3tC)-KPH6YjB7wg063b%$Xor9C?QR?BgsH(R8iaFcS37B`%
zdx#8~{v_<KGc<pN=mTJMd-s7vo;=YZ@D)Ro92qtN>Hj@{ZudUIAaP}z!OR1R*s|3$
zT*6hk3{3fA{ZhCZOALs_XkBcY>=P;>90z_bsXwUJwHfkr2`Gq(VDqhNJ**+E-z@B<
zl&Cmg;9^s9K6Ea%YLzA3A2RS>g~1+cS(k*^dV;C2k?STQA#yti`(*U_zI2F0)Kp=a
zfs#R!9TyauXr&g-72z|IAUOJ$(MykcLWig1$2b&e4Y|j2jd**nyOT1Z9hz{V@h~}m
zxhW+MUfuBCi|hNrRUCphte^TvY)2(mIT80aDUNnZ3z8EOxFQUdp6F)um8PFj%&(B&
zV`kjn7>Sln;?=ufX)>}dU0QgErW;l!XfSU)5tL$OtIx;9zCNAwSNq|SQ!_is>eRp!
zo*pFs5^Fvs23*hPP*F6b`lD36Wn}Z`=Ea#1)Aky(pqM#`-p`z^p>pLu=H_w5WKje?
zi#yH1OulU;XZH^^2#^ObPu*`*Gc;)vuH`!2elkR|<69=Uf4^#J`6B8>Wp;N*dWSZy
zdg?n}+#(KhgZ-yf87Z9_pS_O;l6k@i=LzQ{SPe+NpH~5UBV0TqV0HsU6X#~J@794~
z-Bi{TvgIjJNtvG%H21*U7#O1l6>jo-0!s1@V5$eQHSDO=9?Zzi$zcM?%GN~t2Zmr)
z4t`)cuUBrK#0kX|Msd)SMYX;i{rHSiVY2GuqkLKV?0J7kA*6p99qO`?3J9}s_j^iy
zjNe<Dn95tvt4>Z%{Q~1(JlpI!v>YxVV%Ml|spABc%i=ztOHsIF0B7oti#5zJx}{aw
zdI*G>1(64+@buVI!>92o&nZ0!nyy&2ZW|fd;=I!|VFzM6C-rM#9fi=YzA?{3iht1P
zequ&q3=9`1-dCL?{+x18%U_CBvzp2p`$i*WRt83D!H2t%!%-DQk4Fi``T6)BR%bRm
z6!|LnA(|b+?EUNxSzC+a2Q~-oce08-y=dd0s>8z>a92qzSvBUURjUpkW^iT@G&<3W
zt#n;+7I52%nK0u`A=baAx?av=<s59y&QHf!?zE+4#M7ZMoN(V}Orou))k<Ty4dU!z
z1sxyEc4434f8LJ;mqyM%<i^Cr#G9%1w^Q!ZKGMEtDlU;6QAvX=)Msz`q`KEC?nx<g
z$`5$@Jj{&8hljGM$&*2v!Tcr14h{K^L}qv8DHx=nL&@d7_6{q}v95N>duR`NqVkLC
zAM13LOD*=#i(<&N$U4b>K_m${l~p(*JG0QBjUp>89hZ)XfuBz@pHYJ2r|#X6>-+r(
zBq*mixD+1-rPtSA7Wfd|rp*bGo+Gza&R7$j@gkN+_7~Q60`J2gofrqoqGA?sW@B3;
zqYar`>i}1{543gFs>X)Fky%3a%0THpNJ`yNmBbggC&+-B0*btN7gzFDlD%#8{rv+S
zstS{Ijsn%>FyU^u0w?9c0n}sZF&eoJ<hd+*YBKQp^D`GJR=sK^K~X^Aa|2dTa~yTU
zC})|BU0Sn}-8tZECj(gb3}*(eTkQ<y8wMR6%-t=*luQL|=SL%EJRED4BWL2kvgpGw
zud~=k#!GbGd`qnwy5b0Maw2~K)2v&%NP8fj5^gwJ&X42u0n($s)BW>Dm@N>ZY43AS
z;B%?xeOkN({$-RCfQlF2@){63@qRUN=Jz~aYx=;p%5MUE+IBj*6gwPFzM}${t&Kgr
ze!F|TOjIQ4o{=wZ_{KmZPPL*Jh9tcU-;1p}$+tLvW;W5%^+@S`AMWoFPh6`LS2DQG
z8j;DL_ksvabT-3)McQAYAxLDLU<nC9+6a7r1p;LfHZO{momld*d4@S#!l<y+Wy9+k
z4LRrrP7;;V>xqf^2sOEO+!t_Lt)5T}3j1)GjQTl64^RrKDy)+l6%tBJni!jZ^YKzq
zGVWVDrjC}w!ewJ=y=$brx`AY%zH8rU;`}+D4$MkY=eb@etHj2}b{8fDf<LqCvVJ|u
ztJjFmw0mugrX!gNJHr)13y*2ckr<!o839IEmF*bV<;%?gq*RUup^|hqhPH?BZA61v
z@>3!jKWZXUL|i<69s2oM8?<Hkei!{kh*y~bQP}+*y~DAsN_HkTdhb$$TBkKybX~7Q
zpF%NyeilaFDz=1J;(aqkpE(Z&=0=W<@?!@gro-<%x{P-*u<R<S4m?zSIg`ywUo_#$
zBASE!b6%bvx4)R!N_eYY6c&b~FM`Bd^U^xpCSzf71Sx@G7<xOvg8a1-*&D95V5M6A
zNV&A-Ws-Urn8}h;Rwgdy5|C}Y1S&?3&j`*q{I;=$m~mJ;2=7o-cn=qgYpz?{^nATI
zoqMvDSBg{fr?CMna7xU6_`WVZ^e$t$lCHTKc6<A>$bmo6Sr|T69WeKcJ_gz~?9+9Z
zrVqz;&g&U%RNjx*S42^YRiN_a-fVFD#j>v)XgXc%+5r@79V&LM5+7iNsJce6Q4+Zc
zRB##hT8AS~5}QF$8QY=nzE+&kVM&y4J-N5#dI$HO1gffYD^+J_taHcFcb(Te0yKBV
z>{7EHo9|SOpO_81-cI)QBnoO$f$8osB1el4jQbAW%b8-?@}~P`$3iQN{dYTF0&@bD
zoP}vW*l<heLRt@!q|^IsJ9+NBZHVv1as2d&^odJ)C)hgdOTc#|`gq;`$Bs)d#T}7<
zAWeU>YF?(C@YCPf8!X~RgJMewA~tukeS(Sz@F-`8eL655av?}RQ~GBa9Gd7*YHHg!
zKCgr~^b=~{kO`})+P8k}HmqF<9FeuoOKCvCfvB;>p;VBo5@;<di44k9up$^PY70wN
z3XJQpWK9pIgoT21;X@?3v9mv)$q@mjATo3iCJ>Tz@-2BX65Lg6W={>|gQX#A3Q2qh
z_!QP{&213B^2ldNxM+!wein-Zl;W}Dq<kr&*wptWUq>D}yC$1lLn4X4a(b*5fSzu=
z4smy9$ao2Zn7s%JfUSK#d_#UUDi$dcBZ^f<7l8ADzX?zi-Bv7jeXrD+n_Y@CtS*U`
z_0t`9YKA9_M988HH9vJOEx+4gH+`PfxBLCEFwqB~GsYkv+4^<5MzVOq{z7Vv@4e?b
zbr447p{v~uUDma3-gR6W>&3Z8-FgpXrm<m8V2lNo%gA>$C_fXi=#DREU4$ucT<|#@
zpH4~#7CvLvYa8C)F9UF@s&~wIs~}2tGu6eA`wqsXhv4QXMzO%Dcz3^pu>)%4eAg~Z
zV^n0MtgZ`ZEN^$%d!MdwRe+gZbpt9zh2`bt<iYiO%q8DWj#g}yh&Kgy-W;sitrS+7
zx9&8T8c>WNfzfglm<qL_Ls>acWou}JeVQdS7_Geh(IuGH|4)>;3i*p(5GOttYlLe;
z6bXEFONXQyjIN558wr444N!V&WeceO?p;ISLm}6!T}h9>))jpj%F~z!_fHKc7XB4K
ze|p{Zych5C`rf}+5lBd~;Wc2>b=X}Qml;+sT~!l?IZrj6KcS<MOCnx5sW<v8d7~bU
z^=gu}p00Ci*Kqe99u~xEsFMSNP~m1h4bsmyfE7@QI^O`+UPJJs2&twuLFY%xf(9)e
zvoESCh&AcywgKpzF2`0YcE8kUc0qdE^t+eX`B^{SeJw4`75pBf{V6pTaXs&;sYX;E
z*p2wx(ftYVyRs%dn9i6Ypf7Mhki`~Dg_d+e<(?A}Aj%Ryfb%4*i;C{-%%Os9$BD8l
z<hagaeSVJN%V(P?#AKPZv0WIeV0!B-bJ**J7MnhojYpAemfBWxPeJ9q8x!R$*&RL}
z^t!D2>-<*zT?FACj8d==vUW%@ZFpjTr47d{6-@lo#Bb_NQ3NpK$jWpv^)BJQQOWb-
zBD}CbLxs`1!~AuamGW*$&c*&YDSCd}r<Ep1oAJBmM}zGxY@3JlzUuiS7D!arqi_gu
zDrCsw{x_^xS`Fe+P{Y&Hz2L2Zdxsub5wIxAemF?kB@sIt4~%c%H9WiF@7~=uc=I|^
zY6qpatOt5aY`p1WbjJaCUVf_?;Fdx>+&lu`25OzSNS-+vYEQ_SXuo`ti86$h_3ce+
z5lF#%m;R$&Fr)xO9KlBP6o&WfI&ZkXf{N5~nJ{wOleaXNKL>`ri#k~~O)~5UGfpG+
z@6??mTd2%!YFcNg;=?Grq>`uAI=9%HPGrwuh>B<F&n?d(ypJrX4%ou^e*8&-XB~CX
zb9wy5O5D{BF7Y}<ac~D)i?PmrckHn?jRJ-;f0~Tq)@HeF!=iZ(<ZiOCU5o{@Y%6U^
zwUM*h@W5gCty=`RB)1D|Mz^Xe3I^fK2!nG-Z^`k3m~xoO3P2uQiY<#n;U@XYVBlK$
zP#^;y)_utBqu>=44THN7!)}40Xu)lJZX6;GeuL*eK@ap;C8dZ+tWBl`^2QCeBFUYI
zc%nTH-=-S5yXiltFn5mbw)qknqN8~YzWe!ebB;vy`-Nz{INhd`eklh}kkCPN%Ab=m
z8l>e!u=&PQhvjcOWeGLu-P5eDKyE(oG!30xZGQ^DVh-0C00tES9B9A2KBT+Gf8E@7
z3mEt=71fdHDG3@E6kI#3H&8kQf+y&kSzxQ)H|a7xpCh0TG>*+fmGdXaWcCzAQS0Z{
zUB<(dE)(LQ+hU_8YFK@02(yZ1JU7gD0CRPoe@ltP03EPL?68Xxf<}EB;jSHKvCyf#
zlW%w`Tkpd-RV%!Y7jsrW#!Jh%g3K9H)^+zSi@Vk+M?n843U!J#-bG(BHin)NhmuqB
zCKtUF7*4s!l!#H@PJss1EHcn#(lwN6aC1yGks6w##*_XOKKWHnXwH@`l6XGcR*Gi#
z_09BGGUYk7Q^q_9J>i6Fm$<H%1PK_ADt)Iq`YVxeGsPMoOPAP?Pp&q)o1HNwS)&NX
z>N|V$@ofdIAcZ7ugYF-7)KRjEmnmP=T3cA4I_J1Qfs&x;JIzvzX!~gMKw_CZnzsp*
zleD2L)Pv8-tq}r;U>igqQZzZ02F+T;+cX}UlHIqeKKK-MyDdw!2@J9|YCq6q1+trf
z%Yt`t?`;Kspc6+-x<4H1=@uz$<#M^&{)UumY07<LNC@#fF(HBC(9p{(>BJ_6`x)o%
z(m>lg|FZm_k1nCcjqwVKqxmm?7Jl}0`(PJ6T`JC}B@hcc*GakcZL9;_h(!9)066-=
zi@ubpO?yfAuz97oRmCN0H{WSIhiSAqRSv1Cs*CS7$3<H(KYO^r2Pk6cvj{WB;_CWG
zEN|{}LvLh$xOE*HBNdB1h6d7bnxRx}G+;`~u5I)KU?1Vgw<)0a4b{+b3wRzm;ZdNh
zPCdS-=%a6ovpAwzgcFJpI_P%63^pAFb#Fw<36Pc#;BM|2<X(6Bv0`Xg958O~zCY<Q
zkiZ|^egZ576M)l4U(Op56980lyYFQ>0*6n0ccE`Pi|JwgNy0??KX4;<D@vxvP`Jh1
zLnY^ZDwW+17Wk5Yk@cz-s^Bo6sJ1KPYZEyK2Jq&{?nI3t{$Y+bAscKgC=ZTDw3hzm
zKbD~JbQdM)ho4QiLgEN~z%1b$0TU!3pYE%5%aFt{v`8x3Y5U{)cj(#cQ!=(J8rV%P
zN;*?TY7D_rwT&2WKaqbj<7XFvOPviZJAMvm+jb#{NZydHgoBqXx(wyVP!!R)2OmYd
zkJFahpH}hRdW9pxIGel0C;HPQCZ9&vI&#-2@}L_um+}j{>F?f^&7T7;O|ALuPx>yC
z^3nRHx6+yp7cAYtLxYkwqzHMRdBlmHmrFZ^U%Cvq^`O@z<6Bm@|E}@OEZI{QiwI)Q
zy#~Avf{qvMW1Czy41hg3DUjuRKh@g-ib#|!tv~0cna3W&<CY?SnmQWvROpAk@xJ|S
z{6A2T#?UUIN*>Y|a-!FqV7By(bOB}MEn_cg+`jL{eJGT&claDts##MMlsuvKrg~xQ
zlPm5I?n?&Ap95~Do}IqW*llPyv$wZ@hAa|B@f;flz5)vEkH0P$=(zy$V5MgaBe6?*
zE_GUP(g^SFj<U(+;^G=Ancs`jwaHv5s#93sAc$%Y!@`0_p6yj3pB?=8u104(C3=1`
zZ4MkBmm?<1$X8d2&nqVk%bsF*9(=!MpKQ`}HqY)Iehl>M*}PLP^w-C|z?KWhQb?2q
z?p|5IHl%xxJ5>B5F6wgP$BUS32;AA#rZ`(MOil%38MV6Pw9oBPQyCcfT~n*gAj56w
zv>sn<z1=^kyNZC$;h7k)TBG0A{Vbs^8U{Pi@4t@A`G;&e<-^4pN2tbnN->CN<PQJ}
z|7<;j{BJd=mhNph&{xJt_)O}yg;ZzIG-Er9`846`TKLD$a>6@$s_b7`!@u=1U3ZkY
zj5?ZfbV2hHFT&NMM|hu?jNd+kf*DIkF8Yj7PiKRmG}7eR>Zlzz6i#r+sR?WtfY*l!
zu%z+gVXfW#62BNgZu72<LeOa_FZmfzL=P4lih{N!ntTFxu<zwpIYmXGNnS@xV~w75
z5OOjy*<=q+MGw)d55us*6DHJ%I0U8}S7j9yqoHm)i{iEor?7$^_9);-9^cQYx<Vm%
z`^h_>aM1(`47d=Q%R0^Y(cz5C<tCw0RlgS041l+!4kD#kt_t+@^v%oX3dXk%fvr%s
z99xa#LUvYGe*pH%d_y#_U@14%7Xt=!w*lqRwUGx6y8e~&X3_~;IPM=W{M)yG_Bd;Q
z_Bj7(y>df5Huv^V{VM1_@kw3K{GYQ<dV@X&7;KiAEh#iCA`xUCF*>vhfKh*}Nkwu(
z*Zs+TpwMkpZWJ+D>d)K(77EMde)J3FaY|VVcd(+zxBXVE6^IQzFeZV}beVuvyG%=q
z&pU_G<Qm!=@Tvn<RWCLo*DeC<W8KDCJeU=8jeiX|viG43Jd~A{ojKGrHAA9#WF@QL
z=4jZtcD;ITN@eO1J&Nx4_zz_N#SFAJLd16H>OVK%{MHy;Li<Go>Vy)H_?wD;8>MyG
zVVyh&h~Ztow1)z~kbcs0Uq6pLa2x>m4_joD*m_W&FD*oGj|lMbAMj2(eyDhO6ANoV
zp){y9stvMbGf}PFF|yHuVS58u+6v1j@I7*a_9l09b!CE)m!pJfSAgy7Y!Pti)XQ)4
z6xyFCF9QM<1CLF5BPL1)^wKtJ?>C{;qD8h;$G4vZp<-clR{*OzVRW9mE@_wn#Dq=Y
z%Jj*2yuZ{I2__cK2(SEVK$79&!67nI;}9g7S->_hnlH2_EG*2qC@1G(gyEfuR>kzQ
z(___NHb7&pD7?B@U8t)3X*==U#s)hiZ3IJezehLGIq+3>qg=t&px@?p|695Nta~n=
zq4v*bsEY-a69$7_w;u5S{lLX9luV5%B@=fQ^p?xqS7ic9N-2me%I3o+KEDl#klF>J
z&8L%~a9OI=*`TV+y${BmGEQ2Q_ja8w4*+o!ImWl6?a^zOG%;Rm;h+|rbgk|c@|Z?1
z2u{Il0(71#fL|U8nF%H5RTzeDz5pXD`h}fUorFBQL69G@ZSExWiTr_8QE}~Zk_TJ!
zHZPE>O-X>+&*PtETS$H@y09-4T@psW6<xTlM>q`k{yatcB~130a0E^S-<_FG10HY5
zy{can7cBpZ9<g?!H`e==X7paY(7&bL`>lVw&1i!ChbAttZ!x$`2^_x85@zt-wb7t0
zO6&Dllw7}giF811>DaYCeVuFY(#ufr>E3)!YBn*%e^{oE*fGNeQw>P`*ouj<u;%%+
z7^}|xUz7g&Tp!Ylq+-G1_fkJfkXrt3TKwbe1)SN%uK+<SkyChN0471;>oSCNfEhN4
zE`=rwzgGB-^U_b2KPd^bkJz=l-<CuZ1nvnu#{R<%2&};X|NAEi7i(VXx$9)NCSw53
zubk}e#T$q#`&$Nw^=}kJFT3SZ(lOz{qAt~KGYowm?bZYByZ_%jFd{f-fW1fB4=3#C
zku~p1<Ey{lBmCl-W&JJq`;X6T(YGwJ!}69CDMy6hhE7}OuNeCXy=;nAYr4O|c~9-H
zmp30@yu~MuF=T&yi-P~_EoS=LODNLN>*4{ja^n*Yk6-)ET>j!dbKw3RT~AWq@cf??
z7qx_5R}4orpa3^0|F9A<hYsvxRP~;qh^&b&seix9Cw@K%-y*~*xlw???Ox>za%?CZ
zd;5=0oaX1hl{zqv2r%&t4Qqa{$&}pm+uDP<+41L{?v*@}PL;#1e7}GC)x{GG0P?J#
zlF9%01ao}L>|GleT~jNR0)QQC*_RbW=Y(jG$H^7{s8yN9OX3<_`MD6{IQ#$6qK)V#
zw*59ps+Rcp|BvPf+jk2op|tJ~Bw%*I!&n^EQ@UEWu|iC2z39a-+b<CevnJL1$4sc@
z;iuW#*+k(+u>|{-=rK4#*{O~CAdr~I8aLHlyPLlvKL({UB=G#L>`3_}K??cD_WFCz
zrIh16R1};G&y5FC(VF@I|1udi%N1@N7Rhf^SEQA!oe1ZX1r%Ny-6EhMoK-<)qVub1
zt4Qh_yT6aF;)POA$%&{WI_HuS{5-9|RfiG+Kac+{O2myQz4~uH7;q9`L~sv(#1}%2
zi19uhGc0IR@AakOS_8etuQ6J$G4~imso9x}^D==EWto$C7coEcXqYd+&vh944>Q%(
zBHU#SPL{Xu@|aj`h9v;cKqaUf=%riLl(og_=`-1eEly{`!+mqDSC<?<=itqF+Sy@n
z9K+uG`d)t4^23PW+lFG@ewK=nQFvRx0$ssqdh2f3n>P`jz(-E04^ghBp|M^n()WBD
z?V$EYEjAW5y#dZVVWb*!QCDpJ$^A-=_~hVBNz0;VW^HphdhTQ_J)b5w-9m`N($drJ
zgc_HA0b&uLPBFK;ec?;<=cn)&nof|9b^s5+c2VsPIovO~$b~E7HU4Z?mOP(}@;oJ)
zbKQ%*28%7PA1)V!gs@mL(iL}FFh0`vW#SgAZWoERki7EDOqS``oNOqH2xA0c!IXpd
zwn|g)empQ1AWt^G%RslyXgvu_k5ySnP6DVsCI*Hx-@Dpc0VZZ@S-I@abeY_6i;a>j
zGld(}_x-M7Q`{yObvoiM)UPUS6*Mlj@5~8rVaFe>l{B+E1$54}aqo9q+gLjFw%m&`
zK4D?JyDRaMKxvfi<KrWZuDvJ<8D2{L{OoOa<@}prtpQe^^F3~jr1HAiw?WslL)a7O
zH?7C&BSR@gFNxP=65)>lo5TNo(f{-7YiOMW5e<HC5`NJr$ZnxQuMy{UnTAxi(@f5o
zKascrg=VRS;_h9=rg}VS0x2pEBaBcsa(zqT_4FO}?i<Ya#|VCY$0z4r%To=4t$XWo
zfuTsHrPvRgN%js7*2TV@STq+xG{v7nv~{(3{D|Gi(5FxPVQYfB+J%kN<z}>RsRgC?
zR)RNoR-z^80<h^}zShj8z1<MbFe=MDl5U;{9}!OQW|3kf)g<}EM0vHLzP|ifvyOgp
ze}8B%kV5QgTf0pUSk}@rOecMTZ`)YZcNc*4g|)`5m*`Ii@NY#PpUlU{;;}N-jM~@X
z!3}dyw3B^ORwtY+1v7pBp-h_v&9{_i01rN$crPp91XEdWlSWgj!VMvu1=jHy`Nn{1
zvH*cY@={Omn_nweH`uV1cBr|}(CQZ2iRiYkPgG_ra}5pg^b1?0;}=H!7N)uDRvF=g
zDZFr-9-zkR=*jNVg)PBfD3`>z0~>tvk3L>=8%VQfmJQ}B5vMT6NZ~4$H*ox!nIQc>
z(_sFg;bEATq1B;)@qtodL%IZHL1YUH(~kxE-X`i83kyLdTx$s(J}C<=bFi;8S*?}^
z4>7Nb8_J7xSKY^2=Wl5inGO`j#|P$hpZZ%l!hBl2yuPRC-@z$bB1-lK`%SSicvGN!
z4>)8VU`o9DbzA=V3W8kXLWe&4=@DSFCs8?cx$%1+!BhjoE@4ptudNn~F+sEvFzv>D
zAMlkX8IqU6MXSJ>ZIgONKyG8Fo){O$+>&_%laNERO(Eg2%oaR%afc(1wL2R6)<aKt
z9~1B>Qt=te%s*$bO2_>$r!;H9qXHv)9UOXk^LQ-RLWA{1d*V3c@$E*iUe=~(e*E}X
zoad(h9E0EXavT}cLn`8R>$Obave~;Bj%-)W%!KaDmJzCqR%jBr%HuzGPBZ}2d`xT%
znoyJD0r*fqCjvJA3k0z<JnCN>K<sqXV#B1K-?&V6$!wSkKt9CI|L(j&eLrRBdJOx8
z+d;GGBNDbx5;a3?9&%1|#E7@ewXOJd<)JwH456`bT0DmTTId#T*P#NqXS&1AD`QeE
z$hYr_imi;m_!(`0iK3~isc{GA<(CkJ1~1+9+r(X}Y5)$N3W@M6AllRsCKAJ&ne}(F
z!`)q<R9#5^D!_Ea7<CMJpTr7VbqL_{<&2K!H(|Crmy$AjhQJJQ;zO?B8;1BD@X?%L
zta~+X{Xe9AcTkhx)~;fsSm=m?Ac}-8C?Fjopn^i^y$FO}q)QhiqI4yIbV9G8_ofIU
z2}O|>ssf=G=>mdx2NBPAe&>F3?%Wywcn61<ckjK{+N(V4S=)uvox7SEI$SO5_@4S3
zt19qg{+{DLyW5!eRNC5(VzcoBI()QZ9GtmX$yqOe;=ep$<Z0P9{R-KgSs_+t8&GH`
z{+fN0(L0!yFKXx7dQ@f~dK7|wKO-lLzg6v$p7rr=AoX~bI9*umu<2k;?{*a&w8im9
zHbTW>jb$!^p@3@22GYXDXSHoE^KfOXw<c6?yFMNbOnSk#fVohXGkDxnvzNW)x_RGf
z{07slt9cQdt=^tYQz7ShhK)-&=Oc4_Z*mw5NU%+sVaqZyqKpv;54Ud~ah(ezaU9JH
z5_O)~ddJRq6vHXnxp`WXk6-;#;-jfQfH^WebJIH(tpe>KH6n(>$=4(pLe!I%W(RCj
zL~~X5_I$>6c%P><lkr@B_fCzY{+E+~q)5%`lqVMtk4BWzaD`!RCR4QW9A=<|2Dw#}
zmsJQWXS%j{@5XCw$+WgNoZE-Q1^?436AborJb^PqMCLIRka>{2qzwrvIHG4zQQ|U9
zM}Orw{+96Uw2>sh#!Br;jHqd--_~vv!DUtl7k}AQttVFsAp4f_FYRnSy%aS~JdoU|
z^&lrD6&KWQWn+gCA3z=YAOGU-V8SjUlA}yFUo8ZhnMEFbhow5%2#A7iHVt&tIzlUX
zsMw{ZZI;#ebeJfeiI$<<f<1L_cMC$jOumB@W3$y7g#mqRA^sw+!eT46-(s0_2Q&sR
zJY25P4(3&O!M8nusZ|r#^_zMVLgVnF&={_<alYg_rpV<6e`wC+L{y9K`Vcn#ZfBz?
z*(5_!MK<-NOLEbA&VF34qY|Y>T^EZvI#PZ;z7+7-;jQ3unWBOuv}R+zjPm)qlP;TH
z(76lUN&SIcf^f2<w&RoeYU=Q!4^yj)-8~id&LNH$(S>gCgks3!W_&beE`rB@ZvpyU
z=yh=0gHD%-M<kM7)8t#mfwR74kK7GlFvtmegFEIO6Q4VCeU&rw%eiEn7%UV4APZ?%
z<35^m&Ou+-_<>W6+$45ARzCDYPN$p8f?!V)07)hUGx^qgDa+xrxqXxHWYN1n`HyBI
zn+<bRU2)aL8*8g$ONAq2JL`i>KH&?uVZGNuD&&8$A3De<F;DrGnka7rub%889K?9j
zWwwzY0EVjW?Cn`Bdvzi=Y%Y5M8|_%jk`>BZp3pr2F52)LnM$m_mqQ)?r6o=CN*e3s
zKP_pruJJ-Hn5&j9tvfcCTWMQumM;SIA?=N*6L8unTuP+LQKuUHW(i=E+IrFPfZ)HR
z*uqr~W~S`)yb!iQD|DtW8k%L(zQSkOcq@=Dsx@Bg1$+~y-Uvl<TlaWr%jj3nvvII<
zm#I-Eq1zPHyU4`iY?_30KZs31A3m7Aq8H)BWpPQ8jdpQ!K{7cO2^A)rj4xm6mz}x8
zKT-er+@&jq*0gQHMc=V0CQlyaGG5NRfK!Q7m77!^sJ0ClnmV^T)c-Vw+X;(M=kN3z
z45aN-ZTD;WXrd0xLCzUnA9SAbV0C+un@fVhb?a*CDR;(Y7jp$=&DRS*;uGQ$ISua^
zbpCvL93;(~cp={vXsKGl(*6A(SM4?Ya)_yIux)AK^(cJPIunqNMPPlfb;(Pq>Aj_&
zw+2FS8~vZP*0<1LG_-_G7>@J3+U2H_G66PsCE~DS^9aAG)=es3rWLnKnV?-vvp3Pl
zAbqSR$T0TD_f+>{CSnZbvHuJsIFNzlW)eWGMc@(ol~lL-BrN5}*blNa>1jqv=#sj~
zT{>wB(ZKBrl<%u+{e`HMr*%*Fem&{`s`NlgHth;gmuF<?%~u9r?h<Wv#+igxVQuXS
z;7+afKOWVHisIYd%$EdLH|jJmSEuMF9RneN;n-WjX+>09ohHq4WNPEe=e?5FMlgm9
zB}LK*6&AS2jT|hulm!#6BZ^!rNQA0DD`o}u!=jEZ$((5Da+^l!>LhPU+Jvcl;`j&0
zpIV9x1?~&mXHweK-P>qi<yD$uAG$7!DnV=_IpH^!rK?`$QDYc_qV%<dvJ90VLRZp^
zk>gw?gVvFc?~4g4wnELy`_(Xl8b^9^v=e5@aupRlHx~$gP^-6nOFHM{_(*%3-Byj{
zc-Msyg+ZBl8~lY>nkq)o(nwNijnjJ~=JlrSa1+Gq0=z)(B5Pyy8nTdoopmPA(VVV*
zp0?IDuD8opc(VvviIs3|*Dse4lxT_S)UB{BF|;qQHfz4XDWF{>V!a_&6IsmbQpKw{
z(xI%~r?6o*Wf_Ty%+mgHF)jY5!^XU@aMB({(QEg`8ikS2_888F<Aw0Kjr-oSo9{q>
zBWR?nJIjKnOQg1ISkTxqKGHzGvh#XQqs@b9FZRnwXrHtN-6^@^*)6^Hh^o1ixH;{y
z;h;ECH|lRk1Mk6iH6Hd9__{g%c+xwDpiRF&8MsJ|$#J;h)Cp+$b^&rL+lGh~E=&2J
zp;iaZ{deA@xzw2T*?~3f<z-a_g?64AU(riuYRq0;{Zae&V5soTr0Y_2wAM4wZ&8tb
zWAkc|XxgZ1#=(k6uYUe0Zqo!RPBKw98(w%{{u9m*GGuTkCvC5u*|Hd}8#ri~$u%ZP
zho>EhqUM^(vC2`8Qsq%?QOyk2TC9R8J&`x_-VQ>BL`u^06SXY$6d?|rq|K|BP}f~0
zI^``j(h#Ja4_$j|ZMNjKhX);INH6Jcedztfh~|@c468gcYUFejjm_a??IYc64nQ{-
z<{K8A?EwuUwl96QT+pSi-E;26h8j(eZAZ}|d5&KTo|Qf{G23iAA^WpWx5niaZ8U?E
zTWc4-xK={2T;8Dcakg5@%x)iAT@~`f*3cpkskU6=osC`C;lJbk(B3t%IM{3VR&QDH
z_sQB^<B>$F)xAm>SIL~oI{z`y)e>Daqo+isFfke(SlPx?iz>MfcvvGe@LuP*bZTW>
zcq@JypX8Jf7S???=l#P(afjc4-H4WnaJGpZ!(7!7yrmGkyfkxool}?o%hf6=c4Q}6
z?zC(JH!8>&OF{~N33`+NqYM4}hhN=@G}w{C&-vNnuygW`NqxUiuqepWsrSK9+`L7x
zDoRi3{@ZGnj2kt%iNe<9r93XI=2MCb@HRdDWekr-jbRDQ3_l)Qb}@~$Fn8M{QCl`a
z1v2NNzhEeTH+i^mHkx})>|WlZ`mGGbE&*;`K_@R`#gR}2O}!b6P&&0)^Q{^x#rvjx
zQ!!L6<M<|?D)o5NaxYLQ;bb%adFzG~>p4ef;eKN==|@hHu|n3+NKPD4^{<~;8_VUK
zu=dC~C%b^*H*S=?mmZD1K?nH9IVsk6<G1VEl)c*$i-km$wB;0k63Le3sHe?Y;8liP
zKTO&s=s&clp>4u6CUtJ{3nt`pVoiF4?1i7(w_oTn?X5i##DE;kqlTyRdomkg9fxyt
zmfkZt4MZ=`jysguU(HQini+EG3By?TC)ckzzNOtNnc^w*G=fd_lv_u4tX%p!4vs*5
z$U66uX}4DXqG9X*PIPrV@QM0day3*qBjo|A&BPxn4AT@jvQWIjTl$EELuYUM#9De>
zP|G>xf##C4y`hPvZkq`e3c0$jx9hChtGRNE5q!E6887>DPnEzvYGlC@Q~cLCI4@6;
zf<~_4q4bF0lD3vSt*twicO@KFs1w9oFw&OknAP6A6h(HV_QP8H(W7-FGdeLevRu)D
z!&shNoJ(1*TC!Bye8r1LyzS!<fSgkUoDNff8S?W_L<26@;|7nuLptXuwMnRxi1`TA
zlgZ3=wkMyPdan%r8Rs-r6YOi9!N`+3@u>cJ$GUJ7PfItxsW;E2CnxNICheR{Y6_`*
zu49MEoO$`v$q5C0biu@iS!ho6Na6l@i5Jzlh34y`ZM0EY+`Qb+dfd$#OmU<;L3HvG
z_8&5wdZyxL6-H?}HPq_G-nmz^5tVl}q_*TY@t4r7TV*bhrAi=&5*^joYv~IlE@|%k
zRup~B-K<){d|j2&AA1gai{P*{e5J3zNZ|rJ|4-*6j{=NNe$~ZC?V=-FPsr#^<nZBV
z?rV|Ar^1pvPNzC^M7l<8Fm45?bQO4{t8K`jhSHtx&`<T}eX?o&`K3*JV=OPrcBGUf
zl3VvfVx}vPLG@LAixOj9B{Lcqd6d^I@=+bv*p(XjJjnQurV}hz($#r&4X<6jIuNwt
zUVhcIuccbl*wfEiv_t-~{fBf;wDSqW=(yu16y^fC4!5wWp*WQ{G%E4^tU|gkJmZiI
zdGm%G$XL0TCJnCC%LT&hnv-%SUj~h2y*G7hFkDv<#U0J}^?Amz4C*Eu&+BmRIbrYJ
zlcpGSfAwY=gvgVU*(uHw?S#?fPSo?7+;Dne%GM{*e<5k<ls8(Fay7TPY^zMKscn)D
zx@OuPP@(5dU%(Tc>wQH#WMy42coJ>!!QHUV*-@od>ise<gtErZ-0gcjQ94XxGgAE=
zztz0PX2Ha73h)1$XG$ddHpc}Pii*Fy#~$5xx$h(~8D2`?QnKP=Vpx_d-Xc3s?D4f%
zE72S6^1{2_mvdD3<vH%SG5(BGDe&MaWFv*+F(Ud}kdhRvzHuKmulA9m4Zf|nG0)#b
zL0x<SR})rFtl7X3quw2(3~`FHVg1<qG~T(dp*fJ2rYOiB+1s{~_T!fC9+5t|gB+Fr
zpyh~0zKZq-?cPY694>ot`si0<f#XUg{GZi->eTUS?xg!WR(uh_FP1O(cA<wo^=Poj
zmc>j&>am&ULeg4tPAZP^!k$sIzj($LE~Gh*;h(tL+7?CqBA1^ZhrYDEDOg8xB|RQE
z1>S~}Sr<x#=G!||6Z}3)a7GFHxWsg&r(0XPvUbq!)(5wr*3?go704k24D|5c#!;W>
zO`?Y2cMd)gswx&6@msE%b2*91Oe2o#@LKt6srj$+<hDFS<(xEm$7?%_ri8Dp35T-t
zjL}_W4b5*Ky%C=bi#q?GYq@`J4rztA@(BLhL1A&w`4y4d^Cc?ur0@*N<Ln$_lIlV1
zcYGNoZ*O7MP+kuyB<^{$3Lwz&Vp8hZ=#1S)d11bGr;uVcQhXG5tg=n>`EO5!5IzYv
zI@xgQ_@|93WjZ|={=~dMR;;ZPQ+yl8Y#Rqsn095@ZJ0;ja7pqzo$XMm?8bY{4UH6s
z0RV!26jwKT*@t_o!uCrbCYpE3sH}Ah{kq11o*hj+4hW_xGCe|bGtR8`(=6M9`$yj?
zGfgjw?~V3WlDe_={8=cj`6bP#ycd&c6L%>vw?iYXkvZzQ&<7WUUS~$e*`^lF*q&#{
zdx86#v#Ks8H3tpOp-t5_0X>va(j}6sranaVz}|u@=x6=fIT7#eU?r0q@71H(RJ4{y
zd+XwAm0Xu_oa3RJl?$|EJLa7uyJP8LwjK^u_5=-47q>^luYHT>4>lFR^yOY`*RKm+
z^;xwp`XD^HmWOj{4kAJ~<Zh+Y`n-BVMUCm8cKDC<R(}rVo$Ol<1SoAR7@@d=amlc=
zQCkt0hg8V4SLxXA$zrz567rsVEq*jenNS#8Ao^VV=5*pUCEy$<MUSsJ>J(ZO6%N!*
z7uRHEK`0u8*dtC{X)%Itev0N{HO<k?&w<?^F;cxh%M<P*JB;bEo>^)LgXduB&1f(b
z-@ZAwEDXahin=YJ7DR1G)!=8`zm3W26h11#O4!xm%{Z=pn6yF7w^s&JYr4#JQwGm{
z+|xws-1cSKVT<4rd(NS5vpO}=`o(!;NZ6BJJhT|iTu%4Nt;yN4FQcrqdeSD8tleZh
z4O`@ecx3N2^trBx>#78Dot+cy8@rX;CU_w(=e_Q4Wzh%9B4MV4i;Kw&xgbc+%dKX@
zcaQxg-Y+N&5SNqmwFpeaRISp<_s#F?jXB@I2*e;6q8WN?gRj99wb+RW@^3CK>~~X?
z^L~s4l<^|iNiUnLxytnhqZW&^@c2z!i2JzQ8PkmnZrvNr?o(9rtbW7KINf$eAjpvV
zEBYbWoKy78A7=L=|9A3EsbpfUva=X4gPENSKKLUUR_;KY()p>ec{dX#Q5(n4!{#aO
z0glJ!p}TcOTzcf#%nftPmxb{Ym7hE~R5MDQ{n|)B?C$(3=Cp|usPnsZa;}F{GmT$F
z8T8ap)dbn~6j!zB)c9NhQ@OPkoftGjr!X(|AC@TCXtoAJWAZuU$P}c@iziDx+C@Yh
zxy?$7CCuPLEgG(h>KvLZmyWUNqvjVX_1GU*E)bm{CB|2V@Nv#-FMres@lc71i=Scu
ztr|vE5}Z}Se7xl%X3?!4#<Y3N6Alhzb6X(vK<B#%_s2$!*Nb4^F=*2&p4t<+`;+Ae
zTWV2jM4v=3(h>M&8Qw9e+i%3-_GXDu5aoEg*=}jduUgeuO|+wBwodJ1K1+d1*U;ZU
zBsddoIE4|}KQP?O4b*6aO?HO{b_#)=M4aS_3)%i2mCHNc^Zc7*-(8JVuR4m<s@!OY
zk#l5Zk-T;OLDAAG&AV-=BWs06e^M&O^>U}FX!i)@!US(@>g}JFfJE+&rXztJm6_Pz
zUquT?%R(LW!?5%kf*SJR@<Z7tCyzTa_yv~+Azyg~qV@W3Ybxfamr_~3<nMBdk0&So
z52+ODqq)7(E@XhQRzvg3`3eeUwUm@c1@j2mqSZ%AOM`M-{ODWeaT35KXbUMOQfI%6
zlXuwJNa%tJvask?Tfwbm@V#ye)n}Zizf-U)+;=`<HJpPOnyRb?^OVvfG8I)(P-V69
z`}8^LCDp-(ZKSiptF-cD<~(h^9yZDhmuRn<{4CxXPD?XY-lR^?FwiXJK&+%IM8Dt;
zTW>;_YLifNo5J|wwApJdmMQ5|qp-8I{#>ils8143lfkg>wAAAvk&A`eB-neJ5KmDa
zP0~xa${(M`vsNCL+wDZW(f-UL3%Qo@)cITo97pp#-kpq}JqR1g%^9gWPZURG$fjXX
zWc;S**N~$6!*6YY5{h|T6SrDlHs<IlRWsxn4KGhAW<NILT%9JR$x^f}n&v{E<BXl^
zFuWR>q$inMl)Vu`5D;}+PtiM7^+22Z;}SB5t4CyHN$H|eR$OouOHXRce-fSKq%k?(
zhk>>-U9hTg1wnOm@4Na?a2xgn3`}+=g?TtPG+#zP*5Gw9?IAcMRZ&(9=yJK@3-~$P
z^8{m?>%A-bykY7`qGBcT?zgd;lF}Ex9iysZ=en`Xz_6K3CgwV5uQR9iYYjKN1|-TK
z=Z-gG$}?V6@A^|#*%;jMTRwH!FL;8=d8_j?w5XPYI6dIwzeiUm2Olc@;Q}~9<nBlC
z?`;S!%!9BbxzBt>U7q}_pbTvk=Ysl1tz1ei8wnYYn7B8kq}<h-%HNS)amGCdX2z;I
z2V!KdZ+Y9M>GK2Y7yWzQuB#-7l&7k&Dj0M=DyjgzNduf?baOAcEpe>ni5g^N4FDoH
zP=bWw5??i+)xA@oS0|^XYv4AB?TrTMi}XeWX;ofp;3bV(TFNOG1V7z|nI4*2EXPDc
zZ?wNUeVC>U(^sMCpDv_(CW#`d8BJNkVK<y3%${DH%O4+&jK4oWf>Xb5c*C)f-+lM_
z17|fS*~FfHz~Lz`Y&e@!4s_e>gH6*&n;4$%!jHX&oThFsr-VA4#N9;&Z|JT2bl0Pa
z%{bjcBifg%^waYQDqJz{!kUz5zHe*$2(~tO!@4I=`pj%!Sxs3lHbI1Ys4q#J%>Z3g
zB_fmy+M9;j#Wlx^XQkyraKFv1l)*J}<#iv@f?ZPsxhF+altkGz_37ACV~(vB*H8bW
z4Cyx{LvSc-pu%<>vYL6Ost~ec(h%e`2Ul4+<)W2Hc0-FdnqB6^_>P!{y)-XPZ>QDC
zY-kJuj)#HZFdfgsskM#_55McVx#UKF1sNIFldJy9McXfzt-KeEEUS2C+~p(TpQXIJ
zO?~m=mElE4i56%0+=Iw|8X;X#;ME^7%{423EAB9M71UgrBh-2OOt7<2?Qtpq)i!Zn
zT^CI7nE&uVH%&#f8tR_?!r;f?(rl^PfQJa0MV3^xBF_G`Z60M2$_2q?Ud)nj7ILBM
zb!BoPx|b^K;oJt}SyG4H+5u4TCg<0r`NcVy|Di|N>>W>Q%!yS#d9FJlvpw0dm3Aiz
zv~N0Tqu*oZ&pcItJ~g>-<84!|>ri)Y|2kdYs7pv4dfqqxpiR{-2@ZnX#9*a1QnT{w
zJyZ?TZ+pMC>^U%248(z?g?_tGov(L;S}Wxk;^hYa9Mk1<HCjUQi-eOE8W(u2jKA2L
zGvz7brarh>?j^Y@u3f9eXBpDA$x<U_UO>zs6k8|usEY<ut;bW46jznm_xos<i>iHD
z0sV2fCP^XO(ez8j%ItT(MZLSs@b|ifY8{9^n%jRsAb-x+&xp;aM<mP9UHrBdMDq#4
zu~6v>>L|H9J_T>g?yFUK=h;K}N^`0wyEv;dB-O_5jkwj@Fhmdyw>$;Zp_NAuw<5&H
z{`nmTPF*uk%d7&M_kH4V3PZ&kljhia2(m%y{=7=p&{3O=`WXJa9~{cHm5-z^@^C$l
zcrh#<H-n9Kpl@x)$c4VTaM`#ZgM`zvJk&K5Zlk7&ce<F@H1?)6k9bnBe{3M4NnTt-
zUY0a{2j8uh-6r_HDMErsy*Ex6Q~aZGWL^xu`Js7hJCKfxvN?#%i}$gkZ7rj2vR0gB
zA07JLErT2P)#&kKaZ6vAd=t})#Rp;&JT=4tTl61G6>(gqZ34>JfSs7!#<U6`xBE`Z
zOE&1%3P-(W`)u?{I9_V+E-AN0P-E_p!WOpFnLKLPkd4coh%b^c>+2zS<nZCG6_G~%
zvtp=r{}olQA?leG9f(+3BtI82KapZ&Ey*F0Ba-u80B@S|W3`7IT6s4S#OVn&NUv|F
z5gGBB@~os^7H|8i>O4<%Nv+ww^&6BGzI(j?Lfyk%kH&2;I(_P*&k0lwrJu_b%#9J>
zLEd1xqFEs!=*N0LaHj-_4=!l;S5jJ4g48(EH}5~Gy7?+aZz{Qbe1DX9!jy=j=Th=_
zojOLD`?w#1>5PUm;fF(X|FyVP_?lpV0UAR@&p_9GYxj$r%pQ4;zOas9`R@07@||=X
zT#;AOc1+E4$8$BiAmRcDet!Ypbi<75NKV*et@Dh+4zV42@*NZWeUg+ZG{0remmES(
zBdc#W3#q;2e{XXKkeWs=zg8do_U&PJrSk0@YF%Zs1**kqA={A@#Z#u%J<ozK1o!N6
z3KyR6tG&xy{H}yrV_9S86OLclayM=T)DN#C{N+CPAgLO=ZoD@*DO!~zRW>VtXWm>I
zjBq-|xo1F1LAycU$2CnR=-Kj4MR?((o;+?twj+}1^&y(}5D7RTOgOt)KBNhO`nF%b
z%HY`tt!0v8%Qs2<kc|5d)kq`@vhkj=LsOkg@de{Fn4D$~EH*Up*6o+sAC~Ra-47Z=
z@>oArtCI!3L>tjP)t_<tIdT2lM*Q$VNpTESjfDA}sVg_rM^nPmBK|II_QNk&eM-;5
zZ6$+M%Jd{0H1B@LUF^K{I|Fjjs#qx)1X-Z(NB(U)HWGtky{POL#e^%s_K@vB9GZ{p
z@cpM6_ist$*dOepbDsYlzN|;}UB%uF|3PcTL`XzcZLmJp1wk1*{)*-IR!rCs{nXcQ
zFwoCYuFF}I`6fRAMqGcM<Q|-EYz{&z?g(`Ln}ng_#t|!(FTAHo$QDzA*Gw^*$qf1r
zB<wm{6h~Od?~}qQqcF|_`dVM;lA-#(<%U@V&#>^j#Q*xeh~j5}Fg^$HYvpDh-~I!=
z+&tc2=i-bYrDh#6x+CMS>ak7p?WE|-j(G98uO|n+73w1k!S!~}*5#Kxm~g<%O9}Cs
zvsqS2fqm3hh@NyVS<qMQ%J#BZrS(fzfmlapJlfpq3*+ya=^7eDGnxD+u2QaRzilHo
zH`2ry!GVhcfyZNLvgd*EB)&!j%m_s8AQ`j5a`e=R_#;M|kSW>o=Svc#&@hOJ#9#s2
ze>fS(lLVg^_s2v8qR(?0y|~f@>!6PyQaKPtsX}tXf)0&39f=ewp01#JhwnCOK9NHH
zP-g!=Jjpzsr$a!Ss-K3_NYK$@5)Gu02m9wIcK<CnJjBqS>;Ecw9x47)vCw2Q7Qg&P
z(tV3Zd#d@IZ4u&&Qr`8Rlhl}u>nQU70LXc~?+D;mJUoVOTA~07^^(5e0pbl952O7(
z+5WpH5Tw(ldH{4w=l=I0?-)LjKR3@I(#encGT7#67sQGh3Wf$yNNIjU=4%IkcmlHj
zKH`78kDe4iB>w)NuOsFmC@`RwErgv#ZxLA@Kt7r8P!Kj#y71tJ+~3Ta0ugEq3^KJy
zANu*<O@Y)Sib5;KZX7fwyJ*n5iSV*xe_r-hh44{X(mOT3z*JjRQ`4h8weL5^n#r6e
zK2nG{Plw-@I4i|mK=}kJ>}I$Xp8>N2e0s<09mYRAd2+6Ii-G*S1@%ATAm$c|@0%i7
zxT73oc>3ipS<w4jdIoVP0vr#W<USHD;9p<;?)D2PC5lBhFl!QU(Pr0L^>D;qe^`rM
z{dnB37Rsze^9TjEZ{v*qnCUQi72%jaP?oJ*p*!&yxcPT#+!j_WZO|O2=Db`5Xea)C
z)klaYB#8D5P6;Typut=oGxVx`fnv~q1%>uY(9>efwonXz1mX#^5inm*mzMV0AxQO6
z!r1$Ykqa4TOI!v~w@(4Cn<TF%L1AI3^f$~*t$$6QKK@3kkmIW}!f}Vzg+0e8ZIH}k
zE$K_C?dC(zs<?rhY2UxYc8Y2eBFuR{J-6M_r{%o5Z9k~@)8X14a}6^5K0xw2Yb$oz
zj1-;}$kTnv^8UR=-(G`ddxkhN9GODLH^ggjGqBR<{?==?(!139m2d9uoJ&Yfw=Ng$
zZe=IM_xH;aChV!~{oG3T(nRZ_49z;y-UsZ?akFSmmAsb)*WzC-I-v7FvwmH2ft4hK
z3D#@3fMjaj(-;>xU0ExrK#o7mx;o}Vx4@V$lzlzDc|#+>zKorzwa7836A`fPjfdX0
z4NTK6G5ZW=<IUrXt*1c$56bUY(yL+6jqnPz?!4C5Ph}!6q$1Wh5s!xLO^zQ`%aKvu
zc@ykP%QGzVE9QEikH?B8FYFx=#fFKS=$zmZ%B>+jF}pvcefHD)P3PnlxWY##0K-b(
zE1>tybYAL4UaHMyq~THfgv#&kzNu5}cyV{rca>o!;oPM;+)I(sei+B=gic0rpXVO}
z`8b;06=9HQcGalG1)M5m={;l9g9i`N>Az%t0Te6@E8fDyy<79xH_Cs8kQ^>siup0I
zRyHgOaGVe<z`GkJ%<O+OmU&-ekMAuS0=`4tIRHG$v12F)6Q5Ah&rYh=du>hs+*)1x
z{{ENatt7@%Fo^jn_}aJ7-_o&C`k7b7Kccv+r!s*C6H)Iqf`pe?VYN|h8m&qapAZ9O
zId@QfT=rEq8l?CgJL}tZix$?tD7=;2N&PyH9@Ji7ndr=Tkz}?VV|k~f3tJi8Zgx{t
zeYENqM(T0%PQ#S2y`9ujk8&N9Ua19Nb%Q1^ht?-$cl3mkynITf<(KJ3#3~0i)3&g~
zJn3Wz=1}zxAEa-;9i2-yJ7wqQ&L||S15pS7hDI>x++T@!^8{q*1M3@hgi--rH(|7?
zRd?1a>hVZTgN%hiM*ZfMm!LaGHB&Jm%Ms6^R`2C5-|$*7Q!$Yx^jDQh%UNyBUs>8E
z*Fd+6IKTC~r&}OslCm8vPaR-!g>b56kXehRoVM!85dcjr$O|_uAlOA*2_TFw)Slrs
z+&cwEXG862cbLhq6TQoMqDqSApuv8cvftHRd5BnQgzKKxP7w1>JiF(O@u`>2*Ww_L
zDML8+ofU$W$o0Szgd6fx3)py(JGMBEt&vbQ^nC}=7at{edF%v@2G>P)q_t*H1_iGq
z7uJ+mcBK&>XYsD9-T9jerHhSz(&EgB+((m=v4rha{#X&~Dt(QSs#FE1S#Ik7`PUrm
zTm0>Y#jniTv{{Eu`?B;BFVRF{&&;YtxwtNg%JViz`sJxXR^3K+>n<gy$d;5}YIyYR
zDU3sjRfA_I_Nj}+j)>iV80$rRcHdfw&d!nIv#C}2dJWF-6f8gr4?9f1h7yiLp2v67
zUIR7M0Jz>qb_Ll#yx~io0bN1rEUmU6H#d`=xecpw#51e_!Ve-Ln|>)Ub@g(3T3Uan
z+w`Yb&rj2{glW4E<?9M@=v5Z(iq(AOQBFBN?9^GeAvTpzS!qca-W~(S|1H7ZKR@$w
z*v-lC)VWK}JfSA!-(M008wss)iaU98x^<BCS<I@&m(ArM?=h4nk8bsO?~O^SuD~s0
zDCHR+Cx(QYa7a+?`p;wCl?LinzFLrMwx(Z-$2{CJ$7IRqIgp0rz0Ef5ZI*jW7cJJB
zwj2$;oo)NxBzjbGB1qhR281T2y?bA;oH^mz?{x0dne|*s&eVpVi<&xILnfk`1#)W?
z4v`A?5UaP3NtWG5G0@V=i7(ZJ^$(ZDG}#qowzN=jPI}*aCz9k%e`EHa)S1W69rZ1E
z7Ry*=avJXH&TWHiCYysn;#gn&y`tQELE}AL$)KeoNT{SC$msgbZ-e$ki|=2}7x*M2
zRA0|DEmMJ6&a&z9k*{f=>OBU#f75x|TBmM~6s~dej+~tQiB?>Rxl9cCLlgrq7BJgA
z(BX2rZ>|W&d89VU#HCn$Yed{M@347@8;UY;$E&+1N`j%qceWR6>=#=4j~?|UCm2%|
zh~(otqO&gMqA!hy(oWp;T=wuadS!ch*88H1o%O2mb<I*yjnV>2PUKu~-rb;R`*glO
z>i46*f*)b1w#A}5zMsNK@6eFT&m5oK{R!zozISa3_f_5<h%~)alW$P<5P-%!c_pE6
z1-f*nDXQsa3d#P}^@MjyYsrc%_55sT5N!=O{%Stw8#TB_HCfA~mTRCIHQHbwHsrDL
z4t0F7c9kbE-}GVtt~%fxV@k{o-zc89?Y#~>ba|^dcZOU4>~{K?a6C@~()l7ujwXe3
zpidA5>quBVoq7<?`#srr70-Ma-Hj`Q?M-}9%682k=o(m>$=tb{j($Cp%iEBGQP25!
z+f{ORZ)Yi6wY%EI`oeXi<VV{2_a^}X8<j=ui=&u(6|l+ieBFvqKsOe;iu?6X<H3N(
zFQQAQqa6~f@;fDe1^etQ2#v@R9c`dE*yq*9Zq@g+HXJ>6O4v&+TMT_3sv1-l@2P3A
z(Q%PW(;*aQ-@QlcvN@d+uc^pr2#rrWGq^Fhg9Rnql5mG7;gMf3E}}E3d}x!aqYh4F
z9?;6N$+exp{F^FTES|3oW_-_;Sy`#FoTJ|p7az_|&r3`o#oJX3aSZ?TWU1h&vF_uE
zm9$5TtUbO6wr<=nh3KCbIgFCvSZNcl&-O;jj*la-b8oaL!owaIHvRHAb7572^6#%y
zvJ$)+$~Lf%%8<?3o}f$a6Uyw3;5G!aZ9O<0Oixd+C3&e_vd7iNJg=AN_EB88Y1!rf
z{ETPNO3>r%J7Jel0J)4&t%h!aj$B%ej%N&d#<|<IE}5`N{>_m=)#_R>yh7+fqS(ul
zaH+Qi$DgVn&7{WIpRP}e70lzw*9q|D3mGWO;>>%z1rH+!XkqGwp-mxf?F3<oYS9<f
z=}YmWy+Qr0efbd~vu5cqpK0_4;8?YV_wZ3ocGafG=?PNNQ^@_gxW!e3oeqI&?}na_
zz^UcRpYRy3GElp#C2a^?qcCwH{y}|%3hU9t*qfGC8m7^BLAxO-UoPFrmH3)AqlC`I
z4~W&nJMZwJ>e-WqKIwK92WNNNRR}Fnbf4MsUytwz6~V*)yy^A}obC3S<+gUEk~;fM
zUkIq!M{#JP@4L))E91JJ{)jd-8wkU-->iw7yp_IGFZxuYz`#~Aa|zIHo$5}OJ{BYJ
z=<5+nL>?!Sj$22@&}+HMp!wk_0M(#~fLnd!V9%23KgZ>$^YFHUf#|APFC^yynD}SF
z2NJ}0^scXHlA}9=e)(~4t^xSm1X(oYj5Y;Ut69-i`<sp#a2<|@4a*BvG)PA|o8J@P
z3wozk`iOdAXYLKk+S=~Lu*DQei07ztD4nrtQMp5*6l-$JDKM!l{@QLW*B}k1*ojOM
z+(^1FPV4`ZqTck%zLBKS*MzjFm9itNc({=5lro2%nSOe?FjqIr0=+7zLKN34blQ4x
zk{62}V9a{}{%UFflaH1pzHqc=ldAFQ4}+MNKobpSU>ifDe}aD7Tiu_}CBu3xjYc^R
zuJ;1Tc_p|!Zm9Fd`?Lvcm#hm4dLpe+-9g-EmZ5I>^HmX-jT8+3ki_Q1Lbo);T)2J9
zHla|_z(Pwy@>L{stISV4yZKCcWm8=eQ%w3(kF_1|Y_Awf=bsb8vpcgEbz}j%VF40y
z0yzU?g}GF%?4Z59N6=GmO39#JArYe(-6v1WSq?6Yd?SR!L8Nt<20L=RIO$0bDd?c=
z*s~73^d}JO+c#B5*W7-A#^166dq4)rLEStxGm#x}b1vG@0_1bIEvtSlRE*wJn0y~_
zP8Bqo@+WB0i+ik*gE6~Pz;S|7u_-#kAT2E|Uw$l0W{t&^11}Q#^fVdq@mwN+&DoI{
zdQe%(qe$@$RciI#F1E}fA;CB-F7~r`#V91-Ti9tUR&pkypum&6kgnU6BZ~JPQ{6}$
zsmybQxe00eV5-5Z`TomxKuo^zO2_~oCBu1{MWIuI>4FeTN3hq<s2Y1lFieCEwlsBz
zKFTE>W`@{iYHZ$|ez^)4hahX{SKgESBg#EW{?TsVSK*Xwfpw7o%4m6zZt)P+wj3e+
z4vPD5H0e;wt`QT$Jek#fJ(}<512k6!YC?{l)1RcPflqWharIrFVOT0D4F`GO(w8ar
zsV^HQ<%(vUa7Dlz$JqXc?-(gulyUwznIA|+)Qk@mJ3P41wZt<+DtehOW>0*AQ@$$R
zOlx5)b1`irf3|hC1mWm0MD5hus&|<avBJ5#gwl9mjdk52$sPCgUoTR=up{kDe`<Sa
z+}z^rry{xLEQLY2#@AK1XefI7Srw>JA_5%pvbQw*i+0Gp1sCZ&$~qquOK>62@Qoe+
zYgiAXE7Oa=^&_4J6F)YdL0(haLB5lx_8i37f1BIiu<V=Rj?rE4MX#>h$uexH&$;+z
zFic|m&1_&mUQ?6IY|os}dyn0n&CJDN`-mwpLEB}Z)Dl$wpO-#j$)x<aKnkCfn6ElD
z{d`*;&-!?3)w0xK$0s^E)zR5<TdML^Xz=$Tk(i5Z@~9ytEfu%9Znce_#gC75DqIQ_
z=x?q1UP&TUeY!4DtZt=mez+LrB=K(L+}<Xm8f$r;n1IO!sg+u4<xl_=7egERPsx{J
z-XZzn$=E$lymlVrN`?<7halUD{#t>fm@+<OojT+kJ--acb9cMor0WK?RdiF1u@Hqx
z0K}-CO00p?i$5=B<0$~cu<nC^-w}6?Uz$1m_{vl0*62BB)Fq*c@be8cv@O-THVF$s
z-is;a+_v`fdmMQY4a;vuVg_5m(iAF3e7>X47S}9ga;L<Q_0H-KZYq!|jPo(ArGhBz
z%Qm;CWmDGU9pM|IJ^uV#&-yMAMr#k$&ymYcDj<83VS=~M!T&~mhq}#Ncsx%9BB~1+
zlp{en8WjlY{K+!u$?a#EK9BD1SfPdrA6~g2;Z><N9e>LKI^S>`xW#H?m<5wCaYaD=
zku)^Q#T8))@>KC+$`H5N?ifJdbwb;o;Nm$>&^a3ZvKT032Q!sJH|B8)PLplDN?@%0
zPbhOg4F<Sg5e$@6s*ua<&8!i7VM9=TQNdSJ62Eks6b(znRjUYr&#3|lc?z2ZFTPhN
z>ntT)i><gg5sm>->oZjnZXZ+P%9)ZYB$IM-gl&GgxSgslXbIuB|5p59Eos?lVX8+<
zRYj#Fcus6`*GEmUvQfg9&rgv_l55U98d{~lv(cUQvYm2}r!qkFqL5v(WEA&mVO0KO
z5I7c`43a-o=EDc+JNtp-(P_e1N86|i1g4DNN^xu7Ad-Ar+VfV2l;~ZNt5pERX;CbR
zfT|dzY}oX4>}iW4v8t<++*u$Hq-Ggv)T{T3c@7}|HLeRtxVSQejzjImhp;4OYAuSc
zx{W{@>`YrsNvX#=$3TOxWF)6%XgxJwGMNl*a&YkJ3j$WufZI}P<Jmd#?{t1f>TeNI
zb+4?{c$AnLKI^7vRk-uk?W9{<k0=@V#^-2eOU-DaKSl6*&8X0ePR!KIe4uqP)otL>
zQy9IkKfyN!5aUDrLP@97RGNceDl71@TNpYXR`~3=Dqo_Nv7TmuLHfg_`x&-1wxr)Q
zgt}8SPmXY6?MED*jBK}+L1W48GpsYv1ae3*JQLm;BhhB70q@hU06ZxJWwy&H@Tp5)
z^8;l;lbtnana$)Jt_#4+`{Ixy_7BS<_2{>kNBXbzVtya~KH1aolH<yMdV!^m@D%8`
z`KhGKe=ZaXP>#$gugv8MB(JGX<TE)5$gn^A3{WBXH9e*hzBR^nnh9rLcuB=m&PJ>`
z2q-pEK>{P&W_!7Xehn~A;lhfJ5$!R9Eb1){h!ep|8e@k|AC~Rl`eR~@sU#nH>Uw-d
zZxqkJGRd5Y5vq^c**;bC(r2mX4unNaPiOrs!*&^}ti+(xeKY}DRq!I!3tM&zGw6CL
zO~}7dOG#<Smuh&V4B@5Stp0O?NrFkHIgpx?w>Yg!bF>pB*}I#q8NKr?X<9nL&IYpC
zXE$)0HKhyh<H~_t#bfWdjkwb_YvdsB)#ve_WfGCOVZO%|Iinqkoz*Msn9BR$?{p}c
zhYwW&Pw=Gp%50E=tumK*c=g~v!t;;kd4wxJ12;CfcT<d;13!OzACT?)%O~ezSOpw|
zL=l`8ovU;_di@4q%1S~gqv*BB`drO|@~PFcHJN~wOVf0uJ6qLatZ5Eo7Vxz1EX$QE
zFHHpd3PzuR+25u-6~e|%k2nl!Zvm>CJB=LGPYd-VZWlC2AaC*9q$K_k@jHaxifO6&
z@?gPc<Txd8;c1|)+f#|DYL&2~R%#Wb0=8NYI4lZ?gGOJCwxz(WT}>M|RT@0A9^8nN
zUEn3_{p9w=2dnns{&P`;qce`OE2Y}Vj~K_m86spi%1hm3saE50TEJfKnHD|v5=njH
zt)xjF-1Mh~@cPEU>Z<lY5m`uNpFNIk{Ho#oyBX7ttXcRo0_m)Rn#Lz~*i3v<PSps7
z+nQ!VV?-y;cZkbsJ>iFAFnhz^@nY`KT2@9SOH0eeKr?p<ttqFdXN~v%;T`zt{mv`B
zgGBe;@JBeF(1OG@KmQw7iyQ@5TjXg%7X11^v2lgN_{A)lmt)S~8c*m{*d+{Ih};xx
z0IY#3%Vi*i6tFSZlY1vV;5d=rzIXx;<(j?3U{LJMEVCB@k*#D=HYr6Blja<%bt=Lh
zOObaVVq$G<bEbCv3D6j9skK3LqEA|!^S$<#j+wwm*xm7X^_w$OZG8S$t~9=g9Mukq
z95hLvpGf+ZoHUuALGT4#Uk#JO7fX%aJ$3diIF)7bIYs4U>bX6GkT}7}*RT0&jtJ$L
zAen&fT8Mr8Q_uOk2_N+dWeYgM@x>21CLvicXf!CiYe7KIU<$p3_<Z0xNJ;IdzfZys
z>pQ=*rjv8Mzdq~wBkZ_2beha&I^Dsbogb}E)RNY$-1;R6CH(1Azr0VC*#ofKFMdNU
zwib8ugtjvf1b++9rR&b1GOhOE%z6$Xo0>+7mk&HY^Nl}FoQXlw+mDue_`W0==S*H#
z1Jg9L9U<U|Q)y-hOwY*poOrASV%O_9P(2qeW}Xg>IRVireFNjze2syhdRV|%NGWVL
zaC4cm-CZ+Nyn_rRQJ1BZ|2fEl8A1YJZ8==X%=dT~SjR=;GY1SD!cPfVE35B^RS$xh
z7Uo254HTWQXZ$7-OOwyu7_yeZcxt+lbu{1Lm@w~vVD6Q?)Z6KKQ#@Bay46E4c=mFr
zWgz*ugzMO8+r3qzjBO20q&Bmwr?-7)qH(++zKT-i11d=(0i=H#RKUIE8^W}3=%yV$
zfQlffr}XCPM)NmGYJiv~&-7W724?-j&5n<_kIamJ46&3VsN#TnX2ailCMZOpsWI-$
z+f^5xK%TiIxTq*{I#hHi4R{_3uW)6Xyf@4PwKfG6tlY-0djj1k!ToDEdHCi>RG<>0
zrVYWK$9$$C;VF3Lc}d#iKza)O_jjuBf9#Yr%EqpIk{ZFUpquMzJKMWJ%l-rWO^Z#m
z{^ZGT(%B%uy>yyF_MdLsQ;@u!OO{8?e_e@9<#-Pjeql}}^T)HX0o6dTz>NQ~K#>26
z%NM?fYNHgg?2;h`H6A&qW8Vwaz<!<!csX`xTMr+k<q0qvFj7+o($Yk#Ud%0xVo0MR
zF+PYSpU~_ZTa&WGIu!_M&XU5NN(3_5k?r>uya``F5_VqTKYabm-*_pm`B&@`cBHbJ
z!89M6D2ySezI6NL9ejY1IKh&1e>~`}n2;sJk<XyGAsYm=Doz-*RsK6MANWO_)WJ75
z!_46PY+4ZW_p*2B4&E59yC1Lo&^~~D1szX@bqs4VlEMj<ztb(#|L#6AR}#RSIeG?4
zVR6^Ek>6HCDksmR{h7heAWiTe1s)%Q7>-b5s&;a2qfR3n7ZbmoKNPq>?$dEPLMgR?
z6PZbhaAYME>MRcnb<F1bzE#M`Va*fvqZilMpq%AB9X+Y1`W8>+uK8tQtG`wEc#e7j
z`>9&r(Zu8nmG8+Y>1UiR7j30kCH?<7+~VW#L7DX-D!yilPVUbL)ua2_qYKDG2}%Cc
zzD!N2(Im0vf5J^!&VwJ%2@6GEW2%@kVY8<o1~|jAXeKC>42D8W4)UtW4amxCJx<y^
zFM230e;<ql2<uGXM#dbgsgpYm&ow_Rjr%e0$4gMtL(}-8dRY=#VBxa!DWb1dX2!gn
znAPba=5CGYpSnCg{O2pA11kcmAechLEm>@sl}opwJQjF#1F-A=+1kGkPkQ!OOpCcO
zmZ^+*qg7d3?!l7md!U5Ga{DD8jlW9x@nolpR<rKH?FL83GpzZ(s+USsgs<KVL}$b^
zV?Gu}zf)XfBc~>XKa62u87eE`k5PSRwglVb=U$*=`;E^){BOIUjbdQgYi<F<|31?+
zkAAU9B0vSEj{SiO_$BY}$J4+2LCo3roF(qG(|M2C#if~*z3j8@w~qM5-)Bx4I7V%d
zTk-4#`^C|W(s544l}CRd;(xdP2$2TmZxf^xMn#GbjJ!&u!SNnn7FlxC`#^7{!uRXT
z4~q}<mW_m%tP?<rQp1VhjL$oxFxkHC$!n`MFVWghM5x~$CDwW%Rat%ZH>haND5lLA
zel;oCpH=Baf^%-V%&&j_;|I^bky^u0Z4RI_13uD!iyTIY`$Z1uADxMm(!%vp<JR(P
zMZAJV=_v2wzSE{BXho9Ud4BmY>^MB!<2U{&&|Nb4%y%$H>77_4v*>~OHI>{q7<c~|
z3^);m`cmfi0i{X!@$;TMm&2>)bgR9Xd7^_)zW-P3(C_Du4+wHohlVA}^U;_r+yx&V
zO7vH{7xzua#Gg&;BPmRGlo|Gk88V!5;W_X7h}=l1FZvh58SKQ@O1*H(f3KOZTqS%t
zqY0!0YyB|wG#Oq@_!OVTflz*r-QN_Wzi{OjZ!izxy0E>jG2hRz&?>!HXk*}!GsF|O
zi0CcpWb-Ceo$-yAsvWKJVOI-e+a?&?BANe*e|Vxuu!ZTcL<-3e4jE1AYSWpuSR+)P
zA>;gEGSKuM!G^IO*nvZ!!#^MVqzE8`QiI`Y$GgkRjd+*)T<{lHG}v#W7_vA+T>qrZ
z=qL%9RaEJ3+4@iNc_1R>04)K)4`lcm2UYfJV^(3Ya+T+Vwzvxm2jv_oo~wjg3~Kq?
zR2&BM|9oJE5st2h1_LT17%@2r@|a8dXPyJ8n1JqUJn}%}|J}s@%iD<d`;gLMa;HK2
zk#;G-jqiWI`xC<Hkmmn3mH*tC!=L=#BBTk#{Dm(DFVLbynAdjkl-FT->dih7fwKL-
zZ6Y9rD=s^zzR))?f8njcaU0d97Jm5o_xF{U#QeY9900Uo<N{-cLHkHILayfE5W+9+
zJE~ebzc0jpD#hVXi1(52z@*!bKLe-KM}K%q=>1cA`d^>Y{xu5Iq&s{84}f((3vRUf
zFINI5!=GNZ_xO1;F!W{Qa)f&@fPMUbNZ<es=C=UGK>_vJF_)OXf}^-EII;h&-~gBr
zpff-pAvCWU97<1B96@>lbN*ZD`Hf{EKrv(cMYK;-@)Z342s0cd#z=UB<=<8L?60c$
zzg?C1b4RelTvWg}o8?c{Kd@MY8XpL>Z~nKPuONT^0k{(oFMSX`B%}ET{`gRO3IzLe
zqWh0ZRI<TpA3JbpS98&DtN639Tw!NnfofEHZSm_X-b0bm@pi?ivP}aN_Tt6czcbf<
zVz-YpFu6~vm?SeB1xm@?^$85Fi-elkWq2v`$!uL|ZgiE<9S+Ww(NvkX8dH{+tPWQ>
z+nF97%$YGDd->0LX7-&1QuwLpJ_dCHl9FDS@xsI*$>&G<{q?3+{IP3j68{OTQY43Z
zM!$R{L~JNS%2j{G!_I0JE&|9uKyywwKic@{cM<w|!Yw8>a{0+<Sglh&p9=YP1!hC7
z%YimOfrr(jc3uuIq|SXC5>b#iBE=pjnU-rwk};e7$Cyv39YDmopu*QQvR>PgkmBP-
zRGI&fI8I3IpC<L6(`3Hk2f}&Pc9Al6eyCQ+3*;N*-Au*!G$->;n4=?$etkU0>J^s8
zY$-nohe68KNFLqiDWr0(Kap7WQu8Su5%(1)_uzB;o8nh1P1x6Q5fdcyR}#M$14_z|
zBWn<>#lo_V8RZCL;q`)~=@qm?jN;{E2e;i*#BZ;@O%Xjlo&j@i*78$excuC)@czY*
zB!A+?X9Rt)TKn_GZ(k80u-WoGR{Rl5U+O$vzu-zT8Oi7wA|c9wR^55B2!yqbqAz2=
z($3}rA0)))_s0#%fRC%1u`=dj{(6pRE6XT1jNSL;_MSyBI(}I3UT(mPa(`<Z0{=7N
zA2I*IHgY`Y=Ok1ygg;&*Z~EgcbM70#5Alq<nprSEP-cXx=cv)xk5VKEJ4Kb-;O>KY
zB$~z(A8qSA*3)ty(%N;z<6P-4-n6(2X1Eg5aA}46{B$_UZBX0qb5@k_IcF~1%qYfV
zRpsPPF5t={LK%c7)Jp&eCMCA4S+{WPgXnUnWU1|-S;0VS4&~@*$OVCv>1hiNoznCA
zm5=;FnSKTA{TM%2m87m8f9$9|vGd|k49gX=%B)yv5)zV9^Uh0rr^0G(EhXiF+@Nw0
zEjQc*v=60#0>e(`!%`w5ALj5czLMR$p37q=0Q+<mlU#g7?Asezn|-27#n?Ltk&sN_
z>eU8JrI^XB+>`&Y%ja<Ix;*IH)KzJHoo?D0CuE-jsOqc28!NbWH@$xCd6xoK`q2wA
zw!im2nK_(sE*UKa5<p+ZGwu<(p<HE2+z;-QBShN!J^%^L$36GY-%$a3vV_E&*Vall
z4}Jp^$+<SwA!#`><X-ALLmA*CjQ@&{HbepR#61U(waRv$Uh9H0>4LTcAIFb1t~h;4
zmfmmzSP4TC2)4KsbV-2R8yL=8f7SKbaG|mZDH+*jZaV*H-#PI$^5MrOy5H<XOB|QF
z(iKWQdN?i!Tcz=irScG)vRrpxq2_RG-<J4t@6{^+69Ur$qrEIGM{28l4E+~Bp{|^v
zZ;aBG0W-aB`usfS$i&2KB;aTCV;8o$bWqgMxI$LFw|shbmlc~kPg=g+Z6DRzv1S{E
z;k{+PgZ~l0^nr@gOSnBzJWeibufTAi=i<AiD#c?vgl!3TBR=lPc#|`*j|QU(qE|{|
zi1`V!sl&@$Z@(UWk1A{L)M<vhLT*(t(A&4wHF+xXv=VPxQZ~O70-c=v04cKf*nSr1
z2elg@uwC1pyX_P^9p3Up3gA|<>_>gNjD;j5Le1LVJcM<{+Jw5}3LQ)=V`?4VizG$1
zT2bez*>#mxF>Gq^nR|z1>t(?%Z-3oAm*p7AkweA~GO^JJd=~deiAa&pu7}55{=?Z%
z_3bl#jXV%neu~2F0d|DiwRd`^pgi(aE|lS(ZiStLLvIZimy~DAnKB{;W-T8eb7Y8O
zx7ByUH?n$0J4Zq|JgursqQzBA?Rojl9MuO$x%_5@*WWrfw5Zk3WW-HZO(j+Y{oEY&
z{qjX=vxsTO`c%Wz9?Q#p6f%gtj{{UI;|cr<@bee%emhL0Ke@c0VwCcm{smr;8fQ0~
zQXQ^gT>GZMd*^ImAjjP@1lb6f(x+-;lgAa2n5YPH!D%yJ#ur>18$(|~V`$9sU>!-4
zNLn7fuWoY{@z*zoINozt3_*{blDHDk;$%15%`R+~b$M&$OUS~2s;SJ?1=`-7k?JbJ
z3*<EoX!T5<bUj5BjW1VfaIR)>V0F7Mn4#q#xffDQ7zbyGE+pF3uk?}h-o9BxHa}=L
zce(zU9gBvTQ>?%o9T-KJH>AlVyrl!7FLHVCcGfzRTICn9(Bi1qjSe2u<*{bjH&5jO
z)b2!%ZUy?Z!do_+j!)YgKA+X+ekUwM9p@*=iQcX4pcV}w$htVO#YE}+J)aFbHJmDz
zv1a}i%Z^7YoyLol>ZX@(gSU<iT7ICB*K?NCf1vPPSMvSyI@Vtr-4_`oelqHmn1v+b
zS0#Kpz2#o)Gkt;#-*IEc?$gA8&lCOLu7Kh;?zA}akmWIa{{sB6J1ogN7IuD_2N4jU
zYGuW-`*XDuK*}EXBzR+kMCLiF6JW^>UVWhIdEt6;gW6pjnRcy78mwH4%X#UTUwrK+
zooq+-9OV*P2ffy^T+Qw4^5Z$&I%O2-r$JpK;x#j$-W~gJVmLnLre*PqXgwsrEZ+g2
zeecv+Q@fzy#&h&5uOF2$UK>6qx!NWbpy9Mq_K2MNR1C3}_d**aZMG+uEiWc919W=d
z+uF4p_CGOwUzLcSmWnuI^xTcjg63P#sy%ZXlAc{K;GwEFT6Kf?&P3t(b2u}5VO`Zi
zyIpjWhCaLNx0Wd#sS_l969Z{DuMOhg%rSX=uQ%L=g?!!Ad-a>jV1;(SG@PEvg*0zc
zN+snh0+ljahQF0Ey?v+l_1n?i68@^9M>s6N@R{Gsz1|a@yHJzjm1>Po$UhIJ{oQjL
z^$yD`H+ttK^7uP*neAZcY<Ko;JSLJVup$VUU7qck%p?daYqR>Q-6~j@9DqEbfDu(*
z9%J=?I?uJcHI=kB9wzzv6;wOgdVRL%xrY64&8Xb^Twf|><M8#Ca0%Z%2HTNZ#AI8H
zErd?D-(|Z0RgOkBN8UU}L3ZbJ>K)m-2TkZ_CGvU|0O@JWrEWUB#yR6WJHZ|+>3eCR
zzvzmpx;I1O%6dAwg!!xqh>!b?cbk^S8@D}C3RUadXI)CZHuEs+mRWJrrU$A3HgPx=
zpbxz48i2LjT9LG94y17$%?aCJ6b+)|W3d?Dc5&XApLy~^IYoxusw=PRF>ainTerAB
zS7NrWfR}bn0_hTi+gWNb@9&7SKYOLVrJu$%NkXaBaYT<yX-d#-LhO#);?O-{G$hq2
zHo>&SYpkp<cdTwW1P}Wk@65A`ADrC&IjmOWYHLX&>b>n8u=IaOd+VquyY_9^MnObc
zq!g461?dt{kq+sUmK;L5L_|bD8l*+KyJHljX6S~YVL%vifFXu>H{5zZzxVyt_kGV=
z?^^Q*%5uE+wfA}MGmhgpuLihTI(!iVl1kH5Me*1fa%aq^*h}h#y3Cax4@Q3fzO$t_
z91n1+&%wOUD9)u#muu6A7agw(r}TxeF7X{DlpT3!5#^U)2BgMZJVLk3XK%6!U8h%(
zR++3%n|Ad#rERrut@9c~0&<$cI~Arjcd)lJ;Dv;%9#QW!6HE({Y^%})z!Y%0x7!D>
zKWZB5YPu&q1d9@%#q6#*G6ZexvZ37gN9qq67Ec-qme}fw+J2(3Kj(KAPI%_#;37@a
zk*kJjsyPv8zP%=YytlwRY1i-bZOPRjrZS-G=C-}$ZflqH5Pcic#}tDJ8%z1)i_^E#
zu#+#ZHHe((d;@@b6EctOv1<FYi4m09URl;uRkuRVo+^V^XWVHfzm$-F8^x`nCVidw
zz$H!vTJL>defE1;iYAtt%>w9W{}s=R7SlC-H)~~L7ct*%8y2iu0Yf7{8+2J3XW)I{
zuU%;^Z3>Txh9LuJPhxWxyS(`*kCRbJJImYU^#KB*DU=5rEdPXJzB3HxNcAV0|D!C1
zoc7ZNjdimd-~WZ|UpS-Z_F~I?oSlTsIyG~IMF4@hoZmSs+YmVjwBXZ8=||jFA0sYZ
zf@htEi`mberc>IemkKhfKMAEexVko3H*%mF(*_0~#^R9yY-hLX7t&&DudzxS9k)WM
zP{gX~+nTxgd5fcc+SMi3EU@`p>#-_E{D~wuh)SC@Fng{=K&RH(_~B(%c+x9(_jsje
zJ*1FTp;~-(q-zNhfN-nx;r6+I@VBXcb9%G^S)N`wc_xcCWoBI_a>g3Qji9LwW)yrl
zn@HF2*(+r-GXc5#i&(K2%x<(QLe)1vu4k0{`nm_e6kW2xl!9LzPH~hyB~LR!+wxTz
zSpk!@=1P%n30s(+asnmdmAK(<iT9f2L4;pc(pD4dY}&x-KA6o!+_2S(qT!icuGloQ
zEqi)M1%zLTDj?IoMn*<l9WdC3zO++TeHP8+<wWI=Q@pI9bxx=khkMuS4Ao)JAWPL#
zZD72PDQ!N}@GA$0(!`V_qH8*S<jgA1#MtMx&t|&pw2-F=Eo}Sp>54QsPkj-IELNaM
zW=a=yT9E@N%lgEk00P=fFe*Txd@&^Wu%gfB@_yYZ7(1EO+pBb_Q-6Ku?Q|CPp$g6!
ziekUOLzhNSN7s!$)N*7<J$5Jo`?P4ow$Sl(s*_dER<Utp*L})i8?!f#aIft=87Baa
zo2HC$uZZ=<l)jbs3+i5<cgGK3EL9Hl_y3yHuMdMn2qQzWag=Cvee;9C5^u$oX|ZH)
zu{_L9!IZQ5UY))|tT+S(RuS9tCUFno(ng!de>;_7$6jsd#Oj<G0gsvbYf*GN{jHu$
zD-+#%Ld&1_kCi#8c6(1Ul}wKs@Pisc=uiY)lhz1r!=2Y2gfUDEy2E2mPogu~WWOWp
z2IQ*3OT9=ksCm6DhOH%2JP(<N3e|KPUmvcP`GGM|>)$!_Y-5H1CYZh{yOYZrHn3rK
zJdSddaQX(-?erlIzVjF;A_}G}82?jmx}ARIsOHwnjY}YP7g1n}dj672VYP%1*Hn?|
zJKNuqmi>9ww|cS)m5t@tSuN}7$TaUcQDd@rk!M>v0mgfH3}!3SYh?l~5}orZVNKC#
zcn?R(*e(TY_Skn;F1q)ypce7UBjm3b0!ZV*#|ge|`!;HqelRhadF~!!?z4Rz6<!P}
zSAO|yfS~hOSIoP_ofcX>4vioJgBwBBuo1R7SKkOyyuhZr5yl?5UrWI_n8;7Z2O)Zc
zAdc^w`PoBMcWLR@aHMqxB^eEaQU41>TaERYO6t?YcKuM7Q5Js`ixxmwKc6Iy(8y8A
zSkSDV0NKZz-@PNQ8Vr9fo0Vy|PO7Dy!JNpZChpI$C}v~YZCanB@Q(QAnnEG{swww8
z-F8;Z;%~0RPqaVV0rZ*0#cmvH`~tQ%Fo;b<-%Tx$nf>lq>Ep1R7hQs?IS!_?9}hWa
zzqo7Mt0S_lunKC-{nU8tbEC8S&<NkOC#!+}Of2c#+}s;LfXYN{Eoi$6RcYPv`htev
zx4z$sE`4~{;|Y^aAsgu@wtL9M18&Q~mjg1U4K}tx8&{8}cmHYu=roS>B#Y3G<Avib
zIWBdRavW1{SSc=6PvNkB!6RY1XW%eP4jEOEVlEy7^MP<=qh1r>Eu~*2=&|4R`oU@D
z2>{~1_QGX=sL#Uq0hjZ`tiIt_{)6q|^!^#1PHvMPnEDf=z$&hlk=6sgr|cihO-$OS
zA9yb}36%JYLFHPcLvJh>2zRfc+G_KsCUD%3^A`p8me=Z4(1M}UlY6zwB8uzW5bvTI
z0|<&a?zjfOa+*MK!yqYon+hy>8%}d1K>}vQnrv_iXBitCul49B_TZ)gTocTpaiVA9
z9Vc4mqORxfz4Vjg`HsD^AT!gL|Jd0GkOQns5eZos-WG`tZ0p4B0RyJ`PbOAYAh^3i
z-AE4;P&>@+VuESplesMM?yhNv(V%qOO>4G-h~IR+e-OKr$X%2?Eg#6*#afbt+AcYv
z!|{0S1}0Lao2P<VV2URqWlktE_q7U?51hYhcG;!Odo5`R9d=)Gq3prlPuPOXG&SKS
zxm;44pYcDr>W|x-OM=;qM8iPs_MHEdTr8>erz&v4*Xlf|CI69f{5P|*cJKV!*M!_H
z%1vOa^25Q;OsI2?HWej>WSpMVb&(dGNQtJHup&;6mRNK4k;cv$dxNhOJN%!jlQitl
z;bj&?MN0&eACuoOoqL%orxHm1lg4Z3an28Ax5K$mj@a!vNsz98ATs=#-&#mKRzS^~
zD^TKeQ^&ZB>r?bl{)K5U0!Wz8axm6`(4RoPK%1HEsaS;$aTR1*|5pMHTU!U7r{6UZ
z$^4sY(gwoz&f=Yg)HpZqya^S<Ku_hrfyulbxrhAx&BTpBWy2wqN<gMoa?xrJ0SWpb
z0f`cPsCOB&KB?2Lr>o6WzdQVB*-U|SGbT1}^!;k)R+7s{1o<^!$lUj*A-Sk`)(N~;
z;w}DGJMxsneR15r_AUiiIJHViCVR^Tl89kF_$Zs8#g)V{cAe&Fx1}V^Tw4pAV3jwK
z9oD7om{3DD)onx8>Gq`*esFrS2kn=ClCl&lG@4rl9@3LZPing<BW_`Wm(vc!+aqzU
z>u@TUb>p#8Q<dee>5E5ASD`!KqUhPUS%b%3`3d$+w;fIXwCIW-nyWLf27;{y)ec_V
zBi*qjj<i}26-iY9aU(hvzq;$EA5I^*iA=YrVA%$gOVjVL8ygS3#jKNg_dV9Od#DSV
z55_}iL_X5d(X|T{mQ|rmT4Z9Q;co7<{3CqvsENv=Z5U$12~y*R^;okJF(dgzVhyED
zo`MQ;Ly9WA4N6Nxp{yDO+7A;JV?#74+V4y9gLwSQlsA^Wrf6h)$9wTweYA$N?IzH&
z>7EwTZRy-A6Ca54<_lSOapAJVnvuYCIfVYT5CbOchL03{+Vmvh{iFw~rwjmx!)TcI
zGag0nK$%sOp;i8M-S=>v3LXq&jo=HR9^@lsTx$deCy4^G$ek;-<uiw}I&pWo!ha?Q
zxUSp9bD4fV_J3~H$?0QvJ=%K?X}nt%J(bQk-E~+ovXQlv;^Qmmvd)&UWIh3mDfSi>
z|2LNauYc_19>YwJlak^iT@5D1a5C6^UBIDCzW3~3Q#s4HN!)xeJ-D}!bcZeE2I+cD
zEeUbyZLofFf*mom+w42ioci0@jLxRxHQVxBLDA1)FjXK#b_zxx_Crs0i#zo}%2|Hf
zks}TMYw7$t@!Il*+jnvn!lh}0I&af<1{m{}RXoz6EJFtrWMFre>4U5hm1@<^jkeTz
zE6cdTUs^C=gl@+xD&u(e0s$LB`v$;kP+dpS0x(>vVe?eP@F-w45OQQ<VFQQ!!bp^?
z-ue+>I^8b3ZL|JbOS#oH185OEdSo~A)FS*F>o3n)Q|Hv(DGv{s*pVZZcMd+wY$;-)
z(UdDd(d>p5=9v#~QceMr;l-(18;_Jpt8F-yCv|k}h4oJbb*{5E8&e`&3_NZ7JTmKr
z{+x~p*uf<xPP9Y5xduA>>S;cVKU5r&5dA(seZfOZv9Z(MR%$~M3Q?n7eX$E>z{Lbu
zR~&&Xfve*-IXS1Xpd<ggrDPBFnB8brzPa`B13_ozH)OQQEb04oA5G_WK#2^tAJEu-
zeyT5cE6*Yz&`26Og+zYaQ*ZTVxBc0GWnUbcsDN5V0)qu*o4WCpQZt^mkoC(AjeWXH
z-d;%>Q{F|`rmlo(E1JBj-D=x=D#gd%uI{HSW{tX5>UX!fpA!=<dHO2tvul^X<YBD>
z<w_EnADpK9q~6SyGe0hJO(U>ztXR6D)rlENC}R@Tr}}f<hPj`aY2`l`KzH=biLVs?
z4$fj8cRLD}JXj)6lFmY4!&y-}Vk42xiz%z&_+&7D2qEY0A|CufkYlS)GK-9S?sI-~
zAu7m(Pu#WOx|y&g^o-?Qz4(!4By(9Dm0)0V<R-V80U_`EhGM%p{#KU>Lo794yyKK7
zA8JIu0zOqaiXvmgd~Si6?9#<|{=zvAk)HMvpS%4>g#c@zBG;nnp$1?8X+LiL383D+
z6FQHeYL3RB4tiZO8A9vD4SI!#9hPwWw!^&*&LF!9<u76|=~Mb?03hRNwhzMweRWOz
zhrT7WR~Q&@%S(^RNk<krf+~V4So_YhgwTqK*FqN^&mFzCr_!##2|X)BpoHktbT*%*
z0T~gk3}Mg2l-rVxHq^U85Lv7?{HebBr@etdPHjHZYYl6FLUhhfyEWx=dU=+s&{ufD
zUq%1XP}?lCfx$}YZ59TKx*OgrIX(#T;HY{_A=?SQU-o6YSM_<!Ag%|cy}2g1zbcKF
z5=<wC9s&`~pw*{4spAX#g%h-GlgJZK>DBJY`SB90er5F_aZiU{ol9SOATf15T#dqI
zL_*ITvdFua+SBKS#Q<`ipW4VR9j`tg0A=P%E|t7Uj^mEV|7u5?HX19?t+(P;>@TbX
z6UqWyuyD@L#aVtJ*cv-{5<-es)@NiGBXSoceo?|3tQxkzCM&j`R^zVCMa||&tfU6e
zd=H>GjI}mB`mja9IZ=+KOY^o#^toJ3j8XX+qmsDqp`|5(e%wY|q?Q*`e>zI1uO)my
zM^I%I^;WB)hG6ILg<}#H<D{Q+nEd~7n1??0#gKLzcs^DU-7dL=+G?XMBi~*0UWEBZ
zXh0eDyiTjJ-jxKMEnog~Zp;7Yxg7vIDqf&n5pkbK-(yW}yu>&Fuarv4UD*E4T?LU+
z@l@U4!!>jMa$wF+>?J+;(b`(S>LZD9DGD;#+C*_ad?8a;{iOExYMC335VZgrh!dXi
z2}0V%Mz6-f)GZXv&30;wmTm3sNH|LbwsjYKr6y~gBIUQ?SC6>ppiuw{d0sNEyT0#8
zJxI)zue4|ql-kKr)B<_L79}G7sr27M`<bKz`egMqBUZn%PSa~XWTZoF_2p1e;~6;h
zL(A}Gt{~E;{5y;3r{R!vw&8*uv#$8(pt2wCRCcIjzr&xrKp#5F7OfXOGOxQ5Bvz|i
zNY>v7m`yBtwdK|k<ZW(*DdhB^0kYaJfd;t&z&TsVKHLJ%Jd9QO=C-PyvoTDa=tYjp
z2IKE34;$Oxng=a-{(n4g%+|c3XsTcZ>gC9^b%9Nk=2laX(Bb~zSFN0NW=;b#?GTe4
zDeq$DD~WBog}MUv8!q46cUL-UI=8yj=B)Pmq-f3EOPVGtlt#3mm|S@;l%?&qo7WeP
zgJYLNKpNb!#CTOcHNJ|YqfMzrK89z2=tCrnis-YEoX+U}$`a@fiCdmuN->9#69yZ#
zvyz9`N{nd~vL)16Ey0hw*6L(|YfW}rq_9Y8UqjD53b?lU{KfHj^&$T6!5r>}%_cmD
zJGD61D&L#nE%)|5n*C`UdvoAh>q?MtF2072o;u`zIM&?8tZ7uE!}iXe_G3(Ca_&Zt
z%^%mQ-l%UiqyQ>n88}3@BvrmYvj;t%ubyVFI0DD!n~g)qCWalUA?xOaOPp>s>>|s1
z>3JKpF4H~kI^9@zgx2JSyMP9lT^)!T#*SAl9#kc7<j4UA|J9*vWyue$_KAGm*3+j?
z>qoVwF-GPDOi@W&?Z(F&?e_DHnQ`3af>E!0pj*@GM?{n0A1&J@69^yM4i_E&gr1xe
zEO`Y)vBicEm>pA`p!l`_-ET%oxV<=fl6zZE*?oTg5Qy}Dpo9H|WzhW7uV3#u8QbNm
zYgkBU{itT}0zt0t+DB9OW%`8%S;Hai!3#Wfs?!}njS81fP-6lmvpufiF#yK)cXAY?
zFZq?QC7C0iz>BVL+@DwA(9bs^&pYC6a1`{wu(1OzVg`kyl;gpwX>Z1P7Fq#^XRTMu
zQXZA0t<+NDwb`K%BfP^oud+U!FbXo|gM0qV#h~P&3T20cJKx!wVmd)dHFiS7sR2j~
zO5|y2H87J~bI6w6HSYWV+|(0UX@lsfp4G*08p@-CBY6VrtWpch_|EU|-}ze5PqFf?
z4wY~)%TpCFsO=aYrofx%UO^DQr<Bo@6|;#&J@%sJnFJ6Lm<$J`rqtT3h&q-hGO=yF
z@Jkjhvon4-C#@c7Q11~DAuBs6j*C~$c5Sd(VaQ=pU-V6?tleY}YiKwzgWNYj#m;q0
zSt#L~Gm`qJ3<7yFQlrx{fN;xL@i=TKT&cNJ3uikPbhxPKQ>2zQHT-J#-*l}7He%KF
zc{W+Z1IC|!zlrD<)AC+E%lz_j=dNe8#_n3ZlZ#?4*4x=uQOtRylEo@Bk;1>U&*gL9
zc3PZw$Vw@QK|;_&u5MO?g(|OU1mAwTcC*+`ryrH$b%M>5PoP8^hFU8z;iSQ>P7vvu
zC36vkVti&yt|OJ8LQ2B<jwD(NuVq?=UMl1*%j|(mt@qk)YvJc5f50OJgG@Ux5oO-D
z&ih^$F8x&ek%Ib`+?%aYRmes|%c-m1_6s&G=*{9UF-H8E>0gXZ;yK2qP7DiOtE7>*
zZ~01_L;r}<3!`O5UXW|xm8bg-j7b07f~i}}0@0?3-rG{};>=e^i@=PLc#t5{F58Yh
zCyd*zR8rl(M8xQ|)fTL)y9B%lY2iD{cFot;rg@Aa&f9>E7WtV^V~clJun?oBH+iW~
zO#l$mWEB*seB3^MYPL3`dV%+*anO_^YNEcnNVn0UQMuLuiQBN#f7?xaX!m0*Ctkse
z(gS*^MH!iD{WIzDa>Jxzhmw|{ZK=A#ai+fsl90zo-h2a8?k5AZYhS2dL0fAp?p~wC
z&W4XrEw76U`=ArX%y#?2jsOVAbq{-d8o8)Oc9yxBxVThWd1(cAc$ytnK1@~ixkN@x
zCkS*Oe_d{-^e>HogZe|lnAOtSXiaE-L>6uisNTeke%9ZUN#%E?Pm8nScHJy{yWPbH
zH}nLJgB|QfkZJHRXd9>)8GZj$aCGJ2g9oDl%R$1J7rLvzOWhr5fA5AY3cBPi>^c8)
ztLC{+=}J+@j!j!N+}iNa>8YVM_~N&=*F1pLDA_`4yR42%|9Vct1YJ_|SnZBEO(BK)
zAJJWA#pYf|J<|Y1stxn?W^%Xa;KIuFb<o@BDI8aITOY@y>*^~rg@Vj$6niBgZFa*c
z?TOL;bxSrQSI7R-%ttI6R^GFP+@B=yYHTuX3LYI+SIGxjsk*lBExkEdf08yZvOPfj
zyZ=%GUpgvo5wo)?WoB7DZ-c4RO4**+06h%k^rxeKX$J=`ug#y>a>M3p+;pio|8Z%z
z3C}~pW_2<cZ|q34iP}k*@Bho$Te^x>PHRkme-%#!%#^Y_IH=c6f8|v(j;5onyM_$N
zhMu12XksuW<O8SeeA?~2Dz4*{_9feW0kq0`v+=Q}fEA3@jVd+`p%RDyFP(z`q&eIU
z0(|4?(!{ABYSgqlK-UaDP}F$H0@zV%wU-N7r&Q$>q%*M}c7qw0>1SoWqDtR?*C@i`
z=Q#vh>gUg<PlP8>1Q4D@fH!IJYEai}v{KPOE;sPQ->LvH@3YgGd3ERe>yUV-?1<tw
zVsAG&$Lq{v$=Saasic|N^l6axjfnS+C~T7!Mc0e7eJYK<&gh(!tOi7HiZuBf^vD2L
z^+{Lqab839Uq2|+xAZ%nC+}?1Gp2Eu+F7lGgH?c{g=HAN-8kj!=_wpSd+O&%n6g+s
zCR(q|goQ<$I=ZZR)<C&^--gcyN_>{QD7^W@uQWPI$fZB*J}1n}z~qVJ@z}8tR4G+A
zr!BC$3zYE!gWVdO*R%n7sfzl=Vvz7Hd;#kJaUhpb^(wm}$NB_Us`9;yk~RgY+;w_V
z2{~`QU*7WzSn4>=o8LrgqwK=~X-gh@A{fLAnabx=1WFD>J)T3lEKwp2DK&-$3r@E?
zmw!x(EU#n7as&b-U2O8205<3LbOvWfGYDTZfzDCRE6f_PqVRovq6%j61HK5T7=PR{
zy;4u|3ol9}0*Br?*hHl;{~%+u(JLi}llk}VU?Z;h&o&YF(d4$Fny1!j<H6rOTP))&
zYat`=cQnmMU`v0>S+CY~MW6{p8n?LAhHH915pJl=w}zPV2HY^hGt>x75mRGZ2^Bl}
z8pEMCm-|&xU;QjkpQdXhKFeyW2fU-lD{WX2uUmHWiW-ev^{54#{!#vU+WSvU%WoI}
z9!YI*O$!P9OBqR&$^M{l(ER7gy0g#TDH>j+1c-Mg+pHRe-_8nXPDlsrP^>}tXN?Rt
zb2ahfP*43&4jJW-wP%!Vs>fFz*S0F&QQR_0offcPogxrBQfjSTILl~+YDQJ=GcbGv
zH7Vpoe(}t@V%4OX&P$bbsQ{ojLOxo(368i0DALBQ4CQOR8bsaS21P3cJaUdOth-)X
ziJiD9bDEBC9VN~P_Z-N}ZTCRT8u8f0O)T$fDrnUcv--Z36$R5A(Ea4vfJMqiR>@d$
zJ%-VFYb5_Us|*q6wS3SC`G#iN%SMe9#+2lUtjQUCbx|i0s^WS3Tgh^Ae393Cf79g?
z`?i{c3;Pagb$Mb@bVmTj@#Vmj)Qg5$;4PfH%uxc|<8>Xe0_$v0pqtJV<%NWm*3>yS
ze$msTOe@gxC-H$af`Q$t0D@-3i9;n87cHIW8Q#~qyCnJ|<nD8|JoQM9%2>|R<`e3Z
zz)$y~CLJ5Pzmh$}+onDRQU8q!g%@l=y6x@-ni*cm#pR6(iB%gBwdoYZ>%-$2`-BFc
zB#Hxvg0>LsN1$u2n5CGK3FbF<)>ya+TlAYOD~v<~(bmlc??rTDJA5}JqRyj#a<5Fe
zE^(vKMlBYqBaqC_c%nf4m~I<Sr}nw6tvVCvh2L8lE=VwW?2^3s5j~^<*r>e*$w<#*
z2yR27*j}>{B(42$F}lt==jb)|y{b?vrXN+9mh;3^D?$LiVD&!Bn)bOxfVqe8P4(NM
z6x{0Wx7$}}kRLZ{Q5>^di_BvId9mprc68=h8Z*X+-d1_;N-_)ZOT0O%F*y7GAgtO+
zuN*bpvLySgayFt~3!nx6k~6{p)dR@d-1gb)`8-M>x*yim)MP?#9k`1;9TOsUO~}QB
zihWj6mS!GNT45)$__oZRI>pfS5dT9&#Nv~0Oi#XDjJ{8rVaJ*4<M)I>#<BlHf3}KD
z+M7A3Hwr_ATJ^vPU{}2=z4V~S`E?8Yp2Nb5J$-W#tlMxq;qXv)OdvZ$TDQPbV${`5
z#uT=w?QYqW{q`OD>8{IIZ(K!)@Lo08)&8RC=wSzIfW9!pU%Y6_mZRq~@)D(RViIY!
zIb+ooAKVojGz|^m@+z+1YNfR88x}DOxRpUxGmxcNWhKuCX$-1J)&-EFH4{d*k$T&2
z0bc|0HR<T9tsu1)TcjdU&M97)xR5L#1)+kVL_3L`hnU2w=@@SfOj&H{kmSJO7MQx{
z)(j&>#eeTEmJ1NFViKBoCrzI(fUA)?bKUgzdmVE*VPrF&6;l%(&1?r_$`dl_jF=qE
zhi#nQ)&N30GS3I0A~B~6UnA9KCXWf;uu@tpsZF`hJI%k}#{O7F2WsZ2+l<+S#-KqF
zupO^QBvP?ob>j4RV`i}7^R5cc&EF|~4wu)xw=P~~L(lSVejx5I*l?`yM|2-xY_6j)
z%2ej@zx{b`vMKXUxf-+1KaAC7)5LkKVYiKWRr-8+o=NN_g&_${xkjQ=*M_`eorzxO
z`uDIVN3y~bzVSEo38bQ%6vD1bEC?p9YZjCwS7H+m>jN@GOnieTZ6|9p7kZPJ&~Iqs
zDhu<glQ+C(GWSrZc0Nm}!@$zEZfFyGC-$xre!?w_d0Z<v_VO-)!>QRENk+lY;i!|x
zMoeFWhl{{UcG?=Vn7@PQ9yix#x+2yD7qJnMIMl&vSC2?{bQPt`c=@tQg{2xwFY8oI
zqXP_P53BWD2$vc&<(Nsmm`cYQMagT;q*;q2(=K+h-|S5y=wzA0!@Kf@fZhWmELAyb
zghw?#bCTKX=s#7MTi!UxzeAYwAj3xK_ff+^K}0kf6^v1_7!sS36$lk_TCuKYi$39X
zU$0p*0i(4VEq+j-)JL+Fo4p@=B6y~ruW2|R;KqyHb#pCRp7wdCHQ@FtVGl6P89>I9
zP^4S`^wI<HDRw4g+7W)!J8q1RR9j4`tuNexNN6+RJZyJ8`}O%JV({sUzBc6((7)qM
z5_IAkZiu#d4AeRZt2wcAK|KXcH?49dwt_n@T#@@R;Ry<}R>N!_`94S93n(Y+W0GXs
zL^-UT$XS5maRZjyW-iL1RM`}t4^lI;wfUrhh?+>Tu?0b7)GK6qq|9XAS+#x`cMX&y
zV?b&*C0ETC+psq#m8+3wt5+jVxHqf=8FSFpfPl7Sg-oY_<J99s=SNNxk~4+)7s+DG
zQ@qsU-%rU01@6aXazLOWZTax}inw-5)5*%88K7}t^meLVg|BUF#So9%=V<?hbe@~>
zoO!ICb4kE&`p_;{xy8oqFG+9x94@XYHMl!@P+N&Mzt{8AS@Luhx92x(5^*LX!A*|U
zk2jsr;ou?TEi(oDd|r=gTUrY?xn6}l^@37$X-mRFWLt?%wLJYn&n+PsC-jJ|r~&Oj
z_55XC113D4hwpJ=;Szi)#fzvm*kip$1Aqfe2h!Gh+xm)n#Q<9sg2f+K7h`i<$zeps
z==4YLiH|qgEO{RCUU9@`s{?RLY?tHW!|mBtB1gqF+le2vG48iSwtmSWhVSwrhP#9k
zBG_eU2~=L(@#k70^=IwJv8ZEmlA;)U&ysGpA%<PGlr_+#8_9XqR@?kby?JC&D>&4q
zSRt3P33eylMyVSJ^I0%_lgcPS#IH%l6r-!1(Cc-jD-~mI6F9bq)?U<ZQfnHvhn~qO
z!y11tg8=!gqxsQ7`3-^wpVVrvZl=)EtHG2dB)%VuZPv8ILAeLp>emU!Gz_(C-UGR@
z0%qKb6B~XXw)Ki>$wQ33s2ELGV9@TQc+E{TpbH_t^d${AI*sP-hx5A&=0a2cTzb(R
zFJFa|!m?8k&_}jM<MockynHbin!aBD?BYq4V@$WlceTHbl-JrVBp=$6Y;T$pvmqv{
zA3bdVWm(hh^_%S`lH9jhIKDHIKp-5tT4Qd}u-=HZjpMb+4Ix?_OI-7|L{t{o=#*2|
zCk9gs@!Bkt73m5yTqL@8kx0|y`me_XchfOSO!QGCibU1*`lgsv)l3Nr)jKcWUHRv8
ziSVW6y|ktlwUZmvg6+(VDTxjg1xUB5uWu=YoaI_O{H(>$JhWo|S^9g3CW*U+MXAD_
zB(DvHAyf5HMq^1w9S=voJ~qw(12kS$<~VYjcbCT?+%K(99U2UYA@${Z>U7$ln03C1
zdu;sCW1L0NA;Uk<ipg|VMpd%V{a!NdG?PVzr(8E?4bfAmmA%Ae^Y{P(Jym1IyYefr
z2^DX3Et6zNn`W4=p{-g>%8uR6UKk(;jinp4<3b$mKggg8II-(hP}Mwb`9+_7UuADE
z{a&M$1X?yB-Z5$QqY?>y_pPg16<j{7M5J#*MKF(Oc@u4-T;eupLjnrwYzsVSur=d!
zFNMrk5bcPywC$yyD%z46&&+qBH@?|@=ofrxx80p-64c-37e%O^O68x2?ig}bUMV!)
zw^6%~bkXZMJ>D}=H{@~O`CYygpijVR99G%KrTdV1_(S~>8s5)#@Pww)5NW@?369~%
z8iI+Pu|q*v$avBF^qw7>;Q!&huUidZ>3<*NDd@*m8Y1q}-Y}9T^L!h@{B*3!dJNKf
z*Ph$JpQ|4U>O<a|ZsEh6S85m?MN-lh3M@eA3K9CE{xB!Gjckv3;*i#LMjW%Vzcv57
zz}c^zc4Ty*$QrtBn{;H-&kyQQps6#<(!V?Y{kZ|``}3gA06Y)Gt91x&2yvTp0}Cbm
z1x~!FS8#<x{!h(^oF2J;`A4X#`XGym>cE>6T)({ET?l=ynfyTG-S@rkK{5^aKe=f1
zzdTvMT6Yg&fV4u{ltP%8=rigkZ^G<-MKpruW6sanYxak?M}*&SP_3W^yClZ$_$Z|&
z22mA7Ubqo<{z<?7fG14(;v5?-M|>#%+{?VEUmAyZA9a8ra<4UM(-T`!H8NDv>IXNJ
zyFf=mu2@o-yc=)pD8KopUQVYv2Q_sp2cFPA{_2>b*s)3UCna0}OT0fEzu!(D`qFe3
z#^Z*55XWy{5kVFXf<dc^MCW3ww%j^3`I}bVS;_7!@+EmAkG4j~s=XwW0IohKYmLk{
zKlQdZX3V_58+EZi*?lEvm`;lwYL6f3t~4&Gm1`AXdAEw@038yc4sRoitOIMWz}1&q
zsJ*!M2%&k)Ts!pERulStopAn0&31Q}%DUYo&xQK~_<T1@)~?HD05#2+66?1}wuKYm
zv)H>rD9r#Fb9WJi2KfN<v(fzF#ZtsN`_-5gM?l!Ob%6#ZvPX$6B@W2Wkl97b^Om^P
z#WhuM<|DJ@;^vYS5IsX=pQth+^hque#WK+_jPb=iEl}Zr!mZ5omJIoBNk;tmxpo?t
ze9`uWA=WjFD^t<uM=ePJ4?(_r{l(#u&Fj7$t7YAStZNRMh4Ip1m3TTX?9C7%`#CRW
zz9?I&dYu@K<38^@7kY@xPAeqd&b#h4xBspTnJ#+;_azmcNTQo*_TTPNG#D43U*-)K
zj^`cVUGbV3=Fu>aI#9-{jV`%s+8R!e7!H_Prb#5}=uFXi??D)D6}vY8mpZ`VZ)3$&
z2uj=!HH}H(HgA61AtC#MjU%Yt6y0`|4c$MO>Ul}5uAkmT@_r&xJh{hk+j*eEc2fH_
z>F3>?$Bj?l>1;{Sdi`?MIT#Ygx{o^+N{mHMZyYT1RfYm}!s_M8r8o~!gE;G}r^lBe
z5&={W+0<f2HK8e8{La2xy+HZx*t!0L!|mZH2?|p+n+ZMMH&KlX*SpENjt)9h4~(a%
zQ%hI-=GnG&N_P0vMQt<MLQ`Ig88u1ygEYRB#^K)6#vZe(wMo%g^=pMiv$a$gp>3eK
z=ap4wU#<8zTKVKi^Mvw7k-vil$iT}U&-0wQ=<^SOZ~8SZmezPCS{Q@o6-dR<Fb3xo
z^jTsKXNw#j)c6}&1NBj!;lXHR0;Dm##&L=4nW&~1pVjb0^|h(ag{n>#;=#$cm4{7w
z_u0fO?`Ck3=ofGPy7D6IT_Bu{-MPZlC}L-K#DKGm*FMZM;*;Z#i#GWa#dChqO?4ZM
z34OV}tU4t6Gr`hIn&KW})<CK!M`VMYbA5iTa{8xcF2sC-{=`D}T~8oTcjBr!;9w8V
zYr$W5Ri=K>6iQA~kNfpoK#-LuNwMn|UuI7?w@o!ukwa<4RW4W+#Dmnrt|ri<!D1k(
zKxYA%=C3JQw;L3X9Y#fIN=EZLwvqA7Wx6&2Pmm?+Q?*fi6nOU)RrbUOy-ATZG#_<F
z_nb!GPBm&|&sS_66K1R%j^CwaFSi_m)vgDi_bWz*C%!%ju2<f_XA`#MILP(wQ=3%$
z9Z6&17NwXUGe0xn^)r$^X`!OI)*tTlSXYmPlzJEJWO(ALO^C@(M@}0sSCDb2Ci}N%
z)r%zHDKjpLpKp~C|0OFUnkSLvh2ZwqH>dmM_-{NZaO2EN{fyu+K+XWa21pQQUD_|H
zjkhk#BCnd+%oVQ}%`Up*7)M{tIH)rF4lsR7`5fu*H%wL1)iznm+#e`?ys+WN^^)c2
zMxz*uCvn+(WblQUi_5P4(&!&M%jkYt&gk%4w4(s_*6)3%%5}>~U_N*N{wr|rmwTyw
z!VQ(2!<eh=W<%(Wg(`DJZnr|VH;tXae=hPlhOj|lCblSzIG<OtnJ<+at~no@3`TPl
z&D+{9{&NbSULyVUROK?o^RI6YSa7Pqx|XjD_TMzOPw_U<{l%$w*E(ccyTTIg<2?Ep
zDJa4LUw9h`A0Z^QK<0@s$#Y$CrG3yWvaE7&^0M}-=1Hx@h2eG0<THFI8k|<#2@m5M
z0(^u`RZ^mx8NobtMvlntVgf|w^h9GB$y2ST$U9;6<|kXUEISx-`#8G8s+drV<lO&1
z^#$&qAYO%uTrq}jdkd=f=$Ge_qQ8Uh-I%d|?uW1+wNLNm_y(8C*Lp_#=@8xXExl6A
zuy{+p^X{}--dGUa+kio~@wmJ8r#_HWI@)SW!FUekQoh_>p}aAn15q}Y9edLpvU))3
zlOJ}q^?1kSswQ_${#zvWCRkjZ7t>_?{U6xZU3MIy8Jow-G&=rVYR@k5O};JD8<#?z
z0W08&X2&K>aj3x@dQC-&i?VsTUb`2xiob2jhQ1lAsdSb{+JrvNRLUD6?1^SrJIwW2
z=uxD--eBgStuOq?&V4_etumLRD2oCQSzE58kiDzL_UHb~M_!4z+s;&(4%ZN<et40n
zUG7`IJ1U{#MpgJVGp{Cm-t2gRh^1A~s=9CBc~awfa$sI+i4;rDL$%%~wLrZPDvKGr
zu_@Z#o%P)SiB0=n^$4XwbKSbMgP}i9gVSQHG+Gt(5z}4*5k`NxWMOHb&*dLHGP2OI
zn`_NBq^-+<8k(A93nY>&sfRH|Xn3Dy=6`iOzxsKYIpB2vI4a-w#4jyr0NdX<l<i?l
zWIo(#o32tFR<6Y1O3W?!$DL(YpRc6v-<8N;KyBJIKBpc_H<QoNE{L!27S9D)q~r-u
zIQHf(Eb-Aq7aZ-+ht_cC%{>16c|{u3<gD4JJ-6}QKybzC8loja#3cJ}Ph5)uwL;M-
zHarw#-Y`OPvAW6@M81QC4gOmsWvNF8BL-%|m8y$92KN+&A3Mqi5>_Xwy@=B-_?fCw
zGbLU+^<wwgFyE9NOMynbceK6faSyImjdl1@!*6M=t(KcPCQ-1Pe+*rT@O-1lV6T?Z
zwRCUkhkgH;Sj7D>kWpGC{I#Bc9mD_m!)<ck^hNPWo+wltPn6BfU6?%&_cqwpvy<Ta
zS^DfG_sjh`$$u_^e{X~T{O~F0smk^@%T((TC5~K(uwO6IN!O;+Q~ICK{aX{!S>*mS
z@{c$A8_@q7+5h{)93Ais*(^~5y86ay$jmP7{Lgu%ow0uw_41q1c?v-C-+obTeI*&t
zjk%-dVDU{tpfJX)@$Y-Pc<vvgq+^R5>}3Ds;Q!~VIZw>(!T(4@0u<C7^i+hUKd<mT
z8se7Hl@us6`_Gp>KL4`#|MJUJ_4HA9VM+}2z5h3l1inR)J=usoY8fq9NcNv+@jZW*
z^#Af%-d0Gsl`1pwEu8K9qyOx?+}XZ!{q<n~fBU|IjwgfJSFrv2@15SA`|kht^fi#d
zvS}yu9r2OX+VKYw|3unPuRb_C!paPKjj*5Wf1J-B7yCCB|L2dtp5M!HQ>su(R_A)Y
zGHmrUcI5wJElNxpT&FTJop)i+cQaHTjxr8_U2^`<`@Mhue!u>g?^l&QDvONL-{JUU
zrMnW#0I&-7u79oK(z#VI{g;RN4NPK;<$Sj>rvDz})bppw{x6^AY_}sSlqzo(S)@{F
zaB~~{b%bBf9bwmBNBB3|`;UG9y%(y_+)b@^s<76|5F{*@Mo&LW$u8ipdENuQ1cZkg
z{m4A3i9g%;zi-u_{d=l=B_bY2-awLqqbMYVi#=-I(rods8Inex9iEK1|I&4-r3x3A
zd>&-ag}m(;Uat7RGOF@r1)(vP=%_ofBfEFoSsbrKa{*a_iYNabY}}V;hVlK(A<`Gx
zq`e4PD1x3ufYK9JA>CKb8(~ic=zm}v6M3$;-2Z<Xjjsa;49*X#wy+lPB;^lYXUO?G
z2>d1?`Rlfa$u3Fbn?xz5!Xe<sP|Z`<D^o<Apy55BHnaf)G>t^(#$KGET(wA$0qI~S
z92Ikv(>`{21H>(t>*nh?p}iyt^0p(~XWz8S7W;EvF^<_a<C_9yWOOHY4++zfNm-6w
zU1hmtMHZ>iY*VNy7*64KLshwE;p+XT3)Xwbpxen}GL8H0p*abrDDl%B-z!G+GmW%o
znvkFeRBl=jvWFaJa<s<Rc^90(Yr}$1X>080zFH!+4eRq^Ym_;Y>eecL?aKy~^@@bI
zLsmzswz~qhxQRdYi*YS!diN~4SHAH%-D(5#x-qK`8sWt@(IyS9r!jT5&wRlxfGhW{
zcl(=oiz6v)7w{nH*-2sIH@Im2TK~JVpmxWf0~EU$rMu#Jc(7aupfw2tJYmz}d@U~f
zxrS1}y5X|_p8R_tD-;ka8ZE}2271Am8MBh+#SiFuvlI;mY_XcDq6a3ai9oRsDf=U=
zzueaA-Ol<XB9nueIs683>r(Wq=g0{14;RAACihH!6NFhGjcwxI_$B{i<G7f2D%L8k
z)4mE4b;Mb>>M#a@9$S;GA!w5|)N5MjHYc_L(GTXa(ZCogCMwx@a)_!&6A+CRL2#tu
z{53b8Ez{OGavD5#5YZ`z`fQ$H9hOaFV>o9+o){unI^4HT*j*++T?)T&gXHVe)FpAh
z&sm@^m`W9OXCD0BKh_g<ezjj^etU2@ud&@z>1EzcwTvi&R5H04AWS0VgPYcAa&&7-
zL1;<KW!{YdjU)qjsVTH0iuo0~JM_jdl`n^0Ee!k?f|qD~_yT%qFQnSCAE>ii5fW%T
z2OLE%oAL7U@81<*`31WD_kMYXp&AWhDHc~!P+XK%I*W4)ts#!k`gTHd>bO12OWqp+
zXjg;9l?0^n;!yfXV?(hF)8Lbol6_DFX9a4?oYgqA(8dN##j}GbewkCI6drUe%ShRC
ztPm;e<mPrm6PC}wC>VtO#g+fm$q)b5$y*OQu7i*b`2+gz)qD{+pfKe=T)oDV>{Af3
zn@m&-mEZ9#wSlvv+Haj6gs$4;D}nm3WzkO=H}pbBj;pfEE&gvIx(*!=c@y}iTqUpF
z{7uUvn`t0<Wv28FE^>FIh)q%S;29ekx4kMdO!8K^enWSKmSQ4*-_DY>Ma#3KC@r0u
zbn#CI_eQ*+9Ne8lVk4%!wpE=i9U+uU-frRa-GW>jLsyQb2#{NiokM)^w9Y)~A}<eR
zl8@fTTV1?}&gwo}CLM^LhBFs&yr$8WS)g<u4X_UI?H)1nP`s_SA_zGhWRY-c#mUAb
z7B%+$80gJ6Rd8%fH<g$ufR!U7&yT_|5w7Wnh&gGXfu7eX8U<5j^25FS*D{{oJ98YW
z)e^BqVk^)iv@GbRm6d-jUju03Hxm>ooT!4TWY3*GDTi5q@^rmWhZzM|31xhLp366W
zN&i@Lv}cN%k81e7uvU3-1G}T{G-k4rvRpDUnTBr4sc$b?$9&+?*{-nYPxf-`!h}dL
zMU{oLloVP4C`h_;+M0Ds<KYUcqo>(VmKs0@d9UV<Z$^^glP~^w<fZZ<A`+};cJWw;
zKc+MA%FAz_MCa`g?OZtO37)C3r=-7w()(bkzfqWy;fPW<Z=k;!Ew@=d7~IeSD59Kt
zwTUq$j6Wj2?_R`tnPx-TG3-<obB5z+)T<xWED~kjNN_5hu=_<QrEL`?&o}ujp2y0T
z6F|_O&cFyRqJD`S{-$>}IK6jzrbxhxu(rzQkvlm(VwY{yq2o3e)o1XLFKfOf)c&}Q
z%8DSx)hH7H&LQaO({)B5j9VE)11PoZ#<SsyBIQ(2n_l#!Yf(K~h9WM^2k<}^05rbj
z`A@oifCn$d+G-DO0oGiZlQke9Syv3Hqv4#;cAy2g0Jegu?3#0Ge=V0($AEhKLD{4;
zqGQTq!+5+t)w)uP{Q%e`5^&p!ZF3P7R*W92ef_PCvma4Os&Ou}Cyqr87&53RD5eCR
zrQd-rDvPHl8~5v4U5E$FD+_frVgR+pv)(RM7&Dp%269hFGj|q1;VmJqqlN+SZXv#C
z?F!y1T1x;|4{e>q3h^rP>5F15j)x~`!AOkA=RsszeCXnnJv{&FqW74ZZ+l+1KV~a7
z9@D>U6yGSj*AvkIrU_t@#w++@L6XO!N$K4Y@etfAiU}SL-rA8@)>6b*iWv}33Wx{^
z-cOK=3%EV+$YR%R_1?gLJe`H(mh6hO3w4=v(m0qty;YgD8SK6J6K4{h<5m4>15~U~
z0#`QLx8^q#^qLh0F&Ga8Qnda{;!(#iMZ~?FDlgHaP08inR6lF0R+`tlb#5<=DX!)7
z1Yrm9mHX*vH?W3HAGUZs_zc97Ki$CyBoU;2+k1ICE)7%Q+4g|U?48)b=2K@|y|i{!
zOj4Pu=>E**I8iV6-%c9$Q&>hFLRtu27TR^>4W`NJ97gn9#!J_HmlU-P;Ex%k`sKXp
z!g{j5K?#J1+TFfF40><+)kB`x_Sy`dghLYCkhrh1%DFBFQ#b6XWR~;-3R=?PTJ*A8
z_OTu*%#{GNK-NnS78BqwpObL^6t*Wl8*NBn`9Qs4jb9#f!D~XEs-j?`{;gPtyJ@YD
z8pq^&jo#_L^@cObCSG#FRBxI2*(INuuX_-BlUi`lW9-Nqp@W%*R*0MenRb|CkBAP#
zEyc6D;i=LkY33*pO=qB0QmM)(?}Yx1%zoTHOTaeqfZN>f;t6zGN^+4&64cSEYBf(D
z(`%8o*&8(`sN-NK`8rkXfRx#$M+?*}XHve3<$xaHrtKU-Rz~am_M1NzoY(`Ma1WWi
zb#v{jIehD4X6V^2zUip@lD14~kDPp7OS*Z2T}_~c@~CM2=&BM5Oo51~P#mmYVV@4s
zP*E`&j;1kSXruqa-^4;{XLz)~#pPrf7&4#f@9$FQjHB&e$9I|O_#*+dMLP~vA(7!^
z`XwR@=FiU13TUcP!}{*W&2F@?SOd>+mDX~IPqjXJ(it@@|3w7DKaFZ>d9{%2u`ZpU
z+VbG>;WL2Og{Av(x$XQ`Mvq$+W#~DgHXOv$0RV&o?=(my@~6d(uAiW+$f}`hU$ghN
zdmd01#~Z_!Pq3gE9sJ$>BWO}(%83GNKrcIrZ(yx&RuCB;N`-m)O_<jtKXmE}z**W6
zmU4bf>uZ90rbD6yt^379xGt-AYe1~w7%#41nO9!zUXz08-g6}d7KN{scGy4zosnEM
z*52)B$oBH*4UpPpv$Lz((^T~2x4n9(T;IY6Vui2)1(Z<{2ybKyp(nMf^%CVSncg2R
z;o5ViU+F3)&a?>&L5NldJTlY+gABMH&RqVYoMub@XyEokcC_6<-NaG1Rn6!}H-!L0
zk{z0khmQ9T)kQaOVxy<M@6fcv3#>HbZV9bE;$~P*w3mAy%CPk_;foal=T2m`(@jA#
zsd(TaVb96+OvD}?GzI&)V}uc1u=M~6cx`YwgnW*I^hFE^itXsE4ceEyB2zV|Unygy
zNE8fFB#Uti7-HxiP%$`p(BQFGnP1LXGgA(gOsyZB;KQ!h6|MEyQUyoSc<-NfN)fx%
zWWB;FyFRzci@Keh^Z<pdlx0{v5bXid=0?%KG%ukh_c|ew@ByEM!6E|#+lF1<vemxB
zn5GcEDW)D#tlV9~5f)mg*p{!r`6c+_q0(=+-fs@oWU#kx)KPc;6ECHo*9;^`YCVs)
z668~FRt1WLI9%Z<GVt0ZrQo;w_Sv`!yH=Hw2msmddCG1VS0W-FPE+8`gmema>WshT
zKb;HW{Hz_3>;TJAR}R>nd3_MP32M|jc`~b#;=$5lS2Pj#PVsq1f6#CmluT%f`mj>k
zl!p%%>Iw1O*y<MAcnR2m)>OyyCqKZ{ZU1P(ND|rDlh@x>OJ&Buq`J}HhAXMaeH*`+
zjaK**!goi0a_h}3q`I#kUy!Y|RLj%O(=MmJlpkMIyCPE;DrQ@we13hrx+-+|J1s+}
zYT%U@&aUsJDnJPset(ge3LeWD3uyg_2Wyw*rfA%Mr>b9E8(DhPcQMac!<*^B;2i!i
z21VJTsAqgtxyFH1ha+mI!96L>2vLwQg?t}Wbr=5K=A?p6LhJ*PMO;Z{^W8v7NPUU?
z8U5?)ZfD!r@jajVW3pklunO2Uwcz~c%pW=HH|r068@*(KOH67U>?DATgZE?h)6tV~
zR)YoV1yT4en{UKzb>Zv#->${Xz4Rj>-Vq4g2G%L(6?Qw*#~rIdWMj!nv8DKrov8e=
z6M7#_HKcoTHkCI5Jb|?HguRqjg=MrCZ!=LlB`}O@^L?+)J=|x0Sao{rtJN7~V=x$c
zcIfTB_lwaMl)y+r5u!?SKUZ*RV}2geuBn;l392+`FV|h{X(puqm=y(6?stbf*VG);
zE>%n!rVJR~x!NFA+M%1>7~O*v*D^(XoSn6)dc;Ky#_>1+5N=i!V_fS4A5hM;OdJ>e
z@%2}Md00s`r4PVYwo0~PDxtJKo`(SrQ;lRMa_goGm|4RY%7d<Lt*Ob%hNkwYl`7gw
z&V}v9EmnkwsO9M=7_(ebz3DYtA(}81GHe5_&#9Li%NIm!R077Of!v-Z*&W~sEnD|1
z)~YF&HuXJ!r{cha0~<<l*5=!}Ep_e_K*LNL=3JBWT)2cc1f7K+7mPC|y^VM+S9CGi
z#kO{tL8KfZw0_52%<cs?@vTZ*xz%}b*Vpp~i95}cHwVQ^`lcuH>~VC@ckhnwMux`#
zkz*ng;lC-ruM<py!hp8<y9Q&|WBW%A3)knr92}G<Kl0qaj&dg>t_2;EsJMFS@Y<>F
z>WAy&6?yjD^>I$VBCntNpgyb6U(uTHNn-MqokJDYsYmL#XoG$rd;yvx;<C}O*A6lf
zm61u>QGNlJb)i-j$NZ;+zwwn<X1ioV|FMIE_ebyL*6C@YwyGwbtzgvL6DBSjQ<E&E
zy)R;Q9qeH;W9)n~+8T>YZW7m+CTyWzQO9>KMoQaltYLCMgI>o<M2&%79xKcMaoiOs
zI@(vdD7^LaaueVInMSoQWgaH(<$3Tmz%u}5?1kar^y1^`YN6IP(iJYs7~ab`x485#
ztXyZvNZkoQ?A<f`^(lN9O<`}|<E{1j;X4mfLs0CkLZ$dIcPF__)#SL7pc`RXJ>rF)
z<3CJ4l`9_x7$EK$;EQi?L(QcFZZXO%btl<4fBhhN`c=fEQsm<t9<9s|<h>@)h~UsL
z5c#o=N@22&uznRSHf=MCr6Xr-C#+<j@P6-kG=6vFeY>x#cPileIIQF(t(w-00i^h1
zdG<b&)nIm?%8)13f*yB;(%M=>o9er4aP%WBC@XEkVynEqeX0i2;gA5~Q~7*$K5?pn
zvw}m_{u10m_idj)Mmws!{fGR9!?q9vkH@D;I4kXuL`}`18E+ikP}M!D#toeG4wCPi
zcBs$w+tHw1EmROd6)c_1MVo@pN6Y-?hgW~iwnYxXgk7T-jWN+LjpwSBp+ba;lEBri
zIo#tHJw4hsN!9u&DLGn_4{u*XaO`=e05j;T-M7(;L%a2S^qSu9NL@<9gfb;I4KsIg
z-`I7+-uS}ZKs(8AYaroyWo=`$4gC_}^2%u5+XY`xya03!5_hM3L!~&YXD)4@=%~8)
z9fdTpTIytcXfKX5X()Y6fE9-R{vMP8Ala3fn_QSq?mYIeq8hVrtCa{_W?X&9js0wg
z(PGLqsRGB&0Egqk)!5H)>azoXUGkp2zr&UZbMADpYN~ZGWwz2S*2gU&f3*MxKFdk|
z$xcvAXC<!Bb-hSbsDWI>tW@1K&3Co9buF!P_UHv^G+>cikkqxrX9EgwF&4PS_fA4d
zWIw5%rjCK`hL!Ycg<Ut#Y~XIFA?f?gFIvPU5NM<G^sygp`7xHDIEFrm%*#R-k`i6J
zdh(;yM3`Ypbu8wyiSzg2<}Uaofp#M$=fDCU`X*Nm!PSRRAHTkKygWe<&_3PCO}~WL
z><K3v($ddjCPov%-N9E~v73yBfYfJNSu#guvNtJKh^LtdNoiZKDHL6T5d>A?aqv$U
zdZA)`&>f6$07o=Z{OLaTMQHt{p7TJR?jv#MxxfsAeZ}}E(qPt|5evTa3=1*pxuh??
z)tub%6Lw#LcNr~l=E)X{Q0%(yJO>sRLV{vB$xi!Hx|AiKz;H(3(L)p}?Wr{$UwgkW
zaE(JUJ)~dkX#CoN<#mS?Q;(RZ7QyCIwq{-vjGb+_r_32d2Y)`Z1!|0|0qpvCd&Snc
z2l+P#GGUzmn`J~46ez#AEpWSs^T*|;(GnNU9-?XQI{w|pfqh#apM~&%kc8ttjLLlk
z!XwmTOnKvK7vli0HR2v;mDeNZpHgPIa?Ws-3_nUn8EwcI2Opooo^byMF9j*X4-SsI
z@?vp#V^z2ZY=KS91y+q*H8HN6w=QsAoO<UXlx%u;eCaWR_+9EC95p86i4c3%CZOnG
zy4cya<{fo@(wq06&VxH2cPH2#B-@=hkJ9MiM%?XaMr(uX*v1aJ&n5M`HaQfTKF=(;
z+etGO3{#|;de#`dH>CK0^ADpD#|mLec#E)oOx^bry_^*VjyC&|))V~afs#tc(J6x(
z=gWmQVc0emRF;EJR`tFxNc0!|h76r)eHaw#d%QJ+2x@oIwvt<q8@)Xd8L}DzK!nid
z=*FI0Sj60%s`mPMrf}zye=-g}OS6IyPl@uMF5j)sAzS};Vsy{z2_Ge5H%|74xVUU)
z)rn*{H0(dR)`}8M>^X0EfAj=yFfJnDZH8^pYl>ACB?o!exd1lrULy(D%^C3*Klf!?
zkBaKn-7SXm;~G95Dc^dJy-fKzNyk>Y>ZCNhGbMYs*Rvk+4OzFvCEs{&`d%cqP{&?_
zET8;Z74o_!`99EGDaZbecZel+Q7#!3mp<}1rHE==A7<zz0n=w*>m|=?|MBt~-W%>2
zEN#vR8*}ytcB>$#aH)A+An3Ud1|ZYE_Q!{RVG`dUs8(!TjL-XDq`d`Hlw12gd{h(!
z6%YiGR8&S%X{01X3F%I0Y3T+50VP#Rx{+>%1_i01l$ZgAP+&k9Lb~DGGb*0nIqzD3
zzxQ419M>!s@jQFq``&k4*L9;n5ZV4Vu|_X|(xGYv?tqE$7kP+oCv!igxMmf3_!Yt3
zt|s<sj~Q7ezP5rixV9gy6`+M!bkTL1v(wZZD7JiK-Cr&>ZA-M-(B5+E1)i7H*UboR
zD;+$(@7jOi;?&I!q*1rcU!=51ZI+Uru=2OGSq1{E#FGu=Qqmp!h$1T@q*XGAlZU+4
zBW{tat$hEM9zL=WnVzu`y=Z5@=GaRg3RP+7os)62>oqof?oz#*mE6T>qqvM)8Md=v
zI`tLKHQ}r}(QuH@LshQV=yl*Rfh4&(YM6|ERgLw?h!Pih|I$5$_`Lj=?9q-Cu6wuZ
z^4?!0`*1|DQMrNh9US%{7X_md3i0hJ1bI_~P3g;v72e_~(kxlG@Icp_)dwG!55Bdo
zY~CmyI6MTv_P61Wd!@^SRN>!ye7M|7@;^5D)5a6}_EyHEeGeK@WsINT&T$i=5uO==
z>nG1{jq`u@N|+UjFQ!=oQ)rFvjDq+khtP7ldY0xEE9=HZr{?ow89+k<j_!*!b=pd#
z{chN?hN<#>!Nl?MHiuqq@(@aQqc#1m>*&=H^$v9=V@=2&@s#Uvgu;$#T4dAtv+8;8
zi|Q|^z$YK<1KcVLpwxSsQ>&_ryuTva{7Jt#LvrfoCN4cQ)4@sji;ugN+ixhy)UE()
zZPHN%M2^mk{`H#0k&1Z7@Bl+d=$#IqFNg1w?pBDmhSS>gx*v%b1o8+AUijsD3D~Qb
z8G}{MSYk3}irZhz-RHjs(njAglqwiK_P#iEJ2P6-!k`?v|Gk;8wPM3On3kz-ZMFv8
z{Q!qQ#!LK@P<RJY+mrRhKGD<%T-ws5?K;&hYquDJzERIDmtliomSPJ8+@F0KU_#hc
zJM7sthlXEh9DX}EabxAyyM%-rCc8Ht&DPWQ8@{wvOWtdMRZgUYfcT^Hw$xEOoLh5?
zZc77d`f|n(qhgimx;A6Ng04}_gPWM>ynkf1m$wxt<0-%#pMe}GaBkSsUkcVvsAHe*
zC$kpr7=-V@zD5zW;nKLIC<H~<7&!@gzK^3`*2*6~{8~qtxpgBZ;|+Ofef`#3GR1ax
zk+rV!?srzN#;uZPLk0(Kx0%DbX``bqPvrw;pIbKMzoYEe5=h30*>bHI4~nZ+g$;8I
zWw7{xy$=PTOxz$aS~IiP(^uhkM|NqzY-4+nDZUo&x+l<jz5PMkWMN-xe51PuKw)dj
zUFO9l@MOmIBQj=2v#)M`#bm2M#=^4mySqepJWnrcjsgAs$op$}rQMZm&s`^sBIrT1
z-Dkq6*5KIZF3`o%@zdK@vWb{1E*C#t`kX${83u0|3*#KuhFT4@GtzHN)k5mhpixX(
zSqB;Or#1H9T4)7&CZXG|Z?}`v6ocr-zIK6dob9`1fN2`5((`c5lJZMUk+)jlc|Nt%
z&+Fd{V=S5I&5sIxDz-a+7sB33|EnkT9ozY{`;n4bT_hlpd`e&cS%OkS`YV|Cgg;ty
zb<}M1i~blQ<wSH>8<o8Sqg&xwx$cQtZY4%PZ|CB|B@NR=tMD&z?vo!CotwObi|gkq
zsFqzD4Q&MXCr`5oKdb}pH1?)79TN17tl{P?j{V=>$+Iet&^fL|;FivRynK_ThwmMO
ztnoR|-SyX=o5KiQiywgjxwseU6^Yc4mvU9PqbBhHf3=jHDIIeK;Vt*J!M(`+F1le8
zX}M*Sb&gXfVM_(d9oBb70hC3cp?1l)ECe{d&KH4qfDbk%ZCMlK$jjC|s(0+1<?Zr(
zokwW4qYogg!k_p3V5uty(0SVrizMncdqald6_VOa;tA>`i#jjdKNL0a(t-r8$0`{J
z(Fw2l3|vm=xqS0c95a{s0FjE*eaYaHqw7oj{mTM<Pqa{b2@)g4A+NaACe|Y~P><#h
z{u(|IRj2WCbnIMlHyv|CjGeUT&=%NTpR;JazBk0YMiD_L0#Y|7CLyAafxb+kgPf#y
z<<DJvf~>YJTdXx4)((mEo8W*|$c8XVbH{FI4mA+Xc%~bhj4;L&AJ9w1=Lqb;B|Fcp
z$-oBX=#&b1M<!N8Q2yk)DT9zQYJn%k3w>$+@89fHO-W7oGrGsN3o(oe(Nq+81U*cY
z&DAA(A6~r*8x%h9dQiLc*|C~NM^;qWL8;SbKWuKaI)cjKlSpe?UAYcGg^Ez{SZ|cx
zyQMyg=_dLJ{7Bta9yyOls>XWDLl7Jm5aeG>SeyiY+}YnHk9;Jyp}T?U26)*&VoaFM
zC*EA|m!n|nQ$&1L-y?=QZ+|GXUQ&k3XnB0~n9HnJiUAJM{7^mOENj_*6JQ~j7TmI>
zw)iN^VbOAJ``|s4JW*IvcF2uaBXjW##=amCdtM}&BCu{At4M(pHXs{0*(p$EDs-@J
zZ6+}0Cvpl`lAuhMMN}xFvU*pWXh*>W;N<(R0u5vhCvNy4P`E6M-pe$VKH4q#Fx&ds
zbFnfOt~<yZ3yov#*@G2L+)IL35oLPgm?0rs6!T612)Gcp0veyqspr+pNRDDy4@AD_
zw*(R)t!u3$nD#L@vQmLXq!lP4u*$xox75O!W6<oSvwJdXi6mgFdpJ_Tq%(WiN@>H1
zz9eLb7_m0WFT->zF|f5o)iq#w)Em0;8XQ*5(DSQyNYmC33OfK0Ghu8>iofd^_eJ+P
zZWNfaD=vj*;m;P;z_>C8Qi)ewY7-88HI53d5pKdm0iE9&@Ch4hYFf7I%fK&Sx_|%v
zDkzT*W$KJ_E*%ceqzg{_yy|_6v*H)lLQJj?@+#xJ0_eq}!E&h1+Y(Dw33(zBh38*9
zC0MkeU15mt`F%w9$-0|uC^OlfB<+Bz^P?<Kbyj#ND}v52p4pQTJ+R-1ptCJ+oN}hm
z*F9+Zl-f$58gX-T3{f)mk~<DYlNJ8Jib<Gn!$WaHbjNEkt*%L^_v_r0_0(9NTgCip
zPXZsD9xrl$(z4iRhkE^)D_Lk6x_Zh`<9S|TO<$NXU9Z&IhfWMjs94biiwMfb!51XF
zqD%u&1QrnTLGqfq3sPafqeeySo%|Q}PM%SOAPRMm`L*tqj?_CCMhR`mE3<E}Qu{u7
zR0K+1KPV|GJu^HL_npdMb)sWByd#%HZsAM3F_2wD6*pg~L=@GPCf9)^)@foH7s`{K
zz43kKU7JX!%~(yv`jThPqs>oZgwYy#SIBD|(I)wWVP&>AWiGS5{YwH*F<?U6jLIy1
z`sHpm6B>wN^{Xdt6$kMqY@Ml6_d5;wn^l65O??(aR+VF2ACFSuBX}g7c%UBaUk4JJ
z(8=1tJ;R+Kl$~$M3!nuK++CDjvR{b82%Xf?i#;K+u>nE4&61G!^x*=`_FdN#C<khq
zE7tqa`oq`9vKYNnq1Bj+mF~e16mR$3JqnTOdv)3;$V~ij31zEISy@@hWU>H!U>8o`
z{@y2(<|b$Iw?*n@{s*XaWPlar^ei;ox#L8o0CVDB<U4qv-cml?cuP@pdMaASVEls%
zxha3R#fa*T(9hgGOHW66JY$^jm7vm#rskqTYd){#{HrD`pAx$?Q$VMz*5TVz-}viR
zn1WR)Xgne97m+bx5Bjee@!^58FPS=bmSJ0jr8TYB6YZ~Cx{LV2Fm-Nn`uspQ;6hD3
zBrxb_yKb(`&fF(l>FsH*+g9o8{xYsJZWBgQ>9c8@;Z?lGc@g7NJ3<liv)TvOA5twY
z$F|;sUBZ^3Vstgjze%HS5zJ!4MToH0!(8209Ys3j1<gXeuPg2LK&2w1Dnq@8_uw45
zWTCW^H42an-!spazD%Ug)~v{-UR$a`TW``Q6p^vKp_y@}!j^qWeX*A;3=C4^j6tZY
z#FD{8h<^hHFi4Ucdf!$z+H6?;S3%jEPTd{<ghhpZH}`XCwt8hu8)c04u0yr}xYL~`
z_TB;gQ{R_t2)7fqz#jsYHRRz#3GJdzxrF`{y~ko_T^CB)zL`zX4&~q-E&YfLH}`ys
z5RT|o|BLw6E%hHN+6&t8QJ^W)n}6P=xZp6PEp%hJz__6IaiZ_WJ|l&*7~YP|c#Y>0
zn2F94EwVK%urBwBn;>020L7L6#<Vx7pd}M(nmnd-LAcK0;@ucZwMWzAv|D353SYu{
zC_hz#FV_nmfTm#wP;$|~nKIQ_w10E<>I>wVr*ecm8`kY`%xydhd}azs3YgAY|1Hkj
zdaT$R;Ifftt7IZ_SmQl*P5Z3o3k-$Yuz{bv*ATQFepI)Ce=U$FbYcZ`F-^w4HhV7S
zYp`W4AydTy-#Vk$%sSGbTX9w7eK?y`&#fqprl5rC`sZbrhfc0&19C-78c1DqF3P7a
zKvjf#=O7_;79hkceTtrhQ6j3Ckb5UeP4N|6wg(4U+T^mp(szZ}Z&fNBxGYpnh1oTq
z=Na1QA-<D*=j`Mx2U+7PEYGN{o14UC|ARV}p~QKG)>4tnp_lK7Uf~+)sTp!gR%i}5
zAAu3tYAHrSN;8ZjztTzR;jJ}v(233~0}qKOy94j2Z(DP{nc63^D~Y+IUngtU8cv+Y
z^dYppb}l(32m{H6x&B#vcRu{0Y%3Hj#!MJwFl53r)>?aljjzU+ojD6Xtk#PKDiYXM
z-D+#o)MZnw5!wLcHxuDa9h>?MMOwS7gl91M$O|bfYz3tdgMf=xCu#J|Pdr!t4+KB*
zpFN0>mw7^J>m||cuhOerf*u!eKGzBD)XztqVaf%f0<fAgc*UqC&e|-<3c2AG@3bn1
zZ0c4dq$onsOV3SjwkWR6)B=}r%Ia`?1)qs!U){0U?49Fl5?M&al~_aOh&>7d<MSXW
z+^Dfmhl{PPSo=kXJM?EgBKH_OAMA6ereoZ=3*Rpe7^E;w&}R{QTKI!D`Q+wX>r!i}
z66-6G8A|V>H4W33ws})cd+m*aS)lJz&jY(P7!!n~6DN7BN>T{b4fu8^-S+l{YBb=Z
zKKK<yffhsuus9ZkF2DLywyF<_#h}MpvomreyJgqvxpnyLBng?QE@DkAAX0OO{*=zt
zr$^*~TFt{p$Y(dUH9SHG0`)bFSKS>#2azI(YMhr@A5c4%kM(BAUqA{+SSx9z5_va`
zlUMVKL>61UE;w?{yDWae=1QX>g5Y%iOYV^;>Fg2EIBs)y`sAwR(@|W%%05pM=9<&V
zOvWBT=)V-&@2sNWi!*>hOLMEB(o*d#8aAEu;7Vn|s_X9>kdAAFi}1ZonXB0Q90l%k
zfHuEzu&ZO%rWZ`k7M)i_^Eig}X@AX9p{)?cY;h@q#ZvuHI^VVLy$>`4F1~bcmjQTC
zJbLGZv|b4F?56@PwM$nkLa#|Pk|ZY<dtP1GYkhFe{VsTEOfO*6T_D-?A|q8s@^n!8
z0rd`xcGV}hdOL4^YXfH8739SrX`GP2JFF5fFf~t&6Q%o-Ae8I~uSUZ4lV;l~r<RE6
zB}OJDc_mzSP%&LLv3=p4wxj878m$`}#6yox@55ce*8vyN&vX%lJ*L|F-hgVnnVmF)
zWj&Q*AsO(dgy3R%?#*^ZEY!7`KZ$Sh3hctwrDH7LG!~P2nhAqFat345O}bkh(7xw+
zM&->1N4oO$DwNC<)gbr2OyWnFU%4Gy(#cvo)C|OC+6_5qBC1X5MIoS#4+X4L#UHd!
zO2bgY^VOu%FL<7Odi-Jf_Q{(<COsabRpm*BaO?3ApmW~geYB^?pY69=Vl&aeZZjUp
z&3XvpQQ7-Xoze!HJ8oL>B(FLa+&20S%IPDtXyJqPGRww;O{bHm_1rD8+wqMDK39n9
zfX0!B75tN~IXwA(a=uzogG!y@K{=yJuKIOg)uJD61I{Toq0Ebh^*-jZ=tV_C6bDk)
z^0ZZ%$0gXi1iReFEOs~pxNw2DPek^BM1}U|xG8O|1O=Rm@^(t&`wEX&U&d*x!td|_
zQXzloR2cu;4XQ1oDnapQrzeI@lZ_GDA4}p{!}ee{b~MJbHGq;W5_w2G>lsi}U0M&o
zY$kn2#>k$~F3l=Xyp8}jEz^en!<+tgk%zHH@lB`EciJM|0-yN{3K8L7#M=LTvtaFm
z-U2luzR~UBO*FiKsaR1JvGro_BMC>h_|l7zj<j+f_K-c@cF1}oL;5I#_1+VTs$P?B
zw~i3v=(nchOD1PSnlZib%~DV^&@`IKa=z5&HLD_2S>XFCq5$0h9aqHqo=B`~rGkr5
zUS4#>Vj^msNggI(-I}`nj2K>Xd1|R{ttT#YY=+~e$jQbMUZHRKO7FrR4^vojJwE3{
z$h>kVo97%2m9-4b^Ur`ic1ztF2mQvPeO*6Emw+iaYYQ2$NT5H#<7M}4C;NaN|6Q@8
z-SSFG@AUzmhr%6~9_-bwHU~C=Rpq4ZYp@ZnvqUW28wMr5MPm;<haNsbuG}$+ua_zc
z`fygLu4@!oc8x)Mwp<HUlnEK#1k48@uAm6J{^@Ys`BK+6CBT4^(m_z?9|-liBsIl#
zZF>f;oEKoYgDr@%VhW<&DoMI(F^HOgQn&VW|I&+-KPZ6!uTIB+g|@1vc5Z=ss2#hN
z_Z<rW4RQ_?SnJ|2i@Eb*pwdRT%xTogY_=X(z7PlmMdhoPTywk?V{n%E&TIHl?qO+x
zLi_gVD)7s%6e34oE#g8c3HN?9z1D7dgSHqq*?3H5WJVk=wAkGLB#?(8EPdA&PMcgh
za{f4=orCW*5wMk$sTN+-DKZqSxNl-r2<!!!1an^9#Bxvz;uzq}^|MK5eQtKXx`|<8
zhEQ<83z-5u8=py5yr$=1dc~f3*3LWS2z*@=3>kS1yY{dKf(>o|s$SZo^MqLb@WUzU
zRUi&4kXEE}KPB{B9lF3X?9kuc6?jg#9b7k?5_h6!zV4d7u?pIJfBp8!-4TFX($3QL
zVgMF8%$u5DY(<=LRPEStBao5@Aq0o`Gn~Tl&_219wDdsHdKa=7>H*53+8XtH`p7do
zRf`<nhaPJyU18%3N^Qknev{`TzTtu5QU7eZ{DnT%aZI)aEuE2rVxtP*a*^p!^g&9g
z`)|uUO}=tDS%l)vt&~NeL=vOOJj;Lc>|L@Wfad5@|IP;#avVm~N1|>mV4QN~6eB<&
z)nJIP0`sJzWIW+AdkVXvLtBq-@~vwR91=sj%lB_P;@gG0g9<&{4`bW|ib6O`H5=)M
z1>x5E6~Mq2XADy{++fz}m>Q^=ugiru`D)xVA|oTqzz7B2sj=~`zY<%#>eXf_NxrN|
z;yfWJgc6(wfXs?z-A6@8pxp47Z@F%5{gZl<90%FAJYh~boi7(KpgtEo(5D@Us9#R4
zsY^1i<7^U*Wi9elSULF%@%M}tYmopdoXoo-ls+`144}dW*G@zO74P+k$K4rwU7BTg
zZ^e^+rg|TgW`QVFmBhXOlG2NP&Xf|}D`WAM#^KXZ*WJKb<hSA{YlWG)JC9etfc8}d
zS%<mfbBk9i7KS+|?x)m-C1m+Yvp}4QUOBVoRTpo3TCGERV3V--BaZ>9P_}^Z9HM#~
ze?Lagi>ok6y0Ops63m*Skl#*?tnp<Z!0-%9bo572>=hRZew2Cq-i}b!{aY}Bj9vog
zoR?wAr_LG~u{sY18+{!=#}=pYY7LlYMxhS1xK|{f=k6)htQbM-iP3dd@(dBdyAIzT
zlk)9lz*<~!)VG8|hs#(f2vQ$+z_t|LlX#ahczP^TqC3v)wf>GzI7^Zz_kkFZIO9jp
zD4S%lYGB%y=U(fI4IL712(3Z$VCl%#(D;XJ96JFo6`65UPDG@G5Q*!+$r}y(+^h2B
z(_yS+SjLD$@yhj*;Faq>j)Jw$!ea83DOVRfUx!9SQ)jXGZVI!|zo5FpgV=m)7#7tp
zCp;#x2lzoKUjnI#a3JOlt(+m>s!u@~jRcrcPERHB7Aa<yK7MnBhM998#Q&>tv7cz1
zrfv%wR{{{*sY;uwUZE|Iti6k7%>wV5*+pIPhIdU^W1BZwc=Tcva>O&e4_dEdlpge5
zNkwl~c`p9q68p2ZR>=opu#%vdY#@xox7zN2D2kn*Oj@H17W1idm<xAWIN$kgxb>oN
z1c3$*+XBGzoY8+?r+*M`{DA2Dht{3hBGn7S5lO=OMk_|IS8o4kS3#cJvxE4g>6T?;
zlR(6%*W^}yCveLA(O#}AE#%YF5pt4c?;kYkRedKhJntR9Xn0{}z?xK70m*pdxhX@3
zTXh$QpfkwtDuSMJ2|fKn=gw<$C{R5;k?FU77pi{cFI^X+eIaJ?+Oen2M0@Udv?`lu
z1W)?A)A47IFi!cI7$&Tig=;vgF-0-}8ig33qxMbSKW+hpV9O1+G4ux`B+b)%lxRlE
zXaaS$9e{q^sK{uKmdmo(zB-cDQpoKMG1c`xaQwg>Mr0~z*AeX4eEaJPsLkLp*HXYP
z%EvfwXMX|VHY4TLFBIx?9~_B!+XiFm(%!>z0FoX`3($D%{Q5Jd{@)(OFJ5MqRY;DL
z$T{Z^19Rvh@{n143xEN*A)Q)?J4b6fVfyxcbDZZBa)`Q~`(gz<8FlqMCDglcj+>gx
zyj&$^>QpjE??O_ZCPmSMYBoDtMsY18(h+<17^<Xi#uoq>*@(Y7jKC{m!}ww>i2_KU
z-LFP;xv@?_R~Y?EaB!H5<G9C$8E=468wo%6r~NUj$Z~5Tg-u{HYsQh14aJ@u<`b~%
z(gXJXUx-!DtXFt$jj1uJ6<W4E0YdiOd(|}1h1+v)s5;$Hp+I=T^D1nwRf}z_is*oz
z8Qj14Ych6d?H31vn?ubt)vXW8cMhQhoq0r7QF%*}15EKUD3t4XxtY>oLpNN$PU0kB
ziek85SPqbJ+;fKG4x%r%$h~^w2Y=_I<X<GWsk_~p31yP4;k;fsG74{rDDD_!sH8m>
zT;}M3RD5G1dCkCh{lsSYDk4AP<|C*DykUN7rg&dcTj)m3A{4pUCJxX|l|imDg&Y|q
z?HQ!9;a|N;!KmNDI?-R?VJv6s`VUgupU{dv-v5g%@u`w7MpDL(da2&D$3sAc3O+Bi
z)<x5Lr65OeYbM@iq@r4hxJoJYY_WG_<BY!}8rY4&X-el=Uf1tFxUl3`DD^Y|9@JF(
zs;=b$B!Vj5G*v8q`QX=CGSKmo?EWpP8&-B)CLPBhcFc$3C9pg+7=BQc%<Gzss({rR
z<S7mNpQil+OCb$P_`!i8V(^K#uF-G;I9_F9^;$|asc47xJ6Y;lr#q}o_csRB2w$Bh
zAj_DvdpAk)_z0qB<pIhRQkB;42=dJVMNzSEtTCF+E)zW;21KE9!33I%R)8>Khl)Db
z)|MugoOqc=8uo@;2cPDcV}Ln*f1S-gds4F7Pc&7#W1s2P9ZbEiQaUrWp<G^<q@aiW
z=SHXaVzH&$KdHu(*NZ!D#y<qe#0=w3Rj0%z8Dmf2E1W_<13`zY{l-ao?{S8NVQNzt
zY??3EISf|4dISC%C0%95+6~ySbUHN-l9DgOO)=sjn3(~JvsDqYbU})|QX>wxT*UwH
zP8Z+&MSu(r6|MFX(;AeD3JIzPs*ZVZ@fM9Uzi!L-BXSt#&Kv0;R7Q0YoG(BQ90^sd
z-6Sjh96$+6_CB~Fd|36HmHFa5JM0cHM!Qj7QWheg-3@d+p{b^35rO>8UI5Jm;y=WY
z#hNQQ+1W|u7Kk3zBVZJ-090N0b`Zqu6nWE&|FhlqPM)R*)W%;VuA0Z^VIe;k@Uadc
zJ>HX`VE8kl+owT%lq9G!Tx5JmfU1g%J?6``U~@CGKjh0{eocpBk(ZzH#<$hG{=WRj
zk6VqUSXBR_j{iT%nooAGz`)Eb%gFzUQkIL4GP|LaVXfeqE)A6}^2g8#|0C-PL#Y1M
zMf>-MA2d|ZAL&rd$@o}RSBSW$8cUxYnIj*Tml+HASy;1HzK6j!kQ)CXO-+RWmD3WD
znGK9fQ2mw?V9rVZX3jmsHd<hR$ef#Jj6@&g$xBfGZx7_pjsP!YeEdTBr?5{k@`q0m
z#D!tr&#zuVGXM^1b>yj|<NO|n4r7Y<f1Z+mFYxhKeysE#sP+7G|36m#KmPlJzUk<i
zXaZy<F9N<D*YBMV!t(7(|CE5NOMvRzRRBB0|9gjCVb`YX57%a16M|uB7IYr7G%-wa
zx^(qFWNH3O)!?-Sq;0V8n8M6RhsBSv&#kIlu>MJp{*Nb&juqp3vq)iB(`#1zvFEYJ
zd#)^lG2%#*KQ-bQM1P3CosK4Wn!4Xl!;N_wDXu?!nx8j8l97%sL4L%e8yM>Gf6b}J
zTz!3DsUQ7b>PhTU8~x!@XV(VU36=$vp8wz2*esEY7_M(<kwr~iSYGJw1y;v;i6?)$
z!2Wh|ofi4IqvaaGDz+-ozufX)XO)?;J7w^vzX)4H);*Oj#d==(f3ck=Q3}~Y=^zG4
zg@ZF$ZZj`1hS>Fc>u+MWp5qU<KDX0CM~nhygo81l|Js}Z<142{DIcR&(l*%i`&n*d
z4+ZBRK1-o0M2;ID6@c0IGryVHud!U{tUu&J1O7aQ*&Th%r7pgJjbontsr4a5DK`9&
z7J!`j-`@whWUzjztcPQ6=fNHP-@gkfK1ymvPx7UPSao)TaxTuE5oVWqey{I!%=+U0
z@m~9{4j81%7fyUqC6qG8oQnVY?tG*H0RknM-ER2(G@RI{`BSHZ+3iv?82l^O|3nkV
zWRTMJyXO@L(>u|m_*fJqHX4}5MqenYKh(IGvw$?CDoPZx{Oz>6e=A%VV3QrrKQ$i4
zA7MXmJFLTZ>&gD7L&ZI2#-Nq?=Hk?9jqWK8<FFLPtp7<^0wY-<7oE0y-f9EOPyg>F
z3$pX%3%80yDI7EYrw6(O!<_X0`lLeO7^*`KaL&mg_Xtpm7xsTC4O}O}>Qr1}`9sGe
zni?VxIwN0J-J*sA6=U&@<@JvPB0O<Set}<k6E*>wzs76b7RYO}U9MVy0dBz}GzA3%
z_4;xLlQu^H6VwQ(SpralN2?5Mrvsq3r7Fw^IUZL3ANG9nMpI($Lji&Z{(Prze9G6b
zp92&0EUUf-ume>=*O^#TOU2E+6dc5ui<jreBDpA2MZii&#WENlgUo(Dnh)>U{Fknu
zWLEPqbX$~ERJME%PVnq;n$C{Bbo=sOt^%nrI(a%e0YEHb2c=C-k5(%*9QWb!c>Q9<
zn>QC@Z|m2MZSg1HiLmop{Yk+0%-jck7cj>|I0_?6P2=q$A$z0FMnZ#C`FfH@Zin<8
zVnD<%0z`Zv?kzbX4G16}CXJak2Ay>|4TBejZ*SzRYHw61%&c}rl>Q_8e047Y2mVpu
z$;}-MqtO;T_Q#;#kL`iYQfwz#8-bi1hSY3kiy^v8hSQj4g>fuy-=f^_F@>eqC3j}Z
zJE1USN@D<gU<Z7YrMdP!3(8)2fmSC#(Xm8zkth7*ytkiwE8=nz<eyQ1!!~Ym8$+x|
z6cvr>A$L_=PRdY3KhvXKK`ZHZzKmmS=Xh7wK~>Qs^GmPlIDfhndvA0t#cM&E0Qk<$
z^p99rE4D77fxV$p!83awo#-nymS*X(#=TG{q3gLZSZ=@MlU({?xh~$xYFN#G74S&u
zr&`BeUvvkJ@Q8r(lrXp!A}X<Km+>h>2&UNu`}R2<1*Qg<wfS$CL01H(Ux{U?71>)2
zGRP)CA{gWtan8&TzqtoYD__+0V1ua>;00cnreWTteV#)D=Oor{?n4+A`{;TTR&Uy8
z;B(yhl`dmFBZ$_OpPsbs_1pdG=fBFhW@Fw#dMg+4zA!nYN?U9={BrNHDB@2|f|q6c
zkGO}$Tf^$bKr@zp2S_0p^*`dNXzBSuX1seTwF@pc{KdIJ=8VOMvtXVGXiC}v<wE1g
zDgXv<jjIjhG%ruAr}<dJZzv(efZ$FNiR2ejLCtYJd~AhQvmiPjyc_d=r0>CYmwwDo
zm7?Qx&?o3VU61Q0%M3+))MSUEa-)8ZXsiXqRIJtFcyn|yv6ylgZ>R9eN0LmXcRkST
zqrJwX2r$c42~2D@jOqj$i$Ov1Cg^vT-}#qK{vwz-W{i7O0>=4{R<uW@IA~I8g8@&T
zJh=-s=)%>;BWlaudH_{g1^u`F!l@L1<4{bOc%)IiN=tFq;YlnS2trgYG<sXO)2JeP
z1-C3?d1Ga96d)Egujy@~0Qv|{Gwz5;1ZUf!J`#F=OpEsEGtLp{YfBx(z`=4O3fU4I
zy74W-cs}fTtV@jyMvnuaV;*Z#xIGI$?Y7R_S(6+fy#(0PaA~LbB4)Ffg1ArlYZ1Ec
z@q`z-UxUUxGLL|anJ6;&_D}Zsu;)R9obV@3kxDa14o^!^4k~@}`C2T;td;9jC{L+L
zM3FZCLa`r}eOC#$+<GsV2%@_=2Il`&*%}T%_B(I%!FOjB5ZmJyPg1@E6_6CUC4l3=
z@SKs`uWl(#Y|b12RJ0VBXD_2?as9~zfCY>Vn1$&y?_oqCl-PI<n2PG&lqU5K6xF@#
zzkKFf-uSwkcJ^V=ep-2`mUq;7BpHilJEoW|_aSHx%d2PQFF(HxMiA}|JNc{mg0V4K
zE+aU6hbi4#!=`#=ss}S!ddg8ibxb3gS>sx-z*>1%G8m+3ZnL8>LbEy>KVB4GWw&$Z
z5t`q1+*^bXwbpf((f-rc#VeiNBpyJmmjfvr$7yy=%c>#@G=<o*bY?qF5em>Tspdoa
z8w7sn?fob&{`mJ*?7f7wlvrtI!MtOcw4Q(<#Iax9$2ut2NoMb%P#&o%YD%q^nbYJ6
zY(V|7oC@fkLciTHl;{LKvwVXLtAoh%Ub9?xNa16($z}|r8wu7&U>1rim;hqj{)$qO
z<U3FyD3LPA?*JoVmtmJ;^a?*OLV+-+9caLG?4pZo!fiM=Trm=$liE(hsL~0qy<z+2
zzzKt>N;6`Q3#$qcFtAaTwdUKkyt)IxXAOC?x4>S#RMJM{<f#v#tkVaR$|XJ@B#b)r
zhnmH(uUHObzkcal29($|8rY@!XiPUAN~hy8Bs}#^aMC1q|5m|ENFO{CZ-y+;;^EsI
znqt=}oec_p*A9+RL`{;7@WUJDicf7V%4e8P?t_|Ghhcd4ZPgt^_8C$M*2>VO#v`xv
z1c4#Ops|zDY<kvvTtal;#`Y9JsXfbG1I#A4fkC^C+I4oD&GxS~^m<)Z0QJOjUfySR
zb_3bS&`B@V5iTB2P$iUkdwX1Wi@)e4!LTs?XT7Ux15jIZ(Z<Kk7xZDp2dDR@+QNB)
zCNC~zd3K#Z-5IICG`z1IzCYhE(MFZ?(BvIZEw_^e02lJ~svc6H)xuUb?(!1DRWOSg
z<8I>eASHn=re`@1SKC$3s%#f;=`|#*y3S0$;WM9z<6Y4;1MTQNpGdn;ETr8o%NThL
zH^z$k-Fb@)0J--yzVv-uOdAUjIt~-S2X(~Rk9>r2p)91ZsIEpJ=mAGn#7>u~0^V|B
z=#`@5Tkt1u`J+lh-Z!6(X+X(-QXma9AT;wXC-QGm&jEp(px4k1z_;ZO|5yy+KiVhA
zAG{eBQ>1R4Z{Jw41O+`mtIm%*K;`Da?xv2;(hu?Dc1=8|1($1S8BLN5iPr(R!F>KQ
z+zSW@D$QT!cOJddBfD-GIu#*1|JI2GDI$b#Jk8;;{dCy6cCmmRh~M=`<;g!uUsCTR
zIZ?{2v6`si?Mgpv*U4gBzX30s1)_cTtAS$0q7Z;44G^A4c~Li?%XAu!9DjPS!P5?y
zQI>MG76yS)Ef_%mx70vQX*+f6v;rbbm}Ef_;;H^v7^qhaogX8#oTT!ubM!mS#{53d
zQoaSU8Kjt?=knDx{XNB-Xsw~cIVdq{+hCqr46XORg4gy}T#LmbsfX&U>4_FV=)0)7
zML_*S5XA}FOF%S1{1Yx`l`FlRy4PegfjYElzNAOhF#{lAx$n;3HTd|QGqW^)T;*^l
z@qvVHfXH4hEWykjxIvBJh1&<0b}pq^jqcX6pHYDLaV_aUyaD$3!}TJgOT8Q>T~Etk
zRpH^nkGq4OaR+1ytXh0Z5t(;=hM_k{0{6=j6^N8jKnj_=#UwJtxYPK$?*Tagj1{@h
zP(2o!{$@4oX3Q!+;fssIOnHLI$;CKZwIX-ro&wKCozEbDQor@~viA`aXszC#C#}<b
zUwisk@#WVQosY(ujKl42QTb6%VO6e^{Z%6W@&FT)!bsG1iYK45pVsfokhGidBw0LM
ztPC%Og<%Bp3#s=(uWWd2iB>q%cfvKJez3}a+ytpu`RS>*2LOI%l|GN}x9^#Y(rn%V
zpu^X<l(L4<<T?%|U~U9_so8fc)>KuCPS3vk-Y~eu6n9(-{8HN~xECb&ON84XI(s_9
zY?pWtvH&3lz|&XMTK9%5fr^!YM%7dO+!tS)A6zzGb5f<)#$eN1CSD9wfG}ASpoSlf
z@sveRo;tH$X&plRA>8x_jW)9o_Ije5=baW*R8r7<;7N`-Ddo6hVl(W`Mcz)?R~s_T
zn|{nKS*!pl*q3iQ)=tx#bWr-<KxeEQc$`B!FtbtX1`U?9t2$TkvKfYg60f>}&@tbD
z+&G0gg;UZ0TA`T!x#0Wt<A673=vgDo+5v{PTmy{Ya?sc9-UGwhBLTf=tmaee2B44)
zX$mX@c@N%l>xvcq7iW0t^B%78hdbD=hlf$~!*bp^l^URsdatvItft@-_^Zpwboj>N
zEx6o(&fDD?G*B;>YAId|;LgbCknmGAj{IXaM{O^GI*?9bgWI$E0AXv&ue?&o2alFZ
z?NN5U=^?=XkjjcA@eLaRlMx;Jsxt+ct(QFYnnK;Smc|y>&d~Y*oud{rRoK&tu&o#`
z8O#VN4Yt$m!N2syj&CQp@k!fmzZrx1!c^_v{8Y<R`H^5ya0#QDfiA;wKy?CJ5m}#N
z^j`mV2ky^Es%1)1*-@M#&I`I@c3|qlh-XpL`y@{9{hQwodJIE{F&*%m-fj6iBb9o3
z-Ha9f22~)^g?nxQ1@9}dJ*5b3=|X^?ghS2-X7<S>xFoBHiVdgXYgEMtI5MA%bOb!J
zy0PS^y*N|Qtf3{`orogQYA^~`LPQT{HQoN&>Cux&Kl`eHzl`a%<K0e064twIl&X#t
zDt-=UAbkn^TuepK-X^l;7Bp@-=UoybHGh&3A+6^+ak@5*@fHTOY>J#wToRwd9fq}3
z0Ms^YeT>7Z+<77qXn>TA?8@~wjqNHtpf)D_#a<l?zZQd(ux=b=|0?A6{#oAQ)%<Ap
zbzY9lX*h37%Z*k|PqDnGHDJu(y2FU)8MLm)bDxd3^&(O4$9W4am+BXsg$fUSHj>)H
z>gnaZJpnb<c>UYw97eKS;8EVO^YDw1!nPr&XkUKOh?RTRcX?~m+Jt4Bp=-BGPH;n6
z)2?bE@FG+yicwWzEDyn#gSMu0MRHy0Simvc%bwG5D%4)ufnaQ+I*IQwiorg0mn^b<
z`(8_J7+<u=6C^aziq!)zP4~*e*|k{^o>j6Il>|T$sOr|Q$GE0nwP!dN)*dFa$zV?B
zQE9uad=xsmvj(l`<H(r?8##yY!fXa}qijD6Pmq0ew5kXCR&Oh`1Cd;A!aLI>{0fDo
z-{3aB<I4j1oT--s3=9DibQQ)_^hDJR36ucFtH!KNdPS;NhZ`-VfIAUKFKq#Jq;l2%
z7tb8ofTR*5C3(aOL$XKESes_OdKvlG0Lp-e0G5FQPJ<KHx^yeEy8i8y9B?Nfo8i0R
zmsbbpO8ClJ>AuC`VJwdr%`Rh%-ggmoD5o7EJ|Q!>O58SYaM@zB$>7rB3qYla7YP%t
zj^tO^6M;^0*;El8b3rfb6!?FQBeNi+e=>6Wpx=r<-|w8Xn2pP~)T1(5sXCC`W`PkG
zF~%V~Rq5^dp&^7<Kgn@bxq1VQHDAXbj?-$y`#%_*#J!J}8ISgR+J=R{m*Bw>_rEU}
zdB@(>eO0qeTqzIy04<<Cr^yFg8>(%n$O<p@zjmp21auBZg~)3h_*kM6|9)NQB5!pa
z#N?Lu%5r12xSc(wOJUi4S@E=HDA1~saf{n1BmUN>ne%T2)8VsVoI+gv$G*H=d0Bf`
ztLVBke>)<#kY6<R>yNRi=)P^F_grR7=IFw>ZJW9)xR1+uYX>)&Q>mVvT<{|ldRV)}
zBeLvFWBm@OvRIBmo7~`R4vQn*>Q+&O!skwhX|Ct2k^+}`b`vC`l$q%2lg20E1&af7
z%2W6*k&buH-M=;}K`#@lXjyR0G4x5J9Y<oXS}K;vXCXd)T3WGcL*nvX%eS0nqaPV7
zN`%Vwh5+>lpi1M+LiSy*h5sV=mD#f->u=x@%)z4a+Us1`^7B+!ID(kt9zd;FQL+PG
zuL>-?DWxWrWcm2C2G|jtEX-qTi^<lMj}kSnfe?@_;t0Hqk?^PX@@U3udGR}z_^8<s
z$HUugcPChI$k5-4o+j_Xn991{>iiar)wtDmW}St44sE~q;9fDd&Edb(p^5uT3&0u>
zHh$6|t5nKZ(al2q`}1>TMB=Fnh(c?j>dkl{JXWB9j;nCA7#xw|9yU_K&^Z_4kPiva
z8$j770oEENXb!wOZN~C9LDHE+X_b+M>CRgS4qVq-=CPV=%pMCHm!K2B{2-R9YK_-A
z&ItW8HGlQq{G@G{Ut!Ofx15fy76Hobd<bJTCqUr$hNvC;c>yd!=CW<1u<fKc`q~v^
z5A%GrdJCWT1{bW&0g!w0EQOFk)fht9i)7tv_G?nLY~tNXohkLTeyhFB#n3!-+2Ysf
zjtCsPYgJ3ij`gOF8@W>1;3|*h3fYPVw7|FxfBp^;Txz4yf#@1SjG~t@U^Q9liX2Vn
z$p>f|LWokH2l{Fi=v6F<bo$>|1Nv%K>3b^!br>>7p15<Af_lsbhX1FaZDE!0;#zQY
ztW~^pbvi0=5jbghoetBc<;s{v9CwIz^#~q{R5TSZYL84w6%DmZ`ZpPVZ~`Chy?8Ij
z-M9w3$}+`_YpvIPk;Tz$fBUQ=06%b|a*%pDonDVJ*jom<fxj)hsEER^X$ho#T04>A
zvvbFM)OhFg7L5c|WoR1Ib70;2K&N_iZA4aoNqB&V`JHwz6<enad)r`TF?0tMm`)Kt
z$2Si4@jhPRpC14~ly^qNp3MB(`@i*FW<oFsYLQQOu$Vqf`|}y5Pz)lnKx(Hd+vZ`V
zvfgTci!c3h%h6=Layeg|Y0&SQ*n2H}Vxx2To;kATM-mq|EOM6hu$*MRz04h*Jea3K
zp8w&T^drb^?xDx0((~QlLxS5f3sgJ?Rn(-w3+F4EWGZ~u1#!ShCX|OLaFw=GOOXZ8
z5h={n>pXdQY59_TLk`-kKH7|cX+fH8(TZ(nWxzrHt(a}tQxNsSK(WpcVPpkTKxRNg
zgT~hunv!aicUdB}Vbm<bmcs3-(3wQDM{|~QPapLMyk=6Pym|x_0ZqH!UIl6`Or@Qd
zvt$!*0<Ip3`iHGWWLxV>ME7!?9bUg02R@3=6$D(vdl%o;A6z<E58;qyE4xqtBUM9w
z%#j!R@{HTb%Aq{?OnznX5l~5@lW$l88lI&9{F8NSm>6M|o^3_TRiF19%)jfk;P<aS
zN_z_1=vpc5x^A!S8H{hdxbZLD*?UhxBefaZztRxKf9G%a9cn1^6GWgsi*<wF{aL*~
zrF`g1yH5~*0P=Gq7V`>bX96Z;b&_i!dr(gDKI8-1OI}i^8v%LY9GBkiqES==L(<UI
zsBmZ8AZth+ap6y{S`I|4%dMS1cH<Q&ZIRz%y%o(NE8JYz;W2C+qZu<=oE^|&4ORyA
z`T<R}j`P@~prD}Xy!*i!Z5o1#J2+z<4^q$ZbYS9^vcvCUQ_#vS^U8X$M`Q7CYsB>7
zfYc`vT)DFEVt!Md_6k}yFK=pc(x6|pdBLq7B!+Q1(&|$Nl=sPaXd4f-VTq#ary5JS
zmQhU6oo8FGaVDpjr9SVi^qw)NZ&$$cU;P=`cBvN}?avCEEY4^xa5+<(3J-(ZYfSh{
z4^VOVK(U7g-)26qX5Kxg%C3nl=iZvk<gN{*ag$%FO3#n+1qn1o@S!5l9?8v+7*Hgp
zoCtr-q*dtYI2i7t&O_6i$v5M7nJ4?5za<$An+M%KL5U;GiaB15kOVtHd*5~{gr}T;
z=_337@#XZZ&f@w*5433zwJ|Vx3ofeR83LO7k#xU_t`7mf>%Lz5YAPL#pj$|V5e8KW
zyi$MpTXrO%&X1^{bE=%J$3KfnZg$4&-L>xHuy;<wRSDFXDlxP`h-=vAekWwLy(!QZ
zRK7}ZpEvS}F4|0IZwDNLGFFq+Cytja%_wGg@p9$I^#iFxR`(c(Ez7!b;4SLH6fpYp
zF}iL!8bvh~g6oVkTo<5#w@C^~*9kTdPO`26jEslr5=aelWSL1lB#?G|T$jcKZtb;H
zZ910Sy2@9_Y(}v|RRv1~2<3@<w7Z^Wm*~1*`MJbXJj;7a@sOvXher#EXGb5k9JK|e
zl`pqUiMU@}<Ubp=nTUV&ezZLFd1QqstS>j21-(W$qRcq*B>Z`K_F<;y=WC28;pFND
z#Hf9xeeWt&?*;{%bC2L`SC{iRhv|~Qn&8AT@2L@~ZH!i*`FP!I7mL$~_TIaAZhX<y
zbL8^~y@{Kt-VYBfr5)ql?+*7R64rX(8~>cXtOQI~dcH_3@WN-dg1YM}L2X_mXBI>6
zoH)@t{obbof5+$4ncVa+p^;INa#7c=w-1zCf-b3Kl{l?V-!gIck-;}^v|8q=2P1ID
zWUGa|y?Bi&?LQUI?bfo`U+xvW1e+<D#Qo<zH!V)r?)XU?e>`74DeDqUrJ@<F4#eEa
zgX(_C!b9y&Dm*g6aesx<^K`Vg@}W?Iv8or}J5R~293&a^HOq0dYQ;oP6~dS5q1)(H
zU(Ggl(z9l*!kpSHpQ&=#gfbl`;KsGc2B#;V(=yG0*W;^D*Sfj&8AQSu-l6Smh`@Db
z?d`ZL0xrcKgZP!uk&TVhE6co>1zcWff;_f~k4JA55}EoXAbyG3dGxbUHK?Ro`S9Jo
zx|d#2ioeGswgk!)l+N(d#?nzdl;GwY|GclD42pzg+Okl~Nd^w7mN)lZD1D!4ou`Tz
zs*E)hF1>CXJ&Cg^0%R%jssZUmfXhI<%Usp^d>ZXT-JYQyO8mORgS{Kom&uu=GAg!W
zp#76K{Iz#~ZeZ-JQ2Ll|xU7Twd7D#$?&AidO+{LjJyp&aCA+8YBZm>PGsSzjMx`vi
znT>b#&VBH_xL<yL^(~)$^or(Rox{l8O|J2C*KHQMy+8$kBG@c}Kr@vY-X_blt>^`~
zCWD|9W!Ye&2$?z~{IBhl-*Pw@i{=Xf+8?462rz^qz0z=7UGQLCi74t{St!))q)4IP
z%t<9}Of#O`{CG<r()rv|CZQm{*1q~6<Z|i-f$ww?8(>nMNo0(oZ0_agN`@qtv}#W4
zQQm@tSpBemmQU~a!^NR_RuHNr&rOQOKDUx_t?D#rkD$n4p^lcm_ZtwlNiUy3YI$yd
z#aD_xxC#%oTLOZt@*vU5@KBK_8p5B!6pxv-i^BAJQTIq;?S_Z@-O&xj;^RQZD3t%{
z$BV^;45Y7z$OkFToWGJECb0U@eiy)h<>h)kHS3GEYQ{i~KeP)F+m$XcD&Izw*l=!!
zOSFINA59Skg;`q1qXWXrdG>rUQn5^kI@q;2j+P;`ThsHG5<a-bUoDF2bGHHxG_(R)
z6_dSob0n{b3qNG=OXL|jFBR7k9Fr|ZC@4<tzF<2Kkmh$JSA4~5ovgaO5N~1<xnmCJ
zvO;|oA!2Z#;hL+a=lMvh{xAh?pYKHMUFbS@3IRkhH4ge(9#X}<l7%|VzJ_!i`s|m)
z+)XlE@MisRt1=;G$O1_xsQn&H;T<#D0PYAKBdx1s0pHKPaQ7SCBH7WmDs~DUoC5i!
zp^^x5FbVONJLni>Eq=En*yJtJYxKE0mk}|EGF5`mlN4Fm;Cz2Q9t!3Y4J}4?uFVEU
z#NT01@~$+#uv-n7eB(ecdjN7^_t1Zl>1_e!_tBs>95c4o<2>`{hhnaacy`pB<X*A_
z#u@%mKqKBhwcY(EV(Kvy1JR(kL@}<)p?;u>8n~11;Ga{6HF;V?<r}>`2Q#I+CLI9H
zueFBEtPg7&oKGt~wI+}Qhnlf(Sl<tFk>);)jbn7E`g+E(XL$Clba8aRVEN*;E98$=
z&fjMdt?|_8ZegZPlkc&MA1VGy3nm=<INdmWJnD;#JtH+SUcdLm_|T_E`s_ri1Arzs
ztaz}ml#`4|y#{11Ij#KhgvT$<CeSKm{NXZfK-lXAlQl|cVNt+#5@(I;g%{n<T|*vM
zo1tP6!Szpm=1Zg1XFJ9+9t{eQl`9b8qky8hdCPX{S$3peN^u*(dHEp8hYVUZYY)kt
zj_y$mZPkMOh?mp7s(H{Um;7PZ`Q2u)dj~+#C%>&AUZvU&b-mUlq~Wj1@1_a1S$sTR
z`z~CD5>MSBw6-6K=V#*GuQ+e7h!&i3xvpNjNmu~{6wu^sUWzQ5oZ)&E$aWj#-lJvJ
z)P<}>MM2=9PpCuhw3(P8PMeLjFKl2oPzaqLkPGyXi9S5nC^N||F*Ibm*unQ7H_)7#
zQ_aaBRiMnJCRe!{A5;|ZUu_*X4YTWp#fF`54?ywHA`iZ&&9%I}LeiDSPd2E(NN}2U
z)In6iS6-QOtctMJwq^}e_E7<9HX-*{K^d8fKSwy#Xj@ZjTXgQpvM^Pne*Xz(eB5t>
za>PQ~JE`-~j{4QC&YSc7v#N$Wfo$?rLZIKbX^dzCz;bv{(%74&z>^?n^}Z9tUnS{3
zm_ivdQfvvz0Tv;pm+-Ii=WCQnu=J_c$vU?VyGYR#D_Tu7`0e1g7|iy>U%F%$PVN4>
zMK*cva$#Qy&m8fCfsoph&P#geN?IdET2~%K;aF<duxpIYMQi_f$GYO%-iN_wXHmiA
z)eGD}UNtw4^VW{>3ym@w4zlW}rWbnu>iLUc4UiGD0r^+40u1E!8qUFEQnS`NeSZLO
z)`=QtLHR=&j5H3o;<Qz~&BynUA>MP`%j<^D+k;capyZc14+L(xT0DV_+k7h}zw~D_
zLpCe=*g-%!<+2*-S};AwhKKi5?ELZ>K#i>RavF)Zhl&oHM1n$V8Z)iS>)A60*JSkd
zQ*GVZDw`Jt1%w82?Bj+B$LF%fG3H={m{_9U+)>u96Y|#O^DzY$5!zLK$U5vg;*sG=
zYzl4yiduBx)m8&qHj?$Ze*R2n0)And<Bi7TJ>b9h@OyMp{$OUK1S>1t9YRieg)QjI
zBLY-GDxxIp=dmXu^2xr*e$8tD6-*`4sxBi82Eq=~xGxl@sJnt*mkgB=g_fP}yJX$o
z0c!ZiVlurN2eVPe>I~EcB{KCuQ6Jn+i`j<H*`{v~{wjQ`aLB5eb1oAdbcyNB=Avxd
zU76~>sMz^BrCWG0UB%h?3R8GfP6uVZs<EaFDkCX9{+}^Dz%=l`xwuSbWY_iDWGLVE
z7r#rJ1{ke*ndB~I*-wa+CxTy}lXU4K<Y^i~!&7qn(gOPdw0>e8%B&k!FXUZqX9tV6
z>arcT@!smMT=1~tD^y6Ac)8W0Jv~+bPd6vuhm)p>dx-!=abGi4TYXTO(n3=i65~Ml
z*!AbP$_Jel=Xy<Sq!7bqcN<L0glL@1iS)g}B*L2sD)$ExCAHRLcL%c`p`X|1H{U8*
zN6l9*9%Qk3euVt1oB!&b5YY>BYRp)qR7+A!zlqTErQ<K0$VIGAWxV3Ja}C!J$j!XD
z@k&nW13*IP9)KHR9$+|BF;v(SXPs9-cY{$QJ2Qh56V7?w`XGMi-%!@okbBDLl=w?9
zrBMIU;oHGvFjsi3I#zEH{6)N2%>ACDirME7@WWEk_ZlFlzqW3t2GXd4W@PXw?OLaT
znhm(nJc#3ilBYhHob*DD+w69~`TpXUs`anpB}l=g!hZg>eq~e>;|e|i@lu^8JWkR}
ziC>ssqqn=S)6o9mEs&r$Iy)V#_<gmLG6(QBTE89u(v~?G$~d1HL-w(Eh3@sU3Fub5
zkir$Of1+tHIy`T#5)IycGD!n)?*&!>_pZ$z+N1cZ44{XH*)6ZX?bhkjQ7Ra<+f+dG
zgK9!8H9GK#<jws3{qb3g0H38OMaBzII0ga1;1o<yxNHTv>D52WpaKv2*K0nO23vGD
z8>HG~a%xfd_!X?fy!EQ(^5cE(=TJYN)Q9B-W@SZ)es1IMV*WpY^LW9SCF8mvJgS^i
zrCwWCsD0mRU;>LC%m0n)eHDn47T1mk%kCuSyZp}+{i_FsIo<cvk1e@hSwvq&=?7R|
z^*30)T?`wi8~@t#<K6k^2Ri1H3I%>6_$XLBDJ+}*5={SZWB`Hdn5$o2;^$WW%?AGQ
zYnrb8Sgh(mJ9U<0knv+CI?T_1`oo`xY|4*kAHD3fSipkEF5`L~W96%`zeqf|#^bf$
zzmMAAmgf0=x?D$jNF;Gka28`#-FSBRKPTI2W6iVamwEob-l?iiwpgB3DF7c;eC7AN
zB%zBK8)r^u)ti1S^Q#5;E0zAc-_Zwujd}p^HS%aNOZ$7=R~>d~AOGRfWLu@m#31x5
zSdXXU2>gi3{_y7kRGw$vn<MC5o-a(L>#!r6eoOws-=L<`S20(CFZ=xJ{R{t!F8=;r
zL}WhMaFHo|RGL|CO0l_2YL{SS^WO#v?MTw)z6|*k@`oE`>nf<E1yKV9bM@|Hv!QFm
zdg0t(=lbsr{r~gXrx;JX;sQRn<_?Ogp5)rP7CcVOXOhG$)NfkD|4$oMhxDd&qKo5>
zLFM-jNichD^rw40E>>MSE;fv_luD)gd+bxY9OgVeH~GW!7zEt7Sapj0UQHHwn31=?
z5bpQJv4(f=4<AOE6m}LgqVnuQ;~rR@`}=e^x<;(;4En=0W(2dN{OwSTno(2)%8<an
zq0(1hVO=1_AG*L|`G5%YWLgd|o}j{{!`A=NdRW{cVzC&cY4P8NnbBa^2=b?Eq^;Wv
ziL++LjQh&}J>2b88`c;1{mmCgUN{NlaurRJT%$(-&vOuyM~=Ip3;M3|W?l!u!kv>;
z3{vMD>*(0S)4!YmF&Npyl=3izOqC^;VgmW=7l#Zm=31kXD)5LYGS7|>#gg?vp6KUQ
z0lAO;dueZ28v$@87fcY%+KyrpRt8!HNqk_2hTk9n5HT3sXu;fUyWkFu=!uCYnVYAM
z+}}VW)POK;(Jlxb20%3J3ya<{qI=cb)xUx8@RsG^bk3<Km52x5rWcNAyK)m?RaC5y
zx<y_95UAJ*(K{^+VyuA^xKwW|+%U5hz>KMn6QMv(L>pvBtQMNp`XIfVKiG<CM`Ua#
z*!L*ZF4e^IHQG*jn**Ug$*qjLpHoCm=>(oyUq%Ye7j1aw6gBQ>vS^fwgAyI{;Nr|E
zXf(Y8+3lBd1gZ&S{y6}<8s=e4b^AmZ$%#{rugBo9eIRY2rjkpV3s6nc2VgeKJf)!Q
zm;3L4Xn1u>tJXuhBfRH#wg`L`B|{YS2kNg+U+`sH1J2;7TuKH)<UYHt>mvf=t4$!@
z_~Fp$Oflz8{L>rOBhV661Opy8T6$wSv_dI3TB-EFTh99uu#%R%nFP|C_XIZvA|z*}
zJ6}3%T#z~pq@_v!zR5|}S6H_ilu~LeM1eQWvF32VHIdwZu3N{P&Hu9rq2PKkBLwn-
zqZ(bvKM3%37msLWK7d&`8ErKuEA*SsICioKHZ$iA%zA<<e-1|vFTI5zMgngzqeEq7
z?*e~*%@uA-_5Ip-KTuWX(r?<%(Aok+<OfR(-)$4%Rec2*3MD||6zQwqe3>40SE}O4
zXGMMeA&SGpJsU2d-XQ4hqF$iaIPR)3OwcGvUO)l>Ch6wGrT&fqfg%@Q*d^eV(q!H$
zDhS;%dzY9M$8DC2&!{GAezWfODhMvKff$0fB*Mi2eY2RWi@xdY-suko*ITo1&+A^a
z3tUk?^Vvkdy+uIsu{520A38<R^qoI@PxB(zmOPm#CW8F2$fekG<{Ra(qkBmOAkP}z
zfONn3f+G35JZJe!9i}J~`4Hb8hUD0H=%QgVGpRlMD-N{77gq_=yFqAXru!G8UPIk3
zAhr*Hg;O_Bq2{xTEKxrInc@JD!P7QCMYsCaILxKZBWzx&tQV8QFrxeBV>O{8ph`qy
z)SmUDzVRuwIYip=ItVG#eM7$4fP&DA*^NGFf^|=^sR`6GeB-OcR#YfnVyo_SCQl0k
zFEF<#8)@CBqcY^R_O{si;BJM^&Z07?u}p;m#HI|F)56fUGY!a~ZinL;E|KF@zPX&<
zl<h9rPTd+oAs+94m3-~G4~x$|$s#|g#1>IklNAS*9J@<3b!4}Hugxg-(zqDyuro)h
z0&MKDZwuu#|6+L!K0zN|rj9~X;dqwa36JSAJC45uQjK2!I;>)I5Mt9Ss_`FI9e@hE
zG6v)I68<XKaLLvgJ@P0~w<t;Sw*Dl}##rS<mdrWSJ{Z+LiLfL<U7{_NmlHU2*^l%5
zi@-pEEc^-=O#KvW1E_Q41+z7Lg!tGl0r$WY^QGo)yl6EL_@4(0e`l-c|6}j1qoVBo
zzELGaK}DrO0R?1eC8ZSvMH(sT8jvn&7!(1OmhKMej)8$ukS^)&lJ245?BTxkzTfAZ
zvmW2)_s?1DynnbBDznx#*WUZPzwwFFC8phivZpWr7H@Ol2iVaQm2Z470GgkVc75Dc
z(n#sjG~jrZWPCu=C2km$*==xO?4@~)^Z_+24(A*Ama&&>?x)c==6W4$OznLUz0Uic
z^QxAaM>na(-opkRGml-HD0ZkH38rH)q<v&QG=5x#k9LfF{-$o*iN`cCij+uvtgE;#
zoZl~l{tGvrDEGVshCBge(M~Rtjj#o}gPhi@{$TSYDJpxCoF&xj2B?<)O0(bPpabSd
z9Xd@IpIBIveq&jc3}dJ{dvoJK&Zt!0YPj|Ngec40&c*Pq;@XI0&cIxa+qM(JK<FxI
z33$EVx_bN3<7xmy%)2#$J6FG6opCriOwXX%9$ng-_~gAGoetwb*G!}A1K<4T`|%z6
zpjSOC=EOEr3tr!=?%LskKxNi^4LEz!G4MdhMr+W;zL!*o6c>Ae)~Qx2zv>;pxt>>E
zIT$Tp&t=dwG-~x704FDzt^i;&Oh}Fh`T(9N8wM;c`rx+oy8xL%dzlN!Hee4NT()Y&
zFF(FYdjUgzS)g`(G@sLUTYazla5i+Fn<=-A!C~<(`c#UDGlv=x8hhF3D%p~=eU(pQ
z_WY-4FrY(c-dK3q$C9jY#kibY-@X2Dj7aK}{hq+31E=j?fH6$pldBmfv|LYO-Ws%K
zbw38})K=9yCskA0XwRa^YR^@~?EbVQt30{^d~n#(nvb<6K4Mv|`^s)9Gb78S52ZrH
zq}=N}w%iLqbH<}B9Z?+gtJCEW9<YlX`fA+x`%;Zx+CBBB=>=V+R2XQ=?gBHH?BwJ{
z3B2tKUBwG5CIe&kO2Q`_DdhGJTQyNZ3&(hRN18RjAld|Y40>?ft$93QyOdel2LLR0
zv}fytA^;4eif=ooxUHHExf2}C?_eQP*?lM$sXwtqVYy<a(VBe1xLkc~wFXSlm4T;$
z3cw`EH!wPz+Zy<kZxrr1(v7KX<lNPf-vu>xrbNhnI+lWHiX4383DK*$tyncNCgELi
zA-kpCuA{nmW9FL<!^ZR>TqvpU(_0?c+kHUZREH$OYK7ihL_BRrGSA!|3>!0N0)&O2
z=E##n3NF3bkD&vx^wn04r<O;mtRdM-x#^9iasFY;MRTpOVqf~SbCpw`(KC@&qj*#g
z*5G?uO9NcUtj(E5Cs;=aR{JIvVe%b*d&RzNs=UUXiQZ#uyxx^Y%GSu%cAh=X&MOv6
z1MBv?K;aXL&}OZahm5o=ouj<`=mhm3UJhO1UyF@8l?h7iIBUUG8l#j1)HSPON=D3z
z{XOj7>{*OSsU4*h6vzo~e0@LP8(i<Jv@TS=+R6}!bCvW<fY9M<+f^`*<7hF+z+i;d
zDmZp8uh&ZR*mZRd3oY$Uz*K-b;;>&nU^;Yfe>MTZ*ltPPd`if6UaIuX;t@k87MDzF
zn?PN2;=H?7<HzC-lP^nsfle5aM>{>v9qP()R<)az`Bcd|L}vhv{iS>yCP_p>1pVSw
zK2eewnc~k@y~ED2{+(mLd_3bAAOIDZl$ljtrb|gMIE3o!gUWtK8Bfzs1COL8{SrQ9
zEbUBMgjSYXX=Q(``;^zh?!K*Tw_w_V=fHx-k{`F_XhosL_6tKw>_B`{0-#p*lFMm}
zb{Ea($dxEeC~0bIEuJ@W#WkV)j8$9z36NB>F?TdhGN{}YK#~G4i_K2~G7!&74Vv|~
z*%f=z+uJ5u`4^qq0dg*Nfh{Fu5NFpxEzcH7U4i{j{9x7cb-KnfrROMQKvMe|U;d2g
z4Rh};vgbOc)HnM1UUS=9<3Us8Kss-RaE$w%reL49;9ii<?ftYae)Zk^-q7`e7tX*V
zX;)<A%KV!k+_`toh5KKmed~dII+t&}{g4ea-ta!GQ?QPMF^<-MWYDr2tzy!b`O+wb
zSwd+Z*mL?T=$stxN<@gkKe^o(2KH-qEesDGl2HEW#81Cu`3JaR$A!#^*QXlrd@APK
z^;=*^-oC7rO)Kv|*=7>rJPH)<T^`6!D6qWKp}#KK<S%B7#VnrUwsrTiEhJDSM>Q!x
zHpvQe8;8nOu07#QuZ8i**cP%8qtQpZR@3+DYcv<~3z*Lg2-tR*?yr?2U&O;%yQ$+6
zoN3%LWa4^(i3O3vO)uMy4Un0UI#hIQ!@Bvl8FMFW&5JvnHG(5VV(q+x7b}<bd{G^y
zD2Mz}z=*i0l=gy%KijX-%FTyFU}Z7`dEnHMwEu=8vEY50W#wCvLXfSs>_h!_bJa9M
zP;@k-mwj~*H$1Jf%h<is3SusJDS!cAd#;=}FH20)C?&srtUM`tDqy!h&e9ymOjrSi
zQwAbx2Pf?YNoGvNQ!UN_PRAg|%E$;T0Qn;$a${FlrF5A3K^v07u4>%DZg(j^wtTMM
zK^TcA*PYUt%qFra4=|Fn_ba$9Mk_+uX0RX1&=UQeetKhDSXlq*_B@N9-u2{ZI=%|E
z2E3acZx7bNMKLd6UgL6y>b(xg#r+k5$88(&rA$wCAfZS8a9S(nbxHma8O7(ogw4&j
znAacJ%FMn$7yxC5cb%t>iyB%NsCQ$kjvy~$o(&dn+e@+PZ{Ju(l!<Xl`Bjn*Eo0dY
z6*m4HHDJ`<xlj0A;NBI_R)Y696S}9DJUnVdyl^+ose^8_3B|(>7q85SWm$_L?Dr4&
zug%TzfmAzY;$e%WyJ+=Io7^gGxP1CRO+blO;{f&W)j5vy{<5E)9M32>Q)mV`9<*35
zYe3pKX~mmz{kI$MgY$~!G_mzV+NGQ?PovQ2XA``U{N4cPsXd+Q0kY8^iOUK}SDD(u
zksLR;wj8By0T=W6)ToLe=Q4RS>dYOs#R;<wz=17agBp}ujLrD+7bJQ>x6r;5#CE!i
zUKi$=Q69FJ4(bT-cIBpPJ<R*EI{ob0p5RcWGMZ_Bqm@Vlw}srrdd$!eAU4Ydb=@0t
z5JxGR#|Pp<70JWzsQx?v1Ccjpj2YL3kF8QxzH&hx@Yy5oN^H(#w0}MW6J|1PPY>vt
zigUg^v+_3)wRj|YysQ$`5pm-frP3=YlIP0_Tk>cBeA=&m)Nn*Wc<89iy;OrtDC;fT
zlR?W3mQ2qW-|SNvcD(Oo6=WI%a42?$vMyCi8{F@Vg!&@&CO+s3n|s5w<m7I2-s*2I
zI28TLv2YdeRurz?e)Iq~Z0R0SNJKWx`{5qRj4j+|gdFcFMCGP};6kyXV0eL}nT6E$
z#pNm3u+JmSf|09xI<e~@xp|RK5c~l+Tb-Sr_<30<nNRtXe4K2brdWk1JBnL(9O>{_
zxO%}3zQ7qS<)ygn{A3j~^s`lhh)RH@vpM_&#Ncq}-nL8B5;lhVM}QK~-0t9?h^>7z
z2vQkb_67Zoqbh1#3SCU>CL^^dRb{4U_<TPT_bth_TmfhDx<tIraR7mWMPA{=LBhnt
zT4jj7-&cVZ{naRg+*8dwRcqms7{oz+@FxO#a?6MIcTW5QVNrF?Yp9VU2C~KnHM&x4
zpe~4#Y>E}^8|~>F{CJ4ND>N)HSD}qOT>|hmF6|HaNcHM{y(N;P+0*V@M{XTcmk_cE
z>NDmwhVA6LrSVK_>Dsg&Mzm4F$yAfjyCWg*6G|qR7hY|12m#u`{vt)PoH*rvb!{u3
z9H$RE6`R>t#$(#mKD=!Tzq<okBaBnn97y+!Psb>M+ID4yCsx}W=<u#!`5oRr7B~v&
zl+}Lb{J+Ha9lkH>hM@h9Ziu(DNxw{538!BF-Om1zhwaWmXg{9%fZ3S#NrbT3;Mfun
z-R9`~8nX&u_kk*z7GpiT)8FU47O06@RIdX3C*nZ=wr@kOx^_gtWsJLd@boYbJSNXK
z{l4?b;LGoNGx1bxh`z<%tlqP*Z^sdPM0||uv(Qd@`c=zX^=-lXlMnR7Z*hK}u!Azv
z#a7avoXanbobd7GKmqoKio0CeJ0B*zd@c^(lGgYHF!fap$x?)oK$lLlsv*q%AWIII
z*aX^9j1fD${NToCiCjfh>~4Uw8)uNVlF>eeySn4ND@9PthvN&o^<%tzu}HW2!vnLy
z2QwIId5s-n+p)=JAcs0ct@8godD&T?WL>@F>V$=trWz?4xi@NiWi9d~m5Xe?`B@&G
zX=aw7U5jE5atspsel~s?W(7Nn5iFbb`g{@d(svT)&735p?oHBf2eCMr58mBM0tk0&
zy02T%R>i;=msFGJecq#2Uwwu4uUTJ$T%&^R-`x!!5BO?cu{VBG{M*MP@GrW%`!lv0
zbh}w{c>rL7dTy02awpz#`pV02b+4jO28>hS4?4eRyE1r|360hj!bT$T%4*SOuV-zP
zLwe2r6D3;J&e<T9>Y<iQBbBaakFdU{<jk{h+;Mgsa8t&MJ!i?hwWA}>lJkVb?qDgK
zO=+aeoFI#6cK@TFt*!-=W)f$Ox~0p#_*=34b^y%NH}l=2Vg=S9Zg6XMpOnO;=OW>p
z+tIk;{F4nr+j=7Zxbo29by&jocW!s>Yh>)Sr+W&yYR{rcJVDTNsKZgukc#2v>S&Qw
zGnig@g=gd1Vn=xsXL1UFC>*;|O$S&TVsNx-f&AmKv_tXfokmF+K(T$OZjyM}Y-|Tu
zm^MgmA2~!D%sQ-*5b~7khfbW{-xXgeUu&w%9jzEZZ*1fY)7In5S?zl8%@C|D-^V|e
z6D<~L*OIPA3=E3{$#09zO`%^k*hMhnx<|9~o|Wo_=1LNtm!3;?L_UNoO@MjBb83tH
zV8luPEI;!l51YqiW%cC%Y~hNYtBm`(dmnGo?7%8;$g&?o>U8alaYpPWQY8YHu;YzU
zbDqKiFZ))(j8$onjYKzZypA+)g?3-_%Z)uX$Lty)cq-9vVP7?yEked7Gl<uuV_GH2
z#LB7+FmWWa_fb9b($SoK{i4{053`=Hx9$VG6582ocv?eDw_UVEo%C>!Cw(1E17hT0
zhr&^MCZESiZu?y0*Abp`<6for7o=WwyKs_P+6q~1gqOX_I-D;mAg0~Z06y<19v6Ab
zM3{Wz;^~kwF>iwHivMLc0t*Z+pb|R~g~9B*yqJq!GvK4dgRA4RB3471GF5s3Z-i8M
zQu^ZEu;5mW=bP^$J`^<JEx%FC({!^dCUi&>qHEC%1(_>JDx%rmiG{cYWmyhkuVxHQ
zlXJ9tOEICCXEPVyO?-5sSwO_y5kd2{Ryh_pq6ieHiExX<{RoD(THcJUEyK_EB6oyh
z{H4SV*zD&s21M@%*Z^pVcxGYo3f-I0h-}^W77W=ex`%KZycqAUb1~rU$&XEuWGo5a
zb$EdPbAp}yj{-Lz;E=K#ymrmTf_zK5+8Hsq$NNls6b&H(4KrvN{^tmBPke+FmziVP
z0i%9_#&!s?)4o%`$L$20xM$B#s=p`8HB5}CaKT#)tN}na>eLdsqT_N(%4?JA3~+ce
z^#>>X((GIOdw4!EBk0^B#F+-A?l3#0Y%#i=kxx@Su}S1ajn!vZIJz%^aUe$h(@w7Z
z&C|aj4RWM=S4Hrk<ycNszhG;R#~IK_SYzfdHT`*<BPGUhy|p0y%Vw?SOdq`3EkcH^
zE8Eu*r|)8vw=bt|Za-pHdIc{7Kn2Mi1`2FE_zS7uPdK;2f~>qQsRVaiD0fr+{!F!E
zgUcK{_U9$V(~a-Rlc2tsmdcY6u8y}4B%hfoxxH5<_t3c8pja+i2Ch@?1YFGl8uDiZ
zp^Q{ku^Yw<dsW#CT&*4>{Qx(lTFGl;AF0y4k_m2EB@*5b5jY#SE{bFoouE`0aIDdp
z!}2wiDpg0(w=ueq-i3CT4%bf96uo&FVoYmqcp?ayP*Ua!FN=y(4zPWtiWlsX=c^CG
z<HUl7qu9;5mlsD_@9DUDkC-~XeEgP3Sj+k5Is{)}<L%J)phnw<?)tN1kMXn3co%P@
z3jWPt6|bV>25O#)T(2Xwa$KnD=eklzsI%8_t_G;#Kyn@Cr{j1tL-YgclgOow_I2AO
z9=A$HgCorwUe{3dHGo$VTxR@eF7%~e82gqxXb+Uo`_(M^_#|{fV>ez}3U3P|^*wXt
zU;q`-3-JG>`N-SPCmJ1A+$@l0WFQtE+v;iw=z9;{!bYY!Ms<+^+f++L+a$VwRnm7j
zzlv4XTi7+uPZ<krdK)}RT4U{Y4##BOcSE>i5JU0XQ5;55ByruPyoh^o?l7~M3#0Ez
zuF&pF_zD~gm_7-Rg?G@To@x!Z=Ze7PXBx7+#slxX!<{3wMxL;QORf~BE>yz~`Dm}3
zxb6-QnA;27f9FbfBTNMDjpFl?)5y`(Qpro^UeY&D0n@CDUcaGpU+<h(XPQ6eeDSI}
zcPT@7e!A($eJd-urk3PaMCtY>cvy2C^HO=ZD#TllA_?@W)w;-S9ZqWTI+w*Z+F8@u
zuL%hQpR8_uZOP9=#8>)tK*?0V8`gp$e!Afa<skNmyQmDclJ=jJT31OD5UZ-Gr|cYL
zQxA=_Kd_JakR-P@RuwoD*v8u9bk(639K^Eil7lraH|}}B3jC~<Xs+M#Jgs+kWF9o+
zv&;C9-yzRHJ7S<h-J0;S!vMgKwyN0^c4kgEQ(1kzXn6K|$o+blM)5q!E~veu#SZBt
ziRo8j%&5%{H$wV58aoRIPQBSd@Po20dX-Yc7b+jkmm?3{I?UJT+^*JRXdv$)fPkQc
za(mhC)Js{x%tXZwLY)I1!#0{tH%d!*nvu-WO<x5T6}-9YJfn%^y_Pxx4u0fZ-N)W=
zB?$lWd%i^cPbBXZDFtJVZBEwqcy~j_JJ&rRW}xuSAm^$S$Q-t+y51`5iB`8*hfdHh
zQZ9Vb2#o>xwN3STgewzq@*WRy1y0s7SF`jRWvqEN<yye#n!52BVJx0)rb{LKaXNe^
z{1JDVv28U9cBA-<H`jj9U5B)|BRVdH0Q%z{6=CDM=?M!0>M=&Olk_ZGVLMu<{a4Pf
z(YsQJ5(=Ug5lh<@d%xh*U<=pbSbbDVaQvRniq;{Y2|@4vQfa;seGC8d#2tdm&UboQ
zZWhYL%X3N-5h`;vxBQqZRd+@FwgJCzUj3XTwnhjicAsn-F_F~CLH1Uhe6uvG$};1t
z3+P!n3bmCcYRaSQ<#ca6T`3<A9`|RK@p{m0a8$?9ldNN`0!eTfKge?4T_WrHCjAKI
zEKP(+?`#;&72yq&>agwL26`Feda_msfzK=k3Wm=%V-HuCzp$a?EV@%amHEkPx>u~a
zf}Z^JQSPwcacb%Irt?ZEGD$$#*xX6dS@#+gr(STN{vq-NoOcV`iSB@9Xn~LvU3SId
z_fjzWi9VrzITo=NtK!AJRi}!>WO_x5s0Hn?>@r5x$?;0p^lHWP>+Jh(GS%sOM^!gc
zYsDQam2OYM@^{0F5a$bKLD+Inzw*(S&6@`cwHizD7OX+WYZYn!{#Mv-b73mc5zE|W
z`_DRksbr39URByR%^?y_m*{gR&euopul0#)2{P?)vJ9GenYVrUbF*X>XmsvyH(E48
z7TFdXGTM0!g&7x}@|)r{i)KlxKi~hd*=MTlK*O_s_g%Nl`4u8y21b|CxX{$JR?~l9
z9~X#P^tsm?=U1+4o$hCY%)&!b#uGGCo>tAQnlW=F$&G`Yt8Xd4Mq!}5di+)B`uf%f
z{YqiyVuo%yL1vZ-XQooR+{<v+1NPNvhj>>m>oQ>h4i?-)C5UXiK)tFYU~mU!L0coM
zxYZwx#Oad)kn<}#r&xcux|dC!c|i5L_qD2#3bJQz139l!fX3zLf^`&tUnNc6zoRRu
z1X)nCd`Y&9N$hPkcRd>p1TR!p;R{+>=(3%EGHo(||57#(F5!U5Tt7|?6L?{}0yVSi
zA6WHBjAOmL24@ZM5-c-x?szC3%0x1fF*qNzv=2sjSZlmAO1vnz6cP{RX2ZO)=?3N|
zCi87%HqA;a&yrS{zXpmN07DoKwpr><&{zbsNUoMBx6C8T@9QE#xD*$ELSutU;0;;}
z?y$y>)BrMKdSixWtJw?QD>ydF)k8YvaGemuduvj*A>DX<{L79KpqO0z`dQ`f$MaRi
znE&h4&AWrJy`}E$G!14wv6(G3`SMAzem_=8=}zdz_CsTB4>{-r*NKLzckFs=*Y_D|
zUlip_M)^r3mfZNLhDIGoO3Eh1{tdM#!2WCG>%pph`t}fcb|h?$-75n+31IHmLyV;o
zwXUlQp_wVvZ;bNdUBMhoYn9FdX}$9|>N3miQMhfN+n#?wD?#tO31>;?70XX2<2Ki}
zKG16%b6Jc+7!Iz`$0o8ATXHPKS)TZckohzNQ0V=%`uKrC9J0G%HVQ2br|s=A+Hr}4
zPoqJ|UUp-WZA?;r+}7*!v2ebk#Qk}751gzs^|i=Ybs3ns@^t$gg<qO58ZLEhB+Q!|
z3%^ruyHq-!UP~ra@N5a2L?f|-FFPqqwJ;gJ4Omc0Xi))g#X?C~w_&?09wI4~q`&*_
zM(y86x6_stnvsok8|P&m8K~v!*r}RiCSdzA3Ud+0jxYmI?CkOJM5S)Zst(SMb#NdD
zhcE8kMQk=uIA?pGc9^v}45@FToez=QHUucY23X}~V0-NC48&mP6a>nMT7bNVAGu)V
z4pZp+eUJ^bgIq9;wThYB$VapX2LSssK_k{o#%pS8n6-7eFybIVAVX_G`w2s6oE?f?
z=pKG~3;8IMoh%Q@BY+AmHQgT68tQo1(mD7#!hgo>+p99SGvJJpbT<Aou>}CMCcS<Z
zHX1G>F}L*NjRy!Cp9m}r4UfJ`KN*u%o26N-{&m}%U4m2MWXhoq9ip37eibu25pQNf
zdRwJIJp)14Gb#pq-2<P;*Y|w{Zg`j!t6Ch>zB|5m16{524T?IYoYDhuggZM1OQ`;B
zka7OKnI=8X;qWX!x1hpfZ`^mr9cTQP{5U!|>lc#cC^_bJxqw#DO@94Rz+1<Tu(}Lz
zvg|I;DQ%kWHkc#<2K7=MzKVg=`dspav+!2aSxML&%uu^pIXAEQ6&C1JT`6RnU+UAQ
zo7H9VB4JidWYN$+qMl9%u*K|?y$NkJ{x8e8=e`8)6zIH=sf1QI43`+=uBEJ6fvl^3
zZxJ2P`@nCKAT@xHvfY5DC?P8MDPU;?h&!2Ye?JxEn5)e+CyHO9yMR2gvt<cIVOWL0
z(mNkyjDnR}Hjju}BrSS;-;?O@)%tj@din@K-ho6+P#5tj-2k_wQk({Hzd~Ah=iJ}>
zOS(asjV)jlz#L4DR?Et>qfw4gD1nF2me7)cYK_+edDWCI4!!z^YSqG9ClaqF#h8Zn
zD18P%{}<ffyw<HO)xCfoZc+o>J|s<k{<v$?Y_|d&58Ix;LYVY1g0^*I>al5mPFgko
zcP&D+Z%VsRrVW9XR;{Ge<v||jrXT}e{x=m*;%qy3=i{GIlBF1S#+wI7Za=$$#7i!?
zh=UmP_Ojxi^oj$*ET%HmAW=OmKLOWC%M5knr%>!iGWTt)c+R%@#XZyH!n5YUj+AC?
zqnC>OQth&miJr(;`#)WQ$}*5_LL)TuSlsn(yPbwPIzHYkj1aVH2i>QgCw_r|C0(?Z
zt%(K*zh&NTn0cEi<rDb*bk+PcBDZ~0WV&=f%jgAw$7U{#RjFv)0zKDH2}UeUn+yX^
zPjA2d@E*iT*qIDL;YkOWdCuGWZH-K%j(<GqzvEO9MzMFexcq$G!Bvd%@{`h6%sjB*
z$FQ5{>BXHtz_DR#p8o9GBO~c)nt;pUrQOS02M?3J4_LQA+a(ii{xn+kx=V!X^$%*>
z*j3DM#goJOoalm1eK5l51@~KqhgDQqo*C#V?LNq<*U@~3&7Yy9RGv513+xQGlc<4k
z2oAy1&%y%M-SD3uY(+m@d)bGd9UwY$X`|~IeYC#o^Pxwu=}(Pz<M>lQuvD88E#&NJ
zzN%eS*0-<N50>n;iy=;!G_l&8u3z$H6H*y5-K(Qdcw;ll#nCO7goui@>MU&^DS>Ng
zI!<}rPkFPZ2JN&O4SkWcQjWC9^Xl$jh6{pS%K{AmIukq3cDN9T3-#W2RwC#DCI+*w
zc%gl>71rIr(ft0s#t5@g*m<GEKUz%%CO6`#z)vd+xS<8TK<x7(PtaQ#cdp{b#oK5h
zDZ?i_1)}&$$g|B4wZ2cljHx4X8&ob|7*$v~_a3<iT6dpnk_y8R(GOD|L1B<10G8!u
zyEFw~23jy4zH1uq)xEYN9|n@LVM0u2n{G-VKLGN9954{|V-QlR_VG0$-P@B3egZc`
z>UbSAg4sC44DSNlee>ZGZZ?}awFs8gQ)(EAnV0`|JxA{zFalTPGVSM7O5kEDWp8b!
zi?FVZ>Th*mJ1?xXy=;PJXd>rokJqX`WQ*=bdOR@hrakGNRJ3KLLTTuM?p0I-=bT!v
zJ`M9c2;YXqbGQaJN5Su#w8>|v<87<jH*bY(JAAj;28vq>NWY!Ox5L2v>w9N0@$7!+
zvcSFTU+bRSz=ckEPgftu-Pb#cJHoDSUnQL@M@m%RJj&(YvSQ*{3*&CxwG>DdyKLfm
z4fKZ;{?#8E1Q7GrUhJXG!`Ottk>cXkKP{p#2N#G##S`_@*gM6?ugYO@&YNB&C1M*d
zN<mjS8;Gqjs^+`^SPpM4#m@M0Qj(a0c&}2w>IZ(V1rE#_%6yo_NIYEJTQYUHSA08l
zv5>oExsSmp+2LhIn&bqJ4+liHKn1O-<sZg{^3p7MEib|~i!U3C#Z+;qiP#q`P8c=L
z=<{d8s0)Jvbv=Td65W$-Ff0oZCLSz=;6N`9=fF-bZIWOq=WFHWh78k&GHH9iW}2-t
z?G4Jm@^GuRma0|?=yDcs4$p%Dxe8Fg<2pzb)b1yC&PUcXK@JN)0J$LToa_9Y=~i{p
znc$=!nIdi-QV%TjnpUT^fj%bV%JRpzZdF~K0HZ@NHc&1PX1f-Le1tleJL=_xjitSv
zwmzH2*sTn9`O(?$f+3y0R_`~e8Oxg8bT^4_f_LNXt~{{;ZT%`rd|94Xb-V1$Ux0#7
zH6gTSgl%?z)snqTJXfxv4Ab$I2*&I;$E%kXJ<LD(PK4nLshYqzT0<GKW%w3pPY~a=
z*hMJEsvKT|E8MOn2e2d3^C}q)tM`F)+?S3x{tQH?&`{1$pUHZ)K3ib(0q|BDhqxDf
zJp@#?CS!ump8i0`i&z(3lC;wIc*Va8Ok<l1o&XZ)@<giUn~|Bl9OaeaO1p-+GeEdA
zt!Zrxx+~f~zO;V|lu9xWwijY5SF6@*4Dqh6DES6;U<_+8L#dt|vku}?K(-%tI)dA6
zXEf0-%gw~xt~cG9<R}2erQFi+OABCiL`B$ionCH>UxwCTenv9y?}Jg4u-V0CD`4a}
ze&f8Bpc|J1!`mpz_0~*+UCDqWAnpc7fgW!*V9(x1xZd0ygoHcXxG_>aS>N;K;>=v+
z!>P72V42czKpnr`;Gh3vq=%DdI;ow6#aWYOfRde2IVaVG(%LgCU65GU6jNh)0*Q16
zW270S%@E=!(Ed6OkllRo^S#ExO~C66d@l#V*>oVE?XX*0$jK(LfHgosc@-`^P<iy3
zVh$bYsX!T-)-ET6dByA+R<Z(wA7mdnnR4UghqsrX|DA)pJI5#!U9NOhy<5jM0Kg9{
zVzl4oF0|gW=k{X1RohKUOuvXh?6Y3uqS_5TzB^bjHMF@c7izyYDxuy1yD3aE`{c$h
znm{IBX%x&9)^}qqLRerRU)z$fg@3I=zr}1`a4(iTiKQm?o4wHz!h3y?iYyjwprIJi
z&Rf9&bfISa#Mp^b`tvliN$9mzgpW7gkMkV8u*D~8`LvHHgEPww!JkNAu3a8fA+#93
zslX8W{%8LEZD}gF5D3@)(*@5MiJy1xT7SlCF;t}=X}K?KOgG{B$<~--2(QC@EaEjA
zcJ<Ltzyu}j9*};MbIB&X?T|vnX3+B_>vSyx**r*IDl&8sbID5^C=>;c-Wm~@)WuLv
z8;p3Q`B(_ZOh^_8ycy?LJ4+XBejC){)8!;w6G$a|cg>%+&u#(!ndVs*a4h784VOvz
zB$Qn5H->J3lqo-~o=we2{{xyO07TAiY3bOGW6klRR6Z#1YI{sfV9O6a=Ka9i!&<cx
ze5)NpaGg9{Z+y-n_W7&G4<Q{!_3g)<oupGLNh?OKS3TglKV-Zpe8e2DeZ^C=|LANM
zx@8{KeMj`}IO3phku@S~8<t?JX#eBulclDVfELwtUgwy*X8O}tVcqxG@;jp^Hk<Q4
zL^yfI2}S4|vmIBv_1!Pua(sfvW-_&&%9QuotjM&tqR^xZ;l*ozN;z$C!#(3}g2p_o
zV&b}1#lf8v(2!O?)mU0nu?Sr*&8NxrvxF_gYyBS1qI;)pW@uSVdrAMj-$G}!=N)?y
zPx;e}!^uhJBlZm}3^^t@3o_VItloG_KnXC~)<WaH-jmxdPGJ0LZ34DB2WYNurUx!0
zBxLNljUqB)G_sR&p@l)LbE4n+K`CX!8~W&@GnmgdRMdE5_i>My5kzc*quxiXx!nf@
zEv6S%FpuzMRdvzb48w=jt_NH5+>mJ9=D21N3g6^Gm0RJ>w-U|1dK`WKL~tvIaMn4i
zLLu!1?i@fzEzAR@QJw+3`znz$xf17cCYb<m72}MCbBG`4);tnIl<;Z<rBoNV>i|05
zG;ghqS#vO*$u|#dwZ&l;{h=p2Dhz|Iwo7T_3gf`eJ(;y;KiKo3c-|AI3#JV~*ew%G
zhMN~10is7BMBq_VT05}m%Ctg`T*z)1u~?3=atRupTC0!<Ngs~0oujR{sWfUgbuVu0
zXUg~U*SD`96<V+-XKPd?^vpI=otT-s`Je`r>P3cL6T#`yF<C$+rLW>$I93xTr7-w=
zUZd}U4IhJ$#`?Bh1nTj-2&IAoCqVp-ezYjwcm;_I-Qigo!(G3PYNe5*6(#dKz(m=|
zkjPo8zSfT&0hr^N^4wS3zNhAgwH4NO&H|q%6kp&UpR#_ez4RiWE9F_#L?qx}H5gCU
z7dZ_F3-rN8D;Pdn-_wc=#LV9o&ez9kNCwv4q@Sj^VF-Jw1k(*Zp-c4$@B+^3n;Bn3
zr1yjZ!t+W*Q%A0h9P&$}IK#xXWmg3Vn6Y}1AhcpL1qoMI9Ia=;>b{f}IPi=<8PvBi
zRal{CVc*`$Ik=M$8@9n7Xf;1I?{eRZy$l*u-CE2LDz6MS?;QJ{q!LmC{ufq8Ay8xK
zH&%vhqMISqHp*pw*btKN4y)`EhHlRL%Bf3ubN+`De$$Iti8f)8t)_87E|99EMwj2*
zldI>X1>v@>B-QV=lsTI0ugZLw4{qVeTQYl7+4Xi^x-yC{ayQ=etJY_^@1jxolDg#=
zaXn4?vNG+K`za#A3wCx0`0SQa(dBk??Xq5W!j`0@8k_m`xm&|{<|mC*rqaUAN)or8
zy6@HvN>--{^imxOC!abVT<mWGqs63JJi;N5gp#4H`Q06?<arRc((;v>H8V3b$MvP`
zD=9keUnEv|sQfjT0TvR$azy>j&Ae<!UhBi?AS-4boP<?sy`MYIkCX;Yx!$%R)G}+`
zo7{DHLdY#Q%wzHf{tat+$io9;#u$t3VFj7GB>x1Y@#B}qMhx>YcOaMZ(;VxRoh`%s
z+N!47QTD*X=qqi<;vx65NYiZq9QQ+BT|%(+Ie=P3o3)d?F{7R3#?FLsjO}<);4!Kk
zVj3Z-9jG7^E{&m1@b1CD6Ao)XrcmE>hP9;FPlW#xM*Is$=!52SSi^386@dj(3ig7b
zu@R#qz##SEIcuB$R$Y9@^5HR~S9>_k9XbF48H~PS<vJX#o?wSoIeRyG1%TfHkHE+T
z2qTxsU9ZuNqWOD}gT4p>?`h;5Yaao_pb__zvdYAb7#oyS9}TEes03q)hL)V2fpD&0
z;Lqc`kG-T%OXy5RFb>4u&b+KCg)E<IT6BR<5MbTSu^(z%cPY+nsjV{^jA{XjTFJ?~
zw7)r3k23*X>8UvNIR~g>hai$;VbjwsVU=80wgCX~GU2uh!x>J$c|8T#Hxg?N@m^#3
z047XO@P)>VP*um^a|qX08Z;dSfPgP)YPp#4-v2%GmqV*0xSg{-B!%Bi)vb5o&J|rD
z`c_jj;l39ay}chBi-Jlvd20XO%p!C@vQ^ls1?y|hA@r0ydzVX@4bSxj;WsAtL-AO~
z|I*S9@<(&YP?RlUc-al#J;Tn)9c}kH^Z&&dJ12J>{wcYGxWy2E&O<~DO`Lh~55wp_
z`XvSZA;SnT<p?yi^i`m0fF9EOTY!Em5Zz3<`=|7f>8)W^2pGmFH5WbxoFJC=U)CVh
z_~)FU&_Dc2xOh<Wz#PB<%krpYtaLu4K+~Q6G4z<FM@J43jz6S3)z6i#BwdA~8%1>{
z#`C`<&7Gd3xlW1y8(gQ9*Oi562w;KQKa3vAbENq5KV+-CDHd^xR)(m|QMTxE{j*lC
z=W7-Dr)yP#0FwIubE4jtp1=GU&=jZtG3C(5YpV@}c7-{{H%@nyF@KxLG@UayJdOX5
zDFu8|#Lt-i;y7oqLv<3Q02yfbAEzd*^Um;tKYYE4zaiBx1tDQ*M$rG5o$0R*p+MU)
zeE63g!&Wr<G`#yo`~C0uq5x5ZCiGf60^)YTzuc!_=iiC*55Lp-mdVmkrPC4wb?iAa
z=`X_MWA1Z~Oy0jJPJgq<|3#?$hi)o8DoVzhU+NF!A^ro#pFE_KIX;h(h|ol{$l5vg
z^?$O3`X3!zy-b_dTivR(Au5%3fBzy1&@}(&OfdA~OTWbSQj-45jp2VDe@vJ{nJg6`
zDFOcxSuR;_9vt&h=HDSX_w6~^j^Yo=cK>~k`ws(PlAJh%H98BJF{B82{}(d`E5Nw@
z<aZf>pU$c5|J|OR-s1Zv0+%9V1e@sf?@)Sh9!d-TG?W5mu^brs)&AqVvK4%OwEpy>
zDf{baR{nEQ#iBp|?N5(p0h+4Z4vEhLw5o?k^eF+OqP+h>tU#w;nI5%S553s`!<%YX
z$~;Nq6EV0Q*nV%D<MZ3$%OBnjkiTd*$(apvr5<)gd9>&l_KywG|0dxRD3ZKq&95_2
z`)93X(Hkbn{|_m`F8FgT&iGJ*3P3IY#{`C2_&gto{=<BL@$VF8bvYXSF#5kA#z_+W
zFc<#xVdNq76^Mqs7A_OY(uX-M?ApJOaOk-b$d({~_>R9+Ah?Nvz~*Zu8)muxBm|xt
zPx=0TEYI;53<Wq(%UlUyj+4Xv+chev{5;M7@rU<K8u&2rKbBEM=RL8He|YIB{>AD=
z$psA2gXCXz^|yTxHQV{liTuNzW1<ekQ<S;--YZ18fPnL#oP)oVd3?}hcb0!1C-D4n
zQvdLA{wBLSMg#V#BDCeZVhbpx{^vw~P`QYIR)+Ytn&v8^7wi9IJHNy={!g~^`R1Qi
zTmS#dc2sW7sbnci+_7zYXaZ=Ba?l+!FhqeVONKKmQ@L)u`}nQG^D^M#OKJkUArqiK
zD+f>liflFe$qY_FJyZd>dnEH}!M8+r!N<abo(}mILIFiiwznmWshEEHj`5X2fz>jZ
z0iJHd5^N2KKYIjcnX9g%s_JXlvn-_%?UR!|?Ipk&RRp3oD%r}pjK--9ts{Wytr*8=
zw_~aC3N0*`siNgXH|J&{<J{aTNzPNWLHX;p`jw<L(PPjRUXS*PI9EC8_f1uVWF*(y
z{uVG{IFC)bwaiH1f06}ypeDd^SswHY!|q8R16EcR&^ygGniopZayEWa%LTg<_!#un
z`#_sj4_CEx=_MHN)7xs4uPtV|?5)jLR8*)+0~3+kmRG3Mi_Fw95;UOC8#y#5nz+t_
z5lGG!jbK+fWn-f^9lQ%)0PrZgdT(5v$+Vtf(9j1MPZT->1@OM(gTe@XZfyp5%5bS^
z_I$fK1R>zHfu@ymo2$9p`YNfV)$MpI;M4EE%HKaEh7w%1y~9aB4syp8EyhrehcjHi
zUkA=P&Qn}<&H*h_H&14i1q>FHeO{1>7793R87L`o3eMTZUk!iU8b0s^y!KIpO2<vT
zz6@DQ+gO=qQnSToI9mS;$cc48e0+R;d)uNoLM(h<l+ixfntjR_zj!FF*k|9vQ^pyU
zq8FAq+THduJ;p)-%oAmu?>4{EJ`NB-4Ki~9^|*yJIb<DUh21hYu3O(}?sl>qDmWs7
zGYLa?{`ac<0zG*VTsFPKsa|T1?(%ntpYx0V`nC$^1!AqIyin+cYvi$a#YhMG*OADl
zjjg?4(42^tAK(Kd4<#UH(I!a2Z6*hl+7vhp2^)JhsBdEc*M(|%h-Gnm8CtK@kM7Qk
z7a0aupZT=I<K0k0OWqWG(F8v+fl~aKt96gOViDbyV0!xQO{oE%<gBuon!>c^+eFz?
zbK%P3g3dc~8F9)yTBSf9Kzr(}J8eCCYpyjL2rNo5#Vlun?xt;LgFi(dX#5ijFo!;U
z>td=(2N;H3gnQr<6!koWt#HQB>e)FuX$dP`vj5vFpd+}ff2UX4O*aW4e-<Mzph={d
zr-zai=L2I8(ZIdm<t*vB8j|~uIjTJR=fGlu9q&|CCqdAq?A2_<7Oi(M=34l2FK@eQ
z2H?Ob+x`5Zg;uGu!JD~78wA$3?6O6uw|q0P{a8v1vSi~;4^OgQlT96+Tz3EGENvt#
zO9O7>jGRU8!q$s-B%cMQGnW8$$6^1o%z1KHXQlDLNw$i6*w#3;ENWf&>&l{^z}foQ
zsVwjrQa($!QwGg+mkwMgo0F3Sfx$@>$uD^OuPQuL9OFs;`%35y6$r_Bd8&^KT}xUa
zruv6sbm6?8CH!+MNlFN)xJjV^jM38>D9)yR3EiZ2JNq27<_<s_ec;6tBG-dNuggbh
z*km4@j@ou+fvL185bk`Y{)j3apeAt4y98)5P9h3_Xz%Ux^j$on(#dH_{C*0^BfZo0
z>zQD<%deHUePL1Oic0SA>HRTpcb+d)HD^x*fw2=%pn!Iav^!+1$b}|2o0!w^=PUzG
zaT?HWO$rcZ-y<PZR7Qho$}0I40h%#hyzqLIoF)IGZOuYGFQ5umIIKNjJfP{I<bHaP
zk=LoW+s0vgjg6lrV09-SdFmXSpiZZcQTKv~D5n*9gi<$O6<}k*%ecCKoum+mLlh00
zmuo5k27eoi&L$u%Ma=+#PO)m#u<86D!^liv=R@4orAjKrUYGE^9=lUurPl{$(`hw;
zBo%VM@0nZ?|F(G5lOzD3aakf^D0_(p&m96`_+Fr(kf@xev4{{%y7r?6HvB`<nO=5?
zjbC%3fGOy!oVsD9n|II$bs6~1wQ}}_t>a-Qk99z@wP=U~IQMKY50X7e4-02ffql_r
z7EbR6bJ&??XR`%!VRw5Gzl3WP@#Zq$e7}NyV5-gC2nLt&eA6GvO#%f`oXUkj88kWJ
zh;E+DYCJYi>IjkGOzAlJuF_n#YeruwS87c31XyTQ%ChmSEmLs5P6X%Mk)|8a3>OJm
zR`<ZLmqv*7kvoY3T_xZ|EhWCc&K?2Ki<u1pcVgbeL|6+j5G-R6RzACJ?Fk@%PD@~%
z&!d7ywi^MAsuT9B8YLDQWWqvy>-rlxx0}1qNmGiB#qYT7bS>o+lSeNh0ajZASzhr2
zfPw*@qv{J_JgQu~!`C}%>aL?fAbAMHB1BnKA57H5h6p_WX)xtw<Z<Cx<QLTLFJ-Bq
z#{j1L!?TUU^=8BXN2!+$of^c5x?b}4X*WK<hTeHFBZHOK1otOJ#lLNWg(LITXZAM4
zReehJKqs;Asc1AYOLU`UIgz#;C6C#l9NWs;ZRBYajlLiDo8zb6m=%M-_^3?$?kvK*
z&fC4@o?)Kz{#1L58GPY8fh?zsfyn3CtApj+aSr41qTZunsj5ZL1a_#;=Q}=n{5e3=
zH`Pm_%w><#Btp}^kd3Lr$_?;#dchS%Ae<1nZcrSg3C556cD!#Dw%_5bsQ`J&tXTHK
zILbU-v8c#3MBF}b1>rcllcBc>L^c+^cCbzMH>y@?jROJOH;uJ=r>JD0FarewVY{6=
zw<@E^b?XQVqYKb2fJsUmciomgD&f7ZVBdWEq+0ao`X<S}S;Y6V<Ly9eBtNvpfETJ)
zB~)<<>N&u@6C)HMG`UOG5*9L0qdOq>*2M|7ih8HSJi6zruHQ`Zkg%Obd^8)FM(H2D
zY0&3iSKPX{2|%Yh4UD(-Wp!Mb0Mq!<<FPj{Nlq}DPb*>x!&x=6EC9N{_TUY4c%izV
zz-JZcl=JCogx9LLR*1M|vN(w8I)G7abDEzu5VlnQA*3UqGAR~IVevC)YmSsZ1jye2
z{CEV5x^k{+jfUNN*H}#sV&}c*RRve$RPEUVv%W0Ph|h?>1HF$4ZR}QU^V%~l_l#8m
z1WHVicEFl)#PYF(M!FPP=?><}%8rz){ST67fi<$`z_HQ02b}fX`A+wT?}mU#LT|kC
zQlu>@{)SDMr^eh9z8Ep?c)*8O0f0A!3D<4^C`lbDy}##3zY`%TwD5Hs9i5h!2;A>f
zMT4`i0@3gOk(3EstunLUEr0Jtvh&f(XAfp7U-ae<X+8w-#$McZoYY9aO&}c72h`?`
z*Ng}9au30|Y%i=Xz?FPl(d-?(1_DC&Kr5+OD*zmG%=`PQuB?t8h=)*4=+@(958KSO
zX1)l+^~1Qmpba~qtA_AneYpQs;nt##ydPSmCT@+t8h<BXnB0!7__F^tNHpcEUG{2q
z1qO>mtu>NFu=U|MX$N31N1^idu`UK(6Q#>{<|81Yp^w4}V^8{WhwsftXMnkv8n>@0
z!1ClGCLAgFh@IlLH=?36SmOaF*}ctc^VCCONXC+>q&qGGmlv%yv|ib^UYfQafX@3q
zad^gBFyHLtUAUd{+9M6V^3KQYneL{~TQMiq+cbkkPvlv{2Vd8j@4(W+N{EKbM#4Gv
z^q$<o1>c0FYF5y7U$7zi>O_}Jf&DXz$3y-#j0-r|ZwDpLmMzbeUpq;67{Q6XIwmBl
z6U0QH?^c(G*Rp$fJiPk;^y9)EwuZ0H0IONXp}gs6cvD9Zt*J6U*#04|{H2yef<%&l
zbMI><^Rq~HGW{u&v4#Gn1pqG1GRcUuXMfcee-h~o{F7*_JQo^Sd&27_1wkIJ*O%2-
zx@kn^x1oTe<@c?XL$14d5J$Je0XQRUw-xVHj0`ocH?)c&l8vt;Q13a1paQE(NwJJC
z(YG`W)Md_Kk0u}4V^67dcyDR)cFO3fIM5fao9DTFvIk@hZrr|Kvy_#M7LAx*n6%Ra
zcBp6-bB_6&+qG9(s(?@14A7<4FK+r?3{bvVMxE-@b5qdlLj5z6vkuJPdFlBN?|QL3
zG;pLfMV5;HYNox!oPPD|SKh6ldnz9do`g>n&2cS(Ee8-{3OhicI8=|lA#S%O#3<e_
z9Nt)Vp@>A;dJ`}JUNcR9P|8z&MDr{_p<qQ+wd8e@2$|{^u}7;VJ$_IM!ncnGGG9I`
zKBLPUYN4pmu9*q=_Q)J#RKxzK)qDFPM9jhI&lG|_pghZ?DXr)+Jqyxdv(PFCCax+o
zR$XZt7DP{XjCSDLts*qYe0kW%<t?v0`@3xQ3U#j|Gb~7$&Z_H5VPo{V70p<hq*QYt
zf&Jl|7P=!u^HX;}(uWG)N?Ae&*bp0tyw>ONRF+2+Urh7h;>Ckw6<^W73cr!n{cB{`
zM^{2jTm5npzarObx;E|6lGr7;;Q9!bSY<ukrtykRqAaKFNG?Ibn-JTsWU=&gxh>JI
zOXY=^Evt9K$MI42wto0VZpS5ex3)vZElkx}j|5sa4zC_eg_=%SwXEzOl=3F7ZHT-*
zy}#Bw6;KJ_0`qAX1@Hk?&dxl|Y+*H&1bR31B_zSB_KKR5TMXPN%|0!Fgy-pf)pvD0
zm|Du;;_KvW+(G^|KaLKX*7~fw-yN?o>G?r7QZEdQq9Uz8yfn2WU}^W|6u*38T_fpL
zWS$h?y8bbA#;+QMX(VJ(b0q(hZ+j1&{VU|D$aKJF=NyKkp0T>g&+hScI4pK6_2p|%
z7+~U4u+>xyVGNCDkn`x|uK;k2#OHY)*TI6Sc1a@N($*EBa?~g7ZN|V5F}`>!fBb{l
zxp0>?G7Ev|@7QRSx?fr5`Jm?oS|dK4nYvx#SKC!5O(SJqo}wpp%J|owyLjvQxg4kG
z<sw&zgf7?nAHbP%H_6^<>Ar?_J<+hai4-r7-I5|&Z6%~lOI5SlxwK4enNS6*s+nX@
z!*NP1OFD*o9tH5518X`w>O0RVbJfe`(VVseKA<E6NEfQb4%;9NGwopMa=Ep))}w9_
z*ocPK0{!n1fBrVKc5~Hx3ksxR>l(s4W)gQBhzCR+>6W^l?3xEJDJv?Pp?th0$6_oh
zyGBhH@Wif%jwVZS^Ozk5)tfB{+B>T!g{=t`RZV)}mAVeZ#3qq`@U=908@%dGVevru
zQyIpnQ^K}O-V0Gxy$MHsqhi^@I2BMLDS|)knY^}!rrCuL=N~Z-C2@+!1$Mbu31x&C
z1KDT<OMpkVB1E?}jLAsrZ9#6jd4C70ki)vi8`e{`h^duux3?ZYL*vL>lVqiO4Q#Rz
z99(sTfk(upl^<!6B)Og@Ix<sU*9+6j*Cp&gde~|@5hIi2_wbfJorj>z3pKy$!B$c>
zjjtmf2+k0Y3%cg*n)T;ImCYks2u}`|eS5#Y!xZy#9Q`6slcE?-uu!E489~wj#Hs`w
zA3ht!g6hF9nu`M&uvZ?3FglREw>hyYI{G{?Vay+>addBXkE3HGyk>i$bAT=OnrQfa
zsc6n2#23#9`&lmrNa&O_<~P_Ui`ws3hV3*z^R7RmL|?5S9fDgs`IAV+sxy&3+5a!@
ztwHCG5~*z*u{VH72wKR?9`QV4fXr(1)~~JinDKlJ8BX0wGSFvr<^s~H=Qm&Juhb2J
zq|$a`WvIBcsy~wbhnA{WZO6FeBU4a1-<ZQPSeig;*TN#~DfL*cmX}#&GcP6<pfh0S
zlih*Uk(ow-UdzY=E~f|A(~?wWM~d{R3{>%X>tcBWDWIIpS6ontA*WY@se37`KaObh
zH!G!M`sXX-)<Joq7n&_`W%r89lOu4qvmY_c2=Q0v{&?X)X>1VqykgLN?2r$eXDrjB
z;uH&0{ay5u7H>p$_YD`338#fS!2*<Z&g8hNSV!>>pn)Xu(-(Ytfp(Ry#+ipoYdFia
z!%)siS<=Lg#o=24Jh+hPCa%$=rtb{rshR-_ln$#Q9bQMEG|Fzwi8S5S&}bia8rd5D
z2oO?*AGox1o_v*LEV$vlt5+8E*A7?#vg_EL7Ycr?^(_;Z0wi>(o*$L)H#7XVzUU25
zb#UjKt-q0w(p!rC7|S(X)`LZy%&iXlj%*Pgr5dfRt>8=0qp4rF85||nwC)f~Vlilu
z5;ty-dGSbM!r4^Y_9`?NQNRgot&|iAx5aG$=|mANDxq@WSiIFTh04i{Sj&k#>EORE
ze(>X<<wOR&=e7#xLZrL)uo5{LOuvlZ5`w|!nY{$a?4Je3%veNQ_T^Dc^srKoc^bCo
z_4iv8R^t@nP!n=qM%6C)k=2_3>gT*GE0xtVr$OBhWOUY`386tB_NG9}gG;N@s+}vh
z7qB=CSw*K<!m}(4K!G1He&jGxa#SFq>v`hX!w^dH+B8cyoGXllMnhXRioLI*u7u^X
zIo!-kxpKS7_Gf`^)}d}+dophhRgV`amU~wcqWz=dgjCXW@6W|;l(3}Mg=#Lz7aOwZ
z(_JdBb6F{@8lQ3EDFtOv<Jd_pMzxr4B(_lZ;J?<`vFl!h(ewT1u}puR{Lj4V+ETmd
zb<RT$QC>o8QSAN@#ec!Y(O^GbhOke5g9{zyuo!jhDYv?cEvyB3i}M~Zbu)Gp-yU^`
z87Fj>#)IKXJ|B<-4J)=x5#R^g95yxoaS)H^@Adw?wOTYgXkjaS@_4J2j<`Nm&~PDm
zyk-F18cUQCj$MJx?m7&2&<xaEJ~#>3wxYw20KiiW$}2Vd(|E=H7!A}bm_R1GeVTO~
zcpICqYSPX-!+;`8abu;e=@sFvL1x4j7Qt`S*IzmGzp|A76~tqrCGZO{LmTuLwTiB3
zYf6tekK?9UeL-j#>)J3N&LW2ZA+J7nZN;naO-sZZr<Q}W6U&?-U@|NaY#OB}u`tTf
z6?MtQtIV8Y<fZj+Nv276ssX5S4M?zmq6=q~fZcqYbkgy6f<RNTe$ftt&2`|L@RENW
zQEV@Gnl!XPMAH3G8XRFy?0_*WRd#J)+GSy(1Pk@<!0^n-mAn2D1$eeGf^|tdY$=*V
zX?QYeG3~>a6o=B5d(t33Ks;#MCA&qb#e1+waj!UHf#(iRCcfT^{CK{$yKNRNQHxwl
z-H9uxF{Fl2jo>cG0Y)Iaf|mqM5>PvBl9v{j7<|kj;~)uliU{Jg_uD)UeJR70fzCG@
zPG=&tq7NKWL7>h`Of1q2t;J&jDwcASKLC<=J~{yw6a;T&(;}+OEILmIAS3wnJe`tR
zheHdav!C<WhPOtX4EgL&#fL0T>f;b*yaghbV_lk-Q(aXKRI3W7vyNwc+ie`X+_wvJ
zA!eP7usQ3xdoRZv{eP*D{Vkcw@s1kc03$*jiHKXQY&11El>o81i)5Flq8i{3J|*t|
z{s6V$dBapbXbuhO9o96Ef}=?SU#99p#snnc_CRN;&Yyh}bcp+XJSC?iJXBSI7tBN4
z@RSL+J#$ytKF5n>*J(AmB{@{->soGJbYbi4b$LKj@mZ5F5paxc7dn*CI&+~BOZp9d
zQGj?>&f}7WS{rK}4VK9RrYg@>b#B4{zdh6E#UmW1d`iJe`dG=m`oQiVQ5hR0Kxn%e
zC|d2d#dl3IU377uJ_GBKn&|3v&;0CUPqt{f<kgY6D00!fzK|utO^bB?@aj82L53ZA
zH?7PaNH;ziCbPaj7w(p@Jt#dM#T-h9M5}1hl+0N|S8ut4`|fkkeHf5+?R|UkA(TfZ
zm5F1_iNE;Gt}6g#whK)S-kTgY)t^a-lL^4N4m9<;kNjvVlpyq{0f;Z|&(^|M*c<BW
zIs8P1>@n9fs0^5y+r{#6#}tR0&|Uh_Rbb%)3(bO|czK*smwn5QwcJxCyYypGZxwWp
za7~)0>l?OlLRaQmBUFlwgwxBX9BFkaKGnEcDqSPze9+nNKK$}=xrHWCPAJ`FS+=bT
z-Me#WCxd_2yG?QEunZ4nWzC1;Lmx{0zd1augI1r(Y?J)?`~uyOTN*C)mCuoQm8l1b
zt+Zb?8E;WXr*<`_1W1;TUVV2(y|aL_fJUx5QiiMYc*}8o=sN8fXw&x*sc_1;@S|W2
zls_()#aQwb`C{~Diwr5p@?m@Ot5tZ373^8b(5nF36=6k=oIJ8qAOJkfbwKopNOdEH
z^9}A@0drQ}W>!{(yO^kfbBzhT+>ZtCRV$!Ha%Ircp6Nkp^g(3`=-IvKL~P^cEr%l<
zd%Sb)^HA${OaSH*&D{_i$u$Y00nntkTc;eEaOj8~GHHt(gl(d#bJa?_+4{ea{*;Y;
zpq1p$?xi2VE3ST+kTU5_f&0J{tx3kBd04|MqmuAuK{{EQ3Y_J<oXuNuBV_|IBn&HW
zY?!r(H%?q5h+7H-C?D#1I+0yM(g2<f2kS?=PDN|9?wruq3ebhj&*WbtHM7|6!B+?i
zSp~d$i!4`kZ~Iycs;*gD_=S@2QEZGr_paD1!S_ePPuD-VR*d5xfK_-YRxh?xX`26X
z@co@5YaoxMVF@kBMj_Z`z?{O~5Fvc{Q@<q4^_|*DpURT+$<@JcfdUq)gV4?2ddPnt
zah`JzD21X51kf!QQ-$~@@H75Dn*C^=f=-GekimR7#CGn-^{A|XZH{-Q3(!<ehJ6UW
zm2K4TQ4=dyIjmc3J%NSL%PLqIEnfX_+vcN(((PKHbCEdT?jpnVkUJyhfwhOd#LHPJ
z!x~?@V3K7M`M1tW5Pey7$Yjz_yGs?*o`7}_ysm$qg|u7qr7w2S$ODY=&iJ66^x@wG
zKAnI#Dzsm*TA`lU3#Zt<76*0X*TBZ}rcrQvjjZGFi~a%wDo|W2f&bqHE*e?DX<|_C
zdmz1Ryk6*yD8R`Y`C;h{VM;1_`n+)nMr`Bc9h7l?;#q9-IxYFGe+l%IYGHxXEBO@~
z?r*rX(IGxQu$p|EI%1Zsl_3HzDEOgD$EH>SVE{3Db@vgm3;h3L?yaMuUc0w(#X?XN
zDN#c4AV?~RFmy-=2tzkW3`lpENQWRWL#K3imm)coO1A<-4Iv;MzV~nh&-wno>$iNL
z=bv}2S*($BnEBkb_rCYO_H{Mec_-xaE_9EQX5<*O2FJ^P^tsxVXPx*t;f4r}vv{Ev
zapM~^B4lL+xZ4xLo3I0k8RY?gB}?l9?@G<8n*!+FwN_Clo(=@&JwI1+u8z(|4z)nd
z%xnlPr<5|=lQ}i-REc+59F-5*&B&a!arVQey(uy-@Fr+*f5ebfHY#2M<+$e#+7gR1
zq7>{5sbv3?zQ5|2sv_?^hMufcuqxZmfgDh{*HE|ZpO(nvF(MX}HoHTu7`Y!=APK@M
zTnpq@Fam9hfZ8>b>UogxFdjK)Cg{~^bJ6;{vX|lI4D5QI0$ObO$oAEUeynNGdV%{-
zw`XRt&78R2(s3LzL<<!cmTi>feQ;G6s78~810%9QpYv?r)b@m&tJyL^!;*;I@oxCZ
z=WKvwF4upw=KJ;{f~Bd>=V|oDlUuil>Ykg6w?(C1$-+joNuHyllNGF+?GQeCAjC|R
zl`6<0f9pzgfSBL9R!{Xnc{lHVTuEz5506_%>-e-PT4l0qYZzUUaL9d4Nk6SKOD4rf
zzOC?f52*i$*~gKg;c^UBI`MPdKW{J@0|8bV(qbY=O^Lp6dcv*8FZs##;TkTO4iq2n
zB)5=$-qt}FuB{X<F~ju;e~4oLUfr5r@2VWPt+y4lm>#W5F$l=cKQ+JI2X!mHaX064
zRg}`no$L+^LIu0awD3&>52AUy#Jdq)xHQbVLXpD@8^#8;&2nazHPdONti@@FdulG*
z3*&04eA)Yu2xCAZmi8{7X8{K#;CWFFgcb8`q4%bQ;sw?ra=Q*W^i9PjB``8)UdkMv
zqHb#ngicvFqJk{@l}0@!r;V6fCade7rG(K@WvXuLr7R$}mrW~*1KV)c15EB;>i9zV
zcq}<QFHyXt$t&4CU~V`N1T0}sc#YOr@P0Tgt<cEMvq&F(HTvjdZn!dLKSdmy$&k}&
zwr&B@<QOIuRV-edTY}>oGgv{~4!Sp@^smu#D?!^2WPps!vNsw%+6Svb8LWYG7|byz
zOu@w<50h#MM|v`1zdG~#6*qtWK=V>rhg?;yk9V<#PUW@p{AZ3|cLMm82}r5Mu5YrN
zI7C8=%ThtdP`eSPxy@v41N8D;j?ATz=%7%%Nk}IzrfJ~agv-n=jme1WwC9C;_xlB<
zdwQI^gio&m0U0B6tGhpQ3KRn>yGZ<$Gb3-*1fiND>d84v+2NB;yo!3AvD*}`yC@~9
z`_`AMmx?>mE|9l!YwtR5Ej<JJdkEBbO0Hu13z;O|EQ8I&F5p{;a5m!KF-BsOjIrM~
znd?cUA#NA_ZpzXeMnB+)2tlY|@)+DRM{)Zr>Z)Z{Y4SIVSf)U~arm0V?#1AHT?4ar
zH|Xm?BAPMlh3<BfL?jdbBVTs{v((7XVCygkiv1OvExOi6gmhuV9=65p0$ssvyf4xO
zL3JV1Y#f~hsy9Be4?_i`VK$?_agpJp2X=%=_4*?Q4o9C_i*?Q?Hqr6i4R$SR+$iFW
zfJmP!q(IbMA*^C)v_hITCE`m0PlFuT1!+1#c@zp?h>%^e6-l5o2`QmgVV2e$Nb*dW
zcrHh?j<Y{oL#^c%Dk|S~f9vj%#y3LDPV10tJ!&$}n5bB~6$P8x`9`*WhqVOmlD>P6
z0QCA1;KK6jRZ3>5#`p<@KD4^Ft%g32bxQ||u5{y9OI{!5mUM@Gv0B>F{^;`ssQEca
z?!~<swY)Cl*X8Meqk(sMEv#^6mZPpS&^>bawn#2v0R!JgX7QL+F>A0qc~Q9?(vO|E
zYD|E)Hbv8ImxxZSJooNwrcBCwy!}xR$E<z)imkUhE-0rMst?+aAwi$t;Is`lpeLj}
z*;&W?OG*z*AlGx`n_)S0mfIxl3NDQ6hsCv%jrr=Y>jO_kzFo^c5_xl5ZbQGzOBT{9
ztI}^UQG5gR`HP6EjIO!bktlY-VnPB5A5bxz-T&k$I7~uc)IT}@x!?=tE;6P=Ls?U;
ze}S$BYapC_7=hK7C+G-D5P}cfk~K}6c<J?qi&ZNY13{&GBm2EhbHL>^M`mpqw|Y)k
z6%1vR$XmDY^@C@`V4f7FUJPB#LHBwEu2p#DSW5Zp$vF~Amk2_zhcU1Z9b;YrZ(I_^
zeo+&Z&~o>ml!C(w%Cv3nY0fK#F!jOF>9T8evlThe@(l)M9wAMRM-Q2GKL&Ry_7qI;
zaZ;w7YnGxyMYt6>HUP4KM&wURq0iY`20pp8_1}D))_?4*O+TwRAm`a*%M$C~h}xd(
zilwO&%-kp%Awbt6TSuQRFMUZ1+=)ufUt9A^u-}+{UaHa*nWs_`!M!Y>+!+m6sqlet
z0rxj&FQScM))Gb`f=cpBPHIalt#Vj{1@5|DB*9Bdq>TaGTfXdT$N=h)Snh0winyhq
zdkUhtdGRba-U#!#%~3A(`J3HXYlEzD1$`uq5)u!(%|20B`xD@0P+SAq8fK`XkFU|z
zoC&#lO_1wn&i;OJ;9ovph8N?PRt!xDWkZPTNBDH0pT4&sKiLp>VvbGCv$vZ{`RXc_
zz6T-l;)VS&;-bN1>G53lmn#y{-YmOiwA<~AymnWS;#^XIC?NeZ0TrTrk(WzNbIi2A
z7y(cFL~8I<Pg`jqmr%2G-W`8#_tgd%x1j1@^npgaJpq)8J|$nmb(3SjW+*8!zzJN&
zl8x>r_MUxgHA8FI)fEs8vbG%^v(2*yyBqD^u=rKr+Mgx*d#@xns`kX`w5KH+L{2X4
zjm9ZEIsritaTGJX_-3g=4~6Re+<-itti^4W<&shL;BP8rMr@oQkw3%e<f6h=Y<a&q
zoRQa-o~54HYYA|*zmpO?`@z!GmOX0;&!r`3p|Nbap9OC&n4HUt>$|hcmFU{7<iUd?
zhsC+P1on!aw`x*XI@*W)s7re1l;*CZRm4)qkP8b#?gdq|w{!w^gFkj@;&Bx1+m!o^
z)z~Lmkc`VDu+qbao2_-%iljhX{l-9eg7&Cz?iJXhBCccaDnt!Z6Su!eZGHc4p6sPN
zytBPzzou3wpnL-`COz|FoBvCLyCevZ)Wn5!6o3-ykGB>+Tccfy^#{48fUDW*=}@U5
z!K7LA*io<=G4Wig?7SI%zz@6SQQ@)n27w;n|7V&gqkjNdP-V5&2#BT%{srSpX6rA9
zHR@J>Sf++B*Nr{hcOunnc{e!eXs5vQ;ywR^mFi7&=4g?{mFj~!Cmw1Z=y%8wwrO`9
zWDn)%%Dz6&FtujGnLu^^<Jl7vaqPt6-eamVZ+sC%NXMpzTn2n0ND91&_zW(}q0i##
z>Hd0syuY5ZEb@UHxWDfGL}#<hhRY=`y9P3feBud76-y$KjOSGzeFzvVGaeLa7AX(&
zATc-Y+aZZ}wbRaO`Wlrm%h9N~d%$a;c)wUey__LOHjR#mSu+k$o8Buj5y${^&{D-O
zwyVjM908svI5$kUz18(2&XaN*ynuqq;*w%aQHX{@Eth+?@|%9nle#+1{ZGbj8pQ1T
zW{Gz*;yQ~RNpEMZAH<BxgDT?GP#)QSWNYns(~4P+LJm{n2fm{r=JAhcrtRejf*-EP
zWoGwRy-6RI6SAj6aFs*dyCK4QQ67L5xjn=wjxYviItjR&;JuM&`v=wRL>!K$fs+jz
zS#;87H>EX)@ACa?4tJj2Aw?%CuG8V77J9t|tK>-?aSPl9l1+qh=YGWkXU;QR_F@Z_
zX?(!X!*u2hE8(-J0`guO4PochoX_XN{kN>9^5yS-#h5v1BD}Zv><KCX(aeGwey^jx
zUAdoY{p0LMxp1;aQ`8IOFF;V$SHA2jv;Fn_zn<gou;j0Ber0qLh(+XSKcZ||_Q`BL
z{tj38N3LTVQ>C2o`SrC)lBKN=5UcAWzM2~uEVtVtxUdU_d42D3?9PPyPm`1wuQ+Z@
zuzJlYqpxv)l5&vBr0U62E)r}}WH)<{_rH9x7yq4H+fP7KtNn|h%EgA)-d5Q6&M3V8
z_2o?WF%Ic2ZjBrDrSdIo{^*w>a&(iZ;}OH2yk*?J?r^kAqDOm<dJTY={B*NQ!lK7l
zt+`=ROV#yS4fQMoMb#u~zir~FeZ=;}jJFl^7}1u<8>TE+IGQH?em;IGEbZrdaCPm$
zf|>UN6lZA(mMz6mHOB@btMg(piUJD=A>9WzM1RmOZw0uU64Sl{nQzwT(Jaxt2j7J{
z&>WYs?wt9buXf;HIbZ5sfdRf#6S#JATxY(h#;^bF?f&sv&ot(1wR`08V3CqW+kj+#
zN32rrP8_C`&3tb~oD>VQe~;j2&kB5beWs=&U#)_P=z%O;ifdDT5B*(xq;8*GwZZLN
zS0W!X<A|TgKV#0n-=|*kC>#(#0O<38JYBSm_<UGeuQ8Z)ry%-LtY0TLOz=*we~^*-
z&?Y^k@WMY_%IWm|dgGCV?Nx@Snq~zXPR(Wbw$54dn4Cy7SJp=ml9?b<buu!a^NlfW
zwD9BEBtEeYe}}vO{`r~;%ugopSG=Y;FgV@4*j7a(;FRd^r6u|GXJ3H)9|5U1%hDc#
zZ0Of6`A1y+d%XP6^Np&P`iYRyt%S%i5x}s#Xb8vswIGIKm;nls+8v7HnF##*8BWh0
z=FJ^iEbTl`I&T&o@DwGdPa$;%vp)z&3eiedFHS!6|GV7aHv;$orU=)ir6l?Z?=TKd
z?7U2jgphqd84myZiynpdS;R~K^pl8?amDG+@7p=L$}g43lH$P9U!OnOWiJAc?d_i~
zTeiBUs50$b`#ErlBY$J{YZ~s5A8$j3kC<)v?@P<?$vvL&^TOcdLQA}@r1q1bc-e_E
zOuvqIDm7+IIQoCMeX`XsCI?y<c=`xk$B&@=r;kt$<)u4%-V-BE8l46^&@;P-S*-tf
z%din5d()vJSu7A7SQ8jm?C){WV8#{j$KwKB7}trB)Y{2p^4ss!e;FY$^W&}4|K|&i
z@vw&BfWA=&t@l~1vKB8p<M$)oJ)UaVpH4LcJOeY=8o%fI@OZBE{&cQ+e5}&_k{Jjv
zQ`~iW9=-tYK|m_Z`iG}dff&i+V<qz78~PSgf#;&`?{g`EIhR<s{`g#4d4WTft)8a(
zCPjda7<Fn8Qb~@NO6O1KMO{+@7uESi5D^!S*~|a&1S5%&OEa9tBYK>3aql2qLRU~p
z)ubnn#qV?j<4Rxt?MnX_r*vvwu|X05omAanoCPID>H!VTKYApw=UCvroZ1~<Blhiy
z`LN`8wcYdQ0<IB@PfaU&Zpx7T_P(iCj-5aUdZ9O6R^$Nyz()g*a*}~y2R4f;<)$~r
z<By7AQA<Rmg6fbQki{}w_(EL@@)2#fEl#Ws9`@I|sWZf8Z>T<{w1&%PNRd0bfwalX
znYK`w?bK<1g0k_2p~#m6zrXw;=DS0Hat1cgu55y~Se!rcFcwmn<qvy|*+yA~02aXn
z!uB{IQ*|9?VBkw93xN0wVG>NCEK8FOi6a%}q96eq9F_%0L8s~^Qo3^p=oMY0K-Dgf
z)21v>HVsE1M^R%|qrr_Fq&On;kq~?qA_nERAh9O^oGYBq{mAcrPwaNW(nq}?Do>jY
z9iT-z)a}u+<v<u)wbmij1O^}vfX=km=KCjs7&hy4bH?ov1I>;7f$NbMK+q@M<UmJd
z{c{gpQ2OG-fnOLB{y+#Mt0LwArnUyYbEZXlww=Np-@=u<a9?vR1^I9?LwjKPQjI)=
z=cMU$OK^&yL7V`%Y$c0QE(-$P14&^SS44Y=oh}~AI5O$s?+x-@@;F9fD$q_|sv?j%
z@po~V$9{DJ<5z*mJth`5`LGF6#h=FQ*)J=keooOM5O2RC<O8ToeR%ig?@cQ&ml_WS
z1NAGu#fL^*Mt!tSbMZd|Iag<zz+a>R{+l)iAfWVaP|JP%*%ra9W;w0-KrSf}qiSDq
z7f6ytAP@C^M5moGv?&Hz44c(DQ@z0Y8<ZSBoU$Xw-1nCuaCURekrIQDn<ZVY#zlj?
z8!?j=K9vkF4|dqI#6rouS$^`Co4H;i=XUr+yBuSjpS&_o8Q!`v+m#Zjc}rUz*SPg~
z$^;&j>}x(6oCL6tHM7pQ0ZkM<2@kc(x$!n!Z|RRmJpA%C_2^2jMny!mJv!oIp7_{#
zzL7T&d7bXcbHAgDuxEd}Czgun6xw?}RxHkxr!g%P4JNGA#)OrkbS83!_!y9rtc-dR
z|Jgl|p!P$ADn1DP;-w*5Y%I=vIWXCO0l}yik>EJ1!U;s=btg;!4U%YLGa;Z;oDV$6
zN`gxD8MHe{c`m7HBzJBGk?)Imk@${fVt&opqZh(nXU4a^T(8t=8+>!^1|Sy>#-rqw
zv>*HY-eq{5qjTFZ%2usW%rjgl;kF=xPAP(sl+TU(d13<M|9@<-WbS*$bcoKUS5SIe
zkVUM&kC8{|UCiLlUimdRQ~Vf4ENQOg$ACIBQD+JQaI^OqqIX*WjMWF|j6K-kkcnx^
zJ|CD|)JDeF6VcukgHmof0@tR;T9xM~nA9Jk7XSkM?Z9gLJZs&A&6v4GD|z2meR;8A
zXPNzK#>^2A-F%=`@6ssfSfQ=3D!N~{6+L+1R{BALRNs4ju|P>KgeF)mJN=#D@bThm
z?$OC;a;*|slR{}@{o|Bd4<3C0X-#G~wT<3-*L^R0zX5y-oG%C;t>qRnIt@|mkqajQ
z&Rez1AlyXaptz^B6eIkS<7C9W&^r5iAc`5VJYRJZ!4P6Rth_G9rG?^*%FEH#z`j&j
zlT?56xvghM3m=!Yi6{V7*4K_a(T0F4`Y~V=6uq!BZV*h@<IP^;ye3NF_*DF;ou=dE
z*Y_S)eDubg@m9zOrMj(nM!mBW{A#mhJ+-sfN-fhHyKqoI)k4M>Z<*Slo{fkInSQ@b
zsG?I&yH=%)Mr97{3*v>oTtF<3XVbx0A^r`6JHEy305!r{ERlCByNv@&<ht1W>!t;c
z^()ciaP#y=IE<r6_YqariYILM%NlTmVq<QEL7v$^frMTPr)@rbO>bD|JE)VT2nP~h
z#_e*IFK}~JIrOD;;a{!a&%Z&f)4}8gfB<(9v@)-80Phaa|0Dr`se)3wW%gi%E&hd8
z2owia{(fPo=p38zL|nFFmbf=gJX5aKQ4+AhUrG(-3_<=*CXIXT={2A}$GR{WU-NRl
zFj;00-Ipa)fpb4D!hK7{t45i(l}UlQZi!{$jreH!k>E$sD<PbeXfL(2cEG0ftjr5$
z{aL4ZCNiwXZCn_agdwS<n^QvBxg6e~W^@I{*P;egzM38Ap8<3A1oU`KmO5{n?Ex6B
z;Z)P*AE2eHwUM!>29}Rw8=IK-5aMI^Y%R{B!BVHn9V7!lYn8xC4rgw;W|f9*zk+ON
zcPG4N6<o>Wcvk~SnBRfy@?^GZ&)g7JgHi!m&J4))_I^qh(u*dzFA1Nv1tzGk-nAxb
z(*f0Tp=Ozt8a{ZC9j9jk?n!`xO@sku*qi=Y&AjeGj<mgZ@!;BQS;!b~hS?-N8EcjD
z+LX@_tOHK8`a$pqD7Jr!F(0@&*WVq{r8bX>)ROhJ%9+R@v#zn86Ftsh18^=pI{E<*
z+rfH=VhpD(9mww7rJ|&Ca81mv9<S|4@v?M$J@-&^;(^p0Kc=99AXxR(vOg5ZsGNS6
zw<3ynS~M)R0!jPyU5UP0N8DXEK8+vK6_aMy4>zqEw_}W|r`lUVxh)kG$Fd|M)Yuye
zG^)AjTGStnRM=Ajme`K<I@vlWTOB-rK~6GloNf&wWqrB1s1RZ6)Mc)a*=y$<FSNGt
z!MeE^))Q_$>3QkeCy*r98wwvTF%VVp-XEUpgbZ7o(a&;RIystWu-flj@8f()HGCBp
zmIcLR8f$-N8sGn&2@=1)S@JFwa1mnsgu<IKARZyla54YB=3g^Sfu3OX5&L_IH7iC>
z0lX?~C1G>J$Q}IhvCB@N>~Kc+ZjnNuFKDGp1I;ioMuYj}3QI?a`wO7^Ed`TdQ<uXb
zQH-lFLZrC#n^%I`$HLJ*<=YH^UZ5d%5S@=)2=%3WM7WGk(sY(NwcOM>ao46(mpvdG
zh<wH=Lo(G@G8<JqzVFT@_JT!Yl1>Bm3hgjm)S??a9;imWBB%NF2;^Mfbdac9c*qB3
z5`aD#at)WY=5>qNPLt$MhXNWb<%#~+E-P2*AjW=>(nrUznTmJ=@PD@0!qzU3Vu2qT
z*m^3NUE@1=ScFP<?3}j+og|_^fFkXDhRbk)a#0wRYR;wdk@<wPtajst5OS{IfXmH$
zEpH|XIt&oCR&ucF1y)34h15nQoq~7|g?%E?!`y>S`m9Ozqh%hUAa=Xh&Z2P@nYIVx
zL`cn+*g@X!>v7et1wmwx0P#pBQ#Bh`hD^ytS7d`DpxI38VBn3K+Fk%|fR6Xcej@UI
zg;8zQuPu1*yrtvU+4y%#D1E%g4&QsN%$h0riXwfmF5ui0UiakzV`q%F`SPp<;#RP|
zJle_;TxJd6_2L)!v?hyTxMjwXtReok4WpBTGAWwWM{lMlnH2p%&*+0}oO&P-#}UJ|
z9iM5exe<$NGh$X?ovB)8<ZnN4Z~f!d5(bw}>p9SHDME`lT(oAN?h+S?J9iQwp79tH
zyyIsJ<uc{VhbAyE!Z$3^xeKA?AMv(NFQ;VpFz(Ox)#T;|6&Z8x1K2vqFQ<7o8)hVk
z6M5YT&O;~^%hHy3i%ixZX1@6Fdi{y!b$xF-=HOyjII<_un8%4M<XaZ<N3lZSr`)G7
z)HVQOdh0A+LMHO@Aqt=gQV$#g7$(F&pl#3AnvRyUY!xx_sa<3h&Ds00-?=YEq_Bye
z6ax~;Z<BA1)w{;dmvrg%8)T(Jw>T$2<aw7-qu*h)#Ne7KQQ)k><s66dU?rsNiYH)B
zCnatGhc+FfMHs}pVj0O4?+qKOh}h;>E&+|Py`bkumlk`7E-KGTCG>rde^@NhnGo)E
zizceaxL*;s>3tKNvMbi&O1}6pW(5Zr%&C8P!x*7(3$jj>d?qRf&vm$X@b%9l`_~K-
zl;OE?$W8`f<H5YNmGNrfeiR~BGpU!icVoT2_h5LK^&b4`?D~&s0JD)mdAfCX)bF|O
zgM)$c<p$kp@ugFMjx~p@cOf5Y$2C#=aIRJ}QLbW@=*YCat?glx0b0-Pnw1W90R-5!
z2@9@*{H*N<lqIc~y0?K%Z|A5zAWNW|Js-z0dmwbpHelzC>~t4^!*tcC<DkBUjM@ie
ze_19Idq7e}rue-?HUa@(6nb!U(~HNfu#9J$X1m>WyX@J{w`ZW$_GyBuY%RokA{~(b
z(aWTiYr1J61eJ-90c(_AosQl&YQasV#o^mE7^kh%!^LTaf?b6=BXsJx<{b2ZcNtL1
zepWgVxYZzyk&w(%o(pl{hz3$AKdMI8(mAyMk=3aReKm<rvLhu^q6JlL*;c-<-W|p@
z=PfBu?li9~Rx6Zb{a~=0kEt5apdstdAzJHan2tNpC}bI!_~3a7wZ=B6E`g!Xg+mnq
zx8vbnFJS(sTAgby(Qb4tEiPqMv$#Ua;>El3qNsK-gl`XvgIN#nCdYd}d{v<RnEc*N
zwz?Np-4f&&4@#ggd9eA$XvIdOxebd;d4V7cx6S-R3}=3Bbe_efEA!@JA6y6Oob9KT
zl_p4OgvQqFYxCZL*1B%!Eu{jt&>fC<HS-&d#okMTPDpsWm6ldp*{BO25fa=OQ;fZ3
zLkQG<78R>eQ{=er{a_>hIvf@`E{$%duLvfmOa;=iD#YzfVn8`BnS>efBe(Kv>5C&5
zQKr#*I04r02ii<5x3@-1(kjl?mjT5xdC<1BHydltz?f2J)!S^DeSP3~n}MKtHiURc
z=$!kHkCcpsX?I!;foo;ij*MMv*{%JnpeIXV+-!ngQ-`+X%E8^MY9F&dodufUcQ=U|
zWQ-<QO@<1w>0t${a?Gn%^!ifW!rj_S4RZ42p}WgH9(`Q?h<S|~Ub^UwR#(skS$4p`
z0zg&a4S^xNdzm(T-J3icoxP=c?Kc!``yxKx3?kj|xnf|k^Idx(^egCO52%)o|GvJT
zP4Bh)5dk0wmjma!ieFMNOY;tggZ6APM<8os-v0eww&sLWS3xAI6tkt4^7lbd6-iaN
z9ZRC+^5ME~Uit2Jd8LIw4<+aNC7lDyGc<gAW6KV#=bQeK2cHqdax3s05x!0;6s@6&
zdmE-qJKF5Kf0~4hI!>%iuI?dnB+K0#cfR?y)$R-dXyZrMVuYXy<9X{&JxvZ>`l~#k
zf+E!tgtE^41Z&RMde+~Cx=O+A2O`dCzjv!OtGrV;9pgB*SZf3n+tFB+bfS~hDm!xr
zz+M3t8(EaEvNkEx6g*L+>&tX;!8O7N2UalshNPp1XIq`qX8x^BXfAOf(V6nG`n4AK
zj*n>)kvKVDKUgIay<AdNNxMbTpA_g-#+m_`j-Tal**-UQOpcnqtwx>U3NqK$+WxV3
zNunSTdAkr@^f&taN<l?Ld^{su+x)3K8WEe%@wIZQ_I&}3=36Bfj;$)$zZSN=idGS^
zOeH5qiR>JLabW2$MUE&ws={#Q0iMO}=T)_UUf}bW8*YKnhZO`x+0y5|tr(sNBy8`+
zskYC~)=eoScTzrBxO+~SX`I|%QIWWAch*5joo%94mDburY7*shoymTzUQXWDh+@hH
zFBKlhonbtZo5he1f;|>HmKtL7FR4Y`KuL@MKOzM&MhVbuE?QaDU22CDAkT80K5d$s
zxuKw1aOl9}?BH;AKM%`&wpC{JN`6`mtr?Abj$P)2f7!*AkD|#yx8paPqg|A@Qk*N*
zWARa1G`eQhOq@}*^evTC)OW2l?NP$2Rnf#6a&u1RCC`%!{wsd7dtbLXGsm~+z1M?s
zv*cM);NMj6h>>=er+81&10JPvv;e#(qq<f+l?&^LyYR3s7I4aktkklKJ}^#$cE|8)
zR7dEuN7WYUOATr$DXBs>c0pu#nLff}R!yA}jcbh2*pP>i(Nv5+Vz1Vh&@90HDueJR
zFe5&yBFhNKUg$LtBbmk^BrZ`@@`)4H^}L4C0+wXmse7JeC<A#^t5l)vE5?bgcC<t6
zqkC#}3p#Ju%kip#P&2H|CBzJo-!TQRN{HO9n`Mt|rR4p7>3UqQj-4~A1?RG+&0LeZ
za#r1o4=#>zu|NNsO0VcLPIT-l=+LpBTrNp>n}iEi3Hb(N?oVykZVj!&`R>e5@Q4oU
zu}v%?Nmh9)iqSBi59$Sz3-y3>Je!w&m53P!rWmAJCk^TT&a+(_K^4;)bjutdYl{|x
zx0xz*W@q9C?E^+3Z#7UlDJ^dnD3aq)aIs`=lc9~Kfe&#lwU2!CyW$>fk01GO?`IP>
zVlp&fwQhXFibv-F`Jz(U*+Y<*!e%C`a~u@Y+_-(gpFCrEi_<se38RD)p*A~ese3eT
z$oQJt4ePy~>9nbP{&Ckv59X~arn?yK1^+HL+yRL;iDY$QucL2p1hu-RK}33rPU1AJ
zP;#gI+fxf*a-5Cx+Ne2t*7%&Y)p?quRy;XvaVpQuP&*B(Xr|##_-KaHzcOI9X{B`d
zDlJXJv==B?w0fd0Jhu)|su;XrVXfh^r2j2(1ELV~mrnk+%5@x60*`aMatMQSZj*Qp
zxU+CCT78;k%x=6%6UV|%GJXFi&?$bvFuR%*MlBIwup;>p!5!JP_6+oJ(C0j&H{MBA
zG6O)l@JDe9E>cX^JqhEb)^kjT-|E4wq`vj}Ea!okX63?W%>pam1{yXzZoi)kqSQ2K
zJ~SDtC|1c1QV$p;_LfSdy`6Vj({3tGcjddRtyt67Xr>SH_I8N3VAfJx<ajMn%B#JA
zltIJg@zyKC&)oWb4jb9fU<LbH`zj(<nz<Ww(gX+utvkc;A(Uycc#V};uMLX7!I}8u
z;pbXM)<dgK*NTP$@w+Zx-=8(=o6pZ&hwyG#_goE~YXEv)PK#NZ_}dO$1vu8dD^Fb`
zUgD*#mw2<d4;e@~Zp>0g1cvjjZl?4ojB9sRbuBkNI`Q~tu>T4?4hm3;#K_)^=gC2`
zFuf;u)E5Al>-9gtT+0mbI;K~?Rh8gBl-=O_tdlv|x)Y&h1|;X`ni+k@xvdxst#O=c
zqtSu3OA0cm$L^rZZehZC6#A_ZvKFt~-aOZZyu~|*xE=Z75j>X7SidQ1*4jzOev?cW
zz<42h3(#%gR=w><44gD4wqqvM6XJC%dSYb1KLC)e&8fhTSs(~vY2j&An7z3Xm)jCs
z`*kfuZFtk@<BR;kRh!9>xjuCoLgdpTc(J~sSujDD_6<bz>1^^0Wf6@3SdE>@0*<qd
z<$j$T->UPj>t^=#tr)Gc=I1p8n=0=haAbj=Uxl|Igo0fCcc^~W`Mj(^a-5@Na_0@9
zWRrqP3zC!Bdj&+npNf3gt~mlSxcF+BO8{D}TG4HplL@x<3LObCk~4bVl^yq|dVpM-
zziMX?EII7uqsOZ2Gx3+5YKKkz<z{EC;%DZfdQ8Zj22>2%b+(p<g}|lejbDw!*02FV
zP5X>q+Sd)_b7F=gi#R<y%8miuxdgSiZb$|;CYQ6wLeA@=+!B8TE?+>Xbb05)^T_dM
zi3_`ZAOJr2AaQiCtFTo$3i8Kafad-6Z3-HaJVK<CWG{H$Hsw6^^nM3xS*5qzoG^-1
z20P>y8q$xp+R*gyE|z+D<o0gc@L=qz|2mCC@<GdObLiUCoOs37;r@1bMA4ew_TK)Y
z!rdjd2BX+sJL~$BO&1x0>PX=!q8)bF?_xK8>fnE29ZpG!pINQj^%Iy=jr;$rTfhY+
zs&a`d+ovg{r^nXf{92704AoJD!Gn<|&rETGM7h+Ux^-SIZ-O9*<lWN&>ZNV}2cMF<
zrMHD`6aklXMc=1Y%bEhcpCA_}>@p-G)2t3;x%)t*;W(jQAzN8!RUjNVE8_?;d)!Jj
ztEcpB3Rsj5`|QUuxB*2`6#(#4O*dEUY2ny~s(zl`^ZJ&#9m)zhrk)>uU_ah3=92qa
zm3Yn5;_A=0-o`r)D|(O=C9`6yK)wsO#HpiZHE$LN8$!k5w0BpPi}fyJ!ZTufnr%4c
zn2mq@kLU#HWv;G*1UUrX#K6Hm;i@LrVBc!2S#l>%Dqy>p@xZzO(ii>md8%wG@bO7@
zuFXBy5V={m!PU~*I|*{^tB68Eq}gOfKy0jiRWC2gWI;l&@~Yg%;q3I&UEMB^11J-n
z%8#49ONQ?N+47=nXWrnXQrdN1oB8WN@6$k@r$0wauL&=BZhgemE&tQ=8i>|AUWv!P
zvbzn3TWX76(pX6h>32WRWv?htvkf?uP~S28m5c=!R}Vt!V;`<>bp@3&m1yPIwH6Nf
zAPDh2cXV2=8ah4@{<HRnKyZpdAx~9-n9qJiJ=wxRSV0)54dI&+B&L81phiN8EG-aW
zS8GJBk&V>Y7g%JB_O<2M-Fi|hQMp&AM8R}j@zzJ*hD;{MiEQDQOqt-uQ3~sr^<%M3
zd)Nx7DIU`#P)-7j2y?IFT)e3J&%=tsK4aoEvDHt>=ZZQMF#xZ-cHiP?t3YfB{^oMc
zyLcXFyRmGzTEBAOHUNdC-!{vn=@4V{2L9p=QOWlBpkjGELZ8QZwsMp0Tz_;38AP_)
z>B%I)s&Y?aW)FpHX^sse5(P8pNdf|7B1C!4ScS6R9Z|#z$qP+a*~jj*-c8i3F=Mn{
z9q6(VUB7ntHC<vkwdaS6(WK!K&}#|6Nl=HvLTWVb<qiS%cEVprF;44E3g$osWSFu|
z#Pt!))Ja8OdJq_2Or%vm*tOr6jRzK8j~-rEFI`vLkr!q8(qnHE-HQSHVz|ru8C$BJ
zT1P!yg`cc{w#av1>w~l887d|EU!orA_N7Is6#&1H+(}d@i$LT!O<hBbly%6Ms8xO4
zib+IU^_q3h+2XP3ciwLN*jj~24zGRF?mmd<cn&{y^^Bn=m3Y6iV_A~#S8bs+rZ8`o
z3{cJW*U+RS+Rv5u5sc2db9#7(0Q}*p$mKcv!>cQmo+A`;?+?Lg`~hUpK1=f*ie2!&
zJ*LWLOlsy-<pu)6LhYVjZxT(~=GceYuc7r)itmtl0i*4gbX)815*iKT57v>*2YymS
zF5VULl}!tP6uD(c#f$$uTvZdX-4mRNgP8Zue@=O0Y*Mzn-citYL5LUfg5P})ljK4d
z*^MzASgQcNo@B076WTzH@+Dn>3y0>?%{WHnfj&zs_s*!nW~_CFX*b2AjZG@yfHrGP
zlEb>T2+Is4)kQ`fMJdf!Yd72<gRF-idXZmAzDkCcYoP=HuSI|E_PFcyZ_L)w@aj7}
z^Vc@9t;!>G(X6^k$txIa;MTI6g0J~?F#Kq(8I+=)OLMPPx<TNse3c8YxfWP?5=XXU
zv=HGzrVQT2`D3zH%5T_h8JA4Wbh>kEc{3Di$7_{_n%$ZMh+vjNK39@~5{!w0O%r63
z_Yk16y?g`j;}7oKNg%lZZjTD=gVR4Wx*dOj=zI>hV<_XzwfjJfP{4I>#^KrLRk{5=
zvX(9`;ht4Jycu7s(9!pIC88+Z?=&Xxft<qIa<lR57!qsr=C*<ob}Zk}w0NT19_dHi
z*Zsconj1By>>abVcxf&BAU}Z;4Z|g2n$daFmuJkLt&tJTJv%uF3UrA5<Aj4gwlDcf
zK!5gnoA)s~JdnStHn<Sl9exQ1R&(Zex`BVM89K}BDy4i^DPOj^*jdScC}FAkZ8*?$
z1!cKLtg1J)ZZmD#do$tE3!oa91R{W5qDGzBS}W8{87Pmw0o5)#M$Vbblt*BLm>72E
zJ2mVrO32vrR_`qu2Q^FDWet@WNUPE?Fe~T;b^@@n*ZORi1c-w}ah{kNCkuLeu`O)+
zG%DJY=B%%80d1(T&H1_f+I2ck00M)>E%!u-wj{x}y*hj7`tfl?q`5zPuKW2vsPJTT
z?Hm{&v)%^8G2z3<$kx5>=T<-8e>nG}0f@SpsxiYFfH+?otSXzPpAg9q8M!t9u3w~s
zu^r#m%1wr8SVXk_Z%}8&6qYj6=XOWm(*lY#e6AqP;$keno(;A8VgPP9k)S<`4)(RE
zjo2EnElIkiS^z=j&&yYDL7Q={;e0M~3>Okf%+6iB@>g(PoBwp$hV}Y##iaiumm3P%
z@+!RawfsE~5~wsM-lp=oS;|duf~>3PB<7+|^uvt-1cw&uEw^>A!ftoq8`oZ7Oo?B&
zCa~_OVD8D%T19~5Hm?2qLGe(GO4GvB!KY+T@u!X^im$V_vu=aR!FE=5>;;=WCiYvl
zCK&)+ZiCLNAk83npi);aH`a~uL{|4en0NnZ&TCn@&WUJq{`1F|&b8#g7F7#I@yV-}
zn~)Z*^O{d^+rZ-Kvs#L_yS{z&^`^Eoe>AHo>^IHUFltwF9i$`nd?BE%Bix$Rj8ctp
z!<TF+Aa*XI6Sa_WN#com0j2ATU9IJz*l)}drnZ&_eWFG?_uW$vQW1Qw?dmV<m3#~U
zymedtaOwUoD8D0!+jHOQMrJ0utY2OptCCZuA7{*|kfq(YprMjB(^ru@=6tyMNLD5-
zal5*JIQbd{H!Vpr0$0hp3U{_A<J&!-Sm{9TK^lJ|;-VYOPp{p60tX~Jw`>CgbV+RQ
zw)i6&*J}(45+3E>*hCL%eQ)?{b`un~o~i6yRKzI?1bh~OsuMlPIdOy)Ly4SBa;Km(
zsk!Gxymx^{eT619oDj9js|HGaML_eJB@&(5(<fNWbWM$Yt)#^eG%4A9xIof&=zzmp
zF$REpENcRy+t|YIayx(cBDzfCK|c3MFTw)va4J33{)+)!Nd0Dv7BhX@p)w9Ezr=jf
z&1NAj@>YNAZS$7rcUNYJXE~`VFsn{f{)PPU%R>Bo!N@n;d3)-0(&M!7DoJKwUn)lJ
zA%g`sYE<;?JLrl8OTu@sI}So4s=L(+Rtedy?`)2?SXZaFHhMoc9g+9?`tt6a7SM2y
zpn7677PVq%8-mF?oCjz=>6IKlKny~qkO>u_D5hSDgIM>ad8tu*x}}V7hsk1Fj~O4)
zt^%RPPl1oNNCK-mppQaWXbN`gN=HK=eHhBQgR@$-dgWt^wRKxnv1`QAQvZn6J>+RH
z#hZ6_XwdxX81F}%f0~0(KE|wgU9LU?S3y}2X?Y>mLW+@~$4n;tK4gVi_W^vj1&A1T
zRMwfGGU0l)Z95=Pc~;S6r!LZgLw+C=_^I|xcYY#d_ED>={w`!~>ap79dYN(-LOHW;
zAw4$LwxHTKPaISQ!~i{sz9jA-NH<)sX(^ArQ8hkO%(2Bx?}S6bE1~LuhGB9mmDaoz
z?$vRH2WFG?o~1t85;vvD<f8KmfxeUU_E@iKLWvdI1Lo8=%8Kc{=dt^l356`oda6wm
z^{!l9yA6=X#<QK3jG)0pG4O{aD`m}mYR{0Bf2%6MYty<P9f+*uE-6=8QLi;xSLj*>
z&UL$rR;E!Hj_H<7`>26l#w-C(E~=Iwy4b{ia5?zgmnHWSsH`s9%&Rq2K^9nZTAV=v
zP5=5FT+k78=l3NG?fcPz$X3R|z+s5Pz@V0t-M27YElMrfaxZRgSF>toDliRYq_3|J
z*BQ?4+1$=Tbf7_k)tl39i8j^{k;q)>nz(3N;~GhS#C_=|EidO32l9Yv?%Fia9Zh9w
z9dmNc;D|rhEXTA$BtEO(3h!JaL=p*$g@6)j1V;C4q|TWg&>~Rj@8>c(?7Ax8Xdmr-
z2lcHmSFLwXFQ?o(x?>Ksf~c0fHfuU1+zOWU?;b`8jl2Im$6{w&q|>ZNnb~4KS^wr}
zyFnNbAe^@qH#?lSR!HhyOJDzYhMfNsI;kkC(0g5G&D?1~9@)mgI8C!r=a)<tc(eO-
zGyS@qJhMB@b$D^%e8xg=3BZP|S@8`d1_eoS{yea1%6C<fX%QdSyB|#6DXyZJzb;rj
zF0Ud<*bz|K1j?20e9~cAR`$OXmF4kQki+6_$S_X!Qh~_N3l6$D6C2$fmO1rqhn&+w
z*ma%qBXif79CFt<fZsp-!U9P^#c2%3Tj-K<tUx;6<B*h#Xo6<pFNq2@rqlaCn)2zz
zF<dOo%N&kUbpu5DZhRA<z>CTrU$S$U>n0E8d%LzL^=y`G9v{CvMe}g4xSi6EW0;J2
z^tsgrCQXE?rHZ^+3F|MW2?`3jvM}t!_bw2KZ-z}4*p+;8>r7ToR!<R;61$AI+ejfA
zh6sa9g!SL=JNG+A)W>Sqyri&s8wX`5N1GxaP3B$vo#m2uF_qUT4wGLHgKdDnXwOYV
zNCAqxn?%fR`MF2lBncVY!nK-zUB`ZXrX`ju`|E7*Z7UCcmdjru&+ji2q~u#pw{(0W
zSxT=4kd1l3S|q9ZF^{lOif%iMuhWjp@ZQQlVZPse`B?@9Z2iGzByAL|`ilW>`*`Tm
zNfEB_7^D}*oVn+FjZz>Z&MF{Vq<VGwW?eNG>JsIWSOY*mSzfc_f6sU}h~0kXeHS_V
z43>x9jrZ0uk|Q+w8sIYZ*VH)Q-P;W?H1VPvgPvgVO9vTj(E709JHDc~Cd~8OE1kh=
z#Wb-v)m}vNDAM9O>mg&Fs8rVyuN|f$SQy}Wj^7wglL{9wkUw#F(qbad{<7aqi)`Kr
ztDssSY4aJhCFLZx@M2fqf3-G?M_ySq?W2C@tt6I%RQR*ow%!8o^8}UK7ug!<F8vcK
z?(yT;C{kG=1syrnHE9IB(Wehqbd17SKd%6;%MC!_)KP)Ws^gKSy~(6h$z($OdXeG1
z^Q{6%g7*&AgTnt>4AVZMiynYxMb=B`fs`*E#k*Dt_s$}0%?+;n>!hbiKk&wi(IaU<
zfZ*(BU0Q>Hn@E<sK2}u!xKbnm{!^+HJ?vv-{ONQ3FK@0B9%KEyi-Q1OCgAHjXC}pO
zWOmCjf-Ln<k=e4eqLsC?nMj4~evVu6x~DMISNu-Lc?a4*g*GBlWu?$=21faI$YmT<
zlGCkIjO49je*^u~4>Cz+SPFdr0GCKw1=YvWWMGz{<3XoLVxD7k>*GH~x1!cno1ywJ
z78>RM20^UARFEMZOUDQYfcXD>vga+m*9nuMOrAH90=5s4zs{$J&2dM>qpN?q?j6RM
zvHZu-^*)p2&Sl+-L14(`rBhBp%tFT?X5=4&nB`Syd)i{esaYj3;A8UN%M*XRJd%I9
zJc_h)_&<w_0p2Z07EW_*l!oAt@64GqKYuDc^j|sA%3O-S^opo#pw+WZ=dAF8P73zB
z#5&Jqo|>WCRN{ztV&V63lwaaxzRG-c?SkFeBKxA(8bx=N6RsBN3Nh^LtoK+kRl!!`
zqdS+DG>-)AXS*fC!nIhUCA;Io>7K_t(aO7d+Bh!u{*s55`);#(8LU5>H$V6&EOjHK
z{;6c>znMk;CLcKY`Q`FoY}ZCAE$`iH%MByVR*ZMjZveUAY#buw0#TFJDbwP_`LJ7U
zeovpxF<V)jGRXYR82ay@miS^u6ofdiJYK~#kz{qHRm254_;j{m`pI7ji`~ic2uhOV
zbPx4Z`xh0)KWQ<*d%r+_*^MM)&?ygOcVuXL1tIxH`qjUl2pWfZAndNx4H8Ht^}i`K
z{`EN?mDpf})r!g7fLB+JU4dJbHUnzmdom|U*F91%vQQ~~*$pHc3;QSi+W&aZuYNu(
z=F)SmQ`w#AZ2i+QH9y0Q>C>N%=^ZpdgHx_QS3wjV)}bf^<e${px@>;&FePDwC3%Yv
z|HG*+eKy^aE|!)yg0fw%HYz*1fM6j)TJ}Hg{WU2bRDZqg;}?P6k8f!Ez<5IQ^*;u8
z{Ld!gJ6Vp<B4~mFi%@^ITo2(jMWj4!t3t12<geKZc*`$)j#MDp=7{Q2#p%}gU*23N
z@kpH&F!i=tW&?dQp+M)^C}!c;?DFH^5Hq@Sk2btpYvyaj$vT|u$KSj8)%hu^w|(3|
z%B;!<%umP3{JbE)gBj4LKOInRa;@r5g2+K-K2i^2B#dn5WHgxbf?0djKU{lnLDJ+>
zz3SH;=zb?kaTpz3z}w^G@!x|1gO5`G!;d1095f^bUJIy=C<(J_{5l1+B3RF^>UqKb
z@I$&vp-l9Yn8jv2UF>(qi~ZtH=VnwenyFwqTjO*i3rk@(@{8wxcsL88nt4CF=;E`C
z`tywkq(w-Nm+C*=%8%2aOwq|k{aH%s(Air^ONHO#nmQiW%Re2Lr6Z4;8tq^zI9UCs
z8z-sq_+VxK;lTp3g>-vbhV3>$w(tX|3P~7drv76y2FOAKF(06MI@Qh6n5lmIr&GOk
z3t6^#3wht-DylL&`t&ea9v`O1e|ngdX=B;o#{Hk`^MRaNKId<9T6%0wKmDOOrNcoz
z1}93P>RIn>&NLmv$^JWggO=%d59|El9tH=YMX<_FBTt+O@Syw`wnjVo3e8{|buXZD
z8AT9<7=zF1`fazuF?K8YkL_0Eph$8qq8+;w8l00J&GgG?65hp}@z*R12f}z}r=)rR
zG+4jh-vM*b<r&a{R-tB90KFfM<VuGur-$4KGePH#{&0dca-a#xM99rbU;~LdPi$aP
z)bUnM|HG|plh<La3TC9@_lzW9X5?(_A6jx&Mz{=b?z>L5|HhMpBT!?Lo~;s#S)7L7
zj}n7<6pxrce3WEp{=1)uh(*jcmQl!l&l^qr-&jD5yL(53v|Wsz63CK_9Q@Bc=O_4a
zl!CHV-~4TIGLP3O^N-g_&=F`-KEW$61df62w_}hxK2-YuH+#ltFe{dhLPPWasbJ?#
zudy)he-RA43~zb!JXBnwtOGq_+i!G;O9$NWe`l3*^n9`vG7=t8<ifN5o8vx$gBmd=
zMAF{-uc9v*T5Dk6jUrC$`+H9Q<7oL$y@axmW7!c6Q$dj%Mjy3<<2&<7#P{kNW)D3r
z{ilWZK#BvB^oxst8c<QoWlb2yh=uwe^mKPT-qC<449L)71M5npu30d!52ce!zCw59
zH14Yh5%ydBZ($&yqYW{|Q1jL~Z9Z27z;bA+ieiDL2B>Bn-R}zFI}&5mtmXLfBU<?(
z79bs#!$8+ZOiH@?;vgj$@dt7S53BkSg$a&PEr9IlzaMK7<Jo4k3D7oKpy@9Y;OseD
zcjxhjQEIh2=QaU?QZ&*5KXqorjgAhhW`bU)p}PHkY$kvbWC3KamT46#;^H)r;O;Bb
z{@6Ea&TP|Y6gh6Tq1hVG68ONXsJtV};?Xen<tE5PAXM_c@IQ1A-k!n4ugxgi7;h^C
zojfhgr;Ab4zh+Wi_1J(bV-6##Xt_6|fb+*Eq34P~MaU&pg~DwIKO5+c-0%AGMV8HW
z5iZtipz{Iy2Phqo+k6tZ{{^I4azVX|_;jd~Jlm2=AbGp_7gkQ^PmtMM1O)mD0N>)b
z2UI?|3$8j-b+3CPvZ$J^P5Fqj7|I!l>L&I#(HZ;Eo~EJw04$XYc*4d?b+z3b5aVcv
zDDJ6Xx!h$IGc(D_c>cI)9{YtTtdm^;0)754%tZzhJn8~f-!M}T$6r##{Au?vfi*uh
zxGBg`j203Efl6Ctkzmfd1~LXlMj6nF*L|ac<@vh7Wi78uBc)Yh@qpMdT@S<Jed}S8
zdp6u{k=51`vRsM0ZLm+D3N6QX-RNQm%zlr$2cqp_hC)hQq8$}lCU-}qg_)$2or|aj
z_Z8Jl)A-1$B}@xHTwDZWkq4iau3G(rzD%dt+-SBlx_hV&xnes8`FQh2CK%O4LdoK|
z%U<NGh?1zz;FIth+#c?n#W>v&Vx)~@JbyE*#7Rtj@z``~{JmONxjyU^xF1T`E_~_t
z<1ih0%%<D&gTa!%_b>N|@4^me@?R!HHQf)d_7O;PC+M@GGk800`{&eJmh;KbGOLwK
zj=Sxr62_R84~x{iEy%DND@r%Y9mIO=Z0V)teyD)y`N8O}%-R#WPcdi_u2aX0)Nh5C
zn(VGK+b}E6IPp#S5d(VpgmecWI~8+_dnemP_^L~H&XQ*9IRhvjKAmw5!==ZaRQg!j
zt<H}En`izRWzZe(NuaHx`ZHDm+#a(v26Gdykf{q*VLisdh+!YU5Z)MX`YjxIQ&C5g
zk5UhbWu5r9kdNE7D01noDBKoHsM=RW!3j&Gg*O0(Ss)748uzkL6XuIY4k+=sVmAN>
zR)53jT<w$24;&pNA`~tDKK#k$8lmX%2-lV%QlpX5pHI)hp3`Z<wmB&bXC;Hq(?L86
zr|ZNuO#-C<afZHnVy^EGysg@=DC9`hu>kxRbW29J*6U=^?tuHIM-cXPrK3v}4oNC%
z#ZH?>Mk#NeJVA@QZI9b8g7!dJ&?*(NBsV&4H~Ku@$%uYq9~^o)P}I)ioOvsxkRtM?
z507gp2>^pg$XCzV0yds((3EtKh}qg;F5X@deC}Hy36y}L!|Pv1@nwVVC9SS#R?!Rb
zFTA)0&f#%DP3txlvkiOo@8<vuLtD8i?C{Ndt{*fQzT9G^*#(A?SMEsU>g{ZD;{kbk
z_n#WBKh|0ofeMW*rmfdM9DOa9_Zr_6cK?fvi<}d|pp{BtF}9##K(Smp6VMO?W+3^o
z;u`~(SbC3u5tNL7+y{Hjwg@^D`-)*&X^YEgk(x+D#7M29we3>TPZpK;sylDkC&XZp
z(V|06($tmutx`%eII@Y+3+<~wI!6L%oE6Q^fr?DlCq-7Fx$gM>2sK58pZk-1MooVB
z(HXY;+)#46p>MN0Ag7+2;Ha;83;l3ir2nYctN+pgEu4Cy(vm$V-fpD*pmw91tJ9Tc
zZprkMU4ja4u8i5>g*_jP+PX^W*0-2S0CL4)LR+p%MYBL`rR-iK@2y#xT9?&zqSwa>
zw#r(`?Q2JLL+%@mn&xByWUVx4M73I0bxd9mT|(EcmxhRr7BDFV64#lJ{iJl93B`z3
zuuY9weB3NoPS|%_ZSHhpE^zCYvv8dPiZ3k0yP7>0a;c91`Eok7$5#J4VcbLYk!NZ@
z&~Ar`3X3)74RWBo@Uq*DJe0K~_(|ewC8TOr`qROZ^Me()t5k}8cG2w*HyH+O%XOM@
zHbF({*5GWRSP#kT^`03Zv@n?ilv|#DQ>pnZavS&(;v4`BM=#$9HwAUJE^9ro-IT!6
z$yHLYpqwb0qszPQv_&z?r5E-b(zZI=sZ{=RV?)QzPsLnfeEJ;lDGU%J*$k7_u}OM<
z8PPMBXF%41UqsKJ^Jk2zqm$vBM1O*+e-!-zcnBx*DcQW#YOdu{9!EThf_ov{NXgm^
zja2s+Q<j}kv3<baMmdUu-bBmA*SM<2u!#uJvl*mO?^31cN1@XlZ_&7>GN?!Ka<n|p
zsDH7v^JCT|H8pEL&=-Qajjjth)&bI`OyFG7^AY5<;WUyr3p5>3L=gB0l@uVw48r2E
zwdm>wE`~49!A0Z^1rOaaJl<T{%<!@*-%@EZH!pxt_YO54u7RVH1qh&{l{1xOoRr&N
zUg-1}N%qwRV64vp^I!S^KRqp~qL--Zb)SLw`=EHAtG7w1AHl;{Yxjezi_IrX=@<L5
zQq1aiiI<I>U9DaEGC_w#ZANc?5uXXaT1zWd{`$z;$MS~9ck?I(2$2AFE)TTH9wJA9
z{a3eL8EY5MG8rt3mvDXZ@)Q5$HTD=blSm_BY2RS-;`K%kpkE`T;h=rndIf-upa72(
zKOD)YJri14Rc@!@mm58Zs-dx9MB445cw~{goja?wDWekz<Ix1Agsrv0Z4&qh2s;Eu
z>X_FV_FjbU2@aOH=vlrFaU-%koB#~J+M~98o1+!0h^#q3i^7We4AEfq{k!d;?Xv)o
z=O&hD{RD8uK6F7tzR$IWyJ(>YHA{9}>zqt1UhM_k`)qB7k;znL655rZ*EPm~m{-5!
zN{-@T9^bsfQ((lJI^|~VZyr4fabBrv<u*>HE&m8wsh)Fv5Y-1ElOl)$%A|8ZCw~q=
znu(9w^u94{otC^!>P@;a%;H_(Ua>X-uvaNDY{uz)0c!e{IwtKWb{}K?3(c<kIZ^a6
zv(dtH=G{TK_NK#_$5JO3zOX*RETAcRVw{sOnbW<@4d2(7257LMuN&W8B5sD}>+lFe
z0L1X^<Fss^57-h(UF?(UAE=0ly<<&ki;C90y(zF5)GuAV^>Pc<^Nc1wmkBVG!>O)W
zCf7En(%;ulK63zOC8+G$)Q*hH!T#jWCjmE<rw6hXI`lTdQ<F+iAH1TvPTY!JegN8F
zOI|C?td7u;4m6|93q2BS#%1X1pFAGanJSiul<2BIfPk1vVS6Pq?WQ*Q2$)MnH7xV|
z@<}&m-FQFaME4^{nA+KqU7v6Fcjrb%3{&uA+;{GL#ZV1IDm@DL2FyHZv>-%$*K}Bz
zlpvMYdhM+)0nLQ|$hncBVS_|!->$7V>uwp~Bit5mGOUY+P{i-OiGLPu#!e}b6bwXl
zOsu;VG`ZZOwj%GpXbHK41A9u&svk7sIH%F+>b|$IK&kiib9WkV=%83$p?RgVP>Q5L
z;u$ou)8cTG{U!Y*Pv^J0LisX<IFZ*CDf|<SjR(CMb6idDdarkle5pB-f<;VJ&Lut6
zO5P{PRjF$xR*OoV?XFWQFm$aM-bVKFQp_H4qTq6+>)TWEKf`mhyx$r3K4)jM+F4Mt
zOrCW99Kk196P)5^=`Qqac~kw>>zm>%=aqF*w0sc{8j*a8iw2GCv%89*rFKKTaSb%1
zW`o95ZFZui;?d<cGzV4njFRS|YIK}vYQk-zEDgc(&L{VJ)~>RTK>1pY(^kAeXO<#8
zmG3=qIxm#@VAh!Q&Y2Zpo1kn)ePXViXC?H4Jj=(4CzK+LLoV<|8-$iJ2UUp#-85^t
zOeG&@crWCkF0Wep!_8IB2>=D!dH58ISJ6ZC>OVQ^J#0Ps`!<r?vILTY9)iT!A=R|)
z>3t&lxYj@>GwVJZZIA`99I>g%4zD&*uP@+snpeK^(!nz0!`F1(RIuIb_w3?58X^eV
zdGl-+a6>~-6t|edN6U;2;4y`Zi^CfMkLgk1`tVWt)d%spXL<AFtaewz9-T$T4&*UQ
zKH#zVR4{dJaKsoU75n6QSJWeN-(JD=1L$>rH`*k8JdUqt@}90_j~keqx&^|rcawjD
zzGOxEZ+42bqjJ(b7}+-ZjMB2L(8YIwOkXT39x)YOx>he<Gw#w6*VD;PTOofRsO|Iu
ztt9UeI`k8m+WOGokoYyODi<Ux7w^<l>V|l;bal7I-UvQxAh|#<4=z1j+R8zEhd)$t
zXN>bn-)&7eugb$E=`~zT9szd36ha3HdcI3n$X?{zA_jv)&U=<Oz~4jcUem$%w^z-_
zy8jP*Zy6Qk`t}XmC<v$sNUI2vLkUQSA|l;2l$6APfJ29Zh)4<p11KN}(nH6P64Ig6
z&>g}sbmw~x`@h}$e%AY}_kP#&<@s=bb1h?VuH!n-<M<uFV9Wrz&5W?(ESD>)MNSps
zIB|lVju63b`ty^f!E4j^(?hmoS<(G)6812}eM~=!NMGw<$aALw{D^51F=*gis>4P4
zn)GRdqImY%fU8v22!&nAOV3`F>1>0l487ntVzm2ureDA56RF<M+&Y7*Q7&*PU1?m`
zN3=XWxsXWFT1Judvnqzw=chBB>`}Cwp^h`u(&yIe+3To^WxYT<D20)`6|$FaQsM+H
z-|<<94?YH|7!9oqt(enJIEpj4)NJr^Xm%ifIym4=b1@L%T;w7vXm2zLp!){yHM_<;
z4?#I#dim%v0XZuQ^gs>vxf;_L<M}H<YLAs+@eYHh&O4q9X5aS&V36)M7TR~}`+l*=
zR}4H2OVi4qt%i^6!+DIpDM&3cm^;#~n6#V~&6;KWL1Rw~%dYq+aQ@$8(i+)&NBRes
zIX#GHhun$H$&6D+Qmi)mq=510pGw6-@Q|RiXzO9pgLhLd_Enur(|UWWfav&4zyk2@
zVzNhH))R-Qb(eG(-@lb4TKkxjnFV)7yPQ*>-il<@9h<|7H6CWW*&mQ6-G0?F9v<xw
zz}e)-B2LIE7XFP>qW?qnQo*vt=!+K8VW%!J?Gv8_p;zNxPQ|H<_X@-Kg+yNcHs0p>
zcy%W&_AIpG)xvX*p`|OPBI931csH64VQIwXv<N@md<bR;UwA@cF!9+~I*Dg{xL16$
z>*|Rmhp`7G@SaMyjiNdev&9Ijo@D{TyV-DdhBM!REuzlrz!NZ)k3uE3P#Hsgs)2(p
zpz0Wkj#A(53|z@nd7}U1)010*cAs_cQyi!kgL*T`@c?}xbx@am_1=&xtEAzLPKgsw
zn2dMmULYLS6vn`n_IXB*DZ;erwDh_?cP@-<f31;@5%(%DKUlVM)|j@V!ZtiY6SB*V
zL>jscHTjJh2~;2r^}f6#p^IZC@E%xhSUY%oi@a58xLDrfkuIUX^igw0TFJBGCjb5O
zUyjf3TQUWPDWl4*^VYK0Kp*&<iB$L-Dj(ZvCu`Vbu)*Ht-2r(dV~x!7gpF5MW%vQD
znSMo-k<AY_^7A{h_&CfxA&+fa5SJ8hG45Z}!B|Ll+d-#+l-{$rg+QwfSQU4<Qy>ut
z>MS=70!QHE6Kk_}zq6=5bk8={x8Fx&x~fM>WEAAm%ZkLx=cP<I{8=@EA@vK(mB&J)
z)EC14#^FOxey<B(mN5K#IePEQDPXue8!N%gU|(((>>x#q34skkS)QjTx?7aPql5CE
zI9gVT^ZDYE^MIVSafoP{p5W@OFUE48*cIa4ku5ayzWDkf2~QA{inEE=f}STb(`mmm
zfN72^e+e5#jWQA1I$m^$x=LiC+Bm#-X*Qaj^dKf)K%Ar*`sw;#l_C<4Kcc)5>%$8c
zt+Q$3ustW-$-G3*&7lpTB~1bz5$fkmaP7d?Ikt^Qij#rVI3AW=8Ukv)UK8Ly!3SG-
zjr-ydxI?Q)OBBA@9J>}v9K=Bnq{v&h1IS9cMKi(7k(f8<ugO)HXYxqh@cODpZ~8B5
z(1;60ABnj`QQ~_uWV8acGW2qc;Ghap(4E}})zWY8A94L`E0fL@k1eaYyGKpz$_K7L
z4{W}_e$!ZZu9A5Z>ylb0yos(uu&R@f2r_=Y_ElQwMMY?qx4%@9_XVv~mF~K78r(XV
zyCTx9hOwv$Lw?v$FYTk6&||t<lt=}g8=XrBsav#mjm2M$-240nAeGKB^uX~Ow-7$(
z3}zCV_&_H$^)AEy6G6Y!yC1d|_+GCgfME6M&r<uu_8#l0w}I|-B|~%5OrrYt8e&Uk
zCc)+gbZ{4QPRg1*49zDU{<ZdgGj&HLVdIMczbZ=_y0X8m<(Kr}w+64j|HPZh)5}oB
zVRpR8iqG`uEM*Q}onol&YEujv%G431`qsHRBK@FSR*~~11rOnG#`1Gsfl$)3{D2?l
zq}RV%ALmO6&2v7|6M<~wiZxCT7n1N2F{wo+3DhT%9r3E@^-ETEtg^wh8Pxo?W{BWC
z;Y~u7U=zg`IyH6f*J_ok4M!^1KTbOj6<S1Pf^2~1jNbn0MlJUg$WM_ygr&15mz~K>
zX-@~DP1$Q`eSV0Ni5UUQ`*wmCGs!!pgz$6!BKcv!jkxhrJ(SzYA~64(L4jGIudljq
zRwek$q0Q{t2V_*0C7?L)iu44+aC+!rT_2aU22Qk4T)*f=2C8g|Ffsr(Ng8%JFT8PR
z7N6?v5NQw5+h_uo=JD-b6%bzYD4UH@vNDVH8P;z#4dMuW2CvPJ4r?_pC-tp?e(K?8
z3j9>+QB0J3fCVZjwF+Q}tlQMLoYlkIF9GU+{qYWq`uhY>FoW{m&5>CKU`e5NEPZqt
zIt&6#xpQiw%eJ?ZgN8DDl-TucXc=(tElDeumz-zdBm5H08ix4WE7x5y*?{m7OJJAC
z3bZ1Qa9JLDu=kl=4Ygn5<|<~B8iHq&H}-j147rZ=f}FNoX`#g;7?p4E-qQM|)9P@J
z{jam;=f7r6d8i=`(d-bsm<`RLk_3HE`_H_Ya*Dp5P3~l9r7PR~(O^N2tNy`0qs}rM
zIq!UUa!_;9gM}c`g(c*zE@MK2*^Du0!yG!w1AGc60o|)`A=<}ls!ttWU%*{a<JxnG
zS0Eg=%bF}G1)1LuaqQnC_IlNoc`*Aem>~V6_QMq1d>l9%B-ZMi6S)i|wshZz;HWi6
zZnU}Q1c~baU$&);hKNPbi1*sK8hr@`al<%)%69Sv5VN@@9BvNj`iRV`+?yIUZ|OT;
z+CXpnu^}eo$Xjo-NGIt~5>-DOMsJ>VuJPp`21+sW4`%v-@>B*hA0Ifvj(TOPJ<eH4
z3!TSI0wQ)->p9#40E4u9z8&3%cd{$zPG`J#Z^9nmNEHx|2DY=E&WNHT;A^npy=Cmg
z@wDc{W&dRviFL+!C{7r)FXMgL-wb(3B!<kRfP>jsA&$>N0kfqyH#LGs;|w<Z&dm1Z
zx<%DW>TKK(bY{H@>mn;r*xP2Zi`n0<e>7AUBt2+jdqV)WdYNx-L)|cUA6Z>}Z63g2
zp78d6BHKZu@I&hMqMJ&MhVkDE${b-h{J{~CT`u}vfzjK_KN#leHaLv;gfaAmN&nuc
zS)}4UH~+1*)f0f58;_iSw3Y`h7IWPyv;w!%XV*`enpx3+d>`vT72hgqI&Ym5+<1>k
z`q~fKJ3r2LZ!k)rA_MjHlRSrEkvBQeV9+#JpW26>)yfAsrMzi}Ggy9}PwcRRn8czZ
zXr!{++<os`dmE_$@Pv_|xAUD>%wYLd3(TL`vcrVca=%{nuX{oROTq3M=5SPt!9vEs
z)*utW7u`jXCsr~xT?yJOI;`?9qXdmSTh0$dab4nxHWKO5d)vb+Dk4jHeyy9gu33r%
zB-0amyakyP8EzX10@z|fFy7<6cyrB%1#A?ZDcu|$B22v(?~aSzSuh?hhuahflpN>e
z7!1~lyrEm#nyOmg6t+v7hWmstNJ!PT(%5;`cClZj<JI6Fx8ZUU{@*;~eD89cZyCq-
zP)(lFyFRva{nPO|m|2-swhD{`<}lpSZOg{c{Poov5igK++!*(zyGV={{&bfRO$pJy
z=kGYclbE>f-sdwiEtb1K`@bCB*JeduTw|MB*XviIV5DV3_^HhN-5utIlHqwS17F*X
zM$GTRvMKi_{7BPFiwZhOp8v4YzcE$Wc47Ku6$EBl1;GKJ5!ETWaaE+E=!nO(@i#o!
zg{SF1_xKlvzurp1+3WSP>A(n|#vcQQSpPOp0*O6$#deC;2IV0<R1e~<OXU`;59TuE
zBK!45pX~!Xn7-&_bBF;DS|uAZG1V&5o6K|}QHlFE_ts&lqxi7u%#@<X299e?7FE6C
zUhY|VgtWqK{8??BH3(G_*r@{-9}H+y_h*rrkD5rV<SJS}aaG5wqP8tT_!-0Fq^sIX
zfZQD_XYuPUEMqjwlC9<8uuy+$qh1kEk|Zp9Q2gf4lJ9+gov|bCYi{NG2VGKrrsg<0
zN;lq~0-uU8GH1Q*V=(39M8%v4^pEepJUa;zTQz`CtHknTI?cd!)M%=8A8dZQDT?UY
z1Efks3%F3uYa-xbV~IwCyk}&E(L-S68gzJ#utglYgAIY#gpyKs3S-*~o(dg<m<nBh
zr>)JkgEYoofSX!vpRN=5C9da)?(^sJzP~!a{0rhg38v;uzM{0K+ow1C|MKi>in_`g
zJ){;tWB$z$(@;96+Ua-c&TUApWmNkEiq@$fz;wEO)9r7TRrd5LsbZUDBk{q4bMbVj
zNG5pBhQ(G+NoF5Qst%Stf|EI)`8%$RdG&$`$6`I!9ixF0|8|d4`SAOGz2L}8KV4<=
z8s*D*{b@N5%fM9LE4DKda<AJr@rv5xa5)qGB;fRJ&v`P*Ty>rCNji8AjZ2otgD&G<
z<cL?NQcy&qXBD%BdZ6pluAB!*CsNnxxptP}`c*pNd+hwfzWK?lh^j@ttZPCf-`zLc
z`P#(K?5@_6cDNVD_J1xIn+Dz^)+65^P2%r>3@|0dM?V+ucPOoSAmw<tngs@cTMu7`
z<I(k-*}uWcap>*avf;gfd{a%ZNuZ$|#wW)LAMcVW^fPWz&vuFODK|WY8T>T>Y$ZrW
z<XwHIxeliK0>|II8HEu2*mLV3ts7(0q8u!fG*WCMSVgg&&wL_F@AY`paic@G;Jfs7
ztacl+PikNDo>n?+zJklvBzajIS5&nP8=U+`y_|{rnWfF8&h>C^3tA_XZ|gr*t(m3n
z(0n1czymaP%IlnA-W^$2@18F)?8<pKoZ7LvT#?4gVHr;K(no%L9e6Ef-cN8Hfj(~{
z)*JVBeM*!2lyElBR9s?qD-++m#cp+s|C#>qr@QR!R=1zGU-h#gEMNFLis4qv!Tn78
z_HORq^gH-x{6eOd-u(Ev*XM;rt##lO77ui31;svJHCRqlz3|Pe@EQQm`mr3O0?Wlr
zMz$~)%r4#IwKx3dk{(F8P6giYjo}fD^*RUxPaet@Syv+M#)X4WU^`JY$NSa`-KmZ7
z#n~e4Zl8geoY1DOj&mEhZ(1PW59jY2<p%1?4clPv!y15gHZ;G^UlRkK4;2<FM`q(_
z=-9&a&F*FPT^7VqZ(4Jry?(Bt*t8ba7PHCmA!Q$kePx%}5-y`F#$w6TYx13N#r3@)
z7ojI~))Xf@=DCIob_AWhC(28L(43`zvfKr1`~>ABuM67_{4AQ8vYRitdsWLf{NnQV
za7h)5BFWz5-LRC&VmSK#JK_qh+@uj8k}hs7A|F|C&TA90?4*TV^a-$(m;i777U_#|
zu;J0tsha@6@PpQ3-NJr%%I^e_coCyaU^ZBRa0PYnn60<us5$JFV=?w2meP$vjYZI=
zB#oNa?EL~}EvY5^4u-{3=Xn4Tm+jZihhN*X8uf>G-CmcdL{Dfs=T4*c<f><Xfs0<s
z?7KjqvlU-MfCJE_!~1z})?;)M9zF4ZIg8l+JiYT>Wz<*#=r;CPbG46T`NtmZ2hh8x
z8@f+D+5)dkk}%c3nLz#5PtOJ^W(c0j@s|4UasX+)r%Tqi?|FTO9e)GeVNXANBV;Q3
zjbRfIMl<%EC7=yg<9L#x@<exHtOVSZ-*jTyy*Be@$(etf<PU(gNEOKfy_#7eaq{l>
z@(A^`F>}N>6^$ye%5x|F%@ATU3fhH%lzB_vo0P37c{wVL4lEzHN1T+GGQpIhBzD+b
zzlifE3Msfm*2hv0!dtC7O+ys3ivuT43nfxALBhNH$*WIC;K<Fy9?EP103gf2c~C|w
z<9rtM3b|C$QkuBTnDj6>OJzXju>^b&1e5duL08OvNO>W7JKhw~kaEYj*KM$+X($Zz
zdh+xG?)d4i-Ak3_(YD)0zutb`4K!#kGl7e*1^ZgwI~If`pda|tK7&o$&I7ov%J;zB
zgV-gPRPyncy!EG^xjAiO4r6ZfSx%j-PBbLZd8kH$%Vmjp9Gpb-_w7Pw!Tu?F(OtHS
z7bCTgJm^YiJ24UiUi;uaB%j#>O=2%Np}ujZV`IdxGoWqDCf_l)+&*Hvd((Ote}5RB
zHiQZOH(Sdre*ZK9S=Dm`{0SoTJzc4S<DT+;+32rBF5^eNcLHdiXICWUt&G>y>`(Z~
z%;_Dj;hTsChZfQ`riRhnS$4nXaE*#0s^l)eg0-Ad3Tv+W6;@0;;)JOA>l3Ug>S>`C
zIj$cELy7#0#{ZPm@X@1ie2X!c<x}B9%r`a+u7ci&I0us+MFIXcjqeryI&ty_j(-pW
z0Q9R=UP%5-KrGGLBTeOClBz)T|9<NPbeAY6RyWS(q}bahx$5Lk2^Mel55MqVB3%R%
zW13Qh5_cUj6ZFpWWNz)(#p56*4wN2&rYF>?BfR%<K}r~0Z>1Yja{aJ53~Q$L5Rg91
zbxw}YZ&G)OO!IcVmK)AOQKtYuCsL=7M9&Syc6W;u<y|?NHB!-4$$CS?Gv~Mo68`~J
zSvnXANOzSP)C%=pzs%^9^opo2&ETEq0n&LP`8WqtEF&5Jy{`fnLE8i(;vx#BJOQc_
zQb68>n_#m~+KoVJA4G1TOOjPO;ho|o)_vpUs6<s@llin*`9O3VRLs+Ht>2Q9z<)XM
zL695NG$3z%z-ng51${q!tRb*8cB{lGl@qusF7e>AtT%eHj;liDsRt;^Yalg;j;3<9
zKDX|!0rM52tyDv@!`J6Y9t8MqXT3+P7;Z93bgx<iP8iqv=2w-*CJJrh@@KddiOhAv
zm++9Vw-e6?N$_j%&@#y0pj*>l74T7`Vzd5QS23{WNXI+3Ht_39I5_o{GSGK7vPVb@
zEyZ*xyKVH<U|m;YOhYw+zlwa{C?LQTrv(&*ZK@HVAN{?j!9VGu(<gmSjsszd?9|}5
z!KAifZ?C%k-C~4GQsEKEI*G+Y8Ufps@)t}r{bz~|&er>HfT-r8pxXL&y~0@3i%Iuu
ztuNk2M8q~mr8Kh)dy)m0T|x;1pgfmaz&6Gr6|a$GRk#JVHS)Pv_PH*~^vK;$t+*2{
zT3M3k-asAbvGnV~Y(K`3Zy@aOsYmB$k3KLDm}R@d+B84={g{`bG%&k~Q7IojYp%1}
z?VAl(IGWLa|0zDK%04Y*ODbO}UHjqTYCSmzd;YtU>@-5md|v+%0OyKrMmm|Tzex{v
zGTK(nN3<vjBA5IZ`LyHEp|$5cn!|Z9oeUhul3UPe>d|V7<pGoUuro{z=SfA469o?N
zTg0k|cfWe#xa8CM3BD;-==)qKfcIOmg!>#ipz|x=Mh*C0+z4TU_4`v1Oj*x2&y`Jw
z^4Z1YldhZ{t;p4+p3p&Edy)WMFrz2(P`(`x&XdJ0bXPBf4J~5P{+^dBx9fV#{hpiQ
z&PT(zQSs$I$l)ewUh5(9_~kjrq?3K!9a;I!^2wgG@vo4oq96x4qP;p6#Kvh?3h+<R
zm3nOcYWlt1M>qJXn#YOQ+)4W6joQKCMwcK(3)ohq(h5L2Ox8leB9@99XV2kV6r`)k
zM&#~5<7h59+j+C6z`Vx<OQc6bRg$eoK9zEABzpS%YcM=1(G|MXt(LkC?BvFyiX6(m
z2Uz;HpINyIT%-FKTmeAmyc8o$XF1e-uRW$Kn$@;uhIi~yA|9So^m!LX104Ahd%iv)
zyzBDsJL|)T)0NDmB(Q)wVdw0#VZmfZ#)*9OFEH}`XH1o30$i_6huJVW&1^UU@|y~M
z&3Y@lZuF<Sk9zfWuF!d|)>``!3#foyhPr*tk#mY${r<IQ>N-T0C^)UAZs@~g{~_mL
zkWNU0Wvc-cgaoZb)mbVTVLTk8y5uLatMN{Sev67Jpq1Iax<I?gnLa=ivU5Qc0tCtJ
zn-^=2O6pizV5QA_1JM{E2X^AD4s|7=LDu22VQ1PcZ0UEE=lu57$P9T=L9ij}8%SUX
z&#2tkXiKU@1tl9iKlByQ)ntzXMk6jD6Dm0yo>$dch+0#&ZlC8Jv*}KeOQlM4E#{-Y
z|1U+!Wu@CFx1Z7x@BP=aZ{(<;)VrXeXc;yH(Z^}GKQP_RQ~tl?zZjYt9On*}3d4l;
zbLTx*J`1_yb}0+r`gPkb4LCe;+XF7KS@IC{Lo7A@?KkOH@(i9RA{IXWTbA*?{1MP&
z{LL!eD({)nQTxxwy+74quuA{?(`e7Fa=$UZEHLJ3x&>NEwz4drrF>cSbI+@Gws9gX
zI(v62fpNWs*G})nkvng0UCuLTJQF4N?|CNtyYOTDCl(XVE&x(CVN8#-8=bWq2it$P
zB9Bk0i0>2rMbsq^`u_WuU?u<}IhlIF=$M<AAcANIYeH@;>-0V7LnE&(<6^Uxh~8rG
znPvFTl=(w#{OkWJxdx_W`d1*5?HzETup@l%|H)Vd->W{XI10Gj1mUmc_P9-S3jUqy
z3#RJn14|Ml_CeT3$(aiS5JuV73;$+NJvENM1GtPY_NjrWJO_rbN~-KE5}`o+hmdp^
z{HElSx61!$AKrYBJF}dlUt*h)sXeX)s~)si%mq}*Hsnb<1(#tmz0YC(2i6CvZ0_f5
zkupX<IBx%Ie{|-`W1yvQQ&DB<f&hI)f96+sOXEUuvcKbuX8Yei))&`PxIg*7$q)V?
zt<Qh?g2Vsyy8I<x`X8;&zrK<`U(a9P&Hre9{yn(=`SpMFivL$>eG1<3LJb86O_kLv
z*`Sa94`h#Q6s?7pQR$5#pBAUAkQnU3$)^XfYGG8}A34hHH+Yqu<P(<vrnKrOLRwd!
zMG)}bbR-6|zbXKQmF7QsuievKM8tpdIMV<Gx?dEnA=H9B<z_i*jXrn<P~ShokT5)Q
za_7IR+A&GWrh{hbrt)b_GlP9SOC(;4*7uKO=Hcm48~5M;*^s&{f_<$sTQ7hXgXteF
zhSn*e*z#X@@1Ga#-@jmie?Lo*-Ug`{`LgS{fXtjH*S;oy0Z+XKny12N7U|Y~C4O!N
zti%R}vML!0zW=#|`pHlKdHd6UUW*nVprawn;1!Gq*?Ivj^$WhM`M^labm#95<$e5_
zrgQm>ov~-p^9^-=ps>kbOPVhyvK20oe_3Re_Pv0rEJzgIo$w2}04Vw4cpFqQ#5dOh
zC2M*F;p~*vBaSQoIacpI!7m|hmQ`*5r`bTj^o?!tUYjEQ3paHcg==s5oRo&Wk1F;8
zL2##RMYyMd#5ICaVA}o!^W%i7h+QjNg-*m-r47ktgi+N_U&jMnnNoi7M6H{EH<#(L
z5+4a4wMvUe2>>c+_Ov0vn9qsV*7h(_l~R@u;IUd~<&+4_Yv&#(#tAunn=jrD1ZxI0
z<kvStfTPlv=yRA+t+ySeSN1XqpS`)%*1f$mXvt6vzUOarZClfz2hqku*eLa=bsf-x
z@~2UQEBjc(Y0eB|mCDgeowNr{Z!eY|42lBZT1)RzdGpckw6Y3loPR|N_w|8}^;`5p
z{uyzLLqOt)$ha`~4F7e~uDGIpu!SA7q8yO{ODIpO#0$JvYztbLt=Hot`=T|oz&1uJ
zgI)|mdT6`p-qqS}V{l+Fw(+G-8*11it^58T$@H}td{JL7s@#w`SaRwG-iP)DH7nI<
zYtVaI)PP`)MZku=kzY_U-4vz`T-%NN*WgEzv?I()m5P9&%I?4Yjs~R-@G#Fs7pMq`
z14n0qgjYA+^7Yng2XpnC3w5|YFmY?<ae#?7NO)(&sT*Z8koS>V$kA*lUs~dsynG*U
zi79}9RN?Z)p<?~T^B172H77^Pz&}4w7c)c<Cuom?ROW@$rKno$f=&`7I&8cefB9)2
zn3eG=vwKLhU{l}|ApSxd&=OwIWsFpmjta<)Gw^qq9e}ljCYmVnj#wfQmE`l?mSg@)
z=`smsYNl`QHtFTLVsGr!lZYt9yDYn9YT<@-p{uF`reR{4%U~|cb`s6ABh%4NuvD#?
zmZ=5kd|G-Nr;EH>GsH~>9g;kjj0mub;(7y?V2TE>RP`ell1V8t48=SyQGCaWvA>j-
zp-8Hnm%3;a?a!<9q7?JWjq~k4!f=*T(fMVqu{{ss7erN}b;YF6L+%u^_kQ}H1Yp6A
zK7e<whF=($gAj~vzK{hBo`Y1pIPP<jqa?P4h;d{MHN!iM>wyJ?vB{JMi>X+eGj1r0
zn%_F5MfGV?CHRk}0}!4Xx%j>e5ZNyZ{TdSh3{DNb*GV_-{_O<-__@K=c8?cJmsFAt
zKP5|}v-wxiw_Ri=IS(*(!LBmGZ&Di1EvRLC)bx`tdo1M#lv}SF7cVf|Bp$Gz=wt|t
zy)Z2vbH}E#d3SyuTm-TYg`+u=E7|N_h3VsK$rD=iN9w(^(IVeO&5)JJBTrQARa@(e
zT9M!1Pcmu%YhlH2fWoT^w)o&XvpMGc^PMqpBK$A>Bj`>#Jt^O`iTLE6#eom`Y(Y-6
z2YB``FQ$^8BPY1@s6Vl+takksfO@q7t6Ntq!GUgqsL-cCEcbUt=!;)<k7K|hW2*yW
zG#`9*_7DL4-JOFJt-IZOZw^+JMYtr4r8rurfCCJb{2d_-*z>_#S<|SQxI?`TaHVrM
zq1u#cEITXXMs%(dQgi#MM&22AJ<-kJH7?(Sr5%9UXVGcuN|YG?94Qg=b_@)YvzFFG
zlw(M!XQ0ECcYeTBF#_PfPZvGS$8{+=5z~v~Y##cT86^%d+`YH%2j-v2U@wNeWDwhb
zQVdY!*u}=CAQfs;E8<{A?&H^6j^wcX^U6%CdiCb^u9lbIz-Qekwr;Vo**WYet0MJ>
zh)W#W?B>b)yfwBcqC^$a4lf()rUOU4EMkEH6?~4(kQ!Q1X~n?*-g=x5`_0^eF654A
z`s!P0-C@S8?uZ5JVe8@8e3H&z(z=%&{-Am)rz73<?8*&N-Y><Y`)WxX{93O1y6823
z^vls!ay&g4zvJ5z0w$naz%a8V!x!v#52Fq1J->fHtLu>0xd&uU!BHv@%rEei`6GGX
zzlZ;93Zcom?|DE)*$?2&8<f#c&lfqmtxf%~+H?7PGj?mlKswfd#n>yuq#mUStZ6FH
zH*Lg8sUL9n%DW_0MhMqH*bq+nsO%$sQ~_e1XFGRR?vooBRc9FU`n2>H%pWXwN6yfs
zGx!{;!dJ!=IgP4CIa_}w)!&S6lKdV)qvP)P=7OZLfp-Er_zfGMAktBLyW$%!M&H~r
zvFI>f7_J7`0>0PJGw2w3;PO=NUX1l2ijraq(E#VCZy-ghwC^96h&Mk^$uQp?W_=bj
za(dqkmAi_-tj-Ymt@!L3itRO!S%aNpzYU9#aX~3Yg~DwK7LIHJ9001e1|O}XuV7aq
zT-cc&AH9_5xR_yma<n5Tk?6C$m;CB0-CG(-V_1UM_Nex?R9MZibu2ZXv%(NhF2gCv
zkJ)))Dpro?>9*xvqGu*bbhAhRR?TVM$<GzjahxtKTi8BrJff5T(re{tryKPnEY%32
zDLDRFAALEi4`>f``f_U`ha8&ditjq4?oS1A1-C69ELU`?=U<i|w;tBimN?lgjN>&g
za9|86vc_&5g6j_Nl%<W=Kv}m$FzK#8b~{7(3#7_s0_Yse74D<Dk>K{EqiV;ni(`Lt
zA?rKM<YE><7Kj(<+Zbvm^S;?yQn#PqM9)WPDniHN4+6?F=Q`uFmb)psFAI*js!RE=
z3k=(S6;jp&hkW(A9zmv3ys-7*?iJ<^fBUM`ebV3d+Z#tzyk_Y`V3*X+1dKX;LU@Io
z9EFVzTVHl+u^2h)?)-%DFIAm;l1E*ux5K|B_O6=l>}PO`EB6*z^%UGZH+K%J>?T2(
zogF2Q{;2fxxTABJ2^Fst?u9wt!h@fjdeLrDt}~MXTTY&0cq_<74^P31_GiYucH-T)
zinX^eTTDVf7KeA975DY)XE0PB7>3YBRauDaW66{_^lgs%v<+3A=Gt4HH5GRj+{k`R
zP&Z<OG#Yy(p<b$8bG)8aJ{$e1W1|e1sP3b6jB=o8HLn~o-Sz}A{i==5VIjH4{1nZx
zt_gmsq2qN$RG1Qo43S5oY%LvpB(u-T;?Qq?2?)DVy>}-G09<sinBcK|{d!@ET*#YH
z(e<ZQpP!L3b{+0<Ey}Ii6q?!eWky*KZ$EcB%t%Y<H4UaIL}j#tA86XyO?4i`^L|5Z
z#953G=R#ZoZ~#<9VDp#(nCyeqqBi49-Z2MP&%MQcg(h0+`jfhT0Ys?GH}ofmt4E}Z
z0GsXW-w4R;5EzDXLU*J0ey;)Xj^IkA{%@BUQVD4CxTc-bG{cV#mB%FOp_CU(S@!QY
zFL#e!lX!}D5R<-H5CFqMylif6X+8Olv;SF;=mG9utHN*0>aLyT!1Au(!s{P65dV>!
z`P-aW>%_j;E%yXS4+~I4aV{3;P&iJ$sub_G3WjwC0oxbRn0y5^biB~l(FI2X+f%hP
zY2<OHmfD#Hl9+n|uq3FWJ_{DfLFP}<>fgL3`uD&t`QfzhxgB~45|d1s$CI9xoadkf
zZ#=&kYgM8UZK||ex)uw+(N~o?(LE(TE9-gAgXGP+75vgUbq0ZD+YtCI@3Lbz+V`u8
zHnOle=5_T<M8TD+&y?9h1As{d2S{rQbbF?J8?;n{kl@*ooYGKj(AGsIUMzhXcv(iz
z;^FG|^O}MNmsq|!`2*Hx6N|y501sbt5H+GHh=Nn?U`{0)gdR!bReT+vc3$bdVi7;O
zq%c?CjbWc)3@Ypr7lBjT5SGF`KBnEJ?f<UQeEVuIMPuHLZ5r-D&*nP;F>OgVTZ`=8
zIUaP1+^6wh13jSzSf&<26{X)C;B`$uqCD6W{R?v1J9kpya&j37*~9Ig*TS<paRo!I
zTljFST6e|9RQZ}BF4hlT$P%_Q(B&wy;`Nmgr%pxmP2>afgC6C!j+yKGyU;s<^S;fK
zYIZ5tzxhN~8cdaM@}Q1vu>F+O<`-K*WRvK$HwA;Q*`?l{iCS%QdI5&e@5T4TS*%CP
zml$~uk|RNMNOo<gDOz05A%{;Sx3z>}+ps?1;R`<3G0BBr>8f9|lcz^!S|Xji6)1n`
z+-85oK#)vb;}7FQ!RTaOp}P#wcx%~3VDQM@hM1{4YPp}7&SPrF`=POY1JXr~JihYG
zA9ylSJ8*Bi13OecnI6+*r%i(N`A^fpIvC+_5DQmj61%odkDN-bR$bAFW7d`gaVXCW
zftC-Nrs#2nMq<h9l2qNcDypmS^R;udmD@wuo8p~sBD{eTLXmUF_ugv$(sfx{6LAFM
z9$#Y6RP6nw4VCU60?i_ZH%Fic_nVi74E>^MFpOob%iaA3`~577Il+><H72cNDRN|D
z^p!&+jLmKlhTWGL;KL>{+oJjN)LmpNH9HB5qiLmHLrVcI!%Fu)Y+Ixud&S54)_4f(
zx>MyfLAKt;hpGJp@^=+B<17~)shXZro0K@T`|W@9BQ%#lxDx*<c|-gt_c$F0ZBhw1
zIAvlFI|Pkv<bQGX&FKjhWf`&)FXQe#2H9kNP$0fk=+3J~ueTPQEt~P@WUgrpsSuid
z&V{*G>g8oVO3FL<ns-XxBwHIspc9dsRztu2Rps3c=ZWu9bM7f;XF0O{w6Ua@oqt9L
zZ@ZV4j=2XVG<y%2!AIekw46`G{@fhn*SHrVsG>P^v++b~=UZ+&OM~qE8JDmcGgW|-
z_^IWU&ab<Y8NvL!yndCd(+{&nzBJ2F)7X{0$#3v;BtQG172G^2tgiFzXhE1-3-tFI
z0Y!thjr{XmV+<8ax5~X3f+5#k{=!sUMS{;3f@M2lt%&SdUgkA+^BxtuEM#}9*cc~*
z#7e!hy+dXfF~0y2Ey8xg4iEr&-gu6}2essy&F0!~sHYh+Tz`MNgq_=yn;Q_sF2)A&
zn3ZUbFoOQ#qpo%qXd9oL4Rf5g&U(1)n0wo6BsW>*?fe_At$j?4jz53R=1$D&YixIW
zm|%oEq%2y0Dqvw8I(@fVo?&{ZX6Tu~X2`C}%p+Wei9hN9FoUEp2ScRR%jH;zrW!BV
z-8A2}3+3|qidR(RT%gPRs{K!YB^~bOYB8hIBrXh?BMsENE{NMLcF%TmC__-DXIlh+
z3w&7nB>%|)hHVzHWjLz^88K0Od&QF~%lN9F!!UkJwr@e@q`k?bf)a4r>cgbt8JT=(
zPr~R^6TF3wzE(pW*y?$Z9<;N5G^=ONU;4Iq2v|32MhliJ{rjd;uD?Id^9-F8zudmr
zKXqe#R@`sN<bVY;PqprRCHa9A^)2L-A03O)<D{@K0b?rf*W2y>E>xm?T-9Z;#Ybw$
zd6RD=+XvD~vtN=Y=DH=MoRQlWNU^7Ari7p+6im#ioqpzs_k%mxC6f|}d8tJBlX0gX
z<YK*GXt!y22oy-08>slfCaBcO@lk>JE5{a^E3$oK!Qod<sJM+^FRPP0P!nDKeq=q>
z5SVZSU2W+<yF4VAEQy-FrOYC(^jM5^kx|}BE>0S~zn$@-NJS}Wg5=NJap&~yK&5Xm
z2st9G2lA5S=#3glsT@PhQZb%l(#m$(no2SmDvf4CGcD@vL81sM+>k*8f1u+p8Cb{x
z`(=a`=cgM5m!0b>Us+Ok?2Gk;FeNkiJI;3^7y0eO_~d5P=1ixEA~`NAiyoJy5#hLP
z9@l!&L+{@e1*XtL(vCUuk3A({2li7B<p|s?Qh8<4-9)lYB!O@O9^G<^XC~!snjz6$
zfPnI>P|aC&dw|!Nfh-sU<-5l(^?R$Yq@gg@8w^0-f*qAgRG3GchaYbNzH{pxqv20>
z)TRj1vRyz?QQsL)JcgsS@0tJ$m&LxGew-{jV)_jMJ$K82CX0N+-5xMt!WMVIkfpM+
zz%?GkIsn_MCza@h9b_WpWwPnSb~9^Pv6Jm3gd~t1Lg)_NuVnw)D>l3eYVzN`9HTmE
zC}uA+%7#9GEYErl=9?uDH3Lfc`<3n*bc4*8>Nbzm0Y(9=gkgm_qvb9&?IWe(8$cM0
zhiDq?*vb^XRP^gUd;hF#+A(*qH4ZPotdOORUhjV`o@@m8A0P(r-7{3!8OKRNUW#V&
z@veN9MtcaXu{ft<Y#x1UZ`O|8An5^p>S$Y#AVR_BE0}+OuYKpU8XWA3y4NIWCB489
zV@&_xH`@mE4KfC#Yw~SGJUbYkrI$_W!5+f+J$F}o50nZmJmSL6fJ2L>o<Lp|xCMxX
zM9F(153Wi-?vuUfm5_S&^4cQ=^KKp?A#ZT4F|q4_NkHsQkoZvR4F<k#;783N>&uaM
zh)>2ac64&1xA=esT@blo%@LWIi<Q0epg}7vZCcwIQ?lG$I<)>=BGbK10fQ~I84MWb
zhVu8XT)Ip|(JpBE5eTPiD;b`SKQM2-$uIA-`<V*55t><L-l{oPlmBV}2)L8-epGN)
z!o5JIN5b>6&YJ(!`vRQ8lXm*bkEX!%c_}Y5E65~utGC>m@Za0Pv&yHn{sr6wYAzMH
z5<UuR5MA)hD~fH;#FvExiFrD%M1u_g3A^Hf&)HkKg-DPUKW-(vE^Hsv5qodX+{*6d
zR)rB%UWL_IRB2`}%on5dV<_iNiJ}HBJX+}8_h*bmhijc<fv17bX2a0cgCeaMB{cvZ
zK4=2xeZ*WH6#*<&&dMqS<a>TVQ~2arP;(?5U0^B54}DdA20KMDbaAFsFJJHJ728sH
z$`zZ-IswlMvYc^xjn?E%POR=PN7#+&o>vak3ey=y8@-f@t&q#b;--^Fwy^7Z90=Tj
z8iE$o_+3(t7n4(bNE$`-w*nZh<O3<(c9y>NdBt{{ZPvpT$6RBB2Sx0jF{;U!_KwfJ
zui**ViebeslYW*yis-tCbo_c1a`Z_aIzwm9Kvv{a9A%3Z<&eDcz6Ii1`2ENkr~xHs
zG+xF^y5tlhu0_3Unl&tp;zx_K<zqKN|Iv)DHeoKfZThCYOv-z>tB8AA5Gi2lbfu@?
zU}XdP`OpzLf39DlQPyeo=W_zr<u?}}*5O&{Vj?Z#21$*QcW*TY*9U|><qSN>^bj%m
z;|6rufm^Z$#IS=V-3ppx30XVKrP@S)z~v|3s4F0X+=c8=nZ3^pBit7)Y-6x6LNL2p
ziqDTYDcqR<>=f$uWSBv8fZiL31hYWD&*PNSw!y7#h;*q;FWbW<-mZ}MC~R9+vlF4K
zDX1ucFMRsw@^eRC-*8D*(>`{={m7Y9q(6Wm(?EaP&$g0m%G92tr|9I^oB?SX%glj6
zu$RrzX?nCV>ATSv9^CM}9TKLsei5^ioi}1|@B|^Z9F;d6;|V2<4|1n3Qt@_7AT+=8
zkNcnGi_?0XNZ&~0w<*alIDA$y0@P6LIUi^I0cV&J%!+!kk5u(o7^Si&hpRjWsVjoS
ze`>uF!|460C3I|$$!{Fx=eRTZfn)I}AfV=Oj7!)TsF>l!4MMpNAzXn^*1B;!{xoiN
zV!Vc)*Cy;J3DfYj%0rU%`|U)9*~LUVPA?~8sU{%T3Dw^2Z5U}_3_mSDAM_5i>Raq>
z|7|gv3;24bq4Rq4eC*OfbgyMtM%3>}t`U`D@?s=k^FKrc>7yKW#Jmq(3&-+>bSJ{9
z=-1TU4IXCmEepQYWKsU)T&nu)4ntYdTO0WrLUWy_y4l+ZefVN;pW!tUWv|<3Qs+~V
z&fDzOD_H1CPu`lra3;1Yg7ha4l68Ao59(pj%aQjIiBPl7pm~^@o2HwC{ygr}DiGV9
zIB!9>*X}u+(BzQ42eBhw8#X^TTHG04V{_Rf@vafF%zviSB{#6Z0)VydM}vh0&@Kkx
z`_lM~$_>ANA1eI*MS3vfw&~e>6eUY2e1%RA^-q^|9XWEv^UK4^TfSK=`G+m?J^~|2
zvCJ&_+$w<2ic)p<3+|x0qS_CWcfDq#j)K?ES|ur?0aht0@%U8>m#u!3sKK<naO|+>
z&O;QQ=D8PheHsUaldOmWUm9OI3e3c#b0TF8F6ge?k2JhAe$IoudE59s&A87FbFqtc
z{giP_=_-(~U}{Vm%L|zrrC8X-=^G5YBfM+|wnNw7T|t@4CZxqXmzV!e4pP{bI4Xi_
z=9EY6=}<xT4>lJf*ApUG6K%#+i%S*Itp__`fFKubyFKFFgtK0*+L<G--4bKxaKThx
z_jjagnz^VxVFu*C7YpR$?UKcM?jWKSwEKdAvEsfqxeO9>iRk3dDrNU{D{mGg?Bnoj
zFT*gPB*@T7fNy}}t13I<BgW^LPZ9PNbKTG5HcRA}fhTxt1TC{fi|s`BMY$XneJu4L
zZSaILV6C;s>Fq`Mej36@#m+OK)|h^=7?vMZzhvyXL`)sCrD@K|LtEcA4Y<?x%;zZ~
zp6tbTyq#|T++6M5V|jLYy~Xk395DP2#EAtt`>}GhzJQ8sHFgqg3Hr&LaUGM;4+ZVm
zHmo2s?c|Lclj!*bkkD9?6G89(TS_cYu=>l3Ji@pK3){W>_Bu|&&F&4!P(te@Pb(y3
zu{m0n8oLhqTDIOuBY#JWB$Z1=jQQ`w>dD?<y{HAMZS>()+9gBQ>~MfMQTtaZT)pB`
zR)I3Asosmlihrz(bcH+}GdZ}7JnmpZ<%L+&oSvL7<uC8NjZLz_*s<>Hs%XfhsyOEq
zDhSmdl7KqpLYBP;10R`r2e2R5YEnsK%qV)DN^ZOt7~Un_9D37?<FzZq+=Z$JjR!^O
zo4l5h6^P+1dw<NwJC9ls%~2*-K|D19yj#wkqHooc+jEyV!PKH6{@tL9RTk(gm&8In
ziTd2`P(aq0>;~qo{;D|cEBf=OXJkmy?8nZ7<(1R^v&?R7{q`qsv8f%dTdENjNjdUp
zT+vZ0#1SACC{t(sx%9;jCBE@$n?WWR$7~UBRB2P5o_zuGw-;*(7!>H*MjSfyrz%SD
zMYkb1#|cE}R>8L?`fvar;f(Q0a-@v&iQJVM2BX@0U%4?uxYi3=^=nEAM9B#R9g&(t
z84rlezp6k)6#X5knUDYY#x~31_h8L8;m7`${QWN#-K8usF{D4(u2Q3OY`()x<#7W#
zvRG%1{UUX~!z?pi`{n^2!UVZ8s$(e=&Q#bN^Ms(lI=Dyfp=?2kwQcD<+8c4|>Wltn
zjxA|%7_1|n22CD9k5M~xc=)u!mR?nEv)7wtBA2AXN?DAf5bR<O;{i^<{zd@XFk9Y<
z)zR_i?XH)-omUinO)DvQ7xWMPHtr1e5pk%|v3f6SMD3P1G0iyKv31taD#IY(l-Rvj
zJxN8Cyw!iEaS!TsA+%!C9^&xPMdQwklSSE<Xk`K9l~>4;IOT7*=j+DOn(LWRZB-Oe
z1&wnzUvW&RIV1lw)l86Yoj!e$rN`M=ryq9gsDqam@eL3Sdx>V&alak6{l*s0^8rtT
zA-46aG~=MTtM*@{#mo@lpMCY_EEM(k^KZUc(g}@XhIBppXix%KaWz59jTLMSOH8_3
z@fms{QgmNn!F>p;DF_;IhUOkYVPdV-{F&|>5fU3^paR4W7zJn#as>o_$JGx=qMG{o
z?E_ba#%yC-Js24DP7aJt1O~-V4mTFThKvj7$^Lry7x}s=2XLds_K&?IO10xv0e@NR
zpBeqTu<UJXe>;`es`ExKRCHcQ+O#pu&8`8orVoYKk24eB|IL_#ShnMs|DrNx>_^<&
z%~hj8C+wV8$Xb5HJ;Hlu*K4w5x|VJ8J)<5=rQ~wnBVv%21uq7u+Be9XzFj!RAPab~
zMD_A`;BUSnL7m4n`_^`C_AS%E52goImKdIBfnBc)D+8mpiJrTm#F)2-35V92;hw+S
z-i_m@PU|x*Lpf6%xie1mE~+e+%)gUW#BoJE!RusJz^~=2^+=gRY>Rg5I0Qz1k;Eg{
zIHwULkfn}9)EkU~Xp-)J_HnQvAs=aD)X)H0Ch@wP&rTc`#_JkG3c@}f&>XD-tn%)U
z^^tP6K`8Uj`V!5qI*kZ2)Q+A;D>aRFO#W*+iRS9I-Hz0bvJyC}>A(SWYFNK!Bz45(
z{&Rx_cGYd=)k}V1(cDS_NHWjM0#0)ZG;*p-6=Tz{Rnj|&-Z%zwIn;|Qe_j0QE8a!O
z!}@AW(`ss6v>nkgOUK1#=M7*QFi&KKwQ?k4?2(ScR{K!~GbF<RuF?8;D^!spqLBNw
z(sE;Ny=N0g#vI&rkQ8n+c4NG_D)p_B@qDPrGBBrDGUh1HPa(fq=KuG@|Le_n#J~9z
z7D`{QaS1VOiKeIMzp&9~vDb%*Xo4)`{~c1fcxbM&3&2Dh`C6q2MQaZb$YewG)~S8v
zA=Hp@5^Tk6nNRXVjl<}XSrnXlzprc-z&`<_qwDZCPQkPp*2eh1?w9%L05}XJMm>hN
z^E71w#NiiozmAA29f0l-%c8%o7jN$VK_Y6X;VzTCgxiqO#y)y%D-I;aE9*}gnMbTe
z3L@V45g5S?UrZPh*#w^eM*EwFRR93da6toBfriUQ`?EP#-_qiqjWMTgLBmMBBR%$s
zX^!GsZ9_L*F);2rvK1GTw*pVO^zuCmHpE%kA)B8bvzt9#Dj-pd$FnM%h!Fh_`PWS%
z)dnN{Jg*GEdZku-=*Q7eY_ZXAanhk0P$FjM=ooH)2JS1m&r7ZQo^i>1^caP)y7a=M
znI2yhnQ#Y<&m5Q{d$E+!A#O`|1%MKxe0#{IBdH8(IK1aSNGjs(WCb9^(X7wjpeJ8D
z3aw2UG4#UX-E}UJaOks(Xfvo@Z<Lg!gCo3+$~0g_zn)l}I~wzt|Lt%XkIvKBH%09{
zJaaR1LpmHfB|nnq<#c+r=-y%W@2p@`geC;U7N9GqWqx$npIjI`y;fppH}-MhTv5cI
zD<;F`VBOLdbd<ix$!Cx|4!W9hyzN5ygl|7HQKhyW@C<A`xKOFOwa_Cn&#PHB@Yf*|
zJaOf)HegT8WBY+neFfmo(|O6MrjPi~jo<VBxs3-sUgA#|a_Xktb2ARAptqqPG^1;z
zZq3@N0WPpbXB(Z}_srN3g}2xKFtjASPrLBU^o^SNgoRAt9p+9vIuhB8G;od;UQGY0
zxDCvaBAG|O0acRtb&-`4U=eZ?+Ipuwmai$BzXHFy<T3?ldJYKbRvp`oI!Za}rhEIz
zz^;aC#F;kNOMya~`K?TxS1v!-vsg@kn@RQ2wn!2GCW!^EvjoP~s!%XtkEA>XBK}N8
zfw2^0`mzZz7@ZgJ)YvWW?~(zVIW2wLe00eTgCvY>H9tF{_?NQXDPD781WIre;nT6o
zp1YJr0zN#l6M*Ac7(42OD2t@?VDa?y5#k3(V+vgC&#}=e08WoR(M#qGbfSQbU_mT{
z{=HfsrUDk4yb}4&o2!$9j)v|T&g9!GyxJzE<Kl81@gmyE+KV~z`ZBfkW9$n@3rnBL
zj&k%%wJZ~KOD?%Vh-N`=ZqkM;&ELh1JEm&0*de?WK!2{;0#bWAtU;Hm2CjiH-4kML
z?{JcOno^@VM<{T2d1NAV`HBN3c1HbI32G;f#YP3<Y3v^;B{Fe7mxQjB`TkM4YOo`R
zaobdJV(0gh{~UU`1<h;HJ7}n-{gGp$@D@ajN>>ptoOB=jSP;gKd!;0Tdj;Fm7Z7ll
z_IN?X_if1!f^M8e-;g<ZHSvaEv1I5G@C&qflJb0=?QSp*=6*o3Bg&~Uzxy2vwtzf?
z)qn%-Zm{89a=DeMy3Om-o#fNAvir>2-O0=c4*!4P4A8r}_-{o5(TWq_4zKgltt#5V
zB)sn$k1j~brm@(|hwfGUXKegws>A#ntl(7fJngQ99bJjD41UvJU%o{<t@N$fl^z6s
zo4++OH(rNd^Qe|d<2$EmqVOge)h<7Gvq<<YLi4v^nVm`9uhK8S4y<#DW;rxO|F}_2
zoO=5;lfjR{PZI<@_^Rc^)ng062K9wat-c1p!aDY(31>@S!<kw+N_-fI4!038jX?Vn
z<^Fk_wya!8p=X0$UbrRDplTVSUJ<5h4|WF3S|EE?hy<sA3r{}_eDd2WNIh4LNiXq(
z1#aV&d(~bC18M39FSCY$rNo8@FvME~gcP~>jiHZ}T-hNZf!zv0eF@r|8U#722<czI
zAmMFMO0wsqvi!q|u$+>iR+dqkMdYec@zgAc8~()=;NtO(*QD-(W`#4IllX>seeHEd
z*-YRD7`uVzQRpa-u-{$@B(v`!T;yyII(dEe{7vX90%C7+{99|s(f`YkyCq!LGUn}o
z$4ZsrHo8?yPq?j2t?7a=qD>y@9eab^s}0bn*~*OH0mTV!I5vz}jZ$NZ4pTzCZD<AJ
zq=XkzBCiVNws>=}<^hINHhPW+XW?l}y>MFpoEKl>r_*Q0sxZIpT+}mxNs>JV*9q^@
zCItoZi_xE6knP^Od^Uk_B45(Cfp|DqUN{Pdbq7EnwdkWKAUp5fL^&3v4c<=vCa^)x
zX@3^<#pePQky#`0hRD)i#lQ7%*{NnkHiSBd+bxV6_+=hBG;Tgvavt{t)>$!O95^Cq
zBD=Gm)Q$<yc$zYUKhI^~@i1E7IrWbym#QXJii*y)q~~)wzfc=sjjqD((3E!PW#Ecq
zqSX8J{q!$gg%8f$@h)Rid`nY6vM<_x6Z5Aj0CVV40T?-ynsS%aEKQp3sBY(|_I>KO
zgP#R(!aiW7)ZwTN2Krw%XGsO05Ht_lSf#RTkn~8*P2ZRq0eEV*SRK?7vG{%mFfy{T
zP;46%Q&A)d{x1Yo8cqQDJ`>oCiE*O&dR}^U5w_vmL!qVZ8y2*YEq9w&0E%}s2dk+3
z2BZ(x|41Khhn(&(?=Bv4;gWOCpJ-apm92+G0i()<Zi?EVkgTtO%%lbE+ms9XDVm)6
zQsg4lYWQ4?c?N-<Tq7}8_Ge?5DSOyUvHtb9`oryKF6sj9V>d~?+I7Or=cH0-IBuvf
zTi?>D7TKUu_tmR%eUW{e^&;{yFkV%nqXCQfx_yDm05GlszCnU;1Fw`Gs1e}W4=5P7
zy){9#aLT1yb{V=8&oQ<umo@pC|48&f!7GBtV_RhpviiUtyRQhp_Z((n`||l6HXYCa
zyI7v(dv5@M;hsog$hyA-=j3aNiGA`9E?4sAus@Tk&ILegOX_6MU>#5A#HEo@kRUwq
z`uu|(UUS~5oy9)B6`}<Y+nNhfjN1zq06k1?w8Et;%6upvgb+!>N(}}B?l?XN=MO(w
zeT=8u{zBSJ-k^9A=hs!9v*-HdL=|(Lf?tbIvBIQ4uVarDPtHW;*26ulw4Ci`pY;{n
zP;P+-^=W+Fa(DH*MZDeNG4S2Qv(Xgxz^G+1GHgmGe}RkWg;T+eV+UB4$x0OH!!p@X
zWp&s5fMb^VNw+*v@VRR?2??I9teKO`<_x|Q$xw<`IdRImX#KeN@+WgQwAaJ%^D<ns
zpq8yrzjXQA$&V&F6^hA6<Yi*EgX_(`0hYiImESAgKnWvU*psPn04|Q4>{<d5*D;eD
zPE}i(>5oXnAM+b+d~OsT^1DRb-8E3!vsxB<vHOP8?sbd9xo!*Sa5>g%xsI+&O;r85
zR?fcuP6t;OSc2x#`@qt-F<MF@{4b0<0Sz&1C}fUYmq7<DuB|Y2=j44KUGfR&jLNGz
zcNDIeCVQ?BC0u78xPtMZ{qaWdn(IX=$#^cE)d+VZkJ>?prnt-ndXMz|A-)U!rVVHt
z6#7Xm^-mJWn!z$(^Td#>oDk^1?->r{WOX;py2Y?M{d5r(@xEmTIU-wkwz4l-GHJ!#
zt+3G#E3hY4w->1RasU=W<R>v?-<=5bFC4h}i_?vfi37FYgEi>-6KMeSJV=s0{5_EW
zRe16(nL5uA%X`o{Kyg+xqGSZqh3vVNyyP`ML$MxOI?E_8##ZyvAnxfHY1{SqFn9U~
zMuyvH4x(B9`&LP|>Qmx>mO}rmOrsc~9<b7QL(+S)ug~cq3;=)WJ&C-jPPXesmPo*W
ziG@>heFSK1Zm)yF3m3pU!q21`ravml-hRq9m_|0$m5!+$5o{_Ogu-EK1wmZa8y728
z>V$>VrC1zR`B(BxFx2w8LKgN;teG#X0ZdYk3M=O780s?5@ecx*LRag9?{C_-3C+Kg
zYi~9?>axkz)sgmF=tK^%-wt6_XSUS6XKv_ISZ%~}HZUC9Hqnk<)9?3dgF`U+AXqpP
z00JEF)?;cR_|GBTjHni{-pJCTkbu!~4(DiQl`MjIz@aAASW3X=)wam7V~Gl4di+ZZ
zv^%^e#)S<5=VOYVeAmP1Xq~x(@rv7Yx?_u0rN;w2ko8dB3pgW#DBJK+=hVb3ju_+m
z4H^oL*xJ-iUQnMk2KcR|q)-5lvS!ucQ`BlOy<kW?kDVhO(M&6Qdw%<T()gPG03LNT
zSaH%`E|C_Yv{(39$9Gx$ciUA}QElFy%>(`QZ6~ptQ#txZ6Z74KJ|S&l5PuqhS206{
zZccl#P9BMd%$M87W(Xl`^<$Rd^~GTk1sA*$<SO&@Gx#d`5(^uPMa3H$2x0*n_$T&9
zf>nh0bUR<4e-77!gV<@q)1{=;*xFK=Nf~-uxp_RbYH*!^vovc70yEebWKrr8udtQ7
zRl)I6aU5mf;lzR|8>|*ks2W_WUkYFq5r;5v8-LlmO}Fx;bi^^p`~K6D-$u(!%|*YD
zb~JOx%-e1a^1f>s4rS2vDD1gf9yTkJ*Z%&3XER2I#=wmFNwb^nj~>eHNmU$J!+l5P
zUi;ypb!%BI5#q&2_?tI$?PBwEGC2Rm3R;9eTO?gYVr<Tl{}&FL?<oh(*kNW|QvdO*
zrGb_*u6J;jbNw2PLqA?hc}@Dm+Ib`(lt~Zk^^A2~EI+|Y1hgob*W)CV#rNJCG6;An
zKKu;WzJaP`a>pvJo4-{{LUZYAbawn+ega^8-In*G|A)5sj;Ff+8^=RNMcPJ2<0?dU
zM%F18D(lG3&Q6i-m}yW64SOCbLL7UqC~_zydnJxNk9lyM-|KyjuB&nG`}4c+@8kZ@
z!{fYP<GEkY$zP-jHRgdjK(<X9eyOz(<bzv(j!Ob<GGrv<ocHL~ubnRf$*1~{F(4)I
zBR7k)!h2=O4z|0llR()emX3hh?2eAy#jpMD>dK%}aCgN#C+LBZ?mYJS^p(oZ8PVEl
z^V}U-31$rp3hc~`9NyXkuizcP4pj#&%HP#d=Nmp*^Dv7SGEeawjYc?0j1}e>*V6KT
zL^8jBRS)unZWc-k6z(lO6V^JAopqA$;|$||<fQ;%W*@2!r<L8@Qg8EHJ57Vn?1G%c
z2G%}ShSH;6wvki3ZDQ$#tfR*McGtO$vIj5$NA06(0(LzI{V6BiR-SCVd6g<T>zeo%
z-jGhyp6AU!;`x=If*ifwuARkAi7$=D0(aSn>$R~(G#n6YeHbb;TWWVBVmZ$6UZ!$<
z_k>o8Po$S>*g5#^KJP^d=VmCeIPJT<KjHq$5h35r%rx^AwL|6<QWe=7{KG|pw@yDU
zoOJ^EUKPL!0xzx*F>^Xx3$3|;_usoBKNcz@%8XxnW_8)F_eYlF4NX*bTSj{ISy4BO
zDcPy-GqCcOz=9sBZ)iEZVNe?02KKE_<eJ&62ptf&-4E!n(s{!Vx|>r)aSFWAmUyi9
zZp)D=taLsGBxzaK*ZRWkHI~#rcD}ASE_<=XN$I#(S0RXgMP8H~->_`)<UKjMB5u=t
z>jAek3p6NQc}Mx4Z@zaa4^fym8a4`3f07bO=I$}Din-uhdvXwtA7UKP5E}IX17TfC
z0uiTM;R2ejwG84>l20&=kr{jVB?cF-p$=-4TT^2=v<DvwKVYx-SeSQ~4ne@>a5Wdf
z*Z^^86oQWG(V@3ESS(0oS^C#ac8BPMpRbSh1Jgx=uQPQBm+(FPo5nsUaL1vSdd-Y>
z-QTHqcYK7}a)C7Qf~<^TzO#pdKgC9t3<mTnd0&D@Uj*@tV7qJ;-B&pDon1$`1BPbz
zt@Z%BI2O|(Y_j>P`GQ-yN3G22CT@UVpkm~2uU^n=^~v4coSA}aC-;pSzrzQw*WmHJ
z4!lkH!&;7sKqRV^JlG}@RFgq|ESRUB5zb2x%!>Fx{W4Lw<ZE=|67TnOW{^DmRvQP}
z2KOJ@(~(zjqx~wBUWkLIl_z|-ETWqJ=`Wwe&MzF&ZUZI$#{47di#g4uR|hW_6$#=3
zOX{65RCC9qX0%3oyg@0%l9FrUXlc`8l=3EWm1W~i?v2|B4o@A6Q<6hp2A=a>Zz)W8
z^%nG%wdgilR4c6*s+|B`7Ye`8F841V5K`iFev(!Sy0j<;GYg$?Ij6XgfI-XT&!4}J
z2r>U2NBgP%SmZ?(*{V12&q~2#|CHu_Ar{pfhsG=XGB4{Go4+AC<~EPe5lDUht$xQx
zYe^;g1nBUO;Sxk(59JxMl|Nx%6@^#eMq|UP;Ni%fphJF22{3D&PTBAr`Y{*o%rU5T
z_3nv3=GxTkN9LYp6R$e~#`<tlPA8)SMVvv|$s6gNG3R<UmuGrA>B^TfUZ;1)oVtHT
zeb*V(E3p1WQuT1O@hFy+uAmppozWdA{JUYh4ini2<(5CY`$x4AOoCFY<Nk1+9;jcz
z$b+lkZd>t_inJbpPZ+Q4!PL0c^8N#q-TR>CO4p%T1^>o1folb<0~(uY0<#$Ix3!Q8
zQn}oV|7H$?s%x&FsFpo*I$MP_bL^NPG~%JH1D;jsbH)DuX(-&MT(}|yG*9V&J)SNm
z1r7~?`(Mwh68(g6Etq-YDvZAL|1!b`uE(w0O1Pq&l5qpheX<4P%0j#K&uqPUVo>B#
z<WJ?lB>WJX2jZ(69NTHX`<WZ$S{USJwhnE`o@$I(xOLMTc2TzM@}-Xj6bC}?|F!Qx
zZW&CX#+I%d#{azEkM45EKA6>C^!NYb8xmgIIk<XjPvUdS#z=mHh%pnCV!PI=i~8!4
z%IefCuESf}s9$?IWG;gxd`i4ZcPHJxW3W3rC@8@n<6*G$4WzcFaU*>8>-?EW;(zH2
zVd;CKFP?M7D@c_e_~*Aj{eje^Oq;zIgDurOnQjQJb4>8w&Z|Zr54}&D66hHUCoTTd
z2heu$2QImCYQakW$KQMn>x^gBzz|R3&+^yP$%`q+)QtRE_o9Bj%0Ii2?ldeMW=<Oz
zP}7o&;Z>As*C%~WL3!^K^gUeVKYcG8CUx#5`V<jRBA1S}KTx?4SGx6*-FVl((EDf0
zV=X-XTB{e#VUmqXdovVu0;p?)az{pz%7dU~zHBc;#SLwZ{6E>ckp*3=AK>Ke>ttxb
z?SA7`xH1vLG;rd{qyN*%ss9(Z&7ef@VbU$-k}tVv_JD+Oo72z@ZFDEsgWNnwu=@=~
zu+*Jb`)QZyF>1kYoQR;TrU!I!TytM)R+UYlE|HjiQ0EW$x?DNd?gOXzpMTS0sT?_K
zbnRTOF#VXOaj4Z?;9VZn{~RIOEa-%!zO*52ej?K_-}KjF5`J*wKi%>$;Hih(Jk@jz
z`i9!^KYeqSHjIg0V7I)yJc3CT(VzBAXM0Z=@q5ev^nGwMoa0laPN?CbfV?|SM>IZ{
zaU=Ww=c`a)ir=#8vjhx_gefU4B6IIJr7B)4A>z_>2Q|d$VgHHK^QAEb5Sp{L(R^pm
ztJ0@DdYYXk`L(=6IQ~HI4~9AqSW|Yqm>$E<9tObu`_(o476!<FNTY2!u!%F8xuzZ9
z6o>V!KY=v7^n?6jb|0eXw>SBCh=F%fV8DwkQC1^&yKKnbZ2AE@6@<(i>u}%w&;kAT
z?jbGUQf%;;>vzh8j$ZwQ=?xQ{1FdDj-Mpqrwap1eFj$EzuNQgonYc4OrJTb!OyRk?
zgg&e!u?}uP<OP@$1qEhA9!c>V*O1m6e+Z-JX0$W`0wzQi!EV=Z7Y)QqO(vWqfukrX
z(f1^?JQcQO`>)_-L4V!`x+xm`Q1i4FY0+PQMY+@SDsqwqV(cF7Ul{usvQOos8(H>T
zO05P+>tfI}UL7;NagMmnrBla{aaW8h$Y10wOdAHIm32<I8c9rP!(a%wl1|l6s_CDD
zMNLow1;r?U&U=ykhzDi89-TxWQQ`q`kr&mu<cVVa(lM)TXax*0!$X32Q1xuy+Zeod
za39?MQ-d-2<B9vH^PnubS9|Ae1&Fs9X8?E^V5ZId=TJZYQSGwlkfyO8qCK)^NQvVG
z=1l#mMt$Q#?+@cHx+&5mkeLcn?+l}LHe7y87VMZi*!}u2Ni}zNCJM_j8WN^ja_`)6
zYSeQ3iyYO#Om;<KOHl#J<|N8-*iFa1I$CUVcpJ;V5<$utxCJ+gqlBBj-kKX6?`lMn
zwBnG|_C9yPK6@^?9VfdF=kAa2+1d+j7Q~CR*a4VVh@I$>|8)Zr;`}G}KLi=|oRX06
zIAXzqmQP5MmdU<CT3O^W!1C$f!b);XA^2h^;Gb8m9V8XdavVT>@4GV*WWn`_8qI>n
ziG*2lb8+l%KL{biU-r<xpU(OFRq~Gk0;YU!w0+J;02^E@Iphr${2BORxN&jum*6DJ
zM%^bm1NuK8qXJfurU+3bPd4Th&G6abcWo{tNby3D5<bv#fjp!R?}H~8tG^}*85SO}
z@X0`<RC3lu6a{5t1pg<mk{cG5%%4-sLk=1-QfnGF-+9-mK-@~u2yE4MDvgaqYrpNc
z6amu?$hGEP?f7QHKq6-*09;=do*A-~RXws30B6k7fwUSj1W*V2Ax`2!e<v=}9Xrt!
z7+~$xw6wqncmbPMf19KvZ4v>#D|*#Vo=|3YzqjTNwKB<2;@@2hC_jjMi~-<pR^m-C
z5#vh*;A<1c#5y8!f8Q3F1SDa-W&208AX{RR^!XUtaO$w5&%3v={uS^-=VK4`-vB|>
zGyd=PajPTF$|D5pv;>IM0P6(AP^Ol3ku3CF6if{Rup!qhx!oU_oFd5`K>#3HbGGHX
zWQntY64(ol=qdJ~J5I-c*upkv0R4r1+)JKvl>MWUq+@(C0fPdj76^nVlbG5Q;AzPm
zNlpH%`>={TSh&tJpk-}%Ul7ki|K`pe?47-D?a5(FaG3gMwS%ZjWZpr9K(z&g@nlOA
zvJhAb{YCA>CQye1+1Si{gNKNgOZ-66d((-M12zRE`~Ig%efxDDkc{_epcSO^>I@vn
zlDQ<Mb~BOh99htZck_}i4HE${u)0`Co(|-w>nyqJ?E%o_Xf-oPKsy6I(85lV)$}lH
z>U2s-YX)VKxK!{BV4ZvCbJxjf&1w~<H!)aG4~>L)HdSC0v^CS?Nebk}KES;@BaF!1
z<5-IlrI0*=dxL0q*57e51fPz6`yp&&0Absyt(^E>LP69CtJ<Zd3WyW9e$>54w{f5Y
za=lK%hWd9NAi_JvpgOFx?QA+p%Lq~dO1A!noDwGYW08wM{3_DtsgZE;88C@^hwcPf
z+PZYg6g~A15UKtGXoKBL+eXQ6RL{NZNh3U@H(>j%rM#j41N5RmB->vyry_Tno$J?N
z0snHi{{VpKY_Ma?Zn89}QUo(U6=46P7XUrCHSVJsVE=4W4~>X8=`h{n@`%#c;YviH
z(CC4S-l5g)BnkUpcaLhN6b`dqnxB#;{y&NXP|Jj)*6v?_wXNPgRgrN?(s6*q#<=Pg
z0-R96VJjpl!f^x~cj#TKDEZ@F04Lb(v3DB~b%4F%caa4&vx<NE9c;~qa5XeM3$C}V
zXkvEJaf=_!jsFeOq*LK}zOkV3lJ?hBiMRE<0xZqc0C{tAw>>6!3sMb=X~&4?6m*6N
zWVUNclH7Igoz1>E@umD8^ne}mMo+a)<KcpsWz*2I0g{%og>;sV+5>XJ1%|ZVnJyeA
zBVS@&ryx%ftR~<ZtL?XK`N-|I^BMr5eKa~`o6k=IL?{YZ;Blab=Mj+HaD)T2!yB-F
z(?M>xrz%J`xUpb4H$4Lb=9Un~HTSp%2#kWI#^t~|9d*;7s~IDxZq6)Q6ls=b2Lshc
z=a<^lJNspgI6p^=aBU9ERh)`*>#;Q(C`TZ2KqHIYoEu&BHLBwM5=QNR@mLSlJQxC<
zn;WN~B$FD@Y&P~4dm8UqsXh=$7=pS-^#8T|r%YPPfq4gDZB`0AM_vlXQHSL{bQ(BH
zfsy6VQY8tFe(2Jwn?WXqEThedgSW@POc0@)UD?MC-MTG@7841P*`V+?V56{XsAA5?
zL1M8fQiq-6UKh$|#x7lUs$Lw_N7#FeNexDe`+zk0p}fS3Y|b(vjF@wja1!O8ByfdN
z2+0<yeUi8KHaOV04TshdIREh<9C{j@CZQ{}tA`J1IL&0@P(BneUnz$$!6oyc=0F~{
z{?lb=GmulY3kpwy-mg=&Aomt@?(bo)TzV~_TC(|-n(kFd@Q%Q*)-TupkcIb7!4t68
z0<fmRnFA!Q$pQpXq-eA=473Yroew3fMWZh)M4tqyy1SIv5f&04)Kv?H9mO~V>7$uI
zrxMGmw5&K#aXrL7=b>cW1ZpD>$}S}_sug@pIB$H+^`?Zx(pTFwq2D>nzmkbLGO0XS
zNjPl7*T$8knOxKXpPZXIf!qYW<O7PzF{_gtOOJKSPizixR?1B0x2X+*M3}t<d=){X
zAK!zUxAq;iuIU|Ep~WQ$!P%)g?&U*wJso)Ae8%#&zhhfW0I)wbMxK$ER6|sl?}zjM
z^}}nXO6@6w^nSlzDIkd%SuyoF#fN9^_K1d3VC!^A9mwc%#|;;D8tme(uaUz~_|bvJ
zFn%7OyuJ45!2EjY@(iH5p*ZJehCp^ty)O4EpIT6+wXY-7=xF6~ro#gRhl+y9sKkwu
zL`LPjvAF4i&IB_Yc6gDPX|GpgZ&c~qc(&-iA7Rxm<NWCeKhOmDf&5-c(djY=ovjt7
zn)UjQKnLGNLNITY#5@S#?5<i1LVX_G8uRlNx!G4N6zAH}Jp|I6c7duZ13fShZEb5+
zfXA)bgsUwyoocGw_S93)Iu`4Z=BLKRw<VeqD(oIMhZ<M;`mD{mR~?)!cizNl%(iLk
z8lB6+=dgfyCLPKf(>!u^y`yML#1NDN;5>0%<2hEJV)}+bD;oyT@lo9a)G6hjpQAIu
zp><Dt8@q*Th#i4=6Lj-|%UU9uL{UaJ*teEVsv=f#T{qcQ`W>pWEf+^`H&?6%5Y|Hd
z7{Q=Ry_unbKRI*Xn*$G7(8=AMlh1;H6DY%`d|TFDJ3PL82fHyqND_1yD4#Dt8M0-S
zW3dsXu5~N|3@G&7WYBr$=2{mu=Z%RdE2#oj_*SaldTO>sgY3{VC5~NHi&738y3?SD
zip_U!b>KPeDLe7XDC%l~l9A{0k$yO)aMd~ARj*vwsDAir0k0!L-4}Z>JX9S_vYa0k
zC#dyfiyQ_yvcQDW`7yt(sygZmjs8u{(!Lm8ljt%g>U!JCs`Yl%5r<lf4GqcccUMZb
zK))o*=Ag>#+%aGMW6P_9>l;J&`PK{^x(ja^JgoO#2r_xoBdrnrAw+J~S&qqf)xBQ$
zGiWDY!*{##%%GO6nAN?iO$_Sey~PiXAMEHw37-ZxT@#)ed+U@ZfEMV8ZlN7UW#H$9
zeB7JC^NfV~iF8$rrvR8(*oQ;j+ne6QRr%=MNEKm&Ah0>EB*$9xiS~B}1d@2Szb6GI
z>1HxL=Hkcg2YQPZvXcr8Ds-*Z9_SLT4utC5MJotOa?G~}Rk3B2PCibd$((Mv0-nLj
z_zu2#melgCAx6}0Xyl}JD+v9#d2I9&xIqdh7eSh)yc6Ze*SKRq#%u55_s!zsA<)-_
zfiUHV*RO20GubGWe#4x1-+a{B@Ot)ntJ1ntG!KI&P+&S?T=`~qp7mI7;m!W%ma?cl
zplOSjUh!?Shs|CgjbMH(^T2B5>gd#mBBx`{QyrOzqvlAr+5oOxqW~;yO1yF**n8D&
zUE^!pc!8ncEf`LKfJI$wVh&NJFRiB^?5bn7Im<UZ#)%)N)~4uqgy!pM1^2n8R2x;m
zE>b%-U22zbmaSfrUnm1d#p&UvVX<}1E?=^dFGPPl&#HMh=;7mM`POg#-kdeXmK=)B
zz}~s3dH^)$ly{u|TsHljz03g=QtRWkgre|;MR;F~9yycj#<rQ?KY6rFi5qFii;*EI
z;1)Q9fSe)Bv4y`cV02dP9tyn+ctnW?vwlqzS~uF{@Mv$(apvjG-YUG7*az%t#+A+3
zDx4P7e^|ch(AH=7N_N@hG<EGlKtKYF4&K8@^U^X`Kc`l2wFJsWsRnt=TYBMG(20c2
zv04SD%(pjrb+%?52>fhL<4L$)P(3T{y*cc6?IxPOnGO(;LnC^SmoROzg>fEIHd()F
z=_UD;MXr1z<!Ih?w;!F5jeeQRYt918!*h+xkyPla^^B?`zKi01B7<jXT+GGh!*z|L
zt3ul@S52r^g{#l8%N2vM-?f2qn@QdVn;mbO(0jYD@B&w+AAKKT4z#Tew@n!q?FKS0
zcJYoITeExlu%C`4kKd%G-%-$_DZ4x!WZs<E{9v-FaEf=+Qou`p>+K9PedrjPb8Com
z#P6?t?)*iPm7(tldJdZ>?-s{_5#Bh^DBAG}hhw_So<EHoe@~!&rNewOS@k8wFs^+(
zd(Q0P?rg)dkbVl+MRHOCbbPw|;ZtGf%;sORe3a<q<YY6DR~mlOykicOSn|$wTIs(L
z>e`rb@GHaW8$N2jxYa+1@88Vh-26t1%Wu<`vT(Tm6no3T%OK&hVeC*JACe8UdNZh6
zHb6WRxAGrf#W!r+2x1gKG$_~5%B>}31AE3=zmm~P(;-xKna!P#R+tksY2j<bG4fKh
zI9<@3Q7U<h^(@(Pf=SW@CpRjqNegXSuRIyP*2&xy`mPuBgTcI;bE>mX7H(WFJOB@A
zQ?5rk(Az{t5*FmPlq3k7k%0aa35$N%G1hu<Il>|eogzhu-&_Q#6+Go*GII@`jf3Cw
zM^K*a8Q9QDKuLjw4L^dUi9nI0Ea!UY*7yuA?`30s<>)!oE)?RE-C}6vN&zaM*?Uw3
z^Qq$xGh-*67H}Qua=#_o7!;H<yO)$<k}D{Umg3g2nV7FqS->06tFr}(XnIH1;htlI
zoP>ok`8XO$wUc-tg54mU+Zd?bA-5Rq*Ob_9AQkTjoaYN~G0gK@UG=gts>?pwubZ&w
zdburYpkgsNC84!z7RMr~qJ?ZWI{omvnA$T_0B*05G2u>l%pIps_QL~pcNR?u%Yznv
zMv`%{l|u|D)O6dG=**pAjhat&cQ@;7HTvNMaEHbg^40(y0<DV{XENWPI<)msNtP|E
zWHe@TvB%+q=zt^Zj6{X2A^H{=XV_Sii0`hqV{FXpGmr2vWStS2J;u3x?Vn_D(<T3O
zYi<EUL!qZhhDq5MNd}PU!SU2PPSeV_<|TYr()pys`46fF#?J{pa8Ll4eqwj8U;$SL
z`YJg{e1CZIOmiIs8WXXZ<w2broA0^gSVCk*yXJveJ=VsoEB5s*8!+L(oD19#sDhzK
zdG$}7F^HuOlfyMs(bcm#Hx&<`p`O-53?Cgl<U0{rmvEW=UY$angXGf^&*k*nLl2lb
zIAW?2Z^%s^iSg0Ps?vZVfbCKX$}<vWlsu}kP2UZ4FFsh^4N@P{Egs4(ygxX!jN**t
zkm}e5;=Auo8z3uaWIl<}M}jauWkT>=TS_I!nh4aLpm}7n(bE~mXj^J*@0{#ue%u5<
z*_mt2Gk0}Wzh9L%=g$Xe^^^U;Vr28OM^CYcY@NSCgjk9KauD!m8wTm*-_l^}^fsA}
zTMqPs96IZOYtU*{z%ML=TDj)bX9GT~{g8YdR}%P0=_}Xdjsq6L7_bnYV`mR$)vJt}
z0HN|`x(!&_VT5WbMhpEshcq_bGHjmQMxOrB`oj9OlHtXu;j4Qs#CDI@;U9Z`_vBT+
zCCADxqJeK+21Z0=?FCx)Fm>92H&4`nrwbA1^5t^3NUYp*@l-ZA|C7__by=6qP6T3w
zG#R)-d$$$78K-D6oN``ZzDY#gwetB@25kyU7W65W3=-ME8Y%I>M;^~h8!pAJ60%$X
z_!>+(LlHb9!p}$OZ^qAgOKrBB1go;+fk6;0ohL@4HwRQ_@zniBkbPZSHn98|E&GWQ
zt$+&!-JMo82gG$lGK?N|HwY<9@-LKBEZ`~}ZO=W`|Jr6Rhec0%+i4NN`yx_K*Yk6n
zWO(v-k>Fv!qhiwgueYo;iI}kNm04<O0iwIcroXfxeC(Po>!8K!XYw;<l<0yJe_D6z
z^2lBa3~<^9GGV$KG|*w4c*jbcQ$#U4zRTa2fm^AZSu3OwD2#+EH>^Ph1qNhJSv7yb
zSK+>Pb{e@GtyR+wB#KWR^xJxLd-}_3v*Ehnp(=clNvw+|plX6Nub-{XR*GtD4GQ0b
z65}IeI{4VFOb-%b96;wy!e54d_+^}DhJRDqO0q^RYdgW8(OWPMv^m3>Ii@f8Z4{vb
zL6KTgdeoZq5O_kBtHE$_^FW>Q4z2=YWwLneT0Mh<XIpGdhKY<A^_sPum)XPakB+uq
z6TF8*9D;?zf^xcYU6t3u`SLu4m3f!zuqmwY1eMrnQkeJWcV9~t$@{d9ofLSG_gPka
z?jtC(_zT%rC7+HVVjH<ZiD!e)rsx1LB!`?ovxzYYu{>o0x(5vna}wIhqvt$3%W4{p
z-P9_#9;thu@Fr|Te!aEDlNxux9!y4(o;Msw(ud&yO;~g646gTHaZY5&P*g+*>UIQ8
zcdzk{=~k^X@g^3revG>zcjj=%ThVlaNFuI&6ZaJiSn=?vJ!)*?{I#oBz<VgDdogU4
zjS0>lsz9$;&-2kPGSqm!H5-hzUkpv<MH+GhfgdfJVbI|P?Ezhdgmn`?F~Vkqf&H$*
z^$x$$sbIDnd-lPz4lgA9;VMBUz=SZ%RldvL=R@2pxq$He+-<M_5Ydf2oV>huep?5_
zkUHR5sPk%TLx&O#QmWiN=DY@CtxwcnRaC4zB)eMDjG<15qCP7Jo}Gd5U<jZzu!V3g
z9UuqUMccA!eoxg?%cd=zhi#WloIjllH+AVt1E2wIQRyJF)p!d`-pySOy$`jb4JWL3
zRvq6&qc*Q>bu;K&VG}`s<inR6$DGsg+>>C$wU*yAAE<R|z~EYNPTG5*0db!k_5wB8
zm6u`%-2NLrxJITxFtPsJ`<p|IzTc>ZK%0~dwyi}uLi#)~*?JLTh|SxjlxR%OL;v|u
z?~&T!6iI>HDD#R1wnt-E3|S>djw%oC3{z&-`BRCq?uKGmGrT5y=hlZ;1Co-GynE~@
zFaZ`~+xn#dIFbrZEDthKU_iCW{W+gGFKwwAa00V;cPnah>iHQK$C{gqK71R6v}+9*
z_|CiGJ8kaAswOdXe-k7YP1X8&56b}$%K$S-Ha~QI9~MZ@Js`32Q&GM3(Ryn(CS{;?
z`{t54@p^hW*A;v((OUphjUW*FWj$cJ`_o1Mm{xEOyh`<P)Wg6gW`ZpB2U4@e72K5=
zn3c5Y8T=b9y}U2nPuFSv<^zYqQQnr7tC>XuF{%!}3dP?a^VUGFB`{SNGXz{gsGawx
zfWBIIq;56rbklbe)M3T4dm%hPp?EFmjkW*!ZE3YRO}@6n@DNOR{fPt-!U88DLABk-
zTw;AZxdu#eXEVk=j~r>Q<7pYhMhxx|GUbR=+>5LGB2Ixh5TN~sW6(c<QUQi*%&0sR
zk$C&N9!#>=09JB5nqgZ4X9B-)<|X{90<2`KV^STodx|D{Nap+Je2Z?>e*X}Z2b)bC
zY2L`}fiIq>QIlJH$9NyA>?+I$!n)aE%XFn_NIuWhF8P$2EBn26$1|f?KwKgmBH_Ma
zQ+z0KFobJ3q>*xQZm-Zr*}#E3(2S~w8B`d~Icgf$<C`UhpYR>s46S{upI67e1<EY%
zEA!)wJwEXIo*8rl`Z}OJBXx@&qo>DfzJH1UsajzE55CFId?s%h$j(b%Fw=cK$emJd
zEaRlX48q;kT=n>!VN<raCnRot!+Q*A7-`uT2p$Yfxk!xhuxu#j`)boBU!V1~)S7<x
zLH5e|4+8h2jvG2W@^6J+Ux<Jk^mij7Q*(z=<&$X8e0O#Z%{ewDx2!40KCrb?G&Z&U
z_z3pncj#ljR{>cj*e4@kFcD^>-XSL#Qcq$PSZjIjgxfPtAn$$5zjqD6C)FX;`o&(3
zHC#WdN?O~aj{qDW3=Uqsy)_`!IZA!PC~SW!Jpmi38<^MZt1p55c(N80tVF1?Y}H+N
z#w^D<f8GULbW>Psp)t*M3xn&5;Ak6F4?ycev2x(7`LqfWJGgGBYs>?>IV8I|6guKi
zwY7{IdpC65z&qG{A+~BER$mc&*=!)BY5BTWT!=KyO4Vw`q}+L%*8_TWADH}3fzFFk
z&Ba@7a_nAe?iz*UQe_^%o+TLqcM?N)ekUdR!PD*EAkzSCX}%1ZxjkDlhS9XFTKgV^
za}EcCrbpA?j-+X^QC0Hl#6?ANQlUT#OxHI)R*PC_0nXkAKsb*mdceH)bJL(3CSra~
zNp4-^p{8O{>3ifN=pw+z0gS+XdDUeF?^o(nCM4L`M?b~Zf@VLmAnmOGMv&*viis5P
zu!?|H&|~7=dh}rkt9Tkuk^)OP4I&KZ<dn$xZH~c^y42VI&8+GU>vW{4vg|e=wcuWz
zd}zx=(()I8+n0mwkSf`@O0_86*G9PSvH<?^9js{A8B*Y`i5YyuBJy?H-23&c)$|9s
zt+^SkS<pd81a?&|HCFK<rE5P^^^<)1ng@XA^g!ahKLsgRrX`QEfCA(ESw?^l=sOBb
z0=p2yN#gZoxIq~3-o2NXf3nv9wcn#?{GDKk2HA}VofWg<wZI*D8Y#_C_?YBo6j200
zg*y6z5VGO(+MVcTxa?TmVr}<W+(EYiTWfGPH;!>q`cTw!5El$vV^bkL1^(R<TG~J1
zFgI=3;F3Yr(Y+F;1i_dBHyfZO7uvTU4*UL7@Dj?hnlY}Jd^tZLhcm6LbZyk3z*MrS
z2A?Kg`Vk0!9DJ8SK9tXXgj+aFz*y$Mz+xriNI}2j#tbEz-A$Jio?+$&DDr1ji~kXU
z|K;Q`1tcA}-}3kNq5e4^KW3kW580r7GzI4I)59d`OCtOeQonrl!%{#BPy=cp8VGWO
z3$ycU!&9|@&p<wofRg5R0QLmf{_pwp9|5gj)`105e+TJNc_@_Cg%S6Pjf$bijRK6I
zX7j}zr@;Qhr06pZh|VC80h-poQrGqw;840mu{Y+s_RtIg9}oQhWrF3|K4o{D6h3Z8
zq*}CqeZupMo$U85k(3|8I*Bp#+MtWftmqA){F}JPt(DWy6t`K)hzSI$&X?>aPpF6e
zPsk&nFnalI$Jc5UnB5P4KrR}H43Xo#<UdP<Lfn)f2=#C~2z7N29d{}R1(}El02xvQ
zvPeZYgfXtx-r=OTmDPPfkWZMc;>o2Tn9}V2x`(?yl{*&eNs~ZdN}}2x5Ph=O{p?7V
zb;fT&IXi(&md{3*)sDbtXEfT*6KSBu9M~-f87~cqEEpG(;~W^Wq`Dlp7&|8#?DZbR
z(^m?hG>Z^`7mEwviDZ7LavPFo=?+n}flRXemi&aS*YgvP>TGuY>GPqW^f}uyvylx#
z59=<i9;7oIrBtZS?`0CMXx$ji{MOd@k%QbNRQN#tn|ZrP7!!Y%=+ywH2Q@!vKn2R;
z%yU~tyUG3+86`+R>Z|?MY~T&M3#1KJaXpV9p4$HqWg5T5)ujS3HZwnYl=%;%1Y7_O
za(P8`s6jGKWZ?Vrq#L!QLn**Iy^)@BvS~^%JelLJn}DRux_{nWZQ#x2r#3-BlEyL6
z=UJ||A0J+bK7p(yM@4jC*E)Jk(zG2hje`p92+Z}Udvm0%V0O^Kuh|)`SFF9_q&oX=
zq=lqLASpXXJUA&{u6}Zc6kxN3@{nIm%#7G!L=YlMzi{jit~(3h3?f_^_3xy%<pcwi
zU3p9NT*Gni=h+!yKSad8(y|)1>s4tpH&Pm&`s_1tQGZeBgkP52um#xY^5~P~81&7N
zORkBnVV&*6-`KYS8vsE@EGA}TpX}u>Z4xv5@~J5jWXKXRsr@5;nf8j_w*2r90mpbc
zp%<7^^35JsPQY`1H1K^#%^5w)!5#AFsdxB)rR*<l*6USg`RU#K0-Wl&$V9;D^GE|(
z0#?AJ$!qOs)k4hQGTOJKD9b*@A6@BpcYKI4D3WF3Fk02?Dt6SAQjiSzV|~**)TOS8
zIT3<1VR_yo*?@2KKuA_ujRWlt?2w<_&Jg+5(kyoc*yBJ%xU0ITB@W>=&9PT<ts0ul
ztvypQ>K|AGdNpe<>kCwNTQ|Hc*SG7;ocl0}xpn?~wtNjxg&ogUK*J5mKIg%hkg)BX
z$A4%6q)ueQie^PRI(X$vbl!WB&}#YxLec5|mcMCT8kJy@tvibJXE^i)aV_$DcS~9N
zwc_3faMhj+&Dx`UM1Ves=`20)z7B11$}uPSxS7YkcHhcoRx!@?;6s+r<}4@a-UBi(
zUXJPOPumh<;-Z8!SY@&E()<kP_$(YYy!c}H1ULqI`xqcw3E(_{VKRrIAG;quo8zB|
zlw2I05sHW|KN+>zQX8tXGT<<H%B;0!XdW~+2=JOCIChmIlr0TVZ^Q02D8zb7zA?;i
z{Ugs2nMj0x$0hKB{jcw=p4)@)dT)xQz=?JWiIlLZ@IO9(n}DymOYQYwrne}tY|iK)
zXwF@7T@%~s`EKN;#$EJ-`+r!M)k}L^rew`;HImZ4#TtJ}R{%t5+mU75J#dzj0%Odw
zP&dOZCxUy#m1~MUDc7LF&v`D)lAqJ%+m;zhW-QQJ+@5~5p8!KR=Po-5;_4Y?+4g?!
zVUEOl%F%`oFLgOC7>>lf6aP(EA?tTS)K=J=0BGy`c1T0e7UJ9&_BJo6N--yqaW;1h
z-WIZ{gaqE~1GG{#>hFDH%2Qz)yflZ3Un^PbqXhyC?8}k|_>J&y#iBMrgg@|LgutiX
z+ryuV9)K8J-T~9uPNY+boY4pEA1;D_qyUoI-@f1a?XAb)rS@=@B&e!iLFv#crAd$W
zjz@&vae7H%pVWiv7J0!aYjZPZia}lW@b%k>j<@;;X~Kt{0d0g8+4r-~mTy!ZxiQhl
zzkIhLr?6+o%_`b(yNxzUjZ=SEz^4UTGB=(SoHZzP;Y%}xWM!N>LMCQL_>c<1=)d8y
zIU6;}sLi$EqcydmSqz{Kez&71M)3k>h}tWVYGqJdU})<cV}NynkC^^g1fMbUioWp5
z%{Yky*CrMI2v3SGCpcoJw7#aao<qQG4%g|4pTH^F9V1Dxe;7c}oQRVn`Df(2MZ)Y5
z<v;Rk_X82rcBR+TERo3aH8#3M$7x<L0*2q0_{ebQiy#?R>hQ*QBY_;gqS84-4d0*s
zg;EZc6lV19q<LX(&Pr_>gv5d@keXZWeetjQXS90W$jyXd{!m~b_m)VOWz=DI3O{x~
z4Fvo}t1k?yF0dkRV0$v$zITIb_i3iUuQcJ{UES>+GgVx{1R&22ybrsM$9}L;7F%|k
z5!Tq@HXAoxoHSj0b~rTSY^v^n`qxBb+hn)jwTOr=k>MXS5_2E1Baezhc~Ew*f9%h?
z8{&s9Bu8&cR`bRn!T<JGje3`SaS-!XD*kpi)FnUU<-Ej)MIhC5%4a@K0ly+B-^-l1
z)ct}d|4h{8-(sJZPud;jFy4EHNox6uV2O=-a_5CT)qAh`u?ELB|E5j-w+`8?$_{IJ
z9R;b7q$EOmVEpsFjAP<KN^9%alPm#J;f%?{-sS!9giX5Di!g*R;PyZu`p^lQaYj$9
zmFZ>W5~!0l%vkbwOe2?5IX@r2^}Bg?jS1{!K6UQvpa@Oaa4ykQf=Uij@*3{~>9}0s
zy{*!|LKL8x$|Hl*DDqZ8#QUy|SvIT4y3~uj=#<;~+he5FRrRR0ua%P=^$YWQnzK8k
zZ1A?8*lz#dw9Gg!k>?b6prp+bo%$a#^%TVSXU}EPx=liC*YnPvE2{jq$AvDxDj#gX
zYNKeUC58ktw7KQ)iB#i$#6`ndL6(R)EzpfufB2LcAZ`}D2@kzR<mOWUL^(fWi4i1K
zZnST}#f<0%Jcmk151#o>yohzDcU<Ak?(?(vqu<B@LTa#bW@P|6Q+!t9&zMZ<aUvJ{
zq@m#<n#OZ_JHz(u+Ad#$X+l>~J=$?nim0VN-D&=6>hv{%dq=F5XiR76Qq)PvDN_>z
z=_TLM?sO{FW$WfOTB>fX(cZ#ady4uU-P?so88$z&XXz>8miR|Mr9IfW{-DuoP}NP_
z)nQN5RER@US*9)PISzv)q)3+VXv0h5yQ`1%dM&s%d{;0_JQajZX{QOFT27@qT~F1K
zWx&}XQ&`DV_WJik=xX|X;~hSA*U-e+Ki7W)*cg8l)BT%YpQqbqaUw*e7v8@JcAE)m
z=4x9to`i$k-fAa9^aV`M7EpgePuZx@M}AWVcVK6TD4a2A59_S$mI<HEad6xZ&kDzG
zdxC9<#a3qbJa5WFGN6s#`_{f(4c;Sr=h#;U9R|G@<*D|mgs|Hd%mu4l^)(iFV>laX
z>V$695dRs5z%qlY6M20Kya-6PY7P%-c&|Pjyc7Q`4X-9Lk2z+Md_;@-1?Oks7vf9q
zR!*(WCqpGfO)54LHiAOeCkw>huqD1=i;OBTeA}opn{m8d@7Eg&wh%41AW((zU+VTx
zJH+>ZFkkVp>8d$d#4rad($tA{W&%~frj>QpNbuhe|IuK_UK6dPl^jxy$A72AMNi6V
z!1M(rKSik&c6eT}d^gf?rYG@t?#w5xXKona)b}o|vq0qsBOQbc)#x{>75SM4vXp3B
z#R@uZbuBMB%hQ~WUB}H<``u&TNZoSi&9`+f9;-Zei*vAnsu9{n?Fw(~Z@bu##BHzc
zVR%H6VdL<RbcV;oM@mn}o(-4AG5j0>HqgI^f9;Zhi&tH~*~>fFl^KBmrH(A%u9j{W
z=U6ED2yENlXDjvtxu=$}ixK8<Nq)%6yhJ$shaDdEn0T?moEzw=q3Ny55%FwHn#P@1
z5Zg)RqK6>%$-W>{=&v5i@No2Z4FQaUad}V^$YLJw^OG_P>)G_qorG!RIf(Bw3;6NI
z-d{rfkC0o!9a<tIr92|3Z!Y!O3Q3axpFTVe!8zWvT_Qa<V64yyZ9S!M*KjHWP5a5b
z0_n6sSy!_SdTP>fe)|DpBM+JTM^#mw=o0^$K10TLA_#|GZXqCRI9*=e4DvN4Q=NJ%
zvi<U_hhA_lZ{^zz1ru#)wAp^+M__ySvjFCn1*t_W9=Q{wT<0iz=%{V|p=#mvshYXl
z6_>vpSkM`ISUvf-K80QY{rp9slM4%4WUQ}ElZX{TOK2TUdymN7-`Y;uw39&!vnhlW
zOK!&b%dhQ-J0K09cSdP@Ra!@_b^6_qZ6oNHXC3rdb_&4Wj!0rlOk`sM<ye=u$$+@y
zS#iOI5bpzwcP4++?$GV&?|>@ZCzNQa+t_hZam6Lb!a40)WssSuo^f@B<XrsawlL%~
z=p$_q=?voi^x~I10El$o8dc<0%uj@`*wFq7U<yh+ub{)$W|r81NLU#<Q<wyssBJd}
z{-yrflCoC;spjBU5cv-r9$)d%1LaaOO!*`~|57k)zu?Tu1C^>B3lovgzNnEd{*O?C
z{;1#u7#+@it?V2|Ojeb}EZeO3Le&uN&4<r!J5RZw>e8`etfCLqshBzcu#^G3TXKn)
zCe~|WJ-VNf1PM1Ji+Ii@rRw6Amga59QB>tV@KV<Ru0J)#V3N&K0f9KBNZa?zd0Dxf
zY{g%WyG^QI5FJNQq4xwZJpd82a;lVadj~dlQZ0eiD@Z)~z8h^5IQcsMSL6^E^VEfi
zVvQctI&HW7QNc`N54ZJx4BKT`$^YWcf2R4`BgUsMkxmV+Kf#2M#S35Ux%}rnknWK0
zh>vJsxi>TZfHv{|sTx;;hc#=m{}7PCAp-+sPh{hPR!<i6Er#TKM2fF&BFaXA9`AL_
zSNUXU1U3ik<7U0^B(~J@fgCz+rUTnW)&40EAH|5hRdV~*c9JTIg$&Tv^&p`ATrLx;
zer!9rng=r8UQI7rOpc1MoZTSj?SrdBpF`%!TYurOso>|$Brf$Yg|?m)OQDq;Y5Ol6
z^y|P4x9#!z;bzQhQ*tIUEbJOlRC@J$&Ujxd%H<-*Q_B#Tf&BT$j4)r!Mds3D)`v$(
z!Uu*7fk@`O>O@26+R{k2&7nV+@vj7iTcQRiorpipN(!EMYC;0n;l>k(!-)&0Wy!h9
zO`V9oG8uWq(Dy6JmOo`neS)N|sGTnA=2#o=$s~4iASco(D9U-(0-StaCu~X81DB3N
zGDyLsH|>SG)Qu2w+aie`O=7Jl;?mn~hRr0tjtYFzR)=4B?)*xoN()JVAocb~>CHLd
z(Ikw8aS#QKe-_aLc8xYwZ+{{W<@vbZYz1OK1M;JSYF>1uPVig$TEH4WcZW)@k%~>}
z@`+XI1s$&kgVfiBS}4hgBRoH}1TZau8y7G7#h3V#r-~4qV+PbJb!1<NJCk+(wnK0R
zjS)QA%D07b50EU!+Y~ilu+?zwD!W2XyhBYGAo1?XIzdmw_@$E&XjL7!On4I;VkODd
znfc#<w2&&oNM<joI)j4p79I5LOisJJcj(1^qt|3GNdpzq*8xmwxY}^jpEanw?t;AU
zy6xB-kAjFV#MLHd&#1^J<YO{Q1r!(o#DpbDQ>lv?k%BvIkeIM4-Dpk2uDM*%A=QZg
zDr2kwRc|~ILdIcE213I9?vR4M6BZuAFOL|F^YSE#mJ~oL7p>3?b5|+6OLu0nl0ga;
zL`^{JQ^=;dkg5b-lp%~1t&6vNuBm9ZEReY}fJw97&wjaX$!!ss5AB$Op*cP9O#M3r
zeA}q}$F%|385AU~fY_nNVMOvkrx8WWtb4}tqOCUCm)wS;5QFBNK|&!Fgm4(|A)Rdz
zV?~s11sS@9ixc6`TK1B;A|6tM$)HwqPBM8rS;rb;&?S1<i-37sN(+%cB?1MdDuk6o
zaQpM3ZrgtH7>G%T9=Xq{x{4R2NGJH^+a(l)6{xVZmB=Nyu+HS}jU-U_wIvgoPhu+<
zBM82oQax4=ynF6DGyk%{w%$KXG*O9_Kf)Y8u6h|F#pu5ezL-UG@l>J75&ivbqIX;$
zCvnmxaQBO+Z=noO@#<4LE5CalperCNp^reZG$0`}8yjv1BoAsT^o2TUegE@B87}&o
zOYVEyi`thOWU#YN<bdCGZl5Zw1f|9qOtMvNi8!8dohn$g?MEk&S%vN^6Tq?1&mIu=
zPmp(bxxOKl^m`aPq!3(VzP#XEm}oF-<tBq|AE@DhIRb6Rg7$Gm+mOnn#)%(RoD_6a
zUQ?Mi|HJ7E@zy5@;UL&ko}4Be78@EZvrS>_5CGOKcdRWnUa}>lgMe{Hq)l>_Dv%nu
zr58F~ovK80QG^`9<Pg~yisW4b2_1qMSI$IO3`wS5g=G5W?y-iipR9$it&p+#VIUt1
z;BJ``Ew4{y$=!MMRN{7Fmn#JBueVefeLtqs(ki?lw{<l1EvXB@i3XuKK4hPDYUn7b
zkTD;+^p};=<sMwVy`?%CIPaW<9x2RJX!-8W^k?DbAm3%w5(@79FVF?#Pvv=4QBp8_
zDFqUl17Dd3&&Up|djE)*Z!;nBBA}WY(q*0jP?4V^d9V3@;8D=Z=428NYGd{9FHXeU
zJ-rCA<>SgiO|C?@uWaNhtYP{@TjdTgFR)Mbet2a8_K&yS*tj}Z&$UeV=J&@uI5vy`
zK}zo&W_kXlw3Orxpvef$JTjyU86AW^FW9S=b3#^gr;7wRX>gomoDp;0Spq;q9DdN~
z!g+q%0cWEM9o#Ncxr!<Azo=_o2O@`PWPuvv4ck|w$Rp?;3*anT5$~PpecEA^jvS8D
zA)XM$xGqb0kjg;m@*x8yB{=1@<bCx6ZsBCiL1u19cu|MZPKthEA%XV)RL28MCQr7&
znXf_3Az-_vNZS5bix4C$*r!@VnVPI)E*#!I|IZIA5E2K7;g(0xB;4GNho=|-U^cm|
zCTn6ACc@s5+N}I)4K=Yr_xqzQ5gRCGX_8!BBE>mX0I57^3OhRRnsUu$*R^wG<Q)xU
zbStu;sl2aFuoBTe9syy*e%T>?c|JNFIZQ^vL%K8P=knQH=jWv3*+4t0G%~1^pG<sD
zh4dtYPO4*&BD{m$5hq<rQps1L{xO&P=X9pV+S0@DWTeDC8_*j{)?6C~8M%u;mjwL(
zHF6a}1BXFp#YW<7V9k&cn_#(fnqjDI=SM3tr`#Ds#0s*{#b$cja1bRj3G}*-S4Ta$
z|3~NmKzG~(!b;>>qnKn+8Nw2<$b(YKTa^dyGrSl7wsAdP3c)waJ^#~gT>h>x!GAaR
zIR^E!zTeu~n(ec(B5RX*dYiEEBx9S{>S2-R)eI4j$Ks)NTx1dqKY5?t?&%O!UJW_{
z*Mh8I(FrOrpbM96**Llh!X9fleM!gea)f3Vs3fbLJ?ej9|LqV)^retxkn1-3fSCST
zb#_Ch5HY=~SLEf<@-8so-d<S=P?9B%S}z$Z4B#|!Rqy~wW~KdMwwb8Syj<J1x_OXG
zsA7l1!}YqWs~+J6ulImgsed#uaUldZN!D-Ep$jp~q5iz+C+fv$EBFUUJyc8h=QT^p
zO@nUR!?F%5?`j!knC+`(BD{<GSG!Jv`Agln^-tmhpeWKSzk8_g;5aYEn1>02Zd+aD
z(zG*}QC9Xqi4*ZxpJ!vR>T2RF`(C;4Z*Gs91?nCyliYLD#Ibud11hTZ)wyWe5^9|#
z2A(LURz#C=FSh`*@u7f#0H@oa)y9)WH31?~RD&W=VA({}xhL(DHG=6tW%*Xc)gb38
zk~(Zm<=O=p;)}&z8x7Od{#81z1Q(~mRe14CL~Km}gL=M)#hBYv!43@pR#!E@b!9ac
zc!)T>S%#2`rJrCj?mEKZIsY!(aX1gxv{zla(sx~|7jwXC#`<+*e{+WU(~Cw#CqfJG
zdTu;f_~F#AxqSrw`2-r_OdV#xa&BW=W|Tl!_Z=Gh;d%fh*RAh{{VX*jokf+Jh|uAf
z*Q?sfx!uWL6xz#?D%2mL%5;=Tyt#g1&2%^A;@BLEnhd_F{Ql9bDlzGV_<L!Q#!~fO
zt=!AZswrDx6c~wqw@o~2B&~1x=|0!7wL#R231!qwubmt(k2muxxGvH5$UgzG<DZQ>
z{+n|$OZzVxZ?z#{h?yRx+Oy*Qf@ZY+(uq&&>n`tJx}Kfi`FX)uG-l+~iPkSadI1P>
z^~+eoN~GPy`)?b0Oy{^>KATd8HQvyVp4}?A%5hI8Y?`Pbc_2MZbaF_3_?WTXE(18$
z0GyJBf4~Xsp9ZRvy>8x$0)r*Y<|>%(gUrz}%@R;)5|AysC$1c%PBP?t*UI*qsc?^y
z^FwVGGnw=ys8g4%v?|psHiufuM=~ayv(u57N8Vcu<?tO(g4lFgV1UVzaF#wV?-rOe
zVBMAPXpVcji7<MRmOS}w*FaPMt)gs?1zEGAemBOl>0IZoQdc{W0ifw|v%jaDP!O16
z?{y0g&6w<RZmy^q*b`98(Jhh#hEbPzr%zaQzjJKDI)2W5JO<i^hR%U-Vy<<Ytd@Jz
z4R-Y0u;^#ym2R%syFT_^ggaDN)u~)Lo34D@oAjNs>o)e+WKU<QcT`HquDHLOui4Zu
z&EYgCvTw*s0yB!!u1BKncqv|j*%!x}qNT)qHixG=13^w}sgt*1w2F^5ZNxynxoEuk
zq1dZlv!d%IymLkT8<KDE`cEuBj1|rKRr@=h0}1o;LnYH=r};7F!_97GW7fuc@eUwA
z648w-vuXXlIp!|f7=^$#aMhF+*yRoK2z-@X=i*cyb?-3tnu(8hsAXuL0~7G1rSV$J
zC7qwU+I!BiCcb2PF(L2R^fxMV^R3E?bzxts*4Wj8w(`x@UXaLrFrhE|IH6xdEbW}l
z>frkywJ_B#5Nk_-cc+rI1-E+rn=|)_3aM!yq<`@>jj1MzSEK-+3wlt_(1baZ;Oer$
zVD&No(re+&re(Ogsai0X`G)udN$1f3Og)OuYqp@X_?8fz&zy{VASbE>b;F=tb%QTx
z{o~2d&y=3dyc>pI%Zz!|Edl5ax5+nbeWsSFH%sS}LuAF+ZhzB*zjZ5Oep-r2iLF^*
zZr6X9)@z(a2$;&+70Bl1@sI-5b4s>tc{J9ZenB5q&<F{$;SjmwjA0%2LFOypsO0v#
z54tMNqy)^Zc3W4Kmn%y3g~dw=!A$sOdggK)`G<-zT=yU7@5mWAKowgw=;_>^lH2)1
zTHe?&3*_9tS8DU)W?pK7r?8>l3@Bf)kXqJ0Z0sqbpFF{l+!b~vXqWG7`bviRk;cbk
zeGRDz9J;lxoyP2978lx!!$NPZZZ_??F`vl>AIP<ImJpR9m{(_)zlTlF6b&5c$ntr$
z>1gSbTc!RTx4-#?Vxx@v;NgxwKL<<aGIQO+GQ{15M~77l8N=&Tv#)CVeJU>65RuY|
zR?s|;;Q!#K8zF!q%xOxi&z9p0=P#`&iGH|h?@&fKeZ&$$dS0~g5VbwImTy2r+xBF0
zbc5Io{e3GS6M^}Ze-xY&;hZ3}?j142O7#)cUuz!uYd|VdR!X>T2WDA+M_&1K;l}Jx
zm}c|GyaU5y26=ZD^NuD$sS}??!p&J6OXdd3@(8mHox?>~)eSK05mR5kW44Zu7xa25
z9S-TO5s}JO?afTSs(&vW!xhII!Pm_-7-KDF?{T8}Qb;sPD1)D0sMr&Ok$bcIRjR#L
z$yQV_n}~wB&T?LN)Xeh&DH`j?I}GUQ2cz{PBBOY`(6*`8-CgEBeG!&V>lYGaygIX$
zBGL@mpn>QCQubx9y=`ijar$-h#{=17BKPNg96oR_Z^7_!V`yg|C%U_KrU&KG&|qd3
z(ZCVOO#j%=WuM45CX4QF=g}vY%!5vgs%A6EjAI+`9V}5jcd*9;IXFTjuy4Evqs%<<
zuDaF~Yl#+xg_<U>zsH0(FuPuVa@`qy<RHE;d^O`7Z)y9LecADgdE8a4cA(<{I%MP4
zXW=Pv%e>ux7xm||(0)JQm*P-?8BKRS?mO^#?u9~7<b6;jhZ@4MTVLl+sY*b1h4*u@
zCc3Tf+ZedX(`h0#JG0fKre)Qdpcb!Op!T8amegFivsiN7UG!Y(nv(kJp!mw1W=X}&
zW~|;)1L;)^1$~GSHd4b4;JTRL(8ds-mHsS1`CLpf@xc9f3e%_~`|mh~J-qO~Y_?ct
z&nx?8v+F7SkGSIF)VYqztqp}o21;n#<iurvKXshO;QF`a*|OOtVS~;?vDj}T3-yUn
zw70J#B2Cuu-seY)<#8!K-h|sa4owfw(k^}<bF?iA$w{8_3vIJYjH2cOh{)+QUaZ}B
zkJj-KMLV#OMA;BuTX7qlDE$`&Gb`RQzRLY8J?lX?ze~_KK59nDEWFahB0V;zX(PRh
z&M23#{S|y+i+NfgLL&Z_%cC~G`cqpJ?+$iz9>^~ZOBC{|UG5xhgLiWDX5stz+U8$d
zC&n@{rM6WrN5o<m`F;20ajDB<^1Vw}qMrGDu#6nlJX?Ru66N%C`kVaTj3<utZYGJA
z-4V@IZc{<7YWexszorSDF?cT~21#&TG2YdT@METZez{}TB_W<upgPn($WLou^F5~(
zueeIzZqQ>w?*1dco40YVBS$t4TdHDKFQ?XLO>^}2+IXjY39LyPuq)ZZLi~Jm%0|no
zWDB5_E6(GpEW77hFt2L%lT~AJ#?@Q&n~C0&w%v0L-8jwzM(g-F3}H6B_o#cqbk(Eq
z-K26}e_JSpGRGJu`I+IQJR*ixkCgvw`V{gSECul-Zuc>({<aHnc!>XZ$OKL3*425`
zwg>gmzN!8cjRS{|1>Z&<+fHt4kMPi7iYQGrsgsOfvPuY*x7Al}jueME^vErbycmkf
zK%L>#(NDa>9)5B1?R%sn{c}G3TnCSD^{cwn4a2iS_hu}|Dy98`DcYT^+$IYnr$VDY
z=o049j^;XhBkE=p+-`e+#$M)1j0uunGL7)}-dLj_G0IaJj7)G<OGw(Xh$!%xIVYEX
zQjd_VLuo(LQx6+j;8knlty~D0!j5@H8tl*8KP<a|C=@a%(?c68JmuSZSFNGM`C<;+
z)TVB&DMom6CW=iw-@rt}A-U5^F`g|s_ru?E?il>;Jdi8lCw5d7A=AB>R~X_s2Xd37
z^5lGZ2>X?D{JaYnbCg3H2P0N_iV(R~dDqS2Im&Xqk{6<HaPCg_L}At&hX-bxZ@x{|
zhz5WA#AG@1SRJdE6Mm%Z9kDu7q^<sdQ*Kb)%WXY(IHJCNb799+F3*?7nRtLI#Dz){
z%k2eDN22fGwwNY-g`ffQF=ks}yd+l%{Y#>$l{4~_spUq6F6d5wpyC}eT{1?{+A1tp
zUzqNWI_1%@TFI{HZt?L*{bAICWQLF_d~Z{PL(ib=7&`)9)K#^4KKwiyqv9q*16Pw8
zer*Q5PJ)|dk7ku(bFb`&)M%C4nT40nysR|g^)O$<@6NE{uyRM91nQ%yRF&UzCBj$r
zblfU)mS(yv8*8^VIG_4CHMm!u<L|oGQ*fg|zdG~A7>xsKcfEB|LcvLSNt#mgs_*&r
zpCWQ~>7RcZaCMVdk9v(W6Z(eeKPM!D*mO?m%|z*Y#jv<KJ=vC#ytGFeee6!rNdR;h
z`X(=*K(eLYubieG%s|WXhdk1pNnFl#UgSydlq=+aF9&<rsO6XF;yI0;4X(3J_u+mr
zSrIYiAUeAoVz(r6boJKjCbc+aOk%QxR9#1=!Q{CLtj9eGsSBGGdiD;u!7}W-;4M|Y
zIdhVq1$4^-PXrM5;JloF!vfP4)|q48P2k<dt-eaf8%i{J=(CCFIF9)h9hhqKOf(L)
zHsO73$SGpMu~GNF&q}{IqgWk%wqoP=Q$g}^=cQ!FmL5+d-aGOP=2ziTj$VwbDIO3G
zKR+3+JD1npE%MNOhnSi_Yp<mHY@B!L?3&6@@y(`$T|VuHm#NS^J;sH0qE^nM7VkRw
zkVhhW?JFduvGZMPhY~P3AKlY&g%*kU8tkz8N4d=S(Q>QK^rBCc_S#a`4yWz>dL{%I
z7Dt<#gC4aZP$mSuuBVoN)$dpwW!H@8?9f>8lx`FgNO;FarIO<yB-m|Zn_8)8c{ovA
zWO9T#{OsxT?inkMcju=%f(f{rB*X~Dj2D1TTj+0RLxS_pyzf4Y_S<*0tM1#7g`f2Y
zCn*^>?O6t20ks0g2kI4_>FY<IY*_eN8SvyC9J@Mnh|}^m&T<gd*<YF%-rGCA8BE);
zA)aIJFH7=Vw?WPb;4QReg?%8t%KW2=0SA+&UsV$JZx&mHXyDUMOO20~%PZ7=7uB#?
zF}G=5>4i(d|GljCI>c(`ad*9vRU3!E#}xk%7PsJtT~ug>yZkwC)e0)WOSU_|-MV7B
zyj+>MinV!!syxTNY{whjij4{SiZ~v9D}>>sszCpEu@yzp_hPphb3r@(2pRTNUX+p8
zt-dI^lgl}LCkx8MD$t4bH{aXryVn{V;WlZfrL%w#NmdKd=)V3ku}o(LkaO3Y5XCWT
zGf_zEhcv5JPSi~uo%L+WseeGVS6Z-HwrZqo@bhZyWU~d(2!~hGR+5hE6`H+V@5M*Q
zziE1THeMp~jGR(;^Q!BMsKTo7l{&Xh0JQN?QoeD^E=ZwgBqTwx6TANqJ86>k|E{>&
z!#A}W!Pj`}rR5p%=Ag8<MGk()!P^=Ccl$`MvA3hB7tLZYsLY1I_=xq;y^~z=PB+B*
zC#KQ%j_bq0&Gt>H{vpkurH^^-wM!V1&<Mcp1bwC<s47yFy-;sR;T-guoByiW?VRBU
zO4i%=|3%Ynk~^&5D8!s+b{A<!EofkS<aW@8+K0+Fb_>saYF;WR=T=UKTZc0x)_0z>
zn`K<>b5+75=jv_>(mWkr)E?&CFHP8V#yQu5Jm72HRRd^?$qaXITpmf9D<qpb+ys@g
zt|#d9+-~F>?+i0{TMzCu>9r}k-G@Dx%W`O?G3ER~jCwG;d)%*3PSU_@;-YT>eajA@
z{5UarZF6mn4W|>S({r@(%+~)$+E>R#xo!PRT9kqyji7)^C<sUoqN36wT}pR%BLXVY
zB^^qa4BaBq-O@SK(B1s@19<N7T<+)hzW4p(dXMAGv-h+1clFw9MKK=vOQ%`>I^q9Z
zDEu-3we7W$QYm14cbdLs1*u+8r}2L6cbx`SG|co%Nhb<IQ~tZwNVtn=T6o5AF3^zp
zd5F3%J{QkZn(34aV_o3c{vK}HI>Gy<TKGqNwJ>e;s@+@AG`fHIqcRBcz$f7M2aGF9
zvqGJYO0Yj{@{h)XTlSheo5B@GWd=td&@!J005&(RNclyy5u|F}49~``>$e{jIPVSy
zItCl>3iK3ATl1(E&2O}U=3U%I6$z^hvxRG{;{4>9MZ2kZNo_`&x-zOcEWbrCxREeB
z(rPo?XDe$|hDcnVp~3Y<_VD%P&eSe^COp_>=-m6jfaGP$=xU$YCzE|1g$s(h7n)G=
zN(fzhx6h;ZF4jpzozk}iptvVxzx<fK-o96#nKE7D7aE9m=5sg-SPClP9J8Zw>v#L;
ztPP5gHIEA{UB!-dAylvS&%WUY@eO}-GpoH9#m)!e^3K0E*}ft)<sz$Ms{39Fr&n>R
zDT*|@5sp4VP*vSAC%Tu?CD|ptly`wWI3`P>WF$;G3g2qLupl3;Axh8wu9Y{cl_!~<
z&BO7!FRPj09ygmj-Zv*LTmK=V7&d#L+N6a$mmN7rttK{lHCrEMMmup)JiN9CMf98(
z%^aBY7U0eyl1}p-6RW<BoemtUccQaNacv&j*Q_t}f!pVyR&!~LUp5_&r2&msKYL3!
z+uca>;k&E8q!>*;oL2Je3F`toe78ZrjPY%Qwd-=3%3yn2JnxBf+9q-Wj4KQc43c(P
z<ta)?;qx=KISjL_EZy1qnhuHmo@Vy?y`<gz!7+Wnhqq;z^Ol~sHyCgNTAB5y{Pppp
z3O1JHJOE(B^)<<oij%tg*Qv(^4Zz%q<h7zLDgOxCJ123)pO#*oH0-ay`*#>CTSwum
z<&T2cCqcB`YCXf{Wlw2=3HlOi_B@kFE>28ZN{7+fv2y#RmP*AkUH)J$T9Q8MJ)6!%
z@3DqPX7U1L`Q8F$2)VVxp{*gU#$0~EOJ{)ZOrZ5t?KX>cK36vlA~O#p`PemGZV7K<
zH;T*oJFf%GY7mzdgm8!#QY6)Yz*^3#<6`l|<}xf~N4X?d-&ur^VVM8&;ZJSTTG%+y
z@2MYsI$u&c|M;+@T`=gNF1I&Bvtvh-^|{$$ZdO~v`N22)@{xstp>PaJ%H*IvBgbG=
zlJp0Vnqz|}_jZ}LIzNeCA!p^usylprvz$;kl4bwv{B*I+rVZ#dxjS#$x5C+g;FtMe
zsNl5!5wF#=Feu3&W^O4^3k8wlqkMOQwVRJXU2Z8)@&Nc`gqB|)hBl~Qp?qVq(9KV_
zRgzh!=Ce?GSUitwK%vSUtArJPEWBqpPo1&9-=OPNME&Ci9psqD>GEb@j)}gG=?w*V
zKM~Bxz&OWiVig^FOq9ke9JdA?WkDObq#x;hIXSOE!Ca-o<IlkNb=Yg>7`on*5%sVx
zbV+V4V~9)dV~QOlBRs$O%7;5|K4Xts`XcY4=g^~t)${XH-a~RLtf1Ni;Pmn2;~N?i
ztbf?JCj13-7*J_p@OBNcUn=4TA*K1fOnE$`=kJOA?$dAmxIFL!5qd~vFt8a2Q<HT1
z(rYu=*y3m#y+f2#uVQ|5U^~ho#!YsVOvMC@_t{$Y*LRs#h}-V7E~n6OOoHaM_e$@P
z1$fKzEUB5Sz=fIXbH*pi@olR|7jGv;T~VV2-RZdwB_HR$7cSXAoEKltxb{WNyZtd?
zo+wka02#k;<=(>(Q<9Z3B8Ch1NlUkP-VaD&1gQ_*zhHCZxHZL}v^Le;>TETU)4FEZ
z_h2yF5TSX8KM-_X$&OC>q?|Uv8q62Os0Vmy1eo%YPO0W8JcKL0o{QycKJ#1qojXhK
zZuL=;{dB6n#izZuI&b}Sf2h4Kc1CzbVV@h^o5EW;F2#sC_PF$*taKEG7UH;S$F=gL
zrYrofnl3jwiNTpg3lFm(FM)*5*w@{R@fq*y*eh-_^r-1>BsvaO3~_xdo-3=N0?uJ1
z$@m&Cl5wD*!Vd$?-z-@u-wOg)sdRwg!p8{mgx}}B(KyNY)@Wmw(yhK=*v$MracrQn
zT5S1+E`r(`hK|~vjOG!s>cg*6VvRY&US`O$VcS|mTXu)+jIiE-dHL^+);yOVVpcla
zbYBaeW-gFYm0Wt9)%=Nz?P)VZgJE=p=$6wiF>~|Vg_0otmR?l{Q~SeO8X<B=gTupO
z2Az_)MsRkaQR1eU@A~>EuXHK0Yj?(vm>jUZSxXd^j!0T%?Rx>Uy`$bcw=I%@D}9~K
znB-Vq$vpuy4$gi*y~-wgL~kFm`-?K*0ZVe+rRs_t&=7&;xET6)<OP(OOnUn2bc6!t
zaSaoZ+V6@y*GhbPBZ~si#{s32Rdp9m7Du+8Ce69EAJdRnF?6dHy>u(OB$d7PQzH~g
zi1B$CBCEn~JWN2by%LU>B*w&yurn^bVc%mE_+69RG6<Pgz^C6c4-AH*n6f>WK=?z-
zhllf(k_i;#^Yn;^Ptud+?j3zjzF(94eEt@FNb>#7OgXisY}&Wjg<pu(m#*2%hAUse
zBM4Gi;%_BeVks%GAF#GEc4m$lTqrl3I%pZ(opRg^>-(XhB=cB9QIAS*E{Sqr=Z)pB
zLC{1-e)xev&Fd9q>w<k7!yXBke3l^EOQi8P|D6%cj`$~yqa7k4i+bD+ML0*L7P<$v
zAFH@&ZQAW~_~NTP^m}rc+66)_78)DEKU>L<XvOKV7nSJbZxF>e%VaSZsjTewYth~-
z9`hjW>pXa9oJoEtGxAj`n)mrt{;R}@c<+F0leA3L!Wmgk7-&F3Niob-x2{xVme9P|
zb1>urSA1H0(3v5)jwH7puEvqdjJXR&f<~<`sopXi$h*9hC>W0%tdVLOG4Z=bIb68;
zq&SAous=U|!TMKy^sV92(&GC=`Q{7b8{K)KuLo$lTZcw}*;EXzei>jIs_2VlP<4Dh
zpoX?qFqG4asrA6kGR9INi?VrS_tR`A_0*VA9aSOW!BCqs{?LJq_c_!HR4%Z5bO&DT
zo3W7@gp)kr@8H9rZ!TG+VQM#OljIaW+EGIvX-L65@p?W9kaJn25Yt-sb=27!<w(lp
zH@3M5M&vJi9Yk-koRPx*Tx1T{`qEO#30K}4EuB5=`5umGm)raRmRx18z1GjhdSByC
zLD#yQ+_Y$~if^aLqvpsigSlH?p<f?7uufGeVqo@{%p9O6z8qz&;AR?LS@t7Lm@`a$
zE!)@Wc6{Cri&qb0H(z99MZH6wGE>%#;)9NZ2<(=LG-h4JWGP$QqI4EjE;%*6=?TX%
zs^q&BS77H*(DCSRqNuhK6R#Hg*`ZhpK%c;3pJ6x*)e&4K;;Zg>*@X{%bo}|>{&4+q
zZFwUyTg3x@HH=x${Z1NY4<Qo~o8ZY;TpwLswxp4IhKb#c5#wR;%j1}q|Mo}yg>Ac*
zXC7uO8C85Iw54i`g@}uJR~kmTayzyr_Ri_&5S5RqfBXkQic8k?ClU$vow}D&yb4@0
z7VP!)TyfsdU(yN|J+r^s{q%Sr-`&8&h;c*1W&F3lR@Vsp?Fs*S7S-s<F5sOPN*|wY
ze;pmX|5w?8eM)!n!{*yp&ZIyM?I@D-OGKQ~8<rr;Lk;CR2_pmEPskGzQhB158)=x?
zJeTKX<C8~BYMi-t&{ya^K))Y&iD~=EH#B6w_j-$1Wl>veSJ7GLM-rd8_RA}P`uC~9
z;27c05m<<O7|f?fMCA|B@A1Z+poMLM7s3*_XPg}h`bV&c`O_&0reQw8=2IA4M^WWq
z!9eqirQW`IPL1{N<o*}2ZW4fX{aws{B)&O+`s8OfN0CoyCCe^pa`U-&T<t<TbHn4u
zaDh8Jd&z(UyEE_Cn>Xe7?D}f4&E8cup<}XBEkPt(b&As^d@mkuLiQg(^9F(|4NFj%
zAm<=O=_xQ>364)p;z?G?_(X8bkCS)$2WoW)P|KrPuSysZ40(E;{M+{|2q6`+Q4X`)
zH;t>K&pah6JVl6H9I=Dh@j34v-B1+pDD@c<OMh~Tmg~^I)m|k~$&N|+H9t!DcWwbB
zp}zy|+Y$$%ux6~ZaXsZ8iYC5fz7cwmSL&XG{0S}hFKrk5uh@6jhx&-G%FKWG1M`0!
zLN*4FNL?;)CbsS`36G{FGBff7G=YUN@FDMX`*?y7hCZbdOx|(01eZ@HIP)-{+=B4S
zJ;_Gg@T6Nanc?J1?lj;y6HU-bGB5IB?|r*=)@h=kU%d=C_d3YXU00>4^5vJ5$x>hh
zU04WNg76E7?N7J*T>*krb;r4F0%2iE@iUQl2|{8GmEg|UhY3Wwd5d-(^2Y*o7uNBz
zkdOglq>$R5t%|P0&HC)q@hgUyC_GL{|4<jU<5%Sqw7Qzukzg*%5+r5($missV=azF
zn%BespGdoZf!;Tbf~JzJf!BWXW~@@7vU~WAW9cJd1D*3FacV2?<qr!#6wZ7fyk{!V
z3%#z>=ZH<u)51Ya4*2k%a+vKgIZ%DYvvUbHPDRb1<c&2sIa{;3{j?Mc<<PkF$2W2k
z;d-wP$IK*IPZxv)HV2ElMw^84vhFia!~Z~)PY_i!=;=DS=G{(#gbm?K_uEU1+$%At
zdRVD%&jJ|C{}Obz_dU&$nBMTR1XU6I#bl2m0$lA*lgOWtqGuG~JsapM5YUmD^mlIv
zst_3q#ZR4Va2pSt<-~+S=WYBLi>`;5f4=z%E1{q(9dkEog9d$x=nwtVH-07q;TgWM
zRz}HJt_TM4{DZNN|4Q$4{8Nw8%o&56K<U66SzZ<5rWhxSPl`fM7-qUx^>(=)&#&st
zC%|A3V__luc4Q$L^&mF=vY<*Y=kjj_7=RDnAW&&xf63kVh&>kbOu`eCKy<J4>kXv+
z6j;fP?Z29c=&;Wj)}SY{_l!S0-HsHr9loslf$-(}$G+<SVLK2QuslkgY{qRk*V4^J
z&CK3oX%^o+<>s$I|2(D5Q`j9KrF7m5`gG=Dsvj!~u2`j>uOHIo%fhh`H67W7I46W%
zy#YOevNyz=Wx3vidipG~!eVnzw?U!GDwF@q%r9M~?8Q{mj;o8AuC-7m#R;c&9m`)C
zVQ2e^iPq?VGhaxD0g}I%#0?Xvwa=bBndTB>owo!-M#0?pN(9$$1y%ro%*<Z8kDHsX
zFK1HZOezPZLR1#;FnbuAZcZQJ?qZg*`8bpGWG@en_aZ6H>^VB&9`)$#y}W|<q6h1n
zq!AX~(3#a?2@*sPB9*QfS3B8Aofo7?OO=!eFICcAejkZ?7G7Pi5<&V93vqSHMv3p_
zT>2oK2YMGzPmpa-3Wl+q$s{_1(DKE^4OTdsEJ38!LKAbR%eq6$Dk%vwwR{j~dc{e1
zrsz(9L^llzqGL{5iSgtcoL8V_1HI}ipRd%T+(|lHzWju&*-v1s$lO&KTxl8XbnJ==
zjNePNxj<`UroNJhSiYS+70Yra=?M}b(l^B^1r52spgEC@a>tTU_=c0=@(1H8!v7!{
z#UL$;+EAZ|Ykwk9U0`U?4@r_=3K;%KiVb&b_)E$CeQAjxh*&b4OU7k-sY1f;<f{tj
zi*YUj>7vOI-*NKIZRqtUruC$luf=pVKRolaP|&F%D1WMx0CKtR=@|Lxi{GS!*r2F?
zXXG;Fks%EG%oC%xg2c;3z{Ra`r(8^MOfS^J^{=Te;x9$!-<`#Q=TNaB`*H>|h+D=Y
zM1o#JzuvDG`vGCZ=_*t&AyJ^gcxj8A&wYUXRP+4<Y_4h$8%qLR&vsNJ?dyLDUxNLL
zrtni(k(?dQsVa#*2f?1;djg#_hC_gw8r|8apaX+W0h=BP8P0bsa1i|pq_1dW2Vv^j
z7f)9OR2r&#+!JpyGA31MDA;^9JqRIs4Bg18mtYDRe)L<%-8;4-Yw!xVwtptPLHiA@
zKh5`>w*h?BL6f<>ja!18^&aXRr+dX)0qUM%^Z#ov05M3uYPawR#_2c8@%t1BAO`rR
zh5<+8!|1?!b+#Q!O$ZSZG{R`EFzr@<2b4r1nxy5)@(#!5mu+)Okhl09g?X>Dk2Cw2
zg|129gk1`VBTEaG^F00DeTZy7(?w7+e<qzHb-#0p@jss;p#fp}DVD8rd*9;#wn!0J
zQC%@^_lYU_zp+NK={=h&!sps81y%GnL?psMo?zkUZ=2-(v0#5HeaY+^A4VSon4NP5
z7+mA8o(Qk_Ioel*$KP=M0TEH^Gs%X&ySO8M&zbD#0@FKwhb9m>7cT73p!d9O<9hm*
zA0Q0gOqGo@s7;bkcx!j&10+hJ-}f|1$UO2WWg7N*eCmQML%Xi2%}bP`<(o}5#X1{2
zg~yAd2h~ehMZD`hl@osHkm%AtPTTW4I24>ioXDj=QAZ`Q|1a8W(WTJ>0pc7pe(6;3
zMjXp~<<}k<V}UoQJkNZBiwj`oWa5S!YgvhQxvz9!@<hPiFdzLbrT-U_#O+2FohTV|
zEe^Mep1!{3SiJlH#X|Un9@NT%R0@nFqZSNf`t3NRTm<&s^Nf(g&6?U6-dktBQkxuv
zXDl$Lk@i!lATIyQa5jC~C~iy89x2;`A@hWbTpcceC)L;HX@0?SfXCHwo-Gm#A&~%H
ztXA4LB|@+dbbp+0cl+<ngfSQR+wfSk|BHo?%@UM{eStnyPkgfY#143N>>H6tZ<t-+
zQ~7n9;7rbVdh8lu28r^)yI%Q*_*{zuwpU#-a2;O_d3l|B`2Pz-MFZ@>cj9yhb@33=
z7*rmKiMxx7*>ZB8iSt{48UBneFnutpeR3RbqVgk$#B5)R<6`Su@kQ_3C}+M!4bzF0
zP&1rU$af+DR;eIWhZ`CaOubxxiH7dvRel@ar>7eG^;k_FTM0&J|E&iQCRk*%hjr@P
z$G$#RPFS$FA4dbvy>I@zdjA)f`biu+gRwliKOPd7PT<{UW)2-LvuE`*`$4GwJKk{N
zGJxVm+1T%@qf(>Tk2lVSA}R#MyL(#&T!FMcp`gjOtX^{o9L@szpSNizQ=gC=<Ji}I
zeeUWj^cZxQ!Aa2QAH+E4`VNvBz-q;>?XByZR(XvizPgqL*NeprmH)jq^c~<C$)v-q
zz9+#*-s+t#_kJEf2?YT(k4B@bV&j~2nnnw*Ik;bKsv19cLX%15V^4+oK{M*gb9|qw
z-%I>?!c+_pI!GlJ<=W*R#rb966E}<{j{UaeZbH$wz+@G7IC;z?-HUU-rSl(Dhpj+<
zUa~oTZ@4pXo<ZMs+IWL2z`!w9{q3^-Z}x&2WSNpe!FVmI_<dJ+SfHpxn2TAV?th~g
ziUn0bGlbFu&+rq0H7X4#@~PKLEY8H?<##pNGgKKM&ilV?3aA`Ni#7Y|DaF(vA^1T$
z^pTRM_>KHamXH2<z|i+%3y-yWokY)#tX?McAhe54r_vJk2x7I1cV(!!N2RE+1=!9!
z5PCHTZ)}1^J^Q4xyiY+~>peG~^hsRndlKMx;+WpZ7k%4b<EzX6IEBBg13X~}`=Bd>
zUkVj*L$<;P%hT`S9s7z+4Fsbv94>v6Oul-ixOf5uBh`QU^#W0KQ@*Mm#Ff(bB$Q8R
z^}mWMoyHzGCi7%k(Sz$H{>w-gFbh+S9%-HkU3!t@kVT4Qh0Jyr#~bW3U*Q7e(1Ld$
zYltd-cURQI?DJcqQyTa^gP0=T?plMD!=;2<$>+~}K=obd_hnd`w>0XI;|tHa$W9<Y
z2{EUGl0KK_c%TnS?U}sk;&S}s$FMLg&4TBr!T)op^^i&UJm0B&tE$%evc##2_m2~-
zX8w!zhE{MrmPyN%t=pL=Fmo-1;8#C@p(TgMM~rIr@XVcGcn@5v@HjG-qhkjL@Y0()
zB-eST6KU@PGlSkBAT8>sY<Xn_v+FDbpL11%e9`-Ab)YK8tBh3A`Sk1|&AnotmlFC>
zd`^q(Oi^$S)gO{fVB;Fx%Q&Ze({b#_K9w#bd+SSNb?G$NdHRp1Ob{!15y%kG+)&bz
zhUqk-!w>CsU&(MTVLY&ySm<nO!;S;rShnPSIHkXH2LE%n9WoueC7wMBmPXSj4ZcV8
zJHEwv9H7a$+_3s#rJjX8>Ga9}*fTn$-EImNp>valo&-%``H<<ZvBza*$>(5ptI_t%
zkO4hVx`4-H4OaaVfc0mQK4TCNC`cHEh3J^ISGs+2u*8sdsxKV3<wD`JeVcgwOkqWm
zeG;4F7#FKfIB^sFm>~|?DJ~ajtfZ3?@Hr73|8~$|14CGdOM!9eYjns*9xRT(rCb0Z
zB=RjVc$eP$PGiQ}oV~6qv@Qs92uzP%JvqW<M#$#gvZPbw<Ewv>O?fsvf8s;XI!-qf
z+Wof%KZ~c?$|kX%&#}mZRYJJDecc89S|uF{Uc{Lchf&2Hhk0Pf(c!Erj{&>G)y79t
z5@Ns9=6{<FARoZNGIohz`?ABOQrBdPGvD9|uzNVwHIEKuv;!{E$5?I_z0@BL4h{x|
z@o)JAuboP%|9J}Jew{@0!}6!#vf6ds{@f213;o_8De_+#DQ+&Sg>&~`wx@Un&$WL!
zkAk3{VSROyadLeNMKz@Eox6DFtvD(b`<Vv33#6d{EL_ZLKek-G<ZhrW2>8NsTmP>x
z3`9lJuy@z)`jIc+_Vb7(`G@>E`76OOD7ie%GIq3CgG6C{kApI(!EP2sUXdSjkgLNn
zwzn)36)E^;8%)X0r1S-JNR;To<U>!K)86n>4SWz_Aj`!%O*kH(>i={<i$J3R$H)}-
zw|!&-d8iXB0aABJVuA{PotYj(L05xfE^^F*wuVD>5<czE(oeO%>n}(;sr4o<_l!%~
z7(VhoTbr{(6a_gZZp(`~S0r$xmVd{St{!_-ud*KX`H08mqHmlXF|~mt3<xBjq<VlT
zA79}At&Fmu4V0=_TymcXL?tXamGFO=0Vk-20e#s@td0>RnCPKFUu!@s^IH=zKxogN
zd-)!@eEX+NoY>h%849t@-(%3UAO^iQ42*)bJqgAC&M1g@U>XUoa~1)JeNBH(jDq;p
z{I7Te@Ry#_$|zql1wpJ|ce;K@lK!Bs>o^o|0Gx9g&t5aQS7g;pg4$5s?U;NT#dLxM
z@pjqVq;M^r?cL2YgP7-_LyTt4j1aU<H{dh@@#wr4Q~S$k|A!q>0GsX39j@NEus2x{
z_vm|h`SqWY+~rs@muGTxo2@*T{&eskB$WbWzP$$pl}uxL|1D&cI3_pxu`~mt(l4VR
z#utQ7G2>c#%y@h5iSkr@x<5>>pUrshPEe=G`aKUgty*<R6aBw%`|{W$czKI=@sqER
z!^bl{omhW}X|CU&%xj4g@i3#Al~lq!S;_V|v{ozJluYlyGCuM8Oyz=i@5F{+8^S$R
zxGcvy$+UXS0@Yy^UG)B$SbcD8IbWndTNhq*VBy8BJzMUbLj{!|&391+Ri=X@ew;u}
zClXcQ`-2gXb&MwlQAEd--;tSrm>~q2u=1EH$c`Xk^*xC&jIsPJ!{$o$I(&&V>=8>W
z)0w*lg(2z$RDwnK^Y8SYgnePr7#HZLi6h7V!2G{V4_BUxI)7yw<l6gg(s>%xYtT=p
zpwOQfPOddnV2;53T<YH6n(dz}cM*XV%P;Dmu0Zt!1-0S!+idQ$;XoyE6V(W`sIQmk
z*$K3~0qP=1{Pa#REdkmy1YM51mi!;$vs8YL;L&{?h)*Y52m-xk5CQsTOxOSQK7aqO
z7mulqZG-L9`agvwo`l%VpH^qX1s3}d<FjDV!vSxFlk=63fOeJ2nfxCDe^h>KU{~^A
zCLf>f3Ygf44nzCQQ#1dc%a9bnfWqHI)j!D@6!(<kf}8=zqSf^8TuUl=K)RV3%Rhg4
zN?;JQpoZ!UieC4-e>?$@#4E5zuhgR7+46rL5tUyqc;?rXU%yL6#xLSY_|R3^{ih`g
zF$RAt?s<&+la{6hck@omA+o?yYYn1r{%ws@9Wjg!qW6DP6KLW~v?$_B;GF=Xni=3}
zd%*ARnMw+nmTCZz$7=dz9Ebw+^vANGAmkL%f7|1q!TRd(Z@(?ff8v_n&h>R2a)nJ@
zvyQ2Rb<(oEfS%}NXD*;$VFN|m?f>-4IyabK9FOk!Lr&!U+8jLa)=j_%C^6J0D}XE^
zuuz4C&B*`Li+=?_-(UW@V%EbsJ#ZsyA-NZb?B>y4hTlJcseuiA@cwmX3IG6?{wYc`
zluCIJ>oB;Cp8#%u*Eh#0rM=N!<3G@*Q(>w}OKM5Dg~yVzH5Ehri<c+gUKhm#Dz1Pn
zq5~#xVSi}u6~g${da1l4PW`;@aOsn8Tz4x%nN?}moWq%89NDEq7?neU&CRZ&<2_?&
z`+A_&Vb+FmRd2X{@C*BM2iP6^uFQ~r#G1xz35~|aTjCV5`ZJ;euy-&#2}m>faP7*?
zg4s^*8XCrNZ8Kaa`}^6@{b{b-N?D+?CmV1T?=&B0^8Jbc_L{Isx!f=V3r611-DWoK
zX)_`=RxC1eFJ0M9Ll0&RnMA*Eld$czSsJ-9J9o&fVa_kSJ#_)SVzkMT{x{D5Q_xEE
zqXH|!2qynTtp&8>o9t(!{cI2dZm+)pgLe}&(_~&6sf32nKe&wQe&<`w`ap1+Ont{K
zVU3mXYIs9wPqmXh_2Uu7WR#~izk306S$$EtKqbKg&e(iF1}zoyMZw~b=5T2d3nI|>
z3G2t4BApuZiUyR96e;a6Ui}b<{r0^+9^UCk=UlI&BC*TFA2Al!{0cab&TE{ii=W16
zJ^a8)^KSw$=$#Ajp$SHT2}&zy`+0o^lxVTpvfAMws6MBY4&>=;AIV;Qq@?kMV0&je
z=E+eK@fLb8sV2U;<OM1}Z2+Dkj1kS=xQ=vNb6Z3LxRDD_;Jlsw#47~8##B=O5zz=f
zjA?vM90|h5Jr{F#nkQ&EImJ~C9;jw2ZT~dxz1DK~-x;0?!}UEDLfxVcsiO4&nT(~$
z-Lw(j&E7GXB1NaG2@jCRqqlOsMXP8F=H2VNHHcn6EdE6rv`gdSA`9&ZanzlKL=|Y|
z(L|NtRD#Qk`BLy|fbro$;M#FGGj)D}>SQ>teMss4YU8G5dSlyO6BzwAY_tpJfok;U
z>SkNr4YLfhdnIjn!;{?VbD4F_y*H&iTV$#P^j}*#wX*2e6r$XH7sB#Z^GBTQQ<Cqk
z@kJmGwnhS%DvtQ{r^TipuWwj%?UPM7Wr{|yOY?ynGW^%>C+yC105=K_m3!(t&u0sj
z5lh_r<2XQOhTC(s-I=!qqyzlmGgt@+L-9r(<&O3&fq}uA74dj&3<!+NgrBn{-if?@
z78sw*8VnhJmn6Y}8zaSA5w61?dg0z?#TK*F=P4b&fkE&s9dOM?yJ|+ILJ5@^9(kkU
zokY6<t07Ac&WTT~^Sj~UB*bib8fA_zbe|+rOh?;C&x65gA@g3$e4&Bjd__Uqmkt$j
zh$Z+OdP7#774!W<`IMQg`Ezbg<!Q6V@|aE1vp#lGhV8TqQ3ekfAIUbctmOriM>Eeh
zHP)}2Gp>=ObGx-VnfJ(RH~QTWG|&Vy%9bpH$FKeI;u5hy{jT~8VY5EJNgHeMROK?R
zEx86AGO|AW&5yS*b^Onq=7~{KoEoSNTwl2_L%)U10k)9h5JtQ=K(`CL&D?3$qiD>#
zGaY;s<jp?(P$_a)n2DoGr$DEjx>QWH^k8$qY^9p$N&4NdFu}*wX6ssDPG;~}m2bfo
zB^z5ei_`x0`v8^=FbeI<qzf9(w`qr?gDnKWgV#fT<NZq-cVqWUG9ns_&gWlNZAv+c
zW;Sk;BX*)Jt&@S-f+_8O6-NiTqq*^09kt}v2HTGLsyBDJ+gC4TWYI}Y8*mp*uPK)+
zhR*bcIb}YHVGi8l+rvgdh$#5{QO)w*(}h%muOG{HsOsk@OEH8ciYDtwNJ~um8m+zu
z%Vkt=Q5b6wn-nJj%gEQdULGrNY=2Ne=^8*p6&pFg<fj|U(buo3&;llr>a(a>!>bRL
zt8iDh@qHWDv_5M_sXg+n?6Y5TeC#GkV$*~07dpIaJ#3rgn8APPb{k&iD;(ARDUJ&N
zK(XBj#xXD^&hNhZQ=y=c6i>_*w%Eb1&!ud4XOl{Cg~?1!OZ^SdgL<>*1O4e_pQTM9
z%L!~dl-CeZ%w|Lq<umbKn&2vrw@&318m3^5VH+AX<@{lY9A>BF*!jujyR@p_eOoSc
zc3QzC+F*aP&-enp_7@D!KZ2E$Qs2o}cay*Lw!|6GO5&UkavRGmv0P$mj$mul9-_bO
zT6%#&HT#iPYk2jyUfcFWJajyr^kZQO55u$z%ur55@NAC?ZVJB#vm8Ucn2II9)ORnt
zCrG>|?MTzapwQ69P*tbf&U*vT#~gnX;pU~?pl~6al*_AKVVFS?;e85=B*Ox`8LAZJ
z<s3=Op;Ai+^4fP(3p8j1<tsEC0E&cxd|$}DUrFSnYKyqGGtHlsE~~{Z1Kzm)DRCd4
z=MvW*Q^gH&zTP<ta67Y0_|FPocluc3hH!r+P+{Q1W%s#R!sq&`UGtoD{%~23s%p4j
znf!ahXHhH!a)$8bioH!m`w*7E%Bm9`Rt$7lSMy6w>Q0z3TvPL9iwg>x2yFI_Vpm#L
z`5jpm+b4r+%%#iJeHNXf3lhI-DYzL*RV`x2Dvlg~Y4L0!2V{#Qu%;7)L+Z3+oS6WO
zlXWmHN)rS<ao}Kba^q7{Lx!Q|P-@w*y}ly;reL}lhex1uOyK*f{C>T=I~!SBxyWJr
zC0^UP6grxGWCXt0LjfQ?@9sWn)XywR9Nw&SI}e&W&Fl5*hfG~&=211Kw06f4DyhP8
zYo6g>_?oJBxkPt&eU?SLg=}vZOtU3qYwA*8Yvu^$-+$w54{kO%E2}uHVC?lDfc^va
zjV>s`9og#cQCnJ-Z+BL~J!d&}>x#!&L+~z>hM?PKZ35@(Ye<dNDm1?R%#Fe+Ie1sE
zpqi^A>6RoV-fXedmGTIrYmI~g!nmz7dA0^~Sik_D!dkr;5*{0&&PCD}o;c)BDt_J5
zY)G=AH*Nkjq7_k`-k+AatKDR-Q_*KxFr<MmHND6yQXvm~=%#2xcu7oVud!M*Rdp~x
zitk8H9$C3P(j;Y#D9fM5XkT)Q>C+Wac6&{l*!?8_gXdr-yNTiyn6Ina=d`zwpx>Lx
zUg$6r=lKrV(dKnQdu^-8W<_lW4ABrdvT4O}rzDG*ANjDjv{@0GRpLC*nJ60kJdhS6
z$!9x5V0FTW)W|csx1!RYX36_k^b2Q^gcgAtS15=#ODr12H`iE_bN0A{TNQbkcFhgD
zlKmHF)yk~~SR!INvv<8^zAI<NXsbGI1cN~`c(c7(F&4-kQ7|u;XiffsG_6=9J($?;
zC9kb4f5bXVw*!WYYW{e4F+c>yDLtUXSzQKW|GR?-dw#JHlvTiN9q~DOQWkqO>G36)
zQg9?c5(&eK2o$6ApPq9y08?#S@^vP6ST3$VjZPV}4h#B%JDOFpXh#~<e*O^5mUXIf
zul_ZMNwV&`$39>{Lu&9%pp2L8vqLR;K_eKnE^i!xS?Gby-NU!;J6s5+;@M6|Sx?TT
zWnDUtvb(vU?e;TH;u+uWHVx<Wd=3pxXT*e}aal7KsbPmev)PbkZ~a;;KT)<X>Gi_d
zL{h_ZENY&~972?ix$_lAlwW!>?G=@IWdP;N-+ve8qR7-174<H3jSyw;``O}FvQmSb
zDp8R|^Y`UrA)J1!P&n{KwL}w4barF^KAa|-H8W&jvb{NQbSu1_q-^Hf3|+KIJP5VC
zUZ>r20+W8@d*h~kRUX`P`t`;$?7MTsj3|rd9Kp_Jgz*nmvR~RUWypmuj-t~!J+CF#
z;WZ9B%kD%fe#oo}COfI8ORN{^jmw@F4f3SB1!a)VDzuOl!BnD)sg0uGS0u`N){n{^
zcl%%OftlshdkY0I`*X5K+Kpg35O>qPP2Zo4svI*CeI%vch*G`o7i&*EYDF<EhVE_G
zA4bjC4jmG$TP{oh9&>wO*#Al^+-1YG%C}P)$#|Z^CYH?fr@vKMgl?1=1TBTv`FqN#
zh@@RxUH?eRSu)DBj7X^(hp@EPSsP2!UjF6p2U@8fs(s9KPh`c=ns>wa)oVV@h{6HW
z_A#se+!g6yW(O_7tcGp1?UmA7zgifWBVH|y%l(mHxpf<lcha&ons@$!E)pbI@dbPD
zO<F$R^bIJ~0i`b=w5F)9z^G~=`F=U_c`Qe8IM8*xTl)i;A0L<~Dl0SM@@>QJR12ZI
zJ00#!n`otJePF*Y5Jy34pQYPbJm$C|a0sTAUN?1WZsA4*Nr}qn4?SQM4rOE`PBfoi
zE{)={gjX8zj=JIU`2hlQILw3Vq_;p_b8c9U^Wj>|59CI*>ftI8=cJ!t74m`b<}NY|
zx1yH_G{Ex3W@k_;Y@0utes7pPyuVpckyqI)lcCUOW*Gx4!eK4FIsNAM-3$gC$^Ox`
zMp`y2tm{GScu3HbsSF|0r(<|e9xac=M9~2Lo@3CYYMBhw!-@uhZdkPxF*BZuve-d7
zT2Y&5%?v$Q<(WgpFB%CM7jz#e?o34(rxLyD8I5teFF=GnuGf=Fk*0d5tw_vmBUG84
zdb|;xq>E>FM%}<8Z}AIp+irpz7(w*n$rE?OtpwrF7mXp72%+=F9$3U`d!iB^`4fXh
z{Lj*4GQhtvjjfdf+xRMTNuLZ;HRUX3&_FI$y<3u1P|Lzx`DARhSY+wrOsB%JrX>-y
z1|t_4);V$Rg(dc?!;g0}ztvDWZM)9!%&mmzXfK@KEl?g#AKW+G!s4!2@9>%urj!+i
zJJTsd4;;O9foI~Pj_!KTUS=+Ztv52Yd-<ft(lE@7w_uzgubrZA#yTY^W^r0`G<0!g
zrT@-D<I<6$?MNS4BI`1(HYDECZc#k(JYzUV0gcwoH>2WGpt<smi#CR>M@Aa&*OK8M
zQojU{yQbBjFj^tq9`k&*Uys~uY*K|Z>+jJ?Q1c#-)=<{7bSqCk5{gFOOUk$Mc8n!z
z@|P}FQnFPiko)%9wK?RXd&AA2-xj^IKNQiT<JGwV4LnG#O)?{zZxt5uC9D$IflF1@
z&Fq!b<mK`?+-&C}bxbM8k>w=YWefR=hTo(|mcCWt(7xa2V0~p_@2JmO^<bNX!N~7{
z-7iD({LP>E;+H7xf$3TQD_eabE-7jgmzc{U*)c;txs|to32moCSg0;m!0j#dBx&HR
z-H(g4o+J9_*8BCdaw@-ViGG{gCt%6JZ#EB4@w6``)fg};Sr9olNo|kK^)46lx!aAO
zY<JCnzHgkrS3|PgMm1PV=}cBWY{NVVx1c2F+EYE+4J`#TlsEl0dK6n*qRPPk4QvU(
zI?C_!<8aN0n{AI-3f|UVev)%YD;{mYp>LvqR>Q@R#bjKz5u#*PU%i=!>3X!0HDEX@
z>*gWOe-Lz0X2hUi*4J^fuU0DtvvRW7(x142W5^<hJX{8Cw3Tm9<mU?4t4&EEa?M@Q
z^AW-Jz(((jE2+ZJSf*Bi6$uZp^l5b_uGV}CUY&^Ft&&x>eWuu#k;?Qvv)Y+WJDAKC
z=^$SYKP)%eV8N!>*IHR}+TylvX#XPQS#dA^kYru8+@Xlfd4JhN)vU3n7fdtt(veUI
ztq)Yq={u}6sRYgGydoV|Z*O{`6)#Q(9uXdvh_746Pn++>4D=2;B^cUQVROtZjy<Wk
zXR^0o{mdNyW+d=L>ZAF3jLdz76ZkRd#1dPI=B?|GA!_11OF@~H@pi3dFUspgHtIWC
zXk0!pmR#lpW_iVZnm1TE2h#i;V*Ce`SL7QiL(|q-XNlKFk|UakblyHW^1$KWf4@wm
zWZ`H5<5X7Um1T-tFa0Z4bCL~oX7z+KfwJ&A$y&0z$O!*gYLC($jyzgndCyCoP1uC!
zBoQurJRO{?k2FQWr8n;dk|GM=VN>-&qVsO#iJS0+%(3pUWMqM~g}n>THt@==kyT5i
zz#Q$oK+TL@5$+0Gj<jc2caxGe=k}-@V$=;erRTUk_MDb`+o(i-`cluQd&+$G%r~N~
z4{bN|_5{(Yh?Fg|n@Irk88_qARxN0eTdmLMv}R|4j-0mmGsWx<ztC`bblloVsIcFD
zB$4R(q^9h{vr5l7>Vh_pl-%+TAPEeMnh&6#3H;#MQ^`Aw4WA_|<RZ#sGJ4&Xd5^zK
zaGJWurCiGkQ=sCtefo%z{O%E@1<r!p0vURH{8oExHl{9S7-vQdi@+FY=|>xXo!m|d
zEdYT)Y&KpLu-c9Dq__jbxaxd)Rt29tFiPR?C)T~Wzh;+PyK(f(`f@KmR5r}qxW!FY
z>^QOCW*24A@qCkS#hXKg17+(<OV7G$%_VyMdpk~nj)VEqVNH9Q-el%T@m04Sa)v#l
z&POerv4+bsGU-=|tp<Eq97Bku?^FhWD>gpdiv;8~N_$l%tPbm-PpQF&S_=Efd0=a7
z<_)wC&gs-lW!Ls#==1N+2(m`n4UI&U`0lv}txVK5mTeu@8i@foau*%6X1F=|kBuB1
z`ZnJKv%0LdS*huJ7x;bocKPv@%7=_z6!2qCi@usx+A4XB&|bAo>HS;}Ny~3uTiir3
zohx(WnY~nSr%HhexlyL1D68-t>JAF4U?<zBLcwj-<lW=m9K+w_m#o~@s-nD<WJ_Y6
zhy9u>G8_9kt@&r!+gmKe#fem)KabuBS>4rFyUKPq4b!7yyj*MHTW>gaN2W4&7oN@o
z)LlOX)}UtmM{A?@L*HDzr%;Q4cLt*Z{j7odj`D^Xv#>SEaB>BuwWOt1)#**el;}{I
z&gG`8j-ugqHLhDwj+dB+71tUU&nD8^=P{vm4+)|D*rif#b>2aQ)&u)!k%G|45fOa!
zplV&FZ;K>oU(axA{a}m#wWsdk=76zbNWx;QxtxkgrMs1CQ~}2Y4di|eS8Fzttg>a^
zD;b%OT5A;c^WRMTnvF!3X(Zd|@NpUYk5R{yPa@a*1PvMfCbjCCHoQ<12ruo;#&g*%
z)0iD#LbxRU_dVJ4p}CCCb0dIi8lK;JU{n4=6mPaTkM=JcOciTg1oJ03<IMwW6rTE!
z-Qt=rVlrB${d}b0c|gHFpJh70e7#3$PZ+PsM_TL-QVk<$>w23A6L&5XnrbVX?VK5>
zp~g_?9rpQGv|G_iHy9%_A|CF995DuYs>p}G$__&h8cN@siOb;V*P$6;-^G|@F5muv
zITC-DVBc{rRG6u3{i-c62ESNmFS*@lwbU6KZM^y6P;4Dma8%@|T%gNd-lIx%U~qwD
zWTUKQZ#YSuau3nb*@QQ&aHJ7pb8!D5yJVF4(9+dl%3Pu1n9wk?5eY>MrxhpdJ##J<
z<-v^=kK$g=0P%a~<;ZyR!J}#Zqx`H^?j?sc_sGgkuUFGC&Q61^J(6D*b7HjZ{Px0v
zK4fIL?D!idjh62JJ(uR%L3n{Bh|<<3KGLbC&+6w03;9kjsI@<8?_xmsT`Zn;yB@XV
zjR8t^+H42bUB7M`!vnp_*i!gWFKiP+5f8#TnOF`<#vEla(0fKBRM{#IrMKL1ub-hZ
z7AJhgextkhF^_>Y021zuoBG?4Kw4e{p;ptJCzii-83kL@<ULnHzW8t{9B$Y0_k%u?
zHi8fF*)MSEzJ8h0UVgZ%&t002sbz6ERE5L+fF~D@S!FS!u3Y1jk>7ib_g&7==TV{f
zSaDhkg<N|F3%`Y7d!ZN8Em4NpY;{Qjqr|LQpVKF|)U^od3WMImRqn|T_j1V(FJ_0|
z-)$58Vu)#9`e{5hl~KcsG5_A$+@_xoIrnGg-24JdY>$k?m0HT?dp({5ox>(o-ta!H
zhz}(#jLbHU2>xcGi<n)G{@<~OmCP6NI<k!U_uS7l*ZCCav`J2Dh;>zrlT+$Drn{I`
z+ucavtJ*)xm_oj-k@eYoLg8#2Ht6VZezr5s2*;FnB%(94F=gw}U{O;&s_d{>1hoN3
z&5#|%;p*sh;0XnIQaU}1cX?g@W<gjx#xcYJ#D1;}xK)T_U!^pwtGqIBwd^^NOtl<c
zy}$rY-k+d6`c_>iKNG&;1j4MpZ2OYLqVzl&eWXKQ?W&tN#B)s-kKDS$ujBjpfOB|S
zlNS6?##Oa+r0?+9l5;FQA~eitW}m7+3;mVKw^~P|wK&c_j~q1?m=5SYGWw|q+Jz3a
zeiborgTogHB11=hr!OFt2qNz!;EI7Ws9r5VL4XU5gg2>U)AcPVG^51j-5SCZL=wUE
zt4Os9JIBunM`@R7Ba9_J8%usWc4NPS%nzqyiH1*;RV;@}SP_HJ61k-lBFdUV4b5G_
zlUbB~bVOvCU2f2GyB($NHRS>M-PrW1eyfH4ykWB1Mblk{=`M1<QX`y65HD*)qm@!1
zvVJ!F`ufako2lDUNp-|YF-!teeZUyfnEK8ma=3JKC@#i{cxAu;^?BfAwEdjNNdDb`
zZU1A%M>x{9LUOY+E}E_6fn7V&el8{HQ}aQ4#CW-Nqur$cQTS*>l<5{Zuid9y-Oi`+
zZZ;&_onuv&d@2V=WGjRmHe~2E8<)?4_Og#k1w}Sji{KMJ+<gl``pj^c;(qFn4Qq1V
zu5yyp@3bccZ=v1qTtaA8bBOfFQ^_^(E?r+?>C=y}RGo{eu<<4{o$zI`eiP8HVLlAd
zv1=VK2pHbEpglq6)vI?$M`N9dONHh&bN5|yxKUj)#kC+jOq=YfrnmYW?N6(4x8@I6
zTc|98u=t2fCAlS4vJ}^ea6$8Zee}3OYQefbgp!xe!Gd?(Q3Z2De0uw_;Wg#+TaNks
zNfX_-hV2TNxG48;g(~UE7NH<wvu?pTw+7dmv^#t@x8-7<fAI0`Ww-lbz}@#^^^e@u
z3l%C*n#vh;_l`)wkA7_qFr(qlHT2+(JRIE~(1%!87arW$j0DxqW^+GYen!=A3cVo{
zZW|C9o<3RaMKthcAvf_xr}0HvBCQBXkeQ%of)WabSxT68L*dh3$gmlZ-#SSiDCOxT
z>~CZtJ&47oZj|?M$iQ|oOBVB8^`ZvkJfi_aTEVr3X5-CseK^eX=HkP0wtUELGb-lh
zn%~p+$iNf@p(w3}2%WdpTfd6p+;*%$m=3iM^d&c-5?*43tiyQuh7^VmZ~4M(ba(?e
z4?!rGLoiUbugH`Qtyg)x`Dk_#ztpPHZhxf~kw0LB&ECDoYcy!1+aB*8^<@Wy0P+T`
z2Mn#b#j`VU38PA09c_Vm)E_aa*{DiaYDk4NXh0`m^7ybsuE(qQYrFFFO-lFn;8#NH
zVXXW)kh+@TAo(V&RjA(lnt!c{bx<nlfJ+4?e{}RqRHz`(ki(0NiI4snYd|YW-f=)e
zF1TyS0<FP*A+LbApTp@JU-7b>;gyHA;k6HUw`aD1{;_Z_II6xxk0jz>zf4uE1ct}1
zg6Mi5XAwuA2L9d=b}m5EWa0p&A<C3cJlA=OqB(#M$nTRlvhWcH(&A0}iL?l{K@M?M
zU#1_iomTG1(H0M5(+?qkI>KAym{F<2>&cYO7ub=F-4gR36b{I6)8WwH4JJSA*SH%&
zl)zZqO;q4w`!dOO(gUvgaSt_x7l;%;Rp`_=T7+U{v#0{i@>wdmnqPJy!nC8aD<%%E
z^EnjSx*T$s>;Ow6REY8*#xbf%&|&C4K!F~sgVoXDfuYHaxHDH>G;<Fw_9tBzk<iOb
z4^=_1v~1Z(He$zb5Bv{UGDInvDIpaUYqIuB_8>#jf5U<8dS;(C7xVhj;nsVDylyJe
zho5(btjz|OCw@#n-+XeSay&JBap$;o+Nkg^>}AYIWRg7VMMRpnfC$y@y<fK$jSCp8
z=~rjaENt}16BR;%{O&0&A1=r7(COyjI?CHEKRVpAQe38~yKbE$;ue=~iGv(V#C~v&
zT)*8menS|mxUe!pU!-DId)FHiAMi4NHP-`e<Tyr9-uK0Y#>qn|?iWbHjfz}u)77g*
zyJJso_ud_HS=9_xW<ooUlZ%-BHnWTIQO@h|;QZPvRr6-HRWJqoo%Q8IzECE`JLkh0
z)?bA@cBZpqDmd!y>Z(hYq@nrPX4|si#jtxzhg`3$xL6^xXi7o1<Lie~5aX~?(cW^g
z*i$$0d2HEYSt0z&sf}Xy$$$kPGb<;bq#}j~FiqAV(_}ou8cDz$OV%ZxB+E4ui#8-k
ztug{4-|*SQvV~&D&6GXkfb#mEJ&aVzLgk0{Qz6a2?@S*j{Xsd*?ejrsnAi;Z67ok^
zlyF{cE4QJNJZ3+7fE@!f6DS}E7Ch%lO#qo5PaAKxMZ9Qcxm}C>y-;9W4iN)VDJ(W7
zLlQAGPnGV3UrZBb!CkSe043_IEf1?GvIc~PI9}+9e5dcZs?no+&g|&m2rt`93rS%i
zp)4VZrcJW{sU;t4s&*g5G!0x{qP;SD{b2mv#o<DM7*7hjx+cc`*FUd>+01+(;Zn)5
zv)`Dz6-X!ULoYP~oZE}=tzk<PpT||Q=g*gD&gN1>DX7Oa+TUU#ZqKQ#4Ox%S43$`i
zg3j;tz)Za|PqDIBd7ctpb*BUcQE{-K(P!SuyWr%@|Ays@aYhVrMqeVAr;*7KXc^kV
zvnImbS`baebzzRM9HdA=m|aRuC9p*GP8KQPW!uBo9_4(U#JdW;j(>UMEE~*QiTDyd
z=T^wA2X$E+NcBiFK>M==?WbhPq~uh)!WfGq(;&)5#g*=`4hIJu;Z)$Od;pA|Mj)az
zRp~&cC~ELf7M~_IeQ(fVtr=cV8_}<8tYV8mn8^2r+vcj;jM)y|D*ZY@>4twZ)jV@g
zIev9$^V#$oOW;JHZrb<zJxc~oVzp_)r5i?$0JcLrH4}Yvk@LXx500u(Y@KzY)l@_F
zFh__j+S;D9t~sqKOt^~&y1aJX!n$H!hg_CX`76*3hJk9Hr#a8edT~ARWt2z*l>7(+
z>CryIBy)a{qj+*3vMc4W<@7M;I}&IWSH4^JeXQsC*^3J7`+{F;!o>I0-Zek$qWXrJ
z$~J>!5+XDGdOM3recmxJ%%L1y&kM!o7;M9FOOyAiTm{jbhHJ7)S4!DjJI1tTkj3+J
zuMyw_rmV6}g=O~H5iX%LOfE|(9|xMP&#_p$;cJY?O~1F^M}(^0kd~IVx`dap2Ramz
z6X-gZxW2!LPy0E2-dV`NccX?;xS;mZqFxBHPdi54lc+bp_stK>MRn!3^AkI3(~WOD
z$@O}R_&u;mwWdagTQkkj8v3D3X&JT+lWO@O=AByaw2PFfuA?B=BgtjWZoZeUJUHsD
z)uZaLaw~tNDU!1jM>_+>)Vdv((o&FCg`d_PESrhMU35w*7bB49iOVwPNsTfnur;@z
zyO#FYV`%e>NK77Acl`X}EP4<wNRb3qDs0{IB2uvt$Sm6oFVsYuAh?q9T6{BzM|P`S
zG#f+u4u*gkDxzvPduzkvdPTp67m^;WxX_#g0?q*lYct2rZ|XNUb<ajT_;N7w#kWK1
zF~jU;?dZ)9bCF1=&}4@K-j1EprpaxM{yQe0Hn>4nWM%HEahYO_4GIE)T&#uv2sHwm
z-+t48wRN@Hs?KRk&bm-vdFdE7A^xItTcA7r-^$HhJFY#`#X)pvjyIf!6k~4y^?^OB
zQO+0$Grp6ct<VCxg)@_LTjf4!iQ?|Xlur`NXq=nx)_3GqoeWVlx((tKRx!W=S1>9y
zRmNir^W3(3oerX-)}B+{vE2Y@Z#;6HMw&7PmGg(Jxcfl*!!RTjlY&iH0ZCXkXooa}
zw?8Fymle`hL{>R*eBTG0R6piPNjS_OOvKfSNS55{yOGQGeFKP>&pWQpaKTk5Nd6q7
zKDX3{Vuc5nb5dfbQT0$QEp^R8&ngk~r~TF<qoP5!JJztN5O-)Uj$yhgmJJwljIR=+
zDD!P?vOcT+ZdR!t+-JHWRzNW#u4W5f`E=;8OG>=|Q~PUGj?Qhc>HA@wS$$lFYEy-v
z*%NLb0GENw(=BVXhTUOa86n9I{SMnu#XLPt__yAIauO_@-6+!1_6g>S{Y&jmDPEfc
zwG_@GeEXwlr0;q*hXDl>!0}s^v=n8S8*8gS2XJEHD!5pWaXv4YX(7BWN}MTRn*X`s
zutq^N0F$wq2co+i?*M_ewZFUj_A*n@Lcz#zX8G2zeKQ$i;zvoLbIh*w+AnqA@Hfr;
zeteGX95L7fpZQqo7Sk$cCVVNGb`hw`R}Z3Q_>7Lch$I#}61-;GrWbjJvdin@K#1^F
z>Vc%M_-XiWDPM>yCUlk}Mno~?ji7Ko->D5Nwu0JF?2D5$oTbWNQi3@jbMJ_;gZaKL
z=u{Dnb^YFVUg^g$d5*98q^2*|XcfiUrxB3(@mE!2P$CF0cNkb_k{s6%x~5+OnY26F
zWr3O`Ga1%D9^PeP6q+99J=~rE2}L8*7jgv(p16DypE`Rp?qvnozRx=U^K$Imaw(Cr
zjlY4xTfY@T@;L>!w_Ni^>4=|!VgV!Jw(l(4=U+6#yUvA{=n!i8t)y02>a$xEHztJo
zTsYtH)_i6^b1Upk3G0T=%r<CZ-`H|Q7DSBP0>^v1V9?AwU38<TNE4K~G^1bK>l&bw
zi>owa>!gzTrsIN0&uIz4A?HF*qju7V*{qB|0fj7{b|{)dD@)EtB^SG}u+K*gxmD~f
zD(<v2nU{gQ@WR}T3mlUKiYKtf%qA|r*-+7cy%O)mgrz;yGjOB&8n~<_#iQv~l0+i0
zI8YE1*1DmmpV~LT^~p9~bEYlMtY6nsehV7*(Y%f0^L%Q_ygOCe3?vKdCVcrR$h4fn
z^zwM_!UJYt%x;;ZS?;=j$Z6$kZ1K$;7`)Yam^}UBG=@gkNrCOCl4$P$H$>zMts@N_
zPZbI;2~d2?3ta1#1xDFNipd8Kb6qK8-_6#wUl!*Z9jsgCN5;1{+W)<ziC)yTA@9q_
zZg4yH68B`DSgmH_=Ztic&$~aB5_IdNPb)fCk1H22Sg_Y=6-x|2g7k+t&&o~iBa;%V
zg&%7@n3iofwAjpT=6_{ZrY<kt5cK#J8=sk+NulpqhHY%2BJ%lOJ5JbvLYGNbu@|N;
z4)3}|gnzo=5~dg5_ueLH>@E<~KvvG#RanyZgTjm)WRh6Koun-Cfc_y#PuA{F^2!gk
zH^88e!U!q5jJ^Oa?I{-&X{!q=ymCnEK24gNQn*{&#~v<j`sMhonf9tCB1gZdMg`A9
zOQPlu$Eh&wam=A1N4MT~l+VBgkFSc=4>9=$8qPl+et@#ApH;#xcWp%x?K54NOL@!E
zJPvoJpoD%R((gveFQ;q9pVgX84!n0*TvQ@(QV!SNVz3M~x%1ks3+9WbdNQ?Fk}4;;
z&Vy)81LhW+&H~frCR^GHKF+EACP=X`t-HXvOZR~Hqy@J(7M{B*1j25+oUxU4Ric~a
zd+t~Vdpv_!Uot8S*$oGtMv8kT_cGf<ZHuoUH$(-U>59wZ$}<Ptp5#ngUa(MJ_rgw!
ze90l={B7tUO4nKBl{Vwu&;zEhRn~)2k!hQP43gbQ>jCOrOTgnp#f35ci@P?K2K2G%
z8{IdOJh8cDKth_-|5{cI9X{=+0@WE{UX8qW%6>EANRuSlHqn{gJu!GoQEZX(-%Jnx
zxF)iOgn=uCW+&)jxdLp>4=Us8)_s=A5A=tXRBUH40?CUWtf1)5w}aNqeYT-P8t%k6
zy9q?d^A;Ts6R@%7Bz};@Mu6HjkuVl%t(JYJD5(U8Pndd`ID-vXl|up#sCGb|RNu($
z7<%9HSQI?JFh|+&+3hGsl%xe&XHrx1zlnJfGUf~9%L%&D-Qnko<<aYUM*1o}o$NJB
zPe}u)mw7Wl)oyE1g89;d;w5>$tXr*d`Ht3O36?PP$4mHF%;~BOzl<wJgp7S`DnR;4
z5f^)1M{5xz+k^7bH40+cEAGn|YHBW~4wkX^!k0f3H|-5x3)m0KGt8?fU=z?hh<Ejo
z!{eQ{EzLpfE!`wNxF5zf4ToY!ovn=`zP`OZ-fzmBiqt?1I{?&HHl)kvOjhCYi_ETJ
z4b-$<F2wvB<B@m*;aSt}qjY-LR|Tp%4{?Td!)ANRN}{~18t5n+R}qbHh1Y9Sj9+6e
z?pw}v$!kTNAEtC(camvsttY8~fnZvBrh=!!QBD}X9WcqYDCT65*V0hJKv_bymRn0S
zuj1iuuln4=gnG4|;8LK3SElXlVyiwf`Srmu+uL4`{#gqQi(R=`h=Kt3<g3111=k2C
z^z}0@oJjXbPypRRoWW}fDrPnI$gKiaSG719br22LR%?)14e*3MY`OnO*?T}WnY?eH
zOA$mVDkzIcQv{TzROuihy$A{-%|dTcIs^!af{Fstdr<-D5PAuS2tw#JK!DI&XoeDM
za)(v#y8Bzt|6b406Apg)X5N{3+r01d%$4*c*07U%ABhx=Fq|`WbQIcV6fowwpd3=7
zm`%weDTpij%E}Gu4Bh&Hwth6HKwGxAKYCbJYpa~}UJ_-9v@>t9<8EC%BJ6D{VDaxN
zRzLZZ$LG%>OJ^~MjaCo-YIH6L^m95Xe)&g>E<5H>Q3>WN%#0!S)F_3Y6<ab`Id{LF
z+mUOJ>6A@SyCRWLc+o|`jKtz1&^gTJprD7&t}{Vg+a+0-MhN>DEtvurkbJ!jQagOT
znc8%#*uCczQAV^?^4Hs?;)oXpIIH`!O!!M%=URH)l}~7N<nvkmyE`#;njAn*9ikCs
zbxB0p**P4xP`9`q`B8Q6zX6sy6Y}-#Q4tD~6p|T`t!n|7|D0e$CM9KxM9+bnzzd*8
zAv(s?>(YSb!1unw|JUmNWq(E3$7wx5XDykI{m+J|Z7}mGbm0+y-4pXe#W71j(p$P9
z58(icqO@_oLy|R{U1^HT#^ZTLrQxS}4UqdgaxEZJHv<YZ+Mqr>C;nRIfBXX~xHp9&
zQKo+~A>X7wulxx%1=<@V=$aY+Q6TY)Ti|ix#ecV7lOm~J4*n;?0eCBq+V@g!fQoYx
zR8%0jKKuj(0u_Wybu=GIesw+mc0$<0j{Ad1HtZ58$u+ii*7|<L&Srtrb#u7T_{@Jl
z6<H(yYm2pd?V~?_6ysk8V$|z?X!grd{q>N5hD?#v@9n)P8qd5t;tBxvDL9iR>qpz@
z7+6~<g!J-1m+SB0PT%mOo=Gfp(*6GZYU-dg)}~b4;5QgG=@(A?h2J)DoLf;sqyG4h
zQK@i(C3t%R{cDlHuRi}I!$$x)7XwPZ8;4^1zPo26W?*JMEqVg~EfMxGBY*Z(=~~O&
zjb$^N<Ht|xbnr`BeeYmMEdpoX(Vic<`S(Qr`N{RLynM<oJ6*eu04k_IP$55up*9Y0
z)eeWHau3Y1=l0Tze|5+G{E;Eb&ypwM1pIXl(<4%3lxw{?kZCqe)(<4Z|68W_N5fE{
z^?*D!;zwW1F)&y4w5ZCP|GkVnO8x+DCzQsDCx=YYH0B{>JpQ{VRrJ6}e-BxCl%YcY
zzz-fLKg0(*TxuqMHmN=b>rokYFQDq5Qu+H(4AI{OEn#;T&~-hDgKZz}A0o*ki>=z?
zesoG~fZ;Ox&^!D8{lu@Iblx2{0GY@Skw<9W0J`L*+fjiZ5NR%;k0JAY(|@;QfkNbo
z<KzJFqUnx$O6`HD0(f>poLTgHH(qKXc$QHgs>A%>LXu}U0#_FRnN=v?^7Y073PT>z
zx|G$T(-D1T?)$xKDmnOu82Jm%FMl2F-&<cNoKztYw;g}~5F1S$eu12Ew8oX&u-Gyx
z*SL!PZX@LTi%)^LK}+Qe?SFrXpZu+36@ayQ@6Iqs!RB=*0P~-QVz<#96S|aphxbg&
z(>ONH(t>KeoGrwMJ3%zd*`8*#XUF=g8Yp_8%~ZN$HF@5$JFIcU(dr3@^!@X<2X2V5
zc)xa8tt%I?GkI`HUm!_v^>&K6De56emvp5}eqtE6J!tFhWHmX{o+QwErk(%OJ>84s
zuZ+OXcv8;xqp9bY)AmDUP97RgS<oMg+&qVrViQ(~FJCxSAbS!ULliPH-RUGbi4FHG
z-f_%q-X)_esg{LKbxbJk(jEkDj7-vP9Xy3#qTHKO&W-6K1$UQx<2Qz#h)18!9G`3E
zB@*7>KU06|8%4s=kf*-AwR6$%P5<&CNi7(`YiBEf>WGQi<skX1K#BrQ`tLh_C&q^)
z0Qj`Lu0^LTIPOj*9H8}0Ht1n4r2FB9Q!TU8H?ES*m|i7CV(IqZ+t;Eo%L}s_(3`Tp
z`;%)~X#C*y>@C&@7;V@$%Q)eKp|!H6{dc)G!b6+e+@Oh6*bwpXC1Ryf&X<EXhCk9!
zFZqi9&bH;7A*BNTTPZv@6K<gT?xIBuNM>|5?Q;*FVUZd@nwGxj{*mDNW#A0ipxMC5
zR5+5c{Xio_+D9osz)rs)Qc2EtXk4~Ptm!xpwyQ(tGCmp(&k%wR_ljAcJ!e+bO)K=c
z&TbifN!x@21KYh@n01S|(&d~=ExD!-eN!y!V=U{lh<kx`Xy$wP_2xF$&!HVn=r+~O
zCq<?&4&B|OLPf;^<I%Q%?T6m{pVPr}+yAk=r*Y}V0=g66e_7_luT#&MS^8Xtypa*(
z763st&1wB?e-3<ArYy9yZGXOw=4w=*7%HR4yCwCish&_$xSx}d+ERc#Ai9kdUZ1l5
zpI3bE^h(t^av31s++j8lzKN5ZcFiD}IfHeLe)Wb@Jwd?dgGE9<ypK9mhKP1=3v2IG
zt?`4el-Ccy${3}snvTQo&r-VGoyt!DHR<=<!vzwS9m@|kHksk(1o5rSr7Z2%&SJUJ
zf{26e4>gsy?M3bmyDoF*NjjPfrNQ2Ul@yTkIf&*<#CwkP&Ob>K8&e&Qx9gd*Mde1O
zAGbudg|fZ9c)T{)GZCtJmfCc;72oqDU^!i}z`v(zDiH4dO&dO5jW-|Y<8I&459;jp
z>^1o?wQJOfSYfO4HJbI=$u4~(c09#=Ie5P8ZrK{;PD@#1amMSs^z{ta^}E{8iHx;0
zM?^r`QHb&0yV9%krH!l0Qiw8kqfr@sRKdNX!N{Uum%Feq5P9g!CU}=S7~#Dgs<)!@
z6X>GOI8>|m;-ca9-$LO_b8$k@MZG5bvTC~?pU-*9HFnKb2{(;z^f9x<OC<TOY|RXu
zW^Rq|=QaPPZ5C`<{B<!R|7BS_?&5m-dXtpeo@v01&eHp{P@&azgJn#Peo>8*RMy~Q
zsbU{>o1wBGK2ZlD{CW&vsKmUkB7Hd@?6uN33n`iN!>FPi57Irc$D}4d)d-qKvB^T~
z`<yMld~2bIj9BL0!MO-tmt&T6yrOciWI-SeF4SFD%vR^sKuD_E`*!yKi?LSpGzJ#M
zz)(EMi6=5hA`;Z&x(ktH`$7{hwGUu#Yg?_%3AQ-VTQ7*N{ZYL<#Eg9!x67rkV-t`^
z8`<tAlRoD8^mK1>wSMj1W8F2eiB+*AsQOHSVAw#CcwYHx{GHaBRuqxn3~``?aB!%$
z7dU|VB$uo(OkJZtm*7D9SuX{_b)F}e`$@q<FSlR}4aI@#fUxTeQ{UvBH1GW{jbcaB
z(Ys4-wu3xgW<JFB>h~5+>g7s_u-$c3YdM?7i$RkB;{#ud;m_n7?_${Myfx1du4sx4
z6L_jG-7>nthVhKxfH&3}4ELu<`@Uq!Fve7%qz|4mo4<FU4W2*FcChNre7n!5)u`mH
zY;}r&$=*^L1k0aez#p+7IKqR0?bof9neW}WA@gu>x>~b=@x+u895u~4+_ce%lo5PA
z6k~_V4ToS@c!f<XM`bwQIb=w$Yxjx;skLq)&Tko7)ZYKLvK`@I##(`K?Wxg>d9hqt
zYB!xw&KA~bir{^Sz{+ec@TOb!vwhGkuRXappD;7qdXY`WEp1;K8?h#aAG~{Tt=~6X
zP#fVlJKHL7rw(y<I8N~8mwUcf%tChNyVoB%JY*sDJPo2~1IJ_k4k3P;7aZ3K^2o2K
z*Zd*WGXe=Km&vwjznIU9ma6bZ?{lhaG<~q-DZAp&%Tf&8M5c2w!_!BTd0q^)n4f}N
znP<Nw9+!u8U49g5xY0lzv0U+~mN1KWqH6U=*{ZC3*?vQ5Psxzi)?ietZ*=2&Z6udw
zLaP_o{aojjMcgv<k;QIs`5<anv6zK2ekwk)9FEoJH?t1qg$!xkbGs`iO<QSc2D2x%
zSec|i>I;~#&+wyzMR&gO+Vtc`Q3*iK2pAMUk@K9?g?i9M3=OrLFEv%KNC+pFH<(q=
zh0=a;T|gvI4`L@N(ANWkG>uA1Ex2rt<Eu7YLGLOs>xK{-YC)qlgv4de6a-E%4&QGM
zt;!=jM!1MD6;@fNI;FLUp<d6Hjq)}uf2i*+zeyMI+}UdIAbgpgW@y`5&uHhGTsR_Q
zd~LqA=3%#VLTP~yJgUW;jzFk|*4-Rwb4K0Rd(u1Wpux3`=UU%}MqI7Cb#1NAg;1W6
zh14jl%pA=(BQ-3*&Q8>kIOMqJXonpsmZi;RIGJm@wa#bLonK9*Rse?)bD{;s%$f!V
zqcbVzF=Lc;DNMANt2bY*e650IA8?u_-z#^Zt<fCb9MLs<<$K9uA~6g8+1N~K-Lp6M
zj&e1jIL7g9fu>)|5t5Wc?|e~D?04R|)S>mxG$TG<g5RIh8Jp<3<!V?{T8is8dOy96
zTA{*P{{bf^&jkjkRdEclTZ+v_kM8;zwRItk;&kmSW`pPw<k2(}uP3);vdvpDW{(!j
zlBui(!che0RF-!J*m;WAwZcrFdNs=I3g=JM7%ln4i9pcp`MVn}t>y!f+)vw2Du|g#
zK#>u%+gJ@I^(EQU%#IMUwX@R$<7hiPD?^9w0Lv*8_Zs;`im&BzUrLmoGsUCHiM77H
zC5_WCw9uyVoTi%?6Dos$fFi=x1n!Www+Pxc4DovpcGtP&VF4^-Mi@%<@>;0c3`C$1
zVi3!bFSosFhzq7_T6otW2!S_TwLH2Ju)JrOB7Hd}KG(oq6?L<7qF8g(?uBpCeEidc
za>7)5&lojFzRxVSd?nP{h^46pQ_xXHV#0E7x1BOnsNp`$g3fg>IDdN!VH@`i=diV!
znzi#(v48A>h93-CT|nsa+t`S4q=8_}*UT&q@@V1cI&npWw&!g2T5b2-Kq{zGoSc);
zTavZVL^>d<HqpJcs5C4lVViDmSVl}THBnWrrPPXf{dw3jZDsk2SFP8mr70y09e)S0
zNkWACZ}juV#JXK;qE>Vy-Q+v!aSFt?RLKv27ss9Zp6*Do<iRf(T(Yp>FnZWQhKyIL
zS&EUMF->k45pCe2R1YOURpsbE^j(x3WLWA&U?3Vgo}+68EfiNHXsD0O+#n9LEo5U%
z91V!~;ZQlR5`nOVmGX%J*xNBht&$v<*ck|hjoYNXrkzY9OfyEJH#sVlt**J&4VG&)
zn?JfWPJBVpcBUiwJS2qa%-9kI@=QYRv^bk&_Sk+A!ktxsIX*4Ob!U8{_`Fa)y-7LL
zSNsI3*w$>pE|3LfF{@06o~T%6o>MNDC2~jAnYhcelqo%a1)3#;XEh?kzp~nqh1Wl+
zhtQmLAGN1jC|Ni`UvbWA&Xu-o0n$D@wiEkJ*HWn2Rb{Q*PV2FFCW}3OG~*=W$xW_X
zQ0$5%+vb_N>d&lMBohmQW9MAYtSgbzGXRxc%GG*};amCqR?K{DHh1@fl5%0QW8D^6
zag5$LpP)XwYLh@Y+d2JY$m}g&_emQ!vxA9bqq;9^9kElN>!;VWW|gk}xw16Hirso7
zBM{*mZl|53Sku`hyfkC;*hCILlAhF3vRXByBRsdkTn4LN|4<E#HUQTIDY76Ti{C|o
zJB(cb?SIO)>6)Tx!j)SV{hx-7Z(Geh;_6Ef7B!Vvsi~~e#>i-iuV<`Sk?Q13zu5~7
zYh14j@thA)4x#Eq$J?I}j{Bt3_IV(mdX{rQ9%aP!$a$is^U=x}T+^W1cc*8^a(npn
zMCI$vit_ft*1A}Uphx_7xYR3KEvtt#3q}x-Ys@H`NF_SCbBW4xiDNjt0lHk+v_`eo
zvw&+b(yi<ET;a-tr^w+m1sL~_EwA?lytVL+A<EL`fy-l`^3}@tpH4+k@xTrSd^Tr?
zX+pF&jL2T1*`$$u1u=X{#5Xl!*#brq*92~*JYF7UPe(I)m)PhK@7B?qM6mW+mFu<b
z4^s|LM444Nvq?Sk&UJQxHLFOOl{3F~*R1v3^A+CTPTHg$J%Dtg1(n+lmXvnZU~~QG
z+EKHWw_;qvux`5EnKwZpv=H}B8Dc{D%qUf6V0oqBh~GA2!2t}4Co!|SBj>xHfG}{s
z*^5ZCh`wlX`55Wb)MlMNw#&>GM`2M2C5A8#qd<8|eg>V4=CK@p{;pAx1+`(z)%{NV
zhq<j5O-HZZ>9K@qU)n9%Dd{=s&UN4954F1pjPpv=X*TH|u0NN3^vB%%2c)3d*O#-L
z;o9OI_eA9DnqTXjn8zo}yr3gL&jXS(Pq!0)7d{+K^K);;zKqBm6mE?D&=5u$=^E0j
z*@{`&7!X-^wQD(#xmwMJXOuF|?`YXAW2%zSiQ7HETC5E+l}Qe=TVC-`lb`E7sE+en
zmZz`iue^`(8sF}qb<mp|URXmw<Xj#mNUk=mjcSE`qb#TBl1*~16+{n!Oefu$>aDTd
zE(-|eQQ$FH+nr?>&>cKQye#n?istKeXO(S1r4W&Qt7dk|jrDHsg`J-_Pin~TU{Mg!
zxH0W&E|M4<u8(=^T^R|U-Vs6vu{xYTu>b;9oObW4itdesjff@$10>{SpQZVvwP9#L
z<Xhhil9L*ZAuForDlF<2xmc`cHQDK;1j&|bUYJoaE|TPSj=5S(fbuYz)Qg6OAYk61
zaZ_H5^g4tl@<`Z94sHvvI|YkND_O<$dm4yD5XXznikyS0mpmaxtHrpo-p%}4?zF8w
zyW!Q$P_$=`t4ZCbBF}bixW%%SZrNf3t#HZawPU1jPq3$+qjK%|iKzQatohezeP)^p
z2t*6XBU{yLBk9_88ci<kC2z$h6_?kTr`hZ!_-S&pdZkTk%XAD-GJm1wy27ybEaM@j
zmsJ!crdH);hDP%X;Ww~;nOzbuGg+PA=b7Oa+bv@ktd_m5_`^38-dm*Tu@!yA-<BUb
zQi%+1FOFr}Hq^K_?XG(zPxKS(Qt{)X3P&Q_y?gE2YI^<ELgIS8+6Z+*B*;s(RG+0J
z%ecvqK$I+_DQLzvXzgm&tO=_KQgmnnURk6?*uyt0J*lq=l{u+nx-~Eg$G!hbW{UQ=
zlD_cLhAh30I*vFb9J6#q(bEbOp#xo{u?;ht%k4m>46pdwmE}g=VUt_g^XXdo!;SsK
zO;8)~;LGgof6M2GN|XQdh$K>Hpf^Zbu`<Ws0P%4_&hr!Xb18+(;sQ~4HaQb_*Si_9
z5|Kf1m64_7e+jB@qNQwk<ZIiLL|OBi+Ya{xR%Nz&zwg%_t4C!L&GytRu-GN1={s)t
z&y4wDn`U*kr~s<*=jT&v@Tz#V*}@jxJ5|@mpc^8@)=h_19D>(k{#nDa8`z+tD~|FK
z+%R$GXQA3^m;sC6+cEiYMGBODuJCHNP`77g@i8}HMN_<SpwowxtaYq46A)f!3tgPM
zXQGJc0CM16r{rQrd#z=J=-y6o%&^Z7Are*&;FAYIXyYLFsnlY^g>NqxX6L3w4Yxnf
zBvC|GuO~kn?uBX}(SzL=ZWE>mg@`-Ir%KEqmJOBJ`+y&($ge^CodC_rMHDL=_r<LS
z^n@OSb3KX29{n1IlA_m1_S&Ek@@Vsa*I-fir1KU@<JSI!L%58$wh<dp`>~&NKGDa&
zvf+YygteS^%*_cSjvgSsi&3=C{$x^tm=2TZft8RKQP_TSkIT=<hP3kD)4#;H6bN^;
z{TN-ovga={V1UMcBM$C;B^D0VSJkx_Hz!<%5<a>%Po_i0Y~Xw;Ymm#&t5bNUXeBW#
z_>N4LHW|D3s+ii_xQvqcGYPL(`cpb0v*A%?a`>V-I*9lxl2zucPRNF^D}JC`C>B3r
z0`qZ=tMOdD%Hm4@*z8JY1~*`zJE9ZO9yUuETRB`>;h88^oxf58&MY-~lH*Oqt~TO>
zh>);~XSbd22G`&__1a=C>QmZ&_9eeA02Jx;7l2vx-}#XjFXWX;W@2Lp$KukY390Mm
z+bem_+=9EE{cg1Su+qr32k?S8XAv>k7X4DHhw&0Fc<FCi)fgCSznFiTfn((4^UfXj
z(S@xFra6@f);#Am0pA6$O9b3=x38Jz)KU93a)o=X`mpmBIdTk;YI*zz8smYS4!gbG
zB+S<4s9|aw3&Sfv-28#>rT1GlNf@`rYPx0|p3Nz9onLg_Ih1~-5TnzTG-j1{W{>C;
zBBLLG2yVYJMrceJtq~@f@zL_U+d~;DT0bdj={udW?G7ogv&iRYF>a+5j+FA?CLL1V
zjdSyOk9MP2PY#uvH(qz%dW4>wGPFwA@se9DY^8o=bf-)$KH;qQroV<aWo%UPQ68-E
z%&PSMl-Qix+@FtXJ+Ah6lPI=MI&|h0V;4K1r);$mLC+%XyD@e%*qC|C1R>j9?RG}Z
zdzrL@-B-pP&cglWkAjqL&>v9(zjH}V*~dY7h}V_|liU+{yUt3fGmjNDD>pP{-!JKS
zxoxk|jz`DNyEw#{(98?Dp<J2rPUbI5d>=nJe;gjqw5h-az>skF6=xIjQjJz7j$Un_
zyAP*MeW<c8^%k0w&dM3?%gAfp?@J0MIKQEKQD;4?%)+skxTXE_<s0z^i-Iuixn#(2
zRH=>li1~R?y?oNnkl4=)U&9y-yB^FhC66ei9p&N9m~HmWlzR|#+A+Hz{9?h_d2FrM
zP?E05U_~oFKfI6Rg7;oc=XG~h?*a8wF|oGARdV|%qUz>AY3-w+*Agmj5{tG|r>yYH
z8uCLHY$!+m=yEpOgY!>U$t^9uB+I=mqD*#hcV*BS>y|p%EZfuB2Mr})rK-4POpDDj
zQ*dEE+`K5*MYaw}y?ACU+C|iSsow4AmZdPCTgxQl46krZX|z1oSQF6J0|d$4^NPcM
zZ{a~qz^ZFI=JLn5vq>l|=7_s{nT&b@7o)QEtwC#85oO#bPlUJq?3;osb@&>kp!(#;
z^Ga?gabk75`9voiyDMDKFbxrP?uXp_R#yJ<gC(O%ev5s+NW*#oakkE3QKVW5g1e<_
zR8-p_*jOSFOGCa77JARW@OK7rgPw$j=W8s{vfcYS1?{;JFN29carekP>||3AicO*^
zr81VoSH<Jf(&-A9T?k_!zhx`LBNtIZ@}3ihdSqTmRqGKf{$j|mP@Sw^*!Lij>TyOK
z`=+JgUZZr@Rl_g~UQEO=^39k4Sw2+Q)~-BP)UcWkZP)szP`xpVnn~=NR9PPF#r+ON
zZZ$o{q|vRi-uoNbp{x<@N-1himibg%EY|RNn03IsrsdrQJlkGeUu4X7ep)fqi4qu&
zTpwt0q|v>2r8)onOM=l~rZt37o1Dyi1D+mJlM&159x2aP)?{0Evvm!t$C>E&d82Yi
zvMk4D8p@7DxSnvM_aox()cUzz!RI>Epvs>NF~c3dsdMq}lhNxi3wTz0WA-J6DKs|+
zLr9TQUfhz^Au6(Zh!lAXW&HH84ZHLFw&Jp7Y0Guf2esx!rQ64uKeFgllrx3wE1!ZS
z7e@m=^@NI)-VTkW`q}rH05zs<eONHLX!Uum9N95^<gH$qz{`bzr7ZpU+#L%psHwUY
zsy_+O*_XT<q9wVH-(uaE%W2;47%9P-?Cm*zdVy#Mcj*^pFDY)!t&*)*D+GN;Ni@)H
zH}YW!owKIa%8FfD8^_O5CK4h!<6c|wkEQUAx(y9i)o!%cC8W)#^xZi|ssJwdXkWby
z`1Pvu7q#mz%RMd>Y1Qcs2dKH+x5S<VU8-IgIQ6P}Cpr!-(qdkJ#ArVtO!79a<Pjvg
zMB$O-()Az=zsa`{!NMg6jG>OIR03|a)knb$wSyua1XFo;x+WwEOr6p-FMmYj8#+>b
zL|Ur=Qom2M3b?+KdVhGqxY3NbN-NBO_eQk|xVvb3>3k$b4&w*OeEFY4lOB?dRW0+M
z#-35%X)18&QpZD6o;zC6Ch<TMx82P?8R9G7Y30ZfVj%P2W{)=(I^Zh;S_qz$t2ycC
zW6Rog14e1?BslmelUT@96uZAG#=e*qc5sehv3GIPURm>qkdR%TXI|d#aWqp_r|A>)
zAZYjWjF{(02|rneg3V>N@#hsMwq6S?BdsyUvC^WQ8#h#3CvG<Uv8Y-S*f!vgZuAAG
z5F#ks7)7`$jIfU@Ka+RHK#nKVox5t{CcKK^br6ct+}e@Nlv&Ike%+M1x};!*nBOy`
z6=6UWT;)Bw4VGhz?7>gIs(-J_JU6K$tpyDaBQ-`$@`;LYB<w0WhNb+1B8@J>4T^sK
z$l-khKQI~IOxJA9q^9B6%rfsJJ|C<=1VUW*=JMWg=4o76XUC}0*8Vq{t+k7m9b=`I
zE2fa{CB#e1?ZNs-v?c4&wk8Gvm(RXnF6~_4YS@wrFX7kgNqU4G7Sw2(_7U3~Ty|D>
z5btRVikDh|iXHD;Mt!oK2`p#}`wWY6D&7zrgYGVt8hvOs*WZijAVtPIfV4KOR8um3
zZwL)jwj9<8QUN4hPMLJ)E<B-X;d&1ZNOCtQ*8j@l5zVmV_HG#?mzpb8yq<x4769Y5
z3HZ8AYAAVQ6NhIFrw}&(2KE`;0Zkt1zIM(bz=7=&SF2HwLg$}iEwsuji;HbxwU`>u
z%xUeN+UeLoj9nMhJn`LnCZ&*}A*rGZ2`Vyrm`2LG3rop0nv<u(m!yXjzp@Mn@R(Wo
z4!mNN!8oogvBX&uDN`H*CAC$e!Uc&J%xYco@R4plkagjBo8%&2j)?&7&b9tM%IBg|
z9?y2-R8=}~EWJ9_chuTkeb#49YJI9E5&0p$T2;VT?9nTb;gD$P=*+)xh4aJoyntEv
z(ziP)(nGVsT)QJ%lHXWW*@QYQ$6(ji#T_yz9xHldrTbE3ef)1bm@Z=>sQ39%98<Jq
z??t>H)NaGmJ^TwoPLsQVD`!vT>wW)IBlF`@-AC_}1y5((X5{n?o%oKg<R5NFg(IQi
zs=|vDA%kCOr?M5AUumkh8^5QKaXQwXeCO4x9*gDKP?}ltvr9dH#8Ondd|Z6>#;i1f
zx$?cQ$e)oCE^w-Nx<Z9i{)@-m7WY{;Szh`$&YSxP5D`;hele-e<+d3gJ4Wvz(s{<8
zNExNok0w5qS-SGcD<p4mxY6Ch3iEPoUn2mKnYcgN#>heuD`+F4-ac?%ss!GuHa29{
z)9*$gnGsEqb0F=#6n@pbhSQ2V;_`a&y`m>J2GtJE-tHiF@mkawh_mF`;S`p0QFM4-
ziJ5T-tb;gTuvDB=qunTujE{l@ZkWxr^5M%guQohD#XZ<Lm}}o+ZIC2o0Y_>@<+;!A
z{BjKAV-kyYoeps(WZu-*coo}^fi)|8<|F>}%~u*iLM6t<-!&{dn&8vX%YcU06{E){
zI+W+BTWS+mV>RoM&R$qd%5o&qy-aYJ!%w~wV9Km`>UsS)>@5koSAZWgZrGBCk-_me
z4<68tjs5Xw9xCjrN8*y_WYQ@sAsCidyd_2u!=9cqhJV7DNf-SsXn%m3O}1ghsC-+=
zaAQ)m)=U4y{2}mV{;Ma_q!ZvG;hZU?<2PKJN1v$!crI7-IYZ%;D@@4evn7_ik<L6p
z*rsdR^GDp|Rs@AUQA@0-xenQ82?Ip({R*3ao5Se?3&weDozlJ3Mb%?0$W#6Thw~C*
zqB(Ii2fVn@$@zDPo9y<aj(|Ba2u=}E3V>1uSrsrcx9q*&y-s<OJgp_63w%DQnzy*{
z=eYI+cVzVB5te~sdjI>Nc!rX<@yXE}H^KF=`G^GXZ?fShY)L>l#ZsL15cSN!V{l`j
zQ;p9dxO!mI=xJl7+l;|+jLc|~jEJf+EsMYJw2)1=+mCP(eoL>S(h>fEp0<=xr)p6#
zYfP7+GI*lxD0`O{c%RfMx8Ei14zAya%I~Ps>#zbk$%Dx(C;IQ(=$RpSF1B9cCjr^N
zpFhC`#tCRSACS(8e1Bp?83fn|-?E&vf3p$&Ucdt3@$-eKwzM|%&k`#IAa~mMS7g6)
z%4IJC^E}t)rG`6p3=jZo%g6});DItd4=Ph)q>l>xqYd#FgEIf%r=KU}%ri$96Z>bo
zHsIb3id*>3AK*{m2j2jbGh6w|C-BR|hu75a3=S1dvJEM+LHX`cn#%w|bfcDj<Odm!
z3Fw9%u@E}@Z^`^D67jkIDJIRH3<+@MxLMCKe)mS@A@txWbn;QuPeOoy3v1)`r!7Am
zy_n(<tp_NB>m2X-3wQ4i(rz$ciF?T+_}}=o-CTt-srw%os0BAhWfe{Lc<%my5b!@#
z5MysoZ2tRIKQkW~25YGxIIX9H6JV@bNuZ0!`QB#1t_vdm3l}^8n`=P+5C5)X6@Iux
zLv2-4!ee^%vH;WLOvp6XO!x0W?QRq}NxqxcDw+N}$d&)ZeZ>N2UM*`E4OTW)=U!WM
zU?dgK-i!Yq1AokfEVh!pw9}wGn9#)sC}w@uJ)Qc$PxQtOu!V07O8lr_`=8mLa3X=o
zSKc?0H`G=G(fG!XXxyK00c;DRwE7D9Z=&-xFm14<pm*;6pg`~!I8?!>82<;H^#9!p
zH|6Ja9Ip~9ISK#`Gru`cx#Zf<WmEvEbz0JwivQYtKY#R><w+&6;4ik6<p6aO!G<UR
zfopLm?dRGZ0ul#2oMiuvh*LYMDmV(z0HFN~7@@Ov`0*c0`}A;WUvy^u?%bU?wr#~z
zp8U$s>1fNs_k6EEf%{M}GI}fD>t_E~IyxkfKp{obb*&$x`=oWa^Dc><{jWmL!~cUY
z1-jd)4OVO=b8+X$b2oxH!g^L`WivG7_>W31Jdn<cOy^VHf8t^MlnyXBx}O+zl6O8#
z)3J4*J!DNx=FAZMu>tGA1|$$)S1SIubY5s3>e_P=X^C^~Is)geR$Y`-t@uZC;`d^e
zU&4j&b3Q%jiZbE*a=f#%T+uYxk~=}>DtTnyakl^2Vn5ga=P%^@j+IdH06o%IOF8lz
zo|PZ6J9Kusv_64aA%7|!^yhQP<;20CO7rK}{j4(l`;i+-@(B`=>p=-c`Q<d8G8U-O
zSVf6NQ%c9*z+(R`#}k7B<D}mY6R>Z>!A{hmD@!H!cPsbz5W0Cl+9X*Rd#Qz&M<i`}
z05Be&#ZavLhV|f=7p@((4usP>$=J=(1GU`M7t24ZvvsuS)&I`w@A>`p=|<Lf9|O!(
zG&c7+^$d>>M}@<GukkM{`04N{fJhH%309yq;=#`Y`1e%){pm*Kp)QW#N|k;p5&3@K
zXMF27$K{u!kOIaQPi?_Q#ryAX``0WEf4n@Nl9s#YGH5reqfd40H!i{7o9IL%seqzq
zM{Xu(L24LB!TW8K@qzzyME+u+)-mKNu|3{mR;Pna;Of=*6o8%2%qjNETKpoWUv|5{
zHN#&DHr@}nb~0K%0N65?HxM%XfAaYLW7#~&y_t|=scm5>*0cKm_YmjLJSLeL0*6-y
zKZd4-vCyjrI=R%H9{ER8)_=(FDEobKV|mXGdwQKQJ4o?Y@`!d3Fvxc7|A&)O>E}*6
zv$SNN100`Q1l`Ab|L1!79h$r1_2lT{4oUUN$;l6um4J%Ll<xoBdF;bSGBlFysb<@g
z_yN>!eo0BmU@B0Q%6kd*2fqt*ehx>z?|23EOr^7B%MnK7`!c6aodR?ryW(Vj{9mtq
z;Y9*8BYwkvXBh&s6OKF$PRd7^=pX;R)_-qde`^ph%vjBKyaj-K+9FbhK?qR$xeTGe
zhyG)Y|6ULBODE{*FT}+Sg(tt|c=__>DQ0G7b9LHa3jf(z%dCQe804#Cmjp4Bt@g)J
z2<%>5c(^U$gNk<z)4P6qy%Uc~&obEA+lK*2<n>I+{Z%V(_y-My$|S||#ZxJh0>Kwa
z(MQhOeX!|O)?IJp@9DW)?F0K01%Tzxtb_6aY#2&aRkf$Dudf`yWx%vH1Ov?1xw~(C
zp)WgNi>|1+rk*AK0ro&NwytoI`Rs>*{p($3$ErgAlUMw3dWGwx-@bhl;w%5OKjk#p
z;eNgK<H?UXIWevmmAL#+e?~(Gt|_=}{gI%_7)|dKF3aC_|DlReS>%ws;WbB20lVA}
zEABZe_PW=!zDn#?$vY?AuG^Ec8Lkppa(@TRxN}PKMbKoMwi^5hAq$Xf6(XaPIhdH@
z!sFws^d9&3_v_xeC2%L|^aEm3i<Zfi|K@%Ho|h?SDp4!J?8;|Gjr{y<q59Z%T>}I4
z>)L`|T5oF@G>@vQsfj6!o>SFSFOGSqFjK0ObDgk?+x4aW^GY+L#sD5bpTDP}+2oLO
z=WLg7UnAWO;pF60i}w`Yl<5cm9}d^#fGI!Juyop;5T@dyBvxG0J))sgiHl-;E~7UD
z+5?!7jAq_NEDH)SUoQuFLqP#yULz+biWjZ&0~1F9Td2dp6CabLgVxlntRe4!51Y(d
zPo8|69lX1z&e8qhKH7eE+8k4OCceJL(>X2@LPOMHt~vO*<NvkG<jqbu3la6Dtk+IJ
zcP!Eqmg<VP`k@n5ih`-ce7XDM?9g|b%;L@Z>kwQTUsjflCC?Tg^jLzi{v9S{Z?`)e
zql&tEx$0{#=9w9z^s1`MAKWA1du*Jt?l)CB73L1~Qj4Z(vUWDA3da&#b&|#1%Zy#R
zmBhf}T<PNlJ+rN5#Lkym8@Wn#jUN=okw}~X46O+fl9B19$Q;$-+s&gtQ0MEb<NUn)
zOoHh*D*VKGl6Ecd2X2^xRT~JL=W{`)kO$7pqV2nehb0rz&mp1A)=yFKKG|_C@waa(
z+*c;uO{Z+XJ;1l6yM8fFC;Ih;*_U6gS~>B&*>k{Xit2uwr2Fgz6;RxXt8|{m*AWq#
z!~M@Nrl)lVa;Fsn0%OM^Sn-#On(UP&E{{Tw_=@VtJRZNVIwJN}d1oLGZqpkWMrU<m
zfV;irH#WeZ^~|55Ub*eMmrae#mBW@MRu=Nvj?Eu^=ecu4Ox3;-*VREL>0+Hv;}sbd
zrRL*fBG)$^?RAg+>eUwN2-&Wtpn(Fxg@qOLM$D7xx^_4F1Rs0$6N&Q0w`<lA<Fw0Z
z@Bg|g%p{pn7pVL~7{%lOEWL?r=XG4W`1SB5x<cOzoD7P3)oCT0%<5I9R)HM?mrSwD
zV%0%43qLsA{zv=Gi<3TT3Mt3G^RJ(so%MA#8&R1jciGSZ*Bj9m>UFfEFEu(F0%wK@
zqE|k~xiEk<Q|dR4!(X~$U%9(@lrIX0co!Kh+ngIEJuP_dr2Zd_hj2E6)k{LmIs;iR
zp-RA6aY#xqxF1w8F!6CS$Y4%|)}mV?dQ*@|raZa$Lq#*N&04#^cBucYQ%T5o-}xQq
z36i`r$mmcp`-ybI3t}uU(dS?P$z4s;jNvE>swiJ6Sj&Q#i*I1jaZ@zygjwdd>kQm?
zDmV%d7M*<SA2Sc;2|HhkjAV$jpU5bbzI3Fyoj;6I7#~Ctg*ubRp(nwIOZ-j9vKua6
zK^oxG^2~0uNWNk$;qeg)cki#~x?{*cZ;k;6TOFdbT0Niw$TT=_9vUeaK$cqmNGCaY
z;|9pBsQB+cy)M;ON)ZtpjC$r%!JyRK%Ip|`l-%DOe%DX^vU|_hwBr2#EXZGW=0)n^
zn@`p#X|a&{KSqd89HS2Odm(Uv=R`gp^tX|-Imumf<s?NSGn{$s<cEMS?csQX3>iR4
z7uA-V>o8QGQym#+eD^Mou;n?v2yV^jL=p+HhRWPrjc7q50Z7e`+zzf)NuiGGRhqv8
z3!%yzt3Oon#HY(a;y=2+{u<HzDk&Jmmit%h>bma(x`|%LuHu>h8W0Q?aUBYqpyjCs
z&Sk3iOq9V*Sw#s^(e}24M2H|r`W~T_vU0lq@Ll45M8wQmLtXCz{qA%`=nP?RCF&LO
zl~$;8lw>CG*)Q7-xTt=+mzAIIbcgRZ9+3aXGe-^XU&(&EH_;x1MNk>sFJzN__pvq|
zjEg+-{jMl>t3606b!k?|*KMq~mZLzFL;O4w@@xr<>9rn9a>#JWtun`<a||D8wS6X@
zGq(0+^)7u=vKwe7j%}yp-Ye~)$Z!stK`KzP@qw<p&3>~dGbtZxYh^zYis8=YU8(hA
zj{xTRfNX$mv%>F`uiW7f3)$#z&g4D+Ylv4avptlnUHEH=d*9R<0*!)i%Nq(u7F5oj
zmAX^JvgL)$uP%Ky;fqc@k0y7djQ`}|V}f8fop;QuWAc5d>`mW|_YwAH06ve+6Tm2G
zpl8K=><V`Q`++#j*BW29yU2?JuuEkUTwQ@>{5*ehyi|RuYfCz6^px6#axwI`Rswe7
zaG-K`pU|O?fL;BJ_e#Y<$6YMl;ZZxvgAXdd=!8G9;s<BOc@c!2XK<~8p(E#jEcwq}
zRhyiesun46dB?Q43m~NhY-|?5#r1QisW;*-XJ5z?pJI@v&=vkonoXy%N-Om{cOEO=
ztxl@|UXI0P_UWYL3r+=eR=+#=pSe%uf4Xn5!XqfCy*2oV4$wZ79Jr5cVo@zU>FP58
zGGbXx{9tQPA%LP~V_|P_Z*MW@BHVrmUWl>#epI2Su5fU4H>s9%4iCqhvIKWkXgN8(
zLL30Zo`j;oh%;{&d5u>!MJOV<8Naj;=)=u7x;$Q9rK>1;XDDlGDo8XbnL7Dgo1p*d
z1LrIIEZesdt0=c!uSDO+uf8;vvEp2xMATH8e?4#?eju1j?JjQ^RC5?EBuE+MS1n#<
z)(KGwbn?2HLCqqmvADSS!MZ&=m8~7LS5ChR_JxGj0cdaYiO)xp%95@;c*lg^bAq;E
zR%;Z;V5_5Ap?Li>)NCB8mRc4Ea_mv3XT~o7E@1KhNPl=1{v1@Klew)WyTiaFWd34a
z<mFgTPtSQ?eZCmrIGdV!Ehs_m^yRU+bk!g7N}%_W0SwjtdJ0|8C_9h=P&G1C*L?Rm
zRaG5mdh$&XYGN@_TjqF~;g}|MF0J^7d&Wf%fxj_2{Qf{WyBO@@ZUAR-e@&G#1DV=(
z?J7pmS}(rMuK~j#-VBq?dYd^$b&kh(;gv%8+f%%a>6*9(IZ8rh#X*cA9ACi+4H@1&
zQ#n<6%yT#3(?MBftZd22mws@Zbs(<az|4V|+%FjQ%!hVnq=r;gQ#0xfvv{nTq|sAf
zb7dCSl0=stZTqHgOhkMzi!T{hy}5|oW1`~h^EYn~@&1!xzP?>^$TnnjeL#?kt7~b?
zJAq?WER^4y0RN5%e||c+#cu3h&oY$c(;<OdZm3&sU7~jJ*3*k<OCjctz=#L_v<vt>
zDjxipa$;m6A3e9$mdSk!i*!Dt-BL((c^<F<WArbh{cxpnEs+84np+msl)Am2aJl8#
z(`Ag3tcKTO{cx__R>(BHh~-OX&nmHcR9+|S)WyqZF7@txw^(vgt2UJY?cf3c%Jns}
z@0%}jn-7edHG0_IuBjmRW#mDn6Yf%GGdCOTJkjT%G<6t&xnI~K-fa^Wm$B+tN*$h8
zC@Oj))I%Ndu73V>Ys|_O4;GiN=YH2(xuM_>Ocw#fHoSl>ra~Js@%cHf5pdo-J#xIg
zPC`84k5Ntu>n7@TNY{IxuOmbNmOj`~S-Wg~k0W&in&Rf@SWC?$S<-&Qx6(RIB=(Xt
z^bz<4BJ&iW2uaXtk7TMYq42n4r+O=Z@9q%0S#EaB#`N7d;}e3=5Y6x!|0iek0+8CZ
zh8JN(_q|jcxG#?(u$zPoiTBf{=N(9Id8Lo6>$>7ubp;(+T7X<prr14FgS)_-5~dzh
zdg|)wU1+pJJ=^#;Z9dn$3?Q32(-b{xa7c9%Ni&d61u@NA*Ncsogc+nj>CA8F?BrAB
zsBQqP08gBG<<>Bkv-`D%p_!TB`fPiIGV6|2&=;#D*XVPe)3?g<Yif);WcT=nfWIB|
zb!#q(JQBLvn<Q<K&B^&Cp)vy7Hu5D;aVwgEu{Dqe>ouc94>rW3g;kOnrifEB@p|x!
zS50peKTjckyyqB?lFg4!I&%Rgc~x&q*qImmc(C7<->E6d0`9Gdp6&&AqE<fQnp(+k
zEsIkVjBZ%gnefAW@((Jj@L#+Pu#Z7iD6Iv5e3~~<ufx+unt##)8iVoF`fvwQgoUMm
zpH3&`+UP3lrOZU9Y{Wt<0h4Z7JKOIjGZ>mkLT2H&Q*6;{d1<ud>Y(Mhpnru5KY!ei
z@>ih*$)Ot1d2WcBOHL5Pk2q^*Hld82^OkD&R<>f5Sv_x9c6euxemg|)2ZRJ9Le^dK
z^dGgt^DIpV!BIup6(BAHwuU>^Q(r^b1Od2L&1k{8aDj29ZtZ3snMKbBRU!MqE8XLp
z24?(kE4eOIm5HrMCre03ICa%iwpt6TSvorAt6FD=zk7FnXQ^0w2G~AZchmCsn$<PN
zHum<Bo7jPtR>3+x0Q}$-v=a@QBp4937iDA=n_jb671;D=N6j8EpSQ8e0-+tZ`k8WA
z$jao@<fQrdr+T;IT>A(gLR_3-hC|gnL+Y-q{b-e8cH7zzAzjL$v;gcz5X5o?3N<HZ
z!{MJbIPT5B?qRmZITSU;Y+hG>z32R<Ui<kXmi-2ATiS?lAwDVYLiKBv!X$+Gta9x`
zOQlQ}3`{>n<C47$L5>a8e5ZJrm5nFWd-yej#FP}%!`fgDu4ukam<~TmW|ZKwx-soj
zC^SN10n({8nO3ds;u!nJjX9ZIfYNR(41@19{<)Zo0lAjSm0e~|;S1`~{6>d7DV{NA
zCu1~COe|(^30zuqg8ud{<v@u&oMfh^Mw(up5EPevMPE%_-Jz+dLjr9mvG$2<247d#
z$BH||GCOTxPZWQ+yt)K1aBR?|eS`xM5s~IYxC%3(SB++rxcnY~9vYq~7iC{E6Y26s
zJHR3Ul15XV+SV8p0`SFPkI1?RQE%SR;65KGMnhK*f?!cg;Pm1WFo{DCszE}-^I#J-
zGhjsQ$w<O`ZTh-!c0P{z?nrJuGkY+h(!zA*lU8Y^^#r4(Pbvcgb-4*_ee)E3?6Swa
zDMZJ;@+H(dOzgsi_oEkW?%%_LKi;mRHaSTi=z_aN8p!q-!Hu~mNCCZNIQ-q`FAs<7
zR)+_e<yRdH2Z1BA>l}!ietNBvxa2Q3<>72moahUUv*!_?(s9?NjSJ^7NJ`|VvfQw9
zaGowr7(O?8OMYh%5k9m3NQm=d_Xn{A-0)l}E{Ge6F2NQsA9}geGjqvFbAV(LT}Tmm
zT=}(7!!^!k&@;GP$eHF*k(HI@G?Wgz;>;czo{_;-IUAp2uTz;b*OR6fm|(WF3uDzU
zxYyl3d+v9cp$%q#5Nk-0O6{*T%sf5rYnPJ@BS=*4tyD`%^3D5{kL?<C+dtwz`?`PW
zemjo<AD>7AU3mvd_8!1oJG%o|A-oT~$V%exBt}PbogFl-^F?rSUsTPfx@{Mx*$NEh
z`4}?-x0#ViH#>f3&TL#Nh=NwM;Tp$P1so3N<ACv)g4O00h78|{9UpCa!^|lvstI@(
zChhQm!vU!&J~}UziT46mPIu2&P11Z`ys~r_+SOLqqUToHfOHgM!r75&FfP(8F79Qo
z+N!Gu)5zQL-M|EGZx8I)Ft=4SsMqZv8E>y>868<Ka|ifJt52t@^6Q_phi?fUX*jNF
z>1xO23`yXQ_k$CAfoGXTnbAC?T<Tjik*;kw^D6V{ahz9iB+SP>F3!$#uX>6Np!aR0
z%e6(e^$lPORt2&mFfuizSVpw6(G5_XbK#h@FeC)v?bnDjy}rdd;D>9z_2@>B{#~2e
z`ge8XURCB6RxKA9%`AzNsJb;ak8#=VI&b%kdDq3wMetYmccH%Z=@;hmfNusSz@7N`
zX?opUa`g;A%||bMU3<@VaMyRYH)VM1EcJlKB)}X-Iby?l>b4sNXTlU|i_m~_BF)&f
zKg!KSu7>2^=s???)arh99NsO!5qVPC+o0px6gBgFFU$b&QyoW}Upj<874q7!h8{w(
zUw{GdGjGL5ov~LHI{@?)T0h`9z>LagNRV(X9dSc13t4Jl>+T#z1WrIpqYrkU05+GF
zP8h*is{aGUdVUS=n6S&1RoNI60ko(2Nt2cqCidqSZVuaZ@lC#Z1^Tx>c0al(EUXuQ
zHlb~8#%xf&i1^$qpz2=cx?sUwf@Z=r0{CWo7s>M6NdVBCmJxAl%+IN+C5%<rGLiMX
zUGP9NSKWf5=+Sh;wzH50zThFZ6aI9h$Wi6Gr3x1b%aq&bZZbgw<UxU3;)7LK2D8?o
z^W<<q+PS>WJN>fU&O6A142f#L6qBQc3|ENDtDo+SMzzM_w~`<9`Y^J5jshX~rdx8H
zl(J*x%$dD)W^mnLy&kNjT{S}OlZr`PXc01>KT)|64yYsO&T7=I*20<r#ZF~!W*4>(
z+YkPx|DA>X=cn$=CxF|L9%E`bdzlcOUI+NW%v-`6r4IfSvCj3!$h7Sv1rht<z~kU`
z*gXr7RjCHY9w-m@rR8)=%-NeE#N~4o%xQLa=@19im;)^UY;^@a3$S*D6z|GGP@xjD
zcX#>=d@WFneB0LnuD_63o#V`FVc&}YXFqo|QP?U(8c_8(ZFGN)<$%K+@CX2Z%jLYo
z<z4~F!aH|J%nibzz%9kMeM~|PO0I66(%E{V<f8P5R#L<DJ=Hnb0@XRI1o`zB4*r&q
zPXo}RvDCsQewW&r-CeI$4mY1K&E2!dDTc(#CPEgpjF$V*W5iu9?KoRs(@B5>6MuS{
zpNUIFc9^`i6i_eskXN?W^q(~2P8~T=UMo+rYLTT6w^xplu2C8@?ja;C&GXH%#c^@B
zs}$dH9?Oq5nuVk^eL50}a&Qdi683T<d>Uxm!!24$OfHr+JaX@IhoKpPpWmvp;!ZN-
zPevI(p_ng1|A|fngUoshm`L1q0K{(fW(RPp&#=Au@7O<;jp~L_sy84>Y6YRx(pulw
zbIvX*cSOhc%j-rh1Lr{zD8G2iLME}zT^8au0Q0bM?*cHQm#pG;;!33tHhOVDIS#rq
zGN8;q0@g7#+1>dI)fi#}O=DhzHAHm1Z&A8S@^+b4yGIif(W;=O?u{eH9dqz*T>=^~
zK8C%RI`a0O2Y$gNRkEb?3^6Saq4)snylUNd8(65;=ytfR#aBJo#V*uTlXl^pA;K%l
zUVztu{=|x{(Q-4?kqB51|8k%El2=;=8Px)~oAZVS<D>Fc5wtJ!TE}i5<#8w4RHWr3
zXwoi_#FT~%oX{w!lNM1TtV-o6TGXxGDm50a_K^n#Sf--R+{CMDvs!L=wiZ8l$cMBG
z)blB_a?_<0zC?f#A15KmHEecUe8dC6baUEnuBKN#ux89g^6Y<yLh^F-huSP$-B(bO
zvm{#XU?CK@keRaeVkN&?D=JGbGkzy{T?4KgVs2s4I$j@e@#4kCEwg*~F3ar=Y5UCK
zD6A3n4>2T`7Qg@rHE5YxxVNXsnGwE)LYH>=%lDN4PnUJT7vP%0%T+V6FtLU=TJhIf
zEZ@0B-w=K9nOw>oPH|jYX7e`sFT>)FJQt0uR}37kgm0Q-ybq${_A0X5JrC_{J?dP7
zVQ#$v(MA!WFgjVP<i@%z#^NECp@kl`%q=i7csRQtVDnw#1BViacg#pXm^6oOO-`1=
zpEP(?uh4|YL`Ah68f(JXhJt+Mp7zv0Z?SpZOOTy6*tZL=*-!%4cZ_Ti0$*1#fbQje
zfkBH2afq-EN@_;?9rEp?BftEqDh3mIv_puwJUxLbr+d2`f-PuOp@<~zqUwe*7kAgs
z4fw$c*ZUw7^MWBEfe#1cf@Ca^43!%_a)TLwy6#2I_9V<LBf-tVC46Dx`GsZiI{kvh
z?F8B7vqirx%n2fWOU*;X#neRtp!Bh9+ol2v=W0D#fQBi>?fl?D+CdOb-pBQf4lP6K
zC_u?=uW2<v3m`~l07aHgU_4)kC`fU|SrNFpE}@s*mxu3=52nSnePzLu8L7)l{Gt2I
zO*{5lW82%&vmU*C=EQgYhBPC#m+lqcQ&UINE@NpH^Mx9eAq(c)^QsZ<QD450Kk*+~
zDe1?4E5p<A*d1(ti{QK{s$^?xJB=;47xbZ1sKGH*qyb`QShm3|EbaZ=WL1-mJhGZ7
zLfCF_k+5A2A!|t5B+R8)wv=;~*RI06yn}1t_o3{=%sTlWZK9dmrI8Uq+|4bN>8h_6
zZsSdMzUX_-VFNp~x*?0_PwMDPCn@d#FmZYst{@pj3Gs4y-CkV_6V)OnZ5VXd%RPDV
zB{$)&3xVp;tL?PM=OraAOY!rYfcpbg*E^*kA-rraUh=y>``sFOPBNr2%cc+gGnwAA
zwOhkEPT0J1ikYki?O-Z7dyqqv-5w`H&jNi?v`%BU)^R$C&X5=xm*y`zUQHxW0;K5o
z8uEgV1Dy=WkO0LqrTrQ3!;-B1qz5O5ZBjjUa5GZ&8HRZ=#!f{tA$~a8%Fk}{YHHc9
zQ?6W{U$-%yOaO(`5@XDLCXWK)19(xLIC!hb%h1qun!M4ZGA~-l9*9-~C}^VhpH6H!
zMe`AK7Z+_UraxZg!pgOBGKw`%3Nn&c^}SdD>f47vl;TtJ-B}(;%fT4m=8ciQ$9g+6
zG%4l6BPaR~X}8Rq*u+b0rbv;lT&CV%oo9sR4(=Jj(1LLD-R%MPjYXO_xG5tjDsjZY
z@g1f3`O`YSD?^@JtLW`*4=JbXAULOtH@iGEB(cSq6oSUk1HKilD8Ox`Vrb8mS_e`a
zUhmY=${}%~hI8fv9M{#_i4&>+w7P$1QNP>Y!Uql0Tj<rWzP{VS8jnkjJtkJ|$IFYY
z(o|LIcKZvKI96-cLsl^%hv2JmvOZO#L;zOa;@o)%>9&`vX;41uR{feuI768XDUR8<
zij($)_w@}lzvNErn)Oa{*dHoMFdx37ua8vaKBy>GME9T6aa2B4#NxTru>5$@i^NC_
zQdS=qBEU67UA_`%Z1(UWtE;PPZ9|R1=wbL-<=R*)xvFMwpSUFH8b4ZEX8q>ix{~{_
zt@79wsQDBf|FEuzWk{E7+sb&uY<?J&xLKhV5i2UWAU{yM`=#buC03klDXdR)li#VH
zEMX@24wu@9s>FgHgT(3{)9k?s!}3bikm@Xlnyw>}!RiUqL9j7XaZX|Vl^xBHY1$XX
zh&n`tmcXvno;^`ZYm__ZGmB30LqbP4Zb?|X6(CtZKsCrtm$vTqKcIVs$}eK<9t|xi
z5gB@fm$7IuP?t;+PR*I?He1^buI4Vzs`jG!eI!ER57gQw0Wd+T&wK(nMGQdnWmG53
z*us>GLq$(W*}7mKR|7thfEqx*wY3dG6f-AhXU#B&h(zDrPRXUIZ(oTP!n{x+#T@{w
zeuiev_Aq@t{gOMm5IYtMn1g~XAK4jJJWd1j#_C+??Nh?A4Fxw$3US|R2SYS1#}e28
z4t=?5)jfN%&ioKRc*Kh(-GJPPOpQ{ehB1ybsjBS0J`pBy-=}#vx-Y;>J!?JS=d5f2
z!hPK<HKIlyJMeUHJ3Pk4KGF}4&1$6-Kt#RzUgM@yMvKY-!F6o*^T`XY<p?dv{gIWW
zi$Fs`XB9l=ZV|?@k`l!Fj({3r!E@{llwZ*ia+b5&wY?xPU!ex+&nk$vW+c)5dUTR@
zWxCRhIkVcm#^rTE?A3$3XHtjBB~JBgs|!O;0EQUtn$&SE7u-P9vx3{fgROSt>DKhh
z$}9s}g9D1r=3DQV%dPbJ%xv>}+i;q{tJr#Xo4to*2B2d%10EmF-O%BCE=RFaD-|YU
z3HI6$CK2nf{T27Rh%5m`=jD4KA~zC_+PoIyle?_-|Fn0VQB9@YT0v2opr{CnqSO&F
zN^_8*4MjSP4FPG=2?@PdD=GpKN(j=Vm(U`i2T*zq2!tAtUP6)3q~^XjI^+FD*4*EB
zef&DClXcE}-n#dGp1mK5x!bn4N_}eCEb8;>3R-0cLid~DVu9#sZL3`R`&nQIWe}MO
zmjiSlW58AlK?%npKpA#@;3r({hi4VDa<umO?hwyyeL6%AFx<N7bZ-`v?pJ~ry%p`z
zkSQjP2G$2PH(z35Wi!F+mlat0zp#hzm{8s(;AHjZ(22%5qPN_lQTTfxn@Plk7GhA=
zR(q|a<1T(224W-8;bs$RV)iElH!jcMt;5+$Jky8Th^u}EWN<QDoUPu^a%}8b+=SBa
z(2-m(3|a#ot9L$A3>%m=CoLu0DvE00^3SIU)kYa-YR(w-%zz-8N6n-UMBN7ilQL_0
zS?)t1h&f(aYt~<hHQ3#_03hT5Duk~q-aZVK(OGv~YW}U!+!7IJUjLY!rRRZXS-h{D
zvR-q|?K884mx}V$B|cBfdkR00d;SI|AMzi6?j)nr07Oby)R@1BgiiOezv?NnPefU)
zp4Nd)gu>wPkVlWac7-xPe2OUbHY4L=F(@HF2CDn6O6GwhS~KX^k;A1pp!)0%rir|N
z^;sAO#RPnYUf?q-uq5U$o66{HmVzLqDcI6F?g$H-qRKvhSTZk~!vmSqMGT1Uqo6}o
zgz3)&i`ezkhPhiMq->;Bhpzt>f~U{$5Tu?p&KK^lMUYuJ?|)|GG_QMWv^cp<j;YV*
zFu&fj=f1B_iT9};jDqEiHYw2C<YM0ieB_+e5^gSyNFMTnJ;H>$5KnhvC7SC>5XXdJ
z7AO%hu@^xT8B3@5czOF~5=1jwB+AnJVOZ*gVrsDSvFJ_0g94!2>+LRs(6+h3y8uEO
zU=go7;I4W7iu%APB+D{loWyRrQp>9>RDq#aQzZ8cxG8JGy`{G%Z>$<LfJ4n=cCMls
zfve-`HRmx?cbNBn1M(0G_S@LTdAm#A+&{jKZ^p_QkQR=smoa+Eh)Z(adUk}v++UJk
z_g#jzRMn$lu31Puz=@QT*^WHgi?Aa9P6ohRnUojO8zIpS<ObfffvEH|Q>fdwZ`Xrz
z|3=ROeTrMo?<($bNJ;SVrMCDKzD0$zS2ne_PA~dl%ry;-C+uA0>`NUzkb!}L<Y3<c
zE}()@;a%#_z;*#liF0#ht>rNsXiLAXmjaiOeSNyX$||N#y0Y*xAYiG5=f2fogIQB~
z@9+t39-gLZ<t)d@i13K0^$&WZ{DblH6D?+lP+?9ZL%jl<kgm+TUxesOJML<Z?5-Jf
z-8k#<m*tbXy3KCY0VjRVtE=N2lXP*4RE-&Jj^kxq9b?thAGv+>QXJxAyKSuyo`&c!
zRw<&?jiR+4BamJeN0x4F4lx$b;@fnyiivjgos@%l;@gn~fJgxF9xzKmm>Gl=`r;_h
zfv2r^5d;T%Z9~G3=ZNZ5;-EH;F^QblAVXe>sd+7sf%0Vs`>elD@ZBqmD{rm$?PCv7
zmY2Q#7q>%3lWsY}4>Q<dx)e+VC3asm%n&<*o=xNMWU|9Lz%FOc)BthnrMv3{K8<MZ
z$!NzQhHFdB)|L1Z94a2I(Y@x`6Kq28fnR%bjUThAY)oeNwGN{l#i8xPY0meoDGA+9
zU3awmi9kNP@V)WERrWJG(^k^h?${92bQU69Ks#y)9|Fb*E4Jw@NBv2fvW|zHd`DA?
zQ+VvZP`;Kuu)bE|>3YZ+2V;L?#PugErqA;+KIe^UQR4Xw>XmCgAGqH*4|aB5qG$Co
zXIf&KsjaP60jPs;z7w>z{A{Puv*N)bWBpQNEEuazbu~4Fa%k#Q2KrvPT4R&Mk%8po
z<fb0`(K-7KgKXX6f$TLxFo=M%-6-$TqxIM-F;`Ow8(mcou}VC~!*jK^yFxhu`SB&M
zj_yZ(U+;p14x15H$T@CQdLE`AUs>aeV|oq~C43=rJq*$>7Kb57Zs{g(jV4=Dsy4P<
z05{;}YIB*m1733No-{`>*DPD3hxs<WEkF!z8frrn6f(Vr5P8~NHB20}#(kZ{F_LZh
zu^7(;35CbRg9o{|um19f$~BmXoI-w#Z=!^E$Dio~fA4<Zuck70c>yjpd;$WhwZZ3X
zF$|7#&m#j^eXTI!-3N$IX<Sn^<KX`Fgim>`P3S6h|HP@>fnD&xG%DT!Aap2_OCBTt
zA;)>J>f~t{>ht7Y&y+RNpS<+hjOS2?RCL{wKjHIemz_y66CLsmM8;B0&OcFINl8SS
z8oS@W0|XK&q$wMTs#jVP9?kbW>&fG)$sfGlCtll)F9W2~1ur4Zch}`~IHx=HND?MR
z!9ZV&?{wql<m=A)SUD`fZr#aa%By!p<ko>1i6tEc#RMV6yIxt+>>IUDE+h>aI5zGy
zyhw+<w3M8ZqI<b~?Dr1sx}jIJ6SC$gnKe$9DT1*&0d3HmCF6Q!a`e>CNgXorki!69
z?_s@ERQu^0*nVm&W^F5k<KWZBlB%wKG@eH!;Q#?#RXui{3f;<@Rb{X?aV&d{mmR3R
zt{1Oiq4ZyYX2PzW*Uw<a$V;+3d$d7|KyNRnN`izXBy{oW6_4h9T<MYF5f|^3uRE7J
z^r77Zh*Mav1AP49kp(B;2R9K78kh6ES8CrDN#NWr{yfsM?;$fCXzZyEdhw*ghrbO1
z)symDE`0n0F$LxHhjS6HUmH=?T>vsV2;<`7)ih@w9*mE-vfoLZg=^8^X{tutBx<cj
zfYudcP4j;v=8PE#?sjj(A*QnzQRerKwH!8pK5CQ@7T;W~i{l*H99$b)f|Orzlpiqm
zv3Hg<GvFd!*D2c>=`g+^2EU(!ys?*g#C&CU9zG&g>~eE<8{UxG5fg9c+UMeeXSeJ#
z>$XZ@dzCHHc`dTK0^)jcaCGBvx6u6sfLhu~w(q#d0(?z$w+;i4T3;FinsNob4Mzcy
zs4k<zM&xy7Me~d`DXGXUFlOz1bnt!O_VIB>WRj^PBd@A1bwAGg)HAycyUTkFJHVJ_
zlQxmx7(`s_P9-eI=Qa9U=fzu^4@$Yrx(%Hd6&1x;k2{=(F3!!?2>eOC7(vD}-PcV5
z`?WtA$VpfLjab^^-8M}gXJxg0)K~>`$)yQbReAYgwdF)$+T_H^9wP^6#4@|%e67^y
z4ZA&Ru=>e-Iq>1cDTW~q`xLwH1AE5&Ve3&A76CRkwt|w3j11MhSM&LdPLd^tEUPzf
z-sIsGQ)F*Z%Ew}{F&u-WnLp`I&cWrH`dUTQjqrLBYpf@s^({KD^SK3oDPKy+9EcE~
zzD=l{2fmVoXex#TiA-)qp(`#e4|ud9MlO^xqzKmS=>&4`az8{+idDF0f3AM^SRE0f
z$=6BMzI=CO3#WJ?{tVYuAxdvC8F(c<A<3TVGCJ;}x5UA@bi_AHP6HVM7g}Poon9PH
zb&i~CM%zfpmSvN!bo10eOP67>vA!HrN5Ai3|3U4Y!ckqmQuJW`W3HxNkLR5tOzQy=
zPv_lb`5G|d=4adB-NlukHdc5f&)%9^t!bCdIo|fAt?exUlSLY?hCTIj;CJ5i9SQ;V
z#mtt4F7+;`=t4L8oXLI8yK{s3H_J9=md`DiQW9xK-N-%hwzjrAQ~&e|aAR1M&Rzn%
zoq}Lsi<)($Fm4@u*O4Id^Q6ItmdtIH@id16x=#X{gtN$i&{~iBehxZuNJXX3e%XrW
z%#8^TWdkAKn1=kC3PaoSfN7{q!*I%SRBl7z$u2*V0xJn-9RFpibcjwwwT6C(o<vkf
z{idVa?8~mT1Jp9Dd=)+JJi}<qQCB>sValuegS2y<<sQLi{41k#Q=Ouz;o*_eqN34v
zQi*Ur`x<PZ&E%o=0`^_dcTo9126_1!pv4_UL`QR9cO{h|u-kL1MRClB8Jb#<z(W<z
zfybZ)bx%AJwpnoaR4L0F``YpWEf(YM*t<$cU<OiWp~97~BH!4g{N7bvtG+*I21R7M
z(JWlGoU*KDv3yLQ>O0F54?i+KIVsHr?CQ8}OpwO8flQ$=+=UI;1&%0P-!xHjmV*BW
zf--UCwB3q%n)SA<t+n+kqjpx6d0kCSU&XIZL8jX@w;dcXI33tfXQwGeh_*(nuTT2m
zUXv!6N@rroT9j5v6-8UloKFhYES{WKrs(_n(UPs($Fj3{jW2~MgmwxE>)nvbO5?v~
z=#|DWK0Q?$OrMmTtg5J(f(sy%v(9Tusr7C%9gCAl49>J)4`H^v<Su6|g}aPSb=l2F
z^;vGeQE0)xAmr@Ik_w|G)i{ltvftBC#pg;70NhdEYDS^}Fq~!$FNB|1t@S>E{*V6u
z``=kD8A{CEcVR^S*Im4~+(GzSj4Qvm*xi3lJf1>7W%)L05fu}|mCh@y6A&bo(cADg
zNOo#d+{n-T7d{&a+pLz9?xcLJxc=DJ!3L1{h3DpZP@vqFs_P`u|BVPe63Vmv8D-u{
zN-|ieKDc_};l%ZHukjmzi+;Kw;A329Lnv=AVCTuL1BI`A<%$yNl)^({IF$`nM9XzC
zRNadS$g?Na@)EZGO-2L;(`{)8<I2iSTc4wyQEKKb<`a}Qw-Y+wa>@QNDkYbh&z*x*
zInaB_j%TmQ1XvzxGa{EDE&vJvLlX=d%_-sO2T3~<5enGo0`c$11oawc>kEd9UKFA8
z5G6xd2g0i!63?|7KWgY&*wKh8c;>R>?t3w?N+bGL*^y?lIE&V<Fr5NrzI*#>sYZX|
zQ@>1Uw*LQZ2LEOH?xWhFib@Vcp#-Pd*bqg6!*!HX1&P`+CX6e*!<m?b-y53>pZvDe
zVW>N#sji}`tbA3LS$HzFH-+=l0TDf1Ufz4|3xpoiYCDS@Xo^E)X8<?6&EUdfbNXy7
zy=t(GNuUU9L&>_lhzE^on5XmFZ?<$W25GoeH~@T1u}JjF)ee`TOrHBg%nq#8$Nte(
z|3En7T@PD|k)JG%wy-*Yf?vs$9zTrFA4)g;p7(m=rv*0x&;NVUji1ai?NmM2Xl+pV
zmnUxSq`>ZRARW~!<xe)~ScA4N`}`jt;j}+dF)&OXl>hpY$TYq|$|<~cs7E|(jYz4C
zpc9VUzt?*FVNd7WI3Oe>lw|kC?nS@}opLYKeXqruld{4{lOw-PwSkJ!n5kRCL3@}%
zKlYYsrQd$QUeU6$PD4gSn2XQlcgVjB#a5qj`Epc{M9A@{{qfiT=+>`M1WvkxB9Um>
z@t0&lL>!V2NUJ^J=Ht_Q5y@5IYtsaTHbHufIGt6I*&fEk-=PRjkAn|POq%VwpCY0n
zE*kn`@A<fGEeZjc;YC2eJKqNyzb+<409^+a7!0<2(SCBzx%vHu%yGJ;q@?=#qg>pV
zr8EpY$9akY%*lf{{RJu`&daO#Kx1oBQ&-HUhch|Z%>1|62!8I7h=1+2hf^$Vev2}~
zox5ri>ifhM0R#CW&|eR!uB)@fYwffLYr@kr0N)1-P0q`^x)D}n^6#GxI??X_>o|xN
z5J=5Vsz2hq9kbwd19XSpyHK#7@TEo*K57kdf-wmd)GI(FpLq(QEBx2|t9G9F-iF@Z
z-rX@)R#JKmfYv+3pB~Yh4iwpo#iQj6`YXwQ+~DX!M8*Enb*BqcP;`%-ojpPIW$Di&
zL_f}k1T~q*_1Co>bagXshuMa_T6Pj2e!>E%6?dZEya8(DC9eR(^){ewMV$v$mYAG-
zM~XUwH-{O7zHkpIi0{J&a-6y1d+PxA8=R_VlvUKi)&{-xd{*DZ?W%cPdPFD$c~kCT
zCV(9}7NHPO9!49=s~X;La}eYHE=>D&PnzTMYx~r{pSH)9428AL7%eO;#NB@&R8+#f
z0U2Nl+$IMQ%~id56A{P)UB%FZv8d;YPXJbejr(*mQcWR%J2gew**VZM0{D8OvLLOr
z+|GZG7yM-~F!NAFxkn=q7XZA05E0IIcE0lz#V4*<zDZnAfy3cYMGQ(0xD*1a&430>
zBscKI)dTeyuE+iiq9GHf(lfF#RfgJ;YU3#>Dg48uV*frxcYXnf1>dxJ?AYw=8DUL_
zm(?l(VG(e|bVq8Ff#;kVRa0KMABGOhSiQr5*?aYmiEcw*{gXh+hWZer*oi!`H1yI%
zuqE`0hl?ho_KG?Eee`m+xgHQXiGDu}U~na1V>GB~g!V+96t-Sb>;*ZpyMgv)M%%20
zS`T#XGvep&t9YPoscK@9*dp%(P^hsbyfhMxzND<7jGTxtProW>WZPSE=c0hX+|>gS
zo2^an!+#F*{?)~PGEQ`soI3v5@D`O;M3`x4_!(9KQS(Sr7Vl1J)8*275G{NV+&*gx
zR6`bxV5th5&ruSt@PPTWoSZ@lshuw-I=My<(FV9$`J_}8eYwZ^k?Y}^K<*<WqwzpQ
z=4@U|OH2DNc>RCN(gV57w`HiSl$Bo~z=ldmN=fQ7vj6?}GA}?b9UC8S>`cEkcct5d
z-lL514D_>G|G8@e*xC@2SfFx$QeB@QeR;DeDM^0NXA|ZQ7ONR~tN{@&S=o8*%^&%C
z^3)BYqFBHJw4iF*NPS<>wW{0w02753dBd4c!q0!&3upb|<S<G-c)wCx!cM1Vk$37e
zbcdUlTPcAS?AJUXQ|x7Rb#2em)IfvYHDtp`O#qBp$G_<8b*D7ja#L0<jVp8d6(yaH
zRz|%vVb1kXNg3qE4eF|r`}vk3KxeF)CZg^Yo51?PgS<+YK8_({Y#wxp_1NI!V>}C-
z^#f=Uv0u8~*Pyt5g0tYf8^sI?Bc*0KZkF|zWY?^a3@3>TlC5Gw=fJJx%<kmxcRXWd
zNQ0v`TuZ|nWWy2<{gUg2_|hzrE>%oN>5ykM%v9>W;f|_yj;i+Ls(T@L&)RPf3Anmm
z#fhqw@d~Gv5+`SPoU2|p_Q3U2*NU}Y`|G`m%D0f&2FUEzxg|KM<m7@oRhDP)yTE3D
zQj_oWjPvx&fYd@kHk8&$W5H*^z93}X&U+oAkGrfN(?3ZBjUQY(pu2X~;xvk>8%g=t
zMf%uP>^%t6?>;saJ-Gd|ww6uO=FflqxNOLeAIH-sj@$fMTix(1mc*ZYoNBzI$J)=@
zx){sXR`QdNi;$UIp8r`}M<g}loqzUm4_l|d4aEO$Yt4TL;)hxG-+}n=iunJ&BAk6~
z)X=o2>KZ|6A9<zQuxWX^!wd*eyF@|*=}XUNVb380(fdu+PZ2z9KV3H;EOQrRcP8w^
zH1QLX&n8tFk#<f9+^xr$H5D*E#pwbBod+U4q|p;?lh8k5B#AV@?%)gZ`eT_~L*diu
z*3={W@(0g5InA#6EDvP8w_dQ{A<erLE)zW0rb`5(D{z_b98|qy7Ht>C2G18d8NjDk
zNgqo!yY+{+p$jwU0mNExoU{)mpCWEwAvf@GyR0a=KSy;zO5gSAko25>Ot>C-(|<^M
zYsZS>IO5}9l)UL~uUcq`9P}=kr>pSoE4?mIIJU-A;rnH~V`s8@`-r{j+R{h_yy7x$
z(}{QjJlWOxF1%skoDb#mX6iQn#U{r{#QbE9AkjzPW4DRm$zR*C`;Or?&CNKLHHm6L
zB0fN`WV>W}zQb7?JbAE7r<mvKJNkVoUmjIX9FibZTRV$PZ#=u6j!t_$GV)+EH8)oa
zC@b=s)CGlyaNUS9&JDGBkXQQ*Tf|^Gr`iwY)IoyG`qf`02C&nc6lxQ-#aza$=bZb%
OpR$66eD?1~kNyV;9wWK{

diff --git a/test/integration/consul-container/test/util/test_debug_remote_connected.png b/test/integration/consul-container/test/util/test_debug_remote_connected.png
deleted file mode 100644
index 52fc905ef29af9bfead9efede531facd778c2446..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 111968
zcma%i1yo#1mo6a?AV7dXa0^awcXtc!7J|ELBO$oEdvJGmx8UwU8*AJfd7Ya(^UKWt
z*7Q23Pj#L0s&Ch>Z|@FK_$-0^7WXX_6cn<Qq^J@U6r2?l6!aPV8%T_{Nq{~S)Y}4c
z5fKF`5fNeq2U`<!D`O}q$&iF3IEA<+%x|YJg&bPKR7%3O-<_Z(5%{jwMajuN`oA|M
zW^Ju$`fe#C27@7{4vV3aKw>F|ff)9+w}UwBTMa#?RZ$xe_V-rXb-?BL&y>rt`w2c^
zCeQ77IuTSTv;^(vpbt<(sK!z~UVPZq_UA~e#9h$LU9S-Zx9wQ^%O)oUzYT>ywYGJ_
zWlI58Jee0deO@Ym3~ie_y!s}L_Ib<Lfd!R6WFN6YBNi6Qf?;c6bojlz15XbtLXD9B
zseH|sR0#?$^U$d;pD37D(G75++?az%(VzrPh`q(x)xYh0Y$dg#-a-(A4?}Yq8`9_z
zxx?-mkVM)dmESX^@Jf<6YfP7_Nym>A9GGdBMOc?frv41vdCD3*?<6PH<yP)RRdfjL
zW5BPL9!go0*M3iIsHkK&goNm>e6E~MavhdxU{hfFh;+%R_o}A;pxc)vo%YIL^unl`
z)HFHkfPkqtmVC2D3)19yBuBDZ=X`TTW}mlNbfZ~W?{QdqmwNVp;f%|M!6!$Y$KR7r
z+buocljuh+weZ)hvoLoasShQVk4cAI#a)l5tO@A%rH-ZG(5&D^o$m7Cp_7MUnYs^I
zgv^K-pFcY3rwFj{2sf}JHb>W5iWr+FkDQ}q7@)#?zIuK4iUBoJL;IUkR{z9Us#Tw3
z2&X&=MxGIq#t`B*%OXidzfNF%emyc&+^O>ecU!)EyGXFN^?cHTpUyTT%zG2B7!)Wo
zvBTI;CSC(Wx<AOECk+M@q-zSjlx-1S2MZETe#4!F_UOV+er@>$CEb_j?9DSVjOcgH
zDtJ4gw?k0xqhBZbv1OxT_|biVqk>cYBEX3h`F%SZC;bgpm$4neDvWD4=_KNtE*ZwR
z>wfm|-|bLge+XMdvl~IB2+gCSI|Q`l2vXsP`n~`7itKydq=OlO3Q~gL?j(QFn+I5K
zSlw?G!fTVSi%@U_*9Ef-Fk}PGt0=7CC;U<v5#N0y-3+LL(t8W+g*~HaLaGRi>XJKy
zz2o-8ItkG4F{JuNlCw`m5YH7Fav>U!y`?xzg<wHm0<RicB0iU^rASb;QlvKve~6A7
zR`3JI%(0GT8HFHV??=)P^&cERMyG<N<n~>zteuEFFrJV_y3M})Wc-ZHPJv0<we#gI
zQ+~2vviMK(pSnMx_V_Tv@(m-Z-f0L};j@2eMQTNB#asEt7X=!)F&wnxOvfEZ0)9vA
zwzt!45?-ZWMO)=srCWtMA<gt(7|`DKIy-km^QP;-&<_&`>kJ_3i$ceMe*;4)4DTy3
zL~2EWPh9uj2K5d6wy4+-w5b4WDOvK0kBMkUAxXheA+}OvvGl_+7~=0^)#64Z2PM@d
zz4GLZ$ZM#V;?e~ZV>x0_VkY8<qBoSNFhoLm$TMTbmPCtlbn<xfJ>zpnG>58p-5g4H
zKJBFL*bKMFQV!t_)$U*o14olavZ6ab3j7dMU{pC%`9)QxQl!9{Kbgx|AgNlXgrxXW
zVYNu3)J@f15~0wjXs5hS`IEwOrITWDR_KpIMZRL4L+-;@hvbJ)$TBQHs?Ce*zAh_j
zVOgtaN-e2zX>qAH3*U!3Fc64w<kcP=T#a3AUjeQrKBa!5{m?P;Ccz^?`xB80u&AZ<
zLN!bUPvx}4Tg|Y@y)?hrTGdhw@FP-<Lls4NLUAM4TguDmopt0T{z>`|u0bI0>^C-9
zwjQ=b^W%m6S?rnF>8m*m%aiH0BCa1|3l0m?bITRZYL*&lC7=?z+4Tyq&tO=Ql<u#2
zEF;*Ua76-S0s(^JasCYY40~PDHLA7x7UUNBt6&e=cB6KXhqXuU!}5dB!|3(V6%j5f
zQt}(>H$2GPNc`BiI0M)f99Hc3%t~xu@pkd%aQN5@uv>8$*ecjN48OA(q~@g@vp1W+
zO<PVWNLEW;XY?C89`iS89cux8-QynrFjk(qV)&WeG{rP+A>~$ck`9_~UW-+`Ewxa9
z!Fzq)o#3)Vb6K-Mo3P5$DBoz;wtl{3?l7Xhm~Ek@=OGfge_+rgK`v~}QkzA)14Ot2
zc2Q|1ZoPJ~cF_kB9FyN%-}JtFco*_6;T@kWE=zoKjC()Y_Wowm$a&p1B_*Jcws8Bi
z4_6vbA=d&o${0uLM3&DN@6NCa#6jaMnM#^owkhXI%gVG!yutEiP)chi&%{$Un0VAb
zVT8NKW7pu|<GI<@-LHe4=AO$otdY@$(xK8(?O~pg)>UwER7F%*;kfDS!nkY7sk=b9
z{<jUaPQnI?w9yKKs0W_A$}?LOVmMKlcsO1}R^)h?hBw_p&q6ET3E}Wy!oH`82*UFi
zX%EFI<WA=2bOsvq3ip2M$qdpCU_dzy&K9SQEQ)X=IzVgYx=@U_k7q5R)8gm;*h29j
z60R;QC2M=!w)mlXVS9Gl-=6Ng>2Ckd@7xfv4eMBgG5SlALb9E0&Q#B8fI3z&gS5Vr
zN%iB`@h$X_<i6y-<vxaV)X!|Dv>_QPDXb&cJ109GJI$93mx1^6kMEzq)W|qUT|{?@
zRmm}?ZzU?FGLu|kBqHh;KIE(AdrKlp@x-&o5XP-X`%Xyy<Rn*mpC7WEWJWivJ59%q
zjui?>;-*`xc2apy%$1B_O#jnr_{T>-#ll&Q2fsRo6}DCqu;FK?@erMU9Yq_{O!M`?
zwr<a?$E>8BB>SX#x&_S+6Zeg`^PyfeISEoUD{2SjpETI2mR+wm+4|VbExolZn;VQk
zt<FqGT8ONOYFJk<zrZ58IXXFcRi^Ei4<$rX0&jhem%r2+ECkw$wf(T{Pwda{*JpR&
z&;t)27S?1@u#?*!E?afFPhcKnP9*}g*BS`v6={bV4mL3B%FTHU0aG`wJea3VS{B+`
z^>IzgEwzobRb|FW&lPm79r1<n8|7z3W<|3_s|xo99JaURd?$dzQr6PYQvTBqC+(dR
zuKLRL2F?fG$Ir)46DXoY`*$h#j$=aCe*JKrgzpIs`S87)+6Qt93e<9490_zN%klVQ
z?RNGQD|6|t_pZUX`^f!+T}%hnSe<0g4ySHi=MCsT(XT0yKdZ4T;f1AU7qk^j?Zxk{
zCpIOXC_fi2Yh`HT`PAQCPnu`Ud@zllu;Q2D)wXll(s^#KzTCPb#e%_lSix-MYrzJb
ze+Fm(7V^KzsMCXWIu^SRIbHjAM-ECqtIO*e>REQ!__P<#RMehxv~J+G9=E32aITs)
zAGp=l1H5mSv~3#cS8rOp?%#pOuUoraTTjK-S~ub*X8>8QKKnusehVnIM3DkoPuQ1D
z`yoAX(}lS5r9K?@?Kuk_x3XF4`oP*?)2N5$Cx(}y$L&$UZpV?!X(3Q|>c^v;nO^>0
z4t-iTrZc5S2hY4S`F;T!eVk72`y{Y_Ms9WP>q_!U%5^Kx(wmz}o)uSX!yH5T4bwKF
z7lkWD(DtVMPkDkYLw=M<pl7!iHQ3^!{#v`MaS$B`9sO&hKMUL2Y}A0bxL0nD@G0n9
zP}%D+-<rO7WM;lMdm#D}+U2u#kOGiCepMtPyYCL=iN;rh3za);kGVM<Lp4p%#m>&0
zk>XXjcO^9?{EY5U1$Ef^r11snnR<rh(G~n$2wPL;Q~Lrv_a1sjnIjvbo<fBhYe<>M
z$w7UBgyErJUg1K)LPD<~H~%ZV{|<}4qJnz;S3EQnRFF9o%-?A~L!Q4s(UALho<Gmm
zv4K!<kYDd1w_7&!f2D@A%6|P{Vdyi+J18M#5h*FiQ`ykL*x1I=%+|>&3ycJbK(Le4
zbcBM!B>#QCl2RgrB!9JFuA<?jAt%diXlqSxU}XE%nBL9W?sqv*yl&i(ptZ4+0kNC4
zm5n2}8z0GEDYzlw-_Z;t#D67mvg9MtkW(NQv2`#eW~XPQXC&c&OH546>tJNUtt2Y`
zcXr4xJ`yu0Cp&Hi23J>CdRG>DTL)7HCN3^621aHEW@b7_3OYx38z%!dIvYpQKZX2P
zIikjnh7RU-PUf~Y#J|fm_-gCy#79E%yQ2U8{As7LoB2O#vT^*oTaXSi{C>m0M9;|Z
z-(^Fx^8SwHRxo!nw$c<ew}y-vqz--#HfG+x(*KV)|ETewa%%h|ClePV<3DHpr&s@;
zRn^hhLB!S?Ql}IDKj!Q2%>VrI?~J?*zq|fVL-A*v|B8hSH2+&(hX0;4{<penJ#vtF
z#5Wg}SAjestL*pZl^f)X>d*6c_=Tc6A#@xHN)Sp)R7l0`)o})#Cx#e!FbfKS>}nl=
zLL!NVc%xVKD)eEQ2a|RY;G;@Qtnq5M@;j*hHdGfwMX&|qU|JZ3jO>2Gb_?GzZLM`>
zOn3Py5M`--sdytLV=cop(^RR&`Balw>Q{r+dYPqWty(!*5nZVyG@0P<i(I6OS6_yL
zV^8?+h(FQ)@~wb|Kvw!l&r(}zGmi1risoyhNrvP%nBP~n5xl||ZRYe8M1*Ll|NT-i
zf*$@<1xiezhCL*LZTQgaT5I!n@zGzPF%~JX8RIBly(j)(FJCg^=rU++i$w|{pvecR
zKa~<s!BADnu^JS}|Hn3e$P%o1YZa%~+py(oJ|F#8TmNMK&)*{`uijd<-qKPDjD2X!
zn}vEi9?A4~jsH2*??E6|go#!CA`>?ha;PYq^na>LlK9iBTstXW>sa$e3QIqUc2eyB
ze;xnzRyta+2GJ_c1x5R<mCPBvq1wO9)L&Ejzr_3!B3^=RU=2B*V%nGckAwCv8Kd2x
zhv}>G1Fg5f*pC1E<ou5rJ0p%hhSoM)Ecm6*abj>ZCH8-=j0&<4T;|NEtK?Kr3|s!C
zA^)jQg3y_eWsu)BU+Z`V{l720e_xV<UlA0($oN`+1z;=x$0hf#y*eX<bZNyVB_$PE
zjs)O>ruTmw3P}uKBdkRe6Qy2uMX#`f*#7{Ie`}%WM?qgY*apQGc!s$DTMn{NDA)#F
za@d#OAdjXRGNxWLvOTMr#iaeui2UbD$yy&HDPr7F{yFad6OPA)V8r}=^DH+J3x%&6
zs${vIm_=h5-GOt7^lsfqY+44*k|vMQ%rsqWQXEzkZStFcpBWW1=s7$S$)hK2$#!;U
zvT~DDEBz!oJWT6oasm3Jbh_pbEhlC8|B@>n7P2~&zG!1Ud>j>o_JyA{)6vCsDxryu
zRU-3#uJF`ku`EAcj91>l<@;MK{TEswKi?v-f|ev(@K+R-K4Cpo^n72$sT@m`8*M<v
z`j<+g1)&khTDuywO$soId{%qeeKW$P;sjBl6H4-=y%XxrikhYGQq`MUTD3r|=F_?M
zcg}+h@Yd?Gx^i;ba9Gb||GI7@-$7F+(8x$9SQsRXO{`JJcFKU~Y*b}DGUjxZK7IHw
zpDKyE{Mr46!(thinD<|nhafaWrlu7aD}71(Hr`Jr)y3f}ogm75C~4s#CsnQ`S2ADr
zA+c|~T${{QqJbIECWc!tpMXSO7qQ1)xk!SCX%mhazVPpYEBh<zx3hW^QYqU-CFVnp
z1a3L)fH}(<fl=c%`BRI|b>J~I>aw`wXhB&tY!+SQ|11Iey`+n;wTX$kRClM%8UPc<
zNTcEhIlwQebfDx{03DUW2q-~0pV&6ZY*ZVkK0oyREW6c)9HJ$us(^es{6<QxN*=Lx
z$$|o4zJxE~ZC*{Dx_pduLc-*NL#xYi>~3dSji;ORzl)|1eu8>>nHVaiAMbe@WJ(?|
zN>th#R4mt}S_qs2^A?m=2Hl!Y2|4BI;>$_kbQ+_UzYdT_?`CAwi+JPm&0TC#|I-u;
zijhv{N}zDPJR&;R4@42s%oNI3nyJ#xTuZs!6TmhYw*YGFKBRP2JVGBhOhOH>rO?Tk
zzI>d+V~_KoTkcoc9kHPJVKS3iW6-Z(<Mm`=zLa11epW4J*Rdn<u)cT9E95;A!@Z5W
z>;W_CKUMn|jN>VxdFI#|DOaD<tv1?(yxknjSWl)UxQ~5g`#uS3AgZ?;1YWh)srOaw
zeeJG*zJKT@`YBKN&vW>R*f&N#Jl5kHZ$H&qqw{m1u9qronekG&5@b7Q4zgYXrO|4_
zQbHlGSd8$hYeg)_QYPey1<_B}*aYSkswL9aOH5ysS&>^Jt9!~zNhumk=j%nVN?GgZ
zCfY30(_oFyBlfr&+s4<Gtc02^?(Oaj*JP=y*`<~d{%c<Zncojhj3#ks0HpSEC`W$?
zyhOK0;ZT7aOBtM*m5k3HtS>INXctaPY)=K$r!5MkUrNFK{&c1?k)AJo3`_yW#Q(I@
z`(8+WgI<}oZiI+RrQQZ7Fp;CY1GKv|ahg_Rh||fM{zGFWLvbS4cD=UiNIW@S4?Jk5
zAd|I7Q58IArlxx_w=OF{tHp3x@Ju{6%`T(mVWHvnxY%OST9($@5iGzboz-O!L_ne4
zU=^e9z1b&!(D+8?3p&-2S8Z7m3hk%}4u~D-ZUh~H%NCm>!hl7ap31l>rdemExC6iY
zXi;;$VPv@>>MZXdi=kP7hv>W723@@FEstY2Oy{tTMnFzl?m)F%rmAi9vk}q2O_GN#
zel!8DKB-%Ru*m1sQPXzVESm7`sdJ6T9&XChxM$_)6=c(qd=EW*lNnDoHe&G`^@71r
zawI_t@goQjG0x_CVvzRj<TmRiog94H*=ae##l>U1(qLWlrCa~ve2{4PaIRFh_ru_2
zILmna>vx=jlrd>(r0Tk2*H2q#vXZOe+|$`!1^7*-lquIoD9k?3o?MS-z4?ZNk=(5t
ziN?btay(b=wcK-g>R~;6$(Xds3>%ME5y$mD@(0VNKKI@ao=a7pnX@JBG;PTiYG3<p
zUnEZ&R_%O}^m8SmVnz~N<*k}vsJE^`jT=LGQgNYoNevQfEzY~oV4_L%qw$&@&@%ZE
zhn2$Z>L>T>IdyUxno*oQQEz?6F*fOJ$0j|{%ULhVu<M2wR--5Q21El#<QdFryRL&v
z^HF5ZV$Nu$K(59Hq;-D+KHY7<U60V#lch@Unvx)*3nK7HW;I(>uvmaF0V+PP!2yU^
zBaktotTh>X8>R5ZhrGsiAh*T1-LuGWlKCArqhKW84QIqb%_w~YTt%??qT#N#Z993E
z&$DLV*|4YmuP$GQb$8(Ccm~gIy5o4F$UCk)(UlPf@YYp+_S1qb&Zv@`DcEMMrJnXf
z<?QI!2W4;X4ju1%g^7#kTuNL$s#nm|b4SvJuds$erbINA0@u-=XWeiY8!yl55p#ow
zt647wA&(7Kx%{UyEfqRdww7KUgP8!SxD#aZ%e-+k8O>~%p3d+m-G<`+s;TrRPv^k3
zgftpWJdTlY9G0C?hR$GcV{nG6yLZFNHC2y7yT0vOgDPh6?NJo}gN9n!uN#5S;zB+W
zTPL!PW2tNozzkQ;cJvFtWOla)laY%{gAM@1hA>PzFB*5wN3F(=B=NUwJ^xEbOBIcj
zV7QQc4Lwa7#XGWnXk#n;JeJO-EFS4eQbA<p^4xsbd$toNznnomF#_WozZ{Xbn+YCS
zmn$7n&XqV|X0u#Yq3^hR@6}<qrj}Cc5yn4Zr6sdGS6MNU<#mIjneYFIGs1hJ+K7}?
zOyfFoks=^j&dv4Ea$oEH{AQ`fBkdmN{B9j^Dw8jrKoV%L_qd;nvRho3>EJ>6$l?FB
z9dMfnT4@~JjuOx#6EJfNCwdV^^C^VGl>W9`+4+3f7Js&ZQi70o0&rTmZ+p7YX0};v
zYT9wXSpp7)P-ar8ma1LL+HUrA?o<yF#&y0tudpC7_@f8U152oL?lN50K3L40Ee3Qt
zI5?<u;ulh)u2m#`=oGykbDOJ#h=%KMl>tewgP$xfq=i}DEqX&tU%JlEh4)e-`P76h
zuOc|s&ydoNv1~e@Tn-j&iSCaoJ9iFCgQTPy6ZD_^srB=oj~elJ$=hnZMrE31O46%u
zC>bJS2HImw{Duo@6Z+#r2JcWIELQok&nAI`Sfy5t1n`D?O0V5xxXyg$>K^F0Fr@8+
zVS~<MR=MY(0SsIwg4S;OEK#3;3E)@&jtjuv!!qCY!qyx{v5m`Abb^4Tmfw8%m{88f
zIO2?Fi+WDGBn=GPO@O+YSs)iak~sn-eJ^LF0IwkG111`^6SFv<=X(kIreBYeW9W^R
z$wXY6{^&-7kp#?UlU+^ucw{+los<bqcyPrm+kY#Af>OWte>z!`Ud3MaSMB4N$pf*x
z{*;q-VM(a{<5|!v8d}*qy?JaFbaLFc@m?#lF;eIQ!!6E7Mx9=_$OsRn<?FOz3m@L<
ztZ<ak>*6g;2RvTQ$nO+p`6LD+<Bn)1>5}+Z{Y+#FGm#Yc*ep3GNOK(-=*Kf2EU<fJ
zlZV?gYiN=1$v}vig(crT3=>*th9izLNVhlYz{2=$XILNWT)u8FL0ykrg1|YRoznB+
zKqS=2)W>W*g-0ThK^OC_G9908DyumO0k_j6ZqwaR=kvoRxy^cwey2CH-7jKa%n8Q{
zK0GWsaGFhv=ELo2<xy%<QXwp&hJA<g5&NsSleJcv>%#zHANbPB))TGrC!FuS=<?80
z536*It0Z8Mx|!mu(y_wNPpWcX%VIDOpARNG+Uu<5q)Upxh_}<|^1SpL-r#amy?n2a
zXkILt&YzBUMRZ9Mn3VKGRjJ-HWZr0KW>PwD_me7dYrw$hWqDqNgcCj)1z;|UA9luI
zCjc$SZ|EkRr9_tu3DVj)#c^-nE3QkLC+63PeljgvIGin~T$ybpE2Hk;Qc|AD^N7H$
zVWRO|Nzm9zyk?x^xsB6%&5&S;Vna%aUsL%rgGb$bOP2;BON!_pjylVuD}j}Bz#vz1
zvey9i8KC%=Frvvi>slX~VYB3%%FT&^&V>B<VV}{0{4^2osn5s2(kD74&2~g~t62qH
zY8hH&JodMAiBC_r8@o9{&!wG+Kk^AcEq{xzDx4A&&SK5l0&j{&>lHPh2_dl0)&A7Q
zl4+KBukuMn(pB>A@LIrX!C2aEKUOY7tV_t@N+~UZ)%H`S%Cz;d{{%2N4&LX_i71{O
zasq*z6E%qHU<-y|3JgDrcISC*4@6wQKxBDPN{()wnZc?o*2=x|m$WJqdbOUpROe`M
zP%FYug43nE!1=0yK^~pYdL6QQRciB<dLPqXH0iBxSGC`r%t}r_uK`^^%WTkbVk~Ob
zb0%>M^qF+6?6irGtDeKkFWZ~pP^hV8g_+!(gi-_K5oSbeH$i)V)AmBxALHTj-1kOY
z`YDb6YUh@f?Gy~{S3cv!yN9>FaD-I7LHd<PwTda4X^aNKXqN@3Dv&*~e!5(nL$}ek
z<6fN5eP`1_bz=IHRUUs3_$&ZRPr(pS!fxq3O2=_Dx8b50#kGgsyb~+ql$_=LAeD05
zG12k!l8gkkn4$j@MhF%?pp14RuH}4dGvRX*z3!aGeQ+j*_b*@Y?jVs**(9_!!@Cc2
z8|7X!7P@}(G>O&J?*}Ef^(L8NBh(W|-q*dO&=VJTUaEZYjcq5@E_iyVJszT874O$^
zB`nQXkK^~cL8H}sJO|q*<fkr{opH`kmv$aq@v5{C0TR1b&vE$hhPV2|V8i4$8%|cq
zUA<V<F(1#vYNW5?@IB^L9Tx0Ul%6)cY^-zWdJ5-c6F!-%l5y~;J2dh%qziqc8u#w-
z@Cw8C*w29;<wVA1oh<gc-%T2En1q<lBfXc#TX_XmKpt*PeeCbC^gXLH^}BCKdjnP5
z=(43feuf4BuJo{9ApQbh@J^Q@LThCg=-5}#?f93T>02ZGhxthF$}~fijTvhOX6CX{
zfoQ8Ib|68#2ZdfXGaEs_-UF>h8#+F~4MrJRxngd?d^i}?XnxU)BEac)xZ&~)0YsD<
zybCVXn5-G*=L~Muj^~F`lJn{X`O!qWdVw4LKE1345pENoRZnA*!!_3pG_!=IlWf0t
ziS)WHMRUE#bNqao7o+ji%U8$IA4RU#BjH=WbVJ`Cmj1Y3IZ)ZTv>4<5<ZHbtDlB8X
z-sIJb8=I-6S<|pPlvT<ua~K)Hd^$K`ymZLsaEul-5*etQXIZ<f#6T+70Hi{eHfDBr
zS8EWjGugCSs&)|4v4=%lWVc-xmV0xZ2wBZE*5gP^**9SsWp$3G6PX0nR;bwxN?z~4
z-Zo1$yBmB08z^C~L5lErJWl&mx~(pA%b}C(f!g&J&Stjr8Un1<wzg^P)>ni|s5M*!
z4|WrTe0e72sfXUfQ(lh?`aU5tx(`<exnta=)`7aPBUE8y?<pda=(G!N1fP_j@3v7)
z6?cazC620J;ikK;+P6O51GB_>x^e@jOWd6La<v?Bzu(nP@RtVLp>5i|^d7Sg;F;~3
z7+cRS&)NX0Qd@TRPNpe*(%391z$dL)>tW4;s;B@KLt9y3<~O139M6HJ@W(3-9zC*#
z>MO4Bq)CM!z;U$%-(Vg1v{j$GSd5!St!$D)RgT~|SGU6K+Ww;V(g32P#F&hw(v-(?
zd3Xj;3vwRE96O_AI?pe~#>CK%CRIkG2s{d|b)JLL3cS4!O}3f{)<#SpA8&*juht$J
zPax7uS&LfE{Ftv%RI|_Ra*RW`tcvmpqP5|NT8tQOY*b&77b?Jn(cUPkVR1Vj=V7@T
zC}Lr1HGu%9iKaz@hcJkUpZTs;K-ZALuq=hX(Fl=RixPO&s8T0Cd8w-_X{q#nJeR1r
zUow~AZd~D;ZZ|31G<_7}Rd$_u&fs=dy6x#GA*3@Jj_sTSOy3?hiJJN{*}Xi0kE9;M
z!;$!MUiz`Ju-t>Dd|#d%Pnv<$mjFMb+G#Sb?eLj;Tl?jayo@1JS^E)Fx8<jWc$`6E
z>rglE<+=Fox?)GqG*0`kF)p^1WjOc_Lpc^gMx@=X2kBh3yBV(QLi1=D+Tdlh@3RZ?
zx-m($9o762AcuhqLgR~b3++aGXm?I<Tt+3A>o)dilj+vBS#9JEQr&jHl53}N^$bHP
zkXm}CN`AvD&n1I9Hltk^!P-ah)G1&CcAQyVRh#4LU`Bp=uBlOq?l`Rkrp-;FRI=i8
zC21ab%5?t|Xr>_(KVeDIhlNh7QCAOa-E348P=3nm;rDnoNb7!)12&o=q#W*AFTYA;
zIcfyO%bUEADkmBZyP~A4ThZQJ&dDqW%c7oi!x5=$tD(2gA>Ir)twhaDv>O0Hw@ZXh
z;Z?r(UZyqM%Rq?E#ME{<-kN8-(cxiZ_^V6#m`oVxeTVaA?;icsHB=)DMQDIl;2Nph
zKD}>b4NdOFsRr?ac2wn3)@`rRVos~mkwNX$_659=<}pge5jQl>>(_?Zw@gtmP9YE0
zw0M;549PzcT3(F*s3*ZMu_YFJ@JG+;i~CLQn!o4DY#)wEq+{$S=kTR_MB&~iHcoYN
z8zPHcB0^pW?>*FR%l?`rTG)GN0PhYQOT%&*9w&lcIo}=}bq8h?QW(ti^a#PTe(fXG
z5;UP-^}6NL((v10oC&L0c~`0#^o{`c;(H<?Ma(8+cev_zzWD4>mq~hWh{#J=ntX~E
z%$bClv+aB;2#|4UGU9H8ZLqnn(618H!mx_Q7)~NkQr%OxC>d8;{VuJEx|r!OLd|S6
zbRc~fho&Z;T%5|hYnrd>=94VoEqE3s#c!6uL-5mY!)2vBr#)i|IC;C8?zPePki%v2
zQ~7%Us$)Fk{R3VF3VACqldq1Qtb%K;Lbq9~==`{Lf}7#KM5b<d!uK`Yh<PEhy>ZBg
zyT!|8&hU>Ax#RbY(2Xx!BIZD0>u;}33{hRb&@I|Gke+NF%oNhhIFR<pQm0*26;9rr
zZ}0pFqfeZjovk9F)$fo!oiIj3_8VY9fIF}aJ_@p?^%}=q{3>sH48rfbFOM2Kg&aLq
ztzERJR;Vp}kzlNo`+9<!lIGt$aG%KdcVkCZujYk?=rnq%Je{$?UTAZmPk{E-__u+L
zC@uM?SFKmmGQ0b^QB%u!H}&~4NhS8yp-6<hO+(&V1-$IN8V|7qC|d05I`+mfrtF!+
zjJfaV<X4vL*OrmPl&d6RZH}9&FCsk%R}6O{$BKdt2}W}(9$IK$Vu2z46`_aFjdM6-
zHfIU2d@8HrI2UkrlIKIkHUa$YUWqEr?f{<cbdTj7UJ&16rrQ=m3YTNx`CA_TyX<90
zos{^&>oi+>omImNQ9Q79X{`6a9bJ|#hpGPC>4I+ujk<C;lLa>0E0E5k&!0^2-KKlo
z=#U*qJ5IV(aWc6aYqb9wx@nwPTVBvXQPS^p7SnU_dg7HpTbKaE4-XQiMF-m3Y{OKD
zg#|I%;2YxHqGHhxIrhk}J;mo&iSBMQ&~kw0S}V2AG$aro3!b>e5Gs1utV`9(DcZp|
zGpF&8Ehc`W@aa>l%l!f_-I1u3Z@IQ6&rW&t)7$4*X;}AI)#gM`jpD-N*fY=<*){=z
z6f(_DFB9(v{^f}U$sTdCa9B7jJ-eLo?aK-NxR_k=z+K?&de!9(*ec4U5)gq_&?U5<
zBC7+Os*oTH#L{!iNq3qa=H_O#$}zX(>3l@;6KzwzbLYP!sC}HDF)_*-99fGr9JhAy
z&N7yKJs%v&wYNxex~kz6B-T4f;F=EP;aH{_YW<eQZa+Wco%p7>b%UM#eh@qalxz!O
z=KG_4Z2fg;VzUZc@gwPLge`#IBd_YO4<hv7G%CO_DStyF_io#!Y4c6~2SD`wfrn0~
zcl)aAM!Qz-2u#&wP!}x^4^N#>K7wJS<wAuj;86$tefS57FFY2rROPzn(+yF{tO1jQ
z@R`(AYvl%(jx`gv=E~}ah3YXxNmlW+#)+e&<+`leHR|!1fgtyhHb#Dok9XZLFVgv9
z$+^pTJ?>_#-9owGiq;b()mP9{aD;9OmUCNva9YcE8^Rzk0v$>dMA>8_+vkHE4--sg
zpS4H{p!H<gQv%*<xIt}_>d+FUPFnSRa`DXeyqc1*VD40i_JxIu;$<d@?<_`SMYlt~
z_QT_HFiIXa=yYZxa=r=5{H*Z=VPG$Jcj6E=w=y;BEfNI%P;{zH(N`HdA4zUk9UJ+B
z?4X57^PKxXBw<++9V5~=3Ceq9XQF-<al~1^lS^Yqjv)HteN^7)&*~_rYiH|+<zGJ<
z&uA$z{@Hx#hjG!<d5+h1M8J1r3|=$dKIG{Q)Cq<ajR*XP+c1XDliRoh)25m3T8J0X
z`epQzUPuDrr(dEv!ojAkhct^vh|ndF6Ti4+y%4c;H!Ki~dc4X&eH2XsKL`BoWXyb~
zAYhrC&<h>sO|f>&cP+w#b(j0_tPOrM@*|JXew846hv1Ha!S4w)AC7dj!f?KSg!en7
z8l#YX57BBF;{&OqbO#{#4+--BVh*(oLPZk6>wp}KK2`SEqiHQC={VR^38W`Cxn#OP
zHA<-g%KEVV9<vdmnBbPHnojKnNaZx9zx|?71K#S1v<M9l^|3(YfZ@-+J6M~lGv6Cu
zk@m^YjC{?W_YPj~BFt-pt@nPWNMi%y-W@%%m~W98o986Xmw2D|V_h4^QF`B*{}BO1
zJ!vgmV5MkwF%Kb#3h;6I&ZOs;W<t4a_tt$dEb?8HEBux16>OV&l=sE(WRGzCu!{{S
z>`3SkFRx-~bhiH#8*{=HCBD}>y=oMAjNW9DjyI?=z}JUzk$$Fqt1<fZP&qTw?fLew
zy>V7a&7y&tWw6sc2lQDNHhi}|zN(>xIjc=mQ|<v`D`@Ye98qr1Fpi+861yvXXG58B
zm_HnBn>ZYMy^=2F@BMOrU>VC+J{c-MG&30T<QYL`#VQp^!1LM1loKoFO*6-F+Y|rF
zn8uFtZ@?ExOuAC^cDdIbp@nQhxB+SiH&Ew|6}U^R0mniQFVIW8ev09ph2lL>Mtsd0
zo<6A2%(K1OI5s}P@p0?xN@njn9;CtmM}$aMn>Nc$uG8yrf*sv1+qC_jVu6Cp8?UdA
zkGz9Vb=AW>ijY10y;$OJD_^`iw1P0t%VQ6$^Y&oW+z8EXJ^gO=>K{`oG@zW0QH(tX
zrXfk+J^(+L)h*m_5|#$xR<!`tAhE$=cjV!{|EstJ_oaxDKE^t}oAp+G$uO9L7$VQJ
zS8@L9h_^$eQE#6H5GWX#s6(VQldYM)v+96<`Q0XDZ{nm&EBMmExB#<!d_TYTIs5Uh
zTS;yH&B1DOSXW*&h^i`rzN%a+Kh|O!W2yKie@s1YPp^U%wt=zpYSA$2z#CSmCz;7G
zK4tTur3iIV&+D3P`H_r5Z%U#%h;kLjG(G1ztN1T+&;8|TjUpNi2%&Nph&C2kP*bf2
z#8!a)&y&9?o&IDwaZjBU2%C~XvDDqtrg03VY{d8x5pJeoGTC2*>mv+1(K90lV3e-$
z5HQZweA-CAmplGEDU!)J%qpBhJHQuO!}oNhd~rD;upLVeCU9LXrd0VDkInzc-5!dM
z3t@M=gN_dhQKk(19=msdkR#fU%RuTQMT-Cd|6@BwRj<pj#vww$agI-~>;pt2&zq3b
zJ$o%2!(=FKiQaY>@$d~Nvgqh~L7(U=0ju8RGp0Y?Arw~mgu%-%KNNnAATfa;1;F8~
z{x0~`$Bxaq@bxp8(#$LUae%s9D!HYepe{q6_goYd03Iq%FsFb&x5DPWVkQ{R!;9*`
zsk3n*NC(>NvUtNE6{2v@H2CCJZa7Y~Yh}Zs_f0CXQgkyJgs=~yjayy}4Wk;6UX!;H
zCL8s$ELmwoy_y|6^deSHF%5LI7))!jaVOy&!IkR8G$7vh+1U&d+4E)E)AhdppmhhE
zbFQkcixcO*Lwu_>c@DSB?mWn~9(Bgs1BS(~i-(XpW?qp3livovzTt$Iw^iL%UU30k
zL1)K({?w*^)$jAt^$C7}(XKz)5))y`{oyY;kd5m-5_DEz<MLY@kfbqdO=TuVUY*(2
z8Q|bS8hHp=CNcQAKNb9A?VvELf)3@&)GOIbLxUeP?)A3O4{yq8MvNBvC$KRqT~T`b
ze@g<>TLg4C35G}t**trOea9Z#HACt!1ZBb~RTY8La{mSmo$mqK$_bO06)3Ehb3D6y
zV=r$l=fH+y&eiZ%mTEEyvm*&c$}W*R)H4TqHuJ#B(LjBHn-=`Jjc3dd2<#E~?(~g^
z4WdqJln{y`Of(6I;0m(aiwk>af=p;HS{B*|g16dOaNdmP>Y^|NCXaTJXlcN8yUuU{
z(+Q+0s04bU5c-cYesE3%Np4e)VAo{^AMJhJJi$cqX6F%@U_SPJ?s|=~?|S0%+|6^l
zodfck1b%e~ia&d=!-mdK{K3D%I{{~jJ2UHWM)J)&d}@S|pMDURm^M`G`#!2-^-f><
zlfdgEqs2M(gytU*_K!e%e40FGH&wu=qN_z!s`W3c7rQUtcvP25)w22tzVXc>XEINJ
zADC3yZCVwy{VFLTA>W^%x0gaD!Udy31o5N?kpbR(nEO({&MYR?sZFy}kc9W9u#b#P
zO|N%}h)W2zAy=HQxXyCr;EK5JTNf~lp<}Z194>CdL|*K%po_hw3p4$zeLi&+TaPL{
zU3NZjRp5j0iUg6DY-MOYn@DBHg9Uj!pRjzqzSlKlyJYw52dza)8gzqwQj_niI$<}8
zhCXJgoHi24ir&xnKw)8Q^f%wPAbdzrolS&5q<jf~<ggcffi*J6-}^n`G)HOJCW`Xz
zz$|A)w?Pgp3~ItB)!2#nC02O39JFvguN-5~CF3N_H%Mo<%a)aKA}D++KF80uohU6Q
zQOI&iW<^Wr(gpNG7v+uX(<U*X<0#H8NgQ^o<eM7UOQCI8kgd>Ss)y*2BYY6kZB_3(
z6uK&3A~nt2N(jv$J2qf_I+cB0eJ_{FDy8SXYixwG$B1*@hfZ3bm^Y*2(&_yK!{BB&
zndu4X%yqLA2cZ{>*_x9O?{iba#NEfxEdKqNfSUnmShK5KWTuLzXYi>(H;>D4QMsX@
z2n!mt_HjFxi<LoIa(MMVf+2O?8xVW1b8pv@4MoKYSt-O;P~>{QD^l<BBgBss(>uqu
zx1051MqZ$Ng7gW&p%RwBN8z2aYr1^;UFd@VTH$g|q&(ks-TXHR9$k+Easy|4PP^!J
zdT3wBQLKRkWChdlna-I<zS9~qe%Q04w)e7Y#~m1Xaxt!xE^NkvxO&@Z1aF{2j)G7m
z&KONGXR_(<Ci{4TL2b(%l3srEA9kycwoH-27FvT0w%9)}?$(0+L;P~FB+x0QSy=x8
zQN5_*V)N-zdHw4SU73dBfOmFt34(~|gp*}sV`J2ns$s>e5QrK|nE?}NHSa(?HQo=6
z)iAEeh64KS{t+&HM|1NOi(4=gTQi?&R&DwB|D3LE21qIaYnI_u<2-R=-TaM5=a9i1
z_D4V$PCCz+uQr5xA_#$Hw@c>f#t*d@y2p7VNvU^=(eKVLiYuTvkbNzx!(r+uA<zY=
zO6qNVy^b7FyL9iKn9@I(EYJesh3fi=;wU2BUIN6pX}c~wfa072r_lZ8=*se7ekO0K
zpsW^B&pLMT<XDH{XMAev@t;8updO=VcQsT+P*u@obV&PJLpSrl7R0bxf!Zw<@(MF?
zbI0mBuBJyn&Xno<Jk_rcj?y#Not?CvK1VM=cy6p|J*PdC^2R8Ecly*w*6omEllI^s
z;)SN^lY}Mun-7Z}7bBwOAwe)7japAyAb+swmAX9vSX?%svUii$c40Eysp2)nQs@HA
zG5en`CssF%22=At#<lm$p`7Qet#$hNK>mL)s|*LAK!})xkcj@EQy`M(%M;4JS46cP
zl$MqqBfwuuk@J}2YBPxF)5o2{2iH7-DSnG%lrhPJU${49eT11B2zbLnt>vZ@?X!gK
zBD2zadmaWbCs^B$^ZlN)OGF-$mVLRQ`P1SMabh4T`Ss$ATbOtuM+C0hdtP17JwUyx
z=$YbF^5BbY$#xV`c0dawPhbEU1dULDcP|igw1K<tnm@uzVZcua)A6zsfHiP*^cN-}
zq}gI>C<K)hIt5x^9Ltsg#jVp@75beW=kpR*)g0??x?No^LPv&|e%Z(X{#GtCxm=ye
zRPi(%IBQe0R1s~wTQZnuJBl^8tFdfn7Go!#mfwJEg8(wI<DBI-VWsw`zps?5*)c$l
zkPC-IFRufmoG@5GF$Gwj&sx;+bc2_V_QKd!$6~*BA^Jy|euOl*&PBw)V$&zf$GeO@
zDx9y(R&{SOx0(1hHDufMQAksE%|5at92gD?H@9mH;mySfJ|h(mS5TAfXvjT;MZwmu
zMgc?S8L!0zcrXt{oh&UE4$+_t@faXR?A&E>t_8=M6LoGEh5&ybrWL#^&&S^Rc^y?P
zltW0j4L$Qi-kdCf%J!SowyWuv09dBm=2|bg=BL?(zH@DLjG>A!ZGbzU#P;=xL3UFF
zy374Bzroh8{r)Nc5Y`h|ug`bo09s=vgON)nHssWXr#$ho9y->BPe(Kmt9i_7dT6O;
z*v)r^Vzs@FY0ED;_0h!E$*o?swD)^-ntV?@XxF+r_@)B-hG>g=08qWf)Q-Wjf9n!1
z^}hj>(NHkjm4ad1g|Dp#+eag`c{A{+w*&b7f(0qsrEQ%$^b%sS_x=$sbQIELGmdgw
zJ@U}cW7|m}JzxR^Y6b#XF@@<hsszW7bqJ&<_?fi!^-fpekAS+_oYr3t%{M3qP<GFh
zUHzlx2jG=s={2)R$%m8OV<3vN7c^^#PK$N?F)qYWF}>><h><M*eo@b1n4I}b7edbT
zuWhLBsH8jay1@?220dZY#Aku;jDfa@h9I(WHLdo-PawVR6J_wPo<|E*Ul7EI-ZKK;
zP13hOkEO77WJOQD%YZnNwyiFds7c*`rsNV;tf_g(#(p6<$tK~O*E$wIo()<p)vyTI
z2(M_sHf#@eW{+Ket$_iMw{jid!q2QXP;m4JT_S+tafA3ie&kH$12n9Y&dZT9ElWf^
z<siIbgy|kot<)2#9O6IgdY$hDezyz=WZv)`rP~w^{%y!Muf0*FXuv%ZL)XB6RnER`
z=d%p0eFrWMyDzF0xQZS?WN0h8)%E8xq3sIpUvpkq)4H55m#yyOFmM6312(=mj^SHd
zYt{<(&B7W)3OsY7vmW2wteozvPThoVXP<w+X<WMw%P21vt>ZWCS(4CT+TVDAvL4HZ
zn3W%<>FZA~AVgR%3?c+|cU<6T-8bnd_?!x-D8ZM537Y!hV|L=&%a*nVrY%Buu;pp=
z*@Hxl9(V$x=QD78HIwUZ&%*o95V42II=+@Z)pME3>%c6E8}pz<d(8;in@wi_4YUrM
zxUw6K`<oS8>e||E)Vg55B{$lpo*z)~6F-`Xy^LM)eYR0X-j|<1%qh1R8o1R2KlvfV
zAZU4%x+;L$?aDxdq+2-dMKg>}HZypC4%oI_!uWZZ*YJD%#O&CKOzX<v#$7W{W~YlY
z&FjOjJm_z{dlOvBmzKNU`8n1$9;)km6^|LG9mOoWx;7hDo}O?%ABJ8mI-eiP+e|3-
zMGUsWP5V0HQU0<WfvBf<y<%G$*d!NC>ghoLtd>C~O!NX?qB#2>1RF$jM=A+N;{>#E
zmdBKM$`*GvJ#wRaqpOWsvFYWlw*uE0!5_N4I|fLq`k{|A`2dG}I}9!R!Wl}FfZp+y
z(^?2$A1Uk}f!6PCT2mE}v3w2R`s>cO{N0&Nge%hu>@HS>P_%347B3M=JI9X>p(FF!
znhEQZJ3_XV?L~v1T$!ym-xYh`Ej;m#{shN5hB3sUM2eHnA7$VfJhmZX6w1l+flPm#
zi*P;85^UzyGxfyh$qWD`r7n#1{&>z#LEKzdR7Io@=GzNzDd?xT64Ox0mwq*LVSFP&
zu(Fm@H++jgWZiIMMH_8x5S$_44`TzUT`GWz=~zN%2=2oC&X#P!I=)Uhez$3+H)Nk#
z2EB4MBHikAdZI*4F6Mm?@XM<|LdN&i9sglo<C^AS!Q|%ac|R&UJdT*IqR|I|4@Anf
ztlzTI)(oPU;k?6f(AxiWL)Ze@O|QJi26!8rgT4IDUOmsL>*FwZh5w~hil>q>X?3=`
z?0$0G!m?mVVcbBf)w5n{KpsUWGD=I3;)1ufqz18bY!+p;Bu8<BMNn{X6ZH@Yd){83
zqBvF>_8k6XnSj^UJ;7Wbo!EH_U^aa2Lyu~G<0oYTAG}$GLU!U<*|LbxB*zLDVG3cB
zPn~UUA<Qj`cAU*`ytos<A>)?aVDalBdSlXnI%(#9;BU(||2&nHXyvay6VYO1h?ELR
zm0o#+=upK7ms&qr6@Vw;ozA|N?^7h8caZAvuxYxLTt^BqdyBmVs_}COnBv-aP2vnZ
zKOL4<9(b*j&S8OD2_1hj*)LQ%M<Tj3|72lZhh9<F&&ZQ4>$Eccz}@+`#bJvT5&!Kk
zP9_jxNCv62*)g~Wc<1NzquwWaSTzr@YClNBa+yS3`_yb9-yJ3b01w1c_B7S2nhO{z
z&~LAf1X<ef`qfcSGoL>;lxpKdXM$w0?>3iAZ_*ljf3415LI?t-?TwQFg_z}q_|~#3
zgV|n7q_E%M2)cYffIV+xs7w|aP%NGq&R!<BC@BH_&Em?n^m}EdIgM;FY07ENm!^`S
z=y|uOs9~mOKHM-2a~^M1i6u@gzwKGptmOaXZqJHCaMTz~ou=u@2$-jB-W<TIbN!#-
zU`9%pXeAVQzRP`lII@YmfhcnNL(<8PVeoOE6}+dgVcZKDjqgdics|!LjpkV&5*+N~
zi>&o5uabI6wDv~~yt7};G%k1-bEo67q;Re0@|%>MzPY4FmC3Z(Xb-r5l<-+tn&``R
zmhhNb#x{^1AwP1=%e!MH`oqpH!pG-5(l@+Mu%b#8{Y-32D$1nkhG5m|bWkE!gKIE%
zu{#<Mb)>|nh-9r|$bW}be~S5YK-|G`@8`U*g1`OVsfp6bZ^Ht_xq~S_Pcy*`(TeF+
zV3Pg{*X^p;PE63XUfLckzQGzR%ty{|OGe5IMjsaE<tj<Qx5uB9_h@525j;p)csS!#
zo?fmVm)BT!Pt?ep@Z3K~am6OIkGkU8pnd(Y7>UQBXZd4X1?<%EvJSA33V5tqxPW*G
z33rYm{CqO#92y_NXZ%USVZE%P-y_QP(|?JAKG$m&Vqj?=Bm_{6H3vEIFVegRKN`r(
zAA=Br0QTd@T+F)W#$#Cm@~0~nH@%MNi-(ej^0dz94@E4r-TUJ_r;JkKyua-_4$t>k
z`-~6=g@V*{?~h;Ij<bUMaqSq<%w@l&wlU4GI?CrL%%`BTMt%Ge)T$^)CB!pRO7Eh>
z!oC<L{e6IC_iANBmRG<^j^M{N7drj))G<>+TwE@z-UKoNmTdFmJSC=g0dM1)OB%%3
z)8R4I4WXGTZW)587wJY+NJhR|lDp+wjvNGKg={z46s+1vG+s2{b8WX=3z=er8<}3?
zA8;8rd6eHYQaZ>k|JjRrC>ea|F6_0JP>?mvMtX42U2ZfE>WAKLMl3Z+7966EbIzRn
zv7)$(Z(|xcd^kwun_FcK%iRsRv$0lPp1_VD<!rpzOx0fd{_hxCE5B(2Lx>~LXwD_a
ztRqvqR*T*j{{Zm;F$;a=lbY!u#XU2_<SbW|Jgg&5->Sg+m1N8i(ybmb+*_ohEndp6
z#Q*~-lB9lr>Zrj_#f$-Mjk79YZyQU!6bhfY#nf}<H@stW%KEI<+oVnnTV<^M6sB~*
z4+jptT$H2RFJP?_A{JTZL$=7~P@V*F(5azq+$yNGQQX|;XI$)hQL82HlBLN=Pn0V|
ziz9L#F9>MKnzQf<4nG@nYAw6-zVm($uiKSP=WiIUtsV_+OkgXfyHf1z?j3t@;(XoE
zN`?-EC2Je)39p#>q^#f_=)2+;<nZP<3eUl`qTVqB@;V&mSf)r~+yi1;Ha%_xxz!@P
zjixxXZLBt{q5^~GysnNWSw@wvHht%p^k14_&Cwe@TJE`yHq~7HL*@s@o!(#bq-2qX
zd>wK6<K6rn?YCQ*90}YJ2UEYpTiG?3hOxB9$)2L$&OFneA}Oqa=7yXAc@5yR7WcOY
zKdD7n#JwQ7rtMS~ANXA2_?oq$7*Y`vgO8GUoM#wbID4-QC?=aE2;D^yj40ExEKpjt
z6U2ACb2h}kSW>*$y;=@V(sePHq<STANfPGRB#FKm@bT0B#v^aOt~RkMZhahu?oFr+
zdD7E)MxK=(={>B4&o7@_czT<j>bF)zfMffE+2S}_%^J~)rmc%DlhSQ{yKY#Ai{XH$
zsSZjzh%P8sMwFWTi^XJc?8$(Cy$uE(V$-O+I-DC-?VT^(vT<g*{qD%zRi#sF67jw#
z6PQW{Gp1Uiq6odat3`v2_%Rc3;_kboOIwA_e*6h^imU0q41hu=@X(aB{JBFQ6?Wpm
zmg6)j1Q$?lb5jzQ(YXR=G3i#2?hQ^00S1*9i{$acfqK=-wMzKD*3SB`*rDeS+3!#0
zI2>0G9z6L}Q<?UM?sA7yCv80R^-N$u$N46!1OXln3a?AfxSbE1=*!Nf7vg771keX<
z*JPX5B5igZFC7P*kNn0NZ%!o$y+vC}+I^VNg26ChtX4tblN8g;gg3~z{%a`k=*7Gc
z4Cc8}*j}bPzqQKg_kwsH9DafLd;rYO6GL1NiwleS!YAehAaktY=_`i)8P2h=sIWW-
zgtYx=z04=6f6ntvd}_A(UABT`%{0sF^Qq<uYd)S#Cj9oiTK-eGP;<B=4N*n&ITD1T
z9PPVYsjx8?^k`r)_+`rQrluF)^X%iYD9Iz^N2JT_e_+z2(=d6ZRU#VVn}9bz?uw}s
z)`zyRNfH4Fbmq-Mw{d2mmD;IEX50k@yY}cwYiP?vEUYxx#%;t`VQx6vX^^eRAXt~0
zQstC;NI+UyxojcmUTWBPQPQ7LoNz%_@91;Dx47Xtl<u0D=v?b+X+x4F39YU3;@H#8
zDe6@19Y%~+`$B_R{I$}F7Q+|O!*<af?9~8AKpJ{Eo=0<ZF<23#{3YzyzzD)PC4^?s
z(qV@#{D>8=pLhN)1n%FEH)x3zF+kw%(QI~%IswvrLt~wc64qz>Gr2I&`Di}#bX9U?
zqV?M*CiTRTZU-PHN}F%(5p~|h#(D7C%-X6jrsy)yCz9+f?F{)}e^!AP{p}kyTZKGp
z{WWX{Bl&CAa=CV+8HmRWt-*Xo>mBbIar<qY)Kqc5L7Mb{#A=*8KhClbs(qk7ht50x
z9aQ7D9QqB^%C%AaH)dv8Xr|Ao*^&77{<0}bO<NBT_X#Ysy%aAlP?9I92IKAn#F`C5
zkpNkm`EpbE&a+b<0!of+@KzDuChkP`uOY-H6=*2HVJAl7x2Ye2B_pj4dd25eKD!mU
z+%|dD69|ubv0*AZYILd&cmrCQ(;M{To2jE5$n?6=gjgi(=(Ll+wO!AzT*1v(j-=0(
zR(AY9#@;fl>h0V6Rs<zP6a*ARL`u3rx=XsdyQLch36TcrM!IX!jV!uh5sOeM>F#<a
zy8q`q=j?so_r5M)c!_KAi#cMB@g1L8FeY%bmBlltT%?+z@@?ihAF?mEYr5Vxv$)H0
zj0)<xZpkR-+q0$UP1AEO7{-7EZJpv40XJV)+fV-?-W$mz#A1cql8xpV`g_OUKi*9E
zqU8n@FVwquj;8<{Wi*w|INtacgk|*en@an-iNzRDgl+75->~uP)NC+1&uhBcjpvnd
z`%AvY)d{((c<}4O3&^Ajw5%E8zLc3b&toap+vFWuO_peJYIzqK*C5SkJC-ljd#2wH
z#jR?YK04^YIr=od8i3xQ9`^Ppveum3XU=0OCyv>B@qQiawyQjY{2N$kybUjaxIdaq
zD)HAvvFpLgIp(o(=gZ>igLiDmE$NPxeT!VqRB1_ROsN`#4guxfaQB;fwUB2{6ZGr?
z+>_rMl`k4l*j^uHtFHebHLN_*cSL=r$9gE29W>e~jHaax#3zykf|c`<Pd7fSV?aZ&
zq~G%2cmQ#pz#<zLJq(D;lr*M>?_OVFWtC3ZUWV{?Gvd{}iY|<Q>apK5a{m0V7IIRV
zZ&JneWU#nc*QuU4jUne!d--FF#@y!d9+TJ1-ena?Q8z2#%iq`$3soo-4(Lxz8$?Ay
zB1(Frq{1pJKOmvFIJF5|=rqih!zRNPb4%XHP#-zscU(5RBR(g89YcpF`prN1KLwIM
z@pTUm-gx<hZj>e3`gK^m;X<La&Jnko=x#F)Xfk%3>=&s+5)T7%tV9CTr)uQ9CI#T9
zs*B=6DZV)g^UZOG>@@Yqh2p%N8-xkR{WRu8TFrZuc14<y>MG82+kEw0tzYVmh}A%!
z9w#x*#9FDrmU3LP;6;VOt7&@n;3fYK`k}CgVB6V$SvlJJt(7OW;-K|HL!N(4%U4bR
zz`cGe+j&Rvrp0v8_OH!gXj-1-uv-8hyL6_lGa|;t^H2hW2JXJiohcxDl$-ZB2rYBC
zEq_B^xyBzKxUE8k{}efIL#)4&z}5Rg&UPUS0~3zD>w&+k5ST3$cEjDLaB8TqLwBCW
z<Dfs;{un2-iEk#8x>IL@!Q$f<4$BcV^>Fwhh}f<oSz99;T`KY&Rc~DwSL@lkaT;$)
z)ndi=a`Uyd8NcG7U@_wx_2iv~on|*e8H2FrUhysgy0vyjkh_H)&wZ?bmK+kKX0Shn
zD5%Lvx0nXTLi6Qh)Q>lJdZF~6k7`c?F|zHvJjiuGhWqp5bHY-{m*>@+o0eywsW|?i
z2d)mU^uD<^*K6e~_6e>Ba&B_BA9n`_d=U>Z{BD+_!y(gprr%x^9{V$6JsaXWsJflK
z0L`fncgc})_*(h<HsLlcBd!Cf+!`0tARb?SaH_X8GgDGpupyZnUlOaacK_Amf;?Q(
z>=qA8XS$ftr&|LBPhpE#K@04a#37!I&4|_xin1dO+|qCkWaac?gdEkZ+mdx3xZ}c|
zE6}EpG;6~cPbMl7Nht5W_h_blN&_dF_x;q(Ng$!uaP-&)ta$AD>Vojqt>XL&-O&w*
zaUtRc1pHV0sZ)YzqFLeG89e8|h_CkCe`N$xZZ+Chu@XUj0$-k&N)y^Pt?Q3=j%?jy
zF>Or0qIsk7g;zf9BlO@N23Ot%Ce-$@My=AAif6%M0LPTXz~`=C_In*Fnh&BhG#}EB
zg8b74cNchp!YKQN=ivwu-6~Uu=I$Sdz+_~5TS^@mdOlf<!O`*7o41fzA~eE&Z8Uo(
z5$PDU>nA$b&U?D=>}xEpOJrrC<8k`=fk}@aFW<KaAuuK1)VK+)_<Wbi2I#%VuP|2b
zg@Vn)PrP{=GRgS#F0(@w%Y-|{@3~G?N;LERYH$-s4&%KRJWnj{wvOj3Oq|-A{8Aro
z#x%U-&l#yjO3>ui+F}oNXu_cu?!#KPvnU+(f~IRi>tZk_XV-B+V*}^hDB`x(Gg_H~
zVsKf;dwO8d1;%5>AUT6-H|!E_+e)ULh&wRVbbZaLV|4k2bVuO?Nv&DvLj~g+hW?$~
zp#NI_EYp_RD4cmaL(*uC029Yx7RpNJJ<c%7((&qvsE5YUT0{7_G7eKkB~j6pFn4%`
zR%Jm!k-%>yB2m>`tz3fSwVF4)?mlg4s$)`*7w#NsOkoyO@ncJir$nsRO|yxrhH8WT
zVrIlJth5z&jnkGX$`zi(Y*v8FrB~$B(Qq!sHuuaJ#s=!F-VcbZc!!SD4G{NH&IkQK
z{q(n6u-&z?1If`kBa0AV1N>nD{2FwQOux(w?c$%Okd1vcB%nw=dK$Fxr|P;Awqv<@
zv%S3A^l%$0Y!LX~dWeyF{3W+rh*w~z2R5@2L)wQOIb@5yqBdWww;&t$l)DN#x-G%}
zRF+}mRUor>DC8^=wlKireR3;Z;Eyr;GlBXv?sl4(MF15jmZCL(HlRpq`I^xo>ve?_
z;*xPO=sm!ASwv<xs3@SZ6E4#T1d!wL^fb7f-pC`cQk`7H#s+drsq?q>TO<BGpFv%0
zrcGe=be9X1Lj_wxTX9}KM%Lw(I*=zo&5~Yu<D;%+R6T)A8>OwQ!6InRY(ajc{uFiE
zQrT;etwfVr4edIj*Ot-Wa=&>kCkY8br4+>i>rodFWk~K=C6?gaYt^&8%TwELbE+q!
zx_S0V9ObR#dwzon<kPvI{RvFDpAyuN$@fOkuu`BuUe<#S%#qB6;F#tKN2c{-WN$E>
z#({in+O*q_CU}C+^K@_F&_vRWkACav)OoQ)7O;6yx&}+rPXx7m^j{L|-5<V(7vc~$
z#5ekrS&}?JC!roL!wrnz1%jWvhfSKx#m5&P?N>s3mVk&!fQHt!T?mD1<VBE=`0Pdp
ztC+W7BLB3=hP`Sw`j6N-k;jSr!$x$<J`f*#>so#p)_9Je&$2*`sq)}MetBR_f==bH
z6$1#LKIpeQJ@$M_G56}ycf43EgBs&@`>Q5*n6IK^7f|VKa2FBEUzuC&IUp&|F6Boo
znYAypE)n@Np|Q!&vi6Yzyo*rBl%>^=O>}c-y2eK5YD`KuxEyDu;{C8<o4Na#N=3{a
z-OU37$SaixvfkGRX*b;wM7bMjgFQ?x_t&U^z-S3OR3oBi0=PWUtq0Q@EB#7C=|4Im
zrQ(BQ$q^bLN@_09_|LV#TpNFzt9FFb5#_y6ra`~99l)BCNUF9vB5gdF*?Bo!TL)@8
z0%*yP->6@_mIR7{e5!p$$33dDql;~y#>+6Q$X;AD(Qm*^f4D`g3Ps$OV@t~i`UuTL
z>H{`{>|EI9N^kgm8Qc;vTerI(O%^$>XwVP{z&#J!=LlPFl$#c8?C(=dwkQ-7AoW~@
z#f4pkhvvT=({bZtrK1|JcNTe%YJux%7wSN;U-D>0MR!9IejR$^u1e_Z|2jlT8h2^F
ztmWe+4?NO4f&pRAx0#8kB&l-a2WgowmjVC%1!~n0^P-?1>W{rfpo_0|p1zS7UKOm`
zV>0D_GBhwfJ68htdggxr#^O2Z^~e-a$mGRa9MT(6nkvQx`O`4pj*B-h=DTzmI?e{o
z_Jy9c>>%*Nzb%>ZR?c0@lEGakxMNwX$AVVb(}?%7daA(8IwhtLFy=SYA{p|tr+WrS
zIH+sy!hmH0SVmEemRBdXUH?c|ZB97%Uiw6h)0TQ$;5f*xSMUa1US=rc2s}pJdduYV
z*}^5#UzzB5sok&$G_<f!iCVy<if8~OQAENp<8?H-j51-+(3IQ}`|&F1P;MBOHo2h;
z?g@P6=DAhvLw0_IyH)fFRUlRGb~M+6pcaqW?Fh52v7Dy1Umc7Vk0$FyHcEYD%>M&e
zFd8z;hQwHjCy7!5723~z=jEO#9iA9U*E;@8(U5y>nEg&&ugio5h6T9SzC~w!#r&2S
zPIbE2v3|1P9S!P{&E1BGRdq6owu}?nk<}t>WSU?=&BS#r`-TehftkSW9V}Te<T$yP
z&fvC^VDdc*hR`Wgl_ba;(2Ds3w-7};{+w04fb7z?i=Y(oiQpmP*S(IWfPFsXP;pJ<
zlyW-A*5!DoX|}H2k8fCL1EDi!di>u|-rbqXH^`-@eZ~gDu%PP}%L&81ll4}gkB7df
z2FI|hU^fHoLonnjaFLs6as1>WCDmnAT+j6*{ytRoUZ@V-2b-siVa=f(WxGA|=4ywA
zCO$Bz@HSBs#lRa{BFJhXvX-rmJby9j|NRj{5i}HELR}rNQQ*-PdLo35D!QVUa5j12
zTxdhk+Li126ic1y>6P{A?uNh$|5n+^D0=&l&D`ex+o8E$mD%Q{{*G((t+?p%tKmWw
zn<mwJTQzP+l#X<b#kf_vN{#mW-NhkJiQ1kNv2LyXL}X*Tn=cuDKH*gJ^a9!nl%l76
z!4Do8Ol(e99>z0>Y~3K4fF1af9`s%OLBI#hmB$0__qWaBiwN1QE#vPajq*J&yTN6C
zO3&^FVs|@dKhheNR~Mn-vrsmi(<<|ccix86#^0adItC1*46;7C_P#lZn#X-XcFhpE
z?a&F-L@v;$xgL=&_stZ_z#cuaS9hj8^+nV1jK!f>fQt<4qoIvybDI@8nJ~)zmrsg4
zrSSOIH)=|{sbY`q+{0d%fC8Fd-~p5Lt45VG{pC;0jZkjQk7)bJ$nwrh*!k4j21#+e
zqrnd7lUQqD>MggXvu9u+h$3lxoH@TF)dIhg_1n|tMx=N73-WF$te{{v9<F{!@ijnv
z5H=v(UWa0F;A9=eJ(y6`0s1$Pv{I-0E@{x8GSpcCA8>Y-Z|Cj^vbyUQ{&aHY47Z&_
z==XdZnG$Mml|-snZO&OqoNG(b%k5~W<ccQO><ZQ(K$Yowoe8^N-xjQqQ1?CfX2lF*
z#o;#GQe3MeE8C4Lms=h;M{defdyT0^$oC3q$qTIBCQ?Y)8MjfTE=QAl7q1TN&N{EC
zB|G0;dY&aUdoE_X@lpc+Yh%!Rk1!Hn$}xbKc(a2j!o%=xeZnTau$;fC2EF0DU|&1i
zPRZ+bAdW_bpgLtVxno@k*@zy6(|KF7cx^QoQ)|5U8`!4xRv7get@J;a`}#AxNg|H+
zoOF5~mrP#hOKIw8mOqMcE@%l)3S#wuTKq?Kl#35cVo_HmB=Uu+%v-Y(@;4LaA=rG)
znDs@e*TqYgJ@NugnK=apQsnbLhD9?50<kOn+kL0yE+{0Q)|ibcqt(Y!NzEoOnYf`=
zZ|>htBGDL{mim`W1+u3;5->DP=7&E-qr#!pe5SC^zwtBn?e-)PalX+r^(k1yJOjGF
zIp4Z-{tLv5KK|3&8FonA;p@rw+Ns_6RzXco#`)qlxw>#FZSf1B-+yBu3+8_6yspm0
zHL|ym_-UrPW}Ib9(vSFOqa658W8&&Ndq=3v+w?yX2}%dEsK3#q_M~_^wTg27{djAd
zfqQi;ORwOGf$DOv(wC#qe7%+DTkqd?eWR`lA81Y=+*omrXqHc09MbL$*#@2e++c4o
zB$1CK+LBc8?MM|Tm4Tn?R)M3!1)oUGBB1~7qJ@2^g=__?@kNM4EjZI-I6l5rKp_XM
zEUCAX1MA}inL`?J`IE~CwCUAQ&@0Dq#lPa5Fo<&wq{6R+DcP)vxgR`I5`edhvz8{e
zc>j7$(T%ns4V6$0X1+wWY}%&|^Nw)uSXy13w*L8DHJPDZ`oU_ar-@z8>WQ=M>Dd64
z`f2)5py?v{K8?gt2()d317|E_s67#V1yQ+FdkcG9sgNz!`L2mC2tx_dw%%Q%(9VI6
zdw&YDnLrf7%JEew;1>76MjHO%tN4=8aRtdce6qIl<2j9;(%^~klR4)!Ov)jYCvR7i
z?UBe*LzCX_VJEz`%{)s;?z-e!gF}iXwIEuI>#R}r18{LtQr+Mc*5Yf80&8uGCUv%m
z(%iwQlrxHv%w3M(c!>`f2=tC~qEdL=$EOCuI9$4RFY)>wtLnEDQI*z@iuOKKk44e+
z*dy&#Z$+ul>$nf$omVre%M;gPW%IG3=9_9Rm;L-Q;Kf%a{ZCQkvJr8_Di|CB%^ERO
zR0>Jr4W8kLvtv%Zd4(|nTRE~s#3&X|@~#+U*2~a%R}Od(2RMFkMk9U9B^7z~tAQ^F
zJK{NzBY<(7FA~2M2?MbJ0MsvOJ{4<?QKVbf@pJ=>*x(jmGh@Zk>Cob{S&t`r4Z~O-
z89UiDY$+Fe8ec~3sdBRjKY}+jl$?{d(0oaW86{z93Q&}r$)|W!Jl!~(64hW;xj9p=
zMY(JlO?*5r$XK8hvvv^M9R*1e$oUu*NxUI>JFdS+@}Wrt%#kvtkSHIw9KkfqOE>5s
zE4<9o_c3^sG}8D!&^4cOS?a91#C|l3;qo~c<kZnnQEhaI<hnW>Bh|UH@(jx-J-W(r
zA%0f`T_{ZM2?HO+V^hth&s_9X@4b)k(>x_$N(H2AM@eEaAv5c6N}3`eIL;LjJ3iV;
zXee0`dT=+PF!F9nJ~F1;m&ZQoI|!tTT*iX`!L&U7@H;8F|BE#QGw9B-@5kp!VvjD!
z!w4=K8*i>JB7I3aA>&^>)}}LJih5?KC18fwPew(2Wr=BokGElRUTHOA71e=Bho7H@
zPyQkIWMaMF77jPTy@tC#rIT~lTW~m#D#=m#y4v~}JP&@9_ff2G*rCKepCw*3jncB8
zOx-g)&NSMe2oZkQz^W;>p=575l*6`8%gII?C7h;7JXIMxNO-rI>1?rcc#o*n+2{1V
zA?06qDcM-S*?}v`@0Mzuq#_yR>tQOz0(O#+tz(XRI|_L($R@}E8f5e$K5>ISI>gg?
z!TW|gfzjymp7gna4`Xl$ep!^@S5~}uUj%G4TLsGeT5~#0jz6u%TFejmH(<9emdIj(
z6H9wc4g`j2%b{%A;k7l&swCHdBJ~OXu4TC`*!QgoKjlA;2-Dz?2izFGgx3)@7P(8f
zil`U&LzP=u1FuvlbCu#qb>>9$te91wlpLf`AiU6ihkUmgjRcVj>rW~7m5)4W#O6L{
zq7d!GcHE1E+lmgDxDF^%Ef)YXy{H#4#x#HIoAT*hYCb^GNGTZ`&6Y4)?v24N@G5%v
z-;|ecAMY$A{N#@``)>>spB-j;Yb;r0bmeL#?60Tyf5vj%{s-Cn;MoGw*7IKh)c+37
zMM8cH%yR1MSJW`Ud5-~K+Pp4e`R}Xx?~C~x7wZcxm<VTbyqD#$F<+VPkd$d?Cv$wC
z?s;#&|G#3f=@Ww|*U;Zz66NdtbP5X7d-nNXeNOC^*KYtBt5;JH#UGdPf4Ry(KRSJV
zOGpE3w892@`hRtI5qw;?Tq^MN7pIfrasJ(BKG6N<sWsLH7MEIgwEnAC2Heemqe1lX
z{^e(Ukio^_fJwqUJ^Z{2ddz>iz7IsQ+5B|k7S08V1#{Z+@)pl+{=+s(NA~fZ9f$%0
zAxqS5T293m#odl>e;ySH?w>*bl9xj>f2tGz<LLrQRu<%~K*2UU*If!G@jqtwSz32B
z<VjTJ<-uodDOmXL*Z2zIc43W@*!c~%N&Mqol|RX|-9?Lv8lkRkeJK2wa|3~Ui^^zY
z>42Ir_0O*-!T;-vDvn%W|AhI&<O4J#L_VXa+ussFatkSp3NU85wYxtTK~@}K<;U}X
zxC$N=MH~0z@ond%A=QV{e_h4vq?}oDIF7g2)4#6#6^q5hyLYJKg?dR}0O|c7C~<&e
zrf4-IWA4PRP%yql5;JN}PEStuhx#WwkFvCC8KtFmVAMCOVhCs`%S{~AyuV)>UotXD
zVJoW{i)A#VZPB5H{`v1``aiK|f2ZGlLc5zNH24MKh%WoqjoK2aL$Snx`7I7~{QNgY
zLGs+kFm8dgSlkdm9;Z_V*Z<*N|J~%pf3NQ?0dzRyG`HHDe|4pKQ;1Pox_#W1R8BX>
zTYo3T{lmYcOJe<LPsgoo_q6|;+lk=oB)c_n^C{)c>w%en_mPC(ANkEqtl8#9>vfRm
z%zxiA|J}B|+wdQ*>i<W#`|GE#Xu+*{iAHzZu8Bzc{Y&qK4D74H+!FNvM%|wQJ@ntd
z_V53auKL^MRjU$wiu@B#{+}Q7y?umMHT{z4;ds?;7mp48%?k#mj(AI61g;XlY>^)C
zFSqhEkT05Sz~OMBPz8tlITXY`F@1y=qEWSbYL5S~2J&=ouU32s6_%|=@W(^!^L_A*
z-5-8OO^ouz3VgKJ>7vZxpS{AZI=nFJyUy(^(eG0B5+nn(yM<VTp4%Hw*ME|po~;id
zw-7|g=KruLW+rQr`j6ie1ib2PV3rmt)ldBEe?0cTgG3{DXO9sCd_`~-nXmQl{KNIX
z^05>6fS>__I=NO%=O4mgo*3dA(|obwp85#Bwa4Gz%5%&nQ2mqF<-7a?yS#MAR`?4}
z=<^1AHVENU9Jqr_%<pe8v7g-gA5Qf@hV}*P7XJAcv-PBmhMXYw_pkS<kp2!Nr^CXH
zC-d&TZgLV3kEc~%D7}oO5wLyv)Sio;!}2LECQ50fM#r-CAO-TIq{6H#OT9mfHH_8+
z2KEo2G*K$DvPAKfnE(8&0RPe|=l(6C^Bh;<Hns7|BHkU9z;a9(;@AkuDr`tYjl<>-
zPGe-EMgfZ<(8<c-umy*PLYmQt%sLv1?x?1GQ&~OUt2nbLmNvt(+z%VbvK4`RdI;N^
zqKJ+yib(tNz4~<>s1=ya7bQ@ixr+-I;B5R8`!@SGI3ywAFScgF)4uuWrZ$OXT7w*L
z>C0h!P3K41Dnr_%UrjK~MynFW^R+bg4-Sk5W*`;XS83cPu|TYUQsH@V{MwO9%Ezjy
zN|F7m5>ro+lHhul5`{b~?@N4pr=HCL4Wpl<F%|q~pF8258pBbU%rlA1)+CM_<6vOD
zy?%9NJE|x&$?%BRBCA!n0Ud$dPjnVtEomu@#X_s2vtgTmv`{|#bFy9UEB5an?qx}*
z)N=%d;#V$#qHT1|yqf~p{A0%!E$r$=o)Hrvx;fBklD_p^+4RfOi3<8TZ#J7Js~dcg
zQ{`8^_fk~fC_WP*b*3oeq3N_DW&WPQa<yebg>g#1+~Pn$3cK5jd=(Zcj>0`7@6H0V
zBZrj3T&nBHxY**@OI0SyjvwZ*B2u;myTU5V5qZGIQdX-lv`wJ03V+GHba_BGzKqA~
zRV10l)6^dmiS+t!apes@BB0xm3kD<;0SF2DKob(p^Oa37!b)7)%pu2WIrZ3{v4^(h
zYb)zYN&AP}<s-X?GOpxXrf~mJ)NQIwsZ{W^yqz5&`wwJzdn`(&q6U)K0^4I_TXEWF
z0*^PTCkhoG#gM)vhdV9zgfgvkYMJ8O@Jo!5g=Wch+%Hkmu5?N%Qg0&L#Pe$i#rF?f
zsCNWR#d^*C{r&d#SbxIY6jmXiyGESM1l>mW0>WlIrvaPOvhK^s#|YTMx)x{_=y{`<
zGf?*z3`apuT$Qc{>?KB6(=l;$JJ(H`&01ICOAXYh{2Z!}M|DEk?!h5Zz3VRo;3)4*
zHIy|&dt;1jj7IC6o76|Shy`hm#U~tnzPpBwKD>79AUk8QsN7Txjt!~whxEnLMK^3W
zY5{gx|1zWfi$Akw?~@nGyiy*5k`SW;E6(3TK>Ft64`s)I)At3B#T*Ke)u^$K1VB7?
z;|!}m07=aTLM-B2gWH!#S1HxDTgw(C<>nT&pps5vRr0#AO1y;Z(oI*HMJGCxk{sbP
zN8k)3^<7_V(aoJ~62(jio#aU2F9W1b<Z~wDU%hd$t;e4q6&tnOcQhP<ZSD8;PE;tF
z#o=^K$f_5JvRS;|GB@lF-(c<i)pAWMZ72K_3YPvfBsz<dW*i9(mug_uGDSy3q~5`D
zLD??mcx{vYprdyfVlOJL;2T8hO{ah`<6$;YkucgX6_fH#tlYF`l#$%y+0l||HoB$^
z&>hjLm8F-_5^y?2ac<X2m_4zHC@g7wUF7A}5hzT1kN3SzTa54zS6MD>e%%eSA{MT9
zf~NR8w%^7{N6S@;*X^t(k9*eze7Ja>efpKvA?3Bw5R0B+>lDcFaZg?FyE!hqM9i0I
z!&%KQ;Eh3w!DYh_$UbRn)++MoBxM(_J%#a{wqAjf+qSSodD)wM`lnN|Pt8{TYv25z
zz0-11>u`ojck{(|E;Z8?5rA056j3`DPpPhYg7z^vuIBrUThffz`I@Nfdj1H*-FHAM
z$6{%)PWDjfHbKNrYK;_qNde~Bt6>Ex=Noj4YmlG{k%W=ZrFE*x9+zFGoq55e7LOnP
zd;37Q_^t?JTg>c19czv=TYjNmk<5?|iN<G&B9^mB#WgKheu`oKA#ECKpG(*BGaLTk
zIQsrR?;-B-ROENM42whT^;fTotl;(8m{Tfa2p63au|3C|0&O;$l$!lQjps^@m%(a{
zwIYFK)t(KodQTi0ZOXd35h=S#xpw;arunM6&Fv@a6S#}0bUs1T?K3TL#St)?q>b6l
zgD9L^qX|ONAz-1kmJ8<l(x^-+?xQGwMJx53UAk{bp@q2NUJ`3$+q*Fw_Ze*_&(tMX
z(`6Cq>{FEus_3&0PDl*Qod3}*7o=v}W&_rzlf>F5VuaAbcU7nXDX3CeIjX_V>Ym&{
z^B-LnR}FR>Az^$o{P)aEh*<Y2A>gWJTdKCqGu2LVC2JsB*0Jpek!xYo%(i!gBfv}W
z&`-*a)`@IE&7h`4p4^*Hrja8Wo=v7#$qMQ~W;$MH{_1tIwQdW~X@A*p?f?fY!E<w2
znJ&(tjYK*OnsDr=-vzVkMiVV(^CA_Cm8C2cN)#@>c;z0y@!V;0rZOF9DrC`Zy~BPy
zwRo6X9H+xG&Z&!3hcGas*HJP7an(wQx!V1T;W6>BNSgOba=_x-r@-X^eCyFY5Fa1v
ztUYDh{pRWRi{xdhQl6*U?4jf(e!b&puF2(#g{GUIG^Tr)0j_79NY!~Hi2lVIkcdQ<
zf{kO%dXH>8jNX8i_(?Rq#!D&pxZ@FIi?IpShjCy1M1x~5i&@f|dhfTnpIB>EJ)h(?
z88|{!Ucc7%EFVY15xkq+J`?(`aJ)o@0HRX(<a=z^FzfuH*uyuCAK(12nDF%wkK@YU
zB>E(*(*zXBZZdF&1DrmL-tqV1oX8eCa*J+r1^E?Z?zxik$|$e$9PKp}3c3g1`Oj=G
zOQ~)s6Q2M5MMZqTzgv37Vlt)Lk>KLhLH>JpEHxzly*v`rHx!^E$6q*Y&r&RSFsX@z
z;$gE`7Tw)!B$srNn|E0ZRsG7SiTU{L#isqzH!PVi1@D5t_0cG<ya(D&hO>*E)5MQQ
zy`|KrX|5~YU+(NX6c@7s_M=gT7z)+B<08*rKSZmZFR74A9nuuBAmP)0M`S-5CwfP0
zpJbS&GCBWr3XfyE%LPr{@<(LK*SMCXR@gU-k;eS-QWcejdxbGMM~RSmstw6xA;Ko@
z-Ji>8zxKPLnrVs#=F0`q1_}$gS)B8^{c)+JH0VNC-^IKt+bZZ7%4%iB8E<Z{MX`wd
za4=7ao?+G4^@NUo%Dq}<Zf3N>nr2P5vcB5*Ls=Qm?qsYLqZEpEuCdi9UL{3ui-=cA
z7R8U^Bu+82=|}SF)e119p6-^|dL;39!v0qabHyKFMOwA4g<QFkoi-{n?bc!K>THyU
zw}Ie){>l4<*tjy8>=??D9JI>j0b+(8=JPPT>YN9p-%Zh^R{K+k`{HQF>J*jT(SJh$
zSuEcGkq8iK+Wr7dzPMXmizT3`PGy%L<g`{#y`@q_V4HKOJlt8(nM83Xxd#5JLch~)
zVy7DAT<T<dF5B%$pbZW(g5~;+l8M9`Y*b%SqbPA*_ckP4GxQBJ1@9Pg5uR;+lGzK8
zkw$>L$Ird~GP4zi^m!Q@crOJP!;1a=aFR0NSrK%6WJIOmPZ~8|AB$u!5aMzU+}eWU
zyv<<fuAKf5G~BCVq_Sa`60O1<o*VZyyXnU4Uk!I>khf5xyXkGUlv7l6s0){c>l*za
zwJXYLf7}&+Q}QF<872*uXy}^RpoCt_P0wJYN^HrvuLiOe)4sDf#J91G{&a+dTg!TD
zLhE|ES+FF5p|tx*$nBx|44<^woTdeghr<BJ9}?s@Q1$oCR4@APMUJG8Zu0XCUFMbx
zpR+@<2_E)>`wqA3cAZJ^k|U4~p;i&#Gn=ND-ZJy{PZz_nQC25A29pppS`I0#PeEcN
z8-UTGO@}#^Cut`WPoMFrZWG7_yICeRsQ|in>{T<+g}Z`j1uEL7g~mOv%ZgP>Q}Ikh
z%=m{x+0eu5O^W%2e2R(W8VwqeXsp|bzYO>BCbr_(meZL_Kx9lvNgvN<BKk{wX{F~~
z(6V^+18c4E_sZ_B5S4&SsRsKqLm`TILq}hrOfUKsO^mFV;|?Pc;PfwSFGgyg;LtFS
zuIZ(z$MaXGOg0&zS!HBg4<$M}Rn?|;xxXk!3%u|W>m#%Cs1&$gSZ&mYaZ{vp(PSNk
z&S~#3?4~r9Rmu3EsYQKuq{^-S_(FFX&((3-yy-)$)L6CoG9{yans$Y~N@_COkql>_
zU+SbR*@EcSgi?W0J~i=8vW6v7w<vQF)k1!gmGhU;_;^`W$>hIngJ0z%y9|`F6Me%Q
z{C0rP^ZOVDOE+nR@ao}l3Ekk$C$~JYFVN7WZlFqyDci&=-up$Zey~E5C6hKkTB7Bi
zeK&y!pVcy=Cz`wubYN5X9TTB1m=LQ8y)Vmky$54yG~TJJE5%%+E}um5eH>i_Dp6v<
zzg5Pv{z+*Fy{^qobt?!v2Ib?vOyS^UaZ^1VkWgm>!maO>Tilz<dN7?4K<TYF12ECi
zaXMagVq7kKvd>6L2zhc|)b(a9fT_PMfc>i&;<*q5uw<i>(STIYsj-;uZCH(#35%_^
zf)_MBv0n<~w2tGwaY&;F{KEh)j-PU7^O^qJ(LjeCyD4kTVHMcy=jD5t9*M@^4uGqD
zMQW9sx*7K52Y{p312PzLkZX-cHyo@EO|~zJ;jNITcvMu$pTSDBG*BX|yW9QImcjTS
z#_|uYJq@TSf(EZ=zgld?;l*x8_!s*@c9k5-Gc}R$ur!L}(E{R=vVrkmxkC@Vaa>Sh
z^q)+<ZVL%<Fq_PYf!*;>(2idjIHD&??5;lfZN{(rUQ%qCwyR^|`U)aH{-IoQE($Aw
zTjeAoXb4g?clFZ}kg~8S&H6#Qdp73VS%|9!ly-P3S7|?}2xz`Wsy3-IFYt%Bt_$ya
z2gmlFygPkJW6c)GGo^Dh;?q0M&`&OC%4xes>62rXa`_@3z&a4%Tkmw;^-xePF^Y9W
zX*Z|TQIgsEOfklOlqd4@WO-S|DC0kG_-=FN=6Q;M%Et2#-t?7Eg=DLR*MQo}{|;dc
z%04uo@9>ZN<7(zf9Gsb?^>oV-cf51zrO3Ti=M<tGhR}PPa`FGN1G~$>Gq@`N*;?3v
zfdDg~G6H0QhFfkS&>EPyOE70B-7>WzOhUq#oMu&BSGQ_9e(JcbW!oK&bctaboliS~
zMzE4m%Il90FktO1{2%Yn#2vW~*Lt1Ba|j@x0Xj3~-9xjCiu4e$*_Zj{EX>YNSbKer
z@8AetH>Z^sr~KSQV!!9y=i)#_EhEr&J3!}uJa~;fPzDHWeP6@F-sp==XFXVX9Hrwh
z(&;9^^(Bu(t=S`CzHhn?`NxNQk0JmiM&{@T)akuv829h?87ciBYJ+kzqrU!3U10G7
z4~}v?<MBOp7`NLdsSGcRh}Y#>AfqzJO=m_cD+7W?m5@@l@T4*j=;vgkAj$^EQY$T<
zNZ*7ihCI`zbJ^Rc6B$7e4OLRL0Cc$YRA!4&)ueoAb9<rk%~!e@Y#%F#xsu~_MP&!>
zas0k0=KI%@Zf-0zkEz$1je1wPGPyFBqE++0uVlh<6F--d#A<WRjvj8rz44*xf29Mj
z3td{q?N+E<?YWdnGN4o^&yL|`uB=p4zM$k~wFzPk*JR<9F@L%_PhOqi7TDxk%DuEx
z3}0U1#Uk%_!Z|&cE;cH4b2J>)kysKX^>C_J^@rpQMTV~TtP#v~@8Glc5+B?+k##Qo
zL!m^r<hM_vdSdYwYslvGH%A0^n2h++D#MHfT|>dI+@K4ke`HV&uX1wXebZj-ZDa5i
zb^AAJzapv_C(E$Jw}An#nTdYnNT*Ob&pDdB2}@zCQp>oDGSCSeOFqhJ!DyA40uA*?
z-CLGvB>1|3pLlJFNyDf<V1Tr=!MYZpA&EF>v|uq*q;xiMFij~H_qeu)Hh@j3iB!$M
zc>jmNI<gO&U&v$HQngBvYAWR^n^VB|M%~MMLq446SN3Ad4FJB-5L5VPk#IF%k*7FR
zY=?vC&jKEZI!NB~FTPA)IL$Y@+TDV_%$D(1zK1s7-O4t4_o;>0Bo|Z|7{}u>GTeWI
zzP^-#>4$xQYcVfY|3a|kcSG~#n69en2iP}tl?kJD(tNGld9Y?suWNKT)PWH$yEP$c
zU3<+zda9-*BJte49MtKPTXBkIg%h51dKIvY+asQAHzEbU8|SK+MAL4(G}tlQLs?T%
zwXpL~SXb_qWSK|O&BUEadq3hANapoAT!h%MXQ9t<Y=uU+;<KX2<`_K3QKIS9t4O?j
zVN|7u;bKP=A{EV<WCFTq=+jT!okrYY%^A!VElNYqyxXlgQif%tRh_BT9VY!s0t+7b
zXf$wdEcPrl1@>$!iG)lXf)LHxS((vJ)Qi*9lx$lOmb#Og1al1dW?9uGvIUWcb=JI*
zjmpJtiK204;7~GQtg_nq$e)ug+WpgSDOAC0z4B+*X-x+o!oSv^AKTU}Q=ZHh8csu5
zA0zn5j+$j43ZO0f4<q>b;kaPA1>Ql)Ktz5lfF42jC4$dI;n!5H!Qy-aDO=Cn^>*F9
zmPq0B#P;B(xypg&&G6vh?0J7m!t(WMvY^hZJ9m-!?jV4+FyimOzT!nDQP&CHN$JCF
zX(`zOWVLr%YMXm`Xw|AyIm}YNM*E+0@{y}+=DZrdgfa*7i7avLG}>D&uKOMV?*s8I
ztY`27!fvDWaf;)3)ap2`V+9Hdit^x9Ffv&9q=cuctI=xX5jN3I{ed)<!<w_>jr)i&
zu11^09KDWRkBt6yWJ(zhow^yjR1hLOl327CklPJ4Y1wKV&8W3kU#j%wDW!Rt%Tq~|
z`dj4~F)c4b^E~B<E^G}bindem?dsPH3WaHuCSrCmyj|=>1eNv<!E9v3ft;2duP$}l
zk<neL^_<g03ojx!S{80VwS#UQ5pGpq2bo-d|JZ^JIh@EU3HII#w%E!YY@jNsZLiOP
z8RRD0eLmY!ocjW1)M^9J3{!4IU)cI#&)GB`;aId0h!8f}^Nz6_b0+6{zw|t0Fc?ub
z+-6#RhE|psJn1^KoHZv<Hc+BlxT{3+g2UxQ6?5#zAfdV}a*9^|laKV*542S;?m5tG
zWhQ)vlw?#}scY<MZcLl%qtR(sD2l{BtO;Dy(r;j_JKcmqf`iUxI$4+5crj6urHdwf
zsiZ=HGGuZov%v>0#+=%Uoh!%BiU_|7#a_>b;wc%x=2?y01lYQR>hn*6EJVVq7_4^K
zV7Y|&RO2v_B}+4Eg{H3U1a=uR>#5|t#Nm@0y-P7OJ#DVDGtsmj)&tB8iM7uV^%B=b
zGP|L>i-v`^8y-%N<~SO7a?f3FJTb(&q$f(o`zDKHB<LDQCNh^k{<Vt!v!HyCpNLg8
z<Ak>^2ZKGs$>~v}(AihoDSf>pQ)9o{1**iH*HhYhvl9hyb;u{~wJgG^)VKWakfb5$
zq2cTWnOoc^vs7T9JVu7+>>F|p+mzjWHKaM1wqEu&M=@|%xLm0Tk=1DW@U<k8(CrtI
z`z(ru_DHXWtgs4iTsI|*z~#G-GS^tMbRu()Mn9CYX)%nmI31sE%2=IMfyX*zrfoIV
zUHbYk*Tnn~LgZDqQPN=a?bDMA!ye4K@4g32ct4lpZX_RZZqhe=atA7+o{ODHr`!t=
zI>lE9Q!E-?(nDPnTK0RXU^EpqSPQ36w&hU?I!Hrf`=(Kxma)*ZO}8`_=K(m-A_km&
z0sWlsa_G4zeF@OXSdjIJr++ORoDIX5)_z2Q|2(F6?vWi=wKWe5dq37IRk1{DaMg0w
z*SV{SPSD1B;ai;AmjPIhlMpXoP1YgE1^=^~dvrxt)0+)7+v)nng%Wc|=9YR#59O2~
zolrcOJ8XQ7Nh{XvOtDSbUqfoo{+rDA!_N@P@d90qH$667b=&S>u>{{giN43_9Knmf
zG2@+UrnLd}{#0JU-KIL-+~U;4_0~C(8D6O|vo%ko!*;<kxK&V4Y<D(JH@@gFIEp1w
zW@Uy5@8eB=#ThbDnj`s5oo4mtt~HbImKt*PXFtUM>0It0AW6O&Iaj}okRMp>%}ye0
ztNvCLvl%IpZDe3qXZ&+eWsrAc(a&9YOc8u3UCZnzy}+b+GYzoqmo5w0ZoYW=oX4Y9
zGKqCUl}>xHZ!1>Anq}{eXy4`8L2-7G@qYDH+k+kaxQd!{z_s5YtSqr)+5QEA`WKUt
z7r6>k+58al-SRw{qXXGfb^G*?ms4Ghn5BjmJPePeAojof34sCwr@~2Vxes=0fI;Ie
z^1DZdb}+BYdBI?1vFt}w(W6j74>0tmCU+9TBpu!vd&D>yUkSvyB_j_UZ7#<ZWF$aY
za2bG1VtFrrptytMTrlF&uB+U5KyiEMo0ga0^<H?(<eQBv%)eH^%9cX2)dR<%B7Ljr
zJ<`!C;b=TTc%4<8r2E-Ha&R?r^)$BSQKDj8_ts1`gSCZoZ_%{9ZIGtHO75}IZtFFa
zlRq*vn8W7!^@W{+IjP0!Xngy<2Zs<kzO@mL$CePnAR)MmPh~`>I)TZhi-S&y0(kB2
zq8M@8#p>NOP{-ZghfQ=2Y_uOsS!h41SWlD1$s~|U4fG*CsInkkeMG3Ax)Zw8tcGUT
z9x!8FS=qC*U6C<b=~x&qu_W24zV+2UsHpuwCUiHs6eX_v%+2^0?w?rlUtZwybwoi~
zqB##+y~Dv|px5eoB1T%R&|sU|?(bm2w%`#A;4e^U0{4j~uJbyEvd2ViT99U(xuq&(
zR;|W5<?@%P$yB5(+zSi=g!C<Rd5U_#t!l*8rr%Jh7QD~z`D6BPBXtY)HFBj>mTrN#
zkmf@P%EtUVxHfu8X4B-U-67!6*24|=jGYFM5gT5f?kV#DYT+0o-XP)iZk7X>r%~=#
zwK39`07tjhv9IL7873P=U!HN>L{1$SmR@&4t3zvAujY1MMm2k0K=;k44IxjjXTP}v
z2($OMSyzhy`tx5Y7YT#qswM~T1?Qr}Up9qv9X32z{)l0rAwD^=%rANvJ$R4vUFRrj
z!pVq7lIO6>{dcxI`f8jlnk!9}c_owr++n&&+-=GRQW*4m!V?7w#k087ny;0fqp~NY
z9t!d9w$G%QwT#lRwW@ZqGW<M2z*<#GTkDb6APy_Uw&KX=(R%HEu|_`QhBPREYvEWl
zzvt4G+P7tiTs?@%GVl1FW6=&LZ_ua=TIy-Hz-Ts;RetH%gX-!vz3xzeM!JIy9XQ~D
z&K=m><M#3@$Mvx;!c-OD)muw==v~7N;h?i3WX+U;&1yAc8V;eiPG&K-^57`bP+@m{
z@10;c%e`PU%M<;-Gm1M1{(p=<{y#?V<R={HU!26Rc6#{x{Y!s2_kcdE+b;l(CvBG>
z!uWK|G23R;FfhE@V|-M7b$Kw9pqhD2>+OA1xM2hY&M_e4?EzFkt3D1rAf0rD%aBZg
znl0KWXlR_R^4?J3wZQ1iW@mRiRyiSvaLGR7-rN#~^P{HWll%({$B)GVZ6LALH#o`R
zB<s2WjP%Hh?F#@|$M#ox0XuA1xRM5wd*}@*s0Tv6#e;<hLoIxd-hRJhHj?RIJanbj
z0xEkdUIO!;Ct3|un>_XBn(jS3O_RD69!H*=pNN~yw71`meY?Esu4VInwY43>UM#8p
z^tp2pwnmm(-%9mmSTQ_1uQtZAaE2l}Eg{w^g&+0Rl(A@;)pUhFHo8*PT(wn0zfP@c
zwavoIB}F4e))9=xvSX9+d}`cLRmfGSYzb^2KgZ*VC8T99vp7sRy8fLL+<)c%^dsFJ
zLPSu9OoZ?GS{;alE(KlnF4;(^^i=jKFOOqaY)ogQaCF~1Tq6%3P<wMzWBqY1B}lap
ziH??lwu7UJ$&n_?d9v79Y8T~y`|ZbX#1MjDlRqCsoAap9&RxpkS_bKD7)#^uHf5S=
z`EG%N3bji7v+DY{0Ks{q0cI1V;g#SV3juJP4B1$YO!VaS`D9iTxU(e5<hLU$d)39h
z38*GsJ$2zJOeSHrobCw&KmAy)ewv`<<J6fa6t0zb5k|K(o)^qHZO5>r{-X0fYjM)K
zOamcWx_Lk5o;gZ&LhQhoaD0Q;avaSI=szxQwSS=U5k}CPc5`Xsy5GY~LI498U?MP6
zvz2%O&gY2mzS_76$#y#Oxcr7i$KD(T4pJKZTv&fYdGNFC;Q@kgj$%AHrll3qN_f2#
z>}^j+h=#Ev_B_bT-Az{q3CNtbmSHq5Q=Se-+3x7|JgbW)U}kba0vkiMrdmbo%3iIB
zvaWON6LFwev@w)%w~4gkt6f6~yJHqJWALt*cxir*cOvb8Moq-^gQHjia6THYchYJc
zOO+>b^$)aa%4Y@mhDY<VYHBf2N~Wgd%q5w>4W4lFg^u9s@7Pw0h17=S%3Y(fNN~$q
zA!~zeB0-IsFGH-#P??X(o;GG)8icd?O^r=C?bQkSs+_f+oOKRM@8vdrNRSPD8E{nX
zUA6qc{I`hwxI2O`^9XXf{>M6b*L`VdBj@^ie&(t$7fX~m?g=Zo)Pr#@{q~KflWX;W
zM+B5;xU^pYrSi@4yc=A(P13*ebiCQq-SzZ`Xoy5@^*%WJt7m|1!LTy<eS44{82*^C
z!q!&$aFj!M`Th1d1Ex*dQeF4S6z85#QJ9O;*3p_SKak3&vP&$%!5miZDV)wFq<=EB
z{7-=;3+T%VXT0aXc7!|YL3O%2J5KvGKx<3AZG>C5X!VN3PTOa%+8?b?{B&`rsaT{M
z#>IHVz7(Op`WAb|5v6+1Dg~6P_CYpa;@ko-?_~G4qccuMLfPjm=$lK=j<3K;Vlk!O
zSF#Cje<;-LczIixO|Fg_1d1n>2$RX?bRW}jX4jRM%qiCi;>f6yY=9#Vs2qR6w9mtK
z$Z6EsqPL*E)oO(~BIDT8wH}rI9-d)^lvHWpg`!rcaNtPnXiv}yDi$s1YWmaGFvwTh
z?aSve|2F5`VWbK}u~wNX8i#UaIcCMS<IJ|JrB(ne9y-A7Yf&lc|5Zdd`n4gMzO1zI
zcOu4iqj}$i5{AQKMahe=WUfC|9if6l6U|#Hc6mWT{Qjx$|4P2^B9Gtm5!$fW(-LP%
zql&Y>{=JE-Pl)aWhbShBl@TzTMqHjY5=w}h<!|+XX)?k(P;}65+DDZS=i2|&c&si(
z1qUO6y^u+5lg@G(-YcP0?`u~L7`(c^wP_EEum8HN@RDn68@zC<7M_ECLIb0g{g~2j
z$4MoP+YTvj=$+$icLPT$_o2BHvC{b_D|YbW0o1Qg%|xj|=^Erk!i#ZkW7%<<lnbXT
zY+EI#&wg9A4CT*^njLhbi!NRsoiL8|H=N08I{i@#T)Q7abzboDq~IsY6u-%pOweDM
zqO*);8sd_Wew#6~ew?4178R%MQ7$q9&L6<r*nk(~+mudJ8^80fOVhnLNW0Puc!W;|
zmRU5I<7*air@XcZQG-Z2m(+G_8|2s*iHIKTO4tVK*L5@+jua?Ga^1{U?n9GG$v2IN
zvE0jsPPa!r71^lT3sgCmk9sQXH3m+-q%@dgMnuEPGm9CjVqz3jdZJLMjD||)P&OU`
z{GFAHuT}WAR<=dl;Bgg@Dkv+%^gIcmXN84fzpYzG<>Cc~NGsJ0D`L5_8CV8R-dL+g
z@>n~L!pk^yR=tN+I^)9&4<|!jQgEx+L|sUEOomG(PkOxL|2A_V@-T*fYo<GMKxx15
zxxG;X&yv`GZRGze`9dI%F!iMIQq5nnUmhJGbZk?mvBY0%8LeQ5RJF|u$J)l0Qu;LE
z5}9~=oQ~)DVdVCld-ta&#Fn!vbEU8_Kxm68(mcyn`l#N<b2!`q>f@Z#6-L30d(e&j
z0$ctfoTvu`4iPV$XZK(TDt%zA%BIK0>i~c5sSW)6_K+v&`7T9LuKUThT|Yxtw{yz{
z_r|u}+5YnFS$^iMNmT=2S3Q1g0X9@n;e!?-t?y22qr%Nc#WwKfhDPl+<r8jwYNwR=
z2A4g3FrQLw+fXkG4*Q}L40u>htE!|KjBCk6lSGlG_)U-v8gQ6T>(A0$)chu0e6gh&
z2-;V;2Fed)P6!=_+ZbJTb*W(MTn#{#uWub1Qv+3p4S^DP_sxa3Hv@zDLKUngkiaRv
zyzx3R?^8W!oz^Xe!L8=PbSV3;5aBx4`zjRx2|Vp@ka7XG{%j-cg|LhTmc59%zDJ;j
z8_@`864f?(#|&faE6|joG(dS^iG{_%0qVH@KwMa3fO-F-Bg--Fb;7|;U4`)o-a>}s
z+N5y63r1DSNyVN+m6qKBtYc|J_;+6`@Z7R&cC=T{%}h!m*?r1luEJiQXo9@H`$Kp)
z&%`_-D0!xZX3LZ}7b07jXH6#E-|tp~aaP*AnlK<B7^`lwTizc&AO411;v9}gJEzVP
z7Z(z<<vm(eag|tJ!abroSu#_h<;CL|yV*-D$D~lMJooD6{qP+NHH~tsz)L%*rCLqX
zO5eMTlslAv_bW^Bze9#~R^m{M1e>?#FXxidv)v$xr5DNmE+fox(UjKtjz#Lj1@P%p
zhtnT{@c8s%bx1|vxV{rOLK4bYa^A45S?>^3{<(>E<tGe&45ojJ>5I;o2dxwqVN#2j
z<}($J!Cc1|T}2TV&YM^EK#HGq3YmzFpTDZV0yyhl;9V@7yFk!9)dJM>@~O=EikO%f
z0GUM8ajr|G8>>jz6&L0@JZ>VgDoihUou>|X%t>rEu?yG7Z2O>4HPP(^`fxq|xLR+D
z)xFpW9Urk-!1`Clp5@$Ju5#Le9CPAL9I8EUo3fT~;e>TC4vnR!*MZLJDYnWb7fgG~
zv)?eRlOuW+e}P$f2ef+vAo8iY+k!()yO!<o)fcJU>UeBc)L7cdZ{Ri7Cj@E-u>(ez
z7|@>Wl$GY=Z%-Gv^maVnYvw;?v!KKnNTo}1@~e!PhmAY84g1LJtv8tJJHA*cJ13|f
zj_RJF8@ZMv9>CWSiBI70%)vHEN?dLGaP66$mlyNv2=abJe%f+-@+=DTsuj(`yE!D<
zi|-Wyg5H9tCVVj%-nZOw-bZ^-F}K5WBVcSZ_3IJo)eCdK0W^sKajb*=t|lGoFDTd(
z+xyWty(4Xg`db-f)m9rK?uPTw0eL+y;thBaK_VL#wt1J+HVMcPAx(;XGYuwmZ=RJq
z0ilcC@$`+s#Vxi^&4z-#U5e>{`yW|8#FwW7Hrcg;qIHKAX<}#fjwtS_rUZkfd|hCp
zc75SRjJ?sf9F?ZI8J7*?L4-evMZu|t<cPR%Dn4`H@5wb+%JYp?Z!FQMfuUAW>Nf-9
zh3vaJzW}8jyG@3!-p9n+`QO*0)C;5&4-+l{g}RjJ*bVO0TH8dxW}Tc@Xh1$*(3(SQ
z40?AARGIbXjcGum;{(xG4Azx0zYCDlOaOwb9r1whGGz{zZfafHG06jvmwKnl7mJL_
zj%}BFv0;p=#lGPj>!vzr@K;7-%Lg5V*TeO{lx%;-8x+h5!0!q#g+nX35q;_^{=)(Q
z)1gZiIv0t6B2@^@Q_7oQKby55N?@<3f-;;e18RM&K|lLT4#Pa`bBC6}4ab$7Yk(Yl
z)(5{?t$^}?a+e|dR@GSX(bkCQMa#q8{k~FFz2hNouO3ZK8EEgz_pNtVxCp37$wVsD
zO&hY5SMj{h!o5A}p_h}3dM6BX>?`N0$Z6(g?$>7`er(&369ryBzo9U$RR-N+ZY%~$
zC(ClKhTvUZUb}~Z$4nz>rKz?bxDWTfMq?VGINo%UZU0n}n(aI@=D#XlrZTeU8>tR`
zV$m{J+3?U(frK#rZAc3``y+!X0f`{niRpeW+?9TS;!@I}*1*;Yd{$USu;SsxWAB7M
zpG_Q)uquX?P@@~UIa4Qbezav((y+23oK8@o`$K=)TqxM%-FDz2n6j~HVl`a|h<6{N
z^LB08!Dw+fSRGScLqn7&eSGZs4Zcm`>E0d5-Jp&(9T%Ft<ql=3=UKdpYQD6Uttqi<
zEH6?*o12U)jWxk7-R)DSyNC*cEc}wEHhHveK{E5rEZ8;m(&~)zY@^o^Y5D%y^~KAG
zu#|#1cwExWLhWIN1SUol@&8`BkJS*snKR`t-nXg@1UE+)D=W&$ZTG!aYOAiT{R+~?
zo9<sD220>D1NwOm?+p!|OKC(6MEEJY+~b7_RLA(B)qGgU1j72NyqsL5{K5pfeST03
zJWE`Gs@p}2j=WG8bOUQ%w}Pfkw2{Qx6gcg|OsHK@NVpAbdnvLRX%#4qKJMCX32iCR
zs9qdxm~>uFSDM_Gx)em{Jx-A=o;R5cS#Pkqj${f`#0`*q9bCA+dLVYNGEl5^24I6l
zr)fncWfxPjtMSk(?!nKef#Z)mW46M*FL_s9%91V)y`YgwWQ&zaO?$%`8q=a<Zaz5R
zMIIil1$XZABeyrugO8{R&N1}XTCl!0jL#qal%OJYCD0oh@!S|y!*mat61uax&SGKI
z*_)V(?{@r)Oe<tLo(*hal~(994G}N2=I30?Jx9gK@xw8$>0lr@>I_H-O_am6OvVOw
zdiPL#1YY01S<Yjqhzoa}j5F2Dx>u;#MYFBRRp&Xnd~@;n{K81%5<`)oJNs~L11uhr
zs95Cb)$?vTg>M#;V0S9&O{MAGAvK!oOsJ;MH8N`~z-2jenBDmv?Eqm)B^ch@Oy*=W
z8A~J7m1Uq~vwhar&t#*2CURzYMK*1zy-ii+r>kLV5^^o@pH%73rZ<le0VD-qKn-Z%
z*$*Z6c+^5%5ILg2`H&*LeOE}|Pn|Mpr(*F0S)^2_phFLvAH04K_BcH*1_SOpr8~u>
zm-)+ErQV)tj&Y5xpL}`imdIIVQ01#dggt!jATpAr(^5gho>P783W?q3c6;{#tMqgw
z$>u5cqC_|WnN>Yb&!%@md{^+~dG$!0jmh)#Bccjd$C&<832Xf+b5X@A?ra+w3bRRQ
zZRO=CnvV_n##G(>H}cEb+Aa^Lz5U@%bt?|b3}KqtdVI7Red1JRCRkgd6EI0s;*z4n
z@{qAh%6)J!l%?ci=eL65vU1^x0|6egBTC!Z|Btfwj;H$l|Hn&6X(-u=C@L#kL@Jd{
zwj(2Z9kR0{l#EE(dvhGyu}NiTWUqs=clJ0A-|KnwdcS(V)8}{lz5aQL>v@gG^|&67
z$MqQZ%ZgbIv3+K;7EgxS9aFuJ&8b*vibE=w6pzeIZiX7r;CbJppU1o&Dd`qo$(XFl
z<b;P@4N%80+f;vL=5H9#cCDF9jj~uKGYbhwyL|EURqOi#e*Q=QjVwV_7PTNsH-@Bo
zUv8wu0$XROU5o5z3Mk#~x?j<NN*95KZl9sx*tM`AC`-~rZ^4wXXxJ4%e~qIZ_D$I6
zyCpZjkh;@<es#8ZVg!W8sX1j|zL)8{d<KND63$NxSCy|(58g*v3^6J0^C{a~AgDM{
zCVr`0vqDM92Ib`Wwm&4*`8eH&bbU@T=ople!0_yYf2h;ne6Hhef-bv8%<HG5qS83D
zO<bVhkSIwd$G}yzX*9MwJ}Z)F5vW{3t2!i0SPX}cdCw8?R&5T+eBjE{O(HXOnDAAG
z-^T7?cbfAjnp>n;_p~nmSY4(4@5MvcGmjxs(cIdr){91(_^^uUAAS=;BYU#u$<&N0
z`-;W3>}*eRMYF3WP3Oq_7dqSM4Jy}jPah@nl8S#EQrA)cx(NNqj<mquGUN@)kBR-=
zItzc_5^Y&=nA_NndS1`s&Csakv@D)a3pe@;Snja#BOblORF|HIS>NG;Nk2T|!A%tt
zS)YITS&w<bM)5tNJ4265<L+<#9{&4v6y(G4Nz5OKGh$U?e08h{{@n}fq_NH1E(0cM
z{Q^bc&CRTD^FF6(#*^NPfcuuyH`r*8K*^?5P`=xG-dQ{nB3Yd;!S|Cj+xU817vIbv
zQe4|m3SAk3hEH7<l;=<lJ`+*N^$po|Ggae5yw)!6E6YOnq(oxLcJMtuF?@7Q&TXZr
z^#0>ED@xDlkv`{8A|`vAU*P<Ck8I8IrjH)S;BY?*j?js^tD2eD#ru^8>FMz4gQz{8
zj!<1`f$@DHSYiuq;#KZQmtdR`OboHTG$irnjmCgv<_%QSK<S+R`d7QUMEkdeiwakc
zotb4Ux1SG<$Z3;6CcGZMXYAYHYZy+_z;JYtQQb?b`+qeAh@FnVKLR;SYy`g>pE}s?
zczhCA_;JAN@_0j!JkKZJ{%>bEPRMNEJ5obl!>2vTfW-w~L7Ys~*tfmWFrB2~JTw@d
zRMBCBMT>S340gOb-><iK?la$%;#<PYQ2ds@35=QOvOy(;|LO8a*DDtTyYT+-;JpyV
z0^VcGV?J7g+M8k!{{KJlyLab0#P>gh2K0y6?5wxzbjdvzrcaajulVtQ%hF#_<ttZ6
z?67BQ_`Y|I{<*7veh~!6!}%AZ7N{O#4<W<<GOXx5sC{0pi~z5||Ae#u>>M=Ek2>PH
zK;#G9mHn|MU1$HK)E|@VVj!`rArEUPO2rrY)4%=46g{4tdtIi3U=QYf`ZNkb^+@QC
z7JrT@>JJ#n6K>9xd-Tsg{xPBPP>2&6%ET5OS6-FIm=qFvTp%)cTGhBd&Om$!!~H%1
zV*z}i!5;Qp<?@7oE`3eYAx>gW)6uWb`g@~aJNFx@lkd?3-yk_E<LmhqQTj*tp?BOx
z17V3&{~y~Qq>Vp-G7HnDZF+2(o7-~EIMPG(29Pd_31XN2?@y^2Jkn31f{StkW=~kY
zrr^*67txb`FKpo75Dp`sW(5ut5&!JBM;3`1$~F(lpSeTp30Fxa`+(E(q6~OMDBp%$
zx<4iJFQSX`oDkE@4akxjPrtGDt>P;cFOVj3V7{v}=Is=JpYXceks5n1;S&Lp&2{q`
z`<=nqO9BZ;K+rbJ1k!;o=#Dzj)m_b}qusds&m8~Q=GT`zfQzm~EO0p5=nJ$Nvmby1
zsq#mf)!)Z;d<5+Zd+@4-WXENw*=fMs@XsRE{%8Ka#xjTjKoEY>|MDFiv*0tl(4irs
z^TtV&L+8gM0G+Y!PpIHMMj!agsKHZ2pnp-V^P;&e&7Jqs{(dUDXpTa+I$^L9nY+|J
zfR#zuz%G0f9Puar`xG?+$<LY3MKWG|1u?$|$qD*CAEJ=VzmLOn1oTRTI;}&^jSmsR
z`~Hy{)U#GH;X^dZuO$W%LyMA<l4Lb}!Z4+a`bLPO29YOQ$e~2|bs8!l@`b+Fc{&$!
z*8D!yQZy7y&yeb7H|}45oL1<&Yd3MzBj7WbVTTs<iRp!oM&H!i;lF=Egp*Sy$@>sb
zouIK0>6!BKL@f+V=xt7uLVXa*eMG-<USAv>t#3N=_q`L1w*X_S_4No#H5>?+gma>~
zr%zucgLqNgR}^@g3_$+&^$8hf#iWM;VspbqW~zd<4a9&&=?(Du%iL3jJXj6J_ad(5
zDnY;eMIHHe+%6G2;dMIVNd6FzyuFnY3rK$QgD3zKOECiFb|n&e5#ZJ2gtJM?2!`uy
zEFtS;6ZuZvru`*W_ow0VmjOq};PqFzck?SR#;v;&8vk}Y>FEGv8Tuy2Dw5@(BSFmy
zxQWo&l!_96Hs%FP*X|m7=wyqA_=9c1eiU4zax+6jFh1dq)8-;0JAMO*2O3QJQzbY&
zAb6GkElF=3*bEQJIi6etU_1T`ddHxx6U4W++m}p}>u+era?>bfkp9b*@$HZ>U}L);
zEIdiaX-@3Q)aeebli(h`c@4_Zk6fWEQ&}=;Bv0=Zup3j~^AAQu^1yGv2MZ<ozNWTB
z8BioXx+iiGoPG~CEJg}crOqeN4i-0$OT;w-$NFwQU!Q9&tx(hG<@*oNa8m_`+U8L9
z4<A@UUx`enPKxju|0FRPNw}Y7LH4RUlHYVl@5qXA5`dBHD6=ygOv=o>(QlFMYpc+{
zGE?|qc!>1cjT>AX#XS6r9h>6;b}m7fu;EpoQ?yKTU;P+CaZ<BzJC6p~L#CVg|KT|g
zCx)Bx+HKTq9BLQ#_BDEq>3?XGm`lx{63q?R^8WY}Vyf{sqJ5rlZN_%n5tjBYUc#c1
zC~jwa&3<d^3XqM;rPDs@1$Py3EdwCv*S{~j+-|RYB*%E>LcdxB@nl<DJ$pwQp{$OW
zNk$=jke#n7Ly@VuhfPCwgl5MFmU^1*v2HDlOj;HB<a%=$M@Y=1!3T3Dvva-mYHN!I
z)z-Bq)hmpj@<k;tULdl)d2grvd-vk|$+jpKv)(L;gsw1k&(QsRCe$p0JYAcdL$%Un
z_Z1`3xmn$wx5q2pPg4qrm)S0uy1#VcG)pZRiBeyB{*kc6oe*FAUx^xI0M3Rw;YC$f
zpiuu~;rM!Odtm7Jv2={*aUx+n_C@*G%~>@6`?_=H_iHF6uik%kx_HspfyS@uM4a1s
z$rvR(4_hMJ`7Q~<Q<TQKD8As6q^fonu@&*bt(06Xh#mujq=!<?m6wi#?6&u0hygKd
z=LT;q{PE+W2UA1++TxCmj*0X0ZAU%gJ<ZxzZc*yKG)WYRjoZG`M_B2;KHsh36czSx
zjUa}+ZnY^J4XPctX7W=+wfesA_3N-35dLHDi5|Q1LMLi4<c*FW_#f3HGw9GT$kIo7
zE=+Z%sc**lk|505Z8h&PWwK1~F+G%5Q1u$_YE(mS%=b4h-Vh@m+);bBv7$$VCn-u%
z#T$y$T6!!AiVniujuG}<wj3&{DZARbzNMVSMte(vdSN0*#rd(&*;2#UtV-O(8+YpR
zBJpR(wj<;`;XxQxqt!u^_+_<x_@K(S5m^X;*P~9k9FzV1=E=)e`>b9CVs!rquGb9U
zXb;7%10DD!w`IX4i5EI+!OTH2H5&yd;+k6V0x_BF=P(;{MpHzd@No{ZBck+dc(N{!
zRT~tU<+yZfQH4#fK9s61iF6<wEH%)(r8fEt14U1jWrR)66Wu5wWQ#L&V2lx-^@OKx
z=GZ@srZpULTN<uxeqF@v{{a3W=Fy^vQmJFX*IgGMyO1YDq+i!HFiqG3l2%GruU|r)
z{v;52HqN0Si|xnxTg9sZJ&;Bcixm|)fhxP1s*>%zF(2wpOn&7y|LntRn<@5<t;lYK
zt6p<vt$A2B+Fz($g)=N3lyVkvb^&B3gMoCR6;UQnB+W}y(Wft&{&H*@sP~tgk@me*
z-^JLLb`_Ygy?dyEIXC4wB}C|C9a%zPH;0O@fk8@^R#8Weqe)LzM7ltGDqO<^or*j+
z?9ebN6J^ku8j$}K>omgkbn$C4_DpT9!jqwI_V+1#c`b}w6tZ1+HVRbY7@YOLee&id
z52U?cbOeU7^__mw=`>hmW=W-_tkS<4*>Eo%B<Xf^tErg6N_9)O2gTn2zsLsd01Zng
zQ+`UOWDin9gZZ;`oh1z#^9cRZexXOkwu;xRXK3x77$$2~Atxd;Q_^w+HW(4wTe}0E
z9PG`Mb5M%N%Ymt5qPGlsR+BHT@4%nd<vRCT%t_jO_E`rhx1Vxeqtkjr1J&6!*LOPi
zE<~-Stv;{cpiQ*V+BCvEc$X>@)zr6)84#H%Nt26tm)kaTae6SPIwmCB{|y7T(bs3%
zu6G8*=Ze3m^_$+%E|#5aZFC#@Dcz>6*87&@HIKca_5Qj_&Zb|hrl1sy-gom;Ul)eD
zF^{>qITU=K(iBz{b3~XQr*$ubJH`1)g|VVGZy=Ktr&>3L5ra;5>@VFKC|;tUwGjSh
z!xyqw?p%#Zx!$m<IJneP`RYOh<qFun{I*d5$=)|Y=d>@ghWYH9EGX;RnAE<gjePSa
zIk~V)WX{l?6VYR1(H?YpV>^EHned{FU=Mp8muj5w#9UL0WoUPv<LHWs^kS=Kxwx5)
zW`?sv%h;q>bI5#w{9;^V-AB&<DBvSU&w(S;iU$lVasf_r8=)oR(~wTnKQSJngIK)Z
zeL5~xo%>E$0L^ag*P8pUB<llX%&TS;(|XRwDMeH14=tGt@l+>sc7uwL>w|N-&zr?^
zX>XanCwr}YGny|2C7y&g`ud&1AR8Gm7C%cGbI1G(Q9;8{jU@>0-e~G=ycidrcq0f1
z@pnNZ)QrzL!taa}x8Afj9H@E|&G;w)rCYFZANhP}*B(1-IT=o>WS8f#SK+uAgzd7L
z`;_-4iY7py&t%E(=&-btc`JqXR@JrkZ?6kpzB*ITAI7T1S{Y!FRF)JVcVn1UtMH~<
zF*bH)OVi-Sg>-|GG6vcAp=_F_1SHjCcbm-mfqum(n>l8rIB7~u{d{rvrD^FkhY8y}
z_t?A(>oyB>WVe-~=ZBMCv5;eio_-;z+*7{YrecaN3kaY?tmkNy*R45NT$4FXD>Bqm
zF#MW~O@mDRvD+tRI%cE>`tjQlOZTWp1anlKsZ1?&YdS%z6m{#Qh5Hf1?waN7AR}~9
zL^-*0uIf=+tbOmUqm8R}@(I{*QP_-8`?66-c9j~BVO$<+I;*Xvz<tS2y0uC9Z2HG3
ztseRBGC6Qp$7y04HfP0D?Af_(_1@jy5yAqamX)Fsj&Y1C_iDbT$&5JWU3k^AsZFl%
zVZSvh#FX&|M|JaW!xXC(n^F$!>l4u&hHj1)8imH!lQ#S7X;E<>K18)(&0ztqja3&u
zVYvbFGU0Dln+&*@6mwt3-5YF#Mh;kJ{Di<=gz8dNLhiKLm&nD3h2PfHBiVzyo$gVv
z@?JepU{@o@)(ajBz5q8B6Vlx39*eY}@3VMN4$h-`GY_-wOo?*4ROsw|08O%g^w{wM
zZ+ZSyV3@sz?HDVlEN3KE-0O;Lj8YoEl;D@`Jhq*!t^JhEtSB}xMv(ekaY{?<^zQSy
zCVe4ejA@IYevVG&r(GVs{^_iU3f*l`rIi(biDTzhP0zY(RGzq|C3zqX&2quZykX_X
zY9X-n*=D@uMizmE{z?sdn&5}t%OHnD-HfFu+D5|L=egNL{8;ZwQr$c$saf}qamcwl
z@9)m>!TkyBgUyCZ5YdKWT`hS_W#<YjU|-hfm1#Hom9xkVozU>%ipDx_TMSm@gJu6T
zXCirKB+q0*S-W{haz>>a+AhX;?^ezI=0(2U?$dcEmtfg_731G$(G`tr1`p9c@_Irf
z6cFZQQ9K#XmW<$WSy~Qp);7Hp$~6hrHU>rO#iiPr4N74;2m?D=fo8n`y(r{`wOxWr
zH_t$p2CV9!3i0=j{Kt6~)9WcVNRxupjjN3O?z}JKbZ81)vc8|<_YA!A*$|#*g;_L;
zQw4@rfz}b*w5Z~;h04I_Ae#LjQbBvKmUorD<$tZ<8DHc!JzCNKJf%JC+1h4+loN+i
z^VZg!(B583TkiV9_dSlC88*ywY<K4xiZNk(BJC94-hAEdP2QX$YYx*OHZIp&q9f~H
zzcqjRX^G9OR&vKwf>S)@&1XTbhSQZz>g^kgoxLI&UCs5g%82Cs7asOi>6>`#x}!4Q
zPWx+t9`JwVmB$x+>N1@{cTx8O!fv(6G?Qzb?O7)lQJ07*n0&%&f`RUzJ+Dqmj-ryj
z^agj$5Z%GgzuuQQ*Yf=C*Y#%@)It@*4`W7Drg1X66thgUyxHA?5UZC0#trfsEge^-
z^tba<vL!JY?2j>PNb<Nbw!uucn~!SAg}d>3<Qi<rdS2<!81ADJHx@O^^*^P>l{~$Q
zT?=$vPJG~u-ch0W_CQbbz4CWCib&-kIa{|7zIWp~lnZBhdLm-VZHths+NiH@ItDg_
zABsPA@QduSe#G|tM~G@}_n4^!;!_-xrdRJWV(^iSo2OaDD34v!ICZF!7O_$hgQ6Li
z<w-#|yO&wS{gJz3EyI%o)1|#vi{rc<+E<42O5hGMX$*Z%+FR{=h?G!LUZpk4r&$GE
z)N&ys>p*th@F&Y0e)+_)a!=|}sH^%g>zYw>lZv-l(Mm6m(FVoCLXP6WjNNagnZ4On
z(&sqRjc)XrN;huQ)s|}IkSbPCBzN>~-M-tV-9E=$b!W!ytkZtCP4<*l$Vn9`a*j84
zceO*W(FhA}pyhH;!$edZeQ561$2~1TshOxpoU0i8Qj#&98v5M{JIk9__gqXZx0mtL
zwN-^z!_5?wEE7QCe~CO@upe>zPIvi>;W6IYk?OU*q_(r0ry}86eUCYNqAE6XtXC7;
zDsI{6ZgRNpO*bFe!H9=c`M>Ab<RDXA_hy#?*~Yv#qT4vhzmZuj&Y`!ugbQVuxV&Mq
zbC!Ir35KOss?}W;qlxT8-5<((GY4YMx-z9ZoFZFYug%|@dUko_4kF<v#lIIfdaa<-
zlKM3ar&W~&X5KZsnYx`V4zAu`kcklBETYJ+51?Tl*=coHp#F4h6D!zN!vL<BK7tA9
z2QJ)qqz$P$QCS8>?|%AKrY}E;X%=77jX{{bwtAIC>>SBc7X{0G9s)y=MQj;HcA=kD
z#7`r&(V3<f`^6erVl!A&$)aZ^?`kr<>US^x7!jz0=*cim$y`iimfOkddB&TK^sAXJ
z9({rkjTHK1tc`T-YHF-qQl`kA9q4O8D6<5x)Oqi5zN_>^j(C=+$}5D`nSP&;86I2i
z(Pke>=X_{>Qzgw5D|~&i-l2WjnZU2~;k7OS_vJ=)O$5op7wIr&V@K7uo7}WDJ#5oU
z11TKl(*C{^*&+c}0y^zF7`v)cx86F<>g)=`a4wT~MeTM5>zyp&h;W2ONI@_cnR!fK
zyhSONHJ+Qyyy(fRGqvgz=Cu33egeERU3$uCU-_;KQlGT)*|_W8)(O<zW>D7gvha@a
zPaWqtl?3Z-tL`QI#W!!P&4OpLBx8aQam&5p?W<D@?o4fR%sh)76s`Vt>CXN2-H6L{
zJZmqR?i8;r?tB|l{JN?tjQ?D*YNWa_XVF2C0hBEC$=%s&5MsqdeRiyq_k)q8t!t&X
zi3ezBOKA6fOTK(!EnK9YC&${lE$?2n`@qqa<Nq>1yo&!oy!c6(ToB63a>1036nvI_
zP-v%%B!52F!arWnW|}iW@RSng)V*tX)&O@0p@-vbGxcRk2^V>FU9h~2AhyN$(^yi>
zb;->7&t%lI+vs#%UHJL#Jf^$tQ~N}xT=CEJ!P4{QMM(YYF?&Y&qZMx*SwQLBWL4hL
zB5l)eT!!-kgAb|+ru1FqCe+jx5ThwS5KML~8Ge;zA9L`k%jEsF#T{I2Jdu|+ZFmtD
z2Hp9OIwe={ef;4~ynw=tkwsTz3!|;DYjrw3-e$#pS@oWQBZE~ZFA@jb)HL`Jni}aD
zx@pEtTVp@JwQQJIrG76g&J>-cTft-`ya4Y!amkleg10KU>|Bph@A?vwAH5)ruaVOi
zzmOqhO~zc2@p5J#WG8gm`$n_W@J(;8wpL4L({Uio&3o<kl^w7*_^vu#ZWQ9!#UG5H
zDBv`-jIj$CiQ-4YDaw0Gqa1AR3Y!4*#+IRK8jYMYP8@WVo0qbBek^ksTs7kd<XG9Y
zooe%KUUvOvHl(gISI~gnv)(?ry*E)e>c*eK*f(3Cj$9S8n>Ej&Q&r8E3#hOB^jyt~
z<0`Kg#wdT;`d2Uox?A~*cCneSKXHE0r=JMV-1ht$hx3x2;c~uq;EOULeMaol|N1F{
zQ^a90>$*V6nM`pqj)x_Bt>^^yFPR$p%-N0<<zwjevizM4KX=osndE|OFrHrFyw9_t
z@|rJAGo^B^h~Gx?hk3%)ux<J^{k7+mhzDgv$ZH3R1D)BTN!5dH<VY)qFF2zWP2Fu<
zO@?$erRCm7>mY0tr?gxYRNv~gNF9sZWwncGh_5GAf0p?{seEIB$FJzh>PghydP}5V
zK)F1{OSM7ynzE)ZH-{C9YKfManDQL^FF!sB8_pTF#n<3>BV#dYi&RDkE)gGdTWvdW
z$<%Rz0?|!VUy?mntukgZ|8p3jVC6gih0yisgH^=brkDg8VB9|n@QpA%HTVRaMcg4h
zS75twymY^Z*DdE2-klmg<89lzh-;QX%gmYFAFzu<<zZ~mFA%-=9c<dV%r?1g<Wz_a
z?Us=}X{MS~ai3=0gQkoUF{&=wW7QP1*k++Ko8{MmDEZKfi7)fNWUSjaTlviQM00M9
z*O~UN9Bp@@<6ZC-*lNd{-g3$NrS5`fT>cYJ_eci;CuHnVJKsDz+OuYt9%$y)e&WlD
z5EI5l8iLMyn4d(&MNp>AQgflZ5Ds)R-Q~q>lVp|A<!Zw5y8dstmNOdEMos(&RSdu7
zWCLSqjQmnjELiE&jXMpVHk$KmC2=~TlBN2N(K^AbZ-rD;F<Ms2&B^(%V~K&SII_g;
zzigHj;!y|B_4`0M(pq<#Mt`Q`>Iv_;_=&N>`?*LVA7nw9O3u+)Vfqj6LFom85@oT+
zRMs<lekjH`ZESNGqxk*Y!`S%Ek+QnDB~N(!^6^{8cfPW7b3_?;gc<ArSA^yjvx`3g
z^uIW`-Om&AQ?H0>*L@2k=W)y6_wL`PZ)+1<9T`-uUI08B=sPxg+V6Yos}a95rziGi
z>e`rb&ZPr8#~M6hV3AOITUMkj@)4<TzVAjaD{X5r_)e|Qhx=_h0ZzIpTnT#Xi99J|
zYJkZ2^raw5??->eM4Zj5ELRn&#;s%(a>jsiB|8m-$y^T`(?bKt(^A6#uAomK)amvJ
z{$MU<iCmx)WbWf1FKT*HWcoo@GQ4ZSNN~}fRAu}Yi6I6nll3v1$uM53=aaop9fK_E
z>j^&{n)lVPhzt#5yQ5FK${Ju%2)j}#L1vzZmM;Ec4!0p~<M!}zt}=@onFKGJdWD(_
zNH@@zX#1d*L!D!@H&j}8uk1no{DxW-9}<3B`%W)<*}FTSc$lIXK4_|ksiQkPS6=Q$
zdO~HJwa>?DA8ED={lK|Lzbd|TYix6H#Hpcu%2}JVO^cxKMBPH3(^dJS4&QejJDP}4
z=rV_#^-uDB*t09U(meZfKgPV8b~Z?Y76Iq7ZzgImk)yIN)n5iVI|)N~&|BO8xN#uA
zw=BJ+C-U8E3M0Fb;;L0mY>@uqJGc+Y9&q^rHuaJaBRgPIK@XP;=0%$+Oo7NU5haHP
zQ+Q`Wi5lVQOS;EV&uZ}0D@_fMcb&!*nP4|%>aS*MJn!=9D9TlKa0O1O%<g)9&b3dA
z?uNvz7;3AE3}52n*0MPy?+ex?%3@1_1!s!r;s~2>6%YJoDNzq!$BMvBzqZ)#J_E8P
z^m`l?@$y!3Vp^3z{B^~!hGjda>Q}sOmN6C@Q(>^|Vw1t1MM-`_tJH~3QgcLGHSB0x
z<aX(t(|m#Vt+%i^raQ!D#qHW7p0A4Imh(#VUiuC`OZ;p&_U6eFX-2YGUTCF(a)ZKU
z=}w>1bvLXGWe{SP!|{U_dxlPXvz?##{4qJC=A>3Cs@U1<_d?=QblO+$wrW$3o$aU!
zRVLObD%8AbneA&LDB8taU8VNJ%c62}y<~WVw+-MY>&p0`_rJ!*Vfw?G&&TYm8IhV_
zSiv@*Zp2zhs^%(FG-#ID27@vp*b>RkyVxrELL1AAmagBEeSOa&Ibx>WT&Z$g&;#KV
zVLs3HZBPBru9<owJAS@F1<JC2fx(GuP+}Y5?zpg<)lZt0G}4o{M`I4E97>r-7e7OK
z!BdrqJ@~`Dx3QJUawApb4Hcy}$$dm9S|K}>mALZ9bp(Ia*Rmorv!m-L@n+QeGHc)J
zDI*lx&QP#$1qXGcn5k0f{3tMa^A=8Jzt64yjGgLM2Ya}Rib~TdM)OHQ?{9931?h;;
z9@CaIl_Ks`nUGe)%O&Mjhzyf%kUUs6U}-L!+pS01vWq60>d>fdeb*6;N{<_ziP4TI
zu|2J~>o#VM>57?dc$_rftK==Fs&a?>dK@qtr(}@eGUPd%SP{!8<JN0gMRaMP+O-?j
z{yIfjS(yv{S~lYfZ5(Vevnb&tB8r7n<K^Ja*WI4*xW;!5t+RgYJD;Rb3hk>DYda^n
zvTrU{L(YLOGL|NlLeep}OH~}!E`fLKe{_vA_YtyLvb6q`qa16?ol)bY*w9&s?4FE8
zcN1Ap)+XF4U{f?m;?T{|LHLiMU%f)_OUK3;Ozw5xXv9kGyZ552d$P2Y=U}XBn6TIe
zU}G4h&UeVnPUubgb5tTP>|nXk%OU@Ubi_W0ULepA?$!Fnr>cuY(co+_LE?kV^&oCM
zS+B4BH9d2JHZggL@^e&VKhCSS-ndCN!DFA6`rzSvwFy0MA^mCj>x+FEf^DC?RVoU!
zUG{8ehi(~mm%H?Hsh8>J$z?~D?@;mw3Oj8S3XQS7uuUT!w{>nxZp%t}ZDDq@eBU%U
zORt>=-gKcqKc&fn88f!C<kgy)*+kuM_qf6+N6UT$*kGn=0^JSa-@|SW(D8inAAF68
zj84x~@i9nxH0bRHQsbjc2`J+#JdtrMgOI~R?F~#;`^szg>-6cP7i@R$`<&(uoq>P3
z*3H%Y#X+gJX?VQor^;h};Qt!_e7?{nplQQR;!!TGd238nc!CLPX5Wc4ts^QrJ_%#!
zYSH?=E^_K-9RAs<tD-q6CQN72VCb}W(J6hbtMA0QHqjYfDUME26xvRab1I4qOZXc)
zMDCuk)$zS@L6^O(_U-aKi|E`qwx^rV?{okg8(0C38dg5;pD5jZWa{6nFX~NZI##87
zSL_i!+q7(nSNS32UzD=gOF`X5R#HVdq0onI8{byf+jHlX>QPlHS?rfv!kT$lEmat<
z&r;XZe8RGj)}V5HC5F%?l`2Q=YgZ=t9_GDSkqQe}o2wgpkvd$7QClK$dctPj{QxD>
z%UhSXc}ulnvyD2$g99g3fnf*K-iZ_GI^|Y+DULOzlJ?<Y^A1aaUg)HWghXVjFDdgt
z+mqe9xyUmP-rjI_LmK#jp8RUcL*t2LM>$d`jaixb_iqu%SY9fAK7-~Td982e%4)>>
zwpa2#8)F!|rs*t4v7a+Fg(|v6@Uq-0Mtyq5Ev$<muFkD1c`W@J2Sw5CbtX-nthFy<
z-L+dC`CR4kSq8Q>>S#tjUJD=P24&U2$RBL?ZMFNbo3M)+YRNwmd#U9JnxEfQp%988
z2r5f@0)YF?hYK6o-vMRT`sPlVS~kOb_V=0P-)}0mZ&Wgr!}u~k<ZdV{29y=ks75{f
zva!;B8x%D(XUON+G(^j@q&p1Kkg7IkG@Fr;R9sIVRZ4nG^>eA${YAi1x@*TW;##?5
zr=i}AiS7V3e|b}V?eh)NQ=Xx!BBsi-GB-X>H<On&WLqRxN=(J63Ty^y=g?_J=kO43
zz>FyLtkSZ-@y;|K?@R;ELCu)O*vBL6!QdH&()7faFwfG`>7A%)#kLQ_baof-DgfLW
zeXl&CUNigpzy&@xc)qiB5USApKzelS1L;A{t)XXRHc)EwDnL6cv3z)cUGUkayYM0;
zJ#y9!BLQ!v!pp5=TCgUg!|lh*+U8O|s$0&vRfbIy%MD)ulGD-6NppG5F178fYlhfT
zDQ%0N?&4lb{o3|9cUOKdj4B9&6d3l5NHvGCec;rq_w}Ls>61t)U>sCb)??&Zbvv!P
zrE9%{zZDsE7C4q{u~WZ=YUyuzOtwTtjCAn!>b?sbH6}SoA)?XWkUz*W=wJ$xAs#Ff
zRDAj)xivyq=qVqW`_6*qZjW?XL&jpz*aJRG0xe?kCAVTEJGqd(WXmU&<~8n6I<)`9
zqr`C|@BU^r&vb$4YbN{3;%fyZ#0C4*$7J>JG9SFtmb{`i_uOu%@!d#C$b{UKTI#}_
zfZb#5+Ph?Rwt2-|ttnYyO9Mq_`oI+8Et|yGAk%eN8YU}fKn6FuNbv04#7~p1&jH~_
zbG!Z_)|y)mWAX_~+h6<~?lzZGMrX&AiC~|sIX%#;UKubd%C-wt9lpJN<+*Wn1w%+L
ztbK6G9FAD;7bhitqOJ1n{j}5BaxDE6hyNUN!}E&G<JC?Ij&1_YrqwI6J{5`}92FF&
zgE$Ud9QnIlpZeeFM(wU-I2>{P-gwpSYBoo#F|~PxUix&#_29ICo0zznRYd}4vf+>v
zv8k%dL)E}4;mCxKsH}REVi!_2Q@{m1oiJ9`a6kU?{RI)MtNvJTWLQlq<>SGtmj1e7
zkF?)}>$4IoxSp%){?KIPioT;bL*w{c3dff$3{P-i?LxAF-|Tuea<bUSvG(EW5A&9w
zyBU)&O?076wDOI9Zt)BsXZ_}j#)}YW*xB8-Y>oCxQXnQSDwLnQDZ?JC`3Z0G1$+LC
zX9BEXHZe}ByoF)Zbj(d&lO)sZi41Xo)IGGSYDaBvHq%DdNjg|HKbuyeyh^s(ceFvV
z^7CmuU9!w0lkeDXWEQ2KWL^&CWtZ#2s-9Cs&zsIyJpazuztvr--wVQb&gdRqR;F&4
zxp&@+jMp~n(>ruMMohqpTO%#a&DQej-9mLwJs9(v{gf}oS<|D&*UDoNay;_+XX;~J
zDF7q4>Bj><)6#s~`fg82q&JTv^7GKL(j9K9YJ>)|)M<mOXS@#9qA9c({w9W6=<)U!
zjpOCF?>4=qt<E9)s;Oz`%Jhagix^XhS>p^f>DEo^NpkJADe8N2$Moq`*zEb+1BINN
zuVtbQWf~`|wb2ptiotisVCAdvn-vpvZ_K5l5wp^>vMLV=f?_9Af>n@j%u&zHR`m@&
z3xv*W6VL55+Maqk<i36>DY0mCN6~C%#crY}sW$f<h`H}R$uz5e8QNw$4`cUVJ`UH`
zq%-T7N+}bz*NwIb%c}2cvi4oxBZ&j1ZfcvH@aBN_(yBHlb6B9u%o~Fy8`%ezoC3>O
z!u?m>Tj){Rv?{R_tBFd9w!tHMcQrt8vh}W=RhCNOL><DH-y~M{VWFjYHfMlM_GSn0
zFFr5u%GVs(Y?CLvd-XrsBmO9<{5h2B+w93=y>(auO=j6cEtIaEbfFBWc5F+#1Labw
z_3g9~Zycn4g%Xu`f6jfvV3ZMMqKd$iuwe|%oJRCe&X(~HN8VhJ<i6J4RXEbIrWbZD
z%Jy6bn@F#+a@CqP=CP6z+fKSTs<R}r)u71^18r+xCT}s5rfqL&;pf*SZYtmU$It2S
z+Ml7S(aJe$cM{2QVwzGx=5BM^fNZ`?Sy0aI`hd)p4knhkv-L_JDRr~zmGs+_H;=eB
zewKT7azI<SSMXK0aF*1KplQDorB(Jt*n7h6_KQ)D6yw_odc9#TYX%9@i!?wStj0AO
z0V6FLo!c}nwckDXvQD=<Ik9q&{CeU0W=z<M!V-zb222@~*FizOR<`1k__H~zvC5^~
z-H?m038y}B$yC=!rUz2gU=&5~GTE5cRJRF*#${;-r5+<@M~0VA?XD=Rz=ONZZu}@%
zLB9fdh8jh=a9k3S7y~Sy^kmn{tKaPF(=xd&!V)lZB7EQ|^0~=gCtr=v6Pg8kA=GS9
zP1*BwO`gp(=J-)EpXPwUZSU17ie&i<glA_#R)QyKLpPS?x!lX{k63QXJCgq<r93$|
z4PN3|mhMsuW!1bYv{`kbzpJ9JH_d^6gnerQgs6*IwaPm9?+BTJ^fTnfJ8vBg8?B#E
z<nsuAz8HvZN$F&u=t1HT`M3$oYgt6McAixPlD&t9s#gYth>0pkOdV4>{kzx8>yEQ4
zA;#Nla7jq7McEg%Jp?K5Jzb2uESh}sKVgfYV|b0gbw(0pT6NL3G(Ji+_dzb(^a<%H
z$ZdFm8l)}U6VhAbj{>Oy1rlLpv`6h6qSz=FZe%6TI-%EJ$w3`uoNt)KvUH2+v(Rm}
znFpt6{ik=5OCI{{!Ijy8iY*jcZPbP`xHL8!L+%?;6Gus~9yz&F=u8T{N~g^{PG^UO
zf$OVNEr>9Y_G|z84}MEJ6NTf+0PI~Y;WA0RvC^g}P!Y)3tdbQ9qGJ8%jLFrW8hc!Z
zEtL3n;R!=;EX_P9O#u01tRx_t4^Jucw_7rx=x_4+9&@~|dHoOjj{FBU8k;@v!ITPJ
zJ?SjF)2Wed6H^6z(3!h>6=a&llKtv33uKzLP{VFOd4C5s-+vD9KS^Xk2T5esKRQgH
z1$%=9qvYEzV*mb05G}~rVN4F*V_~ByU>174icn#`Pzdj3uNHi02@NCW^($S6ff3|y
z|MwbxpGFXrbW4tEoIGBS`!&5j==k!n6v6*&&L49okcCpWQ6JN8qM^)0c{MP5;yIUZ
z8h`(!AEf$$Y@CH#zp|M}FTc>4^Qd9^8%4mF;=kp2hx#2<QCNedaX#j7lLJ-w`!fES
zq-YJ;K(@T8lQk%vR90Fj@ln1HnjdEOoAcl2_mmW5D{Cll-J`~p1v`K8iF&(!D<K|U
zZol0pyaOHf_!`n@o8Pr6F??HjT%v#PiX<K6EP^y<bb;4J9NkHv)6p)kaPF^*^&q?p
zrLc0E(|qAEB!NCU`3j`4evf8xI{9zV`ky8KVk3GAC<hZ{;7}C!^Brs*$UWrq@jU&1
z%<U#1#iKq)(Nh}i$8pUXP8?<Kn@r}U#<Bn5gL!yfZbxaBd(N1J(}Kc{aGnfeoSc~j
zc~%<C3|xR?|H5FeuR!_B2jR@%=#5j<prPpE34t2E%(Ea{FYUqKr@AdeKRZ`PgxVIq
zGeZj~=RpY4e9sOOI^3fo`8y%O3lUWo{!-&FNMHZJ%_#^Z6yJH?ne@Qo??auA6Yc5^
z$jgOq*+id%G-U$|-edQlliiK+e-v~6y9p~V4!&x6DIrb)(I4{C(^Whc?DZ%68$Di#
z-oQ=J8-Am}>-I11fF^kVn8bs>&=7C~HIYYp4h^VB6J_H13>{_pYxs$KqipY2#qRu*
zI`-!Y2T6-yS?A1ccsq>`;zF#@P!WWGABbK)1o{R5E7^$rqfDeBva^n*IQ^Y~1Ym2R
zy&~W@n7Ik<)h8yB_2ZUL<Ak05URpr!g7;XPzwWB_mdzXLgW%H%XnrB_-~W#d7C--b
zr;L*v^&f7+o_oFXvUsndlk4wXv3rGN-A<3yeAPy)g9Tc~X;3>rS8;md3)juRuZjv9
zDi7Aj*WnJpxi<70a^v4Tz<N=1H6|7SHhy{Kqif0CSQSEo!%q$PExq2aCDtjv@;qQi
z+!DE;KKwsw22MvD>>JI>yrDVt)k+XFTgT^;(+8QDhn+VMr>oE!@duq^+<4AFV>>}C
z5-?14kVk)*tUQAMjub4>%0$AKK<w1u_^MYDZjvPDaV+^socHgXLVfBNOX{R@9fM?t
zJS8;VY3tC)LJJn8)7jwA%HtB9_OvM`k7+c}t(h(PHhQJznu2mD))>a}8~g+&KKXy|
z-dgg2qi)4m@EqjrfCFjBbu5zdDGD9_GI@RUTSxliq-14)P5kJ_lx%Q7$ViCh!-lJW
zFD+<rfHp&=2Bh!fbmoYh3MJNW=fv5Um+c^m65V@&dFHeR+n{2IIU^!T&2JW~QiB#k
zHJ9yIF=>Q-l|VeX5dl&guLDqn4@Zv?zB%~?p@Mv0YBSXY-rH5UE*p!-AP<Ax!0xOU
z3%jkh@SjYdvOQc9#0L?HxuPkF2k%89*Pte%$LOI0Bbb)E{?n?%YM)U$cwD8(cW#Jr
zg07nJLje<0>$|#O=oN9<TN6q%14RfPi=mQ-5@Z$>tl=Cv)q6g>V|4C0R{k8`QlpuO
z?9i8IMf%Q+HZWGJmK;l%I-Jgqza*@qu<*=9=+ye)B&<?fI;_Y3*1SLnT02W~rE7sV
zb9OZeVdk>G(tJsMb&<t`4bD-vrMq2sZX^h#KDntEwE--`^6{eHy&G?ZH^SQ<+o#+g
z4Z43O7@$UdEUR&wNuhwC;AGRDUvq>~hsFQB!Tguzup@!awkMpH)a&yBBeFw`sF;w!
zX;x0>tfj!;kU@-Mn7!mUp?#@EAay~`eMj-u?z5sbq-<xJTv&!;S_3Hi4Uif~bAj^U
zTcG?r1h^&3SXcVS-ZpA$x$<tr1gxEK!3>Us`f=>}vTc3kZfgK9w}!c0Jt{@t_g_iT
z{|b6QnfK6sl@umJe)cc9GA3m~CvYO(6NreH{A6ym+E`Q}6&I694~SwSjaQ=^6_#r>
zB<9wH)O6jh4Y{ncbyPUo^jEo-?@n;I2LnjaCJqF^{PA8vFR7Hbpi8Whp4fi#24&LU
zqrzhBpqOFQxm$;yS!zP)<RNqrCu&enzZyM+${FaFPKaS^G<r`c%ne*(exi>aWonKB
zc$=Jts=M1Yg-CPdEL!eV*ljoLdhhu6S9G#HY^4Cu$RN&jBhN9`ZO6oMxt79of`gqs
z^!{04rJYSWdSR!vpcrslkL)%ZUvhVsGW;6;m}S2`;r;|>M0K-WcWjLPNs0U!!D$^T
zPF*kCrD08_i+ex()K@a|ra`i_+4QH1Md~9*L|P@p?kY`adJin!uiCSt63~fXn>N|0
zv`Nc?l`0IoVc;Wf<<>juNm&5B#UO=MvrLIeF7^s3lk`tRGCS|x4>=d<X$1?z^79{W
z^nt@}(4DDlj{z`DEKAk<ZUJ1pvvLKNF9}b-J9cI(^A;Ue`i>BFaOD$FPix}{ie~YN
z2dTri|H%yhWjXy~x}d8#fe_XZu%>O&A1<t}8?D;?5bHH{p!Y?uoOnhj>o%ZqmX4Wr
zbN}IrG}R@x{VjM#G%x2w2PgpL!CPSLD6!Im(D{nO(O`o+R*uuT<dSXkbbj$Aolvdb
zF$mbjELB%WJ1;t_7$dDdx_sLzhD`!E*7VC2m#iClC*H7R=k~`rPQL9CE;w1aEa5!_
z+RK6GgA~W)+gD)y00td?Tb=CnSmz?Td_sGFCu|77=r6yT-vl6zs&2butFHAGHdALD
zS6iwZK`H8a7UzwAqh<gEMu)jnoxo7?<~uvV%picA(Y%FS<4y)hqS<AAX>X=XFS`Qx
z?S9usm(=0Hw9Ow6%6|UTETBRir&fZP&UfSfDrySJd8D607$ZnOtt9OJz?L+o5!MpI
zyHxSsx}Pyn;2wMVd>Y?Ajb#P<S>ZMLCIc*2=EO7rtujQj%q_EN6jKs+D?{}gGee~|
zUo)RKy}xd~P*nX|`8(N@ZZ73j#Ir2&G&YUGn?2dW$n-1%5zIXI_5{a1zlsV!@cW*F
zVbJ*oQW{G@_UN}nb}J}#!OH9xsLgN{+e23M3%mn?92&~X21x5DUP~shQ*S<C+uZly
zUb8~*eh3h6rNz>%xl8*>rPF#oCX_?l0%^VO2U~;Q6tH)9!OpBLOeeh!2B2AwB6&=7
z=M+*AsyU(HNh%2dtT?|d&)+wDMuXH7S^JUhQ0oC)A|XM>X<l$MBmF#1P@D&f_9Z`O
z#4IEFt*~5V(UO`f%0F<aPoAA+f5o`TpzZc5>#grzq~?3z$$D`uckKH6<{g9G1xq&;
z?D12%uewr};KgX_X8Vsvk5dv4`vuU9p0OXH+utgz_<65L$RKAl^LY2k&6?xxX0;En
zdq_*yLA8ZgGXmwJ4(xWDyUOP#kOTp6=|sEWxjldwRg7l=k`$j=ClChgMlp7wGY)xn
z!7kYKYA%aF=JL->OP2bhA3ZiOU^?`hLpE|>owgt_k0;iRDX5XzrtNo9ZVWfRmc5re
zHAwI34A4T5-8p5=ZuPG}Zr*uTZ3crNs{qg$odnR4x)>63y=#4cTBta+i?ep}a!)(n
zdkoq6M~SX5L%PsfkfBnx^a(XT0%e@VVp&%2u++!i99zjhp$qVsWWLfaf-SX);59RB
zG8p4FJq0V8?Bb~<itN>LfV+@Wft)9+1eeO9EeK@C>aI&w%NXD;JSFdz=e=K{2L~?N
z_kHKvUvk?l4=2c6BvRN*PYUE)^mjL(gLp*`%{#~ud*=qFw##yD55xM{+dEuVE|&R^
zx;@t`R$B`OJ5yyom}QsNDP}q;qVLn$eC6C|25_yc?pvQp^KJvwwYxhT03$_SR(PFf
zum`{Zn(w&iWoZ^$0XPVChsH%APb6c_Z@CY@i6+rL=#G%(iDc64^ARpc2i4?&bS{vD
zpChg<;8w1&Z&c*fT-w<F)*TDm<?kdjw=A7dp%Qi~H1_WSLZGR-<HDxkvMTZx_`Tsa
z;AI!7Vf(=a1r-&;x0)`?4-&0RDm@W#gHKzs^3*sgelln*0_=@o=Gf;$7ISg*6FFtG
zrjLt13)#=#RH@i!1Xyzc-5?_oAjpvhAQ0GYH#2KJ6*vCj=P#whZ`NpBK?&PV%a<eB
zWBI{*XM@^dIyA|ay;{yO>B<Eg3*aG?5TKdA46Iw+UhnGc5zb${pS%9<DGhE}|EuHZ
zrGJ^s;RU{BxIf0rLYJ`~f@{iQ4G~1BnKH4el_rE3dc$;QWWQ1tyb7YEx=DJe8nfuE
zzxDHbzMHFev^}iIAWeI+pjA)<ynXiEdAbVY#<o<kDto$ySIghd&Y$j%R(ACsA!Z!_
zyM+Mstv=e5N_*MmOQGjJKYCqf-Q8E_+mZY9v-!O0($-M8vX}6Bm*ROcnUZSu8b0w6
z@Thuk;ytSe54`gdWn4tSt8r(jZdoTUFnYp2Db^l-9q>4~ntH=Oo)9}Iy%K*5ne}$x
zX05;YcI5ZQm*q<^c`o!Atm?N2adfK}H^;O4cYnxZDpFI<<LO-68j}+*wm|DI|ER4y
zzv1cCeG$BWQb%UJzC0D@E*tAO8A0tiC&f{DMNW8KAGrbw8Ueyvy8T>~bgoQs#he3@
zkaS*NY6xIcsyTOk(9GBOee&#Xk@FOOt&2nN)xNSFS7OZk+Qxz}^Bz5L(<4`1c7IUx
zHUTZBtO25pXO-*^x2?TEQ8aY<OOR%~ao|H!!WknJX+59oCF-%&kAbMeA6$7m656Cr
zI+rzQur<6H$a7Dx==siK`Tl$7B^kCoWEnHxH*$Z>DDO%mb6npn01@BpC@_)(4=<GZ
z&N*e9f!7RRy_p}7OaW7wR+^RU0i9$|iel*}G^>^8qwly^sf6)>Iwz^@ij|X5^&d2g
zObuAwEIU3~9iKaIu8ECUTL54hAG9i+8sCtyWFe+XQuVZz@l`pWkb1&T5z`!QAYX=V
zN1W`z_haRij^lQ<5n5SPbf9=hB45XtmtXSZq=ym(sb)_Rd3wOoy4$Z@bjzf2_$9jB
zA?*02t$+(;WD?5CA9m-B!u()<Oj3{NT>a1Kw-u<1Y>gf(1vpOg8vuIsD)>)9UHv+9
z%-TyYWymaKy0ox4Z#Cs}>-A_R8Nqe;u$fJw&Lx1I+zhDmK6k|J_)vJUIhuhv_L--4
zXfkH@y!o;9g+QScP+Sw+3qU5ncwtKb^qWC@e9eY{C;XoD#lJ{jacJ|@`Us;%FC0`E
zuMt5@Jc;~~<EAliiYkQ1tju#^@>WR7kC(;odS)Dc{&T&!v@`m0GvJ6bLYuEV$Dlbh
zk>SS+k7Em)gO=4Y0A5VE+_jcWRqeY{_3iaF#gz^}jsfhldvtetoxkv6$<pBGyZEX|
zdhu<RoQjSw%feqa#<I&7-?{H&wC#oV+5os23%5~g;iqh&N!r!8y*2;aKnpF(&nu2K
zWL_;ug`VmdwA^R3|H{$_?1O@p`2zPhw4DL;uB&y-vbG{T>`Sx`LzjUMxL|>yujgai
z;dSevruyI_M#4<0jAL(6G|s$<k}vuI-_&ahscVU3{u&#oQ|?@Euf84js53v??li*K
z0khx$-lgeIj42b?Yq7i(^ybaUuv$0p2823$^{zD)uW2E+%DkUzd-*Mb4Q}^pu^O1$
z;F`#kZ`ysMz%_~WNlE*pox9sw68FRxQUp?%SuXNQFLudpL!P8YnT1Hf4VdP^b2-&D
z8yfY=i-AC}j+U9<0oN<FTi_8eF-=nNDAHYvawM#4BhV3WzBK@l>as@6XFV%Q1lJ3g
zmdmoY8v4~Gr|>+}y$I~y#-L?0c*%xBD3#{!4hmrSHQM!JbHFW9O(pw@$&Y<4?PjNe
zxijh@B~ba~mBY;%bDUX2j_MCr?mB?SJ%Kw9B+^43p{_pSVV?uJow1sXY3zNA!MsaV
z4B*!6Yj$}(2dF>KXz;E@T}OTfTcKeKH9#>8WYww=hureu)u4CasSXJcexJ9pb9R}E
zacKDB%R4p!0EpSR45f=Ea!-Z>zR=(@>Ch(~M7^3XUvh)qj!{=_hh7f?s6;BDcFSar
zn4!d!;BNDXbu*I7$+n0Dspr0GY1!0uT`?IH>8iX2(2e(@7l=?f)HbSmOJ(D<Hja*^
z6~O4@a$LDU#b=)Gds=At8I4&%X7dCwyFj%MN%rkHr&$vS^w{nyb`P`ESY|f?fx9+U
zIIfzP(z}-bg3Cu;BKtPNHFe*61%Ph)2AYgF1Y1yUfcy}`GgW`u)R0>9`gQPp1R~N;
z;xyqb&S!@9s`~oPX-i<HWdEGut7>D6L93XCbMo$(L$bAs%y*v0i~1P3-I}xGU5c{4
zrS&rJ9e^dW0>I~JdaEpZn-Wz@s&^)GblF493~mYmyyG{qv-kQ^aCNCbsPp2j*fE99
z(f3{*X#+1_HsrXiOZ5XweE#_jz2Q=uwA(8UpI3^jv1}@>@S*2pGMtZl7o5M9gt!fq
zeCWB5Y&jdKuE}VYrCXhh1u1SS(j^aa*OR`89L_E`aZZjJK7VyFTAY9l;=*0$35)oX
zU<3AoTj|M*!Pr?P{)V|d42-^cV9QBLQgR%!!$K3rlGD@E>%Irj@HYW=)*UO%^h1kD
z5Y%<b3bnwx!0S(Zp)$2K6QDNd@(M6{-YoQ<4oE=c+45#I>)6p=j4PCz{iNCnc*BrD
z9x4Ywrj?YawF=I$vc%d?%g<+`;^umD!p;J_=4CY&9)Ml+3*7eaY|9-2NF7u5gK~Dn
zNWArZ>_|E9MmYyHg__>?z>DfkpsEp7{-F&(`;O=1&uUb=VaEZcUC8&(ul!IG?*eCl
z6%`68nc}K-xSm9%Mxe;fHHUCq@aqs2<Arl_m580O6MRgCGkv=rK+e{(tu0zhg|3GK
z0k_0qXD`7u2{98^7*L(e_`xQvp{{Ys;6g!9H>iaK&-5ntM4-zzN$j+5+e}Us{fJ{?
z$*EU5Ld$JPH`ABbSLX%L-Q~<`eUOO29l^cz96D1Bk|DLOD25LXI}KG}D^S!QzxeD$
zA$KAiD5~##1u7Ru#0>1JL*ZTN!Rc2mT`p>>vUgTxT>a^B{E{(RD@QHw9`ydsY-+@x
zILbI3<MHH|8;9MH>Q}y!KV;}|l2DoRn4nc)>z5eVoX@^XT@aL1WE?jgP%l!qw_puJ
zN=-F}rr7AKPNbePO(XidH+SbUbR`8ryS9oXWr+2Hf$Q_QrM}$lV>lIdsQnf6%UdsV
zld})NNrA8WK{v-O?b8)l{yx+voKuz6oY-Np!v^|@Kmytz&)X)pP$=U!qy4uZMadzh
zqV^BOtaE<DEz8WnofB<Qq<0?yXHvuYQIU)NifteN?z-Q?dAZqxUDF7J4qW3JkXmXX
zSDpPkl!tseF1Dbfk<K0F21Syu$wQVi`Ls#W;NRv7g2fLH%s2HYn9?a6Vcejh*7ZIe
zeynj#9s^lrHwI9coOeLQ@C4#T9yDIVW$1j{ypBx$U#tFKH{S*P1HZ8bN#}c6DAoc&
z@$8Ml1&rPWA1*1O-x7fsJQT|K9P#KEtkZRz=k0;C{{OzW^6&1GQ2n>V_oR{VEc5M?
zQ{kLo+-(`)?RATzb2>2W4x<l!@2^-*w$a4}$T)Z{0IiSFZHG$a?<@oRwFzdDxe&Gn
zATW+)%=1(Jj|h}EP8$%Ryami=xIy0@csONnG)}M#^5y?azTbbOXMu)#0#jgc{(1+1
z#u+$0zK)yM7o4*p_V~!(8B8n&BB*k1x0ephI*Z3LZu`#Rw$CfV@c-C8oZBBEHU4lX
zr_lUstmiGWqk`1yq?eA+K7dB^f}H5rC^P<#0PRcM@dXGb+#jf*Q||Ez=lgydebwnt
z%>93k7`+3uR_RlNLoK|p12o?I;3R4>9sTQ00POEyVIQ;B<5dU7T`108F{n`bdsr%d
z6jEDi1R645a@k5Uq+UVGy1)dHhIlpWn;DVl=zf6%ot6UGT;fN+X#6kuk|f7`s0eTB
z$oAUwy6&%*Z_*0u3K%wqKlV-Zlzhiy=}xmbgl@6r?tGeBK38m1W4n1q8KcUpXx7cI
z4aWm-R?&;TICAvgAF!kiuETxr8nAO3+0xKoI*G<be#+ke!T4{R-@ejk3&K?7of^z4
zua06CeerRK7_@G!EIEJTe>;Xgy4i<U+D1d%cgB8SNeJ}kA1%6gY^i}aordARXK^rs
zXc*L7<9uoJnQ>ca`0yC0{e0m?ng5#eulaa<qX2VP^I4eQv~m!Cam2&pe1q#KZF-$N
z)uD4g1){;LbzJ7h<4H5|012$2<}DdWG|O-F_|-S~jUmIqQX|&R*F%dFZNs;wd+tm)
zbMN0azmb#joX5~qfI(lN_#=B7(1McOW9azsQxoR(D~GN1<C7EPB9^Q=LaM?tx1bK?
zPXbEL5+2$&efu?NE?0wTFfSdT7VSn*=OU|Rw-24Vk1YMBqu$ZMgt`11U{gK5lS71A
z>``<+lrU>rP;)7U%__N42B^crbD%x^z8=M)z2{%RksTh29+n}c7uDH==rSdz)p+RK
zDWwnSa>lS)i3RlSpM~QAzAPHX!{{RV3gUrBJ`0{()Ny^h{R!XYV?v!@o>kV%U_FY*
zczty9r#K%X>Tv$4|HVIJ*<)hRN~gu>H$93;xu*_ePEnor1lDo<<hisH!wbU@x4ytD
zJzH_C?@FfFq3q^J2Ce&}y;gbLC&2DOabO{qZfuKzhw^?qMAWh6yu9-b+~$Luq|Q*Q
z_(#wX!n(GHbEv=n0f#<HWhp-g7I5knM5||o?_lTu=h)&%t+R-aTR=>CRq7RJz1N_f
zu)~9X{Ik6=v~2=-DB>SxF1o$?j4j4h&6PEe3Y5`gNAW&i0ffC-6k2xZK=Jz!VViRo
z-02jdlS9-64P<sf>(JIOL@z_!`T|LJ44O%}BE+k=YE>u?<t87|175v6otz0B;>Wl{
zoPx6DICK@$-Vlk#^z=;fw^mLKYOOK#LQC}+gpSWJdBf2|ziN<%HiM|Ij!7p<z22c5
znidB%t!-;n_Cu#ds0@9fcHZ%>OMu*b<i)Osvj&ycmOr&%W#r%k!E-;IOGtVD!dSMy
z7z<ss&<ZhD5RS3>uibcXIAcLO)5mQ-mA8655{Tei&{`(@CKn@qm(>4R*aEccp-%_1
z9r_+Y{RsmxIJ$5vo%qn*&}o1s6Zisd9{W^ioK}4u@Zn8XXhNSmWM?G~olq&*14t>@
zba%eL54A`Ee3)Z#*m(ti3^-s8`25-7bC8^jBLK{S`8v1qpBexD1Lgmt?X9Dt-2R2}
zV`5_=(ke%g78MXlj{*t;D$*q&k^@phgNTZfq6kVW3P|VB41$ED^uQ3x2uRG(ImB=8
z2hY9ly*y{F?|Ikn{o|~47Cy7%)4eZ2d9cIMC#^2&EP&)wZNQ_B`P#~4bT)E@pYuKM
zp-K+=!gapMLZ03qp!<I=`d`#ua~o0<15Oj`Dgu;-*Ah@~-=n0QPXj@<`Kou%LfC{F
zh`m|8oeB|^1>wR@%&_uDg**#Dj5Tist|E|h0h0DFKvrIP=Y>q*y*K^hE<y%i^+I=I
z6!_xq2?!XPtXp?{H+>6#J%b4Ohh%ZAqzpLj2{}lh%)}lE)U(F|-8fSfdey2^Y#d5b
zuV|=>=b77fpu+L&PlzR;ik)fH+`-xRML^M#ksG#*N;R?lzeQ=kL_MS!>DbHgs#_|U
z;Jr8B_8KA|=B^-Mu;YF~EfY&1>_L_AWe0(U0icN8b?Fl~*!*q?6ee<?_<HxEa-s{A
zCN}p7{Lj*-p6k9U`GaNF;%DD??>@;<xrb%H_AW|@FJs0Jpx>HlgL=dx`UW%*jA_AZ
zSV+@vz5@75*|XnD*^s513~qV%8-lSC_qHHZjM*X9&_hg&YY&TKiV}FWAp91Wdb+M6
zy@1Y}=F9`9q+|28DunSV5OEU0q5QfpOV>v0?AKOejJNDP#(%>?EuBkWKmUOwjDU0Q
zP{%W+>6E<W*Db!7Y%!m#l$~^yo@Q8b5_@_04l30BKm3-3#zihqF)@V;b?K$iYAG6`
zamgSYTQEE2!&d)GgXYkQZ`xjRtnR!Lvy<$DGEI?7qU6<;*6Fz<G0HW8(pmE*m-Rk@
zmXTIY*V_-~ihlfjeq`jkS4no^ef;Q!WO;j=2SCr!+bf+$q49@h*M9RvQ*Ys(+WHU2
zw-Dc+5xvj9LoKzCU1F|2TPApK%e!sV7Hj<KrLf8-GtDuPo)`}7ICq`+d~481%@6Ov
zF^?T`$^HAc;_SNX(P`!nuPsLpX1Hfr(lOxNM<Z2l4)qjdk9=Qq$0!uokX)8Q?6RBH
zh|{a!s7CgEj0@#SSnVnNnR7~>T<4VKoQoDp=gfXQdct+ik~AzRyoK18=LD`aA)_0N
ziq;B<*8irsir$d($*VddPIMUo^<SDKmrU=!wm<5%<xmaZT``uThh%&1UU%V6yiZYb
zYBnkvO8*x-HA$qjJ|w?9t<W;WM;n?e<}t2O=&|ZjNR4*&^IZ7wv9c7@*PPS6=vn%1
zo<}Y1#zJr2$yA*JZa%%@GrFa2qPoRSCs*B;?-aVsnO9^^#TWR4d|AAMV{a6NdyP*k
zCtqW2K5Q1u=eiM9WZL{bXTH$^4B9SgsZ~vGsoYzc>nRzvwnAFaPSbVIxcm8${cxd!
zSwpy3>u9@0ZA#_L@cNAerRZzwX*!<{M9fpWa~<Q0D5VK*J0Iu_PY)^>KQ-ZH=^g1v
zZNAa{F2dESG<`_8&~`BWD1Wn(<IyIy0RQntqlZM}QrW2Yy=wFf*&vn8-~B_j@Mcc`
z*CW;O7$1#2&Z|%Nn{{Q;nUUfZjdPV^E@?*EWj94#a?TppZkWR?c*M_x_kv=$XU47Z
zAG1w7Bj&Sgl(pGh{-o=#b$z}pWPP6Rd}Fe948O<yq?q)#J1tFA)I!u(trA182I2}p
z2YGEw|JScy2TDB^!MrkVkNNb<ANz?n#@gyi2{*m?`+<<eejP^Ki%l{B`X@70TXF7`
z7S)^gaSXWqTi$}%QWzqua-Dk0n<R1qo99Kk8m;^Xw_L`jI9tKU$%Oe%{i|ieWu@+w
z=h73#*hF~e3KwRYTG)v=y31wl`>U@$oQ$KDy7o$hqcyupLVu_77|qqYBV*~MH>B1k
z-B(G|bJK%7wI+|!N@g0h=Vi(!iPoh`Qp~HAP<JqATZzbtjd%6^-fmBvB2~Bi@TMjZ
z+o!Yjj+60<Vpo4e_1Pu+c2Ymn$GE@5Nv>Qg%-$6)VvS$3<skRxiO75_an{Z>H0~}n
zGGX|I>7yr4wgyQZ#W;O1=zO}LHe~pMn}%z)^~CTX+txNo^Cer{eDhj*>Dv7%xov*6
zlC19Tg=EU9H|uTZi|Tay-KmPp6k>Y9fe6f78^hk;GDBorS*m3Ep0N)p7xR{T4{jlX
z=y$x2FD~E@3wJ-MgBRT<r7t;*UR@=HI;66-jg@NPv3cosY)(aUc9N*#URH6#9+X`8
z#eJq#u}nD2h@C31HGSAGrCXz7xhD9^ND%(KA}3bzbw_&t&A#hz->To!sS*v2VjQkK
z=2bx3=bEr<pDuTQwdb7loqI+6x`jFQvHtaSLNdaZbSEU&hhvOSa0LeKt5X1D%r&$9
z==+PYAxodBuC@Ne(ScyEB5DDBLM>h=glZD3$z*&ro?QN9Z`~F48c>D4j2jy<X_b%>
zwy`{v;k&OcQUBf=zkX@)%8K-q_;(e~ps;k4X?+2ItIh+xJ$A{iiFvo~weoA@QtBfE
zQ-&&Kh_aKoJ<~GZ=jz_;x8>D@^scV#m8qI*z!hp;T)P!nWIvK+FBfd49pySsP#&py
zw@oD>jVsG3&&oYfod4VhBfsIZ`b$)XIzS(i4HsGqj!?;B*pK^}D9X)weeT2LQ?C}M
z?|{w)Ba&FlHYSl!>we-)`ng}4<gpL+g>#l$aZw?3b15DocgTz}G9AlLPVq=~V~m3Z
z*|d){i)Y~9;q#I#od25Ams&P-AnUm`0lV_aI|~$jzoE8cL|ECF6kb(^nGohbsjFXp
zYqb@3E0-iA&6jl|UDrZ~RVehjN7AkbRmT)gcrJhSF_sqUlRIlw=S}+&6C}ZE?Pm$v
zorDgArIYY3-#Gi^s>T-jd-p}lN;|kw0}VBMs7C4q?cT|m>z`9;6XaNX)hJ@itBxZP
zhHr<=i3MXL_7m=7b<#HXzOT)an$6W2&h%uGKAlUnCsoZI{fyhCRf&6FbIN0>U8J@%
z^9%X&HfpWK7n<O&i{q5x*6>`5x*IKEKb7sa*3s(G-v;n{jJf7MX9`<gt!|O0NkhU(
zSqAKXuxX1M31{74Kg$Ll2cMT>%Ca2$JTb)Erco}kti%h(%MQ!zw7xgmk!KZSK>Xys
zTAW@gZmY1<aTed%=ajwgs+=@F`iZubqp;KwhcO_o#Q1ppfwG&rw08F7vJ0=i9wxJR
zY4J<oxz>wocYl;fScg?tuBkbsHj?G^Q__0<CV)j+a@Kx7x&`nO3ampJ0g7cf<r1KP
zuf_^Ra}v${R%6_!o7*TZ(nCF6*(0xl)+KV&*G@gkI&?t`zqWQRaSo*M+Z@9_M|buu
z$}LGevN;rzjB{Zy@k{AZwiv7y%=|FQlU{O*m9;5qb%8n&nm)E(qQ<LRlvA_pFRjA+
zib?yPyCk(|@8For!Tgo)6YHlA=2MsG>tbys2uzogSc;;#gSx4eCL=ed{Ck#<z4f-K
zPp`~&AWDekc_^j(cjsOaS<p$hm>F|nlDR)#4T@NTZ8ZB&J<!`RXyo~NiLt4`eW+`=
z_DawyXx(C6>)+Qsx?(I-1>WT;*1IpR+(}copMW)I8<y$!8}6!F{o>x92Q<$vc|d79
z*`(H5+bBwPDcVgJ?h?&3Z*`42UMXIiuKDp)%KTZAAu->~&c)W!b*a$fMsi`5*XpRB
z@oAS?eP9v<9oKz|Y7(%sLz95_IWy1r9zg2~o!;ljzRw1+>vJ9JH&|}d*4zj)xaja5
zqjyz$WQks%KSq&BfoYxUy}rM&qwd*wuf`D0*>y&0U74X?%x1;ulKlhy8OrR9;Hg5Z
zUfoZu^=^y7a;+6XmOR;8`uQnl(-W58hF-BJGJXE&azZrJz+-S?A92?SRs!CUn~Gan
z(JP7hbgKyaYbcu7D_0UQ%FsAx*Kw?lUT#thH+jindT2%|ZvT6|L*L!kdo>PF4OeqM
zbt(rce*hV-*Ax9~!=57dY#f;~qPRa)`eEmZtgi2C20RkQXG$FXP6zpY%umL=*ElDd
zg=atS(1bsgyr`8shU?dUt(g~XRyL1)lFQB0nCv0)rD?5bqFCs)gf{;Ey~A?fFNJ0V
zO6fh5GJKY*s%xZ=UpCY!Qr8AxO=s5iK?Q3Z5@Uk~v@Ko8a}&>K-q1x%Ze_MikjFZ?
zjq>zieW}20URt*zzH_?lPV`N99iYyptep#19&C3tv}k-8b)8{-DrlWM+b+RX(p+a|
z#89-)NzF>UfA&?7)%`8jF=wKsT-H~O50V!%jcf=xME9`?o-u|dvK!v1)GAkEy}ZtB
zE?j7ks4=uq|2C%8T1FPL{eeKoBW(Lr_EH~h+!;L4)yjc(PB@9iXso*P{5x8fo){%&
zyqRA6r>;B?t71L;53dWEMkY(Z+Aa<o)$A_WM`-L=3lvjJpx1Nxn4&JB;tHM&s<f>U
z$*xk464%`R34bQ&Ed}2dqM1ke^R8G#*88;fiKokKVmBOVi=tgPdhI6MKdsTwr;aiX
ztCLwTk1Khs#V21$m#PEeI5%Mo-Pt5SS9X3MQF7rs(3=hCftZRLNn-L!#RN$OQ@BIR
z0{lzWw22SNeW%X2EqBB|;M_tSj`sZI)@YgRa>0{T^QHAFeqC(NW_xLsUrLk4Xn}Ll
zgEhCQl-~4~CPjtQB5a*2r7^O%)bbX3boxi#i^_By>Zc7gN$PskplOW6T_6o)#EvQ`
z%Vkirm8H@S;0LMQr|O&+`V}-p1g`Y@J;Wr;-)bIZ9d&oCSfxFB`D?_Mp^@k!reTNM
z_j$(DV&p_K9d4^dLQ_tFlQl-fT3Nh60@Gbw;3hmpTwjT?bu79xmn<OMnH;eIWMVHt
zGz^`l5H}hEViW)({UK(%Uv$^1j#k#ak+!HW*-B08&ZRnAMY2wd&^3MLJwF>BeTB&X
zOGP*3)k92f+tl1xXN!PI<DD?`rPZo{ulAE=ecJQ=c^+2^7y9N#8XX)%-{#M43p`dQ
z;;F(*5`UH2FMG>Juh(v7wf;kZ)(*><UR_?%5-Z&+^L8_HB=_yhF>6%Kyea0vU&-wq
zm@*s_HL(Ir2x>J_7S~kcjDE-LMU0ZE8Yuz)>3iz(haUEzhMFv6wKib#@e&_TW2%S9
z)tyUyO;Q0t@x7-mvRodm3nO{-a|fBJCwR<Nn(=i0@Bt8E$r24fg$O$j6kgjcjb;E;
z9Hus)vML%QhhOJk1)5Vkda2N^vvs78+L5P!xWI=2N0NCsvKIe`N?viDFK>%t1nxtF
zHV(*&u#hm<1ShN+uaJ8Yyts!HMKq1bf0mwVWI>m~(yy0Ov5hul^<?x+w>eQGUs6<9
zkJ2}jo>wbv>R_3-g=jS%cK{fOiqOb>E6Tb`^@;0$JwfV9o2nmlnzx<lFngPtqV3K)
zh}BYy)CQDbLR&rDpiTEM;PhuHzOAE~xydR(tk{(lI>%7UhyhV{sQ%Vj-`~-TCa4o<
zdG2cOup4d4vn&O5!OjxEpR#S-ildcSF?IRbj4>9Hbn;a8HTF*+hNf!-uW@JX<mBXJ
z!d9P`H`4s6&?=seH45fi`AL|cUR<8W@259)X|;|!lLq8M(sUaU>s2rstG0!hN-Ob_
zwRc{_nJ^sV@zP_}VcBw+`-n)i^YXmZdQqX}QVDBDFLlYJa^|tJ$T+??!fHGj47$l}
zW;<m{{khmMpMK6NnUpjU71~u>*gkwqFTuF70LTTW-cdbJHS=1}ZK?g-U6!Ue2{%(u
z=04%O#Pm{)V?A-}Ab8^X<<~jXu*`9Wjo|xy0S~awJa$+nk9X~*Z%m-=BihyV_N<px
zT_|;zTXMGJ&@Ym{<M2)?^r{}t(wV{Em$$~wr0JNZ7hB)q5ZydVnk_@$uEW60q8%x+
z#`F8Rz28*@nnJiL?J(@m9G0d(CUFlgXmB`JHzw3}(#%gN0yol>Ak`b;!6fsxw`a!Q
zAx$#kI#cc*0zc2AJ^}o)tS@$vv;ed>!Q+lN&779Q$TW3%ZXw}$R8ehbwa2m`i>O<M
zfhX@0wOk=RB*xw0=Y!?Un(xsK9RcpDN+k_O3_mjhjqy^;3)J?L`}@WCvR^wSH^qHZ
zs`Isj=GF3zsT)J?u2R;EqR)qKDUTCg53Cs_3#j*|DgDR#J`*UWBA}Q?)XT6lp){=|
zW&hWXHUnR#?57tqXQ>mzwXq%BWWLV;>-6=OqKkLafc2}kU60gNkXcFFC8F=Cy1lFM
z<LS!7d1D>Dy7#_IYVkT2rS#xE`}^#d+ZxI&czc;IXAl~r#I*0<i58=3FYO}&cbgN#
zN8wC6q**XQaW1O=#z$*4qmK_rdM{QoJi0Pcnzy%JwK{JPp=ymYnprtQ*qVzrV3@&^
z+R!<&VAm`aO6OHJXMF#`_MPdvMd5wK86^-akay^sb{%&m2Y4QBx~6xV|Fs)9e%%Qd
z-X<dR3g+U}gh($zy%W6k!t2NEkch*6CMnff8uyOQBr5z(hAbec5P7}da{;qt2UZN9
zHW7)I(4|o4!e*Be*q{lIb?{wX{pDxVtA~L$tF1i?y3Ojl5xAt-DW^R;x4MTQ`)%fJ
zZxbk%qP&?`O4G-yZ5LXX=TT1$Zw0cu>y+5ptr=w8u5)acGSYv%Fu_XcZ+Dn5UrbqQ
z2$MVT`fWi&jPgQhzpN@CGdqWXp$Pz=$|*9)bNFHjn)m)x_red2Ra19$umT6Cemc_1
zbLF!1c8)Rad){jxkg^(Qrtb)BmAev?ZlH=aXE-XarJX0>^Wf;>ZxEbGZ_OI$8Fj1}
zDHmLJ6;F38BpYTPou!ZQe95nue>S&BH)<f(W47{Bx$ER95L~2r%zt@vFc<`AgJD!%
z0|e@dW)#wk)x@Q+s>`W0FQ_S@Cmo9n*~^w&>e65PkXPS3VNEmdnI~huzWiuL{Suf%
zNh?aoG9wXo%`%JH$JS@~8>>cy1q0K^x_BwZY--^2NHtqvJn%c*6zHNo?mPO{ch=;u
z01Jq5UJg4HO2ft-b}=w(lvwFUUu#iyuDF3%{>0Dsk~RPNeMZim%f~d|L+4&QXnCrA
z%!5(Y_{)OQM1e=ZGBD0__q@dIB~;~}a>{eA>lo+{J(XW%I65t2r6UlQBI)+)ZlV3i
zK-+L@iIY8%#1+~ZSl>e!(9G(0TOG9b>6_L}n4jC5s_Safy}IHzC^waTQ0fR7r&ODw
z-RU_r8l&8~6F8&}>Clwycz&e1g+REfm5n90VJfq}<0F>}oUF)R+F5U{)f4isrBes)
zRJ!~}ASUl}7~WN%s+TPc#^dE{;O1?8hr6p<K6__WX5VD@K09jn$%&sls1VQ;AC(qp
zBNcr8xTb&b4wtF&O6}0`C`vIlrs3l)&V`;dN-xFl550Saa$-6qF1hvj(U^6OOj~2E
zn|FTRZuZEQaO5ZRBp2{z(;Lf3yQ@xB?^pL7|DjRthO26K7x84vDSZRfRF7mIY6$;?
z<A!t|T08Q64Jfj+Ab&|)Y*(Lp5tVWF6+^}W`Rh`@q!S=^BC7ym*^W6{t-YuYdMuJT
z*<o2UaU~6j+-4tyxsV;Nub}G87f50)^lIb#h@$IY|9yclLGV52aX9Mgch7F*9$EZ7
z5|07hQv=g7A`wrqaj1&u&ASbzk2a9ALGpmJNE%1PH|;M}UTFpyXe6~iYwQTV@OlT&
z&f+V38y;=*f$EXv&sh#<WOE_OmD{!M-`i<Wz68IGy#-TyH5s}G^+`vHIGD_2XLKq1
zCBsuk(?HsuV+-EL=TmOmYgAKe6_y;pa)}8ec^E$Q3I|ZK4k%YZJr+#J!VL4A(SM#7
zxhu9k>JA;G26;#gac!ZLC#Xj$0U+sfa<fdiH~a7MpddZ=*1;)H0i1pb76wFFdk&(~
z=iP6=ah${YNfLnlxDCum9kSNTL-LOQ8xdZbAOmI1yoI=9N=P!(!nVWZiql^Ju#Xkv
zYeC-s&BOi*_KsL9bWc$CcN*bem41|AXQ}yOpuVC^8YFHe58N?I+=m)e-1$4nyye&9
zB#5<0m~yf+w^)!zrM|Z?LnSUL9LnJ*(3BB%-P#6O)*j>q%7{X-dp8px_{-fd5Lz(N
zx)sOXk=c6yoCIc(y&P{6WlB&<@vJ_yQ>$OrY~<vBx(Su*ghse}H+{^_0zWt#1whvN
zX%Rgcxr9LMZiIEe<1j$Q8+wQw=gaD6&>^4!!>UagEZ-YHnL}L4z|U`4sw|)vJ6OTX
zfF!fxgbk7)uZM{<$Bw&7n}X&L7-i3Xqn;pMf&C&@NCcU`vRGJ2bU<D#kp}%lGVnwS
zr)cGs@6ZDFxd&naWf9lU7b&9hQay432HbfH_W@W@<E00epD+I=gbrH3Juu%Hc-tBa
zD+!Koh4(#adP)_&948V&)AIUHQL+`1f&yRbfhQYLPtLfJH6{|+ieZM+OA^VvzU>@D
z6|86N;YsQ;SPJ=*%i&3^;7NX1N#ue8s?8fnPyAl}|6Rfxl)Th?d{TpF(S&CS#%PGh
zq8#N9uLJNbxIb-uSgOsy=O@0sh2qY{yb-njrtH@SN&dTp_vzsOhjkAi`~H(f1F3ni
zL~0&7^hSZ;+l*E(4}^jl{w|NfXVUywE)ZEfk>hm<)cWKBPIS)07onppdqcTdQ4S%B
zURocifbbm~fH2#H<l}!qwGS#FGFp?)fs;Jdgsk<3sML!}Ki_CKKBqP(>%4*|*8)(U
z#68aRM!Ck8t#2U?fb3Gk6`K(5FK_#fgSw;>u`I}`;;6i}ukg2JQR0)t26m8zbq$VR
z!dqbyd^5CSEjCV6MEQ#!`R8m{FBTQ>+6eUmFTCOEhyK>LLQV&^QefhB281Qb#PG}V
zs6Z|Ij^yGiu#?Ll7-99q2MAQTLYrRZ&DaBfxdhdrMj6gqiF6cR@|O;{L!O<e32J@A
z-3ySi0V6bckb%}eaW(@2XdCe?H##FYL)#rFTVBOu`k;<RndN3C*rNvIs=P$<=COEG
zMCT(V8c1}09xGAlfgI~O<RImPx{pz@$NuL=oVhr5ae4iZKmJ%>CrWj>{Qb)Pc<=5v
z_f*}_OnNrWj-RiudgwhKE1gH$SCsF?7`Ax$a3$ZFX7PQ`WnYNj+8%Roa?7JPXU=eN
z3ot%!%I7FukkNS`d&W1*f9tjy{<HfkEYDIev`$2qGZwnKB#$PICSAf4+3fiiqFpHy
zp38j`V(X&A_Vxl=EldoS%92x8N4QPMSqeMV$6&4JH@B^niU#^4Lg<3PY0u9->z;Op
zYxW=5b`z&8pEkl`9JlSZV9?DGGj(*W+q@h8sJET2q%!C+`B%3eqBQUNZ!M5=s;(J+
zfJ(YK0LH6TvILy&E9_-}1ydkh*@_!jSaMN|PozmZY$rsNb`x_L42X-kVSk84P%}hh
z9eUZZ85N7ifu-tUq;iV3^`aY6zm-d01I8b?-a3s+S+Tir2jOyDE-}3um{qZZ@YXn;
zvO8~3G461zrlen^9M`!2#uVKDn?5{^=l%&a(E+N0kh4&kAYXbt-SZPvv!B7eLJbMW
z?%2L@k{yglp-pTQauO9@UGzd5^OG-J@tKEkxu!C;$nv-Lg5_C+LRiq*8c;HX{QZ`1
zx*UK3!+}1hvCjT-SpxOs-$2dT0uz$~k(cil{Ne@pIc?vK^6_)1tDiOZ>Y)alwv_9=
zGY-lEw`|Ql2%*0BiZQxK0(S#YKW!_Pd%qJp49DQ-#H}Z9%b=3Yg*y<CyNOSQMK}>1
z4v0nz6+hc|&C&x55khKKi5tbYH$m|&Xr&!eMK8Y90>!r;M(mc_X<v~7H!V=$Mq_Ou
z_YVbbH-Vc*4G73cb&t4>6yNRxsU~m7<Ba;KNIjtdKX2Vd44iE(F}-emfbYb@!{LKQ
zo!1^p+wIM#6>)TH3q-w003<YUjQ}f~Mqs~t)$agwd7srIOnI|}2mg!!G&H04)AdE<
z-$%K?vGSsEwHzoK;h{7S<anLd$K-6Rr&{qU%fvHpT8eLDW20~P6=h{*I4NPOQo!vb
ztL~JkOto5;9c4@Um)cT5@rgd5ieKW+YxGjY4mxn^{G#OKqs4;h2H^dQw*1L*Kf}+D
zdaK(QL0t5ZNsPN1cnQ<_#^64O2b3*rwUy8sHVpxb#(juFcQ#TXrQ0;f5=y56tbIvA
z>#h0grPP7<L3#(7M66O0cif1PlxST3?qk@$I`3!gN$n?rc?9M%)j`<do^6s^oK%3D
zSUn&D=U%F!*N<wc04gAb|7l4-UU-7PbkV3;)a-VoV_$(ylZ2ysJL7?i-^(s8^vt|B
zA>uC1)Gt)mR;#P2Ha?&kWS#tB=>`!by9=Q6uP#w^cDe-FDd90jZh1s6=R;n1MijQ&
zl~ltX6d0rDsJlXv(!GTd{770`PVZw8aGCNWh2d9Zbg*5V)pt7X(hRdse!k%bbe)&%
z9<a-8VgdRtD{z+}=f~ueKK67LjcZMY4PA;;UJEgYEIQH{RN96c-!g@{jkmnH<e-(w
zL0R`TuCroOao$GTDDi!pL^06p(s4U_e3<wsZm7Z)ifd{>bx20kS%bgaezMb7fo@)1
zEj!^<32i^V)F%-gU)(1@(~v6IB*k#n{d#_e3dTQKC&MpuKLbRr3eK*+d-yCWi|2fT
z^2tb^P`Wah{tUn9_sVFnmd<8~rpX_pokwZAaX@^s?3eTCCy0COvQ;82hhj7{z31$J
zM#kNR#bM9Va~_Ko>x|}|zEVvR-|4(XAs+}Gd%%_^m^gqAt^o)xM@I)4>nW8fMjV(E
z6cnVpJVh|>7&lDqQa)<Y*q5QAvY0L9YEe9&yPi6`r0dvwNL|-Kwa2l)M2sv#paJs%
z?nGj{N2b2K8XH(ODHag6>bXd;qVo)OE#ui~2U**k_q(Ky(alO!0TEmIw}w-V%y1vm
z?mw39++g7+bl;k%BfRA9xBHU?O}d&|epubiH1fD1ru#zf6zI<Vvvj#V{Y#<4*iMP~
z2_KV~)pr+vzM$kUkFNWBu68Cbd#KKh^=#7<irfao^-cCI3qKeygCUb>rWocF<gW0;
z1?;QPd=Tq?1BUm=fssR%&CSiXw2XvPg~SN+9|hb&g(6o%By%;}I_Jmj)+Qz<mSCQ4
z=_=Ve>~N-pgoHPX)-rEuKtx9knM@7<;}y<_3V7bDahIdY06tHBwF+=>QvjUA<tsOO
zDlnA`o<wyw@qD9`C$FBHsTrm#r)vDBwy1$C7>yB%?ZPbd4tzP%f6Rvsdv#<LwCfM7
zyDcT<PsKC&aKF!ywbJ5o9BGLlwJ1ml|MZAkJ+<&KsN<^#lv-gxz?9s3jqXfz9EDPA
zK*%ztbG7*5jJFBBMXlAd^S-&pF>ce(PqIs$HPG(MEGiP~!?qBOnoK4%mw&~dGN67^
z)@224#(Wc5q=gjCqNC5dgQ{mo&JPR(=^fAO!;S?`BsmAWmL&_?!GMH07oY<LMPqb2
zn1ghX=Jc4XUpf=wG?H0e*;zW@Zm31_WW(*)_c}w7M)A$rlX`2@QqPVkT|9ZeF_JEZ
zx?)1A?$kSP>I{&QFjXZ|`f1j^+nQG!0NgJMn)f&N0)T6s;YN2p$m|f{@`QLyn+2hR
z$AG%TBgNFIXQ%k-+_rU21F@T5U<XQ08dUuq0g>UTVW(J0$VDQRAvK`8c)v}hiKOn0
z=f#+WGZBZKIS;b|{U7@g>Mor9<eg|#3UoM#fd3GVYo|%%)S5=|;<v>gwCg-;OEKxp
z=XkdzT<!ZGh<`)JqxNNeX<F6BDDx@#CQ*N-@@r+=*Ysx}6|DI?vQ`N<ivpHsfaEtn
zBL<8<FeHRh;qXWmG^C&iH7#gbkdhAL_R>=h(d*jV*xTEG@sV=FiZ6cm_I`?w%#aui
zc|}?zt^cVv6W%GiLHC&&>+?jLx%PDiNcpT0l3?^w35lJp;H-<QD=8(r(SNXxjls6R
z*#qETZtR{E*t$&t3<cE7szoi#m9{`M@>EF8;92}!sx{B)yJ37qeEh|ekEW|vJ=R-I
zr081{8lE{=bbc8ZwKJm5lWlq(q@IH=ZJtc4-a-%Rf%&2FY^kF@%q_a|<7;DhJs|@B
zzZ64h=8rMHOS2=bB%?47aqL?mF)*&_$W$Guul6FwtafRWa?@9>KL$+{js@nACM6Gm
zQ4B2k#Mp@-@#(~i<eXO0bI#66YLk<`Wlz4%w^i=dvkMQ^M~yw<?X|$|JKoo#+xZrI
zp*=FUi+FTC2WP2eg#90~pK-p|8viTuq96rq7*)zN>V5qcXLTi8$;D&5gc5}B^V9&*
zr@xM~g;FLJFng|TAo^CW2%y1MZOj}u-rPh495pxHJy#=azTcun9t?$1CIwi#shDAU
zz|!IJ1^;eo@%TfyPuH1kuc=46&#(J~!5oz|eV(!@Tph_Qb;5ZXWAiVAbQx6=lz2L-
zR`oM2yU0ddRtZLSw2Mk7B!M9>?F}{XK8igGu>woU7SX_w8H!U9<eY^nFuH_As)SOw
zSnXM8c;n>y7~aLP_*bO>f5(?qnM`5I|Bd}%CjZmc3B?eK(@)3g$S%8sIa5^y!_o8-
zL|o-tlTs-)$<nNeP9f(g*D{Moi3b6){V$ifJMD8ifKKX62nJp~#+cKaHFV|7kFPHD
z($l-oJ|cjLX)+DQ%d;ak9W+u$sgyi@Grpc24l4;9P-e6$#*mv21BoV|Gmb9F=b`bR
z&!KWE;r=;bd;;_5xAAEXjL%ys&t27k*)t^g`h45x0vfk7^fA!oy9MM!z)LJEnt0fi
z^Ay@8LQDn`<*O;ZF?80R)nWtRy^G#wXJ@}Z_N}$`h+~h9tJ~CG{bzFO;#$p_ug4>S
z>d(v)0ODr!BoO(us_@*Kt@c<4MC5nvBC45fEubk@9rzFpq-{DNUTRgxYjici_&@y#
zp@*s18<Z{9xlW(Jeq_$?l06=R4l<~ubKDQPNz`FyUN6(OOt9mv#zxRD<n?ZQkB`sG
zDN$7UI1P29M!9ekb|MKVl(SZdf4{%)IjSG{?E_Q>3It)ZiaUG&o;k@-cVGjO$50~=
z(z(Aau-Cs*474$OZINKn9S~LV&O5~`hN^E)Y=a;O$Y_WSE`n`?7hb_F?)yF|M0YhA
zpsN|0fqANycmTkq<{I?xWZz*wp#$kP1QM44G1#M!o^OQZwT9nBh-;a)xLcC)Lun>p
z<L6yIsEc&fZQ9QK3{a=QBNwu~;R~<p6%6%WAn!dGFW>a_uAisj=Z`UZ<lc5bAa{F^
zuU-GRvzb)jUlchuK7S>2t^Fhr6GhP7$1E%sN}{fQha2j4M|JhtV^SR%sX2p$7^r-c
z4nx13F5DaCKp>h?1@Qsgl<q$*iTS}rux;u;g0GUwDaQ{n6d47Vh?6Jg(yjnmoR>Zg
z>E-1^>g2V*N>PJ`(s~=zGSuFu%Lfiur3-K~kxwJN1O0UO;OE*ExUY;KMxkBNi`W&e
zZn`iEy7?#E&>1D{BFby~uR?0Qdjp}}$HRBgzTTAsvXT(>5yBP(oB;`Y9V}@oi^Qjn
zA8|mX-!dd}W-0%3%F-Q)neBrox_{g@3~A2(-)HhN*a$XZ2}3`S6l7v9q+KmnZuEww
zRQ?T=C+FRrgT9&HZiw>C2cOWL*iqzjuHdo0FOdihEyI8l+2V%~DtLBX1v=OAaVj3^
zKs8N-M|o-}#(?^<781$=VUpP3BpCPTz7E+)tg<C{Ghsv29D}H0GSK!@`>+o}`#5sb
zTUWZ!dw4(!59t5qUBulg^jC)|a&p6u;tb2{CE|=~i=RDj9VOn0?mk+gtyVohM=R4*
z%k<u)QoxWp^jbCMJg_kK4@-kR+O7c$L-vI)V2;gZrgQ|{K|JX(`7zgw(X^ei?{(Kw
z?)OFmi%&}zJ`v`>Ef|jJ>id$l)l_xDfU*&Mvkef`O(W<zd2^$OX!sz!r=F>tQtn>e
zA!t1Hwz*lf<kMfh#B4zvZ^=bm>Y}sETrKcL4Z2`!sKY_vi*8Fgg)TVDA;4%OGNOu`
zrUXBZrB{32A>Z7eavW1MIPdA7O6%sDD1luTUwAmNeE>G<UeExy{rp`CJ-5pN^`KJ?
zS8!`h_a~pI*5a?-wiVnjaS_&+JlohYcC=1!8?3=9{=hGqbOO(qq9Q#UiHcm7Bg6|?
zB(PDJ;v;rCCvt?u%k?>t#pH71F))Dh?LQ3QOvSQWCh%X9;2_WWq#pX*-)T#nC_NJ4
zIrIF`7|@t<+q1TTLySUa+2n2|s_2icgtA<T-BPSYdEx!(5-#kKcnafry?KEKDZ1&h
zr)oC>ihsy?vJyq4Bqt+0CcrhN_E`fwo&`CK3erPL$p7X@<l3f&P@_18A9kLW^kh~k
z>_5+cG6HB(-k#OMH@S7&nnj(jSaw|yiPp&T6rU#e8I9p|Wm8&1iIQ~MY>W5`N|<Yz
zPvz8Uuo&YBpn?Cmmw=}4A4>0qA@gFDa_sV<;p#8FfmTkt9Ai9H#&eq--^UqIm4-c%
zOw4=i7MP5BpSn9Pr%li(OU(Nb7L)CkJ#t!sLtlF287;WZx4VEWcY2GlpkocBQange
zhjHfvOU`lB6SCtCA_Q~U1INOdsS|yg+zWkl5;hHFZKH~z7T$V6*P(4wJ;QpcH!6zl
zvT!=VAvq;;^LR$=2lD)W+RCRE%KU8SeoX*x>WnWfAl+}$aBo8~(1nfyOhinOC~0Z8
zL$E0ZVl%4!zJZM+LVJ7Jc*B`Zimk%lNVxxnKi7%rVNDlZADO#fbYQt(&}gV)wUlkV
zp;nGIh|1<czN`OQa*W({d<?%(coMIy4?;)=Hf|u|=(Q6D+5YI_+AQoLSpI@MG;yIE
z+hKv%&Yt{ukGy0Zb%X^kVAK9eIVd(tYHZ{uS&+?*mqW4VxI*ZPduDZO9L7g%siVQp
za0HWZAWuOY_?)b3RL<x#?ot+E!JS`Na3}Pk`6jIjl}GYlb_Y=}-VO5I9;Cw4maP|R
z`WMSqT57uKEMk1^)|v_z=e9|FjGtX`zvNgP4amyg!4rE&F~yPkWwE`%gtjRCF*!rL
z6qZHgBN6<CKN2^~FZh>mkmvItg=CPgN%i`LhCI#hFn>(;6tkCKX%cDTe?rw=&*!iz
z@YKeC6X<fhJ(B(PRrIsUruBRHiKi~D*$%QjD-r90ZJi&RPFwm6BINoXDcnxXW3pL#
z)FIFL7KW+CBScb=fSXHd_dCP&l{Dq*5VK^TWtZw<3)TtWBDRYL)zr^=*9ZsV2hKww
z6$F*a(DQ$&N{SVQ{LE@sjy23=CaWk5C=vzUdoF>}&B<-?Unq7QU$Tdk#us##8saRX
zeLHoFxsTQBGEyn)<mqbfH3~WEV4anesIa9+M{IwXR7eJ&!Xivu4IPEagveXB-~fxw
z>d7BWf>^Cm<+L<8X3?hSuw48`{1bcWr1#uZDwA+EE+P8BPqDy=W1dS%nu71H4F%?~
z%zUnvFB;Dq_N+=P>c6;1k;$6>OtW@YE#;Es<OJ1?+ki+@0rmL>U_sFKaqN4}jcUB#
z)q(1tLK*e#8%O}rCi?pDgZ(St)0&s4pR<EfT(~6{RymC*{?Bc?*_ya_IFLg77Ms&W
zDs_WqzdRjq=*Lur1UgYzqo(ksnI6^EW*<PSTjyK^t8>LG*Q$!3V)2gDev@jCijo%@
zEK1dI^2l*dXugoxwg{mMBs(aOA`j!tk}n!W92o7hGhAt~FsXb;RaUZAAkLo>5PQcy
z5Ism7Sk>2|uj@Q;PT$sfcwnL2u=b}H^+xpU)f<udLM}K(0a>!rMD{|B0LTCdXTbuJ
zDxf-OCY-v(L{Ql!929kVkS?6I-H3-@*p9HQO{Csz&-JM^sYnJI-pD(ba0zc1msrA5
zeO=X7JOY0nk{7?b@O<h?>rj~NSZKmE)*mlU;zKi7URKeAyPEEScU3&J{WbbskHEX?
z0I$>6gi)1RsWM#U<$A-H$Vxaiu~HxITfVa7*bqQ*=cw!rvh>T-FXd>t)@v@jn`qv~
z44tGZ#P*8JIgg6kSRqKsX)gPTpUc6l>HAj9S)CsiJ@Gxq>1Q<~uo><&9`o;x+^=F|
z5tRsCwbEW$P*x8eCu@g3#^~=)hho(YikAq1Q|9OeK2u0y<vzQm%5nT;bb-yc=vM<$
z9;Jek%M)WfzT-6O_V-u5?v1aGqQ&?*y2+R0PKiVJDfS7HM7)`J2faXU{~=%}Tm(`}
zt(g%=Ga)Fr_A}8;upryhU$0F_=)Q8yL6P3<(`!R^W6PeR<weTtgX0&+A97_{k>(di
z$PrX>NiOGrlojEqqxiY$@O)XqeB2BSGb?gJ7j9(h`@hgQ@ZfQflcNSChaX;2nTTZZ
zVY_Ht^G#w>L%DcxLY;PL^{&3#pl7|GJC^Ci7D_fLz|s2of}6+BKQkU<*e(b_Xgx-t
zb@rcTzt|wqN;-t|%rLbrrtE0N?&<mLsuVb)a%liZgR2yiQUQ_W7|+h0UwtOGEqhv+
z9K~}S60-1fGm2B*{o^Z3Wh|#HX?&ePvdwD<x=ci!=9}ol6#VgsH~}(sPlS-=-+nY0
zR^vGt%Cdr*e*42K0df7!<$u0oRCZ?RX6q>ym0Yn_-j_>^jq&{1Q1pe3`BHAuoHg~B
z>A$0pcy>#vwfU~8@+<LQqG+xC9Ch@%LTdCcI#@B!j$fb3Hr5_+*JpMH;yXOxG5O{>
zN$6MD?Sg(q;F-i7=*%hynKj%$L-(S|Uy;+b3{#^O2{Lkrh<yWi5#4Dg@f;Uw;;EA1
z;@wm2wBv;&Lb7MBpyYygK&Bh{SKx%};oZbiMm<Q4OOP6c^{=+UbkJtXAn`zh`i(51
zF}m;2#6>HY$jNdB!A~<I(((5&^4)qf5e+sS_&_VIpMHIX3e0(?=3LDYfr><2^fT)f
z%PVd_!UHm`jJO@_BS1ky<TyzGdrd*)iRn=q(c?w;5keU~gv*Y1_<}F7_Nb2%eRq^-
z`$(w7xlX|(M6zg_I!2mV&&`~5Nn9_Pp=%}mRBz;UUwzGHeP)#s@rPcvhimZ?DS6<l
zVw^&^JmJ7;vK`a}U=$Ege9s<fZPq`~J#t3G#U+EHv6S6YbB2th3t987A{gH$56>%R
zdq`iSSZpe}?B2UhT>p3`As834*0>xMFQ?Rc0#6k>Pcm+b(dwSS(d1PYNfim>=4WM{
zeFxQ9gi|lH%s=*1uS%LbjBA)NiQ@nuP6UIEXsqXK15pd<q>*T-csy5djKso7b1rTA
z2)<*yn1RLSD>3GJcYOQ|Q4UvG5_D{anVz`TH0nP*K4t%xNQv^-Zdx}ROiJH3DK4=)
zOCxXI3A6uA`{7sMj&@fs^PwnTz`NqmN(<sL5Ysu{dX2cQcf)Zdl)mX1SJTh?RF*7b
z?Jw$S#DnWaZ-hkyQc^2947B&kz$$`R56JUloXPi4C<jEE;vpM~DLxnf+vxNg>M_hA
zE6~0@tS}#Ow5Y+^<toL<BCncn0prIeKs;=*(?5x&?zyY0aMkiei520LE$w2)MQDgg
zZvzoAribH4H<Kv%i|I+kU0^g2BN2Fv%Kas@&pd9r<3N4tV_1>PDK+!?L^@dM#GjHN
zWFUP726Jo4_s~~z`Fo|+XER0vR&pZl-*+Z|R|#4@CA>Bo`MI=vN|Umsf6EWZmsQt6
zOf~X*R46LzC?eq=#@}%(F1}M@&M{JfT)h)!Ef4nVr}E{wbK@i@J$-t)79P_2kq~P|
z8hDUfYLw91AC4V{9%KSnFz1b4q5H+-`ll{&;BFrGOPZIYWAd0C&UBw4Rdk5`yVZd5
z?QN4usQys0mhq(gcqZAg|9Jy`>B}<*kbq|2+T{iA<^WT+=Q9S--DE?=O%4YMXk(8X
zQu8y=<vv~B1zc`nJ!&JN)VTfGT*JRv3#5NvpTZgKC)%!Xkk=l)aUqB{ND0{r(oGLV
zGzMXKJoM6*Gw>if|DTfv4U2(xVE<3|z#uMN&)(we#8aAoJMl$2gNHmpHvf><I1CV8
z0wo}w3>ru!(Wa<{sUV~dA4NjEMtm?%<ycIYeJgu{*^4~h5~ntHi#qbTg@<8?hADH}
zolhGSRy>0qXBLIZ1{6_k)Syh<JSlI{t>i(uE@;-I9<XjoG`vH``IORYPb{}2cBHU4
zDT2^=tj_`@^&D82Q5l6Eo@(Gj;vejm)Th?vZ9AF^sLjm<-xJ@QwQKtI=A3}xKu&2<
z+uEE;#CylOQ9|k3yI-2lS7uWdWi0!PvqootSC{mI84eL+1jp~(bz2afNsd4;@W>Nz
zSL%U7FZSh|5D+5Wz@blNk@|<C+*Eku(2P_EzuT-((d+}Yi{6eJ%!ntqiGNO9fjblx
z6~50~WWeqxV$JD6a6HOzL<>Mb5xBb@{t;T}0SP34xe+fNYcCH$l*}qra`P3F=;`+D
zr~XgFSHx%jg=?AJvrLOWrDF?#tcVbkG)E8V$ifsEuL1Gbv0+%8Q3Jeu8tb7Sj!URe
zBY^mvhmi$=()OntLRoXrDbiNfHb%b)9fTMtgQL?<y@c3}NNDxJuRBqjzy+gg4u9K?
z_xBSEF9<w=gjXgF4e*UJlFdJora;b(I4rt=|DzL{RXdUR_1U~ubc1^2_kl(t68C`B
zV@nW2R{etRel*Krd(}p$luRJLI1JTJEGQsnE2g{Ig>Lt1!e}6f+wz7N_(6d`gIGY(
z*AjQ5t`1ciEE0=|V@ZOtIO`AqW`ts_E_(I8EG%RIiGVoEGgzctts5?%8u0!$x<*7Y
z=u8GgNle#kc=prCU9Y~l^KvsB!C&^nlnjV#?-UkJK=KUFz*W0ZKmA<}2MQKFT_=$!
z<|r?;%o~e+(IfJ8&`Sb<3ANamMcHu-8o%Am|1gWP4OkbjFt0n0>oh_GXQ7hzc{ha~
z9s;u{k)k$DVOM(SsZSk&)|tn2BYL<TIP%Cvhb+U)p)rS}gNMO+IT)bQd?Kg}g;+|q
zym$Zs`zVB?TEfs7bc-P!S`23YRg>jju~PpU)N`5qSqz|Bwg^H^K|w{?=rUCkA<xsc
z*|-~XP|rsowVkaQg}kVH-GQPK<a*i_tG(daZw5g7(7YbHmYXTg3;VmuG)g<q0^CIU
z2(o(li^Rj5KL&rP0(~nUFzWUaFJxJr%Ww&%@}?0QRsNvMh58#=&cAK#2oZt4>Chu2
z@G9GLQM;i)CASdQRNW#D(Dr^zf2lUiXl}GUPTc%wFR*HA{+freFn1uS#>SG-$1>%B
zCMzVqqLMZLXfMAn80g<FG&I&J#lW`wO;bprdx&+iaHql#0EgpGK=}F0i*fX>GJho6
z`?ub*K5gT<P}F~<nt7&Nqi{Aff4a7*I$S81X-CAUpd+RD;?hsYs)0&{f#osJW9m9n
zpX8H7ewG4NcI~)6WU9+RW9)x~WkkhK&NJl9K^Z0E)5?`SqB8>}2{DYx>ZwTz`NIt{
zY%wce1~c!IM=z4w7TSI?1NFf1Y!65@lpP0_V)et}o9L?|86^;D!q0vb2n(;c&KafA
zdH>cJRDJ(B1VS?!5;KeLfE_M?(tMEWd<J_QHkk|Hif<vn{yV<p!??6ux)60p#u--S
zuz*Jt80}JgE-B~k02YXOFEgxK)Pky4{x&kxcGHrkpqGIfpi(Z35xP#mg1VR;^d1-H
zyY15Rsg(Yz(_wD*_1Cp`6XzGN*wF!Oo`DjbPYlN3&`3@hDzM1-s}v-Bd6Z-*hu{DD
zTCYQ=E(sQ{>^(NF_v!=r<}ic1B6Z@eYZ=wT37)VDmdW<@FreFm^-!yHiW@{c(yjZD
z`WSP5eJPO%?9Po;eHXl8N0+#L$j{t>)o1rfwMDHQ$2$rGRo#f|;(E1N6&=7><Y&f@
zF?)g@W5|r3UV_!XDM67(<O)qgZ~Oz5(7!`0*+P~o2D$Pb@mc;EihG0sLUWM#==}2!
zJm^U)4B{p(h1BHU=!ie4K<J2n#{+k10L@q4d71;Utf+#}6bv(_23TAw$Hm35^XE^-
zWp+lpR`xos3-cHJjLS4@jTfxcD#zY%I{?BH(yd5jtMFkWdStr_^t%A>pTkmxw|}AZ
z{3#dqw8i>_>c|wu!RrK$9T3>vAV5H4O}*Lzwby3k#|m#i8$>(Gr+?7K9BFc=eD?Nm
z@6>htA}49P7TbTFaG-YJ3IqrkH%!|Xx<Aqv-An<n2IzJJkqeub87%TuF!xjg8f$5+
z^_sD{sK7Xmod0P+28-xX?+Js)<nR2Fpe{u^8Ih^&`Jd1ul%p^^Z&M*lP-Bt?LBK(T
zTmG}iGMW_G{{Mp%>0hNRd=acJJ{!tkavHp5G?RJ1VKiJg2s|@d`IQrY{+NK?;ZFVa
z?EC>=<@OINAd7kA>JxyGyZeCXGb*z~H&(iDLi{ErT#Xj7*3)_LSw_%qD5X%?Z*DBc
zpVs|XibhGH@a`XAvCg|(k%0E%KpK;E$4gyQ#(EL_x9n%Sew~<CJop9FrCu>?j4Tks
z2!q*&&%t9rmFlI_gW;zwRCWM!UeWsltOvdW3uShMUqM}TqbfmN;<Rlt?s?C)z9btJ
zkh|=b1MaK4;fOryZ*J~|EKq%+9CvJssXYS_*v)-N9laNT#WopO>bzM<Nh4wbl=?VQ
z9p?ZsndU=keCjQB5>1|M4@VMhV2h2)S>n&kr0a9G;7$kWU{8Y}G$6J#y+fr+Q^e;`
zeBSdkp!+nifMef6gIn0nvJHJG3<>G>cuaQ6xikz7R#2!R<#hf)i2~|H%3>j(C=d>G
z^SUAJ7;{M3hk*JZx;3K;tr?&=xSupK;!?XGwMPKp@NqyPQ(6A85cLL$MG)1pgpQKu
zqFW$*W)bVGv)lswKZ+c92E?F7d51poEo|tZvA&WSh2AX7cLFk>JOR5=Q=)xB&nV3h
zB%9C2ZUsx9l?6VT;MPl!8aHo+LF!}<;V>Psy0ED?92S*WXIIO?0_4qD|7Hpa<+LSJ
z??5DUbKgQG)*!yZkCe-7`iU5{k9iG>R9;OY7ioie4r>X_YgDD@r3Nin&=0}m;>QN6
zN({$TO~8?JVj*1}+xM0mUCO0F?EUsCyX%iCK~gn_{){mV9#suWe>a1-Xbq`h8A)($
ze%Z&&2#T(oPFAG_gZMQFs8~@J6VbE9jK3|@IPJ(8K!+#n;687C`v0NFoD=So`tR-!
zTopCT+)-fTdmTgEiSl<U4k(xdB^;nB31&DIK_q>wrT8e)dA1F5#(~*M^y1+HXjK4*
zrDuJsjub#QBjVqD?)itph<KzsXcsZw`aL%cJ<KD)eZ6LTq0N*8{&E~4^20bI>nj@r
z1oj{<g|x9c>iO>>T*?)kZ92pceYXbK9F*sL>K%;4ZYDm{0}z@48JIxqe@$heu@?5i
zqRWiqV6HdhxWKG;1Vl=hBg+f>%A;EkRK&@BjG^Wjt3!bliZodrzWfhU87@FY0Nf`g
z0wEHa%5Vz6-FzGB$&tP{==iOXKZ`+7B!Z?|+P+IO+~`>1gWg6aSMa~;vN~;P(H|dz
z$gc|MK(jopQb#=vYzc%te<oeyx)%TqR4D_doLKxSb{<VYY)8skpf{hbn*{yTZZ*im
z#GM^a&_faO8(2!s`f(8vS4q%o)s6~}L&NEbZ>0$L9>V=*#rgd+=hZ<sNKEh~ger;s
zyQH`zr4hZU63It^uCIpfbM1cMYYdpp?VYDsF`9+C*G*7WwOVx;rz*li10}n(5L64l
z`wce#q8l-V3OOtndL8i>XTMbp#Cjj_T`Hn5+TCyB&;6J?)=`;M%@!m!QGDL2bSWM_
z6Uf+61you^Y!pn{TmdSLb_>Y}o%sK*IOLiZ(yf>WZ*}>K6#r1neDH%c&Rnf7OzJRr
zqgb8vl*#IN`<hV~2t)@}HfBQF0bbw(zN4?v1JUy^)RYhMTJ*dGzCLIIdC{<Hn4e5m
zmtYm4V>b=s*Jb45DoQ)98G-AnyhaSE2UC}AnAQBtqC`A9TZSF`-5qsoDiaI`Ypdla
z#-{N9s+9QtZX$Ru{ZAz^a*3ct2S4-y7l%Yj4}m94F|+elY&bdx`y0=Uf+U3XJj-_r
zIyM$NfmbRAvg#xm9D6b?38bV|5T;ch8-hb(+T?-BqV}>Don2iayMko=Z@MwR68<vR
zB-&Zc9*eC~6zM%4vs9m8G&9sdM<)VGo1Hp~);JD`jZgj>8F}s}P@2epod|Ar>*hF=
zvzGv(I=83>qq2*s0VL>Z@p55BZ?`_@;V{__@YJn(br{}F)v{l5C9(TmcirRNN03$<
z&|qL8&yH!5ScnW)4g!T*K3NMeyuf%GR63n88%Dp21yXG{^q36l#PzkZg#%Jne{!xH
z)Z8P7aH$MT_`0{wI}S%3(Z*Ra<UINCf$Z8(&HEUPGgBna__|vZfGCWX7B^&oc5o5(
zxS`{y6qkcUa6r!(t3%r@o6%1RARdtH%M~nj5c;}VAK`0&Q^7$xH<#Dod%HcJ>+V-5
zVwmn6L;0TyhLoNqo29{+XG~W41~u+Huv_Rq?^W1nd{$PqAn1W-k0FiQ48D%>vq)QN
z&fqiXU-f-VUcxIAqE-I1oM5_S5V7YHB|i*U>FdV4`fJzRzHc+xr;R<W4?-dGDX^B^
z%LQWWit1Z*jOjv*K}Vd9)3T2JzIwWgxY9bYH7?I_(ZPa85jf{Jo++<Xa2ocl=o)=E
zRPg!&B=hI5-GRAqlNOjuE{WX8G=fb+Ar<Ca|GWK5`}%SHg~B5PbLmniOV?K?s_-jd
zPN{fK%VP}pWYhWzd8$^u^it_kgY_5ikX^u`Cc$tP5EnA_ABRN}E}+A&Q$@WC{Sp%J
z63I%0Xorrj=JvVb{Mi;iqmh=6?6RfdkI4g-ekA|%jsD<`P$B-pU*-Q7OY2qOiap3Q
zee0zfYrm!svFj_AV}E2Ht2)g_byDoign6NzwXg_0F&jvnC@(tnUfN?vpu_=5;h5F&
zVWaMx5t~{r&T8<axa>Yxq1{B_K3AGZxf<VEs~QlWV4h-*>pBT!SyhcBTsZ-(Ea8Bd
zgUzuAZvH(BU=#g%b--Pa(hJaf2++FFD<C-?yjPx+I_V>IbfMo<e`M~#`m4W7c}x|d
zVV24ul#5zYAPuq(6CzeXb*RMOc#aoaSh@Y@I;Ggo5KL!hmu(NJVLyyy*MK4h3T1F>
zd^swPpc)6UyPyn-v6Sq%<S}QPk&pD%Egu!e4#$IeWYr8NkqmkL9u}ZI@QIM994PbN
z{r)dNQ)hQVll;4A2w>UG3u9nmyiNOVVrL2EvD509@-y(#aM6^&`gCRCg#fAbnY?Nq
z{Us<^@rU}CJ4DQF0|E8^E9bRuVZov$O>fRAaxE`G&U#|rAfmcQ)Q%Ksx1L5wU~iOK
zpD+Xu!dFoGn*~owPSM6ZbDnVwXijq$v-HBR0}+jazfCvUz!{_ruC_28TQl%dtDKJW
z;P61Wg~tWUS^ddJMgt)#Ye`^3$%O(>-?8-dt_&)hV^7_{&sXc`KtJT4l9OKNpZ4ax
z6ac>OX|;J6h>!pw#IbitH#ThtK?$4h5QHe6lp0Np8)ySna<X-4zUP}(q(T3sSxx9!
zpbRd~l}rQ#_C2fPr{06z)iv%3iV?@?_1&)5M~O*+S7(pdRO}boS77}S)>6usjKc(s
z7EC^B-ErQGFYp&r45A}0lnXyu1J76nZKD-GYgIT>wFt!cNt`vChxyOoa70OzOso<w
zj%QSmC`A*2GmT;<AFgmOO9EN?*ckdcZJ-q>|3IQIdilX#XuZRZDJ}|#|Ec|{+7zUj
zjeQQDULReY4ogqEWESx<mos`1=QNkBe?(bw>1yykNlvvix0Lt>o`r{<M^y~KVH5uX
zd+fR3gJNO>&pH4)x1h*SI5z;O@(*tgFQxn%ALk9oS*<sblo$`G_RdYXU_4#aHz)Ej
zI2ZKufmTNPN)|_6Cd*DicVM|yKSnwR+F-tX=QH2Uc09Dan4n`QKExGVhdFr~qYUf?
zpwB?pb)dBeiOGhX+bL^3F{$#W<NvZ2K%Hn#6-MG^?x!>mqhJ<*{@q#Fs!lpRQH+im
zC5Rb|&<w>NimmK;YVQPBs#!!|I-va?`x(Vd`;iun(v@J1JS*Mhi}#zNSzu!$c$*-w
z;(!G2P(y$2tg}}3yf2TW>WtY7g(vH4o?zqjC!Juk<4{vf-E>q!CB+MfwiSAN*!iwg
z(52BtrwXRNJMy&$R;)4>xZYCd(mjQ&@_#)2T$(mw0+x(_11B>{(}BCF#)_iPPr>j)
z!JsHdIAF<1r4;EiYx&1Y{EGE91n;d^MH=42baxzM$EZuJIrTUXN7>j3Ze0K`?J_x;
z_V$4gcHw7kIHV))C<sWM4(Z*b+93Gg+=|sI2QWUQ9>cltPy`9Ec!>j+n|YR<j7pSc
zrjTI%yUILH#$s?4*uXs1aO96Egwg!7xMXxPNJS#HV<2L?=Qdy6SBdYrId|X-R7r<G
zRfBB9Kcu+zAxckM67w)c=K$<407s9uFMgk|JgP%-ml+-q6h2m04Yz?y)_`J48tXto
z#|Bh_ISwaW!0gcBAW)xXak>=AjfKOgZz{uwN2p-?#sQrekdoxs--Q(4s3Ivz`N%eO
zD<S|^i-0WSExrb4xL_=7;Zi@33Zp-~)_%t~eh)*CQgkh?llV?%P*s-!qbWc}BJXz2
zKTPzS`|ZCk=Lwp?)x9L4$3wm8ggTF6%T_QZ5jsd~`;b$;gC8^b{!=;5mJKxgs~(q)
z@d2QIL@S2_8Fo_k3~utfonbR@&;70TISe8+D;x_T+kv;uK$Y$w<sTSc4Ib;iV>|cv
z-{u>84SFrjKEY(;9pF&v1cV!H-U|F>!x>c|;H-&QW3ZJe@MS@fEW^>)Fmb#|SC?Ic
zt(lhli8hvQN-#kSC=JX2I&RmAo}m2!sa?1no8R$cBMMLe2{+uE`^Dz9!C#Pu84%Ws
zZ(zjn^}SGqA+}T`m9f$Lh$6pDLm&d<uUg$vutOR&&p^6uN6@+X0<lOfCa6NS{{6UF
z6g+>&TlFba&M+1Ijqran`$h4&4psOg>^wXOXARLzoV`$r3QXzH4IYXx&PHYx9hXAT
z%sEkyei%fqgJ4i278&+tstrHKFlo@E&$!}-LI6~3)IKF46EzY6o6}f3m<OUChKgVo
z1cPuGbvQ^Q9x0L!xqOQYRoMH-Z7>druo(IKkvk9;6&y-Kf8?&>ciF%XEgxhOQtS|9
z0*eDlurX^hT5~{P9kL}~-@^?eKtj#!10PG#zCM_kw?PDHj(b&*XJ}?&1cpfaPtTh@
z1N;(@F(-$R_<kfTebW*d9JGnzrT6|0lI^{48_pV(1_54B3!9)(cntOAZGS;w`d=}B
z?Y-ab3$O#d;_3z-9rK!}2cg#W<3)d={`L->v;l%(JZ5~*@B<kFq~BvBsJ)pTzukxQ
z19(@{8!HOnVv2<X(ZI?!2L<@%o5XEs1&qC)9c&4`#}7oX$joGs8|q=k|AeX+^oM@E
zS8qY!7oE*mtmrJ}nD1YIc-w2C&sEuNcr=+58e!eN+g)6$M&dikY@!F8;u_HB-AL$r
zGg?6g060z@?3VqDPem%HJf{=fbsdY><~>(j-N<A5y;B~=(Egm7ck}>f%BQvXr{JPG
z1hOEfCFovTSPeS=J|Te<xSZ+LL7ujluL~aqz@Yl||Btfw4r{90-bEEbKtvD(lqw=1
zAWi92LFv8sD$=`jLPVO1fb`xW^d3Sd6anc-3lNHQDFJDrguq>Vd*5^RJ=^d5o%=lN
zkM&2^%3O1fIm$c6c;}hmD}al^|9qF*F(n!XI2_K)$5)cN45X68=r@P{Xb=L|u7(Ii
zUH|SNn+V<j$QmNc%h$W$SfuXKB^K^{%&`=8@$1C<Aa#N4|BZF9tuz&aKrKP@Z2A><
zi51`jR0l8oQCJ^-y;6$w2L#CB0Q3Q`<IEvYGywm^Z;v>%*LGhYi0J3Ke0N2iq9VMS
ze)V2{XCM}UKlHu|pk1$$YxwU9{^*#zApgr-<^m|%j1B|<q1#)?DZUH1I6%nB66l%y
z$Km`7G`3Wk(h*_a_pb0s1zPP+z03uH1sGQb99k#ntv?5pidPEb-!R97{gh71`!c?E
z!!4aF%Y!PqVkXpL2P{uf(qFx`|0R$kf92Ayk{HD*Q;;Bz<fZx<e&;bCyQ(X2=l)-e
zB$j|vL?52<XCA_lfWN#1w&;H^l_jAwwJj#B!bh3*-S4pnKSg)z#arEvCS3am1&=s@
z6h1?kATR^p|5AgV*S*^RJRQKnh(I=**`a^P^lUUyky}+{<J-P0HXxO(;s3`AuE?!M
zyz+t_^X=#FJO!5mt%fIhSlX+wstUkBqO?c;#^L~`9uq+$(ILQ}sW91G=HU)FKDB7A
zt13ly3cy9w8o2o5xNV%T9=t+;ECG~bR!N2$prom2UUSq%94Ii%1z^g8%6$yy;W|L6
zs&^S}{FN}-0aZFB@$P>nV4V4@w=-1rlUU`02!VFd-}QD22#%lRtSVooYu3LVK6w79
zWgcp)S!xJWm^(}xIcm#_Iql5)R1LRcy87ayx;ja)PT#O4)8>8SMZA{X15?#L?haFx
zttpRgioZpt30L*d`*nSo^9&~>7qK|qUv*utM&6u5gbfq8_;q)bOi~mgK=mH4$N!wg
z^Z85Eoq&Fqnp9D1CnL|(0!7Z>d9f-Ea*Cz0ZGeJWnDV;BTJEo~Vav1Y>ICUI$)dfU
zHt}cpZWaYBOe_s90?Zg}woM?6rt2UHSnYh?gk505(qjGF6wJf$@X&!~tVl!ZM0i+S
zNT<}BFQDcSpoP$u@Lns`cOC!1{gkYhypN&FdAE^?9$=iJ+ijWBe~%nukti}TQ*qs$
zstf=*AYmR_AxbHH!fyxC9@ryF=_f8aQCd-$-!AJ1e@?a$@cm`UmQyORxsoCh^XF@I
zuTt)u=7e(rpH<}1c8t7i1DM9v<2Ey7vdTGSCOj#b9M*?Y>zD$Ye2<FjS0Sb-xx&d!
zDFB&jSrW#lyBAgF{nQDLLWq7wnLvdoxn`Mm8ZdRP3oTx|C(S8TM{-m2E<fEZ;aHN7
z022v?{7*xRWk^I-i<}LDsmOScUvP_eHiiFLnQq0#nDsXz)AP|Ot#jh}lm5(}HRaA>
zTpo{^aiOJ;RNuyJ$Cj)SSRsJliU$&2egyJXig&#_5%v$}{mWljv*l;Z``f}b%m1gk
zjxcm;En<wwPPm@=%u1p8B%eDxGBWaIY;F?@<|np$s;IyuuW8}d^?8-Jq5G}sRKnJA
z6F$Qi(On+meH$9Qx*rPD&W{7%4T~&&r+SrQ;itJr!s2wkN}LaV!8_$@YjDUEDI@|>
z&NN9`!|J~NAUH_RlTem$yjV5fS@oyU0$wuhm8!YwbF}Hipe|32Pi7Esk(s%kW>d}^
ztr!47%z4C^DwCS8ZXM)kJU1LAo`K!Ah?owum`1_bWad;NlWRQLB3O*;JeA?n8vDM9
z7Id@Fd|TOmP1-~+;E2C~d((^F7IQNe#mgD@>suX8v8@;sgYAMWeSi=>=rH<8HAl3}
z>7Ch8gQl9#jd`{zf{wHIRmJwcsc1eSp*0tEwXhywgH&e-fDB5(`@MR)<5tk#)Q#62
z)|=3cDov~cq6xxR>wZezXTJt{{G-{YiPA*8>u|KI_Ha6*98+pB_>)k25^Uzf)+<q0
zDL?kQg6)CibL}H&j+6V^P{cec1d*a$<<XxYVZC*^|DZ|#M~$OluUCDMmF9<1XtyhG
zbyeNTbiKKBZ#lRq2wqZ)Y-?l<D>L+Jo%Ee14v62wz=Zt8#;R^?#a}p$9<~A)WCUxb
z9@Q0K0~gT0NZsOu+*U=1OeH{4RWv^ps4uW()Sl7MZ5s{l>$`~p2c0US+${Hw!OPs>
zs<9MgFQ0Nt#*EpSA^f!4G+{^FvL)1DKCH)ps^^ahbD&uBN?jP$-Gz0A2r$3iX*td~
z8Jf@)ba>;~AW?h!q(dD2WoMm}TEN^;!uixo!IR!~oJfH%-yVDz6wnJSXN&ba4{mmp
zuRCwZesPa(0!jFT=Wn}txqam~u&M#)xpIVqfxYAV7&`nTpS?~7|B5(LPH-GrS#uk0
zEGxilGIp=;c>Z93uW$9)7&VOTWz*$#`~;bMiT(0pFD}m#Qkk&ywxYj&?o8S5w&2g9
z&N8ui(2TdI{v?v;YPNP8araaWMUICn;N^$DlUz;rc7~&Xs>%5I#LGIztw}xDHq7Gl
zFWG(u6psSo!Tda`YTaZwO|lHz1TFMacwg{sf~#p@-qlDUVZjySxc8lj1a(q+Zm|nO
zhu_E?Ti`-nj_d~LmUcCjnpX4BJ$Jq+cm2&cm!GHG@Z}Km=}|)xnHlmk?xKrf+3ct=
zdfMx9^xiyZIb#!mkz^He(=iuJfpk@c*>h$HeR;9W*3bfkwhFJZ{Jz$394WW6eK?pP
zdeU%y9~12Nc}tz!+k9gy6AMims*_6~nH`loE$WgRU6}W<=KcImdGJC8KcirJz90`}
z9>$=3E*(8xm3<P%Di|LFQ)S&9lXMa)m75%TauMB54rC*hfgbMPjvi2iZa?O?&9Lni
zkJf+touoD<SJrV$paXqnA^Hjt&wkn-PAf)&^fyEpynkNQAMZ5D7=`gOCz!Zx_bW0v
zYUUhN^<>C%L4Gu@;;sh0_VJo)a0oLO_DP8G7d$_=&L8g2%ztC2pq8&*OZ3?`38>yO
zRrn2w4h7Ua8#5``4?!nN_KD3$PsIqL?oKmV!5#5bdCLG&CPppP!j;JsA&_qL*k$xo
zbDxFT-P5?zkWGEEP6cR_g3SShn**FOQg=#CXD;U-si%>ZuO8&z{l=CY7h}I6B0xd7
z*%WS{q*I!G`hlvo{=PO+pE@ut#vaIM0hwB^ClhS(6N1ymT-*^4m6@JgC4yiSR=Wn<
znKCKpLkAAJOtK{o21E763@x2AE@p19=Ui=9VZZg{@wR=UjJ=Z{oDniCm-{~a$8cAI
z4F9pQs`uHK2d;-iCR*&y?&`zZU2^Ndh8K}-Y<1gKz$e**8`S6LkZkyxi1`h-C|Jw8
znqID)Y0QmDK9WQ2?=3M9JZ(AcrbFdTdIlMr<nJk2#cjotRTt4g?B&4-+j}+&kp-x#
zM+xxO)nwbrD4#_@yZ4Ss%G4icEF_@WF1c%a`9AYugF+6Y7&SyoCl+i@X$Q}n+(+|-
zn&oC7-+a#eFxt^jW#nDkH;z97#umKT^hG-)pBAoA+xsw-uQdM^N&UAOx@rOkViCZB
zaF?5cuwZ9{8n5;PTkQ_t3^()k==UkUzKUI&uGT?#$$h%U9{ORW*tAwf!kR?-<NYK)
zTQ^%o+$-f=m42jo7r{u}m(5fccGmKnEZ9DK;1t(mXGNyB{Z@Gkw$zJ!Gd$_LkrsTL
z(r`bQ9)usNMV0oQi*C_80(+7&%Ga>!o|nD@-<_|=)Oqbp!FNCYG`(0lQ&-&+HNu`{
z?6z9mLyNyAYu<(J2H?lZe1zo9a68wx#yN0;GbdM+G^vk|ei_aidp!-uXK02)F?kkt
zn^f?XdW}c?pb^2|)K<~8B&tNRaZp5`r|sp!`B_2$laHpx(P=n|vT4^a*weVw^zzMy
zN3k<?M3WP0=FwgBz)Ys5=2C-@tR0geb~BU?lX!=E32f=An5z^ec9!&VIV0wLgMlbd
zy{_)UcVleKhRUNbe~vWqUVQiS_^~<@&?Wt-m+kmT0EXeKNq1BQb}`bntlw3RslDQI
z<2hK@79JG-3Z3!#ktlPiGn)*opiBpxo8MvZ6TH#tK6O_%VTWX6J{HEO?duCPcA{Ly
zK)UWe09^3TbqheT2{m+wZ*UvnfTLpjp*ugCQW8~R^nhd*Y-$^9aC&g)S2y>0Wj;ol
zDWbl4hZPams<4#`2{usJR!$eFh0<I5Y%cT7984u*U$SMR!!s|Taj)d@<H>bF<Z&AZ
zi)4PohESo5T9+ujhW)Bhn?5Lb0oArntEE8A%?-g(kzd~z9<}M-`urmdgeXxy^4)N)
zc)~31+;oKKf;N&IbJ~4JbWT+Gw?ZL1s^LG%f*fu0oJG853U+l=gbE}#SK?rceH@5f
zXWG8icydp+0NZzNGkuuLop$`s8$r(8yN%0UKEdx6EbsX5wCBU3Wki7BX@N81gw6pq
z)rvU;8B1K6eL7hze;&Wr{95sIJvZ&MomJaJO^o8F-%w)Rw+&pmwHy>e-!9odSuglH
zPFFYB!~!vAtnIg*@XxROXGZ0IKq=qNj5gM>z0ADG?%*!xz6kxSj<i+W?a#H<Bn#-u
z?N`i1Y&t`=^uo`bM^}Ju(q9(X`GNv!)v>P&-pkwyTjGc_vMWSwM)PmdMjls+7=Xxf
zDbr+FA?gXX(4}(=g{7e(c~J!w%}TT}70ek2eYQ|B*LZn-n5~Q?6`d~P0UXb~ZQWCi
zbczULxG=WeTx1TTH%UnmWLEAs6wcO>??C^uG|{4dE$AY$=9YW|oH$%noTMOBRwv?O
z=r(mXe<MUw<2f_CY)yPDsFRr<U&U5buYqkk0rE^GS9|PTJ=@)MnHZ<1lS}8*9+F&i
z8s*@W9dFxAHn*|F)gMVwT&DDO7i$Rt1>P#rHp)F0z>+B1H$k|^#=C82ruIb&uy>x!
z=N%LjK`@h`oo0*1Ii^T1R3jwm&S`d7!0{n;KwF7hl(H^*DWjajctKNDoI>)fVmE%%
zP_ZdcC#Z!%S!~R8)i*zS+xE?2TbUSkuOi&G15<8oM4ul3{-H8<IAg1*smWjfUF73O
zM^&6IMyl^!`A2$nZv(i2)Wr|=t9bpt4Ii}bJ;3#wf6eQPxz#XS4ZNXf%0&^|ANM^d
z+2dX>axPpQ%I1>@`K633gR?<Wj4!@N&f&9&L<toG=2=gXuS^vvhd9)Oddu5FO{tG`
zO$7OsP17L1IGtC&X)_Zd6I+(F^M4e93Q(Mhf>XQML+bNh>b%6icV6c-P7)#m5n2+a
zXX%qeb4^LDJ}Omc8-+NM*_%M&sg8-Tc~kSpe#h7TXHG%P4yNeOx|E*jATOFjj|F~^
zCfPIQ<>NW$%Tb%5cQ2^((`3B4z$?*@82vA^tZt(hZOC9j#@6iidG!Tb3W!8lT)h$#
zI4m5L@0tH0?8KCLPwDk--HJo3x-6W>Gg(~pCW`|V<=9s*s<G$-{wVNSERYQD!gN)+
zM2Vl3A&t&*PE0v3Wcsc6G0vKg1pR^mu<pNY20)+(6hn4Q#(np2T39Wz!9+GH6)5%2
z#(gw4{$hkZ8a4dP7G<h#!1|22Uqn<?5s07<5AXHXTz<ARIUF4&7;W7ug**#YFd|Nz
z65Uy?cp9Hc*2z{SG%7GI+}Fb|Vvh8hn~ghB(ma72Spd2EuWNOjllLUNNAALcn4fVd
zizJZ4Y@vIToQD0lqF5mKw&cw@tHVmDGJ!Qac$j}*g8kO7(|1LqFie4JIM>O9311Bf
z2UYRHTyN4?rW&WU2|F|%x7ImJ?yft7j(2wE%qmbvOYg~tgnv53x(f)e-;Vhj{P+c#
z?-94U^q|dKzUL{A2jLFmbMafc6BFVdXKBTz@IYyAB2IOi3*VXDsiAL%aGeQN$bzGL
zo9Fy}_m4LOorg#amd6b<E~;z#tB0{D)x0Ae?qEN%DJgqO%qwZ37PqcvRt93KsfRL1
z-6H#>YjwsvJL;lv8}W+NYntDsp=hBUrlgoq8b0sBygbOJ4-RH3;bs=aPSIf1#m}Q}
zAs3Hd;QZ}HT7qi<niKlP63qZUKlXhpe!9Yt<EDgH(`k+){4!Z$sK11iy3yX{V2!gD
zww?Uk4sKAp0CD~FN#1UEpdXs$)V~&Ca4<Z1NXw^ZJIlUE&*xsXTY7hX=7YHE2M*^C
zE#{rF8{+JsIrmA;2N1eN%BedKAW+u$-{fz<WINv0gmu5vB!}cm=bMW<1X~mYmzAfa
zLi|mmM&3FkPMe6l@feq%EH`1Eo@Omp+9@+F*<>BtEl-(;sM&Z)_tT`*p4eO)GR$Zv
zn>s^gYEKX?X5hjIo>SNIc%-MMa)JOxA8`}Xo_e#{T$TzOaVb6V7liiN(ME+zpDNTl
z47PQN6ARIw>9c}iMQjQ-sfnxxHuiJQ6SkT>>x-M?LALVmapnI0$_aW=T0w(v+$kW^
zIN{FuVR}(UZ^H?!r5RMN5DqIFg$$}=63g{#JG{4Y@9MlvN{x%#ek0HT3X2>qa;IVz
z6VAnDmG|XVA-LtZE}!)l*U!&$H^x}B4k@4K7d1cHs7%B8#-zc&Nb~*x(ecih>O-~Q
z&?lSQMYm%|cnA{ZSE`oFN8f(c<!IM%a*8Ypm7sp!4FhHai=_}j|C%;Lan8!9qzQ3J
zmKme81h`V_Z1OiLSw~XDy~?F-)VcbG^65ZQqi7}al=div^B;)4tLJl=lAAq>)%-?8
z1u<<wVYgIb@AoRhGy4X$spI<Dt(^B^$Lx1lniTL%e*dnMj2<v-A>C0nOD#XMY|CO)
zkUlF-(_k>*)AUnmTK?q!v)C_6XN4>s%vg$&bg85ddj0zK2ftef5h$MH+rf~s87685
zh#7;uznF$G)qqcZqldXK*~9C9e+7Og|9IqKX*1Qm2scBS)0}c0nFN`6dTTOoZy=rD
zbGa<ci@W_A3A{Dd+=u^G_c^i-fk}MS5s5;+S(u*_DL;*!sETExT?1uL>uG2({<8m?
zz#<(M!KdDpE>p_d9)I_h4uPJIux&O3GO5dwAiL#HQYh|P=R8+>tQAs8i8BndbJiQT
zTKv#pP`FxjTeHfA$YIa~K2kXc-D5S@9mks)8hIrnD#cu>Tvjm^QD}zG$PqkahKG+b
z`GU8tZ%=eh8N_%VD!;XVu<mgl8bK|8c|EAsXOnmftbw60on6qAbvfuE&_<mrLyOOP
zcaE_bbkSaYm-_JlTEBR=X|vQ}tZjau&vIb$mY@gk2X~t)C#0|Iuobxz12KashTOIV
z*a7pv4q));%|E+An3j7<$(_P&J>Cl2G4j~`k(c-Q=<X|UQL36QsIqF5k@N_$U_4j6
z9Oin9GvJG~zg(s7>aF%LrX8akyUwha(##K}46Q!U;((v;%yk`iaVH&Aa<B5<A^dvn
z@2?l{t`=!IEA>_6&JJa*vsG*PBix(`4_5`DDNS2rn9X!w^aK!!ADTpwI++bC32~Nc
zrr4HCMcyQiQ}gr=QKRh8){Q{?u<W+0$&(9faZofue?5F$Z&x^gyrZ+`xcHUwZ4lK!
z<`yaC42}rFN1}<=_`>j_-5q05I=@O^c4_PKi(o@DB*YOigQ*MSq8Gb$YoDKq;BodT
zep$O3p@X^&=8nF?L4#C1;X%6@K1$l=Q3nNO#w6ATN=n0qGT6qurK_U@IliH+qN0w|
z`T3+!GB}T*q)%JcEW8;N(3A8;%(yVvrB|cEB!}xPi|l9T0MvE<OhOOG5R4)BH~^Hl
zE_3DU%WQ^4xA=#kBX;XSFFKb+)yf_9H|smC`xBQ^9v?j0lIVEtzTD$rMA<RF7uVb_
z)!#Bu(|8sP>wL^6te^1IAZwQwA#`Dc?@o^{FzROhhi!44?4t@!RjZRypd)Fw6^+&Y
zeZLqfQv5;wWiwBYiqYbbhXeC|lflbEcF<9@rWC1Rl4XbA;U-g=LG2_2Y+gP-QQN=$
z(74f)-0Q82VevaUQO`*qrn!A9#kfk5;b^=LM(BsEF(HD7Ub{2-n@z*sMV`h_mVe!y
zt_(=;Tu8%xT#1^{HGtVMi+VZ4w)myhM$)a)iL%oeDZNO2hOE`Zz}ZnN!NIu8`5{Zd
z$+%+%<*>F%!+<;4%Zr@`hKT575nd^AFM}M?5osF&^9<KtrZ%5C_@F;x1k6WT2m3bj
zjtTh#Nb@?Co+;_1ic2de735BX`PH1hBaGq8OgFy3I~Am7J+sZM*PVy38>)G(<NcjU
zv|_K4Q*=^tCCdz%cyxC*9UPYjQw0h=8Qw)Ky)#btyXTIBmXHBUcZ%$4l@B3J!3DSQ
zHgFio?`23B+cx|5(L+YFtpfVG?llyg%%59g+qWW!JO9BJ$UUSa{C3vJiwAp2do-d}
zwvZJF<0a0{p6=oM`1&NBf=^gcu|I9#5i<FOx3(^!1f!AXoaIC$Rm6IsUyJV%G$D&M
z7M5Kq2rbM`H-PZ@wU@JVPRGS*6(uGW;=Spz8&*@5I#-*VUWsUYJg%sA#5D<WK4<c|
ztqX<}fr7#cu|Ypfd8AErbg<(3Ew15FVGxi{{skJbVEBNa^XVi*Gk+Oe4<Kv!dpRQD
z57aXi+?mepXncBHNqi({dF42$zcd3>drU?~HeVWty^ic_Jj*OHz^{l1<a$f~Pv)_W
z`!AU!HiU-~F~wdZ9Djww^Kuqu3=!B!jsEd!7r(`!_mNfP3}(KJzp9KsdkA=G86oJK
zNX$Pe7omSo@*=I{({Nn5hmUZdA+6=txr{xgd0t1f*hkR|(?&N|s;Oga*X?f;k8<tY
zQ0Dqu=jSiKs7mqSBqD;bGNKbK?sv=)6=F`hMMqBr8W4zi&k-1Ew=g3UF;**s>Lu@)
z$Qa6=tDCI#HxVWODYiWjr29{=Cf&Mnt&*r=RRQ>w*sEWXzQqB)lK8n3rR?8(WWb!O
zUX6&YGUAM}@7C3Hyg)r7-6ENvnMidY{(H@PjZiD|$|2D-GsN<K186|5e3$cwz>_AD
zYP{_K^x!w#f3JO5T*+m9n4{8dFM*h=#~%ShVQ7xty*~N(ZV>RZobanZmNp}j4Rm}L
zp*R_O^{gFdpx#wr8)@~=8|TH9pxloA?s`&Ty&JH4{aLAcuSH9zy_R)VH85+nG1t}?
z4W`Q+?)}pj;41xV&WOE#@i6}N!xs;6EwJr01kWLie=qb8184qvup!LRk$%pB=IY5;
zj9259F;A>i_{Zf{|CfLxKi-j~RJmHuD%q>aszNL~@cz?Ky;(`Owz^5DI=X862R?ri
zcW5EO5B(>p|IZEa;)LLEXHJnyCeZODspj!NZRr2p>m#_dILM3^jCyB6(1(BWX@Pb7
zUss1*n>krB4w6U1TK%79;y=TSEP})BAJTmjVAp$7ZesuBDExoE%9~KFQ=qw7pZcFB
z?myoqM4;9=8Tf(q|8`uYCOG4j#N5saGXJ#m{_|~jfCoIXeiHuQjwm?s8XjzMb#U~5
z&ENlU)AsT`OEldRZz(`AMBpxw$FBOjrD#qpeZG}<ZWJBM!2Lfw53E!c3t3hhj0H`-
zrG!(P_QGeb@zH~14Y)jqywivtHOyvfe5u(IKVL{v_Et@l+-YwMnXbX+y&<CiS!@c~
zaBavMAcyz1<Z)`_Ug+y5$FWW%9$0^V%xLnsT;ES##hFdKBI#+bZA1&KQRp(x;p{@3
zZAkqCa@lWn)+bs-zLyLPQ(Icz@>cGD@jw6H$D6=(M}(S~(aAjwB~0TK=N1&Z$hpTB
zG2O)g=i+QUN{sBR*bo0cl)upT!*OdRM*dh%s^!(`5|}<=#aBTwG4g-Q?cdE?PTDno
zhur2MJ#n%^6z))BdZLUmz8rQ9mG^41Z)8uf_j~DW+qjsAe$_-)(-}r=+}vIrq*PR_
zouYgR=m$kHhFXupJ+1otoF!sJTp!`#*D1DV905Y|sQZ7K(2sOD9ut${mOYX2i=DFa
zsRCsloh0;Pj};TSVgP~=IomkLS^{FE&^e;UOVaw2-1gxELj^!A%yF2lR%1r1GG|>b
zFXJ!WUt7x;dHqP+gD~OkSKu|pjlgnZ6m&SEA~&AQ8S=S|H~uzCK0j?jJ;QXt<@R=J
zH3Utjbs$WEPZ&oa%7(&z=+ZPHS1|><Z+8E=m;TTD7bxbDde_GDHNi`^<m6;0ng-_u
ziBrtNC3{1Iuu~_~qI~T4=q&oBXEoI#y(8wGtLLW&`}0lCcrDPTf;m?CPoMU?w<;9O
z7dNujhi`XEKP*10vh~~WJ$>VI9%;XVUB7%(V?CT8d3ieQHpq{#xzEix&tZQjZFD{8
z8BITQks@|G(KLV!4jhEEdbU-On96X%eY#9jW3@F)!mNU_R-|geZS+KO-MD!trp9{c
zdk+JcRGpMb)+A@$(&iKVU?|n?@cZJ&$*>T>@AyAI?iwL(*b6&5P{W&n{Lw;n%k;(d
zOi<~h0@2)C`r`V*6#m3^=}`Gt7UjpBoXYm$tLY-lhILNSwf4HY)duS@HzzSa^d^&d
z<MCG+g`d%JagRd^RQt1~@vSC`DPqz=qspJZ`@Rf!8s)4bEZr~DZ&83bB9}Bnw%=(p
z3wdrA4xH{`igQAkXUprjQ6Zk@m^*ZNSy?aMg7=DYBkSfxUN3DKX{EX1dJCW0&KXQM
z`{Yh}{3bKT#|tt}ET79$-EFl~5=e-PyT``P9z)&}RpQzzgWg>*)TVeuW<u8*s57;b
z_&S{Odmt8rGgvHBa3hR0!&`&M-hDjnXvc52Z;dncU8?W9UADS8-_$&7zPkjDncho#
zg+HMAZ7>-U(c}1@8%M<@<&z{U1s8kp9VYG0<MuH63G(x*T-lY72bYi$81+-**tc&z
zzec8uu)Q49*KhU?w0BXf$Sq=6Mxx`QH7}*<AADtLY4jXN(ejwRFEwc~$OOZW>iwI`
zrAGLR!1fKz_L{P3wf2b3gCnG8|AGDfo8D5m!gS!^OcZ#QoM2tZ-85+A><+DvUbm5m
zj(zRLRzrcbp&mtpsTUR(=x-{C<o6mPIqT7&kZ-<;K(`*uc;Ebk1$_}m`m3Dsyyr`U
zl7@yR9e;}O0bXF`_(TZ%PURw#)l}tOJ42r1gf*DM{9{wFII>p6q=NBx8qeO_jgf2%
z&=9|yt80~ijzpwn@nlGD??j2ND!tF4Zll7%`k=b~XAV$tMtXTME~#FalyGse+gu3p
z2%X=eYwDhEMw`($7_V#M^CNnd8+?>W-xI|Y)8E?>a$vRk*~$XZ&a9B%zggXcZluXC
zA)9J+UtL{a#q7dkBWMELsA$#Uo4<*nOP+9lVT^mGqzM7E*+$u`i$b@T&TE!USa^EB
zX#uOFQWB-&pbHNGoh~z6KHk`Pu-{EnQNnvzMn_w9P)XoGu92b;{*pw_?%+a0ka^DD
zQZd{u@As5}aHCyl+`aVQ)QN#Rguw=8;oKcN;GZvT=X3JaY_?iSaE`jdCqLfJg_52F
z3x11_CUf+)rli0xahWq?aN_ydDB7*ls&hj3z2PbXeo^~O{<qg$!ZCt2rUA*Z7UVjY
z(mRMXumyhuj+QGJCzAC#UFqrC2iUr+(FeM#hutH$nm{<TUC|xFLyrO(Q*dF*sRFT!
zOfm|t>Qw`olDb3bqK2H0Yg=}U@xng+A;ft24Y%?;czVipw86crXWG-X90#e^^*VVj
z?l)?)q+)_Pe`Is6&MRtru1<IJ$)aP$JSfj&OQ6xNKao4OD|`((ap)^ycX<Cn4xi^D
znq#neP~jI5(c3bEx`b8`hK<oU$E42RebS!3_EQTbY0e8nxz+G%V_Kamb@qrm!T|#Z
zo;rAVr`4{@zOj5cvQ6`?P(*B-=l8FR8a=N&VbVGYP_?ZKW@hGUyVcJMsM!LjJ_*NS
zt#O!IwKSb<MC&WWa{Z{A3H*Y!jBPg0R&!$k{C>P*;e{bJ_9T}iM`a8q;?EIy`~x7t
z*Q1=0*!#wiXW65&e||7rgtbeo&lmJRA@KQ?E&B#hp03c3K6Y9TM%GwI(KmkoiZUlM
zcPyZJtC0SU4?d&gDPZauAQ2&D2rtxrb*HwCGXGU<CHJ*g>Zy-sJCbZRdb)2^#F*&L
zvG90_<(odA2HtX5&m){JVaTrPU#sm|YRHH$_%yyslOdM19K~2fg>IN@_Nh7BtO#mu
zSW6N}ZC*rrt&VU0I(fumfNxOWqhBxlDz;5v%CQ0kqH-`9i28#~{vdC*q#R2-QvjT|
z6@3H$&i6ufijK#+fsTbsIpTFnt;RDjM^+ynpZ$41=U!W@%}LL?dGvEmsJPF5@XX{6
zh3NM!VW<}4@97r50{^pKSru2L6)Z8;sqwY_n*a<7QO%|hoLHF0nYaJ?y)8ARjYzD7
zhAemsC2zJ>evxS6*>L+lkKE_*@RfyO$t|wW=!3dD^v{bQ{frddRcC>x_I)DnSw+>&
zf32>5CVOjJU1Zf-lbM%SKER+(Cg2NM>_p_PM&Z5qiqt#_pJ^;vKMoS;3Db{>)m*8P
zWk{ISY;c<9*IC=n^g)~YmM(ZLysLBVKs|6HM#2)sxQIoKxK6_my%+J%^Ycb9H(Lpd
zHb$L(^U2#!sP3cBpWsu9ZBUU<jXTdl$}Vm_W@LOh_nq~SieX;hj*5zk4oM|!wAqKq
zDppecR-EslfYrJrcSSWJkrs<Iig2VAl#oF?S=4fkhw%-}nfnUedHa!sK_oA4U-U4M
zE`xmm0G-8ujH@bZqbI{_9}tQWI9m6qCpYphUlW}LVTecMVeA;>Ny;rQS{%bTa(QzG
zy-q$G1%>LkxCA@*JAM<1Z%$8r3R7eemF7&gx!tm3ZwK>Ap-Pbql8`~1`;#XY19OQQ
z==zR}meWmU0?Tj4J}lf~V*YdtCw7F(SG#<(KWgZV2*RvLx#8KSh1acFX!IEK16s6~
zRg#a0k3CwgytCn^9rZRQBgf>9DrK*q{T&5`A^Ow9-AiUggky~L<^Dnp!v4doSY`Sf
zt2_nIMg7ya2fX^Nbrwr=Cv%vXrcL`;kJ?CD>x)IABhZpTDij(zDuWfW^;`^)@H{Vc
zSb%AZ5jq&}Dt`ebX|~T(t=bJcpMRfeaBs5bRY3$waBus}*3!3%Nq-QR#TB7CLk6&V
zH~(iK_3!&YYL%aB@^zd1D?ksY-F0>6+JZF--AF{48^u&8JJ&7XsEi;5x#WjHaf|wl
zC58P*ftdg-exF`Gp;7r{y!AOonDc98=Ulp_<ZPyDiy}VgWYMqM)ONeEkxdh#5S~!>
zW(-2Sj}kO(xGB3mL#d%|X4pVuSKLOq*2;kCs+f?)@p#j_^t#$%dPyOoX|em$XptsW
z%Mi)nu8mh9fdf`Q7q*K>;NZ1A#WL4;L~8R`+Qf5zMLw|MaMR%W7tf)Zw=HEQLLQs<
zDzuOIGZ0E2?%#I{bVT$r$V<6}I-G6u3hO4JG$*$5-^vZsWJbp<IZUH31|{-e=5ZM}
z_O33MkHol({_v?Kh5Mgs==;9B_BPA|HDlauB2lhEO@OQvK0RIlEgw$Y9HkEY1t=E0
zpo>r%)<R_%`L@IA_vlWM0qv|X{F(So#>fgOBRYo$a2|bVzQQ#^>%R7&i8&MKlo2Kn
zpJBpP^75Q~x*=C;L`_>H{h=JVgLB)y6qiHS#3Q1!G;Hp+OK1P+rgpqC|HJvLcIny%
zbAm=kuan;|r<-kKzi4_6{wOH-Gx5~Hs7BIwS>^M7aIFo%HY%hJ(p+48iE8f~|88UD
z_AMP*U=qp0CAHBp7gg?9g$FA)uiw$~l#_|ujXT+Y)>{_KV%mKitKqsM8_RVc$1w7_
z^w_bb&<=T%zzuxj=x8R{k_LniEv=aM3tOAr$>Z29tiwX8ssBZhkry^%lPUeNs3G=l
zx31~nB*U2yUSasA*p;A_hgA%JH5<AcI1~~HU5IC__=B;_Vj=%ERtFc5bhrm<CUlUd
zKu`sopuoM%iJKmdr5-6qZ}YkgZcV;Q;kRex7*9DB$xkK-b4-6Y71(LeC>l6q?6pvW
z_E$<oA?td#xg{oCa~GpH^K#l?Zc*b}ft&{WZ9!2_^2@ZCOO11aVMHAKP95LmW8x>&
z*(|mbN#?-?8s1Q!6Q)YyHxV<fRIQg6G#dr?E?k_EJF^Y$eOhNY`XzC9?MqU%gYaOk
zITu^gO{P9iL<$h;2k&6^3m3_z)5n?n36b!<BSnxxSYR0TMkTMWt?j3a9GuiFX%51U
zC-ua3%eDk&5nC0ld>zCZ(GabYiRG8U6`!)Wi0k~0xlXsoq7D&qEb00VVQO`GD`{uX
zvNLEU{N*IS89;6F`%0!9=uNp_JTar)KR+E8&3_rhmu~8bmhbHy((!ADk=ls1FJ2d3
z|FGH0)?@NZ&}Z>JF^=IllTnAnb~MjXWD{*EPZg~$wa4$Cyr6(!%+DaN)%P=&?Vjih
zB8rX3UY`l@V2YqFPU;)xyxv486smw@Xv4E?&$r^(7lgf7+YDh@m6CLxDQta$K`&8R
zK^D#*FpLzVe$*7SeYp{QDre7E9>pNZ)jx5AZJf&p`>UKzo6sS8txB;bPtjNW6nTE5
zTChnfb=KG<we|9an~upgiI;2hscV`~?y|&FqvKC(puA`NeD8j_fHrmlxSooYtuw3Q
z7@o@s=K__giApLek)tES(a=z0W~SUvt%$qmURH*_yZjY2x^wFx;!(10kp%C!ZbPx5
z3{n4yZ~XgSjfT*he5w&9sO4(h-##;m(hMj^2&)u&bm`ZaczhnsmF0c_KB}D|p`<ZQ
z+Dp@{FCa3!L4{*X;GfeqEyaGzf#X;~nQ}@c$-9Q^yJw7MUn$Daxix!ocUXv;AiOBn
zIX#D8R+o*r9PeOVq$B6(8(`|Q?8nh9*J>ue%2O0!&QCsB8bsnKhNww=Ggxi*agR&5
zD7JaMT1X{9)_{VsjkfrC+2#%0$1L+W0cG=#c3Uwp6MRqQAKYIhu3dXlB>(EA)>erb
zg5S8XT)Nzx=1w4|65qTJ;vHvO@P?($)An&r+M7>WtKUB`B5<>AJ<plHPj};}ys2R0
zy5HtF+v#>q)MLY<pw5XRP1*8>HQ&JQ`?FpO-<#A4{UV-+qw2fOE)Q#>RtrZ9L!^ya
zl<M^jOn9Qi4ptu+-2YffFYecWvWNJowR_zR*R7sDo3AUBm?nGRN#e#Qe1U0YVYHOw
z5;YYkAaSg;9TI*)u2XqE!8q+Kv?li<=i7H$!f=#whBC0p=$=d<A$aB9=dwCA=e?kr
z_Q%5yMHoxIj3W6~izhbH+_dHNr9{iI8i<HnzZzL(+`q%3R6z}{6{u4)2{1WMe&7yS
zARW%!3p|OQ&wNIU{pi^!Vu}kRjv;%Tt<t<gkr`WkkOAi|DsM|z9;o$dHVwl_w1-i6
z%?c|Iqmo#Uu%&A*LbJn&63m0OuElN40|dI|lMe+%D}ft+!iyVF`K4(|0Xtf)Yr7F}
zzK1Ud$t0funM@tj8%MePrNbtCOzhsDOaB310|2DL;L3}Y@LGo_oG*(CKh5-2sAdNE
zVp#R?&w=e7&s=S+a+qB!s9hE>HAbl*x7&IE0VFNlzM@IpnKR^Q3Sk18u4>(63lPFO
zGE(5d;(HNq0y$Si1ZTZtVKMlN$j~E6`M{ZSQUz7e8QT2>et=GuNWLgnVr`aaz2$Jj
z_{ttaZyRz3l$8=nZQ$K;i`#Ne%8FllI1<u4kS@>?Ns9-5Sc(M#sl0p6)LJD11*%lv
zfu?z+f)uic;j(4u7+@MvD?1O0uh$`Ph=5U0ep>(?bF!8_dEXHbh%l8@Cpyq6)q{jo
z<jO=uGfIbTa1&PQA5~e(a`1*!a*2yeN0w9yF8I&gb>fB%Cm#gO7mVL6RGESG#~C^`
zDEpbadolqjK`BD3u&5EK?nD!R6O^&xirh`&p`AHDy9w-v5B@0UzACCSI>K@JQbLCx
zp4+<9#a8zERTf1NQke_SPCac)I({TN>tj8VM{{;0&Aw8G!uQTfHX-i>28lVFnsys>
z;p0;{^h~e97E+yCS$wF1r66Vmj=RnFDU+i$wROsH#tg~j8+&Y(cp;k&o3|X)MS7BV
zL8LpFl~Ki>zW0GaNA!y|^WNHKMQxr(G<;v1;(h41d(9SxKUyxNdh54GQR)gBBok4W
z4%{@K?`owYy@kK*V?Mm>Dc&J`<xc4oV9Wh|l>a0lpWaJ;m{98qNmv{X2q+-e(PKyz
zU6-|L^e%~oH?*DcPqt*A;AAUn-?8V_iw!iS2ub+@`^v5s$T{is#qBEx2?4Z{$^|L}
zM$*^;p~Q5pV`@>{zSHCus2udZ_T`h`>0&+|{7={`KonCs`+=qENXy*9LN&rSrfNDC
zifMXKdxQzgoLdRnu-+`A)Tm*WO)Q0r-uKtt2jy?<B(YGHw?qE=Y~!mZ+TwbA=>m?8
zhuR(3e8t4?2g9<%pzU(TS}8O8@ug#q=k*Ni?)9xgvE8YT?v`5&<U=*X=bh$T3nmWW
zqxeL2Vlw~q!(Wzg4G918s;t%g{h2J66KY)cGZ)P9uC^cUQ-myPaV_e~RMq9a4sR3C
zFh~x?^Iq=4jirkm$>@6ZW_B>vDSlu8eP&;+DseI5ElM{?WdVDSpE9aXCtB3<rLI{1
zGN-#d{dbDJvznjiI|NIT`R4~ihcrXj2Miw><O3b^&hBzc5&K0XT#)bLeXwiFl<-kk
zaWu#i%&qWzt8<gqn)3D*-|TU(vf#oa6w<nPzD3~%I`<Z_UWv%rJ%a<|xDZ@SfXsW4
zvy>iDc3DX$$YlXbvUy6wa=6DU!;?XU7IQ){rMbUqb6><8dmbppZG5_)@`q5+jyzC}
z&>Y)KwUu2dW&;a<?!PB`QNj%$nPiDDeb`fO+(d*Mu(!82)A#ruB&&r+d5BU2kG=9}
zlHP_@;&@wgJ|~!eU;!O!V767ZSHA6gw8=E*cX*ie206)D9e@>)6^bikQE7gi!mioc
zZQk^}bb=aR(I=CQqc8(^hsA`C7JGN9vBX&$utrmD^tJBs9oeGC2Sr}Cj>xjl$GWBg
zJ6sA{C*lX&?xXeUjps{=QJbjOH;S};WkSynHmsSCwIapPznB8w+)dz1>hyb3GrYP9
zr)~-3gwj?WKg7)?{d%^fMC~`Mhj<5rJmo8!O>V~aEL<+7D49y0O;sFGF_h0}*3DhG
z+vX22(<EkQ7SO+weY4QoV!&fll9~D%<d?mW*U3wb3yUV*_xQf~#8||OV%COuj9Q`k
zS&$w4YyB;U-G+4u$D3~=s(U1yccKKOdK!L=!tlhr*lS8ghPq!xiF3{gCk2H}M{D+J
z?Q>K#7v?4fbcO(Va}6A%+#%D+dq<?qr~T9>mfq$wrd2H?kT?D|bt2XG{L}Ciuqj6F
z4pmx7!U$k7>YNCUK^9LL%)lWH^gGtMckLF2Z6ZL<t>>d~y0uMXLtj7$Y@gErAd4oZ
zY5<XP=-sWg{=av>7?p{4_s!7&U05^Af9K-@XI`~2wA&RfQD;mYkg-Hp4Vq?3fNJ^M
z&(Hm>qW6`B%ap#~T$*8HPNInyHqd+4nX-l1ZOI+@p`#ae`!QTCzbZs4@RkFk;Z#)(
zaJqNlbKKxC61v;kN7y06za)gDDVm8pI=eH}&*5Nmf&&jk5azjLiE9%i{hJ8ol=Ld}
zrttYqV){qo69RExiR+zWe^tFFz(3)rJo1W|p{F68l(N|xdVmL$wljhkNOXME5wxE~
zHri<x=sc0SX)tWIN^W!7n%61IJJ;k9TYplY!dVIW*)CiAdo*)!NI3;yX)OfZrfOWp
zGp7r_>oV0(YHHV(+~w(a-2`6`48)|@={nj0_-Tu<M<Iva*JpoF(6lc*2p{UDz52?)
zjK+zPL5Xz1W%-pOdTK2+;61Thw2*DqKz8FT2cR9}uDramwx2eac1I$fr$*1|*X+*t
z=`qDLzWsswuCMmpK7gKB4-~2uR1`0KjVRc=OBm=_kNMG^lyRRG?0e!_l)DqYPPH8u
z*T3sd){1m35$O?na=!Q4=Z%sz8yjcr<uP|{w0DT@MRANsh<lpwV&VRyS->$JM$U?R
zf9H81?)zm7`z18Vk9_^o|IC>l-uPU~{NV0aZmY9{W}YL0l?NK>!a0rZ*@9~sGbEGm
z{^W)l5(X;}Y^k>HOnGk3zIMDT^s=I6n)2aX*U?HC$klw~DI1%9s`AC}pyR_y^^7Ii
z(S?6016Je5$j{X%G?yBSqpr63=%n5!XndqtZM$w@jxj!X$_fCgJ^LQlvEp+S1CY~?
zcH_o(v0LSE^-S>5gu`^Bm1h2%w?sUpHG}>>p|W@p3WQ86iyR9t5QV6K(;Z}m)pGZd
zlc8@{{4(CbZ6$fYqH;JbzY1D^%76=N-Im@`l!$h6P8Zp;%luugq02@vX+w+@-D#F}
ze%4|;cJmaSTH(KBH#+4P)yVP<K?F2|j?VK`5xsn9<Uxt_xVcH9g~)D4HhR!l&DR9!
zNXp)CooxT6QHc8<LVMCQ)?qhZST*|`C4t+&o(X;g6xblvS<(f~-$&|2NCHYBqG^f!
z$U{%kc#BE)4#)K~`so5CMe9tlBHZWJ-?qg!*em%rv8jTN<2bHfgRSTL9C^<0>nb?(
z&t+iF3oINH^F8ylXM@}M8$_2jcc)}>7#t(%p2w`hcha7yg2hxdx+PiIHU?2<@L{5w
zD1{%os=XD?4N@29XFb)TO;fvKLPO`$lslL=n{-}^W01jdla;O2rrlOgL;ZsspxKd<
z`%wlO=KX8Yw2*;GzS?EcAGDh)aC6J&Zqb!Em_I~$AzvOo{)0L&kouQ8@RhQiRP!vX
z9pr938Q0{iyO=uOOX#h$C3-XBaDEs|vicK`nW>KO(Y7s7(fM8an<-o!gA*T4dII)n
z0#|#EB+KF%0#1hP<G)M{=gLNXM>@AG@|RcObh%VE`On51>=A!<`kGwteiV;`03C}1
z0pQ7nA**}e&XVlRux@K$xjGVSF)1)tJMD0N-4QA5wb6kR?8gsutXv9iax7nc`F1K_
z(c1AxmJE>t>pY*l$h%*KcyBA<0%Nu5XN~5$GGrC#xDXZ=0eu16X3$HQ-lYCFBUy|p
zQetm((z`tC;x#j{7?QaD?#QwBw-)Ue*AOONL1;fzZ6e3?ubs)VFe7)=k%(9tpsNW_
zzl^-uofo&;?K}2pLP;+7m~x2wqKos)iE8NRL_KssU;~rn(+`&17O|8p<U7swjn8tw
z?u;V@=km~f+h6nfGZy?Rq>kqE_B>06P6{K@X>}qEMB!SJA`|)0S7b~5kE;-?qu`Er
z1z9h+6PnSIWMG$|G!9+UoN@WzqBN1uFTaLhB$Bfva(Xow#=KLToLf-VXO{P!agf4&
zkH3ouvb;1Xin4Li+*oWqIoF)7vNRmYq>4^q!bvA8IcPp~=HnIkLpE;wDNZ(7hi^X>
z^=B;p?UAf3<K)<M6y*%SYMB4JU#HrXt@(xMq;8nFv~#k5(+eBJ;>n%XlO+JH_Dihj
zWg;7<)ad%qM)|cs8T^7;z@e}<!@6a!SawGbXfw^&P~Z?$7jV?N<-Fjl>wTb|b^nQb
z6om)*HTzVcM`Dlt_+=A)zzQ$(x5&hNMXLT$=J45-d*UXo`^4`eW_GAb?JYoK6E8<3
zvGe%2mdmU_!FbiJK)C&xiwVBsePHV^IwUq#k9ehvdI09MF?*~MC34CnFE{j6Ia8cv
z{nnhMm=T9AH@~#+{K=QNd)EE1V`op|@^{1s9Vat5cc@__&|11}bSExu+TG9@+sf0k
z$+A?`W4lVoEvL^bEB9O}NN+YyN%$V-$0R4S^+Ynn?!qzMMPl1Get*w}kCTV<&LK<n
z-2-LrrA;fUn-)s)lzrj0G)uwZ0we~X!B>m$ndo=kqt`=3&o7Ko5nCQN{7)?DrFPIc
zAwD+#{GsyQ+MSaE>1Il4GhM_C5(=SF_lsH_u19gcx;z|<dUIT!?)fZGAIJaG2fnG>
zpnkmA+kufJZzO;!;Rn2KaRCo}*D^0%*tw^uqBmu|P;wg*8aGvL$F!kWS@XBOLr&ei
zth85qTy-cI*MGY#u%3Lp$uQOi0y0{)$H$Zfx2FA~kjKv-B?DGt<YQ0&_UXa8>xPS<
ziW-CWJFU016Jg>N#h{|SY}v|8DhU02=|k`Fj$`x4wodU}c}-!rldrkPLWJ+QN>woF
z>}`L_z!zHKHWTU?r&5>JZ#;P5mZ%{S*m)5*RWLfS7<70Qb=jMB7;)h?!49CF?~jJ$
z>t@*pQ|r|1S*-StbWL>({HhK<CAdS^qh-PQCFC49hPj~6GTg>Fxbcb{MC{pxxD5nK
zZ#rMHTqm-dPXm<7i)23zB>#YeU+7U2iKI6IXpsgm$<-J|t_gX`(-Z0G8rDWhuHW&_
z0RG_#|4E;5)NOyKKPz;%EilMxAm8$66=6E)`JG?Mn~%<Vuvjhc02T&lnpcf;y}i8(
zytOTlClv|O+h8c>D8<e@iHaAC9@XGgB{sH!y_uch@pra@-YI#to2)*50dY5oG7hO3
z0!d9&QUl;Ka6V<=)L|`>hf{0a7T!8NDsDy8{zqGaBT|)#CTZD@JIfq6N#x~nnvVcB
z)CqwR^QCN$RG3>A#d2*oGfR-yd<Jt*B%Q}N(@2-6B^B*ais-TIbhS?`89M#0*bDrk
z)Ne{@nNP^c0ifTb`FI}x=%U2R%BqhNdutki*2@pfYO_82b;{^GZWXklow_*Lc-5x`
z!2Av!27KdFGu-U#S|o|iK(TDyd=MEosrQQqi?t<fl(tpE4TO^ZCt0*p;1@%QnTZLT
z95v{^#~uwLJ-R}$_XQST%#8TIKDYjC^&=-_lOyk_QE7$W;@gw5!0_|LrzVd9rpE3f
z=_mI-^4whZ=m`ECb#JoNge`UAK2US<rMe}v;NZ?$rrc33QUJRBlxg=wlB}ZJ--9-3
z_;jmNqhcJa`5j^eV7(o6mi4>j{<ChwP|T4mKWVWASJwqaQVF9?NCT<Z?9VH#<n2zk
z@ND1>%!I7if}E36d4}#)s;|*&x2SWQMEV2v$_?tGz5bj>b0SRQWQt(;<+iqYQ`>q+
zTSlViv>59jY~YN{Lp>=yT`uiaQIF!8XT|!@({F!%?1$b?m}~MXK3ZuUtu^#|@azrH
z^^vzpGP<Cfa06BAsA`X|cln-~-~TpAo!!JOE1yyeA_<f^wmqd=z1GSYDr6`Z!aw2I
zcN@y8TlmyvZGC;qOf+5cgNdq7*cbznSw%zY6bj`t-Yz#5jf1U-<iGLIvj0`<Fm3Qq
z+6FQ?v{-ou-HzG)<?amjr+5+?WK5p_^?mKrq|clhhH~X<NJ=LpOuPRvwV>0}mI?GH
zHJ0|N5T&2QwRqH%M7h(aeS#zWc1@;j*+9{Qz4q=xovyt;(A%IZQ^G%Taw6hp)Z0Ao
ze{f{e&0J$4XGSEfg@ied)5G?%$){NI_~KOr2jWCNQILmKw3z-Yy{WA5S>+@SS4t<z
z?^|n-3#p66b%t<E_sd!u_WABwoe!fl@h$^-?Ns=3nsrXEsl~h#xDDAA6Q1(PAMygy
zEOvXh(LSY>_v_tFJq<UNcvD8B_Y5qP!xGs01vAs8AMZ=Le?#zidv}Itn%Vb}99K!}
z$YNiUve*bIwes{|Z^xw_FqY=oRWTzPG)y`Qo~$n6;NsFSn5LOafji}PQz&sKNfiI8
zA?rzcX)>isWqOhn_A+bvhEKL5sZ9IfN7oZ}0#p16J49s>bX!tKB;vkl+1nlcy`b&W
zGh&Yge6EvKp#wNk2PpG}=DYI=gwUGZY+_Qy;Ou*!dmV;==?%g^R!kK@y|dhV8QRdZ
z7znCb(B-a7qWMC!cJL_9{Z)ktXr&J*=a}fme|hP<lL;X_yZ_7Rz6~b*);ivw%<(fE
zZ9*N?+Rf)qGO;WM8@cA4GLere1#lu1mb0=xv?vRfdQBD{LOn-h3E{sPo4L!OP_2y9
z^##x;>I9*3DR$?OavcC2wqD$R$FFP_ekN^0MD!J?O{hQo<>u~wc(z}p*+9RXbj=j+
z^P)wVBU6tlsEo2NMWiv(<H;iEaM8~<eg500$=nM6E6@(pRT}*P@BT!Yp)8S|D=~A`
zbd4lAfm`nM;QmW9%*iqwp$xD?OL{we=05dSqJ_LaJnSCTV7rwNpH7tCM(G$h0_%Ec
zMc(8CG(E)Z)cWMV7S`}~D5Evz@3b~A>m{9ukq#r)rH<7%*qS`a)R@s!jKjLwm^X+_
z?J=yy+!Pe!E2rd2V{P)>aZ%3UuPkp}6Df;79hbZ?V56nyalVb&@P1;k?7aMthgRfW
z{k$ecN_+R>O?`MkdZ}Kk)`D0!Lr=Rx8Te;b`&r2oqxF?HCEO6t-ad+cytj^v4uPC}
z--?SfRkUtgnpG@SB}QqYPq|ya{KUJyt)Qp?oZxF-yz3UnHkQa<d#Bm&@E3D>)4S-i
zBI0}NHNFf3+9f)6s5Rccf#Q<)_{lGVynuQZgH%e>t^4@q-xD}ft$uWzs({vrz^Z_}
zE%!6pSmqjyH)K6DHSyhBfJ_<qeX*a`zBzyX{&9ivwjr3>u=vb<zUGqgleH=)cEE8~
zkItIs?iUzliAQw?veF64Gy`wkRp_T%O<`a<v9ZX1b`YDHSYWzhv}<js_Wu-i=Fw2T
z?;mf`2Pu0gOCzHxDPt>ZBxPShM6x9`X{;a1NG4la7+H!jjEXE3A!N&7Ffx|x%vfg_
z*}{knW9Iw#o;v6IJwM;iZ~mHdp8GuKdhYvvuIIkr*Xz3OjqYciMC-d_bAU31qDfu&
zaAcf%tfsM|>LOMo)qlzI310*@Y}Q+yc(p?ySf-lV0V65yqFpI%>f5I-0>}abCI3qo
zwDY`(aSVe!x-N^TM`2#}U)4j27HHofggo?JFWUO{I<h2qxxt8h;y5a|Y%h|d{OYBU
zHFT~?f`IlV7!TQ)K`9F4;K}d_tU~xBg>7%Xhw*}@oz4fQ-{>LwSvu-!IOqG}H&#iC
z(#_FOUi$<WW5rX7%uR;J1qk;^jSqWyE$Ip6a3zVkhj~YuCpsiFlIJ}VCNtEhiVM4h
z$7P**)t+xVw4$H@;0yUSo@CkEa_&{p;{rLHl?~_XQo#i|+lYQZ9WZh{dqa7^2D!50
zrz=}@&<#91bx>)SX_|76=ykQqA+3=Q21yBB*K)(3aM^!qbvW9$8d)dcRC^J8V2|E>
zF4ykIDg&i3rGlmzVv77IJ^!Ff@bPdvir`z9`^>@OyBPQLLMKdQ+kgm-{pH~G*L<^i
zPzy6zt3BV9xSr`wy<&{m#wBR3PFY!WT`|R7eIYUvN~I*r*I0`jRduP7R{6<tiScwW
zHtuL84Y2L^^DgB7yhRZm$egnk^GHpCjHx$yT;AT=lPn)*NDlup)YB7!4XZjJ?}b;2
zfo=u+(P9K>q-|hKU6e+Fm}1_k;cPMVdShd2x#3P8^VMZ#{fm;%9(*Zg7vefnD&=pG
z7QM+wGItUM!MnL`6`hYbchpuu!<SM~E;Un7&}XNy^b(4f(%;qUDxVa0R?;|Gs-c*w
zzbYCyc~_X3xLmxuA6h)%7siq)_*;Z&`36duEwpgmtZ;8Xos3^ni21zQbH{T_sZ;A@
zoY-3;G>nlqdE0~Y+J*Vet<K!c7sFO+^uernj%58jA)VtgN}n<udq#@k#tVXjk3^5H
zd_-_;y!&WS6*vcR>R{dE4&uoWeJCP4*buY!>0>!FLvj4dRjy=NYj%v6s4TRw<0V8Q
z#Hhc>*HYzpacd3V2M5W6yamZKS=B@;wDu(9gvhyp_a@?#T<0F7>)0Q1r#uKya>7~w
zgo-E0pwa(iQQYMVQg-g9psa-3gpwVC!haa;2L18ZF~<@Br1bk1+5=FiWwke~)V18v
z+XD3h+5DxPgH)&XqN81Brlzid$feaaG}`Ex<@K=jA7cCO>F!1&^f-49-p^F^O)PAC
zLM6COykV4hFCHuCIuJJmM7529m7;nmx(b$3F>fa>QINM)b_aXoI&1nhIY1YLVZ^1I
z86-{WwM#3Uu!g<S;PL7_l#$qTlJ{$+)sP@^BbB*2L4FI%Qbs&jyNUh`%fuf>s^<Hq
zM<)e3yERqSy>wMB^2J}<K@Ivtluw*|j>XC$nbgeeu&uxPPBVYb>|u;7hP^KrYtOgQ
zdTnrEfpnm+gVv6bRWqnjT=|j#pkNQ(v0b{(-@gfjm~&cz2j>acL~d@8UqPzDKDfHV
zYAD3QR7>-(_=|p_`NIM2cZO;<AGX=y?9tfTL6uRXa0J<ARcLbJD|M<2N^3z0MVs9}
z8f+{!FOT}<EOgK-tXQsSpDC(q93?~h2bP>)eGflrG>|MjGy0`k`EKvv$B3dY-+==F
zCr5(DP)06iMI+%>09abkM#^n5bZe~vP+;M~jXq-RO)&S***^V^)j4Q;^3ZkiA>m2l
zql0s9?X%YBTEnVG9+CVUZ9;51QV5%0_|9@HS%#Rk&PjjgmP-WW7%9WC`$G=Zfhk0S
z!|OKH%oGvLdFzD>F(iRjg&P_h2?aZ_EPs}sd6gWLYkgw5DmLVR)5ckM<7tc)S_>4(
zFy4R9(<`Nf#uBWfP11~GYicwBlsFb=C$GhQ&F~@hgVE(!096*x68N#}u=x(ro!=wO
z|A|9TP%t~-y^T@zd22I~NyEs$R^8~6Uj+v~vtQA>ySr2O;UDeD?EYVh_xZ(B+`T}^
zHtjrID((e(Iy*b0#HT(Kt@WVl=S+`2MGtk%3Y+Ovx22&ww6_hjgQwX66PJW=U$iB^
z(%I|AU7j#n9k|)w-d$j?f>wql)}6jJTsB~SN*h7X7Cv;y;*MC7ZdBY3Qud$j{Lh}|
z+P9m_Gbu4K+pZ@kF+K5&$FpbBW^niWQ!lO?0cB`<5$TPlwE;$m*Mj}q+-O8k?%NL^
z&Ikv%VE^Ie_^(U+N*t$^J?A`?TKM~$Wp&_YYlgtq;PHWDnzj@wRhFY1U{S3RS<OfH
zyj}pZFQqj!?2B^Y0B6@$cT4vlT+DxUlH?JNSLc99>+rS3;5w=7YhqgB8;(!YQ;o~i
z?oS@(K!K-NX=!QIr%&gGEBz6l+}qz;W6CYVYHtF(-3h3+`TqT<OW`sV0l-nzJ1jkS
z7~@^s6(@G-oGraOHvrTF5<Q<hdHb#P`_enlo|zG6diHf!2YH|Ua7FWE_`>=!mB=Td
zp1rROi2tUj8<Fm_n1~leww@zc8~4Oc>;>aE`_F?jhW~qZ{_#26-O5kokW2<DxM2_X
zUc#K;CtB9Z@_j=mS4^CQ^}TzsJ-`0q70)~8eY_~T`%J0N@$oo})`Jj)qa${H^ou>f
zV?%)?%EW#+83u#ai58HRjPCH%pKUuq1+7&@JBy%)*taT`1_S^9w219V6i(9J)nLta
zd%_2W)cbbhqhrM3UI+vt11Cx63pwd0PhN{2NElAPH&hG99FS1IriT)jIeVk@8$uGA
zt%8^dT?7<aKQ5=`#g+uH-_P$BXDi?UI$8?rF|)LqGp;1<8c4G0>()6XKCRj?#3E56
zGOL3jaT0vfg}$a04@!wHj7jh2#0zq5!3tEo_=I;RdD*99c{<cwOlz%+cJEW^mT9Pv
z7i#Hq=R&aRNhCc;MXOD<USPtf(6wo8K%f_tl%m!!ruCURF?`M(NL60&o3FWt6dH@d
zfSC*a8pk^9v<SHBWtV1d6jzMDglstu^@^2R(<Z=LtK7B%k>;~`C&hKzZ4<K&8UAAc
zU5zyo$ERfGb6GWg&bD|ffMb;~>Gs=-p!S|9vVOI=29!M3s4_w0LT(PDV*ForE-!k8
zrus&J8zycNo-TX@=V?Qr{!zFGUIculCl)fSMVcB!46z`!+$#F(<mo`o^iQEEWDpe}
zD<m$!JFRYW4=JIurGP;HHr-)Gd19?gj?h6|Q&~2x`2C#eQ~u0qF_3%u_+uZ{f#O@6
zb6m6WUx~j>|B;r<{W(5REzq$X_r$xQ{r7X8$)t{rtjkk5^rP^Vs6%8Y{i{e5$3LbI
zX#RUFidRbhv$s7M;_M&IF-K3TN{M#_d>CY@M{Ky#6@QyvO@lQoWI3QRQWm@^7@yzI
ziGZI4MGOYNwZ8woE^M3m1%TL#i`U8TuS4OiBWb0N_g=A0$4}hg@ml=yYji*Nd%AK2
zd4B#Lph0c(y4&K0GQ8g;?L18CplG(?Ez3l3kLrmN{b)&jgXBKs!}(cF1|}F7$&~&^
z-wRd5o(xbog06xn38fQk$JgJ7E~edYT>bt7>o*<qH<oFNtzieVUCu1As9PSisCTFz
zG~uAI7D5tECUS*u8Wg*)LpvSWmVULbYb2f0!N&-utGM~FCYX`Mb&Qymc(l+v^(u_j
zFylDLoRxE6yRrOXRkjaH!T*xAevtoD4ed$l*RkY!pfO+bo@r2rw!2y0>~}9S-|3i8
zz*NQU#`U&b{Y<ORyrsALD)1m%NgH;?1%JIoQ=Yejk(_+{g>N0tTL88ix82-e3-*NI
zYcrCsqJhIl%M5RWi=vf95}avAc%yY5ZUaR!XU_EQ8IFk917v7)=OnlstIW>6OlT6A
zNwDGZv9KW4cTVzn-vrmrRVJJUw@p&z%o}w_`1#`G5tYxLDVl^%!djJmec|1h5VR*A
zpWXAM4|Eg!#X+lMna>4F!Tc;_q|u*ubP&o$Azx%b1CL$1G3P5~#~O7+lSUhrTp-Y!
z;5I8pv$hQpD7yyJ-uR0bW*Q<sp}DNG%ufh~h5N6&GV%3elkg4DmaB#aXdUATTzwH=
z<H8zt2s@L>R0vdM1+#rw`Ke?zwoMJY^1frLLWEjmXXevi`dUZ^D||D2(diIwpMv+p
zeXNPm$E&~0m%ibOp*6X#AL=GbB9c}XadaLWE+Fb@o(P2+<kqBQ^tPYv`W}3rm4Avt
z*~-KJtz(e8ajCDVk&v*+4rLR@DVy43?DlGjG2s5sJob*UD_J>CnsUtgRC#}nnznN&
zpHTMHCbW6?7#qB~$+_rPytc{Xf3=7Pnv7J4eE{<{v1}~>rfA~Jmym;E=X-Nd$MfKC
zlAV+k6{Qsvx|T8fm+Qyco>Z6_7<^lSFn!~SDu8qgC(PwXoDgdv=cr;mXIJ%Z<qoa1
zzn64#Xie>n3P~mTv1$z<!P|{0kxhl-rw_zr<%@Jnp=5+6^1w`!S{gx`lB$jdQ>fxD
z>oFBgO-+73hSjz@v%|Gpqm%-AL}vL~b&f5?=!!NrX(xSt66xdbHS1Amn%aKErG=0j
zpCtoAV3bu=R`F`xXrw`;e=iZ`-B6YbyutErl3J8?``Qd%1je&EbRF#Ne|ad7aY|^}
zS2+OiOz8E%kaawo&JSYW3vA|_@#T%l%4lv>32PaMl@WUMGbb!ZE~hYuZNh>aL@nuR
z`lIN+aW&)oUJWLUa?lUm*iP2gCV)yxJm*W#Pk8{RUsPq9ZcfA_b3&ug<!N+<Q4`En
z6(yF5XtoF7{o_^A$phj@5s`EC(Z4cRlv>+PIO7?)l&$C$@1{-8Ozlt>eJhKit5%C_
z`ms5kvsFEHXN?>7JpHucs-WyBzHfjO(8srxSYny~K1^hwsk&+-?)j_QSu=}Gu#0!L
z<)Of}VY^i=8-4E3&KY=IM<&#2k$DJbM@(Ki+~B}W)6A-6Hv1FWDyOeGdKh&YCeUMu
z(3X_!<lC^ME|ZY5nO9rutj;lQCV*EU*A_1T*8cl%a8NkDVtmnw#cE1-W&y=8n>L_7
z4i+MPw)QTLb(OI8qSJ9WoCVUm6RFAB_9Y&S<@9l9im6F9JQu-AaNz}99((83t2LN9
zs_Lt&M%9lkT|Oet1U|zMsMSlEy)LRMxN2WzKZB%?U-@9B44{!eytS_E38yv_U-p%l
m91Rw4u)xApNX{v2_U<~atNQ%1@H4xBpWzj=%Y~PmBmM>2_!9vD

diff --git a/test/integration/consul-container/test/util/test_debug_resume_program.png b/test/integration/consul-container/test/util/test_debug_resume_program.png
deleted file mode 100644
index 99c2899019bb54c55fe29d26a4939dbaf2684f74..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 51972
zcmeEtWmp|c)-LW&fB?Y*1b24}!Gl|{;O-VQxI^%bOR(VX?#>Pt+}+*bcFviZZ@!t_
zzxUVe=jq+OyL{EMs#S03M|nw9BmyJ|2nbZE58_G?5YY3$`v3wQ@Qb$wl7@gl$~PAi
z`zR$QM*7jg*2LV(7y{x$XhIVF$GACM-;<XDE-le_N}{%YPEa2Z1umDxDc_O>U>TCK
zH&-?IS&B%&ypm9def24U+*0Bda`@-&Hqvn4Dn?wZ!WNR(e$BSa9v5RHpo`JFae<u-
zzMHW$5{NJ;NqYHU9Ebr7W2r7Lf!CGxXDExL9Z;+t(8$6Yc5J;R6BEL|0})TnE$#4G
zQXUJQth4PtFXcG{8>SABzM`1&>&6aj7=od@$YmO_un-nZ>$AgySPBk&UF?WeA^|4~
zRr)ECR6OQkV0~ID)<tXs0th$OU<ynKVG~mC_nhj!n`F%tRy6B~5(wd#E~5h)U1GPd
zyZSz$tWzj#n^JitNuJiHNmZr2i4yLcY?Vb^mPw|O-`RZ1>_2O#q|o72?#57b2<u^b
zQz<<FT2j!)A~jT0vKv4_c2_=AP9whxPcg8`H+@98;MRq#s@?1S%9cidX)t_lR7qi)
zoViED(j7~=R;2}Wc?QMtZMAcrxgx6%QYOQ2W+oOsTlZYo?kfJ6Y&b%4<XQY3<xji0
z=R0z}=(#4rs%19T_5<~S#L`je(95{1G0>8bUQfy>2%m0&F#2RmfDoH99M9B!z#?=~
z%=qllNe?8%#wS|GiQE`dZ7F7Knmlxdo^F7F;0XzR3(15LrJ?QXl-WBznqt-C7|N|c
z{_49Ci^c%*2HP+4vffWYwRyFu5OF8Y_q;863aw%x-qtfov;Lnpm|?I?yuP7Bm`Uu%
z(wcbn4d~>&g_<zvPmr!E@KUx#gbooVp714@fcnz$IvLthA3g0W-znTPDU7%ucLjo-
z2+{xqRt$8aKSvhED}M%k_;>KC`a;|&QGOd)_-Sx>9maM<i!iR86cfmB9Wu;F%l`HV
zes&nJIieOZoJJ5Jkr@nZhrpI>;dgJs{ISR&-}-%@a4;iMK}itanh-36yNBh4)$uJ8
zU7CO{L?;MZ7S1$yB^zX3L1l$7?hj%{M)Rdu3#@?9McV0xJ*8?uDGQ43kUNFF<@Lln
z4%F*1eCJD^z59+Ro+m8yTs$yqU2*Uoq6Os-1l6z~@27LM6p0EK3U#Lt_OS`V^K<ac
z9BbI-(TM`LbCPn@bGUMb!NFj;U6)I1Cz3C(o>0X)&Gbi@<zI7B;Zk&L>Lan_CHp78
zAE6x48G+aqzzxqcjI2P@5VCs1iPMbIjM+@M;42V))OT&zZ^xZRFov?@humpzr`aI7
z$he5P$g{|>2ysl25ir}Qz2S9w=7#Cb(Dq6%TqwLfkfbLX`xOEl47Di2SIGeiE2=l7
zHCQ$na0naX5;>UQz}Hf;lx1Xzm<ORrA<?0>Qg34!2fw{~j}@yHH}s+ZgZc-r?+Qkg
zRWx&PX~K!IT;I^YjmMG1tSG&EB^Jg<nGq{7Ctj5O={tX(XMFCE=0N3^n?vy??PkiR
z&0uRR^#I{O^(Nln&T!IDW=uPoP>%3NW|dQw)psQ-g&(=|CUTkcKd9Cyp(u`gTrAWm
zc2l+gfLLHuxLMkxO#5-Z+)1%0Gc0FcQK0D4KJPx{KIJ|Hstj9BrFl`!=XpgfJZlwA
zsW~+sEgtno(Ypu-CL#&0@6~&Im!p>(mmZhnv?;XoIBi34311SlX-QOe3Y&`0Rl`*X
zRZf0*s~Hx$7v~jOt6Hjg<V2})siG^7E3V{vOL-ZgSw~&GIZn&r>EGd>^5u}_=;BB;
zKb+m2dObPy^K$x?<?+v!LY^FnS%+Ea>G?8eHA{`uA4fkJrk2aR<R4(gK%JkzvkkpI
ziclm%B@!Yk8WT)sOt;seSbDcq+l1Pra2fJNw$-Th=!^B2-23@^k^AARgG&+u43uOz
z8aO^wUKGLC1o(Zg%ebsK->@oid?wr?oW>X6%zxdC&%{y2*=Fd+VUY42bjaCgj+8nN
z%1>5HUS{?mJsb@%X&!Cb`Mk|LhBI24v0y0AX$mq;odw-!PB1_*%xJM|x1<yZF?lb~
zxD#EpY0hirYZF&^8s!;n+1AednBI@9E#jDM>bj3Y?d|I~NstR4wbW+QZaX4gcyLi^
zCT+fQv3AirB08kJzPj#4yGIK}OF$ElC18th{N~<^xv{&}FmzV4K~3#ZKwq#S@57VI
zSHLsNi$2PgGM?$9@7*3=hTLzQDN|0@%>i~Uw=7SMBJ3}nKLRyp@QpuZJ&+CuBn<I(
zec3YDBRey@yj|VfZ0x#d!5bQ$EgmQy)*j>=YF>OOiY|-pC>S%HnjLcmowy4{==rXw
zwG-D-r4E-FMBnq>mY>?9lfsL`#KZF=v!lkt)WLO%Jc}&&5yKP0g!`q62_x_sX%EDG
z%$>-~ZVxi(7VW0($_UmDWI{g)$$C#8RT$|;vWMBobFLU~AJ6`SK}(RAtcmJgEJ9sY
zO4jzU<rhxn?8ekafIY)m!|m>^|Cu3j3*MmybBun{$7DO(Y;f0NpgLX=leC_bN#*0`
zv32aw<euc7`5vY;40#Sy`p|S05c|;8=J96RX5&TOMbI7NBi6Him5hVbc}#~yg&cF*
zdZJPaEBWQCL}a~!`#iNg?+?gQeDR#$h~t)HzK(ww;igo=$_t%OGGiFj`N_bEjTh#T
z#LKW$>7;^1%9D&}%s65-m_z2TSTLn=?_a~Tz|l<pU?}f27W%38lcJ4jhWT<(OQ&b%
zV`frzl6_Jw!>neTiTeuDOqds4c7hb$g4$jwtp-QMyzA8(M-PX&rMI?aW1Z1avop(q
z7BV}s8s6p0>Vue0_NVOc6{f8h_diI$LP$P`^ZL~Wvq82JEjgCGiM@HfdYleix(|c<
z1yz|;oRqfv^H%Nd<G6>o;6xAYr8;6pMfyRey%pS=Qgc2-5Ad}sAMQzmmW8%fZCrzL
zQ*}LkMTv3Ja~VT(TYN$MO6h5#S>aUS;>SA!F58<@fn$&TV)o*&V!;!f<JR_ZS3Tug
z1Lr;O!{@`NaddH#-CNL|<EY4$e=mGHF&5Fjz#H#|*1qige6?H`N1{*ErG$d9cAMLZ
z<+%)3+gA?+yQsbW9V~m5c<pbW9ZuXj&g!s7u&=05<<&Tq2*Xpd@>}x3+wt4Wi4BRz
z%FhM!TIt$^KDD=36XxlYIHvLAR)RA8+IBAMpPm~lFV-(8@L=%n7jWwZnqGUH$$Myc
z%;x#Zs53r%YWvl>&+Xc~HMCbOudbkDsB76~<I`F+Syp|<)x1K`eAt{~!@X$MxaU?~
z>*0Mfr)^WuxOm;<b%*vacGcYJ+I%9h)VvZmG3k-%>a#0y?>~!PO%f%f_4N9pVK=lZ
z?q>mkLa`6mU2FDi+l_3dy53H8h-vhF;}g@%z~jcSaHr$Y#ZQr=&J?nP?8$DyZZ17~
zH<nYSM+eXErwYA7bb9#hymv_tdg-~9xzOd5<<!eop2gSK6MPG<)`r=J3M-~9BrhK?
z6^}O76h;(?G7SaMqjo$yy=WdR&TFr<JL>zf@v*T#M+LBPAZ1|$#>GLpIU<0t*CDc&
zVSF3(zhq=!ncb7<hjsX@?}0p|4<QRBWp~{nJTV2T2q1C??Qz!zzrFiO)WONgnhx?R
z*uInki#}sJR6y)EKWXSgJkw0FJ-R+T7r<7P_*B0@O=CfADsyE4?kPl=v4)h1oE!u#
z@Qwfh14#e@3%o%Bw;&|pzuw<NzJq}N>pK(#M6fvo%s=wT1JB=A3~>K0^Y;@vHV6V9
z_=g4DZdp+O%nd!C1^v%=hyfrCLPS|iN(y)?8#)*p+c=upI{AunD+3=8?LKHaLO|eB
z{=Olll-`~K_0O2AXgF!e$?_W7S~D6L*?u-=bhEbmT@M7m8!zx`ZR}(~>Sk?a<H+kK
zK>k+_Uf})rXC`vezp^-43Xp5aeIymLbucF7WMpP!CKp5^B_-u|Ff!p)5`X`X;=n%v
zax*6<J6<LxS65d?S2jjl2U8{%9v&VhW>zLvRt6vkgQL5RlYtw9jU&b1mHe|FabrhA
z2Xi|ob6XqI-}M@Nwsm$AASeIb(7&#~`)TZE{y#0*IR0Z;zyO(kr!cWFGBf?FZlEat
z@2|Wc&E1TxG{w!W0h$4A2(mIW^Z%9qzf%6E#eXZQ@joSbxH<p5<iDl-XGv8@V+S!?
zYoJLd!T*`Ae-!@r#D5gzXZk(zf1||TWd7?bKxaWDex`rTnIKZ$w+BmL8sC_UE2scZ
zfXV*4jDX*F!2SCP+)73ETI)bQVF)R45fwMcLmhZGoL*eP__qPeGP|u(-*VpZR|*lT
z3BQtf<&ld(OYS0U4h6*-#-Bh=dmW_HA*u+oM|nw`4Ue#u?$h;&Ds{=jl`C~KC~b|R
z+11tLI?cz#bSIO?kxHTay_^C@u$RZpI;jW-1`G_Oi12?sSbc?w$>#Be6=IQ~{Cr7C
z5fJ|4feZ5!^N3s`Tq|cl;Sc5is?;vr7sI;#gB1UtGjza0iPq@&zE%8V4`3kc5fH#G
z;qg7#f9~QZQd02+*bi6||JC{b-}wInvQsu;45SJLMeRh((Wwk!<`~kLmk%=iVWz7f
zA<5?FAe#7p!b7=VVByfqvz$r1qbh^w#i2=|itB#3Q5?!Pl9pPQbh6_DpKX{Q52OF7
z8YG|^&A=M|ehw&V`LrzTyU)8lmAUau=+tx?5$9~3jLOy7<a2AR(mb9aE+x;wQM6sH
z!BOd?L)~nv?oq_q{O&Ozm_Jm^iU(8-3NPP0hW?t{ukf+8?&#f?9c!uHIUWveoG>Nb
z^lAKLS)}D|#~6c3UMDD?Nl#Ggc^L0iT(oH~<$uZrAS^M10OO7s`BHkEAn3nu7A``1
zrQPtFD7QtWNKN3!rySDW{>|L)o3G}R<7Gn(;YQTd88H=lHw@qLY`rdBagO0E)$J<^
zjXGSC3XZEAj;KRSPDB0=>GKoLCnFW-o6JgxVDsx>q58=}Ii$R_ZCxlgs$_1G>v||8
z+fIEf9p_bSL0ROq)-X{^(H}K=IL&8%_c#|HTazF+(QCyIBag=2xSJDhw$kQx*-zrL
z31KeLvlt*;GdpUQgzij9J&>Hb@ATf8LA#EA$>#;yg4yHe_j<F@6b}4R)*q8Qb@!<Y
zLtNFgnXAc~1Mgki=0t038@JRfmYQlASS6$0<U_-wO$;Rz?+!DyXO(K#&-V=v^rqS#
z%f8%=`>5d39G2d%1(S?@aEaw)!_e<H&9mgpx*(X%_SqiG$Dvc3=*82Mt+kw0Q_!v;
z3*|iF`96jnhL>fMAYFKoK&L)Yzv3<Fyg!o-$DlRIgq$=vRx1;VR^iW{X>hsAGW578
zbDrt*9GWi+TBnps>|s#MfkA!EJmKQ<@(Y}Mc~YkHIA)z)q+Fl`T!{llULVFY1R5#4
zE333#^WRe5ZzbuKD0;rw%vDjQ`#i&{RDPDA?N9G+fPysxGS)cuqum?N(BE&yMSJZq
zAa+yO%^4?wCGd2`^M>QIKlg@#70YZpys!4BFZT*ECxl)eu?79#HKc-^*$}RBbOd*I
z)%#qI=D|4XpNjOGPTD;Ded(--O|<U-iu@b_tpr47rrIvsb)z~x9Jx-cbqDX&Ei_HQ
z;(dzAGv2~^h?t^mznU$M0KZz%YJ0djiKaTM(!tfqjH<?7h9_=VQ6%mJW2Q{rzpulv
z##oSHda@PQ2b(cz)r7o{dV^_Ju;S@0Esdn(x>Sp4{0%`fTsY&iagoD@<8BF(J-f^0
zyQ|XxB%Iyj<`c!8V%Ot>Jngw|?qE2aFr`SPz^S`~^7i-I@@Qj=FZ!<chQnm@r#EkS
zD@}u&PIktrGd-o<*RB@DZr8)d%@2Q75-Y)A;~3?;Uu-*_u8MrQ+e(@=4#S*A#HPw`
zwrTZ+WYp(zJ^pl1D*Ga^+lyBO#*dtGG#R;#>5C>I8DML6YK$yv+$IPM=QF<3A9cIh
zS7rCSwbQD%Nxw>bbP*<1N~i1a$5#-#kS&xws^W3jM3@~uyPPx4oLh=Yu>`4d`71Hc
zZ~14e8KI~r@w&DJ+BEG^aX`$LEvbr#Y$r$0seMj#xxd_tvUhxle13YEoHMP@Q7u+e
zj3!>9DIOl8d&d99^y%q}R#HCHmSH80+*NIGuTGF>?RDAGFfGxgV~!LqgR;EPdk*l-
zYR+Uhs5FbWU9^Uy3hWWVpq(%@Yc0K_LMN|G6<LtZ=lZj8Ck>k*>(2B*SF8ELS1HQ`
zB&yQ>Y2QUp&*ur}>3+dhCEp3ZsdD(}a-m6}#`#Xq$*9?99VV_J`SEVjcREW1`iDjl
z)>qQU%Z+IB<F)>-_LqDTpGUH#tC6<T2{H6ZpO*(cV;8SUx%8g`V~6~VI(6}!Wh)qA
z%A|rBLrF{uwHDJ#Y|F2A_a_Tn6H_5Gysqb*x>1i1bGL0<&c2YUF+>Y3C(YNG=Q;_v
z947B$*v!{_%e43PmCAh|S@<z~s*?bPmH+$$6UPDpl%)I{%n+5G47YVe-kU`g<ou(B
z`pFh|NArccBbCsVOf3#er7c?3cS7xYZb|PW+(6#Xcc%TO#y628g{dO@ua3?|X6;ym
zie+s0szuh!>k>q3x^u%iwO6mE)%C!;;PSK?alTJasL@Jet(E}oi>0<d9M@Spbg_JD
zPU6Ah+aZvv;+ENamOsOy+=IBGG-y4f>gnlG%I*p@cU79-Dzf>>+Z&3MgNm)~<PDyq
zRWD1s*Q>W#V&87EoGC#Y>Cq0UQ+5u?IDo~nP}E!=LpE899L7__MKvCZSB3igbQMkK
zI?=Ap1zxr$Ec&uhz5B>(OmqER{fvkYSPMQsFIVY-l5F*^(23@&Xg_YT+jo!H_eT*y
zjq*`|BrM*Jj%@(akP}jJ<vy$HO0?8z;+x!?$!Sf{`gHwLqUbPnaxumi{pIF3_j0b)
zgG(-johBXs9o*|L*M}0Qgq$i(PnVMl>_!8tZ}LoC5DCl1)&$bH?aAwpSS;@Pu@x@!
z#DbNQJk8vh+8-U7b}~Fv(f}q(NaAeCvK?eeBEu+SY&;r)g9Xj0A%R`q*Xp+3FRGy_
z`d0&LIg7_}8zAlie(2;yl+Im7M#}x{kley6w0^sz44<OMya+1IM{_$`)lR>_-9^qF
z#q(^V6rmd~-uSe-6MI^dea)}8P*XV)bY0&k(=>&ujm`FrGB`43R}@8Rnq6AuMm18p
z42g_q%XEsI_I_p$zozL8DdJEm)k;X=w3ePORxjuZ3@-!~!Xj@^9?n&lDo)$-<wW93
zI}ONO$i6c<-yThs6nZ@MYPwYaWDl!a_DNHx|6a7jm;?G8e9#_!!Kn%`J*EL}KZ^B2
zh612vb6H!|Sj=6qp3WXlhQ#ZY3*;@1$k)q0HO98R2tHkmddlxyKq1zG%(y<%cBQ(F
zvIZ)*Mv-ufhSwkFC5tti-=%?S3=UkH)?<<PK7zie2xY%cpnoj`AAK4@nVQ(m$J2E^
zEwekZov_beDC8aD(i@g=OKBs|VKKEiH|bXsJ}dSzP`xITNRLQ|8)A!7=BP1?1aDAe
zsU;*A2UlH78Vbl={{7WK@tnxWF@@D!6-UkWuS0%bOzZERO_vtaKfo*eZ0HU~sD<5f
zsqEQ+XMOtMAU=K8==g#lo`lPw_3pxzJF!2aPKUWNfaW#`mC!Bn<nukCiGND?Y$bqy
zSa(G1DJxtR^oHXVg!>~0y1#P#HDNHM1PT34r)e=I>J>ThvQP3(ZfhsKo6=7k<5vCp
zK8=IeSO*o*d+N7uCwO+!iak*~90fhm^^XdiM^jgvVie%9DVVNCW%1Coxt!6CDCtEp
zg3w8}f90dP89+R!7Rsb@S}WxjXu)5Y4dF<U(0Shq)>ur3VPVn!WUbp2ewZ)OWJ?h6
zgy3%VuV0=IM8b_Ih$Q3!?_~P)o!C}5D<AAgaHaPhn^9-BZP%jBZ`rz{9?8d1$rT}K
zQ@z>B(+IWtdj0$`DW=i6GsJh&f-U`Hi)F=@%Xx4f)Vr!dSLg6UxjBj;zF(goZs72-
z>6ZZ8TZ~M7;X=dysC~eQvL)aE>fO)G2e3H-waIQThK3s|I-`Xo_|=Qut(N&Ey7MI8
zCz}q=%asez+L3oEh!fti*c08vnVhjG3P4%wAIw-IJSF?VBLAGPwVc}-9C7k`jdQn|
zS*BxKaDB8ex!mfpx1DOMq|T<K#(OgI*k>dz7+Ij{Q#-<aPow<(La9s(PA7ln+WLHR
zaBrxUN*i6rt}~GTn`+_&mrj!tqSqx@(#`3YzIvMpl+gVbFwS_@{=qe$#n4_pNnYlL
zN}bCQOol<J!nWg8BT<yiyg)j!B=*6F6=Ak?!ll-s&)X!WJHH|eC5F{hO5E(F<pl?f
z9?*{`^Uk4)M^0xab9(1qjUO!&XT*T|dls9Tzi~t^tSHLVWD76US<eMjyPA2G=)M@z
z20JII>v?e)5M^<!Qb0PidET9~*O!QUbOj(D4s5tQyY=OV29G^VWQ)D31akovgJ*iM
z&o-IOFs1{=ZpPu|sUVF^Uk!!C2gV77S!*f)F$|wMRmiXpg|nPLiO&yle+D4oD;nmF
zt$fEgvxPmK{T{&|PM`6%vNxPU*3BfAkvtRo87)*WjsSMf;B{`2a@Lh4TjSrjS@GG>
zY=PW1c8-E1WFM<IuYjY^bvqyQCR>3mbeva=;V8RXPEPN)6ZaTNt_*-I$>T?u*Z~V>
z(-U&p<d~4yj}t@@%PFRVXY~{mqFQ&c_Hto^$+?z)4dM=;v^~h*IZae$qwY=aC|+R)
z?B^xvPSsmQ-_JFeb5+c?dBIPUNm5UtxCP@ee)`ZIgeqs~P<GKxe;k0gu~*i7oS&Th
znvEu|0hQfis*v4i+?F@JGV?yDMi*f09oZbzOxRPMRcg2C{vLF+V_ugQmdjr&?)um;
zdw@TvSZ!Cx#?;Qw@1&QRRkqRE(@$W{J@1gtB-r6{5YW0>kh!7Cl|J@wlF{mN(t7jL
zI7z3h1U%w#Fk8Oka^$){k?l`VVzKfZG-1sU9h#lmWRx%FE^xalw%0ayOJ!(>R{g_-
zd2&915Dtf>A%xlHk^4TRy&v#0mpvv`e7=8bJU6Mc5XOdP_I~_uTSTY3K!Q;0EP1B@
zVg;oqIHO(_*^zi#oZ0|RFo@XW(4J%0_kh=Gp)NAXDMH_e$LB!CJjx%gQUO)>i~oby
z!?o(oC7WWO?l5g}JB#iXn{)LHrI0aFM@wRHBBZg!Y@5K#qoeuIQzX~&s_nSWt8q4G
z6W_qu2K$XE;Y#-<{(3q+ua)RFUFY6vS+7=4$#0wkZNWNx21BNG<_$J*d~cR&Jb2NC
zRuGw*JibW`$74rT#0yrt%VZSNmU-fhW<KyKpyj2{MTOG|k7{R>-p6}fALa|~jH`}m
z`Tu145y~0wxtG^T<|r@w;=1}xnTXiyQZXaYrr2km_~q$F@5@@?&NNC;ls=X<M*8OF
z=ES`$ktB(01=qT6>z5z|x%VNQypzeJHORNWva8GBQ3A{|Q^0lI$g^6ibRv1{7n5l{
zOBO!X1#WyZ^x2zob6mNowk2k7!3O;$`z9H+d|g|SA~++Yq#b_iAkz%AA_#ImyH!$-
z@W?(wHOyPR(AnD0DmZJidOHCK_kjPC%YWAm1=I8R&ckU2TJ|+Fl({%FU$ne9Asgap
zNf_LII8)oIyoLq*D`*L^AQV&qy#v2*!i)ai2o#c0vW6)~s(4R|wGU=X_WeYMEzCGF
zEo|C#R*KE9Ad<)>!U}f`WhwxdK`lL3Idn|${L5)4JnQC8wsyUZ(^2g#jQ~p_gbbuc
zyNW)w*B37?=9Afz&<WXw8Q2rfQ>ek^j<=f_CuJWSm9{?K8FD^W_A9}|kT$G1eK;s+
zBTHAeTAJdSI;mey`99B4lULq){exWJEn{I-k|dI3-c>)kDdJ{_biAyK3o@j)xV$aj
z<eTu@Cg)~~bnd0*n=Bc|M)7H)meh-#ar6Wk3}<Zg%Uo?<kw|1MTV+A7QA;BBs#<|w
z(p%U=9RiVB*i<gI8Oelc2;R%x9=sh8Ow890;tO&*KfkQHR~&Zo!Hc3F#03N(J(f(l
zV5(u>EIM-K1p3Kau46R~Qo9hDRhRaZ@MpjeW7qH`d-Zul-{8A<IiLpgTA$vRk?9E?
zq5m{rQhYXJ1It5mX-s8%Vr1bBA+AINcI=0v#=G4?c<#KTg&TXE*?ZHWO&Y5?6%|dE
zma7@<{W@<dZ#SCalIK3R1oX37o0+D~0@-hwnGVye0hTLHZ#;`*=ZtVyBvHiIgzhm4
zR|=7L)uX+)5+(vLj9C43?$+B#yq<Q$OwDy#>I_7#1xWuEg;MN>0{_2^!S|bs^wS^B
z+L|?jJbNK0KGoZ%ii&ke0v+3{$gk!EOH_olmm{QH$T-<nhSi3UUk%D5s<akT&!h9-
zlIo06Z1ZMSqp%e?{xU+@ZoWI;Qm&r}efTzN=UPp}`CfgT_uz1%kU@3;9+jZ5`lDrQ
zsqXmMT4z5DiE?tZ8B~CHrq?x%D~6u(-V-1$rF_S`xUrB#*cg6qb?pEbTfmPe2|vJ0
zl4{=m?!p0oC%c=be~;VMB~8=?%R2eKBb;L&hu7DzFT%j_Fi;xM{KNuZXxRijnH41~
z-{Y(SMs@ooeVV7m$LD^JM%n&*r<&>QuD;wGlPIT<nzp_}e($HN+3%yn--vGrxNJt)
zxOV8=Sw3)>O^_N}gg-Dt_MuQhZNj+spCiH~Zwa1>3tf$A@)_$ogGp2mB$2mG#O7)U
zHAL&w^@wEJD>wLH2A-#s6^hZxc;i|<gmUN=nZ^7Sb)2pb)4Gd#7@t>jIowV$uB?(D
zqX{^aP@_m`WbYrYz5K?wH&7C=6XRMg#uoNJ9r%&#jzr<J@z&_zUqYI2i_Qvq-3L@$
zr;gcrUHF$O#k`0EEJNb+e794)Te$N&BALsU5!g&gT?vikC0xkW^D4QG+|iUyhDn8-
zfjt$C_PrV4Mdr0xbmQ<1u<d@jSt(fG^YkxF^>$YF<9@7+Q_vH`Vsf5X!`x@xzjquL
zC=YopTgyUMm?WRY7RK6-*@+5P!@N^yXfoP|To1Rc(p`pKpGbOuM*S5*)M*i!GpRK!
zC$TLQ!?75_xo+TVGO*f7#%59Dj?RCYMb1F_fG+eHQ##k=9VB?~KKocF<d#1}w6jaH
z<`M7=3snNOYODdTk*1G<1o^$5q+Vg#a_S>={j6^4ec5gUcNY@6^=mtc)M9woQPVGf
ziGeUY(>Yn&%xH;>_s}c%I|g+I=<^Off#rNJwhiH#ayOc}WN_{`@xaty{zCL#%o+id
zvdJH-;0n&Ka?AB}$l{8^lQ`)M+k*Rg%hH***bV~Z{d2LSc;y>h#!p<kijQrK!1fO7
zEJCvv+p={m??NDN+-2)9we+b{AL2c3GTzQD`k?TN3xJP14)SdbFYJgartx@X#Tq8H
zGiNc$^no?1B<HNj-W<YWf5~LJs|)g|bSm3?L%Yc+K`j~%6EoC|-ulMZZ)h-1`;}a8
z{q%AKET-uAQ+33)zK&7x?yq=1l-@@Q?bhsa_}?;!^Ra^A<ZXVlyIdG}uBRl~*^7DL
zy27A)+N_!fdm&d6ooX_v5Dl$PrgJqGt>Q~V)U0)G)NWK{8(vxG`!{iB2kb7A$*Jvk
z+l1L;)ltxXdIj=J6ZG|MQ5$rh`oT2azJ5Hpn|~>J@0!(;!<=wNrF35Uy$KoC8kE<h
zV*M<(%Pp6qTr2OY!tvcoH2X`Qz3_i|)T@_E?sg$Fsf>G{^@`LzlQ27m<7bcZSG(RU
zxzbeDFy5Y#o%He<bh$B<@#;DZ=1sMFxH{XQ72eA2)VJMrs?lK;jgb-0e>#jTgMV+2
z3N2Ac7mmlI^eg#@>zLy9x3@FKx#D#*MX)xNrp(t!@jgO@NbaBt$_@8;<%I?Zr#iv5
z?Jl2p_6|;w>uEoKtDbLuu%Mi*Es57Gsl6@eYu-$$b}_4X^EI$a*w^0IXm+tSjts&F
zkC4u5X!F{9vH<PE8&(il)0pgyuy%Vzeyv?}(rQMl0UZ4ZfsTib&zut|uPY>%-uoin
z0k*|rxlZ8bqU_GvhtwC~-Z<*^;TP%+71&*Fm&4+rb(k$Dz_0oa#%vbS*CY~sc~;1$
zGnJbvRU_MGYfV&D^ES*%QopOQG0{0!&UdR@0hBi>dcpN*guh6RV5<kkmy|4ck!<9V
zQ7}A<zw+HZc(%MOrhlqeh7ea}Ma=N?tbFo0$XT?Y6O1THM7_v0^*@}tk4fB{T5C4=
zbd)oM&2#A+eCBni2gNpLBM|2?EwmrXiF>v(cQh8G3#?`ow@Yl>pX3Juu7XLt5qLa)
zVzL}uLGk?pLuOcAS!E}f873k|$&dKXRaTGj%IH9`v;h`q>M&g|=jpgPZh8cd6^7?a
zKs`FE7_f_zfY1B^O4NpG-mGMONG1FHN;w?|#C^xJQfCE8G!M969gpAZWj1E;2~70Y
zZpS_W0$|(W`_*De5YCgC&JRK~G#Vc&Ez=9oW3t5UYVF-mh_m_>>2vNVN$AHSCMAl~
z&>!W`SW>5I_CPIgt=N1Ag@tf6r)|5d|KQdjG(-BiduaJ+ryVt+?mYzZz@wqn^0n+>
zVy7_NvnFqs2G0uJs~^SlG_1>kL`4P=9}oQC_2pWpH3=(H+4p=b>{k8J1@+OFu;b~y
zC+|vawS<^{Sxk^m^AMq<C6+ZjB3bmPVdqIF{7jn0bhf&`yg_)K+*vM2<xToQUR$h7
z8q%Rt8qzo)x&&E&4)Oq@CGK^h$izPw(zxb-F=YM<U9&AH%0G{(B4!XJ$GQMMgAX*C
z9DW|rJ1+FngZs|E_FdFgKE*HRtkF7$v9vj>E4v|D`GW4VQLcU(HiuiY-TvYC<gh{~
zDe@b&PhaUx?s6G7_zdA%1G=Ij_CVY{B)m@Vv{9e+skUktijL?WBluq)FS0%U;=gy;
z8*i)ISlj~s;z7c!;eN}9qDlAPs&muTVr7I|BR8^kaRvh399T?<difl>ytb#+W2ndT
zawaHm5;alAYd&|lkAj=NnP`}+#m@IMNuK~>w_S?;h&QNL55L_9LQSW%G|!08-jVA$
zm4*-dO5IOZN8CQoC-Dw%Z$Va(%2U|ZRu4bRmZr6Ir}sqQ)m-JpxX9CFKbL1u7AUA!
z%H~+dnz12sYfkEZuz!Np-9cqj6%r@RNR@MMceHEE<wJDSwV|9hD-6ROklA53{}5`Q
zFbCG8Up*yS-$PL4YsoNqsSUU$GI2F`KffItmfcM>JMhA0@qpKZaDhC)XPGqBk|!lL
zA*hg-hc9s#4<;dwT`QWmfn)yUAL%(VMiIh?(1I3-gkxg+t2X}TDTTwbXxOJ3#CI*i
z*{!Os(>qM3^`mz6w!`4#a1YK&fmF@6nQ+GYT#F|&xwP9vE%jYv<U-R7cQpps%DBNP
znxA(?rkPrJwsMAJ@&{i9N|D!fou?CK-tON-;FA<-sycpOw&iWVI*RvRuAdE4**T04
zn*Nx|`Jy-@Mk$l1q8L@B2g#k!&KKZ)1-{ihh*3=>1opsZ+R0i*w#Us<F>9RtCg<HP
z+q_RNic_&B)}qsw?+Ieviu}={KPH_Cbn6e6XjUWO61#|ue=&vwyZjVON}U!JG1O<^
zVyM@FpSPkj9l4zVui+=o>Sw+2=OGpN=9k&zKpR<q4PPbxQwQ6+nTSfC_+>NhDM4B-
zCz6t_u)E^18zP(MLw;sx0I)dYkel%|d>klnW;^&<bbdDDoguwb`sv8Xm(gUx-ma8u
z+{CaRwmEAS&FAIG)k5=Y6n2@X!r+nain4jj9+JDPPTGFllItsT|6LDK5}0NesM%V8
zuR5Fq?6~v$5ZaBXD1NWdn!ic(4-QI_&2#3Nj?s5}9`q6N{U~i2nX^bW+G7NzYs8u5
zI-1sB53qwoO}>mKk>sF?!o+bBjW~b2Cx~i_^SxM<uGzRavpUv{e8+^nE;MtL^NU~<
zGWf*KXw;LpSWBulz1P);K4;Ugty(&6f&rYtc_bhqKKa(=_N!*Ae7X(FQedX9$4RTg
z9mT}(>r1(kT4<U|8%Vs+%j9%PYEv_}pbX<+iUeR|Ng0IQH9|y{`)g(h<+kC_c#<&Y
zD2G4QNYbKpcl{FlQ-c>(1;o1N_*7<?mFu{ZN-;Ke;53u#eO=$OXxI~yR9Zi6n_TAq
zi$Xu0V%d>eN9B8*&mk{@_oO+`=wtfW=zadAd#BnCVbR#0o4ll3cJCLFsk2)Ch3g5a
zVzi!F2cA5R^3?l=PIU816lkIja{i{suPP{opQ#Ah<`I~$`s>Bu3p{JnbWbPEotD?4
z@@>}E=LSt(M^l1zh-&&+d=%1o<?dJz3z%k@45KfzLhE!))rRxivqi9vfB@I`xg1#`
z^!|cO?;x!@D=D=LbG9h=vSEQYE+(F72ka|ftbAfPmF^xW=hb!HahUoWqm#JuPL)8-
zVwST@{Mhz~L$uB9EHN_he0O%^XbL)lx`6w(=cGG4Ef2S83P%J#dwMkatTMvQJ^SVP
zdZB#rxfP>{sLZo=QTKA%yk#HhYYpStvR45oeMnm{TrWBpEjV|KYmrN3BYz`^PpchU
z*J<`HC=OtkB1sma`Vucuk(pw3Jy4lNY~{E5&aduNwCE;2wV*4KmNJ;_+BK+a6c~4j
ziF8|{m9fh{r+9z2FX9t#=gk@>d_kQ}`JZf0@(3Y&YE!?71*30oY0UzBBvXNRHY0a1
zc_M>N<5OBqL)8|8SiW-+zxm|kv}HT>Lj*PDYF6o5-h0ZC*adMB>*#EQx)8J?(Smk0
zsUTQ6OzVW&2D3W%i-6fO;wr{21)j~xtyw}CzCgWP*IX8of+N-@lrxQ}^>$rmpGN~Z
z)Y(d-I;^%B!3{5oQBxXuPRp=2Y|BEYO83NAvPPBsdE-4^LG+J4tk(ihPW$(o>E)AP
zC(+yIhZDzw&pFB}&O`^$ECWFh%DmRJMVXOx?>*SnzeNZo@AY>eK=Fqda!yI%QQ+Gi
z?eOOw)f#4RU23g3@d750=(h=ET2w3-^N$-?ustEze`V3wvcCc6$}k?MAXs#b)2EMl
z4H@KvmORq+mDmVUajKI>kD&nX(FrgY=9-65F6VPP)%mr>{xjU$z(FLUW4=85NU9uE
zqC=A&W{OCVIZX3WYZ_cXre12#XWQ!x0gqLsUs=OT3OZ-=&%!Yuwoa1FEG6Sy*zUe%
zAU3jhvcXGKJrF`SI#tA>-yAw!DCZBz6kKSPxv-K7vF&m<Tpw1CPb@Y%jxJ<h>^<s4
zFkzI#1=UjUFQTZoX&svtb;oci5pL(5e0^N3!wxB~tb5Q6?#497?D7)hn8Cl3ZvYFZ
z#-3K~a`T+M8=G)rvM7$jbeo3`Ed(|)3S|qb_qb#`Fh@AXXRbtOp<X)s9k+&X%z337
zOeyDG#+WN4zHw&4LN=`h9jMkZ=lby^pos-_&`d_(Q<sDH``Kc4g1jwrN(rqOg@e(e
zKqHv%pK|sC)_9qD$IRXNy(3Jk6+S*!aTI#CvOz1_ck8u(%xGPhW8*3J5o&}J%*Ah}
zobL{9FX11erlR_Bl*fAi>3cse{;zeUPEYDnKEQrG0Bl2G(z+<pPSVury8qE4*n2I6
z(}>wWo$+3$!n=k&@mKy{6rU2&WwQI)8)%qcLy+22S#q5aGlaG+Qp^f{4>PR~-Fx!{
zY|$c2=NT2I>`K;f{Bj$b2={YqCZ+e6?kY#MmRQKtIwPj@&KQsRlMY`>fsIN$t6H?R
z{Wm5LKU9iFEVGn})b`nDa+kZYjiWkMjv_w|Z>f@S-J0XCCJ?8S!Ejf19rD%*R1so0
z52+9D!3w4K729apH0P#!y3CfCAMIyxMBQogQS|D=EMvD^m~?pD%v+Yz?f7m#_;Rmp
zBC02K<xP&ytZ2rytPz(`HMt!9$Pu_wd6~#+ZtCz^^=gz!V%#qv0{3Ns8lN)c;j2IH
znrn&gddN%a9DDDF&0fQ^ig%4Nfq^wYSG)pR@nB`DDS4ERrtu9IoWq_zHOcYZ+8(gC
zk|e)V3)nGX@85Q8v}TumBMpe$TVNs1R^ag`e%QtMt&_k?!DQ95oFio?YX#{Y)f_W3
zg2=~#-IzC+U9}zr2c+%TE=>i}Sh~1G)CEMw9!!iZCEd&IKA9;;T_rlT7OK<FzivbJ
z^ock)<c3(PZ;(!)5!i5vzFZJz?f`fH+_yPM&OsthPYp9ZVmdI~8PVYK$Q7rQMs>lB
zz<X~K*jXacr#Eh<L7Mp2GcD&sbbIYDt@M$mI&w7}ER%b}YE<%Rg>U$DzU<{$VXe?a
zhT4}=&Qn8%8JL>k_>s>ed*@)oyIAf*^X#AZ)G-qAx!8?NT21KsJUK7t(;by?%5L3X
zc_?8v1979(CU(`Wz<cdrc+hGBelFO=*VM9P;j2XOw9^6LYb!Zp$fp7O*jj8LURRl#
zlg1t0>&OZDJn+Nkb|5ZkQLfeO3}P-KVBeLPUaP^fE^p%Ys%dg*P3IdasvbQ}Lq=~h
zVKyya@i-B<UwNS_TF7S{PGmAX+0C^|H(c`KdK9TqraD#Yf4^N#ZQnM@<HM#e3Ar16
zwZAPK5XWc&tl9iloV*WGi!$-7vLzdMO^=_M!|dxFcY|FaqT+`V=rYF?zUp}`u9_xx
zHrN+wyRUf_YgFbm1=jW#9+=n-&7ymIJF{(7W-R<=3dhROv^J94M{AE<ps|)nj^&e1
zT~Rv;!7euKi@R&$Q6sf|YM&918x0O?sy^pQOX~vh#ysi@qfV3z{0Wm!URTrmKlxhn
zGHu%JA*~r)_$!X1Rtw6K&0A`OVkod|yhAwaEWQANwtYgQd(Msv403`0u#ECt)t)Ui
znI^nUTNc#*iP|L2Zyw>uf++ZtaZ?Qt_!^4G6LTeh#UemU-MWy8)9NYP)ZeF=x9lRh
z*D$(><KAE%&NG*Lp$h>apQE>WZ{K{wCHv=ku_!hmNuuB0Vj-=JLZ`ul7jXRjj56n1
zD9aO=<af)*)jiBItCYIgHrA0oI$B+*R*)(T06X7v&^(Da@HjbL_*!p`PqX`)K2%Rm
zHrQi7p9&P1l*bU0h`I^Gn!lGU!t!CS^{0wiZ9Z;dyL?Rt?n7l~Pi>4-B^A^K-S5{l
z6wI1#ym@dnO#i{D-OthTNP4+F!_g3x70Ox1_m!rM6IG!#HD$&#u`OdEloN+hDj~HF
zF(JFJcijHyaGYl4Y*m+FU^UUqumXVyl+)sZKQ>VTI}(A<Hg#wLL=fGCcY-E}_kT?i
zK)*-$LW<~&eAa%yFJqh$iMdPXwv@ZfbX_~EyXCbkq-=f)9|g@~7wD@=<hIf)%lM{{
zEUOY)O7iw@C)3@I#+k(8F)A{0qe(B3;9R!`l`tcFpZiUXfd@;BX{!xk8`iSdjgIl)
z*A|1B<*gaU?5H0JW**bMd%1yVEboKA(!kAD)ZYRJp-PsYkeOOSO66@navR1#vI2n=
z$m$CXK2-E#1dSCzk87*xqK*=-vThc<mbeX_0C^yy{-L@SKLfF!oSWRoisTYFx>SgU
zQupL{A&%mkMdY@ZhbOk+!?TwI!*kbP=D*67zH+~fr(K9qHrCk%v0MPw%^{NXdf3UN
zj2Ne%#;vnnP(wvA7}pITaf1&v=nnef_;^+vP53B^zJ}fU6xL?)WU_l8e|O(GUT&j>
z`@b~t)y)BaT=C%Emt{*&z}gMr!NDz^wstpX4Yztd5Q+|V4`P=w2Fet$xspqE5Lm+x
zArcj4{z5|CZURm{C|;pIKpp5y*4U$ag-gXzVa}URsULQF_u{DkIB9FlBU%4k%yRop
zq~ChE#eMOaKXRD%wv^6$o`j$IFBvHjj47WKcKmKC%Gg{rbZm>V`Lk1AaIt!FQ~^ZJ
zG$kVh$OiN|n}1YpdFM-S>P8>to3t*a%NcE(ynNGqEmSS|af*a;VB>oq>8_ShH?(fH
zEjZJKJk9f)-IOtQ*^<93cq-WGw;+i1+ug9kf$YV7%6`W`BN(P)<3y@nR=q=7mDjoJ
zx-7u!R$=gSCjH$P+t2w8Iv5TT0$@1zATfeu8%?obG$J5=Fk-~l_l53~@H>RIA1HT-
z3JiC5ce9c%JEGuaCKh_vV}pt$m?f9W$&nj4CZanAtQ00}<!bELs)iX2<7RF4HweS*
z&W&iWv$3p}fAFO>W|;NkeD6Z!C^X7baWLu~J~~-SomKid)c#ISm}=v`5wP~_hN-Y6
zOM$NTFepd{`jRhw93}33DeqeYpir?*K3sJ~=%nPyxZBDu3oWCNCfwR}$1B3Oh<)MX
z0X765<RzVQgg0xuIZ8x=4B4OBzS^w|@x~$ShI|(8l&)#r$2!hMQt|+H--0Wk8Fwf8
zd(teR4`)96!))Xh-&DE&#HV<Et-%I=<+O;**bsAUTHd8G9;ENZ$qTvS1#fCj;e@q9
z6kzvycO-q_8xYFmfBFn8Sq!M4zxU8n#1Ns#ruaty=VtOHNxW1r9ZD&pyf5wjGw)EG
z_~Frsu?Xm&V&UuhB8aWuEAFhFU-@T}Ed4|@{!|e+ew^}6Je_x%(vtsz3$Abi%_0+X
zTfoy*gqbB~-S|D<Cmn~}U~C>gt1k}%%JN=OSH*T_K>!beXFj_SK*|g<%jCe%#5Hbk
zM%CX!LC&rvYTFp}Cvp{Ksy*3*0nc;tc~$e9-Gx|9Z8<?RL+9e(YZihwmKaok`98UJ
zO#;j(B($~v7W#Zrq`&h-e0jNQUWz(@_aem$eZ)m*Sk3W^KEWA90@L~}cs9DsEpeuo
z4tza-(^1`0hrPDx=uh!8*z(41W!$wZ8rWz4TN97l-Pj3LL*3`^)S1he<?gWA3&y9p
zP%YdqLY<K=luiX404HNEgx4W0U+J}12bu|;l6p|I9y(}$t=vYgHsf<SB=uZe_OMN{
z=Jz^_m0?tc!L3%j?+*6Z9WcN}x0ElDC#?a&t*^NQ8%=MP#?xJwF!m0Fo^L6l{n~>v
z&7o#81<nU3oVG!uQv@Gd9yJX81sniBAj;yq6I7hp2Ek0Ep68haf0wd)-cr3SlWlWF
z8gLl0<hm%}?yYDU^*luO2bv!r+hKbvG=nqk9(P%!A2%$AeCT@>&MVA?5ytq+OE*H=
zI9N=)%3HU!evHBpq_Y!EAU<4-!?xfZq-I}r+!L2jm#wk?+L^7%>IlXnjs^C>efEBm
zGVn$)b4h<FEc|H@q{epyy(SLd#h69xZ$>V7-P99{aIq22ewr2fRCQ)B0eM2O*|`cS
z*!G%!cgP!WWK{xB011WMW0a%F1Z1N7dY~yKR6Bj%`RA&i3$%RrYR?GcYHMIF+xOY+
zPF~_mIF@8qV`($5iZ)Z?%8Z*7%W}C3tJNUW+|o{zW_;gi27X81PT%5kd5&JLlZ{7U
z-%tgb_M}}XeR!L}dBK)9A^GLD$o9hl-h!Po+MS=>SGRaN^(Y4FpEh&B_d%dT*I$>o
zC;mF8KNP<68r`5AQip>yrka;qNf1GbDfSdw2k=7WO`vm)@uSUQGo32I?#D<_spXxQ
z*-S|zfsxpq^-`0B=32*Rcs35T9CPYiP=PYQ?eHbe%*i3PH^7mK5i20fWz<cJAj6L_
zp~j$j9&N$a7lB_~W}ahRm!NU&%dn@f_2U8Gt)OyB|MAv7+t{2I`WYI(q7JKCQ6u&m
z%A>j-PRO~}^1<KqeHS5g^{@9on?AvrXR{4J`8CF``@DE)-?erqy`vAU3W|tVRr54t
zCD-HTe~PE602X3vMia&cv6DcA`+UX`owk_4i)7`1lK(5meuCoOJ?6I|^_?|Iz4E4Y
zO`D<NW4^E&-FxDY=+(S*VNdG2#q|*Ww0VI=u~Q%tnah`fBad59H@e4rj_itl!^ZZC
zNl}S`L|%$#eV^r2RyU;GvN_JBG3<m&2{@I?<>wx$>_7YAa{y7gxhH=TgLdMWh|G8X
zgEOrJ0*)USy1j(v;GA{}3HAJ(Q>aK0$Pt1j#2EA_kiLZp>SRP|*7gW!lqw0jRMBD1
z)<svX=B;YsLd0kJG4dwZRc_bBdd5dk)S=90*2Hn^D%t2@-mp2gk>fm<^F;BI0_LqU
zwbCZ?cZBZS9^f2_sDK`otk1pDj|Qbh1FVlIF!;jHEZzQdL?|H==lA8AN9uU#%lzwJ
zr8>=ttm-=TjNfpXbgh=rJfgt5C7GfH?!93+=KS@+a&G5T8Ie`|_UjE*b(Lrz8U`uo
z)&cg48D^@p*?+@7YZ%UrVWodkcPz}<eotzx1}Aj8^=fHxy%3&)CB)c9dzZ5{wP}-+
z$&!Dn(;q%g$7^S_hM7f@Fp){myUr!G-ycbPbisU#1>x(Qck407sN6<yW>akX(KyJ;
z=JD}@=^g6*jZZ9m*b93N;xRj*0ljO_fVhQP%$5b#k;_q;(vPg;&q@~K8Lj->>|9GJ
z*5c>NZQhrtO6qx^0))KpiM<yP+qubgzPpV7rRvuHq3X&3RrlhAR)7kQx)$}@6CX}A
zEdsGeoEo-w84o80^|T$;mBA>x5v}eb%2PQw>!WWn9H<w#YojT3Vi^~S_Y%Y>g(?ET
zzysc}g=SESDubNR$U`t1$v8Gm=px?V_>NOwh(ws0Rs8WaCUga^kAd<y^f1Egr5?E+
zZUN$vqA)ek4LZ#(m9}BpxgSL_5fOf2T5}D2xN8!jad^|o!ur0EG6>^{p4L3MWZC=S
zD7(Ob3PT&?Xj|eYS<@esf~G<E0Bng)Sw*)c5=IApKA(^<<xu+JQ>)KGG)6f5V1Y+<
z7@XA4D&s}J#hmx%my9Gj(f1Zfv<XVnbP-tO9&p!IXncdALP~8`Bc=>k^Ec?^YZeCc
zO+<eQV;#C5mn{mpA#R~qa1=kEx`M#*f~{%(nKni|O02>)sU2{J`<-PzaF)IB=(I`_
z$=%{D%p;aH&B}*?re-GYrfwRp9;}@7z`PP7iU5zdGw@M_H~Hs<Zy0rL8t~$FxH(Ey
z1M8@d@_LS>_6D4}QIPt#v#SYa@`aMhv%mXyetCm_^Qn>gH%3R;Mz~|&5_X00k!yCf
z8*y^Oi=>`IaTN7+Xq2C@3)yOtnQ2nX`6rQ8Ckf#Y7u=-7-v>>u7lIriCXty;peoAV
zj7eO2FKg0ksR$m!q(*1z51wn8R8Sxy!>b0=xS!|SC*#nh|8vUhf*}&cJ89lti*iBF
ztaOX4U+$d*>hxRXe{%$Y76@pN^b&`^&fas}ZuLuw+Qoj5_Y*#T546jf=(Eu$=SG;{
zHRNbMG4`WMk-@#@Z;+8NqbLM)zukwhij147I>&2J_$r1f>^~t&fdHVW2;q-_BtKza
z0Cs_fAv-AjXFw1}4ukW51D*cD3L#(s5D-W|8coFi#990eeG;w7L;C~J<2Nb_k{rNc
z2s2aC{Q+6>yY7&>seg9<KXQ-?!vvVYBjg)V{uj9F?*W1ndH)-C^;Z&1h%d$wL}z@-
z{{=ZkHm?LvP9D?l#1>Wx{&tRAEam<=?0p0i<{$D8jQ&QejOLw)-u#kI`uJ&Mnensq
ztN-Zh-*f{2SK9j`8ZbziLf_6`$s!O++WZk6mL@73a!o_OIRXcel{0IA@(;Cjk;X)s
z1&7krJCH#I{?L=^9rI?zvtXqCFQkhv=_)!<&9mLGYSB7vnw-SGbN(ac{>SBCpBtrJ
z71jPQ+2sh|Ddr`@!qm;nNu@pi(D-jMPymCWAd~!aDk;S8xq-+rBKz~)m;uR_Z#Uol
zITgnD_w)$I)Bl0ozwvgF02fCFy!jVb|F1rLg}}hbA%X~r4g3S@4w(HcOpKh;Z!x)l
zPQ`!#Fm=!nidFv?Tpv4-%z@?b>Ti|%pP8V90pWxomB#(Eg!uxpTlZcx>d&dd5WnRQ
zLVQs4?<pbWh8apy_y__#Af5(UN@`$~1F8rg_+pF0wBvDLa<G6|Rn(*>kN;~Vjd+lI
zq&v%1c%!g@T8(je`|d3z2~gzpH-@l%K#KQoB7Kz=5#}8LK@}U(B5cyad?y-I?PVB3
zf>I0xNM1;fi}{!Ee_agsb&7GcoeSUg6aEOaiS;TrHX3N>7SMWidYf<4|E8XBJ}D{D
zrtDW$RvZ`y9H^gBn?KfZjbXnQiUV{|!3{_FOEiU#C4e>?>klOyMM&QPZ6YE`4N3xo
zd<0~Ffyp6O{;vT?BV3-m#7mz&UW~iTf|_$=;CWmV>doj7jNqWaKci~sbpys2R3nD^
z`;|dZ_VGdr#PeQn180s`6fRtj@>X0<at*2Fjo@Hn3xLiUu>liR-3YOH1`s>O1H<j%
zXi$1i+qRYG=G~Flq}d+n1BOm40#qADp=xf5biIXKPWdG`vCy-TRr-7Bf{RhA8GwJO
zd8Zb@t1g%20E-;Zs}CH)VyCpnei{mRa6)2XsZ{wtoV`_4T*0;l8WIA8;1XPd2Y1)d
zxVu|$4Fq=&?(XjH1b2eFH5ObOcYT|4&V4`c@BJ_a40`n5RcozUGUqI&ufAvt<e9P-
zA@qJelz>UQ`$>@i4k&0NmTgp`I9qPcVliF+DWNJ_us;klZ)-4W=7xZ0U+<;U=s<wg
za-Npk<xHQuxHisgu&+-(@WQx6zS|E2Jx(CQN|!!AAHU#3`Fdi-@;7qweknyYJO2~n
zy$ziFi=AP`kj?(@Ey6+htL|n;jSz<(6ZTIasPh;nwP`|dqi2vcuNu7ZFS4o!*NCj4
zO{tr3!8lPw45ZIkbVKJZ|5m@Lu_u^qwGYwP5;*W|HtJv4_C<a&F4ozBk55{T8iS2J
zxP|bTe{14sMIuswhz~WZmySTBEC))z=eQ(XFQhe2E#oy#+chDFZn}tsVia`9UF8iY
zP%FK@JOlV|>sg8Ad<pcHtw^2(ZFGw8yui;`q8Z^N^5bHFRg5zTPrXIM+IPNa{Zf<H
z9Q8$)<CanYy9x2JkMx_^ev_Vef%#0~B!CSUwyO&>^EX;3QOUU28NrGr4~_${98;kx
zmLDjWg`A_Ay5t+B&9xGmP8UmH5JuC8cXoygBLE2_C`s+km~8v{k8dkLWc`pCd67;J
zS|(d+Nv{pFf?bU?^CThQQKJ=8Q>B*^iy|nBTCmQ~YO=}OV)u9b3+u0I-Q4~sM-+2-
zaF2L7F4;;<ifVK{yl(NT-E}BeIR@4|Y;b@|hf%*e!*p}+1T1VHdoyi7Xf@wWwuHxS
zlWm%LA_vg-rke70Ie+z0QEN~)WUODG${wz5Z4}4IKy!HlA<FY1zQBwG2!JU8f^{Zi
z`)lr}MR#|84p;jMsRG`F&wup!D>U0fZ;qFGGYZ<2OC8Khm1{^E_?y_+ELK1<U_N)J
z8DNMZ3JjT>Vrg50of3vIU3c5f3bX6nCv-JC4V1E7VONE0<U5i2w<qLi)T)f7{Ef&h
zyZz3UTTL7#H!iem9Yk>Nj}|IqYF2WjwVQlHuI)+{xqMA~4EGtG=@-Z<qgrJ1)SlZ0
z<UYt^JWYNOo#Nczz{;HQHCv9ciV$;(hGZ|JR!B7)*5w8kt39V$?Kt?YX*b3up3yd@
z$p<a(J>t!)7(FH!Th^|I^Cn8X&h1D|VPcLb`96(*s8`o`nLoT{wHJ$3oRO@BMZ_0;
zyve||a`G2Z?MKbcP!Zod*#l12)g1=#n@>SQ)3;wK9<KZeOYP6(xJ6E7wq~|AwcoPM
z!AMJTK60W2s3f42PqOKpzFv15Jj3+4I-R=KBCNeb$G3#Rhl(fiFgSiE#5^(BMMn`6
z#Z@M$FS>2Y2}I&f*QE)r*#$nhW*TYDzDN{BXg9>yH)%<6ghD#EG-@XKABHM5@=B?*
z*en-XYYV%G(Gy{hm+;yx^)rU4Sr|vdd1YeTBVpG{Fa8nwxn|B8@$5VGA=>o2YK-&S
zpr@EB>2eFX{#om<WpX(_H+<sp;H>)Ydf3IXtX{Wjzj0w@AFWEwE^u9`lu`PHz8G3}
z+;R}>_$f*CJexYbIpd!<`Q~P^$yATSKM>)=#`<h`Ksu;4CpkGXs4D6g2R3wVf>{!k
zf*%Y5b}@gls$=9uOK1LS>zwqY^SY;$ghWZ6@w|(dciP0uSue8r?&!}a6Y>LDCFr+F
zHh>U=QrXrR{$)I(sO|gS;^r4+Rqu1)!auKzp~0e(-Ej*b<BqIs-jr;hxc7xUagKCJ
zUFnu~x;<%+XFrumlg#oyPoW(1nUmpgRCPfl;7$e*;dTl9Wf?iXoF*pkz9KS1uL?Pl
zFv%`dfbd#;|EW|chJ<3!=MURI4~(r4f(E4{-c}j8)`}%IiDKz|<qIkPhU{x<pX2a!
z*EhZ7U3Lp~xs+D=7t<7_daKS8Wz{A6<j+v$WbPajo2d^Ndkue6T};WBkXi`rpaShN
zC|2w!Bb9gw@;nH_#{r!HH1jtt0E5xLkL+B+6-$J59&}?SamVFI#7h%w<-H*8-;I=Y
zaqNxn-*-2De!Sc+>UC8zZMDZ8YMc?P{PaG>SFjNcQY)=XA)Sn^P}LiRJR>LYEDk`x
zLa`UDp)Z%>DB48;5RY@3^5)Ka=$8MZT5c(56;-E>{SHDVl0BNQun+wO);V3d|3VST
zQL>Z+l#$$!D;CV2)Z-)=WQE;Lr6TDY=~_o!2v|o37)Wj6Ony*i?1*lm1!?6OdLy*>
zTRA<9QF7}vk%GB(3PLf9m50y{34BN!AUrQ~O|_8yd@=cjIvJ*|Zi*pUeg|<xr>>fH
z1zncTMAOC$T7-+;k5iRZn+#~V*2K7@B?LpF<MS;^1phJ9PfX<%HVV1eYzzwV7MR~a
z<g(mp(m#U2%5Dg<@1>LXYJ^3sHa?1(2Sydi)5h7fP9~Z*EMJ!2obtq(ZI@m<DKJBD
zNBgs^)uqOas@7Vw*8Y*R!MZxF(ZdZj3X1?scz_y=o7?WNqzG>I@{eUCsw$xAC8QZi
z{3Z-E%MrN<A1)^Z4glgv{&U-{zNkM6B%H+Mq0sy3ykoXd2Csm4{#~VJLnym7`0w?}
zyPP$EDiREjDM>C3jHe642oDNOTIBRVvgV0t!A?y!&fmg*-(T)d2gfjEz5hCjb2C(_
zRHU1XUD6a_78FFak5t<*Q<Zh%z=uC2s>!MPp}WiKVBFhzs&H)SsO_&rRCc9hTkVk<
z`BK?Jxl$j_7nuIgFA94{iwdi2o(GRGRHX5g(u4kuZE$GFMYZr3I6`|npxSeM9?#m;
zw?k!d1J-Z#5B$#!Od?BX9tUf!3sg7fXA_ZTp~laI0+JtP^PS6s+Z!L*EJ4digt?jC
z49Eo&p>a2uk~7yTG^HuW2HvlvWIQy2Nv7#Ha3I8~m+d&YMf1s{gLj>0J)b|-g%vDK
zq4WTLE%ruz(c!Ja0#XhUTIW82)3(cE=Tm+QTT>1Oon%&X#TMg_J0nR&0KPy0VBTO-
z2|Qn+BjPY~s=bTX3U(TbCI6FwQ^0)|#ka<@nQEnT_m<V-@W8AJH6C3Fe=j<U31*-E
zvHH_kHz*Y1e#6x5FZRpoGLfMBZIMiaWFJzT$d(=aR8!~>Bx?hq-jCkL#X243A5wvM
z5b=GVebl^M_Qbllt&+pix=T({jPSmEU3OV68-*8YA}vgJIpwJ_JugF3WLoUeav9s@
z>rG-oI{O=;-xRoDn$|R<d_x`SOVpYIY4*4`H!Cx7xZ7uH@m%|H8I$6Mbh?>0US5Tt
z6`|cm+q=7&6#q@A^9&3TUYeyap;nLmL;MfQ7Xax`e$027%ob9v)OKy)um%|Ca|n4V
z6QP(i3SnQyN<<@4dAHP~0Rp+mTSJ&mBi2h#l4k1VVuaz-5pY&kj;@((alXo20W5YD
z6WWR#k+3hb05R8wYRJj<-BBmddoGS0OXrH4FV`>}`yNwIA(N_@K&=9IG=;wOboYE)
zRQFWkO2ldFv*x;&;c#FJ1wA3B$#7@JRlRTw@SjS63}?1fg$C&HijOQl=mY$=#@d~$
zu&OrZ)Kayo$~Jg`Yh`cEw#64=wPsrbTy_U+m2zc?xgmNTn*w30aWj}%@>%rlARJqV
zcYw3NJ^-P7)GWuIX7|&lPY&Z;dx{Wn!<^V#UoG@1sBXXcrsZf+_?I#DfIH9Wa#NIQ
zm99*d*Ms>!&OCY*vnUBz_b^!{(d@zVygzB$y2-I%-TO5{Gz!UPNYd#5ZZkRM>wZd4
zHqT$#46mXin_%{{fV~UcITtO$ll-1^9Ewp}q@=n3+C~F_b&nBmj5M_wY;+xA2X{xN
zIlL8Ia5szZkiINQWD^Vx#HAk+o|xBW^mt~GL-8nrUbvxGBlkV*+Wts>6sa{pdg)HR
zW(|Wy6wHLYKg|9Ui1qho`&ug=$Mt+mEWVdDLlzz4FI|5+`aRdvpk&j*6jI77U!5e%
zLtA5ON$(|8@*`c14Y%nR0gt2<&so8Bd>(PM7Rp~#5FTKuc9ibtBFXn-9IU@)#T_eO
zwY{IOXG>;eR?a1^V~eW{e?w*LKz)GOmpU{<gWRsAiCQl=s({wQ13X{(U!PcT1-#l^
zQ}|GV^oleqG}%tlqZG^sB8bF@#*$+wp4)HNq>^-;xOPm@U0KTYIx~%*Gq@f0v&FR@
zZ#a^h=KieL>z+?>`|<W1s0~JP{5J9p2WAu6`?m+b{J1BJCh{aR^t|px=#=1!(gxt{
zM5DX{J01?p<gacZJjLB#EIs?AM|%Q4n=e-99E^@RdUfIZ<2kQ7HXZ&AVBU!XC^b}i
zALqOCUZ3^^W*d$m+Cd{JQ*&JN(E|5IoeoGJSx88^G3MF8x<~5VLV5e|%W+d#x#DyQ
zcz*9bar1<dT~dakKw#jT1H-0~TDW7Nnm~9d1O5GqjugvwH8sN@*c)HD`*i*5m^lwn
zXRpg=MFd9ZhUU)!^ohi$osn<$Ugc@)J?>bfpwCnE^2D-3vFYhff~q5@%Bm0iylZ)@
zV}~sTSwH!{6FTu%z$BO7p7G@J+nNos&&s+i?i^fenxI-IhuxNHMMTzEp4Uhv&cMT(
z8mPL?ebGg9`OI*G$LQgj%S;+&_;Wi@E*&>r>L0(=I?F`1<0G=-dVlxHu71Mc(`u2d
z3U{56U1}|L%<kfG=|-ZFaF*0aVt$&1N}hl-r0^@vd`cA1Un5@l8f_TNE@`sTd=6c=
zTEHv3`o?_hX?eckfy?mlkQa*NxU{-LCH&SOPHaMm`o^f9;JtL9ijb&hau3H58^r)<
zeIi_4rSds`BwTmZo=@juPsesS^{FUJF^C{|v3ercd=7xH`jMJ}{AhQqP3}m6O$mR(
z(q6w(yUoQ;D;L61LF7>%iCz4Tt1r6?AjBRJ8wOrq0W}WdhFwd#J`B1)KGgy&kw;fk
zT%FBo%M>uiFFM?s%KN5W)L5&w(i^~Cu;9d?*O3ljR=y|H4agZHwJC5gYE}Ef>LC$u
zNhi>#Ak7(%1`FJ%ANstTRt4zeFi80MCN*DqhCjX1oLljf)1Y`gJIbbZ7lsd;RXlnf
zCZo|xz9JCv#*fhW5<)KFoEMuwCGjWyKzr2{gjW!qb(_-fw$bxM(B0bVv6D*6M(Rw$
zCZyx6H{%y_kYIFF)RRu+K9I-oPRV4nk%V(2d&an5Vd5R-#oDpca(G}I>d|D``OU8s
zz7P0hNE=t5F1R)>h7ocR2Tg_X7L+V&i!P;aCZ0TR(XPJe0txctsj>8Yl+veBi>%RY
zzW{g#&+FkU9^@|(+U-+P^Ejc8zqVSGEA^q=yt+wr^D>-{zB7>F`NJ6hVOY*uNcm}E
z|F9OOY9wAcDowlWZcNb<+ayXXh6)j4=n#(>|Cf|Bbg=5YUf|$ULd`4S-_^AO@L-wR
z$QQpmB7<7RqB3Uzy@<I399A=8^hmuqK42>N{_j?Fw?C#(_s?VrfwM0E&|-XEmuNz-
zyPRm8KNKL<T3-h^S<quR%Xl_G56qOAF;vl2x2zlsj)AE&<0R2nok^d%Nt<Wj*A)Bf
z2Niq{kk(o5X1I877PkUY43f3i9h4~bO8u^oOyuT@qtsg%L+Kb8|N6hPKk4wyB915T
znJrOrb?sU{#P=>wj>2I{Wvq*Qhki<#xnC4n?Ckk)r9ko2?0h-KarrvVS+JnzO&3wZ
zdH4$8Dav7_fX&aQrSOZMDu47kN=D<9d~G`);M}o(I%#b^50?VVip7WGtI`5;K2r5i
z{C{;aH0Mg*P0Vt|lvD@C`=-g}QxqTJpp4loc9Llcz%5r9On$iU;sQS);vIy;T+dpU
ziTKOLVGjN}{)ai<i*kGzq@-aU8{wekipbbFIQ*$wBC9-}k0tnKiT7wZ!_>Qm!hN!*
zKXP|d)-5+<Qp+V`dueUmb-oEDZst8Ny44z9qXXO6dfeKdETs;dcK(`v9E`yazuUdF
z1cO{J#9*t)@D6^sj#L@!u@(tiy?BXzN$s>uStS&U#1<i!DtPb)|F`BgXp$h$B>so%
zi!V}dF#q{dcT{lQ#Zasup8}1zFuA6&vgG3uA-feP<~PNFm%A-wik68|2Z||CuSIm1
zz43ZkE}-!2l&)6N<4ukRfHh^*6%-(fB}P<OjYbv%*r7MM9umH2Ox@WrpN3|Jc2;#%
zJ7D<zzdhzK9>#D3s6o;SawC^tg?}qPKU|vwDVYO+GI*G-0oX)vNKf({x*m2YW0@Ii
z$9EM?6yNr|c70F@O@2hSuNv^%{00b}@wW~qmGmhAEn-oG(uE8;d2Q_VVo@jY0Eb%g
zx9qE9+wqTXzmEYL4gthQtVbQ|++Wa`;pO~@!8L)GN;|5UCF1ualD(c<w^P5@7r`d4
zC9=}0CG;Sk%MkYATG<L*UO`gO^3V2hs-gJ_5gdI8FKrDHp|q;y!Ia5Ih?Jnf1Z3)J
z+M0aXsc)8SN#oCJy_RQBf87kF_S0x{5)SCmS5u|L@nG|cf5PN-+m2o9sJQ7YwcVa0
zLZcz_hf7&iZrjeneOto<Vp{_iZ{+QdsI42C4oCWKLQ2Ld`YurGLe(YJPW}fL0Wv(r
z1IJwr$mAFe$@ltp5{mO@;^@3!rz+j{<UZ{_OTX9>;l~@v^_=7AQefy>ZwBZ-Xe};$
z@dpm=3%3!9;cqx5g{acGe5T`8?Ck_*X*X{?k~qEcGRR<I2V5#jiczohF{oZF99!Z|
z$|YbAbq#Hpz6%;)Q4buL)IS$qhege!GXFp!;W);uVA5@MqT{=o^mpn<KL<}5XcHaH
z8y1O=yXt2=tEe?78R5&$#>U1fcTnuAD?J15R^UoF+C?ezkaZFK(hW;A*%yL7`y58!
zBJL_Qh|DSQ2y{0O(tdWx#?3#W285fe-f9g>r{qF-^9r|!mm+M;1n;*l3KSsw8;14!
z{^T06je%yS^i$($995|zbej2$X}5$0#x$xS2QI0przc_+xO0oR#o3y-VRUWP;R8Rr
zQtxr+%8Gq0w^0#6c)vJftZA6WhRE>TG_SiG%8^op>Vr5+#CEo}%-*G`|GYMb<Tssx
zQ$3R1=(I)eT~YSabI%>Hc#?ZNPDv9h3S8Z9jK66M<IUv+d_Vs>W7kQB_uX>l{CF{U
z^t0Iy?vsynAxBtmZl&j9;B(;>;W+EOnsA71-4hTJ%DUx$Y_u8DFoFH;70@AAinGNE
zOpvGt$QO(my)1}SZ5bREv+AfaD6-Hp!P2!kTU+~}dZAd!1ZokW9i~{9VS?)!X`LsS
zUd{scntAA_jE&S>n>n}}WtpI^IwkICT5}6yn4^&O2)p%Sh_jKYPf6io;nVN>oU?;~
zYv0#?SV}WSmUD^2!mnuARKc=lIM`9jyLc3=eiW7B$|;k^b(uC<3%i2+U9|4xvBFSu
z-i+5|7Dsa|tW5C$m;9T#AzH-?o#TRUYK4V-h$Ok$UaC(0!?L4BX(I|`loWhcAfK@?
z@#71oD!C;($D~jefo*3(Psl8^<7$<*?o4-yHa}s#`p8i-Y0NPRZ?Uh2CBs)9nL!yY
z$lpc{Rjv#pVKpTprQ34e3547VQ?Ck&dEKjNmJV<|?or*k#ZvIa-iTC|)#7(04(r=k
z9b!8fQ?qreb&;T@C%hc-nA};ck@-crQ5dHI?%<?sKsHEiwT}Cj64t$(<=Ra}9H;P%
z?O&!OQowT>DbS@Bac1)<GlXQ)Zgl^4E9cktX>I}h4&^DpO&kv~1}o|_y&iBZ0HrP<
z*^K~*<iZ7W0e{KxcIz^NZ-C@DUbxKG-Pcg(4ycAQBh4OVj<B-Cxl<o9>G#wre0JXN
z|8qR?sMAb4QQ?TV1ysePNJZPM((spEd}m3!N>;G+JSxXm^-n<c8&{`5n{x}&HLfuJ
zr2L!m^>{6#&txBc|M9d_P0cS+Vb7F*=3vDGHe(aidmV0bI(L;QilG)grWzOftx&LB
z@!QTMDz!RECK3^^q<4EAmDC(YZUz^?mdY2p5o|=hT>EpziDYV~L69yk1N1~Ri8v;D
zHLW<|{Mme$QRqN;7n(!t4njT>fA}ZNcQ++{<Gj-kGjS;EChXy-BFEx_DAMPGJ64(_
zD1L$y3n;c)5a>Dov@bL#gtU>X9cJ!(iL+n0R~zt^YPA)E*N)tm)}(}K2em`HUIBg6
z*Vp5a>#YA1poHka`e2C6du^xN>yr6H3khLhoQHSf^y4!fh1`#RvL8sFaBvPiKrltp
zNAe+gA4}HjN6c09>RDCTQs(YvVrpV)nzX7m>=39{RoZb<QCX!I_-nQ07A$+LTBRBI
zd9GAPtMbpC`ARbr-|dP(L9z3iYfz@!;ZQ(75<X}2ThESKuY)%NhvoOlpFNuxK&5K0
z7{DX4o;QVD(I1KLvfHePZw*ACqc$DiuD=rT-7Ff$Xq>j6@*l30u*hTq`r3cCf5dQ|
z_r>ksZAD?dehqrk)9yG~b)O_~Uio@H!TX5td|T1f_j)xmArCmL+0)%Qpo6tAxFg)>
zxS%7}db*ayZnY>VM#R?_H^ln0@NSXaX1yZ=iSG)fim+hGepW$j3da;7j-un`;ppn=
za(793cDM5x@)Hnjnu>ioEUTK{pVEu&e+2NP`C2xAxR{T=2H}5yORDmpw}{lH^CjZ?
zvfy`rwqNT3D15Z```xssrc0~z7q{!fsZ941iHy4x$jYBO-k&JoT4R<sMEILXpHX`x
z0I_*N98l?i7MZQm%OZ67_Z8e|jrY7&I$}NqXx&*Z>_j6e=P0_SUSIQq+nms^x$R5=
z?JI2~!Y7&Mi>meFUlG*t9NFa7Yt?~;UW_b?>{>B=PA9Q+Dlu+e&(@Mg9)&Rg>M^PO
z{{AzI3hLj5I(M~Ca><-r1up*rAA_7WyhQ#0(q8gu^K>QO1L5nPAl#{Jri8$tk4>`v
z@7A=nUdx5Znh&$4;0#4XvBZ{WOod+Cw%oAZlc^Cn5+!9HXT*55ZZ#_V<o5PhTBb}T
zXL&#_|LOXO#X@$*Vs0P2w#xM?+Tzf2svP$i9m!TYeWzl{GMyA5t>S9MS1m;FusyMp
z3m|yF4%ci8ie-rvW@}Hb4ug=Usl&P7l*&tu2^Kc%Xc|_J+zsY;;~D0?i4_i06G~<>
zOxGbX2{Ym%+1MylO?fB~SR#B0AoyVQF#hO+i(&-21|Mc?48>CU+}U+pHa>n6-Uq}D
z2v9Ps%K(KSKERli%T(ze0G`glyp~w--zhO7;i3$u)H|VMp>!P%hy5Cd;crFa@o#AQ
zN5aGD1{!D8vIF4A%-b1}2{O3^3K*4P%f)H~{HgIblgj`8VAU=)f_W!!Jv##(+wf~g
z5|{spM6<=gyk~dSZZBijbMNF=m90P$t;Y8+r+~E6Otpb2Xty6W4=B}nP6&(qT!jFI
zw0{7teE%<LRP6qOu6u;8%f@~A!c-&IYG=2tj+Ca$Vs)L_WVWZ-%3{`jcMLLFg>Dlm
zx5C)KTu5@9wPt4^wOW-p-hxfxAH%)L(0&^7pQ{v(#n+YA#gY+{_2#QzN|h@};<$2E
zJ}*qh-xgBN=`DiD!As;|#KVQWM7q==YmJT{<j5c_3bO6McIT39IgmvyW|ky@G6f5C
z?%$h8*;-#vt|<dcJoAVO2I$f6#@cM+x8uRJ!0vRi$UTmV)v1Zh!G4D342P83WFE_|
zQGOm3i?L*FnOeDc()GS*#JzA|n*Eo_qcF6ntkBw*QY};}3AlKd+|^1Q9`3zk`(n!`
z8^7fwJueBMxtJ7`BSn_!aUlVut=THAZ@PnkqRFR{`-38)g9J6*m^S*U-<a>`#VjF>
z!xOu|ka><7KXp7^Na?NtwNwV(!~n@N04Ha%`?GG61F%V_J#W{<=rkMSIg`wgahL;S
z1y-Z00QI0qn^uS_0}*d81Fq~Nq_eXxkPe)(JBE>^EUuS*Q9x!3w6SVGzRH`Aoho@3
z1rfOg?~aCeqi!zw;Fs&7Q%L_aJ;oif2b%*GBeda;*G50qeuF~Z`@hHaGqSwP8?vPe
zd7}D>&;g3wyrE`#UQ0W(HA<A4)%sAY9+xt{7iUv2b)t;u+jSHChBT1prx>bM$I&aC
z&&u`CFo$y$V$SD-HGr(x49)93$Mfm)E!upocHqUV#X{k1y%_q}3F0O6wa36lD+I6W
zD)j=AYu@~%XlrcAOK%<N%YogQn~G($!*NkRG{`Y3#6$*9X-gDwr;%2-HohWKs@5(H
zzJL_9WJuK`hq@@`GpLJvxxm*buRA2O{eAb}TtNjCh}ZSe^jV~}*%bKNVK88Q`lahP
zQ|}y~bD;@a>C|6yfacMuYE;u7sHTD)>*<sfIa}!@lUip&u*zu;V=c*uSA5o>j2PM#
z=`R@a6-+z{h{3fJ!=g<CO-BoGJ&xnSw8&o?G<}`6!%}Z~uZ~wtRMkBoI{H~$#@}A^
zM(hEw$EdZ<5^%LR5;mhxB)3JddRxqEUKD>mz@W$0{T0IAQ|5B`1i<`>nSoeW(2FdP
zj>LcWYNYuO=ujO1v^2kD&iH$vgDuhCXtmU%v?PXJ2oI!u!AP9{1WQ^I904qMrqSm=
z<Qw*T<HogY5k*BdMQv@oZ<<WfDj&bWqeG-GO+w|U^Cuc>Saq1L9}3fKC_Mi8YSsMU
z@&pRp@1f^UU%k3~e3@I{Gf4BAHeJS3^E~6Z2)vcjK))sJ0Mhg-b=vvbq23DMt4CP~
zWXYrTq$N6zDtSbj`WY}s^MY>>Iab60;iUvD{>*1UuEXbSv<KJyObFJMs02`Dv~znC
zH?UbMH!Pe;wsw~2xH(x(GiBGNR>8kMq>&h64{+kIMV~WM&M1sZ5%L}n$-G%AmLWZ?
zc6Qf%+~a<LRFrU;cc4Lf&>_G8Tj3~??(Vdx@u^}=uR8ceQ<oWLC`4SQant@HI`RCw
zVB?0<_QB=}-SK2c1$5Cw@{Z`<tR4oa^?m2<DP$@oRk=*Msz&8;gtY?fUc>f?-Dtv~
z+ZjUtdhHC>^!sa8NQO7lAN6xVm3C=_!=@0ALMG2R&5tO>-fgRaQ6wAstNf2(CuV6u
zN&Sf5{kSvsy*5Azn!r{y=d$`4pLP}?lKha0|3qrTU&Yk@V9JBJNDfvilt%rI%vHWs
z`FBRI`UJ`5`S<k|LRAHfg!Ag3y-cYf{2#PgHoQ-7(*;Q5vJDym1(?`EO~<jJ$!UJ9
z)d`}B%j0CVUH{{+aViJ8hvHXHn^mbeA`tdA=KP+K4WQj}^_LWR1}K{dP?k-zx*c9V
z?kP2tzFY>IVq2DNRPSB_-dO-Nz!;<dvt8_ovR#t81(KLkSl3TmIGvlJBkdQpI)l=g
zOjXR}D|G@B%s|GXWTe`qeiHO@dDw|wxwHle&s6UC;fl*+fo~12{#I+8P^Ma_6Lgbf
zt<|jOZu31~x{<Wi;Y2W@S&s(3DMf%?_MWd*X}yk5P&Uc-_kx+)_N~xz+q`nS8=GtA
zXeLY6ysfv6qIL^JO06TmUg;<YF5h3U@ex()rt<o5vLNHaj0R7FFpW2%u!7Yx$=WT~
zQj8*h&lv*3yvtjCRx+Jg+%eHmAi38bpd?*-1V$IQJB>4=DwbwkQ86Ru-i|bCBq+yg
zh<NfvEe-jl)kf<)*7HchwSX4a(Bnn=H%IT2Kc+@bKj@hjYKLLo_e<6bnPqyv1ajsJ
zf%FY@8?8!EETboo1rX3yZ7HnYIreRc$-`0*5D(9HGXp2-)|-49QnW+Uagd9fZ5F?$
z3wrG;pC96nfRg5k3lkG6f#D1wm;AvN@R1OS%<E!XA|RrM&~w(R@(Tqxy7%gWG?LQ~
zklZ9qbeUxm@QzX6Gzb*9n(QT^0|ySJ(ep1JBlaQZL(Y1~u3Y2wRPpC64fE>SZ@^)i
z^=7DM>~QRvA#d&Jr|?na{H1s7r#$JWc7sR+f!SXPC$4LaNACDLhZ0YkDvF)?PMWv&
z^W$W{Sl${0iFo(9Zbfhe%6GmzSORHYTT+wv>x)NLWOij6>^l>XdXNU;qTWAXl8C_j
zDn8*vFylF3Mc^DjL%Y0}IYK1og3D!66OPA`=tU?HX)>DrwGQ`;17YFxSZDhI61G0X
zHZ?(5bd{7(l=;9FBd)ro)np;$=qj&_Ve=80d2d`RT4ipDkl1<WTg2TYqvtNIX4ANp
zKJ@g8Zw2F>JfrJyz2I}J<3ZnP3_Pp-JU)0h?LmL0j#`EK5_V;b)$&Fg+~q$OyZxWc
zj=ZEo6HA0x1-f=Ms(B}KvIU1=x~)b%e_em%W}z*BY-%7R`I$Xi!VtG7(Mr8<U8_0Z
zh0i&rtWy1XNc_et;&93wqRG-Adp!Sh?K=^zw)E*X!*WhxSd_=v*V6Sa+7Az5_XB5P
z43aD2G78YlpltOJr{6$}7g2RxwoMmvURc<Ja?qMPQ5>qU%z3NfA11YOyl*{^2%iFB
z-|f+Y9L!I2%9m7W+JbtTs<zmn)ir2l=M}rb!uUb>g4ia;yTxC_V9YODZ!=l3WMGap
zG`?E$WAcwZR!T^<=OcTHE@8tOkBUyo-;MjR5lbmRX*y8@ADvP*K8k(l!lX5_;2Nhl
z6_U5THL~U#h0}GDZa==wuTKDR)08Wf|HJ!yH_Qp{sk6w{7U|&dj5-q5;;_!Enb;f1
zjd-ahmD{Ojam+nTkih5fli4cCQKyKJNrFJtwpMa$Pmp`l7l_<<rzno4vE_(bmDsI5
zT;uIWE!p1*OPwFnp3IXUi#^KgA?!0PI#(5XhH-@nC`ZNy$!<T}A24_K9)3zn(7@(t
zdfX|>6&~TZWx_0nPyCj4_xKFQ4{dULPcz|dIoM!9ZG<;LJ#Xbb;?Djwo<>T)Zuao<
z@MKr1w8}l(X(wzkZdrTo{3-T%xXlAR;2Qf!o9`8yX2szWZf&Ke;F#WPkDzJfWV7*!
z`e~!XyIpfOX`zs#QZsOpg7}Z005|<M^8MC}riehLx=z>0=7E6sQ1y^%DjLM<Yl&Oz
zSNX$Wr`mzU09Gqd1C7?i>7Go9?QHCk{(;v&Usz+!ds^AYM-gx5IAioO=}Q<4b3s&j
zXlBuDFMpWXR<)mpOJ$U7*7NCf{f>7aKP{sf-qy#v`l%W7gOz;(HM~X}aROM!Y&NO+
zsr=VnlL&U)&$WntDtT^>H;;8*%uqjAv>4|vf<B_mTE$t-4iXWY?zu1^*rwHrln^4j
zSuan)9Aih0jWQNH5N!LZc&_Q-^9;TAQ-bs%v?kmMpd{JHN!3v|yK_N&eq#MGF7_?>
zt(Y-(VU9z*o!A1AAyc%Z@^B;blz7YpN)4Q$>0Afn|Ic4AF|g*M$Y@A4G;?boW-DYU
z8_c`O;*)-JO|WI!9;n>GPN~N|U#tYOCUOYSNKAO^>T0cl9HHsdIRRoSgq{7OTy}Q0
zypOV%Q$te~9{Jl;$<|jvR&_EsswsLj^}K|ZJ<49q$hznnORmC<9%`>qCgGi9!|fM9
zNcg>_%jY<b7Ixe+II8zcqS@r9ylc76EZ}Mj(&vZns+iWuTh3xwl?t7}-KdeGk6V)C
zSKU^I3fP_sAGUk;muoJ5xacyXA|gwEhEFr-BzO@!;^4&8yN5Ur$2p!A2a%K7wD!D!
zegy}Wr*)W&X==d#+aex96<D$q04v2!Xa&_dBJ1^H!YwQhw{rixT{dKG{$;R~46O(6
z{JPv=jc$f~CAv!4M`;mMQPlqZ3zF&7#GN7gV{MQ(%L_^<``+G`f5x0;6+Y$xT2ZT`
z({nNsQct_(GxuzVDq`sf5wk&!?hw(X$yv+J`H0$-oOJb=X-nUOj3e;h#w}jkG*s#3
z&#u-N$z}}OQH9lgdmSD#HjinV_o|vzp@I@(f+0?kr+~h?t~e}#OSBqwq3$M8;i)=@
z`#f#S;bEE4LvuuL1EZ@B-=P{bhVL;63jf+?uu$V(_?CVBrJAIHW7>QUyC)cKC=rfO
zjy64dBEa1)hUk=h2O=n79Bbx}&HbguYOV5&m{-yH6ICYx`V2sFao<L~rY$}Z5Bjhn
zMHc2#KE?r(?c4GW&3+~Zn?-3cES##oKcCmQ2(=|~%}NGqhg5|)K>y00^jaq5$f|G_
zx?5%^FO|CM_0<wB^jeOh)vPBzlNLFY%6X2tR}2RF5rV38oqr!X-;LwSL;ni*L4)9b
zh}@LrJ|NQwieTx`3Chc@wgVP50v_LBcNl}Bs!Z%T)Q2RR54r_^+Sh`k>f3;iNGDwm
z_n4)^HOxy1tc}D`VntEHXEmj|47}dO*voI*Hae1}>qyZN<fZxZwbj?}Ya~rHkPe+;
zk17SI5@f|k)SjenFO%AcruI6m1YQrW5~$1Ij3R+Y8Lgplki};*iHhz?0dqcbs;DKm
zl_ci;dV2ue_ZdhQVhN?H`5Jl?ahEkCDpX<-t*qI<A$aoFZYm-}EjxH-2jRx`M#IdF
z`ahE{8<&yHM6@`5=6yRgzI7>|wb1!h5Q`iwWz#-Wsqvmh)hXBkzG3Pj#j-C>reENk
z`vD`fbXFwv?w+Qa=-cMSXXx)E3~Qa8?|(+aQ@sy-vxW^Op#1P5$p)N71C-qb_3O(B
z7*&~^(yK&c7wy1yOQ*BDe?Kxx%)&#nURxSH4xYzzv9E7%a4(9XcLFc#OV)bK{KW|V
z%f8r|G_7tM)dq&gZHnD<O;H>}NFv$(CDs51p}^~D6=TP?+n6U+xYt-290vJ&$@(xf
zow*9&Ti@1!{XGx+lq}=fXN{^@WI`qX(K&->Uz*uI+D2a&Q@*;0B(%@PhJuMK%?3xv
z+6^B4o!D6d%TdiBo-+?_Z`g;Y5u*Crw)e<k3HnNci^DLLf7OE@e~!qUrfR;XWy&U~
zLNmX;>h7YstjJrW#qcE&>_Uo`8pDO4_|l=&CbtpPYr5h!s^R^t7=ars3fv?)L>o8k
zy|EanF>r4<*X$5zjv5p_N7j$+-K&y_Gx^bvZ1p>__X4smX4lYJpYU^e>xRQi8%?i|
zPmZKQB2-WnRUUvwa;l{KXJJDH4Nw;iLYz`Rv~;~oFZz*od{BYo<k;+mASyy+Bf9tt
zt5v9y_eqqs;i95#h_sV%$aw}-a*57jYZop+zL0=?qH7H%1`Aum?V^67%R0^JpYY}V
zM<;bBc1>zr^6ZO8^f`a}#g_l6LWJ(oCp~TVA*|)~{Ak~Mo0&k@<8^1GR1WnoAF$^3
zQGXJP|GVb$7O1u`UODVAu(>&X>XU!<-+lHvM#g<^ON=HJrUf`U%85bg`JArge%|Fs
zG+V>uQvTXKSL&{s9e?z`Xx*+s2{Z>_e~C_Ht=dF(xw<z+Sc#(L>A6g5j=a;7$a{^W
z?0ONGGy33L_Wbx6WFd%3^#eNI42!9&RQGKIphU8-NKx2=S?tVO<&x>pR0-8$s{0nh
z8Og_o$%eP~>b94g&`8JTAP?55Jd8~(E6fpkif3^FR2KJ%*a7G0S0wyC>Rj3tb+^4}
zDE&l<%0lwQk^wkojhm<F*0=YlS5EtT6Q?|@k3`Q+n<Kfa8=XY1!MR@P{2bI8TNu7Q
z#Mz)$#(i_$|C$4o2(gdgk1+T?#=E+4q+n}K3*rz~1R`ttG)h`aGLKwHqT%&&cM0Nh
zS=oA+J<J~axNZgE>F}rNLo(Osg<&neo6?=f+l5}TPl;c|PKQ%4Ui&80gpv<0)f^_W
z9>X`wLY5g^&GC^bJ#j0aCJMjmDnevJhe!y=Z~Q4Rh#JpJw0m0=hw_+11%=)YIJmDe
zK=6h7&$D6s_8{~f6EmCShIP&4O;d%8Fq2^0YMPD=vJD5q7MXN~x;;*-W>rMRZGR5*
zFv-TlCkq0R74JM^|7jCEzs>sM`7*j*_wsyh_0fyg>UGQ6o?`xGY;o_ST=eqm(w*|w
z6Q#UosG!Z8y=t{Ju>Q|K6vKT8?*7PJZ3R5ENHDvAfTh(8tM3cOzxb`=GdUnyY`{fh
z2wR5|CXcC_p}2VXyZXqPC1~Vxkj|3BvrS6n`W!kv1HO~-%=O!;q$bzgX1kamvv8Vt
z@SwxDanWO-#;((;Re0ol9q|9>LyH$rFN3de#ydT(tBe=DiPnz|`kIVu`}P8|scjS;
z|MWV&>D5)qF?=1~-i!VRb=Cijz7ge}a6*h8ufiANwku-V6XL0ax(_^Qgrk@U_aEkF
zgKK$+9oaPaY_t{b8a%R~oA0P!I<BYt$(Ox6UnCbUO<!$j?VPi)ZgqQ!oEp6mi<VwE
zXsZlFvZ+wyb9FF^OaCvv)CRpnx5?T3hVaniFNg<YcJi*47$pxTJH{2w10gt`E>xUO
z;HIXKs!K+wXtU~0>`LkzFP8{?tcADf&M_vY{c~e(@Mj+K1p^RkIt}1Bd+_FTV*hm<
z{U9;oYpArJ&yB9MDUBb5@L;G+tgx*khUv__+Vh4Rtj}j+M;?EbJj5Q&T=bgaQV!Cn
z%zFOWe!%eVU%%1YO_6wMyPHtC@z{t8OSEde4)vC;Q|qu$gq{`xVkEa&iPbo2vE!K-
z7lYDgT2HuguUDVx1uAQWPr_YDoX>f`<%M|u#nJR|6*th$&<V7tS4Jo=qj)%H<4OgO
zn=q4$UoMyLz}5uAN}n(6MP<R8M4qgdyUK1Ov%JK_BpaD`o6_r6mDM(92{h5CJkm`e
zSyrDH>eVGLl_f+5hPe*}RYdAa5dg7DYL$*o2T?Isr{%=du0b@!$?j`sUJ@Q*e18+{
z2aO{?&>YTLZ8(E*L7k)V*sgbqsCj)ZYbO5z0%1E;Q{Pf;#<xUW-c4z*v_W0Kkt1y#
z9)W{HFH7M0am$OCJ%XnL`P@BD+0#JENtr)M+ueBJVcqr>KS2N+>uAs~1{YY5@5GU2
zMG0Dgn7$;U+4pwqn0B8^J7|fk&k|mYb5g(qXuj`YOplGiO@hmD&c03~OZ}}e(!e>>
zas1zTItAxqlo}_)f%n8|W?vvzZY|qR{eDRpSmm2)Wf>74AUPm;*MLx}oT~%#(=CQW
z<F|{iqG0023REVZ>9gtpqSOG%YYpuhiWiG?0ytm(m$Gizpb7E_F`=C*eL5kM7N5dG
zb$QvsaF8*|>2TmouR$5*A#S4MwdQ>_!luq2TQ^RtYmiQFZKW;^QKC>A4VEl&P(^03
zrTYAw<xVeiu=7sO!AA8Qx+CI9i(7?<I?Q>cHYXo`qg!sJfreUD0`OI937?CCdR66S
z*=Uar8!ilR`dWW&T-h!jhP3=P)@fJer#0NNcV~NMSm=K`y&i1rynfvK$DFk?uP8-B
z1J{QN(QL3xN@%p?!TfJL!+=7DLg;%EO2*3QGK5L>?Zyjs8kMwW5z0!au?wm6y)bOi
z))3%h7u*KTz8|kUsHPmamGQvcfrZ_PU45*1Xos6Hv_13tii|~6EJwwKAzdyta(n8C
zQs0*>Bnw#F1O(Y{LY6cBPGk7#l)>)RG)u<4VWMnSveZxUvn}d#ei~`%YXUz%N!EI2
z3+`+c90n2;IXJLa&YtEi6Ul~)SA;hD7uaY(hHZbMPkS6BKHD|EE3*f`T4@iP7u>WH
z0NZ82r51E5$D4g){IAaOZ27d3hfbbdU&g+m!K1^Up7_&KXeZP_H?<!zP6}N4)xDt^
z{&8Cot(v#Du5V^h_KSqYh=9$l>E;<;qhKq9(QBE(?ISng*Tu=6;fi&M$jeatALv)F
zb~voxQG*2mV}Yi^E%<Nv%7!BoCibc}fpMc3l4ak&ba3zMMj%1`IpE0L7B7@TnHD=p
z;L(Ef<6PD?mU^nN+$!44+ZG<e)P8(<Hhp2pf!*~1`^6OYf{;CS^Qq5>fY%U*0B1|(
zDFp-t|0?D)wZ|Yz-)>qCmnHDXn<mD5Lxary2w{uH#yWcttgO1d;<=q|&9dYA90_+j
zlIVaXYT8{;3epe(o>8Oy5^VFovjYygM>VcGSU|q7i}tw3zuC5hXA%M7_{WET;u+;+
z9b{%shMtN?317LtVo7~Q&|D=AEGP6%Eh-vAvN617F<QZ}wwL&%iUd_eN5NevGje;9
z>?u1+yiQVbx4b8C({~r3ktJ{`Bx<|J^zzcy(Q_l9yZ$c9IS3Uc2>US!C5-uev_(eG
zyyXkXFZcue`G{N_e;n>J-qYiyaoZllg`qD)5&v6TC*G_mG=BKo|GVpqKcx8OSw8TQ
zZavTuJNcOOIuV=p?&8u6A|-N7BYmkzkM9!LaEUZP)e>9yY5yzzeqDS>aH=U*t7PA8
zNtwk*glpqQ{nIRQ<&`?wW`&fpY_5v{k%wl-<|)6-%>kn~)WZ`FKCiOm-FnuQ<`d~^
zrtx1i97|tk;Z^Y}#~8va*q}?7VYKbA6Rk-Gkt?gr$YTC=Ddi}VXlTGdCAy}_{<plf
z5rWhoXr)5oNn-e8`Jw1JqsZ}jQCLY;>>Gw%eD;%wq-#k6TPcW|aaUyttPK>^pnE<T
z&_wU!&KK-pg&SbA45*$*br(+P<#yKZ-vyh7e56A}+>^kVK-Q;KV+`6^VxLFU>Re%h
z?h`o@ibb`16i9=O^1k9ew)M8`)lI>9T}=ibR*|5H0^5#_iuiwSqXC@@V+JHfLO+ge
zS&g%QxUO{PSM^e^QS~}vze}B7r1Td=_lFl`{&KNj9`P9zjHG56?oSNJF31cb>~H&E
z&~R73B)~Qbsi1u)<kV8*k-fQ0b$GPgY4Cs=TN!ybU*nDutn_q!zg+Y3Vnu1(%J#G>
zMTB|sF5j>kxfS>wcG=pNXvg>}m>rEgai)zQJQA~Fc)jGYQI@t`cyFis^GK{j4i)Ze
zHi!p080LS`Xc*-^p=-oXdl!A<9;VHMh)@1sF#oFW?Qwiy#=9|YoN2TsUTU^Upb^bs
zUyWAH8$&_RYohB#l0f}}V~z|9iuX?UEg`saGhbtzCu)Pq&8MqjZ6elc{x%yRpZT|M
zc>D8V6!*vUqQMcA5$w3y1J$IlpIaY>)5|lt>DE1%6oA(m*;vndZoPUzLPdSlLMZBw
zmG<t2da@o&KVS%t?RpLy^1)7`Q3GzY+VeiUoa3J0CLmo2ZUTXaK{~6I{RvIaj>?1)
zO3;dLPFN~llK#JXqeP6Dv$-};ly&*R^^S5&EK8pfrhj*1C4C49I^xL*+~SC5z1)%j
zVAy3<%2e{;F=<kMpwY}?{Kv+I>EDlrHrXsm<IPtUIUda`+{0rAIJ81*aJq(DwVu<P
zb$2Z0FLI6#k5B*n)T}WF@Q?$6v#kD~qQU=cblT5{yfXy6RoIJc3Tqg0(bsR!pR*j9
z@X^YR2Hgq)&2pi947!zsb<lVY?tdSlf^J4$tqoMI(irnR_);q0@t%9nCp+5eo;q}2
zKNVAYHfz~ss=LSLHLC5Twfk_oj0ENFOR1D&`wUtn0h)aYt`_k>hEF!YoiFv7oyP!I
zU}6TjDItK`oZvsX^r8VOm6`lbp_aF{p|KB^!S(K4#fqGoeymQB6G7&~-w&YwJGaeA
zt22^T%C#F5`L$KMl2^Vi(@QkI6u+k}5!GBIBCoOw732o;blDFT)GDQlVTl#n$V?Gd
zT<HBiKf9k?>+QCFrzezr{7+=5CjIK;#XOZwqoDbnIiq@`=G&HbVvYZ!-yJr*lyv(8
zVlhc!XqnP~v;Du=P}1ajHw(-sax^dq`qc)@OCVL(T>iDfWoO|w?Q*#$KQ|R<MG&yn
zp@Q9R84Ha%Jy4pV7NOb*8NJ6EEJ}@59M)j%!}zSu>c2;YAOBNZ%Rj-95izDfeX%ev
z#05iPRnGrWMaDDTS*gBGEBl5;)(Q+ymGeyKA|o@$u}6!({%<?_;H-++%G9O?WYS#V
z|1?-UKJ$jJ>~{o$@Z|DKZ98pxW25YwJ=>0gYHc}d-$l^Iy)DRjBZt9vO#o$rQ4pqP
z1&odAIYl<hL9H&Q35k`!5k?LTh2vwVW8|@muJ8Qrqc^ju@oE`O)E%9bXNg|tS2=>g
z7OVf;gg}vZNA<4{mL;QTwS9|o<|gq)PEScv)z*3^hl-sf(MUjws01p5$U;6SDJqVt
z(*8(J<vfbQ`Ib-t;vr8~76-CrNrLws{iLPl*!tZ|LTQL%LvD8IgNk-M>X*}t{vEC(
zyJNG>5-c2=Z_S{$21uZgPiF-EkRAw=MkN%#Z23i<Kj(qsq#3OuUB>qDm8vsgri>&S
z4v5Dg(VzO8EZ3PZlxqE1Or@nt{D7zNlL&k(Y*|U(F+;2}4b#jjuoJa|VD(h#Uo0YD
zLZieG#)sEL(>SatMxzyr{(GcH(?K_0N{@>um;5rm=d_?(G=QKntgE-*ZyTU~YW3_O
zUySh+!3eqDb$R{g0Po1d{`T5!-oOuN$^QS^wGe7G^s?&uZ@P`fbKf%I`G__Nk@}<P
z-`;7i1UYEdSUA`JiP7>d&=;3j@;k#Szzk?IGn_HW6lSebl&!Su(WKn?7ms%@%t@6D
z;Y`)zNQfUB<~(6IHK^Dzt#P(R25)UJFV(DjcR;}FmG0-SHYU0XGfTR3i|#+{m%j=e
zEf)$C^a5Fg-!(5(=|$Nwh^4Xre7jmO4h@1)qnw*TB2QiT_O@L}K7!l-hQiC+z*;!B
zhvcDyL`FgsU>uzMpX(hF>`YU@9eg77#RJs;J(G<B-UT}W>gKMmVHZrX2yExjII7lC
zxlA*~#tjw@^Rjd$)?)x)bd>FAKXHgfV<24~wS%H6{Z&?+9xDqzbIPg6$v42!!{M|^
zFX~etCPuMt9*iSoKI3q{f-;vTk)fzYz*A42U50_|J;0yL)p<Pr4j?_SWJVI7MY5t^
z6oG)+Y~pXmVL6}9?RYG1t=Uuvc07`&TXIY^yH1^}x9FElWpSpL$zYH8LP!0C^pD$-
zcaEp*mjU#}1$dgi^{P-dgImG>H)4rR1~*CVj~z+PMu%@Q8Qck8FRr{}nS3<qD!rkC
zC4z!5sw=UeS+2^MM593%+YN`ZpJ`|iMpj(ax41w|14nC;s}mE#F8c}XsKH>Sd^uWA
zs#*bipJN-zW*U%}SPGy9v{<{|FLO>@%~=MTh2akdhBP9Q@@XMm6R^4nyok#Sv5%$;
z{3NU}u&GYDy;5(ynurhejhwf>DAsvIT4{vW&6Eyyioj(vPvUQ_jr_%W-=yc7_s2N1
zWAiG$&kgEUmS9<Ffj(pBMZ+WBOp8ph?aOa7X9zd}=Clr(&1#XVU^?-FXl_r>Lnw|?
zPF8|nQar>7gBmvp!MDTnae7J&ncM?KvVX&W@~A2*7r4@n3DYh?0a_CO{fW;fFU~gB
z=Q|_IN*R05yivRd1^dkiw@xj+WxXqRie~)>s{c$!Fnqt0Mt8y~4Z23KN8W{Uos2JS
z3`SeyS!h&HXJjtKa?h50eZKi!vFrloRA`XIG(Rk5WBoBq<okku8fdn6w1eQ{3kt(T
z(TYR-*?P((n7=!oA~RDc`;AzP5l8jdX4OqTqs5Wj;4=|v2)BQ;>Gyie%lgZX*3+*o
zUiYr}bkFt@)m=Z}6YAZ%L)*2o)|hqhqnn#)rerU_4h5JkY?<Q$w-e<g(rHPWmo1WT
zI)YDGJs+esTdZ)rD>O;ZIoZn%fZ<M#FwYD1bc)3wZ7^`{PZ7tOi+^I3dZvkWh$QY5
zaG3$BFT1w$>b0*eCtq|j8OnSdNI4FTc(Pc*ko)!Na|r-}AUR*CEnv;0n+KpZ(My;#
z_kRM*dMC)mT>$P}35QnO5r-MoIg80?_8=i}e+lhZf*NJ&ZsbF+0UT4wL*VihQfq1A
z(y0Ozs4PKBn{@J(=<0kPT`-QeU2Yns<`?EgM~^afs(7=(ynLqrL`4i3C?3Z)57%fN
zU2;4zw`Z@%`nE6ia&a&L4NGxql{tGR6Gb#UjRga9rIX>&B6yA$>jb-7WeNl$rO(XM
z=3!FA-p|IobQ-ms8OO6F_8b=db;cWvztec{Ilu+CmC&E7fy^OWTB`Y$p08w8)|z}G
zmfU-K@w{`gi|<hh;BHBTIBCkG$@Po>TsY@l8`a;R%mHTnh??zgn4U~-ta44yfv@UK
z<aB?4TfTU$o3J1(W+>~$;Ch=?O<Xn$jIm4>O7jleT)?47$Z5je-Ou~6W`GL{4*-Pg
zx5i<|la)aF7PDqvOQ3@<^7A4ngUN6p|0?|i0G>Huc#D^+HFfZAA@i}udcE?sS5^P9
zx%&%Cbit4E&zSXTGwhenN4hF#l7Gm#D^M!T@2z2!D2O<M{ewTX5<?AEZnfd0YS#BM
znyde(>HMAaAG-B=E@HuN+ec{Zt2+z|useIPSl%vO?nL5Qy_w1Q?alrusFit4d(5)F
zD47lH<@LJyuY(~P$#hFzwcYL7n6y^2!D2`P-O`n`R^;>E$P2zG__d$=@WINgOtApB
zAsA<;+Wi6CFo4n&KKPABt^ACI?93O4VQcAya%qyEcPB7QUfhwS)6D#nIn2SV2A&sK
zbZEMpsvoQ?wW<i`Ds|KbV(+rU%}?)nk5JuXF}4q9OK7%gfh1w19b9eDu0E+&d9|D&
z(GE||fp<U*2Ch5K4e6B0O<^$&8UAql3Is0cE}0-e4kF9r;v2K^ha-)3mrEJ1#pz`x
z6dp<>J`*Y}oaLdL7l!t$ADTv5Ax;#|TpX@~wN)Lvnig}lm@->9NTi}Gv1xw71wKZv
z0D=@fG6q|~3!m@hF0bC#8T|iLb(T?a1Y5KQLVyH^;O@cQHNhPM1PJaB+?@%*-CY9&
z2@Zo>a0@c{;O_3u>*U`1)_eSzU#yv4-Bs09=j{D$g?<gd9|b@v;r5qWVieMv0G*H=
z7xZ&p*60$mcMXTuy7_QyBqI8UJmS7?l*M&3<5$h&U`I=wyr_}!^gVM+BQEZ;zpo=P
zBMhx-Q%u{fk_jzu)CeA8_l<h-l&YsajUrs;#j3dHca)Z<C;Q8B=^B*`xJQ^D!BJoh
zf0fpx#jl%II|}bwTu;_)KW-Np@=Wri^SYy9udOUu&X?#RK3kY$BVZZ(6HFFCfNfcR
zJe(scAs3btTKrc%S_vZQ=i|lvA`MLUC)chqu&HA^Ud$4t<z{zFQTqmKE`Vn&lRazu
z&vSRw^&`Ib@nRbt_ojA|s$J*zJ1(;c30b)YebxJL$_fHdqE>I;6!7Zu+#iOA^r;{I
z^`CS!m*qbkx6E4m7zveN*(%_P9+YwR#y<hNukjFoXPN8D_Di384$E(-q(~*9Pm!7+
z`3NB9({5R9%7OD$m~|JgW>?7Hz7>zuix;+k7HZzOUg#mzZA|}}1IU(uNE_U{`&&Q{
zI??g+RO1r9XU#zrp6Spf>+%~GQBKFM^(+`mFiN*5+QKPh*f{&P4r*S7Lj}Q&=i@k{
zsiLc&$?zR`{V|$Aac)tnC|W1;^4Gs7;f7(^Y{aejrRBpw6-^H*L<+O32(=_Rm-^mp
zWilU|J4%tHBh8(pVRSzpy*m4&0s1DJciqYH6VyRf_WquEajf!7-KS`x(!pfgQWKGw
z2frPwr5WyZc9G=G&PIe%w#B#lEY0+8nRsPgdrDLd&72hTbpT`}WtPXtcl(sKab_aY
zb*<&<XiTt8GoF(76h+bIIMVeT{~#TmR08xTbM(c0?kf;(D^$01tQU0AmBRWW&$N1V
zz`MFJ@+*AN9vcKGV&L>YWq7r<!i5j2?T5JmF5}%_r4>n6g_C#k<ID|<i8#e-H1if{
zf@(9S-GJ<%v=TSnly%#cu+-B8L94#n{2|REN47**kPxC&qT0)JIU)a&Oql6&{^pH!
zd}L(GyZES~6^{+(b6z<4>w!3QQ-vC4j9rxw^bQFofKdTR?Y8p+6=zE+RX$->;aUk|
za0Jk+>6Dd5yMKtN+jK^1*p#Lvjn!UaPk8&1bw+4gZJFUKxbA8l`QIZWEmES+Gad8N
zkhIg8N6+=n=a@H$qKV%*7eq*bd9L{DobZVIxnjf4Zy`r#X<N?-$$d=k-lG7sz-fj|
zq`K^LTXR_o0zt@w=i^*sR?iamJapcN2|LerAw$mB>v~`DRt095yRd95LvX>I&PR6_
zVuA-p(C>YcQP~GS3Rl@D{p*O|A$Gvz*CX{Zl-O&v%H+PH<tpLnSN$o$>Wbe}5-%fP
zl2=%~@gx1T1kof0;P&F!A63JAespG!YTQarWd8knDM3Ay#|^LF<wT=Ya{^F7j-qRL
zO**I|&c>t0KdmFPPT)RIICs9@Q9b(NYB^<{|7ku-H_YvWJJ-{tdZ-&^TD(L}b<6F_
ziyu2kShr8DzcSHveQ;dn`t0{eNc06j5#PR&McoCm%cqtG^c<!PY>*lQD0IRMGevLD
z5kEb{{Mmk^e-zBe0{HHY^LZ_k<8=Sr`uq26E80M2N;c56_BH<XzD|)gS<{u1<~UF&
z53#NBYnomml=4J;H}-WZQ`^>(T|Zb_O0%q$T*%IkBJ^z18UTs*m^1dS?^nOZ?ZH6n
zcX|@({ZjViE{{_`e#~!ZUwzK9lV8&pg_=F{=^cE{`!JrF<db=KcPq}qkQOpr>Uhw2
zA)v8I@n-j)A>%T+SI>|DOvpb;+uY(#;g=te#>Thp$#-Kr39qJwIDa?i{T|#OovE9`
zvelZZa(3$QYZ(RyV^Y}__C`!D)Ugr_lwceovo?ygTee*s3$|{%`f#|$S*cQcGb<B>
z94xi)lDO>}1?G2<dR{^X9_<Q%Gf33oEq0uxrgx%(EG4w~01zNEswDvlt5$@<_s9+R
zanHp(l5d?hb3Z(c1Iq6~yDcE1!;_LdN)z5GS}az#AMXS`FLoRK*E)@2B<smg9}-^#
z(%>~m#_bXL{2WR-uuT-UoXY>Vmf&J&^+>ch9TM9b4Q%&MGEL3b>}!=piG%!jb->k9
zL>WJpgrE&F;!|I$h0PADPZH||>rz~2kU$StDXp_n9ZK^_Cllp@b(Ti=&yXAt<-`2k
zWgdB~q%63)g7{#Vearh2F9&PcRu#>ZxWI?N8BgoHymTly4fYkHECv~=Uj`qA;aR=Y
znsp(c#@gPY?K~K*l#xxy`kGk#SR*%=O66<V^<EKrerLc<($cA2$J6KZgl(23G^x1d
z@1Z<1TA9w*&_JqIQhfgS7nppqW|=MGv`AAbbT_IF(_4o$xwB0*<u`G%1;}S|;DjFu
z+Fuv~IhoWZWZeF0Xnc-%_@CF-<yn;W_)#0^3A{X%$b42mKtG({A5{K?wq{FbQ35py
zLqz39siyA}H0V25&b6$#-z2@Uv5(AwH$d(*-@gg~htzK^@Ex%&X$U?Xs>V8}1c9$t
zq$SnNH6+=_WZxtISJGY#ck4l8t<=J2B<-lT`PgS3WG*}O6N(w!`L3-kw+$;kR=pb)
ziXQpZ$JJ4Nez(UNzn_KDum&1GW`^cb&kMSr(Af4hL6AMPttn?4Wlf;eEN?UXT22OA
zYG;$nJb2ebwK5T2tw#yh=jj&mO|Lm!uh=^z4iz|(fzJ8Mb?X>P6!@yuv5rilN##OF
z`~p!7kJ}HF(gnC1OAYV?6}nyn_F->yW9wz|Y?g;tZ7-dORye8{gY`pbBD>`K3k_sC
z6w;Hs?D@7Xo37Gy^Cj7(S;Nj?HHyp%1z9Snhf1`N6B3E*6vq8#Ld-7U%MJB$>x#3>
z=(18>Q&Zwkx?VVe@dD({yX6hbp;!<;NpcG$En{MhT$;(M&szLMcr>hzuvkZO1Rre?
z>~FaP*fm+(?-?O(>}nnV7F_5D7~CT{V@RK=<1xtB{1At{%_-8xJB}Tl2^i5MSpuZV
z)kd>jOYS$qrWci4Am*QE8+~3USd7+{u5&dlIyTL&9?dR=@Duyd&A2oW0K|#T{wSG5
zgo8MIgO}q=Ec5G+_g7aFMo>U-6x<n7nO?0FO7L3LDo5{|3{!McF1Cuy@022BPdH>6
z=FwjmWo8Of1oC_Vb=qVYT{iV39;wf%-~Cofj;&6u7jvj(j@N$46i+4d)4|G1-ri(U
zk*?b>YNEG-F1uoM*$$K=#*Ax##yl2`0@SM42H&&ebXl2=0?dRHq{{V0J)y;MAfqn0
z*=;Fp?6^Gw;PhZ9MWX<!o(1^Pk-1t6<>tq8(5XIL2Lx~}9n+Q=V7}*pXIfL#^<Qna
zmT%ABl*FUcia_#ducqcpA`V=Lbx&S%1}9lcQ~YxL&nX2BHcenuEwDFlBvQb}7dJkN
zvd84(46-&rMip}Px!>O%8CN)Zj44LSx9`6{Z1!>EaoZq$*tn5mTE}a#x>>HPEQs9U
zo(ENL%`_{#DHtJhWtIa{&;sq3nuEq#pE-ZsiV;WGXI|=Drq((p6iyYZV)s>5Xmu<_
zrsD8-^JA62cW@dW4(^b^IvQqa$!zGWR6-YW0DUn)LqMC07!`OR_8iag*?*H=bLPs!
z7Cxnl0jWQzCG*?F)NUm!p?;T!HYhcNfJ!*A!rIFA({)}BEN*B)k@|KG%t1cON7q6f
zXCr1fYhmEoYX*J~Qk5&7<M}BE&fvC{a$j*a2-7W!ih;4nbSwlv0D^DXI}>p^v66AL
zsBbju!SCp-!wD>D;x9H#xH4JUbIMGHX&@rEtFKDF9Hu5ZM0_sSR|K^E8w7@vU9yCu
z>~Mp}*oDlaX`CsdtBA9a+l}F0bP<ra>=siQG}-&#1=ZSb(Kkfg?iN;AcNOGgCG?u2
z^^<q5rwnwypA1~-#u-W}0?a7qD|d^(y$pE`%vegDcUXklZNwH*xmZTWQnY{giEhhb
zlPS(cGW10|zb%ZlfoTnXNV@X*qvpsrn}^C{E9(-e-ESU6HFLREA3byGYd<zRm0A=X
zV7Vf&g`Pp|?ph9&Ijnb9{yNjzRL1`N_0NvuIZvMC@XXXtYu-10+}jbqg9jx)kVnK@
zx^E~JRhzm2R_@EI6oWZh-1~6FjV~NZ<zE_-^Cxmo<@=^c-9NwM!)czNcuf;;X`;Ci
zO(Hm1rVXlkeORCPEK|)tce<7`gysjFScH5Z9UbI87B2;%;Yxrj+xHoMb&>3oxGxjj
zZpf-TGy?|ST(T`gUgyMwKlBi#U?p>_5)38A04zDeL8&aj_eXGN>~Rh4{&X)WPP$MC
zfcB#RB28d%0a{B8;Ek#+1CeC;)>G8Ua&EFYZU&$a-aEbvs}t*HZGRu~(^|Fn`!{y$
zo^Uj@szbwxFO?&aAFch-rg6PiwFb61F`p}=8pQcgc5QfMpc`%J-1b`*3?EmDHD7ww
z2(4+DDMUf+PmjZ_m*e8E?Q7E1<7mwz#Tag^I==^9ZYZ1lL?3G;A4ye%4@Th+-k+`{
z)26)-zwy{u?2Wj1wI_W(!Gf<5-$Vww&GviZUKR*VaKB!7fwAvqE;Tut=e~S?SvH9%
z?eOND*mqtck1?~W&}npl^}X$USay`Rn?DmOtpQ*@cIugA8P}tmCL(m_1OrVj5xB;)
zXL3$L?}qB098&Qg)>a>W+XeIZPJba}?-i9^unq9l4E4L{%H{DCR1JyF+H5=JR3>?e
zD2kPC(sSR4>bxzpDYNb~x2#}%3zx>6C%k5{jFYMC<V3>r&3d*yK*IOtNb`;8BOvmQ
zQs_HsflRCZ`1tx6LnCNLx~$)>Gx!&a&;yp;c|jQ1!CxEkc>SFQt0u_tPM#W4q1J$=
z2U=2`0vL(+PdD^7t}XIz=8Ev2Qdso%!iOspEBydVBW>ktU*R~*ne|#(Fee4nQbwC{
zUc1FnTix`H1;=njlI-V0u51KO;~wTgiEt)n?7S!fy0+U^iAJ*9*Doiajz6sN9auA}
zVQwESxqeVnV34nxza{^*gI0j0IZH8~EZdLNNV1sLYEEu}K(OGs+N`&1+cb~Dj00z}
zz-K$}(tLE?VhK>9c;qViKayuXTn@8hduUHw@&8K0Rl|pm$F$uIs=Lca5AePxcI;7|
zs#1MS*JvOO3w7&Qa!=W?rD%y(F7vO$oJ?8+DpykWL48AW3&rd?0VoZbD|<=MX1##f
znl8ocOCsNgBi?m)&?k!d&wfDq<7F=p;Q=nxX|mBfs@T{X%Ezn6wY?2s>5Jj#NOiNg
ziJr>y;!Ypkv5Y~o4K`mvHj0mKZ+n~23+sJE6)b8KD&)5q<7jI)Q9$5&0+nar$T@j9
zQTr~1oFbMS=nMwJ7bO4I==KGpJfXTfkv0<FV-ESpi8bqu@0>&`4nz1j^kRx8O@0Z9
zF#X9840%r7V=X=ULro}HWpZ?Vv*Jh6pe9(DaI@PKkr+cVcwtg2`u10f>HF;*ELpI>
zEU*@&*{qPy(E5~kulhf%ld2DFZPop>u4wvP<^<rD*ef;sNFkEPZz<<Xlt{)BP4oTD
ztoA+PR>o1@R#6KOK<aBb<4ahT^0Ee}9DQ7cc5`3y|N5$aeJ-aZSzoa4P$cs?72Tum
zww*5702DmB>ljFJHYEm3Ec?SP2A~|n1^*Pq+Pg&$B8w}k%;A!a<lk$>!yu8DymAJ6
zeD$#O3zjBNPtU0$WqVRX&3G`ofuAJc^@yP>%3dUo-4*e_1+UVV9L*m|v>Z-EjN^6t
z-mdj?o&S(_QsZZ)F@a~xfWKioY<55Sa3tvR&iK6JX8EU&1%W0|-@O$k5?)%|*B)-s
z36Ka`s_rLYo!JXQo}+yFQ7v<0>eN7FpND*NZ(TV7Ah>#fC|*4Q^WEz87tcpNAb+~d
z$8<4=c@bDTe`vIt8cmhH#JSw`W7%ffKmM$xXN{gK9}yJfwVBc?%*&7Qf4H-l5q2vp
z%^P^!dcIFcb|O2l4a8+E$vm~n@yI8;ep8G29f@ha(-|CqYu~V5pVQza;Cd{_tW$^E
zR(iX*BWgZMj-j$R+-D;Z_!_?kNOdo?Z@=dlP1TwR<=JnZ&Gp^V^VbH~T8zY3lexho
zItIVewi`^gXq<j*{gWyZm6L&E3}3EU39Hk(aB*QEIYGx!sgv2E@_1|2L+0Vthr-AB
znaSb_#HJ5=(@;9bDFBr1!$}uQD?138KRa&9|J09VRMIpK;}PqGd73|{pmTvS0o})u
zdfieShd!Fr#QH6v@~Qv_$z7dg!k0lh(wNNoPw!yxB*1D=lyWv|B3lOej2}3?!c1kO
zz~Rzp`2GH4noY3zL7<g6U8X~PrbbNT-eSqJ)372BwB>qgWL$`8O6@zwDjrYAPjMWM
z9s<@A7<zO1p3a~RGhedOE)1q!1!`-TJZ;332>jj72b&98k!8kywSM-a+ds9VuKQcw
zH_P7SdTx8Y9JyWdLkY_K0c^3FDT44!5GA)9H2zIPfs@7B-mmpeTMPonw+T*~ADHP&
zkqm!b$L7bZaTnuQiJa_wx0(-f-K|vGd6E|M=rEDLq^_6g_CL-3O@v^=dtBL0ypc6D
z=~k3w3E0vSwwPX?XNO50Po_#ZQ5UW42OqjF#(J|TY{IUwo;_|x1z&KQPSIz)$-L$;
zCq#TOZfA#Cr7rW=bc4`&zqEWWEL(VwpIaH@x>h!K+0D~+d9<4paPmqE>=^Bqx6!5|
ze$!_7gf-T9V~SkX5>TIkMi6@_+o4z>ngU;BL{(mZX*>0X4E+?+>)N4oo0i;@EV!zD
zu$-R~YpzLq*#9YTu%nliYPUOMpmRU#kK&VWjaIi_+V}mfA>5D-32a-KiFD3LzF-&_
zhS|RWO1$3&&Lgfh2%86$9qU&z$^&HY5$<MJ9H_W$#zT48?j@O)Q=MWNH8CJ8yB?KY
z@iyRECX$n+(uZ^<{-6Gq7EZ02`1ybNPu2aTtkzZeZaA|WZC#;OjXjhY<SXW@ILc)K
zbur32KGp0*Qv`TFk=6R;fm)ZZea8`Qb!r#rpxk|&cf}9U{<o1ykuM^8UcK#wNB&P*
zu<P(=eS_vek-JL(Y$kGNMJ66C@LgGOcW6@UU{DOlS`vsup=>)dcgS6Cdl+?@iVKl%
z0*s{CzPGB6%ZvcY=I1N)Ib~CkyG_pL-RHL3rB<K?Ltja+EB6ZVc<`aa1!H&sWmy5`
zD4h?25u4@qRo?p$k|S{5r&>H)V+L{*?3-LTX{EczdU}TtA|aqgF+bovChR^jy3`z=
zeqi4i))!4OrWWM;XZ(1&m0<d}|Eq$fX-~pKfa8oE0x&olI#3H+dCJWON&7wl6f(0W
z<+rUVK*+%lVS)xA23vKh*%kV+IX>m_X_T&__2bJ82oX{tBo24Htz(zK=*LmAA@Xpj
z`1Ek1gz9mq*(7K7rI!pZnMF@32lV_}an+*V)#ypm^<;?y`GAbgfwdZlk1Cs2CCdM)
z(+BA%X1t*mqFIVJi7Wx-aA;4}1FY0*f=6EH?}MLsIXB_=3w{r(q?P=A%}~(O0S)W2
zS6PLr1X0baCf_WN1nx#&eKN^mXtU1Lab+*ErOs>peAM8hTALW+maPz3wu$4lk#Rze
zlAeqo<@pPs8(#4Mo5mINehQRz=r31NoqC-xGh9!Mm^OaHrECt*_{fY!FD=p0gubQ;
z2WYlH^vFfu(`5iNL%H<>TGnm119BQ^Ok|bNSgOeMr2loD-Q?#&f6W~zent0rP*bZ9
zjM`Sd?%g>Kd?}Botr<fzW3AT}LmCdol`5Rm>*?X?B<l{E`Q6HP{0p3<gPFDz6ja0O
zklK)ton~V@Pk=R8R9eyerLe^B9!mEpeNU(ddQzOqEK)I=KhpF0d`(;bc5?zp0$lyD
z%x{r1!Wxit`FkMFxT)%D7-6u_@pTFc8OzR$@ZFT!Yqz1^I)eGt&WG{U&H&rV$!0$w
zCi@&KYAA76_bA>i+D&~){*x}LyCqP|rzP^&^BL^*-{B&<>T$kbeT6=R6${L<WCyMQ
z0m)n~Or+So;&lAddc`%zS1q^xNd#PuSRL$JKdm_D7*jU-yDePtMPI53@<u*K=~hCN
z%;_bsLJV9eNIX`bC*pSuJi_#Suei?^a$sLw=hlu21<X40)T=JzkfFEVZR<2YMYpu^
z9qdgsaq9V;1)ak#^)<~7suhl#r95><2%LU<@=TaSrg>a>X%|;M-;OeJ2h2pfk(0_v
zma#1<2G0$^bgArkrqwyPHnNs&6T1e=zT>aZqYIcb8pdf-bl)|o5+9$Xq>6xM+x&fa
zV(HO%KzY``B#2y>K^+}o=@vQO+2cwLOZFWXEFctU$k!RJ0~?Clt_api#>&X^@II7a
zP9@Q(6SGGFLyY4$*nUag1l*;tWD3!O$67OF#46%<Tp}|r&yTOUJaRsKn)!f8MyvT)
zpw{2o%Hsk{7SnVwy43nuVR5lNatRbAu;%TvN;`^=+n5=3G!+=hoGw+W?^#x(vPC>z
zKtZ3EI$lUyU%9zM0``WHJ>K%0LtIv^_Ny$ry`nuD)49L0fB4$Hw_x?Q5)Z-X>uBIx
zPPw&0r6)b6RV)X;Pc-vO-j|o=9lqyh(yh+V0B;-OfybOlcLcvC>1_kDd2mU5E6S@q
z(Z*V!<QmJGhP)k<9EfIvA7b{(Lw~kRo0(5q{sg~z`quP4d4RUEhj||HjB@^nj6sKy
zu&s>ajprikA?i1)?W+4qofa0mufFP@p}=c6?0lP{T>{INtKE9m&IP)qsbY3a44hi&
zCwq6!Fkd$;yCK`3SFvc`dThOu08?1bT6J^_%B~Od>GH_%TpFfab)yM0{mgG8H_(+J
zGDF|S^KCX2Bp3`<qL~+?5FD+T^t*-@SzYe3*5q>)n*Ak603->yO^Cj>Z7~C*FH$N*
zv+F}3mzL=tF=iN;ev@4zL?f99vdErL9`x3~eOrKGWO>qtAeSH&?L!TK3+y|5gKiDG
z$r`z>XF|;|rJVr6%5R0q&0E0bPGQ&^c$lCp#E`6fTU}wl)+KrVY&ZQ2;7Xusd!K+#
zCV{FoY#a;)BMPL?MWZaL$7^b9So4&i998%{EQ<K-LltQbG~A_35-2Q|pkSyXE;b<E
zy1;1->uKT>>k6wrtA|~0rRY(TVdQR{_2=ZdFZ;57gZ4!c^_~ZIJ~`PDA@tdwAw~dL
zCY^9$!<VOBz-)Xr|28xEl%SFOR^NCgmxiE2F<n7Z*D-0cTC|^pH&IDs5B|h2Ahg?9
zt@N|vU9NxYZLDf}y0$@Ps3o3yzci_z%1lAN?jo`e^~daFX5Ugmk>f?zo3=;QP3w|u
zd2qz~vJOg(?~?OxnEi=fAC=z~tEt91_#xbnh@>7>#M~PA!k}}`Gm4W=xW#T3jl3m`
zSv}8W1+u~CV?q1=qYBcQjHoL9Wn|o=b14$hgpV0dWR)>e1|!05xmtk=qNI^{vZLR2
zAkR_o9O=6L#XU8!?5K&b@N!HLgzGl1qb`GP)+AIhHpQ)E9s9f_A;l6tT?Pq&^bkzS
zsV;&dbiccy9w*qQrX(Dcewz2v+e*99i>F^uCzM2~7qaxk(zq&gH^;VLr^@A7lXjn=
zpzMfcJH<#+qlYmVEb?y%RRH>x%bN~^Kd;8kE@MEt^ak&1e-N}pt+)cg(z{>9&@T-4
z0BFOX;4jlZkWAme5`3hYGDDPV>=R6w9ry;L^=9M49NNSm71TZ2z9GsJHwBUv-I^K8
zfK!p{U77070lzc-`k?+<z*ig^eNV!iQL;&P8xy`+=o?lyimeoI-IuvX%65D1M&Ca1
zt87C!bxhO@KLm0od*x7&iHI+koGwrmz7Y)`f-xJGStfJ!y43OWqBz<&=(lc`L_f`B
zG+08uA2<a`uf|5Bzq(nz$xRVCj8rrG#W4Yl8|B$ECV^SA@PJaPI8lwfr*ZKcHN<5@
zq_K%RJl!77;BEL&o=aup_{U4mG0E(hW53(qQ;!*Tq-z>))au5BcbK5#Z{sRY%YyMd
z++Go9$I+33w0O!Tp$3tp*dA!nBKPkF)^0b1;-iGZ0GKh>^jV^sQr<?|c(?z6==~fv
z5HV>&9SMC0MAr+T5*rrIJ_GqrE+cikGU*SC<dh3H`fusKlWCnrudxH+(@BA*0XBFu
z{z%6AP8mF&Lgr=6`{@@K=piu*GecTGzv4g*@jw@M5xBDV2=yP0%LLM5&U$>Kok}ol
zr`AHL92E$1Mn>)peAaT75x%Gj)Z*-X0SBq}zjJnF3b+oBZ)AgP%YYYRt-xdlt-ygZ
zL1RLzFK?qX82tnxV`bo=l2RovjK@wnXW7?sT;yRqg0<~klfPJnoe?nLT=|{n(jK?!
zXp9V1OWj63CfN9RiXP9I0MX@2LPr)N!WTA=>do&_!ZR%Ml}cid)Ma>F=phJiq0WFz
z1i5YpcEMvAC{_<3ZklP~AEn-N`rOh8UF4yQK5*`ulS%+8LOBjNH!*6>ieg@ex2R=s
zwxOsZ<u<y6F?ID9nELpeAM9;h=rrNw2_eU`m8{qWCT7B{^BfWG$-*z+*G|KUh9<$v
zF^ZE2o=s*wM?8Zqe`%SmHv0+$vCZ&TWwoQLS2NO~iw8g=^O(p(YYHN1872@k>c<r~
zy8vt`@IIF5{vBAT!*^AjV{Z~etX5|AP0GMptX?zF9r?71@eKRcA=7HYr?Y;h=GCsl
z)zy9FP354!rR6~(Ts|pvLt$>7@&IS{;jytI<QG3#-4=3pp_LsqB@s;h`=bU~m)<1J
zh?OU3z^nwYQ5WrLTr>9Au9~zOh^3NrIh=EBH5eVS<2lRu(|pFHof2wES4uT-`9k7D
zZqG0skP|kx2WUDP_BZFVXK?@|sIY<p<HVxp#crlEORNXptA=GBXQSh`X;t-E;p@c&
z3x{K-eRf~s$${D<CVnNeD7O!0I(lI<mL~h2KsPdQS9}(Zw88K9%$Y79zjOvKh|z$;
z9FqJ|ue4reN6g^l22vQzGU#?-^M=>`Xt6;aZ)`AFx5eqY?K|J>$xv~J4TZ{jn44@9
zNeR}Gm+JvU+agPLx-`SeF{s)!z?976H*D+Z&z#J#TL9d3>QXhullcCP1ksJ%>1xm9
zfEo>yW{bdMcTKujf9bwv^7?XbQckXp<Cip*$oGxy4EwlzF_HUSaeg8qgKSPma_C&t
z<F{96n^7L0AyK@`zlkt`dXz@oPG|J4#p!671F)E&R7z*6Y?^(A6@-Jc`4QWhKr?{p
zTA$C@{{7<uYzoShSY8{`4Bk}G2fSz7Wib0rOSB0CJK$Tc5X#|1w*KNun`CY%YoopV
zhx60%84q5-VHB?}qbdGm`<Td%k3Lqsy#{>6*vo|#RDGC66gYOs&g$CE7z8{Twq3=D
zKEE5lLu(8yVUr*_C_8Dq$gcA8I$3H6lu$}L2Qs45s_R=mjtM_dD<9bR^)oY@4?k<`
ze=>47O{6~4%8T;86wQ{i*LzKys3pG?%p2BQXg9M~T(6q1pOPB^O=UNr)iv<jK%G5n
zJ7gSNUAkH99}aE@@59XkLWziGH}(uIV0*e{OhD#1tO!1+XfvDXLVb+mfo!|Kc-?uX
zeMbud3T8C|2n<-5FqojzXYXQCdws-%!!Wum+D|M9(Dob5>4C5B%#jVTIS<jIQ6W|A
zU+S}H`k~bGyVwp)39k5+#{6%RZRSK?KaDQD_^KsaYBlAx_UV8jctoY(y&t~DHV3;i
z{Zx~o5{P7LHXURsEA3>I=a%Zwzasna8(`T*b@goR>=~rXp=5Q@s%KyF#zwE0aGZN*
zIG`#WMnj}_t?#ubnJ#RhG{hkH79tgt5Adj@Y9P@jF~ZTn!Jo|o`6&E?$yVoXG^^!w
z>a4U^0A~1lBSv(e<jlzIZS(q1uVqiXP#PlEWgr|mz&$tXlS;j@JlUW%tD_XvqJa<E
zE`X|FsBgCH><#?JNnV4CsN0R!&BQx1G}oCb=)md4C&kg@bk;jeHW?G6%_rUB>Fj)M
z+4#pMgxQ}_hLxw9@M`|R@gQD0x>eb23*k*p&!j9i|DWj2FM5Zxev4;x-o~sQm&$1(
z;YeWLnKCGs^EO$l^<`!2*_Ng9sMo)hC2FK5+vD7-bf%^KVKif6#b|aPIL^#OG-Ma$
zc<Ii-?Oc4Sn^e9Db2D<Ry2sX2Yg5KYHr(L9q52-7o#&Rn7$S8JzCb(LI96>`;`?}5
z)r}Tssjw8RaR-r>!g90fSNMjlB*dNBi@X9_S!&&GtPRA*JTi5?d{=GJuyn5yL%Oup
zEiJsfL~Oxj!ce34s{N6*Vpz72rNl6Hug(2HUER+eo0Iq|NO8DkFZ?^OHR|Z~fu91P
zn*E%r&Nq;yFW})pbIal%%E_qgJi;6zZ*$#wD&Y*IoIE~^1z3*VJ&87YDD=HQHw8M`
zjewro4I;Cy9AYVsI&cjHX!h2iGOpm|OJmQxYufoPjT3@qn4;$e5eYyDtHWH_h#}-=
zV2(#^qY1Oj7h!?2FvR;#sfzE8@UDnCO0Ki%9Tn$CZ<{b8oMRGRz15JC1)TRV1J{yx
zs3{h<ci|ntKQ8C~Khn3USPJ8<e$MA{ajJy)!@PFUl0^)f`I209LNm7CZ_zUqbW?3w
zUX@75XiXgbybv2kS+j{G>FFJCXKHI4h4j&CIDaJj>b~ym0zmqEKnDwV)ZZ8O1odl)
z-B{aC%gXZ6`sv<om@NDVA=#n{V9FY7Nov^U&Nm8C9BRKc2A9#*Td^21pg@!odDUt(
zw1{mUu=ElzZGCcoH$mm^x>sM8AHIp)-zI!ZS7#Fs#xw9x;tA>&xZ@lXV9o7D1=f@*
zPNjrm;Jq1<Qu>r|h=|Q((4F`oalD;TQPl41p0Ft)AqZ)!7C;x+g%LOp?cNFqkv6r-
zb5@i9WABY!E(=QHrr~jt$E=-Ex*?2>8T4?nE)O;`X$=4vciyjy1z}n#Kahfn4BsGg
zMyG!-)%rnc)Ca!^?3OmeqtJFP5+4EJ$`B$!7|N5@M6}Qv)gXY?p-J|<r01JJ&OqIs
z(2fA2L0Po!&$V8o&|R;<uGdOHO9~cVTE=ps8Z=EECrNMssR$e}2+)4V@x=lpH(CWM
zvMvdD>-sf^%UN}iY@7Sbw8sfu+Li`NQfWu7P1ZUR0dT$&iQq7%erUh^5h|@ni4vYP
z=>c#+k!k~=RSsz8^&~QjanfjOY4CKWI<6(NAy%6}Ai<9^sFaD(9?8pvN80BoJo++q
zhq+Uv{yC$2*AqQ2?_{I0LBGRl>3AhPR{9(1qUhmrrb*FctrqfBKJoCQ)i;i?A#5?D
zT@b9!SM|9<!|5;Dk_zYs;lp_(uC23IvwGb-GAAsG3S3F|IYKn8^yqW!VmX`^b}-S!
zFiaJxcEoNLIoy%6KirJu{WzbCH5p@t>>kHlfcq?`%TU0cw9!_hSYHz)p1Y>>8xXW<
zgC4_*GT%L0j&i~zpLtNk$-m~@eA;pLVZD32sHzhwyXnD>&QI_N5ac7y3Z|OM_S}B+
zwX?qzC{KJ^UcHKRz-9Hh(Q6n^gN6<ST9Ub}!nPjYE1dk%-|ZaTo_kG1X1;wP{e9`-
zh_=5si8e3F?RdFEl+0@8mHz#1J~~p-VZp)Ivu%qIQnyBhH6`9kM)a;I`or6Aq;AQU
z(&fO;%HF-JTHgUMK@^OMJaJ{V$#lc!*`|UMcM|rs4E~UKrg|)dL!VcI^D71zD+9DT
za^$k#3lnPc01o1;b>GoIOP%StC?7Wa-I*#QDx##zW|zI3%R4-S0&t55r6f(9CEYJ;
zqYdV;08*OywEVE8ffy05;@CZP@VCH@QG;^ic|F||Wd_S%3J|JqA8><puL<>xW7%3b
z+LH*qx|}+z;<%eeR?+tGGmQvTD~h6}F>MuIx9=PadaCFv&Yz!l$3PH)wlq(wl*j-e
zwzg$+114JP#w)8dgsQa}SRZ`=@hseGQfSwBW`4g{<QTY7#L|9yk_Yt2L;>cUC-6uw
z#sotEe&`GJ^U8~7Qi{ft{9_5ms6u(Vq<_Eyn>;xGIDrvwOZn&0z|HEboAXcL=+>2C
zFOd%D3Ye*EQn>U12)<58Lvxe6EmX`ftrcqV_Tf9>R2Eg5TO(n?&huR;=e^)4(4&5t
ztKN7c-2v4*q=^R|9-sV-veYd7oK-&GKePg0sJ9_g=CZVMy%2ML?iP>k<-GH!u*rER
z6!iOdo7rH`=3s*5n}cBM-}1#`;b)jf8I>KT>)P30&h%mC%8B~}N7f$sUIY$-78)^Z
zD35yi*ZX%`+mK{kev0`dMtL2TLYhhaN><Fm7v4>sg4TV1w)`9(tMh}OO{B`Bn#Sj8
zaFXhmd`7$-_rtjVEE_990KF7R>y@DE;d`QtsS2HtuV-t=4nTxWp@xqQl=%5Ozw11>
zagUD&Brsd^5v+%W2uSUVE)pe%x3}uHwvgM*K;IBhi9YGon|7B23@VQ0BR4>t+lpc=
zM8?d?_{AT)^rjzHysbA_>_Y%)LD6~{ai1nnNEGsB%pUTv;XdDh9I)sYpZrWgq02-^
z<xN=;-O2R+aeEYFeT9}&X=~;{!snoz&UeO}&G6N{V~*<(Yw4G({7EP+QOp5Nt7zBr
z!;4~`*eRLUu4;8~7sFe`Jl7{w-msM?$MV7^%K4z)&T>$qD4xVavvp;m@XaA>?@NfN
zN-O?@7-mIGoln3w61Q6n+4l8wc~7Z%@-q|O(}!Cva8&^J{Rv1kXE2K5eHw;sOG$PM
zM7uFl)4)@E#yW)un1I&{S<GEaQIfYN%LVTw_(|N?Ws3$X?o#icwo)PbpXH;0c8l$p
z@SV*`#nR^77^v+ruc#X+;=YgIF$IK&y$1&mVSFNec)i<p^(<=#T|pO{;;%&rQ~Sq-
zB4VAp*QIxey+3z*9daJ_iBGlDF1mO&h_U&zXolPm)BbyOCs6WvdfX(O>KZX{H#ORC
zddTR|Mgk6v7pMj<pMjnd-t-&w1{)`SZ6HCw`vdog`g6Cct)ixx11+XNA>m*<s<-{#
zIQ{09VN5^gboVhuF4|c@w?VJ&;NH|$h>~@<9@S}v1tIry==t?dJ5Hv?Y&gd_CSPxl
z=<KE#(0W*Kt~ifnwR*c+KuZW){^p=Gd@k2z&w2!qe0VP{Cr>dcIYRW$4KEMPD9OAw
zbL9PDM)ueT!DzziN?WzbjuWuD6+rjNp~_X+ZR9niZ+?%cqC@JKrqFoB?Lp7c!geFI
zo+_G+$Zx%SFzKaH>Q|KF)N#`TTG~XL;|6V)qiyPEI}#BvIcqlE0SCqW%$KOTw*DN4
zaE&d!7r(VTm(xx}xkfH5TViI5vU!cU^VU=#OQ%DB0r@<4Md0Yt$O#0xUGo;<vHxz`
znSS&GXpNkiNP$M>@rvYq4rXjEK_c|<Kzps#=wv9#T-a5U7V6Cgl@c25=tIPt1&Yx|
zsG{j(2>o1cjX<bZs`*8=f0M&UuxC~a6b1E3;9h^SgNW4Tv7QBs;|))Ei){wF>IY9{
zB>EpdcIo#xuy}x3i-l135zxwgQ$vwerAC_uNDU~wRCzLOqL{gs>S5x)V=Z#D=qRCn
zy;L&X=-YvswXr{@s(iEznCL<<1GwiiB8+CwBqWIHoZr|_5$a-WXSKK{1sj&10`-`o
z2i`}ysN1;`(xsNkZ?N88f*(3AM!lB_H;lTK^7BJdqaal*x23EdK<n~J$*ui(+1Fyf
zWuc-*8@sCcYDTctr1y}^_FW?YlDc2(Co{_lb!+t`I@gYmy41zAO-!Ok8_<azehrZ#
zIX16Z^xd)hL_$n+O>mO(9i2c+uw$XZ_x3%c{UbTs!FpeY)IbQfj{EGdDDU8_&AFgf
zLRR75_eVoQW_SfC{py`&AHho;elNZZD-SulfE+9C$-3&pVTDgmYTL`tILlWJfK^8|
zCcABQ%bPQL=0g3Ys@vtT*!3ZV%#qsOV>UJU0%8F)T<BS`wfd!-uZqw}1jE8-4ZNop
za#3y$3KEoYge*ogKdksZpn_yd<Q`C#Q&RYO3IHP*1Q4NMv!siD%aj4q{}k>iU^2?k
z@EcP$CH0m)HtP6<B{A2qZ8Nh*sG)3D^g}m<=Qa;sDQr5?%$Kb&lt<f);q}F%69ItT
z^WDi$;KP5&UyBkeBrnNwXBFX{O5k!19L&TfR*)DmeRMI2DckY7d}abzt1RR2Ajybm
zXNeZxhchA7oFC|x5<sM;4LqK;`6~&Y-B-*G&Nup+BiUva_4_{`0R?p=S{HJuSv^of
z*-ri66X&~=yYVRms!G1?gKY1Un~7_vg?-v*yEhprze#QC5!SgaV+ndp@>#6470t?>
z3a!DaAziDh^%O%njKI0n{{p-Kwj$9$4SO}{x3hG!3$@6JNoe|8F0S-{MOp62$LPD(
z6{HaSAk(f8$`g8NmZHBtQiY@mBSE@}N#vaTIWLNeGlsxR*HFBX4NbJB_kK3DcV4k}
z#<J(fOQ-0Akuj;V_)BO}ev92{I|$fM&&$3Of$P$~lQ1jz2>!8COd)-dwr?KX4X80k
zywPYxNHNZ#4#}4CL_X$6S4%AXJcGB~PqjMjj5~eZ_7}1pW2~>eQHKG)N)@p6te1J`
zVB4bRUHOVZ3_O<rF&e!$k&?TzoCh}zZ0)cDh}OoS_&B~P#W1(CWr{Y@-iVImY<Soz
z(|$Q4M49XG%u_mN$X;guBiZm<lJ=xUw9P<E`-SYuk_|Uu#?e8MgTo$a0i%1~Lep-e
ztgAD+TMHwq3LxHr%Vy4MDq)NpVbGC;$w2g(i^pk+W#Fz_JjRG|slri^qMP!jcb7db
z5G^B*#Qjm_YuDEN2i8Jt&?SVf75n@vKL?7d1E7IUHyPp26i$|d8;!|Ij;24>G;nT9
zFmAmjwvFvGvdG3x$)-nh4F8B(vRtIX^QLgZj+aaXKhtR_%*UyR#b;d>mGuo7J1+B(
zg~E$?zBFjBH$>Qtv!!q(UBxWBFycYfWLp86Xm=}#SMz$hY|Isar??(Ym(l@TPN*?W
zKbPr&%IJcSiSd~5{czecP=VQ0Q%c!Xzr?#<UhvvnZ(gwT^(?Q2zGL~-N_OkBABGKz
zl3Txm_?jhf%BNC*4Lf}ZIlZ_*1zJP{0aWrgfZp^gWFj*%K;qIdf$m9a#TQR^--wgc
z{qfD?;#9oiXuR#*3@xj&3l*6gE9ff8<DhXmt(-BGCt9WyL+6Vz^ZYec$&tK`r`_Bq
zyMnaYK$WkIgzl31H%n{Csn09urIlq=fH}UGF82-gM7j^kZ1k!FSNHn6u#0FZusi%?
zT{NJyROtewEQbz9O#bx&bfUt1mNia(0zPYdn*&r3V@6EYlo+FhdSd(F;F{W_sy&Ui
z`zupIA-5b-(dU$JID)@g|8{#>MQ}0hPW`&#G{{?C^DAhNS!eVoPe|&Hj=c`s;S$Cs
zcKXr@_qJO)K*ZPW$2|avm!qu)v<BjvE}L*u@bO2NUa{BWXu=$^$#yVg@b@<-(%ha=
zXIT1b&&;fXNcQz96{9tj1~DgA7u&55g6;yKGc5m8&sig4@`Wl@s<iu@F``r>+27H-
zRR<oDwDY$EhBDw4P=-U5#u}ge00qt{*&nNqetsR9@A;z`7ykL0pEuBXD{Tc&4!pvl
zPAtLxt2QDX<4Ug>ih=zB@<*9T04I<OrZi;6V)5@=9qj3DHu-Wqq%A1TG&t}v5<8Og
ztVgCkiNk8a*#^Q=extaM<PDF2G8a%qumq@u<a2zlC3RnmElP`cuqr=P$jc``$`)nw
zFeyn<z4OnLFkFLMc5MykUzWeOdXWyl3ahUEk`Hp<AUEyWZJ?>$bOx3AtY#T1tZoMx
zJ=xJ-rC9xCTR1*ct4aXg^z~=9Nfp(CyxVRAHV~=pV&e~)Vb!gFqS?bxq`A(x5^o1K
zvq^_2r%o4M`&LOE1c$Po>A*+8M*ow!b(Blf8k|4>1F*a|BOTVw!srY7R@-<46TD%4
zIS~EWSe{*>*D|hck^Lb{FhjASN_$yD)4(F(>KD=`ynn7FktAV_O;hFNFpr_y5?jPV
zyAH!)K^PBO%L$@<v*gT!;|i*Nf!7cla2qFE@2YHg?G_W==gWXDlufr+TQ)C}b`7<t
znY>&2$Y;lYvUE2U_&h|B59>DR!Tt$?v2S_jHrWH%MWe1VUQAT0&pmpAUjl6b5AAMg
z!)e8a9N71As=<W(o5|{Y-NIlglN)n?v(=&gQn9Ld6Q$$yuW6S9TlayceW2d>&Yzgv
zFs!}|g3zB_p><8xpdanhogF)c)+(UT*FBBaLB#~EKf%@%VHj1^1VR6TS)h$$^K$?3
z%fll27k|K5FRKk;A?ib7;;~D3&-nE+6*fJNTfn9{N*tdk&q#A;n}6PQv9tyFt&f!7
zIBS3&HtbQ2JZl&27ge;3V}QO(ba_UXBSmAKNvTqR#Po$P2f!Kw(f0L{{tEpz3%gS!
z7T<sHDe*q}uq_YL)_ys9=+=L789YLq*4zd_S9;rIu&@8|?O-Kgx=YFVqx-3|)oW2W
z&Qh6Td2xTo4)g79gIcACb}UOJ7uNG;Nl;-GuvgqqMc~)<vc|^y;&g^RrEm8p3x_LK
z1;2QM+kYa$V%QQRYbo)F*B)^MYWtap(gsg<_Yi6Od?*#G*wd<cMZm4{|NpjsO#}=Q
zTV|czoC7r_`7kAsXz$`MqHlGau0ox3UxV#Zp@bloR+RcbBa8#m+(z4@Ucaxed3eL+
zGM3dXSh`7(SRZZzgt+0$+_w{NC+NC3v?`1dU2EmVoB_;6mW&%coqym!u{1IAudCRR
z^3(Ao$`z>JXgf&qp?qvkC<kS|MEXEy?nBmpr1sJ<)?h}B3QCDt?$5)&Y{DEu>y75)
zl8_RdkX}EyComJN@nHFR(w23YVFKGlv$G28jDLWT_a;d2gWR|F<LBS1T#sRf`tCHT
zc0wa69Ga!UG_a<bFMCstWVBcRNDr}+@P?2IVnOKzCD?{~s~@fGPEiqWGSpKf9%d}#
zkfuhJIZx23=iP%ca0d$fIbwj#495%7dzgPSG0_$N@k5e)V?Z%J0mW|Sw^%+lJJOQg
ztyk6c9PBxOxkc>1=9bTxY`8~5>g~FBbLUz3aZ>crk_)G{F?RAKHkp?vlo^d*S(=n2
zMXG5P>5>25D`a==g@3?5F#<_)sMvdj=pz^gtY4{b7U;%4&>LvlF!0BFUYf6?V$SOI
z2c%m4r6#=dx1k`%wH2{Ldun{#K*P@w9QOAZ?pOLTIWu?k?w~&(B(1NxjEUkArAsac
zH@M7yHbJO1|9AY&pH$T=|A$g0hGd`TkGWbcLBKI{(urI9MV`;FBsr7mME0C~WdH5H
zzY@mLh)-+EvB2@hPmzC<sK)=BUcMe_R#mLoO6(D~rCPkoL29IqTb_F$8QDWD;qXB_
zqYr^*{{653uwD$`W9J_I7n6tKL?T<GXJbsgFfaIB)`ou#sk>>!@Q?D2)-#AGl!q*2
zs!Us6RMz+3y#_E3QsmDbtUo5%k=_1`;rZYvsf1c0tJWJRid)%jC91So7I%>Ug%t+I
z7XFuRbJ&P9P&|ZEgMwP`hti0`Tn|rV!YDWzZp}s~CJ+}ny_JHgTwg8ajh&Of)aqHv
zcSZQ)uNMg*Tk^v#n_J>Az$fC5M*10eImlkf)QJ~wjjRT~k~4;Vs1RdIcX%+9*qUvu
z2@xZPuy|uwM*Lq?mU!#PD!oEHcD~7*dXhc@S@Bg{7Wrj%SD)cz=BWx_x{LzN|13ZL
zOyq3Ned@oosy}^$kxnpD)AISkC0h?q?CZ;?tgefjp2r}E3EVV!$jDUTzYEJnGDU=y
z&)ukN3SeI$OXNN4<P+a);D9Wb`1X6$5&pAM0hiAX7bih9A4pFW^F+Q+RMFN`u=U+=
z;aNzbKEZsdha(2K<O+=zH@V!zQmv>VO<OtjpDanGDnVqMtLjmSiN&%1F&6^g^a`F$
zCLR{+&oI8(8IBA7D4B#O`|{i$lnR^HxRlIj(w_Mb_+-h<9|w#OT|eRW+pp9o@st}#
zMwOPoBY0B%FCYaC4k#z*0@M|iyYsD|$}x03!RjF!8{NgqT(B{10tH=bKB3?f|6;De
z0?{BT!_LR1pc$Y*NPuzVr2gZx4ufWvtlM`)_7v3dnt$w!zk|I8NoxrC&9(OjlOJra
zD2ZbDXor#|yyZUpVfGJ(b93r^ccC@clWs5=!$ccnw76ikFvBbd*2@IYVShcu$rxI%
z^YrQ%5)RLOl6h{nsz*f>ygno|gB&MU-5;D8EjBQt_m3qrFwwy9&ALzi5~!w;Vtcgn
zkK`J~3sFNF6$$KO>8k&oGnfN7aOPD36UO<}1Q@-c-2H^<kp_|NWz$3=j3zXEil%IH
z9FCbE&Qq<KmJ7oKQbLLH+B`Q1zp8Jsj>5tIkDLM(gOO;d(E>9fL4uX`pg&8wpKK}D
ztv8OilPAAARE!U`xx-iU(0|H1+qaJ+SNRp@7W751nx;iN4yH)%e`C*ok^FZ6#c&e4
zp|O)qh;$z!A#rW!H@<}r8j%tiWse7D9D#%Ztm0jI-=lB|pg<ngcyiQ1vFa5!*mpR1
zkxN7V-y_RSr24kEo+_Z<<Ybm6V3$7J<`HT7pu2!!SCGN?I3K;Z8PBz_(?4Oe5^Z@Q
zcX~C4UdeLDL+0U2U{HJiHbSg~W?m~n??)#~WQ+)3kgp8af4o!SVig!{0q+TJb7kxc
zOo#ggM=*>E04=uX7zNp~M|GoCy7KS1ucoaZaFALeyA+fP<bfRU_W|xCE3Mi48cQ-;
z4Z8xixdlr97P~IWZ+5-_tELs$4cbT5S5EFQ$8wI+t?5Tzo|%76m@Qh6$dEr@K>y{J
zM*|Hzzl+~zWP<ydY^hlcO&*%I)YtO)-&Fyl+yq`M)HBdj0dqT?P$n@Ai!}ewpSmOR
zw_&Y)gjBUEB84M`&+K*acE*32Z3eqDa>9srLa?#gqv~y;5*kD0Mf+Qtw^wXf_kY>d
zf0qwhxLrGd=|e3|_j#2Qa4#+h6v#@GMN|c98Mjpk&q#}Z;_x8xCbw4z(*5q_7p@FG
mi<{oRn4H%1fOq4{dwPKrO2-?f&S!xE{$wSUBq}}{e*Zsafm<X1

diff --git a/test/integration/consul-container/test/wanfed/acl_bootstrap_replication_test.go b/test/integration/consul-container/test/wanfed/acl_bootstrap_replication_test.go
index 7eedc158d133..0caddbc302e3 100644
--- a/test/integration/consul-container/test/wanfed/acl_bootstrap_replication_test.go
+++ b/test/integration/consul-container/test/wanfed/acl_bootstrap_replication_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package wanfed
 
diff --git a/test/integration/consul-container/test/wanfed/wanfed_peering_test.go b/test/integration/consul-container/test/wanfed/wanfed_peering_test.go
index 41d6854e2832..3cca4b4dc505 100644
--- a/test/integration/consul-container/test/wanfed/wanfed_peering_test.go
+++ b/test/integration/consul-container/test/wanfed/wanfed_peering_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package wanfed
 
diff --git a/test/load/packer/consul-ami/consul.pkr.hcl b/test/load/packer/consul-ami/consul.pkr.hcl
index d24ef7b9cbc6..7290845ef0c5 100644
--- a/test/load/packer/consul-ami/consul.pkr.hcl
+++ b/test/load/packer/consul-ami/consul.pkr.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 packer {
   required_version = ">= 1.5.4"
diff --git a/test/load/packer/consul-ami/scripts/conf.yaml b/test/load/packer/consul-ami/scripts/conf.yaml
index e61a9b94ef1d..04c9dd2e292b 100755
--- a/test/load/packer/consul-ami/scripts/conf.yaml
+++ b/test/load/packer/consul-ami/scripts/conf.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 init_config:
 
diff --git a/test/load/packer/consul-ami/scripts/datadog.yaml b/test/load/packer/consul-ami/scripts/datadog.yaml
index bfe671563d96..e64cf4d9cd6b 100755
--- a/test/load/packer/consul-ami/scripts/datadog.yaml
+++ b/test/load/packer/consul-ami/scripts/datadog.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 #########################
 ## Basic Configuration ##
diff --git a/test/load/packer/consul-ami/scripts/move-files.sh b/test/load/packer/consul-ami/scripts/move-files.sh
index 8b695ac83c6f..e5773ef195f7 100644
--- a/test/load/packer/consul-ami/scripts/move-files.sh
+++ b/test/load/packer/consul-ami/scripts/move-files.sh
@@ -1,6 +1,6 @@
 #!/bin/bash -e
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 ##Move datadog files
diff --git a/test/load/packer/loadtest-ami/loadtest.pkr.hcl b/test/load/packer/loadtest-ami/loadtest.pkr.hcl
index e7deb402e3ef..1a0a3db90751 100644
--- a/test/load/packer/loadtest-ami/loadtest.pkr.hcl
+++ b/test/load/packer/loadtest-ami/loadtest.pkr.hcl
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 packer {
   required_version = ">= 1.5.4"
diff --git a/test/load/packer/loadtest-ami/scripts/install-k6.sh b/test/load/packer/loadtest-ami/scripts/install-k6.sh
index fce98cea6254..e0fa57b064d4 100644
--- a/test/load/packer/loadtest-ami/scripts/install-k6.sh
+++ b/test/load/packer/loadtest-ami/scripts/install-k6.sh
@@ -1,6 +1,6 @@
 #!/bin/bash -e
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 # set new limit
diff --git a/test/load/packer/loadtest-ami/scripts/loadtest.js b/test/load/packer/loadtest-ami/scripts/loadtest.js
index e048b0e307fc..975191d3c09c 100644
--- a/test/load/packer/loadtest-ami/scripts/loadtest.js
+++ b/test/load/packer/loadtest-ami/scripts/loadtest.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import http from 'k6/http';
diff --git a/test/load/terraform/consul.tf b/test/load/terraform/consul.tf
index 969ccd58fc4a..4ba0eb7a9acf 100644
--- a/test/load/terraform/consul.tf
+++ b/test/load/terraform/consul.tf
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 data "aws_ami" "consul" {
   most_recent = true
diff --git a/test/load/terraform/main.tf b/test/load/terraform/main.tf
index 76f0c81286ff..216b6eb83613 100644
--- a/test/load/terraform/main.tf
+++ b/test/load/terraform/main.tf
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 terraform {
   required_version = ">= 0.13"
diff --git a/test/load/terraform/outputs.tf b/test/load/terraform/outputs.tf
index 80e213f4282e..48753c8fa7d4 100644
--- a/test/load/terraform/outputs.tf
+++ b/test/load/terraform/outputs.tf
@@ -1,3 +1,3 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
diff --git a/test/load/terraform/providers.tf b/test/load/terraform/providers.tf
index 87b6bf51e97d..8c1541cb5131 100644
--- a/test/load/terraform/providers.tf
+++ b/test/load/terraform/providers.tf
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 terraform {
   required_providers {
diff --git a/test/load/terraform/test-servers.tf b/test/load/terraform/test-servers.tf
index 4d4b0a6acc3f..78c757e35ac1 100644
--- a/test/load/terraform/test-servers.tf
+++ b/test/load/terraform/test-servers.tf
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 data "aws_ami" "test" {
   most_recent = true
diff --git a/test/load/terraform/user-data-client.sh b/test/load/terraform/user-data-client.sh
index 27a14004a54d..9ed15e89ab29 100644
--- a/test/load/terraform/user-data-client.sh
+++ b/test/load/terraform/user-data-client.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # SOURCE: GRUNTWORKS
 # This script is meant to be run in the User Data of each EC2 Instance while it's booting. The script uses the
diff --git a/test/load/terraform/user-data-server.sh b/test/load/terraform/user-data-server.sh
index 0d743f57ab68..f6e0b7452c37 100755
--- a/test/load/terraform/user-data-server.sh
+++ b/test/load/terraform/user-data-server.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # SOURCE: GRUNTWORKS
 # This script is meant to be run in the User Data of each EC2 Instance while it's booting. The script uses the
diff --git a/test/load/terraform/variables.tf b/test/load/terraform/variables.tf
index 8d5d82e1ca02..9d93fa17773b 100644
--- a/test/load/terraform/variables.tf
+++ b/test/load/terraform/variables.tf
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 # ---------------------------------------------------------------------------------------------------------------------
 # ENVIRONMENT VARIABLES
diff --git a/testing/deployer/.gitignore b/testing/deployer/.gitignore
deleted file mode 100644
index 5d18603464e6..000000000000
--- a/testing/deployer/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-/terraform
-/workdir
-/sample-cli
-workdir
diff --git a/testing/deployer/README.md b/testing/deployer/README.md
deleted file mode 100644
index 604bbdb08781..000000000000
--- a/testing/deployer/README.md
+++ /dev/null
@@ -1,179 +0,0 @@
-[![GoDoc](https://pkg.go.dev/badge/github.com/hashicorp/consul/testing/deployer)](https://pkg.go.dev/github.com/hashicorp/consul/testing/deployer)
-
-## Summary
-
-This is a Go library used to launch one or more Consul clusters that can be
-peered using the cluster peering feature. Under the covers `terraform` is used
-in conjunction with the
-[`kreuzwerker/docker`](https://registry.terraform.io/providers/kreuzwerker/docker/latest)
-provider to manage a fleet of local docker containers and networks.
-
-### Configuration
-
-The complete topology of Consul clusters is defined using a topology.Config
-which allows you to define a set of networks and reference those networks when
-assigning nodes and services to clusters. Both Consul clients and
-`consul-dataplane` instances are supported.
-
-Here is an example configuration with two peered clusters:
-
-```
-cfg := &topology.Config{
-    Networks: []*topology.Network{
-        {Name: "dc1"},
-        {Name: "dc2"},
-        {Name: "wan", Type: "wan"},
-    },
-    Clusters: []*topology.Cluster{
-        {
-            Name: "dc1",
-            Nodes: []*topology.Node{
-                {
-                    Kind: topology.NodeKindServer,
-                    Name: "dc1-server1",
-                    Addresses: []*topology.Address{
-                        {Network: "dc1"},
-                        {Network: "wan"},
-                    },
-                },
-                {
-                    Kind: topology.NodeKindClient,
-                    Name: "dc1-client1",
-                    Services: []*topology.Service{
-                        {
-                            ID:             topology.ServiceID{Name: "mesh-gateway"},
-                            Port:           8443,
-                            EnvoyAdminPort: 19000,
-                            IsMeshGateway:  true,
-                        },
-                    },
-                },
-                {
-                    Kind: topology.NodeKindClient,
-                    Name: "dc1-client2",
-                    Services: []*topology.Service{
-                        {
-                            ID:             topology.ServiceID{Name: "ping"},
-                            Image:          "rboyer/pingpong:latest",
-                            Port:           8080,
-                            EnvoyAdminPort: 19000,
-                            Command: []string{
-                                "-bind", "0.0.0.0:8080",
-                                "-dial", "127.0.0.1:9090",
-                                "-pong-chaos",
-                                "-dialfreq", "250ms",
-                                "-name", "ping",
-                            },
-                            Upstreams: []*topology.Upstream{{
-                                ID:        topology.ServiceID{Name: "pong"},
-                                LocalPort: 9090,
-                                Peer:      "peer-dc2-default",
-                            }},
-                        },
-                    },
-                },
-            },
-            InitialConfigEntries: []api.ConfigEntry{
-                &api.ExportedServicesConfigEntry{
-                    Name: "default",
-                    Services: []api.ExportedService{{
-                        Name: "ping",
-                        Consumers: []api.ServiceConsumer{{
-                            Peer: "peer-dc2-default",
-                        }},
-                    }},
-                },
-            },
-        },
-        {
-            Name: "dc2",
-            Nodes: []*topology.Node{
-                {
-                    Kind: topology.NodeKindServer,
-                    Name: "dc2-server1",
-                    Addresses: []*topology.Address{
-                        {Network: "dc2"},
-                        {Network: "wan"},
-                    },
-                },
-                {
-                    Kind: topology.NodeKindClient,
-                    Name: "dc2-client1",
-                    Services: []*topology.Service{
-                        {
-                            ID:             topology.ServiceID{Name: "mesh-gateway"},
-                            Port:           8443,
-                            EnvoyAdminPort: 19000,
-                            IsMeshGateway:  true,
-                        },
-                    },
-                },
-                {
-                    Kind: topology.NodeKindDataplane,
-                    Name: "dc2-client2",
-                    Services: []*topology.Service{
-                        {
-                            ID:             topology.ServiceID{Name: "pong"},
-                            Image:          "rboyer/pingpong:latest",
-                            Port:           8080,
-                            EnvoyAdminPort: 19000,
-                            Command: []string{
-                                "-bind", "0.0.0.0:8080",
-                                "-dial", "127.0.0.1:9090",
-                                "-pong-chaos",
-                                "-dialfreq", "250ms",
-                                "-name", "pong",
-                            },
-                            Upstreams: []*topology.Upstream{{
-                                ID:        topology.ServiceID{Name: "ping"},
-                                LocalPort: 9090,
-                                Peer:      "peer-dc1-default",
-                            }},
-                        },
-                    },
-                },
-            },
-            InitialConfigEntries: []api.ConfigEntry{
-                &api.ExportedServicesConfigEntry{
-                    Name: "default",
-                    Services: []api.ExportedService{{
-                        Name: "ping",
-                        Consumers: []api.ServiceConsumer{{
-                            Peer: "peer-dc2-default",
-                        }},
-                    }},
-                },
-            },
-        },
-    },
-    Peerings: []*topology.Peering{{
-        Dialing: topology.PeerCluster{
-            Name: "dc1",
-        },
-        Accepting: topology.PeerCluster{
-            Name: "dc2",
-        },
-    }},
-}
-```
-
-Once you have a topology configuration, you simply call the appropriate
-`Launch` function to validate and boot the cluster.
-
-You may also modify your original configuration (in some allowed ways) and call
-`Relaunch` on an existing topology which will differentially adjust the running
-infrastructure. This can be useful to do things like upgrade instances in place
-or subly reconfigure them.
-
-### For Testing
-
-It is meant to be consumed primarily by unit tests desiring a complex
-reasonably realistic Consul setup. For that use case use the `sprawl/sprawltest` wrapper:
-
-```
-func TestSomething(t *testing.T) {
-    cfg := &topology.Config{...}
-    sp := sprawltest.Launch(t, cfg)
-    // do stuff with 'sp'
-}
-```
\ No newline at end of file
diff --git a/testing/deployer/TODO.md b/testing/deployer/TODO.md
deleted file mode 100644
index 2d651cd16295..000000000000
--- a/testing/deployer/TODO.md
+++ /dev/null
@@ -1,9 +0,0 @@
-Missing things that should probably be added;
-
-- consul-dataplane support for running mesh gateways
-- consul-dataplane health check updates (automatic; manual)
-- ServerExternalAddresses in a peering; possibly rig up a DNS name for this.
-- after creating a token, verify it exists on all servers before proceding (rather than sleep looping on not-founds)
-- investigate strange gRPC bug that is currently papered over
-- allow services to override their mesh gateway modes
-- remove some of the debug prints of various things
diff --git a/testing/deployer/go.mod b/testing/deployer/go.mod
deleted file mode 100644
index 9bf70b9cc146..000000000000
--- a/testing/deployer/go.mod
+++ /dev/null
@@ -1,45 +0,0 @@
-module github.com/hashicorp/consul/testing/deployer
-
-go 1.20
-
-require (
-	github.com/google/go-cmp v0.5.9
-	github.com/hashicorp/consul/api v1.24.0
-	github.com/hashicorp/consul/sdk v0.14.1
-	github.com/hashicorp/go-cleanhttp v0.5.2
-	github.com/hashicorp/go-hclog v1.5.0
-	github.com/hashicorp/go-multierror v1.1.1
-	github.com/hashicorp/hcl/v2 v2.16.2
-	github.com/mitchellh/copystructure v1.2.0
-	github.com/rboyer/safeio v0.2.2
-	github.com/stretchr/testify v1.8.3
-	golang.org/x/crypto v0.11.0
-)
-
-require (
-	github.com/agext/levenshtein v1.2.1 // indirect
-	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
-	github.com/armon/go-metrics v0.4.1 // indirect
-	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/fatih/color v1.14.1 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
-	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
-	github.com/hashicorp/go-uuid v1.0.3 // indirect
-	github.com/hashicorp/go-version v1.2.1 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/hashicorp/serf v0.10.1 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.17 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
-	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/zclconf/go-cty v1.12.1 // indirect
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/sys v0.10.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-)
diff --git a/testing/deployer/go.sum b/testing/deployer/go.sum
deleted file mode 100644
index 603dbfb8d6c8..000000000000
--- a/testing/deployer/go.sum
+++ /dev/null
@@ -1,246 +0,0 @@
-github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
-github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
-github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
-github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
-github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
-github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
-github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/hashicorp/consul/api v1.24.0 h1:u2XyStA2j0jnCiVUU7Qyrt8idjRn4ORhK6DlvZ3bWhA=
-github.com/hashicorp/consul/api v1.24.0/go.mod h1:NZJGRFYruc/80wYowkPFCp1LbGmJC9L8izrwfyVx/Wg=
-github.com/hashicorp/consul/sdk v0.14.1 h1:ZiwE2bKb+zro68sWzZ1SgHF3kRMBZ94TwOCFRF4ylPs=
-github.com/hashicorp/consul/sdk v0.14.1/go.mod h1:vFt03juSzocLRFo59NkeQHHmQa6+g7oU0pfzdI1mUhg=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
-github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
-github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
-github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
-github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
-github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
-github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
-github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
-github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
-github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/hcl/v2 v2.16.2 h1:mpkHZh/Tv+xet3sy3F9Ld4FyI2tUpWe9x3XtPx9f1a0=
-github.com/hashicorp/hcl/v2 v2.16.2/go.mod h1:JRmR89jycNkrrqnMmvPDMd56n1rQJ2Q6KocSLCMCXng=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
-github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM=
-github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0=
-github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
-github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
-github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
-github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
-github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
-github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
-github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
-github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
-github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
-github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
-github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
-github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/rboyer/safeio v0.2.2 h1:XhtqyUTRleMYGyBt3ni4j2BtEh669U2ry2INnnd+B4k=
-github.com/rboyer/safeio v0.2.2/go.mod h1:pSnr2LFXyn/c/fotxotyOdYy7pP/XSh6MpBmzXPjiNc=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
-github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
-github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
-github.com/zclconf/go-cty v1.12.1 h1:PcupnljUm9EIvbgSHQnHhUr3fO6oFmkOrvs2BAFNXXY=
-github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
-golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
-golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
-golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
-golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/testing/deployer/sprawl/acl.go b/testing/deployer/sprawl/acl.go
deleted file mode 100644
index 63d86220d9ff..000000000000
--- a/testing/deployer/sprawl/acl.go
+++ /dev/null
@@ -1,335 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import (
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/hashicorp/consul/api"
-
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-// TODO: fix this by checking that a token/policy works on ALL servers before
-// returning from create.
-func isACLNotFound(err error) bool {
-	if err == nil {
-		return false
-	}
-	return strings.Contains(err.Error(), `ACL not found`)
-}
-
-func (s *Sprawl) bootstrapACLs(cluster string) error {
-	var (
-		client    = s.clients[cluster]
-		logger    = s.logger.With("cluster", cluster)
-		mgmtToken = s.secrets.ReadGeneric(cluster, secrets.BootstrapToken)
-	)
-
-	ac := client.ACL()
-
-	if mgmtToken != "" {
-	NOT_BOOTED:
-		ready, err := s.isACLBootstrapped(cluster, client)
-		if err != nil {
-			return fmt.Errorf("error checking if the acl system is bootstrapped: %w", err)
-		} else if !ready {
-			logger.Warn("ACL system is not ready yet")
-			time.Sleep(250 * time.Millisecond)
-			goto NOT_BOOTED
-		}
-
-	TRYAGAIN:
-		// check to see if it works
-		_, _, err = ac.TokenReadSelf(&api.QueryOptions{Token: mgmtToken})
-		if err != nil {
-			if isACLNotBootstrapped(err) {
-				logger.Warn("system is rebooting", "error", err)
-				time.Sleep(250 * time.Millisecond)
-				goto TRYAGAIN
-			}
-
-			return fmt.Errorf("management token no longer works: %w", err)
-		}
-
-		logger.Info("current management token", "token", mgmtToken)
-		return nil
-	}
-
-TRYAGAIN2:
-	logger.Info("bootstrapping ACLs")
-	tok, _, err := ac.Bootstrap()
-	if err != nil {
-		if isACLNotBootstrapped(err) {
-			logger.Warn("system is rebooting", "error", err)
-			time.Sleep(250 * time.Millisecond)
-			goto TRYAGAIN2
-		}
-		return err
-	}
-	mgmtToken = tok.SecretID
-	s.secrets.SaveGeneric(cluster, secrets.BootstrapToken, mgmtToken)
-
-	logger.Info("current management token", "token", mgmtToken)
-
-	return nil
-
-}
-
-func isACLNotBootstrapped(err error) bool {
-	switch {
-	case strings.Contains(err.Error(), "ACL system must be bootstrapped before making any requests that require authorization"):
-		return true
-	case strings.Contains(err.Error(), "The ACL system is currently in legacy mode"):
-		return true
-	}
-	return false
-}
-
-func (s *Sprawl) isACLBootstrapped(cluster string, client *api.Client) (bool, error) {
-	policy, _, err := client.ACL().PolicyReadByName("global-management", &api.QueryOptions{
-		Token: s.secrets.ReadGeneric(cluster, secrets.BootstrapToken),
-	})
-	if err != nil {
-		if strings.Contains(err.Error(), "Unexpected response code: 403 (ACL not found)") {
-			return false, nil
-		} else if isACLNotBootstrapped(err) {
-			return false, nil
-		}
-		return false, err
-	}
-	return policy != nil, nil
-}
-
-func (s *Sprawl) createAnonymousToken(cluster *topology.Cluster) error {
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	if err := s.createAnonymousPolicy(cluster); err != nil {
-		return err
-	}
-
-	token, err := CreateOrUpdateToken(client, anonymousToken())
-	if err != nil {
-		return err
-	}
-
-	logger.Info("created anonymous token",
-		"token", token.SecretID,
-	)
-
-	return nil
-}
-
-func (s *Sprawl) createAnonymousPolicy(cluster *topology.Cluster) error {
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	op, err := CreateOrUpdatePolicy(client, anonymousPolicy(cluster.Enterprise))
-	if err != nil {
-		return err
-	}
-
-	logger.Info("created anonymous policy",
-		"policy-name", op.Name,
-		"policy-id", op.ID,
-	)
-
-	return nil
-}
-
-func (s *Sprawl) createAgentTokens(cluster *topology.Cluster) error {
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	for _, node := range cluster.Nodes {
-		// NOTE: always create tokens even for disabled nodes.
-		if !node.IsAgent() {
-			continue
-		}
-
-		if tok := s.secrets.ReadAgentToken(cluster.Name, node.ID()); tok == "" {
-			token, err := CreateOrUpdateToken(client, tokenForNode(node, cluster.Enterprise))
-			if err != nil {
-				return err
-			}
-
-			logger.Info("created agent token",
-				"node", node.ID(),
-				"token", token.SecretID,
-			)
-
-			s.secrets.SaveAgentToken(cluster.Name, node.ID(), token.SecretID)
-		}
-	}
-
-	return nil
-}
-
-// Create a policy to allow super permissive catalog reads across namespace
-// boundaries.
-func (s *Sprawl) createCrossNamespaceCatalogReadPolicies(cluster *topology.Cluster, partition string) error {
-	if !cluster.Enterprise {
-		return nil
-	}
-
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	op, err := CreateOrUpdatePolicy(client, policyForCrossNamespaceRead(partition))
-	if err != nil {
-		return err
-	}
-
-	logger.Info("created cross-ns-catalog-read policy",
-		"policy-name", op.Name,
-		"policy-id", op.ID,
-		"partition", partition,
-	)
-
-	return nil
-}
-
-func (s *Sprawl) createAllServiceTokens() error {
-	for _, cluster := range s.topology.Clusters {
-		if err := s.createServiceTokens(cluster); err != nil {
-			return fmt.Errorf("createServiceTokens[%s]: %w", cluster.Name, err)
-		}
-	}
-	return nil
-}
-
-func (s *Sprawl) createServiceTokens(cluster *topology.Cluster) error {
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	sids := make(map[topology.ServiceID]struct{})
-	for _, node := range cluster.Nodes {
-		if !node.RunsWorkloads() || len(node.Services) == 0 || node.Disabled {
-			continue
-		}
-
-		for _, svc := range node.Services {
-			sid := svc.ID
-
-			if _, done := sids[sid]; done {
-				continue
-			}
-
-			var overridePolicy *api.ACLPolicy
-			if svc.IsMeshGateway {
-				var err error
-				overridePolicy, err = CreateOrUpdatePolicy(client, policyForMeshGateway(svc, cluster.Enterprise))
-				if err != nil {
-					return fmt.Errorf("could not create policy: %w", err)
-				}
-			}
-
-			token, err := CreateOrUpdateToken(client, tokenForService(svc, overridePolicy, cluster.Enterprise))
-			if err != nil {
-				return fmt.Errorf("could not create token: %w", err)
-			}
-
-			logger.Info("created service token",
-				"service", svc.ID.Name,
-				"namespace", svc.ID.Namespace,
-				"partition", svc.ID.Partition,
-				"token", token.SecretID,
-			)
-
-			s.secrets.SaveServiceToken(cluster.Name, sid, token.SecretID)
-
-			sids[sid] = struct{}{}
-		}
-	}
-
-	return nil
-}
-
-func CreateOrUpdateToken(client *api.Client, t *api.ACLToken) (*api.ACLToken, error) {
-	ac := client.ACL()
-
-	currentToken, err := getTokenByDescription(client, t.Description, &api.QueryOptions{
-		Partition: t.Partition,
-		Namespace: t.Namespace,
-	})
-	if err != nil {
-		return nil, err
-	} else if currentToken != nil {
-		t.AccessorID = currentToken.AccessorID
-		t.SecretID = currentToken.SecretID
-	}
-
-	if t.AccessorID != "" {
-		t, _, err = ac.TokenUpdate(t, nil)
-	} else {
-		t, _, err = ac.TokenCreate(t, nil)
-	}
-	if err != nil {
-		return nil, err
-	}
-	return t, nil
-}
-
-func getTokenByDescription(client *api.Client, description string, opts *api.QueryOptions) (*api.ACLToken, error) {
-	ac := client.ACL()
-	tokens, _, err := ac.TokenList(opts)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, tokenEntry := range tokens {
-		if tokenEntry.Description == description {
-			token, _, err := ac.TokenRead(tokenEntry.AccessorID, opts)
-			if err != nil {
-				return nil, err
-			}
-
-			return token, nil
-		}
-	}
-	return nil, nil
-}
-
-func CreateOrUpdatePolicy(client *api.Client, p *api.ACLPolicy) (*api.ACLPolicy, error) {
-	ac := client.ACL()
-
-	currentPolicy, _, err := ac.PolicyReadByName(p.Name, &api.QueryOptions{
-		Partition: p.Partition,
-		Namespace: p.Namespace,
-	})
-
-	// There is a quirk about Consul 1.14.x, where: if reading a policy yields
-	// an empty result, we return "ACL not found". It's safe to ignore this here,
-	// because if the Client's ACL token truly doesn't exist, then the create fails below.
-	if err != nil && !strings.Contains(err.Error(), "ACL not found") {
-		return nil, err
-	} else if currentPolicy != nil {
-		p.ID = currentPolicy.ID
-	}
-
-	if p.ID != "" {
-		p, _, err = ac.PolicyUpdate(p, nil)
-	} else {
-		p, _, err = ac.PolicyCreate(p, nil)
-	}
-
-	if err != nil {
-		return nil, err
-	}
-	return p, nil
-}
diff --git a/testing/deployer/sprawl/acl_rules.go b/testing/deployer/sprawl/acl_rules.go
deleted file mode 100644
index 036149cdfd6c..000000000000
--- a/testing/deployer/sprawl/acl_rules.go
+++ /dev/null
@@ -1,163 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import (
-	"fmt"
-
-	"github.com/hashicorp/consul/api"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-func policyForCrossNamespaceRead(partition string) *api.ACLPolicy {
-	return &api.ACLPolicy{
-		Name:        "cross-ns-catalog-read",
-		Description: "cross-ns-catalog-read",
-		Partition:   partition,
-		Rules: fmt.Sprintf(`
-partition %[1]q {
-  namespace_prefix "" {
-    node_prefix ""    { policy = "read" }
-    service_prefix "" { policy = "read" }
-  }
-}
-`, partition),
-	}
-}
-
-const anonymousTokenAccessorID = "00000000-0000-0000-0000-000000000002"
-
-func anonymousToken() *api.ACLToken {
-	return &api.ACLToken{
-		AccessorID: anonymousTokenAccessorID,
-		// SecretID: "anonymous",
-		Description: "anonymous",
-		Local:       false,
-		Policies: []*api.ACLTokenPolicyLink{
-			{
-				Name: "anonymous",
-			},
-		},
-	}
-}
-
-func anonymousPolicy(enterprise bool) *api.ACLPolicy {
-	p := &api.ACLPolicy{
-		Name:        "anonymous",
-		Description: "anonymous",
-	}
-	if enterprise {
-		p.Rules = `
-partition_prefix "" {
-  namespace_prefix "" {
-    node_prefix "" { policy = "read" }
-    service_prefix "" { policy = "read" }
-  }
-}
-`
-	} else {
-		p.Rules = `
-node_prefix "" { policy = "read" }
-service_prefix "" { policy = "read" }
-`
-	}
-	return p
-}
-
-func tokenForNode(node *topology.Node, enterprise bool) *api.ACLToken {
-	nid := node.ID()
-
-	tokenName := "agent--" + nid.ACLString()
-
-	token := &api.ACLToken{
-		Description: tokenName,
-		Local:       false,
-		NodeIdentities: []*api.ACLNodeIdentity{{
-			NodeName:   node.PodName(),
-			Datacenter: node.Datacenter,
-		}},
-	}
-	if enterprise {
-		token.Partition = node.Partition
-		token.Namespace = "default"
-	}
-	return token
-}
-
-func tokenForService(svc *topology.Service, overridePolicy *api.ACLPolicy, enterprise bool) *api.ACLToken {
-	token := &api.ACLToken{
-		Description: "service--" + svc.ID.ACLString(),
-		Local:       false,
-	}
-	if overridePolicy != nil {
-		token.Policies = []*api.ACLTokenPolicyLink{{ID: overridePolicy.ID}}
-	} else {
-		token.ServiceIdentities = []*api.ACLServiceIdentity{{
-			ServiceName: svc.ID.Name,
-		}}
-	}
-
-	if enterprise {
-		token.Namespace = svc.ID.Namespace
-		token.Partition = svc.ID.Partition
-	}
-
-	return token
-}
-
-func policyForMeshGateway(svc *topology.Service, enterprise bool) *api.ACLPolicy {
-	policyName := "mesh-gateway--" + svc.ID.ACLString()
-
-	policy := &api.ACLPolicy{
-		Name:        policyName,
-		Description: policyName,
-	}
-	if enterprise {
-		policy.Partition = svc.ID.Partition
-		policy.Namespace = "default"
-	}
-
-	if enterprise {
-		policy.Rules = `
-namespace_prefix "" {
-  service "mesh-gateway" {
-    policy = "write"
-  }
-  service_prefix "" {
-    policy = "read"
-  }
-  node_prefix "" {
-    policy = "read"
-  }
-}
-agent_prefix "" {
-  policy = "read"
-}
-# for peering
-mesh = "write"
-peering = "read"
-`
-	} else {
-		policy.Rules = `
-service "mesh-gateway" {
-  policy = "write"
-}
-service_prefix "" {
-  policy = "read"
-}
-node_prefix "" {
-  policy = "read"
-}
-agent_prefix "" {
-  policy = "read"
-}
-# for peering
-mesh = "write"
-peering = "read"
-`
-	}
-
-	return policy
-}
diff --git a/testing/deployer/sprawl/boot.go b/testing/deployer/sprawl/boot.go
deleted file mode 100644
index 6f16f928f5d1..000000000000
--- a/testing/deployer/sprawl/boot.go
+++ /dev/null
@@ -1,523 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import (
-	"context"
-	"crypto/rand"
-	"encoding/base64"
-	"errors"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/go-multierror"
-
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/build"
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/tfgen"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/hashicorp/consul/testing/deployer/util"
-)
-
-const (
-	sharedBootstrapToken = "root"
-	// sharedBootstrapToken = "ec59aa56-1996-4ff1-911a-f5d782552a13"
-
-	sharedAgentRecoveryToken = "22082b05-05c9-4a0a-b3da-b9685ac1d688"
-)
-
-func (s *Sprawl) launch() error {
-	return s.launchType(true)
-}
-func (s *Sprawl) relaunch() error {
-	return s.launchType(false)
-}
-func (s *Sprawl) launchType(firstTime bool) (launchErr error) {
-	if err := build.DockerImages(s.logger, s.runner, s.topology); err != nil {
-		return fmt.Errorf("build.DockerImages: %w", err)
-	}
-
-	if firstTime {
-		// Initialize secrets the easy way for now (same in all clusters).
-		gossipKey, err := newGossipKey()
-		if err != nil {
-			return fmt.Errorf("newGossipKey: %w", err)
-		}
-		for _, cluster := range s.topology.Clusters {
-			s.secrets.SaveGeneric(cluster.Name, secrets.BootstrapToken, sharedBootstrapToken)
-			s.secrets.SaveGeneric(cluster.Name, secrets.AgentRecovery, sharedAgentRecoveryToken)
-			s.secrets.SaveGeneric(cluster.Name, secrets.GossipKey, gossipKey)
-
-			// Give servers a copy of the bootstrap token for use as their agent tokens
-			// to avoid complicating the chicken/egg situation for startup.
-			for _, node := range cluster.Nodes {
-				if node.IsServer() { // include disabled
-					s.secrets.SaveAgentToken(cluster.Name, node.ID(), sharedBootstrapToken)
-				}
-			}
-		}
-	}
-
-	var cleanupFuncs []func()
-	defer func() {
-		for i := len(cleanupFuncs) - 1; i >= 0; i-- {
-			cleanupFuncs[i]()
-		}
-	}()
-
-	if firstTime {
-		var err error
-		s.generator, err = tfgen.NewGenerator(
-			s.logger.Named("tfgen"),
-			s.runner,
-			s.topology,
-			&s.secrets,
-			s.workdir,
-			s.license,
-		)
-		if err != nil {
-			return err
-		}
-	} else {
-		s.generator.SetTopology(s.topology)
-	}
-	cleanupFuncs = append(cleanupFuncs, func() {
-		// Log the error before the cleanup so you don't have to wait to see
-		// the cause.
-		if launchErr != nil {
-			s.logger.Error("fatal error during launch", "error", launchErr)
-		}
-
-		_ = s.generator.DestroyAllQuietly()
-	})
-
-	if firstTime {
-		// The networking phase is special. We have to pick a random subnet and
-		// hope. Once we have this established once it is immutable for future
-		// runs.
-		if err := s.initNetworkingAndVolumes(); err != nil {
-			return fmt.Errorf("initNetworkingAndVolumes: %w", err)
-		}
-	}
-
-	if err := s.assignIPAddresses(); err != nil {
-		return fmt.Errorf("assignIPAddresses: %w", err)
-	}
-
-	// The previous terraform run should have made the special volume for us.
-	if err := s.initTLS(context.TODO()); err != nil {
-		return fmt.Errorf("initTLS: %w", err)
-	}
-
-	if firstTime {
-		if err := s.createFirstTime(); err != nil {
-			return err
-		}
-
-		s.generator.MarkLaunched()
-	} else {
-		if err := s.updateExisting(); err != nil {
-			return err
-		}
-	}
-
-	if err := s.waitForPeeringEstablishment(); err != nil {
-		return fmt.Errorf("waitForPeeringEstablishment: %w", err)
-	}
-
-	cleanupFuncs = nil // reset
-
-	return nil
-}
-
-func (s *Sprawl) Stop() error {
-	var merr error
-	if s.generator != nil {
-		if err := s.generator.DestroyAllQuietly(); err != nil {
-			merr = multierror.Append(merr, err)
-		}
-	}
-	return merr
-}
-
-const dockerOutOfNetworksErrorMessage = `Unable to create network: Error response from daemon: Pool overlaps with other one on this address space`
-
-var ErrDockerNetworkCollision = errors.New("could not create one or more docker networks for use due to subnet collision")
-
-func (s *Sprawl) initNetworkingAndVolumes() error {
-	var lastErr error
-	for attempts := 0; attempts < 5; attempts++ {
-		err := s.generator.Generate(tfgen.StepNetworks)
-		if err != nil && strings.Contains(err.Error(), dockerOutOfNetworksErrorMessage) {
-			lastErr = ErrDockerNetworkCollision
-			s.logger.Warn(ErrDockerNetworkCollision.Error()+"; retrying", "attempt", attempts+1)
-			time.Sleep(1 * time.Second)
-			continue
-		} else if err != nil {
-			return fmt.Errorf("generator[networks]: %w", err)
-		}
-		return nil
-	}
-
-	return lastErr
-}
-
-func (s *Sprawl) assignIPAddresses() error {
-	// assign ips now that we have network ips known to us
-	for _, net := range s.topology.Networks {
-		if len(net.IPPool) == 0 {
-			return fmt.Errorf("network %q does not have any ip assignments", net.Name)
-		}
-	}
-	for _, cluster := range s.topology.Clusters {
-		for _, node := range cluster.Nodes {
-			for _, addr := range node.Addresses {
-				net, ok := s.topology.Networks[addr.Network]
-				if !ok {
-					return fmt.Errorf("unknown network %q", addr.Network)
-				}
-				addr.IPAddress = net.IPByIndex(node.Index)
-			}
-		}
-	}
-
-	return nil
-}
-
-func (s *Sprawl) initConsulServers() error {
-	if err := s.generator.Generate(tfgen.StepServers); err != nil {
-		return fmt.Errorf("generator[servers]: %w", err)
-	}
-
-	// s.logger.Info("ALL", "t", jd(s.topology)) // TODO
-
-	// Create token-less api clients first.
-	for _, cluster := range s.topology.Clusters {
-		node := cluster.FirstServer()
-
-		var err error
-		s.clients[cluster.Name], err = util.ProxyAPIClient(
-			node.LocalProxyPort(),
-			node.LocalAddress(),
-			8500,
-			"", /*no token yet*/
-		)
-		if err != nil {
-			return fmt.Errorf("error creating initial bootstrap client for cluster=%s: %w", cluster.Name, err)
-		}
-	}
-
-	if err := s.rejoinAllConsulServers(); err != nil {
-		return err
-	}
-
-	for _, cluster := range s.topology.Clusters {
-		err := s.bootstrapACLs(cluster.Name)
-		if err != nil {
-			return fmt.Errorf("bootstrap[%s]: %w", cluster.Name, err)
-		}
-
-		mgmtToken := s.secrets.ReadGeneric(cluster.Name, secrets.BootstrapToken)
-
-		// Reconfigure the clients to use a management token.
-		node := cluster.FirstServer()
-		s.clients[cluster.Name], err = util.ProxyAPIClient(
-			node.LocalProxyPort(),
-			node.LocalAddress(),
-			8500,
-			mgmtToken,
-		)
-		if err != nil {
-			return fmt.Errorf("error creating final client for cluster=%s: %v", cluster.Name, err)
-		}
-
-		// For some reason the grpc resolver stuff for partitions takes some
-		// time to get ready.
-		s.waitForLocalWrites(cluster, mgmtToken)
-
-		// Create tenancies so that the ACL tokens and clients have somewhere to go.
-		if cluster.Enterprise {
-			if err := s.initTenancies(cluster); err != nil {
-				return fmt.Errorf("initTenancies[%s]: %w", cluster.Name, err)
-			}
-		}
-
-		if err := s.populateInitialConfigEntries(cluster); err != nil {
-			return fmt.Errorf("populateInitialConfigEntries[%s]: %w", cluster.Name, err)
-		}
-
-		if err := s.createAnonymousToken(cluster); err != nil {
-			return fmt.Errorf("createAnonymousToken[%s]: %w", cluster.Name, err)
-		}
-
-		// Create tokens for all of the agents to use for anti-entropy.
-		//
-		// NOTE: this will cause the servers to roll to pick up the change to
-		// the acl{tokens{agent=XXX}}} section.
-		if err := s.createAgentTokens(cluster); err != nil {
-			return fmt.Errorf("createAgentTokens[%s]: %w", cluster.Name, err)
-		}
-	}
-
-	return nil
-}
-
-func (s *Sprawl) createFirstTime() error {
-	if err := s.initConsulServers(); err != nil {
-		return fmt.Errorf("initConsulServers: %w", err)
-	}
-
-	if err := s.generator.Generate(tfgen.StepAgents); err != nil {
-		return fmt.Errorf("generator[agents]: %w", err)
-	}
-	for _, cluster := range s.topology.Clusters {
-		if err := s.waitForClientAntiEntropyOnce(cluster); err != nil {
-			return fmt.Errorf("waitForClientAntiEntropyOnce[%s]: %w", cluster.Name, err)
-		}
-	}
-
-	// Ideally we start services WITH a token initially, so we pre-create them
-	// before running terraform for them.
-	if err := s.createAllServiceTokens(); err != nil {
-		return fmt.Errorf("createAllServiceTokens: %w", err)
-	}
-
-	if err := s.registerAllServicesForDataplaneInstances(); err != nil {
-		return fmt.Errorf("registerAllServicesForDataplaneInstances: %w", err)
-	}
-
-	// We can do this ahead, because we've incrementally run terraform as
-	// we went.
-	if err := s.registerAllServicesToAgents(); err != nil {
-		return fmt.Errorf("registerAllServicesToAgents: %w", err)
-	}
-
-	// NOTE: start services WITH token initially
-	if err := s.generator.Generate(tfgen.StepServices); err != nil {
-		return fmt.Errorf("generator[services]: %w", err)
-	}
-
-	if err := s.initPeerings(); err != nil {
-		return fmt.Errorf("initPeerings: %w", err)
-	}
-	return nil
-}
-
-func (s *Sprawl) updateExisting() error {
-	if err := s.preRegenTasks(); err != nil {
-		return fmt.Errorf("preRegenTasks: %w", err)
-	}
-
-	// We save all of the terraform to the end. Some of the containers will
-	// be a little broken until we can do stuff like register services to
-	// new agents, which we cannot do until they come up.
-	if err := s.generator.Generate(tfgen.StepRelaunch); err != nil {
-		return fmt.Errorf("generator[relaunch]: %w", err)
-	}
-
-	if err := s.postRegenTasks(); err != nil {
-		return fmt.Errorf("postRegenTasks: %w", err)
-	}
-
-	// TODO: enforce that peering relationships cannot change
-	// TODO: include a fixup version of new peerings?
-
-	return nil
-}
-
-func (s *Sprawl) preRegenTasks() error {
-	for _, cluster := range s.topology.Clusters {
-		// Create tenancies so that the ACL tokens and clients have somewhere to go.
-		if cluster.Enterprise {
-			if err := s.initTenancies(cluster); err != nil {
-				return fmt.Errorf("initTenancies[%s]: %w", cluster.Name, err)
-			}
-		}
-
-		if err := s.populateInitialConfigEntries(cluster); err != nil {
-			return fmt.Errorf("populateInitialConfigEntries[%s]: %w", cluster.Name, err)
-		}
-
-		// Create tokens for all of the agents to use for anti-entropy.
-		if err := s.createAgentTokens(cluster); err != nil {
-			return fmt.Errorf("createAgentTokens[%s]: %w", cluster.Name, err)
-		}
-	}
-
-	// Ideally we start services WITH a token initially, so we pre-create them
-	// before running terraform for them.
-	if err := s.createAllServiceTokens(); err != nil {
-		return fmt.Errorf("createAllServiceTokens: %w", err)
-	}
-
-	if err := s.registerAllServicesForDataplaneInstances(); err != nil {
-		return fmt.Errorf("registerAllServicesForDataplaneInstances: %w", err)
-	}
-
-	return nil
-}
-
-func (s *Sprawl) postRegenTasks() error {
-	if err := s.rejoinAllConsulServers(); err != nil {
-		return err
-	}
-
-	for _, cluster := range s.topology.Clusters {
-		var err error
-
-		mgmtToken := s.secrets.ReadGeneric(cluster.Name, secrets.BootstrapToken)
-
-		// Reconfigure the clients to use a management token.
-		node := cluster.FirstServer()
-		s.clients[cluster.Name], err = util.ProxyAPIClient(
-			node.LocalProxyPort(),
-			node.LocalAddress(),
-			8500,
-			mgmtToken,
-		)
-		if err != nil {
-			return fmt.Errorf("error creating final client for cluster=%s: %v", cluster.Name, err)
-		}
-
-		s.waitForLeader(cluster)
-
-		// For some reason the grpc resolver stuff for partitions takes some
-		// time to get ready.
-		s.waitForLocalWrites(cluster, mgmtToken)
-	}
-
-	for _, cluster := range s.topology.Clusters {
-		if err := s.waitForClientAntiEntropyOnce(cluster); err != nil {
-			return fmt.Errorf("waitForClientAntiEntropyOnce[%s]: %w", cluster.Name, err)
-		}
-	}
-
-	if err := s.registerAllServicesToAgents(); err != nil {
-		return fmt.Errorf("registerAllServicesToAgents: %w", err)
-	}
-
-	return nil
-}
-
-func (s *Sprawl) waitForLocalWrites(cluster *topology.Cluster, token string) {
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-	tryKV := func() error {
-		_, err := client.KV().Put(&api.KVPair{
-			Key:   "local-test",
-			Value: []byte("payload-for-local-test-in-" + cluster.Name),
-		}, nil)
-		return err
-	}
-	tryAP := func() error {
-		if !cluster.Enterprise {
-			return nil
-		}
-		_, _, err := client.Partitions().Create(context.Background(), &api.Partition{
-			Name: "placeholder",
-		}, &api.WriteOptions{Token: token})
-		return err
-	}
-
-	start := time.Now()
-	for attempts := 0; ; attempts++ {
-		if err := tryKV(); err != nil {
-			logger.Warn("local kv write failed; something is not ready yet", "error", err)
-			time.Sleep(500 * time.Millisecond)
-			continue
-		} else {
-			dur := time.Since(start)
-			logger.Info("local kv write success", "elapsed", dur, "retries", attempts)
-		}
-
-		break
-	}
-
-	if cluster.Enterprise {
-		start = time.Now()
-		for attempts := 0; ; attempts++ {
-			if err := tryAP(); err != nil {
-				logger.Warn("local partition write failed; something is not ready yet", "error", err)
-				time.Sleep(500 * time.Millisecond)
-				continue
-			} else {
-				dur := time.Since(start)
-				logger.Info("local partition write success", "elapsed", dur, "retries", attempts)
-			}
-
-			break
-		}
-	}
-}
-
-func (s *Sprawl) waitForClientAntiEntropyOnce(cluster *topology.Cluster) error {
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	var (
-		queryOptionList = cluster.PartitionQueryOptionsList()
-		start           = time.Now()
-		cc              = client.Catalog()
-	)
-	for {
-		// Enumerate all of the nodes that are currently in the catalog. This
-		// will overmatch including things like fake nodes for agentless but
-		// that's ok.
-		current := make(map[topology.NodeID]*api.Node)
-		for _, queryOpts := range queryOptionList {
-			nodes, _, err := cc.Nodes(queryOpts)
-			if err != nil {
-				return err
-			}
-			for _, node := range nodes {
-				nid := topology.NewNodeID(node.Node, node.Partition)
-				current[nid] = node
-			}
-		}
-
-		// See if we have them all.
-		var stragglers []topology.NodeID
-		for _, node := range cluster.Nodes {
-			if !node.IsAgent() || node.Disabled {
-				continue
-			}
-			nid := node.CatalogID()
-
-			got, ok := current[nid]
-			if ok && len(got.TaggedAddresses) > 0 {
-				// this is a field that is not updated just due to serf reconcile
-				continue
-			}
-
-			stragglers = append(stragglers, nid)
-		}
-
-		if len(stragglers) == 0 {
-			dur := time.Since(start)
-			logger.Info("all nodes have posted node updates, so first anti-entropy has happened", "elapsed", dur)
-			return nil
-		}
-		logger.Info("not all client nodes have posted node updates yet", "nodes", stragglers)
-
-		time.Sleep(1 * time.Second)
-	}
-}
-
-func newGossipKey() (string, error) {
-	key := make([]byte, 16)
-	n, err := rand.Reader.Read(key)
-	if err != nil {
-		return "", fmt.Errorf("Error reading random data: %s", err)
-	}
-	if n != 16 {
-		return "", fmt.Errorf("Couldn't read enough entropy. Generate more entropy!")
-	}
-	return base64.StdEncoding.EncodeToString(key), nil
-}
diff --git a/testing/deployer/sprawl/catalog.go b/testing/deployer/sprawl/catalog.go
deleted file mode 100644
index eb355739a6cf..000000000000
--- a/testing/deployer/sprawl/catalog.go
+++ /dev/null
@@ -1,428 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import (
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/hashicorp/consul/api"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/hashicorp/consul/testing/deployer/util"
-)
-
-func (s *Sprawl) registerAllServicesToAgents() error {
-	for _, cluster := range s.topology.Clusters {
-		if err := s.registerServicesToAgents(cluster); err != nil {
-			return fmt.Errorf("registerServicesToAgents[%s]: %w", cluster.Name, err)
-		}
-	}
-	return nil
-}
-
-func (s *Sprawl) registerAllServicesForDataplaneInstances() error {
-	for _, cluster := range s.topology.Clusters {
-		if err := s.registerServicesForDataplaneInstances(cluster); err != nil {
-			return fmt.Errorf("registerServicesForDataplaneInstances[%s]: %w", cluster.Name, err)
-		}
-	}
-	return nil
-}
-
-func (s *Sprawl) registerServicesToAgents(cluster *topology.Cluster) error {
-	for _, node := range cluster.Nodes {
-		if !node.RunsWorkloads() || len(node.Services) == 0 || node.Disabled {
-			continue
-		}
-
-		if !node.IsAgent() {
-			continue
-		}
-
-		agentClient, err := util.ProxyAPIClient(
-			node.LocalProxyPort(),
-			node.LocalAddress(),
-			8500,
-			"", /*token will be in request*/
-		)
-		if err != nil {
-			return err
-		}
-
-		for _, svc := range node.Services {
-			if err := s.registerAgentService(agentClient, cluster, node, svc); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-func (s *Sprawl) registerAgentService(
-	agentClient *api.Client,
-	cluster *topology.Cluster,
-	node *topology.Node,
-	svc *topology.Service,
-) error {
-	if !node.IsAgent() {
-		panic("called wrong method type")
-	}
-
-	if svc.IsMeshGateway {
-		return nil // handled at startup time for agent-full, but won't be for agent-less
-	}
-
-	var (
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	reg := &api.AgentServiceRegistration{
-		ID:   svc.ID.Name,
-		Name: svc.ID.Name,
-		Port: svc.Port,
-		Meta: svc.Meta,
-	}
-	if cluster.Enterprise {
-		reg.Namespace = svc.ID.Namespace
-		reg.Partition = svc.ID.Partition
-	}
-
-	if !svc.DisableServiceMesh {
-		var upstreams []api.Upstream
-		for _, u := range svc.Upstreams {
-			uAPI := api.Upstream{
-				DestinationPeer:  u.Peer,
-				DestinationName:  u.ID.Name,
-				LocalBindAddress: u.LocalAddress,
-				LocalBindPort:    u.LocalPort,
-				// Config               map[string]interface{} `json:",omitempty" bexpr:"-"`
-				// MeshGateway          MeshGatewayConfig      `json:",omitempty"`
-			}
-			if cluster.Enterprise {
-				uAPI.DestinationNamespace = u.ID.Namespace
-				if u.Peer == "" {
-					uAPI.DestinationPartition = u.ID.Partition
-				}
-			}
-			upstreams = append(upstreams, uAPI)
-		}
-		reg.Connect = &api.AgentServiceConnect{
-			SidecarService: &api.AgentServiceRegistration{
-				Proxy: &api.AgentServiceConnectProxyConfig{
-					Upstreams: upstreams,
-				},
-			},
-		}
-	}
-
-	switch {
-	case svc.CheckTCP != "":
-		chk := &api.AgentServiceCheck{
-			Name:     "up",
-			TCP:      svc.CheckTCP,
-			Interval: "5s",
-			Timeout:  "1s",
-		}
-		reg.Checks = append(reg.Checks, chk)
-	case svc.CheckHTTP != "":
-		chk := &api.AgentServiceCheck{
-			Name:     "up",
-			HTTP:     svc.CheckHTTP,
-			Method:   "GET",
-			Interval: "5s",
-			Timeout:  "1s",
-		}
-		reg.Checks = append(reg.Checks, chk)
-	}
-
-	// Switch token for every request.
-	hdr := make(http.Header)
-	hdr.Set("X-Consul-Token", s.secrets.ReadServiceToken(cluster.Name, svc.ID))
-	agentClient.SetHeaders(hdr)
-
-RETRY:
-	if err := agentClient.Agent().ServiceRegister(reg); err != nil {
-		if isACLNotFound(err) {
-			time.Sleep(50 * time.Millisecond)
-			goto RETRY
-		}
-		return fmt.Errorf("failed to register service %q to node %q: %w", svc.ID, node.ID(), err)
-	}
-
-	logger.Info("registered service to client agent",
-		"service", svc.ID.Name,
-		"node", node.Name,
-		"namespace", svc.ID.Namespace,
-		"partition", svc.ID.Partition,
-	)
-
-	return nil
-}
-
-func (s *Sprawl) registerServicesForDataplaneInstances(cluster *topology.Cluster) error {
-	for _, node := range cluster.Nodes {
-		if !node.RunsWorkloads() || len(node.Services) == 0 || node.Disabled {
-			continue
-		}
-
-		if !node.IsDataplane() {
-			continue
-		}
-
-		if err := s.registerCatalogNode(cluster, node); err != nil {
-			return fmt.Errorf("error registering virtual node: %w", err)
-		}
-
-		for _, svc := range node.Services {
-			if err := s.registerCatalogService(cluster, node, svc); err != nil {
-				return fmt.Errorf("error registering service: %w", err)
-			}
-			if !svc.DisableServiceMesh {
-				if err := s.registerCatalogSidecarService(cluster, node, svc); err != nil {
-					return fmt.Errorf("error registering sidecar service: %w", err)
-				}
-			}
-		}
-	}
-
-	return nil
-}
-
-func (s *Sprawl) registerCatalogNode(
-	cluster *topology.Cluster,
-	node *topology.Node,
-) error {
-	if !node.IsDataplane() {
-		panic("called wrong method type")
-	}
-
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	reg := &api.CatalogRegistration{
-		Node:    node.PodName(),
-		Address: node.LocalAddress(),
-		NodeMeta: map[string]string{
-			"dataplane-faux": "1",
-		},
-	}
-	if cluster.Enterprise {
-		reg.Partition = node.Partition
-	}
-
-	// register synthetic node
-RETRY:
-	if _, err := client.Catalog().Register(reg, nil); err != nil {
-		if isACLNotFound(err) {
-			time.Sleep(50 * time.Millisecond)
-			goto RETRY
-		}
-		return fmt.Errorf("error registering virtual node %s: %w", node.ID(), err)
-	}
-
-	logger.Info("virtual node created",
-		"node", node.ID(),
-	)
-
-	return nil
-}
-
-func (s *Sprawl) registerCatalogService(
-	cluster *topology.Cluster,
-	node *topology.Node,
-	svc *topology.Service,
-) error {
-	if !node.IsDataplane() {
-		panic("called wrong method type")
-	}
-
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	reg := serviceToCatalogRegistration(cluster, node, svc)
-
-RETRY:
-	if _, err := client.Catalog().Register(reg, nil); err != nil {
-		if isACLNotFound(err) {
-			time.Sleep(50 * time.Millisecond)
-			goto RETRY
-		}
-		return fmt.Errorf("error registering service %s to node %s: %w", svc.ID, node.ID(), err)
-	}
-
-	logger.Info("dataplane service created",
-		"service", svc.ID,
-		"node", node.ID(),
-	)
-
-	return nil
-}
-
-func (s *Sprawl) registerCatalogSidecarService(
-	cluster *topology.Cluster,
-	node *topology.Node,
-	svc *topology.Service,
-) error {
-	if !node.IsDataplane() {
-		panic("called wrong method type")
-	}
-	if svc.DisableServiceMesh {
-		panic("not valid")
-	}
-
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	pid, reg := serviceToSidecarCatalogRegistration(cluster, node, svc)
-RETRY:
-	if _, err := client.Catalog().Register(reg, nil); err != nil {
-		if isACLNotFound(err) {
-			time.Sleep(50 * time.Millisecond)
-			goto RETRY
-		}
-		return fmt.Errorf("error registering service %s to node %s: %w", svc.ID, node.ID(), err)
-	}
-
-	logger.Info("dataplane sidecar service created",
-		"service", pid,
-		"node", node.ID(),
-	)
-
-	return nil
-}
-
-func serviceToCatalogRegistration(
-	cluster *topology.Cluster,
-	node *topology.Node,
-	svc *topology.Service,
-) *api.CatalogRegistration {
-	reg := &api.CatalogRegistration{
-		Node:           node.PodName(),
-		SkipNodeUpdate: true,
-		Service: &api.AgentService{
-			Kind:    api.ServiceKindTypical,
-			ID:      svc.ID.Name,
-			Service: svc.ID.Name,
-			Meta:    svc.Meta,
-			Port:    svc.Port,
-			Address: node.LocalAddress(),
-		},
-	}
-	if node.HasPublicAddress() {
-		reg.TaggedAddresses = map[string]string{
-			"lan":      node.LocalAddress(),
-			"lan_ipv4": node.LocalAddress(),
-			"wan":      node.PublicAddress(),
-			"wan_ipv4": node.PublicAddress(),
-		}
-	}
-	if cluster.Enterprise {
-		reg.Partition = svc.ID.Partition
-		reg.Service.Namespace = svc.ID.Namespace
-		reg.Service.Partition = svc.ID.Partition
-	}
-
-	if svc.HasCheck() {
-		chk := &api.HealthCheck{
-			Name: "external sync",
-			// Type:      "external-sync",
-			Status:      "passing", //  TODO
-			ServiceID:   svc.ID.Name,
-			ServiceName: svc.ID.Name,
-			Output:      "",
-		}
-		if cluster.Enterprise {
-			chk.Namespace = svc.ID.Namespace
-			chk.Partition = svc.ID.Partition
-		}
-		switch {
-		case svc.CheckTCP != "":
-			chk.Definition.TCP = svc.CheckTCP
-		case svc.CheckHTTP != "":
-			chk.Definition.HTTP = svc.CheckHTTP
-			chk.Definition.Method = "GET"
-		}
-		reg.Checks = append(reg.Checks, chk)
-	}
-	return reg
-}
-
-func serviceToSidecarCatalogRegistration(
-	cluster *topology.Cluster,
-	node *topology.Node,
-	svc *topology.Service,
-) (topology.ServiceID, *api.CatalogRegistration) {
-	pid := svc.ID
-	pid.Name += "-sidecar-proxy"
-	reg := &api.CatalogRegistration{
-		Node:           node.PodName(),
-		SkipNodeUpdate: true,
-		Service: &api.AgentService{
-			Kind:    api.ServiceKindConnectProxy,
-			ID:      pid.Name,
-			Service: pid.Name,
-			Meta:    svc.Meta,
-			Port:    svc.EnvoyPublicListenerPort,
-			Address: node.LocalAddress(),
-			Proxy: &api.AgentServiceConnectProxyConfig{
-				DestinationServiceName: svc.ID.Name,
-				DestinationServiceID:   svc.ID.Name,
-				LocalServicePort:       svc.Port,
-			},
-		},
-		Checks: []*api.HealthCheck{{
-			Name: "external sync",
-			// Type:      "external-sync",
-			Status:      "passing", //  TODO
-			ServiceID:   pid.Name,
-			ServiceName: pid.Name,
-			Definition: api.HealthCheckDefinition{
-				TCP: fmt.Sprintf("%s:%d", node.LocalAddress(), svc.EnvoyPublicListenerPort),
-			},
-			Output: "",
-		}},
-	}
-	if node.HasPublicAddress() {
-		reg.TaggedAddresses = map[string]string{
-			"lan":      node.LocalAddress(),
-			"lan_ipv4": node.LocalAddress(),
-			"wan":      node.PublicAddress(),
-			"wan_ipv4": node.PublicAddress(),
-		}
-	}
-	if cluster.Enterprise {
-		reg.Partition = pid.Partition
-		reg.Service.Namespace = pid.Namespace
-		reg.Service.Partition = pid.Partition
-		reg.Checks[0].Namespace = pid.Namespace
-		reg.Checks[0].Partition = pid.Partition
-	}
-
-	for _, u := range svc.Upstreams {
-		pu := api.Upstream{
-			DestinationName:  u.ID.Name,
-			DestinationPeer:  u.Peer,
-			LocalBindAddress: u.LocalAddress,
-			LocalBindPort:    u.LocalPort,
-		}
-		if cluster.Enterprise {
-			pu.DestinationNamespace = u.ID.Namespace
-			if u.Peer == "" {
-				pu.DestinationPartition = u.ID.Partition
-			}
-		}
-		reg.Service.Proxy.Upstreams = append(reg.Service.Proxy.Upstreams, pu)
-	}
-
-	return pid, reg
-}
diff --git a/testing/deployer/sprawl/configentries.go b/testing/deployer/sprawl/configentries.go
deleted file mode 100644
index 90ca2bb4cda2..000000000000
--- a/testing/deployer/sprawl/configentries.go
+++ /dev/null
@@ -1,61 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import (
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/hashicorp/consul/api"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-func (s *Sprawl) populateInitialConfigEntries(cluster *topology.Cluster) error {
-	if len(cluster.InitialConfigEntries) == 0 {
-		return nil
-	}
-
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	for _, ce := range cluster.InitialConfigEntries {
-		_, _, err := client.ConfigEntries().Set(ce, nil)
-		if err != nil {
-			if ce.GetKind() == api.ServiceIntentions && strings.Contains(err.Error(), intentionsMigrationError) {
-				logger.Warn("known error writing initial config entry; trying again",
-					"kind", ce.GetKind(),
-					"name", ce.GetName(),
-					"namespace", ce.GetNamespace(),
-					"partition", ce.GetPartition(),
-					"error", err,
-				)
-
-				time.Sleep(500 * time.Millisecond)
-				continue
-			}
-			return fmt.Errorf(
-				"error persisting config entry kind=%q name=%q namespace=%q partition=%q: %w",
-				ce.GetKind(),
-				ce.GetName(),
-				ce.GetNamespace(),
-				ce.GetPartition(),
-				err,
-			)
-		}
-		logger.Info("wrote initial config entry",
-			"kind", ce.GetKind(),
-			"name", ce.GetName(),
-			"namespace", ce.GetNamespace(),
-			"partition", ce.GetPartition(),
-		)
-	}
-
-	return nil
-}
-
-const intentionsMigrationError = `Intentions are read only while being upgraded to config entries`
diff --git a/testing/deployer/sprawl/consul.go b/testing/deployer/sprawl/consul.go
deleted file mode 100644
index e92fe218846e..000000000000
--- a/testing/deployer/sprawl/consul.go
+++ /dev/null
@@ -1,101 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import (
-	"errors"
-	"fmt"
-	"time"
-
-	"github.com/hashicorp/consul/api"
-
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/hashicorp/consul/testing/deployer/util"
-)
-
-func getLeader(client *api.Client) (string, error) {
-	leaderAdd, err := client.Status().Leader()
-	if err != nil {
-		return "", fmt.Errorf("could not query leader: %w", err)
-	}
-	if leaderAdd == "" {
-		return "", errors.New("no leader available")
-	}
-	return leaderAdd, nil
-}
-
-func (s *Sprawl) waitForLeader(cluster *topology.Cluster) {
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-	for {
-		leader, err := client.Status().Leader()
-		if leader != "" && err == nil {
-			logger.Info("cluster has leader", "leader_addr", leader)
-			return
-		}
-		logger.Info("cluster has no leader yet", "error", err)
-		time.Sleep(500 * time.Millisecond)
-	}
-}
-
-func (s *Sprawl) rejoinAllConsulServers() error {
-	// Join the servers together.
-	for _, cluster := range s.topology.Clusters {
-		if err := s.rejoinServers(cluster); err != nil {
-			return fmt.Errorf("rejoinServers[%s]: %w", cluster.Name, err)
-		}
-		s.waitForLeader(cluster)
-	}
-	return nil
-}
-
-func (s *Sprawl) rejoinServers(cluster *topology.Cluster) error {
-	var (
-		// client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	servers := cluster.ServerNodes()
-
-	recoveryToken := s.secrets.ReadGeneric(cluster.Name, secrets.AgentRecovery)
-
-	node0, rest := servers[0], servers[1:]
-	client, err := util.ProxyNotPooledAPIClient(
-		node0.LocalProxyPort(),
-		node0.LocalAddress(),
-		8500,
-		recoveryToken,
-	)
-	if err != nil {
-		return fmt.Errorf("could not get client for %q: %w", node0.ID(), err)
-	}
-
-	logger.Info("joining servers together",
-		"from", node0.ID(),
-		"rest", nodeSliceToNodeIDSlice(rest),
-	)
-	for _, node := range rest {
-		for {
-			err = client.Agent().Join(node.LocalAddress(), false)
-			if err == nil {
-				break
-			}
-			logger.Warn("could not join", "from", node0.ID(), "to", node.ID(), "error", err)
-			time.Sleep(500 * time.Millisecond)
-		}
-	}
-
-	return nil
-}
-
-func nodeSliceToNodeIDSlice(nodes []*topology.Node) []topology.NodeID {
-	var out []topology.NodeID
-	for _, node := range nodes {
-		out = append(out, node.ID())
-	}
-	return out
-}
diff --git a/testing/deployer/sprawl/debug.go b/testing/deployer/sprawl/debug.go
deleted file mode 100644
index df11f96c3c8b..000000000000
--- a/testing/deployer/sprawl/debug.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import "encoding/json"
-
-func jd(v any) string {
-	b, _ := json.MarshalIndent(v, "", "  ")
-	return string(b)
-}
diff --git a/testing/deployer/sprawl/details.go b/testing/deployer/sprawl/details.go
deleted file mode 100644
index 1c896598b4a9..000000000000
--- a/testing/deployer/sprawl/details.go
+++ /dev/null
@@ -1,173 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import (
-	"bytes"
-	"fmt"
-	"sort"
-	"strconv"
-	"strings"
-	"text/tabwriter"
-)
-
-// PrintDetails will dump relevant addressing and naming data to the logger for
-// human interaction purposes.
-func (s *Sprawl) PrintDetails() error {
-	det := logDetails{
-		TopologyID: s.topology.ID,
-	}
-
-	for _, cluster := range s.topology.Clusters {
-		client := s.clients[cluster.Name]
-
-		cfg, err := client.Operator().RaftGetConfiguration(nil)
-		if err != nil {
-			return fmt.Errorf("could not get raft config for cluster %q: %w", cluster.Name, err)
-		}
-
-		var leaderNode string
-		for _, svr := range cfg.Servers {
-			if svr.Leader {
-				leaderNode = strings.TrimSuffix(svr.Node, "-pod")
-			}
-		}
-
-		cd := clusterDetails{
-			Name:   cluster.Name,
-			Leader: leaderNode,
-		}
-
-		for _, node := range cluster.Nodes {
-			if node.Disabled {
-				continue
-			}
-
-			var addrs []string
-			for _, addr := range node.Addresses {
-				addrs = append(addrs, addr.Network+"="+addr.IPAddress)
-			}
-			sort.Strings(addrs)
-
-			if node.IsServer() {
-				cd.Apps = append(cd.Apps, appDetail{
-					Type:        "server",
-					Container:   node.DockerName(),
-					Addresses:   addrs,
-					ExposedPort: node.ExposedPort(8500),
-				})
-			}
-
-			for _, svc := range node.Services {
-				if svc.IsMeshGateway {
-					cd.Apps = append(cd.Apps, appDetail{
-						Type:                  "mesh-gateway",
-						Container:             node.DockerName(),
-						ExposedPort:           node.ExposedPort(svc.Port),
-						ExposedEnvoyAdminPort: node.ExposedPort(svc.EnvoyAdminPort),
-						Addresses:             addrs,
-						Service:               svc.ID.String(),
-					})
-				} else {
-					cd.Apps = append(cd.Apps, appDetail{
-						Type:                  "app",
-						Container:             node.DockerName(),
-						ExposedPort:           node.ExposedPort(svc.Port),
-						ExposedEnvoyAdminPort: node.ExposedPort(svc.EnvoyAdminPort),
-						Addresses:             addrs,
-						Service:               svc.ID.String(),
-					})
-				}
-			}
-		}
-
-		det.Clusters = append(det.Clusters, cd)
-	}
-
-	var buf bytes.Buffer
-	w := tabwriter.NewWriter(&buf, 0, 0, 3, ' ', tabwriter.Debug)
-
-	score := map[string]int{
-		"server":       0,
-		"mesh-gateway": 1,
-		"app":          2,
-	}
-
-	for _, cluster := range det.Clusters {
-		fmt.Fprintf(w, "CLUSTER\tTYPE\tCONTAINER\tNAME\tADDRS\tPORTS\t\n")
-		sort.Slice(cluster.Apps, func(i, j int) bool {
-			a := cluster.Apps[i]
-			b := cluster.Apps[j]
-
-			asc := score[a.Type]
-			bsc := score[b.Type]
-
-			if asc < bsc {
-				return true
-			} else if asc > bsc {
-				return false
-			}
-
-			if a.Container < b.Container {
-				return true
-			} else if a.Container > b.Container {
-				return false
-			}
-
-			if a.Service < b.Service {
-				return true
-			} else if a.Service > b.Service {
-				return false
-			}
-
-			return a.ExposedPort < b.ExposedPort
-		})
-		for _, d := range cluster.Apps {
-			if d.Type == "server" && d.Container == cluster.Leader {
-				d.Type = "leader"
-			}
-			portStr := "app=" + strconv.Itoa(d.ExposedPort)
-			if d.ExposedEnvoyAdminPort > 0 {
-				portStr += " envoy=" + strconv.Itoa(d.ExposedEnvoyAdminPort)
-			}
-			fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\t\n",
-				cluster.Name,
-				d.Type,
-				d.Container,
-				d.Service,
-				strings.Join(d.Addresses, ", "),
-				portStr,
-			)
-		}
-		fmt.Fprintf(w, "\t\t\t\t\t\n")
-	}
-
-	w.Flush()
-
-	s.logger.Info("CURRENT SPRAWL DETAILS", "details", buf.String())
-
-	return nil
-}
-
-type logDetails struct {
-	TopologyID string
-	Clusters   []clusterDetails
-}
-
-type clusterDetails struct {
-	Name string
-
-	Leader string
-	Apps   []appDetail
-}
-
-type appDetail struct {
-	Type                  string // server|mesh-gateway|app
-	Container             string
-	Addresses             []string
-	ExposedPort           int `json:",omitempty"`
-	ExposedEnvoyAdminPort int `json:",omitempty"`
-	// just services
-	Service string `json:",omitempty"`
-}
diff --git a/testing/deployer/sprawl/ent.go b/testing/deployer/sprawl/ent.go
deleted file mode 100644
index 8ec2925ef163..000000000000
--- a/testing/deployer/sprawl/ent.go
+++ /dev/null
@@ -1,177 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"os"
-	"strings"
-	"time"
-
-	"github.com/hashicorp/consul/api"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-func (s *Sprawl) ensureLicense() error {
-	if s.license != "" {
-		return nil
-	}
-	v, err := readLicense()
-	if err != nil {
-		return err
-	}
-	s.license = v
-	return nil
-}
-
-func readLicense() (string, error) {
-	if license := os.Getenv("CONSUL_LICENSE"); license != "" {
-		return license, nil
-	}
-
-	licensePath := os.Getenv("CONSUL_LICENSE_PATH")
-	if licensePath == "" {
-		return "", nil
-	}
-
-	licenseBytes, err := os.ReadFile(licensePath)
-	if err != nil {
-		return "", err
-	}
-	return strings.TrimSpace(string(licenseBytes)), nil
-}
-
-func (s *Sprawl) initTenancies(cluster *topology.Cluster) error {
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	// TODO: change this to UPSERT
-
-	var (
-		partClient = client.Partitions()
-		nsClient   = client.Namespaces()
-
-		partitionNameList []string
-	)
-	for _, ap := range cluster.Partitions {
-		if ap.Name != "default" {
-			old, _, err := partClient.Read(context.Background(), ap.Name, nil)
-			if err != nil {
-				return fmt.Errorf("error reading partition %q: %w", ap.Name, err)
-			}
-			if old == nil {
-				obj := &api.Partition{
-					Name: ap.Name,
-				}
-
-				_, _, err := partClient.Create(context.Background(), obj, nil)
-				if err != nil {
-					return fmt.Errorf("error creating partition %q: %w", ap.Name, err)
-				}
-				logger.Info("created partition", "partition", ap.Name)
-			}
-
-			partitionNameList = append(partitionNameList, ap.Name)
-		}
-
-		if err := s.createCrossNamespaceCatalogReadPolicies(cluster, ap.Name); err != nil {
-			return fmt.Errorf("createCrossNamespaceCatalogReadPolicies[%s]: %w", ap.Name, err)
-		}
-
-		for _, ns := range ap.Namespaces {
-			old, _, err := nsClient.Read(ns, &api.QueryOptions{Partition: ap.Name})
-			if err != nil {
-				return err
-			}
-
-			if old == nil {
-				obj := &api.Namespace{
-					Partition: ap.Name,
-					Name:      ns,
-					ACLs: &api.NamespaceACLConfig{
-						PolicyDefaults: []api.ACLLink{
-							{Name: "cross-ns-catalog-read"},
-						},
-					},
-				}
-				if ns == "default" {
-					_, _, err := nsClient.Update(obj, nil)
-					if err != nil {
-						return err
-					}
-					logger.Info("updated namespace", "namespace", ns, "partition", ap.Name)
-				} else {
-					_, _, err := nsClient.Create(obj, nil)
-					if err != nil {
-						return err
-					}
-					logger.Info("created namespace", "namespace", ns, "partition", ap.Name)
-				}
-			}
-		}
-	}
-
-	if err := s.waitUntilPartitionedSerfIsReady(context.TODO(), cluster, partitionNameList); err != nil {
-		return fmt.Errorf("waitUntilPartitionedSerfIsReady: %w", err)
-	}
-
-	return nil
-}
-
-func (s *Sprawl) waitUntilPartitionedSerfIsReady(ctx context.Context, cluster *topology.Cluster, partitions []string) error {
-	var (
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	readyLogs := make(map[string]string)
-	for _, partition := range partitions {
-		readyLogs[partition] = `agent.server: Added serf partition to gossip network: partition=` + partition
-	}
-
-	start := time.Now()
-	logger.Info("waiting for partitioned serf to be ready on all servers", "partitions", partitions)
-	for _, node := range cluster.Nodes {
-		if !node.IsServer() || node.Disabled {
-			continue
-		}
-
-		var buf bytes.Buffer
-		for {
-			buf.Reset()
-
-			err := s.runner.DockerExec(ctx, []string{
-				"logs", node.DockerName(),
-			}, &buf, nil)
-			if err != nil {
-				return fmt.Errorf("could not fetch docker logs from node %q: %w", node.ID(), err)
-			}
-
-			var (
-				body  = buf.String()
-				found []string
-			)
-
-			for partition, readyLog := range readyLogs {
-				if strings.Contains(body, readyLog) {
-					found = append(found, partition)
-				}
-			}
-
-			if len(found) == len(readyLogs) {
-				break
-			}
-		}
-
-		time.Sleep(500 * time.Millisecond)
-	}
-
-	logger.Info("partitioned serf is ready on all servers", "partitions", partitions, "elapsed", time.Since(start))
-
-	return nil
-}
diff --git a/testing/deployer/sprawl/helpers.go b/testing/deployer/sprawl/helpers.go
deleted file mode 100644
index 941311a1c118..000000000000
--- a/testing/deployer/sprawl/helpers.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-// Deprecated: remove
-func TruncateSquidError(err error) error {
-	return err
-}
-
-// Deprecated: remove
-func IsSquid503(err error) bool {
-	return false
-}
diff --git a/testing/deployer/sprawl/internal/build/docker.go b/testing/deployer/sprawl/internal/build/docker.go
deleted file mode 100644
index 7007d44c844a..000000000000
--- a/testing/deployer/sprawl/internal/build/docker.go
+++ /dev/null
@@ -1,86 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package build
-
-import (
-	"context"
-	"strings"
-
-	"github.com/hashicorp/go-hclog"
-
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/runner"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-const dockerfileEnvoy = `
-ARG CONSUL_IMAGE
-ARG ENVOY_IMAGE
-FROM ${CONSUL_IMAGE}
-FROM ${ENVOY_IMAGE}
-COPY --from=0 /bin/consul /bin/consul
-`
-
-// FROM hashicorp/consul-dataplane:latest
-// COPY --from=busybox:uclibc /bin/sh /bin/sh
-const dockerfileDataplane = `
-ARG DATAPLANE_IMAGE
-FROM busybox:latest
-FROM ${DATAPLANE_IMAGE}
-COPY --from=0 /bin/busybox /bin/busybox
-USER 0:0
-RUN ["busybox", "--install", "/bin", "-s"]
-USER 100:0
-ENTRYPOINT []
-`
-
-func DockerImages(
-	logger hclog.Logger,
-	run *runner.Runner,
-	t *topology.Topology,
-) error {
-	logw := logger.Named("docker").StandardWriter(&hclog.StandardLoggerOptions{ForceLevel: hclog.Info})
-
-	built := make(map[string]struct{})
-	for _, c := range t.Clusters {
-		for _, n := range c.Nodes {
-			joint := n.Images.EnvoyConsulImage()
-			if _, ok := built[joint]; joint != "" && !ok {
-				logger.Info("building image", "image", joint)
-				err := run.DockerExec(context.TODO(), []string{
-					"build",
-					"--build-arg",
-					"CONSUL_IMAGE=" + n.Images.Consul,
-					"--build-arg",
-					"ENVOY_IMAGE=" + n.Images.Envoy,
-					"-t", joint,
-					"-",
-				}, logw, strings.NewReader(dockerfileEnvoy))
-				if err != nil {
-					return err
-				}
-
-				built[joint] = struct{}{}
-			}
-
-			cdp := n.Images.LocalDataplaneImage()
-			if _, ok := built[cdp]; cdp != "" && !ok {
-				logger.Info("building image", "image", cdp)
-				err := run.DockerExec(context.TODO(), []string{
-					"build",
-					"--build-arg",
-					"DATAPLANE_IMAGE=" + n.Images.Dataplane,
-					"-t", cdp,
-					"-",
-				}, logw, strings.NewReader(dockerfileDataplane))
-				if err != nil {
-					return err
-				}
-
-				built[cdp] = struct{}{}
-			}
-		}
-	}
-
-	return nil
-}
diff --git a/testing/deployer/sprawl/internal/runner/exec.go b/testing/deployer/sprawl/internal/runner/exec.go
deleted file mode 100644
index 1c2a8a1d311b..000000000000
--- a/testing/deployer/sprawl/internal/runner/exec.go
+++ /dev/null
@@ -1,123 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package runner
-
-import (
-	"bytes"
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"os/exec"
-
-	"github.com/hashicorp/go-hclog"
-)
-
-type Runner struct {
-	logger hclog.Logger
-
-	tfBin     string
-	dockerBin string
-}
-
-func Load(logger hclog.Logger) (*Runner, error) {
-	r := &Runner{
-		logger: logger,
-	}
-
-	type item struct {
-		name string
-		dest *string
-		warn string // optional
-	}
-	lookup := []item{
-		{"docker", &r.dockerBin, ""},
-		{"terraform", &r.tfBin, ""},
-	}
-
-	var (
-		bins []string
-		err  error
-	)
-	for _, i := range lookup {
-		*i.dest, err = exec.LookPath(i.name)
-		if err != nil {
-			if errors.Is(err, exec.ErrNotFound) {
-				if i.warn != "" {
-					return nil, fmt.Errorf("Could not find %q on path (%s): %w", i.name, i.warn, err)
-				} else {
-					return nil, fmt.Errorf("Could not find %q on path: %w", i.name, err)
-				}
-			}
-			return nil, fmt.Errorf("Unexpected failure looking for %q on path: %w", i.name, err)
-		}
-		bins = append(bins, *i.dest)
-	}
-	r.logger.Trace("using binaries", "paths", bins)
-
-	return r, nil
-}
-
-func (r *Runner) DockerExec(ctx context.Context, args []string, stdout io.Writer, stdin io.Reader) error {
-	return cmdExec(ctx, "docker", r.dockerBin, args, stdout, nil, stdin, "")
-}
-
-func (r *Runner) DockerExecWithStderr(ctx context.Context, args []string, stdout, stderr io.Writer, stdin io.Reader) error {
-	return cmdExec(ctx, "docker", r.dockerBin, args, stdout, stderr, stdin, "")
-}
-
-func (r *Runner) TerraformExec(ctx context.Context, args []string, stdout io.Writer, workdir string) error {
-	return cmdExec(ctx, "terraform", r.tfBin, args, stdout, nil, nil, workdir)
-}
-
-func cmdExec(ctx context.Context, name, binary string, args []string, stdout, stderr io.Writer, stdin io.Reader, dir string) error {
-	if binary == "" {
-		panic("binary named " + name + " was not detected")
-	}
-	var errWriter bytes.Buffer
-
-	if stdout == nil {
-		stdout = os.Stdout // TODO: wrap logs
-	}
-
-	cmd := exec.CommandContext(ctx, binary, args...)
-	if dir != "" {
-		cmd.Dir = dir
-	}
-	cmd.Stdout = stdout
-	cmd.Stderr = &errWriter
-	if stderr != nil {
-		cmd.Stderr = io.MultiWriter(stderr, cmd.Stderr)
-	}
-	cmd.Stdin = stdin
-	if err := cmd.Run(); err != nil {
-		return &ExecError{
-			BinaryName:  name,
-			Err:         err,
-			ErrorOutput: errWriter.String(),
-		}
-	}
-
-	return nil
-}
-
-type ExecError struct {
-	BinaryName  string
-	ErrorOutput string
-	Err         error
-}
-
-func (e *ExecError) Unwrap() error {
-	return e.Err
-}
-
-func (e *ExecError) Error() string {
-	return fmt.Sprintf(
-		"could not invoke %q: %v : %s",
-		e.BinaryName,
-		e.Err,
-		e.ErrorOutput,
-	)
-}
diff --git a/testing/deployer/sprawl/internal/secrets/store.go b/testing/deployer/sprawl/internal/secrets/store.go
deleted file mode 100644
index 0cacf88b256e..000000000000
--- a/testing/deployer/sprawl/internal/secrets/store.go
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package secrets
-
-import (
-	"net/url"
-	"strings"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-type Store struct {
-	m map[string]string
-}
-
-const (
-	GossipKey      = "gossip"
-	BootstrapToken = "bootstrap-token"
-	AgentRecovery  = "agent-recovery"
-)
-
-func (s *Store) SaveGeneric(cluster, name, value string) {
-	s.save(encode(cluster, "generic", name), value)
-}
-
-func (s *Store) ReadGeneric(cluster, name string) string {
-	return s.read(encode(cluster, "generic", name))
-}
-
-func (s *Store) SaveAgentToken(cluster string, nid topology.NodeID, value string) {
-	s.save(encode(cluster, "agent", nid.String()), value)
-}
-
-func (s *Store) ReadAgentToken(cluster string, nid topology.NodeID) string {
-	return s.read(encode(cluster, "agent", nid.String()))
-}
-
-func (s *Store) SaveServiceToken(cluster string, sid topology.ServiceID, value string) {
-	s.save(encode(cluster, "service", sid.String()), value)
-}
-
-func (s *Store) ReadServiceToken(cluster string, sid topology.ServiceID) string {
-	return s.read(encode(cluster, "service", sid.String()))
-}
-
-func (s *Store) save(key, value string) {
-	if s.m == nil {
-		s.m = make(map[string]string)
-	}
-
-	s.m[key] = value
-}
-
-func (s *Store) read(key string) string {
-	if s.m == nil {
-		return ""
-	}
-
-	v, ok := s.m[key]
-	if !ok {
-		return ""
-	}
-	return v
-}
-
-func encode(parts ...string) string {
-	var out []string
-	for _, p := range parts {
-		out = append(out, url.QueryEscape(p))
-	}
-	return strings.Join(out, "/")
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/agent.go b/testing/deployer/sprawl/internal/tfgen/agent.go
deleted file mode 100644
index d884d200d2e9..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/agent.go
+++ /dev/null
@@ -1,218 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/hashicorp/hcl/v2/hclwrite"
-
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-func (g *Generator) generateAgentHCL(node *topology.Node) (string, error) {
-	if !node.IsAgent() {
-		return "", fmt.Errorf("not an agent")
-	}
-
-	cluster, ok := g.topology.Clusters[node.Cluster]
-	if !ok {
-		return "", fmt.Errorf("no such cluster: %s", node.Cluster)
-	}
-
-	var b HCLBuilder
-
-	b.add("server", node.IsServer())
-	b.add("bind_addr", "0.0.0.0")
-	b.add("client_addr", "0.0.0.0")
-	b.add("advertise_addr", `{{ GetInterfaceIP "eth0" }}`)
-	b.add("datacenter", node.Datacenter)
-	b.add("disable_update_check", true)
-	b.add("log_level", "trace")
-	b.add("enable_debug", true)
-	b.add("use_streaming_backend", true)
-
-	// speed up leaves
-	b.addBlock("performance", func() {
-		b.add("leave_drain_time", "50ms")
-	})
-
-	b.add("primary_datacenter", node.Datacenter)
-
-	// Using retry_join here is bad because changing server membership will
-	// destroy and recreate all of the servers
-	// if !node.IsServer() {
-	b.addSlice("retry_join", []string{"server." + node.Cluster + "-consulcluster.lan"})
-	b.add("retry_interval", "1s")
-	// }
-
-	if node.IsServer() {
-		b.addBlock("peering", func() {
-			b.add("enabled", true)
-		})
-	}
-
-	b.addBlock("ui_config", func() {
-		b.add("enabled", true)
-	})
-
-	b.addBlock("telemetry", func() {
-		b.add("disable_hostname", true)
-		b.add("prometheus_retention_time", "168h")
-	})
-
-	b.add("encrypt", g.sec.ReadGeneric(node.Cluster, secrets.GossipKey))
-
-	{
-		var (
-			root     = "/consul/config/certs"
-			caFile   = root + "/consul-agent-ca.pem"
-			certFile = root + "/" + node.TLSCertPrefix + ".pem"
-			certKey  = root + "/" + node.TLSCertPrefix + "-key.pem"
-		)
-
-		b.addBlock("tls", func() {
-			b.addBlock("internal_rpc", func() {
-				b.add("ca_file", caFile)
-				b.add("cert_file", certFile)
-				b.add("key_file", certKey)
-				b.add("verify_incoming", true)
-				b.add("verify_server_hostname", true)
-				b.add("verify_outgoing", true)
-			})
-			// if cfg.EncryptionTLSAPI {
-			// 	b.addBlock("https", func() {
-			// 		b.add("ca_file", caFile)
-			// 		b.add("cert_file", certFile)
-			// 		b.add("key_file", certKey)
-			// 		// b.add("verify_incoming", true)
-			// 	})
-			// }
-			if node.IsServer() {
-				b.addBlock("grpc", func() {
-					b.add("ca_file", caFile)
-					b.add("cert_file", certFile)
-					b.add("key_file", certKey)
-					// b.add("verify_incoming", true)
-				})
-			}
-		})
-	}
-
-	b.addBlock("ports", func() {
-		if node.IsServer() {
-			b.add("grpc_tls", 8503)
-			b.add("grpc", -1)
-		} else {
-			b.add("grpc", 8502)
-			b.add("grpc_tls", -1)
-		}
-		b.add("http", 8500)
-		b.add("dns", 8600)
-	})
-
-	b.addSlice("recursors", []string{"8.8.8.8"})
-
-	b.addBlock("acl", func() {
-		b.add("enabled", true)
-		b.add("default_policy", "deny")
-		b.add("down_policy", "extend-cache")
-		b.add("enable_token_persistence", true)
-		b.addBlock("tokens", func() {
-			if node.IsServer() {
-				b.add("initial_management", g.sec.ReadGeneric(node.Cluster, secrets.BootstrapToken))
-			}
-			b.add("agent_recovery", g.sec.ReadGeneric(node.Cluster, secrets.AgentRecovery))
-			b.add("agent", g.sec.ReadAgentToken(node.Cluster, node.ID()))
-		})
-	})
-
-	if node.IsServer() {
-		b.add("bootstrap_expect", len(cluster.ServerNodes()))
-		// b.add("translate_wan_addrs", true)
-		b.addBlock("rpc", func() {
-			b.add("enable_streaming", true)
-		})
-		if node.HasPublicAddress() {
-			b.add("advertise_addr_wan", `{{ GetInterfaceIP "eth1" }}`) // note: can't use 'node.PublicAddress()' b/c we don't know that yet
-		}
-
-		// Exercise config entry bootstrap
-		// b.addBlock("config_entries", func() {
-		// 	b.addBlock("bootstrap", func() {
-		// 		b.add("kind", "service-defaults")
-		// 		b.add("name", "placeholder")
-		// 		b.add("protocol", "grpc")
-		// 	})
-		// 	b.addBlock("bootstrap", func() {
-		// 		b.add("kind", "service-intentions")
-		// 		b.add("name", "placeholder")
-		// 		b.addBlock("sources", func() {
-		// 			b.add("name", "placeholder-client")
-		// 			b.add("action", "allow")
-		// 		})
-		// 	})
-		// })
-
-		b.addBlock("connect", func() {
-			b.add("enabled", true)
-		})
-
-	} else {
-		if cluster.Enterprise {
-			b.add("partition", node.Partition)
-		}
-	}
-
-	return b.String(), nil
-}
-
-type HCLBuilder struct {
-	parts []string
-}
-
-func (b *HCLBuilder) format(s string, a ...any) {
-	if len(a) == 0 {
-		b.parts = append(b.parts, s)
-	} else {
-		b.parts = append(b.parts, fmt.Sprintf(s, a...))
-	}
-}
-
-func (b *HCLBuilder) add(k string, v any) {
-	switch x := v.(type) {
-	case string:
-		if x != "" {
-			b.format("%s = %q", k, x)
-		}
-	case int:
-		b.format("%s = %d", k, x)
-	case bool:
-		b.format("%s = %v", k, x)
-	default:
-		panic(fmt.Sprintf("unexpected type %T", v))
-	}
-}
-
-func (b *HCLBuilder) addBlock(block string, fn func()) {
-	b.format(block + "{")
-	fn()
-	b.format("}")
-}
-
-func (b *HCLBuilder) addSlice(name string, vals []string) {
-	b.format(name + " = [")
-	for _, v := range vals {
-		b.format("%q,", v)
-	}
-	b.format("]")
-}
-
-func (b *HCLBuilder) String() string {
-	joined := strings.Join(b.parts, "\n")
-	// Ensure it looks tidy
-	return string(hclwrite.Format([]byte(joined)))
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/digest.go b/testing/deployer/sprawl/internal/tfgen/digest.go
deleted file mode 100644
index e840f91ee67b..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/digest.go
+++ /dev/null
@@ -1,48 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-import (
-	"fmt"
-)
-
-// digestOutputs takes the data extracted from terraform output variables and
-// updates various fields on the topology.Topology with that data.
-func (g *Generator) digestOutputs(out *Outputs) error {
-	for clusterName, nodeMap := range out.Nodes {
-		cluster, ok := g.topology.Clusters[clusterName]
-		if !ok {
-			return fmt.Errorf("found output cluster that does not exist: %s", clusterName)
-		}
-		for nid, nodeOut := range nodeMap {
-			node := cluster.NodeByID(nid)
-			if node == nil {
-				return fmt.Errorf("found output node that does not exist in cluster %q: %s", nid, clusterName)
-			}
-
-			if node.DigestExposedPorts(nodeOut.Ports) {
-				g.logger.Info("discovered exposed port mappings",
-					"cluster", clusterName,
-					"node", nid.String(),
-					"ports", nodeOut.Ports,
-				)
-			}
-		}
-	}
-
-	for netName, proxyPort := range out.ProxyPorts {
-		changed, err := g.topology.DigestExposedProxyPort(netName, proxyPort)
-		if err != nil {
-			return err
-		}
-		if changed {
-			g.logger.Info("discovered exposed forward proxy port",
-				"network", netName,
-				"port", proxyPort,
-			)
-		}
-	}
-
-	return nil
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/dns.go b/testing/deployer/sprawl/internal/tfgen/dns.go
deleted file mode 100644
index 6c3e5ca62469..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/dns.go
+++ /dev/null
@@ -1,183 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-import (
-	"bytes"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-	"text/template"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/hashicorp/consul/testing/deployer/util"
-)
-
-func (g *Generator) getCoreDNSContainer(
-	net *topology.Network,
-	ipAddress string,
-	hashes []string,
-) Resource {
-	var env []string
-	for i, hv := range hashes {
-		env = append(env, fmt.Sprintf("HASH_FILE_%d_VALUE=%s", i, hv))
-	}
-	coredns := struct {
-		Name              string
-		DockerNetworkName string
-		IPAddress         string
-		HashValues        string
-		Env               []string
-	}{
-		Name:              net.Name,
-		DockerNetworkName: net.DockerName,
-		IPAddress:         ipAddress,
-		Env:               env,
-	}
-	return Eval(tfCorednsT, &coredns)
-}
-
-func (g *Generator) writeCoreDNSFiles(net *topology.Network, dnsIPAddress string) (bool, []string, error) {
-	if net.IsPublic() {
-		return false, nil, fmt.Errorf("coredns only runs on local networks")
-	}
-
-	rootdir := filepath.Join(g.workdir, "terraform", "coredns-config-"+net.Name)
-	if err := os.MkdirAll(rootdir, 0755); err != nil {
-		return false, nil, err
-	}
-
-	for _, cluster := range g.topology.Clusters {
-		if cluster.NetworkName != net.Name {
-			continue
-		}
-		var addrs []string
-		for _, node := range cluster.SortedNodes() {
-			if node.Kind != topology.NodeKindServer || node.Disabled {
-				continue
-			}
-			addr := node.AddressByNetwork(net.Name)
-			if addr.IPAddress != "" {
-				addrs = append(addrs, addr.IPAddress)
-			}
-		}
-
-		var (
-			clusterDNSName = cluster.Name + "-consulcluster.lan"
-		)
-
-		corefilePath := filepath.Join(rootdir, "Corefile")
-		zonefilePath := filepath.Join(rootdir, "servers")
-
-		_, err := UpdateFileIfDifferent(
-			g.logger,
-			generateCoreDNSConfigFile(
-				clusterDNSName,
-				addrs,
-			),
-			corefilePath,
-			0644,
-		)
-		if err != nil {
-			return false, nil, fmt.Errorf("error writing %q: %w", corefilePath, err)
-		}
-		corefileHash, err := util.HashFile(corefilePath)
-		if err != nil {
-			return false, nil, fmt.Errorf("error hashing %q: %w", corefilePath, err)
-		}
-
-		_, err = UpdateFileIfDifferent(
-			g.logger,
-			generateCoreDNSZoneFile(
-				dnsIPAddress,
-				clusterDNSName,
-				addrs,
-			),
-			zonefilePath,
-			0644,
-		)
-		if err != nil {
-			return false, nil, fmt.Errorf("error writing %q: %w", zonefilePath, err)
-		}
-		zonefileHash, err := util.HashFile(zonefilePath)
-		if err != nil {
-			return false, nil, fmt.Errorf("error hashing %q: %w", zonefilePath, err)
-		}
-
-		return true, []string{corefileHash, zonefileHash}, nil
-	}
-
-	return false, nil, nil
-}
-
-func generateCoreDNSConfigFile(
-	clusterDNSName string,
-	addrs []string,
-) []byte {
-	serverPart := ""
-	if len(addrs) > 0 {
-		var servers []string
-		for _, addr := range addrs {
-			servers = append(servers, addr+":8600")
-		}
-		serverPart = fmt.Sprintf(`
-consul:53 {
-  forward . %s
-  log
-  errors
-  whoami
-}
-`, strings.Join(servers, " "))
-	}
-
-	return []byte(fmt.Sprintf(`
-%[1]s:53 {
-  file /config/servers %[1]s
-  log
-  errors
-  whoami
-}
-
-%[2]s
-
-.:53 {
-  forward . 8.8.8.8:53
-  log
-  errors
-  whoami
-}
-`, clusterDNSName, serverPart))
-}
-
-func generateCoreDNSZoneFile(
-	dnsIPAddress string,
-	clusterDNSName string,
-	addrs []string,
-) []byte {
-	var buf bytes.Buffer
-	buf.WriteString(fmt.Sprintf(`
-$TTL 60
-$ORIGIN %[1]s.
-@                   IN	SOA ns.%[1]s. webmaster.%[1]s. (
-          2017042745 ; serial
-          7200       ; refresh (2 hours)				
-          3600       ; retry (1 hour)			
-          1209600    ; expire (2 weeks)				
-          3600       ; minimum (1 hour)				
-          )
-@  IN NS ns.%[1]s. ; Name server
-ns IN A  %[2]s     ; self
-`, clusterDNSName, dnsIPAddress))
-
-	for _, addr := range addrs {
-		buf.WriteString(fmt.Sprintf(`
-server IN A %s ; Consul server
-`, addr))
-	}
-
-	return buf.Bytes()
-}
-
-var tfCorednsT = template.Must(template.ParseFS(content, "templates/container-coredns.tf.tmpl"))
diff --git a/testing/deployer/sprawl/internal/tfgen/docker.go b/testing/deployer/sprawl/internal/tfgen/docker.go
deleted file mode 100644
index bc8bd657563d..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/docker.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-import (
-	"fmt"
-	"regexp"
-)
-
-var invalidResourceName = regexp.MustCompile(`[^a-z0-9-]+`)
-
-func DockerImageResourceName(image string) string {
-	return invalidResourceName.ReplaceAllLiteralString(image, "-")
-}
-
-func DockerNetwork(name, subnet string) Resource {
-	return Text(fmt.Sprintf(`
-resource "docker_network" %[1]q {
-  name       = %[1]q
-  attachable = true
-  ipam_config {
-    subnet = %[2]q
-  }
-}
-`, name, subnet))
-}
-
-func DockerVolume(name string) Resource {
-	return Text(fmt.Sprintf(`
-resource "docker_volume" %[1]q {
-  name       = %[1]q
-}`, name))
-}
-
-func DockerImage(name, image string) Resource {
-	return Text(fmt.Sprintf(`
-resource "docker_image" %[1]q {
-  name = %[2]q
-  keep_locally = true
-}`, name, image))
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/docker_test.go b/testing/deployer/sprawl/internal/tfgen/docker_test.go
deleted file mode 100644
index 942b87189fca..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/docker_test.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestDockerImageResourceName(t *testing.T) {
-	fn := DockerImageResourceName
-
-	assert.Equal(t, "", fn(""))
-	assert.Equal(t, "abcdefghijklmnopqrstuvwxyz0123456789-", fn("abcdefghijklmnopqrstuvwxyz0123456789-"))
-	assert.Equal(t, "hashicorp-consul-1-15-0", fn("hashicorp/consul:1.15.0"))
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/gen.go b/testing/deployer/sprawl/internal/tfgen/gen.go
deleted file mode 100644
index b576f2c93e59..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/gen.go
+++ /dev/null
@@ -1,478 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-
-	"github.com/hashicorp/go-hclog"
-
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/runner"
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/hashicorp/consul/testing/deployer/util"
-)
-
-type Generator struct {
-	logger   hclog.Logger
-	runner   *runner.Runner
-	topology *topology.Topology
-	sec      *secrets.Store
-	workdir  string
-	license  string
-
-	tfLogger io.Writer
-
-	// set during network phase
-	remainingSubnets map[string]struct{}
-
-	launched bool
-}
-
-func NewGenerator(
-	logger hclog.Logger,
-	runner *runner.Runner,
-	topo *topology.Topology,
-	sec *secrets.Store,
-	workdir string,
-	license string,
-) (*Generator, error) {
-	if logger == nil {
-		panic("logger is required")
-	}
-	if runner == nil {
-		panic("runner is required")
-	}
-	if topo == nil {
-		panic("topology is required")
-	}
-	if sec == nil {
-		panic("secrets store is required")
-	}
-	if workdir == "" {
-		panic("workdir is required")
-	}
-
-	g := &Generator{
-		logger:  logger,
-		runner:  runner,
-		sec:     sec,
-		workdir: workdir,
-		license: license,
-
-		tfLogger: logger.Named("terraform").StandardWriter(&hclog.StandardLoggerOptions{
-			ForceLevel: hclog.Info,
-		}),
-	}
-	g.SetTopology(topo)
-
-	_ = g.terraformDestroy(context.Background(), true) // cleanup prior run
-
-	return g, nil
-}
-
-func (g *Generator) MarkLaunched() {
-	g.launched = true
-}
-
-func (g *Generator) SetTopology(topo *topology.Topology) {
-	if topo == nil {
-		panic("topology is required")
-	}
-	g.topology = topo
-}
-
-type Step int
-
-const (
-	StepAll      Step = 0
-	StepNetworks Step = 1
-	StepServers  Step = 2
-	StepAgents   Step = 3
-	StepServices Step = 4
-	// StepPeering  Step = XXX5
-	StepRelaunch Step = 5
-)
-
-func (s Step) String() string {
-	switch s {
-	case StepAll:
-		return "all"
-	case StepNetworks:
-		return "networks"
-	case StepServers:
-		return "servers"
-	case StepAgents:
-		return "agents"
-	case StepServices:
-		return "services"
-	case StepRelaunch:
-		return "relaunch"
-	// case StepPeering:
-	// 	return "peering"
-	default:
-		return "UNKNOWN--" + strconv.Itoa(int(s))
-	}
-}
-
-func (s Step) StartServers() bool  { return s >= StepServers }
-func (s Step) StartAgents() bool   { return s >= StepAgents }
-func (s Step) StartServices() bool { return s >= StepServices }
-
-// func (s Step) InitiatePeering() bool { return s >= StepPeering }
-
-func (g *Generator) Regenerate() error {
-	return g.Generate(StepRelaunch)
-}
-
-func (g *Generator) Generate(step Step) error {
-	if g.launched && step != StepRelaunch {
-		return fmt.Errorf("cannot use step %q after successful launch; see Regenerate()", step)
-	}
-
-	g.logger.Info("generating and creating resources", "step", step.String())
-	var (
-		networks   []Resource
-		volumes    []Resource
-		images     []Resource
-		containers []Resource
-
-		imageNames = make(map[string]string)
-	)
-
-	addVolume := func(name string) {
-		volumes = append(volumes, DockerVolume(name))
-	}
-	addImage := func(name, image string) {
-		if image == "" {
-			return
-		}
-		if _, ok := imageNames[image]; ok {
-			return
-		}
-
-		if name == "" {
-			name = DockerImageResourceName(image)
-		}
-
-		imageNames[image] = name
-
-		g.logger.Info("registering image", "resource", name, "image", image)
-
-		images = append(images, DockerImage(name, image))
-	}
-
-	if g.remainingSubnets == nil {
-		g.remainingSubnets = util.GetPossibleDockerNetworkSubnets()
-	}
-	if len(g.remainingSubnets) == 0 {
-		return fmt.Errorf("exhausted all docker networks")
-	}
-
-	addImage("nginx", "nginx:latest")
-	addImage("coredns", "coredns/coredns:latest")
-	for _, net := range g.topology.SortedNetworks() {
-		if net.Subnet == "" {
-			// Because this harness runs on a linux or macos host, we can't
-			// directly invoke the moby libnetwork calls to check for free
-			// subnets as it would have to cross into the docker desktop vm on
-			// mac.
-			//
-			// Instead rely on map iteration order being random to avoid
-			// collisions, but detect the terraform failure and retry until
-			// success.
-
-			var ipnet string
-			for ipnet = range g.remainingSubnets {
-			}
-			if ipnet == "" {
-				return fmt.Errorf("could not get a free docker network")
-			}
-			delete(g.remainingSubnets, ipnet)
-
-			if _, err := net.SetSubnet(ipnet); err != nil {
-				return fmt.Errorf("assigned subnet is invalid %q: %w", ipnet, err)
-			}
-		}
-		networks = append(networks, DockerNetwork(net.DockerName, net.Subnet))
-
-		var (
-			// We always ask for a /24, so just blindly pick x.x.x.252 as our
-			// proxy address. There's an offset of 2 in the list of available
-			// addresses here because we removed x.x.x.0 and x.x.x.1 from the
-			// pool.
-			proxyIPAddress = net.IPByIndex(250)
-			// Grab x.x.x.253 for the dns server
-			dnsIPAddress = net.IPByIndex(251)
-		)
-
-		{
-			// wrote, hashes, err := g.write
-		}
-
-		{ // nginx forward proxy
-			_, hash, err := g.writeNginxConfig(net)
-			if err != nil {
-				return fmt.Errorf("writeNginxConfig[%s]: %w", net.Name, err)
-			}
-
-			containers = append(containers, g.getForwardProxyContainer(net, proxyIPAddress, hash))
-
-		}
-
-		net.ProxyAddress = proxyIPAddress
-		net.DNSAddress = ""
-
-		if net.IsLocal() {
-			wrote, hashes, err := g.writeCoreDNSFiles(net, dnsIPAddress)
-			if err != nil {
-				return fmt.Errorf("writeCoreDNSFiles[%s]: %w", net.Name, err)
-			}
-			if wrote {
-				net.DNSAddress = dnsIPAddress
-				containers = append(containers, g.getCoreDNSContainer(net, dnsIPAddress, hashes))
-			}
-		}
-	}
-
-	for _, c := range g.topology.SortedClusters() {
-		if c.TLSVolumeName == "" {
-			c.TLSVolumeName = c.Name + "-tls-material-" + g.topology.ID
-		}
-		addVolume(c.TLSVolumeName)
-	}
-
-	addImage("pause", "registry.k8s.io/pause:3.3")
-
-	if step.StartServers() {
-		for _, c := range g.topology.SortedClusters() {
-			for _, node := range c.SortedNodes() {
-				if node.Disabled {
-					continue
-				}
-				addImage("", node.Images.Consul)
-				addImage("", node.Images.EnvoyConsulImage())
-				addImage("", node.Images.LocalDataplaneImage())
-
-				if node.IsAgent() {
-					addVolume(node.DockerName())
-				}
-
-				for _, svc := range node.Services {
-					addImage("", svc.Image)
-				}
-
-				myContainers, err := g.generateNodeContainers(step, c, node)
-				if err != nil {
-					return err
-				}
-
-				containers = append(containers, myContainers...)
-			}
-		}
-	}
-
-	tfpath := func(p string) string {
-		return filepath.Join(g.workdir, "terraform", p)
-	}
-
-	if _, err := WriteHCLResourceFile(g.logger, []Resource{Text(terraformPrelude)}, tfpath("init.tf"), 0644); err != nil {
-		return err
-	}
-	if netResult, err := WriteHCLResourceFile(g.logger, networks, tfpath("networks.tf"), 0644); err != nil {
-		return err
-	} else if netResult == UpdateResultModified {
-		if step != StepNetworks {
-			return fmt.Errorf("cannot change networking details after they are established")
-		}
-	}
-	if _, err := WriteHCLResourceFile(g.logger, volumes, tfpath("volumes.tf"), 0644); err != nil {
-		return err
-	}
-	if _, err := WriteHCLResourceFile(g.logger, images, tfpath("images.tf"), 0644); err != nil {
-		return err
-	}
-	if _, err := WriteHCLResourceFile(g.logger, containers, tfpath("containers.tf"), 0644); err != nil {
-		return err
-	}
-
-	if err := g.terraformApply(context.TODO()); err != nil {
-		return err
-	}
-
-	out, err := g.terraformOutputs(context.TODO())
-	if err != nil {
-		return err
-	}
-
-	return g.digestOutputs(out)
-}
-
-func (g *Generator) DestroyAll() error {
-	return g.terraformDestroy(context.TODO(), false)
-}
-
-func (g *Generator) DestroyAllQuietly() error {
-	return g.terraformDestroy(context.TODO(), true)
-}
-
-func (g *Generator) terraformApply(ctx context.Context) error {
-	tfdir := filepath.Join(g.workdir, "terraform")
-
-	if _, err := os.Stat(filepath.Join(tfdir, ".terraform")); err != nil {
-		if !os.IsNotExist(err) {
-			return err
-		}
-
-		// On the fly init
-		g.logger.Info("Running 'terraform init'...")
-		if err := g.runner.TerraformExec(ctx, []string{"init", "-input=false"}, g.tfLogger, tfdir); err != nil {
-			return err
-		}
-	}
-
-	g.logger.Info("Running 'terraform apply'...")
-	return g.runner.TerraformExec(ctx, []string{"apply", "-input=false", "-auto-approve"}, g.tfLogger, tfdir)
-}
-
-func (g *Generator) terraformDestroy(ctx context.Context, quiet bool) error {
-	g.logger.Info("Running 'terraform destroy'...")
-
-	var out io.Writer
-	if quiet {
-		out = io.Discard
-	} else {
-		out = g.tfLogger
-	}
-
-	tfdir := filepath.Join(g.workdir, "terraform")
-	return g.runner.TerraformExec(ctx, []string{
-		"destroy", "-input=false", "-auto-approve", "-refresh=false",
-	}, out, tfdir)
-}
-
-func (g *Generator) terraformOutputs(ctx context.Context) (*Outputs, error) {
-	tfdir := filepath.Join(g.workdir, "terraform")
-
-	var buf bytes.Buffer
-	err := g.runner.TerraformExec(ctx, []string{
-		"output", "-json",
-	}, &buf, tfdir)
-	if err != nil {
-		return nil, err
-	}
-
-	type outputVar struct {
-		// may be map[string]any
-		Value any `json:"value"`
-	}
-
-	raw := make(map[string]*outputVar)
-	dec := json.NewDecoder(&buf)
-	if err := dec.Decode(&raw); err != nil {
-		return nil, err
-	}
-
-	out := &Outputs{}
-
-	for key, rv := range raw {
-		switch {
-		case strings.HasPrefix(key, "ports_"):
-			cluster, nid, ok := extractNodeOutputKey("ports_", key)
-			if !ok {
-				return nil, fmt.Errorf("unexpected output var: %s", key)
-			}
-
-			ports := make(map[int]int)
-			for k, v := range rv.Value.(map[string]any) {
-				ki, err := strconv.Atoi(k)
-				if err != nil {
-					return nil, fmt.Errorf("unexpected port value %q: %w", k, err)
-				}
-				ports[ki] = int(v.(float64))
-			}
-			out.SetNodePorts(cluster, nid, ports)
-		case strings.HasPrefix(key, "forwardproxyport_"):
-			netname := strings.TrimPrefix(key, "forwardproxyport_")
-
-			found := rv.Value.(map[string]any)
-			if len(found) != 1 {
-				return nil, fmt.Errorf("found unexpected ports: %v", found)
-			}
-			got, ok := found[strconv.Itoa(proxyInternalPort)]
-			if !ok {
-				return nil, fmt.Errorf("found unexpected ports: %v", found)
-			}
-
-			out.SetProxyPort(netname, int(got.(float64)))
-		}
-	}
-
-	return out, nil
-}
-
-func extractNodeOutputKey(prefix, key string) (string, topology.NodeID, bool) {
-	clusterNode := strings.TrimPrefix(key, prefix)
-
-	cluster, nodeid, ok := strings.Cut(clusterNode, "_")
-	if !ok {
-		return "", topology.NodeID{}, false
-	}
-
-	partition, node, ok := strings.Cut(nodeid, "_")
-	if !ok {
-		return "", topology.NodeID{}, false
-	}
-
-	nid := topology.NewNodeID(node, partition)
-	return cluster, nid, true
-}
-
-type Outputs struct {
-	ProxyPorts map[string]int                             // net -> exposed port
-	Nodes      map[string]map[topology.NodeID]*NodeOutput // clusterID -> node -> stuff
-}
-
-func (o *Outputs) SetNodePorts(cluster string, nid topology.NodeID, ports map[int]int) {
-	nodeOut := o.getNode(cluster, nid)
-	nodeOut.Ports = ports
-}
-
-func (o *Outputs) SetProxyPort(net string, port int) {
-	if o.ProxyPorts == nil {
-		o.ProxyPorts = make(map[string]int)
-	}
-	o.ProxyPorts[net] = port
-}
-
-func (o *Outputs) getNode(cluster string, nid topology.NodeID) *NodeOutput {
-	if o.Nodes == nil {
-		o.Nodes = make(map[string]map[topology.NodeID]*NodeOutput)
-	}
-	cnodes, ok := o.Nodes[cluster]
-	if !ok {
-		cnodes = make(map[topology.NodeID]*NodeOutput)
-		o.Nodes[cluster] = cnodes
-	}
-
-	nodeOut, ok := cnodes[nid]
-	if !ok {
-		nodeOut = &NodeOutput{}
-		cnodes[nid] = nodeOut
-	}
-
-	return nodeOut
-}
-
-type NodeOutput struct {
-	Ports map[int]int `json:",omitempty"`
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/io.go b/testing/deployer/sprawl/internal/tfgen/io.go
deleted file mode 100644
index 160e85be316b..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/io.go
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-import (
-	"bytes"
-	"os"
-	"strings"
-
-	"github.com/hashicorp/go-hclog"
-	"github.com/hashicorp/hcl/v2/hclwrite"
-	"github.com/rboyer/safeio"
-)
-
-func WriteHCLResourceFile(
-	logger hclog.Logger,
-	res []Resource,
-	path string,
-	perm os.FileMode,
-) (UpdateResult, error) {
-	var text []string
-	for _, r := range res {
-		val, err := r.Render()
-		if err != nil {
-			return UpdateResultNone, err
-		}
-		text = append(text, strings.TrimSpace(val))
-	}
-
-	body := strings.Join(text, "\n\n")
-
-	// Ensure it looks tidy
-	out := hclwrite.Format(bytes.TrimSpace([]byte(body)))
-
-	return UpdateFileIfDifferent(logger, out, path, perm)
-}
-
-type UpdateResult int
-
-const (
-	UpdateResultNone UpdateResult = iota
-	UpdateResultCreated
-	UpdateResultModified
-)
-
-func UpdateFileIfDifferent(
-	logger hclog.Logger,
-	body []byte,
-	path string,
-	perm os.FileMode,
-) (UpdateResult, error) {
-	prev, err := os.ReadFile(path)
-
-	result := UpdateResultNone
-	if err != nil {
-		if !os.IsNotExist(err) {
-			return result, err
-		}
-		logger.Info("writing new file", "path", path)
-		result = UpdateResultCreated
-	} else {
-		// loaded
-		if bytes.Equal(body, prev) {
-			return result, nil
-		}
-		logger.Info("file has changed", "path", path)
-		result = UpdateResultModified
-	}
-
-	_, err = safeio.WriteToFile(bytes.NewReader(body), path, perm)
-	return result, err
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/nodes.go b/testing/deployer/sprawl/internal/tfgen/nodes.go
deleted file mode 100644
index 7b7addfb207b..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/nodes.go
+++ /dev/null
@@ -1,252 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-import (
-	"fmt"
-	"sort"
-	"strconv"
-	"text/template"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-type terraformPod struct {
-	PodName           string
-	Node              *topology.Node
-	Ports             []int
-	Labels            map[string]string
-	TLSVolumeName     string
-	DNSAddress        string
-	DockerNetworkName string
-}
-
-type terraformConsulAgent struct {
-	terraformPod
-	ImageResource     string
-	HCL               string
-	EnterpriseLicense string
-	Env               []string
-}
-
-type terraformMeshGatewayService struct {
-	terraformPod
-	EnvoyImageResource string
-	Service            *topology.Service
-	Command            []string
-}
-
-type terraformService struct {
-	terraformPod
-	AppImageResource       string
-	EnvoyImageResource     string // agentful
-	DataplaneImageResource string // agentless
-	Service                *topology.Service
-	Env                    []string
-	Command                []string
-	EnvoyCommand           []string // agentful
-}
-
-func (g *Generator) generateNodeContainers(
-	step Step,
-	cluster *topology.Cluster,
-	node *topology.Node,
-) ([]Resource, error) {
-	if node.Disabled {
-		return nil, fmt.Errorf("cannot generate containers for a disabled node")
-	}
-
-	pod := terraformPod{
-		PodName: node.PodName(),
-		Node:    node,
-		Labels: map[string]string{
-			"consulcluster-topology-id":  g.topology.ID,
-			"consulcluster-cluster-name": node.Cluster,
-		},
-		TLSVolumeName: cluster.TLSVolumeName,
-		DNSAddress:    "8.8.8.8",
-	}
-
-	cluster, ok := g.topology.Clusters[node.Cluster]
-	if !ok {
-		return nil, fmt.Errorf("no such cluster: %s", node.Cluster)
-	}
-
-	net, ok := g.topology.Networks[cluster.NetworkName]
-	if !ok {
-		return nil, fmt.Errorf("no local network: %s", cluster.NetworkName)
-	}
-	if net.DNSAddress != "" {
-		pod.DNSAddress = net.DNSAddress
-	}
-	pod.DockerNetworkName = net.DockerName
-
-	var (
-		containers []Resource
-	)
-
-	if node.IsAgent() {
-		agentHCL, err := g.generateAgentHCL(node)
-		if err != nil {
-			return nil, err
-		}
-
-		agent := terraformConsulAgent{
-			terraformPod:      pod,
-			ImageResource:     DockerImageResourceName(node.Images.Consul),
-			HCL:               agentHCL,
-			EnterpriseLicense: g.license,
-			Env:               node.AgentEnv,
-		}
-
-		switch {
-		case node.IsServer() && step.StartServers(),
-			!node.IsServer() && step.StartAgents():
-			containers = append(containers, Eval(tfConsulT, &agent))
-		}
-	}
-
-	for _, svc := range node.SortedServices() {
-		if svc.IsMeshGateway {
-			if node.Kind == topology.NodeKindDataplane {
-				panic("NOT READY YET")
-			}
-			gw := terraformMeshGatewayService{
-				terraformPod:       pod,
-				EnvoyImageResource: DockerImageResourceName(node.Images.EnvoyConsulImage()),
-				Service:            svc,
-				Command: []string{
-					"consul", "connect", "envoy",
-					"-register",
-					"-mesh-gateway",
-				},
-			}
-			if token := g.sec.ReadServiceToken(node.Cluster, svc.ID); token != "" {
-				gw.Command = append(gw.Command, "-token", token)
-			}
-			if cluster.Enterprise {
-				gw.Command = append(gw.Command,
-					"-partition",
-					svc.ID.Partition,
-				)
-			}
-			gw.Command = append(gw.Command,
-				"-address",
-				`{{ GetInterfaceIP \"eth0\" }}:`+strconv.Itoa(svc.Port),
-				"-wan-address",
-				`{{ GetInterfaceIP \"eth1\" }}:`+strconv.Itoa(svc.Port),
-			)
-			gw.Command = append(gw.Command,
-				"-grpc-addr", "http://127.0.0.1:8502",
-				"-admin-bind",
-				// for demo purposes
-				"0.0.0.0:"+strconv.Itoa(svc.EnvoyAdminPort),
-				"--",
-				"-l",
-				"trace",
-			)
-			if step.StartServices() {
-				containers = append(containers, Eval(tfMeshGatewayT, &gw))
-			}
-		} else {
-			tfsvc := terraformService{
-				terraformPod:     pod,
-				AppImageResource: DockerImageResourceName(svc.Image),
-				Service:          svc,
-				Command:          svc.Command,
-			}
-			tfsvc.Env = append(tfsvc.Env, svc.Env...)
-			if step.StartServices() {
-				containers = append(containers, Eval(tfAppT, &tfsvc))
-			}
-
-			setenv := func(k, v string) {
-				tfsvc.Env = append(tfsvc.Env, k+"="+v)
-			}
-
-			if !svc.DisableServiceMesh {
-				if node.IsDataplane() {
-					tfsvc.DataplaneImageResource = DockerImageResourceName(node.Images.LocalDataplaneImage())
-					tfsvc.EnvoyImageResource = ""
-					tfsvc.EnvoyCommand = nil
-					// --- REQUIRED ---
-					setenv("DP_CONSUL_ADDRESSES", "server."+node.Cluster+"-consulcluster.lan")
-					setenv("DP_SERVICE_NODE_NAME", node.PodName())
-					setenv("DP_PROXY_SERVICE_ID", svc.ID.Name+"-sidecar-proxy")
-				} else {
-					tfsvc.DataplaneImageResource = ""
-					tfsvc.EnvoyImageResource = DockerImageResourceName(node.Images.EnvoyConsulImage())
-					tfsvc.EnvoyCommand = []string{
-						"consul", "connect", "envoy",
-						"-sidecar-for", svc.ID.Name,
-					}
-				}
-				if cluster.Enterprise {
-					if node.IsDataplane() {
-						setenv("DP_SERVICE_NAMESPACE", svc.ID.Namespace)
-						setenv("DP_SERVICE_PARTITION", svc.ID.Partition)
-					} else {
-						tfsvc.EnvoyCommand = append(tfsvc.EnvoyCommand,
-							"-partition",
-							svc.ID.Partition,
-							"-namespace",
-							svc.ID.Namespace,
-						)
-					}
-				}
-				if token := g.sec.ReadServiceToken(node.Cluster, svc.ID); token != "" {
-					if node.IsDataplane() {
-						setenv("DP_CREDENTIAL_TYPE", "static")
-						setenv("DP_CREDENTIAL_STATIC_TOKEN", token)
-					} else {
-						tfsvc.EnvoyCommand = append(tfsvc.EnvoyCommand, "-token", token)
-					}
-				}
-				if node.IsDataplane() {
-					setenv("DP_ENVOY_ADMIN_BIND_ADDRESS", "0.0.0.0") // for demo purposes
-					setenv("DP_ENVOY_ADMIN_BIND_PORT", "19000")
-					setenv("DP_LOG_LEVEL", "trace")
-
-					setenv("DP_CA_CERTS", "/consul/config/certs/consul-agent-ca.pem")
-					setenv("DP_CONSUL_GRPC_PORT", "8503")
-					setenv("DP_TLS_SERVER_NAME", "server."+node.Datacenter+".consul")
-				} else {
-					tfsvc.EnvoyCommand = append(tfsvc.EnvoyCommand,
-						"-grpc-addr", "http://127.0.0.1:8502",
-						"-admin-bind",
-						// for demo purposes
-						"0.0.0.0:"+strconv.Itoa(svc.EnvoyAdminPort),
-						"--",
-						"-l",
-						"trace",
-					)
-				}
-				if step.StartServices() {
-					sort.Strings(tfsvc.Env)
-
-					if node.IsDataplane() {
-						containers = append(containers, Eval(tfAppDataplaneT, &tfsvc))
-					} else {
-						containers = append(containers, Eval(tfAppSidecarT, &tfsvc))
-					}
-				}
-			}
-		}
-	}
-
-	// Wait until the very end to render the pod so we know all of the ports.
-	pod.Ports = node.SortedPorts()
-
-	// pod placeholder container
-	containers = append(containers, Eval(tfPauseT, &pod))
-
-	return containers, nil
-}
-
-var tfPauseT = template.Must(template.ParseFS(content, "templates/container-pause.tf.tmpl"))
-var tfConsulT = template.Must(template.ParseFS(content, "templates/container-consul.tf.tmpl"))
-var tfMeshGatewayT = template.Must(template.ParseFS(content, "templates/container-mgw.tf.tmpl"))
-var tfAppT = template.Must(template.ParseFS(content, "templates/container-app.tf.tmpl"))
-var tfAppSidecarT = template.Must(template.ParseFS(content, "templates/container-app-sidecar.tf.tmpl"))
-var tfAppDataplaneT = template.Must(template.ParseFS(content, "templates/container-app-dataplane.tf.tmpl"))
diff --git a/testing/deployer/sprawl/internal/tfgen/prelude.go b/testing/deployer/sprawl/internal/tfgen/prelude.go
deleted file mode 100644
index 2e9a01cb0805..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/prelude.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-const terraformPrelude = `provider "docker" {
-  host = "unix:///var/run/docker.sock"
-}
-
-terraform {
-  required_providers {
-    docker = {
-      source  = "kreuzwerker/docker"
-      version = "~> 2.0"
-    }
-  }
-  required_version = ">= 0.13"
-}
-`
diff --git a/testing/deployer/sprawl/internal/tfgen/proxy.go b/testing/deployer/sprawl/internal/tfgen/proxy.go
deleted file mode 100644
index 0fafa9b925e9..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/proxy.go
+++ /dev/null
@@ -1,90 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"text/template"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/hashicorp/consul/testing/deployer/util"
-)
-
-const proxyInternalPort = 80
-
-func (g *Generator) writeNginxConfig(net *topology.Network) (bool, string, error) {
-	rootdir := filepath.Join(g.workdir, "terraform", "nginx-config-"+net.Name)
-	if err := os.MkdirAll(rootdir, 0755); err != nil {
-		return false, "", err
-	}
-
-	configFile := filepath.Join(rootdir, "nginx.conf")
-
-	body := fmt.Sprintf(`
-server {
-    listen       %d;
-
-    location / {
-        resolver 8.8.8.8;
-        ##############
-        # Relevant config knobs are here: https://nginx.org/en/docs/http/ngx_http_proxy_module.html
-        ##############
-        proxy_pass http://$http_host$uri$is_args$args;
-        proxy_cache off;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_connect_timeout 5s;
-        proxy_read_timeout 5s;
-        proxy_send_timeout 5s;
-        proxy_request_buffering off;
-        proxy_buffering off;
-    }
-}
-`, proxyInternalPort)
-
-	_, err := UpdateFileIfDifferent(
-		g.logger,
-		[]byte(body),
-		configFile,
-		0644,
-	)
-	if err != nil {
-		return false, "", fmt.Errorf("error writing %q: %w", configFile, err)
-	}
-
-	hash, err := util.HashFile(configFile)
-	if err != nil {
-		return false, "", fmt.Errorf("error hashing %q: %w", configFile, err)
-	}
-
-	return true, hash, err
-}
-
-func (g *Generator) getForwardProxyContainer(
-	net *topology.Network,
-	ipAddress string,
-	hash string,
-) Resource {
-	env := []string{"HASH_FILE_VALUE=" + hash}
-	proxy := struct {
-		Name              string
-		DockerNetworkName string
-		InternalPort      int
-		IPAddress         string
-		Env               []string
-	}{
-		Name:              net.Name,
-		DockerNetworkName: net.DockerName,
-		InternalPort:      proxyInternalPort,
-		IPAddress:         ipAddress,
-		Env:               env,
-	}
-
-	return Eval(tfForwardProxyT, &proxy)
-}
-
-var tfForwardProxyT = template.Must(template.ParseFS(content, "templates/container-proxy.tf.tmpl"))
diff --git a/testing/deployer/sprawl/internal/tfgen/res.go b/testing/deployer/sprawl/internal/tfgen/res.go
deleted file mode 100644
index a45c460793d2..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/res.go
+++ /dev/null
@@ -1,98 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-import (
-	"bytes"
-	"text/template"
-
-	"github.com/hashicorp/go-hclog"
-	"github.com/hashicorp/hcl/v2/hclwrite"
-)
-
-type FileResource struct {
-	name string
-	res  Resource
-}
-
-func (r *FileResource) Name() string { return r.name }
-
-func (r *FileResource) Commit(logger hclog.Logger) error {
-	val, err := r.res.Render()
-	if err != nil {
-		return err
-	}
-	_, err = UpdateFileIfDifferent(logger, []byte(val), r.name, 0644)
-	return err
-}
-
-func File(name string, res Resource) *FileResource {
-	return &FileResource{name: name, res: res}
-}
-
-func Text(s string) Resource {
-	return &textResource{text: s}
-}
-
-func Embed(name string) Resource {
-	return &embedResource{name: name}
-}
-
-func Eval(t *template.Template, data any) Resource {
-	return &evalResource{template: t, data: data, hcl: false}
-}
-
-func HCL(t *template.Template, data any) Resource {
-	return &evalResource{template: t, data: data, hcl: true}
-}
-
-type Resource interface {
-	Render() (string, error)
-}
-
-type embedResource struct {
-	name string
-}
-
-func (r *embedResource) Render() (string, error) {
-	val, err := content.ReadFile(r.name)
-	if err != nil {
-		return "", err
-	}
-	return string(val), nil
-}
-
-type textResource struct {
-	text string
-}
-
-func (r *textResource) Render() (string, error) {
-	return r.text, nil
-}
-
-type evalResource struct {
-	template *template.Template
-	data     any
-	hcl      bool
-}
-
-func (r *evalResource) Render() (string, error) {
-	out, err := StringTemplate(r.template, r.data)
-	if err != nil {
-		return "", err
-	}
-
-	if r.hcl {
-		return string(hclwrite.Format([]byte(out))), nil
-	}
-	return out, nil
-}
-
-func StringTemplate(t *template.Template, data any) (string, error) {
-	var res bytes.Buffer
-	if err := t.Execute(&res, data); err != nil {
-		return "", err
-	}
-	return res.String(), nil
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl
deleted file mode 100644
index bfb0705e6df8..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl
+++ /dev/null
@@ -1,29 +0,0 @@
-resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar" {
-	name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar"
-    network_mode = "container:${docker_container.{{.PodName}}.id}"
-    image        = docker_image.{{.DataplaneImageResource}}.latest
-    restart  = "on-failure"
-
-{{- range $k, $v := .Labels }}
-  labels {
-    label = "{{ $k }}"
-    value = "{{ $v }}"
-  }
-{{- end }}
-
-  volumes {
-    volume_name    = "{{.TLSVolumeName}}"
-    container_path = "/consul/config/certs"
-    read_only      = true
-  }
-
-  env = [
-{{- range .Env }}
-      "{{.}}",
-{{- end}}
-  ]
-
-  command = [
-    "/usr/local/bin/consul-dataplane",
-  ]
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl
deleted file mode 100644
index 6abb397c2534..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl
+++ /dev/null
@@ -1,31 +0,0 @@
-resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar" {
-	name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar"
-    network_mode = "container:${docker_container.{{.PodName}}.id}"
-    image        = docker_image.{{.EnvoyImageResource}}.latest
-    restart  = "on-failure"
-
-{{- range $k, $v := .Labels }}
-  labels {
-    label = "{{ $k }}"
-    value = "{{ $v }}"
-  }
-{{- end }}
-
-  volumes {
-    volume_name    = "{{.TLSVolumeName}}"
-    container_path = "/consul/config/certs"
-    read_only      = true
-  }
-
-  env = [
-{{- range .Env }}
-      "{{.}}",
-{{- end}}
-  ]
-
-  command = [
-{{- range .EnvoyCommand }}
-    "{{.}}",
-{{- end }}
-  ]
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl
deleted file mode 100644
index b1b390f0f16c..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl
+++ /dev/null
@@ -1,25 +0,0 @@
-resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}" {
-	name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}"
-    network_mode = "container:${docker_container.{{.PodName}}.id}"
-    image        = docker_image.{{.AppImageResource}}.latest
-    restart  = "on-failure"
-
-{{- range $k, $v := .Labels }}
-  labels {
-    label = "{{ $k }}"
-    value = "{{ $v }}"
-  }
-{{- end }}
-
-  env = [
-{{- range .Env }}
-      "{{.}}",
-{{- end}}
-  ]
-
-  command = [
-{{- range .Command }}
-    "{{.}}",
-{{- end }}
-  ]
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl
deleted file mode 100644
index 01f7f3fb4d7d..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl
+++ /dev/null
@@ -1,40 +0,0 @@
-resource "docker_container" "{{.Node.DockerName}}" {
-  name         = "{{.Node.DockerName}}"
-  network_mode = "container:${docker_container.{{.PodName}}.id}"
-  image        = docker_image.{{.ImageResource}}.latest
-  restart      = "always"
-
-  env = [
-      "CONSUL_UID=0",
-      "CONSUL_GID=0",
-      "CONSUL_LICENSE={{.EnterpriseLicense}}",
-{{- range .Env }}
-      "{{.}}",
-{{- end}}
-  ]
-
-{{- range $k, $v := .Labels }}
-  labels {
-    label = "{{ $k }}"
-    value = "{{ $v }}"
-  }
-{{- end }}
-
-  command = [
-    "agent",
-    "-hcl",
-	<<-EOT
-{{ .HCL }}
-EOT
-  ]
-
-  volumes {
-    volume_name    = "{{.Node.DockerName}}"
-    container_path = "/consul/data"
-  }
-
-  volumes {
-    volume_name = "{{.TLSVolumeName}}"
-    container_path = "/consul/config/certs"
-  }
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl
deleted file mode 100644
index 7789376a98f1..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl
+++ /dev/null
@@ -1,28 +0,0 @@
-resource "docker_container" "{{.DockerNetworkName}}-coredns" {
-  name     = "{{.DockerNetworkName}}-coredns"
-  image = docker_image.coredns.latest
-  restart  = "always"
-  dns      = ["8.8.8.8"]
-
-  networks_advanced {
-    name         = docker_network.{{.DockerNetworkName}}.name
-    ipv4_address = "{{.IPAddress}}"
-  }
-
-  env = [
-{{- range .Env }}
-      "{{.}}",
-{{- end}}
-  ]
-
-  volumes {
-    host_path      = abspath("coredns-config-{{.Name}}")
-    container_path = "/config"
-    read_only      = true
-  }
-
-  command = [
-    "-conf",
-    "/config/Corefile",
-  ]
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl
deleted file mode 100644
index ec25665f3ed8..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl
+++ /dev/null
@@ -1,25 +0,0 @@
-resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}" {
-    name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}"
-    network_mode = "container:${docker_container.{{.PodName}}.id}"
-    image        = docker_image.{{.EnvoyImageResource}}.latest
-    restart  = "on-failure"
-
-{{- range $k, $v := .Labels }}
-  labels {
-    label = "{{ $k }}"
-    value = "{{ $v }}"
-  }
-{{- end }}
-
-  volumes {
-    volume_name    = "{{.TLSVolumeName}}"
-    container_path = "/consul/config/certs"
-    read_only      = true
-  }
-
-  command = [
-{{- range .Command }}
-    "{{.}}",
-{{- end }}
-  ]
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl
deleted file mode 100644
index 1f1627b0719b..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl
+++ /dev/null
@@ -1,38 +0,0 @@
-resource "docker_container" "{{.PodName}}" {
-  name     = "{{.PodName}}"
-  image = docker_image.pause.latest
-  hostname = "{{.PodName}}"
-  restart  = "always"
-  dns      = ["{{.DNSAddress}}"]
-
-{{- range $k, $v := .Labels }}
-  labels {
-    label = "{{ $k }}"
-    value = "{{ $v }}"
-  }
-{{- end }}
-
-depends_on = [
-  docker_container.{{.DockerNetworkName}}-coredns,
-  docker_container.{{.DockerNetworkName}}-forwardproxy,
-]
-
-{{- range .Ports }}
-ports {
-  internal = {{.}}
-}
-{{- end }}
-
-{{- range .Node.Addresses }}
-networks_advanced {
-  name         = docker_network.{{.DockerNetworkName}}.name
-  ipv4_address = "{{.IPAddress}}"
-}
-{{- end }}
-}
-
-output "ports_{{.Node.Cluster}}_{{.Node.Partition}}_{{.Node.Name}}" {
-  value = {
-    for port in docker_container.{{.PodName}}.ports : port.internal => port.external
-  }
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl
deleted file mode 100644
index ed44d8343fe8..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl
+++ /dev/null
@@ -1,33 +0,0 @@
-resource "docker_container" "{{.DockerNetworkName}}-forwardproxy" {
-  name     = "{{.DockerNetworkName}}-forwardproxy"
-  image = docker_image.nginx.latest
-  restart  = "always"
-  dns      = ["8.8.8.8"]
-
-  ports {
-    internal = {{.InternalPort}}
-  }
-
-  networks_advanced {
-    name         = docker_network.{{.DockerNetworkName}}.name
-    ipv4_address = "{{.IPAddress}}"
-  }
-
-  env = [
-{{- range .Env }}
-      "{{.}}",
-{{- end}}
-  ]
-
-  volumes {
-    host_path      = abspath("nginx-config-{{.Name}}/nginx.conf")
-    container_path = "/etc/nginx/conf.d/default.conf"
-    read_only      = true
-  }
-}
-
-output "forwardproxyport_{{.Name}}" {
-  value = {
-    for port in docker_container.{{.DockerNetworkName}}-forwardproxy.ports : port.internal => port.external
-  }
-}
diff --git a/testing/deployer/sprawl/internal/tfgen/tfgen.go b/testing/deployer/sprawl/internal/tfgen/tfgen.go
deleted file mode 100644
index e752528ef161..000000000000
--- a/testing/deployer/sprawl/internal/tfgen/tfgen.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package tfgen
-
-import (
-	"embed"
-)
-
-//go:embed templates/container-app-dataplane.tf.tmpl
-//go:embed templates/container-app-sidecar.tf.tmpl
-//go:embed templates/container-app.tf.tmpl
-//go:embed templates/container-consul.tf.tmpl
-//go:embed templates/container-mgw.tf.tmpl
-//go:embed templates/container-pause.tf.tmpl
-//go:embed templates/container-proxy.tf.tmpl
-//go:embed templates/container-coredns.tf.tmpl
-var content embed.FS
diff --git a/testing/deployer/sprawl/peering.go b/testing/deployer/sprawl/peering.go
deleted file mode 100644
index 5275161cfd9a..000000000000
--- a/testing/deployer/sprawl/peering.go
+++ /dev/null
@@ -1,168 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import (
-	"context"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/go-hclog"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-// TODO: this is definitely a grpc resolver/balancer issue to look into
-const grpcWeirdError = `transport: Error while dialing failed to find Consul server for global address`
-
-func isWeirdGRPCError(err error) bool {
-	if err == nil {
-		return false
-	}
-	return strings.Contains(err.Error(), grpcWeirdError)
-}
-
-func (s *Sprawl) initPeerings() error {
-	// TODO: wait until services are healthy? wait until mesh gateways work?
-	// if err := s.generator.Generate(tfgen.StepPeering); err != nil {
-	// 	return fmt.Errorf("generator[peering]: %w", err)
-	// }
-
-	var (
-		logger = s.logger.Named("peering")
-		_      = logger
-	)
-
-	for _, peering := range s.topology.Peerings {
-		dialingCluster, ok := s.topology.Clusters[peering.Dialing.Name]
-		if !ok {
-			return fmt.Errorf("peering references dialing cluster that does not exist: %s", peering.String())
-		}
-		acceptingCluster, ok := s.topology.Clusters[peering.Accepting.Name]
-		if !ok {
-			return fmt.Errorf("peering references accepting cluster that does not exist: %s", peering.String())
-		}
-
-		var (
-			dialingClient   = s.clients[dialingCluster.Name]
-			acceptingClient = s.clients[acceptingCluster.Name]
-		)
-
-		// TODO: allow for use of ServerExternalAddresses
-
-		req1 := api.PeeringGenerateTokenRequest{
-			PeerName: peering.Accepting.PeerName,
-		}
-		if acceptingCluster.Enterprise {
-			req1.Partition = peering.Accepting.Partition
-		}
-
-	GENTOKEN:
-		resp, _, err := acceptingClient.Peerings().GenerateToken(context.Background(), req1, nil)
-		if err != nil {
-			if isWeirdGRPCError(err) {
-				time.Sleep(50 * time.Millisecond)
-				goto GENTOKEN
-			}
-			return fmt.Errorf("error generating peering token for %q: %w", peering.String(), err)
-		}
-
-		peeringToken := resp.PeeringToken
-		logger.Info("generated peering token", "peering", peering.String())
-
-		req2 := api.PeeringEstablishRequest{
-			PeerName:     peering.Dialing.PeerName,
-			PeeringToken: peeringToken,
-		}
-		if dialingCluster.Enterprise {
-			req2.Partition = peering.Dialing.Partition
-		}
-
-		logger.Info("establishing peering with token", "peering", peering.String())
-	ESTABLISH:
-		_, _, err = dialingClient.Peerings().Establish(context.Background(), req2, nil)
-		if err != nil {
-			if isWeirdGRPCError(err) {
-				time.Sleep(50 * time.Millisecond)
-				goto ESTABLISH
-			}
-			return fmt.Errorf("error establishing peering with token for %q: %w", peering.String(), err)
-		}
-
-		logger.Info("peering established", "peering", peering.String())
-	}
-
-	return nil
-}
-
-func (s *Sprawl) waitForPeeringEstablishment() error {
-	var (
-		logger = s.logger.Named("peering")
-	)
-
-	for _, peering := range s.topology.Peerings {
-		dialingCluster, ok := s.topology.Clusters[peering.Dialing.Name]
-		if !ok {
-			return fmt.Errorf("peering references dialing cluster that does not exist: %s", peering.String())
-		}
-		acceptingCluster, ok := s.topology.Clusters[peering.Accepting.Name]
-		if !ok {
-			return fmt.Errorf("peering references accepting cluster that does not exist: %s", peering.String())
-		}
-
-		var (
-			dialingClient   = s.clients[dialingCluster.Name]
-			acceptingClient = s.clients[acceptingCluster.Name]
-
-			dialingLogger = logger.With(
-				"cluster", dialingCluster.Name,
-				"peering", peering.String(),
-			)
-			acceptingLogger = logger.With(
-				"cluster", acceptingCluster.Name,
-				"peering", peering.String(),
-			)
-		)
-
-		s.checkPeeringDirection(dialingLogger, dialingClient, peering.Dialing, dialingCluster.Enterprise)
-		s.checkPeeringDirection(acceptingLogger, acceptingClient, peering.Accepting, acceptingCluster.Enterprise)
-	}
-	return nil
-}
-
-func (s *Sprawl) checkPeeringDirection(logger hclog.Logger, client *api.Client, pc topology.PeerCluster, enterprise bool) {
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-
-	for {
-		opts := &api.QueryOptions{}
-		if enterprise {
-			opts.Partition = pc.Partition
-		}
-		res, _, err := client.Peerings().Read(ctx, pc.PeerName, opts)
-		if isWeirdGRPCError(err) {
-			time.Sleep(50 * time.Millisecond)
-			continue
-		}
-		if err != nil {
-			logger.Info("error looking up peering", "error", err)
-			time.Sleep(100 * time.Millisecond)
-			continue
-		}
-		if res == nil {
-			logger.Info("peering not found")
-			time.Sleep(100 * time.Millisecond)
-			continue
-		}
-
-		if res.State == api.PeeringStateActive {
-			logger.Info("peering is active")
-			return
-		}
-		logger.Info("peering not active yet", "state", res.State)
-		time.Sleep(500 * time.Millisecond)
-	}
-}
diff --git a/testing/deployer/sprawl/sprawl.go b/testing/deployer/sprawl/sprawl.go
deleted file mode 100644
index a4b27597626e..000000000000
--- a/testing/deployer/sprawl/sprawl.go
+++ /dev/null
@@ -1,467 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import (
-	"bufio"
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/go-hclog"
-	"github.com/hashicorp/go-multierror"
-	"github.com/mitchellh/copystructure"
-
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/runner"
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets"
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/tfgen"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-	"github.com/hashicorp/consul/testing/deployer/util"
-)
-
-// TODO: manage workdir externally without chdir
-
-// Sprawl is the definition of a complete running Consul deployment topology.
-type Sprawl struct {
-	logger  hclog.Logger
-	runner  *runner.Runner
-	license string
-	secrets secrets.Store
-
-	workdir string
-
-	// set during Run
-	config    *topology.Config
-	topology  *topology.Topology
-	generator *tfgen.Generator
-
-	clients map[string]*api.Client // one per cluster
-}
-
-// Topology allows access to the topology that defines the resources. Do not
-// write to any of these fields.
-func (s *Sprawl) Topology() *topology.Topology {
-	return s.topology
-}
-
-func (s *Sprawl) Config() *topology.Config {
-	c2, err := copyConfig(s.config)
-	if err != nil {
-		panic(err)
-	}
-	return c2
-}
-
-func (s *Sprawl) HTTPClientForCluster(clusterName string) (*http.Client, error) {
-	cluster, ok := s.topology.Clusters[clusterName]
-	if !ok {
-		return nil, fmt.Errorf("no such cluster: %s", clusterName)
-	}
-
-	// grab the local network for the cluster
-	network, ok := s.topology.Networks[cluster.NetworkName]
-	if !ok {
-		return nil, fmt.Errorf("no such network: %s", cluster.NetworkName)
-	}
-
-	transport, err := util.ProxyHTTPTransport(network.ProxyPort)
-	if err != nil {
-		return nil, err
-	}
-
-	return &http.Client{Transport: transport}, nil
-}
-
-// APIClientForNode gets a pooled api.Client connected to the agent running on
-// the provided node.
-//
-// Passing an empty token will assume the bootstrap token. If you want to
-// actually use the anonymous token say "-".
-func (s *Sprawl) APIClientForNode(clusterName string, nid topology.NodeID, token string) (*api.Client, error) {
-	cluster, ok := s.topology.Clusters[clusterName]
-	if !ok {
-		return nil, fmt.Errorf("no such cluster: %s", clusterName)
-	}
-
-	nid.Normalize()
-
-	node := cluster.NodeByID(nid)
-	if !node.IsAgent() {
-		return nil, fmt.Errorf("node is not an agent")
-	}
-
-	switch token {
-	case "":
-		token = s.secrets.ReadGeneric(clusterName, secrets.BootstrapToken)
-	case "-":
-		token = ""
-	}
-
-	return util.ProxyAPIClient(
-		node.LocalProxyPort(),
-		node.LocalAddress(),
-		8500,
-		token,
-	)
-}
-
-func copyConfig(cfg *topology.Config) (*topology.Config, error) {
-	dup, err := copystructure.Copy(cfg)
-	if err != nil {
-		return nil, err
-	}
-	return dup.(*topology.Config), nil
-}
-
-// Launch will create the topology defined by the provided configuration and
-// bring up all of the relevant clusters. Once created the Stop method must be
-// called to destroy everything.
-func Launch(
-	logger hclog.Logger,
-	workdir string,
-	cfg *topology.Config,
-) (*Sprawl, error) {
-	if logger == nil {
-		panic("logger is required")
-	}
-	if workdir == "" {
-		panic("workdir is required")
-	}
-
-	if err := os.MkdirAll(filepath.Join(workdir, "terraform"), 0755); err != nil {
-		return nil, err
-	}
-
-	runner, err := runner.Load(logger)
-	if err != nil {
-		return nil, err
-	}
-
-	// Copy this to avoid leakage.
-	cfg, err = copyConfig(cfg)
-	if err != nil {
-		return nil, err
-	}
-
-	s := &Sprawl{
-		logger:  logger,
-		runner:  runner,
-		workdir: workdir,
-		clients: make(map[string]*api.Client),
-	}
-
-	if err := s.ensureLicense(); err != nil {
-		return nil, err
-	}
-
-	// Copy this AGAIN, BEFORE compiling so we capture the original definition, without denorms.
-	s.config, err = copyConfig(cfg)
-	if err != nil {
-		return nil, err
-	}
-
-	s.topology, err = topology.Compile(logger.Named("compile"), cfg)
-	if err != nil {
-		return nil, fmt.Errorf("topology.Compile: %w", err)
-	}
-
-	s.logger.Info("compiled topology", "ct", jd(s.topology)) // TODO
-
-	start := time.Now()
-	if err := s.launch(); err != nil {
-		return nil, err
-	}
-	s.logger.Info("topology is ready for use", "elapsed", time.Since(start))
-
-	if err := s.PrintDetails(); err != nil {
-		return nil, fmt.Errorf("error gathering diagnostic details: %w", err)
-	}
-
-	return s, nil
-}
-
-func (s *Sprawl) Relaunch(
-	cfg *topology.Config,
-) error {
-	// Copy this BEFORE compiling so we capture the original definition, without denorms.
-	var err error
-	s.config, err = copyConfig(cfg)
-	if err != nil {
-		return err
-	}
-
-	newTopology, err := topology.Recompile(s.logger.Named("recompile"), cfg, s.topology)
-	if err != nil {
-		return fmt.Errorf("topology.Compile: %w", err)
-	}
-
-	s.topology = newTopology
-
-	s.logger.Info("compiled replacement topology", "ct", jd(s.topology)) // TODO
-
-	start := time.Now()
-	if err := s.relaunch(); err != nil {
-		return err
-	}
-	s.logger.Info("topology is ready for use", "elapsed", time.Since(start))
-
-	if err := s.PrintDetails(); err != nil {
-		return fmt.Errorf("error gathering diagnostic details: %w", err)
-	}
-
-	return nil
-}
-
-// Leader returns the cluster leader agent, or an error if no leader is
-// available.
-func (s *Sprawl) Leader(clusterName string) (*topology.Node, error) {
-	cluster, ok := s.topology.Clusters[clusterName]
-	if !ok {
-		return nil, fmt.Errorf("no such cluster: %s", clusterName)
-	}
-
-	var (
-		client = s.clients[cluster.Name]
-		// logger = s.logger.With("cluster", cluster.Name)
-	)
-
-	leaderAddr, err := getLeader(client)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, node := range cluster.Nodes {
-		if !node.IsServer() || node.Disabled {
-			continue
-		}
-		if strings.HasPrefix(leaderAddr, node.LocalAddress()+":") {
-			return node, nil
-		}
-	}
-
-	return nil, fmt.Errorf("leader not found")
-}
-
-// Followers returns the cluster following servers.
-func (s *Sprawl) Followers(clusterName string) ([]*topology.Node, error) {
-	cluster, ok := s.topology.Clusters[clusterName]
-	if !ok {
-		return nil, fmt.Errorf("no such cluster: %s", clusterName)
-	}
-
-	leaderNode, err := s.Leader(clusterName)
-	if err != nil {
-		return nil, fmt.Errorf("could not determine leader: %w", err)
-	}
-
-	var followers []*topology.Node
-
-	for _, node := range cluster.Nodes {
-		if !node.IsServer() || node.Disabled {
-			continue
-		}
-		if node.ID() != leaderNode.ID() {
-			followers = append(followers, node)
-		}
-	}
-
-	return followers, nil
-}
-
-func (s *Sprawl) DisabledServers(clusterName string) ([]*topology.Node, error) {
-	cluster, ok := s.topology.Clusters[clusterName]
-	if !ok {
-		return nil, fmt.Errorf("no such cluster: %s", clusterName)
-	}
-
-	var servers []*topology.Node
-
-	for _, node := range cluster.Nodes {
-		if !node.IsServer() || !node.Disabled {
-			continue
-		}
-		servers = append(servers, node)
-	}
-
-	return servers, nil
-}
-
-func (s *Sprawl) StopContainer(ctx context.Context, containerName string) error {
-	return s.runner.DockerExec(ctx, []string{"stop", containerName}, nil, nil)
-}
-
-func (s *Sprawl) SnapshotEnvoy(ctx context.Context) error {
-	snapDir := filepath.Join(s.workdir, "envoy-snapshots")
-	if err := os.MkdirAll(snapDir, 0755); err != nil {
-		return fmt.Errorf("could not create envoy snapshot output dir %s: %w", snapDir, err)
-	}
-
-	targets := map[string]string{
-		"config_dump.json":     "config_dump",
-		"clusters.json":        "clusters?format=json",
-		"stats.txt":            "stats",
-		"stats_prometheus.txt": "stats/prometheus",
-	}
-
-	var merr error
-	for _, c := range s.topology.Clusters {
-		client, err := s.HTTPClientForCluster(c.Name)
-		if err != nil {
-			return fmt.Errorf("could not get http client for cluster %q: %w", c.Name, err)
-		}
-
-		for _, n := range c.Nodes {
-			if n.Disabled {
-				continue
-			}
-			for _, s := range n.Services {
-				if s.Disabled || s.EnvoyAdminPort <= 0 {
-					continue
-				}
-				prefix := fmt.Sprintf("http://%s:%d", n.LocalAddress(), s.EnvoyAdminPort)
-
-				for fn, target := range targets {
-					u := prefix + "/" + target
-
-					body, err := scrapeURL(client, u)
-					if err != nil {
-						merr = multierror.Append(merr, fmt.Errorf("could not scrape %q for %s on %s: %w",
-							target, s.ID.String(), n.ID().String(), err,
-						))
-						continue
-					}
-
-					outFn := filepath.Join(snapDir, n.DockerName()+"--"+s.ID.TFString()+"."+fn)
-
-					if err := os.WriteFile(outFn+".tmp", body, 0644); err != nil {
-						merr = multierror.Append(merr, fmt.Errorf("could not write output %q for %s on %s: %w",
-							target, s.ID.String(), n.ID().String(), err,
-						))
-						continue
-					}
-
-					if err := os.Rename(outFn+".tmp", outFn); err != nil {
-						merr = multierror.Append(merr, fmt.Errorf("could not write output %q for %s on %s: %w",
-							target, s.ID.String(), n.ID().String(), err,
-						))
-						continue
-					}
-				}
-			}
-		}
-	}
-	return merr
-}
-
-func scrapeURL(client *http.Client, url string) ([]byte, error) {
-	res, err := client.Get(url)
-	if err != nil {
-		return nil, err
-	}
-	defer res.Body.Close()
-
-	body, err := io.ReadAll(res.Body)
-	if err != nil {
-		return nil, err
-	}
-	return body, nil
-}
-
-func (s *Sprawl) CaptureLogs(ctx context.Context) error {
-	logDir := filepath.Join(s.workdir, "logs")
-	if err := os.MkdirAll(logDir, 0755); err != nil {
-		return fmt.Errorf("could not create log output dir %s: %w", logDir, err)
-	}
-
-	containers, err := s.listContainers(ctx)
-	if err != nil {
-		return err
-	}
-
-	s.logger.Info("Capturing logs")
-
-	var merr error
-	for _, container := range containers {
-		if err := s.dumpContainerLogs(ctx, container, logDir); err != nil {
-			merr = multierror.Append(merr, fmt.Errorf("could not dump logs for container %s: %w", container, err))
-		}
-	}
-
-	return merr
-}
-
-// Dump known containers out of terraform state file.
-func (s *Sprawl) listContainers(ctx context.Context) ([]string, error) {
-	tfdir := filepath.Join(s.workdir, "terraform")
-
-	var buf bytes.Buffer
-	if err := s.runner.TerraformExec(ctx, []string{"state", "list"}, &buf, tfdir); err != nil {
-		return nil, fmt.Errorf("error listing containers in terraform state file: %w", err)
-	}
-
-	var (
-		scan       = bufio.NewScanner(&buf)
-		containers []string
-	)
-	for scan.Scan() {
-		line := strings.TrimSpace(scan.Text())
-
-		name := strings.TrimPrefix(line, "docker_container.")
-		if name != line {
-			containers = append(containers, name)
-			continue
-		}
-	}
-	if err := scan.Err(); err != nil {
-		return nil, err
-	}
-
-	return containers, nil
-}
-
-func (s *Sprawl) dumpContainerLogs(ctx context.Context, containerName, outputRoot string) error {
-	path := filepath.Join(outputRoot, containerName+".log")
-
-	f, err := os.Create(path + ".tmp")
-	if err != nil {
-		return err
-	}
-	keep := false
-	defer func() {
-		_ = f.Close()
-		if !keep {
-			_ = os.Remove(path + ".tmp")
-			_ = os.Remove(path)
-		}
-	}()
-
-	err = s.runner.DockerExecWithStderr(
-		ctx,
-		[]string{"logs", containerName},
-		f,
-		f,
-		nil,
-	)
-	if err != nil {
-		return err
-	}
-
-	if err := f.Close(); err != nil {
-		return err
-	}
-
-	if err := os.Rename(path+".tmp", path); err != nil {
-		return err
-	}
-
-	keep = true
-	return nil
-}
diff --git a/testing/deployer/sprawl/sprawltest/sprawltest.go b/testing/deployer/sprawl/sprawltest/sprawltest.go
deleted file mode 100644
index 2fe10537459c..000000000000
--- a/testing/deployer/sprawl/sprawltest/sprawltest.go
+++ /dev/null
@@ -1,205 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawltest
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"sync"
-	"testing"
-
-	"github.com/hashicorp/consul/sdk/testutil"
-	"github.com/hashicorp/go-hclog"
-	"github.com/hashicorp/go-multierror"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/testing/deployer/sprawl"
-	"github.com/hashicorp/consul/testing/deployer/sprawl/internal/runner"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-// TODO(rb): move comments to doc.go
-
-var (
-	// set SPRAWL_WORKDIR_ROOT in the environment to have the test output
-	// coalesced in here. By default it uses a directory called "workdir" in
-	// each package.
-	workdirRoot string
-
-	// set SPRAWL_KEEP_WORKDIR=1 in the environment to keep the workdir output
-	// intact. Files are all destroyed by default.
-	keepWorkdirOnFail bool
-
-	// set SPRAWL_KEEP_RUNNING=1 in the environment to keep the workdir output
-	// intact and also refrain from tearing anything down. Things are all
-	// destroyed by default.
-	//
-	// SPRAWL_KEEP_RUNNING=1 implies SPRAWL_KEEP_WORKDIR=1
-	keepRunningOnFail bool
-
-	// set SPRAWL_SKIP_OLD_CLEANUP to prevent the library from tearing down and
-	// removing anything found in the working directory at init time. The
-	// default behavior is to do this.
-	skipOldCleanup bool
-)
-
-var cleanupPriorRunOnce sync.Once
-
-func init() {
-	if root := os.Getenv("SPRAWL_WORKDIR_ROOT"); root != "" {
-		fmt.Fprintf(os.Stdout, "INFO: sprawltest: SPRAWL_WORKDIR_ROOT set; using %q as output root\n", root)
-		workdirRoot = root
-	} else {
-		workdirRoot = "workdir"
-	}
-
-	if os.Getenv("SPRAWL_KEEP_WORKDIR") == "1" {
-		keepWorkdirOnFail = true
-		fmt.Fprintf(os.Stdout, "INFO: sprawltest: SPRAWL_KEEP_WORKDIR set; not destroying workdir on failure\n")
-	}
-
-	if os.Getenv("SPRAWL_KEEP_RUNNING") == "1" {
-		keepRunningOnFail = true
-		keepWorkdirOnFail = true
-		fmt.Fprintf(os.Stdout, "INFO: sprawltest: SPRAWL_KEEP_RUNNING set; not tearing down resources on failure\n")
-	}
-
-	if os.Getenv("SPRAWL_SKIP_OLD_CLEANUP") == "1" {
-		skipOldCleanup = true
-		fmt.Fprintf(os.Stdout, "INFO: sprawltest: SPRAWL_SKIP_OLD_CLEANUP set; not cleaning up anything found in %q\n", workdirRoot)
-	}
-
-	if !skipOldCleanup {
-		cleanupPriorRunOnce.Do(func() {
-			fmt.Fprintf(os.Stdout, "INFO: sprawltest: triggering cleanup of any prior test runs\n")
-			CleanupWorkingDirectories()
-		})
-	}
-}
-
-// Launch will create the topology defined by the provided configuration and
-// bring up all of the relevant clusters.
-//
-// - Logs will be routed to (*testing.T).Logf.
-//
-//   - By default everything will be stopped and removed via
-//     (*testing.T).Cleanup. For failed tests, this can be skipped by setting the
-//     environment variable SKIP_TEARDOWN=1.
-func Launch(t *testing.T, cfg *topology.Config) *sprawl.Sprawl {
-	SkipIfTerraformNotPresent(t)
-	sp, err := sprawl.Launch(
-		testutil.Logger(t),
-		initWorkingDirectory(t),
-		cfg,
-	)
-	require.NoError(t, err)
-	stopOnCleanup(t, sp)
-	return sp
-}
-
-func initWorkingDirectory(t *testing.T) string {
-	// TODO(rb): figure out how to get the calling package which we can put in
-	// the middle here, which is likely 2 call frames away so maybe
-	// runtime.Callers can help
-	scratchDir := filepath.Join(workdirRoot, t.Name())
-	_ = os.RemoveAll(scratchDir) // cleanup prior runs
-	if err := os.MkdirAll(scratchDir, 0755); err != nil {
-		t.Fatalf("error: %v", err)
-	}
-
-	t.Cleanup(func() {
-		if t.Failed() && keepWorkdirOnFail {
-			t.Logf("test failed; leaving sprawl terraform definitions in: %s", scratchDir)
-		} else {
-			_ = os.RemoveAll(scratchDir)
-		}
-	})
-
-	return scratchDir
-}
-
-func stopOnCleanup(t *testing.T, sp *sprawl.Sprawl) {
-	t.Cleanup(func() {
-		if t.Failed() && keepWorkdirOnFail {
-			// It's only worth it to capture the logs if we aren't going to
-			// immediately discard them.
-			if err := sp.CaptureLogs(context.Background()); err != nil {
-				t.Logf("log capture encountered failures: %v", err)
-			}
-			if err := sp.SnapshotEnvoy(context.Background()); err != nil {
-				t.Logf("envoy snapshot capture encountered failures: %v", err)
-			}
-		}
-
-		if t.Failed() && keepRunningOnFail {
-			t.Log("test failed; leaving sprawl running")
-		} else {
-			//nolint:errcheck
-			sp.Stop()
-		}
-	})
-}
-
-// CleanupWorkingDirectories is meant to run in an init() once at the start of
-// any tests.
-func CleanupWorkingDirectories() {
-	fi, err := os.ReadDir(workdirRoot)
-	if os.IsNotExist(err) {
-		return
-	} else if err != nil {
-		fmt.Fprintf(os.Stderr, "WARN: sprawltest: unable to scan 'workdir' for prior runs to cleanup\n")
-		return
-	} else if len(fi) == 0 {
-		fmt.Fprintf(os.Stdout, "INFO: sprawltest: no prior tests to clean up\n")
-		return
-	}
-
-	r, err := runner.Load(hclog.NewNullLogger())
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "WARN: sprawltest: unable to look for 'terraform' and 'docker' binaries\n")
-		return
-	}
-
-	ctx := context.Background()
-
-	for _, d := range fi {
-		if !d.IsDir() {
-			continue
-		}
-		path := filepath.Join(workdirRoot, d.Name(), "terraform")
-
-		fmt.Fprintf(os.Stdout, "INFO: sprawltest: cleaning up failed prior run in: %s\n", path)
-
-		err := r.TerraformExec(ctx, []string{
-			"init", "-input=false",
-		}, io.Discard, path)
-
-		err2 := r.TerraformExec(ctx, []string{
-			"destroy", "-input=false", "-auto-approve", "-refresh=false",
-		}, io.Discard, path)
-
-		if err2 != nil {
-			err = multierror.Append(err, err2)
-		}
-
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "WARN: sprawltest: could not clean up failed prior run in: %s: %v\n", path, err)
-		} else {
-			_ = os.RemoveAll(path)
-		}
-	}
-}
-
-func SkipIfTerraformNotPresent(t *testing.T) {
-	const terraformBinaryName = "terraform"
-
-	path, err := exec.LookPath(terraformBinaryName)
-	if err != nil || path == "" {
-		t.Skipf("%q not found on $PATH - download and install to run this test", terraformBinaryName)
-	}
-}
diff --git a/testing/deployer/sprawl/sprawltest/test_test.go b/testing/deployer/sprawl/sprawltest/test_test.go
deleted file mode 100644
index 1bb69ea77efe..000000000000
--- a/testing/deployer/sprawl/sprawltest/test_test.go
+++ /dev/null
@@ -1,183 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawltest_test
-
-import (
-	"strconv"
-	"testing"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/stretchr/testify/require"
-
-	"github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest"
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-func TestSprawl(t *testing.T) {
-	serversDC1 := newTopologyServerSet("dc1-server", 3, []string{"dc1", "wan"}, nil)
-	serversDC2 := newTopologyServerSet("dc2-server", 3, []string{"dc2", "wan"}, nil)
-
-	cfg := &topology.Config{
-		Networks: []*topology.Network{
-			{Name: "dc1"},
-			{Name: "dc2"},
-			{Name: "wan", Type: "wan"},
-		},
-		Clusters: []*topology.Cluster{
-			{
-				Name: "dc1",
-				Nodes: topology.MergeSlices(serversDC1, []*topology.Node{
-					{
-						Kind: topology.NodeKindClient,
-						Name: "dc1-client1",
-						Services: []*topology.Service{
-							{
-								ID:             topology.ServiceID{Name: "mesh-gateway"},
-								Port:           8443,
-								EnvoyAdminPort: 19000,
-								IsMeshGateway:  true,
-							},
-						},
-					},
-					{
-						Kind: topology.NodeKindClient,
-						Name: "dc1-client2",
-						Services: []*topology.Service{
-							{
-								ID:             topology.ServiceID{Name: "ping"},
-								Image:          "rboyer/pingpong:latest",
-								Port:           8080,
-								EnvoyAdminPort: 19000,
-								Command: []string{
-									"-bind", "0.0.0.0:8080",
-									"-dial", "127.0.0.1:9090",
-									"-pong-chaos",
-									"-dialfreq", "250ms",
-									"-name", "ping",
-								},
-								Upstreams: []*topology.Upstream{{
-									ID:        topology.ServiceID{Name: "pong"},
-									LocalPort: 9090,
-									Peer:      "peer-dc2-default",
-								}},
-							},
-						},
-					},
-				}),
-				InitialConfigEntries: []api.ConfigEntry{
-					&api.ExportedServicesConfigEntry{
-						Name: "default",
-						Services: []api.ExportedService{{
-							Name: "ping",
-							Consumers: []api.ServiceConsumer{{
-								Peer: "peer-dc2-default",
-							}},
-						}},
-					},
-				},
-			},
-			{
-				Name: "dc2",
-				Nodes: topology.MergeSlices(serversDC2, []*topology.Node{
-					{
-						Kind: topology.NodeKindClient,
-						Name: "dc2-client1",
-						Services: []*topology.Service{
-							{
-								ID:             topology.ServiceID{Name: "mesh-gateway"},
-								Port:           8443,
-								EnvoyAdminPort: 19000,
-								IsMeshGateway:  true,
-							},
-						},
-					},
-					{
-						Kind: topology.NodeKindDataplane,
-						Name: "dc2-client2",
-						Services: []*topology.Service{
-							{
-								ID:             topology.ServiceID{Name: "pong"},
-								Image:          "rboyer/pingpong:latest",
-								Port:           8080,
-								EnvoyAdminPort: 19000,
-								Command: []string{
-									"-bind", "0.0.0.0:8080",
-									"-dial", "127.0.0.1:9090",
-									"-pong-chaos",
-									"-dialfreq", "250ms",
-									"-name", "pong",
-								},
-								Upstreams: []*topology.Upstream{{
-									ID:        topology.ServiceID{Name: "ping"},
-									LocalPort: 9090,
-									Peer:      "peer-dc1-default",
-								}},
-							},
-						},
-					},
-				}),
-				InitialConfigEntries: []api.ConfigEntry{
-					&api.ExportedServicesConfigEntry{
-						Name: "default",
-						Services: []api.ExportedService{{
-							Name: "ping",
-							Consumers: []api.ServiceConsumer{{
-								Peer: "peer-dc2-default",
-							}},
-						}},
-					},
-				},
-			},
-		},
-		Peerings: []*topology.Peering{{
-			Dialing: topology.PeerCluster{
-				Name: "dc1",
-			},
-			Accepting: topology.PeerCluster{
-				Name: "dc2",
-			},
-		}},
-	}
-
-	sp := sprawltest.Launch(t, cfg)
-
-	for _, cluster := range sp.Topology().Clusters {
-		leader, err := sp.Leader(cluster.Name)
-		require.NoError(t, err)
-		t.Logf("%s: leader = %s", cluster.Name, leader.ID())
-
-		followers, err := sp.Followers(cluster.Name)
-		require.NoError(t, err)
-		for _, f := range followers {
-			t.Logf("%s: follower = %s", cluster.Name, f.ID())
-		}
-	}
-}
-
-func newTopologyServerSet(
-	namePrefix string,
-	num int,
-	networks []string,
-	mutateFn func(i int, node *topology.Node),
-) []*topology.Node {
-	var out []*topology.Node
-	for i := 1; i <= num; i++ {
-		name := namePrefix + strconv.Itoa(i)
-
-		node := &topology.Node{
-			Kind: topology.NodeKindServer,
-			Name: name,
-		}
-		for _, net := range networks {
-			node.Addresses = append(node.Addresses, &topology.Address{Network: net})
-		}
-
-		if mutateFn != nil {
-			mutateFn(i, node)
-		}
-
-		out = append(out, node)
-	}
-	return out
-}
diff --git a/testing/deployer/sprawl/tls.go b/testing/deployer/sprawl/tls.go
deleted file mode 100644
index 4ba26432f1e1..000000000000
--- a/testing/deployer/sprawl/tls.go
+++ /dev/null
@@ -1,117 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package sprawl
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-
-	"github.com/hashicorp/consul/testing/deployer/topology"
-)
-
-const (
-	consulUID     = "100"
-	consulGID     = "1000"
-	consulUserArg = consulUID + ":" + consulGID
-)
-
-func tlsPrefixFromNode(node *topology.Node) string {
-	switch node.Kind {
-	case topology.NodeKindServer:
-		return node.Partition + "." + node.Name + ".server"
-	case topology.NodeKindClient:
-		return node.Partition + "." + node.Name + ".client"
-	default:
-		return ""
-	}
-}
-
-func tlsCertCreateCommand(node *topology.Node) string {
-	if node.IsServer() {
-		return fmt.Sprintf(`consul tls cert create -server -dc=%s -node=%s`, node.Datacenter, node.PodName())
-	} else {
-		return fmt.Sprintf(`consul tls cert create -client -dc=%s`, node.Datacenter)
-	}
-}
-
-func (s *Sprawl) initTLS(ctx context.Context) error {
-	for _, cluster := range s.topology.Clusters {
-
-		var buf bytes.Buffer
-
-		// Create the CA if not already done, and proceed to do all of the
-		// consul CLI calls inside of a throwaway temp directory.
-		buf.WriteString(`
-if [[ ! -f consul-agent-ca-key.pem || ! -f consul-agent-ca.pem ]]; then
-	consul tls ca create
-fi
-rm -rf tmp
-mkdir -p tmp
-cp -a consul-agent-ca-key.pem consul-agent-ca.pem tmp
-cd tmp
-`)
-
-		for _, node := range cluster.Nodes {
-			if !node.IsAgent() || node.Disabled {
-				continue
-			}
-
-			node.TLSCertPrefix = tlsPrefixFromNode(node)
-			if node.TLSCertPrefix == "" {
-				continue
-			}
-
-			expectPrefix := cluster.Datacenter + "-" + string(node.Kind) + "-consul-0"
-
-			// Conditionally generate these in isolation and rename them to
-			// not rely upon the numerical indexing.
-			buf.WriteString(fmt.Sprintf(`
-if [[ ! -f %[1]s || ! -f %[2]s ]]; then
-	rm -f %[3]s %[4]s
-	%[5]s
-	mv -f %[3]s %[1]s
-	mv -f %[4]s %[2]s
-fi
-`,
-				"../"+node.TLSCertPrefix+"-key.pem", "../"+node.TLSCertPrefix+".pem",
-				expectPrefix+"-key.pem", expectPrefix+".pem",
-				tlsCertCreateCommand(node),
-			))
-		}
-
-		err := s.runner.DockerExec(ctx, []string{
-			"run",
-			"--rm",
-			"-i",
-			"--net=none",
-			"-v", cluster.TLSVolumeName + ":/data",
-			"busybox:latest",
-			"sh", "-c",
-			// Need this so the permissions stick; docker seems to treat unused volumes differently.
-			`touch /data/VOLUME_PLACEHOLDER && chown -R ` + consulUserArg + ` /data`,
-		}, io.Discard, nil)
-		if err != nil {
-			return fmt.Errorf("could not initialize docker volume for cert data %q: %w", cluster.TLSVolumeName, err)
-		}
-
-		err = s.runner.DockerExec(ctx, []string{"run",
-			"--rm",
-			"-i",
-			"--net=none",
-			"-u", consulUserArg,
-			"-v", cluster.TLSVolumeName + ":/data",
-			"-w", "/data",
-			"--entrypoint", "",
-			cluster.Images.Consul,
-			"/bin/sh", "-ec", buf.String(),
-		}, io.Discard, nil)
-		if err != nil {
-			return fmt.Errorf("could not create all necessary TLS certificates in docker volume: %v", err)
-		}
-	}
-
-	return nil
-}
diff --git a/testing/deployer/topology/compile.go b/testing/deployer/topology/compile.go
deleted file mode 100644
index 78ee5843c1b2..000000000000
--- a/testing/deployer/topology/compile.go
+++ /dev/null
@@ -1,674 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package topology
-
-import (
-	crand "crypto/rand"
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"reflect"
-	"regexp"
-	"sort"
-
-	"github.com/google/go-cmp/cmp"
-	"github.com/hashicorp/go-hclog"
-)
-
-const DockerPrefix = "consulcluster"
-
-func Compile(logger hclog.Logger, raw *Config) (*Topology, error) {
-	return compile(logger, raw, nil)
-}
-
-func Recompile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error) {
-	if prev == nil {
-		return nil, errors.New("missing previous topology")
-	}
-	return compile(logger, raw, prev)
-}
-
-func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error) {
-	var id string
-	if prev == nil {
-		var err error
-		id, err = newTopologyID()
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		id = prev.ID
-	}
-
-	images := DefaultImages().OverrideWith(raw.Images)
-	if images.Consul != "" {
-		return nil, fmt.Errorf("topology.images.consul cannot be set at this level")
-	}
-
-	if len(raw.Networks) == 0 {
-		return nil, fmt.Errorf("topology.networks is empty")
-	}
-
-	networks := make(map[string]*Network)
-	for _, net := range raw.Networks {
-		if net.DockerName != "" {
-			return nil, fmt.Errorf("network %q should not specify DockerName", net.Name)
-		}
-		if !IsValidLabel(net.Name) {
-			return nil, fmt.Errorf("network name is not valid: %s", net.Name)
-		}
-		if _, exists := networks[net.Name]; exists {
-			return nil, fmt.Errorf("cannot have two networks with the same name %q", net.Name)
-		}
-
-		switch net.Type {
-		case "":
-			net.Type = "lan"
-		case "wan", "lan":
-		default:
-			return nil, fmt.Errorf("network %q has unknown type %q", net.Name, net.Type)
-		}
-
-		networks[net.Name] = net
-		net.DockerName = DockerPrefix + "-" + net.Name + "-" + id
-	}
-
-	if len(raw.Clusters) == 0 {
-		return nil, fmt.Errorf("topology.clusters is empty")
-	}
-
-	var (
-		clusters  = make(map[string]*Cluster)
-		nextIndex int // use a global index so any shared networks work properly with assignments
-	)
-
-	foundPeerNames := make(map[string]map[string]struct{})
-	for _, c := range raw.Clusters {
-		if c.Name == "" {
-			return nil, fmt.Errorf("cluster has no name")
-		}
-
-		foundPeerNames[c.Name] = make(map[string]struct{})
-
-		if !IsValidLabel(c.Name) {
-			return nil, fmt.Errorf("cluster name is not valid: %s", c.Name)
-		}
-
-		if _, exists := clusters[c.Name]; exists {
-			return nil, fmt.Errorf("cannot have two clusters with the same name %q; use unique names and override the Datacenter field if that's what you want", c.Name)
-		}
-
-		if c.Datacenter == "" {
-			c.Datacenter = c.Name
-		} else {
-			if !IsValidLabel(c.Datacenter) {
-				return nil, fmt.Errorf("datacenter name is not valid: %s", c.Datacenter)
-			}
-		}
-
-		clusters[c.Name] = c
-		if c.NetworkName == "" {
-			c.NetworkName = c.Name
-		}
-
-		c.Images = images.OverrideWith(c.Images).ChooseConsul(c.Enterprise)
-
-		if _, ok := networks[c.NetworkName]; !ok {
-			return nil, fmt.Errorf("cluster %q uses network name %q that does not exist", c.Name, c.NetworkName)
-		}
-
-		if len(c.Nodes) == 0 {
-			return nil, fmt.Errorf("cluster %q has no nodes", c.Name)
-		}
-
-		if c.TLSVolumeName != "" {
-			return nil, fmt.Errorf("user cannot specify the TLSVolumeName field")
-		}
-
-		tenancies := make(map[string]map[string]struct{})
-		addTenancy := func(partition, namespace string) {
-			partition = PartitionOrDefault(partition)
-			namespace = NamespaceOrDefault(namespace)
-			m, ok := tenancies[partition]
-			if !ok {
-				m = make(map[string]struct{})
-				tenancies[partition] = m
-			}
-			m[namespace] = struct{}{}
-		}
-
-		for _, ap := range c.Partitions {
-			addTenancy(ap.Name, "default")
-			for _, ns := range ap.Namespaces {
-				addTenancy(ap.Name, ns)
-			}
-		}
-
-		for _, ce := range c.InitialConfigEntries {
-			addTenancy(ce.GetPartition(), ce.GetNamespace())
-		}
-
-		seenNodes := make(map[NodeID]struct{})
-		for _, n := range c.Nodes {
-			if n.Name == "" {
-				return nil, fmt.Errorf("cluster %q node has no name", c.Name)
-			}
-			if !IsValidLabel(n.Name) {
-				return nil, fmt.Errorf("node name is not valid: %s", n.Name)
-			}
-
-			switch n.Kind {
-			case NodeKindServer, NodeKindClient, NodeKindDataplane:
-			default:
-				return nil, fmt.Errorf("cluster %q node %q has invalid kind: %s", c.Name, n.Name, n.Kind)
-			}
-
-			n.Partition = PartitionOrDefault(n.Partition)
-			if !IsValidLabel(n.Partition) {
-				return nil, fmt.Errorf("node partition is not valid: %s", n.Partition)
-			}
-			addTenancy(n.Partition, "default")
-
-			if _, exists := seenNodes[n.ID()]; exists {
-				return nil, fmt.Errorf("cannot have two nodes in the same cluster %q with the same name %q", c.Name, n.ID())
-			}
-			seenNodes[n.ID()] = struct{}{}
-
-			if len(n.usedPorts) != 0 {
-				return nil, fmt.Errorf("user cannot specify the usedPorts field")
-			}
-			n.usedPorts = make(map[int]int)
-			exposePort := func(v int) bool {
-				if _, ok := n.usedPorts[v]; ok {
-					return false
-				}
-				n.usedPorts[v] = 0
-				return true
-			}
-
-			if n.IsAgent() {
-				// TODO: the ux  here is awful; we should be able to examine the topology to guess properly
-				exposePort(8500)
-				if n.IsServer() {
-					exposePort(8503)
-				} else {
-					exposePort(8502)
-				}
-			}
-
-			if n.Index != 0 {
-				return nil, fmt.Errorf("user cannot specify the node index")
-			}
-			n.Index = nextIndex
-			nextIndex++
-
-			n.Images = c.Images.OverrideWith(n.Images).ChooseNode(n.Kind)
-
-			n.Cluster = c.Name
-			n.Datacenter = c.Datacenter
-			n.dockerName = DockerPrefix + "-" + n.Name + "-" + id
-
-			if len(n.Addresses) == 0 {
-				n.Addresses = append(n.Addresses, &Address{Network: c.NetworkName})
-			}
-			var (
-				numPublic int
-				numLocal  int
-			)
-			for _, addr := range n.Addresses {
-				if addr.Network == "" {
-					return nil, fmt.Errorf("cluster %q node %q has invalid address", c.Name, n.Name)
-				}
-
-				if addr.Type != "" {
-					return nil, fmt.Errorf("user cannot specify the address type directly")
-				}
-
-				net, ok := networks[addr.Network]
-				if !ok {
-					return nil, fmt.Errorf("cluster %q node %q uses network name %q that does not exist", c.Name, n.Name, addr.Network)
-				}
-
-				if net.IsPublic() {
-					numPublic++
-				} else if net.IsLocal() {
-					numLocal++
-				}
-				addr.Type = net.Type
-
-				addr.DockerNetworkName = net.DockerName
-			}
-
-			if numLocal == 0 {
-				return nil, fmt.Errorf("cluster %q node %q has no local addresses", c.Name, n.Name)
-			}
-			if numPublic > 1 {
-				return nil, fmt.Errorf("cluster %q node %q has more than one public address", c.Name, n.Name)
-			}
-
-			seenServices := make(map[ServiceID]struct{})
-			for _, svc := range n.Services {
-				if n.IsAgent() {
-					// Default to that of the enclosing node.
-					svc.ID.Partition = n.Partition
-				}
-				svc.ID.Normalize()
-
-				// Denormalize
-				svc.Node = n
-
-				if !IsValidLabel(svc.ID.Partition) {
-					return nil, fmt.Errorf("service partition is not valid: %s", svc.ID.Partition)
-				}
-				if !IsValidLabel(svc.ID.Namespace) {
-					return nil, fmt.Errorf("service namespace is not valid: %s", svc.ID.Namespace)
-				}
-				if !IsValidLabel(svc.ID.Name) {
-					return nil, fmt.Errorf("service name is not valid: %s", svc.ID.Name)
-				}
-				addTenancy(svc.ID.Partition, svc.ID.Namespace)
-
-				if _, exists := seenServices[svc.ID]; exists {
-					return nil, fmt.Errorf("cannot have two services on the same node %q in the same cluster %q with the same name %q", n.ID(), c.Name, svc.ID)
-				}
-				seenServices[svc.ID] = struct{}{}
-
-				if !svc.DisableServiceMesh && n.IsDataplane() {
-					if svc.EnvoyPublicListenerPort <= 0 {
-						if _, ok := n.usedPorts[20000]; !ok {
-							// For convenience the FIRST service on a node can get 20000 for free.
-							svc.EnvoyPublicListenerPort = 20000
-						} else {
-							return nil, fmt.Errorf("envoy public listener port is required")
-						}
-					}
-				}
-
-				// add all of the service ports
-				for _, port := range svc.ports() {
-					if ok := exposePort(port); !ok {
-						return nil, fmt.Errorf("port used more than once on cluster %q node %q: %d", c.Name, n.ID(), port)
-					}
-				}
-
-				// TODO(rb): re-expose?
-				// switch svc.Protocol {
-				// case "":
-				// 	svc.Protocol = "tcp"
-				// 	fallthrough
-				// case "tcp":
-				// 	if svc.CheckHTTP != "" {
-				// 		return nil, fmt.Errorf("cannot set CheckHTTP for tcp service")
-				// 	}
-				// case "http":
-				// 	if svc.CheckTCP != "" {
-				// 		return nil, fmt.Errorf("cannot set CheckTCP for tcp service")
-				// 	}
-				// default:
-				// 	return nil, fmt.Errorf("service has invalid protocol: %s", svc.Protocol)
-				// }
-
-				for _, u := range svc.Upstreams {
-					// Default to that of the enclosing service.
-					if u.Peer == "" {
-						if u.ID.Partition == "" {
-							u.ID.Partition = svc.ID.Partition
-						}
-						if u.ID.Namespace == "" {
-							u.ID.Namespace = svc.ID.Namespace
-						}
-					} else {
-						if u.ID.Partition != "" {
-							u.ID.Partition = "" // irrelevant here; we'll set it to the value of the OTHER side for plumbing purposes in tests
-						}
-						u.ID.Namespace = NamespaceOrDefault(u.ID.Namespace)
-						foundPeerNames[c.Name][u.Peer] = struct{}{}
-					}
-
-					if u.ID.Name == "" {
-						return nil, fmt.Errorf("upstream service name is required")
-					}
-					addTenancy(u.ID.Partition, u.ID.Namespace)
-				}
-
-				if err := svc.Validate(); err != nil {
-					return nil, fmt.Errorf("cluster %q node %q service %q is not valid: %w", c.Name, n.Name, svc.ID.String(), err)
-				}
-			}
-		}
-
-		// Explode this into the explicit list based on stray references made.
-		c.Partitions = nil
-		for ap, nsMap := range tenancies {
-			p := &Partition{
-				Name: ap,
-			}
-			for ns := range nsMap {
-				p.Namespaces = append(p.Namespaces, ns)
-			}
-			sort.Strings(p.Namespaces)
-			c.Partitions = append(c.Partitions, p)
-		}
-		sort.Slice(c.Partitions, func(i, j int) bool {
-			return c.Partitions[i].Name < c.Partitions[j].Name
-		})
-
-		if !c.Enterprise {
-			expect := []*Partition{{Name: "default", Namespaces: []string{"default"}}}
-			if !reflect.DeepEqual(c.Partitions, expect) {
-				return nil, fmt.Errorf("cluster %q references non-default partitions or namespaces but is CE", c.Name)
-			}
-		}
-	}
-
-	clusteredPeerings := make(map[string]map[string]*PeerCluster) // local-cluster -> local-peer -> info
-	addPeerMapEntry := func(pc PeerCluster) {
-		pm, ok := clusteredPeerings[pc.Name]
-		if !ok {
-			pm = make(map[string]*PeerCluster)
-			clusteredPeerings[pc.Name] = pm
-		}
-		pm[pc.PeerName] = &pc
-	}
-	for _, p := range raw.Peerings {
-		dialingCluster, ok := clusters[p.Dialing.Name]
-		if !ok {
-			return nil, fmt.Errorf("peering references a dialing cluster that does not exist: %s", p.Dialing.Name)
-		}
-		acceptingCluster, ok := clusters[p.Accepting.Name]
-		if !ok {
-			return nil, fmt.Errorf("peering references an accepting cluster that does not exist: %s", p.Accepting.Name)
-		}
-		if p.Dialing.Name == p.Accepting.Name {
-			return nil, fmt.Errorf("self peerings are not allowed: %s", p.Dialing.Name)
-		}
-
-		p.Dialing.Partition = PartitionOrDefault(p.Dialing.Partition)
-		p.Accepting.Partition = PartitionOrDefault(p.Accepting.Partition)
-
-		if dialingCluster.Enterprise {
-			if !dialingCluster.hasPartition(p.Dialing.Partition) {
-				return nil, fmt.Errorf("dialing side of peering cannot reference a partition that does not exist: %s", p.Dialing.Partition)
-			}
-		} else {
-			if p.Dialing.Partition != "default" {
-				return nil, fmt.Errorf("dialing side of peering cannot reference a partition when CE")
-			}
-		}
-		if acceptingCluster.Enterprise {
-			if !acceptingCluster.hasPartition(p.Accepting.Partition) {
-				return nil, fmt.Errorf("accepting side of peering cannot reference a partition that does not exist: %s", p.Accepting.Partition)
-			}
-		} else {
-			if p.Accepting.Partition != "default" {
-				return nil, fmt.Errorf("accepting side of peering cannot reference a partition when CE")
-			}
-		}
-
-		if p.Dialing.PeerName == "" {
-			p.Dialing.PeerName = "peer-" + p.Accepting.Name + "-" + p.Accepting.Partition
-		}
-		if p.Accepting.PeerName == "" {
-			p.Accepting.PeerName = "peer-" + p.Dialing.Name + "-" + p.Dialing.Partition
-		}
-
-		{ // Ensure the link fields do not have recursive links.
-			p.Dialing.Link = nil
-			p.Accepting.Link = nil
-
-			// Copy the un-linked data before setting the link
-			pa := p.Accepting
-			pd := p.Dialing
-
-			p.Accepting.Link = &pd
-			p.Dialing.Link = &pa
-		}
-
-		addPeerMapEntry(p.Accepting)
-		addPeerMapEntry(p.Dialing)
-
-		delete(foundPeerNames[p.Accepting.Name], p.Accepting.PeerName)
-		delete(foundPeerNames[p.Dialing.Name], p.Dialing.PeerName)
-	}
-
-	for cluster, peers := range foundPeerNames {
-		if len(peers) > 0 {
-			var pretty []string
-			for name := range peers {
-				pretty = append(pretty, name)
-			}
-			sort.Strings(pretty)
-			return nil, fmt.Errorf("cluster[%s] found topology references to peerings that do not exist: %v", cluster, pretty)
-		}
-	}
-
-	// after we decoded the peering stuff, we can fill in some computed data in the upstreams
-	for _, c := range clusters {
-		c.Peerings = clusteredPeerings[c.Name]
-		for _, n := range c.Nodes {
-			for _, svc := range n.Services {
-				for _, u := range svc.Upstreams {
-					if u.Peer == "" {
-						u.Cluster = c.Name
-						u.Peering = nil
-						continue
-					}
-					remotePeer, ok := c.Peerings[u.Peer]
-					if !ok {
-						return nil, fmt.Errorf("not possible")
-					}
-					u.Cluster = remotePeer.Link.Name
-					u.Peering = remotePeer.Link
-					// this helps in generating fortio assertions; otherwise field is ignored
-					u.ID.Partition = remotePeer.Link.Partition
-				}
-			}
-		}
-	}
-
-	t := &Topology{
-		ID:       id,
-		Networks: networks,
-		Clusters: clusters,
-		Images:   images,
-		Peerings: raw.Peerings,
-	}
-
-	if prev != nil {
-		// networks cannot change
-		if !sameKeys(prev.Networks, t.Networks) {
-			return nil, fmt.Errorf("cannot create or destroy networks")
-		}
-
-		for _, newNetwork := range t.Networks {
-			oldNetwork := prev.Networks[newNetwork.Name]
-
-			// Carryover
-			newNetwork.inheritFromExisting(oldNetwork)
-
-			if err := isSame(oldNetwork, newNetwork); err != nil {
-				return nil, fmt.Errorf("networks cannot change: %w", err)
-			}
-
-		}
-
-		// cannot add or remove an entire cluster
-		if !sameKeys(prev.Clusters, t.Clusters) {
-			return nil, fmt.Errorf("cannot create or destroy clusters")
-		}
-
-		for _, newCluster := range t.Clusters {
-			oldCluster := prev.Clusters[newCluster.Name]
-
-			// Carryover
-			newCluster.inheritFromExisting(oldCluster)
-
-			if newCluster.Name != oldCluster.Name ||
-				newCluster.NetworkName != oldCluster.NetworkName ||
-				newCluster.Datacenter != oldCluster.Datacenter ||
-				newCluster.Enterprise != oldCluster.Enterprise {
-				return nil, fmt.Errorf("cannot edit some cluster fields for %q", newCluster.Name)
-			}
-
-			// WARN on presence of some things.
-			if len(newCluster.InitialConfigEntries) > 0 {
-				logger.Warn("initial config entries were provided, but are skipped on recompile")
-			}
-
-			// Check NODES
-			if err := inheritAndValidateNodes(oldCluster.Nodes, newCluster.Nodes); err != nil {
-				return nil, fmt.Errorf("some immutable aspects of nodes were changed in cluster %q: %w", newCluster.Name, err)
-			}
-		}
-	}
-
-	return t, nil
-}
-
-const permutedWarning = "use the disabled node kind if you want to ignore a node"
-
-func inheritAndValidateNodes(
-	prev, curr []*Node,
-) error {
-	nodeMap := mapifyNodes(curr)
-
-	for prevIdx, node := range prev {
-		currNode, ok := nodeMap[node.ID()]
-		if !ok {
-			return fmt.Errorf("node %q has vanished; "+permutedWarning, node.ID())
-		}
-		// Ensure it hasn't been permuted.
-		if currNode.Pos != prevIdx {
-			return fmt.Errorf(
-				"node %q has been shuffled %d -> %d; "+permutedWarning,
-				node.ID(),
-				prevIdx,
-				currNode.Pos,
-			)
-		}
-
-		if currNode.Node.Kind != node.Kind ||
-			currNode.Node.Partition != node.Partition ||
-			currNode.Node.Name != node.Name ||
-			currNode.Node.Index != node.Index ||
-			len(currNode.Node.Addresses) != len(node.Addresses) ||
-			!sameKeys(currNode.Node.usedPorts, node.usedPorts) {
-			return fmt.Errorf("cannot edit some node fields for %q", node.ID())
-		}
-
-		currNode.Node.inheritFromExisting(node)
-
-		for i := 0; i < len(currNode.Node.Addresses); i++ {
-			prevAddr := node.Addresses[i]
-			currAddr := currNode.Node.Addresses[i]
-
-			if prevAddr.Network != currAddr.Network {
-				return fmt.Errorf("addresses were shuffled for node %q", node.ID())
-			}
-
-			if prevAddr.Type != currAddr.Type {
-				return fmt.Errorf("cannot edit some address fields for %q", node.ID())
-			}
-
-			currAddr.inheritFromExisting(prevAddr)
-		}
-
-		svcMap := mapifyServices(currNode.Node.Services)
-
-		for _, svc := range node.Services {
-			currSvc, ok := svcMap[svc.ID]
-			if !ok {
-				continue // service has vanished, this is ok
-			}
-			// don't care about index permutation
-
-			if currSvc.ID != svc.ID ||
-				currSvc.Port != svc.Port ||
-				currSvc.EnvoyAdminPort != svc.EnvoyAdminPort ||
-				currSvc.EnvoyPublicListenerPort != svc.EnvoyPublicListenerPort ||
-				isSame(currSvc.Command, svc.Command) != nil ||
-				isSame(currSvc.Env, svc.Env) != nil {
-				return fmt.Errorf("cannot edit some address fields for %q", svc.ID)
-			}
-
-			currSvc.inheritFromExisting(svc)
-		}
-	}
-	return nil
-}
-
-func newTopologyID() (string, error) {
-	const n = 16
-	id := make([]byte, n)
-	if _, err := crand.Read(id[:]); err != nil {
-		return "", err
-	}
-	return hex.EncodeToString(id)[:n], nil
-}
-
-// matches valid DNS labels according to RFC 1123, should be at most 63
-// characters according to the RFC
-var validLabel = regexp.MustCompile(`^[a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?$`)
-
-// IsValidLabel returns true if the string given is a valid DNS label (RFC 1123).
-// Note: the only difference between RFC 1035 and RFC 1123 labels is that in
-// RFC 1123 labels can begin with a number.
-func IsValidLabel(name string) bool {
-	return validLabel.MatchString(name)
-}
-
-// ValidateLabel is similar to IsValidLabel except it returns an error
-// instead of false when name is not a valid DNS label. The error will contain
-// reference to what constitutes a valid DNS label.
-func ValidateLabel(name string) error {
-	if !IsValidLabel(name) {
-		return errors.New("a valid DNS label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character")
-	}
-	return nil
-}
-
-func isSame(x, y any) error {
-	diff := cmp.Diff(x, y)
-	if diff != "" {
-		return fmt.Errorf("values are not equal\n--- expected\n+++ actual\n%v", diff)
-	}
-	return nil
-}
-
-func sameKeys[K comparable, V any](x, y map[K]V) bool {
-	if len(x) != len(y) {
-		return false
-	}
-
-	for kx := range x {
-		if _, ok := y[kx]; !ok {
-			return false
-		}
-	}
-	return true
-}
-
-func mapifyNodes(nodes []*Node) map[NodeID]nodeWithPosition {
-	m := make(map[NodeID]nodeWithPosition)
-	for i, node := range nodes {
-		m[node.ID()] = nodeWithPosition{
-			Pos:  i,
-			Node: node,
-		}
-	}
-	return m
-}
-
-type nodeWithPosition struct {
-	Pos  int
-	Node *Node
-}
-
-func mapifyServices(services []*Service) map[ServiceID]*Service {
-	m := make(map[ServiceID]*Service)
-	for _, svc := range services {
-		m[svc.ID] = svc
-	}
-	return m
-}
diff --git a/testing/deployer/topology/default_cdp.go b/testing/deployer/topology/default_cdp.go
deleted file mode 100644
index 22424d2dd121..000000000000
--- a/testing/deployer/topology/default_cdp.go
+++ /dev/null
@@ -1,6 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package topology
-
-const DefaultDataplaneImage = "hashicorp/consul-dataplane:1.1.0"
diff --git a/testing/deployer/topology/default_consul.go b/testing/deployer/topology/default_consul.go
deleted file mode 100644
index f9542f16643d..000000000000
--- a/testing/deployer/topology/default_consul.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package topology
-
-const DefaultConsulImage = "hashicorp/consul:1.15.2"
-const DefaultConsulEnterpriseImage = "hashicorp/consul-enterprise:1.15.2-ent"
diff --git a/testing/deployer/topology/default_envoy.go b/testing/deployer/topology/default_envoy.go
deleted file mode 100644
index c557a318a17f..000000000000
--- a/testing/deployer/topology/default_envoy.go
+++ /dev/null
@@ -1,6 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package topology
-
-const DefaultEnvoyImage = "envoyproxy/envoy:v1.25.1"
diff --git a/testing/deployer/topology/ids.go b/testing/deployer/topology/ids.go
deleted file mode 100644
index 3f964b12548e..000000000000
--- a/testing/deployer/topology/ids.go
+++ /dev/null
@@ -1,145 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package topology
-
-import (
-	"fmt"
-
-	"github.com/hashicorp/consul/api"
-)
-
-type NodeServiceID struct {
-	Node      string
-	Service   string `json:",omitempty"`
-	Namespace string `json:",omitempty"`
-	Partition string `json:",omitempty"`
-}
-
-func NewNodeServiceID(node, service, namespace, partition string) NodeServiceID {
-	id := NodeServiceID{
-		Node:      node,
-		Service:   service,
-		Namespace: namespace,
-		Partition: partition,
-	}
-	id.Normalize()
-	return id
-}
-
-func (id NodeServiceID) NodeID() NodeID {
-	return NewNodeID(id.Node, id.Partition)
-}
-
-func (id NodeServiceID) ServiceID() ServiceID {
-	return NewServiceID(id.Service, id.Namespace, id.Partition)
-}
-
-func (id *NodeServiceID) Normalize() {
-	id.Namespace = NamespaceOrDefault(id.Namespace)
-	id.Partition = PartitionOrDefault(id.Partition)
-}
-
-func (id NodeServiceID) String() string {
-	return fmt.Sprintf("%s/%s/%s/%s", id.Partition, id.Node, id.Namespace, id.Service)
-}
-
-type NodeID struct {
-	Name      string `json:",omitempty"`
-	Partition string `json:",omitempty"`
-}
-
-func NewNodeID(name, partition string) NodeID {
-	id := NodeID{
-		Name:      name,
-		Partition: partition,
-	}
-	id.Normalize()
-	return id
-}
-
-func (id *NodeID) Normalize() {
-	id.Partition = PartitionOrDefault(id.Partition)
-}
-
-func (id NodeID) String() string {
-	return fmt.Sprintf("%s/%s", id.Partition, id.Name)
-}
-
-func (id NodeID) ACLString() string {
-	return fmt.Sprintf("%s--%s", id.Partition, id.Name)
-}
-func (id NodeID) TFString() string {
-	return id.ACLString()
-}
-
-type ServiceID struct {
-	Name      string `json:",omitempty"`
-	Namespace string `json:",omitempty"`
-	Partition string `json:",omitempty"`
-}
-
-func NewServiceID(name, namespace, partition string) ServiceID {
-	id := ServiceID{
-		Name:      name,
-		Namespace: namespace,
-		Partition: partition,
-	}
-	id.Normalize()
-	return id
-}
-
-func (id ServiceID) Less(other ServiceID) bool {
-	if id.Partition != other.Partition {
-		return id.Partition < other.Partition
-	}
-	if id.Namespace != other.Namespace {
-		return id.Namespace < other.Namespace
-	}
-	return id.Name < other.Name
-}
-
-func (id *ServiceID) Normalize() {
-	id.Namespace = NamespaceOrDefault(id.Namespace)
-	id.Partition = PartitionOrDefault(id.Partition)
-}
-
-func (id ServiceID) String() string {
-	return fmt.Sprintf("%s/%s/%s", id.Partition, id.Namespace, id.Name)
-}
-
-func (id ServiceID) ACLString() string {
-	return fmt.Sprintf("%s--%s--%s", id.Partition, id.Namespace, id.Name)
-}
-func (id ServiceID) TFString() string {
-	return id.ACLString()
-}
-
-func PartitionOrDefault(name string) string {
-	if name == "" {
-		return "default"
-	}
-	return name
-}
-func NamespaceOrDefault(name string) string {
-	if name == "" {
-		return "default"
-	}
-	return name
-}
-
-func DefaultToEmpty(name string) string {
-	if name == "default" {
-		return ""
-	}
-	return name
-}
-
-// PartitionQueryOptions returns an *api.QueryOptions with the given partition
-// field set only if the partition is non-default. This helps when writing
-// tests for joint use in CE and ENT.
-func PartitionQueryOptions(partition string) *api.QueryOptions {
-	return &api.QueryOptions{
-		Partition: DefaultToEmpty(partition),
-	}
-}
diff --git a/testing/deployer/topology/images.go b/testing/deployer/topology/images.go
deleted file mode 100644
index d58d7a1213de..000000000000
--- a/testing/deployer/topology/images.go
+++ /dev/null
@@ -1,126 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package topology
-
-import (
-	"strings"
-)
-
-type Images struct {
-	Consul           string `json:",omitempty"`
-	ConsulCE         string `json:",omitempty"`
-	ConsulEnterprise string `json:",omitempty"`
-	Envoy            string
-	Dataplane        string
-}
-
-func (i Images) LocalDataplaneImage() string {
-	if i.Dataplane == "" {
-		return ""
-	}
-
-	img, tag, ok := strings.Cut(i.Dataplane, ":")
-	if !ok {
-		tag = "latest"
-	}
-
-	repo, name, ok := strings.Cut(img, "/")
-	if ok {
-		name = repo + "-" + name
-	}
-
-	// ex: local/hashicorp-consul-dataplane:1.1.0
-	return "local/" + name + ":" + tag
-}
-
-func (i Images) EnvoyConsulImage() string {
-	if i.Consul == "" || i.Envoy == "" {
-		return ""
-	}
-
-	img1, tag1, ok1 := strings.Cut(i.Consul, ":")
-	img2, tag2, ok2 := strings.Cut(i.Envoy, ":")
-	if !ok1 {
-		tag1 = "latest"
-	}
-	if !ok2 {
-		tag2 = "latest"
-	}
-
-	repo1, name1, ok1 := strings.Cut(img1, "/")
-	repo2, name2, ok2 := strings.Cut(img2, "/")
-
-	if ok1 {
-		name1 = repo1 + "-" + name1
-	} else {
-		name1 = repo1
-	}
-	if ok2 {
-		name2 = repo2 + "-" + name2
-	} else {
-		name2 = repo2
-	}
-
-	// ex: local/hashicorp-consul-and-envoyproxy-envoy:1.15.0-with-v1.26.2
-	return "local/" + name1 + "-and-" + name2 + ":" + tag1 + "-with-" + tag2
-}
-
-func (i Images) ChooseNode(kind NodeKind) Images {
-	switch kind {
-	case NodeKindServer:
-		i.Envoy = ""
-		i.Dataplane = ""
-	case NodeKindClient:
-		i.Dataplane = ""
-	case NodeKindDataplane:
-		i.Envoy = ""
-	default:
-		// do nothing
-	}
-	return i
-}
-
-func (i Images) ChooseConsul(enterprise bool) Images {
-	if enterprise {
-		i.Consul = i.ConsulEnterprise
-	} else {
-		i.Consul = i.ConsulCE
-	}
-	i.ConsulEnterprise = ""
-	i.ConsulCE = ""
-	return i
-}
-
-func (i Images) OverrideWith(i2 Images) Images {
-	if i2.Consul != "" {
-		i.Consul = i2.Consul
-	}
-	if i2.ConsulCE != "" {
-		i.ConsulCE = i2.ConsulCE
-	}
-	if i2.ConsulEnterprise != "" {
-		i.ConsulEnterprise = i2.ConsulEnterprise
-	}
-	if i2.Envoy != "" {
-		i.Envoy = i2.Envoy
-	}
-	if i2.Dataplane != "" {
-		i.Dataplane = i2.Dataplane
-	}
-	return i
-}
-
-// DefaultImages controls which specific docker images are used as default
-// values for topology components that do not specify values.
-//
-// These can be bulk-updated using the make target 'make update-defaults'
-func DefaultImages() Images {
-	return Images{
-		Consul:           "",
-		ConsulCE:         DefaultConsulImage,
-		ConsulEnterprise: DefaultConsulEnterpriseImage,
-		Envoy:            DefaultEnvoyImage,
-		Dataplane:        DefaultDataplaneImage,
-	}
-}
diff --git a/testing/deployer/topology/images_test.go b/testing/deployer/topology/images_test.go
deleted file mode 100644
index d3ea2136e260..000000000000
--- a/testing/deployer/topology/images_test.go
+++ /dev/null
@@ -1,101 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package topology
-
-import (
-	"strconv"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestImages_EnvoyConsulImage(t *testing.T) {
-	type testcase struct {
-		consul, envoy string
-		expect        string
-	}
-
-	run := func(t *testing.T, tc testcase) {
-		i := Images{Consul: tc.consul, Envoy: tc.envoy}
-		j := i.EnvoyConsulImage()
-		require.Equal(t, tc.expect, j)
-	}
-
-	cases := []testcase{
-		{
-			consul: "",
-			envoy:  "",
-			expect: "",
-		},
-		{
-			consul: "consul",
-			envoy:  "",
-			expect: "",
-		},
-		{
-			consul: "",
-			envoy:  "envoy",
-			expect: "",
-		},
-		{
-			consul: "consul",
-			envoy:  "envoy",
-			expect: "local/consul-and-envoy:latest-with-latest",
-		},
-		// repos
-		{
-			consul: "hashicorp/consul",
-			envoy:  "envoy",
-			expect: "local/hashicorp-consul-and-envoy:latest-with-latest",
-		},
-		{
-			consul: "consul",
-			envoy:  "envoyproxy/envoy",
-			expect: "local/consul-and-envoyproxy-envoy:latest-with-latest",
-		},
-		{
-			consul: "hashicorp/consul",
-			envoy:  "envoyproxy/envoy",
-			expect: "local/hashicorp-consul-and-envoyproxy-envoy:latest-with-latest",
-		},
-		// tags
-		{
-			consul: "consul:1.15.0",
-			envoy:  "envoy",
-			expect: "local/consul-and-envoy:1.15.0-with-latest",
-		},
-		{
-			consul: "consul",
-			envoy:  "envoy:v1.26.1",
-			expect: "local/consul-and-envoy:latest-with-v1.26.1",
-		},
-		{
-			consul: "consul:1.15.0",
-			envoy:  "envoy:v1.26.1",
-			expect: "local/consul-and-envoy:1.15.0-with-v1.26.1",
-		},
-		// repos+tags
-		{
-			consul: "hashicorp/consul:1.15.0",
-			envoy:  "envoy:v1.26.1",
-			expect: "local/hashicorp-consul-and-envoy:1.15.0-with-v1.26.1",
-		},
-		{
-			consul: "consul:1.15.0",
-			envoy:  "envoyproxy/envoy:v1.26.1",
-			expect: "local/consul-and-envoyproxy-envoy:1.15.0-with-v1.26.1",
-		},
-		{
-			consul: "hashicorp/consul:1.15.0",
-			envoy:  "envoyproxy/envoy:v1.26.1",
-			expect: "local/hashicorp-consul-and-envoyproxy-envoy:1.15.0-with-v1.26.1",
-		},
-	}
-
-	for i, tc := range cases {
-		t.Run(strconv.Itoa(i), func(t *testing.T) {
-			run(t, tc)
-		})
-	}
-}
diff --git a/testing/deployer/topology/topology.go b/testing/deployer/topology/topology.go
deleted file mode 100644
index b48543661268..000000000000
--- a/testing/deployer/topology/topology.go
+++ /dev/null
@@ -1,790 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package topology
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"net/netip"
-	"reflect"
-	"sort"
-
-	"github.com/hashicorp/consul/api"
-)
-
-type Topology struct {
-	ID string
-
-	// Images controls which specific docker images are used when running this
-	// node. Non-empty fields here override non-empty fields inherited from the
-	// general default values from DefaultImages().
-	Images Images
-
-	// Networks is the list of networks to create for this set of clusters.
-	Networks map[string]*Network
-
-	// Clusters defines the list of Consul clusters that should be created, and
-	// their associated workloads.
-	Clusters map[string]*Cluster
-
-	// Peerings defines the list of pairwise peerings that should be established
-	// between clusters.
-	Peerings []*Peering `json:",omitempty"`
-}
-
-func (t *Topology) DigestExposedProxyPort(netName string, proxyPort int) (bool, error) {
-	net, ok := t.Networks[netName]
-	if !ok {
-		return false, fmt.Errorf("found output network that does not exist: %s", netName)
-	}
-	if net.ProxyPort == proxyPort {
-		return false, nil
-	}
-
-	net.ProxyPort = proxyPort
-
-	// Denormalize for UX.
-	for _, cluster := range t.Clusters {
-		for _, node := range cluster.Nodes {
-			for _, addr := range node.Addresses {
-				if addr.Network == netName {
-					addr.ProxyPort = proxyPort
-				}
-			}
-		}
-	}
-
-	return true, nil
-}
-
-func (t *Topology) SortedNetworks() []*Network {
-	var out []*Network
-	for _, n := range t.Networks {
-		out = append(out, n)
-	}
-	sort.Slice(out, func(i, j int) bool {
-		return out[i].Name < out[j].Name
-	})
-	return out
-}
-
-func (t *Topology) SortedClusters() []*Cluster {
-	var out []*Cluster
-	for _, c := range t.Clusters {
-		out = append(out, c)
-	}
-	sort.Slice(out, func(i, j int) bool {
-		return out[i].Name < out[j].Name
-	})
-	return out
-}
-
-type Config struct {
-	// Images controls which specific docker images are used when running this
-	// node. Non-empty fields here override non-empty fields inherited from the
-	// general default values from DefaultImages().
-	Images Images
-
-	// Networks is the list of networks to create for this set of clusters.
-	Networks []*Network
-
-	// Clusters defines the list of Consul clusters that should be created, and
-	// their associated workloads.
-	Clusters []*Cluster
-
-	// Peerings defines the list of pairwise peerings that should be established
-	// between clusters.
-	Peerings []*Peering
-}
-
-func (c *Config) Cluster(name string) *Cluster {
-	for _, cluster := range c.Clusters {
-		if cluster.Name == name {
-			return cluster
-		}
-	}
-	return nil
-}
-
-type Network struct {
-	Type string // lan/wan ; empty means lan
-	Name string // logical name
-
-	// computed at topology compile
-	DockerName string
-	// generated during network-and-tls
-	Subnet string
-	IPPool []string `json:"-"`
-	// generated during network-and-tls
-	ProxyAddress string `json:",omitempty"`
-	DNSAddress   string `json:",omitempty"`
-	// filled in from terraform outputs after network-and-tls
-	ProxyPort int `json:",omitempty"`
-}
-
-func (n *Network) IsLocal() bool {
-	return n.Type == "" || n.Type == "lan"
-}
-
-func (n *Network) IsPublic() bool {
-	return n.Type == "wan"
-}
-
-func (n *Network) inheritFromExisting(existing *Network) {
-	n.Subnet = existing.Subnet
-	n.IPPool = existing.IPPool
-	n.ProxyAddress = existing.ProxyAddress
-	n.DNSAddress = existing.DNSAddress
-	n.ProxyPort = existing.ProxyPort
-}
-
-func (n *Network) IPByIndex(index int) string {
-	if index >= len(n.IPPool) {
-		panic(fmt.Sprintf(
-			"not enough ips on this network to assign index %d: %d",
-			len(n.IPPool), index,
-		))
-	}
-	return n.IPPool[index]
-}
-
-func (n *Network) SetSubnet(subnet string) (bool, error) {
-	if n.Subnet == subnet {
-		return false, nil
-	}
-
-	p, err := netip.ParsePrefix(subnet)
-	if err != nil {
-		return false, err
-	}
-	if !p.IsValid() {
-		return false, errors.New("not valid")
-	}
-	p = p.Masked()
-
-	var ipPool []string
-
-	addr := p.Addr()
-	for {
-		if !p.Contains(addr) {
-			break
-		}
-		ipPool = append(ipPool, addr.String())
-		addr = addr.Next()
-	}
-
-	ipPool = ipPool[2:] // skip the x.x.x.{0,1}
-
-	n.Subnet = subnet
-	n.IPPool = ipPool
-	return true, nil
-}
-
-// Cluster represents a single standalone install of Consul. This is the unit
-// of what is peered when using cluster peering. Older consul installs would
-// call this a datacenter.
-type Cluster struct {
-	Name        string
-	NetworkName string // empty assumes same as Name
-
-	// Images controls which specific docker images are used when running this
-	// cluster. Non-empty fields here override non-empty fields inherited from
-	// the enclosing Topology.
-	Images Images
-
-	// Enterprise marks this cluster as desiring to run Consul Enterprise
-	// components.
-	Enterprise bool `json:",omitempty"`
-
-	// Nodes is the definition of the nodes (agent-less and agent-ful).
-	Nodes []*Node
-
-	// Partitions is a list of tenancy configurations that should be created
-	// after the servers come up but before the clients and the rest of the
-	// topology starts.
-	//
-	// Enterprise Only.
-	Partitions []*Partition `json:",omitempty"`
-
-	// Datacenter defaults to "Name" if left unspecified. It lets you possibly
-	// create multiple peer clusters with identical datacenter names.
-	Datacenter string
-
-	// InitialConfigEntries is a convenience function to have some config
-	// entries created after the servers start up but before the rest of the
-	// topology comes up.
-	InitialConfigEntries []api.ConfigEntry `json:",omitempty"`
-
-	// TLSVolumeName is the docker volume name containing the various certs
-	// generated by 'consul tls cert create'
-	//
-	// This is generated during the networking phase and is not user specified.
-	TLSVolumeName string `json:",omitempty"`
-
-	// Peerings is a map of peering names to information about that peering in this cluster
-	//
-	// Denormalized during compile.
-	Peerings map[string]*PeerCluster `json:",omitempty"`
-}
-
-func (c *Cluster) inheritFromExisting(existing *Cluster) {
-	c.TLSVolumeName = existing.TLSVolumeName
-}
-
-type Partition struct {
-	Name       string
-	Namespaces []string
-}
-
-func (c *Cluster) hasPartition(p string) bool {
-	for _, partition := range c.Partitions {
-		if partition.Name == p {
-			return true
-		}
-	}
-	return false
-}
-
-func (c *Cluster) PartitionQueryOptionsList() []*api.QueryOptions {
-	if !c.Enterprise {
-		return []*api.QueryOptions{{}}
-	}
-
-	var out []*api.QueryOptions
-	for _, p := range c.Partitions {
-		out = append(out, &api.QueryOptions{Partition: p.Name})
-	}
-	return out
-}
-
-func (c *Cluster) ServerNodes() []*Node {
-	var out []*Node
-	for _, node := range c.SortedNodes() {
-		if node.Kind != NodeKindServer || node.Disabled {
-			continue
-		}
-		out = append(out, node)
-	}
-	return out
-}
-
-func (c *Cluster) ServerByAddr(addr string) *Node {
-	expect, _, err := net.SplitHostPort(addr)
-	if err != nil {
-		return nil
-	}
-
-	for _, node := range c.Nodes {
-		if node.Kind != NodeKindServer || node.Disabled {
-			continue
-		}
-		if node.LocalAddress() == expect {
-			return node
-		}
-	}
-
-	return nil
-}
-
-func (c *Cluster) FirstServer() *Node {
-	for _, node := range c.Nodes {
-		if node.IsServer() && !node.Disabled && node.ExposedPort(8500) > 0 {
-			return node
-		}
-	}
-	return nil
-}
-
-func (c *Cluster) FirstClient() *Node {
-	for _, node := range c.Nodes {
-		if node.Kind != NodeKindClient || node.Disabled {
-			continue
-		}
-		return node
-	}
-	return nil
-}
-
-func (c *Cluster) ActiveNodes() []*Node {
-	var out []*Node
-	for _, node := range c.Nodes {
-		if !node.Disabled {
-			out = append(out, node)
-		}
-	}
-	return out
-}
-
-func (c *Cluster) SortedNodes() []*Node {
-	var out []*Node
-	out = append(out, c.Nodes...)
-
-	kindOrder := map[NodeKind]int{
-		NodeKindServer:    1,
-		NodeKindClient:    2,
-		NodeKindDataplane: 2,
-	}
-	sort.Slice(out, func(i, j int) bool {
-		ni, nj := out[i], out[j]
-
-		// servers before clients/dataplanes
-		ki, kj := kindOrder[ni.Kind], kindOrder[nj.Kind]
-		if ki < kj {
-			return true
-		} else if ki > kj {
-			return false
-		}
-
-		// lex sort by partition
-		if ni.Partition < nj.Partition {
-			return true
-		} else if ni.Partition > nj.Partition {
-			return false
-		}
-
-		// lex sort by name
-		return ni.Name < nj.Name
-	})
-	return out
-}
-
-func (c *Cluster) FindService(id NodeServiceID) *Service {
-	id.Normalize()
-
-	nid := id.NodeID()
-	sid := id.ServiceID()
-	return c.ServiceByID(nid, sid)
-}
-
-func (c *Cluster) ServiceByID(nid NodeID, sid ServiceID) *Service {
-	return c.NodeByID(nid).ServiceByID(sid)
-}
-
-func (c *Cluster) ServicesByID(sid ServiceID) []*Service {
-	sid.Normalize()
-
-	var out []*Service
-	for _, n := range c.Nodes {
-		for _, svc := range n.Services {
-			if svc.ID == sid {
-				out = append(out, svc)
-			}
-		}
-	}
-	return out
-}
-
-func (c *Cluster) NodeByID(nid NodeID) *Node {
-	nid.Normalize()
-	for _, n := range c.Nodes {
-		if n.ID() == nid {
-			return n
-		}
-	}
-	panic("node not found: " + nid.String())
-}
-
-type Address struct {
-	Network string
-
-	// denormalized at topology compile
-	Type string
-	// denormalized at topology compile
-	DockerNetworkName string
-	// generated after network-and-tls
-	IPAddress string
-	// denormalized from terraform outputs stored in the Network
-	ProxyPort int `json:",omitempty"`
-}
-
-func (a *Address) inheritFromExisting(existing *Address) {
-	a.IPAddress = existing.IPAddress
-	a.ProxyPort = existing.ProxyPort
-}
-
-func (a Address) IsLocal() bool {
-	return a.Type == "" || a.Type == "lan"
-}
-
-func (a Address) IsPublic() bool {
-	return a.Type == "wan"
-}
-
-type NodeKind string
-
-const (
-	NodeKindUnknown   NodeKind = ""
-	NodeKindServer    NodeKind = "server"
-	NodeKindClient    NodeKind = "client"
-	NodeKindDataplane NodeKind = "dataplane"
-)
-
-// TODO: rename pod
-type Node struct {
-	Kind      NodeKind
-	Partition string // will be not empty
-	Name      string // logical name
-
-	// Images controls which specific docker images are used when running this
-	// node. Non-empty fields here override non-empty fields inherited from
-	// the enclosing Cluster.
-	Images Images
-
-	// AgentEnv contains optional environment variables to attach to Consul agents.
-	AgentEnv []string
-
-	Disabled bool `json:",omitempty"`
-
-	Addresses []*Address
-	Services  []*Service
-
-	// denormalized at topology compile
-	Cluster    string
-	Datacenter string
-
-	// computed at topology compile
-	Index int
-
-	// generated during network-and-tls
-	TLSCertPrefix string `json:",omitempty"`
-
-	// dockerName is computed at topology compile
-	dockerName string
-
-	// usedPorts has keys that are computed at topology compile (internal
-	// ports) and values initialized to zero until terraform creates the pods
-	// and extracts the exposed port values from output variables.
-	usedPorts map[int]int // keys are from compile / values are from terraform output vars
-}
-
-func (n *Node) DockerName() string {
-	return n.dockerName
-}
-
-func (n *Node) ExposedPort(internalPort int) int {
-	return n.usedPorts[internalPort]
-}
-
-func (n *Node) SortedPorts() []int {
-	var out []int
-	for internalPort := range n.usedPorts {
-		out = append(out, internalPort)
-	}
-	sort.Ints(out)
-	return out
-}
-
-func (n *Node) inheritFromExisting(existing *Node) {
-	n.TLSCertPrefix = existing.TLSCertPrefix
-
-	merged := existing.usedPorts
-	for k, vNew := range n.usedPorts {
-		if _, present := merged[k]; !present {
-			merged[k] = vNew
-		}
-	}
-	n.usedPorts = merged
-}
-
-func (n *Node) String() string {
-	return n.ID().String()
-}
-
-func (n *Node) ID() NodeID {
-	return NewNodeID(n.Name, n.Partition)
-}
-
-func (n *Node) CatalogID() NodeID {
-	return NewNodeID(n.PodName(), n.Partition)
-}
-
-func (n *Node) PodName() string {
-	return n.dockerName + "-pod"
-}
-
-func (n *Node) AddressByNetwork(name string) *Address {
-	for _, a := range n.Addresses {
-		if a.Network == name {
-			return a
-		}
-	}
-	return nil
-}
-
-func (n *Node) LocalAddress() string {
-	for _, a := range n.Addresses {
-		if a.IsLocal() {
-			if a.IPAddress == "" {
-				panic("node has no assigned local address")
-			}
-			return a.IPAddress
-		}
-	}
-	panic("node has no local network")
-}
-
-func (n *Node) HasPublicAddress() bool {
-	for _, a := range n.Addresses {
-		if a.IsPublic() {
-			return true
-		}
-	}
-	return false
-}
-
-func (n *Node) LocalProxyPort() int {
-	for _, a := range n.Addresses {
-		if a.IsLocal() {
-			if a.ProxyPort > 0 {
-				return a.ProxyPort
-			}
-			panic("node has no assigned local address")
-		}
-	}
-	panic("node has no local network")
-}
-
-func (n *Node) PublicAddress() string {
-	for _, a := range n.Addresses {
-		if a.IsPublic() {
-			if a.IPAddress == "" {
-				panic("node has no assigned public address")
-			}
-			return a.IPAddress
-		}
-	}
-	panic("node has no public network")
-}
-
-func (n *Node) PublicProxyPort() int {
-	for _, a := range n.Addresses {
-		if a.IsPublic() {
-			if a.ProxyPort > 0 {
-				return a.ProxyPort
-			}
-			panic("node has no assigned public address")
-		}
-	}
-	panic("node has no public network")
-}
-
-func (n *Node) IsServer() bool {
-	return n.Kind == NodeKindServer
-}
-
-func (n *Node) IsAgent() bool {
-	return n.Kind == NodeKindServer || n.Kind == NodeKindClient
-}
-
-func (n *Node) RunsWorkloads() bool {
-	return n.IsAgent() || n.IsDataplane()
-}
-
-func (n *Node) IsDataplane() bool {
-	return n.Kind == NodeKindDataplane
-}
-
-func (n *Node) SortedServices() []*Service {
-	var out []*Service
-	out = append(out, n.Services...)
-	sort.Slice(out, func(i, j int) bool {
-		mi := out[i].IsMeshGateway
-		mj := out[j].IsMeshGateway
-		if mi && !mi {
-			return false
-		} else if !mi && mj {
-			return true
-		}
-		return out[i].ID.Less(out[j].ID)
-	})
-	return out
-}
-
-// DigestExposedPorts returns true if it was changed.
-func (n *Node) DigestExposedPorts(ports map[int]int) bool {
-	if reflect.DeepEqual(n.usedPorts, ports) {
-		return false
-	}
-	for internalPort := range n.usedPorts {
-		if v, ok := ports[internalPort]; ok {
-			n.usedPorts[internalPort] = v
-		} else {
-			panic(fmt.Sprintf(
-				"cluster %q node %q port %d not found in exposed list",
-				n.Cluster,
-				n.ID(),
-				internalPort,
-			))
-		}
-	}
-	for _, svc := range n.Services {
-		svc.DigestExposedPorts(ports)
-	}
-
-	return true
-}
-
-func (n *Node) ServiceByID(sid ServiceID) *Service {
-	sid.Normalize()
-	for _, svc := range n.Services {
-		if svc.ID == sid {
-			return svc
-		}
-	}
-	panic("service not found: " + sid.String())
-}
-
-type ServiceAndNode struct {
-	Service *Service
-	Node    *Node
-}
-
-type Service struct {
-	ID          ServiceID
-	Image       string
-	Port        int
-	ExposedPort int `json:",omitempty"`
-
-	Disabled bool `json:",omitempty"` // TODO
-
-	// TODO: expose extra port here?
-
-	Meta map[string]string `json:",omitempty"`
-
-	// TODO(rb): re-expose this perhaps? Protocol  string `json:",omitempty"` // tcp|http (empty == tcp)
-	CheckHTTP string `json:",omitempty"` // url; will do a GET
-	CheckTCP  string `json:",omitempty"` // addr; will do a socket open/close
-
-	EnvoyAdminPort          int
-	ExposedEnvoyAdminPort   int `json:",omitempty"`
-	EnvoyPublicListenerPort int `json:",omitempty"` // agentless
-
-	Command []string `json:",omitempty"` // optional
-	Env     []string `json:",omitempty"` // optional
-
-	DisableServiceMesh bool `json:",omitempty"`
-	IsMeshGateway      bool `json:",omitempty"`
-	Upstreams          []*Upstream
-
-	// denormalized at topology compile
-	Node *Node `json:"-"`
-}
-
-func (s *Service) inheritFromExisting(existing *Service) {
-	s.ExposedPort = existing.ExposedPort
-	s.ExposedEnvoyAdminPort = existing.ExposedEnvoyAdminPort
-}
-
-func (s *Service) ports() []int {
-	var out []int
-	if s.Port > 0 {
-		out = append(out, s.Port)
-	}
-	if s.EnvoyAdminPort > 0 {
-		out = append(out, s.EnvoyAdminPort)
-	}
-	if s.EnvoyPublicListenerPort > 0 {
-		out = append(out, s.EnvoyPublicListenerPort)
-	}
-	for _, u := range s.Upstreams {
-		if u.LocalPort > 0 {
-			out = append(out, u.LocalPort)
-		}
-	}
-	return out
-}
-
-func (s *Service) HasCheck() bool {
-	return s.CheckTCP != "" || s.CheckHTTP != ""
-}
-
-func (s *Service) DigestExposedPorts(ports map[int]int) {
-	s.ExposedPort = ports[s.Port]
-	if s.EnvoyAdminPort > 0 {
-		s.ExposedEnvoyAdminPort = ports[s.EnvoyAdminPort]
-	} else {
-		s.ExposedEnvoyAdminPort = 0
-	}
-}
-
-func (s *Service) Validate() error {
-	if s.ID.Name == "" {
-		return fmt.Errorf("service name is required")
-	}
-	if s.Image == "" && !s.IsMeshGateway {
-		return fmt.Errorf("service image is required")
-	}
-	if s.Port <= 0 {
-		return fmt.Errorf("service has invalid port")
-	}
-	if s.DisableServiceMesh && s.IsMeshGateway {
-		return fmt.Errorf("cannot disable service mesh and still run a mesh gateway")
-	}
-	if s.DisableServiceMesh && len(s.Upstreams) > 0 {
-		return fmt.Errorf("cannot disable service mesh and configure upstreams")
-	}
-
-	if s.DisableServiceMesh {
-		if s.EnvoyAdminPort != 0 {
-			return fmt.Errorf("cannot use envoy admin port without a service mesh")
-		}
-	} else {
-		if s.EnvoyAdminPort <= 0 {
-			return fmt.Errorf("envoy admin port is required")
-		}
-	}
-
-	for _, u := range s.Upstreams {
-		if u.ID.Name == "" {
-			return fmt.Errorf("upstream service name is required")
-		}
-		if u.LocalPort <= 0 {
-			return fmt.Errorf("upstream local port is required")
-		}
-
-		if u.LocalAddress != "" {
-			ip := net.ParseIP(u.LocalAddress)
-			if ip == nil {
-				return fmt.Errorf("upstream local address is invalid: %s", u.LocalAddress)
-			}
-		}
-	}
-
-	return nil
-}
-
-type Upstream struct {
-	ID           ServiceID
-	LocalAddress string `json:",omitempty"` // defaults to 127.0.0.1
-	LocalPort    int
-	Peer         string `json:",omitempty"`
-	// TODO: what about mesh gateway mode overrides?
-
-	// computed at topology compile
-	Cluster string       `json:",omitempty"`
-	Peering *PeerCluster `json:",omitempty"` // this will have Link!=nil
-}
-
-type Peering struct {
-	Dialing   PeerCluster
-	Accepting PeerCluster
-}
-
-type PeerCluster struct {
-	Name      string
-	Partition string
-	PeerName  string // name to call it on this side; defaults if not specified
-
-	// computed at topology compile (pointer so it can be empty in json)
-	Link *PeerCluster `json:",omitempty"`
-}
-
-func (c PeerCluster) String() string {
-	return c.Name + ":" + c.Partition
-}
-
-func (p *Peering) String() string {
-	return "(" + p.Dialing.String() + ")->(" + p.Accepting.String() + ")"
-}
diff --git a/testing/deployer/topology/util.go b/testing/deployer/topology/util.go
deleted file mode 100644
index a6d6670c2655..000000000000
--- a/testing/deployer/topology/util.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package topology
-
-func MergeSlices[V any](x, y []V) []V {
-	switch {
-	case len(x) == 0 && len(y) == 0:
-		return nil
-	case len(x) == 0:
-		return y
-	case len(y) == 0:
-		return x
-	}
-
-	out := make([]V, 0, len(x)+len(y))
-	out = append(out, x...)
-	out = append(out, y...)
-	return out
-}
diff --git a/testing/deployer/topology/util_test.go b/testing/deployer/topology/util_test.go
deleted file mode 100644
index a858a4e69814..000000000000
--- a/testing/deployer/topology/util_test.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package topology
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestMergeSlices(t *testing.T) {
-	require.Nil(t, MergeSlices[int](nil, nil))
-}
diff --git a/testing/deployer/util/consul.go b/testing/deployer/util/consul.go
deleted file mode 100644
index d3ebc037a9fe..000000000000
--- a/testing/deployer/util/consul.go
+++ /dev/null
@@ -1,66 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package util
-
-import (
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/go-cleanhttp"
-)
-
-func ProxyNotPooledAPIClient(proxyPort int, containerIP string, containerPort int, token string) (*api.Client, error) {
-	return proxyAPIClient(cleanhttp.DefaultTransport(), proxyPort, containerIP, containerPort, token)
-}
-
-func ProxyAPIClient(proxyPort int, containerIP string, containerPort int, token string) (*api.Client, error) {
-	return proxyAPIClient(cleanhttp.DefaultPooledTransport(), proxyPort, containerIP, containerPort, token)
-}
-
-func proxyAPIClient(baseTransport *http.Transport, proxyPort int, containerIP string, containerPort int, token string) (*api.Client, error) {
-	if proxyPort <= 0 {
-		return nil, fmt.Errorf("cannot use an http proxy on port %d", proxyPort)
-	}
-	if containerIP == "" {
-		return nil, fmt.Errorf("container IP is required")
-	}
-	if containerPort <= 0 {
-		return nil, fmt.Errorf("cannot dial api client on port %d", containerPort)
-	}
-
-	proxyURL, err := url.Parse("http://127.0.0.1:" + strconv.Itoa(proxyPort))
-	if err != nil {
-		return nil, err
-	}
-
-	cfg := api.DefaultConfig()
-	cfg.Transport = baseTransport
-	cfg.Transport.Proxy = http.ProxyURL(proxyURL)
-	cfg.Address = fmt.Sprintf("http://%s:%d", containerIP, containerPort)
-	cfg.Token = token
-	return api.NewClient(cfg)
-}
-
-func ProxyNotPooledHTTPTransport(proxyPort int) (*http.Transport, error) {
-	return proxyHTTPTransport(cleanhttp.DefaultTransport(), proxyPort)
-}
-
-func ProxyHTTPTransport(proxyPort int) (*http.Transport, error) {
-	return proxyHTTPTransport(cleanhttp.DefaultPooledTransport(), proxyPort)
-}
-
-func proxyHTTPTransport(baseTransport *http.Transport, proxyPort int) (*http.Transport, error) {
-	if proxyPort <= 0 {
-		return nil, fmt.Errorf("cannot use an http proxy on port %d", proxyPort)
-	}
-	proxyURL, err := url.Parse("http://127.0.0.1:" + strconv.Itoa(proxyPort))
-	if err != nil {
-		return nil, err
-	}
-	baseTransport.Proxy = http.ProxyURL(proxyURL)
-	return baseTransport, nil
-}
diff --git a/testing/deployer/util/files.go b/testing/deployer/util/files.go
deleted file mode 100644
index 5929f227e501..000000000000
--- a/testing/deployer/util/files.go
+++ /dev/null
@@ -1,60 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package util
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-
-	"golang.org/x/crypto/blake2b"
-)
-
-func FilesExist(parent string, paths ...string) (bool, error) {
-	for _, p := range paths {
-		ok, err := FileExists(filepath.Join(parent, p))
-		if err != nil {
-			return false, err
-		}
-		if !ok {
-			return false, nil
-		}
-	}
-	return true, nil
-}
-
-func FileExists(path string) (bool, error) {
-	_, err := os.Stat(path)
-	if os.IsNotExist(err) {
-		return false, nil
-	} else if err != nil {
-		return false, err
-	} else {
-		return true, nil
-	}
-}
-
-func HashFile(path string) (string, error) {
-	hash, err := blake2b.New256(nil)
-	if err != nil {
-		return "", err
-	}
-
-	if err := AddFileToHash(path, hash); err != nil {
-		return "", err
-	}
-
-	return fmt.Sprintf("%x", hash.Sum(nil)), nil
-}
-
-func AddFileToHash(path string, w io.Writer) error {
-	f, err := os.Open(path)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	_, err = io.Copy(w, f)
-	return err
-}
diff --git a/testing/deployer/util/internal/ipamutils/doc.go b/testing/deployer/util/internal/ipamutils/doc.go
deleted file mode 100644
index 7820e3776201..000000000000
--- a/testing/deployer/util/internal/ipamutils/doc.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2015 Docker Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Originally from:
-// https://github.com/moby/moby/blob/7489b51f610104ab5acc43f4e77142927e7b522e/libnetwork/ipamutils
-//
-// The only changes were to remove dead code from the package that we did not
-// need, and to edit the tests to use github.com/stretchr/testify to avoid an
-// extra dependency.
-package ipamutils
diff --git a/testing/deployer/util/internal/ipamutils/utils.go b/testing/deployer/util/internal/ipamutils/utils.go
deleted file mode 100644
index 11367cc176bb..000000000000
--- a/testing/deployer/util/internal/ipamutils/utils.go
+++ /dev/null
@@ -1,120 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-// Package ipamutils provides utility functions for ipam management
-package ipamutils
-
-import (
-	"fmt"
-	"net"
-	"sync"
-)
-
-var (
-	// predefinedLocalScopeDefaultNetworks contains a list of 31 IPv4 private networks with host size 16 and 12
-	// (172.17-31.x.x/16, 192.168.x.x/20) which do not overlap with the networks in `PredefinedGlobalScopeDefaultNetworks`
-	predefinedLocalScopeDefaultNetworks []*net.IPNet
-	// predefinedGlobalScopeDefaultNetworks contains a list of 64K IPv4 private networks with host size 8
-	// (10.x.x.x/24) which do not overlap with the networks in `PredefinedLocalScopeDefaultNetworks`
-	predefinedGlobalScopeDefaultNetworks []*net.IPNet
-	mutex                                sync.Mutex
-	localScopeDefaultNetworks            = []*NetworkToSplit{{"172.17.0.0/16", 16}, {"172.18.0.0/16", 16}, {"172.19.0.0/16", 16},
-		{"172.20.0.0/14", 16}, {"172.24.0.0/14", 16}, {"172.28.0.0/14", 16},
-		{"192.168.0.0/16", 20}}
-	globalScopeDefaultNetworks = []*NetworkToSplit{{"10.0.0.0/8", 24}}
-)
-
-// NetworkToSplit represent a network that has to be split in chunks with mask length Size.
-// Each subnet in the set is derived from the Base pool. Base is to be passed
-// in CIDR format.
-// Example: a Base "10.10.0.0/16 with Size 24 will define the set of 256
-// 10.10.[0-255].0/24 address pools
-type NetworkToSplit struct {
-	Base string `json:"base"`
-	Size int    `json:"size"`
-}
-
-func init() {
-	var err error
-	if predefinedGlobalScopeDefaultNetworks, err = SplitNetworks(globalScopeDefaultNetworks); err != nil {
-		panic("failed to initialize the global scope default address pool: " + err.Error())
-	}
-
-	if predefinedLocalScopeDefaultNetworks, err = SplitNetworks(localScopeDefaultNetworks); err != nil {
-		panic("failed to initialize the local scope default address pool: " + err.Error())
-	}
-}
-
-// ConfigGlobalScopeDefaultNetworks configures global default pool.
-// Ideally this will be called from SwarmKit as part of swarm init
-func ConfigGlobalScopeDefaultNetworks(defaultAddressPool []*NetworkToSplit) error {
-	if defaultAddressPool == nil {
-		return nil
-	}
-	mutex.Lock()
-	defer mutex.Unlock()
-	defaultNetworks, err := SplitNetworks(defaultAddressPool)
-	if err != nil {
-		return err
-	}
-	predefinedGlobalScopeDefaultNetworks = defaultNetworks
-	return nil
-}
-
-// GetGlobalScopeDefaultNetworks returns a copy of the global-sopce network list.
-func GetGlobalScopeDefaultNetworks() []*net.IPNet {
-	mutex.Lock()
-	defer mutex.Unlock()
-	return append([]*net.IPNet(nil), predefinedGlobalScopeDefaultNetworks...)
-}
-
-// GetLocalScopeDefaultNetworks returns a copy of the default local-scope network list.
-func GetLocalScopeDefaultNetworks() []*net.IPNet {
-	return append([]*net.IPNet(nil), predefinedLocalScopeDefaultNetworks...)
-}
-
-// SplitNetworks takes a slice of networks, split them accordingly and returns them
-func SplitNetworks(list []*NetworkToSplit) ([]*net.IPNet, error) {
-	localPools := make([]*net.IPNet, 0, len(list))
-
-	for _, p := range list {
-		_, b, err := net.ParseCIDR(p.Base)
-		if err != nil {
-			return nil, fmt.Errorf("invalid base pool %q: %v", p.Base, err)
-		}
-		ones, _ := b.Mask.Size()
-		if p.Size <= 0 || p.Size < ones {
-			return nil, fmt.Errorf("invalid pools size: %d", p.Size)
-		}
-		localPools = append(localPools, splitNetwork(p.Size, b)...)
-	}
-	return localPools, nil
-}
-
-func splitNetwork(size int, base *net.IPNet) []*net.IPNet {
-	one, bits := base.Mask.Size()
-	mask := net.CIDRMask(size, bits)
-	n := 1 << uint(size-one)
-	s := uint(bits - size)
-	list := make([]*net.IPNet, 0, n)
-
-	for i := 0; i < n; i++ {
-		ip := copyIP(base.IP)
-		addIntToIP(ip, uint(i<<s))
-		list = append(list, &net.IPNet{IP: ip, Mask: mask})
-	}
-	return list
-}
-
-func copyIP(from net.IP) net.IP {
-	ip := make([]byte, len(from))
-	copy(ip, from)
-	return ip
-}
-
-func addIntToIP(array net.IP, ordinal uint) {
-	for i := len(array) - 1; i >= 0; i-- {
-		array[i] |= (byte)(ordinal & 0xff)
-		ordinal >>= 8
-	}
-}
diff --git a/testing/deployer/util/internal/ipamutils/utils_test.go b/testing/deployer/util/internal/ipamutils/utils_test.go
deleted file mode 100644
index e91ae258cb91..000000000000
--- a/testing/deployer/util/internal/ipamutils/utils_test.go
+++ /dev/null
@@ -1,105 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package ipamutils
-
-import (
-	"net"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func initBroadPredefinedNetworks() []*net.IPNet {
-	pl := make([]*net.IPNet, 0, 31)
-	mask := []byte{255, 255, 0, 0}
-	for i := 17; i < 32; i++ {
-		pl = append(pl, &net.IPNet{IP: []byte{172, byte(i), 0, 0}, Mask: mask})
-	}
-	mask20 := []byte{255, 255, 240, 0}
-	for i := 0; i < 16; i++ {
-		pl = append(pl, &net.IPNet{IP: []byte{192, 168, byte(i << 4), 0}, Mask: mask20})
-	}
-	return pl
-}
-
-func initGranularPredefinedNetworks() []*net.IPNet {
-	pl := make([]*net.IPNet, 0, 256*256)
-	mask := []byte{255, 255, 255, 0}
-	for i := 0; i < 256; i++ {
-		for j := 0; j < 256; j++ {
-			pl = append(pl, &net.IPNet{IP: []byte{10, byte(i), byte(j), 0}, Mask: mask})
-		}
-	}
-	return pl
-}
-
-func initGlobalScopeNetworks() []*net.IPNet {
-	pl := make([]*net.IPNet, 0, 256*256)
-	mask := []byte{255, 255, 255, 0}
-	for i := 0; i < 256; i++ {
-		for j := 0; j < 256; j++ {
-			pl = append(pl, &net.IPNet{IP: []byte{30, byte(i), byte(j), 0}, Mask: mask})
-		}
-	}
-	return pl
-}
-
-func TestDefaultNetwork(t *testing.T) {
-	for _, nw := range GetGlobalScopeDefaultNetworks() {
-		if ones, bits := nw.Mask.Size(); bits != 32 || ones != 24 {
-			t.Fatalf("Unexpected size for network in granular list: %v", nw)
-		}
-	}
-
-	for _, nw := range GetLocalScopeDefaultNetworks() {
-		if ones, bits := nw.Mask.Size(); bits != 32 || (ones != 20 && ones != 16) {
-			t.Fatalf("Unexpected size for network in broad list: %v", nw)
-		}
-	}
-
-	originalBroadNets := initBroadPredefinedNetworks()
-	m := make(map[string]bool)
-	for _, v := range originalBroadNets {
-		m[v.String()] = true
-	}
-	for _, nw := range GetLocalScopeDefaultNetworks() {
-		_, ok := m[nw.String()]
-		assert.True(t, ok)
-		delete(m, nw.String())
-	}
-
-	assert.Empty(t, m)
-
-	originalGranularNets := initGranularPredefinedNetworks()
-
-	m = make(map[string]bool)
-	for _, v := range originalGranularNets {
-		m[v.String()] = true
-	}
-	for _, nw := range GetGlobalScopeDefaultNetworks() {
-		_, ok := m[nw.String()]
-		assert.True(t, ok)
-		delete(m, nw.String())
-	}
-
-	assert.Empty(t, m)
-}
-
-func TestConfigGlobalScopeDefaultNetworks(t *testing.T) {
-	err := ConfigGlobalScopeDefaultNetworks([]*NetworkToSplit{{"30.0.0.0/8", 24}})
-	assert.NoError(t, err)
-
-	originalGlobalScopeNetworks := initGlobalScopeNetworks()
-	m := make(map[string]bool)
-	for _, v := range originalGlobalScopeNetworks {
-		m[v.String()] = true
-	}
-	for _, nw := range GetGlobalScopeDefaultNetworks() {
-		_, ok := m[nw.String()]
-		assert.True(t, ok)
-		delete(m, nw.String())
-	}
-
-	assert.Empty(t, m)
-}
diff --git a/testing/deployer/util/net.go b/testing/deployer/util/net.go
deleted file mode 100644
index 83ca01761b48..000000000000
--- a/testing/deployer/util/net.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package util
-
-import (
-	"github.com/hashicorp/consul/testing/deployer/util/internal/ipamutils"
-)
-
-// GetPossibleDockerNetworkSubnets returns a copy of the global-scope network list.
-func GetPossibleDockerNetworkSubnets() map[string]struct{} {
-	list := ipamutils.GetGlobalScopeDefaultNetworks()
-
-	out := make(map[string]struct{})
-	for _, ipnet := range list {
-		subnet := ipnet.String()
-		out[subnet] = struct{}{}
-	}
-	return out
-}
diff --git a/testrpc/wait.go b/testrpc/wait.go
index ca315d28539e..acd9524d78f3 100644
--- a/testrpc/wait.go
+++ b/testrpc/wait.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package testrpc
 
diff --git a/tlsutil/config.go b/tlsutil/config.go
index 5cba2597f19d..5cdaf7633eca 100644
--- a/tlsutil/config.go
+++ b/tlsutil/config.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tlsutil
 
@@ -857,23 +857,10 @@ func (c *Configurator) IncomingHTTPSConfig() *tls.Config {
 	return config
 }
 
-// OutgoingTLSConfigForCheck creates a client *tls.Config for executing checks.
-// It is RECOMMENDED that the serverName be left unspecified. The crypto/tls
-// client will deduce the ServerName (for SNI) from the check address unless
-// it's an IP (RFC 6066, Section 3). However, there are two instances where
-// supplying a serverName is useful:
-//
-//  1. When the check address is an IP, a serverName can be supplied for SNI.
-//     Note: setting serverName will also override the hostname used to verify
-//     the certificate presented by the server being checked.
-//
-//  2. When the hostname in the check address won't be present in the SAN
-//     (Subject Alternative Name) field of the certificate presented by the
-//     server being checked. Note: setting serverName will also override the
-//     ServerName used for SNI.
-//
-// Setting skipVerify will disable verification of the server's certificate
-// chain and hostname, which is generally not suitable for production use.
+// OutgoingTLSConfigForCheck generates a *tls.Config for outgoing TLS connections
+// for checks. This function is separated because there is an extra flag to
+// consider for checks. EnableAgentTLSForChecks and InsecureSkipVerify has to
+// be checked for checks.
 func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName string) *tls.Config {
 	c.log("OutgoingTLSConfigForCheck")
 
@@ -888,9 +875,13 @@ func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName str
 		}
 	}
 
+	if serverName == "" {
+		serverName = c.serverNameOrNodeName()
+	}
 	config := c.internalRPCTLSConfig(false)
 	config.InsecureSkipVerify = skipVerify
 	config.ServerName = serverName
+
 	return config
 }
 
diff --git a/tlsutil/config_test.go b/tlsutil/config_test.go
index 8054b08ecd92..30ebd62c206b 100644
--- a/tlsutil/config_test.go
+++ b/tlsutil/config_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 //go:build !fips
 // +build !fips
 
@@ -1376,7 +1376,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
 			},
 		},
 		{
-			name: "agent tls, default consul server name, no override",
+			name: "agent tls, default server name",
 			conf: func() (*Configurator, error) {
 				return NewConfigurator(Config{
 					InternalRPC: ProtocolConfig{
@@ -1389,11 +1389,11 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
 			},
 			expected: &tls.Config{
 				MinVersion: tls.VersionTLS12,
-				ServerName: "",
+				ServerName: "servername",
 			},
 		},
 		{
-			name: "agent tls, skip verify, consul node name for server name, no override",
+			name: "agent tls, skip verify, node name for server name",
 			conf: func() (*Configurator, error) {
 				return NewConfigurator(Config{
 					InternalRPC: ProtocolConfig{
@@ -1407,7 +1407,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
 			expected: &tls.Config{
 				InsecureSkipVerify: true,
 				MinVersion:         tls.VersionTLS12,
-				ServerName:         "",
+				ServerName:         "nodename",
 			},
 		},
 		{
diff --git a/tlsutil/generate.go b/tlsutil/generate.go
index 907d7ba99694..a92f76f9201c 100644
--- a/tlsutil/generate.go
+++ b/tlsutil/generate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tlsutil
 
diff --git a/tlsutil/generate_test.go b/tlsutil/generate_test.go
index da3fd29af1f9..ddceefe2cd5a 100644
--- a/tlsutil/generate_test.go
+++ b/tlsutil/generate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package tlsutil
 
diff --git a/tools/internal-grpc-proxy/main.go b/tools/internal-grpc-proxy/main.go
index 5a4218e8fa46..fda3d2f04446 100644
--- a/tools/internal-grpc-proxy/main.go
+++ b/tools/internal-grpc-proxy/main.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package main
 
diff --git a/troubleshoot/proxy/certs.go b/troubleshoot/proxy/certs.go
index 8f0c09b0293e..083f1873b528 100644
--- a/troubleshoot/proxy/certs.go
+++ b/troubleshoot/proxy/certs.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/certs_test.go b/troubleshoot/proxy/certs_test.go
index e3db4dc009c5..ec3ead7e0227 100644
--- a/troubleshoot/proxy/certs_test.go
+++ b/troubleshoot/proxy/certs_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/stats.go b/troubleshoot/proxy/stats.go
index 249dce07db04..0ae4f68c8d10 100644
--- a/troubleshoot/proxy/stats.go
+++ b/troubleshoot/proxy/stats.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/troubleshoot_proxy.go b/troubleshoot/proxy/troubleshoot_proxy.go
index 4cd422b0d4b8..5dac26752e43 100644
--- a/troubleshoot/proxy/troubleshoot_proxy.go
+++ b/troubleshoot/proxy/troubleshoot_proxy.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/upstreams.go b/troubleshoot/proxy/upstreams.go
index 62f08572059a..c42f6b971665 100644
--- a/troubleshoot/proxy/upstreams.go
+++ b/troubleshoot/proxy/upstreams.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/upstreams_test.go b/troubleshoot/proxy/upstreams_test.go
index a2f0bf60b08e..a000738acde0 100644
--- a/troubleshoot/proxy/upstreams_test.go
+++ b/troubleshoot/proxy/upstreams_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/utils.go b/troubleshoot/proxy/utils.go
index 78fadaed119e..b812272942c6 100644
--- a/troubleshoot/proxy/utils.go
+++ b/troubleshoot/proxy/utils.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/validateupstream.go b/troubleshoot/proxy/validateupstream.go
index 02c355f40e70..64be9d02e172 100644
--- a/troubleshoot/proxy/validateupstream.go
+++ b/troubleshoot/proxy/validateupstream.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
diff --git a/troubleshoot/proxy/validateupstream_test.go b/troubleshoot/proxy/validateupstream_test.go
index ddeca9b1cd72..8709c42d9212 100644
--- a/troubleshoot/proxy/validateupstream_test.go
+++ b/troubleshoot/proxy/validateupstream_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package troubleshoot
 
diff --git a/troubleshoot/validate/validate.go b/troubleshoot/validate/validate.go
index 93d26bb42ed1..f7c6299f9984 100644
--- a/troubleshoot/validate/validate.go
+++ b/troubleshoot/validate/validate.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package validate
 
diff --git a/troubleshoot/validate/validate_test.go b/troubleshoot/validate/validate_test.go
index b9e2aeed611f..9d779c48f466 100644
--- a/troubleshoot/validate/validate_test.go
+++ b/troubleshoot/validate/validate_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package validate
 
diff --git a/types/area.go b/types/area.go
index 7cd0af35fb5c..30207cd2c388 100644
--- a/types/area.go
+++ b/types/area.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/types/checks.go b/types/checks.go
index d119319f413e..172330267db6 100644
--- a/types/checks.go
+++ b/types/checks.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/types/node_id.go b/types/node_id.go
index 868dbf52a9a0..c404b02bea35 100644
--- a/types/node_id.go
+++ b/types/node_id.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/types/tls.go b/types/tls.go
index e4788819b8c3..b113c29030a7 100644
--- a/types/tls.go
+++ b/types/tls.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/types/tls_test.go b/types/tls_test.go
index a988cfbc9fb7..a41817af32cd 100644
--- a/types/tls_test.go
+++ b/types/tls_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package types
 
diff --git a/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs b/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs
index a13efa37c19d..afee0962633f 100644
--- a/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs
+++ b/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <li 
diff --git a/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs b/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs
index 1ded54b9434d..81de70779c25 100644
--- a/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs
+++ b/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (can 'use acls')}}
diff --git a/ui/packages/consul-acls/app/components/consul/token/selector/index.js b/ui/packages/consul-acls/app/components/consul/token/selector/index.js
index 3fa73eac0ee9..ca302abf2d39 100644
--- a/ui/packages/consul-acls/app/components/consul/token/selector/index.js
+++ b/ui/packages/consul-acls/app/components/consul/token/selector/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-acls/vendor/consul-acls/routes.js b/ui/packages/consul-acls/vendor/consul-acls/routes.js
index ff26d766d7bf..4db571e9cbaf 100644
--- a/ui/packages/consul-acls/vendor/consul-acls/routes.js
+++ b/ui/packages/consul-acls/vendor/consul-acls/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (routes => routes({
diff --git a/ui/packages/consul-acls/vendor/consul-acls/services.js b/ui/packages/consul-acls/vendor/consul-acls/services.js
index 1654b41eeea7..74e67ac3a2b8 100644
--- a/ui/packages/consul-acls/vendor/consul-acls/services.js
+++ b/ui/packages/consul-acls/vendor/consul-acls/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (services => services({
diff --git a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs
index bb5a1fc32a98..55c6531d2be4 100644
--- a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs
+++ b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.scss b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.scss
index 5d268de6dd6d..a5ad90b5799f 100644
--- a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.scss
+++ b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-hcp-home {
diff --git a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js
index 962a7c7c4a8a..a94b9beeb965 100644
--- a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js
+++ b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-hcp/vendor/consul-hcp/routes.js b/ui/packages/consul-hcp/vendor/consul-hcp/routes.js
index ab573dea56ad..34534c8bc146 100644
--- a/ui/packages/consul-hcp/vendor/consul-hcp/routes.js
+++ b/ui/packages/consul-hcp/vendor/consul-hcp/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (routes => routes({
diff --git a/ui/packages/consul-hcp/vendor/consul-hcp/services.js b/ui/packages/consul-hcp/vendor/consul-hcp/services.js
index d1c7820f7da5..c95daf828c76 100644
--- a/ui/packages/consul-hcp/vendor/consul-hcp/services.js
+++ b/ui/packages/consul-hcp/vendor/consul-hcp/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (services => services({
diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.hbs b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.hbs
index d84292c72fba..f7cffddd8b77 100644
--- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.hbs
+++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.scss b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.scss
index b34e73f03db2..bf8e39036772 100644
--- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.scss
+++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/form/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-lock-session-form {
diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs
index 247b0dd8fc9d..69abb15637a9 100644
--- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs
+++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.scss b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.scss
index 503e5192f473..5182136a3b53 100644
--- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.scss
+++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-lock-session-list ul > li:not(:first-child) {
diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/index.hbs b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/index.hbs
index 12c1391161b9..5f2847d11f01 100644
--- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/index.hbs
+++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (eq @type 'remove')}}
diff --git a/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs b/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs
index 61c679aa2f1f..6f18f84b2885 100644
--- a/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs
+++ b/ui/packages/consul-lock-sessions/app/templates/dc/nodes/show/sessions.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/routes.js b/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/routes.js
index 102e9ffe0736..9da5bcaddff2 100644
--- a/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/routes.js
+++ b/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (routes => routes({
diff --git a/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/services.js b/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/services.js
index 1654b41eeea7..74e67ac3a2b8 100644
--- a/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/services.js
+++ b/ui/packages/consul-lock-sessions/vendor/consul-lock-sessions/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (services => services({
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.hbs b/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.hbs
index 52b39bd9df59..6621cf73f8ea 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.hbs
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div class="consul-nspace-form" ...attributes>
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.js b/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.js
index df8978572e59..42fb75ecdbd9 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.js
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from "@glimmer/component";
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/list/index.hbs b/ui/packages/consul-nspaces/app/components/consul/nspace/list/index.hbs
index b503aefa0efd..b1677012e108 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/list/index.hbs
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/list/pageobject.js b/ui/packages/consul-nspaces/app/components/consul/nspace/list/pageobject.js
index b46f42af8a43..63bdfb57675e 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/list/pageobject.js
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (collection, clickable, attribute, text, actions) => () => {
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/notifications/index.hbs b/ui/packages/consul-nspaces/app/components/consul/nspace/notifications/index.hbs
index 67d44210f207..4f8269aa52a5 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/notifications/index.hbs
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (eq @type 'remove')}}
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/search-bar/index.hbs b/ui/packages/consul-nspaces/app/components/consul/nspace/search-bar/index.hbs
index f438d18dce2a..49819ebb9b91 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/search-bar/index.hbs
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs b/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs
index 8ddb666e13c5..6c78dd652c8c 100644
--- a/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs
+++ b/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (can "use nspaces")}}
diff --git a/ui/packages/consul-nspaces/app/templates/dc/nspaces/edit.hbs b/ui/packages/consul-nspaces/app/templates/dc/nspaces/edit.hbs
index cae8066f0ec6..75f8d10c7141 100644
--- a/ui/packages/consul-nspaces/app/templates/dc/nspaces/edit.hbs
+++ b/ui/packages/consul-nspaces/app/templates/dc/nspaces/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-nspaces/app/templates/dc/nspaces/index.hbs b/ui/packages/consul-nspaces/app/templates/dc/nspaces/index.hbs
index 00a0ccc97818..9082d49f13d9 100644
--- a/ui/packages/consul-nspaces/app/templates/dc/nspaces/index.hbs
+++ b/ui/packages/consul-nspaces/app/templates/dc/nspaces/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-nspaces/vendor/consul-nspaces/routes.js b/ui/packages/consul-nspaces/vendor/consul-nspaces/routes.js
index 5c43e6f6a431..cf17f5cbc0a8 100644
--- a/ui/packages/consul-nspaces/vendor/consul-nspaces/routes.js
+++ b/ui/packages/consul-nspaces/vendor/consul-nspaces/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (routes => routes({
diff --git a/ui/packages/consul-nspaces/vendor/consul-nspaces/services.js b/ui/packages/consul-nspaces/vendor/consul-nspaces/services.js
index 1654b41eeea7..74e67ac3a2b8 100644
--- a/ui/packages/consul-nspaces/vendor/consul-nspaces/services.js
+++ b/ui/packages/consul-nspaces/vendor/consul-nspaces/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (services => services({
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/form/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/form/index.hbs
index 03119b64106d..b9e16298a014 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/form/index.hbs
+++ b/ui/packages/consul-partitions/app/components/consul/partition/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/list/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/list/index.hbs
index 47f3707b6312..437f17959a8e 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/list/index.hbs
+++ b/ui/packages/consul-partitions/app/components/consul/partition/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/list/test-support.js b/ui/packages/consul-partitions/app/components/consul/partition/list/test-support.js
index 2524ce36c579..5ab93a38e495 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/list/test-support.js
+++ b/ui/packages/consul-partitions/app/components/consul/partition/list/test-support.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export const selectors = () => ({
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/notifications/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/notifications/index.hbs
index d97ff184f965..082fcf652cfb 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/notifications/index.hbs
+++ b/ui/packages/consul-partitions/app/components/consul/partition/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (eq @type 'remove')}}
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs
index 56fa44084a7b..77e4d6b27d21 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs
+++ b/ui/packages/consul-partitions/app/components/consul/partition/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs
index b9727a9de96e..6897391efa88 100644
--- a/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs
+++ b/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let
diff --git a/ui/packages/consul-partitions/app/templates/dc/partitions/edit.hbs b/ui/packages/consul-partitions/app/templates/dc/partitions/edit.hbs
index d08246cd8fc0..4414ba3c8ed3 100644
--- a/ui/packages/consul-partitions/app/templates/dc/partitions/edit.hbs
+++ b/ui/packages/consul-partitions/app/templates/dc/partitions/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-partitions/app/templates/dc/partitions/index.hbs b/ui/packages/consul-partitions/app/templates/dc/partitions/index.hbs
index ed9c8a521d33..5495ed18ae4b 100644
--- a/ui/packages/consul-partitions/app/templates/dc/partitions/index.hbs
+++ b/ui/packages/consul-partitions/app/templates/dc/partitions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-partitions/vendor/consul-partitions/routes.js b/ui/packages/consul-partitions/vendor/consul-partitions/routes.js
index a373e914e541..e560c822fbc1 100644
--- a/ui/packages/consul-partitions/vendor/consul-partitions/routes.js
+++ b/ui/packages/consul-partitions/vendor/consul-partitions/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (routes => routes({
diff --git a/ui/packages/consul-partitions/vendor/consul-partitions/services.js b/ui/packages/consul-partitions/vendor/consul-partitions/services.js
index 1cf59ee066ca..8c9440bce3cd 100644
--- a/ui/packages/consul-partitions/vendor/consul-partitions/services.js
+++ b/ui/packages/consul-partitions/vendor/consul-partitions/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (services => services({
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs
index bc6294e015f0..eccac17174b6 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Providers::Dimension as |p|>
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.scss
index 6816f4934f59..3c4951829bc0 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.scss
+++ b/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .border-bottom-primary {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/bento-box/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/bento-box/index.hbs
index b0f633718ec2..b949548612b3 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/bento-box/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/bento-box/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Hds::Card::Container @level="base" @hasBorder={{true}} class="mt-6 mb-3">
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/components.scss b/ui/packages/consul-peerings/app/components/consul/peer/components.scss
index ad5f5cd29691..1e20d8b236fe 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/components.scss
+++ b/ui/packages/consul-peerings/app/components/consul/peer/components.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %pill-pending::before,
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js b/ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js
index 2380c523b4ce..af8a7570225a 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs
index 1c16d1d533dc..f5f66960bb48 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/actions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Hds::Button
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js
index 504b2c5a7ea5..34d2297899b1 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs
index d17bc34a7279..ff7442cdfa61 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div class={{class-map "consul-peer-form-generate-fieldsets"}} ...attributes>
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.js b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.js
index a037015d1d85..708b52fd8b11 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.js
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/fieldsets/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs
index d6493c895c6d..217818abd2a3 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/generate/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div class={{class-map "consul-peer-form-generate"}} ...attributes>
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs
index 031ffead3ccc..a0e151f2f64e 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div class={{class-map "consul-peer-form"}} ...attributes>
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss
index 830cced098ae..bca9acedd661 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-peer-form {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs
index f5f4c4864f4b..2aba71c1a0b0 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/actions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Hds::Button
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs
index 28228a8c8d0d..124996fe1810 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/fieldsets/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs
index c26d91956c1c..1a8f534ec720 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/initiate/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div class={{class-map "consul-peer-form-initiate"}} ...attributes>
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs
index feb85bf4a25e..b3f455833a4e 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/token/actions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
index ca4b98d1687a..eb0f8703c377 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/form/token/fieldsets/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if @regenerate}}
@@ -24,7 +24,7 @@
           </li>
           <li>
             <strong>Switch to the peer</strong><br />
-            Someone on your team should log into the Datacenter (Community) or Admin Partition (Enterprise) that you want this one to connect with.
+            Someone on your team should log into the Datacenter (CE) or Admin Partition (Enterprise) that you want this one to connect with.
           </li>
           <li>
             <strong>Initiate the peering</strong><br />
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/index.scss
index c7e6b20eaf06..db9d677688a4 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/index.scss
+++ b/ui/packages/consul-peerings/app/components/consul/peer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './components';
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/list/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/list/index.hbs
index b0d10e1f8a74..a1af71ce11eb 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/list/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/list/test-support.js b/ui/packages/consul-peerings/app/components/consul/peer/list/test-support.js
index 4edc13caf176..01d89268e454 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/list/test-support.js
+++ b/ui/packages/consul-peerings/app/components/consul/peer/list/test-support.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export const selectors = {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/notifications/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/notifications/index.hbs
index 782b755a8075..7c919f8c856c 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/notifications/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (eq @type 'remove')}}
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.hbs
index 475c8a2b5a1d..e7e895a316c7 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.scss b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.scss
index aa288d06710f..73e32faff874 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.scss
+++ b/ui/packages/consul-peerings/app/components/consul/peer/search-bar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-peer-search-bar {
diff --git a/ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs
index 2fe51c760c68..3d86da42fd48 100644
--- a/ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs
+++ b/ui/packages/consul-peerings/app/components/consul/peer/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <li 
diff --git a/ui/packages/consul-peerings/app/controllers/dc/peers/index.js b/ui/packages/consul-peerings/app/controllers/dc/peers/index.js
index 2cf68beb7cab..82b35ae69732 100644
--- a/ui/packages/consul-peerings/app/controllers/dc/peers/index.js
+++ b/ui/packages/consul-peerings/app/controllers/dc/peers/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Controller from "@ember/controller";
diff --git a/ui/packages/consul-peerings/app/controllers/dc/peers/show/exported.js b/ui/packages/consul-peerings/app/controllers/dc/peers/show/exported.js
index 33b2a8ceb42d..612e958e9e9a 100644
--- a/ui/packages/consul-peerings/app/controllers/dc/peers/show/exported.js
+++ b/ui/packages/consul-peerings/app/controllers/dc/peers/show/exported.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Controller from "@ember/controller";
diff --git a/ui/packages/consul-peerings/app/controllers/dc/peers/show/index.js b/ui/packages/consul-peerings/app/controllers/dc/peers/show/index.js
index ddef44c025a1..8044c8c021d3 100644
--- a/ui/packages/consul-peerings/app/controllers/dc/peers/show/index.js
+++ b/ui/packages/consul-peerings/app/controllers/dc/peers/show/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Controller from "@ember/controller";
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/index.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/index.hbs
index 76a2847b3890..0a3448704459 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/index.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/show.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/show.hbs
index 843c54adf8ef..93df6f79c7a1 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/show.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/show.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/show/addresses.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/show/addresses.hbs
index 5845f97f5456..a8d46aeee7dd 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/show/addresses.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/show/addresses.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/show/exported.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/show/exported.hbs
index 35198bfe8df3..b25af6128fd6 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/show/exported.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/show/exported.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs
index c7d32b3b16db..05832b1c5480 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/show/index.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/show/index.hbs
index 9a077304e400..acdf7641c14a 100644
--- a/ui/packages/consul-peerings/app/templates/dc/peers/show/index.hbs
+++ b/ui/packages/consul-peerings/app/templates/dc/peers/show/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-peerings/vendor/consul-peerings/routes.js b/ui/packages/consul-peerings/vendor/consul-peerings/routes.js
index 4ce314ba540d..a8748cec3a3e 100644
--- a/ui/packages/consul-peerings/vendor/consul-peerings/routes.js
+++ b/ui/packages/consul-peerings/vendor/consul-peerings/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 ((routes) =>
diff --git a/ui/packages/consul-peerings/vendor/consul-peerings/services.js b/ui/packages/consul-peerings/vendor/consul-peerings/services.js
index afad1c0e8446..2601489b0bcf 100644
--- a/ui/packages/consul-peerings/vendor/consul-peerings/services.js
+++ b/ui/packages/consul-peerings/vendor/consul-peerings/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (services => services({
diff --git a/ui/packages/consul-ui/.docfy-config.js b/ui/packages/consul-ui/.docfy-config.js
index 65bfd7401ff5..c8308a5854c2 100644
--- a/ui/packages/consul-ui/.docfy-config.js
+++ b/ui/packages/consul-ui/.docfy-config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 const path = require('path');
diff --git a/ui/packages/consul-ui/.eslintrc.js b/ui/packages/consul-ui/.eslintrc.js
index 114ea2c2f7d3..c8397263b5ea 100644
--- a/ui/packages/consul-ui/.eslintrc.js
+++ b/ui/packages/consul-ui/.eslintrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 module.exports = {
diff --git a/ui/packages/consul-ui/.istanbul.yml b/ui/packages/consul-ui/.istanbul.yml
index 636bf0e77b0a..45e59c85a107 100644
--- a/ui/packages/consul-ui/.istanbul.yml
+++ b/ui/packages/consul-ui/.istanbul.yml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 instrumentation:
   excludes: [
diff --git a/ui/packages/consul-ui/.prettierrc.js b/ui/packages/consul-ui/.prettierrc.js
index 4833e3531de5..cd0cb10db33a 100644
--- a/ui/packages/consul-ui/.prettierrc.js
+++ b/ui/packages/consul-ui/.prettierrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/.template-lintrc.js b/ui/packages/consul-ui/.template-lintrc.js
index 868e880ed35a..2acbc36ee99f 100644
--- a/ui/packages/consul-ui/.template-lintrc.js
+++ b/ui/packages/consul-ui/.template-lintrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/app/abilities/acl.js b/ui/packages/consul-ui/app/abilities/acl.js
index 32701965184f..c8667d6e72d0 100644
--- a/ui/packages/consul-ui/app/abilities/acl.js
+++ b/ui/packages/consul-ui/app/abilities/acl.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/auth-method.js b/ui/packages/consul-ui/app/abilities/auth-method.js
index de92c39c259d..92e805cc7d26 100644
--- a/ui/packages/consul-ui/app/abilities/auth-method.js
+++ b/ui/packages/consul-ui/app/abilities/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/base.js b/ui/packages/consul-ui/app/abilities/base.js
index c2f58ab7b485..663b107d6392 100644
--- a/ui/packages/consul-ui/app/abilities/base.js
+++ b/ui/packages/consul-ui/app/abilities/base.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/abilities/intention.js b/ui/packages/consul-ui/app/abilities/intention.js
index 27c7dc50c3e7..0ae68551b922 100644
--- a/ui/packages/consul-ui/app/abilities/intention.js
+++ b/ui/packages/consul-ui/app/abilities/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/kv.js b/ui/packages/consul-ui/app/abilities/kv.js
index bfcaca43fd9a..7b32d1b4d9ca 100644
--- a/ui/packages/consul-ui/app/abilities/kv.js
+++ b/ui/packages/consul-ui/app/abilities/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility, { ACCESS_LIST } from './base';
diff --git a/ui/packages/consul-ui/app/abilities/license.js b/ui/packages/consul-ui/app/abilities/license.js
index 82affe7cff2c..a1cd4f96982a 100644
--- a/ui/packages/consul-ui/app/abilities/license.js
+++ b/ui/packages/consul-ui/app/abilities/license.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/node.js b/ui/packages/consul-ui/app/abilities/node.js
index 51b92aa131f2..aaf63243d52f 100644
--- a/ui/packages/consul-ui/app/abilities/node.js
+++ b/ui/packages/consul-ui/app/abilities/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/nspace.js b/ui/packages/consul-ui/app/abilities/nspace.js
index 994b51f41de3..b561700b18db 100644
--- a/ui/packages/consul-ui/app/abilities/nspace.js
+++ b/ui/packages/consul-ui/app/abilities/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/overview.js b/ui/packages/consul-ui/app/abilities/overview.js
index 4381ecf537ae..cbd6ecd8606a 100644
--- a/ui/packages/consul-ui/app/abilities/overview.js
+++ b/ui/packages/consul-ui/app/abilities/overview.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/partition.js b/ui/packages/consul-ui/app/abilities/partition.js
index b884e058498a..3dade71b7714 100644
--- a/ui/packages/consul-ui/app/abilities/partition.js
+++ b/ui/packages/consul-ui/app/abilities/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from 'consul-ui/abilities/base';
diff --git a/ui/packages/consul-ui/app/abilities/peer.js b/ui/packages/consul-ui/app/abilities/peer.js
index 7a52ed430091..b564c731d5b6 100644
--- a/ui/packages/consul-ui/app/abilities/peer.js
+++ b/ui/packages/consul-ui/app/abilities/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from 'consul-ui/abilities/base';
diff --git a/ui/packages/consul-ui/app/abilities/permission.js b/ui/packages/consul-ui/app/abilities/permission.js
index 41b2e5a7076f..8856b4c1bc19 100644
--- a/ui/packages/consul-ui/app/abilities/permission.js
+++ b/ui/packages/consul-ui/app/abilities/permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/policy.js b/ui/packages/consul-ui/app/abilities/policy.js
index 4c7ee5a32d9f..38c15963ed87 100644
--- a/ui/packages/consul-ui/app/abilities/policy.js
+++ b/ui/packages/consul-ui/app/abilities/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/role.js b/ui/packages/consul-ui/app/abilities/role.js
index 457fb1bea9cc..19ab731169ac 100644
--- a/ui/packages/consul-ui/app/abilities/role.js
+++ b/ui/packages/consul-ui/app/abilities/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/server.js b/ui/packages/consul-ui/app/abilities/server.js
index b6acef100cc7..55cee3bbd04c 100644
--- a/ui/packages/consul-ui/app/abilities/server.js
+++ b/ui/packages/consul-ui/app/abilities/server.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/service-instance.js b/ui/packages/consul-ui/app/abilities/service-instance.js
index 2f00b9857fcb..e424bb608f74 100644
--- a/ui/packages/consul-ui/app/abilities/service-instance.js
+++ b/ui/packages/consul-ui/app/abilities/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility, { ACCESS_READ, ACCESS_WRITE } from './base';
diff --git a/ui/packages/consul-ui/app/abilities/session.js b/ui/packages/consul-ui/app/abilities/session.js
index dd505eea2d06..6a9554ae902b 100644
--- a/ui/packages/consul-ui/app/abilities/session.js
+++ b/ui/packages/consul-ui/app/abilities/session.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/token.js b/ui/packages/consul-ui/app/abilities/token.js
index e8880daf6c43..d09692e42f5f 100644
--- a/ui/packages/consul-ui/app/abilities/token.js
+++ b/ui/packages/consul-ui/app/abilities/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/upstream.js b/ui/packages/consul-ui/app/abilities/upstream.js
index 55cf1d0d0ebc..d8e5090b505c 100644
--- a/ui/packages/consul-ui/app/abilities/upstream.js
+++ b/ui/packages/consul-ui/app/abilities/upstream.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/zervice.js b/ui/packages/consul-ui/app/abilities/zervice.js
index 0fadbcb7c6e7..0b143c5b8fbc 100644
--- a/ui/packages/consul-ui/app/abilities/zervice.js
+++ b/ui/packages/consul-ui/app/abilities/zervice.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/abilities/zone.js b/ui/packages/consul-ui/app/abilities/zone.js
index 3f141319f911..18a1bf4d71b9 100644
--- a/ui/packages/consul-ui/app/abilities/zone.js
+++ b/ui/packages/consul-ui/app/abilities/zone.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import BaseAbility from './base';
diff --git a/ui/packages/consul-ui/app/adapters/application.js b/ui/packages/consul-ui/app/adapters/application.js
index d0010c784b3a..1154b2473278 100644
--- a/ui/packages/consul-ui/app/adapters/application.js
+++ b/ui/packages/consul-ui/app/adapters/application.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './http';
diff --git a/ui/packages/consul-ui/app/adapters/auth-method.js b/ui/packages/consul-ui/app/adapters/auth-method.js
index 97153a3fcbe8..6d3fbfeb2bf8 100644
--- a/ui/packages/consul-ui/app/adapters/auth-method.js
+++ b/ui/packages/consul-ui/app/adapters/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/binding-rule.js b/ui/packages/consul-ui/app/adapters/binding-rule.js
index 49029ce7a724..026674c7584c 100644
--- a/ui/packages/consul-ui/app/adapters/binding-rule.js
+++ b/ui/packages/consul-ui/app/adapters/binding-rule.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/coordinate.js b/ui/packages/consul-ui/app/adapters/coordinate.js
index fc5eba788cc7..a7a0b286c862 100644
--- a/ui/packages/consul-ui/app/adapters/coordinate.js
+++ b/ui/packages/consul-ui/app/adapters/coordinate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/discovery-chain.js b/ui/packages/consul-ui/app/adapters/discovery-chain.js
index 6ce0020c6e85..37879323b20c 100644
--- a/ui/packages/consul-ui/app/adapters/discovery-chain.js
+++ b/ui/packages/consul-ui/app/adapters/discovery-chain.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/http.js b/ui/packages/consul-ui/app/adapters/http.js
index 5e9acc62fec8..89b7f11da4b7 100644
--- a/ui/packages/consul-ui/app/adapters/http.js
+++ b/ui/packages/consul-ui/app/adapters/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/adapters/intention.js b/ui/packages/consul-ui/app/adapters/intention.js
index b47d179b8446..3ea6925470ae 100644
--- a/ui/packages/consul-ui/app/adapters/intention.js
+++ b/ui/packages/consul-ui/app/adapters/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/kv.js b/ui/packages/consul-ui/app/adapters/kv.js
index bb29fff4d969..e512723702e5 100644
--- a/ui/packages/consul-ui/app/adapters/kv.js
+++ b/ui/packages/consul-ui/app/adapters/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/node.js b/ui/packages/consul-ui/app/adapters/node.js
index 5ac1a936005a..be0799a10d6d 100644
--- a/ui/packages/consul-ui/app/adapters/node.js
+++ b/ui/packages/consul-ui/app/adapters/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/nspace.js b/ui/packages/consul-ui/app/adapters/nspace.js
index 6e9f27dde0a7..3636a363c655 100644
--- a/ui/packages/consul-ui/app/adapters/nspace.js
+++ b/ui/packages/consul-ui/app/adapters/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/oidc-provider.js b/ui/packages/consul-ui/app/adapters/oidc-provider.js
index 6fafe51a8569..c758a49dcd0a 100644
--- a/ui/packages/consul-ui/app/adapters/oidc-provider.js
+++ b/ui/packages/consul-ui/app/adapters/oidc-provider.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/partition.js b/ui/packages/consul-ui/app/adapters/partition.js
index b2ec2178de14..4ba23078afb6 100644
--- a/ui/packages/consul-ui/app/adapters/partition.js
+++ b/ui/packages/consul-ui/app/adapters/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/permission.js b/ui/packages/consul-ui/app/adapters/permission.js
index 806ed5a3c304..23b5a2725075 100644
--- a/ui/packages/consul-ui/app/adapters/permission.js
+++ b/ui/packages/consul-ui/app/adapters/permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/policy.js b/ui/packages/consul-ui/app/adapters/policy.js
index 6c959df2d8a4..9d1415f3a349 100644
--- a/ui/packages/consul-ui/app/adapters/policy.js
+++ b/ui/packages/consul-ui/app/adapters/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/proxy.js b/ui/packages/consul-ui/app/adapters/proxy.js
index 6f37be654011..782c9e1b7db9 100644
--- a/ui/packages/consul-ui/app/adapters/proxy.js
+++ b/ui/packages/consul-ui/app/adapters/proxy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/role.js b/ui/packages/consul-ui/app/adapters/role.js
index 8773fddeac17..a64d3db366d2 100644
--- a/ui/packages/consul-ui/app/adapters/role.js
+++ b/ui/packages/consul-ui/app/adapters/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/service-instance.js b/ui/packages/consul-ui/app/adapters/service-instance.js
index e61efc818803..d02295d898de 100644
--- a/ui/packages/consul-ui/app/adapters/service-instance.js
+++ b/ui/packages/consul-ui/app/adapters/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/service.js b/ui/packages/consul-ui/app/adapters/service.js
index c8e6adf82698..c3acb927e0dd 100644
--- a/ui/packages/consul-ui/app/adapters/service.js
+++ b/ui/packages/consul-ui/app/adapters/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/session.js b/ui/packages/consul-ui/app/adapters/session.js
index 3f42ac4bb97c..c0c2c5437c8a 100644
--- a/ui/packages/consul-ui/app/adapters/session.js
+++ b/ui/packages/consul-ui/app/adapters/session.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/token.js b/ui/packages/consul-ui/app/adapters/token.js
index 7e8e46dacb1b..555b334e5e5b 100644
--- a/ui/packages/consul-ui/app/adapters/token.js
+++ b/ui/packages/consul-ui/app/adapters/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/adapters/topology.js b/ui/packages/consul-ui/app/adapters/topology.js
index 8ed49fea40fd..b12ffc3f9dbf 100644
--- a/ui/packages/consul-ui/app/adapters/topology.js
+++ b/ui/packages/consul-ui/app/adapters/topology.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/app/app.js b/ui/packages/consul-ui/app/app.js
index 43db29bdd35e..de6711919bb8 100644
--- a/ui/packages/consul-ui/app/app.js
+++ b/ui/packages/consul-ui/app/app.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Application from '@ember/application';
diff --git a/ui/packages/consul-ui/app/components/action/index.hbs b/ui/packages/consul-ui/app/components/action/index.hbs
index ad405278bfc7..97119fdd477a 100644
--- a/ui/packages/consul-ui/app/components/action/index.hbs
+++ b/ui/packages/consul-ui/app/components/action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if @for~}}
diff --git a/ui/packages/consul-ui/app/components/anchors/index.scss b/ui/packages/consul-ui/app/components/anchors/index.scss
index 0de89716dbe1..9fe7e5079d42 100644
--- a/ui/packages/consul-ui/app/components/anchors/index.scss
+++ b/ui/packages/consul-ui/app/components/anchors/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/anchors/skin.scss b/ui/packages/consul-ui/app/components/anchors/skin.scss
index 53fb0d94617a..a34e5becc9e4 100644
--- a/ui/packages/consul-ui/app/components/anchors/skin.scss
+++ b/ui/packages/consul-ui/app/components/anchors/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %anchor-decoration,
diff --git a/ui/packages/consul-ui/app/components/anonymous/index.hbs b/ui/packages/consul-ui/app/components/anonymous/index.hbs
index 8709fc4b8b77..0566ddf99b46 100644
--- a/ui/packages/consul-ui/app/components/anonymous/index.hbs
+++ b/ui/packages/consul-ui/app/components/anonymous/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/anonymous/index.js b/ui/packages/consul-ui/app/components/anonymous/index.js
index d99599ac3039..8f027b69f0e0 100644
--- a/ui/packages/consul-ui/app/components/anonymous/index.js
+++ b/ui/packages/consul-ui/app/components/anonymous/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/app-error/index.hbs b/ui/packages/consul-ui/app/components/app-error/index.hbs
index ca65502f5939..0c087cdd4d97 100644
--- a/ui/packages/consul-ui/app/components/app-error/index.hbs
+++ b/ui/packages/consul-ui/app/components/app-error/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <AppView>
diff --git a/ui/packages/consul-ui/app/components/app-view/index.hbs b/ui/packages/consul-ui/app/components/app-view/index.hbs
index 3b6ebb26e138..53cf7113b247 100644
--- a/ui/packages/consul-ui/app/components/app-view/index.hbs
+++ b/ui/packages/consul-ui/app/components/app-view/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/app-view/index.js b/ui/packages/consul-ui/app/components/app-view/index.js
index fad33e6bdfe8..6743e59592cd 100644
--- a/ui/packages/consul-ui/app/components/app-view/index.js
+++ b/ui/packages/consul-ui/app/components/app-view/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/app-view/index.scss b/ui/packages/consul-ui/app/components/app-view/index.scss
index 434898ade93e..9a4d8fc5cd0e 100644
--- a/ui/packages/consul-ui/app/components/app-view/index.scss
+++ b/ui/packages/consul-ui/app/components/app-view/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/app-view/layout.scss b/ui/packages/consul-ui/app/components/app-view/layout.scss
index 1e3a95aa0eac..c2f074ed06f4 100644
--- a/ui/packages/consul-ui/app/components/app-view/layout.scss
+++ b/ui/packages/consul-ui/app/components/app-view/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* layout */
diff --git a/ui/packages/consul-ui/app/components/app-view/skin.scss b/ui/packages/consul-ui/app/components/app-view/skin.scss
index 937ce012fa79..b88b2ec96220 100644
--- a/ui/packages/consul-ui/app/components/app-view/skin.scss
+++ b/ui/packages/consul-ui/app/components/app-view/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %app-view-title {
diff --git a/ui/packages/consul-ui/app/components/app/index.hbs b/ui/packages/consul-ui/app/components/app/index.hbs
index ba7daf4be232..bcda82c46fe8 100644
--- a/ui/packages/consul-ui/app/components/app/index.hbs
+++ b/ui/packages/consul-ui/app/components/app/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let (hash
diff --git a/ui/packages/consul-ui/app/components/app/index.js b/ui/packages/consul-ui/app/components/app/index.js
index d5c47a02b3f1..16e171e2d637 100644
--- a/ui/packages/consul-ui/app/components/app/index.js
+++ b/ui/packages/consul-ui/app/components/app/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/app/index.scss b/ui/packages/consul-ui/app/components/app/index.scss
index 7de7fa108413..73d266bdb3ed 100644
--- a/ui/packages/consul-ui/app/components/app/index.scss
+++ b/ui/packages/consul-ui/app/components/app/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .app .skip-links {
diff --git a/ui/packages/consul-ui/app/components/app/notification/index.hbs b/ui/packages/consul-ui/app/components/app/notification/index.hbs
index f7777b43bca9..389dfa50dad7 100644
--- a/ui/packages/consul-ui/app/components/app/notification/index.hbs
+++ b/ui/packages/consul-ui/app/components/app/notification/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/aria-menu/index.hbs b/ui/packages/consul-ui/app/components/aria-menu/index.hbs
index aa942d4accd3..004eb072e123 100644
--- a/ui/packages/consul-ui/app/components/aria-menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/aria-menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield
diff --git a/ui/packages/consul-ui/app/components/aria-menu/index.js b/ui/packages/consul-ui/app/components/aria-menu/index.js
index cd3fe673a877..d8c9ac0f1ce7 100644
--- a/ui/packages/consul-ui/app/components/aria-menu/index.js
+++ b/ui/packages/consul-ui/app/components/aria-menu/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/auth-dialog/chart.xstate.js b/ui/packages/consul-ui/app/components/auth-dialog/chart.xstate.js
index 26cbcb152e1e..74f671cdff4e 100644
--- a/ui/packages/consul-ui/app/components/auth-dialog/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/auth-dialog/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/auth-dialog/index.hbs b/ui/packages/consul-ui/app/components/auth-dialog/index.hbs
index b6df0330525f..dec875b16f3a 100644
--- a/ui/packages/consul-ui/app/components/auth-dialog/index.hbs
+++ b/ui/packages/consul-ui/app/components/auth-dialog/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <StateChart
diff --git a/ui/packages/consul-ui/app/components/auth-dialog/index.js b/ui/packages/consul-ui/app/components/auth-dialog/index.js
index fad84e83ac81..52a7eac2393e 100644
--- a/ui/packages/consul-ui/app/components/auth-dialog/index.js
+++ b/ui/packages/consul-ui/app/components/auth-dialog/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/auth-form/chart.xstate.js b/ui/packages/consul-ui/app/components/auth-form/chart.xstate.js
index 6f81e382641b..e1b582b7c7c1 100644
--- a/ui/packages/consul-ui/app/components/auth-form/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/auth-form/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/auth-form/index.hbs b/ui/packages/consul-ui/app/components/auth-form/index.hbs
index 608709b04890..cf99747d92cf 100644
--- a/ui/packages/consul-ui/app/components/auth-form/index.hbs
+++ b/ui/packages/consul-ui/app/components/auth-form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <StateChart @src={{this.chart}} as |State Guard ChartAction dispatch state|>
diff --git a/ui/packages/consul-ui/app/components/auth-form/index.js b/ui/packages/consul-ui/app/components/auth-form/index.js
index 0cd05cc4c29b..4c861ad527cb 100644
--- a/ui/packages/consul-ui/app/components/auth-form/index.js
+++ b/ui/packages/consul-ui/app/components/auth-form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/auth-form/index.scss b/ui/packages/consul-ui/app/components/auth-form/index.scss
index 1a5c5afff988..49051008b08d 100644
--- a/ui/packages/consul-ui/app/components/auth-form/index.scss
+++ b/ui/packages/consul-ui/app/components/auth-form/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/auth-form/layout.scss b/ui/packages/consul-ui/app/components/auth-form/layout.scss
index 60ea16642b5a..2889b700d09d 100644
--- a/ui/packages/consul-ui/app/components/auth-form/layout.scss
+++ b/ui/packages/consul-ui/app/components/auth-form/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %auth-form {
diff --git a/ui/packages/consul-ui/app/components/auth-form/pageobject.js b/ui/packages/consul-ui/app/components/auth-form/pageobject.js
index f3812d638f90..3ad553f2ad10 100644
--- a/ui/packages/consul-ui/app/components/auth-form/pageobject.js
+++ b/ui/packages/consul-ui/app/components/auth-form/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (submitable, clickable, attribute) =>
diff --git a/ui/packages/consul-ui/app/components/auth-form/skin.scss b/ui/packages/consul-ui/app/components/auth-form/skin.scss
index 341c0928fc8c..18ff35fead26 100644
--- a/ui/packages/consul-ui/app/components/auth-form/skin.scss
+++ b/ui/packages/consul-ui/app/components/auth-form/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %auth-form em {
diff --git a/ui/packages/consul-ui/app/components/auth-form/tabs.xstate.js b/ui/packages/consul-ui/app/components/auth-form/tabs.xstate.js
index e25cc0d3e719..c0fcf889a92c 100644
--- a/ui/packages/consul-ui/app/components/auth-form/tabs.xstate.js
+++ b/ui/packages/consul-ui/app/components/auth-form/tabs.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/auth-modal/index.scss b/ui/packages/consul-ui/app/components/auth-modal/index.scss
index 24f3ba363a48..c9d0eac52460 100644
--- a/ui/packages/consul-ui/app/components/auth-modal/index.scss
+++ b/ui/packages/consul-ui/app/components/auth-modal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*TODO: This is a different style of modal dialog */
diff --git a/ui/packages/consul-ui/app/components/auth-modal/layout.scss b/ui/packages/consul-ui/app/components/auth-modal/layout.scss
index 0f38371bbaa2..dcdcede01072 100644
--- a/ui/packages/consul-ui/app/components/auth-modal/layout.scss
+++ b/ui/packages/consul-ui/app/components/auth-modal/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %auth-modal footer {
diff --git a/ui/packages/consul-ui/app/components/auth-modal/skin.scss b/ui/packages/consul-ui/app/components/auth-modal/skin.scss
index ac930a2dd619..b88fad1e54c6 100644
--- a/ui/packages/consul-ui/app/components/auth-modal/skin.scss
+++ b/ui/packages/consul-ui/app/components/auth-modal/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %auth-modal footer button::after {
diff --git a/ui/packages/consul-ui/app/components/auth-profile/index.hbs b/ui/packages/consul-ui/app/components/auth-profile/index.hbs
index 324a657bbe43..3a7f4e5256b6 100644
--- a/ui/packages/consul-ui/app/components/auth-profile/index.hbs
+++ b/ui/packages/consul-ui/app/components/auth-profile/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <dl
diff --git a/ui/packages/consul-ui/app/components/auth-profile/index.scss b/ui/packages/consul-ui/app/components/auth-profile/index.scss
index 09b154b4a51c..cc749d474487 100644
--- a/ui/packages/consul-ui/app/components/auth-profile/index.scss
+++ b/ui/packages/consul-ui/app/components/auth-profile/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .auth-profile {
diff --git a/ui/packages/consul-ui/app/components/badge/debug.scss b/ui/packages/consul-ui/app/components/badge/debug.scss
index 08f9cce2507a..107eb00d2fb0 100644
--- a/ui/packages/consul-ui/app/components/badge/debug.scss
+++ b/ui/packages/consul-ui/app/components/badge/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 #docfy-demo-preview-badge {
diff --git a/ui/packages/consul-ui/app/components/badge/index.scss b/ui/packages/consul-ui/app/components/badge/index.scss
index 513ef1f42237..cd7148f3b806 100644
--- a/ui/packages/consul-ui/app/components/badge/index.scss
+++ b/ui/packages/consul-ui/app/components/badge/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %badge {
diff --git a/ui/packages/consul-ui/app/components/brand-loader/index.scss b/ui/packages/consul-ui/app/components/brand-loader/index.scss
index ed46a5cb4c0f..2d29edba2192 100644
--- a/ui/packages/consul-ui/app/components/brand-loader/index.scss
+++ b/ui/packages/consul-ui/app/components/brand-loader/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/brand-loader/layout.scss b/ui/packages/consul-ui/app/components/brand-loader/layout.scss
index 725fe38be1ce..992dac136855 100644
--- a/ui/packages/consul-ui/app/components/brand-loader/layout.scss
+++ b/ui/packages/consul-ui/app/components/brand-loader/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %brand-loader {
diff --git a/ui/packages/consul-ui/app/components/brand-loader/skin.scss b/ui/packages/consul-ui/app/components/brand-loader/skin.scss
index f24f44f39bea..25bf4df27487 100644
--- a/ui/packages/consul-ui/app/components/brand-loader/skin.scss
+++ b/ui/packages/consul-ui/app/components/brand-loader/skin.scss
@@ -1,5 +1,5 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
diff --git a/ui/packages/consul-ui/app/components/breadcrumbs/index.scss b/ui/packages/consul-ui/app/components/breadcrumbs/index.scss
index 7ffd948f3e98..5541fda6f5c0 100644
--- a/ui/packages/consul-ui/app/components/breadcrumbs/index.scss
+++ b/ui/packages/consul-ui/app/components/breadcrumbs/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/breadcrumbs/layout.scss b/ui/packages/consul-ui/app/components/breadcrumbs/layout.scss
index 47c08cb7f5bf..b8063d7eb99e 100644
--- a/ui/packages/consul-ui/app/components/breadcrumbs/layout.scss
+++ b/ui/packages/consul-ui/app/components/breadcrumbs/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %breadcrumbs {
diff --git a/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss b/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss
index 14f6b43f3b03..f7fcedf06ff1 100644
--- a/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss
+++ b/ui/packages/consul-ui/app/components/breadcrumbs/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %crumbs {
diff --git a/ui/packages/consul-ui/app/components/buttons/index.scss b/ui/packages/consul-ui/app/components/buttons/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/buttons/index.scss
+++ b/ui/packages/consul-ui/app/components/buttons/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/buttons/layout.scss b/ui/packages/consul-ui/app/components/buttons/layout.scss
index 53abc11475ff..43115558dd9f 100644
--- a/ui/packages/consul-ui/app/components/buttons/layout.scss
+++ b/ui/packages/consul-ui/app/components/buttons/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %button {
diff --git a/ui/packages/consul-ui/app/components/buttons/skin.scss b/ui/packages/consul-ui/app/components/buttons/skin.scss
index ceb41311bdaa..0abba2214023 100644
--- a/ui/packages/consul-ui/app/components/buttons/skin.scss
+++ b/ui/packages/consul-ui/app/components/buttons/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* decor */
diff --git a/ui/packages/consul-ui/app/components/card/index.scss b/ui/packages/consul-ui/app/components/card/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/card/index.scss
+++ b/ui/packages/consul-ui/app/components/card/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/card/layout.scss b/ui/packages/consul-ui/app/components/card/layout.scss
index 6a4d18a4da4c..f70e5d53d40e 100644
--- a/ui/packages/consul-ui/app/components/card/layout.scss
+++ b/ui/packages/consul-ui/app/components/card/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %card {
diff --git a/ui/packages/consul-ui/app/components/card/skin.scss b/ui/packages/consul-ui/app/components/card/skin.scss
index 3d71ca3bd607..49c3835fd7e2 100644
--- a/ui/packages/consul-ui/app/components/card/skin.scss
+++ b/ui/packages/consul-ui/app/components/card/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %card:hover,
diff --git a/ui/packages/consul-ui/app/components/checkbox-group/index.scss b/ui/packages/consul-ui/app/components/checkbox-group/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/checkbox-group/index.scss
+++ b/ui/packages/consul-ui/app/components/checkbox-group/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/checkbox-group/layout.scss b/ui/packages/consul-ui/app/components/checkbox-group/layout.scss
index 04fcea0a8066..65cae5fdc5db 100644
--- a/ui/packages/consul-ui/app/components/checkbox-group/layout.scss
+++ b/ui/packages/consul-ui/app/components/checkbox-group/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* TODO: This is positioning the group */
diff --git a/ui/packages/consul-ui/app/components/checkbox-group/skin.scss b/ui/packages/consul-ui/app/components/checkbox-group/skin.scss
index 02a43a198f41..ab54006f2d84 100644
--- a/ui/packages/consul-ui/app/components/checkbox-group/skin.scss
+++ b/ui/packages/consul-ui/app/components/checkbox-group/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %checkbox-group label {
diff --git a/ui/packages/consul-ui/app/components/child-selector/index.hbs b/ui/packages/consul-ui/app/components/child-selector/index.hbs
index 9693f9e1a803..af1fd2739825 100644
--- a/ui/packages/consul-ui/app/components/child-selector/index.hbs
+++ b/ui/packages/consul-ui/app/components/child-selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/child-selector/index.js b/ui/packages/consul-ui/app/components/child-selector/index.js
index 190fda4dd07b..24cd68246ea5 100644
--- a/ui/packages/consul-ui/app/components/child-selector/index.js
+++ b/ui/packages/consul-ui/app/components/child-selector/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/code-editor/index.hbs b/ui/packages/consul-ui/app/components/code-editor/index.hbs
index 03487d32f0bb..0ba860e6ddff 100644
--- a/ui/packages/consul-ui/app/components/code-editor/index.hbs
+++ b/ui/packages/consul-ui/app/components/code-editor/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div class="toolbar-container">
diff --git a/ui/packages/consul-ui/app/components/code-editor/index.js b/ui/packages/consul-ui/app/components/code-editor/index.js
index 72e3abf8eb8a..52203ac22a0e 100644
--- a/ui/packages/consul-ui/app/components/code-editor/index.js
+++ b/ui/packages/consul-ui/app/components/code-editor/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/code-editor/index.scss b/ui/packages/consul-ui/app/components/code-editor/index.scss
index 58c7c66596cc..559533e42a84 100644
--- a/ui/packages/consul-ui/app/components/code-editor/index.scss
+++ b/ui/packages/consul-ui/app/components/code-editor/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/code-editor/layout.scss b/ui/packages/consul-ui/app/components/code-editor/layout.scss
index b8194d850bc9..285fda57a35f 100644
--- a/ui/packages/consul-ui/app/components/code-editor/layout.scss
+++ b/ui/packages/consul-ui/app/components/code-editor/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %code-editor {
diff --git a/ui/packages/consul-ui/app/components/code-editor/skin.scss b/ui/packages/consul-ui/app/components/code-editor/skin.scss
index 0a8dafc65dde..db0f52bc0d29 100644
--- a/ui/packages/consul-ui/app/components/code-editor/skin.scss
+++ b/ui/packages/consul-ui/app/components/code-editor/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 $syntax-consul: #69499a;
diff --git a/ui/packages/consul-ui/app/components/composite-row/index.scss b/ui/packages/consul-ui/app/components/composite-row/index.scss
index e9db145da19d..255a2a67c6ca 100644
--- a/ui/packages/consul-ui/app/components/composite-row/index.scss
+++ b/ui/packages/consul-ui/app/components/composite-row/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './layout';
diff --git a/ui/packages/consul-ui/app/components/composite-row/layout.scss b/ui/packages/consul-ui/app/components/composite-row/layout.scss
index 819c41f9504f..dfc3860b501f 100644
--- a/ui/packages/consul-ui/app/components/composite-row/layout.scss
+++ b/ui/packages/consul-ui/app/components/composite-row/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %composite-row {
diff --git a/ui/packages/consul-ui/app/components/confirmation-alert/index.hbs b/ui/packages/consul-ui/app/components/confirmation-alert/index.hbs
index 95f243a89233..cf5a0c403c67 100644
--- a/ui/packages/consul-ui/app/components/confirmation-alert/index.hbs
+++ b/ui/packages/consul-ui/app/components/confirmation-alert/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/confirmation-alert/index.js b/ui/packages/consul-ui/app/components/confirmation-alert/index.js
index d99599ac3039..8f027b69f0e0 100644
--- a/ui/packages/consul-ui/app/components/confirmation-alert/index.js
+++ b/ui/packages/consul-ui/app/components/confirmation-alert/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/confirmation-dialog/index.hbs b/ui/packages/consul-ui/app/components/confirmation-dialog/index.hbs
index da4c7660efbf..07826204afe4 100644
--- a/ui/packages/consul-ui/app/components/confirmation-dialog/index.hbs
+++ b/ui/packages/consul-ui/app/components/confirmation-dialog/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div class={{concat "with-confirmation" (if confirming " confirming" "")}} ...attributes>
diff --git a/ui/packages/consul-ui/app/components/confirmation-dialog/index.js b/ui/packages/consul-ui/app/components/confirmation-dialog/index.js
index e10782f579d4..b60850d50a26 100644
--- a/ui/packages/consul-ui/app/components/confirmation-dialog/index.js
+++ b/ui/packages/consul-ui/app/components/confirmation-dialog/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*eslint ember/closure-actions: "warn"*/
diff --git a/ui/packages/consul-ui/app/components/confirmation-dialog/index.scss b/ui/packages/consul-ui/app/components/confirmation-dialog/index.scss
index 65914fb02576..67ae530a98ea 100644
--- a/ui/packages/consul-ui/app/components/confirmation-dialog/index.scss
+++ b/ui/packages/consul-ui/app/components/confirmation-dialog/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/confirmation-dialog/layout.scss b/ui/packages/consul-ui/app/components/confirmation-dialog/layout.scss
index 9538794833b1..82773a342339 100644
--- a/ui/packages/consul-ui/app/components/confirmation-dialog/layout.scss
+++ b/ui/packages/consul-ui/app/components/confirmation-dialog/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %confirmation-dialog {
diff --git a/ui/packages/consul-ui/app/components/confirmation-dialog/skin.scss b/ui/packages/consul-ui/app/components/confirmation-dialog/skin.scss
index 4509c4b3fdc5..248c7c9950e7 100644
--- a/ui/packages/consul-ui/app/components/confirmation-dialog/skin.scss
+++ b/ui/packages/consul-ui/app/components/confirmation-dialog/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 table div.with-confirmation.confirming {
diff --git a/ui/packages/consul-ui/app/components/consul/acl/disabled/index.hbs b/ui/packages/consul-ui/app/components/consul/acl/disabled/index.hbs
index 23e6271820d2..77e8dba8fecc 100644
--- a/ui/packages/consul-ui/app/components/consul/acl/disabled/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/acl/disabled/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <AppView>
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/binding-list/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/binding-list/index.hbs
index 44e351e45284..d0ab9b8ae62a 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/binding-list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/binding-list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div class="consul-auth-method-binding-list">
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/index.scss b/ui/packages/consul-ui/app/components/consul/auth-method/index.scss
index 7e6ffe2de8c0..266174687f49 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // List
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/list/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/list/index.hbs
index 160e38bd9ce5..2f15936b42cf 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/auth-method/list/pageobject.js
index 39a94fedd96f..e8a8044e0649 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (collection, clickable, text) => () => {
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/nspace-list/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/nspace-list/index.hbs
index cb617ad0660f..ec47712ec380 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/nspace-list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/nspace-list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div class="consul-auth-method-nspace-list">
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs
index 63e9f11be2f6..5a0a5949a571 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar class='consul-auth-method-search-bar' ...attributes @filter={{@filter}}>
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/type/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/type/index.hbs
index a21db4f39264..b28adf846054 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/type/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/type/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let (icon-mapping @item.Type) as |flightIcon|}}
diff --git a/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs b/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs
index eab0fa48399c..00b0169679fc 100644
--- a/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/auth-method/view/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
   <div class="consul-auth-method-view">
diff --git a/ui/packages/consul-ui/app/components/consul/bucket/list/index.hbs b/ui/packages/consul-ui/app/components/consul/bucket/list/index.hbs
index 21d598d64ff5..0c82141ca5b0 100644
--- a/ui/packages/consul-ui/app/components/consul/bucket/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/bucket/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if this.itemsToDisplay.length}}
diff --git a/ui/packages/consul-ui/app/components/consul/bucket/list/index.js b/ui/packages/consul-ui/app/components/consul/bucket/list/index.js
index 0268cb6d22ef..387d04f1721f 100644
--- a/ui/packages/consul-ui/app/components/consul/bucket/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/bucket/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/bucket/list/index.scss b/ui/packages/consul-ui/app/components/consul/bucket/list/index.scss
index 996323841f58..710f6a3593bf 100644
--- a/ui/packages/consul-ui/app/components/consul/bucket/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/bucket/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %consul-bucket-list {
diff --git a/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs b/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs
index 767422e4b9b1..ecc4f51f1a6b 100644
--- a/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/datacenter/selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <li class='dcs' data-test-datacenter-menu>
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.hbs b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.hbs
index e25096f849cd..59d584606174 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <style>
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.js b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.js
index 0abbf310429b..71cbf6d6363b 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.js
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.scss b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.scss
index e1a4b2a77eda..9185b3634514 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/layout.scss b/ui/packages/consul-ui/app/components/consul/discovery-chain/layout.scss
index d21170aefb45..0dcd40dd5cfe 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %discovery-chain .resolvers,
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/resolver-card/index.hbs b/ui/packages/consul-ui/app/components/consul/discovery-chain/resolver-card/index.hbs
index e7d61c03c11e..5ffc76f961bb 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/resolver-card/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/resolver-card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.hbs b/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.hbs
index 938620165444..3a3c83839bcc 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <a
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.js b/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.js
index 8000faaac68e..5088fe194bbb 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.js
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/route-card/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/skin.scss b/ui/packages/consul-ui/app/components/consul/discovery-chain/skin.scss
index 02fd85a89928..cac17f50699c 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* CSS active states are partly added at the top of */
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/splitter-card/index.hbs b/ui/packages/consul-ui/app/components/consul/discovery-chain/splitter-card/index.hbs
index 7984f3960362..e2382dc23b1e 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/splitter-card/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/splitter-card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/discovery-chain/utils.js b/ui/packages/consul-ui/app/components/consul/discovery-chain/utils.js
index 6976a6a930f5..3b5806d58328 100644
--- a/ui/packages/consul-ui/app/components/consul/discovery-chain/utils.js
+++ b/ui/packages/consul-ui/app/components/consul/discovery-chain/utils.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 const getNodesByType = function (nodes = {}, type) {
diff --git a/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.hbs b/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.hbs
index fa38bcc90e08..9ece2eddb044 100644
--- a/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.scss b/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.scss
index 31d21cfb9614..c24d05e3f2ec 100644
--- a/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/exposed-path/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-exposed-path-list {
diff --git a/ui/packages/consul-ui/app/components/consul/external-source/index.hbs b/ui/packages/consul-ui/app/components/consul/external-source/index.hbs
index c0a8de9f8bfd..eda30bac6b5c 100644
--- a/ui/packages/consul-ui/app/components/consul/external-source/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/external-source/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if @item}}
diff --git a/ui/packages/consul-ui/app/components/consul/external-source/index.scss b/ui/packages/consul-ui/app/components/consul/external-source/index.scss
index d318d534c6e0..4c0b07e38226 100644
--- a/ui/packages/consul-ui/app/components/consul/external-source/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/external-source/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-external-source {
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/list/index.hbs b/ui/packages/consul-ui/app/components/consul/health-check/list/index.hbs
index f5e065cec718..b49691ddc5e8 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/health-check/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/list/index.scss b/ui/packages/consul-ui/app/components/consul/health-check/list/index.scss
index 5995a4ecce86..1028a51f5aeb 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/health-check/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/list/layout.scss b/ui/packages/consul-ui/app/components/consul/health-check/list/layout.scss
index ef5dd6155dac..438597a1107b 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/list/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/health-check/list/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %healthcheck-output {
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/health-check/list/pageobject.js
index d7040294a0f5..098235bafea9 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/health-check/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (collection, text) =>
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/list/skin.scss b/ui/packages/consul-ui/app/components/consul/health-check/list/skin.scss
index 8c493b3c580e..99f01729defe 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/list/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/health-check/list/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %healthcheck-output {
diff --git a/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs
index e24adef16560..65547672d2c6 100644
--- a/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/health-check/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/instance-checks/index.hbs b/ui/packages/consul-ui/app/components/consul/instance-checks/index.hbs
index 965425dee8e1..10a182c7f474 100644
--- a/ui/packages/consul-ui/app/components/consul/instance-checks/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/instance-checks/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let
diff --git a/ui/packages/consul-ui/app/components/consul/instance-checks/index.scss b/ui/packages/consul-ui/app/components/consul/instance-checks/index.scss
index e384f9fe05e2..d817a9d758d4 100644
--- a/ui/packages/consul-ui/app/components/consul/instance-checks/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/instance-checks/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-instance-checks {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/components.scss b/ui/packages/consul-ui/app/components/consul/intention/components.scss
index 47f1afb66a03..0bcef73f340a 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/components.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/components.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %pill-allow::before,
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.hbs
index 0aa7f4d02df3..56d8dffb7d58 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.js b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.js
index 94c00927c8ec..569ba439139f 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.scss b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/layout.scss b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/layout.scss
index 18db183ceeb0..b1b253998a56 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-fieldsets {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/skin.scss b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/skin.scss
index 9c7d77c36eff..0c46918f314e 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/fieldsets/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-fieldsets {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/form/index.hbs
index cdc983c37b16..4703d1545c45 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/index.js b/ui/packages/consul-ui/app/components/consul/intention/form/index.js
index b794057a4aff..496f3068658d 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/form/index.scss b/ui/packages/consul-ui/app/components/consul/intention/form/index.scss
index bc4bc4bb4917..e6a2e3f8b9c9 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/form/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/form/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-action-warn-modal {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/index.scss b/ui/packages/consul-ui/app/components/consul/intention/index.scss
index 38d47141e3c9..04727a3208a9 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './components';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/check/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/list/check/index.hbs
index aaef28195062..f7cc510df3b9 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/check/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/check/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/components.scss b/ui/packages/consul-ui/app/components/consul/intention/list/components.scss
index 7d59af6889a1..f2559a377da8 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/components.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/components.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/list/index.hbs
index edd21659cc25..bbb45b75ed5b 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/index.js b/ui/packages/consul-ui/app/components/consul/intention/list/index.js
index fe7d629ef2e4..c189f1324a1a 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/index.scss b/ui/packages/consul-ui/app/components/consul/intention/list/index.scss
index 97eba35619fb..8fea66d3379e 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './components';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/layout.scss b/ui/packages/consul-ui/app/components/consul/intention/list/layout.scss
index 22f392166712..1f4e437073f5 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/intention/list/pageobject.js
index 815977c7e3c3..01dcdb8a7941 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (collection, clickable, attribute, isPresent, deletable) =>
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/skin.scss b/ui/packages/consul-ui/app/components/consul/intention/list/skin.scss
index 8cdce558c610..22a21c00c631 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %consul-intention-list td.permissions {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs
index 427002d4f747..fdc610dd0c68 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/table/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <TabularCollection
diff --git a/ui/packages/consul-ui/app/components/consul/intention/list/table/index.scss b/ui/packages/consul-ui/app/components/consul/intention/list/table/index.scss
index 8cfe7da9d6e7..214f8d59f13c 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/list/table/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/list/table/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-list-table__meta-info {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/notice/custom-resource/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/notice/custom-resource/index.hbs
index 7f0e03edff71..79dcc5dcbdb6 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/notice/custom-resource/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/notice/custom-resource/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Hds::Alert @type='inline' @color={{or @type "neutral"}} class='mb-2 mt-2 consul-intention-notice-custom-resource' as |A|>
diff --git a/ui/packages/consul-ui/app/components/consul/intention/notice/permissions/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/notice/permissions/index.hbs
index fa6dd5d9da53..b12347cf15f5 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/notice/permissions/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/notice/permissions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Hds::Alert @type="inline" class="mb-3 mt-2" as |A|>
diff --git a/ui/packages/consul-ui/app/components/consul/intention/notifications/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/notifications/index.hbs
index 76cfbf90101d..d9638d0acb88 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/notifications/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (eq @type 'create')}}
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.hbs
index ce4621a7aaff..35299ef0b54d 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.js b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.js
index 30c73f4d4abb..b84e8dadba46 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/layout.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/form/layout.scss
index 9d085f532703..78ff7e864219 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-permission-form {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/pageobject.js b/ui/packages/consul-ui/app/components/consul/intention/permission/form/pageobject.js
index d57ae8855c2a..59acd1868e64 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { clickable } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/form/skin.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/form/skin.scss
index 51135a8de2a5..ea2872261d01 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/form/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/form/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-permission-form {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.hbs
index 3ae87f1be1b6..05068998ebe6 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.js b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.js
index ddbbc20eb5b0..1f669f633ec3 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/pageobject.js b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/pageobject.js
index c142a4c8b7d6..7ac6dccc74be 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/form/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { input } from 'consul-ui/tests/lib/page-object';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.hbs
index f97a6019dc76..057835c9d74d 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (gt items.length 0)}}
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.js b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.js
index d99599ac3039..8f027b69f0e0 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.scss
index a0eeb03eea68..2ac41904a566 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/layout.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/layout.scss
index 4d1a2b40d2de..7340c8af599e 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-permission-header-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/pageobject.js
index 4eeaca912bc1..cf28d36a6fee 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { collection } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/skin.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/skin.scss
index 43430a62dd2b..17b6445d5ec6 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/header/list/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-permission-header-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.hbs
index e469974b0bdd..4ede0cb520fb 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (gt items.length 0)}}
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.js b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.js
index d99599ac3039..8f027b69f0e0 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.scss
index d5e2d29a110c..8ead609c8456 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/layout.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/list/layout.scss
index 770c9a951a7d..085ee970420e 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-permission-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/intention/permission/list/pageobject.js
index 0a8bfe0f2c90..d8463b79d0dd 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { collection } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/consul/intention/permission/list/skin.scss b/ui/packages/consul-ui/app/components/consul/intention/permission/list/skin.scss
index 68a73b774551..c06fc2284654 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/permission/list/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/permission/list/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-permission-list {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.hbs
index c89521228129..43cb851e5545 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.scss b/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.scss
index 00fa3077a7bc..7abf158e5b9f 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/intention/search-bar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-intention-search-bar {
diff --git a/ui/packages/consul-ui/app/components/consul/intention/view/index.hbs b/ui/packages/consul-ui/app/components/consul/intention/view/index.hbs
index e17194365800..cb5e78ab8afb 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/view/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/intention/view/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/intention/view/index.js b/ui/packages/consul-ui/app/components/consul/intention/view/index.js
index d99599ac3039..8f027b69f0e0 100644
--- a/ui/packages/consul-ui/app/components/consul/intention/view/index.js
+++ b/ui/packages/consul-ui/app/components/consul/intention/view/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/kind/index.hbs b/ui/packages/consul-ui/app/components/consul/kind/index.hbs
index c5ab5fd1ddb5..3e480d8f182f 100644
--- a/ui/packages/consul-ui/app/components/consul/kind/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/kind/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if item.Kind}}
diff --git a/ui/packages/consul-ui/app/components/consul/kind/index.js b/ui/packages/consul-ui/app/components/consul/kind/index.js
index 2e9b17815162..47887b34344f 100644
--- a/ui/packages/consul-ui/app/components/consul/kind/index.js
+++ b/ui/packages/consul-ui/app/components/consul/kind/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/kind/index.scss b/ui/packages/consul-ui/app/components/consul/kind/index.scss
index 6195c48ba591..173ffac92114 100644
--- a/ui/packages/consul-ui/app/components/consul/kind/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/kind/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-kind {
diff --git a/ui/packages/consul-ui/app/components/consul/kv/form/index.hbs b/ui/packages/consul-ui/app/components/consul/kv/form/index.hbs
index 5351bd6a4b3f..2807c2329523 100644
--- a/ui/packages/consul-ui/app/components/consul/kv/form/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/kv/form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <DataForm
diff --git a/ui/packages/consul-ui/app/components/consul/kv/form/index.js b/ui/packages/consul-ui/app/components/consul/kv/form/index.js
index c9348001f857..1d5ae5d7de56 100644
--- a/ui/packages/consul-ui/app/components/consul/kv/form/index.js
+++ b/ui/packages/consul-ui/app/components/consul/kv/form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/kv/list/index.hbs b/ui/packages/consul-ui/app/components/consul/kv/list/index.hbs
index e12b7978b392..ef27a38fc615 100644
--- a/ui/packages/consul-ui/app/components/consul/kv/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/kv/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <TabularCollection
diff --git a/ui/packages/consul-ui/app/components/consul/kv/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/kv/list/pageobject.js
index 55d52a911414..4babb225671d 100644
--- a/ui/packages/consul-ui/app/components/consul/kv/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/kv/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (collection, clickable, attribute, deletable) => () => {
diff --git a/ui/packages/consul-ui/app/components/consul/kv/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/kv/search-bar/index.hbs
index 343cb68f6e7c..2232e1f29e36 100644
--- a/ui/packages/consul-ui/app/components/consul/kv/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/kv/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/loader/index.hbs b/ui/packages/consul-ui/app/components/consul/loader/index.hbs
index 5902d6531d2e..3fdc23371471 100644
--- a/ui/packages/consul-ui/app/components/consul/loader/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/loader/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/loader/index.scss b/ui/packages/consul-ui/app/components/consul/loader/index.scss
index 785f2e742c29..a1fec8466eb0 100644
--- a/ui/packages/consul-ui/app/components/consul/loader/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/loader/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/loader/layout.scss b/ui/packages/consul-ui/app/components/consul/loader/layout.scss
index f1c01acf2e83..ca33c1d7ffa1 100644
--- a/ui/packages/consul-ui/app/components/consul/loader/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/loader/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* blobs / %ui-loader ? */
diff --git a/ui/packages/consul-ui/app/components/consul/loader/skin.scss b/ui/packages/consul-ui/app/components/consul/loader/skin.scss
index 0a06530fb7d9..fb223ec53f46 100644
--- a/ui/packages/consul-ui/app/components/consul/loader/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/loader/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %loader circle {
diff --git a/ui/packages/consul-ui/app/components/consul/metadata/list/index.hbs b/ui/packages/consul-ui/app/components/consul/metadata/list/index.hbs
index 8bcee62aea2e..0d24f6e3875c 100644
--- a/ui/packages/consul-ui/app/components/consul/metadata/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/metadata/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <TabularCollection
diff --git a/ui/packages/consul-ui/app/components/consul/metadata/list/index.js b/ui/packages/consul-ui/app/components/consul/metadata/list/index.js
index d99599ac3039..8f027b69f0e0 100644
--- a/ui/packages/consul-ui/app/components/consul/metadata/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/metadata/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/node-identity/template/index.hbs b/ui/packages/consul-ui/app/components/consul/node-identity/template/index.hbs
index 301559b31e4b..614807f0773c 100644
--- a/ui/packages/consul-ui/app/components/consul/node-identity/template/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node-identity/template/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (can "use partitions")~}}
diff --git a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.hbs b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.hbs
index 53679b731f06..67e5aa37fb12 100644
--- a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if isVisible}}
diff --git a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.js b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.js
index 927ccb1b365e..db8e2612e8d8 100644
--- a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.js
+++ b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.scss b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.scss
index dad8702cc28d..45ef85f86265 100644
--- a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .agentless-node-notice .hds-alert__title {
diff --git a/ui/packages/consul-ui/app/components/consul/node/list/index.hbs b/ui/packages/consul-ui/app/components/consul/node/list/index.hbs
index 86ee73c2c687..f57d7d5ab052 100644
--- a/ui/packages/consul-ui/app/components/consul/node/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/node/peer-info/index.hbs b/ui/packages/consul-ui/app/components/consul/node/peer-info/index.hbs
index 735f4e37a144..a27216ea54c5 100644
--- a/ui/packages/consul-ui/app/components/consul/node/peer-info/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node/peer-info/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if @item.PeerName}}
diff --git a/ui/packages/consul-ui/app/components/consul/node/peer-info/index.scss b/ui/packages/consul-ui/app/components/consul/node/peer-info/index.scss
index 8175ded101c6..6b21eb6a6e5d 100644
--- a/ui/packages/consul-ui/app/components/consul/node/peer-info/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/node/peer-info/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-node-peer-info {
diff --git a/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs
index d7bdde58a593..e22e6b2b01c6 100644
--- a/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/node/search-bar/index.hbs
@@ -1,165 +1,139 @@
 {{!
-  Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
 }}
 
-<SearchBar
-  class="consul-node-search-bar"
-  ...attributes
-  @filter={{@filter}}
->
-    <:status as |search|>
+<SearchBar class="consul-node-search-bar" ...attributes @filter={{@filter}}>
+  <:status as |search|>
 
-{{#let
+    {{#let
 
-  (t (concat "components.consul.node.search-bar." search.status.key)
-      default=(array
-        (concat "common.search." search.status.key)
-        (concat "common.consul." search.status.key)
-      )
-  )
+    (t (concat "components.consul.node.search-bar." search.status.key)
+    default=(array
+    (concat "common.search." search.status.key)
+    (concat "common.consul." search.status.key)
+    )
+    )
 
-  (if search.status.value 
-    search.status.value 
+    (if search.status.value
+    search.status.value
     (t (concat "components.consul.node.search-bar." search.status.value)
-        default=(array
-          (concat "common.search." search.status.value)
-          (concat "common.consul." search.status.value)
-          (concat "common.brand." search.status.value)
-        ))
-  )
+    default=(array
+    (concat "common.search." search.status.value)
+    (concat "common.consul." search.status.value)
+    (concat "common.brand." search.status.value)
+    ))
+    )
 
-as |key value|}}
-      <search.RemoveFilter
-        aria-label={{t "common.ui.remove" item=(concat key " " value)}}
-      >
-        <dl>
-          <dt>{{key}}</dt>
-          <dd>{{value}}</dd>
-        </dl>
-      </search.RemoveFilter>
-{{/let}}
-
-    </:status>
-    <:search as |search|>
-      <search.Search
-        @onsearch={{action @onsearch}}
-        @value={{@search}}
-        @placeholder={{t "common.search.search"}}
-      >
-        <search.Select
-          class="type-search-properties"
-          @position="right"
-          @onchange={{action @filter.searchproperty.change}}
-          @multiple={{true}}
-          @required={{true}}
-        as |components|>
-          <BlockSlot @name="selected">
-            <span>
-              {{t "common.search.searchproperty"}}
-            </span>
-          </BlockSlot>
-          <BlockSlot @name="options">
-    {{#let components.Optgroup components.Option as |Optgroup Option|}}
-            {{#each @filter.searchproperty.default as |prop|}}
-              <Option @value={{prop}} @selected={{includes prop @filter.searchproperty.value}}>
-                {{t (concat "common.consul." (lowercase prop))}}
-              </Option>
-            {{/each}}
+    as |key value|}}
+    <search.RemoveFilter aria-label={{t "common.ui.remove" item=(concat key " " value)}}>
+      <dl>
+        <dt>{{key}}</dt>
+        <dd>{{value}}</dd>
+      </dl>
+    </search.RemoveFilter>
     {{/let}}
-          </BlockSlot>
-        </search.Select>
-      </search.Search>
-    </:search>
-    <:filter as |search|>
-      <search.Select
-        class="type-status"
-        @position="left"
-        @onchange={{action @filter.status.change}}
-        @multiple={{true}}
-      as |components|>
+
+  </:status>
+  <:search as |search|>
+    <search.Search @onsearch={{action @onsearch}} @value={{@search}} @placeholder={{t "common.search.search" }}>
+      <search.Select class="type-search-properties" @position="right" @onchange={{action @filter.searchproperty.change}}
+        @multiple={{true}} @required={{true}} as |components|>
         <BlockSlot @name="selected">
           <span>
-            {{t "common.consul.status"}}
+            {{t "common.search.searchproperty"}}
           </span>
         </BlockSlot>
         <BlockSlot @name="options">
-  {{#let components.Optgroup components.Option as |Optgroup Option|}}
-    {{#each (array "passing" "warning" "critical") as |state|}}
-          <Option class="value-{{state}}" @value={{state}} @selected={{includes state @filter.status.value}}>
-            {{t (concat "common.consul." state)
-                default=(array
-                  (concat "common.search." state)
-                )
-            }}
+          {{#let components.Optgroup components.Option as |Optgroup Option|}}
+          {{#each @filter.searchproperty.default as |prop|}}
+          <Option @value={{prop}} @selected={{includes prop @filter.searchproperty.value}}>
+            {{t (concat "common.consul." (lowercase prop))}}
           </Option>
-    {{/each}}
-  {{/let}}
+          {{/each}}
+          {{/let}}
         </BlockSlot>
       </search.Select>
-      <search.Select
-        class="type-version"
-        @position="left"
-        @onchange={{action @filter.version.change}}
-        @multiple={{true}}
+    </search.Search>
+  </:search>
+  <:filter as |search|>
+    <search.Select class="type-status" @position="left" @onchange={{action @filter.status.change}} @multiple={{true}} as
+      |components|>
+      <BlockSlot @name="selected">
+        <span>
+          {{t "common.consul.status"}}
+        </span>
+      </BlockSlot>
+      <BlockSlot @name="options">
+        {{#let components.Optgroup components.Option as |Optgroup Option|}}
+        {{#each (array "passing" "warning" "critical") as |state|}}
+        <Option class="value-{{state}}" @value={{state}} @selected={{includes state @filter.status.value}}>
+          {{t (concat "common.consul." state)
+          default=(array
+          (concat "common.search." state)
+          )
+          }}
+        </Option>
+        {{/each}}
+        {{/let}}
+      </BlockSlot>
+    </search.Select>
+    <search.Select class="type-version" @position="left" @onchange={{action @filter.version.change}} @multiple={{false}}
       as |components|>
-        <BlockSlot @name="selected">
-          <span>
-            {{t "common.consul.version"}}
-          </span>
-        </BlockSlot>
-        <BlockSlot @name="options">
+      <BlockSlot @name="selected">
+        <span>
+          {{t "common.consul.version"}}
+        </span>
+      </BlockSlot>
+      <BlockSlot @name="options">
         {{#let components.Optgroup components.Option as |Optgroup Option|}}
         {{#each @versions as |version|}}
-          <Option @value={{version}} @selected={{includes version @filter.version.value}}>
-            {{concat version ".x" }}
-          </Option>
+        <Option @value={{version}} @selected={{includes version @filter.version.value}}>
+          {{concat version ".x" }}
+        </Option>
         {{/each}}
         {{/let}}
-        </BlockSlot>
-      </search.Select>
-    </:filter>
-    <:sort as |search|>
-      <search.Select
-        class="type-sort"
-        data-test-sort-control
-        @position="right"
-        @onchange={{action @sort.change}}
-        @multiple={{false}}
-        @required={{true}}
-      as |components|>
-        <BlockSlot @name="selected">
-          <span>
-            {{#let (from-entries (array
-                  (array "Node:asc" (t "common.sort.alpha.asc"))
-                  (array "Node:desc" (t "common.sort.alpha.desc"))
-                  (array "Status:asc" (t "common.sort.status.asc"))
-                  (array "Status:desc" (t "common.sort.status.desc"))
-                  (array "Version:asc" (t "common.sort.version.asc"))
-                  (array "Version:desc" (t "common.sort.version.desc"))
-                ))
-              as |selectable|
-            }}
-              {{get selectable @sort.value}}
-            {{/let}}
-          </span>
-        </BlockSlot>
-        <BlockSlot @name="options">
-  {{#let components.Optgroup components.Option as |Optgroup Option|}}
-          <Optgroup @label={{t "common.consul.status"}}>
-            <Option @value="Status:asc" @selected={{eq "Status:asc" @sort.value}}>{{t "common.sort.status.asc"}}</Option>
-            <Option @value="Status:desc" @selected={{eq "Status:desc" @sort.value}}>{{t "common.sort.status.desc"}}</Option>
-          </Optgroup>
-          <Optgroup @label={{t "common.consul.node-name"}}>
-            <Option @value="Node:asc" @selected={{eq "Node:asc" @sort.value}}>{{t "common.sort.alpha.asc"}}</Option>
-            <Option @value="Node:desc" @selected={{eq "Node:desc" @sort.value}}>{{t "common.sort.alpha.desc"}}</Option>
-          </Optgroup>
-          <Optgroup @label={{t "common.consul.version"}}>
-            <Option @value="Version:asc" @selected={{eq "Version:asc" @sort.value}}>{{t "common.sort.version.asc"}}</Option>
-            <Option @value="Version:desc" @selected={{eq "Version:desc" @sort.value}}>{{t "common.sort.version.desc"}}</Option>
-          </Optgroup>
-  {{/let}}
-        </BlockSlot>
-      </search.Select>
-    </:sort>
-</SearchBar>
\ No newline at end of file
+      </BlockSlot>
+    </search.Select>
+  </:filter>
+  <:sort as |search|>
+    <search.Select class="type-sort" data-test-sort-control @position="right" @onchange={{action @sort.change}}
+      @multiple={{false}} @required={{true}} as |components|>
+      <BlockSlot @name="selected">
+        <span>
+          {{#let (from-entries (array
+          (array "Node:asc" (t "common.sort.alpha.asc"))
+          (array "Node:desc" (t "common.sort.alpha.desc"))
+          (array "Status:asc" (t "common.sort.status.asc"))
+          (array "Status:desc" (t "common.sort.status.desc"))
+          (array "Version:asc" (t "common.sort.version.asc"))
+          (array "Version:desc" (t "common.sort.version.desc"))
+          ))
+          as |selectable|
+          }}
+          {{get selectable @sort.value}}
+          {{/let}}
+        </span>
+      </BlockSlot>
+      <BlockSlot @name="options">
+        {{#let components.Optgroup components.Option as |Optgroup Option|}}
+        <Optgroup @label={{t "common.consul.status" }}>
+          <Option @value="Status:asc" @selected={{eq "Status:asc" @sort.value}}>{{t "common.sort.status.asc"}}</Option>
+          <Option @value="Status:desc" @selected={{eq "Status:desc" @sort.value}}>{{t "common.sort.status.desc"}}
+          </Option>
+        </Optgroup>
+        <Optgroup @label={{t "common.consul.node-name" }}>
+          <Option @value="Node:asc" @selected={{eq "Node:asc" @sort.value}}>{{t "common.sort.alpha.asc"}}</Option>
+          <Option @value="Node:desc" @selected={{eq "Node:desc" @sort.value}}>{{t "common.sort.alpha.desc"}}</Option>
+        </Optgroup>
+        <Optgroup @label={{t "common.consul.version" }}>
+          <Option @value="Version:asc" @selected={{eq "Version:asc" @sort.value}}>{{t "common.sort.version.asc"}}
+          </Option>
+          <Option @value="Version:desc" @selected={{eq "Version:desc" @sort.value}}>{{t "common.sort.version.desc"}}
+          </Option>
+        </Optgroup>
+        {{/let}}
+      </BlockSlot>
+    </search.Select>
+  </:sort>
+</SearchBar>
diff --git a/ui/packages/consul-ui/app/components/consul/peer/info/index.hbs b/ui/packages/consul-ui/app/components/consul/peer/info/index.hbs
index a84d698cf1ab..c140eedec0eb 100644
--- a/ui/packages/consul-ui/app/components/consul/peer/info/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/peer/info/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if @item.PeerName}}
diff --git a/ui/packages/consul-ui/app/components/consul/peer/info/index.scss b/ui/packages/consul-ui/app/components/consul/peer/info/index.scss
index a33e37bebafb..c37f28f31811 100644
--- a/ui/packages/consul-ui/app/components/consul/peer/info/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/peer/info/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-peer-info {
diff --git a/ui/packages/consul-ui/app/components/consul/peer/list/index.scss b/ui/packages/consul-ui/app/components/consul/peer/list/index.scss
index ed2d9ffb0194..dc2ef0b1e2f0 100644
--- a/ui/packages/consul-ui/app/components/consul/peer/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/peer/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .peers__list__peer-detail {
diff --git a/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs b/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs
index 2674f0884968..f9869dae0d2b 100644
--- a/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/policy/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/policy/list/pageobject.js
index eaaed90a14ba..367680fdf440 100644
--- a/ui/packages/consul-ui/app/components/consul/policy/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/policy/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (collection, clickable, attribute, text, actions) => () => {
diff --git a/ui/packages/consul-ui/app/components/consul/policy/notifications/index.hbs b/ui/packages/consul-ui/app/components/consul/policy/notifications/index.hbs
index 89b4bc14b296..bc317b7a64f2 100644
--- a/ui/packages/consul-ui/app/components/consul/policy/notifications/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/policy/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (eq @type 'create')}}
diff --git a/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.hbs
index 0563e1f1d237..24e5bd0a73f1 100644
--- a/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.js b/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.js
index 6cbf4d52f6bd..522cce68abfc 100644
--- a/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.js
+++ b/ui/packages/consul-ui/app/components/consul/policy/search-bar/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/role/list/index.hbs b/ui/packages/consul-ui/app/components/consul/role/list/index.hbs
index 5f0474ae4042..43206c56bd5b 100644
--- a/ui/packages/consul-ui/app/components/consul/role/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/role/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/role/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/role/list/pageobject.js
index f858d1117c72..12c6367090ad 100644
--- a/ui/packages/consul-ui/app/components/consul/role/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/role/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (collection, clickable, attribute, text, actions) => () => {
diff --git a/ui/packages/consul-ui/app/components/consul/role/notifications/index.hbs b/ui/packages/consul-ui/app/components/consul/role/notifications/index.hbs
index 8335a50b4f40..3a19f40ca94f 100644
--- a/ui/packages/consul-ui/app/components/consul/role/notifications/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/role/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (eq @type 'create')}}
diff --git a/ui/packages/consul-ui/app/components/consul/role/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/role/search-bar/index.hbs
index e58979f54ca5..3736f291af83 100644
--- a/ui/packages/consul-ui/app/components/consul/role/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/role/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/server/card/index.hbs b/ui/packages/consul-ui/app/components/consul/server/card/index.hbs
index f3d3254c40a5..c65e791f48dd 100644
--- a/ui/packages/consul-ui/app/components/consul/server/card/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/server/card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/server/card/index.scss b/ui/packages/consul-ui/app/components/consul/server/card/index.scss
index 8498e4ce5866..f29243c381fe 100644
--- a/ui/packages/consul-ui/app/components/consul/server/card/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/server/card/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/consul/server/card/layout.scss b/ui/packages/consul-ui/app/components/consul/server/card/layout.scss
index 5492c8ffe703..f36140610695 100644
--- a/ui/packages/consul-ui/app/components/consul/server/card/layout.scss
+++ b/ui/packages/consul-ui/app/components/consul/server/card/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %consul-server-card {
diff --git a/ui/packages/consul-ui/app/components/consul/server/card/skin.scss b/ui/packages/consul-ui/app/components/consul/server/card/skin.scss
index 5b849fdcf2ce..125d3b9d6d55 100644
--- a/ui/packages/consul-ui/app/components/consul/server/card/skin.scss
+++ b/ui/packages/consul-ui/app/components/consul/server/card/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %consul-server-card dt:not(.name) {
diff --git a/ui/packages/consul-ui/app/components/consul/server/list/index.hbs b/ui/packages/consul-ui/app/components/consul/server/list/index.hbs
index 34d9287451de..9ade0abd1133 100644
--- a/ui/packages/consul-ui/app/components/consul/server/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/server/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/server/list/index.scss b/ui/packages/consul-ui/app/components/consul/server/list/index.scss
index dc193ee0312e..5f42cead5cd6 100644
--- a/ui/packages/consul-ui/app/components/consul/server/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/server/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %consul-server-list ul {
diff --git a/ui/packages/consul-ui/app/components/consul/service-identity/template/index.hbs b/ui/packages/consul-ui/app/components/consul/service-identity/template/index.hbs
index b822316bd598..66be947abffc 100644
--- a/ui/packages/consul-ui/app/components/consul/service-identity/template/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/service-identity/template/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (can "use partitions")}}
diff --git a/ui/packages/consul-ui/app/components/consul/service-instance/list/index.hbs b/ui/packages/consul-ui/app/components/consul/service-instance/list/index.hbs
index e341dcf29edf..643814580993 100644
--- a/ui/packages/consul-ui/app/components/consul/service-instance/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/service-instance/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let
diff --git a/ui/packages/consul-ui/app/components/consul/service-instance/list/index.js b/ui/packages/consul-ui/app/components/consul/service-instance/list/index.js
index 08faa68ebe89..09e592fb74ce 100644
--- a/ui/packages/consul-ui/app/components/consul/service-instance/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/service-instance/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/service-instance/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/service-instance/search-bar/index.hbs
index c01b478f19f6..7cb899513bb0 100644
--- a/ui/packages/consul-ui/app/components/consul/service-instance/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/service-instance/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar class='consul-service-instance-search-bar' ...attributes @filter={{@filter}}>
diff --git a/ui/packages/consul-ui/app/components/consul/service/list/index.hbs b/ui/packages/consul-ui/app/components/consul/service/list/index.hbs
index 2dc1b4742b04..aeb78cf642d0 100644
--- a/ui/packages/consul-ui/app/components/consul/service/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/service/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/service/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/service/search-bar/index.hbs
index 339d0264b29d..ffe6ae7274f8 100644
--- a/ui/packages/consul-ui/app/components/consul/service/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/service/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar class='consul-service-search-bar' ...attributes @filter={{@filter}}>
diff --git a/ui/packages/consul-ui/app/components/consul/service/search-bar/index.js b/ui/packages/consul-ui/app/components/consul/service/search-bar/index.js
index 56ba4a02eb21..01968aa96ecf 100644
--- a/ui/packages/consul-ui/app/components/consul/service/search-bar/index.js
+++ b/ui/packages/consul-ui/app/components/consul/service/search-bar/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/source/index.hbs b/ui/packages/consul-ui/app/components/consul/source/index.hbs
index 64598149dbd7..83573a17a6b1 100644
--- a/ui/packages/consul-ui/app/components/consul/source/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/source/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <dl class="tooltip-panel">
diff --git a/ui/packages/consul-ui/app/components/consul/source/index.scss b/ui/packages/consul-ui/app/components/consul/source/index.scss
index 87d5e9b0dd9f..0590740aa869 100644
--- a/ui/packages/consul-ui/app/components/consul/source/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/source/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .consul-source {
diff --git a/ui/packages/consul-ui/app/components/consul/sources-select/index.hbs b/ui/packages/consul-ui/app/components/consul/sources-select/index.hbs
index 7ee4aa9261a9..023279404c42 100644
--- a/ui/packages/consul-ui/app/components/consul/sources-select/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/sources-select/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (gt @sources.length 0)}}
diff --git a/ui/packages/consul-ui/app/components/consul/token/list/index.hbs b/ui/packages/consul-ui/app/components/consul/token/list/index.hbs
index fc370bb32c60..d9df7e8849b2 100644
--- a/ui/packages/consul-ui/app/components/consul/token/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/token/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/token/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/token/list/pageobject.js
index f6fd0a2b213d..61f5babcf65b 100644
--- a/ui/packages/consul-ui/app/components/consul/token/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/token/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (collection, clickable, attribute, text, actions) => () => {
diff --git a/ui/packages/consul-ui/app/components/consul/token/notifications/index.hbs b/ui/packages/consul-ui/app/components/consul/token/notifications/index.hbs
index 2f90f6f66025..fa1a97eae788 100644
--- a/ui/packages/consul-ui/app/components/consul/token/notifications/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/token/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (eq @type 'create')}}
diff --git a/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.hbs b/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.hbs
index 101551020251..0218d0640dcd 100644
--- a/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let (policy/group (or item.Policies item.ACLs.PolicyDefaults (array))) as |policies|}}
diff --git a/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.js b/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.js
index d99599ac3039..8f027b69f0e0 100644
--- a/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.js
+++ b/ui/packages/consul-ui/app/components/consul/token/ruleset/list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/consul/token/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/token/search-bar/index.hbs
index a55ba4ce6924..b29026d10ba6 100644
--- a/ui/packages/consul-ui/app/components/consul/token/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/token/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.hbs b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.hbs
index e3876ca4bf02..d362c9a2f70d 100644
--- a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.js b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.js
index 598effd0980d..f281b693eb97 100644
--- a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.js
+++ b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.scss b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.scss
index e4bb90d77b24..51ca74694cba 100644
--- a/ui/packages/consul-ui/app/components/consul/tomography/graph/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/tomography/graph/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .tomography-graph {
diff --git a/ui/packages/consul-ui/app/components/consul/transparent-proxy/index.hbs b/ui/packages/consul-ui/app/components/consul/transparent-proxy/index.hbs
index 0f92bfe49436..5cfd8c74d746 100644
--- a/ui/packages/consul-ui/app/components/consul/transparent-proxy/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/transparent-proxy/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <span class="consul-transparent-proxy">
diff --git a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.hbs b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.hbs
index cfc61a00d362..a723620c035e 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.scss b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.scss
index b904dddd05b1..412d78ed69ee 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %consul-upstream-instance-list {
diff --git a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/pageobject.js b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/pageobject.js
index 274ffda5b587..6083866bca4f 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream-instance/list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/consul/upstream-instance/list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (collection, text) =>
diff --git a/ui/packages/consul-ui/app/components/consul/upstream-instance/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/upstream-instance/search-bar/index.hbs
index e16b89f81028..454973904842 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream-instance/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/upstream-instance/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/consul/upstream/list/index.hbs b/ui/packages/consul-ui/app/components/consul/upstream/list/index.hbs
index fd9e20422ea4..8fb51a475afb 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/upstream/list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ListCollection
diff --git a/ui/packages/consul-ui/app/components/consul/upstream/list/index.scss b/ui/packages/consul-ui/app/components/consul/upstream/list/index.scss
index 8a0aafdf9920..40d216446b35 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream/list/index.scss
+++ b/ui/packages/consul-ui/app/components/consul/upstream/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %consul-upstream-list {
diff --git a/ui/packages/consul-ui/app/components/consul/upstream/search-bar/index.hbs b/ui/packages/consul-ui/app/components/consul/upstream/search-bar/index.hbs
index 5600efc17264..82038d671064 100644
--- a/ui/packages/consul-ui/app/components/consul/upstream/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/upstream/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <SearchBar
diff --git a/ui/packages/consul-ui/app/components/copy-button/chart.xstate.js b/ui/packages/consul-ui/app/components/copy-button/chart.xstate.js
index 2c7e1ecf54ee..74aa788d6c7a 100644
--- a/ui/packages/consul-ui/app/components/copy-button/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/copy-button/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/copy-button/index.hbs b/ui/packages/consul-ui/app/components/copy-button/index.hbs
index ed3b42388cd3..766e3801a199 100644
--- a/ui/packages/consul-ui/app/components/copy-button/index.hbs
+++ b/ui/packages/consul-ui/app/components/copy-button/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <StateChart
diff --git a/ui/packages/consul-ui/app/components/copy-button/index.js b/ui/packages/consul-ui/app/components/copy-button/index.js
index b2663c87fbe3..989ebe35346b 100644
--- a/ui/packages/consul-ui/app/components/copy-button/index.js
+++ b/ui/packages/consul-ui/app/components/copy-button/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/copy-button/index.scss b/ui/packages/consul-ui/app/components/copy-button/index.scss
index f5488aae0312..94b3ad320690 100644
--- a/ui/packages/consul-ui/app/components/copy-button/index.scss
+++ b/ui/packages/consul-ui/app/components/copy-button/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/copy-button/layout.scss b/ui/packages/consul-ui/app/components/copy-button/layout.scss
index 310794271d0d..2eb0832155a0 100644
--- a/ui/packages/consul-ui/app/components/copy-button/layout.scss
+++ b/ui/packages/consul-ui/app/components/copy-button/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %copy-button {
diff --git a/ui/packages/consul-ui/app/components/copy-button/skin.scss b/ui/packages/consul-ui/app/components/copy-button/skin.scss
index ff04a0dbd80a..374e5fba8ff1 100644
--- a/ui/packages/consul-ui/app/components/copy-button/skin.scss
+++ b/ui/packages/consul-ui/app/components/copy-button/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %copy-button {
diff --git a/ui/packages/consul-ui/app/components/copyable-code/index.hbs b/ui/packages/consul-ui/app/components/copyable-code/index.hbs
index 35560c5bc44c..39c60c9d1537 100644
--- a/ui/packages/consul-ui/app/components/copyable-code/index.hbs
+++ b/ui/packages/consul-ui/app/components/copyable-code/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/copyable-code/index.scss b/ui/packages/consul-ui/app/components/copyable-code/index.scss
index c77ab76ff019..14cfaedd0e39 100644
--- a/ui/packages/consul-ui/app/components/copyable-code/index.scss
+++ b/ui/packages/consul-ui/app/components/copyable-code/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .copyable-code {
diff --git a/ui/packages/consul-ui/app/components/csv-list/debug.scss b/ui/packages/consul-ui/app/components/csv-list/debug.scss
index 1dbb566db983..f53ec046b118 100644
--- a/ui/packages/consul-ui/app/components/csv-list/debug.scss
+++ b/ui/packages/consul-ui/app/components/csv-list/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 [id^=docfy-demo-preview-csv-list] {
diff --git a/ui/packages/consul-ui/app/components/csv-list/index.scss b/ui/packages/consul-ui/app/components/csv-list/index.scss
index 7d9d2b0ef67a..bae0f0bf7caa 100644
--- a/ui/packages/consul-ui/app/components/csv-list/index.scss
+++ b/ui/packages/consul-ui/app/components/csv-list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/components/data-collection/index.hbs b/ui/packages/consul-ui/app/components/data-collection/index.hbs
index 3c301a49f7f5..b568323da833 100644
--- a/ui/packages/consul-ui/app/components/data-collection/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-collection/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{did-update (action (fn (set this 'term') '') @search)}}
diff --git a/ui/packages/consul-ui/app/components/data-collection/index.js b/ui/packages/consul-ui/app/components/data-collection/index.js
index 152454dffe2d..6bdba36c5157 100644
--- a/ui/packages/consul-ui/app/components/data-collection/index.js
+++ b/ui/packages/consul-ui/app/components/data-collection/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/data-form/index.hbs b/ui/packages/consul-ui/app/components/data-form/index.hbs
index 7545b2f602ca..a73a8c3a071e 100644
--- a/ui/packages/consul-ui/app/components/data-form/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <DataLoader
diff --git a/ui/packages/consul-ui/app/components/data-form/index.js b/ui/packages/consul-ui/app/components/data-form/index.js
index 191cd1f1919e..ba6dca5f4cfa 100644
--- a/ui/packages/consul-ui/app/components/data-form/index.js
+++ b/ui/packages/consul-ui/app/components/data-form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js b/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js
index ec31f731bfce..aab23f9758ee 100644
--- a/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/data-loader/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/data-loader/index.hbs b/ui/packages/consul-ui/app/components/data-loader/index.hbs
index 7a894117b94f..7208097c5178 100644
--- a/ui/packages/consul-ui/app/components/data-loader/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-loader/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/data-loader/index.js b/ui/packages/consul-ui/app/components/data-loader/index.js
index 9db0f6cff31a..a85b36648c12 100644
--- a/ui/packages/consul-ui/app/components/data-loader/index.js
+++ b/ui/packages/consul-ui/app/components/data-loader/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/data-sink/index.hbs b/ui/packages/consul-ui/app/components/data-sink/index.hbs
index 2517542ff9b5..7bf4d0fbe590 100644
--- a/ui/packages/consul-ui/app/components/data-sink/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-sink/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield (hash
diff --git a/ui/packages/consul-ui/app/components/data-sink/index.js b/ui/packages/consul-ui/app/components/data-sink/index.js
index 5bc54e0e160f..377d289db4f6 100644
--- a/ui/packages/consul-ui/app/components/data-sink/index.js
+++ b/ui/packages/consul-ui/app/components/data-sink/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/data-source/index.hbs b/ui/packages/consul-ui/app/components/data-source/index.hbs
index 65d006801626..df57e6910d79 100644
--- a/ui/packages/consul-ui/app/components/data-source/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-source/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (not this.disabled)}}
diff --git a/ui/packages/consul-ui/app/components/data-source/index.js b/ui/packages/consul-ui/app/components/data-source/index.js
index cf2894738e7a..d10ea3aad952 100644
--- a/ui/packages/consul-ui/app/components/data-source/index.js
+++ b/ui/packages/consul-ui/app/components/data-source/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint no-console: ["error", { allow: ["debug"] }] */
diff --git a/ui/packages/consul-ui/app/components/data-writer/chart.xstate.js b/ui/packages/consul-ui/app/components/data-writer/chart.xstate.js
index 875456aaad93..c8fe6d023654 100644
--- a/ui/packages/consul-ui/app/components/data-writer/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/data-writer/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/data-writer/index.hbs b/ui/packages/consul-ui/app/components/data-writer/index.hbs
index 60f1324ea5eb..c336c1c96661 100644
--- a/ui/packages/consul-ui/app/components/data-writer/index.hbs
+++ b/ui/packages/consul-ui/app/components/data-writer/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <StateChart @src={{chart}} as |State Guard Action dispatch state|>
diff --git a/ui/packages/consul-ui/app/components/data-writer/index.js b/ui/packages/consul-ui/app/components/data-writer/index.js
index 173afb6746ce..b626ceb04fe1 100644
--- a/ui/packages/consul-ui/app/components/data-writer/index.js
+++ b/ui/packages/consul-ui/app/components/data-writer/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/debug/navigation/index.hbs b/ui/packages/consul-ui/app/components/debug/navigation/index.hbs
index d7373afe9912..72c815c2fc58 100644
--- a/ui/packages/consul-ui/app/components/debug/navigation/index.hbs
+++ b/ui/packages/consul-ui/app/components/debug/navigation/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
   <li>
diff --git a/ui/packages/consul-ui/app/components/definition-table/debug.scss b/ui/packages/consul-ui/app/components/definition-table/debug.scss
index f9fd2d557d02..b164b50f8b0e 100644
--- a/ui/packages/consul-ui/app/components/definition-table/debug.scss
+++ b/ui/packages/consul-ui/app/components/definition-table/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 [id^='docfy-demo-preview-definition-table'] {
diff --git a/ui/packages/consul-ui/app/components/definition-table/index.scss b/ui/packages/consul-ui/app/components/definition-table/index.scss
index 7ae5d96ccdd5..039c1f4fcc5e 100644
--- a/ui/packages/consul-ui/app/components/definition-table/index.scss
+++ b/ui/packages/consul-ui/app/components/definition-table/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/definition-table/layout.scss b/ui/packages/consul-ui/app/components/definition-table/layout.scss
index 5a954ee9b722..b59176fdf702 100644
--- a/ui/packages/consul-ui/app/components/definition-table/layout.scss
+++ b/ui/packages/consul-ui/app/components/definition-table/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %definition-table > dl {
diff --git a/ui/packages/consul-ui/app/components/definition-table/skin.scss b/ui/packages/consul-ui/app/components/definition-table/skin.scss
index 6a5c2bc446e3..f5068c90a64b 100644
--- a/ui/packages/consul-ui/app/components/definition-table/skin.scss
+++ b/ui/packages/consul-ui/app/components/definition-table/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %definition-table {
diff --git a/ui/packages/consul-ui/app/components/delete-confirmation/index.hbs b/ui/packages/consul-ui/app/components/delete-confirmation/index.hbs
index e7a23c39d77d..8169ad971bcb 100644
--- a/ui/packages/consul-ui/app/components/delete-confirmation/index.hbs
+++ b/ui/packages/consul-ui/app/components/delete-confirmation/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <p>
diff --git a/ui/packages/consul-ui/app/components/delete-confirmation/index.js b/ui/packages/consul-ui/app/components/delete-confirmation/index.js
index fa7c11260214..08a37f713bcc 100644
--- a/ui/packages/consul-ui/app/components/delete-confirmation/index.js
+++ b/ui/packages/consul-ui/app/components/delete-confirmation/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/disclosure-menu/action/index.hbs b/ui/packages/consul-ui/app/components/disclosure-menu/action/index.hbs
index fed93c5d9467..62a62f562840 100644
--- a/ui/packages/consul-ui/app/components/disclosure-menu/action/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure-menu/action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <@disclosure.Action
diff --git a/ui/packages/consul-ui/app/components/disclosure-menu/index.hbs b/ui/packages/consul-ui/app/components/disclosure-menu/index.hbs
index 0e869364e164..524034ac99cf 100644
--- a/ui/packages/consul-ui/app/components/disclosure-menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure-menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/disclosure-menu/index.scss b/ui/packages/consul-ui/app/components/disclosure-menu/index.scss
index aaded7b370b8..041ca2da3e49 100644
--- a/ui/packages/consul-ui/app/components/disclosure-menu/index.scss
+++ b/ui/packages/consul-ui/app/components/disclosure-menu/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .disclosure-menu {
diff --git a/ui/packages/consul-ui/app/components/disclosure-menu/menu/index.hbs b/ui/packages/consul-ui/app/components/disclosure-menu/menu/index.hbs
index 8ad9a72ab319..18bb010640e8 100644
--- a/ui/packages/consul-ui/app/components/disclosure-menu/menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure-menu/menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <@disclosure.Details as |details|>
diff --git a/ui/packages/consul-ui/app/components/disclosure/action/index.hbs b/ui/packages/consul-ui/app/components/disclosure/action/index.hbs
index a3d0cf849edb..239e30455008 100644
--- a/ui/packages/consul-ui/app/components/disclosure/action/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure/action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Action
diff --git a/ui/packages/consul-ui/app/components/disclosure/details/index.hbs b/ui/packages/consul-ui/app/components/disclosure/details/index.hbs
index 3ecfdb6ee4ea..cf7b8239dec6 100644
--- a/ui/packages/consul-ui/app/components/disclosure/details/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure/details/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let
diff --git a/ui/packages/consul-ui/app/components/disclosure/index.hbs b/ui/packages/consul-ui/app/components/disclosure/index.hbs
index 5632f83f2f72..2f06da8e116e 100644
--- a/ui/packages/consul-ui/app/components/disclosure/index.hbs
+++ b/ui/packages/consul-ui/app/components/disclosure/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <StateChart
diff --git a/ui/packages/consul-ui/app/components/disclosure/index.js b/ui/packages/consul-ui/app/components/disclosure/index.js
index dd47bdc76c39..44e4f3d4e28a 100644
--- a/ui/packages/consul-ui/app/components/disclosure/index.js
+++ b/ui/packages/consul-ui/app/components/disclosure/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/display-toggle/index.scss b/ui/packages/consul-ui/app/components/display-toggle/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/display-toggle/index.scss
+++ b/ui/packages/consul-ui/app/components/display-toggle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/display-toggle/layout.scss b/ui/packages/consul-ui/app/components/display-toggle/layout.scss
index 71c483481ddd..d7f6a7c8af04 100644
--- a/ui/packages/consul-ui/app/components/display-toggle/layout.scss
+++ b/ui/packages/consul-ui/app/components/display-toggle/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %display-toggle-siblings,
diff --git a/ui/packages/consul-ui/app/components/display-toggle/skin.scss b/ui/packages/consul-ui/app/components/display-toggle/skin.scss
index 7c52b8373629..46102bc1abf2 100644
--- a/ui/packages/consul-ui/app/components/display-toggle/skin.scss
+++ b/ui/packages/consul-ui/app/components/display-toggle/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %display-toggle-siblings ~ label {
diff --git a/ui/packages/consul-ui/app/components/dom-recycling-table/index.scss b/ui/packages/consul-ui/app/components/dom-recycling-table/index.scss
index 65c474196a83..a079c22dc7aa 100644
--- a/ui/packages/consul-ui/app/components/dom-recycling-table/index.scss
+++ b/ui/packages/consul-ui/app/components/dom-recycling-table/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './layout';
diff --git a/ui/packages/consul-ui/app/components/dom-recycling-table/layout.scss b/ui/packages/consul-ui/app/components/dom-recycling-table/layout.scss
index 277c49c53e3d..3256ff1af125 100644
--- a/ui/packages/consul-ui/app/components/dom-recycling-table/layout.scss
+++ b/ui/packages/consul-ui/app/components/dom-recycling-table/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %dom-recycling-table {
diff --git a/ui/packages/consul-ui/app/components/empty-state/index.hbs b/ui/packages/consul-ui/app/components/empty-state/index.hbs
index 8c1a458a05a3..7f5d35cc8af3 100644
--- a/ui/packages/consul-ui/app/components/empty-state/index.hbs
+++ b/ui/packages/consul-ui/app/components/empty-state/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/empty-state/index.js b/ui/packages/consul-ui/app/components/empty-state/index.js
index f96e9c0722af..3a6ff02f451f 100644
--- a/ui/packages/consul-ui/app/components/empty-state/index.js
+++ b/ui/packages/consul-ui/app/components/empty-state/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/empty-state/index.scss b/ui/packages/consul-ui/app/components/empty-state/index.scss
index a2c0d5ae396a..ccd741e293bb 100644
--- a/ui/packages/consul-ui/app/components/empty-state/index.scss
+++ b/ui/packages/consul-ui/app/components/empty-state/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './layout';
diff --git a/ui/packages/consul-ui/app/components/empty-state/layout.scss b/ui/packages/consul-ui/app/components/empty-state/layout.scss
index 39ccf3650419..4c6e5c5c7ace 100644
--- a/ui/packages/consul-ui/app/components/empty-state/layout.scss
+++ b/ui/packages/consul-ui/app/components/empty-state/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %empty-state,
diff --git a/ui/packages/consul-ui/app/components/empty-state/pageobject.js b/ui/packages/consul-ui/app/components/empty-state/pageobject.js
index 220c7f9e83e1..6db257f8b587 100644
--- a/ui/packages/consul-ui/app/components/empty-state/pageobject.js
+++ b/ui/packages/consul-ui/app/components/empty-state/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (present) =>
diff --git a/ui/packages/consul-ui/app/components/empty-state/skin.scss b/ui/packages/consul-ui/app/components/empty-state/skin.scss
index b953ee9678a7..a60638368304 100644
--- a/ui/packages/consul-ui/app/components/empty-state/skin.scss
+++ b/ui/packages/consul-ui/app/components/empty-state/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %empty-state {
diff --git a/ui/packages/consul-ui/app/components/error-state/index.hbs b/ui/packages/consul-ui/app/components/error-state/index.hbs
index a04e3293a11c..e1c8fc0846aa 100644
--- a/ui/packages/consul-ui/app/components/error-state/index.hbs
+++ b/ui/packages/consul-ui/app/components/error-state/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (not-eq @error.status "403")}}
diff --git a/ui/packages/consul-ui/app/components/event-source/index.hbs b/ui/packages/consul-ui/app/components/event-source/index.hbs
index c9ca83481674..42d9f1bcb589 100644
--- a/ui/packages/consul-ui/app/components/event-source/index.hbs
+++ b/ui/packages/consul-ui/app/components/event-source/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield (hash
diff --git a/ui/packages/consul-ui/app/components/event-source/index.js b/ui/packages/consul-ui/app/components/event-source/index.js
index 20d29fc82be4..ff898b6b0d4e 100644
--- a/ui/packages/consul-ui/app/components/event-source/index.js
+++ b/ui/packages/consul-ui/app/components/event-source/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/expanded-single-select/index.scss b/ui/packages/consul-ui/app/components/expanded-single-select/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/expanded-single-select/index.scss
+++ b/ui/packages/consul-ui/app/components/expanded-single-select/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/expanded-single-select/layout.scss b/ui/packages/consul-ui/app/components/expanded-single-select/layout.scss
index 428377c3aa49..8fd8cd8d9810 100644
--- a/ui/packages/consul-ui/app/components/expanded-single-select/layout.scss
+++ b/ui/packages/consul-ui/app/components/expanded-single-select/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @media #{$--horizontal-selects} {
diff --git a/ui/packages/consul-ui/app/components/expanded-single-select/skin.scss b/ui/packages/consul-ui/app/components/expanded-single-select/skin.scss
index ea8ab52e56ed..b56e4d93b539 100644
--- a/ui/packages/consul-ui/app/components/expanded-single-select/skin.scss
+++ b/ui/packages/consul-ui/app/components/expanded-single-select/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %expanded-single-select {
diff --git a/ui/packages/consul-ui/app/components/filter-bar/index.scss b/ui/packages/consul-ui/app/components/filter-bar/index.scss
index 373ae718eba7..69db98743287 100644
--- a/ui/packages/consul-ui/app/components/filter-bar/index.scss
+++ b/ui/packages/consul-ui/app/components/filter-bar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/filter-bar/layout.scss b/ui/packages/consul-ui/app/components/filter-bar/layout.scss
index 1ebc5c1605ba..d6c14c37773d 100644
--- a/ui/packages/consul-ui/app/components/filter-bar/layout.scss
+++ b/ui/packages/consul-ui/app/components/filter-bar/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .filter-bar {
diff --git a/ui/packages/consul-ui/app/components/filter-bar/skin.scss b/ui/packages/consul-ui/app/components/filter-bar/skin.scss
index 37c47b933404..da8690fb6835 100644
--- a/ui/packages/consul-ui/app/components/filter-bar/skin.scss
+++ b/ui/packages/consul-ui/app/components/filter-bar/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .filter-bar {
diff --git a/ui/packages/consul-ui/app/components/form-component/index.hbs b/ui/packages/consul-ui/app/components/form-component/index.hbs
index 8709fc4b8b77..0566ddf99b46 100644
--- a/ui/packages/consul-ui/app/components/form-component/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-component/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/form-component/index.js b/ui/packages/consul-ui/app/components/form-component/index.js
index 39614c54245c..520e3eba372c 100644
--- a/ui/packages/consul-ui/app/components/form-component/index.js
+++ b/ui/packages/consul-ui/app/components/form-component/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/form-elements/index.scss b/ui/packages/consul-ui/app/components/form-elements/index.scss
index 270cba0709d7..67b2339d6f1a 100644
--- a/ui/packages/consul-ui/app/components/form-elements/index.scss
+++ b/ui/packages/consul-ui/app/components/form-elements/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/form-elements/layout.scss b/ui/packages/consul-ui/app/components/form-elements/layout.scss
index 3a4f11aa0be6..9b0212784238 100644
--- a/ui/packages/consul-ui/app/components/form-elements/layout.scss
+++ b/ui/packages/consul-ui/app/components/form-elements/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %form-element,
diff --git a/ui/packages/consul-ui/app/components/form-elements/skin.scss b/ui/packages/consul-ui/app/components/form-elements/skin.scss
index aaebd04597c7..e5fc1b6a1ade 100644
--- a/ui/packages/consul-ui/app/components/form-elements/skin.scss
+++ b/ui/packages/consul-ui/app/components/form-elements/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %form-element-text-input {
diff --git a/ui/packages/consul-ui/app/components/form-group/element/checkbox/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/checkbox/index.hbs
index 07c9d1c152f0..be64e766a9cd 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/checkbox/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/checkbox/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <input
diff --git a/ui/packages/consul-ui/app/components/form-group/element/error/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/error/index.hbs
index 38b2913ded7d..288ee045de48 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/error/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/error/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <strong
diff --git a/ui/packages/consul-ui/app/components/form-group/element/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/index.hbs
index 34f3e40145ab..d4f4487691e1 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let (hash
diff --git a/ui/packages/consul-ui/app/components/form-group/element/index.js b/ui/packages/consul-ui/app/components/form-group/element/index.js
index 86c2ac8944b7..cd133a52b896 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/index.js
+++ b/ui/packages/consul-ui/app/components/form-group/element/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/form-group/element/label/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/label/index.hbs
index 53db30ab900b..2fc091c35afe 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/label/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/label/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <span
diff --git a/ui/packages/consul-ui/app/components/form-group/element/radio/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/radio/index.hbs
index 45db5499d754..c34376e6bd44 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/radio/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/radio/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <input
diff --git a/ui/packages/consul-ui/app/components/form-group/element/text/index.hbs b/ui/packages/consul-ui/app/components/form-group/element/text/index.hbs
index 2b6335df4bfb..19fe924556c0 100644
--- a/ui/packages/consul-ui/app/components/form-group/element/text/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/element/text/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <input
diff --git a/ui/packages/consul-ui/app/components/form-group/index.hbs b/ui/packages/consul-ui/app/components/form-group/index.hbs
index 56db7f48d378..8786a6476ba6 100644
--- a/ui/packages/consul-ui/app/components/form-group/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-group/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield (hash
diff --git a/ui/packages/consul-ui/app/components/form-group/index.js b/ui/packages/consul-ui/app/components/form-group/index.js
index 31951309ccd1..1c4368e6373b 100644
--- a/ui/packages/consul-ui/app/components/form-group/index.js
+++ b/ui/packages/consul-ui/app/components/form-group/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/form-input/index.hbs b/ui/packages/consul-ui/app/components/form-input/index.hbs
index c9098acba6f8..431dd8cd80c8 100644
--- a/ui/packages/consul-ui/app/components/form-input/index.hbs
+++ b/ui/packages/consul-ui/app/components/form-input/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <label
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/index.hbs b/ui/packages/consul-ui/app/components/freetext-filter/index.hbs
index e9dd7f4f9962..e9e1698fee48 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/index.hbs
+++ b/ui/packages/consul-ui/app/components/freetext-filter/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/index.js b/ui/packages/consul-ui/app/components/freetext-filter/index.js
index 92b7d62dec5e..6cc39c961018 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/index.js
+++ b/ui/packages/consul-ui/app/components/freetext-filter/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/index.scss b/ui/packages/consul-ui/app/components/freetext-filter/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/index.scss
+++ b/ui/packages/consul-ui/app/components/freetext-filter/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/layout.scss b/ui/packages/consul-ui/app/components/freetext-filter/layout.scss
index e2b958836067..488282375661 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/layout.scss
+++ b/ui/packages/consul-ui/app/components/freetext-filter/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .freetext-filter {
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/pageobject.js b/ui/packages/consul-ui/app/components/freetext-filter/pageobject.js
index d362ed290994..5300649405a4 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/pageobject.js
+++ b/ui/packages/consul-ui/app/components/freetext-filter/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (triggerable) => () => {
diff --git a/ui/packages/consul-ui/app/components/freetext-filter/skin.scss b/ui/packages/consul-ui/app/components/freetext-filter/skin.scss
index d7f5f63af9df..b7b335c1b436 100644
--- a/ui/packages/consul-ui/app/components/freetext-filter/skin.scss
+++ b/ui/packages/consul-ui/app/components/freetext-filter/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .freetext-filter {
diff --git a/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs b/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs
index af5a3d3f6af7..485e54a55fb4 100644
--- a/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs
+++ b/ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <App class='hashicorp-consul' ...attributes>
diff --git a/ui/packages/consul-ui/app/components/hashicorp-consul/index.js b/ui/packages/consul-ui/app/components/hashicorp-consul/index.js
index 6b5135a1bee4..7046cccaeb15 100644
--- a/ui/packages/consul-ui/app/components/hashicorp-consul/index.js
+++ b/ui/packages/consul-ui/app/components/hashicorp-consul/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/hashicorp-consul/index.scss b/ui/packages/consul-ui/app/components/hashicorp-consul/index.scss
index c825656d1140..3424f79cb75f 100644
--- a/ui/packages/consul-ui/app/components/hashicorp-consul/index.scss
+++ b/ui/packages/consul-ui/app/components/hashicorp-consul/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %hashicorp-consul {
diff --git a/ui/packages/consul-ui/app/components/horizontal-kv-list/debug.scss b/ui/packages/consul-ui/app/components/horizontal-kv-list/debug.scss
index e36c2aa1fe9a..d3fe72e65b37 100644
--- a/ui/packages/consul-ui/app/components/horizontal-kv-list/debug.scss
+++ b/ui/packages/consul-ui/app/components/horizontal-kv-list/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 [id^='docfy-demo-preview-horizontal-kv-list'] {
diff --git a/ui/packages/consul-ui/app/components/horizontal-kv-list/index.scss b/ui/packages/consul-ui/app/components/horizontal-kv-list/index.scss
index fcc2477cada9..d51ee5777998 100644
--- a/ui/packages/consul-ui/app/components/horizontal-kv-list/index.scss
+++ b/ui/packages/consul-ui/app/components/horizontal-kv-list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/horizontal-kv-list/layout.scss b/ui/packages/consul-ui/app/components/horizontal-kv-list/layout.scss
index 59636c58642d..4e95363417d7 100644
--- a/ui/packages/consul-ui/app/components/horizontal-kv-list/layout.scss
+++ b/ui/packages/consul-ui/app/components/horizontal-kv-list/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %horizontal-kv-list {
diff --git a/ui/packages/consul-ui/app/components/horizontal-kv-list/skin.scss b/ui/packages/consul-ui/app/components/horizontal-kv-list/skin.scss
index 2119a28ce03c..cc1c088c9087 100644
--- a/ui/packages/consul-ui/app/components/horizontal-kv-list/skin.scss
+++ b/ui/packages/consul-ui/app/components/horizontal-kv-list/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %horizontal-kv-list-visible-title::after {
diff --git a/ui/packages/consul-ui/app/components/icon-definition/debug.scss b/ui/packages/consul-ui/app/components/icon-definition/debug.scss
index 548d7a702613..b96608743eb3 100644
--- a/ui/packages/consul-ui/app/components/icon-definition/debug.scss
+++ b/ui/packages/consul-ui/app/components/icon-definition/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 #docfy-demo-preview-icon-definition {
diff --git a/ui/packages/consul-ui/app/components/icon-definition/index.scss b/ui/packages/consul-ui/app/components/icon-definition/index.scss
index 93acc97f2e48..a05d49cafc5a 100644
--- a/ui/packages/consul-ui/app/components/icon-definition/index.scss
+++ b/ui/packages/consul-ui/app/components/icon-definition/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %icon-definition {
diff --git a/ui/packages/consul-ui/app/components/informed-action/index.hbs b/ui/packages/consul-ui/app/components/informed-action/index.hbs
index 34aa6bac37e0..6cf97b8fa7bb 100644
--- a/ui/packages/consul-ui/app/components/informed-action/index.hbs
+++ b/ui/packages/consul-ui/app/components/informed-action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/informed-action/index.scss b/ui/packages/consul-ui/app/components/informed-action/index.scss
index 955b07aef67e..1599ce999c13 100644
--- a/ui/packages/consul-ui/app/components/informed-action/index.scss
+++ b/ui/packages/consul-ui/app/components/informed-action/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/informed-action/layout.scss b/ui/packages/consul-ui/app/components/informed-action/layout.scss
index 666f84a7ac13..cc06d1ee45d9 100644
--- a/ui/packages/consul-ui/app/components/informed-action/layout.scss
+++ b/ui/packages/consul-ui/app/components/informed-action/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %informed-action {
diff --git a/ui/packages/consul-ui/app/components/informed-action/skin.scss b/ui/packages/consul-ui/app/components/informed-action/skin.scss
index f18e303fcbd6..837459d56f0a 100644
--- a/ui/packages/consul-ui/app/components/informed-action/skin.scss
+++ b/ui/packages/consul-ui/app/components/informed-action/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %informed-action {
diff --git a/ui/packages/consul-ui/app/components/inline-alert/debug.scss b/ui/packages/consul-ui/app/components/inline-alert/debug.scss
index 62652e1a8da4..d6615bf12d70 100644
--- a/ui/packages/consul-ui/app/components/inline-alert/debug.scss
+++ b/ui/packages/consul-ui/app/components/inline-alert/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 [id^='docfy-demo-preview-inline-alert'] {
diff --git a/ui/packages/consul-ui/app/components/inline-alert/index.scss b/ui/packages/consul-ui/app/components/inline-alert/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/inline-alert/index.scss
+++ b/ui/packages/consul-ui/app/components/inline-alert/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/inline-alert/layout.scss b/ui/packages/consul-ui/app/components/inline-alert/layout.scss
index a9dd6d9c3de1..e2a8f01b58c8 100644
--- a/ui/packages/consul-ui/app/components/inline-alert/layout.scss
+++ b/ui/packages/consul-ui/app/components/inline-alert/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %inline-alert {
diff --git a/ui/packages/consul-ui/app/components/inline-alert/skin.scss b/ui/packages/consul-ui/app/components/inline-alert/skin.scss
index b6c1ae37f0f0..8534bdf52e3b 100644
--- a/ui/packages/consul-ui/app/components/inline-alert/skin.scss
+++ b/ui/packages/consul-ui/app/components/inline-alert/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %inline-alert {
diff --git a/ui/packages/consul-ui/app/components/inline-code/index.scss b/ui/packages/consul-ui/app/components/inline-code/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/inline-code/index.scss
+++ b/ui/packages/consul-ui/app/components/inline-code/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/inline-code/layout.scss b/ui/packages/consul-ui/app/components/inline-code/layout.scss
index 311f6ad902fc..1b9799278cea 100644
--- a/ui/packages/consul-ui/app/components/inline-code/layout.scss
+++ b/ui/packages/consul-ui/app/components/inline-code/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %inline-code {
diff --git a/ui/packages/consul-ui/app/components/inline-code/skin.scss b/ui/packages/consul-ui/app/components/inline-code/skin.scss
index d1ce59a88e57..c2d404a84e8c 100644
--- a/ui/packages/consul-ui/app/components/inline-code/skin.scss
+++ b/ui/packages/consul-ui/app/components/inline-code/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %block-code,
diff --git a/ui/packages/consul-ui/app/components/jwt-source/index.js b/ui/packages/consul-ui/app/components/jwt-source/index.js
index a4d91801fb79..8844ea84d83c 100644
--- a/ui/packages/consul-ui/app/components/jwt-source/index.js
+++ b/ui/packages/consul-ui/app/components/jwt-source/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/list-collection/index.hbs b/ui/packages/consul-ui/app/components/list-collection/index.hbs
index 5988cc14986b..e99511bb636a 100644
--- a/ui/packages/consul-ui/app/components/list-collection/index.hbs
+++ b/ui/packages/consul-ui/app/components/list-collection/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/list-collection/index.js b/ui/packages/consul-ui/app/components/list-collection/index.js
index f4391838c45c..bd3fa340b465 100644
--- a/ui/packages/consul-ui/app/components/list-collection/index.js
+++ b/ui/packages/consul-ui/app/components/list-collection/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/components/list-collection/index.scss b/ui/packages/consul-ui/app/components/list-collection/index.scss
index f42d68aa9575..f2fc9e2a03e8 100644
--- a/ui/packages/consul-ui/app/components/list-collection/index.scss
+++ b/ui/packages/consul-ui/app/components/list-collection/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/list-collection/layout.scss b/ui/packages/consul-ui/app/components/list-collection/layout.scss
index 7b1804b3f760..9d80a22859df 100644
--- a/ui/packages/consul-ui/app/components/list-collection/layout.scss
+++ b/ui/packages/consul-ui/app/components/list-collection/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %list-collection > ul > li,
diff --git a/ui/packages/consul-ui/app/components/list-collection/skin.scss b/ui/packages/consul-ui/app/components/list-collection/skin.scss
index 48702631bd1d..854abb37d14e 100644
--- a/ui/packages/consul-ui/app/components/list-collection/skin.scss
+++ b/ui/packages/consul-ui/app/components/list-collection/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %list-collection > ul {
diff --git a/ui/packages/consul-ui/app/components/list-row/index.scss b/ui/packages/consul-ui/app/components/list-row/index.scss
index 65968d570f0f..8f2c6afcbd46 100644
--- a/ui/packages/consul-ui/app/components/list-row/index.scss
+++ b/ui/packages/consul-ui/app/components/list-row/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/list-row/layout.scss b/ui/packages/consul-ui/app/components/list-row/layout.scss
index fc4971e21f6f..11e46544bfe4 100644
--- a/ui/packages/consul-ui/app/components/list-row/layout.scss
+++ b/ui/packages/consul-ui/app/components/list-row/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %list-row {
diff --git a/ui/packages/consul-ui/app/components/list-row/skin.scss b/ui/packages/consul-ui/app/components/list-row/skin.scss
index 9f490d871c8d..2d54791643e5 100644
--- a/ui/packages/consul-ui/app/components/list-row/skin.scss
+++ b/ui/packages/consul-ui/app/components/list-row/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %list-row {
diff --git a/ui/packages/consul-ui/app/components/main-header-horizontal/index.scss b/ui/packages/consul-ui/app/components/main-header-horizontal/index.scss
index 7b885758df3a..6436a1f9115b 100644
--- a/ui/packages/consul-ui/app/components/main-header-horizontal/index.scss
+++ b/ui/packages/consul-ui/app/components/main-header-horizontal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin.scss';
diff --git a/ui/packages/consul-ui/app/components/main-header-horizontal/layout.scss b/ui/packages/consul-ui/app/components/main-header-horizontal/layout.scss
index 6e46b9b88c67..f3106c1b05cc 100644
--- a/ui/packages/consul-ui/app/components/main-header-horizontal/layout.scss
+++ b/ui/packages/consul-ui/app/components/main-header-horizontal/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %main-header-horizontal {
diff --git a/ui/packages/consul-ui/app/components/main-header-horizontal/skin.scss b/ui/packages/consul-ui/app/components/main-header-horizontal/skin.scss
index b75cfe98dfd7..bebf92eb0e39 100644
--- a/ui/packages/consul-ui/app/components/main-header-horizontal/skin.scss
+++ b/ui/packages/consul-ui/app/components/main-header-horizontal/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %main-header-horizontal::before {
diff --git a/ui/packages/consul-ui/app/components/main-nav-horizontal/index.scss b/ui/packages/consul-ui/app/components/main-nav-horizontal/index.scss
index 218935679676..bd63cfb1dc1e 100644
--- a/ui/packages/consul-ui/app/components/main-nav-horizontal/index.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-horizontal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/main-nav-horizontal/layout.scss b/ui/packages/consul-ui/app/components/main-nav-horizontal/layout.scss
index 0db5e63ea0e1..48e1bc20612f 100644
--- a/ui/packages/consul-ui/app/components/main-nav-horizontal/layout.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-horizontal/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %main-nav-horizontal > ul,
diff --git a/ui/packages/consul-ui/app/components/main-nav-horizontal/skin.scss b/ui/packages/consul-ui/app/components/main-nav-horizontal/skin.scss
index 8cd1c1e64688..5ece648a46c1 100644
--- a/ui/packages/consul-ui/app/components/main-nav-horizontal/skin.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-horizontal/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %main-nav-horizontal-action {
diff --git a/ui/packages/consul-ui/app/components/main-nav-vertical/debug.scss b/ui/packages/consul-ui/app/components/main-nav-vertical/debug.scss
index f277042b42d8..0049d728d554 100644
--- a/ui/packages/consul-ui/app/components/main-nav-vertical/debug.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-vertical/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 #docfy-demo-preview-main-nav-vertical {
diff --git a/ui/packages/consul-ui/app/components/main-nav-vertical/index.scss b/ui/packages/consul-ui/app/components/main-nav-vertical/index.scss
index fd8f7cf4b562..0867b4a16bf3 100644
--- a/ui/packages/consul-ui/app/components/main-nav-vertical/index.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-vertical/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/main-nav-vertical/layout.scss b/ui/packages/consul-ui/app/components/main-nav-vertical/layout.scss
index a63b82f951c7..4a35de781f34 100644
--- a/ui/packages/consul-ui/app/components/main-nav-vertical/layout.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-vertical/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %main-nav-vertical {
diff --git a/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss b/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss
index bda8a2110177..57a402b49b69 100644
--- a/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss
+++ b/ui/packages/consul-ui/app/components/main-nav-vertical/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %main-nav-vertical-action {
diff --git a/ui/packages/consul-ui/app/components/menu-panel/deprecated.scss b/ui/packages/consul-ui/app/components/menu-panel/deprecated.scss
index 219f74069df5..325c8bf5b0af 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/deprecated.scss
+++ b/ui/packages/consul-ui/app/components/menu-panel/deprecated.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* old stuff */
diff --git a/ui/packages/consul-ui/app/components/menu-panel/index.hbs b/ui/packages/consul-ui/app/components/menu-panel/index.hbs
index c7582dbd601a..6513b3f3d0e7 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/index.hbs
+++ b/ui/packages/consul-ui/app/components/menu-panel/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/menu-panel/index.js b/ui/packages/consul-ui/app/components/menu-panel/index.js
index 4a7833b14f74..8ce7494d5aaa 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/index.js
+++ b/ui/packages/consul-ui/app/components/menu-panel/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/menu-panel/index.scss b/ui/packages/consul-ui/app/components/menu-panel/index.scss
index 3e298a143c61..e3babd0e7579 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/index.scss
+++ b/ui/packages/consul-ui/app/components/menu-panel/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/menu-panel/layout.scss b/ui/packages/consul-ui/app/components/menu-panel/layout.scss
index 870c667d5f80..d014e79be326 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/layout.scss
+++ b/ui/packages/consul-ui/app/components/menu-panel/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %menu-panel-header {
diff --git a/ui/packages/consul-ui/app/components/menu-panel/skin.scss b/ui/packages/consul-ui/app/components/menu-panel/skin.scss
index b3b55f386398..8d3b26e6f934 100644
--- a/ui/packages/consul-ui/app/components/menu-panel/skin.scss
+++ b/ui/packages/consul-ui/app/components/menu-panel/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %menu-panel-button-selected::after {
diff --git a/ui/packages/consul-ui/app/components/menu/action/index.hbs b/ui/packages/consul-ui/app/components/menu/action/index.hbs
index 0b76c287d759..298da6ec8d87 100644
--- a/ui/packages/consul-ui/app/components/menu/action/index.hbs
+++ b/ui/packages/consul-ui/app/components/menu/action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Action
diff --git a/ui/packages/consul-ui/app/components/menu/index.hbs b/ui/packages/consul-ui/app/components/menu/index.hbs
index 34c8b5cc0841..953d342b26c6 100644
--- a/ui/packages/consul-ui/app/components/menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ul
diff --git a/ui/packages/consul-ui/app/components/menu/item/index.hbs b/ui/packages/consul-ui/app/components/menu/item/index.hbs
index a21058e79df3..83504168ebfb 100644
--- a/ui/packages/consul-ui/app/components/menu/item/index.hbs
+++ b/ui/packages/consul-ui/app/components/menu/item/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <li
diff --git a/ui/packages/consul-ui/app/components/menu/separator/index.hbs b/ui/packages/consul-ui/app/components/menu/separator/index.hbs
index b893690383ff..f6d448ba3405 100644
--- a/ui/packages/consul-ui/app/components/menu/separator/index.hbs
+++ b/ui/packages/consul-ui/app/components/menu/separator/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <li
diff --git a/ui/packages/consul-ui/app/components/modal-dialog/index.hbs b/ui/packages/consul-ui/app/components/modal-dialog/index.hbs
index 4aed448d5d35..fd1c315e3ddb 100644
--- a/ui/packages/consul-ui/app/components/modal-dialog/index.hbs
+++ b/ui/packages/consul-ui/app/components/modal-dialog/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let (hash
diff --git a/ui/packages/consul-ui/app/components/modal-dialog/index.js b/ui/packages/consul-ui/app/components/modal-dialog/index.js
index 07002606c1f8..65671fa1cf52 100644
--- a/ui/packages/consul-ui/app/components/modal-dialog/index.js
+++ b/ui/packages/consul-ui/app/components/modal-dialog/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/modal-dialog/index.scss b/ui/packages/consul-ui/app/components/modal-dialog/index.scss
index dc8f0a045a65..e8663e7c8b91 100644
--- a/ui/packages/consul-ui/app/components/modal-dialog/index.scss
+++ b/ui/packages/consul-ui/app/components/modal-dialog/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/modal-dialog/layout.scss b/ui/packages/consul-ui/app/components/modal-dialog/layout.scss
index 71b46eb90319..fffb48099aeb 100644
--- a/ui/packages/consul-ui/app/components/modal-dialog/layout.scss
+++ b/ui/packages/consul-ui/app/components/modal-dialog/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %modal-layer {
diff --git a/ui/packages/consul-ui/app/components/modal-dialog/skin.scss b/ui/packages/consul-ui/app/components/modal-dialog/skin.scss
index 8524f687739a..32185dbfbd9a 100644
--- a/ui/packages/consul-ui/app/components/modal-dialog/skin.scss
+++ b/ui/packages/consul-ui/app/components/modal-dialog/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %modal-dialog.warning header {
diff --git a/ui/packages/consul-ui/app/components/modal-layer/index.hbs b/ui/packages/consul-ui/app/components/modal-layer/index.hbs
index a76e270011fe..8cc453fd0150 100644
--- a/ui/packages/consul-ui/app/components/modal-layer/index.hbs
+++ b/ui/packages/consul-ui/app/components/modal-layer/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/more-popover-menu/index.hbs b/ui/packages/consul-ui/app/components/more-popover-menu/index.hbs
index 35b2c1524b15..3eaf0aa239a6 100644
--- a/ui/packages/consul-ui/app/components/more-popover-menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/more-popover-menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/more-popover-menu/index.js b/ui/packages/consul-ui/app/components/more-popover-menu/index.js
index d99599ac3039..8f027b69f0e0 100644
--- a/ui/packages/consul-ui/app/components/more-popover-menu/index.js
+++ b/ui/packages/consul-ui/app/components/more-popover-menu/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/more-popover-menu/index.scss b/ui/packages/consul-ui/app/components/more-popover-menu/index.scss
index 12c640d4b6b3..563faad84979 100644
--- a/ui/packages/consul-ui/app/components/more-popover-menu/index.scss
+++ b/ui/packages/consul-ui/app/components/more-popover-menu/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .more-popover-menu {
diff --git a/ui/packages/consul-ui/app/components/more-popover-menu/pageobject.js b/ui/packages/consul-ui/app/components/more-popover-menu/pageobject.js
index 4a0bc35ca3ae..7fb79c814142 100644
--- a/ui/packages/consul-ui/app/components/more-popover-menu/pageobject.js
+++ b/ui/packages/consul-ui/app/components/more-popover-menu/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (clickable, confirmation) => (actions, scope) => {
diff --git a/ui/packages/consul-ui/app/components/oidc-select/chart.xstate.js b/ui/packages/consul-ui/app/components/oidc-select/chart.xstate.js
index bd2ee43bd0a2..6a938aeed205 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/oidc-select/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/oidc-select/index.hbs b/ui/packages/consul-ui/app/components/oidc-select/index.hbs
index d5baea36ee52..0f729f9d03c6 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/index.hbs
+++ b/ui/packages/consul-ui/app/components/oidc-select/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <StateChart @src={{chart}} as |State Guard ChartAction dispatch state|>
diff --git a/ui/packages/consul-ui/app/components/oidc-select/index.js b/ui/packages/consul-ui/app/components/oidc-select/index.js
index 4c55b12967ed..2ac232d13476 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/index.js
+++ b/ui/packages/consul-ui/app/components/oidc-select/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/oidc-select/index.scss b/ui/packages/consul-ui/app/components/oidc-select/index.scss
index 23d85f90bf54..a844e6f16a4c 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/index.scss
+++ b/ui/packages/consul-ui/app/components/oidc-select/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/oidc-select/layout.scss b/ui/packages/consul-ui/app/components/oidc-select/layout.scss
index ab1ccd686c08..44ebea01e0a5 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/layout.scss
+++ b/ui/packages/consul-ui/app/components/oidc-select/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %oidc-select li,
diff --git a/ui/packages/consul-ui/app/components/oidc-select/skin.scss b/ui/packages/consul-ui/app/components/oidc-select/skin.scss
index c4f548f97ae8..438850e06ad9 100644
--- a/ui/packages/consul-ui/app/components/oidc-select/skin.scss
+++ b/ui/packages/consul-ui/app/components/oidc-select/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %oidc-select [class$='-oidc-provider']::before {
diff --git a/ui/packages/consul-ui/app/components/option-input/index.hbs b/ui/packages/consul-ui/app/components/option-input/index.hbs
index f8906f529c91..2b65eada6966 100644
--- a/ui/packages/consul-ui/app/components/option-input/index.hbs
+++ b/ui/packages/consul-ui/app/components/option-input/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <FormInput
diff --git a/ui/packages/consul-ui/app/components/outlet/index.hbs b/ui/packages/consul-ui/app/components/outlet/index.hbs
index 321793757150..d27c003d4611 100644
--- a/ui/packages/consul-ui/app/components/outlet/index.hbs
+++ b/ui/packages/consul-ui/app/components/outlet/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{did-insert this.connect}}
diff --git a/ui/packages/consul-ui/app/components/outlet/index.js b/ui/packages/consul-ui/app/components/outlet/index.js
index 1ffcb8c4f39d..5a58cd3b7801 100644
--- a/ui/packages/consul-ui/app/components/outlet/index.js
+++ b/ui/packages/consul-ui/app/components/outlet/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/overlay/index.scss b/ui/packages/consul-ui/app/components/overlay/index.scss
index 99e8dd43df87..e64254ea0beb 100644
--- a/ui/packages/consul-ui/app/components/overlay/index.scss
+++ b/ui/packages/consul-ui/app/components/overlay/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './none.scss';
diff --git a/ui/packages/consul-ui/app/components/overlay/none.scss b/ui/packages/consul-ui/app/components/overlay/none.scss
index 60b147c382ba..eb22bcbde700 100644
--- a/ui/packages/consul-ui/app/components/overlay/none.scss
+++ b/ui/packages/consul-ui/app/components/overlay/none.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .tippy-box {
diff --git a/ui/packages/consul-ui/app/components/overlay/square-tail.scss b/ui/packages/consul-ui/app/components/overlay/square-tail.scss
index 1d221851d492..ba8fa2abe463 100644
--- a/ui/packages/consul-ui/app/components/overlay/square-tail.scss
+++ b/ui/packages/consul-ui/app/components/overlay/square-tail.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 [data-theme~='square-tail'] {
diff --git a/ui/packages/consul-ui/app/components/paged-collection/index.hbs b/ui/packages/consul-ui/app/components/paged-collection/index.hbs
index c21d9104d63c..8003a88f24a2 100644
--- a/ui/packages/consul-ui/app/components/paged-collection/index.hbs
+++ b/ui/packages/consul-ui/app/components/paged-collection/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield (hash
diff --git a/ui/packages/consul-ui/app/components/paged-collection/index.js b/ui/packages/consul-ui/app/components/paged-collection/index.js
index 7a9bfbbf2680..e6f851b813e7 100644
--- a/ui/packages/consul-ui/app/components/paged-collection/index.js
+++ b/ui/packages/consul-ui/app/components/paged-collection/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/paged-collection/index.scss b/ui/packages/consul-ui/app/components/paged-collection/index.scss
index 5b274087347a..e6943f079fa8 100644
--- a/ui/packages/consul-ui/app/components/paged-collection/index.scss
+++ b/ui/packages/consul-ui/app/components/paged-collection/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %paged-collection-scroll {
diff --git a/ui/packages/consul-ui/app/components/panel/debug.scss b/ui/packages/consul-ui/app/components/panel/debug.scss
index b193883ad9b4..9dab5559a7d8 100644
--- a/ui/packages/consul-ui/app/components/panel/debug.scss
+++ b/ui/packages/consul-ui/app/components/panel/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 #docfy-demo-preview-panel {
diff --git a/ui/packages/consul-ui/app/components/panel/index.css.js b/ui/packages/consul-ui/app/components/panel/index.css.js
index c3f86fb942a4..2de8022cd194 100644
--- a/ui/packages/consul-ui/app/components/panel/index.css.js
+++ b/ui/packages/consul-ui/app/components/panel/index.css.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (css) => css`
diff --git a/ui/packages/consul-ui/app/components/panel/index.scss b/ui/packages/consul-ui/app/components/panel/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/panel/index.scss
+++ b/ui/packages/consul-ui/app/components/panel/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/panel/layout.scss b/ui/packages/consul-ui/app/components/panel/layout.scss
index a8ec607b1ce9..27ac195ccb51 100644
--- a/ui/packages/consul-ui/app/components/panel/layout.scss
+++ b/ui/packages/consul-ui/app/components/panel/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %panel {
diff --git a/ui/packages/consul-ui/app/components/panel/skin.scss b/ui/packages/consul-ui/app/components/panel/skin.scss
index 68d92e2866e6..82463ad09e36 100644
--- a/ui/packages/consul-ui/app/components/panel/skin.scss
+++ b/ui/packages/consul-ui/app/components/panel/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %panel {
diff --git a/ui/packages/consul-ui/app/components/peerings/badge/icon/index.hbs b/ui/packages/consul-ui/app/components/peerings/badge/icon/index.hbs
index a856fd8069ee..facfa881de00 100644
--- a/ui/packages/consul-ui/app/components/peerings/badge/icon/index.hbs
+++ b/ui/packages/consul-ui/app/components/peerings/badge/icon/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (or (eq @state "PENDING") (eq @state "ESTABLISHING"))}}
diff --git a/ui/packages/consul-ui/app/components/peerings/badge/index.hbs b/ui/packages/consul-ui/app/components/peerings/badge/index.hbs
index 437b0f416273..aa416d87ed12 100644
--- a/ui/packages/consul-ui/app/components/peerings/badge/index.hbs
+++ b/ui/packages/consul-ui/app/components/peerings/badge/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if @peering.State}}
diff --git a/ui/packages/consul-ui/app/components/peerings/badge/index.js b/ui/packages/consul-ui/app/components/peerings/badge/index.js
index dad8bfba791a..5a4ea379c760 100644
--- a/ui/packages/consul-ui/app/components/peerings/badge/index.js
+++ b/ui/packages/consul-ui/app/components/peerings/badge/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/peerings/badge/index.scss b/ui/packages/consul-ui/app/components/peerings/badge/index.scss
index 40874651ea50..677f5e620694 100644
--- a/ui/packages/consul-ui/app/components/peerings/badge/index.scss
+++ b/ui/packages/consul-ui/app/components/peerings/badge/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .peerings-badge {
diff --git a/ui/packages/consul-ui/app/components/peerings/provider/index.hbs b/ui/packages/consul-ui/app/components/peerings/provider/index.hbs
index 070c4ab2630d..e3a0426b0351 100644
--- a/ui/packages/consul-ui/app/components/peerings/provider/index.hbs
+++ b/ui/packages/consul-ui/app/components/peerings/provider/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield (hash data=this.data)}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/peerings/provider/index.js b/ui/packages/consul-ui/app/components/peerings/provider/index.js
index 5bc42c1e74a6..e4c0cce043f9 100644
--- a/ui/packages/consul-ui/app/components/peerings/provider/index.js
+++ b/ui/packages/consul-ui/app/components/peerings/provider/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/pill/index.scss b/ui/packages/consul-ui/app/components/pill/index.scss
index de699508c30b..10b352ad2b14 100644
--- a/ui/packages/consul-ui/app/components/pill/index.scss
+++ b/ui/packages/consul-ui/app/components/pill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/pill/layout.scss b/ui/packages/consul-ui/app/components/pill/layout.scss
index 3dc7ed6a30d1..56424ede9434 100644
--- a/ui/packages/consul-ui/app/components/pill/layout.scss
+++ b/ui/packages/consul-ui/app/components/pill/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %pill {
diff --git a/ui/packages/consul-ui/app/components/pill/skin.scss b/ui/packages/consul-ui/app/components/pill/skin.scss
index c6a92c00bab2..562a0a101457 100644
--- a/ui/packages/consul-ui/app/components/pill/skin.scss
+++ b/ui/packages/consul-ui/app/components/pill/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %pill {
diff --git a/ui/packages/consul-ui/app/components/policy-form/index.hbs b/ui/packages/consul-ui/app/components/policy-form/index.hbs
index 98f85069be4e..5004da0a1810 100644
--- a/ui/packages/consul-ui/app/components/policy-form/index.hbs
+++ b/ui/packages/consul-ui/app/components/policy-form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/policy-form/index.js b/ui/packages/consul-ui/app/components/policy-form/index.js
index 116aae672450..7328dd17bed5 100644
--- a/ui/packages/consul-ui/app/components/policy-form/index.js
+++ b/ui/packages/consul-ui/app/components/policy-form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import FormComponent from '../form-component/index';
diff --git a/ui/packages/consul-ui/app/components/policy-form/pageobject.js b/ui/packages/consul-ui/app/components/policy-form/pageobject.js
index 5ac782b11605..479448dedddc 100644
--- a/ui/packages/consul-ui/app/components/policy-form/pageobject.js
+++ b/ui/packages/consul-ui/app/components/policy-form/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (submitable, cancelable, radiogroup, text) =>
diff --git a/ui/packages/consul-ui/app/components/policy-selector/index.hbs b/ui/packages/consul-ui/app/components/policy-selector/index.hbs
index 286f6bc4f7c2..53388e0fc9ab 100644
--- a/ui/packages/consul-ui/app/components/policy-selector/index.hbs
+++ b/ui/packages/consul-ui/app/components/policy-selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ChildSelector
diff --git a/ui/packages/consul-ui/app/components/policy-selector/index.js b/ui/packages/consul-ui/app/components/policy-selector/index.js
index 3a8d14fdeeac..060cb572daca 100644
--- a/ui/packages/consul-ui/app/components/policy-selector/index.js
+++ b/ui/packages/consul-ui/app/components/policy-selector/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import ChildSelectorComponent from '../child-selector/index';
diff --git a/ui/packages/consul-ui/app/components/policy-selector/pageobject.js b/ui/packages/consul-ui/app/components/policy-selector/pageobject.js
index b6471faea0ef..6bc118404890 100644
--- a/ui/packages/consul-ui/app/components/policy-selector/pageobject.js
+++ b/ui/packages/consul-ui/app/components/policy-selector/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (clickable, deletable, collection, alias, policyForm) =>
diff --git a/ui/packages/consul-ui/app/components/popover-menu/index.hbs b/ui/packages/consul-ui/app/components/popover-menu/index.hbs
index 166536a55b50..d8f259763614 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-menu/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/popover-menu/index.js b/ui/packages/consul-ui/app/components/popover-menu/index.js
index f37321af97c5..00ffa0923fbd 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/index.js
+++ b/ui/packages/consul-ui/app/components/popover-menu/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*eslint ember/closure-actions: "warn"*/
diff --git a/ui/packages/consul-ui/app/components/popover-menu/index.scss b/ui/packages/consul-ui/app/components/popover-menu/index.scss
index 29070a0155a8..e6b220e261f2 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/index.scss
+++ b/ui/packages/consul-ui/app/components/popover-menu/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/popover-menu/layout.scss b/ui/packages/consul-ui/app/components/popover-menu/layout.scss
index daccc1e8a125..59f8ff343053 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/layout.scss
+++ b/ui/packages/consul-ui/app/components/popover-menu/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %popover-menu {
diff --git a/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.hbs b/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.hbs
index aa6649c7d003..7f0d663b5eae 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.js b/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.js
index 7762956fe7bf..34618049bb63 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.js
+++ b/ui/packages/consul-ui/app/components/popover-menu/menu-item/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.hbs b/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.hbs
index b3ec79aed5b2..d6c48ff87e48 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.js b/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.js
index 2e3ae5dc90cc..7d105b492251 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.js
+++ b/ui/packages/consul-ui/app/components/popover-menu/menu-separator/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/popover-menu/skin.scss b/ui/packages/consul-ui/app/components/popover-menu/skin.scss
index 0fb07b441da1..0a5746cd58e7 100644
--- a/ui/packages/consul-ui/app/components/popover-menu/skin.scss
+++ b/ui/packages/consul-ui/app/components/popover-menu/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %popover-menu-trigger > * {
diff --git a/ui/packages/consul-ui/app/components/popover-select/index.hbs b/ui/packages/consul-ui/app/components/popover-select/index.hbs
index 313d720bf62e..a7e91679329d 100644
--- a/ui/packages/consul-ui/app/components/popover-select/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-select/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <PopoverMenu
diff --git a/ui/packages/consul-ui/app/components/popover-select/index.js b/ui/packages/consul-ui/app/components/popover-select/index.js
index 97a24805ac5a..a8569bebf027 100644
--- a/ui/packages/consul-ui/app/components/popover-select/index.js
+++ b/ui/packages/consul-ui/app/components/popover-select/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/popover-select/index.scss b/ui/packages/consul-ui/app/components/popover-select/index.scss
index 3e997ee2aeed..2ac8ca4b6790 100644
--- a/ui/packages/consul-ui/app/components/popover-select/index.scss
+++ b/ui/packages/consul-ui/app/components/popover-select/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .popover-select {
diff --git a/ui/packages/consul-ui/app/components/popover-select/optgroup/index.hbs b/ui/packages/consul-ui/app/components/popover-select/optgroup/index.hbs
index 772294c9fa91..df03944e3547 100644
--- a/ui/packages/consul-ui/app/components/popover-select/optgroup/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-select/optgroup/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let @components.MenuSeparator as |MenuSeparator|}}
diff --git a/ui/packages/consul-ui/app/components/popover-select/option/index.hbs b/ui/packages/consul-ui/app/components/popover-select/option/index.hbs
index 66f4875c979c..6bb0fef09989 100644
--- a/ui/packages/consul-ui/app/components/popover-select/option/index.hbs
+++ b/ui/packages/consul-ui/app/components/popover-select/option/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let @components.MenuItem as |MenuItem|}}
diff --git a/ui/packages/consul-ui/app/components/popover-select/option/index.js b/ui/packages/consul-ui/app/components/popover-select/option/index.js
index f32de8c100ad..cb4f0593be8d 100644
--- a/ui/packages/consul-ui/app/components/popover-select/option/index.js
+++ b/ui/packages/consul-ui/app/components/popover-select/option/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/popover-select/pageobject.js b/ui/packages/consul-ui/app/components/popover-select/pageobject.js
index 66a8f554fc3d..f7ccdee6bfe5 100644
--- a/ui/packages/consul-ui/app/components/popover-select/pageobject.js
+++ b/ui/packages/consul-ui/app/components/popover-select/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (clickable, collection) =>
diff --git a/ui/packages/consul-ui/app/components/power-select/pageobject.js b/ui/packages/consul-ui/app/components/power-select/pageobject.js
index 380dd849cc35..6924fcf4145f 100644
--- a/ui/packages/consul-ui/app/components/power-select/pageobject.js
+++ b/ui/packages/consul-ui/app/components/power-select/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { clickable, isPresent } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/progress/index.hbs b/ui/packages/consul-ui/app/components/progress/index.hbs
index b424417b9084..57bbf0d5aa9a 100644
--- a/ui/packages/consul-ui/app/components/progress/index.hbs
+++ b/ui/packages/consul-ui/app/components/progress/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/progress/index.scss b/ui/packages/consul-ui/app/components/progress/index.scss
index 7ede4f18c89e..39439da83e63 100644
--- a/ui/packages/consul-ui/app/components/progress/index.scss
+++ b/ui/packages/consul-ui/app/components/progress/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/progress/layout.scss b/ui/packages/consul-ui/app/components/progress/layout.scss
index 9ba54527c385..c13db0fa238d 100644
--- a/ui/packages/consul-ui/app/components/progress/layout.scss
+++ b/ui/packages/consul-ui/app/components/progress/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %progress-native {
diff --git a/ui/packages/consul-ui/app/components/progress/skin.scss b/ui/packages/consul-ui/app/components/progress/skin.scss
index d5ea5f1da11d..b2da3aafbb01 100644
--- a/ui/packages/consul-ui/app/components/progress/skin.scss
+++ b/ui/packages/consul-ui/app/components/progress/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %progress-indeterminate {
diff --git a/ui/packages/consul-ui/app/components/providers/dimension/index.hbs b/ui/packages/consul-ui/app/components/providers/dimension/index.hbs
index 195001597748..41ba4511b9f6 100644
--- a/ui/packages/consul-ui/app/components/providers/dimension/index.hbs
+++ b/ui/packages/consul-ui/app/components/providers/dimension/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div {{create-ref 'element'}} {{did-insert this.measureDimensions}}>
diff --git a/ui/packages/consul-ui/app/components/providers/dimension/index.js b/ui/packages/consul-ui/app/components/providers/dimension/index.js
index 838dde1a4361..d3b50c5e9bcf 100644
--- a/ui/packages/consul-ui/app/components/providers/dimension/index.js
+++ b/ui/packages/consul-ui/app/components/providers/dimension/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/providers/search/index.hbs b/ui/packages/consul-ui/app/components/providers/search/index.hbs
index 070c4ab2630d..e3a0426b0351 100644
--- a/ui/packages/consul-ui/app/components/providers/search/index.hbs
+++ b/ui/packages/consul-ui/app/components/providers/search/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield (hash data=this.data)}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/providers/search/index.js b/ui/packages/consul-ui/app/components/providers/search/index.js
index b711d88db060..2ea94636b61a 100644
--- a/ui/packages/consul-ui/app/components/providers/search/index.js
+++ b/ui/packages/consul-ui/app/components/providers/search/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/radio-card/index.hbs b/ui/packages/consul-ui/app/components/radio-card/index.hbs
index 2d5ca49caae8..44a6383c1dad 100644
--- a/ui/packages/consul-ui/app/components/radio-card/index.hbs
+++ b/ui/packages/consul-ui/app/components/radio-card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <label
diff --git a/ui/packages/consul-ui/app/components/radio-card/index.js b/ui/packages/consul-ui/app/components/radio-card/index.js
index d99599ac3039..8f027b69f0e0 100644
--- a/ui/packages/consul-ui/app/components/radio-card/index.js
+++ b/ui/packages/consul-ui/app/components/radio-card/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/radio-card/index.scss b/ui/packages/consul-ui/app/components/radio-card/index.scss
index ab559ed57247..61d58ddab352 100644
--- a/ui/packages/consul-ui/app/components/radio-card/index.scss
+++ b/ui/packages/consul-ui/app/components/radio-card/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/radio-card/layout.scss b/ui/packages/consul-ui/app/components/radio-card/layout.scss
index 8bceb70aa431..18afe3c7a36d 100644
--- a/ui/packages/consul-ui/app/components/radio-card/layout.scss
+++ b/ui/packages/consul-ui/app/components/radio-card/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %radio-card {
diff --git a/ui/packages/consul-ui/app/components/radio-card/skin.scss b/ui/packages/consul-ui/app/components/radio-card/skin.scss
index 687009c37f66..50cc581cdafe 100644
--- a/ui/packages/consul-ui/app/components/radio-card/skin.scss
+++ b/ui/packages/consul-ui/app/components/radio-card/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %radio-card {
diff --git a/ui/packages/consul-ui/app/components/radio-group/index.hbs b/ui/packages/consul-ui/app/components/radio-group/index.hbs
index 897d2966eb06..82a1cb116ec4 100644
--- a/ui/packages/consul-ui/app/components/radio-group/index.hbs
+++ b/ui/packages/consul-ui/app/components/radio-group/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <fieldset>
diff --git a/ui/packages/consul-ui/app/components/radio-group/index.js b/ui/packages/consul-ui/app/components/radio-group/index.js
index d6722204007b..e361259095dc 100644
--- a/ui/packages/consul-ui/app/components/radio-group/index.js
+++ b/ui/packages/consul-ui/app/components/radio-group/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/radio-group/index.scss b/ui/packages/consul-ui/app/components/radio-group/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/radio-group/index.scss
+++ b/ui/packages/consul-ui/app/components/radio-group/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/radio-group/layout.scss b/ui/packages/consul-ui/app/components/radio-group/layout.scss
index ad7486e7975b..b168304a61ad 100644
--- a/ui/packages/consul-ui/app/components/radio-group/layout.scss
+++ b/ui/packages/consul-ui/app/components/radio-group/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %radio-group {
diff --git a/ui/packages/consul-ui/app/components/radio-group/pageobject.js b/ui/packages/consul-ui/app/components/radio-group/pageobject.js
index 398711a4bd25..4f86e48a9750 100644
--- a/ui/packages/consul-ui/app/components/radio-group/pageobject.js
+++ b/ui/packages/consul-ui/app/components/radio-group/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { is, clickable } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/radio-group/skin.scss b/ui/packages/consul-ui/app/components/radio-group/skin.scss
index f24f44f39bea..25bf4df27487 100644
--- a/ui/packages/consul-ui/app/components/radio-group/skin.scss
+++ b/ui/packages/consul-ui/app/components/radio-group/skin.scss
@@ -1,5 +1,5 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
diff --git a/ui/packages/consul-ui/app/components/ref/index.js b/ui/packages/consul-ui/app/components/ref/index.js
index 795cfcb57afa..5969761efe54 100644
--- a/ui/packages/consul-ui/app/components/ref/index.js
+++ b/ui/packages/consul-ui/app/components/ref/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/role-form/index.hbs b/ui/packages/consul-ui/app/components/role-form/index.hbs
index fbae60a3dd8f..933cc9cdc92c 100644
--- a/ui/packages/consul-ui/app/components/role-form/index.hbs
+++ b/ui/packages/consul-ui/app/components/role-form/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/role-form/index.js b/ui/packages/consul-ui/app/components/role-form/index.js
index 365d219fa9b1..49eb31e4394d 100644
--- a/ui/packages/consul-ui/app/components/role-form/index.js
+++ b/ui/packages/consul-ui/app/components/role-form/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import FormComponent from '../form-component/index';
diff --git a/ui/packages/consul-ui/app/components/role-form/pageobject.js b/ui/packages/consul-ui/app/components/role-form/pageobject.js
index 71392a011607..0c9a8f2c3766 100644
--- a/ui/packages/consul-ui/app/components/role-form/pageobject.js
+++ b/ui/packages/consul-ui/app/components/role-form/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (submitable, cancelable, policySelector) => () => {
diff --git a/ui/packages/consul-ui/app/components/role-selector/index.hbs b/ui/packages/consul-ui/app/components/role-selector/index.hbs
index beba5ebb4c8d..8db8d5e21604 100644
--- a/ui/packages/consul-ui/app/components/role-selector/index.hbs
+++ b/ui/packages/consul-ui/app/components/role-selector/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <ModalDialog
diff --git a/ui/packages/consul-ui/app/components/role-selector/index.js b/ui/packages/consul-ui/app/components/role-selector/index.js
index ac9e5f7140b7..930106687da1 100644
--- a/ui/packages/consul-ui/app/components/role-selector/index.js
+++ b/ui/packages/consul-ui/app/components/role-selector/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import ChildSelectorComponent from '../child-selector/index';
diff --git a/ui/packages/consul-ui/app/components/role-selector/index.scss b/ui/packages/consul-ui/app/components/role-selector/index.scss
index 05bf5c20f42c..6f18a1aa2d43 100644
--- a/ui/packages/consul-ui/app/components/role-selector/index.scss
+++ b/ui/packages/consul-ui/app/components/role-selector/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .role-selector {
diff --git a/ui/packages/consul-ui/app/components/role-selector/pageobject.js b/ui/packages/consul-ui/app/components/role-selector/pageobject.js
index b6749a3693af..64b535f5c0c2 100644
--- a/ui/packages/consul-ui/app/components/role-selector/pageobject.js
+++ b/ui/packages/consul-ui/app/components/role-selector/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (clickable, deletable, collection, alias, roleForm) =>
diff --git a/ui/packages/consul-ui/app/components/route/announcer/index.hbs b/ui/packages/consul-ui/app/components/route/announcer/index.hbs
index 04df63b8d797..e17750dfa242 100644
--- a/ui/packages/consul-ui/app/components/route/announcer/index.hbs
+++ b/ui/packages/consul-ui/app/components/route/announcer/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{page-title @title separator=(or @separator ' - ')}}
diff --git a/ui/packages/consul-ui/app/components/route/index.hbs b/ui/packages/consul-ui/app/components/route/index.hbs
index 6745d7d55d2e..1ca4f6b52dd3 100644
--- a/ui/packages/consul-ui/app/components/route/index.hbs
+++ b/ui/packages/consul-ui/app/components/route/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{did-insert this.connect}}
diff --git a/ui/packages/consul-ui/app/components/route/index.js b/ui/packages/consul-ui/app/components/route/index.js
index ef7865688aa3..f9d1be3abb18 100644
--- a/ui/packages/consul-ui/app/components/route/index.js
+++ b/ui/packages/consul-ui/app/components/route/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/route/title/index.hbs b/ui/packages/consul-ui/app/components/route/title/index.hbs
index 5b64397a4ba8..bcc5d263d0a3 100644
--- a/ui/packages/consul-ui/app/components/route/title/index.hbs
+++ b/ui/packages/consul-ui/app/components/route/title/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{page-title @title separator=@separator}}
diff --git a/ui/packages/consul-ui/app/components/route/title/index.scss b/ui/packages/consul-ui/app/components/route/title/index.scss
index 62e3a148d0ba..cab51cdbe865 100644
--- a/ui/packages/consul-ui/app/components/route/title/index.scss
+++ b/ui/packages/consul-ui/app/components/route/title/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %route-title {
diff --git a/ui/packages/consul-ui/app/components/search-bar/index.hbs b/ui/packages/consul-ui/app/components/search-bar/index.hbs
index 1dc265d86a0c..571020d7beb2 100644
--- a/ui/packages/consul-ui/app/components/search-bar/index.hbs
+++ b/ui/packages/consul-ui/app/components/search-bar/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/search-bar/index.js b/ui/packages/consul-ui/app/components/search-bar/index.js
index a3164cf3176d..5c2fe867d4c1 100644
--- a/ui/packages/consul-ui/app/components/search-bar/index.js
+++ b/ui/packages/consul-ui/app/components/search-bar/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/search-bar/index.scss b/ui/packages/consul-ui/app/components/search-bar/index.scss
index 9d135c967f3a..5a1ab1d671e3 100644
--- a/ui/packages/consul-ui/app/components/search-bar/index.scss
+++ b/ui/packages/consul-ui/app/components/search-bar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .search-bar {
diff --git a/ui/packages/consul-ui/app/components/search-bar/remove-filter/index.hbs b/ui/packages/consul-ui/app/components/search-bar/remove-filter/index.hbs
index 616dc2c5b578..cd9683e64c94 100644
--- a/ui/packages/consul-ui/app/components/search-bar/remove-filter/index.hbs
+++ b/ui/packages/consul-ui/app/components/search-bar/remove-filter/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <li>
diff --git a/ui/packages/consul-ui/app/components/search-bar/utils.js b/ui/packages/consul-ui/app/components/search-bar/utils.js
index 3027e02ba399..c6ebf0ec856e 100644
--- a/ui/packages/consul-ui/app/components/search-bar/utils.js
+++ b/ui/packages/consul-ui/app/components/search-bar/utils.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export const diff = (a, b) => {
diff --git a/ui/packages/consul-ui/app/components/skip-links/index.scss b/ui/packages/consul-ui/app/components/skip-links/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/skip-links/index.scss
+++ b/ui/packages/consul-ui/app/components/skip-links/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/skip-links/layout.scss b/ui/packages/consul-ui/app/components/skip-links/layout.scss
index a1ce1bfddaad..7477ae5027d3 100644
--- a/ui/packages/consul-ui/app/components/skip-links/layout.scss
+++ b/ui/packages/consul-ui/app/components/skip-links/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %skip-links {
diff --git a/ui/packages/consul-ui/app/components/skip-links/skin.scss b/ui/packages/consul-ui/app/components/skip-links/skin.scss
index 6d1f759a38d2..1782e4727da6 100644
--- a/ui/packages/consul-ui/app/components/skip-links/skin.scss
+++ b/ui/packages/consul-ui/app/components/skip-links/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %skip-links {
diff --git a/ui/packages/consul-ui/app/components/sliding-toggle/index.scss b/ui/packages/consul-ui/app/components/sliding-toggle/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/sliding-toggle/index.scss
+++ b/ui/packages/consul-ui/app/components/sliding-toggle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/sliding-toggle/layout.scss b/ui/packages/consul-ui/app/components/sliding-toggle/layout.scss
index f5db6d4f5714..9fda060a1f9d 100644
--- a/ui/packages/consul-ui/app/components/sliding-toggle/layout.scss
+++ b/ui/packages/consul-ui/app/components/sliding-toggle/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %sliding-toggle label {
diff --git a/ui/packages/consul-ui/app/components/sliding-toggle/skin.scss b/ui/packages/consul-ui/app/components/sliding-toggle/skin.scss
index bf34ca335c1e..5e6aaf5d0fa0 100644
--- a/ui/packages/consul-ui/app/components/sliding-toggle/skin.scss
+++ b/ui/packages/consul-ui/app/components/sliding-toggle/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* TODO: Maybe move this to reset? */
diff --git a/ui/packages/consul-ui/app/components/state-chart/action/index.hbs b/ui/packages/consul-ui/app/components/state-chart/action/index.hbs
index 8709fc4b8b77..0566ddf99b46 100644
--- a/ui/packages/consul-ui/app/components/state-chart/action/index.hbs
+++ b/ui/packages/consul-ui/app/components/state-chart/action/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/state-chart/action/index.js b/ui/packages/consul-ui/app/components/state-chart/action/index.js
index 5c026134271e..65bd7f6aac6f 100644
--- a/ui/packages/consul-ui/app/components/state-chart/action/index.js
+++ b/ui/packages/consul-ui/app/components/state-chart/action/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/state-chart/guard/index.hbs b/ui/packages/consul-ui/app/components/state-chart/guard/index.hbs
index 8709fc4b8b77..0566ddf99b46 100644
--- a/ui/packages/consul-ui/app/components/state-chart/guard/index.hbs
+++ b/ui/packages/consul-ui/app/components/state-chart/guard/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
\ No newline at end of file
diff --git a/ui/packages/consul-ui/app/components/state-chart/guard/index.js b/ui/packages/consul-ui/app/components/state-chart/guard/index.js
index d304691ac85f..bfc00ffac4ad 100644
--- a/ui/packages/consul-ui/app/components/state-chart/guard/index.js
+++ b/ui/packages/consul-ui/app/components/state-chart/guard/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/state-chart/index.hbs b/ui/packages/consul-ui/app/components/state-chart/index.hbs
index 4c31d338fcbb..c13fdf0f122c 100644
--- a/ui/packages/consul-ui/app/components/state-chart/index.hbs
+++ b/ui/packages/consul-ui/app/components/state-chart/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield
diff --git a/ui/packages/consul-ui/app/components/state-chart/index.js b/ui/packages/consul-ui/app/components/state-chart/index.js
index 7fc138315749..489a5484d32e 100644
--- a/ui/packages/consul-ui/app/components/state-chart/index.js
+++ b/ui/packages/consul-ui/app/components/state-chart/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/state-machine/index.hbs b/ui/packages/consul-ui/app/components/state-machine/index.hbs
index b48102117b6b..f13655007252 100644
--- a/ui/packages/consul-ui/app/components/state-machine/index.hbs
+++ b/ui/packages/consul-ui/app/components/state-machine/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield
diff --git a/ui/packages/consul-ui/app/components/state-machine/index.js b/ui/packages/consul-ui/app/components/state-machine/index.js
index 578519ed381b..8f6636fc4adf 100644
--- a/ui/packages/consul-ui/app/components/state-machine/index.js
+++ b/ui/packages/consul-ui/app/components/state-machine/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '../state-chart/index';
diff --git a/ui/packages/consul-ui/app/components/state/index.hbs b/ui/packages/consul-ui/app/components/state/index.hbs
index 7ae0359d90b1..71d85ff01c24 100644
--- a/ui/packages/consul-ui/app/components/state/index.hbs
+++ b/ui/packages/consul-ui/app/components/state/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{did-insert this.attributeChanged @state @matches @notMatches}}
diff --git a/ui/packages/consul-ui/app/components/state/index.js b/ui/packages/consul-ui/app/components/state/index.js
index 2a0b92c3b5df..5323f2401696 100644
--- a/ui/packages/consul-ui/app/components/state/index.js
+++ b/ui/packages/consul-ui/app/components/state/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/tab-nav/index.hbs b/ui/packages/consul-ui/app/components/tab-nav/index.hbs
index c77284a213f9..ec5f2e79b9f1 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/index.hbs
+++ b/ui/packages/consul-ui/app/components/tab-nav/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let (dom-position (set this 'style') offset=true) 'tab' as |select name|}}
diff --git a/ui/packages/consul-ui/app/components/tab-nav/index.js b/ui/packages/consul-ui/app/components/tab-nav/index.js
index 305589924e31..ba8b65aa191e 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/index.js
+++ b/ui/packages/consul-ui/app/components/tab-nav/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/tab-nav/index.scss b/ui/packages/consul-ui/app/components/tab-nav/index.scss
index b41787d26e0a..acfc5d38407b 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/index.scss
+++ b/ui/packages/consul-ui/app/components/tab-nav/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/tab-nav/layout.scss b/ui/packages/consul-ui/app/components/tab-nav/layout.scss
index 624b39efd4fb..4e318a390f91 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/layout.scss
+++ b/ui/packages/consul-ui/app/components/tab-nav/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %tab-nav {
diff --git a/ui/packages/consul-ui/app/components/tab-nav/pageobject.js b/ui/packages/consul-ui/app/components/tab-nav/pageobject.js
index 4f4f26e00e9d..4a074c972a77 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/pageobject.js
+++ b/ui/packages/consul-ui/app/components/tab-nav/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { is, clickable, attribute, isVisible } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/app/components/tab-nav/skin.scss b/ui/packages/consul-ui/app/components/tab-nav/skin.scss
index bb45eb78485b..b9cae78fbd0b 100644
--- a/ui/packages/consul-ui/app/components/tab-nav/skin.scss
+++ b/ui/packages/consul-ui/app/components/tab-nav/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %tab-nav ul {
diff --git a/ui/packages/consul-ui/app/components/table/index.scss b/ui/packages/consul-ui/app/components/table/index.scss
index 11e5928e1704..479192388314 100644
--- a/ui/packages/consul-ui/app/components/table/index.scss
+++ b/ui/packages/consul-ui/app/components/table/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/table/layout.scss b/ui/packages/consul-ui/app/components/table/layout.scss
index a89681831573..18204d15b124 100644
--- a/ui/packages/consul-ui/app/components/table/layout.scss
+++ b/ui/packages/consul-ui/app/components/table/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %table {
diff --git a/ui/packages/consul-ui/app/components/table/skin.scss b/ui/packages/consul-ui/app/components/table/skin.scss
index 0169990a556b..c8b03fe31981 100644
--- a/ui/packages/consul-ui/app/components/table/skin.scss
+++ b/ui/packages/consul-ui/app/components/table/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %table th,
diff --git a/ui/packages/consul-ui/app/components/tabular-collection/index.hbs b/ui/packages/consul-ui/app/components/tabular-collection/index.hbs
index 8b25e831a163..388305aad084 100644
--- a/ui/packages/consul-ui/app/components/tabular-collection/index.hbs
+++ b/ui/packages/consul-ui/app/components/tabular-collection/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <table
diff --git a/ui/packages/consul-ui/app/components/tabular-collection/index.js b/ui/packages/consul-ui/app/components/tabular-collection/index.js
index 63ef74c5c284..6fe96984e25a 100644
--- a/ui/packages/consul-ui/app/components/tabular-collection/index.js
+++ b/ui/packages/consul-ui/app/components/tabular-collection/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/components/tabular-collection/index.scss b/ui/packages/consul-ui/app/components/tabular-collection/index.scss
index 5ce730997621..d3e7ec1ead7b 100644
--- a/ui/packages/consul-ui/app/components/tabular-collection/index.scss
+++ b/ui/packages/consul-ui/app/components/tabular-collection/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 table.dom-recycling {
diff --git a/ui/packages/consul-ui/app/components/tabular-details/index.hbs b/ui/packages/consul-ui/app/components/tabular-details/index.hbs
index 293787f0bf4f..30a9ff36caf9 100644
--- a/ui/packages/consul-ui/app/components/tabular-details/index.hbs
+++ b/ui/packages/consul-ui/app/components/tabular-details/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/tabular-details/index.js b/ui/packages/consul-ui/app/components/tabular-details/index.js
index 5611235f53a3..2fb1369907f7 100644
--- a/ui/packages/consul-ui/app/components/tabular-details/index.js
+++ b/ui/packages/consul-ui/app/components/tabular-details/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/tabular-details/index.scss b/ui/packages/consul-ui/app/components/tabular-details/index.scss
index b0bc79ba5510..4fee503ba6f5 100644
--- a/ui/packages/consul-ui/app/components/tabular-details/index.scss
+++ b/ui/packages/consul-ui/app/components/tabular-details/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/tabular-details/layout.scss b/ui/packages/consul-ui/app/components/tabular-details/layout.scss
index 911a7e1db2c6..8d941bf162dd 100644
--- a/ui/packages/consul-ui/app/components/tabular-details/layout.scss
+++ b/ui/packages/consul-ui/app/components/tabular-details/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* TODO: rename: %details-table */
diff --git a/ui/packages/consul-ui/app/components/tabular-details/skin.scss b/ui/packages/consul-ui/app/components/tabular-details/skin.scss
index 80d6d292a06d..88d32eb97029 100644
--- a/ui/packages/consul-ui/app/components/tabular-details/skin.scss
+++ b/ui/packages/consul-ui/app/components/tabular-details/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %tabular-details-toggle-button::before {
diff --git a/ui/packages/consul-ui/app/components/tabular-dl/index.scss b/ui/packages/consul-ui/app/components/tabular-dl/index.scss
index be2b3f025ff3..ade3815190d5 100644
--- a/ui/packages/consul-ui/app/components/tabular-dl/index.scss
+++ b/ui/packages/consul-ui/app/components/tabular-dl/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './layout';
diff --git a/ui/packages/consul-ui/app/components/tabular-dl/layout.scss b/ui/packages/consul-ui/app/components/tabular-dl/layout.scss
index c8e6bbd98bfe..5a6b4d6b5de5 100644
--- a/ui/packages/consul-ui/app/components/tabular-dl/layout.scss
+++ b/ui/packages/consul-ui/app/components/tabular-dl/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %tabular-dl {
diff --git a/ui/packages/consul-ui/app/components/tabular-dl/skin.scss b/ui/packages/consul-ui/app/components/tabular-dl/skin.scss
index 9829eb517b54..9bd4ac16db31 100644
--- a/ui/packages/consul-ui/app/components/tabular-dl/skin.scss
+++ b/ui/packages/consul-ui/app/components/tabular-dl/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %tabular-dl {
diff --git a/ui/packages/consul-ui/app/components/tag-list/index.hbs b/ui/packages/consul-ui/app/components/tag-list/index.hbs
index a52376cfb1f0..9c971bc96245 100644
--- a/ui/packages/consul-ui/app/components/tag-list/index.hbs
+++ b/ui/packages/consul-ui/app/components/tag-list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#let (union (or @item.Tags (array)) (or @tags (array))) as |tags|}}
diff --git a/ui/packages/consul-ui/app/components/tag-list/index.scss b/ui/packages/consul-ui/app/components/tag-list/index.scss
index 14b0231d8496..3c151eddf00f 100644
--- a/ui/packages/consul-ui/app/components/tag-list/index.scss
+++ b/ui/packages/consul-ui/app/components/tag-list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .tag-list,
diff --git a/ui/packages/consul-ui/app/components/text-input/index.hbs b/ui/packages/consul-ui/app/components/text-input/index.hbs
index 89ba7826f5b2..875989b5a2ee 100644
--- a/ui/packages/consul-ui/app/components/text-input/index.hbs
+++ b/ui/packages/consul-ui/app/components/text-input/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <FormInput
diff --git a/ui/packages/consul-ui/app/components/tile/debug.scss b/ui/packages/consul-ui/app/components/tile/debug.scss
index 02f417455ad7..1ca9e44ef04d 100644
--- a/ui/packages/consul-ui/app/components/tile/debug.scss
+++ b/ui/packages/consul-ui/app/components/tile/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 #docfy-demo-preview-tile {
diff --git a/ui/packages/consul-ui/app/components/tile/index.scss b/ui/packages/consul-ui/app/components/tile/index.scss
index 2bef99777d76..9be914651928 100644
--- a/ui/packages/consul-ui/app/components/tile/index.scss
+++ b/ui/packages/consul-ui/app/components/tile/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %with-tile {
diff --git a/ui/packages/consul-ui/app/components/toggle-button/index.hbs b/ui/packages/consul-ui/app/components/toggle-button/index.hbs
index e19120529553..196954e13827 100644
--- a/ui/packages/consul-ui/app/components/toggle-button/index.hbs
+++ b/ui/packages/consul-ui/app/components/toggle-button/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <input
diff --git a/ui/packages/consul-ui/app/components/toggle-button/index.js b/ui/packages/consul-ui/app/components/toggle-button/index.js
index 3902709e7bb4..0593e89cb229 100644
--- a/ui/packages/consul-ui/app/components/toggle-button/index.js
+++ b/ui/packages/consul-ui/app/components/toggle-button/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/toggle-button/index.scss b/ui/packages/consul-ui/app/components/toggle-button/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/toggle-button/index.scss
+++ b/ui/packages/consul-ui/app/components/toggle-button/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/toggle-button/layout.scss b/ui/packages/consul-ui/app/components/toggle-button/layout.scss
index 1004fbbe37f1..77691824719f 100644
--- a/ui/packages/consul-ui/app/components/toggle-button/layout.scss
+++ b/ui/packages/consul-ui/app/components/toggle-button/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* TODO: This should be merged with ghost-button*/
diff --git a/ui/packages/consul-ui/app/components/toggle-button/skin.scss b/ui/packages/consul-ui/app/components/toggle-button/skin.scss
index 3f34040e0637..00f820792b4b 100644
--- a/ui/packages/consul-ui/app/components/toggle-button/skin.scss
+++ b/ui/packages/consul-ui/app/components/toggle-button/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %toggle-button {
diff --git a/ui/packages/consul-ui/app/components/token-list/index.hbs b/ui/packages/consul-ui/app/components/token-list/index.hbs
index 556b93efdc38..07ef9257c311 100644
--- a/ui/packages/consul-ui/app/components/token-list/index.hbs
+++ b/ui/packages/consul-ui/app/components/token-list/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/components/token-list/index.js b/ui/packages/consul-ui/app/components/token-list/index.js
index 363946d6d405..feb20a03d8a2 100644
--- a/ui/packages/consul-ui/app/components/token-list/index.js
+++ b/ui/packages/consul-ui/app/components/token-list/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/token-list/pageobject.js b/ui/packages/consul-ui/app/components/token-list/pageobject.js
index 9c79de4e977e..7204ea8f3453 100644
--- a/ui/packages/consul-ui/app/components/token-list/pageobject.js
+++ b/ui/packages/consul-ui/app/components/token-list/pageobject.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (clickable, attribute, collection, deletable) => () => {
diff --git a/ui/packages/consul-ui/app/components/token-source/chart.xstate.js b/ui/packages/consul-ui/app/components/token-source/chart.xstate.js
index af193cd80fa1..9874737faf8e 100644
--- a/ui/packages/consul-ui/app/components/token-source/chart.xstate.js
+++ b/ui/packages/consul-ui/app/components/token-source/chart.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/components/token-source/index.hbs b/ui/packages/consul-ui/app/components/token-source/index.hbs
index 626dd7ab0548..03f3d9888ee7 100644
--- a/ui/packages/consul-ui/app/components/token-source/index.hbs
+++ b/ui/packages/consul-ui/app/components/token-source/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <StateChart
diff --git a/ui/packages/consul-ui/app/components/token-source/index.js b/ui/packages/consul-ui/app/components/token-source/index.js
index d4e3c79f1dd2..5e5979feb2ef 100644
--- a/ui/packages/consul-ui/app/components/token-source/index.js
+++ b/ui/packages/consul-ui/app/components/token-source/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/tooltip-panel/index.scss b/ui/packages/consul-ui/app/components/tooltip-panel/index.scss
index 59a040e93bee..ccf27df641b2 100644
--- a/ui/packages/consul-ui/app/components/tooltip-panel/index.scss
+++ b/ui/packages/consul-ui/app/components/tooltip-panel/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/tooltip-panel/layout.scss b/ui/packages/consul-ui/app/components/tooltip-panel/layout.scss
index dd681dddbf46..081cae0a062a 100644
--- a/ui/packages/consul-ui/app/components/tooltip-panel/layout.scss
+++ b/ui/packages/consul-ui/app/components/tooltip-panel/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %tooltip-panel,
diff --git a/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss b/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss
index 1e5ba6bab170..8fb1c0ed2b4b 100644
--- a/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss
+++ b/ui/packages/consul-ui/app/components/tooltip-panel/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %tooltip-panel dt {
diff --git a/ui/packages/consul-ui/app/components/tooltip/index.hbs b/ui/packages/consul-ui/app/components/tooltip/index.hbs
index 9af44ec479e5..e6c115ffa04f 100644
--- a/ui/packages/consul-ui/app/components/tooltip/index.hbs
+++ b/ui/packages/consul-ui/app/components/tooltip/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/tooltip/index.scss b/ui/packages/consul-ui/app/components/tooltip/index.scss
index 2b0679953586..53d1ced3e2a1 100644
--- a/ui/packages/consul-ui/app/components/tooltip/index.scss
+++ b/ui/packages/consul-ui/app/components/tooltip/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .tippy-box[data-theme~='tooltip'] {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/card/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/card/index.hbs
index 0dba1c016aa8..6ea8c7f16b5a 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/card/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/card/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (eq @item.Datacenter '')}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/card/index.js b/ui/packages/consul-ui/app/components/topology-metrics/card/index.js
index 9b115e837113..ee9e7b36bbd4 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/card/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/card/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/card/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/card/index.scss
index 42e05f833217..bc2e4dc21f0d 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/card/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/card/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 #upstream-container .topology-metrics-card:not(:last-child),
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.hbs
index a073ec424d97..a52e1f6ba4e7 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (gt @lines.length 0)}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.js b/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.js
index afcf62def644..7d42f4d8443b 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/down-lines/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/index.hbs
index 46f8dc9e01d0..3aceaa0206e6 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/index.js b/ui/packages/consul-ui/app/components/topology-metrics/index.js
index 587668c6df1f..72e00310a2dc 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/layout.scss b/ui/packages/consul-ui/app/components/topology-metrics/layout.scss
index b6500fe80045..4f4c8e00f99b 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/layout.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .topology-notices {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/notifications/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/notifications/index.hbs
index ee763cb60990..b6a23565213a 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/notifications/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/notifications/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (eq @type 'create')}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.hbs
index 244e3a36180b..59b5462bc290 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <div
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.js b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.js
index ef14df32b4d9..e479cdc9b3e5 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.scss
index c0724c23b1d0..5932b7e7e039 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/popover/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/popover/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .topology-metrics-popover {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/series/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/series/index.hbs
index a48b3a260cd3..f0bb9cf4db3a 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/series/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/series/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (not @noMetricsReason)}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/series/index.js b/ui/packages/consul-ui/app/components/topology-metrics/series/index.js
index 696f074e46b5..c920955adbfd 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/series/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/series/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@ember/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/series/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/series/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/series/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/series/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/series/layout.scss b/ui/packages/consul-ui/app/components/topology-metrics/series/layout.scss
index 1900cdcc2901..56ae6dd44785 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/series/layout.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/series/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 #metrics-container div .sparkline-wrapper {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/series/skin.scss b/ui/packages/consul-ui/app/components/topology-metrics/series/skin.scss
index 85db80be0b4d..14b20e8688a3 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/series/skin.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/series/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 #metrics-container .sparkline-wrapper {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/skin.scss b/ui/packages/consul-ui/app/components/topology-metrics/skin.scss
index 9a04815e4467..7930bfc46a8d 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/skin.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .topology-notices {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.hbs
index 56a118e4f458..3b3859c25030 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <span
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.scss
index 7c27347db735..f158f41fb8d4 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/source-type/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .topology-metrics-source-type {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.hbs
index 7309e8eca088..4c3433d8e307 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (not @noMetricsReason)}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.js b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.js
index ab547f7fd4fe..94723e9b5ae0 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.scss
index d3836797113b..cbe3d2c74130 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/stats/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/stats/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .topology-metrics-stats {
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/status/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/status/index.hbs
index f147c8ee5210..be1d183d9aa6 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/status/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/status/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (or @noMetricsReason @error)}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/status/index.scss b/ui/packages/consul-ui/app/components/topology-metrics/status/index.scss
index 21be3b6f6ebc..9f9e25db8204 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/status/index.scss
+++ b/ui/packages/consul-ui/app/components/topology-metrics/status/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .topology-metrics-status-error,
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.hbs b/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.hbs
index c2d6de1975df..c08ae20350c3 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.hbs
+++ b/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if (gt @lines.length 0)}}
diff --git a/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.js b/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.js
index 1cd610a4e41e..2e266ef2ffb3 100644
--- a/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.js
+++ b/ui/packages/consul-ui/app/components/topology-metrics/up-lines/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/watcher/index.hbs b/ui/packages/consul-ui/app/components/watcher/index.hbs
index 43bc6c3ae450..b326ee79d4ba 100644
--- a/ui/packages/consul-ui/app/components/watcher/index.hbs
+++ b/ui/packages/consul-ui/app/components/watcher/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield (hash
diff --git a/ui/packages/consul-ui/app/components/watcher/index.js b/ui/packages/consul-ui/app/components/watcher/index.js
index 868d59f7e663..68e6827e4d42 100644
--- a/ui/packages/consul-ui/app/components/watcher/index.js
+++ b/ui/packages/consul-ui/app/components/watcher/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Component from '@glimmer/component';
diff --git a/ui/packages/consul-ui/app/components/yield/index.hbs b/ui/packages/consul-ui/app/components/yield/index.hbs
index 4c7b4919504a..fca792f507c0 100644
--- a/ui/packages/consul-ui/app/components/yield/index.hbs
+++ b/ui/packages/consul-ui/app/components/yield/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/app/controllers/_peered-resource.js b/ui/packages/consul-ui/app/controllers/_peered-resource.js
index e0b588a36040..70f2c5294a44 100644
--- a/ui/packages/consul-ui/app/controllers/_peered-resource.js
+++ b/ui/packages/consul-ui/app/controllers/_peered-resource.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Controller from '@ember/controller';
diff --git a/ui/packages/consul-ui/app/controllers/application.js b/ui/packages/consul-ui/app/controllers/application.js
index 9180761dcd99..84ad92a8231e 100644
--- a/ui/packages/consul-ui/app/controllers/application.js
+++ b/ui/packages/consul-ui/app/controllers/application.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/policies/create.js b/ui/packages/consul-ui/app/controllers/dc/acls/policies/create.js
index 2ff44f72fe85..53e7ed003936 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/policies/create.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/policies/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Controller from './edit';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/policies/edit.js b/ui/packages/consul-ui/app/controllers/dc/acls/policies/edit.js
index 8aa847e20219..ab816beb3168 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/policies/edit.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/policies/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/roles/create.js b/ui/packages/consul-ui/app/controllers/dc/acls/roles/create.js
index 2ff44f72fe85..53e7ed003936 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/roles/create.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/roles/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Controller from './edit';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/roles/edit.js b/ui/packages/consul-ui/app/controllers/dc/acls/roles/edit.js
index 04778c6f34cc..380c0c1688b7 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/roles/edit.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/roles/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/tokens/create.js b/ui/packages/consul-ui/app/controllers/dc/acls/tokens/create.js
index 2ff44f72fe85..53e7ed003936 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/tokens/create.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/tokens/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Controller from './edit';
diff --git a/ui/packages/consul-ui/app/controllers/dc/acls/tokens/edit.js b/ui/packages/consul-ui/app/controllers/dc/acls/tokens/edit.js
index 81628de627b1..14222ddb089e 100644
--- a/ui/packages/consul-ui/app/controllers/dc/acls/tokens/edit.js
+++ b/ui/packages/consul-ui/app/controllers/dc/acls/tokens/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Controller from '@ember/controller';
diff --git a/ui/packages/consul-ui/app/controllers/dc/nodes/index.js b/ui/packages/consul-ui/app/controllers/dc/nodes/index.js
index fe5889e4792a..89eaa2f1833a 100644
--- a/ui/packages/consul-ui/app/controllers/dc/nodes/index.js
+++ b/ui/packages/consul-ui/app/controllers/dc/nodes/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import PeeredResourceController from 'consul-ui/controllers/_peered-resource';
diff --git a/ui/packages/consul-ui/app/controllers/dc/services/index.js b/ui/packages/consul-ui/app/controllers/dc/services/index.js
index 2d98940be925..77c99c0c8977 100644
--- a/ui/packages/consul-ui/app/controllers/dc/services/index.js
+++ b/ui/packages/consul-ui/app/controllers/dc/services/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import PeeredResourceController from 'consul-ui/controllers/_peered-resource';
diff --git a/ui/packages/consul-ui/app/controllers/dc/services/instance/healthchecks.js b/ui/packages/consul-ui/app/controllers/dc/services/instance/healthchecks.js
index 1e274ba3d47d..f4d3e6afd45d 100644
--- a/ui/packages/consul-ui/app/controllers/dc/services/instance/healthchecks.js
+++ b/ui/packages/consul-ui/app/controllers/dc/services/instance/healthchecks.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Controller from '@ember/controller';
diff --git a/ui/packages/consul-ui/app/decorators/data-source.js b/ui/packages/consul-ui/app/decorators/data-source.js
index 228f62991745..a0e1c7970d5b 100644
--- a/ui/packages/consul-ui/app/decorators/data-source.js
+++ b/ui/packages/consul-ui/app/decorators/data-source.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { runInDebug } from '@ember/debug';
diff --git a/ui/packages/consul-ui/app/decorators/replace.js b/ui/packages/consul-ui/app/decorators/replace.js
index 1521b24a0d33..62c762ce06ad 100644
--- a/ui/packages/consul-ui/app/decorators/replace.js
+++ b/ui/packages/consul-ui/app/decorators/replace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/env.js b/ui/packages/consul-ui/app/env.js
index 7a832d320f73..1671ce111065 100644
--- a/ui/packages/consul-ui/app/env.js
+++ b/ui/packages/consul-ui/app/env.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import config from './config/environment';
diff --git a/ui/packages/consul-ui/app/filter/predicates/auth-method.js b/ui/packages/consul-ui/app/filter/predicates/auth-method.js
index e2d4b5598d25..22ba3bfaed78 100644
--- a/ui/packages/consul-ui/app/filter/predicates/auth-method.js
+++ b/ui/packages/consul-ui/app/filter/predicates/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/filter/predicates/health-check.js b/ui/packages/consul-ui/app/filter/predicates/health-check.js
index 7cb0ed7d5d06..af6a478a2839 100644
--- a/ui/packages/consul-ui/app/filter/predicates/health-check.js
+++ b/ui/packages/consul-ui/app/filter/predicates/health-check.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/filter/predicates/intention.js b/ui/packages/consul-ui/app/filter/predicates/intention.js
index a3f37c04b79b..f3c3173dca33 100644
--- a/ui/packages/consul-ui/app/filter/predicates/intention.js
+++ b/ui/packages/consul-ui/app/filter/predicates/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/filter/predicates/kv.js b/ui/packages/consul-ui/app/filter/predicates/kv.js
index eab8616fed19..e80d5cb3798f 100644
--- a/ui/packages/consul-ui/app/filter/predicates/kv.js
+++ b/ui/packages/consul-ui/app/filter/predicates/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/filter/predicates/node.js b/ui/packages/consul-ui/app/filter/predicates/node.js
index 99d22784d27a..83eb3c98eaf2 100644
--- a/ui/packages/consul-ui/app/filter/predicates/node.js
+++ b/ui/packages/consul-ui/app/filter/predicates/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
@@ -9,12 +9,5 @@ export default {
     warning: (item, value) => item.Status === value,
     critical: (item, value) => item.Status === value,
   },
-  version: (item, value) => {
-    for (const element of value) {
-      if (item.Version.includes(element + '.')) {
-        return true;
-      }
-    }
-    return false;
-  },
+  version: (item, value) => item.Version.includes(value + '.'),
 };
diff --git a/ui/packages/consul-ui/app/filter/predicates/peer.js b/ui/packages/consul-ui/app/filter/predicates/peer.js
index c2686e934cd8..26cf3bb944e6 100644
--- a/ui/packages/consul-ui/app/filter/predicates/peer.js
+++ b/ui/packages/consul-ui/app/filter/predicates/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/filter/predicates/policy.js b/ui/packages/consul-ui/app/filter/predicates/policy.js
index 78c47b8b0af6..4b26d77b4b65 100644
--- a/ui/packages/consul-ui/app/filter/predicates/policy.js
+++ b/ui/packages/consul-ui/app/filter/predicates/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import setHelpers from 'mnemonist/set';
diff --git a/ui/packages/consul-ui/app/filter/predicates/service-instance.js b/ui/packages/consul-ui/app/filter/predicates/service-instance.js
index 1b75a845d916..b91d337585b3 100644
--- a/ui/packages/consul-ui/app/filter/predicates/service-instance.js
+++ b/ui/packages/consul-ui/app/filter/predicates/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import setHelpers from 'mnemonist/set';
diff --git a/ui/packages/consul-ui/app/filter/predicates/service.js b/ui/packages/consul-ui/app/filter/predicates/service.js
index 220a6ca358cb..00d7fe884ca8 100644
--- a/ui/packages/consul-ui/app/filter/predicates/service.js
+++ b/ui/packages/consul-ui/app/filter/predicates/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import setHelpers from 'mnemonist/set';
diff --git a/ui/packages/consul-ui/app/filter/predicates/token.js b/ui/packages/consul-ui/app/filter/predicates/token.js
index fab338739092..43a4dd9d5072 100644
--- a/ui/packages/consul-ui/app/filter/predicates/token.js
+++ b/ui/packages/consul-ui/app/filter/predicates/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/formats.js b/ui/packages/consul-ui/app/formats.js
index e791c1efc972..065168b91657 100644
--- a/ui/packages/consul-ui/app/formats.js
+++ b/ui/packages/consul-ui/app/formats.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/forms/intention.js b/ui/packages/consul-ui/app/forms/intention.js
index ee665bc77b35..770ea540fdd3 100644
--- a/ui/packages/consul-ui/app/forms/intention.js
+++ b/ui/packages/consul-ui/app/forms/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import validations from 'consul-ui/validations/intention';
diff --git a/ui/packages/consul-ui/app/forms/kv.js b/ui/packages/consul-ui/app/forms/kv.js
index 3f15fec0f902..412be65d57cf 100644
--- a/ui/packages/consul-ui/app/forms/kv.js
+++ b/ui/packages/consul-ui/app/forms/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import validations from 'consul-ui/validations/kv';
diff --git a/ui/packages/consul-ui/app/forms/policy.js b/ui/packages/consul-ui/app/forms/policy.js
index ef48fcf891cc..e063df30f92b 100644
--- a/ui/packages/consul-ui/app/forms/policy.js
+++ b/ui/packages/consul-ui/app/forms/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import validations from 'consul-ui/validations/policy';
diff --git a/ui/packages/consul-ui/app/forms/role.js b/ui/packages/consul-ui/app/forms/role.js
index 3116cbe57f67..8616e212ae32 100644
--- a/ui/packages/consul-ui/app/forms/role.js
+++ b/ui/packages/consul-ui/app/forms/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import validations from 'consul-ui/validations/role';
diff --git a/ui/packages/consul-ui/app/forms/token.js b/ui/packages/consul-ui/app/forms/token.js
index 59932a765cd2..5e085fdc2cac 100644
--- a/ui/packages/consul-ui/app/forms/token.js
+++ b/ui/packages/consul-ui/app/forms/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import validations from 'consul-ui/validations/token';
diff --git a/ui/packages/consul-ui/app/helpers/adopt-styles.js b/ui/packages/consul-ui/app/helpers/adopt-styles.js
index 4dc31bce25b0..0de5a69dc373 100644
--- a/ui/packages/consul-ui/app/helpers/adopt-styles.js
+++ b/ui/packages/consul-ui/app/helpers/adopt-styles.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/atob.js b/ui/packages/consul-ui/app/helpers/atob.js
index 988ba8ae0a97..0cc945a2482e 100644
--- a/ui/packages/consul-ui/app/helpers/atob.js
+++ b/ui/packages/consul-ui/app/helpers/atob.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/cached-model.js b/ui/packages/consul-ui/app/helpers/cached-model.js
index cd2d8785e5b4..bd0f529c0144 100644
--- a/ui/packages/consul-ui/app/helpers/cached-model.js
+++ b/ui/packages/consul-ui/app/helpers/cached-model.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/class-map.js b/ui/packages/consul-ui/app/helpers/class-map.js
index a38cc2d8f09d..54ede84d3862 100644
--- a/ui/packages/consul-ui/app/helpers/class-map.js
+++ b/ui/packages/consul-ui/app/helpers/class-map.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/collection.js b/ui/packages/consul-ui/app/helpers/collection.js
index 18b08dd202d7..475be048ab6d 100644
--- a/ui/packages/consul-ui/app/helpers/collection.js
+++ b/ui/packages/consul-ui/app/helpers/collection.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/css-map.js b/ui/packages/consul-ui/app/helpers/css-map.js
index 1a098f078f7d..f69fc3a187a1 100644
--- a/ui/packages/consul-ui/app/helpers/css-map.js
+++ b/ui/packages/consul-ui/app/helpers/css-map.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/css.js b/ui/packages/consul-ui/app/helpers/css.js
index de2dc35d154b..448b4d279241 100644
--- a/ui/packages/consul-ui/app/helpers/css.js
+++ b/ui/packages/consul-ui/app/helpers/css.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/document-attrs.js b/ui/packages/consul-ui/app/helpers/document-attrs.js
index 7b62abbb9139..3165f428446d 100644
--- a/ui/packages/consul-ui/app/helpers/document-attrs.js
+++ b/ui/packages/consul-ui/app/helpers/document-attrs.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/dom-position.js b/ui/packages/consul-ui/app/helpers/dom-position.js
index 6398edcf3cf8..e4e0e71b6ff3 100644
--- a/ui/packages/consul-ui/app/helpers/dom-position.js
+++ b/ui/packages/consul-ui/app/helpers/dom-position.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/duration-from.js b/ui/packages/consul-ui/app/helpers/duration-from.js
index 0a5e349feade..bf01761ff042 100644
--- a/ui/packages/consul-ui/app/helpers/duration-from.js
+++ b/ui/packages/consul-ui/app/helpers/duration-from.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/env.js b/ui/packages/consul-ui/app/helpers/env.js
index c96394152693..626eb681315f 100644
--- a/ui/packages/consul-ui/app/helpers/env.js
+++ b/ui/packages/consul-ui/app/helpers/env.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/flatten-property.js b/ui/packages/consul-ui/app/helpers/flatten-property.js
index d738fa73c8a8..7d9775ad71b3 100644
--- a/ui/packages/consul-ui/app/helpers/flatten-property.js
+++ b/ui/packages/consul-ui/app/helpers/flatten-property.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/format-short-time.js b/ui/packages/consul-ui/app/helpers/format-short-time.js
index ad3d87c5459c..7b6e7261e8dc 100644
--- a/ui/packages/consul-ui/app/helpers/format-short-time.js
+++ b/ui/packages/consul-ui/app/helpers/format-short-time.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/href-to.js b/ui/packages/consul-ui/app/helpers/href-to.js
index 4bc91c8a6183..7e089e59edc9 100644
--- a/ui/packages/consul-ui/app/helpers/href-to.js
+++ b/ui/packages/consul-ui/app/helpers/href-to.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // This helper requires `ember-href-to` for the moment at least
diff --git a/ui/packages/consul-ui/app/helpers/icon-mapping.js b/ui/packages/consul-ui/app/helpers/icon-mapping.js
index c0fce79bc22a..21bbc33d173b 100644
--- a/ui/packages/consul-ui/app/helpers/icon-mapping.js
+++ b/ui/packages/consul-ui/app/helpers/icon-mapping.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/icons-debug.js b/ui/packages/consul-ui/app/helpers/icons-debug.js
index 8cbd5484cb4d..472e0a11cfa9 100644
--- a/ui/packages/consul-ui/app/helpers/icons-debug.js
+++ b/ui/packages/consul-ui/app/helpers/icons-debug.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/is-href.js b/ui/packages/consul-ui/app/helpers/is-href.js
index 2080185f2c04..fc59d8a7d86f 100644
--- a/ui/packages/consul-ui/app/helpers/is-href.js
+++ b/ui/packages/consul-ui/app/helpers/is-href.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/is.js b/ui/packages/consul-ui/app/helpers/is.js
index 2fd830ca071b..9fd915672f94 100644
--- a/ui/packages/consul-ui/app/helpers/is.js
+++ b/ui/packages/consul-ui/app/helpers/is.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from 'ember-can/helpers/can';
diff --git a/ui/packages/consul-ui/app/helpers/json-stringify.js b/ui/packages/consul-ui/app/helpers/json-stringify.js
index 5e00326803f5..e3a5297f51e9 100644
--- a/ui/packages/consul-ui/app/helpers/json-stringify.js
+++ b/ui/packages/consul-ui/app/helpers/json-stringify.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/last.js b/ui/packages/consul-ui/app/helpers/last.js
index 533432eabb40..a6df31626ace 100644
--- a/ui/packages/consul-ui/app/helpers/last.js
+++ b/ui/packages/consul-ui/app/helpers/last.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/left-trim.js b/ui/packages/consul-ui/app/helpers/left-trim.js
index 870eab3074b5..0d6b31e46467 100644
--- a/ui/packages/consul-ui/app/helpers/left-trim.js
+++ b/ui/packages/consul-ui/app/helpers/left-trim.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/merge-checks.js b/ui/packages/consul-ui/app/helpers/merge-checks.js
index 5edd0a7f3bf7..32c5c3ae8c42 100644
--- a/ui/packages/consul-ui/app/helpers/merge-checks.js
+++ b/ui/packages/consul-ui/app/helpers/merge-checks.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/percentage-of.js b/ui/packages/consul-ui/app/helpers/percentage-of.js
index 72a7e114d58a..4950305516d4 100644
--- a/ui/packages/consul-ui/app/helpers/percentage-of.js
+++ b/ui/packages/consul-ui/app/helpers/percentage-of.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/policy/datacenters.js b/ui/packages/consul-ui/app/helpers/policy/datacenters.js
index 576e79b94a9c..304832a375db 100644
--- a/ui/packages/consul-ui/app/helpers/policy/datacenters.js
+++ b/ui/packages/consul-ui/app/helpers/policy/datacenters.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/policy/group.js b/ui/packages/consul-ui/app/helpers/policy/group.js
index 0e53863ded00..448e754cccc3 100644
--- a/ui/packages/consul-ui/app/helpers/policy/group.js
+++ b/ui/packages/consul-ui/app/helpers/policy/group.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/policy/typeof.js b/ui/packages/consul-ui/app/helpers/policy/typeof.js
index b2d1c3d5cb90..859e613e78bf 100644
--- a/ui/packages/consul-ui/app/helpers/policy/typeof.js
+++ b/ui/packages/consul-ui/app/helpers/policy/typeof.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/refresh-route.js b/ui/packages/consul-ui/app/helpers/refresh-route.js
index 4a703ee05dd3..44074ee44c26 100644
--- a/ui/packages/consul-ui/app/helpers/refresh-route.js
+++ b/ui/packages/consul-ui/app/helpers/refresh-route.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/render-template.js b/ui/packages/consul-ui/app/helpers/render-template.js
index 6ea4e065aa03..3e2d0c9750b7 100644
--- a/ui/packages/consul-ui/app/helpers/render-template.js
+++ b/ui/packages/consul-ui/app/helpers/render-template.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/require.js b/ui/packages/consul-ui/app/helpers/require.js
index 86b2d0839341..a0df527286f8 100644
--- a/ui/packages/consul-ui/app/helpers/require.js
+++ b/ui/packages/consul-ui/app/helpers/require.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/right-trim.js b/ui/packages/consul-ui/app/helpers/right-trim.js
index fbc0585cb393..934ff9977783 100644
--- a/ui/packages/consul-ui/app/helpers/right-trim.js
+++ b/ui/packages/consul-ui/app/helpers/right-trim.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/route-match.js b/ui/packages/consul-ui/app/helpers/route-match.js
index 479a3832778b..4615f579870c 100644
--- a/ui/packages/consul-ui/app/helpers/route-match.js
+++ b/ui/packages/consul-ui/app/helpers/route-match.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/service/card-permissions.js b/ui/packages/consul-ui/app/helpers/service/card-permissions.js
index 15a2abae1504..3d43e3417a90 100644
--- a/ui/packages/consul-ui/app/helpers/service/card-permissions.js
+++ b/ui/packages/consul-ui/app/helpers/service/card-permissions.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/service/external-source.js b/ui/packages/consul-ui/app/helpers/service/external-source.js
index 1fd88f8ea6a9..e73b192b2605 100644
--- a/ui/packages/consul-ui/app/helpers/service/external-source.js
+++ b/ui/packages/consul-ui/app/helpers/service/external-source.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/service/health-percentage.js b/ui/packages/consul-ui/app/helpers/service/health-percentage.js
index 2a9d2cda0680..9bf25795aebc 100644
--- a/ui/packages/consul-ui/app/helpers/service/health-percentage.js
+++ b/ui/packages/consul-ui/app/helpers/service/health-percentage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/slugify.js b/ui/packages/consul-ui/app/helpers/slugify.js
index 455c60931862..b37c3d8c25d7 100644
--- a/ui/packages/consul-ui/app/helpers/slugify.js
+++ b/ui/packages/consul-ui/app/helpers/slugify.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/smart-date-format.js b/ui/packages/consul-ui/app/helpers/smart-date-format.js
index 5473d13bdcd9..eea6dd38d05e 100644
--- a/ui/packages/consul-ui/app/helpers/smart-date-format.js
+++ b/ui/packages/consul-ui/app/helpers/smart-date-format.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/split.js b/ui/packages/consul-ui/app/helpers/split.js
index d44a335bdc95..71d9b1ee4c80 100644
--- a/ui/packages/consul-ui/app/helpers/split.js
+++ b/ui/packages/consul-ui/app/helpers/split.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/state-chart.js b/ui/packages/consul-ui/app/helpers/state-chart.js
index 5a94bae1aa2a..d10ab5553771 100644
--- a/ui/packages/consul-ui/app/helpers/state-chart.js
+++ b/ui/packages/consul-ui/app/helpers/state-chart.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/state-matches.js b/ui/packages/consul-ui/app/helpers/state-matches.js
index 8f0d21e99bb0..bfe54f6743b8 100644
--- a/ui/packages/consul-ui/app/helpers/state-matches.js
+++ b/ui/packages/consul-ui/app/helpers/state-matches.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/style-map.js b/ui/packages/consul-ui/app/helpers/style-map.js
index b85aa30c9257..b82bc674e57f 100644
--- a/ui/packages/consul-ui/app/helpers/style-map.js
+++ b/ui/packages/consul-ui/app/helpers/style-map.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/substr.js b/ui/packages/consul-ui/app/helpers/substr.js
index b5dc785dd9f1..c7abad921a2f 100644
--- a/ui/packages/consul-ui/app/helpers/substr.js
+++ b/ui/packages/consul-ui/app/helpers/substr.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/svg-curve.js b/ui/packages/consul-ui/app/helpers/svg-curve.js
index a1715331a975..0f4c7f5d43d1 100644
--- a/ui/packages/consul-ui/app/helpers/svg-curve.js
+++ b/ui/packages/consul-ui/app/helpers/svg-curve.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/temporal-format.js b/ui/packages/consul-ui/app/helpers/temporal-format.js
index 35d42495b103..ea7b55ca4873 100644
--- a/ui/packages/consul-ui/app/helpers/temporal-format.js
+++ b/ui/packages/consul-ui/app/helpers/temporal-format.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/temporal-within.js b/ui/packages/consul-ui/app/helpers/temporal-within.js
index 28ee4a18962b..66f8bf133e9d 100644
--- a/ui/packages/consul-ui/app/helpers/temporal-within.js
+++ b/ui/packages/consul-ui/app/helpers/temporal-within.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/test.js b/ui/packages/consul-ui/app/helpers/test.js
index d95fac5efa6a..b1748dc6c620 100644
--- a/ui/packages/consul-ui/app/helpers/test.js
+++ b/ui/packages/consul-ui/app/helpers/test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from './can';
diff --git a/ui/packages/consul-ui/app/helpers/to-hash.js b/ui/packages/consul-ui/app/helpers/to-hash.js
index 62c526ed2607..7932e0e56605 100644
--- a/ui/packages/consul-ui/app/helpers/to-hash.js
+++ b/ui/packages/consul-ui/app/helpers/to-hash.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/to-route.js b/ui/packages/consul-ui/app/helpers/to-route.js
index 1fb16cc545c6..32fb95f67d6d 100644
--- a/ui/packages/consul-ui/app/helpers/to-route.js
+++ b/ui/packages/consul-ui/app/helpers/to-route.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/token/is-anonymous.js b/ui/packages/consul-ui/app/helpers/token/is-anonymous.js
index 601917b0f180..068c89045b5a 100644
--- a/ui/packages/consul-ui/app/helpers/token/is-anonymous.js
+++ b/ui/packages/consul-ui/app/helpers/token/is-anonymous.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/token/is-legacy.js b/ui/packages/consul-ui/app/helpers/token/is-legacy.js
index 530c4b96bc9c..cd2519e34d51 100644
--- a/ui/packages/consul-ui/app/helpers/token/is-legacy.js
+++ b/ui/packages/consul-ui/app/helpers/token/is-legacy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/tween-to.js b/ui/packages/consul-ui/app/helpers/tween-to.js
index b1a9f56d2a50..21ffc57a54f9 100644
--- a/ui/packages/consul-ui/app/helpers/tween-to.js
+++ b/ui/packages/consul-ui/app/helpers/tween-to.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/uniq-by.js b/ui/packages/consul-ui/app/helpers/uniq-by.js
index d348eaad5cb9..f665cdb8b4f0 100644
--- a/ui/packages/consul-ui/app/helpers/uniq-by.js
+++ b/ui/packages/consul-ui/app/helpers/uniq-by.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { helper } from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/unique-id.js b/ui/packages/consul-ui/app/helpers/unique-id.js
index 180dc188d5a9..08f5cd4502bd 100644
--- a/ui/packages/consul-ui/app/helpers/unique-id.js
+++ b/ui/packages/consul-ui/app/helpers/unique-id.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/helpers/uri.js b/ui/packages/consul-ui/app/helpers/uri.js
index ff133c630cd1..307b7231aba4 100644
--- a/ui/packages/consul-ui/app/helpers/uri.js
+++ b/ui/packages/consul-ui/app/helpers/uri.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Helper from '@ember/component/helper';
diff --git a/ui/packages/consul-ui/app/index.html b/ui/packages/consul-ui/app/index.html
index 77b9ca89095d..9f9f55adf83e 100644
--- a/ui/packages/consul-ui/app/index.html
+++ b/ui/packages/consul-ui/app/index.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <!--
  Copyright (c) HashiCorp, Inc.
- SPDX-License-Identifier: BUSL-1.1
+ SPDX-License-Identifier: MPL-2.0
 -->
 
 <html lang="en" class="{{content-for "root-class"}}">
diff --git a/ui/packages/consul-ui/app/instance-initializers/container.js b/ui/packages/consul-ui/app/instance-initializers/container.js
index ced0fd4d7e19..2602e2050e93 100644
--- a/ui/packages/consul-ui/app/instance-initializers/container.js
+++ b/ui/packages/consul-ui/app/instance-initializers/container.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { runInDebug } from '@ember/debug';
diff --git a/ui/packages/consul-ui/app/instance-initializers/href-to.js b/ui/packages/consul-ui/app/instance-initializers/href-to.js
index 2e15b7fd22d8..5764ac732d86 100644
--- a/ui/packages/consul-ui/app/instance-initializers/href-to.js
+++ b/ui/packages/consul-ui/app/instance-initializers/href-to.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import LinkComponent from '@ember/routing/link-component';
diff --git a/ui/packages/consul-ui/app/instance-initializers/ivy-codemirror.js b/ui/packages/consul-ui/app/instance-initializers/ivy-codemirror.js
index 43ab72509106..90cb2866434f 100644
--- a/ui/packages/consul-ui/app/instance-initializers/ivy-codemirror.js
+++ b/ui/packages/consul-ui/app/instance-initializers/ivy-codemirror.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* globals CodeMirror */
diff --git a/ui/packages/consul-ui/app/instance-initializers/selection.js b/ui/packages/consul-ui/app/instance-initializers/selection.js
index 9d9106a69e53..3f92a911a314 100644
--- a/ui/packages/consul-ui/app/instance-initializers/selection.js
+++ b/ui/packages/consul-ui/app/instance-initializers/selection.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { env } from 'consul-ui/env';
diff --git a/ui/packages/consul-ui/app/locations/fsm-with-optional-test.js b/ui/packages/consul-ui/app/locations/fsm-with-optional-test.js
index 15af5434ff6c..9720829e47f3 100644
--- a/ui/packages/consul-ui/app/locations/fsm-with-optional-test.js
+++ b/ui/packages/consul-ui/app/locations/fsm-with-optional-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import FSMWithOptionalLocation from './fsm-with-optional';
diff --git a/ui/packages/consul-ui/app/locations/fsm-with-optional.js b/ui/packages/consul-ui/app/locations/fsm-with-optional.js
index 68a57b66e563..ef713decfb5a 100644
--- a/ui/packages/consul-ui/app/locations/fsm-with-optional.js
+++ b/ui/packages/consul-ui/app/locations/fsm-with-optional.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { env } from 'consul-ui/env';
diff --git a/ui/packages/consul-ui/app/locations/fsm.js b/ui/packages/consul-ui/app/locations/fsm.js
index 9296e03f8f40..10726eedc730 100644
--- a/ui/packages/consul-ui/app/locations/fsm.js
+++ b/ui/packages/consul-ui/app/locations/fsm.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // a simple state machine that the History API happens to more or less implement
diff --git a/ui/packages/consul-ui/app/machines/boolean.xstate.js b/ui/packages/consul-ui/app/machines/boolean.xstate.js
index 8d11cba1a543..911b37018718 100644
--- a/ui/packages/consul-ui/app/machines/boolean.xstate.js
+++ b/ui/packages/consul-ui/app/machines/boolean.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/machines/validate.xstate.js b/ui/packages/consul-ui/app/machines/validate.xstate.js
index 542720beccc6..43de58a8fe0f 100644
--- a/ui/packages/consul-ui/app/machines/validate.xstate.js
+++ b/ui/packages/consul-ui/app/machines/validate.xstate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/mixins/policy/as-many.js b/ui/packages/consul-ui/app/mixins/policy/as-many.js
index 714c20e7758a..6573944ec5e8 100644
--- a/ui/packages/consul-ui/app/mixins/policy/as-many.js
+++ b/ui/packages/consul-ui/app/mixins/policy/as-many.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Mixin from '@ember/object/mixin';
diff --git a/ui/packages/consul-ui/app/mixins/role/as-many.js b/ui/packages/consul-ui/app/mixins/role/as-many.js
index 2aed7fd47d6a..5e26e8acc7de 100644
--- a/ui/packages/consul-ui/app/mixins/role/as-many.js
+++ b/ui/packages/consul-ui/app/mixins/role/as-many.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Mixin from '@ember/object/mixin';
diff --git a/ui/packages/consul-ui/app/mixins/with-blocking-actions.js b/ui/packages/consul-ui/app/mixins/with-blocking-actions.js
index 1e034addac87..eb6bd0d4ef9c 100644
--- a/ui/packages/consul-ui/app/mixins/with-blocking-actions.js
+++ b/ui/packages/consul-ui/app/mixins/with-blocking-actions.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Mixin from '@ember/object/mixin';
diff --git a/ui/packages/consul-ui/app/models/auth-method.js b/ui/packages/consul-ui/app/models/auth-method.js
index 852a08f0fc62..8262a89f48b4 100644
--- a/ui/packages/consul-ui/app/models/auth-method.js
+++ b/ui/packages/consul-ui/app/models/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/binding-rule.js b/ui/packages/consul-ui/app/models/binding-rule.js
index 004b3ce22ad2..80c4782c3fc9 100644
--- a/ui/packages/consul-ui/app/models/binding-rule.js
+++ b/ui/packages/consul-ui/app/models/binding-rule.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/coordinate.js b/ui/packages/consul-ui/app/models/coordinate.js
index 10de884913a0..a5c888937fc1 100644
--- a/ui/packages/consul-ui/app/models/coordinate.js
+++ b/ui/packages/consul-ui/app/models/coordinate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/dc.js b/ui/packages/consul-ui/app/models/dc.js
index b0a41f8f5f7a..e72c89241392 100644
--- a/ui/packages/consul-ui/app/models/dc.js
+++ b/ui/packages/consul-ui/app/models/dc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/discovery-chain.js b/ui/packages/consul-ui/app/models/discovery-chain.js
index 1fbda2837266..c5fda81a3b7e 100644
--- a/ui/packages/consul-ui/app/models/discovery-chain.js
+++ b/ui/packages/consul-ui/app/models/discovery-chain.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/gateway-config.js b/ui/packages/consul-ui/app/models/gateway-config.js
index e102e0ef084e..93208bf6ffe3 100644
--- a/ui/packages/consul-ui/app/models/gateway-config.js
+++ b/ui/packages/consul-ui/app/models/gateway-config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Fragment from 'ember-data-model-fragments/fragment';
diff --git a/ui/packages/consul-ui/app/models/health-check.js b/ui/packages/consul-ui/app/models/health-check.js
index 8a639025b6da..44d485015582 100644
--- a/ui/packages/consul-ui/app/models/health-check.js
+++ b/ui/packages/consul-ui/app/models/health-check.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Fragment from 'ember-data-model-fragments/fragment';
diff --git a/ui/packages/consul-ui/app/models/intention-permission-http-header.js b/ui/packages/consul-ui/app/models/intention-permission-http-header.js
index b327ff91ab1e..33af007944b3 100644
--- a/ui/packages/consul-ui/app/models/intention-permission-http-header.js
+++ b/ui/packages/consul-ui/app/models/intention-permission-http-header.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Fragment from 'ember-data-model-fragments/fragment';
diff --git a/ui/packages/consul-ui/app/models/intention-permission-http.js b/ui/packages/consul-ui/app/models/intention-permission-http.js
index 715bc00cdebc..92ad9dfd7cea 100644
--- a/ui/packages/consul-ui/app/models/intention-permission-http.js
+++ b/ui/packages/consul-ui/app/models/intention-permission-http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Fragment from 'ember-data-model-fragments/fragment';
diff --git a/ui/packages/consul-ui/app/models/intention-permission.js b/ui/packages/consul-ui/app/models/intention-permission.js
index ded3dcb7434b..db5cdad36efb 100644
--- a/ui/packages/consul-ui/app/models/intention-permission.js
+++ b/ui/packages/consul-ui/app/models/intention-permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Fragment from 'ember-data-model-fragments/fragment';
diff --git a/ui/packages/consul-ui/app/models/intention.js b/ui/packages/consul-ui/app/models/intention.js
index e186178ab299..3acae053da01 100644
--- a/ui/packages/consul-ui/app/models/intention.js
+++ b/ui/packages/consul-ui/app/models/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/kv.js b/ui/packages/consul-ui/app/models/kv.js
index 7270bfa5ef98..29a984a93cea 100644
--- a/ui/packages/consul-ui/app/models/kv.js
+++ b/ui/packages/consul-ui/app/models/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/license.js b/ui/packages/consul-ui/app/models/license.js
index 9a95f307f894..30c39b3ad77c 100644
--- a/ui/packages/consul-ui/app/models/license.js
+++ b/ui/packages/consul-ui/app/models/license.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/node.js b/ui/packages/consul-ui/app/models/node.js
index 798c2a810cfc..b95ec283050a 100644
--- a/ui/packages/consul-ui/app/models/node.js
+++ b/ui/packages/consul-ui/app/models/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr, hasMany } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/nspace.js b/ui/packages/consul-ui/app/models/nspace.js
index b4d14a5341b0..5f3b82c25b05 100644
--- a/ui/packages/consul-ui/app/models/nspace.js
+++ b/ui/packages/consul-ui/app/models/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/oidc-provider.js b/ui/packages/consul-ui/app/models/oidc-provider.js
index 97529b370544..2617d05890a7 100644
--- a/ui/packages/consul-ui/app/models/oidc-provider.js
+++ b/ui/packages/consul-ui/app/models/oidc-provider.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/partition.js b/ui/packages/consul-ui/app/models/partition.js
index 98c80f5adaf6..2511943c96b9 100644
--- a/ui/packages/consul-ui/app/models/partition.js
+++ b/ui/packages/consul-ui/app/models/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/peer.js b/ui/packages/consul-ui/app/models/peer.js
index 128945a932b0..660dd5cfad57 100644
--- a/ui/packages/consul-ui/app/models/peer.js
+++ b/ui/packages/consul-ui/app/models/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/permission.js b/ui/packages/consul-ui/app/models/permission.js
index 8d8fab36be47..c8e526c8de96 100644
--- a/ui/packages/consul-ui/app/models/permission.js
+++ b/ui/packages/consul-ui/app/models/permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/policy.js b/ui/packages/consul-ui/app/models/policy.js
index 68357dcfa4a3..6d4d674d8cef 100644
--- a/ui/packages/consul-ui/app/models/policy.js
+++ b/ui/packages/consul-ui/app/models/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/proxy.js b/ui/packages/consul-ui/app/models/proxy.js
index c18a08803fdc..28f69734207c 100644
--- a/ui/packages/consul-ui/app/models/proxy.js
+++ b/ui/packages/consul-ui/app/models/proxy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/role.js b/ui/packages/consul-ui/app/models/role.js
index 861512c67dd4..6bf6e3b81b9b 100644
--- a/ui/packages/consul-ui/app/models/role.js
+++ b/ui/packages/consul-ui/app/models/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/service-instance.js b/ui/packages/consul-ui/app/models/service-instance.js
index a991be63dbea..e52f49f6d929 100644
--- a/ui/packages/consul-ui/app/models/service-instance.js
+++ b/ui/packages/consul-ui/app/models/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/service.js b/ui/packages/consul-ui/app/models/service.js
index 61e38d6b86b8..cff07f116b11 100644
--- a/ui/packages/consul-ui/app/models/service.js
+++ b/ui/packages/consul-ui/app/models/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr, belongsTo } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/session.js b/ui/packages/consul-ui/app/models/session.js
index 7d846790cc45..364db7892b04 100644
--- a/ui/packages/consul-ui/app/models/session.js
+++ b/ui/packages/consul-ui/app/models/session.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/token.js b/ui/packages/consul-ui/app/models/token.js
index 4301510f0d16..fb8feed40ff0 100644
--- a/ui/packages/consul-ui/app/models/token.js
+++ b/ui/packages/consul-ui/app/models/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/models/topology.js b/ui/packages/consul-ui/app/models/topology.js
index 9eeee0c60345..ebb30e7e682b 100644
--- a/ui/packages/consul-ui/app/models/topology.js
+++ b/ui/packages/consul-ui/app/models/topology.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model, { attr } from '@ember-data/model';
diff --git a/ui/packages/consul-ui/app/modifiers/aria-menu.js b/ui/packages/consul-ui/app/modifiers/aria-menu.js
index cc9f0dec6a19..3cbc9670e4eb 100644
--- a/ui/packages/consul-ui/app/modifiers/aria-menu.js
+++ b/ui/packages/consul-ui/app/modifiers/aria-menu.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/css-prop.js b/ui/packages/consul-ui/app/modifiers/css-prop.js
index b986cd2452b2..c6b0f4e1602b 100644
--- a/ui/packages/consul-ui/app/modifiers/css-prop.js
+++ b/ui/packages/consul-ui/app/modifiers/css-prop.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/css-props.js b/ui/packages/consul-ui/app/modifiers/css-props.js
index 6b94cce487f3..f61b870e2f98 100644
--- a/ui/packages/consul-ui/app/modifiers/css-props.js
+++ b/ui/packages/consul-ui/app/modifiers/css-props.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { modifier } from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/did-upsert.js b/ui/packages/consul-ui/app/modifiers/did-upsert.js
index 7a3330497f35..ab039588b17b 100644
--- a/ui/packages/consul-ui/app/modifiers/did-upsert.js
+++ b/ui/packages/consul-ui/app/modifiers/did-upsert.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { setModifierManager, capabilities } from '@ember/modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/disabled.js b/ui/packages/consul-ui/app/modifiers/disabled.js
index 2d95295aa05b..6ff5bd15bc26 100644
--- a/ui/packages/consul-ui/app/modifiers/disabled.js
+++ b/ui/packages/consul-ui/app/modifiers/disabled.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { modifier } from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/notification.js b/ui/packages/consul-ui/app/modifiers/notification.js
index 1da17f4fb447..7631bec4f8db 100644
--- a/ui/packages/consul-ui/app/modifiers/notification.js
+++ b/ui/packages/consul-ui/app/modifiers/notification.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/on-outside.js b/ui/packages/consul-ui/app/modifiers/on-outside.js
index 56095b385e0f..cc389d70aa64 100644
--- a/ui/packages/consul-ui/app/modifiers/on-outside.js
+++ b/ui/packages/consul-ui/app/modifiers/on-outside.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/style.js b/ui/packages/consul-ui/app/modifiers/style.js
index 337b56dc5bc8..6e368b25e150 100644
--- a/ui/packages/consul-ui/app/modifiers/style.js
+++ b/ui/packages/consul-ui/app/modifiers/style.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/tooltip.js b/ui/packages/consul-ui/app/modifiers/tooltip.js
index 6731829d148f..e9c7622907a6 100644
--- a/ui/packages/consul-ui/app/modifiers/tooltip.js
+++ b/ui/packages/consul-ui/app/modifiers/tooltip.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { modifier } from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/validate.js b/ui/packages/consul-ui/app/modifiers/validate.js
index a840ba8cba01..982908131af5 100644
--- a/ui/packages/consul-ui/app/modifiers/validate.js
+++ b/ui/packages/consul-ui/app/modifiers/validate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/with-copyable.js b/ui/packages/consul-ui/app/modifiers/with-copyable.js
index 6ffc49187e96..4e39de855d2e 100644
--- a/ui/packages/consul-ui/app/modifiers/with-copyable.js
+++ b/ui/packages/consul-ui/app/modifiers/with-copyable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Modifier from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/modifiers/with-overlay.js b/ui/packages/consul-ui/app/modifiers/with-overlay.js
index a5007fe4427d..fea5961c9016 100644
--- a/ui/packages/consul-ui/app/modifiers/with-overlay.js
+++ b/ui/packages/consul-ui/app/modifiers/with-overlay.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { modifier } from 'ember-modifier';
diff --git a/ui/packages/consul-ui/app/router.js b/ui/packages/consul-ui/app/router.js
index 8ff1fe0c23f1..661942d176de 100644
--- a/ui/packages/consul-ui/app/router.js
+++ b/ui/packages/consul-ui/app/router.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* globals requirejs */
diff --git a/ui/packages/consul-ui/app/routes/application.js b/ui/packages/consul-ui/app/routes/application.js
index 40dce7153366..e2b4caff0638 100644
--- a/ui/packages/consul-ui/app/routes/application.js
+++ b/ui/packages/consul-ui/app/routes/application.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc.js b/ui/packages/consul-ui/app/routes/dc.js
index 6525d4551bc0..13503728fbf5 100644
--- a/ui/packages/consul-ui/app/routes/dc.js
+++ b/ui/packages/consul-ui/app/routes/dc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/index.js b/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/index.js
index d05214477dcd..49598a5b5c7b 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/show/index.js b/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/show/index.js
index 8b2449096df2..a8894c78c4be 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/show/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/auth-methods/show/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/policies/create.js b/ui/packages/consul-ui/app/routes/dc/acls/policies/create.js
index a4b56634e4b0..2c51f3e2af2f 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/policies/create.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/policies/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from './edit';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/policies/edit.js b/ui/packages/consul-ui/app/routes/dc/acls/policies/edit.js
index 23568af0c7cb..993d00506a52 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/policies/edit.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/policies/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/policies/index.js b/ui/packages/consul-ui/app/routes/dc/acls/policies/index.js
index 0047876fd4d9..15d4741edabe 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/policies/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/policies/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/roles/create.js b/ui/packages/consul-ui/app/routes/dc/acls/roles/create.js
index fae9874e1538..3f49e89ebb7a 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/roles/create.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/roles/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from './edit';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/roles/edit.js b/ui/packages/consul-ui/app/routes/dc/acls/roles/edit.js
index d9be734a2aa5..e8b0ed9dbd97 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/roles/edit.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/roles/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/roles/index.js b/ui/packages/consul-ui/app/routes/dc/acls/roles/index.js
index e2b76ba0892d..ec1f1ba00339 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/roles/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/roles/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/tokens/create.js b/ui/packages/consul-ui/app/routes/dc/acls/tokens/create.js
index 34c9e0eff78c..fd239cac75ce 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/tokens/create.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/tokens/create.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from './edit';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/tokens/edit.js b/ui/packages/consul-ui/app/routes/dc/acls/tokens/edit.js
index 45303da97b8f..39fbe15e6f01 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/tokens/edit.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/tokens/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/routes/dc/acls/tokens/index.js b/ui/packages/consul-ui/app/routes/dc/acls/tokens/index.js
index e2285d02584a..5709c774b4a2 100644
--- a/ui/packages/consul-ui/app/routes/dc/acls/tokens/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/acls/tokens/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/kv/folder.js b/ui/packages/consul-ui/app/routes/dc/kv/folder.js
index 319ca2480b89..4a9ee58bf284 100644
--- a/ui/packages/consul-ui/app/routes/dc/kv/folder.js
+++ b/ui/packages/consul-ui/app/routes/dc/kv/folder.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from './index';
diff --git a/ui/packages/consul-ui/app/routes/dc/kv/index.js b/ui/packages/consul-ui/app/routes/dc/kv/index.js
index 86b703e65c2e..e12d1805906d 100644
--- a/ui/packages/consul-ui/app/routes/dc/kv/index.js
+++ b/ui/packages/consul-ui/app/routes/dc/kv/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/services/notfound.js b/ui/packages/consul-ui/app/routes/dc/services/notfound.js
index 81794f99ddbc..6cf84a2e41ac 100644
--- a/ui/packages/consul-ui/app/routes/dc/services/notfound.js
+++ b/ui/packages/consul-ui/app/routes/dc/services/notfound.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routes/dc/services/show/topology.js b/ui/packages/consul-ui/app/routes/dc/services/show/topology.js
index 89b0603df008..d2caa8ac0e7c 100644
--- a/ui/packages/consul-ui/app/routes/dc/services/show/topology.js
+++ b/ui/packages/consul-ui/app/routes/dc/services/show/topology.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/routing/application-debug.js b/ui/packages/consul-ui/app/routing/application-debug.js
index f37b9b8b68e3..2662e9528c56 100644
--- a/ui/packages/consul-ui/app/routing/application-debug.js
+++ b/ui/packages/consul-ui/app/routing/application-debug.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import ApplicationRoute from '../routes/application';
diff --git a/ui/packages/consul-ui/app/routing/route.js b/ui/packages/consul-ui/app/routing/route.js
index 2e340bd7b20f..12d6063b3d72 100644
--- a/ui/packages/consul-ui/app/routing/route.js
+++ b/ui/packages/consul-ui/app/routing/route.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from '@ember/routing/route';
diff --git a/ui/packages/consul-ui/app/routing/single.js b/ui/packages/consul-ui/app/routing/single.js
index 2809de3414ad..877f3e3109c7 100644
--- a/ui/packages/consul-ui/app/routing/single.js
+++ b/ui/packages/consul-ui/app/routing/single.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Route from 'consul-ui/routing/route';
diff --git a/ui/packages/consul-ui/app/search/predicates/acl.js b/ui/packages/consul-ui/app/search/predicates/acl.js
index 54d0f07b962f..5d34b0de13d0 100644
--- a/ui/packages/consul-ui/app/search/predicates/acl.js
+++ b/ui/packages/consul-ui/app/search/predicates/acl.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/auth-method.js b/ui/packages/consul-ui/app/search/predicates/auth-method.js
index bd3e02a0123c..f0bcebb7bb09 100644
--- a/ui/packages/consul-ui/app/search/predicates/auth-method.js
+++ b/ui/packages/consul-ui/app/search/predicates/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/health-check.js b/ui/packages/consul-ui/app/search/predicates/health-check.js
index 46805d89fde1..4565801946fa 100644
--- a/ui/packages/consul-ui/app/search/predicates/health-check.js
+++ b/ui/packages/consul-ui/app/search/predicates/health-check.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 const asArray = function (arr) {
diff --git a/ui/packages/consul-ui/app/search/predicates/intention.js b/ui/packages/consul-ui/app/search/predicates/intention.js
index 486344383696..6f7667d7a346 100644
--- a/ui/packages/consul-ui/app/search/predicates/intention.js
+++ b/ui/packages/consul-ui/app/search/predicates/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 const allLabel = 'All Services (*)';
diff --git a/ui/packages/consul-ui/app/search/predicates/kv.js b/ui/packages/consul-ui/app/search/predicates/kv.js
index 4818ae4ba071..2b64bd296ac1 100644
--- a/ui/packages/consul-ui/app/search/predicates/kv.js
+++ b/ui/packages/consul-ui/app/search/predicates/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import rightTrim from 'consul-ui/utils/right-trim';
diff --git a/ui/packages/consul-ui/app/search/predicates/node.js b/ui/packages/consul-ui/app/search/predicates/node.js
index 2e76a75a4efa..e86c5a2244a8 100644
--- a/ui/packages/consul-ui/app/search/predicates/node.js
+++ b/ui/packages/consul-ui/app/search/predicates/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/nspace.js b/ui/packages/consul-ui/app/search/predicates/nspace.js
index f72eddbe1193..e0303fafe05d 100644
--- a/ui/packages/consul-ui/app/search/predicates/nspace.js
+++ b/ui/packages/consul-ui/app/search/predicates/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/peer.js b/ui/packages/consul-ui/app/search/predicates/peer.js
index 42aa0b593ad9..4ec843ff0f5b 100644
--- a/ui/packages/consul-ui/app/search/predicates/peer.js
+++ b/ui/packages/consul-ui/app/search/predicates/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/policy.js b/ui/packages/consul-ui/app/search/predicates/policy.js
index 37a1d2ce4513..854207ed3b9e 100644
--- a/ui/packages/consul-ui/app/search/predicates/policy.js
+++ b/ui/packages/consul-ui/app/search/predicates/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/role.js b/ui/packages/consul-ui/app/search/predicates/role.js
index 2872827d325b..aeae127817c6 100644
--- a/ui/packages/consul-ui/app/search/predicates/role.js
+++ b/ui/packages/consul-ui/app/search/predicates/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/service-instance.js b/ui/packages/consul-ui/app/search/predicates/service-instance.js
index a92d029dcb31..a41adbd644f7 100644
--- a/ui/packages/consul-ui/app/search/predicates/service-instance.js
+++ b/ui/packages/consul-ui/app/search/predicates/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/service.js b/ui/packages/consul-ui/app/search/predicates/service.js
index 15d7bc3f1d0d..14f80bb46c2e 100644
--- a/ui/packages/consul-ui/app/search/predicates/service.js
+++ b/ui/packages/consul-ui/app/search/predicates/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/token.js b/ui/packages/consul-ui/app/search/predicates/token.js
index 5765bc0af3da..ef33db2535f7 100644
--- a/ui/packages/consul-ui/app/search/predicates/token.js
+++ b/ui/packages/consul-ui/app/search/predicates/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/search/predicates/upstream-instance.js b/ui/packages/consul-ui/app/search/predicates/upstream-instance.js
index 43b6ceb48487..dcee6f509c54 100644
--- a/ui/packages/consul-ui/app/search/predicates/upstream-instance.js
+++ b/ui/packages/consul-ui/app/search/predicates/upstream-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {
diff --git a/ui/packages/consul-ui/app/serializers/application.js b/ui/packages/consul-ui/app/serializers/application.js
index b7b1fa4847fe..2c9d79b2fda4 100644
--- a/ui/packages/consul-ui/app/serializers/application.js
+++ b/ui/packages/consul-ui/app/serializers/application.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './http';
diff --git a/ui/packages/consul-ui/app/serializers/auth-method.js b/ui/packages/consul-ui/app/serializers/auth-method.js
index 6fc0ec6b6791..08a28cb0882f 100644
--- a/ui/packages/consul-ui/app/serializers/auth-method.js
+++ b/ui/packages/consul-ui/app/serializers/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/binding-rule.js b/ui/packages/consul-ui/app/serializers/binding-rule.js
index 961c958b8c4b..a01f31173f89 100644
--- a/ui/packages/consul-ui/app/serializers/binding-rule.js
+++ b/ui/packages/consul-ui/app/serializers/binding-rule.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/coordinate.js b/ui/packages/consul-ui/app/serializers/coordinate.js
index 60065fc298a5..879b8baf163e 100644
--- a/ui/packages/consul-ui/app/serializers/coordinate.js
+++ b/ui/packages/consul-ui/app/serializers/coordinate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/discovery-chain.js b/ui/packages/consul-ui/app/serializers/discovery-chain.js
index 26b5d6c80c48..ca2356e8f952 100644
--- a/ui/packages/consul-ui/app/serializers/discovery-chain.js
+++ b/ui/packages/consul-ui/app/serializers/discovery-chain.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/http.js b/ui/packages/consul-ui/app/serializers/http.js
index 103e30378f02..d24c4b54c26f 100644
--- a/ui/packages/consul-ui/app/serializers/http.js
+++ b/ui/packages/consul-ui/app/serializers/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from '@ember-data/serializer/rest';
diff --git a/ui/packages/consul-ui/app/serializers/intention.js b/ui/packages/consul-ui/app/serializers/intention.js
index b1c15d966645..0381eecc012d 100644
--- a/ui/packages/consul-ui/app/serializers/intention.js
+++ b/ui/packages/consul-ui/app/serializers/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/kv.js b/ui/packages/consul-ui/app/serializers/kv.js
index c610728d45fa..62e7ef6ff63d 100644
--- a/ui/packages/consul-ui/app/serializers/kv.js
+++ b/ui/packages/consul-ui/app/serializers/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/node.js b/ui/packages/consul-ui/app/serializers/node.js
index 0236a2b0059b..59336d86223c 100644
--- a/ui/packages/consul-ui/app/serializers/node.js
+++ b/ui/packages/consul-ui/app/serializers/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/nspace.js b/ui/packages/consul-ui/app/serializers/nspace.js
index b066305688d3..34a71e7e304d 100644
--- a/ui/packages/consul-ui/app/serializers/nspace.js
+++ b/ui/packages/consul-ui/app/serializers/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/oidc-provider.js b/ui/packages/consul-ui/app/serializers/oidc-provider.js
index 54f078f36767..f9fcac4f5cb9 100644
--- a/ui/packages/consul-ui/app/serializers/oidc-provider.js
+++ b/ui/packages/consul-ui/app/serializers/oidc-provider.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/partition.js b/ui/packages/consul-ui/app/serializers/partition.js
index 866165332db5..a512ef1058d0 100644
--- a/ui/packages/consul-ui/app/serializers/partition.js
+++ b/ui/packages/consul-ui/app/serializers/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/permission.js b/ui/packages/consul-ui/app/serializers/permission.js
index e900e037c10e..124578334983 100644
--- a/ui/packages/consul-ui/app/serializers/permission.js
+++ b/ui/packages/consul-ui/app/serializers/permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/policy.js b/ui/packages/consul-ui/app/serializers/policy.js
index aa9c26ae4f07..f46e8975ec76 100644
--- a/ui/packages/consul-ui/app/serializers/policy.js
+++ b/ui/packages/consul-ui/app/serializers/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/proxy.js b/ui/packages/consul-ui/app/serializers/proxy.js
index d5b033e2e411..81b045840f8b 100644
--- a/ui/packages/consul-ui/app/serializers/proxy.js
+++ b/ui/packages/consul-ui/app/serializers/proxy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/role.js b/ui/packages/consul-ui/app/serializers/role.js
index a717030bd2d1..47246652b491 100644
--- a/ui/packages/consul-ui/app/serializers/role.js
+++ b/ui/packages/consul-ui/app/serializers/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/service-instance.js b/ui/packages/consul-ui/app/serializers/service-instance.js
index 6d4e4911df91..45562c4af0bb 100644
--- a/ui/packages/consul-ui/app/serializers/service-instance.js
+++ b/ui/packages/consul-ui/app/serializers/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/service.js b/ui/packages/consul-ui/app/serializers/service.js
index 06befdbbbaaa..17d2b15e0304 100644
--- a/ui/packages/consul-ui/app/serializers/service.js
+++ b/ui/packages/consul-ui/app/serializers/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/session.js b/ui/packages/consul-ui/app/serializers/session.js
index 0a21aa65de32..84299da6742a 100644
--- a/ui/packages/consul-ui/app/serializers/session.js
+++ b/ui/packages/consul-ui/app/serializers/session.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/token.js b/ui/packages/consul-ui/app/serializers/token.js
index af70b3d5033a..38933315101a 100644
--- a/ui/packages/consul-ui/app/serializers/token.js
+++ b/ui/packages/consul-ui/app/serializers/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/serializers/topology.js b/ui/packages/consul-ui/app/serializers/topology.js
index 6e049264ae06..0e63d12fe845 100644
--- a/ui/packages/consul-ui/app/serializers/topology.js
+++ b/ui/packages/consul-ui/app/serializers/topology.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/app/services/abilities.js b/ui/packages/consul-ui/app/services/abilities.js
index 75c22ce6d79c..cc24a2e48679 100644
--- a/ui/packages/consul-ui/app/services/abilities.js
+++ b/ui/packages/consul-ui/app/services/abilities.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from 'ember-can/services/can';
diff --git a/ui/packages/consul-ui/app/services/atob.js b/ui/packages/consul-ui/app/services/atob.js
index df96d5c566aa..486c8a9b5deb 100644
--- a/ui/packages/consul-ui/app/services/atob.js
+++ b/ui/packages/consul-ui/app/services/atob.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/auth-providers/oauth2-code-with-url-provider.js b/ui/packages/consul-ui/app/services/auth-providers/oauth2-code-with-url-provider.js
index b0266ece0693..2328411a595a 100644
--- a/ui/packages/consul-ui/app/services/auth-providers/oauth2-code-with-url-provider.js
+++ b/ui/packages/consul-ui/app/services/auth-providers/oauth2-code-with-url-provider.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import OAuth2CodeProvider from 'torii/providers/oauth2-code';
diff --git a/ui/packages/consul-ui/app/services/btoa.js b/ui/packages/consul-ui/app/services/btoa.js
index edd31abeedb4..5b9edc08c771 100644
--- a/ui/packages/consul-ui/app/services/btoa.js
+++ b/ui/packages/consul-ui/app/services/btoa.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/change.js b/ui/packages/consul-ui/app/services/change.js
index 9115909c8247..4798dfd95303 100644
--- a/ui/packages/consul-ui/app/services/change.js
+++ b/ui/packages/consul-ui/app/services/change.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/client/connections.js b/ui/packages/consul-ui/app/services/client/connections.js
index 36ff2ac7e4fd..105d835e77de 100644
--- a/ui/packages/consul-ui/app/services/client/connections.js
+++ b/ui/packages/consul-ui/app/services/client/connections.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/client/http.js b/ui/packages/consul-ui/app/services/client/http.js
index 3fe145ef58ef..c23b9ff8d1c4 100644
--- a/ui/packages/consul-ui/app/services/client/http.js
+++ b/ui/packages/consul-ui/app/services/client/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/client/transports/xhr.js b/ui/packages/consul-ui/app/services/client/transports/xhr.js
index c64bb5c6a4d2..b82daf226578 100644
--- a/ui/packages/consul-ui/app/services/client/transports/xhr.js
+++ b/ui/packages/consul-ui/app/services/client/transports/xhr.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/clipboard/local-storage.js b/ui/packages/consul-ui/app/services/clipboard/local-storage.js
index 23515938be0c..51dd00073e95 100644
--- a/ui/packages/consul-ui/app/services/clipboard/local-storage.js
+++ b/ui/packages/consul-ui/app/services/clipboard/local-storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/clipboard/os.js b/ui/packages/consul-ui/app/services/clipboard/os.js
index 5a1790724b79..0b1b091914c6 100644
--- a/ui/packages/consul-ui/app/services/clipboard/os.js
+++ b/ui/packages/consul-ui/app/services/clipboard/os.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/code-mirror/linter.js b/ui/packages/consul-ui/app/services/code-mirror/linter.js
index 66b4a3dc4d36..406d6de1c410 100644
--- a/ui/packages/consul-ui/app/services/code-mirror/linter.js
+++ b/ui/packages/consul-ui/app/services/code-mirror/linter.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/container.js b/ui/packages/consul-ui/app/services/container.js
index ca5152cfc853..1ad3afe57468 100644
--- a/ui/packages/consul-ui/app/services/container.js
+++ b/ui/packages/consul-ui/app/services/container.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-sink/protocols/http.js b/ui/packages/consul-ui/app/services/data-sink/protocols/http.js
index c89a655780f0..14ac8318d07b 100644
--- a/ui/packages/consul-ui/app/services/data-sink/protocols/http.js
+++ b/ui/packages/consul-ui/app/services/data-sink/protocols/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-sink/protocols/local-storage.js b/ui/packages/consul-ui/app/services/data-sink/protocols/local-storage.js
index f2d727f8cb3f..2222b628450e 100644
--- a/ui/packages/consul-ui/app/services/data-sink/protocols/local-storage.js
+++ b/ui/packages/consul-ui/app/services/data-sink/protocols/local-storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-sink/service.js b/ui/packages/consul-ui/app/services/data-sink/service.js
index 928ccc9c56d6..da66c6c91738 100644
--- a/ui/packages/consul-ui/app/services/data-sink/service.js
+++ b/ui/packages/consul-ui/app/services/data-sink/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-source/protocols/http.js b/ui/packages/consul-ui/app/services/data-source/protocols/http.js
index 91b09d9428ec..55f81414b7c6 100644
--- a/ui/packages/consul-ui/app/services/data-source/protocols/http.js
+++ b/ui/packages/consul-ui/app/services/data-source/protocols/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-source/protocols/http/blocking.js b/ui/packages/consul-ui/app/services/data-source/protocols/http/blocking.js
index 9f733af3c7ca..079f935abb61 100644
--- a/ui/packages/consul-ui/app/services/data-source/protocols/http/blocking.js
+++ b/ui/packages/consul-ui/app/services/data-source/protocols/http/blocking.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-source/protocols/http/promise.js b/ui/packages/consul-ui/app/services/data-source/protocols/http/promise.js
index e48ab5d32cc7..7e6ffaba6f29 100644
--- a/ui/packages/consul-ui/app/services/data-source/protocols/http/promise.js
+++ b/ui/packages/consul-ui/app/services/data-source/protocols/http/promise.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-source/protocols/local-storage.js b/ui/packages/consul-ui/app/services/data-source/protocols/local-storage.js
index aa95b3f906c8..a0c626e3b760 100644
--- a/ui/packages/consul-ui/app/services/data-source/protocols/local-storage.js
+++ b/ui/packages/consul-ui/app/services/data-source/protocols/local-storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-source/service.js b/ui/packages/consul-ui/app/services/data-source/service.js
index af737bb0eedc..1e89e91535cf 100644
--- a/ui/packages/consul-ui/app/services/data-source/service.js
+++ b/ui/packages/consul-ui/app/services/data-source/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/data-structs.js b/ui/packages/consul-ui/app/services/data-structs.js
index 5ae21c28b84c..a0f31e56a5e0 100644
--- a/ui/packages/consul-ui/app/services/data-structs.js
+++ b/ui/packages/consul-ui/app/services/data-structs.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/dom.js b/ui/packages/consul-ui/app/services/dom.js
index 6d69898f577c..d1efc5c176d4 100644
--- a/ui/packages/consul-ui/app/services/dom.js
+++ b/ui/packages/consul-ui/app/services/dom.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/encoder.js b/ui/packages/consul-ui/app/services/encoder.js
index 4f26dac33907..c8e7189f4d9c 100644
--- a/ui/packages/consul-ui/app/services/encoder.js
+++ b/ui/packages/consul-ui/app/services/encoder.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/env.js b/ui/packages/consul-ui/app/services/env.js
index 450206b15fed..1cd5d4f00613 100644
--- a/ui/packages/consul-ui/app/services/env.js
+++ b/ui/packages/consul-ui/app/services/env.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/feedback.js b/ui/packages/consul-ui/app/services/feedback.js
index e2781e1ea3ca..3076e07fb26e 100644
--- a/ui/packages/consul-ui/app/services/feedback.js
+++ b/ui/packages/consul-ui/app/services/feedback.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/filter.js b/ui/packages/consul-ui/app/services/filter.js
index 13ec90085f97..64105e638d89 100644
--- a/ui/packages/consul-ui/app/services/filter.js
+++ b/ui/packages/consul-ui/app/services/filter.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/form.js b/ui/packages/consul-ui/app/services/form.js
index b8a649b5aa9a..95c2929afe3f 100644
--- a/ui/packages/consul-ui/app/services/form.js
+++ b/ui/packages/consul-ui/app/services/form.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/hcp.js b/ui/packages/consul-ui/app/services/hcp.js
index 33a6650f15ef..f74dd3579fb4 100644
--- a/ui/packages/consul-ui/app/services/hcp.js
+++ b/ui/packages/consul-ui/app/services/hcp.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/i18n-debug.js b/ui/packages/consul-ui/app/services/i18n-debug.js
index 5521bdd2bb9d..cf78ddd715d4 100644
--- a/ui/packages/consul-ui/app/services/i18n-debug.js
+++ b/ui/packages/consul-ui/app/services/i18n-debug.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import I18nService, { formatOptionsSymbol } from 'consul-ui/services/i18n';
diff --git a/ui/packages/consul-ui/app/services/local-storage.js b/ui/packages/consul-ui/app/services/local-storage.js
index 384efa701522..97113f597e26 100644
--- a/ui/packages/consul-ui/app/services/local-storage.js
+++ b/ui/packages/consul-ui/app/services/local-storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/logger.js b/ui/packages/consul-ui/app/services/logger.js
index 990059ec449a..c3d538886dd4 100644
--- a/ui/packages/consul-ui/app/services/logger.js
+++ b/ui/packages/consul-ui/app/services/logger.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository.js b/ui/packages/consul-ui/app/services/repository.js
index 52180ce56a11..a9edc8c3c917 100644
--- a/ui/packages/consul-ui/app/services/repository.js
+++ b/ui/packages/consul-ui/app/services/repository.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/auth-method.js b/ui/packages/consul-ui/app/services/repository/auth-method.js
index cd5154d8428e..ae69596864dc 100644
--- a/ui/packages/consul-ui/app/services/repository/auth-method.js
+++ b/ui/packages/consul-ui/app/services/repository/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/binding-rule.js b/ui/packages/consul-ui/app/services/repository/binding-rule.js
index a0baaabbc4f9..69c41f6b52a9 100644
--- a/ui/packages/consul-ui/app/services/repository/binding-rule.js
+++ b/ui/packages/consul-ui/app/services/repository/binding-rule.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/coordinate.js b/ui/packages/consul-ui/app/services/repository/coordinate.js
index 5d6eaceab82f..11aa8f9c77ff 100644
--- a/ui/packages/consul-ui/app/services/repository/coordinate.js
+++ b/ui/packages/consul-ui/app/services/repository/coordinate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/dc.js b/ui/packages/consul-ui/app/services/repository/dc.js
index a757af041128..1f9b191e5f30 100644
--- a/ui/packages/consul-ui/app/services/repository/dc.js
+++ b/ui/packages/consul-ui/app/services/repository/dc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Error from '@ember/error';
diff --git a/ui/packages/consul-ui/app/services/repository/discovery-chain.js b/ui/packages/consul-ui/app/services/repository/discovery-chain.js
index d4d1036d3519..27db1a966bd5 100644
--- a/ui/packages/consul-ui/app/services/repository/discovery-chain.js
+++ b/ui/packages/consul-ui/app/services/repository/discovery-chain.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/intention-permission-http-header.js b/ui/packages/consul-ui/app/services/repository/intention-permission-http-header.js
index 4a66d0235fc8..ea7715af9e84 100644
--- a/ui/packages/consul-ui/app/services/repository/intention-permission-http-header.js
+++ b/ui/packages/consul-ui/app/services/repository/intention-permission-http-header.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/intention-permission.js b/ui/packages/consul-ui/app/services/repository/intention-permission.js
index b707af220b4b..927996757429 100644
--- a/ui/packages/consul-ui/app/services/repository/intention-permission.js
+++ b/ui/packages/consul-ui/app/services/repository/intention-permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/intention.js b/ui/packages/consul-ui/app/services/repository/intention.js
index affeb21a0d53..77ace26f5d52 100644
--- a/ui/packages/consul-ui/app/services/repository/intention.js
+++ b/ui/packages/consul-ui/app/services/repository/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { set, get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/services/repository/kv.js b/ui/packages/consul-ui/app/services/repository/kv.js
index c618cff5f2ca..74d46d4e4f50 100644
--- a/ui/packages/consul-ui/app/services/repository/kv.js
+++ b/ui/packages/consul-ui/app/services/repository/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/license.js b/ui/packages/consul-ui/app/services/repository/license.js
index 6f711fb90604..cf897f96d03e 100644
--- a/ui/packages/consul-ui/app/services/repository/license.js
+++ b/ui/packages/consul-ui/app/services/repository/license.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/metrics.js b/ui/packages/consul-ui/app/services/repository/metrics.js
index e3c9d835e548..2520d349a4ce 100644
--- a/ui/packages/consul-ui/app/services/repository/metrics.js
+++ b/ui/packages/consul-ui/app/services/repository/metrics.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/node.js b/ui/packages/consul-ui/app/services/repository/node.js
index 7b389842888d..441359e7f371 100644
--- a/ui/packages/consul-ui/app/services/repository/node.js
+++ b/ui/packages/consul-ui/app/services/repository/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/nspace.js b/ui/packages/consul-ui/app/services/repository/nspace.js
index e7130be09c9d..a75500a3c0b8 100644
--- a/ui/packages/consul-ui/app/services/repository/nspace.js
+++ b/ui/packages/consul-ui/app/services/repository/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/oidc-provider.js b/ui/packages/consul-ui/app/services/repository/oidc-provider.js
index 3d18c8d83850..7fee7a8d827c 100644
--- a/ui/packages/consul-ui/app/services/repository/oidc-provider.js
+++ b/ui/packages/consul-ui/app/services/repository/oidc-provider.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/partition.js b/ui/packages/consul-ui/app/services/repository/partition.js
index 75098cb5d004..e0469575944d 100644
--- a/ui/packages/consul-ui/app/services/repository/partition.js
+++ b/ui/packages/consul-ui/app/services/repository/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/peer.js b/ui/packages/consul-ui/app/services/repository/peer.js
index 23ecbaee925d..90e40e7b79ea 100644
--- a/ui/packages/consul-ui/app/services/repository/peer.js
+++ b/ui/packages/consul-ui/app/services/repository/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/permission.js b/ui/packages/consul-ui/app/services/repository/permission.js
index 3f9b25984611..a0a1798612fe 100644
--- a/ui/packages/consul-ui/app/services/repository/permission.js
+++ b/ui/packages/consul-ui/app/services/repository/permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/policy.js b/ui/packages/consul-ui/app/services/repository/policy.js
index db499fbde514..a0a9b4582352 100644
--- a/ui/packages/consul-ui/app/services/repository/policy.js
+++ b/ui/packages/consul-ui/app/services/repository/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/proxy.js b/ui/packages/consul-ui/app/services/repository/proxy.js
index f70bae5b2eb5..1c2ccd015338 100644
--- a/ui/packages/consul-ui/app/services/repository/proxy.js
+++ b/ui/packages/consul-ui/app/services/repository/proxy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/role.js b/ui/packages/consul-ui/app/services/repository/role.js
index 1750f886ce47..c098eddc4827 100644
--- a/ui/packages/consul-ui/app/services/repository/role.js
+++ b/ui/packages/consul-ui/app/services/repository/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/service-instance.js b/ui/packages/consul-ui/app/services/repository/service-instance.js
index 4d256cd66ac1..b35f2a8a97e8 100644
--- a/ui/packages/consul-ui/app/services/repository/service-instance.js
+++ b/ui/packages/consul-ui/app/services/repository/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/service.js b/ui/packages/consul-ui/app/services/repository/service.js
index 34388a4d4eb9..af76065d4b28 100644
--- a/ui/packages/consul-ui/app/services/repository/service.js
+++ b/ui/packages/consul-ui/app/services/repository/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/session.js b/ui/packages/consul-ui/app/services/repository/session.js
index 08b5f15ce02a..969e9bba3f40 100644
--- a/ui/packages/consul-ui/app/services/repository/session.js
+++ b/ui/packages/consul-ui/app/services/repository/session.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/repository/token.js b/ui/packages/consul-ui/app/services/repository/token.js
index dc4f83f82701..21f0d22d578e 100644
--- a/ui/packages/consul-ui/app/services/repository/token.js
+++ b/ui/packages/consul-ui/app/services/repository/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/app/services/repository/topology.js b/ui/packages/consul-ui/app/services/repository/topology.js
index b7835f95942e..db7540a30e23 100644
--- a/ui/packages/consul-ui/app/services/repository/topology.js
+++ b/ui/packages/consul-ui/app/services/repository/topology.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/routlet.js b/ui/packages/consul-ui/app/services/routlet.js
index 5c37bc30a1e7..865aaf01526f 100644
--- a/ui/packages/consul-ui/app/services/routlet.js
+++ b/ui/packages/consul-ui/app/services/routlet.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/schema.js b/ui/packages/consul-ui/app/services/schema.js
index d8b73133ea15..922c0bae8e5e 100644
--- a/ui/packages/consul-ui/app/services/schema.js
+++ b/ui/packages/consul-ui/app/services/schema.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/search.js b/ui/packages/consul-ui/app/services/search.js
index ccb39447b8f0..619653313713 100644
--- a/ui/packages/consul-ui/app/services/search.js
+++ b/ui/packages/consul-ui/app/services/search.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/settings.js b/ui/packages/consul-ui/app/services/settings.js
index 22146df593b7..9f06ca2c242b 100644
--- a/ui/packages/consul-ui/app/services/settings.js
+++ b/ui/packages/consul-ui/app/services/settings.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/sort.js b/ui/packages/consul-ui/app/services/sort.js
index fe03b457c6a8..430cec838426 100644
--- a/ui/packages/consul-ui/app/services/sort.js
+++ b/ui/packages/consul-ui/app/services/sort.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/state-with-charts.js b/ui/packages/consul-ui/app/services/state-with-charts.js
index e58d84f385be..5d5df349ce2c 100644
--- a/ui/packages/consul-ui/app/services/state-with-charts.js
+++ b/ui/packages/consul-ui/app/services/state-with-charts.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import StateService from 'consul-ui/services/state';
diff --git a/ui/packages/consul-ui/app/services/state.js b/ui/packages/consul-ui/app/services/state.js
index 5b4ddc627985..1b2e90f35cdb 100644
--- a/ui/packages/consul-ui/app/services/state.js
+++ b/ui/packages/consul-ui/app/services/state.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/store.js b/ui/packages/consul-ui/app/services/store.js
index 326c392177bc..99a173a48f88 100644
--- a/ui/packages/consul-ui/app/services/store.js
+++ b/ui/packages/consul-ui/app/services/store.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/temporal.js b/ui/packages/consul-ui/app/services/temporal.js
index 661ff547d0af..38d04cc6dc7a 100644
--- a/ui/packages/consul-ui/app/services/temporal.js
+++ b/ui/packages/consul-ui/app/services/temporal.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import format from 'pretty-ms';
diff --git a/ui/packages/consul-ui/app/services/ticker.js b/ui/packages/consul-ui/app/services/ticker.js
index 6a0ad1de089e..e8fa1b549917 100644
--- a/ui/packages/consul-ui/app/services/ticker.js
+++ b/ui/packages/consul-ui/app/services/ticker.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/timeout.js b/ui/packages/consul-ui/app/services/timeout.js
index 60eaa3e2d409..548b1986a8d4 100644
--- a/ui/packages/consul-ui/app/services/timeout.js
+++ b/ui/packages/consul-ui/app/services/timeout.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service from '@ember/service';
diff --git a/ui/packages/consul-ui/app/services/ui-config.js b/ui/packages/consul-ui/app/services/ui-config.js
index f5ec6aaf6a11..896fb18f6962 100644
--- a/ui/packages/consul-ui/app/services/ui-config.js
+++ b/ui/packages/consul-ui/app/services/ui-config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Service, { inject as service } from '@ember/service';
diff --git a/ui/packages/consul-ui/app/sort/comparators/auth-method.js b/ui/packages/consul-ui/app/sort/comparators/auth-method.js
index 6a3889573a58..67eb90358e90 100644
--- a/ui/packages/consul-ui/app/sort/comparators/auth-method.js
+++ b/ui/packages/consul-ui/app/sort/comparators/auth-method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/health-check.js b/ui/packages/consul-ui/app/sort/comparators/health-check.js
index f921b52740b6..f40bec4b9397 100644
--- a/ui/packages/consul-ui/app/sort/comparators/health-check.js
+++ b/ui/packages/consul-ui/app/sort/comparators/health-check.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/intention.js b/ui/packages/consul-ui/app/sort/comparators/intention.js
index d36f65275b92..4fd798cfe97c 100644
--- a/ui/packages/consul-ui/app/sort/comparators/intention.js
+++ b/ui/packages/consul-ui/app/sort/comparators/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default () => (key) => {
diff --git a/ui/packages/consul-ui/app/sort/comparators/kv.js b/ui/packages/consul-ui/app/sort/comparators/kv.js
index 3b479a60625f..e924a0a528da 100644
--- a/ui/packages/consul-ui/app/sort/comparators/kv.js
+++ b/ui/packages/consul-ui/app/sort/comparators/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/node.js b/ui/packages/consul-ui/app/sort/comparators/node.js
index 291259068097..fb70550750ea 100644
--- a/ui/packages/consul-ui/app/sort/comparators/node.js
+++ b/ui/packages/consul-ui/app/sort/comparators/node.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/nspace.js b/ui/packages/consul-ui/app/sort/comparators/nspace.js
index 5cfcec52de31..fdf6b7ad6826 100644
--- a/ui/packages/consul-ui/app/sort/comparators/nspace.js
+++ b/ui/packages/consul-ui/app/sort/comparators/nspace.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/partition.js b/ui/packages/consul-ui/app/sort/comparators/partition.js
index 5cfcec52de31..fdf6b7ad6826 100644
--- a/ui/packages/consul-ui/app/sort/comparators/partition.js
+++ b/ui/packages/consul-ui/app/sort/comparators/partition.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/peer.js b/ui/packages/consul-ui/app/sort/comparators/peer.js
index a8f067f4bd82..b1646c96df98 100644
--- a/ui/packages/consul-ui/app/sort/comparators/peer.js
+++ b/ui/packages/consul-ui/app/sort/comparators/peer.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { schema } from 'consul-ui/models/peer';
diff --git a/ui/packages/consul-ui/app/sort/comparators/policy.js b/ui/packages/consul-ui/app/sort/comparators/policy.js
index f6bf39a991d8..73039e329b8a 100644
--- a/ui/packages/consul-ui/app/sort/comparators/policy.js
+++ b/ui/packages/consul-ui/app/sort/comparators/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/role.js b/ui/packages/consul-ui/app/sort/comparators/role.js
index 392ca2b5e8cb..f620970e0613 100644
--- a/ui/packages/consul-ui/app/sort/comparators/role.js
+++ b/ui/packages/consul-ui/app/sort/comparators/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/service-instance.js b/ui/packages/consul-ui/app/sort/comparators/service-instance.js
index 3a7c5addf1d1..ffc7e7daaa4f 100644
--- a/ui/packages/consul-ui/app/sort/comparators/service-instance.js
+++ b/ui/packages/consul-ui/app/sort/comparators/service-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/service.js b/ui/packages/consul-ui/app/sort/comparators/service.js
index 1ac95e927cd3..7ef05b2f44ca 100644
--- a/ui/packages/consul-ui/app/sort/comparators/service.js
+++ b/ui/packages/consul-ui/app/sort/comparators/service.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/token.js b/ui/packages/consul-ui/app/sort/comparators/token.js
index ec2638a5e789..04e2b54a8388 100644
--- a/ui/packages/consul-ui/app/sort/comparators/token.js
+++ b/ui/packages/consul-ui/app/sort/comparators/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/sort/comparators/upstream-instance.js b/ui/packages/consul-ui/app/sort/comparators/upstream-instance.js
index 8bedc8a0944f..73d02d7740ec 100644
--- a/ui/packages/consul-ui/app/sort/comparators/upstream-instance.js
+++ b/ui/packages/consul-ui/app/sort/comparators/upstream-instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default ({ properties }) =>
diff --git a/ui/packages/consul-ui/app/storages/base.js b/ui/packages/consul-ui/app/storages/base.js
index c4bd743205b9..4645bec35a69 100644
--- a/ui/packages/consul-ui/app/storages/base.js
+++ b/ui/packages/consul-ui/app/storages/base.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default class Storage {
diff --git a/ui/packages/consul-ui/app/storages/notices.js b/ui/packages/consul-ui/app/storages/notices.js
index db0f2b6c4124..47656c75f0f2 100644
--- a/ui/packages/consul-ui/app/storages/notices.js
+++ b/ui/packages/consul-ui/app/storages/notices.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { TrackedArray } from 'tracked-built-ins';
diff --git a/ui/packages/consul-ui/app/styles/app.scss b/ui/packages/consul-ui/app/styles/app.scss
index f51022ed3ddb..370df7d8db38 100644
--- a/ui/packages/consul-ui/app/styles/app.scss
+++ b/ui/packages/consul-ui/app/styles/app.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @charset 'utf-8';
diff --git a/ui/packages/consul-ui/app/styles/base/animation/index.scss b/ui/packages/consul-ui/app/styles/base/animation/index.scss
index 0c0114cbb7c2..f335aeb1f000 100644
--- a/ui/packages/consul-ui/app/styles/base/animation/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/animation/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %with-transition-500 {
diff --git a/ui/packages/consul-ui/app/styles/base/color/index.scss b/ui/packages/consul-ui/app/styles/base/color/index.scss
index 9b15c0b3187a..31f62f1d7b5a 100644
--- a/ui/packages/consul-ui/app/styles/base/color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './ui/index';
diff --git a/ui/packages/consul-ui/app/styles/base/color/semantic-variables.scss b/ui/packages/consul-ui/app/styles/base/color/semantic-variables.scss
index 80b8d21826ee..7545b487869c 100644
--- a/ui/packages/consul-ui/app/styles/base/color/semantic-variables.scss
+++ b/ui/packages/consul-ui/app/styles/base/color/semantic-variables.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/color/ui/frame-placeholders.scss b/ui/packages/consul-ui/app/styles/base/color/ui/frame-placeholders.scss
index 9b368f76c9fe..e6643cb1062e 100644
--- a/ui/packages/consul-ui/app/styles/base/color/ui/frame-placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/color/ui/frame-placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*TODO: Move this to the reset */
diff --git a/ui/packages/consul-ui/app/styles/base/color/ui/index.scss b/ui/packages/consul-ui/app/styles/base/color/ui/index.scss
index 9d300033e4e2..8ee89d099347 100644
--- a/ui/packages/consul-ui/app/styles/base/color/ui/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/color/ui/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './frame-placeholders';
diff --git a/ui/packages/consul-ui/app/styles/base/component/index.scss b/ui/packages/consul-ui/app/styles/base/component/index.scss
index 3077240e435b..7c3a9586ae86 100644
--- a/ui/packages/consul-ui/app/styles/base/component/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/component/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* allows easy application of animation-name based composition */
diff --git a/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss b/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss
index 484c32fd368d..6b08af29f19b 100644
--- a/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/decoration/base-placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %visually-hidden {
diff --git a/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss b/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss
index f8e942df358f..b5599fbe1edf 100644
--- a/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss
+++ b/ui/packages/consul-ui/app/styles/base/decoration/base-variables.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/decoration/index.scss b/ui/packages/consul-ui/app/styles/base/decoration/index.scss
index 646b4f597b90..69c19e62707b 100644
--- a/ui/packages/consul-ui/app/styles/base/decoration/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/decoration/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './base-variables';
diff --git a/ui/packages/consul-ui/app/styles/base/decoration/visually-hidden.css.js b/ui/packages/consul-ui/app/styles/base/decoration/visually-hidden.css.js
index 9e95bfa190dd..09554cc65e12 100644
--- a/ui/packages/consul-ui/app/styles/base/decoration/visually-hidden.css.js
+++ b/ui/packages/consul-ui/app/styles/base/decoration/visually-hidden.css.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (css) => {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.css.js b/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.css.js
index 3ee12dbddd9a..913913223cf7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.css.js
+++ b/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.css.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default (css) => css`
diff --git a/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss
index 00bc8b1c632b..26a151d19e5f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/base-keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 *::before, *::after {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/base-placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/base-placeholders.scss
index 5d01d2d8e110..dc5fd5faeeb5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/base-placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/base-placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %with-glyph-icon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/debug.scss b/ui/packages/consul-ui/app/styles/base/icons/debug.scss
index 2e2833ddc3f1..0131fa7ba788 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/debug.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 .debug-with-activity-16-mask-before::before,
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/keyframes.scss
index 074925d3a1c7..ae58e19b81c6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-activity {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/placeholders.scss
index 353d2b53fb42..250566bc9e03 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-16.scss
index dce1097b80f3..cd6a28488011 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-24.scss
index 6f638c62f545..75545dbbb146 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/activity/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/keyframes.scss
index 7df06b493020..6b759e35cc38 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-alert-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/placeholders.scss
index dd2358cb4436..bb1b2336f660 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-16.scss
index 8dbda2cc3813..8ba44d020bcd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-24.scss
index 731ced512d11..c1dce29db203 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/index.scss
index af5c4324542b..b52f72976c3d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/keyframes.scss
index 03f54bfc67ac..bf492d476fa5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-alert-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/placeholders.scss
index 5f5e18a08b52..cd28db21bc89 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/keyframes.scss
index 37de8fbcd127..d994532cc037 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-alert-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/placeholders.scss
index 1931b4b78234..438a03dfb540 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-16.scss
index a2c76cf4f912..dfcb01a47d92 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-24.scss
index 62c36b49f742..59a7ae45ee4c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/keyframes.scss
index 79bbdb1a568a..d96dcd96f080 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-alert-octagon-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/placeholders.scss
index 8e3908508b2f..c22387b6f175 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-16.scss
index 10efe0035e38..36f78073b2f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-24.scss
index 57fb6c803ce6..c3ba379acdbc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/keyframes.scss
index d83d3ffbf58a..19e4fc9d4f50 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-alert-octagon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/placeholders.scss
index 11096098fb8f..9caa6a0cb06e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-16.scss
index 1a1dd2c66500..e8bd7027f721 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-24.scss
index 255763984f19..f2793037173c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-octagon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/keyframes.scss
index f905f1de7899..6e1b0d881f6f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-alert-triangle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/placeholders.scss
index 4c1999b027a4..2e89681597a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-16.scss
index 272856492983..8ae7906203e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-24.scss
index 5df243045bd8..09ff8eaae22a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/keyframes.scss
index ba6b56df5108..a7d350e171bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-alert-triangle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/placeholders.scss
index effdaa4aa79f..756824e275df 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-16.scss
index 6f9133117b67..d6d18782c470 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-24.scss
index 1823b18480a8..ef3409605fe2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alert-triangle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/keyframes.scss
index 8bc2692b7122..089106c8910a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-alibaba-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/placeholders.scss
index 3d1c44740a24..d446e7251faf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-16.scss
index aea61c94d75f..3ccc015fdba9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-24.scss
index 5d5ef033a3fa..27654234be3d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/index.scss
index 2051613154e6..f7a6620e852a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/keyframes.scss
index 68525c080d2d..6bbc0ef63589 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-alibaba {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/placeholders.scss
index 65007a25e70f..ab7f97952d0f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-16.scss
index 895dd9dc835b..c633a11c6c66 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-24.scss
index 3173067c11c3..502e22a7cd46 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/alibaba/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/keyframes.scss
index edc7d9618a02..42075b4c6361 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-align-center {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/placeholders.scss
index b38872d54289..d68605615231 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-16.scss
index 1e24871c2649..6c4e3facda3c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-24.scss
index 9ead0327c973..5b79eb471593 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-center/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/keyframes.scss
index a5977db7a085..a77fa182b7d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-align-justify {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/placeholders.scss
index a7dea6c414b1..97795f179196 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-16.scss
index b89a196023f7..e22c27edac0d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-24.scss
index adfb20f2a12c..ce57b1316fd6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-justify/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/keyframes.scss
index 777c8c5e1b8f..538adc5b5e14 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-align-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/placeholders.scss
index 482de99da500..8e2aa30b8c00 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-16.scss
index 7f53fb6a6882..5ac3ba3f6ac3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-24.scss
index ea94ac1dff3a..c8e8c9d07738 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/keyframes.scss
index d51ac3b28234..9260c7a74c52 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-align-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/placeholders.scss
index 7fa5b875f693..3223226f85e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-16.scss
index 9ace1f2418a2..b9eeaa778900 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-24.scss
index 4de0b2468e46..655f56737ded 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/align-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/keyframes.scss
index 91c9b2851b22..de58952127fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-amazon-eks-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/placeholders.scss
index bd9915d1c85b..b2920c738169 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-16.scss
index 17ff1beb921e..78b49a21dc87 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-24.scss
index dde776e55484..6f7b1f6596f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/index.scss
index 92dad310a6e8..575d42adce42 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/keyframes.scss
index 1ee88e61dc0e..3ba69b991f20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-amazon-eks {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/placeholders.scss
index 0858d1d4e202..3431a2e9a564 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-16.scss
index 5dc2502d09b9..5224a7a4dca2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-24.scss
index e418a9fc0a32..cee99b98672d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/amazon-eks/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/keyframes.scss
index c79789effac6..4bdd75fdef58 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-apple-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/placeholders.scss
index 0ae9f9435956..cc873c3eeebd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-16.scss
index 524052bd7dc8..c140d36aa8e2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-24.scss
index 944b67bdcbd8..e14880dfd1f8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/index.scss
index e55c818644a0..a93218e05257 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/keyframes.scss
index 94f7cd9dd938..8a4d53c9b767 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-apple {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/placeholders.scss
index 996fdebe1cc8..ee5d05f187bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-16.scss
index 993d6ed37906..34fd6002b029 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-24.scss
index 8c8141c22e72..a971bb0818f5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/apple/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/keyframes.scss
index 95098f8503cd..fa50db95b099 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-archive {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/placeholders.scss
index 0c834ef06833..05185c7a9b07 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-16.scss
index 06a1ce159f3b..64237bd8b8e4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-24.scss
index 35675791ffa6..404ed2fa28d0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/archive/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/keyframes.scss
index 4d5495cb0b11..9e163693216d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-down-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/placeholders.scss
index 680342cd98dc..f08dae390218 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-16.scss
index f36a7adf0743..c7f3c7e8102c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-24.scss
index 15164b014057..18d2f7c8b381 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/keyframes.scss
index 010b3d572ff9..650834d6c5cf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-down-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/placeholders.scss
index f16d564e0346..162e96ef78c2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-16.scss
index 57cb58bd63ca..b0e1400899d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-24.scss
index 08dfc0fa9928..59d29169f71b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/keyframes.scss
index ad42f83c97f8..43ae014908ea 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-down-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/placeholders.scss
index cd5b824e97ae..1c56664f7963 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-16.scss
index 805f53e04858..6770a43e81d6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-24.scss
index 51336e9e8df2..a8dd4f8e0690 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/keyframes.scss
index 1e25289d07e1..66ae7837b812 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/placeholders.scss
index d2b8aa62a9c2..9e4e377c97cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-16.scss
index 2e71c1bb295d..d1ead1bb5486 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-24.scss
index 4429d66fb30b..1526cb4c9e73 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/keyframes.scss
index f6361c4e96a6..288e7a113bd5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-left-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/placeholders.scss
index f5b6ca5d0272..60afbbf7bc7f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-16.scss
index b5d08eb3ecf7..b129861a3887 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-24.scss
index 9d4c4b16ae8b..e6ac52eab589 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/keyframes.scss
index 902828c38d73..4d3b134ba06f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/placeholders.scss
index 2b0cf709d475..4913edc59c45 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-16.scss
index fcd0cb23a8b9..552fc7a49b9b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-24.scss
index 1b9b7c0d0987..8e70e55dc0d0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/keyframes.scss
index fb6d8b938dc4..5a30b053abbb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-right-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/placeholders.scss
index 510f507f7a4d..83f28918cfe3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-16.scss
index 6d20469ee459..d02e72de3ee4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-24.scss
index bebc2f5e8535..2c301cf74248 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/keyframes.scss
index bbc7a11c134c..ed9dc51b686b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/placeholders.scss
index 88adae804335..02382cac4035 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-16.scss
index 8ef46620930f..5dd980fb2870 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-24.scss
index d9b9335b9e09..5402109713ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/keyframes.scss
index 6d84ba167024..7a69ea30563f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-up-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/placeholders.scss
index b4f5359ccf95..a1a7bd6aa132 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-16.scss
index 9fd862889387..9619f71e44c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-24.scss
index f5aed4d76d83..1ab45c00d5a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/keyframes.scss
index 8f93cbe52b87..ae1de7e4d642 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-up-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/placeholders.scss
index a22d049e1f31..17b70aa534b1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-16.scss
index 67e30b276fa9..5a77fca93de6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-24.scss
index ea769da9c720..859594dbee3e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/keyframes.scss
index 17d3439af3a0..6c1e698d6bcb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-up-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/placeholders.scss
index c9102a076cae..0fac6954667d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-16.scss
index ee72eed7f5b3..ad33f5362bac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-24.scss
index 2748d0ba5daa..a7015b96d314 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/keyframes.scss
index 3f939b96d38c..dc405fa8350e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-arrow-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/placeholders.scss
index d6337f564dc6..6f0d6e9f103f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-16.scss
index 7698ca7a5f86..aa34bfae2ef9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-24.scss
index 004aadb9b58b..e304695237f3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/arrow-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/keyframes.scss
index af0cc5a2d0bc..382171b3066e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-at-sign {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/placeholders.scss
index 4b6e792f8b4f..ef4249e8de0c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-16.scss
index 35ca543c0717..f0b0967fa731 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-24.scss
index a80a2e275d4d..7cf9239708c6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/at-sign/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/keyframes.scss
index f61a9ec361d5..f344039bc5db 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-auth0-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/placeholders.scss
index d33b504c31ae..047e5e904eb3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-16.scss
index ba821cc98806..635bf4fa3ca4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-24.scss
index ce38c8a2d648..d9c916eea88e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/index.scss
index 60fbff8e53ef..2ac024093997 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/keyframes.scss
index dac71af5818f..d7bf4bc27b04 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-auth0 {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/placeholders.scss
index d91cea78255f..823b6540ca41 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-16.scss
index ba821cc98806..635bf4fa3ca4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-24.scss
index 469bcc8786fc..f4d304879e72 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auth0/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/keyframes.scss
index 4e3f9eed858b..fc5bb6faec91 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-auto-apply {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/placeholders.scss
index 2096dbb22ad9..ae320b2fb1a2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-16.scss
index 93fcb9ffd223..19c3073c8280 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-24.scss
index 39c3f4e3afaf..c8d871ef2f39 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/auto-apply/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/award/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/award/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/award/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/award/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/award/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/award/keyframes.scss
index ec6af6883ed0..7a96af339dd9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/award/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/award/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-award {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/award/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/award/placeholders.scss
index 5a6e3db614f6..46461d4b4b59 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/award/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/award/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-16.scss
index c479e6b41cb8..77c3521583b1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-24.scss
index b10d05cf89fb..9b447831e51a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/award/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/keyframes.scss
index 3e3a3a02fac0..f4c9c7f6c4bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-azure-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/placeholders.scss
index affacac1a20d..c838fb0003f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-16.scss
index 4026e8685c49..06413e5e626d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-24.scss
index 62ac5a5c6132..ed6444c2994e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/keyframes.scss
index 52a9cf76f962..05377a2261de 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-azure-devops-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/placeholders.scss
index 70cf0b138a14..99d1dd1271b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-16.scss
index 1d340b9e53da..51f1ef9169d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-24.scss
index 81ee63569fa1..189de379b50c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/index.scss
index 90d05644b089..a469817aefd6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/keyframes.scss
index bf4994065c46..00f72b8f6b27 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-azure-devops {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/placeholders.scss
index df11a00bb39d..fc36d2342ee9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-16.scss
index c758b8a951ec..e9c17de6b8c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-24.scss
index ab4b2678eeaa..9a9992daac50 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure-devops/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/index.scss
index 57796cbe4d4c..460bb93ca44c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/keyframes.scss
index d6b5215fd1cb..26050f772396 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-azure {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/placeholders.scss
index cf4ce5203e14..909c7e0c896f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-16.scss
index 5fb44f6d83ca..49180ae4dfba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-24.scss
index 2e9a8bc64649..5d6e621898a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/azure/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/keyframes.scss
index 1198e82ae9b9..937f60bd1c37 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bank-vault {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/placeholders.scss
index f1e01cbc53db..0d590e9f68a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-16.scss
index ec7e4fc6576e..3920d3ca4a88 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-24.scss
index 175a50ba19a2..5b880b5b4621 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bank-vault/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/keyframes.scss
index 3d267e2be42a..24d454814637 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bar-chart-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/placeholders.scss
index c6fe294ab63c..10b6a8163586 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-16.scss
index 99047afeb3ff..4bd046c45d6a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-24.scss
index b3e0126d5e7a..fd36ec0c9a04 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/keyframes.scss
index 5934a161a9dd..436bf7f8df4f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bar-chart {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/placeholders.scss
index 6dbb0aa1a845..6b8d83da54ef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-16.scss
index 19400e36910c..dc3af3fe66a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-24.scss
index 7520ec578656..eb872294e8ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bar-chart/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/keyframes.scss
index 2910f6ba28cb..2d478adebec4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-battery-charging {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/placeholders.scss
index 169c4b03e85a..eee2cda5332a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-16.scss
index c569483aeb5d..97748d66cd26 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-24.scss
index 1b8ed8ab1fe8..898a082d9ad3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery-charging/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/keyframes.scss
index 4f560185c8b6..506bf682b76d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-battery {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/placeholders.scss
index f4a9d06343e0..a67cbfddce77 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-16.scss
index 5d3fe714935f..a7e7a1519b6e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-24.scss
index 90465435e3fa..673ee4ec9d22 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/battery/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/keyframes.scss
index 20b75d92d1fe..f9dbc2c45b8e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-beaker {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/placeholders.scss
index 5fcbe9b7af54..bf2af4a632b8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-16.scss
index b847897d1d6c..7432b00b1867 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-24.scss
index 7269f26cb491..7d6dd84a320b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/beaker/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/keyframes.scss
index 72fabd95531c..9e84ab705777 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bell-active-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/placeholders.scss
index 0d7bc721a48f..f225005fabc5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-16.scss
index 42ee89888486..89379e6f64a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-24.scss
index 5e2c36ecd05c..5e651edb6aa3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/keyframes.scss
index 526357d7e742..e8738e2cbca1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bell-active {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/placeholders.scss
index dd612ae22b80..de4dcea80dfb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-16.scss
index df673f629149..68a82216b640 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-24.scss
index 60afe0f69e61..9cddf53f2373 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-active/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/keyframes.scss
index aeb34d45883f..349aca465bdf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bell-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/placeholders.scss
index b812218eafe0..6a5a67144146 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-16.scss
index 524306acee97..7b0743bb75b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-24.scss
index ef2bf9f25fdc..768b78de1774 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/keyframes.scss
index 65babffb06ab..164f172d1cfe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bell {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/placeholders.scss
index d7ed65bc02d8..ed9e27ee4d4a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-16.scss
index 426e72c313ba..5d5234bf2706 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-24.scss
index 7401f1a83d0d..2d23120bbd35 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bell/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/keyframes.scss
index a27dd84dee0f..5dc4d9288dff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bitbucket-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/placeholders.scss
index f95ba8704fc4..7f9ebeff4c2a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-16.scss
index 35f421bb85d6..4fe71101cf65 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-24.scss
index 4d9ac52acf16..109c80d9fba6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/index.scss
index b2a50e60e596..be18ada7ed24 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/keyframes.scss
index 0ed7d11559f5..5f6cc9685b9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bitbucket {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/placeholders.scss
index cf6287cadf7b..1336423c6bf4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-16.scss
index 2d0a025fedaa..161953edf4de 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-24.scss
index 043b8af3e980..5110a7389636 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bitbucket/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/index.scss
index 258ef25a3a53..c8fff7727b72 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/keyframes.scss
index 7e71046efd04..df57265e5ae5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bolt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/placeholders.scss
index a85661559a59..e96f8f1aaa8f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bolt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/keyframes.scss
index 1cc6a76002f1..8af48284c922 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bookmark-add-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/placeholders.scss
index f605a1beeb9f..e3ed647d0a53 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-16.scss
index fca2fbf0705d..7156d2bc7e38 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-24.scss
index 7eb9073997f8..81de585acad0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/keyframes.scss
index 072715ec8e20..add4513273ba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bookmark-add {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/placeholders.scss
index 9d406d44a942..d6ebdccb012b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-16.scss
index 0831acd7eeeb..ca7190f27f57 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-24.scss
index ee196c218b3d..78c72c6998f3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-add/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/keyframes.scss
index 40a4ca56eb17..ea87d18f520f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bookmark-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/placeholders.scss
index 04383c211c56..69b40d1bf048 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-16.scss
index a42b84e81f7d..2c1f32ffaa0f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-24.scss
index f6543df57dcd..1b22db36a5c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/keyframes.scss
index 70168716a364..dbfaf2ce931e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bookmark-remove-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/placeholders.scss
index f4112415447a..c7672c7bf059 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-16.scss
index e4a0bd7259a8..2fc7946cad4a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-24.scss
index 29a86fb19532..e362472e4097 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/keyframes.scss
index 5a418587969d..05a9c5b43509 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bookmark-remove {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/placeholders.scss
index 28c0e1143f23..47d627892314 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-16.scss
index 2f27a25c08ac..ae3b53355097 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-24.scss
index 7f4f59117bb8..2f752aecf786 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark-remove/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/keyframes.scss
index 49eb3962720c..a3c73dada875 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bookmark {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/placeholders.scss
index f64a0b99701a..9b2c548e8a41 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-16.scss
index 82b656d31bf0..8f6424b8f716 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-24.scss
index c75694b1fae1..bf0c907d8080 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bookmark/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/keyframes.scss
index 406d0ebd5c5b..a4a4c9c6652c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bottom {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/placeholders.scss
index a9556e8d38e3..29ae545ada14 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-16.scss
index c80674dbd38d..34502324cf6f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-24.scss
index df2c87152d29..5925d6fd37f5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bottom/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/keyframes.scss
index 7c3a047780bd..3395756ddeb2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-boundary-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/placeholders.scss
index 80485e1d107f..727c9c9f5249 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-16.scss
index 3e4159d11a3d..b13396ce0c4a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-24.scss
index da2046ae44fb..fff277b31325 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/index.scss
index bfb0b2d3da5f..0ce950660eb5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/keyframes.scss
index 4bc10d76f2f7..b840a6532593 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-boundary {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/placeholders.scss
index 3cb0d44af026..79494d07ff1a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-16.scss
index 2f86f4fdadcc..803ca4154583 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-24.scss
index 78c984366ac9..791c947fa3e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/boundary/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/index.scss
index 61a22d9daf6b..ac45fbe51acd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/keyframes.scss
index df95628c3676..e1647a25bcbd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-box-check-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/placeholders.scss
index 3a0e96eb537f..5107a22d4f29 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-check-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/index.scss
index c236b51d8996..a3f64e1e4817 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/keyframes.scss
index c15d858d016c..4999d9bfa346 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-box-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/placeholders.scss
index 5d75afb541f3..056eeaa19ab2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box/keyframes.scss
index e404a9a7e914..b659319096eb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-box {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box/placeholders.scss
index ac00eccd6de2..ce461f40b5ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-16.scss
index b609887261c5..559b755bbded 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-24.scss
index 451a7c3b15a3..53c5bf5b9af4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/box/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/keyframes.scss
index b5e2b49f0af4..6a16ccad6c2c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-briefcase {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/placeholders.scss
index 147322aef8bd..fde71a037222 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-16.scss
index 7698e6d4613e..081897cc0426 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-24.scss
index b1b080b29f9c..070630879733 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/briefcase/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/index.scss
index 8f5c8bd54752..f0105891e718 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/keyframes.scss
index 62d74700fc3e..3a9c3ca2ffbd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-broadcast {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/placeholders.scss
index 9e794c7bd6e0..aaeba80b64e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/broadcast/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/keyframes.scss
index 5bb58e73b9dc..d9e671d229dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bug {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/placeholders.scss
index 850f693711f9..87dedfcf46bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-16.scss
index 193d67da721b..11e8f0ed7060 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-24.scss
index c499e234655e..0ad80ae61443 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bug/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/build/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/build/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/build/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/build/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/build/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/build/keyframes.scss
index 4acc8d3f4033..48abcaaf1c7f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/build/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/build/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-build {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/build/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/build/placeholders.scss
index 5472b5863829..487fbda3c700 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/build/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/build/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-16.scss
index cb7e0517d9c5..6b9502a7d399 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-24.scss
index c7384bd17e7b..dc1e72ee53fc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/build/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/keyframes.scss
index bbc09aeefcba..920b209a7544 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-bulb {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/placeholders.scss
index 0413ffc33151..60e45fee3d03 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-16.scss
index bd37e7ceaa0a..6b3137eb9981 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-24.scss
index 43c3a4f4c610..be2bfbea63c2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/bulb/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/keyframes.scss
index 6014ea73d683..a7af1b3830a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-calendar {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/placeholders.scss
index b6772f9091ae..c98cfb22c942 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-16.scss
index 78731e521150..53347f5288e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-24.scss
index 7176f024b37b..8fb47768e69b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/calendar/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/keyframes.scss
index 05baf891cb6d..9cf2cec6d0d1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-camera-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/placeholders.scss
index 053eb0bd2f98..be09b92e86e7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-16.scss
index c4f251374936..502be31fa0d0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-24.scss
index d058c197b2d9..59e66c9ee876 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/keyframes.scss
index f53f121015f6..7562890121a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-camera {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/placeholders.scss
index 10c19eb67358..c3d861976380 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-16.scss
index 0f37a42b1d2c..ec5370b04414 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-24.scss
index b7f4d719ed18..16d821faf9ec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/camera/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/index.scss
index a306b7916907..2e6a0d76d742 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/keyframes.scss
index 02a363cbf2a3..dad37a13d5a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cancel-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/placeholders.scss
index c1731f0459d5..319364a19e0e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/index.scss
index 943585eade34..ab3ee1f5c526 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/keyframes.scss
index 8870216eb5a4..70c0b1196158 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cancel-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/placeholders.scss
index a9b3362c578e..d1f3b3fbbee6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/index.scss
index d6a6d1120e8f..fe09ef6bb2ef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/keyframes.scss
index 9410d029bf18..fa6a2866bd28 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cancel-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/placeholders.scss
index d18d5e629c6b..16a964854ad7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/index.scss
index a40930d8c385..0c34b11ff5ff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/keyframes.scss
index 33e30a5dda88..da9df57194a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cancel-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/placeholders.scss
index fb1c456e56dc..018bb3e9e428 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/index.scss
index 2b7072c6d383..0f7eb12f7ad1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/keyframes.scss
index 6b7e30122167..c8e7ea4fcc1f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cancel-square-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/placeholders.scss
index 835f77d367e7..ce05a72eff1f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cancel-square-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/index.scss
index 2613539e2b75..9ce54e80df36 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/keyframes.scss
index 7f0a5e729210..a5f8fd6491fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-caret-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/placeholders.scss
index 42f57e4ea139..1cbfbf4385d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/index.scss
index 886eaecdea35..f726896c0ff7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/keyframes.scss
index 45542629ec0b..23633ae8d229 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-caret-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/placeholders.scss
index cb2121b7117b..34bc49188392 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/keyframes.scss
index 10e1b9f31e4d..9134c301c33d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-caret {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/placeholders.scss
index 0fdd86953cdd..8aedb4c3c6c6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-16.scss
index 334628669100..e92751e020ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-24.scss
index 11e94eb7391f..54a79a5448b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/caret/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/keyframes.scss
index daeab71f2e30..a5b04c2e125c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cast {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/placeholders.scss
index 7ed224f3e356..1998cda4a79f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-16.scss
index 2c752b53ba40..5500f0d3ff41 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-24.scss
index 9a9f65f69a17..e7297c802269 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cast/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/keyframes.scss
index 23531ccc3d2a..ea7094844fca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-certificate {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/placeholders.scss
index e232f0da141a..67ce5f89ca4c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-16.scss
index f603611d17c3..8ad944bf8a8a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-24.scss
index 47cbeaf168b9..fc1860f45b4a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/certificate/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/keyframes.scss
index 6ef069458128..84be1cfc2b45 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-change-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/placeholders.scss
index 274604f1c802..663945b54558 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-16.scss
index b749a5a4cbf7..c68d22b5eb77 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-24.scss
index b465691aa603..fd62070ca492 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/keyframes.scss
index 9de36907831d..cb8fa81c0e76 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-change-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/placeholders.scss
index 6e34cc11945a..70b96218d45e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-16.scss
index 415d77f39d1f..11ca7a9e0644 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-24.scss
index 0066ef360406..96fc1bdff69c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change/keyframes.scss
index 264f62bafd36..88dc35b796d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-change {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change/placeholders.scss
index 2838965fd3ed..861813e50ec0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-16.scss
index d811a2d843ad..50f0f2e7ddee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-24.scss
index 40a98e485263..43f20a875968 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/change/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/keyframes.scss
index 092a990afb3e..45f67999fee7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-check-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/placeholders.scss
index 207490ccf438..deace71627f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-16.scss
index 992644f8d33f..5c48aea6ab64 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-24.scss
index 930e429704ca..e9b5434e4d57 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/index.scss
index 6039ff04ce02..671b9d7ba708 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/keyframes.scss
index 2147b60243fd..46dbd5772946 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-check-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/placeholders.scss
index 099aeb1c676f..235aedfa0ae6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/keyframes.scss
index 78cc472f4829..2ef8f40d52d0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-check-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/placeholders.scss
index ba97e52aa2ee..070a71e0b949 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-16.scss
index 1b3553f06192..e22680fa57c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-24.scss
index 0275305f18f1..104de1fa2965 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/keyframes.scss
index 49cd93a90b35..95a3f7c65389 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-check-diamond-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/placeholders.scss
index ce0bb6977729..6deb8e2bdc40 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-16.scss
index 2e49014a5a2c..2a0671516d11 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-24.scss
index 4708f3bbcbd1..206a4224f707 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/keyframes.scss
index a4ad1b13a447..8fe7fd97d4d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-check-diamond {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/placeholders.scss
index eb2d1a198d7c..1e2f9ce3d8e9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-16.scss
index 31c9a12c9beb..4852a37af042 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-24.scss
index 01cfd56efebc..8f40c2de9b8f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-diamond/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/keyframes.scss
index 1555190c8aff..8b19f1b0f9ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-check-hexagon-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/placeholders.scss
index f0fb86ea9157..04b73f5190a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-16.scss
index 93ee5fcaa593..e3bb499a746d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-24.scss
index 7b778df31d35..95519a5e0cb6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/keyframes.scss
index acc469b09fac..0b8e7a06f80a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-check-hexagon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/placeholders.scss
index 346df5f51a82..6eb8c2bb1aec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-16.scss
index 09198c201e9d..17b897ee1770 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-24.scss
index d0ebe79bdaf0..54e5c201905b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-hexagon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/index.scss
index 502a76f09ae2..cc27b8155ff4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/keyframes.scss
index c05b22a2d5c9..593753e80f7e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-check-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/placeholders.scss
index 34209368c729..ca5a2dfc0b3f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/keyframes.scss
index e8e9eeb7d2e6..3c8fd9da3cac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-check-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/placeholders.scss
index 9a68eead4f95..d4cfdfcc8269 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-16.scss
index 6529447dd5cc..86f0bf05647a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-24.scss
index 371876a4a9b7..d4e4b8e4e0b2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/keyframes.scss
index 37ab1f690606..4a58dacf7dd6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-check-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/placeholders.scss
index d4eed4741e12..a339e1fec001 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-16.scss
index 15e5c90df4d8..d31670b9c505 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-24.scss
index 3bf7b8a60267..c955ee7e49e9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check/keyframes.scss
index d88d13a6b534..c8e79d923454 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-check {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check/placeholders.scss
index dae1f446843b..daadc803571b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-16.scss
index b3e5c4e1ecec..12e0aedd543b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-24.scss
index c0a1ec6b1e01..ff171f6b05c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/check/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/keyframes.scss
index a95151cab6d8..4b0f7260865d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-chevron-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/placeholders.scss
index 2da5d4d1e2ff..4748bd4d9ee9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-16.scss
index 013b7b74038d..7070b934d7b8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-24.scss
index 2065384b88cb..5f50ce25ad28 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/keyframes.scss
index d0ad75dfba7b..327b1f93ff35 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-chevron-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/placeholders.scss
index e1944b3e1747..0b1572b9d8ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-16.scss
index c79595989092..126cb39ccb52 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-24.scss
index 00becb368d96..9a7432db400c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/keyframes.scss
index 3e639e0a87d3..c4379fd3160a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-chevron-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/placeholders.scss
index 6228295a8c0b..e9c3f703a8fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-16.scss
index 0043debb3af4..7d16aa12862e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-24.scss
index 689d4a06b5c5..1443f4bcae40 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/keyframes.scss
index cae405e4339c..3eb5d9be9c0a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-chevron-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/placeholders.scss
index 07bae126a608..ede17a02748c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-16.scss
index e31ab6d3cc78..24158d5e003a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-24.scss
index a64a1049484a..8e674db191d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevron-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/keyframes.scss
index e5eb2c2f9ed2..46835d57bd8a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-chevrons-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/placeholders.scss
index 2cc4b5cce08d..01462aa7a2d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-16.scss
index 2e5945cd7544..0084a21b9dd5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-24.scss
index e62b38f7a891..718faa523d33 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/keyframes.scss
index 5f419179315d..90cd13e1fcc1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-chevrons-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/placeholders.scss
index 5fe31cfe471a..0beb5ee37787 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-16.scss
index 503f0ec58954..ced3bd163583 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-24.scss
index f009003e7714..a38e05798f91 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/keyframes.scss
index 3a2f91d95fc8..cff862e01c72 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-chevrons-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/placeholders.scss
index 5ccfcb9cd29c..4e0dc96b1df1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-16.scss
index 13048869e205..46c3c5ba9274 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-24.scss
index 6f56394bca5b..9e31049e0433 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/keyframes.scss
index 3b296d85b5e1..612f1dabe558 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-chevrons-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/placeholders.scss
index 7e2911475f95..0d9a728013a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-16.scss
index a9d777f7d1b6..bbf71a6b1b9a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-24.scss
index 76d5809be632..d281824a0fc3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/chevrons-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/keyframes.scss
index b170f1eadacc..ecb4c94c6d53 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-circle-dot {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/placeholders.scss
index 4f707b2a46ab..f1659e1cdd04 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-16.scss
index 290a3b17e9cd..4dbcfde5c355 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-24.scss
index 86a5a6d7edc1..1a152aa23eda 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-dot/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/keyframes.scss
index ed03b157b154..f3d78a1c3500 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/placeholders.scss
index 9896797133c0..68510756cdd6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-16.scss
index ec4450fb9fb8..cd55d9c6957d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-24.scss
index 20b62203c94a..93426c0d7333 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/keyframes.scss
index 05fc2a97d66b..5467146df88e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-circle-half {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/placeholders.scss
index 47aa3ae7fb59..cdc802df43d4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-16.scss
index 5c6acf5f2643..47e667dba7be 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-24.scss
index 786353a7576c..3fef93c9e663 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle-half/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/keyframes.scss
index 20f40ad7a24d..bba969335613 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/placeholders.scss
index b32f0d456fa2..ad7ffdc920af 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-16.scss
index 444e9325038c..0c66bf49d282 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-24.scss
index 85f173521ea9..baf19bb2f7c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/keyframes.scss
index 24e18162537a..a294fdb40e47 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-clipboard-checked {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/placeholders.scss
index dc006b361e76..7197d30f3884 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-16.scss
index df29d6faa794..31358730121c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-24.scss
index a504c5e232f1..87421260b339 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-checked/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/keyframes.scss
index 503e2ba38bed..77bb7c292bb5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-clipboard-copy {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/placeholders.scss
index c6ff8d5379d6..fb6a298cc37d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-16.scss
index c8eb7a05f6f4..59479eddf942 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-24.scss
index a0402f41f110..44e9b23a55c6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard-copy/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/keyframes.scss
index 05c01b9ad99f..65c50edcaf80 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-clipboard {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/placeholders.scss
index a61b52ba0d4e..7596e9395026 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-16.scss
index bec5f233060a..45853b8a6054 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-24.scss
index 8a3e33e25d01..35f167109d50 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clipboard/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/index.scss
index d97ec2a16f2f..e9e5a13d0115 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/keyframes.scss
index 71b5c4ac6317..d7999225c52e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-clock-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/placeholders.scss
index 24e977e2feff..60342374542a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/index.scss
index d97ec2a16f2f..e9e5a13d0115 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/keyframes.scss
index 417eea8bfbc0..3c8d87485022 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-clock-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/placeholders.scss
index b3fc5057eadb..ddc8803c65a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/keyframes.scss
index f8bf669085da..914875f9c209 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-clock {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/placeholders.scss
index c88ca54a2e01..1c830034c806 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-16.scss
index 03f7caed237a..ebefcca9abe9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-24.scss
index fabfaea6e5e6..942482c280b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/clock/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/keyframes.scss
index e8079eb87784..210ac33e287e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cloud-check {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/placeholders.scss
index 03913343539a..aa6db2eccb67 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-16.scss
index e58b60f0aa97..6bdc6e0bba0e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-24.scss
index d5456e702a22..511a878cc487 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-check/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/keyframes.scss
index 75b06e09bda6..58369c3acb28 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cloud-cross {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/placeholders.scss
index 7366c6894a82..08c67367f65c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-16.scss
index 4a693d141681..8a08b6017366 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-24.scss
index fe0a427f5a29..793687062234 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-cross/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/keyframes.scss
index 8f09605bb09a..843c075cf058 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cloud-download {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/placeholders.scss
index f8c20917bec2..6b4eb54b58da 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-16.scss
index 2f7d4f9b58c0..d83d00b51a8a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-24.scss
index 3d8decc0d773..e82ef479a43f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-download/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/keyframes.scss
index b115bb955921..90361ecaffa7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cloud-lightning {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/placeholders.scss
index 7e1065d6619f..a5644c5d564d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-16.scss
index cf7ab446233d..c02cd40bed9e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-24.scss
index 711aa09ebd71..0935b3d17b9a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lightning/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/keyframes.scss
index dc6bfde5bbfc..5db241e13003 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cloud-lock {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/placeholders.scss
index 9c3e8f54fb14..b49a0d0a147c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-16.scss
index 998d7578507d..25fc4632a06f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-24.scss
index 15a03c367e88..f7c649f2fe75 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-lock/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/keyframes.scss
index f84372b8cc52..734979cc4ecd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cloud-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/placeholders.scss
index 028667d9b6d4..4c5efd21b96d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-16.scss
index 52d3c03165b2..68946b513252 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-24.scss
index 8b6c0e739fbd..54c221a71894 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/keyframes.scss
index ca527549abdb..75076c8a1d8d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cloud-upload {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/placeholders.scss
index b2c92bfe986f..69b48ae799b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-16.scss
index d349a8c06488..00875c16b300 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-24.scss
index 9e5e0421aa05..677e5a2ae423 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-upload/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/keyframes.scss
index bc10ffebde30..772030dc572d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cloud-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/placeholders.scss
index 85daed15f23e..29caa9759013 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-16.scss
index d2491888b2b4..9c8fa1cf9f02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-24.scss
index d8877db457ec..bdbe1ec41e17 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud-x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/keyframes.scss
index d9b1f22cc917..462d2787fa88 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cloud {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/placeholders.scss
index 36f36fde3b9f..ffc10227f944 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-16.scss
index e8709ffdd7bf..d0c78fc6bd77 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-24.scss
index d55cd0c291fa..dfc70f94c311 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cloud/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/code/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/code/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/code/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/code/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/code/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/code/keyframes.scss
index 7316a6a4e22e..8d3efb925bfe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/code/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/code/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-code {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/code/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/code/placeholders.scss
index d22bad7eff5d..13be5cc0d74c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/code/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/code/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-16.scss
index 01baf8c4551c..c47972496381 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-24.scss
index 3b35f27689e6..858000b337a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/code/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/keyframes.scss
index 07dc4dd5408c..5cd82484c47c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-codepen-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/placeholders.scss
index 603e44debc8c..93b3557ecbf6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-16.scss
index 4d4d00b0535c..2249d3c13b72 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-24.scss
index 2502772d2b13..f805e57e8b23 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/index.scss
index 9c744beec155..bd1528d9bbb4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/keyframes.scss
index d169089f6cb6..2817538914c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-codepen {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/placeholders.scss
index 03698eb044dd..14827a545d65 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-16.scss
index 9af0bcb23e41..2fae5290e4f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-24.scss
index 8dc4a976ee7c..5f785b8d2dff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/codepen/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/keyframes.scss
index 27fea855627a..dea5344409bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-collections {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/placeholders.scss
index 38a0a9dbac8d..b337c4309b2c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-16.scss
index 7cd7b02fe9c5..159ec0d78831 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-24.scss
index ee71f7a86b2e..3d272a7bbc2d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/collections/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/command/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/command/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/command/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/command/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/command/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/command/keyframes.scss
index c864cd504a4b..4c82aeb0663c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/command/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/command/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-command {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/command/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/command/placeholders.scss
index 2ffa3f276e1c..b92214588fc4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/command/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/command/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-16.scss
index 1b5926c246ed..e19158bd0cd8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-24.scss
index 89c9476130b9..0aa7197b338b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/command/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/keyframes.scss
index 06a0464264c0..f8b5b8186ce4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-compass {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/placeholders.scss
index 010f9631456e..c871dc9f891d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-16.scss
index ea8483b1f182..40917ba684d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-24.scss
index 7825860b6c09..bc4255dda367 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/compass/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/keyframes.scss
index 282565e26d7e..893951078fea 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-connection-gateway {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/placeholders.scss
index aa9679abff1b..12fdac2c6b30 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-16.scss
index 804a1c2b8ee9..62c78dd0a643 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-24.scss
index 70d1c1b28c60..b14caa1137ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection-gateway/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/keyframes.scss
index 125953b3cd8a..c06f12b69d34 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-connection {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/placeholders.scss
index 94186586fbc4..89c850cf40af 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-16.scss
index 657c0727f9bf..6c50354671bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-24.scss
index 6154cafce297..8fd1d0072869 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/connection/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/console/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/console/index.scss
index f6ba69102e6f..ee75e1eb800c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/console/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/console/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/console/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/console/keyframes.scss
index 375899de9afd..2ad71a5840b8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/console/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/console/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-console {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/console/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/console/placeholders.scss
index fc1c3c2c66bc..bf387838d9ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/console/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/console/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/index.scss
index a4a92af0263e..ba1a5f5a4cba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/keyframes.scss
index fddf122a5494..f58b03f20ac3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-copy-action {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/placeholders.scss
index 6bbe5845eb2c..afea92a4572a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-action/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/index.scss
index 68c80e049cf5..e0e0d9a46c18 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/keyframes.scss
index ef0e5386841e..61b820c3f151 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-copy-success {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/placeholders.scss
index dc73f8738166..25490a59d656 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/copy-success/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/keyframes.scss
index e18860cead89..2bbc9508e2ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-corner-down-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/placeholders.scss
index 07f80c2e75ca..b54e73cb6706 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-16.scss
index 0472d584d750..51c557aa2859 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-24.scss
index 2e2c8b7abcc6..c8318b4b9692 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/keyframes.scss
index 88ae1f5f71e5..d0e38ab54682 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-corner-down-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/placeholders.scss
index 9a3f8ccf7e02..4317e7d3594f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-16.scss
index 1962ef6c129c..ecba0e99ec13 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-24.scss
index cc97d82de1ad..198c093d902b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-down-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/keyframes.scss
index 0da09fe92c7e..1dcecb40b31e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-corner-left-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/placeholders.scss
index a0aabd008279..98fcaf604906 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-16.scss
index 84829386c423..42c8764914f8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-24.scss
index c6e0d67ddc75..f237311ac2bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/keyframes.scss
index 7cb1cdc097a7..f670fe1a1cdd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-corner-left-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/placeholders.scss
index 1557c8e78e1b..17277e98b79e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-16.scss
index 4695f58efda9..5af46ea8d19c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-24.scss
index a6b37889cd8a..5ea069d3317c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-left-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/keyframes.scss
index 4c85a2870d09..97e94ef81039 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-corner-right-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/placeholders.scss
index 55d075864b86..85dbc4737f55 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-16.scss
index c7201f7f10e7..03380737ab74 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-24.scss
index cb53df88b159..b45a05ee2167 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/keyframes.scss
index 24f57abdd56c..325b6137e254 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-corner-right-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/placeholders.scss
index d425febeb488..4bd75ad6e430 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-16.scss
index 0acc68cc19b9..729f4cf2c019 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-24.scss
index 5d3dc496ff87..2c6f67231d01 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-right-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/keyframes.scss
index 02c83a403a71..2778ee47a25e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-corner-up-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/placeholders.scss
index f27be2758dbf..30456959cb7d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-16.scss
index cea15d3680a5..6f9f1abf1511 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-24.scss
index 13624e2057a5..5b7751736536 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/keyframes.scss
index 58aef68d24da..eb65fb8d3ebe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-corner-up-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/placeholders.scss
index da2ed0022e50..5700eb3551e8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-16.scss
index 9497546c202d..97761793e3f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-24.scss
index 4bfecfb0b8d9..1c655b3edc52 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/corner-up-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/keyframes.scss
index 3d23b2b24693..bb1fb0353087 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-cpu {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/placeholders.scss
index 659ad6ca2a30..2f651706bc09 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-16.scss
index fbe5328b8bd7..78ea7a69fe26 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-24.scss
index 15cb71fe9cde..459ef683de23 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/cpu/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/keyframes.scss
index 58b44eb4a9f4..02ced0a55a56 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-credit-card {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/placeholders.scss
index 03e0af456565..bdd681aa59d0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-16.scss
index d2a6d4201ebc..b47b99f56947 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-24.scss
index 112bfd21a925..56699c270961 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/credit-card/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/keyframes.scss
index b5bc24baf616..f1faf8b89850 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-crop {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/placeholders.scss
index 7ed6ffa89aff..0893c16852b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-16.scss
index 93c7ff52b3ca..e2345bb101ba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-24.scss
index 5c7048ddfc89..d01a1e294dc1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crop/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/keyframes.scss
index 71e03453145d..7706fa974712 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-crosshair {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/placeholders.scss
index 392c4a7b3e52..a6bba5321197 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-16.scss
index 03e2ca326eb1..00317093ed82 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-24.scss
index c5ab672210ab..ffc13a52bc6a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/crosshair/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/keyframes.scss
index 61587aa9202a..c69d89d260af 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-dashboard {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/placeholders.scss
index 5d80eb5f9294..a57c427425b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-16.scss
index 2a727b5b465c..400350ed5102 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-24.scss
index d718b458c77a..16ff225f1681 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dashboard/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/database/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/database/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/database/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/database/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/database/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/database/keyframes.scss
index 6ac397e34b9e..946110520c7f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/database/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/database/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-database {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/database/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/database/placeholders.scss
index 1c09804257bd..9de9c3fa5a67 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/database/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/database/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-16.scss
index 0f8451e8dfc2..c64adc4f07c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-24.scss
index 91526ee99ded..da33e1694bae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/database/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/index.scss
index 697dbe244a10..124567b0f3e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/keyframes.scss
index e8e4f95bf7ad..354c9c69ebf0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-delay {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/placeholders.scss
index 97bc08af04cb..08aecb6d553b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-16.scss
index d1adb5a82048..632d58a2e547 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-24.scss
index 33d994421c68..31583c804714 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delay/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/keyframes.scss
index 9e797ef6d4c8..73a7190db0c9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-delete {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/placeholders.scss
index 2c91d8064a49..22de85135852 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-16.scss
index 1896fdd2a028..8b3e6daa4e62 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-24.scss
index 23bd4b3aa058..98ed05e0f466 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/delete/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/index.scss
index be14875b8ccc..5a514b645d20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/keyframes.scss
index 6c2dc64457ab..e96d93394c70 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-deny-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/placeholders.scss
index 56a74ff67ab2..b16466ff9db7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/keyframes.scss
index 7dab4dd64b50..bef6b9ce23e8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-deny-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/placeholders.scss
index 67077476079e..fc17cad67efa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-16.scss
index 151982c72d97..e7da045e34da 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-24.scss
index 02153dd3e8a3..15a64fc85632 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/index.scss
index be14875b8ccc..5a514b645d20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/keyframes.scss
index 220017b6d631..bb5815f37fe8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-deny-default {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/placeholders.scss
index 826d52ad13d3..e3cf18e6f7aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/deny-default/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/keyframes.scss
index 56ecfee7f29a..61d973a80ff5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-diamond-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/placeholders.scss
index 6700fdd9dbca..61336f0c9a81 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-16.scss
index a5c21434389f..918ace30d31f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-24.scss
index 7cc146fb1f5e..9fb6f3749cd7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/keyframes.scss
index f1b31dd15385..92508076a2b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-diamond {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/placeholders.scss
index 401402999a73..e6ef5ddd7ba6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-16.scss
index e767f7b4e354..6bf4a744e1e8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-24.scss
index 5eac31abdfc8..41d991ef6d04 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/diamond/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/index.scss
index be14875b8ccc..5a514b645d20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/keyframes.scss
index 1c0a37b7f80f..73acbd16afa3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-disabled {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/placeholders.scss
index 1296d6741f56..a4e17e030de8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disabled/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/keyframes.scss
index c03325b9eb0e..78c01cc0f9d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-disc {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/placeholders.scss
index c459b169e9d6..02b0ac21520e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-16.scss
index 9999cb801d71..73b9da71f3a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-24.scss
index 716d1919e040..220504c2a75f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/disc/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/keyframes.scss
index b50087758fd5..6843ecabffb5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-discussion-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/placeholders.scss
index 71652ab0af7a..e1e52089249d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-16.scss
index ef062f2b61c0..466c80ded73e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-24.scss
index 4c313fde1619..d21104a30cfe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/keyframes.scss
index 94d9c9a96028..23fee0044d01 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-discussion-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/placeholders.scss
index 7c0da08f71d3..76e18477f7d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-16.scss
index abc82c5c1263..c4838d46e418 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-24.scss
index 06efed084c65..80d16bd612ec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/discussion-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/keyframes.scss
index 293ed3979521..bcb3cd9bb407 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-docker-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/placeholders.scss
index ebe0ec009df9..de6c1527d7a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-16.scss
index 14b9b608da21..72d87e31a79d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-24.scss
index c90f3fbf5376..c0ecd40c261c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/index.scss
index 376473a4bd13..3486c911b3a2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/keyframes.scss
index 36a678d38377..19702010fd79 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-docker {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/placeholders.scss
index 9e6125cf370f..a9c176614c19 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-16.scss
index 6c13aa52fff1..ceb61e0f19b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-24.scss
index 8eff80d16461..dff5252a58c1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docker/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/keyframes.scss
index 9b24d22bab08..12a32f8f5e91 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-docs-download {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/placeholders.scss
index 47c5568d3d8d..1ecc1ed23547 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-16.scss
index 52e3dbe84826..bc225cc59829 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-24.scss
index 85be282ad2ba..d9fd00f9f8ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-download/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/keyframes.scss
index 5e0b9126f531..03e25eaf26df 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-docs-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/placeholders.scss
index 4ba318009437..cd7cf58945cf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-16.scss
index 7bad1cccc1a3..8069062def42 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-24.scss
index 8bb235a45583..1ed0354638d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs-link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/keyframes.scss
index 498eb6cbcb27..f50751cf0f36 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-docs {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/placeholders.scss
index 4d4425217585..50ead76ca93c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-16.scss
index e8d19fb6bb32..b4aa16374685 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-24.scss
index 2e12846edc26..ef9f8b9adcb0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/docs/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/keyframes.scss
index d1c851821243..4c1242cf5a2a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-dollar-sign {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/placeholders.scss
index f367d1b4cdfb..bb0c980d5fe1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-16.scss
index bf2a6ec85819..230d437252f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-24.scss
index ce6b376ca60e..02f580cbdf5d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dollar-sign/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/keyframes.scss
index caed49e2f5fa..ea396df85148 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-dot-half {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/placeholders.scss
index 589cb4186787..fff2300a96d1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-16.scss
index 3677d8dccdea..1e0b24f45840 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-24.scss
index 9f82e922dc5d..6a71483f8a07 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot-half/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/keyframes.scss
index 056ad2907aaa..836d20636a28 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-dot {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/placeholders.scss
index 3dbda34b8323..0708504803ec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-16.scss
index 5863d2455fae..c62c128cbbfd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-24.scss
index 501f7f08202b..0eb08af46180 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/dot/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/download/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/download/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/download/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/download/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/download/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/download/keyframes.scss
index 92901acf604b..781570c5c9e7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/download/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/download/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-download {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/download/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/download/placeholders.scss
index 60a5d8059d5b..5362b2243d59 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/download/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/download/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-16.scss
index f9a073ccef75..7585228efbfb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-24.scss
index 697f7b9ec065..acf708a76b7a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/download/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/keyframes.scss
index 32f4cd8cec69..0ee31a9d41f8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-droplet {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/placeholders.scss
index b7fb3db1655c..4befbddeafa6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-16.scss
index 6147e8a8e3aa..438800e634bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-24.scss
index 6ca0fc8c0904..02edf724b1a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/droplet/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/keyframes.scss
index 4f23fecbd689..295302c6a31f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-duplicate {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/placeholders.scss
index a6393e3edd2c..1be1b990325c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-16.scss
index 3df2d5f19d35..7e2219d13251 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-24.scss
index 9d5667121772..ef364bc54751 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/duplicate/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/keyframes.scss
index 88462df16630..5f53b347fd8e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-edit {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/placeholders.scss
index a61da660c94c..ffc4cb28be49 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-16.scss
index 5ad3a811b307..a8f8fca31e82 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-24.scss
index ea153b4e703f..803b17dc96b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/edit/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/keyframes.scss
index 8c0f597ac990..728236cbf372 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-enterprise {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/placeholders.scss
index f4944575e1fb..9e75b234562a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-16.scss
index 478577965df6..9c8a4da5421f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-24.scss
index 7ede64b8a1d3..0025a80e1331 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/enterprise/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/keyframes.scss
index 15f408a1db96..6c070d2d0752 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-entry-point {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/placeholders.scss
index beea7812561d..fbfbb62e5303 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-16.scss
index 6f46c7fe0097..1d8c074d0c83 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-24.scss
index 0ab869c3ccae..dd82bca43f2f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/entry-point/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/index.scss
index e17674543b73..ad8391483d06 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/keyframes.scss
index 06ba4dd20336..660471fe35b3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-envelope-sealed-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/placeholders.scss
index ab5fb27700b0..b34146960b41 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/index.scss
index e17674543b73..ad8391483d06 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/keyframes.scss
index 93a542c1a6c5..7bb53fd3e7a2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-envelope-sealed-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/placeholders.scss
index c1634f7f5f00..b33888952461 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-sealed-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/index.scss
index b8387d4f754d..fae6fe4b652c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/keyframes.scss
index d231c5788d42..b9391d9e7eb1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-envelope-unsealed--outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/placeholders.scss
index 8740d578f853..cd4137a3fe10 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed--outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/index.scss
index b8387d4f754d..fae6fe4b652c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/keyframes.scss
index 599507024c85..3e849dd30e2c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-envelope-unsealed-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/placeholders.scss
index 7dd1c9663b25..d941e0285717 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/envelope-unsealed-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/event/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/event/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/event/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/event/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/event/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/event/keyframes.scss
index 3ddc5c6d5262..f398878aea64 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/event/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/event/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-event {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/event/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/event/placeholders.scss
index 7b5b94d853a7..c16dd12e63a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/event/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/event/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-16.scss
index 94bab3647a9f..9b3eb5865138 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-24.scss
index a339945d2202..bc3f46887aff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/event/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/keyframes.scss
index c2dba0ef8a13..4fbd554781ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-exit-point {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/placeholders.scss
index 99ba2be5cba6..0714f7434676 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-16.scss
index eb736a351dbb..fd4fef788c45 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-24.scss
index 3336e099dd76..48c3adfc6adc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit-point/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/index.scss
index f17b235aabf6..7801b19bcf0d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/keyframes.scss
index 595f7cbcd569..2df367e96d89 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-exit {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/placeholders.scss
index 184edbd33d35..78fcd0f9c7e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/exit/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/exit/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/index.scss
index f17fa1328b50..dece00c3e0ba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/keyframes.scss
index 0bdbe631888e..df888d59bfd5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-expand-less {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/placeholders.scss
index 403f7f1ac1ee..8cb020134487 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-less/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/index.scss
index 8d12c28cdac2..5cfe7ce13681 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/keyframes.scss
index 0b6e8d53a2ee..357f15762d7d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-expand-more {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/placeholders.scss
index ab27a1247330..501f3908dc69 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/expand-more/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/keyframes.scss
index f9633da7fc96..d40ee84b04d3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-external-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/placeholders.scss
index 2c5dc26011d5..65283c1ede38 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-16.scss
index 4bb26d15ce48..f1d5db3de0f5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-24.scss
index b94c4fc3b8d8..f083e47e7911 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/external-link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/keyframes.scss
index 80f6a15ed2e4..dac8e8054a12 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-eye-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/placeholders.scss
index e40476cdd4dd..510b6ab2c2db 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-16.scss
index 950f9ac4b462..e61613406792 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-24.scss
index 659746965ca3..713872661a7a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/keyframes.scss
index 6669d8278212..81fb28def26a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-eye {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/placeholders.scss
index 89488d29b5c0..da7cb50a9d42 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-16.scss
index f991360579d8..ed32dd684490 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-24.scss
index b0061092ca1c..f09195f33da2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/eye/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/keyframes.scss
index 77131b7b7d6b..06d7f04dc651 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-f5-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/placeholders.scss
index cf7d7e7ead2c..53de6c3bdcac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-16.scss
index d94a12826828..cb47f21379c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-24.scss
index 508c90ed5e0c..8fe089c403c9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/index.scss
index e6785447b9a5..26c8a5b01a3e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/keyframes.scss
index 788b0956165e..93364020b64b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-f5 {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/placeholders.scss
index 42457af5a2f7..c2e039bfa91e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-16.scss
index f699b1b908ce..66747bf8cda5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-24.scss
index a24f3bbf3fff..3297f45b8060 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/f5/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/keyframes.scss
index 2174e4d9fff7..a4cd444052fc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-facebook-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/placeholders.scss
index 5bd1fad7e8b9..f77d4fe0487a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-16.scss
index 7912356ced2f..f3c80262263e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-24.scss
index 267156ca4e08..db78e7cff858 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/index.scss
index a3c214581529..553d6f017b02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/keyframes.scss
index aec8d48f3dd9..f19294e1818c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-facebook {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/placeholders.scss
index 155145534ec6..b950e49b5708 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-16.scss
index e1fa10f2a753..0e02bfff462e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-24.scss
index a18511589c8f..3511227a15fe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/facebook/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/keyframes.scss
index 377b4fb7fb4e..0881778ccb55 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-fast-forward {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/placeholders.scss
index 37cc9d074170..5590c3ecdea2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-16.scss
index 55b390f1491c..6f0321f2fe92 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-24.scss
index 6b5946657af5..34d11c413853 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fast-forward/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/keyframes.scss
index 3191e4e2d1bb..d12fff65f638 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-file-change {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/placeholders.scss
index 19c4f1efd7d5..569f4ebc1d13 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-16.scss
index a8f658887abb..5bb11a653c99 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-24.scss
index 798d7c0a37d9..f26a7165a2b8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-change/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/keyframes.scss
index 417881cc2e71..a61e36b03dbe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-file-check {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/placeholders.scss
index e9d396a94d1d..8d67cf17c482 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-16.scss
index 32373860fe07..a20bdc755205 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-24.scss
index 2ecb19122adf..b82a1e0cfed6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-check/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/keyframes.scss
index 62dd7da76781..4c42232d98af 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-file-diff {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/placeholders.scss
index 57250db01502..3ae32653d970 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-16.scss
index 351bc0d1ce1c..623c65ddc1d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-24.scss
index 21d795f45823..76e30111ef95 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-diff/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/index.scss
index 748b7562e2c7..13b06aba3f9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/keyframes.scss
index 90ea1d969b3b..b1ae4651124a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-file-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/placeholders.scss
index 7de1be4f9a7d..cc3af422f910 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/keyframes.scss
index 5772a0ae96f4..23bd40c09692 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-file-minus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/placeholders.scss
index bc4543b50cce..d7b477234818 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-16.scss
index 94e3eeb5d3d6..6a0ca1ec34cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-24.scss
index aad072cdc631..393f57d71fad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-minus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/index.scss
index 748b7562e2c7..13b06aba3f9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/keyframes.scss
index 7338da7442fa..d61ddb5cd422 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-file-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/placeholders.scss
index 1ab2f44bbab2..fdae940f8a0e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/keyframes.scss
index 862d3e2a74de..b8e82e002f1e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-file-plus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/placeholders.scss
index f8b9552a1105..eca9654de165 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-16.scss
index 6c9f12f0dc0f..ace89c578628 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-24.scss
index f96cd70a39fb..49d05da86374 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-plus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/keyframes.scss
index 4bcc12df5f64..94d939cd01fc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-file-source {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/placeholders.scss
index 969ea1ff02de..406f1794996d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-16.scss
index 48ca6875dce9..07cc588e4f68 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-24.scss
index 8bbc0401a078..302f3140f365 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-source/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/keyframes.scss
index 4fd8742fc2f0..706fce6badfb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-file-text {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/placeholders.scss
index dd41281a2bbc..2f4d8672926d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-16.scss
index 96cf2b3ef5f4..27c8926bb419 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-24.scss
index 3deda9e1fc80..f2c3d49f9081 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-text/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/keyframes.scss
index 7244e202b4db..7a0335b8de2f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-file-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/placeholders.scss
index 0d2fbbefc050..9d9e02661d6c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-16.scss
index 6c21c3166ecb..e08e76430324 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-24.scss
index f8d7709523b1..2de9763b5ff4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file-x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file/keyframes.scss
index f67dbc5a4537..ee9455e17486 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-file {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file/placeholders.scss
index 2c9a4bdba0fd..51060b68ae14 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-16.scss
index 35fd0dde7d5d..3f88dfffbc8b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-24.scss
index 7b1d8c19d4ca..554ac94a9ded 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/file/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/files/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/files/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/files/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/files/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/files/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/files/keyframes.scss
index 13e305b7dfc4..aea21481a110 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/files/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/files/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-files {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/files/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/files/placeholders.scss
index 09c139e52e20..f8c41e38a126 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/files/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/files/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-16.scss
index 293b9e43d59a..28a3fc6973ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-24.scss
index b8972ef08115..c53e18093707 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/files/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/film/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/film/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/film/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/film/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/film/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/film/keyframes.scss
index b62d66422c15..648d6bc61643 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/film/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/film/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-film {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/film/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/film/placeholders.scss
index 7d75a4c073b6..3b686ce47ed3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/film/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/film/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-16.scss
index 545e8c07ebd4..a4e5f9d7b704 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-24.scss
index 87d567dbc2f4..59e9c38e3fc1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/film/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/keyframes.scss
index 3caaa6a840da..d53ea13cbfbc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-filter-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/placeholders.scss
index 8e85ec440d2c..d5f4e667154a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-16.scss
index 039d79b5e663..cf955cdad619 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-24.scss
index 151d74ad97f2..a81335ba4814 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/keyframes.scss
index 043206acfded..153cecf6f7f9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-filter-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/placeholders.scss
index 88c4c071335f..8985f88022b7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-16.scss
index caced658cdd0..37808c463355 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-24.scss
index ed97d8a434bf..de8edd87647c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/keyframes.scss
index 8d3b9fd9a366..f516e69f858c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-filter {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/placeholders.scss
index ab377d4458b3..db64e2201a36 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-16.scss
index 9cb5ede6b5a0..a2951f282ec7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-24.scss
index 70cc4420453d..224285b9c470 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/filter/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/keyframes.scss
index 3a257aa6790c..cf482dee7e90 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-fingerprint {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/placeholders.scss
index d3425e509022..c010121c7b59 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-16.scss
index 38801c1d8409..77cdcfde6a95 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-24.scss
index a7a16819906e..d4b77b54a36c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/fingerprint/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/keyframes.scss
index 622516c046f6..b3348713dbe3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-flag {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/placeholders.scss
index ba6a52ec6b37..219fd10db08c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-16.scss
index fb856a64230c..39c61aec2bdc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-24.scss
index 7c9c29a2c68c..17a8fd5d0a54 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/flag/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/keyframes.scss
index 43e98f61c2a7..d47c8075e600 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-folder-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/placeholders.scss
index 5c996188b762..40ba91468500 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-16.scss
index 82a5859c805d..88f9882d79d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-24.scss
index 7046204cd9f1..1e9a2cd99a80 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/keyframes.scss
index e03901ef9a73..65f131438141 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-folder-minus-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/placeholders.scss
index 1e623b98938d..edd92e584cef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-16.scss
index 4512f7d416cb..ff4e12b56ba8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-24.scss
index dc348df5cef4..c350d8a2d6a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/keyframes.scss
index e0ecfa366df1..99e0415069fe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-folder-minus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/placeholders.scss
index 653bec9db758..7d2cd4028e32 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-16.scss
index 7821f43f61d1..0cf894514171 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-24.scss
index 277c48ef7436..856cfdea7d26 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-minus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/index.scss
index 9426da463d58..dc81703e6bee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/keyframes.scss
index f7aee43d2226..4b23e00d3c26 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-folder-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/placeholders.scss
index 78b484aa4f64..173072cf42f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/keyframes.scss
index f1fb442b576e..19c617deac52 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-folder-plus-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/placeholders.scss
index 7883b05fae11..2c5ed48b9721 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-16.scss
index 2a065b1ceca3..35f7113050bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-24.scss
index 41eaf13e8261..82137cd50a39 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/keyframes.scss
index 9f1137336a83..a53e580ff327 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-folder-plus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/placeholders.scss
index 7b8bdd56708b..7875c05a466b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-16.scss
index c8795e3f900f..54a06f497c9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-24.scss
index 8681395ae5ae..be7b288d2ec6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-plus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/keyframes.scss
index 15c58217d6c4..ca11569fc905 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-folder-star {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/placeholders.scss
index f7fa3ab30672..0d20ce471adc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-16.scss
index c1119141a454..7594977c86f1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-24.scss
index 4d129091a2fe..ac260f06f742 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-star/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/keyframes.scss
index a9fe6640a9ad..54db05c7ef95 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-folder-users {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/placeholders.scss
index cf1234d678a1..fd907c1efcba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-16.scss
index b097c57dd889..73acbb0149db 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-24.scss
index 79a261a1ef62..110cb959ae9e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder-users/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/keyframes.scss
index 632a1ed26c4e..3512d1d899a1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-folder {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/placeholders.scss
index fe85203a59fc..a2024eedce62 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-16.scss
index 4f6774ca8cbd..711b133ee09c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-24.scss
index c0c17a98b585..4d27a0a0ea47 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/folder/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/keyframes.scss
index e00b83cf816a..637439e6775f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-frown {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/placeholders.scss
index 76759ff9fe13..6802d640fce1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-16.scss
index b45b02db00fb..bfb474d2f956 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-24.scss
index 3af57d574c9b..328b1c2bd390 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/frown/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/index.scss
index 07b3d7750dfb..076be0e1ee40 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/keyframes.scss
index 60bffa2685b9..d3ce2d931f49 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-gateway {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/placeholders.scss
index 1f739550c549..3bd829434c98 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-16.scss
index 9652d3430aef..9e098dfc5927 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-24.scss
index f416b83a4483..def972e35562 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gateway/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/keyframes.scss
index fb5cd47b21c9..73de0826a3bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-gcp-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/placeholders.scss
index 54b28f7d2914..6c18a41a9d2c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-16.scss
index b9c4ed735b37..86ff554837fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-24.scss
index ef3387d101ae..36b598a34f0b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/index.scss
index 375f6387caa7..a52900f9f4a2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/keyframes.scss
index a99a1a3d93cc..bfa37bab0dd4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-gcp {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/placeholders.scss
index d4d1886cf0dd..44cac90876c1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-16.scss
index 7f870e04519c..0d7e897621b3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-24.scss
index 80566744d39e..c88eb1c7dd6c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gcp/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/index.scss
index eda101cbc343..bd9513d87597 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/keyframes.scss
index 3963775f5400..6d8af193e0fe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-gift-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/placeholders.scss
index 9b51cf488b90..61b0bbb9a4a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/index.scss
index eda101cbc343..bd9513d87597 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/keyframes.scss
index f8c1ad532345..4b6736047adf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-gift-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/placeholders.scss
index 30daa8938caf..e20a74bea108 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/keyframes.scss
index 2fd7966b85a0..923743d3d204 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-gift {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/placeholders.scss
index 9504cccc0084..7b96ae2fdef6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-16.scss
index b0815495e3b6..4674a7783c7e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-24.scss
index a87cf47a1fd9..49276844a581 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gift/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/keyframes.scss
index ef50cc253c3d..bbddb84c2faa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-git-branch {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/placeholders.scss
index d4ec7d033b63..bd9b82bf6571 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-16.scss
index a3d15b49ba29..c559043dd93f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-24.scss
index 74292b9bcf74..e370b665da91 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-branch/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/keyframes.scss
index e7e8f0575d22..f2b92277530f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-git-commit {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/placeholders.scss
index bb712d5358ba..a4a02980cf54 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-16.scss
index de22b059973a..5033ece2f856 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-24.scss
index d2824e5bc669..5ea779e97299 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-commit/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/keyframes.scss
index 34560bba14e1..0899bf288967 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-git-merge {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/placeholders.scss
index e631288b2426..cf2a14f4607b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-16.scss
index 5c2a44d9ee5f..b24060bd4d29 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-24.scss
index f3345fdb0288..029da0d40986 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-merge/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/keyframes.scss
index 4d4517bcb66a..d1ac06188a47 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-git-pull-request {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/placeholders.scss
index 1e59dad58aa3..768eb55e899a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-16.scss
index 2bf1b56e782e..227320048ccd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-24.scss
index cc2c3371ab01..022d41d4f4f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-pull-request/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/keyframes.scss
index bd476d2e9b84..347bf680c52a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-git-repo {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/placeholders.scss
index 3975d93c3717..0c292ceef122 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-16.scss
index 1025efbce857..381672e961c5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-24.scss
index 903948128dac..695a28a2fb15 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repo/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/index.scss
index 6cb0181d50a3..839daacd8e07 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/keyframes.scss
index 21b819b375aa..f8fc8d88563e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-git-repository {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/placeholders.scss
index 13e026e168d4..80c59cb36d45 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/git-repository/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/keyframes.scss
index d2b75fd7adf2..7bb0254b9bbe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-github-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/placeholders.scss
index 6014226c0773..cd6f08f8bb67 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-16.scss
index 8f7aff4653b0..a0b287423398 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-24.scss
index 97aeaccbfbbc..25c4ce8b4cf7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github/index.scss
index 216229d36af0..f59a6e3f09cf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github/keyframes.scss
index ccd4bce3f450..9d3f23b42250 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-github {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github/placeholders.scss
index 41a45cf1ff4d..740d15b971c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-16.scss
index 5a71a52801a9..53f929fe3c8f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-24.scss
index c85a428d1ba0..acfbb8d1367c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/github/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/keyframes.scss
index 278549df0b91..f0fad4e8de34 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-gitlab-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/placeholders.scss
index 9cc178358c78..ea2feec696e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-16.scss
index e780477b65b9..5acd3a14272d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-24.scss
index 95a52708023f..5bda074bb0d4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/index.scss
index 6bd234749ffb..9489fd7bef75 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/keyframes.scss
index 0bfb6daba402..1526b69a6ce1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-gitlab {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/placeholders.scss
index 5b79ea8a029e..2751bf348e4c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-16.scss
index 6d4370784a56..2fe8a0c03e5e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-24.scss
index dcfdaf904805..65f000bdbc3f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/gitlab/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/keyframes.scss
index a9e1891bcd98..b40138073515 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-globe-private {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/placeholders.scss
index 3a8672b0d4e8..bb6ae9cac8b1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-16.scss
index a9f1e7db559f..9e3c4d9d2541 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-24.scss
index 45adccb89c1b..e193c96c5ef1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe-private/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/keyframes.scss
index 5248093acd5f..b8dfca5d77a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-globe {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/placeholders.scss
index 8108a9a32052..e6022601386e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-16.scss
index cf0713a7a246..7b88f607575a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-24.scss
index d421492a1d0d..0ca7785c22dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/globe/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/keyframes.scss
index 486ab7e9c82e..e7e15c9aa6d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-google-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/placeholders.scss
index 28d9983a7fed..8c6a832786a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-16.scss
index 9fd8eaac5620..630614cbf8c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-24.scss
index 060a2ed1e6a4..33197faf5e09 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google/index.scss
index ad75e34e7bbf..b6154bcd4b54 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google/keyframes.scss
index 5653005b8332..6dc28599819e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-google {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google/placeholders.scss
index f84ff96fddb3..4eb703568b21 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-16.scss
index 6a66e9e5627d..34f8aa01bf9e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-24.scss
index 779132912dd5..827bcafc11e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/google/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/keyframes.scss
index 84b3c915b60d..68be6c374ccb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-grid-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/placeholders.scss
index 70e12606534a..46c56455484d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-16.scss
index ac43c105c7d6..c7121cfde53d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-24.scss
index 7b7fb31fbc2a..ce398705f896 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/keyframes.scss
index 945894b90e9b..b7d12fd884cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-grid {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/placeholders.scss
index 5d3bd9ffe3fc..3e0b4187ccf9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-16.scss
index ff933ac52ebc..87276ec9f03f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-24.scss
index cd2afcb53736..7105dcf10097 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/grid/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/keyframes.scss
index 2d4b97c30b30..a76d7bd8b832 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-guide-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/placeholders.scss
index eb717d09ae63..7d84cca72621 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-16.scss
index 5bdea2eeb32e..b5cd2f1b6047 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-24.scss
index 231d101111fb..4a952c85ff8c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide-link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/keyframes.scss
index 691c71168975..c6396058e545 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-guide {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/placeholders.scss
index ac8b54b5a41c..54f25ddc3e5f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-16.scss
index d2848eb7df43..c530c372a1e2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-24.scss
index 8c53acf70960..f3b1d9c56f6f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/guide/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/keyframes.scss
index a206dd0c84e6..19c03df53f87 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-hammer {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/placeholders.scss
index fb5da4e894a5..b57dffdeea46 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-16.scss
index 621061cbd91b..2dcb99262ffb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-24.scss
index de070ad6420e..87492f3ffb3b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hammer/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/keyframes.scss
index 67d433da6a57..8e45cfd26a1b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-handshake {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/placeholders.scss
index 86ffdbb8110d..42d79b440003 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-16.scss
index 5286e6ce6e2b..b5608ff5d7ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-24.scss
index d30db94bfe5f..0fe523d639ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/handshake/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/keyframes.scss
index f49a7c3f112c..e899496689ec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-hard-drive {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/placeholders.scss
index d328b592f425..164c3575e0f3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-16.scss
index be5900d16c02..9fb15e02d448 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-24.scss
index a4ddb8dab03a..c42200a64824 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hard-drive/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/keyframes.scss
index 165edf21089a..026c739361f8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-hash {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/placeholders.scss
index 1c6b1b97dbcf..70567b290075 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-16.scss
index 90b2084969cb..a20696544fc2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-24.scss
index af7ef66fc138..9df52133ac2e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hash/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/keyframes.scss
index 3f31cb8616ff..e1ff2415e1ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-hashicorp-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/placeholders.scss
index d16fb7ba3331..b65234a7386a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-16.scss
index 061c97479c1f..2b8a70681404 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-24.scss
index 2798d255fbb3..7058aba61b59 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/index.scss
index 3e47faf5d2dc..a58e7fb135e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/keyframes.scss
index eae0e6a18c4f..c37445d0cbcf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-hashicorp {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/placeholders.scss
index 18d08c5cd72e..50b80f6555ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-16.scss
index 1e67440e3bb1..b9c7ad812695 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-24.scss
index ca09edf8ed98..6f5b9394b295 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hashicorp/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/keyframes.scss
index ed900e8047c5..d578858bf790 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-hcp-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/placeholders.scss
index e10d7099cd96..bc48b61938bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-16.scss
index d8ad5feaa00c..831afc11b3a7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-24.scss
index 7ffb0f111824..338669ed7910 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/index.scss
index 99632f89e04c..96645ac56212 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/keyframes.scss
index 75c3821a9155..d6872947f50d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-hcp {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/placeholders.scss
index 8a9100b8c6b4..b1251d861a7e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-16.scss
index db4e7f2a9faf..9b0eb2b6e314 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-24.scss
index b9e362b84848..d64184574a7c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hcp/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/keyframes.scss
index 12ed387d8e2b..ef6af9899b7d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-headphones {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/placeholders.scss
index 7f34831fbda3..4c868a6cd4bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-16.scss
index 2a23ebe2e4a4..ca23612a1765 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-24.scss
index 01a2766c7094..854b083cf6a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/headphones/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/health/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/health/index.scss
index 3bf99810ebdb..fb5829f99f9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/health/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/health/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/health/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/health/keyframes.scss
index 2b2d02ced597..bee34acc76d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/health/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/health/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-health {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/health/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/health/placeholders.scss
index 09c652661ebb..1331176a8f70 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/health/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/health/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/keyframes.scss
index 679ede1fcede..4a18f6c09b78 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-heart-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/placeholders.scss
index 3dec6f6d632e..3e75b731a6b8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-16.scss
index 0ea88ffc6f78..1c1a84a9e073 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-24.scss
index 0b58756cbb8e..281c9aef980a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/keyframes.scss
index f042d4da0efa..ece9f8cdc33d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-heart-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/placeholders.scss
index 7740a8e4f59b..16b21e9ab168 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-16.scss
index 05fcbc46b87a..f55e5f6dd425 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-24.scss
index 46caedfa6081..07116d03d64a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/keyframes.scss
index 37bc5f004395..f8a7781937d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-heart {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/placeholders.scss
index ec41f80351c4..eca4ccb94383 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-16.scss
index b7300cd11403..c68d36a10bb2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-24.scss
index d6cbf53f5641..d8c96b5cd833 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/heart/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/index.scss
index 682c384d9e3b..ba709a504a51 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/keyframes.scss
index 8ce4e9c2cfc5..e1abab8809e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-help-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/placeholders.scss
index bb77040d5e28..3a99dc4e2bba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/index.scss
index 682c384d9e3b..ba709a504a51 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/keyframes.scss
index d5ff0a9996d9..9f09215fae86 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-help-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/placeholders.scss
index 54269d795e4d..13383034c1ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help/keyframes.scss
index 53149f0df4aa..f6ec125afa25 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-help {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help/placeholders.scss
index adabc26b02b2..65f291e8abbd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-16.scss
index 376fb89f7e2d..60172a23b8f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-24.scss
index ac6480aeeeb6..7b27bec41a82 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/help/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/keyframes.scss
index 172378cb6d32..28280fbaabc8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-hexagon-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/placeholders.scss
index 5ae53c824fa3..71af51ee458f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-16.scss
index 6894d3cc2dc4..c39126d0530a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-24.scss
index 535dd35beed8..95c372bb33e7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/keyframes.scss
index d656dbc26a32..c174baf24fb5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-hexagon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/placeholders.scss
index 6ce5d7d3499e..44740337a13f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-16.scss
index e699113c7c76..c62dd361bc6a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-24.scss
index 074f9fa03fb1..a1f744a9b015 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hexagon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/history/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/history/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/history/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/history/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/history/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/history/keyframes.scss
index 26aa7a6acb35..215ce1ce26e9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/history/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/history/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-history {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/history/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/history/placeholders.scss
index 2e07b43dd56f..a88d52014435 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/history/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/history/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-16.scss
index 4995274bb0e9..6545d5b70df7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-24.scss
index 678bd5402718..b0df6a2ad492 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/history/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/home/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/home/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/home/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/home/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/home/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/home/keyframes.scss
index a8cb08832f8f..2d7978a0ee25 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/home/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/home/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-home {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/home/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/home/placeholders.scss
index 7beb34e2d8a6..5bc73dbbb495 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/home/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/home/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-16.scss
index fe49abc3a31b..5fffa4e479fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-24.scss
index 8407424c1d6a..4a5a6389afd6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/home/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/keyframes.scss
index 9618b3089c20..6bbcc707be3e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-hourglass {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/placeholders.scss
index f838f33961f5..7c857c4789ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-16.scss
index dc8447d3b2e2..797a15a2380c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-24.scss
index d3781e32f3a4..aa8cec0afc47 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/hourglass/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/keyframes.scss
index 0124a7359ee5..356848f9b595 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-identity-service {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/placeholders.scss
index a2fddd493181..f870e8c21337 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-16.scss
index 93059f88a334..3833bb2bfee9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-24.scss
index f730670c55c8..4b44108db8a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-service/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/keyframes.scss
index 4829e9fd04ad..76f2e4384f5b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-identity-user {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/placeholders.scss
index 13b394770b14..5d565b1d1b1a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-16.scss
index c8651b46d55c..579281c54ff7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-24.scss
index 42ee606def60..d594c926420e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/identity-user/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/image/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/image/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/image/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/image/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/image/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/image/keyframes.scss
index a14dcbbe4602..09f96cd6e5ea 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/image/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/image/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-image {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/image/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/image/placeholders.scss
index 59dd2316de97..98d72a8f9b2f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/image/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/image/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-16.scss
index 8ae7880bcf02..0a638ef4d632 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-24.scss
index 906561350db3..a3eb28c99ee7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/image/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/keyframes.scss
index b9f6f2323480..ad456c60af98 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-inbox {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/placeholders.scss
index 439ecce6acff..e5b4935be667 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-16.scss
index 7ead23ffb707..9973f108ed1a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-24.scss
index 83d8658c3b04..b8539f1b765b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/inbox/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss
index 60f9113fe27f..06161f3a57f5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // @import './alert-circle-fill/index.scss';
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/index.scss
index effd7dc669a8..91f7d3a8f41b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/keyframes.scss
index bec6bb7c618f..c63080bd341b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-info-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/placeholders.scss
index 25d037f4e91f..b5583676b512 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/index.scss
index effd7dc669a8..91f7d3a8f41b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/keyframes.scss
index 8a97355092e2..dac351c218ec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-info-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/placeholders.scss
index c22c34f8326a..f6cb4f80daa6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info/keyframes.scss
index 3a44fc11fc4b..af1aa3fad051 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-info {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info/placeholders.scss
index 6c295074b8a4..90287ae552ea 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-16.scss
index 04ad914e781c..13fe13345ebc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-24.scss
index 8ca56b4713ee..c5dd6bf63346 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/info/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/keyframes.scss
index 96cac19c245e..06ddd7007874 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-jump-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/placeholders.scss
index ae264ca3bd37..cc2669a9a3fc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-16.scss
index 4298c4a5d222..688d5f55378a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-24.scss
index e41a1e8ff586..c09282160818 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/jump-link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/keyframes.scss
index e3bac6c29d97..ecbda3024ca8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-key-values {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/placeholders.scss
index 8088cb42aaa5..e7766852dff9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-16.scss
index 870f397f876a..4fdbfec7fd46 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-24.scss
index 36c6e6ebbd77..a4696bb2e4cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key-values/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key/keyframes.scss
index 7cbe23bb711e..8454156eede9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-key {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key/placeholders.scss
index 75602b6b3e36..bf1ab095ab71 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-16.scss
index 4cdd4be56e6d..9ac08c0f09bd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-24.scss
index 4f84f5bb189a..a02523a5c4b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/key/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/keyframes.scss
index 928bf5874023..2b0be81e3dea 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-keychain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/placeholders.scss
index 603db4bd157b..bcfc72c0580a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-16.scss
index b008be4fca8e..6d1f304261be 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-24.scss
index 2cb960e4f01f..0646413892e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/keychain/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/keyframes.scss
index 91aff0f429e6..d2a10358fc9c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-kubernetes-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/placeholders.scss
index b539a99d40f8..a8fe2393684d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-16.scss
index 84fd156cac1c..fb9cd5b55202 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-24.scss
index 8006da3cab0f..25ec89f4663d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/index.scss
index 52c677225505..85548024f58f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/keyframes.scss
index c2a9eb5bbfbd..794cbfef7c8d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-kubernetes {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/placeholders.scss
index 84ed7d5a7e6b..519ffae8f920 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-16.scss
index 1c3be7ac886b..8d486dc144c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-24.scss
index 87edb7b27fa4..2d12e73e5b76 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/kubernetes/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/keyframes.scss
index c892686888fb..f9577095503a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-labyrinth {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/placeholders.scss
index 0112c32ae86a..bab95b47ed86 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-16.scss
index f023de2b48a0..e556556a5441 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-24.scss
index 2ad7916d01b0..bfbd4b619576 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/labyrinth/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/index.scss
index 6978954c4526..ee32d83073c5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/keyframes.scss
index 4a4594b46ebe..8a0b2871e77f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-layers {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/placeholders.scss
index e1f737c26f62..fceb6b8fae1a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-16.scss
index 314a738700a8..807135ffe4ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-24.scss
index 3ca8e7207385..faeab14b0fa4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layers/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/keyframes.scss
index 0c4e58e0fbe3..656de24f9323 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-layout {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/placeholders.scss
index 1edf58d8a9cc..8e773c647873 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-16.scss
index 839545bf9fe3..5e320cbe4109 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-24.scss
index 260de64d168b..8b32ed3671f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/layout/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/keyframes.scss
index 96fe539b683a..407057a1416a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-learn-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/placeholders.scss
index f4ca3ccacdd8..b858dfa361d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-16.scss
index 678229de2b3e..fb3ce1387027 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-24.scss
index f3ab12182d89..8cb4f7a87867 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn-link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/keyframes.scss
index 05f3e40a61e1..24d1912339b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-learn {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/placeholders.scss
index 1dccf3b78be5..00e99ad14a51 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-16.scss
index 9e96ca32e7a6..81066fec1f93 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-24.scss
index 6667656ff5d9..3b0b0e839d78 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/learn/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/keyframes.scss
index 93bed97bfd20..988c37e836e4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-line-chart-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/placeholders.scss
index 103f834c7335..93e37ec26a37 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-16.scss
index 49f2545decd6..ff30393185ec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-24.scss
index 56380bc8cbab..578375fa094c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/keyframes.scss
index 3a4b0be46198..0f05fe571b02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-line-chart {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/placeholders.scss
index ddcfe7abfda5..95134df77a9c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-16.scss
index fc1e33b14f43..75a11335d36e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-24.scss
index 0443397ccafe..7ea2d7155bac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/line-chart/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/link/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/link/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/link/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/link/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/link/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/link/keyframes.scss
index eeb7ba240105..79df1573ade3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/link/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/link/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-link {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/link/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/link/placeholders.scss
index 3a234d231f5c..fc8bd1a7abf9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/link/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/link/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-16.scss
index 32e2fecce43b..f6d468317ea8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-24.scss
index 6f874595e4d2..9546cb3a9382 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/link/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/keyframes.scss
index 9908888f8b9b..75edffe9ef3b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-linkedin-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/placeholders.scss
index 337d10a63db9..df8d32a9bf25 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-16.scss
index ae0bccb8c3c3..4431326debfa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-24.scss
index 718219d4997e..ada34f29bece 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/index.scss
index 2350c257e551..6b9d16daf179 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/keyframes.scss
index 8e23083746b6..9acc5e4ad343 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-linkedin {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/placeholders.scss
index 17a84f66e8f9..f9ca6a078fad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-16.scss
index 3df10a751af4..de3b83d1270b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-24.scss
index ad4ad56e1ae6..b9b11df6738a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/linkedin/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/list/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/list/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/list/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/list/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/list/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/list/keyframes.scss
index e4b56cc50af4..4e36a05c76c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/list/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/list/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-list {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/list/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/list/placeholders.scss
index 1a315226fc56..3cbd586213f6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/list/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/list/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-16.scss
index a35c2685d79e..4a9efd5473a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-24.scss
index 79178a942f2d..605968d2a1aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/list/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/keyframes.scss
index 5da95fb50864..1d7f394d5526 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-load-balancer {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/placeholders.scss
index 453ab18d9134..11a7b757f54a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-16.scss
index 4a05e67e89e9..5cb47b6ab4c2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-24.scss
index 52b21e4c71b0..ec33b3a13c0a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/load-balancer/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/keyframes.scss
index 9f87466a6298..86508bdb2768 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-loading-motion {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/placeholders.scss
index f38cc7117d52..c457400a8059 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-16.scss
index 4a20bfc12c68..73eff7396673 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-24.scss
index 77bf1db49c6c..81b79de44e76 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading-motion/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/keyframes.scss
index e8d1ddde7fdb..a4d0b69a5acb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-loading {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/placeholders.scss
index e0f5a720eb3d..842c745378e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-16.scss
index 9e027c7ab073..fd57f0ef10bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-24.scss
index dc6e6ca49c0a..6bc33bea5806 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/loading/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/index.scss
index 0051698c04bf..ad851795046d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/keyframes.scss
index 16e5ac7962e0..ef20640a3767 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-lock-closed-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/placeholders.scss
index a86e222782c3..ffdc1ee89750 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/index.scss
index 24f22faa5e09..773292cd0a44 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/keyframes.scss
index 592ce84adeca..2f418c9e4f66 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-lock-closed-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/placeholders.scss
index 30fdcaddc48f..41bd0bc6d9ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/index.scss
index 0051698c04bf..ad851795046d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/keyframes.scss
index 3e34c56c2d73..ab0ba3ab1895 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-lock-closed {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/placeholders.scss
index 3e891f46fd74..9324021ca5f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-closed/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/index.scss
index 956a01cb8f9d..9d5384be45e4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/keyframes.scss
index 4f66c0c1931e..5d28f08768dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-lock-disabled {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/placeholders.scss
index ab4e5ca5ebdb..7d2056bf544b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-disabled/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/keyframes.scss
index f71400e3b5ed..ad3c9e1acf10 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-lock-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/placeholders.scss
index 8640401e8d1d..766bc214bf02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-16.scss
index 6761798695e5..61f7a595bb04 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-24.scss
index de3bbbe54efa..db9e06e3afde 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/keyframes.scss
index 267261444777..81f6b680c392 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-lock-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/placeholders.scss
index 731a5576ecde..3da0f3debf7c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-16.scss
index cec8252b93d9..25db8a2fe86d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-24.scss
index 482b9fc53276..342959ec33c6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/index.scss
index 3bcee27f3448..8fc7be697f60 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/keyframes.scss
index 37fbc56af582..8d4ab444b3ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-lock-open {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/placeholders.scss
index 81eb8a7ddc35..0337b5802cb3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock-open/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/keyframes.scss
index 261a7fe67dcc..47ad1475c8cf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-lock {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/placeholders.scss
index 167b602b6ab8..a267634cde61 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-16.scss
index 732659b14289..9c9fb6681326 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-24.scss
index bb3348d8de68..2199ebe81e65 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/lock/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/index.scss
index 2051613154e6..f7a6620e852a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/keyframes.scss
index fa127aedd87b..27fe58218193 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-alicloud-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/placeholders.scss
index f659c832c867..119821df0593 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/index.scss
index 2051613154e6..f7a6620e852a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/keyframes.scss
index 764007745e23..e3660feee298 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-alicloud-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/placeholders.scss
index 28290ae519ad..5e96dcbf46b6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-alicloud-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/index.scss
index 60fbff8e53ef..2ac024093997 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/keyframes.scss
index 7fa6ce9d0fe8..22dfbdab9fb1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-auth0-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/placeholders.scss
index 46bedea369ab..a5c6f49df79d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-auth0-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/index.scss
index 3f3329abe1c8..43ccd0c483bd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/keyframes.scss
index c231e2561035..455596fc8dce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-aws-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/placeholders.scss
index 7fa2df38f721..96626bcf4de4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/index.scss
index 3f3329abe1c8..43ccd0c483bd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/keyframes.scss
index c47a1c3b590e..26f4bd62b8cf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-aws-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/placeholders.scss
index 67f507732b67..4b5b11d60d03 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-aws-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/index.scss
index 57796cbe4d4c..460bb93ca44c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/keyframes.scss
index 5ad75e7e9946..8be86ee5a3a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-azure-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/placeholders.scss
index 4241fc9703d3..48f5d94cce9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/index.scss
index 90d05644b089..a469817aefd6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/keyframes.scss
index 70b4a7cbf170..2bd0c4e92392 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-azure-dev-ops-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/placeholders.scss
index b80e076464b4..ed9b354b5ce6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/index.scss
index 90d05644b089..a469817aefd6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/keyframes.scss
index 0ce77ebb0918..34ce85298a02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-azure-dev-ops-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/placeholders.scss
index 400af7d53372..d94a3ef7d20b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-dev-ops-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/index.scss
index 57796cbe4d4c..460bb93ca44c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/keyframes.scss
index 52f399aee187..4376645598e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-azure-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/placeholders.scss
index 76d16bebdeb2..7d330ebaeab8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-azure-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/index.scss
index b2a50e60e596..be18ada7ed24 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/keyframes.scss
index b1c1c9651aa4..dfd568eb1664 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-bitbucket-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/placeholders.scss
index 1867c8d88a2d..73593ec9ba4d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/index.scss
index b2a50e60e596..be18ada7ed24 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/keyframes.scss
index 20eefc84f3c0..e3706a3d97f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-bitbucket-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/placeholders.scss
index a193f6c7ab46..ee387cbe4ead 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-bitbucket-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/keyframes.scss
index f3750b48c4e7..1a8db6415a74 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-ember-circle-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/placeholders.scss
index e187d4728c4d..2319cbe7d6c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-16.scss
index ae5f5cf6dc71..623b5d2c4c51 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-24.scss
index 435882973cc6..dfc8f9d04417 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-ember-circle-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/index.scss
index 375f6387caa7..a52900f9f4a2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/keyframes.scss
index b69da99c5876..73e499ab5baf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-gcp-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/placeholders.scss
index e0f38ffaab11..fd22df1a38b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/index.scss
index 375f6387caa7..a52900f9f4a2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/keyframes.scss
index 4a66f2920eba..68568cfddc5e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-gcp-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/placeholders.scss
index 5df72dda7ead..5229b379f57d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gcp-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/index.scss
index 216229d36af0..f59a6e3f09cf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/keyframes.scss
index a12b86a92ae0..cc2fc90ce0ef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-github-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/placeholders.scss
index 1c3054513e0d..29b7ae976b2d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/index.scss
index 216229d36af0..f59a6e3f09cf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/keyframes.scss
index 478ae3f8189e..86877c01e9bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-github-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/placeholders.scss
index a2921acc9e8b..66c1e2325b69 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-github-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/index.scss
index 6bd234749ffb..9489fd7bef75 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/keyframes.scss
index 78f7bdd89f71..2b30396034db 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-gitlab-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/placeholders.scss
index 109c5de93d39..93a66b2e1946 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/index.scss
index 6bd234749ffb..9489fd7bef75 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/keyframes.scss
index 624e0de2c5a7..b816ba87d597 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-gitlab-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/placeholders.scss
index 1e91f47d5508..f59335004cc3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-gitlab-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/keyframes.scss
index a694ae996af3..3959da6c9b00 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-glimmer-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/placeholders.scss
index f4fb8e8f7307..0efc9638c290 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-16.scss
index c6a73418ac60..4eaa363efef9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-24.scss
index 4e8a03cb998b..2583b1bf5092 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-glimmer-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/index.scss
index ad75e34e7bbf..b6154bcd4b54 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/keyframes.scss
index 54122607a2ed..c00d05c56847 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-google-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/placeholders.scss
index c388144fe48e..dc05834dbde7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/index.scss
index ad75e34e7bbf..b6154bcd4b54 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/keyframes.scss
index 595f69d464fb..5301d0d883ad 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-google-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/placeholders.scss
index 8a73dc4ae580..a609da147aa6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-google-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/keyframes.scss
index afc224a6425c..40f90b8f0cab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-hashicorp-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/placeholders.scss
index 35990ce96cb2..16312baf3d44 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-16.scss
index 9e9b31bccb74..4103de543ee2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-24.scss
index be0771afec90..ae97ad2befa5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-hashicorp-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/keyframes.scss
index 37a6dc5bcc5a..889856f60567 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-jwt-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/placeholders.scss
index 3f0b946a93bb..afe5dfbd03d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-16.scss
index 54af7ba9852f..0e6e4b012ab2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-24.scss
index 4bb1a49c22ae..2498a7435209 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-jwt-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/index.scss
index 52c677225505..85548024f58f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/keyframes.scss
index c58c487748a0..7fe772bc4434 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-kubernetes-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/placeholders.scss
index e7b0dd9fa012..f33bd15ae868 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/index.scss
index 52c677225505..85548024f58f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/keyframes.scss
index ac7248d1dbc0..90e45bf3deeb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-kubernetes-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/placeholders.scss
index 5a1021078d64..326d7c2125cb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-kubernetes-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/index.scss
index 1d0f168db8a7..60412c33be5e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/keyframes.scss
index 9d88ac514f79..75623bc4d9cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-microsoft-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/placeholders.scss
index c1177500cb58..3b50b27e1e9c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-microsoft-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/keyframes.scss
index 62a5a8e9316e..1d238565d78c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-oidc-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/placeholders.scss
index 8e656f676cf4..9ce224975c1e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-16.scss
index 42eb646d9223..fbffb6972ee8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-24.scss
index 6100e2635847..c4a3bed95f3e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oidc-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/index.scss
index b5d6bca7954c..8091ea83d05c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/keyframes.scss
index 3e4387046861..a0fe054910f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-okta-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/placeholders.scss
index 6dbf1a10910d..cd52b9a2193d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-okta-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/index.scss
index 045606220406..1d5d54c6512a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/keyframes.scss
index 2542dec9a3b5..fba0f3038403 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-oracle-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/placeholders.scss
index 1a2b6a8d1f75..5127f651f99b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/index.scss
index 045606220406..1d5d54c6512a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/keyframes.scss
index 2790c319ff4b..6bd633afa7a3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-oracle-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/placeholders.scss
index a8b6c02a2375..15334d375011 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-oracle-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/index.scss
index 5f6d67206d99..d47232a40508 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/keyframes.scss
index e0753a953441..d4d786d9aae1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-slack-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/placeholders.scss
index 08010c868e84..74d2dec1e031 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/index.scss
index 5f6d67206d99..d47232a40508 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/keyframes.scss
index e9f39445fc06..1ea8cad32a66 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-slack-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/placeholders.scss
index e3e47ca8b36c..685340068b94 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-slack-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/index.scss
index 5058ca3046cd..8fb3c6cb8ab6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/keyframes.scss
index 120f79285349..7730d1964ae9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-vmware-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/placeholders.scss
index 9fa29e061ced..6f6a32ba758e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/index.scss
index 5058ca3046cd..8fb3c6cb8ab6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/keyframes.scss
index d8b2aecae412..40c8cb82f779 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-logo-vmware-monochrome {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/placeholders.scss
index ca61c03413e3..9b7923d18751 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/logo-vmware-monochrome/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/keyframes.scss
index 5037965f95cb..a1698c950aae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-mail-open {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/placeholders.scss
index 116bbd539cfe..4a63d84759f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-16.scss
index 91e3c72bef65..dbdc3480d93d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-24.scss
index 562fd4c12e2c..166e1fed376e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail-open/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/keyframes.scss
index 98710b1b03e3..aa79b27a0c7e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-mail {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/placeholders.scss
index a31012bad853..57244270e5a1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-16.scss
index 68c23c5b5ae1..56202e77ea26 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-24.scss
index 166eb9a91a68..3be4a42915f3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mail/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/keyframes.scss
index 373159cc4b25..f9e5e6f2d96b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-mainframe {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/placeholders.scss
index 9b52a8d139d7..f0bbab2e636c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-16.scss
index 27bcdbefb31d..4f86b0d95cf1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-24.scss
index adce965a0b8e..6151ef8762d1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mainframe/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/keyframes.scss
index 11cc6ea5d18b..ab2e14e19731 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-map-pin {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/placeholders.scss
index 38d8db4dea43..81dd40e3442b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-16.scss
index 6a43a8457d98..bd612f68ef1e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-24.scss
index 61311f1f16a4..b1c0f480e6b7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map-pin/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map/keyframes.scss
index 2a23162471dd..2753aafb2d6b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-map {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map/placeholders.scss
index 0f954e6453b8..5a4763e9b259 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-16.scss
index fb4fcd1c2025..09881c8ee1ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-24.scss
index e22fd708184e..8769c937d539 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/map/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/keyframes.scss
index 7c996508041b..e8de5b2039bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-maximize-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/placeholders.scss
index 13170571b8a5..124eb62b8573 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-16.scss
index d5690a4b7a00..72165a66355a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-24.scss
index 6907b89555d7..98e788784495 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/keyframes.scss
index affcffedd481..005b58daad56 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-maximize {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/placeholders.scss
index 34958dc7f91e..7cf32d33a159 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-16.scss
index 3ee235c0ddbf..b665392693fd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-24.scss
index f5c0fad5a7ce..7fa1d96b28e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/maximize/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/keyframes.scss
index cc3d4d61a563..9b26898bc0c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-meh {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/placeholders.scss
index 40ea7b57f301..dc51674e42c6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-16.scss
index d6d7dd256ab8..7a9c6ec80c48 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-24.scss
index 75bce823cdb0..49d0561d208e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/meh/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/keyframes.scss
index b38e34c75a40..45614f3f4f00 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-menu {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/placeholders.scss
index 976c99edceb6..993d7b05930e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-16.scss
index 305d61f0b1b6..9edcdbc807bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-24.scss
index aff1b4f03ed9..65d0b5e66c9b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/menu/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/index.scss
index fe9b53f7a427..dbb1761fd586 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/keyframes.scss
index 5d653f2748ee..30d7f7c76805 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-mesh {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/placeholders.scss
index 4c30f8d64ce7..fafc6d37d705 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-16.scss
index f91764974612..73c68cb51ee5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-24.scss
index ff6519be6c88..fe3e95b3035c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mesh/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/keyframes.scss
index 7316bdf5a2cc..280ebc7272cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-message-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/placeholders.scss
index 21b1db2b6de6..7c5d38f5d586 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-16.scss
index d9899a06029a..1bfb9690ea0a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-24.scss
index c14abe2e5c05..be43ac132cce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/keyframes.scss
index c20e9b1cc3e9..c1fcb655b641 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-message-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/placeholders.scss
index 1e0c1b8ae54b..a9f1cdf17202 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-16.scss
index 94ef541bb23d..d4517ebc4134 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-24.scss
index fda338d5ee04..66f88c003b79 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/keyframes.scss
index ff80f2fd0ada..853884bdb792 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-message-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/placeholders.scss
index 26a1687611e1..f462b084a496 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-16.scss
index bc534e9634c8..0d2c4d548f1d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-24.scss
index 5470d4460447..7df9b89cca31 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/keyframes.scss
index 58d6c38a1baf..0380a49ff340 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-message-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/placeholders.scss
index 825519c2b35e..495ef3c37512 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-16.scss
index 449c0974f495..f102e2698d38 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-24.scss
index 824e331d44fb..7e857e23c340 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message/index.scss
index e8eae6da84b4..5726e7fdbe25 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message/keyframes.scss
index 55eaac733679..68dec967ba10 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-message {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/message/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/message/placeholders.scss
index 3a96d9f62199..bfe1ac2dbd81 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/message/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/message/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/keyframes.scss
index 31e269b4da27..88a956f73cec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-mic-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/placeholders.scss
index 04075c8320cb..1db43f06dba8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-16.scss
index d272748bcce2..aac8691dc140 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-24.scss
index dec38608419e..f14f12aed161 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/keyframes.scss
index 132ac5a926d7..a0e624b006c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-mic {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/placeholders.scss
index ec31fcebe4cb..455de5e2d551 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-16.scss
index 1b05e1a06edf..9c6b8b898323 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-24.scss
index 1e458021d347..540911211220 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mic/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/keyframes.scss
index f3ef1fe01fd8..c0cd468c031b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-microsoft-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/placeholders.scss
index f3b3d206a284..67d37ab5a3d1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-16.scss
index e8cbbbc4c5cb..986844d956ae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-24.scss
index d077c8590387..08e67ccf62b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/index.scss
index 1d0f168db8a7..60412c33be5e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/keyframes.scss
index 01b666d7deee..c49f146151f3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-microsoft {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/placeholders.scss
index a03f65f2c9b5..fd729915e27c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-16.scss
index daee1aaebf7e..3c63317c498e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-24.scss
index bd58125734fd..a793b71f24da 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/microsoft/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/keyframes.scss
index 28b5821f8319..0848ed6ec649 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-migrate {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/placeholders.scss
index 724b0e06b339..11e168da2c8d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-16.scss
index 8d4e5e58e54a..f8d74020755a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-24.scss
index d8d69193599d..20550887e7f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/migrate/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/keyframes.scss
index fb8264386224..fe3af12a5ce6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minimize-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/placeholders.scss
index 476d22e471b1..40a2581d8abe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-16.scss
index 59522e422c23..1a14d6c7d9f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-24.scss
index a55cae4faba9..1285670fac4c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/keyframes.scss
index 8a057192ff25..d447c1c1e9ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minimize {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/placeholders.scss
index 964125d947f4..8ed666ef7d18 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-16.scss
index 21a9fc97ad73..d0dcc1d6cfc5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-24.scss
index 93b2183f08b0..af9df60e65fd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minimize/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/index.scss
index 9151048bc109..8f260c81b7d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/keyframes.scss
index 1e59143c7d11..681388000728 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minus-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/placeholders.scss
index c7663fd1460e..a2a780d4c668 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/index.scss
index 9151048bc109..8f260c81b7d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/keyframes.scss
index 0506ec376ca2..82d64b495b39 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minus-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/placeholders.scss
index 49d07ef25a62..09d3448adc95 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/keyframes.scss
index 8e3466aebd84..a0d852547ab5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minus-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/placeholders.scss
index 958924b1d4db..c81a32cb7f4c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-16.scss
index d7d2716fdbe6..d9297704c35c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-24.scss
index d4a944760003..be2284030995 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/index.scss
index e5afc3bb11e9..1f534a9bf0dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/keyframes.scss
index afd3686ce649..446cd2299de3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minus-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/placeholders.scss
index 5f1350ed00bf..42dd87293427 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/keyframes.scss
index 8968c6a6195c..5345c407db07 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minus-plus-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/placeholders.scss
index 07121b91d5b7..47cce73c03e8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-16.scss
index 48b3849865b2..0def1dbe3ee4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-24.scss
index beaf0f468c04..3644ab2e2530 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/keyframes.scss
index 7d190ea55d72..d40bd68e1212 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minus-plus-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/placeholders.scss
index 7e3866ca3c06..ae3c823e0030 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-16.scss
index 14009a3c0e9f..c3c5c46a72e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-24.scss
index 6a01c85c354b..b9599808d22c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/keyframes.scss
index bb583302c0c5..3295d8c4174c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minus-plus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/placeholders.scss
index d4fe5a72e9ed..71c7e3cbac0d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-16.scss
index 02b9fbb8c21c..98f4ae5a23f5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-24.scss
index f2d8e87eb9a6..3cbda4fbe929 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-plus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/index.scss
index 977d381076d1..722335de42f6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/keyframes.scss
index 34dbbb26dab9..7fe5157beee4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minus-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/placeholders.scss
index 4cad6f4b9bce..abb0ef03bce4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/keyframes.scss
index 637b5fbdb96f..4a0e39991d23 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minus-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/placeholders.scss
index bd38fd73d406..8b5ee5f5065e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-16.scss
index ac85321cdf30..3789ebfcc79f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-24.scss
index e04d4436666a..13db9357f595 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/keyframes.scss
index 531e0f6e1a4f..2ef203222495 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-minus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/placeholders.scss
index 79a79acf63fd..d686d5f1c5fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-16.scss
index 0e3a11e9ddae..c202f858e03d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-24.scss
index d92a0fce760b..f17fd92e9f69 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/minus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/module/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/module/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/module/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/module/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/module/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/module/keyframes.scss
index 0de28aa0c906..3bb0d684a598 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/module/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/module/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-module {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/module/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/module/placeholders.scss
index ad73739cc35e..a25a8c27fa57 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/module/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/module/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-16.scss
index 452cf4778dc8..f7e2ded45af4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-24.scss
index 8cd6abf8bfe7..98c634ed3abe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/module/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/keyframes.scss
index 574e7ad2f0cf..2d462fb932af 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-monitor {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/placeholders.scss
index ca75a82de615..8142929e8f6a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-16.scss
index d7c67b896d42..c93f4a827415 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-24.scss
index f46c6ea82626..0dc3027eebbe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/monitor/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/keyframes.scss
index cec3ea2235db..f4835047e598 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-moon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/placeholders.scss
index 89e5e9b912e3..f5fac08ad5d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-16.scss
index 572d6805337d..85247652f3dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-24.scss
index 6d889b0b3e42..51d24c7d4845 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/moon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/keyframes.scss
index 9dcbc4bfea25..7291abfc4de1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-more-horizontal {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/placeholders.scss
index 073af72d985f..71dd591d94fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-16.scss
index 6c3e801d19e1..f4382b012ab2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-24.scss
index ab29c8c97c34..b92f659dd2cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-horizontal/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/keyframes.scss
index 8e3d2a911786..3f3c80b2d853 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-more-vertical {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/placeholders.scss
index 6c5295e4b456..78dc86b31465 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-16.scss
index 2bea9135278f..80144ea10952 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-24.scss
index ace38d60cd87..172da241fc54 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/more-vertical/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/keyframes.scss
index 28bcb094022c..2b571b818668 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-mouse-pointer {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/placeholders.scss
index 40fe306ff647..24b531804161 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-16.scss
index 9f7fdae159ed..2492b2b74e1f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-24.scss
index 5b01c65bc015..5dd5c5e10d94 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/mouse-pointer/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/move/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/move/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/move/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/move/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/move/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/move/keyframes.scss
index 659a1cf456ee..7e5112a457ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/move/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/move/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-move {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/move/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/move/placeholders.scss
index ad5254364f54..606a658bb4f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/move/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/move/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-16.scss
index f93ab3e34b50..c7bb9cb41d13 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-24.scss
index 5f3d30704243..6727717f01fc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/move/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/music/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/music/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/music/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/music/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/music/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/music/keyframes.scss
index 13eca52ebd4c..e19bd8cc8880 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/music/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/music/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-music {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/music/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/music/placeholders.scss
index c567d4d6f547..1fcc645803dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/music/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/music/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-16.scss
index 592e4e58f9a7..a1d3f833b662 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-24.scss
index 229d36fe6162..487c0d7bb2aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/music/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/keyframes.scss
index e90a4aceba69..8bfe719917b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-navigation-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/placeholders.scss
index 25d7c0749d21..8b66f5d94c39 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-16.scss
index dccb5475404f..378b32d3c9f7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-24.scss
index 9ce7bbf310aa..53608fed2195 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/keyframes.scss
index 06b35e37da9e..5ff02f90efcc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-navigation {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/placeholders.scss
index 1cd22eaa35e8..3b1ae0644589 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-16.scss
index 19344bfa8962..af610225f1f9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-24.scss
index 992a7b451e08..77af8d37b238 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/navigation/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/keyframes.scss
index 222fc37534dc..e243617bd858 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-network-alt {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/placeholders.scss
index 0d90bc8159fc..7e0e50fc5a07 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-16.scss
index 988842aad520..e46547dc7668 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-24.scss
index c33617f018d3..e4fe65244205 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network-alt/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network/keyframes.scss
index 494a3913b19a..ce5c0351f79d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-network {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network/placeholders.scss
index 12ca73332e9e..c24d791166de 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-16.scss
index a77ca41f405a..f84ffdd4682a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-24.scss
index ff48ca8e75a1..77af1e315825 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/network/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/keyframes.scss
index 5636f50dfa32..92f4a7bf3400 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-newspaper {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/placeholders.scss
index bb633250b900..100dabd15396 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-16.scss
index c0f021dca720..0b8db3256b1e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-24.scss
index 1f4417646122..78a370396b1c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/newspaper/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/node/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/node/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/node/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/node/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/node/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/node/keyframes.scss
index db81da4252af..1197cf9f6caa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/node/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/node/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-node {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/node/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/node/placeholders.scss
index 75a4b4a9a05b..8bd1d7ee831f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/node/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/node/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-16.scss
index d6bdab2e6f17..e6f4c5f7a8d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-24.scss
index 64772bbc42d5..5b7152acec01 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/node/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/keyframes.scss
index b1e7268ec6b6..9989aae5d39f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-nomad-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/placeholders.scss
index 9efacab91b94..0555e80541b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-16.scss
index e5444c37c166..cbd4fc62ac17 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-24.scss
index e262a5ca7eb2..3f33fe7bc467 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/index.scss
index bb3c95b80e0a..bd7b67d9d576 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/keyframes.scss
index 701eedd62f7d..5f133858374a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-nomad {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/placeholders.scss
index 784ce621e099..4b20eccd70e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-16.scss
index acf043e94e23..6a8ce85f33f5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-24.scss
index 6995cc4fdb4d..0e05aa0e2998 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/nomad/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/index.scss
index 600428534279..aacd2d0de701 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/keyframes.scss
index 71b0396efa4c..6b1750d22120 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-notification-disabled {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/placeholders.scss
index 5604921f5eb6..fcd2531e97dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-disabled/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/index.scss
index 157b2e18802a..f36f490f6d99 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/keyframes.scss
index 11ff2fb503ab..6d0c51dd39b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-notification-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/placeholders.scss
index da460e6a85ee..b1f27b9b80fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/index.scss
index 1b63ab5fd2a5..0e4a6c6c5420 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/keyframes.scss
index 347046857458..1ca008c0a374 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-notification-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/placeholders.scss
index adc0495d4bef..3a01fc8cdd67 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/notification-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/keyframes.scss
index 9eb43f6c47ef..63de97bbd4bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-octagon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/placeholders.scss
index 490f99bcb5ac..be768eb26649 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-16.scss
index 9aa4ecfc7530..56f9e6469056 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-24.scss
index 5da705660c58..bd73668b460e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/octagon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/keyframes.scss
index 925d1c9ed5ef..14bf0b451936 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-okta-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/placeholders.scss
index 1249beb09453..a3d1e7588e91 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-16.scss
index a8ff6a225572..ae37a318e1d6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-24.scss
index eeb4677de1a1..d77216bc9b48 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/index.scss
index b5d6bca7954c..8091ea83d05c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/keyframes.scss
index 66c72f82e825..74ea1fa747a1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-okta {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/placeholders.scss
index 6eb5adc515be..c5f33450d264 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-16.scss
index 96ea736318d0..062d3b1febd8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-24.scss
index abecb86ddea7..c7796bddead3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/okta/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/keyframes.scss
index 85ef76ba2a7e..5db854d868e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-oracle-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/placeholders.scss
index daf31ac53642..fa1c6efb2ab4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-16.scss
index c48cbbfe7a4b..1cda40a72ad8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-24.scss
index 55c12f3cf34a..4b657e89b1e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/index.scss
index 045606220406..1d5d54c6512a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/keyframes.scss
index e7fd6f57599d..e190220a2ad5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-oracle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/placeholders.scss
index 92a732057015..2b4af32d0c6e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-16.scss
index 1a370a20b4e8..ceaad271570d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-24.scss
index 9676d531ec60..4f07bd3ce907 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/oracle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/org/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/org/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/org/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/org/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/org/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/org/keyframes.scss
index 846420a2e94f..e90fdab724f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/org/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/org/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-org {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/org/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/org/placeholders.scss
index ac05dc90b405..f4b592e689b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/org/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/org/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-16.scss
index 6f852d0b01ab..6010dd7a9be5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-24.scss
index d25f4b95838d..70a603a39999 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/org/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/keyframes.scss
index e041c1bb5c2d..f128c42a9cd8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/placeholders.scss
index 1aa2f1cf6647..aba882baa349 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-16.scss
index 51d25abd0293..b638b776cd51 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-24.scss
index a98c5e55f311..29da411d96cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/outline/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/keyframes.scss
index ad23b96700b8..acd87d9fe4e2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-pack-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/placeholders.scss
index 10af94bef10e..8ad3bdf2cff3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-16.scss
index 3f4c6c262506..55140e04f5df 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-24.scss
index a4ff38522840..b5e813cde744 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/index.scss
index 57e84bcfd7cf..aaa346be9a27 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/keyframes.scss
index d7b0441461b4..4ba21cc0ecfe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-pack {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/placeholders.scss
index 0fed67727455..156c74e27c10 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-16.scss
index 7848d83a4d49..2d7f9cab84c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-24.scss
index 781d6e27d613..fbf9aca1859f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pack/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/package/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/package/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/package/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/package/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/package/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/package/keyframes.scss
index ae5de5fe96a6..97becc7d5740 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/package/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/package/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-package {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/package/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/package/placeholders.scss
index 37db308ddb95..14f5b7e7f872 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/package/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/package/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-16.scss
index 7173e4844694..ac1623ab414e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-24.scss
index 85db99efdbd8..de8626f57f25 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/package/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/keyframes.scss
index 679525371315..2f9bbf0c88a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-packer-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/placeholders.scss
index 456c8a04bb3c..15b07c725ae9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-16.scss
index d51763368186..03962abba4d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-24.scss
index 7ef3092e1984..45cd018ca6c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/index.scss
index d233de6f112a..6e3d5a9e7737 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/keyframes.scss
index b121ea3fe055..acf3b3c9eafa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-packer {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/placeholders.scss
index 360da0a01d27..fec05796f9ec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-16.scss
index 63c9df0aad8e..3f130d9681e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-24.scss
index 23f6223fc6f9..8a3921f4825c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/packer/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/index.scss
index 62ee44557a53..bf26dce25192 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/keyframes.scss
index e57e96c93827..d217d5c7eaca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-page-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/placeholders.scss
index 18eb382e1f22..c29b10e617e7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/page-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/keyframes.scss
index b5f4ad1c59a6..42441b2d5879 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-paperclip {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/placeholders.scss
index 95138794386f..a8058399c937 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-16.scss
index 67fed1aa87b0..d21140e1a054 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-24.scss
index 2e1112f51122..96004d03a308 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/paperclip/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/index.scss
index b4f45864ee92..32097f54289f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/keyframes.scss
index 57a9b71308c9..caf7066af2a8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-partner {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/placeholders.scss
index 3dbf386c68e5..2d757c9e2993 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/partner/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/partner/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/path/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/path/index.scss
index c3868c817a3f..45e457544053 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/path/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/path/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/path/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/path/keyframes.scss
index e680d1f8e274..289703a935f7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/path/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/path/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-path {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/path/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/path/placeholders.scss
index 07dd69e724ed..b73e9bb7ef00 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/path/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/path/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-16.scss
index c9acc9befcc9..3ba7afd52dfb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-24.scss
index 56ce28c4d74c..5a124f7bcf8a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/path/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/keyframes.scss
index b833177b101a..956757c82baf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-pause-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/placeholders.scss
index 82bd27931769..1077e534e1de 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-16.scss
index 6acad0df33a9..81d222af629b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-24.scss
index 8b4a4a5a4ddd..6678e62c6f64 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/keyframes.scss
index 92499643c042..7fd3d0cf9ef9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-pause {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/placeholders.scss
index f565c5164e91..88a2945867e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-16.scss
index 75e4d5cb7af7..640cbdc57e00 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-24.scss
index 2db3b587602a..a7022dfd6c8a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pause/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/keyframes.scss
index d788e746ced5..35c6ee3dc724 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-pen-tool {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/placeholders.scss
index 498efc0df247..13c2188be1b3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-16.scss
index f54ab9808764..6eaa48d2a02c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-24.scss
index 837e97b2b139..84701d028f7b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pen-tool/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/keyframes.scss
index 646e42eb3175..de9b3a31f512 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-pencil-tool {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/placeholders.scss
index b9d8ba69095a..568f9d1f4981 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-16.scss
index d4f73d9539d3..5a90e34c4355 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-24.scss
index 180d19491ef5..79485462fb31 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pencil-tool/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/keyframes.scss
index 3e038a07d63f..415d5c3e385f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-phone-call {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/placeholders.scss
index 3586373ee3f8..3845451ce1f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-16.scss
index d31275849fe4..4ef9b1c49471 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-24.scss
index cdd4017eb74f..e1826184d568 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-call/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/keyframes.scss
index 0e574ca94b42..399850ba7c20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-phone-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/placeholders.scss
index 9064650294d1..68be68ea3374 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-16.scss
index 225f7e0e8535..e4eaac5a31fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-24.scss
index 087a5b98f6ed..080e4835ed43 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/keyframes.scss
index 9fe4b3c2c975..7053dd0ded7c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-phone {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/placeholders.scss
index 243e0a22680b..32a78dd21d93 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-16.scss
index 374fe528662f..a324e3aa528d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-24.scss
index e8344216433a..19fc131a5db0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/phone/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/keyframes.scss
index 712a2e6b548a..651545dff246 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-pie-chart {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/placeholders.scss
index 59a848703d5f..92def3ad115c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-16.scss
index a5f03832ced0..52082dce0bda 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-24.scss
index 1c4a629712fe..d6717429d4e9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pie-chart/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/keyframes.scss
index 328e3d8a204f..679747285839 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-pin {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/placeholders.scss
index 7d908ecad63b..8e86cc48c009 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-16.scss
index 1e9eebd2ac22..421729d863c2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-24.scss
index 311f6a4391d7..74f47034195a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/pin/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/keyframes.scss
index 59820a960263..a7f7c06e97b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-play-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/placeholders.scss
index 00d55d5668ef..9553f316cf24 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-16.scss
index 6b9d3602ada9..3b253aeb1468 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-24.scss
index a4e4850275a5..0bad1fc44c85 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/index.scss
index d6584f5fa54d..03853b94929f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/keyframes.scss
index b7a3b4d05cd5..ebb483864ceb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-play-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/placeholders.scss
index a6ef89b6ac14..597e7246c436 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/index.scss
index d6584f5fa54d..03853b94929f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/keyframes.scss
index 73b91bc1fd0f..c302978ebd65 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-play-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/placeholders.scss
index ec071673b97a..2bc4769b61ef 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/index.scss
index 38fed16d9014..0fefa4c33e4e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/keyframes.scss
index aebe36d8744e..7a75fe084d38 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-play-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/placeholders.scss
index 4486b90d59f7..466ba1ec3795 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play/keyframes.scss
index 0cb95615e41b..c57f8364894f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-play {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play/placeholders.scss
index 0ac8c7c3a591..d675485c629d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-16.scss
index be2d0de18d8a..b2239d297390 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-24.scss
index cb0d57b43e1a..77489c224ecb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/play/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/index.scss
index 8755344932ae..2e9244543fcf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/keyframes.scss
index 9353a6590d8c..cc4180313a14 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-plus-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/placeholders.scss
index cc6bee24d0ce..d000dd2d78ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/index.scss
index 8755344932ae..2e9244543fcf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/keyframes.scss
index ff509f6b59eb..4f5d5151f44d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-plus-circle-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/placeholders.scss
index 1c072165836c..f776d408edf1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/keyframes.scss
index 2dcc99ac8007..e121bd986919 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-plus-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/placeholders.scss
index 252075b51c0e..7f247b3a5a23 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-16.scss
index 64c118000a0d..8649893c3fce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-24.scss
index 6c6b0d286295..eeee24a8c83a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/index.scss
index 0f31faf723c7..ee5ed720593f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/keyframes.scss
index 0cc7ee720e12..be926c77de0c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-plus-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/placeholders.scss
index 38c9218e1118..ccf1a2e87398 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/index.scss
index 27c62d7ad9b4..32bd6d47c5cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/keyframes.scss
index d70e927c71a0..c38c30488049 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-plus-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/placeholders.scss
index 667dd5fb49af..41bb331fee07 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/keyframes.scss
index 53915f751c57..23336a59d1a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-plus-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/placeholders.scss
index a7a9d197dea7..826ac71a57bd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-16.scss
index 4aa637b799cb..59afc378c108 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-24.scss
index eca14e99b5e3..0aaf8d53accc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/keyframes.scss
index 8a008cd2312a..298c658101c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-plus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/placeholders.scss
index 21700330932c..15a52f76ae8f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-16.scss
index 9cf4c7e2cc33..75514f8a0e26 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-24.scss
index ab03a9db66bd..bd2a0c21e21f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/plus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/port/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/port/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/port/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/port/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/port/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/port/keyframes.scss
index 7651c699b9c8..d0191a37484a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/port/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/port/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-port {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/port/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/port/placeholders.scss
index f1a471012e10..d6e3b1fa0475 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/port/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/port/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-16.scss
index 41c5b8b33e84..b6c6b4543c84 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-24.scss
index 15f93e4bb036..cee2a3cb745a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/port/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/power/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/power/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/power/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/power/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/power/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/power/keyframes.scss
index bd5ac4370710..98bebe97dd0f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/power/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/power/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-power {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/power/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/power/placeholders.scss
index 4887acf45f27..b74331ac1759 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/power/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/power/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-16.scss
index 31634672dbbf..1c6f5ff56d4f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-24.scss
index 4b1d015c9d0d..af4c55c4403f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/power/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/keyframes.scss
index 92787c2ad191..6cdde31eed9f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-printer {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/placeholders.scss
index c85d1c3d9a1c..6c55236c52ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-16.scss
index dae378a01284..2bf896f8b752 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-24.scss
index 0265ccdc4080..2f60cee44ba2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/printer/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/keyframes.scss
index 102d0fba432d..158431de067c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-protocol {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/placeholders.scss
index 2665c94fe2fa..6bd2de0ddcf9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-16.scss
index 880318ec9386..f83ace8687d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-24.scss
index d48af2fa5b7f..f3f0f24f8cb2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/protocol/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/keyframes.scss
index 11dcd294092f..054d28135076 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-provider {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/placeholders.scss
index 37ac3cd37a53..2aa05d0ffe16 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-16.scss
index 0498acdc529c..35ae89ecd29e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-24.scss
index c2d7dc825288..a7e51f44292c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/provider/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/index.scss
index 709d7210b62b..b69b4fb027c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/keyframes.scss
index 339fa162bf0f..748c362bb2c1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-public-default {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/placeholders.scss
index 7a38074d8e2a..9c071396fde4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-default/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/index.scss
index 96b8e3f08ea9..d9ffb9ca9e35 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/keyframes.scss
index fa64b5ef70b1..659d3b6de39a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-public-locked {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/placeholders.scss
index 60933a605ea9..f385f6bd0aae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/public-locked/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/keyframes.scss
index 4a4989c16991..5e8482e2c97a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-queue {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/placeholders.scss
index 9b7cc48d7b72..b3a660315377 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-16.scss
index 268867f29282..7243843a6a16 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-24.scss
index 51c62a6f1e6b..a667e7d49909 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/queue/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/index.scss
index c65a7d6ba296..75fd6baf88bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/keyframes.scss
index 02bf9523c026..6c663467a72c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-radio-button-checked {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/placeholders.scss
index eba2bd8d9165..052f7d96a695 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-checked/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/index.scss
index fbad05507ede..425ee64d515e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/keyframes.scss
index 3e24048aed20..c7761a0e4c09 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-radio-button-unchecked {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/placeholders.scss
index 24bc67c03a65..8cace59f2392 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio-button-unchecked/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/keyframes.scss
index 5d957ea2f495..ed7a7fb7614b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-radio {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/placeholders.scss
index ccbf03e81489..814d5372e2e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-16.scss
index 3efa46ed569a..cc2379beb2c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-24.scss
index 95976f71941b..991fa5650fc1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/radio/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/random/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/random/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/random/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/random/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/random/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/random/keyframes.scss
index 5f53a76648bb..efecb7daf937 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/random/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/random/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-random {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/random/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/random/placeholders.scss
index 22cbd39c8121..474a83d8f943 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/random/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/random/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-16.scss
index 54bdeffa37b7..f6dbde9e84cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-24.scss
index 5cb8cb5c6c76..fed5f052cec1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/random/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/index.scss
index 06bae6e9c52b..0e88ce4410aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/keyframes.scss
index 4ac8f52d1ef0..d90a9e235e0d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-redirect {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/placeholders.scss
index f5f79ef820cf..09349c70ebd8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-16.scss
index 351e3b2936b0..5d35c5b4eada 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-24.scss
index 920dd4f97159..2d14fbd83cc8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/redirect/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/index.scss
index 51302b8df13c..60ba9b005c64 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/keyframes.scss
index 20934523f1ed..81bb1ad90474 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-refresh-alert {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/placeholders.scss
index 0721860b3489..9d7c72684882 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-alert/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/index.scss
index 74f747e184d2..b23653b40c26 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/keyframes.scss
index bcac7d733231..c7b44921945f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-refresh-default {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/placeholders.scss
index 1e1db0b6ec1c..af03f488010d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/refresh-default/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/keyframes.scss
index 321237777274..8fe4bc9291be 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-reload {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/placeholders.scss
index b1fa1fbf6c12..9edb05e899f1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-16.scss
index b9521afb208e..0b80cf0253f7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-24.scss
index f29f5de4f484..188d5c2dbad9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/reload/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/index.scss
index 8a03c3edb4a0..7221cb67c2a5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/keyframes.scss
index 50d9fc06c693..61eaf623cd13 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-remix {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/placeholders.scss
index f5f3930e5ab3..491c6dd3da6e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/remix/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/remix/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/keyframes.scss
index 9e11b074dccf..96004c5e6dfa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-repeat {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/placeholders.scss
index a3cc213f9f06..5dae2fb761b3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-16.scss
index aa3edd7629e8..52a83af46e85 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-24.scss
index 557199b51f94..1a7e39e06034 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/repeat/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/keyframes.scss
index a15438d5b164..98243854bdd5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-replication-direct {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/placeholders.scss
index 98c56dc34ec8..8c4d46fd4c38 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-16.scss
index f82f48c10cde..7957ad06d4a1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-24.scss
index 3f103841fc89..6f7ae4e230ec 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-direct/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/keyframes.scss
index 7718af7baacd..6cd8f0b2345c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-replication-perf {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/placeholders.scss
index 49741648a9dc..f8489ca7cff7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-16.scss
index 394e372cfdf0..befb4000bfaf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-24.scss
index be0f767aa548..d26d8c73e954 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/replication-perf/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/keyframes.scss
index bbb0c590229f..f25f181af784 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-rewind {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/placeholders.scss
index 098d081d38ba..cbe91731fe45 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-16.scss
index 39ee1ded2032..a5daa977977f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-24.scss
index 80eb1ff355ad..1ff25de382e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rewind/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/index.scss
index c9943fe4762c..b3149c340701 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/keyframes.scss
index 9a7d03cfcbb9..701e1c180a20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-ribbon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/placeholders.scss
index 19b8b4ab27b3..d4ed07fd1f9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/ribbon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/keyframes.scss
index 2fec5714f5b6..0a48149d27ee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-rocket {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/placeholders.scss
index 9e0c2128814a..331407e54ff1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-16.scss
index 8c05eafa443e..901ae93cf73a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-24.scss
index 0223ff56a098..4d6d043b796a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rocket/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/keyframes.scss
index 4495ab5d8844..88c1f53f36c6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-rotate-ccw {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/placeholders.scss
index 68539a4ce65c..3dabca68ac1e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-16.scss
index 654a6dd07b86..2d65cff5d0c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-24.scss
index 79e1f6017bc3..680928556ec6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-ccw/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/keyframes.scss
index c3433e3af418..7fd33f34c557 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-rotate-cw {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/placeholders.scss
index 1c6ef6c3c22c..2430439c9bf8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-16.scss
index 42e7b0664303..2549528a6ce0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-24.scss
index 9d660218199a..4a3085b2358a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rotate-cw/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/keyframes.scss
index 13e9a4f4fa15..c792e0ad4e27 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-rss {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/placeholders.scss
index 729fdbc98201..bcc06de96f4d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-16.scss
index 6af684d8f761..baf162590ffd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-24.scss
index 1c719c2fc380..33ef78272037 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/rss/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/run/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/run/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/run/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/run/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/run/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/run/keyframes.scss
index fe9207eaf9ed..68acdbd445d4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/run/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/run/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-run {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/run/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/run/placeholders.scss
index fae4ba28c3f2..b3e8443f0ba9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/run/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/run/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-16.scss
index b9bd1760f944..1f7d14e5c2b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-24.scss
index 05c54a326fd3..d8b55c7f97f5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/run/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/running/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/running/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/running/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/running/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/running/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/running/keyframes.scss
index bb209f31f146..7036a97daa08 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/running/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/running/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-running {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/running/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/running/placeholders.scss
index 47a73f3e9994..bd877f1785fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/running/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/running/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-16.scss
index e912059a46c3..f82142bee71b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-24.scss
index 2b51d6383802..10a569c750c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/running/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/save/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/save/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/save/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/save/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/save/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/save/keyframes.scss
index 4672c17caab5..37689691b0c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/save/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/save/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-save {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/save/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/save/placeholders.scss
index 9b69856c22f7..cb42647fd3fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/save/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/save/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-16.scss
index dca1c0d57a46..60713ff9d3f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-24.scss
index 0396d2eeca6b..60cdedd6e736 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/save/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/keyframes.scss
index 052602767382..fd981786a11d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-scissors {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/placeholders.scss
index f9d9a254699b..f3417c95e279 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-16.scss
index 07fd93696107..20a58d5de4cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-24.scss
index 1777b49bfefe..f53c5094239e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/scissors/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/keyframes.scss
index 9dbb4a4906d5..b1985050aef7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-search-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/placeholders.scss
index 2e0ad3ef80d5..66a365d8943d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-16.scss
index 54dffaefc979..913af1f3dc36 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-24.scss
index e00e993eb291..2c7dbf3cb41e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search/keyframes.scss
index b485b74f0a12..f70f2879f20d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-search {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search/placeholders.scss
index c5ecdcf97d0e..27cc390b8f76 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-16.scss
index 61be5fd80449..e3edb45eb25c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-24.scss
index 9deb33a08af3..fb519b8dabdd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/search/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/send/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/send/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/send/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/send/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/send/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/send/keyframes.scss
index dfd9ac76a6fe..3ec118ffe869 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/send/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/send/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-send {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/send/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/send/placeholders.scss
index 580c920dc3c2..3441e8aca27a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/send/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/send/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-16.scss
index 20db356e37c7..188e703516dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-24.scss
index 617aecc4c104..fd6940188fb7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/send/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/keyframes.scss
index 2feae09ea56e..882d876a1d73 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-server-cluster {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/placeholders.scss
index efaf63c18f1d..5d14f1ab5af0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-16.scss
index de959d1a85d2..178eb2197e0c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-24.scss
index 8e6783b7c4a1..e01202f4d204 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server-cluster/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server/keyframes.scss
index a93df2473bd1..0a6970c30e91 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-server {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server/placeholders.scss
index a329c1de83aa..8a4360428c7c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-16.scss
index 2a94d5ed7efe..7ae1f4cdb884 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-24.scss
index 1706b1124613..0b16c53d7342 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/server/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/keyframes.scss
index 105fe87ccbfb..584b6ffa45df 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-serverless {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/placeholders.scss
index 7f41e42ea0f6..ed01b6a9ae9b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-16.scss
index d390fdbeeba4..295dfdd49428 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-24.scss
index 17bf265c0996..345c05cfeeda 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/serverless/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/keyframes.scss
index 7a8ae5850fa2..69616e46ec65 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-settings {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/placeholders.scss
index 8029c31c134f..67b4d3868655 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-16.scss
index d6bda6b29036..5ba0770b8b6f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-24.scss
index f8e0489a77d0..65179f581d3f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/settings/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/share/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/share/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/share/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/share/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/share/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/share/keyframes.scss
index 69b37af0fce1..1a86bfa2ef71 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/share/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/share/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-share {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/share/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/share/placeholders.scss
index 8f73fb22cf59..e94108c1d254 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/share/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/share/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-16.scss
index b84cbac71df3..8cbb1c3925d4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-24.scss
index 53f2b6331285..1b0203d5c247 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/share/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/keyframes.scss
index 1c14a245d937..1e2547a1cfc7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-shield-alert {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/placeholders.scss
index f31696cbedf0..f1d4605ec44d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-16.scss
index 2373db5f6bb0..938ff352d4df 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-24.scss
index 81dabd8e762a..cb3051ea6bee 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-alert/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/keyframes.scss
index 551cea8e5002..f302a492c954 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-shield-check {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/placeholders.scss
index bb61d022dacb..48bacf0f60fd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-16.scss
index 6bcf74f66058..3e5c673de4c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-24.scss
index 24590bc922ee..4e9a6d5ee0dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-check/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/keyframes.scss
index e4ccff6df755..b02fe787c459 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-shield-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/placeholders.scss
index c99ed4c3c10f..6e1590e7b839 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-16.scss
index e326dc30b044..d930892d9a0a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-24.scss
index 7a19268ed638..4a913a074b01 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/keyframes.scss
index d55afb87ab6a..117d0dd0509e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-shield-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/placeholders.scss
index d8e37f6419de..afa13938d1ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-16.scss
index aa11c5665099..ff8a0bf30eaf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-24.scss
index 0dbf33f64c67..c3d7231b9a8e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield-x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/keyframes.scss
index 2c494f8f3710..37b1b0f8c044 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-shield {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/placeholders.scss
index 7ca85bc2ce57..7195c468285c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-16.scss
index 5476fa5f4f2d..049a5260fb80 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-24.scss
index 9aeb6684c60f..443e28dfdb93 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shield/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/keyframes.scss
index 0cb11d01dddd..6faf13c98ffc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-shopping-bag {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/placeholders.scss
index 0a835bba0b2d..8da0e309c508 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-16.scss
index 3ff31dcd8230..e56d3a9f7a64 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-24.scss
index ea3654c56bcf..2338e70bdd6c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-bag/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/keyframes.scss
index 5c63bcc4d9fa..338cf17a1c60 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-shopping-cart {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/placeholders.scss
index 7261b6c41f45..058a45649dc1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-16.scss
index ba03c75bafdf..fb2d3d8ffafd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-24.scss
index c0f0169ead16..75f91c2bed84 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shopping-cart/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/keyframes.scss
index e158a4db975e..7f9d90cb68aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-shuffle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/placeholders.scss
index a498d62aed1d..9628d00e7bf5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-16.scss
index df29638f2848..fdbba45480fc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-24.scss
index 5a59d34c0daa..bd99c120a6fc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/shuffle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/keyframes.scss
index 99209d476dab..76bbc182a357 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sidebar-hide {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/placeholders.scss
index 04885874c04b..6f94e0f3866a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-16.scss
index fb8a0645990b..ba5380432237 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-24.scss
index 0e2a900e86ae..a1e5f94bf476 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-hide/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/keyframes.scss
index 1bd5ff943966..2bf51c8d434a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sidebar-show {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/placeholders.scss
index 28f6c1ac1975..bc09521c7a4d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-16.scss
index fdcdbbff3c29..2935bca81bb0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-24.scss
index 747b2b8ded6c..127fc7c60534 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar-show/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/keyframes.scss
index 8c781c54e829..15f6d37d3372 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sidebar {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/placeholders.scss
index 2987647a9d64..970e7fa72e38 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-16.scss
index 13cfb06c6e38..70de5c2e50b8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-24.scss
index aaff7ac5696f..59a4b9538e84 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sidebar/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/keyframes.scss
index 85c53234fe0e..4dcfa68635d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sign-in {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/placeholders.scss
index 520fe5731dcc..573c7749ca9a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-16.scss
index cb4aa756455f..8bc343aebe82 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-24.scss
index 87da560f66fe..acabb9de1df9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-in/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/keyframes.scss
index 283c8de338a7..eff26b5c6ca3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sign-out {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/placeholders.scss
index 6bb347a41bda..adcf6327f7e2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-16.scss
index 65af41065665..6c6cccd6bca5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-24.scss
index 61f83c3960f0..758e2021243d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sign-out/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/keyframes.scss
index 9b02a01fc136..bf023c2abfab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-skip-back {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/placeholders.scss
index 70c635c3cac7..9d1a1df1959b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-16.scss
index d37c2509a3f3..07699438ce4f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-24.scss
index 56950842e354..8b5d0c1335e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-back/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/keyframes.scss
index 1e3fdce68caf..8a8da876e821 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-skip-forward {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/placeholders.scss
index b0125b36d7f8..63123231caf7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-16.scss
index a7c66d287217..d32ab0e3024a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-24.scss
index 9d5b2195298f..b83dc8fd534f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip-forward/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/keyframes.scss
index 6262aea22dd1..a3f80a83b85d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-skip {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/placeholders.scss
index 696a11ef6382..39f92385bd1b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-16.scss
index 3c43d44b125d..3267603643f1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-24.scss
index fb14507ea84a..6c2d68484ccf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/skip/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/keyframes.scss
index bebc5bcc80c4..7e38ad268c0d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-slack-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/placeholders.scss
index 1187031d6949..a61f4a55c4e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-16.scss
index bbcbac7c831f..8582c49124bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-24.scss
index 1e33093c4f3f..c1353440bbd9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/index.scss
index 5f6d67206d99..d47232a40508 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/keyframes.scss
index 7361945509b2..0897563fde3f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-slack {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/placeholders.scss
index 0bef9e9ad2c3..88d3d33068d6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-16.scss
index 7835c5de18c7..a10b4fc5d50a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-24.scss
index bd80f6313d26..127f51d1efc9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slack/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/keyframes.scss
index fe73ae34ab9b..eacc5e062ddf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-slash-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/placeholders.scss
index dc4e88ce5f96..2431f35b90bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-16.scss
index c78e5d2d2e59..234d6dd82394 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-24.scss
index 5a7c99559282..70793067104c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/keyframes.scss
index 568821db6bfe..13f85e2534ca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-slash {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/placeholders.scss
index ef3a47cf2af8..01d183a5a9d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-16.scss
index c2cb53b7695d..f3f5000f0f07 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-24.scss
index 3ba9886037ed..a71ba08999e2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/slash/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/keyframes.scss
index d30295c9584f..7522fd09d3a1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sliders {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/placeholders.scss
index 7a39f8739adc..1fc4a91f00fd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-16.scss
index 1b118daeb0ad..d16ed6a3529b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-24.scss
index 373d691d38ac..7a474ddaf51a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sliders/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/keyframes.scss
index d887984e4fe3..4634595f887b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-smartphone {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/placeholders.scss
index f2f772b975c1..ed7b5d2e39b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-16.scss
index 7dee9c4c3374..53ea2b441d59 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-24.scss
index 3c2764c7d482..06960d48be7f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smartphone/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/keyframes.scss
index 719a3d41ac25..1facbc852da0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-smile {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/placeholders.scss
index d747c5ff1ebf..fbafcec3bb3f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-16.scss
index 601090c9ccc1..e1e73648f818 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-24.scss
index b702195482a9..b20d1b4e2593 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/smile/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/keyframes.scss
index 3d433204f108..c4bbb8993272 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-socket {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/placeholders.scss
index 51db9c4944eb..d2e066d6c37c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-16.scss
index e4a4c72cfe90..72bf0d5fb97e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-24.scss
index b5cf8e404df8..76adf5ee1761 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/socket/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/keyframes.scss
index 832f945bd470..38b938edff19 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sort-asc {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/placeholders.scss
index 2477ad9dcd47..bbdb67fc97f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-16.scss
index 69e668a20841..d37e7505d297 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-24.scss
index f3562470c206..54f7f82316ce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-asc/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/keyframes.scss
index 87b9bd61ad74..cddfa8a326f3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sort-desc {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/placeholders.scss
index d9d748be3358..fe43362497bd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-16.scss
index d8d6845c22e1..b4f035f5f0ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-24.scss
index 1ba065e499ff..6798ddd1a08c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort-desc/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/index.scss
index fd0be5abf58d..d12cf20579df 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/keyframes.scss
index 93dfdc5f0fe2..60f811dd86f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sort {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/placeholders.scss
index 041b707338d5..1e3050d43430 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sort/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sort/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/index.scss
index 987136c0f962..2c48a575e9da 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/keyframes.scss
index 015a96447e94..9488c0fe51b8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-source-file {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/placeholders.scss
index f846465a18cd..ac8ffb706e87 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/source-file/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/keyframes.scss
index bdddd856e193..7f891ee3cc0e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-speaker {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/placeholders.scss
index eecbc0c14b36..a6d6e0a7db41 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-16.scss
index 701a8e70e6f0..b2adf4e3831b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-24.scss
index 8a27be4742a2..185c11a915d3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/speaker/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/keyframes.scss
index 9889014a499b..f24eb12a3ffb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/placeholders.scss
index c4efbc766b1f..7f7b97cbfc62 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-16.scss
index 842f8d5cbfc8..ad65b8dde8fe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-24.scss
index 21af2dabf14a..6a9a1b1821b4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square/keyframes.scss
index 766187730b75..d86f6219e3d5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square/placeholders.scss
index 66e458af3023..53e04172e7f1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-16.scss
index cecf89ba1cea..57544067d30d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-24.scss
index b7b610458a62..9a8ad5ee2fce 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/keyframes.scss
index ae280e5b6e6a..ccfa8d142550 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-star-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/placeholders.scss
index 937ac0535992..79a690837763 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-16.scss
index 11a2bfb6153b..cc4dede45231 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-24.scss
index 0284a9426c27..8ba0ec82357c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/keyframes.scss
index c057f0160b99..dbd8bb23ded8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-star-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/placeholders.scss
index 38d5af82b083..28ddb552a842 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-16.scss
index dd277638f511..4462617a4f27 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-24.scss
index f26ce7239270..b3cf149ddb54 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/keyframes.scss
index e9ab81d0c474..f1162c103c84 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-star-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/placeholders.scss
index 5555475eaecb..85f160ad0f68 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-16.scss
index ea74e31d53b9..aa8402c47916 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-24.scss
index 45583efc772e..e617d7c4dfc1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/index.scss
index f8b673f44d7a..33d332e49b4e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/keyframes.scss
index 2f4f2d3b2905..ba9dc49dcc20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-star-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/placeholders.scss
index 0dc594ee5410..070f9f889534 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star/keyframes.scss
index ba5a726333d9..47b47f5b84c2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-star {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star/placeholders.scss
index b3e9c21638a9..309fa701bd2e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-16.scss
index 730e590e5687..9e67c2576be4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-24.scss
index 6d8f629078b5..e1510ab875d0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/star/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/keyframes.scss
index 36ea3801b90d..9cd33864b1a2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-stop-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/placeholders.scss
index 3ce16e7c7094..260b329580bc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-16.scss
index 8e86413b0933..16708b9ddc65 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-24.scss
index 3a2cf62ed2c2..9826d1def26e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/stop-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/index.scss
index e3d0042ae49a..494f577c3784 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/keyframes.scss
index 660e3db945aa..06546d969f14 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sub-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/placeholders.scss
index 8ddc0a5893e1..804c5809127f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/index.scss
index e7e87da0c739..722299ed8ce1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/keyframes.scss
index 9d5a1a9fb885..acaaf5b45e69 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sub-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/placeholders.scss
index 148933991d43..f3a3ad50345a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sub-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/keyframes.scss
index 5b29f6617acf..84dada778703 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sun {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/placeholders.scss
index 60ec5477c961..22618c027289 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-16.scss
index fb343d86ce79..f534d381f6c1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-24.scss
index 101a79a148f2..25729ebfa07f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sun/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/support/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/support/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/support/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/support/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/support/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/support/keyframes.scss
index b8d01836540c..79627347b594 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/support/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/support/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-support {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/support/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/support/placeholders.scss
index 2f611e5a89fa..79cf1143d356 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/support/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/support/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-16.scss
index ccc8cdf50ca1..3fead7590215 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-24.scss
index 6fc1aa2c68e5..e4475f6ba333 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/support/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/keyframes.scss
index 27c0af948ae5..df7bf5f3ecd8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-swap-horizontal {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/placeholders.scss
index 87c1a4c56556..bdda13937c43 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-16.scss
index 569d12fb670e..0b3423261602 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-24.scss
index 838be24c5eae..d7268ca864ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-horizontal/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/keyframes.scss
index 8162548e9e83..a4821825b61b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-swap-vertical {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/placeholders.scss
index 2636992ece96..c200906f9872 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-16.scss
index 0e94ad6b5f5e..1fdb0641c043 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-24.scss
index ec381d2a37ec..edaac9ddbe3b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/swap-vertical/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/keyframes.scss
index 6c409498f5dd..bf031c47aaa1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-switcher {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/placeholders.scss
index 75e3df32db91..bd595c8d9827 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-16.scss
index d73821952080..48324ad3d16e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-24.scss
index 7b909cd5c66d..8eac7740d7aa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/switcher/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/keyframes.scss
index 93a9a29bf78c..70de2fb4beba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sync-alert {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/placeholders.scss
index 3a73734aef0e..deb31f0f46ac 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-16.scss
index 4f2c7a9df1d8..e484c83236c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-24.scss
index 7a866948d653..a83be4271c9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-alert/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/keyframes.scss
index 58f8d7a2c3d0..f0d3a033a8df 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sync-reverse {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/placeholders.scss
index 841667e81538..3be51db30ae7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-16.scss
index 69bed783da0d..f7911387c9fb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-24.scss
index 139ec5879f90..c6acd935774a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync-reverse/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/keyframes.scss
index f12bdb52152a..1cd851a870c3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-sync {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/placeholders.scss
index 21da24c04799..40fe853e423f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-16.scss
index 46653b9d06a0..45891ada63a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-24.scss
index b41df2abe8bb..ad34bff6d5c9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/sync/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/keyframes.scss
index 742b407c0cf1..5b7e51943df9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-tablet {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/placeholders.scss
index 27472f8fe30b..1585e9655719 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-16.scss
index 09af9e1ea036..ef603a2615e6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-24.scss
index 67a8680901ed..ea3f3e4b2a8a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tablet/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/index.scss
index 223ad543c737..ad1d2b1dccde 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/keyframes.scss
index f5a454099f6a..691b25a6dfde 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-tag {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/placeholders.scss
index f245b557ed48..9b2ca92c0f2d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-16.scss
index fcf4dc90b7b3..ef7f0accdbe0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-24.scss
index a86760d5cb84..549a71607a02 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tag/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/target/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/target/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/target/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/target/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/target/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/target/keyframes.scss
index 587a4ef618ac..491e7c475765 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/target/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/target/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-target {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/target/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/target/placeholders.scss
index 1cd9da6e2359..83fd6e1f1a94 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/target/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/target/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-16.scss
index 9fb510d5089a..3e2b0126f181 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-24.scss
index 605ddeb8b19c..57019aa29d19 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/target/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/keyframes.scss
index 65cb4b25f46c..9744c5c8370c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-terminal-screen {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/placeholders.scss
index 2891d8cdb9fd..5f9dc7157d26 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-16.scss
index d5c20bb29a9b..51b0a5f73b31 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-24.scss
index eccf647f31e3..333da3b8ac75 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal-screen/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/keyframes.scss
index 476e78b70205..747237e78766 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-terminal {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/placeholders.scss
index 3cb83e26f2c5..ecb85eda0d82 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-16.scss
index 4c3726f5602a..6cd03f3dd8f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-24.scss
index a8e5203ce73b..af11b842ef61 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terminal/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/keyframes.scss
index f3bfe2c4fbea..a631bf061d57 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-terraform-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/placeholders.scss
index 82e25e953d29..811716831a31 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-16.scss
index 5c4c1c6c2f3c..865416446c80 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-24.scss
index 074d11eb88cb..08d2c5946c44 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/index.scss
index d00816879440..b1e11e2ef0e3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/keyframes.scss
index fdbc5f2e59be..c23f0ffb59df 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-terraform {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/placeholders.scss
index 0fe3c6c0f26a..96429044eb2f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-16.scss
index d6424bb01948..225107e576d8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-24.scss
index 52f3c951586f..5a46d5918927 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/terraform/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/keyframes.scss
index c20546402d29..88744a17235e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-thumbs-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/placeholders.scss
index fa3f288a85ce..3adbc23f3ae1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-16.scss
index ae34fd68e92c..dcd9ea3f0dc2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-24.scss
index 6cbe0c321135..601d50fd430e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/keyframes.scss
index bd7312b8870a..d33f39b3780e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-thumbs-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/placeholders.scss
index dd06caec82e0..4e59caf011d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-16.scss
index 987c95869f9d..5b76f031a9b7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-24.scss
index 2465a6f43efd..d97ad46a3fd0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/thumbs-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/keyframes.scss
index 729960ce4188..c0b89612a696 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-toggle-left {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/placeholders.scss
index 0b07b786c1d2..210ef75bb969 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-16.scss
index 1ac16b2343fe..bbe603f07af2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-24.scss
index a837d629fe17..221c87192b46 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-left/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/keyframes.scss
index b3349eb8bee4..655b7ccf38b2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-toggle-right {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/placeholders.scss
index 6473d2778b90..8d4f093bd50c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-16.scss
index 9aa767b85e8c..23ca4124df77 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-24.scss
index 2520aa610fee..d12006334d4a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/toggle-right/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/token/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/token/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/token/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/token/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/token/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/token/keyframes.scss
index b08e3d680667..f9dced123f9b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/token/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/token/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-token {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/token/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/token/placeholders.scss
index 55896ec406ac..0637a48a4283 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/token/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/token/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-16.scss
index 4ae5d21e3d60..0a1d3cae0b48 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-24.scss
index 8aaf6aa7c531..65c615b2ba5f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/token/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/keyframes.scss
index 2286e6417543..8bdea329b5c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-tools {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/placeholders.scss
index ea541c95a11c..88fe9288c947 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-16.scss
index a85cf1b94a41..acb8614de77a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-24.scss
index 9520e1fd88fe..3ca5731ae0c8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tools/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/top/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/top/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/top/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/top/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/top/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/top/keyframes.scss
index 8a92c5bd4213..eb2197a4b355 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/top/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/top/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-top {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/top/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/top/placeholders.scss
index a7cb89edc803..fa22732fd43e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/top/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/top/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-16.scss
index cd277acdb380..12fe1d6410fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-24.scss
index 08fd4efc35cc..437bdbc3183c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/top/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/keyframes.scss
index 6985c66751f2..20b806ccf7d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-trash {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/placeholders.scss
index c3056c5997e0..13e8f508c0af 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-16.scss
index 1323334adf32..0a20d4c775bb 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-24.scss
index ff725a7ba8c4..04268f88fc05 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trash/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/keyframes.scss
index 2e1c47d1e9a9..3a53a2e9ddc1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-trend-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/placeholders.scss
index 12552f716789..92103c185951 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-16.scss
index 2aca1c3e9964..613db4f137be 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-24.scss
index 5179ad2e82f5..6e47fbebaf7a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/keyframes.scss
index d44bdcde5a3a..aff9dd63eac5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-trend-up {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/placeholders.scss
index c7c24018a06e..52fc2a2866d9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-16.scss
index b9ffc4664863..62137b9a1300 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-24.scss
index 9c49de52be74..3a1354b5b233 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/trend-up/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/keyframes.scss
index 4c6d222714ee..1fe89fb18c2b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-triangle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/placeholders.scss
index b1b794f28e6a..d8070e6403da 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-16.scss
index a08031d09adb..fa4089391585 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-24.scss
index 7875fd88a779..fff932616d06 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/keyframes.scss
index dbfbbd67bf59..5d79a2917636 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-triangle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/placeholders.scss
index 6d1e6eff5b3b..2b6331587b05 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-16.scss
index 70211277cfe2..443c7ccdcf53 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-24.scss
index 9904dc0f6e9a..33ccfd00747b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/triangle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/keyframes.scss
index b5e95cea4a6a..21da4df8db3c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-truck {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/placeholders.scss
index 22f04eab3ed7..c378e98f5481 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-16.scss
index 1eee5961745a..4d23e0b58820 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-24.scss
index ce55155e1369..0fbd3fb0b6f7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/truck/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/index.scss
index dda8ce20e945..519332d66f04 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/keyframes.scss
index 47e3b87379da..6fbe08ccc83e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-tune {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/placeholders.scss
index 3e6c69d2c3c3..691b2c18e8bf 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tune/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tune/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/keyframes.scss
index 05b4e4a37ebb..1bbe2744420e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-tv {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/placeholders.scss
index 5abc9ec87078..ae4fad80b30b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-16.scss
index b3cb4a465448..01337fe19307 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-24.scss
index a6b0e8bbb56e..11017e01bd18 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/tv/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/keyframes.scss
index 7a70f86ed6c3..6663efeb7c46 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-twitch-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/placeholders.scss
index ba612afdf269..60db3026f48d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-16.scss
index c20cd16965a7..5bd446d55303 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-24.scss
index 18d3cbed4714..ed6c2dca782d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/index.scss
index 962d20aecbc9..8e30d896764f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/keyframes.scss
index dfd15fe0cf3d..0efc17d84b81 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-twitch {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/placeholders.scss
index 30937ed81db2..372e1556f28c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-16.scss
index 0c6269e4c30c..1c1136e7e0d4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-24.scss
index ea679aff1089..164e95ac369e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitch/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/keyframes.scss
index 0e2d58e64546..293b29a2d4e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-twitter-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/placeholders.scss
index 2fd51e6ff5d2..f949e4bf7121 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-16.scss
index 21cb39a034d1..30f5e11fcf29 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-24.scss
index af2d4f0897d6..1948f0e3f940 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/index.scss
index f9f080ad2142..ead1b2d38b2f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/keyframes.scss
index 4e6680be0c34..eb36903bea1c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-twitter {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/placeholders.scss
index 18ba55c5d379..3a1e86551002 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-16.scss
index d6d194ac8d49..9f0be454c108 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-24.scss
index 60ea7e9356f9..8e3454406ae9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/twitter/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/type/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/type/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/type/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/type/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/type/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/type/keyframes.scss
index 51324f781ae3..53498428caf7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/type/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/type/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-type {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/type/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/type/placeholders.scss
index 3c2fd1585b03..b970fc6ca725 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/type/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/type/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-16.scss
index 67e66ad7f93b..bfcda4608f5b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-24.scss
index 07906e083c41..b5b05e38221d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/type/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/keyframes.scss
index ab2b76426865..4a94e909d74c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-unfold-close {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/placeholders.scss
index f482568d4302..87e554931745 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-16.scss
index 8a84a6e8ff21..9024488256dc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-24.scss
index 4a67fdb2a208..609623ec8054 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-close/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/index.scss
index b9cbc8778c8f..2ea9c523f56f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/keyframes.scss
index bc9fddc57e81..ff2d9650404e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-unfold-less {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/placeholders.scss
index da2492183e17..48e7c8ead5af 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-less/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/index.scss
index 4c5aff0294c0..7faef923f56a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/keyframes.scss
index 50c7cdb91b10..a6ab9ad900fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-unfold-more {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/placeholders.scss
index 879a857906c7..ca421a5ed8fa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-more/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/keyframes.scss
index 43fa474d20f2..53bd33b653f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-unfold-open {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/placeholders.scss
index 6432019547f9..b385b68c818b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-16.scss
index 51d0d6dc2416..45ff813d089a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-24.scss
index 0418b3d04900..2ac9400f8194 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unfold-open/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/union/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/union/index.scss
index 68293edadf9d..8b3fe9b7ced8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/union/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/union/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/union/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/union/keyframes.scss
index b4a9c02fde9f..16c6c4ca0384 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/union/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/union/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-union {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/union/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/union/placeholders.scss
index 1f4b33fe9a4d..3d7b8edfdfb8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/union/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/union/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-16.scss
index dfd30b075328..ce4c0e2987f2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-24.scss
index fe679d2fb7ac..3ab9887d3b6c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/union/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/keyframes.scss
index 503c763474e5..8a86ec678313 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-unlock {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/placeholders.scss
index af8cde2570cc..ff87f20334d2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-16.scss
index ed58fbcff3b3..92a4ea8ea2ff 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-24.scss
index 33e13627418d..310f95642cae 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/unlock/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/keyframes.scss
index afcbe1d0aa93..b82ffcd8be28 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-upload {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/placeholders.scss
index f9ce3ed9fda2..c0d897fb2df5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-16.scss
index bd3ec7e8b8f4..90e263e64b59 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-24.scss
index bc2d0cdcef4f..c600145cb8a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/upload/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/index.scss
index 5f2cdb956186..e2e740f05f75 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/keyframes.scss
index 784197674b8d..b7611274bdb1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-add {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/placeholders.scss
index ae176d12110f..27ba087df883 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-add/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/keyframes.scss
index ca4f24d3b377..8be27609d947 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-check {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/placeholders.scss
index c09c453baa5a..85cf76804c9a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-16.scss
index 8b9c792e4c87..325c253797a4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-24.scss
index e2f6a66df91d..e88cb417033f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-check/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/keyframes.scss
index 684449a27c8a..e42e9c425284 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/placeholders.scss
index 29603757f470..32f884022b80 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-16.scss
index 88ae5c06143f..0ab3e3621cd9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-24.scss
index a193a328bc74..4f4ddd1f99b5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/keyframes.scss
index 6fa9a8acaee2..25a1afe9312f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/placeholders.scss
index 3426fb51d93f..165195439f05 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-16.scss
index ea277ac9048f..54e758f87825 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-24.scss
index 38c50de77561..2ed3b6aa8f15 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/keyframes.scss
index a49f31bdc5b8..18f43c0e9dfa 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-minus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/placeholders.scss
index 24b88c45f548..0033b568cf8b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-16.scss
index c631f80061dc..7d3f33bf5031 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-24.scss
index 661f6e04bb79..ca8b57645568 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-minus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/index.scss
index 83cff19dd7b4..cb6619a58612 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/keyframes.scss
index b2ab84432193..38eadf6609b9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-organization {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/placeholders.scss
index c458a3c9fc3c..ae6c0c6e0846 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-organization/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/index.scss
index 6db7a950f343..4d58aaed9395 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/keyframes.scss
index 43f11fd67f72..5d8b71c62f4b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-plain {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/placeholders.scss
index b40a473c75d6..cf93991a4314 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plain/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/keyframes.scss
index a05bf722efb5..d6ceca4f5952 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-plus {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/placeholders.scss
index ab2a931d695f..603370ae6844 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-16.scss
index 2c7b4d9fdc21..a697e9a4ab4b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-24.scss
index d6116a9aef9c..de6d53f0b3e0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-plus/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/index.scss
index 125ad097364b..6278d3ddf934 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/keyframes.scss
index 30f7c5209e48..52780c41e1f1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/placeholders.scss
index 576167627aa2..a2808eab682a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/index.scss
index c886827f40aa..0e9e4ddcd24b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/keyframes.scss
index 99a7462fa2f4..371580758627 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-square-outline {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/placeholders.scss
index 129d95771801..ec75c0f94d6a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-square-outline/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/index.scss
index 73fd36573c8c..aaa78b46f453 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/keyframes.scss
index b6283e9a398b..d94bf8c10e9e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-team {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/placeholders.scss
index bc83a3b61682..c640e2cd3eca 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-team/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/keyframes.scss
index 225f53e99c12..c61a2a4eeb00 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/placeholders.scss
index 023c5becfa6c..d2000ccdc317 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-16.scss
index 99b8de4bf67a..c4eb74841bea 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-24.scss
index e832ec22934c..9f0424a53593 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user-x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user/keyframes.scss
index 5a2912244c02..8240cea581dd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-user {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user/placeholders.scss
index 0720df48b7ba..8554f57e1415 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-16.scss
index 48a18c6002a5..93b26ca59082 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-24.scss
index f703df6c034f..b8032e5243c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/user/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/users/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/users/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/users/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/users/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/users/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/users/keyframes.scss
index 5ae77a0d5313..533c1e8a77f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/users/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/users/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-users {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/users/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/users/placeholders.scss
index 0b57fe19db88..4443430a2a5a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/users/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/users/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-16.scss
index fa3dc4cd641d..4d3b51ca96e8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-24.scss
index 875cf9bc9d5a..959b56d53a5e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/users/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/keyframes.scss
index a3c5ee2f0dfa..e48e8e675590 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-vagrant-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/placeholders.scss
index f0ae6452159c..c7174f9c9fcc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-16.scss
index 31fd40931e8e..834fc69eaa03 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-24.scss
index 053265ab6371..c9ee238a11f9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/index.scss
index 1525999371cc..d1d73fb55589 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/keyframes.scss
index 4252a8a2696e..69ce695d0f69 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-vagrant {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/placeholders.scss
index e86f1ea56675..0e5165a25023 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-16.scss
index 9d49f05909f0..170c95997395 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-24.scss
index 78f54de336de..4ac365de19a6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vagrant/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/keyframes.scss
index 24770cf5c5ed..d1b30b6ba176 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-vault-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/placeholders.scss
index 1f4b4295c98a..4598744b8b9d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-16.scss
index 9373592c9737..0c720843c7ed 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-24.scss
index 655d4ba2b339..70ec2c674478 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/index.scss
index e41aea05fa49..ee56d1b57adc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/keyframes.scss
index 636c78c8342b..e092852c3d94 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-vault {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/placeholders.scss
index 4f40e3c32fe2..1aa630436b37 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-16.scss
index f5046702ae1d..d0b3dbd355a3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-24.scss
index 2199a89b6f3c..dcaea985ce49 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vault/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/keyframes.scss
index 5545eef120a5..0ef779f6353a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-verified {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/placeholders.scss
index c58ecbe47bf1..26687027df98 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-16.scss
index 66c84e314e6e..2bd549425f4e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-24.scss
index c598613c0a4a..a733dd864fe8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/verified/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/keyframes.scss
index 3b9e0c92c692..afbb49f6ba37 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-video-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/placeholders.scss
index e36e35a71af8..7a8e8f830fe2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-16.scss
index fa16ba9defe5..54333a309e58 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-24.scss
index 15e7b822b5ce..eaddd2ebb702 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video/keyframes.scss
index 17f1a5d359ce..0cd243c26163 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-video {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video/placeholders.scss
index 2b26528c16be..5f1b8017ae0b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-16.scss
index d40ecf530224..372a1ccbf669 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-24.scss
index 74d3c50079a3..0604df73abfe 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/video/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/index.scss
index 4fa32e6813cd..c152864a9af4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/keyframes.scss
index ab98a2f54d84..d8283cb31933 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-visibility-hide {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/placeholders.scss
index 3ee61904adc9..10fb7aa0b9f9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-hide/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/index.scss
index 6d2d4ebcc3b4..59620c464862 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/keyframes.scss
index d7b309a2b63c..78000f0b783e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-visibility-show {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/placeholders.scss
index cb1bfb4e30bd..3a08def051f8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/visibility-show/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/keyframes.scss
index 3b5287fdc99b..37961da2f266 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-vmware-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/placeholders.scss
index 0bdaef42eae4..9d07d62ad704 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-16.scss
index 6b1c191bd215..e6569c3f13c7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-24.scss
index 0b01835b1a19..e142cc100174 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/index.scss
index 5058ca3046cd..8fb3c6cb8ab6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/keyframes.scss
index e50cb6c39712..ab962b168c15 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-vmware {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/placeholders.scss
index ee92baac7940..35526023a5c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-16.scss
index 842ea362e229..cc931d9f7aa4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-24.scss
index c43869fbdd7e..effc542761e9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/vmware/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/keyframes.scss
index fd1d7a1877d8..7ebdc2505a03 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-volume-2 {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/placeholders.scss
index 80f997e07b37..539d9263400e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-16.scss
index ffebfd22f4c3..8be6f81b6f0e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-24.scss
index 02175de2b190..13adf65e02c6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-2/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/keyframes.scss
index 84e30b1bf134..59a05dd691ab 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-volume-down {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/placeholders.scss
index e360b5776015..17eed4201c5d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-16.scss
index 9e92d8e4aa99..954eaa280589 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-24.scss
index 4248c72b42dc..c88b60e67b1a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-down/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/keyframes.scss
index 011b90efcdb1..8ce604fd9fe3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-volume-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/placeholders.scss
index 19ea59b8dba2..2cc9e8f96e15 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-16.scss
index bedf98676132..79aa90529b11 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-24.scss
index c831cf2eccf4..de2d7dfe9ec8 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume-x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/keyframes.scss
index d2516189e0e1..0731bf859e6b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-volume {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/placeholders.scss
index 98b1ac92611f..6e7142e4d71c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-16.scss
index 906a420346ae..f6f7acaed053 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-24.scss
index f09d9f1da374..b13586be8844 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/volume/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/keyframes.scss
index f92ac586f3b6..217755c516e2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-wall {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/placeholders.scss
index f6f38e086ddd..48e43e2ad510 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-16.scss
index 079bc79f5250..4d227b7fa780 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-24.scss
index d326d39121bd..697d3fdd44ba 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wall/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/keyframes.scss
index 3e10ff9a7570..212a2ea2f34a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-wand {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/placeholders.scss
index 3e4c14cbc91c..b1a3feb4d7e2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-16.scss
index f57ecdd1c7e6..cc5289b3da2f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-24.scss
index 48acce94a99d..b55e2e604973 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wand/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/keyframes.scss
index 3c9eb0cba0f4..4c039e5722e1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-watch {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/placeholders.scss
index 6bd02b2d3a33..b679bf74eac2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-16.scss
index 9f7fab4c3dc6..d0933443dd3b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-24.scss
index da63eb64d92c..346d44bc53a0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/watch/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/keyframes.scss
index a731fa1f074e..221bf06ffda7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-waypoint-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/placeholders.scss
index 50e27ad6e674..214a6f2a3631 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-16.scss
index c4ec749b978b..16b317865970 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-24.scss
index c7d7af6c0be0..75e7c8d6453d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/index.scss
index 34b53ee6da1a..f8a88bde68e9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/keyframes.scss
index 6a93e273b3df..dba02b558747 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-waypoint {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/placeholders.scss
index 2ca77b7391b5..db6bb888e0f4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-16.scss
index 676b66188a92..503e2afdcf77 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-24.scss
index d85370042956..3961233883c9 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/waypoint/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/keyframes.scss
index 85f3ebedec43..389d4f23ac2a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-webhook {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/placeholders.scss
index 4467374cbbe0..bc584274aa03 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-16.scss
index 4994d8688baf..3744bab8872c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-24.scss
index 54604d759e9f..5b4c52d4767d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/webhook/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/keyframes.scss
index d704759dabc1..695dacf787cd 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-wifi-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/placeholders.scss
index 772825b2e351..47f5f74daf3a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-16.scss
index 1879beb27469..27705b8c2d83 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-24.scss
index 690824abdc82..bd07a0c773f0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/keyframes.scss
index aaa9e215dc23..34a90a7a1242 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-wifi {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/placeholders.scss
index 4679089a0e09..0d0b3aeef325 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-16.scss
index 7367f5d4106f..421cd366a191 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-24.scss
index 9da4b7ec85c8..ed3648af1d15 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wifi/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/keyframes.scss
index 943ca2b4cb68..34937c583273 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-wrench {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/placeholders.scss
index 1802b7336733..ce3874abbf3b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-16.scss
index 8983fcf5b205..557fe1b4c2d7 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-24.scss
index a95e7a08fe1a..59c10a88d540 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/wrench/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/keyframes.scss
index b188cddf010c..ea6968ebbbd2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-x-circle-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/placeholders.scss
index 354b81252819..96c577dc9583 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-16.scss
index 1ff7e9177dca..07e62462b687 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-24.scss
index 03d635c53e7a..376591ef6da4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/keyframes.scss
index 855ebcf8deaa..f484624997a3 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-x-circle {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/placeholders.scss
index f2e12e620dc5..9a728e0f6928 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-16.scss
index 83066351ac86..0236d0c8a5cc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-24.scss
index e9c138b7603d..993a2f70ab6e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-circle/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/keyframes.scss
index f58bed0909ed..be31a5562b15 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-x-diamond-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/placeholders.scss
index d3117ad9f158..a0d6631ea388 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-16.scss
index cac0e04c53ab..cdf6f8673b11 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-24.scss
index 782517eadcb3..cca9022a6eea 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/keyframes.scss
index 444074c37f22..3c12ade8d38e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-x-diamond {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/placeholders.scss
index 8d2de2b540d9..3d0cba1238b0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-16.scss
index 9f9df096ebf2..fd1493c4328f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-24.scss
index 0af6196bfe3f..a6c12dfcc1d1 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-diamond/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/keyframes.scss
index db1fd08c3de5..6d5669fe9f90 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-x-hexagon-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/placeholders.scss
index 57cb2cb11502..aa880904fb6b 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-16.scss
index d24dcd290dcd..ca3c1eb11b26 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-24.scss
index 0e77178056ac..06c93c69c52f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/keyframes.scss
index d21a8ee93400..c202789085de 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-x-hexagon {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/placeholders.scss
index f770aefddee1..3330698416e5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-16.scss
index 83b1671fb15b..6ffc6896bd61 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-24.scss
index 702b0d6ebeaa..e53e9cac68be 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-hexagon/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/keyframes.scss
index 435414882fa1..6a8833ab248e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-x-square-fill {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/placeholders.scss
index 205cb360c2ca..a0ed1882ae8e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-16.scss
index 9c08ba70d751..d1910fc9cb4e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-24.scss
index 30a1056e78ad..91351e7f5f60 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square-fill/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/keyframes.scss
index a7c16b0d4d24..aec782d8d50c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-x-square {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/placeholders.scss
index b9e78d224c4b..9d1ae0addfcc 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-16.scss
index 3957e075a362..4d843fcd66de 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-24.scss
index ad1ab859b50c..b533a5d13d8d 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x-square/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x/keyframes.scss
index 5f8be89485bc..9969836fee20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-x {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x/placeholders.scss
index 68bf5b15e112..0b0f403cb827 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-16.scss
index 87ba4f65f156..7a2e8acd3d90 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-24.scss
index d4fc1bd48e02..f2f7e91ffe18 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/x/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/keyframes.scss
index 5d4ce4e9160a..f71c802a0218 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-youtube-color {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/placeholders.scss
index c0e7c80c2e2d..a94e40e600b2 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-16.scss
index a3738fc3665a..be772a093b77 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-24.scss
index 167f2239acc7..2a1f75400969 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube-color/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/index.scss
index 1edaae143fe3..ec36ee0ff100 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/keyframes.scss
index 06c76bcb9b7d..99778d3947c0 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-youtube {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/placeholders.scss
index a66946982348..b1ba10af4392 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-16.scss
index d93b8fea5c20..506303470917 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-24.scss
index 9a3b65c5208f..a617870758c6 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/youtube/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/keyframes.scss
index e45a66bf4120..b5b4bce9eff5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-zap-off {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/placeholders.scss
index 2e0fa51aa1e0..bddad9b98849 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-16.scss
index 893cd4ee2944..6ffb66e4bf20 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-24.scss
index 6d510810d71e..f1aa71511a6f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap-off/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/keyframes.scss
index 44b0f424a8b5..2b4b4687fc28 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-zap {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/placeholders.scss
index 75817e99d5e5..a87fb212fa92 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-16.scss
index e6bea26b279c..42202d2b465f 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-24.scss
index c6f6c6ebc16e..06fd6bdf6548 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zap/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/keyframes.scss
index 66af845acd40..fa5409efee0c 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-zoom-in {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/placeholders.scss
index c59403a4fc50..21f607f1b434 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-16.scss
index 36ff59104568..e74f4aae4129 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-24.scss
index 96fe29dd050f..3c2bb41de95e 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-in/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/index.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/index.scss
index 0cf5474ebfc4..6d714e109549 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/keyframes.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/keyframes.scss
index 4992c364f73e..848334137749 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes icon-zoom-out {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/placeholders.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/placeholders.scss
index 784a44724717..f206ac8b22f5 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-16.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-16.scss
index 94405ff34495..568ec75766c4 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-16.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-16.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-24.scss b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-24.scss
index 80295aa67eaa..d60a6681c096 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-24.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/icons/zoom-out/property-24.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/base/icons/index.scss b/ui/packages/consul-ui/app/styles/base/icons/index.scss
index 3827b3f406c5..fb097649f75a 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './base-keyframes';
diff --git a/ui/packages/consul-ui/app/styles/base/icons/overrides.scss b/ui/packages/consul-ui/app/styles/base/icons/overrides.scss
index e923d75442d2..9853578ce374 100644
--- a/ui/packages/consul-ui/app/styles/base/icons/overrides.scss
+++ b/ui/packages/consul-ui/app/styles/base/icons/overrides.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %without-mask {
diff --git a/ui/packages/consul-ui/app/styles/base/index.scss b/ui/packages/consul-ui/app/styles/base/index.scss
index b26472480431..d8a77db6d5fb 100644
--- a/ui/packages/consul-ui/app/styles/base/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './component/index';
diff --git a/ui/packages/consul-ui/app/styles/base/reset/base-variables.scss b/ui/packages/consul-ui/app/styles/base/reset/base-variables.scss
index 5908b64e82c8..c05ca231fd42 100644
--- a/ui/packages/consul-ui/app/styles/base/reset/base-variables.scss
+++ b/ui/packages/consul-ui/app/styles/base/reset/base-variables.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %reset-margin {
diff --git a/ui/packages/consul-ui/app/styles/base/reset/index.scss b/ui/packages/consul-ui/app/styles/base/reset/index.scss
index e60669bbccca..ef28f2932915 100644
--- a/ui/packages/consul-ui/app/styles/base/reset/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/reset/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './base-variables';
diff --git a/ui/packages/consul-ui/app/styles/base/reset/minireset.scss b/ui/packages/consul-ui/app/styles/base/reset/minireset.scss
index 43b1e0fa6f24..a0438a027bfc 100644
--- a/ui/packages/consul-ui/app/styles/base/reset/minireset.scss
+++ b/ui/packages/consul-ui/app/styles/base/reset/minireset.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 html,
diff --git a/ui/packages/consul-ui/app/styles/base/reset/system.scss b/ui/packages/consul-ui/app/styles/base/reset/system.scss
index 42b03d9e00c2..7a40b2c8f082 100644
--- a/ui/packages/consul-ui/app/styles/base/reset/system.scss
+++ b/ui/packages/consul-ui/app/styles/base/reset/system.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 a {
diff --git a/ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss b/ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss
index 0e331ac1fe87..b1d21d3074e0 100644
--- a/ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss
+++ b/ui/packages/consul-ui/app/styles/base/typography/base-keyframes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @keyframes typo-truncate {
diff --git a/ui/packages/consul-ui/app/styles/base/typography/base-placeholders.scss b/ui/packages/consul-ui/app/styles/base/typography/base-placeholders.scss
index 404ba9ff390b..9b7fa8c5d6d1 100644
--- a/ui/packages/consul-ui/app/styles/base/typography/base-placeholders.scss
+++ b/ui/packages/consul-ui/app/styles/base/typography/base-placeholders.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %display-500-bold {
diff --git a/ui/packages/consul-ui/app/styles/base/typography/index.scss b/ui/packages/consul-ui/app/styles/base/typography/index.scss
index a846f0f2e900..261f3ce9fbce 100644
--- a/ui/packages/consul-ui/app/styles/base/typography/index.scss
+++ b/ui/packages/consul-ui/app/styles/base/typography/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './base-keyframes';
diff --git a/ui/packages/consul-ui/app/styles/components.scss b/ui/packages/consul-ui/app/styles/components.scss
index d4e1c39e824e..de51715283d6 100644
--- a/ui/packages/consul-ui/app/styles/components.scss
+++ b/ui/packages/consul-ui/app/styles/components.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import 'ember-power-select';
diff --git a/ui/packages/consul-ui/app/styles/debug.scss b/ui/packages/consul-ui/app/styles/debug.scss
index 23ae675cb1ba..2e7ec816f662 100644
--- a/ui/packages/consul-ui/app/styles/debug.scss
+++ b/ui/packages/consul-ui/app/styles/debug.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import 'prism-coldark-dark';
diff --git a/ui/packages/consul-ui/app/styles/icons.scss b/ui/packages/consul-ui/app/styles/icons.scss
index 713d1576c2d8..1b4923455f10 100644
--- a/ui/packages/consul-ui/app/styles/icons.scss
+++ b/ui/packages/consul-ui/app/styles/icons.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/layout.scss b/ui/packages/consul-ui/app/styles/layout.scss
index 75f42c71551b..a04075cbb162 100644
--- a/ui/packages/consul-ui/app/styles/layout.scss
+++ b/ui/packages/consul-ui/app/styles/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import 'layouts/index';
diff --git a/ui/packages/consul-ui/app/styles/layouts/index.scss b/ui/packages/consul-ui/app/styles/layouts/index.scss
index 4970da98d8cf..14b86acea80c 100644
--- a/ui/packages/consul-ui/app/styles/layouts/index.scss
+++ b/ui/packages/consul-ui/app/styles/layouts/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // workaround bulma's sweeping box-sizing
diff --git a/ui/packages/consul-ui/app/styles/prism-coldark-cold.scss b/ui/packages/consul-ui/app/styles/prism-coldark-cold.scss
index 8608926b2247..e61ac5f2b02a 100644
--- a/ui/packages/consul-ui/app/styles/prism-coldark-cold.scss
+++ b/ui/packages/consul-ui/app/styles/prism-coldark-cold.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/styles/prism-coldark-dark.scss b/ui/packages/consul-ui/app/styles/prism-coldark-dark.scss
index 98033b9b30d0..e4b8d569f67c 100644
--- a/ui/packages/consul-ui/app/styles/prism-coldark-dark.scss
+++ b/ui/packages/consul-ui/app/styles/prism-coldark-dark.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/styles/routes.scss b/ui/packages/consul-ui/app/styles/routes.scss
index 9b8ad0b0d871..0b9818e0276e 100644
--- a/ui/packages/consul-ui/app/styles/routes.scss
+++ b/ui/packages/consul-ui/app/styles/routes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import 'routes/dc/services/index';
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/acls/index.scss b/ui/packages/consul-ui/app/styles/routes/dc/acls/index.scss
index d4d46c09742d..090f39d82cb3 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/acls/index.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/acls/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 html[data-route^='dc.acls.index'] main td strong {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/intentions/index.scss b/ui/packages/consul-ui/app/styles/routes/dc/intentions/index.scss
index 68bebc3a5b3f..d4634f7f1f9a 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/intentions/index.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/intentions/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 html[data-route^='dc.intentions.edit'] .definition-table {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/kv/index.scss b/ui/packages/consul-ui/app/styles/routes/dc/kv/index.scss
index a8c5b0bc85ec..2a85b0e3d609 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/kv/index.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/kv/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 html[data-route^='dc.kv'] .type-toggle {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/nodes/index.scss b/ui/packages/consul-ui/app/styles/routes/dc/nodes/index.scss
index 3513f73da779..040d6c46035f 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/nodes/index.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/nodes/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 html[data-route^='dc.nodes.show.metadata'] table tr {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss b/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss
index bedd44ab8142..73ac353add73 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/overview/license.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 section[data-route='dc.show.license'] {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss b/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss
index 9ba150dbc546..38e0519c6bd1 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/overview/serverstatus.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 section[data-route='dc.show.serverstatus'] {
diff --git a/ui/packages/consul-ui/app/styles/routes/dc/services/index.scss b/ui/packages/consul-ui/app/styles/routes/dc/services/index.scss
index 3065579e1107..80828acd3776 100644
--- a/ui/packages/consul-ui/app/styles/routes/dc/services/index.scss
+++ b/ui/packages/consul-ui/app/styles/routes/dc/services/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* drop the external dashboard button down if it exists */
diff --git a/ui/packages/consul-ui/app/styles/tailwind.scss b/ui/packages/consul-ui/app/styles/tailwind.scss
index c03d22ee28d9..ed5da1fc5ed1 100644
--- a/ui/packages/consul-ui/app/styles/tailwind.scss
+++ b/ui/packages/consul-ui/app/styles/tailwind.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @tailwind base;
diff --git a/ui/packages/consul-ui/app/styles/themes.scss b/ui/packages/consul-ui/app/styles/themes.scss
index 56bee00761c1..2d180b292c72 100644
--- a/ui/packages/consul-ui/app/styles/themes.scss
+++ b/ui/packages/consul-ui/app/styles/themes.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './base/color/ui/index';
diff --git a/ui/packages/consul-ui/app/styles/typography.scss b/ui/packages/consul-ui/app/styles/typography.scss
index b0dac04edb3b..f1e5a47d05ea 100644
--- a/ui/packages/consul-ui/app/styles/typography.scss
+++ b/ui/packages/consul-ui/app/styles/typography.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 body,
diff --git a/ui/packages/consul-ui/app/styles/variables.scss b/ui/packages/consul-ui/app/styles/variables.scss
index d857778f16e1..952c22c2d500 100644
--- a/ui/packages/consul-ui/app/styles/variables.scss
+++ b/ui/packages/consul-ui/app/styles/variables.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './base/reset/index';
diff --git a/ui/packages/consul-ui/app/styles/variables/custom-query.scss b/ui/packages/consul-ui/app/styles/variables/custom-query.scss
index 77c31f86f4eb..865924c352c7 100644
--- a/ui/packages/consul-ui/app/styles/variables/custom-query.scss
+++ b/ui/packages/consul-ui/app/styles/variables/custom-query.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 $ideal-width: 1260px;
diff --git a/ui/packages/consul-ui/app/styles/variables/layout.scss b/ui/packages/consul-ui/app/styles/variables/layout.scss
index e4f4252a43a7..8233827b2f9e 100644
--- a/ui/packages/consul-ui/app/styles/variables/layout.scss
+++ b/ui/packages/consul-ui/app/styles/variables/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 :root {
diff --git a/ui/packages/consul-ui/app/styles/variables/skin.scss b/ui/packages/consul-ui/app/styles/variables/skin.scss
index 2644344c4c30..2551b453de4d 100644
--- a/ui/packages/consul-ui/app/styles/variables/skin.scss
+++ b/ui/packages/consul-ui/app/styles/variables/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './custom-query';
diff --git a/ui/packages/consul-ui/app/templates/application.hbs b/ui/packages/consul-ui/app/templates/application.hbs
index 7be739bf64b8..6e7537d43d67 100644
--- a/ui/packages/consul-ui/app/templates/application.hbs
+++ b/ui/packages/consul-ui/app/templates/application.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-ui/app/templates/dc.hbs b/ui/packages/consul-ui/app/templates/dc.hbs
index ad4664bcd38c..5974acfca33e 100644
--- a/ui/packages/consul-ui/app/templates/dc.hbs
+++ b/ui/packages/consul-ui/app/templates/dc.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls.hbs b/ui/packages/consul-ui/app/templates/dc/acls.hbs
index ad4664bcd38c..5974acfca33e 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs
index d221d5e819ee..c24d2bfc7a37 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show.hbs
index efa683681ca9..6e66613c3cd9 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs
index f2a687d38559..ebbd020033a6 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/auth-method.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs
index 8f155eeabc94..b7c8f92d2f34 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/binding-rules.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs
index d0a8529a44b7..ac8fea7a3c2f 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/auth-methods/show/nspace-rules.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/index.hbs
index 8ef6f6e32425..dc88f53b2786 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/policies/-form.hbs b/ui/packages/consul-ui/app/templates/dc/acls/policies/-form.hbs
index 687f5ec8e1d7..39ff3543dbdc 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/policies/-form.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/policies/-form.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <form>
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs b/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs
index 230723e74635..208bcdcb7653 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs
index 1ac23da4350c..d00fd781c2ea 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/policies/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/roles/-form.hbs b/ui/packages/consul-ui/app/templates/dc/acls/roles/-form.hbs
index a703f1d571ac..e0f8324e6e74 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/roles/-form.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/roles/-form.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <form>
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/roles/edit.hbs b/ui/packages/consul-ui/app/templates/dc/acls/roles/edit.hbs
index 78168a73cc05..ece864ccdca7 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/roles/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/roles/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs
index 2a83e8224a5b..825c28881f41 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/roles/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets-legacy.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets-legacy.hbs
index dbe188fc2ff7..de0db32b2035 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets-legacy.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets-legacy.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
     <fieldset
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets.hbs
index 89ea6bd3c1e0..b3d36ffec1d8 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-fieldsets.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <fieldset
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-form.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-form.hbs
index de6b9dccf1ae..6cb1cfc46d3b 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/-form.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/-form.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <form>
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs
index 4960fdc1a1e1..caa75e3d65a6 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs b/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs
index 9fb37f50fa0a..70e4c98c45e8 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/tokens/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/intentions/edit.hbs b/ui/packages/consul-ui/app/templates/dc/intentions/edit.hbs
index 8f44fe34fd54..ef29038efd35 100644
--- a/ui/packages/consul-ui/app/templates/dc/intentions/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/intentions/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs b/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs
index b4d12269ca16..e34928e2f99b 100644
--- a/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/intentions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/kv/edit.hbs b/ui/packages/consul-ui/app/templates/dc/kv/edit.hbs
index 3278a55ea2a4..7d09254f9546 100644
--- a/ui/packages/consul-ui/app/templates/dc/kv/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/kv/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/kv/index.hbs b/ui/packages/consul-ui/app/templates/dc/kv/index.hbs
index c730f719b6d0..147fbd704e86 100644
--- a/ui/packages/consul-ui/app/templates/dc/kv/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/kv/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs
index 9e9f14d9be9c..56f7676c4924 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show.hbs
index 5b8aba956730..3c64b67d8da6 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs
index d073bd889eb4..d1dbf3d8ecab 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/healthchecks.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/index.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/index.hbs
index 9cecd7e83193..966db68ffec4 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/metadata.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/metadata.hbs
index 89cc3e12f4ff..cfb3589d7485 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show/metadata.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/metadata.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/rtt.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/rtt.hbs
index 3ce2159ca5ea..4280bfaefb6f 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show/rtt.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/rtt.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs
index 05499d8141c9..41926f6e3e50 100644
--- a/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/nodes/show/services.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/routing-config.hbs b/ui/packages/consul-ui/app/templates/dc/routing-config.hbs
index a141aad42450..b9cc67f9bf0c 100644
--- a/ui/packages/consul-ui/app/templates/dc/routing-config.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/routing-config.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/index.hbs b/ui/packages/consul-ui/app/templates/dc/services/index.hbs
index 37a73c419f7f..1e2a5d6604cd 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance.hbs
index 4926bbd609f8..6c70f45c981f 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/addresses.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/addresses.hbs
index 1dcc4819a629..4b0a9edae5f9 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance/addresses.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance/addresses.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs
index 0f04962d89f6..34c5d9ed1c6d 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance/exposedpaths.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/healthchecks.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/healthchecks.hbs
index c709bd91a201..baf404891767 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance/healthchecks.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance/healthchecks.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route @name={{routeName}} as |route|>
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/metadata.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/metadata.hbs
index 1b69aab03c8b..56cfcf4c4c4d 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance/metadata.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance/metadata.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs b/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs
index 7db110dd36db..45a282b59edf 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/instance/upstreams.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show.hbs b/ui/packages/consul-ui/app/templates/dc/services/show.hbs
index 18fa606c71f9..b96a15c7b1cb 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/index.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/index.hbs
index 391a2fc70a06..18260dcfd931 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs
index 8ea481e651a4..5525034df4de 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/instances.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/intentions.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/intentions.hbs
index ad4664bcd38c..5974acfca33e 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/intentions.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/intentions.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/intentions/edit.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/intentions/edit.hbs
index e8bd180c3051..40569d418e7c 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/intentions/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/intentions/edit.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs
index 92429b9abb97..5e1c794d9c9f 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/intentions/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/routing.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/routing.hbs
index 20e0c5c98240..afa6a186783e 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/routing.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/routing.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs
index 337490004596..67e75d9dbf57 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/services.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs
index 8d2e1f661ae7..e7b12d1a827c 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/tags.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/topology.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/topology.hbs
index 4354e1e3a887..84db9e5edbf9 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/topology.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/topology.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs b/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs
index 661c7e77b09e..590da6ce9288 100644
--- a/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/services/show/upstreams.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/show.hbs b/ui/packages/consul-ui/app/templates/dc/show.hbs
index 7d9b7462c4cf..f574aa5ffa03 100644
--- a/ui/packages/consul-ui/app/templates/dc/show.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/show.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/show/index.hbs b/ui/packages/consul-ui/app/templates/dc/show/index.hbs
index fe7d8ceb78e5..d4d7ac9d3262 100644
--- a/ui/packages/consul-ui/app/templates/dc/show/index.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/show/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/show/license.hbs b/ui/packages/consul-ui/app/templates/dc/show/license.hbs
index 669abf7fb0d4..88d5dc7a1d60 100644
--- a/ui/packages/consul-ui/app/templates/dc/show/license.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/show/license.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs b/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs
index 7f4ae6bb5ffe..1fee372ecabe 100644
--- a/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/show/serverstatus.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/debug.hbs b/ui/packages/consul-ui/app/templates/debug.hbs
index dbdff5ff8e5d..d63d176957a1 100644
--- a/ui/packages/consul-ui/app/templates/debug.hbs
+++ b/ui/packages/consul-ui/app/templates/debug.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{page-title 'Engineering Docs - Consul' separator=' - '}}
diff --git a/ui/packages/consul-ui/app/templates/error.hbs b/ui/packages/consul-ui/app/templates/error.hbs
index 196b78779640..65f6b6c954bb 100644
--- a/ui/packages/consul-ui/app/templates/error.hbs
+++ b/ui/packages/consul-ui/app/templates/error.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{#if error}}
diff --git a/ui/packages/consul-ui/app/templates/index.hbs b/ui/packages/consul-ui/app/templates/index.hbs
index ad4664bcd38c..5974acfca33e 100644
--- a/ui/packages/consul-ui/app/templates/index.hbs
+++ b/ui/packages/consul-ui/app/templates/index.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/loading.hbs b/ui/packages/consul-ui/app/templates/loading.hbs
index c7faa82f2bb8..5b30daf796e7 100644
--- a/ui/packages/consul-ui/app/templates/loading.hbs
+++ b/ui/packages/consul-ui/app/templates/loading.hbs
@@ -1,5 +1,5 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
diff --git a/ui/packages/consul-ui/app/templates/notfound.hbs b/ui/packages/consul-ui/app/templates/notfound.hbs
index 9e9a350a3f5a..ff16db6c209e 100644
--- a/ui/packages/consul-ui/app/templates/notfound.hbs
+++ b/ui/packages/consul-ui/app/templates/notfound.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/oauth-provider-debug.hbs b/ui/packages/consul-ui/app/templates/oauth-provider-debug.hbs
index ea9f223fdc2f..04eeac3d91a6 100644
--- a/ui/packages/consul-ui/app/templates/oauth-provider-debug.hbs
+++ b/ui/packages/consul-ui/app/templates/oauth-provider-debug.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/templates/settings.hbs b/ui/packages/consul-ui/app/templates/settings.hbs
index 66251636dcce..658744961197 100644
--- a/ui/packages/consul-ui/app/templates/settings.hbs
+++ b/ui/packages/consul-ui/app/templates/settings.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/app/utils/ascend.js b/ui/packages/consul-ui/app/utils/ascend.js
index 0c7fe354d261..95f3e79131d9 100644
--- a/ui/packages/consul-ui/app/utils/ascend.js
+++ b/ui/packages/consul-ui/app/utils/ascend.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (path, num) {
diff --git a/ui/packages/consul-ui/app/utils/atob.js b/ui/packages/consul-ui/app/utils/atob.js
index 4afb5cfe471f..d6849c3d8a79 100644
--- a/ui/packages/consul-ui/app/utils/atob.js
+++ b/ui/packages/consul-ui/app/utils/atob.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import base64js from 'base64-js';
diff --git a/ui/packages/consul-ui/app/utils/btoa.js b/ui/packages/consul-ui/app/utils/btoa.js
index ff7abdabc630..fb24fd9bd1c7 100644
--- a/ui/packages/consul-ui/app/utils/btoa.js
+++ b/ui/packages/consul-ui/app/utils/btoa.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import base64js from 'base64-js';
diff --git a/ui/packages/consul-ui/app/utils/callable-type.js b/ui/packages/consul-ui/app/utils/callable-type.js
index 33a5f5fd2023..e222f45b824e 100644
--- a/ui/packages/consul-ui/app/utils/callable-type.js
+++ b/ui/packages/consul-ui/app/utils/callable-type.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (obj) {
diff --git a/ui/packages/consul-ui/app/utils/create-fingerprinter.js b/ui/packages/consul-ui/app/utils/create-fingerprinter.js
index 738b89233ecc..30e779aa8499 100644
--- a/ui/packages/consul-ui/app/utils/create-fingerprinter.js
+++ b/ui/packages/consul-ui/app/utils/create-fingerprinter.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/distance.js b/ui/packages/consul-ui/app/utils/distance.js
index 099f9e8e1711..9b2f1c0e252e 100644
--- a/ui/packages/consul-ui/app/utils/distance.js
+++ b/ui/packages/consul-ui/app/utils/distance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // TODO: Istanbul is ignored for the moment as it's not mine,
diff --git a/ui/packages/consul-ui/app/utils/dom/click-first-anchor.js b/ui/packages/consul-ui/app/utils/dom/click-first-anchor.js
index 2f27a8c427c7..57f808073195 100644
--- a/ui/packages/consul-ui/app/utils/dom/click-first-anchor.js
+++ b/ui/packages/consul-ui/app/utils/dom/click-first-anchor.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 const clickEvent = function ($el) {
diff --git a/ui/packages/consul-ui/app/utils/dom/closest.js b/ui/packages/consul-ui/app/utils/dom/closest.js
index eaabea413418..625e95ffd238 100644
--- a/ui/packages/consul-ui/app/utils/dom/closest.js
+++ b/ui/packages/consul-ui/app/utils/dom/closest.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (sel, el) {
diff --git a/ui/packages/consul-ui/app/utils/dom/create-listeners.js b/ui/packages/consul-ui/app/utils/dom/create-listeners.js
index 81d48ca23946..9d9d240ead3a 100644
--- a/ui/packages/consul-ui/app/utils/dom/create-listeners.js
+++ b/ui/packages/consul-ui/app/utils/dom/create-listeners.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 class Listeners {
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/blocking.js b/ui/packages/consul-ui/app/utils/dom/event-source/blocking.js
index c5cf8c47b1fd..69781b89c3a5 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/blocking.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/blocking.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/cache.js b/ui/packages/consul-ui/app/utils/dom/event-source/cache.js
index 5427a72b49af..35d7f88aedca 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/cache.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/cache.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (source, DefaultEventSource, P = Promise) {
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/callable.js b/ui/packages/consul-ui/app/utils/dom/event-source/callable.js
index d96b40e79d47..83ffce264f35 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/callable.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/callable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export const defaultRunner = function (target, configuration, isClosed) {
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/index.js b/ui/packages/consul-ui/app/utils/dom/event-source/index.js
index f8b3dcffa82c..9448c9325f34 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/index.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import ObjectProxy from '@ember/object/proxy';
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/openable.js b/ui/packages/consul-ui/app/utils/dom/event-source/openable.js
index 0611663abe26..f5972cf1991c 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/openable.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/openable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/proxy.js b/ui/packages/consul-ui/app/utils/dom/event-source/proxy.js
index 963a7401c6d1..8b9fc08c608b 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/proxy.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/proxy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { get, set } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/resolver.js b/ui/packages/consul-ui/app/utils/dom/event-source/resolver.js
index 52560b9f318b..37d05dab0084 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/resolver.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/resolver.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (P = Promise) {
diff --git a/ui/packages/consul-ui/app/utils/dom/event-source/storage.js b/ui/packages/consul-ui/app/utils/dom/event-source/storage.js
index 66f56581f331..273203626de9 100644
--- a/ui/packages/consul-ui/app/utils/dom/event-source/storage.js
+++ b/ui/packages/consul-ui/app/utils/dom/event-source/storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (EventTarget, P = Promise) {
diff --git a/ui/packages/consul-ui/app/utils/dom/get-component-factory.js b/ui/packages/consul-ui/app/utils/dom/get-component-factory.js
index d10c486646fb..71605d9d55c8 100644
--- a/ui/packages/consul-ui/app/utils/dom/get-component-factory.js
+++ b/ui/packages/consul-ui/app/utils/dom/get-component-factory.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (owner, key = '-view-registry:main') {
diff --git a/ui/packages/consul-ui/app/utils/dom/is-outside.js b/ui/packages/consul-ui/app/utils/dom/is-outside.js
index ea52f0492851..b1434e418757 100644
--- a/ui/packages/consul-ui/app/utils/dom/is-outside.js
+++ b/ui/packages/consul-ui/app/utils/dom/is-outside.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (el, target, doc = document) {
diff --git a/ui/packages/consul-ui/app/utils/dom/normalize-event.js b/ui/packages/consul-ui/app/utils/dom/normalize-event.js
index 206fcee9dc5b..6bfd0c6a7d45 100644
--- a/ui/packages/consul-ui/app/utils/dom/normalize-event.js
+++ b/ui/packages/consul-ui/app/utils/dom/normalize-event.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (e, value, target = {}) {
diff --git a/ui/packages/consul-ui/app/utils/dom/qsa-factory.js b/ui/packages/consul-ui/app/utils/dom/qsa-factory.js
index fdaa675e9d89..e694d3bce358 100644
--- a/ui/packages/consul-ui/app/utils/dom/qsa-factory.js
+++ b/ui/packages/consul-ui/app/utils/dom/qsa-factory.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (doc = document) {
diff --git a/ui/packages/consul-ui/app/utils/dom/sibling.js b/ui/packages/consul-ui/app/utils/dom/sibling.js
index cd39e82ebb20..f0c4c7a39a7a 100644
--- a/ui/packages/consul-ui/app/utils/dom/sibling.js
+++ b/ui/packages/consul-ui/app/utils/dom/sibling.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (el, name) {
diff --git a/ui/packages/consul-ui/app/utils/editor/lint.js b/ui/packages/consul-ui/app/utils/editor/lint.js
index 4c3e824e44bb..a1ed2aa254a2 100644
--- a/ui/packages/consul-ui/app/utils/editor/lint.js
+++ b/ui/packages/consul-ui/app/utils/editor/lint.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*global CodeMirror*/
diff --git a/ui/packages/consul-ui/app/utils/filter/index.js b/ui/packages/consul-ui/app/utils/filter/index.js
index c46ec8452ca1..11e8f6f6f423 100644
--- a/ui/packages/consul-ui/app/utils/filter/index.js
+++ b/ui/packages/consul-ui/app/utils/filter/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import setHelpers from 'mnemonist/set';
diff --git a/ui/packages/consul-ui/app/utils/form/builder.js b/ui/packages/consul-ui/app/utils/form/builder.js
index 0d9572ec9c44..ee9ad69bf47e 100644
--- a/ui/packages/consul-ui/app/utils/form/builder.js
+++ b/ui/packages/consul-ui/app/utils/form/builder.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { get, set } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/form/changeset.js b/ui/packages/consul-ui/app/utils/form/changeset.js
index 0fd007267904..64f517f31762 100644
--- a/ui/packages/consul-ui/app/utils/form/changeset.js
+++ b/ui/packages/consul-ui/app/utils/form/changeset.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/get-environment.js b/ui/packages/consul-ui/app/utils/get-environment.js
index a4284a24f7d4..7c32f66ea218 100644
--- a/ui/packages/consul-ui/app/utils/get-environment.js
+++ b/ui/packages/consul-ui/app/utils/get-environment.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { runInDebug } from '@ember/debug';
diff --git a/ui/packages/consul-ui/app/utils/get-form-name-property.js b/ui/packages/consul-ui/app/utils/get-form-name-property.js
index b67f0a0c5d36..f4fe82a9c418 100644
--- a/ui/packages/consul-ui/app/utils/get-form-name-property.js
+++ b/ui/packages/consul-ui/app/utils/get-form-name-property.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (name) {
diff --git a/ui/packages/consul-ui/app/utils/helpers/call-if-type.js b/ui/packages/consul-ui/app/utils/helpers/call-if-type.js
index 440daab7d88c..ce1d32dc8c78 100644
--- a/ui/packages/consul-ui/app/utils/helpers/call-if-type.js
+++ b/ui/packages/consul-ui/app/utils/helpers/call-if-type.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (type) {
diff --git a/ui/packages/consul-ui/app/utils/http/consul.js b/ui/packages/consul-ui/app/utils/http/consul.js
index 6e30b4cb09c5..48de335bbf1e 100644
--- a/ui/packages/consul-ui/app/utils/http/consul.js
+++ b/ui/packages/consul-ui/app/utils/http/consul.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // TODO: Need to make all these headers capital case
diff --git a/ui/packages/consul-ui/app/utils/http/create-headers.js b/ui/packages/consul-ui/app/utils/http/create-headers.js
index 842e80895278..72bf9a9e3ba0 100644
--- a/ui/packages/consul-ui/app/utils/http/create-headers.js
+++ b/ui/packages/consul-ui/app/utils/http/create-headers.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function () {
diff --git a/ui/packages/consul-ui/app/utils/http/create-query-params.js b/ui/packages/consul-ui/app/utils/http/create-query-params.js
index 54c6b5486416..9141c02dde28 100644
--- a/ui/packages/consul-ui/app/utils/http/create-query-params.js
+++ b/ui/packages/consul-ui/app/utils/http/create-query-params.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (encode = encodeURIComponent) {
diff --git a/ui/packages/consul-ui/app/utils/http/create-url.js b/ui/packages/consul-ui/app/utils/http/create-url.js
index ad7e40d1c544..ecf7fef7b82b 100644
--- a/ui/packages/consul-ui/app/utils/http/create-url.js
+++ b/ui/packages/consul-ui/app/utils/http/create-url.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // const METHOD_PARSING = 0;
diff --git a/ui/packages/consul-ui/app/utils/http/error.js b/ui/packages/consul-ui/app/utils/http/error.js
index 7bfbddb8a50d..8e4b0ff49ac3 100644
--- a/ui/packages/consul-ui/app/utils/http/error.js
+++ b/ui/packages/consul-ui/app/utils/http/error.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default class extends Error {
diff --git a/ui/packages/consul-ui/app/utils/http/headers.js b/ui/packages/consul-ui/app/utils/http/headers.js
index bdd5802ed608..90cd85627f31 100644
--- a/ui/packages/consul-ui/app/utils/http/headers.js
+++ b/ui/packages/consul-ui/app/utils/http/headers.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export const CACHE_CONTROL = 'Cache-Control';
diff --git a/ui/packages/consul-ui/app/utils/http/method.js b/ui/packages/consul-ui/app/utils/http/method.js
index 9ed76983133d..fdf2d319082f 100644
--- a/ui/packages/consul-ui/app/utils/http/method.js
+++ b/ui/packages/consul-ui/app/utils/http/method.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export const PUT = 'PUT';
diff --git a/ui/packages/consul-ui/app/utils/http/request.js b/ui/packages/consul-ui/app/utils/http/request.js
index 3388566d861e..6933fd0c35e3 100644
--- a/ui/packages/consul-ui/app/utils/http/request.js
+++ b/ui/packages/consul-ui/app/utils/http/request.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import EventTarget from 'consul-ui/utils/dom/event-target/rsvp';
diff --git a/ui/packages/consul-ui/app/utils/http/status.js b/ui/packages/consul-ui/app/utils/http/status.js
index be6816ee2a55..8d5f59d43511 100644
--- a/ui/packages/consul-ui/app/utils/http/status.js
+++ b/ui/packages/consul-ui/app/utils/http/status.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export const OK = 200;
diff --git a/ui/packages/consul-ui/app/utils/http/xhr.js b/ui/packages/consul-ui/app/utils/http/xhr.js
index fcb688ed9c60..0698f54e0520 100644
--- a/ui/packages/consul-ui/app/utils/http/xhr.js
+++ b/ui/packages/consul-ui/app/utils/http/xhr.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (parseHeaders, XHR) {
diff --git a/ui/packages/consul-ui/app/utils/intl/missing-message.js b/ui/packages/consul-ui/app/utils/intl/missing-message.js
index a638cb7eddcf..17a78fea9919 100644
--- a/ui/packages/consul-ui/app/utils/intl/missing-message.js
+++ b/ui/packages/consul-ui/app/utils/intl/missing-message.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint no-console: ["error", { allow: ["debug"] }] */
diff --git a/ui/packages/consul-ui/app/utils/isFolder.js b/ui/packages/consul-ui/app/utils/isFolder.js
index 55e8379c8c6e..7b507b394111 100644
--- a/ui/packages/consul-ui/app/utils/isFolder.js
+++ b/ui/packages/consul-ui/app/utils/isFolder.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // Boolean if the key is a "folder" or not, i.e is a nested key
diff --git a/ui/packages/consul-ui/app/utils/keyToArray.js b/ui/packages/consul-ui/app/utils/keyToArray.js
index 763075ca3151..632cf56a1ef9 100644
--- a/ui/packages/consul-ui/app/utils/keyToArray.js
+++ b/ui/packages/consul-ui/app/utils/keyToArray.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/utils/left-trim.js b/ui/packages/consul-ui/app/utils/left-trim.js
index 324412d83151..1014e0cc7529 100644
--- a/ui/packages/consul-ui/app/utils/left-trim.js
+++ b/ui/packages/consul-ui/app/utils/left-trim.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function leftTrim(str = '', search = '') {
diff --git a/ui/packages/consul-ui/app/utils/maybe-call.js b/ui/packages/consul-ui/app/utils/maybe-call.js
index c91bb3db8ea4..54629d5f1b5b 100644
--- a/ui/packages/consul-ui/app/utils/maybe-call.js
+++ b/ui/packages/consul-ui/app/utils/maybe-call.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/utils/merge-checks.js b/ui/packages/consul-ui/app/utils/merge-checks.js
index ec26d0496c4e..2c8b69996ba1 100644
--- a/ui/packages/consul-ui/app/utils/merge-checks.js
+++ b/ui/packages/consul-ui/app/utils/merge-checks.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { get, set } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/minimizeModel.js b/ui/packages/consul-ui/app/utils/minimizeModel.js
index cec582a6f4ea..f3a11020c1e5 100644
--- a/ui/packages/consul-ui/app/utils/minimizeModel.js
+++ b/ui/packages/consul-ui/app/utils/minimizeModel.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/non-empty-set.js b/ui/packages/consul-ui/app/utils/non-empty-set.js
index 62767b5876fc..195db7ba26fe 100644
--- a/ui/packages/consul-ui/app/utils/non-empty-set.js
+++ b/ui/packages/consul-ui/app/utils/non-empty-set.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (prop) {
diff --git a/ui/packages/consul-ui/app/utils/path/resolve.js b/ui/packages/consul-ui/app/utils/path/resolve.js
index 358e21e927f0..71e40e62f33d 100644
--- a/ui/packages/consul-ui/app/utils/path/resolve.js
+++ b/ui/packages/consul-ui/app/utils/path/resolve.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /**
diff --git a/ui/packages/consul-ui/app/utils/promisedTimeout.js b/ui/packages/consul-ui/app/utils/promisedTimeout.js
index 5fc9b2d349e9..12f9cc5dc317 100644
--- a/ui/packages/consul-ui/app/utils/promisedTimeout.js
+++ b/ui/packages/consul-ui/app/utils/promisedTimeout.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (P = Promise, timeout = setTimeout) {
diff --git a/ui/packages/consul-ui/app/utils/right-trim.js b/ui/packages/consul-ui/app/utils/right-trim.js
index 9377126f5320..1b388fc75328 100644
--- a/ui/packages/consul-ui/app/utils/right-trim.js
+++ b/ui/packages/consul-ui/app/utils/right-trim.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function rightTrim(str = '', search = '') {
diff --git a/ui/packages/consul-ui/app/utils/routing/redirect-to.js b/ui/packages/consul-ui/app/utils/routing/redirect-to.js
index d8c3584af8f0..8feceb97aefb 100644
--- a/ui/packages/consul-ui/app/utils/routing/redirect-to.js
+++ b/ui/packages/consul-ui/app/utils/routing/redirect-to.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (to, route) {
diff --git a/ui/packages/consul-ui/app/utils/routing/transitionable.js b/ui/packages/consul-ui/app/utils/routing/transitionable.js
index 559d03e282ee..48469f27b6ba 100644
--- a/ui/packages/consul-ui/app/utils/routing/transitionable.js
+++ b/ui/packages/consul-ui/app/utils/routing/transitionable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 const filter = function (routeName, atts, params) {
diff --git a/ui/packages/consul-ui/app/utils/routing/walk.js b/ui/packages/consul-ui/app/utils/routing/walk.js
index 52320146ba0e..516d03336c89 100644
--- a/ui/packages/consul-ui/app/utils/routing/walk.js
+++ b/ui/packages/consul-ui/app/utils/routing/walk.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { runInDebug } from '@ember/debug';
diff --git a/ui/packages/consul-ui/app/utils/routing/wildcard.js b/ui/packages/consul-ui/app/utils/routing/wildcard.js
index 327bdcd24f70..effe9d52dbeb 100644
--- a/ui/packages/consul-ui/app/utils/routing/wildcard.js
+++ b/ui/packages/consul-ui/app/utils/routing/wildcard.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { get } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/utils/search/exact.js b/ui/packages/consul-ui/app/utils/search/exact.js
index 5c75251379fb..63bf94950204 100644
--- a/ui/packages/consul-ui/app/utils/search/exact.js
+++ b/ui/packages/consul-ui/app/utils/search/exact.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import PredicateSearch from './predicate';
diff --git a/ui/packages/consul-ui/app/utils/search/fuzzy.js b/ui/packages/consul-ui/app/utils/search/fuzzy.js
index 670f10eda1e1..6fcd85bf5758 100644
--- a/ui/packages/consul-ui/app/utils/search/fuzzy.js
+++ b/ui/packages/consul-ui/app/utils/search/fuzzy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Fuse from 'fuse.js';
diff --git a/ui/packages/consul-ui/app/utils/search/predicate.js b/ui/packages/consul-ui/app/utils/search/predicate.js
index 5f8e0fe7ba5a..81f88f197df6 100644
--- a/ui/packages/consul-ui/app/utils/search/predicate.js
+++ b/ui/packages/consul-ui/app/utils/search/predicate.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default class PredicateSearch {
diff --git a/ui/packages/consul-ui/app/utils/search/regexp.js b/ui/packages/consul-ui/app/utils/search/regexp.js
index bec9f5c95fc9..594b3158f282 100644
--- a/ui/packages/consul-ui/app/utils/search/regexp.js
+++ b/ui/packages/consul-ui/app/utils/search/regexp.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import PredicateSearch from './predicate';
diff --git a/ui/packages/consul-ui/app/utils/storage/local-storage.js b/ui/packages/consul-ui/app/utils/storage/local-storage.js
index 8da8946aa524..b9da10a9ce62 100644
--- a/ui/packages/consul-ui/app/utils/storage/local-storage.js
+++ b/ui/packages/consul-ui/app/utils/storage/local-storage.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/app/utils/templatize.js b/ui/packages/consul-ui/app/utils/templatize.js
index 9cd9cb1c5970..439a8509b50c 100644
--- a/ui/packages/consul-ui/app/utils/templatize.js
+++ b/ui/packages/consul-ui/app/utils/templatize.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (arr = []) {
diff --git a/ui/packages/consul-ui/app/utils/ticker/index.js b/ui/packages/consul-ui/app/utils/ticker/index.js
index 7c478ad9c513..98e6f5e3d408 100644
--- a/ui/packages/consul-ui/app/utils/ticker/index.js
+++ b/ui/packages/consul-ui/app/utils/ticker/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import EventTarget from 'consul-ui/utils/dom/event-target/rsvp';
diff --git a/ui/packages/consul-ui/app/utils/tomography.js b/ui/packages/consul-ui/app/utils/tomography.js
index 0ebf422220a3..d8550ef31717 100644
--- a/ui/packages/consul-ui/app/utils/tomography.js
+++ b/ui/packages/consul-ui/app/utils/tomography.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // TODO: Istanbul is ignored for the moment as it's not mine,
diff --git a/ui/packages/consul-ui/app/utils/ucfirst.js b/ui/packages/consul-ui/app/utils/ucfirst.js
index ca55892670bd..2a107007b8f6 100644
--- a/ui/packages/consul-ui/app/utils/ucfirst.js
+++ b/ui/packages/consul-ui/app/utils/ucfirst.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (str) {
diff --git a/ui/packages/consul-ui/app/utils/update-array-object.js b/ui/packages/consul-ui/app/utils/update-array-object.js
index 4a98f9980fdd..07034b5aaff8 100644
--- a/ui/packages/consul-ui/app/utils/update-array-object.js
+++ b/ui/packages/consul-ui/app/utils/update-array-object.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { get, set } from '@ember/object';
diff --git a/ui/packages/consul-ui/app/validations/intention-permission-http-header.js b/ui/packages/consul-ui/app/validations/intention-permission-http-header.js
index 931529a585ab..ab561f0e40ad 100644
--- a/ui/packages/consul-ui/app/validations/intention-permission-http-header.js
+++ b/ui/packages/consul-ui/app/validations/intention-permission-http-header.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { validatePresence } from 'ember-changeset-validations/validators';
diff --git a/ui/packages/consul-ui/app/validations/intention-permission.js b/ui/packages/consul-ui/app/validations/intention-permission.js
index 9e2194e7917d..c577da2b5b85 100644
--- a/ui/packages/consul-ui/app/validations/intention-permission.js
+++ b/ui/packages/consul-ui/app/validations/intention-permission.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import {
diff --git a/ui/packages/consul-ui/app/validations/intention.js b/ui/packages/consul-ui/app/validations/intention.js
index bfc0960b1f7e..1029901056dd 100644
--- a/ui/packages/consul-ui/app/validations/intention.js
+++ b/ui/packages/consul-ui/app/validations/intention.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { validatePresence, validateLength } from 'ember-changeset-validations/validators';
diff --git a/ui/packages/consul-ui/app/validations/kv.js b/ui/packages/consul-ui/app/validations/kv.js
index ffccec1d76ed..459ea5292670 100644
--- a/ui/packages/consul-ui/app/validations/kv.js
+++ b/ui/packages/consul-ui/app/validations/kv.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { validatePresence, validateLength } from 'ember-changeset-validations/validators';
diff --git a/ui/packages/consul-ui/app/validations/policy.js b/ui/packages/consul-ui/app/validations/policy.js
index 4c0b1ba50bb0..bf43615580cc 100644
--- a/ui/packages/consul-ui/app/validations/policy.js
+++ b/ui/packages/consul-ui/app/validations/policy.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { validateFormat } from 'ember-changeset-validations/validators';
diff --git a/ui/packages/consul-ui/app/validations/role.js b/ui/packages/consul-ui/app/validations/role.js
index e7fb655999d5..01898d2ab07a 100644
--- a/ui/packages/consul-ui/app/validations/role.js
+++ b/ui/packages/consul-ui/app/validations/role.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { validateFormat } from 'ember-changeset-validations/validators';
diff --git a/ui/packages/consul-ui/app/validations/sometimes.js b/ui/packages/consul-ui/app/validations/sometimes.js
index d32ee3e9dffa..7aaf58fd503a 100644
--- a/ui/packages/consul-ui/app/validations/sometimes.js
+++ b/ui/packages/consul-ui/app/validations/sometimes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint-disable no-prototype-builtins */
diff --git a/ui/packages/consul-ui/app/validations/token.js b/ui/packages/consul-ui/app/validations/token.js
index 21717bcb3fdd..092ac8f54e88 100644
--- a/ui/packages/consul-ui/app/validations/token.js
+++ b/ui/packages/consul-ui/app/validations/token.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default {};
diff --git a/ui/packages/consul-ui/blueprints/adapter-test/index.js b/ui/packages/consul-ui/blueprints/adapter-test/index.js
index 8f832005f3ff..0ce9928190e3 100644
--- a/ui/packages/consul-ui/blueprints/adapter-test/index.js
+++ b/ui/packages/consul-ui/blueprints/adapter-test/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/integration/adapters/__test__.js b/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/integration/adapters/__test__.js
index ad0ab0b79806..2742ef8596b7 100644
--- a/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/integration/adapters/__test__.js
+++ b/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/integration/adapters/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/unit/adapters/__test__.js b/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/unit/adapters/__test__.js
index 89a2c27facbc..904be2bfcc77 100644
--- a/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/unit/adapters/__test__.js
+++ b/ui/packages/consul-ui/blueprints/adapter-test/qunit-files/__root__/__path__/unit/adapters/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/adapter/files/__root__/__path__/__name__.js b/ui/packages/consul-ui/blueprints/adapter/files/__root__/__path__/__name__.js
index c3d1b3a58df4..9639e65b306e 100644
--- a/ui/packages/consul-ui/blueprints/adapter/files/__root__/__path__/__name__.js
+++ b/ui/packages/consul-ui/blueprints/adapter/files/__root__/__path__/__name__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Adapter from './application';
diff --git a/ui/packages/consul-ui/blueprints/adapter/index.js b/ui/packages/consul-ui/blueprints/adapter/index.js
index 6abbb5cd75bf..95dae5d4c66b 100644
--- a/ui/packages/consul-ui/blueprints/adapter/index.js
+++ b/ui/packages/consul-ui/blueprints/adapter/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/blueprints/component/files/__root__/__templatepath__/__templatename__.hbs b/ui/packages/consul-ui/blueprints/component/files/__root__/__templatepath__/__templatename__.hbs
index 4c7b4919504a..fca792f507c0 100644
--- a/ui/packages/consul-ui/blueprints/component/files/__root__/__templatepath__/__templatename__.hbs
+++ b/ui/packages/consul-ui/blueprints/component/files/__root__/__templatepath__/__templatename__.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 {{yield}}
diff --git a/ui/packages/consul-ui/blueprints/component/index.js b/ui/packages/consul-ui/blueprints/component/index.js
index d09784b46b09..e8a9a5843541 100644
--- a/ui/packages/consul-ui/blueprints/component/index.js
+++ b/ui/packages/consul-ui/blueprints/component/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 module.exports = Object.assign(require('ember-source/blueprints/component/index.js'));
diff --git a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__.scss b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__.scss
index f3b2523ee741..d300819f788e 100644
--- a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__.scss
+++ b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './<%= dasherizedModuleName %>/index';
diff --git a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/index.scss b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/index.scss
index 981c57196e01..c447606291f2 100644
--- a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/index.scss
+++ b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/index.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 @import './skin';
diff --git a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/layout.scss b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/layout.scss
index 0937c16e84de..b3eb6ad825ac 100644
--- a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/layout.scss
+++ b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/layout.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %<%= dasherizedModuleName %> {
diff --git a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/skin.scss b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/skin.scss
index dbdca6fcf179..bb4874940a05 100644
--- a/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/skin.scss
+++ b/ui/packages/consul-ui/blueprints/css-component/files/__root__/__path__/__name__/skin.scss
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 %<%= dasherizedModuleName %> {
diff --git a/ui/packages/consul-ui/blueprints/css-component/index.js b/ui/packages/consul-ui/blueprints/css-component/index.js
index 7c78cda38cce..d1b2d2f2108e 100644
--- a/ui/packages/consul-ui/blueprints/css-component/index.js
+++ b/ui/packages/consul-ui/blueprints/css-component/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/blueprints/model-test/index.js b/ui/packages/consul-ui/blueprints/model-test/index.js
index f150de2c13eb..48b8fc51b8f0 100644
--- a/ui/packages/consul-ui/blueprints/model-test/index.js
+++ b/ui/packages/consul-ui/blueprints/model-test/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/blueprints/model-test/qunit-files/__root__/__path__/unit/models/__test__.js b/ui/packages/consul-ui/blueprints/model-test/qunit-files/__root__/__path__/unit/models/__test__.js
index d59a0b3f0042..57afdbaa9281 100644
--- a/ui/packages/consul-ui/blueprints/model-test/qunit-files/__root__/__path__/unit/models/__test__.js
+++ b/ui/packages/consul-ui/blueprints/model-test/qunit-files/__root__/__path__/unit/models/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/model/files/__root__/__path__/__name__.js b/ui/packages/consul-ui/blueprints/model/files/__root__/__path__/__name__.js
index 9a5f9b0e8d78..54491b6032e1 100644
--- a/ui/packages/consul-ui/blueprints/model/files/__root__/__path__/__name__.js
+++ b/ui/packages/consul-ui/blueprints/model/files/__root__/__path__/__name__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Model from 'ember-data/model';
diff --git a/ui/packages/consul-ui/blueprints/model/index.js b/ui/packages/consul-ui/blueprints/model/index.js
index 8e6dbb641b8e..5d29eb715a99 100644
--- a/ui/packages/consul-ui/blueprints/model/index.js
+++ b/ui/packages/consul-ui/blueprints/model/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/blueprints/repository-test/index.js b/ui/packages/consul-ui/blueprints/repository-test/index.js
index 31299be1fd09..caec388bcaa3 100644
--- a/ui/packages/consul-ui/blueprints/repository-test/index.js
+++ b/ui/packages/consul-ui/blueprints/repository-test/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/integration/services/repository/__test__.js b/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/integration/services/repository/__test__.js
index c35831f7cb98..2e49a974ec68 100644
--- a/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/integration/services/repository/__test__.js
+++ b/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/integration/services/repository/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { moduleFor, test } from 'ember-qunit';
diff --git a/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/unit/services/repository/__test__.js b/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/unit/services/repository/__test__.js
index 0c5c7cf4ec92..e0cbd6ca16d9 100644
--- a/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/unit/services/repository/__test__.js
+++ b/ui/packages/consul-ui/blueprints/repository-test/qunit-files/__root__/__path__/unit/services/repository/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/repository/files/__root__/__path__/__name__.js b/ui/packages/consul-ui/blueprints/repository/files/__root__/__path__/__name__.js
index 56f8263c0de6..5467bd951ae0 100644
--- a/ui/packages/consul-ui/blueprints/repository/files/__root__/__path__/__name__.js
+++ b/ui/packages/consul-ui/blueprints/repository/files/__root__/__path__/__name__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import RepositoryService from 'consul-ui/services/repository';
diff --git a/ui/packages/consul-ui/blueprints/repository/index.js b/ui/packages/consul-ui/blueprints/repository/index.js
index 6c1dd01abc74..dc6e16b271e2 100644
--- a/ui/packages/consul-ui/blueprints/repository/index.js
+++ b/ui/packages/consul-ui/blueprints/repository/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/blueprints/route-test/index.js b/ui/packages/consul-ui/blueprints/route-test/index.js
index 8474fc5b600b..3af54990cca0 100644
--- a/ui/packages/consul-ui/blueprints/route-test/index.js
+++ b/ui/packages/consul-ui/blueprints/route-test/index.js
@@ -1,4 +1,4 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
diff --git a/ui/packages/consul-ui/blueprints/route/index.js b/ui/packages/consul-ui/blueprints/route/index.js
index aaa76f8c46c1..fd258728874d 100644
--- a/ui/packages/consul-ui/blueprints/route/index.js
+++ b/ui/packages/consul-ui/blueprints/route/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint-env node */
diff --git a/ui/packages/consul-ui/blueprints/route/native-files/__root__/__templatepath__/__templatename__.hbs b/ui/packages/consul-ui/blueprints/route/native-files/__root__/__templatepath__/__templatename__.hbs
index 864de38d70cb..643b356c88b8 100644
--- a/ui/packages/consul-ui/blueprints/route/native-files/__root__/__templatepath__/__templatename__.hbs
+++ b/ui/packages/consul-ui/blueprints/route/native-files/__root__/__templatepath__/__templatename__.hbs
@@ -1,6 +1,6 @@
 {{!
   Copyright (c) HashiCorp, Inc.
-  SPDX-License-Identifier: BUSL-1.1
+  SPDX-License-Identifier: MPL-2.0
 }}
 
 <Route
diff --git a/ui/packages/consul-ui/blueprints/serializer-test/index.js b/ui/packages/consul-ui/blueprints/serializer-test/index.js
index 15fb83f02939..98400441bb67 100644
--- a/ui/packages/consul-ui/blueprints/serializer-test/index.js
+++ b/ui/packages/consul-ui/blueprints/serializer-test/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/integration/serializers/__test__.js b/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/integration/serializers/__test__.js
index 836591cad32e..412fc70c816d 100644
--- a/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/integration/serializers/__test__.js
+++ b/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/integration/serializers/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/unit/serializers/__test__.js b/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/unit/serializers/__test__.js
index 1335f1c0c877..8a65c26d50da 100644
--- a/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/unit/serializers/__test__.js
+++ b/ui/packages/consul-ui/blueprints/serializer-test/qunit-files/__root__/__path__/unit/serializers/__test__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/blueprints/serializer/files/__root__/__path__/__name__.js b/ui/packages/consul-ui/blueprints/serializer/files/__root__/__path__/__name__.js
index ea3d43baa6e6..dd9dd41a097d 100644
--- a/ui/packages/consul-ui/blueprints/serializer/files/__root__/__path__/__name__.js
+++ b/ui/packages/consul-ui/blueprints/serializer/files/__root__/__path__/__name__.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Serializer from './application';
diff --git a/ui/packages/consul-ui/blueprints/serializer/index.js b/ui/packages/consul-ui/blueprints/serializer/index.js
index 7109e43af70b..024ba58bf19a 100644
--- a/ui/packages/consul-ui/blueprints/serializer/index.js
+++ b/ui/packages/consul-ui/blueprints/serializer/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/config/deprecation-workflow.js b/ui/packages/consul-ui/config/deprecation-workflow.js
index b0b4d1299d0b..fa35fd3fe93f 100644
--- a/ui/packages/consul-ui/config/deprecation-workflow.js
+++ b/ui/packages/consul-ui/config/deprecation-workflow.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint-disable no-undef */
diff --git a/ui/packages/consul-ui/config/ember-intl.js b/ui/packages/consul-ui/config/ember-intl.js
index e8cf4f4c7564..ecb20e0adb9b 100644
--- a/ui/packages/consul-ui/config/ember-intl.js
+++ b/ui/packages/consul-ui/config/ember-intl.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* jshint node:true */
diff --git a/ui/packages/consul-ui/config/environment.js b/ui/packages/consul-ui/config/environment.js
index b694f7e894ec..1a02cf8d5668 100644
--- a/ui/packages/consul-ui/config/environment.js
+++ b/ui/packages/consul-ui/config/environment.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // All of the configuration here is shared between buildtime and runtime and
diff --git a/ui/packages/consul-ui/config/targets.js b/ui/packages/consul-ui/config/targets.js
index 0eaba1021893..97bbb306de4e 100644
--- a/ui/packages/consul-ui/config/targets.js
+++ b/ui/packages/consul-ui/config/targets.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/config/utils.js b/ui/packages/consul-ui/config/utils.js
index 0b43caee75bb..aebed969fbaa 100644
--- a/ui/packages/consul-ui/config/utils.js
+++ b/ui/packages/consul-ui/config/utils.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 const read = require('fs').readFileSync;
diff --git a/ui/packages/consul-ui/ember-cli-build.js b/ui/packages/consul-ui/ember-cli-build.js
index c483cbf678aa..9bbe5dc0bf0a 100644
--- a/ui/packages/consul-ui/ember-cli-build.js
+++ b/ui/packages/consul-ui/ember-cli-build.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*eslint ember/no-jquery: "off", ember/no-global-jquery: "off"*/
diff --git a/ui/packages/consul-ui/lib/.eslintrc.js b/ui/packages/consul-ui/lib/.eslintrc.js
index 44a958908fe4..d9cd7d7b77a6 100644
--- a/ui/packages/consul-ui/lib/.eslintrc.js
+++ b/ui/packages/consul-ui/lib/.eslintrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 module.exports = {
diff --git a/ui/packages/consul-ui/lib/colocated-components/index.js b/ui/packages/consul-ui/lib/colocated-components/index.js
index b388833dce2a..fe162a843a88 100644
--- a/ui/packages/consul-ui/lib/colocated-components/index.js
+++ b/ui/packages/consul-ui/lib/colocated-components/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/lib/commands/bin/list.js b/ui/packages/consul-ui/lib/commands/bin/list.js
index a4b9c575b8ec..5d81554b34a5 100755
--- a/ui/packages/consul-ui/lib/commands/bin/list.js
+++ b/ui/packages/consul-ui/lib/commands/bin/list.js
@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 require('../lib/list.js')(`${process.cwd()}/tests/steps.js`);
diff --git a/ui/packages/consul-ui/lib/commands/index.js b/ui/packages/consul-ui/lib/commands/index.js
index 7a5249938942..24af425f7155 100644
--- a/ui/packages/consul-ui/lib/commands/index.js
+++ b/ui/packages/consul-ui/lib/commands/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint no-console: "off" */
diff --git a/ui/packages/consul-ui/lib/commands/lib/list.js b/ui/packages/consul-ui/lib/commands/lib/list.js
index ce067d41785e..35569b29a5da 100644
--- a/ui/packages/consul-ui/lib/commands/lib/list.js
+++ b/ui/packages/consul-ui/lib/commands/lib/list.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint no-console: "off" */
diff --git a/ui/packages/consul-ui/lib/custom-element/index.js b/ui/packages/consul-ui/lib/custom-element/index.js
index 0029bd6e1cf0..0744fcf7aa29 100644
--- a/ui/packages/consul-ui/lib/custom-element/index.js
+++ b/ui/packages/consul-ui/lib/custom-element/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 'use strict';
diff --git a/ui/packages/consul-ui/lib/startup/index.js b/ui/packages/consul-ui/lib/startup/index.js
index c35697b23ef8..e7947fb19ced 100644
--- a/ui/packages/consul-ui/lib/startup/index.js
+++ b/ui/packages/consul-ui/lib/startup/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint-env node */
diff --git a/ui/packages/consul-ui/lib/startup/templates/body.html.js b/ui/packages/consul-ui/lib/startup/templates/body.html.js
index 93d25f96018b..f8312009db59 100644
--- a/ui/packages/consul-ui/lib/startup/templates/body.html.js
+++ b/ui/packages/consul-ui/lib/startup/templates/body.html.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // rootURL in production equals `{{.ContentPath}}` and therefore is replaced
diff --git a/ui/packages/consul-ui/lib/startup/templates/head.html.js b/ui/packages/consul-ui/lib/startup/templates/head.html.js
index 2b5f8424d7e9..22e6006f8adc 100644
--- a/ui/packages/consul-ui/lib/startup/templates/head.html.js
+++ b/ui/packages/consul-ui/lib/startup/templates/head.html.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // rootURL in production equals `{{.ContentPath}}` and therefore is replaced
diff --git a/ui/packages/consul-ui/node-tests/config/environment.js b/ui/packages/consul-ui/node-tests/config/environment.js
index 4779500d63ac..60eecbbae87c 100644
--- a/ui/packages/consul-ui/node-tests/config/environment.js
+++ b/ui/packages/consul-ui/node-tests/config/environment.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint-env node */
diff --git a/ui/packages/consul-ui/node-tests/config/utils.js b/ui/packages/consul-ui/node-tests/config/utils.js
index 76050e5bf3cf..eb072ada1bf5 100644
--- a/ui/packages/consul-ui/node-tests/config/utils.js
+++ b/ui/packages/consul-ui/node-tests/config/utils.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint-env node */
diff --git a/ui/packages/consul-ui/server/index.js b/ui/packages/consul-ui/server/index.js
index f708225412d2..009aade9afba 100644
--- a/ui/packages/consul-ui/server/index.js
+++ b/ui/packages/consul-ui/server/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*eslint node/no-extraneous-require: "off"*/
diff --git a/ui/packages/consul-ui/tailwind.config.js b/ui/packages/consul-ui/tailwind.config.js
index fce13d56ec38..73179891f503 100644
--- a/ui/packages/consul-ui/tailwind.config.js
+++ b/ui/packages/consul-ui/tailwind.config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /** @type {import('tailwindcss').Config} */
diff --git a/ui/packages/consul-ui/testem.js b/ui/packages/consul-ui/testem.js
index f1eb56984053..07f94acd6a54 100644
--- a/ui/packages/consul-ui/testem.js
+++ b/ui/packages/consul-ui/testem.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 module.exports = {
diff --git a/ui/packages/consul-ui/tests/acceptance/hcp-login-test.js b/ui/packages/consul-ui/tests/acceptance/hcp-login-test.js
index 4c401f80ce38..3914de0e254e 100644
--- a/ui/packages/consul-ui/tests/acceptance/hcp-login-test.js
+++ b/ui/packages/consul-ui/tests/acceptance/hcp-login-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/api-prefix-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/api-prefix-steps.js
index 34f897464f31..e3966b705609 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/api-prefix-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/api-prefix-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/acl-filter-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/acl-filter-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/acl-filter-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/acl-filter-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-filter-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-filter-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-filter-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-filter-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-toolbar-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-toolbar-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-toolbar-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/catalog-toolbar-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/copy-button-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/copy-button-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/copy-button-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/copy-button-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/kv-filter-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/kv-filter-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/kv-filter-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/kv-filter-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/components/text-input-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/components/text-input-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/components/text-input-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/components/text-input-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/access-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/access-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/access-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/access-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/index-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/navigation-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/sorting-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/auth-methods/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/index-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/list-order-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/list-order-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/list-order-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/list-order-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-existing-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-existing-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-existing-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-existing-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-new-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-new-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-new-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/add-new-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/list-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/nspaces-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/nspaces-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/nspaces-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/nspaces-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/remove-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/remove-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/remove-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/remove-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/reset-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/reset-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/reset-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/as-many/reset-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/create-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/delete-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/index-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/navigation-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/sorting-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/update-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-management-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-management-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-management-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-management-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-existing-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-existing-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-existing-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-existing-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-new-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-new-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-new-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/add-new-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/list-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/remove-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/remove-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/remove-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/as-many/remove-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/create-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/index-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/navigation-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/sorting-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/update-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/roles/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/anonymous-no-delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/anonymous-no-delete-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/anonymous-no-delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/anonymous-no-delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/clone-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/clone-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/clone-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/clone-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/create-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/index-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/legacy/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/legacy/update-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/legacy/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/legacy/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-errors-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-errors-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-errors-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-errors-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/login-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/navigation-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/own-no-delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/own-no-delete-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/own-no-delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/own-no-delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/sorting-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/update-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/use-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/use-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/use-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/tokens/use-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/update-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/use-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/use-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/use-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/use-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/error-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/error-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/error-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/error-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/forwarding-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/forwarding-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/forwarding-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/forwarding-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/index-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/create-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/delete-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/filtered-select-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/filtered-select-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/filtered-select-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/filtered-select-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/form-select-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/form-select-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/form-select-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/form-select-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/index-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/navigation-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/create-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/warn-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/warn-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/warn-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/permissions/warn-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/read-only-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/read-only-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/read-only-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/read-only-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/sorting-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/update-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/intentions/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kv/index/view-kvs-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kv/index/view-kvs-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kv/index/view-kvs-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kv/index/view-kvs-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/create-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/delete-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/edit-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/edit-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/edit-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/edit-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/index-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/list-order-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/list-order-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/list-order-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/list-order-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/sessions/invalidate-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/sessions/invalidate-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/sessions/invalidate-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/sessions/invalidate-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/trailing-slash-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/trailing-slash-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/trailing-slash-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/trailing-slash-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/update-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/kvs/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/list-blocking-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/list-blocking-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/list-blocking-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/list-blocking-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/list-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/empty-ids-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/empty-ids-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/empty-ids-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/empty-ids-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index/view-nodes-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index/view-nodes-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index/view-nodes-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/index/view-nodes-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/navigation-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/no-leader-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/no-leader-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/no-leader-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/no-leader-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/services/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/services/list-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/services/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/services/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/invalidate-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/invalidate-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/invalidate-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/invalidate-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/list-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sessions/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show/health-checks-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show/health-checks-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show/health-checks-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/show/health-checks-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sorting-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nodes/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/create-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/delete-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/index-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/manage-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/manage-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/manage-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/manage-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/sorting-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/update-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/nspaces/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/create-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/delete-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/delete-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/delete-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/delete-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/establish-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/establish-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/establish-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/establish-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/index-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/regenerate-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/regenerate-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/regenerate-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/regenerate-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/show-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/show-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/show-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/peers/show-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/routing-config-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/routing-config-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/routing-config-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/routing-config-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/dc-switch-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/dc-switch-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/dc-switch-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/dc-switch-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/error-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/error-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/error-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/error-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index/view-services-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index/view-services-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index/view-services-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/index/view-services-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/error-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/error-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/error-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/error-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/exposed-paths-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/exposed-paths-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/exposed-paths-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/exposed-paths-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/gateway-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/gateway-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/gateway-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/gateway-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/health-checks-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/health-checks-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/health-checks-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/health-checks-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/navigation-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/proxy-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/proxy-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/proxy-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/proxy-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/show-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/show-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/show-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/show-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/sidecar-proxy-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/sidecar-proxy-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/sidecar-proxy-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/sidecar-proxy-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/upstreams-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/upstreams-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/upstreams-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/upstreams-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-proxy-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-proxy-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-proxy-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-proxy-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-sidecar-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-sidecar-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-sidecar-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/instances/with-sidecar-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-blocking-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-blocking-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-blocking-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-blocking-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/list-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/navigation-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-routing-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-routing-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-routing-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-routing-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-with-slashes-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-with-slashes-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-with-slashes-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show-with-slashes-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/dc-switch-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/dc-switch-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/dc-switch-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/dc-switch-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions-error-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions-error-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions-error-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions-error-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/create-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/create-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/create-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/create-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/index-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/intentions/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/navigation-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/services-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/services-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/services-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/services-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/tags-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/tags-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/tags-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/tags-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/empty-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/empty-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/empty-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/empty-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/index-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/index-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/index-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/index-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/intentions-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/intentions-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/intentions-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/intentions-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/metrics-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/metrics-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/metrics-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/metrics-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/notices-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/notices-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/notices-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/notices-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/routing-config-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/routing-config-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/routing-config-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/routing-config-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/stats-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/stats-steps.js
index 34a533faf8b7..3b01da22552d 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/stats-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/topology/stats-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/upstreams-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/upstreams-steps.js
index 34296881e74e..dfa44050f9d6 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/upstreams-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/show/upstreams-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/sorting-steps.js
index f97b73cd6602..1973b839ea10 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/services/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/services/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/deleting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/deleting-steps.js
index 34f897464f31..e3966b705609 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/deleting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/deleting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/index-forwarding-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/index-forwarding-steps.js
index 34f897464f31..e3966b705609 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/index-forwarding-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/index-forwarding-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/login-errors-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/login-errors-steps.js
index 34f897464f31..e3966b705609 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/login-errors-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/login-errors-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/login-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/login-steps.js
index 34f897464f31..e3966b705609 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/login-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/login-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/navigation-links-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/navigation-links-steps.js
index 34f897464f31..e3966b705609 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/navigation-links-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/navigation-links-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/nodes/sorting-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/nodes/sorting-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/nodes/sorting-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/nodes/sorting-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/page-navigation-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/page-navigation-steps.js
index 34f897464f31..e3966b705609 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/page-navigation-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/page-navigation-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/settings/show-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/settings/show-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/settings/show-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/settings/show-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/settings/update-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/settings/update-steps.js
index 9f2f33024ba5..01ce73ca5ade 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/settings/update-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/settings/update-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from '../steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/startup-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/startup-steps.js
index 34f897464f31..e3966b705609 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/startup-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/startup-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/steps.js b/ui/packages/consul-ui/tests/acceptance/steps/steps.js
index 290749139962..fa5253b88d0b 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Inflector from 'ember-inflector';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/submit-blank-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/submit-blank-steps.js
index 34f897464f31..e3966b705609 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/submit-blank-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/submit-blank-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/token-header-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/token-header-steps.js
index 34f897464f31..e3966b705609 100644
--- a/ui/packages/consul-ui/tests/acceptance/steps/token-header-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/token-header-steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import steps from './steps';
diff --git a/ui/packages/consul-ui/tests/dictionary.js b/ui/packages/consul-ui/tests/dictionary.js
index 0d39f99a32ea..a9f52342157f 100644
--- a/ui/packages/consul-ui/tests/dictionary.js
+++ b/ui/packages/consul-ui/tests/dictionary.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint no-control-regex: "off" */
diff --git a/ui/packages/consul-ui/tests/helpers/api.js b/ui/packages/consul-ui/tests/helpers/api.js
index 5d70913364f0..ff91fc74b34a 100644
--- a/ui/packages/consul-ui/tests/helpers/api.js
+++ b/ui/packages/consul-ui/tests/helpers/api.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import config from 'consul-ui/config/environment';
diff --git a/ui/packages/consul-ui/tests/helpers/destroy-app.js b/ui/packages/consul-ui/tests/helpers/destroy-app.js
index 797ac5c748b4..43f7c95cfeb5 100644
--- a/ui/packages/consul-ui/tests/helpers/destroy-app.js
+++ b/ui/packages/consul-ui/tests/helpers/destroy-app.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { run } from '@ember/runloop';
diff --git a/ui/packages/consul-ui/tests/helpers/flash-message.js b/ui/packages/consul-ui/tests/helpers/flash-message.js
index fe35b65a9fca..f98432d4e46b 100644
--- a/ui/packages/consul-ui/tests/helpers/flash-message.js
+++ b/ui/packages/consul-ui/tests/helpers/flash-message.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import FlashObject from 'ember-cli-flash/flash/object';
diff --git a/ui/packages/consul-ui/tests/helpers/get-nspace-runner.js b/ui/packages/consul-ui/tests/helpers/get-nspace-runner.js
index 74fd2c18bb66..d2a44f1ae4d2 100644
--- a/ui/packages/consul-ui/tests/helpers/get-nspace-runner.js
+++ b/ui/packages/consul-ui/tests/helpers/get-nspace-runner.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (type) {
diff --git a/ui/packages/consul-ui/tests/helpers/measure.js b/ui/packages/consul-ui/tests/helpers/measure.js
index 6a4f36214cee..7c2b49449303 100644
--- a/ui/packages/consul-ui/tests/helpers/measure.js
+++ b/ui/packages/consul-ui/tests/helpers/measure.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint no-console: "off" */
diff --git a/ui/packages/consul-ui/tests/helpers/module-for-acceptance.js b/ui/packages/consul-ui/tests/helpers/module-for-acceptance.js
index 0f9c096ffd13..3c500cf97b8e 100644
--- a/ui/packages/consul-ui/tests/helpers/module-for-acceptance.js
+++ b/ui/packages/consul-ui/tests/helpers/module-for-acceptance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/helpers/normalizers.js b/ui/packages/consul-ui/tests/helpers/normalizers.js
index cd887d3028bd..51013adb111b 100644
--- a/ui/packages/consul-ui/tests/helpers/normalizers.js
+++ b/ui/packages/consul-ui/tests/helpers/normalizers.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export const createPolicies = function (item) {
diff --git a/ui/packages/consul-ui/tests/helpers/page.js b/ui/packages/consul-ui/tests/helpers/page.js
index b8b1d0b25092..5c4e372c47e6 100644
--- a/ui/packages/consul-ui/tests/helpers/page.js
+++ b/ui/packages/consul-ui/tests/helpers/page.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 const mb = function (path) {
diff --git a/ui/packages/consul-ui/tests/helpers/repo.js b/ui/packages/consul-ui/tests/helpers/repo.js
index 736f004ad983..2e6e213d6b42 100644
--- a/ui/packages/consul-ui/tests/helpers/repo.js
+++ b/ui/packages/consul-ui/tests/helpers/repo.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { get as httpGet } from 'consul-ui/tests/helpers/api';
diff --git a/ui/packages/consul-ui/tests/helpers/set-cookies.js b/ui/packages/consul-ui/tests/helpers/set-cookies.js
index c8fc40cb8735..58f53f5cb691 100644
--- a/ui/packages/consul-ui/tests/helpers/set-cookies.js
+++ b/ui/packages/consul-ui/tests/helpers/set-cookies.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (type, value, doc = document) {
diff --git a/ui/packages/consul-ui/tests/helpers/stub-super.js b/ui/packages/consul-ui/tests/helpers/stub-super.js
index 3be402e32684..86341c46540b 100644
--- a/ui/packages/consul-ui/tests/helpers/stub-super.js
+++ b/ui/packages/consul-ui/tests/helpers/stub-super.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /**
diff --git a/ui/packages/consul-ui/tests/helpers/type-to-url.js b/ui/packages/consul-ui/tests/helpers/type-to-url.js
index 328851bad134..43c8a6e76406 100644
--- a/ui/packages/consul-ui/tests/helpers/type-to-url.js
+++ b/ui/packages/consul-ui/tests/helpers/type-to-url.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (type) {
diff --git a/ui/packages/consul-ui/tests/helpers/yadda-annotations.js b/ui/packages/consul-ui/tests/helpers/yadda-annotations.js
index 4a991b08c92e..f1c5d7fe9e6c 100644
--- a/ui/packages/consul-ui/tests/helpers/yadda-annotations.js
+++ b/ui/packages/consul-ui/tests/helpers/yadda-annotations.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/index.html b/ui/packages/consul-ui/tests/index.html
index 67721753d4f5..b1582c0408e4 100644
--- a/ui/packages/consul-ui/tests/index.html
+++ b/ui/packages/consul-ui/tests/index.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <!--
  Copyright (c) HashiCorp, Inc.
- SPDX-License-Identifier: BUSL-1.1
+ SPDX-License-Identifier: MPL-2.0
 -->
 
 <html class="{{content-for "root-class"}}">
diff --git a/ui/packages/consul-ui/tests/integration/adapters/auth-method-test.js b/ui/packages/consul-ui/tests/integration/adapters/auth-method-test.js
index a0ec88808219..fbec9c25c32a 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/binding-rule-test.js b/ui/packages/consul-ui/tests/integration/adapters/binding-rule-test.js
index bc86968ee9eb..8988a520ad47 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/binding-rule-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/binding-rule-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/coordinate-test.js b/ui/packages/consul-ui/tests/integration/adapters/coordinate-test.js
index 769e0dcef0e5..e43abd01fb38 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/discovery-chain-test.js b/ui/packages/consul-ui/tests/integration/adapters/discovery-chain-test.js
index 4726c9df64d7..e5462a584589 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/intention-test.js b/ui/packages/consul-ui/tests/integration/adapters/intention-test.js
index 821914ab86d5..577abfea8a7f 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/intention-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/kv-test.js b/ui/packages/consul-ui/tests/integration/adapters/kv-test.js
index 539f353e889e..a2e0afc7fc3b 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/kv-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/node-test.js b/ui/packages/consul-ui/tests/integration/adapters/node-test.js
index dd30d7872918..74a1978f94e7 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/node-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/nspace-test.js b/ui/packages/consul-ui/tests/integration/adapters/nspace-test.js
index 47ad8f581077..531d5ab169f6 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/nspace-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/nspace-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/oidc-provider-test.js b/ui/packages/consul-ui/tests/integration/adapters/oidc-provider-test.js
index d9995384e5a1..eab308e3cdd1 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/partition-test.js b/ui/packages/consul-ui/tests/integration/adapters/partition-test.js
index 949a1589291d..7c436c6f3f88 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/partition-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/permission-test.js b/ui/packages/consul-ui/tests/integration/adapters/permission-test.js
index a3ca0fe738be..7a1e867f2e0f 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/permission-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/permission-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/policy-test.js b/ui/packages/consul-ui/tests/integration/adapters/policy-test.js
index 542ba3d25f14..990d85d07128 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/policy-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/role-test.js b/ui/packages/consul-ui/tests/integration/adapters/role-test.js
index 6a0eea75f280..f19802652360 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/role-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/service-instance-test.js b/ui/packages/consul-ui/tests/integration/adapters/service-instance-test.js
index 69b743d4a600..5dc072668fd9 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/service-test.js b/ui/packages/consul-ui/tests/integration/adapters/service-test.js
index a2638cfc9692..a7663cd6eeef 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/service-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/session-test.js b/ui/packages/consul-ui/tests/integration/adapters/session-test.js
index 917889eb84bf..da3cf3e45832 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/session-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/token-test.js b/ui/packages/consul-ui/tests/integration/adapters/token-test.js
index 0b32c1165f24..518f4bc86160 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/token-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/adapters/topology-test.js b/ui/packages/consul-ui/tests/integration/adapters/topology-test.js
index 67904b2cbf1e..1129655bf9a0 100644
--- a/ui/packages/consul-ui/tests/integration/adapters/topology-test.js
+++ b/ui/packages/consul-ui/tests/integration/adapters/topology-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/app-view-test.js b/ui/packages/consul-ui/tests/integration/components/app-view-test.js
index f6dca3bd043d..7e05ddc21a46 100644
--- a/ui/packages/consul-ui/tests/integration/components/app-view-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/app-view-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/aria-menu-test.js b/ui/packages/consul-ui/tests/integration/components/aria-menu-test.js
index 69e34cb0191a..191d00ef9f50 100644
--- a/ui/packages/consul-ui/tests/integration/components/aria-menu-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/aria-menu-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/auth-profile-test.js b/ui/packages/consul-ui/tests/integration/components/auth-profile-test.js
index 59f6173d954d..0b69051fd98b 100644
--- a/ui/packages/consul-ui/tests/integration/components/auth-profile-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/auth-profile-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/code-editor-test.js b/ui/packages/consul-ui/tests/integration/components/code-editor-test.js
index f0a5d9d2cbcc..055e52f5841f 100644
--- a/ui/packages/consul-ui/tests/integration/components/code-editor-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/code-editor-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/confirmation-dialog-test.js b/ui/packages/consul-ui/tests/integration/components/confirmation-dialog-test.js
index 26e47951fb96..82cb36d371c8 100644
--- a/ui/packages/consul-ui/tests/integration/components/confirmation-dialog-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/confirmation-dialog-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js b/ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js
index a8ba14b15943..609fae5d32c3 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/bucket/list-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js b/ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js
index 2394e3a16e9b..21e276debb14 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/datacenter/selector-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/discovery-chain-test.js b/ui/packages/consul-ui/tests/integration/components/consul/discovery-chain-test.js
index 32b49533a833..6e2b6bbc741c 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/hcp/home-test.js b/ui/packages/consul-ui/tests/integration/components/consul/hcp/home-test.js
index 99ac5e6e4a8d..1cd839bf53da 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/hcp/home-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/hcp/home-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // temporary import until we are running as separate applications
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/form-test.js b/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/form-test.js
index 8625b2d5c044..96d54eb975a4 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/form-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/form-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/header/form-test.js b/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/header/form-test.js
index 6d8ed7fb0dff..518d2d269640 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/header/form-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/intention/permission/header/form-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/consul/node/agentless-notice-test.js b/ui/packages/consul-ui/tests/integration/components/consul/node/agentless-notice-test.js
index ce8daa2f84d7..6c780bb1ca39 100644
--- a/ui/packages/consul-ui/tests/integration/components/consul/node/agentless-notice-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/consul/node/agentless-notice-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/data-collection-test.js b/ui/packages/consul-ui/tests/integration/components/data-collection-test.js
index 8b79275829fe..53a109092f57 100644
--- a/ui/packages/consul-ui/tests/integration/components/data-collection-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/data-collection-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/data-source-test.js b/ui/packages/consul-ui/tests/integration/components/data-source-test.js
index 8007ae61c120..fc19b4277949 100644
--- a/ui/packages/consul-ui/tests/integration/components/data-source-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/data-source-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/delete-confirmation-test.js b/ui/packages/consul-ui/tests/integration/components/delete-confirmation-test.js
index e662ca0c3693..b0c7592b3c4e 100644
--- a/ui/packages/consul-ui/tests/integration/components/delete-confirmation-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/delete-confirmation-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/event-source-test.js b/ui/packages/consul-ui/tests/integration/components/event-source-test.js
index 54af26cf76b2..c17bc72ecb25 100644
--- a/ui/packages/consul-ui/tests/integration/components/event-source-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/event-source-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/freetext-filter-test.js b/ui/packages/consul-ui/tests/integration/components/freetext-filter-test.js
index 9a665721ec64..7f4abd832476 100644
--- a/ui/packages/consul-ui/tests/integration/components/freetext-filter-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/freetext-filter-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js b/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js
index 7fb039532634..a893b7058794 100644
--- a/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/hashicorp-consul-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/jwt-source-test.js b/ui/packages/consul-ui/tests/integration/components/jwt-source-test.js
index 21b82fc0826a..a7101dd5c16e 100644
--- a/ui/packages/consul-ui/tests/integration/components/jwt-source-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/jwt-source-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/list-collection-test.js b/ui/packages/consul-ui/tests/integration/components/list-collection-test.js
index 6c951a96f67e..7d082b1b672c 100644
--- a/ui/packages/consul-ui/tests/integration/components/list-collection-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/list-collection-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/oidc-select-test.js b/ui/packages/consul-ui/tests/integration/components/oidc-select-test.js
index d662f4b105cc..879db1c05a89 100644
--- a/ui/packages/consul-ui/tests/integration/components/oidc-select-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/oidc-select-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/popover-menu-test.js b/ui/packages/consul-ui/tests/integration/components/popover-menu-test.js
index b609aad0dc72..b187f459ba7e 100644
--- a/ui/packages/consul-ui/tests/integration/components/popover-menu-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/popover-menu-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/radio-group-test.js b/ui/packages/consul-ui/tests/integration/components/radio-group-test.js
index 1e58f3926558..08bfa3fbd2e5 100644
--- a/ui/packages/consul-ui/tests/integration/components/radio-group-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/radio-group-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/ref-test.js b/ui/packages/consul-ui/tests/integration/components/ref-test.js
index 13bb955c7786..7d249d7e74cb 100644
--- a/ui/packages/consul-ui/tests/integration/components/ref-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/ref-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/resolver-card-test.js b/ui/packages/consul-ui/tests/integration/components/resolver-card-test.js
index b8c48f25cb88..ac3b8db22515 100644
--- a/ui/packages/consul-ui/tests/integration/components/resolver-card-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/resolver-card-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/route-card-test.js b/ui/packages/consul-ui/tests/integration/components/route-card-test.js
index 36b6d7baf5b9..de023a321928 100644
--- a/ui/packages/consul-ui/tests/integration/components/route-card-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/route-card-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/splitter-card-test.js b/ui/packages/consul-ui/tests/integration/components/splitter-card-test.js
index 2bf1a8b8e899..3d4b1933e3b3 100644
--- a/ui/packages/consul-ui/tests/integration/components/splitter-card-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/splitter-card-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/state-test.js b/ui/packages/consul-ui/tests/integration/components/state-test.js
index f93c60b5d09d..a5b937ddc164 100644
--- a/ui/packages/consul-ui/tests/integration/components/state-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/state-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/tab-nav-test.js b/ui/packages/consul-ui/tests/integration/components/tab-nav-test.js
index 992d051c1b67..56ebcbfc5b79 100644
--- a/ui/packages/consul-ui/tests/integration/components/tab-nav-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/tab-nav-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/tabular-collection-test.js b/ui/packages/consul-ui/tests/integration/components/tabular-collection-test.js
index 1e1436270284..6249df374b1b 100644
--- a/ui/packages/consul-ui/tests/integration/components/tabular-collection-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/tabular-collection-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/tabular-details-test.js b/ui/packages/consul-ui/tests/integration/components/tabular-details-test.js
index f3930e93a992..c3a5979c5980 100644
--- a/ui/packages/consul-ui/tests/integration/components/tabular-details-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/tabular-details-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/tag-list-test.js b/ui/packages/consul-ui/tests/integration/components/tag-list-test.js
index 6c6bda573dd4..819a66ee84ac 100644
--- a/ui/packages/consul-ui/tests/integration/components/tag-list-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/tag-list-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/toggle-button-test.js b/ui/packages/consul-ui/tests/integration/components/toggle-button-test.js
index 6bb68165401c..8934f4c625fb 100644
--- a/ui/packages/consul-ui/tests/integration/components/toggle-button-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/toggle-button-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/components/token-list-test.js b/ui/packages/consul-ui/tests/integration/components/token-list-test.js
index 60b71eca2aaa..f9e9042a96ee 100644
--- a/ui/packages/consul-ui/tests/integration/components/token-list-test.js
+++ b/ui/packages/consul-ui/tests/integration/components/token-list-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/atob-test.js b/ui/packages/consul-ui/tests/integration/helpers/atob-test.js
index fa1dc1f6a5d0..6a3c15f4f783 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/atob-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/atob-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/dom-position-test.js b/ui/packages/consul-ui/tests/integration/helpers/dom-position-test.js
index b0d51b970756..c6f45aabd5a8 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/dom-position-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/dom-position-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/duration-from-test.js b/ui/packages/consul-ui/tests/integration/helpers/duration-from-test.js
index 2628d98b3bbb..c9b0be396366 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/duration-from-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/duration-from-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/format-short-time-test.js b/ui/packages/consul-ui/tests/integration/helpers/format-short-time-test.js
index be58137709c5..9c56efdc2673 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/format-short-time-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/format-short-time-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/is-href-test.js b/ui/packages/consul-ui/tests/integration/helpers/is-href-test.js
index da95294b58d9..6237fd0cd8f3 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/is-href-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/is-href-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/last-test.js b/ui/packages/consul-ui/tests/integration/helpers/last-test.js
index 9ae69538ef89..979a59a6ad94 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/last-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/last-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/left-trim-test.js b/ui/packages/consul-ui/tests/integration/helpers/left-trim-test.js
index bed82a171a6f..ae27cf327f9a 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/left-trim-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/left-trim-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/policy/datacenters-test.js b/ui/packages/consul-ui/tests/integration/helpers/policy/datacenters-test.js
index 8e2a0fed97ab..8493a61bb8ba 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/policy/datacenters-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/policy/datacenters-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js b/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js
index e230744cae23..44d2dec68289 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/render-template-test.js b/ui/packages/consul-ui/tests/integration/helpers/render-template-test.js
index 74cc7586840c..82a9a45e9f77 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/render-template-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/render-template-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/right-trim-test.js b/ui/packages/consul-ui/tests/integration/helpers/right-trim-test.js
index 289a27302b66..7233b7323267 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/right-trim-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/right-trim-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/route-match-test.js b/ui/packages/consul-ui/tests/integration/helpers/route-match-test.js
index 9437d05773ac..a5ed30edb7a9 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/route-match-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/route-match-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/searchable-test.js b/ui/packages/consul-ui/tests/integration/helpers/searchable-test.js
index e976e6216ae5..88ba0cf9a4df 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/searchable-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/searchable-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/service/card-permissions-test.js b/ui/packages/consul-ui/tests/integration/helpers/service/card-permissions-test.js
index b537f6c70573..ee2c0c7643a2 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/service/card-permissions-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/service/card-permissions-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/service/external-source-test.js b/ui/packages/consul-ui/tests/integration/helpers/service/external-source-test.js
index de1e810a0b8a..10e46f07e179 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/service/external-source-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/service/external-source-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/service/health-percentage-test.js b/ui/packages/consul-ui/tests/integration/helpers/service/health-percentage-test.js
index 37ef964cf29d..a6cfb3221c57 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/service/health-percentage-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/service/health-percentage-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/slugify-test.js b/ui/packages/consul-ui/tests/integration/helpers/slugify-test.js
index 29548eb1d3ad..489d13433ba0 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/slugify-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/slugify-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/split-test.js b/ui/packages/consul-ui/tests/integration/helpers/split-test.js
index f355c6d39b78..9b0d698870f4 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/split-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/split-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/state-matches-test.js b/ui/packages/consul-ui/tests/integration/helpers/state-matches-test.js
index c89779226bd6..2e77c486acc9 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/state-matches-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/state-matches-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/substr-test.js b/ui/packages/consul-ui/tests/integration/helpers/substr-test.js
index fcdc14131dd4..d8a454f8d65d 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/substr-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/substr-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/svg-curve-test.js b/ui/packages/consul-ui/tests/integration/helpers/svg-curve-test.js
index d7aabd055a56..46dd3f4a45ca 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/svg-curve-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/svg-curve-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/token/is-anonymous-test.js b/ui/packages/consul-ui/tests/integration/helpers/token/is-anonymous-test.js
index 5b3d0b0ea78b..2a9017d9dd9b 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/token/is-anonymous-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/token/is-anonymous-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/token/is-legacy-test.js b/ui/packages/consul-ui/tests/integration/helpers/token/is-legacy-test.js
index cc7cb336e807..a454ee5ea1f5 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/token/is-legacy-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/token/is-legacy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/helpers/tween-to-test.js b/ui/packages/consul-ui/tests/integration/helpers/tween-to-test.js
index c0a2ca553d0b..d20def058a26 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/tween-to-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/tween-to-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/auth-method-test.js b/ui/packages/consul-ui/tests/integration/serializers/auth-method-test.js
index 2314f715e6f5..d4b824ceb30f 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/binding-rule-test.js b/ui/packages/consul-ui/tests/integration/serializers/binding-rule-test.js
index f1d1cee779e0..4a20ae1888d3 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/binding-rule-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/binding-rule-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/coordinate-test.js b/ui/packages/consul-ui/tests/integration/serializers/coordinate-test.js
index 5a3d6ff3fa04..46974e694c04 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/discovery-chain-test.js b/ui/packages/consul-ui/tests/integration/serializers/discovery-chain-test.js
index 9b807c30eef1..097079eee6d2 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/intention-test.js b/ui/packages/consul-ui/tests/integration/serializers/intention-test.js
index e15aa8380367..fa82704cf7e8 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/intention-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/kv-test.js b/ui/packages/consul-ui/tests/integration/serializers/kv-test.js
index 17b23ea75a5b..d3767b0819e2 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/kv-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/node-test.js b/ui/packages/consul-ui/tests/integration/serializers/node-test.js
index 8f574cce3fdd..3a2a964f2e44 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/node-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/nspace-test.js b/ui/packages/consul-ui/tests/integration/serializers/nspace-test.js
index 60993001409e..d93526d6960f 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/nspace-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/nspace-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/oidc-provider-test.js b/ui/packages/consul-ui/tests/integration/serializers/oidc-provider-test.js
index beb6ed17d519..c9e68e91176a 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/partition-test.js b/ui/packages/consul-ui/tests/integration/serializers/partition-test.js
index 3b400ac70cb0..e6be8761846c 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/partition-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/policy-test.js b/ui/packages/consul-ui/tests/integration/serializers/policy-test.js
index f6b68b7db211..659c1128021d 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/policy-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/role-test.js b/ui/packages/consul-ui/tests/integration/serializers/role-test.js
index 0f7b754d1c96..2e6c8faace9e 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/role-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/service-instance-test.js b/ui/packages/consul-ui/tests/integration/serializers/service-instance-test.js
index b47bba9aedb8..01356933d51e 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/service-test.js b/ui/packages/consul-ui/tests/integration/serializers/service-test.js
index 56b089ee1b86..51a5efafa695 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/service-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/session-test.js b/ui/packages/consul-ui/tests/integration/serializers/session-test.js
index 07d72aebdb4b..94fd716215f5 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/session-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/token-test.js b/ui/packages/consul-ui/tests/integration/serializers/token-test.js
index 71931326192c..6d52441a4d2a 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/token-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/serializers/topology-test.js b/ui/packages/consul-ui/tests/integration/serializers/topology-test.js
index 09ae55d93d10..55b042ac7b90 100644
--- a/ui/packages/consul-ui/tests/integration/serializers/topology-test.js
+++ b/ui/packages/consul-ui/tests/integration/serializers/topology-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/auth-method-test.js b/ui/packages/consul-ui/tests/integration/services/repository/auth-method-test.js
index 7fb802b224d0..1eb498f85741 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { setupTest } from 'ember-qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/coordinate-test.js b/ui/packages/consul-ui/tests/integration/services/repository/coordinate-test.js
index 8809684758da..1f4c28fc478a 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { setupTest } from 'ember-qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/dc-test.js b/ui/packages/consul-ui/tests/integration/services/repository/dc-test.js
index 06b7b267e40e..964bd927c9e7 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/dc-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/dc-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { setupTest } from 'ember-qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/discovery-chain-test.js b/ui/packages/consul-ui/tests/integration/services/repository/discovery-chain-test.js
index cc877f770662..82185e5197ed 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/kv-test.js b/ui/packages/consul-ui/tests/integration/services/repository/kv-test.js
index 3604d46c186e..c5250e191608 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/kv-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/node-test.js b/ui/packages/consul-ui/tests/integration/services/repository/node-test.js
index ed309ca0336d..acf8a60931c5 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/node-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { setupTest } from 'ember-qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/policy-test.js b/ui/packages/consul-ui/tests/integration/services/repository/policy-test.js
index c6782ca5e479..98e2835c4230 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/policy-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/role-test.js b/ui/packages/consul-ui/tests/integration/services/repository/role-test.js
index be101abf849d..f76d53198c4f 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/role-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/service-test.js b/ui/packages/consul-ui/tests/integration/services/repository/service-test.js
index 68dc7267bdba..2fb982dce2b3 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/service-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/session-test.js b/ui/packages/consul-ui/tests/integration/services/repository/session-test.js
index 7c9cb0d34e39..5ab084435320 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/session-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/token-test.js b/ui/packages/consul-ui/tests/integration/services/repository/token-test.js
index f822eefc2eed..ede204432a0b 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/token-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/repository/topology-test.js b/ui/packages/consul-ui/tests/integration/services/repository/topology-test.js
index ca16a925734f..75f400b7c75b 100644
--- a/ui/packages/consul-ui/tests/integration/services/repository/topology-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/repository/topology-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/services/routlet-test.js b/ui/packages/consul-ui/tests/integration/services/routlet-test.js
index 006473b850a8..891e58716f97 100644
--- a/ui/packages/consul-ui/tests/integration/services/routlet-test.js
+++ b/ui/packages/consul-ui/tests/integration/services/routlet-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/integration/utils/dom/event-source/callable-test.js b/ui/packages/consul-ui/tests/integration/utils/dom/event-source/callable-test.js
index f02b89830ae4..bae55450b58f 100644
--- a/ui/packages/consul-ui/tests/integration/utils/dom/event-source/callable-test.js
+++ b/ui/packages/consul-ui/tests/integration/utils/dom/event-source/callable-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domEventSourceCallable from 'consul-ui/utils/dom/event-source/callable';
diff --git a/ui/packages/consul-ui/tests/lib/measure/getMeasure.js b/ui/packages/consul-ui/tests/lib/measure/getMeasure.js
index b39313bdce5b..641179b59ab9 100644
--- a/ui/packages/consul-ui/tests/lib/measure/getMeasure.js
+++ b/ui/packages/consul-ui/tests/lib/measure/getMeasure.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint no-console: "off" */
diff --git a/ui/packages/consul-ui/tests/lib/page-object/createCancelable.js b/ui/packages/consul-ui/tests/lib/page-object/createCancelable.js
index ba9ba39e9c7e..c15e64a110a2 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/createCancelable.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/createCancelable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (clickable, is) {
diff --git a/ui/packages/consul-ui/tests/lib/page-object/createCreatable.js b/ui/packages/consul-ui/tests/lib/page-object/createCreatable.js
index da0f5b6e197a..a9cbbadfce26 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/createCreatable.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/createCreatable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (clickable, is) {
diff --git a/ui/packages/consul-ui/tests/lib/page-object/createDeletable.js b/ui/packages/consul-ui/tests/lib/page-object/createDeletable.js
index c02e9fb66995..fc267a12fbdc 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/createDeletable.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/createDeletable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (clickable) {
diff --git a/ui/packages/consul-ui/tests/lib/page-object/createSubmitable.js b/ui/packages/consul-ui/tests/lib/page-object/createSubmitable.js
index 4655e460e94e..cef2ad1558c5 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/createSubmitable.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/createSubmitable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (clickable, is) {
diff --git a/ui/packages/consul-ui/tests/lib/page-object/index.js b/ui/packages/consul-ui/tests/lib/page-object/index.js
index 156ebb8a26bd..a4f87b317cc8 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/index.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { isPresent as present, fillable, clickable, property } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/tests/lib/page-object/visitable.js b/ui/packages/consul-ui/tests/lib/page-object/visitable.js
index fc6db1554909..e959d453a0b1 100644
--- a/ui/packages/consul-ui/tests/lib/page-object/visitable.js
+++ b/ui/packages/consul-ui/tests/lib/page-object/visitable.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { getContext } from '@ember/test-helpers';
diff --git a/ui/packages/consul-ui/tests/pages.js b/ui/packages/consul-ui/tests/pages.js
index 8d85b5e562fa..e0ae1428df95 100644
--- a/ui/packages/consul-ui/tests/pages.js
+++ b/ui/packages/consul-ui/tests/pages.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import {
diff --git a/ui/packages/consul-ui/tests/pages/dc.js b/ui/packages/consul-ui/tests/pages/dc.js
index 3b6839acab5e..3b662cccc88e 100644
--- a/ui/packages/consul-ui/tests/pages/dc.js
+++ b/ui/packages/consul-ui/tests/pages/dc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, clickable, attribute, collection) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/auth-methods/index.js b/ui/packages/consul-ui/tests/pages/dc/acls/auth-methods/index.js
index 6e9b3c1c439e..25579734c24d 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/auth-methods/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/auth-methods/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, creatable, authMethods, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/edit.js b/ui/packages/consul-ui/tests/pages/dc/acls/edit.js
index 37e525a250e7..c51bcd871a2f 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, submitable, deletable, cancelable, clickable) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/index.js b/ui/packages/consul-ui/tests/pages/dc/acls/index.js
index e43331028e2c..a2b65cc9f3bb 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, deletable, creatable, clickable, attribute, collection) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/policies/edit.js b/ui/packages/consul-ui/tests/pages/dc/acls/policies/edit.js
index 40705227d626..0289bbde9404 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/policies/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/policies/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, submitable, deletable, cancelable, clickable, tokenList) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/policies/index.js b/ui/packages/consul-ui/tests/pages/dc/acls/policies/index.js
index 93409130e889..5d9d2d5c9c4a 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/policies/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/policies/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, creatable, policies, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/roles/edit.js b/ui/packages/consul-ui/tests/pages/dc/acls/roles/edit.js
index 56463a0de0e2..e20f0b907bd3 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/roles/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/roles/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, submitable, deletable, cancelable, policySelector, tokenList) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/roles/index.js b/ui/packages/consul-ui/tests/pages/dc/acls/roles/index.js
index c219441cc89b..8ec14fe15dca 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/roles/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/roles/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, creatable, roles, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/tokens/edit.js b/ui/packages/consul-ui/tests/pages/dc/acls/tokens/edit.js
index a5d98fd035f8..f859734e797c 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/tokens/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/tokens/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/acls/tokens/index.js b/ui/packages/consul-ui/tests/pages/dc/acls/tokens/index.js
index 7cd031c33c92..12b3196685b9 100644
--- a/ui/packages/consul-ui/tests/pages/dc/acls/tokens/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/acls/tokens/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, creatable, text, tokens, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/intentions/edit.js b/ui/packages/consul-ui/tests/pages/dc/intentions/edit.js
index ae19b36d4d5b..cd7082d8d9fa 100644
--- a/ui/packages/consul-ui/tests/pages/dc/intentions/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/intentions/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/intentions/index.js b/ui/packages/consul-ui/tests/pages/dc/intentions/index.js
index 0ea000bc9d47..34ba75af4105 100644
--- a/ui/packages/consul-ui/tests/pages/dc/intentions/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/intentions/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, creatable, clickable, intentions, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/kv/edit.js b/ui/packages/consul-ui/tests/pages/dc/kv/edit.js
index 2df838575be2..2fb0a415a6fc 100644
--- a/ui/packages/consul-ui/tests/pages/dc/kv/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/kv/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, attribute, present, submitable, deletable, cancelable) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/kv/index.js b/ui/packages/consul-ui/tests/pages/dc/kv/index.js
index 1c54fdabb509..065bd620f7e1 100644
--- a/ui/packages/consul-ui/tests/pages/dc/kv/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/kv/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, creatable, kvs) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/nodes/index.js b/ui/packages/consul-ui/tests/pages/dc/nodes/index.js
index 17aebadf3c83..36217877921e 100644
--- a/ui/packages/consul-ui/tests/pages/dc/nodes/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/nodes/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, text, clickable, attribute, collection, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/nodes/show.js b/ui/packages/consul-ui/tests/pages/dc/nodes/show.js
index 9795a603d431..aecdd282740e 100644
--- a/ui/packages/consul-ui/tests/pages/dc/nodes/show.js
+++ b/ui/packages/consul-ui/tests/pages/dc/nodes/show.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/nspaces/edit.js b/ui/packages/consul-ui/tests/pages/dc/nspaces/edit.js
index b936af285bbd..96cc1313701a 100644
--- a/ui/packages/consul-ui/tests/pages/dc/nspaces/edit.js
+++ b/ui/packages/consul-ui/tests/pages/dc/nspaces/edit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/nspaces/index.js b/ui/packages/consul-ui/tests/pages/dc/nspaces/index.js
index 86b5b9d7133c..00e0acf35597 100644
--- a/ui/packages/consul-ui/tests/pages/dc/nspaces/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/nspaces/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, creatable, nspaces, popoverSelect) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/peers/index.js b/ui/packages/consul-ui/tests/pages/dc/peers/index.js
index bec77adff832..a91a5007e351 100644
--- a/ui/packages/consul-ui/tests/pages/dc/peers/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/peers/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import tabgroup from 'consul-ui/components/tab-nav/pageobject';
diff --git a/ui/packages/consul-ui/tests/pages/dc/peers/show.js b/ui/packages/consul-ui/tests/pages/dc/peers/show.js
index 3cb0fa43ab69..f806d5cb3d33 100644
--- a/ui/packages/consul-ui/tests/pages/dc/peers/show.js
+++ b/ui/packages/consul-ui/tests/pages/dc/peers/show.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable) {
diff --git a/ui/packages/consul-ui/tests/pages/dc/routing-config.js b/ui/packages/consul-ui/tests/pages/dc/routing-config.js
index c962811be99f..90f01db5e6a1 100644
--- a/ui/packages/consul-ui/tests/pages/dc/routing-config.js
+++ b/ui/packages/consul-ui/tests/pages/dc/routing-config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { text } from 'ember-cli-page-object';
diff --git a/ui/packages/consul-ui/tests/pages/dc/services/index.js b/ui/packages/consul-ui/tests/pages/dc/services/index.js
index 8ae98effe057..74d00a047595 100644
--- a/ui/packages/consul-ui/tests/pages/dc/services/index.js
+++ b/ui/packages/consul-ui/tests/pages/dc/services/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/services/instance.js b/ui/packages/consul-ui/tests/pages/dc/services/instance.js
index 923b7f2c7551..65f9611d0b39 100644
--- a/ui/packages/consul-ui/tests/pages/dc/services/instance.js
+++ b/ui/packages/consul-ui/tests/pages/dc/services/instance.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/dc/services/show.js b/ui/packages/consul-ui/tests/pages/dc/services/show.js
index 5d92ff9f55a4..f6279d059ef8 100644
--- a/ui/packages/consul-ui/tests/pages/dc/services/show.js
+++ b/ui/packages/consul-ui/tests/pages/dc/services/show.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (
diff --git a/ui/packages/consul-ui/tests/pages/index.js b/ui/packages/consul-ui/tests/pages/index.js
index b0fb04d78939..f6d275dac8d9 100644
--- a/ui/packages/consul-ui/tests/pages/index.js
+++ b/ui/packages/consul-ui/tests/pages/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, collection) {
diff --git a/ui/packages/consul-ui/tests/pages/settings.js b/ui/packages/consul-ui/tests/pages/settings.js
index ebebad25ca77..1e949858dc81 100644
--- a/ui/packages/consul-ui/tests/pages/settings.js
+++ b/ui/packages/consul-ui/tests/pages/settings.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (visitable, submitable, isPresent) {
diff --git a/ui/packages/consul-ui/tests/steps.js b/ui/packages/consul-ui/tests/steps.js
index aa08f356f0f7..74093a60a101 100644
--- a/ui/packages/consul-ui/tests/steps.js
+++ b/ui/packages/consul-ui/tests/steps.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // This files export is executed from 2 places:
diff --git a/ui/packages/consul-ui/tests/steps/assertions/dom.js b/ui/packages/consul-ui/tests/steps/assertions/dom.js
index 0aabc73cfb8b..082f1b3f22e1 100644
--- a/ui/packages/consul-ui/tests/steps/assertions/dom.js
+++ b/ui/packages/consul-ui/tests/steps/assertions/dom.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 const dont = `( don't| shouldn't| can't)?`;
diff --git a/ui/packages/consul-ui/tests/steps/assertions/form.js b/ui/packages/consul-ui/tests/steps/assertions/form.js
index 1b7ef6f85f5d..5d8f14ef94fe 100644
--- a/ui/packages/consul-ui/tests/steps/assertions/form.js
+++ b/ui/packages/consul-ui/tests/steps/assertions/form.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (scenario, assert, find, currentPage) {
diff --git a/ui/packages/consul-ui/tests/steps/assertions/http.js b/ui/packages/consul-ui/tests/steps/assertions/http.js
index b42eb3afcccf..320b9b697519 100644
--- a/ui/packages/consul-ui/tests/steps/assertions/http.js
+++ b/ui/packages/consul-ui/tests/steps/assertions/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 const not = `(n't| not)?`;
diff --git a/ui/packages/consul-ui/tests/steps/assertions/model.js b/ui/packages/consul-ui/tests/steps/assertions/model.js
index 4355aa941957..c7224f0796b0 100644
--- a/ui/packages/consul-ui/tests/steps/assertions/model.js
+++ b/ui/packages/consul-ui/tests/steps/assertions/model.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (scenario, assert, find, currentPage, pauseUntil, pluralize) {
diff --git a/ui/packages/consul-ui/tests/steps/assertions/page.js b/ui/packages/consul-ui/tests/steps/assertions/page.js
index 731ff6e3c891..428a95d98045 100644
--- a/ui/packages/consul-ui/tests/steps/assertions/page.js
+++ b/ui/packages/consul-ui/tests/steps/assertions/page.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*eslint no-console: "off", ember/no-jquery: "off", ember/no-global-jquery: "off"*/
diff --git a/ui/packages/consul-ui/tests/steps/debug/index.js b/ui/packages/consul-ui/tests/steps/debug/index.js
index 5bf042eee881..e23bd35c92cf 100644
--- a/ui/packages/consul-ui/tests/steps/debug/index.js
+++ b/ui/packages/consul-ui/tests/steps/debug/index.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* eslint no-console: "off" */
diff --git a/ui/packages/consul-ui/tests/steps/doubles/http.js b/ui/packages/consul-ui/tests/steps/doubles/http.js
index 1eb8e9bced5e..66427a734b1e 100644
--- a/ui/packages/consul-ui/tests/steps/doubles/http.js
+++ b/ui/packages/consul-ui/tests/steps/doubles/http.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (scenario, respondWith, set, oidc) {
diff --git a/ui/packages/consul-ui/tests/steps/doubles/model.js b/ui/packages/consul-ui/tests/steps/doubles/model.js
index 95828cb15cf8..0c2be73b9906 100644
--- a/ui/packages/consul-ui/tests/steps/doubles/model.js
+++ b/ui/packages/consul-ui/tests/steps/doubles/model.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (scenario, create, set, win = window, doc = document) {
diff --git a/ui/packages/consul-ui/tests/steps/interactions/click.js b/ui/packages/consul-ui/tests/steps/interactions/click.js
index 6d98bba341ab..fcb51f49d100 100644
--- a/ui/packages/consul-ui/tests/steps/interactions/click.js
+++ b/ui/packages/consul-ui/tests/steps/interactions/click.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (scenario, find, click) {
diff --git a/ui/packages/consul-ui/tests/steps/interactions/form.js b/ui/packages/consul-ui/tests/steps/interactions/form.js
index bdd14a539616..726a6623542e 100644
--- a/ui/packages/consul-ui/tests/steps/interactions/form.js
+++ b/ui/packages/consul-ui/tests/steps/interactions/form.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 export default function (scenario, find, fillIn, triggerKeyEvent, currentPage) {
diff --git a/ui/packages/consul-ui/tests/steps/interactions/visit.js b/ui/packages/consul-ui/tests/steps/interactions/visit.js
index 64639281b853..fbe9468a4105 100644
--- a/ui/packages/consul-ui/tests/steps/interactions/visit.js
+++ b/ui/packages/consul-ui/tests/steps/interactions/visit.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { visit } from '@ember/test-helpers';
diff --git a/ui/packages/consul-ui/tests/test-helper.js b/ui/packages/consul-ui/tests/test-helper.js
index 661a3f0c08b3..671be7d6f74b 100644
--- a/ui/packages/consul-ui/tests/test-helper.js
+++ b/ui/packages/consul-ui/tests/test-helper.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import Application from 'consul-ui/app';
diff --git a/ui/packages/consul-ui/tests/unit/abilities/-test.js b/ui/packages/consul-ui/tests/unit/abilities/-test.js
index f64d514a61d4..8d38dcaf1f6d 100644
--- a/ui/packages/consul-ui/tests/unit/abilities/-test.js
+++ b/ui/packages/consul-ui/tests/unit/abilities/-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /* globals requirejs */
diff --git a/ui/packages/consul-ui/tests/unit/adapters/application-test.js b/ui/packages/consul-ui/tests/unit/adapters/application-test.js
index 42f0be04a572..97ca4f7e7c84 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/application-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/application-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/auth-method-test.js b/ui/packages/consul-ui/tests/unit/adapters/auth-method-test.js
index 10da2545d204..8d8e7296db09 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/binding-rule-test.js b/ui/packages/consul-ui/tests/unit/adapters/binding-rule-test.js
index 67ae7ab97692..27786b09f075 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/binding-rule-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/binding-rule-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/coordinate-test.js b/ui/packages/consul-ui/tests/unit/adapters/coordinate-test.js
index 506e1a3fa0d2..3d1ad1850770 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/discovery-chain-test.js b/ui/packages/consul-ui/tests/unit/adapters/discovery-chain-test.js
index b0a207a63dd5..6499909ea449 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/http-test.js b/ui/packages/consul-ui/tests/unit/adapters/http-test.js
index 62e04efce715..a486f2788ee9 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/http-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/http-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/intention-test.js b/ui/packages/consul-ui/tests/unit/adapters/intention-test.js
index 322a71cac13c..73faaf8549b1 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/kv-test.js b/ui/packages/consul-ui/tests/unit/adapters/kv-test.js
index ea846b3af9ed..6bfd78811c2b 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/kv-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/node-test.js b/ui/packages/consul-ui/tests/unit/adapters/node-test.js
index 41f226f6851a..b8a117f7aed3 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/nspace-test.js b/ui/packages/consul-ui/tests/unit/adapters/nspace-test.js
index 5f25b46b5cf3..f07cd980a929 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/nspace-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/nspace-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/oidc-provider-test.js b/ui/packages/consul-ui/tests/unit/adapters/oidc-provider-test.js
index f9aedea83527..47b366c889b2 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/partition-test.js b/ui/packages/consul-ui/tests/unit/adapters/partition-test.js
index a6418f7ca32a..ae9376d1bb42 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/partition-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/permission-test.js b/ui/packages/consul-ui/tests/unit/adapters/permission-test.js
index 6c4a4ffc7b14..425e128eef60 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/permission-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/permission-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/policy-test.js b/ui/packages/consul-ui/tests/unit/adapters/policy-test.js
index df60ec979ce6..d4f2ba570f00 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/policy-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/proxy-test.js b/ui/packages/consul-ui/tests/unit/adapters/proxy-test.js
index 1bd140b21ad9..c44edfd8a25c 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/proxy-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/proxy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/role-test.js b/ui/packages/consul-ui/tests/unit/adapters/role-test.js
index 33e7490968c1..99fdcf1b9762 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/role-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/service-instance-test.js b/ui/packages/consul-ui/tests/unit/adapters/service-instance-test.js
index 99cba66655f7..fa8fe8bf9035 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/session-test.js b/ui/packages/consul-ui/tests/unit/adapters/session-test.js
index db5c71692d22..dd2017e13337 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/session-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/adapters/token-test.js b/ui/packages/consul-ui/tests/unit/adapters/token-test.js
index d18e04b9fc7b..b3ce51ce1787 100644
--- a/ui/packages/consul-ui/tests/unit/adapters/token-test.js
+++ b/ui/packages/consul-ui/tests/unit/adapters/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-alternate-services-test.js b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-alternate-services-test.js
index f3175f1d79cc..d9a7b0fb3adb 100644
--- a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-alternate-services-test.js
+++ b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-alternate-services-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { getAlternateServices } from 'consul-ui/components/consul/discovery-chain/utils';
diff --git a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-resolvers-test.js b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-resolvers-test.js
index d79af58a009f..292f5684e186 100644
--- a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-resolvers-test.js
+++ b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-resolvers-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { getResolvers } from 'consul-ui/components/consul/discovery-chain/utils';
diff --git a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-splitters-test.js b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-splitters-test.js
index 274faf0aa37f..4e811f4600c8 100644
--- a/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-splitters-test.js
+++ b/ui/packages/consul-ui/tests/unit/components/consul/discovery-chain/get-splitters-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { getSplitters } from 'consul-ui/components/consul/discovery-chain/utils';
diff --git a/ui/packages/consul-ui/tests/unit/components/search-bar/filters-test.js b/ui/packages/consul-ui/tests/unit/components/search-bar/filters-test.js
index 4cb8c2f47ee5..9c6d220022f9 100644
--- a/ui/packages/consul-ui/tests/unit/components/search-bar/filters-test.js
+++ b/ui/packages/consul-ui/tests/unit/components/search-bar/filters-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { filters } from 'consul-ui/components/search-bar/utils';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/application-test.js b/ui/packages/consul-ui/tests/unit/controllers/application-test.js
index 24b5d637b5b1..77536bac6bb9 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/application-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/application-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/create-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/create-test.js
index 4d9696bbc77b..d2523d425460 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/edit-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/edit-test.js
index 14692ed7727a..f80c923ced3c 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/policies/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/create-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/create-test.js
index c729fabfd7ca..dbd1d72bd697 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/edit-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/edit-test.js
index c09fe6ff8a47..0b950b1903d3 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/roles/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/create-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/create-test.js
index aacd287523dc..e4490d10f65d 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/edit-test.js b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/edit-test.js
index 441490f35161..d66cb946ca9f 100644
--- a/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/controllers/dc/acls/tokens/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/filter/predicates/intention-test.js b/ui/packages/consul-ui/tests/unit/filter/predicates/intention-test.js
index c07a58f78965..d23f24e664da 100644
--- a/ui/packages/consul-ui/tests/unit/filter/predicates/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/filter/predicates/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { andOr } from 'consul-ui/utils/filter';
diff --git a/ui/packages/consul-ui/tests/unit/filter/predicates/service-test.js b/ui/packages/consul-ui/tests/unit/filter/predicates/service-test.js
index 851a7b0dd761..3b490fb53f29 100644
--- a/ui/packages/consul-ui/tests/unit/filter/predicates/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/filter/predicates/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import predicates from 'consul-ui/filter/predicates/service';
diff --git a/ui/packages/consul-ui/tests/unit/helpers/document-attrs-test.js b/ui/packages/consul-ui/tests/unit/helpers/document-attrs-test.js
index 61e581301b1e..0f083c55cbc0 100644
--- a/ui/packages/consul-ui/tests/unit/helpers/document-attrs-test.js
+++ b/ui/packages/consul-ui/tests/unit/helpers/document-attrs-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/helpers/policy/datacenters-test.js b/ui/packages/consul-ui/tests/unit/helpers/policy/datacenters-test.js
index 0c55c5bda015..7ee732cda633 100644
--- a/ui/packages/consul-ui/tests/unit/helpers/policy/datacenters-test.js
+++ b/ui/packages/consul-ui/tests/unit/helpers/policy/datacenters-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { datacenters } from 'consul-ui/helpers/policy/datacenters';
diff --git a/ui/packages/consul-ui/tests/unit/helpers/token/is-anonymous-test.js b/ui/packages/consul-ui/tests/unit/helpers/token/is-anonymous-test.js
index 1ba0bd952cfb..939e9361ea7c 100644
--- a/ui/packages/consul-ui/tests/unit/helpers/token/is-anonymous-test.js
+++ b/ui/packages/consul-ui/tests/unit/helpers/token/is-anonymous-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { isAnonymous } from 'consul-ui/helpers/token/is-anonymous';
diff --git a/ui/packages/consul-ui/tests/unit/helpers/token/is-legacy-test.js b/ui/packages/consul-ui/tests/unit/helpers/token/is-legacy-test.js
index fa698e188045..d4095b717bfa 100644
--- a/ui/packages/consul-ui/tests/unit/helpers/token/is-legacy-test.js
+++ b/ui/packages/consul-ui/tests/unit/helpers/token/is-legacy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { isLegacy } from 'consul-ui/helpers/token/is-legacy';
diff --git a/ui/packages/consul-ui/tests/unit/mixins/policy/as-many-test.js b/ui/packages/consul-ui/tests/unit/mixins/policy/as-many-test.js
index 93e6a5cf5069..adc5770f6bd8 100644
--- a/ui/packages/consul-ui/tests/unit/mixins/policy/as-many-test.js
+++ b/ui/packages/consul-ui/tests/unit/mixins/policy/as-many-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import EmberObject from '@ember/object';
diff --git a/ui/packages/consul-ui/tests/unit/mixins/role/as-many-test.js b/ui/packages/consul-ui/tests/unit/mixins/role/as-many-test.js
index 214429e2f886..1757bc87ecf0 100644
--- a/ui/packages/consul-ui/tests/unit/mixins/role/as-many-test.js
+++ b/ui/packages/consul-ui/tests/unit/mixins/role/as-many-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import EmberObject from '@ember/object';
diff --git a/ui/packages/consul-ui/tests/unit/mixins/with-blocking-actions-test.js b/ui/packages/consul-ui/tests/unit/mixins/with-blocking-actions-test.js
index 191db25a4bd9..ff7bb62f3f70 100644
--- a/ui/packages/consul-ui/tests/unit/mixins/with-blocking-actions-test.js
+++ b/ui/packages/consul-ui/tests/unit/mixins/with-blocking-actions-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test, skip } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/auth-method-test.js b/ui/packages/consul-ui/tests/unit/models/auth-method-test.js
index 5c4ac9609904..6b6d438c3a8a 100644
--- a/ui/packages/consul-ui/tests/unit/models/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/coordinate-test.js b/ui/packages/consul-ui/tests/unit/models/coordinate-test.js
index 9171e4f83a01..0a798b44ca66 100644
--- a/ui/packages/consul-ui/tests/unit/models/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/dc-test.js b/ui/packages/consul-ui/tests/unit/models/dc-test.js
index bcb9165ba3d3..7de25a5d12f3 100644
--- a/ui/packages/consul-ui/tests/unit/models/dc-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/dc-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/discovery-chain-test.js b/ui/packages/consul-ui/tests/unit/models/discovery-chain-test.js
index 6b1916bcfcc6..c36c8a3336b3 100644
--- a/ui/packages/consul-ui/tests/unit/models/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/intention-test.js b/ui/packages/consul-ui/tests/unit/models/intention-test.js
index 85f0215004bd..92107c0a4038 100644
--- a/ui/packages/consul-ui/tests/unit/models/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/kv-test.js b/ui/packages/consul-ui/tests/unit/models/kv-test.js
index f9ad4d780212..1a7e5773c01a 100644
--- a/ui/packages/consul-ui/tests/unit/models/kv-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/node-test.js b/ui/packages/consul-ui/tests/unit/models/node-test.js
index 19e5956599cc..c81915a06461 100644
--- a/ui/packages/consul-ui/tests/unit/models/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/oidc-provider-test.js b/ui/packages/consul-ui/tests/unit/models/oidc-provider-test.js
index 9ad475e7703b..06303cb75d1b 100644
--- a/ui/packages/consul-ui/tests/unit/models/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/partition-test.js b/ui/packages/consul-ui/tests/unit/models/partition-test.js
index e5e214f27206..75430ce68f89 100644
--- a/ui/packages/consul-ui/tests/unit/models/partition-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/permission-test.js b/ui/packages/consul-ui/tests/unit/models/permission-test.js
index b5dd6fb21c38..60f1f7417597 100644
--- a/ui/packages/consul-ui/tests/unit/models/permission-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/permission-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/policy-test.js b/ui/packages/consul-ui/tests/unit/models/policy-test.js
index 76bc9c3e6eb3..fc84bd9683aa 100644
--- a/ui/packages/consul-ui/tests/unit/models/policy-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/proxy-test.js b/ui/packages/consul-ui/tests/unit/models/proxy-test.js
index f2dc810cc3ef..c5e92e2e6b2a 100644
--- a/ui/packages/consul-ui/tests/unit/models/proxy-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/proxy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/role-test.js b/ui/packages/consul-ui/tests/unit/models/role-test.js
index 93aebe689b83..01bbb16e16cf 100644
--- a/ui/packages/consul-ui/tests/unit/models/role-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/service-instance-test.js b/ui/packages/consul-ui/tests/unit/models/service-instance-test.js
index d0d1139363e8..ffc7147978d9 100644
--- a/ui/packages/consul-ui/tests/unit/models/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/service-test.js b/ui/packages/consul-ui/tests/unit/models/service-test.js
index 68548e9d734d..05ffd0859527 100644
--- a/ui/packages/consul-ui/tests/unit/models/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/session-test.js b/ui/packages/consul-ui/tests/unit/models/session-test.js
index 51eab61ddb03..102649b88713 100644
--- a/ui/packages/consul-ui/tests/unit/models/session-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/models/token-test.js b/ui/packages/consul-ui/tests/unit/models/token-test.js
index c7cd395a857c..c1bea15d2c3b 100644
--- a/ui/packages/consul-ui/tests/unit/models/token-test.js
+++ b/ui/packages/consul-ui/tests/unit/models/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/application-test.js b/ui/packages/consul-ui/tests/unit/routes/application-test.js
index a070afbfe9d7..2c5338aba5ca 100644
--- a/ui/packages/consul-ui/tests/unit/routes/application-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/application-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc-test.js b/ui/packages/consul-ui/tests/unit/routes/dc-test.js
index 024b96804ca0..84823af993d7 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/create-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/create-test.js
index 25ba0db161d2..a5f24711c2c2 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/edit-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/edit-test.js
index d0c5a5be5a85..46f44bc2157d 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/index-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/index-test.js
index 694a3aedde4a..83ce8860ac2e 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/index-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/policies/index-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/create-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/create-test.js
index 33c934e6c0de..b909f7f6c69b 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/edit-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/edit-test.js
index a915006a670e..901faa8354e1 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/index-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/index-test.js
index 71cf811b8711..7a27803ff305 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/index-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/roles/index-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/create-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/create-test.js
index faa8f76ea373..2013496ecf39 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/create-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/create-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/edit-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/edit-test.js
index a79c35a52784..0ccc24848c35 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/edit-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/edit-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/index-test.js b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/index-test.js
index 4f9cf1437263..6fc4e3e979e7 100644
--- a/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/index-test.js
+++ b/ui/packages/consul-ui/tests/unit/routes/dc/acls/tokens/index-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/intention-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/intention-test.js
index 48b41cb91bf6..527df797951f 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/kv-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/kv-test.js
index 7c4fef714643..a07c6a23d1f8 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/kv-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/node-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/node-test.js
index 4ebfc0f88b91..77b6017e25e4 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/policy-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/policy-test.js
index 7af816c19ee0..06e934031c49 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/policy-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/role-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/role-test.js
index 8159fc899a50..c39a8aaebea3 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/role-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/service-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/service-test.js
index 55a7bb65d773..6331acf64138 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/search/predicates/token-test.js b/ui/packages/consul-ui/tests/unit/search/predicates/token-test.js
index dceab57d8d16..de7572bd58af 100644
--- a/ui/packages/consul-ui/tests/unit/search/predicates/token-test.js
+++ b/ui/packages/consul-ui/tests/unit/search/predicates/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/application-test.js b/ui/packages/consul-ui/tests/unit/serializers/application-test.js
index 180ae7617240..64f8eeddd7d7 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/application-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/application-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/auth-method-test.js b/ui/packages/consul-ui/tests/unit/serializers/auth-method-test.js
index 966140c5198a..7613eb76714a 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/binding-rule-test.js b/ui/packages/consul-ui/tests/unit/serializers/binding-rule-test.js
index 32167e1f91fd..33c5e6187687 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/binding-rule-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/binding-rule-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/coordinate-test.js b/ui/packages/consul-ui/tests/unit/serializers/coordinate-test.js
index e113e4741ce8..580e1d1a94ac 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/discovery-chain-test.js b/ui/packages/consul-ui/tests/unit/serializers/discovery-chain-test.js
index abaf69a1f5b3..63eb75fda79b 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/intention-test.js b/ui/packages/consul-ui/tests/unit/serializers/intention-test.js
index 69b499526992..448786753929 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/kv-test.js b/ui/packages/consul-ui/tests/unit/serializers/kv-test.js
index 6ca2c6501163..c299286b056f 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/kv-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/node-test.js b/ui/packages/consul-ui/tests/unit/serializers/node-test.js
index 5f9447b269ce..6c1a7ea814bb 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/nspace-test.js b/ui/packages/consul-ui/tests/unit/serializers/nspace-test.js
index 13df59b8df00..d89421edfa7b 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/nspace-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/nspace-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/oidc-provider-test.js b/ui/packages/consul-ui/tests/unit/serializers/oidc-provider-test.js
index 724aaf4701cd..93e060e6be45 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/partition-test.js b/ui/packages/consul-ui/tests/unit/serializers/partition-test.js
index d20a20d520c9..da56321c1dd9 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/partition-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/permission-test.js b/ui/packages/consul-ui/tests/unit/serializers/permission-test.js
index 62b12040a909..dd7c63fadc23 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/permission-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/permission-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/policy-test.js b/ui/packages/consul-ui/tests/unit/serializers/policy-test.js
index 92ec70d25537..3ae12a681ce0 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/policy-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/proxy-test.js b/ui/packages/consul-ui/tests/unit/serializers/proxy-test.js
index 41c96cfe373a..cad3cffa1cf6 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/proxy-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/proxy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/role-test.js b/ui/packages/consul-ui/tests/unit/serializers/role-test.js
index 1b3480406b17..fe9532506788 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/role-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/service-instance-test.js b/ui/packages/consul-ui/tests/unit/serializers/service-instance-test.js
index 1243f801a0dc..9270daf5d8ae 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/service-test.js b/ui/packages/consul-ui/tests/unit/serializers/service-test.js
index cb86999c71dc..b36e2cdb88bf 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/session-test.js b/ui/packages/consul-ui/tests/unit/serializers/session-test.js
index 8a84cfd0acf1..e75af66a70ee 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/session-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/serializers/token-test.js b/ui/packages/consul-ui/tests/unit/serializers/token-test.js
index 5c74e5de982a..2c05d27387bb 100644
--- a/ui/packages/consul-ui/tests/unit/serializers/token-test.js
+++ b/ui/packages/consul-ui/tests/unit/serializers/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/atob-test.js b/ui/packages/consul-ui/tests/unit/services/atob-test.js
index 81efeab86abe..97ddf0248438 100644
--- a/ui/packages/consul-ui/tests/unit/services/atob-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/atob-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/btoa-test.js b/ui/packages/consul-ui/tests/unit/services/btoa-test.js
index a2a33048d3e8..1c3ed8fcae32 100644
--- a/ui/packages/consul-ui/tests/unit/services/btoa-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/btoa-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/client/connections-test.js b/ui/packages/consul-ui/tests/unit/services/client/connections-test.js
index 9ec6eb986aac..f17453879c4d 100644
--- a/ui/packages/consul-ui/tests/unit/services/client/connections-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/client/connections-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/client/http-test.js b/ui/packages/consul-ui/tests/unit/services/client/http-test.js
index daeb9c2c90e0..89736e196116 100644
--- a/ui/packages/consul-ui/tests/unit/services/client/http-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/client/http-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/client/transports/xhr-test.js b/ui/packages/consul-ui/tests/unit/services/client/transports/xhr-test.js
index 7666345c5350..49db5f56f21b 100644
--- a/ui/packages/consul-ui/tests/unit/services/client/transports/xhr-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/client/transports/xhr-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/clipboard/local-storage-test.js b/ui/packages/consul-ui/tests/unit/services/clipboard/local-storage-test.js
index 8145897d1f5c..dabdd6fe86a0 100644
--- a/ui/packages/consul-ui/tests/unit/services/clipboard/local-storage-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/clipboard/local-storage-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/clipboard/os-test.js b/ui/packages/consul-ui/tests/unit/services/clipboard/os-test.js
index d2daeb5d9355..d4e09a8eb9d4 100644
--- a/ui/packages/consul-ui/tests/unit/services/clipboard/os-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/clipboard/os-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/code-mirror/linter-test.js b/ui/packages/consul-ui/tests/unit/services/code-mirror/linter-test.js
index ec7c35002e39..9df3aa6cfbd2 100644
--- a/ui/packages/consul-ui/tests/unit/services/code-mirror/linter-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/code-mirror/linter-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/data-source/protocols/http-test.js b/ui/packages/consul-ui/tests/unit/services/data-source/protocols/http-test.js
index b36d8662bb0e..8648e1800404 100644
--- a/ui/packages/consul-ui/tests/unit/services/data-source/protocols/http-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/data-source/protocols/http-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/data-source/protocols/local-storage-test.js b/ui/packages/consul-ui/tests/unit/services/data-source/protocols/local-storage-test.js
index 6989f1224bd2..5e71a167fc18 100644
--- a/ui/packages/consul-ui/tests/unit/services/data-source/protocols/local-storage-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/data-source/protocols/local-storage-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/data-structs-test.js b/ui/packages/consul-ui/tests/unit/services/data-structs-test.js
index 5605bf213d78..d6ade0fceb69 100644
--- a/ui/packages/consul-ui/tests/unit/services/data-structs-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/data-structs-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/dom-test.js b/ui/packages/consul-ui/tests/unit/services/dom-test.js
index f59fe47988cd..99e2677355e8 100644
--- a/ui/packages/consul-ui/tests/unit/services/dom-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/dom-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/encoder-test.js b/ui/packages/consul-ui/tests/unit/services/encoder-test.js
index 69217f9a145c..9bd28f2ad4aa 100644
--- a/ui/packages/consul-ui/tests/unit/services/encoder-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/encoder-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/env-test.js b/ui/packages/consul-ui/tests/unit/services/env-test.js
index f8227a0debdd..188883dcb5a2 100644
--- a/ui/packages/consul-ui/tests/unit/services/env-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/env-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/feedback-test.js b/ui/packages/consul-ui/tests/unit/services/feedback-test.js
index c0198fb80bf5..43a5c18f1f7c 100644
--- a/ui/packages/consul-ui/tests/unit/services/feedback-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/feedback-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/form-test.js b/ui/packages/consul-ui/tests/unit/services/form-test.js
index c0da3021c267..4bd70b07fa3d 100644
--- a/ui/packages/consul-ui/tests/unit/services/form-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/form-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/logger-test.js b/ui/packages/consul-ui/tests/unit/services/logger-test.js
index baa4c0d6c288..8ff46e15c0b0 100644
--- a/ui/packages/consul-ui/tests/unit/services/logger-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/logger-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository-test.js b/ui/packages/consul-ui/tests/unit/services/repository-test.js
index 8a2a0ee71634..c968d81d32c1 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/auth-method-test.js b/ui/packages/consul-ui/tests/unit/services/repository/auth-method-test.js
index 45680b4ff2c8..adb1126f5c72 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/auth-method-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/auth-method-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/coordinate-test.js b/ui/packages/consul-ui/tests/unit/services/repository/coordinate-test.js
index 583df58d65d6..d7ceb6b98ea4 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/coordinate-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/coordinate-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/dc-test.js b/ui/packages/consul-ui/tests/unit/services/repository/dc-test.js
index b140b3782fdf..95cda6e13b3e 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/dc-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/dc-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/discovery-chain-test.js b/ui/packages/consul-ui/tests/unit/services/repository/discovery-chain-test.js
index 764f06fd3d4e..f950d712244f 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/discovery-chain-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/discovery-chain-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/intention-test.js b/ui/packages/consul-ui/tests/unit/services/repository/intention-test.js
index dd820573721b..7caeae2ee19e 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/intention-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/intention-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/kv-test.js b/ui/packages/consul-ui/tests/unit/services/repository/kv-test.js
index d556f3281577..e6da38fecdf1 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/kv-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/kv-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/node-test.js b/ui/packages/consul-ui/tests/unit/services/repository/node-test.js
index a82cf48de3d1..81cb7180d3bd 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/nspace-test.js b/ui/packages/consul-ui/tests/unit/services/repository/nspace-test.js
index 9b586e59778e..c70c28730a12 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/nspace-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/nspace-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/oidc-provider-test.js b/ui/packages/consul-ui/tests/unit/services/repository/oidc-provider-test.js
index f6ed9caec446..eaf6704f807d 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/oidc-provider-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/oidc-provider-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/partition-test.js b/ui/packages/consul-ui/tests/unit/services/repository/partition-test.js
index 24508b765c7d..1eb005bcb697 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/partition-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/partition-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/permission-test.js b/ui/packages/consul-ui/tests/unit/services/repository/permission-test.js
index 8f938aff7d05..13ac3c854e4e 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/permission-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/permission-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/policy-test.js b/ui/packages/consul-ui/tests/unit/services/repository/policy-test.js
index e3ca6725ec46..dc1b4da9e18a 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/policy-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/policy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/role-test.js b/ui/packages/consul-ui/tests/unit/services/repository/role-test.js
index 45e2f155ff6a..38f3daaf533c 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/role-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/role-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/service-instance-test.js b/ui/packages/consul-ui/tests/unit/services/repository/service-instance-test.js
index 2b7282e9108c..3128e116eb8f 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/service-instance-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/service-instance-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/service-test.js b/ui/packages/consul-ui/tests/unit/services/repository/service-test.js
index 2005c7b51a30..e4021e95987e 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/session-test.js b/ui/packages/consul-ui/tests/unit/services/repository/session-test.js
index ae574013b210..d2ecc8e80257 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/session-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/session-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/repository/token-test.js b/ui/packages/consul-ui/tests/unit/services/repository/token-test.js
index bc254bbda92d..d5fc08a36b94 100644
--- a/ui/packages/consul-ui/tests/unit/services/repository/token-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/repository/token-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/search-test.js b/ui/packages/consul-ui/tests/unit/services/search-test.js
index 7d6f3394543d..f4ee9d60a446 100644
--- a/ui/packages/consul-ui/tests/unit/services/search-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/search-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/settings-test.js b/ui/packages/consul-ui/tests/unit/services/settings-test.js
index c55715de12c5..6c1f4bac1d5f 100644
--- a/ui/packages/consul-ui/tests/unit/services/settings-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/settings-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/sort-test.js b/ui/packages/consul-ui/tests/unit/services/sort-test.js
index 2d5aaff2fe3d..b9a4f90a5750 100644
--- a/ui/packages/consul-ui/tests/unit/services/sort-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/sort-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/state-test.js b/ui/packages/consul-ui/tests/unit/services/state-test.js
index 66d646dd4bbc..8f7d158df75e 100644
--- a/ui/packages/consul-ui/tests/unit/services/state-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/state-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/store-test.js b/ui/packages/consul-ui/tests/unit/services/store-test.js
index 49ba4efd3b2b..317b511ab724 100644
--- a/ui/packages/consul-ui/tests/unit/services/store-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/store-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/temporal-test.js b/ui/packages/consul-ui/tests/unit/services/temporal-test.js
index f593dff693f0..f5dbf8eb54aa 100644
--- a/ui/packages/consul-ui/tests/unit/services/temporal-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/temporal-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/ticker-test.js b/ui/packages/consul-ui/tests/unit/services/ticker-test.js
index 69e73eaf7b6f..2127ae0b04b5 100644
--- a/ui/packages/consul-ui/tests/unit/services/ticker-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/ticker-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/services/timeout-test.js b/ui/packages/consul-ui/tests/unit/services/timeout-test.js
index b057e79d6eda..dfdcdb010708 100644
--- a/ui/packages/consul-ui/tests/unit/services/timeout-test.js
+++ b/ui/packages/consul-ui/tests/unit/services/timeout-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js b/ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js
index 2d8eaa6bd85c..9b5c5ea75680 100644
--- a/ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js
+++ b/ui/packages/consul-ui/tests/unit/sort/comparators/node-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import comparators from 'consul-ui/sort/comparators/node';
diff --git a/ui/packages/consul-ui/tests/unit/sort/comparators/service-test.js b/ui/packages/consul-ui/tests/unit/sort/comparators/service-test.js
index f40ae6da6499..99cd69eb410a 100644
--- a/ui/packages/consul-ui/tests/unit/sort/comparators/service-test.js
+++ b/ui/packages/consul-ui/tests/unit/sort/comparators/service-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import comparators from 'consul-ui/sort/comparators/service';
diff --git a/ui/packages/consul-ui/tests/unit/utils/ascend-test.js b/ui/packages/consul-ui/tests/unit/utils/ascend-test.js
index d9dca4ef6125..ae73cb890151 100644
--- a/ui/packages/consul-ui/tests/unit/utils/ascend-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/ascend-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/atob-test.js b/ui/packages/consul-ui/tests/unit/utils/atob-test.js
index d18c751460f6..6205f2929bba 100644
--- a/ui/packages/consul-ui/tests/unit/utils/atob-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/atob-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/btoa-test.js b/ui/packages/consul-ui/tests/unit/utils/btoa-test.js
index c70a7824035f..ae112557bd94 100644
--- a/ui/packages/consul-ui/tests/unit/utils/btoa-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/btoa-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/callable-type-test.js b/ui/packages/consul-ui/tests/unit/utils/callable-type-test.js
index f82517c36373..c2de0f0b39ee 100644
--- a/ui/packages/consul-ui/tests/unit/utils/callable-type-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/callable-type-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import callableType from 'consul-ui/utils/callable-type';
diff --git a/ui/packages/consul-ui/tests/unit/utils/create-fingerprinter-test.js b/ui/packages/consul-ui/tests/unit/utils/create-fingerprinter-test.js
index cc885604eec7..a72d50ed1cc0 100644
--- a/ui/packages/consul-ui/tests/unit/utils/create-fingerprinter-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/create-fingerprinter-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import createFingerprinter from 'consul-ui/utils/create-fingerprinter';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/click-first-anchor-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/click-first-anchor-test.js
index 002f7a74f629..81b6daf54f02 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/click-first-anchor-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/click-first-anchor-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domClickFirstAnchor from 'consul-ui/utils/dom/click-first-anchor';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/closest-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/closest-test.js
index f91f3464dd4b..60bd5747161a 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/closest-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/closest-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domClosest from 'consul-ui/utils/dom/closest';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/create-listeners-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/create-listeners-test.js
index cc9e787d2af3..a3f995e4a3d6 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/create-listeners-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/create-listeners-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import createListeners from 'consul-ui/utils/dom/create-listeners';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/blocking-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/blocking-test.js
index 88e2a45c832c..b6158356cea6 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/blocking-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/blocking-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domEventSourceBlocking, {
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/cache-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/cache-test.js
index bc77a11e03e3..8b8bc23b0b2d 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/cache-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/cache-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domEventSourceCache from 'consul-ui/utils/dom/event-source/cache';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/callable-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/callable-test.js
index d08d6f2153fc..fdb822eaa9fc 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/callable-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/callable-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domEventSourceCallable, { defaultRunner } from 'consul-ui/utils/dom/event-source/callable';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/index-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/index-test.js
index e5bfb1885a83..ee95d3db41e2 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/index-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/index-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import {
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/openable-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/openable-test.js
index 7146351d338e..6531fcd184ea 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/openable-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/openable-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domEventSourceOpenable from 'consul-ui/utils/dom/event-source/openable';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/proxy-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/proxy-test.js
index 0ed911a62822..c62d19627729 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/proxy-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/proxy-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domEventSourceProxy from 'consul-ui/utils/dom/event-source/proxy';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/resolver-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/resolver-test.js
index 92bdb2fb0f30..c2487919b272 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/resolver-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/resolver-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domEventSourceResolver from 'consul-ui/utils/dom/event-source/resolver';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/storage-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/storage-test.js
index 40bfd2ec3a59..86dc9f1ef61b 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-source/storage-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-source/storage-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domEventSourceStorage from 'consul-ui/utils/dom/event-source/storage';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/event-target/rsvp-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/event-target/rsvp-test.js
index 792819a4a128..e8c07a618bba 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/event-target/rsvp-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/event-target/rsvp-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domEventTargetRsvp from 'consul-ui/utils/dom/event-target/rsvp';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/get-component-factory-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/get-component-factory-test.js
index 9f36ac1e5dd0..13b83f583e5a 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/get-component-factory-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/get-component-factory-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import getComponentFactory from 'consul-ui/utils/dom/get-component-factory';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/is-outside-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/is-outside-test.js
index deb701a31cc5..2c0632472ad3 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/is-outside-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/is-outside-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domIsOutside from 'consul-ui/utils/dom/is-outside';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/normalize-event-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/normalize-event-test.js
index 393aed012a35..bc55cf10ab72 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/normalize-event-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/normalize-event-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domNormalizeEvent from 'consul-ui/utils/dom/normalize-event';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/qsa-factory-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/qsa-factory-test.js
index 16c46f6287cc..66006a847754 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/qsa-factory-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/qsa-factory-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import qsaFactory from 'consul-ui/utils/dom/qsa-factory';
diff --git a/ui/packages/consul-ui/tests/unit/utils/dom/sibling-test.js b/ui/packages/consul-ui/tests/unit/utils/dom/sibling-test.js
index 41657164df69..7f90adba2ae5 100644
--- a/ui/packages/consul-ui/tests/unit/utils/dom/sibling-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/dom/sibling-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import domSibling from 'consul-ui/utils/dom/sibling';
diff --git a/ui/packages/consul-ui/tests/unit/utils/get-environment-test.js b/ui/packages/consul-ui/tests/unit/utils/get-environment-test.js
index e83f898629ae..ccf28a58e1e8 100644
--- a/ui/packages/consul-ui/tests/unit/utils/get-environment-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/get-environment-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import getEnvironment from 'consul-ui/utils/get-environment';
diff --git a/ui/packages/consul-ui/tests/unit/utils/get-form-name-property-test.js b/ui/packages/consul-ui/tests/unit/utils/get-form-name-property-test.js
index 988c393986ba..7c994078ba52 100644
--- a/ui/packages/consul-ui/tests/unit/utils/get-form-name-property-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/get-form-name-property-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import getFormNameProperty from 'consul-ui/utils/get-form-name-property';
diff --git a/ui/packages/consul-ui/tests/unit/utils/helpers/call-if-type-test.js b/ui/packages/consul-ui/tests/unit/utils/helpers/call-if-type-test.js
index 25a2f9978f54..27601378e4ff 100644
--- a/ui/packages/consul-ui/tests/unit/utils/helpers/call-if-type-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/helpers/call-if-type-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import callIfType from 'consul-ui/utils/helpers/call-if-type';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/create-headers-test.js b/ui/packages/consul-ui/tests/unit/utils/http/create-headers-test.js
index 281c74e94c14..5876fa8281f9 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/create-headers-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/create-headers-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import createHeaders from 'consul-ui/utils/http/create-headers';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/create-query-params-test.js b/ui/packages/consul-ui/tests/unit/utils/http/create-query-params-test.js
index d933545f6b23..6b4ab71b215c 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/create-query-params-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/create-query-params-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import createQueryParams from 'consul-ui/utils/http/create-query-params';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/create-url-test.js b/ui/packages/consul-ui/tests/unit/utils/http/create-url-test.js
index adcb66470b85..0cc517a2d3d3 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/create-url-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/create-url-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/error-test.js b/ui/packages/consul-ui/tests/unit/utils/http/error-test.js
index 1a0ae840ec44..73c92f19cd2a 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/error-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/error-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import HttpError from 'consul-ui/utils/http/error';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/request-test.js b/ui/packages/consul-ui/tests/unit/utils/http/request-test.js
index 8ddc0f416446..6c2c8a4905cc 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/request-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/request-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import httpRequest from 'consul-ui/utils/http/request';
diff --git a/ui/packages/consul-ui/tests/unit/utils/http/xhr-test.js b/ui/packages/consul-ui/tests/unit/utils/http/xhr-test.js
index eaf08a35b5be..566425b26acc 100644
--- a/ui/packages/consul-ui/tests/unit/utils/http/xhr-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/http/xhr-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import httpXhr from 'consul-ui/utils/http/xhr';
diff --git a/ui/packages/consul-ui/tests/unit/utils/isFolder-test.js b/ui/packages/consul-ui/tests/unit/utils/isFolder-test.js
index f609ad5ef635..fb24076b0d3a 100644
--- a/ui/packages/consul-ui/tests/unit/utils/isFolder-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/isFolder-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/keyToArray-test.js b/ui/packages/consul-ui/tests/unit/utils/keyToArray-test.js
index 919805eb5831..f8f91b390c0e 100644
--- a/ui/packages/consul-ui/tests/unit/utils/keyToArray-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/keyToArray-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/left-trim-test.js b/ui/packages/consul-ui/tests/unit/utils/left-trim-test.js
index b3b11c312910..9be942f459e3 100644
--- a/ui/packages/consul-ui/tests/unit/utils/left-trim-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/left-trim-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/maybe-call-test.js b/ui/packages/consul-ui/tests/unit/utils/maybe-call-test.js
index ed46c61233f1..ef3943cd9f56 100644
--- a/ui/packages/consul-ui/tests/unit/utils/maybe-call-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/maybe-call-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import maybeCall from 'consul-ui/utils/maybe-call';
diff --git a/ui/packages/consul-ui/tests/unit/utils/merge-checks-test.js b/ui/packages/consul-ui/tests/unit/utils/merge-checks-test.js
index 743a7e1ca77f..0a51a4c1fa93 100644
--- a/ui/packages/consul-ui/tests/unit/utils/merge-checks-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/merge-checks-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import mergeChecks from 'consul-ui/utils/merge-checks';
diff --git a/ui/packages/consul-ui/tests/unit/utils/non-empty-set-test.js b/ui/packages/consul-ui/tests/unit/utils/non-empty-set-test.js
index c8babd8a07c0..6da9f31d338a 100644
--- a/ui/packages/consul-ui/tests/unit/utils/non-empty-set-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/non-empty-set-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import nonEmptySet from 'consul-ui/utils/non-empty-set';
diff --git a/ui/packages/consul-ui/tests/unit/utils/path/resolve-test.js b/ui/packages/consul-ui/tests/unit/utils/path/resolve-test.js
index 62fdd9ba417e..9f7bb419eb87 100644
--- a/ui/packages/consul-ui/tests/unit/utils/path/resolve-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/path/resolve-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import resolve from 'consul-ui/utils/path/resolve';
diff --git a/ui/packages/consul-ui/tests/unit/utils/promisedTimeout-test.js b/ui/packages/consul-ui/tests/unit/utils/promisedTimeout-test.js
index 646f670fd358..6820941a4a24 100644
--- a/ui/packages/consul-ui/tests/unit/utils/promisedTimeout-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/promisedTimeout-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, skip, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/right-trim-test.js b/ui/packages/consul-ui/tests/unit/utils/right-trim-test.js
index e2367a582d68..fdf9152bdbf2 100644
--- a/ui/packages/consul-ui/tests/unit/utils/right-trim-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/right-trim-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/routing/transitionable-test.js b/ui/packages/consul-ui/tests/unit/utils/routing/transitionable-test.js
index ffb5be1fb3ee..e82ce9afe8c9 100644
--- a/ui/packages/consul-ui/tests/unit/utils/routing/transitionable-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/routing/transitionable-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import transitionable from 'consul-ui/utils/routing/transitionable';
diff --git a/ui/packages/consul-ui/tests/unit/utils/routing/walk-test.js b/ui/packages/consul-ui/tests/unit/utils/routing/walk-test.js
index 6449b3d267e5..40dfc70305e3 100644
--- a/ui/packages/consul-ui/tests/unit/utils/routing/walk-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/routing/walk-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { walk } from 'consul-ui/utils/routing/walk';
diff --git a/ui/packages/consul-ui/tests/unit/utils/routing/wildcard-test.js b/ui/packages/consul-ui/tests/unit/utils/routing/wildcard-test.js
index 1b186ea495f6..70dc7be124b0 100644
--- a/ui/packages/consul-ui/tests/unit/utils/routing/wildcard-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/routing/wildcard-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import wildcard from 'consul-ui/utils/routing/wildcard';
diff --git a/ui/packages/consul-ui/tests/unit/utils/storage/local-storage-test.js b/ui/packages/consul-ui/tests/unit/utils/storage/local-storage-test.js
index 9dc567b2a13d..086206304d5f 100644
--- a/ui/packages/consul-ui/tests/unit/utils/storage/local-storage-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/storage/local-storage-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import localStorage from 'consul-ui/utils/storage/local-storage';
diff --git a/ui/packages/consul-ui/tests/unit/utils/templatize-test.js b/ui/packages/consul-ui/tests/unit/utils/templatize-test.js
index 3d523fe7dd36..0152a37f2910 100644
--- a/ui/packages/consul-ui/tests/unit/utils/templatize-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/templatize-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import templatize from 'consul-ui/utils/templatize';
diff --git a/ui/packages/consul-ui/tests/unit/utils/ticker/index-test.js b/ui/packages/consul-ui/tests/unit/utils/ticker/index-test.js
index 11a8adf83b09..db8d28758df4 100644
--- a/ui/packages/consul-ui/tests/unit/utils/ticker/index-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/ticker/index-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import tickerIndex from 'consul-ui/utils/ticker/index';
diff --git a/ui/packages/consul-ui/tests/unit/utils/ucfirst-test.js b/ui/packages/consul-ui/tests/unit/utils/ucfirst-test.js
index 0d4641777bc8..9a5c6995d2fa 100644
--- a/ui/packages/consul-ui/tests/unit/utils/ucfirst-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/ucfirst-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import { module, test } from 'qunit';
diff --git a/ui/packages/consul-ui/tests/unit/utils/update-array-object-test.js b/ui/packages/consul-ui/tests/unit/utils/update-array-object-test.js
index 11ac8a3f2b2e..a62268675f9a 100644
--- a/ui/packages/consul-ui/tests/unit/utils/update-array-object-test.js
+++ b/ui/packages/consul-ui/tests/unit/utils/update-array-object-test.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 import updateArrayObject from 'consul-ui/utils/update-array-object';
diff --git a/ui/packages/consul-ui/translations/common/en-us.yaml b/ui/packages/consul-ui/translations/common/en-us.yaml
index 87e617e90c15..b0dc3bffeeda 100644
--- a/ui/packages/consul-ui/translations/common/en-us.yaml
+++ b/ui/packages/consul-ui/translations/common/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 brand:
   consul: Consul
diff --git a/ui/packages/consul-ui/translations/components/app/en-us.yaml b/ui/packages/consul-ui/translations/components/app/en-us.yaml
index b636cd2c687c..e586505bb9de 100644
--- a/ui/packages/consul-ui/translations/components/app/en-us.yaml
+++ b/ui/packages/consul-ui/translations/components/app/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 skip_to_content: Skip to Content
 toggle_menu: Toggle Menu
diff --git a/ui/packages/consul-ui/translations/components/consul/en-us.yaml b/ui/packages/consul-ui/translations/components/consul/en-us.yaml
index 647d96f7f90e..c7e94db563c5 100644
--- a/ui/packages/consul-ui/translations/components/consul/en-us.yaml
+++ b/ui/packages/consul-ui/translations/components/consul/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 peer:
   search-bar:
diff --git a/ui/packages/consul-ui/translations/components/copy-button/en-us.yaml b/ui/packages/consul-ui/translations/components/copy-button/en-us.yaml
index c9d8b01c428c..e9402b4a98df 100644
--- a/ui/packages/consul-ui/translations/components/copy-button/en-us.yaml
+++ b/ui/packages/consul-ui/translations/components/copy-button/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 title: Copy {name} to the clipboard
 success: Copied {name}
diff --git a/ui/packages/consul-ui/translations/models/en-us.yaml b/ui/packages/consul-ui/translations/models/en-us.yaml
index bab5f63ef819..88183f7d5db6 100644
--- a/ui/packages/consul-ui/translations/models/en-us.yaml
+++ b/ui/packages/consul-ui/translations/models/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 auth-method:
   Description: Description
diff --git a/ui/packages/consul-ui/translations/routes/en-us.yaml b/ui/packages/consul-ui/translations/routes/en-us.yaml
index 0989aed2e7a3..129686384002 100644
--- a/ui/packages/consul-ui/translations/routes/en-us.yaml
+++ b/ui/packages/consul-ui/translations/routes/en-us.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 dc:
   show:
diff --git a/ui/packages/consul-ui/vendor/consul-ui/routes-debug.js b/ui/packages/consul-ui/vendor/consul-ui/routes-debug.js
index 9b253336c674..0c91ae320638 100644
--- a/ui/packages/consul-ui/vendor/consul-ui/routes-debug.js
+++ b/ui/packages/consul-ui/vendor/consul-ui/routes-debug.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (routes =>
diff --git a/ui/packages/consul-ui/vendor/consul-ui/routes.js b/ui/packages/consul-ui/vendor/consul-ui/routes.js
index 07abd5c1b701..ec25fb0a2428 100644
--- a/ui/packages/consul-ui/vendor/consul-ui/routes.js
+++ b/ui/packages/consul-ui/vendor/consul-ui/routes.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (routes =>
diff --git a/ui/packages/consul-ui/vendor/consul-ui/services-debug.js b/ui/packages/consul-ui/vendor/consul-ui/services-debug.js
index 7bd4a8e4c01c..9370e6bcd73e 100644
--- a/ui/packages/consul-ui/vendor/consul-ui/services-debug.js
+++ b/ui/packages/consul-ui/vendor/consul-ui/services-debug.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (services =>
diff --git a/ui/packages/consul-ui/vendor/consul-ui/services.js b/ui/packages/consul-ui/vendor/consul-ui/services.js
index e325871a9391..6f5f1c2a4121 100644
--- a/ui/packages/consul-ui/vendor/consul-ui/services.js
+++ b/ui/packages/consul-ui/vendor/consul-ui/services.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (services =>
diff --git a/ui/packages/consul-ui/vendor/init.js b/ui/packages/consul-ui/vendor/init.js
index 5bdf4d3166a6..350ca0327a54 100644
--- a/ui/packages/consul-ui/vendor/init.js
+++ b/ui/packages/consul-ui/vendor/init.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (function(doc, appName) {
diff --git a/ui/packages/consul-ui/vendor/metrics-providers/consul.js b/ui/packages/consul-ui/vendor/metrics-providers/consul.js
index a14b606f8e3d..ded572e2912e 100644
--- a/ui/packages/consul-ui/vendor/metrics-providers/consul.js
+++ b/ui/packages/consul-ui/vendor/metrics-providers/consul.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 (function(global) {
diff --git a/ui/packages/consul-ui/vendor/metrics-providers/prometheus.js b/ui/packages/consul-ui/vendor/metrics-providers/prometheus.js
index 56f33b299607..f88eaf95df7a 100644
--- a/ui/packages/consul-ui/vendor/metrics-providers/prometheus.js
+++ b/ui/packages/consul-ui/vendor/metrics-providers/prometheus.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 /*eslint no-console: "off"*/
diff --git a/version/VERSION b/version/VERSION
index ee8855caa4a7..76db3f495a3a 100644
--- a/version/VERSION
+++ b/version/VERSION
@@ -1 +1 @@
-1.17.0-dev
+1.16.2-dev
diff --git a/version/fips.go b/version/fips.go
index 922d60644f2e..4700bc6813de 100644
--- a/version/fips.go
+++ b/version/fips.go
@@ -1,6 +1,3 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
 //go:build !fips
 
 package version
diff --git a/version/version.go b/version/version.go
index ea52f0ff89d2..0b81e19d2bc5 100644
--- a/version/version.go
+++ b/version/version.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package version
 
diff --git a/version/version_test.go b/version/version_test.go
index f295602f7517..afc517e00683 100644
--- a/version/version_test.go
+++ b/version/version_test.go
@@ -1,5 +1,5 @@
 // Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
+// SPDX-License-Identifier: MPL-2.0
 
 package version
 
diff --git a/website/.eslintrc.js b/website/.eslintrc.js
index 32359e4f8d0d..15da27e48c4a 100644
--- a/website/.eslintrc.js
+++ b/website/.eslintrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 module.exports = {
diff --git a/website/.stylelintrc.js b/website/.stylelintrc.js
index b651a8460930..01d3cc17031a 100644
--- a/website/.stylelintrc.js
+++ b/website/.stylelintrc.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 module.exports = {
diff --git a/website/content/api-docs/acl/index.mdx b/website/content/api-docs/acl/index.mdx
index 57a527d99d63..835a8e28dd40 100644
--- a/website/content/api-docs/acl/index.mdx
+++ b/website/content/api-docs/acl/index.mdx
@@ -444,7 +444,7 @@ replication enabled.
   login. This must be of type [`oidc`](/consul/docs/security/acl/auth-methods/oidc).
 
 - `State` `(string: <required>)` - Opaque state ID that is part of the
-  Authorization URL and will be included in the redirect following
+  Authorization URL and will be included in the the redirect following
   successful authentication on the provider.
 
 - `Code` `(string: <required>)` - Provider-generated authorization code that
diff --git a/website/content/api-docs/acl/tokens.mdx b/website/content/api-docs/acl/tokens.mdx
index 42b254ddfff3..d1e6d609af69 100644
--- a/website/content/api-docs/acl/tokens.mdx
+++ b/website/content/api-docs/acl/tokens.mdx
@@ -682,6 +682,9 @@ The corresponding CLI command is [`consul acl token list`](/consul/commands/acl/
 - `role` `(string: "")` - Filters the token list to those tokens that are
   linked with this specific role ID.
 
+- `servicename` `(string: "")` - Filters the token list to those tokens that are
+  linked with this specific service name in their service identity.
+
 - `authmethod` `(string: "")` - Filters the token list to those tokens that are
   linked with this specific named auth method.
 
diff --git a/website/content/api-docs/agent/check.mdx b/website/content/api-docs/agent/check.mdx
index 03364b6aeb31..5faf7286295f 100644
--- a/website/content/api-docs/agent/check.mdx
+++ b/website/content/api-docs/agent/check.mdx
@@ -239,6 +239,10 @@ The table below shows this endpoint's support for
   made to both addresses, and the first successful connection attempt will
   result in a successful check.
 
+- `TCPUseTLS` `(bool: false)` - Specifies whether to use TLS for this `TCP` health check.
+  If TLS is enabled, then by default, a valid TLS certificate is expected. Certificate
+  verification can be turned off by setting `TLSSkipVerify` to `true`.
+
 - `UDP` `(string: "")` - Specifies a `UDP` IP address/hostname and port.
 The check sends datagrams to the value specified at the interval specified in the `Interval` configuration.
 If the datagram is sent successfully or a timeout is returned, the check is set to the `passing` state.
diff --git a/website/content/api-docs/catalog.mdx b/website/content/api-docs/catalog.mdx
index b60759465f4a..c7f715849ccf 100644
--- a/website/content/api-docs/catalog.mdx
+++ b/website/content/api-docs/catalog.mdx
@@ -55,7 +55,7 @@ The table below shows this endpoint's support for
 - `NodeMeta` `(map<string|string>: nil)` - Specifies arbitrary KV metadata
   pairs for filtering purposes.
 
-- `Service` `(Service: nil)` - Contains an object the specifies the service to register. The `Service.Service` field is required. If `Service.ID` is not provided, the default is the `Service.Service`.
+- `Service` `(Service: nil)` - Contains an object the specifies the service to register. The the `Service.Service` field is required. If `Service.ID` is not provided, the default is the `Service.Service`.
   You can only specify one service with a given `ID` per node. We recommend using
   valid DNS labels for service definition names. Refer to the Internet Engineering Task Force's [RFC 1123](https://datatracker.ietf.org/doc/html/rfc1123#page-72) for additional information. Service names that conform to standard usage ensures compatibility with external DNSs. Refer to [Services Configuration Reference](/consul/docs/services/configuration/services-configuration-reference#name) for additional information.
   The following fields are optional: 
diff --git a/website/content/api-docs/status.mdx b/website/content/api-docs/status.mdx
index 2eb466b97fb5..1a14e5d4fcac 100644
--- a/website/content/api-docs/status.mdx
+++ b/website/content/api-docs/status.mdx
@@ -51,7 +51,7 @@ $ curl http://127.0.0.1:8500/v1/status/leader
 
 ## List Raft Peers
 
-This endpoint retrieves the Raft peers for the datacenter in which the agent
+This endpoint retrieves the Raft peers for the datacenter in which the the agent
 is running. This list of peers is strongly consistent and can be useful in
 determining when a given server has successfully joined the cluster.
 
diff --git a/website/content/commands/connect/envoy.mdx b/website/content/commands/connect/envoy.mdx
index e86e3d4291c2..bb2cc5d77e81 100644
--- a/website/content/commands/connect/envoy.mdx
+++ b/website/content/commands/connect/envoy.mdx
@@ -342,7 +342,7 @@ immediately unlinks it so it can't be read by any other process that doesn't
 already have the file descriptor. It then writes the bootstrap JSON, and unsets
 the CLOEXEC bit on the file handle so that it remains available to the Envoy
 process after exec. Finally it `exec`s Envoy with `--config-file /dev/fd/X`
-where `X` is the file descriptor number of the temp file.
+where `X` is the the file descriptor number of the temp file.
 
 This ensures that Envoy can read the file without any other normal user process
 being able to (assuming they don't have privileged access to /proc). Once the
diff --git a/website/content/commands/debug.mdx b/website/content/commands/debug.mdx
index 0473c32cc8cf..bebbe955a294 100644
--- a/website/content/commands/debug.mdx
+++ b/website/content/commands/debug.mdx
@@ -80,13 +80,13 @@ information when `debug` is running. By default, it captures all information.
 | `members` | A list of all the WAN and LAN members in the cluster.                                                                                                                                                                                                                                                                                                                                                                     |
 | `metrics` | Metrics from the in-memory metrics endpoint in the target, captured at the interval.                                                                                                                                                                                                                                                                                                                                      |
 | `logs`    | `TRACE` level logs for the target agent, captured for the duration.                                                                                                                                                                                                                                                                                                                                                       |
-| `pprof`   | Golang heap, CPU, goroutine, and trace profiling. CPU and traces are captured for `duration` in a single file while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/consul/docs/agent/config/config-files#enable_debug) is set to `true` on the target agent or ACLs are enabled and an ACL token with `operator:read` is provided. |
+| `pprof`   | Golang heap, CPU, goroutine, and trace profiling. CPU and traces are captured for `duration` in a single file while heap and goroutine are separate snapshots for each `interval`. This information is not retrieved unless [`enable_debug`](/consul/docs/agent/config/config-files#enable_debug) is set to `true` on the target agent or ACLs are enable and an ACL token with `operator:read` is provided. |
 
 ## Examples
 
 This command can be run from any host with the Consul binary, but requires
 network access to the target agent in order to retrieve data. Once retrieved,
-the data is written to the specified path (defaulting to the current
+the data is written to the the specified path (defaulting to the current
 directory) on the host where the command runs.
 
 By default the command will capture all available data from the default
diff --git a/website/content/commands/snapshot/agent.mdx b/website/content/commands/snapshot/agent.mdx
index 541a4708645f..9f7c5d1d50eb 100644
--- a/website/content/commands/snapshot/agent.mdx
+++ b/website/content/commands/snapshot/agent.mdx
@@ -339,7 +339,7 @@ no `aws-s3-static-snapshot-name` configured.
 | `ListBucket`         | `arn:aws:s3:::<bucket name>`       | Required only when snapshot rotation is enabled |
 | `ListBucketVersions` | `arn:aws:s3:::<bucket name>`       | Required only when snapshot rotation is enabled |
 
-Within the table `<key>` refers to the key used to store the snapshot. When `aws-s3-static-snapshot-name` is configured the `<key>` is simply the value of that configuration. Otherwise the `<key>` will be the `<aws-s3-key-prefix configuration>/consul-*.snap`.
+Within the table `<key>` refers to the the key used to store the snapshot. When `aws-s3-static-snapshot-name` is configured the `<key>` is simply the value of that configuration. Otherwise the `<key>` will be the `<aws-s3-key-prefix configuration>/consul-*.snap`.
 
 The following example IAM policy document assumes that the `aws-s3-bucket` is `consul-data` with defaults for `aws-s3-key-prefix`, `aws-s3-static-snapshot-name` and `retain`:
 
diff --git a/website/content/commands/snapshot/save.mdx b/website/content/commands/snapshot/save.mdx
index 18ffc50150ab..cf77cd48a695 100644
--- a/website/content/commands/snapshot/save.mdx
+++ b/website/content/commands/snapshot/save.mdx
@@ -49,6 +49,10 @@ Usage: `consul snapshot save [options] FILE`
 
 @include 'http_api_options_server.mdx'
 
+- `-append-filename=<value>` - Value can be - version,dc,node,status
+Adds consul version, datacenter name, node name, and status (leader/follower)
+to the file name before the extension separated by `-`
+
 ## Examples
 
 To create a snapshot from the leader server and save it to "backup.snap":
@@ -77,5 +81,16 @@ This is useful for situations where a cluster is in a degraded state and no
 leader is available. To target a specific server for a snapshot, you can run
 the `consul snapshot save` command on that specific server.
 
+To create snapshot file with consul version and datacenter run
+
+```shell-session
+$ consul snapshot save -append-filename version,dc backup.snap
+#...
+```
+
+File name created will be like backup-%CONSUL_VERSION%-%DC_NAME%.snap
+example - backup-1.17.0-dc1-local-machine-leader.tgz
+Note Version is always the leader's consul version
+
 Please see the [HTTP API](/consul/api-docs/snapshot) documentation for
 more details about snapshot internals.
diff --git a/website/content/commands/watch.mdx b/website/content/commands/watch.mdx
index 806864dae953..da32cdefdc4d 100644
--- a/website/content/commands/watch.mdx
+++ b/website/content/commands/watch.mdx
@@ -53,11 +53,6 @@ or optionally provided. There is more documentation on watch
 - `-type` - Watch type. Required, one of "`key`, `keyprefix`, `services`,
   `nodes`, `service`, `checks`, or `event`.
 
-- `-filter=<filter>` - Expression to use for filtering the results. Optional for
-  `checks` `nodes`, `services`, and `service` type.
-  See the [`/catalog/nodes` API documentation](/consul/api-docs/catalog#filtering) for a
-  description of what is filterable.
-
 #### API Options
 
 @include 'http_api_options_client.mdx'
diff --git a/website/content/docs/agent/config/cli-flags.mdx b/website/content/docs/agent/config/cli-flags.mdx
index cf83e7ef6450..82d44d02528b 100644
--- a/website/content/docs/agent/config/cli-flags.mdx
+++ b/website/content/docs/agent/config/cli-flags.mdx
@@ -273,7 +273,7 @@ information.
 
 - `-config-dir` ((#\_config_dir)) - A directory of configuration files to
   load. Consul will load all files in this directory with the suffix ".json" or ".hcl".
-  The load order is alphabetical, and the same merge routine is used as with
+  The load order is alphabetical, and the the same merge routine is used as with
   the [`config-file`](#_config_file) option above. This option can be specified multiple
   times to load multiple directories. Sub-directories of the config directory are
   not loaded. For more information on the format of the configuration files, see
diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx
index 68a5fcbbcef5..a2ca9083b89a 100644
--- a/website/content/docs/agent/config/config-files.mdx
+++ b/website/content/docs/agent/config/config-files.mdx
@@ -472,7 +472,8 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
   that match a registering service instance. If it finds any, the agent will merge the centralized defaults with the service instance configuration. This allows for things like service protocol or proxy configuration to be defined centrally and inherited by any affected service registrations.
   This defaults to `false` in versions of Consul prior to 1.9.0, and defaults to `true` in Consul 1.9.0 and later.
 
-- `enable_debug` (boolean, default is `false`): When set to `true`, enables Consul to report additional debugging information, including runtime profiling (`pprof`) data. This setting is only required for clusters without ACL [enabled](#acl_enabled). If you change this setting, you must restart the agent for the change to take effect.
+- `enable_debug` When set, enables some additional debugging features. Currently, this is only used to
+  access runtime profiling HTTP endpoints, which are available with an `operator:read` ACL regardless of the value of `enable_debug`.
 
 - `enable_script_checks` Equivalent to the [`-enable-script-checks` command-line flag](/consul/docs/agent/config/cli-flags#_enable_script_checks).
 
@@ -949,7 +950,7 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
       `service:write` permissions for service "B", the agent will successfully register service "A"
       and fail to register service "B". Failed registration requests are eventually retried as part
       of [anti-entropy enforcement](/consul/docs/architecture/anti-entropy). If a registration request is
-      failing due to missing permissions, the token for this agent can be updated with
+      failing due to missing permissions, the the token for this agent can be updated with
       additional policy rules or the `config_file_service_registration` token can be replaced using
       the [Set Agent Token](/consul/commands/acl/set-agent-token) CLI command.
 
@@ -2095,12 +2096,6 @@ specially crafted certificate signed by the CA can be used to gain full access t
       * `TLSv1_2` (default)
       * `TLSv1_3`
 
-    - `verify_server_hostname` ((#tls_internal_rpc_verify_server_hostname)) When
-      set to true, Consul verifies the TLS certificate presented by the servers
-      match the hostname `server.<datacenter>.<domain>`. By default this is false,
-      and Consul does not verify the hostname of the certificate, only that it
-      is signed by a trusted CA.
-
       **WARNING: TLS 1.1 and lower are generally considered less secure and
       should not be used if possible.**
 
@@ -2208,7 +2203,7 @@ specially crafted certificate signed by the CA can be used to gain full access t
       only way to enforce that no client can communicate with a server unencrypted
       is to also enable `verify_incoming` which requires client certificates too.
 
-    - `verify_server_hostname` Overrides [tls.defaults.verify_server_hostname](#tls_defaults_verify_server_hostname). When
+    - `verify_server_hostname` ((#tls_internal_rpc_verify_server_hostname)) When
       set to true, Consul verifies the TLS certificate presented by the servers
       match the hostname `server.<datacenter>.<domain>`. By default this is false,
       and Consul does not verify the hostname of the certificate, only that it
@@ -2292,6 +2287,9 @@ tls {
     ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
     verify_incoming = true
     verify_outgoing = true
+  }
+
+  internal_rpc {
     verify_server_hostname = true
   }
 }
@@ -2320,7 +2318,9 @@ tls {
       "cert_file": "/etc/pki/tls/certs/my.crt",
       "ca_file": "/etc/pki/tls/certs/ca-bundle.crt",
       "verify_incoming": true,
-      "verify_outgoing": true,
+      "verify_outgoing": true
+    },
+    "internal_rpc": {
       "verify_server_hostname": true
     }
   }
diff --git a/website/content/docs/agent/index.mdx b/website/content/docs/agent/index.mdx
index b5a06b39e640..ec68e0a1ce1f 100644
--- a/website/content/docs/agent/index.mdx
+++ b/website/content/docs/agent/index.mdx
@@ -276,6 +276,9 @@ tls {
     ca_file = "/consul/config/certs/consul-agent-ca.pem"
     cert_file = "/consul/config/certs/dc1-server-consul-0.pem"
     key_file = "/consul/config/certs/dc1-server-consul-0-key.pem"
+  }
+
+  internal_rpc {
     verify_server_hostname = true
   }
 }
diff --git a/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx b/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
index 530ad7b26a7b..51108221a391 100644
--- a/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
+++ b/website/content/docs/agent/limits/usage/limit-request-rates-from-ips.mdx
@@ -6,11 +6,11 @@ description: Learn how to set read and request rate limits on RPC and gRPC traff
 
 # Limit traffic rates from source IP addresses
 
-This topic describes how to configure RPC and gRPC traffic rate limits for source IP addresses. This enables you to specify a budget for read and write requests to prevent any single source IP from overwhelming the Consul server and negatively affecting the network. For information about setting global traffic rate limits, refer to [Set a global limit on traffic rates](/consul/docs/agent/limits/usage/set-global-traffic-rate-limits). For an overview of Consul's server rate limiting capabilities, refer to [Limit traffic rates overview](/consul/docs/agent/limits).
+This topic describes how to configure RPC and gRPC traffic rate limits for source IP addresses. This enables you to specify a budget for read and write requests to prevent any single source IP from overwhelming the Consul server and negatively affecting the network. For information about setting global traffic rate limits, refer to [Set a global limit on traffic rates](/consul/docs/agent/limits/usage/set-global-traffic-rate-limits). For an overview of Consul's server rate limiting capabilities, refer to [Limit traffic rates overview](/consul/docs/agent/limits). 
 
 <EnterpriseAlert>
 
-This feature requires Consul Enterprise. Refer to the [feature compatibility matrix](/consul/docs/enterprise#consul-enterprise-feature-availability) for additional information.
+This feature requires Consul Enterprise. Refer to the [feature compatibility matrix](/consul/docs/v1.16.x/enterprise#consul-enterprise-feature-availability) for additional information.
 
 </EnterpriseAlert>
 
@@ -69,4 +69,4 @@ $ kubectl apply control-plane-request-limit.yaml
 
 ## Disable request rate limits
 
-Set the [limits.request_limits.mode](/consul/docs/agent/config/config-files#mode-1) in the agent configuration to `disabled` to allow services to exceed the specified read and write requests limits. The `disabled` mode applies to all request rate limits, even limits specified in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit).  Note that any other mode specified in the agent configuration only applies to global traffic rate limits.
+Set the [`limits.request_limits.mode`](/consul/docs/agent/config/config-files#mode-1) in the agent configuration to `disabled` to allow services to exceed the specified read and write requests limits. The `disabled` mode applies to all request rate limits, even limits specifed in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit). Note that any other mode specified in the agent configuration only applies to global traffic rate limits.  
diff --git a/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx b/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
index c0afeec9010e..53185bc7c8c5 100644
--- a/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
+++ b/website/content/docs/agent/limits/usage/set-global-traffic-rate-limits.mdx
@@ -59,4 +59,4 @@ You should continue to monitor request traffic to ensure that request rates rema
 
 ## Disable request rate limits
 
-Set the [`limits.request_limits.mode`](/consul/docs/agent/config/config-files#mode-1) to `disabled` to allow services to exceed the specified read and write requests limits, even limits specified in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit). Note that any other mode specified in the agent configuration only applies to global traffic rate limits.
+Set the [`limits.request_limits.mode`](/consul/docs/agent/config/config-files#mode-1) to `disabled` to allow services to exceed the specified read and write requests limits, even limits specified in the [control plane request limits configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit). Note that any other mode specified in the agent configuration only applies to global traffic rate limits. 
diff --git a/website/content/docs/agent/rpc.mdx b/website/content/docs/agent/rpc.mdx
new file mode 100644
index 000000000000..bdff4a05fc5e
--- /dev/null
+++ b/website/content/docs/agent/rpc.mdx
@@ -0,0 +1,260 @@
+---
+layout: docs
+page_title: Legacy RPC Protocol
+description: >-
+  Consul agents originally could be controlled through the RPC protocol. This feature was deprecated in version 0.8 in favor of the HTTP API. Learn about agent RPC interactions and how they worked.
+---
+
+# RPC Protocol
+
+~> The RPC Protocol is deprecated and support was removed in Consul
+0.8. Please use the [HTTP API](/consul/api-docs), which has
+support for all features of the RPC Protocol.
+
+The Consul agent provides a complete RPC mechanism that can
+be used to control the agent programmatically. This RPC
+mechanism is the same one used by the CLI but can be
+used by other applications to easily leverage the power
+of Consul without directly embedding.
+
+It is important to note that the RPC protocol does not support
+all the same operations as the [HTTP API](/consul/api-docs).
+
+## Implementation Details
+
+The RPC protocol is implemented using [MsgPack](http://msgpack.org/)
+over TCP. This choice was driven by the fact that all operating
+systems support TCP, and MsgPack provides a fast serialization format
+that is broadly available across languages.
+
+All RPC requests have a request header, and some requests have
+a request body. The request header looks like:
+
+```javascript
+{
+  "Command": "Handshake",
+  "Seq": 0
+}
+```
+
+All responses have a response header, and some may contain
+a response body. The response header looks like:
+
+```javascript
+{
+  "Seq": 0,
+  "Error": ""
+}
+```
+
+The `Command` in the request is used to specify what command the server should
+run, and the `Seq` is used to track the request. Responses are
+tagged with the same `Seq` as the request. This allows for some
+concurrency on the server side as requests are not purely FIFO.
+Thus, the `Seq` value should not be re-used between commands.
+All responses may be accompanied by an error.
+
+Possible commands include:
+
+- handshake - Initializes the connection and sets the version
+- force-leave - Removes a failed node from the cluster
+- join - Requests Consul join another node
+- members-lan - Returns the list of LAN members
+- members-wan - Returns the list of WAN members
+- monitor - Starts streaming logs over the connection
+- stop - Stops streaming logs
+- leave - Instructs the Consul agent to perform a graceful leave and shutdown
+- stats - Provides various debugging statistics
+- reload - Triggers a configuration reload
+
+Each command is documented below along with any request or
+response body that is applicable.
+
+### handshake
+
+This command is used to initialize an RPC connection. As it informs
+the server which version the client is using, handshake MUST be the
+first command sent.
+
+The request header must be followed by a handshake body, like:
+
+```javascript
+{
+  "Version": 1
+}
+```
+
+The body specifies the IPC version being used; however, only version
+1 is currently supported. This is to ensure backwards compatibility
+in the future.
+
+There is no special response body, but the client should wait for the
+response and check for an error.
+
+### force-leave
+
+This command is used to remove failed nodes from a cluster. It takes
+the following body:
+
+```javascript
+{
+  "Node": "failed-node-name"
+}
+```
+
+There is no special response body.
+
+### join
+
+This command is used to join an existing cluster using one or more known nodes.
+It takes the following body:
+
+```javascript
+{
+  "Existing": [
+    "192.168.0.1:6000",
+    "192.168.0.2:6000"
+  ],
+  "WAN": false
+}
+```
+
+The `Existing` nodes are each contacted, and `WAN` controls if we are adding a
+WAN member or LAN member. LAN members are expected to be in the same datacenter
+and should be accessible at relatively low latencies. WAN members are expected to
+be operating in different datacenters with relatively high access latencies. It is
+important that only agents running in "server" mode are able to join nodes over the
+WAN.
+
+The response contains both a header and body. The body looks like:
+
+```javascript
+{
+  "Num": 2
+}
+```
+
+'Num' indicates the number of nodes successfully joined.
+
+### members-lan
+
+This command is used to return all the known LAN members and associated
+information. All agents will respond to this command.
+
+There is no request body, but the response looks like:
+
+```javascript
+{
+  "Members": [
+    {
+      "Name": "TestNode"
+      "Addr": [127, 0, 0, 1],
+      "Port": 5000,
+      "Tags": {
+        "role": "test"
+      },
+      "Status": "alive",
+      "ProtocolMin": 0,
+      "ProtocolMax": 3,
+      "ProtocolCur": 2,
+      "DelegateMin": 0,
+      "DelegateMax": 1,
+      "DelegateCur": 1,
+    },
+  ...
+  ]
+}
+```
+
+### members-wan
+
+This command is used to return all the known WAN members and associated
+information. Only agents in server mode will respond to this command.
+
+There is no request body, and the response is the same as `members-lan`
+
+### monitor
+
+The monitor command subscribes the channel to log messages from the Agent.
+
+The request looks like:
+
+```javascript
+{
+  "LogLevel": "DEBUG"
+}
+```
+
+This subscribes the client to all messages of at least DEBUG level.
+
+The server will respond with a standard response header indicating if the monitor
+was successful. If so, any future logs will be sent and tagged with
+the same `Seq` as in the `monitor` request.
+
+Assume we issued the previous monitor command with `"Seq": 50`. We may start
+getting messages like:
+
+```javascript
+{
+  "Seq": 50,
+  "Error": ""
+}
+
+{
+  "Log": "2013/12/03 13:06:53 [INFO] agent: Received event: member-join"
+}
+```
+
+It is important to realize that these messages are sent asynchronously
+and not in response to any command. If a client is streaming
+commands, there may be logs streamed while a client is waiting for a
+response to a command. This is why the `Seq` must be used to pair requests
+with their corresponding responses.
+
+The client can only be subscribed to at most a single monitor instance.
+To stop streaming, the `stop` command is used.
+
+### stop
+
+This command stops a monitor.
+
+The request looks like:
+
+```javascript
+{
+  "Stop": 50
+}
+```
+
+This unsubscribes the client from the monitor with `Seq` value of 50.
+
+There is no response body.
+
+### leave
+
+This command is used to trigger a graceful leave and shutdown.
+There is no request body or response body.
+
+### stats
+
+This command provides debug information. There is no request body, and the
+response body looks like:
+
+```javascript
+{
+  "agent": {
+    "check_monitors": 0,
+    ...
+  },
+  "consul: {
+    "server": "true",
+    ...
+  },
+  ...
+}
+```
+
+### reload
+
+This command is used to trigger a reload of configurations.
+There is no request body or response body.
diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx
index d561e6b06883..a1ab4969ceed 100644
--- a/website/content/docs/agent/telemetry.mdx
+++ b/website/content/docs/agent/telemetry.mdx
@@ -566,7 +566,7 @@ These metrics are used to monitor the health of the Consul servers.
 | `consul.rpc.raft_handoff`                           | Increments when a server accepts a Raft-related RPC connection.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | connections                       | counter |
 | `consul.rpc.request`                                | Increments when a server receives a Consul-related RPC request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | requests                          | counter |
 | `consul.rpc.request_error`                          | Increments when a server returns an error from an RPC request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | errors                            | counter |
-| `consul.rpc.query`                                  | Increments when a server receives a read RPC request, indicating the rate of new read queries. See consul.rpc.queries_blocking for the current number of in-flight blocking RPC calls. This metric changed in 1.7.0 to only increment on the start of a query. The rate of queries will appear lower, but is more accurate.                                                                                                                                                                                                                                                                                                                                                                                                                        | queries                           | counter |
+| `consul.rpc.query`                                  | Increments when a server receives a read RPC request, indicating the rate of new read queries. See consul.rpc.queries_blocking for the current number of in-flight blocking RPC calls. This metric changed in 1.7.0 to only increment on the the start of a query. The rate of queries will appear lower, but is more accurate.                                                                                                                                                                                                                                                                                                                                                                                                                    | queries                           | counter |
 | `consul.rpc.queries_blocking`                       | The current number of in-flight blocking queries the server is handling.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | queries                           | gauge   |
 | `consul.rpc.cross-dc`                               | Increments when a server sends a (potentially blocking) cross datacenter RPC query.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | queries                           | counter |
 | `consul.rpc.consistentRead`                         | Measures the time spent confirming that a consistent read can be performed.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | ms                                | timer   |
@@ -603,7 +603,7 @@ Label based RPC metrics were added in Consul 1.12.0 as a Beta feature to better
 
 ### Labels
 
-The server workload metrics above come with the following labels:
+The the server workload metrics above come with the following labels:
 
 | Label Name                            | Description                                                          | Possible values                         |
 | ------------------------------------- | -------------------------------------------------------------------- | --------------------------------------- |
diff --git a/website/content/docs/api-gateway/configuration/routes.mdx b/website/content/docs/api-gateway/configuration/routes.mdx
index 57c111a72221..973ebed0251b 100644
--- a/website/content/docs/api-gateway/configuration/routes.mdx
+++ b/website/content/docs/api-gateway/configuration/routes.mdx
@@ -210,7 +210,7 @@ The following table describes the parameters for `path`:
 | Parameter | Description | Type | Required |
 | ---       | ---         | ---  | ---      |
 | `replacePrefixMatch` | Specifies a value that replaces the path prefix for incoming HTTP requests. The operation only affects the path prefix. The rest of the path is unchanged. | String | Required |
-| `type` | Specifies the type of replacement to use for the URL path. You can specify the following values: <ul><li>`ReplacePrefixMatch`: Replaces the matched prefix of the URL path (default). </li></ul> | String | Optional |
+| `type` | Specifies the type of replacement to use for the URL path. You can specify the following values: <ul><li>`ReplacePrefixMatch`: Replaces the the matched prefix of the URL path (default). </li></ul> | String | Optional |
 
 ### rules.matches
 
diff --git a/website/content/docs/api-gateway/tech-specs.mdx b/website/content/docs/api-gateway/tech-specs.mdx
index 21763f1b04ad..22fa8d30b5dd 100644
--- a/website/content/docs/api-gateway/tech-specs.mdx
+++ b/website/content/docs/api-gateway/tech-specs.mdx
@@ -63,7 +63,7 @@ The following resources are allocated for each component of the API gateway.
 ### Gateway controller pod
 
 - **CPU**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
-- **Memory**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
+- **Memory**: None. Either the the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
 
 ### Gateway instance pod
 
diff --git a/website/content/docs/connect/ca/index.mdx b/website/content/docs/connect/ca/index.mdx
index c49e07516fae..13cc56c72d35 100644
--- a/website/content/docs/connect/ca/index.mdx
+++ b/website/content/docs/connect/ca/index.mdx
@@ -21,7 +21,7 @@ support for using
 [Vault as a CA](/consul/docs/connect/ca/vault). With Vault, the root certificate
 and private key material remain with the Vault cluster.
 
-## CA and Certificate relationship
+### CA and Certificate relationship
 
 This diagram shows the relationship between the CA certificates in a Consul primary datacenter and a
 secondary Consul datacenter.
@@ -34,22 +34,9 @@ services.
 - the Leaf Cert Client Agent is created by auto-encrypt and auto-config. It is used by
 client agents for HTTP API TLS, and for mTLS for RPC requests to servers.
 
-Any secondary datacenters use their CA provider to generate an intermediate certificate
-signing request (CSR) to be signed by the primary root CA. They receive an intermediate
-CA certificate, which is used to sign leaf certificates in the secondary datacenter.
-
-You can use different providers across primary and secondary datacenters.
-For example, an operator may use a Vault CA provider for extra security in the primary
-datacenter but choose to use the built-in CA provider in the secondary datacenter, which
-may not have a reachable Vault cluster. The following table compares the built-in and Vault providers.
-
-## CA Provider Comparison
-
-|            | Consul built-in                    | Vault                                                                             |
-|------------|------------------------------------|-----------------------------------------------------------------------------------|
-| Security   | CA private keys are stored on disk | CA private keys are stored in Vault and are never exposed to Consul server agents |
-| Resiliency | No dependency on external systems. If Consul is available, it can sign certificates | Dependent on Vault availability  |
-| Latency    | Consul signs certificates locally  | A network call to Vault is required to sign certificates                          |
+Any secondary datacenters receive an intermediate certificate, signed by the Primary Root
+CA, which is used as the CA certificate to sign leaf certificates in the secondary
+datacenter.
 
 ## CA Bootstrapping
 
diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx
index a172a693a04d..49955ec672ba 100644
--- a/website/content/docs/connect/ca/vault.mdx
+++ b/website/content/docs/connect/ca/vault.mdx
@@ -7,27 +7,19 @@ description: >-
 
 # Vault as a Service Mesh Certificate Authority
 
-You can configure Consul to use [Vault](/vault) as the certificate authority (CA) so that Vault can manage and sign certificates distributed to services in the mesh.
-The Vault CA provider uses the [Vault PKI secrets engine](/vault/docs/secrets/pki) to generate and sign certificates.
+You can configure Consul to use [Vault](https://www.vaultproject.io/) as the certificate authority (CA) so that Vault can manage and sign certificates distributed to services in the mesh. 
+The Vault CA provider uses the [Vault PKI secrets engine](/vault/docs/secrets/pki) to generate and sign certificates. 
 This page describes how configure the Vault CA provider.
 
 > **Tutorial:** Complete the [Vault as Consul Service Mesh Certification Authority](/consul/tutorials/vault-secure/vault-pki-consul-connect-ca) tutorial for hands-on guidance on how to configure Vault as the Consul service mesh certification authority.
 
 ## Requirements
 
-- Vault 0.10.3 or higher
-
-~> **Compatibility note:** If you use Vault 1.11.0+ as Consul's service mesh CA, versions of Consul released before Dec 13, 2022 will develop an issue with Consul control plane or service mesh communication ([GH-15525](https://github.com/hashicorp/consul/pull/15525)). Use or upgrade to a [Consul version that includes the fix](https://support.hashicorp.com/hc/en-us/articles/11308460105491#01GMC24E6PPGXMRX8DMT4HZYTW) to avoid this problem.
-
-## Recommendations
-
 - Refer to [Service Mesh Certificate Authority Overview](/consul/docs/connect/ca) for important background information about how Consul manages certificates with configurable CA providers.
 
-- For best performance and resiliency, every datacenter should have a Vault cluster local to its Consul cluster.
+- Vault 0.10.3 to 1.10.x.
 
-- If your Consul datacenters are WAN-federated and the secondary datacenter uses Vault Enterprise
-  [performance secondaries](/vault/docs/enterprise/replication#performance-replication), we recommend
-  configuring [`local`](/vault/docs/enterprise/replication#local) mounts for their [`intermediate_pki_path`](/consul/docs/connect/ca/vault#intermediatepkipath).
+~> **Compatibility note:** If you use Vault 1.11.0+ as Consul's service mesh CA, versions of Consul released before Dec 13, 2022 will develop an issue with Consul control plane or service mesh communication ([GH-15525](https://github.com/hashicorp/consul/pull/15525)). Use or upgrade to a [Consul version that includes the fix](https://support.hashicorp.com/hc/en-us/articles/11308460105491#01GMC24E6PPGXMRX8DMT4HZYTW) to avoid this problem.
 
 ## Enable Vault as the CA
 
@@ -36,7 +28,7 @@ and including the required provider configuration options.
 You can provide the CA configuration in the server agents' configuration file
 or in the body of a `PUT` request to the
 [`/connect/ca/configuration`](/consul/api-docs/connect/ca#update-ca-configuration) API endpoint.
-Refer to the [Configuration Reference](#configuration-reference) for details about configuration options and for example use cases.
+Refer to the [Configuration Reference](#configuration-reference) for details about configuration options and for example use cases. 
 
 The following example shows the required configurations for a default implementation:
 
@@ -83,7 +75,7 @@ connect {
 You can specify the following configuration options.
 Note that a configuration option's name may differ between API calls and the agent configuration file.
 The first key refers to the option name for use in API calls.
-The key after the slash refers to the corresponding option name in the agent configuration file.
+The key after the slash refers to the corresponding option name in the agent configuration file. 
 
 - `Address` / `address` (`string: <required>`) - The address of the Vault
   server.
@@ -112,8 +104,7 @@ The key after the slash refers to the corresponding option name in the agent con
    Only the authentication related fields (for example, JWT's `path` and `role`) are supported. The optional management fields (for example: `remove_jwt_after_reading`) are not supported.
 
 - `RootPKIPath` / `root_pki_path` (`string: <required>`) - The path to
-  a PKI secrets engine for the root certificate. Required for primary
-  datacenters. Secondary datacenters do not use this path.
+  a PKI secrets engine for the root certificate.
 
   If the path does not
   exist, Consul will mount a new PKI secrets engine at the specified path with the
@@ -123,6 +114,9 @@ The key after the slash refers to the corresponding option name in the agent con
   the root certificate TTL was set to 8760 hour, or 1 year, and was not configurable.
   The root certificate will expire at the end of the specified period.
 
+  When WAN Federation is enabled, each secondary datacenter must use the same Vault cluster and share the same `root_pki_path`
+  with the primary datacenter.
+
   To use an intermediate certificate as the primary CA in Consul, initialize the
   `RootPKIPath` in Vault with a PEM bundle. The first certificate in the bundle
   must be the intermediate certificate that Consul will use as the primary CA.
@@ -139,10 +133,8 @@ The key after the slash refers to the corresponding option name in the agent con
   path does not exist, Consul will attempt to mount and configure this
   automatically.
 
-  When WAN federation is enabled, every secondary datacenter that shares a common Vault cluster
-  must specify a unique `intermediate_pki_path`. If a Vault cluster is not used by more than one Consul datacenter,
-  then you do not need to specify a unique value for the `intermediate_pki_path`. We still recommend using a
-  unique `intermediate_pki_path` for each datacenter, however, to improve operational and diagnostic clarity.
+  When WAN Federation is enabled, every secondary
+  datacenter must specify a unique `intermediate_pki_path`.
 
 - `IntermediatePKINamespace` / `intermediate_pki_namespace` (`string: <optional>`) - The absolute namespace
   that the `IntermediatePKIPath` is in. Setting this parameter overrides the `Namespace` option for the `IntermediatePKIPath`. Introduced in 1.12.3.
@@ -250,7 +242,7 @@ Then, attach the following Vault ACL policy to the CA provider's
   path "/<root_pki_path>/" {
     capabilities = [ "read" ]
   }
-
+  
   path "/<root_pki_path>/root/sign-intermediate" {
     capabilities = [ "update" ]
   }
@@ -276,7 +268,7 @@ Then, attach the following Vault ACL policy to the CA provider's
     capabilities = [ "read" ]
   }
   ```
-
+  
   </CodeBlockConfig>
 
 #### Define a policy for Consul-managed PKI paths ((#consul-managed-pki-paths))
@@ -337,7 +329,7 @@ Then, attach the following Vault ACL policy to the CA provider's
     capabilities = [ "read" ]
   }
   ```
-
+  
   </CodeBlockConfig>
 
 #### Additional Vault ACL policies for sensitive operations
@@ -348,7 +340,7 @@ following CA provider configuration changes:
 - Changing the `RootPKIPath`
 
 Those configuration modifications trigger a root CA change that requires an
-extremely privileged root cross-sign operation.
+extremely privileged root cross-sign operation. 
 For that operation to succeed, the CA provider's [Vault token](#token) or
 [auth method](#authmethod) must contain the following rule:
 
diff --git a/website/content/docs/connect/config-entries/control-plane-request-limit.mdx b/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
index 8eb00d66d112..3468a88bcea5 100644
--- a/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
+++ b/website/content/docs/connect/config-entries/control-plane-request-limit.mdx
@@ -10,7 +10,7 @@ This topic describes the configuration options for the `control-plane-request-li
 
 <EnterpriseAlert>
 
-This feature requires Consul Enterprise. Refer to the [feature compatibility matrix](/consul/docs/enterprise#consul-enterprise-feature-availability) for additional information.
+This feature requires Consul Enterprise. Refer to the [feature compatibility matrix](/consul/docs/v1.16.x/enterprise#consul-enterprise-feature-availability) for additional information.
 
 </EnterpriseAlert>
 
diff --git a/website/content/docs/connect/distributed-tracing.mdx b/website/content/docs/connect/distributed-tracing.mdx
index 363cded6f7ad..939cde52d5a5 100644
--- a/website/content/docs/connect/distributed-tracing.mdx
+++ b/website/content/docs/connect/distributed-tracing.mdx
@@ -214,7 +214,7 @@ config to take effect.
 
    ```yaml
    apiVersion: consul.hashicorp.com/v1alpha1
-   kind: ServiceDefaults
+   kind: ProxyDefaults
    metadata:
      name: service-name
    spec:
diff --git a/website/content/docs/connect/failover/index.mdx b/website/content/docs/connect/failover/index.mdx
index 022b6542a971..b00ee7968644 100644
--- a/website/content/docs/connect/failover/index.mdx
+++ b/website/content/docs/connect/failover/index.mdx
@@ -21,11 +21,9 @@ The following table compares these strategies in deployments with multiple datac
 | Failover Strategy | Supports WAN Federation | Supports Cluster Peering | Multi-Datacenter Failover Strength | Multi-Datacenter Usage Scenario |
 | :---------------: | :---------------------: | :----------------------: | :--------------------------------- | :------------------------------ |
 | `Failover` stanza | &#9989;                 | &#9989;                  | Enables more granular logic for failover targeting | Configuring failover for a single service or service subset, especially for testing or debugging purposes |
-| Prepared query    | &#9989;                 |   &#10060;               | Central policies that can automatically target the nearest datacenter | WAN-federated deployments where a primary datacenter is configured. |
+| Prepared query    | &#9989;                 |   &#10060;               | Central policies that can automatically target the nearest datacenter | WAN-federated deployments where a primary datacenter is configured. Prepared queries are not replicated over peer connections. |
 | Sameness groups   | &#10060;                | &#9989;                  | Group size changes without edits to existing member configurations | Cluster peering deployments with consistently named services and namespaces |
 
-Although cluster peering connections support the [`Failover` field of the prepared query request schema](/consul/api-docs/query#failover) when using Consul's service discovery features to [perform dynamic DNS queries](/consul/docs/services/discovery/dns-dynamic-lookups), they do not support prepared queries for service mesh failover scenarios.
-
 ### Failover configurations for a service mesh with a single datacenter
 
 You can implement a service resolver configuration entry and specify a pool of failover service instances that other services can exchange messages with when the primary service becomes unhealthy or unreachable. We recommend adopting this strategy as a minimum baseline when implementing Consul service mesh and layering additional failover strategies to build resilience into your application network. 
@@ -34,9 +32,9 @@ Refer to the [`Failover` configuration ](/consul/docs/connect/config-entries/ser
 
 ### Failover configuration for WAN-federated datacenters
 
-If your network has multiple Consul datacenters that are WAN-federated, you can configure your applications to look for failover services with prepared queries. [Prepared queries](/consul/api-docs/) are configurations that enable you to define complex service discovery lookups. This strategy hinges on the secondary datacenter containing service instances that have the same name and residing in the same namespace as their counterparts in the primary datacenter.
+If your network has multiple Consul datacenters that are WAN-federated, you can configure your applications to look for failover services with prepared queries. [Prepared queries](/consul/api-docs/) are configurations that enable you to define complex service discovery lookups. This strategy hinges on the secondary datacenter containing service instances that have the same name and residing in the same namespace as their counterparts in the primary datacenter. 
 
-Refer to the [Automate geo-failover with prepared queries tutorial](/consul/tutorials/developer-discovery/automate-geo-failover) for additional information.
+Refer to the [Automate geo-failover with prepared queries tutorial](/consul/tutorials/developer-discovery/automate-geo-failover) for additional information. 
 
 ### Failover configuration for peered clusters and partitions
 
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
index 477b889c23a1..2d3c48789a90 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/ext-authz.mdx
@@ -21,7 +21,6 @@ Click on a property name to view additional details, including default values.
 - [`Name`](#name): string | required | must be set to `builtin/ext-authz` 
 - [`Arguments`](#arguments): map | required
    - [`ProxyType`](#arguments-proxytype): string | required | `connect-proxy`
-   - [`ListenerType`](#arguments-listenertype): string | required | `inbound`
    - [`InsertOptions`](#arguments-insertoptions): map
       - [`Location`](#arguments-insertoptions-location): string
       - [FilterName](#arguments-insertoptions-filtername): string
@@ -238,18 +237,6 @@ Specifies the type of Envoy proxy that this extension applies to. The extension
 - This field is required.
 - Data type: String
 
-### `Arguments.ListenerType`
-
-Specifies the type of listener the extension applies to. The listener type is either `inbound` or `outbound`. If the listener type is set to `inbound`, Consul applies the extension so the external authorization is enabled when other services in the mesh send messages to the service attached to the proxy. If the listener type is set to `outbound`, Consul applies the extension so the external authorization is enabled when the attached proxy sends messages to other services in the mesh.
-
-#### Values
-
-- Default: `inbound`
-- This field is required.
-- Data type is one of the following string values:
-  - `inbound`
-  - `outbound`
-
 ### `Arguments.InsertOptions`
 
 Specifies options for defining the insertion point for the external authorization filter in the Envoy filter chain. By default, the external authorization filter is inserted as the first filter in the filter chain per the default setting for the [`Location`](#arguments-insertoptions-location) field. 
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/otel-access-logging.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/otel-access-logging.mdx
deleted file mode 100644
index 9cef3a563650..000000000000
--- a/website/content/docs/connect/proxies/envoy-extensions/configuration/otel-access-logging.mdx
+++ /dev/null
@@ -1,390 +0,0 @@
----
-layout: docs
-page_title: OpenTelemetry Access Logging extension configuration reference
-description: Learn how to configure the otel-access-logging Envoy extension, which is a builtin Consul extension that configures Envoy proxies to send access logs to OpenTelemetry collector service.
----
-
-# OpenTelemetry Access Logging extension configuration reference
-
-This topic describes how to configure the OpenTelemetry access logging Envoy extension, which configures Envoy proxies to send access logs to OpenTelemetry collector service. Refer to [Send access logs to OpenTelemetry collector service](/consul/docs/connect/proxies/envoy-extensions/usage/otel-access-logging) for usage information.
-
-## Configuration model
-
-The following list outlines the field hierarchy, data types, and requirements for the OpenTelemetry access logging configuration. Place the configuration inside the `EnvoyExtension.Arguments` field in the proxy defaults or service defaults configuration entry. Refer to the following documentation for additional information:
-
-- [`EnvoyExtensions` in proxy defaults](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions)
-- [`EnvoyExtensions` in service defaults](/consul/docs/connect/config-entries/service-defaults#envoyextensions)
-- [Envoy OpenTelemetry Access Logging Configuration documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/open_telemetry/v3/logs_service.proto#extensions-access-loggers-open-telemetry-v3-opentelemetryaccesslogconfig)
-
-Click on a property name to view additional details, including default values.
-
-- [`Name`](#name): string | required | must be set to `builtin/otel-access-logging` 
-- [`Arguments`](#arguments): map | required
-   - [`ProxyType`](#arguments-proxytype): string | required | `connect-proxy`
-   - [`ListenerType`](#arguments-listenertype): string | required | `inbound`
-   - [`Config`](#arguments-config): map | required
-      - [`LogName`](#arguments-config-logname): string
-      - [`GrpcService`](#arguments-config-grpcservice): map
-        - [`Target`](#arguments-config-grpcservice-target): map | required
-          - [`Service`](#arguments-config-grpcservice-target-service): map
-            - [`Name`](#arguments-config-grpcservice-target-service): string
-            - [`Namespace`](#arguments-config-grpcservice-target-service): string | <EnterpriseAlert inline/>
-            - [`Partition`](#arguments-config-grpcservice-target-service): string | <EnterpriseAlert inline/>
-          - [`URI`](#arguments-config-grpcservice-target-uri): string
-          - [`Timeout`](#arguments-config-grpcservice-target-timeout): string | `1s`
-        - [`Authority`](#arguments-config-grpcservice-authority): string
-        - [`InitialMetadata`](#arguments-config-grpcservice-initialmetadata): list
-          - [`Key`](#arguments-config-grpcservice-initialmetadata): string
-          - [`Value`](#arguments-config-grpcservice-initialmetadata): string
-      - [`BufferFlushInterval`](#arguments-config-bufferflushinterval): string
-      - [`BufferSizeBytes`](#arguments-config-buffersizebytes): number
-      - [`FilterStateObjectsToLog`](#arguments-config-filterstateobjectstolog): list of strings
-      - [`RetryPolicy`](#arguments-config-retrypolicy): map
-        - [`RetryBackOff`](#arguments-config-retrypolicy-retrybackoff): map
-          - [`BaseInterval`](#arguments-config-retrypolicy-retrybackoff): string | `1s`
-          - [`MaxInterval`](#arguments-config-retrypolicy-retrybackoff): string | `30s`
-        - [`NumRetries`](#arguments-config-retrypolicy-numretries): number
-      - [`Body`](#arguments-config-body): string, number, boolean or list of bytes
-      - [`Attributes`](#arguments-config-attributes): map of string to string, number, boolean or list of bytes
-      - [`ResourceAttributes`](#arguments-config-resourceattributes): map of string to string, number, boolean or list of bytes
-
-## Complete configuration
-
-When each field is defined, an `otel-access-logging` configuration has the following form:
-
-```hcl
-Name = "builtin/otel-access-logging" 
-Arguments = {
-   ProxyType = "connect-proxy"
-   ListenerType = "<inbound or outbound>"
-   Config = {
-      LogName = "<user-readable name of the access log>"
-      GrpcService = {
-        Target = {
-            Service = {
-              Name = "<upstream service to send gRPC authorization requests to>"
-              Namespace = "<namespace containing the upstream service>"
-              Partition = "<partition containing the upstream service>"
-            }
-            URI = "<URI of the upstream service>"   
-            Timeout = "1s"
-        }
-        Authority = "<authority header to send in the gRPC request>"     
-        InitialMetadata = [
-            "<Key>" : "<value>"
-        ]
-      }
-      BufferFlushInterval = "1s"
-      BufferSizeBytes = 16384
-      FilterStateObjectsToLog = [
-        "Additional filter state objects to log in filter_state_objects"
-      ]
-      RetryPolicy = {
-        RetryBackOff = {
-            BaseInterval = "1s"
-            MaxInterval = "30s"
-        }
-        NumRetries = <uint32 value specifying the max number of retries>
-      }
-      Body = "Log Request Body"
-      Attributes = {
-         "<Key>" : "<value>"
-      }
-      ResourceAttributes = {
-         "<Key>" : "<value>"
-      }
-```
-
-## Specification
-
-This section provides details about the fields you can configure for the OpenTelemetry Access Logging extension.
-### `Name`
-
-Specifies the name of the extension. Must be set to `builtin/otel-access-logging`.
-
-#### Values
-
-- Default: None
-- This field is required.
-- Data type: String value set to `builtin/otel-access-logging`.
-
-### `Arguments`
-
-Contains the global configuration for the extension.
-
-#### Values
-
-- Default: None
-- This field is required.
-- Data type: Map
-
-### `Arguments.ProxyType`
-
-Specifies the type of Envoy proxy that this extension applies to. The extension only applies to proxies that match this type and is ignored for all other proxy types. The only supported value is `connect-proxy`.
-
-#### Values
-
-- Default: `connect-proxy`
-- This field is required.
-- Data type: String
-
-### `Arguments.ListenerType`
-
-Specifies the type of listener the extension applies to. The listener type is either `inbound` or `outbound`. If the listener type is set to `inbound`, Consul applies the extension so the access logging is enabled when other services in the mesh send messages to the service attached to the proxy. If the listener type is set to `outbound`, Consul applies the extension so the access logging is enabled when the attached proxy sends messages to other services in the mesh.
-
-#### Values
-
-- Default: `inbound`
-- This field is required.
-- Data type is one of the following string values:
-  - `inbound`
-  - `outbound`
-
-### `Arguments.Config`
-
-Contains the configuration settings for the extension.
-
-#### Values
-
-- Default: None
-- This field is required.
-- Data type: Map
-
-### `Arguments.Config.LogName`
-
-Specifies the user-readable name of the access log to be returned in `StreamAccessLogsMessage.Identifier`. This allows the access log server to differentiate between different access logs coming from the same Envoy. If you leave it empty, it inherits the value from `ListenerType`.
-
-#### Values
-
-- Default: None
-- Data type: String
-
-### `Arguments.Config.GrpcService`
-
-Specifies the OpenTelemetry Access Logging configuration for gRPC requests.
-
-#### Values
-
-- Default: None
-- This field is required.
-- Data type: Map
-
-### `Arguments.Config.GrpcService.Target`
-
-Configuration for specifying the service to send gRPC access logging requests to. The `Target` field may contain the following fields:
-
-- [`Service`](#arguments-config-grpcservice-target-service) or [`Uri`](#arguments-config-grpcservice-target-uri)
-- [`Timeout`](#arguments-config-grpcservice-target-timeout)
-
-#### Values
-
-- Default: None
-- This field is required.
-- Data type: Map
-
-### `Arguments.Config.GrpcService.Target.Service`
-
-Specifies the upstream OpenTelemetry collector service. Configure this field when access logging requests are sent to an upstream service within the service mesh. The service must be configured as an upstream of the service that the filter is applied to.
-
-Configure either the `Service` field or the [`Uri`](#arguments-config-grpcservice-target-uri) field, but not both. 
- 
-#### Values
-
-- Default: None
-- This field or [`Uri`](#arguments-config-grpcservice-target-uri) is required.
-- Data type: Map
-
-The following table describes how to configure parameters for the `Service` field:
-
-| Parameter   | Description                                                                                          | Data type | Default   |
-| ----------- | ---------------------------------------------------------------------------------------------------- | --------- | --------- |
-| `Name`      | Specifies the name of the upstream service.                                                          | String    | None      |
-| `Namespace` | <EnterpriseAlert inline/> Specifies the Consul namespace that the upstream service belongs to.       | String    | `default` |
-| `Partition` | <EnterpriseAlert inline/> Specifies the Consul admin partition that the upstream service belongs to. | String    | `default` |
-
-### `Arguments.Config.GrpcService.Target.Uri`
-
-Specifies the URI of the OpenTelemetry collector service. Configure this field when you must provide an explicit URI to the OpenTelemetry collector service, such as cases in which the access logging service is running on the same host or pod. If set, the value of this field must be one of `localhost:<port>`, `127.0.0.1:<port>`, or `::1:<port>`.
-
-Configure either the `Uri` field or the [`Service`](#arguments-config-grpcservice-target-service) field, but not both. 
- 
-#### Values
-
-- Default: None
-- This field or [`Service`](#arguments-config-grpcservice-target-service) is required.
-- Data type: String
-
-### `Arguments.Config.GrpcService.Target.Timeout`
-
-Specifies the maximum duration that a response can take to arrive upon request.
- 
-#### Values
-
-- Default: `1s`
-- Data type: String
-
-### `Arguments.Config.GrpcService.Authority`
-
-Specifies the authority header to send in the gRPC request. If this field is not set, the authority field is set to the cluster name. This field does not override the SNI that Envoy sends to the OpenTelemetry collector service.
- 
-#### Values
-
-- Default: Cluster name
-- Data type: String
-
-### `Arguments.Config.GrpcService.InitialMetadata`
-
-Specifies additional metadata to include in streams initiated to the `GrpcService`. You can specify metadata for injecting additional ad-hoc authorization headers, for example, `x-foo-bar: baz-key`. For more information, including details on header value syntax, refer to the [Envoy documentation on custom request headers](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#config-http-conn-man-headers-custom-request-headers).
- 
-#### Values
-
-- Default: None
-- Data type: List of one or more key-value pairs:
-
-   - KEY: String
-   - VALUE: String
-
-### `Arguments.Config.BufferFlushInterval`
-
-Specifies an interval for flushing access logs to the gRPC stream. The logger flushes requests at the end of every interval or when the log reaches the batch size limit, whichever comes first.
-
-#### Values
-
-- Default: `1s`
-- Data type: String
-
-### `Arguments.Config.BufferSizeBytes`
-
-Specifies the soft size limit in bytes for the access log entries buffer. The logger buffers requests until it reaches this limit or every time the flush interval elapses, whichever comes first. Set this field to `0` to disable batching.
-
-#### Values
-
-- Default: `16384`
-- Data type: Integer
-
-### `Arguments.Config.FilterStateObjectsToLog`
-
-Specifies additional filter state objects to log in `filter_state_objects`. The logger calls `FilterState::Object::serializeAsProto` to serialize the filter state object.
-
-#### Values
-
-- Default: None
-- Data type: List of String
-
-### `Arguments.Config.RetryPolicy`
-
-Defines a policy for retrying requests to the upstream service when fetching the plugin data. The `RetryPolicy` field is a map containing the following parameters:
-
-- [`RetryBackoff`](#pluginconfig-vmconfig-code-remote-retrypolicy)
-- [`NumRetries`](#pluginconfig-vmconfig-code-remote-numretries)
-
-#### Values
-
-- Default: None
-- Data type: Map
-
-### `Arguments.Config.RetryPolicy.RetryBackOff`
-
-Specifies parameters that control retry backoff strategy. 
-
-#### Values
-
-- Default: None
-- Data type: Map
-
-The following table describes the fields you can specify in the `RetryBackOff` map:
-
-| Parameter      | Description                                                                                                                                                | Data type | Default |
-| -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | ------- |
-| `BaseInterval` | Specifies the base interval for determining the next backoff computation. Set a value greater than `0` and less than or equal to the `MaxInterval` value.  | String    | `1s`    |
-| `MaxInterval`  | Specifies the maximum interval between retries. Set the value greater than or equal to the `BaseInterval` value.                                           | String    | `10s`   |
-
-### `Arguments.Config.RetryPolicy.NumRetries`
-
-Specifies the number of times Envoy retries to fetch plugin data if the initial attempt is unsuccessful.
-
-#### Values
-
-- Default: `1`
-- Data type: Integer
-
-### `Arguments.Config.Body`
-
-Specifies OpenTelemetry [LogResource](https://github.com/open-telemetry/opentelemetry-proto/blob/main/opentelemetry/proto/logs/v1/logs.proto) fields, following [Envoy access logging formatting](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage). See ‘body’ in the LogResource proto for more details.
-
-#### Values
-
-- Default: None
-- Data type: String
-
-### `Arguments.Config.Attributes`
-
-Specifies `attributes` in the [LogResource](https://github.com/open-telemetry/opentelemetry-proto/blob/main/opentelemetry/proto/logs/v1/logs.proto). Refer to `attributes` in the LogResource proto for more details.
-
-#### Values
-
-- Default: None
-- Data type: Map
-
-### `Arguments.Config.ResourceAttributes`
-
-Specifies OpenTelemetry [Resource](https://github.com/open-telemetry/opentelemetry-proto/blob/main/opentelemetry/proto/logs/v1/logs.proto#L51) attributes are filled with Envoy node information.
-
-#### Values
-
-- Default: None
-- Data type: Map
-
-## Examples
-
-The following examples demonstrate common configuration patterns for specific use cases.
-
-### OpenTelemetry Access Logging requests to URI
-
-In the following example, a service defaults configuration entry contains an `otel-access-logging` configuration. The configuration allows the `api` service to make gRPC OpenTelemetry Access Logging requests to a service at `localhost:9191`:
-
-```hcl
-Kind = "service-defaults"
-Name = "api"
-EnvoyExtensions = [
-  {
-    Name = "builtin/otel-access-logging"
-    Arguments = {
-      ProxyType = "connect-proxy"
-      Config = {
-        GrpcService = {
-          Target = {
-              URI = "127.0.0.1:9191"
-          }
-        }
-      }
-    }
-  }
-]
-```
-  
-### Upstream OpenTelemetry Access Logging
-
-In the following example, a service defaults configuration entry contains an `otel-access-logging` configuration. The configuration allows the `api` service to make gRPC OpenTelemetry Access Logging requests to a service named `otel-collector`:
-
-```hcl
-Kind = "service-defaults"
-Name = "api"
-EnvoyExtensions = [
-  {
-    Name = "builtin/otel-access-logging"
-    Arguments = {
-      ProxyType = "connect-proxy"
-      Config = {
-        GrpcService = {
-          Target = {
-            Service = {
-              Name = "otel-collector"
-            }
-          }
-        }
-      }
-    }
-  }
-]
-```
diff --git a/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx b/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
index 41506025fddf..f4897493ef58 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/configuration/wasm.mdx
@@ -370,9 +370,9 @@ Specifies the configuration Envoy encodes as bytes and passes to the plugin duri
 
 ### `PluginConfig{}.VmConfig{}.EnvironmentVariables{}`
 
-Specifies environment variables for Envoy to inject into this VM so that they are available through WASI's `environ_get` and `environ_get_sizes` system calls.
+Specifies environment variables for Enovy to inject into this VM so that they are available through WASI's `environ_get` and `environ_get_sizes` system calls. 
 
-In most cases, WASI calls the functions implicitly in your language's standard library. As a result, you do not need to call them directly. You can also access environment variables as you would on native platforms.
+In most cases, WASI calls the functions implicitly in your language's standard library. As a result, you do not need to call them directly. You can also access environment variables as you would on native platforms. 
 
 Envoy rejects the configuration if there is a key space conflict.
 
diff --git a/website/content/docs/connect/proxies/envoy-extensions/index.mdx b/website/content/docs/connect/proxies/envoy-extensions/index.mdx
index 79f1dbb1f37d..8cea47b0ec6a 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/index.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/index.mdx
@@ -23,7 +23,6 @@ Envoy extensions enable additional service mesh functionality in Consul by chang
 - External authorization
 - Lua
 - Lambda
-- OpenTelemetry Access Logging
 - Property override
 - WebAssembly (Wasm)
 
@@ -39,10 +38,6 @@ The `lambda` Envoy extension enables services to make requests to AWS Lambda fun
 
 The `lua` Envoy extension enables HTTP Lua filters in your Consul Envoy proxies. It allows you to run Lua scripts during Envoy requests and responses from Consul-generated Envoy resources. Refer to the [Lua extension documentation](/consul/docs/connect/proxies/envoy-extensions/usage/lua) for more information.
 
-### OpenTelemetry Access Logging
-
-The `otel-access-logging` Envoy extension lets you configure Envoy proxies to send access logs to OpenTelemetry collector service. Refer to the [OpenTelemetry Access Logging extension documentation](/consul/docs/connect/proxies/envoy-extensions/usage/otel-access-logging) for more information.
-
 ### Property override
 
 The `property-override` extension lets you set and unset individual properties on the Envoy resources that Consul generates. Use the extension instead of [escape-hatch overrides](/consul/docs/connect/proxies/envoy#escape-hatch-overrides) to enable advanced Envoy configuration. Refer to the [property override documentation](/consul/docs/connect/proxies/envoy-extensions/usage/property-override) for more information.
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
index 76852e6c1c8c..afec572bee8a 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/ext-authz.mdx
@@ -138,6 +138,7 @@ $ consul config write api-auth-service-defaults.hcl
 
 ```shell-session
 $ consul config write api-auth-service-defaults.json
+
 ```
 
 </Tab>
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx
index 08fb6b05d0b4..da9e4c9b0f10 100644
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx
+++ b/website/content/docs/connect/proxies/envoy-extensions/usage/lua.mdx
@@ -42,17 +42,15 @@ The following example configures the Lua Envoy extension on every service by usi
 <CodeBlockConfig filename="lua-envoy-extension-proxy-defaults.hcl">
 
 ```hcl
-Kind = "proxy-defaults"
-Name = "global"
-Config {
-  protocol = "http"
-}
+Kind     = "proxy-defaults"
+Name     = "global"
+Protocol = "http"
 EnvoyExtensions {
   Name = "builtin/lua"
   Arguments = {
     ProxyType = "connect-proxy"
     Listener  = "inbound"
-    Script    = <<-EOF
+    Script    = <<-EOS
 function envoy_on_request(request_handle)
   meta = request_handle:streamInfo():dynamicMetadata()
   m = meta:get("consul")
@@ -61,7 +59,7 @@ function envoy_on_request(request_handle)
   request_handle:headers():add("x-consul-datacenter", m["datacenter"])
   request_handle:headers():add("x-consul-trust-domain", m["trust-domain"])
 end
- EOF
+EOS
   }
 }
 ```
diff --git a/website/content/docs/connect/proxies/envoy-extensions/usage/otel-access-logging.mdx b/website/content/docs/connect/proxies/envoy-extensions/usage/otel-access-logging.mdx
deleted file mode 100644
index 058f6dd9889f..000000000000
--- a/website/content/docs/connect/proxies/envoy-extensions/usage/otel-access-logging.mdx
+++ /dev/null
@@ -1,146 +0,0 @@
----
-layout: docs
-page_title: Send access logs to OpenTelemetry collector service
-description: Learn how to use the `otel-access-logging` Envoy extension to send access logs to OpenTelemetry collector service.
----
-
-# Send access logs to OpenTelemetry collector service
-
-This topic describes how to use the OpenTelemetry Access Logging Envoy extension to send access logs to OpenTelemetry collector service.
-
-## Workflow
-
-Complete the following steps to use the OpenTelemetry Access Logging extension:
-
-1. Configure an `EnvoyExtensions` block in a service defaults or proxy defaults configuration entry. 
-1. Apply the configuration entry.
-
-## Add the `EnvoyExtensions`
-
-Add Envoy extension configurations to a proxy defaults or service defaults configuration entry. Place the extension configuration in an `EnvoyExtensions` block in the configuration entry.
-
-- When you configure Envoy extensions on proxy defaults, they apply to every service.
-- When you configure Envoy extensions on service defaults, they apply to a specific service.
-
-Consul applies Envoy extensions configured in proxy defaults before it applies extensions in service defaults. As a result, the Envoy extension configuration in service defaults may override configurations in proxy defaults.
-
-The following example shows a service defaults configuration entry for the `api` service that directs the Envoy proxy to make gRPC OpenTelemetry Access Logging requests to the `otel-collector` service:
-
-<Tabs>
-<Tab heading="HCL" group="hcl">
-<CodeBlockConfig filename="api-otel-collector-service-defaults.hcl">
-
-```hcl
-Kind = "service-defaults"
-Name = "api"
-EnvoyExtensions = [
-  {
-    Name = "builtin/otel-access-logging"
-    Arguments = {
-      ProxyType = "connect-proxy"
-      Config = {
-        GrpcService = {
-          Target = {
-            Service = {
-              Name = "otel-collector"
-            }
-          }
-        }
-      }
-    }
-  }
-]
-```
-</CodeBlockConfig>
-</Tab>
-<Tab heading="JSON" group="json">
-<CodeBlockConfig filename="api-otel-collector-service-defaults.json">
-
-```json
-"Kind": "service-defaults",
-"Name": "api",
-"EnvoyExtensions": [{
-  "Name": "builtin/otel-access-logging",
-  "Arguments": {
-    "ProxyType": "connect-proxy",
-    "Config": {
-      "GrpcService": {
-        "Target": {
-          "Service": {
-            "Name": "otel-collector"
-          }
-        }
-      }
-    }
-  }
-}]
-```
-
-</CodeBlockConfig>
-</Tab>
-<Tab heading="Kubernetes" group="yaml">
-<CodeBlockConfig filename="api-otel-collector-service-defaults.yaml">
-
-```yaml
-apiVersion: consul.hashicorp.com/v1alpha1
-kind: ServiceDefaults
-metadata:
-  name: api
-  namespace: default
-spec:
-  envoyExtensions:
-  - name: builtin/otel-access-logging
-    arguments:
-      proxyType: connect-proxy
-      config:
-        grpcService:
-          target:
-            service:
-              name: otel-collector
-              namespace: otel-collector
-```
-</CodeBlockConfig>
-</Tab>
-</Tabs>
-
-Refer to the [OpenTelemetry Access Logging extension configuration reference](/consul/docs/connect/proxies/envoy-extensions/configuration/otel-access-logging) for details on how to configure the extension.
-
-Refer to the [proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) and [service defaults configuration entry reference](/consul/docs/connect/config-entries/service-defaults) for details on how to define the configuration entries.
-
-!> **Warning:** Adding Envoy extensions default proxy configurations may have unintended consequences. We recommend configuring `EnvoyExtensions` in service defaults configuration entries in most cases.
-
-### Unsupported Envoy configuration fields
-
-The following Envoy configurations are not supported:
-
-| Configuration           | Workaround                                                                                                                     |
-| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
-| `transport_api_version` | Consul only supports v3 of the transport API. As a result, there is no workaround for implementing the behavior of this field. |
-
-## Apply the configuration entry
-
-If your network is deployed to virtual machines, use the `consul config write` command and specify the proxy defaults or service defaults configuration entry to apply the configuration. For Kubernetes-orchestrated networks, use the `kubectl apply` command. The following example applies the extension in a proxy defaults configuration entry.
-
-<Tabs>
-<Tab heading="HCL" group="hcl">
-
-```shell-session
-$ consul config write api-otel-collector-service-defaults.hcl
-```
-
-</Tab>
-<Tab heading="JSON" group="json">
-
-```shell-session
-$ consul config write api-otel-collector-service-defaults.json
-```
-
-</Tab>
-<Tab heading="Kubernetes" group="kubernetes">
-
-```shell-session
-$ kubectl apply -f api-otel-collector-service-defaults.yaml
-```
-
-</Tab>
-</Tabs>
diff --git a/website/content/docs/consul-vs-other/service-mesh-compare.mdx b/website/content/docs/consul-vs-other/service-mesh-compare.mdx
index 1164336781ae..6519219ac71f 100644
--- a/website/content/docs/consul-vs-other/service-mesh-compare.mdx
+++ b/website/content/docs/consul-vs-other/service-mesh-compare.mdx
@@ -14,5 +14,5 @@ Consul’s service mesh allows organizations to securely connect and manage thei
 Consul is platform agnostic — it supports any runtime (Kubernetes, EKS, AKS, GKE, VMs, ECS, Lambda, Nomad) and any cloud provider (AWS, Microsoft Azure, GCP, private clouds). This makes it one of the most flexible service discovery and service mesh platforms. While other service mesh software provides support for multiple runtimes for the data plane, they require you to run the control plane solely on Kubernetes. With Consul, you can run both the control plane and data plane in different runtimes.
 
 Consul also has several unique integrations with Vault, an industry standard for secrets management. Operators have the option to use Consul’s built-in certificate authority, or leverage Vault’s PKI engine to generate and store TLS certificates for both the data plane and control plane. In addition, Consul can automatically rotate the TLS certificates on both the data plane and control plane without requiring any type of restarts. This lets you rotate the certificates more frequently without incurring additional management burden on operators.
-When deploying Consul on Kubernetes, you can store sensitive data including licenses, ACL tokens, and TLS certificates centrally in Vault instead of Kubernetes secrets. Vault is much more secure than Kubernetes secrets because it automatically encrypts all data, provides advanced access controls to secrets, and provides centralized governance for all secrets.
+When deploying Consul on Kubernetes, you can store sensitive data including licenses, ACL tokens, and TLS certificates centrally Vault instead of Kubernetes secrets. Vault is much more secure than Kubernetes secrets because it automatically encrypts all data, provides advanced access controls to secrets, and provides centralized governance for all secrets.
 
diff --git a/website/content/docs/dynamic-app-config/kv.mdx b/website/content/docs/dynamic-app-config/kv.mdx
index 982c7729380d..e581fb5dd771 100644
--- a/website/content/docs/dynamic-app-config/kv.mdx
+++ b/website/content/docs/dynamic-app-config/kv.mdx
@@ -37,7 +37,7 @@ To restrict access, enable and configure
 [ACLs](/consul/tutorials/security/access-control-setup-production).
 Once the ACL system has been bootstrapped, users and services, will need a
 valid token with KV [privileges](/consul/docs/security/acl/acl-rules#key-value-rules) to
-access the data store, this includes even reads. We recommend creating a
+access the the data store, this includes even reads. We recommend creating a
 token with limited privileges, for example, you could create a token with write
 privileges on one key for developers to update the value related to their
 application.
diff --git a/website/content/docs/dynamic-app-config/watches.mdx b/website/content/docs/dynamic-app-config/watches.mdx
index cb6ef644808f..64b52be358cc 100644
--- a/website/content/docs/dynamic-app-config/watches.mdx
+++ b/website/content/docs/dynamic-app-config/watches.mdx
@@ -535,6 +535,7 @@ An example of the output of this command:
           "TLSServerName": "",
           "TLSSkipVerify": false,
           "TCP": "",
+          "TCPUseTLS": false,
           "GRPC": "",
           "GRPCUseTLS": false
         },
diff --git a/website/content/docs/ecs/configuration-reference.mdx b/website/content/docs/ecs/configuration-reference.mdx
index fed887bc835d..8d2aedd7357e 100644
--- a/website/content/docs/ecs/configuration-reference.mdx
+++ b/website/content/docs/ecs/configuration-reference.mdx
@@ -189,9 +189,10 @@ Defines the Consul checks for the service. Each `check` object may contain the f
 | `status` | `string` | optional | Specifies the initial status the health check. Must be one of `passing`, `warning`, `critical`, `maintenance`, or `null`. |
 | `successBeforePassing` | `integer` | optional | Specifies the number of consecutive successful results required before check status transitions to passing.  |
 | `tcp` | `string` | optional | Specifies this is a TCP check. Must be an IP/hostname plus port to which a TCP connection is made every `interval`.  |
+| `tcpUseTls` | `boolean` | optional | Specifies whether to use TLS for this `TCP` health check. If TLS is enabled, then by default, a valid TLS certificate is expected. Certificate verification can be disabled by setting `TLSSkipVerify` to `true`.  |
 | `timeout` | `string` | optional | Specifies a timeout for outgoing connections. Applies to script, HTTP, TCP, UDP, and gRPC checks. Must be a duration string, such as `10s` or `5m`.  |
 | `tlsServerName` | `string` | optional | Specifies an optional string used to set the SNI host when connecting via TLS.  |
-| `tlsSkipVerify` | `boolean` | optional | Specifies if the certificate for an HTTPS check should not be verified.  |
+| `tlsSkipVerify` | `boolean` | optional | Specifies if the check should verify the chain and hostname of the certificate presented by the server being checked. Set to `true` to disable verification. We recommend setting to `false` for production use. Default is `false`. Supported check types: `HTTP`, `H2Ping`, `gRPC`, and `TCP`|
 | `ttl` | `string` | optional | Specifies this is a TTL check. Must be a duration string, such as `10s` or `5m`.  |
 | `udp` | `string` | optional | Specifies this is a UDP check. Must be an IP/hostname plus port to which UDP datagrams are sent every `interval`.  |
 
diff --git a/website/content/docs/ecs/manual/secure-configuration.mdx b/website/content/docs/ecs/manual/secure-configuration.mdx
index ec374670bc5d..1c1f8ede40dc 100644
--- a/website/content/docs/ecs/manual/secure-configuration.mdx
+++ b/website/content/docs/ecs/manual/secure-configuration.mdx
@@ -89,7 +89,7 @@ The following flags are required:
 | `-type`         | string  | Must be `aws-iam`.                                                                                                                |
 | `-name`         | string  | A name of your choice. Must be unique among all auth methods.                                                                     |
 | `-description`  | string  | A description of your choice.                                                                                                     |
-| `-config`       | string  | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the auth method.  |
+| `-config`       | string  | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the the auth method.  |
 
 In the `-config` option, the following fields are required:
 
@@ -177,7 +177,7 @@ The following flags are required:
 | `-type`         | string  | Must be `aws-iam`.                                                                                                                |
 | `-name`         | string  | A name of your choice. Must be unique among all auth methods.                                                                     |
 | `-description`  | string  | A description of your choice.                                                                                                     |
-| `-config`       | string  | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the auth method.  |
+| `-config`       | string  | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the the auth method.  |
 
 In the `-config` option, the following fields are required:
 
diff --git a/website/content/docs/enterprise/admin-partitions.mdx b/website/content/docs/enterprise/admin-partitions.mdx
index 023e38ee31e7..74f7d64f0186 100644
--- a/website/content/docs/enterprise/admin-partitions.mdx
+++ b/website/content/docs/enterprise/admin-partitions.mdx
@@ -53,7 +53,12 @@ Only resources in the `default` admin partition will be replicated to secondary
 
 ### DNS Queries
 
-Client agents will be configured to operate within a specific admin partition. The DNS interface will only return results for the admin partition within the scope of the client.
+When queried, the DNS interface returns results for a single admin partition.
+The query may explicitly specify the admin partition to use in the lookup.
+If you do not specify an admin partition in the query,
+the lookup uses the admin partition of the Consul agent that received the query.
+Server agents always exist within the `default` admin partition.
+Client agents are configured to operate within a specific admin partition.
 
 ### Service Mesh Configurations
 
diff --git a/website/content/docs/k8s/compatibility.mdx b/website/content/docs/k8s/compatibility.mdx
index 637e2ef05185..526474548426 100644
--- a/website/content/docs/k8s/compatibility.mdx
+++ b/website/content/docs/k8s/compatibility.mdx
@@ -23,7 +23,7 @@ Consul Kubernetes versions all of its components (`consul-k8s` CLI, `consul-k8s-
 
 As of Consul v1.14.0, Kubernetes deployments use [Consul Dataplane](/consul/docs/connect/dataplane) instead of client agents. If you upgrade Consul from a version that uses client agents to a version that uses dataplanes, you must follow specific steps to update your Helm chart and remove client agents from the existing deployment. Refer to [Upgrading to Consul Dataplane](/consul/docs/k8s/upgrade#upgrading-to-consul-dataplane) for more information.
 
-The v1.0.0 release of the Consul on Kubernetes Helm chart also introduced a change to the [`externalServers[].hosts` parameter](/consul/docs/k8s/helm#v-externalservers-hosts). Previously, you were able to enter a provider lookup as a string in this field. Now, you must include `exec=` at the start of a string containing a provider lookup. Otherwise, the string is treated as a DNS name. Refer to the [`go-netaddrs`](https://github.com/hashicorp/go-netaddrs) library and command line tool for more information.
+The v1.0.0 release of the Consul on Kubernetes Helm chart also introduced a change to the [`externalServers[].hosts` parameter](/consul/docs/k8s/helm#v-externalservers-hosts). Previously, you were able to enter a provider lookup as a string in this field. Now, you must include `exec=` at the start of a string containing a provider lookup. Otherwise, the string is treated as a DNS name. Refer to the [`go-netaddrs` library and command line tool](https://github.com/hashicorp/go-netaddrs) for more information.
 
 ## Supported Envoy versions
 
diff --git a/website/content/docs/k8s/connect/cluster-peering/usage/manage-peering.mdx b/website/content/docs/k8s/connect/cluster-peering/usage/manage-peering.mdx
index 42f8fc59832e..bc622fe15d38 100644
--- a/website/content/docs/k8s/connect/cluster-peering/usage/manage-peering.mdx
+++ b/website/content/docs/k8s/connect/cluster-peering/usage/manage-peering.mdx
@@ -100,7 +100,7 @@ To end a peering connection in Kubernetes deployments, delete both the `PeeringA
   $ kubectl --context $CLUSTER1_CONTEXT delete --filename acceptor.yaml
   ````
 
-To confirm that you deleted your peering connection in `cluster-01`, query the `/health` HTTP endpoint:
+To confirm that you deleted your peering connection in `cluster-01`, query the the `/health` HTTP endpoint:
 
 1. Exec into the server pod for the first cluster.
 
@@ -114,7 +114,7 @@ To confirm that you deleted your peering connection in `cluster-01`, query the `
   $ export CONSUL_HTTP_TOKEN=<INSERT BOOTSTRAP ACL TOKEN>
   ```
 
-1. Query the `/health` HTTP endpoint. Peered services with deleted connections should no longe appear.
+1. Query the the `/health` HTTP endpoint. Peered services with deleted connections should no longe appear.
 
   ```shell-session
   $ curl "localhost:8500/v1/health/connect/backend?peer=cluster-02"
diff --git a/website/content/docs/k8s/connect/index.mdx b/website/content/docs/k8s/connect/index.mdx
index 4b7def3609fd..393d509d5177 100644
--- a/website/content/docs/k8s/connect/index.mdx
+++ b/website/content/docs/k8s/connect/index.mdx
@@ -35,10 +35,10 @@ When transparent proxy mode is enabled, all service-to-service traffic is requir
 
 The following configurations are examples for registering workloads on Kubernetes into Consul's service mesh in different scenarios. Each scenario provides an example Kubernetes manifest to demonstrate how to use Consul's service mesh with a specific Kubernetes workload type.
 
-- [Kubernetes Pods running as a deployment](#kubernetes-pods-running-as-a-deployment)
-- [Connecting to mesh-enabled Services](#connecting-to-mesh-enabled-services)
-- [Kubernetes Jobs](#kubernetes-jobs)
-- [Kubernetes Pods with multiple ports](#kubernetes-pods-with-multiple-ports)
+ - [Kubernetes Pods running as a deployment](#kubernetes-pods-running-as-a-deployment)
+ - [Connecting to mesh-enabled Services](#connecting-to-mesh-enabled-services)
+ - [Kubernetes Jobs](#kubernetes-jobs)
+ - [Kubernetes Pods with multiple ports](#kubernetes-pods-with-multiple-ports)
 
 #### Kubernetes Pods running as a deployment
 
@@ -106,6 +106,7 @@ of establishing connections to our previous example "static-server" service. The
 connection to this static text service happens over an authorized and encrypted
 connection via service mesh.
 
+
 <CodeBlockConfig filename="static-client.yaml">
 
 ```yaml
diff --git a/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx b/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
index 0a1b877fce8a..6f2f5ed465c9 100644
--- a/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
+++ b/website/content/docs/k8s/connect/onboarding-tproxy-mode.mdx
@@ -58,8 +58,7 @@ kind: Mesh
 metadata:
   name: mesh
 spec:
-  transparentProxy:
-    meshDestinationsOnly: true
+  allowEnablingPermissiveMutualTLS: true
 ```
 
 ```json
@@ -293,4 +292,4 @@ $ consul config read -kind proxy-defaults -name global
     "CreateIndex": 26,
     "ModifyIndex": 30
 }
-```
+```
\ No newline at end of file
diff --git a/website/content/docs/k8s/deployment-configurations/multi-cluster/kubernetes.mdx b/website/content/docs/k8s/deployment-configurations/multi-cluster/kubernetes.mdx
index 406ca258ec60..e407c7bedea9 100644
--- a/website/content/docs/k8s/deployment-configurations/multi-cluster/kubernetes.mdx
+++ b/website/content/docs/k8s/deployment-configurations/multi-cluster/kubernetes.mdx
@@ -13,8 +13,8 @@ description: >-
 
 -> Looking for a step-by-step guide? Complete the [Secure and Route Service Mesh Communication Across Kubernetes](/consul/tutorials/kubernetes/kubernetes-mesh-gateways?utm_source=docs) tutorial to learn more.
 
-This page describes how to federate multiple Kubernetes clusters. Refer to [Multi-Cluster Overview](/consul/docs/k8s/deployment-configurations/multi-cluster)
-for more information, including [networking requirements](/consul/docs/k8s/deployment-configurations/multi-cluster#network-requirements).
+This page describes how to federate multiple Kubernetes clusters. See [Multi-Cluster Overview](/consul/docs/k8s/deployment-configurations/multi-cluster)
+for more information on use-cases and how it works.
 
 ## Primary Datacenter
 
@@ -81,7 +81,8 @@ Modifications:
 
 1. The Consul datacenter name is `dc1`. The datacenter name in each federated
    cluster **must be unique**.
-1. ACLs are enabled in the template configuration. When ACLs are enabled, primary clusters must be able to make requests to the Kubernetes API URLs of secondary clusters. To disable ACLs for testing purposes, change the following settings:
+1. ACLs are enabled in the above config file. They can be disabled by setting:
+
 
    ```yaml
    global:
@@ -89,9 +90,9 @@ Modifications:
        manageSystemACLs: false
        createReplicationToken: false
    ```
-
    ACLs secure Consul by requiring every API call to present an ACL token that
-   is validated to ensure it has the proper permissions.
+   is validated to ensure it has the proper permissions. If you are only testing Consul,
+   this is not required.
 1. Gossip encryption is enabled in the above config file. To disable it, comment
    out or delete the `gossipEncryption` key:
 
diff --git a/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx b/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx
index 763dcda5a8f3..8144d54779fe 100644
--- a/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx
+++ b/website/content/docs/k8s/deployment-configurations/multi-cluster/vms-and-kubernetes.mdx
@@ -11,15 +11,14 @@ description: >-
 
 ~> This topic requires familiarity with [Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters) and [WAN Federation Via Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways).
 
-This page describes how to federate Consul clusters separately deployed in VM and Kubernetes runtimes. Refer to [Multi-Cluster Overview](/consul/docs/k8s/deployment-configurations/multi-cluster)
-for more information, including [Kubernetes networking requirements](/consul/docs/k8s/deployment-configurations/multi-cluster#network-requirements).
-
 Consul datacenters running on non-kubernetes platforms like VMs or bare metal can
-be federated with Kubernetes datacenters. 
+be federated with Kubernetes datacenters. Just like with Kubernetes, one datacenter
+must be the [primary](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#primary-datacenter).
 
 ## Kubernetes as the Primary
 
-One Consul datacenter must be the [primary](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#primary-datacenter). If your primary datacenter is running on Kubernetes, use the Helm config from the [Primary Datacenter](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#primary-datacenter) section to install Consul.
+If your primary datacenter is running on Kubernetes, use the Helm config from the
+[Primary Datacenter](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#primary-datacenter) section to install Consul.
 
 Once installed on Kubernetes, and with the `ProxyDefaults` [resource created](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#proxydefaults),
 you'll need to export the following information from the primary Kubernetes cluster:
@@ -211,7 +210,7 @@ ports {
 
 If you're running your primary datacenter on VMs then you'll need to manually
 construct the [Federation Secret](/consul/docs/k8s/deployment-configurations/multi-cluster/kubernetes#federation-secret) in order to federate
-Kubernetes clusters as secondaries. In addition, primary clusters must be able to make requests to the Kubernetes API URLs of secondary clusters when ACLs are enabled.
+Kubernetes clusters as secondaries.
 
 -> Your VM cluster must be running mesh gateways, and have mesh gateway WAN
 federation enabled. See [WAN Federation via Mesh Gateways](/consul/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways).
@@ -259,6 +258,7 @@ You'll need:
      }
    }
    ```
+
 1. If ACLs are enabled you must also modify the [anonymous token](/consul/docs/security/acl/tokens#anonymous-token) policy to have the following permissions:
 
    ```hcl
diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx
index 34bda9400cf2..bbebac147dce 100644
--- a/website/content/docs/k8s/helm.mdx
+++ b/website/content/docs/k8s/helm.mdx
@@ -288,6 +288,8 @@ Use these links to navigate to a particular top-level stanza.
     - `secretKey` ((#v-global-gossipencryption-secretkey)) (`string: ""`) - The key within the Kubernetes secret or Vault secret key that holds the gossip
       encryption key.
 
+    - `logLevel` ((#v-global-gossipencryption-loglevel)) (`string: ""`) - Override global log verbosity level for `gossip-encryption-autogenerate-job` pods. One of "trace", "debug", "info", "warn", or "error".
+
   - `recursors` ((#v-global-recursors)) (`array<string>: []`) - A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries.
     These values are given as `-recursor` flags to Consul servers and clients.
     Refer to [`-recursor`](/consul/docs/agent/config/cli-flags#_recursor) for more details.
@@ -302,6 +304,8 @@ Use these links to navigate to a particular top-level stanza.
       authority (optional) and server and client certificates.
       This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
 
+    - `logLevel` ((#v-global-tls-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
+
     - `enableAutoEncrypt` ((#v-global-tls-enableautoencrypt)) (`boolean: false`) - If true, turns on the auto-encrypt feature on clients and servers.
       It also switches consul-k8s-control-plane components to retrieve the CA from the servers
       via the API. Requires Consul 1.7.1+.
@@ -362,7 +366,7 @@ Use these links to navigate to a particular top-level stanza.
       - `secretKey` ((#v-global-tls-cakey-secretkey)) (`string: null`) - The key within the Kubernetes or Vault secret that holds the CA key.
 
     - `annotations` ((#v-global-tls-annotations)) (`string: null`) - This value defines additional annotations for
-      tls init jobs. This should be formatted as a multi-line string.
+      tls init jobs. Format this value as a multi-line string.
 
       ```yaml
       annotations: |
@@ -383,6 +387,8 @@ Use these links to navigate to a particular top-level stanza.
       for all Consul and consul-k8s-control-plane components.
       This requires Consul >= 1.4.
 
+    - `logLevel` ((#v-global-acls-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
+
     - `bootstrapToken` ((#v-global-acls-bootstraptoken)) - A Kubernetes or Vault secret containing the bootstrap token to use for creating policies and
       tokens for all Consul and consul-k8s-control-plane components. If `secretName` and `secretKey`
       are unset, a default secret name and secret key are used. If the secret is populated, then
@@ -457,7 +463,7 @@ Use these links to navigate to a particular top-level stanza.
       ```
 
     - `annotations` ((#v-global-acls-annotations)) (`string: null`) - This value defines additional annotations for
-      acl init jobs. This should be formatted as a multi-line string.
+      acl init jobs. Format this value as a multi-line string.
 
       ```yaml
       annotations: |
@@ -518,6 +524,8 @@ Use these links to navigate to a particular top-level stanza.
         -o jsonpath="{.clusters[?(@.name=='<your cluster name>')].cluster.server}"
       ```
 
+    - `logLevel` ((#v-global-federation-loglevel)) (`string: ""`) - Override global log verbosity level for the `create-federation-secret-job` pods. One of "trace", "debug", "info", "warn", or "error".
+
   - `metrics` ((#v-global-metrics)) - Configures metrics for Consul service mesh
 
     - `enabled` ((#v-global-metrics-enabled)) (`boolean: false`) - Configures the Helm chart’s components
@@ -632,6 +640,8 @@ Use these links to navigate to a particular top-level stanza.
     Consul server cluster. If you're running Consul externally and want agents
     within Kubernetes to join that cluster, this should probably be false.
 
+  - `logLevel` ((#v-server-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
+
   - `image` ((#v-server-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers running
     Consul server agents.
 
@@ -1004,6 +1014,37 @@ Use these links to navigate to a particular top-level stanza.
         ...
       ```
 
+  - `limits` ((#v-server-limits)) - Settings for potentially limiting timeouts, rate limiting on clients as well
+    as servers, and other settings to limit exposure too many requests, requests
+    waiting for too long, and other runtime considerations.
+
+    - `requestLimits` ((#v-server-limits-requestlimits)) - This object specifies configurations that limit the rate of RPC and gRPC
+      requests on the Consul server. Limiting the rate of gRPC and RPC requests
+      also limits HTTP requests to the Consul server.
+      /consul/docs/agent/config/config-files#request_limits
+
+      - `mode` ((#v-server-limits-requestlimits-mode)) (`string: disabled`) - Setting for disabling or enabling rate limiting.  If not disabled, it
+        enforces the action that will occur when RequestLimitsReadRate
+        or RequestLimitsWriteRate is exceeded.  The default value of "disabled" will
+        prevent any rate limiting from occuring.  A value of "enforce" will block
+        the request from processings by returning an error.  A value of
+        "permissive" will not block the request and will allow the request to
+        continue processing.
+
+      - `readRate` ((#v-server-limits-requestlimits-readrate)) (`integer: -1`) - Setting that controls how frequently RPC, gRPC, and HTTP
+        queries are allowed to happen. In any large enough time interval, rate
+        limiter limits the rate to RequestLimitsReadRate tokens per second.
+
+        See https://en.wikipedia.org/wiki/Token_bucket for more about token
+        buckets.
+
+      - `writeRate` ((#v-server-limits-requestlimits-writerate)) (`integer: -1`) - Setting that controls how frequently RPC, gRPC, and HTTP
+        writes are allowed to happen. In any large enough time interval, rate
+        limiter limits the rate to RequestLimitsWriteRate tokens per second.
+
+        See https://en.wikipedia.org/wiki/Token_bucket for more about token
+        buckets.
+
   - `auditLogs` ((#v-server-auditlogs)) - <EnterpriseAlert inline /> Added in Consul 1.8, the audit object allow users to enable auditing
     and configure a sink and filters for their audit logs. Please refer to
     [audit logs](/consul/docs/enterprise/audit-logging) documentation
@@ -1054,37 +1095,6 @@ Use these links to navigate to a particular top-level stanza.
 
       - `rotate_max_files` - Defines the limit that Consul should follow before it deletes old log files.
 
-  - `limits` ((#v-server-limits)) - Settings for potentially limiting timeouts, rate limiting on clients as well
-    as servers, and other settings to limit exposure too many requests, requests
-    waiting for too long, and other runtime considerations.
-
-    - `requestLimits` ((#v-server-limits-requestlimits)) - This object specifies configurations that limit the rate of RPC and gRPC
-      requests on the Consul server. Limiting the rate of gRPC and RPC requests
-      also limits HTTP requests to the Consul server.
-      /consul/docs/agent/config/config-files#request_limits
-
-      - `mode` ((#v-server-limits-requestlimits-mode)) (`string: disabled`) - Setting for disabling or enabling rate limiting.  If not disabled, it
-        enforces the action that will occur when RequestLimitsReadRate
-        or RequestLimitsWriteRate is exceeded.  The default value of "disabled" will
-        prevent any rate limiting from occuring.  A value of "enforce" will block
-        the request from processings by returning an error.  A value of
-        "permissive" will not block the request and will allow the request to
-        continue processing.
-
-      - `readRate` ((#v-server-limits-requestlimits-readrate)) (`integer: -1`) - Setting that controls how frequently RPC, gRPC, and HTTP
-        queries are allowed to happen. In any large enough time interval, rate
-        limiter limits the rate to RequestLimitsReadRate tokens per second.
-
-        See https://en.wikipedia.org/wiki/Token_bucket for more about token
-        buckets.
-
-      - `writeRate` ((#v-server-limits-requestlimits-writerate)) (`integer: -1`) - Setting that controls how frequently RPC, gRPC, and HTTP
-        writes are allowed to happen. In any large enough time interval, rate
-        limiter limits the rate to RequestLimitsWriteRate tokens per second.
-
-        See https://en.wikipedia.org/wiki/Token_bucket for more about token
-        buckets.
-
 ### externalServers ((#h-externalservers))
 
 - `externalServers` ((#v-externalservers)) - Configuration for Consul servers when the servers are running outside of Kubernetes.
@@ -1145,6 +1155,8 @@ Use these links to navigate to a particular top-level stanza.
     the resources necessary for a Consul client on every Kubernetes node. This _does not_ require
     `server.enabled`, since the agents can be configured to join an external cluster.
 
+  - `logLevel` ((#v-client-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
+
   - `image` ((#v-client-image)) (`string: null`) - The name of the Docker image (including any tag) for the containers
     running Consul client agents.
 
@@ -1780,6 +1792,14 @@ Use these links to navigate to a particular top-level stanza.
 
         - `minInstances` ((#v-connectinject-apigateway-managedgatewayclass-deployment-mininstances)) (`integer: 1`)
 
+      - `openshiftSCCName` ((#v-connectinject-apigateway-managedgatewayclass-openshiftsccname)) (`string: restricted-v2`) - The name of the OpenShift SecurityContextConstraints resource to use for Gateways.
+        Only applicable if `global.openshift.enabled` is true.
+
+      - `mapPrivilegedContainerPorts` ((#v-connectinject-apigateway-managedgatewayclass-mapprivilegedcontainerports)) (`integer: 0`) - This value defines the amount Consul will add to privileged container ports on gateways that use this class.
+        This is useful if you don't want to give your containers extra permissions to run privileged ports.
+        Example: The gateway listener is defined on port 80, but the underlying value of the port on the container
+        will be the 80 + the number defined below.
+
     - `serviceAccount` ((#v-connectinject-apigateway-serviceaccount)) - Configuration for the ServiceAccount created for the api-gateway component
 
       - `annotations` ((#v-connectinject-apigateway-serviceaccount-annotations)) (`string: null`) - This value defines additional annotations for the client service account. This should be formatted as a multi-line
@@ -2111,15 +2131,15 @@ Use these links to navigate to a particular top-level stanza.
       - `consul.hashicorp.com/sidecar-proxy-lifecycle-graceful-port`
       - `consul.hashicorp.com/sidecar-proxy-lifecycle-graceful-shutdown-path`
 
-        - `defaultEnabled` ((#v-connectinject-sidecarproxy-lifecycle-defaultenabled)) (`boolean: true`)
+      - `defaultEnabled` ((#v-connectinject-sidecarproxy-lifecycle-defaultenabled)) (`boolean: true`)
 
-        - `defaultEnableShutdownDrainListeners` ((#v-connectinject-sidecarproxy-lifecycle-defaultenableshutdowndrainlisteners)) (`boolean: true`)
+      - `defaultEnableShutdownDrainListeners` ((#v-connectinject-sidecarproxy-lifecycle-defaultenableshutdowndrainlisteners)) (`boolean: true`)
 
-        - `defaultShutdownGracePeriodSeconds` ((#v-connectinject-sidecarproxy-lifecycle-defaultshutdowngraceperiodseconds)) (`integer: 30`)
+      - `defaultShutdownGracePeriodSeconds` ((#v-connectinject-sidecarproxy-lifecycle-defaultshutdowngraceperiodseconds)) (`integer: 30`)
 
-        - `defaultGracefulPort` ((#v-connectinject-sidecarproxy-lifecycle-defaultgracefulport)) (`integer: 20600`)
+      - `defaultGracefulPort` ((#v-connectinject-sidecarproxy-lifecycle-defaultgracefulport)) (`integer: 20600`)
 
-        - `defaultGracefulShutdownPath` ((#v-connectinject-sidecarproxy-lifecycle-defaultgracefulshutdownpath)) (`string: /graceful_shutdown`)
+      - `defaultGracefulShutdownPath` ((#v-connectinject-sidecarproxy-lifecycle-defaultgracefulshutdownpath)) (`string: /graceful_shutdown`)
 
   - `initContainer` ((#v-connectinject-initcontainer)) (`map`) - The resource settings for the Connect injected init container. If null, the resources
     won't be set for the initContainer. The defaults are optimized for developer instances of
@@ -2148,6 +2168,8 @@ Use these links to navigate to a particular top-level stanza.
     This setting is required for [Cluster Peering](/consul/docs/connect/cluster-peering/k8s).
     Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``.
 
+  - `logLevel` ((#v-meshgateway-loglevel)) (`string: ""`) - Override global log verbosity level for `mesh-gateway-deployment` pods. One of "trace", "debug", "info", "warn", or "error".
+
   - `replicas` ((#v-meshgateway-replicas)) (`integer: 1`) - Number of replicas for the Deployment.
 
   - `wanAddress` ((#v-meshgateway-wanaddress)) - What gets registered as WAN address for the gateway.
@@ -2311,6 +2333,8 @@ Use these links to navigate to a particular top-level stanza.
 
   - `enabled` ((#v-ingressgateways-enabled)) (`boolean: false`) - Enable ingress gateway deployment. Requires `connectInject.enabled=true`.
 
+  - `logLevel` ((#v-ingressgateways-loglevel)) (`string: ""`) - Override global log verbosity level for `ingress-gateways-deployment` pods. One of "trace", "debug", "info", "warn", or "error".
+
   - `defaults` ((#v-ingressgateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
     of annotations, defining any of these values in the `gateways` list
     will override the default values provided here. Annotations will
@@ -2440,6 +2464,8 @@ Use these links to navigate to a particular top-level stanza.
 
   - `enabled` ((#v-terminatinggateways-enabled)) (`boolean: false`) - Enable terminating gateway deployment. Requires `connectInject.enabled=true`.
 
+  - `logLevel` ((#v-terminatinggateways-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
+
   - `defaults` ((#v-terminatinggateways-defaults)) - Defaults sets default values for all gateway fields. With the exception
     of annotations, defining any of these values in the `gateways` list
     will override the default values provided here. Annotations will
@@ -2696,6 +2722,8 @@ Use these links to navigate to a particular top-level stanza.
 
   - `enabled` ((#v-telemetrycollector-enabled)) (`boolean: false`) - Enables the consul-telemetry-collector deployment
 
+  - `logLevel` ((#v-telemetrycollector-loglevel)) (`string: ""`) - Override global log verbosity level. One of "trace", "debug", "info", "warn", or "error".
+
   - `image` ((#v-telemetrycollector-image)) (`string: hashicorp/consul-telemetry-collector:0.0.1`) - The name of the Docker image (including any tag) for the containers running
     the consul-telemetry-collector
 
diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx
index 26ef776e1b73..11f86cf71322 100644
--- a/website/content/docs/k8s/upgrade/index.mdx
+++ b/website/content/docs/k8s/upgrade/index.mdx
@@ -13,7 +13,7 @@ This topic describes considerations and strategies for upgrading Consul deployme
 
 As of Consul v1.14.0, Kubernetes deployments use [Consul Dataplane](/consul/docs/connect/dataplane) instead of client agents. If you upgrade Consul from a version that uses client agents to a version that uses dataplanes, you must follow specific steps to update your Helm chart and remove client agents from the existing deployment. Refer to [Upgrading to Consul Dataplane](/consul/docs/k8s/upgrade#upgrading-to-consul-dataplane) for more information.
 
-The v1.0.0 release of the Consul on Kubernetes Helm chart also introduced a change to the [`externalServers[].hosts` parameter](/consul/docs/k8s/helm#v-externalservers-hosts). Previously, you were able to enter a provider lookup as a string in this field. Now, you must include `exec=` at the start of a string containing a provider lookup. Otherwise, the string is treated as a DNS name. Refer to the [`go-netaddrs`](https://github.com/hashicorp/go-netaddrs) library and command line tool for more information.
+The v1.0.0 release of the Consul on Kubernetes Helm chart also introduced a change to the [`externalServers[].hosts` parameter](/consul/docs/k8s/helm#v-externalservers-hosts). Previously, you were able to enter a provider lookup as a string in this field. Now, you must include `exec=` at the start of a string containing a provider lookup. Otherwise, the string is treated as a DNS name. Refer to the [`go-netaddrs` library and command line tool](https://github.com/hashicorp/go-netaddrs) for more information.
 
 ## Upgrade types
 
diff --git a/website/content/docs/nia/configuration.mdx b/website/content/docs/nia/configuration.mdx
index f54a4ef51e0a..bd67ef5c07e4 100644
--- a/website/content/docs/nia/configuration.mdx
+++ b/website/content/docs/nia/configuration.mdx
@@ -84,7 +84,7 @@ license {
 
 ### Auto-retrieval
 
-You can use the `auto_retrieval` block to configure the automatic license retrieval in CTS. When enabled, CTS attempts to retrieve a new license from its configured Consul Enterprise backend once a day. If CTS cannot retrieve a license and the current license is reaching its expiration date, CTS attempts to retrieve a license with increased frequency, as defined by the [License Expiration Date Handling](/consul/docs/nia/enterprise/license#license-expiration-handling).
+You can use the `auto_retrieval` block to configure the the automatic license retrieval in CTS. When enabled, CTS attempts to retrieve a new license from its configured Consul Enterprise backend once a day. If CTS cannot retrieve a license and the current license is reaching its expiration date, CTS attempts to retrieve a license with increased frequency, as defined by the [License Expiration Date Handling](/consul/docs/nia/enterprise/license#license-expiration-handling).
 
 ~> Enabling `auto_retrieval` is recommended when using HCP Consul, as HCP Consul licenses expire more frequently than Consul Enterprise licenses. Without auto-retrieval enabled, you have to restart CTS every time you load a new license.
 
diff --git a/website/content/docs/nia/usage/errors-ref.mdx b/website/content/docs/nia/usage/errors-ref.mdx
index 4cbb525a3a1c..fafb9faf1ee1 100644
--- a/website/content/docs/nia/usage/errors-ref.mdx
+++ b/website/content/docs/nia/usage/errors-ref.mdx
@@ -11,7 +11,7 @@ This topic explains error messages you may encounter when using Consul-Terraform
 
 ## Example error log messages
 
-If you configured the CTS cluster to run in [high availability mode](/consul/docs/nia/usage/run-ha) and the local module is missing, then the following message appears in the log:
+If you configured the CTS cluster to run in [high availability mode](/consul/docs/nia/usage/run-ha) and the the local module is missing, then the following message appears in the log:
 
 ```shell-session
 [ERROR] ha.compat: error="compatibility check failure: stat ./example-module: no such file or directory"
diff --git a/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx b/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx
index efb65ec71adf..293b3ffa8372 100644
--- a/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx
+++ b/website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx
@@ -19,7 +19,7 @@ gateway functionality. It provides additional capabilities that ingress gateway
 
 1. It allows you to configure and deploy new gateways at any time, without
    rerunning the Consul Helm chart. The configuration of a running gateway can
-   be changed dynamically at anytime, usually without disrupting any the
+   be changed dynamically at anytime, usually without disrupting any the the
    traffic flowing through it.
 1. Listeners on a gateway can use TLS server certificates signed by any
    certificate authority (CA). This allows you to use certificates from public
diff --git a/website/content/docs/release-notes/consul/v1_16_x.mdx b/website/content/docs/release-notes/consul/v1_16_x.mdx
index 616104a7094f..a3c14525425a 100644
--- a/website/content/docs/release-notes/consul/v1_16_x.mdx
+++ b/website/content/docs/release-notes/consul/v1_16_x.mdx
@@ -23,7 +23,7 @@ We are pleased to announce the following Consul updates.
     - [Route traffic to virtual services](/consul/docs/k8s/l7-traffic/route-to-virtual-services)
     - [Configure failover services](/consul/docs/k8s/l7-traffic/failover-tproxy).
 
-- **Granular server-side rate limits (Enterprise):** You can now set limits per source IP address. The following steps describe the general process for setting global read and write rate limits:
+- **Granular server-side rate limits:** You can now set limits per source IP address in Consul Enterprise. The following steps describe the general process for setting global read and write rate limits:
 
     1. Set arbitrary limits to begin understanding the upper boundary of RPC and gRPC loads in your network. Refer to [Initialize rate limit settings](/consul/docs/agent/limits/usage/init-rate-limits) for additional information.
     1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits)
@@ -64,6 +64,16 @@ We are pleased to announce the following Consul updates.
 
 For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs.
 
+## Known Issues
+
+The following issues are known to exist in the v1.16.x releases:
+
+- v1.16.0 - v1.16.1 may have issues when a snapshot restore is performed
+    and the servers are hosting xDS streams. When this bug triggers, it
+    will cause Envoy to incorrectly populate upstream endpoints. It is
+    currently not recommended for service mesh users running agent-less
+    workloads to upgrade Consul to these versions.
+
 ## Changelogs
 
 The changelogs for this major release version and any maintenance versions are listed below.
diff --git a/website/content/docs/security/acl/acl-roles.mdx b/website/content/docs/security/acl/acl-roles.mdx
index 6f094931ee2d..0f451596c9c0 100644
--- a/website/content/docs/security/acl/acl-roles.mdx
+++ b/website/content/docs/security/acl/acl-roles.mdx
@@ -93,7 +93,7 @@ Use the following syntax to define a service identity:
 - `ServiceIdentities.ServiceName`: String value that specifies the name of the service you want to associate with the policy.
 - `ServiceIdentities.Datacenters`: Array that specifies the names of datacenters in which the service identity applies. This field is optional.
 
-Refer to the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
+Refer to the the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
 
 -> **Scope for Namespace and Admin Partition** - In Consul Enterprise, service identities inherit the namespace or admin partition scope of the corresponding ACL token or role.
 
@@ -230,7 +230,7 @@ Use the following syntax to define a node identity:
 - `NodeIdentities.NodeName`: String value that specifies the name of the node you want to associate with the policy.
 - `NodeIdentities.Datacenter`: String value that specifies the name of the datacenter in which the node identity applies.
 
-Refer to the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
+Refer to the the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
 
 -> **Consul Enterprise Namespacing** - Node Identities can only be applied to tokens and roles in the `default` namespace. The generated policy rules allow for `service:read` permissions on all services in all namespaces.
 
diff --git a/website/content/docs/security/acl/auth-methods/index.mdx b/website/content/docs/security/acl/auth-methods/index.mdx
index decab071088a..c26cb05d21f2 100644
--- a/website/content/docs/security/acl/auth-methods/index.mdx
+++ b/website/content/docs/security/acl/auth-methods/index.mdx
@@ -74,7 +74,7 @@ tokens without operator intervention.
 Successful authentication with an auth method returns a set of trusted
 identity attributes corresponding to the authenticated identity. Those
 attributes are matched against all configured binding rules for that auth
-method to determine what privileges to grant the Consul ACL token it will
+method to determine what privileges to grant the the Consul ACL token it will
 ultimately create.
 
 Each binding rule is composed of two portions:
diff --git a/website/content/docs/security/security-models/core.mdx b/website/content/docs/security/security-models/core.mdx
index 2b6bb0515d71..92a5c1ac91c2 100644
--- a/website/content/docs/security/security-models/core.mdx
+++ b/website/content/docs/security/security-models/core.mdx
@@ -128,6 +128,9 @@ environment and adapt these configurations accordingly.
         ca_file = "consul-agent-ca.pem"
         cert_file = "dc1-server-consul-0.pem"
         key_file = "dc1-server-consul-0-key.pem"
+      }
+
+      internal_rpc {
         verify_server_hostname = true
       }
     }
@@ -145,6 +148,9 @@ environment and adapt these configurations accordingly.
           verify_incoming = false
           verify_outgoing = true
           ca_file = "consul-agent-ca.pem"
+        }
+
+        internal_rpc {
           verify_server_hostname = true
         }
       }
diff --git a/website/content/docs/services/configuration/checks-configuration-reference.mdx b/website/content/docs/services/configuration/checks-configuration-reference.mdx
index 10934217aacb..8b32eefba476 100644
--- a/website/content/docs/services/configuration/checks-configuration-reference.mdx
+++ b/website/content/docs/services/configuration/checks-configuration-reference.mdx
@@ -35,8 +35,8 @@ Specify health check options in the `check` block. To register two or more heath
 | `h2ping` | String value that specifies the HTTP2 endpoint, including port number, to send HTTP2 requests to. | <li>H2ping</li> |
 | `h2ping_use_tls` | Boolean value that enables TLS for H2ping checks when set to `true`. | <li>H2ping</li> |
 | `http` | String value that specifies an HTTP endpoint to send requests to. | <li>HTTP</li> |
-| `tls_server_name` | String value that specifies the server name used to verify the hostname on the returned certificates unless `tls_skip_verify` is given. Also included in the client's handshake to support SNI. It is recommended that this field be left unspecified. The TLS client will deduce the server name for SNI from the check address unless it's an IP ([RFC 6066, Section 3](https://tools.ietf.org/html/rfc6066#section-3)). There are two common circumstances where supplying a `tls_server_name` can be beneficial: <li>When the check address is an IP, `tls_server_name` can be specified for SNI. Note: setting `tls_server_name` will also override the hostname used to verify the certificate presented by the server being checked.</li><li>When the hostname in the check address won't be present in the SAN (Subject Alternative Name) field of the certificate presented by the server being checked. Note: setting `tls_server_name` will also override the hostname used for SNI.</li> | <li>HTTP </li> <li>H2Ping </li> <li>gRPC </li> |
-| `tls_skip_verify` | Boolean value that determines if the check verifies the chain and hostname of the certificate that the server presents. Set to `true` to disable verification. We recommend setting to `false` for production use. Default is `false`. | <li>HTTP </li> <li>H2Ping </li> <li>gRPC </li> |
+| `tls_server_name` | String value that specifies the name of the TLS server that issues certificates. Defaults to the SNI determined by the address specified in the `http` field. Set the `tls_skip_verify` to `false` to disable this field. | <li>HTTP</li> |
+| `tls_skip_verify` | Boolean value that disbles TLS for HTTP checks when set to `true`. Default is `false`. | <li>HTTP</li> <li>TCP </li> |
 | `method` | String value that specifies the request method to send during HTTP checks. Default is `GET`. | <li>HTTP</li> |
 | `header` | Object that specifies header fields to send in HTTP check requests. Each header specified in `header` object contains a list of string values. | <li>HTTP</li> |
 | `body` | String value that contains JSON attributes to send in HTTP check requests. You must escape the quotation marks around the keys and values for each attribute. | <li>HTTP</li> |
@@ -44,6 +44,7 @@ Specify health check options in the `check` block. To register two or more heath
 | `os_service` | String value that specifies the name of the name of a service to check during an OSService check. | <li>OSService</li> |
 | `service_id` | String value that specifies the ID of a service instance to associate with an OSService check. That service instance must be on the same node as the check. If not specified, the check verifies the health of the node. | <li>OSService</li> |
 | `tcp` | String value that specifies an IP address or host and port number for the check establish a TCP connection with. | <li>TCP</li> |
+| `tcp_use_tls` | Boolean value that enables TLS for TCP checks when set to `true`. | <li>TCP </li> |
 | `udp` | String value that specifies an IP address or host and port number for the check to send UDP datagrams to. | <li>UDP</li> |
 | `ttl` | String value that specifies how long to wait for an update from an external process during a TTL check. | <li>TTL</li> |
 | `alias_service` | String value that specifies a service or node that the service associated with the health check aliases. | <li>Alias</li> |
@@ -52,4 +53,3 @@ Specify health check options in the `check` block. To register two or more heath
 
 ## Checks block
 You can define multiple health checks in a single `checks` block. The `checks` block is an array of objects that contain the configuration options described in the [`check` block configuration reference](#check-block).
-
diff --git a/website/content/docs/services/configuration/services-configuration-reference.mdx b/website/content/docs/services/configuration/services-configuration-reference.mdx
index 4614a4b26808..95f01e16ff73 100644
--- a/website/content/docs/services/configuration/services-configuration-reference.mdx
+++ b/website/content/docs/services/configuration/services-configuration-reference.mdx
@@ -404,7 +404,7 @@ String value that specifies the namespace in which to register the service. Refe
 
 ## Multiple service definitions
 
-You can define multiple services in a single definition file in the `services` block.  This enables you register multiple services in a single command. Note that the HTTP API does not support the `services` block.
+You can define multiple services in a single definition file in the `servcies` block.  This enables you register multiple services in a single command. Note that the HTTP API does not support the `services` block.
 
 <CodeTabs tabs={[ "HCL", "JSON" ]}>
 
diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx
index 26d60291ea43..610a6af201b0 100644
--- a/website/content/docs/upgrading/upgrade-specific.mdx
+++ b/website/content/docs/upgrading/upgrade-specific.mdx
@@ -16,6 +16,12 @@ upgrade flow.
 
 ## Consul 1.16.x
 
+#### Known issues
+
+Service mesh in Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams.
+When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. Due to this issue, it is currently not recommended for
+service mesh users running agent-less workloads to upgrade Consul to these versions.
+
 #### API health endpoints return different status code
 
 Consul versions 1.16.0+ now return an error 403 "Permission denied" status
@@ -864,7 +870,7 @@ API so existing integrations that create tokens (e.g. Vault) will continue to
 work. The "legacy" tokens generated though will not be able to take advantage of
 new policy features. It's recommended that you complete migration of all tokens
 as soon as possible after upgrade, as well as updating any integrations to work
-with the new ACL [Token](/consul/api-docs/acl/tokens) and
+with the the new ACL [Token](/consul/api-docs/acl/tokens) and
 [Policy](/consul/api-docs/acl/policies) APIs.
 
 ### Multi-datacenter service mesh
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index d82cdd22bf4a..113a19ac319b 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -519,10 +519,6 @@
                     "title": "Invoke Lambda functions in Envoy proxies",
                     "path": "connect/proxies/envoy-extensions/usage/lambda"
                   },
-                  {
-                    "title": "Send access logs to OpenTelemetry collector service",
-                    "path": "connect/proxies/envoy-extensions/usage/otel-access-logging"
-                  },
                   {
                     "title": "Configure Envoy proxy properties",
                     "path": "connect/proxies/envoy-extensions/usage/property-override"
@@ -540,10 +536,6 @@
                     "title": "External authorization",
                     "path": "connect/proxies/envoy-extensions/configuration/ext-authz"
                   },
-                  {
-                    "title": "OpenTelemetry Access Logging",
-                    "path": "connect/proxies/envoy-extensions/configuration/otel-access-logging"
-                  },
                   {
                     "title": "Property override",
                     "path": "connect/proxies/envoy-extensions/configuration/property-override"
@@ -1095,6 +1087,11 @@
         "title": "Sentinel",
         "path": "agent/sentinel"
       },
+      {
+        "title": "RPC",
+        "path": "agent/rpc",
+        "hidden": true
+      },
       {
         "title": "Experimental WAL LogStore",
         "routes": [
diff --git a/website/prettier.config.js b/website/prettier.config.js
index 6cedcca48f42..e8334791b83d 100644
--- a/website/prettier.config.js
+++ b/website/prettier.config.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 module.exports = {
diff --git a/website/public/ie-warning.js b/website/public/ie-warning.js
index 87109b2ed536..08d1060444bc 100644
--- a/website/public/ie-warning.js
+++ b/website/public/ie-warning.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 !(function () {
diff --git a/website/redirects.js b/website/redirects.js
index bfb3cb693d74..52712feeed5a 100644
--- a/website/redirects.js
+++ b/website/redirects.js
@@ -1,6 +1,6 @@
 /**
  * Copyright (c) HashiCorp, Inc.
- * SPDX-License-Identifier: BUSL-1.1
+ * SPDX-License-Identifier: MPL-2.0
  */
 
 // REDIRECTS FILE
@@ -61,8 +61,7 @@ module.exports = [
     permanent: true,
   },
   {
-    source:
-      '/consul/docs/enterprise/sentinel',
+    source: '/consul/docs/enterprise/sentinel',
     destination:
       '/consul/docs/dynamic-app-config/kv#using-sentinel-to-apply-policies-for-consul-kv',
     permanent: true,
diff --git a/website/scripts/should-build.sh b/website/scripts/should-build.sh
index b9ce35e4715b..b653682c52af 100644
--- a/website/scripts/should-build.sh
+++ b/website/scripts/should-build.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 
 ######################################################
diff --git a/website/scripts/website-build.sh b/website/scripts/website-build.sh
index 9d504653802b..691b13f0df75 100755
--- a/website/scripts/website-build.sh
+++ b/website/scripts/website-build.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 ######################################################
 # NOTE: This file is managed by the Digital Team's   #
diff --git a/website/scripts/website-start.sh b/website/scripts/website-start.sh
index e6d639fb397a..7831562084da 100755
--- a/website/scripts/website-start.sh
+++ b/website/scripts/website-start.sh
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 ######################################################
 # NOTE: This file is managed by the Digital Team's   #

From 2a69150e139c4dbbeba0d3281e9dcf53186f904d Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Thu, 31 Aug 2023 04:36:27 +0000
Subject: [PATCH 348/359] backport of commit
 ef186faf8978035e0e60c6fd68a274c969c73d49

---
 .../proxies/deploy-sidecar-services.mdx       | 68 +++++++++----------
 1 file changed, 31 insertions(+), 37 deletions(-)

diff --git a/website/content/docs/connect/proxies/deploy-sidecar-services.mdx b/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
index 5550dd1769c0..27a656f3d678 100644
--- a/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
+++ b/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
@@ -1,11 +1,11 @@
 ---
 layout: docs
-page_title: Register a Service Mesh Proxy in a Service Registration
+page_title: Deploy proxies as sidecar services
 description: >-
   You can register a service instance and its sidecar proxy at the same time. Learn about default settings, customizable parameters, limitations, and lifecycle behaviors of the sidecar proxy.
 ---
 
-# Deploy sidecar proxies
+# Deploy sidecar services
 
 This topic describes how to create, register, and start sidecar proxy services in Consul. Refer to [Service mesh proxies overview](/consul/docs/connect/proxies) for additional information about how proxies enable Consul functionalities. For information about deploying service mesh proxies, refer to [Deploy service mesh proxies](/consul/docs/connect/proxies/deploy-service-mesh-proxies).
 
@@ -172,17 +172,40 @@ $ consul connect envoy -sidecar-for=web
 
 For details about operating an Envoy proxy in Consul, refer to [](/consul/docs/connect/proxies/envoy)  
 
-
 ## Configuration reference
 
-Add the `connect.sidecar_service` block to your service definition file and specify the parameters to configure sidecar proxy behavior. The `sidecar_service` block is a service definition that can contain most regular service definition fields. Refer to [Limitations](#limitations) for information about unsupported service definition fields for sidecar proxies. 
+The `sidecar_service` block is a service definition that can contain most regular service definition fields. Refer to [Limitations](#limitations) for information about unsupported service definition fields for sidecar proxies. 
+
+Consul treats sidecar proxy service definitions as a root-level service definition. All fields are optional in nested definitions, which default to opinionated settings that are intended to reduce burden of setting up a sidecar proxy.
 
-Consul treats sidecar proxy service definitions as a root-level service definition. All fields are optional in nested
-definitions, which default to opinionated settings that are intended to reduce burden of setting up a sidecar proxy.
+## Sidecar service defaults
 
+The following fields are set by default on a sidecar service registration. With
+[the exceptions noted](#limitations) any field may be overridden explicitly in
+the `connect.sidecar_service` definition to customize the proxy registration.
+The "parent" service refers to the service definition that embeds the sidecar
+proxy.
 
+- `id` - ID defaults to being `<parent-service-id>-sidecar-proxy`. This can't
+  be overridden as it is used to [manage the lifecycle](#lifecycle) of the
+  registration.
+- `name` - Defaults to being `<parent-service-name>-sidecar-proxy`.
+- `tags` - Defaults to the tags of the parent service.
+- `meta` - Defaults to the service metadata of the parent service.
+- `port` - Defaults to being auto-assigned from a configurable
+  range specified by [`sidecar_min_port`](/consul/docs/agent/config/config-files#sidecar_min_port)
+  and [`sidecar_max_port`](/consul/docs/agent/config/config-files#sidecar_max_port).
+- `kind` - Defaults to `connect-proxy`. This can't be overridden currently.
+- `check`, `checks` - By default we add a TCP check on the local address and
+  port for the proxy, and a [service alias
+  check](/consul/docs/services/usage/checks#alias-checks) for the parent service. If either
+  `check` or `checks` fields are set, only the provided checks are registered.
+- `proxy.destination_service_name` - Defaults to the parent service name.
+- `proxy.destination_service_id` - Defaults to the parent service ID.
+- `proxy.local_service_address` - Defaults to `127.0.0.1`.
+- `proxy.local_service_port` - Defaults to the parent service port.
 
-## Example with overwitten configurations
+### Example with overwritten configurations
 
 In the following example, but the `sidecar_service` macro sets baselines configurations for the proxy, but the [proxy
 upstreams](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference)
@@ -211,35 +234,6 @@ configuration](/consul/docs/connect/proxies/built-in) fields contain custom valu
 }
 ```
 
-
-
-## Sidecar service defaults
-
-The following fields are set by default on a sidecar service registration. With
-[the exceptions noted](#limitations) any field may be overridden explicitly in
-the `connect.sidecar_service` definition to customize the proxy registration.
-The "parent" service refers to the service definition that embeds the sidecar
-proxy.
-
-- `id` - ID defaults to being `<parent-service-id>-sidecar-proxy`. This can't
-  be overridden as it is used to [manage the lifecycle](#lifecycle) of the
-  registration.
-- `name` - Defaults to being `<parent-service-name>-sidecar-proxy`.
-- `tags` - Defaults to the tags of the parent service.
-- `meta` - Defaults to the service metadata of the parent service.
-- `port` - Defaults to being auto-assigned from a configurable
-  range specified by [`sidecar_min_port`](/consul/docs/agent/config/config-files#sidecar_min_port)
-  and [`sidecar_max_port`](/consul/docs/agent/config/config-files#sidecar_max_port).
-- `kind` - Defaults to `connect-proxy`. This can't be overridden currently.
-- `check`, `checks` - By default we add a TCP check on the local address and
-  port for the proxy, and a [service alias
-  check](/consul/docs/services/usage/checks#alias-checks) for the parent service. If either
-  `check` or `checks` fields are set, only the provided checks are registered.
-- `proxy.destination_service_name` - Defaults to the parent service name.
-- `proxy.destination_service_id` - Defaults to the parent service ID.
-- `proxy.local_service_address` - Defaults to `127.0.0.1`.
-- `proxy.local_service_port` - Defaults to the parent service port.
-
 ## Limitations
 
 The following fields are not supported in the `connect.sidecar_service` block:
@@ -275,4 +269,4 @@ service's ID. This enables the following behavior.
 - When reloading the configuration files, if a service definition changes its
   ID, then a new service instance _and_ a new sidecar instance will be
   registered. The old ones will be removed since they are no longer found in
-  the config files.
+  the config files.
\ No newline at end of file

From 2ae727f8d8ed244136d62ea5a76c8c5f044e3439 Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Thu, 31 Aug 2023 04:49:43 +0000
Subject: [PATCH 349/359] backport of commit
 8903c8ce936b1a46ee1a0a43d55b6de3612d85cf

---
 .../proxy-config-reference.mdx}               |  0
 website/data/docs-nav-data.json               | 31 +++++++++----------
 2 files changed, 15 insertions(+), 16 deletions(-)
 rename website/content/docs/connect/{registration/service-registration.mdx => proxies/proxy-config-reference.mdx} (100%)

diff --git a/website/content/docs/connect/registration/service-registration.mdx b/website/content/docs/connect/proxies/proxy-config-reference.mdx
similarity index 100%
rename from website/content/docs/connect/registration/service-registration.mdx
rename to website/content/docs/connect/proxies/proxy-config-reference.mdx
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 113a19ac319b..5cd454d4f9e1 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -493,10 +493,6 @@
             "title": "Deploy sidecar services",
             "path": "connect/proxies/deploy-sidecar-services"
           },
-          {
-            "title": "Envoy proxies reference",
-            "path": "connect/proxies/envoy"
-          },
           {
             "title": "Envoy Extensions",
             "routes": [
@@ -549,21 +545,24 @@
             ]
           },
           {
-            "title": "Built-in Proxy",
-            "path": "connect/proxies/built-in"
+            "title": "Proxy integration",
+            "path": "connect/proxies/integrate"
           },
           {
-            "title": "Proxy Integration",
-            "path": "connect/proxies/integrate"
-          }
-        ]
-      },
-      {
-        "title": "Registering Proxies",
-        "routes": [
+            "title": "Proxy defaults configuration reference",
+            "href": "/consul/docs/connect/config-entries/proxy-defaults"
+          },
+          {
+            "title": "Envoy proxies reference",
+            "path": "connect/proxies/envoy"
+          },
+          {
+            "title": "Built-in proxy reference",
+            "path": "connect/proxies/built-in"
+          },
           {
-            "title": "Proxy Service Registration",
-            "path": "connect/registration/service-registration"
+            "title": "Service mesh proxy configuration reference",
+            "path": "connect/proxies/proxy-config-reference"
           }
         ]
       },

From 1e2557f6d2e13bcdfe2aace37d9bcea3a5e5cdb4 Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Thu, 31 Aug 2023 04:53:11 +0000
Subject: [PATCH 350/359] backport of commit
 67e332826daa44cf736f711ac83af1cc38ab84e5

---
 website/redirects.js | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/website/redirects.js b/website/redirects.js
index 52712feeed5a..c6dde36160ea 100644
--- a/website/redirects.js
+++ b/website/redirects.js
@@ -69,8 +69,22 @@ module.exports = [
   {
     source:
       '/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters',
-    destination:
-      '/consul/docs/k8s/deployment-configurations/multi-cluster',
+    destination: '/consul/docs/k8s/deployment-configurations/multi-cluster',
+    permanent: true,
+  },
+  {
+    source: '/consul/docs/connect/registration/service-registration',
+    destination: '/consul/docs/connect/proxies/proxy-config-reference',
     permanent: true,
-  }
+  },
+  {
+    source: '/consul/docs/connect/registration',
+    destination: '/consul/docs/connect/proxies/',
+    permanent: true,
+  },
+  {
+    source: '/consul/docs/connect/registration/sidecar-service',
+    destination: '/consul/docs/connect/proxies/deploy-sidecar-services',
+    permanent: true,
+  },
 ]

From 1ec5d8d9aacea0b0c8d840d52d5b462847972555 Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Thu, 31 Aug 2023 04:58:41 +0000
Subject: [PATCH 351/359] backport of commit
 3345473c10ea65d7925fcd3bce04384b18ecfd59

---
 .../docs/connect/proxies/deploy-service-mesh-proxies.mdx  | 3 ++-
 website/content/docs/connect/proxies/index.mdx            | 8 ++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
index cc7e595cc856..02c9c483ce82 100644
--- a/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
+++ b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
@@ -1,7 +1,8 @@
 --- 
 layout: docs
 page_title: Deploy service mesh proxies
-description: Envoy and other proxies in Consul service mesh enable service-to-service communication across your network. Learn how to deploy service mesh proxies in this topic.
+description: >- 
+   Envoy and other proxies in Consul service mesh enable service-to-service communication across your network. Learn how to deploy service mesh proxies in this topic.
 ---
 
 # Deploy service mesh proxies services
diff --git a/website/content/docs/connect/proxies/index.mdx b/website/content/docs/connect/proxies/index.mdx
index f09aa820be16..e23f553d7221 100644
--- a/website/content/docs/connect/proxies/index.mdx
+++ b/website/content/docs/connect/proxies/index.mdx
@@ -49,7 +49,7 @@ Service mesh proxies do not support dynamic upstreams. If an application require
 
 ## Proxies in Kubernetes-orchestrated networks
 
-For Kubernetes-orchestrated environments, Consul deploys _dataplanes_ by default to manage proxies. Consul dataplanes are light-weight processes that leverage existing Kubernetes sidecar orchestration capabilities.  Refer to the [ dataplanes documentation](/consul/docs/connect/dataplane) for additional information.
+For Kubernetes-orchestrated environments, Consul deploys _dataplanes_ by default to manage proxies. Consul dataplanes are light-weight processes that leverage existing Kubernetes sidecar orchestration capabilities.  Refer to the [dataplanes documentation](/consul/docs/connect/dataplane) for additional information.
 
 ## Guidance
 
@@ -61,8 +61,8 @@ Refer to the following resources for help using service mesh proxies:
 
 ### Usage documentation
 
-- [Deploy service mesh proxies](/consul/docs/connect/proxies) <!-- TODO add proper link -->
-- [Deploy sidecar proxies](/consul/docs/connect/registration/sidecar-service) <!-- TODO update to real link -->
+- [Deploy service mesh proxies](/consul/docs/connect/proxies/deploy-service-mesh-proxies) 
+- [Deploy sidecar proxies](/consul/docs/connect/proxies/deploy-sidecar-services)
 - [Extend Envoy proxies](/consul/docs/connect/proxies/envoy-extensions)
 - [Integrate custom proxies](/consul/docs/connect/proxies/integrate)
 
@@ -70,5 +70,5 @@ Refer to the following resources for help using service mesh proxies:
 
 - [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for additional information. 
 - [Envoy proxies reference](/consul/docs/connect/proxies/envoy)
-- [Service mesh proxy configuration reference](/consul/docs/connect/proxies/builtin)
+- [Service mesh proxy configuration reference](/consul/docs/connect/proxies/proxy-config-reference)
 - [`consul connect envoy` command](/consul/commands/connect/envoy)

From fddaa255a4f94fa58b1e7fe2b1f6655bc4a28936 Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Thu, 31 Aug 2023 16:09:29 +0000
Subject: [PATCH 352/359] backport of commit
 d838e5de9eb7a87ef961a4f7a447e7bbd92def6c

---
 .../proxies/deploy-service-mesh-proxies.mdx      | 16 +++++++++++++---
 .../connect/proxies/deploy-sidecar-services.mdx  | 12 +++++++++++-
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
index 02c9c483ce82..eb34fc41c833 100644
--- a/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
+++ b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
@@ -13,7 +13,7 @@ This topic describes how to create, register, and start service mesh proxies in
 
 Complete the following steps to deploy a service mesh proxy:
 
-1. It is not required, but you can create a proxy defaults configuration entry that contains global  passthrough settings for all Envoy proxies. Refer to [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for additional information.
+1. It is not required, but you can create a proxy defaults configuration entry that contains global passthrough settings for all Envoy proxies. 
 1. Create a service definition file and specify the proxy configurations in the `proxy` block.
 1. Register the service using the API or CLI.
 1. Start the proxy service. 
@@ -22,6 +22,16 @@ Complete the following steps to deploy a service mesh proxy:
 
 If [ACLs](/consul/docs/security/acl) are enabled and you want to configure global Envoy settings in the [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults), you must present a token with `operator:write` permissions. Refer to [Create a service token](/consul/docs/security/acl/tokens/create/create-a-service-token) for additional information.
 
+## Configure global Envoy passthrough settings
+
+If you want to define global passthrough settings for all Envoy proxies, create a proxy defaults configuration entry and specify default settings, such as access log configuration. [Service defaults configuration entries](/consul/docs/connect/config-entries/service-defaults) override proxy defaults and individual service configurations override both configuration entries.
+
+1. Create a proxy defaults configuration entry and specify the following parameters:
+   - `Kind`: Must be set to `proxy-defaults`
+   - `Name`: Must be set to `global`
+1. Configure any additional settings you want to apply to all proxies. Refer to [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for details about all settings available in the configuraiton entry. 
+1. Apply the configuration by either calling the [`/config` API endpoint](/consul/api-docs/config) or running the [`consul config write` CLI command](/consul/commands/config/write). 
+
 ## Define service mesh proxy 
 
 Create a service definition file and configure the following fields to define a service mesh proxy:
@@ -29,10 +39,10 @@ Create a service definition file and configure the following fields to define a
 1. Set the `kind` field to `connect-proxy`. Refer to the [services configuration reference](/consul/docs/services/configuration/services-configuration-reference#kind) for information about other kinds of proxies you can declare.
 1. Specify a name for the proxy service in the `name` field. Consul applies the configurations to any proxies you bootstrap with the same name.
 1. In the `proxy.destination_service_name` field, specify the name of the service that the proxy represents. 
-1. Configure any additional proxy behaviors that you want to implement in the `proxy` block. Refer to the [Service mesh proxy configuration reference](/consul/docs/connect/registration/service-registration) for information about all parameters. 
+1. Configure any additional proxy behaviors that you want to implement in the `proxy` block. Refer to the [Service mesh proxy configuration reference](/consul/docs/connect/proxies/proxy-config-reference) for information about all parameters. 
 1. Specify a port number where other services registered with Consul can discover and connect to the proxies service in the `port` field. To ensure that services only allow external connections established through the service mesh protocol, you should configure all services to only accept connections on a loopback address.
 
-Refer to the [Service mesh proxy configuration reference](/consul/docs/connect/proxy-config-reference) for example configurations.
+Refer to the [Service mesh proxy configuration reference](/consul/docs/connect/proxies/proxy-config-reference) for example configurations.
 
  ## Register the service 
 
diff --git a/website/content/docs/connect/proxies/deploy-sidecar-services.mdx b/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
index 27a656f3d678..14e61d0755b3 100644
--- a/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
+++ b/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
@@ -16,7 +16,7 @@ They may be on the same VM or running as a separate container in the same networ
 
 You can attach a sidecar proxy to a service you want to deploy to your mesh:
 
-1. It is not required, but you can create a proxy defaults configuration entry that contains global  passthrough settings for all Envoy proxies. Refer to [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for additional information.
+1. It is not required, but you can create a proxy defaults configuration entry that contains global  passthrough settings for all Envoy proxies. 
 1. Create the service definition and include the `connect` block. The `connect` block contains the sidecar proxy configurations that allow the service to interact with other services in the mesh.
 1. Register the service using either the API or CLI.
 1. Start the sidecar proxy service. 
@@ -25,6 +25,16 @@ You can attach a sidecar proxy to a service you want to deploy to your mesh:
 
 If [ACLs](/consul/docs/security/acl) are enabled and you want to configure global Envoy settings in the [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults), you must present a token with `operator:write` permissions. Refer to [Create a service token](/consul/docs/security/acl/tokens/create/create-a-service-token) for additional information.
 
+## Configure global Envoy passthrough settings
+
+If you want to define global passthrough settings for all Envoy proxies, create a proxy defaults configuration entry and specify default settings, such as access log configuration. [Service defaults configuration entries](/consul/docs/connect/config-entries/service-defaults) override proxy defaults and individual service configurations override both configuration entries.
+
+1. Create a proxy defaults configuration entry and specify the following parameters:
+   - `Kind`: Must be set to `proxy-defaults`
+   - `Name`: Must be set to `global`
+1. Configure any additional settings you want to apply to all proxies. Refer to [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for details about all settings available in the configuraiton entry. 
+1. Apply the configuration by either calling the [`/config` API endpoint](/consul/api-docs/config) or running the [`consul config write` CLI command](/consul/commands/config/write). 
+
 ## Define service mesh proxy 
 
 Create a service definition and configure the following fields: 

From c5510a1202caf94c29682f41a707f3fd898ebc9c Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Thu, 31 Aug 2023 16:27:00 +0000
Subject: [PATCH 353/359] backport of commit
 a1c35174cccd0f24e1c8f3c5563cc28f5e5d8bff

---
 .../content/docs/connect/proxies/index.mdx    |  2 +-
 .../proxies/proxy-config-reference.mdx        | 59 +++++++++----------
 2 files changed, 29 insertions(+), 32 deletions(-)

diff --git a/website/content/docs/connect/proxies/index.mdx b/website/content/docs/connect/proxies/index.mdx
index e23f553d7221..d944c5a67c0d 100644
--- a/website/content/docs/connect/proxies/index.mdx
+++ b/website/content/docs/connect/proxies/index.mdx
@@ -17,7 +17,7 @@ _Proxies_ are services that you can configure to perform several different types
 
 You can configure proxies to operate as sidecar services transparently handles inbound and outbound service connections. Sidecars also automatically wrap and verify TLS connections. Each service in your mesh should have its own sidecar proxy.   
 
-Refer to [Register service mesh proxies as sidecars]() for additional information.
+Refer to [Deploy sidecar services](/consul/docs/connect/proxies/deploy-sidecar-services) for additional information.
 
 ### Gateways
 
diff --git a/website/content/docs/connect/proxies/proxy-config-reference.mdx b/website/content/docs/connect/proxies/proxy-config-reference.mdx
index 57050476dcf4..93e41ad2d2cd 100644
--- a/website/content/docs/connect/proxies/proxy-config-reference.mdx
+++ b/website/content/docs/connect/proxies/proxy-config-reference.mdx
@@ -1,15 +1,14 @@
 ---
 layout: docs
-page_title: Register a Service Mesh Proxy Outside of a Service Registration
+page_title: Service mesh proxy configuration
 description: >-
   You can register a service mesh sidecar proxy separately from the registration of the service instance it fronts. Learn about proxy configuration options and how to format them with examples.
 ---
 
-# Register a Service Mesh Proxy Outside of a Service Registration
+# Service mesh proxy configuration
 
 This topic describes how to declare a service mesh proxy in a service definition. The `kind` must be declared and information about the service they represent must be provided to function as a Consul service mesh proxy.
 
-
 ## Configuration
 
 Configure a service mesh proxy using the following syntax:
@@ -79,7 +78,7 @@ proxy = {
 
 </CodeTabs>
 
-### Sidecar Proxy Configuration
+### Sidecar proxy configuration
 
 Many service mesh proxies are deployed as sidecars.
 Sidecar proxies are co-located with the single service instance they represent and proxy all inbound traffic to.
@@ -92,7 +91,7 @@ Specify the following parameters in the `proxy` code block to configure a sideca
 
 See [Sidecar Service Registration](/consul/docs/connect/registration/sidecar-service) for additional information about configuring service mesh proxies as sidecars.
 
-### Complete Configuration Example
+### Complete configuration example
 
 The following example includes values for all available options when registering a proxy instance.
 
@@ -140,7 +139,7 @@ proxy = {
 
 </CodeTabs>
 
-### Proxy Parameters
+### Proxy parameters
 
 The following table describes all parameters that can be defined in the `proxy` block.
 
@@ -158,7 +157,7 @@ The following table describes all parameters that can be defined in the `proxy`
 | `mesh_gateway` | Object value that specifies the mesh gateway configuration for the proxy. Refer to [Mesh Gateway Configuration Reference](#mesh-gateway-configuration-reference) for details. | Optional | None |
 | `expose` | Object value that specifies a configuration for exposing HTTP paths through the proxy. <br/>This parameter is only compatible with Envoy proxies. <br/>Refer to [Expose Paths Configuration Reference](#expose-paths-configuration-reference) for details. | Optional | None |
 
-### Upstream Configuration Reference
+### Upstream configuration reference
 
 You can configure the service mesh proxy to create listeners for upstream services. The listeners enable the upstream service to accept requests. You can specify the following parameters to configure upstream service listeners.
 
@@ -177,7 +176,7 @@ You can configure the service mesh proxy to create listeners for upstream servic
 | `config` | Object value that specifies opaque configuration options that will be provided to the proxy instance for the upstream. <br/>Valid JSON objects are also supported. <br/>The `config` parameter can specify timeouts, retries, and other proxy-specific features for the given upstream. <br/>See the [built-in proxy configuration reference](/consul/docs/connect/proxies/built-in#proxy-upstream-config-key-reference) for configuration options when using the built-in proxy. <br/>If using Envoy as a proxy, see [Envoy configuration reference](/consul/docs/connect/proxies/envoy#proxy-upstream-config-options) | Optional | None |
 | `mesh_gateway` | Object that defines the mesh gateway configuration for the proxy. Refer to the [Mesh Gateway Configuration Reference](#mesh-gateway-configuration-reference) for configuration details. | Optional | None |
 
-### Upstream Configuration Examples
+### Upstream configuration examples
 
 Upstreams support multiple destination types. The following examples include information about each implementation. Note that the examples in this topic use snake case, which is a convention that separates words with underscores, because the format is supported in configuration files and API registrations. 
 
@@ -280,7 +279,7 @@ local_bind_port = 9090
 
 </CodeTabs>
 
-## Proxy Modes
+## Proxy modes
 
 You can configure which mode a proxy operates in by specifying `"direct"` or `"transparent"` in the `mode` parameter. The proxy mode determines the how proxies direct traffic. This feature was added in Consul 1.10.0.
 
@@ -295,7 +294,7 @@ You can also specify an empty string (`""`), which configures the proxy to opera
 
 The proxy will default to `direct` mode if a mode cannot be determined from the parent parameters.
 
-### Transparent Proxy Configuration Reference
+### Transparent proxy configuration reference
 
 The following examples show additional configuration for transparent proxies.
 
@@ -320,13 +319,13 @@ Note that the examples in this topic use snake case, which is a convention that
   ~> **Note:** Dynamic routing rules such as failovers and redirects do not apply to services dialed directly.
      Additionally, the connection is proxied using a TCP proxy with a connection timeout of 5 seconds.
 
-### Mesh Gateway Configuration Reference
+### Mesh gateway configuration reference
 
 The following examples show all possible mesh gateway configurations.
 
  Note that the examples in this topic use snake case, which is a convention that separates words with underscores, because the format is supported in configuration files and API registrations.
 
-#### Using a Local/Egress Gateway in the Local Datacenter
+#### Using local and egress gateways in the local datacenter
 
 ```json
 {
@@ -334,7 +333,7 @@ The following examples show all possible mesh gateway configurations.
 }
 ```
 
-#### Direct to a Remote/Ingress in a Remote Datacenter
+#### Direct to remote and ingress services in a remote datacenter
 
 ```json
 {
@@ -342,7 +341,7 @@ The following examples show all possible mesh gateway configurations.
 }
 ```
 
-#### Prevent Using a Mesh Gateway
+#### Disable a mesh gateway
 
 ```json
 {
@@ -350,7 +349,7 @@ The following examples show all possible mesh gateway configurations.
 }
 ```
 
-#### Default Mesh Gateway Mode
+#### Specify the default mesh gateway mode
 
 ```json
 {
@@ -373,7 +372,7 @@ The following examples show all possible mesh gateway configurations.
     3.  The `service-defaults` configuration for the service.
     4.  The `global` `proxy-defaults`.
 
-### Expose Paths Configuration Reference
+### Expose paths configuration reference
 
 The following examples show possible configurations to expose HTTP paths through Envoy.
 
@@ -383,7 +382,9 @@ Some examples include: exposing a `/metrics` path for Prometheus or `/healthz` f
  
 Note that the examples in this topic use snake case, which is a convention that separates words with underscores, because the format is supported in configuration files and API registrations.
 
-#### Expose listeners in Envoy for HTTP and GRPC checks registered with the local Consul agent
+#### Expose listeners in Envoy for health checks
+
+The following example exposes Envoy listeners to HTTP and GRPC checks registered with the local Consul agent:
 
 ```json
 {
@@ -393,7 +394,9 @@ Note that the examples in this topic use snake case, which is a convention that
 }
 ```
 
-#### Expose an HTTP listener in Envoy at port 21500 that routes to an HTTP server listening at port 8080
+#### Expose an HTTP listener 
+
+The following example exposes and HTTP listener in Envoy at port `21500` that routes to an HTTP server listening at port `8080`:
 
 ```json
 {
@@ -409,7 +412,9 @@ Note that the examples in this topic use snake case, which is a convention that
 }
 ```
 
-#### Expose an HTTP2 listener in Envoy at port 21501 that routes to a gRPC server listening at port 9090
+#### Expose an HTTP2 listener 
+
+The following example expose an HTTP2 listener in Envoy at port `21501` that routes to a gRPC server listening at port `9090`:
 
 ```json
 {
@@ -440,15 +445,9 @@ Note that the examples in this topic use snake case, which is a convention that
     but the proxy registration will not fail.
   - `protocol` `(string: "http")` - Sets the protocol of the listener. One of `http` or `http2`. For gRPC use `http2`.
 
-### Unix Domain Sockets
-
-The following examples show additional configuration for Unix domain sockets.
-
-Added in v1.10.0.
+### Unix domain sockets
 
-To connect to a service via local Unix Domain Socket instead of a
-port, add `local_bind_socket_path` and optionally `local_bind_socket_mode`
-to the upstream config for a service:
+To connect to a service using a local Unix domain socket instead of a port, add `local_bind_socket_path` and optionally `local_bind_socket_mode` to the upstream config for a service. The following examples show additional configurations for Unix domain sockets:
 
 <CodeTabs>
 
@@ -474,11 +473,9 @@ upstreams = [
 
 </CodeTabs>
 
-This will cause Envoy to create a socket with the path and mode
-provided, and connect that to service-1.
+Envoy creates a socket with the specified path and mode and connects to `service-1`.
 
-The mode field is optional, and if omitted will use the default mode
-for Envoy. This is not applicable for abstract sockets. See the
+The `mode` field is optional. When omitted, Envoy uses the default mode. This is not applicable for abstract sockets. Refer to the
 [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#envoy-v3-api-msg-config-core-v3-pipe)
 for details.
 

From 7ea0d748edbe81f892b3785f6a354ad0d0e9d1e6 Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Thu, 31 Aug 2023 16:27:25 +0000
Subject: [PATCH 354/359] backport of commit
 066079064991055d890354e89aeb8276ef4c57c8

---
 website/content/docs/connect/proxies/index.mdx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/website/content/docs/connect/proxies/index.mdx b/website/content/docs/connect/proxies/index.mdx
index d944c5a67c0d..eb4ef576526a 100644
--- a/website/content/docs/connect/proxies/index.mdx
+++ b/website/content/docs/connect/proxies/index.mdx
@@ -31,7 +31,6 @@ Consul has first-class support for Envoy proxies, which is a highly configurable
 
 - [Envoy proxy reference](/consul/docs/connect/proxies/envoy)
 - [Envoy API documentation](https://www.envoyproxy.io/docs/envoy/v1.17.2/api-docs/xds_protocol)
-- [Envoy website](https://www.envoyproxy.io)
  
 You can use Consul's built-in proxy service that supports L4 network traffic, which is suitable for testing and development but not recommended for production environments. Refer to the [built-in proxy reference](/consul/docs/connect/proxies/builtin) for additional information.
 

From 0243d7882396793bbe4e7570705e298767bba92e Mon Sep 17 00:00:00 2001
From: trujillo-adam <ajosetru@gmail.com>
Date: Thu, 31 Aug 2023 16:47:46 +0000
Subject: [PATCH 355/359] backport of commit
 baae1ed358f5b79acc30ed9890d5ecd2ab6d4b43

---
 .../docs/connect/proxies/deploy-service-mesh-proxies.mdx    | 6 +++++-
 .../docs/connect/proxies/deploy-sidecar-services.mdx        | 6 +++++-
 website/content/docs/connect/proxies/index.mdx              | 4 ++--
 .../content/docs/connect/proxies/proxy-config-reference.mdx | 2 +-
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
index eb34fc41c833..60d9cc5ab745 100644
--- a/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
+++ b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
@@ -30,7 +30,11 @@ If you want to define global passthrough settings for all Envoy proxies, create
    - `Kind`: Must be set to `proxy-defaults`
    - `Name`: Must be set to `global`
 1. Configure any additional settings you want to apply to all proxies. Refer to [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for details about all settings available in the configuraiton entry. 
-1. Apply the configuration by either calling the [`/config` API endpoint](/consul/api-docs/config) or running the [`consul config write` CLI command](/consul/commands/config/write). 
+1. Apply the configuration by either calling the [`/config` API endpoint](/consul/api-docs/config) or running the [`consul config write` CLI command](/consul/commands/config/write). The following example writes a proxy defaults configuration entry from a local HCL file using the CLI:
+
+```shell-session
+$ consul config write proxy-defaults.hcl
+```
 
 ## Define service mesh proxy 
 
diff --git a/website/content/docs/connect/proxies/deploy-sidecar-services.mdx b/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
index 14e61d0755b3..23e7a6238aa1 100644
--- a/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
+++ b/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
@@ -33,7 +33,11 @@ If you want to define global passthrough settings for all Envoy proxies, create
    - `Kind`: Must be set to `proxy-defaults`
    - `Name`: Must be set to `global`
 1. Configure any additional settings you want to apply to all proxies. Refer to [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for details about all settings available in the configuraiton entry. 
-1. Apply the configuration by either calling the [`/config` API endpoint](/consul/api-docs/config) or running the [`consul config write` CLI command](/consul/commands/config/write). 
+1. Apply the configuration by either calling the [`/config` API endpoint](/consul/api-docs/config) or running the [`consul config write` CLI command](/consul/commands/config/write). The following example writes a proxy defaults configuration entry from a local HCL file using the CLI:
+
+```shell-session
+$ consul config write proxy-defaults.hcl
+```
 
 ## Define service mesh proxy 
 
diff --git a/website/content/docs/connect/proxies/index.mdx b/website/content/docs/connect/proxies/index.mdx
index eb4ef576526a..eeea3305f214 100644
--- a/website/content/docs/connect/proxies/index.mdx
+++ b/website/content/docs/connect/proxies/index.mdx
@@ -1,6 +1,6 @@
 ---
 layout: docs
-page_title: Service Mesh Proxy Overview
+page_title: Service mesh proxy overview
 description: >-
   In Consul service mesh, each service has a sidecar proxy that secures connections with other services in the mesh without modifying the underlying application code. You can use the built-in proxy, Envoy, or a custom proxy to handle communication and verify TLS connections.
 ---
@@ -32,7 +32,7 @@ Consul has first-class support for Envoy proxies, which is a highly configurable
 - [Envoy proxy reference](/consul/docs/connect/proxies/envoy)
 - [Envoy API documentation](https://www.envoyproxy.io/docs/envoy/v1.17.2/api-docs/xds_protocol)
  
-You can use Consul's built-in proxy service that supports L4 network traffic, which is suitable for testing and development but not recommended for production environments. Refer to the [built-in proxy reference](/consul/docs/connect/proxies/builtin) for additional information.
+You can use Consul's built-in proxy service that supports L4 network traffic, which is suitable for testing and development but not recommended for production environments. Refer to the [built-in proxy reference](/consul/docs/connect/proxies/built-in) for additional information.
 
 ## Workflow
 
diff --git a/website/content/docs/connect/proxies/proxy-config-reference.mdx b/website/content/docs/connect/proxies/proxy-config-reference.mdx
index 93e41ad2d2cd..dc3765b8cdb5 100644
--- a/website/content/docs/connect/proxies/proxy-config-reference.mdx
+++ b/website/content/docs/connect/proxies/proxy-config-reference.mdx
@@ -1,6 +1,6 @@
 ---
 layout: docs
-page_title: Service mesh proxy configuration
+page_title: Service mesh proxy configuration reference
 description: >-
   You can register a service mesh sidecar proxy separately from the registration of the service instance it fronts. Learn about proxy configuration options and how to format them with examples.
 ---

From ebb2d638ca555b1a8bf68bbcb1c906d50bf4dec1 Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Wed, 6 Sep 2023 16:55:18 -0700
Subject: [PATCH 356/359] Reformat proxy docs refresh (#18623)

* first commit; reformat PD conf entry

* updated proxies overview page

* added Deploy SM proxy usage and removed reg index

* moved sidecar proxy usage to main proxy folder

* recast sidecar reg page as Deploy sidecar services

* fix typos

* recast SM reg as conf reference- set the sidebar

* add redirects

* fix links

* add PD conf entry usage to appropro pages

* edits to proxy conf ref

* fix links on index page

* example command to write PD conf entry

* updated links to old SM proxy reg page

* updated links to sidecar service reg page

* tryna fix front matter issues

* Apply suggestions from code review

Co-authored-by: Ronald  <roncodingenthusiast@users.noreply.github.com>

* added paragraph about SM proxies to overivew

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---
 website/content/api-docs/agent/service.mdx    |  6 +--
 website/content/api-docs/discovery-chain.mdx  | 31 ++++---------
 website/content/commands/connect/envoy.mdx    |  8 ++--
 website/content/commands/connect/proxy.mdx    |  4 +-
 .../commands/connect/redirect-traffic.mdx     |  2 +-
 .../docs/agent/config/config-files.mdx        |  8 ++--
 .../connect/cluster-peering/tech-specs.mdx    |  2 +-
 .../connect/config-entries/proxy-defaults.mdx | 40 ++++++++--------
 .../config-entries/service-defaults.mdx       |  6 +--
 .../content/docs/connect/configuration.mdx    |  2 +-
 .../docs/connect/connect-internals.mdx        |  2 +-
 .../docs/connect/distributed-tracing.mdx      |  6 +--
 .../connect/gateways/mesh-gateway/index.mdx   |  6 +--
 .../service-to-service-traffic-partitions.mdx |  6 +--
 ...ice-to-service-traffic-wan-datacenters.mdx |  6 +--
 .../connect/l7-traffic/discovery-chain.mdx    | 13 +++---
 .../docs/connect/observability/index.mdx      |  6 +--
 .../content/docs/connect/proxies/built-in.mdx |  2 +-
 .../proxies/deploy-service-mesh-proxies.mdx   | 16 ++++---
 .../proxies/deploy-sidecar-services.mdx       | 46 +++++++++----------
 .../content/docs/connect/proxies/envoy.mdx    | 30 ++++++------
 .../content/docs/connect/proxies/index.mdx    | 16 ++++---
 .../proxies/proxy-config-reference.mdx        |  2 +-
 website/content/docs/k8s/connect/health.mdx   |  2 +-
 .../services-configuration-reference.mdx      |  6 +--
 .../docs/services/discovery/dns-overview.mdx  |  2 +-
 website/content/docs/services/services.mdx    |  2 +-
 .../docs/upgrading/upgrade-specific.mdx       |  2 +-
 28 files changed, 137 insertions(+), 143 deletions(-)

diff --git a/website/content/api-docs/agent/service.mdx b/website/content/api-docs/agent/service.mdx
index 1a5122e41018..cf821c9ddf13 100644
--- a/website/content/api-docs/agent/service.mdx
+++ b/website/content/api-docs/agent/service.mdx
@@ -639,7 +639,7 @@ The `/agent/service/register` endpoint supports camel case and _snake case_ for
 
 - `Proxy` `(Proxy: nil)` - From 1.2.3 on, specifies the configuration for a
   service mesh proxy instance. This is only valid if `Kind` defines a proxy or gateway.
-  See the [Proxy documentation](/consul/docs/connect/registration/service-registration)
+  Refer to the [Service mesh proxy configuration reference](/consul/docs/connect/proxies/proxy-config-reference)
   for full details.
 
 - `Connect` `(Connect: nil)` - Specifies the
@@ -698,8 +698,8 @@ For the `Connect` field, the parameters are:
   Managed proxies (which have been deprecated since Consul v1.3.0) have been 
   [removed](/consul/docs/connect/proxies) since v1.6.0.
 - `SidecarService` `(ServiceDefinition: nil)` - Specifies an optional nested
-  service definition to register. For more information see
-  [Sidecar Service Registration](/consul/docs/connect/registration/sidecar-service).
+  service definition to register. Refer to 
+  [Deploy sidecar services](/consul/docs/connect/proxies/deploy-sidecar-services) for additional information.
 
 ### Sample Payload
 
diff --git a/website/content/api-docs/discovery-chain.mdx b/website/content/api-docs/discovery-chain.mdx
index ba222116ec65..bef03ac12ec2 100644
--- a/website/content/api-docs/discovery-chain.mdx
+++ b/website/content/api-docs/discovery-chain.mdx
@@ -57,10 +57,8 @@ The table below shows this endpoint's support for
 - `compile-dc` `(string: "")` - Specifies the datacenter to use as the basis of
   compilation. This will default to the datacenter of the agent being queried.
 
-  This value comes from an [upstream
-  configuration](/consul/docs/connect/registration/service-registration#upstream-configuration-reference)
-  [`datacenter`](/consul/docs/connect/registration/service-registration#datacenter)
-  parameter.
+  This value comes from the `datacenter` parameter in an [upstream
+  configuration](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference).
 
 - `ns` `(string: "")` <EnterpriseAlert inline /> - Specifies the source namespace you use as the basis of compilation.
   You can also [specify the namespace through other methods](#methods-to-specify-namespace).
@@ -71,11 +69,8 @@ The table below shows this endpoint's support for
   timeout](/consul/docs/connect/config-entries/service-resolver#connecttimeout) for
   any service resolved in the compiled chain.
 
-  This value comes from the `connect_timeout_ms` key in an [upstream
-  configuration](/consul/docs/connect/registration/service-registration#upstream-configuration-reference)
-  opaque
-  [`config`](/consul/docs/connect/registration/service-registration#config-1)
-  parameter.
+  This value comes from the `connect_timeout_ms` key in the opaque `config` field of the [upstream
+  configuration](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference).
 
 - `OverrideProtocol` `(string: "")` - Overrides the final
   [protocol](/consul/docs/connect/config-entries/service-defaults#protocol) used in
@@ -86,23 +81,17 @@ The table below shows this endpoint's support for
   would be L7 and TCP is passed here the chain will not include Routers or
   Splitters.
 
-  This value comes from the `protocol` key in an [upstream
-  configuration](/consul/docs/connect/registration/service-registration#upstream-configuration-reference)
-  opaque
-  [`config`](/consul/docs/connect/registration/service-registration#config-1)
-  parameter.
+  This value comes from the `protocol` key in an opaque `config` field of the [upstream
+  configuration](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference).
 
 - `OverrideMeshGateway` `(MeshGatewayConfig: <optional>)` - Overrides the final
   [mesh gateway configuration](/consul/docs/connect/gateways/mesh-gateway#connect-proxy-configuration)
   for this any service resolved in the compiled chain.
 
-  This value comes from either the [proxy
-  configuration](/consul/docs/connect/registration/service-registration#complete-configuration-example)
-  [`mesh_gateway`](/consul/docs/connect/registration/service-registration#mesh_gateway)
-  parameter or an [upstream
-  configuration](/consul/docs/connect/registration/service-registration#upstream-configuration-reference)
-  [`mesh_gateway`](/consul/docs/connect/registration/service-registration#mesh_gateway-1)
-  parameter. If both are present the value defined on the upstream is used.
+  This value comes from the `mesh_gateway` parameter in either the [proxy
+  configuration](/consul/docs/connect/proxies/proxy-config-reference#proxy-parameters) or [upstream
+  configuration](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference)
+  If both parameters are configured, Consul uses the value defined on the upstream.
 
   - `Mode` `(string: "")` - One of `none`, `local`, or `remote`.
 
diff --git a/website/content/commands/connect/envoy.mdx b/website/content/commands/connect/envoy.mdx
index bb2cc5d77e81..aa2de2e35bf8 100644
--- a/website/content/commands/connect/envoy.mdx
+++ b/website/content/commands/connect/envoy.mdx
@@ -36,7 +36,7 @@ Usage: `consul connect envoy [options] [-- pass-through options]`
 
 #### Envoy Options for both Sidecars and Gateways
 
-- `-proxy-id` - The [proxy service](/consul/docs/connect/registration/service-registration) ID.
+- `-proxy-id` - The [proxy service](/consul/docs/connect/proxies/proxy-config-reference) ID.
   This service ID must already be registered with the local agent unless a gateway is being
   registered with the `-register` flag. As of Consul 1.8.0, this can also be
   specified via the `CONNECT_PROXY_ID` environment variable.
@@ -133,7 +133,7 @@ compatibility with Envoy and prevent potential issues. Default is `false`.
 - `-sidecar-for` - The _ID_ (not name if they differ) of the service instance
   this proxy will represent. The target service doesn't need to exist on the
   local agent yet but a [sidecar proxy
-  registration](/consul/docs/connect/registration/service-registration) with
+  registration](/consul/docs/proxies/deploy-sidecar-services) with
   `proxy.destination_service_id` equal to the passed value must be present. If
   multiple proxy registrations targeting the same local service instance are
   present the command will error and `-proxy-id` should be used instead.
@@ -225,9 +225,9 @@ proxy configuration needed.
 
 ## Examples
 
-Assume a local service instance is registered on the local agent with a
+In the following examples, a local service instance is registered on the local agent with a
 sidecar proxy (using the [sidecar service
-registration](/consul/docs/connect/registration/service-registration) helper) as below.
+registration](/consul/docs/connect/proxies/deploy-sidecar-services) helper):
 
 ```hcl
 service {
diff --git a/website/content/commands/connect/proxy.mdx b/website/content/commands/connect/proxy.mdx
index db3192dbee4f..0a4571df5f9e 100644
--- a/website/content/commands/connect/proxy.mdx
+++ b/website/content/commands/connect/proxy.mdx
@@ -24,14 +24,14 @@ Usage: `consul connect proxy [options]`
 - `-sidecar-for` - The _ID_ (not name if they differ) of the service instance
   this proxy will represent. The target service doesn't need to exist on the
   local agent yet but a [sidecar proxy
-  registration](/consul/docs/connect/registration/service-registration) with
+  registration](/consul/docs/connect/proxies/deploy-sidecar-services) with
   `proxy.destination_service_id` equal to the passed value must be present. If
   multiple proxy registrations targeting the same local service instance are
   present the command will error and `-proxy-id` should be used instead.
   This can also be specified via the `CONNECT_SIDECAR_FOR` environment variable.
 
 - `-proxy-id` - The [proxy
-  service](/consul/docs/connect/registration/service-registration) ID on the
+  service](/consul/docs/connect/proxies/proxy-config-reference) ID on the
   local agent. This must already be present on the local agent. This option
   can also be specified via the `CONNECT_PROXY_ID` environment variable.
 
diff --git a/website/content/commands/connect/redirect-traffic.mdx b/website/content/commands/connect/redirect-traffic.mdx
index 44decfef4071..af59baee56b7 100644
--- a/website/content/commands/connect/redirect-traffic.mdx
+++ b/website/content/commands/connect/redirect-traffic.mdx
@@ -38,7 +38,7 @@ Usage: `consul connect redirect-traffic [options]`
 
 - `-consul-dns-port` - The port of the Consul DNS resolver. If provided, DNS queries will be redirected to the provided IP address for name resolution.
 
-- `-proxy-id` - The [proxy service](/consul/docs/connect/registration/service-registration) ID.
+- `-proxy-id` - The [proxy service](/consul/docs/connect/proxies/proxy-config-reference) ID.
   This service ID must already be registered with the local agent.
 
 - `-proxy-inbound-port` - The inbound port that the proxy is listening on.
diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx
index a2ca9083b89a..03c8b5ec7cee 100644
--- a/website/content/docs/agent/config/config-files.mdx
+++ b/website/content/docs/agent/config/config-files.mdx
@@ -637,16 +637,16 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
   - `server` ((#server_rpc_port)) - Server RPC address. Default 8300. TCP
     only.
   - `sidecar_min_port` ((#sidecar_min_port)) - Inclusive minimum port number
-    to use for automatically assigned [sidecar service registrations](/consul/docs/connect/registration/sidecar-service).
+    to use for automatically assigned [sidecar service registrations](/consul/docs/connect/proxies/deploy-sidecar-services).
     Default 21000. Set to `0` to disable automatic port assignment.
   - `sidecar_max_port` ((#sidecar_max_port)) - Inclusive maximum port number
-    to use for automatically assigned [sidecar service registrations](/consul/docs/connect/registration/sidecar-service).
+    to use for automatically assigned [sidecar service registrations](/consul/docs/connect/proxies/deploy-sidecar-services).
     Default 21255. Set to `0` to disable automatic port assignment.
   - `expose_min_port` ((#expose_min_port)) - Inclusive minimum port number
-    to use for automatically assigned [exposed check listeners](/consul/docs/connect/registration/service-registration#expose-paths-configuration-reference).
+    to use for automatically assigned [exposed check listeners](/consul/docs/connect/proxies/proxy-config-reference#expose-paths-configuration-reference).
     Default 21500. Set to `0` to disable automatic port assignment.
   - `expose_max_port` ((#expose_max_port)) - Inclusive maximum port number
-    to use for automatically assigned [exposed check listeners](/consul/docs/connect/registration/service-registration#expose-paths-configuration-reference).
+    to use for automatically assigned [exposed check listeners](/consul/docs/connect/proxies/proxy-config-reference#expose-paths-configuration-reference).
     Default 21755. Set to `0` to disable automatic port assignment.
 
 - `primary_datacenter` - This designates the datacenter
diff --git a/website/content/docs/connect/cluster-peering/tech-specs.mdx b/website/content/docs/connect/cluster-peering/tech-specs.mdx
index 8fe2794416b3..36c7dc9d9130 100644
--- a/website/content/docs/connect/cluster-peering/tech-specs.mdx
+++ b/website/content/docs/connect/cluster-peering/tech-specs.mdx
@@ -64,7 +64,7 @@ Refer to [mesh gateway modes](/consul/docs/connect/gateways/mesh-gateway#modes)
 
 The Envoy proxies that function as sidecars in your service mesh require configuration in order to properly route traffic to peers. Sidecar proxies are defined in the [service definition](/consul/docs/services/usage/define-services).
 
-- Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and peer. Refer to the [`upstreams`](/consul/docs/connect/registration/service-registration#upstream-configuration-reference) documentation for details.
+- Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and peer. Refer to the [`upstreams`](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference) documentation for details.
 - The `proxy.upstreams.destination_name` parameter is always required.
 - The `proxy.upstreams.destination_peer` parameter must be configured to enable cross-cluster traffic.
 - The `proxy.upstream/destination_namespace` configuration is only necessary if the destination service is in a non-default namespace.
diff --git a/website/content/docs/connect/config-entries/proxy-defaults.mdx b/website/content/docs/connect/config-entries/proxy-defaults.mdx
index 05e5de30f7e8..f2bd2c9ce513 100644
--- a/website/content/docs/connect/config-entries/proxy-defaults.mdx
+++ b/website/content/docs/connect/config-entries/proxy-defaults.mdx
@@ -330,7 +330,7 @@ Specifies an arbitrary map of configuration values used by service mesh proxies.
 #### Values
 
 - Default: None
-- Data type: Map of 
+- Data type: Map
 
 ### `EnvoyExtensions`
 
@@ -339,7 +339,7 @@ Specifies a list of extensions that modify Envoy proxy configurations. Refer to
 #### Values
 
 - Default: None
-- Data type: Map of containing the following fields:
+- Data type: List of maps containing the following fields:
    - `Name`
    - `Required`
    - `Arguments`
@@ -371,7 +371,7 @@ Specifies a mode for how proxies direct inbound and outbound traffic. You can sp
 
 ### `TransparentProxy`
 
-Contains configurations for proxies that are running in transparent proxy mode. Refer to [Transparent proxy mode](/consul/docs/k8s/connect/transparent-proxy) for additional information. 
+Contains configurations for proxies that are running in transparent proxy mode. This mode enables permissive mTLS for Consul so that you can use your Kubernetes cluster's DNS service instead of Consul DNS. Refer to [Transparent proxy mode](/consul/docs/k8s/connect/transparent-proxy) for additional information. 
 
 #### Values
 
@@ -384,8 +384,8 @@ The following table describes how to configure values in the `TransparentProxy`
 
 | Parameter | Description | Data type | Default |
 | ---       | ---         | ---       | ---     |
-| `OutboundListenerPort` | Specifies the port that the proxy listens on for outbound traffic. Outbound application traffic must be  captured and redirected to this port. | Integer | `15001` |
-| `DialedDirectly` | Determines whether other proxies in transparent mode can directly dial this proxy instance's IP address. Proxies in transparent mode commonly dial upstreams at the [`virtual`](/consul/docs/services/configuration/services-configuration-reference#tagged_addresses-virtual) tagged address, which load balances across instances. Dialing individual instances can be helpful when sending requests to stateful services, such as database clusters with a leader. | Boolean | `false` |
+| `OutboundListenerPort` | Specifies the port that the proxy listens on for outbound traffic. Outbound application traffic must be captured and redirected to this port. | Integer | `15001` |
+| `DialedDirectly` | Determines whether other proxies in transparent mode can directly dial this proxy instance's IP address. Proxies in transparent mode commonly dial upstreams at the [`virtual` tagged address](/consul/docs/services/configuration/services-configuration-reference#tagged_addresses-virtual), which load balances across instances. Dialing individual instances can be helpful when sending requests to stateful services, such as database clusters with a leader. | Boolean | `false` |
 
 ### `MutualTLSMode`
 
@@ -431,14 +431,14 @@ Example use-cases include exposing the `/metrics` endpoint to a monitoring syste
 
 ### `Expose{}.Checks`
 
-Exposes all HTTP and gRPC checks registered with the agent when set to `true`. Envoy exposes listeners for the checks and only accepts connections originating from localhost or Consul's [`advertise_addr`](/consul/docs/agent/config/config-files#advertise). The ports for the listeners are dynamically allocated from the agent's [`expose_min_port`](/consul/docs/agent/config/config-files#expose_min_port) and [`expose_max_port`](/consul/docs/agent/config/config-files#expose_max_port) configurations.
+Exposes all HTTP and gRPC checks registered with the agent when set to `true`. Envoy exposes listeners for the checks and only accepts connections originating from localhost or the [Consul agent's `advertise_addr`](/consul/docs/agent/config/config-files#advertise). The ports for the listeners are dynamically allocated from the [agent's `expose_min_port`](/consul/docs/agent/config/config-files#expose_min_port) and [`expose_max_port`](/consul/docs/agent/config/config-files#expose_max_port) configurations.
 
-We recommend enabling the `Checks` configuration when a Consul client cannot reach registered services over localhost, such as when Consul agents run in their own pods in Kubernetes.
+We recommend enabling the `Checks` configuration when a Consul client cannot reach registered services over localhost.
 
 #### Values
 
 - Default: `false`
-- Data type: boolean
+- Data type: Boolean
 
 ### `Expose{}.Paths[]`
 
@@ -447,7 +447,7 @@ Specifies a list of configuration maps that define paths to expose through Envoy
 #### Values
 
 - Default: None
-- Data type: List of maps. 
+- Data type: List of maps 
 
 The following table describes the parameters for each map you can define in the list:
 
@@ -571,7 +571,7 @@ Specifies a list of extensions that modify Envoy proxy configurations. Refer to
 #### Values
 
 - Default: None
-- Data type: Map of containing the following fields:
+- Data type: List of maps of containing the following fields:
    - `name`
    - `required`
    - `arguments`
@@ -593,6 +593,7 @@ The following table describes how to configure values in the `EnvoyExtensions` m
 Specifies a mode for how proxies direct inbound and outbound traffic. You can specify one of the following values:
 
 - `transparent`: In transparent mode, proxies capture and redirect inbound and outbound traffic. The mode does not enable traffic redirection, but directs Consul to configure Envoy as if traffic is already being redirected. 
+
 - `direct`: In this mode, the local application and other proxies must directly dial proxy listeners. 
 
 #### Values
@@ -602,7 +603,7 @@ Specifies a mode for how proxies direct inbound and outbound traffic. You can sp
 
 ### `spec.transparentProxy`
 
-Contains configurations for proxies that are running in transparent proxy mode. Refer to [Transparent proxy mode](/consul/docs/k8s/connect/transparent-proxy) for additional information. 
+Contains configurations for proxies that are running in transparent proxy mode. This mode enables permissive mTLS for Consul so that you can use your Kubernetes cluster's DNS service instead of Consul DNS. Refer to [Transparent proxy mode](/consul/docs/k8s/connect/transparent-proxy) for additional information. 
 
 #### Values
 
@@ -615,8 +616,8 @@ The following table describes how to configure values in the `TransparentProxy`
 
 | Parameter | Description | Data type | Default |
 | ---       | ---         | ---       | ---     |
-| `outboundListenerPort` | Specifies the port that the proxy listens on for outbound traffic. Outbound application traffic must be  captured and redirected to this port. | Integer | `15001` |
-| `dialedDirectly` | Determines whether other proxies in transparent mode can directly dial this proxy instance's IP address. Proxies in transparent mode commonly dial upstreams at the [`virtual`](/consul/docs/services/configuration/services-configuration-reference#tagged_addresses-virtual) tagged address, which load balances across instances. Dialing individual instances can be helpful when sending requests to stateful services, such as database clusters with a leader. | Boolean | `false` |
+| `outboundListenerPort` | Specifies the port that the proxy listens on for outbound traffic. Outbound application traffic must be captured and redirected to this port. | Integer | `15001` |
+| `dialedDirectly` | Determines whether other proxies in transparent mode can directly dial this proxy instance's IP address. Proxies in transparent mode commonly dial upstreams at the [`virtual` tagged address](/consul/docs/services/configuration/services-configuration-reference#tagged_addresses-virtual), which load balances across instances. Dialing individual instances can be helpful when sending requests to stateful services, such as database clusters with a leader. | Boolean | `false` |
 
 ### `spec.mutualTLSMode`
 
@@ -662,14 +663,14 @@ Example use-cases include exposing the `/metrics` endpoint to a monitoring syste
 
 ### `spec.expose{}.checks`
 
-Exposes all HTTP and gRPC checks registered with the agent when set to `true`. Envoy exposes listeners for the checks and only accepts connections originating from localhost or Consul's [`advertise_addr`](/consul/docs/agent/config/config-files#advertise). The ports for the listeners are dynamically allocated from the agent's [`expose_min_port`](/consul/docs/agent/config/config-files#expose_min_port) and [`expose_max_port`](/consul/docs/agent/config/config-files#expose_max_port) configurations.
+Exposes all HTTP and gRPC checks registered with the agent when set to `true`. Envoy exposes listeners for the checks and only accepts connections originating from localhost or the [Consul agent's `advertise_addr`](/consul/docs/agent/config/config-files#advertise). The ports for the listeners are dynamically allocated from the [agent's `expose_min_port`](/consul/docs/agent/config/config-files#expose_min_port) and [`expose_max_port`](/consul/docs/agent/config/config-files#expose_max_port) configurations.
 
 We recommend enabling the `Checks` configuration when a Consul client cannot reach registered services over localhost, such as when Consul agents run in their own pods in Kubernetes.
 
 #### Values
 
 - Default: `false`
-- Data type: boolean
+- Data type: Boolean
 
 ### `spec.expose{}.paths[]`
 
@@ -727,6 +728,7 @@ The following table describes the parameters you can define in the `accessLogs`
 
 </Tabs>
 
+
 ## Examples
 
 The following examples demonstrate common patterns for configuring proxy defaults configuration entries.
@@ -750,7 +752,7 @@ Config {
 
 #### Consul Enterprise
 
-For Consul Enterprise, you can only create the configuration entry in the `default` namespace. The namepace configuration applies to proxies in all namespaces.
+When using multiple namespaces with Consul Enterprise, the only configuration entry that affects proxy defaults is the one in the `default` namespace. This configuration applies to proxies in all namespaces.
 
 ```hcl
 Kind      = "proxy-defaults"
@@ -778,7 +780,7 @@ spec:
 
 #### Consul Enterprise
 
-For Consul Enterprise, you can only create the configuration entry in the `default` namespace. The namepace configuration applies to proxies in all namespaces.
+When using multiple namespaces with Consul Enterprise, the only configuration entry that affects proxy defaults is the one in the `default` namespace. This configuration applies to proxies in all namespaces.
 
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
@@ -808,7 +810,7 @@ spec:
 ```
 #### Consul Enterprise
 
-For Consul Enterprise, you can only create the configuration entry in the `default` namespace. The namepace configuration applies to proxies in all namespaces.
+When using multiple namespaces with Consul Enterprise, the only configuration entry that affects proxy defaults is the one in the `default` namespace. This configuration applies to proxies in all namespaces.
 
 ```json
 {
@@ -875,7 +877,7 @@ spec:
 
 ### Access Logs
 
-The following example enables access logs for all proxies. efer to [access logs](/consul/docs/connect/observability/access-logs) for more detailed examples.
+The following example enables access logs for all proxies. Refer to [access logs](/consul/docs/connect/observability/access-logs) for more detailed examples.
 
 <Tabs>
 <Tab heading="HCL" group="hcl">
diff --git a/website/content/docs/connect/config-entries/service-defaults.mdx b/website/content/docs/connect/config-entries/service-defaults.mdx
index 648271c684c9..df7141a87411 100644
--- a/website/content/docs/connect/config-entries/service-defaults.mdx
+++ b/website/content/docs/connect/config-entries/service-defaults.mdx
@@ -778,7 +778,7 @@ Specifies the TLS server name indication (SNI) when federating with an external
 
 ### `Expose`
 
-Specifies default configurations for exposing HTTP paths through Envoy. Exposing paths through Envoy enables services to listen on localhost only. Applications that are not Consul service mesh-enabled can still contact an HTTP endpoint. Refer to [Expose Paths Configuration Reference](/consul/docs/connect/registration/service-registration#expose-paths-configuration-reference) for additional information and example configurations.
+Specifies default configurations for exposing HTTP paths through Envoy. Exposing paths through Envoy enables services to listen on `localhost` only. Applications that are not Consul service mesh-enabled can still contact an HTTP endpoint. Refer to [Expose Paths Configuration Reference](/consul/docs/proxies/proxy-config-reference#expose-paths-configuration-reference) for additional information and example configurations.
 
 - Default: none
 - Data type: map
@@ -1198,7 +1198,7 @@ Specifies the TLS server name indication (SNI) when federating with an external
 
 ### `spec.expose`
 
-Specifies default configurations for exposing HTTP paths through Envoy. Exposing paths through Envoy enables services to listen on localhost only. Applications that are not Consul service mesh-enabled can still contact an HTTP endpoint. Refer to [Expose Paths Configuration Reference](/consul/docs/connect/registration/service-registration#expose-paths-configuration-reference) for additional information and example configurations.
+Specifies default configurations for exposing HTTP paths through Envoy. Exposing paths through Envoy enables services to listen on `localhost` only. Applications that are not Consul service mesh-enabled can still contact an HTTP endpoint. Refer to [Expose Paths Configuration Reference](/consul/docs/connect/proxies/proxy-config-reference#expose-paths-configuration-reference) for additional information and example configurations.
 
 #### Values
 
@@ -2053,7 +2053,7 @@ represents a location outside the Consul cluster. Services can dial destinations
       name: 'Expose',
       type: 'ExposeConfig: <optional>',
       description: `Controls the default
-                      [expose path configuration](/consul/docs/connect/registration/service-registration#expose-paths-configuration-reference)
+                      [expose path configuration](/consul/docs/connect/proxies/proxy-config-reference#expose-paths-configuration-reference)
                       for Envoy. Added in v1.6.2.<br><br>
                       Exposing paths through Envoy enables a service to protect itself by only listening on localhost, while still allowing
                       non-mesh-enabled applications to contact an HTTP endpoint.
diff --git a/website/content/docs/connect/configuration.mdx b/website/content/docs/connect/configuration.mdx
index 5edf02886ba1..0ce7230ab2ef 100644
--- a/website/content/docs/connect/configuration.mdx
+++ b/website/content/docs/connect/configuration.mdx
@@ -78,7 +78,7 @@ needed for a secure deployment.
 ## Centralized proxy and service configuration
 
 If your network contains many instances of the same service and many colocated sidecar proxies, you can specify global settings for proxies or services in [Configuration Entries](/consul/docs/agent/config-entries). You can override the centralized configurations for individual proxy instances in their
-[sidecar service definitions](/consul/docs/connect/registration/sidecar-service),
+[sidecar service definitions](/consul/docs/connect/proxies/deploy-sidecar-services),
 and the default protocols for service instances in their [service
 definitions](/consul/docs/services/usage/define-services).
 
diff --git a/website/content/docs/connect/connect-internals.mdx b/website/content/docs/connect/connect-internals.mdx
index 73a3cc1e8980..99541f012c3b 100644
--- a/website/content/docs/connect/connect-internals.mdx
+++ b/website/content/docs/connect/connect-internals.mdx
@@ -97,7 +97,7 @@ a long period of inactivity (3 days by default), the cache will empty itself.
 
 ## Connections Across Datacenters
 
-A sidecar proxy's [upstream configuration](/consul/docs/connect/registration/service-registration#upstream-configuration-reference)
+A sidecar proxy's [upstream configuration](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference)
 may specify an alternative datacenter or a prepared query that can address services
 in multiple datacenters (such as the [geo failover](/consul/tutorials/developer-discovery/automate-geo-failover) pattern).
 
diff --git a/website/content/docs/connect/distributed-tracing.mdx b/website/content/docs/connect/distributed-tracing.mdx
index 939cde52d5a5..9b74a612579c 100644
--- a/website/content/docs/connect/distributed-tracing.mdx
+++ b/website/content/docs/connect/distributed-tracing.mdx
@@ -145,9 +145,9 @@ spec:
 
 </CodeTabs>
 
--> **NOTE:** This example uses a [proxy defaults](/consul/docs/connect/config-entries/proxy-defaults) config entry which will apply to all proxies
-but you can also apply this config in the
-[proxy service registration](/consul/docs/connect/registration/service-registration#proxy-parameters) (not supported on Kubernetes).
+-> **NOTE:** This example uses a [proxy defaults](/consul/docs/connect/config-entries/proxy-defaults) configuration entry, which applies to all proxies,
+but you can also apply the configuration in the
+[`proxy` block of your service configuration](/consul/docs/connect/proxies/proxy-config-reference#proxy-parameters). The proxy service registration is not supported on Kubernetes.
 
 Within the config there are two keys you need to customize:
 
diff --git a/website/content/docs/connect/gateways/mesh-gateway/index.mdx b/website/content/docs/connect/gateways/mesh-gateway/index.mdx
index 6faec5e9e760..17821edf531f 100644
--- a/website/content/docs/connect/gateways/mesh-gateway/index.mdx
+++ b/website/content/docs/connect/gateways/mesh-gateway/index.mdx
@@ -48,7 +48,7 @@ Sidecar proxies that do not send upstream traffic through a gateway are not affe
 Configure the following settings to register the mesh gateway as a service in Consul.
 
 * Specify `mesh-gateway` in the `kind` field to register the gateway with Consul.
-* Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and datacenter. Refer to the [`upstreams` documentation](/consul/docs/connect/registration/service-registration#upstream-configuration-reference) for details. The service `proxy.upstreams.destination_name` is always required. The `proxy.upstreams.datacenter` must be configured to enable cross-datacenter traffic. The `proxy.upstreams.destination_namespace` configuration is only necessary if the destination service is in a different namespace.
+* Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and datacenter. Refer to the [`upstreams` documentation](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference) for details. The service `proxy.upstreams.destination_name` is always required. The `proxy.upstreams.datacenter` must be configured to enable cross-datacenter traffic. The `proxy.upstreams.destination_namespace` configuration is only necessary if the destination service is in a different namespace.
 * Define the `Proxy.Config` settings using opaque parameters compatible with your proxy (i.e., Envoy). For Envoy, refer to the [Gateway Options](/consul/docs/connect/proxies/envoy#gateway-options) and [Escape-hatch Overrides](/consul/docs/connect/proxies/envoy#escape-hatch-overrides) documentation for additional configuration information.
 * If ACLs are enabled, a token granting `service:write` for the gateway's service name and `service:read` for all services in the datacenter or partition must be added to the gateway's service definition. These permissions authorize the token to route communications for other Consul service mesh services, but does not allow decrypting any of their communications.
 
@@ -127,8 +127,8 @@ Name: web
 
 ### Enabling Gateways for a Service Instance
 
-The following [Proxy Service Registration](/consul/docs/connect/registration/service-registration)
-definition will enable gateways for the service instance in the `remote` mode.
+The following [proxy service configuration](/consul/docs/connect/proxies/deploy-service-mesh-proxies)
+ enables gateways for the service instance in the `remote` mode.
 
 <CodeTabs heading="Example: Enabling gateways for a service instance.">
 
diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx
index 4e269d00fd48..22a4e9d9b8f7 100644
--- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx
+++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-partitions.mdx
@@ -43,7 +43,7 @@ Sidecar proxies that do not send upstream traffic through a gateway are not affe
 Configure the following settings to register the mesh gateway as a service in Consul.
 
 * Specify `mesh-gateway` in the `kind` field to register the gateway with Consul.
-* Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and partition. Refer to the [`upstreams` documentation](/consul/docs/connect/registration/service-registration#upstream-configuration-reference) for details. The service `proxy.upstreams.destination_name` is always required. The `proxy.upstreams.destination_partition` must be configured to enable cross-partition traffic. The `proxy.upstreams.destination_namespace` configuration is only necessary if the destination service is in a different namespace.
+* Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and partition. Refer to the [`upstreams` documentation](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference) for details. The service `proxy.upstreams.destination_name` is always required. The `proxy.upstreams.destination_partition` must be configured to enable cross-partition traffic. The `proxy.upstreams.destination_namespace` configuration is only necessary if the destination service is in a different namespace.
 * Configure the `exported-services` configuration entry to enable Consul to export services contained in an admin partition to one or more additional partitions. Refer to the [Exported Services documentation](/consul/docs/connect/config-entries/exported-services) for details.
 * Define the `Proxy.Config` settings using opaque parameters compatible with your proxy, i.e., Envoy. For Envoy, refer to the [Gateway Options](/consul/docs/connect/proxies/envoy#gateway-options) and [Escape-hatch Overrides](/consul/docs/connect/proxies/envoy#escape-hatch-overrides) documentation for additional configuration information.
 * If ACLs are enabled, a token granting `service:write` for the gateway's service name and `service:read` for all services in the datacenter or partition must be added to the gateway's service definition. These permissions authorize the token to route communications for other Consul service mesh services, but does not allow decrypting any of their communications.
@@ -121,8 +121,8 @@ Name: web
 
 ### Enabling Gateways for a Service Instance
 
-The following [Proxy Service Registration](/consul/docs/connect/registration/service-registration)
-definition will enable gateways for `web` service instances in the `finance` partition.
+The following [proxy service configuration](/consul/docs/connect/proxies/deploy-service-mesh-proxies)
+enables gateways for `web` service instances in the `finance` partition.
 
 <CodeTabs heading="Example: Enabling gateways for a service instance.">
 
diff --git a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters.mdx b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters.mdx
index 5a764c437248..dc017e0af232 100644
--- a/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters.mdx
+++ b/website/content/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters.mdx
@@ -57,7 +57,7 @@ Sidecar proxies that do not send upstream traffic through a gateway are not affe
 Configure the following settings to register the mesh gateway as a service in Consul.
 
 * Specify `mesh-gateway` in the `kind` field to register the gateway with Consul.
-* Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and datacenter. Refer to the [`upstreams` documentation](/consul/docs/connect/registration/service-registration#upstream-configuration-reference) for details. The service `proxy.upstreams.destination_name` is always required. The `proxy.upstreams.datacenter` must be configured to enable cross-datacenter traffic. The `proxy.upstreams.destination_namespace` configuration is only necessary if the destination service is in a different namespace.
+* Configure the `proxy.upstreams` parameters to route traffic to the correct service, namespace, and datacenter. Refer to the [`upstreams` documentation](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference) for details. The service `proxy.upstreams.destination_name` is always required. The `proxy.upstreams.datacenter` must be configured to enable cross-datacenter traffic. The `proxy.upstreams.destination_namespace` configuration is only necessary if the destination service is in a different namespace.
 * Define the `Proxy.Config` settings using opaque parameters compatible with your proxy (i.e., Envoy). For Envoy, refer to the [Gateway Options](/consul/docs/connect/proxies/envoy#gateway-options) and [Escape-hatch Overrides](/consul/docs/connect/proxies/envoy#escape-hatch-overrides) documentation for additional configuration information.
 * If ACLs are enabled, a token granting `service:write` for the gateway's service name and `service:read` for all services in the datacenter or partition must be added to the gateway's service definition. These permissions authorize the token to route communications for other Consul service mesh services, but does not allow decrypting any of their communications.
 
@@ -137,8 +137,8 @@ Name: web
 
 ### Enabling Gateways for a Service Instance
 
-The following [Proxy Service Registration](/consul/docs/connect/registration/service-registration)
-definition will enable gateways for the service instance in the `remote` mode.
+The following [proxy service configuration](/consul/docs/connect/proxies/deploy-service-mesh-proxies)
+enables gateways for the service instance in the `remote` mode.
 
 <CodeTabs heading="Example: Enabling gateways for a service instance.">
 
diff --git a/website/content/docs/connect/l7-traffic/discovery-chain.mdx b/website/content/docs/connect/l7-traffic/discovery-chain.mdx
index ae7582509c99..b7ee4e975ef8 100644
--- a/website/content/docs/connect/l7-traffic/discovery-chain.mdx
+++ b/website/content/docs/connect/l7-traffic/discovery-chain.mdx
@@ -59,11 +59,10 @@ various configuration entries interact in more complex ways. For example:
   [`proxy-defaults`](/consul/docs/connect/config-entries/proxy-defaults) config
   entry. Violations must be rejected as invalid.
 
-- If an [upstream
-  configuration](/consul/docs/connect/registration/service-registration#upstream-configuration-reference)
-  [`datacenter`](/consul/docs/connect/registration/service-registration#datacenter)
-  parameter is defined then any configuration entry that does not explicitly
-  refer to a desired datacenter should use that value from the upstream.
+- When an [upstream
+  configuration](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference)
+  `datacenter` parameter is defined, any configuration entry that does not explicitly
+  refer to a desired datacenter uses the value defined in the upstream.
 
 ## Compilation
 
@@ -80,9 +79,9 @@ API](/consul/api-docs/discovery-chain).
 - **Datacenter** - The datacenter to use as the basis of compilation.
 - **Overrides** - Discovery-time tweaks to apply when compiling. These should
   be derived from either the
-  [proxy](/consul/docs/connect/registration/service-registration#complete-configuration-example)
+  [proxy](/consul/docs/connect/proxies/proxy-config-reference#complete-configuration-example)
   or
-  [upstream](/consul/docs/connect/registration/service-registration#upstream-configuration-reference)
+  [upstream](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference)
   configurations if either are set.
 
 ### Compilation Results
diff --git a/website/content/docs/connect/observability/index.mdx b/website/content/docs/connect/observability/index.mdx
index 35db2edd4b49..95dce806a0ab 100644
--- a/website/content/docs/connect/observability/index.mdx
+++ b/website/content/docs/connect/observability/index.mdx
@@ -44,7 +44,7 @@ Find other possible metrics syncs in the [Envoy documentation](/consul/docs/conn
 ### Service protocol
 
 You can specify the [`protocol`](/consul/docs/connect/config-entries/service-defaults#protocol)
-for all service instances in the `service-defaults` configuration entry. You can also override the default protocol when defining and registering proxies in a service definition file. Refer to [Expose Paths Configuration Reference](/consul/docs/connect/registration/service-registration#expose-paths-configuration-reference) for additional information. 
+for all service instances in the `service-defaults` configuration entry. You can also override the default protocol when defining and registering proxies in a service definition file. Refer to [Expose Paths Configuration Reference](/consul/docs/connect/proxies/proxy-config-reference#expose-paths-configuration-reference) for additional information. 
 
 By default, proxies only provide L4 metrics. 
 Defining the protocol allows proxies to handle requests at the L7
@@ -54,5 +54,5 @@ load balancing and routing decisions.
 ### Service upstreams
 
 You can set the upstream for each service using the proxy's
-[`upstreams`](/consul/docs/connect/registration/service-registration#upstreams)
-sidecar parameter, which can be defined in a service's [sidecar registration](/consul/docs/connect/registration/sidecar-service).
+[`upstreams`](/consul/docs/connect/proxies/proxy-config-reference#upstreams)
+sidecar parameter, which can be defined in a service's [sidecar registration](/consul/docs/connect/proxies/deploy-sidecar-services).
diff --git a/website/content/docs/connect/proxies/built-in.mdx b/website/content/docs/connect/proxies/built-in.mdx
index c393d4648a89..1bfd943db7fb 100644
--- a/website/content/docs/connect/proxies/built-in.mdx
+++ b/website/content/docs/connect/proxies/built-in.mdx
@@ -77,7 +77,7 @@ All fields are optional with a reasonable default.
 - `upstreams`- **Deprecated** Upstreams are now specified
   in the `connect.proxy` definition. Upstreams specified in the opaque config map
   here will continue to work for compatibility but it's strongly recommended that
-  you move to using the higher level [upstream configuration](/consul/docs/connect/registration/service-registration#upstream-configuration-reference).
+  you move to using the higher level [upstream configuration](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference).
 
 ## Proxy Upstream Config Key Reference
 
diff --git a/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
index 60d9cc5ab745..630da4a131de 100644
--- a/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
+++ b/website/content/docs/connect/proxies/deploy-service-mesh-proxies.mdx
@@ -1,4 +1,4 @@
---- 
+---
 layout: docs
 page_title: Deploy service mesh proxies
 description: >- 
@@ -7,7 +7,9 @@ description: >-
 
 # Deploy service mesh proxies services
 
-This topic describes how to create, register, and start service mesh proxies in Consul. Refer to [Service mesh proxies overview](/consul/docs/connect/proxies) for additional information about how proxies enable Consul functionalities. For information about deployed sidecar proxies, refer to [Deploy sidecar proxy services](/consul/docs/connect/proxies/deploy-sidecar-services).
+This topic describes how to create, register, and start service mesh proxies in Consul. Refer to [Service mesh proxies overview](/consul/docs/connect/proxies) for additional information about how proxies enable Consul functionalities. 
+
+For information about deploying proxies as sidecars for service instances, refer to [Deploy sidecar proxy services](/consul/docs/connect/proxies/deploy-sidecar-services).
 
 ## Overview
 
@@ -16,21 +18,21 @@ Complete the following steps to deploy a service mesh proxy:
 1. It is not required, but you can create a proxy defaults configuration entry that contains global passthrough settings for all Envoy proxies. 
 1. Create a service definition file and specify the proxy configurations in the `proxy` block.
 1. Register the service using the API or CLI.
-1. Start the proxy service. 
+1. Start the proxy service. Proxies appear in the list of services registered to Consul, but they must be started before they begin to route traffic in your service mesh.
 
 ## Requirements
 
-If [ACLs](/consul/docs/security/acl) are enabled and you want to configure global Envoy settings in the [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults), you must present a token with `operator:write` permissions. Refer to [Create a service token](/consul/docs/security/acl/tokens/create/create-a-service-token) for additional information.
+If ACLs are enabled and you want to configure global Envoy settings using the [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults), you must present a token with `operator:write` permissions. Refer to [Create a service token](/consul/docs/security/acl/tokens/create/create-a-service-token) for additional information.
 
 ## Configure global Envoy passthrough settings
 
-If you want to define global passthrough settings for all Envoy proxies, create a proxy defaults configuration entry and specify default settings, such as access log configuration. [Service defaults configuration entries](/consul/docs/connect/config-entries/service-defaults) override proxy defaults and individual service configurations override both configuration entries.
+If you want to define global passthrough settings for all Envoy proxies, create a proxy defaults configuration entry and specify default settings, such as access log configuration. Note that [service defaults configuration entries](/consul/docs/connect/config-entries/service-defaults) override proxy defaults and individual service configurations override both configuration entries.
 
 1. Create a proxy defaults configuration entry and specify the following parameters:
    - `Kind`: Must be set to `proxy-defaults`
    - `Name`: Must be set to `global`
 1. Configure any additional settings you want to apply to all proxies. Refer to [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for details about all settings available in the configuraiton entry. 
-1. Apply the configuration by either calling the [`/config` API endpoint](/consul/api-docs/config) or running the [`consul config write` CLI command](/consul/commands/config/write). The following example writes a proxy defaults configuration entry from a local HCL file using the CLI:
+1. Apply the configuration by either calling the [`/config` HTTP API endpoint](/consul/api-docs/config) or running the [`consul config write` CLI command](/consul/commands/config/write). The following example writes a proxy defaults configuration entry from a local HCL file using the CLI:
 
 ```shell-session
 $ consul config write proxy-defaults.hcl
@@ -48,7 +50,7 @@ Create a service definition file and configure the following fields to define a
 
 Refer to the [Service mesh proxy configuration reference](/consul/docs/connect/proxies/proxy-config-reference) for example configurations.
 
- ## Register the service 
+## Register the service 
 
 Provide the service definition to the Consul agent to register your proxy service. You can use the same methods for registering proxy services as you do for registering application services:
  
diff --git a/website/content/docs/connect/proxies/deploy-sidecar-services.mdx b/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
index 23e7a6238aa1..8e15569b0996 100644
--- a/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
+++ b/website/content/docs/connect/proxies/deploy-sidecar-services.mdx
@@ -7,7 +7,7 @@ description: >-
 
 # Deploy sidecar services
 
-This topic describes how to create, register, and start sidecar proxy services in Consul. Refer to [Service mesh proxies overview](/consul/docs/connect/proxies) for additional information about how proxies enable Consul functionalities. For information about deploying service mesh proxies, refer to [Deploy service mesh proxies](/consul/docs/connect/proxies/deploy-service-mesh-proxies).
+This topic describes how to create, register, and start sidecar proxy services in Consul. Refer to [Service mesh proxies overview](/consul/docs/connect/proxies) for additional information about how proxies enable Consul's functions and operations. For information about deploying service mesh proxies, refer to [Deploy service mesh proxies](/consul/docs/connect/proxies/deploy-service-mesh-proxies).
 
 ## Overview
 
@@ -23,7 +23,7 @@ You can attach a sidecar proxy to a service you want to deploy to your mesh:
 
 ## Requirements
 
-If [ACLs](/consul/docs/security/acl) are enabled and you want to configure global Envoy settings in the [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults), you must present a token with `operator:write` permissions. Refer to [Create a service token](/consul/docs/security/acl/tokens/create/create-a-service-token) for additional information.
+If ACLs are enabled and you want to configure global Envoy settings in the [proxy defaults configuration entry](/consul/docs/connect/config-entries/proxy-defaults), you must present a token with `operator:write` permissions. Refer to [Create a service token](/consul/docs/security/acl/tokens/create/create-a-service-token) for additional information.
 
 ## Configure global Envoy passthrough settings
 
@@ -43,9 +43,9 @@ $ consul config write proxy-defaults.hcl
 
 Create a service definition and configure the following fields: 
 
-1. Specify a name for the service you want to attach a sidecar proxy to in the `name` field. This field is required for all services you want to register in Consul.  
-1. Specify a port number where other services registered with Consul can discover and connect to the service in the `port` field. This field is required for all services you want to register in Consul.
-1. Set the `connect` field to `{ sidecar_service: {} }`. The `{ sidecar_service: {} }` value is a macro that applies a set of default configurations that enable you to quickly implement a sidecar. Refer to [Sidecar service defaults](#sidecar-service-defaults) for additional information.
+1. `name`: Specify a name for the service you want to attach a sidecar proxy to in the `name` field. This field is required for all services you want to register in Consul.  
+1. `port`: Specify a port number where other services registered with Consul can discover and connect to the service in the `port` field. This field is required for all services you want to register in Consul.
+1. `connect`: Set the `connect` field to `{ sidecar_service: {} }`. The `{ sidecar_service: {} }` value is a macro that applies a set of default configurations that enable you to quickly implement a sidecar. Refer to [Sidecar service defaults](#sidecar-service-defaults) for additional information.
 1. Configure any additional options for your service. Refer to [Services configuration reference](/consul/docs/services/configuration/services-configuration-reference) for details. 
 
 In the following example, a service named `web` is configured with a sidecar proxy:
@@ -200,16 +200,16 @@ the `connect.sidecar_service` definition to customize the proxy registration.
 The "parent" service refers to the service definition that embeds the sidecar
 proxy.
 
-- `id` - ID defaults to being `<parent-service-id>-sidecar-proxy`. This can't
+- `id` - ID defaults to `<parent-service-id>-sidecar-proxy`. This value cannot
   be overridden as it is used to [manage the lifecycle](#lifecycle) of the
   registration.
-- `name` - Defaults to being `<parent-service-name>-sidecar-proxy`.
+- `name` - Defaults to `<parent-service-name>-sidecar-proxy`.
 - `tags` - Defaults to the tags of the parent service.
 - `meta` - Defaults to the service metadata of the parent service.
 - `port` - Defaults to being auto-assigned from a configurable
   range specified by [`sidecar_min_port`](/consul/docs/agent/config/config-files#sidecar_min_port)
   and [`sidecar_max_port`](/consul/docs/agent/config/config-files#sidecar_max_port).
-- `kind` - Defaults to `connect-proxy`. This can't be overridden currently.
+- `kind` - Defaults to `connect-proxy`. This value cannot be overridden.
 - `check`, `checks` - By default we add a TCP check on the local address and
   port for the proxy, and a [service alias
   check](/consul/docs/services/usage/checks#alias-checks) for the parent service. If either
@@ -221,7 +221,7 @@ proxy.
 
 ### Example with overwritten configurations
 
-In the following example, but the `sidecar_service` macro sets baselines configurations for the proxy, but the [proxy
+In the following example, the `sidecar_service` macro sets baselines configurations for the proxy, but the [proxy
 upstreams](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference)
 and [built-in proxy
 configuration](/consul/docs/connect/proxies/built-in) fields contain custom values:  
@@ -253,13 +253,12 @@ configuration](/consul/docs/connect/proxies/built-in) fields contain custom valu
 The following fields are not supported in the `connect.sidecar_service` block:
 
 - `id` - Sidecar services get an ID assigned and it is an error to override
-  this. This ensures the agent can correctly deregister the sidecar service
+  this value. This ID is required to ensure that the agent can correctly deregister the sidecar service
   later when the parent service is removed.
-- `kind` - Kind defaults to `connect-proxy` and there is currently no way to
-  unset this to make the registration be for a regular non-connect-proxy
-  service.
-- `connect.sidecar_service` - Service definitions can't be nested recursively.
-- `connect.native` - Currently the `kind` is fixed to `connect-proxy` and it's
+- `kind` - Kind defaults to `connect-proxy` and there is no way to
+  unset this behavior.
+- `connect.sidecar_service` - Service definitions cannot be nested recursively.
+- `connect.native` - The `kind` is fixed to `connect-proxy` and it is
   an error to register a `connect-proxy` that is also service mesh-native.
 
 ## Lifecycle
@@ -270,17 +269,16 @@ have some specific behavior around their lifecycle that makes them easier to
 work with.
 
 The agent fixes the ID of the sidecar service to be based on the parent
-service's ID. This enables the following behavior.
+service's ID, which enables the following behavior.
 
-- A service instance can _only ever have one_ sidecar service registered.
-- When re-registering via API or reloading from configuration file:
-  - If something changes in the nested sidecar service definition, the change
-    will _update_ the current sidecar registration instead of creating a new
+- A service instance can only ever have one sidecar service registered.
+- When re-registering through the HTTP API or reloading from configuration file:
+  - If something changes in the nested sidecar service definition, the update is applied to the current sidecar registration instead of creating a new
     one.
   - If a service registration removes the nested `sidecar_service` then the
-    previously registered sidecar for that service will be deregistered
+    previously registered sidecar for that service is deregistered
     automatically.
 - When reloading the configuration files, if a service definition changes its
-  ID, then a new service instance _and_ a new sidecar instance will be
-  registered. The old ones will be removed since they are no longer found in
-  the config files.
\ No newline at end of file
+  ID, then a new service instance and a new sidecar instance are
+  registered. The old instance and proxy are removed because they are no longer found in
+  the configuration files.
diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx
index 7c87842c1de9..1f3ea797b902 100644
--- a/website/content/docs/connect/proxies/envoy.mdx
+++ b/website/content/docs/connect/proxies/envoy.mdx
@@ -24,7 +24,7 @@ Consul can configure Envoy sidecars to proxy traffic over the following protocol
 
 On Consul 1.5.0 and older, Envoy proxies can only proxy TCP traffic at L4.
 
-Some [L7 features](/consul/docs/connect/l7-traffic) can be configured using [configuration entries](/consul/docs/agent/config-entries). You can add [custom Envoy configurations](#advanced-configuration) to the [proxy service definition](/consul/docs/connect/registration/service-registration) to use Envoy features that are not currently exposed through configuration entries. Adding custom Envoy configurations to the service definition is an interim solution that enables you to use the more powerful features of Envoy.
+You can configure some [L7 features](/consul/docs/connect/l7-traffic) in [configuration entries](/consul/docs/agent/config-entries). You can add [custom Envoy configurations](#advanced-configuration) to the [proxy service definition](/consul/docs/connect/proxies/proxy-config-reference), which enables you to leverage Envoy features that are not exposed through configuration entries. You can also use the [Consul Envoy extensions](/consul/docs/connect/proxies/envoy-extensions) to implement Envoy features.
 
 ~> **Note:** When using Envoy with Consul and not using the [`consul connect envoy` command](/consul/commands/connect/envoy)
 Envoy must be run with the `--max-obj-name-len` option set to `256` or greater for Envoy versions prior to 1.11.0.
@@ -77,7 +77,7 @@ The dynamic configuration Consul service mesh provides to each Envoy instance in
 - Service-discovery results for upstreams to enable each sidecar proxy to load-balance
   outgoing connections.
 - L7 configuration including timeouts and protocol-specific options.
-- Configuration to [expose specific HTTP paths](/consul/docs/connect/registration/service-registration#expose-paths-configuration-reference).
+- Configuration to [expose specific HTTP paths](/consul/docs/connect/proxies/proxy-config-reference#expose-paths-configuration-reference).
 
 For more information on the parts of the Envoy proxy runtime configuration
 that are currently controllable via Consul service mesh, refer to [Dynamic
@@ -139,9 +139,9 @@ Consul service mesh can control some parts of the bootstrap configuration by spe
 
 Add the following configuration items to the [global `proxy-defaults` configuration
 entry](/consul/docs/connect/config-entries/proxy-defaults) or override them directly in the `proxy.config`
-field of a [proxy service definition](/consul/docs/connect/registration/service-registration). When
+field of a [proxy service definition](/consul/docs/proxies/proxy-config-reference). When
 connected to a Consul client agent, you can place the configuration in the `proxy.config` field of
-the [`sidecar_service`](/consul/docs/connect/registration/sidecar-service) block.
+the [`sidecar_service`](/consul/docs/connect/proxies/deploy-sidecar-services) block.
 
 - `envoy_statsd_url` - A URL in the form `udp://ip:port` identifying a UDP
   StatsD listener that Envoy should deliver metrics to. For example, this may be
@@ -278,7 +278,7 @@ automatically configure its upstream listeners appropriately too as below.
 
 This automated discovery results in Consul auto-populating the `proxy.config`
 and `proxy.upstreams[*].config` fields of the [proxy service
-definition](/consul/docs/connect/registration/service-registration) that is
+definition](/consul/docs/connect/proxies/proxy-config-reference) that is
 actually registered.
 
 To learn about other options that can be configured centrally see the
@@ -287,7 +287,7 @@ To learn about other options that can be configured centrally see the
 ### Proxy Config Options
 
 These fields may also be overridden explicitly in `proxy.config` of the [proxy service
-definition](/consul/docs/connect/registration/service-registration), or defined in
+definition](/consul/docs/connect/proxies/proxy-config-reference), or defined in
 the [global `proxy-defaults` configuration
 entry](/consul/docs/connect/config-entries/proxy-defaults) to act as
 defaults that are inherited by all services.
@@ -359,8 +359,8 @@ defaults that are inherited by all services.
 
 The following configuration items may be overridden directly in the
 `proxy.upstreams[].config` field of a [proxy service
-definition](/consul/docs/connect/registration/service-registration) or
-[`sidecar_service`](/consul/docs/connect/registration/sidecar-service) block.
+definition](/consul/docs/connect/proxies/proxy-config-reference) or
+[`sidecar_service`](/consul/docs/connect/proxies/deploy-sidecar-services) block.
 
 - `protocol` - Same as above in main config but affects the listener setup for
   the upstream.
@@ -436,7 +436,7 @@ definition](/consul/docs/connect/registration/service-registration) or
 ### Gateway Options
 
 These fields may also be overridden explicitly in the [proxy service
-definition](/consul/docs/connect/registration/service-registration), or defined in
+definition](/consul/docs/connect/proxies/proxy-config-reference), or defined in
 the [global `proxy-defaults` configuration
 entry](/consul/docs/connect/config-entries/proxy-defaults) to act as
 defaults that are inherited by all services.
@@ -610,8 +610,8 @@ Users may add the following configuration items to the [global `proxy-defaults`
 configuration
 entry](/consul/docs/connect/config-entries/proxy-defaults) or
 override them directly in the `proxy.config` field of a [proxy service
-definition](/consul/docs/connect/registration/service-registration) or
-[`sidecar_service`](/consul/docs/connect/registration/sidecar-service) block.
+definition](/consul/docs/connect/proxies/proxy-config-reference) or
+[`sidecar_service`](/consul/docs/connect/proxies/deploy-sidecar-services) block.
 
 - `envoy_extra_static_clusters_json` - Specifies one or more [Envoy clusters](https://www.envoyproxy.io/docs/envoy/v1.17.2/api-v3/config/cluster/v3/cluster.proto)
   that will be appended to the array of [static
@@ -791,8 +791,8 @@ Users may add the following configuration items to the [global `proxy-defaults`
 configuration
 entry](/consul/docs/connect/config-entries/proxy-defaults) or
 override them directly in the `proxy.config` field of a [proxy service
-definition](/consul/docs/connect/registration/service-registration) or
-[`sidecar_service`](/consul/docs/connect/registration/sidecar-service) block.
+definition](/consul/docs/connect/proxies/proxy-config-reference) or
+[`sidecar_service`](/consul/docs/connect/proxies/deploy-sidecar-services) block.
 
 - `envoy_bootstrap_json_tpl` - Specifies a template in Go template syntax that
   is used in place of [the default
@@ -988,8 +988,8 @@ definition](/consul/docs/connect/registration/service-registration) or
 
 The following configuration items may be overridden directly in the
 `proxy.upstreams[].config` field of a [proxy service
-definition](/consul/docs/connect/registration/service-registration) or
-[`sidecar_service`](/consul/docs/connect/registration/sidecar-service) block.
+definition](/consul/docs/connect/proxies/proxy-config-reference) or
+[`sidecar_service`](/consul/docs/connect/deploy/deploy-sidecar-services) block.
 
 ~> **Note:** - When a
 [`service-router`](/consul/docs/connect/config-entries/service-router),
diff --git a/website/content/docs/connect/proxies/index.mdx b/website/content/docs/connect/proxies/index.mdx
index eeea3305f214..f5e334876c12 100644
--- a/website/content/docs/connect/proxies/index.mdx
+++ b/website/content/docs/connect/proxies/index.mdx
@@ -7,21 +7,25 @@ description: >-
 
 # Service mesh proxy overview
 
-This topic provides an overview of how Consul uses proxies in your service mesh. A proxy is a type of service that enables unmodified applications to connect to other services in the service mesh. Consul ships with a built-in L4 proxy and has first class support for Envoy. You can plug other proxies into your environment, as well, and apply configurations in Consul to define proxy behavior.
+This topic provides an overview of how Consul uses proxies in your service mesh. A proxy is a type of service that enables unmodified applications to connect to other services in the service mesh. Consul ships with a built-in L4 proxy and has first class support for Envoy. You can plug other proxies into your environment as well, and apply configurations in Consul to define proxy behavior.
 
 ## Proxy use cases
 
-_Proxies_ are services that you can configure to perform several different types of functions in Consul.
+You can configure proxies to perform several different types of functions in Consul.
+
+### Service mesh proxies
+
+A _service mesh proxy_ is any type of proxy service that you use for communication in a service mesh. Specialized proxy implementations, such as sidecar proxies and gateways, are subsets of service mesh proxies. Refer to [Deploy service mesh proxy services](/consul/docs/connect/proxies/deploy-service-mesh-proxies) for instructions on how to deploy a service mesh proxy.
 
 ### Sidecars
 
-You can configure proxies to operate as sidecar services transparently handles inbound and outbound service connections. Sidecars also automatically wrap and verify TLS connections. Each service in your mesh should have its own sidecar proxy.   
+Sidecar proxies are service mesh proxy implementations that transparently handles inbound and outbound service connections. Sidecars automatically wrap and verify TLS connections. In a non-containerized network, each service in your mesh should have its own sidecar proxy.   
 
 Refer to [Deploy sidecar services](/consul/docs/connect/proxies/deploy-sidecar-services) for additional information.
 
 ### Gateways
 
-You can configure proxies to operate as gateway services, which allow service-to-service traffic across different network areas, including peered clusters, WAN-federated datacenters, and nodes outside the mesh. Consul ships with several types of gateway capabilities, but gateways deliver the underlying functionality.
+You can configure service mesh proxies to operate as gateway services, which allow service-to-service traffic across different network areas, including peered clusters, WAN-federated datacenters, and nodes outside the mesh. Consul ships with several types of gateway capabilities, but gateways deliver the underlying functionality.
 
 Refer to [Gateways overview](/consul/docs/connect/gateways) for additional information.
 
@@ -40,7 +44,7 @@ The following procedure describes how to implement proxies:
 
 1. **Configure global proxy settings**. You can configure global passthrough settings for all proxies deployed to your service mesh in the proxy defaults configuration entry. This step is not required, but it enables you to define common behaviors in a central configuration.
 1. **Deploy your service mesh proxy**. Configure proxy behavior in a service definition and register the proxy with Consul. 
-1. **Start the proxy service**. 
+1. **Start the proxy service**. Proxies appear in the list of services registered to Consul and must be started before they begin to route traffic in your service mesh.
 
 ### Dynamic upstreams require native integration
 
@@ -48,7 +52,7 @@ Service mesh proxies do not support dynamic upstreams. If an application require
 
 ## Proxies in Kubernetes-orchestrated networks
 
-For Kubernetes-orchestrated environments, Consul deploys _dataplanes_ by default to manage proxies. Consul dataplanes are light-weight processes that leverage existing Kubernetes sidecar orchestration capabilities.  Refer to the [dataplanes documentation](/consul/docs/connect/dataplane) for additional information.
+For Kubernetes-orchestrated environments, Consul deploys _dataplanes_ by default to manage sidecar proxies. Consul dataplanes are light-weight processes that leverage existing Kubernetes sidecar orchestration capabilities.  Refer to the [dataplanes documentation](/consul/docs/connect/dataplane) for additional information.
 
 ## Guidance
 
diff --git a/website/content/docs/connect/proxies/proxy-config-reference.mdx b/website/content/docs/connect/proxies/proxy-config-reference.mdx
index dc3765b8cdb5..8c2b5fb5c8e7 100644
--- a/website/content/docs/connect/proxies/proxy-config-reference.mdx
+++ b/website/content/docs/connect/proxies/proxy-config-reference.mdx
@@ -89,7 +89,7 @@ Specify the following parameters in the `proxy` code block to configure a sideca
 * `local_service_port`: Integer value that specifies the port that the proxy should use to connect to the _local_ service instance. Refer to the [proxy parameters reference](#local-service-port) for details.
 * `local_service_address`: String value that specifies the IP address or hostname that the proxy should use to connect to the _local_ service. Refer to the [proxy parameters reference](#local-service-address) for details.
 
-See [Sidecar Service Registration](/consul/docs/connect/registration/sidecar-service) for additional information about configuring service mesh proxies as sidecars.
+Refer to [Deploy sidecar services](/consul/docs/connect/proxies/deploy-sidecar-services) for additional information about configuring service mesh proxies as sidecars.
 
 ### Complete configuration example
 
diff --git a/website/content/docs/k8s/connect/health.mdx b/website/content/docs/k8s/connect/health.mdx
index 654cb5034245..a3096d5c9cba 100644
--- a/website/content/docs/k8s/connect/health.mdx
+++ b/website/content/docs/k8s/connect/health.mdx
@@ -20,7 +20,7 @@ The Consul health check's state reflects the pod's readiness status.
 1. If the pod is using [transparent proxy mode](/consul/docs/connect/transparent-proxy),
 the mutating webhook redirects all `http` based startup, liveness, and readiness probes in the pod through the Envoy proxy.
 This webhook is defined in the
-[`ExposePaths` configuration](/consul/docs/connect/registration/service-registration#expose-paths-configuration-reference)
+[`ExposePaths` configuration](/consul/docs/connect/proxies/proxy-config-reference#expose-paths-configuration-reference)
 for each probe so that kubelet can access the endpoint through the Envoy proxy.
 
 The mutation behavior can be disabled, by setting either the `consul.hashicorp.com/transparent-proxy-overwrite-probes`
diff --git a/website/content/docs/services/configuration/services-configuration-reference.mdx b/website/content/docs/services/configuration/services-configuration-reference.mdx
index 95f01e16ff73..7dd71a9ce103 100644
--- a/website/content/docs/services/configuration/services-configuration-reference.mdx
+++ b/website/content/docs/services/configuration/services-configuration-reference.mdx
@@ -320,7 +320,7 @@ String value that identifies the service as a proxy and determines its role in t
 
 You can specify the following values:
 
-- `connect-proxy`: Defines the configuration for a service mesh proxy. Refer to [Register a Service Mesh Proxy Outside of a Service Registration](/consul/docs/connect/registration/service-registration) for details about registering a service as a service mesh proxy.
+- `connect-proxy`: Defines the configuration for a service mesh proxy. Refer to [Deploy service mesh proxies](/consul/docs/connect/proxies/deploy-service-mesh-proxies) for details about registering a service as a service mesh proxy.
 - `ingress-gateway`: Defines the configuration for an [ingress gateway](/consul/docs/connect/config-entries/ingress-gateway)
 - `mesh-gateway`: Defines the configuration for a [mesh gateway](/consul/docs/connect/gateways/mesh-gateway)
 - `terminating-gateway`: Defines the configuration for a [terminating gateway](/consul/docs/connect/gateways/terminating-gateway)
@@ -328,7 +328,7 @@ You can specify the following values:
 For non-service registration roles, the `kind` field has a different context when used to define configuration entries, such as `service-defaults`. Refer to the documentation for the configuration entry you want to implement for additional information. 
 
 ### proxy
-Object that specifies proxy configurations when the service is configured to operate as a proxy in a service mesh. Do not configure the `proxy` parameter for non-proxy service instances. Refer to [Register a Service Mesh Proxy Outside of a Service Registration](/consul/docs/connect/registration/service-registration) for details about registering your service as a service mesh proxy. Refer to [`kind`](#kind) for information about the types of proxies you can define. Services that you assign proxy roles to are registered as services in the catalog. 
+Object that specifies proxy configurations when the service is configured to operate as a proxy in a service mesh. Do not configure the `proxy` parameter for non-proxy service instances. Refer to [Service mesh proxies overview](/consul/docs/connect/proxies) for details about registering your service as a service mesh proxy. Refer to [`kind`](#kind) for information about the types of proxies you can define. Services that you assign proxy roles to are registered as services in the catalog. 
 
 ### connect
 Object that configures a Consul service mesh connection. You should only configure the `connect` block of parameters if you are using Consul service mesh. Refer to [Consul Service Mesh](/consul/docs/connect) for additional information. 
@@ -338,7 +338,7 @@ The following table describes the parameters that you can place in the `connect`
 | Parameter | Description | Default |
 | ---       | ---         | ---     |
 | `native` | Boolean value that advertises the service as a native service mesh proxy. Use this parameter to integrate your application with the `connect` API. Refer to [Service Mesh Native App Integration Overview](/consul/docs/connect/native) for additional information. If set to `true`, do not configure a `sidecar_service`. | `false` |
-| `sidecar_service` | Object that defines a sidecar proxy for the service. Do not configure if `native` is set to `true`. Refer to [Register a Service Mesh Proxy in a Service Registration](/consul/docs/connect/registration/sidecar-service) for usage and configuration details. | Refer to [Register a Service Mesh Proxy in a Service Registration](/consul/docs/connect/registration/sidecar-service) for default configurations. |
+| `sidecar_service` | Object that defines a sidecar proxy for the service. Do not configure if `native` is set to `true`. Refer to [Deploy sidecar services](/consul/docs/connect/proxies/deploy-sidecar-services) for usage and configuration details. | Refer to [Sidecar service defaults](/consul/docs/connect/proxies/deploy-sidecar-services#sidecar-service-defaults). |
 
 ### weights
 Object that configures how the service responds to DNS SRV requests based on the service's health status. Configuring allows service instances with more capacity to respond to DNS SRV requests. It also reduces the load on services with checks in `warning` status by giving passing instances a higher weight.
diff --git a/website/content/docs/services/discovery/dns-overview.mdx b/website/content/docs/services/discovery/dns-overview.mdx
index 843d97bd185d..34e92e5fe8a2 100644
--- a/website/content/docs/services/discovery/dns-overview.mdx
+++ b/website/content/docs/services/discovery/dns-overview.mdx
@@ -26,7 +26,7 @@ Refer to [ Native App Integration](/consul/docs/connect/native) and its [Go pack
 ### DNS versus upstreams
 If you are using Consul for service discovery and have not enabled service mesh features, then use the DNS to discover services and nodes in the Consul catalog.
 
-If you are using Consul for service mesh on VMs, you can use upstreams or DNS. We recommend using upstreams because you can query services and nodes without modifying the application code or environment variables. Refer to [Upstream Configuration Reference](/consul/docs/connect/registration/service-registration#upstream-configuration-reference) for additional information.
+If you are using Consul for service mesh on VMs, you can use upstreams or DNS. We recommend using upstreams because you can query services and nodes without modifying the application code or environment variables. Refer to [Upstream Configuration Reference](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference) for additional information.
 
 If you are using Consul on Kubernetes, refer to [the upstreams annotation documentation](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) for additional information.
 
diff --git a/website/content/docs/services/services.mdx b/website/content/docs/services/services.mdx
index f2d4eb70c111..116193afe361 100644
--- a/website/content/docs/services/services.mdx
+++ b/website/content/docs/services/services.mdx
@@ -35,7 +35,7 @@ Consul redirects service traffic through sidecar proxies if you use Consul servi
 
 ### Virtual machines
 
-You must define upstream services in the service definition. Consul uses the upstream configuration to bind the service with its upstreams. After registering the service, you must start a sidecar proxy on the VM to enable mesh connectivity. Refer to [Register a Service Mesh Proxy in a Service Registration](/consul/docs/connect/registration/sidecar-service) for details.
+You must define upstream services in the service definition. Consul uses the upstream configuration to bind the service with its upstreams. After registering the service, you must start a sidecar proxy on the VM to enable mesh connectivity. Refer to [Deploy sidecar services](/consul/docs/connect/proxies/deploy-sidecar-services) for additional information.
 
 ### Kubernetes
 
diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx
index 610a6af201b0..616a37c888aa 100644
--- a/website/content/docs/upgrading/upgrade-specific.mdx
+++ b/website/content/docs/upgrading/upgrade-specific.mdx
@@ -786,7 +786,7 @@ Starting with Consul 1.7.1 this is the new default.
 Managed proxies, which are deprecated since Consul v1.3.0, have now been 
 [removed](/consul/docs/connect/proxies). Before upgrading, you must
 migrate any managed proxy usage to [sidecar service
-registrations](/consul/docs/connect/registration/sidecar-service).
+registrations](/consul/docs/connect/proxies/deploy-sidecar-services).
 
 ## Consul 1.4.0
 

From 5de914fe9289c1da5e577f571d22e51f435980fb Mon Sep 17 00:00:00 2001
From: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Date: Wed, 6 Sep 2023 16:55:18 -0700
Subject: [PATCH 357/359] resolve merge conflicts

---
 .../connect/config-entries/proxy-defaults.mdx  | 18 ++++++++++++++++++
 website/content/docs/connect/proxies/index.mdx |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/website/content/docs/connect/config-entries/proxy-defaults.mdx b/website/content/docs/connect/config-entries/proxy-defaults.mdx
index 015ad6f317d6..20e1b19e8c7d 100644
--- a/website/content/docs/connect/config-entries/proxy-defaults.mdx
+++ b/website/content/docs/connect/config-entries/proxy-defaults.mdx
@@ -768,6 +768,24 @@ Config {
 
 #### Community edition
 
+#### Consul Enterprise
+
+When using multiple namespaces with Consul Enterprise, the only configuration entry that affects proxy defaults is the one in the `default` namespace. This configuration applies to proxies in all namespaces.
+
+```hcl
+Kind      = "proxy-defaults"
+Name      = "global"
+Namespace = "default" # Can only be set to "default".
+Config {
+  protocol = "http"
+}
+```
+</Tab>
+
+<Tab heading="YAML" group="yaml">
+
+#### Community edition
+
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ProxyDefaults
diff --git a/website/content/docs/connect/proxies/index.mdx b/website/content/docs/connect/proxies/index.mdx
index bca5ce7cd554..f5e334876c12 100644
--- a/website/content/docs/connect/proxies/index.mdx
+++ b/website/content/docs/connect/proxies/index.mdx
@@ -71,7 +71,7 @@ Refer to the following resources for help using service mesh proxies:
 
 ### Reference documentation
 
-- [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) 
+- [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for additional information. 
 - [Envoy proxies reference](/consul/docs/connect/proxies/envoy)
 - [Service mesh proxy configuration reference](/consul/docs/connect/proxies/proxy-config-reference)
 - [`consul connect envoy` command](/consul/commands/connect/envoy)

From 5fc3c8b59f37c0f89d0f3e8265a2702b68c29e0a Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@gmail.com>
Date: Thu, 7 Sep 2023 10:11:57 -0700
Subject: [PATCH 358/359] fix error in merge conflict

---
 .../connect/config-entries/proxy-defaults.mdx  | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/website/content/docs/connect/config-entries/proxy-defaults.mdx b/website/content/docs/connect/config-entries/proxy-defaults.mdx
index 20e1b19e8c7d..015ad6f317d6 100644
--- a/website/content/docs/connect/config-entries/proxy-defaults.mdx
+++ b/website/content/docs/connect/config-entries/proxy-defaults.mdx
@@ -768,24 +768,6 @@ Config {
 
 #### Community edition
 
-#### Consul Enterprise
-
-When using multiple namespaces with Consul Enterprise, the only configuration entry that affects proxy defaults is the one in the `default` namespace. This configuration applies to proxies in all namespaces.
-
-```hcl
-Kind      = "proxy-defaults"
-Name      = "global"
-Namespace = "default" # Can only be set to "default".
-Config {
-  protocol = "http"
-}
-```
-</Tab>
-
-<Tab heading="YAML" group="yaml">
-
-#### Community edition
-
 ```yaml
 apiVersion: consul.hashicorp.com/v1alpha1
 kind: ProxyDefaults

From 85dae4a85078a657d30a7c0d5ad3a80af0fffb3b Mon Sep 17 00:00:00 2001
From: Tu Nguyen <im2nguyen@gmail.com>
Date: Thu, 7 Sep 2023 10:13:23 -0700
Subject: [PATCH 359/359] fix error in merge conflict

---
 website/content/docs/connect/proxies/index.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/content/docs/connect/proxies/index.mdx b/website/content/docs/connect/proxies/index.mdx
index f5e334876c12..32ec802235b1 100644
--- a/website/content/docs/connect/proxies/index.mdx
+++ b/website/content/docs/connect/proxies/index.mdx
@@ -71,7 +71,7 @@ Refer to the following resources for help using service mesh proxies:
 
 ### Reference documentation
 
-- [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults) for additional information. 
+- [Proxy defaults configuration entry reference](/consul/docs/connect/config-entries/proxy-defaults)
 - [Envoy proxies reference](/consul/docs/connect/proxies/envoy)
 - [Service mesh proxy configuration reference](/consul/docs/connect/proxies/proxy-config-reference)
 - [`consul connect envoy` command](/consul/commands/connect/envoy)